Implement IPC::ChannelFactory, a class that accept()s on a UNIX socket.

ipc/ipc_channel_posix.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "ipc/ipc_channel_posix.h"
 
 #include <errno.h>
 #include <fcntl.h>
 #include <stddef.h>
 #include <sys/socket.h>
@@ skipping 22 matching lines @@
 #include "base/rand_util.h"
 #include "base/stl_util.h"
 #include "base/string_util.h"
 #include "base/synchronization/lock.h"
 #include "ipc/file_descriptor_set_posix.h"
 #include "ipc/ipc_descriptors.h"
 #include "ipc/ipc_listener.h"
 #include "ipc/ipc_logging.h"
 #include "ipc/ipc_message_utils.h"
 #include "ipc/ipc_switches.h"
+#include "ipc/unix_domain_socket_util.h"
 
 namespace IPC {
 
 // IPC channels on Windows use named pipes (CreateNamedPipe()) with
 // channel ids as the pipe names.  Channels on POSIX use sockets as
 // pipes  These don't quite line up.
 //
 // When creating a child subprocess we use a socket pair and the parent side of
 // the fork arranges it such that the initial control channel ends up on the
 // magic file descriptor kPrimaryIPCChannel in the child.  Future
@@ skipping 77 matching lines @@
 
  private:
   base::Lock lock_;
   typedef std::map<std::string, int> ChannelToFDMap;
   ChannelToFDMap map_;
 
   friend struct DefaultSingletonTraits<PipeMap>;
 };
 
 //------------------------------------------------------------------------------
-// Verify that kMaxPipeNameLength is a decent size.
-COMPILE_ASSERT(sizeof(((sockaddr_un*)0)->sun_path) >= kMaxPipeNameLength,
-               BAD_SUN_PATH_LENGTH);
-
-// Creates a unix domain socket bound to the specified name that is listening
-// for connections.
-bool CreateServerUnixDomainSocket(const std::string& pipe_name,
-                                  int* server_listen_fd) {
-  DCHECK(server_listen_fd);
-
-  if (pipe_name.length() == 0 || pipe_name.length() >= kMaxPipeNameLength) {
-    DLOG(ERROR) << "pipe_name.length() == " << pipe_name.length();
-    return false;
-  }
-
-  // Create socket.
-  int fd = socket(AF_UNIX, SOCK_STREAM, 0);
-  if (fd < 0) {
-    return false;
-  }
-
-  // Make socket non-blocking
-  if (fcntl(fd, F_SETFL, O_NONBLOCK) == -1) {
-    PLOG(ERROR) << "fcntl(O_NONBLOCK) " << pipe_name;
-    if (HANDLE_EINTR(close(fd)) < 0)
-      PLOG(ERROR) << "close " << pipe_name;
-    return false;
-  }
-
-  // Delete any old FS instances.
-  unlink(pipe_name.c_str());
-
-  // Make sure the path we need exists.
-  base::FilePath path(pipe_name);
-  base::FilePath dir_path = path.DirName();
-  if (!file_util::CreateDirectory(dir_path)) {
-    if (HANDLE_EINTR(close(fd)) < 0)
-      PLOG(ERROR) << "close " << pipe_name;
-    return false;
-  }
-
-  // Create unix_addr structure.
-  struct sockaddr_un unix_addr;
-  memset(&unix_addr, 0, sizeof(unix_addr));
-  unix_addr.sun_family = AF_UNIX;
-  int path_len = snprintf(unix_addr.sun_path, IPC::kMaxPipeNameLength,
-                          "%s", pipe_name.c_str());
-  DCHECK_EQ(static_cast<int>(pipe_name.length()), path_len);
-  size_t unix_addr_len = offsetof(struct sockaddr_un,
-                                       sun_path) + path_len + 1;
-
-  // Bind the socket.
-  if (bind(fd, reinterpret_cast<const sockaddr*>(&unix_addr),
-           unix_addr_len) != 0) {
-    PLOG(ERROR) << "bind " << pipe_name;
-    if (HANDLE_EINTR(close(fd)) < 0)
-      PLOG(ERROR) << "close " << pipe_name;
-    return false;
-  }
-
-  // Start listening on the socket.
-  const int listen_queue_length = 1;
-  if (listen(fd, listen_queue_length) != 0) {
-    PLOG(ERROR) << "listen " << pipe_name;
-    if (HANDLE_EINTR(close(fd)) < 0)
-      PLOG(ERROR) << "close " << pipe_name;
-    return false;
-  }
-
-  *server_listen_fd = fd;
-  return true;
-}
-
-// Accept a connection on a socket we are listening to.
-bool ServerAcceptConnection(int server_listen_fd, int* server_socket) {
-  DCHECK(server_socket);
-
-  int accept_fd = HANDLE_EINTR(accept(server_listen_fd, NULL, 0));
-  if (accept_fd < 0)
-    return false;
-  if (fcntl(accept_fd, F_SETFL, O_NONBLOCK) == -1) {
-    PLOG(ERROR) << "fcntl(O_NONBLOCK) " << accept_fd;
-    if (HANDLE_EINTR(close(accept_fd)) < 0)
-      PLOG(ERROR) << "close " << accept_fd;
-    return false;
-  }
-
-  *server_socket = accept_fd;
-  return true;
-}
-
-bool CreateClientUnixDomainSocket(const std::string& pipe_name,
-                                  int* client_socket) {
-  DCHECK(client_socket);
-  DCHECK_GT(pipe_name.length(), 0u);
-  DCHECK_LT(pipe_name.length(), kMaxPipeNameLength);
-
-  if (pipe_name.length() == 0 || pipe_name.length() >= kMaxPipeNameLength) {
-    return false;
-  }
-
-  // Create socket.
-  int fd = socket(AF_UNIX, SOCK_STREAM, 0);
-  if (fd < 0) {
-    PLOG(ERROR) << "socket " << pipe_name;
-    return false;
-  }
-
-  // Make socket non-blocking
-  if (fcntl(fd, F_SETFL, O_NONBLOCK) == -1) {
-    PLOG(ERROR) << "fcntl(O_NONBLOCK) " << pipe_name;
-    if (HANDLE_EINTR(close(fd)) < 0)
-      PLOG(ERROR) << "close " << pipe_name;
-    return false;
-  }
-
-  // Create server side of socket.
-  struct sockaddr_un server_unix_addr;
-  memset(&server_unix_addr, 0, sizeof(server_unix_addr));
-  server_unix_addr.sun_family = AF_UNIX;
-  int path_len = snprintf(server_unix_addr.sun_path, IPC::kMaxPipeNameLength,
-                          "%s", pipe_name.c_str());
-  DCHECK_EQ(static_cast<int>(pipe_name.length()), path_len);
-  size_t server_unix_addr_len = offsetof(struct sockaddr_un,
-                                         sun_path) + path_len + 1;
-
-  if (HANDLE_EINTR(connect(fd, reinterpret_cast<sockaddr*>(&server_unix_addr),
-                           server_unix_addr_len)) != 0) {
-    PLOG(ERROR) << "connect " << pipe_name;
-    if (HANDLE_EINTR(close(fd)) < 0)
-      PLOG(ERROR) << "close " << pipe_name;
-    return false;
-  }
-
-  *client_socket = fd;
-  return true;
-}
 
