summaryrefslogtreecommitdiffstats
path: root/avahi-core/netlink.c
diff options
context:
space:
mode:
authorTrent Lloyd <lathiat@bur.st>2006-12-11 09:34:00 +0000
committerTrent Lloyd <lathiat@bur.st>2006-12-11 09:34:00 +0000
commit37b2be93e63ceff95698f24cd91cb11774eb621c (patch)
tree2c57ad5bd80909c9cff170e4a63a2e53d607cead /avahi-core/netlink.c
parenta3770ae01c6c0af893af0a36ceecba6ff301c6f4 (diff)
* Revert previous patch to check nlmsg_pid as it is bogus and breaks
in many cases, notably when using NetworkManager * Replace with new SO_PASSCRED-based check of the sending UID, which seems to work better * Apply for for 2.6.19+ where IFA_RTA / IFLA_RTA is no longer defined * Mild fix to some doxygen docs for avahi-common/address.h git-svn-id: file:///home/lennart/svn/public/avahi/trunk@1336 941a03a8-eaeb-0310-b9a0-b1bbd8fe43fe
Diffstat (limited to 'avahi-core/netlink.c')
-rw-r--r--avahi-core/netlink.c46
1 files changed, 37 insertions, 9 deletions
diff --git a/avahi-core/netlink.c b/avahi-core/netlink.c
index 893295d..7411c90 100644
--- a/avahi-core/netlink.c
+++ b/avahi-core/netlink.c
@@ -47,27 +47,49 @@ struct AvahiNetlink {
int avahi_netlink_work(AvahiNetlink *nl, int block) {
ssize_t bytes;
+ struct msghdr smsg;
+ struct cmsghdr *cmsg;
+ struct ucred *cred;
+ struct iovec iov;
struct nlmsghdr *p;
+ char cred_msg[CMSG_SPACE(sizeof(struct ucred))];
assert(nl);
-
- if ((bytes = recv(nl->fd, nl->buffer, nl->buffer_length, block ? 0 : MSG_DONTWAIT)) < 0) {
-
+
+ iov.iov_base = nl->buffer;
+ iov.iov_len = nl->buffer_length;
+
+ smsg.msg_name = (void*) NULL;
+ smsg.msg_namelen = 0;
+ smsg.msg_iov = &iov;
+ smsg.msg_iovlen = 1;
+ smsg.msg_control = cred_msg;
+ smsg.msg_controllen = sizeof(cred_msg);
+ smsg.msg_flags = (block ? 0 : MSG_DONTWAIT);
+
+ if ((bytes = recvmsg(nl->fd, &smsg, 0)) < 0) {
if (errno == EAGAIN || errno == EINTR)
return 0;
- avahi_log_error(__FILE__": recv() failed: %s", strerror(errno));
+ avahi_log_error(__FILE__": recvmsg() failed: %s", strerror(errno));
return -1;
}
- p = (struct nlmsghdr *) nl->buffer;
-
- /* Check that this message originated from the kernel,
- or a request from avahi itself, and not another process */
- if ((p->nlmsg_pid != 0) && (p->nlmsg_pid != getpid())) {
+ cmsg = CMSG_FIRSTHDR(&smsg);
+ cred = (struct ucred *) CMSG_DATA (cmsg);
+
+ if (cmsg == NULL || cmsg->cmsg_type != SCM_CREDENTIALS) {
+ avahi_log_error("No sender credentials received, ignoring data.");
return -1;
}
+ if (cred->uid != 0) {
+ avahi_log_warn("Netlink message received from cred->uid != 0 (%d)", cred->uid);
+ return -1;
+ }
+
+ p = (struct nlmsghdr *) nl->buffer;
+
assert(nl->callback);
for (; bytes > 0; p = NLMSG_NEXT(p, bytes)) {
@@ -94,6 +116,7 @@ static void socket_event(AvahiWatch *w, int fd, AVAHI_GCC_UNUSED AvahiWatchEvent
AvahiNetlink *avahi_netlink_new(const AvahiPoll *poll_api, uint32_t groups, void (*cb) (AvahiNetlink *nl, struct nlmsghdr *n, void* userdata), void* userdata) {
int fd = -1;
+ const int on = 1;
struct sockaddr_nl addr;
AvahiNetlink *nl = NULL;
@@ -115,6 +138,11 @@ AvahiNetlink *avahi_netlink_new(const AvahiPoll *poll_api, uint32_t groups, void
goto fail;
}
+ if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on)) < 0) {
+ avahi_log_error(__FILE__": bind(): %s", strerror(errno));
+ goto fail;
+ }
+
if (!(nl = avahi_new(AvahiNetlink, 1))) {
avahi_log_error(__FILE__": avahi_new() failed.");
goto fail;