#3211: IP check too strict
---------------------+------------------------------------------------------
Reporter: bbrazil | Owner: jonas
Type: defect | Status: new
Priority: normal | Milestone: 0.9.6
Component: general | Version: devel
Severity: normal | Keywords:
---------------------+------------------------------------------------------
In trac/web/auth.py the IP check against cookies/sessions requries the
exact same IP. This doesn't work for NAT over multiple IP addresses, or
using multiple proxies which makes login impossible. The solution is to
check only the /24.
Patch (implementation by Dinko Korunic):
{{{
--- trac/web/auth.py (revision 3356)
+++ trac/web/auth.py (working copy)
@@ -166,9 +166,11 @@
db = self.env.get_db_cnx()
cursor = db.cursor()
if self.check_ip:
+ ipaddr = '.'.join(req.remote_addr.split('.')[:-1])
+ ipaddr = ipaddr + '%'
cursor.execute("SELECT name FROM auth_cookie "
- "WHERE cookie=%s AND ipnr=%s",
- (cookie.value, req.remote_addr))
+ "WHERE cookie=%s AND ipnr LIKE %s",
+ (cookie.value, ipaddr))
else:
cursor.execute("SELECT name FROM auth_cookie WHERE cookie=%s",
(cookie.value,))
}}}
This is related to #1485
--
Ticket URL: <http://projects.edgewall.com/trac/ticket/3211>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac-tickets
