clusterd: Add trustcheck service

Add a very simple tcp service on port 236 to clusterd which can be used by other hosts to query, if they are still trusted. clusterd replies with either "I trust you\n" or "I don't trust you\n" depending on whether the connecting host has the amd hostconfig flag or not. After sending the message, clusterd will hang up.
mariux64 · Jul 9, 2020 · de028ee · de028ee
1 parent 0cef711
commit de028ee
Showing 1 changed file with 26 additions and 0 deletions.
diff --git a/clusterd/clusterd b/clusterd/clusterd
@@ -1794,6 +1794,31 @@ sub cmd_push {
 
 #------------------------------------------------------------
 
+our $TRUSTCHECK_PORT=236;
+our $trustcheck_listen_socket;
+
+sub trustcheck_init {
+	$trustcheck_listen_socket=new IO::Socket::INET(LocalPort=>$TRUSTCHECK_PORT,Proto=>'tcp',Listen=>10,ReuseAddr=>1);
+	defined $trustcheck_listen_socket or die "$!\n";
+	My::Select::reader($trustcheck_listen_socket,\&trustcheck_connect_request);
+}
+
+sub trustcheck_connect_request {
+	My::Select::reader_requeue();
+	my $socket=$trustcheck_listen_socket->accept();
+	$socket->blocking(0);
+	my $hostname = gethostbyaddr(inet_aton($socket->peerhost()), AF_INET);
+	system 'hostconfig','--host',$hostname,'amd';
+	if ($? == 0) {
+		$socket->send("I trust you\n", 0);
+	} elsif ($? == 256) {
+		$socket->send("I don't trust you\n", 0);
+	}
+	close($socket);
+}
+
+#------------------------------------------------------------
+
 use constant USAGE => <<'__EOF__';
 
 usage: $0 [options]
@@ -1901,6 +1926,7 @@ if (defined $options{'push'}) {
 	init_area();
 	mgmt_init();
 	clp_init();
+	trustcheck_init();
 
 	sync_cluster_pw() or warn "$CLUSTER_PW_FILE: $!\n";