Merge pull request #235 from fatalbanana/rspamd-0.8

Add IPv6 loopback to secure_ip setting

conf/worker-controller.inc

@@ -4,4 +4,5 @@ type = "controller";
 count = 1;
 password = "q1";
 secure_ip = "127.0.0.1";
+secure_ip = "::1";
 static_dir = "${WWWDIR}";

src/controller.c

@@ -106,7 +106,7 @@ struct rspamd_controller_worker_ctx {
 	/* SSL private key */
 	gchar *ssl_key;
 	/* A map of secure IP */
-	gchar *secure_ip;
+	GList *secure_ip;
 	radix_compressed_t *secure_map;
 
 	/* Static files dir */
@@ -1602,7 +1602,7 @@ init_controller_worker (struct rspamd_config *cfg)
 		timeout), RSPAMD_CL_FLAG_TIME_INTEGER);
 
 	rspamd_rcl_register_worker_option (cfg, type, "secure_ip",
-		rspamd_rcl_parse_struct_string, ctx,
+		rspamd_rcl_parse_struct_string_list, ctx,
 		G_STRUCT_OFFSET (struct rspamd_controller_worker_ctx, secure_ip), 0);
 
 	rspamd_rcl_register_worker_option (cfg, type, "static_dir",
@@ -1625,7 +1625,8 @@ start_controller_worker (struct rspamd_worker *worker)
 	struct module_ctx *mctx;
 	GHashTableIter iter;
 	gpointer key, value;
-
+	struct rspamd_keypair_cache *cache;
+	GList *secure_ip;
 
 	ctx->ev_base = rspamd_prepare_worker (worker,
 			"controller",
@@ -1639,14 +1640,23 @@ start_controller_worker (struct rspamd_worker *worker)
 	ctx->custom_commands = g_hash_table_new (rspamd_strcase_hash,
 			rspamd_strcase_equal);
 	if (ctx->secure_ip != NULL) {
-		if (!rspamd_map_add (worker->srv->cfg, ctx->secure_ip,
-			"Allow webui access from the specified IP",
-			rspamd_radix_read, rspamd_radix_fin, (void **)&ctx->secure_map)) {
-			if (!radix_add_generic_iplist (ctx->secure_ip,
-				&ctx->secure_map)) {
-				msg_warn ("cannot load or parse ip list from '%s'",
-					ctx->secure_ip);
+		cur = ctx->secure_ip;
+
+		while (cur) {
+			secure_ip = cur->data;
+
+			/* Try map syntax */
+			if (!rspamd_map_add (worker->srv->cfg, secure_ip,
+					"Allow webui access from the specified IP",
+					rspamd_radix_read, rspamd_radix_fin, (void **)&ctx->secure_map)) {
+				/* Fallback to the plain IP */
+				if (!radix_add_generic_iplist (secure_ip,
+						&ctx->secure_map)) {
+					msg_warn ("cannot load or parse ip list from '%s'",
+							secure_ip);
+				}
 			}
+			cur = g_list_next (cur);
 		}
 	}
 	/* Accept event */

src/libserver/cfg_rcl.c

@@ -1845,20 +1845,13 @@ rspamd_rcl_parse_struct_string_list (struct rspamd_config *cfg,
 
 	target = (GList **)(((gchar *)pd->user_struct) + pd->offset);
 
-	if (obj->type != UCL_ARRAY) {
-		g_set_error (err,
-			CFG_RCL_ERROR,
-			EINVAL,
-			"an array of strings is expected");
-		return FALSE;
-	}
+	iter = ucl_object_iterate_new (obj);
 
-	while ((cur = ucl_iterate_object (obj, &iter, true)) != NULL) {
+	while ((cur = ucl_object_iterate_safe (iter, true)) != NULL) {
 		switch (cur->type) {
 		case UCL_STRING:
-			val =
-				rspamd_mempool_strdup (cfg->cfg_pool,
-					ucl_copy_value_trash (cur));
+			val = rspamd_mempool_strdup (cfg->cfg_pool,
+							ucl_copy_value_trash (cur));
 			break;
 		case UCL_INT:
 			val = rspamd_mempool_alloc (cfg->cfg_pool, num_str_len);
@@ -1874,14 +1867,22 @@ rspamd_rcl_parse_struct_string_list (struct rspamd_config *cfg,
 			break;
 		default:
 			g_set_error (err,
-				CFG_RCL_ERROR,
-				EINVAL,
-				"cannot convert an object or array to string");
+					CFG_RCL_ERROR,
+					EINVAL,
+					"cannot convert an object or array to string");
 			return FALSE;
 		}
 		*target = g_list_prepend (*target, val);
 	}
 
+	if (*target == NULL) {
+		g_set_error (err,
+			CFG_RCL_ERROR,
+			EINVAL,
+			"an array of strings is expected");
+		return FALSE;
+	}
+
 	/* Add a destructor */
 	rspamd_mempool_add_destructor (cfg->cfg_pool,
 		(rspamd_mempool_destruct_t)g_list_free,