Browse Source

Secure promiscuous mode for unix sockets

Adjusts the permissions of unix sockets when promiscuous mode is enabled.
tags/v1.9.12
Cédric Schieli 4 years ago
parent
commit
bb7faafd1c
2 changed files with 29 additions and 9 deletions
  1. +23
    -5
      posix/JackSocket.cpp
  2. +6
    -4
      posix/JackSocket.h

+ 23
- 5
posix/JackSocket.cpp View File

@@ -21,6 +21,7 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#include "JackConstants.h"
#include "JackTools.h"
#include "JackError.h"
#include "promiscuous.h"
#include <string.h>
#include <stdio.h>
#include <pthread.h>
@@ -29,18 +30,25 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
namespace Jack
{

static void BuildName(const char* client_name, char* res, const char* dir, int which, int size)
static void BuildName(const char* client_name, char* res, const char* dir, int which, int size, bool promiscuous)
{
char ext_client_name[SYNC_MAX_NAME_SIZE + 1];
JackTools::RewriteName(client_name, ext_client_name);
if (getenv("JACK_PROMISCUOUS_SERVER")) {
if (promiscuous) {
snprintf(res, size, "%s/jack_%s_%d", dir, ext_client_name, which);
} else {
snprintf(res, size, "%s/jack_%s_%d_%d", dir, ext_client_name, JackTools::GetUID(), which);
}
}

JackClientSocket::JackClientSocket(int socket): JackClientRequestInterface(), fSocket(socket),fTimeOut(0)
JackClientSocket::JackClientSocket(): JackClientRequestInterface(), fSocket(-1), fTimeOut(0)
{
const char* promiscuous = getenv("JACK_PROMISCUOUS_SERVER");
fPromiscuous = (promiscuous != NULL);
fPromiscuousGid = jack_group2gid(promiscuous);
}

JackClientSocket::JackClientSocket(int socket): JackClientRequestInterface(), fSocket(socket),fTimeOut(0), fPromiscuous(false), fPromiscuousGid(-1)
{}

#if defined(__sun__) || defined(sun)
@@ -123,7 +131,7 @@ int JackClientSocket::Connect(const char* dir, const char* name, int which) // A
}

addr.sun_family = AF_UNIX;
BuildName(name, addr.sun_path, dir, which, sizeof(addr.sun_path));
BuildName(name, addr.sun_path, dir, which, sizeof(addr.sun_path), fPromiscuous);
jack_log("JackClientSocket::Connect : addr.sun_path %s", addr.sun_path);

if (connect(fSocket, (struct sockaddr*)&addr, sizeof(addr)) < 0) {
@@ -247,6 +255,13 @@ int JackClientSocket::Write(void* data, int len)
}
}

JackServerSocket::JackServerSocket(): fSocket( -1)
{
const char* promiscuous = getenv("JACK_PROMISCUOUS_SERVER");
fPromiscuous = (promiscuous != NULL);
fPromiscuousGid = jack_group2gid(promiscuous);
}

int JackServerSocket::Bind(const char* dir, const char* name, int which) // A revoir : utilisation de "which"
{
struct sockaddr_un addr;
@@ -258,7 +273,7 @@ int JackServerSocket::Bind(const char* dir, const char* name, int which) // A re

addr.sun_family = AF_UNIX;
// Socket name has to be kept in fName to be "unlinked".
BuildName(name, fName, dir, which, sizeof(addr.sun_path));
BuildName(name, fName, dir, which, sizeof(addr.sun_path), fPromiscuous);
strncpy(addr.sun_path, fName, sizeof(addr.sun_path) - 1);
jack_log("JackServerSocket::Bind : addr.sun_path %s", addr.sun_path);
@@ -274,6 +289,9 @@ int JackServerSocket::Bind(const char* dir, const char* name, int which) // A re
goto error;
}

if (fPromiscuous && (jack_promiscuous_perms(-1, fName, fPromiscuousGid) < 0))
goto error;

return 0;

error:


+ 6
- 4
posix/JackSocket.h View File

@@ -45,11 +45,12 @@ class JackClientSocket : public detail::JackClientRequestInterface

int fSocket;
int fTimeOut;
bool fPromiscuous;
int fPromiscuousGid;

public:

JackClientSocket():JackClientRequestInterface(), fSocket(-1), fTimeOut(0)
{}
JackClientSocket();
JackClientSocket(int socket);

int Connect(const char* dir, const char* name, int which);
@@ -80,11 +81,12 @@ class JackServerSocket

int fSocket;
char fName[SOCKET_MAX_NAME_SIZE];
bool fPromiscuous;
int fPromiscuousGid;

public:

JackServerSocket(): fSocket( -1)
{}
JackServerSocket();
~JackServerSocket()
{}



Loading…
Cancel
Save