[[!meta copyright="Copyright © 2010, 2011, 2012 Free Software Foundation, Inc."]] [[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable id="license" text="Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled [[GNU Free Documentation License|/fdl]]."]]"""]] [[!tag open_issue_glibc]] IRC, unknown channel, unknown date. Credentials: s_uid 1000, c_uid 1000, c_gid 100, c_pid 2722 2722: Credentials: s_uid 1000, c_uid 1000, c_gid 100, c_pid 2724 \o/ \o/ the patch is even short, after all: http://paste.debian.net/54795/ --- a/sysdeps/mach/hurd/sendmsg.c +++ b/sysdeps/mach/hurd/sendmsg.c @@ -18,6 +18,7 @@ #include #include +#include #include #include @@ -45,6 +46,7 @@ mach_msg_type_number_t amount; int dealloc = 0; int i; + struct sockaddr_storage sa; /* Find the total number of bytes to be written. */ len = 0; @@ -122,6 +124,34 @@ err = EIEIO; } + memset (&sa, 0, sizeof (struct sockaddr_storage)); + if (addr) + { + memcpy (&sa, addr, addr_len); + } + else + { + getsockname (fd, (struct sockaddr *) &sa, &addr_len); + } + addr = (struct sockaddr_un *) &sa; + if (message && (addr->sun_family == AF_LOCAL)) + { + struct cmsghdr *cm; + struct msghdr *m = (struct msghdr *) message; + for (cm = CMSG_FIRSTHDR (m); cm; cm = CMSG_NXTHDR (m, cm)) + { + if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_CREDS) + { + struct cmsgcred *cred = (struct cmsgcred *) CMSG_DATA (cm); + cred->cmcred_pid = __getpid (); + cred->cmcred_uid = __getuid (); + cred->cmcred_euid = __geteuid (); + cred->cmcred_gid = __getgid (); + cred->cmcred_ngroups = getgroups (sizeof (cred->cmcred_groups) / sizeof (gid_t), cred->cmcred_groups); + } + } + } + err = HURD_DPORT_USE (fd, ({ if (err) what checks that the pid is correct? and uid, etc. hm? credential is not only about one claiming to the other his uid & such it's about the kernel or whatever authority tell to an end the identity of the other end yep but given that the data is then send to pflocal, this code is the last part that runs on the application side pflocal could as well just request the info from proc it will have to anyway, to check that it's true hm yeah, though about that, chose this approach as "quicker" (of course not definitive) well at least it shows we're able to transmit something :) well it just manipulates the data which gets send nicely already ;) but really, it's most probably up to pflocal to check authentication from proc and give it to the other end the application sender part would be just the RPC authentication calls Mmm, just realizing: so receiver part already exists actually, right? (since it's just about letting the application reading from the message structure) yep ok, good :) /!\ IRC, freenode, #hurd, 2011-08-11 < pinotree> (but that patch is lame) --- See also [[dbus]], [[pflocal_socket_credentials_for_local_sockets]] and [[pflocal_reauth]].