From mboxrd@z Thu Jan 1 00:00:00 1970 From: Kay Sievers Date: Wed, 11 Feb 2004 03:04:04 +0000 Subject: [PATCH] udevd - client access authorization Message-Id: <20040211030404.GA16931@vrfy.org> MIME-Version: 1 Content-Type: multipart/mixed; boundary="EVF5PPMfhYS0aIcm" List-Id: To: linux-hotplug@vger.kernel.org --EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Here is the badly needed client authorization for udevd. Since we switched to abstract namespace sockets, we are unable to control the access of the socket by file permissions. So here we send a ancillary credential message with every datagram, to be able to verify the uid of the sender. The sender can't fake the credentials, cause the kernel doesn't allow it for non root users. udevd is still working with klibc here :) thanks, Kay --EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline; filename="04-credentials.patch" diff -Nru a/udevd.c b/udevd.c --- a/udevd.c Wed Feb 11 03:45:28 2004 +++ b/udevd.c Wed Feb 11 03:45:28 2004 @@ -216,6 +216,11 @@ { struct hotplug_msg *msg; int retval; + struct msghdr smsg; + struct cmsghdr *cmsg; + struct iovec iov; + struct ucred *cred; + char cred_msg[CMSG_SPACE(sizeof(struct ucred))]; msg = msg_create(); if (msg == NULL) { @@ -223,13 +228,30 @@ return; } - retval = recv(sock, msg, sizeof(struct hotplug_msg), 0); + iov.iov_base = msg; + iov.iov_len = sizeof(struct hotplug_msg); + + memset(&smsg, 0x00, sizeof(struct msghdr)); + smsg.msg_iov = &iov; + smsg.msg_iovlen = 1; + smsg.msg_control = cred_msg; + smsg.msg_controllen = sizeof(cred_msg); + + retval = recvmsg(sock, &smsg, 0); if (retval < 0) { if (errno != EINTR) dbg("unable to receive message"); return; } - + cmsg = CMSG_FIRSTHDR(&smsg); + cred = (struct ucred *) CMSG_DATA(cmsg); + + if (cred->uid != 0) { + dbg("sender uid=%i, message ignored", cred->uid); + free(msg); + return; + } + if (strncmp(msg->magic, UDEV_MAGIC, sizeof(UDEV_MAGIC)) != 0 ) { dbg("message magic '%s' doesn't match, ignore it", msg->magic); free(msg); @@ -283,6 +305,7 @@ struct sockaddr_un saddr; socklen_t addrlen; int retval; + const int on = 1; struct sigaction act; init_logging("udevd"); @@ -317,6 +340,9 @@ dbg("bind failed\n"); goto exit; } + + /* enable receiving of the sender credentials */ + setsockopt(ssock, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on)); while (1) { handle_msg(ssock); diff -Nru a/udevsend.c b/udevsend.c --- a/udevsend.c Wed Feb 11 03:45:28 2004 +++ b/udevsend.c Wed Feb 11 03:45:28 2004 @@ -114,7 +114,7 @@ int main(int argc, char* argv[]) { - struct hotplug_msg message; + struct hotplug_msg msg; char *action; char *devpath; char *subsystem; @@ -128,6 +128,13 @@ struct sockaddr_un saddr; socklen_t addrlen; int started_daemon = 0; + struct iovec iov; + struct msghdr smsg; + char cred_msg[CMSG_SPACE(sizeof(struct ucred))]; + struct cmsghdr *cmsg; + struct ucred *cred; + + #ifdef DEBUG init_logging("udevsend"); @@ -169,12 +176,34 @@ strcpy(&saddr.sun_path[1], UDEVD_SOCK_PATH); addrlen = offsetof(struct sockaddr_un, sun_path) + strlen(saddr.sun_path+1) + 1; - size = build_hotplugmsg(&message, action, devpath, subsystem, seq); - + size = build_hotplugmsg(&msg, action, devpath, subsystem, seq); + + /* prepare message with credentials to authenticate ourself */ + iov.iov_base = &msg; + iov.iov_len = size; + + smsg.msg_name = &saddr; + smsg.msg_namelen = addrlen; + smsg.msg_iov = &iov; + smsg.msg_iovlen = 1; + smsg.msg_control = cred_msg; + smsg.msg_controllen = CMSG_LEN(sizeof(struct ucred));; + smsg.msg_flags = 0; + + cmsg = CMSG_FIRSTHDR(&smsg); + cmsg->cmsg_level = SOL_SOCKET; + cmsg->cmsg_type = SCM_CREDENTIALS; + cmsg->cmsg_len = sizeof(cred_msg); + cred = (struct ucred *) CMSG_DATA(cmsg); + cred->uid = getuid(); + cred->gid = getgid(); + cred->pid = getpid(); + cred->pid = getpid(); + /* If we can't send, try to start daemon and resend message */ loop = UDEVSEND_CONNECT_RETRY; while (loop--) { - retval = sendto(sock, &message, size, 0, (struct sockaddr *)&saddr, addrlen); + retval = sendmsg(sock, &smsg, 0); if (retval != -1) { retval = 0; goto close_and_exit; --EVF5PPMfhYS0aIcm-- ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Linux-hotplug-devel mailing list http://linux-hotplug.sourceforge.net Linux-hotplug-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel