Skip to content

Commit 668f2a1

Browse files
Merge pull request #294 from Martinski4GitHub/dev
Improvements when detecting WebGUI access rules
2 parents 9624d7d + 33fd2f9 commit 668f2a1

File tree

1 file changed

+41
-23
lines changed

1 file changed

+41
-23
lines changed

MerlinAU.sh

Lines changed: 41 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -147,7 +147,7 @@ theLGExitStr="${GRNct}e${NOct}=Exit to Log Options Menu"
147147
routerLoginFailureMsg="Please try the following:
148148
1. Confirm that you are *not* already logged into the router webGUI using a web browser.
149149
2. Check that the \"Enable Access Restrictions\" option from the webGUI is *not* set up
150-
to restrict access to the router webGUI from the router's IP address.
150+
to restrict access to the router webGUI from the router's IP address [${GRNct}${mainLAN_IPaddr}${NOct}].
151151
3. Confirm your password via the \"Set Router Login Credentials\" option from the Main Menu."
152152

153153
[ -t 0 ] && ! tty | grep -qwi "NOT" && isInteractive=true
@@ -2302,7 +2302,7 @@ _TestLoginCredentials_()
23022302
return 0
23032303
else
23042304
printf "\n${REDct}**ERROR**${NOct}: Router Login test failed.\n"
2305-
printf "\n%s\n\n" "$routerLoginFailureMsg"
2305+
printf "\n${routerLoginFailureMsg}\n\n"
23062306
if _WaitForYESorNO_ "Would you like to try again?"
23072307
then return 1 # Indicates failure but with intent to retry #
23082308
else return 0 # User opted not to retry; do a graceful exit #
@@ -2587,34 +2587,52 @@ _GetPasswordInput_()
25872587
return "$retCode"
25882588
}
25892589

2590+
##-------------------------------------##
2591+
## Added by Martinski W. [2024-Aug-16] ##
2592+
##-------------------------------------##
2593+
_CheckWebGUILoginAccessOK_()
2594+
{
2595+
local accessRestriction restrictRuleList netIPv4Addr
2596+
local lanIPaddrRegEx1 lanIPaddrRegEx2 lanIPaddrRegEx3
2597+
2598+
accessRestriction="$(nvram get enable_acc_restriction)"
2599+
if [ -z "$accessRestriction" ] || [ "$accessRestriction" -eq 0 ]
2600+
then return 0 ; fi
2601+
2602+
restrictRuleList="$(nvram get restrict_rulelist)"
2603+
netIPv4Addr="${mainLAN_IPaddr%.*}.0"
2604+
2605+
# Router IP address MUST have access to WebGUI #
2606+
lanIPaddrRegEx1=">${mainLAN_IPaddr}>[13]"
2607+
lanIPaddrRegEx2=">${mainLAN_IPaddr}/32>[13]"
2608+
lanIPaddrRegEx3=">${netIPv4Addr}/(2[4-9]|3[0-1])>[13]"
2609+
2610+
if echo "$restrictRuleList" | grep -qE "$lanIPaddrRegEx1|$lanIPaddrRegEx2|$lanIPaddrRegEx3"
2611+
then return 0 ; fi
2612+
2613+
printf "\n${REDct}*WARNING*: The \"Enable Access Restrictions\" option is currently active.${NOct}"
2614+
printf "\nTo allow webGUI login access you must add the router IP address ${GRNct}${mainLAN_IPaddr}${NOct}
2615+
with the \"${GRNct}Web UI${NOct}\" access type on the \"Access restriction list\" panel."
2616+
printf "\n[See ${GRNct}'Administration -> System -> Access restriction list'${NOct}]"
2617+
printf "\nAn alternative method would be to disable the \"Enable Access Restrictions\" option.\n"
2618+
2619+
return 1
2620+
}
2621+
25902622
##----------------------------------------##
2591-
## Modified by Martinski W. [2024-Jul-30] ##
2623+
## Modified by Martinski W. [2024-Aug-16] ##
25922624
##----------------------------------------##
25932625
_GetLoginCredentials_()
25942626
{
25952627
local retry="yes" userName savedMsg
25962628
local oldPWSDstring thePWSDstring
25972629
local loginCredsENC loginCredsDEC
25982630

2599-
# Check if Access Restrictions are enabled #
2600-
local accRestriction restrictRuleList routerIP ruleMatch
2601-
accRestriction="$(nvram get enable_acc_restriction)"
2602-
2603-
if [ "$accRestriction" = "1" ]; then
2604-
# Get the restrict_rulelist and the router IP address #
2605-
restrictRuleList="$(nvram get restrict_rulelist)"
2606-
routerIP="$(nvram get lan_ipaddr)"
2607-
2608-
# Check if the router IP is followed by >1 or >3
2609-
ruleMatch="$(echo "$restrictRuleList" | grep -oE "${routerIP}>[13]")"
2610-
2611-
if [ -z "$ruleMatch" ] || echo "$restrictRuleList" | grep -qE "${routerIP}>2"; then
2612-
printf "${REDct}WARNING: Access Restrictions are enabled!${NOct}\n"
2613-
printf "${REDct}Please add the routers IP with 'Web UI' access under 'Administration -> System -> Access restriction list' to permit login to the WebUI.${NOct}\n"
2614-
printf "${REDct}The alternative option is to disable 'Access restrictions' if unrequired.${NOct}\n"
2615-
_WaitForEnterKey_
2616-
return 1
2617-
fi
2631+
# Check if WebGUI access is NOT restricted #
2632+
if ! _CheckWebGUILoginAccessOK_
2633+
then
2634+
_WaitForEnterKey_ "$mainMenuReturnPromptStr"
2635+
return 1
26182636
fi
26192637

26202638
# Get the Username from NVRAM #
@@ -6099,7 +6117,7 @@ Please manually update to version $MinSupportedFirmwareVers or higher to use thi
60996117
Say "${REDct}**ERROR**${NOct}: Router Login failed."
61006118
if "$inMenuMode" || "$isInteractive"
61016119
then
6102-
printf "\n%s\n\n" "$routerLoginFailureMsg"
6120+
printf "\n${routerLoginFailureMsg}\n\n"
61036121
_WaitForEnterKey_
61046122
fi
61056123
_SendEMailNotification_ FAILED_FW_UPDATE_STATUS

0 commit comments

Comments
 (0)