diff options
| author | Sumit Bose <sbose@redhat.com> | 2010-03-26 10:11:22 +0100 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-04-16 15:15:34 -0400 |
| commit | b9923919909cb976ddf42002c56a42b1893e3547 (patch) | |
| tree | 0ad2577913e890a13f3332c592456328d865c214 /src/responder | |
| parent | 4a99923f96820255b6e1ee64bc9173d1aa9749d8 (diff) | |
| download | sssd-b9923919909cb976ddf42002c56a42b1893e3547.tar.gz sssd-b9923919909cb976ddf42002c56a42b1893e3547.tar.xz sssd-b9923919909cb976ddf42002c56a42b1893e3547.zip | |
Revert "Add better checks on PAM socket"
This reverts commit 5a88e963744e5da453e88b5c36499f04712df097.
Diffstat (limited to 'src/responder')
| -rw-r--r-- | src/responder/common/responder.h | 4 | ||||
| -rw-r--r-- | src/responder/common/responder_common.c | 137 |
2 files changed, 1 insertions, 140 deletions
diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index 6391fcf7c..ea6ba5831 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -101,10 +101,6 @@ struct cli_ctx { struct cli_request *creq; struct cli_protocol_version *cli_protocol_version; int priv; - int creds_exchange_done; - int client_uid; - int client_gid; - int client_pid; }; struct sss_cmd_table { diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 501c35205..ff27f62cf 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -19,9 +19,6 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ -/* for struct ucred */ -#define _GNU_SOURCE - #include <stdio.h> #include <unistd.h> #include <fcntl.h> @@ -32,8 +29,7 @@ #include <string.h> #include <sys/time.h> #include <errno.h> -#include <popt.h> -#include "config.h" +#include "popt.h" #include "util/util.h" #include "db/sysdb.h" #include "confdb/confdb.h" @@ -148,134 +144,12 @@ static void client_recv(struct cli_ctx *cctx) return; } -static void cred_handler(struct cli_ctx *cctx, char action) -{ -#ifdef HAVE_UCRED - int ret; - int fd; - struct msghdr msg; - struct iovec iov; - struct cmsghdr *cmsg; - struct ucred *creds; - /* buf must be aligned on some architectures. */ - union ubuf { - int align; - char buf[CMSG_SPACE(sizeof(struct ucred))]; - } u; - char dummy='s'; - int enable=1; - - if (cctx->creds_exchange_done != 0) { - DEBUG(1, ("cred_handler called, but creds are already exchanged.\n")); - goto failed; - } - - fd = cctx->cfd; - - iov.iov_base = &dummy; - iov.iov_len = 1; - - memset (&msg, 0, sizeof(msg)); - - msg.msg_name = NULL; - msg.msg_namelen = 0; - msg.msg_iov = &iov; - msg.msg_iovlen = 1; - - msg.msg_control = u.buf; - msg.msg_controllen = sizeof(u.buf); - - switch (action) { - case 'r': - ret = setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &enable, sizeof(int)); - if (ret == -1) { - DEBUG(1, ("setsockopt failed: [%d][%s].\n", errno, - strerror(errno))); - goto failed; - } - - ret = recvmsg(fd, &msg, 0); - if (ret == -1) { - DEBUG(1, ("recvmsg failed.[%d][%s]\n", errno, strerror(errno))); - goto failed; - } - - cmsg = CMSG_FIRSTHDR(&msg); - - if (cmsg->cmsg_level == SOL_SOCKET && - cmsg->cmsg_type == SCM_CREDENTIALS) { - creds = (struct ucred *) CMSG_DATA(cmsg); - DEBUG(1, ("creds: [%d][%d][%d]\n",creds->uid, creds->gid, - creds->pid)); - cctx->client_uid = creds->uid; - cctx->client_gid = creds->gid; - cctx->client_pid = creds->pid; - } - - TEVENT_FD_WRITEABLE(cctx->cfde); - - return; - break; - case 's': - cmsg = CMSG_FIRSTHDR(&msg); - cmsg->cmsg_level = SOL_SOCKET; - cmsg->cmsg_type = SCM_CREDENTIALS; - cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred)); - - creds = (struct ucred *) CMSG_DATA(cmsg); - - creds->uid = geteuid(); - creds->gid = getegid(); - creds->pid = getpid(); - - msg.msg_controllen = cmsg->cmsg_len; - - ret = sendmsg(fd, &msg, 0); - if (ret == -1) { - DEBUG(1, ("sendmsg failed.[%d][%s]\n", errno, strerror(errno))); - goto failed; - } - DEBUG(4, ("Send creds to the client succesfully.\n")); - cctx->creds_exchange_done = 1; - - TEVENT_FD_NOT_WRITEABLE(cctx->cfde); - return; - default: - DEBUG(1, ("Unknown action [%c].\n", action)); - goto failed; - } - -failed: - talloc_free(cctx); - return; - -#else - - DEBUG(9, ("Credential exchange not available over socket, " - "continuing without.\n")); - cctx->creds_exchange_done = 1; - return; - -#endif -} - static void client_fd_handler(struct tevent_context *ev, struct tevent_fd *fde, uint16_t flags, void *ptr) { struct cli_ctx *cctx = talloc_get_type(ptr, struct cli_ctx); - if (cctx->creds_exchange_done == 0) { - if (flags & TEVENT_FD_READ) { - cred_handler(cctx, 'r'); - return; - } - if (flags & TEVENT_FD_WRITE) { - cred_handler(cctx, 's'); - return; - } - } - if (flags & TEVENT_FD_READ) { client_recv(cctx); return; @@ -339,10 +213,6 @@ static void accept_priv_fd_handler(struct tevent_context *ev, } cctx->priv = 1; - cctx->creds_exchange_done = 0; - cctx->client_uid = -1; - cctx->client_gid = -1; - cctx->client_pid = -1; cctx->cfde = tevent_add_fd(ev, cctx, cctx->cfd, TEVENT_FD_READ, client_fd_handler, cctx); @@ -395,11 +265,6 @@ static void accept_fd_handler(struct tevent_context *ev, return; } - cctx->creds_exchange_done = 0; - cctx->client_uid = -1; - cctx->client_gid = -1; - cctx->client_pid = -1; - cctx->cfde = tevent_add_fd(ev, cctx, cctx->cfd, TEVENT_FD_READ, client_fd_handler, cctx); if (!cctx->cfde) { |