 bool SocketWriteErrorIsRecoverable() {
 #if defined(OS_MACOSX)
   // On OS X if sendmsg() is trying to send fds between processes and there
   // isn't enough room in the output buffer to send the fd structure over
   // atomically then EMSGSIZE is returned.
   //
   // EMSGSIZE presents a problem since the system APIs can only call us when
   // there's room in the socket buffer and not when there is "enough" room.
   //
@@ skipping 94 matching lines @@
       return false;
     }
     if (!(value & O_NONBLOCK)) {
       LOG(ERROR) << "Socket " << pipe_name_ << " must be O_NONBLOCK";
       return false;
     }
 #endif   // IPC_USES_READWRITE
   } else if (mode_ & MODE_NAMED_FLAG) {
     // Case 2 from comment above.
     if (mode_ & MODE_SERVER_FLAG) {
-      if (!CreateServerUnixDomainSocket(pipe_name_, &local_pipe)) {
+      if (!CreateServerUnixDomainSocket(base::FilePath(pipe_name_),
+                                        &local_pipe)) {
         return false;
       }
       must_unlink_ = true;
     } else if (mode_ & MODE_CLIENT_FLAG) {
-      if (!CreateClientUnixDomainSocket(pipe_name_, &local_pipe)) {
+      if (!CreateClientUnixDomainSocket(base::FilePath(pipe_name_),
+                                        &local_pipe)) {
+        return false;
+      }
+      // Verify that the server has the same euid as the client.
+      uid_t server_euid;
+      if (!IPC::GetPeerEuid(local_pipe, &server_euid)) {

[Mark Mentovai, 2013/03/05 20:08:03]

You have identical logic in ipc_channel_factory.cc. Can you factor those out
into a common routine, like IPC::IsPeerAuthorized(int fd)?

[jeremya, 2013/03/06 05:03:18]

Done.

