<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
* This library is used with the server IP allow/deny host authentication
* feature
*
* @package PhpMyAdmin
*/
namespace PhpMyAdmin;
use PhpMyAdmin\Core;
require_once './libraries/hash.lib.php';
/**
* PhpMyAdmin\IpAllowDeny class
*
* @package PhpMyAdmin
*/
class IpAllowDeny
{
/**
* Matches for IPv4 or IPv6 addresses
*
* @param string $testRange string of IP range to match
* @param string $ipToTest string of IP to test against range
*
* @return boolean whether the IP mask matches
*
* @access public
*/
public static function ipMaskTest($testRange, $ipToTest)
{
if (mb_strpos($testRange, ':') > -1
|| mb_strpos($ipToTest, ':') > -1
) {
// assume IPv6
$result = self::ipv6MaskTest($testRange, $ipToTest);
} else {
$result = self::ipv4MaskTest($testRange, $ipToTest);
}
return $result;
} // end of the "self::ipMaskTest()" function
/**
* Based on IP Pattern Matcher
* Originally by J.Adams <jna@retina.net>
* Found on <https://www.php.net/manual/en/function.ip2long.php>
* Modified for phpMyAdmin
*
* Matches:
* xxx.xxx.xxx.xxx (exact)
* xxx.xxx.xxx.[yyy-zzz] (range)
* xxx.xxx.xxx.xxx/nn (CIDR)
*
* Does not match:
* xxx.xxx.xxx.xx[yyy-zzz] (range, partial octets not supported)
*
* @param string $testRange string of IP range to match
* @param string $ipToTest string of IP to test against range
*
* @return boolean whether the IP mask matches
*
* @access public
*/
public static function ipv4MaskTest($testRange, $ipToTest)
{
$result = true;
$match = preg_match(
'|([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/([0-9]+)|',
$testRange,
$regs
);
if ($match) {
// performs a mask match
$ipl = ip2long($ipToTest);
$rangel = ip2long(
$regs[1] . '.' . $regs[2] . '.' . $regs[3] . '.' . $regs[4]
);
$maskl = 0;
for ($i = 0; $i < 31; $i++) {
if ($i < $regs[5] - 1) {
$maskl = $maskl + pow(2, (30 - $i));
} // end if
} // end for
return ($maskl & $rangel) == ($maskl & $ipl);
}
// range based
$maskocts = explode('.', $testRange);
$ipocts = explode('.', $ipToTest);
// perform a range match
for ($i = 0; $i < 4; $i++) {
if (preg_match('|\[([0-9]+)\-([0-9]+)\]|', $maskocts[$i], $regs)) {
if (($ipocts[$i] > $regs[2]) || ($ipocts[$i] < $regs[1])) {
$result = false;
} // end if
} else {
if ($maskocts[$i] <> $ipocts[$i]) {
$result = false;
} // end if
} // end if/else
} //end for
return $result;
} // end of the "self::ipv4MaskTest()" function
/**
* IPv6 matcher
* CIDR section taken from https://stackoverflow.com/a/10086404
* Modified for phpMyAdmin
*
* Matches:
* xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
* (exact)
* xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:[yyyy-zzzz]
* (range, only at end of IP - no subnets)
* xxxx:xxxx:xxxx:xxxx/nn
* (CIDR)
*
* Does not match:
* xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xx[yyy-zzz]
* (range, partial octets not supported)
*
* @param string $test_range string of IP range to match
* @param string $ip_to_test string of IP to test against range
*
* @return boolean whether the IP mask matches
*
* @access public
*/
public static function ipv6MaskTest($test_range, $ip_to_test)
{
$result = true;
// convert to lowercase for easier comparison
$test_range = mb_strtolower($test_range);
$ip_to_test = mb_strtolower($ip_to_test);
$is_cidr = mb_strpos($test_range, '/') > -1;
$is_range = mb_strpos($test_range, '[') > -1;
$is_single = ! $is_cidr && ! $is_range;
$ip_hex = bin2hex(inet_pton($ip_to_test));
if ($is_single) {
$range_hex = bin2hex(inet_pton($test_range));
$result = hash_equals($ip_hex, $range_hex);
return $result;
}
if ($is_range) {
// what range do we operate on?
