[mirror_lxc.git] / src / lxc / af_unix.c

/* SPDX-License-Identifier: LGPL-2.1+ */

#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
#endif
#include <errno.h>
#include <fcntl.h>
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/socket.h>
#include <sys/syscall.h>
#include <sys/un.h>

#include "af_unix.h"
#include "config.h"
#include "log.h"
#include "macro.h"
#include "memory_utils.h"
#include "process_utils.h"
#include "utils.h"

#ifndef HAVE_STRLCPY
#include "include/strlcpy.h"
#endif

lxc_log_define(af_unix, lxc);

static ssize_t lxc_abstract_unix_set_sockaddr(struct sockaddr_un *addr,
					      const char *path)
{
	size_t len;

	if (!addr || !path)
		return ret_errno(EINVAL);

	/* Clear address structure */
	memset(addr, 0, sizeof(*addr));

	addr->sun_family = AF_UNIX;

	len = strlen(&path[1]);

	/* do not enforce \0-termination */
	if (len >= INT_MAX || len >= sizeof(addr->sun_path))
		return ret_errno(ENAMETOOLONG);

	/* do not enforce \0-termination */
	memcpy(&addr->sun_path[1], &path[1], len);
	return len;
}

int lxc_abstract_unix_open(const char *path, int type, int flags)
{
	__do_close int fd = -EBADF;
	int ret;
	ssize_t len;
	struct sockaddr_un addr;

	fd = socket(PF_UNIX, type | SOCK_CLOEXEC, 0);
	if (fd < 0)
		return -1;

	if (!path)
		return move_fd(fd);

	len = lxc_abstract_unix_set_sockaddr(&addr, path);
	if (len < 0)
		return -1;

	ret = bind(fd, (struct sockaddr *)&addr,
		   offsetof(struct sockaddr_un, sun_path) + len + 1);
	if (ret < 0)
		return -1;

	if (type == SOCK_STREAM) {
		ret = listen(fd, 100);
		if (ret < 0)
			return -1;
	}

	return move_fd(fd);
}

void lxc_abstract_unix_close(int fd)
{
	close(fd);
}

int lxc_abstract_unix_connect(const char *path)
{
	__do_close int fd = -EBADF;
	int ret;
	ssize_t len;
	struct sockaddr_un addr;

	fd = socket(PF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
	if (fd < 0)
		return -1;

	len = lxc_abstract_unix_set_sockaddr(&addr, path);
	if (len < 0)
		return -1;

	ret = connect(fd, (struct sockaddr *)&addr,
		      offsetof(struct sockaddr_un, sun_path) + len + 1);
	if (ret < 0)
		return -1;

	return move_fd(fd);
}

int lxc_abstract_unix_send_fds_iov(int fd, const int *sendfds, int num_sendfds,
				   struct iovec *const iov, size_t iovlen)
{
	__do_free char *cmsgbuf = NULL;
	int ret;
	struct msghdr msg = {};
	struct cmsghdr *cmsg = NULL;
	size_t cmsgbufsize = CMSG_SPACE(num_sendfds * sizeof(int));

	if (num_sendfds <= 0)
		return ret_errno(EINVAL);

	cmsgbuf = malloc(cmsgbufsize);
	if (!cmsgbuf)
		return ret_errno(-ENOMEM);

	msg.msg_control = cmsgbuf;
	msg.msg_controllen = cmsgbufsize;

	cmsg = CMSG_FIRSTHDR(&msg);
	cmsg->cmsg_level = SOL_SOCKET;
	cmsg->cmsg_type = SCM_RIGHTS;
	cmsg->cmsg_len = CMSG_LEN(num_sendfds * sizeof(int));

	msg.msg_controllen = cmsg->cmsg_len;

	memcpy(CMSG_DATA(cmsg), sendfds, num_sendfds * sizeof(int));

	msg.msg_iov = iov;
	msg.msg_iovlen = iovlen;

	do {
		ret = sendmsg(fd, &msg, MSG_NOSIGNAL);
	} while (ret < 0 && errno == EINTR);

	return ret;
}

int lxc_abstract_unix_send_fds(int fd, const int *sendfds, int num_sendfds,
			       void *data, size_t size)
{
	char buf[1] = {};
	struct iovec iov = {
		.iov_base	= data ? data : buf,
		.iov_len	= data ? size : sizeof(buf),
	};
	return lxc_abstract_unix_send_fds_iov(fd, sendfds, num_sendfds, &iov, 1);
}

int lxc_unix_send_fds(int fd, int *sendfds, int num_sendfds, void *data,
		      size_t size)
{
	return lxc_abstract_unix_send_fds(fd, sendfds, num_sendfds, data, size);
}

int __lxc_abstract_unix_send_two_fds(int fd, int fd_first, int fd_second,
				     void *data, size_t size)
{
	int fd_send[2] = {
		fd_first,
		fd_second,
	};
	return lxc_abstract_unix_send_fds(fd, fd_send, 2, data, size);
}

static ssize_t lxc_abstract_unix_recv_fds_iov(int fd,
					      struct unix_fds *ret_fds,
					      struct iovec *ret_iov,
					      size_t size_ret_iov)
{
	__do_free char *cmsgbuf = NULL;
	ssize_t ret;
	struct msghdr msg = {};
	struct cmsghdr *cmsg = NULL;
	size_t cmsgbufsize = CMSG_SPACE(sizeof(struct ucred)) +
			     CMSG_SPACE(ret_fds->fd_count_max * sizeof(int));

	if (ret_fds->flags & ~UNIX_FDS_ACCEPT_MASK)
		return ret_errno(EINVAL);

	if (hweight32((ret_fds->flags & ~UNIX_FDS_ACCEPT_NONE)) > 1)
		return ret_errno(EINVAL);

	if (ret_fds->fd_count_max >= KERNEL_SCM_MAX_FD)
		return ret_errno(EINVAL);

	if (ret_fds->fd_count_ret != 0)
		return ret_errno(EINVAL);

	cmsgbuf = zalloc(cmsgbufsize);
	if (!cmsgbuf)
		return ret_errno(ENOMEM);

	msg.msg_control		= cmsgbuf;
	msg.msg_controllen	= cmsgbufsize;

	msg.msg_iov	= ret_iov;
	msg.msg_iovlen	= size_ret_iov;

again:
	ret = recvmsg(fd, &msg, MSG_CMSG_CLOEXEC);
	if (ret < 0) {
		if (errno == EINTR)
			goto again;

		return syserror("Failed to receive response");
	}
	if (ret == 0)
		return 0;

	/* If SO_PASSCRED is set we will always get a ucred message. */
	for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
                if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
			__u32 idx;
			/*
			 * This causes some compilers to complain about
			 * increased alignment requirements but I haven't found
			 * a better way to deal with this yet. Suggestions
			 * welcome!
			 */
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wcast-align"
			int *fds_raw = (int *)CMSG_DATA(cmsg);
#pragma GCC diagnostic pop
			__u32 num_raw = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);

			/*
			 * We received an insane amount of file descriptors
			 * which exceeds the kernel limit we know about so
			 * close them and return an error.
			 */
			if (num_raw >= KERNEL_SCM_MAX_FD) {
				for (idx = 0; idx < num_raw; idx++)
					close(fds_raw[idx]);

				return syserror_set(-EFBIG, "Received excessive number of file descriptors");
			}

			if (msg.msg_flags & MSG_CTRUNC) {
				for (idx = 0; idx < num_raw; idx++)
					close(fds_raw[idx]);

				return syserror_set(-EFBIG, "Control message was truncated; closing all fds and rejecting incomplete message");
			}

			if (ret_fds->fd_count_max > num_raw) {
				if (!(ret_fds->flags & UNIX_FDS_ACCEPT_LESS)) {
					for (idx = 0; idx < num_raw; idx++)
						close(fds_raw[idx]);

					return syserror_set(-EINVAL, "Received fewer file descriptors than we expected %u != %u",
							    ret_fds->fd_count_max, num_raw);
				}

				/*
				 * Make sure any excess entries in the fd array
				 * are set to -EBADF so our cleanup functions
				 * can safely be called.
				 */
				for (idx = num_raw; idx < ret_fds->fd_count_max; idx++)
					ret_fds->fd[idx] = -EBADF;

				ret_fds->flags |= UNIX_FDS_RECEIVED_LESS;
			} else if (ret_fds->fd_count_max < num_raw) {
				if (!(ret_fds->flags & UNIX_FDS_ACCEPT_MORE)) {
					for (idx = 0; idx < num_raw; idx++)
						close(fds_raw[idx]);

					return syserror_set(-EINVAL, "Received more file descriptors than we expected %u != %u",
							    ret_fds->fd_count_max, num_raw);
				}

				/* Make sure we close any excess fds we received. */
				for (idx = ret_fds->fd_count_max; idx < num_raw; idx++)
					close(fds_raw[idx]);

				/* Cap the number of received file descriptors. */
				num_raw = ret_fds->fd_count_max;
				ret_fds->flags |= UNIX_FDS_RECEIVED_MORE;
			} else {
				ret_fds->flags |= UNIX_FDS_RECEIVED_EXACT;
			}

			if (hweight32((ret_fds->flags & ~UNIX_FDS_ACCEPT_MASK)) > 1) {
				for (idx = 0; idx < num_raw; idx++)
					close(fds_raw[idx]);

				return syserror_set(-EINVAL, "Invalid flag combination; closing to not risk leaking fds %u != %u",
						    ret_fds->fd_count_max, num_raw);
			}

			memcpy(ret_fds->fd, CMSG_DATA(cmsg), num_raw * sizeof(int));
			ret_fds->fd_count_ret = num_raw;
			break;
		}
	}

	if (ret_fds->fd_count_ret == 0) {
		ret_fds->flags |= UNIX_FDS_RECEIVED_NONE;

