Add SMACK_LOG in client_has_access.

Security-server must inform that client does not have access to
some service provided by him.

Fix problem with random pid client in security-server logs.

[Issue#]   SSDWSSP-226
[Bug]      Security server shows rundom value as client pid.
[Cause]    Function responsible for client pid extraction wass comment out.
[Solution] N/A

[Verification] Run test. Check logs. Pid of client process should be
shown correctly.

Change-Id: Ifdb0712b1d6f22a71a3e90b2264666f0ec7146da

diff --git a/src/communication/security-server-comm.c b/src/communication/security-server-comm.c
index 8c05259..8c675cf 100644 (file)
--- a/src/communication/security-server-comm.c
+++ b/src/communication/security-server-comm.c
@@ -2454,20 +2454,17 @@ int recv_pwd_response(int sockfd, response_header *hdr,
  * If we need, we can extend in the futer */
 int authenticate_client_application(int sockfd, int *pid, int *uid)
 {
-       int retval = 0;
-       struct ucred cr;
-       unsigned int cl = sizeof(cr);
+    struct ucred cr;
+    unsigned int cl = sizeof(cr);
 
     /* get PID of socket peer */
     if(getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, &cr, &cl) != 0)
     {
-        SEC_SVR_ERR("%s", "getsockopt failed");
+        SEC_SVR_DBG("%s", "getsockopt failed");
         return SECURITY_SERVER_ERROR_SOCKET;
     }
-
     *pid = cr.pid;
     *uid = cr.uid;
-
     return SECURITY_SERVER_SUCCESS;
 }
 
@@ -2476,7 +2473,8 @@ int authenticate_client_application(int sockfd, int *pid, int *uid)
  * pre listed for authentication to succeed */
 int authenticate_client_middleware(int sockfd, int *pid)
 {
-       return SECURITY_SERVER_SUCCESS;
+    int uid;
+    return authenticate_client_application(sockfd, pid, &uid);
 #if 0
        int retval = SECURITY_SERVER_SUCCESS;
        struct ucred cr;

diff --git a/src/server/security-server-main.c b/src/server/security-server-main.c
index 66ae190..f299ce7 100644 (file)
--- a/src/server/security-server-main.c
+++ b/src/server/security-server-main.c
@@ -505,7 +505,7 @@ int process_check_privilege_new_request(int sockfd)
        if(retval != SECURITY_SERVER_SUCCESS)
        {
                SEC_SVR_ERR("%s", "Client Authentication Failed");
-               retval = send_generic_response(sockfd, 
+               retval = send_generic_response(sockfd,
                                SECURITY_SERVER_MSG_TYPE_CHECK_PRIVILEGE_NEW_RESPONSE,
                                SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED);
                if(retval != SECURITY_SERVER_SUCCESS)
@@ -1122,6 +1122,8 @@ error:
 int client_has_access(int sockfd, const char *object) {
     char *label = NULL;
     int ret = 0;
+    int pid = -1;
+    int uid = -1;
 
     if (smack_check())
     {
@@ -1132,6 +1134,11 @@ int client_has_access(int sockfd, const char *object) {
         if (0 >= (ret = smack_have_access(label, object, "rw")))
             ret = 0;
     }
+
+    if (SECURITY_SERVER_SUCCESS == authenticate_client_application(sockfd, &pid, &uid))
+        SEC_SVR_DBG("SS_SMACK: caller_pid=%d, subject=%s, object=%s, access=rw, result=%d",
+            pid, label, object, ret);
+
     free(label);
     return ret;
 }