diff options
| -rw-r--r-- | configure.ac | 11 | ||||
| -rw-r--r-- | src/libqmi-glib/qmi-proxy.c | 38 |
2 files changed, 43 insertions, 6 deletions
diff --git a/configure.ac b/configure.ac index 3a63843..8c73ca7 100644 --- a/configure.ac +++ b/configure.ac @@ -79,6 +79,17 @@ AC_SUBST(GLIB_MKENUMS) dnl Documentation GTK_DOC_CHECK(1.0) +# QMI proxy UID +AC_ARG_ENABLE(qmi-proxy-username, + AS_HELP_STRING([--enable-qmi-proxy-username=<username>], [where qmi proxy username is]), + qmi_proxy_username=$enableval, + qmi_proxy_username="") +if ! test x"$qmi_proxy_username" = x""; then + AC_DEFINE_UNQUOTED(QMI_PROXY_USERNAME, $qmi_proxy_username, [Define the QMI Proxy username]) +else + AC_DEFINE(QMI_PROXY_USERNAME, "root", [Define the QMI Proxy username]) +fi + dnl Man page AC_PATH_PROG(HELP2MAN, help2man, false) AM_CONDITIONAL(BUILDOPT_MAN, test x$HELP2MAN != xfalse) diff --git a/src/libqmi-glib/qmi-proxy.c b/src/libqmi-glib/qmi-proxy.c index 33916fb..d446e8f 100644 --- a/src/libqmi-glib/qmi-proxy.c +++ b/src/libqmi-glib/qmi-proxy.c @@ -24,12 +24,15 @@ #include <string.h> #include <ctype.h> #include <sys/file.h> +#include <sys/types.h> #include <errno.h> +#include <pwd.h> #include <glib.h> #include <glib/gstdio.h> #include <gio/gunixsocketaddress.h> +#include "config.h" #include "qmi-enum-types.h" #include "qmi-error-types.h" #include "qmi-device.h" @@ -625,6 +628,7 @@ incoming_cb (GSocketService *service, Client *client; GCredentials *credentials; GError *error = NULL; + struct passwd *expected_usr = NULL; uid_t uid; g_debug ("client connection open..."); @@ -644,8 +648,17 @@ incoming_cb (GSocketService *service, return; } - if (uid != 0) { - g_warning ("Client not allowed: Not enough privileges"); + expected_usr = getpwnam (QMI_PROXY_USERNAME); + if (!expected_usr) { + g_warning ("Unknown user configured: %s", QMI_PROXY_USERNAME); + /* Falling back to check for root user if the configured user is unknown */ + if (uid != 0) { + g_warning ("Client not allowed: Not enough privileges"); + return; + } + } + else if (uid != expected_usr->pw_uid) { + g_warning ("Client not allowed: Not the expected user: %s", QMI_PROXY_USERNAME); return; } @@ -731,13 +744,26 @@ QmiProxy * qmi_proxy_new (GError **error) { QmiProxy *self; - - /* Only root can run the qmi-proxy */ - if (getuid () != 0) { + struct passwd *expected_usr = NULL; + + /* Only the specified user can run the mbim-proxy */ + expected_usr = getpwnam (QMI_PROXY_USERNAME); + if (!expected_usr) { + g_warning ("Unknown user configured: %s", QMI_PROXY_USERNAME); + /* Falling back to check for root user if the configured user is unknown */ + if (getuid () != 0) { + g_set_error (error, + QMI_CORE_ERROR, + QMI_CORE_ERROR_FAILED, + "Not enough privileges"); + return NULL; + } + } + else if (getuid () != expected_usr->pw_uid) { g_set_error (error, QMI_CORE_ERROR, QMI_CORE_ERROR_FAILED, - "Not enough privileges"); + "Not started with the expected user: %s", QMI_PROXY_USERNAME); return NULL; } |