summaryrefslogtreecommitdiff
path: root/open_issues/sendmsg_scm_creds.mdwn
blob: c613e21c08f3f24a4b9bbbdb3ac2be8f7e25eac4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
[[!meta copyright="Copyright © 2010, 2011 Free Software Foundation, Inc."]]

[[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable
id="license" text="Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version 1.2 or
any later version published by the Free Software Foundation; with no Invariant
Sections, no Front-Cover Texts, and no Back-Cover Texts.  A copy of the license
is included in the section entitled [[GNU Free Documentation
License|/fdl]]."]]"""]]

[[!tag open_issue_glibc]]

IRC, unknown channel, unknown date.

    <pinotree> Credentials: s_uid 1000, c_uid 1000, c_gid 100, c_pid 2722
    <pinotree> 2722: Credentials: s_uid 1000, c_uid 1000, c_gid 100, c_pid 2724
    <pinotree> \o/
    <youpi> \o/
    <pinotree> the patch is even short, after all: http://paste.debian.net/54795/
    --- a/sysdeps/mach/hurd/sendmsg.c
    +++ b/sysdeps/mach/hurd/sendmsg.c
    @@ -18,6 +18,7 @@
     
     #include <errno.h>
     #include <string.h>
    +#include <unistd.h>
     #include <sys/socket.h>
     #include <sys/un.h>
     
    @@ -45,6 +46,7 @@
       mach_msg_type_number_t amount;
       int dealloc = 0;
       int i;
    +  struct sockaddr_storage sa;
     
       /* Find the total number of bytes to be written.  */
       len = 0;
    @@ -122,6 +124,34 @@
       err = EIEIO;
         }
     
    +  memset (&sa, 0, sizeof (struct sockaddr_storage));
    +  if (addr)
    +    {
    +      memcpy (&sa, addr, addr_len);
    +    }
    +  else
    +    {
    +      getsockname (fd, (struct sockaddr *) &sa, &addr_len);
    +    }
    +  addr = (struct sockaddr_un *) &sa;
    +  if (message && (addr->sun_family == AF_LOCAL))
    +    {
    +      struct cmsghdr *cm;
    +      struct msghdr *m = (struct msghdr *) message;
    +      for (cm = CMSG_FIRSTHDR (m); cm; cm = CMSG_NXTHDR (m, cm))
    +      {
    +        if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_CREDS)
    +	     {
    +	           struct cmsgcred *cred = (struct cmsgcred *) CMSG_DATA (cm);
    +		         cred->cmcred_pid = __getpid ();
    +			       cred->cmcred_uid = __getuid ();
    +			             cred->cmcred_euid = __geteuid ();
    +				           cred->cmcred_gid = __getgid ();
    +					         cred->cmcred_ngroups = getgroups (sizeof (cred->cmcred_groups) / sizeof (gid_t), cred->cmcred_groups);
    +						     }
    +						     }
    +    }
    +
       err = HURD_DPORT_USE (fd,
           	 ({
    			  if (err)
    <youpi> what checks that the pid is correct?
    <youpi> and uid, etc.
    <pinotree> hm?
    <youpi> credential is not only about one claiming to the other his uid & such
    <youpi> it's about the kernel or whatever authority tell to an end the identity of the other end
    <pinotree> yep
    <pinotree> but given that the data is then send to pflocal, this code is the last part that runs on the application side
    <youpi> pflocal could as well just request the info from proc
    <youpi> it will have to anyway, to check that it's true
    <pinotree> hm
    <pinotree> yeah, though about that, chose this approach as "quicker" (of course not definitive)
    <youpi> well at least it shows we're able to transmit something :)
    <pinotree> well it just manipulates the data which gets send nicely already ;)
    <youpi> but really, it's most probably up to pflocal to check authentication from proc and give it to the other end
    <youpi> the application sender part would be just the RPC authentication calls
    <youpi> Mmm, just realizing: so receiver part already exists actually, right?
    <youpi> (since it's just about letting the application reading from the message structure)
    <pinotree> yep
    <youpi> ok, good :)

/!\ IRC, freenode, #hurd, 2011-08-11

    < pinotree> (but that patch is lame)

---

See also [[pflocal_socket_credentials_for_local_sockets]] and [[pflocal_reauth]].