ipc/unix_domain_socket_util.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "ipc/unix_domain_socket_util.h"
   6
   7 #include <errno.h>
   8 #include <fcntl.h>
   9 #include <sys/socket.h>
  10 #include <sys/stat.h>
  11 #include <sys/un.h>
  12 #include <unistd.h>
  13
  14 #include "base/file_util.h"
  15 #include "base/files/file_path.h"
  16 #include "base/logging.h"
  17 #include "base/posix/eintr_wrapper.h"
  18
  19 namespace IPC {
  20
  21 // Verify that kMaxSocketNameLength is a decent size.
  22 COMPILE_ASSERT(sizeof(((sockaddr_un*)0)->sun_path) >= kMaxSocketNameLength,
  23                BAD_SUN_PATH_LENGTH);
  24
  25 namespace {
  26
  27 // Returns fd (>= 0) on success, -1 on failure. If successful, fills in
  28 // |unix_addr| with the appropriate data for the socket, and sets
  29 // |unix_addr_len| to the length of the data therein.
  30 int MakeUnixAddrForPath(const std::string& socket_name,
  31                         struct sockaddr_un* unix_addr,
  32                         size_t* unix_addr_len) {
  33   DCHECK(unix_addr);
  34   DCHECK(unix_addr_len);
  35
  36   if (socket_name.length() == 0) {
  37     LOG(ERROR) << "Empty socket name provided for unix socket address.";
  38     return -1;
  39   }
  40   // We reject socket_name.length() == kMaxSocketNameLength to make room for
  41   // the NUL terminator at the end of the string.
  42   if (socket_name.length() >= kMaxSocketNameLength) {
  43     LOG(ERROR) << "Socket name too long: " << socket_name;
  44     return -1;
  45   }
  46
  47   // Create socket.
  48   int fd = socket(AF_UNIX, SOCK_STREAM, 0);
  49   if (fd < 0) {
  50     PLOG(ERROR) << "socket";
  51     return -1;
  52   }
  53   file_util::ScopedFD scoped_fd(&fd);
  54
  55   // Make socket non-blocking
  56   if (HANDLE_EINTR(fcntl(fd, F_SETFL, O_NONBLOCK)) < 0) {
  57     PLOG(ERROR) << "fcntl(O_NONBLOCK)";
  58     return -1;
  59   }
  60
  61   // Create unix_addr structure.
  62   memset(unix_addr, 0, sizeof(struct sockaddr_un));
  63   unix_addr->sun_family = AF_UNIX;
  64   strncpy(unix_addr->sun_path, socket_name.c_str(), kMaxSocketNameLength);
  65   *unix_addr_len =
  66       offsetof(struct sockaddr_un, sun_path) + socket_name.length();
  67   return *scoped_fd.release();
  68 }
  69
  70 }  // namespace
  71
  72 bool CreateServerUnixDomainSocket(const base::FilePath& socket_path,
  73                                   int* server_listen_fd) {
  74   DCHECK(server_listen_fd);
  75
  76   std::string socket_name = socket_path.value();
  77   base::FilePath socket_dir = socket_path.DirName();
  78
  79   struct sockaddr_un unix_addr;
  80   size_t unix_addr_len;
  81   int fd = MakeUnixAddrForPath(socket_name, &unix_addr, &unix_addr_len);
  82   if (fd < 0)
  83     return false;
  84   file_util::ScopedFD scoped_fd(&fd);
  85
  86   // Make sure the path we need exists.
  87   if (!file_util::CreateDirectory(socket_dir)) {
  88     LOG(ERROR) << "Couldn't create directory: " << socket_dir.value();
  89     return false;
  90   }
  91
  92   // Delete any old FS instances.
  93   if (unlink(socket_name.c_str()) < 0 && errno != ENOENT) {
  94     PLOG(ERROR) << "unlink " << socket_name;
  95     return false;
  96   }
  97
  98   // Bind the socket.