$range_match = array();
$match = preg_match(
'/\[([0-9a-f]+)\-([0-9a-f]+)\]/', $test_range, $range_match
);
if ($match) {
$range_start = $range_match[1];
$range_end = $range_match[2];
// get the first and last allowed IPs
$first_ip = str_replace($range_match[0], $range_start, $test_range);
$first_hex = bin2hex(inet_pton($first_ip));
$last_ip = str_replace($range_match[0], $range_end, $test_range);
$last_hex = bin2hex(inet_pton($last_ip));
// check if the IP to test is within the range
$result = ($ip_hex >= $first_hex && $ip_hex <= $last_hex);
}
return $result;
}
if ($is_cidr) {
// Split in address and prefix length
list($first_ip, $subnet) = explode('/', $test_range);
// Parse the address into a binary string
$first_bin = inet_pton($first_ip);
$first_hex = bin2hex($first_bin);
$flexbits = 128 - $subnet;
// Build the hexadecimal string of the last address
$last_hex = $first_hex;
$pos = 31;
while ($flexbits > 0) {
// Get the character at this position
$orig = mb_substr($last_hex, $pos, 1);
// Convert it to an integer
$origval = hexdec($orig);
// OR it with (2^flexbits)-1, with flexbits limited to 4 at a time
$newval = $origval | (pow(2, min(4, $flexbits)) - 1);
// Convert it back to a hexadecimal character
$new = dechex($newval);
// And put that character back in the string
$last_hex = substr_replace($last_hex, $new, $pos, 1);
// We processed one nibble, move to previous position
$flexbits -= 4;
--$pos;
}
// check if the IP to test is within the range
$result = ($ip_hex >= $first_hex && $ip_hex <= $last_hex);
}
return $result;
} // end of the "self::ipv6MaskTest()" function
/**
* Runs through IP Allow/Deny rules the use of it below for more information
*
* @param string $type 'allow' | 'deny' type of rule to match
*
* @return bool Whether rule has matched
*
* @access public
*
* @see Core::getIp()
*/
public static function allowDeny($type)
{
global $cfg;
// Grabs true IP of the user and returns if it can't be found
$remote_ip = Core::getIp();
if (empty($remote_ip)) {
return false;
}
// copy username
$username = $cfg['Server']['user'];
// copy rule database
if (isset($cfg['Server']['AllowDeny']['rules'])) {
$rules = $cfg['Server']['AllowDeny']['rules'];
if (! is_array($rules)) {
$rules = array();
}
} else {
$rules = array();
}
// lookup table for some name shortcuts
$shortcuts = array(
'all' => '0.0.0.0/0',
'localhost' => '127.0.0.1/8'
);
// Provide some useful shortcuts if server gives us address:
if (Core::getenv('SERVER_ADDR')) {
$shortcuts['localnetA'] = Core::getenv('SERVER_ADDR') . '/8';
$shortcuts['localnetB'] = Core::getenv('SERVER_ADDR') . '/16';
$shortcuts['localnetC'] = Core::getenv('SERVER_ADDR') . '/24';
}
foreach ($rules as $rule) {
// extract rule data
$rule_data = explode(' ', $rule);
// check for rule type
if ($rule_data[0] != $type) {
continue;
}
// check for username
if (($rule_data[1] != '%') //wildcarded first
&& (! hash_equals($rule_data[1], $username))
) {
continue;
}
// check if the config file has the full string with an extra
// 'from' in it and if it does, just discard it
if ($rule_data[2] == 'from') {
$rule_data[2] = $rule_data[3];
}
// Handle shortcuts with above array
if (isset($shortcuts[$rule_data[2]])) {
$rule_data[2] = $shortcuts[$rule_data[2]];
}
// Add code for host lookups here
// Excluded for the moment
// Do the actual matching now
if (self::ipMaskTest($rule_data[2], $remote_ip)) {
return true;
}
} // end while
return false;
} // end of the "self::allowDeny()" function
}
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| Config | Folder | 0755 |
|
|
| Controllers | Folder | 0755 |
|
|
| Database | Folder | 0755 |
|
|
| Dbi | Folder | 0755 |
|
|
| Di | Folder | 0755 |
|
|
| Display | Folder | 0755 |
|
|
| Engines | Folder | 0755 |
|
|
| Gis | Folder | 0755 |
|
|
