From 944fef7b04f67ef18c445d4c825a39952f7d8e73 Mon Sep 17 00:00:00 2001 From: OpenGnSys Support Team Date: Tue, 14 Nov 2023 11:11:02 +0100 Subject: core: restrict rest API to 127.0.0.1 Until there is TLS support for this, frontend and ogserver needs to be in the same box by now. --- src/core.c | 10 ++++++++-- src/core.h | 2 +- src/main.c | 4 ++-- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/src/core.c b/src/core.c index 05e3bc1..4855f42 100644 --- a/src/core.c +++ b/src/core.c @@ -399,11 +399,17 @@ void og_server_accept_cb(struct ev_loop *loop, struct ev_io *io, int events) og_agent_send_refresh(cli); } -int og_socket_server_init(const char *port) +int og_socket_server_init(const char *addr, const char *port) { struct sockaddr_in local; + uint32_t s_addr; int sd, on = 1; + if (!inet_pton(AF_INET, addr, &s_addr)) { + syslog(LOG_ERR, "listener address `%s' not valid\n", addr); + return -1; + } + sd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if (sd < 0) { syslog(LOG_ERR, "cannot create main socket\n"); @@ -411,7 +417,7 @@ int og_socket_server_init(const char *port) } setsockopt(sd, SOL_SOCKET, SO_REUSEPORT, &on, sizeof(int)); - local.sin_addr.s_addr = htonl(INADDR_ANY); + local.sin_addr.s_addr = s_addr; local.sin_family = AF_INET; local.sin_port = htons(atoi(port)); diff --git a/src/core.h b/src/core.h index 49a646a..420ae31 100644 --- a/src/core.h +++ b/src/core.h @@ -5,7 +5,7 @@ extern int socket_rest, socket_agent_rest; extern struct ev_loop *og_loop; extern time_t start_time; -int og_socket_server_init(const char *port); +int og_socket_server_init(const char *addr, const char *port); void og_server_accept_cb(struct ev_loop *loop, struct ev_io *io, int events); #endif diff --git a/src/main.c b/src/main.c index d8453de..8b043f7 100644 --- a/src/main.c +++ b/src/main.c @@ -74,7 +74,7 @@ int main(int argc, char *argv[]) if (parse_json_config(config_file, &ogconfig) < 0) return EXIT_FAILURE; - socket_rest = og_socket_server_init(ogconfig.rest.port); + socket_rest = og_socket_server_init("127.0.0.1", ogconfig.rest.port); if (socket_rest < 0) { syslog(LOG_ERR, "Cannot open REST API server socket\n"); exit(EXIT_FAILURE); @@ -83,7 +83,7 @@ int main(int argc, char *argv[]) ev_io_init(&ev_io_server_rest, og_server_accept_cb, socket_rest, EV_READ); ev_io_start(og_loop, &ev_io_server_rest); - socket_agent_rest = og_socket_server_init("8889"); + socket_agent_rest = og_socket_server_init("0.0.0.0", "8889"); if (socket_agent_rest < 0) { syslog(LOG_ERR, "Cannot open ogClient server socket\n"); exit(EXIT_FAILURE); -- cgit v1.2.3-18-g5258