%defattr(-,root,root,-)
/usr/lib/systemd/system/multi-user.target.wants/security-server.service
/usr/lib/systemd/system/security-server.service
-/usr/share/security-server/mw-list
%attr(755,root,root) /etc/rc.d/init.d/security-serverd
%attr(755,root,root) /usr/bin/security-server
return retval;
}
-/* Checking client is pre-defined middleware daemons *
- * Check privilege API is only allowed to middleware daemons *
- * list of middleware daemons' executables are listed in
- * /usr/share/security-server/mw-list */
-int search_middleware_exe_path(char *exe)
-{
- FILE *fp = NULL;
- int ret= SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED;
- size_t len = 0;
- ssize_t cnt = 0;
- char *middleware = NULL;
- int cmp = 0;
-
- /* Open the list file */
- fp = fopen(SECURITY_SERVER_MIDDLEWARE_LIST_PATH, "r");
- if(fp == NULL)
- {
- /* error on file */
- SEC_SVR_DBG("%s", "Error oening mw-list file");
- return SECURITY_SERVER_ERROR_FILE_OPERATION;
- }
-
- /* read file line by line */
- while ((cnt = getline(&middleware, &len, fp)) != -1) {
-
- /* trim trailing whitespaces */
- while (cnt > 0 && isspace(middleware[cnt-1])!=0 )
- cnt--;
- middleware[cnt]='\0';
-
- /* compare middleware list entry with executable */
- cmp = strcmp(middleware, exe);
- free(middleware);
- middleware = NULL;
- if (cmp == 0)
- {
- /* found */
- SEC_SVR_DBG("%s", "found matching executable");
- ret = SECURITY_SERVER_SUCCESS;
- break;
- }
- }
- if(fp != NULL)
- fclose(fp);
- return ret;
-}
-
/* Authenticate the application is middleware daemon
* The middleware must run as root (or middleware user) and the cmd line must be
* pre listed for authentication to succeed */
int authenticate_client_middleware(int sockfd, int *pid)
{
- int retval = SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED;
+ int retval = SECURITY_SERVER_SUCCESS;
struct ucred cr;
unsigned int cl = sizeof(cr);
char *exe = NULL;
goto error;
}
- /* Search executable of the peer that is really middleware executable */
- retval = search_middleware_exe_path(exe);
*pid = cr.pid;
error:
#define SECURITY_SERVER_COOKIE_LEN 20
#define MAX_OBJECT_LABEL_LEN 32
#define MAX_MODE_STR_LEN 16
-#define SECURITY_SERVER_MIDDLEWARE_LIST_PATH "/usr/share/security-server/mw-list"
#define SECURITY_SERVER_MAX_OBJ_NAME 30
#define SECURITY_SERVER_MSG_VERSION 0x01
#define SECURITY_SERVER_ACCEPT_TIMEOUT_MILISECOND 10000