2005-04-17 06:20:36 +08:00
|
|
|
#ifndef __LINUX_NET_AFUNIX_H
|
|
|
|
#define __LINUX_NET_AFUNIX_H
|
2005-08-16 13:18:02 +08:00
|
|
|
|
|
|
|
#include <linux/socket.h>
|
|
|
|
#include <linux/un.h>
|
2006-03-21 14:35:41 +08:00
|
|
|
#include <linux/mutex.h>
|
2005-08-16 13:18:02 +08:00
|
|
|
#include <net/sock.h>
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
extern void unix_inflight(struct file *fp);
|
|
|
|
extern void unix_notinflight(struct file *fp);
|
|
|
|
extern void unix_gc(void);
|
|
|
|
|
|
|
|
#define UNIX_HASH_SIZE 256
|
|
|
|
|
2007-11-11 14:06:01 +08:00
|
|
|
extern unsigned int unix_tot_inflight;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
struct unix_address {
|
|
|
|
atomic_t refcnt;
|
|
|
|
int len;
|
|
|
|
unsigned hash;
|
|
|
|
struct sockaddr_un name[0];
|
|
|
|
};
|
|
|
|
|
|
|
|
struct unix_skb_parms {
|
|
|
|
struct ucred creds; /* Skb credentials */
|
|
|
|
struct scm_fp_list *fp; /* Passed files */
|
[AF_UNIX]: Datagram getpeersec
This patch implements an API whereby an application can determine the
label of its peer's Unix datagram sockets via the auxiliary data mechanism of
recvmsg.
Patch purpose:
This patch enables a security-aware application to retrieve the
security context of the peer of a Unix datagram socket. The application
can then use this security context to determine the security context for
processing on behalf of the peer who sent the packet.
Patch design and implementation:
The design and implementation is very similar to the UDP case for INET
sockets. Basically we build upon the existing Unix domain socket API for
retrieving user credentials. Linux offers the API for obtaining user
credentials via ancillary messages (i.e., out of band/control messages
that are bundled together with a normal message). To retrieve the security
context, the application first indicates to the kernel such desire by
setting the SO_PASSSEC option via getsockopt. Then the application
retrieves the security context using the auxiliary data mechanism.
An example server application for Unix datagram socket should look like this:
toggle = 1;
toggle_len = sizeof(toggle);
setsockopt(sockfd, SOL_SOCKET, SO_PASSSEC, &toggle, &toggle_len);
recvmsg(sockfd, &msg_hdr, 0);
if (msg_hdr.msg_controllen > sizeof(struct cmsghdr)) {
cmsg_hdr = CMSG_FIRSTHDR(&msg_hdr);
if (cmsg_hdr->cmsg_len <= CMSG_LEN(sizeof(scontext)) &&
cmsg_hdr->cmsg_level == SOL_SOCKET &&
cmsg_hdr->cmsg_type == SCM_SECURITY) {
memcpy(&scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));
}
}
sock_setsockopt is enhanced with a new socket option SOCK_PASSSEC to allow
a server socket to receive security context of the peer.
Testing:
We have tested the patch by setting up Unix datagram client and server
applications. We verified that the server can retrieve the security context
using the auxiliary data mechanism of recvmsg.
Signed-off-by: Catherine Zhang <cxzhang@watson.ibm.com>
Acked-by: Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-30 03:27:47 +08:00
|
|
|
#ifdef CONFIG_SECURITY_NETWORK
|
2006-08-03 05:12:06 +08:00
|
|
|
u32 secid; /* Security ID */
|
[AF_UNIX]: Datagram getpeersec
This patch implements an API whereby an application can determine the
label of its peer's Unix datagram sockets via the auxiliary data mechanism of
recvmsg.
Patch purpose:
This patch enables a security-aware application to retrieve the
security context of the peer of a Unix datagram socket. The application
can then use this security context to determine the security context for
processing on behalf of the peer who sent the packet.
Patch design and implementation:
The design and implementation is very similar to the UDP case for INET
sockets. Basically we build upon the existing Unix domain socket API for
retrieving user credentials. Linux offers the API for obtaining user
credentials via ancillary messages (i.e., out of band/control messages
that are bundled together with a normal message). To retrieve the security
context, the application first indicates to the kernel such desire by
setting the SO_PASSSEC option via getsockopt. Then the application
retrieves the security context using the auxiliary data mechanism.
An example server application for Unix datagram socket should look like this:
toggle = 1;
toggle_len = sizeof(toggle);
setsockopt(sockfd, SOL_SOCKET, SO_PASSSEC, &toggle, &toggle_len);
recvmsg(sockfd, &msg_hdr, 0);
if (msg_hdr.msg_controllen > sizeof(struct cmsghdr)) {
cmsg_hdr = CMSG_FIRSTHDR(&msg_hdr);
if (cmsg_hdr->cmsg_len <= CMSG_LEN(sizeof(scontext)) &&
cmsg_hdr->cmsg_level == SOL_SOCKET &&
cmsg_hdr->cmsg_type == SCM_SECURITY) {
memcpy(&scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));
}
}
sock_setsockopt is enhanced with a new socket option SOCK_PASSSEC to allow
a server socket to receive security context of the peer.
Testing:
We have tested the patch by setting up Unix datagram client and server
applications. We verified that the server can retrieve the security context
using the auxiliary data mechanism of recvmsg.
Signed-off-by: Catherine Zhang <cxzhang@watson.ibm.com>
Acked-by: Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-06-30 03:27:47 +08:00
|
|
|
#endif
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
#define UNIXCB(skb) (*(struct unix_skb_parms*)&((skb)->cb))
|
|
|
|
#define UNIXCREDS(skb) (&UNIXCB((skb)).creds)
|
2006-08-03 05:12:06 +08:00
|
|
|
#define UNIXSID(skb) (&UNIXCB((skb)).secid)
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2007-06-01 04:24:26 +08:00
|
|
|
#define unix_state_lock(s) spin_lock(&unix_sk(s)->lock)
|
|
|
|
#define unix_state_unlock(s) spin_unlock(&unix_sk(s)->lock)
|
|
|
|
#define unix_state_lock_nested(s) \
|
2006-07-03 15:25:12 +08:00
|
|
|
spin_lock_nested(&unix_sk(s)->lock, \
|
|
|
|
SINGLE_DEPTH_NESTING)
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
#ifdef __KERNEL__
|
|
|
|
/* The AF_UNIX socket */
|
|
|
|
struct unix_sock {
|
|
|
|
/* WARNING: sk has to be the first member */
|
|
|
|
struct sock sk;
|
|
|
|
struct unix_address *addr;
|
|
|
|
struct dentry *dentry;
|
|
|
|
struct vfsmount *mnt;
|
2006-03-21 14:35:41 +08:00
|
|
|
struct mutex readlock;
|
2005-04-17 06:20:36 +08:00
|
|
|
struct sock *peer;
|
|
|
|
struct sock *other;
|
2007-07-12 05:22:39 +08:00
|
|
|
struct list_head link;
|
2005-04-17 06:20:36 +08:00
|
|
|
atomic_t inflight;
|
2006-01-04 06:10:46 +08:00
|
|
|
spinlock_t lock;
|
2007-07-12 05:22:39 +08:00
|
|
|
unsigned int gc_candidate : 1;
|
2005-04-17 06:20:36 +08:00
|
|
|
wait_queue_head_t peer_wait;
|
|
|
|
};
|
|
|
|
#define unix_sk(__sk) ((struct unix_sock *)__sk)
|
2005-08-16 13:18:02 +08:00
|
|
|
|
|
|
|
#ifdef CONFIG_SYSCTL
|
|
|
|
extern int sysctl_unix_max_dgram_qlen;
|
|
|
|
extern void unix_sysctl_register(void);
|
|
|
|
extern void unix_sysctl_unregister(void);
|
|
|
|
#else
|
|
|
|
static inline void unix_sysctl_register(void) {}
|
|
|
|
static inline void unix_sysctl_unregister(void) {}
|
|
|
|
#endif
|
2005-04-17 06:20:36 +08:00
|
|
|
#endif
|
|
|
|
#endif
|