+++ /dev/null
-/*****************************************************************************
- * rootwrap.c
- *****************************************************************************
- * Copyright © 2005-2008 Rémi Denis-Courmont
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
- *****************************************************************************/
-
-#if HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdlib.h> /* exit() */
-#include <stdio.h>
-#include <string.h>
-
-#include <sys/types.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <sys/stat.h>
-#include <sys/socket.h>
-#include <sys/uio.h>
-#include <sys/resource.h> /* getrlimit() */
-#include <sched.h>
-#include <errno.h>
-#include <netinet/in.h>
-
-#if defined (AF_INET6) && !defined (IPV6_V6ONLY)
-# warning Uho, your IPv6 support is broken and has been disabled. Fix your C library.
-# undef AF_INET6
-#endif
-
-#ifndef AF_LOCAL
-# define AF_LOCAL AF_UNIX
-#endif
-
-static inline int is_allowed_port (uint16_t port)
-{
- port = ntohs (port);
- return (port == 80) || (port == 443) || (port == 554);
-}
-
-
-static inline int send_err (int fd, int err)
-{
- return send (fd, &err, sizeof (err), 0) == sizeof (err) ? 0 : -1;
-}
-
-/**
- * Send a file descriptor to another process
- */
-static int send_fd (int p, int fd)
-{
- struct msghdr hdr;
- struct iovec iov;
- struct cmsghdr *cmsg;
- char buf[CMSG_SPACE (sizeof (fd))];
- int val = 0;
-
- hdr.msg_name = NULL;
- hdr.msg_namelen = 0;
- hdr.msg_iov = &iov;
- hdr.msg_iovlen = 1;
- hdr.msg_control = buf;
- hdr.msg_controllen = sizeof (buf);
-
- iov.iov_base = &val;
- iov.iov_len = sizeof (val);
-
- cmsg = CMSG_FIRSTHDR (&hdr);
- cmsg->cmsg_level = SOL_SOCKET;
- cmsg->cmsg_type = SCM_RIGHTS;
- cmsg->cmsg_len = CMSG_LEN (sizeof (fd));
- memcpy (CMSG_DATA (cmsg), &fd, sizeof (fd));
- hdr.msg_controllen = cmsg->cmsg_len;
-
- return sendmsg (p, &hdr, 0) == sizeof (val) ? 0 : -1;
-}
-
-
-/**
- * Background process run as root to open privileged TCP ports.
- */
-static void rootprocess (int fd)
-{
- struct sockaddr_storage ss;
-
- while (recv (fd, &ss, sizeof (ss), 0) == sizeof (ss))
- {
- unsigned len;
- int sock;
-
- switch (ss.ss_family)
- {
- case AF_INET:
- if (!is_allowed_port (((struct sockaddr_in *)&ss)->sin_port))
- {
- if (send_err (fd, EACCES))
- return;
- continue;
- }
- len = sizeof (struct sockaddr_in);
- break;
-
-#ifdef AF_INET6
- case AF_INET6:
- if (!is_allowed_port (((struct sockaddr_in6 *)&ss)->sin6_port))
- {
- if (send_err (fd, EACCES))
- return;
- continue;
- }
- len = sizeof (struct sockaddr_in6);
- break;
-#endif
-
- default:
- if (send_err (fd, EAFNOSUPPORT))
- return;
- continue;
- }
-
- sock = socket (ss.ss_family, SOCK_STREAM, IPPROTO_TCP);
- if (sock != -1)
- {
- const int val = 1;
-
- setsockopt (sock, SOL_SOCKET, SO_REUSEADDR, &val, sizeof (val));
-#ifdef AF_INET6
- if (ss.ss_family == AF_INET6)
- setsockopt (sock, IPPROTO_IPV6, IPV6_V6ONLY, &val, sizeof (val));
-#endif
- if (bind (sock, (struct sockaddr *)&ss, len) == 0)
- {
- send_fd (fd, sock);
- close (sock);
- continue;
- }
- }
- send_err (fd, errno);
- }
-}
-
-/* TODO?
- * - use libcap if available,
- * - call chroot
- */
-
-int main (int argc, char *argv[])
-{
- /* Support for dynamically opening RTSP, HTTP and HTTP/SSL ports */
- int pair[2];
-
- if (socketpair (AF_LOCAL, SOCK_STREAM, 0, pair))
- return 1;
- if (pair[0] < 3)
- goto error; /* we want 0, 1 and 2 open */
-
- pid_t pid = fork ();
- switch (pid)
- {
- case -1:
- goto error;
-
- case 0:
- {
- int null = open ("/dev/null", O_RDWR);
- if (null != -1)
- {
- dup2 (null, 0);
- dup2 (null, 1);
- dup2 (null, 2);
- close (null);
- }
- close (pair[0]);
- setsid ();
- rootprocess (pair[1]);
- exit (0);
- }
- }
-
- close (pair[1]);
- pair[1] = -1;
-
- char buf[21];
- snprintf (buf, sizeof (buf), "%d", pair[0]);
- setenv ("VLC_ROOTWRAP_SOCK", buf, 1);
-
- /* Support for real-time priorities */
-#ifdef RLIMIT_RTPRIO
- struct rlimit rlim;
- rlim.rlim_max = rlim.rlim_cur = sched_get_priority_min (SCHED_RR) + 24;
- setrlimit (RLIMIT_RTPRIO, &rlim);
-#endif
-
- uid_t uid = getuid ();
- if (uid == 0)
- {
- const char *sudo = getenv ("SUDO_UID");
- if (sudo)
- uid = atoi (sudo);
- }
- if (uid == 0)
- {
- fprintf (stderr, "Cannot determine unprivileged user for VLC!\n");
- exit (1);
- }
- setuid (uid);
-
- if (!setuid (0)) /* sanity check: we cannot get root back */
- exit (1);
-
- /* Yeah, the user can execute just about anything from here.
- * But we've dropped privileges, so it does not matter. */
- if (strlen (argv[0]) < sizeof ("-wrapper"))
- goto error;
- argv[0][strlen (argv[0]) - strlen ("-wrapper")] = '\0';
-
- (void)argc;
- if (execvp (argv[0], argv))
- perror (argv[0]);
-
-error:
- close (pair[0]);
- if (pair[1] != -1)
- close (pair[1]);
- return 1;
-}