[prev in list] [next in list] [prev in thread] [next in thread]
List: openconnect-devel
Subject: ocserv: Problem dropping privileges on FreeBSD(?)
From: nmav () gnutls ! org (Nikos Mavrogiannopoulos)
Date: 2014-08-16 18:32:21
Message-ID: 1408213941.21538.5.camel () nomad ! lan
[Download RAW message or body]
On Sat, 2014-08-16 at 14:30 +0200, Kalle Carlbark wrote:
> Hi all,
>
> I would like to begin to thank you guys for making openconnect happen!
>
> I've been successfully compiling and running ocserv on FreeBSD
> 10.0-RELEASE amd64 with one slight problem. Clients cannot connect
> because sec-mod thinks the connecting worker peer is uid 0, hence:
>
> ocserv-0.8.2 run with the following flags:
>
> $ ocserv -d 9999 -f -c /usr/local/etc/ocserv/ocserv.conf
>
> From the log:
> ocserv[93036]: worker: x.x.x.x:30875 sending message 'auth cookie
> request' to main
> ocserv[93025]: main: x.x.x.x:30875 main received message 'auth cookie
> request' of 114 bytes
> ocserv[93025]: main: x.x.x.x:30875 new cookie for 'kc' (93036)
> ocserv[93025]: main: x.x.x.x:30875 sending msg sm: session open to sec-mod
> ocserv[93026]: sec-mod: received request from a processes with uid 0
> ocserv[93026]: sec-mod: received unauthorized request from a process
> with uid 0
> ocserv[93026]: sec-mod: rejected unauthorized connection
Thanks for reporting that. It seems that the uid check wasn't updated in
the bsd part of the code. I've committed a fix in master.
regards,
Nikos
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic