Skip to content

Commit

Permalink
[mms] Added Horde_Registry#remoteHost().
Browse files Browse the repository at this point in the history
  • Loading branch information
@slusarz
slusarz committed Nov 20, 2014
1 parent 1083df2 commit d9eca18
Show file tree
Hide file tree
Showing 5 changed files with 83 additions and 66 deletions.
16 changes: 9 additions & 7 deletions framework/Core/lib/Horde.php
View file
Expand Up @@ -234,12 +234,14 @@ public static function escapeJson($data, array $options = array())
*/
public static function isConnectionSecure()
{
if ($GLOBALS['browser']->usingSSLConnection()) {
global $browser, $conf, $registry;

if ($browser->usingSSLConnection()) {
return true;
}

if (!empty($GLOBALS['conf']['safe_ips'])) {
if (reset($GLOBALS['conf']['safe_ips']) == '*') {
if (!empty($conf['safe_ips'])) {
if (reset($conf['safe_ips']) == '*') {
return true;
}

Expand All @@ -248,11 +250,11 @@ public static function isConnectionSecure()
* assume that if it is present, the user is coming through a proxy
* server. If so, we don't count any non-SSL connection as safe, no
* matter the source IP. */
if (!isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$remote_addr = $_SERVER['REMOTE_ADDR'];
foreach ($GLOBALS['conf']['safe_ips'] as $safe_ip) {
$remote = $registry->remoteHost();
if (!$remote->proxy) {
foreach ($conf['safe_ips'] as $safe_ip) {
$safe_ip = preg_replace('/(\.0)*$/', '', $safe_ip);
if (strpos($remote_addr, $safe_ip) === 0) {
if (strpos($remote->addr, $safe_ip) === 0) {
return true;
}
}
Expand Down
6 changes: 5 additions & 1 deletion framework/Core/lib/Horde/Core/Auth/Signup/Sql.php
View file
Expand Up @@ -41,12 +41,16 @@ public function __construct()
*/
protected function _queueSignup($signup)
{
global $registry;

$query = 'INSERT INTO ' . $this->_params['table']
. ' (user_name, signup_date, signup_host, signup_data) VALUES (?, ?, ?, ?) ';
$remote = $registry->remoteHost();

$values = array(
$signup->getName(),
time(),
$_SERVER['REMOTE_ADDR'],
$remote->addr,
serialize($signup->getData())
);

Expand Down
59 changes: 7 additions & 52 deletions framework/Core/lib/Horde/Core/Mime/Headers/Received.php
View file
Expand Up @@ -30,59 +30,14 @@ class Horde_Core_Mime_Headers_Received
*/
public static function createHordeHop()
{
global $conf, $injector;
global $conf, $registry;

$dns = $injector->getInstance('Net_DNS2_Resolver');

$old_error = error_reporting(0);
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
/* This indicates the user is connecting through a proxy. */
$remote_path = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
$remote_addr = $remote_path[0];

if ($dns) {
$remote = $remote_addr;
try {
if ($response = $dns->query($remote_addr, 'PTR')) {
foreach ($response->answer as $val) {
if (isset($val->ptrdname)) {
$remote = $val->ptrdname;
break;
}
}
}
} catch (Net_DNS2_Exception $e) {}
} else {
$remote = gethostbyaddr($remote_addr);
}
} else {
$remote_addr = $_SERVER['REMOTE_ADDR'];
if (empty($_SERVER['REMOTE_HOST'])) {
if ($dns) {
$remote = $remote_addr;
try {
if ($response = $dns->query($remote_addr, 'PTR')) {
foreach ($response->answer as $val) {
if (isset($val->ptrdname)) {
$remote = $val->ptrdname;
break;
}
}
}
} catch (Net_DNS2_Exception $e) {}
} else {
$remote = gethostbyaddr($remote_addr);
}
} else {
$remote = $_SERVER['REMOTE_HOST'];
}
}
error_reporting($old_error);
$remote = $registry->remoteHost();

if (!empty($_SERVER['REMOTE_IDENT'])) {
$remote_ident = $_SERVER['REMOTE_IDENT'] . '@' . $remote . ' ';
} elseif ($remote != $_SERVER['REMOTE_ADDR']) {
$remote_ident = $remote . ' ';
$remote_ident = $_SERVER['REMOTE_IDENT'] . '@' . $remote->host . ' ';
} elseif ($remote->host != $remote->addr) {
$remote_ident = $remote->host . ' ';
} else {
$remote_ident = '';
}
Expand All @@ -100,8 +55,8 @@ public static function createHordeHop()

