From 5833bc1e61f8ce55bf13689c484d1f66207bf3b1 Mon Sep 17 00:00:00 2001 From: rudolfkoenig <> Date: Tue, 8 Jan 2008 20:15:58 +0000 Subject: [PATCH] Allowedfrom added git-svn-id: https://svn.fhem.de/fhem/trunk@145 2b470e98-0d58-463d-a4d8-8e2adae1ed80 --- fhem/CHANGED | 1 + fhem/HISTORY | 10 +++++++--- fhem/docs/commandref.html | 7 +++++++ fhem/fhem.pl | 27 ++++++++++++++++++++------- 4 files changed, 35 insertions(+), 10 deletions(-) diff --git a/fhem/CHANGED b/fhem/CHANGED index 597e6ec52..d728c1ea9 100644 --- a/fhem/CHANGED +++ b/fhem/CHANGED @@ -378,6 +378,7 @@ - bugfix: 99_SUNRISE_EL.pm: may schedule double events - bugfix: 62_EMEM.pl, contrib/em1010.pl: correct readings for energy_kWh and energy_kWh_w (Boris, 06.01.08) + - feature: gloabl attr allowfrom, as wished by Holger (8.1.2008) - TODO emem -2.5kW / getDevData for emwz -1 diff --git a/fhem/HISTORY b/fhem/HISTORY index 11a8a8eef..e2cb3acc0 100644 --- a/fhem/HISTORY +++ b/fhem/HISTORY @@ -189,7 +189,11 @@ - Boris Sun Jan 06 13:35:00 CET 2008 - bugfix: 62_EMEM.pm: changed reading energy_total_kWh to energy_kWh_w, added energy_kWh (formerly energy_total_kWh) - - changed em1010.pl accordingly, added em1000em doc for getDevStatus reply from - device + - changed em1010.pl accordingly, added em1000em doc for getDevStatus reply + from device - minor changes in fhem.html - \ No newline at end of file + +- Rudi Tue Jan 8 21:13:08 MET 2008 + - feature: attr global allowfrom + If set, only connects from these addresses are allowed. This is to + "simulate" a little bit of security. diff --git a/fhem/docs/commandref.html b/fhem/docs/commandref.html index 778248cff..fcd8bbce7 100644 --- a/fhem/docs/commandref.html +++ b/fhem/docs/commandref.html @@ -193,6 +193,13 @@ split in multiple lines

non-localhost connections too.
+ +
  • allowfrom
    + Comma (,) separated list of ip-addresses or hostnames. If set, + only connections from these addresses are allowed. +

    • + +
  • statefile
    Set the filename where the state and certain at diff --git a/fhem/fhem.pl b/fhem/fhem.pl index 0216dc160..a3619252a 100755 --- a/fhem/fhem.pl +++ b/fhem/fhem.pl @@ -138,15 +138,15 @@ my %intAt; # Internal at timer hash. my $intAtCnt=0; my $reread_active = 0; my $AttrList = "room comment"; -my $cvsid = '$Id: fhem.pl,v 1.36 2007-12-31 14:43:02 rudolfkoenig Exp $'; +my $cvsid = '$Id: fhem.pl,v 1.37 2008-01-08 20:15:58 rudolfkoenig Exp $'; $init_done = 0; $modules{_internal_}{ORDER} = -1; -$modules{_internal_}{AttrList} = "configfile logfile lastinclude modpath " . - "pidfilename port statefile title userattr " . - "nrarchive archivedir archivecmd " . - "verbose:1,2,3,4,5 version"; +$modules{_internal_}{AttrList} = + "archivecmd allowfrom archivedir configfile lastinclude logfile " . + "modpath nrarchive pidfilename port statefile title userattr " . + "verbose:1,2,3,4,5 version"; my %cmds = ( @@ -295,10 +295,23 @@ while (1) { Log 1, "Accept failed: $!"; next; } - my @clientsock = sockaddr_in($clientinfo[1]); + my ($port, $iaddr) = sockaddr_in($clientinfo[1]); + my $caddr = inet_ntoa($iaddr); + my $af = $attr{global}{allowfrom}; + if($af) { + if(",$af," !~ m/,$caddr,/) { + my $hostname = gethostbyaddr($iaddr, AF_INET); + if(!$hostname || ",$af," !~ m/,$hostname,/) { + Log 1, "Connection refused from $caddr:$port"; + close($clientinfo[0]); + next; + } + } + } + my $fd = $clientinfo[0]; $client{$fd}{fd} = $fd; - $client{$fd}{addr} = inet_ntoa($clientsock[1]) . ":" . $clientsock[0]; + $client{$fd}{addr} = "$caddr:$port"; $client{$fd}{buffer} = ""; Log 4, "Connection accepted from $client{$fd}{addr}"; }