Revert 187233

ipc/ipc_channel_posix.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "ipc/ipc_channel_posix.h"
 
 #include <errno.h>
 #include <fcntl.h>
 #include <stddef.h>
 #include <sys/socket.h>
@@ skipping 22 matching lines @@
 #include "base/rand_util.h"
 #include "base/stl_util.h"
 #include "base/string_util.h"
 #include "base/synchronization/lock.h"
 #include "ipc/file_descriptor_set_posix.h"
 #include "ipc/ipc_descriptors.h"
 #include "ipc/ipc_listener.h"
 #include "ipc/ipc_logging.h"
 #include "ipc/ipc_message_utils.h"
 #include "ipc/ipc_switches.h"
-#include "ipc/unix_domain_socket_util.h"
 
 namespace IPC {
 
 // IPC channels on Windows use named pipes (CreateNamedPipe()) with
 // channel ids as the pipe names.  Channels on POSIX use sockets as
 // pipes  These don't quite line up.
 //
 // When creating a child subprocess we use a socket pair and the parent side of
 // the fork arranges it such that the initial control channel ends up on the
 // magic file descriptor kPrimaryIPCChannel in the child.  Future
@@ skipping 77 matching lines @@
 
  private:
   base::Lock lock_;
   typedef std::map<std::string, int> ChannelToFDMap;
   ChannelToFDMap map_;
 
   friend struct DefaultSingletonTraits<PipeMap>;
 };
 
 //------------------------------------------------------------------------------
+// Verify that kMaxPipeNameLength is a decent size.
+COMPILE_ASSERT(sizeof(((sockaddr_un*)0)->sun_path) >= kMaxPipeNameLength,
+               BAD_SUN_PATH_LENGTH);
+
+// Creates a unix domain socket bound to the specified name that is listening
+// for connections.
+bool CreateServerUnixDomainSocket(const std::string& pipe_name,
+                                  int* server_listen_fd) {
+  DCHECK(server_listen_fd);
+
+  if (pipe_name.length() == 0 || pipe_name.length() >= kMaxPipeNameLength) {
+    DLOG(ERROR) << "pipe_name.length() == " << pipe_name.length();
+    return false;
+  }
+
+  // Create socket.
+  int fd = socket(AF_UNIX, SOCK_STREAM, 0);
+  if (fd < 0) {
+    return false;
+  }
+
+  // Make socket non-blocking
+  if (fcntl(fd, F_SETFL, O_NONBLOCK) == -1) {
+    PLOG(ERROR) << "fcntl(O_NONBLOCK) " << pipe_name;
+    if (HANDLE_EINTR(close(fd)) < 0)
+      PLOG(ERROR) << "close " << pipe_name;
+    return false;
+  }
+
+  // Delete any old FS instances.
+  unlink(pipe_name.c_str());
+
+  // Make sure the path we need exists.
+  base::FilePath path(pipe_name);
+  base::FilePath dir_path = path.DirName();
+  if (!file_util::CreateDirectory(dir_path)) {
+    if (HANDLE_EINTR(close(fd)) < 0)
+      PLOG(ERROR) << "close " << pipe_name;
+    return false;
+  }
+
+  // Create unix_addr structure.
+  struct sockaddr_un unix_addr;
+  memset(&unix_addr, 0, sizeof(unix_addr));
+  unix_addr.sun_family = AF_UNIX;
+  int path_len = snprintf(unix_addr.sun_path, IPC::kMaxPipeNameLength,
+                          "%s", pipe_name.c_str());
+  DCHECK_EQ(static_cast<int>(pipe_name.length()), path_len);
+  size_t unix_addr_len = offsetof(struct sockaddr_un,
+                                       sun_path) + path_len + 1;
+
+  // Bind the socket.
+  if (bind(fd, reinterpret_cast<const sockaddr*>(&unix_addr),
+           unix_addr_len) != 0) {
+    PLOG(ERROR) << "bind " << pipe_name;
+    if (HANDLE_EINTR(close(fd)) < 0)
+      PLOG(ERROR) << "close " << pipe_name;
+    return false;
+  }
+
+  // Start listening on the socket.
+  const int listen_queue_length = 1;
+  if (listen(fd, listen_queue_length) != 0) {
+    PLOG(ERROR) << "listen " << pipe_name;
+    if (HANDLE_EINTR(close(fd)) < 0)
+      PLOG(ERROR) << "close " << pipe_name;
+    return false;
+  }
+
+  *server_listen_fd = fd;
+  return true;
+}
+
+// Accept a connection on a socket we are listening to.
+bool ServerAcceptConnection(int server_listen_fd, int* server_socket) {
+  DCHECK(server_socket);
+
+  int accept_fd = HANDLE_EINTR(accept(server_listen_fd, NULL, 0));
+  if (accept_fd < 0)
+    return false;
+  if (fcntl(accept_fd, F_SETFL, O_NONBLOCK) == -1) {
+    PLOG(ERROR) << "fcntl(O_NONBLOCK) " << accept_fd;
+    if (HANDLE_EINTR(close(accept_fd)) < 0)
+      PLOG(ERROR) << "close " << accept_fd;
+    return false;
+  }
+
+  *server_socket = accept_fd;
+  return true;
+}
+
+bool CreateClientUnixDomainSocket(const std::string& pipe_name,
+                                  int* client_socket) {
+  DCHECK(client_socket);
+  DCHECK_GT(pipe_name.length(), 0u);
+  DCHECK_LT(pipe_name.length(), kMaxPipeNameLength);
+
+  if (pipe_name.length() == 0 || pipe_name.length() >= kMaxPipeNameLength) {
+    return false;
+  }
+
+  // Create socket.
+  int fd = socket(AF_UNIX, SOCK_STREAM, 0);
+  if (fd < 0) {
+    PLOG(ERROR) << "socket " << pipe_name;
+    return false;
+  }
+
+  // Make socket non-blocking
+  if (fcntl(fd, F_SETFL, O_NONBLOCK) == -1) {
+    PLOG(ERROR) << "fcntl(O_NONBLOCK) " << pipe_name;
+    if (HANDLE_EINTR(close(fd)) < 0)
+      PLOG(ERROR) << "close " << pipe_name;
+    return false;
+  }
+
+  // Create server side of socket.
+  struct sockaddr_un server_unix_addr;
+  memset(&server_unix_addr, 0, sizeof(server_unix_addr));
+  server_unix_addr.sun_family = AF_UNIX;
+  int path_len = snprintf(server_unix_addr.sun_path, IPC::kMaxPipeNameLength,
+                          "%s", pipe_name.c_str());
+  DCHECK_EQ(static_cast<int>(pipe_name.length()), path_len);
+  size_t server_unix_addr_len = offsetof(struct sockaddr_un,
+                                         sun_path) + path_len + 1;
+
+  if (HANDLE_EINTR(connect(fd, reinterpret_cast<sockaddr*>(&server_unix_addr),
+                           server_unix_addr_len)) != 0) {
+    PLOG(ERROR) << "connect " << pipe_name;
+    if (HANDLE_EINTR(close(fd)) < 0)
+      PLOG(ERROR) << "close " << pipe_name;
+    return false;
+  }
+
+  *client_socket = fd;
+  return true;
+}
 
