From: Alan T. DeKok <aland@freeradius.org>
Date: Mon, 4 Jul 2011 16:02:54 +0000 (+0200)
Subject: Allow root to connect to control socket
X-Git-Tag: release_3_0_0_beta0~727
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e498451f9ef694bcbe12776361b76a867240e7a5;p=thirdparty%2Ffreeradius-server.git

Allow root to connect to control socket

Even if the configured "allowed UID" has a different value.
They're root, so they can do anything.  We might as well be polite.
---

diff --git a/src/main/command.c b/src/main/command.c
index cc7128c3fdd..2e2ca346010 100644
--- a/src/main/command.c
+++ b/src/main/command.c
@@ -2415,18 +2415,26 @@ static int command_domain_accept(rad_listen_t *listener)
 			return 0;
 		}
 
-		if (sock->uid_name && (sock->uid != uid)) {
-			radlog(L_ERR, "Unauthorized connection to %s from uid %ld",
-			       sock->path, (long int) uid);
-			close(newfd);
-			return 0;
-		}
-
-		if (sock->gid_name && (sock->gid != gid)) {
-			radlog(L_ERR, "Unauthorized connection to %s from gid %ld",
-			       sock->path, (long int) gid);
-			close(newfd);
-			return 0;
+		/*
+		 *	Only do UID checking if the caller is
+		 *	non-root.  The superuser can do anything, so
+		 *	we might as well let them.
+		 */
+		if (uid != 0) {
+			if (sock->uid_name && (sock->uid != uid)) {
+				radlog(L_ERR, "Unauthorized connection to %s from uid %ld",
+				       
+				       sock->path, (long int) uid);
+				close(newfd);
+				return 0;
+			}
+			
+			if (sock->gid_name && (sock->gid != gid)) {
+				radlog(L_ERR, "Unauthorized connection to %s from gid %ld",
+				       sock->path, (long int) gid);
+				close(newfd);
+				return 0;
+			}
 		}
 	}