aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2016-06-20 11:32:04 +0200
committerChristian Grothoff <christian@grothoff.org>2016-06-20 11:32:04 +0200
commit0fb17e2b704a591c6bd348eaf70f1c3ccbd76cc0 (patch)
treeceb879d20706cf871f4a717bef93049e741d39c0
parent029911c757b4557064608ac0e3f27ad7f7a4b82f (diff)
now that we have a separate bind, do not check for perms anymorev0.0.2
-rw-r--r--src/exchange/taler-exchange-httpd_admin.c67
1 files changed, 0 insertions, 67 deletions
diff --git a/src/exchange/taler-exchange-httpd_admin.c b/src/exchange/taler-exchange-httpd_admin.c
index f150374bf..3805923ef 100644
--- a/src/exchange/taler-exchange-httpd_admin.c
+++ b/src/exchange/taler-exchange-httpd_admin.c
@@ -27,70 +27,6 @@
#include "taler-exchange-httpd_validation.h"
-/**
- * Check permissions (we only allow access to /admin/ from loopback).
- *
- * @param connection connection to perform access check for
- * @return #GNUNET_OK if permitted,
- * #GNUNET_NO if denied and error was queued,
- * #GNUNET_SYSERR if denied and we failed to report
- */
-static int
-check_permissions (struct MHD_Connection *connection)
-{
- const union MHD_ConnectionInfo *ci;
- const struct sockaddr *addr;
- int res;
-
- ci = MHD_get_connection_info (connection,
- MHD_CONNECTION_INFO_CLIENT_ADDRESS);
- if (NULL == ci)
- {
- GNUNET_break (0);
- res = TMH_RESPONSE_reply_internal_error (connection,
- "Failed to verify client address");
- return (MHD_YES == res) ? GNUNET_NO : GNUNET_SYSERR;
- }
- addr = ci->client_addr;
- switch (addr->sa_family)
- {
- case AF_UNIX:
- /* We rely on file system permissions here */
- return GNUNET_YES;
- case AF_INET:
- {
- const struct sockaddr_in *sin = (const struct sockaddr_in *) addr;
-
- if (INADDR_LOOPBACK != ntohl (sin->sin_addr.s_addr))
- {
- res = TMH_RESPONSE_reply_permission_denied (connection,
- "/admin/ only allowed via loopback");
- return (MHD_YES == res) ? GNUNET_NO : GNUNET_SYSERR;
- }
- break;
- }
- case AF_INET6:
- {
- const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *) addr;
-
- if (! IN6_IS_ADDR_LOOPBACK (&sin6->sin6_addr))
- {
- res = TMH_RESPONSE_reply_permission_denied (connection,
- "/admin/ only allowed via loopback");
- return (MHD_YES == res) ? GNUNET_NO : GNUNET_SYSERR;
- }
- break;
- }
- default:
- GNUNET_break (0);
- res = TMH_RESPONSE_reply_internal_error (connection,
- "Unsupported AF");
- return (MHD_YES == res) ? GNUNET_NO : GNUNET_SYSERR;
- }
- return GNUNET_OK;
-}
-
-
/**
* Handle a "/admin/add/incoming" request. Parses the
@@ -127,9 +63,6 @@ TMH_ADMIN_handler_admin_add_incoming (struct TMH_RequestHandler *rh,
};
int res;
- res = check_permissions (connection);
- if (GNUNET_OK != res)
- return (GNUNET_NO == res) ? MHD_YES : MHD_NO;
res = TMH_PARSE_post_json (connection,
connection_cls,
upload_data,