sabnzbd-check-access-patch 1.6 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950
  1. #!/usr/bin/env python
  2. def check_access(access_type=4):
  3. """Check if external address is allowed given access_type:
  4. 1=nzb
  5. 2=api
  6. 3=full_api
  7. 4=webui
  8. 5=webui with login for external
  9. """
  10. referrer = cherrypy.request.remote.ip
  11. # CherryPy will report ::ffff:192.168.0.10 on dual-stack situation
  12. # It will always contain that ::ffff: prefix
  13. # Standardize input
  14. for r in cfg.local_ranges():
  15. if "/" in r:
  16. prefix, suffix = r.split("/")
  17. def cidr_to_netmask(cidr):
  18. cidr = int(cidr)
  19. mask = (0xffffffff >> (32 - cidr)) << (32 - cidr)
  20. return (str( (0xff000000 & mask) >> 24) + '.' +
  21. str( (0x00ff0000 & mask) >> 16) + '.' +
  22. str( (0x0000ff00 & mask) >> 8) + '.' +
  23. str( (0x000000ff & mask)))
  24. range_ok = not cfg.local_ranges() or bool(
  25. [1 for r in cfg.local_ranges() if (referrer.startswith(r) or referrer.replace("::ffff:", "").startswith(r))]
  26. )
  27. allowed = referrer in ("127.0.0.1", "::ffff:127.0.0.1", "::1") or range_ok or access_type <= cfg.inet_exposure()
  28. if not allowed:
  29. logging.debug("Refused connection from %s", referrer)
  30. return allowed
  31. def convert_cidr(ip,mask):
  32. network = ''
  33. iOctets = ip.split('.')
  34. mOctets = mask.split('.')
  35. network = str( int( iOctets[0] ) & int(mOctets[0] ) ) + '.'
  36. network += str( int( iOctets[1] ) & int(mOctets[1] ) ) + '.'
  37. network += str( int( iOctets[2] ) & int(mOctets[2] ) ) + '.'
  38. network += str( int( iOctets[3] ) & int(mOctets[3] ) )
  39. return network