ln -s ../security-server-app-permissions.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/security-server-app-permissions.socket
ln -s ../security-server-cookie-get.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/security-server-cookie-get.socket
ln -s ../security-server-cookie-check.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/security-server-cookie-check.socket
-ln -s ../security-server-cookie-check-tmp.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/security-server-cookie-check-tmp.socket
ln -s ../security-server-app-privilege-by-name.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/security-server-app-privilege-by-name.socket
ln -s ../security-server-open-for.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/security-server-open-for.socket
ln -s ../security-server-password-check.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/security-server-password-check.socket
%attr(-,root,root) /usr/lib/systemd/system/security-server-cookie-get.socket
%attr(-,root,root) /usr/lib/systemd/system/sockets.target.wants/security-server-cookie-check.socket
%attr(-,root,root) /usr/lib/systemd/system/security-server-cookie-check.socket
-%attr(-,root,root) /usr/lib/systemd/system/sockets.target.wants/security-server-cookie-check-tmp.socket
-%attr(-,root,root) /usr/lib/systemd/system/security-server-cookie-check-tmp.socket
%attr(-,root,root) /usr/lib/systemd/system/sockets.target.wants/security-server-app-privilege-by-name.socket
%attr(-,root,root) /usr/lib/systemd/system/security-server-app-privilege-by-name.socket
%attr(-,root,root) /usr/lib/systemd/system/sockets.target.wants/security-server-open-for.socket
Serialization::Serialize(send, key);
//send buffer to server
- retval = sendToServer(SERVICE_SOCKET_COOKIE_CHECK_TMP, send.Pop(), recv);
+ retval = sendToServer(SERVICE_SOCKET_COOKIE_CHECK, send.Pop(), recv);
if (retval != SECURITY_SERVER_API_SUCCESS) {
LogDebug("Error in sendToServer. Error code: " << retval);
return retval;
Serialization::Serialize(send, key);
//send buffer to server
- retval = sendToServer(SERVICE_SOCKET_COOKIE_CHECK_TMP, send.Pop(), recv);
+ retval = sendToServer(SERVICE_SOCKET_COOKIE_CHECK, send.Pop(), recv);
if (retval != SECURITY_SERVER_API_SUCCESS) {
LogDebug("Error in sendToServer. Error code: " << retval);
return retval;
"/tmp/.security-server-api-cookie-get.sock";
char const * const SERVICE_SOCKET_COOKIE_CHECK =
"/tmp/.security-server-api-cookie-check.sock";
-//TODO: Merge bellow socket with the one above. This should be done
-//after security-server-api-cookie-check.sock will be protected by smack and has proper label
-char const * const SERVICE_SOCKET_COOKIE_CHECK_TMP =
- "/tmp/.security-server-api-cookie-check-tmp.sock";
char const * const SERVICE_SOCKET_OPEN_FOR =
"/tmp/.security-server-api-open-for.sock";
char const * const SERVICE_SOCKET_PASSWD_CHECK =
extern char const * const SERVICE_SOCKET_APP_PRIVILEGE_BY_NAME;
extern char const * const SERVICE_SOCKET_COOKIE_GET;
extern char const * const SERVICE_SOCKET_COOKIE_CHECK;
-extern char const * const SERVICE_SOCKET_COOKIE_CHECK_TMP;
extern char const * const SERVICE_SOCKET_OPEN_FOR;
extern char const * const SERVICE_SOCKET_PASSWD_CHECK;
extern char const * const SERVICE_SOCKET_PASSWD_SET;
//interfaces ID
const int INTERFACE_GET = 0;
const int INTERFACE_CHECK = 1;
-const int INTERFACE_CHECK_TMP = 3;
namespace SecurityServer {
GenericSocketService::ServiceDescriptionVector CookieService::GetServiceDescription() {
return ServiceDescriptionVector {
{SERVICE_SOCKET_COOKIE_GET, "*", INTERFACE_GET },
- {SERVICE_SOCKET_COOKIE_CHECK, "security-server::api-cookie-check", INTERFACE_CHECK},
- {SERVICE_SOCKET_COOKIE_CHECK_TMP, "security-server::api-cookie-check", INTERFACE_CHECK_TMP}
+ {SERVICE_SOCKET_COOKIE_CHECK, "security-server::api-cookie-check", INTERFACE_CHECK}
};
}
retval = privilegeByCookieRequest(buffer, send);
break;
- default:
- LogDebug("Error, unknown function called by client");
- retval = false;
- break;
- };
- } else if (interfaceID == INTERFACE_CHECK_TMP) {
- //TODO: Merge this interface with INTERFACE_CHECK after INTERFACE_CHECK will be secured by smack
- switch(msgType) {
case CookieCall::CHECK_UID:
LogDebug("Entering get-uid-by-cookie side handler");
retval = uidByCookieRequest(buffer, send);
${CMAKE_SOURCE_DIR}/systemd/security-server-cookie-get.socket
${CMAKE_SOURCE_DIR}/systemd/security-server-cookie-check.socket
${CMAKE_SOURCE_DIR}/systemd/security-server-app-privilege-by-name.socket
- ${CMAKE_SOURCE_DIR}/systemd/security-server-cookie-check-tmp.socket
${CMAKE_SOURCE_DIR}/systemd/security-server-open-for.socket
${CMAKE_SOURCE_DIR}/systemd/security-server-password-reset.socket
${CMAKE_SOURCE_DIR}/systemd/security-server-password-check.socket
+++ /dev/null
-#This socket should be removed when security-server-api-cookie-check.sock
-#will be protected by smack and has proper label (at the moment it is '*')
-[Socket]
-ListenStream=/tmp/.security-server-api-cookie-check-tmp.sock
-SocketMode=0777
-SmackLabelIPIn=security-server::api-cookie-check
-SmackLabelIPOut=@
-
-Service=security-server.service
-
-[Unit]
-Wants=security-server.target
-Before=security-server.target
-
-[Install]
-WantedBy=sockets.target
Sockets=security-server-app-privilege-by-name.socket
Sockets=security-server-cookie-get.socket
Sockets=security-server-cookie-check.socket
-Sockets=security-server-cookie-check-tmp.socket
Sockets=security-server-open-for.socket
Sockets=security-server-password-check.socket
Sockets=security-server-password-set.socket