Check user exists before opening incoming ports

author Clinton Ebadi <clinton@unknownlamer.org>

Sat, 13 Jul 2013 06:50:04 +0000 (02:50 -0400)

committer Clinton Ebadi <clinton@unknownlamer.org>

Sat, 13 Jul 2013 06:50:04 +0000 (02:50 -0400)
author Clinton Ebadi <clinton@unknownlamer.org>
Sat, 13 Jul 2013 06:50:04 +0000 (02:50 -0400)
committer Clinton Ebadi <clinton@unknownlamer.org>
Sat, 13 Jul 2013 06:50:04 +0000 (02:50 -0400)
diff --git a/src/plugins/firewall.sml b/src/plugins/firewall.sml

index a693642..5da168f 100644 (file)
--- a/src/plugins/firewall.sml
+++ b/src/plugins/firewall.sml
@@ -151,9 +151,13 @@ fun generateFirewallConfig rules =
             (* We can't match the user when listening; SELinux or
                similar would let us manage this with better
                granularity.*)
             (* We can't match the user when listening; SELinux or
                similar would let us manage this with better
                granularity.*)
-           (TextIO.output (users_tcp_in_conf, "proto tcp {\n");
-            TextIO.output (users_tcp_in_conf, concat lines);
-            TextIO.output (users_tcp_in_conf, "\n}\n\n"))
+           let
+               val _ = SysWord.toInt (Posix.ProcEnv.uidToWord (Posix.SysDB.Passwd.uid (Posix.SysDB.getpwnam uname)))
+           in
+               TextIO.output (users_tcp_in_conf, "proto tcp {\n");
+               TextIO.output (users_tcp_in_conf, concat lines);
+               TextIO.output (users_tcp_in_conf, "\n}\n\n")
+           end handle OS.SysErr _ => print "Invalid user in firewall config, skipping.\n" (* no sense in opening ports for bad users *)                
  
         fun writeUserOutRules (uname, lines) =
             let
  
         fun writeUserOutRules (uname, lines) =
             let
author	Clinton Ebadi <clinton@unknownlamer.org>
	Sat, 13 Jul 2013 06:50:04 +0000 (02:50 -0400)
committer	Clinton Ebadi <clinton@unknownlamer.org>
	Sat, 13 Jul 2013 06:50:04 +0000 (02:50 -0400)