summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
authorReyk Floeter <reyk@cvs.openbsd.org>2011-05-26 14:48:21 +0000
committerReyk Floeter <reyk@cvs.openbsd.org>2011-05-26 14:48:21 +0000
commit6783dda218087dc57a4e66242d1c75ae82a7b261 (patch)
treecaac4710bed51b3b7e5b167cccc171cd97f7fa9e /usr.sbin
parent933c020a19c5f05c1664fd6228615ea453c7eecf (diff)
Add additional check to prevent running scripts when not configured.
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/relayd/check_script.c7
-rw-r--r--usr.sbin/relayd/parse.y5
-rw-r--r--usr.sbin/relayd/relayd.h5
3 files changed, 13 insertions, 4 deletions
diff --git a/usr.sbin/relayd/check_script.c b/usr.sbin/relayd/check_script.c
index 6e5270d979e..bc8e9c5d613 100644
--- a/usr.sbin/relayd/check_script.c
+++ b/usr.sbin/relayd/check_script.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: check_script.c,v 1.13 2011/05/26 14:38:03 reyk Exp $ */
+/* $OpenBSD: check_script.c,v 1.14 2011/05/26 14:48:20 reyk Exp $ */
/*
* Copyright (c) 2007, 2008 Reyk Floeter <reyk@openbsd.org>
@@ -102,6 +102,11 @@ script_exec(struct relayd *env, struct ctl_script *scr)
const char *file, *arg;
struct passwd *pw;
+ if ((env->sc_flags & F_SCRIPT) == 0) {
+ log_warnx("%s: script disabled", __func__);
+ return (-1);
+ }
+
DPRINTF("%s: running script %s, host %s",
__func__, scr->path, scr->name);
diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y
index 3773370b17e..e2f2c8aaaac 100644
--- a/usr.sbin/relayd/parse.y
+++ b/usr.sbin/relayd/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.157 2011/05/23 10:44:59 reyk Exp $ */
+/* $OpenBSD: parse.y,v 1.158 2011/05/26 14:48:20 reyk Exp $ */
/*
* Copyright (c) 2007-2011 Reyk Floeter <reyk@openbsd.org>
@@ -776,6 +776,7 @@ tablecheck : ICMP { table->conf.check = CHECK_ICMP; }
free($2);
YYERROR;
}
+ conf->sc_flags |= F_SCRIPT;
free($2);
}
;
@@ -2239,6 +2240,8 @@ load_config(const char *filename, struct relayd *x_conf)
struct host *h, *ph;
conf = x_conf;
+ conf->sc_flags = 0;
+
loadcfg = 1;
errors = 0;
last_host_id = last_table_id = last_rdr_id = last_proto_id =
diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h
index f535b6778fd..c4abc4251b3 100644
--- a/usr.sbin/relayd/relayd.h
+++ b/usr.sbin/relayd/relayd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: relayd.h,v 1.149 2011/05/26 14:38:03 reyk Exp $ */
+/* $OpenBSD: relayd.h,v 1.150 2011/05/26 14:48:20 reyk Exp $ */
/*
* Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -257,13 +257,14 @@ TAILQ_HEAD(addresslist, address);
#define F_NEEDRT 0x00400000
#define F_MATCH 0x00800000
#define F_DIVERT 0x01000000
+#define F_SCRIPT 0x02000000
#define F_BITS \
"\10\01DISABLE\02BACKUP\03USED\04DOWN\05ADD\06DEL\07CHANGED" \
"\10STICKY-ADDRESS\11CHECK_DONE\12ACTIVE_RULESET\13CHECK_SENT" \
"\14SSL\15NAT_LOOKUP\16DEMOTE\17LOOKUP_PATH\20DEMOTED\21UDP" \
"\22RETURN\23TRAP\24NEEDPF\25PORT\26SSL_CLIENT\27NEEDRT" \
- "\30MATCH\31DIVERT"
+ "\30MATCH\31DIVERT\32SCRIPT"
enum forwardmode {
FWD_NORMAL = 0,