cmdmon: update candm.h
Remove the auth fields in the command request/reply and replace the token and utoken fields with padding.
This commit is contained in:
Miroslav Lichvar
parent
282a9c7d7c
commit
e5784c1ca8
3 changed files with 16 additions and 28 deletions
26
candm.h
26
candm.h
|
|
@ -31,7 +31,6 @@
|
|||
|
||||
#include "sysincl.h"
|
||||
#include "addressing.h"
|
||||
#include "hash.h"
|
||||
|
||||
/* This is the default port to use for CANDM, if no alternative is
|
||||
defined */
|
||||
|
|
@ -336,6 +335,8 @@ typedef struct {
|
|||
Version 6 : added padding to requests to prevent amplification attack,
|
||||
changed maximum number of samples in manual list to 16, new commands: modify
|
||||
makestep, smoothing report, smoothtime command
|
||||
|
||||
Authentication was removed later in version 6.
|
||||
*/
|
||||
|
||||
#define PROTO_VERSION_NUMBER 6
|
||||
|
|
@ -364,8 +365,8 @@ typedef struct {
|
|||
(count up from zero for same sequence
|
||||
number) */
|
||||
uint32_t sequence; /* Client's sequence number */
|
||||
uint32_t utoken; /* Unique token per incarnation of daemon */
|
||||
uint32_t token; /* Command token (to prevent replay attack) */
|
||||
uint32_t pad1;
|
||||
uint32_t pad2;
|
||||
|
||||
union {
|
||||
REQ_Null null;
|
||||
|
|
@ -400,15 +401,10 @@ typedef struct {
|
|||
REQ_SmoothTime smoothtime;
|
||||
} data; /* Command specific parameters */
|
||||
|
||||
/* The following fields only set the maximum size of the packet.
|
||||
There are no holes between them and the actual data. */
|
||||
|
||||
/* Padding used to prevent traffic amplification */
|
||||
/* Padding used to prevent traffic amplification. It only defines the
|
||||
maximum size of the packet, there is no hole after the data field. */
|
||||
uint8_t padding[MAX_PADDING_LENGTH];
|
||||
|
||||
/* Authentication data */
|
||||
uint8_t auth[MAX_HASH_LENGTH];
|
||||
|
||||
} CMD_Request;
|
||||
|
||||
/* ================================================== */
|
||||
|
|
@ -614,9 +610,9 @@ typedef struct {
|
|||
uint16_t pad2;
|
||||
uint16_t pad3;
|
||||
uint32_t sequence; /* Echo of client's sequence number */
|
||||
uint32_t utoken; /* Unique token per incarnation of daemon */
|
||||
uint32_t token; /* New command token (only if command was successfully
|
||||
authenticated) */
|
||||
uint32_t pad4;
|
||||
uint32_t pad5;
|
||||
|
||||
union {
|
||||
RPY_Null null;
|
||||
RPY_N_Sources n_sources;
|
||||
|
|
@ -631,10 +627,6 @@ typedef struct {
|
|||
RPY_Smoothing smoothing;
|
||||
} data; /* Reply specific parameters */
|
||||
|
||||
/* authentication of the packet, there is no hole after the actual data
|
||||
from the data union, this field only sets the maximum auth size */
|
||||
uint8_t auth[MAX_HASH_LENGTH];
|
||||
|
||||
} CMD_Reply;
|
||||
|
||||
/* ================================================== */
|
||||
|
|
|
|||
8
client.c
8
client.c
|
|
@ -1270,8 +1270,8 @@ submit_request(CMD_Request *request, CMD_Reply *reply)
|
|||
tx_sequence = sequence++;
|
||||
request->sequence = htonl(tx_sequence);
|
||||
request->attempt = 0;
|
||||
request->utoken = 0;
|
||||
request->token = 0;
|
||||
request->pad1 = 0;
|
||||
request->pad2 = 0;
|
||||
|
||||
timeout = initial_timeout;
|
||||
|
||||
|
|
@ -1392,9 +1392,9 @@ submit_request(CMD_Request *request, CMD_Reply *reply)
|
|||
#endif
|
||||
|
||||
/* Good packet received, print out results */
|
||||
DEBUG_LOG(LOGF_Client, "Reply cmd=%d reply=%d stat=%d seq=%d utok=%08x tok=%d",
|
||||
DEBUG_LOG(LOGF_Client, "Reply cmd=%d reply=%d stat=%d seq=%d",
|
||||
ntohs(reply->command), ntohs(reply->reply), ntohs(reply->status),
|
||||
ntohl(reply->sequence), ntohl(reply->utoken), ntohl(reply->token));
|
||||
ntohl(reply->sequence));
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
10
cmdmon.c
10
cmdmon.c
|
|
@ -1244,18 +1244,14 @@ read_from_cmd_socket(void *anything)
|
|||
tx_message.res1 = 0;
|
||||
tx_message.res2 = 0;
|
||||
tx_message.command = rx_message.command;
|
||||
tx_message.sequence = rx_message.sequence;
|
||||
tx_message.reply = htons(RPY_NULL);
|
||||
tx_message.status = htons(STT_SUCCESS);
|
||||
tx_message.pad1 = 0;
|
||||
tx_message.pad2 = 0;
|
||||
tx_message.pad3 = 0;
|
||||
tx_message.utoken = 0;
|
||||
/* Set this to a default (invalid) value. This protects against the
|
||||
token field being set to an arbitrary value if we reject the
|
||||
message, e.g. due to the host failing the access check. */
|
||||
tx_message.token = htonl(0xffffffffUL);
|
||||
memset(&tx_message.auth, 0, sizeof(tx_message.auth));
|
||||
tx_message.sequence = rx_message.sequence;
|
||||
tx_message.pad4 = 0;
|
||||
tx_message.pad5 = 0;
|
||||
|
||||
if (rx_message.version != PROTO_VERSION_NUMBER) {
|
||||
DEBUG_LOG(LOGF_CmdMon, "Read command packet with protocol version %d (expected %d) from %s",
|
||||
|
|
|
|||
Loading…
Reference in a new issue