diff options
author | Sergey Poznyakoff <gray@nxc.no> | 2017-08-17 16:28:26 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@nxc.no> | 2017-08-17 17:31:22 +0300 |
commit | 41249de4eba7c7ab53849e511f3a59733244de9e (patch) | |
tree | 56311e8632635e0fd9e968fc8ac2f9370bed370e | |
parent | f25c77a5f9af8e0c4eb40dfae1683f383104ed3a (diff) | |
download | nssync-41249de4eba7c7ab53849e511f3a59733244de9e.tar.gz nssync-41249de4eba7c7ab53849e511f3a59733244de9e.tar.bz2 |
Fix libwrap usage
* src/server.c (nssync_mhd_acl): Don't use fromhost, since we don't
have the connection descriptot. Instead set the socket methods explicitly
-rw-r--r-- | doc/nssync.texi | 28 | ||||
-rw-r--r-- | src/server.c | 5 |
2 files changed, 31 insertions, 2 deletions
diff --git a/doc/nssync.texi b/doc/nssync.texi index 22852c7..118b398 100644 --- a/doc/nssync.texi +++ b/doc/nssync.texi @@ -199,10 +199,12 @@ procedure. The wake-up interval is configured using the @samp{server.wakeup} statement (@pxref{server.wakeup}). Default value is 3600 (1 hour). +@cindex REST API The REST API provides a single endpoint: @samp{/nssync}. Two methods are supported: @table @asis +@cindex POST, REST API @item POST A @samp{POST} request to the URI @samp{/nssync} schedules the synchronization. The configuration statement @samp{server.delay} @@ -247,11 +249,37 @@ if the error is a general one. @end table @end table +@cindex GET, REST API @item GET Returns the status of the last synchronization. See above for the format. @end table +@cindex libwrap +@cindex TCP wrappers +@findex /etc/hosts.allow +@findex /etc/hosts.deny +Access to the HTTP socket is controlled by TCP wrappers library, with +server name @samp{nssync}. To make sure the socket is accessible only +from trusted IP addresses, add the following line to your +@file{/etc/hosts.allow} file: + +@example +nssync: @var{ip-list} +@end example + +@noindent +where @var{ip-list} is a whitespace-separated list of IP addresses. +Then add the following line to @file{/etc/hosts.deny} to make sure +nobody else has access to the interface: + +@example +nssync: ALL +@end example + +@xref{hosts_access, format of host access control files,,hosts_access(5), hosts_access(5) man page}, for a detailed discussion +of the host access control files. + In server mode, all diagnostics is reported via syslog. @node Configuration File diff --git a/src/server.c b/src/server.c index a0b0312..f0e6169 100644 --- a/src/server.c +++ b/src/server.c @@ -88,8 +88,9 @@ nssync_mhd_acl(void *cls, const struct sockaddr *addr, socklen_t addrlen) request_init(&req, RQ_DAEMON, "nssync", RQ_CLIENT_SIN, addr, + RQ_SERVER_SIN, cls, NULL); - fromhost(&req); + sock_methods(&req); return hosts_access(&req) ? MHD_YES : MHD_NO; } @@ -328,7 +329,7 @@ nssync_server(void) MHD_set_panic_func(nssync_mhd_panic, NULL); mhd = MHD_start_daemon(MHD_USE_INTERNAL_POLLING_THREAD | MHD_USE_ERROR_LOG, 0, - nssync_mhd_acl, NULL, + nssync_mhd_acl, server_addr, nssync_mhd_handler, NULL, MHD_OPTION_LISTEN_SOCKET, fd, MHD_OPTION_EXTERNAL_LOGGER, nssync_mhd_logger, NULL, |