From 16e044a128724955d0e2a294db3dd28855d6a55b Mon Sep 17 00:00:00 2001 From: h7x4 Date: Fri, 9 Aug 2024 00:19:49 +0200 Subject: [PATCH] WIP --- authenticated-unix-socket/lib.rs | 74 ++++++++++++++++++++++++++++++++ src/client_server_protocol.rs | 13 ++++++ src/main.rs | 3 ++ src/server.rs | 1 + src/server/entrypoint.rs | 0 5 files changed, 91 insertions(+) create mode 100644 authenticated-unix-socket/lib.rs create mode 100644 src/client_server_protocol.rs create mode 100644 src/server.rs create mode 100644 src/server/entrypoint.rs diff --git a/authenticated-unix-socket/lib.rs b/authenticated-unix-socket/lib.rs new file mode 100644 index 0000000..2fdcc8a --- /dev/null +++ b/authenticated-unix-socket/lib.rs @@ -0,0 +1,74 @@ + +// TODO: +// On responding to an incoming client request, the following should happen: +// 1. Before intializing it's request, the client should open an "authentication" socket with permissions 644. +// 2. Client opens a request to the server on the "normal" socket where the server is listening. +// 2. Server receives the request with auth socket address, a uid and a secret from the client. +// 3. Server validates that the owner of the auth socket address is the same as the uid. +// 4. Server connects to the auth socket address and receives the same secret. +// 5. Server validates that the secret is the same as the one it originally received. +// 6. Client closes the authentication socket. Normal socket is used for communication. +// (because the auth socket was readable globally) + +#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] +pub enum Message { + ClientHello { + uid: u32, + secret: u64, + auth_socket: String, + }, + RequestSecret, + ResponseSecret(u64), + Authenticated, + SecretDidNotMatch, + Exit, +} + +#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] +pub enum Error { + AuthenticationError, + InvalidRequest, + InvalidResponse, +} + +// TODO: set timeout? + +fn create_auth_socket() -> Result { + let socket = UnixSocket::new()?; + socket.bind("/tmp/auth.sock")?; + socket.listen(1)?; + Ok(socket) +} + +async fn client_authenticate(socket: &mut UnixSocket) -> Result<(), Error> { + let secret = rand::random::(); + let uid = nix::unistd::getuid(); + let auth_socket = create_auth_socket()?; + + let client_hello = Message::ClientHello { + uid, + secret, + auth_socket: auth_socket.get_addr(), + }; + + socket.write(&client_hello)?; + + // TODO: create threaded loop to handle multiple requests for secrets, + // until either the server respons in the main thread that something + // went wrong, something went right, or there is a timeout. + + Ok(()) +} + +pub struct UID(u32); + +async fn server_authenticate(socket: &mut UnixSocket) -> Result { + let client_hello = socket.read::()?; + + let (uid, secret, auth_socket) = match client_hello { + Message::ClientHello { uid, secret, auth_socket } => (uid, secret, auth_socket), + _ => return Err(Error::InvalidRequest), + }; + + /// TODO: open auth socket and request and validate secret +} \ No newline at end of file diff --git a/src/client_server_protocol.rs b/src/client_server_protocol.rs new file mode 100644 index 0000000..0b5b001 --- /dev/null +++ b/src/client_server_protocol.rs @@ -0,0 +1,13 @@ +use serde::{Deserialize, Serialize}; + +#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] +pub enum Command { + CreateDatabase, + DropDatabase, + ListDatabases, +} + +#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] +pub enum Response { + +} \ No newline at end of file diff --git a/src/main.rs b/src/main.rs index d46d92f..e6869b3 100644 --- a/src/main.rs +++ b/src/main.rs @@ -10,6 +10,9 @@ use crate::cli::mysql_admutils_compatibility::{mysql_dbadm, mysql_useradm}; use clap::Parser; +mod client_server_protocol; +mod server; + mod cli; mod core; diff --git a/src/server.rs b/src/server.rs new file mode 100644 index 0000000..fb2a53e --- /dev/null +++ b/src/server.rs @@ -0,0 +1 @@ +mod entrypoint; \ No newline at end of file diff --git a/src/server/entrypoint.rs b/src/server/entrypoint.rs new file mode 100644 index 0000000..e69de29