GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-03-14 14:58:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

silence debugging messages from sec-mod when not in debug

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos
2015-01-18 17:34:59 +01:00
parent 5179a064ab
commit c954e45e53
4 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main-ctl-unix.c
View File

@@ -617,7 +617,7 @@ static void ctl_handle_commands(main_server_st * s)
goto cleanup; goto cleanup;
} }
ret = check_upeer_id("ctl", cfd, 0, 0, NULL); ret = check_upeer_id("ctl", s->config->debug, cfd, 0, 0, NULL);
if (ret < 0) { if (ret < 0) {
mslog(s, NULL, LOG_ERR, "ctl: unauthorized connection"); mslog(s, NULL, LOG_ERR, "ctl: unauthorized connection");
goto cleanup; goto cleanup;

2
src/sec-mod.c
View File

@@ -619,7 +619,7 @@ void sec_mod_server(void *main_pool, struct cfg_st *config, const char *socket_f
/* do not allow unauthorized processes to issue commands /* do not allow unauthorized processes to issue commands
*/ */
ret = check_upeer_id("sec-mod", cfd, config->uid, config->gid, &uid); ret = check_upeer_id("sec-mod", config->debug, cfd, config->uid, config->gid, &uid);
if (ret < 0) { if (ret < 0) {
seclog(sec, LOG_INFO, "rejected unauthorized connection"); seclog(sec, LOG_INFO, "rejected unauthorized connection");
} else { } else {

16
src/system.c
View File

@@ -86,7 +86,7 @@ SIGHANDLER_T ocsignal(int signum, SIGHANDLER_T handler)
/* Checks whether the peer in a socket has the expected @uid and @gid. /* Checks whether the peer in a socket has the expected @uid and @gid.
* Returns zero on success. * Returns zero on success.
*/ */
int check_upeer_id(const char *mod, int cfd, uid_t uid, uid_t gid, uid_t *ruid) int check_upeer_id(const char *mod, int debug, int cfd, uid_t uid, uid_t gid, uid_t *ruid)
{ {
int e, ret; int e, ret;
#if defined(SO_PEERCRED) && defined(HAVE_STRUCT_UCRED) #if defined(SO_PEERCRED) && defined(HAVE_STRUCT_UCRED)
@@ -106,9 +106,10 @@ int check_upeer_id(const char *mod, int cfd, uid_t uid, uid_t gid, uid_t *ruid)
return -1; return -1;
} }
syslog(LOG_DEBUG, if (debug != 0)
"%s: received request from pid %u and uid %u", syslog(LOG_DEBUG,
mod, (unsigned)cr.pid, (unsigned)cr.uid); "%s: received request from pid %u and uid %u",
mod, (unsigned)cr.pid, (unsigned)cr.uid);
if (ruid) if (ruid)
*ruid = cr.uid; *ruid = cr.uid;
@@ -135,9 +136,10 @@ int check_upeer_id(const char *mod, int cfd, uid_t uid, uid_t gid, uid_t *ruid)
if (ruid) if (ruid)
*ruid = euid; *ruid = euid;
syslog(LOG_DEBUG, if (debug = 0)
"%s: received request from a processes with uid %u", syslog(LOG_DEBUG,
mod, (unsigned)euid); "%s: received request from a processes with uid %u",
mod, (unsigned)euid);
if (euid != 0 && (euid != uid || egid != gid)) { if (euid != 0 && (euid != uid || egid != gid)) {
syslog(LOG_DEBUG, syslog(LOG_DEBUG,
"%s: received unauthorized request from a process with uid %u", "%s: received unauthorized request from a process with uid %u",

2
src/system.h
View File

@@ -42,6 +42,6 @@ void kill_on_parent_kill(int sig);
SIGHANDLER_T ocsignal(int signum, SIGHANDLER_T handler); SIGHANDLER_T ocsignal(int signum, SIGHANDLER_T handler);
int check_upeer_id(const char *mod, int cfg, uid_t uid, uid_t gid, uid_t *ruid); int check_upeer_id(const char *mod, int debug, int cfg, uid_t uid, uid_t gid, uid_t *ruid);
#endif #endif