]>
Commit | Line | Data |
---|---|---|
b0a33c1e | 1 | /* |
2 | * lxc: linux Container library | |
3 | * | |
4 | * (C) Copyright IBM Corp. 2007, 2008 | |
5 | * | |
6 | * Authors: | |
9afe19d6 | 7 | * Daniel Lezcano <daniel.lezcano at free.fr> |
b0a33c1e | 8 | * |
9 | * This library is free software; you can redistribute it and/or | |
10 | * modify it under the terms of the GNU Lesser General Public | |
11 | * License as published by the Free Software Foundation; either | |
12 | * version 2.1 of the License, or (at your option) any later version. | |
13 | * | |
14 | * This library is distributed in the hope that it will be useful, | |
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
17 | * Lesser General Public License for more details. | |
18 | * | |
19 | * You should have received a copy of the GNU Lesser General Public | |
20 | * License along with this library; if not, write to the Free Software | |
21 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
22 | */ | |
23 | #include <string.h> | |
24 | #include <unistd.h> | |
25 | #include <fcntl.h> | |
2dcb28a9 | 26 | #include <errno.h> |
b0a33c1e | 27 | #define __USE_GNU |
28 | #include <sys/socket.h> | |
29 | #undef __USE_GNU | |
30 | #include <sys/un.h> | |
31 | ||
2dcb28a9 MN |
32 | #include "log.h" |
33 | ||
34 | lxc_log_define(lxc_af_unix, lxc); | |
b0a33c1e | 35 | |
36 | int lxc_af_unix_open(const char *path, int type, int flags) | |
37 | { | |
38 | int fd; | |
ddb17f1f | 39 | size_t len; |
b0a33c1e | 40 | struct sockaddr_un addr; |
41 | ||
42 | if (flags & O_TRUNC) | |
43 | unlink(path); | |
44 | ||
45 | fd = socket(PF_UNIX, type, 0); | |
46 | if (fd < 0) | |
47 | return -1; | |
48 | ||
49 | memset(&addr, 0, sizeof(addr)); | |
50 | ||
51 | if (!path) | |
52 | return fd; | |
53 | ||
54 | addr.sun_family = AF_UNIX; | |
55 | /* copy entire buffer in case of abstract socket */ | |
ddb17f1f DE |
56 | len = sizeof(addr.sun_path); |
57 | if (path[0]) { | |
58 | len = strlen(path); | |
59 | if (len >= sizeof(addr.sun_path)) { | |
60 | close(fd); | |
61 | errno = ENAMETOOLONG; | |
62 | return -1; | |
63 | } | |
64 | } | |
65 | memcpy(addr.sun_path, path, len); | |
b0a33c1e | 66 | |
67 | if (bind(fd, (struct sockaddr *)&addr, sizeof(addr))) { | |
dba104c8 | 68 | int tmp = errno; |
b0a33c1e | 69 | close(fd); |
dba104c8 | 70 | errno = tmp; |
b0a33c1e | 71 | return -1; |
72 | } | |
ddb17f1f | 73 | |
31c53c2e | 74 | if (type == SOCK_STREAM && listen(fd, 100)) { |
dba104c8 | 75 | int tmp = errno; |
b0a33c1e | 76 | close(fd); |
dba104c8 | 77 | errno = tmp; |
b0a33c1e | 78 | return -1; |
79 | } | |
80 | ||
81 | return fd; | |
82 | } | |
83 | ||
84 | int lxc_af_unix_close(int fd) | |
85 | { | |
86 | struct sockaddr_un addr; | |
af41709c | 87 | socklen_t addrlen = sizeof(addr); |
ddb17f1f | 88 | |
