ipc/unix_domain_socket_util.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "ipc/unix_domain_socket_util.h"
   6
   7 #include <errno.h>
   8 #include <fcntl.h>
   9 #include <sys/socket.h>
  10 #include <sys/stat.h>
  11 #include <sys/un.h>
  12 #include <unistd.h>
  13
  14 #include "base/files/file_path.h"
  15 #include "base/files/file_util.h"
  16 #include "base/files/scoped_file.h"
  17 #include "base/logging.h"
  18 #include "base/posix/eintr_wrapper.h"
  19
  20 namespace IPC {
  21
  22 // Verify that kMaxSocketNameLength is a decent size.
  23 static_assert(sizeof(((sockaddr_un*)0)->sun_path) >= kMaxSocketNameLength,
  24               "sun_path is too long.");
  25
  26 namespace {
  27
  28 // Returns fd (>= 0) on success, -1 on failure. If successful, fills in
  29 // |unix_addr| with the appropriate data for the socket, and sets
  30 // |unix_addr_len| to the length of the data therein.
  31 int MakeUnixAddrForPath(const std::string& socket_name,
  32                         struct sockaddr_un* unix_addr,
  33                         size_t* unix_addr_len) {
  34   DCHECK(unix_addr);
  35   DCHECK(unix_addr_len);
  36
  37   if (socket_name.length() == 0) {
  38     LOG(ERROR) << "Empty socket name provided for unix socket address.";
  39     return -1;
  40   }
  41   // We reject socket_name.length() == kMaxSocketNameLength to make room for
  42   // the NUL terminator at the end of the string.
  43   if (socket_name.length() >= kMaxSocketNameLength) {
  44     LOG(ERROR) << "Socket name too long: " << socket_name;
  45     return -1;
  46   }
  47
  48   // Create socket.
  49   base::ScopedFD fd(socket(AF_UNIX, SOCK_STREAM, 0));
  50   if (!fd.is_valid()) {
  51     PLOG(ERROR) << "socket";
  52     return -1;
  53   }
  54
  55   // Make socket non-blocking
  56   if (HANDLE_EINTR(fcntl(fd.get(), F_SETFL, O_NONBLOCK)) < 0) {
  57     PLOG(ERROR) << "fcntl(O_NONBLOCK)";
  58     return -1;
  59   }
  60
  61   // Create unix_addr structure.
  62   memset(unix_addr, 0, sizeof(struct sockaddr_un));
  63   unix_addr->sun_family = AF_UNIX;
  64   strncpy(unix_addr->sun_path, socket_name.c_str(), kMaxSocketNameLength);
  65   *unix_addr_len =
  66       offsetof(struct sockaddr_un, sun_path) + socket_name.length();
  67   return fd.release();
  68 }
  69
  70 }  // namespace
  71
  72 bool CreateServerUnixDomainSocket(const base::FilePath& socket_path,
  73                                   int* server_listen_fd) {
  74   DCHECK(server_listen_fd);
  75
  76   std::string socket_name = socket_path.value();
  77   base::FilePath socket_dir = socket_path.DirName();
  78
  79   struct sockaddr_un unix_addr;
  80   size_t unix_addr_len;
  81   base::ScopedFD fd(
  82       MakeUnixAddrForPath(socket_name, &unix_addr, &unix_addr_len));
  83   if (!fd.is_valid())
  84     return false;
  85
  86   // Make sure the path we need exists.
  87   if (!base::CreateDirectory(socket_dir)) {
  88     LOG(ERROR) << "Couldn't create directory: " << socket_dir.value();
  89     return false;
  90   }
  91
  92   // Delete any old FS instances.
  93   if (unlink(socket_name.c_str()) < 0 && errno != ENOENT) {
  94     PLOG(ERROR) << "unlink " << socket_name;
  95     return false;
  96   }
  97
  98   // Bind the socket.
  99   if (bind(fd.get(), reinterpret_cast<const sockaddr*>(&unix_addr),
 100            unix_addr_len) < 0) {
 101     PLOG(ERROR) << "bind " << socket_path.value();
 102     return false;
 103   }
 104
 105   // Start listening on the socket.
 106   if (listen(fd.get(), SOMAXCONN) < 0) {
 107     PLOG(ERROR) << "listen " << socket_path.value();
 108     unlink(socket_name.c_str());
 109     return false;
 110   }
 111
 112   *server_listen_fd = fd.release();
 113   return true;
 114 }
 115
 116 bool CreateClientUnixDomainSocket(const base::FilePath& socket_path,
 117                                   int* client_socket) {
 118   DCHECK(client_socket);
 119
 120   std::string socket_name = socket_path.value();
 121   base::FilePath socket_dir = socket_path.DirName();
 122
 123   struct sockaddr_un unix_addr;
 124   size_t unix_addr_len;
 125   base::ScopedFD fd(
 126       MakeUnixAddrForPath(socket_name, &unix_addr, &unix_addr_len));
 127   if (!fd.is_valid())
 128     return false;
 129
 130   if (HANDLE_EINTR(connect(fd.get(), reinterpret_cast<sockaddr*>(&unix_addr),
 131                            unix_addr_len)) < 0) {
 132     PLOG(ERROR) << "connect " << socket_path.value();
 133     return false;
 134   }
 135
 136   *client_socket = fd.release();
 137   return true;
 138 }
 139
 140 bool GetPeerEuid(int fd, uid_t* peer_euid) {
 141   DCHECK(peer_euid);
 142 #if defined(OS_MACOSX) || defined(OS_OPENBSD) || defined(OS_FREEBSD)
 143   uid_t socket_euid;
 144   gid_t socket_gid;
 145   if (getpeereid(fd, &socket_euid, &socket_gid) < 0) {
 146     PLOG(ERROR) << "getpeereid " << fd;
 147     return false;
 148   }
 149   *peer_euid = socket_euid;
 150   return true;
 151 #else
 152   struct ucred cred;
 153   socklen_t cred_len = sizeof(cred);
 154   if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cred, &cred_len) < 0) {
 155     PLOG(ERROR) << "getsockopt " << fd;
 156     return false;
 157   }
 158   if (static_cast<unsigned>(cred_len) < sizeof(cred)) {
 159     NOTREACHED() << "Truncated ucred from SO_PEERCRED?";
 160     return false;
 161   }
 162   *peer_euid = cred.uid;
 163   return true;
 164 #endif
 165 }
 166
 167 bool IsPeerAuthorized(int peer_fd) {
 168   uid_t peer_euid;
 169   if (!GetPeerEuid(peer_fd, &peer_euid))
 170     return false;
 171   if (peer_euid != geteuid()) {
 172     DLOG(ERROR) << "Client euid is not authorised";
 173     return false;
 174   }
 175   return true;
 176 }
 177
 178 bool IsRecoverableError(int err) {
 179   return errno == ECONNABORTED || errno == EMFILE || errno == ENFILE ||
 180          errno == ENOMEM || errno == ENOBUFS;
 181 }
 182
 183 bool ServerAcceptConnection(int server_listen_fd, int* server_socket) {
 184   DCHECK(server_socket);
 185   *server_socket = -1;
 186
 187   base::ScopedFD accept_fd(HANDLE_EINTR(accept(server_listen_fd, NULL, 0)));
 188   if (!accept_fd.is_valid())
 189     return IsRecoverableError(errno);
 190   if (HANDLE_EINTR(fcntl(accept_fd.get(), F_SETFL, O_NONBLOCK)) < 0) {
 191     PLOG(ERROR) << "fcntl(O_NONBLOCK) " << accept_fd.get();
 192     // It's safe to keep listening on |server_listen_fd| even if the attempt to
 193     // set O_NONBLOCK failed on the client fd.
 194     return true;
 195   }
 196
 197   *server_socket = accept_fd.release();
 198   return true;
 199 }
 200
 201 }  // namespace IPC