X-Git-Url: http://git.meshlink.io/?a=blobdiff_plain;f=avahi-core%2Fnetlink.c;h=5050801de831eebe5f9457723bfbd4e1fa690848;hb=328d192ae37f91d3e19c22eb8f97bf830bfc3933;hp=b2a6684c60445fd93356a6ec789c47863990cbdf;hpb=854f901f491ccda79aee11edc3d59109cb229d28;p=catta

diff --git a/avahi-core/netlink.c b/avahi-core/netlink.c
index b2a6684..5050801 100644
--- a/avahi-core/netlink.c
+++ b/avahi-core/netlink.c
@@ -47,19 +47,46 @@ struct AvahiNetlink {
 
 int avahi_netlink_work(AvahiNetlink *nl, int block) {
     ssize_t bytes;
+    struct msghdr smsg;
+    struct cmsghdr *cmsg;
+    struct ucred *cred;
+    struct iovec iov;
     struct nlmsghdr *p;
+    char cred_msg[CMSG_SPACE(sizeof(struct ucred))];
     
     assert(nl);
-    
-    if ((bytes = recv(nl->fd, nl->buffer, nl->buffer_length, block ? 0 : MSG_DONTWAIT)) < 0) {
-        
+
+    iov.iov_base = nl->buffer;
+    iov.iov_len = nl->buffer_length;
+
+    smsg.msg_name = NULL;
+    smsg.msg_namelen = 0;
+    smsg.msg_iov = &iov;
+    smsg.msg_iovlen = 1;
+    smsg.msg_control = cred_msg;
+    smsg.msg_controllen = sizeof(cred_msg);
+    smsg.msg_flags = (block ? 0 : MSG_DONTWAIT);
+
+    if ((bytes = recvmsg(nl->fd, &smsg, 0)) < 0) {
         if (errno == EAGAIN || errno == EINTR)
             return 0;
         
-        avahi_log_error(__FILE__": recv() failed: %s", strerror(errno));
+        avahi_log_error(__FILE__": recvmsg() failed: %s", strerror(errno));
         return -1;
     }
 
+    cmsg = CMSG_FIRSTHDR(&smsg);
+
+    if (!cmsg || cmsg->cmsg_type != SCM_CREDENTIALS) {
+        avahi_log_warn("No sender credentials received, ignoring data.");
+        return -1;
+    }
+
+    cred = (struct ucred*) CMSG_DATA(cmsg);
+
+    if (cred->uid != 0)
+        return -1;
+
     p = (struct nlmsghdr *) nl->buffer;
     
     assert(nl->callback);
@@ -88,6 +115,7 @@ static void socket_event(AvahiWatch *w, int fd, AVAHI_GCC_UNUSED AvahiWatchEvent
 
 AvahiNetlink *avahi_netlink_new(const AvahiPoll *poll_api, uint32_t groups, void (*cb) (AvahiNetlink *nl, struct nlmsghdr *n, void* userdata), void* userdata) {
     int fd = -1;
+    const int on = 1;
     struct sockaddr_nl addr;
     AvahiNetlink *nl = NULL;
 
@@ -109,6 +137,11 @@ AvahiNetlink *avahi_netlink_new(const AvahiPoll *poll_api, uint32_t groups, void
         goto fail;
     }
 
+    if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on)) < 0) {
+        avahi_log_error(__FILE__": SO_PASSCRED: %s", strerror(errno));
+        goto fail;
+    }
+
     if (!(nl = avahi_new(AvahiNetlink, 1))) {
         avahi_log_error(__FILE__": avahi_new() failed.");
         goto fail;