harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add security logger to RedDAV.

Browse Source 
Some smaller clean ups whitepsaces and tabs, use PHP_EOL, Doxygen, etc.
This commit is contained in:
Klaus Weidenbach 2014-12-14 01:22:52 +01:00
parent 7a19bd7fb3
commit 233903c844
5 changed files with 237 additions and 233 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
boot.php
View File

@ -51,12 +51,21 @@ define ( 'ZOT_REVISION', 1 );
define ( 'DB_UPDATE_VERSION', 1131 ); define ( 'DB_UPDATE_VERSION', 1131 );
/**
* Constant with a HTML line break.
*
* Contains a HTML line break (br) element and a real carriage return with line
* feed for the source.
* This can be used in HTML and JavaScript where needed a line break.
*
* @var string
*/
define ( 'EOL', '<br>' . "\r\n" ); define ( 'EOL', '<br>' . "\r\n" );
define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' ); define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' );
//define ( 'NULL_DATE', '0000-00-00 00:00:00' ); //define ( 'NULL_DATE', '0000-00-00 00:00:00' );
define ( 'TEMPLATE_BUILD_PATH', 'store/[data]/smarty3' ); define ( 'TEMPLATE_BUILD_PATH', 'store/[data]/smarty3' );
define ( 'DIRECTORY_MODE_NORMAL', 0x0000); // This is technically DIRECTORY_MODE_TERTIARY, but it's the default, hence 0x0000 define ( 'DIRECTORY_MODE_NORMAL', 0x0000); // This is technically DIRECTORY_MODE_TERTIARY, but it's the default, hence 0x0000
define ( 'DIRECTORY_MODE_PRIMARY', 0x0001); define ( 'DIRECTORY_MODE_PRIMARY', 0x0001);
define ( 'DIRECTORY_MODE_SECONDARY', 0x0002); define ( 'DIRECTORY_MODE_SECONDARY', 0x0002);
define ( 'DIRECTORY_MODE_STANDALONE', 0x0100); define ( 'DIRECTORY_MODE_STANDALONE', 0x0100);

7
include/RedDAV/RedBasicAuth.php
View File

@ -118,8 +118,11 @@ class RedBasicAuth extends DAV\Auth\Backend\AbstractBasic {
} }
} }
} }
logger('password failed for ' . $username);
// @TODO add security logger $error = 'password failed for ' . $username;
logger($error);
log_failed_login($error);
return false; return false;
} }

9
include/RedDAV/RedBrowser.php
View File

@ -182,10 +182,10 @@ class RedBrowser extends DAV\Browser\Plugin {
} }
} }
} }
$parentHash = ""; $parentHash = '';
$owner = $this->auth->owner_id; $owner = $this->auth->owner_id;
$splitPath = split("/", $fullPath); $splitPath = split('/', $fullPath);
if (count($splitPath) > 3) { if (count($splitPath) > 3) {
for ($i = 3; $i < count($splitPath); $i++) { for ($i = 3; $i < count($splitPath); $i++) {
$attachName = urldecode($splitPath[$i]); $attachName = urldecode($splitPath[$i]);
@ -233,6 +233,7 @@ class RedBrowser extends DAV\Browser\Plugin {
} }
// prepare quota for template // prepare quota for template
$quota = array();
$quota['used'] = $used; $quota['used'] = $used;
$quota['limit'] = $limit; $quota['limit'] = $limit;
$quota['desc'] = $quotaDesc; $quota['desc'] = $quotaDesc;
@ -257,7 +258,7 @@ class RedBrowser extends DAV\Browser\Plugin {
$this->server->broadcastEvent('onHTMLActionsPanel', array($parent, &$output)); $this->server->broadcastEvent('onHTMLActionsPanel', array($parent, &$output));
} }
$html .= $output; $html .= $output;
get_app()->page['content'] = $html; get_app()->page['content'] = $html;
load_pdl(get_app()); load_pdl(get_app());
construct_page(get_app()); construct_page(get_app());

22
include/auth.php
View File

@ -41,6 +41,9 @@ function nuke_session() {
/** /**
* @brief Verify login credentials. * @brief Verify login credentials.
* *
* If system <i>authlog</i> is set a log entry will be added for failed login
* attempts.
*
* @param string $email * @param string $email
* The email address to verify. * The email address to verify.
* @param string $pass * @param string $pass
@ -88,14 +91,25 @@ function account_verify_password($email, $pass) {
if($record['account_flags'] & ACCOUNT_PENDING) if($record['account_flags'] & ACCOUNT_PENDING)
logger('Account is pending. account_flags = ' . $record['account_flags']); logger('Account is pending. account_flags = ' . $record['account_flags']);
// Also log failed logins to a separate auth log to reduce overhead for server side intrusion prevention log_failed_login($error);
$authlog = get_config('system', 'authlog');
if ($authlog)
@file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $error . "\n", FILE_APPEND);
return null; return null;
} }
/**
* @brief Log failed logins to a separate auth log.
*
* Can be used to reduce overhead for server side intrusion prevention, like
* parse the authlog file with something like fail2ban, OSSEC, etc.
*
* @param string $errormsg
* Error message to display for failed login.
*/
function log_failed_login($errormsg) {
$authlog = get_config('system', 'authlog');
if ($authlog)
@file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $errormsg . PHP_EOL, FILE_APPEND);
}
/** /**
* Inline - not a function * Inline - not a function

421
include/text.php
View File

File diff suppressed because it is too large Load Diff