]> dxcluster.net Git - spider.git/commitdiff
1. Added a bit more checking to the rcmd thing to make more sure that this
authordjk <djk>
Sat, 8 May 1999 21:09:11 +0000 (21:09 +0000)
committerdjk <djk>
Sat, 8 May 1999 21:09:11 +0000 (21:09 +0000)
rcmd isn't coming from an imposter. Not possible to prevent everything
ofcourse, just make it a bit harder.
2. altered set/lockout and set/privilege so that they can't executed remotely.
3. Added some code to reject rubbish (with invalid binary characters) protocol
or user lines as input.
4. prevented PC command being executed remotely :-)

Changes
cmd/pc.pl
cmd/set/lockout.pl
cmd/set/privilege.pl
cmd/unset/lockout.pl
filter/spots/G8TIC.pl.issue
perl/DXProt.pm
perl/cluster.pl

diff --git a/Changes b/Changes
index 7d23e07cb7a71a52c902791c36f320aa40054745..be97d3a6afb839c2ec3d8b731de1e187c1c4652b 100644 (file)
--- a/Changes
+++ b/Changes
@@ -1,3 +1,13 @@
+08May99=======================================================================
+1. Added a bit more checking to the rcmd thing to make more sure that this
+rcmd isn't coming from an imposter. Not possible to prevent everything 
+ofcourse, just make it a bit harder.
+2. altered set/lockout and set/privilege so that they can't executed remotely.
+3. Added some code to reject rubbish (with invalid binary characters) protocol
+or user lines as input.
+4. prevented PC command being executed remotely :-)
+05May99=======================================================================
+1. change the connection overlap from an abort to a disconnect.
 02May99=======================================================================
 1. Added the mechanism for doing user spot filtering for spots in the cluster 
 (no user control just yet - but sysops can do it).
index cfb8f9e96484862f55df8c45d1d47207356651aa..8e371ef21355d1b7f9ec3ed790b02f59baa4618f 100644 (file)
--- a/cmd/pc.pl
+++ b/cmd/pc.pl
@@ -9,7 +9,7 @@ my $self = shift;
 my $line = shift;
 my @f = split /\s+/, $line;
 
-return (1, $self->msg('e5')) if $self->priv < 8;
+return (1, $self->msg('e5')) if $self->priv < 8 || $self->remotecmd;
 
 my $call = uc shift @f;
 my $dxchan = DXChannel->get($call);
index 911a82887977390027ce527b274723187d01d341..492120b9b2a008f65c9c74b5b67e7fee5d90c1d6 100644 (file)
@@ -17,15 +17,19 @@ return (1, $self->msg('e5')) if $self->priv < 9;
 
 foreach $call (@args) {
        $call = uc $call;
-       if ($ref = DXUser->get_current($call)) {
-               $ref->lockout(1);
-               $ref->put();
-               push @out, $self->msg("lockout", $call);
+       unless ($self->remotecmd) {
+               if ($ref = DXUser->get_current($call)) {
+                       $ref->lockout(1);
+                       $ref->put();
+                       push @out, $self->msg("lockout", $call);
+               } else {
+                       $ref = DXUser->new($call);
+                       $ref->lockout(1);
+                       $ref->put();
+                       push @out, $self->msg("lockoutc", $call);
+               }
        } else {
-               $ref = DXUser->new($call);
-               $ref->lockout(1);
-               $ref->put();
-               push @out, $self->msg("lockoutc", $call);
+               push @out, $self->msg('sorry');
        }
 }
 return (1, @out);
index 2513f85b82ee6721f83316e0a2ce8fee9c272f98..4e30229775a901663e59cea75cd20cc53f9db5ed 100644 (file)
@@ -23,19 +23,23 @@ if ($priv < 0 || $priv > 9) {
 
 foreach $call (@args) {
        $call = uc $call;
-       if ($ref = DXChannel->get($call)) {
-               $ref->priv($priv);
-               $ref->user->priv($priv);
-               $ref->user->put();
-       }
-       if (!$ref && ($user = DXUser->get($call))) {
-               $user->priv($priv);
-               $user->put();
-       }
-       if ($ref || $user) {
-               push @out, $self->msg('priv', $call);
+       unless ($self->remotecmd) {
+               if ($ref = DXChannel->get($call)) {
+                       $ref->priv($priv);
+                       $ref->user->priv($priv);
+                       $ref->user->put();
+               }
+               if (!$ref && ($user = DXUser->get($call))) {
+                       $user->priv($priv);
+                       $user->put();
+               }
+               if ($ref || $user) {
+                       push @out, $self->msg('priv', $call);
+               } else {
+                       push @out, $self->msg('e3', "Set Privilege", $call);
+               }
        } else {
-               push @out, $self->msg('e3', "Set Privilege", $call);
+               push @out, $self->msg('sorry');
        }
 }
 return (1, @out);
index 71641c6e38b81bee2c5109039ef7c72e6d480eab..3d17c7b7268f7f6c8ffb80a61127ecb39aa86f0f 100644 (file)
@@ -17,12 +17,16 @@ return (1, $self->msg('e5')) if $self->priv < 9;
 
 foreach $call (@args) {
        $call = uc $call;
-       if ($ref = DXUser->get_current($call)) {
-               $ref->lockout(0);
-               $ref->put();
-               push @out, $self->msg("lockoutun", $call);
+       unless ($self->remotecmd) {
+               if ($ref = DXUser->get_current($call)) {
+                       $ref->lockout(0);
+                       $ref->put();
+                       push @out, $self->msg("lockoutun", $call);
+               } else {
+                       push @out, $self->msg('e3', 'unset/lockout', $call);
+               }
        } else {
-               push @out, $self->msg('e3', 'unset/lockout', $call);
+               push @out, $self->msg('sorry');
        }
 }
 return (1, @out);
index 2ef06c21de7dd7b71361453e0066e286216e0532..86c9af2b6ea982ebafd37852e140c7d65ab6cd49 100644 (file)
 #     a - an alphanumeric regex
 #     d - the default rule
 #
-#   if hops is left out or zero then the existing hop count will be used as normal
-#
-# The spot data (in this case '15') is the used as the hop count
-# if this is missing then the normal default applies
+#  The hop count IS required on all lines. It won't work without!
 #
 
 $in = [
-       [ 1, 0, 'r', [ 50000.0, 3000000.0 ] ],   # no hops required
-       [ 0, 0, 'd' ],                           # don't want anything else
+       [ 1, 0, 'r', [ 50000.0, 3000000.0 ], 1 ],   # hops _ARE_ required
+       [ 0, 0, 'd', 0, 1 ],                        # don't want anything else
 ];
index dded0e6451073153fea76fd1e77b8834e8cced9b..7ef99411fd7d099d1de5e8838e867d02a2f6b5dd 100644 (file)
@@ -475,8 +475,9 @@ sub normal
                if ($pcno == 34 || $pcno == 36) { # remote commands (incoming)
                        if ($field[1] eq $main::mycall) {
                                my $ref = DXUser->get_current($field[2]);
+                               my $cref = DXCluster->get($field[2]);
                                Log('rcmd', 'in', $ref->{priv}, $field[2], $field[3]);
-                               unless ($field[3] =~ /rcmd/i) {    # not allowed to relay RCMDS!
+                               unless ($field[3] =~ /rcmd/i || !$cref || !$ref || $cref->mynode->call ne $ref->homenode) {    # not allowed to relay RCMDS!
                                        if ($ref->{priv}) {     # you have to have SOME privilege, the commands have further filtering
                                                $self->{remotecmd} = 1; # for the benefit of any command that needs to know
                                                my @in = (DXCommandmode::run_cmd($self, $field[3]));
@@ -486,9 +487,11 @@ sub normal
                                                        Log('rcmd', 'out', $field[2], $_);
                                                }
                                                delete $self->{remotecmd};
+                                       } else {
+                                               $self->send(pc35($main::mycall, $field[2], "$main::mycall:sorry...!"));
                                        }
                                } else {
-                                       $self->send(pc35($main::mycall, $field[2], "$main::mycall:Tut tut tut...!"));
+                                       $self->send(pc35($main::mycall, $field[2], "$main::mycall:your attempt is logged, Tut tut tut...!"));
                                }
                        } else {
                                route($field[1], $line);
index e38e697fd17dfedff5a8c3ba274c143d822a1c38..b1b330b2c983f1377ed82faf0dba5397b38d9886 100755 (executable)
@@ -110,7 +110,7 @@ sub rec
                if ($dxchan = DXChannel->get($call)) {
                        disconnect($dxchan);
                        sleep(1);
-               }
+               }
                
                # is there one already connected elsewhere in the cluster (and not a cluster)
                my $user = DXUser->get($call);
@@ -213,10 +213,20 @@ sub process_inqueue
        my $data = $self->{data};
        my $dxchan = $self->{dxchan};
        my ($sort, $call, $line) = $data =~ /^(\w)(\S+)\|(.*)$/;
+
+       # the above regexp must work
+       return unless ($sort && $call && $line);
+       
+       # translate any crappy characters into hex characters 
+       if ($line =~ /[\x00-\x06\x08\x0a-\x1f\x7f-\xff]/o) {
+               $line =~ s/([\x00-\x1f\x7f-\xff])/uc sprintf("%%%02x",ord($1))/eg;
+               dbg('chan', "<- $sort $call **CRAP**: $line");
+               return;
+       }
        
        # do the really sexy console interface bit! (Who is going to do the TK interface then?)
        dbg('chan', "<- $sort $call $line\n") unless $sort eq 'D';
-       
+
        # handle A records
        my $user = $dxchan->user;
        if ($sort eq 'A' || $sort eq 'O') {