Chapril/xmpp.chapril.org-ejabberd
24
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-06-18 22:15:20 +02:00
Code Releases Activity

Make trusted_proxied ejabberd_http option accept ip masks

Browse Source
This commit is contained in:
Paweł Chmielowski 2018-05-04 09:53:07 +02:00
parent ca94cbfd31
commit b1a03cc346
1 changed files with 22 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/ejabberd_http.erl
View File

@ -519,9 +519,21 @@ analyze_ip_xff({IPLast, Port}, XFF, Host) ->
end, end,
{IPClient, Port}. {IPClient, Port}.
is_ipchain_trusted([], _) -> false;
is_ipchain_trusted(_UserIPs, all) -> true; is_ipchain_trusted(_UserIPs, all) -> true;
is_ipchain_trusted(UserIPs, TrustedIPs) -> is_ipchain_trusted(UserIPs, Masks) ->
[] == UserIPs -- [<<"127.0.0.1">> | TrustedIPs]. lists:all(
fun(IP) ->
case inet:parse_address(binary_to_list(IP)) of
{ok, IP2} ->
lists:any(
fun({Mask, MaskLen}) ->
acl:ip_matches_mask(IP2, Mask, MaskLen)
end, [{{127,0,0,1}, 8} | Masks]);
_ ->
false
end
end, UserIPs).
recv_data(State, Len) -> recv_data(State, Len, <<>>). recv_data(State, Len) -> recv_data(State, Len, <<>>).
@ -877,7 +889,14 @@ transform_listen_option(Opt, Opts) ->
(atom()) -> [atom()]. (atom()) -> [atom()].
opt_type(trusted_proxies) -> opt_type(trusted_proxies) ->
fun (all) -> all; fun (all) -> all;
(TPs) -> [iolist_to_binary(TP) || TP <- TPs] end; (TPs) -> lists:filtermap(
fun(TP) ->
case acl:parse_ip_netmask(iolist_to_binary(TP)) of
{ok, Ip, Mask} -> {true, {Ip, Mask}};
_ -> false
end
end, TPs)
end;
opt_type(_) -> [trusted_proxies]. opt_type(_) -> [trusted_proxies].
-spec listen_opt_type(tls) -> fun((boolean()) -> boolean()); -spec listen_opt_type(tls) -> fun((boolean()) -> boolean());