		/* We expected to receive file descriptors. */
		if ((ret_fds->flags & UNIX_FDS_ACCEPT_MASK) &&
		    !(ret_fds->flags & UNIX_FDS_ACCEPT_NONE))
			return syserror_set(-EINVAL, "Received no file descriptors");
	}

	return ret;
}

ssize_t lxc_abstract_unix_recv_fds(int fd, struct unix_fds *ret_fds,
				   void *ret_data, size_t size_ret_data)
{
	char buf[1] = {};
	struct iovec iov = {
		.iov_base	= ret_data ? ret_data : buf,
		.iov_len	= ret_data ? size_ret_data : sizeof(buf),
	};
	ssize_t ret;

	ret = lxc_abstract_unix_recv_fds_iov(fd, ret_fds, &iov, 1);
	if (ret < 0)
		return ret;

	return ret;
}

ssize_t lxc_abstract_unix_recv_one_fd(int fd, int *ret_fd, void *ret_data,
				      size_t size_ret_data)
{
	call_cleaner(put_unix_fds) struct unix_fds *fds = NULL;
	char buf[1] = {};
	struct iovec iov = {
		.iov_base	= ret_data ? ret_data : buf,
		.iov_len	= ret_data ? size_ret_data : sizeof(buf),
	};
	ssize_t ret;

	fds = &(struct unix_fds){
		.fd_count_max = 1,
	};

	ret = lxc_abstract_unix_recv_fds_iov(fd, fds, &iov, 1);
	if (ret < 0)
		return ret;

	if (ret == 0)
		return ret_errno(ENODATA);

	if (fds->fd_count_ret != fds->fd_count_max)
		*ret_fd = -EBADF;
	else
		*ret_fd = move_fd(fds->fd[0]);

	return ret;
}

ssize_t __lxc_abstract_unix_recv_two_fds(int fd, int *fd_first, int *fd_second,
					 void *data, size_t size)
{
	call_cleaner(put_unix_fds) struct unix_fds *fds = NULL;
	char buf[1] = {};
	struct iovec iov = {
	    .iov_base	= data ?: buf,
	    .iov_len	= size ?: sizeof(buf),
	};
	ssize_t ret;

	fds = &(struct unix_fds){
		.fd_count_max = 2,
	};

	ret = lxc_abstract_unix_recv_fds_iov(fd, fds, &iov, 1);
	if (ret < 0)
		return ret;

	if (ret == 0)
		return ret_errno(ENODATA);

	if (fds->fd_count_ret != fds->fd_count_max) {
		*fd_first = -EBADF;
		*fd_second = -EBADF;
	} else {
		*fd_first = move_fd(fds->fd[0]);
		*fd_second = move_fd(fds->fd[1]);
	}

	return 0;
}

int lxc_abstract_unix_send_credential(int fd, void *data, size_t size)
{
	struct msghdr msg = {0};
	struct iovec iov;
	struct cmsghdr *cmsg;
	struct ucred cred = {
		.pid = lxc_raw_getpid(),
		.uid = getuid(),
		.gid = getgid(),
	};
	char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
	char buf[1] = {0};

	msg.msg_control = cmsgbuf;
	msg.msg_controllen = sizeof(cmsgbuf);

	cmsg = CMSG_FIRSTHDR(&msg);
	cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
	cmsg->cmsg_level = SOL_SOCKET;
	cmsg->cmsg_type = SCM_CREDENTIALS;
	memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));

	msg.msg_name = NULL;
	msg.msg_namelen = 0;

	iov.iov_base = data ? data : buf;
	iov.iov_len = data ? size : sizeof(buf);
	msg.msg_iov = &iov;
	msg.msg_iovlen = 1;

	return sendmsg(fd, &msg, MSG_NOSIGNAL);
}

int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size)
{
	struct msghdr msg = {0};
	struct iovec iov;
	struct cmsghdr *cmsg;
	struct ucred cred;
	int ret;
	char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
	char buf[1] = {0};

	msg.msg_name = NULL;
	msg.msg_namelen = 0;
	msg.msg_control = cmsgbuf;
	msg.msg_controllen = sizeof(cmsgbuf);

	iov.iov_base = data ? data : buf;
	iov.iov_len = data ? size : sizeof(buf);
	msg.msg_iov = &iov;
	msg.msg_iovlen = 1;

	ret = recvmsg(fd, &msg, 0);
	if (ret <= 0)
		return ret;

	cmsg = CMSG_FIRSTHDR(&msg);

	if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
	    cmsg->cmsg_level == SOL_SOCKET &&
	    cmsg->cmsg_type == SCM_CREDENTIALS) {
		memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));

		if (cred.uid && (cred.uid != getuid() || cred.gid != getgid()))
			return log_error_errno(-1, EACCES,
					       "Message denied for '%d/%d'",
					       cred.uid, cred.gid);
	}

	return ret;
}

int lxc_unix_sockaddr(struct sockaddr_un *ret, const char *path)
{
	size_t len;

	len = strlen(path);
	if (len == 0)
		return ret_set_errno(-1, EINVAL);
	if (path[0] != '/' && path[0] != '@')
		return ret_set_errno(-1, EINVAL);
	if (path[1] == '\0')
		return ret_set_errno(-1, EINVAL);

	if (len + 1 > sizeof(ret->sun_path))
		return ret_set_errno(-1, EINVAL);

	*ret = (struct sockaddr_un){
	    .sun_family = AF_UNIX,
	};

	if (path[0] == '@') {
		memcpy(ret->sun_path + 1, path + 1, len);
		return (int)(offsetof(struct sockaddr_un, sun_path) + len);
	}

	memcpy(ret->sun_path, path, len + 1);
	return (int)(offsetof(struct sockaddr_un, sun_path) + len + 1);
}

int lxc_unix_connect_type(struct sockaddr_un *addr, int type)
{
	__do_close int fd = -EBADF;
	int ret;
	ssize_t len;

	fd = socket(AF_UNIX, type | SOCK_CLOEXEC, 0);
	if (fd < 0)
		return log_error_errno(-1, errno,
				       "Failed to open new AF_UNIX socket");

	if (addr->sun_path[0] == '\0')
		len = strlen(&addr->sun_path[1]);
	else
		len = strlen(&addr->sun_path[0]);

	ret = connect(fd, (struct sockaddr *)addr,
		      offsetof(struct sockaddr_un, sun_path) + len);
	if (ret < 0)
		return log_error_errno(-1, errno,
				       "Failed to bind new AF_UNIX socket");

	return move_fd(fd);
}

int lxc_unix_connect(struct sockaddr_un *addr)
{
	return lxc_unix_connect_type(addr, SOCK_STREAM);
}

int lxc_socket_set_timeout(int fd, int rcv_timeout, int snd_timeout)
{
	struct timeval out = {0};
	int ret;

	out.tv_sec = snd_timeout;
	ret = setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, (const void *)&out,
			 sizeof(out));
	if (ret < 0)
		return -1;

	out.tv_sec = rcv_timeout;
	ret = setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, (const void *)&out,
			 sizeof(out));
	if (ret < 0)
		return -1;

