From 80a2dd317e5d6b24250388b5177cbf85abee5a85 Mon Sep 17 00:00:00 2001 From: djk Date: Sat, 8 May 1999 21:09:11 +0000 Subject: [PATCH] 1. Added a bit more checking to the rcmd thing to make more sure that this rcmd isn't coming from an imposter. Not possible to prevent everything ofcourse, just make it a bit harder. 2. altered set/lockout and set/privilege so that they can't executed remotely. 3. Added some code to reject rubbish (with invalid binary characters) protocol or user lines as input. 4. prevented PC command being executed remotely :-) --- Changes | 10 ++++++++++ cmd/pc.pl | 2 +- cmd/set/lockout.pl | 20 ++++++++++++-------- cmd/set/privilege.pl | 28 ++++++++++++++++------------ cmd/unset/lockout.pl | 14 +++++++++----- filter/spots/G8TIC.pl.issue | 9 +++------ perl/DXProt.pm | 7 +++++-- perl/cluster.pl | 14 ++++++++++++-- 8 files changed, 68 insertions(+), 36 deletions(-) diff --git a/Changes b/Changes index 7d23e07c..be97d3a6 100644 --- a/Changes +++ b/Changes @@ -1,3 +1,13 @@ +08May99======================================================================= +1. Added a bit more checking to the rcmd thing to make more sure that this +rcmd isn't coming from an imposter. Not possible to prevent everything +ofcourse, just make it a bit harder. +2. altered set/lockout and set/privilege so that they can't executed remotely. +3. Added some code to reject rubbish (with invalid binary characters) protocol +or user lines as input. +4. prevented PC command being executed remotely :-) +05May99======================================================================= +1. change the connection overlap from an abort to a disconnect. 02May99======================================================================= 1. Added the mechanism for doing user spot filtering for spots in the cluster (no user control just yet - but sysops can do it). diff --git a/cmd/pc.pl b/cmd/pc.pl index cfb8f9e9..8e371ef2 100644 --- a/cmd/pc.pl +++ b/cmd/pc.pl @@ -9,7 +9,7 @@ my $self = shift; my $line = shift; my @f = split /\s+/, $line; -return (1, $self->msg('e5')) if $self->priv < 8; +return (1, $self->msg('e5')) if $self->priv < 8 || $self->remotecmd; my $call = uc shift @f; my $dxchan = DXChannel->get($call); diff --git a/cmd/set/lockout.pl b/cmd/set/lockout.pl index 911a8288..492120b9 100644 --- a/cmd/set/lockout.pl +++ b/cmd/set/lockout.pl @@ -17,15 +17,19 @@ return (1, $self->msg('e5')) if $self->priv < 9; foreach $call (@args) { $call = uc $call; - if ($ref = DXUser->get_current($call)) { - $ref->lockout(1); - $ref->put(); - push @out, $self->msg("lockout", $call); + unless ($self->remotecmd) { + if ($ref = DXUser->get_current($call)) { + $ref->lockout(1); + $ref->put(); + push @out, $self->msg("lockout", $call); + } else { + $ref = DXUser->new($call); + $ref->lockout(1); + $ref->put(); + push @out, $self->msg("lockoutc", $call); + } } else { - $ref = DXUser->new($call); - $ref->lockout(1); - $ref->put(); - push @out, $self->msg("lockoutc", $call); + push @out, $self->msg('sorry'); } } return (1, @out); diff --git a/cmd/set/privilege.pl b/cmd/set/privilege.pl index 2513f85b..4e302297 100644 --- a/cmd/set/privilege.pl +++ b/cmd/set/privilege.pl @@ -23,19 +23,23 @@ if ($priv < 0 || $priv > 9) { foreach $call (@args) { $call = uc $call; - if ($ref = DXChannel->get($call)) { - $ref->priv($priv); - $ref->user->priv($priv); - $ref->user->put(); - } - if (!$ref && ($user = DXUser->get($call))) { - $user->priv($priv); - $user->put(); - } - if ($ref || $user) { - push @out, $self->msg('priv', $call); + unless ($self->remotecmd) { + if ($ref = DXChannel->get($call)) { + $ref->priv($priv); + $ref->user->priv($priv); + $ref->user->put(); + } + if (!$ref && ($user = DXUser->get($call))) { + $user->priv($priv); + $user->put(); + } + if ($ref || $user) { + push @out, $self->msg('priv', $call); + } else { + push @out, $self->msg('e3', "Set Privilege", $call); + } } else { - push @out, $self->msg('e3', "Set Privilege", $call); + push @out, $self->msg('sorry'); } } return (1, @out); diff --git a/cmd/unset/lockout.pl b/cmd/unset/lockout.pl index 71641c6e..3d17c7b7 100644 --- a/cmd/unset/lockout.pl +++ b/cmd/unset/lockout.pl @@ -17,12 +17,16 @@ return (1, $self->msg('e5')) if $self->priv < 9; foreach $call (@args) { $call = uc $call; - if ($ref = DXUser->get_current($call)) { - $ref->lockout(0); - $ref->put(); - push @out, $self->msg("lockoutun", $call); + unless ($self->remotecmd) { + if ($ref = DXUser->get_current($call)) { + $ref->lockout(0); + $ref->put(); + push @out, $self->msg("lockoutun", $call); + } else { + push @out, $self->msg('e3', 'unset/lockout', $call); + } } else { - push @out, $self->msg('e3', 'unset/lockout', $call); + push @out, $self->msg('sorry'); } } return (1, @out); diff --git a/filter/spots/G8TIC.pl.issue b/filter/spots/G8TIC.pl.issue index 2ef06c21..86c9af2b 100644 --- a/filter/spots/G8TIC.pl.issue +++ b/filter/spots/G8TIC.pl.issue @@ -31,13 +31,10 @@ # a - an alphanumeric regex # d - the default rule # -# if hops is left out or zero then the existing hop count will be used as normal -# -# The spot data (in this case '15') is the used as the hop count -# if this is missing then the normal default applies +# The hop count IS required on all lines. It won't work without! # $in = [ - [ 1, 0, 'r', [ 50000.0, 3000000.0 ] ], # no hops required - [ 0, 0, 'd' ], # don't want anything else + [ 1, 0, 'r', [ 50000.0, 3000000.0 ], 1 ], # hops _ARE_ required + [ 0, 0, 'd', 0, 1 ], # don't want anything else ]; diff --git a/perl/DXProt.pm b/perl/DXProt.pm index dded0e64..7ef99411 100644 --- a/perl/DXProt.pm +++ b/perl/DXProt.pm @@ -475,8 +475,9 @@ sub normal if ($pcno == 34 || $pcno == 36) { # remote commands (incoming) if ($field[1] eq $main::mycall) { my $ref = DXUser->get_current($field[2]); + my $cref = DXCluster->get($field[2]); Log('rcmd', 'in', $ref->{priv}, $field[2], $field[3]); - unless ($field[3] =~ /rcmd/i) { # not allowed to relay RCMDS! + unless ($field[3] =~ /rcmd/i || !$cref || !$ref || $cref->mynode->call ne $ref->homenode) { # not allowed to relay RCMDS! if ($ref->{priv}) { # you have to have SOME privilege, the commands have further filtering $self->{remotecmd} = 1; # for the benefit of any command that needs to know my @in = (DXCommandmode::run_cmd($self, $field[3])); @@ -486,9 +487,11 @@ sub normal Log('rcmd', 'out', $field[2], $_); } delete $self->{remotecmd}; + } else { + $self->send(pc35($main::mycall, $field[2], "$main::mycall:sorry...!")); } } else { - $self->send(pc35($main::mycall, $field[2], "$main::mycall:Tut tut tut...!")); + $self->send(pc35($main::mycall, $field[2], "$main::mycall:your attempt is logged, Tut tut tut...!")); } } else { route($field[1], $line); diff --git a/perl/cluster.pl b/perl/cluster.pl index e38e697f..b1b330b2 100755 --- a/perl/cluster.pl +++ b/perl/cluster.pl @@ -110,7 +110,7 @@ sub rec if ($dxchan = DXChannel->get($call)) { disconnect($dxchan); sleep(1); - } + } # is there one already connected elsewhere in the cluster (and not a cluster) my $user = DXUser->get($call); @@ -213,10 +213,20 @@ sub process_inqueue my $data = $self->{data}; my $dxchan = $self->{dxchan}; my ($sort, $call, $line) = $data =~ /^(\w)(\S+)\|(.*)$/; + + # the above regexp must work + return unless ($sort && $call && $line); + + # translate any crappy characters into hex characters + if ($line =~ /[\x00-\x06\x08\x0a-\x1f\x7f-\xff]/o) { + $line =~ s/([\x00-\x1f\x7f-\xff])/uc sprintf("%%%02x",ord($1))/eg; + dbg('chan', "<- $sort $call **CRAP**: $line"); + return; + } # do the really sexy console interface bit! (Who is going to do the TK interface then?) dbg('chan', "<- $sort $call $line\n") unless $sort eq 'D'; - + # handle A records my $user = $dxchan->user; if ($sort eq 'A' || $sort eq 'O') { -- 2.34.1