diff options
author | Sergey Poznyakoff <gray@nxc.no> | 2017-08-17 16:28:26 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@nxc.no> | 2017-08-17 17:31:22 +0300 |
commit | 41249de4eba7c7ab53849e511f3a59733244de9e (patch) | |
tree | 56311e8632635e0fd9e968fc8ac2f9370bed370e | |
parent | f25c77a5f9af8e0c4eb40dfae1683f383104ed3a (diff) | |
download | nssync-41249de4eba7c7ab53849e511f3a59733244de9e.tar.gz nssync-41249de4eba7c7ab53849e511f3a59733244de9e.tar.bz2 |
Fix libwrap usage
* src/server.c (nssync_mhd_acl): Don't use fromhost, since we don't
have the connection descriptot. Instead set the socket methods explicitly
-rw-r--r-- | doc/nssync.texi | 28 | ||||
-rw-r--r-- | src/server.c | 5 |
2 files changed, 31 insertions, 2 deletions
diff --git a/doc/nssync.texi b/doc/nssync.texi index 22852c7..118b398 100644 --- a/doc/nssync.texi +++ b/doc/nssync.texi | |||
@@ -199,10 +199,12 @@ procedure. The wake-up interval is configured using the | |||
199 | @samp{server.wakeup} statement (@pxref{server.wakeup}). Default value | 199 | @samp{server.wakeup} statement (@pxref{server.wakeup}). Default value |
200 | is 3600 (1 hour). | 200 | is 3600 (1 hour). |
201 | 201 | ||
202 | @cindex REST API | ||
202 | The REST API provides a single endpoint: @samp{/nssync}. Two methods | 203 | The REST API provides a single endpoint: @samp{/nssync}. Two methods |
203 | are supported: | 204 | are supported: |
204 | 205 | ||
205 | @table @asis | 206 | @table @asis |
207 | @cindex POST, REST API | ||
206 | @item POST | 208 | @item POST |
207 | A @samp{POST} request to the URI @samp{/nssync} schedules the | 209 | A @samp{POST} request to the URI @samp{/nssync} schedules the |
208 | synchronization. The configuration statement @samp{server.delay} | 210 | synchronization. The configuration statement @samp{server.delay} |
@@ -247,11 +249,37 @@ if the error is a general one. | |||
247 | @end table | 249 | @end table |
248 | @end table | 250 | @end table |
249 | 251 | ||
252 | @cindex GET, REST API | ||
250 | @item GET | 253 | @item GET |
251 | Returns the status of the last synchronization. See above for the | 254 | Returns the status of the last synchronization. See above for the |
252 | format. | 255 | format. |
253 | @end table | 256 | @end table |
254 | 257 | ||
258 | @cindex libwrap | ||
259 | @cindex TCP wrappers | ||
260 | @findex /etc/hosts.allow | ||
261 | @findex /etc/hosts.deny | ||
262 | Access to the HTTP socket is controlled by TCP wrappers library, with | ||
263 | server name @samp{nssync}. To make sure the socket is accessible only | ||
264 | from trusted IP addresses, add the following line to your | ||
265 | @file{/etc/hosts.allow} file: | ||
266 | |||
267 | @example | ||
268 | nssync: @var{ip-list} | ||
269 | @end example | ||
270 | |||
271 | @noindent | ||
272 | where @var{ip-list} is a whitespace-separated list of IP addresses. | ||
273 | Then add the following line to @file{/etc/hosts.deny} to make sure | ||
274 | nobody else has access to the interface: | ||
275 | |||
276 | @example | ||
277 | nssync: ALL | ||
278 | @end example | ||
279 | |||
280 | @xref{hosts_access, format of host access control files,,hosts_access(5), hosts_access(5) man page}, for a detailed discussion | ||
281 | of the host access control files. | ||
282 | |||
255 | In server mode, all diagnostics is reported via syslog. | 283 | In server mode, all diagnostics is reported via syslog. |
256 | 284 | ||
257 | @node Configuration File | 285 | @node Configuration File |
diff --git a/src/server.c b/src/server.c index a0b0312..f0e6169 100644 --- a/src/server.c +++ b/src/server.c | |||
@@ -88,8 +88,9 @@ nssync_mhd_acl(void *cls, const struct sockaddr *addr, socklen_t addrlen) | |||
88 | request_init(&req, | 88 | request_init(&req, |
89 | RQ_DAEMON, "nssync", | 89 | RQ_DAEMON, "nssync", |
90 | RQ_CLIENT_SIN, addr, | 90 | RQ_CLIENT_SIN, addr, |
91 | RQ_SERVER_SIN, cls, | ||
91 | NULL); | 92 | NULL); |
92 | fromhost(&req); | 93 | sock_methods(&req); |
93 | return hosts_access(&req) ? MHD_YES : MHD_NO; | 94 | return hosts_access(&req) ? MHD_YES : MHD_NO; |
94 | } | 95 | } |
95 | 96 | ||
@@ -328,7 +329,7 @@ nssync_server(void) | |||
328 | MHD_set_panic_func(nssync_mhd_panic, NULL); | 329 | MHD_set_panic_func(nssync_mhd_panic, NULL); |
329 | mhd = MHD_start_daemon(MHD_USE_INTERNAL_POLLING_THREAD | 330 | mhd = MHD_start_daemon(MHD_USE_INTERNAL_POLLING_THREAD |
330 | | MHD_USE_ERROR_LOG, 0, | 331 | | MHD_USE_ERROR_LOG, 0, |
331 | nssync_mhd_acl, NULL, | 332 | nssync_mhd_acl, server_addr, |
332 | nssync_mhd_handler, NULL, | 333 | nssync_mhd_handler, NULL, |
333 | MHD_OPTION_LISTEN_SOCKET, fd, | 334 | MHD_OPTION_LISTEN_SOCKET, fd, |
334 | MHD_OPTION_EXTERNAL_LOGGER, nssync_mhd_logger, NULL, | 335 | MHD_OPTION_EXTERNAL_LOGGER, nssync_mhd_logger, NULL, |