DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-06 17:55:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

cmdmon: refactor command authorization checks

Browse Source 
Try to simplify the code and make it more robust to potential bugs.

Instead of maintaing a table mapping all commands to open/auth
permissions, use a short list of open commands. Split the processing
of the commands into two groups, read-write commands and read-only
(monitoring) commands, where the first group is processed only with full
access. Check both the socket descriptor and address type before giving
full access. While moving the code, reorder the commands alphabetically.
This commit is contained in:
Miroslav Lichvar
2025-02-10 15:32:26 +01:00
parent 9ba6e7655c
commit 51da7a0694
2 changed files with 264 additions and 393 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
candm.h
View File

@@ -510,13 +510,6 @@ typedef struct {
} CMD_Request;
/* ================================================== */
/* Authority codes for command types */
#define PERMIT_OPEN 0
#define PERMIT_LOCAL 1
#define PERMIT_AUTH 2
/* ================================================== */
/* Reply codes */