Message ID | 20210910114120.13665-30-mwilck@suse.com (mailing list archive) |
---|---|
State | Not Applicable, archived |
Delegated to: | christophe varoqui |
Headers | show |
Series | multipathd: uxlsnr overhaul | expand |
On Fri, Sep 10, 2021 at 01:41:14PM +0200, mwilck@suse.com wrote: > From: Martin Wilck <mwilck@suse.com> > > Rather than using a separate poor-man's parser for checking root > commands, use the real parser. It will return "LIST" as first verb > for the read-only commands that non-root users may execute. > Reviewed-by: Benjamin Marzinski <bmarzins@redhat.com> > Signed-off-by: Martin Wilck <mwilck@suse.com> > --- > multipathd/uxlsnr.c | 27 +++++++++++++++++---------- > 1 file changed, 17 insertions(+), 10 deletions(-) > > diff --git a/multipathd/uxlsnr.c b/multipathd/uxlsnr.c > index cfff0ae..ff9604f 100644 > --- a/multipathd/uxlsnr.c > +++ b/multipathd/uxlsnr.c > @@ -362,16 +362,15 @@ static int uxsock_trigger(struct client *c, void *trigger_data) > > vecs = (struct vectors *)trigger_data; > > - > - if (!c->is_root && > - (strncmp(c->cmd, "list", strlen("list")) != 0) && > - (strncmp(c->cmd, "show", strlen("show")) != 0)) { > - append_strbuf_str(&c->reply, "permission deny: need to be root"); > - return r; > - } > - > r = parse_cmd(c); > > + if (r == 0 && c->cmdvec && VECTOR_SIZE(c->cmdvec) > 0) { > + struct key *kw = VECTOR_SLOT(c->cmdvec, 0); > + > + if (!c->is_root && kw->code != LIST) > + r = EPERM; > + } > + > if (r == 0 && c->handler) > r = execute_handler(c, vecs, uxsock_timeout / 1000); > > @@ -381,10 +380,18 @@ static int uxsock_trigger(struct client *c, void *trigger_data) > } > > if (r > 0) { > - if (r == ETIMEDOUT) > + switch(r) { > + case ETIMEDOUT: > append_strbuf_str(&c->reply, "timeout\n"); > - else > + break; > + case EPERM: > + append_strbuf_str(&c->reply, > + "permission deny: need to be root\n"); > + break; > + default: > append_strbuf_str(&c->reply, "fail\n"); > + break; > + } > } > else if (!r && get_strbuf_len(&c->reply) == 0) { > append_strbuf_str(&c->reply, "ok\n"); > -- > 2.33.0 -- dm-devel mailing list dm-devel@redhat.com https://listman.redhat.com/mailman/listinfo/dm-devel
diff --git a/multipathd/uxlsnr.c b/multipathd/uxlsnr.c index cfff0ae..ff9604f 100644 --- a/multipathd/uxlsnr.c +++ b/multipathd/uxlsnr.c @@ -362,16 +362,15 @@ static int uxsock_trigger(struct client *c, void *trigger_data) vecs = (struct vectors *)trigger_data; - - if (!c->is_root && - (strncmp(c->cmd, "list", strlen("list")) != 0) && - (strncmp(c->cmd, "show", strlen("show")) != 0)) { - append_strbuf_str(&c->reply, "permission deny: need to be root"); - return r; - } - r = parse_cmd(c); + if (r == 0 && c->cmdvec && VECTOR_SIZE(c->cmdvec) > 0) { + struct key *kw = VECTOR_SLOT(c->cmdvec, 0); + + if (!c->is_root && kw->code != LIST) + r = EPERM; + } + if (r == 0 && c->handler) r = execute_handler(c, vecs, uxsock_timeout / 1000); @@ -381,10 +380,18 @@ static int uxsock_trigger(struct client *c, void *trigger_data) } if (r > 0) { - if (r == ETIMEDOUT) + switch(r) { + case ETIMEDOUT: append_strbuf_str(&c->reply, "timeout\n"); - else + break; + case EPERM: + append_strbuf_str(&c->reply, + "permission deny: need to be root\n"); + break; + default: append_strbuf_str(&c->reply, "fail\n"); + break; + } } else if (!r && get_strbuf_len(&c->reply) == 0) { append_strbuf_str(&c->reply, "ok\n");