diff options
Diffstat (limited to 'ipc/unix_domain_socket_util.cc')
| -rw-r--r-- | ipc/unix_domain_socket_util.cc | 202 |
1 files changed, 202 insertions, 0 deletions
diff --git a/ipc/unix_domain_socket_util.cc b/ipc/unix_domain_socket_util.cc new file mode 100644 index 0000000..7f513a3 --- /dev/null +++ b/ipc/unix_domain_socket_util.cc @@ -0,0 +1,202 @@ +// Copyright 2013 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "ipc/unix_domain_socket_util.h" + +#include <errno.h> +#include <fcntl.h> +#include <sys/socket.h> +#include <sys/stat.h> +#include <sys/un.h> +#include <unistd.h> + +#include "base/file_util.h" +#include "base/files/file_path.h" +#include "base/logging.h" +#include "base/posix/eintr_wrapper.h" + +namespace IPC { + +// Verify that kMaxSocketNameLength is a decent size. +COMPILE_ASSERT(sizeof(((sockaddr_un*)0)->sun_path) >= kMaxSocketNameLength, + BAD_SUN_PATH_LENGTH); + +namespace { + +// Returns fd (>= 0) on success, -1 on failure. If successful, fills in +// |unix_addr| with the appropriate data for the socket, and sets +// |unix_addr_len| to the length of the data therein. +int MakeUnixAddrForPath(const std::string& socket_name, + struct sockaddr_un* unix_addr, + size_t* unix_addr_len) { + DCHECK(unix_addr); + DCHECK(unix_addr_len); + + if (socket_name.length() == 0) { + LOG(ERROR) << "Empty socket name provided for unix socket address."; + return -1; + } + // We reject socket_name.length() == kMaxSocketNameLength to make room for + // the NUL terminator at the end of the string. + if (socket_name.length() >= kMaxSocketNameLength) { + LOG(ERROR) << "Socket name too long: " << socket_name; + return -1; + } + + // Create socket. + int fd = socket(AF_UNIX, SOCK_STREAM, 0); + if (fd < 0) { + PLOG(ERROR) << "socket"; + return -1; + } + file_util::ScopedFD scoped_fd(&fd); + + // Make socket non-blocking + if (HANDLE_EINTR(fcntl(fd, F_SETFL, O_NONBLOCK)) < 0) { + PLOG(ERROR) << "fcntl(O_NONBLOCK)"; + return -1; + } + + // Create unix_addr structure. + memset(unix_addr, 0, sizeof(struct sockaddr_un)); + unix_addr->sun_family = AF_UNIX; + strncpy(unix_addr->sun_path, socket_name.c_str(), kMaxSocketNameLength); + *unix_addr_len = + offsetof(struct sockaddr_un, sun_path) + socket_name.length(); + return *scoped_fd.release(); +} + +} // namespace + +bool CreateServerUnixDomainSocket(const base::FilePath& socket_path, + int* server_listen_fd) { + DCHECK(server_listen_fd); + + std::string socket_name = socket_path.value(); + base::FilePath socket_dir = socket_path.DirName(); + + struct sockaddr_un unix_addr; + size_t unix_addr_len; + int fd = MakeUnixAddrForPath(socket_name, &unix_addr, &unix_addr_len); + if (fd < 0) + return false; + file_util::ScopedFD scoped_fd(&fd); + + // Make sure the path we need exists. + if (!file_util::CreateDirectory(socket_dir)) { + LOG(ERROR) << "Couldn't create directory: " << socket_dir.value(); + return false; + } + + // Delete any old FS instances. + if (unlink(socket_name.c_str()) < 0 && errno != ENOENT) { + PLOG(ERROR) << "unlink " << socket_name; + return false; + } + + // Bind the socket. + if (bind(fd, reinterpret_cast<const sockaddr*>(&unix_addr), + unix_addr_len) < 0) { + PLOG(ERROR) << "bind " << socket_path.value(); + return false; + } + + // Start listening on the socket. + if (listen(fd, SOMAXCONN) < 0) { + PLOG(ERROR) << "listen " << socket_path.value(); + unlink(socket_name.c_str()); + return false; + } + + *server_listen_fd = *scoped_fd.release(); + return true; +} + +bool CreateClientUnixDomainSocket(const base::FilePath& socket_path, + int* client_socket) { + DCHECK(client_socket); + + std::string socket_name = socket_path.value(); + base::FilePath socket_dir = socket_path.DirName(); + + struct sockaddr_un unix_addr; + size_t unix_addr_len; + int fd = MakeUnixAddrForPath(socket_name, &unix_addr, &unix_addr_len); + if (fd < 0) + return false; + file_util::ScopedFD scoped_fd(&fd); + + if (HANDLE_EINTR(connect(fd, reinterpret_cast<sockaddr*>(&unix_addr), + unix_addr_len)) < 0) { + PLOG(ERROR) << "connect " << socket_path.value(); + return false; + } + + *client_socket = *scoped_fd.release(); + return true; +} + +bool GetPeerEuid(int fd, uid_t* peer_euid) { + DCHECK(peer_euid); +#if defined(OS_MACOSX) || defined(OS_OPENBSD) || defined(OS_FREEBSD) + uid_t socket_euid; + gid_t socket_gid; + if (getpeereid(fd, &socket_euid, &socket_gid) < 0) { + PLOG(ERROR) << "getpeereid " << fd; + return false; + } + *peer_euid = socket_euid; + return true; +#else + struct ucred cred; + socklen_t cred_len = sizeof(cred); + if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cred, &cred_len) < 0) { + PLOG(ERROR) << "getsockopt " << fd; + return false; + } + if (static_cast<unsigned>(cred_len) < sizeof(cred)) { + NOTREACHED() << "Truncated ucred from SO_PEERCRED?"; + return false; + } + *peer_euid = cred.uid; + return true; +#endif +} + +bool IsPeerAuthorized(int peer_fd) { + uid_t peer_euid; + if (!GetPeerEuid(peer_fd, &peer_euid)) + return false; + if (peer_euid != geteuid()) { + DLOG(ERROR) << "Client euid is not authorised"; + return false; + } + return true; +} + +bool IsRecoverableError(int err) { + return errno == ECONNABORTED || errno == EMFILE || errno == ENFILE || + errno == ENOMEM || errno == ENOBUFS; +} + +bool ServerAcceptConnection(int server_listen_fd, int* server_socket) { + DCHECK(server_socket); + *server_socket = -1; + + int accept_fd = HANDLE_EINTR(accept(server_listen_fd, NULL, 0)); + if (accept_fd < 0) + return IsRecoverableError(errno); + file_util::ScopedFD scoped_fd(&accept_fd); + if (HANDLE_EINTR(fcntl(accept_fd, F_SETFL, O_NONBLOCK)) < 0) { + PLOG(ERROR) << "fcntl(O_NONBLOCK) " << accept_fd; + // It's safe to keep listening on |server_listen_fd| even if the attempt to + // set O_NONBLOCK failed on the client fd. + return true; + } + + *server_socket = *scoped_fd.release(); + return true; +} + +} // namespace IPC |