f79d43bb | 89 | if (!getsockname(fd, (struct sockaddr *)&addr, &addrlen) && |
b0a33c1e | 90 | addr.sun_path[0]) |
91 | unlink(addr.sun_path); | |
92 | ||
93 | close(fd); | |
94 | ||
95 | return 0; | |
96 | } | |
97 | ||
98 | int lxc_af_unix_connect(const char *path) | |
99 | { | |
100 | int fd; | |
101 | struct sockaddr_un addr; | |
102 | ||
103 | fd = socket(PF_UNIX, SOCK_STREAM, 0); | |
104 | if (fd < 0) | |
105 | return -1; | |
106 | ||
107 | memset(&addr, 0, sizeof(addr)); | |
108 | ||
109 | addr.sun_family = AF_UNIX; | |
110 | /* copy entire buffer in case of abstract socket */ | |
f79d43bb | 111 | memcpy(addr.sun_path, path, |
b0a33c1e | 112 | path[0]?strlen(path):sizeof(addr.sun_path)); |
113 | ||
114 | if (connect(fd, (struct sockaddr *)&addr, sizeof(addr))) { | |
dba104c8 | 115 | int tmp = errno; |
b0a33c1e | 116 | close(fd); |
dba104c8 | 117 | errno = tmp; |
b0a33c1e | 118 | return -1; |
119 | } | |
120 | ||
121 | return fd; | |
122 | } | |
123 | ||
124 | int lxc_af_unix_send_fd(int fd, int sendfd, void *data, size_t size) | |
125 | { | |
126 | struct msghdr msg = { 0 }; | |
127 | struct iovec iov; | |
128 | struct cmsghdr *cmsg; | |
129 | char cmsgbuf[CMSG_SPACE(sizeof(int))]; | |
130 | char buf[1]; | |
0e391e57 | 131 | int *val; |
b0a33c1e | 132 | |
133 | msg.msg_control = cmsgbuf; | |
134 | msg.msg_controllen = sizeof(cmsgbuf); | |
135 | ||
136 | cmsg = CMSG_FIRSTHDR(&msg); | |
137 | cmsg->cmsg_len = CMSG_LEN(sizeof(int)); | |
138 | cmsg->cmsg_level = SOL_SOCKET; | |
139 | cmsg->cmsg_type = SCM_RIGHTS; | |
0e391e57 DL |
140 | val = (int *)(CMSG_DATA(cmsg)); |
141 | *val = sendfd; | |
b0a33c1e | 142 | |
143 | msg.msg_name = NULL; | |
144 | msg.msg_namelen = 0; | |
145 | ||
146 | iov.iov_base = data ? data : buf; | |
147 | iov.iov_len = data ? size : sizeof(buf); | |
148 | msg.msg_iov = &iov; | |
149 | msg.msg_iovlen = 1; | |
150 | ||
151 | return sendmsg(fd, &msg, 0); | |
152 | } | |
153 | ||
154 | int lxc_af_unix_recv_fd(int fd, int *recvfd, void *data, size_t size) | |
155 | { | |
156 | struct msghdr msg = { 0 }; | |
157 | struct iovec iov; | |
158 | struct cmsghdr *cmsg; | |
159 | char cmsgbuf[CMSG_SPACE(sizeof(int))]; | |
160 | char buf[1]; | |
0e391e57 | 161 | int ret, *val; |
b0a33c1e | 162 | |
163 | msg.msg_name = NULL; | |
164 | msg.msg_namelen = 0; | |
165 | msg.msg_control = cmsgbuf; | |
166 | msg.msg_controllen = sizeof(cmsgbuf); | |
167 | ||
168 | iov.iov_base = data ? data : buf; | |
169 | iov.iov_len = data ? size : sizeof(buf); | |
170 | msg.msg_iov = &iov; | |
171 | msg.msg_iovlen = 1; | |
172 | ||
173 | ret = recvmsg(fd, &msg, 0); | |
174 | if (ret <= 0) | |
175 | goto out; | |
176 | ||
177 | cmsg = CMSG_FIRSTHDR(&msg); | |
178 | ||
f79d43bb | 179 | /* if the message is wrong the variable will not be |
