feat: permit-open #1402
feat: permit-open #1402
Conversation
| char **permitopen; | ||
| char **permitopen_hosts; | ||
| uint16_t *permitopen_ports; // 0 = '*' |
There was a problem hiding this comment.
previously permitopen was a list of strings, but now it is split up into a list of hosts and list of ports, "*" for port = 0
| // NPT ONLY | ||
| // Don't try optimizing this to reuse the permitopen struct from main.c. | ||
| // none of the memory duplication here is expensive, and it's a surface for bugs | ||
| permitopen_params permitopen; | ||
| permitopen.permitopen_len = params->permitopen_len; | ||
| permitopen.permitopen_hosts = params->permitopen_hosts; | ||
| permitopen.permitopen_ports = params->permitopen_ports; | ||
| permitopen.requested_host = cJSON_GetStringValue(requested_host); | ||
| permitopen.requested_port = cJSON_GetNumberValue(requested_port); | ||
|
|
||
| if (!should_permitopen(&permitopen)) { | ||
| atlogger_log(LOGGER_TAG, ATLOGGER_LOGGING_LEVEL_DEBUG, "Ignoring request to localhost:%d\n", | ||
| permitopen.requested_port); | ||
| cJSON_Delete(envelope); | ||
| return; | ||
| } | ||
| // END NPT ONLY | ||
|
|
There was a problem hiding this comment.
handle permit open check for npt, after envelope has been decoded
| @@ -138,15 +156,13 @@ void handle_npt_request(atclient *atclient, pthread_mutex_t *atclient_lock, sshn | |||
| char *buffer = NULL; | |||
|
|
|||
| res = atclient_get_public_key(atclient, &atkey, &buffer, NULL); | |||
| atclient_atkey_free(&atkey); | |||
There was a problem hiding this comment.
The rest of this file is memory clean up
| @@ -142,15 +142,13 @@ void handle_ssh_request(atclient *atclient, pthread_mutex_t *atclient_lock, sshn | |||
| char *buffer = NULL; | |||
|
|
|||
| res = atclient_get_public_key(atclient, &atkey, &buffer, NULL); | |||
| atclient_atkey_free(&atkey); | |||
There was a problem hiding this comment.
The same memory clean up is the only change to handle_ssh_request
| if (params.policy == NULL) { | ||
| atlogger_log(LOGGER_TAG, ATLOGGER_LOGGING_LEVEL_DEBUG, "Policy Manager: NULL"); | ||
| } else { | ||
| atlogger_log(LOGGER_TAG, ATLOGGER_LOGGING_LEVEL_DEBUG, "Policy Manager: %s", params.policy); | ||
| } |
There was a problem hiding this comment.
Started policy implementation, but the flag is disabled for now.
| char *buf = malloc(sizeof(char) * 1024); | ||
| for (int i = 0; i < params.permitopen_len; i++) { | ||
| cJSON_AddItemToArray(allowed_services, cJSON_CreateString(params.permitopen[i])); | ||
| sprintf(buf, "%s:%u", params.permitopen_hosts[i], (unsigned int)params.permitopen_ports[i]); | ||
| cJSON_AddItemToArray(allowed_services, cJSON_CreateString(buf)); | ||
| } | ||
| free(buf); |
There was a problem hiding this comment.
Since I split params.permitopen into params.permitopen_hosts and params.permitopen_ports
| // permitopen happens first for ssh so we can avoid a bunch of unnecessary tasks | ||
| permitopen.requested_host = "localhost"; | ||
| permitopen.requested_port = params.local_sshd_port; | ||
| if (!should_permitopen(&permitopen)) { | ||
| atlogger_log(LOGGER_TAG, ATLOGGER_LOGGING_LEVEL_DEBUG, "Ignoring request to localhost:%d\n", | ||
| params.local_sshd_port); | ||
| // TODO notify daemon doesn't permit connections to $requested_host:$requested_port | ||
| break; | ||
| } |
There was a problem hiding this comment.
permit open for ssh can be checked earlier since we don't need to decode the json in the request to check it.
| if ((parse_permitopen(permitopen, ¶ms->permitopen_hosts, ¶ms->permitopen_ports, ¶ms->permitopen_len, | ||
| false) != 0)) { | ||
| printf("Failed to parse permit-open string\n"); | ||
| free(params->permitopen_str); | ||
| return 1; | ||
| } |
There was a problem hiding this comment.
Parse permitopen early so we can check for invalid input.
| if (params->manager_list == NULL) { | ||
| printf("Failed to allocate memory for manager list\n"); | ||
| free(params->permitopen_str); | ||
| return 1; |
There was a problem hiding this comment.
refactored the manager_list code to a cleaner solution more similar to permitopen...
I was referencing this as I was doing the permitopen parsing and realized this need to be changed.
| // malloc pointers to each string, but don't malloc any more memory for individual char storage | ||
| *permitopen_hosts = malloc((sep_count) * sizeof(char *)); | ||
| *permitopen_ports = malloc((sep_count) * sizeof(uint16_t)); |
There was a problem hiding this comment.
we don't need individual char storage because we are pointing these pointers to the memory passed into the argv of the program. I replaced the : with null terminators to make the original hosts passed in valid c strings.
|
Draft until I've written tests for parsing of permit-open and manager list |
- What I did
- How I did it
- How to verify it
- Description for the changelog
feat: permit-open