Permalink
Browse files

Added a global config option for IP-based session protection.

The new setting defaults to true, and is settable in the web admin panel. When
set to false, IP address checks are ignored. For users behind proxies (students,
large corporate networks) that don't guarantee a consistent IP, this makes the
web admin panel much more usable.
  • Loading branch information...
1 parent 2c6a54b commit a9ba4020dbf40fd7366d4038f95d738409158870 Michael Edgar committed Apr 14, 2011
Showing with 16 additions and 1 deletion.
  1. +1 −1 WebModules.cpp
  2. +6 −0 modules/data/webadmin/tmpl/settings.tmpl
  3. +2 −0 modules/webadmin.cpp
  4. +4 −0 znc.cpp
  5. +3 −0 znc.h
View
@@ -533,7 +533,7 @@ void CWebSock::OnPageRequest(const CString& sURI) {
}
CWebSock::EPageReqResult CWebSock::OnPageRequestInternal(const CString& sURI, CString& sPageRet) {
- if (GetSession()->GetIP() != GetRemoteIP()) {
+ if (CZNC::Get().GetProtectWebSessions() && GetSession()->GetIP() != GetRemoteIP()) {
PrintErrorPage(403, "Access denied", "This session does not belong to your IP.");
return PAGE_DONE;
}
@@ -89,6 +89,12 @@
<div><input type="text" name="anoniplimit" value="<? VAR AnonIPLimit ?>" /></div>
</div>
<div style="clear: both;"></div>
+
+ <div class="subsection half">
+ <div class="inputlabel">Protect Web Sessions:</div>
+ <div><input type="text" name="protectwebsessions" value="<? VAR ProtectWebSessions ?>" /></div>
+ </div>
+ <div style="clear: both;"></div>
<div class="subsection twothird">
<div class="inputlabel">MOTD:</div>
View
@@ -971,6 +971,7 @@ class CWebAdminMod : public CGlobalModule {
Tmpl["ConnectDelay"] = CString(CZNC::Get().GetConnectDelay());
Tmpl["ServerThrottle"] = CString(CZNC::Get().GetServerThrottle());
Tmpl["AnonIPLimit"] = CString(CZNC::Get().GetAnonIPLimit());
+ Tmpl["ProtectWebSessions"] = CString(CZNC::Get().GetProtectWebSessions());
const VCString& vsBindHosts = CZNC::Get().GetBindHosts();
for (unsigned int a = 0; a < vsBindHosts.size(); a++) {
@@ -1061,6 +1062,7 @@ class CWebAdminMod : public CGlobalModule {
sArg = WebSock.GetParam("connectdelay"); CZNC::Get().SetConnectDelay(sArg.ToUInt());
sArg = WebSock.GetParam("serverthrottle"); CZNC::Get().SetServerThrottle(sArg.ToUInt());
sArg = WebSock.GetParam("anoniplimit"); CZNC::Get().SetAnonIPLimit(sArg.ToUInt());
+ sArg = WebSock.GetParam("protectwebsessions"); CZNC::Get().SetProtectWebSessions(sArg.ToBool());
VCString vsArgs;
WebSock.GetRawParam("motd").Split("\n", vsArgs);
View
@@ -38,6 +38,7 @@ CZNC::CZNC() {
m_TimeStarted = time(NULL);
m_sConnectThrottle.SetTTL(30000);
m_pLockFile = NULL;
+ m_bProtectWebSessions = true;
}
CZNC::~CZNC() {
@@ -452,6 +453,7 @@ bool CZNC::WriteConfig() {
pFile->Write("AnonIPLimit = " + CString(m_uiAnonIPLimit) + "\n");
pFile->Write("MaxBufferSize= " + CString(m_uiMaxBufferSize) + "\n");
pFile->Write("SSLCertFile = " + CString(m_sSSLCertFile) + "\n");
+ pFile->Write("ProtectWebSessions = " + CString(m_bProtectWebSessions) + "\n");
for (size_t l = 0; l < m_vpListeners.size(); l++) {
CListener* pListener = m_vpListeners[l];
@@ -1148,6 +1150,8 @@ bool CZNC::DoRehash(CString& sError)
m_uiAnonIPLimit = sVal.ToUInt();
if (config.FindStringEntry("maxbuffersize", sVal))
m_uiMaxBufferSize = sVal.ToUInt();
+ if (config.FindStringEntry("protectwebsessions", sVal))
+ m_bProtectWebSessions = sVal.ToBool();
// This has to be after SSLCertFile is handled since it uses that value
const char *szListenerEntries[] = {
View
3 znc.h
@@ -84,6 +84,7 @@ class CZNC {
void SetMaxBufferSize(unsigned int i) { m_uiMaxBufferSize = i; }
void SetAnonIPLimit(unsigned int i) { m_uiAnonIPLimit = i; }
void SetServerThrottle(unsigned int i) { m_sConnectThrottle.SetTTL(i*1000); }
+ void SetProtectWebSessions(bool b) { m_bProtectWebSessions = b; }
void SetConnectDelay(unsigned int i);
// !Setters
@@ -111,6 +112,7 @@ class CZNC {
unsigned int GetAnonIPLimit() const { return m_uiAnonIPLimit; }
unsigned int GetServerThrottle() const { return m_sConnectThrottle.GetTTL() / 1000; }
unsigned int GetConnectDelay() const { return m_uiConnectDelay; }
+ bool GetProtectWebSessions() const { return m_bProtectWebSessions; }
// !Getters
// Static allocator
@@ -181,6 +183,7 @@ class CZNC {
unsigned long long m_uBytesWritten;
CConnectUserTimer *m_pConnectUserTimer;
TCacheMap<CString> m_sConnectThrottle;
+ bool m_bProtectWebSessions;
};
#endif // !_ZNC_H

0 comments on commit a9ba402

Please sign in to comment.