diff options
author | Christian Grothoff <christian@grothoff.org> | 2016-06-20 11:32:04 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2016-06-20 11:32:04 +0200 |
commit | 0fb17e2b704a591c6bd348eaf70f1c3ccbd76cc0 (patch) | |
tree | ceb879d20706cf871f4a717bef93049e741d39c0 /src | |
parent | 029911c757b4557064608ac0e3f27ad7f7a4b82f (diff) |
now that we have a separate bind, do not check for perms anymorev0.0.2
Diffstat (limited to 'src')
-rw-r--r-- | src/exchange/taler-exchange-httpd_admin.c | 67 |
1 files changed, 0 insertions, 67 deletions
diff --git a/src/exchange/taler-exchange-httpd_admin.c b/src/exchange/taler-exchange-httpd_admin.c index f150374bf..3805923ef 100644 --- a/src/exchange/taler-exchange-httpd_admin.c +++ b/src/exchange/taler-exchange-httpd_admin.c @@ -27,70 +27,6 @@ #include "taler-exchange-httpd_validation.h" -/** - * Check permissions (we only allow access to /admin/ from loopback). - * - * @param connection connection to perform access check for - * @return #GNUNET_OK if permitted, - * #GNUNET_NO if denied and error was queued, - * #GNUNET_SYSERR if denied and we failed to report - */ -static int -check_permissions (struct MHD_Connection *connection) -{ - const union MHD_ConnectionInfo *ci; - const struct sockaddr *addr; - int res; - - ci = MHD_get_connection_info (connection, - MHD_CONNECTION_INFO_CLIENT_ADDRESS); - if (NULL == ci) - { - GNUNET_break (0); - res = TMH_RESPONSE_reply_internal_error (connection, - "Failed to verify client address"); - return (MHD_YES == res) ? GNUNET_NO : GNUNET_SYSERR; - } - addr = ci->client_addr; - switch (addr->sa_family) - { - case AF_UNIX: - /* We rely on file system permissions here */ - return GNUNET_YES; - case AF_INET: - { - const struct sockaddr_in *sin = (const struct sockaddr_in *) addr; - - if (INADDR_LOOPBACK != ntohl (sin->sin_addr.s_addr)) - { - res = TMH_RESPONSE_reply_permission_denied (connection, - "/admin/ only allowed via loopback"); - return (MHD_YES == res) ? GNUNET_NO : GNUNET_SYSERR; - } - break; - } - case AF_INET6: - { - const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *) addr; - - if (! IN6_IS_ADDR_LOOPBACK (&sin6->sin6_addr)) - { - res = TMH_RESPONSE_reply_permission_denied (connection, - "/admin/ only allowed via loopback"); - return (MHD_YES == res) ? GNUNET_NO : GNUNET_SYSERR; - } - break; - } - default: - GNUNET_break (0); - res = TMH_RESPONSE_reply_internal_error (connection, - "Unsupported AF"); - return (MHD_YES == res) ? GNUNET_NO : GNUNET_SYSERR; - } - return GNUNET_OK; -} - - /** * Handle a "/admin/add/incoming" request. Parses the @@ -127,9 +63,6 @@ TMH_ADMIN_handler_admin_add_incoming (struct TMH_RequestHandler *rh, }; int res; - res = check_permissions (connection); - if (GNUNET_OK != res) - return (GNUNET_NO == res) ? MHD_YES : MHD_NO; res = TMH_PARSE_post_json (connection, connection_cls, upload_data, |