mirror of
https://github.com/systemd/systemd.git
synced 2024-12-23 21:35:11 +03:00
[PATCH] better credential patch
Here is a small improvement. We check for the type of message we receive and udevsend seems not to need all the credential setup stuff, the kernel will fill it for us. udevd now refuses to start as non root, cause it doesn't make any sense.
This commit is contained in:
parent
ede4308a80
commit
7b1cbec91a
25
udevd.c
25
udevd.c
@ -252,16 +252,19 @@ static void handle_msg(int sock)
|
||||
cmsg = CMSG_FIRSTHDR(&smsg);
|
||||
cred = (struct ucred *) CMSG_DATA(cmsg);
|
||||
|
||||
if (cmsg == NULL || cmsg->cmsg_type != SCM_CREDENTIALS) {
|
||||
dbg("no sender credentials received, message ignored");
|
||||
goto skip;
|
||||
}
|
||||
|
||||
if (cred->uid != 0) {
|
||||
dbg("sender uid=%i, message ignored", cred->uid);
|
||||
free(msg);
|
||||
return;
|
||||
goto skip;
|
||||
}
|
||||
|
||||
if (strncmp(msg->magic, UDEV_MAGIC, sizeof(UDEV_MAGIC)) != 0 ) {
|
||||
dbg("message magic '%s' doesn't match, ignore it", msg->magic);
|
||||
free(msg);
|
||||
return;
|
||||
goto skip;
|
||||
}
|
||||
|
||||
/* if no seqnum is given, we move straight to exec queue */
|
||||
@ -271,6 +274,11 @@ static void handle_msg(int sock)
|
||||
} else {
|
||||
msg_queue_insert(msg);
|
||||
}
|
||||
return;
|
||||
|
||||
skip:
|
||||
free(msg);
|
||||
return;
|
||||
}
|
||||
|
||||
static void sig_handler(int signum)
|
||||
@ -316,6 +324,11 @@ int main(int argc, char *argv[])
|
||||
|
||||
init_logging("udevd");
|
||||
|
||||
if (getuid() != 0) {
|
||||
dbg("need to be root, exit");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
/* set signal handler */
|
||||
act.sa_handler = sig_handler;
|
||||
sigemptyset (&act.sa_mask);
|
||||
@ -336,14 +349,14 @@ int main(int argc, char *argv[])
|
||||
|
||||
ssock = socket(AF_LOCAL, SOCK_DGRAM, 0);
|
||||
if (ssock == -1) {
|
||||
dbg("error getting socket");
|
||||
dbg("error getting socket, exit");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
/* the bind takes care of ensuring only one copy running */
|
||||
retval = bind(ssock, (struct sockaddr *) &saddr, addrlen);
|
||||
if (retval < 0) {
|
||||
dbg("bind failed\n");
|
||||
dbg("bind failed, exit");
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
31
udevsend.c
31
udevsend.c
@ -133,13 +133,6 @@ int main(int argc, char* argv[])
|
||||
struct sockaddr_un saddr;
|
||||
socklen_t addrlen;
|
||||
int started_daemon = 0;
|
||||
struct iovec iov;
|
||||
struct msghdr smsg;
|
||||
char cred_msg[CMSG_SPACE(sizeof(struct ucred))];
|
||||
struct cmsghdr *cmsg;
|
||||
struct ucred *cred;
|
||||
|
||||
|
||||
|
||||
#ifdef DEBUG
|
||||
init_logging("udevsend");
|
||||
@ -183,32 +176,10 @@ int main(int argc, char* argv[])
|
||||
|
||||
size = build_hotplugmsg(&msg, action, devpath, subsystem, seq);
|
||||
|
||||
/* prepare message with credentials to authenticate ourself */
|
||||
iov.iov_base = &msg;
|
||||
iov.iov_len = size;
|
||||
|
||||
smsg.msg_name = &saddr;
|
||||
smsg.msg_namelen = addrlen;
|
||||
smsg.msg_iov = &iov;
|
||||
smsg.msg_iovlen = 1;
|
||||
smsg.msg_control = cred_msg;
|
||||
smsg.msg_controllen = CMSG_LEN(sizeof(struct ucred));;
|
||||
smsg.msg_flags = 0;
|
||||
|
||||
cmsg = CMSG_FIRSTHDR(&smsg);
|
||||
cmsg->cmsg_level = SOL_SOCKET;
|
||||
cmsg->cmsg_type = SCM_CREDENTIALS;
|
||||
cmsg->cmsg_len = sizeof(cred_msg);
|
||||
cred = (struct ucred *) CMSG_DATA(cmsg);
|
||||
cred->uid = getuid();
|
||||
cred->gid = getgid();
|
||||
cred->pid = getpid();
|
||||
cred->pid = getpid();
|
||||
|
||||
/* If we can't send, try to start daemon and resend message */
|
||||
loop = UDEVSEND_CONNECT_RETRY;
|
||||
while (loop--) {
|
||||
retval = sendmsg(sock, &smsg, 0);
|
||||
retval = sendto(sock, &msg, size, 0, (struct sockaddr *)&saddr, addrlen);
|
||||
if (retval != -1) {
|
||||
retval = 0;
|
||||
goto close_and_exit;
|
||||
|
Loading…
Reference in New Issue
Block a user