afb-cred: fix default values

Because SO_PEERCRED returns without error even when no data
is available (tcp by example), the resulting uid is now tested.

Also, for tcp, by default avoid by default to create a default
user value. Instead, return NULL. This will allow client having
an HTTP/Websocket connection to get full rights on the binder.

Change-Id: I2defb585bf79c023e2391c2e18d6de17e5112770
Signed-off-by: José Bollo <jose.bollo@iot.bzh>

diff --git a/src/afb-cred.c b/src/afb-cred.c
index 87661f1..eda0c9d 100644 (file)
--- a/src/afb-cred.c
+++ b/src/afb-cred.c
@@ -29,6 +29,10 @@
 
 #define MAX_LABEL_LENGTH  1024
 
+#if !defined(NO_DEFAULT_PEERCRED) && !defined(ADD_DEFAULT_PEERCRED)
+#  define NO_DEFAULT_PEERCRED
+#endif
+
 #if !defined(DEFAULT_PEERSEC_LABEL)
 #  define DEFAULT_PEERSEC_LABEL "NoLabel"
 #endif
@@ -117,15 +121,15 @@ struct afb_cred *afb_cred_create_for_socket(int fd)
        /* get the credentials */
        length = (socklen_t)(sizeof ucred);
        rc = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &length);
-       if (rc < 0 || length != (socklen_t)(sizeof ucred)) {
+       if (rc < 0 || length != (socklen_t)(sizeof ucred) || !~ucred.uid) {
 #if !defined(NO_DEFAULT_PEERCRED)
-               if (!rc)
-                       errno = EINVAL;
-               return NULL;
-#else
                ucred.uid = DEFAULT_PEERCRED_UID;
                ucred.gid = DEFAULT_PEERCRED_GID;
                ucred.pid = DEFAULT_PEERCRED_PID;
+#else
+               if (!rc)
+                       errno = EINVAL;
+               return NULL;
 #endif
        }