Re: [scmbug-users] Simple Allow list for scmbugd

Fri, 21 May 2010 12:11:00 -0700 

On Fri, 2010-05-21 at 10:36 -0700, Kristis Makris wrote:
> Thank you Greg,
> 
> Could you perhaps attach this patch here in an email ?
> 
> On Fri, 2010-05-21 at 10:16 -0600, Gregary Hendricks wrote:
> > I can't attach it to the bug since it appears there is no way to create
> > an account there and I am pretty sure the list doesn't take attachments.
> 
> The list takes attachments.
> 
Here you go then.

I am not sure if I put the changes in the config in the right place.
There is also the .in version of the config which might be where it
really needs to go. Let me know if I need to include that.

++Greg


--- /usr/share/scmbug/lib/Scmbug/Daemon/Daemon.pm       2010-03-08 
08:45:42.000000000 -0700
+++ Daemon/Daemon.pm    2010-05-20 16:20:37.000000000 -0600
@@ -554,7 +554,12 @@
        # This is the parent
        return;
     }
-
+    
+    # Reject connections from untrusted hosts
+    unless(grep {$_ eq $connection_ip_address } 
@{$daemon_configuration->{allow_list}}){
+        log_fatal_error( undef, "Connection from $connection_ip_address - 
$connection_host_name refused\n");
+    }
+    
     # This is the child.
     open( STDIN, "<&Client") or log_fatal_error( 
$COMMON_ERROR_CANNOT_OPEN_FILE, "can't dup client to stdin\n" );
     open( STDOUT, ">&Client") or log_fatal_error( 
$COMMON_ERROR_CANNOT_OPEN_FILE, "can't dup client to stdout\n" );
@@ -646,6 +651,11 @@
 #
 sub connection_handler_thread {
     my ( $socket, $connection_host_name, $connection_ip_address, 
$connection_port ) = ( @_ );
+    
+    # Reject connections from untrusted hosts
+    unless(grep {$_ eq $connection_ip_address } 
@{$daemon_configuration->{allow_list}}){
+        log_fatal_error( undef, "Connection from $connection_ip_address - 
$connection_host_name refused\n");
+    }
 
     # Received request 
     my $request;
--- 
/home/ghendricks/src/SCMBUG_RELEASE_0-26-17/src/daemon/etc/daemon.conf.template 
    2010-05-20 14:07:49.000000000 -0600
+++ ../../daemon/etc/daemon.conf.template       2010-05-20 16:23:12.000000000 
-0600
@@ -19,7 +19,11 @@
 
     # Pid file the daemon will use
     daemon_pidfile => "/var/run/scmbug_daemon.pid",
-
+    
+    # Allowed IP addresses
+    allow_list => [
+        '127.0.0.1'
+    ],
     #
     # Execution mode of the daemon. There are 3 options:
     #


_______________________________________________
scmbug-users mailing list
[email protected]
http://lists.mkgnu.net/cgi-bin/mailman/listinfo/scmbug-users

Reply via email to