Re: [Openais] [PATCH] RFC allow unprivileged IPC connections

Wed, 20 Feb 2008 07:36:55 -0800 

Steven Dake wrote:
> Chrissie,
> 
> The patch looks good to me but I'd like to make sure it applies to
> whitetank since the IPC system in whitetank will be used entirely in
> trunk.
> 
> Please dont commit yet until the trunk patch is merged and then we can
> merge this patch.

OK.

Here, for reference is a version which patches against whitetank.

-- 

Chrissie

Index: exec/service.h
===================================================================
--- exec/service.h	(revision 1499)
+++ exec/service.h	(working copy)
@@ -51,11 +51,17 @@
 	OPENAIS_FLOW_CONTROL_NOT_REQUIRED = 2
 };
 
+enum openais_privileged_call {
+	OPENAIS_PRIVILEGED_CALL_YES = 0,
+	OPENAIS_PRIVILEGED_CALL_NO = 1,
+};
+
 struct openais_lib_handler {
 	void (*lib_handler_fn) (void *conn, void *msg);
 	int response_size;
 	int response_id;
 	enum openais_flow_control flow_control;
+	enum openais_privileged_call priv_call;
 };
 
 struct openais_exec_handler {
Index: exec/cpg.c
===================================================================
--- exec/cpg.c	(revision 1499)
+++ exec/cpg.c	(working copy)
@@ -196,43 +196,50 @@
 		.lib_handler_fn				= message_handler_req_lib_cpg_join,
 		.response_size				= sizeof (struct res_lib_cpg_join),
 		.response_id				= MESSAGE_RES_CPG_JOIN,
-		.flow_control				= OPENAIS_FLOW_CONTROL_REQUIRED
+		.flow_control				= OPENAIS_FLOW_CONTROL_REQUIRED,
+		.priv_call                              = OPENAIS_PRIVILEGED_CALL_NO
 	},
 	{ /* 1 */
 		.lib_handler_fn				= message_handler_req_lib_cpg_leave,
 		.response_size				= sizeof (struct res_lib_cpg_leave),
 		.response_id				= MESSAGE_RES_CPG_LEAVE,
-		.flow_control				= OPENAIS_FLOW_CONTROL_REQUIRED
+		.flow_control				= OPENAIS_FLOW_CONTROL_REQUIRED,
+		.priv_call                              = OPENAIS_PRIVILEGED_CALL_NO
 	},
 	{ /* 2 */
 		.lib_handler_fn				= message_handler_req_lib_cpg_mcast,
 		.response_size				= sizeof (struct res_lib_cpg_mcast),
 		.response_id				= MESSAGE_RES_CPG_MCAST,
-		.flow_control				= OPENAIS_FLOW_CONTROL_REQUIRED
+		.flow_control				= OPENAIS_FLOW_CONTROL_REQUIRED,
+		.priv_call                              = OPENAIS_PRIVILEGED_CALL_NO
 	},
 	{ /* 3 */
 		.lib_handler_fn				= message_handler_req_lib_cpg_membership,
 		.response_size				= sizeof (mar_res_header_t),
 		.response_id				= MESSAGE_RES_CPG_MEMBERSHIP,
-		.flow_control				= OPENAIS_FLOW_CONTROL_NOT_REQUIRED
+		.flow_control				= OPENAIS_FLOW_CONTROL_NOT_REQUIRED,
+		.priv_call                              = OPENAIS_PRIVILEGED_CALL_NO
 	},
 	{ /* 4 */
 		.lib_handler_fn				= message_handler_req_lib_cpg_trackstart,
 		.response_size				= sizeof (struct res_lib_cpg_trackstart),
 		.response_id				= MESSAGE_RES_CPG_TRACKSTART,
-		.flow_control				= OPENAIS_FLOW_CONTROL_NOT_REQUIRED
+		.flow_control				= OPENAIS_FLOW_CONTROL_NOT_REQUIRED,
+		.priv_call                              = OPENAIS_PRIVILEGED_CALL_NO
 	},
 	{ /* 5 */
 		.lib_handler_fn				= message_handler_req_lib_cpg_trackstop,
 		.response_size				= sizeof (struct res_lib_cpg_trackstart),
 		.response_id				= MESSAGE_RES_CPG_TRACKSTOP,
-		.flow_control				= OPENAIS_FLOW_CONTROL_NOT_REQUIRED
+		.flow_control				= OPENAIS_FLOW_CONTROL_NOT_REQUIRED,
+		.priv_call                              = OPENAIS_PRIVILEGED_CALL_NO
 	},
 	{ /* 6 */
 		.lib_handler_fn				= message_handler_req_lib_cpg_local_get,
 		.response_size				= sizeof (struct res_lib_cpg_local_get),
 		.response_id				= MESSAGE_RES_CPG_LOCAL_GET,
-		.flow_control				= OPENAIS_FLOW_CONTROL_NOT_REQUIRED
+		.flow_control				= OPENAIS_FLOW_CONTROL_NOT_REQUIRED,
+		.priv_call                              = OPENAIS_PRIVILEGED_CALL_NO
 	}
 };
 
