head 1.2; access; symbols pkgsrc-2026Q1:1.2.0.138 pkgsrc-2026Q1-base:1.2 pkgsrc-2025Q4:1.2.0.136 pkgsrc-2025Q4-base:1.2 pkgsrc-2025Q3:1.2.0.134 pkgsrc-2025Q3-base:1.2 pkgsrc-2025Q2:1.2.0.132 pkgsrc-2025Q2-base:1.2 pkgsrc-2025Q1:1.2.0.130 pkgsrc-2025Q1-base:1.2 pkgsrc-2024Q4:1.2.0.128 pkgsrc-2024Q4-base:1.2 pkgsrc-2024Q3:1.2.0.126 pkgsrc-2024Q3-base:1.2 pkgsrc-2024Q2:1.2.0.124 pkgsrc-2024Q2-base:1.2 pkgsrc-2024Q1:1.2.0.122 pkgsrc-2024Q1-base:1.2 pkgsrc-2023Q4:1.2.0.120 pkgsrc-2023Q4-base:1.2 pkgsrc-2023Q3:1.2.0.118 pkgsrc-2023Q3-base:1.2 pkgsrc-2023Q2:1.2.0.116 pkgsrc-2023Q2-base:1.2 pkgsrc-2023Q1:1.2.0.114 pkgsrc-2023Q1-base:1.2 pkgsrc-2022Q4:1.2.0.112 pkgsrc-2022Q4-base:1.2 pkgsrc-2022Q3:1.2.0.110 pkgsrc-2022Q3-base:1.2 pkgsrc-2022Q2:1.2.0.108 pkgsrc-2022Q2-base:1.2 pkgsrc-2022Q1:1.2.0.106 pkgsrc-2022Q1-base:1.2 pkgsrc-2021Q4:1.2.0.104 pkgsrc-2021Q4-base:1.2 pkgsrc-2021Q3:1.2.0.102 pkgsrc-2021Q3-base:1.2 pkgsrc-2021Q2:1.2.0.100 pkgsrc-2021Q2-base:1.2 pkgsrc-2021Q1:1.2.0.98 pkgsrc-2021Q1-base:1.2 pkgsrc-2020Q4:1.2.0.96 pkgsrc-2020Q4-base:1.2 pkgsrc-2020Q3:1.2.0.94 pkgsrc-2020Q3-base:1.2 pkgsrc-2020Q2:1.2.0.90 pkgsrc-2020Q2-base:1.2 pkgsrc-2020Q1:1.2.0.70 pkgsrc-2020Q1-base:1.2 pkgsrc-2019Q4:1.2.0.92 pkgsrc-2019Q4-base:1.2 pkgsrc-2019Q3:1.2.0.88 pkgsrc-2019Q3-base:1.2 pkgsrc-2019Q2:1.2.0.86 pkgsrc-2019Q2-base:1.2 pkgsrc-2019Q1:1.2.0.84 pkgsrc-2019Q1-base:1.2 pkgsrc-2018Q4:1.2.0.82 pkgsrc-2018Q4-base:1.2 pkgsrc-2018Q3:1.2.0.80 pkgsrc-2018Q3-base:1.2 pkgsrc-2018Q2:1.2.0.78 pkgsrc-2018Q2-base:1.2 pkgsrc-2018Q1:1.2.0.76 pkgsrc-2018Q1-base:1.2 pkgsrc-2017Q4:1.2.0.74 pkgsrc-2017Q4-base:1.2 pkgsrc-2017Q3:1.2.0.72 pkgsrc-2017Q3-base:1.2 pkgsrc-2017Q2:1.2.0.68 pkgsrc-2017Q2-base:1.2 pkgsrc-2017Q1:1.2.0.66 pkgsrc-2017Q1-base:1.2 pkgsrc-2016Q4:1.2.0.64 pkgsrc-2016Q4-base:1.2 pkgsrc-2016Q3:1.2.0.62 pkgsrc-2016Q3-base:1.2 pkgsrc-2016Q2:1.2.0.60 pkgsrc-2016Q2-base:1.2 pkgsrc-2016Q1:1.2.0.58 pkgsrc-2016Q1-base:1.2 pkgsrc-2015Q4:1.2.0.56 pkgsrc-2015Q4-base:1.2 pkgsrc-2015Q3:1.2.0.54 pkgsrc-2015Q3-base:1.2 pkgsrc-2015Q2:1.2.0.52 pkgsrc-2015Q2-base:1.2 pkgsrc-2015Q1:1.2.0.50 pkgsrc-2015Q1-base:1.2 pkgsrc-2014Q4:1.2.0.48 pkgsrc-2014Q4-base:1.2 pkgsrc-2014Q3:1.2.0.46 pkgsrc-2014Q3-base:1.2 pkgsrc-2014Q2:1.2.0.44 pkgsrc-2014Q2-base:1.2 pkgsrc-2014Q1:1.2.0.42 pkgsrc-2014Q1-base:1.2 pkgsrc-2013Q4:1.2.0.40 pkgsrc-2013Q4-base:1.2 pkgsrc-2013Q3:1.2.0.38 pkgsrc-2013Q3-base:1.2 pkgsrc-2013Q2:1.2.0.36 pkgsrc-2013Q2-base:1.2 pkgsrc-2013Q1:1.2.0.34 pkgsrc-2013Q1-base:1.2 pkgsrc-2012Q4:1.2.0.32 pkgsrc-2012Q4-base:1.2 pkgsrc-2012Q3:1.2.0.30 pkgsrc-2012Q3-base:1.2 pkgsrc-2012Q2:1.2.0.28 