diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-11-20 16:59:41 +0000 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-11-20 20:45:22 +0000 |
| commit | dc09c49cad817ea3ef9616a7e40f920aff63b1a7 (patch) | |
| tree | 6cced82647ca4077f7a53dd7c37fd065d9d5f133 | |
| parent | 647adeec7fedbac5c39731a67f2b284b2d93090c (diff) | |
| download | rspamd-dc09c49cad817ea3ef9616a7e40f920aff63b1a7.tar.gz rspamd-dc09c49cad817ea3ef9616a7e40f920aff63b1a7.zip | |
[Feature] Allow to require encryption when accepting connections
| -rw-r--r-- | src/worker.c | 29 | ||||
| -rw-r--r-- | src/worker_private.h | 8 |
2 files changed, 10 insertions, 27 deletions
diff --git a/src/worker.c b/src/worker.c index 544f05cbd..9778cee08 100644 --- a/src/worker.c +++ b/src/worker.c @@ -342,7 +342,7 @@ accept_socket (gint fd, short what, void *arg) struct rspamd_worker_ctx *ctx; struct rspamd_task *task; rspamd_inet_addr_t *addr; - gint nfd; + gint nfd, http_opts = 0; ctx = worker->ctx; @@ -386,10 +386,14 @@ accept_socket (gint fd, short what, void *arg) /* TODO: allow to disable autolearn in protocol */ task->flags |= RSPAMD_TASK_FLAG_LEARN_AUTO; + if (ctx->encrypted_only && !rspamd_inet_address_is_local (addr, FALSE)) { + http_opts = RSPAMD_HTTP_REQUIRE_ENCRYPTION; + } + task->http_conn = rspamd_http_connection_new (rspamd_worker_body_handler, rspamd_worker_error_handler, rspamd_worker_finish_handler, - 0, + http_opts, RSPAMD_HTTP_SERVER, ctx->keys_cache, NULL); @@ -547,30 +551,13 @@ init_worker (struct rspamd_config *cfg) rspamd_rcl_register_worker_option (cfg, type, - "http", + "encrypted_only", rspamd_rcl_parse_struct_boolean, ctx, - G_STRUCT_OFFSET (struct rspamd_worker_ctx, is_http), + G_STRUCT_OFFSET (struct rspamd_worker_ctx, encrypted_only), 0, "Deprecated: always true now"); - rspamd_rcl_register_worker_option (cfg, - type, - "json", - rspamd_rcl_parse_struct_boolean, - ctx, - G_STRUCT_OFFSET (struct rspamd_worker_ctx, is_json), - 0, - "Deprecated: always true now"); - - rspamd_rcl_register_worker_option (cfg, - type, - "allow_learn", - rspamd_rcl_parse_struct_boolean, - ctx, - G_STRUCT_OFFSET (struct rspamd_worker_ctx, allow_learn), - 0, - "Deprecated: disabled and forgotten"); rspamd_rcl_register_worker_option (cfg, type, diff --git a/src/worker_private.h b/src/worker_private.h index fe4a6c4b3..f07a95b41 100644 --- a/src/worker_private.h +++ b/src/worker_private.h @@ -40,12 +40,8 @@ struct rspamd_worker_ctx { struct timeval io_tv; /* Detect whether this worker is mime worker */ gboolean is_mime; - /* HTTP worker */ - gboolean is_http; - /* JSON output */ - gboolean is_json; - /* Allow learning through worker */ - gboolean allow_learn; + /* Allow encrypted requests only using network */ + gboolean encrypted_only; /* Limit of tasks */ guint32 max_tasks; /* Maximum time for task processing */ |