From de028ee597b72f1eba8e25f3483120b5b415324a Mon Sep 17 00:00:00 2001 From: Donald Buczek Date: Tue, 7 Jul 2020 13:09:31 +0200 Subject: [PATCH] clusterd: Add trustcheck service Add a very simple tcp service on port 236 to clusterd which can be used by other hosts to query, if they are still trusted. clusterd replies with either "I trust you\n" or "I don't trust you\n" depending on whether the connecting host has the amd hostconfig flag or not. After sending the message, clusterd will hang up. --- clusterd/clusterd | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/clusterd/clusterd b/clusterd/clusterd index 96741a8..f6c7dc2 100755 --- a/clusterd/clusterd +++ b/clusterd/clusterd @@ -1794,6 +1794,31 @@ sub cmd_push { #------------------------------------------------------------ +our $TRUSTCHECK_PORT=236; +our $trustcheck_listen_socket; + +sub trustcheck_init { + $trustcheck_listen_socket=new IO::Socket::INET(LocalPort=>$TRUSTCHECK_PORT,Proto=>'tcp',Listen=>10,ReuseAddr=>1); + defined $trustcheck_listen_socket or die "$!\n"; + My::Select::reader($trustcheck_listen_socket,\&trustcheck_connect_request); +} + +sub trustcheck_connect_request { + My::Select::reader_requeue(); + my $socket=$trustcheck_listen_socket->accept(); + $socket->blocking(0); + my $hostname = gethostbyaddr(inet_aton($socket->peerhost()), AF_INET); + system 'hostconfig','--host',$hostname,'amd'; + if ($? == 0) { + $socket->send("I trust you\n", 0); + } elsif ($? == 256) { + $socket->send("I don't trust you\n", 0); + } + close($socket); +} + +#------------------------------------------------------------ + use constant USAGE => <<'__EOF__'; usage: $0 [options] @@ -1901,6 +1926,7 @@ if (defined $options{'push'}) { init_area(); mgmt_init(); clp_init(); + trustcheck_init(); sync_cluster_pw() or warn "$CLUSTER_PW_FILE: $!\n";