Add documentation for Unix domain socket authenticator

[joechrisellis]

No description provided.

[ionut-arm]

There are some more places where adding/modifying documentation is needed:

• System architecture page - the auth tokens section
• Interfaces and dataflow page - the dataflow diagram needs updating, same for the authenticator subsection
• I think we'll need some stuff added to the threat model, but that can be done in another PR

[ionut-arm]

You should probably remove the last phrase from here

[ionut-arm]

connect - > connection?

Also, without cooperation from the endpoint sounds a bit forceful, maybe something about it relying on the OS for this information?

[ionut-arm]

in the authentication request -> in the authentication field of the request

[ionut-arm]

Changes in the API overview page are also needed, in the Authentication and Sessions section.

[ionut-arm]

Looks good, but I think you've only updated the .drawio diagram, not the actual PNG that is displayed on the page

[paulhowardarm]

Looks good overall. Suggest more precision when describing how to populate the auth field. Feels a bit vague as it is. Also our messaging around the auth mechanism vs. the transport seems slightly misleading to me.

[paulhowardarm]

Not sure about the phrasing here. It seems like the reverse of what we intend. Peer credential specifically requires domain socket to be the transport, because we rely on the ability of UDS to be able to query the credential in a trusted manner. I think it's misleading to say that peer credential would support other transports in the future, unless we're willing to significantly generalise our definition of what a peer credential is (in which case I don't think we can specifically talk about Unix UIDs or GIDs).

It would be more accurate to say the reverse: that a UDS transport could be used with other auth mechanisms and not only peer credential.

[ionut-arm]

That might've been my fault, as I suggested expanding what we assume - the definition of "peer credential" would indeed depend on the transport mechanism, but I don't see an issue in assuming that other IPC mechanisms (e.g. network, d-bus) could be covered with this kind of authentication if we point out that only UDS are supported for now.

[joechrisellis]

Makes sense -- removed mentions of other transports for this section.

[paulhowardarm]

"stringified uid" feels a bit vague here considering this section is supposed to be the specification of how a client process should populate the auth field. We don't mention that it has to be UTF8 (although that is mentioned somewhere further down, but I think it needs to be here). We also probably want to be very explicit that we expect a UID and not a user name. Also, since UIDs are numerical, we probably want to specify what number format we expect. Decimal? Hex? Will the service parse conventional notations such as the 0x prefix for hex numbers? This is the level of precision that I think we need here.

[joechrisellis]

Good point -- I've changed this to:

- A value of 3 (`0x03`) indicates peer credentials authentication. The service will expect the                                                                                                                                                                                                                                                                                                                                           
  **authentication** field to contain the non-padded decimal UID (**not** username) of the
  connecting process as a UTF-8 string (e.g. `123`). The Parsec service will verify that this
  self-declared UID is consistent with the UID from the peer credentials.

Please let me know if there's any further suggestions!

[hug-dev]

I think to answer to your original question about the format, we need to be clear about the scope of the authentictor. Is it a generic peer credentials authenticator which could be used with other operating systems/listener types or a Unix peer credential authenticator?
If the authenticator that we are describing here is only the later then I think we should:

• be more precise where we mention "peer credentials" and always say "Unix peer credentials" and make sure that when we say "UID" we mean the specific Unix User identifier
• the Unix User Identifier is represented with an integer type. Most Unix OS use 32 bits for this, and Linux uses the uid_t type which is an unsigned 32-bits number. For that reason, I think it would be better to expect the authentication payload to be the representation of a u32 value, 4-bytes padded with zeroes. For example the UID 4 would be [0x00, 0x00, 0x00, 0x04] (or reverse depending on our endianess). I think this is more efficient and less error-prone than having to parse/format a UTF-8 string.

[joechrisellis]

I think to answer to your original question about the format, we need to be clear about the scope of the authentictor. Is it a generic peer credentials authenticator which could be used with other operating systems/listener types or a Unix peer credential authenticator?

AFAIK 'peer credentials' is a Unix-exclusive thing, but I'm all for being more explicit. 😄

be more precise where we mention "peer credentials" and always say "Unix peer credentials" and make sure that when we say "UID" we mean the specific Unix User identifier

ACK, will do.

the Unix User Identifier is represented with an integer type. Most Unix OS use 32 bits for this, and Linux uses the uid_t type which is an unsigned 32-bits number. For that reason, I think it would be better to expect the authentication payload to be the representation of a u32 value, 4-bytes padded with zeroes. For example the UID 4 would be [0x00, 0x00, 0x00, 0x04] (or reverse depending on our endianess). I think this is more efficient and less error-prone than having to parse/format a UTF-8 string.

Agreed, that's a lot nicer. Will do. 🙂

[hug-dev]

Thanks, that looks good to me 😃 One comment about the PNG

[hug-dev]

Thanks for updating the diagram as well! Could you also please keep the white background? I believe that in the png you exported from draw.io the background is transparent. Just so that it is easier to read on our book 😃!

[joechrisellis]

I just checked the other .drawio files in the repository and they all seem to have transparent backgrounds as well? Am I missing something?

[joechrisellis]

Actually, you're right -- the .drawio files do have transparent background, but I had selected the 'export with transparent background' option.

[hug-dev]

Thanks for the changes, looks good to me!!

[ionut-arm]

👌

[ionut-arm]

Gonna guess the PID isn't used either.