From 129aa587c6e6ef902c4b2966115a48bdda0027b9 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Mon, 30 Jun 2014 12:36:52 +0200 Subject: [PATCH] cmdmon: don't create socket when cmdport is 0 --- chrony.texi.in | 3 ++- cmdmon.c | 21 ++++++++++----------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/chrony.texi.in b/chrony.texi.in index e5537cd..5388d9b 100644 --- a/chrony.texi.in +++ b/chrony.texi.in @@ -1447,7 +1447,8 @@ There is also a @code{cmddeny all} directive with similar behaviour to the The @code{cmdport} directive allows the port that is used for run-time command and monitoring (via the program @code{chronyc}) to be altered -from its default (323/udp). +from its default (323/udp). If set to 0, @code{chronyd} will not open the +port, this is useful to disable the @code{chronyc} access completely. An example shows the syntax diff --git a/cmdmon.c b/cmdmon.c index 738dbbd..bde2a6f 100644 --- a/cmdmon.c +++ b/cmdmon.c @@ -171,22 +171,19 @@ static ADF_AuthTable access_auth_table; /* ================================================== */ /* Forward prototypes */ -static int prepare_socket(int family); static void read_from_cmd_socket(void *anything); /* ================================================== */ static int -prepare_socket(int family) +prepare_socket(int family, int port_number) { - int port_number, sock_fd; + int sock_fd; socklen_t my_addr_len; union sockaddr_in46 my_addr; IPAddr bind_address; int on_off = 1; - port_number = CNF_GetCommandPort(); - sock_fd = socket(family, SOCK_DGRAM, 0); if (sock_fd < 0) { LOG(LOGS_ERR, LOGF_CmdMon, "Could not open %s command socket : %s", @@ -265,7 +262,7 @@ prepare_socket(int family) void CAM_Initialise(int family) { - int i; + int i, port_number; assert(!initialised); initialised = 1; @@ -293,18 +290,20 @@ CAM_Initialise(int family) free_replies = NULL; kept_replies.next = NULL; - if (family == IPADDR_UNSPEC || family == IPADDR_INET4) - sock_fd4 = prepare_socket(AF_INET); + port_number = CNF_GetCommandPort(); + + if (port_number && (family == IPADDR_UNSPEC || family == IPADDR_INET4)) + sock_fd4 = prepare_socket(AF_INET, port_number); else sock_fd4 = -1; #ifdef HAVE_IPV6 - if (family == IPADDR_UNSPEC || family == IPADDR_INET6) - sock_fd6 = prepare_socket(AF_INET6); + if (port_number && (family == IPADDR_UNSPEC || family == IPADDR_INET6)) + sock_fd6 = prepare_socket(AF_INET6, port_number); else sock_fd6 = -1; #endif - if (sock_fd4 < 0 + if (port_number && sock_fd4 < 0 #ifdef HAVE_IPV6 && sock_fd6 < 0 #endif