2012-05-17 Vanessa Gil <vanessa.gil@artica.es>
* pandoradb.sql pandoradb.postgreSQL.sql pandoradb.oracle.sql pandoradb_data.sql pandoradb.data.oracle.sql pandoradb.data.postgreSQL.sql extras/pandoradb_migrate_4.0.x_to_4.1.mysql.sql extras/pandoradb_migrate_4.0.x_to_4.1.oracle.sql extras/pandoradb_migrate_4.0.x_to_4.1.postgreSQL.sql index.php godmode/users/configure_user.php include/functions_config.php include/javascript/jquery.pandora.js: Added password policy. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@6312 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
vgilc
parent
ad1e473094
commit
9cc02bfaf5
|
|
@ -1,3 +1,19 @@
|
|||
2012-05-17 Vanessa Gil <vanessa.gil@artica.es>
|
||||
|
||||
* pandoradb.sql
|
||||
pandoradb.postgreSQL.sql
|
||||
pandoradb.oracle.sql
|
||||
pandoradb_data.sql
|
||||
pandoradb.data.oracle.sql
|
||||
pandoradb.data.postgreSQL.sql
|
||||
extras/pandoradb_migrate_4.0.x_to_4.1.mysql.sql
|
||||
extras/pandoradb_migrate_4.0.x_to_4.1.oracle.sql
|
||||
extras/pandoradb_migrate_4.0.x_to_4.1.postgreSQL.sql
|
||||
index.php
|
||||
godmode/users/configure_user.php
|
||||
include/functions_config.php
|
||||
include/javascript/jquery.pandora.js: Added password policy.
|
||||
|
||||
2012-05-17 Kikuchi Koichiro <koichiro@rworks.jp>
|
||||
|
||||
* extensions/update_manager/settings.php,
|
||||
|
|
|
|||
|
|
@ -215,3 +215,12 @@ CREATE TABLE IF NOT EXISTS `ttimezone` (
|
|||
`timezone` varchar(60) NOT NULL,
|
||||
PRIMARY KEY (`id_tz`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
|
||||
-- -----------------------------------------------------
|
||||
-- Table `tusuario`
|
||||
-- -----------------------------------------------------
|
||||
|
||||
ALTER TABLE `tusuario` ADD COLUMN `force_change_pass` tinyint(1) DEFAULT 0;
|
||||
ALTER TABLE `tusuario` ADD COLUMN `last_pass_change` DATETIME NOT NULL DEFAULT 0;
|
||||
ALTER TABLE `tusuario` ADD COLUMN `last_failed_login` DATETIME NOT NULL DEFAULT 0;
|
||||
ALTER TABLE `tusuario` ADD COLUMN `failed_attempt` int(4) NOT NULL DEFAULT 0;
|
||||
|
|
|
|||
|
|
@ -218,3 +218,12 @@ CREATE OR REPLACE TRIGGER ttimezone_inc BEFORE INSERT ON ttimezone REFERENCING N
|
|||
-- -----------------------------------------------------
|
||||
|
||||
ALTER TABLE tnetwork_component ADD COLUMN unit CLOB default '';
|
||||
|
||||
-- -----------------------------------------------------
|
||||
-- Table `tusuario`
|
||||
-- -----------------------------------------------------
|
||||
|
||||
alter table tusuario add (force_change_pass NUMBER(5,0) default 0 NOT NULL);
|
||||
alter table tusuario add (last_pass_change TIMESTAMP default 0);
|
||||
alter table tusuario add (last_failed_login TIMESTAMP default 0);
|
||||
alter table tusuario add (failed_attempt NUMBER(5,0) default 0 NOT NULL);
|
||||
|
|
|
|||
|
|
@ -208,3 +208,11 @@ CREATE TABLE "ttimezone" (
|
|||
|
||||
ALTER TABLE "tnetwork_component" ADD COLUMN "unit" text default '';
|
||||
|
||||
-- -----------------------------------------------------
|
||||
-- Table `tusuario`
|
||||
-- -----------------------------------------------------
|
||||
|
||||
ALTER TABLE "tusuario" ADD COLUMN "force_change_pass" SMALLINT NOT NULL default 0;
|
||||
ALTER TABLE "tusuario" ADD COLUMN "last_pass_change" BIGINT NOT NULL default 0;
|
||||
ALTER TABLE "tusuario" ADD COLUMN "last_failed_login" BIGINT NOT NULL default 0;
|
||||
ALTER TABLE "tusuario" ADD COLUMN "failed_attempt" INTEGER NOT NULL DEFAULT 0;
|
||||
|
|
|
|||
|
|
