Show
Ignore:
Timestamp:
03/10/09 17:29:05 (4 years ago)
Author:
ethans
Message:

Support for IAX trunks. Shows differentiation between trunks/extensions and trunk tech. Tabular display. Shortened notification messages with extended
details.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • modules/branches/2.5/weakpasswords/functions.inc.php

    r7473 r7474  
    2626      $weak = weakpasswords_get_users(); 
    2727      if(sizeof($weak) > 0)  { 
    28         foreach($weak as $device => $message)  { 
    29           $nt->add_security("weakpasswords", $device, "Weak secret for device $device: $message"); 
     28        foreach($weak as $details)  { 
     29          $extended_text = "Warning: The use of SIP/IAX passwords that are weak can allow hackers to make brute force registrations and possibly make calls through your PBX.  It is strongly recommended, you choose strong secrets.".$details['deviceortrunk']." ".$details['name']." has a weak secret of ".$details['secret'].": ".$details['message']; 
     30          $nt->add_security("weakpasswords", $details['name'], $details['deviceortrunk']." ".$details['name'].": ".$details['message'],$extended_text); 
    3031        } 
    3132 
     
    3839  global $db; 
    3940 
    40   $sql = "SELECT id as device,data as secret FROM sip WHERE keyword='secret'"; 
     41  $sql = "SELECT 'SIP' as tech,s.id as id, s2.data as device,s.data as secret FROM sip s LEFT JOIN sip s2 ON s.id=s2.id AND s2.keyword='account' WHERE s.keyword='secret'"; 
    4142  $sipsecrets = sql($sql,"getAll",DB_FETCHMODE_ASSOC); 
     43  $sql = "SELECT 'IAX' as tech,s.id as id, s2.data as device,s.data as secret FROM iax s LEFT JOIN iax s2 ON s.id=s2.id AND s2.keyword='account' WHERE s.keyword='secret'"; 
     44  $iaxsecrets = sql($sql,"getAll",DB_FETCHMODE_ASSOC); 
     45  $secrets = array_merge($sipsecrets,$iaxsecrets); 
    4246  $weak = array(); 
    43   foreach($sipsecrets as $sip)  { 
    44     $device = $sip['device']; 
    45     $secret = $sip['secret']; 
     47  foreach($secrets as $arr)  { 
     48    $name = $arr['device']; 
     49    $id = $arr['id']; 
     50    $secret = $arr['secret']; 
     51    $tech = $arr['tech']; 
    4652 
     53    if($id == $name)  { 
     54      $deviceortrunk = "Extension/Device"; 
     55    } 
     56    else  { 
     57      $deviceortrunk = "$tech Trunk"; 
     58    } 
    4759    $reversed = strrev($secret); 
    4860    $match = "0123456789"; 
    4961    if(strpos($match,$secret) || strpos($match,$reversed))  { 
    50       $weak[$device] = "Secret $secret has sequential digits"
     62      $weak[] = array("deviceortrunk" => $deviceortrunk, "name" => $name, "message" => "Secret has sequential digits", "secret" => $secret)
    5163    } 
    5264    else if($device == $secret)  { 
    53       $weak[$device] = "Secret $secret is same as device"
     65      $weak[] = array("deviceortrunk" => $deviceortrunk, "name" => $name, "message" => "Secret same as device", "secret" => $secret)
    5466    } 
    5567    else if(preg_match("/(.)\\1{3,}/",$secret,$regs))  { 
    56       $weak[$device] = "Secret $secret contains consecutive digit ".$regs[1]
     68      $weak[] = array("deviceortrunk" => $deviceortrunk, "name" => $name, "message" => "Secret has consecutive digit ".$regs[1], "secret" => $secret)
    5769    } 
    5870    else if(strlen($secret) < 6)  { 
    59       $weak[$device] = "Secret $secret is less than 6 digits long"
     71      $weak[] = array("deviceortrunk" => $deviceortrunk, "name" => $name, "message" => "Secret less than 6 digits", "secret" => $secret)
    6072    } 
    6173  } 

  • modules/branches/2.5/weakpasswords/page.weakpasswords.php

    r7473 r7474  
    1212//GNU General Public License for more details. 
    1313 
     14//Both of these are used for switch on config.php 
    1415$display = isset($_REQUEST['display'])?$_REQUEST['display']:'weakpasswords'; 
     16 
     17$action = isset($_REQUEST['action'])?$_REQUEST['action']:''; 
     18$email = isset($_REQUEST['email'])?$_REQUEST['email']:''; 
    1519 
    1620?> 
     
    2024<? 
    2125 
    22   echo "<table><tr><td><div class='content'><h2>"._("Weak Password Detection")."</h2></span></td></tr>\n"; 
     26  echo "<table cellpadding=5><tr><td colspan=3><div class='content'><h2>"._("Weak Password Detection")."</h2></span></td></tr>\n"; 
     27  echo "<tr><td><b>Type</b></td><td><b>Name</b></td><td><b>Secret</b></td><td><b>Message</b></td></tr>"; 
    2328?> 
    24   <tr> 
    25   <td valign="top">  
    26    
    2729  <?php  
    2830  if (is_null($selected)) $selected = array(); 
    2931  $weak = weakpasswords_get_users(); 
    3032  if(sizeof($weak) > 0)  { 
    31     foreach ($weak as $device => $message) { 
    32       echo "Device $device: $message<br>"; 
     33    foreach ($weak as $details) { 
     34      echo '<tr><td>'.$details['deviceortrunk'].'</td><td>'.$details['name'].'</td><td>'.$details['secret'].'</td><td>'.$details['message']."</td></tr>"; 
    3335     
    3436    } 
    3537  } 
    3638  else  { 
    37     echo "No weak secrets detected on this system."; 
     39    echo "<tr><td colspan=3>No weak secrets detected on this system.</td></tr>"; 
    3840  } 
    3941  ?> 
    40   </td></tr> 
    4142 
    4243<?php