C++ (Cpp) uid_wrapper_enabled Beispiele

Programmiersprache: C++ (Cpp)

Methode / Funktion: uid_wrapper_enabled

Beispiele auf hotexamples.com: 2

C++ (Cpp) uid_wrapper_enabled - 2 Beispiele gefunden. Dies sind die am besten bewerteten C++ (Cpp) Beispiele für die uid_wrapper_enabled, die aus Open Source-Projekten extrahiert wurden. Sie können Beispiele bewerten, um die Qualität der Beispiele zu verbessern.

Beispiel #1

Datei anzeigen

Datei: wb_common.c Projekt: hef/samba

/**
 * @internal
 *
 * @brief Check if we talk to the priviliged pipe which should be owned by root.
 *
 * This checks if we have uid_wrapper running and if this is the case it will
 * allow to connect to the winbind privileged pipe even it is not owned by root.
 *
 * @param[in]  uid      The uid to check if we can safely talk to the pipe.
 *
 * @return              If we have access it returns true, else false.
 */
static bool winbind_privileged_pipe_is_root(uid_t uid)
{
	if (uid == 0) {
		return true;
	}

	if (uid_wrapper_enabled()) {
		return true;
	}

	return false;
}

Beispiel #2

Datei anzeigen

Datei: system.c Projekt: fridex/ocserv

/* Checks whether the peer in a socket has the expected @uid and @gid.
 * Returns zero on success.
 */
int check_upeer_id(const char *mod, int debug, int cfd, uid_t uid, uid_t gid, uid_t *ruid, pid_t *pid)
{
	int e, ret;
#if defined(SO_PEERCRED) && defined(HAVE_STRUCT_UCRED)
	struct ucred cr;
	socklen_t cr_len;

	/* This check is superfluous in Linux and mostly for debugging
	 * purposes. The socket permissions set with umask should
	 * be sufficient already for access control, but not all
	 * UNIXes support that. */
	cr_len = sizeof(cr);
	ret = getsockopt(cfd, SOL_SOCKET, SO_PEERCRED, &cr, &cr_len);
	if (ret == -1) {
		e = errno;
		syslog(LOG_ERR, "%s: getsockopt SO_PEERCRED error: %s",
			mod, strerror(e));
		return -1;
	}

	if (debug >= 3)
		syslog(LOG_DEBUG,
		       "%s: received request from pid %u and uid %u",
		       mod, (unsigned)cr.pid, (unsigned)cr.uid);

	if (ruid)
		*ruid = cr.uid;

	if (pid)
		*pid = cr.pid;

	/* To enable testing we use uid_wrapper. That unfortunately cannot handle
	 * this credential checking, so we disable credential checking when using it */
	if (uid_wrapper_enabled() != 0) return 0;

	if (cr.uid != 0 && (cr.uid != uid || cr.gid != gid)) {
		syslog(LOG_ERR,
		       "%s: received unauthorized request from pid %u and uid %u",
		       mod, (unsigned)cr.pid, (unsigned)cr.uid);
		       return -1;
	}
#elif defined(HAVE_GETPEEREID)
	uid_t euid;
	gid_t egid;

	ret = getpeereid(cfd, &euid, &egid);

	if (ret == -1) {
		e = errno;
		syslog(LOG_DEBUG, "%s: getpeereid error: %s",
			mod, strerror(e));
		return -1;
	}

	if (ruid)
		*ruid = euid;

	if (pid)
		*pid = 0;

	if (debug >= 3)
		syslog(LOG_DEBUG,
		       "%s: received request from a processes with uid %u",
		       mod, (unsigned)euid);

	/* see above */
	if (uid_wrapper_enabled() != 0) return 0;

	if (euid != 0 && (euid != uid || egid != gid)) {
		syslog(LOG_ERR,
		       "%s: received unauthorized request from a process with uid %u",
			mod, (unsigned)euid);
			return -1;
	}
#else
#error "Unsupported UNIX variant"
#endif
	return 0;
}