[mirror_lxc.git] / src / lxc / af_unix.c

/*
 * lxc: linux Container library
 *
 * (C) Copyright IBM Corp. 2007, 2008
 *
 * Authors:
 * Daniel Lezcano <daniel.lezcano at free.fr>
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 */
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
#define __USE_GNU
#include <sys/socket.h>
#undef __USE_GNU
#include <sys/un.h>

#include "log.h"

lxc_log_define(lxc_af_unix, lxc);

int lxc_af_unix_open(const char *path, int type, int flags)
{
	int fd;
	size_t len;
	struct sockaddr_un addr;

	if (flags & O_TRUNC)
		unlink(path);

	fd = socket(PF_UNIX, type, 0);
	if (fd < 0)
		return -1;

	memset(&addr, 0, sizeof(addr));

	if (!path)
		return fd;

	addr.sun_family = AF_UNIX;
	/* copy entire buffer in case of abstract socket */
	len = sizeof(addr.sun_path);
	if (path[0]) {
		len = strlen(path);
		if (len >= sizeof(addr.sun_path)) {
			close(fd);
			errno = ENAMETOOLONG;
			return -1;
		}
	}
	memcpy(addr.sun_path, path, len);

	if (bind(fd, (struct sockaddr *)&addr, sizeof(addr))) {
		int tmp = errno;
		close(fd);
		errno = tmp;
		return -1;
	}

	if (type == SOCK_STREAM && listen(fd, 100)) {
		int tmp = errno;
		close(fd);
		errno = tmp;
		return -1;
	}

	return fd;
}

int lxc_af_unix_close(int fd)
{
	struct sockaddr_un addr;
	socklen_t addrlen = sizeof(addr);

	if (!getsockname(fd, (struct sockaddr *)&addr, &addrlen) &&
	    addr.sun_path[0])
		unlink(addr.sun_path);

	close(fd);

	return 0;
}

int lxc_af_unix_connect(const char *path)
{
	int fd;
	struct sockaddr_un addr;

	fd = socket(PF_UNIX, SOCK_STREAM, 0);
	if (fd < 0)
		return -1;

	memset(&addr, 0, sizeof(addr));

	addr.sun_family = AF_UNIX;
	/* copy entire buffer in case of abstract socket */
	memcpy(addr.sun_path, path,
	       path[0]?strlen(path):sizeof(addr.sun_path));

	if (connect(fd, (struct sockaddr *)&addr, sizeof(addr))) {
		int tmp = errno;
		close(fd);
		errno = tmp;
		return -1;
	}

	return fd;
}

int lxc_af_unix_send_fd(int fd, int sendfd, void *data, size_t size)
{
        struct msghdr msg = { 0 };
        struct iovec iov;
        struct cmsghdr *cmsg;
        char cmsgbuf[CMSG_SPACE(sizeof(int))];
        char buf[1];
	int *val;

        msg.msg_control = cmsgbuf;
        msg.msg_controllen = sizeof(cmsgbuf);

        cmsg = CMSG_FIRSTHDR(&msg);
        cmsg->cmsg_len = CMSG_LEN(sizeof(int));
        cmsg->cmsg_level = SOL_SOCKET;
        cmsg->cmsg_type = SCM_RIGHTS;
	val = (int *)(CMSG_DATA(cmsg));
	*val = sendfd;

        msg.msg_name = NULL;
        msg.msg_namelen = 0;

        iov.iov_base = data ? data : buf;
        iov.iov_len = data ? size : sizeof(buf);
        msg.msg_iov = &iov;
        msg.msg_iovlen = 1;

        return sendmsg(fd, &msg, 0);
}

int lxc_af_unix_recv_fd(int fd, int *recvfd, void *data, size_t size)
{
        struct msghdr msg = { 0 };
        struct iovec iov;
        struct cmsghdr *cmsg;
        char cmsgbuf[CMSG_SPACE(sizeof(int))];
        char buf[1];
	int ret, *val;

        msg.msg_name = NULL;
        msg.msg_namelen = 0;
        msg.msg_control = cmsgbuf;
        msg.msg_controllen = sizeof(cmsgbuf);

        iov.iov_base = data ? data : buf;
        iov.iov_len = data ? size : sizeof(buf);
        msg.msg_iov = &iov;
        msg.msg_iovlen = 1;

	ret = recvmsg(fd, &msg, 0);
	if (ret <= 0)
		goto out;

        cmsg = CMSG_FIRSTHDR(&msg);

	/* if the message is wrong the variable will not be
	 * filled and the peer will notified about a problem */
	*recvfd = -1;

        if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(int)) &&
            cmsg->cmsg_level == SOL_SOCKET &&
            cmsg->cmsg_type == SCM_RIGHTS) {
		val = (int *) CMSG_DATA(cmsg);
                *recvfd = *val;
        }
out:
        return ret;
}

int lxc_af_unix_send_credential(int fd, void *data, size_t size)
{
        struct msghdr msg = { 0 };
        struct iovec iov;
        struct cmsghdr *cmsg;
	struct ucred cred = {
		.pid = getpid(),
		.uid = getuid(),
		.gid = getgid(),
	};
        char cmsgbuf[CMSG_SPACE(sizeof(cred))];
        char buf[1];

        msg.msg_control = cmsgbuf;
        msg.msg_controllen = sizeof(cmsgbuf);

        cmsg = CMSG_FIRSTHDR(&msg);
        cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
        cmsg->cmsg_level = SOL_SOCKET;
        cmsg->cmsg_type = SCM_CREDENTIALS;
	memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));

        msg.msg_name = NULL;
        msg.msg_namelen = 0;

        iov.iov_base = data ? data : buf;
        iov.iov_len = data ? size : sizeof(buf);
        msg.msg_iov = &iov;
        msg.msg_iovlen = 1;

        return sendmsg(fd, &msg, 0);
}

int lxc_af_unix_rcv_credential(int fd, void *data, size_t size)
{
        struct msghdr msg = { 0 };
        struct iovec iov;
        struct cmsghdr *cmsg;
	struct ucred cred;
        char cmsgbuf[CMSG_SPACE(sizeof(cred))];
        char buf[1];
	int ret;

        msg.msg_name = NULL;
        msg.msg_namelen = 0;
        msg.msg_control = cmsgbuf;
        msg.msg_controllen = sizeof(cmsgbuf);

        iov.iov_base = data ? data : buf;
        iov.iov_len = data ? size : sizeof(buf);
        msg.msg_iov = &iov;
        msg.msg_iovlen = 1;

	ret = recvmsg(fd, &msg, 0);
	if (ret <= 0)
		goto out;

        cmsg = CMSG_FIRSTHDR(&msg);

