[thirdparty/systemd.git] / src / shared / clean-ipc.c

/***
  This file is part of systemd.

  Copyright 2014 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
#include <mqueue.h>
#include <stdbool.h>
#include <stdio.h>
#include <string.h>
#include <sys/ipc.h>
#include <sys/msg.h>
#include <sys/sem.h>
#include <sys/shm.h>
#include <sys/stat.h>
#include <unistd.h>

#include "clean-ipc.h"
#include "dirent-util.h"
#include "fd-util.h"
#include "fileio.h"
#include "formats-util.h"
#include "log.h"
#include "macro.h"
#include "string-util.h"
#include "strv.h"

static int clean_sysvipc_shm(uid_t delete_uid) {
        _cleanup_fclose_ FILE *f = NULL;
        char line[LINE_MAX];
        bool first = true;
        int ret = 0;

        f = fopen("/proc/sysvipc/shm", "re");
        if (!f) {
                if (errno == ENOENT)
                        return 0;

                return log_warning_errno(errno, "Failed to open /proc/sysvipc/shm: %m");
        }

        FOREACH_LINE(line, f, goto fail) {
                unsigned n_attached;
                pid_t cpid, lpid;
                uid_t uid, cuid;
                gid_t gid, cgid;
                int shmid;

                if (first) {
                        first = false;
                        continue;
                }

                truncate_nl(line);

                if (sscanf(line, "%*i %i %*o %*u " PID_FMT " " PID_FMT " %u " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT,
                           &shmid, &cpid, &lpid, &n_attached, &uid, &gid, &cuid, &cgid) != 8)
                        continue;

                if (n_attached > 0)
                        continue;

                if (uid != delete_uid)
                        continue;

                if (shmctl(shmid, IPC_RMID, NULL) < 0) {

                        /* Ignore entries that are already deleted */
                        if (errno == EIDRM || errno == EINVAL)
                                continue;

                        ret = log_warning_errno(errno,
                                                "Failed to remove SysV shared memory segment %i: %m",
                                                shmid);
                }
        }

        return ret;

fail:
        return log_warning_errno(errno, "Failed to read /proc/sysvipc/shm: %m");
}

static int clean_sysvipc_sem(uid_t delete_uid) {
        _cleanup_fclose_ FILE *f = NULL;
        char line[LINE_MAX];
        bool first = true;
        int ret = 0;

        f = fopen("/proc/sysvipc/sem", "re");
        if (!f) {
                if (errno == ENOENT)
                        return 0;

                return log_warning_errno(errno, "Failed to open /proc/sysvipc/sem: %m");
        }

        FOREACH_LINE(line, f, goto fail) {
                uid_t uid, cuid;
                gid_t gid, cgid;
                int semid;

                if (first) {
                        first = false;
                        continue;
                }

                truncate_nl(line);

                if (sscanf(line, "%*i %i %*o %*u " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT,
                           &semid, &uid, &gid, &cuid, &cgid) != 5)
                        continue;

                if (uid != delete_uid)
                        continue;

                if (semctl(semid, 0, IPC_RMID) < 0) {

                        /* Ignore entries that are already deleted */
                        if (errno == EIDRM || errno == EINVAL)
                                continue;

                        ret = log_warning_errno(errno,
                                                "Failed to remove SysV semaphores object %i: %m",
                                                semid);
                }
        }

        return ret;

fail:
        return log_warning_errno(errno, "Failed to read /proc/sysvipc/sem: %m");
}

static int clean_sysvipc_msg(uid_t delete_uid) {
        _cleanup_fclose_ FILE *f = NULL;
        char line[LINE_MAX];
        bool first = true;
        int ret = 0;

        f = fopen("/proc/sysvipc/msg", "re");
        if (!f) {
                if (errno == ENOENT)
                        return 0;

                return log_warning_errno(errno, "Failed to open /proc/sysvipc/msg: %m");
        }

        FOREACH_LINE(line, f, goto fail) {
                uid_t uid, cuid;
                gid_t gid, cgid;
                pid_t cpid, lpid;
                int msgid;

                if (first) {
                        first = false;
                        continue;
                }

                truncate_nl(line);

                if (sscanf(line, "%*i %i %*o %*u %*u " PID_FMT " " PID_FMT " " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT,
                           &msgid, &cpid, &lpid, &uid, &gid, &cuid, &cgid) != 7)
                        continue;

                if (uid != delete_uid)
                        continue;

                if (msgctl(msgid, IPC_RMID, NULL) < 0) {

                        /* Ignore entries that are already deleted */
                        if (errno == EIDRM || errno == EINVAL)
                                continue;

                        ret = log_warning_errno(errno,
                                                "Failed to remove SysV message queue %i: %m",
                                                msgid);
                }
        }

        return ret;

fail:
        return log_warning_errno(errno, "Failed to read /proc/sysvipc/msg: %m");
}

static int clean_posix_shm_internal(DIR *dir, uid_t uid) {
        struct dirent *de;
        int ret = 0, r;

        assert(dir);

        FOREACH_DIRENT_ALL(de, dir, goto fail) {
                struct stat st;

                if (STR_IN_SET(de->d_name, "..", "."))
                        continue;

                if (fstatat(dirfd(dir), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
                        if (errno == ENOENT)
                                continue;

                        ret = log_warning_errno(errno, "Failed to stat() POSIX shared memory segment %s: %m", de->d_name);
                        continue;
                }

                if (st.st_uid != uid)
                        continue;

                if (S_ISDIR(st.st_mode)) {
                        _cleanup_closedir_ DIR *kid;

                        kid = xopendirat(dirfd(dir), de->d_name, O_NOFOLLOW|O_NOATIME);
                        if (!kid) {
                                if (errno != ENOENT)
                                        ret = log_warning_errno(errno, "Failed to enter shared memory directory %s: %m", de->d_name);
                        } else {
                                r = clean_posix_shm_internal(kid, uid);
                                if (r < 0)
                                        ret = r;
                        }

                        if (unlinkat(dirfd(dir), de->d_name, AT_REMOVEDIR) < 0) {

                                if (errno == ENOENT)
                                        continue;

                                ret = log_warning_errno(errno, "Failed to remove POSIX shared memory directory %s: %m", de->d_name);
                        }
                } else {

                        if (unlinkat(dirfd(dir), de->d_name, 0) < 0) {

                                if (errno == ENOENT)
                                        continue;

                                ret = log_warning_errno(errno, "Failed to remove POSIX shared memory segment %s: %m", de->d_name);
                        }
                }
        }

        return ret;

fail:
        return log_warning_errno(errno, "Failed to read /dev/shm: %m");
}

static int clean_posix_shm(uid_t uid) {
        _cleanup_closedir_ DIR *dir = NULL;

        dir = opendir("/dev/shm");
        if (!dir) {
                if (errno == ENOENT)
                        return 0;

                return log_warning_errno(errno, "Failed to open /dev/shm: %m");
        }

        return clean_posix_shm_internal(dir, uid);
}

static int clean_posix_mq(uid_t uid) {
        _cleanup_closedir_ DIR *dir = NULL;
        struct dirent *de;
        int ret = 0;

        dir = opendir("/dev/mqueue");
        if (!dir) {
                if (errno == ENOENT)
                        return 0;

                return log_warning_errno(errno, "Failed to open /dev/mqueue: %m");
        }

        FOREACH_DIRENT_ALL(de, dir, goto fail) {
                struct stat st;
                char fn[1+strlen(de->d_name)+1];

                if (STR_IN_SET(de->d_name, "..", "."))
                        continue;

                if (fstatat(dirfd(dir), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
                        if (errno == ENOENT)
                                continue;

                        ret = log_warning_errno(errno,
                                                "Failed to stat() MQ segment %s: %m",
                                                de->d_name);
                        continue;
                }

                if (st.st_uid != uid)
                        continue;

                fn[0] = '/';
                strcpy(fn+1, de->d_name);

                if (mq_unlink(fn) < 0) {
                        if (errno == ENOENT)
                                continue;

                        ret = log_warning_errno(errno,
                                                "Failed to unlink POSIX message queue %s: %m",
                                                fn);
                }
        }

        return ret;

fail:
        return log_warning_errno(errno, "Failed to read /dev/mqueue: %m");
}

int clean_ipc(uid_t uid) {
        int ret = 0, r;

