Fix SO_PEERCRED auth on unix socket

This allows non-privileged users to be authenticated by SO_PEERCRED. In the case where the user is not a known confluent user, they are given a chance to use a name/password.
2024-11-22 17:43:14 +00:00 · 2014-02-10 09:41:08 -05:00 · 2014-02-10 09:41:08 -05:00 · 0985a717cd
commit 0985a717cd
parent fe81465d23
1 changed files with 8 additions and 3 deletions
--- a/confluent/sockapi.py
+++ b/confluent/sockapi.py
@ -17,6 +17,8 @@ import eventlet.green.ssl as ssl
 import eventlet
 import json
 import os
+import pwd
+import stat
 import struct

 SO_PEERCRED = 17
@ -48,10 +50,10 @@ def sessionhdl(connection, authname):
        authenticated = True
        cfm = configmanager.ConfigManager(tenant=None)
    elif authname:
-        authenticated = True
        authdata = auth.authorize(authname, element=None)
-        cfm = authdata[1]
-        authenticated = True
+        if authdata is not None:
+            cfm = authdata[1]
+            authenticated = True
    tlvdata.send_tlvdata(connection,"Confluent -- v0 --")
    while not authenticated:  # prompt for name and passphrase
        tlvdata.send_tlvdata(connection, {'authpassed': 0})
@ -144,6 +146,9 @@ def _unixdomainhandler():
    except OSError:  # if file does not exist, no big deal
        pass
    unixsocket.bind("/var/run/confluent/api.sock")
+    os.chmod("/var/run/confluent/api.sock",
+             stat.S_IWOTH | stat.S_IROTH | stat.S_IWGRP |
+             stat.S_IRGRP | stat.S_IWUSR | stat.S_IRUSR)
    unixsocket.listen(5)
    while (1):
        cnn, addr = unixsocket.accept()