summaryrefslogtreecommitdiffstats
path: root/src/sbus
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2010-02-16 15:53:56 +0100
committerStephen Gallagher <sgallagh@redhat.com>2010-02-23 16:16:23 -0500
commit978bea5902ece9b9f01d1d6525dbe0889a410ffc (patch)
treed83a94851cb6e3fe10fdbfcee1757190c15ab4eb /src/sbus
parente0bb119bdc1549d731f371202428c0cb667d3388 (diff)
downloadsssd-978bea5902ece9b9f01d1d6525dbe0889a410ffc.tar.gz
sssd-978bea5902ece9b9f01d1d6525dbe0889a410ffc.tar.xz
sssd-978bea5902ece9b9f01d1d6525dbe0889a410ffc.zip
Check and set permissions on SBUS sockets
Diffstat (limited to 'src/sbus')
-rw-r--r--src/sbus/sbus_client.c13
-rw-r--r--src/sbus/sssd_dbus_server.c27
2 files changed, 40 insertions, 0 deletions
diff --git a/src/sbus/sbus_client.c b/src/sbus/sbus_client.c
index df5c07120..1c5c1b24a 100644
--- a/src/sbus/sbus_client.c
+++ b/src/sbus/sbus_client.c
@@ -33,12 +33,25 @@ int sbus_client_init(TALLOC_CTX *mem_ctx,
{
struct sbus_connection *conn = NULL;
int ret;
+ char *filename;
/* Validate input */
if (server_address == NULL) {
return EINVAL;
}
+ filename = strchr(server_address, '/');
+ if (filename == NULL) {
+ DEBUG(1, ("Unexpected dbus address [%s].\n", server_address));
+ return EIO;
+ }
+
+ ret = check_file(filename, 0, 0, 0600, CHECK_SOCK, NULL);
+ if (ret != EOK) {
+ DEBUG(1, ("check_file failed for [%s].\n", filename));
+ return EIO;
+ }
+
ret = sbus_new_connection(mem_ctx, ev, server_address, intf, &conn);
if (ret != EOK) {
goto fail;
diff --git a/src/sbus/sssd_dbus_server.c b/src/sbus/sssd_dbus_server.c
index a859cbabc..98c308e65 100644
--- a/src/sbus/sssd_dbus_server.c
+++ b/src/sbus/sssd_dbus_server.c
@@ -19,6 +19,9 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+
#include "tevent.h"
#include "util/util.h"
#include "dbus/dbus.h"
@@ -95,6 +98,9 @@ int sbus_new_server(TALLOC_CTX *mem_ctx,
DBusError dbus_error;
dbus_bool_t dbret;
char *tmp;
+ int ret;
+ char *filename;
+ struct stat stat_buf;
*_server = NULL;
@@ -108,6 +114,27 @@ int sbus_new_server(TALLOC_CTX *mem_ctx,
return EIO;
}
+ filename = strchr(address, '/');
+ if (filename == NULL) {
+ DEBUG(1, ("Unexpected dbus address [%s].\n", address));
+ return EIO;
+ }
+
+ ret = check_file(filename, 0, 0, -1, CHECK_SOCK, &stat_buf);
+ if (ret != EOK) {
+ DEBUG(1, ("check_file failed for [%s].\n", filename));
+ return EIO;
+ }
+
+ if ((stat_buf.st_mode & ~S_IFMT) != 0600) {
+ ret = chmod(filename, 0600);
+ if (ret != EOK) {
+ DEBUG(1, ("chmod failed for [%s]: [%d][%s].\n", filename, errno,
+ strerror(errno)));
+ return EIO;
+ }
+ }
+
tmp = dbus_server_get_address(dbus_server);
DEBUG(3, ("D-BUS Server listening on %s\n", tmp));
free(tmp);