Fix missing lock in 440126cfb7322950d14f7029dd424c4f4bd41ad
[vlc/asuraparaju-public.git] / bin / rootwrap.c
blob1527406e2d2d8faa050f16653fe217db0bcd214f
1 /*****************************************************************************
2 * rootwrap.c
3 *****************************************************************************
4 * Copyright © 2005-2008 Rémi Denis-Courmont
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
19 *****************************************************************************/
21 #ifdef HAVE_CONFIG_H
22 # include <config.h>
23 #endif
24 #define _XPG4_2 /* ancilliary data on Solaris */
26 #include <stdlib.h> /* exit() */
27 #include <stdio.h>
28 #include <string.h>
30 #include <sys/types.h>
31 #include <unistd.h>
32 #include <fcntl.h>
33 #include <sys/stat.h>
34 #include <sys/socket.h>
35 #include <sys/uio.h>
36 #include <sys/resource.h> /* getrlimit() */
37 #include <sched.h>
38 #include <errno.h>
39 #include <netinet/in.h>
41 #if defined (AF_INET6) && !defined (IPV6_V6ONLY)
42 # warning Uho, your IPv6 support is broken and has been disabled. Fix your C library.
43 # undef AF_INET6
44 #endif
46 #ifndef AF_LOCAL
47 # define AF_LOCAL AF_UNIX
48 #endif
49 /* Required yet non-standard cmsg functions */
50 #ifndef CMSG_ALIGN
51 # define CMSG_ALIGN(len) (((len) + sizeof(intptr_t)-1) & ~(sizeof(intptr_t)-1))
52 #endif
53 #ifndef CMSG_SPACE
54 # define CMSG_SPACE(len) (CMSG_ALIGN(sizeof(struct cmsghdr)) + CMSG_ALIGN(len))
55 #endif
56 #ifndef CMSG_LEN
57 # define CMSG_LEN(len) (CMSG_ALIGN(sizeof(struct cmsghdr)) + (len))
58 #endif
60 static inline int is_allowed_port (uint16_t port)
62 port = ntohs (port);
63 return (port == 80) || (port == 443) || (port == 554);
67 static inline int send_err (int fd, int err)
69 return send (fd, &err, sizeof (err), 0) == sizeof (err) ? 0 : -1;
72 /**
73 * Send a file descriptor to another process
75 static int send_fd (int p, int fd)
77 struct msghdr hdr;
78 struct iovec iov;
79 struct cmsghdr *cmsg;
80 char buf[CMSG_SPACE (sizeof (fd))];
81 int val = 0;
83 hdr.msg_name = NULL;
84 hdr.msg_namelen = 0;
85 hdr.msg_iov = &iov;
86 hdr.msg_iovlen = 1;
87 hdr.msg_control = buf;
88 hdr.msg_controllen = sizeof (buf);
90 iov.iov_base = &val;
91 iov.iov_len = sizeof (val);
93 cmsg = CMSG_FIRSTHDR (&hdr);
94 cmsg->cmsg_level = SOL_SOCKET;
95 cmsg->cmsg_type = SCM_RIGHTS;
96 cmsg->cmsg_len = CMSG_LEN (sizeof (fd));
97 memcpy (CMSG_DATA (cmsg), &fd, sizeof (fd));
98 hdr.msg_controllen = cmsg->cmsg_len;
100 return sendmsg (p, &hdr, 0) == sizeof (val) ? 0 : -1;
105 * Background process run as root to open privileged TCP ports.
107 static void rootprocess (int fd)
109 union
111 struct sockaddr sa;
112 struct sockaddr_storage ss;
113 struct sockaddr_in sin;
114 #ifdef AF_INET6
115 struct sockaddr_in6 sin6;
116 #endif
117 } addr;
119 while (recv (fd, &addr.ss, sizeof (addr.ss), 0) == sizeof (addr.ss))
121 unsigned len;
122 int sock;
123 int family;
125 switch (addr.sa.sa_family)
127 case AF_INET:
128 if (!is_allowed_port (addr.sin.sin_port))
130 if (send_err (fd, EACCES))
131 return;
132 continue;
134 len = sizeof (struct sockaddr_in);
135 family = PF_INET;
136 break;
138 #ifdef AF_INET6
139 case AF_INET6:
140 if (!is_allowed_port (addr.sin6.sin6_port))
142 if (send_err (fd, EACCES))
143 return;
144 continue;
146 len = sizeof (struct sockaddr_in6);
147 family = PF_INET6;
148 break;
149 #endif
151 default:
152 if (send_err (fd, EAFNOSUPPORT))
153 return;
154 continue;
157 sock = socket (family, SOCK_STREAM, IPPROTO_TCP);
158 if (sock != -1)
160 const int val = 1;
162 setsockopt (sock, SOL_SOCKET, SO_REUSEADDR, &val, sizeof (val));
163 #ifdef AF_INET6
164 if (addr.sa.sa_family == AF_INET6)
165 setsockopt (sock, IPPROTO_IPV6, IPV6_V6ONLY, &val, sizeof (val));
166 #endif
167 if (bind (sock, &addr.sa, len) == 0)
169 send_fd (fd, sock);
170 close (sock);
171 continue;
174 send_err (fd, errno);
178 /* TODO?
179 * - use libcap if available,
180 * - call chroot
183 int main (int argc, char *argv[])
185 /* Support for dynamically opening RTSP, HTTP and HTTP/SSL ports */
186 int pair[2];
188 if (socketpair (AF_LOCAL, SOCK_STREAM, 0, pair))
189 return 1;
190 if (pair[0] < 3)
191 goto error; /* we want 0, 1 and 2 open */
193 pid_t pid = fork ();
194 switch (pid)
196 case -1:
197 goto error;
199 case 0:
201 int null = open ("/dev/null", O_RDWR);
202 if (null != -1)
204 dup2 (null, 0);
205 dup2 (null, 1);
206 dup2 (null, 2);
207 close (null);
209 close (pair[0]);
210 setsid ();
211 rootprocess (pair[1]);
212 exit (0);
216 close (pair[1]);
217 pair[1] = -1;
219 char buf[21];
220 snprintf (buf, sizeof (buf), "%d", pair[0]);
221 setenv ("VLC_ROOTWRAP_SOCK", buf, 1);
223 /* Support for real-time priorities */
224 #ifdef RLIMIT_RTPRIO
225 struct rlimit rlim;
226 rlim.rlim_max = rlim.rlim_cur = sched_get_priority_min (SCHED_RR) + 24;
227 setrlimit (RLIMIT_RTPRIO, &rlim);
228 #endif
230 uid_t uid = getuid ();
231 if (uid == 0)
233 const char *sudo = getenv ("SUDO_UID");
234 if (sudo)
235 uid = atoi (sudo);
237 if (uid == 0)
239 fprintf (stderr, "Cannot determine unprivileged user for VLC!\n");
240 exit (1);
242 setuid (uid);
244 if (!setuid (0)) /* sanity check: we cannot get root back */
245 exit (1);
247 /* Yeah, the user can execute just about anything from here.
248 * But we've dropped privileges, so it does not matter. */
249 if (strlen (argv[0]) < sizeof ("-wrapper"))
250 goto error;
251 argv[0][strlen (argv[0]) - strlen ("-wrapper")] = '\0';
253 (void)argc;
254 if (execvp (argv[0], argv))
255 perror (argv[0]);
257 error:
258 close (pair[0]);
259 if (pair[1] != -1)
260 close (pair[1]);
261 return 1;