diff options
author | Sumit Bose <sbose@redhat.com> | 2010-02-16 15:53:56 +0100 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-02-23 16:16:23 -0500 |
commit | 978bea5902ece9b9f01d1d6525dbe0889a410ffc (patch) | |
tree | d83a94851cb6e3fe10fdbfcee1757190c15ab4eb /src/sbus | |
parent | e0bb119bdc1549d731f371202428c0cb667d3388 (diff) | |
download | sssd-978bea5902ece9b9f01d1d6525dbe0889a410ffc.tar.gz sssd-978bea5902ece9b9f01d1d6525dbe0889a410ffc.tar.xz sssd-978bea5902ece9b9f01d1d6525dbe0889a410ffc.zip |
Check and set permissions on SBUS sockets
Diffstat (limited to 'src/sbus')
-rw-r--r-- | src/sbus/sbus_client.c | 13 | ||||
-rw-r--r-- | src/sbus/sssd_dbus_server.c | 27 |
2 files changed, 40 insertions, 0 deletions
diff --git a/src/sbus/sbus_client.c b/src/sbus/sbus_client.c index df5c07120..1c5c1b24a 100644 --- a/src/sbus/sbus_client.c +++ b/src/sbus/sbus_client.c @@ -33,12 +33,25 @@ int sbus_client_init(TALLOC_CTX *mem_ctx, { struct sbus_connection *conn = NULL; int ret; + char *filename; /* Validate input */ if (server_address == NULL) { return EINVAL; } + filename = strchr(server_address, '/'); + if (filename == NULL) { + DEBUG(1, ("Unexpected dbus address [%s].\n", server_address)); + return EIO; + } + + ret = check_file(filename, 0, 0, 0600, CHECK_SOCK, NULL); + if (ret != EOK) { + DEBUG(1, ("check_file failed for [%s].\n", filename)); + return EIO; + } + ret = sbus_new_connection(mem_ctx, ev, server_address, intf, &conn); if (ret != EOK) { goto fail; diff --git a/src/sbus/sssd_dbus_server.c b/src/sbus/sssd_dbus_server.c index a859cbabc..98c308e65 100644 --- a/src/sbus/sssd_dbus_server.c +++ b/src/sbus/sssd_dbus_server.c @@ -19,6 +19,9 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include <sys/time.h> +#include <sys/types.h> +#include <sys/stat.h> + #include "tevent.h" #include "util/util.h" #include "dbus/dbus.h" @@ -95,6 +98,9 @@ int sbus_new_server(TALLOC_CTX *mem_ctx, DBusError dbus_error; dbus_bool_t dbret; char *tmp; + int ret; + char *filename; + struct stat stat_buf; *_server = NULL; @@ -108,6 +114,27 @@ int sbus_new_server(TALLOC_CTX *mem_ctx, return EIO; } + filename = strchr(address, '/'); + if (filename == NULL) { + DEBUG(1, ("Unexpected dbus address [%s].\n", address)); + return EIO; + } + + ret = check_file(filename, 0, 0, -1, CHECK_SOCK, &stat_buf); + if (ret != EOK) { + DEBUG(1, ("check_file failed for [%s].\n", filename)); + return EIO; + } + + if ((stat_buf.st_mode & ~S_IFMT) != 0600) { + ret = chmod(filename, 0600); + if (ret != EOK) { + DEBUG(1, ("chmod failed for [%s]: [%d][%s].\n", filename, errno, + strerror(errno))); + return EIO; + } + } + tmp = dbus_server_get_address(dbus_server); DEBUG(3, ("D-BUS Server listening on %s\n", tmp)); free(tmp); |