Fossil SCM
The --localauth option should look at the original IP address, not the abbreviated IP address. Ticket [b99a342a31039df19].
Commit
e720f1115e9532a1393f6b6d0578b03e835262a6
Parent
6d9bba56dcdcad8…
1 file changed
+4
-3
+4
-3
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -546,11 +546,12 @@ | ||
| 546 | 546 | ** |
| 547 | 547 | */ |
| 548 | 548 | void login_check_credentials(void){ |
| 549 | 549 | int uid = 0; /* User id */ |
| 550 | 550 | const char *zCookie; /* Text of the login cookie */ |
| 551 | - char *zRemoteAddr; /* IP address of the requestor */ | |
| 551 | + const char *zIpAddr; /* Raw IP address of the requestor */ | |
| 552 | + char *zRemoteAddr; /* Abbreviated IP address of the requestor */ | |
| 552 | 553 | const char *zCap = 0; /* Capability string */ |
| 553 | 554 | |
| 554 | 555 | /* Only run this check once. */ |
| 555 | 556 | if( g.userUid!=0 ) return; |
| 556 | 557 | |
| @@ -559,12 +560,12 @@ | ||
| 559 | 560 | ** then there is no need to check user credentials. |
| 560 | 561 | ** |
| 561 | 562 | ** This feature allows the "fossil ui" command to give the user |
| 562 | 563 | ** full access rights without having to log in. |
| 563 | 564 | */ |
| 564 | - zRemoteAddr = ipPrefix(PD("REMOTE_ADDR","nil")); | |
| 565 | - if( strcmp(zRemoteAddr, "127.0.0.1")==0 | |
| 565 | + zRemoteAddr = ipPrefix(zIpAddr = PD("REMOTE_ADDR","nil")); | |
| 566 | + if( strcmp(zIpAddr, "127.0.0.1")==0 | |
| 566 | 567 | && g.useLocalauth |
| 567 | 568 | && db_get_int("localauth",0)==0 |
| 568 | 569 | && P("HTTPS")==0 |
| 569 | 570 | ){ |
| 570 | 571 | uid = db_int(0, "SELECT uid FROM user WHERE cap LIKE '%%s%%'"); |
| 571 | 572 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -546,11 +546,12 @@ | |
| 546 | ** |
| 547 | */ |
| 548 | void login_check_credentials(void){ |
| 549 | int uid = 0; /* User id */ |
| 550 | const char *zCookie; /* Text of the login cookie */ |
| 551 | char *zRemoteAddr; /* IP address of the requestor */ |
| 552 | const char *zCap = 0; /* Capability string */ |
| 553 | |
| 554 | /* Only run this check once. */ |
| 555 | if( g.userUid!=0 ) return; |
| 556 | |
| @@ -559,12 +560,12 @@ | |
| 559 | ** then there is no need to check user credentials. |
| 560 | ** |
| 561 | ** This feature allows the "fossil ui" command to give the user |
| 562 | ** full access rights without having to log in. |
| 563 | */ |
| 564 | zRemoteAddr = ipPrefix(PD("REMOTE_ADDR","nil")); |
| 565 | if( strcmp(zRemoteAddr, "127.0.0.1")==0 |
| 566 | && g.useLocalauth |
| 567 | && db_get_int("localauth",0)==0 |
| 568 | && P("HTTPS")==0 |
| 569 | ){ |
| 570 | uid = db_int(0, "SELECT uid FROM user WHERE cap LIKE '%%s%%'"); |
| 571 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -546,11 +546,12 @@ | |
| 546 | ** |
| 547 | */ |
| 548 | void login_check_credentials(void){ |
| 549 | int uid = 0; /* User id */ |
| 550 | const char *zCookie; /* Text of the login cookie */ |
| 551 | const char *zIpAddr; /* Raw IP address of the requestor */ |
| 552 | char *zRemoteAddr; /* Abbreviated IP address of the requestor */ |
| 553 | const char *zCap = 0; /* Capability string */ |
| 554 | |
| 555 | /* Only run this check once. */ |
| 556 | if( g.userUid!=0 ) return; |
| 557 | |
| @@ -559,12 +560,12 @@ | |
| 560 | ** then there is no need to check user credentials. |
| 561 | ** |
| 562 | ** This feature allows the "fossil ui" command to give the user |
| 563 | ** full access rights without having to log in. |
| 564 | */ |
| 565 | zRemoteAddr = ipPrefix(zIpAddr = PD("REMOTE_ADDR","nil")); |
| 566 | if( strcmp(zIpAddr, "127.0.0.1")==0 |
| 567 | && g.useLocalauth |
| 568 | && db_get_int("localauth",0)==0 |
| 569 | && P("HTTPS")==0 |
| 570 | ){ |
| 571 | uid = db_int(0, "SELECT uid FROM user WHERE cap LIKE '%%s%%'"); |
| 572 |