[mirror_lxc.git] / src / lxc / af_unix.c

/*
 * lxc: linux Container library
 *
 * (C) Copyright IBM Corp. 2007, 2008
 *
 * Authors:
 * Daniel Lezcano <daniel.lezcano at free.fr>
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 */
#include "config.h"

#include <stddef.h>
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
#include <sys/socket.h>
#include <sys/un.h>

#include "log.h"

lxc_log_define(lxc_af_unix, lxc);

int lxc_abstract_unix_open(const char *path, int type, int flags)
{
	int fd;
	size_t len;
	struct sockaddr_un addr;

	if (flags & O_TRUNC)
		unlink(path);

	fd = socket(PF_UNIX, type, 0);
	if (fd < 0)
		return -1;

	/* Clear address structure */
	memset(&addr, 0, sizeof(addr));

	if (!path)
		return fd;

	addr.sun_family = AF_UNIX;

	len = strlen(&path[1]);
	/* do not enforce \0-termination */
	if (len >= sizeof(addr.sun_path)) {
		close(fd);
		errno = ENAMETOOLONG;
		return -1;
	}
	/* addr.sun_path[0] has already been set to 0 by memset() */
	strncpy(&addr.sun_path[1], &path[1], strlen(&path[1]));

	if (bind(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len + 1)) {
		int tmp = errno;
		close(fd);
		errno = tmp;
		return -1;
	}

	if (type == SOCK_STREAM && listen(fd, 100)) {
		int tmp = errno;
		close(fd);
		errno = tmp;
		return -1;
	}

	return fd;
}

int lxc_abstract_unix_close(int fd)
{
	struct sockaddr_un addr;
	socklen_t addrlen = sizeof(addr);

	if (!getsockname(fd, (struct sockaddr *)&addr, &addrlen) &&
			addr.sun_path[0])
		unlink(addr.sun_path);

	close(fd);

	return 0;
}

int lxc_abstract_unix_connect(const char *path)
{
	int fd;
	size_t len;
	struct sockaddr_un addr;

	fd = socket(PF_UNIX, SOCK_STREAM, 0);
	if (fd < 0)
		return -1;

	memset(&addr, 0, sizeof(addr));

	addr.sun_family = AF_UNIX;

	len = strlen(&path[1]);
	/* do not enforce \0-termination */
	if (len >= sizeof(addr.sun_path)) {
		close(fd);
		errno = ENAMETOOLONG;
		return -1;
	}
	/* addr.sun_path[0] has already been set to 0 by memset() */
	strncpy(&addr.sun_path[1], &path[1], strlen(&path[1]));

	if (connect(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len + 1)) {
		int tmp = errno;
		/* special case to connect to older containers */
		if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) == 0)
			return fd;
		close(fd);
		errno = tmp;
		return -1;
	}

	return fd;
}

int lxc_abstract_unix_send_fd(int fd, int sendfd, void *data, size_t size)
{
	struct msghdr msg = { 0 };
	struct iovec iov;
	struct cmsghdr *cmsg;
	char cmsgbuf[CMSG_SPACE(sizeof(int))] = {0};
	char buf[1] = {0};
	int *val;

	msg.msg_control = cmsgbuf;
	msg.msg_controllen = sizeof(cmsgbuf);

	cmsg = CMSG_FIRSTHDR(&msg);
	cmsg->cmsg_len = CMSG_LEN(sizeof(int));
	cmsg->cmsg_level = SOL_SOCKET;
	cmsg->cmsg_type = SCM_RIGHTS;
	val = (int *)(CMSG_DATA(cmsg));
	*val = sendfd;

	msg.msg_name = NULL;
	msg.msg_namelen = 0;

	iov.iov_base = data ? data : buf;
	iov.iov_len = data ? size : sizeof(buf);
	msg.msg_iov = &iov;
	msg.msg_iovlen = 1;

	return sendmsg(fd, &msg, MSG_NOSIGNAL);
}

int lxc_abstract_unix_recv_fd(int fd, int *recvfd, void *data, size_t size)
{
	struct msghdr msg = { 0 };
	struct iovec iov;
	struct cmsghdr *cmsg;
	int ret, *val;
	char cmsgbuf[CMSG_SPACE(sizeof(int))] = {0};
	char buf[1] = {0};

	msg.msg_name = NULL;
	msg.msg_namelen = 0;
	msg.msg_control = cmsgbuf;
	msg.msg_controllen = sizeof(cmsgbuf);

	iov.iov_base = data ? data : buf;
	iov.iov_len = data ? size : sizeof(buf);
	msg.msg_iov = &iov;
	msg.msg_iovlen = 1;

	ret = recvmsg(fd, &msg, 0);
	if (ret <= 0)
		goto out;

	cmsg = CMSG_FIRSTHDR(&msg);

	/* if the message is wrong the variable will not be
	 * filled and the peer will notified about a problem */
	*recvfd = -1;

	if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(int)) &&
			cmsg->cmsg_level == SOL_SOCKET &&
			cmsg->cmsg_type == SCM_RIGHTS) {
		val = (int *) CMSG_DATA(cmsg);
		*recvfd = *val;
	}
out:
	return ret;
}

int lxc_abstract_unix_send_credential(int fd, void *data, size_t size)
{
	struct msghdr msg = { 0 };
	struct iovec iov;
	struct cmsghdr *cmsg;
	struct ucred cred = {
		.pid = getpid(),
		.uid = getuid(),
		.gid = getgid(),
	};
	char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
	char buf[1] = {0};

	msg.msg_control = cmsgbuf;
	msg.msg_controllen = sizeof(cmsgbuf);

	cmsg = CMSG_FIRSTHDR(&msg);
	cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
	cmsg->cmsg_level = SOL_SOCKET;
	cmsg->cmsg_type = SCM_CREDENTIALS;
	memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));

	msg.msg_name = NULL;
	msg.msg_namelen = 0;

	iov.iov_base = data ? data : buf;
	iov.iov_len = data ? size : sizeof(buf);
	msg.msg_iov = &iov;
	msg.msg_iovlen = 1;

	return sendmsg(fd, &msg, MSG_NOSIGNAL);
}

int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size)
{
	struct msghdr msg = { 0 };
	struct iovec iov;
	struct cmsghdr *cmsg;
	struct ucred cred;
	int ret;
	char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
	char buf[1] = {0};

	msg.msg_name = NULL;
	msg.msg_namelen = 0;
	msg.msg_control = cmsgbuf;
	msg.msg_controllen = sizeof(cmsgbuf);

	iov.iov_base = data ? data : buf;
	iov.iov_len = data ? size : sizeof(buf);
	msg.msg_iov = &iov;
	msg.msg_iovlen = 1;

	ret = recvmsg(fd, &msg, 0);
	if (ret <= 0)
		goto out;

	cmsg = CMSG_FIRSTHDR(&msg);

	if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
			cmsg->cmsg_level == SOL_SOCKET &&
			cmsg->cmsg_type == SCM_CREDENTIALS) {
		memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));
		if (cred.uid && (cred.uid != getuid() || cred.gid != getgid())) {
			INFO("message denied for '%d/%d'", cred.uid, cred.gid);
			return -EACCES;
		}
	}
out:
	return ret;
}
Commit	Line	Data
b0a33c1e	1	/*
	2	* lxc: linux Container library
	3	*
	4	* (C) Copyright IBM Corp. 2007, 2008
	5	*
	6	* Authors:
9afe19d6	7	* Daniel Lezcano <daniel.lezcano at free.fr>
b0a33c1e	8	*
	9	* This library is free software; you can redistribute it and/or
	10	* modify it under the terms of the GNU Lesser General Public
	11	* License as published by the Free Software Foundation; either
	12	* version 2.1 of the License, or (at your option) any later version.
	13	*
	14	* This library is distributed in the hope that it will be useful,
	15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	17	* Lesser General Public License for more details.
	18	*
	19	* You should have received a copy of the GNU Lesser General Public
	20	* License along with this library; if not, write to the Free Software
250b1eec	21	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
b0a33c1e	22	*/
d06245b8 NC	23	#include "config.h"
d06245b8 NC	24
aae93dd3	25	#include <stddef.h>
b0a33c1e	26	#include <string.h>
	27	#include <unistd.h>
	28	#include <fcntl.h>
2dcb28a9	29	#include <errno.h>
b0a33c1e	30	#include <sys/socket.h>
b0a33c1e	31	#include <sys/un.h>
b0a33c1e	32
2dcb28a9 MN	33	#include "log.h"
	34
	35	lxc_log_define(lxc_af_unix, lxc);
b0a33c1e	36
aae93dd3	37	int lxc_abstract_unix_open(const char *path, int type, int flags)
b0a33c1e	38	{
b0a33c1e	39	int fd;
ddb17f1f	40	size_t len;
b0a33c1e	41	struct sockaddr_un addr;
	42
	43	if (flags & O_TRUNC)
	44	unlink(path);
	45
	46	fd = socket(PF_UNIX, type, 0);
	47	if (fd < 0)
	48	return -1;
	49
aae93dd3	50	/* Clear address structure */
b0a33c1e	51	memset(&addr, 0, sizeof(addr));
	52
	53	if (!path)
	54	return fd;
	55
	56	addr.sun_family = AF_UNIX;
aae93dd3	57
caf3beb0 CB	58	len = strlen(&path[1]);
	59	/* do not enforce \0-termination */
	60	if (len >= sizeof(addr.sun_path)) {
aae93dd3	61	close(fd);
aae93dd3 ÇO	62	errno = ENAMETOOLONG;
aae93dd3 ÇO	63	return -1;
ddb17f1f	64	}
aae93dd3 ÇO	65	/* addr.sun_path[0] has already been set to 0 by memset() */
aae93dd3 ÇO	66	strncpy(&addr.sun_path[1], &path[1], strlen(&path[1]));
b0a33c1e	67
caf3beb0	68	if (bind(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len + 1)) {
dba104c8	69	int tmp = errno;
b0a33c1e	70	close(fd);
dba104c8	71	errno = tmp;
b0a33c1e	72	return -1;
b0a33c1e	73	}
ddb17f1f	74
31c53c2e	75	if (type == SOCK_STREAM && listen(fd, 100)) {
dba104c8	76	int tmp = errno;
b0a33c1e	77	close(fd);
dba104c8	78	errno = tmp;
b0a33c1e	79	return -1;
	80	}
	81
	82	return fd;
	83	}
	84
aae93dd3	85	int lxc_abstract_unix_close(int fd)
b0a33c1e	86	{
b0a33c1e	87	struct sockaddr_un addr;
