Changeset 997 for trunk/common

Timestamp:

01/29/09 14:55:38 (3 years ago)

Author:

strat.cristian@…

Message:

Log remote IP and X-Forwarded-For header on job submit, textblock create/edit, and attachment upload. For privacy considerations, IP addresses are only displayed to admins and helpers.

• Contains database migration script.
• Adds new simplified security action. (sensitive-info)

Location:

trunk/common

Files:

• common.php (modified) (2 diffs)
• db/attachment.php (modified) (5 diffs)
• db/db.php (modified) (1 diff)
• db/job.php (modified) (6 diffs)
• db/round.php (modified) (2 diffs)
• db/task.php (modified) (2 diffs)
• db/textblock.php (modified) (8 diffs)
• db/user.php (modified) (1 diff)
• job.php (modified) (3 diffs)
• log.php (modified) (1 diff)
• security.php (modified) (6 diffs)
• textblock.php (modified) (2 diffs)

trunk/common/common.php

@@ -38 +38 @@
 define("IA_RE_USER_NAME", '[_@a-z0-9][a-z0-9_\-\.\@]*');
 
+// IPv4 address, doesn't check for values greater than 255.
+define("IA_RE_IPV4", '(?:\d{1,3}\.){3}\d{1,3}');
+// Full IPv6 address, doesn't match compressed IPv6 formats.
+define("IA_RE_IPV6_NO_COMPRESS", '(?:[0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4}');
+// IP address, matches IPv4 and non-compressed IPv6.
+define("IA_RE_IP_ADDRESS", IA_RE_IPV4."|".IA_RE_IPV6_NO_COMPRESS);
+
 // Valid email. A complete check is not possible, see
 // http://www.regular-expressions.info/email.html
@@ -101 +108 @@
     }
     return true;
+}
+
+// Check for (apparently) valid IP address.
+// It will match IPv4 and only non-compressed IPv6. Doesn't check
+// for values greater than 255.
+function is_valid_ip_address($ip_address) {
+    return preg_match('/^'.IA_RE_IP_ADDRESS.'$/xi', $ip_address);
 }
 

trunk/common/db/attachment.php

@@ -65 +65 @@
 
 // Update an attachment. FIXME: hash args.
-function attachment_update($id, $name, $size, $mime_type, $page, $user_id) {
+function attachment_update($id, $name, $size, $mime_type, $page, $user_id,
+        $remote_ip_info) {
     $attachment = array(
             'id' => $id,
@@ -74 +75 @@
             'user_id' => $user_id,
             'timestamp' => db_date_format(),
+            'remote_ip_info' => $remote_ip_info,
     );
 
@@ -82 +84 @@
 
 // Inserts an attachment in the db
-function attachment_insert($name, $size, $mime_type, $page, $user_id) {
+function attachment_insert($name, $size, $mime_type, $page, $user_id,
+        $remote_ip_info) {
     $attachment = array(
             'name' => $name,
@@ -90 +93 @@
             'user_id' => $user_id,
             'timestamp' => db_date_format(),
+            'remote_ip_info' => $remote_ip_info,
     );
 
@@ -95 +99 @@
     $attachment['id'] = db_insert_id();
     _attachment_cache_add($attachment);
-    
+
     return $attachment['id'];
 }

trunk/common/db/db.php

@@ -262 +262 @@
 }
 
+// FIXME: This shouldn't be here. Move it in common/db/task.php or
+// common/db/round.php
 function db_get_task_filter_clause($filter, $table_alias) {
     if ($filter == IA_TLF_SOLVED) {

