mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 18:45:54 +02:00
proxy: Remove AUTH_IPCACHE_TTL
This is potentially dangerous to set larger than zero. Authentication is perfomed on basis of IP addresses which is not a good idea at all. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
@@ -46,6 +46,7 @@ WARNING: translation string unused: admin user password has been changed
|
||||
WARNING: translation string unused: administrator user password
|
||||
WARNING: translation string unused: adsl settings
|
||||
WARNING: translation string unused: advproxy AUTH method ntlm
|
||||
WARNING: translation string unused: advproxy AUTH user IP cache TTL
|
||||
WARNING: translation string unused: advproxy LDAP auth
|
||||
WARNING: translation string unused: advproxy NTLM BDC hostname
|
||||
WARNING: translation string unused: advproxy NTLM PDC hostname
|
||||
@@ -68,6 +69,7 @@ WARNING: translation string unused: advproxy chgwebpwd new password
|
||||
WARNING: translation string unused: advproxy chgwebpwd new password confirm
|
||||
WARNING: translation string unused: advproxy chgwebpwd old password
|
||||
WARNING: translation string unused: advproxy chgwebpwd username
|
||||
WARNING: translation string unused: advproxy errmsg auth ipcache ttl
|
||||
WARNING: translation string unused: advproxy errmsg change fail
|
||||
WARNING: translation string unused: advproxy errmsg change success
|
||||
WARNING: translation string unused: advproxy errmsg invalid bdc
|
||||
|
||||
@@ -126,7 +126,6 @@ WARNING: untranslated string: advproxy AUTH method radius = RADIUS
|
||||
WARNING: untranslated string: advproxy AUTH no auth = Domains without authentication (one per line)
|
||||
WARNING: untranslated string: advproxy AUTH number of auth processes = Number of authentication processes
|
||||
WARNING: untranslated string: advproxy AUTH realm = Authentication realm prompt
|
||||
WARNING: untranslated string: advproxy AUTH user IP cache TTL = User/IP cache TTL (in minutes)
|
||||
WARNING: untranslated string: advproxy IDENT authorized users = Authorized users (one per line)
|
||||
WARNING: untranslated string: advproxy IDENT aware hosts = Ident aware hosts (one per line)
|
||||
WARNING: untranslated string: advproxy IDENT identd settings = Common identd settings
|
||||
@@ -208,7 +207,6 @@ WARNING: untranslated string: advproxy errmsg acl cannot be empty = Access contr
|
||||
WARNING: untranslated string: advproxy errmsg auth cache ttl = Invalid value for authentication cache TTL
|
||||
WARNING: untranslated string: advproxy errmsg auth children = Invalid number of authentication processes
|
||||
WARNING: untranslated string: advproxy errmsg auth ipcache may not be null = Authentication cache TTL may not be 0 when using IP address limits
|
||||
WARNING: untranslated string: advproxy errmsg auth ipcache ttl = Invalid value for user/IP cache TTL
|
||||
WARNING: untranslated string: advproxy errmsg cache = The RAM cache size is greater than the harddisk cache size:
|
||||
WARNING: untranslated string: advproxy errmsg hdd cache size = Invalid value for harddisk cache size (min 10 MB required)
|
||||
WARNING: untranslated string: advproxy errmsg ident timeout = Invalid ident timeout
|
||||
|
||||
@@ -22,6 +22,7 @@ WARNING: translation string unused: add xtaccess
|
||||
WARNING: translation string unused: add-route
|
||||
WARNING: translation string unused: admin user password has been changed
|
||||
WARNING: translation string unused: administrator user password
|
||||
WARNING: translation string unused: advproxy AUTH user IP cache TTL
|
||||
WARNING: translation string unused: advproxy LDAP auth
|
||||
WARNING: translation string unused: advproxy NTLM BDC hostname
|
||||
WARNING: translation string unused: advproxy NTLM PDC hostname
|
||||
@@ -44,6 +45,7 @@ WARNING: translation string unused: advproxy chgwebpwd new password
|
||||
WARNING: translation string unused: advproxy chgwebpwd new password confirm
|
||||
WARNING: translation string unused: advproxy chgwebpwd old password
|
||||
WARNING: translation string unused: advproxy chgwebpwd username
