Details
Description
When we have a policy server that fetches files itself from another policy server, it seems there is currently no way to ensure we are talking to the right server, as trust is established with all served nodes. One of the trusted served nodes could take the upstream policy server's IP (or poison DNS) and the policy server would copy files without error, allowing it to take control of all served nodes.
This PR proposes a new setting global to the agent allowing to restrict by key the set of servers we can copy_from. It acts more or less like an admit_key for client side.
It is usable with:
body agent control {
copyfrom_restrict_keys => { "MD5=9a779d955ea244a9ab7c03dcacad75e6" };
}