Add an utility to parse IP tree from a string.

diff --git a/src/cfg_file.h b/src/cfg_file.h
index c1ebfd93c2d75f6ee1071562ce8117a9765afa70..f4bdb6ec5bf566a77cc08b58e1c4bd4e3640ec11 100644 (file)
--- a/src/cfg_file.h
+++ b/src/cfg_file.h
@@ -506,6 +506,11 @@ gboolean check_classifier_statfiles (struct classifier_config *cf);
  */
 struct classifier_config* find_classifier_conf (struct config_file *cfg, const gchar *name);
 
+/*
+ * Parse input `ip_list` to radix tree `tree`. Now supports only IPv4 addresses.
+ */
+gboolean rspamd_parse_ip_list (const gchar *ip_list, radix_tree_t **tree);
+
 #endif /* ifdef CFG_FILE_H */
 /* 
  * vi:ts=4 

diff --git a/src/cfg_utils.c b/src/cfg_utils.c
index 020a70ae61ae8b464cfe8852e1c4e2e4f7220367..4bfbddb2ec4e25ad240c9b70b5fc364c78114fa2 100644 (file)
--- a/src/cfg_utils.c
+++ b/src/cfg_utils.c
@@ -1005,6 +1005,30 @@ rspamd_ucl_fin_cb (memory_pool_t * pool, struct map_cb_data *data)
        }
 }
 
+gboolean
+rspamd_parse_ip_list (const gchar *ip_list, radix_tree_t **tree)
+{
+       gchar                           **strvec, **cur;
+       struct in_addr                   ina;
+       guint32                           mask;
+
+       strvec = g_strsplit_set (ip_list, ",", 0);
+       cur = strvec;
+
+       while (*cur != NULL) {
+               /* XXX: handle only ipv4 addresses */
+               if (parse_ipmask_v4 (*cur, &ina, &mask)) {
+                       if (*tree == NULL) {
+                               *tree = radix_tree_create ();
+                       }
+                       radix32tree_add (*tree, htonl (ina.s_addr), mask, 1);
+               }
+               cur ++;
+       }
+
+       return (*tree != NULL);
+}
+
 /*
  * vi:ts=4
  */

diff --git a/src/fuzzy_storage.c b/src/fuzzy_storage.c
index ecf4267ada9e4000be09b886106a0fee5ca7237d..831d60c44cd141428e540053d6b71277d79f1373 100644 (file)
--- a/src/fuzzy_storage.c
+++ b/src/fuzzy_storage.c
@@ -937,30 +937,6 @@ sync_callback (gint fd, short what, void *arg)
        rspamd_mutex_unlock (ctx->update_mtx);
 }
 
-static gboolean
-parse_fuzzy_update_list (struct rspamd_fuzzy_storage_ctx *ctx)
-{
-       gchar                           **strvec, **cur;
-       struct in_addr                   ina;
-       guint32                           mask;
-
-       strvec = g_strsplit_set (ctx->update_map, ",", 0);
-       cur = strvec;
-
-       while (*cur != NULL) {
-               /* XXX: handle only ipv4 addresses */
-               if (parse_ipmask_v4 (*cur, &ina, &mask)) {
-                       if (ctx->update_ips == NULL) {
-                               ctx->update_ips = radix_tree_create ();
-                       }
-                       radix32tree_add (ctx->update_ips, htonl (ina.s_addr), mask, 1);
-               }
-               cur ++;
-       }
-
-       return (ctx->update_ips != NULL);
-}
-
 gpointer
 init_fuzzy (struct config_file *cfg)
 {
@@ -1070,7 +1046,7 @@ start_fuzzy (struct rspamd_worker *worker)
        if (ctx->update_map != NULL) {
                if (!add_map (worker->srv->cfg, ctx->update_map, "Allow fuzzy updates from specified addresses",
                                read_radix_list, fin_radix_list, (void **)&ctx->update_ips)) {
-                       if (!parse_fuzzy_update_list (ctx)) {
+                       if (!rspamd_parse_ip_list (ctx->update_map, &ctx->update_ips)) {
                                msg_warn ("cannot load or parse ip list from '%s'", ctx->update_map);
                        }
                }

diff --git a/src/webui.c b/src/webui.c
index 1043fadbef4872a34d926ab2408cbab00ba8a99b..2fcfea9a78bde1f26224e3fa40cb36f430a56982 100644 (file)
--- a/src/webui.c
+++ b/src/webui.c
@@ -107,6 +107,9 @@ struct rspamd_webui_worker_ctx {
        gchar *ssl_cert;
        /* SSL private key */
        gchar *ssl_key;
+       /* A map of secure IP */
+       gchar *secure_ip;
+       radix_tree_t *secure_map;
        /* Worker */
        struct rspamd_worker *worker;
 };
@@ -1774,6 +1777,10 @@ init_webui_worker (struct config_file *cfg)
                        rspamd_rcl_parse_struct_time, ctx,
                        G_STRUCT_OFFSET (struct rspamd_webui_worker_ctx, timeout), RSPAMD_CL_FLAG_TIME_INTEGER);
 
+       rspamd_rcl_register_worker_option (cfg, type, "secure_ip",
+                       rspamd_rcl_parse_struct_string, ctx,
+                       G_STRUCT_OFFSET (struct rspamd_webui_worker_ctx, secure_ip), 0);
+
        return ctx;
 }
 
@@ -1802,7 +1809,14 @@ start_webui_worker (struct rspamd_worker *worker)
        ctx->worker = worker;
        ctx->cfg = worker->srv->cfg;
        ctx->srv = worker->srv;
-
+       if (ctx->secure_ip != NULL) {
+               if (!add_map (worker->srv->cfg, ctx->secure_ip, "Allow webui access from the specified IP",
+                               read_radix_list, fin_radix_list, (void **)&ctx->secure_map)) {
+                       if (!rspamd_parse_ip_list (ctx->secure_ip, &ctx->secure_map)) {
+                               msg_warn ("cannot load or parse ip list from '%s'", ctx->secure_ip);
+                       }
+               }
+       }
        /* Accept event */
        ctx->http = rspamd_http_router_new (rspamd_webui_error_handler,
                        rspamd_webui_finish_handler, &ctx->io_tv, ctx->ev_base);