b0a33c1e | 180 | * filled and the peer will notified about a problem */ |
181 | *recvfd = -1; | |
182 | ||
183 | if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(int)) && | |
184 | cmsg->cmsg_level == SOL_SOCKET && | |
185 | cmsg->cmsg_type == SCM_RIGHTS) { | |
0e391e57 DL |
186 | val = (int *) CMSG_DATA(cmsg); |
187 | *recvfd = *val; | |
b0a33c1e | 188 | } |
189 | out: | |
190 | return ret; | |
191 | } | |
192 | ||
193 | int lxc_af_unix_send_credential(int fd, void *data, size_t size) | |
194 | { | |
195 | struct msghdr msg = { 0 }; | |
196 | struct iovec iov; | |
197 | struct cmsghdr *cmsg; | |
198 | struct ucred cred = { | |
199 | .pid = getpid(), | |
200 | .uid = getuid(), | |
201 | .gid = getgid(), | |
202 | }; | |
203 | char cmsgbuf[CMSG_SPACE(sizeof(cred))]; | |
204 | char buf[1]; | |
205 | ||
206 | msg.msg_control = cmsgbuf; | |
207 | msg.msg_controllen = sizeof(cmsgbuf); | |
208 | ||
209 | cmsg = CMSG_FIRSTHDR(&msg); | |
210 | cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred)); | |
211 | cmsg->cmsg_level = SOL_SOCKET; | |
212 | cmsg->cmsg_type = SCM_CREDENTIALS; | |
0e391e57 | 213 | memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred)); |
b0a33c1e | 214 | |
215 | msg.msg_name = NULL; | |
216 | msg.msg_namelen = 0; | |
217 | ||
218 | iov.iov_base = data ? data : buf; | |
219 | iov.iov_len = data ? size : sizeof(buf); | |
220 | msg.msg_iov = &iov; | |
221 | msg.msg_iovlen = 1; | |
222 | ||
223 | return sendmsg(fd, &msg, 0); | |
224 | } | |
225 | ||
226 | int lxc_af_unix_rcv_credential(int fd, void *data, size_t size) | |
227 | { | |
228 | struct msghdr msg = { 0 }; | |
229 | struct iovec iov; | |
230 | struct cmsghdr *cmsg; | |
231 | struct ucred cred; | |
232 | char cmsgbuf[CMSG_SPACE(sizeof(cred))]; | |
233 | char buf[1]; | |
234 | int ret; | |
235 | ||
236 | msg.msg_name = NULL; | |
237 | msg.msg_namelen = 0; | |
238 | msg.msg_control = cmsgbuf; | |
239 | msg.msg_controllen = sizeof(cmsgbuf); | |
240 | ||
241 | iov.iov_base = data ? data : buf; | |
242 | iov.iov_len = data ? size : sizeof(buf); | |
243 | msg.msg_iov = &iov; | |
244 | msg.msg_iovlen = 1; | |
245 | ||
246 | ret = recvmsg(fd, &msg, 0); | |
247 | if (ret <= 0) | |
248 | goto out; | |
249 | ||
250 | cmsg = CMSG_FIRSTHDR(&msg); | |
251 | ||
b0a33c1e | 252 | if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) && |
253 | cmsg->cmsg_level == SOL_SOCKET && | |
254 | cmsg->cmsg_type == SCM_CREDENTIALS) { | |
0e391e57 | 255 | memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred)); |
d8cc9804 | 256 | if (cred.uid && (cred.uid != getuid() || cred.gid != getgid())) { |
2dcb28a9 | 257 | INFO("message denied for '%d/%d'", cred.uid, cred.gid); |
d8cc9804 | 258 | return -EACCES; |
2dcb28a9 | 259 | } |
b0a33c1e | 260 | } |
261 | out: | |
262 | return ret; | |
263 | } |