diff --git a/install/sql/incremental/upd_dev_collection.sql b/install/sql/incremental/upd_dev_collection.sql
index 2458724d2e3415095879f3661b1de0d4ce86b1d7..f73a20b0575a6162188a6269c1be60bedcfe2593 100644
--- a/install/sql/incremental/upd_dev_collection.sql
+++ b/install/sql/incremental/upd_dev_collection.sql
@@ -1 +1,3 @@
ALTER TABLE `web_domain` ADD COLUMN `ssl_letsencrypt_exclude` enum('n','y') NOT NULL DEFAULT 'n' AFTER `ssl_letsencrypt`;
+ALTER TABLE `remote_user` ADD `remote_access` ENUM('y','n') NOT NULL DEFAULT 'y' AFTER `remote_password`;
+ALTER TABLE `remote_user` ADD `remote_ips` TEXT AFTER `remote_access`;
diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql
index 11755a34b96353347ec48b9cdb61d4c3e5d65ac1..9aa91701bc728b300c5b5a4640199907e06a757b 100644
--- a/install/sql/ispconfig3.sql
+++ b/install/sql/ispconfig3.sql
@@ -1246,6 +1246,8 @@ CREATE TABLE `remote_user` (
`sys_perm_other` varchar(5) default NULL,
`remote_username` varchar(64) NOT NULL DEFAULT '',
`remote_password` varchar(64) NOT NULL DEFAULT '',
+ `remote_access` enum('y','n') NOT NULL DEFAULT 'y',
+ `remote_ips` TEXT,
`remote_functions` text,
PRIMARY KEY (`remote_userid`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
diff --git a/interface/lib/classes/remoting.inc.php b/interface/lib/classes/remoting.inc.php
index 87072d32b69f139bceec7a2b1902ceb8399dab80..a3bb192d917e4049d91266b23adfe1072285f1f1 100644
--- a/interface/lib/classes/remoting.inc.php
+++ b/interface/lib/classes/remoting.inc.php
@@ -144,6 +144,41 @@ class remoting {
$sql = "SELECT * FROM remote_user WHERE remote_username = ? and remote_password = md5(?)";
$remote_user = $app->db->queryOneRecord($sql, $username, $password);
if($remote_user['remote_userid'] > 0) {
+ $allowed_ips = explode(',',$remote_user['remote_ips']);
+ foreach($allowed_ips as $i => $allowed) {
+ if(!filter_var($allowed, FILTER_VALIDATE_IP)) {
+ // get the ip for a hostname
+ unset($allowed_ips[$i]);
+ $temp=dns_get_record($allowed, DNS_A+DNS_AAAA);
+ foreach($temp as $t) {
+ if(isset($t['ip'])) $allowed_ips[] = $t['ip'];
+ if(isset($t['ipv6'])) $allowed_ips[] = $t['ipv6'];
+ }
+ unset($temp);
+ }
+ }
+ $allowed_ips[] = '127.0.0.1';
+ $allowed_ips[] = '::1';
+ $allowed_ips=array_unique($allowed_ips);
+ $ip = $_SERVER['REMOTE_ADDR'];
+ $remote_allowed = @($ip == '::1' || $ip == '127.0.0.1')?true:false;
+ if(!$remote_allowed && $remote_user['remote_access'] == 'y') {
+ if(trim($remote_user['remote_ips']) == '') {
+ $remote_allowed=true;
+ } else {
+ $ip = inet_pton($_SERVER['REMOTE_ADDR']);
+ foreach($allowed_ips as $allowed) {
+ if($ip == inet_pton(trim($allowed))) {
+ $remote_allowed=true;
+ break;
+ }
+ }
+ }
+ }
+ if(!$remote_allowed) {
+ throw new SoapFault('login_failed', 'The login is not allowed from '.$_SERVER['REMOTE_ADDR']);
+ return false;
+ }
//* Create a remote user session
//srand ((double)microtime()*1000000);
$remote_session = md5(mt_rand().uniqid('ispco'));
diff --git a/interface/lib/classes/validate_remote_user.inc.php b/interface/lib/classes/validate_remote_user.inc.php
new file mode 100755
index 0000000000000000000000000000000000000000..defcfe1a1a5d88f088b520dc5d1f632d82b146ec
--- /dev/null
+++ b/interface/lib/classes/validate_remote_user.inc.php
@@ -0,0 +1,61 @@
+\r\n";
+
+ if($valid == false) {
+ $errmsg = $validator['errmsg'];
+ if(isset($app->tform->wordbook[$errmsg])) {
+ return $app->tform->wordbook[$errmsg]."
\r\n";
+ } else {
+ return $errmsg."
