git.openpandora.org / pandora-kernel.git / blob
? search:


c77b7c3d2f9d1390e5143594786709aff7bc935d
[pandora-kernel.git] / net / core / scm.c
1 /* scm.c - Socket level control messages processing.
2  *
3  * Author:      Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
4  *              Alignment and value checking mods by Craig Metz
5  *
6  *              This program is free software; you can redistribute it and/or
7  *              modify it under the terms of the GNU General Public License
8  *              as published by the Free Software Foundation; either version
9  *              2 of the License, or (at your option) any later version.
10  */
11
12 #include <linux/module.h>
13 #include <linux/signal.h>
14 #include <linux/capability.h>
15 #include <linux/errno.h>
16 #include <linux/sched.h>
17 #include <linux/mm.h>
18 #include <linux/kernel.h>
19 #include <linux/stat.h>
20 #include <linux/socket.h>
21 #include <linux/file.h>
22 #include <linux/fcntl.h>
23 #include <linux/net.h>
24 #include <linux/interrupt.h>
25 #include <linux/netdevice.h>
26 #include <linux/security.h>
27 #include <linux/pid_namespace.h>
28 #include <linux/pid.h>
29 #include <linux/nsproxy.h>
30 #include <linux/slab.h>
31
32 #include <asm/uaccess.h>
33
34 #include <net/protocol.h>
35 #include <linux/skbuff.h>
36 #include <net/sock.h>
37 #include <net/compat.h>
38 #include <net/scm.h>
39 #include <net/cls_cgroup.h>
40
41
42 /*
43  *      Only allow a user to send credentials, that they could set with
44  *      setu(g)id.
45  */
46
47 static __inline__ int scm_check_creds(struct ucred *creds)
48 {
49         const struct cred *cred = current_cred();
50         kuid_t uid = make_kuid(cred->user_ns, creds->uid);
51         kgid_t gid = make_kgid(cred->user_ns, creds->gid);
52
53         if (!uid_valid(uid) || !gid_valid(gid))
54                 return -EINVAL;
55
56         if ((creds->pid == task_tgid_vnr(current) ||
57              ns_capable(current->nsproxy->pid_ns->user_ns, CAP_SYS_ADMIN)) &&
58             ((uid_eq(uid, cred->uid)   || uid_eq(uid, cred->euid) ||
59               uid_eq(uid, cred->suid)) || nsown_capable(CAP_SETUID)) &&
60             ((gid_eq(gid, cred->gid)   || gid_eq(gid, cred->egid) ||
61               gid_eq(gid, cred->sgid)) || nsown_capable(CAP_SETGID))) {
62                return 0;
63         }
64         return -EPERM;
65 }
66
67 static int scm_fp_copy(struct cmsghdr *cmsg, struct scm_fp_list **fplp)
68 {
69         int *fdp = (int*)CMSG_DATA(cmsg);
70         struct scm_fp_list *fpl = *fplp;
71         struct file **fpp;
72         int i, num;
73
74         num = (cmsg->cmsg_len - CMSG_ALIGN(sizeof(struct cmsghdr)))/sizeof(int);
75
76         if (num <= 0)
77                 return 0;
78
79         if (num > SCM_MAX_FD)
80                 return -EINVAL;
81
82         if (!fpl)
83         {
84                 fpl = kmalloc(sizeof(struct scm_fp_list), GFP_KERNEL);
85                 if (!fpl)
86                         return -ENOMEM;
87                 *fplp = fpl;
88                 fpl->count = 0;
89                 fpl->max = SCM_MAX_FD;
90         }
91         fpp = &fpl->fp[fpl->count];
92
93         if (fpl->count + num > fpl->max)
94                 return -EINVAL;
95
96         /*
97          *      Verify the descriptors and increment the usage count.
