1 files changed, 291 insertions, 0 deletions
diff --git a/net/core/scm.c b/net/core/scm.c
new file mode 100644
index 000000000000..a2ebf30f6aa8
--- /dev/null
+++ b/net/core/scm.c
@@ -0,0 +1,291 @@
+/* scm.c - Socket level control messages processing.
+ *
+ * Author:      Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
+ *              Alignment and value checking mods by Craig Metz
+ *
+ *              This program is free software; you can redistribute it and/or
+ *              modify it under the terms of the GNU General Public License
+ *              as published by the Free Software Foundation; either version
+ *              2 of the License, or (at your option) any later version.
+ */
+#include <linux/module.h>
+#include <linux/signal.h>
+#include <linux/errno.h>
+#include <linux/sched.h>
+#include <linux/mm.h>
+#include <linux/kernel.h>
+#include <linux/major.h>
+#include <linux/stat.h>
+#include <linux/socket.h>
+#include <linux/file.h>
+#include <linux/fcntl.h>
+#include <linux/net.h>
+#include <linux/interrupt.h>
+#include <linux/netdevice.h>
+#include <linux/security.h>
+#include <asm/system.h>
+#include <asm/uaccess.h>
+#include <net/protocol.h>
+#include <linux/skbuff.h>
+#include <net/sock.h>
+#include <net/compat.h>
+#include <net/scm.h>
+/*
+ *      Only allow a user to send credentials, that they could set with 
+ *      setu(g)id.
+ */
+static __inline__ int scm_check_creds(struct ucred *creds)
+{
+        if ((creds->pid == current->tgid || capable(CAP_SYS_ADMIN)) &&
+            ((creds->uid == current->uid || creds->uid == current->euid ||
+              creds->uid == current->suid) || capable(CAP_SETUID)) &&
+            ((creds->gid == current->gid || creds->gid == current->egid ||
+              creds->gid == current->sgid) || capable(CAP_SETGID))) {
+               return 0;
+        }
+        return -EPERM;
+}
+static int scm_fp_copy(struct cmsghdr *cmsg, struct scm_fp_list **fplp)
+{
+        int *fdp = (int*)CMSG_DATA(cmsg);
+        struct scm_fp_list *fpl = *fplp;
+        struct file **fpp;
+        int i, num;
+        num = (cmsg->cmsg_len - CMSG_ALIGN(sizeof(struct cmsghdr)))/sizeof(int);
+        if (num <= 0)
+                return 0;
+        if (num > SCM_MAX_FD)
+                return -EINVAL;
+        if (!fpl)
+        {
+                fpl = kmalloc(sizeof(struct scm_fp_list), GFP_KERNEL);
+                if (!fpl)
+                        return -ENOMEM;
+                *fplp = fpl;
+                fpl->count = 0;
+        }
+        fpp = &fpl->fp[fpl->count];
+        if (fpl->count + num > SCM_MAX_FD)
+                return -EINVAL;
+        
+        /*
+         *      Verify the descriptors and increment the usage count.
+         */
+         
+        for (i=0; i< num; i++)
+        {
+                int fd = fdp[i];
+                struct file *file;
+                if (fd < 0 || !(file = fget(fd)))
+                        return -EBADF;
+                *fpp++ = file;
+                fpl->count++;
+        }
+        return num;
+}
+void __scm_destroy(struct scm_cookie *scm)
+{
+        struct scm_fp_list *fpl = scm->fp;
+        int i;
+        if (fpl) {
+                scm->fp = NULL;
+                for (i=fpl->count-1; i>=0; i--)
+                        fput(fpl->fp[i]);
+                kfree(fpl);
+        }
+}
+int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *p)
+{
+        struct cmsghdr *cmsg;
+        int err;
+        for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg))
+        {
+                err = -EINVAL;
+                /* Verify that cmsg_len is at least sizeof(struct cmsghdr) */
+                /* The first check was omitted in <= 2.2.5. The reasoning was
+                   that parser checks cmsg_len in any case, so that
+                   additional check would be work duplication.
+                   But if cmsg_level is not SOL_SOCKET, we do not check 
+                   for too short ancillary data object at all! Oops.
+                   OK, let's add it...
+                 */
+                if (!CMSG_OK(msg, cmsg))
+                        goto error;
+                if (cmsg->cmsg_level != SOL_SOCKET)
+                        continue;
+                switch (cmsg->cmsg_type)
+                {
+                case SCM_RIGHTS:
+                        err=scm_fp_copy(cmsg, &p->fp);
+                        if (err<0)
+                                goto error;
+                        break;
+                case SCM_CREDENTIALS:
+                        if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct ucred)))
+                                goto error;
+                        memcpy(&p->creds, CMSG_DATA(cmsg), sizeof(struct ucred));
+                        err = scm_check_creds(&p->creds);
+                        if (err)
+                                goto error;
+                        break;
+                default:
+                        goto error;
+                }
+        }
+        if (p->fp && !p->fp->count)
+        {
+                kfree(p->fp);
+                p->fp = NULL;
+        }
+        return 0;
+        
+error:
+        scm_destroy(p);
+        return err;
+}
+int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data)
+{
+        struct cmsghdr __user *cm = (struct cmsghdr __user *)msg->msg_control;
+        struct cmsghdr cmhdr;
+        int cmlen = CMSG_LEN(len);
+        int err;
+        if (MSG_CMSG_COMPAT & msg->msg_flags)
+                return put_cmsg_compat(msg, level, type, len, data);
+        if (cm==NULL || msg->msg_controllen < sizeof(*cm)) {
+                msg->msg_flags |= MSG_CTRUNC;
+                return 0; /* XXX: return error? check spec. */
+        }
+        if (msg->msg_controllen < cmlen) {
+                msg->msg_flags |= MSG_CTRUNC;
+                cmlen = msg->msg_controllen;
+        }
+        cmhdr.cmsg_level = level;
+        cmhdr.cmsg_type = type;
+        cmhdr.cmsg_len = cmlen;
+        err = -EFAULT;
+        if (copy_to_user(cm, &cmhdr, sizeof cmhdr))
+                goto out; 
+        if (copy_to_user(CMSG_DATA(cm), data, cmlen - sizeof(struct cmsghdr)))
+                goto out;
+        cmlen = CMSG_SPACE(len);
+        msg->msg_control += cmlen;
+        msg->msg_controllen -= cmlen;
+        err = 0;
+out:
+        return err;
+}
+void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
+{
+        struct cmsghdr __user *cm = (struct cmsghdr __user*)msg->msg_control;
+        int fdmax = 0;
+        int fdnum = scm->fp->count;
+        struct file **fp = scm->fp->fp;
+        int __user *cmfptr;
+        int err = 0, i;
+        if (MSG_CMSG_COMPAT & msg->msg_flags) {
+                scm_detach_fds_compat(msg, scm);
+                return;
+        }
+        if (msg->msg_controllen > sizeof(struct cmsghdr))
+                fdmax = ((msg->msg_controllen - sizeof(struct cmsghdr))
+                         / sizeof(int));
+        if (fdnum < fdmax)
+                fdmax = fdnum;
+        for (i=0, cmfptr=(int __user *)CMSG_DATA(cm); i<fdmax; i++, cmfptr++)
+        {
+                int new_fd;
+                err = security_file_receive(fp[i]);
+                if (err)
+                        break;
+                err = get_unused_fd();
+                if (err < 0)
+                        break;
+                new_fd = err;
+                err = put_user(new_fd, cmfptr);
+                if (err) {
+                        put_unused_fd(new_fd);
+                        break;
+                }
+                /* Bump the usage count and install the file. */
+                get_file(fp[i]);
+                fd_install(new_fd, fp[i]);
+        }
+        if (i > 0)
+        {
+                int cmlen = CMSG_LEN(i*sizeof(int));
+                if (!err)
+                        err = put_user(SOL_SOCKET, &cm->cmsg_level);
+                if (!err)
+                        err = put_user(SCM_RIGHTS, &cm->cmsg_type);
+                if (!err)
+                        err = put_user(cmlen, &cm->cmsg_len);
+                if (!err) {
+                        cmlen = CMSG_SPACE(i*sizeof(int));
+                        msg->msg_control += cmlen;
+                        msg->msg_controllen -= cmlen;
+                }
+        }
+        if (i < fdnum || (fdnum && fdmax <= 0))
+                msg->msg_flags |= MSG_CTRUNC;
+        /*
+         * All of the files that fit in the message have had their
+         * usage counts incremented, so we just free the list.
+         */
+        __scm_destroy(scm);
+}
+struct scm_fp_list *scm_fp_dup(struct scm_fp_list *fpl)
+{
+        struct scm_fp_list *new_fpl;
+        int i;
+        if (!fpl)
+                return NULL;
+        new_fpl = kmalloc(sizeof(*fpl), GFP_KERNEL);
+        if (new_fpl) {
+                for (i=fpl->count-1; i>=0; i--)
+                        get_file(fpl->fp[i]);
+                memcpy(new_fpl, fpl, sizeof(*fpl));
+        }
+        return new_fpl;
+}
+EXPORT_SYMBOL(__scm_destroy);
+EXPORT_SYMBOL(__scm_send);
+EXPORT_SYMBOL(put_cmsg);
+EXPORT_SYMBOL(scm_detach_fds);
+EXPORT_SYMBOL(scm_fp_dup);

diff --git a/net/core/scm.c b/net/core/scm.c new file mode 100644 index 000000000000..a2ebf30f6aa8 --- /dev/null +++ b/net/core/scm.c
@@ -0,0 +1,291 @@
	1	/* scm.c - Socket level control messages processing.
	2	*
	3	* Author: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
	4	* Alignment and value checking mods by Craig Metz
	5	*
	6	* This program is free software; you can redistribute it and/or
	7	* modify it under the terms of the GNU General Public License
	8	* as published by the Free Software Foundation; either version
	9	* 2 of the License, or (at your option) any later version.
	10	*/
	11
	12	#include <linux/module.h>
	13	#include <linux/signal.h>
	14	#include <linux/errno.h>
	15	#include <linux/sched.h>
	16	#include <linux/mm.h>
	17	#include <linux/kernel.h>
	18	#include <linux/major.h>
	19	#include <linux/stat.h>
	20	#include <linux/socket.h>
	21	#include <linux/file.h>
	22	#include <linux/fcntl.h>
	23	#include <linux/net.h>
	24	#include <linux/interrupt.h>
	25	#include <linux/netdevice.h>
	26	#include <linux/security.h>
	27
	28	#include <asm/system.h>
	29	#include <asm/uaccess.h>
	30
	31	#include <net/protocol.h>
	32	#include <linux/skbuff.h>
	33	#include <net/sock.h>
	34	#include <net/compat.h>
	35	#include <net/scm.h>
	36
	37
	38	/*
	39	* Only allow a user to send credentials, that they could set with
	40	* setu(g)id.
	41	*/
	42
	43	static __inline__ int scm_check_creds(struct ucred *creds)
	44	{
	45	if ((creds->pid == current->tgid \|\| capable(CAP_SYS_ADMIN)) &&
	46	((creds->uid == current->uid \|\| creds->uid == current->euid \|\|
	47	creds->uid == current->suid) \|\| capable(CAP_SETUID)) &&
	48	((creds->gid == current->gid \|\| creds->gid == current->egid \|\|
	49	creds->gid == current->sgid) \|\| capable(CAP_SETGID))) {
	50	return 0;
	51	}
	52	return -EPERM;
	53	}
	54
	55	static int scm_fp_copy(struct cmsghdr cmsg, struct scm_fp_list *fplp)
	56	{
	57	int fdp = (int)CMSG_DATA(cmsg);
	58	struct scm_fp_list fpl = fplp;
	59	struct file **fpp;
	60	int i, num;
	61
	62	num = (cmsg->cmsg_len - CMSG_ALIGN(sizeof(struct cmsghdr)))/sizeof(int);
	63
	64	if (num <= 0)
	65	return 0;
	66
	67	if (num > SCM_MAX_FD)
	68	return -EINVAL;
	69
	70	if (!fpl)
	71	{
	72	fpl = kmalloc(sizeof(struct scm_fp_list), GFP_KERNEL);
	73	if (!fpl)
	74	return -ENOMEM;
	75	*fplp = fpl;
	76	fpl->count = 0;
	77	}
	78	fpp = &fpl->fp[fpl->count];
	79
	80	if (fpl->count + num > SCM_MAX_FD)
	81	return -EINVAL;
	82
	83	/*
	84	* Verify the descriptors and increment the usage count.
	85	*/
	86
	87	for (i=0; i< num; i++)
	88	{
	89	int fd = fdp[i];
	90	struct file *file;
	91
	92	if (fd < 0 \|\| !(file = fget(fd)))
	93	return -EBADF;
	94	*fpp++ = file;
	95	fpl->count++;
	96	}
	97	return num;
	98	}
	99
	100	void __scm_destroy(struct scm_cookie *scm)
	101	{
	102	struct scm_fp_list *fpl = scm->fp;
	103	int i;
	104
	105	if (fpl) {
	106	scm->fp = NULL;
	107	for (i=fpl->count-1; i>=0; i--)
	108	fput(fpl->fp[i]);
	109	kfree(fpl);
	110	}
	111	}
	112
	113	int __scm_send(struct socket sock, struct msghdr msg, struct scm_cookie *p)
	114	{
	115	struct cmsghdr *cmsg;
	116	int err;
	117
	118	for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg))
	119	{
	120	err = -EINVAL;
	121
	122	/* Verify that cmsg_len is at least sizeof(struct cmsghdr) */
	123	/* The first check was omitted in <= 2.2.5. The reasoning was
	124	that parser checks cmsg_len in any case, so that
	125	additional check would be work duplication.
	126	But if cmsg_level is not SOL_SOCKET, we do not check
	127	for too short ancillary data object at all! Oops.
	128	OK, let's add it...
	129	*/
	130	if (!CMSG_OK(msg, cmsg))
	131	goto error;
	132
	133	if (cmsg->cmsg_level != SOL_SOCKET)
	134	continue;
	135
	136	switch (cmsg->cmsg_type)
	137	{
	138	case SCM_RIGHTS:
	139	err=scm_fp_copy(cmsg, &p->fp);
	140	if (err<0)
	141	goto error;
	142	break;
	143	case SCM_CREDENTIALS:
	144	if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct ucred)))
	145	goto error;
	146	memcpy(&p->creds, CMSG_DATA(cmsg), sizeof(struct ucred));
	147	err = scm_check_creds(&p->creds);
	148	if (err)
	149	goto error;
	150	break;
	151	default:
	152	goto error;
	153	}
	154	}
	155
	156	if (p->fp && !p->fp->count)
	157	{
	158	kfree(p->fp);
	159	p->fp = NULL;
	160	}
	161	return 0;
	162
	163	error:
	164	scm_destroy(p);
	165	return err;
	166	}
	167
	168	int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data)
	169	{
	170	struct cmsghdr __user cm = (struct cmsghdr __user )msg->msg_control;
	171	struct cmsghdr cmhdr;
	172	int cmlen = CMSG_LEN(len);
	173	int err;
	174
	175	if (MSG_CMSG_COMPAT & msg->msg_flags)
	176	return put_cmsg_compat(msg, level, type, len, data);
	177
	178	if (cm==NULL \|\| msg->msg_controllen < sizeof(*cm)) {
	179	msg->msg_flags \|= MSG_CTRUNC;
	180	return 0; /* XXX: return error? check spec. */
	181	}
	182	if (msg->msg_controllen < cmlen) {
	183	msg->msg_flags \|= MSG_CTRUNC;
	184	cmlen = msg->msg_controllen;
	185	}
	186	cmhdr.cmsg_level = level;
	187	cmhdr.cmsg_type = type;
	188	cmhdr.cmsg_len = cmlen;
	189
	190	err = -EFAULT;
	191	if (copy_to_user(cm, &cmhdr, sizeof cmhdr))
	192	goto out;
	193	if (copy_to_user(CMSG_DATA(cm), data, cmlen - sizeof(struct cmsghdr)))
	194	goto out;
	195	cmlen = CMSG_SPACE(len);
	196	msg->msg_control += cmlen;
	197	msg->msg_controllen -= cmlen;
	198	err = 0;
	199	out:
	200	return err;
	201	}
	202
	203	void scm_detach_fds(struct msghdr msg, struct scm_cookie scm)
	204	{
	205	struct cmsghdr __user cm = (struct cmsghdr __user)msg->msg_control;
	206
	207	int fdmax = 0;
	208	int fdnum = scm->fp->count;
	209	struct file **fp = scm->fp->fp;
	210	int __user *cmfptr;
	211	int err = 0, i;
	212
	213	if (MSG_CMSG_COMPAT & msg->msg_flags) {
	214	scm_detach_fds_compat(msg, scm);
	215	return;
	216	}
	217
	218	if (msg->msg_controllen > sizeof(struct cmsghdr))
	219	fdmax = ((msg->msg_controllen - sizeof(struct cmsghdr))
	220	/ sizeof(int));
	221
	222	if (fdnum < fdmax)
	223	fdmax = fdnum;
	224
	225	for (i=0, cmfptr=(int __user *)CMSG_DATA(cm); i<fdmax; i++, cmfptr++)
	226	{
	227	int new_fd;
	228	err = security_file_receive(fp[i]);
	229	if (err)
	230	break;
	231	err = get_unused_fd();
	232	if (err < 0)
	233	break;
	234	new_fd = err;
	235	err = put_user(new_fd, cmfptr);
	236	if (err) {
	237	put_unused_fd(new_fd);
	238	break;
	239	}
	240	/* Bump the usage count and install the file. */
	241	get_file(fp[i]);
	242	fd_install(new_fd, fp[i]);
	243	}
	244
	245	if (i > 0)
	246	{
	247	int cmlen = CMSG_LEN(i*sizeof(int));
	248	if (!err)
	249	err = put_user(SOL_SOCKET, &cm->cmsg_level);
	250	if (!err)
	251	err = put_user(SCM_RIGHTS, &cm->cmsg_type);
	252	if (!err)
	253	err = put_user(cmlen, &cm->cmsg_len);
	254	if (!err) {
	255	cmlen = CMSG_SPACE(i*sizeof(int));
	256	msg->msg_control += cmlen;
	257	msg->msg_controllen -= cmlen;
	258	}
	259	}
	260	if (i < fdnum \|\| (fdnum && fdmax <= 0))
	261	msg->msg_flags \|= MSG_CTRUNC;
	262
	263	/*
	264	* All of the files that fit in the message have had their
	265	* usage counts incremented, so we just free the list.
	266	*/
	267	__scm_destroy(scm);
	268	}
	269
	270	struct scm_fp_list scm_fp_dup(struct scm_fp_list fpl)
	271	{
	272	struct scm_fp_list *new_fpl;
	273	int i;
	274
	275	if (!fpl)
	276	return NULL;
	277
	278	new_fpl = kmalloc(sizeof(*fpl), GFP_KERNEL);
	279	if (new_fpl) {
	280	for (i=fpl->count-1; i>=0; i--)
	281	get_file(fpl->fp[i]);
	282	memcpy(new_fpl, fpl, sizeof(*fpl));
	283	}
	284	return new_fpl;
	285	}
	286
	287	EXPORT_SYMBOL(__scm_destroy);
	288	EXPORT_SYMBOL(__scm_send);
	289	EXPORT_SYMBOL(put_cmsg);
	290	EXPORT_SYMBOL(scm_detach_fds);
	291	EXPORT_SYMBOL(scm_fp_dup);