[Linux-ha-dev] ipctest etc.

[Alan Robertson]

David Lee wrote:
> On Fri, 1 Oct 2004, Alan Robertson wrote:
> 
> 
>>David Lee wrote:
>>
>>>I'm peering into the depths of "lib/clplumbing/ipcsocket.c" with a view to
>>>making it work properly on Solaris including, potentially, authorisation.
>>>[...]
>>
>>There is a better way to do this on Solaris (using streams), but no one has
>>written this code yet ;-).
> 
> 
> That's actually what I'm looking at.  I've got a modified "ipcsocket.c"
> that can already do the "pair" things using "pipe()" where necessary (e.g.
> Solaris) as an alternative to "socketpair()".  It then uses "putmsg()"
> and "getmsg()", rather than "send()" and recv()".  This code passes the
> "ipctest" on Solaris.
> 
> But I haven't yet got to grips with the socket/accept/connect (i.e.
> non-pair) parts of "ipcsocket.c" stuff.  And, sadly, ipctest, doesn't
> exercise those corners.  Hence the question about ipctest exercising
> those.
> 
> I can't quite see how to do the authorisation bits through streams,
> although I can see in the documentation tantalising glimpses of "cred_t"
> things somehow (how?) related to "ioctl()".  I've put a query on a solaris
> newsgroup about this.
> 
> (And I've got ideas for how "configure.in" can get "ipcsocket.c" to
> compile for streams or socket stuff as necessary.)

Well... You could use the code as it is, and just do the authentication 
through streams.  (strange, but true).  What the code from Andrew does is 
pass a socket back and forth between the two sides, and then look at the 
ownership of the socket.  What you could do is pass a streams file 
descriptor back and forth in much the same way, except use these streams 
controls to determine who's at the other end of the stream.

I'm pretty sure I put my research on this on the mailing list way back when.


-- 
     Alan Robertson <alanr at unix.sh>

"Openness is the foundation and preservative of friendship...  Let me claim 
from you at all times your undisguised opinions." - William Wilberforce