From 8f7be5470b79dbdd9f0db8b2126738e793a5b856 Mon Sep 17 00:00:00 2001
From: Rob van Son <R.J.J.H.vanSon@gmail.com>
Date: Mon, 25 Jun 2012 08:02:01 +0200
Subject: [PATCH] Added capability to use Tor and ignore REMOTE_ADDR

---
 CGIscriptor.pl                   | 6 +++++-
 Private/.Passwords/testchallenge | 1 +
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/CGIscriptor.pl b/CGIscriptor.pl
index c4f21f6..0657251 100755
--- a/CGIscriptor.pl
+++ b/CGIscriptor.pl
@@ -3591,7 +3591,11 @@ sub create_session_file	#($sessionfile, $loginfile, $authorizationfile, $path) -
 	$sessionContent->{Username} = [lc($authorization->{'Username'}->[0])];
 	$sessionContent->{Session} = [$sessionid];
 	$sessionContent->{Time} = [time];
-	$sessionContent->{IPaddress} = $loginticket->{'IPaddress'};
+	# Allow use of Tor if Session Type is CHALLENGE
+	unless($sessionContent->{Type}->[0] eq 'CHALLENGE' && grep(/^VariableREMOTE_ADDRESS$/, @{$authorization->{'Capabilities'}}))
+	{
+		$sessionContent->{IPaddress} = $loginticket->{'IPaddress'};
+	};
 	$sessionContent->{Salt} = $authorization->{'Salt'};
 	$sessionContent->{Randomsalt} = $loginticket->{'Randomsalt'};
 	$sessionContent->{AllowedPaths} = $authorization->{'AllowedPaths'};
diff --git a/Private/.Passwords/testchallenge b/Private/.Passwords/testchallenge
index c678bc0..148c02d 100644
--- a/Private/.Passwords/testchallenge
+++ b/Private/.Passwords/testchallenge
@@ -5,6 +5,7 @@ IPaddress: 127.0.0.1
 AllowedPaths: ^/Private/index\.html$
 AllowedPaths: ^/Private/[^/]+\.html$
 AllowedPaths: ^/Private/?$
+Capabilities: VariableREMOTE_ADDRESS
 Salt: e93cf858a1d5626bf095ea5c25df990dfa969ff5a5dc908b22c9a5229b525f65
 Session: CHALLENGE
 Signature: ca751911d3eab325431235b21a1f4cc65e4ad770ccf934f023aaf210cdde35e6
-- 
2.11.4.GIT