Re: Problem with multiple root-users (UID=0)

[Mike Christie]

On 11/18/2011 01:54 PM, Mike Christie wrote:
> On 11/07/2011 01:37 PM, Thomas Weichert wrote:
>>
>> Is there a chance to fix this issue just by checking if the user has
>> sufficient rights, e.g. has uid=0, or is there any special reason for
>> demanding a user named root?
>>
> 
> I have been checking with the security people at various distros and
> they seem to think just checking for uid=0 would be ok.
> 

Here is a patch for this.

-- 
You received this message because you are subscribed to the Google Groups 
"open-iscsi" group.
To post to this group, send email to open-iscsi@googlegroups.com.
To unsubscribe from this group, send email to 
open-iscsi+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/open-iscsi?hl=en.


>From 4d39b8819dcaed7e65b4095ca70ad6d8f7f72729 Mon Sep 17 00:00:00 2001
From: Mike Christie <micha...@cs.wisc.edu>
Date: Fri, 30 Dec 2011 22:49:49 -0600
Subject: [PATCH] iscsid: check for UID=0 instead of "root"

Setups might have multiple users with root like privileges
but not have the name root. They will have UID=0 though.
This changes the mgmt ipc check for UID=0.
---
 usr/Makefile   |    2 +-
 usr/mgmt_ipc.c |   71 +++----------------------------------------------------
 usr/statics.c  |   20 ---------------
 3 files changed, 5 insertions(+), 88 deletions(-)
 delete mode 100644 usr/statics.c

diff --git a/usr/Makefile b/usr/Makefile
index bc7af2c..f73ff71 100644
--- a/usr/Makefile
+++ b/usr/Makefile
@@ -62,7 +62,7 @@ iscsiadm: $(ISCSI_LIB_SRCS) $(DISCOVERY_SRCS) iscsiadm.o session_mgmt.o
 	$(CC) $(CFLAGS) $^ -o $@ -L../utils/open-isns -lisns
 
 iscsistart: $(ISCSI_LIB_SRCS) $(INITIATOR_SRCS) $(FW_BOOT_SRCS) \
-		iscsistart.o statics.o
+		iscsistart.o 
 	$(CC) $(CFLAGS) -static $^ -o $@
 clean:
 	rm -f *.o $(PROGRAMS) .depend $(LIBSYS)
diff --git a/usr/mgmt_ipc.c b/usr/mgmt_ipc.c
index 5c39c2e..683ce13 100644
--- a/usr/mgmt_ipc.c
+++ b/usr/mgmt_ipc.c
@@ -320,13 +320,10 @@ mgmt_ipc_notify_del_portal(queue_task_t *qtask)
 }
 
 static int
-mgmt_peeruser(int sock, char *user)
+mgmt_verify_user(int sock)
 {
-#if defined(SO_PEERCRED)
-	/* Linux style: use getsockopt(SO_PEERCRED) */
 	struct ucred peercred;
 	socklen_t so_len = sizeof(peercred);
-	struct passwd *pass;
 
 	errno = 0;
 	if (getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &peercred,
@@ -336,71 +333,12 @@ mgmt_peeruser(int sock, char *user)
 		return 0;
 	}
 
-	pass = getpwuid(peercred.uid);
-	if (pass == NULL) {
-		log_error("peeruser_unix: unknown local user with uid %d",
-				(int) peercred.uid);
+	if (peercred.uid != 0) {
+		log_error("User with UID %u.", peercred.uid);
 		return 0;
 	}
 
-	strlcpy(user, pass->pw_name, PEERUSER_MAX);
 	return 1;
-
-#elif defined(SCM_CREDS)
-	struct msghdr msg;
-	typedef struct cmsgcred Cred;
-#define cruid cmcred_uid
-	Cred *cred;
-
-	/* Compute size without padding */
-	/* for NetBSD */
-	char cmsgmem[_ALIGN(sizeof(struct cmsghdr)) + _ALIGN(sizeof(Cred))];
-
-	/* Point to start of first structure */
-	struct cmsghdr *cmsg = (struct cmsghdr *) cmsgmem;
-
-	struct iovec iov;
-	char buf;
-	struct passwd *pw;
-
-	memset(&msg, 0, sizeof(msg));
-	msg.msg_iov = &iov;
-	msg.msg_iovlen = 1;
-	msg.msg_control = (char *) cmsg;
-	msg.msg_controllen = sizeof(cmsgmem);
-	memset(cmsg, 0, sizeof(cmsgmem));
-
-	/*
-	 * The one character which is received here is not meaningful; its
-	 * purposes is only to make sure that recvmsg() blocks long enough for
-	 * the other side to send its credentials.
-	 */
-	iov.iov_base = &buf;
-	iov.iov_len = 1;
-
-	if (recvmsg(sock, &msg, 0) < 0 || cmsg->cmsg_len < sizeof(cmsgmem) ||
-			cmsg->cmsg_type != SCM_CREDS) {
-		log_error("ident_unix: error receiving credentials: %m");
-		return 0;
-	}
-
-	cred = (Cred *) CMSG_DATA(cmsg);
-
-	pw = getpwuid(cred->cruid);
-	if (pw == NULL) {
-		log_error("ident_unix: unknown local user with uid %d",
-				(int) cred->cruid);
-		return 0;
-	}
-
-	strlcpy(user, pw->pw_name, PEERUSER_MAX);
-	return 1;
-
-#else
-	log_error("'mgmg_ipc' auth is not supported on local connections "
-		"on this platform");
-	return 0;
-#endif
 }
 
 static void
@@ -512,7 +450,6 @@ void mgmt_ipc_handle(int accept_fd)
 	int fd, err;
 	queue_task_t *qtask = NULL;
 	mgmt_ipc_fn_t *handler = NULL;
-	char user[PEERUSER_MAX];
 
 	qtask = calloc(1, sizeof(queue_task_t));
 	if (!qtask)
@@ -526,7 +463,7 @@ void mgmt_ipc_handle(int accept_fd)
 	qtask->allocated = 1;
 	qtask->mgmt_ipc_fd = fd;
 
-	if (!mgmt_peeruser(fd, user) || strncmp(user, "root", PEERUSER_MAX)) {
+	if (!mgmt_verify_user(fd)) {
 		err = ISCSI_ERR_ACCESS;
 		goto err;
 	}
diff --git a/usr/statics.c b/usr/statics.c
deleted file mode 100644
index 59fb044..0000000
--- a/usr/statics.c
+++ /dev/null
@@ -1,20 +0,0 @@
-#include <unistd.h>
-#include <pwd.h>
-#include <sys/errno.h>
-#include <sys/types.h>
-
-static struct passwd root_pw = {
-	.pw_name = "root",
-};
-
-struct passwd*
-getpwuid(uid_t uid)
-{
-	if (uid == 0)
-		return &root_pw;
-	else {
-		errno = ENOENT;
-		return 0;
-	}
-}
-
-- 
1.7.7.4