From 470ddce435f04b56005a31fc6a1b1813415c1260 Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Fri, 11 Mar 2011 14:14:04 +0100 Subject: [PATCH] qrexec_daemon creates VMname-based link to its socket --- qrexec/glue.h | 2 +- qrexec/qrexec_daemon.c | 13 ++++++------- qrexec/unix_server.c | 8 +++++++- 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/qrexec/glue.h b/qrexec/glue.h index abcad649..81c6c9e5 100644 --- a/qrexec/glue.h +++ b/qrexec/glue.h @@ -32,7 +32,7 @@ int write_all_vchan_ext(void *buf, int size); int buffer_space_vchan_ext(); void fix_fds(int fdin, int fdout, int fderr); -int get_server_socket(int domid); +int get_server_socket(int domid, char * domname); int do_accept(int s); enum { diff --git a/qrexec/qrexec_daemon.c b/qrexec/qrexec_daemon.c index 906905e4..c955dbd2 100644 --- a/qrexec/qrexec_daemon.c +++ b/qrexec/qrexec_daemon.c @@ -55,7 +55,7 @@ void handle_usr1(int x) exit(0); } -char domain_id[64]; +char *remote_domain_name; void init(int xid) { @@ -66,7 +66,6 @@ void init(int xid) fprintf(stderr, "domain id=0?\n"); exit(1); } - snprintf(domain_id, sizeof(domain_id), "%d", xid); signal(SIGUSR1, handle_usr1); switch (fork()) { case -1: @@ -83,6 +82,8 @@ void init(int xid) "/var/log/qubes/qrexec.%d.log", xid); umask(0007); logfd = open(dbg_log, O_WRONLY | O_CREAT | O_TRUNC, 0640); + umask(0077); + dup2(logfd, 1); dup2(logfd, 2); @@ -92,11 +93,9 @@ void init(int xid) exit(1); } - umask(0); - server_fd = get_server_socket(xid); - umask(0077); - peer_client_init(xid, REXEC_PORT); + remote_domain_name = peer_client_init(xid, REXEC_PORT); setuid(getuid()); + server_fd = get_server_socket(xid, remote_domain_name); signal(SIGPIPE, SIG_IGN); signal(SIGCHLD, SIG_IGN); signal(SIGUSR1, SIG_DFL); @@ -284,7 +283,7 @@ void handle_trigger_exec(int req) signal(SIGCHLD, SIG_DFL); signal(SIGPIPE, SIG_DFL); execl("/usr/lib/qubes/qrexec_client", "qrexec_client", "-d", - domain_id, "-l", lcmd, rcmd, NULL); + remote_domain_name, "-l", lcmd, rcmd, NULL); perror("execl"); exit(1); } diff --git a/qrexec/unix_server.c b/qrexec/unix_server.c index aedf9167..14a61273 100644 --- a/qrexec/unix_server.c +++ b/qrexec/unix_server.c @@ -27,15 +27,21 @@ #include #include "qrexec.h" -int get_server_socket(int domid) +int get_server_socket(int domid, char *domname) { struct sockaddr_un sockname; int s; char socket_address[40]; + char link_to_socket_name[strlen(domname) + sizeof(socket_address)]; snprintf(socket_address, sizeof(socket_address), QREXEC_DAEMON_SOCKET_DIR "/qrexec.%d", domid); + snprintf(link_to_socket_name, sizeof link_to_socket_name, + QREXEC_DAEMON_SOCKET_DIR "/qrexec.%s", domname); unlink(socket_address); + unlink(link_to_socket_name); + symlink(socket_address, link_to_socket_name); + s = socket(AF_UNIX, SOCK_STREAM, 0); memset(&sockname, 0, sizeof(sockname)); sockname.sun_family = AF_UNIX;