Re: [PATCH 29/35] multipathd: uxlsnr: use parser to determine non-root commands

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Sep 10, 2021 at 01:41:14PM +0200, mwilck@xxxxxxxx wrote:
> From: Martin Wilck <mwilck@xxxxxxxx>
> 
> Rather than using a separate poor-man's parser for checking root
> commands, use the real parser. It will return "LIST" as first verb
> for the read-only commands that non-root users may execute.
> 
Reviewed-by: Benjamin Marzinski <bmarzins@xxxxxxxxxx>
> Signed-off-by: Martin Wilck <mwilck@xxxxxxxx>
> ---
>  multipathd/uxlsnr.c | 27 +++++++++++++++++----------
>  1 file changed, 17 insertions(+), 10 deletions(-)
> 
> diff --git a/multipathd/uxlsnr.c b/multipathd/uxlsnr.c
> index cfff0ae..ff9604f 100644
> --- a/multipathd/uxlsnr.c
> +++ b/multipathd/uxlsnr.c
> @@ -362,16 +362,15 @@ static int uxsock_trigger(struct client *c, void *trigger_data)
>  
>  	vecs = (struct vectors *)trigger_data;
>  
> -
> -	if (!c->is_root &&
> -	    (strncmp(c->cmd, "list", strlen("list")) != 0) &&
> -	    (strncmp(c->cmd, "show", strlen("show")) != 0)) {
> -		append_strbuf_str(&c->reply, "permission deny: need to be root");
> -		return r;
> -	}
> -
>  	r = parse_cmd(c);
>  
> +	if (r == 0 && c->cmdvec && VECTOR_SIZE(c->cmdvec) > 0) {
> +		struct key *kw = VECTOR_SLOT(c->cmdvec, 0);
> +
> +		if (!c->is_root && kw->code != LIST)
> +			r = EPERM;
> +	}
> +
>  	if (r == 0 && c->handler)
>  		r = execute_handler(c, vecs, uxsock_timeout / 1000);
>  
> @@ -381,10 +380,18 @@ static int uxsock_trigger(struct client *c, void *trigger_data)
>  	}
>  
>  	if (r > 0) {
> -		if (r == ETIMEDOUT)
> +		switch(r) {
> +		case ETIMEDOUT:
>  			append_strbuf_str(&c->reply, "timeout\n");
> -		else
> +			break;
> +		case EPERM:
> +			append_strbuf_str(&c->reply,
> +					  "permission deny: need to be root\n");
> +			break;
> +		default:
>  			append_strbuf_str(&c->reply, "fail\n");
> +			break;
> +		}
>  	}
>  	else if (!r && get_strbuf_len(&c->reply) == 0) {
>  		append_strbuf_str(&c->reply, "ok\n");
> -- 
> 2.33.0

--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/dm-devel




[Index of Archives]     [DM Crypt]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite Discussion]     [KDE Users]     [Fedora Docs]

  Powered by Linux