diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2017-04-04 11:57:43 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-04-04 11:57:43 +0200 |
| commit | e0227cb4588a343db9eadfefc2733660877fb60d (patch) | |
| tree | f5407b1201cbd2b23e230b6e16e6d4c74ae1cfc7 /lib/private | |
| parent | da178db98edf54088cb94391088a53257f682b5d (diff) | |
| parent | aee2d6318fef503528c94947596bafeb43594ed3 (diff) | |
| download | nextcloud-server-e0227cb4588a343db9eadfefc2733660877fb60d.tar.gz nextcloud-server-e0227cb4588a343db9eadfefc2733660877fb60d.zip | |
Merge pull request #2095 from nextcloud/bruteforcesetttings
Introduce bruteforce settings
Diffstat (limited to 'lib/private')
| -rw-r--r-- | lib/private/Security/Bruteforce/Throttler.php | 65 | ||||
| -rw-r--r-- | lib/private/Settings/Manager.php | 1 |
2 files changed, 66 insertions, 0 deletions
diff --git a/lib/private/Security/Bruteforce/Throttler.php b/lib/private/Security/Bruteforce/Throttler.php index 765f109fdb3..73a27b677b0 100644 --- a/lib/private/Security/Bruteforce/Throttler.php +++ b/lib/private/Security/Bruteforce/Throttler.php @@ -186,6 +186,67 @@ class Throttler { } /** + * Check if the IP is whitelisted + * + * @param string $ip + * @return bool + */ + private function isIPWhitelisted($ip) { + $keys = $this->config->getAppKeys('bruteForce'); + $keys = array_filter($keys, function($key) { + $regex = '/^whitelist_/S'; + return preg_match($regex, $key) === 1; + }); + + if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { + $type = 4; + } else if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { + $type = 6; + } else { + return false; + } + + $ip = inet_pton($ip); + + foreach ($keys as $key) { + $cidr = $this->config->getAppValue('bruteForce', $key, null); + + $cx = explode('/', $cidr); + $addr = $cx[0]; + $mask = (int)$cx[1]; + + // Do not compare ipv4 to ipv6 + if (($type === 4 && !filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) || + ($type === 6 && !filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))) { + continue; + } + + $addr = inet_pton($addr); + + $valid = true; + for($i = 0; $i < $mask; $i++) { + $part = ord($addr[(int)($i/8)]); + $orig = ord($ip[(int)($i/8)]); + + $part = $part & (15 << (1 - ($i % 2))); + $orig = $orig & (15 << (1 - ($i % 2))); + + if ($part !== $orig) { + $valid = false; + break; + } + } + + if ($valid === true) { + return true; + } + } + + return false; + + } + + /** * Get the throttling delay (in milliseconds) * * @param string $ip @@ -193,6 +254,10 @@ class Throttler { * @return int */ public function getDelay($ip, $action = '') { + if ($this->isIPWhitelisted($ip)) { + return 0; + } + $cutoffTime = (new \DateTime()) ->sub($this->getCutoff(43200)) ->getTimestamp(); diff --git a/lib/private/Settings/Manager.php b/lib/private/Settings/Manager.php index 94df00551d4..080b697b238 100644 --- a/lib/private/Settings/Manager.php +++ b/lib/private/Settings/Manager.php @@ -273,6 +273,7 @@ class Manager implements IManager { $sections = [ 0 => [new Section('server', $this->l->t('Server settings'), 0, $this->url->imagePath('settings', 'admin.svg'))], 5 => [new Section('sharing', $this->l->t('Sharing'), 0, $this->url->imagePath('core', 'actions/share.svg'))], + 10 => [new Section('security', $this->l->t('Security'), 0, $this->url->imagePath('core', 'actions/password.svg'))], 45 => [new Section('encryption', $this->l->t('Encryption'), 0, $this->url->imagePath('core', 'actions/password.svg'))], 98 => [new Section('additional', $this->l->t('Additional settings'), 0, $this->url->imagePath('core', 'actions/settings-dark.svg'))], 99 => [new Section('tips-tricks', $this->l->t('Tips & tricks'), 0, $this->url->imagePath('settings', 'help.svg'))], |