added: possibility to ban if a session cookie is incorrect (when we are using encoded cookies)
added: possibility to ban if a client tries to hijack the session cookie
added: possibility to ban if a client did not send a session cookie
renamed: ezc functions:
login_cannot_login -> ipban_is_login_allowed_from_this_ip (and the return value was changed)
login_when_available_login -> ipban_current_ip_expires_time
added: config options:
// after how many broken encoded cookie we should ban the current IP
// default: 2 (value in the range <0 - 65535>)
size_t broken_encoded_cookie_treshold;
// after how many incorrect session identifiers (or session indices) we should ban the current IP
// do not set this value too low, as people connecting from the same IP address (from behind a NAT)
// would be banned if they have an old session cookie remembered in the browser
// default: 128 (value in the range <0 - 65535>)
size_t session_hijacking_treshold;
// after how many times a client will be banned if it did not send a session cookie
// default: 1000 (value in the range <0 - 65535>)
size_t no_session_cookie_treshold;
git-svn-id: svn://ttmath.org/publicrep/winix/trunk@995 e52654a7-88a9-db11-a3e9-0013d4bc506e
This commit is contained in:
@@ -74,6 +74,8 @@ public:
|
||||
void DeleteSessions(); // deleting all sessions
|
||||
bool ChangeSessionId(long old_id);
|
||||
|
||||
void IncrementBanLevel(IPBan * ip_ban);
|
||||
|
||||
void InitTmpSession();
|
||||
void InitBanList();
|
||||
void InitCookieEncoding();
|
||||
@@ -93,6 +95,7 @@ public:
|
||||
size_t MarkAllSessionsToRemove(long user_id);
|
||||
|
||||
IPBan & AddIPToBanList(int ip);
|
||||
IPBan & AddIPToBanList(int ip, time_t cur_time);
|
||||
size_t BanListSize();
|
||||
IPBan & GetIPBan(size_t index);
|
||||
void RemoveIPBan(int ip);
|
||||
@@ -107,34 +110,35 @@ private:
|
||||
Config * config;
|
||||
Cur * cur;
|
||||
System * system;
|
||||
|
||||
LastContainer * last_container;
|
||||
|
||||
// current session - set by SetSession()
|
||||
Session * session;
|
||||
|
||||
SessionContainer session_tab;
|
||||
IPBanContainer ban_tab;
|
||||
|
||||
IPBan * current_ip_ban;
|
||||
|
||||
// session with id 0
|
||||
bool is_session_set;
|
||||
Session temporary_session;
|
||||
|
||||
SessionIdManager session_id_manager;
|
||||
|
||||
bool IsSession(long s);
|
||||
|
||||
|
||||
long CreateSessionId();
|
||||
void CreateSession();
|
||||
bool IsSessionCorrect(long id, bool has_index, unsigned int index, const SessionContainer::Iterator & s, unsigned int & difference);
|
||||
bool SetSessionFromCookie(long id, bool has_index, unsigned int index);
|
||||
bool SetSessionFromCookie(const std::wstring & cookie);
|
||||
void SetTemporarySession();
|
||||
unsigned int SetSessionCalcDifference(Session & ses, unsigned int index);
|
||||
unsigned int CalculateIndexDifference(Session & ses, unsigned int index);
|
||||
void SetSessionPutLogInfo(Session & ses, bool has_index, unsigned int difference);
|
||||
bool IsIPBanned();
|
||||
void SetFirstExpirationTime(IPBan * ip_ban);
|
||||
void BrokenCookieCheckBan();
|
||||
void IncorrectSessionCheckBan();
|
||||
void NoSessionCookieCheckBan();
|
||||
|
||||
// second thread
|
||||
|
||||
/*
|
||||
* second thread
|
||||
*/
|
||||
int deleted;
|
||||
virtual void Work();
|
||||
void CheckSession(SessionContainer::Iterator & i);
|
||||
|
||||
Reference in New Issue
Block a user