search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
gitignore
[glib.git] / gio / gunixconnection.c
blobc21353eac1b2b3261c0b5cd03753c0a5dbfc3520
1 /* GIO - GLib Input, Output and Streaming Library
2 *
3 * Copyright © 2009 Codethink Limited
4 *
5 * This program is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU Lesser General Public License as published
7 * by the Free Software Foundation; either version 2 of the licence or (at
8 * your option) any later version.
9 *
10 * See the included COPYING file for more information.
11 *
12 * Authors: Ryan Lortie <desrt@desrt.ca>
13 */
14
15 #include "config.h"
16 #include "gunixconnection.h"
17 #include "gunixcredentialsmessage.h"
18 #include "glibintl.h"
19
20 /**
21 * SECTION:gunixconnection
22 * @title: GUnixConnection
23 * @short_description: A UNIX domain GSocketConnection
24 * @include: gio/gunixconnection.h
25 * @see_also: #GSocketConnection.
26 *
27 * This is the subclass of #GSocketConnection that is created
28 * for UNIX domain sockets.
29 *
30 * It contains functions to do some of the UNIX socket specific
31 * functionality like passing file descriptors.
32 *
33 * Note that <filename>&lt;gio/gunixconnection.h&gt;</filename> belongs to
34 * the UNIX-specific GIO interfaces, thus you have to use the
35 * <filename>gio-unix-2.0.pc</filename> pkg-config file when using it.
36 *
37 * Since: 2.22
38 */
39
40 #include <gio/gsocketcontrolmessage.h>
41 #include <gio/gunixfdmessage.h>
42 #include <gio/gsocket.h>
43 #include <unistd.h>
44
45 #ifdef __linux__
46 /* for getsockopt() and setsockopt() */
47 #include <sys/types.h> /* See NOTES */
48 #include <sys/socket.h>
49 #include <errno.h>
50 #include <string.h>
51 #endif
52
53
54 G_DEFINE_TYPE_WITH_CODE (GUnixConnection, g_unix_connection,
55 G_TYPE_SOCKET_CONNECTION,
56 g_socket_connection_factory_register_type (g_define_type_id,
57 G_SOCKET_FAMILY_UNIX,
58 G_SOCKET_TYPE_STREAM,
59 G_SOCKET_PROTOCOL_DEFAULT);
60 );
61
62 /**
63 * g_unix_connection_send_fd:
64 * @connection: a #GUnixConnection
65 * @fd: a file descriptor
66 * @cancellable: (allow-none): optional #GCancellable object, %NULL to ignore.
67 * @error: (allow-none): #GError for error reporting, or %NULL to ignore.
68 *
69 * Passes a file descriptor to the receiving side of the
70 * connection. The receiving end has to call g_unix_connection_receive_fd()
71 * to accept the file descriptor.
72 *
73 * As well as sending the fd this also writes a single byte to the
74 * stream, as this is required for fd passing to work on some
75 * implementations.
76 *
77 * Returns: a %TRUE on success, %NULL on error.
78 *
79 * Since: 2.22
80 */
81 gboolean
82 g_unix_connection_send_fd (GUnixConnection *connection,
83 gint fd,
84 GCancellable *cancellable,
85 GError **error)
86 {
87 GSocketControlMessage *scm;
88 GSocket *socket;
89
90 g_return_val_if_fail (G_IS_UNIX_CONNECTION (connection), FALSE);
91 g_return_val_if_fail (fd >= 0, FALSE);
92
93 scm = g_unix_fd_message_new ();
94
95 if (!g_unix_fd_message_append_fd (G_UNIX_FD_MESSAGE (scm), fd, error))
96 {
97 g_object_unref (scm);
98 return FALSE;
99 }
100
101 g_object_get (connection, "socket", &socket, NULL);
102 if (g_socket_send_message (socket, NULL, NULL, 0, &scm, 1, 0, cancellable, error) != 1)
103 /* XXX could it 'fail' with zero? */
104 {
105 g_object_unref (socket);
106 g_object_unref (scm);
107
108 return FALSE;
109 }
110
111 g_object_unref (socket);
112 g_object_unref (scm);
113
114 return TRUE;
115 }
116
117 /**
118 * g_unix_connection_receive_fd:
119 * @connection: a #GUnixConnection
120 * @cancellable: (allow-none): optional #GCancellable object, %NULL to ignore
121 * @error: (allow-none): #GError for error reporting, or %NULL to ignore
122 *
123 * Receives a file descriptor from the sending end of the connection.
124 * The sending end has to call g_unix_connection_send_fd() for this
125 * to work.
126 *
127 * As well as reading the fd this also reads a single byte from the
128 * stream, as this is required for fd passing to work on some
129 * implementations.
