[chrony-dev] [PATCH 4/4] Send cmdmon error replies only to allowed hosts |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-dev Archives
]
The status codes STT_BADPKTVERSION, STT_BADPKTLENGTH, STT_NOHOSTACCESS
were sent even to hosts that were not allowed by cmdallow. Deprecate
STT_NOHOSTACCESS and ignore packets from hosts not allowed by cmdallow
completely.
---
candm.h | 1 +
cmdmon.c | 41 ++++++++++++++---------------------------
2 files changed, 15 insertions(+), 27 deletions(-)
diff --git a/candm.h b/candm.h
index 4b1c66a..7e94caa 100644
--- a/candm.h
+++ b/candm.h
@@ -481,6 +481,7 @@ typedef struct {
#define STT_BADSUBNET 7
#define STT_ACCESSALLOWED 8
#define STT_ACCESSDENIED 9
+/* Deprecated */
#define STT_NOHOSTACCESS 10
#define STT_SOURCEALREADYKNOWN 11
#define STT_TOOMANYSOURCES 12
diff --git a/cmdmon.c b/cmdmon.c
index a6e3f84..4de2c1c 100644
--- a/cmdmon.c
+++ b/cmdmon.c
@@ -1722,7 +1722,13 @@ read_from_cmd_socket(void *anything)
assert(0);
}
- allowed = ADF_IsAllowed(access_auth_table, &remote_ip) || localhost;
+ if (!(localhost || ADF_IsAllowed(access_auth_table, &remote_ip))) {
+ /* The client is not allowed access, so don't waste any more time
+ on him. Note that localhost is always allowed access
+ regardless of the defined access rules - otherwise, we could
+ shut ourselves out completely! */
+ return;
+ }
/* Message size sanity check */
if (read_length >= offsetof(CMD_Request, data)) {
@@ -1738,8 +1744,7 @@ read_from_cmd_socket(void *anything)
rx_message.res2 != 0) {
/* We don't know how to process anything like this */
- if (allowed)
- CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
+ CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
return;
}
@@ -1767,8 +1772,8 @@ read_from_cmd_socket(void *anything)
if (!LOG_RateLimited()) {
LOG(LOGS_WARN, LOGF_CmdMon, "Read command packet with protocol version %d (expected %d) from %s:%hu", rx_message.version, PROTO_VERSION_NUMBER, UTI_IPToString(&remote_ip), remote_port);
}
- if (allowed)
- CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
+
+ CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
if (rx_message.version >= PROTO_VERSION_MISMATCH_COMPAT_SERVER) {
tx_message.status = htons(STT_BADPKTVERSION);
@@ -1781,8 +1786,8 @@ read_from_cmd_socket(void *anything)
if (!LOG_RateLimited()) {
LOG(LOGS_WARN, LOGF_CmdMon, "Read command packet with invalid command %d from %s:%hu", rx_command, UTI_IPToString(&remote_ip), remote_port);
}
- if (allowed)
- CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
+
+ CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
tx_message.status = htons(STT_INVALID);
transmit_reply(&tx_message, &where_from, 0);
@@ -1793,29 +1798,11 @@ read_from_cmd_socket(void *anything)
if (!LOG_RateLimited()) {
LOG(LOGS_WARN, LOGF_CmdMon, "Read incorrectly sized command packet from %s:%hu", UTI_IPToString(&remote_ip), remote_port);
}
- if (allowed)
- CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
-
- tx_message.status = htons(STT_BADPKTLENGTH);
- transmit_reply(&tx_message, &where_from, 0);
- return;
- }
- if (!allowed) {
- /* The client is not allowed access, so don't waste any more time
- on him. Note that localhost is always allowed access
- regardless of the defined access rules - otherwise, we could
- shut ourselves out completely! */
+ CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
- if (!LOG_RateLimited()) {
- LOG(LOGS_WARN, LOGF_CmdMon, "Command packet received from unauthorised host %s port %d",
- UTI_IPToString(&remote_ip),
- remote_port);
- }
-
- tx_message.status = htons(STT_NOHOSTACCESS);
+ tx_message.status = htons(STT_BADPKTLENGTH);
transmit_reply(&tx_message, &where_from, 0);
-
return;
}
--
1.8.4.2
--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.