134 lines
3.5 KiB
Diff
134 lines
3.5 KiB
Diff
From 40e9ddb6fafbcbeda9db7d848967d0b4f38b1514 Mon Sep 17 00:00:00 2001
|
|
From: Kemeng Shi <shikemeng@huawei.com>
|
|
Date: Thu, 6 May 2021 09:22:05 +0800
|
|
Subject: [PATCH 20/50] revert socket permission check
|
|
|
|
Signed-off-by: Kemeng Shi <shikemeng@huawei.com>
|
|
---
|
|
inc/etmemd_inc/etmemd_rpc.h | 2 -
|
|
src/etmemd_src/etmemd_rpc.c | 78 +++++++++++++++----------------------
|
|
2 files changed, 31 insertions(+), 49 deletions(-)
|
|
|
|
diff --git a/inc/etmemd_inc/etmemd_rpc.h b/inc/etmemd_inc/etmemd_rpc.h
|
|
index 4f61390..146cec3 100644
|
|
--- a/inc/etmemd_inc/etmemd_rpc.h
|
|
+++ b/inc/etmemd_inc/etmemd_rpc.h
|
|
@@ -55,7 +55,5 @@ int etmemd_parse_sock_name(const char *sock_name);
|
|
int etmemd_rpc_server(void);
|
|
bool etmemd_sock_name_set(void);
|
|
void etmemd_sock_name_free(void);
|
|
-// some engine cmd need to check socket permission
|
|
-int check_socket_permission(int sock_fd);
|
|
|
|
#endif
|
|
diff --git a/src/etmemd_src/etmemd_rpc.c b/src/etmemd_src/etmemd_rpc.c
|
|
index fe0b975..d7bf8d7 100644
|
|
--- a/src/etmemd_src/etmemd_rpc.c
|
|
+++ b/src/etmemd_src/etmemd_rpc.c
|
|
@@ -181,57 +181,10 @@ free_file:
|
|
return ret;
|
|
}
|
|
|
|
-int check_socket_permission(int sock_fd) {
|
|
- struct ucred cred;
|
|
- socklen_t len;
|
|
- ssize_t rc;
|
|
-
|
|
- len = sizeof(struct ucred);
|
|
-
|
|
- rc = getsockopt(sock_fd,
|
|
- SOL_SOCKET,
|
|
- SO_PEERCRED,
|
|
- &cred,
|
|
- &len);
|
|
- if (rc < 0) {
|
|
- etmemd_log(ETMEMD_LOG_ERR, "getsockopt failed, err(%s)\n",
|
|
- strerror(errno));
|
|
- return -1;
|
|
- }
|
|
-
|
|
- if (cred.uid != 0 || cred.gid != 0) {
|
|
- etmemd_log(ETMEMD_LOG_ERR, "client socket connect failed, permition denied\n");
|
|
- return -1;
|
|
- }
|
|
-
|
|
- return 0;
|
|
-}
|
|
-
|
|
-// ENG_CMD cmd permission checked inside engine
|
|
-static int check_cmd_permission(int sock_fd, int cmd)
|
|
-{
|
|
- switch (cmd) {
|
|
- case OBJ_ADD:
|
|
- /* fallthrough */
|
|
- case OBJ_DEL:
|
|
- /* fallthrough */
|
|
- case MIG_STOP:
|
|
- /* fallthrough */
|
|
- case MIG_START:
|
|
- return check_socket_permission(sock_fd);
|
|
- default:
|
|
- return 0;
|
|
- }
|
|
-}
|
|
-
|
|
static enum opt_result etmemd_switch_cmd(const struct server_rpc_params svr_param)
|
|
{
|
|
enum opt_result ret = OPT_INVAL;
|
|
|
|
- if (check_cmd_permission(svr_param.sock_fd, svr_param.cmd) != 0) {
|
|
- return OPT_INVAL;
|
|
- }
|
|
-
|
|
switch (svr_param.cmd) {
|
|
case OBJ_ADD:
|
|
case OBJ_DEL:
|
|
@@ -596,6 +549,32 @@ static void etmemd_rpc_handle(int sock_fd)
|
|
return;
|
|
}
|
|
|
|
+int check_socket_permission(int sock_fd) {
|
|
+ struct ucred cred;
|
|
+ socklen_t len;
|
|
+ ssize_t rc;
|
|
+
|
|
+ len = sizeof(struct ucred);
|
|
+
|
|
+ rc = getsockopt(sock_fd,
|
|
+ SOL_SOCKET,
|
|
+ SO_PEERCRED,
|
|
+ &cred,
|
|
+ &len);
|
|
+ if (rc < 0) {
|
|
+ etmemd_log(ETMEMD_LOG_ERR, "getsockopt failed, err(%s)\n",
|
|
+ strerror(errno));
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ if (cred.uid != 0 || cred.gid != 0) {
|
|
+ etmemd_log(ETMEMD_LOG_ERR, "client socket connect failed, permition denied\n");
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ return 0;
|
|
+}
|
|
+
|
|
static int etmemd_rpc_accept(int sock_fd)
|
|
{
|
|
char *recv_buf = NULL;
|
|
@@ -618,6 +597,11 @@ static int etmemd_rpc_accept(int sock_fd)
|
|
return 0;
|
|
}
|
|
|
|
+ rc = check_socket_permission(accp_fd);
|
|
+ if (rc != 0) {
|
|
+ goto RPC_EXIT;
|
|
+ }
|
|
+
|
|
rc = recv(accp_fd, recv_buf, RPC_BUFF_LEN_MAX, 0);
|
|
if (rc <= 0) {
|
|
etmemd_log(ETMEMD_LOG_WARN, "socket recive from client fail, error(%s)\n",
|
|
--
|
|
2.27.0
|
|
|