diff options
author | Sumit Bose <sbose@redhat.com> | 2012-07-05 10:50:08 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-07-10 09:07:26 -0400 |
commit | 2d257ccf620ce1b611f89cec8f0a94c88c2f2881 (patch) | |
tree | 6e3c67e2922c366d3b60ae477d2e2dd8fbbd6763 /src/confdb | |
parent | a56156c13c71a96166b0a8f3921e67f36470f8d7 (diff) | |
download | sssd-2d257ccf620ce1b611f89cec8f0a94c88c2f2881.tar.gz sssd-2d257ccf620ce1b611f89cec8f0a94c88c2f2881.tar.bz2 sssd-2d257ccf620ce1b611f89cec8f0a94c88c2f2881.zip |
pac responder: limit access by checking UIDs
A check for allowed UIDs is added in the common responder code directly
after accept(). If the platform does not support reading the UID of the
peer but allowed UIDs are configured, access is denied.
Currently only the PAC responder sets the allowed UIDs for a socket. The
default is that only root is allowed to access the socket of the PAC
responder.
Fixes: https://fedorahosted.org/sssd/ticket/1382
Diffstat (limited to 'src/confdb')
-rw-r--r-- | src/confdb/confdb.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 8ed23565..6f6b730a 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -57,6 +57,7 @@ #define CONFDB_SERVICE_FORCE_TIMEOUT "force_timeout" #define CONFDB_SERVICE_RECON_RETRIES "reconnection_retries" #define CONFDB_SERVICE_FD_LIMIT "fd_limit" +#define CONFDB_SERVICE_ALLOWED_UIDS "allowed_uids" /* Monitor */ #define CONFDB_MONITOR_CONF_ENTRY "config/sssd" |