Home of the Squeezebox™ & Transporter® network music players.
Page 9 of 12 FirstFirst ... 7891011 ... LastLast
Results 81 to 90 of 117
  1. #81
    Senior Member
    Join Date
    Apr 2005
    Location
    UK/London
    Posts
    812
    Quote Originally Posted by PasTim View Post
    I'm running Logitech Media Server Version: 7.9.1 - 1515659378 @ Thu Jan 11 09:26:58 UTC 2018
    I noticed the changes in the secureSettings branch in github.
    I don't think it is in the daily build yet.

  2. #82
    Senior Member
    Join Date
    Nov 2010
    Location
    Hertfordshire, UK
    Posts
    2,661
    Quote Originally Posted by Paul Webster View Post
    I noticed the changes in the secureSettings branch in github.
    I don't think it is in the daily build yet.
    I see. I think I misunderstood 'stable release' to mean beyond the 9.1 beta daily updates, rather than just in github.
    LMS 7.9.1 on VortexBox Midi box, Xubuntu 17.10, FLACs 16->24 bit, 44.1->192kbps. Touch & EDO. 2nd Touch standard.
    LMS plugin UPnP/DLNA Bridge to MF M1 CLiC (to A308CR amp & ESLs) & Marantz CR603 UPnP renderers.
    Alternatively Minimserver & Upplay to same & to upmpdcli/mpd PC renderers.
    Squeezelite to Meridian USB Explorer DAC to PC speakers/headphones.
    Wireless Xubuntu 17.10 laptop firefox/upplay or Android 'phone with Squeeze-Commander/BubbleUPnP controls LMS/Minimserver.

  3. #83
    Senior Member JJZolx's Avatar
    Join Date
    Apr 2005
    Location
    Colorado
    Posts
    11,482
    Quote Originally Posted by mherger View Post
    > As I understand it from some of the previous discussion, something has
    > been added to a recent LMS to require a password to change settings if
    > coming from the router/gateway address. Is that right? If so, which
    > password is that?


    I tried to explain this before... If you have a password set, then
    you're all fine. If you haven't, then you won't be able to access the
    settings from the outside. LMS won't ask for a password unless you've
    set it yourself.
    How do you determine that the connection is coming from "outside"? If someone is doing port forwarding in order to make the LMS server available to the internet, wouldn't the connection appear to come from the router on the same subnet?

  4. #84
    Senior Member
    Join Date
    Apr 2013
    Location
    UK
    Posts
    1,097
    Quote Originally Posted by JJZolx View Post
    How do you determine that the connection is coming from "outside"? If someone is doing port forwarding in order to make the LMS server available to the internet, wouldn't the connection appear to come from the router on the same subnet?
    I think you answered your own question, read back up the thread.


    Transcoded from Matt's brain by Tapatalk
    --
    Hardware: 3x Touch, 1x Radio, 2x Receivers, 1 HP Microserver NAS with Debian+LMS 7.9.0
    Music: ~1300 CDs, as 450 GB of 16/44k FLACs. No less than 3x 24/44k albums..

  5. #85
    Senior Member JJZolx's Avatar
    Join Date
    Apr 2005
    Location
    Colorado
    Posts
    11,482
    Ok, I see it. Thanks.

  6. #86
    Senior Member
    Join Date
    Apr 2005
    Location
    UK/London
    Posts
    812
    Quote Originally Posted by Paul Webster View Post
    I noticed the changes in the secureSettings branch in github.
    I don't think it is in the daily build yet.
    Correction - I see it was merged into 7.9 branch 5 days ago.
    https://github.com/Logitech/slimserv...lim/Plugin/CLI

    Try turning on Info level logging in "(plugin.cli) - Command Line Interface (CLI)"

    If you have access to the source code then check
    Slim/Plugin/CLI/Plugin.pm
    to see if it contains
    Code:
    	if ( !Slim::Utils::Network::ip_is_localhost($tmpaddr)
    		&& $prefsServer->get('protectSettings') && !$prefsServer->get('authorize')
    		&& Slim::Utils::Network::ip_is_gateway($tmpaddr)
    	) {
    		$log->error("Access to CLI is restricted to the local network or localhost: $tmpaddr");
    		$cli_socket->close;
    	}
    	elsif (!($prefsServer->get('filterHosts')) || (Slim::Utils::Network::isAllowedHost($tmpaddr))) {

  7. #87
    Senior Member
    Join Date
    Nov 2010
    Location
    Hertfordshire, UK
    Posts
    2,661
    Quote Originally Posted by Paul Webster View Post
    Correction - I see it was merged into 7.9 branch 5 days ago.
    https://github.com/Logitech/slimserv...lim/Plugin/CLI

    Try turning on Info level logging in "(plugin.cli) - Command Line Interface (CLI)"

    If you have access to the source code then check
    Slim/Plugin/CLI/Plugin.pm
    to see if it contains
    Code:
    	if ( !Slim::Utils::Network::ip_is_localhost($tmpaddr)
    		&& $prefsServer->get('protectSettings') && !$prefsServer->get('authorize')
    		&& Slim::Utils::Network::ip_is_gateway($tmpaddr)
    	) {
    		$log->error("Access to CLI is restricted to the local network or localhost: $tmpaddr");
    		$cli_socket->close;
    	}
    	elsif (!($prefsServer->get('filterHosts')) || (Slim::Utils::Network::isAllowedHost($tmpaddr))) {
    Yes, I have that code. In my server.prefs 'protectSettings' is set to 1. I don't know how the ip_is_gateway works, but since the IP I see for ssh is certainly not for my gateway maybe that's why it doesn't get trapped on my system (which has no password set).
    LMS 7.9.1 on VortexBox Midi box, Xubuntu 17.10, FLACs 16->24 bit, 44.1->192kbps. Touch & EDO. 2nd Touch standard.
    LMS plugin UPnP/DLNA Bridge to MF M1 CLiC (to A308CR amp & ESLs) & Marantz CR603 UPnP renderers.
    Alternatively Minimserver & Upplay to same & to upmpdcli/mpd PC renderers.
    Squeezelite to Meridian USB Explorer DAC to PC speakers/headphones.
    Wireless Xubuntu 17.10 laptop firefox/upplay or Android 'phone with Squeeze-Commander/BubbleUPnP controls LMS/Minimserver.

  8. #88
    Senior Member
    Join Date
    Apr 2005
    Location
    UK/London
    Posts
    812
    Quote Originally Posted by PasTim View Post
    Yes, I have that code. In my server.prefs 'protectSettings' is set to 1. I don't know how the ip_is_gateway works, but since the IP I see for ssh is certainly not for my gateway maybe that's why it doesn't get trapped on my system (which has no password set).
    Try increasing the log level for the module I referred to above.
    I think it will log both success and failure with the IP address.

  9. #89
    Senior Member
    Join Date
    Nov 2010
    Location
    Hertfordshire, UK
    Posts
    2,661
    Quote Originally Posted by Paul Webster View Post
    Try increasing the log level for the module I referred to above.
    I think it will log both success and failure with the IP address.
    I go no report at all with the plugin.cli info settings.

    Maybe I have misunderstood something (wouldn't be the first time!), so I had better be more precise about what I'm doing.

    I am connecting via my mobile, using a data connection, not wifi. I use an app called ConnectBot to connect with SSH to LMS via a netgear DDNS service to my router which has port 22 open. I have a public key shared between my mobile and the music server. ConnectBot has the ability to listen to local ports on the mobile and forward on the requests to my music server.

    So a local port 9000 is set up in ConnectBot to route to my home-server-ip-address:9000. I can connect mobile LMS tools (eg Squeeze Commander and Squeeze Player), or just my web browser connecting to http://localhost:9000. Using the browser, I can look at LMS settings and change some (stopping and restarting the UPnP bridge for instance).

    I know almost noting about the internals of LMS or its CLI. Does using a web browser go via CLI and hence get checked when accessing Settings?
    LMS 7.9.1 on VortexBox Midi box, Xubuntu 17.10, FLACs 16->24 bit, 44.1->192kbps. Touch & EDO. 2nd Touch standard.
    LMS plugin UPnP/DLNA Bridge to MF M1 CLiC (to A308CR amp & ESLs) & Marantz CR603 UPnP renderers.
    Alternatively Minimserver & Upplay to same & to upmpdcli/mpd PC renderers.
    Squeezelite to Meridian USB Explorer DAC to PC speakers/headphones.
    Wireless Xubuntu 17.10 laptop firefox/upplay or Android 'phone with Squeeze-Commander/BubbleUPnP controls LMS/Minimserver.

  10. #90
    Senior Member paul-'s Avatar
    Join Date
    Jan 2013
    Posts
    1,028
    Quote Originally Posted by PasTim View Post
    I don't know how the ip_is_gateway works, but since the IP I see for ssh is certainly not for my gateway maybe that's why it doesn't get trapped on my system (which has no password set).
    He is simply using the lms servers routing table to find the gateway address.

    If I read the perl correctly (Which there is a good chance that I am not)

    Allowed Addresses
    IP address of the server itself
    127.0.0.1
    Any Address in the List of permitted IP addresses defined on the Security page.

    Not Allowed Addresses
    Gateway address of the LMS server.


    However, the gateway is only a hop point. Even in a DNAT network, if you allow an external device through the firewall, it will not have the gateways address.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •