Add a flag for functions considered safe for a remote computer to call.

2017-10-02 19:55:16 +05:30 · 2017-10-02 19:55:16 +05:30 · 8dffd48f70
parent 54b0d2fcb6
commit 8dffd48f70
2 changed files with 9 additions and 2 deletions
--- a/library/RemoteServer.cpp
+++ b/library/RemoteServer.cpp
@ -284,7 +284,11 @@ void ServerConnection::threadFn()
        }
        else
        {
-            if (!fn->in()->ParseFromArray(buf.get(), header.size))
+			if (((fn->flags & SF_ALLOW_REMOTE) != SF_ALLOW_REMOTE) && strcmp(socket->GetClientAddr(), "127.0.0.1") != 0)
+			{
+				stream.printerr("In call to %s: forbidden host: %s\n", fn->name, socket->GetClientAddr());
+			}
+            else if (!fn->in()->ParseFromArray(buf.get(), header.size))
            {
                stream.printerr("In call to %s: could not decode input args.\n", fn->name);
            }
--- a/library/include/RemoteServer.h
+++ b/library/include/RemoteServer.h
@ -46,7 +46,10 @@ namespace  DFHack
        SF_CALLED_ONCE = 1,
        // Don't automatically suspend the core around the call.
        // The function is supposed to manage locking itself.
-        SF_DONT_SUSPEND = 2
+        SF_DONT_SUSPEND = 2,
+		// The function is considered safe to call from a remote computer.
+		// All other functions cannot be allowed for security reasons.
+		SF_ALLOW_REMOTE = 4
    };

    class DFHACK_EXPORT ServerFunctionBase : public RPCFunctionBase {