Commit ef94125e authored by Leigh B. Stoller's avatar Leigh B. Stoller

Minor changes to capserver authtication model; capserver now requires

that capture connect on a reserved port. To do this, capture binds a
dynamic reserved port to connect to capserver, which verifies the
integrity of the sender by looking at the portnumber that accept
returns.

Note that this has the potential problem of burning a lot of reserved
ports on ops (128 tiplines) since the kernel keeps the client side in
TIME_WAIT for a minute or two after it is closed (the socket is in
actual use for just a moment before being closed). If we try to
restart capture too many times within a span of a minute or two, we
might have problems. Will have to switch to a fancier protocol then.
Yuck.
parent 33e45640
......@@ -132,7 +132,7 @@ main(int argc, char **argv)
while (1) {
struct sockaddr_in client;
int clientsock, length = sizeof(client);
int cc;
int cc, port;
whoami_t whoami;
unsigned char buf[BUFSIZ], node_id[64];
secretkey_t secretkey;
......@@ -144,7 +144,17 @@ main(int argc, char **argv)
syslog(LOG_ERR, "accept failed: %m");
exit(1);
}
syslog(LOG_INFO, "%s connected", inet_ntoa(client.sin_addr));
port = ntohs(client.sin_port);
syslog(LOG_INFO, "%s connected from port %d",
inet_ntoa(client.sin_addr), port);
/*
* Check port number of sender. Must be a reserved port.
*/
if (port >= IPPORT_RESERVED || port < IPPORT_RESERVED / 2) {
syslog(LOG_ERR, "Illegal port! Ignoring.");
goto done;
}
/*
* Set timeouts
......
......@@ -1404,6 +1404,17 @@ handshake(void)
die("socket(): %s", geterr(errno));
}
/*
* Bind to a reserved port so that capserver can verify integrity
* of the sender by looking at the port number. The actual port
* number does not matter.
*/
if (bindresvport(sock, NULL) < 0) {
warnc("Could not bind reserved port");
close(sock);
return -1;
}
/* For alarm. */
deadbossflag = 0;
signal(SIGALRM, deadboss);
......@@ -1416,7 +1427,7 @@ handshake(void)
}
alarm(5);
if (connect(sock, (struct sockaddr *)&Bossaddr, sizeof(Bossaddr)) < 0) {
if (connect(sock, (struct sockaddr *)&Bossaddr, sizeof(Bossaddr)) < 0){
warn("connect(%s): %s", Bossnode, geterr(errno));
err = -1;
close(sock);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment