mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1161020: Implement new socket-connector interface for key store, r=chucklee 

This patch moves |KeyStoreConnector| into its own file and implements
the new socket-connector interface.
This commit is contained in:
Thomas Zimmermann 2015-05-18 11:28:30 +02:00
Родитель 859df18543
Коммит e6c35a9ff4
5 изменённых файлов: 394 добавлений и 95 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

77
ipc/keystore/KeyStore.cpp
Просмотреть файл

@ -19,6 +19,7 @@
#include "KeyStore.h" #include "KeyStore.h"
#include "jsfriendapi.h" #include "jsfriendapi.h"
#include "KeyStoreConnector.h"
#include "MainThreadUtils.h" // For NS_IsMainThread. #include "MainThreadUtils.h" // For NS_IsMainThread.
#include "nsICryptoHash.h" #include "nsICryptoHash.h"
@ -304,7 +305,6 @@ static const char *CA_BEGIN = "-----BEGIN ",
namespace mozilla { namespace mozilla {
namespace ipc { namespace ipc {
static const char* KEYSTORE_SOCKET_PATH = "/dev/socket/keystore";
static const char* KEYSTORE_ALLOWED_USERS[] = { static const char* KEYSTORE_ALLOWED_USERS[] = {
"root", "root",
"wifi", "wifi",
@ -672,76 +672,6 @@ checkPermission(uid_t uid)
return false; return false;
} }
int
KeyStoreConnector::Create()
{
MOZ_ASSERT(!NS_IsMainThread());
int fd;
unlink(KEYSTORE_SOCKET_PATH);
fd = socket(AF_LOCAL, SOCK_STREAM, 0);
if (fd < 0) {
NS_WARNING("Could not open keystore socket!");
return -1;
}
return fd;
}
bool
KeyStoreConnector::CreateAddr(bool aIsServer,
socklen_t& aAddrSize,
sockaddr_any& aAddr,
const char* aAddress)
{
// Keystore socket must be server
MOZ_ASSERT(aIsServer);
aAddr.un.sun_family = AF_LOCAL;
if(strlen(KEYSTORE_SOCKET_PATH) > sizeof(aAddr.un.sun_path)) {
NS_WARNING("Address too long for socket struct!");
return false;
}
strcpy((char*)&aAddr.un.sun_path, KEYSTORE_SOCKET_PATH);
aAddrSize = strlen(KEYSTORE_SOCKET_PATH) + offsetof(struct sockaddr_un, sun_path) + 1;
return true;
}
bool
KeyStoreConnector::SetUp(int aFd)
{
// Socket permission check.
struct ucred userCred;
socklen_t len = sizeof(struct ucred);
if (getsockopt(aFd, SOL_SOCKET, SO_PEERCRED, &userCred, &len)) {
return false;
}
return ::checkPermission(userCred.uid);
}
bool
KeyStoreConnector::SetUpListenSocket(int aFd)
{
// Allow access of wpa_supplicant(different user, differnt group)
chmod(KEYSTORE_SOCKET_PATH, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH);
return true;
}
void
KeyStoreConnector::GetSocketAddr(const sockaddr_any& aAddr,
nsAString& aAddrStr)
{
// Unused.
MOZ_CRASH("This should never be called!");
}
// //
// KeyStore::ListenSocket // KeyStore::ListenSocket
// //
@ -818,7 +748,7 @@ KeyStore::StreamSocket::ReceiveSocketData(nsAutoPtr<UnixSocketBuffer>& aBuffer)
ConnectionOrientedSocketIO* ConnectionOrientedSocketIO*
KeyStore::StreamSocket::GetIO() KeyStore::StreamSocket::GetIO()
{ {
return PrepareAccept(new KeyStoreConnector()); return PrepareAccept(new KeyStoreConnector(KEYSTORE_ALLOWED_USERS));
} }
// //
@ -877,7 +807,8 @@ KeyStore::Listen()
if (!mListenSocket) { if (!mListenSocket) {
// We only ever allocate one |ListenSocket|... // We only ever allocate one |ListenSocket|...
mListenSocket = new ListenSocket(this); mListenSocket = new ListenSocket(this);
mListenSocket->Listen(new KeyStoreConnector(), mStreamSocket); mListenSocket->Listen(new KeyStoreConnector(KEYSTORE_ALLOWED_USERS),
mStreamSocket);
} else { } else {
// ... but keep it open. // ... but keep it open.
mListenSocket->Listen(mStreamSocket); mListenSocket->Listen(mStreamSocket);

21
ipc/keystore/KeyStore.h
Просмотреть файл

@ -12,7 +12,6 @@
#include "cert.h" #include "cert.h"
#include "mozilla/ipc/ListenSocket.h" #include "mozilla/ipc/ListenSocket.h"
#include "mozilla/ipc/StreamSocket.h" #include "mozilla/ipc/StreamSocket.h"
#include "mozilla/ipc/UnixSocketConnector.h"
#include "nsNSSShutDown.h" #include "nsNSSShutDown.h"
namespace mozilla { namespace mozilla {
@ -79,26 +78,6 @@ typedef enum {
STATE_PROCESSING STATE_PROCESSING
} ProtocolHandlerState; } ProtocolHandlerState;
class KeyStoreConnector : public mozilla::ipc::UnixSocketConnector
{
public:
KeyStoreConnector()
{}
virtual ~KeyStoreConnector()
{}
virtual int Create();
virtual bool CreateAddr(bool aIsServer,
socklen_t& aAddrSize,
sockaddr_any& aAddr,
const char* aAddress);
virtual bool SetUp(int aFd);
virtual bool SetUpListenSocket(int aFd);
virtual void GetSocketAddr(const sockaddr_any& aAddr,
nsAString& aAddrStr);
};
class KeyStore final : public nsNSSShutDownObject class KeyStore final : public nsNSSShutDownObject
{ {
public: public:

321
ipc/keystore/KeyStoreConnector.cpp Normal file
Просмотреть файл

@ -0,0 +1,321 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set sw=2 ts=2 et ft=cpp: tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "KeyStoreConnector.h"
#include <fcntl.h>
#include <pwd.h>
#include <sys/stat.h>
#include <sys/un.h>
#include "nsISupportsImpl.h" // For MOZ_COUNT_CTOR, MOZ_COUNT_DTOR
#include "nsThreadUtils.h" // For NS_IsMainThread.
#ifdef MOZ_WIDGET_GONK
#include <android/log.h>
#define KEYSTORE_LOG(args...) __android_log_print(ANDROID_LOG_INFO, "Gonk", args)
#else
#define KEYSTORE_LOG(args...) printf(args);
#endif
namespace mozilla {
namespace ipc {
static const char KEYSTORE_SOCKET_PATH[] = "/dev/socket/keystore";
KeyStoreConnector::KeyStoreConnector(const char** const aAllowedUsers)
: mAllowedUsers(aAllowedUsers)
{
MOZ_COUNT_CTOR_INHERITED(KeyStoreConnector, UnixSocketConnector);
}
KeyStoreConnector::~KeyStoreConnector()
{
MOZ_COUNT_DTOR_INHERITED(KeyStoreConnector, UnixSocketConnector);
}
nsresult
KeyStoreConnector::CreateSocket(int& aFd) const
{
unlink(KEYSTORE_SOCKET_PATH);
aFd = socket(AF_LOCAL, SOCK_STREAM, 0);
if (aFd < 0) {
KEYSTORE_LOG("Could not open KeyStore socket!");
return NS_ERROR_FAILURE;
}
return NS_OK;
}
nsresult
KeyStoreConnector::SetSocketFlags(int aFd) const
{
static const int sReuseAddress = 1;
// Set close-on-exec bit.
int flags = TEMP_FAILURE_RETRY(fcntl(aFd, F_GETFD));
if (flags < 0) {
return NS_ERROR_FAILURE;
}
flags |= FD_CLOEXEC;
int res = TEMP_FAILURE_RETRY(fcntl(aFd, F_SETFD, flags));
if (res < 0) {
return NS_ERROR_FAILURE;
}
// Set non-blocking status flag.
flags = TEMP_FAILURE_RETRY(fcntl(aFd, F_GETFL));
if (flags < 0) {
return NS_ERROR_FAILURE;
}
flags |= O_NONBLOCK;
res = TEMP_FAILURE_RETRY(fcntl(aFd, F_SETFL, flags));
if (res < 0) {
return NS_ERROR_FAILURE;
}
// Set socket addr to be reused even if kernel is still waiting to close.
res = setsockopt(aFd, SOL_SOCKET, SO_REUSEADDR, &sReuseAddress,
sizeof(sReuseAddress));
if (res < 0) {
return NS_ERROR_FAILURE;
}
return NS_OK;
}
nsresult
KeyStoreConnector::CheckPermission(int aFd) const
{
struct ucred userCred;
socklen_t len = sizeof(userCred);
if (getsockopt(aFd, SOL_SOCKET, SO_PEERCRED, &userCred, &len)) {
return NS_ERROR_FAILURE;
}
const struct passwd* userInfo = getpwuid(userCred.uid);
if (!userInfo) {
return NS_ERROR_FAILURE;
}
if (!mAllowedUsers) {
return NS_ERROR_FAILURE;
}
for (const char** user = mAllowedUsers; *user; ++user) {
if (!strcmp(*user, userInfo->pw_name)) {
return NS_OK;
}
}
return NS_ERROR_FAILURE;
}
nsresult
KeyStoreConnector::CreateAddress(struct sockaddr& aAddress,
socklen_t& aAddressLength) const
{
struct sockaddr_un* address =
reinterpret_cast<struct sockaddr_un*>(&aAddress);
size_t namesiz = strlen(KEYSTORE_SOCKET_PATH) + 1; // include trailing '\0'
if (namesiz > sizeof(address->sun_path)) {
KEYSTORE_LOG("Address too long for socket struct!");
return NS_ERROR_FAILURE;
}
address->sun_family = AF_UNIX;
memcpy(address->sun_path, KEYSTORE_SOCKET_PATH, namesiz);
aAddressLength = offsetof(struct sockaddr_un, sun_path) + namesiz;
return NS_OK;
}
// |UnixSocketConnector|
nsresult
KeyStoreConnector::ConvertAddressToString(const struct sockaddr& aAddress,
socklen_t aAddressLength,
nsACString& aAddressString)
{
MOZ_ASSERT(aAddress.sa_family == AF_UNIX);
const struct sockaddr_un* un =
reinterpret_cast<const struct sockaddr_un*>(&aAddress);
size_t len = aAddressLength - offsetof(struct sockaddr_un, sun_path);
aAddressString.Assign(un->sun_path, len);
return NS_OK;
}
nsresult
KeyStoreConnector::CreateListenSocket(struct sockaddr* aAddress,
socklen_t* aAddressLength,
int& aListenFd)
{
ScopedClose fd;
nsresult rv = CreateSocket(fd.rwget());
if (NS_FAILED(rv)) {
return rv;
}
rv = SetSocketFlags(fd);
if (NS_FAILED(rv)) {
return rv;
}
if (aAddress && aAddressLength) {
rv = CreateAddress(*aAddress, *aAddressLength);
if (NS_FAILED(rv)) {
return rv;
}
}
// Allow access for wpa_supplicant (different user, different group)
//
// TODO: Improve this by setting specific user/group for
// wpa_supplicant by calling |fchmod| and |fchown|.
//
chmod(KEYSTORE_SOCKET_PATH, S_IRUSR|S_IWUSR|
S_IRGRP|S_IWGRP|
S_IROTH|S_IWOTH);
aListenFd = fd.forget();
return NS_OK;
}
nsresult
KeyStoreConnector::AcceptStreamSocket(int aListenFd,
struct sockaddr* aAddress,
socklen_t* aAddressLength,
int& aStreamFd)
{
ScopedClose fd(
TEMP_FAILURE_RETRY(accept(aListenFd, aAddress, aAddressLength)));
if (fd < 0) {
NS_WARNING("Cannot accept file descriptor!");
return NS_ERROR_FAILURE;
}
nsresult rv = SetSocketFlags(fd);
if (NS_FAILED(rv)) {
return rv;
}
rv = CheckPermission(fd);
if (NS_FAILED(rv)) {
return rv;
}
aStreamFd = fd.forget();
return NS_OK;
}
nsresult
KeyStoreConnector::CreateStreamSocket(struct sockaddr* aAddress,
socklen_t* aAddressLength,
int& aStreamFd)
{
MOZ_CRASH("|KeyStoreConnector| does not support creating stream sockets.");
return NS_ERROR_FAILURE;
}
// Deprecated
static const char* KEYSTORE_ALLOWED_USERS[] = {
"root",
"wifi",
NULL
};
static bool checkPermission(uid_t uid)
{
struct passwd *userInfo = getpwuid(uid);
for (const char **user = KEYSTORE_ALLOWED_USERS; *user; user++ ) {
if (!strcmp(*user, userInfo->pw_name)) {
return true;
}
}
return false;
}
int
KeyStoreConnector::Create()
{
MOZ_ASSERT(!NS_IsMainThread());
int fd;
unlink(KEYSTORE_SOCKET_PATH);
fd = socket(AF_LOCAL, SOCK_STREAM, 0);
if (fd < 0) {
NS_WARNING("Could not open keystore socket!");
return -1;
}
return fd;
}
bool
KeyStoreConnector::CreateAddr(bool aIsServer,
socklen_t& aAddrSize,
sockaddr_any& aAddr,
const char* aAddress)
{
// Keystore socket must be server
MOZ_ASSERT(aIsServer);
aAddr.un.sun_family = AF_LOCAL;
if(strlen(KEYSTORE_SOCKET_PATH) > sizeof(aAddr.un.sun_path)) {
NS_WARNING("Address too long for socket struct!");
return false;
}
strcpy((char*)&aAddr.un.sun_path, KEYSTORE_SOCKET_PATH);
aAddrSize = strlen(KEYSTORE_SOCKET_PATH) + offsetof(struct sockaddr_un, sun_path) + 1;
return true;
}
bool
KeyStoreConnector::SetUp(int aFd)
{
// Socket permission check.
struct ucred userCred;
socklen_t len = sizeof(struct ucred);
if (getsockopt(aFd, SOL_SOCKET, SO_PEERCRED, &userCred, &len)) {
return false;
}
return checkPermission(userCred.uid);
}
bool
KeyStoreConnector::SetUpListenSocket(int aFd)
{
// Allow access of wpa_supplicant(different user, differnt group)
chmod(KEYSTORE_SOCKET_PATH, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH);
return true;
}
void
KeyStoreConnector::GetSocketAddr(const sockaddr_any& aAddr,
nsAString& aAddrStr)
{
// Unused.
MOZ_CRASH("This should never be called!");
}
}
}

67
ipc/keystore/KeyStoreConnector.h Normal file
Просмотреть файл

@ -0,0 +1,67 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set sw=2 ts=2 et ft=cpp: tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef mozilla_ipc_KeyStoreConnector_h
#define mozilla_ipc_KeyStoreConnector_h
#include "mozilla/ipc/UnixSocketConnector.h"
namespace mozilla {
namespace ipc {
class KeyStoreConnector final : public UnixSocketConnector
{
public:
KeyStoreConnector(const char** const aAllowedUsers);
~KeyStoreConnector();
// Methods for |UnixSocketConnector|
//
nsresult ConvertAddressToString(const struct sockaddr& aAddress,
socklen_t aAddressLength,
nsACString& aAddressString) override;
nsresult CreateListenSocket(struct sockaddr* aAddress,
socklen_t* aAddressLength,
int& aListenFd) override;
nsresult AcceptStreamSocket(int aListenFd,
struct sockaddr* aAddress,
socklen_t* aAddressLength,
int& aStreamFd) override;
nsresult CreateStreamSocket(struct sockaddr* aAddress,
socklen_t* aAddressLength,
int& aStreamFd) override;
// Deprecated
int Create();
bool CreateAddr(bool aIsServer,
socklen_t& aAddrSize,
sockaddr_any& aAddr,
const char* aAddress);
bool SetUp(int aFd);
bool SetUpListenSocket(int aFd);
void GetSocketAddr(const sockaddr_any& aAddr,
nsAString& aAddrStr);
private:
nsresult CreateSocket(int& aFd) const;
nsresult SetSocketFlags(int aFd) const;
nsresult CheckPermission(int aFd) const;
nsresult CreateAddress(struct sockaddr& aAddress,
socklen_t& aAddressLength) const;
const char** const mAllowedUsers;
};
}
}
#endif

3
ipc/keystore/moz.build
Просмотреть файл

@ -9,7 +9,8 @@ EXPORTS.mozilla.ipc += [
] ]
SOURCES += [ SOURCES += [
'KeyStore.cpp' 'KeyStore.cpp',
'KeyStoreConnector.cpp'
] ]
FAIL_ON_WARNINGS = True FAIL_ON_WARNINGS = True