代码拉取完成,页面将自动刷新
Fork 仓库
加载中
确定同步?
同步操作将从 src-openEuler/etmem 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133
From 40e9ddb6fafbcbeda9db7d848967d0b4f38b1514 Mon Sep 17 00:00:00 2001
From: Kemeng Shi <shikemeng@huawei.com>
Date: Thu, 6 May 2021 09:22:05 +0800
Subject: [PATCH 20/50] revert socket permission check
Signed-off-by: Kemeng Shi <shikemeng@huawei.com>
---
inc/etmemd_inc/etmemd_rpc.h | 2 -
src/etmemd_src/etmemd_rpc.c | 78 +++++++++++++++----------------------
2 files changed, 31 insertions(+), 49 deletions(-)
diff --git a/inc/etmemd_inc/etmemd_rpc.h b/inc/etmemd_inc/etmemd_rpc.h
index 4f61390..146cec3 100644
--- a/inc/etmemd_inc/etmemd_rpc.h
+++ b/inc/etmemd_inc/etmemd_rpc.h
@@ -55,7 +55,5 @@ int etmemd_parse_sock_name(const char *sock_name);
int etmemd_rpc_server(void);
bool etmemd_sock_name_set(void);
void etmemd_sock_name_free(void);
-// some engine cmd need to check socket permission
-int check_socket_permission(int sock_fd);
#endif
diff --git a/src/etmemd_src/etmemd_rpc.c b/src/etmemd_src/etmemd_rpc.c
index fe0b975..d7bf8d7 100644
--- a/src/etmemd_src/etmemd_rpc.c
+++ b/src/etmemd_src/etmemd_rpc.c
@@ -181,57 +181,10 @@ free_file:
return ret;
}
-int check_socket_permission(int sock_fd) {
- struct ucred cred;
- socklen_t len;
- ssize_t rc;
-
- len = sizeof(struct ucred);
-
- rc = getsockopt(sock_fd,
- SOL_SOCKET,
- SO_PEERCRED,
- &cred,
- &len);
- if (rc < 0) {
- etmemd_log(ETMEMD_LOG_ERR, "getsockopt failed, err(%s)\n",
- strerror(errno));
- return -1;
- }
-
- if (cred.uid != 0 || cred.gid != 0) {
- etmemd_log(ETMEMD_LOG_ERR, "client socket connect failed, permition denied\n");
- return -1;
- }
-
- return 0;
-}
-
-// ENG_CMD cmd permission checked inside engine
-static int check_cmd_permission(int sock_fd, int cmd)
-{
- switch (cmd) {
- case OBJ_ADD:
- /* fallthrough */
- case OBJ_DEL:
- /* fallthrough */
- case MIG_STOP:
- /* fallthrough */
- case MIG_START:
- return check_socket_permission(sock_fd);
- default:
- return 0;
- }
-}
-
static enum opt_result etmemd_switch_cmd(const struct server_rpc_params svr_param)
{
enum opt_result ret = OPT_INVAL;
- if (check_cmd_permission(svr_param.sock_fd, svr_param.cmd) != 0) {
- return OPT_INVAL;
- }
-
switch (svr_param.cmd) {
case OBJ_ADD:
case OBJ_DEL:
@@ -596,6 +549,32 @@ static void etmemd_rpc_handle(int sock_fd)
return;
}
+int check_socket_permission(int sock_fd) {
+ struct ucred cred;
+ socklen_t len;
+ ssize_t rc;
+
+ len = sizeof(struct ucred);
+
+ rc = getsockopt(sock_fd,
+ SOL_SOCKET,
+ SO_PEERCRED,
+ &cred,
+ &len);
+ if (rc < 0) {
+ etmemd_log(ETMEMD_LOG_ERR, "getsockopt failed, err(%s)\n",
+ strerror(errno));
+ return -1;
+ }
+
+ if (cred.uid != 0 || cred.gid != 0) {
+ etmemd_log(ETMEMD_LOG_ERR, "client socket connect failed, permition denied\n");
+ return -1;
+ }
+
+ return 0;
+}
+
static int etmemd_rpc_accept(int sock_fd)
{
char *recv_buf = NULL;
@@ -618,6 +597,11 @@ static int etmemd_rpc_accept(int sock_fd)
return 0;
}
+ rc = check_socket_permission(accp_fd);
+ if (rc != 0) {
+ goto RPC_EXIT;
+ }
+
rc = recv(accp_fd, recv_buf, RPC_BUFF_LEN_MAX, 0);
if (rc <= 0) {
etmemd_log(ETMEMD_LOG_WARN, "socket recive from client fail, error(%s)\n",
--
2.27.0
举报
请认真填写举报原因,尽可能描述详细。
请选择举报类型
误判申诉
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化