Implementing LOCAL_CREDS socket credentials

Julio M. Merino Vidal jmmv84 at gmail.com
Sun Aug 27 02:39:28 PDT 2006 

Hello,

I've been investigating how to make the EXTERNAL authentication
mechanism work under NetBSD.  It turns out that NetBSD does support
socket credentials through the LOCAL_CREDS feature, currently
unimplemented in D-Bus.

LOCAL_CREDS works as follows:
1) The server must first set the LOCAL_CREDS option on the socket
   using setsockopt.
2) The client must send a message (whatever it is; even the write(2)
   system call is useful) to the server.  This *must* happen after the
   server has set the LOCAL_CREDS option in 1).
3) The server receives the message with recvmsg(2) and parses the
   extra credentials information, much like CMSGCRED.

Check the attached file for a simple example.

I've got the above working more or less in D-Bus but have hit a
problem that I've been unable to resolve so far.  As far as I can
tell, there is currently no way to guarantee that 2) is executed after
1), so there is a race condition that prevents this from working
safely.

The problem is that the current communication lacks a step for this to
work.  As far as I understand it, the client sends first an "AUTH
EXTERNAL" message to the server and immediately afterwards sens the
nul-byte message.  Therefore the server has no chance of enabling the
LOCAL_CREDS option in between in a safe manner.

To solve the problem, an intermediate synchronization step could be
needed so that the client waited for confirmation before sending the
nul-byte message.  Basically:

SERVER: Wait for connection.
SERVER: Wait for auth command.
SERVER: Set LOCAL_CREDS option.
SERVER: Send confirmation message.
SERVER: Wait for nul-byte credentials message.

CLIENT: Connect to server.
CLIENT: Send "AUTH EXTERNAL".
CLIENT: Wait for confirmation message.
CLIENT: Send nul-byte message with credentials.

If this extra step must be introduced in the protocol it should be
done before the first D-Bus stable release...  Or maybe there
currently is a way to achieve the above in a safe manner?  The code is
rather complex to understand what is really going on...

Thanks.

-- 
Julio M. Merino Vidal <jmmv84 at gmail.com>
The Julipedia - http://julipedia.blogspot.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test.c
Type: text/x-csrc
Size: 1106 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/dbus/attachments/20060827/789be6bb/test.c

More information about the dbus mailing list