clusterd: Accept commands only from trusted hosts

clusterd/clusterd

@@ -954,6 +954,12 @@ sub clp_rx_LSOF {
 
 sub clp_rx_CMD {
     my ($socket,@cmd)=@_;
+
+    unless (is_trusted_ip($socket->peerhost())) {
+        warn "reveived command from untrusted host ". $socket->peerhost(). "\n";
+        return;
+    }
+
     my $pid=fork;
     unless (defined $pid) {
         warn"$!\n";
@@ -1224,6 +1230,8 @@ sub expand_hostconfig_hosts {
 
 sub exec_at {
     my ($host,@cmd)=@_;
+    is_trusted_ip($my_ip) or die "This command only works on a trusted host\n";
+
     sync_cluster_pw() or die "$CLUSTER_PW_FILE: $!\n";
     my $s=new IO::Socket::INET(PeerAddr=>$host,PeerPort=>$CLP_PORT);
     unless (defined $s) {