]>
Commit | Line | Data |
---|---|---|
b0a33c1e | 1 | /* |
2 | * lxc: linux Container library | |
3 | * | |
4 | * (C) Copyright IBM Corp. 2007, 2008 | |
5 | * | |
6 | * Authors: | |
7 | * Daniel Lezcano <dlezcano at fr.ibm.com> | |
8 | * | |
9 | * This library is free software; you can redistribute it and/or | |
10 | * modify it under the terms of the GNU Lesser General Public | |
11 | * License as published by the Free Software Foundation; either | |
12 | * version 2.1 of the License, or (at your option) any later version. | |
13 | * | |
14 | * This library is distributed in the hope that it will be useful, | |
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
17 | * Lesser General Public License for more details. | |
18 | * | |
19 | * You should have received a copy of the GNU Lesser General Public | |
20 | * License along with this library; if not, write to the Free Software | |
21 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
22 | */ | |
23 | #include <string.h> | |
24 | #include <unistd.h> | |
25 | #include <fcntl.h> | |
2dcb28a9 | 26 | #include <errno.h> |
b0a33c1e | 27 | #define __USE_GNU |
28 | #include <sys/socket.h> | |
29 | #undef __USE_GNU | |
30 | #include <sys/un.h> | |
31 | ||
2dcb28a9 MN |
32 | #include "log.h" |
33 | ||
34 | lxc_log_define(lxc_af_unix, lxc); | |
b0a33c1e | 35 | |
36 | int lxc_af_unix_open(const char *path, int type, int flags) | |
37 | { | |
38 | int fd; | |
39 | struct sockaddr_un addr; | |
40 | ||
41 | if (flags & O_TRUNC) | |
42 | unlink(path); | |
43 | ||
44 | fd = socket(PF_UNIX, type, 0); | |
45 | if (fd < 0) | |
46 | return -1; | |
47 | ||
48 | memset(&addr, 0, sizeof(addr)); | |
49 | ||
50 | if (!path) | |
51 | return fd; | |
52 | ||
53 | addr.sun_family = AF_UNIX; | |
54 | /* copy entire buffer in case of abstract socket */ | |
55 | memcpy(addr.sun_path, path, | |
56 | path[0]?strlen(path):sizeof(addr.sun_path)); | |
57 | ||
58 | if (bind(fd, (struct sockaddr *)&addr, sizeof(addr))) { | |
59 | close(fd); | |
60 | return -1; | |
61 | } | |
62 | ||
31c53c2e | 63 | if (type == SOCK_STREAM && listen(fd, 100)) { |
b0a33c1e | 64 | close(fd); |
65 | return -1; | |
66 | } | |
67 | ||
68 | return fd; | |
69 | } | |
70 | ||
71 | int lxc_af_unix_close(int fd) | |
72 | { | |
73 | struct sockaddr_un addr; | |
74 | socklen_t addrlen; | |
75 | ||
76 | if (!getsockname(fd, (struct sockaddr *)&addr, &addrlen) && | |
77 | addr.sun_path[0]) | |
78 | unlink(addr.sun_path); | |
79 | ||
80 | close(fd); | |
81 | ||
82 | return 0; | |
83 | } | |
84 | ||
85 | int lxc_af_unix_connect(const char *path) | |
86 | { | |
87 | int fd; | |
88 | struct sockaddr_un addr; | |
89 | ||
90 | fd = socket(PF_UNIX, SOCK_STREAM, 0); | |
91 | if (fd < 0) | |
92 | return -1; | |
93 | ||
94 | memset(&addr, 0, sizeof(addr)); | |
95 | ||
96 | addr.sun_family = AF_UNIX; | |
97 | /* copy entire buffer in case of abstract socket */ | |
98 | memcpy(addr.sun_path, path, | |
99 | path[0]?strlen(path):sizeof(addr.sun_path)); | |
100 | ||
101 | if (connect(fd, (struct sockaddr *)&addr, sizeof(addr))) { | |
102 | close(fd); | |
103 | return -1; | |
104 | } | |
105 | ||
106 | return fd; | |
107 | } | |
108 | ||
109 | int lxc_af_unix_send_fd(int fd, int sendfd, void *data, size_t size) | |
110 | { | |
111 | struct msghdr msg = { 0 }; | |
112 | struct iovec iov; | |
113 | struct cmsghdr *cmsg; | |
114 | char cmsgbuf[CMSG_SPACE(sizeof(int))]; | |
115 | char buf[1]; | |
116 | ||
117 | msg.msg_control = cmsgbuf; | |
118 | msg.msg_controllen = sizeof(cmsgbuf); | |
119 | ||
120 | cmsg = CMSG_FIRSTHDR(&msg); | |
121 | cmsg->cmsg_len = CMSG_LEN(sizeof(int)); | |
122 | cmsg->cmsg_level = SOL_SOCKET; | |
123 | cmsg->cmsg_type = SCM_RIGHTS; | |
124 | *((int *) CMSG_DATA(cmsg)) = sendfd; | |
125 | msg.msg_controllen = cmsg->cmsg_len; | |
126 | ||
127 | msg.msg_name = NULL; | |
