[CRIU] [PATCH 1/2] p.haul: do not use getsockname() as a hash_name, v2
Ruslan Kuprieiev
kupruser at gmail.com
Mon Oct 27 12:09:35 PDT 2014
On 27.10.2014 19:42, Pavel Emelyanov wrote:
> On 10/23/2014 10:57 PM, Ruslan Kuprieiev wrote:
>> Currently xem_rpc is not proxy-resistant.
>> It means that if there is a proxy somewhere in
>> between client and server, p.haul will fail,
>> because getsockname() on client != getpeername()
>> on server.
>>
>> v2, Pavel suggested to solve it like this:
>>
>> 1. On main rpc socket after init_rpc() the server
>> reports back the name by which it sees the client
>> socket.
>>
>> 2. After calling connect() on data socket the client
>> should mix the name from step 1 to the data socket
>> name to distinguish his data socket from those
>> created by other clients.
>>
>> Signed-off-by: Ruslan Kuprieiev <kupruser at gmail.com>
>> ---
>> xem_rpc.py | 11 +++++++----
>> 1 file changed, 7 insertions(+), 4 deletions(-)
>>
>> diff --git a/xem_rpc.py b/xem_rpc.py
>> index 9718eef..f4a9b21 100644
>> --- a/xem_rpc.py
>> +++ b/xem_rpc.py
>> @@ -3,6 +3,7 @@ import select
>> import threading
>> import traceback
>> import util
>> +import struct
>>
>> rpc_port = 12345
>> rpc_sk_buf = 256
>> @@ -41,7 +42,7 @@ class _rpc_proxy_caller:
>> class rpc_proxy:
>> def __init__(self, conn, *args):
>> self._srv = conn
>> - self._rpc_sk = self._make_sk()
>> + self._rpc_sk = self._make_sk()[0]
>> util.set_cloexec(self._rpc_sk)
>> _rpc_proxy_caller(self._rpc_sk, RPC_CMD, "init_rpc")(args)
>>
>> @@ -51,12 +52,13 @@ class rpc_proxy:
>> def _make_sk(self):
>> sk = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
>> sk.connect((self._srv, rpc_port))
>> - return sk
>> + host = eval(sk.recv(rpc_sk_buf))
>> + return (sk, host)
>>
>> def open_socket(self, uname):
>> - sk = self._make_sk()
>> + sk, host = self._make_sk()
>> c = _rpc_proxy_caller(self._rpc_sk, RPC_CMD, "pick_channel")
>> - c(sk.getsockname(), uname)
>> + c(host, uname)
>> return sk
>>
>>
>> @@ -128,6 +130,7 @@ class _rpc_server_ask:
>>
>> def work(self, mgr):
>> sk, addr = self._sk.accept()
>> + sk.send(repr(addr))
> Don't add new send/recv please. Make use of existing _rpc_proxy_caller,
> e.g. look at how the rpc control socket announces itself to the service.
Oops, sorry. "[PATCH 0/2] p.haul: ssh tunneling, v4" is already in
mailing list.
>> mgr.add(_rpc_server_sk(sk))
>>
>> class _rpc_stop_fd:
>>
More information about the CRIU
mailing list