summaryrefslogtreecommitdiffstats
path: root/src/responder/common
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2010-03-26 10:11:22 +0100
committerStephen Gallagher <sgallagh@redhat.com>2010-04-16 15:15:34 -0400
commitb9923919909cb976ddf42002c56a42b1893e3547 (patch)
tree0ad2577913e890a13f3332c592456328d865c214 /src/responder/common
parent4a99923f96820255b6e1ee64bc9173d1aa9749d8 (diff)
downloadsssd-b9923919909cb976ddf42002c56a42b1893e3547.tar.gz
sssd-b9923919909cb976ddf42002c56a42b1893e3547.tar.xz
sssd-b9923919909cb976ddf42002c56a42b1893e3547.zip
Revert "Add better checks on PAM socket"
This reverts commit 5a88e963744e5da453e88b5c36499f04712df097.
Diffstat (limited to 'src/responder/common')
-rw-r--r--src/responder/common/responder.h4
-rw-r--r--src/responder/common/responder_common.c137
2 files changed, 1 insertions, 140 deletions
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
index 6391fcf7c..ea6ba5831 100644
--- a/src/responder/common/responder.h
+++ b/src/responder/common/responder.h
@@ -101,10 +101,6 @@ struct cli_ctx {
struct cli_request *creq;
struct cli_protocol_version *cli_protocol_version;
int priv;
- int creds_exchange_done;
- int client_uid;
- int client_gid;
- int client_pid;
};
struct sss_cmd_table {
diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
index 501c35205..ff27f62cf 100644
--- a/src/responder/common/responder_common.c
+++ b/src/responder/common/responder_common.c
@@ -19,9 +19,6 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-/* for struct ucred */
-#define _GNU_SOURCE
-
#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>
@@ -32,8 +29,7 @@
#include <string.h>
#include <sys/time.h>
#include <errno.h>
-#include <popt.h>
-#include "config.h"
+#include "popt.h"
#include "util/util.h"
#include "db/sysdb.h"
#include "confdb/confdb.h"
@@ -148,134 +144,12 @@ static void client_recv(struct cli_ctx *cctx)
return;
}
-static void cred_handler(struct cli_ctx *cctx, char action)
-{
-#ifdef HAVE_UCRED
- int ret;
- int fd;
- struct msghdr msg;
- struct iovec iov;
- struct cmsghdr *cmsg;
- struct ucred *creds;
- /* buf must be aligned on some architectures. */
- union ubuf {
- int align;
- char buf[CMSG_SPACE(sizeof(struct ucred))];
- } u;
- char dummy='s';
- int enable=1;
-
- if (cctx->creds_exchange_done != 0) {
- DEBUG(1, ("cred_handler called, but creds are already exchanged.\n"));
- goto failed;
- }
-
- fd = cctx->cfd;
-
- iov.iov_base = &dummy;
- iov.iov_len = 1;
-
- memset (&msg, 0, sizeof(msg));
-
- msg.msg_name = NULL;
- msg.msg_namelen = 0;
- msg.msg_iov = &iov;
- msg.msg_iovlen = 1;
-
- msg.msg_control = u.buf;
- msg.msg_controllen = sizeof(u.buf);
-
- switch (action) {
- case 'r':
- ret = setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &enable, sizeof(int));
- if (ret == -1) {
- DEBUG(1, ("setsockopt failed: [%d][%s].\n", errno,
- strerror(errno)));
- goto failed;
- }
-
- ret = recvmsg(fd, &msg, 0);
- if (ret == -1) {
- DEBUG(1, ("recvmsg failed.[%d][%s]\n", errno, strerror(errno)));
- goto failed;
- }
-
- cmsg = CMSG_FIRSTHDR(&msg);
-
- if (cmsg->cmsg_level == SOL_SOCKET &&
- cmsg->cmsg_type == SCM_CREDENTIALS) {
- creds = (struct ucred *) CMSG_DATA(cmsg);
- DEBUG(1, ("creds: [%d][%d][%d]\n",creds->uid, creds->gid,
- creds->pid));
- cctx->client_uid = creds->uid;
- cctx->client_gid = creds->gid;
- cctx->client_pid = creds->pid;
- }
-
- TEVENT_FD_WRITEABLE(cctx->cfde);
-
- return;
- break;
- case 's':
- cmsg = CMSG_FIRSTHDR(&msg);
- cmsg->cmsg_level = SOL_SOCKET;
- cmsg->cmsg_type = SCM_CREDENTIALS;
- cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
-
- creds = (struct ucred *) CMSG_DATA(cmsg);
-
- creds->uid = geteuid();
- creds->gid = getegid();
- creds->pid = getpid();
-
- msg.msg_controllen = cmsg->cmsg_len;
-
- ret = sendmsg(fd, &msg, 0);
- if (ret == -1) {
- DEBUG(1, ("sendmsg failed.[%d][%s]\n", errno, strerror(errno)));
- goto failed;
- }
- DEBUG(4, ("Send creds to the client succesfully.\n"));
- cctx->creds_exchange_done = 1;
-
- TEVENT_FD_NOT_WRITEABLE(cctx->cfde);
- return;
- default:
- DEBUG(1, ("Unknown action [%c].\n", action));
- goto failed;
- }
-
-failed:
- talloc_free(cctx);
- return;
-
-#else
-
- DEBUG(9, ("Credential exchange not available over socket, "
- "continuing without.\n"));
- cctx->creds_exchange_done = 1;
- return;
-
-#endif
-}
-
static void client_fd_handler(struct tevent_context *ev,
struct tevent_fd *fde,
uint16_t flags, void *ptr)
{
struct cli_ctx *cctx = talloc_get_type(ptr, struct cli_ctx);
- if (cctx->creds_exchange_done == 0) {
- if (flags & TEVENT_FD_READ) {
- cred_handler(cctx, 'r');
- return;
- }
- if (flags & TEVENT_FD_WRITE) {
- cred_handler(cctx, 's');
- return;
- }
- }
-
if (flags & TEVENT_FD_READ) {
client_recv(cctx);
return;
@@ -339,10 +213,6 @@ static void accept_priv_fd_handler(struct tevent_context *ev,
}
cctx->priv = 1;
- cctx->creds_exchange_done = 0;
- cctx->client_uid = -1;
- cctx->client_gid = -1;
- cctx->client_pid = -1;
cctx->cfde = tevent_add_fd(ev, cctx, cctx->cfd,
TEVENT_FD_READ, client_fd_handler, cctx);
@@ -395,11 +265,6 @@ static void accept_fd_handler(struct tevent_context *ev,
return;
}
- cctx->creds_exchange_done = 0;
- cctx->client_uid = -1;
- cctx->client_gid = -1;
- cctx->client_pid = -1;
-
cctx->cfde = tevent_add_fd(ev, cctx, cctx->cfd,
TEVENT_FD_READ, client_fd_handler, cctx);
if (!cctx->cfde) {