* If we need, we can extend in the futer */
int authenticate_client_application(int sockfd, int *pid, int *uid)
{
- int retval = 0;
- struct ucred cr;
- unsigned int cl = sizeof(cr);
+ struct ucred cr;
+ unsigned int cl = sizeof(cr);
/* get PID of socket peer */
if(getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, &cr, &cl) != 0)
{
- SEC_SVR_ERR("%s", "getsockopt failed");
+ SEC_SVR_DBG("%s", "getsockopt failed");
return SECURITY_SERVER_ERROR_SOCKET;
}
-
*pid = cr.pid;
*uid = cr.uid;
-
return SECURITY_SERVER_SUCCESS;
}
* pre listed for authentication to succeed */
int authenticate_client_middleware(int sockfd, int *pid)
{
- return SECURITY_SERVER_SUCCESS;
+ int uid;
+ return authenticate_client_application(sockfd, pid, &uid);
#if 0
int retval = SECURITY_SERVER_SUCCESS;
struct ucred cr;
if(retval != SECURITY_SERVER_SUCCESS)
{
SEC_SVR_ERR("%s", "Client Authentication Failed");
- retval = send_generic_response(sockfd,
+ retval = send_generic_response(sockfd,
SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE,
SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
if(retval != SECURITY_SERVER_SUCCESS)
int client_has_access(int sockfd, const char *object) {
char *label = NULL;
int ret = 0;
+ int pid = -1;
+ int uid = -1;
if (smack_check())
{
if (0 >= (ret = smack_have_access(label, object, "rw")))
ret = 0;
}
+
+ if (SECURITY_SERVER_SUCCESS == authenticate_client_application(sockfd, &pid, &uid))
+ SEC_SVR_DBG("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=rw, result=%d",
+ pid, label, object, ret);
+
free(label);
return ret;
}