]>
Commit | Line | Data |
---|---|---|
b0a33c1e | 1 | /* |
2 | * lxc: linux Container library | |
3 | * | |
4 | * (C) Copyright IBM Corp. 2007, 2008 | |
5 | * | |
6 | * Authors: | |
9afe19d6 | 7 | * Daniel Lezcano <daniel.lezcano at free.fr> |
b0a33c1e | 8 | * |
9 | * This library is free software; you can redistribute it and/or | |
10 | * modify it under the terms of the GNU Lesser General Public | |
11 | * License as published by the Free Software Foundation; either | |
12 | * version 2.1 of the License, or (at your option) any later version. | |
13 | * | |
14 | * This library is distributed in the hope that it will be useful, | |
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
17 | * Lesser General Public License for more details. | |
18 | * | |
19 | * You should have received a copy of the GNU Lesser General Public | |
20 | * License along with this library; if not, write to the Free Software | |
250b1eec | 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
b0a33c1e | 22 | */ |
d06245b8 NC |
23 | #include "config.h" |
24 | ||
aae93dd3 | 25 | #include <stddef.h> |
b0a33c1e | 26 | #include <string.h> |
27 | #include <unistd.h> | |
28 | #include <fcntl.h> | |
2dcb28a9 | 29 | #include <errno.h> |
b0a33c1e | 30 | #include <sys/socket.h> |
b0a33c1e | 31 | #include <sys/un.h> |
32 | ||
2dcb28a9 MN |
33 | #include "log.h" |
34 | ||
35 | lxc_log_define(lxc_af_unix, lxc); | |
b0a33c1e | 36 | |
aae93dd3 | 37 | int lxc_abstract_unix_open(const char *path, int type, int flags) |
b0a33c1e | 38 | { |
39 | int fd; | |
ddb17f1f | 40 | size_t len; |
b0a33c1e | 41 | struct sockaddr_un addr; |
42 | ||
43 | if (flags & O_TRUNC) | |
44 | unlink(path); | |
45 | ||
46 | fd = socket(PF_UNIX, type, 0); | |
47 | if (fd < 0) | |
48 | return -1; | |
49 | ||
aae93dd3 | 50 | /* Clear address structure */ |
b0a33c1e | 51 | memset(&addr, 0, sizeof(addr)); |
52 | ||
53 | if (!path) | |
54 | return fd; | |
55 | ||
56 | addr.sun_family = AF_UNIX; | |
aae93dd3 ÇO |
57 | |
58 | len = strlen(&path[1]) + 1; | |
59 | if (len >= sizeof(addr.sun_path) - 1) { | |
aae93dd3 | 60 | close(fd); |
aae93dd3 ÇO |
61 | errno = ENAMETOOLONG; |
62 | return -1; | |
ddb17f1f | 63 | } |
aae93dd3 ÇO |
64 | /* addr.sun_path[0] has already been set to 0 by memset() */ |
65 | strncpy(&addr.sun_path[1], &path[1], strlen(&path[1])); | |
b0a33c1e | 66 | |
aae93dd3 | 67 | if (bind(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len)) { |
dba104c8 | 68 | int tmp = errno; |
b0a33c1e | 69 | close(fd); |
dba104c8 | 70 | errno = tmp; |
b0a33c1e | 71 | return -1; |
72 | } | |
ddb17f1f | 73 | |
31c53c2e | 74 | if (type == SOCK_STREAM && listen(fd, 100)) { |
dba104c8 | 75 | int tmp = errno; |
b0a33c1e | 76 | close(fd); |
dba104c8 | 77 | errno = tmp; |
b0a33c1e | 78 | return -1; |
79 | } | |
80 | ||
81 | return fd; | |
82 | } | |
83 | ||
aae93dd3 | 84 | int lxc_abstract_unix_close(int fd) |
b0a33c1e | 85 | { |
86 | struct sockaddr_un addr; | |
af41709c | 87 | socklen_t addrlen = sizeof(addr); |
ddb17f1f | 88 | |
f79d43bb | 89 | if (!getsockname(fd, (struct sockaddr *)&addr, &addrlen) && |
604f0955 | 90 | addr.sun_path[0]) |
b0a33c1e | 91 | unlink(addr.sun_path); |
92 | ||
93 | close(fd); | |
94 | ||
95 | return 0; | |
