summaryrefslogtreecommitdiffstats
path: root/Makefile.am
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2012-07-05 10:50:08 +0200
committerStephen Gallagher <sgallagh@redhat.com>2012-07-10 09:07:26 -0400
commit2d257ccf620ce1b611f89cec8f0a94c88c2f2881 (patch)
tree6e3c67e2922c366d3b60ae477d2e2dd8fbbd6763 /Makefile.am
parenta56156c13c71a96166b0a8f3921e67f36470f8d7 (diff)
downloadsssd-2d257ccf620ce1b611f89cec8f0a94c88c2f2881.tar.gz
sssd-2d257ccf620ce1b611f89cec8f0a94c88c2f2881.tar.xz
sssd-2d257ccf620ce1b611f89cec8f0a94c88c2f2881.zip
pac responder: limit access by checking UIDs
A check for allowed UIDs is added in the common responder code directly after accept(). If the platform does not support reading the UID of the peer but allowed UIDs are configured, access is denied. Currently only the PAC responder sets the allowed UIDs for a socket. The default is that only root is allowed to access the socket of the PAC responder. Fixes: https://fedorahosted.org/sssd/ticket/1382
Diffstat (limited to 'Makefile.am')
-rw-r--r--Makefile.am17
1 files changed, 16 insertions, 1 deletions
diff --git a/Makefile.am b/Makefile.am
index 4e78ae134..3c66b6cfe 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -123,7 +123,8 @@ if HAVE_CHECK
util-tests \
debug-tests \
ipa_hbac-tests \
- sss_idmap-tests
+ sss_idmap-tests \
+ responder_socket_access-tests
if BUILD_PAC_RESPONDER
non_interactive_check_based_tests += pac_responder-tests
@@ -1028,6 +1029,20 @@ pac_responder_tests_LDADD = \
libsss_debug.la \
libsss_util.la \
libsss_test_common.la
+
+responder_socket_access_tests_SOURCES = \
+ src/tests/responder_socket_access-tests.c \
+ src/responder/common/responder_common.c \
+ src/responder/common/responder_packet.c \
+ src/responder/common/responder_cmd.c
+responder_socket_access_tests_CFLAGS = \
+ $(AM_CFLAGS) \
+ $(CHECK_CFLAGS)
+responder_socket_access_tests_LDADD = \
+ $(CHECK_LIBS) \
+ $(TALLOC_LIBS) \
+ libsss_test_common.la \
+ libsss_util.la
endif
stress_tests_SOURCES = \