src/lxc/af_unix.c

   1 /*
   2  * lxc: linux Container library
   3  *
   4  * (C) Copyright IBM Corp. 2007, 2008
   5  *
   6  * Authors:
   7  * Daniel Lezcano <dlezcano at fr.ibm.com>
   8  *
   9  * This library is free software; you can redistribute it and/or
  10  * modify it under the terms of the GNU Lesser General Public
  11  * License as published by the Free Software Foundation; either
  12  * version 2.1 of the License, or (at your option) any later version.
  13  *
  14  * This library is distributed in the hope that it will be useful,
  15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  17  * Lesser General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU Lesser General Public
  20  * License along with this library; if not, write to the Free Software
  21  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  22  */
  23 #include <string.h>
  24 #include <unistd.h>
  25 #include <fcntl.h>
  26 #include <errno.h>
  27 #define __USE_GNU
  28 #include <sys/socket.h>
  29 #undef __USE_GNU
  30 #include <sys/un.h>
  31
  32 #include "log.h"
  33
  34 lxc_log_define(lxc_af_unix, lxc);
  35
  36 int lxc_af_unix_open(const char *path, int type, int flags)
  37 {
  38         int fd;
  39         struct sockaddr_un addr;
  40
  41         if (flags & O_TRUNC)
  42                 unlink(path);
  43
  44         fd = socket(PF_UNIX, type, 0);
  45         if (fd < 0)
  46                 return -1;
  47
  48         memset(&addr, 0, sizeof(addr));
  49
  50         if (!path)
  51                 return fd;
  52
  53         addr.sun_family = AF_UNIX;
  54         /* copy entire buffer in case of abstract socket */
  55         memcpy(addr.sun_path, path,
  56                path[0]?strlen(path):sizeof(addr.sun_path));
  57
  58         if (bind(fd, (struct sockaddr *)&addr, sizeof(addr))) {
  59                 close(fd);
  60                 return -1;
  61         }
  62
  63         if (type == SOCK_STREAM && listen(fd, 100)) {
  64                 close(fd);
  65                 return -1;
  66         }
  67
  68         return fd;
  69 }
  70
  71 int lxc_af_unix_close(int fd)
  72 {
  73         struct sockaddr_un addr;
  74         socklen_t addrlen;
  75
  76         if (!getsockname(fd, (struct sockaddr *)&addr, &addrlen) &&
  77             addr.sun_path[0])
  78                 unlink(addr.sun_path);
  79
  80         close(fd);
  81
  82         return 0;
  83 }
  84
  85 int lxc_af_unix_connect(const char *path)
  86 {
  87         int fd;
  88         struct sockaddr_un addr;
  89
  90         fd = socket(PF_UNIX, SOCK_STREAM, 0);
  91         if (fd < 0)
  92                 return -1;
  93
  94         memset(&addr, 0, sizeof(addr));
  95
  96         addr.sun_family = AF_UNIX;
  97         /* copy entire buffer in case of abstract socket */
  98         memcpy(addr.sun_path, path,
  99                path[0]?strlen(path):sizeof(addr.sun_path));
 100
 101         if (connect(fd, (struct sockaddr *)&addr, sizeof(addr))) {
 102                 close(fd);
 103                 return -1;
 104         }
 105
 106         return fd;
 107 }
 108
 109 int lxc_af_unix_send_fd(int fd, int sendfd, void *data, size_t size)
 110 {
 111         struct msghdr msg = { 0 };
 112         struct iovec iov;
 113         struct cmsghdr *cmsg;
 114         char cmsgbuf[CMSG_SPACE(sizeof(int))];
 115         char buf[1];
 116
 117         msg.msg_control = cmsgbuf;
 118         msg.msg_controllen = sizeof(cmsgbuf);
 119
 120         cmsg = CMSG_FIRSTHDR(&msg);
 121         cmsg->cmsg_len = CMSG_LEN(sizeof(int));
 122         cmsg->cmsg_level = SOL_SOCKET;
 123         cmsg->cmsg_type = SCM_RIGHTS;
 124         *((int *) CMSG_DATA(cmsg)) = sendfd;
 125         msg.msg_controllen = cmsg->cmsg_len;
 126
 127         msg.msg_name = NULL;
 128         msg.msg_namelen = 0;
 129
 130         iov.iov_base = data ? data : buf;
 131         iov.iov_len = data ? size : sizeof(buf);
 132         msg.msg_iov = &iov;
 133         msg.msg_iovlen = 1;
 134
 135         return sendmsg(fd, &msg, 0);
 136 }
 137
 138 int lxc_af_unix_recv_fd(int fd, int *recvfd, void *data, size_t size)
 139 {
 140         struct msghdr msg = { 0 };
 141         struct iovec iov;
 142         struct cmsghdr *cmsg;
 143         char cmsgbuf[CMSG_SPACE(sizeof(int))];
 144         char buf[1];
 145         int ret;
 146
 147         msg.msg_name = NULL;
 148         msg.msg_namelen = 0;
 149         msg.msg_control = cmsgbuf;
 150         msg.msg_controllen = sizeof(cmsgbuf);
 151
 152         iov.iov_base = data ? data : buf;
 153         iov.iov_len = data ? size : sizeof(buf);
 154         msg.msg_iov = &iov;
 155         msg.msg_iovlen = 1;
 156
 157         ret = recvmsg(fd, &msg, 0);
 158         if (ret <= 0)
 159                 goto out;
 160
 161         cmsg = CMSG_FIRSTHDR(&msg);
 162
 163         /* if the message is wrong the variable will not be
 164          * filled and the peer will notified about a problem */
 165         *recvfd = -1;
 166
 167         if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(int)) &&
 168             cmsg->cmsg_level == SOL_SOCKET &&
 169             cmsg->cmsg_type == SCM_RIGHTS) {
 170                 *recvfd = *((int *) CMSG_DATA(cmsg));
 171         }
 172 out:
 173         return ret;
 174 }
 175
 176 int lxc_af_unix_send_credential(int fd, void *data, size_t size)
 177 {
 178         struct msghdr msg = { 0 };
 179         struct iovec iov;
 180         struct cmsghdr *cmsg;
 181         struct ucred cred = {
 182                 .pid = getpid(),
 183                 .uid = getuid(),
 184                 .gid = getgid(),
 185         };
 186         char cmsgbuf[CMSG_SPACE(sizeof(cred))];
 187         char buf[1];
 188
 189         msg.msg_control = cmsgbuf;
 190         msg.msg_controllen = sizeof(cmsgbuf);
 191
 192         cmsg = CMSG_FIRSTHDR(&msg);
 193         cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
 194         cmsg->cmsg_level = SOL_SOCKET;
 195         cmsg->cmsg_type = SCM_CREDENTIALS;
 196         *((struct ucred *) CMSG_DATA(cmsg)) = cred;
 197         msg.msg_controllen = cmsg->cmsg_len;
 198
 199         msg.msg_name = NULL;
 200         msg.msg_namelen = 0;
 201
 202         iov.iov_base = data ? data : buf;
 203         iov.iov_len = data ? size : sizeof(buf);
 204         msg.msg_iov = &iov;
 205         msg.msg_iovlen = 1;
 206
 207         return sendmsg(fd, &msg, 0);
 208 }
 209
 210 int lxc_af_unix_rcv_credential(int fd, void *data, size_t size)
 211 {
 212         struct msghdr msg = { 0 };
 213         struct iovec iov;
 214         struct cmsghdr *cmsg;
 215         struct ucred cred;
 216         char cmsgbuf[CMSG_SPACE(sizeof(cred))];
 217         char buf[1];
 218         int ret;
 219
 220         msg.msg_name = NULL;
 221         msg.msg_namelen = 0;
 222         msg.msg_control = cmsgbuf;
 223         msg.msg_controllen = sizeof(cmsgbuf);
 224
 225         iov.iov_base = data ? data : buf;
 226         iov.iov_len = data ? size : sizeof(buf);
 227         msg.msg_iov = &iov;
 228         msg.msg_iovlen = 1;
 229
 230         ret = recvmsg(fd, &msg, 0);
 231         if (ret <= 0)
 232                 goto out;
 233
 234         cmsg = CMSG_FIRSTHDR(&msg);
 235
 236         if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
 237             cmsg->cmsg_level == SOL_SOCKET &&
 238             cmsg->cmsg_type == SCM_CREDENTIALS) {
 239                 cred = *((struct ucred *) CMSG_DATA(cmsg));
 240                 if (cred.uid && (cred.uid != getuid() || cred.gid != getgid())) {
 241                         INFO("message denied for '%d/%d'", cred.uid, cred.gid);
 242                         return -EACCES;
 243                 }
 244         }
 245 out:
 246         return ret;
 247 }