Bug 189671

Summary: No way to use zmd without knowing the root password when not using .net remoting
Product: [openSUSE] openSUSE 10.2 Reporter: Duncan Mac-Vicar <dmacvicar>
Component: ZenworksAssignee: Tambet Ingo <tambet>
Status: RESOLVED FIXED QA Contact: Jawaad Tariq <jtariq>
Severity: Enhancement    
Priority: P5 - None CC: narayannewton, suse-beta
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Duncan Mac-Vicar 2006-06-30 10:29:15 UTC 
zmd knows which user is talking to it. Zen updater uses domain sockets (uds) . 
But right now only .net remoting allows it.

This can be workarounded adding support for xml-rpc over uds.

I propose a workaround for tcp/ip. Based on 
standard file permissions.

client -> zmd:
<auth-local-request user="duncan">

zmd:
creates /tmp/tmp-43434.tmp
echo random hash > /tmp/tmp-43434.tmp
chown duncan /tmp/tmp-43434.tmp
chmod 600  /tmp/tmp-43434.tmp

zmd -> client
<auth-local-challenge challenge-file="/tmp/tmp-43434.tmp">

client -> zmd:
here if the user is who he said, it should be able to read ths challenge
<auth-local-response challenge="A7983274823JDHFJD3333">

zmd -> client
<auth-locak-response-ok>
Comment 1 Tambet Ingo 2006-08-16 09:56:21 UTC 
There's now a unix domain socket /var/run/zmd/zmd-web.socket which gets the privileges of the caller automatically.