From 9f7b7a839a22f9c074d8f2baf8dba8f85d6fa1dc Mon Sep 17 00:00:00 2001 From: Art Cancro Date: Mon, 14 Jul 2003 03:07:06 +0000 Subject: [PATCH] * ipgm_secret is no longer set during setup. Now it is set at server startup and automatically changes whenever an IPGM command is executed. * Upon an IPGM authentication failure, wait 5 seconds before displaying an error, then disconnect the session. --- citadel/ChangeLog | 7 +++++++ citadel/citserver.c | 14 ++++++++++---- citadel/serv_vandelay.c | 2 -- citadel/server_main.c | 6 ++++-- citadel/setup.c | 4 ---- 5 files changed, 21 insertions(+), 12 deletions(-) diff --git a/citadel/ChangeLog b/citadel/ChangeLog index f46dbf7a2..19cee5f7e 100644 --- a/citadel/ChangeLog +++ b/citadel/ChangeLog @@ -1,4 +1,10 @@ $Log$ + Revision 607.21 2003/07/14 03:07:05 ajc + * ipgm_secret is no longer set during setup. Now it is set at server startup + and automatically changes whenever an IPGM command is executed. + * Upon an IPGM authentication failure, wait 5 seconds before displaying an + error, then disconnect the session. + Revision 607.20 2003/07/13 04:58:35 ajc * Allow connect on unix domain sockets to Citadels in other directories * sendcommand now uses unix domain sockets instead of the network @@ -4853,3 +4859,4 @@ Sat Jul 11 00:20:48 EDT 1998 Nathan Bryant Fri Jul 10 1998 Art Cancro * Initial CVS import + diff --git a/citadel/citserver.c b/citadel/citserver.c index 04c37ef63..b07a0d637 100644 --- a/citadel/citserver.c +++ b/citadel/citserver.c @@ -761,26 +761,32 @@ void cmd_ipgm(char *argbuf) { int secret; + secret = extract_int(argbuf, 0); + /* For security reasons, we do NOT allow this command to run * over the network. Local sockets only. */ if (!CC->is_local_socket) { sleep(5); cprintf("%d Authentication failed.\n",ERROR); - return; } - - secret = extract_int(argbuf, 0); - if (secret == config.c_ipgm_secret) { + else if (secret == config.c_ipgm_secret) { CC->internal_pgm = 1; strcpy(CC->curr_user, ""); CC->cs_flags = CC->cs_flags|CS_STEALTH; cprintf("%d Authenticated as an internal program.\n",CIT_OK); } else { + sleep(5); cprintf("%d Authentication failed.\n",ERROR); lprintf(3, "Warning: ipgm authentication failed.\n"); + CC->kill_me = 1; } + + /* Now change the ipgm secret for the next round. */ + get_config(); + config.c_ipgm_secret = rand(); + put_config(); } diff --git a/citadel/serv_vandelay.c b/citadel/serv_vandelay.c index 4b54fe582..1608804b5 100644 --- a/citadel/serv_vandelay.c +++ b/citadel/serv_vandelay.c @@ -271,7 +271,6 @@ void artv_do_export(void) { cprintf("%d\n", config.c_maxsessions); cprintf("%s\n", config.c_net_password); cprintf("%d\n", config.c_port_number); - cprintf("%d\n", config.c_ipgm_secret); cprintf("%d\n", config.c_ep.expire_mode); cprintf("%d\n", config.c_ep.expire_value); cprintf("%d\n", config.c_userpurge); @@ -329,7 +328,6 @@ void artv_import_config(void) { client_gets(buf); config.c_maxsessions = atoi(buf); client_gets(config.c_net_password); client_gets(buf); config.c_port_number = atoi(buf); - client_gets(buf); config.c_ipgm_secret = atoi(buf); client_gets(buf); config.c_ep.expire_mode = atoi(buf); client_gets(buf); config.c_ep.expire_value = atoi(buf); client_gets(buf); config.c_userpurge = atoi(buf); diff --git a/citadel/server_main.c b/citadel/server_main.c index ad2b2b3bb..c2d3b46e5 100644 --- a/citadel/server_main.c +++ b/citadel/server_main.c @@ -140,10 +140,12 @@ int main(int argc, char **argv) init_sysdep(); openlog("citserver", LOG_PID, LOG_USER); - /* Load site-specific parameters */ + /* Load site-specific parameters, and set the ipgm secret */ lprintf(7, "Loading citadel.config\n"); get_config(); - + srand(getpid()); + config.c_ipgm_secret = rand(); + put_config(); /* * Do non system dependent startup functions. diff --git a/citadel/setup.c b/citadel/setup.c index 13609928b..1f480484c 100644 --- a/citadel/setup.c +++ b/citadel/setup.c @@ -769,10 +769,6 @@ int main(int argc, char *argv[]) if (config.c_port_number == 0) { config.c_port_number = 504; } - if (config.c_ipgm_secret == 0) { - srand(getpid()); - config.c_ipgm_secret = rand(); - } if (config.c_sleeping == 0) { config.c_sleeping = 900; } -- 2.39.2