Add support for passing credentials over Unix sock

Add lttcomm_* functions for sending, receiving and setting socket option
to pass credentials over a Unix socket. Those functions allowed normal
data to be pass as well.

First commit of a series to enable credentials passing between the lttng
command line client and the session daemon.

Signed-off-by: David Goulet <david.goulet@polymtl.ca>

diff --git a/include/lttng-sessiond-comm.h b/include/lttng-sessiond-comm.h
index 74d7dc99cef1385c518e13286f6085313292da3a..0fa6569da28f04e56769a4e1ec2b6c95174b858f 100644 (file)
--- a/include/lttng-sessiond-comm.h
+++ b/include/lttng-sessiond-comm.h
@@ -26,8 +26,10 @@
  * These declarations should NOT be considered stable API.
  */
 
+#define _GNU_SOURCE
 #include <limits.h>
 #include <lttng/lttng.h>
+#include <sys/socket.h>
 
 #define LTTNG_RUNDIR                        "/var/run/lttng"
 #define LTTNG_HOME_RUNDIR                   "%s/.lttng"
@@ -287,6 +289,12 @@ extern ssize_t lttcomm_recv_fds_unix_sock(int sock, int *fds, size_t nb_fd);
 
 extern ssize_t lttcomm_recv_unix_sock(int sock, void *buf, size_t len);
 extern ssize_t lttcomm_send_unix_sock(int sock, void *buf, size_t len);
+
+extern ssize_t lttcomm_send_creds_unix_sock(int sock, void *buf, size_t len);
+extern ssize_t lttcomm_recv_creds_unix_sock(int sock, void *buf, size_t len,
+               struct ucred *creds);
+
 extern const char *lttcomm_get_readable_code(enum lttcomm_return_code code);
+extern int lttcomm_setsockopt_creds_unix_sock(int sock);
 
 #endif /* _LTTNG_SESSIOND_COMM_H */

diff --git a/liblttng-sessiond-comm/lttng-sessiond-comm.c b/liblttng-sessiond-comm/lttng-sessiond-comm.c
index 3672a83ab98f4e732d8ddcaccbb091f610e49fb1..cf12e6acac64577f9e4b8e172678b48a27b86874 100644 (file)
--- a/liblttng-sessiond-comm/lttng-sessiond-comm.c
+++ b/liblttng-sessiond-comm/lttng-sessiond-comm.c
@@ -22,7 +22,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/un.h>
@@ -181,13 +180,9 @@ int lttcomm_accept_unix_sock(int sock)
        new_fd = accept(sock, (struct sockaddr *) &sun, &len);
        if (new_fd < 0) {
                perror("accept");
-               goto error;
        }
 
        return new_fd;
-
-error:
-       return -1;
 }
 
 /*
@@ -409,3 +404,130 @@ ssize_t lttcomm_recv_fds_unix_sock(int sock, int *fds, size_t nb_fd)
 end:
        return ret;
 }
+
+/*
+ * Send a message with credentials over a unix socket.
+ *
+ * Returns the size of data sent, or negative error value.
+ */
+ssize_t lttcomm_send_creds_unix_sock(int sock, void *buf, size_t len)
+{
+       struct msghdr msg = { 0 };
+       struct cmsghdr *cmptr;
+       struct iovec iov[1];
+       ssize_t ret = -1;
+       struct ucred *creds;
+       size_t sizeof_cred = sizeof(struct ucred);
+       char anc_buf[CMSG_SPACE(sizeof_cred)];
+
+       iov[0].iov_base = buf;
+       iov[0].iov_len = len;
+       msg.msg_iov = iov;
+       msg.msg_iovlen = 1;
+
+       msg.msg_control = (caddr_t) anc_buf;
+       msg.msg_controllen = CMSG_LEN(sizeof_cred);
+
+       cmptr = CMSG_FIRSTHDR(&msg);
+       cmptr->cmsg_level = SOL_SOCKET;
+       cmptr->cmsg_type = SCM_CREDENTIALS;
+       cmptr->cmsg_len = CMSG_LEN(sizeof_cred);
+
+       creds = (struct ucred *) CMSG_DATA(cmptr);
+
+       creds->uid = geteuid();
+       creds->gid = getegid();
+       creds->pid = getpid();
+
+       ret = sendmsg(sock, &msg, 0);
+       if (ret < 0) {
+               perror("sendmsg");
+       }
+
+       return ret;
+}
+
+/*
+ * Recv a message accompanied with credentials from a unix socket.
+ *
+ * Returns the size of received data, or negative error value.
+ */
+ssize_t lttcomm_recv_creds_unix_sock(int sock, void *buf, size_t len,
+               struct ucred *creds)
+{
+       struct msghdr msg = { 0 };
+       struct cmsghdr *cmptr;
+       struct iovec iov[1];
+       ssize_t ret;
+       size_t sizeof_cred = sizeof(struct ucred);
+       char anc_buf[CMSG_SPACE(sizeof_cred)];
+
+       /* Not allowed */
+       if (creds == NULL) {
+               ret = -1;
+               goto end;
+       }
+
+       /* Prepare to receive the structures */
+       iov[0].iov_base = buf;
+       iov[0].iov_len = len;
+       msg.msg_iov = iov;
+       msg.msg_iovlen = 1;
+
+       msg.msg_control = anc_buf;
+       msg.msg_controllen = sizeof(anc_buf);
+
+       ret = recvmsg(sock, &msg, 0);
+       if (ret < 0) {
+               perror("recvmsg fds");
+               goto end;
+       }
+
+       if (msg.msg_flags & MSG_CTRUNC) {
+               fprintf(stderr, "Error: Control message truncated.\n");
+               ret = -1;
+               goto end;
+       }
+
+       cmptr = CMSG_FIRSTHDR(&msg);
+       if (cmptr == NULL) {
+               fprintf(stderr, "Error: Invalid control message header\n");
+               ret = -1;
+               goto end;
+       }
+
+       if (cmptr->cmsg_level != SOL_SOCKET ||
+                       cmptr->cmsg_type != SCM_CREDENTIALS) {
+               fprintf(stderr, "Didn't received any credentials\n");
+               ret = -1;
+               goto end;
+       }
+
+       if (cmptr->cmsg_len != CMSG_LEN(sizeof_cred)) {
+               fprintf(stderr, "Error: Received %zu bytes of ancillary data, expected %zu\n",
+                               cmptr->cmsg_len, CMSG_LEN(sizeof_cred));
+               ret = -1;
+               goto end;
+       }
+
+       memcpy(creds, CMSG_DATA(cmptr), sizeof_cred);
+
+end:
+       return ret;
+}
+
+/*
+ * Set socket option to use credentials passing.
+ */
+int lttcomm_setsockopt_creds_unix_sock(int sock)
+{
+       int ret, on = 1;
+
+       /* Set socket for credentials retrieval */
+       ret = setsockopt(sock, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on));
+       if (ret < 0) {
+               perror("setsockopt creds unix sock");
+       }
+
+       return ret;
+}