1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "ipc/unix_domain_socket_util.h" 6 7 #include <errno.h> 8 #include <fcntl.h> 9 #include <sys/socket.h> 10 #include <sys/stat.h> 11 #include <sys/un.h> 12 #include <unistd.h> 13 14 #include "base/file_util.h" 15 #include "base/files/file_path.h" 16 #include "base/files/scoped_file.h" 17 #include "base/logging.h" 18 #include "base/posix/eintr_wrapper.h" 19 20 namespace IPC { 21 22 // Verify that kMaxSocketNameLength is a decent size. 23 COMPILE_ASSERT(sizeof(((sockaddr_un*)0)->sun_path) >= kMaxSocketNameLength, 24 BAD_SUN_PATH_LENGTH); 25 26 namespace { 27 28 // Returns fd (>= 0) on success, -1 on failure. If successful, fills in 29 // |unix_addr| with the appropriate data for the socket, and sets 30 // |unix_addr_len| to the length of the data therein. 31 int MakeUnixAddrForPath(const std::string& socket_name, 32 struct sockaddr_un* unix_addr, 33 size_t* unix_addr_len) { 34 DCHECK(unix_addr); 35 DCHECK(unix_addr_len); 36 37 if (socket_name.length() == 0) { 38 LOG(ERROR) << "Empty socket name provided for unix socket address."; 39 return -1; 40 } 41 // We reject socket_name.length() == kMaxSocketNameLength to make room for 42 // the NUL terminator at the end of the string. 43 if (socket_name.length() >= kMaxSocketNameLength) { 44 LOG(ERROR) << "Socket name too long: " << socket_name; 45 return -1; 46 } 47 48 // Create socket. 49 base::ScopedFD fd(socket(AF_UNIX, SOCK_STREAM, 0)); 50 if (!fd.is_valid()) { 51 PLOG(ERROR) << "socket"; 52 return -1; 53 } 54 55 // Make socket non-blocking 56 if (HANDLE_EINTR(fcntl(fd.get(), F_SETFL, O_NONBLOCK)) < 0) { 57 PLOG(ERROR) << "fcntl(O_NONBLOCK)"; 58 return -1; 59 } 60 61 // Create unix_addr structure. 62 memset(unix_addr, 0, sizeof(struct sockaddr_un)); 63 unix_addr->sun_family = AF_UNIX; 64 strncpy(unix_addr->sun_path, socket_name.c_str(), kMaxSocketNameLength); 65 *unix_addr_len = 66 offsetof(struct sockaddr_un, sun_path) + socket_name.length(); 67 return fd.release(); 68 } 69 70 } // namespace 71 72 bool CreateServerUnixDomainSocket(const base::FilePath& socket_path, 73 int* server_listen_fd) { 74 DCHECK(server_listen_fd); 75 76 std::string socket_name = socket_path.value(); 77 base::FilePath socket_dir = socket_path.DirName(); 78 79 struct sockaddr_un unix_addr; 80 size_t unix_addr_len; 81 base::ScopedFD fd( 82 MakeUnixAddrForPath(socket_name, &unix_addr, &unix_addr_len)); 83 if (!fd.is_valid()) 84 return false; 85 86 // Make sure the path we need exists. 87 if (!base::CreateDirectory(socket_dir)) { 88 LOG(ERROR) << "Couldn't create directory: " << socket_dir.value(); 89 return false; 90 } 91 92 // Delete any old FS instances. 93 if (unlink(socket_name.c_str()) < 0 && errno != ENOENT) { 94 PLOG(ERROR) << "unlink " << socket_name; 95 return false; 96 } 97 98 // Bind the socket. 99 if (bind(fd.get(), reinterpret_cast<const sockaddr*>(&unix_addr), 100 unix_addr_len) < 0) { 101 PLOG(ERROR) << "bind " << socket_path.value(); 102 return false; 103 } 104 105 // Start listening on the socket. 106 if (listen(fd.get(), SOMAXCONN) < 0) { 107 PLOG(ERROR) << "listen " << socket_path.value(); 108 unlink(socket_name.c_str()); 109 return false; 110 } 111 112 *server_listen_fd = fd.release(); 113 return true; 114 } 115 116 bool CreateClientUnixDomainSocket(const base::FilePath& socket_path, 117 int* client_socket) { 118 DCHECK(client_socket); 119 120 std::string socket_name = socket_path.value(); 121 base::FilePath socket_dir = socket_path.DirName(); 122 123 struct sockaddr_un unix_addr; 124 size_t unix_addr_len; 125 base::ScopedFD fd( 126 MakeUnixAddrForPath(socket_name, &unix_addr, &unix_addr_len)); 127 if (!fd.is_valid()) 128 return false; 129 130 if (HANDLE_EINTR(connect(fd.get(), reinterpret_cast<sockaddr*>(&unix_addr), 131 unix_addr_len)) < 0) { 132 PLOG(ERROR) << "connect " << socket_path.value(); 133 return false; 134 } 135 136 *client_socket = fd.release(); 137 return true; 138 } 139 140 bool GetPeerEuid(int fd, uid_t* peer_euid) { 141 DCHECK(peer_euid); 142 #if defined(OS_MACOSX) || defined(OS_OPENBSD) || defined(OS_FREEBSD) 143 uid_t socket_euid; 144 gid_t socket_gid; 145 if (getpeereid(fd, &socket_euid, &socket_gid) < 0) { 146 PLOG(ERROR) << "getpeereid " << fd; 147 return false; 148 } 149 *peer_euid = socket_euid; 150 return true; 151 #else 152 struct ucred cred; 153 socklen_t cred_len = sizeof(cred); 154 if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cred, &cred_len) < 0) { 155 PLOG(ERROR) << "getsockopt " << fd; 156 return false; 157 } 158 if (static_cast<unsigned>(cred_len) < sizeof(cred)) { 159 NOTREACHED() << "Truncated ucred from SO_PEERCRED?"; 160 return false; 161 } 162 *peer_euid = cred.uid; 163 return true; 164 #endif 165 } 166 167 bool IsPeerAuthorized(int peer_fd) { 168 uid_t peer_euid; 169 if (!GetPeerEuid(peer_fd, &peer_euid)) 170 return false; 171 if (peer_euid != geteuid()) { 172 DLOG(ERROR) << "Client euid is not authorised"; 173 return false; 174 } 175 return true; 176 } 177 178 bool IsRecoverableError(int err) { 179 return errno == ECONNABORTED || errno == EMFILE || errno == ENFILE || 180 errno == ENOMEM || errno == ENOBUFS; 181 } 182 183 bool ServerAcceptConnection(int server_listen_fd, int* server_socket) { 184 DCHECK(server_socket); 185 *server_socket = -1; 186 187 base::ScopedFD accept_fd(HANDLE_EINTR(accept(server_listen_fd, NULL, 0))); 188 if (!accept_fd.is_valid()) 189 return IsRecoverableError(errno); 190 if (HANDLE_EINTR(fcntl(accept_fd.get(), F_SETFL, O_NONBLOCK)) < 0) { 191 PLOG(ERROR) << "fcntl(O_NONBLOCK) " << accept_fd.get(); 192 // It's safe to keep listening on |server_listen_fd| even if the attempt to 193 // set O_NONBLOCK failed on the client fd. 194 return true; 195 } 196 197 *server_socket = accept_fd.release(); 198 return true; 199 } 200 201 } // namespace IPC 202