]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/af_unix.c
projects / mirror_lxc.git / blob
? search:


fdbf1134f8baa3b622a609a57e7689025c20f55b
[mirror_lxc.git] / src / lxc / af_unix.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2008
5 *
6 * Authors:
7 * Daniel Lezcano <dlezcano at fr.ibm.com>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 */
23 #include <string.h>
24 #include <unistd.h>
25 #include <fcntl.h>
26 #include <errno.h>
27 #define __USE_GNU
28 #include <sys/socket.h>
29 #undef __USE_GNU
30 #include <sys/un.h>
31
32 #include "log.h"
33
34 lxc_log_define(lxc_af_unix, lxc);
35
36 int lxc_af_unix_open(const char *path, int type, int flags)
37 {
38 int fd;
39 struct sockaddr_un addr;
40
41 if (flags & O_TRUNC)
42 unlink(path);
43
44 fd = socket(PF_UNIX, type, 0);
45 if (fd < 0)
46 return -1;
47
48 memset(&addr, 0, sizeof(addr));
49
50 if (!path)
51 return fd;
52
53 addr.sun_family = AF_UNIX;
54 /* copy entire buffer in case of abstract socket */
55 memcpy(addr.sun_path, path,
56 path[0]?strlen(path):sizeof(addr.sun_path));
57
58 if (bind(fd, (struct sockaddr *)&addr, sizeof(addr))) {
59 close(fd);
60 return -1;
61 }
62
63 if (type == SOCK_STREAM && listen(fd, 100)) {
64 close(fd);
65 return -1;
66 }
67
68 return fd;
69 }
70
71 int lxc_af_unix_close(int fd)
72 {
73 struct sockaddr_un addr;
74 socklen_t addrlen;
75
76 if (!getsockname(fd, (struct sockaddr *)&addr, &addrlen) &&
77 addr.sun_path[0])
78 unlink(addr.sun_path);
79
80 close(fd);
81
82 return 0;
83 }
84
85 int lxc_af_unix_connect(const char *path)
86 {
87 int fd;
88 struct sockaddr_un addr;
89
90 fd = socket(PF_UNIX, SOCK_STREAM, 0);
91 if (fd < 0)
92 return -1;
93
94 memset(&addr, 0, sizeof(addr));
95
96 addr.sun_family = AF_UNIX;
97 /* copy entire buffer in case of abstract socket */
98 memcpy(addr.sun_path, path,
99 path[0]?strlen(path):sizeof(addr.sun_path));
100
101 if (connect(fd, (struct sockaddr *)&addr, sizeof(addr))) {
102 close(fd);
103 return -1;
104 }
105
106 return fd;
107 }
108
109 int lxc_af_unix_send_fd(int fd, int sendfd, void *data, size_t size)
110 {
111 struct msghdr msg = { 0 };
112 struct iovec iov;
113 struct cmsghdr *cmsg;
114 char cmsgbuf[CMSG_SPACE(sizeof(int))];
115 char buf[1];
116
117 msg.msg_control = cmsgbuf;
118 msg.msg_controllen = sizeof(cmsgbuf);
119
120 cmsg = CMSG_FIRSTHDR(&msg);
121 cmsg->cmsg_len = CMSG_LEN(sizeof(int));
122 cmsg->cmsg_level = SOL_SOCKET;
123 cmsg->cmsg_type = SCM_RIGHTS;
124 *((int *) CMSG_DATA(cmsg)) = sendfd;
125
126 msg.msg_name = NULL;
127 msg.msg_namelen = 0;
128
129 iov.iov_base = data ? data : buf;
130 iov.iov_len = data ? size : sizeof(buf);
131 msg.msg_iov = &iov;
132 msg.msg_iovlen = 1;
133
134 return sendmsg(fd, &msg, 0);
135 }
136
137 int lxc_af_unix_recv_fd(int fd, int *recvfd, void *data, size_t size)
138 {
139 struct msghdr msg = { 0 };
140 struct iovec iov;
141 struct cmsghdr *cmsg;
142 char cmsgbuf[CMSG_SPACE(sizeof(int))];
143 char buf[1];
144 int ret;
145
146 msg.msg_name = NULL;
147 msg.msg_namelen = 0;
148 msg.msg_control = cmsgbuf;
149 msg.msg_controllen = sizeof(cmsgbuf);
150
151 iov.iov_base = data ? data : buf;
152 iov.iov_len = data ? size : sizeof(buf);
153 msg.msg_iov = &iov;
154 msg.msg_iovlen = 1;
155
156 ret = recvmsg(fd, &msg, 0);
157 if (ret <= 0)
158 goto out;
159
160 cmsg = CMSG_FIRSTHDR(&msg);
161
162 /* if the message is wrong the variable will not be
163 * filled and the peer will notified about a problem */
164 *recvfd = -1;
165
166 if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(int)) &&
167 cmsg->cmsg_level == SOL_SOCKET &&
168 cmsg->cmsg_type == SCM_RIGHTS) {
169 *recvfd = *((int *) CMSG_DATA(cmsg));
170 }
171 out:
172 return ret;
173 }
174
175 int lxc_af_unix_send_credential(int fd, void *data, size_t size)
176 {
177 struct msghdr msg = { 0 };
178 struct iovec iov;
179 struct cmsghdr *cmsg;
180 struct ucred cred = {
181 .pid = getpid(),
182 .uid = getuid(),
183 .gid = getgid(),
184 };
185 char cmsgbuf[CMSG_SPACE(sizeof(cred))];
186 char buf[1];
187
188 msg.msg_control = cmsgbuf;
189 msg.msg_controllen = sizeof(cmsgbuf);
190
191 cmsg = CMSG_FIRSTHDR(&msg);
192 cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
193 cmsg->cmsg_level = SOL_SOCKET;
194 cmsg->cmsg_type = SCM_CREDENTIALS;
195 *((struct ucred *) CMSG_DATA(cmsg)) = cred;
196
197 msg.msg_name = NULL;
198 msg.msg_namelen = 0;
199
200 iov.iov_base = data ? data : buf;
201 iov.iov_len = data ? size : sizeof(buf);
202 msg.msg_iov = &iov;
203 msg.msg_iovlen = 1;
204
205 return sendmsg(fd, &msg, 0);
206 }
207
208 int lxc_af_unix_rcv_credential(int fd, void *data, size_t size)
209 {
210 struct msghdr msg = { 0 };
211 struct iovec iov;
212 struct cmsghdr *cmsg;
213 struct ucred cred;
214 char cmsgbuf[CMSG_SPACE(sizeof(cred))];
215 char buf[1];
216 int ret;
217
218 msg.msg_name = NULL;
219 msg.msg_namelen = 0;
220 msg.msg_control = cmsgbuf;
221 msg.msg_controllen = sizeof(cmsgbuf);
222
223 iov.iov_base = data ? data : buf;
224 iov.iov_len = data ? size : sizeof(buf);
225 msg.msg_iov = &iov;
226 msg.msg_iovlen = 1;
227
228 ret = recvmsg(fd, &msg, 0);
229 if (ret <= 0)
230 goto out;
231
232 cmsg = CMSG_FIRSTHDR(&msg);
233
234 if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
235 cmsg->cmsg_level == SOL_SOCKET &&
236 cmsg->cmsg_type == SCM_CREDENTIALS) {
237 cred = *((struct ucred *) CMSG_DATA(cmsg));
238 if (cred.uid && (cred.uid != getuid() || cred.gid != getgid())) {
239 INFO("message denied for '%d/%d'", cred.uid, cred.gid);
240 return -EACCES;
241 }
242 }
243 out:
244 return ret;
245 }
LXC mirror