From d99e357e5203c7742b57c51b7c2dd103c1836c01 Mon Sep 17 00:00:00 2001 From: djk Date: Mon, 31 May 1999 09:16:12 +0000 Subject: [PATCH] put in some more loop protection. allowed merge request passthru correct priv used on rcmd --- Changes | 6 ++++++ perl/DXProt.pm | 38 ++++++++++++++++++++++++++++++++------ perl/cluster.pl | 2 +- 3 files changed, 39 insertions(+), 7 deletions(-) diff --git a/Changes b/Changes index 9ea91d1a..f9d6cb5e 100644 --- a/Changes +++ b/Changes @@ -1,3 +1,9 @@ +31May99======================================================================= +1. Added checking for PC16,17,19 and 21 to make sure that they come in from +the channels that they are supposed to. +2. Pass the RCMDing node's priv level to the command (rather than the +connecting node's privilege level). +3. Pass thru merge requests for other nodes. 25May99======================================================================= 1. try to make the lastin value correct even for local users 2. got rid of the stupid bug that failed to print out the offline message diff --git a/perl/DXProt.pm b/perl/DXProt.pm index ce9b13a4..4bdb307f 100644 --- a/perl/DXProt.pm +++ b/perl/DXProt.pm @@ -307,6 +307,10 @@ sub normal my $node = DXCluster->get_exact($field[1]); last SWITCH if !$node; # ignore if havn't seen a PC19 for this one yet last SWITCH unless $node->isa('DXNode'); + if ($node->dxchan != $self) { + dbg('chan', "LOOP: come in on wrong channel"); + return; + } my $i; @@ -336,7 +340,12 @@ sub normal } if ($pcno == 17) { # remove a user - + my $node = DXCluster->get_exact($field[2]); + last SWITCH unless $node->isa('DXNode'); + if ($node->dxchan != $self) { + dbg('chan', "LOOP: come in on wrong channel"); + return; + } my $ref = DXCluster->get_exact($field[1]); $ref->del() if $ref; last SWITCH; @@ -358,7 +367,12 @@ sub normal my $ver = $field[$i+3]; # now check the call over - next if DXCluster->get_exact($call); # we already have this + my $node = DXCluster->get_exact($call); # we already have this + if ($node && $node->dxchan != $self) { + dbg('chan', "LOOP: come in on wrong channel"); + return; + } + next if $node; # check for sane parameters next if $ver < 5000; # only works with version 5 software @@ -402,8 +416,17 @@ sub normal if ($pcno == 21) { # delete a cluster from the list my $call = uc $field[1]; if ($call ne $main::mycall) { # don't allow malicious buggers to disconnect me! - my $ref = DXCluster->get_exact($call); - $ref->del() if $ref; + my $node = DXCluster->get_exact($call); + if ($node) { + if ($node->dxchan != $self) { + dbg('chan', "LOOP: come in on wrong channel"); + return; + } + $node->del(); + } else { + dbg('chan', "$call not in table, dropped"); + return; + } } last SWITCH; } @@ -459,8 +482,8 @@ sub normal } if ($pcno == 25) { # merge request - unless ($field[1] eq $main::mycall) { - dbg('chan', "merge request to $field[1] from $field[2] ignored"); + if ($field[1] ne $main::mycall) { + route($field[1], $line); return; } @@ -499,7 +522,10 @@ sub normal unless ($field[3] =~ /rcmd/i || !$cref || !$ref || $cref->mynode->call ne $ref->homenode) { # not allowed to relay RCMDS! if ($ref->{priv}) { # you have to have SOME privilege, the commands have further filtering $self->{remotecmd} = 1; # for the benefit of any command that needs to know + my $oldpriv = $self->{priv}; + $self->{priv} = $ref->{priv}; # assume the user's privilege level my @in = (DXCommandmode::run_cmd($self, $field[3])); + $self->{priv} = $oldpriv; for (@in) { s/\s*$//og; $self->send(pc35($main::mycall, $field[2], "$main::mycall:$_")); diff --git a/perl/cluster.pl b/perl/cluster.pl index a0703537..290838f4 100755 --- a/perl/cluster.pl +++ b/perl/cluster.pl @@ -67,7 +67,7 @@ package main; @inqueue = (); # the main input queue, an array of hashes $systime = 0; # the time now (in seconds) -$version = "1.28"; # the version no of the software +$version = "1.29"; # the version no of the software $starttime = 0; # the starting time of the cluster $lockfn = "cluster.lock"; # lock file name -- 2.34.1