Send cmdmon error replies only to allowed hosts
The status codes STT_BADPKTVERSION, STT_BADPKTLENGTH, STT_NOHOSTACCESS were sent even to hosts that were not allowed by cmdallow. Deprecate STT_NOHOSTACCESS and ignore packets from hosts not allowed by cmdallow completely.
This commit is contained in:
Miroslav Lichvar
parent
d537ed11fd
commit
e15ce69d08
2 changed files with 15 additions and 27 deletions
1
candm.h
1
candm.h
|
|
@ -481,6 +481,7 @@ typedef struct {
|
||||||
#define STT_BADSUBNET 7
|
#define STT_BADSUBNET 7
|
||||||
#define STT_ACCESSALLOWED 8
|
#define STT_ACCESSALLOWED 8
|
||||||
#define STT_ACCESSDENIED 9
|
#define STT_ACCESSDENIED 9
|
||||||
|
/* Deprecated */
|
||||||
#define STT_NOHOSTACCESS 10
|
#define STT_NOHOSTACCESS 10
|
||||||
#define STT_SOURCEALREADYKNOWN 11
|
#define STT_SOURCEALREADYKNOWN 11
|
||||||
#define STT_TOOMANYSOURCES 12
|
#define STT_TOOMANYSOURCES 12
|
||||||
|
|
|
||||||
33
cmdmon.c
33
cmdmon.c
|
|
@ -1722,7 +1722,13 @@ read_from_cmd_socket(void *anything)
|
||||||
assert(0);
|
assert(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
allowed = ADF_IsAllowed(access_auth_table, &remote_ip) || localhost;
|
if (!(localhost || ADF_IsAllowed(access_auth_table, &remote_ip))) {
|
||||||
|
/* The client is not allowed access, so don't waste any more time
|
||||||
|
on him. Note that localhost is always allowed access
|
||||||
|
regardless of the defined access rules - otherwise, we could
|
||||||
|
shut ourselves out completely! */
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
/* Message size sanity check */
|
/* Message size sanity check */
|
||||||
if (read_length >= offsetof(CMD_Request, data)) {
|
if (read_length >= offsetof(CMD_Request, data)) {
|
||||||
|
|
@ -1738,7 +1744,6 @@ read_from_cmd_socket(void *anything)
|
||||||
rx_message.res2 != 0) {
|
rx_message.res2 != 0) {
|
||||||
|
|
||||||
/* We don't know how to process anything like this */
|
/* We don't know how to process anything like this */
|
||||||
if (allowed)
|
|
||||||
CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
|
CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
|
||||||
|
|
||||||
return;
|
return;
|
||||||
|
|
@ -1768,7 +1773,7 @@ read_from_cmd_socket(void *anything)
|
||||||
if (!LOG_RateLimited()) {
|
if (!LOG_RateLimited()) {
|
||||||
LOG(LOGS_WARN, LOGF_CmdMon, "Read command packet with protocol version %d (expected %d) from %s:%hu", rx_message.version, PROTO_VERSION_NUMBER, UTI_IPToString(&remote_ip), remote_port);
|
LOG(LOGS_WARN, LOGF_CmdMon, "Read command packet with protocol version %d (expected %d) from %s:%hu", rx_message.version, PROTO_VERSION_NUMBER, UTI_IPToString(&remote_ip), remote_port);
|
||||||
}
|
}
|
||||||
if (allowed)
|
|
||||||
CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
|
CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
|
||||||
|
|
||||||
if (rx_message.version >= PROTO_VERSION_MISMATCH_COMPAT_SERVER) {
|
if (rx_message.version >= PROTO_VERSION_MISMATCH_COMPAT_SERVER) {
|
||||||
|
|
@ -1782,7 +1787,7 @@ read_from_cmd_socket(void *anything)
|
||||||
if (!LOG_RateLimited()) {
|
if (!LOG_RateLimited()) {
|
||||||
LOG(LOGS_WARN, LOGF_CmdMon, "Read command packet with invalid command %d from %s:%hu", rx_command, UTI_IPToString(&remote_ip), remote_port);
|
LOG(LOGS_WARN, LOGF_CmdMon, "Read command packet with invalid command %d from %s:%hu", rx_command, UTI_IPToString(&remote_ip), remote_port);
|
||||||
}
|
}
|
||||||
if (allowed)
|
|
||||||
CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
|
CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
|
||||||
|
|
||||||
tx_message.status = htons(STT_INVALID);
|
tx_message.status = htons(STT_INVALID);
|
||||||
|
|
@ -1794,7 +1799,7 @@ read_from_cmd_socket(void *anything)
|
||||||
if (!LOG_RateLimited()) {
|
if (!LOG_RateLimited()) {
|
||||||
LOG(LOGS_WARN, LOGF_CmdMon, "Read incorrectly sized command packet from %s:%hu", UTI_IPToString(&remote_ip), remote_port);
|
LOG(LOGS_WARN, LOGF_CmdMon, "Read incorrectly sized command packet from %s:%hu", UTI_IPToString(&remote_ip), remote_port);
|
||||||
}
|
}
|
||||||
if (allowed)
|
|
||||||
CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
|
CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
|
||||||
|
|
||||||
tx_message.status = htons(STT_BADPKTLENGTH);
|
tx_message.status = htons(STT_BADPKTLENGTH);
|
||||||
|
|
@ -1802,24 +1807,6 @@ read_from_cmd_socket(void *anything)
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!allowed) {
|
|
||||||
/* The client is not allowed access, so don't waste any more time
|
|
||||||
on him. Note that localhost is always allowed access
|
|
||||||
regardless of the defined access rules - otherwise, we could
|
|
||||||
shut ourselves out completely! */
|
|
||||||
|
|
||||||
if (!LOG_RateLimited()) {
|
|
||||||
LOG(LOGS_WARN, LOGF_CmdMon, "Command packet received from unauthorised host %s port %d",
|
|
||||||
UTI_IPToString(&remote_ip),
|
|
||||||
remote_port);
|
|
||||||
}
|
|
||||||
|
|
||||||
tx_message.status = htons(STT_NOHOSTACCESS);
|
|
||||||
transmit_reply(&tx_message, &where_from, 0);
|
|
||||||
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* OK, we have a valid message. Now dispatch on message type and process it. */
|
/* OK, we have a valid message. Now dispatch on message type and process it. */
|
||||||
|
|
||||||
/* Do authentication stuff and command tokens here. Well-behaved
|
/* Do authentication stuff and command tokens here. Well-behaved
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue