changeset 1698:2dbcc8360a3e

backup security
author Franklin Schmidt <fschmidt@gmail.com>
date Mon, 27 Jun 2022 20:51:49 -0600
parents aff2309ae510
children e6750146faa1
files src/goodjava/io/IoUtils.java src/goodjava/lucene/backup/BackupServer.java src/luan/modules/IoLuan.java
diffstat 3 files changed, 29 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
diff -r aff2309ae510 -r 2dbcc8360a3e src/goodjava/io/IoUtils.java
--- a/src/goodjava/io/IoUtils.java	Mon Jun 27 18:36:56 2022 -0600
+++ b/src/goodjava/io/IoUtils.java	Mon Jun 27 20:51:49 2022 -0600
@@ -8,9 +8,15 @@
 import java.io.Writer;
 import java.io.StringWriter;
 import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Inet4Address;
+import java.net.NetworkInterface;
 import java.nio.file.Files;
 import java.nio.file.attribute.FileTime;
 import java.security.Security;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.Enumeration;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.SSLServerSocketFactory;
 import goodjava.logging.Logger;
@@ -103,6 +109,17 @@
 		return cs;
 	}
 
+	public static Set<InetAddress> getInetAddresses() throws IOException {
+		Set<InetAddress> set = new HashSet<InetAddress>();
+		for( Enumeration<NetworkInterface> e1 = NetworkInterface.getNetworkInterfaces(); e1.hasMoreElements(); ) {
+			NetworkInterface ni = e1.nextElement();
+			for( Enumeration<InetAddress> e2 = ni.getInetAddresses(); e2.hasMoreElements(); ) {
+				InetAddress ia = e2.nextElement();
+				set.add(ia);
+			}
+		}
+		return set;
+	}
 
 
 	public static class ProcException extends IOException {
diff -r aff2309ae510 -r 2dbcc8360a3e src/goodjava/lucene/backup/BackupServer.java
--- a/src/goodjava/lucene/backup/BackupServer.java	Mon Jun 27 18:36:56 2022 -0600
+++ b/src/goodjava/lucene/backup/BackupServer.java	Mon Jun 27 20:51:49 2022 -0600
@@ -122,6 +122,15 @@
 			} else if( backup != null ) {
 				backup.handle(rpc,call);
 			} else if( call.cmd.equals("copy") ) {
+				try {
+					if( !IoUtils.getInetAddresses().contains(rpc.socket.getInetAddress()) ) {
+						rpc.write( new RpcException("only localhost allowed") );
+						rpc.close();
+						return;
+					}
+				} catch(IOException e) {
+					throw new RuntimeException(e);
+				}
 				String dirName = (String)call.args[0];
 				copy(new File(dirName));
 				rpc.write(Rpc.OK);
diff -r aff2309ae510 -r 2dbcc8360a3e src/luan/modules/IoLuan.java
--- a/src/luan/modules/IoLuan.java	Mon Jun 27 18:36:56 2022 -0600
+++ b/src/luan/modules/IoLuan.java	Mon Jun 27 20:51:49 2022 -0600
@@ -22,10 +22,8 @@
 import java.net.URL;
 import java.net.InetAddress;
 import java.net.Inet4Address;
-import java.net.NetworkInterface;
 import java.net.MalformedURLException;
 import java.net.UnknownHostException;
-import java.util.Enumeration;
 import java.util.Map;
 import javax.naming.NamingException;
 import javax.naming.NameNotFoundException;
@@ -642,13 +640,9 @@
 
 	public static LuanTable my_ips(Luan luan) throws IOException, LuanException {
 		LuanTable tbl = new LuanTable();
-		for( Enumeration<NetworkInterface> e1 = NetworkInterface.getNetworkInterfaces(); e1.hasMoreElements(); ) {
-			NetworkInterface ni = e1.nextElement();
-			for( Enumeration<InetAddress> e2 = ni.getInetAddresses(); e2.hasMoreElements(); ) {
-				InetAddress ia = e2.nextElement();
-				if( ia instanceof Inet4Address )
-					tbl.put(luan,ia.getHostAddress(),true);
-			}
+		for( InetAddress ia : IoUtils.getInetAddresses() ) {
+			if( ia instanceof Inet4Address )
+				tbl.put(luan,ia.getHostAddress(),true);
 		}
 		return tbl;
 	}