96 | } | |
97 | ||
aae93dd3 | 98 | int lxc_abstract_unix_connect(const char *path) |
b0a33c1e | 99 | { |
100 | int fd; | |
aae93dd3 | 101 | size_t len; |
b0a33c1e | 102 | struct sockaddr_un addr; |
103 | ||
104 | fd = socket(PF_UNIX, SOCK_STREAM, 0); | |
105 | if (fd < 0) | |
106 | return -1; | |
107 | ||
108 | memset(&addr, 0, sizeof(addr)); | |
109 | ||
110 | addr.sun_family = AF_UNIX; | |
b0a33c1e | 111 | |
aae93dd3 ÇO |
112 | len = strlen(&path[1]) + 1; |
113 | if (len >= sizeof(addr.sun_path) - 1) { | |
aae93dd3 | 114 | close(fd); |
aae93dd3 ÇO |
115 | errno = ENAMETOOLONG; |
116 | return -1; | |
117 | } | |
118 | /* addr.sun_path[0] has already been set to 0 by memset() */ | |
119 | strncpy(&addr.sun_path[1], &path[1], strlen(&path[1])); | |
120 | ||
121 | if (connect(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len)) { | |
dba104c8 | 122 | int tmp = errno; |
bdb3f441 SH |
123 | /* special case to connect to older containers */ |
124 | if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) == 0) | |
125 | return fd; | |
b0a33c1e | 126 | close(fd); |
dba104c8 | 127 | errno = tmp; |
b0a33c1e | 128 | return -1; |
129 | } | |
130 | ||
131 | return fd; | |
132 | } | |
133 | ||
aae93dd3 | 134 | int lxc_abstract_unix_send_fd(int fd, int sendfd, void *data, size_t size) |
b0a33c1e | 135 | { |
604f0955 ÇO |
136 | struct msghdr msg = { 0 }; |
137 | struct iovec iov; | |
138 | struct cmsghdr *cmsg; | |
139 | char cmsgbuf[CMSG_SPACE(sizeof(int))]; | |
140 | char buf[1]; | |
0e391e57 | 141 | int *val; |
b0a33c1e | 142 | |
604f0955 ÇO |
143 | msg.msg_control = cmsgbuf; |
144 | msg.msg_controllen = sizeof(cmsgbuf); | |
b0a33c1e | 145 | |
604f0955 ÇO |
146 | cmsg = CMSG_FIRSTHDR(&msg); |
147 | cmsg->cmsg_len = CMSG_LEN(sizeof(int)); | |
148 | cmsg->cmsg_level = SOL_SOCKET; | |
149 | cmsg->cmsg_type = SCM_RIGHTS; | |
0e391e57 DL |
150 | val = (int *)(CMSG_DATA(cmsg)); |
151 | *val = sendfd; | |
b0a33c1e | 152 | |
604f0955 ÇO |
153 | msg.msg_name = NULL; |
154 | msg.msg_namelen = 0; | |
b0a33c1e | 155 | |
604f0955 ÇO |
156 | iov.iov_base = data ? data : buf; |
157 | iov.iov_len = data ? size : sizeof(buf); | |
158 | msg.msg_iov = &iov; | |
159 | msg.msg_iovlen = 1; | |
b0a33c1e | 160 | |
6168ff15 | 161 | return sendmsg(fd, &msg, MSG_NOSIGNAL); |
b0a33c1e | 162 | } |
163 | ||
aae93dd3 | 164 | int lxc_abstract_unix_recv_fd(int fd, int *recvfd, void *data, size_t size) |
b0a33c1e | 165 | { |
604f0955 ÇO |
166 | struct msghdr msg = { 0 }; |
167 | struct iovec iov; | |
168 | struct cmsghdr *cmsg; | |
169 | char cmsgbuf[CMSG_SPACE(sizeof(int))]; | |
170 | char buf[1]; | |
0e391e57 | 171 | int ret, *val; |
b0a33c1e | 172 | |
604f0955 ÇO |
173 | msg.msg_name = NULL; |
174 | msg.msg_namelen = 0; | |
175 | msg.msg_control = cmsgbuf; | |
176 | msg.msg_controllen = sizeof(cmsgbuf); | |
b0a33c1e | 177 | |
604f0955 ÇO |
178 | iov.iov_base = data ? data : buf; |
179 | iov.iov_len = data ? size : sizeof(buf); | |
180 | msg.msg_iov = &iov; | |
181 | msg.msg_iovlen = 1; | |
b0a33c1e | 182 | |
183 | ret = recvmsg(fd, &msg, 0); | |
184 | if (ret <= 0) | |
185 | goto out; | |
186 | ||
604f0955 | 187 | cmsg = CMSG_FIRSTHDR(&msg); |
b0a33c1e | 188 | |
