From 9783bd337c47329124d6cac28cd6b95e47657be4 Mon Sep 17 00:00:00 2001 From: Bartlomiej Grzelewski Date: Wed, 8 May 2013 16:29:05 +0200 Subject: [PATCH] Add SMACK_LOG in client_has_access. Security-server must inform that client does not have access to some service provided by him. Fix problem with random pid client in security-server logs. [Issue#] SSDWSSP-226 [Bug] Security server shows rundom value as client pid. [Cause] Function responsible for client pid extraction wass comment out. [Solution] N/A [Verification] Run test. Check logs. Pid of client process should be shown correctly. Change-Id: Ifdb0712b1d6f22a71a3e90b2264666f0ec7146da --- src/communication/security-server-comm.c | 12 +++++------- src/server/security-server-main.c | 9 ++++++++- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/src/communication/security-server-comm.c b/src/communication/security-server-comm.c index 8c05259..8c675cf 100644 --- a/src/communication/security-server-comm.c +++ b/src/communication/security-server-comm.c @@ -2454,20 +2454,17 @@ int recv_pwd_response(int sockfd, response_header *hdr, * If we need, we can extend in the futer */ int authenticate_client_application(int sockfd, int *pid, int *uid) { - int retval = 0; - struct ucred cr; - unsigned int cl = sizeof(cr); + struct ucred cr; + unsigned int cl = sizeof(cr); /* get PID of socket peer */ if(getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, &cr, &cl) != 0) { - SEC_SVR_ERR("%s", "getsockopt failed"); + SEC_SVR_DBG("%s", "getsockopt failed"); return SECURITY_SERVER_ERROR_SOCKET; } - *pid = cr.pid; *uid = cr.uid; - return SECURITY_SERVER_SUCCESS; } @@ -2476,7 +2473,8 @@ int authenticate_client_application(int sockfd, int *pid, int *uid) * pre listed for authentication to succeed */ int authenticate_client_middleware(int sockfd, int *pid) { - return SECURITY_SERVER_SUCCESS; + int uid; + return authenticate_client_application(sockfd, pid, &uid); #if 0 int retval = SECURITY_SERVER_SUCCESS; struct ucred cr; diff --git a/src/server/security-server-main.c b/src/server/security-server-main.c index 66ae190..f299ce7 100644 --- a/src/server/security-server-main.c +++ b/src/server/security-server-main.c @@ -505,7 +505,7 @@ int process_check_privilege_new_request(int sockfd) if(retval != SECURITY_SERVER_SUCCESS) { SEC_SVR_ERR("%s", "Client Authentication Failed"); - retval = send_generic_response(sockfd, + retval = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE, SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED); if(retval != SECURITY_SERVER_SUCCESS) @@ -1122,6 +1122,8 @@ error: int client_has_access(int sockfd, const char *object) { char *label = NULL; int ret = 0; + int pid = -1; + int uid = -1; if (smack_check()) { @@ -1132,6 +1134,11 @@ int client_has_access(int sockfd, const char *object) { if (0 >= (ret = smack_have_access(label, object, "rw"))) ret = 0; } + + if (SECURITY_SERVER_SUCCESS == authenticate_client_application(sockfd, &pid, &uid)) + SEC_SVR_DBG("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=rw, result=%d", + pid, label, object, ret); + free(label); return ret; } -- 2.7.4