/* Check for password if it is required by configuration */
static gboolean
rspamd_webui_check_password (struct rspamd_http_connection_entry *entry,
- struct rspamd_webui_worker_ctx *ctx, struct rspamd_http_message *msg)
+ struct rspamd_webui_session *session, struct rspamd_http_message *msg)
{
const gchar *password;
+ struct rspamd_webui_worker_ctx *ctx = session->ctx;
+ if (!session->from_addr.has_addr) {
+ msg_info ("allow unauthorized connection from a unix socket");
+ return TRUE;
+ }
+ else if (ctx->secure_map && !session->from_addr.ipv6) {
+ if (radix32tree_find (ctx->secure_map,
+ ntohl (session->from_addr.d.in4.s_addr)) != RADIX_NO_VALUE) {
+ msg_info ("allow unauthorized connection from a trusted IP %s",
+ inet_ntoa (session->from_addr.d.in4));
+ return TRUE;
+ }
+ }
if (ctx->password) {
password = rspamd_http_message_find_header (msg, "Password");
if (password == NULL || strcmp (password, ctx->password) != 0) {
return FALSE;
}
}
+ else if (ctx->secure_map) {
+ msg_info ("deny unauthorized connection");
+ return FALSE;
+ }
return TRUE;
}
gulong data[4];
ucl_object_t *obj;
- if (!rspamd_webui_check_password (conn_ent, session->ctx, msg)) {
+ if (!rspamd_webui_check_password (conn_ent, session, msg)) {
return 0;
}
struct symbol_def *sym;
ucl_object_t *obj, *top, *sym_obj;
- if (!rspamd_webui_check_password (conn_ent, session->ctx, msg)) {
+ if (!rspamd_webui_check_password (conn_ent, session, msg)) {
return 0;
}
gint i;
ucl_object_t *obj, *top;
- if (!rspamd_webui_check_password (conn_ent, session->ctx, msg)) {
+ if (!rspamd_webui_check_password (conn_ent, session, msg)) {
return 0;
}
ucl_object_t *obj, *top;
- if (!rspamd_webui_check_password (conn_ent, session->ctx, msg)) {
+ if (!rspamd_webui_check_password (conn_ent, session, msg)) {
return 0;
}
struct rspamd_http_message *reply;
- if (!rspamd_webui_check_password (conn_ent, session->ctx, msg)) {
+ if (!rspamd_webui_check_password (conn_ent, session, msg)) {
return 0;
}
ctx = session->ctx;
- if (!rspamd_webui_check_password (conn_ent, ctx, msg)) {
+ if (!rspamd_webui_check_password (conn_ent, session, msg)) {
return 0;
}
ctx = session->ctx;
- if (!rspamd_webui_check_password (conn_ent, ctx, msg)) {
+ if (!rspamd_webui_check_password (conn_ent, session, msg)) {
return 0;
}
ctx = session->ctx;
- if (!rspamd_webui_check_password (conn_ent, session->ctx, msg)) {
+ if (!rspamd_webui_check_password (conn_ent, session, msg)) {
return 0;
}