---
src/base/osaf_secutil.c | 57 +++++++++++++++++++++++++++++++++++++-
src/base/osaf_secutil.h | 2 +-
src/imm/immnd/immnd_evt.c | 4 +--
src/log/logd/lgs_config.cc | 2 +-
4 files changed, 60 insertions(+), 5 deletions(-)
diff --git a/src/base/osaf_secutil.c b/src/base/osaf_secutil.c
index 0e175c915..ef27fdded 100644
--- a/src/base/osaf_secutil.c
+++ b/src/base/osaf_secutil.c
@@ -42,6 +42,8 @@
#include <pwd.h>
#include <grp.h>
#include <pthread.h>
+#include <stdio.h>
+#include <ctype.h>
#include "base/osaf_poll.h"
#include "base/logtrace.h"
@@ -184,6 +186,53 @@ static void *auth_server_main(void *_fd)
return 0;
}
+bool osaf_pid_is_member_of_group(pid_t pid, gid_t gid_auth)
+{
+ char path[50];
+ bool state = false;
+ size_t line_buf_size = 0;
+ ssize_t line_size;
+ char *line_buf = NULL;
+ FILE *stream;
+
+ if (!pid)
+ return false;
+ sprintf(path, "/proc/%d/status", pid);
+ stream = fopen(path, "r");
+ if (!stream) {
+ LOG_ER("Error opening file");
+ goto done;
+ }
+
+ while ((line_size = getline(&line_buf, &line_buf_size, stream)) != -1) {
+ if (strstr(line_buf, "Groups") != NULL) {
+ char *pch;
+ for (ssize_t i = 0; i < line_size; i++) {
+ if (line_buf[i] == 0x09) {
+ line_buf[i] = 0x20;
+ break;
+ }
+ }
+
+ pch = strtok(line_buf, " ");
+ while (pch != NULL && pch[0] != 0x0a) {
+ if (isdigit(pch[0]) != 0 &&
+ (gid_t)atoi(pch) == gid_auth) {
+ state = true;
+ goto done;
+ }
+ pch = strtok(NULL, " ");
+ }
+ goto done;
+ }
+ }
+done:
+ free(line_buf);
+ line_buf = NULL;
+ fclose(stream);
+ return state;
+}
+
/*************** public interface follows*************************** */
int osaf_auth_server_create(const char *pathname,
@@ -220,7 +269,7 @@ int osaf_auth_server_create(const char *pathname,
}
/* used by server, logging is OK */
-bool osaf_user_is_member_of_group(uid_t uid, const char *groupname)
+bool osaf_user_is_member_of_group(uid_t uid, const char *groupname, pid_t pid)
{
long grpmembufsize = sysconf(_SC_GETGR_R_SIZE_MAX);
if (grpmembufsize < 0)
@@ -263,6 +312,12 @@ bool osaf_user_is_member_of_group(uid_t uid, const char
*groupname)
return false;
}
+ if (osaf_pid_is_member_of_group(pid, client_grp->gr_gid)) {
+ free(pwdmembuf);
+ free(grpmembuf);
+ return true;
+ }
+
// get password file entry for user
struct passwd pbuf;
struct passwd *client_pwd;
diff --git a/src/base/osaf_secutil.h b/src/base/osaf_secutil.h
index a2389241c..d60cafac7 100644
--- a/src/base/osaf_secutil.h
+++ b/src/base/osaf_secutil.h
@@ -86,7 +86,7 @@ int osaf_auth_server_create(const char *_pathname,
* @param groupname
* @return true if member
*/
-bool osaf_user_is_member_of_group(uid_t uid, const char *groupname);
+bool osaf_user_is_member_of_group(uid_t uid, const char *groupname, pid_t pid);
/**
* Get list of groups that a user belong to
diff --git a/src/imm/immnd/immnd_evt.c b/src/imm/immnd/immnd_evt.c
index 3bd56fe34..5e7c1fe5c 100644
--- a/src/imm/immnd/immnd_evt.c
+++ b/src/imm/immnd/immnd_evt.c
@@ -894,8 +894,8 @@ static uint32_t immnd_evt_proc_imm_init(IMMND_CB *cb,
IMMND_EVT *evt,
const char *authorized_group =
immModel_authorizedGroup(immnd_cb);
if ((authorized_group != NULL) &&
- (osaf_user_is_member_of_group(sinfo->uid,
- authorized_group))) {
+ (osaf_user_is_member_of_group(
+ sinfo->uid, authorized_group, sinfo->pid))) {
TRACE("configured group");
} else {
if (mode == ACCESS_CONTROL_PERMISSIVE) {
diff --git a/src/log/logd/lgs_config.cc b/src/log/logd/lgs_config.cc
index 44e10b84d..0139db329 100644
--- a/src/log/logd/lgs_config.cc
+++ b/src/log/logd/lgs_config.cc
@@ -571,7 +571,7 @@ int lgs_cfg_verify_log_data_groupname(char *group_name) {
rc = -1;
} else {
uid_t uid = getuid();
- if (osaf_user_is_member_of_group(uid, group_name) == false) {
+ if (osaf_user_is_member_of_group(uid, group_name, 0) == false) {
LOG_WA("%s: osaf_user_is_member_of_group() Fail", __FUNCTION__);
rc = -1;
}
--
2.17.1
_______________________________________________
Opensaf-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-devel