|
||||
WARNING: translation string unused: advproxy errmsg auth ipcache ttl
|
||||
WARNING: translation string unused: advproxy errmsg change fail
|
||||
WARNING: translation string unused: advproxy errmsg change success
|
||||
WARNING: translation string unused: advproxy errmsg invalid bdc
|
||||
|
||||
@@ -46,6 +46,7 @@ WARNING: translation string unused: admin user password has been changed
|
||||
WARNING: translation string unused: administrator user password
|
||||
WARNING: translation string unused: adsl settings
|
||||
WARNING: translation string unused: advproxy AUTH method ntlm
|
||||
WARNING: translation string unused: advproxy AUTH user IP cache TTL
|
||||
WARNING: translation string unused: advproxy LDAP auth
|
||||
WARNING: translation string unused: advproxy NTLM BDC hostname
|
||||
WARNING: translation string unused: advproxy NTLM PDC hostname
|
||||
@@ -68,6 +69,7 @@ WARNING: translation string unused: advproxy chgwebpwd new password
|
||||
WARNING: translation string unused: advproxy chgwebpwd new password confirm
|
||||
WARNING: translation string unused: advproxy chgwebpwd old password
|
||||
WARNING: translation string unused: advproxy chgwebpwd username
|
||||
WARNING: translation string unused: advproxy errmsg auth ipcache ttl
|
||||
WARNING: translation string unused: advproxy errmsg change fail
|
||||
WARNING: translation string unused: advproxy errmsg change success
|
||||
WARNING: translation string unused: advproxy errmsg invalid bdc
|
||||
|
||||
@@ -24,6 +24,7 @@ WARNING: translation string unused: add-route
|
||||
WARNING: translation string unused: admin user password has been changed
|
||||
WARNING: translation string unused: administrator user password
|
||||
WARNING: translation string unused: advproxy AUTH method ntlm
|
||||
WARNING: translation string unused: advproxy AUTH user IP cache TTL
|
||||
WARNING: translation string unused: advproxy LDAP auth
|
||||
WARNING: translation string unused: advproxy NTLM BDC hostname
|
||||
WARNING: translation string unused: advproxy NTLM PDC hostname
|
||||
@@ -46,6 +47,7 @@ WARNING: translation string unused: advproxy chgwebpwd new password
|
||||
WARNING: translation string unused: advproxy chgwebpwd new password confirm
|
||||
WARNING: translation string unused: advproxy chgwebpwd old password
|
||||
WARNING: translation string unused: advproxy chgwebpwd username
|
||||
WARNING: translation string unused: advproxy errmsg auth ipcache ttl
|
||||
WARNING: translation string unused: advproxy errmsg change fail
|
||||
WARNING: translation string unused: advproxy errmsg change success
|
||||
WARNING: translation string unused: advproxy errmsg invalid bdc
|
||||
|
||||
@@ -23,6 +23,7 @@ WARNING: translation string unused: add xtaccess
|
||||
WARNING: translation string unused: add-route
|
||||
WARNING: translation string unused: admin user password has been changed
|
||||
WARNING: translation string unused: administrator user password
|
||||
WARNING: translation string unused: advproxy AUTH user IP cache TTL
|
||||
WARNING: translation string unused: advproxy LDAP auth
|
||||
WARNING: translation string unused: advproxy NTLM BDC hostname
|
||||
WARNING: translation string unused: advproxy NTLM PDC hostname
|
||||
@@ -45,6 +46,7 @@ WARNING: translation string unused: advproxy chgwebpwd new password
|
||||
WARNING: translation string unused: advproxy chgwebpwd new password confirm
|
||||
WARNING: translation string unused: advproxy chgwebpwd old password
|
||||
WARNING: translation string unused: advproxy chgwebpwd username
|
||||
WARNING: translation string unused: advproxy errmsg auth ipcache ttl
|
||||
WARNING: translation string unused: advproxy errmsg change fail
|
||||
WARNING: translation string unused: advproxy errmsg change success
|
||||
WARNING: translation string unused: advproxy errmsg invalid bdc
|
||||
|
||||
@@ -22,6 +22,7 @@ WARNING: translation string unused: add xtaccess
|
||||
WARNING: translation string unused: add-route
|
||||
WARNING: translation string unused: admin user password has been changed
