diff options
author | Shawn Landden <slandden@gmail.com> | 2018-02-26 15:24:25 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-02-26 15:24:25 -0800 |
commit | 5110e667123be49ec874fbc7d47f02331c3b4922 (patch) | |
tree | 75b1f86b452035671cc2a086983b1b7602d3945f | |
parent | d849ca2bcf67126aedd09a649f1a402cd29ac46a (diff) | |
parent | 43557726e5edc1f675fb63c6ade5f7c719e4471d (diff) | |
download | distcc-git-5110e667123be49ec874fbc7d47f02331c3b4922.tar.gz |
Merge pull request #240 from shawnl/allow-private
new --allow-private option to allow non-Internet routable addresses
-rw-r--r-- | man/distccd.1 | 4 | ||||
-rw-r--r-- | src/access.h | 2 | ||||
-rw-r--r-- | src/daemon.c | 8 | ||||
-rw-r--r-- | src/dopt.c | 31 | ||||
-rw-r--r-- | src/dopt.h | 1 |
5 files changed, 41 insertions, 5 deletions
diff --git a/man/distccd.1 b/man/distccd.1 index 75d0339..f5bbde3 100644 --- a/man/distccd.1 +++ b/man/distccd.1 @@ -147,6 +147,10 @@ match in the most significant MASK bits will be allowed. If no connections are rejected by closing the TCP connection immediately. A warning is logged on the server but nothing is sent to the client. .TP +.B --allow-private +Allow private networks (10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, and +127.0.0.0/8). +.TP .B --job-lifetime SECONDS Kills a distccd job if it runs for more than SECONDS seconds. This prevents denial of service from clients that don't properly disconnect and compilers diff --git a/src/access.h b/src/access.h index e6bd69c..c1e95ee 100644 --- a/src/access.h +++ b/src/access.h @@ -20,6 +20,8 @@ * USA. */ +#pragma once + #include <config.h> /* access.c */ diff --git a/src/daemon.c b/src/daemon.c index 2127695..69b547e 100644 --- a/src/daemon.c +++ b/src/daemon.c @@ -186,10 +186,10 @@ int main(int argc, char *argv[]) /* check this before redirecting the logs, so that it's really obvious */ if (!dcc_should_be_inetd()) if (opt_allowed == NULL) { - rs_log_error("--allow option is now mandatory; " - "you must specify which clients are allowed to connect"); - ret = EXIT_BAD_ARGUMENTS; - goto out; + rs_log_warning("No --allow option specified. Defaulting to --allow-private." + " Allowing non-Internet (globally" + " routable) addresses."); + opt_allow_private = 1; } if ((ret = dcc_set_lifetime()) != 0) @@ -81,6 +81,8 @@ char *opt_listen_addr = NULL; struct dcc_allow_list *opt_allowed = NULL; +int opt_allow_private = 0; + /** * If true, don't detach from the parent. This is probably necessary * for use with daemontools or other monitoring programs, and is also @@ -121,8 +123,19 @@ enum { int opt_zeroconf = 0; #endif + +static const char *dcc_private_networks[] = {"192.168.0.0/16", + "10.0.0.0/8", + "172.16.0.0/12", + "127.0.0.0/8", + + "fe80::/10", + "fc00::/7", + "::1/128"}; + const struct poptOption options[] = { { "allow", 'a', POPT_ARG_STRING, 0, 'a', 0, 0 }, + { "allow-private", 0,POPT_ARG_STRING, &opt_allow_private, 0, 0, 0 }, #ifdef HAVE_GSSAPI { "auth", 0, POPT_ARG_NONE, &opt_auth_enabled, 'A', 0, 0 }, { "blacklist", 0, POPT_ARG_STRING, &arg_list_file, 'b', 0, 0 }, @@ -232,6 +245,7 @@ int distccd_parse_options(int argc, const char **argv) { poptContext po; int po_err, exitcode; + struct dcc_allow_list *new; po = poptGetContext("distccd", argc, argv, options, 0); @@ -245,7 +259,6 @@ int distccd_parse_options(int argc, const char **argv) case 'a': { /* TODO: Allow this to be a hostname, which is resolved to an address. */ /* TODO: Split this into a small function. */ - struct dcc_allow_list *new; new = malloc(sizeof *new); if (!new) { rs_log_crit("malloc failed"); @@ -374,6 +387,22 @@ int distccd_parse_options(int argc, const char **argv) } } + if (opt_allow_private) { + int i; + for (i = 0;i<6;i++) { + new = malloc(sizeof *new); + if (!new) { + rs_log_crit("malloc failed"); + exitcode = EXIT_OUT_OF_MEMORY; + goto out_exit; + } + new->next = opt_allowed; + opt_allowed = new; + if ((exitcode = dcc_parse_mask(dcc_private_networks[i], &new->addr, &new->mask))) + goto out_exit; + } + } + poptFreeContext(po); return 0; @@ -24,6 +24,7 @@ /* dopt.c */ extern struct dcc_allow_list *opt_allowed; +extern int opt_allow_private; int distccd_parse_options(int argc, const char *argv[]); extern int arg_port; |