summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/cfg_file.h5
-rw-r--r--src/cfg_utils.c24
-rw-r--r--src/fuzzy_storage.c26
-rw-r--r--src/webui.c16
4 files changed, 45 insertions, 26 deletions
diff --git a/src/cfg_file.h b/src/cfg_file.h
index c1ebfd93c..f4bdb6ec5 100644
--- a/src/cfg_file.h
+++ b/src/cfg_file.h
@@ -506,6 +506,11 @@ gboolean check_classifier_statfiles (struct classifier_config *cf);
*/
struct classifier_config* find_classifier_conf (struct config_file *cfg, const gchar *name);
+/*
+ * Parse input `ip_list` to radix tree `tree`. Now supports only IPv4 addresses.
+ */
+gboolean rspamd_parse_ip_list (const gchar *ip_list, radix_tree_t **tree);
+
#endif /* ifdef CFG_FILE_H */
/*
* vi:ts=4
diff --git a/src/cfg_utils.c b/src/cfg_utils.c
index 020a70ae6..4bfbddb2e 100644
--- a/src/cfg_utils.c
+++ b/src/cfg_utils.c
@@ -1005,6 +1005,30 @@ rspamd_ucl_fin_cb (memory_pool_t * pool, struct map_cb_data *data)
}
}
+gboolean
+rspamd_parse_ip_list (const gchar *ip_list, radix_tree_t **tree)
+{
+ gchar **strvec, **cur;
+ struct in_addr ina;
+ guint32 mask;
+
+ strvec = g_strsplit_set (ip_list, ",", 0);
+ cur = strvec;
+
+ while (*cur != NULL) {
+ /* XXX: handle only ipv4 addresses */
+ if (parse_ipmask_v4 (*cur, &ina, &mask)) {
+ if (*tree == NULL) {
+ *tree = radix_tree_create ();
+ }
+ radix32tree_add (*tree, htonl (ina.s_addr), mask, 1);
+ }
+ cur ++;
+ }
+
+ return (*tree != NULL);
+}
+
/*
* vi:ts=4
*/
diff --git a/src/fuzzy_storage.c b/src/fuzzy_storage.c
index ecf4267ad..831d60c44 100644
--- a/src/fuzzy_storage.c
+++ b/src/fuzzy_storage.c
@@ -937,30 +937,6 @@ sync_callback (gint fd, short what, void *arg)
rspamd_mutex_unlock (ctx->update_mtx);
}
-static gboolean
-parse_fuzzy_update_list (struct rspamd_fuzzy_storage_ctx *ctx)
-{
- gchar **strvec, **cur;
- struct in_addr ina;
- guint32 mask;
-
- strvec = g_strsplit_set (ctx->update_map, ",", 0);
- cur = strvec;
-
- while (*cur != NULL) {
- /* XXX: handle only ipv4 addresses */
- if (parse_ipmask_v4 (*cur, &ina, &mask)) {
- if (ctx->update_ips == NULL) {
- ctx->update_ips = radix_tree_create ();
- }
- radix32tree_add (ctx->update_ips, htonl (ina.s_addr), mask, 1);
- }
- cur ++;
- }
-
- return (ctx->update_ips != NULL);
-}
-
gpointer
init_fuzzy (struct config_file *cfg)
{
@@ -1070,7 +1046,7 @@ start_fuzzy (struct rspamd_worker *worker)
if (ctx->update_map != NULL) {
if (!add_map (worker->srv->cfg, ctx->update_map, "Allow fuzzy updates from specified addresses",
read_radix_list, fin_radix_list, (void **)&ctx->update_ips)) {
- if (!parse_fuzzy_update_list (ctx)) {
+ if (!rspamd_parse_ip_list (ctx->update_map, &ctx->update_ips)) {
msg_warn ("cannot load or parse ip list from '%s'", ctx->update_map);
}
}
diff --git a/src/webui.c b/src/webui.c
index 1043fadbe..2fcfea9a7 100644
--- a/src/webui.c
+++ b/src/webui.c
@@ -107,6 +107,9 @@ struct rspamd_webui_worker_ctx {
gchar *ssl_cert;
/* SSL private key */
gchar *ssl_key;
+ /* A map of secure IP */
+ gchar *secure_ip;
+ radix_tree_t *secure_map;
/* Worker */
struct rspamd_worker *worker;
};
@@ -1774,6 +1777,10 @@ init_webui_worker (struct config_file *cfg)
rspamd_rcl_parse_struct_time, ctx,
G_STRUCT_OFFSET (struct rspamd_webui_worker_ctx, timeout), RSPAMD_CL_FLAG_TIME_INTEGER);
+ rspamd_rcl_register_worker_option (cfg, type, "secure_ip",
+ rspamd_rcl_parse_struct_string, ctx,
+ G_STRUCT_OFFSET (struct rspamd_webui_worker_ctx, secure_ip), 0);
+
return ctx;
}
@@ -1802,7 +1809,14 @@ start_webui_worker (struct rspamd_worker *worker)
ctx->worker = worker;
ctx->cfg = worker->srv->cfg;
ctx->srv = worker->srv;
-
+ if (ctx->secure_ip != NULL) {
+ if (!add_map (worker->srv->cfg, ctx->secure_ip, "Allow webui access from the specified IP",
+ read_radix_list, fin_radix_list, (void **)&ctx->secure_map)) {
+ if (!rspamd_parse_ip_list (ctx->secure_ip, &ctx->secure_map)) {
+ msg_warn ("cannot load or parse ip list from '%s'", ctx->secure_ip);
+ }
+ }
+ }
/* Accept event */
ctx->http = rspamd_http_router_new (rspamd_webui_error_handler,
rspamd_webui_finish_handler, &ctx->io_tv, ctx->ev_base);