|
||||
WARNING: translation string unused: administrator user password
|
||||
WARNING: translation string unused: advproxy AUTH user IP cache TTL
|
||||
WARNING: translation string unused: advproxy LDAP auth
|
||||
WARNING: translation string unused: advproxy NTLM BDC hostname
|
||||
WARNING: translation string unused: advproxy NTLM PDC hostname
|
||||
@@ -44,6 +45,7 @@ WARNING: translation string unused: advproxy chgwebpwd new password
|
||||
WARNING: translation string unused: advproxy chgwebpwd new password confirm
|
||||
WARNING: translation string unused: advproxy chgwebpwd old password
|
||||
WARNING: translation string unused: advproxy chgwebpwd username
|
||||
WARNING: translation string unused: advproxy errmsg auth ipcache ttl
|
||||
WARNING: translation string unused: advproxy errmsg change fail
|
||||
WARNING: translation string unused: advproxy errmsg change success
|
||||
WARNING: translation string unused: advproxy errmsg invalid bdc
|
||||
|
||||
@@ -23,6 +23,7 @@ WARNING: translation string unused: add xtaccess
|
||||
WARNING: translation string unused: add-route
|
||||
WARNING: translation string unused: admin user password has been changed
|
||||
WARNING: translation string unused: administrator user password
|
||||
WARNING: translation string unused: advproxy AUTH user IP cache TTL
|
||||
WARNING: translation string unused: advproxy LDAP auth
|
||||
WARNING: translation string unused: advproxy NTLM BDC hostname
|
||||
WARNING: translation string unused: advproxy NTLM PDC hostname
|
||||
@@ -45,6 +46,7 @@ WARNING: translation string unused: advproxy chgwebpwd new password
|
||||
WARNING: translation string unused: advproxy chgwebpwd new password confirm
|
||||
WARNING: translation string unused: advproxy chgwebpwd old password
|
||||
WARNING: translation string unused: advproxy chgwebpwd username
|
||||
WARNING: translation string unused: advproxy errmsg auth ipcache ttl
|
||||
WARNING: translation string unused: advproxy errmsg change fail
|
||||
WARNING: translation string unused: advproxy errmsg change success
|
||||
WARNING: translation string unused: advproxy errmsg invalid bdc
|
||||
|
||||
@@ -46,6 +46,7 @@ WARNING: translation string unused: admin user password has been changed
|
||||
WARNING: translation string unused: administrator user password
|
||||
WARNING: translation string unused: adsl settings
|
||||
WARNING: translation string unused: advproxy AUTH method ntlm
|
||||
WARNING: translation string unused: advproxy AUTH user IP cache TTL
|
||||
WARNING: translation string unused: advproxy LDAP auth
|
||||
WARNING: translation string unused: advproxy NTLM BDC hostname
|
||||
WARNING: translation string unused: advproxy NTLM PDC hostname
|
||||
@@ -68,6 +69,7 @@ WARNING: translation string unused: advproxy chgwebpwd new password
|
||||
WARNING: translation string unused: advproxy chgwebpwd new password confirm
|
||||
WARNING: translation string unused: advproxy chgwebpwd old password
|
||||
WARNING: translation string unused: advproxy chgwebpwd username
|
||||
WARNING: translation string unused: advproxy errmsg auth ipcache ttl
|
||||
WARNING: translation string unused: advproxy errmsg change fail
|
||||
WARNING: translation string unused: advproxy errmsg change success
|
||||
WARNING: translation string unused: advproxy errmsg invalid bdc
|
||||
|
||||
@@ -250,7 +250,6 @@ $proxysettings{'AUTH_METHOD'} = 'none';
|
||||
$proxysettings{'AUTH_REALM'} = '';
|
||||
$proxysettings{'AUTH_MAX_USERIP'} = '';
|
||||
$proxysettings{'AUTH_CACHE_TTL'} = '60';
|
||||
$proxysettings{'AUTH_IPCACHE_TTL'} = '0';
|
||||
$proxysettings{'AUTH_CHILDREN'} = '5';
|
||||
$proxysettings{'NCSA_MIN_PASS_LEN'} = '6';
|
||||
$proxysettings{'NCSA_BYPASS_REDIR'} = 'off';
|
||||
@@ -472,23 +471,18 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'}
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/))
|
||||
{
|
||||
$errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'};
|
||||
goto ERROR;
|
||||
}
|
||||
if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) &&
