Rooba
/
perkeep
mirror of https://github.com/perkeep/perkeep.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

auth: warn when local connection uid doesn't match 

Change-Id: Icdcef55c4831b4f77f7df34e58c87a6985401a04
This commit is contained in:
Brad Fitzpatrick 2013-12-16 17:19:31 -08:00
parent 67341654ad
commit 60685a1194
2 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/auth/auth.go
View File

@ -21,7 +21,6 @@ import (
"crypto/rand" "crypto/rand"
"errors" "errors"
"fmt" "fmt"
"net"
"net/http" "net/http"
"os" "os"
"strings" "strings"
@ -260,10 +259,6 @@ func (da *DevAuth) AddAuthHeader(req *http.Request) {
req.SetBasicAuth("", da.Password) req.SetBasicAuth("", da.Password)
} }
func isLocalhost(addrPort net.IP) bool {
return addrPort.IsLoopback()
}
func IsLocalhost(req *http.Request) bool { func IsLocalhost(req *http.Request) bool {
return httputil.IsLocalhost(req) return httputil.IsLocalhost(req)
} }

15
pkg/httputil/auth.go
View File

@ -19,6 +19,7 @@ package httputil
import ( import (
"encoding/base64" "encoding/base64"
"fmt" "fmt"
"log"
"net/http" "net/http"
"os" "os"
"regexp" "regexp"
@ -55,11 +56,17 @@ func IsLocalhost(req *http.Request) bool {
if uid == -1 || runtime.GOOS == "darwin" { if uid == -1 || runtime.GOOS == "darwin" {
return from.IP.IsLoopback() && to.IP.IsLoopback() return from.IP.IsLoopback() && to.IP.IsLoopback()
} }
if uid == 0 {
log.Printf("camlistored running as root. Don't do that.")
return false
}
if uid > 0 { if uid > 0 {
owner, err := netutil.AddrPairUserid(from, to) connUid, err := netutil.AddrPairUserid(from, to)
if err == nil && owner == uid { if err == nil {
return true if uid == connUid {
return true
}
log.Printf("auth: local connection uid %d doesn't match server uid %d", connUid, uid)
} }
} }
return false return false