Client example

Edit online

This program sends two messages to the server, one using the standard write routine and the other using the ewrite routine.

The secure message is sent at SECRET. Note that the insecure message sent using the write call is given a default set of security attributes, which are configurable via netrule.

The following privileges are required in the program's innate privilege set:
  • PV_LAB_LEF
  • PV_MAC_CL
  • PV_LAB_SLUG_STR
#include  <sys/mac.h> 
#include  <sys/socket.h> 
#include  <netinet/in.h> 
#include  <sys/priv.h> 
#include  <sys/secattr.h> 
#include  <errno.h> 
#include  <stdio.h>
#define SECURE 1  
int 
main(int  argc,  char  *argv[]) 
	 
{ 
	int  sockfd; 
	int  uid,  gid; 
	char  buf[BUFSIZ]; 

	struct  sockaddr_in  serv_addr; 

#ifdef  SECURE 
	int  l_init_result  =  0; 

	int  ewrite_result  =  0; 

	sec_labels_t  seclab; 

#endif  /*SECURE*/ 


	uid  =  getuid(); 

	gid  =  getgid(); 


	if  (  argc  !=  3  ) 

	{ 
		fprintf(stderr,  "Usage:%s:  ADDR  PORT\n",  argv[0]); 

		exit(1); 
	} 
#ifdef  SECURE 
	/* 
	 * *  Gain  access  to  the  Label  Encodings  Database 
	 *     
	 *     */


	priv_raise(PV_LAB_LEF,-1); 
	l_init_result  =  initlabeldb(NULL); 
	if  (  priv_remove(PV_LAB_LEF,  -1)  !=  0  ) 
	{ 
		fprintf(stderr,  "Privilege  Failure\n"); 
		exit(1); 
	} 
	if  (  l_init_result  !=  0  ) 
	{ 
		fprintf(stderr,  "Could  not  read  the  Label  Encodings  Database\n"); 
		exit(0); 
	} 
#endif  /*SECURE*/ 
		/* 
		 * *  Fill  in  the  structure  "serv_addr"  with  the  address
		 * of 
		 * *  the  server  that  we  want  to  connect  with. 
		 * */ 
	memset  ((char  *)  &serv_addr;,  '\0',  sizeof(serv_addr)); 
	serv_addr.sin_family  =  AF_INET; 
	serv_addr.sin_addr.s_addr  =  inet_addr(argv[1]); 
	serv_addr.sin_port  =  htons(atoi(argv[2])); 
	/*  Open  a  TCP  socket  (an  Internet  stream  socket).  */ 
	if  (  (sockfd  =  socket(AF_INET,  SOCK_STREAM,  0))  <  0) 
	{ 
		perror("tcpclient:  "); 
		fprintf(stderr,  "client:  Cant  open  stream  socket\n"); 
		exit(0); 
	} 
	if  (  connect(sockfd,  (struct  sockaddr  *)  &serv_addr;, 
				sizeof(serv_addr))  <  0  ) 
	{ 
		perror("tcpclient:  "); 
		fprintf(stderr,  "client:  Cant  connect  to  server\n"); 
		exit(0); 
	} 
	/* 
	 * *  Send  a  normal  write  to  the  server,  which  will  be 
	 * *  assigned  default  security  attributes 
	 * */ 
	strcpy(buf,  "This  has  the  default  security  attributes.\n"); 
	if  (  write(sockfd,  buf,  strlen(buf)+1)  ==  -1  ) 
	{ 
		perror("tcpclient:  "); 
		fprintf(stderr,  "write  error\n"); 
	} 
#ifdef  SECURE 
		strcpy(buf,  "This  message  is  at  SECRET\n"); 
	/*  Set up  the  SL  and  CLs  */ 
	slhrtob(&seclab.sl;, "SECRET"); 
	slhrtob(&seclab.sl_cl_min;,  "SECRET"); 
	slhrtob(&seclab.sl_cl_max;,  "SECRET  A  B"); 
	seclab.sl.sl_format  =  STDSL_FORMAT; 
	seclab.sl_cl_min.sl_format  =  STDSL_FORMAT; 
	seclab.sl_cl_max.sl_format  =  STDSL_FORMAT; 
	/*  This  ewrite  call  needs  PV_MAC_CL  and  PV_LAB_SLUG_STR  */ 
	priv_raise(PV_MAC_CL,PV_LAB_SLUG_STR,-1); 
	ewrite_result  =  ewrite(sockfd,  buf,strlen(buf)+1,  &seclab;); 
	priv_lower(PV_MAC_CL,PV_LAB_SLUG_STR,-1);

	if  (ewrite_result  ==  -1) 
	{ 
		perror("tcpclient  call"); 
		fprintf(stderr,  "ewrite  error\n"); 
	} 
	fflush(stderr); 
#endif  /*SECURE*/ 
	fprintf(stderr,  "exiting  .....  \n"); 
	sleep(3); 
	close(sockfd); 
	exit(0); 
}