diff options
Diffstat (limited to 'src/libqmi-glib/qmi-proxy.c')
-rw-r--r-- | src/libqmi-glib/qmi-proxy.c | 38 |
1 files changed, 32 insertions, 6 deletions
diff --git a/src/libqmi-glib/qmi-proxy.c b/src/libqmi-glib/qmi-proxy.c index 33916fb..d446e8f 100644 --- a/src/libqmi-glib/qmi-proxy.c +++ b/src/libqmi-glib/qmi-proxy.c @@ -24,12 +24,15 @@ #include <string.h> #include <ctype.h> #include <sys/file.h> +#include <sys/types.h> #include <errno.h> +#include <pwd.h> #include <glib.h> #include <glib/gstdio.h> #include <gio/gunixsocketaddress.h> +#include "config.h" #include "qmi-enum-types.h" #include "qmi-error-types.h" #include "qmi-device.h" @@ -625,6 +628,7 @@ incoming_cb (GSocketService *service, Client *client; GCredentials *credentials; GError *error = NULL; + struct passwd *expected_usr = NULL; uid_t uid; g_debug ("client connection open..."); @@ -644,8 +648,17 @@ incoming_cb (GSocketService *service, return; } - if (uid != 0) { - g_warning ("Client not allowed: Not enough privileges"); + expected_usr = getpwnam (QMI_PROXY_USERNAME); + if (!expected_usr) { + g_warning ("Unknown user configured: %s", QMI_PROXY_USERNAME); + /* Falling back to check for root user if the configured user is unknown */ + if (uid != 0) { + g_warning ("Client not allowed: Not enough privileges"); + return; + } + } + else if (uid != expected_usr->pw_uid) { + g_warning ("Client not allowed: Not the expected user: %s", QMI_PROXY_USERNAME); return; } @@ -731,13 +744,26 @@ QmiProxy * qmi_proxy_new (GError **error) { QmiProxy *self; - - /* Only root can run the qmi-proxy */ - if (getuid () != 0) { + struct passwd *expected_usr = NULL; + + /* Only the specified user can run the mbim-proxy */ + expected_usr = getpwnam (QMI_PROXY_USERNAME); + if (!expected_usr) { + g_warning ("Unknown user configured: %s", QMI_PROXY_USERNAME); + /* Falling back to check for root user if the configured user is unknown */ + if (getuid () != 0) { + g_set_error (error, + QMI_CORE_ERROR, + QMI_CORE_ERROR_FAILED, + "Not enough privileges"); + return NULL; + } + } + else if (getuid () != expected_usr->pw_uid) { g_set_error (error, QMI_CORE_ERROR, QMI_CORE_ERROR_FAILED, - "Not enough privileges"); + "Not started with the expected user: %s", QMI_PROXY_USERNAME); return NULL; } |