* Revert previous patch to check nlmsg_pid as it is bogus and breaks

  in many cases, notably when using NetworkManager
* Replace with new SO_PASSCRED-based check of the sending UID, which
  seems to work better
* Apply for for 2.6.19+ where IFA_RTA / IFLA_RTA is no longer defined
* Mild fix to some doxygen docs for avahi-common/address.h

git-svn-id: file:///home/lennart/svn/public/avahi/trunk@1336 941a03a8-eaeb-0310-b9a0-b1bbd8fe43fe

diff --git a/avahi-autoipd/iface-linux.c b/avahi-autoipd/iface-linux.c
index 6f2ca1f48e3c2211abf7065ec392719a07c05927..13d289563518a5b050cb8807d27410acf876e621 100644 (file)
--- a/avahi-autoipd/iface-linux.c
+++ b/avahi-autoipd/iface-linux.c
@@ -40,6 +40,15 @@
 #include <avahi-common/llist.h>
 #include <avahi-common/malloc.h>
 
+#include <linux/if_addr.h>
+#ifndef IFLA_RTA
+#define IFLA_RTA(r)  ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifinfomsg))))
+#endif
+
+#ifndef IFA_RTA
+#define IFA_RTA(r)  ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))))
+#endif
+
 #include "iface.h"
 
 static int fd = -1;

diff --git a/avahi-common/address.h b/avahi-common/address.h
index 6315d3173350c498fb4083b2b15da4442ff6bcf2..58e641499fbf3a10ce2ca8fb2bdb6115a168e256 100644 (file)
--- a/avahi-common/address.h
+++ b/avahi-common/address.h
@@ -73,9 +73,9 @@ typedef struct AvahiAddress {
     AvahiProtocol proto; /**< Address family */
 
     union {
-        AvahiIPv6Address ipv6;  /** Address when IPv6 */
-        AvahiIPv4Address ipv4;  /** Address when IPv4 */
-        uint8_t data[1];        /** Type independant data field */
+        AvahiIPv6Address ipv6;  /**< Address when IPv6 */
+        AvahiIPv4Address ipv4;  /**< Address when IPv4 */
+        uint8_t data[1];        /**< Type independant data field */
     } data;
 } AvahiAddress;
 

diff --git a/avahi-core/iface-linux.c b/avahi-core/iface-linux.c
index 910000da214be039871a9b85416d5f626da18ae7..a97597631d3266a47789fc67fe251a7cb6ba2d79 100644 (file)
--- a/avahi-core/iface-linux.c
+++ b/avahi-core/iface-linux.c
@@ -30,6 +30,15 @@
 
 #include <avahi-common/malloc.h>
 
+#include <linux/if_addr.h>
+#ifndef IFLA_RTA
+#define IFLA_RTA(r)  ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifinfomsg))))
+#endif
+
+#ifndef IFA_RTA
+#define IFA_RTA(r)  ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))))
+#endif
+
 #include "log.h"
 #include "iface.h"
 #include "iface-linux.h"

diff --git a/avahi-core/netlink.c b/avahi-core/netlink.c
index 893295dd741bc8ab4c321bc8dceef8cbe7cfe97d..7411c9050683328cf65add50c6f3ed43b1cc46b7 100644 (file)
--- a/avahi-core/netlink.c
+++ b/avahi-core/netlink.c
@@ -47,27 +47,49 @@ struct AvahiNetlink {
 
 int avahi_netlink_work(AvahiNetlink *nl, int block) {
     ssize_t bytes;
+    struct msghdr smsg;
+    struct cmsghdr *cmsg;
+    struct ucred *cred;
+    struct iovec iov;
     struct nlmsghdr *p;
+    char cred_msg[CMSG_SPACE(sizeof(struct ucred))];
     
     assert(nl);
-    
-    if ((bytes = recv(nl->fd, nl->buffer, nl->buffer_length, block ? 0 : MSG_DONTWAIT)) < 0) {
-        
+
+    iov.iov_base = nl->buffer;
+    iov.iov_len = nl->buffer_length;
+
+    smsg.msg_name = (void*) NULL;
+    smsg.msg_namelen = 0;
+    smsg.msg_iov = &iov;
+    smsg.msg_iovlen = 1;
+    smsg.msg_control = cred_msg;
+    smsg.msg_controllen = sizeof(cred_msg);
+    smsg.msg_flags = (block ? 0 : MSG_DONTWAIT);
+
+    if ((bytes = recvmsg(nl->fd, &smsg, 0)) < 0) {
         if (errno == EAGAIN || errno == EINTR)
             return 0;
         
-        avahi_log_error(__FILE__": recv() failed: %s", strerror(errno));
+        avahi_log_error(__FILE__": recvmsg() failed: %s", strerror(errno));
         return -1;
     }
 
-    p = (struct nlmsghdr *) nl->buffer;
-    
-    /* Check that this message originated from the kernel,
-       or a request from avahi itself, and not another process */
-    if ((p->nlmsg_pid != 0) && (p->nlmsg_pid != getpid())) {
+    cmsg = CMSG_FIRSTHDR(&smsg);
+    cred = (struct ucred *) CMSG_DATA (cmsg);
+
+    if (cmsg == NULL || cmsg->cmsg_type != SCM_CREDENTIALS) {
+        avahi_log_error("No sender credentials received, ignoring data.");
         return -1;
     }
 
+    if (cred->uid != 0) {
+        avahi_log_warn("Netlink message received from cred->uid != 0 (%d)", cred->uid);
+        return -1;
+    }
+
+    p = (struct nlmsghdr *) nl->buffer;
+    
     assert(nl->callback);
     
     for (; bytes > 0; p = NLMSG_NEXT(p, bytes)) {
@@ -94,6 +116,7 @@ static void socket_event(AvahiWatch *w, int fd, AVAHI_GCC_UNUSED AvahiWatchEvent
 
 AvahiNetlink *avahi_netlink_new(const AvahiPoll *poll_api, uint32_t groups, void (*cb) (AvahiNetlink *nl, struct nlmsghdr *n, void* userdata), void* userdata) {
     int fd = -1;
+    const int on = 1;
     struct sockaddr_nl addr;
     AvahiNetlink *nl = NULL;
 
@@ -115,6 +138,11 @@ AvahiNetlink *avahi_netlink_new(const AvahiPoll *poll_api, uint32_t groups, void
         goto fail;
     }
 
+    if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on)) < 0) {
+        avahi_log_error(__FILE__": bind(): %s", strerror(errno));
+        goto fail;
+    }
+
     if (!(nl = avahi_new(AvahiNetlink, 1))) {
         avahi_log_error(__FILE__": avahi_new() failed.");
         goto fail;