Commit 0079214d authored by Franco Fichtner's avatar Franco Fichtner

openvpn: allow tunnel_network overrides to contain host addresses; closes #1476

parent 2dbc3ab2
...@@ -332,7 +332,7 @@ function openvpn_validate_port($value, $name) ...@@ -332,7 +332,7 @@ function openvpn_validate_port($value, $name)
return false; return false;
} }
function openvpn_validate_cidr($value, $name, $multiple = false, $ipproto = "ipv4") function openvpn_validate_cidr($value, $name, $multiple = false, $ipproto = 'ipv4', $allow_hosts = false)
{ {
$value = trim($value); $value = trim($value);
$error = false; $error = false;
...@@ -346,8 +346,8 @@ function openvpn_validate_cidr($value, $name, $multiple = false, $ipproto = "ipv ...@@ -346,8 +346,8 @@ function openvpn_validate_cidr($value, $name, $multiple = false, $ipproto = "ipv
} }
foreach ($networks as $network) { foreach ($networks as $network) {
if ($ipproto == "ipv4") { if ($ipproto == 'ipv4') {
$error = !openvpn_validate_cidr_ipv4($network); $error = !openvpn_validate_cidr_ipv4($network, $allow_hosts);
} else { } else {
$error = !openvpn_validate_cidr_ipv6($network); $error = !openvpn_validate_cidr_ipv6($network);
} }
...@@ -363,7 +363,7 @@ function openvpn_validate_cidr($value, $name, $multiple = false, $ipproto = "ipv ...@@ -363,7 +363,7 @@ function openvpn_validate_cidr($value, $name, $multiple = false, $ipproto = "ipv
} }
} }
function openvpn_validate_cidr_ipv4($value) function openvpn_validate_cidr_ipv4($value, $allow_hosts = false)
{ {
$value = trim($value); $value = trim($value);
if (!empty($value)) { if (!empty($value)) {
...@@ -373,7 +373,7 @@ function openvpn_validate_cidr_ipv4($value) ...@@ -373,7 +373,7 @@ function openvpn_validate_cidr_ipv4($value)
} }
/* IPv4 case is very strict, cannot be a host address */ /* IPv4 case is very strict, cannot be a host address */
$mask = (0xffffffff << (32 - $mask)) & 0xffffffff; $mask = (0xffffffff << (32 - $mask)) & 0xffffffff;
if ((ip2long($ip) & $mask) != ip2long($ip)) { if (!$allow_hosts && (ip2long($ip) & $mask) != ip2long($ip)) {
return false; return false;
} }
} }
......
...@@ -127,10 +127,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -127,10 +127,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
exit; exit;
} else { } else {
/* perform validations */ /* perform validations */
if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network')) { if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network', false, 'ipv4', true)) {
$input_errors[] = $result; $input_errors[] = $result;
} }
if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6")) { if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, 'ipv6', true)) {
$input_errors[] = $result; $input_errors[] = $result;
} }
if ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4")) { if ($result = openvpn_validate_cidr($pconfig['local_network'], 'IPv4 Local Network', true, "ipv4")) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment