Merge pull request #240 from shawnl/allow-private

new --allow-private option to allow non-Internet routable addresses
author: Shawn Landden <slandden@gmail.com> 2018-02-26 15:24:25 -0800
committer: GitHub <noreply@github.com> 2018-02-26 15:24:25 -0800
commit: 5110e667123be49ec874fbc7d47f02331c3b4922 (patch)
tree: 75b1f86b452035671cc2a086983b1b7602d3945f
parent: d849ca2bcf67126aedd09a649f1a402cd29ac46a (diff)
parent: 43557726e5edc1f675fb63c6ade5f7c719e4471d (diff)
download: distcc-git-5110e667123be49ec874fbc7d47f02331c3b4922.tar.gz
5 files changed, 41 insertions, 5 deletions
diff --git a/man/distccd.1 b/man/distccd.1
index 75d0339..f5bbde3 100644
--- a/man/distccd.1
+++ b/man/distccd.1
@@ -147,6 +147,10 @@ match in the most significant MASK bits will be allowed.  If no
 connections are rejected by closing the TCP connection immediately.  A
 warning is logged on the server but nothing is sent to the client.
 .TP
+.B --allow-private
+Allow private networks (10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, and
+127.0.0.0/8).
+.TP
 .B --job-lifetime SECONDS
 Kills a distccd job if it runs for more than SECONDS seconds. This prevents
 denial of service from clients that don't properly disconnect and compilers
diff --git a/src/access.h b/src/access.h
index e6bd69c..c1e95ee 100644
--- a/src/access.h
+++ b/src/access.h
@@ -20,6 +20,8 @@
  * USA.
  */
 
+#pragma once
+
 #include <config.h>
 
 /* access.c */
diff --git a/src/daemon.c b/src/daemon.c
index 2127695..69b547e 100644
--- a/src/daemon.c
+++ b/src/daemon.c
@@ -186,10 +186,10 @@ int main(int argc, char *argv[])
     /* check this before redirecting the logs, so that it's really obvious */
     if (!dcc_should_be_inetd())
         if (opt_allowed == NULL) {
-            rs_log_error("--allow option is now mandatory; "
-                         "you must specify which clients are allowed to connect");
-            ret = EXIT_BAD_ARGUMENTS;
-            goto out;
+            rs_log_warning("No --allow option specified. Defaulting to --allow-private."
+                         " Allowing non-Internet (globally"
+                         " routable) addresses.");
+            opt_allow_private = 1;
         }
 
     if ((ret = dcc_set_lifetime()) != 0)
diff --git a/src/dopt.c b/src/dopt.c
index a3eb240..d533816 100644
--- a/src/dopt.c
+++ b/src/dopt.c
@@ -81,6 +81,8 @@ char *opt_listen_addr = NULL;
 
 struct dcc_allow_list *opt_allowed = NULL;
 
+int opt_allow_private = 0;
+
 /**
  * If true, don't detach from the parent.  This is probably necessary
  * for use with daemontools or other monitoring programs, and is also
@@ -121,8 +123,19 @@ enum {
 int opt_zeroconf = 0;
 #endif
 
+
+static const char *dcc_private_networks[] = {"192.168.0.0/16",
+                                             "10.0.0.0/8",
+                                             "172.16.0.0/12",
+                                             "127.0.0.0/8",
+
+                                             "fe80::/10",
+                                              "fc00::/7",
+                                              "::1/128"};
+
 const struct poptOption options[] = {
     { "allow", 'a',      POPT_ARG_STRING, 0, 'a', 0, 0 },
+    { "allow-private", 0,POPT_ARG_STRING, &opt_allow_private, 0, 0, 0 },
 #ifdef HAVE_GSSAPI
     { "auth", 0,	 POPT_ARG_NONE, &opt_auth_enabled, 'A', 0, 0 },
     { "blacklist", 0,    POPT_ARG_STRING, &arg_list_file, 'b', 0, 0 },
@@ -232,6 +245,7 @@ int distccd_parse_options(int argc, const char **argv)
 {
     poptContext po;
     int po_err, exitcode;
+    struct dcc_allow_list *new;
 
     po = poptGetContext("distccd", argc, argv, options, 0);
 
@@ -245,7 +259,6 @@ int distccd_parse_options(int argc, const char **argv)
         case 'a': {
             /* TODO: Allow this to be a hostname, which is resolved to an address. */
             /* TODO: Split this into a small function. */
-            struct dcc_allow_list *new;
             new = malloc(sizeof *new);
             if (!new) {
                 rs_log_crit("malloc failed");
@@ -374,6 +387,22 @@ int distccd_parse_options(int argc, const char **argv)
         }
     }
 
+    if (opt_allow_private) {
+        int i;
+        for (i = 0;i<6;i++) {
+            new = malloc(sizeof *new);
+            if (!new) {
+                rs_log_crit("malloc failed");
+                exitcode = EXIT_OUT_OF_MEMORY;
+                goto out_exit;
+            }
+            new->next = opt_allowed;
+            opt_allowed = new;
+            if ((exitcode = dcc_parse_mask(dcc_private_networks[i], &new->addr, &new->mask)))
+                goto out_exit;
+        }
+    }
+
     poptFreeContext(po);
     return 0;
 
diff --git a/src/dopt.h b/src/dopt.h
index 8cb92e0..594db93 100644
--- a/src/dopt.h
+++ b/src/dopt.h
@@ -24,6 +24,7 @@
 
 /* dopt.c */
 extern struct dcc_allow_list *opt_allowed;
+extern int opt_allow_private;
 int distccd_parse_options(int argc, const char *argv[]);
 
 extern int arg_port;
author	Shawn Landden <slandden@gmail.com>	2018-02-26 15:24:25 -0800
committer	GitHub <noreply@github.com>	2018-02-26 15:24:25 -0800
commit	5110e667123be49ec874fbc7d47f02331c3b4922 (patch)
tree	75b1f86b452035671cc2a086983b1b7602d3945f
parent	d849ca2bcf67126aedd09a649f1a402cd29ac46a (diff)
parent	43557726e5edc1f675fb63c6ade5f7c719e4471d (diff)
download	distcc-git-5110e667123be49ec874fbc7d47f02331c3b4922.tar.gz