aboutsummaryrefslogtreecommitdiffstats
path: root/src/controller.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/controller.c')
-rw-r--r--src/controller.c20
1 files changed, 12 insertions, 8 deletions
diff --git a/src/controller.c b/src/controller.c
index ed990c898..ba6ee7561 100644
--- a/src/controller.c
+++ b/src/controller.c
@@ -512,6 +512,13 @@ static gboolean rspamd_controller_check_password(
ret = FALSE;
}
else {
+ if (rspamd_ftok_cstr_equal (password, "q1", FALSE) ||
+ rspamd_ftok_cstr_equal (password, "q2", FALSE)) {
+ msg_info_session ("deny default password for remote access");
+ ret = FALSE;
+ goto end;
+ }
+
if (is_enable) {
/* For privileged commands we strictly require enable password */
if (ctx->enable_password != NULL) {
@@ -542,10 +549,6 @@ static gboolean rspamd_controller_check_password(
else {
msg_warn_session (
"no password to check while executing a privileged command");
- if (ctx->secure_map) {
- msg_info("deny unauthorized connection");
- ret = FALSE;
- }
ret = FALSE;
}
}
@@ -598,15 +601,16 @@ static gboolean rspamd_controller_check_password(
}
}
- if (query_args != NULL) {
- g_hash_table_unref (query_args);
- }
-
if (check_normal == FALSE && check_enable == FALSE) {
msg_info ("absent or incorrect password has been specified");
ret = FALSE;
}
+end:
+ if (query_args != NULL) {
+ g_hash_table_unref (query_args);
+ }
+
if (!ret) {
rspamd_controller_send_error (entry, 403, "Unauthorized");
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-23 12:01:20 +0000