98          */
99
100         for (i=0; i< num; i++)
101         {
102                 int fd = fdp[i];
103                 struct file *file;
104
105                 if (fd < 0 || !(file = fget_raw(fd)))
106                         return -EBADF;
107                 *fpp++ = file;
108                 fpl->count++;
109         }
110         return num;
111 }
112
113 void __scm_destroy(struct scm_cookie *scm)
114 {
115         struct scm_fp_list *fpl = scm->fp;
116         int i;
117
118         if (fpl) {
119                 scm->fp = NULL;
120                 for (i=fpl->count-1; i>=0; i--)
121                         fput(fpl->fp[i]);
122                 kfree(fpl);
123         }
124 }
125 EXPORT_SYMBOL(__scm_destroy);
126
127 int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *p)
128 {
129         struct cmsghdr *cmsg;
130         int err;
131
132         for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg))
133         {
134                 err = -EINVAL;
135
136                 /* Verify that cmsg_len is at least sizeof(struct cmsghdr) */
137                 /* The first check was omitted in <= 2.2.5. The reasoning was
138                    that parser checks cmsg_len in any case, so that
139                    additional check would be work duplication.
140                    But if cmsg_level is not SOL_SOCKET, we do not check
141                    for too short ancillary data object at all! Oops.
142                    OK, let's add it...
143                  */
144                 if (!CMSG_OK(msg, cmsg))
145                         goto error;
146
147                 if (cmsg->cmsg_level != SOL_SOCKET)
148                         continue;
149
150                 switch (cmsg->cmsg_type)
151                 {
152                 case SCM_RIGHTS:
153                         if (!sock->ops || sock->ops->family != PF_UNIX)
154                                 goto error;
155                         err=scm_fp_copy(cmsg, &p->fp);
156                         if (err<0)
157                                 goto error;
158                         break;
159                 case SCM_CREDENTIALS:
160                 {
161                         struct ucred creds;
162                         kuid_t uid;
163                         kgid_t gid;
164                         if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct ucred)))
165                                 goto error;
166                         memcpy(&creds, CMSG_DATA(cmsg), sizeof(struct ucred));
167                         err = scm_check_creds(&creds);
168                         if (err)
169                                 goto error;
170
171                         p->creds.pid = creds.pid;
172                         if (!p->pid || pid_vnr(p->pid) != creds.pid) {
173                                 struct pid *pid;
174                                 err = -ESRCH;
175                                 pid = find_get_pid(creds.pid);
176                                 if (!pid)
177                                         goto error;
178                                 put_pid(p->pid);
179                                 p->pid = pid;
180                         }
181
182                         err = -EINVAL;
183                         uid = make_kuid(current_user_ns(), creds.uid);
184                         gid = make_kgid(current_user_ns(), creds.gid);
185                         if (!uid_valid(uid) || !gid_valid(gid))
186                                 goto error;
187
188                         p->creds.uid = uid;
189                         p->creds.gid = gid;
190                         break;
191                 }
192                 default:
193                         goto error;
194                 }
195         }
196
197         if (p->fp && !p->fp->count)
198         {
199                 kfree(p->fp);
200                 p->fp = NULL;
201         }
202         return 0;
203
204 error:
205         scm_destroy(p);
206         return err;
207 }
208 EXPORT_SYMBOL(__scm_send);
209
210 int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data)
211 {
212         struct cmsghdr __user *cm
213                 = (__force struct cmsghdr __user *)msg->msg_control;
214         struct cmsghdr cmhdr;
215         int cmlen = CMSG_LEN(len);
216         int err;
217
218         if (MSG_CMSG_COMPAT & msg->msg_flags)
219                 return put_cmsg_compat(msg, level, type, len, data);
220
221         if (cm==NULL || msg->msg_controllen < sizeof(*cm)) {
222                 msg->msg_flags |= MSG_CTRUNC;
223                 return 0; /* XXX: return error? check spec. */
224         }
225         if (msg->msg_controllen < cmlen) {
226                 msg->msg_flags |= MSG_CTRUNC;
227                 cmlen = msg->msg_controllen;
228         }
229         cmhdr.cmsg_level = level;
230         cmhdr.cmsg_type = type;
231         cmhdr.cmsg_len = cmlen;
232
233         err = -EFAULT;
234         if (copy_to_user(cm, &cmhdr, sizeof cmhdr))
235                 goto out;
236         if (copy_to_user(CMSG_DATA(cm), data, cmlen - sizeof(struct cmsghdr)))
237                 goto out;
238         cmlen = CMSG_SPACE(len);
239         if (msg->msg_controllen < cmlen)
240                 cmlen = msg->msg_controllen;
241         msg->msg_control += cmlen;
242         msg->msg_controllen -= cmlen;
243         err = 0;
244 out:
245         return err;
246 }
247 EXPORT_SYMBOL(put_cmsg);
248
249 void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
250 {
251         struct cmsghdr __user *cm
252                 = (__force struct cmsghdr __user*)msg->msg_control;
253
254         int fdmax = 0;
255         int fdnum = scm->fp->count;
256         struct file **fp = scm->fp->fp;
257         int __user *cmfptr;
258         int err = 0, i;
259
260         if (MSG_CMSG_COMPAT & msg->msg_flags) {
261                 scm_detach_fds_compat(msg, scm);
262                 return;
263         }
264
265         if (msg->msg_controllen > sizeof(struct cmsghdr))
266                 fdmax = ((msg->msg_controllen - sizeof(struct cmsghdr))
267                          / sizeof(int));
268
269         if (fdnum < fdmax)
270                 fdmax = fdnum;
271
272         for (i=0, cmfptr=(__force int __user *)CMSG_DATA(cm); i<fdmax;
273              i++, cmfptr++)
274         {
275                 struct socket *sock;
276                 int new_fd;
277                 err = security_file_receive(fp[i]);
278                 if (err)
279                         break;
280                 err = get_unused_fd_flags(MSG_CMSG_CLOEXEC & msg->msg_flags
281                                           ? O_CLOEXEC : 0);
282                 if (err < 0)
283                         break;
284                 new_fd = err;
285                 err = put_user(new_fd, cmfptr);
286                 if (err) {
287                         put_unused_fd(new_fd);
288                         break;
289                 }
290                 /* Bump the usage count and install the file. */
291                 sock = sock_from_file(fp[i], &err);
292                 if (sock) {
293                         sock_update_netprioidx(sock->sk, current);
294                         sock_update_classid(sock->sk);
295                 }
296                 fd_install(new_fd, get_file(fp[i]));
297         }
298
299         if (i > 0)
300         {
301                 int cmlen = CMSG_LEN(i*sizeof(int));
302                 err = put_user(SOL_SOCKET, &cm->cmsg_level);
303                 if (!err)
304                         err = put_user(SCM_RIGHTS, &cm->cmsg_type);
305                 if (!err)
306                         err = put_user(cmlen, &cm->cmsg_len);
307                 if (!err) {
308                         cmlen = CMSG_SPACE(i*sizeof(int));
309                         msg->msg_control += cmlen;
310                         msg->msg_controllen -= cmlen;
311                 }
312         }
313         if (i < fdnum || (fdnum && fdmax <= 0))
314                 msg->msg_flags |= MSG_CTRUNC;
315
316         /*
317          * All of the files that fit in the message have had their
318          * usage counts incremented, so we just free the list.
319          */
320         __scm_destroy(scm);
321 }
322 EXPORT_SYMBOL(scm_detach_fds);
323
324 struct scm_fp_list *scm_fp_dup(struct scm_fp_list *fpl)
325 {
326         struct scm_fp_list *new_fpl;
327         int i;
328
329         if (!fpl)
330                 return NULL;
331
332         new_fpl = kmemdup(fpl, offsetof(struct scm_fp_list, fp[fpl->count]),
333                           GFP_KERNEL);
334         if (new_fpl) {
335                 for (i = 0; i < fpl->count; i++)
336                         get_file(fpl->fp[i]);
337                 new_fpl->max = new_fpl->count;
338         }
339         return new_fpl;
340 }
341 EXPORT_SYMBOL(scm_fp_dup);
Pandora Kernel Repository