ocserv: Problem dropping privileges on FreeBSD(?)
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sat Aug 16 11:32:21 PDT 2014
On Sat, 2014-08-16 at 14:30 +0200, Kalle Carlbark wrote:
> Hi all,
>
> I would like to begin to thank you guys for making openconnect happen!
>
> I've been successfully compiling and running ocserv on FreeBSD
> 10.0-RELEASE amd64 with one slight problem. Clients cannot connect
> because sec-mod thinks the connecting worker peer is uid 0, hence:
>
> ocserv-0.8.2 run with the following flags:
>
> $ ocserv -d 9999 -f -c /usr/local/etc/ocserv/ocserv.conf
>
> From the log:
> ocserv[93036]: worker: x.x.x.x:30875 sending message 'auth cookie
> request' to main
> ocserv[93025]: main: x.x.x.x:30875 main received message 'auth cookie
> request' of 114 bytes
> ocserv[93025]: main: x.x.x.x:30875 new cookie for 'kc' (93036)
> ocserv[93025]: main: x.x.x.x:30875 sending msg sm: session open to sec-mod
> ocserv[93026]: sec-mod: received request from a processes with uid 0
> ocserv[93026]: sec-mod: received unauthorized request from a process
> with uid 0
> ocserv[93026]: sec-mod: rejected unauthorized connection
Thanks for reporting that. It seems that the uid check wasn't updated in
the bsd part of the code. I've committed a fix in master.
regards,
Nikos
More information about the openconnect-devel
mailing list