]>
Commit | Line | Data |
---|---|---|
b0a33c1e | 1 | /* |
2 | * lxc: linux Container library | |
3 | * | |
4 | * (C) Copyright IBM Corp. 2007, 2008 | |
5 | * | |
6 | * Authors: | |
9afe19d6 | 7 | * Daniel Lezcano <daniel.lezcano at free.fr> |
b0a33c1e | 8 | * |
9 | * This library is free software; you can redistribute it and/or | |
10 | * modify it under the terms of the GNU Lesser General Public | |
11 | * License as published by the Free Software Foundation; either | |
12 | * version 2.1 of the License, or (at your option) any later version. | |
13 | * | |
14 | * This library is distributed in the hope that it will be useful, | |
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
17 | * Lesser General Public License for more details. | |
18 | * | |
19 | * You should have received a copy of the GNU Lesser General Public | |
20 | * License along with this library; if not, write to the Free Software | |
21 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
22 | */ | |
23 | #include <string.h> | |
24 | #include <unistd.h> | |
25 | #include <fcntl.h> | |
2dcb28a9 | 26 | #include <errno.h> |
b0a33c1e | 27 | #define __USE_GNU |
28 | #include <sys/socket.h> | |
29 | #undef __USE_GNU | |
30 | #include <sys/un.h> | |
31 | ||
2dcb28a9 MN |
32 | #include "log.h" |
33 | ||
34 | lxc_log_define(lxc_af_unix, lxc); | |
b0a33c1e | 35 | |
36 | int lxc_af_unix_open(const char *path, int type, int flags) | |
37 | { | |
38 | int fd; | |
39 | struct sockaddr_un addr; | |
40 | ||
41 | if (flags & O_TRUNC) | |
42 | unlink(path); | |
43 | ||
44 | fd = socket(PF_UNIX, type, 0); | |
45 | if (fd < 0) | |
46 | return -1; | |
47 | ||
48 | memset(&addr, 0, sizeof(addr)); | |
49 | ||
50 | if (!path) | |
51 | return fd; | |
52 | ||
53 | addr.sun_family = AF_UNIX; | |
54 | /* copy entire buffer in case of abstract socket */ | |
f79d43bb | 55 | memcpy(addr.sun_path, path, |
b0a33c1e | 56 | path[0]?strlen(path):sizeof(addr.sun_path)); |
57 | ||
58 | if (bind(fd, (struct sockaddr *)&addr, sizeof(addr))) { | |
dba104c8 | 59 | int tmp = errno; |
b0a33c1e | 60 | close(fd); |
dba104c8 | 61 | errno = tmp; |
b0a33c1e | 62 | return -1; |
63 | } | |
64 | ||
31c53c2e | 65 | if (type == SOCK_STREAM && listen(fd, 100)) { |
dba104c8 | 66 | int tmp = errno; |
b0a33c1e | 67 | close(fd); |
dba104c8 | 68 | errno = tmp; |
b0a33c1e | 69 | return -1; |
70 | } | |
71 | ||
72 | return fd; | |
73 | } | |
74 | ||
75 | int lxc_af_unix_close(int fd) | |
76 | { | |
77 | struct sockaddr_un addr; | |
78 | socklen_t addrlen; | |
79 | ||
f79d43bb | 80 | if (!getsockname(fd, (struct sockaddr *)&addr, &addrlen) && |
b0a33c1e | 81 | addr.sun_path[0]) |
82 | unlink(addr.sun_path); | |
83 | ||
84 | close(fd); | |
85 | ||
86 | return 0; | |
87 | } | |
88 | ||
89 | int lxc_af_unix_connect(const char *path) | |
90 | { | |
91 | int fd; | |
92 | struct sockaddr_un addr; | |
93 | ||
94 | fd = socket(PF_UNIX, SOCK_STREAM, 0); | |
95 | if (fd < 0) | |
96 | return -1; | |
97 | ||
98 | memset(&addr, 0, sizeof(addr)); | |
99 | ||
100 | addr.sun_family = AF_UNIX; | |
101 | /* copy entire buffer in case of abstract socket */ | |
f79d43bb | 102 | memcpy(addr.sun_path, path, |
b0a33c1e | 103 | path[0]?strlen(path):sizeof(addr.sun_path)); |
104 | ||
105 | if (connect(fd, (struct sockaddr *)&addr, sizeof(addr))) { | |
dba104c8 | 106 | int tmp = errno; |
b0a33c1e | 107 | close(fd); |
dba104c8 | 108 | errno = tmp; |
b0a33c1e | 109 | return -1; |
110 | } | |
111 | ||
112 | return fd; | |
113 | } | |
114 | ||
115 | int lxc_af_unix_send_fd(int fd, int sendfd, void *data, size_t size) | |
116 | { | |
117 | struct msghdr msg = { 0 }; | |
118 | struct iovec iov; | |
119 | struct cmsghdr *cmsg; | |
120 | char cmsgbuf[CMSG_SPACE(sizeof(int))]; | |
121 | char buf[1]; | |
0e391e57 | 122 | int *val; |
b0a33c1e | 123 | |
124 | msg.msg_control = cmsgbuf; | |
125 | msg.msg_controllen = sizeof(cmsgbuf); | |
126 | ||
127 | cmsg = CMSG_FIRSTHDR(&msg); | |
128 | cmsg->cmsg_len = CMSG_LEN(sizeof(int)); | |
129 | cmsg->cmsg_level = SOL_SOCKET; | |
130 | cmsg->cmsg_type = SCM_RIGHTS; | |
0e391e57 DL |
131 | val = (int *)(CMSG_DATA(cmsg)); |
132 | *val = sendfd; | |
b0a33c1e | 133 | |
134 | msg.msg_name = NULL; | |
135 | msg.msg_namelen = 0; | |
136 | ||
137 | iov.iov_base = data ? data : buf; | |
138 | iov.iov_len = data ? size : sizeof(buf); | |
139 | msg.msg_iov = &iov; | |
140 | msg.msg_iovlen = 1; | |
141 | ||
142 | return sendmsg(fd, &msg, 0); | |
143 | } | |
144 | ||
145 | int lxc_af_unix_recv_fd(int fd, int *recvfd, void *data, size_t size) | |
146 | { | |
147 | struct msghdr msg = { 0 }; | |
148 | struct iovec iov; | |
149 | struct cmsghdr *cmsg; | |
150 | char cmsgbuf[CMSG_SPACE(sizeof(int))]; | |
151 | char buf[1]; | |
0e391e57 | 152 | int ret, *val; |
b0a33c1e | 153 | |
154 | msg.msg_name = NULL; | |
155 | msg.msg_namelen = 0; | |
156 | msg.msg_control = cmsgbuf; | |
157 | msg.msg_controllen = sizeof(cmsgbuf); | |
158 | ||
159 | iov.iov_base = data ? data : buf; | |
160 | iov.iov_len = data ? size : sizeof(buf); | |
161 | msg.msg_iov = &iov; | |
162 | msg.msg_iovlen = 1; | |
163 | ||
164 | ret = recvmsg(fd, &msg, 0); | |
165 | if (ret <= 0) | |
166 | goto out; | |
167 | ||
168 | cmsg = CMSG_FIRSTHDR(&msg); | |
169 | ||
f79d43bb | 170 | /* if the message is wrong the variable will not be |
b0a33c1e | 171 | * filled and the peer will notified about a problem */ |
172 | *recvfd = -1; | |
173 | ||
174 | if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(int)) && | |
175 | cmsg->cmsg_level == SOL_SOCKET && | |
176 | cmsg->cmsg_type == SCM_RIGHTS) { | |
0e391e57 DL |
177 | val = (int *) CMSG_DATA(cmsg); |
178 | *recvfd = *val; | |
b0a33c1e | 179 | } |
180 | out: | |
181 | return ret; | |
182 | } | |
183 | ||
184 | int lxc_af_unix_send_credential(int fd, void *data, size_t size) | |
185 | { | |
186 | struct msghdr msg = { 0 }; | |
187 | struct iovec iov; | |
188 | struct cmsghdr *cmsg; | |
189 | struct ucred cred = { | |
190 | .pid = getpid(), | |
191 | .uid = getuid(), | |
192 | .gid = getgid(), | |
193 | }; | |
194 | char cmsgbuf[CMSG_SPACE(sizeof(cred))]; | |
195 | char buf[1]; | |
196 | ||
197 | msg.msg_control = cmsgbuf; | |
198 | msg.msg_controllen = sizeof(cmsgbuf); | |
199 | ||
200 | cmsg = CMSG_FIRSTHDR(&msg); | |
201 | cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred)); | |
202 | cmsg->cmsg_level = SOL_SOCKET; | |
203 | cmsg->cmsg_type = SCM_CREDENTIALS; | |
0e391e57 | 204 | memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred)); |
b0a33c1e | 205 | |
206 | msg.msg_name = NULL; | |
207 | msg.msg_namelen = 0; | |
208 | ||
209 | iov.iov_base = data ? data : buf; | |
210 | iov.iov_len = data ? size : sizeof(buf); | |
211 | msg.msg_iov = &iov; | |
212 | msg.msg_iovlen = 1; | |
213 | ||
214 | return sendmsg(fd, &msg, 0); | |
215 | } | |
216 | ||
217 | int lxc_af_unix_rcv_credential(int fd, void *data, size_t size) | |
218 | { | |
219 | struct msghdr msg = { 0 }; | |
220 | struct iovec iov; | |
221 | struct cmsghdr *cmsg; | |
222 | struct ucred cred; | |
223 | char cmsgbuf[CMSG_SPACE(sizeof(cred))]; | |
224 | char buf[1]; | |
225 | int ret; | |
226 | ||
227 | msg.msg_name = NULL; | |
228 | msg.msg_namelen = 0; | |
229 | msg.msg_control = cmsgbuf; | |
230 | msg.msg_controllen = sizeof(cmsgbuf); | |
231 | ||
232 | iov.iov_base = data ? data : buf; | |
233 | iov.iov_len = data ? size : sizeof(buf); | |
234 | msg.msg_iov = &iov; | |
235 | msg.msg_iovlen = 1; | |
236 | ||
237 | ret = recvmsg(fd, &msg, 0); | |
238 | if (ret <= 0) | |
239 | goto out; | |
240 | ||
241 | cmsg = CMSG_FIRSTHDR(&msg); | |
242 | ||
b0a33c1e | 243 | if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) && |
244 | cmsg->cmsg_level == SOL_SOCKET && | |
245 | cmsg->cmsg_type == SCM_CREDENTIALS) { | |
0e391e57 | 246 | memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred)); |
d8cc9804 | 247 | if (cred.uid && (cred.uid != getuid() || cred.gid != getgid())) { |
2dcb28a9 | 248 | INFO("message denied for '%d/%d'", cred.uid, cred.gid); |
d8cc9804 | 249 | return -EACCES; |
2dcb28a9 | 250 | } |
b0a33c1e | 251 | } |
252 | out: | |
253 | return ret; | |
254 | } |