AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2025-12-15 22:51:34 +03:00
Code Releases Activity

Add server option 'JsonRpcWebApiAllowedSubnet' to restrict access to JSON-RPC API based on client IP address

Browse Source
This commit is contained in:
Alexey Kryuchkov
2023-06-02 00:00:30 +03:00
parent 0f689d9dfc
commit a366bdbf02
8 changed files with 48 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/Cedar/Server.c
View File

@ -30,6 +30,7 @@
#include "Mayaqua/Internat.h"
#include "Mayaqua/Memory.h"
#include "Mayaqua/Microsoft.h"
#include "Mayaqua/Network.h"
#include "Mayaqua/Object.h"
#include "Mayaqua/OS.h"
#include "Mayaqua/Pack.h"
@ -6032,6 +6033,15 @@ void SiLoadServerCfg(SERVER *s, FOLDER *f)
// Disable JSON-RPC Web API
s->DisableJsonRpcWebApi = CfgGetBool(f, "DisableJsonRpcWebApi");
char tmpaddr[MAX_PATH];
if (CfgGetStr(f, "JsonRpcWebApiAllowedSubnet", tmpaddr, sizeof(tmpaddr))) {
IP _subnet, _mask;
if (ParseIpAndMask46(tmpaddr, &_subnet, &_mask)) {
s->JsonRpcWebApiAllowedSubnetAddr = _subnet;
s->JsonRpcWebApiAllowedSubnetMask = _mask;
}
}
// Bits of Diffie-Hellman parameters
c->DhParamBits = CfgGetInt(f, "DhParamBits");
if (c->DhParamBits == 0)
@ -6365,6 +6375,11 @@ void SiWriteServerCfg(FOLDER *f, SERVER *s)
// Disable JSON-RPC Web API
CfgAddBool(f, "DisableJsonRpcWebApi", s->DisableJsonRpcWebApi);
char tmpaddr[MAX_PATH];
IPAndMaskToStr(tmpaddr, sizeof(tmpaddr),
&s->JsonRpcWebApiAllowedSubnetAddr, &s->JsonRpcWebApiAllowedSubnetMask);
CfgAddStr(f, "JsonRpcWebApiAllowedSubnet", tmpaddr);
}
Unlock(c->lock);
}