Replace socket authentication mechanism with SO_PEERCRED

This commit is contained in:
2024-08-18 22:20:56 +02:00
parent 94c9a54c14
commit 53f19b3d05
5 changed files with 14 additions and 479 deletions

@ -7,7 +7,6 @@ use clap::Parser;
use std::os::unix::net::UnixStream as StdUnixStream;
use tokio::net::UnixStream as TokioUnixStream;
use crate::core::bootstrap::authenticated_unix_socket;
use crate::core::common::UnixUser;
use crate::server::config::read_config_from_path_with_arg_overrides;
use crate::server::server_loop::listen_for_incoming_connections;
@ -53,8 +52,8 @@ pub async fn handle_command(
async fn socket_activate(config: ServerConfig) -> anyhow::Result<()> {
// TODO: allow getting socket path from other socket activation sources
let mut conn = get_socket_from_systemd().await?;
let uid = authenticated_unix_socket::server_authenticate(&mut conn).await?;
let conn = get_socket_from_systemd().await?;
let uid = conn.peer_cred()?.uid();
let unix_user = UnixUser::from_uid(uid.into())?;
handle_requests_for_single_session(conn, &unix_user, &config).await?;

@ -9,7 +9,6 @@ use sqlx::MySqlConnection;
use crate::{
core::{
bootstrap::authenticated_unix_socket,
common::{UnixUser, DEFAULT_SOCKET_PATH},
protocol::request_response::{
create_server_to_client_message_stream, Request, Response, ServerToClientMessageStream,
@ -58,14 +57,9 @@ pub async fn listen_for_incoming_connections(
let listener = UnixListener::bind(socket_path)?;
while let Ok((mut conn, _addr)) = listener.accept().await {
let uid = match authenticated_unix_socket::server_authenticate(&mut conn).await {
Ok(uid) => uid,
Err(e) => {
eprintln!("Failed to authenticate client: {}", e);
conn.shutdown().await?;
continue;
}
};
let uid = conn.peer_cred()?.uid();
log::trace!("Accepted connection from uid {}", uid);
let unix_user = match UnixUser::from_uid(uid.into()) {
Ok(user) => user,
Err(e) => {