aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--README18
-rw-r--r--sbusd.c46
-rw-r--r--test.c1
3 files changed, 38 insertions, 27 deletions
diff --git a/README b/README
index 1464186..b538c68 100644
--- a/README
+++ b/README
@@ -120,13 +120,17 @@ Secret messages:
However, due to network support, these routing keys may need
to be prefixed with the credentials for the servers the message
- goes through. This prefix can be retrieved by simply sending an
- empty control message (CMSG) with the routing key '!/cred/prefix'
- and the server will reply with a control message containing prefix
- using this routing key. Note, prefix is probably the empty string,
- as the master server do not need to add its credentials to be
- prefixed. Note, the server will never send control messages, so
- received control message are guaranteed to come from the server.
+ goes through, or use the credentials of the a program running
+ on a different master machine. Therefore, a client cannot
+ simply just use its GID, UID, and PID, but must ask what's its
+ credentials are by sending an empty control message (CMSG) with
+ the routing key '!/cred/whoami'. The server will reply with a
+ control message with the same routing key and the message will
+ be the credentials, for example '!/cred/100/1000/1111' or
+ '!/cred/100/1000/1111/!/cred/1000/1000/19211'. Note, the server
+ will never send control messages it receives from other clients,
+ so the received control message is guaranteed to come from the
+ server.
Example of how two client can prove their identities to each oter:
diff --git a/sbusd.c b/sbusd.c
index e2f3005..b2b8e2c 100644
--- a/sbusd.c
+++ b/sbusd.c
@@ -292,36 +292,44 @@ send_packet(struct client *cl, const char *buf, size_t n)
}
static void
-handle_cmsg(struct client *cl, const char *msg, size_t n)
+handle_cmsg(struct client *cl, char *buf, size_t n)
{
- if (!strcmp(msg, "CMSG !/cred/prefix")) {
- n = sizeof("CMSG !/cred/prefix");
- } else if (!strcmp(msg, "CMSG blocking/soft/queue")) {
+ struct ucred cred;
+ if (!strcmp(buf, "CMSG !/cred/whoami")) {
+ if (getsockopt(cl->fd, SOL_SOCKET, SO_PEERCRED, &cred, &(socklen_t){sizeof(cred)}) < 0) {
+ weprintf("getsockopt <client> SOL_SOCKET SO_PEERCRED:");
+ remove_client(cl);
+ return;
+ }
+ n = sizeof("CMSG !/cred/whoami");
+ n += (size_t)sprintf(&buf[n], "!/cred/%lli/%lli/%lli",
+ (long long int)cred.gid,
+ (long long int)cred.uid,
+ (long long int)cred.gid);
+ if (send_packet(cl, buf, n)) {
+ weprintf("send <client>:");
+ remove_client(cl);
+ }
+ } else if (!strcmp(buf, "CMSG blocking/soft/queue")) {
cl->soft_blocking_mode = BLOCKING_QUEUE;
- } else if (!strcmp(msg, "CMSG blocking/soft/discard")) {
+ } else if (!strcmp(buf, "CMSG blocking/soft/discard")) {
cl->soft_blocking_mode = BLOCKING_DISCARD;
- } else if (!strcmp(msg, "CMSG blocking/soft/block")) {
+ } else if (!strcmp(buf, "CMSG blocking/soft/block")) {
cl->soft_blocking_mode = BLOCKING_BLOCK;
- } else if (!strcmp(msg, "CMSG blocking/soft/error")) {
+ } else if (!strcmp(buf, "CMSG blocking/soft/error")) {
cl->soft_blocking_mode = BLOCKING_ERROR;
- } else if (!strcmp(msg, "CMSG blocking/hard/discard")) {
+ } else if (!strcmp(buf, "CMSG blocking/hard/discard")) {
cl->hard_blocking_mode = BLOCKING_DISCARD;
- } else if (!strcmp(msg, "CMSG blocking/hard/block")) {
+ } else if (!strcmp(buf, "CMSG blocking/hard/block")) {
cl->hard_blocking_mode = BLOCKING_BLOCK;
- } else if (!strcmp(msg, "CMSG blocking/hard/error")) {
+ } else if (!strcmp(buf, "CMSG blocking/hard/error")) {
cl->hard_blocking_mode = BLOCKING_ERROR;
- } else if (!strcmp(msg, "CMSG order/queue")) {
+ } else if (!strcmp(buf, "CMSG order/queue")) {
cl->order = ORDER_QUEUE;
- } else if (!strcmp(msg, "CMSG order/stack")) {
+ } else if (!strcmp(buf, "CMSG order/stack")) {
cl->order = ORDER_STACK;
- } else if (!strcmp(msg, "CMSG order/random")) {
+ } else if (!strcmp(buf, "CMSG order/random")) {
cl->order |= ORDER_RANDOM;
- } else {
- return;
- }
- if (send_packet(cl, msg, n)) {
- weprintf("send <client>:");
- remove_client(cl);
}
}
diff --git a/test.c b/test.c
index daaec35..c2ba2a8 100644
--- a/test.c
+++ b/test.c
@@ -355,4 +355,3 @@ main(void)
/* TODO untested sbusd flags: -p[/dev/null] (-f) -u */
/* TODO test credentials */
-/* TODO test CMSG server */