LADI
/
jack2
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Secure promiscuous mode for unix sockets 

Adjusts the permissions of unix sockets when promiscuous mode is enabled.
This commit is contained in:
Cédric Schieli 2017-03-18 11:33:06 +01:00
parent 325b8ff80f
commit bb7faafd1c
2 changed files with 29 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
posix/JackSocket.cpp
View File

@ -21,6 +21,7 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#include "JackConstants.h"
#include "JackTools.h"
#include "JackError.h"
#include "promiscuous.h"
#include <string.h>
#include <stdio.h>
#include <pthread.h>
@ -29,18 +30,25 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
namespace Jack
{
static void BuildName(const char* client_name, char* res, const char* dir, int which, int size)
static void BuildName(const char* client_name, char* res, const char* dir, int which, int size, bool promiscuous)
{
char ext_client_name[SYNC_MAX_NAME_SIZE + 1];
JackTools::RewriteName(client_name, ext_client_name);
if (getenv("JACK_PROMISCUOUS_SERVER")) {
if (promiscuous) {
snprintf(res, size, "%s/jack_%s_%d", dir, ext_client_name, which);
} else {
snprintf(res, size, "%s/jack_%s_%d_%d", dir, ext_client_name, JackTools::GetUID(), which);
}
}
JackClientSocket::JackClientSocket(int socket): JackClientRequestInterface(), fSocket(socket),fTimeOut(0)
JackClientSocket::JackClientSocket(): JackClientRequestInterface(), fSocket(-1), fTimeOut(0)
{
const char* promiscuous = getenv("JACK_PROMISCUOUS_SERVER");
fPromiscuous = (promiscuous != NULL);
fPromiscuousGid = jack_group2gid(promiscuous);
}
JackClientSocket::JackClientSocket(int socket): JackClientRequestInterface(), fSocket(socket),fTimeOut(0), fPromiscuous(false), fPromiscuousGid(-1)
{}
#if defined(__sun__) || defined(sun)
@ -123,7 +131,7 @@ int JackClientSocket::Connect(const char* dir, const char* name, int which) // A
}
addr.sun_family = AF_UNIX;
BuildName(name, addr.sun_path, dir, which, sizeof(addr.sun_path));
BuildName(name, addr.sun_path, dir, which, sizeof(addr.sun_path), fPromiscuous);
jack_log("JackClientSocket::Connect : addr.sun_path %s", addr.sun_path);
if (connect(fSocket, (struct sockaddr*)&addr, sizeof(addr)) < 0) {
@ -247,6 +255,13 @@ int JackClientSocket::Write(void* data, int len)
}
}
JackServerSocket::JackServerSocket(): fSocket( -1)
{
const char* promiscuous = getenv("JACK_PROMISCUOUS_SERVER");
fPromiscuous = (promiscuous != NULL);
fPromiscuousGid = jack_group2gid(promiscuous);
}
int JackServerSocket::Bind(const char* dir, const char* name, int which) // A revoir : utilisation de "which"
{
struct sockaddr_un addr;
@ -258,7 +273,7 @@ int JackServerSocket::Bind(const char* dir, const char* name, int which) // A re
addr.sun_family = AF_UNIX;
// Socket name has to be kept in fName to be "unlinked".
BuildName(name, fName, dir, which, sizeof(addr.sun_path));
BuildName(name, fName, dir, which, sizeof(addr.sun_path), fPromiscuous);
strncpy(addr.sun_path, fName, sizeof(addr.sun_path) - 1);
jack_log("JackServerSocket::Bind : addr.sun_path %s", addr.sun_path);
@ -274,6 +289,9 @@ int JackServerSocket::Bind(const char* dir, const char* name, int which) // A re
goto error;
}
if (fPromiscuous && (jack_promiscuous_perms(-1, fName, fPromiscuousGid) < 0))
goto error;
return 0;
error:

10
posix/JackSocket.h
View File

@ -45,11 +45,12 @@ class JackClientSocket : public detail::JackClientRequestInterface
int fSocket;
int fTimeOut;
bool fPromiscuous;
int fPromiscuousGid;
public:
JackClientSocket():JackClientRequestInterface(), fSocket(-1), fTimeOut(0)
{}
JackClientSocket();
JackClientSocket(int socket);
int Connect(const char* dir, const char* name, int which);
@ -80,11 +81,12 @@ class JackServerSocket
int fSocket;
char fName[SOCKET_MAX_NAME_SIZE];
bool fPromiscuous;
int fPromiscuousGid;
public:
JackServerSocket(): fSocket( -1)
{}
JackServerSocket();
~JackServerSocket()
{}