Index: exec/ipc.c
===================================================================
--- exec/ipc.c	(revision 1499)
+++ exec/ipc.c	(working copy)
@@ -151,6 +151,7 @@
 	pthread_mutex_t mutex;
 	unsigned int service;
 	struct list_head list;
+	unsigned int privileged;
 };
 
 
@@ -983,12 +984,10 @@
 		if (cred) {
 			if (cred->uid == 0 || cred->gid == g_gid_valid) {
 				setsockopt(conn_io->fd, SOL_SOCKET, SO_PASSCRED, &on, sizeof (on));
-				conn_io->state = CONN_IO_STATE_AUTHENTICATED;
+				conn_io->privileged = 1;
 			}
 		}
-		if (conn_io->state == CONN_IO_STATE_INITIALIZING) {
-			log_printf (LOG_LEVEL_SECURITY, "Connection not authenticated because gid is %d, expecting %d\n", cred->gid, g_gid_valid);
-		}
+		conn_io->state = CONN_IO_STATE_AUTHENTICATED;
 	}
 #endif
 	/*
@@ -1022,41 +1021,56 @@
 				return ;
 			}
 
-			/*
-			 * If flow control is required of the library handle, determine that
-			 * openais is not in synchronization and that totempg has room available
-			 * to queue a message, otherwise tell the library we are busy and to
-			 * try again later
-			 */
-			send_ok_joined_iovec.iov_base = (char *)header;
-			send_ok_joined_iovec.iov_len = header->size;
-			send_ok_joined = totempg_groups_send_ok_joined (openais_group_handle,
-				&send_ok_joined_iovec, 1);
-
-			send_ok =
-				(sync_primary_designated() == 1) && (
-				(ais_service[service]->lib_service[header->id].flow_control == OPENAIS_FLOW_CONTROL_NOT_REQUIRED) ||
-				((ais_service[service]->lib_service[header->id].flow_control == OPENAIS_FLOW_CONTROL_REQUIRED) &&
-				(send_ok_joined) &&
-				(sync_in_process() == 0)));
-
-			if (send_ok) {
-				ais_service[service]->lib_service[header->id].lib_handler_fn(conn_io->conn_info, header);
-			} else {
-
-				/*
-				 * Overload, tell library to retry
-				 */
+			/* Disallow unprivileged access to privileged calls */
+			if (ais_service[service]->lib_service[header->id].priv_call == OPENAIS_PRIVILEGED_CALL_YES &&
+			    !conn_io->privileged) {
 				res_overlay.header.size =
 					ais_service[service]->lib_service[header->id].response_size;
 				res_overlay.header.id =
 					ais_service[service]->lib_service[header->id].response_id;
-				res_overlay.header.error = SA_AIS_ERR_TRY_AGAIN;
+				res_overlay.header.error = SA_AIS_ERR_ACCESS;
 				conn_io_send (
 					conn_io,
 					&res_overlay,
 					res_overlay.header.size);
 			}
+			else {
+				/*
+				 * If flow control is required of the library handle, determine that
+				 * openais is not in synchronization and that totempg has room available
+				 * to queue a message, otherwise tell the library we are busy and to
+				 * try again later
+				 */
+				send_ok_joined_iovec.iov_base = (char *)header;
+				send_ok_joined_iovec.iov_len = header->size;
+				send_ok_joined = totempg_groups_send_ok_joined (openais_group_handle,
+										&send_ok_joined_iovec, 1);
+
+				send_ok =
+					(sync_primary_designated() == 1) && (
+						(ais_service[service]->lib_service[header->id].flow_control == OPENAIS_FLOW_CONTROL_NOT_REQUIRED) ||
+						((ais_service[service]->lib_service[header->id].flow_control == OPENAIS_FLOW_CONTROL_REQUIRED) &&
+						 (send_ok_joined) &&
+						 (sync_in_process() == 0)));
+
+				if (send_ok) {
+					ais_service[service]->lib_service[header->id].lib_handler_fn(conn_io->conn_info, header);
+				} else {
+
+					/*
+					 * Overload, tell library to retry
+					 */
+					res_overlay.header.size =
+						ais_service[service]->lib_service[header->id].response_size;
+					res_overlay.header.id =
+						ais_service[service]->lib_service[header->id].response_id;
+					res_overlay.header.error = SA_AIS_ERR_TRY_AGAIN;
+					conn_io_send (
+						conn_io,
+						&res_overlay,
+						res_overlay.header.size);
+				}
+			}
 		}
 		conn_io->inb_inuse -= header->size;
 	} /* while */

_______________________________________________
Openais mailing list
[email protected]
https://lists.linux-foundation.org/mailman/listinfo/openais

Reply via email to