From 37b2be93e63ceff95698f24cd91cb11774eb621c Mon Sep 17 00:00:00 2001 From: Trent Lloyd Date: Mon, 11 Dec 2006 09:34:00 +0000 Subject: * Revert previous patch to check nlmsg_pid as it is bogus and breaks in many cases, notably when using NetworkManager * Replace with new SO_PASSCRED-based check of the sending UID, which seems to work better * Apply for for 2.6.19+ where IFA_RTA / IFLA_RTA is no longer defined * Mild fix to some doxygen docs for avahi-common/address.h git-svn-id: file:///home/lennart/svn/public/avahi/trunk@1336 941a03a8-eaeb-0310-b9a0-b1bbd8fe43fe --- avahi-core/netlink.c | 46 +++++++++++++++++++++++++++++++++++++--------- 1 file changed, 37 insertions(+), 9 deletions(-) (limited to 'avahi-core/netlink.c') diff --git a/avahi-core/netlink.c b/avahi-core/netlink.c index 893295d..7411c90 100644 --- a/avahi-core/netlink.c +++ b/avahi-core/netlink.c @@ -47,27 +47,49 @@ struct AvahiNetlink { int avahi_netlink_work(AvahiNetlink *nl, int block) { ssize_t bytes; + struct msghdr smsg; + struct cmsghdr *cmsg; + struct ucred *cred; + struct iovec iov; struct nlmsghdr *p; + char cred_msg[CMSG_SPACE(sizeof(struct ucred))]; assert(nl); - - if ((bytes = recv(nl->fd, nl->buffer, nl->buffer_length, block ? 0 : MSG_DONTWAIT)) < 0) { - + + iov.iov_base = nl->buffer; + iov.iov_len = nl->buffer_length; + + smsg.msg_name = (void*) NULL; + smsg.msg_namelen = 0; + smsg.msg_iov = &iov; + smsg.msg_iovlen = 1; + smsg.msg_control = cred_msg; + smsg.msg_controllen = sizeof(cred_msg); + smsg.msg_flags = (block ? 0 : MSG_DONTWAIT); + + if ((bytes = recvmsg(nl->fd, &smsg, 0)) < 0) { if (errno == EAGAIN || errno == EINTR) return 0; - avahi_log_error(__FILE__": recv() failed: %s", strerror(errno)); + avahi_log_error(__FILE__": recvmsg() failed: %s", strerror(errno)); return -1; } - p = (struct nlmsghdr *) nl->buffer; - - /* Check that this message originated from the kernel, - or a request from avahi itself, and not another process */ - if ((p->nlmsg_pid != 0) && (p->nlmsg_pid != getpid())) { + cmsg = CMSG_FIRSTHDR(&smsg); + cred = (struct ucred *) CMSG_DATA (cmsg); + + if (cmsg == NULL || cmsg->cmsg_type != SCM_CREDENTIALS) { + avahi_log_error("No sender credentials received, ignoring data."); return -1; } + if (cred->uid != 0) { + avahi_log_warn("Netlink message received from cred->uid != 0 (%d)", cred->uid); + return -1; + } + + p = (struct nlmsghdr *) nl->buffer; + assert(nl->callback); for (; bytes > 0; p = NLMSG_NEXT(p, bytes)) { @@ -94,6 +116,7 @@ static void socket_event(AvahiWatch *w, int fd, AVAHI_GCC_UNUSED AvahiWatchEvent AvahiNetlink *avahi_netlink_new(const AvahiPoll *poll_api, uint32_t groups, void (*cb) (AvahiNetlink *nl, struct nlmsghdr *n, void* userdata), void* userdata) { int fd = -1; + const int on = 1; struct sockaddr_nl addr; AvahiNetlink *nl = NULL; @@ -115,6 +138,11 @@ AvahiNetlink *avahi_netlink_new(const AvahiPoll *poll_api, uint32_t groups, void goto fail; } + if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on)) < 0) { + avahi_log_error(__FILE__": bind(): %s", strerror(errno)); + goto fail; + } + if (!(nl = avahi_new(AvahiNetlink, 1))) { avahi_log_error(__FILE__": avahi_new() failed."); goto fail; -- cgit