	return 0;
}
Commit	Line	Data
cc73685d	1	/* SPDX-License-Identifier: LGPL-2.1+ */
d06245b8	2
d38dd64a CB	3	#ifndef _GNU_SOURCE
	4	#define _GNU_SOURCE 1
	5	#endif
94ac256f CB	6	#include <errno.h>
	7	#include <fcntl.h>
	8	#include <stddef.h>
ae467c54 CB	9	#include <stdio.h>
ae467c54 CB	10	#include <stdlib.h>
b0a33c1e	11	#include <string.h>
b0a33c1e	12	#include <unistd.h>
b0a33c1e	13	#include <sys/socket.h>
94ac256f	14	#include <sys/syscall.h>
b0a33c1e	15	#include <sys/un.h>
b0a33c1e	16
59eac805	17	#include "af_unix.h"
d38dd64a	18	#include "config.h"
2dcb28a9	19	#include "log.h"
2fb94e95	20	#include "macro.h"
83c11f1d	21	#include "memory_utils.h"
f40988c7	22	#include "process_utils.h"
0059379f	23	#include "utils.h"
2dcb28a9	24
9de31d5a CB	25	#ifndef HAVE_STRLCPY
	26	#include "include/strlcpy.h"
	27	#endif
	28
ac2cecc4	29	lxc_log_define(af_unix, lxc);
b0a33c1e	30
c62fb5e0	31	static ssize_t lxc_abstract_unix_set_sockaddr(struct sockaddr_un *addr,
2fb94e95	32	const char *path)
b0a33c1e	33	{
ddb17f1f	34	size_t len;
b0a33c1e	35
2fb94e95 CB	36	if (!addr \|\| !path)
2fb94e95 CB	37	return ret_errno(EINVAL);
b0a33c1e	38
aae93dd3	39	/* Clear address structure */
c62fb5e0	40	memset(addr, 0, sizeof(*addr));
b0a33c1e	41
c62fb5e0	42	addr->sun_family = AF_UNIX;
aae93dd3	43
caf3beb0	44	len = strlen(&path[1]);
c62fb5e0	45
caf3beb0	46	/* do not enforce \0-termination */
2fb94e95 CB	47	if (len >= INT_MAX \|\| len >= sizeof(addr->sun_path))
2fb94e95 CB	48	return ret_errno(ENAMETOOLONG);
9de31d5a CB	49
9de31d5a CB	50	/* do not enforce \0-termination */
c62fb5e0	51	memcpy(&addr->sun_path[1], &path[1], len);
	52	return len;
	53	}
	54
	55	int lxc_abstract_unix_open(const char *path, int type, int flags)
	56	{
f62cf1d4	57	__do_close int fd = -EBADF;
2fb94e95	58	int ret;
c62fb5e0	59	ssize_t len;
	60	struct sockaddr_un addr;
	61
ad9429e5	62	fd = socket(PF_UNIX, type \| SOCK_CLOEXEC, 0);
c62fb5e0	63	if (fd < 0)
	64	return -1;
	65
	66	if (!path)
2fb94e95	67	return move_fd(fd);
c62fb5e0	68
c62fb5e0	69	len = lxc_abstract_unix_set_sockaddr(&addr, path);
2fb94e95	70	if (len < 0)
c62fb5e0	71	return -1;
b0a33c1e	72
77b0073a CB	73	ret = bind(fd, (struct sockaddr *)&addr,
77b0073a CB	74	offsetof(struct sockaddr_un, sun_path) + len + 1);
2fb94e95	75	if (ret < 0)
b0a33c1e	76	return -1;
ddb17f1f	77
77b0073a CB	78	if (type == SOCK_STREAM) {
77b0073a CB	79	ret = listen(fd, 100);
2fb94e95	80	if (ret < 0)
77b0073a	81	return -1;
b0a33c1e	82	}
b0a33c1e	83
2fb94e95	84	return move_fd(fd);
b0a33c1e	85	}
b0a33c1e	86
9044b79e	87	void lxc_abstract_unix_close(int fd)
b0a33c1e	88	{
b0a33c1e	89	close(fd);
b0a33c1e	90	}
b0a33c1e	91
aae93dd3	92	int lxc_abstract_unix_connect(const char *path)
b0a33c1e	93	{
f62cf1d4	94	__do_close int fd = -EBADF;
2fb94e95	95	int ret;
c62fb5e0	96	ssize_t len;
b0a33c1e	97	struct sockaddr_un addr;
b0a33c1e	98
ad9429e5	99	fd = socket(PF_UNIX, SOCK_STREAM \| SOCK_CLOEXEC, 0);
b0a33c1e	100	if (fd < 0)
	101	return -1;
	102
c62fb5e0	103	len = lxc_abstract_unix_set_sockaddr(&addr, path);
2fb94e95	104	if (len < 0)
aae93dd3	105	return -1;
9de31d5a	106
77b0073a CB	107	ret = connect(fd, (struct sockaddr *)&addr,
77b0073a CB	108	offsetof(struct sockaddr_un, sun_path) + len + 1);
2fb94e95	109	if (ret < 0)
b0a33c1e	110	return -1;
b0a33c1e	111
2fb94e95	112	return move_fd(fd);
b0a33c1e	113	}
b0a33c1e	114
d17c815d	115	int lxc_abstract_unix_send_fds_iov(int fd, const int *sendfds, int num_sendfds,
780215cf	116	struct iovec *const iov, size_t iovlen)
b0a33c1e	117	{
c3e3c21a CB	118	__do_free char *cmsgbuf = NULL;
c3e3c21a CB	119	int ret;
d17c815d	120	struct msghdr msg = {};
ae467c54	121	struct cmsghdr *cmsg = NULL;
ae467c54 CB	122	size_t cmsgbufsize = CMSG_SPACE(num_sendfds * sizeof(int));
ae467c54 CB	123
95103b60 CB	124	if (num_sendfds <= 0)
	125	return ret_errno(EINVAL);
	126
ae467c54	127	cmsgbuf = malloc(cmsgbufsize);
d17c815d CB	128	if (!cmsgbuf)
d17c815d CB	129	return ret_errno(-ENOMEM);
b0a33c1e	130
604f0955	131	msg.msg_control = cmsgbuf;
ae467c54	132	msg.msg_controllen = cmsgbufsize;
b0a33c1e	133
604f0955	134	cmsg = CMSG_FIRSTHDR(&msg);
604f0955 ÇO	135	cmsg->cmsg_level = SOL_SOCKET;
604f0955 ÇO	136	cmsg->cmsg_type = SCM_RIGHTS;
ae467c54	137	cmsg->cmsg_len = CMSG_LEN(num_sendfds * sizeof(int));
b0a33c1e	138
ae467c54 CB	139	msg.msg_controllen = cmsg->cmsg_len;
	140
	141	memcpy(CMSG_DATA(cmsg), sendfds, num_sendfds * sizeof(int));
b0a33c1e	142
e1726045 WB	143	msg.msg_iov = iov;
