extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-02-08 14:30:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

some fixes for session of basic auth clients as sogo connector:

Browse Source 
- added user IP to hash used as session id (so changed IP, different devices force a different session)
- returning false in verify, if domain is changed
- fixed "Wrong IP" message
This commit is contained in:
Ralf Becker 2010-01-12 03:55:42 +00:00
parent aca03d2dbc
commit 07d7b66735
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
phpgwapi/inc/class.egw_session.inc.php
View File

@ -735,7 +735,7 @@ class egw_session
in_array(basename($_SERVER['SCRIPT_NAME']),array('webdav.php','groupdav.php'))) in_array(basename($_SERVER['SCRIPT_NAME']),array('webdav.php','groupdav.php')))
{ {
// we generate a pseudo-sessionid from the basic auth credentials // we generate a pseudo-sessionid from the basic auth credentials
$sessionid = md5($_SERVER['PHP_AUTH_USER'].':'.$_SERVER['PHP_AUTH_PW'].':'.$_SERVER['HTTP_HOST'].':'.EGW_SERVER_ROOT); $sessionid = md5($_SERVER['PHP_AUTH_USER'].':'.$_SERVER['PHP_AUTH_PW'].':'.$_SERVER['HTTP_HOST'].':'.EGW_SERVER_ROOT.':'.self::getuser_ip());
} }
elseif(!$only_basic_auth && isset($_REQUEST[self::EGW_SESSION_NAME])) elseif(!$only_basic_auth && isset($_REQUEST[self::EGW_SESSION_NAME]))
{ {
@ -825,6 +825,8 @@ class egw_session
// This is to ensure that we authenticate to the correct domain (might not be default) // This is to ensure that we authenticate to the correct domain (might not be default)
if($GLOBALS['egw_info']['user']['domain'] && $this->account_domain != $GLOBALS['egw_info']['user']['domain']) if($GLOBALS['egw_info']['user']['domain'] && $this->account_domain != $GLOBALS['egw_info']['user']['domain'])
{ {
return false; // session not verified, domain changed
throw new Exception("Wrong domain! '$this->account_domain' != '{$GLOBALS['egw_info']['user']['domain']}'"); throw new Exception("Wrong domain! '$this->account_domain' != '{$GLOBALS['egw_info']['user']['domain']}'");
/* if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."('$sessionid','$kp3') account_domain='$this->account_domain' != '{$GLOBALS['egw_info']['user']['domain']}'=egw_info[user][domain]"); /* if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."('$sessionid','$kp3') account_domain='$this->account_domain' != '{$GLOBALS['egw_info']['user']['domain']}'=egw_info[user][domain]");
$GLOBALS['egw']->ADOdb = null; $GLOBALS['egw']->ADOdb = null;
@ -901,10 +903,10 @@ class egw_session
if ($GLOBALS['egw_info']['server']['sessions_checkip']) if ($GLOBALS['egw_info']['server']['sessions_checkip'])
{ {
if (self::ERROR_LOG_DEBUG) error_log("*** session::verify($sessionid) wrong IP");
if (strtoupper(substr(PHP_OS,0,3)) != 'WIN' && (!$GLOBALS['egw_info']['user']['session_ip'] || if (strtoupper(substr(PHP_OS,0,3)) != 'WIN' && (!$GLOBALS['egw_info']['user']['session_ip'] ||
$GLOBALS['egw_info']['user']['session_ip'] != $this->getuser_ip())) $GLOBALS['egw_info']['user']['session_ip'] != $this->getuser_ip()))
{ {
if (self::ERROR_LOG_DEBUG) error_log("*** session::verify($sessionid) wrong IP");
if(is_object($GLOBALS['egw']->log)) if(is_object($GLOBALS['egw']->log))
{ {
// This needs some better wording // This needs some better wording
@ -1247,6 +1249,8 @@ class egw_session
*/ */
public static function search_instance($login,$domain_requested,&$default_domain,$server_name,array $domains=null) public static function search_instance($login,$domain_requested,&$default_domain,$server_name,array $domains=null)
{ {
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."('$login','$domain_requested',".array2string($default_domain).".'$server_name'.".array2string($domains).")");
if (is_null($domains)) $domains = $GLOBALS['egw_domain']; if (is_null($domains)) $domains = $GLOBALS['egw_domain'];
if (!isset($default_domain) || !isset($domains[$default_domain])) // allow to overwrite the default domain if (!isset($default_domain) || !isset($domains[$default_domain])) // allow to overwrite the default domain
@ -1290,6 +1294,8 @@ class egw_session
{ {
$domain = $default_domain; $domain = $default_domain;
} }
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."() default_domain=".array2string($default_domain).', login='.array2string($login)." returning ".array2string($domain));
return $domain; return $domain;
} }