From 3f306c0336db0f21e59b2e61ca570d089421b794 Mon Sep 17 00:00:00 2001
From: Jim Garlick <garlick.jim@gmail.com>
Date: Mon, 27 Feb 2017 16:42:42 -0800
Subject: [PATCH] cmd/flux-proxy:  add single byte auth response

---
 src/cmd/builtin/proxy.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/cmd/builtin/proxy.c b/src/cmd/builtin/proxy.c
index 21cf3ee2a1f0..fa38717966a0 100644
--- a/src/cmd/builtin/proxy.c
+++ b/src/cmd/builtin/proxy.c
@@ -683,6 +683,7 @@ static int check_cred (proxy_ctx_t *ctx, int fd)
     if (ucred.uid != ctx->session_owner) {
         flux_log (ctx->h, LOG_ERR, "connect by uid=%d pid=%d denied",
                   ucred.uid, (int)ucred.pid);
+        errno = EPERM;
         goto done;
     }
     rc = 0;
@@ -690,6 +691,11 @@ static int check_cred (proxy_ctx_t *ctx, int fd)
     return rc;
 }
 
+static int send_auth_response (int fd, unsigned char e)
+{
+    return write (fd, &e, 1);
+}
+
 /* Accept a connection from new client.
  */
 static void listener_cb (flux_reactor_t *r, flux_watcher_t *w,
@@ -708,9 +714,11 @@ static void listener_cb (flux_reactor_t *r, flux_watcher_t *w,
             goto done;
         }
         if (check_cred (ctx, cfd) < 0) {
+            send_auth_response (cfd, errno);
             close (cfd);
             goto done;
         }
+        send_auth_response (cfd, 0);
         if (!(c = client_create (ctx, cfd, cfd))) {
             close (cfd);
             goto done;