@ -131,6 +131,11 @@ if ($create_user) {
|
|||
$values['block_size'] = (int) get_parameter ('block_size', $config["block_size"]);
|
||||
$values['flash_chart'] = (int) get_parameter ('flash_charts', $config["flash_charts"]);
|
||||
|
||||
if (defined('PANDORA_ENTERPRISE')) {
|
||||
$values['force_change_pass'] = 1;
|
||||
$values['last_pass_change'] = date ("Y/m/d H:i:s", get_system_time());
|
||||
}
|
||||
|
||||
if ($id == '') {
|
||||
ui_print_error_message (__('User ID cannot be empty'));
|
||||
$user_info = $values;
|
||||
|
|
|
|||
|
|
@ -215,6 +215,18 @@ function config_update_config () {
|
|||
$config['relative_path'] = get_parameter('relative_path', $config['relative_path']);
|
||||
}
|
||||
|
||||
$enterprise = enterprise_include_once ('godmode/setup/setup.php');
|
||||
if ($enterprise !== ENTERPRISE_NOT_HOOK) {
|
||||
$config['enable_pass_policy'] = get_parameter('enable_pass_policy', $config['enable_pass_policy']);
|
||||
$config['pass_size'] = get_parameter('pass_size', $config['pass_size']);
|
||||
$config['pass_expire'] = get_parameter('pass_expire', $config['pass_expire']);
|
||||
$config['first_login'] = get_parameter('first_login', $config['first_login']);
|
||||
$config['mins_fail_pass'] = get_parameter('mins_fail_pass', $config['mins_fail_pass']);
|
||||
$config['number_attempts'] = get_parameter('number_attempts', $config['number_attempts']);
|
||||
$config['pass_needs_numbers'] = get_parameter('pass_needs_numbers', $config['pass_needs_numbers']);
|
||||
$config['pass_needs_symbols'] = get_parameter('pass_needs_symbols', $config['pass_needs_symbols']);
|
||||
}
|
||||
|
||||
# Update of Pandora FMS license
|
||||
$update_manager_installed = db_get_value('value', 'tconfig', 'token', 'update_manager_installed');
|
||||
|
||||
|
|
|
|||
|
|
@ -132,5 +132,32 @@ $(document).ready (function () {
|
|||
);
|
||||
return false;
|
||||
});
|
||||
|
||||
$( "#msg_change_password" ).dialog({
|
||||
resizable: true,
|
||||
draggable: true,
|
||||
modal: true,
|
||||
height: 280,
|
||||
width: 600,
|
||||
overlay: {
|
||||
opacity: 0.5,
|
||||
background: "black"
|
||||
},
|
||||
bgiframe: jQuery.browser.msie
|
||||
});
|
||||
|
||||
$( "#login_blocked" ).dialog({
|
||||
resizable: true,
|
||||
draggable: true,
|
||||
modal: true,
|
||||
height: 140,
|
||||
width: 300,
|
||||
overlay: {
|
||||
opacity: 0.5,
|
||||
background: "black"
|
||||
},
|
||||
bgiframe: jQuery.browser.msie
|
||||
});
|
||||
|
||||
|
||||
});
|
||||
|
|
|
|||
|
|
@ -62,11 +62,16 @@ if ((! file_exists ("include/config.php")) || (! is_readable ("include/config.ph
|
|||
session_start ();
|
||||
require_once ("include/config.php");
|
||||
|
||||
$fails = get_parameter('fails', 0);
|
||||
|
||||
/* Enterprise support */
|
||||
if (file_exists (ENTERPRISE_DIR."/load_enterprise.php")) {
|
||||
include_once (ENTERPRISE_DIR."/load_enterprise.php");
|
||||
}
|
||||
|
||||
if (file_exists (ENTERPRISE_DIR."/include/functions_login.php")) {
|
||||
include_once (ENTERPRISE_DIR."/include/functions_login.php");
|
||||
}
|
||||
|
||||
if (!empty ($config["https"]) && empty ($_SERVER['HTTPS'])) {
|
||||
$query = '';
|
||||
|
|
@ -127,6 +132,18 @@ $sec = safe_url_extraclean ($sec);
|
|||
|
||||
$process_login = false;
|
||||
|
||||
// Update user password
|
||||
$change_pass = get_parameter('renew_password', 0);
|
||||
|
||||
if ($change_pass == 1) {
|
||||
|
||||
$password_new = (string) get_parameter ('new_password', '');
|
||||
$password_confirm = (string) get_parameter ('confirm_new_password', '');
