From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 804 invoked by alias); 4 Jun 2002 15:01:08 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 780 invoked from network); 4 Jun 2002 15:01:06 -0000 Received: from unknown (HELO fort-point-station.mit.edu) (18.7.7.76) by sources.redhat.com with SMTP; 4 Jun 2002 15:01:06 -0000 Received: from central-city-carrier-station.mit.edu (CENTRAL-CITY-CARRIER-STATION.MIT.EDU [18.7.7.72]) by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id LAA09521 for ; Tue, 4 Jun 2002 11:01:05 -0400 (EDT) Received: from melbourne-city-street.mit.edu (MELBOURNE-CITY-STREET.MIT.EDU [18.7.21.86]) by central-city-carrier-station.mit.edu (8.9.2/8.9.2) with ESMTP id KAA29649 for ; Tue, 4 Jun 2002 10:58:47 -0400 (EDT) Received: from scrubbing-bubbles.mit.edu (SCRUBBING-BUBBLES.MIT.EDU [18.7.16.68]) by melbourne-city-street.mit.edu (8.9.2/8.9.2) with ESMTP id KAA27297 for ; Tue, 4 Jun 2002 10:51:38 -0400 (EDT) Received: from localhost (davie@localhost) by scrubbing-bubbles.mit.edu (8.9.3) with ESMTP id KAA03114; Tue, 4 Jun 2002 10:51:38 -0400 (EDT) Date: Tue, 04 Jun 2002 08:07:00 -0000 From: David E Euresti To: egor duda Subject: Re: Duplicating Unix Domain Sockets In-Reply-To: <291438343308.20020604101630@logos-m.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-SW-Source: 2002-06/txt/msg00149.txt.bz2 On Tue, 4 Jun 2002, egor duda wrote: > Hi! > > It's not enough to just pass numerical value of descriptor between > processes. Each cygwin fd has several win32 handles associated with > it, which are used to actually do the job, to read or write the data, > to perform synchronization, etc. If you want to pass fd1 from proc1 to > proc2, you have to duplicate all win32 handles associated with fd1 > into address space of proc2. This can be done by DuplicateHandle () > function, but if you take a look on its docs on msdn, you'll see that > it requires process handles of proc1 and proc2 to work. Given that > proc1 and proc2 can be absolutely unrelated and run from different > accounts, there's no secure way to obtain those process handles > without help from some mediator process which run at high enough level > of privileges. Oh I know it's not enough just passing a number. I've already got a user land application passing file descriptor by passing struct passfd { unsigned int uiMagic; // Magic number to see if it's right DWORD dwProcessID; // Process ID of sender HANDLE hHandle; // Handle in sender's process BOOL bBinary; // is it Binary or Text? BOOL bRead; // Is it read? BOOL bWrite; // Is it write DWORD dwDevice; // Device type as listed in windows_device_names in path.cc }; So basically I pass this info in at the beginning of a packet. And then the receiving end calls DuplicateHandle, followed by cygwin_handle_to_fd. It works well except it doesn't mark the right socket types. i.e. UDP, TCP, AF_UNIX etc. (I've sent the code before search for my name in the archive and you'll find it titled "File Descriptor passing fun". Another problem with this is that there's a bit of synchronization needed because the sending process can't close the socket until it's been duplicated. This will actually happen in the suggestion I had. > That's what cygwin daemon is for -- to provide a > services that require high privileges to normal non-privileged > processes. After such handle duplication service (with appropriate > security checks) is implemented in cygwin daemon, it would be simple > to augment AF_UNIX sockets protocol to be able to pass auxiliary > information such as fds. > Well as I have to have this to graduate, I could work on this. But somebody needs to tell me where to start looking. Because i've looked through the source and I don't really get it. Thanks, David -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/