/** * @internal * * @brief Check if we talk to the priviliged pipe which should be owned by root. * * This checks if we have uid_wrapper running and if this is the case it will * allow to connect to the winbind privileged pipe even it is not owned by root. * * @param[in] uid The uid to check if we can safely talk to the pipe. * * @return If we have access it returns true, else false. */ static bool winbind_privileged_pipe_is_root(uid_t uid) { if (uid == 0) { return true; } if (uid_wrapper_enabled()) { return true; } return false; }
/* Checks whether the peer in a socket has the expected @uid and @gid. * Returns zero on success. */ int check_upeer_id(const char *mod, int debug, int cfd, uid_t uid, uid_t gid, uid_t *ruid, pid_t *pid) { int e, ret; #if defined(SO_PEERCRED) && defined(HAVE_STRUCT_UCRED) struct ucred cr; socklen_t cr_len; /* This check is superfluous in Linux and mostly for debugging * purposes. The socket permissions set with umask should * be sufficient already for access control, but not all * UNIXes support that. */ cr_len = sizeof(cr); ret = getsockopt(cfd, SOL_SOCKET, SO_PEERCRED, &cr, &cr_len); if (ret == -1) { e = errno; syslog(LOG_ERR, "%s: getsockopt SO_PEERCRED error: %s", mod, strerror(e)); return -1; } if (debug >= 3) syslog(LOG_DEBUG, "%s: received request from pid %u and uid %u", mod, (unsigned)cr.pid, (unsigned)cr.uid); if (ruid) *ruid = cr.uid; if (pid) *pid = cr.pid; /* To enable testing we use uid_wrapper. That unfortunately cannot handle * this credential checking, so we disable credential checking when using it */ if (uid_wrapper_enabled() != 0) return 0; if (cr.uid != 0 && (cr.uid != uid || cr.gid != gid)) { syslog(LOG_ERR, "%s: received unauthorized request from pid %u and uid %u", mod, (unsigned)cr.pid, (unsigned)cr.uid); return -1; } #elif defined(HAVE_GETPEEREID) uid_t euid; gid_t egid; ret = getpeereid(cfd, &euid, &egid); if (ret == -1) { e = errno; syslog(LOG_DEBUG, "%s: getpeereid error: %s", mod, strerror(e)); return -1; } if (ruid) *ruid = euid; if (pid) *pid = 0; if (debug >= 3) syslog(LOG_DEBUG, "%s: received request from a processes with uid %u", mod, (unsigned)euid); /* see above */ if (uid_wrapper_enabled() != 0) return 0; if (euid != 0 && (euid != uid || egid != gid)) { syslog(LOG_ERR, "%s: received unauthorized request from a process with uid %u", mod, (unsigned)euid); return -1; } #else #error "Unsupported UNIX variant" #endif return 0; }