From bbda272145ebbe0cbb65467c1573e583b9e1b7c7 Mon Sep 17 00:00:00 2001

From: Robbie Harwood <rharwood@redhat.com>

Date: Fri, 3 Jun 2016 14:30:36 +0000

Subject: [PATCH] Use new socket if uid, pid, or gid changes

The gssproxy daemon uses SO_PEERCRED to determine credentials of the

connecting process.  However, these credentials are set only at the time

connect has called.  Therefore they must be reset every time uid or pid

changes.  For completeness, we check gid as well.

Signed-off-by: Robbie Harwood <rharwood@redhat.com>

Reviewed-by: Simo Sorce <simo@redhat.com>

Closes #27

---

 proxy/src/client/gpm_common.c | 22 ++++++++++++++++++++++

 1 file changed, 22 insertions(+)

diff --git a/proxy/src/client/gpm_common.c b/proxy/src/client/gpm_common.c

index cb4ccdb..0a54dbc 100644

--- a/proxy/src/client/gpm_common.c

+++ b/proxy/src/client/gpm_common.c

@@ -13,6 +13,12 @@

 struct gpm_ctx {

     pthread_mutex_t lock;

     int fd;

+

+    /* these are only meaningful if fd != -1 */

+    pid_t pid;

+    uid_t uid;

+    gid_t gid;

+

     int next_xid;

 };

@@ -93,6 +99,9 @@ done:

         }

     }

     gpmctx->fd = fd;

+    gpmctx->pid = getpid();

+    gpmctx->uid = geteuid();

+    gpmctx->gid = getegid();

     return ret;

 }

@@ -120,12 +129,25 @@ static void gpm_close_socket(struct gpm_ctx *gpmctx)

 static int gpm_grab_sock(struct gpm_ctx *gpmctx)

 {

     int ret;

+    pid_t p;

+    uid_t u;

+    gid_t g;

     ret = pthread_mutex_lock(&gpmctx->lock);

     if (ret) {

         return ret;

     }

+    /* Detect fork / setresuid and friends */

+    p = getpid();

+    u = geteuid();

+    g = getegid();

+

+    if (gpmctx->fd != -1 &&

+        (p != gpmctx->pid || u != gpmctx->uid || g != gpmctx->gid)) {

+        gpm_close_socket(gpmctx);

+    }

+

     if (gpmctx->fd == -1) {

         ret = gpm_open_socket(gpmctx);

     }

-- 

2.8.1