From a9ba4020dbf40fd7366d4038f95d738409158870 Mon Sep 17 00:00:00 2001
From: Michael Edgar <michael.j.edgar@dartmouth.edu>
Date: Wed, 13 Apr 2011 20:24:26 -0400
Subject: [PATCH] Added a global config option for IP-based session protection.

The new setting defaults to true, and is settable in the web admin panel. When
set to false, IP address checks are ignored. For users behind proxies (students,
large corporate networks) that don't guarantee a consistent IP, this makes the
web admin panel much more usable.
---
 WebModules.cpp                           | 2 +-
 modules/data/webadmin/tmpl/settings.tmpl | 6 ++++++
 modules/webadmin.cpp                     | 2 ++
 znc.cpp                                  | 4 ++++
 znc.h                                    | 3 +++
 5 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/WebModules.cpp b/WebModules.cpp
index 34bb0291..6f903210 100644
--- a/WebModules.cpp
+++ b/WebModules.cpp
@@ -533,7 +533,7 @@ void CWebSock::OnPageRequest(const CString& sURI) {
 }
 
 CWebSock::EPageReqResult CWebSock::OnPageRequestInternal(const CString& sURI, CString& sPageRet) {
-	if (GetSession()->GetIP() != GetRemoteIP()) {
+	if (CZNC::Get().GetProtectWebSessions() && GetSession()->GetIP() != GetRemoteIP()) {
 		PrintErrorPage(403, "Access denied", "This session does not belong to your IP.");
 		return PAGE_DONE;
 	}
diff --git a/modules/data/webadmin/tmpl/settings.tmpl b/modules/data/webadmin/tmpl/settings.tmpl
index ff0863d6..2112f5b6 100644
--- a/modules/data/webadmin/tmpl/settings.tmpl
+++ b/modules/data/webadmin/tmpl/settings.tmpl
@@ -89,6 +89,12 @@
 					<div><input type="text" name="anoniplimit" value="<? VAR AnonIPLimit ?>" /></div>
 				</div>
 				<div style="clear: both;"></div>
+				
+				<div class="subsection half">
+					<div class="inputlabel">Protect Web Sessions:</div>
+					<div><input type="text" name="protectwebsessions" value="<? VAR ProtectWebSessions ?>" /></div>
+				</div>
+				<div style="clear: both;"></div>
 
 				<div class="subsection twothird">
 					<div class="inputlabel">MOTD:</div>
diff --git a/modules/webadmin.cpp b/modules/webadmin.cpp
index 6ef3d623..24630f81 100644
--- a/modules/webadmin.cpp
+++ b/modules/webadmin.cpp
@@ -971,6 +971,7 @@ public:
 			Tmpl["ConnectDelay"] = CString(CZNC::Get().GetConnectDelay());
 			Tmpl["ServerThrottle"] = CString(CZNC::Get().GetServerThrottle());
 			Tmpl["AnonIPLimit"] = CString(CZNC::Get().GetAnonIPLimit());
+			Tmpl["ProtectWebSessions"] = CString(CZNC::Get().GetProtectWebSessions());
 
 			const VCString& vsBindHosts = CZNC::Get().GetBindHosts();
 			for (unsigned int a = 0; a < vsBindHosts.size(); a++) {
@@ -1061,6 +1062,7 @@ public:
 		sArg = WebSock.GetParam("connectdelay"); CZNC::Get().SetConnectDelay(sArg.ToUInt());
 		sArg = WebSock.GetParam("serverthrottle"); CZNC::Get().SetServerThrottle(sArg.ToUInt());
 		sArg = WebSock.GetParam("anoniplimit"); CZNC::Get().SetAnonIPLimit(sArg.ToUInt());
+		sArg = WebSock.GetParam("protectwebsessions"); CZNC::Get().SetProtectWebSessions(sArg.ToBool());
 
 		VCString vsArgs;
 		WebSock.GetRawParam("motd").Split("\n", vsArgs);
diff --git a/znc.cpp b/znc.cpp
index a33b19d8..33730c67 100644
--- a/znc.cpp
+++ b/znc.cpp
@@ -38,6 +38,7 @@ CZNC::CZNC() {
 	m_TimeStarted = time(NULL);
 	m_sConnectThrottle.SetTTL(30000);
 	m_pLockFile = NULL;
+	m_bProtectWebSessions = true;
 }
 
 CZNC::~CZNC() {
@@ -452,6 +453,7 @@ bool CZNC::WriteConfig() {
 	pFile->Write("AnonIPLimit  = " + CString(m_uiAnonIPLimit) + "\n");
 	pFile->Write("MaxBufferSize= " + CString(m_uiMaxBufferSize) + "\n");
 	pFile->Write("SSLCertFile  = " + CString(m_sSSLCertFile) + "\n");
+	pFile->Write("ProtectWebSessions = " + CString(m_bProtectWebSessions) + "\n");
 
 	for (size_t l = 0; l < m_vpListeners.size(); l++) {
 		CListener* pListener = m_vpListeners[l];
@@ -1148,6 +1150,8 @@ bool CZNC::DoRehash(CString& sError)
 		m_uiAnonIPLimit = sVal.ToUInt();
 	if (config.FindStringEntry("maxbuffersize", sVal))
 		m_uiMaxBufferSize = sVal.ToUInt();
+	if (config.FindStringEntry("protectwebsessions", sVal))
+  		m_bProtectWebSessions = sVal.ToBool();
 
 	// This has to be after SSLCertFile is handled since it uses that value
 	const char *szListenerEntries[] = {
diff --git a/znc.h b/znc.h
index 403f4cee..fc56b8bd 100644
--- a/znc.h
+++ b/znc.h
@@ -84,6 +84,7 @@ public:
 	void SetMaxBufferSize(unsigned int i) { m_uiMaxBufferSize = i; }
 	void SetAnonIPLimit(unsigned int i) { m_uiAnonIPLimit = i; }
 	void SetServerThrottle(unsigned int i) { m_sConnectThrottle.SetTTL(i*1000); }
+	void SetProtectWebSessions(bool b) { m_bProtectWebSessions = b; }
 	void SetConnectDelay(unsigned int i);
 	// !Setters
 
@@ -111,6 +112,7 @@ public:
 	unsigned int GetAnonIPLimit() const { return m_uiAnonIPLimit; }
 	unsigned int GetServerThrottle() const { return m_sConnectThrottle.GetTTL() / 1000; }
 	unsigned int GetConnectDelay() const { return m_uiConnectDelay; }
+	bool GetProtectWebSessions() const { return m_bProtectWebSessions; }
 	// !Getters
 
 	// Static allocator
@@ -181,6 +183,7 @@ protected:
 	unsigned long long     m_uBytesWritten;
 	CConnectUserTimer     *m_pConnectUserTimer;
 	TCacheMap<CString>     m_sConnectThrottle;
+	bool                   m_bProtectWebSessions;
 };
 
 #endif // !_ZNC_H