  99   if (bind(fd, reinterpret_cast<const sockaddr*>(&unix_addr),
 100            unix_addr_len) < 0) {
 101     PLOG(ERROR) << "bind " << socket_path.value();
 102     return false;
 103   }
 104
 105   // Start listening on the socket.
 106   if (listen(fd, SOMAXCONN) < 0) {
 107     PLOG(ERROR) << "listen " << socket_path.value();
 108     unlink(socket_name.c_str());
 109     return false;
 110   }
 111
 112   *server_listen_fd = *scoped_fd.release();
 113   return true;
 114 }
 115
 116 bool CreateClientUnixDomainSocket(const base::FilePath& socket_path,
 117                                   int* client_socket) {
 118   DCHECK(client_socket);
 119
 120   std::string socket_name = socket_path.value();
 121   base::FilePath socket_dir = socket_path.DirName();
 122
 123   struct sockaddr_un unix_addr;
 124   size_t unix_addr_len;
 125   int fd = MakeUnixAddrForPath(socket_name, &unix_addr, &unix_addr_len);
 126   if (fd < 0)
 127     return false;
 128   file_util::ScopedFD scoped_fd(&fd);
 129
 130   if (HANDLE_EINTR(connect(fd, reinterpret_cast<sockaddr*>(&unix_addr),
 131                            unix_addr_len)) < 0) {
 132     PLOG(ERROR) << "connect " << socket_path.value();
 133     return false;
 134   }
 135
 136   *client_socket = *scoped_fd.release();
 137   return true;
 138 }
 139
 140 bool GetPeerEuid(int fd, uid_t* peer_euid) {
 141   DCHECK(peer_euid);
 142 #if defined(OS_MACOSX) || defined(OS_OPENBSD) || defined(OS_FREEBSD)
 143   uid_t socket_euid;
 144   gid_t socket_gid;
 145   if (getpeereid(fd, &socket_euid, &socket_gid) < 0) {
 146     PLOG(ERROR) << "getpeereid " << fd;
 147     return false;
 148   }
 149   *peer_euid = socket_euid;
 150   return true;
 151 #else
 152   struct ucred cred;
 153   socklen_t cred_len = sizeof(cred);
 154   if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cred, &cred_len) < 0) {
 155     PLOG(ERROR) << "getsockopt " << fd;
 156     return false;
 157   }
 158   if (static_cast<unsigned>(cred_len) < sizeof(cred)) {
 159     NOTREACHED() << "Truncated ucred from SO_PEERCRED?";
 160     return false;
 161   }
 162   *peer_euid = cred.uid;
 163   return true;
 164 #endif
 165 }
 166
 167 bool IsPeerAuthorized(int peer_fd) {
 168   uid_t peer_euid;
 169   if (!GetPeerEuid(peer_fd, &peer_euid))
 170     return false;
 171   if (peer_euid != geteuid()) {
 172     DLOG(ERROR) << "Client euid is not authorised";
 173     return false;
 174   }
 175   return true;
 176 }
 177
 178 bool IsRecoverableError(int err) {
 179   return errno == ECONNABORTED || errno == EMFILE || errno == ENFILE ||
 180          errno == ENOMEM || errno == ENOBUFS;
 181 }
 182
 183 bool ServerAcceptConnection(int server_listen_fd, int* server_socket) {
 184   DCHECK(server_socket);
 185   *server_socket = -1;
 186
 187   int accept_fd = HANDLE_EINTR(accept(server_listen_fd, NULL, 0));
 188   if (accept_fd < 0)
 189     return IsRecoverableError(errno);
 190   file_util::ScopedFD scoped_fd(&accept_fd);
 191   if (HANDLE_EINTR(fcntl(accept_fd, F_SETFL, O_NONBLOCK)) < 0) {
 192     PLOG(ERROR) << "fcntl(O_NONBLOCK) " << accept_fd;
 193     // It's safe to keep listening on |server_listen_fd| even if the attempt to
 194     // set O_NONBLOCK failed on the client fd.
 195     return true;
 196   }
 197
 198   *server_socket = *scoped_fd.release();
 199   return true;
 200 }
 201
 202 }  // namespace IPC