130 *
131 * Returns: a file descriptor on success, -1 on error.
132 *
133 * Since: 2.22
134 **/
135 gint
136 g_unix_connection_receive_fd (GUnixConnection *connection,
137 GCancellable *cancellable,
138 GError **error)
139 {
140 GSocketControlMessage **scms;
141 gint *fds, nfd, fd, nscm;
142 GUnixFDMessage *fdmsg;
143 GSocket *socket;
144
145 g_return_val_if_fail (G_IS_UNIX_CONNECTION (connection), -1);
146
147 g_object_get (connection, "socket", &socket, NULL);
148 if (g_socket_receive_message (socket, NULL, NULL, 0,
149 &scms, &nscm, NULL, cancellable, error) != 1)
150 /* XXX it _could_ 'fail' with zero. */
151 {
152 g_object_unref (socket);
153
154 return -1;
155 }
156
157 g_object_unref (socket);
158
159 if (nscm != 1)
160 {
161 gint i;
162
163 g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
164 _("Expecting 1 control message, got %d"), nscm);
165
166 for (i = 0; i < nscm; i++)
167 g_object_unref (scms[i]);
168
169 g_free (scms);
170
171 return -1;
172 }
173
174 if (!G_IS_UNIX_FD_MESSAGE (scms[0]))
175 {
176 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
177 _("Unexpected type of ancillary data"));
178 g_object_unref (scms[0]);
179 g_free (scms);
180
181 return -1;
182 }
183
184 fdmsg = G_UNIX_FD_MESSAGE (scms[0]);
185 g_free (scms);
186
187 fds = g_unix_fd_message_steal_fds (fdmsg, &nfd);
188 g_object_unref (fdmsg);
189
190 if (nfd != 1)
191 {
192 gint i;
193
194 g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
195 _("Expecting one fd, but got %d\n"), nfd);
196
197 for (i = 0; i < nfd; i++)
198 close (fds[i]);
199
200 g_free (fds);
201
202 return -1;
203 }
204
205 fd = *fds;
206 g_free (fds);
207
208 if (fd < 0)
209 {
210 g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
211 _("Received invalid fd"));
212 fd = -1;
213 }
214
215 return fd;
216 }
217
218 static void
219 g_unix_connection_init (GUnixConnection *connection)
220 {
221 }
222
223 static void
224 g_unix_connection_class_init (GUnixConnectionClass *class)
225 {
226 }
227
228 /* TODO: Other stuff we might want to add are:
229 void g_unix_connection_send_fd_async (GUnixConnection *connection,
230 gint fd,
231 gboolean close,
232 gint io_priority,
233 GAsyncReadyCallback callback,
234 gpointer user_data);
235 gboolean g_unix_connection_send_fd_finish (GUnixConnection *connection,
236 GError **error);
237
238 gboolean g_unix_connection_send_fds (GUnixConnection *connection,
239 gint *fds,
240 gint nfds,
241 GError **error);
242 void g_unix_connection_send_fds_async (GUnixConnection *connection,
243 gint *fds,
244 gint nfds,
245 gint io_priority,
246 GAsyncReadyCallback callback,
247 gpointer user_data);
248 gboolean g_unix_connection_send_fds_finish (GUnixConnection *connection,
249 GError **error);
250
251 void g_unix_connection_receive_fd_async (GUnixConnection *connection,
252 gint io_priority,
253 GAsyncReadyCallback callback,
254 gpointer user_data);
255 gint g_unix_connection_receive_fd_finish (GUnixConnection *connection,
256 GError **error);
257
258
259 gboolean g_unix_connection_send_credentials (GUnixConnection *connection,
260 GError **error);
261 void g_unix_connection_send_credentials_async (GUnixConnection *connection,
262 gint io_priority,
263 GAsyncReadyCallback callback,
264 gpointer user_data);
265 gboolean g_unix_connection_send_credentials_finish (GUnixConnection *connection,
266 GError **error);
267
268 gboolean g_unix_connection_send_fake_credentials (GUnixConnection *connection,
269 guint64 pid,
270 guint64 uid,
271 guint64 gid,
272 GError **error);
273 void g_unix_connection_send_fake_credentials_async (GUnixConnection *connection,
274 guint64 pid,
275 guint64 uid,
276 guint64 gid,
277 gint io_priority,
278 GAsyncReadyCallback callback,
279 gpointer user_data);
280 gboolean g_unix_connection_send_fake_credentials_finish (GUnixConnection *connection,
281 GError **error);
282
283 gboolean g_unix_connection_receive_credentials (GUnixConnection *connection,
284 guint64 *pid,
285 guint64 *uid,
286 guint64 *gid,
287 GError **error);
288 void g_unix_connection_receive_credentials_async (GUnixConnection *connection,
289 gint io_priority,
290 GAsyncReadyCallback callback,
291 gpointer user_data);
292 gboolean g_unix_connection_receive_credentials_finish (GUnixConnection *connection,
293 guint64 *pid,
294 guint64 *uid,
295 guint64 *gid,
296 GError **error);
297
298 gboolean g_unix_connection_create_pair (GUnixConnection **one,
299 GUnixConnection **two,
300 GError **error);
301 */
302
303
304 /**
305 * g_unix_connection_send_credentials:
306 * @connection: A #GUnixConnection.
