diff options
author | Sergey Poznyakoff <gray@nxc.no> | 2017-08-17 16:28:26 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@nxc.no> | 2017-08-17 17:31:22 +0300 |
commit | 41249de4eba7c7ab53849e511f3a59733244de9e (patch) | |
tree | 56311e8632635e0fd9e968fc8ac2f9370bed370e | |
parent | f25c77a5f9af8e0c4eb40dfae1683f383104ed3a (diff) | |
download | nssync-41249de4eba7c7ab53849e511f3a59733244de9e.tar.gz nssync-41249de4eba7c7ab53849e511f3a59733244de9e.tar.bz2 |
Fix libwrap usage
* src/server.c (nssync_mhd_acl): Don't use fromhost, since we don't
have the connection descriptot. Instead set the socket methods explicitly
-rw-r--r-- | doc/nssync.texi | 28 | ||||
-rw-r--r-- | src/server.c | 5 |
2 files changed, 31 insertions, 2 deletions
diff --git a/doc/nssync.texi b/doc/nssync.texi index 22852c7..118b398 100644 --- a/doc/nssync.texi +++ b/doc/nssync.texi @@ -201,2 +201,3 @@ is 3600 (1 hour). +@cindex REST API The REST API provides a single endpoint: @samp{/nssync}. Two methods @@ -205,2 +206,3 @@ are supported: @table @asis +@cindex POST, REST API @item POST @@ -249,2 +251,3 @@ if the error is a general one. +@cindex GET, REST API @item GET @@ -254,2 +257,27 @@ format. +@cindex libwrap +@cindex TCP wrappers +@findex /etc/hosts.allow +@findex /etc/hosts.deny +Access to the HTTP socket is controlled by TCP wrappers library, with +server name @samp{nssync}. To make sure the socket is accessible only +from trusted IP addresses, add the following line to your +@file{/etc/hosts.allow} file: + +@example +nssync: @var{ip-list} +@end example + +@noindent +where @var{ip-list} is a whitespace-separated list of IP addresses. +Then add the following line to @file{/etc/hosts.deny} to make sure +nobody else has access to the interface: + +@example +nssync: ALL +@end example + +@xref{hosts_access, format of host access control files,,hosts_access(5), hosts_access(5) man page}, for a detailed discussion +of the host access control files. + In server mode, all diagnostics is reported via syslog. diff --git a/src/server.c b/src/server.c index a0b0312..f0e6169 100644 --- a/src/server.c +++ b/src/server.c @@ -90,4 +90,5 @@ nssync_mhd_acl(void *cls, const struct sockaddr *addr, socklen_t addrlen) RQ_CLIENT_SIN, addr, + RQ_SERVER_SIN, cls, NULL); - fromhost(&req); + sock_methods(&req); return hosts_access(&req) ? MHD_YES : MHD_NO; @@ -330,3 +331,3 @@ nssync_server(void) | MHD_USE_ERROR_LOG, 0, - nssync_mhd_acl, NULL, + nssync_mhd_acl, server_addr, nssync_mhd_handler, NULL, |