1 /*****************************************************************************
3 *****************************************************************************
4 * Copyright © 2005 Rémi Denis-Courmont
7 * Author: Rémi Denis-Courmont <rem # videolan.org>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
22 *****************************************************************************/
28 #if defined (HAVE_GETEUID) && !defined (SYS_BEOS)
29 # define ENABLE_ROOTWRAP 1
32 #ifdef ENABLE_ROOTWRAP
34 #include <stdlib.h> /* exit() */
38 #include <sys/types.h>
41 #include <sys/socket.h>
42 #ifdef HAVE_SYS_TIME_H
46 #include <sys/resource.h> /* getrlimit() */
49 #include <pwd.h> /* getpwnam(), getpwuid() */
50 #include <grp.h> /* setgroups() */
52 #include <netinet/in.h>
55 #if defined (AF_INET6) && !defined (IPV6_V6ONLY)
56 # warning Uho, your IPv6 support is broken and has been disabled. Fix your C library.
61 # define AF_LOCAL AF_UNIX
64 /*#ifndef HAVE_CLEARENV
65 extern char **environ;
67 static int clearenv (void)
75 * Tries to find a real non-root user to use
77 static struct passwd *guess_user (void)
86 if ((pw = getpwuid (uid)) != NULL)
90 name = getenv ("SUDO_USER");
92 if ((pw = getpwnam (name)) != NULL)
96 name = getenv ("VLC_USER");
98 if ((pw = getpwnam (name)) != NULL)
102 if ((pw = getpwnam ("vlc")) != NULL)
109 static int is_allowed_port (uint16_t port)
113 return (port == 80) || (port == 443) || (port == 554);
117 static int send_err (int fd, int err)
119 return send (fd, &err, sizeof (err), 0) == sizeof (err) ? 0 : -1;
123 * Ugly POSIX(?) code to pass a file descriptor to another process
125 static int send_fd (int p, int fd)
129 struct cmsghdr *cmsg;
130 char buf[CMSG_SPACE (sizeof (fd))];
137 hdr.msg_control = buf;
138 hdr.msg_controllen = sizeof (buf);
141 iov.iov_len = sizeof (val);
143 cmsg = CMSG_FIRSTHDR (&hdr);
144 cmsg->cmsg_level = SOL_SOCKET;
145 cmsg->cmsg_type = SCM_RIGHTS;
146 cmsg->cmsg_len = CMSG_LEN (sizeof (fd));
147 memcpy (CMSG_DATA (cmsg), &fd, sizeof (fd));
148 hdr.msg_controllen = cmsg->cmsg_len;
150 return sendmsg (p, &hdr, 0) == sizeof (val) ? 0 : -1;
155 * Background process run as root to open privileged TCP ports.
157 static void rootprocess (int fd)
159 struct sockaddr_storage ss;
162 * - use libcap if available,
165 while (recv (fd, &ss, sizeof (ss), 0) == sizeof (ss))
170 switch (ss.ss_family)
173 if (!is_allowed_port (((struct sockaddr_in *)&ss)->sin_port))
175 if (send_err (fd, EACCES))
179 len = sizeof (struct sockaddr_in);
184 if (!is_allowed_port (((struct sockaddr_in6 *)&ss)->sin6_port))
186 if (send_err (fd, EACCES))
190 len = sizeof (struct sockaddr_in6);
195 if (send_err (fd, EAFNOSUPPORT))
200 sock = socket (ss.ss_family, SOCK_STREAM, IPPROTO_TCP);
205 setsockopt (sock, SOL_SOCKET, SO_REUSEADDR, &val, sizeof (val));
207 if (ss.ss_family == AF_INET6)
208 setsockopt (sock, IPPROTO_IPV6, IPV6_V6ONLY, &val, sizeof (val));
210 if (bind (sock, (struct sockaddr *)&ss, len) == 0)
217 send_err (fd, errno);
221 static int rootwrap_sock = -1;
222 static pid_t rootwrap_pid = -1;
224 static void close_rootwrap (void)
226 close (rootwrap_sock);
227 waitpid (rootwrap_pid, NULL, 0);
238 /* Are we running with root privileges? */
245 /* Make sure 0, 1 and 2 are opened, and only these. */
246 if (getrlimit (RLIMIT_NOFILE, &lim))
249 for (fd = 3; ((unsigned)fd) < lim.rlim_cur; fd++)
257 fputs ("starting VLC root wrapper...", stderr);
261 return; /* Should we rather print an error and exit ? */
264 fprintf (stderr, " using UID %u (%s)\n", (unsigned)u, pw->pw_name);
267 fputs ("***************************************\n"
268 "* Running VLC as root is discouraged. *\n"
269 "***************************************\n"
271 " It is potentially dangerous, "
272 "and might not even work properly.\n", stderr);
277 initgroups (pw->pw_name, pw->pw_gid);
280 if (socketpair (AF_LOCAL, SOCK_STREAM, 0, pair))
282 perror ("socketpair");
286 switch (rootwrap_pid = fork ())
299 rootprocess (pair[1]);
304 rootwrap_sock = pair[0];
312 atexit (close_rootwrap);
317 * Ugly POSIX(?) code to receive a file descriptor from another process
319 static int recv_fd (int p)
323 struct cmsghdr *cmsg;
325 char buf[CMSG_SPACE (sizeof (fd))];
331 hdr.msg_control = buf;
332 hdr.msg_controllen = sizeof (buf);
335 iov.iov_len = sizeof (val);
337 if (recvmsg (p, &hdr, 0) != sizeof (val))
340 for (cmsg = CMSG_FIRSTHDR (&hdr); cmsg != NULL;
341 cmsg = CMSG_NXTHDR (&hdr, cmsg))
343 if ((cmsg->cmsg_level == SOL_SOCKET)
344 && (cmsg->cmsg_type = SCM_RIGHTS)
345 && (cmsg->cmsg_len >= CMSG_LEN (sizeof (fd))))
347 memcpy (&fd, CMSG_DATA (cmsg), sizeof (fd));
356 * Tries to obtain a bound TCP socket from the root process
358 int rootwrap_bind (int family, int socktype, int protocol,
359 const struct sockaddr *addr, size_t alen)
361 /* can't use libvlc */
362 static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
364 struct sockaddr_storage ss;
367 if (rootwrap_sock == -1)
376 if (alen < sizeof (struct sockaddr_in))
385 if (alen < sizeof (struct sockaddr_in6))
394 errno = EAFNOSUPPORT;
398 if (family != addr->sa_family)
400 errno = EAFNOSUPPORT;
404 /* Only TCP is implemented at the moment */
405 if ((socktype != SOCK_STREAM)
406 || (protocol && (protocol != IPPROTO_TCP)))
412 memset (&ss, 0, sizeof (ss));
413 memcpy (&ss, addr, alen > sizeof (ss) ? sizeof (ss) : alen);
415 pthread_mutex_lock (&mutex);
416 if (send (rootwrap_sock, &ss, sizeof (ss), 0) != sizeof (ss))
419 fd = recv_fd (rootwrap_sock);
420 pthread_mutex_unlock (&mutex);
426 val = fcntl (fd, F_GETFL, 0);
427 fcntl (fd, F_SETFL, ((val != -1) ? val : 0) | O_NONBLOCK);
442 int rootwrap_bind (int family, int socktype, int protocol,
443 const struct sockaddr *addr, size_t alen)
453 #endif /* ENABLE_ROOTWRAP */