From: Martin Wilck <[email protected]> Rather than using a separate poor-man's parser for checking root commands, use the real parser. It will return "LIST" as first verb for the read-only commands that non-root users may execute.
Signed-off-by: Martin Wilck <[email protected]> --- multipathd/uxlsnr.c | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/multipathd/uxlsnr.c b/multipathd/uxlsnr.c index cfff0ae..ff9604f 100644 --- a/multipathd/uxlsnr.c +++ b/multipathd/uxlsnr.c @@ -362,16 +362,15 @@ static int uxsock_trigger(struct client *c, void *trigger_data) vecs = (struct vectors *)trigger_data; - - if (!c->is_root && - (strncmp(c->cmd, "list", strlen("list")) != 0) && - (strncmp(c->cmd, "show", strlen("show")) != 0)) { - append_strbuf_str(&c->reply, "permission deny: need to be root"); - return r; - } - r = parse_cmd(c); + if (r == 0 && c->cmdvec && VECTOR_SIZE(c->cmdvec) > 0) { + struct key *kw = VECTOR_SLOT(c->cmdvec, 0); + + if (!c->is_root && kw->code != LIST) + r = EPERM; + } + if (r == 0 && c->handler) r = execute_handler(c, vecs, uxsock_timeout / 1000); @@ -381,10 +380,18 @@ static int uxsock_trigger(struct client *c, void *trigger_data) } if (r > 0) { - if (r == ETIMEDOUT) + switch(r) { + case ETIMEDOUT: append_strbuf_str(&c->reply, "timeout\n"); - else + break; + case EPERM: + append_strbuf_str(&c->reply, + "permission deny: need to be root\n"); + break; + default: append_strbuf_str(&c->reply, "fail\n"); + break; + } } else if (!r && get_strbuf_len(&c->reply) == 0) { append_strbuf_str(&c->reply, "ok\n"); -- 2.33.0 -- dm-devel mailing list [email protected] https://listman.redhat.com/mailman/listinfo/dm-devel