return new self(
null,
'from ' . $remote . ' (' . $remote_ident .
'[' . $remote_addr . ']) ' .
'from ' . $remote->host . ' (' . $remote_ident .
'[' . $remote->addr . ']) ' .
'by ' . $server_name . ' (Horde Framework) with HTTP; ' .
date('r')
);
Expand Down
64 changes: 60 additions & 4 deletions framework/Core/lib/Horde/Registry.php
View file
Expand Up @@ -2455,6 +2455,60 @@ protected function _getAuthCredentials($app)
return $session->get('horde', 'auth_app/' . $app);
}

/**
* Returns information about the remote host.
*
* @since 2.17.0
*
* @return object An object with the following properties:
* <pre>
* addr: (string) Remote IP address.
* host: (string) Remote hostname (if resolvable; otherwise, this value
* is identical to 'addr').
* proxy: (boolean) True if this user is connecting through a proxy.
* </pre>
*/
public function remoteHost()
{
global $injector;

$out = new stdClass;

$dns = $injector->getInstance('Net_DNS2_Resolver');
$old_error = error_reporting(0);

if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$remote_path = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
$out->addr = $remote_path[0];
$out->proxy = true;
} else {
$out->addr = $_SERVER['REMOTE_ADDR'];
if (!empty($_SERVER['REMOTE_HOST'])) {
$out->remote = $_SERVER['REMOTE_HOST'];
}
$out->proxy = false;
}

if ($dns && !isset($out->remote)) {
$out->remote = $remote_addr;
try {
if ($response = $dns->query($out->addr, 'PTR')) {
foreach ($response->answer as $val) {
if (isset($val->ptrdname)) {
$out->remote = $val->ptrdname;
break;
}
}
}
} catch (Net_DNS2_Exception $e) {}
} elseif (!isset($out->remote)) {
$out->remote = gethostbyaddr($out->addr);
}
error_reporting($old_error);

return $out;
}

/**
* Sets data in the session saying that authorization has succeeded,
* note which userId was authorized, and note when the login took place.
Expand Down Expand Up @@ -2494,9 +2548,10 @@ public function setAuth($authId, $credentials, array $options = array())
$session->set('horde', 'auth/change', 1);
}
$session->set('horde', 'auth/credentials', $app);
if (isset($_SERVER['REMOTE_ADDR'])) {
$session->set('horde', 'auth/remoteAddr', $_SERVER['REMOTE_ADDR']);
}

$remote = $this->remoteHost();
$session->set('horde', 'auth/remoteAddr', $remote->addr);

$session->set('horde', 'auth/timestamp', time());
$session->set('horde', 'auth/userId', $this->convertUsername(trim($authId), true));

Expand Down Expand Up @@ -2531,7 +2586,8 @@ public function checkExistingAuth($app = 'horde')
if (empty($this->_cache['existing'])) {
if (!empty($conf['auth']['checkip']) &&
($remoteaddr = $session->get('horde', 'auth/remoteAddr')) &&
($remoteaddr != $_SERVER['REMOTE_ADDR'])) {
($remoteob = $this->remoteHost()) &&
($remoteaddr != $remoteob->addr)) {
$injector->getInstance('Horde_Core_Factory_Auth')->create()
->setError(Horde_Core_Auth_Application::REASON_SESSIONIP);
return false;
Expand Down
4 changes: 2 additions & 2 deletions framework/Core/package.xml
View file
Expand Up @@ -39,7 +39,7 @@
</stability>
<license uri="http://www.horde.org/licenses/lgpl21">LGPL-2.1</license>
<notes>
*
* [mms] Added Horde_Registry#remoteHost().
</notes>
<contents>
<dir baseinstalldir="/" name="/">
Expand Down Expand Up @@ -3706,7 +3706,7 @@
<date>2014-11-12</date>
<license uri="http://www.horde.org/licenses/lgpl21">LGPL-2.1</license>
<notes>
*
* [mms] Added Horde_Registry#remoteHost().
</notes>
</release>
</changelog>
Expand Down

0 comments on commit d9eca18

Please sign in to comment.