[sr-dev] git:master: modules/carrierroute fixed permission checking in mod_init

Marius Zbihlei marius.zbihlei at 1and1.ro
Fri Apr 1 16:16:44 CEST 2011


Module: sip-router
Branch: master
Commit: 78f3ede8c89a0456460158157439da90290ee8ad
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=78f3ede8c89a0456460158157439da90290ee8ad

Author: Marius Zbihlei <marius.zbihlei at 1and1.ro>
Committer: Marius Zbihlei <marius.zbihlei at 1and1.ro>
Date:   Fri Apr  1 17:14:01 2011 +0300

modules/carrierroute fixed permission checking in mod_init

Check the permission of the cfg file based on the user settings passed to the daemon, it it applies

---

 modules/carrierroute/carrierroute.c |   18 ++++++++++++++++--
 1 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/modules/carrierroute/carrierroute.c b/modules/carrierroute/carrierroute.c
index 1a7abe7..3200cb2 100644
--- a/modules/carrierroute/carrierroute.c
+++ b/modules/carrierroute/carrierroute.c
@@ -40,6 +40,7 @@
 #include "../../sr_module.h"
 #include "../../str.h"
 #include "../../mem/mem.h"
+#include "../../ut.h" /* for user2uid() */
 #include "carrierroute.h"
 #include "cr_fixup.h"
 #include "cr_map.h"
@@ -154,6 +155,8 @@ struct module_exports exports = {
  */
 static int mod_init(void) {
 	struct stat fs;
+	extern char* user; /*from main.c*/
+	int uid, gid;
 
 	if(register_mi_mod(exports.name, mi_cmds)!=0)
 	{
@@ -197,9 +200,20 @@ static int mod_init(void) {
 		if(fs.st_mode & S_IWOTH){
 			LM_WARN("insecure file permissions, routing data is world writeable\n");
 		}
+
+		if (user){
+			if (user2uid(&uid, &gid, user)<0){
+				LM_ERR("bad user name/uid number: -u %s\n", user);
+				return -1;
+			}
+		} else {
+			uid = geteuid();
+			gid = getegid();
+		}
+
 		if( !( fs.st_mode & S_IWOTH) &&
-			!((fs.st_mode & S_IWGRP) && (fs.st_gid == getegid())) &&
-			!((fs.st_mode & S_IWUSR) && (fs.st_uid == geteuid())) ) {
+			!((fs.st_mode & S_IWGRP) && (fs.st_gid == uid)) &&
+			!((fs.st_mode & S_IWUSR) && (fs.st_uid == gid))) {
 				LM_ERR("config file %s not writable\n", config_file);
 				return -1;
 		}




More information about the sr-dev mailing list