diff --git a/share/man/man4/unix.4 b/share/man/man4/unix.4 index a192fa00e7d9..c55618559f51 100644 --- a/share/man/man4/unix.4 +++ b/share/man/man4/unix.4 @@ -194,6 +194,56 @@ system call (e.g., or .Xr listen 2 ) under different effective credentials. +.Pp + +.Tn UNIX +domain sockets support a number of socket options which can be set with +.Xr setsockopt 2 +and tested with +.Xr getsockopt 2 : +.Bl -tag -width ".Dv LOCAL_CONNWAIT" +.It Dv LOCAL_CREDS +This option may be enabled on a +.Dv SOCK_DGRAM +or a +.Dv SOCK_STREAM +socket. This option provides a mechanism for the receiver to +receive the credentials of the process as a +.Xr recvmsg 2 +control message. The msg_control field in the msghdr structure points +to a buffer that contains a cmsghdr structure followed by a variable +length sockcred structure, defined in +.Pa \*[Lt]sys/socket.h\*[Gt] +as follows: +.Bd -literal +struct sockcred { + id_t sc_uid; /* real user id */ + uid_t sc_euid; /* effective user id */ + gid_t sc_gid; /* real group id */ + gid_t sc_egid; /* effective group id */ + int sc_ngroups; /* number of supplemental groups */ + gid_t sc_groups[1]; /* variable length */ +}; +.Ed +.Pp +The +.Fn SOCKCREDSIZE +macro computes the size of the sockcred structure for a specified number +of groups. +The cmsghdr fields have the following values: +.Bd -literal +cmsg_len = sizeof(struct cmsghdr) + SOCKCREDSIZE(ngroups) +cmsg_level = SOL_SOCKET +cmsg_type = SCM_CREDS +.Ed +.It Dv LOCAL_CONNWAIT +Used with +.Dv SOCK_STREAM +sockets, this option causes the +.Xr connect 2 +function to block until +.Xr accept 2 +has been called on the listening socket. .Sh SEE ALSO .Xr socket 2 , .Xr intro 4 diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c index 256c4fb5272a..e3ebf9ba9cc9 100644 --- a/sys/kern/uipc_usrreq.c +++ b/sys/kern/uipc_usrreq.c @@ -81,6 +81,7 @@ static struct unp_head unp_shead, unp_dhead; */ static const struct sockaddr sun_noname = { sizeof(sun_noname), AF_LOCAL }; static ino_t unp_ino; /* prototype for fake inode numbers */ +struct mbuf *unp_addsockcred(struct thread *, struct mbuf *); /* * Currently, UNIX domain sockets are protected by a single subsystem lock, @@ -114,7 +115,7 @@ static int unp_attach(struct socket *); static void unp_detach(struct unpcb *); static int unp_bind(struct unpcb *,struct sockaddr *, struct thread *); static int unp_connect(struct socket *,struct sockaddr *, struct thread *); -static int unp_connect2(struct socket *so, struct socket *so2); +static int unp_connect2(struct socket *so, struct socket *so2, int); static void unp_disconnect(struct unpcb *); static void unp_shutdown(struct unpcb *); static void unp_drop(struct unpcb *, int); @@ -233,7 +234,7 @@ uipc_connect2(struct socket *so1, struct socket *so2) UNP_UNLOCK(); return (EINVAL); } - error = unp_connect2(so1, so2); + error = unp_connect2(so1, so2, PRU_CONNECT2); UNP_UNLOCK(); return (error); } @@ -421,6 +422,8 @@ uipc_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam, from = (struct sockaddr *)unp->unp_addr; else from = &sun_noname; + if (unp->unp_conn->unp_flags & UNP_WANTCRED) + control = unp_addsockcred(td, control); SOCKBUF_LOCK(&so2->so_rcv); if (sbappendaddr_locked(&so2->so_rcv, from, m, control)) { sorwakeup_locked(so2); @@ -462,6 +465,14 @@ uipc_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam, panic("uipc_send connected but no connection?"); so2 = unp->unp_conn->unp_socket; SOCKBUF_LOCK(&so2->so_rcv); + if (unp->unp_conn->unp_flags & UNP_WANTCRED) { + /* + * Credentials are passed only once on + * SOCK_STREAM. + */ + unp->unp_conn->unp_flags &= ~UNP_WANTCRED; + control = unp_addsockcred(td, control); + } /* * Send to paired receive port, and then reduce * send buffer hiwater marks to maintain backpressure. @@ -604,20 +615,20 @@ uipc_ctloutput(struct socket *so, struct sockopt *sopt) { struct unpcb *unp; struct xucred xu; - int error; + int error, optval; + + UNP_LOCK(); + unp = sotounpcb(so); + if (unp == NULL) { + UNP_UNLOCK(); + return (EINVAL); + } + error = 0; switch (sopt->sopt_dir) { case SOPT_GET: switch (sopt->sopt_name) { case LOCAL_PEERCRED: - error = 0; - UNP_LOCK(); - unp = sotounpcb(so); - if (unp == NULL) { - UNP_UNLOCK(); - error = EINVAL; - break; - } if (unp->unp_flags & UNP_HAVEPC) xu = unp->unp_peercred; else { @@ -626,20 +637,58 @@ uipc_ctloutput(struct socket *so, struct sockopt *sopt) else error = EINVAL; } - UNP_UNLOCK(); if (error == 0) error = sooptcopyout(sopt, &xu, sizeof(xu)); break; + case LOCAL_CREDS: + optval = unp->unp_flags & UNP_WANTCRED ? 1 : 0; + error = sooptcopyout(sopt, &optval, sizeof(optval)); + break; + case LOCAL_CONNWAIT: + optval = unp->unp_flags & UNP_CONNWAIT ? 1 : 0; + error = sooptcopyout(sopt, &optval, sizeof(optval)); + break; default: error = EOPNOTSUPP; break; } break; case SOPT_SET: + switch (sopt->sopt_name) { + case LOCAL_CREDS: + case LOCAL_CONNWAIT: + error = sooptcopyin(sopt, &optval, sizeof(optval), + sizeof(optval)); + if (error) + break; + +#define OPTSET(bit) \ + if (optval) \ + unp->unp_flags |= bit; \ + else \ + unp->unp_flags &= ~bit; + + switch (sopt->sopt_name) { + case LOCAL_CREDS: + OPTSET(UNP_WANTCRED); + break; + case LOCAL_CONNWAIT: + OPTSET(UNP_CONNWAIT); + break; + default: + break; + } + break; +#undef OPTSET + default: + error = ENOPROTOOPT; + break; + } default: error = EOPNOTSUPP; break; } + UNP_UNLOCK(); return (error); } @@ -965,7 +1014,7 @@ unp_connect(struct socket *so, struct sockaddr *nam, struct thread *td) so2 = so3; } - error = unp_connect2(so, so2); + error = unp_connect2(so, so2, PRU_CONNECT); bad2: UNP_UNLOCK(); mtx_lock(&Giant); @@ -980,7 +1029,7 @@ unp_connect(struct socket *so, struct sockaddr *nam, struct thread *td) } static int -unp_connect2(struct socket *so, struct socket *so2) +unp_connect2(struct socket *so, struct socket *so2, int req) { struct unpcb *unp = sotounpcb(so); struct unpcb *unp2; @@ -1000,7 +1049,11 @@ unp_connect2(struct socket *so, struct socket *so2) case SOCK_STREAM: unp2->unp_conn = unp; - soisconnected(so); + if (req == PRU_CONNECT && + ((unp->unp_flags | unp2->unp_flags) & UNP_CONNWAIT)) + soisconnecting(so); + else + soisconnected(so); soisconnected(so2); break; @@ -1484,6 +1537,43 @@ unp_internalize(struct mbuf **controlp, struct thread *td) return (error); } +struct mbuf * +unp_addsockcred(struct thread *td, struct mbuf *control) +{ + struct mbuf *m, *n; + struct sockcred *sc; + int ngroups; + int i; + + ngroups = MIN(td->td_ucred->cr_ngroups, CMGROUP_MAX); + + m = sbcreatecontrol(NULL, SOCKCREDSIZE(ngroups), SCM_CREDS, SOL_SOCKET); + if (m == NULL) + return (control); + m->m_next = NULL; + + sc = (struct sockcred *) CMSG_DATA(mtod(m, struct cmsghdr *)); + sc->sc_uid = td->td_ucred->cr_ruid; + sc->sc_euid = td->td_ucred->cr_uid; + sc->sc_gid = td->td_ucred->cr_rgid; + sc->sc_egid = td->td_ucred->cr_gid; + sc->sc_ngroups = ngroups; + for (i = 0; i < sc->sc_ngroups; i++) + sc->sc_groups[i] = td->td_ucred->cr_groups[i]; + + /* + * If a control message already exists, append us to the end. + */ + if (control != NULL) { + for (n = control; n->m_next != NULL; n = n->m_next) + ; + n->m_next = m; + } else + control = m; + + return (control); +} + /* * unp_defer is thread-local during garbage collection, and does not require * explicit synchronization. unp_gcing prevents other threads from entering diff --git a/sys/sys/socket.h b/sys/sys/socket.h index 27e529418f05..176343d6aee0 100644 --- a/sys/sys/socket.h +++ b/sys/sys/socket.h @@ -439,6 +439,25 @@ struct cmsgcred { short cmcred_ngroups; /* number or groups */ gid_t cmcred_groups[CMGROUP_MAX]; /* groups */ }; + +/* + * Socket credentials. + */ +struct sockcred { + uid_t sc_uid; /* real user id */ + uid_t sc_euid; /* effective user id */ + gid_t sc_gid; /* real group id */ + gid_t sc_egid; /* effective group id */ + int sc_ngroups; /* number of supplemental groups */ + gid_t sc_groups[1]; /* variable length */ +}; + +/* + * Compute size of a sockcred structure with groups. + */ +#define SOCKCREDSIZE(ngrps) \ + (sizeof(struct sockcred) + (sizeof(gid_t) * ((ngrps) - 1))) + #endif /* __BSD_VISIBLE */ /* given pointer to struct cmsghdr, return pointer to data */ diff --git a/sys/sys/un.h b/sys/sys/un.h index e8caf35f8232..97aebb5be2e0 100644 --- a/sys/sys/un.h +++ b/sys/sys/un.h @@ -53,7 +53,9 @@ struct sockaddr_un { #if __BSD_VISIBLE /* Socket options. */ -#define LOCAL_PEERCRED 0x001 /* retrieve peer credentails */ +#define LOCAL_PEERCRED 0x001 /* retrieve peer credentials */ +#define LOCAL_CREDS 0x002 /* pass credentials to receiver */ +#define LOCAL_CONNWAIT 0x004 /* connects block until accepted */ #ifdef _KERNEL struct mbuf; diff --git a/sys/sys/unpcb.h b/sys/sys/unpcb.h index b6305706fabc..a1186dedbae2 100644 --- a/sys/sys/unpcb.h +++ b/sys/sys/unpcb.h @@ -95,6 +95,8 @@ struct unpcb { */ #define UNP_HAVEPC 0x001 #define UNP_HAVEPCCACHED 0x002 +#define UNP_WANTCRED 0x004 /* credentials wanted */ +#define UNP_CONNWAIT 0x008 /* connect blocks until accepted */ #define sotounpcb(so) ((struct unpcb *)((so)->so_pcb))