From 087dcad963c1e39f9cbeb7d6d166de33eccf62ce Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Fri, 10 Mar 2017 15:19:32 +0000 Subject: [Fix] Do not use local_addrs in proxy --- src/libutil/addr.c | 5 +++-- src/libutil/addr.h | 3 ++- src/lua/lua_ip.c | 9 ++++++++- src/plugins/dkim_check.c | 3 ++- src/plugins/spf.c | 3 ++- src/rspamd_proxy.c | 5 +++-- 6 files changed, 20 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/src/libutil/addr.c b/src/libutil/addr.c index 27ccbc4db..463706aea 100644 --- a/src/libutil/addr.c +++ b/src/libutil/addr.c @@ -1664,7 +1664,8 @@ rspamd_inet_address_equal (gconstpointer a, gconstpointer b) #endif gboolean -rspamd_inet_address_is_local (const rspamd_inet_addr_t *addr) +rspamd_inet_address_is_local (const rspamd_inet_addr_t *addr, + gboolean check_laddrs) { if (addr == NULL) { return FALSE; @@ -1689,7 +1690,7 @@ rspamd_inet_address_is_local (const rspamd_inet_addr_t *addr) } } - if (local_addrs) { + if (check_laddrs && local_addrs) { if (radix_find_compressed_addr (local_addrs, addr) != RADIX_NO_VALUE) { return TRUE; } diff --git a/src/libutil/addr.h b/src/libutil/addr.h index 2d31e4f23..a50786adc 100644 --- a/src/libutil/addr.h +++ b/src/libutil/addr.h @@ -274,7 +274,8 @@ gboolean rspamd_inet_address_equal (gconstpointer a, gconstpointer b); /** * Returns TRUE if an address belongs to some local address */ -gboolean rspamd_inet_address_is_local (const rspamd_inet_addr_t *addr); +gboolean rspamd_inet_address_is_local (const rspamd_inet_addr_t *addr, + gboolean check_laddrs); /** * Returns size of storage required to store a complete IP address diff --git a/src/lua/lua_ip.c b/src/lua/lua_ip.c index 0086e2b7a..6499a657d 100644 --- a/src/lua/lua_ip.c +++ b/src/lua/lua_ip.c @@ -496,9 +496,16 @@ static gint lua_ip_is_local (lua_State *L) { struct rspamd_lua_ip *ip = lua_check_ip (L, 1); + gboolean check_laddrs = TRUE; if (ip && ip->addr) { - lua_pushboolean (L, rspamd_inet_address_is_local (ip->addr)); + + if (lua_type (L, 2) == LUA_TBOOLEAN) { + check_laddrs = lua_toboolean (L, 2); + } + + lua_pushboolean (L, rspamd_inet_address_is_local (ip->addr, + check_laddrs)); } else { lua_pushnil (L); diff --git a/src/plugins/dkim_check.c b/src/plugins/dkim_check.c index 11d6f2c9a..808b19f17 100644 --- a/src/plugins/dkim_check.c +++ b/src/plugins/dkim_check.c @@ -858,7 +858,8 @@ dkim_symbol_callback (struct rspamd_task *task, void *unused) /* First check if plugin should be enabled */ if ((!dkim_module_ctx->check_authed && task->user != NULL) - || (!dkim_module_ctx->check_local && rspamd_inet_address_is_local (task->from_addr))) { + || (!dkim_module_ctx->check_local && + rspamd_inet_address_is_local (task->from_addr, TRUE))) { msg_info_task ("skip DKIM checks for local networks and authorized users"); return; } diff --git a/src/plugins/spf.c b/src/plugins/spf.c index a3103d699..aa63c8018 100644 --- a/src/plugins/spf.c +++ b/src/plugins/spf.c @@ -557,7 +557,8 @@ spf_symbol_callback (struct rspamd_task *task, void *unused) } if ((!spf_module_ctx->check_authed && task->user != NULL) - || (!spf_module_ctx->check_local && rspamd_inet_address_is_local (task->from_addr))) { + || (!spf_module_ctx->check_local && + rspamd_inet_address_is_local (task->from_addr, TRUE))) { msg_info_task ("skip SPF checks for local networks and authorized users"); return; } diff --git a/src/rspamd_proxy.c b/src/rspamd_proxy.c index ea8964d85..8be244229 100644 --- a/src/rspamd_proxy.c +++ b/src/rspamd_proxy.c @@ -1074,7 +1074,8 @@ proxy_open_mirror_connections (struct rspamd_proxy_session *session) } if (m->local || - rspamd_inet_address_is_local (rspamd_upstream_addr (bk_conn->up))) { + rspamd_inet_address_is_local ( + rspamd_upstream_addr (bk_conn->up), FALSE)) { if (session->fname) { rspamd_http_message_add_header (msg, "File", session->fname); @@ -1278,7 +1279,7 @@ retry: if (backend->local || rspamd_inet_address_is_local ( - rspamd_upstream_addr (session->master_conn->up))) { + rspamd_upstream_addr (session->master_conn->up), FALSE)) { if (session->fname) { rspamd_http_message_add_header (msg, "File", session->fname); -- cgit v1.2.3