Hi all,
I would like to begin to thank you guys for making openconnect happen!
I've been successfully compiling and running ocserv on FreeBSD
10.0-RELEASE amd64 with one slight problem. Clients cannot connect
because sec-mod thinks the connecting worker peer is uid 0, hence:
ocserv-0.8.2 run with the following flags:
$ ocserv -d 9999 -f -c /usr/local/etc/ocserv/ocserv.conf
From the log:
ocserv[93036]: worker: x.x.x.x:30875 sending message 'auth cookie
request' to main
ocserv[93025]: main: x.x.x.x:30875 main received message 'auth cookie
request' of 114 bytes
ocserv[93025]: main: x.x.x.x:30875 new cookie for 'kc' (93036)
ocserv[93025]: main: x.x.x.x:30875 sending msg sm: session open to sec-mod
ocserv[93026]: sec-mod: received request from a processes with uid 0
ocserv[93026]: sec-mod: received unauthorized request from a process
with uid 0
ocserv[93026]: sec-mod: rejected unauthorized connection
I've tracked down the code which invalidates the request, line 111 - 115
in system.c, function check_upeer_id():
if (euid != uid || egid != gid) {
syslog(LOG_DEBUG,
"%s: received unauthorized request from a process with
uid %u",
mod, (unsigned)euid);
return -1;
}
I believe it is because the code on line 94 isn't properly working?
ret = getpeereid(cfd, &euid, &egid);
It receives the wrong uid and gid of the peer anyway.
if lines 111 - 115 is commented out clients can connect fine.
I've tried to track down where the problem is but couldn't find it. Any
idea how to fix this? I would gladly help in any way.
If I get this to work I will try to get this in the FreeBSD ports
collection.
Thanks,
Best regards,
Kalle Carlbark
