Merge pull request #833 from Expensify/master

Update expensify_prod branch

BedrockServer.cpp

@@ -1177,8 +1177,9 @@ bool BedrockServer::_handleIfStatusOrControlCommand(unique_ptr<BedrockCommand>&
         _reply(command);
         return true;
     } else if (_isControlCommand(command)) {
-        // Control commands can only come from localhost (and thus have an empty `_source`).
-        if (command->request["_source"].empty()) {
+        // Control commands can only come from localhost (and thus have an empty `_source`)
+        // with the exception of non-secure control commands
+        if (command->request["_source"].empty() || _isNonSecureControlCommand(command)) {
             _control(command);
         } else {
             SWARN("Got control command " << command->request.methodLine << " on non-localhost socket ("
@@ -2065,6 +2066,11 @@ bool BedrockServer::_isControlCommand(const unique_ptr<BedrockCommand>& command)
     return false;
 }
 
+bool BedrockServer::_isNonSecureControlCommand(const unique_ptr<BedrockCommand>& command) {
+    // A list of non-secure control commands that can be run from another host
+    return SIEquals(command->request.methodLine, "SuppressCommandPort") || SIEquals(command->request.methodLine, "ClearCommandPort");
+}
+
 void BedrockServer::_control(unique_ptr<BedrockCommand>& command) {
     SData& response = command->response;
     response.methodLine = "200 OK";

BedrockServer.h

@@ -349,6 +349,7 @@ class BedrockServer : public SQLiteServer {
     bool _isStatusCommand(const unique_ptr<BedrockCommand>& command);
     void _status(unique_ptr<BedrockCommand>& command);
     bool _isControlCommand(const unique_ptr<BedrockCommand>& command);
+    bool _isNonSecureControlCommand(const unique_ptr<BedrockCommand>& command);
     void _control(unique_ptr<BedrockCommand>& command);
 
     // Accepts any sockets pending on our listening ports. We do this both after `poll()`, and before shutting down