+        DLOG(ERROR) << "Unable to query server euid";
+        HANDLE_EINTR(close(local_pipe));
+        return false;
+      }
+      if (server_euid != geteuid()) {
+        DLOG(ERROR) << "Server euid is not authorised";
+        HANDLE_EINTR(close(local_pipe));
         return false;
       }
     } else {
       LOG(ERROR) << "Bad mode: " << mode_;
       return false;
     }
   } else {
     local_pipe = PipeMap::GetInstance()->Lookup(pipe_name_);
     if (mode_ & MODE_CLIENT_FLAG) {
       if (local_pipe != -1) {
@@ skipping 260 matching lines @@
 }
 
 bool Channel::ChannelImpl::AcceptsConnections() const {
   return server_listen_pipe_ != -1;
 }
 
 bool Channel::ChannelImpl::HasAcceptedConnection() const {
   return AcceptsConnections() && pipe_ != -1;
 }
 
-bool Channel::ChannelImpl::GetClientEuid(uid_t* client_euid) const {
-  DCHECK(HasAcceptedConnection());
-#if defined(OS_MACOSX) || defined(OS_OPENBSD)
-  uid_t peer_euid;
-  gid_t peer_gid;
-  if (getpeereid(pipe_, &peer_euid, &peer_gid) != 0) {
-    PLOG(ERROR) << "getpeereid " << pipe_;
-    return false;
-  }
-  *client_euid = peer_euid;
-  return true;
-#elif defined(OS_SOLARIS)
-  return false;
-#else
-  struct ucred cred;
-  socklen_t cred_len = sizeof(cred);
-  if (getsockopt(pipe_, SOL_SOCKET, SO_PEERCRED, &cred, &cred_len) != 0) {
-    PLOG(ERROR) << "getsockopt " << pipe_;
-    return false;
-  }
-  if (static_cast<unsigned>(cred_len) < sizeof(cred)) {
-    NOTREACHED() << "Truncated ucred from SO_PEERCRED?";
-    return false;
-  }
-  *client_euid = cred.uid;
-  return true;
-#endif
+bool Channel::ChannelImpl::GetPeerEuid(uid_t* peer_euid) const {
+  DCHECK(!(mode_ & MODE_SERVER) || HasAcceptedConnection());
+  return IPC::GetPeerEuid(pipe_, peer_euid);
 }
 
 void Channel::ChannelImpl::ResetToAcceptingConnectionState() {
   // Unregister libevent for the unix domain socket and close it.
   read_watcher_.StopWatchingFileDescriptor();
   write_watcher_.StopWatchingFileDescriptor();
   if (pipe_ != -1) {
     if (HANDLE_EINTR(close(pipe_)) < 0)
       PLOG(ERROR) << "close pipe_ " << pipe_name_;
     pipe_ = -1;
@@ skipping 52 matching lines @@
       if (HANDLE_EINTR(close(new_pipe)) < 0)
         DPLOG(ERROR) << "close " << pipe_name_;
       listener()->OnChannelDenied();
       return;
     }
     pipe_ = new_pipe;
 
     if ((mode_ & MODE_OPEN_ACCESS_FLAG) == 0) {
       // Verify that the IPC channel peer is running as the same user.
       uid_t client_euid;
-      if (!GetClientEuid(&client_euid)) {
+      if (!GetPeerEuid(&client_euid)) {
         DLOG(ERROR) << "Unable to query client euid";
         ResetToAcceptingConnectionState();
         return;
       }
       if (client_euid != geteuid()) {
         DLOG(WARNING) << "Client euid is not authorised";
         ResetToAcceptingConnectionState();
         return;
       }
     }
@@ skipping 363 matching lines @@
 }
 
 bool Channel::AcceptsConnections() const {
   return channel_impl_->AcceptsConnections();
 }
 
 bool Channel::HasAcceptedConnection() const {
   return channel_impl_->HasAcceptedConnection();
 }
 
-bool Channel::GetClientEuid(uid_t* client_euid) const {
-  return channel_impl_->GetClientEuid(client_euid);
+bool Channel::GetPeerEuid(uid_t* peer_euid) const {
+  return channel_impl_->GetPeerEuid(peer_euid);
 }
 
 void Channel::ResetToAcceptingConnectionState() {
   channel_impl_->ResetToAcceptingConnectionState();
 }
 
 // static
 bool Channel::IsNamedServerInitialized(const std::string& channel_id) {
   return ChannelImpl::IsNamedServerInitialized(channel_id);
 }
@@ skipping 12 matching lines @@
 
 
 #if defined(OS_LINUX)
 // static
 void Channel::SetGlobalPid(int pid) {
   ChannelImpl::SetGlobalPid(pid);
 }
 #endif  // OS_LINUX
 
 }  // namespace IPC