static int
retrievePeerCredentials (PeerCredentials *credentials, int fd) {
*credentials = NULL;
if (getpeerucred(fd, credentials) == -1) {
logSystemError("getpeerucred");
return 0;
}
#ifdef HAVE_GETZONEID
if (ucred_getzoneid(*credentials) != getzoneid()) {
ucred_free(*credentials);
return 0;
}
#endif /* HAVE_GETZONEID */
return 1;
}
static void
N2N_check_priv(
void *buf,
char *dc_str)
{
nss_pheader_t *phdr = (nss_pheader_t *)buf;
ucred_t *uc = NULL;
const priv_set_t *eset;
zoneid_t zoneid;
int errnum;
char *me = "N2N_check_priv";
if (door_ucred(&uc) != 0) {
errnum = errno;
_NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG)
(me, "door_ucred: %s\n", strerror(errno));
NSCD_RETURN_STATUS(phdr, NSS_ERROR, errnum);
}
eset = ucred_getprivset(uc, PRIV_EFFECTIVE);
zoneid = ucred_getzoneid(uc);
if ((zoneid != GLOBAL_ZONEID && zoneid != getzoneid()) ||
eset != NULL ? !priv_ismember(eset, PRIV_SYS_ADMIN) :
ucred_geteuid(uc) != 0) {
_NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_ALERT)
(me, "%s call failed(cred): caller pid %d, uid %d, "
"euid %d, zoneid %d\n", dc_str, ucred_getpid(uc),
ucred_getruid(uc), ucred_geteuid(uc), zoneid);
ucred_free(uc);
NSCD_RETURN_STATUS(phdr, NSS_ERROR, EACCES);
}
_NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG)
(me, "nscd received %s cmd from pid %d, uid %d, "
"euid %d, zoneid %d\n", dc_str, ucred_getpid(uc),
ucred_getruid(uc), ucred_geteuid(uc), zoneid);
ucred_free(uc);
NSCD_RETURN_STATUS_SUCCESS(phdr);
}
