[thirdparty/systemd.git] / src / shared / clean-ipc.c

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

/***
  This file is part of systemd.

  Copyright 2014 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <sys/ipc.h>
#include <sys/shm.h>
#include <sys/sem.h>
#include <sys/msg.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <dirent.h>
#include <mqueue.h>

#include "util.h"
#include "strv.h"
#include "clean-ipc.h"

static int clean_sysvipc_shm(uid_t delete_uid) {
        _cleanup_fclose_ FILE *f = NULL;
        char line[LINE_MAX];
        bool first = true;
        int ret = 0;

        f = fopen("/proc/sysvipc/shm", "re");
        if (!f) {
                if (errno == ENOENT)
                        return 0;

                log_warning_errno(errno, "Failed to open /proc/sysvipc/shm: %m");
                return -errno;
        }

        FOREACH_LINE(line, f, goto fail) {
                unsigned n_attached;
                pid_t cpid, lpid;
                uid_t uid, cuid;
                gid_t gid, cgid;
                int shmid;

                if (first) {
                        first = false;
                        continue;
                }

                truncate_nl(line);

                if (sscanf(line, "%*i %i %*o %*u " PID_FMT " " PID_FMT " %u " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT,
                           &shmid, &cpid, &lpid, &n_attached, &uid, &gid, &cuid, &cgid) != 8)
                        continue;

                if (n_attached > 0)
                        continue;

                if (uid != delete_uid)
                        continue;

                if (shmctl(shmid, IPC_RMID, NULL) < 0) {

                        /* Ignore entries that are already deleted */
                        if (errno == EIDRM || errno == EINVAL)
                                continue;

                        log_warning_errno(errno, "Failed to remove SysV shared memory segment %i: %m", shmid);
                        ret = -errno;
                }
        }

        return ret;

fail:
        log_warning_errno(errno, "Failed to read /proc/sysvipc/shm: %m");
        return -errno;
}

static int clean_sysvipc_sem(uid_t delete_uid) {
        _cleanup_fclose_ FILE *f = NULL;
        char line[LINE_MAX];
        bool first = true;
        int ret = 0;

        f = fopen("/proc/sysvipc/sem", "re");
        if (!f) {
                if (errno == ENOENT)
                        return 0;

                log_warning_errno(errno, "Failed to open /proc/sysvipc/sem: %m");
                return -errno;
        }

        FOREACH_LINE(line, f, goto fail) {
                uid_t uid, cuid;
                gid_t gid, cgid;
                int semid;

                if (first) {
                        first = false;
                        continue;
                }

                truncate_nl(line);

                if (sscanf(line, "%*i %i %*o %*u " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT,
                           &semid, &uid, &gid, &cuid, &cgid) != 5)
                        continue;

                if (uid != delete_uid)
                        continue;

                if (semctl(semid, 0, IPC_RMID) < 0) {

                        /* Ignore entries that are already deleted */
                        if (errno == EIDRM || errno == EINVAL)
                                continue;

                        log_warning_errno(errno, "Failed to remove SysV semaphores object %i: %m", semid);
                        ret = -errno;
                }
        }

        return ret;

fail:
        log_warning_errno(errno, "Failed to read /proc/sysvipc/sem: %m");
        return -errno;
}

static int clean_sysvipc_msg(uid_t delete_uid) {
        _cleanup_fclose_ FILE *f = NULL;
        char line[LINE_MAX];
        bool first = true;
        int ret = 0;

        f = fopen("/proc/sysvipc/msg", "re");
        if (!f) {
                if (errno == ENOENT)
                        return 0;

                log_warning_errno(errno, "Failed to open /proc/sysvipc/msg: %m");
                return -errno;
        }

        FOREACH_LINE(line, f, goto fail) {
                uid_t uid, cuid;
                gid_t gid, cgid;
                pid_t cpid, lpid;
                int msgid;

                if (first) {
                        first = false;
                        continue;
                }

                truncate_nl(line);

                if (sscanf(line, "%*i %i %*o %*u %*u " PID_FMT " " PID_FMT " " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT,
                           &msgid, &cpid, &lpid, &uid, &gid, &cuid, &cgid) != 7)
                        continue;

                if (uid != delete_uid)
                        continue;

                if (msgctl(msgid, IPC_RMID, NULL) < 0) {

                        /* Ignore entries that are already deleted */
                        if (errno == EIDRM || errno == EINVAL)
                                continue;

                        log_warning_errno(errno, "Failed to remove SysV message queue %i: %m", msgid);
                        ret = -errno;
                }
        }

        return ret;

fail:
        log_warning_errno(errno, "Failed to read /proc/sysvipc/msg: %m");
        return -errno;
}

static int clean_posix_shm_internal(DIR *dir, uid_t uid) {
        struct dirent *de;
        int ret = 0, r;

        assert(dir);

        FOREACH_DIRENT(de, dir, goto fail) {
                struct stat st;

                if (STR_IN_SET(de->d_name, "..", "."))
                        continue;

                if (fstatat(dirfd(dir), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
                        if (errno == ENOENT)
                                continue;

                        log_warning_errno(errno, "Failed to stat() POSIX shared memory segment %s: %m", de->d_name);
                        ret = -errno;
                        continue;
                }

                if (st.st_uid != uid)
                        continue;

                if (S_ISDIR(st.st_mode)) {
                        _cleanup_closedir_ DIR *kid;

                        kid = xopendirat(dirfd(dir), de->d_name, O_NOFOLLOW|O_NOATIME);
                        if (!kid) {
                                if (errno != ENOENT) {
                                        log_warning_errno(errno, "Failed to enter shared memory directory %s: %m", de->d_name);
                                        ret = -errno;
                                }
                        } else {
                                r = clean_posix_shm_internal(kid, uid);
                                if (r < 0)
                                        ret = r;
                        }

                        if (unlinkat(dirfd(dir), de->d_name, AT_REMOVEDIR) < 0) {

                                if (errno == ENOENT)
                                        continue;

                                log_warning_errno(errno, "Failed to remove POSIX shared memory directory %s: %m", de->d_name);
                                ret = -errno;
                        }
                } else {

                        if (unlinkat(dirfd(dir), de->d_name, 0) < 0) {

                                if (errno == ENOENT)
                                        continue;

                                log_warning_errno(errno, "Failed to remove POSIX shared memory segment %s: %m", de->d_name);
                                ret = -errno;
                        }
                }
        }

        return ret;

fail:
        log_warning_errno(errno, "Failed to read /dev/shm: %m");
        return -errno;
}

static int clean_posix_shm(uid_t uid) {
        _cleanup_closedir_ DIR *dir = NULL;

        dir = opendir("/dev/shm");
        if (!dir) {
                if (errno == ENOENT)
                        return 0;

                log_warning_errno(errno, "Failed to open /dev/shm: %m");
                return -errno;
        }

        return clean_posix_shm_internal(dir, uid);
}

static int clean_posix_mq(uid_t uid) {
        _cleanup_closedir_ DIR *dir = NULL;
        struct dirent *de;
        int ret = 0;

        dir = opendir("/dev/mqueue");
        if (!dir) {
                if (errno == ENOENT)
                        return 0;

                log_warning_errno(errno, "Failed to open /dev/mqueue: %m");
                return -errno;
        }

        FOREACH_DIRENT(de, dir, goto fail) {
                struct stat st;
                char fn[1+strlen(de->d_name)+1];

                if (STR_IN_SET(de->d_name, "..", "."))
                        continue;

                if (fstatat(dirfd(dir), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
                        if (errno == ENOENT)
                                continue;

                        log_warning_errno(errno, "Failed to stat() MQ segment %s: %m", de->d_name);
                        ret = -errno;
                        continue;
                }

                if (st.st_uid != uid)
                        continue;

                fn[0] = '/';
                strcpy(fn+1, de->d_name);

                if (mq_unlink(fn) < 0) {
                        if (errno == ENOENT)
                                continue;

                        log_warning_errno(errno, "Failed to unlink POSIX message queue %s: %m", fn);
                        ret = -errno;
                }
        }

        return ret;

fail:
        log_warning_errno(errno, "Failed to read /dev/mqueue: %m");
        return -errno;
}

int clean_ipc(uid_t uid) {
        int ret = 0, r;

