From: Alan T. DeKok <aland@freeradius.org>
Date: Sat, 3 Sep 2011 13:01:21 +0000 (-0400)
Subject: Allow entry if UID or GID match
X-Git-Tag: release_3_0_0_beta0~653
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=104b27cb1145b935fa4afc12aace11ff8f7c03f3;p=thirdparty%2Ffreeradius-server.git

Allow entry if UID or GID match
---

diff --git a/src/main/command.c b/src/main/command.c
index f2d3bc285a1..934069401b0 100644
--- a/src/main/command.c
+++ b/src/main/command.c
@@ -2422,6 +2422,7 @@ static int command_domain_accept(rad_listen_t *listener)
 		return 0;
 	}
 
+#if defined(HAVE_GETPEEREID) || defined (SO_PEERCRED)
 	/*
 	 *	Perform user authentication.
 	 */
@@ -2441,7 +2442,13 @@ static int command_domain_accept(rad_listen_t *listener)
 		 *	non-root.  The superuser can do anything, so
 		 *	we might as well let them.
 		 */
-		if (uid != 0) {
+		if (uid != 0) do {
+			/*
+			 *	Allow entry if UID or GID matches.
+			 */
+			if (sock->uid_name && (sock->uid == uid)) break;
+			if (sock->gid_name && (sock->gid == gid)) break;
+
 			if (sock->uid_name && (sock->uid != uid)) {
 				radlog(L_ERR, "Unauthorized connection to %s from uid %ld",
 				       
@@ -2456,8 +2463,9 @@ static int command_domain_accept(rad_listen_t *listener)
 				close(newfd);
 				return 0;
 			}
-		}
-	}
+		} while (0);
+        }
+#endif
 
 	/*
 	 *	Write 32-bit magic number && version information.