cmdmon: make open commands configurable

Replace the hardcoded list of open commands (accessible over UDP), with a list that can be configured with a new "opencommands" directive. The default matches the original list. All read-only commands except accheck and cmdaccheck can be enabled. The naming follows the chronyc naming. Enable the N_SOURCES request only when needed. This makes it possible to have a full monitoring access without access to the Unix domain socket. It also allows restricting the monitoring access to a smaller number of commands if some commands from the default list are not needed. Mention in the man page that the protocol of the non-default commands is not consider stable and the information they provide may have security implications.
2025-12-03 16:35:06 -05:00 · 2025-02-11 12:27:23 +01:00
parent 51da7a0694
commit 1967fbf1f2
6 changed files with 148 additions and 17 deletions
--- a/cmdmon.c
+++ b/cmdmon.c
@@ -1507,25 +1507,16 @@ handle_readwrite_commands(int command, CMD_Request *request, CMD_Reply *reply)
 static int
 handle_readonly_commands(int command, int full_access, CMD_Request *request, CMD_Reply *reply)
 {
+  ARR_Instance open_commands;
  int i, allowed = 0;

-  const unsigned char open_commands[] = {
-    REQ_N_SOURCES,
-    REQ_SOURCE_DATA,
-    REQ_TRACKING,
-    REQ_SOURCESTATS,
-    REQ_RTCREPORT,
-    REQ_MANUAL_LIST,
-    REQ_ACTIVITY,
-    REQ_SMOOTHING,
-    REQ_NTP_SOURCE_NAME,
-  };
-
  if (full_access) {
    allowed = 1;
  } else {
-    for (i = 0; i < sizeof (open_commands); i++) {
-      if (open_commands[i] == command) {
+    open_commands = CNF_GetOpenCommands();
+
+    for (i = 0; i < ARR_GetSize(open_commands); i++) {
+      if (*(int *)ARR_GetElement(open_commands, i) == command) {
        allowed = 1;
        break;
      }