|
||||
((!($proxysettings{'AUTH_MAX_USERIP'} =~ /^\d+/)) || ($proxysettings{'AUTH_MAX_USERIP'} < 1) || ($proxysettings{'AUTH_MAX_USERIP'} > 255)))
|
||||
{
|
||||
$errormessage = $Lang::tr{'advproxy errmsg max userip'};
|
||||
goto ERROR;
|
||||
}
|
||||
if (!($proxysettings{'AUTH_CACHE_TTL'} =~ /^\d+/))
|
||||
{
|
||||
$errormessage = $Lang::tr{'advproxy errmsg auth cache ttl'};
|
||||
goto ERROR;
|
||||
}
|
||||
if (!($proxysettings{'AUTH_IPCACHE_TTL'} =~ /^\d+/))
|
||||
{
|
||||
$errormessage = $Lang::tr{'advproxy errmsg auth ipcache ttl'};
|
||||
goto ERROR;
|
||||
}
|
||||
if ((!($proxysettings{'AUTH_MAX_USERIP'} eq '')) && ($proxysettings{'AUTH_IPCACHE_TTL'} eq '0'))
|
||||
if (!($proxysettings{'AUTH_MAX_USERIP'} eq ''))
|
||||
{
|
||||
$errormessage = $Lang::tr{'advproxy errmsg auth ipcache may not be null'};
|
||||
goto ERROR;
|
||||
@@ -1746,10 +1740,6 @@ print <<END
|
||||
<td class='base'>$Lang::tr{'advproxy AUTH limit of IP addresses'}:</td>
|
||||
<td><input type='text' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class='base'>$Lang::tr{'advproxy AUTH user IP cache TTL'}:</td>
|
||||
<td><input type='text' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class='base'>$Lang::tr{'advproxy AUTH always required'}:</td>
|
||||
<td><input type='checkbox' name='AUTH_ALWAYS_REQUIRED' $checked{'AUTH_ALWAYS_REQUIRED'}{'on'} /></td>
|
||||
@@ -2046,7 +2036,6 @@ print <<END
|
||||
<td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
|
||||
<td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
|
||||
<td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
|
||||
<td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
|
||||
<td><input type='hidden' name='AUTH_ALWAYS_REQUIRED' value='$proxysettings{'AUTH_ALWAYS_REQUIRED'}'></td>
|
||||
<td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
|
||||
<td><input type='hidden' name='DST_NOAUTH' value='$proxysettings{'DST_NOAUTH'}'></td>
|
||||
@@ -2058,7 +2047,6 @@ print <<END
|
||||
<td><input type='hidden' name='AUTH_CHILDREN' value='$proxysettings{'AUTH_CHILDREN'}'></td>
|
||||
<td><input type='hidden' name='AUTH_CACHE_TTL' value='$proxysettings{'AUTH_CACHE_TTL'}' size='5' /></td>
|
||||
<td><input type='hidden' name='AUTH_MAX_USERIP' value='$proxysettings{'AUTH_MAX_USERIP'}' size='5' /></td>
|
||||
<td><input type='hidden' name='AUTH_IPCACHE_TTL' value='$proxysettings{'AUTH_IPCACHE_TTL'}' size='5' /></td>
|
||||
<td><input type='hidden' name='AUTH_REALM' value='$proxysettings{'AUTH_REALM'}'></td>
|
||||
END
|
||||
; }
|
||||
@@ -3180,6 +3168,11 @@ END
|
||||
}
|
||||
print FILE "\n";
|
||||
|
||||
# If we use authentication, users must always authenticate
|
||||
unless ($proxysettings{"AUTH_METHOD"} eq "") {
|
||||
print FILE "authenticate_ip_ttl 0\n\n";
|
||||
}
|
||||
|
||||
if ((!($proxysettings{'AUTH_METHOD'} eq 'none')) && (!($proxysettings{'AUTH_METHOD'} eq 'ident')))
|
||||
{
|
||||
if ($proxysettings{'AUTH_METHOD'} eq 'ncsa')
|
||||
@@ -3188,7 +3181,6 @@ END
|
||||
print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
|
||||
print FILE "auth_param basic realm $authrealm\n";
|
||||
print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
|
||||
if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
|
||||
}
|
||||
|
||||
if ($proxysettings{'AUTH_METHOD'} eq 'ldap')
|
||||
@@ -3233,7 +3225,6 @@ END
|
||||
print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
|
||||
print FILE "auth_param basic realm $authrealm\n";
|
||||
print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
|
||||
if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
|
||||
}
|
||||
|
||||
if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth')
|
||||
@@ -3273,7 +3264,6 @@ END
|
||||
print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n";
|
||||
print FILE "auth_param basic realm $authrealm\n";
|
||||
print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n";
|
||||
if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; }
|
||||
}
|
||||
|
||||
print FILE "\n";
|
||||
|
||||
Reference in New Issue
Block a user