trunk/common/db/job.php

@@ -22 +22 @@
 
 // Creates new eval job
-function job_create($task_id, $round_id, $user_id, $compiler_id, $file_contents) {
+function job_create($task_id, $round_id, $user_id, $compiler_id, $file_contents,
+        $remote_ip_info = null) {
     $query = <<<SQL
         INSERT INTO ia_job
-            (`task_id`, `round_id`, `user_id`, `compiler_id`, `file_contents`, `submit_time`)
-        VALUES (%s, %s, %s, %s, %s, %s)
+            (`task_id`, `round_id`, `user_id`, `compiler_id`, `file_contents`,
+             `submit_time`, `remote_ip_info`)
+        VALUES (%s, %s, %s, %s, %s, %s, %s)
 SQL;
     $query = sprintf($query,
             db_quote($task_id), db_quote($round_id), db_quote($user_id),
-            db_quote($compiler_id), db_quote($file_contents), db_quote(db_date_format()));
+            db_quote($compiler_id), db_quote($file_contents),
+            db_quote(db_date_format()), db_quote($remote_ip_info));
     return db_query($query);
 }
@@ -40 +43 @@
 SELECT `job`.`id`, `job`.`user_id`, `job`.`task_id`, `job`.`round_id`,
        `job`.`compiler_id`, `job`.`status`, `job`.`submit_time`,
-       `job`.`eval_message`, `job`.`score`, `job`.`file_contents`
+       `job`.`eval_message`, `job`.`score`, `job`.`file_contents`,
+       `job`.`remote_ip_info`
     FROM `ia_job` AS `job`
     WHERE `job`.`id` = (
@@ -83 +87 @@
     log_assert(is_whole_number($job_id));
     $field_list = "`job`.`id`, job.`user_id`, `job`.`compiler_id`, `job`.`status`,
-                   `job`.`submit_time`, `job`.`eval_message`, `job`.`score`, `job`.`eval_log`,
+                   `job`.`submit_time`, `job`.`eval_message`, `job`.`score`,
+                   `job`.`eval_log`, `job`.`remote_ip_info`,
                    OCTET_LENGTH(`job`.`file_contents`) AS `job_size`,
                    `user`.`username` AS `user_name`, `user`.`full_name` AS `user_fullname`,
@@ -128 +133 @@
     $score_end = getattr($filters, 'score_end');
     $eval_msg = getattr($filters, 'eval_msg');
+    $remote_ip_info = getattr($filters, 'remote_ip_info');
 
     $wheres = array("TRUE");
@@ -172 +178 @@
     if (!is_null($eval_msg)) {
         $wheres[] = sprintf("`job`.`eval_message` LIKE '%s%%'", db_escape($eval_msg));
+    }
+    if (!is_null($remote_ip_info)) {
+        // We allow remote_ip_info to contain % wildcards. This will make it a bit
+        // easier to search for IP classes.
+        $wheres[] = sprintf("`job`.`remote_ip_info` LIKE '%s'", db_escape($remote_ip_info));
     }
 
@@ -232 +243 @@
             `job`.`eval_message`,
             `job`.`eval_log`,
+            `job`.`remote_ip_info`,
             OCTET_LENGTH(`job`.`file_contents`) AS `job_size`,
             `user`.`username` AS `user_name`,

trunk/common/db/round.php

@@ -29 +29 @@
 // Create new round
 // Return success.
-function round_create($round, $round_params, $user_id) {
+function round_create($round, $round_params, $user_id, $remote_ip_info = null) {
     log_assert(is_user_id($user_id));
     log_assert_valid(round_validate($round));
@@ -45 +45 @@
         $replace = array("round_id" => $round['id']);
         textblock_copy_replace("template/newround", $round['page_name'],
-                $replace, "round: {$round['id']}", $user_id);
+                $replace, "round: {$round['id']}", $user_id, $remote_ip_info);
 
         _round_cache_add($round);

trunk/common/db/task.php

@@ -35 +35 @@
 
 // Create new task
-function task_create($task, $task_params) {
+function task_create($task, $task_params, $remote_ip_info = null) {
     log_assert_valid(task_validate($task));
     log_assert_valid(task_validate_parameters($task['type'], $task_params));
@@ -48 +48 @@
         $replace = array("task_id" => $task['id'], "task_title" => ucfirst($task['id']));
         textblock_copy_replace("template/newtask", $task['page_name'],
-                $replace, "task: {$task['id']}", $task['user_id']);
+                $replace, "task: {$task['id']}", $task['user_id'], $remote_ip_info);
 