307 * @cancellable: (allow-none): A #GCancellable or %NULL.
308 * @error: Return location for error or %NULL.
309 *
310 * Passes the credentials of the current user the receiving side
311 * of the connection. The receiving end has to call
312 * g_unix_connection_receive_credentials() (or similar) to accept the
313 * credentials.
314 *
315 * As well as sending the credentials this also writes a single NUL
316 * byte to the stream, as this is required for credentials passing to
317 * work on some implementations.
318 *
319 * Other ways to exchange credentials with a foreign peer includes the
320 * #GUnixCredentialsMessage type and g_socket_get_credentials() function.
321 *
322 * Returns: %TRUE on success, %FALSE if @error is set.
323 *
324 * Since: 2.26
325 */
326 gboolean
327 g_unix_connection_send_credentials (GUnixConnection *connection,
328 GCancellable *cancellable,
329 GError **error)
330 {
331 GCredentials *credentials;
332 GSocketControlMessage *scm;
333 GSocket *socket;
334 gboolean ret;
335 GOutputVector vector;
336 guchar nul_byte[1] = {'\0'};
337 gint num_messages;
338
339 g_return_val_if_fail (G_IS_UNIX_CONNECTION (connection), FALSE);
340 g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
341
342 ret = FALSE;
343
344 credentials = g_credentials_new ();
345
346 vector.buffer = &nul_byte;
347 vector.size = 1;
348
349 if (g_unix_credentials_message_is_supported ())
350 {
351 scm = g_unix_credentials_message_new_with_credentials (credentials);
352 num_messages = 1;
353 }
354 else
355 {
356 scm = NULL;
357 num_messages = 0;
358 }
359
360 g_object_get (connection, "socket", &socket, NULL);
361 if (g_socket_send_message (socket,
362 NULL, /* address */
363 &vector,
364 1,
365 &scm,
366 num_messages,
367 G_SOCKET_MSG_NONE,
368 cancellable,
369 error) != 1)
370 {
371 g_prefix_error (error, _("Error sending credentials: "));
372 goto out;
373 }
374
375 ret = TRUE;
376
377 out:
378 g_object_unref (socket);
379 if (scm != NULL)
380 g_object_unref (scm);
381 g_object_unref (credentials);
382 return ret;
383 }
384
385 /**
386 * g_unix_connection_receive_credentials:
387 * @connection: A #GUnixConnection.
388 * @cancellable: (allow-none): A #GCancellable or %NULL.
389 * @error: Return location for error or %NULL.
390 *
391 * Receives credentials from the sending end of the connection. The
392 * sending end has to call g_unix_connection_send_credentials() (or
393 * similar) for this to work.
394 *
395 * As well as reading the credentials this also reads (and discards) a
396 * single byte from the stream, as this is required for credentials
397 * passing to work on some implementations.
398 *
399 * Other ways to exchange credentials with a foreign peer includes the
400 * #GUnixCredentialsMessage type and g_socket_get_credentials() function.
401 *
402 * Returns: (transfer full): Received credentials on success (free with
403 * g_object_unref()), %NULL if @error is set.
404 *
405 * Since: 2.26
406 */
407 GCredentials *
408 g_unix_connection_receive_credentials (GUnixConnection *connection,
409 GCancellable *cancellable,
410 GError **error)
411 {
412 GCredentials *ret;
413 GSocketControlMessage **scms;
414 gint nscm;
415 GSocket *socket;
416 gint n;
417 volatile GType credentials_message_gtype;
418 gssize num_bytes_read;
419 #ifdef __linux__
420 gboolean turn_off_so_passcreds;
421 #endif
422
423 g_return_val_if_fail (G_IS_UNIX_CONNECTION (connection), NULL);
424 g_return_val_if_fail (error == NULL || *error == NULL, NULL);
425
426 ret = NULL;
427 scms = NULL;
428
429 g_object_get (connection, "socket", &socket, NULL);
430
431 /* On Linux, we need to turn on SO_PASSCRED if it isn't enabled
432 * already. We also need to turn it off when we're done. See
433 * #617483 for more discussion.
434 */
435 #ifdef __linux__
436 {
437 gint opt_val;
438 socklen_t opt_len;
439
440 turn_off_so_passcreds = FALSE;
441 opt_val = 0;
442 opt_len = sizeof (gint);
443 if (getsockopt (g_socket_get_fd (socket),
444 SOL_SOCKET,
445 SO_PASSCRED,
446 &opt_val,
447 &opt_len) != 0)
448 {
449 g_set_error (error,
450 G_IO_ERROR,
451 g_io_error_from_errno (errno),
452 _("Error checking if SO_PASSCRED is enabled for socket: %s"),
453 strerror (errno));
454 goto out;
455 }
456 if (opt_len != sizeof (gint))
457 {
458 g_set_error (error,
459 G_IO_ERROR,
460 G_IO_ERROR_FAILED,
461 _("Unexpected option length while checking if SO_PASSCRED is enabled for socket. "
462 "Expected %d bytes, got %d"),
463 (gint) sizeof (gint), (gint) opt_len);
464 goto out;
465 }
466 if (opt_val == 0)
467 {
468 opt_val = 1;
469 if (setsockopt (g_socket_get_fd (socket),
470 SOL_SOCKET,
471 SO_PASSCRED,
472 &opt_val,
473 sizeof opt_val) != 0)
474 {
475 g_set_error (error,
476 G_IO_ERROR,
477 g_io_error_from_errno (errno),
478 _("Error enabling SO_PASSCRED: %s"),
479 strerror (errno));
480 goto out;
481 }
482 turn_off_so_passcreds = TRUE;
483 }
484 }
485 #endif
486
487 /* ensure the type of GUnixCredentialsMessage has been registered with the type system */
488 credentials_message_gtype = G_TYPE_UNIX_CREDENTIALS_MESSAGE;
489 (credentials_message_gtype); /* To avoid -Wunused-but-set-variable */
490 num_bytes_read = g_socket_receive_message (socket,
491 NULL, /* GSocketAddress **address */
492 NULL,
493 0,
494 &scms,
495 &nscm,
496 NULL,
497 cancellable,
498 error);
499 if (num_bytes_read != 1)
500 {
501 /* Handle situation where g_socket_receive_message() returns
502 * 0 bytes and not setting @error
503 */
504 if (num_bytes_read == 0 && error != NULL && *error == NULL)
505 {
506 g_set_error_literal (error,
507 G_IO_ERROR,
508 G_IO_ERROR_FAILED,
509 _("Expecting to read a single byte for receiving credentials but read zero bytes"));
510 }
511 goto out;
512 }
513
514 if (g_unix_credentials_message_is_supported ())
515 {
516 if (nscm != 1)
517 {
518 g_set_error (error,
519 G_IO_ERROR,
520 G_IO_ERROR_FAILED,
521 _("Expecting 1 control message, got %d"),
522 nscm);
523 goto out;
524 }
525
526 if (!G_IS_UNIX_CREDENTIALS_MESSAGE (scms[0]))
527 {
528 g_set_error_literal (error,
529 G_IO_ERROR,
530 G_IO_ERROR_FAILED,
531 _("Unexpected type of ancillary data"));
532 goto out;
533 }
534
535 ret = g_unix_credentials_message_get_credentials (G_UNIX_CREDENTIALS_MESSAGE (scms[0]));
536 g_object_ref (ret);
537 }
538 else
539 {
540 if (nscm != 0)
541 {
542 g_set_error (error,
543 G_IO_ERROR,
544 G_IO_ERROR_FAILED,
545 _("Not expecting control message, but got %d"),
546 nscm);
547 goto out;
548 }
549 else
550 {
551 ret = g_socket_get_credentials (socket, error);
552 }
553 }
554
555 out:
556
557 #ifdef __linux__
558 if (turn_off_so_passcreds)
559 {
560 gint opt_val;
561 opt_val = 0;
562 if (setsockopt (g_socket_get_fd (socket),
563 SOL_SOCKET,
564 SO_PASSCRED,
565 &opt_val,
566 sizeof opt_val) != 0)
567 {
568 g_set_error (error,
569 G_IO_ERROR,
570 g_io_error_from_errno (errno),
571 _("Error while disabling SO_PASSCRED: %s"),
572 strerror (errno));
573 goto out;
574 }
575 }
576 #endif
577
578 if (scms != NULL)
579 {
580 for (n = 0; n < nscm; n++)
581 g_object_unref (scms[n]);
582 g_free (scms);
583 }
584 g_object_unref (socket);
585 return ret;
586 }
glib mirror