| Navigation | Folder | 0755 |
|
|
| Plugins | Folder | 0755 |
|
|
| Properties | Folder | 0755 |
|
|
| Rte | Folder | 0755 |
|
|
| Server | Folder | 0755 |
|
|
| Twig | Folder | 0755 |
|
|
| Utils | Folder | 0755 |
|
|
| Advisor.php | File | 18.79 KB | 0644 |
|
| Bookmark.php | File | 10.37 KB | 0644 |
|
| BrowseForeigners.php | File | 10.73 KB | 0644 |
|
| CentralColumns.php | File | 53.12 KB | 0644 |
|
| Charsets.php | File | 24.92 KB | 0644 |
|
| CheckUserPrivileges.php | File | 11.58 KB | 0644 |
|
| Config.php | File | 59.69 KB | 0644 |
|
| Console.php | File | 3.58 KB | 0644 |
|
| Core.php | File | 38.98 KB | 0644 |
|
| CreateAddField.php | File | 17.97 KB | 0644 |
|
| DatabaseInterface.php | File | 103.86 KB | 0644 |
|
| Encoding.php | File | 8.25 KB | 0644 |
|
| Error.php | File | 13.05 KB | 0644 |
|
| ErrorHandler.php | File | 16.68 KB | 0644 |
|
| ErrorReport.php | File | 8.37 KB | 0644 |
|
| Export.php | File | 40.32 KB | 0644 |
|
| File.php | File | 20.53 KB | 0644 |
|
| FileListing.php | File | 2.83 KB | 0644 |
|
| Font.php | File | 4.25 KB | 0644 |
|
| Footer.php | File | 10.54 KB | 0644 |
|
| Header.php | File | 25.81 KB | 0644 |
|
| Import.php | File | 55.59 KB | 0644 |
|
| Index.php | File | 24.63 KB | 0644 |
|
| IndexColumn.php | File | 4.43 KB | 0644 |
|
| InsertEdit.php | File | 129.29 KB | 0644 |
|
| IpAllowDeny.php | File | 9.21 KB | 0644 |
|
| Language.php | File | 4.3 KB | 0644 |
|
| LanguageManager.php | File | 23.42 KB | 0644 |
|
| Linter.php | File | 5.1 KB | 0644 |
|
| ListAbstract.php | File | 3.15 KB | 0644 |
|
| ListDatabase.php | File | 4.22 KB | 0644 |
|
| Logging.php | File | 2.56 KB | 0644 |
|
| Menu.php | File | 22.34 KB | 0644 |
|
| Message.php | File | 19.19 KB | 0644 |
|
| Mime.php | File | 891 B | 0644 |
|
| MultSubmits.php | File | 23.19 KB | 0644 |
|
| Normalization.php | File | 39.03 KB | 0644 |
|
| OpenDocument.php | File | 8.5 KB | 0644 |
|
| Operations.php | File | 79.06 KB | 0644 |
|
| OutputBuffering.php | File | 3.63 KB | 0644 |
|
| ParseAnalyze.php | File | 2.46 KB | 0644 |
|
| Partition.php | File | 7.26 KB | 0644 |
|
| Pdf.php | File | 4.07 KB | 0644 |
|
| Plugins.php | File | 21.42 KB | 0644 |
|
| RecentFavoriteTable.php | File | 12.13 KB | 0644 |
|
| Relation.php | File | 78.19 KB | 0644 |
|
| RelationCleanup.php | File | 14.7 KB | 0644 |
|
| Replication.php | File | 5.37 KB | 0644 |
|
| ReplicationGui.php | File | 41.79 KB | 0644 |
|
| Response.php | File | 16.31 KB | 0644 |
|
| Sanitize.php | File | 14.15 KB | 0644 |
|
| SavedSearches.php | File | 11.95 KB | 0644 |
|
| Scripts.php | File | 5.33 KB | 0644 |
|
| Session.php | File | 7.82 KB | 0644 |
|
| Sql.php | File | 88.22 KB | 0644 |
|
| SqlQueryForm.php | File | 17.19 KB | 0644 |
|
| StorageEngine.php | File | 13.47 KB | 0644 |
|
| SubPartition.php | File | 3.53 KB | 0644 |
|
| SysInfo.php | File | 1.54 KB | 0644 |
|
| SysInfoBase.php | File | 801 B | 0644 |
|
| SysInfoLinux.php | File | 1.96 KB | 0644 |
|
| SysInfoSunOS.php | File | 1.87 KB | 0644 |
|
| SysInfoWINNT.php | File | 3.25 KB | 0644 |
|
| SystemDatabase.php | File | 3.84 KB | 0644 |
|
| Table.php | File | 92.59 KB | 0644 |
|
| Template.php | File | 3.91 KB | 0644 |
|
| Theme.php | File | 10.53 KB | 0644 |
|
| ThemeManager.php | File | 10.73 KB | 0644 |
|
| Tracker.php | File | 29.72 KB | 0644 |
|
| Tracking.php | File | 41.99 KB | 0644 |
|
| Transformations.php | File | 16.12 KB | 0644 |
|
| TwoFactor.php | File | 7.1 KB | 0644 |
|
| Types.php | File | 22.75 KB | 0644 |
|
| Url.php | File | 8.17 KB | 0644 |
|
| UserPassword.php | File | 8.47 KB | 0644 |
|
| UserPreferences.php | File | 8.52 KB | 0644 |
|
| Util.php | File | 162.99 KB | 0644 |
|
| VersionInformation.php | File | 6.34 KB | 0644 |
|
| ZipExtension.php | File | 9.98 KB | 0644 |
|