119 строки
4.0 KiB
Diff
119 строки
4.0 KiB
Diff
diff -up usbguard-0.7.6/src/Library/IPCServerPrivate.cpp.orig usbguard-0.7.6/src/Library/IPCServerPrivate.cpp
|
|
--- usbguard-0.7.6/src/Library/IPCServerPrivate.cpp.orig 2019-11-25 12:11:49.632373175 +0100
|
|
+++ usbguard-0.7.6/src/Library/IPCServerPrivate.cpp 2019-11-25 12:12:42.361781652 +0100
|
|
@@ -242,6 +242,22 @@ namespace usbguard
|
|
return stats->client_pid;
|
|
}
|
|
|
|
+ void IPCServerPrivate::qbIPCConnectionAuthSet(qb_ipcs_connection_t* conn, uid_t uid, gid_t gid)
|
|
+ {
|
|
+ try {
|
|
+ std::string path = conn->description;
|
|
+ size_t last_slash = path.find_last_of("/");
|
|
+ path = path.substr(0, last_slash);
|
|
+ chown(path.c_str(), uid, gid);
|
|
+ }
|
|
+ catch (const std::exception& exception) {
|
|
+ USBGUARD_LOG(Error) << "IPC connection chmod error. Exception: " << exception.what();
|
|
+ }
|
|
+ catch (...) {
|
|
+ USBGUARD_LOG(Error) << "IPC connection error. Could not change mode bits.";
|
|
+ }
|
|
+ }
|
|
+
|
|
int32_t IPCServerPrivate::qbIPCConnectionAcceptFn(qb_ipcs_connection_t* conn, uid_t uid, gid_t gid)
|
|
{
|
|
try {
|
|
@@ -259,6 +275,7 @@ namespace usbguard
|
|
<< " gid=" << 0
|
|
<< " mode=0660";
|
|
qb_ipcs_connection_auth_set(conn, uid, 0, 0660);
|
|
+ qbIPCConnectionAuthSet(conn, uid, 0);
|
|
return 0;
|
|
}
|
|
else {
|
|
diff -up usbguard-0.7.6/src/Library/IPCServerPrivate.hpp.orig usbguard-0.7.6/src/Library/IPCServerPrivate.hpp
|
|
--- usbguard-0.7.6/src/Library/IPCServerPrivate.hpp.orig 2019-11-25 12:11:27.723203531 +0100
|
|
+++ usbguard-0.7.6/src/Library/IPCServerPrivate.hpp 2019-11-25 12:13:04.635954202 +0100
|
|
@@ -39,6 +39,71 @@
|
|
#include <qb/qbipcs.h>
|
|
#include <qb/qbloop.h>
|
|
|
|
+
|
|
+/*libqb header starts*/
|
|
+ #define CONNECTION_DESCRIPTION NAME_MAX
|
|
+
|
|
+ enum qb_ipcs_connection_state {
|
|
+ QB_IPCS_CONNECTION_INACTIVE,
|
|
+ QB_IPCS_CONNECTION_ACTIVE,
|
|
+ QB_IPCS_CONNECTION_ESTABLISHED,
|
|
+ QB_IPCS_CONNECTION_SHUTTING_DOWN,
|
|
+ };
|
|
+
|
|
+ struct qb_ipcs_connection_auth {
|
|
+ uid_t uid;
|
|
+ gid_t gid;
|
|
+ mode_t mode;
|
|
+ };
|
|
+
|
|
+ struct qb_ringbuffer_s;
|
|
+ typedef struct qb_ringbuffer_s qb_ringbuffer_t;
|
|
+
|
|
+ struct qb_ipc_one_way {
|
|
+ size_t max_msg_size;
|
|
+ enum qb_ipc_type type;
|
|
+ union {
|
|
+ struct {
|
|
+ int32_t sock;
|
|
+ char *sock_name;
|
|
+ void* shared_data;
|
|
+ char shared_file_name[NAME_MAX];
|
|
+ } us;
|
|
+ struct {
|
|
+ qb_ringbuffer_t *rb;
|
|
+ } shm;
|
|
+ } u;
|
|
+ };
|
|
+
|
|
+ struct qb_list_head {
|
|
+ struct qb_list_head *next;
|
|
+ struct qb_list_head *prev;
|
|
+ };
|
|
+
|
|
+
|
|
+ struct qb_ipcs_connection {
|
|
+ enum qb_ipcs_connection_state state;
|
|
+ int32_t refcount;
|
|
+ pid_t pid;
|
|
+ uid_t euid;
|
|
+ gid_t egid;
|
|
+ struct qb_ipcs_connection_auth auth;
|
|
+ struct qb_ipc_one_way setup;
|
|
+ struct qb_ipc_one_way request;
|
|
+ struct qb_ipc_one_way response;
|
|
+ struct qb_ipc_one_way event;
|
|
+ struct qb_ipcs_service *service;
|
|
+ struct qb_list_head list;
|
|
+ struct qb_ipc_request_header *receive_buf;
|
|
+ void *context;
|
|
+ int32_t fc_enabled;
|
|
+ int32_t poll_events;
|
|
+ int32_t outstanding_notifiers;
|
|
+ char description[CONNECTION_DESCRIPTION];
|
|
+ struct qb_ipcs_connection_stats_2 stats;
|
|
+ };
|
|
+/*libqb header ends*/
|
|
+
|
|
namespace usbguard
|
|
{
|
|
class IPCServerPrivate
|
|
@@ -107,6 +172,8 @@ namespace usbguard
|
|
bool qbIPCConnectionAllowed(uid_t uid, gid_t gid, IPCServer::AccessControl* const ac_ptr) const;
|
|
bool authenticateIPCConnectionDAC(uid_t uid, gid_t gid, IPCServer::AccessControl* const ac_ptr = nullptr) const;
|
|
|
|
+ static void qbIPCConnectionAuthSet(qb_ipcs_connection_t* connection, uid_t uid, gid_t gid);
|
|
+
|
|
bool matchACLByUID(uid_t uid, IPCServer::AccessControl* const ac_ptr) const;
|
|
bool matchACLByGID(gid_t gid, IPCServer::AccessControl* const ac_ptr) const;
|
|
bool matchACLByName(uid_t uid, gid_t gid, IPCServer::AccessControl* const ac_ptr) const;
|