diff options
author | Reyk Floeter <reyk@cvs.openbsd.org> | 2011-05-26 14:48:21 +0000 |
---|---|---|
committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2011-05-26 14:48:21 +0000 |
commit | 6783dda218087dc57a4e66242d1c75ae82a7b261 (patch) | |
tree | caac4710bed51b3b7e5b167cccc171cd97f7fa9e /usr.sbin | |
parent | 933c020a19c5f05c1664fd6228615ea453c7eecf (diff) |
Add additional check to prevent running scripts when not configured.
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/relayd/check_script.c | 7 | ||||
-rw-r--r-- | usr.sbin/relayd/parse.y | 5 | ||||
-rw-r--r-- | usr.sbin/relayd/relayd.h | 5 |
3 files changed, 13 insertions, 4 deletions
diff --git a/usr.sbin/relayd/check_script.c b/usr.sbin/relayd/check_script.c index 6e5270d979e..bc8e9c5d613 100644 --- a/usr.sbin/relayd/check_script.c +++ b/usr.sbin/relayd/check_script.c @@ -1,4 +1,4 @@ -/* $OpenBSD: check_script.c,v 1.13 2011/05/26 14:38:03 reyk Exp $ */ +/* $OpenBSD: check_script.c,v 1.14 2011/05/26 14:48:20 reyk Exp $ */ /* * Copyright (c) 2007, 2008 Reyk Floeter <reyk@openbsd.org> @@ -102,6 +102,11 @@ script_exec(struct relayd *env, struct ctl_script *scr) const char *file, *arg; struct passwd *pw; + if ((env->sc_flags & F_SCRIPT) == 0) { + log_warnx("%s: script disabled", __func__); + return (-1); + } + DPRINTF("%s: running script %s, host %s", __func__, scr->path, scr->name); diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y index 3773370b17e..e2f2c8aaaac 100644 --- a/usr.sbin/relayd/parse.y +++ b/usr.sbin/relayd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.157 2011/05/23 10:44:59 reyk Exp $ */ +/* $OpenBSD: parse.y,v 1.158 2011/05/26 14:48:20 reyk Exp $ */ /* * Copyright (c) 2007-2011 Reyk Floeter <reyk@openbsd.org> @@ -776,6 +776,7 @@ tablecheck : ICMP { table->conf.check = CHECK_ICMP; } free($2); YYERROR; } + conf->sc_flags |= F_SCRIPT; free($2); } ; @@ -2239,6 +2240,8 @@ load_config(const char *filename, struct relayd *x_conf) struct host *h, *ph; conf = x_conf; + conf->sc_flags = 0; + loadcfg = 1; errors = 0; last_host_id = last_table_id = last_rdr_id = last_proto_id = diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h index f535b6778fd..c4abc4251b3 100644 --- a/usr.sbin/relayd/relayd.h +++ b/usr.sbin/relayd/relayd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: relayd.h,v 1.149 2011/05/26 14:38:03 reyk Exp $ */ +/* $OpenBSD: relayd.h,v 1.150 2011/05/26 14:48:20 reyk Exp $ */ /* * Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -257,13 +257,14 @@ TAILQ_HEAD(addresslist, address); #define F_NEEDRT 0x00400000 #define F_MATCH 0x00800000 #define F_DIVERT 0x01000000 +#define F_SCRIPT 0x02000000 #define F_BITS \ "\10\01DISABLE\02BACKUP\03USED\04DOWN\05ADD\06DEL\07CHANGED" \ "\10STICKY-ADDRESS\11CHECK_DONE\12ACTIVE_RULESET\13CHECK_SENT" \ "\14SSL\15NAT_LOOKUP\16DEMOTE\17LOOKUP_PATH\20DEMOTED\21UDP" \ "\22RETURN\23TRAP\24NEEDPF\25PORT\26SSL_CLIENT\27NEEDRT" \ - "\30MATCH\31DIVERT" + "\30MATCH\31DIVERT\32SCRIPT" enum forwardmode { FWD_NORMAL = 0, |