diff options
author | Roeland Jago Douma <roeland@famdouma.nl> | 2016-11-14 14:05:01 +0100 |
---|---|---|
committer | Roeland Jago Douma <roeland@famdouma.nl> | 2017-04-02 21:13:50 +0200 |
commit | be674c19a5b78ce87bbd208fea214421d1d811b3 (patch) | |
tree | c2a0a6989b601db971747b55440b7d997c622677 /lib/private/Security | |
parent | dca555b7f34b305062b213f41ca83933b4602c7e (diff) | |
download | nextcloud-server-be674c19a5b78ce87bbd208fea214421d1d811b3.tar.gz nextcloud-server-be674c19a5b78ce87bbd208fea214421d1d811b3.zip |
Respect bruteforce settings in the Throttler
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'lib/private/Security')
-rw-r--r-- | lib/private/Security/Bruteforce/Throttler.php | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php index 765f109fdb3..73a27b677b0 100644 --- a/lib/private/Security/Bruteforce/Throttler.php +++ b/lib/private/Security/Bruteforce/Throttler.php @@ -186,6 +186,67 @@ class Throttler { } /** + * Check if the IP is whitelisted + * + * @param string $ip + * @return bool + */ + private function isIPWhitelisted($ip) { + $keys = $this->config->getAppKeys('bruteForce'); + $keys = array_filter($keys, function($key) { + $regex = '/^whitelist_/S'; + return preg_match($regex, $key) === 1; + }); + + if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { + $type = 4; + } else if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { + $type = 6; + } else { + return false; + } + + $ip = inet_pton($ip); + + foreach ($keys as $key) { + $cidr = $this->config->getAppValue('bruteForce', $key, null); + + $cx = explode('/', $cidr); + $addr = $cx[0]; + $mask = (int)$cx[1]; + + // Do not compare ipv4 to ipv6 + if (($type === 4 && !filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) || + ($type === 6 && !filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))) { + continue; + } + + $addr = inet_pton($addr); + + $valid = true; + for($i = 0; $i < $mask; $i++) { + $part = ord($addr[(int)($i/8)]); + $orig = ord($ip[(int)($i/8)]); + + $part = $part & (15 << (1 - ($i % 2))); + $orig = $orig & (15 << (1 - ($i % 2))); + + if ($part !== $orig) { + $valid = false; + break; + } + } + + if ($valid === true) { + return true; + } + } + + return false; + + } + + /** * Get the throttling delay (in milliseconds) * * @param string $ip @@ -193,6 +254,10 @@ class Throttler { * @return int */ public function getDelay($ip, $action = '') { + if ($this->isIPWhitelisted($ip)) { + return 0; + } + $cutoffTime = (new \DateTime()) ->sub($this->getCutoff(43200)) ->getTimestamp(); |