         _task_cache_add($task);

trunk/common/db/textblock.php

@@ -15 +15 @@
 function textblock_add_revision(
         $name, $title, $content, $user_id, $security = "public",
-        $forum_topic = null, $timestamp = null, $creation_timestamp = null) {
+        $forum_topic = null, $timestamp = null, $creation_timestamp = null,
+        $remote_ip_info = null) {
     $name = normalize_page_name($name);
     $tb = array(
@@ -26 +27 @@
             'timestamp' => $timestamp,
             'creation_timestamp' => $creation_timestamp,
+            'remote_ip_info' => $remote_ip_info,
     );
     log_assert_valid(textblock_validate($tb));
@@ -59 +61 @@
     }
     $query = sprintf("INSERT INTO ia_textblock
-                        (name, `text`, `title`, `creation_timestamp`, `timestamp`, `user_id`, `security`, `forum_topic`)
-                      VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', %s)",
-                     db_escape($name), db_escape($content),
-                     db_escape($title), db_escape($creation_timestamp), 
-                     db_escape($timestamp), db_escape($user_id),
-                     db_escape($security),
-                     is_null($forum_topic) ? "NULL" : db_escape($forum_topic));
+            (name, `text`, `title`, `creation_timestamp`,
+                    `timestamp`, `user_id`, `security`, `forum_topic`,
+                    `remote_ip_info`)
+            VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', %s, %s)",
+            db_escape($name), db_escape($content), db_escape($title),
+            db_escape($creation_timestamp), db_escape($timestamp),
+            db_escape($user_id), db_escape($security), db_quote($forum_topic),
+            db_quote($remote_ip_info));
     return db_query($query);
 }
@@ -74 +77 @@
     // log_print_r($options);
 
-    $field_list = "`name`, `title`, `creation_timestamp`, `timestamp`, `security`, `user_id`, `forum_topic`";
+    $field_list = "`name`, `title`, `creation_timestamp`, `timestamp`, `security`, `user_id`,
+            `forum_topic`, `remote_ip_info`";
 
     // Select content.
@@ -212 +216 @@
         $compare = "REGEXP";
     }
-    $query = sprintf("SELECT `name`, `title`, `creation_timestamp`, `timestamp`, `user_id`, `security`, `forum_topic`
+    $query = sprintf("SELECT `name`, `title`, `creation_timestamp`, `timestamp`,
+                            `user_id`, `security`, `forum_topic`,
+                            `remote_ip_info`
                       FROM ia_textblock
                       WHERE `name` LIKE '%s' AND
@@ -289 +295 @@
 }
 
-function textblock_copy($old_name, $new_name) {
+function textblock_copy($old_name, $new_name, $user_id, $remote_ip_info) {
     $old_name = normalize_page_name($old_name);
     $new_name = normalize_page_name($new_name);
@@ -297 +303 @@
     $new_textblock = textblock_get_revision($old_name);
     $new_textblock['name'] = $new_name;
-    $new_textblock['user_id'] = identity_get_user_id();
+    $new_textblock['user_id'] = $user_id;
     textblock_add_revision($new_textblock['name'], $new_textblock['title'],
                            $new_textblock['text'], $new_textblock['user_id'],
                            $new_textblock['security'],
-                           $new_textblock['forum_topic'], null, null);
+                           $new_textblock['forum_topic'], null, null,
+                           $remote_ip_info);
 
     // Get a list of attachments.
@@ -309 +316 @@
     foreach ($files as $file) {
         // Copy in db and get new id
-        $new_id = attachment_insert($file['name'], $file['size'], $file['mime_type'], $new_name, identity_get_user_id());
+        $new_id = attachment_insert($file['name'], $file['size'],
+                $file['mime_type'], $new_name, $user_id, $remote_ip_info);
 
