Improve clusterd security #436

Implement new udp service 'exec.2' which accepts a list of predefined commands to run. Implement new command `clusterd exec CMD...` The new usage is supposed to make `clusterd --exec` and the 'exec' UDP service obsolete. Having all commands which might be issued after file updates available in the same %CMD infrastructure will make the following changes easier and the file shorter, once the obsolete command `clusterd --exec` and the UDP services udp_rx_flush_gidcache, udp_rx_make_automaps, udp_rx_reexport and udp_rx_exec are removed.

Change protocol for `clusterd push`: - Multiple files can be offered with one command invocation and one UDP broadcast - The files are actually transferred by calling back with tcp to the station which offered the files. This allows the receiving node to restrict file distribution sources to specific nodes. - The list of "trusted nodes" is set to `afk` and `wtf`. - A list of predefined commands can be given in addition to the list of offered files. The commands are executed after the files are transferred. This is required, because from the point of view of the caller of `cluster push`, the process is asynchronous, and so these commands can not be given with additional `clusterd exec` or `clusterd --exec` commands. Expected usage is something like this: clusterd push /etc/mxpolicy --post mkmotd After the daemons have updated, callers should be switches to the new commands and then the old commands should be removed.

Currently restart isn't working, because we removed 'kill' from the options and udp_rx_restart is using it. Just exit instead, the service manage should restart the service.

Improve clusterd security #436

Improve clusterd security #436

Commits on Jan 27, 2025