e1726045 WB	144	msg.msg_iovlen = iovlen;
b0a33c1e	145
2fb94e95 CB	146	do {
	147	ret = sendmsg(fd, &msg, MSG_NOSIGNAL);
	148	} while (ret < 0 && errno == EINTR);
c3e3c21a CB	149
c3e3c21a CB	150	return ret;
b0a33c1e	151	}
b0a33c1e	152
d17c815d	153	int lxc_abstract_unix_send_fds(int fd, const int *sendfds, int num_sendfds,
e1726045 WB	154	void *data, size_t size)
e1726045 WB	155	{
d17c815d	156	char buf[1] = {};
e1726045	157	struct iovec iov = {
d17c815d CB	158	.iov_base = data ? data : buf,
d17c815d CB	159	.iov_len = data ? size : sizeof(buf),
e1726045	160	};
2fb94e95	161	return lxc_abstract_unix_send_fds_iov(fd, sendfds, num_sendfds, &iov, 1);
e1726045 WB	162	}
e1726045 WB	163
5ed06d3a CB	164	int lxc_unix_send_fds(int fd, int sendfds, int num_sendfds, void data,
	165	size_t size)
	166	{
	167	return lxc_abstract_unix_send_fds(fd, sendfds, num_sendfds, data, size);
	168	}
	169
1b82d721 CB	170	int __lxc_abstract_unix_send_two_fds(int fd, int fd_first, int fd_second,
	171	void *data, size_t size)
	172	{
	173	int fd_send[2] = {
	174	fd_first,
	175	fd_second,
	176	};
	177	return lxc_abstract_unix_send_fds(fd, fd_send, 2, data, size);
	178	}
	179
d17c815d CB	180	static ssize_t lxc_abstract_unix_recv_fds_iov(int fd,
	181	struct unix_fds *ret_fds,
	182	struct iovec *ret_iov,
	183	size_t size_ret_iov)
b0a33c1e	184	{
c3e3c21a	185	__do_free char *cmsgbuf = NULL;
d17c815d CB	186	ssize_t ret;
	187	struct msghdr msg = {};
	188	struct cmsghdr *cmsg = NULL;
cdb2a47f	189	size_t cmsgbufsize = CMSG_SPACE(sizeof(struct ucred)) +
d17c815d	190	CMSG_SPACE(ret_fds->fd_count_max * sizeof(int));
ae467c54	191
780215cf CB	192	if (ret_fds->flags & ~UNIX_FDS_ACCEPT_MASK)
	193	return ret_errno(EINVAL);
	194
	195	if (hweight32((ret_fds->flags & ~UNIX_FDS_ACCEPT_NONE)) > 1)
	196	return ret_errno(EINVAL);
	197
d961ebd9 CB	198	if (ret_fds->fd_count_max >= KERNEL_SCM_MAX_FD)
	199	return ret_errno(EINVAL);
	200
	201	if (ret_fds->fd_count_ret != 0)
	202	return ret_errno(EINVAL);
	203
d17c815d	204	cmsgbuf = zalloc(cmsgbufsize);
2fb94e95 CB	205	if (!cmsgbuf)
2fb94e95 CB	206	return ret_errno(ENOMEM);
b0a33c1e	207
d17c815d CB	208	msg.msg_control = cmsgbuf;
d17c815d CB	209	msg.msg_controllen = cmsgbufsize;
b0a33c1e	210
d17c815d CB	211	msg.msg_iov = ret_iov;
d17c815d CB	212	msg.msg_iovlen = size_ret_iov;
b0a33c1e	213
d17c815d CB	214	again:
	215	ret = recvmsg(fd, &msg, MSG_CMSG_CLOEXEC);
	216	if (ret < 0) {
	217	if (errno == EINTR)
	218	goto again;
b0a33c1e	219
2d7b0895	220	return syserror("Failed to receive response");
d17c815d CB	221	}
	222	if (ret == 0)
	223	return 0;
	224
	225	/* If SO_PASSCRED is set we will always get a ucred message. */
	226	for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
	227	if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
	228	__u32 idx;
8af9b5da	229	/*
780215cf	230	* This causes some compilers to complain about
8af9b5da CB	231	* increased alignment requirements but I haven't found
	232	* a better way to deal with this yet. Suggestions
	233	* welcome!
	234	*/
d17c815d CB	235	#pragma GCC diagnostic push
	236	#pragma GCC diagnostic ignored "-Wcast-align"
	237	int fds_raw = (int )CMSG_DATA(cmsg);
	238	#pragma GCC diagnostic pop
	239	__u32 num_raw = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
	240
	241	/*
	242	* We received an insane amount of file descriptors
	243	* which exceeds the kernel limit we know about so
	244	* close them and return an error.
	245	*/
92fea74b	246	if (num_raw >= KERNEL_SCM_MAX_FD) {
d17c815d CB	247	for (idx = 0; idx < num_raw; idx++)
	248	close(fds_raw[idx]);
	249
060aaa39	250	return syserror_set(-EFBIG, "Received excessive number of file descriptors");
d17c815d CB	251	}
d17c815d CB	252
780215cf CB	253	if (msg.msg_flags & MSG_CTRUNC) {
	254	for (idx = 0; idx < num_raw; idx++)
	255	close(fds_raw[idx]);
	256
060aaa39	257	return syserror_set(-EFBIG, "Control message was truncated; closing all fds and rejecting incomplete message");
780215cf CB	258	}
780215cf CB	259
d17c815d	260	if (ret_fds->fd_count_max > num_raw) {
780215cf CB	261	if (!(ret_fds->flags & UNIX_FDS_ACCEPT_LESS)) {
	262	for (idx = 0; idx < num_raw; idx++)
	263	close(fds_raw[idx]);
	264
060aaa39	265	return syserror_set(-EINVAL, "Received fewer file descriptors than we expected %u != %u",
780215cf CB	266	ret_fds->fd_count_max, num_raw);
	267	}
	268
d17c815d CB	269	/*
	270	* Make sure any excess entries in the fd array
	271	* are set to -EBADF so our cleanup functions
	272	* can safely be called.
	273	*/
	274	for (idx = num_raw; idx < ret_fds->fd_count_max; idx++)
	275	ret_fds->fd[idx] = -EBADF;
	276
780215cf	277	ret_fds->flags \|= UNIX_FDS_RECEIVED_LESS;
d17c815d	278	} else if (ret_fds->fd_count_max < num_raw) {
780215cf CB	279	if (!(ret_fds->flags & UNIX_FDS_ACCEPT_MORE)) {
	280	for (idx = 0; idx < num_raw; idx++)
	281	close(fds_raw[idx]);
	282
060aaa39	283	return syserror_set(-EINVAL, "Received more file descriptors than we expected %u != %u",
780215cf CB	284	ret_fds->fd_count_max, num_raw);
	285	}
	286
d17c815d CB	287	/* Make sure we close any excess fds we received. */
	288	for (idx = ret_fds->fd_count_max; idx < num_raw; idx++)
	289	close(fds_raw[idx]);
	290
d17c815d CB	291	/* Cap the number of received file descriptors. */
d17c815d CB	292	num_raw = ret_fds->fd_count_max;
780215cf CB	293	ret_fds->flags \|= UNIX_FDS_RECEIVED_MORE;
	294	} else {
	295	ret_fds->flags \|= UNIX_FDS_RECEIVED_EXACT;
	296	}
	297
	298	if (hweight32((ret_fds->flags & ~UNIX_FDS_ACCEPT_MASK)) > 1) {
	299	for (idx = 0; idx < num_raw; idx++)
	300	close(fds_raw[idx]);
	301
060aaa39	302	return syserror_set(-EINVAL, "Invalid flag combination; closing to not risk leaking fds %u != %u",
780215cf	303	ret_fds->fd_count_max, num_raw);
d17c815d CB	304	}
	305
	306	memcpy(ret_fds->fd, CMSG_DATA(cmsg), num_raw * sizeof(int));
	307	ret_fds->fd_count_ret = num_raw;
	308	break;
	309	}
cdb2a47f	310	}
ae467c54	311
780215cf CB	312	if (ret_fds->fd_count_ret == 0) {
	313	ret_fds->flags \|= UNIX_FDS_RECEIVED_NONE;
	314
	315	/* We expected to receive file descriptors. */
	316	if ((ret_fds->flags & UNIX_FDS_ACCEPT_MASK) &&
	317	!(ret_fds->flags & UNIX_FDS_ACCEPT_NONE))
060aaa39	318	return syserror_set(-EINVAL, "Received no file descriptors");
780215cf CB	319	}
780215cf CB	320
604f0955	321	return ret;
b0a33c1e	322	}
b0a33c1e	323
d17c815d CB	324	ssize_t lxc_abstract_unix_recv_fds(int fd, struct unix_fds *ret_fds,
d17c815d CB	325	void *ret_data, size_t size_ret_data)
dc85e31e	326	{
d17c815d CB	327	char buf[1] = {};
	328	struct iovec iov = {
	329	.iov_base = ret_data ? ret_data : buf,
	330	.iov_len = ret_data ? size_ret_data : sizeof(buf),
	331	};
	332	ssize_t ret;
	333
	334	ret = lxc_abstract_unix_recv_fds_iov(fd, ret_fds, &iov, 1);
	335	if (ret < 0)
	336	return ret;
	337
	338	return ret;
	339	}
	340
	341	ssize_t lxc_abstract_unix_recv_one_fd(int fd, int ret_fd, void ret_data,
	342	size_t size_ret_data)
	343	{
	344	call_cleaner(put_unix_fds) struct unix_fds *fds = NULL;
	345	char buf[1] = {};
	346	struct iovec iov = {
	347	.iov_base = ret_data ? ret_data : buf,
	348	.iov_len = ret_data ? size_ret_data : sizeof(buf),
	349	};
	350	ssize_t ret;
	351
	352	fds = &(struct unix_fds){
	353	.fd_count_max = 1,
	354	};
	355
	356	ret = lxc_abstract_unix_recv_fds_iov(fd, fds, &iov, 1);
	357	if (ret < 0)
	358	return ret;
	359
	360	if (ret == 0)
	361	return ret_errno(ENODATA);
	362
	363	if (fds->fd_count_ret != fds->fd_count_max)
	364	*ret_fd = -EBADF;
	365	else
	366	*ret_fd = move_fd(fds->fd[0]);
	367
	368	return ret;
	369	}
	370
1b82d721 CB	371	ssize_t __lxc_abstract_unix_recv_two_fds(int fd, int fd_first, int fd_second,
1b82d721 CB	372	void *data, size_t size)
d17c815d CB	373	{
	374	call_cleaner(put_unix_fds) struct unix_fds *fds = NULL;
	375	char buf[1] = {};
dc85e31e	376	struct iovec iov = {
1b82d721 CB	377	.iov_base = data ?: buf,
1b82d721 CB	378	.iov_len = size ?: sizeof(buf),
dc85e31e	379	};
d17c815d CB	380	ssize_t ret;
	381
	382	fds = &(struct unix_fds){
	383	.fd_count_max = 2,
	384	};
	385
	386	ret = lxc_abstract_unix_recv_fds_iov(fd, fds, &iov, 1);
	387	if (ret < 0)
	388	return ret;
	389
	390	if (ret == 0)
	391	return ret_errno(ENODATA);
	392
	393	if (fds->fd_count_ret != fds->fd_count_max) {
1b82d721 CB	394	*fd_first = -EBADF;
1b82d721 CB	395	*fd_second = -EBADF;
d17c815d	396	} else {
1b82d721 CB	397	*fd_first = move_fd(fds->fd[0]);
1b82d721 CB	398	*fd_second = move_fd(fds->fd[1]);
d17c815d CB	399	}
	400
	401	return 0;
dc85e31e CB	402	}
dc85e31e CB	403
aae93dd3	404	int lxc_abstract_unix_send_credential(int fd, void *data, size_t size)
b0a33c1e	405	{
77b0073a	406	struct msghdr msg = {0};
604f0955 ÇO	407	struct iovec iov;
604f0955 ÇO	408	struct cmsghdr *cmsg;
b0a33c1e	409	struct ucred cred = {
2fb94e95 CB	410	.pid = lxc_raw_getpid(),
	411	.uid = getuid(),
	412	.gid = getgid(),
b0a33c1e	413	};
caf3beb0 CB	414	char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