         // Copy on hard drive

trunk/common/db/user.php

@@ -150 +150 @@
     $replace = array("user_id" => $user['username']);
     textblock_copy_replace("template/newuser", IA_USER_TEXTBLOCK_PREFIX.$user['username'],
-                           $replace, "public", $new_user['id']);
+                           $replace, "public", $new_user['id'], null);
 
     // Create SMF user

trunk/common/job.php

@@ -78 +78 @@
         if (array_key_exists('round_id', $args)) {
             job_create($args['task_id'], $args['round_id'], $user['id'],
-                    $args['compiler_id'], $args['solution']);
+                    $args['compiler_id'], $args['solution'],
+                    getattr($args, 'remote_ip_info'));
         } else {
             $parent_rounds = task_get_parent_rounds($args['task_id']);
@@ -84 +85 @@
                 // some jobs just don't have a round
                 job_create($args['task_id'], '', $user['id'],
-                        $args['compiler_id'], $args['solution']);
+                        $args['compiler_id'], $args['solution'],
+                        getattr($args, 'remote_ip_info'));
             }
             else {
@@ -90 +92 @@
                     if (security_query($user, 'round-submit', round_get($round_id))) {
                         job_create($args['task_id'], $round_id, $user['id'],
-                                $args['compiler_id'], $args['solution']);
+                                $args['compiler_id'], $args['solution'],
+                                getattr($args, 'remote_ip_info'));
                     }
                 }

trunk/common/log.php

@@ -112 +112 @@
 
 // Use this for warning messages.
-function log_warn($message, $include_origin = false) {
+function log_warn($message, $include_origin = false, $backtrace_level = 0) {
     if ($include_origin) {
-        $message = format_message_backtrace($message);
+        $message = format_message_backtrace($message, $backtrace_level);
     }
     trigger_error_split($message, E_USER_WARNING);

trunk/common/security.php

@@ -103 +103 @@
         case 'round-register-view':
             return 'simple-view';
+
+        // View IP.
+        case 'attach-view-ip':
+        case 'textblock-view-ip':
+        case 'job-view-ip':
+            return 'sensitive-info';
 
         // Reversible edits access.
@@ -245 +251 @@
             }
 
+        case 'sensitive-info':
+            return ($usersec == 'admin' || $usersec == 'helper');
+
         // Reversible modifications.
         case 'simple-rev-edit':
@@ -410 +419 @@
             }
             return $can_view || $is_owner || $is_admin;
+
+        case 'sensitive-info':
+            return ($usersec == 'admin' || $usersec == 'helper');
 
         default:
@@ -466 +478 @@
             }
 
+        case 'sensitive-info':
+            return ($usersec == 'admin' || $usersec == 'helper');
+
         default:
             log_error('Invalid round action: '.$action);
@@ -520 +535 @@
     $can_view_score = ($job['round_public_eval'] == true) || $is_task_owner || $is_admin;
     $can_view_partial_feedback = $is_owner || $is_admin;
+    $can_view_sensitive_info = ($usersec == 'admin' || $usersec == 'helper');
 
     // Log query response.
@@ -550 +566 @@
             return $can_view_job && $can_view_partial_feedback;
 
+        case 'sensitive-info':
+            return $can_view_job && $can_view_sensitive_info;
+
         default:
             log_error('Invalid job action: '.$action);

trunk/common/textblock.php

@@ -149 +149 @@
 //
 // Use this like textblock_copy_replace('template/newtask', 'problema/capsuni');
-function textblock_copy_replace($srcprefix, $dstprefix, $replace, $security, $user_id)
-{
+function textblock_copy_replace($srcprefix, $dstprefix, $replace, $security,
+        $user_id, $remote_ip_info = null) {
     assert($srcprefix != $dstprefix);
     assert(is_textblock_security_descriptor($security));
@@ -174 +174 @@
                 $textblock['text'], $user_id, $textblock['security'],
                 $textblock['forum_topic'], null,
-                $first_textblock['creation_timestamp']);
+                $first_textblock['creation_timestamp'], $remote_ip_info);
     }
 }