Summary: Core infrastructure for client authentication Review request for Trac Ticket(s): 554 Peer Reviewer(s): Ramesh Pull request to: <<LIST THE PERSON WITH PUSH ACCESS HERE>> Affected branch(es): default Development branch: <<IF ANY GIVE THE REPO URL>>
-------------------------------- Impacted area Impact y/n -------------------------------- Docs n Build system n RPM/packaging n Configuration files n Startup scripts n SAF services n OpenSAF services n Core libraries y Samples n Tests n Other n Comments (indicate scope for each "y" above): --------------------------------------------- changeset 146ccec59c55b62b9bef93282ea5c2d8ceedb04e Author: Hans Feldt <[email protected]> Date: Thu, 19 Jun 2014 12:24:40 +0200 base: add utilities for sending, receiving over a UNIX socket [#554] This patch add some infrastructure that can be used by other services to securely get credentials for a client. When initialized on the server side a tiny server thread is created that listen to a named connection oriented UNIX socket. For each incoming connection request it calls a user specified callback and handover file descriptor and peer credentials. A typical use case is for a library to create the MDS socket and then use the client side function to send the MDS address as a data messages. The client credentials can be stored on the server side and verified when needed. Note each received connection less message needs to be checked with the original received MDS address so no spoofing (handle hijacking) is happening. Added Files: ------------ osaf/libs/core/common/include/osaf_secutil.h osaf/libs/core/common/osaf_secutil.c Complete diffstat: ------------------ osaf/libs/core/common/Makefile.am | 3 +- osaf/libs/core/common/include/Makefile.am | 3 +- osaf/libs/core/common/include/osaf_secutil.h | 83 +++++++++++++++++++++++++++++++++++++++++++ osaf/libs/core/common/osaf_secutil.c | 302 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 389 insertions(+), 2 deletions(-) Testing Commands: ----------------- Just compile. More patches needed that actually uses the functionality. Can be sent on request. Testing, Expected Results: -------------------------- <<PASTE COMMAND OUTPUTS / TEST RESULTS>> Conditions of Submission: ------------------------- <<HOW MANY DAYS BEFORE PUSHING, CONSENSUS ETC>> Arch Built Started Linux distro ------------------------------------------- mips n n mips64 n n x86 n n x86_64 n n powerpc n n powerpc64 n n Reviewer Checklist: ------------------- [Submitters: make sure that your review doesn't trigger any checkmarks!] Your checkin has not passed review because (see checked entries): ___ Your RR template is generally incomplete; it has too many blank entries that need proper data filled in. ___ You have failed to nominate the proper persons for review and push. ___ Your patches do not have proper short+long header ___ You have grammar/spelling in your header that is unacceptable. ___ You have exceeded a sensible line length in your headers/comments/text. ___ You have failed to put in a proper Trac Ticket # into your commits. ___ You have incorrectly put/left internal data in your comments/files (i.e. internal bug tracking tool IDs, product names etc) ___ You have not given any evidence of testing beyond basic build tests. Demonstrate some level of runtime or other sanity testing. ___ You have ^M present in some of your files. These have to be removed. ___ You have needlessly changed whitespace or added whitespace crimes like trailing spaces, or spaces before tabs. ___ You have mixed real technical changes with whitespace and other cosmetic code cleanup changes. These have to be separate commits. ___ You need to refactor your submission into logical chunks; there is too much content into a single commit. ___ You have extraneous garbage in your review (merge commits etc) ___ You have giant attachments which should never have been sent; Instead you should place your content in a public tree to be pulled. ___ You have too many commits attached to an e-mail; resend as threaded commits, or place in a public tree for a pull. ___ You have resent this content multiple times without a clear indication of what has changed between each re-send. ___ You have failed to adequately and individually address all of the comments and change requests that were proposed in the initial review. ___ You have a misconfigured ~/.hgrc file (i.e. username, email etc) ___ Your computer have a badly configured date and time; confusing the the threaded patch review. ___ Your changes affect IPC mechanism, and you don't present any results for in-service upgradability test. ___ Your changes affect user manual and documentation, your patch series do not contain the patch that updates the Doxygen manual. ------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ Opensaf-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/opensaf-devel