 bool SocketWriteErrorIsRecoverable() {
 #if defined(OS_MACOSX)
   // On OS X if sendmsg() is trying to send fds between processes and there
   // isn't enough room in the output buffer to send the fd structure over
   // atomically then EMSGSIZE is returned.
   //
   // EMSGSIZE presents a problem since the system APIs can only call us when
   // there's room in the socket buffer and not when there is "enough" room.
   //
@@ skipping 94 matching lines @@
       return false;
     }
     if (!(value & O_NONBLOCK)) {
       LOG(ERROR) << "Socket " << pipe_name_ << " must be O_NONBLOCK";
       return false;
     }
 #endif   // IPC_USES_READWRITE
   } else if (mode_ & MODE_NAMED_FLAG) {
     // Case 2 from comment above.
     if (mode_ & MODE_SERVER_FLAG) {
-      if (!CreateServerUnixDomainSocket(base::FilePath(pipe_name_),
-                                        &local_pipe)) {
+      if (!CreateServerUnixDomainSocket(pipe_name_, &local_pipe)) {
         return false;
       }
       must_unlink_ = true;
     } else if (mode_ & MODE_CLIENT_FLAG) {
-      if (!CreateClientUnixDomainSocket(base::FilePath(pipe_name_),
-                                        &local_pipe)) {
-        return false;
-      }
-      // Verify that the server has the same euid as the client.
-      if (!IPC::IsPeerAuthorized(local_pipe)) {
-        if (HANDLE_EINTR(close(local_pipe)) < 0)
-          PLOG(ERROR) << "close " << pipe_name_;
+      if (!CreateClientUnixDomainSocket(pipe_name_, &local_pipe)) {
         return false;
       }
     } else {
       LOG(ERROR) << "Bad mode: " << mode_;
       return false;
     }
   } else {
     local_pipe = PipeMap::GetInstance()->Lookup(pipe_name_);
     if (mode_ & MODE_CLIENT_FLAG) {
       if (local_pipe != -1) {
@@ skipping 260 matching lines @@
 }
 
 bool Channel::ChannelImpl::AcceptsConnections() const {
   return server_listen_pipe_ != -1;
 }
 
 bool Channel::ChannelImpl::HasAcceptedConnection() const {
   return AcceptsConnections() && pipe_ != -1;
 }
 
