summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2007-02-04 15:01:41 +0000
committerLennart Poettering <lennart@poettering.net>2007-02-04 15:01:41 +0000
commitd53beee9e511af84fb39cd2aa6c1c1cc3cfd06d2 (patch)
treed22b3e87bcb1b77b110c0e894d85c6aa2c681f87
parent55a3fa30f9c3b4efcf8cf92e8ec17e4e05a3081e (diff)
Use SCM_CREDENTIALS for authentication of netlink data from kernel
git-svn-id: file:///home/lennart/svn/public/avahi/trunk@1381 941a03a8-eaeb-0310-b9a0-b1bbd8fe43fe
-rw-r--r--avahi-autoipd/iface-linux.c38
1 files changed, 36 insertions, 2 deletions
diff --git a/avahi-autoipd/iface-linux.c b/avahi-autoipd/iface-linux.c
index 2ad8a61..55e1da6 100644
--- a/avahi-autoipd/iface-linux.c
+++ b/avahi-autoipd/iface-linux.c
@@ -66,6 +66,7 @@ AVAHI_LLIST_HEAD(Address, addresses) = NULL;
int iface_init(int i) {
struct sockaddr_nl addr;
+ int on = 1;
if ((fd = socket(PF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE)) < 0) {
daemon_log(LOG_ERR, "socket(PF_NETLINK): %s", strerror(errno));
@@ -81,6 +82,11 @@ int iface_init(int i) {
daemon_log(LOG_ERR, "bind(): %s", strerror(errno));
goto fail;
}
+
+ if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on)) < 0) {
+ daemon_log(LOG_ERR, "SO_PASSCRED: %s", strerror(errno));
+ goto fail;
+ }
ifindex = i;
@@ -179,13 +185,41 @@ static int process_response(int wait_for_done, unsigned seq) {
size_t bytes;
ssize_t r;
char replybuf[2048];
+ char cred_msg[CMSG_SPACE(sizeof(struct ucred))];
+ struct msghdr msghdr;
+ struct cmsghdr *cmsghdr;
+ struct ucred *ucred;
+ struct iovec iov;
struct nlmsghdr *p = (struct nlmsghdr *) replybuf;
+
+ memset(&iov, 0, sizeof(iov));
+ iov.iov_base = replybuf;
+ iov.iov_len = sizeof(replybuf);
+
+ memset(&msghdr, 0, sizeof(msghdr));
+ msghdr.msg_name = (void*) NULL;
+ msghdr.msg_namelen = 0;
+ msghdr.msg_iov = &iov;
+ msghdr.msg_iovlen = 1;
+ msghdr.msg_control = cred_msg;
+ msghdr.msg_controllen = sizeof(cred_msg);
+ msghdr.msg_flags = 0;
+
+ if ((r = recvmsg(fd, &msghdr, 0)) < 0) {
+ daemon_log(LOG_ERR, "recvmsg() failed: %s", strerror(errno));
+ return -1;
+ }
- if ((r = recv(fd, replybuf, sizeof(replybuf), 0)) < 0) {
- daemon_log(LOG_ERR, "recv() failed: %s", strerror(errno));
+ if (!(cmsghdr = CMSG_FIRSTHDR(&msghdr)) || cmsghdr->cmsg_type != SCM_CREDENTIALS) {
+ daemon_log(LOG_WARNING, "No sender credentials received, ignoring data.");
return -1;
}
+ ucred = (struct ucred*) CMSG_DATA(cmsghdr);
+
+ if (ucred->uid != 0)
+ return -1;
+
bytes = (size_t) r;
for (; bytes > 0; p = NLMSG_NEXT(p, bytes)) {