caf3beb0 CB	415	char buf[1] = {0};
b0a33c1e	416
604f0955 ÇO	417	msg.msg_control = cmsgbuf;
604f0955 ÇO	418	msg.msg_controllen = sizeof(cmsgbuf);
b0a33c1e	419
604f0955 ÇO	420	cmsg = CMSG_FIRSTHDR(&msg);
	421	cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
	422	cmsg->cmsg_level = SOL_SOCKET;
	423	cmsg->cmsg_type = SCM_CREDENTIALS;
0e391e57	424	memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));
b0a33c1e	425
604f0955 ÇO	426	msg.msg_name = NULL;
604f0955 ÇO	427	msg.msg_namelen = 0;
b0a33c1e	428
604f0955 ÇO	429	iov.iov_base = data ? data : buf;
	430	iov.iov_len = data ? size : sizeof(buf);
	431	msg.msg_iov = &iov;
	432	msg.msg_iovlen = 1;
b0a33c1e	433
6168ff15	434	return sendmsg(fd, &msg, MSG_NOSIGNAL);
b0a33c1e	435	}
b0a33c1e	436
aae93dd3	437	int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size)
b0a33c1e	438	{
77b0073a	439	struct msghdr msg = {0};
604f0955 ÇO	440	struct iovec iov;
604f0955 ÇO	441	struct cmsghdr *cmsg;
b0a33c1e	442	struct ucred cred;
b0a33c1e	443	int ret;
caf3beb0 CB	444	char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
caf3beb0 CB	445	char buf[1] = {0};
b0a33c1e	446
604f0955 ÇO	447	msg.msg_name = NULL;
	448	msg.msg_namelen = 0;
	449	msg.msg_control = cmsgbuf;
	450	msg.msg_controllen = sizeof(cmsgbuf);
b0a33c1e	451
604f0955 ÇO	452	iov.iov_base = data ? data : buf;
	453	iov.iov_len = data ? size : sizeof(buf);
	454	msg.msg_iov = &iov;
	455	msg.msg_iovlen = 1;
b0a33c1e	456
	457	ret = recvmsg(fd, &msg, 0);
	458	if (ret <= 0)
2fb94e95	459	return ret;
b0a33c1e	460
604f0955	461	cmsg = CMSG_FIRSTHDR(&msg);
b0a33c1e	462
604f0955	463	if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
77b0073a CB	464	cmsg->cmsg_level == SOL_SOCKET &&
77b0073a CB	465	cmsg->cmsg_type == SCM_CREDENTIALS) {
0e391e57	466	memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));
2fb94e95 CB	467
	468	if (cred.uid && (cred.uid != getuid() \|\| cred.gid != getgid()))
	469	return log_error_errno(-1, EACCES,
	470	"Message denied for '%d/%d'",
	471	cred.uid, cred.gid);
604f0955	472	}
9044b79e	473
604f0955	474	return ret;
b0a33c1e	475	}
86ce1da1 CB	476
	477	int lxc_unix_sockaddr(struct sockaddr_un ret, const char path)
	478	{
	479	size_t len;
	480
	481	len = strlen(path);
	482	if (len == 0)
db1b8b0f	483	return ret_set_errno(-1, EINVAL);
86ce1da1	484	if (path[0] != '/' && path[0] != '@')
db1b8b0f	485	return ret_set_errno(-1, EINVAL);
86ce1da1	486	if (path[1] == '\0')
db1b8b0f	487	return ret_set_errno(-1, EINVAL);
86ce1da1 CB	488
86ce1da1 CB	489	if (len + 1 > sizeof(ret->sun_path))
db1b8b0f	490	return ret_set_errno(-1, EINVAL);
86ce1da1 CB	491
	492	*ret = (struct sockaddr_un){
	493	.sun_family = AF_UNIX,
	494	};
	495
	496	if (path[0] == '@') {
	497	memcpy(ret->sun_path + 1, path + 1, len);
	498	return (int)(offsetof(struct sockaddr_un, sun_path) + len);
	499	}
	500
	501	memcpy(ret->sun_path, path, len + 1);
	502	return (int)(offsetof(struct sockaddr_un, sun_path) + len + 1);
	503	}
	504
970ef13d	505	int lxc_unix_connect_type(struct sockaddr_un *addr, int type)
86ce1da1	506	{
f62cf1d4	507	__do_close int fd = -EBADF;
86ce1da1 CB	508	int ret;
	509	ssize_t len;
	510
970ef13d	511	fd = socket(AF_UNIX, type \| SOCK_CLOEXEC, 0);
2fb94e95 CB	512	if (fd < 0)
	513	return log_error_errno(-1, errno,
	514	"Failed to open new AF_UNIX socket");
86ce1da1 CB	515
	516	if (addr->sun_path[0] == '\0')
	517	len = strlen(&addr->sun_path[1]);
	518	else
	519	len = strlen(&addr->sun_path[0]);
2ac0f627 CB	520
	521	ret = connect(fd, (struct sockaddr *)addr,
	522	offsetof(struct sockaddr_un, sun_path) + len);
2fb94e95 CB	523	if (ret < 0)
	524	return log_error_errno(-1, errno,
	525	"Failed to bind new AF_UNIX socket");
86ce1da1 CB	526
	527	return move_fd(fd);
	528	}
	529
59eac805	530	int lxc_unix_connect(struct sockaddr_un *addr)
970ef13d WB	531	{
	532	return lxc_unix_connect_type(addr, SOCK_STREAM);
	533	}
	534
86ce1da1 CB	535	int lxc_socket_set_timeout(int fd, int rcv_timeout, int snd_timeout)
	536	{
	537	struct timeval out = {0};
	538	int ret;
	539
	540	out.tv_sec = snd_timeout;
	541	ret = setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, (const void *)&out,
	542	sizeof(out));
	543	if (ret < 0)
	544	return -1;
	545
	546	out.tv_sec = rcv_timeout;
	547	ret = setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, (const void *)&out,
	548	sizeof(out));
	549	if (ret < 0)
	550	return -1;
	551
	552	return 0;
	553	}