From: David Goulet Date: Fri, 16 Dec 2011 17:12:35 +0000 (-0500) Subject: Add support for passing credentials over Unix sock X-Git-Tag: v2.0-pre16~17 X-Git-Url: https://git.lttng.org./?a=commitdiff_plain;h=d19d9adaf251b74ab7bd64a1b04a9de22d10bb85;p=lttng-tools.git Add support for passing credentials over Unix sock Add lttcomm_* functions for sending, receiving and setting socket option to pass credentials over a Unix socket. Those functions allowed normal data to be pass as well. First commit of a series to enable credentials passing between the lttng command line client and the session daemon. Signed-off-by: David Goulet --- diff --git a/include/lttng-sessiond-comm.h b/include/lttng-sessiond-comm.h index 74d7dc99c..0fa6569da 100644 --- a/include/lttng-sessiond-comm.h +++ b/include/lttng-sessiond-comm.h @@ -26,8 +26,10 @@ * These declarations should NOT be considered stable API. */ +#define _GNU_SOURCE #include #include +#include #define LTTNG_RUNDIR "/var/run/lttng" #define LTTNG_HOME_RUNDIR "%s/.lttng" @@ -287,6 +289,12 @@ extern ssize_t lttcomm_recv_fds_unix_sock(int sock, int *fds, size_t nb_fd); extern ssize_t lttcomm_recv_unix_sock(int sock, void *buf, size_t len); extern ssize_t lttcomm_send_unix_sock(int sock, void *buf, size_t len); + +extern ssize_t lttcomm_send_creds_unix_sock(int sock, void *buf, size_t len); +extern ssize_t lttcomm_recv_creds_unix_sock(int sock, void *buf, size_t len, + struct ucred *creds); + extern const char *lttcomm_get_readable_code(enum lttcomm_return_code code); +extern int lttcomm_setsockopt_creds_unix_sock(int sock); #endif /* _LTTNG_SESSIOND_COMM_H */ diff --git a/liblttng-sessiond-comm/lttng-sessiond-comm.c b/liblttng-sessiond-comm/lttng-sessiond-comm.c index 3672a83ab..cf12e6aca 100644 --- a/liblttng-sessiond-comm/lttng-sessiond-comm.c +++ b/liblttng-sessiond-comm/lttng-sessiond-comm.c @@ -22,7 +22,6 @@ #include #include #include -#include #include #include #include @@ -181,13 +180,9 @@ int lttcomm_accept_unix_sock(int sock) new_fd = accept(sock, (struct sockaddr *) &sun, &len); if (new_fd < 0) { perror("accept"); - goto error; } return new_fd; - -error: - return -1; } /* @@ -409,3 +404,130 @@ ssize_t lttcomm_recv_fds_unix_sock(int sock, int *fds, size_t nb_fd) end: return ret; } + +/* + * Send a message with credentials over a unix socket. + * + * Returns the size of data sent, or negative error value. + */ +ssize_t lttcomm_send_creds_unix_sock(int sock, void *buf, size_t len) +{ + struct msghdr msg = { 0 }; + struct cmsghdr *cmptr; + struct iovec iov[1]; + ssize_t ret = -1; + struct ucred *creds; + size_t sizeof_cred = sizeof(struct ucred); + char anc_buf[CMSG_SPACE(sizeof_cred)]; + + iov[0].iov_base = buf; + iov[0].iov_len = len; + msg.msg_iov = iov; + msg.msg_iovlen = 1; + + msg.msg_control = (caddr_t) anc_buf; + msg.msg_controllen = CMSG_LEN(sizeof_cred); + + cmptr = CMSG_FIRSTHDR(&msg); + cmptr->cmsg_level = SOL_SOCKET; + cmptr->cmsg_type = SCM_CREDENTIALS; + cmptr->cmsg_len = CMSG_LEN(sizeof_cred); + + creds = (struct ucred *) CMSG_DATA(cmptr); + + creds->uid = geteuid(); + creds->gid = getegid(); + creds->pid = getpid(); + + ret = sendmsg(sock, &msg, 0); + if (ret < 0) { + perror("sendmsg"); + } + + return ret; +} + +/* + * Recv a message accompanied with credentials from a unix socket. + * + * Returns the size of received data, or negative error value. + */ +ssize_t lttcomm_recv_creds_unix_sock(int sock, void *buf, size_t len, + struct ucred *creds) +{ + struct msghdr msg = { 0 }; + struct cmsghdr *cmptr; + struct iovec iov[1]; + ssize_t ret; + size_t sizeof_cred = sizeof(struct ucred); + char anc_buf[CMSG_SPACE(sizeof_cred)]; + + /* Not allowed */ + if (creds == NULL) { + ret = -1; + goto end; + } + + /* Prepare to receive the structures */ + iov[0].iov_base = buf; + iov[0].iov_len = len; + msg.msg_iov = iov; + msg.msg_iovlen = 1; + + msg.msg_control = anc_buf; + msg.msg_controllen = sizeof(anc_buf); + + ret = recvmsg(sock, &msg, 0); + if (ret < 0) { + perror("recvmsg fds"); + goto end; + } + + if (msg.msg_flags & MSG_CTRUNC) { + fprintf(stderr, "Error: Control message truncated.\n"); + ret = -1; + goto end; + } + + cmptr = CMSG_FIRSTHDR(&msg); + if (cmptr == NULL) { + fprintf(stderr, "Error: Invalid control message header\n"); + ret = -1; + goto end; + } + + if (cmptr->cmsg_level != SOL_SOCKET || + cmptr->cmsg_type != SCM_CREDENTIALS) { + fprintf(stderr, "Didn't received any credentials\n"); + ret = -1; + goto end; + } + + if (cmptr->cmsg_len != CMSG_LEN(sizeof_cred)) { + fprintf(stderr, "Error: Received %zu bytes of ancillary data, expected %zu\n", + cmptr->cmsg_len, CMSG_LEN(sizeof_cred)); + ret = -1; + goto end; + } + + memcpy(creds, CMSG_DATA(cmptr), sizeof_cred); + +end: + return ret; +} + +/* + * Set socket option to use credentials passing. + */ +int lttcomm_setsockopt_creds_unix_sock(int sock) +{ + int ret, on = 1; + + /* Set socket for credentials retrieval */ + ret = setsockopt(sock, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on)); + if (ret < 0) { + perror("setsockopt creds unix sock"); + } + + return ret; +}