[[!meta copyright="Copyright © 2010, 2011, 2012, 2013 Free Software Foundation, Inc."]] [[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable id="license" text="Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled [[GNU Free Documentation License|/fdl]]."]]"""]] [[!tag open_issue_glibc]] # IRC, unknown channel, unknown date Credentials: s_uid 1000, c_uid 1000, c_gid 100, c_pid 2722 2722: Credentials: s_uid 1000, c_uid 1000, c_gid 100, c_pid 2724 \o/ \o/ the patch is even short, after all: http://paste.debian.net/54795/ --- a/sysdeps/mach/hurd/sendmsg.c +++ b/sysdeps/mach/hurd/sendmsg.c @@ -18,6 +18,7 @@ #include #include +#include #include #include @@ -45,6 +46,7 @@ mach_msg_type_number_t amount; int dealloc = 0; int i; + struct sockaddr_storage sa; /* Find the total number of bytes to be written. */ len = 0; @@ -122,6 +124,34 @@ err = EIEIO; } + memset (&sa, 0, sizeof (struct sockaddr_storage)); + if (addr) + { + memcpy (&sa, addr, addr_len); + } + else + { + getsockname (fd, (struct sockaddr *) &sa, &addr_len); + } + addr = (struct sockaddr_un *) &sa; + if (message && (addr->sun_family == AF_LOCAL)) + { + struct cmsghdr *cm; + struct msghdr *m = (struct msghdr *) message; + for (cm = CMSG_FIRSTHDR (m); cm; cm = CMSG_NXTHDR (m, cm)) + { + if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_CREDS) + { + struct cmsgcred *cred = (struct cmsgcred *) CMSG_DATA (cm); + cred->cmcred_pid = __getpid (); + cred->cmcred_uid = __getuid (); + cred->cmcred_euid = __geteuid (); + cred->cmcred_gid = __getgid (); + cred->cmcred_ngroups = getgroups (sizeof (cred->cmcred_groups) / sizeof (gid_t), cred->cmcred_groups); + } + } + } + err = HURD_DPORT_USE (fd, ({ if (err) what checks that the pid is correct? and uid, etc. hm? credential is not only about one claiming to the other his uid & such it's about the kernel or whatever authority tell to an end the identity of the other end yep but given that the data is then send to pflocal, this code is the last part that runs on the application side pflocal could as well just request the info from proc it will have to anyway, to check that it's true hm yeah, though about that, chose this approach as "quicker" (of course not definitive) well at least it shows we're able to transmit something :) well it just manipulates the data which gets send nicely already ;) but really, it's most probably up to pflocal to check authentication from proc and give it to the other end the application sender part would be just the RPC authentication calls Mmm, just realizing: so receiver part already exists actually, right? (since it's just about letting the application reading from the message structure) yep ok, good :) ## IRC, freenode, #hurd, 2011-08-11 < pinotree> (but that patch is lame) ## IRC, freenode, #hurd, 2013-05-09 youpi: Since you are online tonight, which authentication callbacks to be used for SCM_CREDS calls. I have working code and need to add this to make things complete. The auth server, lib* or where? I don't understand the question authentication callbacks like for SCM_RIGHTS, see http://www.gnu.org/software/hurd/open_issues/sendmsg_scm_creds.html I still don't understand: what are you trying to do actually? solving the SCM_CREDS propbems with e.g. dbus. so what is the relation with pinotree's patch on the page above? (I have no idea of the current status of all that) his patch was not merged, right? have to shut down, sorry, bbl, gn8 that patch was not merged since it is not in the correct place as I said, I have no idea about the status youpi: basically, it boils down to knowing, when executing the code implementing an rpc, who requested that rpc (pid, uid, gid) i.e. getting information about the reply port for instance? well that might be somehow faked (by perhaps giving another task's port as reply port) for example (which would be the code path for SCM_CREDS), when you call call the socket sendmsg(), pflocal would know who did that rpc and fill the auxilliary data) s,)$,, youpi: yes, i know about this faking issue, iirc also antrik mentioned quite some time ago ok that's one of the (imho) two issues of this my hurd-foo is not enough to know whether there are solutions to the problem above ### IRC, freenode, #hurd, 2013-05-14 Hi, regarding SCM_CREDS, I have some working code in sendmsg.c. Now I need to make a callback to authenticate the pid, uid, etc Where to hook call that into pflocal? the auth server? maybe _io_restrict_auth is the correct call to use (same as for SCM_RIGHTS)? ### IRC, freenode, #hurd, 2013-05-17 I'm working on the scm credentials right now to enable (via dbus) more X window managers to work properly. seems to be rather tricky:-( gnu_srs: I guess you also need SCM_CREDS, right? hi pochu, that's what I'm working on, extending your SCM_RIGHTS work to SCM_CREDS that's what i did as proof, years ago? it would be good to know which server calls to make, I'll be back with proposals of functions to use. there was a talk, years ago when i started with this, and few days ago too every methods has its own drawbacks, and basically so far it seems that in every method the sender identity can be faked somehow pinotree: Yes of course your patch was perfect, but it seemed like people wanted a server acknowledgement too. no, my patch was not perfect at all if it was, it would have been cleaned up and sent few years ago already --- See also [[dbus]], [[pflocal_socket_credentials_for_local_sockets]] and [[pflocal_reauth]].