1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "ipc/unix_domain_socket_util.h"
9 #include <sys/socket.h>
14 #include "base/files/file_path.h"
15 #include "base/files/file_util.h"
16 #include "base/files/scoped_file.h"
17 #include "base/logging.h"
18 #include "base/posix/eintr_wrapper.h"
22 // Verify that kMaxSocketNameLength is a decent size.
23 static_assert(sizeof(((sockaddr_un
*)0)->sun_path
) >= kMaxSocketNameLength
,
24 "sun_path is too long.");
28 // Returns fd (>= 0) on success, -1 on failure. If successful, fills in
29 // |unix_addr| with the appropriate data for the socket, and sets
30 // |unix_addr_len| to the length of the data therein.
31 int MakeUnixAddrForPath(const std::string
& socket_name
,
32 struct sockaddr_un
* unix_addr
,
33 size_t* unix_addr_len
) {
35 DCHECK(unix_addr_len
);
37 if (socket_name
.length() == 0) {
38 LOG(ERROR
) << "Empty socket name provided for unix socket address.";
41 // We reject socket_name.length() == kMaxSocketNameLength to make room for
42 // the NUL terminator at the end of the string.
43 if (socket_name
.length() >= kMaxSocketNameLength
) {
44 LOG(ERROR
) << "Socket name too long: " << socket_name
;
49 base::ScopedFD
fd(socket(AF_UNIX
, SOCK_STREAM
, 0));
51 PLOG(ERROR
) << "socket";
55 // Make socket non-blocking
56 if (HANDLE_EINTR(fcntl(fd
.get(), F_SETFL
, O_NONBLOCK
)) < 0) {
57 PLOG(ERROR
) << "fcntl(O_NONBLOCK)";
61 // Create unix_addr structure.
62 memset(unix_addr
, 0, sizeof(struct sockaddr_un
));
63 unix_addr
->sun_family
= AF_UNIX
;
64 strncpy(unix_addr
->sun_path
, socket_name
.c_str(), kMaxSocketNameLength
);
66 offsetof(struct sockaddr_un
, sun_path
) + socket_name
.length();
72 bool CreateServerUnixDomainSocket(const base::FilePath
& socket_path
,
73 int* server_listen_fd
) {
74 DCHECK(server_listen_fd
);
76 std::string socket_name
= socket_path
.value();
77 base::FilePath socket_dir
= socket_path
.DirName();
79 struct sockaddr_un unix_addr
;
82 MakeUnixAddrForPath(socket_name
, &unix_addr
, &unix_addr_len
));
86 // Make sure the path we need exists.
87 if (!base::CreateDirectory(socket_dir
)) {
88 LOG(ERROR
) << "Couldn't create directory: " << socket_dir
.value();
92 // Delete any old FS instances.
93 if (unlink(socket_name
.c_str()) < 0 && errno
!= ENOENT
) {
94 PLOG(ERROR
) << "unlink " << socket_name
;
99 if (bind(fd
.get(), reinterpret_cast<const sockaddr
*>(&unix_addr
),
100 unix_addr_len
) < 0) {
101 PLOG(ERROR
) << "bind " << socket_path
.value();
105 // Start listening on the socket.
106 if (listen(fd
.get(), SOMAXCONN
) < 0) {
107 PLOG(ERROR
) << "listen " << socket_path
.value();
108 unlink(socket_name
.c_str());
112 *server_listen_fd
= fd
.release();
116 bool CreateClientUnixDomainSocket(const base::FilePath
& socket_path
,
117 int* client_socket
) {
118 DCHECK(client_socket
);
120 std::string socket_name
= socket_path
.value();
121 base::FilePath socket_dir
= socket_path
.DirName();
123 struct sockaddr_un unix_addr
;
124 size_t unix_addr_len
;
126 MakeUnixAddrForPath(socket_name
, &unix_addr
, &unix_addr_len
));
130 if (HANDLE_EINTR(connect(fd
.get(), reinterpret_cast<sockaddr
*>(&unix_addr
),
131 unix_addr_len
)) < 0) {
132 PLOG(ERROR
) << "connect " << socket_path
.value();
136 *client_socket
= fd
.release();
140 bool GetPeerEuid(int fd
, uid_t
* peer_euid
) {
142 #if defined(OS_MACOSX) || defined(OS_OPENBSD) || defined(OS_FREEBSD)
145 if (getpeereid(fd
, &socket_euid
, &socket_gid
) < 0) {
146 PLOG(ERROR
) << "getpeereid " << fd
;
149 *peer_euid
= socket_euid
;
153 socklen_t cred_len
= sizeof(cred
);
154 if (getsockopt(fd
, SOL_SOCKET
, SO_PEERCRED
, &cred
, &cred_len
) < 0) {
155 PLOG(ERROR
) << "getsockopt " << fd
;
158 if (static_cast<unsigned>(cred_len
) < sizeof(cred
)) {
159 NOTREACHED() << "Truncated ucred from SO_PEERCRED?";
162 *peer_euid
= cred
.uid
;
167 bool IsPeerAuthorized(int peer_fd
) {
169 if (!GetPeerEuid(peer_fd
, &peer_euid
))
171 if (peer_euid
!= geteuid()) {
172 DLOG(ERROR
) << "Client euid is not authorised";
178 bool IsRecoverableError(int err
) {
179 return errno
== ECONNABORTED
|| errno
== EMFILE
|| errno
== ENFILE
||
180 errno
== ENOMEM
|| errno
== ENOBUFS
;
183 bool ServerAcceptConnection(int server_listen_fd
, int* server_socket
) {
184 DCHECK(server_socket
);
187 base::ScopedFD
accept_fd(HANDLE_EINTR(accept(server_listen_fd
, NULL
, 0)));
188 if (!accept_fd
.is_valid())
189 return IsRecoverableError(errno
);
190 if (HANDLE_EINTR(fcntl(accept_fd
.get(), F_SETFL
, O_NONBLOCK
)) < 0) {
191 PLOG(ERROR
) << "fcntl(O_NONBLOCK) " << accept_fd
.get();
192 // It's safe to keep listening on |server_listen_fd| even if the attempt to
193 // set O_NONBLOCK failed on the client fd.
197 *server_socket
= accept_fd
.release();