        /* Refuse to clean IPC of the root and system users */
        if (uid <= SYSTEM_UID_MAX)
                return 0;

        r = clean_sysvipc_shm(uid);
        if (r < 0)
                ret = r;

        r = clean_sysvipc_sem(uid);
        if (r < 0)
                ret = r;

        r = clean_sysvipc_msg(uid);
        if (r < 0)
                ret = r;

        r = clean_posix_shm(uid);
        if (r < 0)
                ret = r;

        r = clean_posix_mq(uid);
        if (r < 0)
                ret = r;

        return ret;
}
Commit	Line	Data
66cdd0f2 LP	1	/***
	2	This file is part of systemd.
	3
	4	Copyright 2014 Lennart Poettering
	5
	6	systemd is free software; you can redistribute it and/or modify it
	7	under the terms of the GNU Lesser General Public License as published by
	8	the Free Software Foundation; either version 2.1 of the License, or
	9	(at your option) any later version.
	10
	11	systemd is distributed in the hope that it will be useful, but
	12	WITHOUT ANY WARRANTY; without even the implied warranty of
	13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	14	Lesser General Public License for more details.
	15
	16	You should have received a copy of the GNU Lesser General Public License
	17	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	18	***/
	19
07630cea	20	#include <dirent.h>
a8fbdf54	21	#include <errno.h>
07630cea	22	#include <fcntl.h>
a8fbdf54	23	#include <limits.h>
07630cea	24	#include <mqueue.h>
a8fbdf54 TA	25	#include <stdbool.h>
	26	#include <stdio.h>
	27	#include <string.h>
66cdd0f2	28	#include <sys/ipc.h>
66cdd0f2	29	#include <sys/msg.h>
07630cea LP	30	#include <sys/sem.h>
07630cea LP	31	#include <sys/shm.h>
66cdd0f2	32	#include <sys/stat.h>
a8fbdf54	33	#include <unistd.h>
66cdd0f2	34
3ffd4af2	35	#include "clean-ipc.h"
cf0fbc49	36	#include "dirent-util.h"
3ffd4af2	37	#include "fd-util.h"
0d39fa9c	38	#include "fileio.h"
6482f626	39	#include "formats-util.h"
a8fbdf54 TA	40	#include "log.h"
a8fbdf54 TA	41	#include "macro.h"
07630cea	42	#include "string-util.h"
66cdd0f2	43	#include "strv.h"
66cdd0f2 LP	44
	45	static int clean_sysvipc_shm(uid_t delete_uid) {
	46	_cleanup_fclose_ FILE *f = NULL;
	47	char line[LINE_MAX];
	48	bool first = true;
	49	int ret = 0;
	50
	51	f = fopen("/proc/sysvipc/shm", "re");
	52	if (!f) {
	53	if (errno == ENOENT)
	54	return 0;
	55
e1427b13	56	return log_warning_errno(errno, "Failed to open /proc/sysvipc/shm: %m");
66cdd0f2 LP	57	}
	58
	59	FOREACH_LINE(line, f, goto fail) {
	60	unsigned n_attached;
	61	pid_t cpid, lpid;
	62	uid_t uid, cuid;
	63	gid_t gid, cgid;
	64	int shmid;
	65
	66	if (first) {
	67	first = false;
	68	continue;
	69	}
	70
	71	truncate_nl(line);
	72
	73	if (sscanf(line, "%i %i %o %*u " PID_FMT " " PID_FMT " %u " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT,
	74	&shmid, &cpid, &lpid, &n_attached, &uid, &gid, &cuid, &cgid) != 8)
	75	continue;
	76
	77	if (n_attached > 0)
	78	continue;
	79
	80	if (uid != delete_uid)
	81	continue;
	82
	83	if (shmctl(shmid, IPC_RMID, NULL) < 0) {
	84
	85	/* Ignore entries that are already deleted */
	86	if (errno == EIDRM \|\| errno == EINVAL)
	87	continue;
	88
94c156cd LP	89	ret = log_warning_errno(errno,
	90	"Failed to remove SysV shared memory segment %i: %m",
	91	shmid);
66cdd0f2 LP	92	}
