2026-02-10 00:37:00 +08:00 · 2015-01-18 17:34:59 +01:00
parent 5179a064ab
commit c954e45e53
4 changed files with 12 additions and 10 deletions
							
							
								
							
							
						
@@ -617,7 +617,7 @@ static void ctl_handle_commands(main_server_st * s)
		goto cleanup;
	}
	ret = check_upeer_id("ctl", cfd, 0, 0, NULL);
	ret = check_upeer_id("ctl", s->config->debug, cfd, 0, 0, NULL);
	if (ret < 0) {
		mslog(s, NULL, LOG_ERR, "ctl: unauthorized connection");
		goto cleanup;
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -619,7 +619,7 @@ void sec_mod_server(void *main_pool, struct cfg_st *config, const char *socket_f
		/* do not allow unauthorized processes to issue commands
		 */
		ret = check_upeer_id("sec-mod", cfd, config->uid, config->gid, &uid);
		ret = check_upeer_id("sec-mod", config->debug, cfd, config->uid, config->gid, &uid);
		if (ret < 0) {
			seclog(sec, LOG_INFO, "rejected unauthorized connection");
		} else {
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -86,7 +86,7 @@ SIGHANDLER_T ocsignal(int signum, SIGHANDLER_T handler)
/* Checks whether the peer in a socket has the expected @uid and @gid.
 * Returns zero on success.
 */
int check_upeer_id(const char *mod, int cfd, uid_t uid, uid_t gid, uid_t *ruid)
int check_upeer_id(const char *mod, int debug, int cfd, uid_t uid, uid_t gid, uid_t *ruid)
{
	int e, ret;
#if defined(SO_PEERCRED) && defined(HAVE_STRUCT_UCRED)
							
							
							
								
							
						
@@ -106,9 +106,10 @@ int check_upeer_id(const char *mod, int cfd, uid_t uid, uid_t gid, uid_t *ruid)
		return -1;
	}
	syslog(LOG_DEBUG,
	       "%s: received request from pid %u and uid %u",
	       mod, (unsigned)cr.pid, (unsigned)cr.uid);
	if (debug != 0)
		syslog(LOG_DEBUG,
		       "%s: received request from pid %u and uid %u",
		       mod, (unsigned)cr.pid, (unsigned)cr.uid);
	if (ruid)
		*ruid = cr.uid;
							
								
							
							
								
							
							
						
@@ -135,9 +136,10 @@ int check_upeer_id(const char *mod, int cfd, uid_t uid, uid_t gid, uid_t *ruid)
	if (ruid)
		*ruid = euid;
	syslog(LOG_DEBUG,
	       "%s: received request from a processes with uid %u",
		mod, (unsigned)euid);
	if (debug = 0)
		syslog(LOG_DEBUG,
		       "%s: received request from a processes with uid %u",
		       mod, (unsigned)euid);
	if (euid != 0 && (euid != uid || egid != gid)) {
		syslog(LOG_DEBUG,
		       "%s: received unauthorized request from a process with uid %u",
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -42,6 +42,6 @@ void kill_on_parent_kill(int sig);
SIGHANDLER_T ocsignal(int signum, SIGHANDLER_T handler);
int check_upeer_id(const char *mod, int cfg, uid_t uid, uid_t gid, uid_t *ruid);
int check_upeer_id(const char *mod, int debug, int cfg, uid_t uid, uid_t gid, uid_t *ruid);
#endif