]>
Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* scm.c - Socket level control messages processing. |
2 | * | |
3 | * Author: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> | |
4 | * Alignment and value checking mods by Craig Metz | |
5 | * | |
6 | * This program is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU General Public License | |
8 | * as published by the Free Software Foundation; either version | |
9 | * 2 of the License, or (at your option) any later version. | |
10 | */ | |
11 | ||
12 | #include <linux/module.h> | |
13 | #include <linux/signal.h> | |
4fc268d2 | 14 | #include <linux/capability.h> |
1da177e4 LT |
15 | #include <linux/errno.h> |
16 | #include <linux/sched.h> | |
17 | #include <linux/mm.h> | |
18 | #include <linux/kernel.h> | |
1da177e4 LT |
19 | #include <linux/stat.h> |
20 | #include <linux/socket.h> | |
21 | #include <linux/file.h> | |
22 | #include <linux/fcntl.h> | |
23 | #include <linux/net.h> | |
24 | #include <linux/interrupt.h> | |
25 | #include <linux/netdevice.h> | |
26 | #include <linux/security.h> | |
b488893a PE |
27 | #include <linux/pid.h> |
28 | #include <linux/nsproxy.h> | |
1da177e4 LT |
29 | |
30 | #include <asm/system.h> | |
31 | #include <asm/uaccess.h> | |
32 | ||
33 | #include <net/protocol.h> | |
34 | #include <linux/skbuff.h> | |
35 | #include <net/sock.h> | |
36 | #include <net/compat.h> | |
37 | #include <net/scm.h> | |
38 | ||
39 | ||
40 | /* | |
4ec93edb | 41 | * Only allow a user to send credentials, that they could set with |
1da177e4 LT |
42 | * setu(g)id. |
43 | */ | |
44 | ||
45 | static __inline__ int scm_check_creds(struct ucred *creds) | |
46 | { | |
b488893a | 47 | if ((creds->pid == task_tgid_vnr(current) || capable(CAP_SYS_ADMIN)) && |
1da177e4 LT |
48 | ((creds->uid == current->uid || creds->uid == current->euid || |
49 | creds->uid == current->suid) || capable(CAP_SETUID)) && | |
50 | ((creds->gid == current->gid || creds->gid == current->egid || | |
51 | creds->gid == current->sgid) || capable(CAP_SETGID))) { | |
52 | return 0; | |
53 | } | |
54 | return -EPERM; | |
55 | } | |
56 | ||
57 | static int scm_fp_copy(struct cmsghdr *cmsg, struct scm_fp_list **fplp) | |
58 | { | |
59 | int *fdp = (int*)CMSG_DATA(cmsg); | |
60 | struct scm_fp_list *fpl = *fplp; | |
61 | struct file **fpp; | |
62 | int i, num; | |
63 | ||
64 | num = (cmsg->cmsg_len - CMSG_ALIGN(sizeof(struct cmsghdr)))/sizeof(int); | |
65 | ||
66 | if (num <= 0) | |
67 | return 0; | |
68 | ||
69 | if (num > SCM_MAX_FD) | |
70 | return -EINVAL; | |
71 | ||
72 | if (!fpl) | |
73 | { | |
74 | fpl = kmalloc(sizeof(struct scm_fp_list), GFP_KERNEL); | |
75 | if (!fpl) | |
76 | return -ENOMEM; | |
77 | *fplp = fpl; | |
f8d570a4 | 78 | INIT_LIST_HEAD(&fpl->list); |
1da177e4 LT |
79 | fpl->count = 0; |
80 | } | |
81 | fpp = &fpl->fp[fpl->count]; | |
82 | ||
83 | if (fpl->count + num > SCM_MAX_FD) | |
84 | return -EINVAL; | |
4ec93edb | 85 | |
1da177e4 LT |
86 | /* |
87 | * Verify the descriptors and increment the usage count. | |
88 | */ | |
4ec93edb | 89 | |
1da177e4 LT |
90 | for (i=0; i< num; i++) |
91 | { | |
92 | int fd = fdp[i]; | |
93 | struct file *file; | |
94 | ||
95 | if (fd < 0 || !(file = fget(fd))) | |
96 | return -EBADF; | |
97 | *fpp++ = file; | |
98 | fpl->count++; | |
99 | } | |
100 | return num; | |
101 | } | |
102 | ||
103 | void __scm_destroy(struct scm_cookie *scm) | |
104 | { | |
105 | struct scm_fp_list *fpl = scm->fp; | |
106 | int i; | |
107 | ||
108 | if (fpl) { | |
109 | scm->fp = NULL; | |
f8d570a4 DM |
110 | if (current->scm_work_list) { |
111 | list_add_tail(&fpl->list, current->scm_work_list); | |
112 | } else { | |
113 | LIST_HEAD(work_list); | |
114 | ||
115 | current->scm_work_list = &work_list; | |
116 | ||
117 | list_add(&fpl->list, &work_list); | |
118 | while (!list_empty(&work_list)) { | |
119 | fpl = list_first_entry(&work_list, struct scm_fp_list, list); | |
120 | ||
121 | list_del(&fpl->list); | |
122 | for (i=fpl->count-1; i>=0; i--) | |
123 | fput(fpl->fp[i]); | |
124 | kfree(fpl); | |
125 | } | |
126 | ||
127 | current->scm_work_list = NULL; | |
128 | } | |
1da177e4 LT |
129 | } |
130 | } | |
131 | ||
132 | int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *p) | |
133 | { | |
134 | struct cmsghdr *cmsg; | |
135 | int err; | |
136 | ||
137 | for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) | |
138 | { | |
139 | err = -EINVAL; | |
140 | ||
141 | /* Verify that cmsg_len is at least sizeof(struct cmsghdr) */ | |
142 | /* The first check was omitted in <= 2.2.5. The reasoning was | |
143 | that parser checks cmsg_len in any case, so that | |
144 | additional check would be work duplication. | |
4ec93edb | 145 | But if cmsg_level is not SOL_SOCKET, we do not check |
1da177e4 LT |
146 | for too short ancillary data object at all! Oops. |
147 | OK, let's add it... | |
148 | */ | |
149 | if (!CMSG_OK(msg, cmsg)) | |
150 | goto error; | |
151 | ||
152 | if (cmsg->cmsg_level != SOL_SOCKET) | |
153 | continue; | |
154 | ||
155 | switch (cmsg->cmsg_type) | |
156 | { | |
157 | case SCM_RIGHTS: | |
158 | err=scm_fp_copy(cmsg, &p->fp); | |
159 | if (err<0) | |
160 | goto error; | |
161 | break; | |
162 | case SCM_CREDENTIALS: | |
163 | if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct ucred))) | |
164 | goto error; | |
165 | memcpy(&p->creds, CMSG_DATA(cmsg), sizeof(struct ucred)); | |
166 | err = scm_check_creds(&p->creds); | |
167 | if (err) | |
168 | goto error; | |
169 | break; | |
170 | default: | |
171 | goto error; | |
172 | } | |
173 | } | |
174 | ||
175 | if (p->fp && !p->fp->count) | |
176 | { | |
177 | kfree(p->fp); | |
178 | p->fp = NULL; | |
179 | } | |
180 | return 0; | |
4ec93edb | 181 | |
1da177e4 LT |
182 | error: |
183 | scm_destroy(p); | |
184 | return err; | |
185 | } | |
186 | ||
187 | int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) | |
188 | { | |
cfcabdcc SH |
189 | struct cmsghdr __user *cm |
190 | = (__force struct cmsghdr __user *)msg->msg_control; | |
1da177e4 LT |
191 | struct cmsghdr cmhdr; |
192 | int cmlen = CMSG_LEN(len); | |
193 | int err; | |
194 | ||
195 | if (MSG_CMSG_COMPAT & msg->msg_flags) | |
196 | return put_cmsg_compat(msg, level, type, len, data); | |
197 | ||
198 | if (cm==NULL || msg->msg_controllen < sizeof(*cm)) { | |
199 | msg->msg_flags |= MSG_CTRUNC; | |
200 | return 0; /* XXX: return error? check spec. */ | |
201 | } | |
202 | if (msg->msg_controllen < cmlen) { | |
203 | msg->msg_flags |= MSG_CTRUNC; | |
204 | cmlen = msg->msg_controllen; | |
205 | } | |
206 | cmhdr.cmsg_level = level; | |
207 | cmhdr.cmsg_type = type; | |
208 | cmhdr.cmsg_len = cmlen; | |
209 | ||
210 | err = -EFAULT; | |
211 | if (copy_to_user(cm, &cmhdr, sizeof cmhdr)) | |
