search

PowerDNS / weakforced

Anti-Abuse for servers at authentication time
GNU General Public License v3.0
123 stars 33 forks source link

Use trackalert to create SETKEY #392

Closed bgmex closed 1 year ago

bgmex commented 1 year ago

Minor fix

neilcook commented 1 year ago

So, the -c flag makes wforce run as a client, connecting to a server. This will not generate a key, it will simply fail to connect with an error message. I'm not sure what the reason for this PR is? Is the current post install script not working?

bgmex commented 1 year ago

I'm sorry for my poor PR. I forgot to add the explanation.

Meanwhile I did some further research and learned, that my PR is insufficient/unnecessary.

The current post install script for wforce-trackalert only fails if wforce is already running. My PR fixes this. If wforce is not running my PR fails and the current post install scripts works.

A proper fix would be something like:

systemctl is-active --quiet wforce
if [ $? -eq 0 ]; then
    # wforce is running so connect to it using -c
    SETKEY=`echo "makeKey()" | wforce -c | grep setKey`
else
    # wforce is not running
    SETKEY=`echo "makeKey()" | wforce | grep setKey`
fi

Or we that for granted, that wforce is not running when wforce-trackalert is being installed

neilcook commented 1 year ago

Actually the proper fix is to run trackalert to generate the key not wforce, as trackalert should have no dependency on wforce being installed:


SETKEY=`echo "makeKey()" | trackalert | grep setKey`
neilcook commented 1 year ago

Note that this issue also exists in the spec file for RH packages