Skip to content

Commit

Permalink
[Fix] Try to fix the mess with read only flag
Browse files Browse the repository at this point in the history 
Issue: #4219
  • Loading branch information
@vstakhov
vstakhov committed Jul 25, 2022
1 parent dae18e6 commit ca21e82
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 10 deletions.
33 changes: 24 additions & 9 deletions src/controller.c
View file
Expand Up @@ -515,19 +515,22 @@ rspamd_controller_check_password (struct rspamd_http_connection_entry *entry,
use_enable = FALSE;
const struct rspamd_controller_pbkdf *pbkdf = NULL;

/* Fail-safety */
session->is_read_only = TRUE;

/* Access list logic */
if (rspamd_inet_address_get_af (session->from_addr) == AF_UNIX) {
ret = rspamd_controller_check_forwarded (session, msg, ctx);

if (ret == 1) {
session->is_enable = TRUE;
session->is_read_only = FALSE;

return TRUE;
}
else if (ret == 0) {
/* No forwarded found */
msg_info_session ("allow unauthorized connection from a unix socket");
session->is_enable = TRUE;
session->is_read_only = FALSE;

return TRUE;
}
Expand All @@ -538,15 +541,15 @@ rspamd_controller_check_password (struct rspamd_http_connection_entry *entry,
ret = rspamd_controller_check_forwarded (session, msg, ctx);

if (ret == 1) {
session->is_enable = TRUE;
session->is_read_only = FALSE;

return TRUE;
}
else if (ret == 0) {
/* No forwarded found */
msg_info_session ("allow unauthorized connection from a trusted IP %s",
rspamd_inet_address_to_string (session->from_addr));
session->is_enable = TRUE;
session->is_read_only = FALSE;

return TRUE;
}
Expand All @@ -572,7 +575,7 @@ rspamd_controller_check_password (struct rspamd_http_connection_entry *entry,
}
else if (is_enable && (ctx->password == NULL &&
ctx->enable_password == NULL)) {
session->is_enable = TRUE;
session->is_read_only = FALSE;
return TRUE;
}
}
Expand Down Expand Up @@ -625,7 +628,7 @@ rspamd_controller_check_password (struct rspamd_http_connection_entry *entry,
}

if (ret) {
session->is_enable = TRUE;
session->is_read_only = FALSE;
}
}
else {
Expand All @@ -648,6 +651,13 @@ rspamd_controller_check_password (struct rspamd_http_connection_entry *entry,
check, pbkdf, FALSE);
}

if (check_normal) {
if (ctx->enable_password == NULL) {
/* We have passed password check and no enable password is specified (*/
session->is_read_only = FALSE;
}
}

}
else {
check_normal = FALSE;
Expand All @@ -674,6 +684,11 @@ rspamd_controller_check_password (struct rspamd_http_connection_entry *entry,
else {
check_enable = FALSE;
}

if (check_enable) {
/* We have passed enable password check, not a read-only mode */
session->is_read_only = FALSE;
}
}
}

Expand Down Expand Up @@ -749,7 +764,7 @@ rspamd_controller_handle_auth (struct rspamd_http_connection_entry *conn_ent,
st.messages_scanned), "scanned", 0, false);
ucl_object_insert_key (obj, ucl_object_fromint (
st.messages_learned), "learned", 0, false);
ucl_object_insert_key (obj, ucl_object_frombool (!session->is_enable),
ucl_object_insert_key (obj, ucl_object_frombool (session->is_read_only),
"read_only", 0, false);
ucl_object_insert_key (obj, ucl_object_fromstring (session->ctx->cfg->checksum),
"config_id", 0, false);
Expand Down Expand Up @@ -2665,7 +2680,7 @@ rspamd_controller_handle_stat_common (
uptime = ev_time () - session->ctx->start_time;
ucl_object_insert_key (top, ucl_object_fromint (
uptime), "uptime", 0, false);
ucl_object_insert_key (top, ucl_object_frombool (!session->is_enable),
ucl_object_insert_key (top, ucl_object_frombool (session->is_read_only),
"read_only", 0, false);
ucl_object_insert_key (top, ucl_object_fromint (
stat->messages_scanned), "scanned", 0, false);
Expand Down Expand Up @@ -3106,7 +3121,7 @@ rspamd_controller_handle_metrics_common (
uptime), "uptime", 0, false);
ucl_object_insert_key (top, ucl_object_fromint (
session->ctx->start_time), "start_time", 0, false);
ucl_object_insert_key (top, ucl_object_frombool (!session->is_enable),
ucl_object_insert_key (top, ucl_object_frombool (session->is_read_only),
"read_only", 0, false);
ucl_object_insert_key (top, ucl_object_fromint (
stat->messages_scanned), "scanned", 0, false);
Expand Down
2 changes: 1 addition & 1 deletion src/libserver/worker_util.h
View file
Expand Up @@ -106,7 +106,7 @@ struct rspamd_controller_session {
struct rspamd_config *cfg;
struct rspamd_lang_detector *lang_det;
gboolean is_spam;
gboolean is_enable;
gboolean is_read_only;
};

/**
Expand Down

0 comments on commit ca21e82

Please sign in to comment.