        /* Refuse to clean IPC of the root and system users */
        if (uid <= SYSTEM_UID_MAX)
                return 0;

        r = clean_sysvipc_shm(uid);
        if (r < 0)
                ret = r;

        r = clean_sysvipc_sem(uid);
        if (r < 0)
                ret = r;

        r = clean_sysvipc_msg(uid);
        if (r < 0)
                ret = r;

        r = clean_posix_shm(uid);
        if (r < 0)
                ret = r;

        r = clean_posix_mq(uid);
        if (r < 0)
                ret = r;

        return ret;
}
Commit	Line	Data
66cdd0f2 LP	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
	2
	3	/***
	4	This file is part of systemd.
	5
	6	Copyright 2014 Lennart Poettering
	7
	8	systemd is free software; you can redistribute it and/or modify it
	9	under the terms of the GNU Lesser General Public License as published by
	10	the Free Software Foundation; either version 2.1 of the License, or
	11	(at your option) any later version.
	12
	13	systemd is distributed in the hope that it will be useful, but
	14	WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	16	Lesser General Public License for more details.
	17
	18	You should have received a copy of the GNU Lesser General Public License
	19	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	20	***/
	21
	22	#include <sys/ipc.h>
	23	#include <sys/shm.h>
	24	#include <sys/sem.h>
	25	#include <sys/msg.h>
	26	#include <sys/stat.h>
66cdd0f2 LP	27	#include <fcntl.h>
	28	#include <dirent.h>
	29	#include <mqueue.h>
	30
	31	#include "util.h"
	32	#include "strv.h"
	33	#include "clean-ipc.h"
	34
	35	static int clean_sysvipc_shm(uid_t delete_uid) {
	36	_cleanup_fclose_ FILE *f = NULL;
	37	char line[LINE_MAX];
	38	bool first = true;
	39	int ret = 0;
	40
	41	f = fopen("/proc/sysvipc/shm", "re");
	42	if (!f) {
	43	if (errno == ENOENT)
	44	return 0;
	45
56f64d95	46	log_warning_errno(errno, "Failed to open /proc/sysvipc/shm: %m");
66cdd0f2 LP	47	return -errno;
	48	}
	49
	50	FOREACH_LINE(line, f, goto fail) {
	51	unsigned n_attached;
	52	pid_t cpid, lpid;
	53	uid_t uid, cuid;
	54	gid_t gid, cgid;
	55	int shmid;
	56
	57	if (first) {
	58	first = false;
	59	continue;
	60	}
	61
	62	truncate_nl(line);
	63
	64	if (sscanf(line, "%i %i %o %*u " PID_FMT " " PID_FMT " %u " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT,
	65	&shmid, &cpid, &lpid, &n_attached, &uid, &gid, &cuid, &cgid) != 8)
	66	continue;
	67
	68	if (n_attached > 0)
	69	continue;
	70
	71	if (uid != delete_uid)
	72	continue;
	73
	74	if (shmctl(shmid, IPC_RMID, NULL) < 0) {
	75
	76	/* Ignore entries that are already deleted */
	77	if (errno == EIDRM \|\| errno == EINVAL)
	78	continue;
	79
56f64d95	80	log_warning_errno(errno, "Failed to remove SysV shared memory segment %i: %m", shmid);
66cdd0f2 LP	81	ret = -errno;
	82	}
	83	}
	84
	85	return ret;
	86
	87	fail:
56f64d95	88	log_warning_errno(errno, "Failed to read /proc/sysvipc/shm: %m");
66cdd0f2 LP	89	return -errno;
	90	}
	91
	92	static int clean_sysvipc_sem(uid_t delete_uid) {
	93	_cleanup_fclose_ FILE *f = NULL;
	94	char line[LINE_MAX];
	95	bool first = true;
	96	int ret = 0;
	97
	98	f = fopen("/proc/sysvipc/sem", "re");
	99	if (!f) {
	100	if (errno == ENOENT)
	101	return 0;
	102
56f64d95	103	log_warning_errno(errno, "Failed to open /proc/sysvipc/sem: %m");
66cdd0f2 LP	104	return -errno;
	105	}
	106
	107	FOREACH_LINE(line, f, goto fail) {
	108	uid_t uid, cuid;
	109	gid_t gid, cgid;
	110	int semid;
	111
	112	if (first) {
	113	first = false;
	114	continue;
	115	}
	116
	117	truncate_nl(line);
	118
	119	if (sscanf(line, "%i %i %o %*u " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT,
	120	&semid, &uid, &gid, &cuid, &cgid) != 5)
	121	continue;
	122
	123	if (uid != delete_uid)
	124	continue;
	125
	126	if (semctl(semid, 0, IPC_RMID) < 0) {
	127
	128	/* Ignore entries that are already deleted */
	129	if (errno == EIDRM \|\| errno == EINVAL)
	130	continue;
	131
56f64d95	132	log_warning_errno(errno, "Failed to remove SysV semaphores object %i: %m", semid);
66cdd0f2 LP	133	ret = -errno;
	134	}
	135	}
	136
	137	return ret;
	138
	139	fail:
56f64d95	140	log_warning_errno(errno, "Failed to read /proc/sysvipc/sem: %m");
66cdd0f2 LP	141	return -errno;
	142	}
	143
	144	static int clean_sysvipc_msg(uid_t delete_uid) {
	145	_cleanup_fclose_ FILE *f = NULL;
	146	char line[LINE_MAX];
	147	bool first = true;
	148	int ret = 0;
	149
	150	f = fopen("/proc/sysvipc/msg", "re");
	151	if (!f) {
	152	if (errno == ENOENT)
	153	return 0;
	154
56f64d95	155	log_warning_errno(errno, "Failed to open /proc/sysvipc/msg: %m");
66cdd0f2 LP	156	return -errno;
	157	}
	158
	159	FOREACH_LINE(line, f, goto fail) {
	160	uid_t uid, cuid;
	161	gid_t gid, cgid;
	162	pid_t cpid, lpid;
	163	int msgid;
	164
	165	if (first) {
	166	first = false;
	167	continue;
	168	}
	169
	170	truncate_nl(line);
	171
	172	if (sscanf(line, "%i %i %o %u %u " PID_FMT " " PID_FMT " " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT,
	173	&msgid, &cpid, &lpid, &uid, &gid, &cuid, &cgid) != 7)
	174	continue;
	175
	176	if (uid != delete_uid)
	177	continue;
	178
	179	if (msgctl(msgid, IPC_RMID, NULL) < 0) {
	180
	181	/* Ignore entries that are already deleted */
	182	if (errno == EIDRM \|\| errno == EINVAL)
	183	continue;
	184
56f64d95	185	log_warning_errno(errno, "Failed to remove SysV message queue %i: %m", msgid);
66cdd0f2 LP	186	ret = -errno;
	187	}
	188	}
	189
	190	return ret;
	191
	192	fail:
56f64d95	193	log_warning_errno(errno, "Failed to read /proc/sysvipc/msg: %m");
66cdd0f2 LP	194	return -errno;
	195	}
	196
	197	static int clean_posix_shm_internal(DIR *dir, uid_t uid) {
	198	struct dirent *de;
	199	int ret = 0, r;
	200
	201	assert(dir);
	202
	203	FOREACH_DIRENT(de, dir, goto fail) {
	204	struct stat st;
	205
	206	if (STR_IN_SET(de->d_name, "..", "."))
	207	continue;
	208
	209	if (fstatat(dirfd(dir), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
	210	if (errno == ENOENT)
	211	continue;
	212
56f64d95	213	log_warning_errno(errno, "Failed to stat() POSIX shared memory segment %s: %m", de->d_name);
66cdd0f2 LP	214	ret = -errno;
	215	continue;
	216	}
	217
	218	if (st.st_uid != uid)
	219	continue;
	220
	221	if (S_ISDIR(st.st_mode)) {
	222	_cleanup_closedir_ DIR *kid;
	223
	224	kid = xopendirat(dirfd(dir), de->d_name, O_NOFOLLOW\|O_NOATIME);
	225	if (!kid) {
	226	if (errno != ENOENT) {
56f64d95	227	log_warning_errno(errno, "Failed to enter shared memory directory %s: %m", de->d_name);
66cdd0f2 LP	228	ret = -errno;
	229	}
	230	} else {
	231	r = clean_posix_shm_internal(kid, uid);
	232	if (r < 0)
	233	ret = r;
	234	}
	235
	236	if (unlinkat(dirfd(dir), de->d_name, AT_REMOVEDIR) < 0) {
	237
	238	if (errno == ENOENT)
	239	continue;
	240
56f64d95	241	log_warning_errno(errno, "Failed to remove POSIX shared memory directory %s: %m", de->d_name);
66cdd0f2 LP	242	ret = -errno;
	243	}
	244	} else {
	245
	246	if (unlinkat(dirfd(dir), de->d_name, 0) < 0) {
	247
	248	if (errno == ENOENT)
	249	continue;
	250
56f64d95	251	log_warning_errno(errno, "Failed to remove POSIX shared memory segment %s: %m", de->d_name);
66cdd0f2 LP	252	ret = -errno;
	253	}
	254	}
	255	}
	256
	257	return ret;
	258
	259	fail:
56f64d95	260	log_warning_errno(errno, "Failed to read /dev/shm: %m");
66cdd0f2 LP	261	return -errno;
	262	}
	263
	264	static int clean_posix_shm(uid_t uid) {
	265	_cleanup_closedir_ DIR *dir = NULL;
	266
	267	dir = opendir("/dev/shm");
	268	if (!dir) {
	269	if (errno == ENOENT)
	270	return 0;
	271
56f64d95	272	log_warning_errno(errno, "Failed to open /dev/shm: %m");
66cdd0f2 LP	273	return -errno;
	274	}
	275
	276	return clean_posix_shm_internal(dir, uid);
	277	}
	278
	279	static int clean_posix_mq(uid_t uid) {
	280	_cleanup_closedir_ DIR *dir = NULL;
	281	struct dirent *de;
	282	int ret = 0;
	283
	284	dir = opendir("/dev/mqueue");
	285	if (!dir) {
	286	if (errno == ENOENT)
	287	return 0;
	288
56f64d95	289	log_warning_errno(errno, "Failed to open /dev/mqueue: %m");
66cdd0f2 LP	290	return -errno;
	291	}
	292
	293	FOREACH_DIRENT(de, dir, goto fail) {
	294	struct stat st;
	295	char fn[1+strlen(de->d_name)+1];
	296
	297	if (STR_IN_SET(de->d_name, "..", "."))
	298	continue;
	299
	300	if (fstatat(dirfd(dir), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
	301	if (errno == ENOENT)
	302	continue;
	303
56f64d95	304	log_warning_errno(errno, "Failed to stat() MQ segment %s: %m", de->d_name);
66cdd0f2 LP	305	ret = -errno;
	306	continue;
	307	}
	308
	309	if (st.st_uid != uid)
	310	continue;
	311
	312	fn[0] = '/';
	313	strcpy(fn+1, de->d_name);
	314
	315	if (mq_unlink(fn) < 0) {
	316	if (errno == ENOENT)
	317	continue;
	318
56f64d95	319	log_warning_errno(errno, "Failed to unlink POSIX message queue %s: %m", fn);
66cdd0f2 LP	320	ret = -errno;
	321	}
	322	}
	323
	324	return ret;
	325
	326	fail:
56f64d95	327	log_warning_errno(errno, "Failed to read /dev/mqueue: %m");
66cdd0f2 LP	328	return -errno;
	329	}
	330
	331	int clean_ipc(uid_t uid) {
	332	int ret = 0, r;
	333
f7dc3ab9 LP	334	/* Refuse to clean IPC of the root and system users */
f7dc3ab9 LP	335	if (uid <= SYSTEM_UID_MAX)
66cdd0f2 LP	336	return 0;
	337
	338	r = clean_sysvipc_shm(uid);
	339	if (r < 0)
	340	ret = r;
	341
	342	r = clean_sysvipc_sem(uid);
	343	if (r < 0)
	344	ret = r;
	345
	346	r = clean_sysvipc_msg(uid);
	347	if (r < 0)
	348	ret = r;
	349
	350	r = clean_posix_shm(uid);
	351	if (r < 0)
	352	ret = r;
	353
	354	r = clean_posix_mq(uid);
	355	if (r < 0)
	356	ret = r;
	357
	358	return ret;
	359	}