summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2017-08-03 12:16:58 +0200
committerJosé Bollo <jose.bollo@iot.bzh>2017-08-03 13:41:58 +0200
commit8ba97707ddb6d74b8c62631888bb0a982ab26f01 (patch)
treefca5cd5bff6f2036c128d95eb9134aec95b0d282
parent04186fd953298be8b8c5673b5fcd01f0893986ff (diff)
afb-cred: fix default values
Because SO_PEERCRED returns without error even when no data is available (tcp by example), the resulting uid is now tested. Also, for tcp, by default avoid by default to create a default user value. Instead, return NULL. This will allow client having an HTTP/Websocket connection to get full rights on the binder. Change-Id: I2defb585bf79c023e2391c2e18d6de17e5112770 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
-rw-r--r--src/afb-cred.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/src/afb-cred.c b/src/afb-cred.c
index 87661f19..eda0c9dd 100644
--- a/src/afb-cred.c
+++ b/src/afb-cred.c
@@ -29,6 +29,10 @@
#define MAX_LABEL_LENGTH 1024
+#if !defined(NO_DEFAULT_PEERCRED) && !defined(ADD_DEFAULT_PEERCRED)
+# define NO_DEFAULT_PEERCRED
+#endif
+
#if !defined(DEFAULT_PEERSEC_LABEL)
# define DEFAULT_PEERSEC_LABEL "NoLabel"
#endif
@@ -117,15 +121,15 @@ struct afb_cred *afb_cred_create_for_socket(int fd)
/* get the credentials */
length = (socklen_t)(sizeof ucred);
rc = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &length);
- if (rc < 0 || length != (socklen_t)(sizeof ucred)) {
+ if (rc < 0 || length != (socklen_t)(sizeof ucred) || !~ucred.uid) {
#if !defined(NO_DEFAULT_PEERCRED)
- if (!rc)
- errno = EINVAL;
- return NULL;
-#else
ucred.uid = DEFAULT_PEERCRED_UID;
ucred.gid = DEFAULT_PEERCRED_GID;
ucred.pid = DEFAULT_PEERCRED_PID;
+#else
+ if (!rc)
+ errno = EINVAL;
+ return NULL;
#endif
}