af41709c	88	socklen_t addrlen = sizeof(addr);
ddb17f1f	89
f79d43bb	90	if (!getsockname(fd, (struct sockaddr *)&addr, &addrlen) &&
604f0955	91	addr.sun_path[0])
b0a33c1e	92	unlink(addr.sun_path);
	93
	94	close(fd);
	95
	96	return 0;
	97	}
	98
aae93dd3	99	int lxc_abstract_unix_connect(const char *path)
b0a33c1e	100	{
b0a33c1e	101	int fd;
aae93dd3	102	size_t len;
b0a33c1e	103	struct sockaddr_un addr;
	104
	105	fd = socket(PF_UNIX, SOCK_STREAM, 0);
	106	if (fd < 0)
	107	return -1;
	108
	109	memset(&addr, 0, sizeof(addr));
	110
	111	addr.sun_family = AF_UNIX;
b0a33c1e	112
caf3beb0 CB	113	len = strlen(&path[1]);
	114	/* do not enforce \0-termination */
	115	if (len >= sizeof(addr.sun_path)) {
aae93dd3	116	close(fd);
aae93dd3 ÇO	117	errno = ENAMETOOLONG;
	118	return -1;
	119	}
	120	/* addr.sun_path[0] has already been set to 0 by memset() */
	121	strncpy(&addr.sun_path[1], &path[1], strlen(&path[1]));
	122
caf3beb0	123	if (connect(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len + 1)) {
dba104c8	124	int tmp = errno;
bdb3f441 SH	125	/* special case to connect to older containers */
	126	if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) == 0)
	127	return fd;
b0a33c1e	128	close(fd);
dba104c8	129	errno = tmp;
b0a33c1e	130	return -1;
	131	}
	132
	133	return fd;
	134	}
	135
aae93dd3	136	int lxc_abstract_unix_send_fd(int fd, int sendfd, void *data, size_t size)
b0a33c1e	137	{
604f0955 ÇO	138	struct msghdr msg = { 0 };
	139	struct iovec iov;
	140	struct cmsghdr *cmsg;
caf3beb0 CB	141	char cmsgbuf[CMSG_SPACE(sizeof(int))] = {0};
caf3beb0 CB	142	char buf[1] = {0};
0e391e57	143	int *val;
b0a33c1e	144
604f0955 ÇO	145	msg.msg_control = cmsgbuf;
604f0955 ÇO	146	msg.msg_controllen = sizeof(cmsgbuf);
b0a33c1e	147
604f0955 ÇO	148	cmsg = CMSG_FIRSTHDR(&msg);
	149	cmsg->cmsg_len = CMSG_LEN(sizeof(int));
	150	cmsg->cmsg_level = SOL_SOCKET;
	151	cmsg->cmsg_type = SCM_RIGHTS;
0e391e57 DL	152	val = (int *)(CMSG_DATA(cmsg));
0e391e57 DL	153	*val = sendfd;
b0a33c1e	154
604f0955 ÇO	155	msg.msg_name = NULL;
604f0955 ÇO	156	msg.msg_namelen = 0;
b0a33c1e	157
604f0955 ÇO	158	iov.iov_base = data ? data : buf;
	159	iov.iov_len = data ? size : sizeof(buf);
	160	msg.msg_iov = &iov;
	161	msg.msg_iovlen = 1;
b0a33c1e	162
6168ff15	163	return sendmsg(fd, &msg, MSG_NOSIGNAL);
b0a33c1e	164	}
b0a33c1e	165
aae93dd3	166	int lxc_abstract_unix_recv_fd(int fd, int recvfd, void data, size_t size)
b0a33c1e	167	{
604f0955 ÇO	168	struct msghdr msg = { 0 };
	169	struct iovec iov;
	170	struct cmsghdr *cmsg;
0e391e57	171	int ret, *val;
caf3beb0 CB	172	char cmsgbuf[CMSG_SPACE(sizeof(int))] = {0};
caf3beb0 CB	173	char buf[1] = {0};
b0a33c1e	174
604f0955 ÇO	175	msg.msg_name = NULL;
	176	msg.msg_namelen = 0;
	177	msg.msg_control = cmsgbuf;
	178	msg.msg_controllen = sizeof(cmsgbuf);
b0a33c1e	179
604f0955 ÇO	180	iov.iov_base = data ? data : buf;
	181	iov.iov_len = data ? size : sizeof(buf);
	182	msg.msg_iov = &iov;
	183	msg.msg_iovlen = 1;
b0a33c1e	184
	185	ret = recvmsg(fd, &msg, 0);