128 | msg.msg_namelen = 0; | |
129 | ||
130 | iov.iov_base = data ? data : buf; | |
131 | iov.iov_len = data ? size : sizeof(buf); | |
132 | msg.msg_iov = &iov; | |
133 | msg.msg_iovlen = 1; | |
134 | ||
135 | return sendmsg(fd, &msg, 0); | |
136 | } | |
137 | ||
138 | int lxc_af_unix_recv_fd(int fd, int *recvfd, void *data, size_t size) | |
139 | { | |
140 | struct msghdr msg = { 0 }; | |
141 | struct iovec iov; | |
142 | struct cmsghdr *cmsg; | |
143 | char cmsgbuf[CMSG_SPACE(sizeof(int))]; | |
144 | char buf[1]; | |
145 | int ret; | |
146 | ||
147 | msg.msg_name = NULL; | |
148 | msg.msg_namelen = 0; | |
149 | msg.msg_control = cmsgbuf; | |
150 | msg.msg_controllen = sizeof(cmsgbuf); | |
151 | ||
152 | iov.iov_base = data ? data : buf; | |
153 | iov.iov_len = data ? size : sizeof(buf); | |
154 | msg.msg_iov = &iov; | |
155 | msg.msg_iovlen = 1; | |
156 | ||
157 | ret = recvmsg(fd, &msg, 0); | |
158 | if (ret <= 0) | |
159 | goto out; | |
160 | ||
161 | cmsg = CMSG_FIRSTHDR(&msg); | |
162 | ||
163 | /* if the message is wrong the variable will not be | |
164 | * filled and the peer will notified about a problem */ | |
165 | *recvfd = -1; | |
166 | ||
167 | if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(int)) && | |
168 | cmsg->cmsg_level == SOL_SOCKET && | |
169 | cmsg->cmsg_type == SCM_RIGHTS) { | |
170 | *recvfd = *((int *) CMSG_DATA(cmsg)); | |
171 | } | |
172 | out: | |
173 | return ret; | |
174 | } | |
175 | ||
176 | int lxc_af_unix_send_credential(int fd, void *data, size_t size) | |
177 | { | |
178 | struct msghdr msg = { 0 }; | |
179 | struct iovec iov; | |
180 | struct cmsghdr *cmsg; | |
181 | struct ucred cred = { | |
182 | .pid = getpid(), | |
183 | .uid = getuid(), | |
184 | .gid = getgid(), | |
185 | }; | |
186 | char cmsgbuf[CMSG_SPACE(sizeof(cred))]; | |
187 | char buf[1]; | |
188 | ||
189 | msg.msg_control = cmsgbuf; | |
190 | msg.msg_controllen = sizeof(cmsgbuf); | |
191 | ||
192 | cmsg = CMSG_FIRSTHDR(&msg); | |
193 | cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred)); | |
194 | cmsg->cmsg_level = SOL_SOCKET; | |
195 | cmsg->cmsg_type = SCM_CREDENTIALS; | |
196 | *((struct ucred *) CMSG_DATA(cmsg)) = cred; | |
197 | msg.msg_controllen = cmsg->cmsg_len; | |
198 | ||
199 | msg.msg_name = NULL; | |
200 | msg.msg_namelen = 0; | |
201 | ||
202 | iov.iov_base = data ? data : buf; | |
203 | iov.iov_len = data ? size : sizeof(buf); | |
204 | msg.msg_iov = &iov; | |
205 | msg.msg_iovlen = 1; | |
206 | ||
207 | return sendmsg(fd, &msg, 0); | |
208 | } | |
209 | ||
210 | int lxc_af_unix_rcv_credential(int fd, void *data, size_t size) | |
211 | { | |
212 | struct msghdr msg = { 0 }; | |
213 | struct iovec iov; | |
214 | struct cmsghdr *cmsg; | |
215 | struct ucred cred; | |
216 | char cmsgbuf[CMSG_SPACE(sizeof(cred))]; | |
217 | char buf[1]; | |
218 | int ret; | |
219 | ||
220 | msg.msg_name = NULL; | |
221 | msg.msg_namelen = 0; | |
222 | msg.msg_control = cmsgbuf; | |
223 | msg.msg_controllen = sizeof(cmsgbuf); | |
224 | ||
225 | iov.iov_base = data ? data : buf; | |
226 | iov.iov_len = data ? size : sizeof(buf); | |
227 | msg.msg_iov = &iov; | |
228 | msg.msg_iovlen = 1; | |
229 | ||
230 | ret = recvmsg(fd, &msg, 0); | |
231 | if (ret <= 0) | |
232 | goto out; | |
233 | ||
234 | cmsg = CMSG_FIRSTHDR(&msg); | |
235 | ||
b0a33c1e | 236 | if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) && |
237 | cmsg->cmsg_level == SOL_SOCKET && | |
238 | cmsg->cmsg_type == SCM_CREDENTIALS) { | |
239 | cred = *((struct ucred *) CMSG_DATA(cmsg)); | |
d8cc9804 | 240 | if (cred.uid && (cred.uid != getuid() || cred.gid != getgid())) { |
2dcb28a9 | 241 | INFO("message denied for '%d/%d'", cred.uid, cred.gid); |
d8cc9804 | 242 | return -EACCES; |
2dcb28a9 | 243 | } |
b0a33c1e | 244 | } |
245 | out: | |
246 | return ret; | |
247 | } |