-bool Channel::ChannelImpl::GetPeerEuid(uid_t* peer_euid) const {
-  DCHECK(!(mode_ & MODE_SERVER) || HasAcceptedConnection());
-  return IPC::GetPeerEuid(pipe_, peer_euid);
+bool Channel::ChannelImpl::GetClientEuid(uid_t* client_euid) const {
+  DCHECK(HasAcceptedConnection());
+#if defined(OS_MACOSX) || defined(OS_OPENBSD)
+  uid_t peer_euid;
+  gid_t peer_gid;
+  if (getpeereid(pipe_, &peer_euid, &peer_gid) != 0) {
+    PLOG(ERROR) << "getpeereid " << pipe_;
+    return false;
+  }
+  *client_euid = peer_euid;
+  return true;
+#elif defined(OS_SOLARIS)
+  return false;
+#else
+  struct ucred cred;
+  socklen_t cred_len = sizeof(cred);
+  if (getsockopt(pipe_, SOL_SOCKET, SO_PEERCRED, &cred, &cred_len) != 0) {
+    PLOG(ERROR) << "getsockopt " << pipe_;
+    return false;
+  }
+  if (static_cast<unsigned>(cred_len) < sizeof(cred)) {
+    NOTREACHED() << "Truncated ucred from SO_PEERCRED?";
+    return false;
+  }
+  *client_euid = cred.uid;
+  return true;
+#endif
 }
 
 void Channel::ChannelImpl::ResetToAcceptingConnectionState() {
   // Unregister libevent for the unix domain socket and close it.
   read_watcher_.StopWatchingFileDescriptor();
   write_watcher_.StopWatchingFileDescriptor();
   if (pipe_ != -1) {
     if (HANDLE_EINTR(close(pipe_)) < 0)
       PLOG(ERROR) << "close pipe_ " << pipe_name_;
     pipe_ = -1;
@@ skipping 32 matching lines @@
 void Channel::ChannelImpl::SetGlobalPid(int pid) {
   global_pid_ = pid;
 }
 #endif  // OS_LINUX
 
 // Called by libevent when we can read from the pipe without blocking.
 void Channel::ChannelImpl::OnFileCanReadWithoutBlocking(int fd) {
   bool send_server_hello_msg = false;
   if (fd == server_listen_pipe_) {
     int new_pipe = 0;
-    if (!ServerAcceptConnection(server_listen_pipe_, &new_pipe) ||
-        new_pipe < 0) {
+    if (!ServerAcceptConnection(server_listen_pipe_, &new_pipe)) {
       Close();
       listener()->OnChannelListenError();
     }
 
     if (pipe_ != -1) {
       // We already have a connection. We only handle one at a time.
       // close our new descriptor.
       if (HANDLE_EINTR(shutdown(new_pipe, SHUT_RDWR)) < 0)
         DPLOG(ERROR) << "shutdown " << pipe_name_;
       if (HANDLE_EINTR(close(new_pipe)) < 0)
         DPLOG(ERROR) << "close " << pipe_name_;
       listener()->OnChannelDenied();
       return;
     }
     pipe_ = new_pipe;
 
     if ((mode_ & MODE_OPEN_ACCESS_FLAG) == 0) {
       // Verify that the IPC channel peer is running as the same user.
       uid_t client_euid;
-      if (!GetPeerEuid(&client_euid)) {
+      if (!GetClientEuid(&client_euid)) {
         DLOG(ERROR) << "Unable to query client euid";
         ResetToAcceptingConnectionState();
         return;
       }
       if (client_euid != geteuid()) {
         DLOG(WARNING) << "Client euid is not authorised";
         ResetToAcceptingConnectionState();
         return;
       }
     }
@@ skipping 363 matching lines @@
 }
 
 bool Channel::AcceptsConnections() const {
   return channel_impl_->AcceptsConnections();
 }
 
 bool Channel::HasAcceptedConnection() const {
   return channel_impl_->HasAcceptedConnection();
 }
 
-bool Channel::GetPeerEuid(uid_t* peer_euid) const {
-  return channel_impl_->GetPeerEuid(peer_euid);
+bool Channel::GetClientEuid(uid_t* client_euid) const {
+  return channel_impl_->GetClientEuid(client_euid);
 }
 
 void Channel::ResetToAcceptingConnectionState() {
   channel_impl_->ResetToAcceptingConnectionState();
 }
 
 // static
 bool Channel::IsNamedServerInitialized(const std::string& channel_id) {
   return ChannelImpl::IsNamedServerInitialized(channel_id);
 }
@@ skipping 12 matching lines @@
 
 
 #if defined(OS_LINUX)
 // static
 void Channel::SetGlobalPid(int pid) {
   ChannelImpl::SetGlobalPid(pid);
 }
 #endif  // OS_LINUX
 
 }  // namespace IPC