Exemplo n.º 1
0
static
NTSTATUS
RegSrvIpcCheckPermissions(
    LWMsgSecurityToken* token,
    uid_t* puid,
    gid_t* pgid
    )
{
	NTSTATUS status = 0;
    uid_t euid;
    gid_t egid;

    if (strcmp(lwmsg_security_token_get_type(token), "local"))
    {
        REG_LOG_WARNING("Unsupported authentication type");
        status = STATUS_UNHANDLED_EXCEPTION;
        BAIL_ON_NT_STATUS(status);
    }

    status = MAP_LWMSG_ERROR(lwmsg_local_token_get_eid(token, &euid, &egid));
    BAIL_ON_NT_STATUS(status);

    REG_LOG_VERBOSE("Permission granted for (uid = %i, gid = %i) to open RegIpcServer",
                    (int) euid,
                    (int) egid);

    *puid = euid;
    *pgid = egid;

error:
    return status;
}
Exemplo n.º 2
0
LWMsgStatus
LwmEvtSrvConstructSession(
    LWMsgSecurityToken* pToken,
    void* pData,
    void** ppSessionData
)
{
    DWORD dwError = 0;
    PLWMSG_LW_EVENTLOG_CONNECTION pConn = NULL;
    uid_t uid = 0;
    gid_t gid = 0;

    if (strcmp(lwmsg_security_token_get_type(pToken), "local"))
    {
        EVT_LOG_WARNING("Unsupported authentication type");
        dwError = ERROR_NOT_SUPPORTED;
        BAIL_ON_EVT_ERROR(dwError);
    }

    dwError = LwAllocateMemory(
                  sizeof(*pConn),
                  (PVOID*)&pConn);
    BAIL_ON_EVT_ERROR(dwError);

    dwError = MAP_LWMSG_ERROR(lwmsg_local_token_get_eid(
                                  pToken,
                                  &uid,
                                  &gid));
    BAIL_ON_EVT_ERROR(dwError);

    pConn->Uid = uid;
    pConn->Gid = gid;

    *ppSessionData = pConn;

cleanup:
    return MAP_LW_ERROR_IPC(dwError);

error:
    LW_SAFE_FREE_MEMORY(pConn);
    *ppSessionData = NULL;
    goto cleanup;
}
Exemplo n.º 3
0
static
int
fserv_check_permissions(LWMsgSession* session, const char* path, OpenMode mode)
{
    LWMsgStatus status = LWMSG_STATUS_SUCCESS;
    int ret = 0;
    LWMsgSecurityToken* token = NULL;
    uid_t euid;
    gid_t egid;
    struct stat statbuf;

    /* Extract security token */
    token = lwmsg_session_get_peer_security_token(session);
    
    /* Check that session is authenticated and that the token type is correct */
    if (token == NULL || strcmp(lwmsg_security_token_get_type(token), "local"))
    {
        LOG("Unsupported authentication type on session %p\n", session);
        ret = -1;
        goto error;
    }

    /* Extract uid and gid of the caller */
    status = lwmsg_local_token_get_eid(token, &euid, &egid);
    if (status)
    {
        ret = -1;
        goto error;
    }

    if (stat(path, &statbuf) == -1)
    {
        ret = errno;
        goto error;
    }

    if ((mode & OPEN_MODE_READ))
    {
        int can_read =
            ((statbuf.st_uid == euid && statbuf.st_mode & S_IRUSR) ||
             (statbuf.st_gid == egid && statbuf.st_mode & S_IRGRP) ||
             (statbuf.st_mode & S_IROTH));

        if (!can_read)
        {
            LOG("Permission denied for (uid = %i, gid = %i) to read %s\n",
                (int) euid,
                (int) egid,
                path);
            ret = EPERM;
            goto error;
        }
    }

    if ((mode & OPEN_MODE_WRITE))
    {
        int can_write =
            ((statbuf.st_uid == euid && statbuf.st_mode & S_IWUSR) ||
             (statbuf.st_gid == egid && statbuf.st_mode & S_IWGRP) ||
             (statbuf.st_mode & S_IWOTH));

        if (!can_write)
        {
            LOG("Permission denied for (uid = %i, gid = %i) to write %s\n",
                (int) euid,
                (int) egid,
                path);
            ret = EPERM;
            goto error;
        }
    }

    LOG("Permission granted for (uid = %i, gid = %i) to open %s\n",
        (int) euid,
        (int) egid,
        path);

error:
    
    return ret;
}