about summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
authorLaurent Bercot <ska-skaware@skarnet.org>2019-02-04 14:11:35 +0000
committerLaurent Bercot <ska-skaware@skarnet.org>2019-02-04 14:11:35 +0000
commitfb6877e47d8a60b1e00ea55b2203589a43a610d0 (patch)
tree49af428a6b4aea0058737332f329ca834c86c06f /src
parentf0109069e88e99319bc23636b59fc03875c0a1c6 (diff)
downloads6-fb6877e47d8a60b1e00ea55b2203589a43a610d0.tar.gz
s6-fb6877e47d8a60b1e00ea55b2203589a43a610d0.tar.xz
s6-fb6877e47d8a60b1e00ea55b2203589a43a610d0.zip
Add -I option to s6-ipcserver-access
Diffstat (limited to 'src')
-rw-r--r--src/conn-tools/s6-ipcserver-access.c19


1 files changed, 11 insertions, 8 deletions
diff --git a/src/conn-tools/s6-ipcserver-access.c b/src/conn-tools/s6-ipcserver-access.c
index c423974..21171fd 100644
--- a/src/conn-tools/s6-ipcserver-access.c
+++ b/src/conn-tools/s6-ipcserver-access.c
@@ -14,7 +14,7 @@
 #include <execline/config.h>
 #include <s6/accessrules.h>
 
-#define USAGE "s6-ipcserver-access [ -v verbosity ] [ -e | -E ] [ -l localname ] [ -i rulesdir | -x rulesfile ] prog..."
+#define USAGE "s6-ipcserver-access [ -v verbosity ] [ -e | -E ] [ -l localname ] [ -I ] [ -i rulesdir | -x rulesfile ] prog..."
 
 static unsigned int verbosity = 1 ;
 
@@ -108,7 +108,6 @@ static inline int check (s6_accessrules_params_t *params, char const *rules, uns
   }
 }
 
-
 int main (int argc, char const *const *argv, char const *const *envp)
 {
   s6_accessrules_params_t params = S6_ACCESSRULES_PARAMS_ZERO ;
@@ -119,13 +118,14 @@ int main (int argc, char const *const *argv, char const *const *envp)
   uid_t uid = 0 ;
   gid_t gid = 0 ;
   unsigned int rulestype = 0 ;
+  int identity = 0 ;
   int doenv = 1 ;
   PROG = "s6-ipcserver-access" ;
   {
     subgetopt_t l = SUBGETOPT_ZERO ;
     for (;;)
     {
-      int opt = subgetopt_r(argc, argv, "v:Eel:i:x:", &l) ;
+      int opt = subgetopt_r(argc, argv, "v:Eel:Ii:x:", &l) ;
       if (opt == -1) break ;
       switch (opt)
       {
@@ -133,6 +133,7 @@ int main (int argc, char const *const *argv, char const *const *envp)
         case 'E' : doenv = 0 ; break ;
         case 'e' : doenv = 1 ; break ;
         case 'l' : localname = l.arg ; break ;
+        case 'I' : identity = 1 ; break ;
         case 'i' : rules = l.arg ; rulestype = 1 ; break ;
         case 'x' : rules = l.arg ; rulestype = 2 ; break ;
         default : dieusage() ;
@@ -161,11 +162,13 @@ int main (int argc, char const *const *argv, char const *const *envp)
     if (!gid0_scan(x, &gid)) strerr_dieinvalid(100, tmp) ;
   }
 
-  if (!check(&params, rules, rulestype, uid, gid))
-  {
-    if (verbosity >= 2) log_deny(getpid(), uid, gid) ;
-    return 1 ;
-  }
+  if (identity && uid == geteuid() && gid == getegid()) goto accepted ;
+  if (check(&params, rules, rulestype, uid, gid)) goto accepted ;
+
+  if (verbosity >= 2) log_deny(getpid(), uid, gid) ;
+  return 1 ;
+
+ accepted:
   if (verbosity) log_accept(getpid(), uid, gid) ;
 
   if (doenv)

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-24 22:22:39 +0000