-
9ba6e765
by Miroslav Lichvar at 2025-02-12T14:52:19+01:00
cmdmon: drop handling of NULL and LOGON requests
Handle the NULL and LOGON requests as unknown (invalid) instead of
returning the success and failed status respectively. They have
been unused for very long time now.
-
51da7a06
by Miroslav Lichvar at 2025-02-12T15:10:56+01:00
cmdmon: refactor command authorization checks
Try to simplify the code and make it more robust to potential bugs.
Instead of maintaing a table mapping all commands to open/auth
permissions, use a short list of open commands. Split the processing
of the commands into two groups, read-write commands and read-only
(monitoring) commands, where the first group is processed only with full
access. Check both the socket descriptor and address type before giving
full access. While moving the code, reorder the commands alphabetically.
-
1967fbf1
by Miroslav Lichvar at 2025-02-12T15:40:13+01:00
cmdmon: make open commands configurable
Replace the hardcoded list of open commands (accessible over UDP),
with a list that can be configured with a new "opencommands" directive.
The default matches the original list. All read-only commands except
accheck and cmdaccheck can be enabled. The naming follows the chronyc
naming. Enable the N_SOURCES request only when needed.
This makes it possible to have a full monitoring access without access
to the Unix domain socket. It also allows restricting the monitoring
access to a smaller number of commands if some commands from the default
list are not needed.
Mention in the man page that the protocol of the non-default commands is
not consider stable and the information they provide may have security
implications.
-
f7bb2835
by Miroslav Lichvar at 2025-02-12T15:41:10+01:00
doc: mention localhost exception in cmdallow description
-
55898e9b
by Miroslav Lichvar at 2025-02-12T15:41:10+01:00
client: fix memory leak of empty readline() string