131 lines
3.4 KiB
Diff
131 lines
3.4 KiB
Diff
From c4aca9bea94bc7fd639a6b508675b3f113e3736e Mon Sep 17 00:00:00 2001
|
|
From: Kemeng Shi <shikemeng@huawei.com>
|
|
Date: Thu, 29 Apr 2021 09:26:06 +0800
|
|
Subject: [PATCH 13/50] check permission according cmd to be executed
|
|
|
|
Signed-off-by: Kemeng Shi <shikemeng@huawei.com>
|
|
---
|
|
inc/etmemd_inc/etmemd_rpc.h | 2 +
|
|
src/etmemd_src/etmemd_rpc.c | 75 ++++++++++++++++++++++---------------
|
|
2 files changed, 46 insertions(+), 31 deletions(-)
|
|
|
|
diff --git a/inc/etmemd_inc/etmemd_rpc.h b/inc/etmemd_inc/etmemd_rpc.h
|
|
index 146cec3..4f61390 100644
|
|
--- a/inc/etmemd_inc/etmemd_rpc.h
|
|
+++ b/inc/etmemd_inc/etmemd_rpc.h
|
|
@@ -55,5 +55,7 @@ int etmemd_parse_sock_name(const char *sock_name);
|
|
int etmemd_rpc_server(void);
|
|
bool etmemd_sock_name_set(void);
|
|
void etmemd_sock_name_free(void);
|
|
+// some engine cmd need to check socket permission
|
|
+int check_socket_permission(int sock_fd);
|
|
|
|
#endif
|
|
diff --git a/src/etmemd_src/etmemd_rpc.c b/src/etmemd_src/etmemd_rpc.c
|
|
index 49c292d..09497b3 100644
|
|
--- a/src/etmemd_src/etmemd_rpc.c
|
|
+++ b/src/etmemd_src/etmemd_rpc.c
|
|
@@ -181,10 +181,54 @@ free_file:
|
|
return ret;
|
|
}
|
|
|
|
+int check_socket_permission(int sock_fd) {
|
|
+ struct ucred cred;
|
|
+ socklen_t len;
|
|
+ ssize_t rc;
|
|
+
|
|
+ len = sizeof(struct ucred);
|
|
+
|
|
+ rc = getsockopt(sock_fd,
|
|
+ SOL_SOCKET,
|
|
+ SO_PEERCRED,
|
|
+ &cred,
|
|
+ &len);
|
|
+ if (rc < 0) {
|
|
+ etmemd_log(ETMEMD_LOG_ERR, "getsockopt failed, err(%s)\n",
|
|
+ strerror(errno));
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ if (cred.uid != 0 || cred.gid != 0) {
|
|
+ etmemd_log(ETMEMD_LOG_ERR, "client socket connect failed, permition denied\n");
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+// ENG_CMD cmd permission checked inside engine
|
|
+static int check_cmd_permission(int sock_fd, int cmd)
|
|
+{
|
|
+ switch (cmd) {
|
|
+ case OBJ_ADD:
|
|
+ case OBJ_DEL:
|
|
+ case MIG_STOP:
|
|
+ case MIG_START:
|
|
+ return check_socket_permission(sock_fd);
|
|
+ default:
|
|
+ return 0;
|
|
+ }
|
|
+}
|
|
+
|
|
static enum opt_result etmemd_switch_cmd(const struct server_rpc_params svr_param)
|
|
{
|
|
enum opt_result ret = OPT_INVAL;
|
|
|
|
+ if (check_cmd_permission(svr_param.sock_fd, svr_param.cmd) != 0) {
|
|
+ return OPT_INVAL;
|
|
+ }
|
|
+
|
|
switch (svr_param.cmd) {
|
|
case OBJ_ADD:
|
|
case OBJ_DEL:
|
|
@@ -549,32 +593,6 @@ static void etmemd_rpc_handle(int sock_fd)
|
|
return;
|
|
}
|
|
|
|
-static int check_socket_permission(int sock_fd) {
|
|
- struct ucred cred;
|
|
- socklen_t len;
|
|
- ssize_t rc;
|
|
-
|
|
- len = sizeof(struct ucred);
|
|
-
|
|
- rc = getsockopt(sock_fd,
|
|
- SOL_SOCKET,
|
|
- SO_PEERCRED,
|
|
- &cred,
|
|
- &len);
|
|
- if (rc < 0) {
|
|
- etmemd_log(ETMEMD_LOG_ERR, "getsockopt failed, err(%s)\n",
|
|
- strerror(errno));
|
|
- return -1;
|
|
- }
|
|
-
|
|
- if (cred.uid != 0 || cred.gid != 0) {
|
|
- etmemd_log(ETMEMD_LOG_ERR, "client socket connect failed, permition denied\n");
|
|
- return -1;
|
|
- }
|
|
-
|
|
- return 0;
|
|
-}
|
|
-
|
|
static int etmemd_rpc_accept(int sock_fd)
|
|
{
|
|
char *recv_buf = NULL;
|
|
@@ -597,11 +615,6 @@ static int etmemd_rpc_accept(int sock_fd)
|
|
return 0;
|
|
}
|
|
|
|
- rc = check_socket_permission(accp_fd);
|
|
- if (rc != 0) {
|
|
- goto RPC_EXIT;
|
|
- }
|
|
-
|
|
rc = recv(accp_fd, recv_buf, RPC_BUFF_LEN_MAX, 0);
|
|
if (rc <= 0) {
|
|
etmemd_log(ETMEMD_LOG_WARN, "socket recive from client fail, error(%s)\n",
|
|
--
|
|
2.27.0
|
|
|