pkgsrc-2012Q2-base:1.2 pkgsrc-2012Q1:1.2.0.26 pkgsrc-2012Q1-base:1.2 pkgsrc-2011Q4:1.2.0.24 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q3:1.2.0.22 pkgsrc-2011Q3-base:1.2 pkgsrc-2011Q2:1.2.0.20 pkgsrc-2011Q2-base:1.2 pkgsrc-2011Q1:1.2.0.18 pkgsrc-2011Q1-base:1.2 pkgsrc-2010Q4:1.2.0.16 pkgsrc-2010Q4-base:1.2 pkgsrc-2010Q3:1.2.0.14 pkgsrc-2010Q3-base:1.2 pkgsrc-2010Q2:1.2.0.12 pkgsrc-2010Q2-base:1.2 pkgsrc-2010Q1:1.2.0.10 pkgsrc-2010Q1-base:1.2 pkgsrc-2009Q4:1.2.0.8 pkgsrc-2009Q4-base:1.2 pkgsrc-2009Q3:1.2.0.6 pkgsrc-2009Q3-base:1.2 pkgsrc-2009Q2:1.2.0.4 pkgsrc-2009Q2-base:1.2 pkgsrc-2009Q1:1.2.0.2 pkgsrc-2009Q1-base:1.2 pkgsrc-2008Q4:1.1.0.32 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.30 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.28 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.26 pkgsrc-2008Q2-base:1.1 cwrapper:1.1.0.24 pkgsrc-2008Q1:1.1.0.22 pkgsrc-2008Q1-base:1.1 pkgsrc-2007Q4:1.1.0.20 pkgsrc-2007Q4-base:1.1 pkgsrc-2007Q3:1.1.0.18 pkgsrc-2007Q3-base:1.1 pkgsrc-2007Q2:1.1.0.16 pkgsrc-2007Q2-base:1.1 pkgsrc-2007Q1:1.1.0.14 pkgsrc-2007Q1-base:1.1 pkgsrc-2006Q4:1.1.0.12 pkgsrc-2006Q4-base:1.1 pkgsrc-2006Q3:1.1.0.10 pkgsrc-2006Q3-base:1.1 pkgsrc-2006Q2:1.1.0.8 pkgsrc-2006Q2-base:1.1 pkgsrc-2006Q1:1.1.0.6 pkgsrc-2006Q1-base:1.1 pkgsrc-2005Q4:1.1.0.4 pkgsrc-2005Q4-base:1.1 pkgsrc-2005Q3:1.1.0.2 pkgsrc-2005Q3-base:1.1; locks; strict; comment @# @; 1.2 date 2009.03.17.13.34.06; author jmcneill; state Exp; branches; next 1.1; 1.1 date 2005.08.30.23.24.33; author jlam; state Exp; branches; next ; desc @@ 1.2 log @Fix socket credentials issue on NetBSD, and PATCHDIR typo in shared Makefile. Bump both PKGREVISIONs. @ text @$NetBSD$ --- server/gam_channel.c.orig 2007-07-04 09:36:49.000000000 -0400 +++ server/gam_channel.c @@@@ -1,8 +1,10 @@@@ #include "server_config.h" +#include #include #include #include #include +#include #include #include #include @@@@ -12,6 +14,37 @@@@ #include "gam_channel.h" #include "gam_protocol.h" +#if defined(LOCAL_PEEREID) +static gboolean +gam_nb_getpeereid(int fd, pid_t *pid, uid_t *uid, gid_t *gid) +{ + struct unpcbid cred; + socklen_t len = sizeof(cred); + + if (getsockopt(fd, 0, LOCAL_PEEREID, &cred, &len) < 0) + return FALSE; + if (pid) + *pid = cred.unp_pid; + if (uid) + *uid = cred.unp_euid; + if (gid) + *gid = cred.unp_egid; + return TRUE; +} +#elif defined(SOCKCREDSIZE) +#define BSDCRED struct sockcred +#define CRED_DATASIZE (SOCKCREDSIZE(NGROUPS)) +#define credpid(c,p) (p) +#define creduid(c) (c->sc_euid) +#define credgid(c) (c->sc_egid) +#elif defined(HAVE_CMSGCRED) +#define BSDCRED struct cmsgcred +#define CRED_DATASIZE (sizeof(struct cmsgcred)) +#define credpid(c,p) (c->cmcred_pid) +#define creduid(c) (c->cmcred_euid) +#define credgid(c) (c->cmcred_groups[0]) +#endif + /* #define CHANNEL_VERBOSE_DEBUGGING */ /************************************************************************ * * @@@@ -28,37 +61,35 @@@@ static gboolean gam_client_conn_send_cred(int fd) { - char data[2] = { 0, 0 }; - int written; -#if defined(HAVE_CMSGCRED) && !defined(LOCAL_CREDS) - struct { - struct cmsghdr hdr; - struct cmsgcred cred; - } cmsg; - struct iovec iov; struct msghdr msg; + struct iovec iov; + pid_t pid = getpid(); + int written; + +#if defined(BSDCRED) && !defined(LOCAL_CREDS) + struct cmsghdr *cmsg; + char cmsgbuf[CMSG_SPACE(CRED_DATASIZE)]; +#endif - iov.iov_base = &data[0]; - iov.iov_len = 1; + iov.iov_base = &pid; + iov.iov_len = sizeof(pid_t); memset (&msg, 0, sizeof (msg)); msg.msg_iov = &iov; msg.msg_iovlen = 1; - msg.msg_control = &cmsg; - msg.msg_controllen = sizeof (cmsg); - memset (&cmsg, 0, sizeof (cmsg)); - cmsg.hdr.cmsg_len = sizeof (cmsg); - cmsg.hdr.cmsg_level = SOL_SOCKET; - cmsg.hdr.cmsg_type = SCM_CREDS; +#if defined(BSDCRED) && !defined(LOCAL_CREDS) + memset(cmsgbuf, 0, CMSG_SPACE(CRED_DATASIZE)); + msg.msg_control = (void *)cmsgbuf; + msg.msg_controllen = CMSG_LEN(CRED_DATASIZE); + cmsg = CMSG_FIRSTHDR(&msg); + cmsg->cmsg_len = CMSG_LEN(CRED_DATASIZE); + cmsg->cmsg_level = SOL_SOCKET; + cmsg->cmsg_type = SCM_CREDS; #endif retry: -#if defined(HAVE_CMSGCRED) && !defined(LOCAL_CREDS) written = sendmsg(fd, &msg, 0); -#else - written = write(fd, &data[0], 1); -#endif if (written < 0) { if (errno == EINTR) goto retry; @@@@ -66,7 +97,7 @@@@ retry: "Failed to write credential bytes to socket %d\n", fd); return (-1); } - if (written != 1) { + if (written != iov.iov_len) { gam_error(DEBUG_INFO, "Wrote %d credential bytes to socket %d\n", written, fd); return (-1); @@@@ -89,43 +120,26 @@@@ gam_client_conn_check_cred(GIOChannel * { struct msghdr msg; struct iovec iov; - char buf; - pid_t c_pid; + pid_t c_pid, pid; uid_t c_uid, s_uid; gid_t c_gid; -#ifdef HAVE_CMSGCRED - struct { - struct cmsghdr hdr; - struct cmsgcred cred; - } cmsg; -#endif - - s_uid = getuid(); - -#if defined(LOCAL_CREDS) && defined(HAVE_CMSGCRED) - /* Set the socket to receive credentials on the next message */ - { - int on = 1; - - if (setsockopt(fd, 0, LOCAL_CREDS, &on, sizeof(on)) < 0) { - gam_error(DEBUG_INFO, "Unable to set LOCAL_CREDS socket option\n"); - return FALSE; - } - } +#if defined(BSDCRED) + struct cmsghdr *cmsg; + char cmsgbuf[CMSG_SPACE(CRED_DATASIZE)]; #endif - iov.iov_base = &buf; - iov.iov_len = 1; + iov.iov_base = &pid; + iov.iov_len = sizeof(pid_t); memset(&msg, 0, sizeof(msg)); msg.msg_iov = &iov; msg.msg_iovlen = 1; -#ifdef HAVE_CMSGCRED - memset(&cmsg, 0, sizeof(cmsg)); - msg.msg_control = &cmsg; - msg.msg_controllen = sizeof(cmsg); +#if defined(BSDCRED) + memset(cmsgbuf, 0, sizeof(cmsgbuf)); + msg.msg_control = (void *)cmsgbuf; + msg.msg_controllen = sizeof(cmsgbuf); #endif retry: @@@@ -133,26 +147,33 @@@@ gam_client_conn_check_cred(GIOChannel * if (errno == EINTR) goto retry; - GAM_DEBUG(DEBUG_INFO, "Failed to read credentials byte on %d\n", fd); + GAM_DEBUG(DEBUG_INFO, "Failed to read credential bytes on %d\n", fd); goto failed; } - - if (buf != '\0') { - GAM_DEBUG(DEBUG_INFO, "Credentials byte was not nul on %d\n", fd); + GAM_DEBUG(DEBUG_INFO, "Read pid %d on %d\n", pid, fd); +#if defined(BSDCRED) + if (msg.msg_controllen == 0) { + GAM_DEBUG(DEBUG_INFO, + "No control message received over recvmsg()\n"); goto failed; } -#ifdef HAVE_CMSGCRED - if (cmsg.hdr.cmsg_len < sizeof(cmsg) || cmsg.hdr.cmsg_type != SCM_CREDS) { + if ((msg.msg_flags & MSG_CTRUNC) != 0) { + GAM_DEBUG(DEBUG_INFO, + "Lost control message data over recvmsg()\n"); + goto failed; + } + cmsg = CMSG_FIRSTHDR(&msg); + if (cmsg->cmsg_type != SCM_CREDS) { GAM_DEBUG(DEBUG_INFO, "Message from recvmsg() was not SCM_CREDS\n"); goto failed; } #endif - GAM_DEBUG(DEBUG_INFO, "read credentials byte\n"); + GAM_DEBUG(DEBUG_INFO, "read credential bytes\n"); { -#ifdef SO_PEERCRED +#if defined(SO_PEERCRED) struct ucred cr; socklen_t cr_len = sizeof(cr); @@@@ -167,23 +188,37 @@@@ gam_client_conn_check_cred(GIOChannel * fd, cr_len, (int) sizeof(cr)); goto failed; } -#elif defined(HAVE_CMSGCRED) - c_pid = cmsg.cred.cmcred_pid; - c_uid = cmsg.cred.cmcred_euid; - c_gid = cmsg.cred.cmcred_groups[0]; -#else /* !SO_PEERCRED && !HAVE_CMSGCRED */ +#elif defined(LOCAL_PEEREID) + if (gam_nb_getpeereid(fd, &c_pid, &c_uid, &c_gid) == FALSE) { + GAM_DEBUG(DEBUG_INFO, + "Failed to gam_nb_getpeereid() credentials on %d\n", fd); + goto failed; + } +#elif defined(BSDCRED) + BSDCRED *cr = (BSDCRED *)CMSG_DATA(cmsg); + c_pid = credpid(cr, pid); + c_uid = creduid(cr); + c_gid = credgid(cr); +#else GAM_DEBUG(DEBUG_INFO, "Socket credentials not supported on this OS\n"); goto failed; #endif } + s_uid = getuid(); if (s_uid != c_uid) { GAM_DEBUG(DEBUG_INFO, "Credentials check failed: s_uid %d, c_uid %d\n", (int) s_uid, (int) c_uid); goto failed; } + if (pid != c_pid) { + GAM_DEBUG(DEBUG_INFO, + "read credentials do not match: pid %d, c_pid %d\n", + (int) pid, (int) c_pid); + goto