From bb7faafd1c8a9189881895269291d36e6a0e5193 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Schieli?= <cschieli@gmail.com>
Date: Sat, 18 Mar 2017 11:33:06 +0100
Subject: [PATCH] Secure promiscuous mode for unix sockets

Adjusts the permissions of unix sockets when promiscuous mode is enabled.
---
 posix/JackSocket.cpp | 28 +++++++++++++++++++++++-----
 posix/JackSocket.h   | 10 ++++++----
 2 files changed, 29 insertions(+), 9 deletions(-)

diff --git a/posix/JackSocket.cpp b/posix/JackSocket.cpp
index e8b528d9..73f1fc44 100644
--- a/posix/JackSocket.cpp
+++ b/posix/JackSocket.cpp
@@ -21,6 +21,7 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 #include "JackConstants.h"
 #include "JackTools.h"
 #include "JackError.h"
+#include "promiscuous.h"
 #include <string.h>
 #include <stdio.h>
 #include <pthread.h>
@@ -29,18 +30,25 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 namespace Jack
 {
 
-static void BuildName(const char* client_name, char* res, const char* dir, int which, int size)
+static void BuildName(const char* client_name, char* res, const char* dir, int which, int size, bool promiscuous)
 {
     char ext_client_name[SYNC_MAX_NAME_SIZE + 1];
     JackTools::RewriteName(client_name, ext_client_name);
-    if (getenv("JACK_PROMISCUOUS_SERVER")) {
+    if (promiscuous) {
 	    snprintf(res, size, "%s/jack_%s_%d", dir, ext_client_name, which);
     } else {
 	    snprintf(res, size, "%s/jack_%s_%d_%d", dir, ext_client_name, JackTools::GetUID(), which);
     }
 }
 
-JackClientSocket::JackClientSocket(int socket): JackClientRequestInterface(), fSocket(socket),fTimeOut(0)
+JackClientSocket::JackClientSocket(): JackClientRequestInterface(), fSocket(-1), fTimeOut(0)
+{
+    const char* promiscuous = getenv("JACK_PROMISCUOUS_SERVER");
+    fPromiscuous = (promiscuous != NULL);
+    fPromiscuousGid = jack_group2gid(promiscuous);
+}
+
+JackClientSocket::JackClientSocket(int socket): JackClientRequestInterface(), fSocket(socket),fTimeOut(0), fPromiscuous(false), fPromiscuousGid(-1)
 {}
 
 #if defined(__sun__) || defined(sun)
@@ -123,7 +131,7 @@ int JackClientSocket::Connect(const char* dir, const char* name, int which) // A
     }
 
     addr.sun_family = AF_UNIX;
-    BuildName(name, addr.sun_path, dir, which, sizeof(addr.sun_path));
+    BuildName(name, addr.sun_path, dir, which, sizeof(addr.sun_path), fPromiscuous);
     jack_log("JackClientSocket::Connect : addr.sun_path %s", addr.sun_path);
 
     if (connect(fSocket, (struct sockaddr*)&addr, sizeof(addr)) < 0) {
@@ -247,6 +255,13 @@ int JackClientSocket::Write(void* data, int len)
     }
 }
 
+JackServerSocket::JackServerSocket(): fSocket( -1)
+{
+    const char* promiscuous = getenv("JACK_PROMISCUOUS_SERVER");
+    fPromiscuous = (promiscuous != NULL);
+    fPromiscuousGid = jack_group2gid(promiscuous);
+}
+
 int JackServerSocket::Bind(const char* dir, const char* name, int which) // A revoir : utilisation de "which"
 {
     struct sockaddr_un addr;
@@ -258,7 +273,7 @@ int JackServerSocket::Bind(const char* dir, const char* name, int which) // A re
 
     addr.sun_family = AF_UNIX;
     // Socket name has to be kept in fName to be "unlinked".
-    BuildName(name, fName, dir, which, sizeof(addr.sun_path));
+    BuildName(name, fName, dir, which, sizeof(addr.sun_path), fPromiscuous);
     strncpy(addr.sun_path, fName, sizeof(addr.sun_path) - 1);
    
     jack_log("JackServerSocket::Bind : addr.sun_path %s", addr.sun_path);
@@ -274,6 +289,9 @@ int JackServerSocket::Bind(const char* dir, const char* name, int which) // A re
         goto error;
     }
 
+    if (fPromiscuous && (jack_promiscuous_perms(-1, fName, fPromiscuousGid) < 0))
+        goto error;
+
     return 0;
 
 error:
diff --git a/posix/JackSocket.h b/posix/JackSocket.h
index 8568025b..5f0501a1 100644
--- a/posix/JackSocket.h
+++ b/posix/JackSocket.h
@@ -45,11 +45,12 @@ class JackClientSocket : public detail::JackClientRequestInterface
 
         int fSocket;
         int fTimeOut;
+        bool fPromiscuous;
+        int fPromiscuousGid;
 
     public:
 
-        JackClientSocket():JackClientRequestInterface(), fSocket(-1), fTimeOut(0)
-        {}
+        JackClientSocket();
         JackClientSocket(int socket);
 
         int Connect(const char* dir, const char* name, int which);
@@ -80,11 +81,12 @@ class JackServerSocket
 
         int fSocket;
         char fName[SOCKET_MAX_NAME_SIZE];
+        bool fPromiscuous;
+        int fPromiscuousGid;
 
     public:
 
-        JackServerSocket(): fSocket( -1)
-        {}
+        JackServerSocket();
         ~JackServerSocket()
         {}