From 40e9ddb6fafbcbeda9db7d848967d0b4f38b1514 Mon Sep 17 00:00:00 2001
From: Kemeng Shi <shikemeng@huawei.com>
Date: Thu, 6 May 2021 09:22:05 +0800
Subject: [PATCH 20/50] revert socket permission check

Signed-off-by: Kemeng Shi <shikemeng@huawei.com>
---
 inc/etmemd_inc/etmemd_rpc.h |  2 -
 src/etmemd_src/etmemd_rpc.c | 78 +++++++++++++++----------------------
 2 files changed, 31 insertions(+), 49 deletions(-)

diff --git a/inc/etmemd_inc/etmemd_rpc.h b/inc/etmemd_inc/etmemd_rpc.h
index 4f61390..146cec3 100644
--- a/inc/etmemd_inc/etmemd_rpc.h
+++ b/inc/etmemd_inc/etmemd_rpc.h
@@ -55,7 +55,5 @@ int etmemd_parse_sock_name(const char *sock_name);
 int etmemd_rpc_server(void);
 bool etmemd_sock_name_set(void);
 void etmemd_sock_name_free(void);
-// some engine cmd need to check socket permission
-int check_socket_permission(int sock_fd);
 
 #endif
diff --git a/src/etmemd_src/etmemd_rpc.c b/src/etmemd_src/etmemd_rpc.c
index fe0b975..d7bf8d7 100644
--- a/src/etmemd_src/etmemd_rpc.c
+++ b/src/etmemd_src/etmemd_rpc.c
@@ -181,57 +181,10 @@ free_file:
     return ret;
 }
 
-int check_socket_permission(int sock_fd) {
-    struct ucred cred;
-    socklen_t len;
-    ssize_t rc;
-
-    len = sizeof(struct ucred);
-
-    rc = getsockopt(sock_fd,
-                    SOL_SOCKET,
-                    SO_PEERCRED,
-                    &cred,
-                    &len);
-    if (rc < 0) {
-        etmemd_log(ETMEMD_LOG_ERR, "getsockopt failed, err(%s)\n",
-                   strerror(errno));
-        return -1;
-    }
-
-    if (cred.uid != 0 || cred.gid != 0) {
-        etmemd_log(ETMEMD_LOG_ERR, "client socket connect failed, permition denied\n");
-        return -1;
-    }
-
-    return 0;
-}
-
-// ENG_CMD cmd permission checked inside engine
-static int check_cmd_permission(int sock_fd, int cmd)
-{
-    switch (cmd) {
-        case OBJ_ADD:
-            /* fallthrough */
-        case OBJ_DEL:
-            /* fallthrough */
-        case MIG_STOP:
-            /* fallthrough */
-        case MIG_START:
-            return check_socket_permission(sock_fd);
-        default:
-            return 0;
-    }
-}
-
 static enum opt_result etmemd_switch_cmd(const struct server_rpc_params svr_param)
 {
     enum opt_result ret = OPT_INVAL;
 
-    if (check_cmd_permission(svr_param.sock_fd, svr_param.cmd) != 0) {
-        return OPT_INVAL;
-    }
-
     switch (svr_param.cmd) {
         case OBJ_ADD:
         case OBJ_DEL:
@@ -596,6 +549,32 @@ static void etmemd_rpc_handle(int sock_fd)
     return;
 }
 
+int check_socket_permission(int sock_fd) {
+    struct ucred cred;
+    socklen_t len;
+    ssize_t rc;
+
+    len = sizeof(struct ucred);
+
+    rc = getsockopt(sock_fd,
+                    SOL_SOCKET,
+                    SO_PEERCRED,
+                    &cred,
+                    &len);
+    if (rc < 0) {
+        etmemd_log(ETMEMD_LOG_ERR, "getsockopt failed, err(%s)\n",
+                   strerror(errno));
+        return -1;
+    }
+
+    if (cred.uid != 0 || cred.gid != 0) {
+        etmemd_log(ETMEMD_LOG_ERR, "client socket connect failed, permition denied\n");
+        return -1;
+    }
+
+    return 0;
+}
+
 static int etmemd_rpc_accept(int sock_fd)
 {
     char *recv_buf = NULL;
@@ -618,6 +597,11 @@ static int etmemd_rpc_accept(int sock_fd)
         return 0;
     }
 
+    rc = check_socket_permission(accp_fd);
+    if (rc != 0) {
+        goto RPC_EXIT;
+    }
+
     rc = recv(accp_fd, recv_buf, RPC_BUFF_LEN_MAX, 0);
     if (rc <= 0) {
         etmemd_log(ETMEMD_LOG_WARN, "socket recive from client fail, error(%s)\n",
-- 
2.27.0