diff options
-rw-r--r-- | src/output/httpd_output_plugin.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/src/output/httpd_output_plugin.c b/src/output/httpd_output_plugin.c index d61570557..140ea7d82 100644 --- a/src/output/httpd_output_plugin.c +++ b/src/output/httpd_output_plugin.c @@ -41,6 +41,10 @@ #include <unistd.h> #include <errno.h> +#ifdef HAVE_LIBWRAP +#include <tcpd.h> +#endif + #undef G_LOG_DOMAIN #define G_LOG_DOMAIN "httpd_output" @@ -208,6 +212,30 @@ httpd_listen_in_event(G_GNUC_UNUSED GIOChannel *source, fd = accept_cloexec_nonblock(httpd->fd, (struct sockaddr*)&sa, &sa_length); +#ifdef HAVE_LIBWRAP + struct sockaddr *sa_p = (struct sockaddr *)&sa; + if (sa_p->sa_family != AF_UNIX) { + char *hostaddr = sockaddr_to_string(sa_p, sa_length, NULL); + const char *progname = g_get_prgname(); + + struct request_info req; + request_init(&req, RQ_FILE, fd, RQ_DAEMON, progname, 0); + + fromhost(&req); + + if (!hosts_access(&req)) { + /* tcp wrappers says no */ + g_warning("libwrap refused connection (libwrap=%s) from %s", + progname, hostaddr); + g_free(hostaddr); + close(fd); + g_mutex_unlock(httpd->mutex); + return true; + } + + g_free(hostaddr); + } +#endif /* HAVE_WRAP */ if (fd >= 0) { /* can we allow additional client */ if (httpd->open && |