Allow entry if UID or GID match

diff --git a/src/main/command.c b/src/main/command.c
index f2d3bc285a1364d6d27eb4e18c496a484abcc35e..934069401b0a9b61912b52118bb6e5adb4c4f549 100644 (file)
--- a/src/main/command.c
+++ b/src/main/command.c
@@ -2422,6 +2422,7 @@ static int command_domain_accept(rad_listen_t *listener)
                return 0;
        }
 
+#if defined(HAVE_GETPEEREID) || defined (SO_PEERCRED)
        /*
         *      Perform user authentication.
         */
@@ -2441,7 +2442,13 @@ static int command_domain_accept(rad_listen_t *listener)
                 *      non-root.  The superuser can do anything, so
                 *      we might as well let them.
                 */
-               if (uid != 0) {
+               if (uid != 0) do {
+                       /*
+                        *      Allow entry if UID or GID matches.
+                        */
+                       if (sock->uid_name && (sock->uid == uid)) break;
+                       if (sock->gid_name && (sock->gid == gid)) break;
+
                        if (sock->uid_name && (sock->uid != uid)) {
                                radlog(L_ERR, "Unauthorized connection to %s from uid %ld",
                                       
@@ -2456,8 +2463,9 @@ static int command_domain_accept(rad_listen_t *listener)
                                close(newfd);
                                return 0;
                        }
-               }
-       }
+               } while (0);
+        }
+#endif
 
        /*
         *      Write 32-bit magic number && version information.