Fossil SCM
Add an Admin/Access setting to govern the number of octets of the IP address to include in the login cookie.
Commit
313ba5c64f2102f7f7310a5860aaa87c4c4cc9a8
Parent
4092208afca3ffe…
2 files changed
+7
-2
+7
+7
-2
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -117,15 +117,20 @@ | ||
| 117 | 117 | ** But some clients are behind firewalls that shift the IP address |
| 118 | 118 | ** with each HTTP request. To allow such (broken) clients to log in, |
| 119 | 119 | ** extract just a prefix of the IP address. |
| 120 | 120 | */ |
| 121 | 121 | static char *ipPrefix(const char *zIP){ |
| 122 | - int i, j; | |
| 122 | + int i, j; | |
| 123 | + static int ip_prefix_terms = -1; | |
| 124 | + if( ip_prefix_terms<0 ){ | |
| 125 | + ip_prefix_terms = db_get_int("ip-prefix-terms",2); | |
| 126 | + } | |
| 127 | + if( ip_prefix_terms==0 ) return mprintf("0"); | |
| 123 | 128 | for(i=j=0; zIP[i]; i++){ |
| 124 | 129 | if( zIP[i]=='.' ){ |
| 125 | 130 | j++; |
| 126 | - if( j==2 ) break; | |
| 131 | + if( j==ip_prefix_terms ) break; | |
| 127 | 132 | } |
| 128 | 133 | } |
| 129 | 134 | return mprintf("%.*s", i, zIP); |
| 130 | 135 | } |
| 131 | 136 | |
| 132 | 137 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -117,15 +117,20 @@ | |
| 117 | ** But some clients are behind firewalls that shift the IP address |
| 118 | ** with each HTTP request. To allow such (broken) clients to log in, |
| 119 | ** extract just a prefix of the IP address. |
| 120 | */ |
| 121 | static char *ipPrefix(const char *zIP){ |
| 122 | int i, j; |
| 123 | for(i=j=0; zIP[i]; i++){ |
| 124 | if( zIP[i]=='.' ){ |
| 125 | j++; |
| 126 | if( j==2 ) break; |
| 127 | } |
| 128 | } |
| 129 | return mprintf("%.*s", i, zIP); |
| 130 | } |
| 131 | |
| 132 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -117,15 +117,20 @@ | |
| 117 | ** But some clients are behind firewalls that shift the IP address |
| 118 | ** with each HTTP request. To allow such (broken) clients to log in, |
| 119 | ** extract just a prefix of the IP address. |
| 120 | */ |
| 121 | static char *ipPrefix(const char *zIP){ |
| 122 | int i, j; |
| 123 | static int ip_prefix_terms = -1; |
| 124 | if( ip_prefix_terms<0 ){ |
| 125 | ip_prefix_terms = db_get_int("ip-prefix-terms",2); |
| 126 | } |
| 127 | if( ip_prefix_terms==0 ) return mprintf("0"); |
| 128 | for(i=j=0; zIP[i]; i++){ |
| 129 | if( zIP[i]=='.' ){ |
| 130 | j++; |
| 131 | if( j==ip_prefix_terms ) break; |
| 132 | } |
| 133 | } |
| 134 | return mprintf("%.*s", i, zIP); |
| 135 | } |
| 136 | |
| 137 |
+7
| --- src/setup.c | ||
| +++ src/setup.c | ||
| @@ -864,10 +864,17 @@ | ||
| 864 | 864 | "remote_user_ok", "remote_user_ok", 0); |
| 865 | 865 | @ <p>When enabled, if the REMOTE_USER environment variable is set to the |
| 866 | 866 | @ login name of a valid user and no other login credentials are available, |
| 867 | 867 | @ then the REMOTE_USER is accepted as an authenticated user. |
| 868 | 868 | @ </p> |
| 869 | + @ | |
| 870 | + @ <hr /> | |
| 871 | + entry_attribute("IP address turns used in login cookie", 3, "ip-prefix-terms", "ipt", | |
| 872 | + "2"); | |
| 873 | + @ <p>The number of octets of of the IP address used in the login cookie. Set to | |
| 874 | + @ zero to omit the IP address from the login cookie. A value of 2 is recommended. | |
| 875 | + @ </p> | |
| 869 | 876 | @ |
| 870 | 877 | @ <hr /> |
| 871 | 878 | entry_attribute("Login expiration time", 6, "cookie-expire", "cex", "8766"); |
| 872 | 879 | @ <p>The number of hours for which a login is valid. This must be a |
| 873 | 880 | @ positive number. The default is 8760 hours which is approximately equal |
| 874 | 881 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -864,10 +864,17 @@ | |
| 864 | "remote_user_ok", "remote_user_ok", 0); |
| 865 | @ <p>When enabled, if the REMOTE_USER environment variable is set to the |
| 866 | @ login name of a valid user and no other login credentials are available, |
| 867 | @ then the REMOTE_USER is accepted as an authenticated user. |
| 868 | @ </p> |
| 869 | @ |
| 870 | @ <hr /> |
| 871 | entry_attribute("Login expiration time", 6, "cookie-expire", "cex", "8766"); |
| 872 | @ <p>The number of hours for which a login is valid. This must be a |
| 873 | @ positive number. The default is 8760 hours which is approximately equal |
| 874 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -864,10 +864,17 @@ | |
| 864 | "remote_user_ok", "remote_user_ok", 0); |
| 865 | @ <p>When enabled, if the REMOTE_USER environment variable is set to the |
| 866 | @ login name of a valid user and no other login credentials are available, |
| 867 | @ then the REMOTE_USER is accepted as an authenticated user. |
| 868 | @ </p> |
| 869 | @ |
| 870 | @ <hr /> |
| 871 | entry_attribute("IP address turns used in login cookie", 3, "ip-prefix-terms", "ipt", |
| 872 | "2"); |
| 873 | @ <p>The number of octets of of the IP address used in the login cookie. Set to |
| 874 | @ zero to omit the IP address from the login cookie. A value of 2 is recommended. |
| 875 | @ </p> |
| 876 | @ |
| 877 | @ <hr /> |
| 878 | entry_attribute("Login expiration time", 6, "cookie-expire", "cex", "8766"); |
| 879 | @ <p>The number of hours for which a login is valid. This must be a |
| 880 | @ positive number. The default is 8760 hours which is approximately equal |
| 881 |