added peer IP address validation

[bak-git.git] / bak-git-server.pl

diff --git a/bak-git-server.pl b/bak-git-server.pl
index 5ba7e17..b4c7eec 100755 (executable)
--- a/bak-git-server.pl
+++ b/bak-git-server.pl
@@ -76,8 +76,10 @@ while(<$ssh_fd>) {
                $host = $1;
        } elsif ( /^\s+(\S+)\s+(.+)/ ) {
                $ssh_tunnel->{$host}++ if lc($1) eq 'remoteforward' && $2 =~ m/9001/;
+       } elsif ( /^\s+$/ ) {
+               # nop
        } else {
-               die "can't parse $_";
+               warn "can't parse [$_]";
        }
 }
 
@@ -178,7 +180,14 @@ sub mkbasedir {
 while (my $client = $server->accept()) {
        my $line = <$client>;
        chomp($line);
-       warn "<<< $line\n";
+
+       my $peerhost = $client->peerhost;
+       if ( $peerhost !~ m/^(10\.13\.37\.|10\.60\.0\.)/ ) {
+               print $client "$peerhost not allowed\n";
+               next;
+       }
+
+       warn "<<< $peerhost $line\n";
        my ($user,$hostname,$pwd,$command,$rel_path,$message) = split(/\s+/,$line,6);
        $hostname =~ s/\..+$//;