aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@nxc.no>2017-08-17 16:28:26 +0300
committerSergey Poznyakoff <gray@nxc.no>2017-08-17 17:31:22 +0300
commit41249de4eba7c7ab53849e511f3a59733244de9e (patch)
tree56311e8632635e0fd9e968fc8ac2f9370bed370e
parentf25c77a5f9af8e0c4eb40dfae1683f383104ed3a (diff)
downloadnssync-41249de4eba7c7ab53849e511f3a59733244de9e.tar.gz
nssync-41249de4eba7c7ab53849e511f3a59733244de9e.tar.bz2
Fix libwrap usage
* src/server.c (nssync_mhd_acl): Don't use fromhost, since we don't have the connection descriptot. Instead set the socket methods explicitly
-rw-r--r--doc/nssync.texi28
-rw-r--r--src/server.c5
2 files changed, 31 insertions, 2 deletions
diff --git a/doc/nssync.texi b/doc/nssync.texi
index 22852c7..118b398 100644
--- a/doc/nssync.texi
+++ b/doc/nssync.texi
@@ -201,2 +201,3 @@ is 3600 (1 hour).
+@cindex REST API
The REST API provides a single endpoint: @samp{/nssync}. Two methods
@@ -205,2 +206,3 @@ are supported:
@table @asis
+@cindex POST, REST API
@item POST
@@ -249,2 +251,3 @@ if the error is a general one.
+@cindex GET, REST API
@item GET
@@ -254,2 +257,27 @@ format.
+@cindex libwrap
+@cindex TCP wrappers
+@findex /etc/hosts.allow
+@findex /etc/hosts.deny
+Access to the HTTP socket is controlled by TCP wrappers library, with
+server name @samp{nssync}. To make sure the socket is accessible only
+from trusted IP addresses, add the following line to your
+@file{/etc/hosts.allow} file:
+
+@example
+nssync: @var{ip-list}
+@end example
+
+@noindent
+where @var{ip-list} is a whitespace-separated list of IP addresses.
+Then add the following line to @file{/etc/hosts.deny} to make sure
+nobody else has access to the interface:
+
+@example
+nssync: ALL
+@end example
+
+@xref{hosts_access, format of host access control files,,hosts_access(5), hosts_access(5) man page}, for a detailed discussion
+of the host access control files.
+
In server mode, all diagnostics is reported via syslog.
diff --git a/src/server.c b/src/server.c
index a0b0312..f0e6169 100644
--- a/src/server.c
+++ b/src/server.c
@@ -90,4 +90,5 @@ nssync_mhd_acl(void *cls, const struct sockaddr *addr, socklen_t addrlen)
RQ_CLIENT_SIN, addr,
+ RQ_SERVER_SIN, cls,
NULL);
- fromhost(&req);
+ sock_methods(&req);
return hosts_access(&req) ? MHD_YES : MHD_NO;
@@ -330,3 +331,3 @@ nssync_server(void)
| MHD_USE_ERROR_LOG, 0,
- nssync_mhd_acl, NULL,
+ nssync_mhd_acl, server_addr,
nssync_mhd_handler, NULL,

Return to:

Send suggestions and report system problems to the System administrator.