4ec93edb | 212 | goto out; |
1da177e4 LT |
213 | if (copy_to_user(CMSG_DATA(cm), data, cmlen - sizeof(struct cmsghdr))) |
214 | goto out; | |
215 | cmlen = CMSG_SPACE(len); | |
1ac70e7a WY |
216 | if (msg->msg_controllen < cmlen) |
217 | cmlen = msg->msg_controllen; | |
1da177e4 LT |
218 | msg->msg_control += cmlen; |
219 | msg->msg_controllen -= cmlen; | |
220 | err = 0; | |
221 | out: | |
222 | return err; | |
223 | } | |
224 | ||
225 | void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm) | |
226 | { | |
cfcabdcc SH |
227 | struct cmsghdr __user *cm |
228 | = (__force struct cmsghdr __user*)msg->msg_control; | |
1da177e4 LT |
229 | |
230 | int fdmax = 0; | |
231 | int fdnum = scm->fp->count; | |
232 | struct file **fp = scm->fp->fp; | |
233 | int __user *cmfptr; | |
234 | int err = 0, i; | |
235 | ||
236 | if (MSG_CMSG_COMPAT & msg->msg_flags) { | |
237 | scm_detach_fds_compat(msg, scm); | |
238 | return; | |
239 | } | |
240 | ||
241 | if (msg->msg_controllen > sizeof(struct cmsghdr)) | |
242 | fdmax = ((msg->msg_controllen - sizeof(struct cmsghdr)) | |
243 | / sizeof(int)); | |
244 | ||
245 | if (fdnum < fdmax) | |
246 | fdmax = fdnum; | |
247 | ||
cfcabdcc SH |
248 | for (i=0, cmfptr=(__force int __user *)CMSG_DATA(cm); i<fdmax; |
249 | i++, cmfptr++) | |
1da177e4 LT |
250 | { |
251 | int new_fd; | |
252 | err = security_file_receive(fp[i]); | |
253 | if (err) | |
254 | break; | |
4a19542e UD |
255 | err = get_unused_fd_flags(MSG_CMSG_CLOEXEC & msg->msg_flags |
256 | ? O_CLOEXEC : 0); | |
1da177e4 LT |
257 | if (err < 0) |
258 | break; | |
259 | new_fd = err; | |
260 | err = put_user(new_fd, cmfptr); | |
261 | if (err) { | |
262 | put_unused_fd(new_fd); | |
263 | break; | |
264 | } | |
265 | /* Bump the usage count and install the file. */ | |
266 | get_file(fp[i]); | |
267 | fd_install(new_fd, fp[i]); | |
268 | } | |
269 | ||
270 | if (i > 0) | |
271 | { | |
272 | int cmlen = CMSG_LEN(i*sizeof(int)); | |
effee6a0 | 273 | err = put_user(SOL_SOCKET, &cm->cmsg_level); |
1da177e4 LT |
274 | if (!err) |
275 | err = put_user(SCM_RIGHTS, &cm->cmsg_type); | |
276 | if (!err) | |
277 | err = put_user(cmlen, &cm->cmsg_len); | |
278 | if (!err) { | |
279 | cmlen = CMSG_SPACE(i*sizeof(int)); | |
280 | msg->msg_control += cmlen; | |
281 | msg->msg_controllen -= cmlen; | |
282 | } | |
283 | } | |
284 | if (i < fdnum || (fdnum && fdmax <= 0)) | |
285 | msg->msg_flags |= MSG_CTRUNC; | |
286 | ||
287 | /* | |
288 | * All of the files that fit in the message have had their | |
289 | * usage counts incremented, so we just free the list. | |
290 | */ | |
291 | __scm_destroy(scm); | |
292 | } | |
293 | ||
294 | struct scm_fp_list *scm_fp_dup(struct scm_fp_list *fpl) | |
295 | { | |
296 | struct scm_fp_list *new_fpl; | |
297 | int i; | |
298 | ||
299 | if (!fpl) | |
300 | return NULL; | |
301 | ||
302 | new_fpl = kmalloc(sizeof(*fpl), GFP_KERNEL); | |
303 | if (new_fpl) { | |
f8d570a4 | 304 | INIT_LIST_HEAD(&new_fpl->list); |
1da177e4 LT |
305 | for (i=fpl->count-1; i>=0; i--) |
306 | get_file(fpl->fp[i]); | |
307 | memcpy(new_fpl, fpl, sizeof(*fpl)); | |
308 | } | |
309 | return new_fpl; | |
310 | } | |
311 | ||
312 | EXPORT_SYMBOL(__scm_destroy); | |
313 | EXPORT_SYMBOL(__scm_send); | |
314 | EXPORT_SYMBOL(put_cmsg); | |
315 | EXPORT_SYMBOL(scm_detach_fds); | |
316 | EXPORT_SYMBOL(scm_fp_dup); |