|
||||
$id = (string) get_parameter ('login', '');
|
||||
|
||||
$changed_pass = login_update_password_check ($password_new, $password_confirm, $id);
|
||||
}
|
||||
|
||||
$searchPage = false;
|
||||
$search = get_parameter_get("head_search_keywords");
|
||||
if (strlen($search) > 0) {
|
||||
|
|
@ -169,7 +186,39 @@ elseif (! isset ($config['id_user']) && isset ($_GET["login"])) {
|
|||
// process_user_login should return false in case of errors or invalid login, the nickname if correct
|
||||
$nick_in_db = process_user_login ($nick, $pass);
|
||||
|
||||
if ($nick_in_db !== false) {
|
||||
$expired_pass = false;
|
||||
|
||||
if (($nick_in_db != false)&&(!is_user_admin($nick)) && (defined('PANDORA_ENTERPRISE')) && ($config['enable_pass_policy'])) {
|
||||
include_once(ENTERPRISE_DIR."/include/auth/mysql.php");
|
||||
|
||||
$blocked = login_check_blocked($nick);
|
||||
|
||||
if ($blocked) {
|
||||
require_once ('general/login_page.php');
|
||||
db_pandora_audit("Password expired", "Password expired: ".$nick, $nick);
|
||||
while (@ob_end_flush ());
|
||||
exit ("</html>");
|
||||
}
|
||||
|
||||
//Checks if password has expired
|
||||
$check_status = check_pass_status($nick, $pass);
|
||||
|
||||
switch ($check_status) {
|
||||
case 1: //first change
|
||||
case 2: //pass expired
|
||||
$expired_pass = true;
|
||||
login_change_password($nick);
|
||||
break;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if (($nick_in_db !== false) && $expired_pass) { //login ok and password has expired
|
||||
require_once ('general/login_page.php');
|
||||
db_pandora_audit("Password expired", "Password expired: ".$nick, $nick);
|
||||
while (@ob_end_flush ());
|
||||
exit ("</html>");
|
||||
} else if (($nick_in_db !== false) && (!$expired_pass)) { //login ok and password has not expired
|
||||
$process_login = true;
|
||||
|
||||
unset ($_GET["sec2"]);
|
||||
|
|
@ -234,18 +283,32 @@ elseif (! isset ($config['id_user']) && isset ($_GET["login"])) {
|
|||
$l10n->load_tables();
|
||||
}
|
||||
}
|
||||
else {
|
||||
// User not known
|
||||
$login_failed = true;
|
||||
require_once ('general/login_page.php');
|
||||
db_pandora_audit("Logon Failed", "Invalid login: ".$nick, $nick);
|
||||
while (@ob_end_flush ());
|
||||
exit ("</html>");
|
||||
else { //login wrong
|
||||
$blocked = false;
|
||||
|
||||
if (!is_user_admin($nick)) {
|
||||
$blocked = login_check_blocked($nick);
|
||||
}
|
||||
|
||||
if (!$blocked) {
|
||||
login_check_failed($nick); //Checks failed attempts
|
||||
$login_failed = true;
|
||||
require_once ('general/login_page.php');
|
||||
db_pandora_audit("Logon Failed", "Invalid login: ".$nick, $nick);
|
||||
while (@ob_end_flush ());
|
||||
exit ("</html>");
|
||||
} else {
|
||||
require_once ('general/login_page.php');
|
||||
db_pandora_audit("Logon Failed", "Invalid login: ".$nick, $nick);
|
||||
while (@ob_end_flush ());
|
||||
exit ("</html>");
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
elseif (! isset ($config['id_user'])) {
|
||||
|
||||
// There is no user connected
|
||||
|
||||
require_once ('general/login_page.php');
|
||||
while (@ob_end_flush ());
|
||||
exit ("</html>");
|
||||
|
|
|
|||
|
|
@ -90,6 +90,14 @@ INSERT INTO tconfig (token, value) VALUES ('netflow_interval', '300');
|
|||
INSERT INTO tconfig (token, value) VALUES ('netflow_daemon', '/usr/bin/nfcapd');
|
||||
INSERT INTO tconfig (token, value) VALUES ('event_fields', 'evento,id_agente,estado,timestamp');
|
||||
