cmdmon: allow unauthenticated commands from Unix domain socket

Allow all commands received from the Unix domain command socket (which
is accessible only by the root and chrony user/group), even when they
are not authenticated with the command key.

diff --git a/cmdmon.c b/cmdmon.c
index 7c1a91d20e36089641c65741c1d830bc0ed73a33..d32ab66876b47cad349093918ea4a44f2e8131de 100644 (file)
--- a/cmdmon.c
+++ b/cmdmon.c
@@ -1808,28 +1808,35 @@ read_from_cmd_socket(void *anything)
     /* This should be already handled */
     assert(0);
   } else {
-    /* Check level of authority required to issue the command */
-    switch(permissions[rx_command]) {
-      case PERMIT_AUTH:
-        if (authenticated) {
-          allowed = 1;
-        } else {
-          allowed = 0;
-        }
-        break;
-      case PERMIT_LOCAL:
-        if (authenticated || localhost) {
+    /* Check level of authority required to issue the command.  All commands
+       from the Unix domain socket (which is accessible only by the root and
+       chrony user/group) are allowed. */
+    if (where_from.sa.sa_family == AF_UNIX) {
+      assert(sock_fd == sock_fdu);
+      allowed = 1;
+    } else {
+      switch (permissions[rx_command]) {
+        case PERMIT_AUTH:
+          if (authenticated) {
+            allowed = 1;
+          } else {
+            allowed = 0;
+          }
+          break;
+        case PERMIT_LOCAL:
+          if (authenticated || localhost) {
+            allowed = 1;
+          } else {
+            allowed = 0;
+          }
+          break;
+        case PERMIT_OPEN:
           allowed = 1;
-        } else {
+          break;
+        default:
+          assert(0);
           allowed = 0;
-        }
-        break;
-      case PERMIT_OPEN:
-        allowed = 1;
-        break;
-      default:
-        assert(0);
-        allowed = 0;
+      }
     }
 
     if (allowed) {