]>
Commit | Line | Data |
---|---|---|
b0a33c1e | 1 | /* |
2 | * lxc: linux Container library | |
3 | * | |
4 | * (C) Copyright IBM Corp. 2007, 2008 | |
5 | * | |
6 | * Authors: | |
9afe19d6 | 7 | * Daniel Lezcano <daniel.lezcano at free.fr> |
b0a33c1e | 8 | * |
9 | * This library is free software; you can redistribute it and/or | |
10 | * modify it under the terms of the GNU Lesser General Public | |
11 | * License as published by the Free Software Foundation; either | |
12 | * version 2.1 of the License, or (at your option) any later version. | |
13 | * | |
14 | * This library is distributed in the hope that it will be useful, | |
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
17 | * Lesser General Public License for more details. | |
18 | * | |
19 | * You should have received a copy of the GNU Lesser General Public | |
20 | * License along with this library; if not, write to the Free Software | |
250b1eec | 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
b0a33c1e | 22 | */ |
d06245b8 NC |
23 | #include "config.h" |
24 | ||
aae93dd3 | 25 | #include <stddef.h> |
b0a33c1e | 26 | #include <string.h> |
27 | #include <unistd.h> | |
28 | #include <fcntl.h> | |
2dcb28a9 | 29 | #include <errno.h> |
b0a33c1e | 30 | #include <sys/socket.h> |
b0a33c1e | 31 | #include <sys/un.h> |
32 | ||
2dcb28a9 MN |
33 | #include "log.h" |
34 | ||
35 | lxc_log_define(lxc_af_unix, lxc); | |
b0a33c1e | 36 | |
aae93dd3 | 37 | int lxc_abstract_unix_open(const char *path, int type, int flags) |
b0a33c1e | 38 | { |
39 | int fd; | |
ddb17f1f | 40 | size_t len; |
b0a33c1e | 41 | struct sockaddr_un addr; |
42 | ||
43 | if (flags & O_TRUNC) | |
44 | unlink(path); | |
45 | ||
46 | fd = socket(PF_UNIX, type, 0); | |
47 | if (fd < 0) | |
48 | return -1; | |
49 | ||
aae93dd3 | 50 | /* Clear address structure */ |
b0a33c1e | 51 | memset(&addr, 0, sizeof(addr)); |
52 | ||
53 | if (!path) | |
54 | return fd; | |
55 | ||
56 | addr.sun_family = AF_UNIX; | |
aae93dd3 | 57 | |
caf3beb0 CB |
58 | len = strlen(&path[1]); |
59 | /* do not enforce \0-termination */ | |
60 | if (len >= sizeof(addr.sun_path)) { | |
aae93dd3 | 61 | close(fd); |
aae93dd3 ÇO |
62 | errno = ENAMETOOLONG; |
63 | return -1; | |
ddb17f1f | 64 | } |
aae93dd3 ÇO |
65 | /* addr.sun_path[0] has already been set to 0 by memset() */ |
66 | strncpy(&addr.sun_path[1], &path[1], strlen(&path[1])); | |
b0a33c1e | 67 | |
caf3beb0 | 68 | if (bind(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len + 1)) { |
dba104c8 | 69 | int tmp = errno; |
b0a33c1e | 70 | close(fd); |
dba104c8 | 71 | errno = tmp; |
b0a33c1e | 72 | return -1; |
73 | } | |
ddb17f1f | 74 | |
31c53c2e | 75 | if (type == SOCK_STREAM && listen(fd, 100)) { |
dba104c8 | 76 | int tmp = errno; |
b0a33c1e | 77 | close(fd); |
dba104c8 | 78 | errno = tmp; |
b0a33c1e | 79 | return -1; |
80 | } | |
81 | ||
82 | return fd; | |
83 | } | |
84 | ||
aae93dd3 | 85 | int lxc_abstract_unix_close(int fd) |
b0a33c1e | 86 | { |
87 | struct sockaddr_un addr; | |
af41709c | 88 | socklen_t addrlen = sizeof(addr); |
ddb17f1f | 89 | |
f79d43bb | 90 | if (!getsockname(fd, (struct sockaddr *)&addr, &addrlen) && |
604f0955 | 91 | addr.sun_path[0]) |
b0a33c1e | 92 | unlink(addr.sun_path); |
93 | ||
94 | close(fd); | |
95 | ||
96 | return 0; | |
97 | } | |
98 | ||
aae93dd3 | 99 | int lxc_abstract_unix_connect(const char *path) |
b0a33c1e | 100 | { |
101 | int fd; | |
aae93dd3 | 102 | size_t len; |
b0a33c1e | 103 | struct sockaddr_un addr; |
104 | ||
105 | fd = socket(PF_UNIX, SOCK_STREAM, 0); | |
106 | if (fd < 0) | |
107 | return -1; | |
108 | ||
109 | memset(&addr, 0, sizeof(addr)); | |
110 | ||
111 | addr.sun_family = AF_UNIX; | |
b0a33c1e | 112 | |
caf3beb0 CB |
113 | len = strlen(&path[1]); |
114 | /* do not enforce \0-termination */ | |
115 | if (len >= sizeof(addr.sun_path)) { | |
aae93dd3 | 116 | close(fd); |
aae93dd3 ÇO |
117 | errno = ENAMETOOLONG; |
118 | return -1; | |
119 | } | |
120 | /* addr.sun_path[0] has already been set to 0 by memset() */ | |
121 | strncpy(&addr.sun_path[1], &path[1], strlen(&path[1])); | |
122 | ||
caf3beb0 | 123 | if (connect(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len + 1)) { |
dba104c8 | 124 | int tmp = errno; |
bdb3f441 SH |
125 | /* special case to connect to older containers */ |
126 | if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) == 0) | |
127 | return fd; | |
b0a33c1e | 128 | close(fd); |
dba104c8 | 129 | errno = tmp; |
b0a33c1e | 130 | return -1; |
131 | } | |
132 | ||
133 | return fd; | |
134 | } | |
135 | ||
aae93dd3 | 136 | int lxc_abstract_unix_send_fd(int fd, int sendfd, void *data, size_t size) |
b0a33c1e | 137 | { |
604f0955 ÇO |
138 | struct msghdr msg = { 0 }; |
139 | struct iovec iov; | |
140 | struct cmsghdr *cmsg; | |
caf3beb0 CB |
141 | char cmsgbuf[CMSG_SPACE(sizeof(int))] = {0}; |
142 | char buf[1] = {0}; | |
0e391e57 | 143 | int *val; |
b0a33c1e | 144 | |
604f0955 ÇO |
145 | msg.msg_control = cmsgbuf; |
146 | msg.msg_controllen = sizeof(cmsgbuf); | |
b0a33c1e | 147 | |
604f0955 ÇO |
148 | cmsg = CMSG_FIRSTHDR(&msg); |
149 | cmsg->cmsg_len = CMSG_LEN(sizeof(int)); | |
150 | cmsg->cmsg_level = SOL_SOCKET; | |
151 | cmsg->cmsg_type = SCM_RIGHTS; | |
0e391e57 DL |
152 | val = (int *)(CMSG_DATA(cmsg)); |
153 | *val = sendfd; | |
b0a33c1e | 154 | |
604f0955 ÇO |
155 | msg.msg_name = NULL; |
156 | msg.msg_namelen = 0; | |
b0a33c1e | 157 | |
604f0955 ÇO |
158 | iov.iov_base = data ? data : buf; |
159 | iov.iov_len = data ? size : sizeof(buf); | |
160 | msg.msg_iov = &iov; | |
161 | msg.msg_iovlen = 1; | |
b0a33c1e | 162 | |
6168ff15 | 163 | return sendmsg(fd, &msg, MSG_NOSIGNAL); |
b0a33c1e | 164 | } |
165 | ||
aae93dd3 | 166 | int lxc_abstract_unix_recv_fd(int fd, int *recvfd, void *data, size_t size) |
b0a33c1e | 167 | { |
604f0955 ÇO |
168 | struct msghdr msg = { 0 }; |
169 | struct iovec iov; | |
170 | struct cmsghdr *cmsg; | |
0e391e57 | 171 | int ret, *val; |
caf3beb0 CB |
172 | char cmsgbuf[CMSG_SPACE(sizeof(int))] = {0}; |
173 | char buf[1] = {0}; | |
b0a33c1e | 174 | |
604f0955 ÇO |
175 | msg.msg_name = NULL; |
176 | msg.msg_namelen = 0; | |
177 | msg.msg_control = cmsgbuf; | |
178 | msg.msg_controllen = sizeof(cmsgbuf); | |
b0a33c1e | 179 | |
604f0955 ÇO |
180 | iov.iov_base = data ? data : buf; |
181 | iov.iov_len = data ? size : sizeof(buf); | |
182 | msg.msg_iov = &iov; | |
183 | msg.msg_iovlen = 1; | |
b0a33c1e | 184 | |
185 | ret = recvmsg(fd, &msg, 0); | |
186 | if (ret <= 0) | |
187 | goto out; | |
188 | ||
604f0955 | 189 | cmsg = CMSG_FIRSTHDR(&msg); |
b0a33c1e | 190 | |
f79d43bb | 191 | /* if the message is wrong the variable will not be |
b0a33c1e | 192 | * filled and the peer will notified about a problem */ |
193 | *recvfd = -1; | |
194 | ||
604f0955 ÇO |
195 | if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(int)) && |
196 | cmsg->cmsg_level == SOL_SOCKET && | |
197 | cmsg->cmsg_type == SCM_RIGHTS) { | |
0e391e57 | 198 | val = (int *) CMSG_DATA(cmsg); |
604f0955 ÇO |
199 | *recvfd = *val; |
200 | } | |
b0a33c1e | 201 | out: |
604f0955 | 202 | return ret; |
b0a33c1e | 203 | } |
204 | ||
aae93dd3 | 205 | int lxc_abstract_unix_send_credential(int fd, void *data, size_t size) |
b0a33c1e | 206 | { |
604f0955 ÇO |
207 | struct msghdr msg = { 0 }; |
208 | struct iovec iov; | |
209 | struct cmsghdr *cmsg; | |
b0a33c1e | 210 | struct ucred cred = { |
211 | .pid = getpid(), | |
212 | .uid = getuid(), | |
213 | .gid = getgid(), | |
214 | }; | |
caf3beb0 CB |
215 | char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0}; |
216 | char buf[1] = {0}; | |
b0a33c1e | 217 | |
604f0955 ÇO |
218 | msg.msg_control = cmsgbuf; |
219 | msg.msg_controllen = sizeof(cmsgbuf); | |
b0a33c1e | 220 | |
604f0955 ÇO |
221 | cmsg = CMSG_FIRSTHDR(&msg); |
222 | cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred)); | |
223 | cmsg->cmsg_level = SOL_SOCKET; | |
224 | cmsg->cmsg_type = SCM_CREDENTIALS; | |
0e391e57 | 225 | memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred)); |
b0a33c1e | 226 | |
604f0955 ÇO |
227 | msg.msg_name = NULL; |
228 | msg.msg_namelen = 0; | |
b0a33c1e | 229 | |
604f0955 ÇO |
230 | iov.iov_base = data ? data : buf; |
231 | iov.iov_len = data ? size : sizeof(buf); | |
232 | msg.msg_iov = &iov; | |
233 | msg.msg_iovlen = 1; | |
b0a33c1e | 234 | |
6168ff15 | 235 | return sendmsg(fd, &msg, MSG_NOSIGNAL); |
b0a33c1e | 236 | } |
237 | ||
aae93dd3 | 238 | int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size) |
b0a33c1e | 239 | { |
604f0955 ÇO |
240 | struct msghdr msg = { 0 }; |
241 | struct iovec iov; | |
242 | struct cmsghdr *cmsg; | |
b0a33c1e | 243 | struct ucred cred; |
b0a33c1e | 244 | int ret; |
caf3beb0 CB |
245 | char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0}; |
246 | char buf[1] = {0}; | |
b0a33c1e | 247 | |
604f0955 ÇO |
248 | msg.msg_name = NULL; |
249 | msg.msg_namelen = 0; | |
250 | msg.msg_control = cmsgbuf; | |
251 | msg.msg_controllen = sizeof(cmsgbuf); | |
b0a33c1e | 252 | |
604f0955 ÇO |
253 | iov.iov_base = data ? data : buf; |
254 | iov.iov_len = data ? size : sizeof(buf); | |
255 | msg.msg_iov = &iov; | |
256 | msg.msg_iovlen = 1; | |
b0a33c1e | 257 | |
258 | ret = recvmsg(fd, &msg, 0); | |
259 | if (ret <= 0) | |
260 | goto out; | |
261 | ||
604f0955 | 262 | cmsg = CMSG_FIRSTHDR(&msg); |
b0a33c1e | 263 | |
604f0955 ÇO |
264 | if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) && |
265 | cmsg->cmsg_level == SOL_SOCKET && | |
266 | cmsg->cmsg_type == SCM_CREDENTIALS) { | |
0e391e57 | 267 | memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred)); |
d8cc9804 | 268 | if (cred.uid && (cred.uid != getuid() || cred.gid != getgid())) { |
2dcb28a9 | 269 | INFO("message denied for '%d/%d'", cred.uid, cred.gid); |
d8cc9804 | 270 | return -EACCES; |
2dcb28a9 | 271 | } |
604f0955 | 272 | } |
b0a33c1e | 273 | out: |
604f0955 | 274 | return ret; |
b0a33c1e | 275 | } |