1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "ipc/unix_domain_socket_util.h" 6 7 #include <errno.h> 8 #include <fcntl.h> 9 #include <sys/socket.h> 10 #include <sys/stat.h> 11 #include <sys/un.h> 12 #include <unistd.h> 13 14 #include "base/file_util.h" 15 #include "base/files/file_path.h" 16 #include "base/logging.h" 17 #include "base/posix/eintr_wrapper.h" 18 19 namespace IPC { 20 21 // Verify that kMaxSocketNameLength is a decent size. 22 COMPILE_ASSERT(sizeof(((sockaddr_un*)0)->sun_path) >= kMaxSocketNameLength, 23 BAD_SUN_PATH_LENGTH); 24 25 namespace { 26 27 // Returns fd (>= 0) on success, -1 on failure. If successful, fills in 28 // |unix_addr| with the appropriate data for the socket, and sets 29 // |unix_addr_len| to the length of the data therein. 30 int MakeUnixAddrForPath(const std::string& socket_name, 31 struct sockaddr_un* unix_addr, 32 size_t* unix_addr_len) { 33 DCHECK(unix_addr); 34 DCHECK(unix_addr_len); 35 36 if (socket_name.length() == 0) { 37 LOG(ERROR) << "Empty socket name provided for unix socket address."; 38 return -1; 39 } 40 // We reject socket_name.length() == kMaxSocketNameLength to make room for 41 // the NUL terminator at the end of the string. 42 if (socket_name.length() >= kMaxSocketNameLength) { 43 LOG(ERROR) << "Socket name too long: " << socket_name; 44 return -1; 45 } 46 47 // Create socket. 48 int fd = socket(AF_UNIX, SOCK_STREAM, 0); 49 if (fd < 0) { 50 PLOG(ERROR) << "socket"; 51 return -1; 52 } 53 file_util::ScopedFD scoped_fd(&fd); 54 55 // Make socket non-blocking 56 if (HANDLE_EINTR(fcntl(fd, F_SETFL, O_NONBLOCK)) < 0) { 57 PLOG(ERROR) << "fcntl(O_NONBLOCK)"; 58 return -1; 59 } 60 61 // Create unix_addr structure. 62 memset(unix_addr, 0, sizeof(struct sockaddr_un)); 63 unix_addr->sun_family = AF_UNIX; 64 strncpy(unix_addr->sun_path, socket_name.c_str(), kMaxSocketNameLength); 65 *unix_addr_len = 66 offsetof(struct sockaddr_un, sun_path) + socket_name.length(); 67 return *scoped_fd.release(); 68 } 69 70 } // namespace 71 72 bool CreateServerUnixDomainSocket(const base::FilePath& socket_path, 73 int* server_listen_fd) { 74 DCHECK(server_listen_fd); 75 76 std::string socket_name = socket_path.value(); 77 base::FilePath socket_dir = socket_path.DirName(); 78 79 struct sockaddr_un unix_addr; 80 size_t unix_addr_len; 81 int fd = MakeUnixAddrForPath(socket_name, &unix_addr, &unix_addr_len); 82 if (fd < 0) 83 return false; 84 file_util::ScopedFD scoped_fd(&fd); 85 86 // Make sure the path we need exists. 87 if (!base::CreateDirectory(socket_dir)) { 88 LOG(ERROR) << "Couldn't create directory: " << socket_dir.value(); 89 return false; 90 } 91 92 // Delete any old FS instances. 93 if (unlink(socket_name.c_str()) < 0 && errno != ENOENT) { 94 PLOG(ERROR) << "unlink " << socket_name; 95 return false; 96 } 97 98 // Bind the socket. 99 if (bind(fd, reinterpret_cast<const sockaddr*>(&unix_addr), 100 unix_addr_len) < 0) { 101 PLOG(ERROR) << "bind " << socket_path.value(); 102 return false; 103 } 104 105 // Start listening on the socket. 106 if (listen(fd, SOMAXCONN) < 0) { 107 PLOG(ERROR) << "listen " << socket_path.value(); 108 unlink(socket_name.c_str()); 109 return false; 110 } 111 112 *server_listen_fd = *scoped_fd.release(); 113 return true; 114 } 115 116 bool CreateClientUnixDomainSocket(const base::FilePath& socket_path, 117 int* client_socket) { 118 DCHECK(client_socket); 119 120 std::string socket_name = socket_path.value(); 121 base::FilePath socket_dir = socket_path.DirName(); 122 123 struct sockaddr_un unix_addr; 124 size_t unix_addr_len; 125 int fd = MakeUnixAddrForPath(socket_name, &unix_addr, &unix_addr_len); 126 if (fd < 0) 127 return false; 128 file_util::ScopedFD scoped_fd(&fd); 129 130 if (HANDLE_EINTR(connect(fd, reinterpret_cast<sockaddr*>(&unix_addr), 131 unix_addr_len)) < 0) { 132 PLOG(ERROR) << "connect " << socket_path.value(); 133 return false; 134 } 135 136 *client_socket = *scoped_fd.release(); 137 return true; 138 } 139 140 bool GetPeerEuid(int fd, uid_t* peer_euid) { 141 DCHECK(peer_euid); 142 #if defined(OS_MACOSX) || defined(OS_OPENBSD) || defined(OS_FREEBSD) 143 uid_t socket_euid; 144 gid_t socket_gid; 145 if (getpeereid(fd, &socket_euid, &socket_gid) < 0) { 146 PLOG(ERROR) << "getpeereid " << fd; 147 return false; 148 } 149 *peer_euid = socket_euid; 150 return true; 151 #else 152 struct ucred cred; 153 socklen_t cred_len = sizeof(cred); 154 if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cred, &cred_len) < 0) { 155 PLOG(ERROR) << "getsockopt " << fd; 156 return false; 157 } 158 if (static_cast<unsigned>(cred_len) < sizeof(cred)) { 159 NOTREACHED() << "Truncated ucred from SO_PEERCRED?"; 160 return false; 161 } 162 *peer_euid = cred.uid; 163 return true; 164 #endif 165 } 166 167 bool IsPeerAuthorized(int peer_fd) { 168 uid_t peer_euid; 169 if (!GetPeerEuid(peer_fd, &peer_euid)) 170 return false; 171 if (peer_euid != geteuid()) { 172 DLOG(ERROR) << "Client euid is not authorised"; 173 return false; 174 } 175 return true; 176 } 177 178 bool IsRecoverableError(int err) { 179 return errno == ECONNABORTED || errno == EMFILE || errno == ENFILE || 180 errno == ENOMEM || errno == ENOBUFS; 181 } 182 183 bool ServerAcceptConnection(int server_listen_fd, int* server_socket) { 184 DCHECK(server_socket); 185 *server_socket = -1; 186 187 int accept_fd = HANDLE_EINTR(accept(server_listen_fd, NULL, 0)); 188 if (accept_fd < 0) 189 return IsRecoverableError(errno); 190 file_util::ScopedFD scoped_fd(&accept_fd); 191 if (HANDLE_EINTR(fcntl(accept_fd, F_SETFL, O_NONBLOCK)) < 0) { 192 PLOG(ERROR) << "fcntl(O_NONBLOCK) " << accept_fd; 193 // It's safe to keep listening on |server_listen_fd| even if the attempt to 194 // set O_NONBLOCK failed on the client fd. 195 return true; 196 } 197 198 *server_socket = *scoped_fd.release(); 199 return true; 200 } 201 202 } // namespace IPC 203
