commit ca21e82: [Fix] Try to fix the mess with read only flag

Mon Jul 25 22:21:03 UTC 2022

Author: Vsevolod Stakhov
Date: 2022-07-25 22:18:32 +0100
URL: https://github.com/rspamd/rspamd/commit/ca21e823e51a64cb528480d22722b2d8ea65ec77 (HEAD -> master)

[Fix] Try to fix the mess with read only flag
Issue: #4219

---
 src/controller.c            | 33 ++++++++++++++++++++++++---------
 src/libserver/worker_util.h |  2 +-
 2 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/src/controller.c b/src/controller.c
index d199b88bc..765aa1623 100644
--- a/src/controller.c
+++ b/src/controller.c
@@ -515,19 +515,22 @@ rspamd_controller_check_password (struct rspamd_http_connection_entry *entry,
 		use_enable = FALSE;
 	const struct rspamd_controller_pbkdf *pbkdf = NULL;
 
+	/* Fail-safety */
+	session->is_read_only = TRUE;
+
 	/* Access list logic */
 	if (rspamd_inet_address_get_af (session->from_addr) == AF_UNIX) {
 		ret = rspamd_controller_check_forwarded (session, msg, ctx);
 
 		if (ret == 1) {
-			session->is_enable = TRUE;
+			session->is_read_only = FALSE;
 
 			return TRUE;
 		}
 		else if (ret == 0) {
 			/* No forwarded found */
 			msg_info_session ("allow unauthorized connection from a unix socket");
-			session->is_enable = TRUE;
+			session->is_read_only = FALSE;
 
 			return TRUE;
 		}
@@ -538,7 +541,7 @@ rspamd_controller_check_password (struct rspamd_http_connection_entry *entry,
 		ret = rspamd_controller_check_forwarded (session, msg, ctx);
 
 		if (ret == 1) {
-			session->is_enable = TRUE;
+			session->is_read_only = FALSE;
 
 			return TRUE;
 		}
@@ -546,7 +549,7 @@ rspamd_controller_check_password (struct rspamd_http_connection_entry *entry,
 			/* No forwarded found */
 			msg_info_session ("allow unauthorized connection from a trusted IP %s",
 							rspamd_inet_address_to_string (session->from_addr));
-			session->is_enable = TRUE;
+			session->is_read_only = FALSE;
 
 			return TRUE;
 		}
@@ -572,7 +575,7 @@ rspamd_controller_check_password (struct rspamd_http_connection_entry *entry,
 			}
 			else if (is_enable && (ctx->password == NULL &&
 					ctx->enable_password == NULL)) {
-				session->is_enable = TRUE;
+				session->is_read_only = FALSE;
 				return TRUE;
 			}
 		}
@@ -625,7 +628,7 @@ rspamd_controller_check_password (struct rspamd_http_connection_entry *entry,
 			}
 
 			if (ret) {
-				session->is_enable = TRUE;
+				session->is_read_only = FALSE;
 			}
 		}
 		else {
@@ -648,6 +651,13 @@ rspamd_controller_check_password (struct rspamd_http_connection_entry *entry,
 							check, pbkdf, FALSE);
 				}
 
+				if (check_normal) {
+					if (ctx->enable_password == NULL) {
+						/* We have passed password check and no enable password is specified (*/
+						session->is_read_only = FALSE;
+					}
+				}
+
 			}
 			else {
 				check_normal = FALSE;
@@ -674,6 +684,11 @@ rspamd_controller_check_password (struct rspamd_http_connection_entry *entry,
 			else {
 				check_enable = FALSE;
 			}
+
+			if (check_enable) {
+				/* We have passed enable password check, not a read-only mode */
+				session->is_read_only = FALSE;
+			}
 		}
 	}
 
@@ -749,7 +764,7 @@ rspamd_controller_handle_auth (struct rspamd_http_connection_entry *conn_ent,
 			st.messages_scanned), "scanned",  0, false);
 	ucl_object_insert_key (obj,	   ucl_object_fromint (
 			st.messages_learned), "learned",  0, false);
-	ucl_object_insert_key (obj, ucl_object_frombool (!session->is_enable),
+	ucl_object_insert_key (obj, ucl_object_frombool (session->is_read_only),
 			"read_only", 0, false);
 	ucl_object_insert_key (obj, ucl_object_fromstring (session->ctx->cfg->checksum),
 			"config_id", 0, false);
@@ -2665,7 +2680,7 @@ rspamd_controller_handle_stat_common (
 	uptime = ev_time () - session->ctx->start_time;
 	ucl_object_insert_key (top, ucl_object_fromint (
 			uptime), "uptime", 0, false);
-	ucl_object_insert_key (top, ucl_object_frombool (!session->is_enable),
+	ucl_object_insert_key (top, ucl_object_frombool (session->is_read_only),
 			"read_only", 0, false);
 	ucl_object_insert_key (top, ucl_object_fromint (
 			stat->messages_scanned), "scanned", 0, false);
@@ -3106,7 +3121,7 @@ rspamd_controller_handle_metrics_common (
 			uptime), "uptime", 0, false);
 	ucl_object_insert_key (top, ucl_object_fromint (
 			session->ctx->start_time), "start_time", 0, false);
-	ucl_object_insert_key (top, ucl_object_frombool (!session->is_enable),
+	ucl_object_insert_key (top, ucl_object_frombool (session->is_read_only),
 			"read_only", 0, false);
 	ucl_object_insert_key (top, ucl_object_fromint (
 			stat->messages_scanned), "scanned", 0, false);
diff --git a/src/libserver/worker_util.h b/src/libserver/worker_util.h
index 12f73aa4c..ed7ada3d3 100644
--- a/src/libserver/worker_util.h
+++ b/src/libserver/worker_util.h
@@ -106,7 +106,7 @@ struct rspamd_controller_session {
 	struct rspamd_config *cfg;
 	struct rspamd_lang_detector *lang_det;
 	gboolean is_spam;
-	gboolean is_enable;
+	gboolean is_read_only;
 };
 
 /**
