[mirror_lxc.git] / src / lxc / af_unix.c

/*
 * lxc: linux Container library
 *
 * (C) Copyright IBM Corp. 2007, 2008
 *
 * Authors:
 * Daniel Lezcano <daniel.lezcano at free.fr>
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 */
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
#define __USE_GNU
#include <sys/socket.h>
#undef __USE_GNU
#include <sys/un.h>

#include "log.h"
#include "lxclock.h"

lxc_log_define(lxc_af_unix, lxc);

int lxc_af_unix_open(const char *path, int type, int flags)
{
	int fd;
	size_t len;
	struct sockaddr_un addr;

	if (flags & O_TRUNC)
		unlink(path);

	process_lock();
	fd = socket(PF_UNIX, type, 0);
	process_unlock();
	if (fd < 0)
		return -1;

	memset(&addr, 0, sizeof(addr));

	if (!path)
		return fd;

	addr.sun_family = AF_UNIX;
	/* copy entire buffer in case of abstract socket */
	len = sizeof(addr.sun_path);
	if (path[0]) {
		len = strlen(path);
		if (len >= sizeof(addr.sun_path)) {
			process_lock();
			close(fd);
			process_unlock();
			errno = ENAMETOOLONG;
			return -1;
		}
	}
	memcpy(addr.sun_path, path, len);

	if (bind(fd, (struct sockaddr *)&addr, sizeof(addr))) {
		int tmp = errno;
		process_lock();
		close(fd);
		process_unlock();
		errno = tmp;
		return -1;
	}

	if (type == SOCK_STREAM && listen(fd, 100)) {
		int tmp = errno;
		process_lock();
		close(fd);
		process_unlock();
		errno = tmp;
		return -1;
	}

	return fd;
}

int lxc_af_unix_close(int fd)
{
	struct sockaddr_un addr;
	socklen_t addrlen = sizeof(addr);

	if (!getsockname(fd, (struct sockaddr *)&addr, &addrlen) &&
	    addr.sun_path[0])
		unlink(addr.sun_path);

	process_lock();
	close(fd);
	process_unlock();

	return 0;
}

int lxc_af_unix_connect(const char *path)
{
	int fd;
	struct sockaddr_un addr;

	process_lock();
	fd = socket(PF_UNIX, SOCK_STREAM, 0);
	process_unlock();
	if (fd < 0)
		return -1;

	memset(&addr, 0, sizeof(addr));

	addr.sun_family = AF_UNIX;
	/* copy entire buffer in case of abstract socket */
	memcpy(addr.sun_path, path,
	       path[0]?strlen(path):sizeof(addr.sun_path));

	if (connect(fd, (struct sockaddr *)&addr, sizeof(addr))) {
		int tmp = errno;
		process_lock();
		close(fd);
		process_unlock();
		errno = tmp;
		return -1;
	}

	return fd;
}

int lxc_af_unix_send_fd(int fd, int sendfd, void *data, size_t size)
{
        struct msghdr msg = { 0 };
        struct iovec iov;
        struct cmsghdr *cmsg;
        char cmsgbuf[CMSG_SPACE(sizeof(int))];
        char buf[1];
	int *val;

        msg.msg_control = cmsgbuf;
        msg.msg_controllen = sizeof(cmsgbuf);

        cmsg = CMSG_FIRSTHDR(&msg);
        cmsg->cmsg_len = CMSG_LEN(sizeof(int));
        cmsg->cmsg_level = SOL_SOCKET;
        cmsg->cmsg_type = SCM_RIGHTS;
	val = (int *)(CMSG_DATA(cmsg));
	*val = sendfd;

        msg.msg_name = NULL;
        msg.msg_namelen = 0;

        iov.iov_base = data ? data : buf;
        iov.iov_len = data ? size : sizeof(buf);
        msg.msg_iov = &iov;
        msg.msg_iovlen = 1;

        return sendmsg(fd, &msg, 0);
}

int lxc_af_unix_recv_fd(int fd, int *recvfd, void *data, size_t size)
{
        struct msghdr msg = { 0 };
        struct iovec iov;
        struct cmsghdr *cmsg;
        char cmsgbuf[CMSG_SPACE(sizeof(int))];
        char buf[1];
	int ret, *val;

        msg.msg_name = NULL;
        msg.msg_namelen = 0;
        msg.msg_control = cmsgbuf;
        msg.msg_controllen = sizeof(cmsgbuf);

        iov.iov_base = data ? data : buf;
        iov.iov_len = data ? size : sizeof(buf);
        msg.msg_iov = &iov;
        msg.msg_iovlen = 1;

	ret = recvmsg(fd, &msg, 0);
	if (ret <= 0)
		goto out;

        cmsg = CMSG_FIRSTHDR(&msg);

