From owner-svn-src-stable@freebsd.org Mon Oct 1 18:00:54 2018 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D5F6C10A57F9; Mon, 1 Oct 2018 18:00:53 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8A79D84948; Mon, 1 Oct 2018 18:00:53 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8562F244A5; Mon, 1 Oct 2018 18:00:53 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w91I0rTi089180; Mon, 1 Oct 2018 18:00:53 GMT (envelope-from asomers@FreeBSD.org) Received: (from asomers@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w91I0qaB089174; Mon, 1 Oct 2018 18:00:52 GMT (envelope-from asomers@FreeBSD.org) Message-Id: <201810011800.w91I0qaB089174@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: asomers set sender to asomers@FreeBSD.org using -f From: Alan Somers Date: Mon, 1 Oct 2018 18:00:52 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r339068 - in stable/10: sys/kern sys/sys tests/sys/kern X-SVN-Group: stable-10 X-SVN-Commit-Author: asomers X-SVN-Commit-Paths: in stable/10: sys/kern sys/sys tests/sys/kern X-SVN-Commit-Revision: 339068 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Oct 2018 18:00:54 -0000 Author: asomers Date: Mon Oct 1 18:00:52 2018 New Revision: 339068 URL: https://svnweb.freebsd.org/changeset/base/339068 Log: MFC r337222: Fix LOCAL_PEERCRED with socketpair(2) Enable the LOCAL_PEERCRED socket option for unix domain stream sockets created with socketpair(2). Previously, it only worked with unix domain stream sockets created with socket(2)/listen(2)/connect(2)/accept(2). PR: 176419 Reported by: Nicholas Wilson Differential Revision: https://reviews.freebsd.org/D16350 Added: stable/10/tests/sys/kern/unix_socketpair_test.c - copied unchanged from r337222, head/tests/sys/kern/unix_socketpair_test.c Modified: stable/10/sys/kern/uipc_syscalls.c stable/10/sys/kern/uipc_usrreq.c stable/10/sys/sys/unpcb.h stable/10/tests/sys/kern/Makefile Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/kern/uipc_syscalls.c ============================================================================== --- stable/10/sys/kern/uipc_syscalls.c Mon Oct 1 17:36:58 2018 (r339067) +++ stable/10/sys/kern/uipc_syscalls.c Mon Oct 1 18:00:52 2018 (r339068) @@ -70,6 +70,8 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include +#include #include #ifdef KTRACE #include @@ -758,6 +760,15 @@ kern_socketpair(struct thread *td, int domain, int typ error = soconnect2(so2, so1); if (error != 0) goto free4; + } else if (so1->so_proto->pr_flags & PR_CONNREQUIRED) { + struct unpcb *unp, *unp2; + unp = sotounpcb(so1); + unp2 = sotounpcb(so2); + /* + * No need to lock the unps, because the sockets are brand-new. + * No other threads can be using them yet + */ + unp_copy_peercred(td, unp, unp2, unp); } finit(fp1, FREAD | FWRITE | fflag, DTYPE_SOCKET, fp1->f_data, &socketops); Modified: stable/10/sys/kern/uipc_usrreq.c ============================================================================== --- stable/10/sys/kern/uipc_usrreq.c Mon Oct 1 17:36:58 2018 (r339067) +++ stable/10/sys/kern/uipc_usrreq.c Mon Oct 1 18:00:52 2018 (r339068) @@ -1383,26 +1383,10 @@ unp_connectat(int fd, struct socket *so, struct sockad sa = NULL; } - /* - * The connector's (client's) credentials are copied from its - * process structure at the time of connect() (which is now). - */ - cru2x(td->td_ucred, &unp3->unp_peercred); - unp3->unp_flags |= UNP_HAVEPC; - - /* - * The receiver's (server's) credentials are copied from the - * unp_peercred member of socket on which the former called - * listen(); uipc_listen() cached that process's credentials - * at that time so we can use them now. - */ KASSERT(unp2->unp_flags & UNP_HAVEPCCACHED, ("unp_connect: listener without cached peercred")); - memcpy(&unp->unp_peercred, &unp2->unp_peercred, - sizeof(unp->unp_peercred)); - unp->unp_flags |= UNP_HAVEPC; - if (unp2->unp_flags & UNP_WANTCRED) - unp3->unp_flags |= UNP_WANTCRED; + unp_copy_peercred(td, unp3, unp, unp2); + UNP_PCB_UNLOCK(unp3); UNP_PCB_UNLOCK(unp2); UNP_PCB_UNLOCK(unp); @@ -1433,6 +1417,27 @@ bad: unp->unp_flags &= ~UNP_CONNECTING; UNP_PCB_UNLOCK(unp); return (error); +} + +/* + * Set socket peer credentials at connection time. + * + * The client's PCB credentials are copied from its process structure. The + * server's PCB credentials are copied from the socket on which it called + * listen(2). uipc_listen cached that process's credentials at the time. + */ +void +unp_copy_peercred(struct thread *td, struct unpcb *client_unp, + struct unpcb *server_unp, struct unpcb *listen_unp) +{ + cru2x(td->td_ucred, &client_unp->unp_peercred); + client_unp->unp_flags |= UNP_HAVEPC; + + memcpy(&server_unp->unp_peercred, &listen_unp->unp_peercred, + sizeof(server_unp->unp_peercred)); + server_unp->unp_flags |= UNP_HAVEPC; + if (listen_unp->unp_flags & UNP_WANTCRED) + client_unp->unp_flags |= UNP_WANTCRED; } static int Modified: stable/10/sys/sys/unpcb.h ============================================================================== --- stable/10/sys/sys/unpcb.h Mon Oct 1 17:36:58 2018 (r339067) +++ stable/10/sys/sys/unpcb.h Mon Oct 1 18:00:52 2018 (r339068) @@ -150,4 +150,13 @@ struct xunpgen { }; #endif /* _SYS_SOCKETVAR_H_ */ +#if defined(_KERNEL) +struct thread; + +/* In uipc_userreq.c */ +void +unp_copy_peercred(struct thread *td, struct unpcb *client_unp, + struct unpcb *server_unp, struct unpcb *listen_unp); +#endif + #endif /* _SYS_UNPCB_H_ */ Modified: stable/10/tests/sys/kern/Makefile ============================================================================== --- stable/10/tests/sys/kern/Makefile Mon Oct 1 17:36:58 2018 (r339067) +++ stable/10/tests/sys/kern/Makefile Mon Oct 1 18:00:52 2018 (r339068) @@ -10,9 +10,10 @@ ATF_TESTS_C+= kern_descrip_test ATF_TESTS_C+= ptrace_test TEST_METADATA.ptrace_test+= timeout="15" ATF_TESTS_C+= reaper -ATF_TESTS_C+= unix_seqpacket_test ATF_TESTS_C+= unix_passfd_test +ATF_TESTS_C+= unix_seqpacket_test TEST_METADATA.unix_seqpacket_test+= timeout="15" +ATF_TESTS_C+= unix_socketpair_test ATF_TESTS_C+= waitpid_nohang LDADD.ptrace_test+= -lpthread Copied: stable/10/tests/sys/kern/unix_socketpair_test.c (from r337222, head/tests/sys/kern/unix_socketpair_test.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/10/tests/sys/kern/unix_socketpair_test.c Mon Oct 1 18:00:52 2018 (r339068, copy of r337222, head/tests/sys/kern/unix_socketpair_test.c) @@ -0,0 +1,76 @@ +/*- + * Copyright (c) 2018 Alan Somers + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include +#include +#include +#include +#include + +#include + +#include + +/* getpeereid(3) should work with stream sockets created via socketpair(2) */ +ATF_TC_WITHOUT_HEAD(getpeereid); +ATF_TC_BODY(getpeereid, tc) +{ + int sv[2]; + int s; + uid_t real_euid, euid; + gid_t real_egid, egid; + + real_euid = geteuid(); + real_egid = getegid(); + + s = socketpair(PF_LOCAL, SOCK_STREAM, 0, sv); + ATF_CHECK_EQ(0, s); + ATF_CHECK(sv[0] >= 0); + ATF_CHECK(sv[1] >= 0); + ATF_CHECK(sv[0] != sv[1]); + + ATF_REQUIRE_EQ(0, getpeereid(sv[0], &euid, &egid)); + ATF_CHECK_EQ(real_euid, euid); + ATF_CHECK_EQ(real_egid, egid); + + ATF_REQUIRE_EQ(0, getpeereid(sv[1], &euid, &egid)); + ATF_CHECK_EQ(real_euid, euid); + ATF_CHECK_EQ(real_egid, egid); + + close(sv[0]); + close(sv[1]); +} + + +ATF_TP_ADD_TCS(tp) +{ + ATF_TP_ADD_TC(tp, getpeereid); + + return atf_no_error(); +}