]> git.ipfire.org Git - thirdparty/chrony.git/commit
cmdmon: refactor command authorization checks
authorMiroslav Lichvar <mlichvar@redhat.com>
Mon, 10 Feb 2025 14:32:26 +0000 (15:32 +0100)
committerMiroslav Lichvar <mlichvar@redhat.com>
Wed, 12 Feb 2025 14:10:56 +0000 (15:10 +0100)
commit51da7a0694ce52c3154a26a772e1679fc57de6f9
tree09355571ca70c791ddc4b6aeef169f26519226c3
parent9ba6e7655c87a60afeca11ea4ac53eadf7b48e48
cmdmon: refactor command authorization checks

Try to simplify the code and make it more robust to potential bugs.

Instead of maintaing a table mapping all commands to open/auth
permissions, use a short list of open commands. Split the processing
of the commands into two groups, read-write commands and read-only
(monitoring) commands, where the first group is processed only with full
access. Check both the socket descriptor and address type before giving
full access. While moving the code, reorder the commands alphabetically.
candm.h
cmdmon.c