1 /*****************************************************************************
3 *****************************************************************************
4 * Copyright © 2005-2008 Rémi Denis-Courmont
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
19 *****************************************************************************/
24 #define _XPG4_2 /* ancilliary data on Solaris */
26 #include <stdlib.h> /* exit() */
30 #include <sys/types.h>
34 #include <sys/socket.h>
36 #include <sys/resource.h> /* getrlimit() */
41 #include <netinet/in.h>
43 #if defined (AF_INET6) && !defined (IPV6_V6ONLY)
44 # warning Uho, your IPv6 support is broken and has been disabled. Fix your C library.
49 # define AF_LOCAL AF_UNIX
51 /* Required yet non-standard cmsg functions */
53 # define CMSG_ALIGN(len) (((len) + sizeof(intptr_t)-1) & ~(sizeof(intptr_t)-1))
56 # define CMSG_SPACE(len) (CMSG_ALIGN(sizeof(struct cmsghdr)) + CMSG_ALIGN(len))
59 # define CMSG_LEN(len) (CMSG_ALIGN(sizeof(struct cmsghdr)) + (len))
62 static inline int is_allowed_port (uint16_t port)
65 return (port == 80) || (port == 443) || (port == 554);
69 static inline int send_err (int fd, int err)
71 return send (fd, &err, sizeof (err), 0) == sizeof (err) ? 0 : -1;
75 * Send a file descriptor to another process
77 static int send_fd (int p, int fd)
82 char buf[CMSG_SPACE (sizeof (fd))];
89 hdr.msg_control = buf;
90 hdr.msg_controllen = sizeof (buf);
93 iov.iov_len = sizeof (val);
95 cmsg = CMSG_FIRSTHDR (&hdr);
96 cmsg->cmsg_level = SOL_SOCKET;
97 cmsg->cmsg_type = SCM_RIGHTS;
98 cmsg->cmsg_len = CMSG_LEN (sizeof (fd));
99 memcpy (CMSG_DATA (cmsg), &fd, sizeof (fd));
100 hdr.msg_controllen = cmsg->cmsg_len;
102 return sendmsg (p, &hdr, 0) == sizeof (val) ? 0 : -1;
107 * Background process run as root to open privileged TCP ports.
109 static void rootprocess (int fd)
114 struct sockaddr_storage ss;
115 struct sockaddr_in sin;
117 struct sockaddr_in6 sin6;
121 while (recv (fd, &addr.ss, sizeof (addr.ss), 0) == sizeof (addr.ss))
127 switch (addr.sa.sa_family)
130 if (!is_allowed_port (addr.sin.sin_port))
132 if (send_err (fd, EACCES))
136 len = sizeof (struct sockaddr_in);
142 if (!is_allowed_port (addr.sin6.sin6_port))
144 if (send_err (fd, EACCES))
148 len = sizeof (struct sockaddr_in6);
154 if (send_err (fd, EAFNOSUPPORT))
159 sock = socket (family, SOCK_STREAM, IPPROTO_TCP);
164 setsockopt (sock, SOL_SOCKET, SO_REUSEADDR, &val, sizeof (val));
166 if (addr.sa.sa_family == AF_INET6)
167 setsockopt (sock, IPPROTO_IPV6, IPV6_V6ONLY, &val, sizeof (val));
169 if (bind (sock, &addr.sa, len) == 0)
176 send_err (fd, errno);
181 * - use libcap if available,
185 int main (int argc, char *argv[])
187 /* Support for dynamically opening RTSP, HTTP and HTTP/SSL ports */
190 if (socketpair (AF_LOCAL, SOCK_STREAM, 0, pair))
193 goto error; /* we want 0, 1 and 2 open */
203 int null = open ("/dev/null", O_RDWR);
213 rootprocess (pair[1]);
222 snprintf (buf, sizeof (buf), "%d", pair[0]);
223 setenv ("VLC_ROOTWRAP_SOCK", buf, 1);
225 /* Support for real-time priorities */
228 rlim.rlim_max = rlim.rlim_cur = sched_get_priority_min (SCHED_RR) + 24;
229 setrlimit (RLIMIT_RTPRIO, &rlim);
232 uid_t uid = getuid ();
235 const char *sudo = getenv ("SUDO_UID");
241 fprintf (stderr, "Cannot determine unprivileged user for VLC!\n");
246 if (!setuid (0)) /* sanity check: we cannot get root back */
249 /* Yeah, the user can execute just about anything from here.
250 * But we've dropped privileges, so it does not matter. */
251 if (strlen (argv[0]) < sizeof ("-wrapper"))
253 argv[0][strlen (argv[0]) - strlen ("-wrapper")] = '\0';
256 if (execvp (argv[0], argv))