core: restrict rest API to 127.0.0.1

Until there is TLS support for this, frontend and ogserver needs to be in the same box by now.
author: OpenGnSys Support Team <soporte-og@soleta.eu> 2023-11-14 11:11:02 +0100
committer: OpenGnSys Support Team <soporte-og@soleta.eu> 2023-11-14 11:25:42 +0100
commit: 944fef7b04f67ef18c445d4c825a39952f7d8e73 (patch)
tree: 1da7d37025b0be7d98e39c31d6a3102bec9b8f48 /src
parent: 485bf92216b7f3235f4e57dee5ac586beb60a090 (diff)
3 files changed, 11 insertions, 5 deletions
diff --git a/src/core.c b/src/core.c
index 05e3bc1..4855f42 100644
--- a/src/core.c
+++ b/src/core.c
@@ -399,11 +399,17 @@ void og_server_accept_cb(struct ev_loop *loop, struct ev_io *io, int events)
 		og_agent_send_refresh(cli);
 }
 
-int og_socket_server_init(const char *port)
+int og_socket_server_init(const char *addr, const char *port)
 {
 	struct sockaddr_in local;
+	uint32_t s_addr;
 	int sd, on = 1;
 
+	if (!inet_pton(AF_INET, addr, &s_addr)) {
+		syslog(LOG_ERR, "listener address `%s' not valid\n", addr);
+		return -1;
+	}
+
 	sd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
 	if (sd < 0) {
 		syslog(LOG_ERR, "cannot create main socket\n");
@@ -411,7 +417,7 @@ int og_socket_server_init(const char *port)
 	}
 	setsockopt(sd, SOL_SOCKET, SO_REUSEPORT, &on, sizeof(int));
 
-	local.sin_addr.s_addr = htonl(INADDR_ANY);
+	local.sin_addr.s_addr = s_addr;
 	local.sin_family = AF_INET;
 	local.sin_port = htons(atoi(port));
 
diff --git a/src/core.h b/src/core.h
index 49a646a..420ae31 100644
--- a/src/core.h
+++ b/src/core.h
@@ -5,7 +5,7 @@ extern int socket_rest, socket_agent_rest;
 extern struct ev_loop *og_loop;
 extern time_t start_time;
 
-int og_socket_server_init(const char *port);
+int og_socket_server_init(const char *addr, const char *port);
 void og_server_accept_cb(struct ev_loop *loop, struct ev_io *io, int events);
 
 #endif
diff --git a/src/main.c b/src/main.c
index d8453de..8b043f7 100644
--- a/src/main.c
+++ b/src/main.c
@@ -74,7 +74,7 @@ int main(int argc, char *argv[])
 	if (parse_json_config(config_file, &ogconfig) < 0)
 		return EXIT_FAILURE;
 
-	socket_rest = og_socket_server_init(ogconfig.rest.port);
+	socket_rest = og_socket_server_init("127.0.0.1", ogconfig.rest.port);
 	if (socket_rest < 0) {
 		syslog(LOG_ERR, "Cannot open REST API server socket\n");
 		exit(EXIT_FAILURE);
@@ -83,7 +83,7 @@ int main(int argc, char *argv[])
 	ev_io_init(&ev_io_server_rest, og_server_accept_cb, socket_rest, EV_READ);
 	ev_io_start(og_loop, &ev_io_server_rest);
 
-	socket_agent_rest = og_socket_server_init("8889");
+	socket_agent_rest = og_socket_server_init("0.0.0.0", "8889");
 	if (socket_agent_rest < 0) {
 		syslog(LOG_ERR, "Cannot open ogClient server socket\n");
 		exit(EXIT_FAILURE);
author	OpenGnSys Support Team <soporte-og@soleta.eu>	2023-11-14 11:11:02 +0100
committer	OpenGnSys Support Team <soporte-og@soleta.eu>	2023-11-14 11:25:42 +0100
commit	944fef7b04f67ef18c445d4c825a39952f7d8e73 (patch)
tree	1da7d37025b0be7d98e39c31d6a3102bec9b8f48 /src
parent	485bf92216b7f3235f4e57dee5ac586beb60a090 (diff)