From: Trent Lloyd Date: Mon, 11 Dec 2006 09:34:00 +0000 (+0000) Subject: * Revert previous patch to check nlmsg_pid as it is bogus and breaks X-Git-Url: https://git.meshlink.io/?a=commitdiff_plain;h=37b2be93e63ceff95698f24cd91cb11774eb621c;p=catta * Revert previous patch to check nlmsg_pid as it is bogus and breaks in many cases, notably when using NetworkManager * Replace with new SO_PASSCRED-based check of the sending UID, which seems to work better * Apply for for 2.6.19+ where IFA_RTA / IFLA_RTA is no longer defined * Mild fix to some doxygen docs for avahi-common/address.h git-svn-id: file:///home/lennart/svn/public/avahi/trunk@1336 941a03a8-eaeb-0310-b9a0-b1bbd8fe43fe --- diff --git a/avahi-autoipd/iface-linux.c b/avahi-autoipd/iface-linux.c index 6f2ca1f..13d2895 100644 --- a/avahi-autoipd/iface-linux.c +++ b/avahi-autoipd/iface-linux.c @@ -40,6 +40,15 @@ #include #include +#include +#ifndef IFLA_RTA +#define IFLA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifinfomsg)))) +#endif + +#ifndef IFA_RTA +#define IFA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg)))) +#endif + #include "iface.h" static int fd = -1; diff --git a/avahi-common/address.h b/avahi-common/address.h index 6315d31..58e6414 100644 --- a/avahi-common/address.h +++ b/avahi-common/address.h @@ -73,9 +73,9 @@ typedef struct AvahiAddress { AvahiProtocol proto; /**< Address family */ union { - AvahiIPv6Address ipv6; /** Address when IPv6 */ - AvahiIPv4Address ipv4; /** Address when IPv4 */ - uint8_t data[1]; /** Type independant data field */ + AvahiIPv6Address ipv6; /**< Address when IPv6 */ + AvahiIPv4Address ipv4; /**< Address when IPv4 */ + uint8_t data[1]; /**< Type independant data field */ } data; } AvahiAddress; diff --git a/avahi-core/iface-linux.c b/avahi-core/iface-linux.c index 910000d..a975976 100644 --- a/avahi-core/iface-linux.c +++ b/avahi-core/iface-linux.c @@ -30,6 +30,15 @@ #include +#include +#ifndef IFLA_RTA +#define IFLA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifinfomsg)))) +#endif + +#ifndef IFA_RTA +#define IFA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg)))) +#endif + #include "log.h" #include "iface.h" #include "iface-linux.h" diff --git a/avahi-core/netlink.c b/avahi-core/netlink.c index 893295d..7411c90 100644 --- a/avahi-core/netlink.c +++ b/avahi-core/netlink.c @@ -47,27 +47,49 @@ struct AvahiNetlink { int avahi_netlink_work(AvahiNetlink *nl, int block) { ssize_t bytes; + struct msghdr smsg; + struct cmsghdr *cmsg; + struct ucred *cred; + struct iovec iov; struct nlmsghdr *p; + char cred_msg[CMSG_SPACE(sizeof(struct ucred))]; assert(nl); - - if ((bytes = recv(nl->fd, nl->buffer, nl->buffer_length, block ? 0 : MSG_DONTWAIT)) < 0) { - + + iov.iov_base = nl->buffer; + iov.iov_len = nl->buffer_length; + + smsg.msg_name = (void*) NULL; + smsg.msg_namelen = 0; + smsg.msg_iov = &iov; + smsg.msg_iovlen = 1; + smsg.msg_control = cred_msg; + smsg.msg_controllen = sizeof(cred_msg); + smsg.msg_flags = (block ? 0 : MSG_DONTWAIT); + + if ((bytes = recvmsg(nl->fd, &smsg, 0)) < 0) { if (errno == EAGAIN || errno == EINTR) return 0; - avahi_log_error(__FILE__": recv() failed: %s", strerror(errno)); + avahi_log_error(__FILE__": recvmsg() failed: %s", strerror(errno)); return -1; } - p = (struct nlmsghdr *) nl->buffer; - - /* Check that this message originated from the kernel, - or a request from avahi itself, and not another process */ - if ((p->nlmsg_pid != 0) && (p->nlmsg_pid != getpid())) { + cmsg = CMSG_FIRSTHDR(&smsg); + cred = (struct ucred *) CMSG_DATA (cmsg); + + if (cmsg == NULL || cmsg->cmsg_type != SCM_CREDENTIALS) { + avahi_log_error("No sender credentials received, ignoring data."); return -1; } + if (cred->uid != 0) { + avahi_log_warn("Netlink message received from cred->uid != 0 (%d)", cred->uid); + return -1; + } + + p = (struct nlmsghdr *) nl->buffer; + assert(nl->callback); for (; bytes > 0; p = NLMSG_NEXT(p, bytes)) { @@ -94,6 +116,7 @@ static void socket_event(AvahiWatch *w, int fd, AVAHI_GCC_UNUSED AvahiWatchEvent AvahiNetlink *avahi_netlink_new(const AvahiPoll *poll_api, uint32_t groups, void (*cb) (AvahiNetlink *nl, struct nlmsghdr *n, void* userdata), void* userdata) { int fd = -1; + const int on = 1; struct sockaddr_nl addr; AvahiNetlink *nl = NULL; @@ -115,6 +138,11 @@ AvahiNetlink *avahi_netlink_new(const AvahiPoll *poll_api, uint32_t groups, void goto fail; } + if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on)) < 0) { + avahi_log_error(__FILE__": bind(): %s", strerror(errno)); + goto fail; + } + if (!(nl = avahi_new(AvahiNetlink, 1))) { avahi_log_error(__FILE__": avahi_new() failed."); goto fail;