+08May99=======================================================================
+1. Added a bit more checking to the rcmd thing to make more sure that this
+rcmd isn't coming from an imposter. Not possible to prevent everything
+ofcourse, just make it a bit harder.
+2. altered set/lockout and set/privilege so that they can't executed remotely.
+3. Added some code to reject rubbish (with invalid binary characters) protocol
+or user lines as input.
+4. prevented PC command being executed remotely :-)
+05May99=======================================================================
+1. change the connection overlap from an abort to a disconnect.
02May99=======================================================================
1. Added the mechanism for doing user spot filtering for spots in the cluster
(no user control just yet - but sysops can do it).
my $line = shift;
my @f = split /\s+/, $line;
-return (1, $self->msg('e5')) if $self->priv < 8;
+return (1, $self->msg('e5')) if $self->priv < 8 || $self->remotecmd;
my $call = uc shift @f;
my $dxchan = DXChannel->get($call);
foreach $call (@args) {
$call = uc $call;
- if ($ref = DXUser->get_current($call)) {
- $ref->lockout(1);
- $ref->put();
- push @out, $self->msg("lockout", $call);
+ unless ($self->remotecmd) {
+ if ($ref = DXUser->get_current($call)) {
+ $ref->lockout(1);
+ $ref->put();
+ push @out, $self->msg("lockout", $call);
+ } else {
+ $ref = DXUser->new($call);
+ $ref->lockout(1);
+ $ref->put();
+ push @out, $self->msg("lockoutc", $call);
+ }
} else {
- $ref = DXUser->new($call);
- $ref->lockout(1);
- $ref->put();
- push @out, $self->msg("lockoutc", $call);
+ push @out, $self->msg('sorry');
}
}
return (1, @out);
foreach $call (@args) {
$call = uc $call;
- if ($ref = DXChannel->get($call)) {
- $ref->priv($priv);
- $ref->user->priv($priv);
- $ref->user->put();
- }
- if (!$ref && ($user = DXUser->get($call))) {
- $user->priv($priv);
- $user->put();
- }
- if ($ref || $user) {
- push @out, $self->msg('priv', $call);
+ unless ($self->remotecmd) {
+ if ($ref = DXChannel->get($call)) {
+ $ref->priv($priv);
+ $ref->user->priv($priv);
+ $ref->user->put();
+ }
+ if (!$ref && ($user = DXUser->get($call))) {
+ $user->priv($priv);
+ $user->put();
+ }
+ if ($ref || $user) {
+ push @out, $self->msg('priv', $call);
+ } else {
+ push @out, $self->msg('e3', "Set Privilege", $call);
+ }
} else {
- push @out, $self->msg('e3', "Set Privilege", $call);
+ push @out, $self->msg('sorry');
}
}
return (1, @out);
foreach $call (@args) {
$call = uc $call;
- if ($ref = DXUser->get_current($call)) {
- $ref->lockout(0);
- $ref->put();
- push @out, $self->msg("lockoutun", $call);
+ unless ($self->remotecmd) {
+ if ($ref = DXUser->get_current($call)) {
+ $ref->lockout(0);
+ $ref->put();
+ push @out, $self->msg("lockoutun", $call);
+ } else {
+ push @out, $self->msg('e3', 'unset/lockout', $call);
+ }
} else {
- push @out, $self->msg('e3', 'unset/lockout', $call);
+ push @out, $self->msg('sorry');
}
}
return (1, @out);
# a - an alphanumeric regex
# d - the default rule
#
-# if hops is left out or zero then the existing hop count will be used as normal
-#
-# The spot data (in this case '15') is the used as the hop count
-# if this is missing then the normal default applies
+# The hop count IS required on all lines. It won't work without!
#
$in = [
- [ 1, 0, 'r', [ 50000.0, 3000000.0 ] ], # no hops required
- [ 0, 0, 'd' ], # don't want anything else
+ [ 1, 0, 'r', [ 50000.0, 3000000.0 ], 1 ], # hops _ARE_ required
+ [ 0, 0, 'd', 0, 1 ], # don't want anything else
];
if ($pcno == 34 || $pcno == 36) { # remote commands (incoming)
if ($field[1] eq $main::mycall) {
my $ref = DXUser->get_current($field[2]);
+ my $cref = DXCluster->get($field[2]);
Log('rcmd', 'in', $ref->{priv}, $field[2], $field[3]);
- unless ($field[3] =~ /rcmd/i) { # not allowed to relay RCMDS!
+ unless ($field[3] =~ /rcmd/i || !$cref || !$ref || $cref->mynode->call ne $ref->homenode) { # not allowed to relay RCMDS!
if ($ref->{priv}) { # you have to have SOME privilege, the commands have further filtering
$self->{remotecmd} = 1; # for the benefit of any command that needs to know
my @in = (DXCommandmode::run_cmd($self, $field[3]));
Log('rcmd', 'out', $field[2], $_);
}
delete $self->{remotecmd};
+ } else {
+ $self->send(pc35($main::mycall, $field[2], "$main::mycall:sorry...!"));
}
} else {
- $self->send(pc35($main::mycall, $field[2], "$main::mycall:Tut tut tut...!"));
+ $self->send(pc35($main::mycall, $field[2], "$main::mycall:your attempt is logged, Tut tut tut...!"));
}
} else {
route($field[1], $line);
if ($dxchan = DXChannel->get($call)) {
disconnect($dxchan);
sleep(1);
- }
+ }
# is there one already connected elsewhere in the cluster (and not a cluster)
my $user = DXUser->get($call);
my $data = $self->{data};
my $dxchan = $self->{dxchan};
my ($sort, $call, $line) = $data =~ /^(\w)(\S+)\|(.*)$/;
+
+ # the above regexp must work
+ return unless ($sort && $call && $line);
+
+ # translate any crappy characters into hex characters
+ if ($line =~ /[\x00-\x06\x08\x0a-\x1f\x7f-\xff]/o) {
+ $line =~ s/([\x00-\x1f\x7f-\xff])/uc sprintf("%%%02x",ord($1))/eg;
+ dbg('chan', "<- $sort $call **CRAP**: $line");
+ return;
+ }
# do the really sexy console interface bit! (Who is going to do the TK interface then?)
dbg('chan', "<- $sort $call $line\n") unless $sort eq 'D';
-
+
# handle A records
my $user = $dxchan->user;
if ($sort eq 'A' || $sort eq 'O') {
projects / spider.git / commitdiff