diff --git a/src/controller.c b/src/controller.c index d199b88bcf..765aa16239 100644 --- a/src/controller.c +++ b/src/controller.c @@ -515,19 +515,22 @@ rspamd_controller_check_password (struct rspamd_http_connection_entry *entry, use_enable = FALSE; const struct rspamd_controller_pbkdf *pbkdf = NULL; + /* Fail-safety */ + session->is_read_only = TRUE; + /* Access list logic */ if (rspamd_inet_address_get_af (session->from_addr) == AF_UNIX) { ret = rspamd_controller_check_forwarded (session, msg, ctx); if (ret == 1) { - session->is_enable = TRUE; + session->is_read_only = FALSE; return TRUE; } else if (ret == 0) { /* No forwarded found */ msg_info_session ("allow unauthorized connection from a unix socket"); - session->is_enable = TRUE; + session->is_read_only = FALSE; return TRUE; } @@ -538,7 +541,7 @@ rspamd_controller_check_password (struct rspamd_http_connection_entry *entry, ret = rspamd_controller_check_forwarded (session, msg, ctx); if (ret == 1) { - session->is_enable = TRUE; + session->is_read_only = FALSE; return TRUE; } @@ -546,7 +549,7 @@ rspamd_controller_check_password (struct rspamd_http_connection_entry *entry, /* No forwarded found */ msg_info_session ("allow unauthorized connection from a trusted IP %s", rspamd_inet_address_to_string (session->from_addr)); - session->is_enable = TRUE; + session->is_read_only = FALSE; return TRUE; } @@ -572,7 +575,7 @@ rspamd_controller_check_password (struct rspamd_http_connection_entry *entry, } else if (is_enable && (ctx->password == NULL && ctx->enable_password == NULL)) { - session->is_enable = TRUE; + session->is_read_only = FALSE; return TRUE; } } @@ -625,7 +628,7 @@ rspamd_controller_check_password (struct rspamd_http_connection_entry *entry, } if (ret) { - session->is_enable = TRUE; + session->is_read_only = FALSE; } } else { @@ -648,6 +651,13 @@ rspamd_controller_check_password (struct rspamd_http_connection_entry *entry, check, pbkdf, FALSE); } + if (check_normal) { + if (ctx->enable_password == NULL) { + /* We have passed password check and no enable password is specified (*/ + session->is_read_only = FALSE; + } + } + } else { check_normal = FALSE; @@ -674,6 +684,11 @@ rspamd_controller_check_password (struct rspamd_http_connection_entry *entry, else { check_enable = FALSE; } + + if (check_enable) { + /* We have passed enable password check, not a read-only mode */ + session->is_read_only = FALSE; + } } } @@ -749,7 +764,7 @@ rspamd_controller_handle_auth (struct rspamd_http_connection_entry *conn_ent, st.messages_scanned), "scanned", 0, false); ucl_object_insert_key (obj, ucl_object_fromint ( st.messages_learned), "learned", 0, false); - ucl_object_insert_key (obj, ucl_object_frombool (!session->is_enable), + ucl_object_insert_key (obj, ucl_object_frombool (session->is_read_only), "read_only", 0, false); ucl_object_insert_key (obj, ucl_object_fromstring (session->ctx->cfg->checksum), "config_id", 0, false); @@ -2665,7 +2680,7 @@ rspamd_controller_handle_stat_common ( uptime = ev_time () - session->ctx->start_time; ucl_object_insert_key (top, ucl_object_fromint ( uptime), "uptime", 0, false); - ucl_object_insert_key (top, ucl_object_frombool (!session->is_enable), + ucl_object_insert_key (top, ucl_object_frombool (session->is_read_only), "read_only", 0, false); ucl_object_insert_key (top, ucl_object_fromint ( stat->messages_scanned), "scanned", 0, false); @@ -3106,7 +3121,7 @@ rspamd_controller_handle_metrics_common ( uptime), "uptime", 0, false); ucl_object_insert_key (top, ucl_object_fromint ( session->ctx->start_time), "start_time", 0, false); - ucl_object_insert_key (top, ucl_object_frombool (!session->is_enable), + ucl_object_insert_key (top, ucl_object_frombool (session->is_read_only), "read_only", 0, false); ucl_object_insert_key (top, ucl_object_fromint ( stat->messages_scanned), "scanned", 0, false); diff --git a/src/libserver/worker_util.h b/src/libserver/worker_util.h index 12f73aa4ca..ed7ada3d30 100644 --- a/src/libserver/worker_util.h +++ b/src/libserver/worker_util.h @@ -106,7 +106,7 @@ struct rspamd_controller_session { struct rspamd_config *cfg; struct rspamd_lang_detector *lang_det; gboolean is_spam; - gboolean is_enable; + gboolean is_read_only; }; /**