Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Backports:SLE-15-SP1:Update
pdns-recursor
rec-acl-4.1.16.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File rec-acl-4.1.16.diff of Package pdns-recursor
diff --git a/sstuff.hh b/sstuff.hh index 707b1ad12..5ae66854e 100644 --- a/sstuff.hh +++ b/sstuff.hh @@ -111,7 +111,7 @@ public: } //! Check remote address against netmaskgroup ng - bool acl(NetmaskGroup &ng) + bool acl(const NetmaskGroup &ng) { ComboAddress remote; if (getRemote(remote)) diff --git a/webserver.cc b/webserver.cc index f1a95f4e2..5a7054bd7 100644 --- a/webserver.cc +++ b/webserver.cc @@ -344,16 +344,13 @@ void WebServer::go() if(!d_server) return; try { - NetmaskGroup acl; - acl.toMasks(::arg()["webserver-allow-from"]); - while(true) { try { auto client = d_server->accept(); if (!client) { continue; } - if (client->acl(acl)) { + if (client->acl(d_acl)) { std::thread webHandler(WebServerConnectionThreadStart, this, client); webHandler.detach(); } else { diff --git a/webserver.hh b/webserver.hh index b3ede8925..2de84fd25 100644 --- a/webserver.hh +++ b/webserver.hh @@ -139,6 +139,11 @@ class WebServer : public boost::noncopyable public: WebServer(const string &listenaddress, int port); virtual ~WebServer() { }; + + void setACL(const NetmaskGroup &nmg) { + d_acl = nmg; + } + void bind(); void go(); @@ -160,6 +165,8 @@ protected: int d_port; string d_password; std::shared_ptr<Server> d_server; + + NetmaskGroup d_acl; }; #endif /* WEBSERVER_HH */ diff --git a/ws-recursor.cc b/ws-recursor.cc index 0f71ee4f0..2393d754b 100644 --- a/ws-recursor.cc +++ b/ws-recursor.cc @@ -450,6 +450,11 @@ RecursorWebServer::RecursorWebServer(FDMultiplexer* fdm) registerAllStats(); d_ws = new AsyncWebServer(fdm, arg()["webserver-address"], arg().asNum("webserver-port")); + + NetmaskGroup acl; + acl.toMasks(::arg()["webserver-allow-from"]); + d_ws->setACL(acl); + d_ws->bind(); // legacy dispatch @@ -610,6 +615,10 @@ void AsyncServer::newConnection() // This is an entry point from FDM, so it needs to catch everything. void AsyncWebServer::serveConnection(std::shared_ptr<Socket> client) const try { + if (!client->acl(d_acl)) { + return; + } + HttpRequest req; YaHTTP::AsyncRequestLoader yarl; yarl.initialize(&req); diff --git a/ws-recursor.hh b/ws-recursor.hh index 9df3a81c7..13a3707a7 100644 --- a/ws-recursor.hh +++ b/ws-recursor.hh @@ -32,7 +32,10 @@ class HttpResponse; class AsyncServer : public Server { public: - AsyncServer(const string &localaddress, int port) : Server(localaddress, port) { }; + AsyncServer(const string &localaddress, int port) : Server(localaddress, port) + { + d_server_socket.setNonBlocking(); + }; friend void AsyncServerNewConnectionMT(void *p);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor