On 11/18/2011 01:54 PM, Mike Christie wrote: > On 11/07/2011 01:37 PM, Thomas Weichert wrote: >> >> Is there a chance to fix this issue just by checking if the user has >> sufficient rights, e.g. has uid=0, or is there any special reason for >> demanding a user named root? >> > > I have been checking with the security people at various distros and > they seem to think just checking for uid=0 would be ok. >
Here is a patch for this. -- You received this message because you are subscribed to the Google Groups "open-iscsi" group. To post to this group, send email to open-iscsi@googlegroups.com. To unsubscribe from this group, send email to open-iscsi+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/open-iscsi?hl=en.
>From 4d39b8819dcaed7e65b4095ca70ad6d8f7f72729 Mon Sep 17 00:00:00 2001 From: Mike Christie <micha...@cs.wisc.edu> Date: Fri, 30 Dec 2011 22:49:49 -0600 Subject: [PATCH] iscsid: check for UID=0 instead of "root" Setups might have multiple users with root like privileges but not have the name root. They will have UID=0 though. This changes the mgmt ipc check for UID=0. --- usr/Makefile | 2 +- usr/mgmt_ipc.c | 71 +++---------------------------------------------------- usr/statics.c | 20 --------------- 3 files changed, 5 insertions(+), 88 deletions(-) delete mode 100644 usr/statics.c diff --git a/usr/Makefile b/usr/Makefile index bc7af2c..f73ff71 100644 --- a/usr/Makefile +++ b/usr/Makefile @@ -62,7 +62,7 @@ iscsiadm: $(ISCSI_LIB_SRCS) $(DISCOVERY_SRCS) iscsiadm.o session_mgmt.o $(CC) $(CFLAGS) $^ -o $@ -L../utils/open-isns -lisns iscsistart: $(ISCSI_LIB_SRCS) $(INITIATOR_SRCS) $(FW_BOOT_SRCS) \ - iscsistart.o statics.o + iscsistart.o $(CC) $(CFLAGS) -static $^ -o $@ clean: rm -f *.o $(PROGRAMS) .depend $(LIBSYS) diff --git a/usr/mgmt_ipc.c b/usr/mgmt_ipc.c index 5c39c2e..683ce13 100644 --- a/usr/mgmt_ipc.c +++ b/usr/mgmt_ipc.c @@ -320,13 +320,10 @@ mgmt_ipc_notify_del_portal(queue_task_t *qtask) } static int -mgmt_peeruser(int sock, char *user) +mgmt_verify_user(int sock) { -#if defined(SO_PEERCRED) - /* Linux style: use getsockopt(SO_PEERCRED) */ struct ucred peercred; socklen_t so_len = sizeof(peercred); - struct passwd *pass; errno = 0; if (getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &peercred, @@ -336,71 +333,12 @@ mgmt_peeruser(int sock, char *user) return 0; } - pass = getpwuid(peercred.uid); - if (pass == NULL) { - log_error("peeruser_unix: unknown local user with uid %d", - (int) peercred.uid); + if (peercred.uid != 0) { + log_error("User with UID %u.", peercred.uid); return 0; } - strlcpy(user, pass->pw_name, PEERUSER_MAX); return 1; - -#elif defined(SCM_CREDS) - struct msghdr msg; - typedef struct cmsgcred Cred; -#define cruid cmcred_uid - Cred *cred; - - /* Compute size without padding */ - /* for NetBSD */ - char cmsgmem[_ALIGN(sizeof(struct cmsghdr)) + _ALIGN(sizeof(Cred))]; - - /* Point to start of first structure */ - struct cmsghdr *cmsg = (struct cmsghdr *) cmsgmem; - - struct iovec iov; - char buf; - struct passwd *pw; - - memset(&msg, 0, sizeof(msg)); - msg.msg_iov = &iov; - msg.msg_iovlen = 1; - msg.msg_control = (char *) cmsg; - msg.msg_controllen = sizeof(cmsgmem); - memset(cmsg, 0, sizeof(cmsgmem)); - - /* - * The one character which is received here is not meaningful; its - * purposes is only to make sure that recvmsg() blocks long enough for - * the other side to send its credentials. - */ - iov.iov_base = &buf; - iov.iov_len = 1; - - if (recvmsg(sock, &msg, 0) < 0 || cmsg->cmsg_len < sizeof(cmsgmem) || - cmsg->cmsg_type != SCM_CREDS) { - log_error("ident_unix: error receiving credentials: %m"); - return 0; - } - - cred = (Cred *) CMSG_DATA(cmsg); - - pw = getpwuid(cred->cruid); - if (pw == NULL) { - log_error("ident_unix: unknown local user with uid %d", - (int) cred->cruid); - return 0; - } - - strlcpy(user, pw->pw_name, PEERUSER_MAX); - return 1; - -#else - log_error("'mgmg_ipc' auth is not supported on local connections " - "on this platform"); - return 0; -#endif } static void @@ -512,7 +450,6 @@ void mgmt_ipc_handle(int accept_fd) int fd, err; queue_task_t *qtask = NULL; mgmt_ipc_fn_t *handler = NULL; - char user[PEERUSER_MAX]; qtask = calloc(1, sizeof(queue_task_t)); if (!qtask) @@ -526,7 +463,7 @@ void mgmt_ipc_handle(int accept_fd) qtask->allocated = 1; qtask->mgmt_ipc_fd = fd; - if (!mgmt_peeruser(fd, user) || strncmp(user, "root", PEERUSER_MAX)) { + if (!mgmt_verify_user(fd)) { err = ISCSI_ERR_ACCESS; goto err; } diff --git a/usr/statics.c b/usr/statics.c deleted file mode 100644 index 59fb044..0000000 --- a/usr/statics.c +++ /dev/null @@ -1,20 +0,0 @@ -#include <unistd.h> -#include <pwd.h> -#include <sys/errno.h> -#include <sys/types.h> - -static struct passwd root_pw = { - .pw_name = "root", -}; - -struct passwd* -getpwuid(uid_t uid) -{ - if (uid == 0) - return &root_pw; - else { - errno = ENOENT; - return 0; - } -} - -- 1.7.7.4