aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Security
diff options
context:
space:
mode:
authorRoeland Jago Douma <roeland@famdouma.nl>2016-11-14 14:05:01 +0100
committerRoeland Jago Douma <roeland@famdouma.nl>2017-04-02 21:13:50 +0200
commitbe674c19a5b78ce87bbd208fea214421d1d811b3 (patch)
treec2a0a6989b601db971747b55440b7d997c622677 /lib/private/Security
parentdca555b7f34b305062b213f41ca83933b4602c7e (diff)
downloadnextcloud-server-be674c19a5b78ce87bbd208fea214421d1d811b3.tar.gz
nextcloud-server-be674c19a5b78ce87bbd208fea214421d1d811b3.zip
Respect bruteforce settings in the Throttler
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'lib/private/Security')
-rw-r--r--lib/private/Security/Bruteforce/Throttler.php65
1 files changed, 65 insertions, 0 deletions
diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php
index 765f109fdb3..73a27b677b0 100644
--- a/lib/private/Security/Bruteforce/Throttler.php
+++ b/lib/private/Security/Bruteforce/Throttler.php
@@ -186,6 +186,67 @@ class Throttler {
}
/**
+ * Check if the IP is whitelisted
+ *
+ * @param string $ip
+ * @return bool
+ */
+ private function isIPWhitelisted($ip) {
+ $keys = $this->config->getAppKeys('bruteForce');
+ $keys = array_filter($keys, function($key) {
+ $regex = '/^whitelist_/S';
+ return preg_match($regex, $key) === 1;
+ });
+
+ if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
+ $type = 4;
+ } else if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
+ $type = 6;
+ } else {
+ return false;
+ }
+
+ $ip = inet_pton($ip);
+
+ foreach ($keys as $key) {
+ $cidr = $this->config->getAppValue('bruteForce', $key, null);
+
+ $cx = explode('/', $cidr);
+ $addr = $cx[0];
+ $mask = (int)$cx[1];
+
+ // Do not compare ipv4 to ipv6
+ if (($type === 4 && !filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) ||
+ ($type === 6 && !filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))) {
+ continue;
+ }
+
+ $addr = inet_pton($addr);
+
+ $valid = true;
+ for($i = 0; $i < $mask; $i++) {
+ $part = ord($addr[(int)($i/8)]);
+ $orig = ord($ip[(int)($i/8)]);
+
+ $part = $part & (15 << (1 - ($i % 2)));
+ $orig = $orig & (15 << (1 - ($i % 2)));
+
+ if ($part !== $orig) {
+ $valid = false;
+ break;
+ }
+ }
+
+ if ($valid === true) {
+ return true;
+ }
+ }
+
+ return false;
+
+ }
+
+ /**
* Get the throttling delay (in milliseconds)
*
* @param string $ip
@@ -193,6 +254,10 @@ class Throttler {
* @return int
*/
public function getDelay($ip, $action = '') {
+ if ($this->isIPWhitelisted($ip)) {
+ return 0;
+ }
+
$cutoffTime = (new \DateTime())
->sub($this->getCutoff(43200))
->getTimestamp();