	/* if the message is wrong the variable will not be
	 * filled and the peer will notified about a problem */
	*recvfd = -1;

        if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(int)) &&
            cmsg->cmsg_level == SOL_SOCKET &&
            cmsg->cmsg_type == SCM_RIGHTS) {
		val = (int *) CMSG_DATA(cmsg);
                *recvfd = *val;
        }
out:
        return ret;
}

int lxc_af_unix_send_credential(int fd, void *data, size_t size)
{
        struct msghdr msg = { 0 };
        struct iovec iov;
        struct cmsghdr *cmsg;
	struct ucred cred = {
		.pid = getpid(),
		.uid = getuid(),
		.gid = getgid(),
	};
        char cmsgbuf[CMSG_SPACE(sizeof(cred))];
        char buf[1];

        msg.msg_control = cmsgbuf;
        msg.msg_controllen = sizeof(cmsgbuf);

        cmsg = CMSG_FIRSTHDR(&msg);
        cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
        cmsg->cmsg_level = SOL_SOCKET;
        cmsg->cmsg_type = SCM_CREDENTIALS;
	memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));

        msg.msg_name = NULL;
        msg.msg_namelen = 0;

        iov.iov_base = data ? data : buf;
        iov.iov_len = data ? size : sizeof(buf);
        msg.msg_iov = &iov;
        msg.msg_iovlen = 1;

        return sendmsg(fd, &msg, 0);
}

int lxc_af_unix_rcv_credential(int fd, void *data, size_t size)
{
        struct msghdr msg = { 0 };
        struct iovec iov;
        struct cmsghdr *cmsg;
	struct ucred cred;
        char cmsgbuf[CMSG_SPACE(sizeof(cred))];
        char buf[1];
	int ret;

        msg.msg_name = NULL;
        msg.msg_namelen = 0;
        msg.msg_control = cmsgbuf;
        msg.msg_controllen = sizeof(cmsgbuf);

        iov.iov_base = data ? data : buf;
        iov.iov_len = data ? size : sizeof(buf);
        msg.msg_iov = &iov;
        msg.msg_iovlen = 1;

	ret = recvmsg(fd, &msg, 0);
	if (ret <= 0)
		goto out;

        cmsg = CMSG_FIRSTHDR(&msg);

        if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
            cmsg->cmsg_level == SOL_SOCKET &&
            cmsg->cmsg_type == SCM_CREDENTIALS) {
		memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));
		if (cred.uid && (cred.uid != getuid() || cred.gid != getgid())) {
			INFO("message denied for '%d/%d'", cred.uid, cred.gid);
			return -EACCES;
		}
        }
out:
        return ret;
}
Commit	Line	Data
b0a33c1e	1	/*
	2	* lxc: linux Container library
	3	*
	4	* (C) Copyright IBM Corp. 2007, 2008
	5	*
	6	* Authors:
9afe19d6	7	* Daniel Lezcano <daniel.lezcano at free.fr>
b0a33c1e	8	*
	9	* This library is free software; you can redistribute it and/or
	10	* modify it under the terms of the GNU Lesser General Public
	11	* License as published by the Free Software Foundation; either
	12	* version 2.1 of the License, or (at your option) any later version.
	13	*
	14	* This library is distributed in the hope that it will be useful,
	15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	17	* Lesser General Public License for more details.
	18	*
	19	* You should have received a copy of the GNU Lesser General Public
	20	* License along with this library; if not, write to the Free Software
250b1eec	21	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
b0a33c1e	22	*/
	23	#include <string.h>
	24	#include <unistd.h>
	25	#include <fcntl.h>
2dcb28a9	26	#include <errno.h>
b0a33c1e	27	#define __USE_GNU
	28	#include <sys/socket.h>
	29	#undef __USE_GNU
	30	#include <sys/un.h>
	31
2dcb28a9	32	#include "log.h"
025ed0f3	33	#include "lxclock.h"
2dcb28a9 MN	34
2dcb28a9 MN	35	lxc_log_define(lxc_af_unix, lxc);
b0a33c1e	36
	37	int lxc_af_unix_open(const char *path, int type, int flags)
	38	{
	39	int fd;
ddb17f1f	40	size_t len;
b0a33c1e	41	struct sockaddr_un addr;
	42
	43	if (flags & O_TRUNC)
	44	unlink(path);
	45
025ed0f3	46	process_lock();
b0a33c1e	47	fd = socket(PF_UNIX, type, 0);
025ed0f3	48	process_unlock();
b0a33c1e	49	if (fd < 0)
	50	return -1;
	51
	52	memset(&addr, 0, sizeof(addr));
	53
	54	if (!path)
	55	return fd;
	56
	57	addr.sun_family = AF_UNIX;
	58	/* copy entire buffer in case of abstract socket */
ddb17f1f DE	59	len = sizeof(addr.sun_path);
	60	if (path[0]) {
	61	len = strlen(path);
	62	if (len >= sizeof(addr.sun_path)) {
025ed0f3	63	process_lock();
ddb17f1f	64	close(fd);
025ed0f3	65	process_unlock();
ddb17f1f DE	66	errno = ENAMETOOLONG;
	67	return -1;
	68	}
	69	}
	70	memcpy(addr.sun_path, path, len);
b0a33c1e	71
b0a33c1e	72	if (bind(fd, (struct sockaddr *)&addr, sizeof(addr))) {
dba104c8	73	int tmp = errno;
025ed0f3	74	process_lock();
b0a33c1e	75	close(fd);
025ed0f3	76	process_unlock();
dba104c8	77	errno = tmp;
b0a33c1e	78	return -1;
b0a33c1e	79	}
ddb17f1f	80
31c53c2e	81	if (type == SOCK_STREAM && listen(fd, 100)) {
dba104c8	82	int tmp = errno;
025ed0f3	83	process_lock();
b0a33c1e	84	close(fd);
025ed0f3	85	process_unlock();
dba104c8	86	errno = tmp;
b0a33c1e	87	return -1;
	88	}
	89
	90	return fd;
	91	}
	92
	93	int lxc_af_unix_close(int fd)
	94	{
	95	struct sockaddr_un addr;
af41709c	96	socklen_t addrlen = sizeof(addr);
ddb17f1f	97
f79d43bb	98	if (!getsockname(fd, (struct sockaddr *)&addr, &addrlen) &&
b0a33c1e	99	addr.sun_path[0])
	100	unlink(addr.sun_path);
	101
025ed0f3	102	process_lock();
b0a33c1e	103	close(fd);
025ed0f3	104	process_unlock();
b0a33c1e	105
	106	return 0;
	107	}
	108
	109	int lxc_af_unix_connect(const char *path)
	110	{
	111	int fd;
	112	struct sockaddr_un addr;
	113
025ed0f3	114	process_lock();
b0a33c1e	115	fd = socket(PF_UNIX, SOCK_STREAM, 0);
025ed0f3	116	process_unlock();
b0a33c1e	117	if (fd < 0)
	118	return -1;
	119
	120	memset(&addr, 0, sizeof(addr));
	121
	122	addr.sun_family = AF_UNIX;
	123	/* copy entire buffer in case of abstract socket */
f79d43bb	124	memcpy(addr.sun_path, path,
b0a33c1e	125	path[0]?strlen(path):sizeof(addr.sun_path));
	126
	127	if (connect(fd, (struct sockaddr *)&addr, sizeof(addr))) {
dba104c8	128	int tmp = errno;
025ed0f3	129	process_lock();
b0a33c1e	130	close(fd);
025ed0f3	131	process_unlock();
dba104c8	132	errno = tmp;
b0a33c1e	133	return -1;
	134	}
	135
	136	return fd;
	137	}
	138
	139	int lxc_af_unix_send_fd(int fd, int sendfd, void *data, size_t size)
	140	{
	141	struct msghdr msg = { 0 };
	142	struct iovec iov;
	143	struct cmsghdr *cmsg;
	144	char cmsgbuf[CMSG_SPACE(sizeof(int))];
	145	char buf[1];
0e391e57	146	int *val;
b0a33c1e	147
	148	msg.msg_control = cmsgbuf;
	149	msg.msg_controllen = sizeof(cmsgbuf);
	150
	151	cmsg = CMSG_FIRSTHDR(&msg);
	152	cmsg->cmsg_len = CMSG_LEN(sizeof(int));
	153	cmsg->cmsg_level = SOL_SOCKET;
	154	cmsg->cmsg_type = SCM_RIGHTS;
0e391e57 DL	155	val = (int *)(CMSG_DATA(cmsg));
0e391e57 DL	156	*val = sendfd;
b0a33c1e	157
	158	msg.msg_name = NULL;
	159	msg.msg_namelen = 0;
	160
	161	iov.iov_base = data ? data : buf;
	162	iov.iov_len = data ? size : sizeof(buf);
	163	msg.msg_iov = &iov;
	164	msg.msg_iovlen = 1;
	165
	166	return sendmsg(fd, &msg, 0);
	167	}
	168
	169	int lxc_af_unix_recv_fd(int fd, int recvfd, void data, size_t size)
	170	{
	171	struct msghdr msg = { 0 };
	172	struct iovec iov;
	173	struct cmsghdr *cmsg;
	174	char cmsgbuf[CMSG_SPACE(sizeof(int))];
	175	char buf[1];
0e391e57	176	int ret, *val;
b0a33c1e	177
	178	msg.msg_name = NULL;
	179	msg.msg_namelen = 0;
	180	msg.msg_control = cmsgbuf;
	181	msg.msg_controllen = sizeof(cmsgbuf);
	182
	183	iov.iov_base = data ? data : buf;
	184	iov.iov_len = data ? size : sizeof(buf);
	185	msg.msg_iov = &iov;
	186	msg.msg_iovlen = 1;
	187
	188	ret = recvmsg(fd, &msg, 0);
	189	if (ret <= 0)
	190	goto out;
	191
	192	cmsg = CMSG_FIRSTHDR(&msg);
	193
f79d43bb	194	/* if the message is wrong the variable will not be
b0a33c1e	195	* filled and the peer will notified about a problem */
	196	*recvfd = -1;
	197
	198	if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(int)) &&
	199	cmsg->cmsg_level == SOL_SOCKET &&
	200	cmsg->cmsg_type == SCM_RIGHTS) {
0e391e57 DL	201	val = (int *) CMSG_DATA(cmsg);
0e391e57 DL	202	recvfd = val;
b0a33c1e	203	}
	204	out:
	205	return ret;
	206	}
	207
	208	int lxc_af_unix_send_credential(int fd, void *data, size_t size)
	209	{
	210	struct msghdr msg = { 0 };
	211	struct iovec iov;
	212	struct cmsghdr *cmsg;
	213	struct ucred cred = {
	214	.pid = getpid(),
	215	.uid = getuid(),
	216	.gid = getgid(),
	217	};
	218	char cmsgbuf[CMSG_SPACE(sizeof(cred))];
	219	char buf[1];
	220
	221	msg.msg_control = cmsgbuf;
	222	msg.msg_controllen = sizeof(cmsgbuf);
	223
	224	cmsg = CMSG_FIRSTHDR(&msg);
	225	cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
	226	cmsg->cmsg_level = SOL_SOCKET;
	227	cmsg->cmsg_type = SCM_CREDENTIALS;
0e391e57	228	memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));
b0a33c1e	229
	230	msg.msg_name = NULL;
	231	msg.msg_namelen = 0;
	232
	233	iov.iov_base = data ? data : buf;
	234	iov.iov_len = data ? size : sizeof(buf);
	235	msg.msg_iov = &iov;
	236	msg.msg_iovlen = 1;
	237
	238	return sendmsg(fd, &msg, 0);
	239	}
	240
	241	int lxc_af_unix_rcv_credential(int fd, void *data, size_t size)
	242	{
	243	struct msghdr msg = { 0 };
	244	struct iovec iov;
	245	struct cmsghdr *cmsg;
	246	struct ucred cred;
	247	char cmsgbuf[CMSG_SPACE(sizeof(cred))];
	248	char buf[1];
	249	int ret;
	250
	251	msg.msg_name = NULL;
	252	msg.msg_namelen = 0;
	253	msg.msg_control = cmsgbuf;
	254	msg.msg_controllen = sizeof(cmsgbuf);
	255
	256	iov.iov_base = data ? data : buf;
	257	iov.iov_len = data ? size : sizeof(buf);
	258	msg.msg_iov = &iov;
	259	msg.msg_iovlen = 1;
	260
	261	ret = recvmsg(fd, &msg, 0);
	262	if (ret <= 0)
	263	goto out;
	264
	265	cmsg = CMSG_FIRSTHDR(&msg);
	266
b0a33c1e	267	if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
	268	cmsg->cmsg_level == SOL_SOCKET &&
	269	cmsg->cmsg_type == SCM_CREDENTIALS) {
0e391e57	270	memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));
d8cc9804	271	if (cred.uid && (cred.uid != getuid() \|\| cred.gid != getgid())) {
2dcb28a9	272	INFO("message denied for '%d/%d'", cred.uid, cred.gid);
d8cc9804	273	return -EACCES;
2dcb28a9	274	}
b0a33c1e	275	}
	276	out:
	277	return ret;
	278	}