INSERT INTO tconfig (token, value) VALUES ('list_ACL_IPs_for_API_0', '127.0.0.1');
|
||||
INSERT INTO tconfig (token, value) VALUES ('enable_pass_policy', 0);
|
||||
INSERT INTO tconfig (token, value) VALUES ('pass_size', 4);
|
||||
INSERT INTO tconfig (token, value) VALUES ('pass_needs_numbers', 0);
|
||||
INSERT INTO tconfig (token, value) VALUES ('pass_needs_simbols', 0);
|
||||
INSERT INTO tconfig (token, value) VALUES ('pass_expire', 0);
|
||||
INSERT INTO tconfig (token, value) VALUES ('first_login', 0);
|
||||
INSERT INTO tconfig (token, value) VALUES ('mins_fail_pass', 5);
|
||||
INSERT INTO tconfig (token, value) VALUES ('number_attempts', 5);
|
||||
COMMIT;
|
||||
END;;
|
||||
|
||||
|
|
|
|||
|
|
@ -87,6 +87,15 @@ INSERT INTO "tconfig" ("token", "value") VALUES
|
|||
('netflow_daemon', '/usr/bin/nfcapd'),
|
||||
('event_fields', 'evento,id_agente,estado,timestamp'),
|
||||
('list_ACL_IPs_for_API_0', '127.0.0.1');
|
||||
('enable_pass_policy', 0);
|
||||
('pass_size', 4);
|
||||
('pass_needs_numbers', 0);
|
||||
('pass_needs_simbols', 0);
|
||||
('pass_expire', 0);
|
||||
('first_login', 0);
|
||||
('mins_fail_pass', 5);
|
||||
('number_attempts', 5);
|
||||
|
||||
COMMIT WORK;
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -873,7 +873,11 @@ CREATE TABLE tusuario (
|
|||
shortcut NUMBER(5, 0) DEFAULT 0,
|
||||
shortcut_data CLOB default '',
|
||||
section VARCHAR2(255) NOT NULL,
|
||||
data_section VARCHAR2(255) NOT NULL
|
||||
data_section VARCHAR2(255) NOT NULL,
|
||||
force_change_pass NUMBER(5,0) default 0 NOT NULL,
|
||||
last_pass_change TIMESTAMP default 0,
|
||||
last_failed_login TIMESTAMP default 0,
|
||||
failed_attempt NUMBER(5,0) default 0 NOT NULL
|
||||
);
|
||||
|
||||
CREATE TABLE tusuario_perfil (
|
||||
|
|
|
|||
|
|
@ -703,7 +703,11 @@ CREATE TABLE "tusuario" (
|
|||
"shortcut" SMALLINT DEFAULT 0,
|
||||
"shortcut_data" text default '',
|
||||
"section" varchar(255) NOT NULL DEFAULT '',
|
||||
"data_section" varchar(255) NOT NULL DEFAULT ''
|
||||
"data_section" varchar(255) NOT NULL DEFAULT '',
|
||||
"force_change_pass" SMALLINT NOT NULL default 0,
|
||||
"last_pass_change" BIGINT NOT NULL default 0,
|
||||
"last_failed_login" BIGINT NOT NULL default 0,
|
||||
"failed_attempt" INTEGER NOT NULL DEFAULT 0
|
||||
);
|
||||
|
||||
CREATE TABLE "tusuario_perfil" (
|
||||
|
|
|
|||
|
|
@ -779,6 +779,10 @@ CREATE TABLE IF NOT EXISTS `tusuario` (
|
|||
`shortcut_data` text,
|
||||
`section` TEXT NOT NULL,
|
||||
`data_section` TEXT NOT NULL,
|
||||
`force_change_pass` tinyint(1) unsigned NOT NULL default 0,
|
||||
`last_pass_change` DATETIME NOT NULL DEFAULT 0,
|
||||
`last_failed_login` DATETIME NOT NULL DEFAULT 0,
|
||||
`failed_attempt` int(4) NOT NULL DEFAULT 0,
|
||||
UNIQUE KEY `id_user` (`id_user`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
|
||||
|
|
|
|||
|
|
@ -85,7 +85,15 @@ INSERT INTO `tconfig` (`token`, `value`) VALUES
|
|||
('netflow_interval', '300'),
|
||||
('netflow_daemon', '/usr/bin/nfcapd'),
|
||||
('event_fields', 'evento,id_agente,estado,timestamp'),
|
||||
('list_ACL_IPs_for_API_0', '127.0.0.1');
|
||||
('list_ACL_IPs_for_API_0', '127.0.0.1'),
|
||||
('enable_pass_policy', 0),
|
||||
('pass_size', 4),
|
||||
('pass_needs_numbers', 0),
|
||||
('pass_needs_symbols', 0),
|
||||
('pass_expire', 0),
|
||||
('first_login', 0),
|
||||
('mins_fail_pass', 5),
|
||||
('number_attempts', 5);
|
||||
|
||||
UNLOCK TABLES;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue