All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

Commit 5945d7c8 authored by Leigh B Stoller's avatar Leigh B Stoller

Security stuff:

1. New table login_history to save all logins (uid,IP,portal).

2. Send warning email when user who has not been active for over a year
   logs in.
parent cf5c81d7
......@@ -3027,6 +3027,23 @@ CREATE TABLE `login_failures` (
PRIMARY KEY (`IP`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
--
-- Table structure for table `login_history`
--
DROP TABLE IF EXISTS `login_history`;
CREATE TABLE `login_history` (
`idx` int(11) NOT NULL auto_increment,
`uid_idx` mediumint(8) unsigned NOT NULL default '0',
`uid` varchar(10) NOT NULL default '',
`tstamp` datetime NOT NULL default '0000-00-00 00:00:00',
`IP` varchar(16) default NULL,
`portal` enum('emulab','aptlab','cloudlab','phantomnet','powder') default NULL,
PRIMARY KEY (`idx`),
KEY (`uid_idx`,`tstamp`),
KEY `uidstamp` (`uid`,`tstamp`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
--
-- Table structure for table `loginmessage`
--
......
#
# Login history table.
#
use strict;
use libdb;
sub DoUpdate($$$)
{
my ($dbhandle, $dbname, $version) = @_;
if (!DBTableExists("login_history")) {
DBQueryFatal("CREATE TABLE `login_history` (".
" `idx` int(11) NOT NULL auto_increment, ".
" `uid_idx` mediumint(8) unsigned NOT NULL default '0', ".
" `uid` varchar(10) NOT NULL default '', ".
" `tstamp` datetime NOT NULL default ".
" '0000-00-00 00:00:00', ".
" `IP` varchar(16) default NULL, ".
" `portal` enum('emulab','aptlab','cloudlab', ".
" 'phantomnet','powder') default NULL, ".
" PRIMARY KEY (`idx`), ".
" KEY (`uid_idx`,`tstamp`), ".
" KEY `uidstamp` (`uid`,`tstamp`) ".
") ENGINE=MyISAM DEFAULT CHARSET=latin1;");
}
return 0;
}
1;
# Local Variables:
# mode:perl
# End:
......@@ -1034,6 +1034,10 @@ function DOLOGIN_MAGIC($uid, $uid_idx, $email = null,
}
$now = time();
if (isset($_SERVER['REMOTE_ADDR'])) {
$IP = $_SERVER['REMOTE_ADDR'];
}
#
# Insert a record in the login table for this uid with
# the new hash value. If the user is already logged in, thats
......@@ -1068,6 +1072,17 @@ function DOLOGIN_MAGIC($uid, $uid_idx, $email = null,
# and to mark activity to keep the mount active.
DBQueryFatal("update user_stats set last_activity=now() ".
"where uid_idx='$uid_idx'");
$history = "insert into login_history set ".
" idx=null,uid='$uid',uid_idx='$uid_idx',tstamp=now()";
if (isset($IP)) {
$history .= ",IP='$IP'";
}
if (isset($PORTAL_GENESIS)) {
$history .= ",portal='$PORTAL_GENESIS'";
}
DBQueryFatal($history);
if (mysql_num_rows($query_result)) {
$lastrow = mysql_fetch_row($query_result);
......@@ -1087,6 +1102,15 @@ function DOLOGIN_MAGIC($uid, $uid_idx, $email = null,
return;
}
}
if (time() - $lastactive > (3600 * 24 * 365)) {
TBMAIL($TBMAIL_OPS,
"Web Login Inactivity Alert: '$uid'",
"Login by $uid ($uid_idx) after extended period ".
"of inactivity!\n",
"From: $TBMAIL_OPS\n".
"Bcc: $TBMAIL_AUDIT\n".
"Errors-To: $TBMAIL_WWW");
}
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment