[chrony-dev] [PATCH 4/4] Send cmdmon error replies only to allowed hosts

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]


The status codes STT_BADPKTVERSION, STT_BADPKTLENGTH, STT_NOHOSTACCESS
were sent even to hosts that were not allowed by cmdallow. Deprecate
STT_NOHOSTACCESS and ignore packets from hosts not allowed by cmdallow
completely.
---
 candm.h  |  1 +
 cmdmon.c | 41 ++++++++++++++---------------------------
 2 files changed, 15 insertions(+), 27 deletions(-)

diff --git a/candm.h b/candm.h
index 4b1c66a..7e94caa 100644
--- a/candm.h
+++ b/candm.h
@@ -481,6 +481,7 @@ typedef struct {
 #define STT_BADSUBNET 7
 #define STT_ACCESSALLOWED 8
 #define STT_ACCESSDENIED 9
+/* Deprecated */
 #define STT_NOHOSTACCESS 10
 #define STT_SOURCEALREADYKNOWN 11
 #define STT_TOOMANYSOURCES 12
diff --git a/cmdmon.c b/cmdmon.c
index a6e3f84..4de2c1c 100644
--- a/cmdmon.c
+++ b/cmdmon.c
@@ -1722,7 +1722,13 @@ read_from_cmd_socket(void *anything)
       assert(0);
   }
 
-  allowed = ADF_IsAllowed(access_auth_table, &remote_ip) || localhost;
+  if (!(localhost || ADF_IsAllowed(access_auth_table, &remote_ip))) {
+    /* The client is not allowed access, so don't waste any more time
+       on him.  Note that localhost is always allowed access
+       regardless of the defined access rules - otherwise, we could
+       shut ourselves out completely! */
+    return;
+  }
 
   /* Message size sanity check */
   if (read_length >= offsetof(CMD_Request, data)) {
@@ -1738,8 +1744,7 @@ read_from_cmd_socket(void *anything)
       rx_message.res2 != 0) {
 
     /* We don't know how to process anything like this */
-    if (allowed)
-      CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
+    CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
     
     return;
   }
@@ -1767,8 +1772,8 @@ read_from_cmd_socket(void *anything)
     if (!LOG_RateLimited()) {
       LOG(LOGS_WARN, LOGF_CmdMon, "Read command packet with protocol version %d (expected %d) from %s:%hu", rx_message.version, PROTO_VERSION_NUMBER, UTI_IPToString(&remote_ip), remote_port);
     }
-    if (allowed)
-      CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
+
+    CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
 
     if (rx_message.version >= PROTO_VERSION_MISMATCH_COMPAT_SERVER) {
       tx_message.status = htons(STT_BADPKTVERSION);
@@ -1781,8 +1786,8 @@ read_from_cmd_socket(void *anything)
     if (!LOG_RateLimited()) {
       LOG(LOGS_WARN, LOGF_CmdMon, "Read command packet with invalid command %d from %s:%hu", rx_command, UTI_IPToString(&remote_ip), remote_port);
     }
-    if (allowed)
-      CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
+
+    CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
 
     tx_message.status = htons(STT_INVALID);
     transmit_reply(&tx_message, &where_from, 0);
@@ -1793,29 +1798,11 @@ read_from_cmd_socket(void *anything)
     if (!LOG_RateLimited()) {
       LOG(LOGS_WARN, LOGF_CmdMon, "Read incorrectly sized command packet from %s:%hu", UTI_IPToString(&remote_ip), remote_port);
     }
-    if (allowed)
-      CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
-
-    tx_message.status = htons(STT_BADPKTLENGTH);
-    transmit_reply(&tx_message, &where_from, 0);
-    return;
-  }
 
-  if (!allowed) {
-    /* The client is not allowed access, so don't waste any more time
-       on him.  Note that localhost is always allowed access
-       regardless of the defined access rules - otherwise, we could
-       shut ourselves out completely! */
+    CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
 
-    if (!LOG_RateLimited()) {
-      LOG(LOGS_WARN, LOGF_CmdMon, "Command packet received from unauthorised host %s port %d",
-          UTI_IPToString(&remote_ip),
-          remote_port);
-    }
-
-    tx_message.status = htons(STT_NOHOSTACCESS);
+    tx_message.status = htons(STT_BADPKTLENGTH);
     transmit_reply(&tx_message, &where_from, 0);
-
     return;
   }
 
-- 
1.8.4.2


-- 
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/