	186	if (ret <= 0)
	187	goto out;
	188
604f0955	189	cmsg = CMSG_FIRSTHDR(&msg);
b0a33c1e	190
f79d43bb	191	/* if the message is wrong the variable will not be
b0a33c1e	192	* filled and the peer will notified about a problem */
	193	*recvfd = -1;
	194
604f0955 ÇO	195	if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(int)) &&
	196	cmsg->cmsg_level == SOL_SOCKET &&
	197	cmsg->cmsg_type == SCM_RIGHTS) {
0e391e57	198	val = (int *) CMSG_DATA(cmsg);
604f0955 ÇO	199	recvfd = val;
604f0955 ÇO	200	}
b0a33c1e	201	out:
604f0955	202	return ret;
b0a33c1e	203	}
b0a33c1e	204
aae93dd3	205	int lxc_abstract_unix_send_credential(int fd, void *data, size_t size)
b0a33c1e	206	{
604f0955 ÇO	207	struct msghdr msg = { 0 };
	208	struct iovec iov;
	209	struct cmsghdr *cmsg;
b0a33c1e	210	struct ucred cred = {
	211	.pid = getpid(),
	212	.uid = getuid(),
	213	.gid = getgid(),
	214	};
caf3beb0 CB	215	char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
caf3beb0 CB	216	char buf[1] = {0};
b0a33c1e	217
604f0955 ÇO	218	msg.msg_control = cmsgbuf;
604f0955 ÇO	219	msg.msg_controllen = sizeof(cmsgbuf);
b0a33c1e	220
604f0955 ÇO	221	cmsg = CMSG_FIRSTHDR(&msg);
	222	cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
	223	cmsg->cmsg_level = SOL_SOCKET;
	224	cmsg->cmsg_type = SCM_CREDENTIALS;
0e391e57	225	memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));
b0a33c1e	226
604f0955 ÇO	227	msg.msg_name = NULL;
604f0955 ÇO	228	msg.msg_namelen = 0;
b0a33c1e	229
604f0955 ÇO	230	iov.iov_base = data ? data : buf;
	231	iov.iov_len = data ? size : sizeof(buf);
	232	msg.msg_iov = &iov;
	233	msg.msg_iovlen = 1;
b0a33c1e	234
6168ff15	235	return sendmsg(fd, &msg, MSG_NOSIGNAL);
b0a33c1e	236	}
b0a33c1e	237
aae93dd3	238	int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size)
b0a33c1e	239	{
604f0955 ÇO	240	struct msghdr msg = { 0 };
	241	struct iovec iov;
	242	struct cmsghdr *cmsg;
b0a33c1e	243	struct ucred cred;
b0a33c1e	244	int ret;
caf3beb0 CB	245	char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
caf3beb0 CB	246	char buf[1] = {0};
b0a33c1e	247
604f0955 ÇO	248	msg.msg_name = NULL;
	249	msg.msg_namelen = 0;
	250	msg.msg_control = cmsgbuf;
	251	msg.msg_controllen = sizeof(cmsgbuf);
b0a33c1e	252
604f0955 ÇO	253	iov.iov_base = data ? data : buf;
	254	iov.iov_len = data ? size : sizeof(buf);
	255	msg.msg_iov = &iov;
	256	msg.msg_iovlen = 1;
b0a33c1e	257
	258	ret = recvmsg(fd, &msg, 0);
	259	if (ret <= 0)
	260	goto out;
	261
604f0955	262	cmsg = CMSG_FIRSTHDR(&msg);
b0a33c1e	263
604f0955 ÇO	264	if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
	265	cmsg->cmsg_level == SOL_SOCKET &&
	266	cmsg->cmsg_type == SCM_CREDENTIALS) {
0e391e57	267	memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));
d8cc9804	268	if (cred.uid && (cred.uid != getuid() \|\| cred.gid != getgid())) {
2dcb28a9	269	INFO("message denied for '%d/%d'", cred.uid, cred.gid);
d8cc9804	270	return -EACCES;
2dcb28a9	271	}
604f0955	272	}
b0a33c1e	273	out:
604f0955	274	return ret;
b0a33c1e	275	}