f79d43bb | 189 | /* if the message is wrong the variable will not be |
b0a33c1e | 190 | * filled and the peer will notified about a problem */ |
191 | *recvfd = -1; | |
192 | ||
604f0955 ÇO |
193 | if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(int)) && |
194 | cmsg->cmsg_level == SOL_SOCKET && | |
195 | cmsg->cmsg_type == SCM_RIGHTS) { | |
0e391e57 | 196 | val = (int *) CMSG_DATA(cmsg); |
604f0955 ÇO |
197 | *recvfd = *val; |
198 | } | |
b0a33c1e | 199 | out: |
604f0955 | 200 | return ret; |
b0a33c1e | 201 | } |
202 | ||
aae93dd3 | 203 | int lxc_abstract_unix_send_credential(int fd, void *data, size_t size) |
b0a33c1e | 204 | { |
604f0955 ÇO |
205 | struct msghdr msg = { 0 }; |
206 | struct iovec iov; | |
207 | struct cmsghdr *cmsg; | |
b0a33c1e | 208 | struct ucred cred = { |
209 | .pid = getpid(), | |
210 | .uid = getuid(), | |
211 | .gid = getgid(), | |
212 | }; | |
604f0955 ÇO |
213 | char cmsgbuf[CMSG_SPACE(sizeof(cred))]; |
214 | char buf[1]; | |
b0a33c1e | 215 | |
604f0955 ÇO |
216 | msg.msg_control = cmsgbuf; |
217 | msg.msg_controllen = sizeof(cmsgbuf); | |
b0a33c1e | 218 | |
604f0955 ÇO |
219 | cmsg = CMSG_FIRSTHDR(&msg); |
220 | cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred)); | |
221 | cmsg->cmsg_level = SOL_SOCKET; | |
222 | cmsg->cmsg_type = SCM_CREDENTIALS; | |
0e391e57 | 223 | memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred)); |
b0a33c1e | 224 | |
604f0955 ÇO |
225 | msg.msg_name = NULL; |
226 | msg.msg_namelen = 0; | |
b0a33c1e | 227 | |
604f0955 ÇO |
228 | iov.iov_base = data ? data : buf; |
229 | iov.iov_len = data ? size : sizeof(buf); | |
230 | msg.msg_iov = &iov; | |
231 | msg.msg_iovlen = 1; | |
b0a33c1e | 232 | |
6168ff15 | 233 | return sendmsg(fd, &msg, MSG_NOSIGNAL); |
b0a33c1e | 234 | } |
235 | ||
aae93dd3 | 236 | int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size) |
b0a33c1e | 237 | { |
604f0955 ÇO |
238 | struct msghdr msg = { 0 }; |
239 | struct iovec iov; | |
240 | struct cmsghdr *cmsg; | |
b0a33c1e | 241 | struct ucred cred; |
604f0955 ÇO |
242 | char cmsgbuf[CMSG_SPACE(sizeof(cred))]; |
243 | char buf[1]; | |
b0a33c1e | 244 | int ret; |
245 | ||
604f0955 ÇO |
246 | msg.msg_name = NULL; |
247 | msg.msg_namelen = 0; | |
248 | msg.msg_control = cmsgbuf; | |
249 | msg.msg_controllen = sizeof(cmsgbuf); | |
b0a33c1e | 250 | |
604f0955 ÇO |
251 | iov.iov_base = data ? data : buf; |
252 | iov.iov_len = data ? size : sizeof(buf); | |
253 | msg.msg_iov = &iov; | |
254 | msg.msg_iovlen = 1; | |
b0a33c1e | 255 | |
256 | ret = recvmsg(fd, &msg, 0); | |
257 | if (ret <= 0) | |
258 | goto out; | |
259 | ||
604f0955 | 260 | cmsg = CMSG_FIRSTHDR(&msg); |
b0a33c1e | 261 | |
604f0955 ÇO |
262 | if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) && |
263 | cmsg->cmsg_level == SOL_SOCKET && | |
264 | cmsg->cmsg_type == SCM_CREDENTIALS) { | |
0e391e57 | 265 | memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred)); |
d8cc9804 | 266 | if (cred.uid && (cred.uid != getuid() || cred.gid != getgid())) { |
2dcb28a9 | 267 | INFO("message denied for '%d/%d'", cred.uid, cred.gid); |
d8cc9804 | 268 | return -EACCES; |
2dcb28a9 | 269 | } |
604f0955 | 270 | } |
b0a33c1e | 271 | out: |
604f0955 | 272 | return ret; |
b0a33c1e | 273 | } |