Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-08 23:28:39 +03:00
Code Issues Packages Projects Releases Wiki Activity

backports from main

Browse Source 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
2024-08-12 18:06:08 +02:00
parent c2de3c3efc
commit 3169197252
7 changed files with 66 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
internal/common/common.go
View File

@@ -631,7 +631,7 @@ func (c *Configuration) GetProxyListener(listener net.Listener) (*proxyproto.Lis
return &proxyproto.Listener{
Listener: listener,
Policy: getProxyPolicy(c.proxyAllowed, c.proxySkipped, defaultPolicy),
ConnPolicy: getProxyPolicy(c.proxyAllowed, c.proxySkipped, defaultPolicy),
ReadHeaderTimeout: 10 * time.Second,
}, nil
}
@@ -806,13 +806,13 @@ func (c *Configuration) ExecutePostConnectHook(ipAddr, protocol string) error {
return nil
}
func getProxyPolicy(allowed, skipped []func(net.IP) bool, def proxyproto.Policy) proxyproto.PolicyFunc {
return func(upstream net.Addr) (proxyproto.Policy, error) {
upstreamIP, err := util.GetIPFromNetAddr(upstream)
func getProxyPolicy(allowed, skipped []func(net.IP) bool, def proxyproto.Policy) proxyproto.ConnPolicyFunc {
return func(connPolicyOptions proxyproto.ConnPolicyOptions) (proxyproto.Policy, error) {
upstreamIP, err := util.GetIPFromNetAddr(connPolicyOptions.Upstream)
if err != nil {
// Something is wrong with the source IP, better reject the
// connection if a proxy header is found.
return proxyproto.REJECT, err
// connection.
return proxyproto.REJECT, proxyproto.ErrInvalidUpstream
}
for _, skippedFrom := range skipped {
@@ -831,7 +831,7 @@ func getProxyPolicy(allowed, skipped []func(net.IP) bool, def proxyproto.Policy)
}
if def == proxyproto.REQUIRE {
return proxyproto.REJECT, nil
return proxyproto.REJECT, proxyproto.ErrInvalidUpstream
}
return def, nil
}