Commit 6c3bf3bb authored by Ad Schellevis's avatar Ad Schellevis

(legacy) it feels kind of duplicate, but to avoid too much changes to how it...

(legacy) it feels kind of duplicate, but to avoid too much changes to how it works now let's keep the behavior approx. the same.
parent 1dc7387a
...@@ -148,20 +148,8 @@ if(function_exists("display_error_form") && !isset($config['system']['webgui'][' ...@@ -148,20 +148,8 @@ if(function_exists("display_error_form") && !isset($config['system']['webgui']['
} }
if(!$found_host) { if(!$found_host) {
$interface_list_ips = get_configured_ip_addresses(); $found_host = isAuthLocalIP($referrer_host) ;
foreach($interface_list_ips as $ilips) {
if(strcasecmp($referrer_host, $ilips) == 0) {
$found_host = true;
break;
}
}
$interface_list_ipv6s = get_configured_ipv6_addresses();
foreach($interface_list_ipv6s as $ilipv6s) {
if(strcasecmp($referrer_host, $ilipv6s) == 0) {
$found_host = true;
break;
}
}
if($referrer_host == "127.0.0.1" || $referrer_host == "localhost") { if($referrer_host == "127.0.0.1" || $referrer_host == "localhost") {
// allow SSH port forwarded connections and links from localhost // allow SSH port forwarded connections and links from localhost
$found_host = true; $found_host = true;
...@@ -188,6 +176,37 @@ unset($security_passed); ...@@ -188,6 +176,37 @@ unset($security_passed);
$groupindex = index_groups(); $groupindex = index_groups();
$userindex = index_users(); $userindex = index_users();
/**
* check if $http_host is a local configured ip address
*/
function isAuthLocalIP($http_host) {
global $config;
$local_ip = false;
if (isset($config['interfaces'])) {
foreach($config['interfaces'] as $if => $ifdetail) {
if (isset($ifdetail['enable'])) {
if (isset($ifdetail['ipaddr']) && $ifdetail['ipaddr'] == $http_host) {
$local_ip = true;
} elseif (isset($ifdetail['ipaddr6']) && $ifdetail['ipaddr6'] == $http_host) {
$local_ip = true;
}
}
}
}
if (isset($config['virtualip'])) {
if ($config['virtualip']['vip']) {
foreach ($config['virtualip']['vip'] as $vip) {
if ($vip['subnet'] == $http_host) {
$local_ip = true;
}
}
}
}
return $local_ip;
}
function index_groups() function index_groups()
{ {
global $config, $groupindex; global $config, $groupindex;
......
...@@ -31,7 +31,6 @@ ...@@ -31,7 +31,6 @@
*/ */
require_once("auth.inc"); require_once("auth.inc");
require_once("functions.inc");
// provided via legacy_bindings.inc // provided via legacy_bindings.inc
global $priv_list; global $priv_list;
...@@ -408,27 +407,8 @@ function display_login_form() ...@@ -408,27 +407,8 @@ function display_login_form()
// fix, local ip check was previously done using "filter_generate_optcfg_array" which basically includes alomst everything here. // fix, local ip check was previously done using "filter_generate_optcfg_array" which basically includes alomst everything here.
// this should do the trick as well. // this should do the trick as well.
if (isset($config['interfaces'])) { $local_ip = isAuthLocalIP($http_host);
foreach($config['interfaces'] as $if => $ifdetail) {
if (isset($ifdetail['enable'])) {
if (isset($ifdetail['ipaddr']) && $ifdetail['ipaddr'] == $http_host) {
$local_ip = true;
} elseif (isset($ifdetail['ipaddr6']) && $ifdetail['ipaddr6'] == $http_host) {
$local_ip = true;
}
}
}
}
if (isset($config['virtualip'])) {
if ($config['virtualip']['vip']) {
foreach ($config['virtualip']['vip'] as $vip) {
if ($vip['subnet'] == $http_host) {
$local_ip = true;
}
}
}
}
if (isset($config['openvpn']['openvpn-server'])) { if (isset($config['openvpn']['openvpn-server'])) {
foreach ($config['openvpn']['openvpn-server'] as $ovpns) { foreach ($config['openvpn']['openvpn-server'] as $ovpns) {
if (is_ipaddrv4($http_host) && !empty($ovpns['tunnel_network']) && ip_in_subnet($http_host, $ovpns['tunnel_network'])) { if (is_ipaddrv4($http_host) && !empty($ovpns['tunnel_network']) && ip_in_subnet($http_host, $ovpns['tunnel_network'])) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment