This is an automated email from the git hooks/post-receive script.
simo pushed a change to branch master in repository gssproxy.
from b5d1a18 Fix typo in gp_get_export_creds_type() new bbda272 Use new socket if uid, pid, or gid changes
The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference.
Summary of changes: proxy/src/client/gpm_common.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
This is an automated email from the git hooks/post-receive script.
simo pushed a commit to branch master in repository gssproxy.
commit bbda272145ebbe0cbb65467c1573e583b9e1b7c7 Author: Robbie Harwood rharwood@redhat.com Date: Fri Jun 3 14:30:36 2016 +0000
Use new socket if uid, pid, or gid changes
The gssproxy daemon uses SO_PEERCRED to determine credentials of the connecting process. However, these credentials are set only at the time connect has called. Therefore they must be reset every time uid or pid changes. For completeness, we check gid as well.
Signed-off-by: Robbie Harwood rharwood@redhat.com Reviewed-by: Simo Sorce simo@redhat.com Closes #27 --- proxy/src/client/gpm_common.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c index cb4ccdb..0a54dbc 100644 --- a/proxy/src/client/gpm_common.c +++ b/proxy/src/client/gpm_common.c @@ -13,6 +13,12 @@ struct gpm_ctx { pthread_mutex_t lock; int fd; + + /* these are only meaningful if fd != -1 */ + pid_t pid; + uid_t uid; + gid_t gid; + int next_xid; };
@@ -93,6 +99,9 @@ done: } } gpmctx->fd = fd; + gpmctx->pid = getpid(); + gpmctx->uid = geteuid(); + gpmctx->gid = getegid(); return ret; }
@@ -120,12 +129,25 @@ static void gpm_close_socket(struct gpm_ctx *gpmctx) static int gpm_grab_sock(struct gpm_ctx *gpmctx) { int ret; + pid_t p; + uid_t u; + gid_t g;
ret = pthread_mutex_lock(&gpmctx->lock); if (ret) { return ret; }
+ /* Detect fork / setresuid and friends */ + p = getpid(); + u = geteuid(); + g = getegid(); + + if (gpmctx->fd != -1 && + (p != gpmctx->pid || u != gpmctx->uid || g != gpmctx->gid)) { + gpm_close_socket(gpmctx); + } + if (gpmctx->fd == -1) { ret = gpm_open_socket(gpmctx); }
gss-proxy@lists.fedorahosted.org