failed; + } GAM_DEBUG(DEBUG_INFO, "Credentials: s_uid %d, c_uid %d, c_gid %d, c_pid %d\n", (int) s_uid, (int) c_uid, (int) c_gid, (int) c_pid); @@@@ -194,7 +229,7 @@@@ gam_client_conn_check_cred(GIOChannel * } if (!gam_client_conn_send_cred(fd)) { - GAM_DEBUG(DEBUG_INFO, "Failed to send credential byte to client\n"); + GAM_DEBUG(DEBUG_INFO, "Failed to send credential bytes to client\n"); goto failed; } @@@@ -551,12 +586,6 @@@@ gam_check_secure_path(const char *path) goto cleanup; } #endif - if (st.st_mode & (S_IRWXG|S_IRWXO)) { - gam_error(DEBUG_INFO, - "Socket %s has wrong permissions\n", - path); - goto cleanup; - } /* * Looks good though binding may fail due to an existing server */ @@@@ -620,6 +649,7 @@@@ gam_listen_unix_socket(const char *path) { int fd; struct sockaddr_un addr; + struct stat st; fd = socket(PF_UNIX, SOCK_STREAM, 0); if (fd < 0) { @@@@ -646,6 +676,18 @@@@ gam_listen_unix_socket(const char *path) strncpy(&addr.sun_path[0], path, (sizeof(addr) - 4) - 1); umask(0077); #endif +#if defined(BSDCRED) && defined(LOCAL_CREDS) + /* Set the socket to receive credentials. */ + { + int on = 1; + + if (setsockopt(fd, 0, LOCAL_CREDS, &on, sizeof(on)) < 0) { + gam_error(DEBUG_INFO, + "Unable to setsockopt() LOCAL_CREDS on %d\n", fd); + return(-1); + } + } +#endif if (bind(fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) { GAM_DEBUG(DEBUG_INFO, "Failed to bind to socket %s\n", path); @ 1.1 log @Port gamin to NetBSD by rewriting the routines that rely on socket credentials to understand NetBSD's sockcred. Bump the PKGREVISION to 1. @ text @d3 1 a3 1 --- server/gam_channel.c.orig 2005-08-09 12:17:39.000000000 -0400 d5 4 a8 1 @@@@ -3,6 +3,7 @@@@ d16 1 a16 1 @@@@ -12,6 +13,20 @@@@ d20 18 a37 1 +#if defined(SOCKCREDSIZE) d54 1 a54 1 @@@@ -28,37 +43,35 @@@@ d110 1 a110 1 @@@@ -66,7 +79,7 @@@@ retry: d119 1 a119 1 @@@@ -89,43 +102,26 @@@@ gam_client_conn_check_cred(GIOChannel * d134 2 a135 5 +#if defined(BSDCRED) + struct cmsghdr *cmsg; + char cmsgbuf[CMSG_SPACE(CRED_DATASIZE)]; #endif d148 5 a152 2 -#endif - d173 1 a173 1 @@@@ -133,26 +129,33 @@@@ gam_client_conn_check_cred(GIOChannel * a188 5 + goto failed; + } + if ((msg.msg_flags & MSG_CTRUNC) != 0) { + GAM_DEBUG(DEBUG_INFO, + "Lost control message data over recvmsg()\n"); d193 5 d215 1 a215 1 @@@@ -167,23 +170,31 @@@@ gam_client_conn_check_cred(GIOChannel * d224 6 d258 1 a258 1 @@@@ -194,7 +205,7 @@@@ gam_client_conn_check_cred(GIOChannel * d267 1 a267 1 @@@@ -551,12 +562,6 @@@@ gam_check_secure_path(const char *path) d280 9 a288 1 @@@@ -646,6 +651,18 @@@@ gam_listen_unix_socket(const char *path) @