\r\n";
+ }
+ }
+ }
+ }
+
+}
diff --git a/interface/lib/classes/validate_server.inc.php b/interface/lib/classes/validate_server.inc.php
index 6361fb471ce063867cbbe1e8bcc267ed56e7dd92..4be0426aed4affe82f9150fed54f672b1cdec336 100644
--- a/interface/lib/classes/validate_server.inc.php
+++ b/interface/lib/classes/validate_server.inc.php
@@ -46,11 +46,15 @@ class validate_server {
* Validator function for server-ip
*/
function check_server_ip($field_name, $field_value, $validator) {
- if($_POST['ip_type'] == 'IPv4') {
+ global $app;
+
+ $type=(isset($app->remoting_lib->dataRecord['ip_type']))?$app->remoting_lib->dataRecord['ip_type']:$_POST['ip_type'];
+
+ if($type == 'IPv4') {
if(!filter_var($field_value, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
return $this->get_error($validator['errmsg']);
}
- } elseif ($_POST['ip_type'] == 'IPv6') {
+ } elseif ($type == 'IPv6') {
if(!filter_var($field_value, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
return $this->get_error($validator['errmsg']);
}
diff --git a/interface/web/admin/form/remote_user.tform.php b/interface/web/admin/form/remote_user.tform.php
index 1ab2b0e0d57ec5fb95e6c13497540ea1a320504c..895d9418a9489e95466272cb5d6e44ed17cb0b67 100644
--- a/interface/web/admin/form/remote_user.tform.php
+++ b/interface/web/admin/form/remote_user.tform.php
@@ -115,6 +115,27 @@ $form["tabs"]['remote_user'] = array (
'width' => '30',
'maxlength' => '255'
),
+ 'remote_access' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'CHECKBOX',
+ 'default' => 'n',
+ 'value' => array(0 => 'n', 1 => 'y')
+ ),
+ 'remote_ips' => array (
+ 'datatype' => 'TEXT',
+ 'formtype' => 'TEXT',
+ 'validators' => array (
+ 0 => array (
+ 'type' => 'CUSTOM',
+ 'class' => 'validate_remote_user',
+ 'function' => 'valid_remote_ip',
+ 'errmsg' => 'remote_user_error_ips'),
+ ),
+ 'default' => '',
+ 'value' => '',
+ 'width' => '60',
+ 'searchable' => 2
+ ),
'remote_functions' => array (
'datatype' => 'TEXT',
'formtype' => 'CHECKBOXARRAY',
diff --git a/interface/web/admin/lib/lang/de_remote_user.lng b/interface/web/admin/lib/lang/de_remote_user.lng
index 1458d22ee5683b77e78c42ba2e8c00bad651af4c..164a0fb81a4597f506a04a6484f29aefa66bbeab 100644
--- a/interface/web/admin/lib/lang/de_remote_user.lng
+++ b/interface/web/admin/lib/lang/de_remote_user.lng
@@ -44,4 +44,7 @@ $wb['generate_password_txt'] = 'Passwort erzeugen';
$wb['repeat_password_txt'] = 'Passwort wiederholen';
$wb['password_mismatch_txt'] = 'Die Passwörter stimmen nicht überein.';
$wb['password_match_txt'] = 'Die Passwörter stimmen überein.';
+$wb['remote_user_error_ips'] = 'Mindestens eine eingegebene IP-Adresse oder ein Hostname ist ungueltig.';
+$wb['remote_access_txt'] = 'Entfernter Zugriff';
+$wb['remote_ips_txt'] = 'Entfernter Zugriff IP / Hostname (Mehrere mit Komma trennen, keine Angabe für alle)';
?>
diff --git a/interface/web/admin/lib/lang/en_remote_user.lng b/interface/web/admin/lib/lang/en_remote_user.lng
index 4868e39bdbcb40324dc0acc1ecaa41fee90b5aeb..2fc633b555d240c15457f3ec2fdd48d9e55a756e 100644
--- a/interface/web/admin/lib/lang/en_remote_user.lng
+++ b/interface/web/admin/lib/lang/en_remote_user.lng
@@ -44,4 +44,7 @@ $wb['generate_password_txt'] = 'Generate Password';
$wb['repeat_password_txt'] = 'Repeat Password';
$wb['password_mismatch_txt'] = 'The passwords do not match.';
$wb['password_match_txt'] = 'The passwords do match.';
+$wb['remote_access_txt'] = 'Remote Access';
+$wb['remote_ips_txt'] = 'Remote Access IPs / Hostnames (separate by , and leave blank for any)';
+$wb['remote_user_error_ips'] = 'At least one of the entered ip addresses or hostnames is invalid.';
?>
diff --git a/interface/web/admin/templates/remote_user_edit.htm b/interface/web/admin/templates/remote_user_edit.htm
index dcfea7929dc84b0d9b2ed93b09abf980f1b6355e..099af58eb50c946f59bed638e56c9e07b5d25c3b 100644
--- a/interface/web/admin/templates/remote_user_edit.htm
+++ b/interface/web/admin/templates/remote_user_edit.htm
@@ -36,6 +36,12 @@
{tmpl_var name='password_match_txt'}
+
+