[2170] in Moira Commits
[ops/moira] 01a2ab: From Mark and Olu: Harden Moira agaist
daemon@ATHENA.MIT.EDU (Jonathon Weiss)
Wed Oct 27 18:29:58 2021
Date: Wed, 27 Oct 2021 18:29:29 -0400
From: Jonathon Weiss <noreply@mit.edu>
To: <moira-commits@mit.edu>
Message-ID: <ops/moira/push/refs/heads/master/47b9c3-01a2ab@github.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain;
charset=UTF-8
Content-Transfer-Encoding: 7bit
Branch: refs/heads/master
Home: https://github.mit.edu/ops/moira
Commit: 01a2aba1be44e917b981f646387d13b575bb61b9
https://github.mit.edu/ops/moira/commit/01a2aba1be44e917b981f646387d13b575bb61b9
Author: Jonathon Weiss <jweiss@mit.edu>
Date: 2021-10-27 (Wed, 27 Oct 2021)
Changed paths:
M moira/incremental/route-server/route-server.c
M moira/server/mr_sauth.c
M moira/server/mr_server.h
M moira/server/mr_util.c
M moira/server/qaccess.pc
M moira/server/qrtn.pc
M moira/server/qsetup.pc
M moira/server/qsupport.pc
M moira/server/queries2.c
Log Message:
-----------
From Mark and Olu: Harden Moira agaist misbehaving clients
* Update server so that it no longer accepts unauth'd queries,
except from the local server.
* Added deny list functionality to allow blocking for clients
that are misbehaving, by creating a deny capacl
* Fixed a bug that allowed a duplicate GID to be specified for a group
* Added a new query get_pacs_lists_of_member (gplm) and capacls entry
* Added access routines and updated query validation to permit
ACLs to get_host* queries
o Updated route-server.incr to ensure it auth's to the Moira server
