Commit 75f68083 authored by Mike Hibler's avatar Mike Hibler

Nit: make sure we don't pass back TPM-only info with fullconfig.

Also require SSL when returning a key hash.
parent 374ac709
......@@ -360,7 +360,7 @@ struct command {
{ "programs", FULLCONFIG_ALL, F_ALLOCATED, doprogagents},
{ "syncserver", FULLCONFIG_ALL, F_ALLOCATED, dosyncserver},
{ "keyhash", FULLCONFIG_ALL, F_ALLOCATED|F_REMREQSSL, dokeyhash},
{ "eventkey", FULLCONFIG_ALL, F_ALLOCATED, doeventkey},
{ "eventkey", FULLCONFIG_ALL, F_ALLOCATED|F_REMREQSSL, doeventkey},
{ "fullconfig", FULLCONFIG_NONE, F_ALLOCATED, dofullconfig},
{ "routelist", FULLCONFIG_PHYS, F_ALLOCATED, doroutelist},
{ "role", FULLCONFIG_PHYS, F_ALLOCATED, dorole},
......@@ -3866,13 +3866,11 @@ COMMAND_PROTOTYPE(doloadinfo)
return 1;
}
if ((nrows = (int)mysql_num_rows(res)) == 0) {
mysql_free_result(res);
return 0;
}
if (nrows > 1 && vers <= 29) {
bufp += OUTPUT(bufp, ebufp - bufp,
......@@ -5974,6 +5972,12 @@ COMMAND_PROTOTYPE(dofullconfig)
*/
continue;
}
/*
* Silently drop all TPM-required commands right now.
*/
if ((command_array[i].flags & F_REQTPM)) {
continue;
}
OUTPUT(buf, sizeof(buf),
"*** %s\n", command_array[i].cmdname);
client_writeback(sock, buf, strlen(buf), tcp);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment