diff options
-rw-r--r-- | src/cfg_file.h | 5 | ||||
-rw-r--r-- | src/cfg_utils.c | 24 | ||||
-rw-r--r-- | src/fuzzy_storage.c | 26 | ||||
-rw-r--r-- | src/webui.c | 16 |
4 files changed, 45 insertions, 26 deletions
diff --git a/src/cfg_file.h b/src/cfg_file.h index c1ebfd93c..f4bdb6ec5 100644 --- a/src/cfg_file.h +++ b/src/cfg_file.h @@ -506,6 +506,11 @@ gboolean check_classifier_statfiles (struct classifier_config *cf); */ struct classifier_config* find_classifier_conf (struct config_file *cfg, const gchar *name); +/* + * Parse input `ip_list` to radix tree `tree`. Now supports only IPv4 addresses. + */ +gboolean rspamd_parse_ip_list (const gchar *ip_list, radix_tree_t **tree); + #endif /* ifdef CFG_FILE_H */ /* * vi:ts=4 diff --git a/src/cfg_utils.c b/src/cfg_utils.c index 020a70ae6..4bfbddb2e 100644 --- a/src/cfg_utils.c +++ b/src/cfg_utils.c @@ -1005,6 +1005,30 @@ rspamd_ucl_fin_cb (memory_pool_t * pool, struct map_cb_data *data) } } +gboolean +rspamd_parse_ip_list (const gchar *ip_list, radix_tree_t **tree) +{ + gchar **strvec, **cur; + struct in_addr ina; + guint32 mask; + + strvec = g_strsplit_set (ip_list, ",", 0); + cur = strvec; + + while (*cur != NULL) { + /* XXX: handle only ipv4 addresses */ + if (parse_ipmask_v4 (*cur, &ina, &mask)) { + if (*tree == NULL) { + *tree = radix_tree_create (); + } + radix32tree_add (*tree, htonl (ina.s_addr), mask, 1); + } + cur ++; + } + + return (*tree != NULL); +} + /* * vi:ts=4 */ diff --git a/src/fuzzy_storage.c b/src/fuzzy_storage.c index ecf4267ad..831d60c44 100644 --- a/src/fuzzy_storage.c +++ b/src/fuzzy_storage.c @@ -937,30 +937,6 @@ sync_callback (gint fd, short what, void *arg) rspamd_mutex_unlock (ctx->update_mtx); } -static gboolean -parse_fuzzy_update_list (struct rspamd_fuzzy_storage_ctx *ctx) -{ - gchar **strvec, **cur; - struct in_addr ina; - guint32 mask; - - strvec = g_strsplit_set (ctx->update_map, ",", 0); - cur = strvec; - - while (*cur != NULL) { - /* XXX: handle only ipv4 addresses */ - if (parse_ipmask_v4 (*cur, &ina, &mask)) { - if (ctx->update_ips == NULL) { - ctx->update_ips = radix_tree_create (); - } - radix32tree_add (ctx->update_ips, htonl (ina.s_addr), mask, 1); - } - cur ++; - } - - return (ctx->update_ips != NULL); -} - gpointer init_fuzzy (struct config_file *cfg) { @@ -1070,7 +1046,7 @@ start_fuzzy (struct rspamd_worker *worker) if (ctx->update_map != NULL) { if (!add_map (worker->srv->cfg, ctx->update_map, "Allow fuzzy updates from specified addresses", read_radix_list, fin_radix_list, (void **)&ctx->update_ips)) { - if (!parse_fuzzy_update_list (ctx)) { + if (!rspamd_parse_ip_list (ctx->update_map, &ctx->update_ips)) { msg_warn ("cannot load or parse ip list from '%s'", ctx->update_map); } } diff --git a/src/webui.c b/src/webui.c index 1043fadbe..2fcfea9a7 100644 --- a/src/webui.c +++ b/src/webui.c @@ -107,6 +107,9 @@ struct rspamd_webui_worker_ctx { gchar *ssl_cert; /* SSL private key */ gchar *ssl_key; + /* A map of secure IP */ + gchar *secure_ip; + radix_tree_t *secure_map; /* Worker */ struct rspamd_worker *worker; }; @@ -1774,6 +1777,10 @@ init_webui_worker (struct config_file *cfg) rspamd_rcl_parse_struct_time, ctx, G_STRUCT_OFFSET (struct rspamd_webui_worker_ctx, timeout), RSPAMD_CL_FLAG_TIME_INTEGER); + rspamd_rcl_register_worker_option (cfg, type, "secure_ip", + rspamd_rcl_parse_struct_string, ctx, + G_STRUCT_OFFSET (struct rspamd_webui_worker_ctx, secure_ip), 0); + return ctx; } @@ -1802,7 +1809,14 @@ start_webui_worker (struct rspamd_worker *worker) ctx->worker = worker; ctx->cfg = worker->srv->cfg; ctx->srv = worker->srv; - + if (ctx->secure_ip != NULL) { + if (!add_map (worker->srv->cfg, ctx->secure_ip, "Allow webui access from the specified IP", + read_radix_list, fin_radix_list, (void **)&ctx->secure_map)) { + if (!rspamd_parse_ip_list (ctx->secure_ip, &ctx->secure_map)) { + msg_warn ("cannot load or parse ip list from '%s'", ctx->secure_ip); + } + } + } /* Accept event */ ctx->http = rspamd_http_router_new (rspamd_webui_error_handler, rspamd_webui_finish_handler, &ctx->io_tv, ctx->ev_base); |