        if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
            cmsg->cmsg_level == SOL_SOCKET &&
            cmsg->cmsg_type == SCM_CREDENTIALS) {
		memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));
		if (cred.uid && (cred.uid != getuid() || cred.gid != getgid())) {
			INFO("message denied for '%d/%d'", cred.uid, cred.gid);
			return -EACCES;
		}
        }
out:
        return ret;
}
Commit	Line	Data
b0a33c1e	1	/*
	2	* lxc: linux Container library
	3	*
	4	* (C) Copyright IBM Corp. 2007, 2008
	5	*
	6	* Authors:
9afe19d6	7	* Daniel Lezcano <daniel.lezcano at free.fr>
b0a33c1e	8	*
	9	* This library is free software; you can redistribute it and/or
	10	* modify it under the terms of the GNU Lesser General Public
	11	* License as published by the Free Software Foundation; either
	12	* version 2.1 of the License, or (at your option) any later version.
	13	*
	14	* This library is distributed in the hope that it will be useful,
	15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	17	* Lesser General Public License for more details.
	18	*
	19	* You should have received a copy of the GNU Lesser General Public
	20	* License along with this library; if not, write to the Free Software
	21	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	22	*/
	23	#include <string.h>
	24	#include <unistd.h>
	25	#include <fcntl.h>
2dcb28a9	26	#include <errno.h>
b0a33c1e	27	#define __USE_GNU
	28	#include <sys/socket.h>
	29	#undef __USE_GNU
	30	#include <sys/un.h>
	31
2dcb28a9 MN	32	#include "log.h"
	33
	34	lxc_log_define(lxc_af_unix, lxc);
b0a33c1e	35
	36	int lxc_af_unix_open(const char *path, int type, int flags)
	37	{
	38	int fd;
ddb17f1f	39	size_t len;
b0a33c1e	40	struct sockaddr_un addr;
	41
	42	if (flags & O_TRUNC)
	43	unlink(path);
	44
	45	fd = socket(PF_UNIX, type, 0);
	46	if (fd < 0)
	47	return -1;
	48
	49	memset(&addr, 0, sizeof(addr));
	50
	51	if (!path)
	52	return fd;
	53
	54	addr.sun_family = AF_UNIX;
	55	/* copy entire buffer in case of abstract socket */
ddb17f1f DE	56	len = sizeof(addr.sun_path);
	57	if (path[0]) {
	58	len = strlen(path);
	59	if (len >= sizeof(addr.sun_path)) {
	60	close(fd);
	61	errno = ENAMETOOLONG;
	62	return -1;
	63	}
	64	}
	65	memcpy(addr.sun_path, path, len);
b0a33c1e	66
b0a33c1e	67	if (bind(fd, (struct sockaddr *)&addr, sizeof(addr))) {
dba104c8	68	int tmp = errno;
b0a33c1e	69	close(fd);
dba104c8	70	errno = tmp;
b0a33c1e	71	return -1;
b0a33c1e	72	}
ddb17f1f	73
31c53c2e	74	if (type == SOCK_STREAM && listen(fd, 100)) {
dba104c8	75	int tmp = errno;
b0a33c1e	76	close(fd);
dba104c8	77	errno = tmp;
b0a33c1e	78	return -1;
	79	}
	80
	81	return fd;
	82	}
	83
	84	int lxc_af_unix_close(int fd)
	85	{
	86	struct sockaddr_un addr;
af41709c	87	socklen_t addrlen = sizeof(addr);
ddb17f1f	88
f79d43bb	89	if (!getsockname(fd, (struct sockaddr *)&addr, &addrlen) &&
b0a33c1e	90	addr.sun_path[0])
	91	unlink(addr.sun_path);
	92
	93	close(fd);
	94
	95	return 0;
	96	}
	97
	98	int lxc_af_unix_connect(const char *path)
	99	{
	100	int fd;
	101	struct sockaddr_un addr;
	102
	103	fd = socket(PF_UNIX, SOCK_STREAM, 0);
	104	if (fd < 0)
	105	return -1;
	106
	107	memset(&addr, 0, sizeof(addr));
	108
	109	addr.sun_family = AF_UNIX;
	110	/* copy entire buffer in case of abstract socket */
f79d43bb	111	memcpy(addr.sun_path, path,
b0a33c1e	112	path[0]?strlen(path):sizeof(addr.sun_path));
	113
	114	if (connect(fd, (struct sockaddr *)&addr, sizeof(addr))) {
dba104c8	115	int tmp = errno;
b0a33c1e	116	close(fd);
dba104c8	117	errno = tmp;
b0a33c1e	118	return -1;
	119	}
	120
	121	return fd;
	122	}
	123
	124	int lxc_af_unix_send_fd(int fd, int sendfd, void *data, size_t size)
	125	{
	126	struct msghdr msg = { 0 };
	127	struct iovec iov;
	128	struct cmsghdr *cmsg;
	129	char cmsgbuf[CMSG_SPACE(sizeof(int))];
	130	char buf[1];
0e391e57	131	int *val;
b0a33c1e	132
	133	msg.msg_control = cmsgbuf;
	134	msg.msg_controllen = sizeof(cmsgbuf);
	135
	136	cmsg = CMSG_FIRSTHDR(&msg);
	137	cmsg->cmsg_len = CMSG_LEN(sizeof(int));
	138	cmsg->cmsg_level = SOL_SOCKET;
	139	cmsg->cmsg_type = SCM_RIGHTS;
0e391e57 DL	140	val = (int *)(CMSG_DATA(cmsg));
0e391e57 DL	141	*val = sendfd;
b0a33c1e	142
	143	msg.msg_name = NULL;
	144	msg.msg_namelen = 0;
	145
	146	iov.iov_base = data ? data : buf;
	147	iov.iov_len = data ? size : sizeof(buf);
	148	msg.msg_iov = &iov;
	149	msg.msg_iovlen = 1;
	150
	151	return sendmsg(fd, &msg, 0);
	152	}
	153
	154	int lxc_af_unix_recv_fd(int fd, int recvfd, void data, size_t size)
	155	{
	156	struct msghdr msg = { 0 };
	157	struct iovec iov;
	158	struct cmsghdr *cmsg;
	159	char cmsgbuf[CMSG_SPACE(sizeof(int))];
	160	char buf[1];
0e391e57	161	int ret, *val;
b0a33c1e	162
	163	msg.msg_name = NULL;
	164	msg.msg_namelen = 0;
	165	msg.msg_control = cmsgbuf;
	166	msg.msg_controllen = sizeof(cmsgbuf);
	167
	168	iov.iov_base = data ? data : buf;
	169	iov.iov_len = data ? size : sizeof(buf);
	170	msg.msg_iov = &iov;
	171	msg.msg_iovlen = 1;
	172
	173	ret = recvmsg(fd, &msg, 0);
	174	if (ret <= 0)
	175	goto out;
	176
	177	cmsg = CMSG_FIRSTHDR(&msg);
	178
f79d43bb	179	/* if the message is wrong the variable will not be
b0a33c1e	180	* filled and the peer will notified about a problem */
	181	*recvfd = -1;
	182
	183	if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(int)) &&
	184	cmsg->cmsg_level == SOL_SOCKET &&
	185	cmsg->cmsg_type == SCM_RIGHTS) {
0e391e57 DL	186	val = (int *) CMSG_DATA(cmsg);
0e391e57 DL	187	recvfd = val;
b0a33c1e	188	}
	189	out:
	190	return ret;
	191	}
	192
	193	int lxc_af_unix_send_credential(int fd, void *data, size_t size)
	194	{
	195	struct msghdr msg = { 0 };
	196	struct iovec iov;
	197	struct cmsghdr *cmsg;
	198	struct ucred cred = {
	199	.pid = getpid(),
	200	.uid = getuid(),
	201	.gid = getgid(),
	202	};
	203	char cmsgbuf[CMSG_SPACE(sizeof(cred))];
	204	char buf[1];
	205
	206	msg.msg_control = cmsgbuf;
	207	msg.msg_controllen = sizeof(cmsgbuf);
	208
	209	cmsg = CMSG_FIRSTHDR(&msg);
	210	cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
	211	cmsg->cmsg_level = SOL_SOCKET;
	212	cmsg->cmsg_type = SCM_CREDENTIALS;
0e391e57	213	memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));
b0a33c1e	214
	215	msg.msg_name = NULL;
	216	msg.msg_namelen = 0;
	217
	218	iov.iov_base = data ? data : buf;
	219	iov.iov_len = data ? size : sizeof(buf);
	220	msg.msg_iov = &iov;
	221	msg.msg_iovlen = 1;
	222
	223	return sendmsg(fd, &msg, 0);
	224	}
	225
	226	int lxc_af_unix_rcv_credential(int fd, void *data, size_t size)
	227	{
	228	struct msghdr msg = { 0 };
	229	struct iovec iov;
	230	struct cmsghdr *cmsg;
	231	struct ucred cred;
	232	char cmsgbuf[CMSG_SPACE(sizeof(cred))];
	233	char buf[1];
	234	int ret;
	235
	236	msg.msg_name = NULL;
	237	msg.msg_namelen = 0;
	238	msg.msg_control = cmsgbuf;
	239	msg.msg_controllen = sizeof(cmsgbuf);
	240
	241	iov.iov_base = data ? data : buf;
	242	iov.iov_len = data ? size : sizeof(buf);
	243	msg.msg_iov = &iov;
	244	msg.msg_iovlen = 1;
	245
	246	ret = recvmsg(fd, &msg, 0);
	247	if (ret <= 0)
	248	goto out;
	249
	250	cmsg = CMSG_FIRSTHDR(&msg);
	251
b0a33c1e	252	if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
	253	cmsg->cmsg_level == SOL_SOCKET &&
	254	cmsg->cmsg_type == SCM_CREDENTIALS) {
0e391e57	255	memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));
d8cc9804	256	if (cred.uid && (cred.uid != getuid() \|\| cred.gid != getgid())) {
2dcb28a9	257	INFO("message denied for '%d/%d'", cred.uid, cred.gid);
d8cc9804	258	return -EACCES;
2dcb28a9	259	}
b0a33c1e	260	}
	261	out:
	262	return ret;
	263	}