	93	}
	94
	95	return ret;
	96
	97	fail:
e1427b13	98	return log_warning_errno(errno, "Failed to read /proc/sysvipc/shm: %m");
66cdd0f2 LP	99	}
	100
	101	static int clean_sysvipc_sem(uid_t delete_uid) {
	102	_cleanup_fclose_ FILE *f = NULL;
	103	char line[LINE_MAX];
	104	bool first = true;
	105	int ret = 0;
	106
	107	f = fopen("/proc/sysvipc/sem", "re");
	108	if (!f) {
	109	if (errno == ENOENT)
	110	return 0;
	111
e1427b13	112	return log_warning_errno(errno, "Failed to open /proc/sysvipc/sem: %m");
66cdd0f2 LP	113	}
	114
	115	FOREACH_LINE(line, f, goto fail) {
	116	uid_t uid, cuid;
	117	gid_t gid, cgid;
	118	int semid;
	119
	120	if (first) {
	121	first = false;
	122	continue;
	123	}
	124
	125	truncate_nl(line);
	126
	127	if (sscanf(line, "%i %i %o %*u " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT,
	128	&semid, &uid, &gid, &cuid, &cgid) != 5)
	129	continue;
	130
	131	if (uid != delete_uid)
	132	continue;
	133
	134	if (semctl(semid, 0, IPC_RMID) < 0) {
	135
	136	/* Ignore entries that are already deleted */
	137	if (errno == EIDRM \|\| errno == EINVAL)
	138	continue;
	139
94c156cd LP	140	ret = log_warning_errno(errno,
	141	"Failed to remove SysV semaphores object %i: %m",
	142	semid);
66cdd0f2 LP	143	}
	144	}
	145
	146	return ret;
	147
	148	fail:
e1427b13	149	return log_warning_errno(errno, "Failed to read /proc/sysvipc/sem: %m");
66cdd0f2 LP	150	}
	151
	152	static int clean_sysvipc_msg(uid_t delete_uid) {
	153	_cleanup_fclose_ FILE *f = NULL;
	154	char line[LINE_MAX];
	155	bool first = true;
	156	int ret = 0;
	157
	158	f = fopen("/proc/sysvipc/msg", "re");
	159	if (!f) {
	160	if (errno == ENOENT)
	161	return 0;
	162
e1427b13	163	return log_warning_errno(errno, "Failed to open /proc/sysvipc/msg: %m");
66cdd0f2 LP	164	}
	165
	166	FOREACH_LINE(line, f, goto fail) {
	167	uid_t uid, cuid;
	168	gid_t gid, cgid;
	169	pid_t cpid, lpid;
	170	int msgid;
	171
	172	if (first) {
	173	first = false;
	174	continue;
	175	}
	176
	177	truncate_nl(line);
	178
	179	if (sscanf(line, "%i %i %o %u %u " PID_FMT " " PID_FMT " " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT,
	180	&msgid, &cpid, &lpid, &uid, &gid, &cuid, &cgid) != 7)
	181	continue;
	182
	183	if (uid != delete_uid)
	184	continue;
	185
	186	if (msgctl(msgid, IPC_RMID, NULL) < 0) {
	187
	188	/* Ignore entries that are already deleted */
	189	if (errno == EIDRM \|\| errno == EINVAL)
	190	continue;
	191
94c156cd LP	192	ret = log_warning_errno(errno,
	193	"Failed to remove SysV message queue %i: %m",
	194	msgid);
66cdd0f2 LP	195	}
	196	}
	197
	198	return ret;
	199
	200	fail:
e1427b13	201	return log_warning_errno(errno, "Failed to read /proc/sysvipc/msg: %m");
66cdd0f2 LP	202	}
	203
	204	static int clean_posix_shm_internal(DIR *dir, uid_t uid) {
	205	struct dirent *de;
	206	int ret = 0, r;
	207
	208	assert(dir);
	209
91f2048c	210	FOREACH_DIRENT_ALL(de, dir, goto fail) {
66cdd0f2 LP	211	struct stat st;
	212
	213	if (STR_IN_SET(de->d_name, "..", "."))
	214	continue;
	215
	216	if (fstatat(dirfd(dir), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
	217	if (errno == ENOENT)
	218	continue;
	219
3db99289	220	ret = log_warning_errno(errno, "Failed to stat() POSIX shared memory segment %s: %m", de->d_name);
66cdd0f2 LP	221	continue;
	222	}
	223
	224	if (st.st_uid != uid)
	225	continue;
	226
	227	if (S_ISDIR(st.st_mode)) {
	228	_cleanup_closedir_ DIR *kid;
	229
	230	kid = xopendirat(dirfd(dir), de->d_name, O_NOFOLLOW\|O_NOATIME);
	231	if (!kid) {
3db99289 LP	232	if (errno != ENOENT)
3db99289 LP	233	ret = log_warning_errno(errno, "Failed to enter shared memory directory %s: %m", de->d_name);
66cdd0f2 LP	234	} else {
	235	r = clean_posix_shm_internal(kid, uid);
	236	if (r < 0)
	237	ret = r;
	238	}
	239
	240	if (unlinkat(dirfd(dir), de->d_name, AT_REMOVEDIR) < 0) {
	241
	242	if (errno == ENOENT)
	243	continue;
	244
3db99289	245	ret = log_warning_errno(errno, "Failed to remove POSIX shared memory directory %s: %m", de->d_name);
66cdd0f2 LP	246	}
	247	} else {
	248
	249	if (unlinkat(dirfd(dir), de->d_name, 0) < 0) {
	250
	251	if (errno == ENOENT)
	252	continue;
	253
3db99289	254	ret = log_warning_errno(errno, "Failed to remove POSIX shared memory segment %s: %m", de->d_name);
66cdd0f2 LP	255	}
	256	}
	257	}
	258
	259	return ret;
	260
	261	fail:
3db99289	262	return log_warning_errno(errno, "Failed to read /dev/shm: %m");
66cdd0f2 LP	263	}
	264
	265	static int clean_posix_shm(uid_t uid) {
	266	_cleanup_closedir_ DIR *dir = NULL;
	267
	268	dir = opendir("/dev/shm");
	269	if (!dir) {
	270	if (errno == ENOENT)
	271	return 0;
	272
e1427b13	273	return log_warning_errno(errno, "Failed to open /dev/shm: %m");
66cdd0f2 LP	274	}
	275
	276	return clean_posix_shm_internal(dir, uid);
	277	}
	278
	279	static int clean_posix_mq(uid_t uid) {
	280	_cleanup_closedir_ DIR *dir = NULL;
	281	struct dirent *de;
	282	int ret = 0;
	283
	284	dir = opendir("/dev/mqueue");
	285	if (!dir) {
	286	if (errno == ENOENT)
	287	return 0;
	288
e1427b13	289	return log_warning_errno(errno, "Failed to open /dev/mqueue: %m");
66cdd0f2 LP	290	}
66cdd0f2 LP	291
91f2048c	292	FOREACH_DIRENT_ALL(de, dir, goto fail) {
66cdd0f2 LP	293	struct stat st;
	294	char fn[1+strlen(de->d_name)+1];
	295
	296	if (STR_IN_SET(de->d_name, "..", "."))
	297	continue;
	298
	299	if (fstatat(dirfd(dir), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
	300	if (errno == ENOENT)
	301	continue;
	302
94c156cd LP	303	ret = log_warning_errno(errno,
	304	"Failed to stat() MQ segment %s: %m",
	305	de->d_name);
66cdd0f2 LP	306	continue;
	307	}
	308
	309	if (st.st_uid != uid)
	310	continue;
	311
	312	fn[0] = '/';
	313	strcpy(fn+1, de->d_name);
	314
	315	if (mq_unlink(fn) < 0) {
	316	if (errno == ENOENT)
	317	continue;
	318
94c156cd LP	319	ret = log_warning_errno(errno,
	320	"Failed to unlink POSIX message queue %s: %m",
	321	fn);
66cdd0f2 LP	322	}
	323	}
	324
	325	return ret;
	326
	327	fail:
e1427b13	328	return log_warning_errno(errno, "Failed to read /dev/mqueue: %m");
66cdd0f2 LP	329	}
	330
	331	int clean_ipc(uid_t uid) {
	332	int ret = 0, r;
	333
f7dc3ab9 LP	334	/* Refuse to clean IPC of the root and system users */
f7dc3ab9 LP	335	if (uid <= SYSTEM_UID_MAX)
66cdd0f2 LP	336	return 0;
	337
	338	r = clean_sysvipc_shm(uid);
	339	if (r < 0)
	340	ret = r;
	341
	342	r = clean_sysvipc_sem(uid);
	343	if (r < 0)
	344	ret = r;
	345
	346	r = clean_sysvipc_msg(uid);
	347	if (r < 0)
	348	ret = r;
	349
	350	r = clean_posix_shm(uid);
	351	if (r < 0)
	352	ret = r;
	353
	354	r = clean_posix_mq(uid);
	355	if (r < 0)
	356	ret = r;
	357
	358	return ret;
	359	}