示例#1
0
文件: auth.go 项目: orian/camlistore
func localhostAuthorized(req *http.Request) bool {
	uid := os.Getuid()
	from, err := netutil.HostPortToIP(req.RemoteAddr)
	if err != nil {
		return false
	}
	to, err := netutil.HostPortToIP(req.Host)
	if err != nil {
		return false
	}

	// If our OS doesn't support uid.
	// TODO(bradfitz): netutil on OS X uses "lsof" to figure out
	// ownership of tcp connections, but when fuse is mounted and a
	// request is outstanding (for instance, a fuse request that's
	// making a request to camlistored and landing in this code
	// path), lsof then blocks forever waiting on a lock held by the
	// VFS, leading to a deadlock.  Instead, on darwin, just trust
	// any localhost connection here, which is kinda lame, but
	// whatever.  Macs aren't very multi-user anyway.
	if uid == -1 || runtime.GOOS == "darwin" {
		return from.IP.IsLoopback() && to.IP.IsLoopback()
	}

	if uid > 0 {
		owner, err := netutil.AddrPairUserid(from, to)
		if err == nil && owner == uid {
			return true
		}
	}
	return false
}
示例#2
0
// IsLocalhost reports whether the requesting connection is from this machine
// and has the same owner as this process.
func IsLocalhost(req *http.Request) bool {
	uid := os.Getuid()
	from, err := netutil.HostPortToIP(req.RemoteAddr, nil)
	if err != nil {
		return false
	}
	to, err := netutil.HostPortToIP(req.Host, from)
	if err != nil {
		return false
	}

	// If our OS doesn't support uid.
	// TODO(bradfitz): netutil on OS X uses "lsof" to figure out
	// ownership of tcp connections, but when fuse is mounted and a
	// request is outstanding (for instance, a fuse request that's
	// making a request to camlistored and landing in this code
	// path), lsof then blocks forever waiting on a lock held by the
	// VFS, leading to a deadlock.  Instead, on darwin, just trust
	// any localhost connection here, which is kinda lame, but
	// whatever.  Macs aren't very multi-user anyway.
	if uid == -1 || runtime.GOOS == "darwin" {
		return from.IP.IsLoopback() && to.IP.IsLoopback()
	}
	if uid == 0 {
		log.Printf("camlistored running as root. Don't do that.")
		return false
	}
	if uid > 0 {
		connUid, err := netutil.AddrPairUserid(from, to)
		if err == nil {
			if uid == connUid || connUid == 0 {
				// If it's the same user who's running the server, allow it.
				// Also allow root, so users can "sudo camput" files.
				// Allowing root isn't a security problem because if root wants
				// to mess with the local user, they already can. This whole mechanism
				// is about protecting regular users from other regular users
				// on shared computers.
				return true
			}
			log.Printf("auth: local connection uid %d doesn't match server uid %d", connUid, uid)
		}
	}
	return false
}