Miroslav Lichvar pushed to branch master at chrony / chrony
Commits: 9ba6e765 by Miroslav Lichvar at 2025-02-12T14:52:19+01:00 cmdmon: drop handling of NULL and LOGON requests Handle the NULL and LOGON requests as unknown (invalid) instead of returning the success and failed status respectively. They have been unused for very long time now. - - - - - 51da7a06 by Miroslav Lichvar at 2025-02-12T15:10:56+01:00 cmdmon: refactor command authorization checks Try to simplify the code and make it more robust to potential bugs. Instead of maintaing a table mapping all commands to open/auth permissions, use a short list of open commands. Split the processing of the commands into two groups, read-write commands and read-only (monitoring) commands, where the first group is processed only with full access. Check both the socket descriptor and address type before giving full access. While moving the code, reorder the commands alphabetically. - - - - - 1967fbf1 by Miroslav Lichvar at 2025-02-12T15:40:13+01:00 cmdmon: make open commands configurable Replace the hardcoded list of open commands (accessible over UDP), with a list that can be configured with a new "opencommands" directive. The default matches the original list. All read-only commands except accheck and cmdaccheck can be enabled. The naming follows the chronyc naming. Enable the N_SOURCES request only when needed. This makes it possible to have a full monitoring access without access to the Unix domain socket. It also allows restricting the monitoring access to a smaller number of commands if some commands from the default list are not needed. Mention in the man page that the protocol of the non-default commands is not consider stable and the information they provide may have security implications. - - - - - f7bb2835 by Miroslav Lichvar at 2025-02-12T15:41:10+01:00 doc: mention localhost exception in cmdallow description - - - - - 55898e9b by Miroslav Lichvar at 2025-02-12T15:41:10+01:00 client: fix memory leak of empty readline() string - - - - - 9 changed files: - candm.h - client.c - cmdmon.c - conf.c - conf.h - doc/chrony.conf.adoc - doc/chronyc.adoc - pktlength.c - test/simulation/110-chronyc View it on GitLab: https://gitlab.com/chrony/chrony/-/compare/3dea7dd723735d18db41f6689fa24b2b98a17b67...55898e9b07d2bf97cb3bb96987dbe57f1b6376ef -- View it on GitLab: https://gitlab.com/chrony/chrony/-/compare/3dea7dd723735d18db41f6689fa24b2b98a17b67...55898e9b07d2bf97cb3bb96987dbe57f1b6376ef You're receiving this email because of your account on gitlab.com.
