877ce7c1b3
This patch implements an API whereby an application can determine the
label of its peer's Unix datagram sockets via the auxiliary data mechanism of
recvmsg.
Patch purpose:
This patch enables a security-aware application to retrieve the
security context of the peer of a Unix datagram socket. The application
can then use this security context to determine the security context for
processing on behalf of the peer who sent the packet.
Patch design and implementation:
The design and implementation is very similar to the UDP case for INET
sockets. Basically we build upon the existing Unix domain socket API for
retrieving user credentials. Linux offers the API for obtaining user
credentials via ancillary messages (i.e., out of band/control messages
that are bundled together with a normal message). To retrieve the security
context, the application first indicates to the kernel such desire by
setting the SO_PASSSEC option via getsockopt. Then the application
retrieves the security context using the auxiliary data mechanism.
An example server application for Unix datagram socket should look like this:
toggle = 1;
toggle_len = sizeof(toggle);
setsockopt(sockfd, SOL_SOCKET, SO_PASSSEC, &toggle, &toggle_len);
recvmsg(sockfd, &msg_hdr, 0);
if (msg_hdr.msg_controllen > sizeof(struct cmsghdr)) {
cmsg_hdr = CMSG_FIRSTHDR(&msg_hdr);
if (cmsg_hdr->cmsg_len <= CMSG_LEN(sizeof(scontext)) &&
cmsg_hdr->cmsg_level == SOL_SOCKET &&
cmsg_hdr->cmsg_type == SCM_SECURITY) {
memcpy(&scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));
}
}
sock_setsockopt is enhanced with a new socket option SOCK_PASSSEC to allow
a server socket to receive security context of the peer.
Testing:
We have tested the patch by setting up Unix datagram client and server
applications. We verified that the server can retrieve the security context
using the auxiliary data mechanism of recvmsg.
Signed-off-by: Catherine Zhang <cxzhang@watson.ibm.com>
Acked-by: Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
100 lines
2.6 KiB
C
100 lines
2.6 KiB
C
#ifndef __LINUX_NET_AFUNIX_H
|
|
#define __LINUX_NET_AFUNIX_H
|
|
|
|
#include <linux/socket.h>
|
|
#include <linux/un.h>
|
|
#include <linux/mutex.h>
|
|
#include <net/sock.h>
|
|
|
|
extern void unix_inflight(struct file *fp);
|
|
extern void unix_notinflight(struct file *fp);
|
|
extern void unix_gc(void);
|
|
|
|
#define UNIX_HASH_SIZE 256
|
|
|
|
extern struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
|
|
extern spinlock_t unix_table_lock;
|
|
|
|
extern atomic_t unix_tot_inflight;
|
|
|
|
static inline struct sock *first_unix_socket(int *i)
|
|
{
|
|
for (*i = 0; *i <= UNIX_HASH_SIZE; (*i)++) {
|
|
if (!hlist_empty(&unix_socket_table[*i]))
|
|
return __sk_head(&unix_socket_table[*i]);
|
|
}
|
|
return NULL;
|
|
}
|
|
|
|
static inline struct sock *next_unix_socket(int *i, struct sock *s)
|
|
{
|
|
struct sock *next = sk_next(s);
|
|
/* More in this chain? */
|
|
if (next)
|
|
return next;
|
|
/* Look for next non-empty chain. */
|
|
for ((*i)++; *i <= UNIX_HASH_SIZE; (*i)++) {
|
|
if (!hlist_empty(&unix_socket_table[*i]))
|
|
return __sk_head(&unix_socket_table[*i]);
|
|
}
|
|
return NULL;
|
|
}
|
|
|
|
#define forall_unix_sockets(i, s) \
|
|
for (s = first_unix_socket(&(i)); s; s = next_unix_socket(&(i),(s)))
|
|
|
|
struct unix_address {
|
|
atomic_t refcnt;
|
|
int len;
|
|
unsigned hash;
|
|
struct sockaddr_un name[0];
|
|
};
|
|
|
|
struct unix_skb_parms {
|
|
struct ucred creds; /* Skb credentials */
|
|
struct scm_fp_list *fp; /* Passed files */
|
|
#ifdef CONFIG_SECURITY_NETWORK
|
|
char *secdata; /* Security context */
|
|
u32 seclen; /* Security length */
|
|
#endif
|
|
};
|
|
|
|
#define UNIXCB(skb) (*(struct unix_skb_parms*)&((skb)->cb))
|
|
#define UNIXCREDS(skb) (&UNIXCB((skb)).creds)
|
|
#define UNIXSECDATA(skb) (&UNIXCB((skb)).secdata)
|
|
#define UNIXSECLEN(skb) (&UNIXCB((skb)).seclen)
|
|
|
|
#define unix_state_rlock(s) spin_lock(&unix_sk(s)->lock)
|
|
#define unix_state_runlock(s) spin_unlock(&unix_sk(s)->lock)
|
|
#define unix_state_wlock(s) spin_lock(&unix_sk(s)->lock)
|
|
#define unix_state_wunlock(s) spin_unlock(&unix_sk(s)->lock)
|
|
|
|
#ifdef __KERNEL__
|
|
/* The AF_UNIX socket */
|
|
struct unix_sock {
|
|
/* WARNING: sk has to be the first member */
|
|
struct sock sk;
|
|
struct unix_address *addr;
|
|
struct dentry *dentry;
|
|
struct vfsmount *mnt;
|
|
struct mutex readlock;
|
|
struct sock *peer;
|
|
struct sock *other;
|
|
struct sock *gc_tree;
|
|
atomic_t inflight;
|
|
spinlock_t lock;
|
|
wait_queue_head_t peer_wait;
|
|
};
|
|
#define unix_sk(__sk) ((struct unix_sock *)__sk)
|
|
|
|
#ifdef CONFIG_SYSCTL
|
|
extern int sysctl_unix_max_dgram_qlen;
|
|
extern void unix_sysctl_register(void);
|
|
extern void unix_sysctl_unregister(void);
|
|
#else
|
|
static inline void unix_sysctl_register(void) {}
|
|
static inline void unix_sysctl_unregister(void) {}
|
|
#endif
|
|
#endif
|
|
#endif
|