[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 2/2] Reverse authenticating ioctl-handler protocol
|
From: |
Carl Fredrik Hammar |
|
Subject: |
[PATCH 2/2] Reverse authenticating ioctl-handler protocol |
|
Date: |
Wed, 26 Aug 2009 16:21:43 +0200 |
* hurd/ioctl_handler.defs (ioctl_handler_get): Remove routine.
(ioctl_handler_request): New routine.
(ioctl_handler_reply): Allocate space for this routine.
* hurd/ioctl_handler_reply.defs: New file.
---
hurd/ioctl_handler.defs | 37 +++++++++++++++++++++++++++++++-
hurd/ioctl_handler_reply.defs | 46 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 81 insertions(+), 2 deletions(-)
create mode 100644 hurd/ioctl_handler_reply.defs
diff --git a/hurd/ioctl_handler.defs b/hurd/ioctl_handler.defs
index cd59a16..2930ea6 100644
--- a/hurd/ioctl_handler.defs
+++ b/hurd/ioctl_handler.defs
@@ -29,7 +29,40 @@ IOCTL_HANDLER_IMPORTS
#include <hurd/hurd_types.defs>
-routine ioctl_handler_get (
+/* The protocol specified in this file and its server-side equivalent,
+ <hurd/ioctl_handler_reply.defs>, is used to securely obtain ioctl
+ handler code that is specific to an io object. It is used as follows:
+
+ * The client sends an `ioctl_handler_request' to the server,
+ with a rendezvous port.
+
+ * The server sends an `ioctl_handler_acknowledge' in reply, this
+ is needed so that the client won't wait indefinitely for
+ `auth_server_authenticate' to return if the server does not support
+ this protocol.
+
+ * The client sends an `auth_server_authenticate' with the rendezvous
+ port and a reply port to the auth server. (Note the reversal of
+ the roles of client and server from the normal auth protocol.)
+
+ * The server sends an `auth_user_authenticate' with the rendezvous
+ port to the auth server.
+
+ * The auth server matches up the requests using the rendezvous port,
+ and returns the reply port to the server and the server's ID block
+ to the client.
+
+ * The server sends a port to a file that can be opened with `dlopen'
+ and exports an`ioctl_handler_t' typed function named
+ `hurd_ioctl_handler'.
+
+ * The client can now use the ID block to determine whether it can
+ trust the server, e.g. if the server is root or the same user,
+ which is the policy used by `ioctl' in glibc. */
+
+routine ioctl_handler_request (
io: io_t;
RPT
- out handlers: io_t);
+ rendezvous: mach_port_send_t);
+
+skip; /* Space for ioctl_handler_reply. */
diff --git a/hurd/ioctl_handler_reply.defs b/hurd/ioctl_handler_reply.defs
new file mode 100644
index 0000000..af8595b
--- /dev/null
+++ b/hurd/ioctl_handler_reply.defs
@@ -0,0 +1,46 @@
+/* Replies to ioctl_handler interface.
+
+ Written by Carl Fredrik Hammar <hammy.lite@gmail.com>.
+
+ This file is part of the GNU Hurd.
+
+ Copyright (C) 2009 Free Software Foundation, Inc.
+
+ The GNU Hurd is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ The GNU Hurd is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with the GNU Hurd; see the file COPYING. If not, write to the Free
+ Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ MA 02110-1301 USA. */
+
+subsystem ioctl_handler 39100; /* Must be ioctl_handler + 100. */
+
+#ifdef IOCTL_HANDLER_IMPORTS
+IOCTL_HANDLER_IMPORTS
+#endif
+
+#include <hurd/hurd_types.defs>
+
+type reply_port_t = polymorphic | MACH_MSG_TYPE_PORT_SEND_ONCE
+ ctype: mach_port_t;
+
+/* See <hurd/ioctl_handler.defs> on how to use these routines. */
+
+simpleroutine ioctl_handler_acknowledge (
+ reply_port: reply_port_t;
+ RETURN_CODE_ARG
+);
+
+simpleroutine ioctl_handler_reply (
+ reply_port: mach_port_move_send_t;
+ RETURN_CODE_ARG;
+ handle: mach_port_send_t
+);
--
1.6.3.3