Added support for installing and upgrading the Debian package version of Usermin.
Added a page for overriding module titles.
Added the Advanced Options page, which can be used to change the temporary files directory, Umask and stack trace display.
+---- Changes since 1.350 ----
+Added an option to the Authentication page to block users with too many failed logins, as well as hosts.
+Created the new Blocked Hosts and Users page to show blocks currently in force, and allow them to be cleared.
sub get_icons
{
-return ( "access" ,"bind" ,"ui" ,"umods" ,"os" ,"lang" ,"upgrade" ,"session" ,"assignment" ,"categories" ,"themes", "referers", "anon", "ssl" ,"configs" ,"acl" ,"restrict" ,"users" ,"defacl", "sessions", "advanced" );
+return ( "access" ,"bind" ,"ui" ,"umods" ,"os" ,"lang" ,"upgrade" ,"session" ,"assignment" ,"categories" ,"themes", "referers", "anon", "ssl" ,"configs" ,"acl" ,"restrict" ,"users" ,"defacl", "sessions", "blocked", "advanced" );
}
&lock_file($usermin_miniserv_config);
&get_usermin_miniserv_config(\%miniserv);
$miniserv{'passdelay'} = $in{'passdelay'};
+
+# Save blocked hosts
if ($in{'blockhost_on'}) {
$in{'blockhost_time'} =~ /^\d+$/ && $in{'blockhost_time'} > 0 ||
&error($webmin::text{'session_eblockhost_time'});
else {
$miniserv{'blockhost_time'} = $miniserv{'blockhost_failures'} = undef;
}
+
+# Save blocked users
+if ($in{'blockuser_on'}) {
+ $in{'blockuser_time'} =~ /^\d+$/ && $in{'blockuser_time'} > 0 ||
+ &error($webmin::text{'session_eblockuser_time'});
+ $in{'blockuser_failures'} =~ /^\d+$/ && $in{'blockuser_failures'} > 0 ||
+ &error($webmin::text{'session_eblockuser_failures'});
+ $miniserv{'blockuser_time'} = $in{'blockuser_time'};
+ $miniserv{'blockuser_failures'} = $in{'blockuser_failures'};
+ }
+else {
+ $miniserv{'blockuser_time'} = $miniserv{'blockuser_failures'} = undef;
+ }
+
$miniserv{'syslog'} = $in{'syslog'};
if ($in{'session'} && $ENV{'HTTP_COOKIE'} !~ /sessiontest=1/i) {
&error($webmin::text{'session_ecookie'});
--- /dev/null
+#!/usr/local/bin/perl
+# Re-start Usermin to clear blocks
+
+require './usermin-lib.pl';
+&restart_usermin_miniserv();
+&redirect("");
+
+
logout=1
dav=1
descs=1
+blocked=1
advanced=1
--- /dev/null
+#!/usr/local/bin/perl
+# Show a list of blocked users and hosts
+
+require './usermin-lib.pl';
+&ui_print_header(undef, $text{'blocked_title'}, "");
+&get_usermin_miniserv_config(\%miniserv);
+@blocked = &webmin::get_blocked_users_hosts(\%miniserv);
+
+if (@blocked) {
+ print &ui_columns_start([ $webmin::text{'blocked_type'},
+ $text{'blocked_who'},
+ $webmin::text{'blocked_fails'},
+ $webmin::text{'blocked_when'},
+ ]);
+ foreach $b (@blocked) {
+ print &ui_columns_row([
+ $text{'blocked_'.$b->{'type'}},
+ $b->{'user'} || $b->{'host'},
+ $b->{'fails'},
+ &make_date($b->{'when'}),
+ ]);
+ }
+ print &ui_columns_end();
+ print "<hr>\n";
+ print &ui_buttons_start();
+ print &ui_buttons_row("clear_blocked.cgi",
+ $webmin::text{'blocked_clear'},
+ $text{'blocked_cleardesc'});
+ print &ui_buttons_end();
+ }
+else {
+ print "<b>$text{'blocked_none'}</b><p>\n";
+ }
+
+&ui_print_footer("", $text{'index_return'});
print "<tr $tb> <td><b>$webmin::text{'session_header'}</b></td> </tr>\n";
print "<tr $cb> <td nowrap>\n";
+# Bad password delay
printf "<input type=radio name=passdelay value=0 %s> %s<br>\n",
$miniserv{'passdelay'} ? '' : 'checked', $webmin::text{'session_pdisable'};
printf "<input type=radio name=passdelay value=1 %s> %s<br>\n",
$miniserv{'passdelay'} ? 'checked' : '', $webmin::text{'session_penable'};
+
+# Block hosts
printf " <input type=checkbox name=blockhost_on value=1 %s>\n",
$miniserv{'blockhost_failures'} ? "checked" : "";
print &webmin::text('session_blockhost',
- "<input name=blockhost_failures size=4 value='$miniserv{'blockhost_failures'}'>",
- "<input name=blockhost_time size=4 value='$miniserv{'blockhost_time'}'>"),"<br>\n";
+ &ui_textbox("blockhost_failures", $miniserv{'blockhost_failures'}, 4),
+ &ui_textbox("blockhost_time", $miniserv{'blockhost_time'}, 4)),"<br>\n";
+
+# Block users
+printf " <input type=checkbox name=blockuser_on value=1 %s>\n",
+ $miniserv{'blockuser_failures'} ? "checked" : "";
+print &webmin::text('session_blockuser',
+ &ui_textbox("blockuser_failures", $miniserv{'blockuser_failures'}, 4),
+ &ui_textbox("blockuser_time", $miniserv{'blockuser_time'}, 4)),"<br>\n";
+
+# Log to syslog
eval "use Sys::Syslog qw(:DEFAULT setlogsock)";
if (!$@) {
printf "<input type=checkbox name=syslog value=1 %s> %s\n",
$ver < 1.164 ? ( ) : ( "edit_logout.cgi" ),
$ver < 1.181 ? ( ) : ( "edit_dav.cgi" ),
"list_sessions.cgi",
+ "edit_blocked.cgi",
"edit_advanced.cgi" );
@titles = map { /_(\S+).cgi/; $text{"${1}_title"} } @links;
@icons = map { /_(\S+).cgi/; "images/$1.gif" } @links;
advanced_title=Advanced Options
advanced_pass=Make password available to Usermin programs?<br><font size=-1>(Does not work when session authentication is enabled)</font>
+
+blocked_title=Blocked Hosts and Users
+blocked_none=No hosts or users are currently blocked by Usermin.
+blocked_user=Usermin user
+blocked_cleardesc=Click this button to clear all current host and user blocks, by restarting the Usermin server process.