Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.2
sblim-sfcb
0250-bnc444403-access_control.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0250-bnc444403-access_control.patch of Package sblim-sfcb
diff -up ./httpAdapter.c.0250-bnc444403-access_control.patch ./httpAdapter.c --- ./httpAdapter.c.0250-bnc444403-access_control.patch 2008-12-09 10:05:44.000000000 -0700 +++ ./httpAdapter.c 2008-12-09 10:07:53.000000000 -0700 @@ -53,11 +53,15 @@ #include <sys/types.h> #include <sys/ipc.h> #include <sys/sem.h> +#include <sys/fsuid.h> #include "httpComm.h" #include "sfcVersion.h" #include "control.h" +#include <grp.h> +#include <sys/stat.h> + unsigned long exFlags = 0; static char *name; static int debug; @@ -846,13 +850,14 @@ static int doHttpRequest(CommHndl conn_f int authorized = 0; if (!discardInput && doUdsAuth) { - struct ucred cr; - socklen_t cl = sizeof(cr); - if (getsockopt(conn_fd.socket, SOL_SOCKET, SO_PEERCRED, &cr, &cl) == 0) { - if (cr.uid == 0) { - authorized = 1; - } - } + struct sockaddr_un sun; + sun.sun_family = 0; + socklen_t cl = sizeof(sun); + int rc = getpeername(conn_fd.socket, (struct sockaddr*)&sun, &cl); + if (rc == 0 && sun.sun_family == AF_UNIX) { + /* Already authenticated via permissions on unix socket */ + authorized = 1; + } } if (!authorized && !discardInput && doBa) { if (!(inBuf.authorization && baValidate(inBuf.authorization,&inBuf.principal))) { @@ -1596,12 +1601,30 @@ int httpDaemon(int argc, char *argv[], i } if (udsListenFd >= 0) { unlink(udsPath); + + size_t gbuflen = sysconf(_SC_GETGR_R_SIZE_MAX); + char gbuf[gbuflen]; + struct group* pgrp = NULL; + struct group grp; + gid_t oldfsgid = 0; + + int rc = getgrnam_r("sfcb", &grp, gbuf, gbuflen, &pgrp); + if (rc == 0 && pgrp) + { + oldfsgid = setfsgid(pgrp->gr_gid); + } + mode_t oldmask = umask(0007); if (bind(udsListenFd, (struct sockaddr *) &sun, sun_len) || listen(udsListenFd, 10)) { mlogf(M_ERROR,M_SHOW,"--- Cannot listen on unix socket %s (%s)\n", udsPath, strerror(errno)); sleep(1); kill(sfcbPid,3); } + umask(oldmask); + if (pgrp) + { + setfsgid(oldfsgid); + } } if (!debug) { diff -up ./pam/sfcb.0250-bnc444403-access_control.patch ./pam/sfcb --- ./pam/sfcb.0250-bnc444403-access_control.patch 2007-02-15 07:07:23.000000000 -0700 +++ ./pam/sfcb 2008-12-09 10:05:44.000000000 -0700 @@ -1,4 +1,5 @@ # Sample PAM Configuration for Small Footprint CIM Broker +auth required pam_succeed_if.so quiet user ingroup sfcb auth required pam_unix.so account required pam_unix.so password required pam_unix.so
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor