lucaspalomodevelop/opnsense-core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/opnsense-core.git synced 2026-03-13 00:07:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

mvc: send audit messsages emitted in the authentication sequence to proper channel and extend them with relevant event information. (ControllerRoot)

Browse Source 
Although it is practical to know that a client is calling an endpoint unauthenticated, we would like to know which client it is and which endpoint it tries to access to easier detect abuse.
This commit is contained in:
Ad Schellevis 2025-03-11 08:52:57 +01:00
parent 9b45398fd8
commit 2eb75b2de2
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerRoot.php
View File

@ -146,7 +146,11 @@ class ControllerRoot extends Controller
$redirect_uri = "/?url=" . $_SERVER['REQUEST_URI'];
if ($this->session->has("Username") == false) {
// user unknown
$this->getLogger()->error("no active session, user not found");
$this->getLogger('audit')->error(sprintf(
"no active session, user not found (called \"%s\" @ %s)",
$_SERVER['REQUEST_URI'],
$_SERVER['REMOTE_ADDR']
));
$this->response->redirect($redirect_uri, true);
$this->setLang();
return false;
@ -155,7 +159,9 @@ class ControllerRoot extends Controller
&& $this->session->get("last_access") < (time() - $session_timeout)
) {
// session expired / cleanup session data
$this->getLogger()->error("session expired");
$this->getLogger('audit')->notice(sprintf(
"session expired (%s @ %s)", $this->session->get("Username"), $_SERVER['REMOTE_ADDR']
));
$this->session->remove("Username");
$this->session->remove("last_access");
$this->response->redirect($redirect_uri, true);
@ -170,7 +176,7 @@ class ControllerRoot extends Controller
// Authorization using legacy acl structure
$acl = new ACL();
if (!$acl->isPageAccessible($this->session->get("Username"), $_SERVER['REQUEST_URI'])) {
$this->getLogger()->error("uri " . $_SERVER['REQUEST_URI'] .
$this->getLogger('audit')->error("uri " . $_SERVER['REQUEST_URI'] .
" not accessible for user " . $this->session->get("Username"));
$this->response->redirect("/", true);
return false;