/****************************************************************************

**

** All rights reserved.

** Contact: Nokia Corporation (qt-info@nokia.com)

**

** This file is part of the QtGui module of the Qt Toolkit.

**

** $QT_BEGIN_LICENSE:LGPL$

** No Commercial Usage

** This file contains pre-release code and may not be distributed.

** You may use this file in accordance with the terms and conditions

** contained in the Technology Preview License Agreement accompanying

** this package.

**

** GNU Lesser General Public License Usage

** Alternatively, this file may be used under the terms of the GNU Lesser

** General Public License version 2.1 as published by the Free Software

** Foundation and appearing in the file LICENSE.LGPL included in the

** packaging of this file.  Please review the following information to

** ensure the GNU Lesser General Public License version 2.1 requirements

** will be met: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.

**

** In addition, as a special exception, Nokia gives you certain additional

** rights.  These rights are described in the Nokia Qt LGPL Exception

** version 1.1, included in the file LGPL_EXCEPTION.txt in this package.

**

** If you have questions regarding the use of this file, please contact

** Nokia at qt-info@nokia.com.

**

**

**

**

**

**

**

**

** $QT_END_LICENSE$

**

****************************************************************************/

#include "qunixsocket_p.h"

// #define QUNIXSOCKET_DEBUG 1

#include <QtCore/qsocketnotifier.h>

#include <QtCore/qqueue.h>

#include <QtCore/qdatetime.h>

#include "private/qcore_unix_p.h" // overrides QT_OPEN

#ifdef QUNIXSOCKET_DEBUG

#include <QtCore/qdebug.h>

#endif

extern "C" {

#include <unistd.h>

#include <string.h>

#include <errno.h>

#include <sys/socket.h>

#include <sys/un.h>

};

#define UNIX_PATH_MAX 108 // From unix(7)

#ifdef QT_LINUXBASE

// LSB doesn't declare ucred

struct ucred

{

    pid_t pid;                    /* PID of sending process.  */

    uid_t uid;                    /* UID of sending process.  */

    gid_t gid;                    /* GID of sending process.  */

};

// LSB doesn't define the ones below

#ifndef SO_PASSCRED

#  define SO_PASSCRED   16

#endif

#ifndef SCM_CREDENTIALS

#  define SCM_CREDENTIALS 0x02

#endif

#ifndef MSG_DONTWAIT

#  define MSG_DONTWAIT 0x40

#endif

#ifndef MSG_NOSIGNAL

#  define MSG_NOSIGNAL 0x4000

#endif

#endif // QT_LINUXBASE

QT_BEGIN_NAMESPACE

///////////////////////////////////////////////////////////////////////////////

// class QUnixSocketRights

///////////////////////////////////////////////////////////////////////////////

/*!

  \class QUnixSocketRights

  \internal

  \brief The QUnixSocketRights class encapsulates QUnixSocket rights data.

  \omit

  \ingroup Platform::DeviceSpecific

  \ingroup Platform::OS

  \ingroup Platform::Communications

  \endomit

  \ingroup qws

  \l QUnixSocket allows you to transfer Unix file descriptors between processes.

  A file descriptor is referred to as "rights data" as it allows one process to

  transfer its right to access a resource to another.

  The Unix system verifies resource permissions only when the resource is first

  opened.  For example, consider a file on disk readable only by the user "qt".

  A process running as user "qt" will be able to open this file for reading.

  If, while the process was still reading from the file, the ownership was

  changed from user "qt" to user "root", the process would be allowed to

  continue reading from the file, even though attempting to reopen the file

  would be denied.  Permissions are associated with special descriptors called

  file descriptors which are returned to a process after it initially opens a

  resource.

  File descriptors can be duplicated within a process through the dup(2) system

  call.  File descriptors can be passed between processes using the

  \l QUnixSocket class in the same way.  Even though the receiving process never

  opened the resource directly, it has the same permissions to access it as the

  process that did.

  \sa QUnixSocket

 */

struct QUnixSocketRightsPrivate : public QSharedData

{

    virtual ~QUnixSocketRightsPrivate() {

#ifdef QUNIXSOCKET_DEBUG

        int closerv =

#endif

            QT_CLOSE(fd);

#ifdef QUNIXSOCKET_DEBUG

        if(0 != closerv) {

            qDebug() << "QUnixSocketRightsPrivate: Unable to close managed"

                        " file descriptor (" << ::strerror(errno) << ')';

        }

#endif

    }

    int fd;

};

/*!

  Create a new QUnixSocketRights instance containing the file descriptor \a fd.

  \a fd will be dup(2)'d internally, so the application is free to close \a fd

  following this call.

  If the dup(2) fails, or you pass an invalid \a fd, an

  \l {QUnixSocketRights::isValid()}{invalid } object will be

  constructed.

  QUnixSocketRights instances are immutable and the internal file descriptor

  will be shared between any copies made of this object.  The system will

  close(2) the file descriptor once it is no longer needed.

  */

QUnixSocketRights::QUnixSocketRights(int fd)

{

    d = new QUnixSocketRightsPrivate();

    if(-1 == fd) {

        d->fd = -1;

    } else {

        d->fd = qt_safe_dup(fd);

#ifdef QUNIXSOCKET_DEBUG

        if(-1 == d->fd) {

            qDebug() << "QUnixSocketRights: Unable to duplicate fd "

                     << fd << " (" << ::strerror(errno) << ')';

        }

#endif

    }

}

/*!

  \internal

  Construct a QUnixSocketRights instance on \a fd without dup(2)'ing the file

  descriptor.

  */

QUnixSocketRights::QUnixSocketRights(int fd,int)

{

    Q_ASSERT(-1 != fd);

    d = new QUnixSocketRightsPrivate();

    d->fd = fd;

}

/*!

  Destroys the QUnixSocketRights instance.

  */

QUnixSocketRights::~QUnixSocketRights()

{

}

/*!

  Create a copy of \a other.

  */

QUnixSocketRights &

QUnixSocketRights::operator=(const QUnixSocketRights & other)

{

    d = other.d;

    return *this;

}

/*!

  Create a copy of \a other.

  */

QUnixSocketRights::QUnixSocketRights(const QUnixSocketRights & other)

: d(other.d)

{

}

/*!

  Returns true if this QUnixSocketRights instance is managing a valid file

  descriptor.  This method is equivalent to (-1 != peekFd()).

  \sa QUnixSocketRights::peekFd()

  */

bool QUnixSocketRights::isValid() const

{

    return d->fd != -1;

}

/*!

  Return a duplicate of the file descriptor contained in this object.  If this

  is an \l {QUnixSocketRights::isValid()}{invalid } object, or the

  dup(2) call fails, an invalid file descriptor (-1) will be returned.

  \sa QUnixSocketRights::peekFd()

  */

int QUnixSocketRights::dupFd() const

{

    if(-1 == d->fd) return -1;

    int rv = qt_safe_dup(d->fd);

#ifdef QUNIXSOCKET_DEBUG

    if(-1 == rv)

        qDebug() << "QUnixSocketRights: Unable to duplicate managed file "

                    "descriptor (" << ::strerror(errno) << ')';

#endif

    return rv;

}

/*!

  Returns the file descriptor contained in this object.  If this

  is an \l {QUnixSocketRights::isValid()}{invalid } object an invalid

  file descriptor (-1) will be returned.

  The lifetime of this file descriptor is tied to the lifetime of the

  QUnixSocketRights instance.  The file descriptor returned by this method

  \e may be close(2)'d when the QUnixSocketRights instance is destroyed.  If

  you want to continue to use the file descriptor use

  \l QUnixSocketRights::dupFd() instead.

  \sa QUnixSocketRights::dupFd()

  */

int QUnixSocketRights::peekFd() const

{

    return d->fd;

}

///////////////////////////////////////////////////////////////////////////////

// class QUnixSocketMessage

///////////////////////////////////////////////////////////////////////////////

struct QUnixSocketMessagePrivate : public QSharedData

{

    QUnixSocketMessagePrivate()

    : state(Default), vec(0), iovecLen(0), dataSize(0) {}

    QUnixSocketMessagePrivate(const QByteArray & b)

    : bytes(b), state(Default), vec(0), iovecLen(0), dataSize(0) {}

    QUnixSocketMessagePrivate(const QByteArray & b,

                              const QList<QUnixSocketRights> & r)

    : bytes(b), rights(r), state(Default), vec(0), iovecLen(0), dataSize(0) {}

    int size() const { return vec ? dataSize : bytes.size(); }

    void removeBytes( unsigned int );

    QByteArray bytes;

    QList<QUnixSocketRights> rights;

    enum AncillaryDataState {

        Default = 0x00,

        Truncated = 0x01,

        Credential = 0x02

    };

    AncillaryDataState state;

    pid_t pid;

    gid_t gid;

    uid_t uid;

    ::iovec *vec;

    int iovecLen;  // number of vectors in array

    int dataSize;  // total size of vectors = payload

};

/*!

  \internal

  Remove \a bytesToDequeue bytes from the front of this message

*/

void QUnixSocketMessagePrivate::removeBytes( unsigned int bytesToDequeue )

{

    if ( vec )

    {

        ::iovec *vecPtr = vec;

        if ( bytesToDequeue > (unsigned int)dataSize ) bytesToDequeue = dataSize;

        while ( bytesToDequeue > 0 && iovecLen > 0 )

        {

            if ( vecPtr->iov_len > bytesToDequeue )

            {

                // dequeue the bytes by taking them off the front of the

                // current vector.  since we don't own the iovec, its okay

                // to "leak" this away by pointing past it

                char **base = reinterpret_cast<char**>(&(vecPtr->iov_base));

                *base += bytesToDequeue;

                vecPtr->iov_len -= bytesToDequeue;

                bytesToDequeue = 0;

            }

            else

            {

                // dequeue bytes by skipping a whole vector.  again, its ok

                // to lose the pointers to this data

                bytesToDequeue -= vecPtr->iov_len;

                iovecLen--;

                vecPtr++;

            }

        }

        dataSize -= bytesToDequeue;

        if ( iovecLen == 0 ) vec = 0;

    }

    else

    {

        bytes.remove(0, bytesToDequeue );

    }

}

/*!

  \class QUnixSocketMessage

  \internal

  \brief The QUnixSocketMessage class encapsulates a message sent or received

  through the QUnixSocket class.

  \omit

  \ingroup Platform::DeviceSpecific

  \ingroup Platform::OS

  \ingroup Platform::Communications

  \endomit

  \ingroup qws

  In addition to transmitting regular byte stream data, messages sent over Unix

  domain sockets may have special ancillary properties.  QUnixSocketMessage

  instances allow programmers to retrieve and control these properties.

  Every QUnixSocketMessage sent has an associated set of credentials.  A

  message's credentials consist of the process id, the user id and the group id

  of the sending process.  Normally these credentials are set automatically for

  you by the QUnixSocketMessage class and can be queried by the receiving

  process using the \l QUnixSocketMessage::processId(),

  \l QUnixSocketMessage::userId() and \l QUnixSocketMessage::groupId() methods

  respectively.

  Advanced applications may wish to change the credentials that their message

  is sent with, and may do so though the \l QUnixSocketMessage::setProcessId(),

  \l QUnixSocketMessage::setUserId() and \l QUnixSocketMessage::setGroupId()

  methods.  The validity of these credentials is verified by the system kernel.

  Only the root user can send messages with credentials that are not his own.

  Sending of the message will fail for any non-root user who attempts to

  fabricate credentials.  Note that this failure is enforced by the system

  kernel - receivers can trust the accuracy of credential data!

  Unix domain socket messages may also be used to transmit Unix file descriptors

  between processes.  In this context, file descriptors are known as rights data

  and are encapsulated by the \l QUnixSocketRights class.  Senders can set the

  file descriptors to transmit using the \l QUnixSocketMessage::setRights() and

  receivers can retrieve this data through a call to

  \l QUnixSocketMessage::rights().  \l QUnixSocket and \l QUnixSocketRights

  discuss the specific copy and ordering semantic associated with rights data.

  QUnixSocketMessage messages are sent by the \l QUnixSocket::write() method.

  Like any normal network message, attempting to transmit an empty

  QUnixSocketMessage will succeed, but result in a no-op.  Limitations in the

  Unix domain protocol semantic will cause a transmission of a

  QUnixSocketMessage with rights data, but no byte data portion, to fail.

  \sa QUnixSocket QUnixSocketRights

  */

/*!

  Construct an empty QUnixSocketMessage.  This instance will have not data and

  no rights information.  The message's credentials will be set to the

  application's default credentials.

  */

QUnixSocketMessage::QUnixSocketMessage()

: d(new QUnixSocketMessagePrivate())

{

}

/*!

  Construct a QUnixSocketMessage with an initial data payload of \a bytes.  The

  message's credentials will be set to the application's default credentials.

  */

QUnixSocketMessage::QUnixSocketMessage(const QByteArray & bytes)

: d(new QUnixSocketMessagePrivate(bytes))

{

}

/*!

  Construct a QUnixSocketMessage with an initial data payload of \a bytes and

  an initial rights payload of \a rights.  The message's credentials will be set

  to the application's default credentials.

  A message with rights data but an empty data payload cannot be transmitted

  by the system.

  */

QUnixSocketMessage::QUnixSocketMessage(const QByteArray & bytes,

                                       const QList<QUnixSocketRights> & rights)

: d(new QUnixSocketMessagePrivate(bytes, rights))

{

}

/*!

  Create a copy of \a other.

  */

QUnixSocketMessage::QUnixSocketMessage(const QUnixSocketMessage & other)

: d(other.d)

{

}

/*!

  \fn  QUnixSocketMessage::QUnixSocketMessage(const iovec* data, int vecLen)

  Construct a QUnixSocketMessage with an initial data payload of \a

  data which points to an array of \a vecLen iovec structures.  The

  message's credentials will be set to the application's default

  credentials.

  This method can be used to avoid the overhead of copying buffers of data

  and will directly send the data pointed to by \a data on the socket.  It also

  avoids the syscall overhead of making a number of small socket write calls,

  if a number of data items can be delivered with one write.

  Caller must ensure the iovec * \a data remains valid until the message

  is flushed.  Caller retains ownership of the iovec structs.

  */

QUnixSocketMessage::QUnixSocketMessage(const ::iovec* data, int vecLen )

: d(new QUnixSocketMessagePrivate())

{

    for ( int v = 0; v < vecLen; v++ )

        d->dataSize += data[v].iov_len;

    d->vec = const_cast<iovec*>(data);

    d->iovecLen = vecLen;

}

/*!

  Assign the contents of \a other to this object.

  */

QUnixSocketMessage & QUnixSocketMessage::operator=(const QUnixSocketMessage & other)

{

    d = other.d;

    return *this;

}

/*!

  Destroy this instance.

  */

QUnixSocketMessage::~QUnixSocketMessage()

{

}

/*!

  Set the data portion of the message to \a bytes.

  \sa QUnixSocketMessage::bytes()

  */

void QUnixSocketMessage::setBytes(const QByteArray & bytes)

{

    d.detach();

    d->bytes = bytes;

}

/*!

  Set the rights portion of the message to \a rights.

  A message with rights data but an empty byte data payload cannot be

  transmitted by the system.

  \sa QUnixSocketMessage::rights()

  */

void QUnixSocketMessage::setRights(const QList<QUnixSocketRights> & rights)

{

    d.detach();

    d->rights = rights;

}

/*!

  Return the rights portion of the message.

  \sa QUnixSocketMessage::setRights()

  */

const QList<QUnixSocketRights> & QUnixSocketMessage::rights() const

{

    return d->rights;

}

/*!

  Returns true if the rights portion of the message was truncated on reception

  due to insufficient buffer size.  The rights buffer size can be adjusted

  through calls to the \l QUnixSocket::setRightsBufferSize() method.

  \l QUnixSocket contains a discussion of the buffering and truncation

  characteristics of the Unix domain protocol.

  \sa QUnixSocket QUnixSocket::setRightsBufferSize()

  */

bool QUnixSocketMessage::rightsWereTruncated() const

{

    return d->state & QUnixSocketMessagePrivate::Truncated;

}

/*!

  Return the data portion of the message.

  \sa QUnixSocketMessage::setBytes()

  */

const QByteArray & QUnixSocketMessage::bytes() const