Commit 5945d7c8 authored by Leigh Stoller's avatar Leigh Stoller

Security stuff:

1. New table login_history to save all logins (uid,IP,portal).

2. Send warning email when user who has not been active for over a year
   logs in.
parent cf5c81d7
......@@ -3027,6 +3027,23 @@ CREATE TABLE `login_failures` (
PRIMARY KEY (`IP`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
--
-- Table structure for table `login_history`
--
DROP TABLE IF EXISTS `login_history`;
CREATE TABLE `login_history` (
`idx` int(11) NOT NULL auto_increment,
`uid_idx` mediumint(8) unsigned NOT NULL default '0',
`uid` varchar(10) NOT NULL default '',
`tstamp` datetime NOT NULL default '0000-00-00 00:00:00',
`IP` varchar(16) default NULL,
`portal` enum('emulab','aptlab','cloudlab','phantomnet','powder') default NULL,
PRIMARY KEY (`idx`),
KEY (`uid_idx`,`tstamp`),
KEY `uidstamp` (`uid`,`tstamp`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
--
-- Table structure for table `loginmessage`
--
......
#
# Login history table.
#
use strict;
use libdb;
sub DoUpdate($$$)
{
my ($dbhandle, $dbname, $version) = @_;
if (!DBTableExists("login_history")) {
DBQueryFatal("CREATE TABLE `login_history` (".
" `idx` int(11) NOT NULL auto_increment, ".
" `uid_idx` mediumint(8) unsigned NOT NULL default '0', ".
" `uid` varchar(10) NOT NULL default '', ".
" `tstamp` datetime NOT NULL default ".
" '0000-00-00 00:00:00', ".
" `IP` varchar(16) default NULL, ".
" `portal` enum('emulab','aptlab','cloudlab', ".
" 'phantomnet','powder') default NULL, ".
" PRIMARY KEY (`idx`), ".
" KEY (`uid_idx`,`tstamp`), ".
" KEY `uidstamp` (`uid`,`tstamp`) ".
") ENGINE=MyISAM DEFAULT CHARSET=latin1;");
}
return 0;
}
1;
# Local Variables:
# mode:perl
# End:
......@@ -1034,6 +1034,10 @@ function DOLOGIN_MAGIC($uid, $uid_idx, $email = null,
}
$now = time();
if (isset($_SERVER['REMOTE_ADDR'])) {
$IP = $_SERVER['REMOTE_ADDR'];
}
#
# Insert a record in the login table for this uid with
# the new hash value. If the user is already logged in, thats
......@@ -1068,6 +1072,17 @@ function DOLOGIN_MAGIC($uid, $uid_idx, $email = null,
# and to mark activity to keep the mount active.
DBQueryFatal("update user_stats set last_activity=now() ".
"where uid_idx='$uid_idx'");
$history = "insert into login_history set ".
" idx=null,uid='$uid',uid_idx='$uid_idx',tstamp=now()";
if (isset($IP)) {
$history .= ",IP='$IP'";
}
if (isset($PORTAL_GENESIS)) {
$history .= ",portal='$PORTAL_GENESIS'";
}
DBQueryFatal($history);
if (mysql_num_rows($query_result)) {
$lastrow = mysql_fetch_row($query_result);
......@@ -1087,6 +1102,15 @@ function DOLOGIN_MAGIC($uid, $uid_idx, $email = null,
return;
}
}
if (time() - $lastactive > (3600 * 24 * 365)) {
TBMAIL($TBMAIL_OPS,
"Web Login Inactivity Alert: '$uid'",
"Login by $uid ($uid_idx) after extended period ".
"of inactivity!\n",
"From: $TBMAIL_OPS\n".
"Bcc: $TBMAIL_AUDIT\n".
"Errors-To: $TBMAIL_WWW");
}
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment