]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/af_unix.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
api_create and api_start: work toward making them thread-safe
[mirror_lxc.git] / src / lxc / af_unix.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2008
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23 #include <string.h>
24 #include <unistd.h>
25 #include <fcntl.h>
26 #include <errno.h>
27 #define __USE_GNU
28 #include <sys/socket.h>
29 #undef __USE_GNU
30 #include <sys/un.h>
31
32 #include "log.h"
33 #include "lxclock.h"
34
35 lxc_log_define(lxc_af_unix, lxc);
36
37 int lxc_af_unix_open(const char *path, int type, int flags)
38 {
39 int fd;
40 size_t len;
41 struct sockaddr_un addr;
42
43 if (flags & O_TRUNC)
44 unlink(path);
45
46 fd = socket(PF_UNIX, type, 0);
47 if (fd < 0)
48 return -1;
49
50 memset(&addr, 0, sizeof(addr));
51
52 if (!path)
53 return fd;
54
55 addr.sun_family = AF_UNIX;
56 /* copy entire buffer in case of abstract socket */
57 len = sizeof(addr.sun_path);
58 if (path[0]) {
59 len = strlen(path);
60 if (len >= sizeof(addr.sun_path)) {
61 close(fd);
62 errno = ENAMETOOLONG;
63 return -1;
64 }
65 }
66 memcpy(addr.sun_path, path, len);
67
68 if (bind(fd, (struct sockaddr *)&addr, sizeof(addr))) {
69 int tmp = errno;
70 close(fd);
71 errno = tmp;
72 return -1;
73 }
74
75 if (type == SOCK_STREAM && listen(fd, 100)) {
76 int tmp = errno;
77 close(fd);
78 errno = tmp;
79 return -1;
80 }
81
82 return fd;
83 }
84
85 int lxc_af_unix_close(int fd)
86 {
87 struct sockaddr_un addr;
88 socklen_t addrlen = sizeof(addr);
89
90 if (!getsockname(fd, (struct sockaddr *)&addr, &addrlen) &&
91 addr.sun_path[0])
92 unlink(addr.sun_path);
93
94 close(fd);
95
96 return 0;
97 }
98
99 int lxc_af_unix_connect(const char *path)
100 {
101 int fd;
102 struct sockaddr_un addr;
103
104 process_lock();
105 fd = socket(PF_UNIX, SOCK_STREAM, 0);
106 process_unlock();
107 if (fd < 0)
108 return -1;
109
110 memset(&addr, 0, sizeof(addr));
111
112 addr.sun_family = AF_UNIX;
113 /* copy entire buffer in case of abstract socket */
114 memcpy(addr.sun_path, path,
115 path[0]?strlen(path):sizeof(addr.sun_path));
116
117 if (connect(fd, (struct sockaddr *)&addr, sizeof(addr))) {
118 int tmp = errno;
119 process_lock();
120 close(fd);
121 process_unlock();
122 errno = tmp;
123 return -1;
124 }
125
126 return fd;
127 }
128
129 int lxc_af_unix_send_fd(int fd, int sendfd, void *data, size_t size)
130 {
131 struct msghdr msg = { 0 };
132 struct iovec iov;
133 struct cmsghdr *cmsg;
134 char cmsgbuf[CMSG_SPACE(sizeof(int))];
135 char buf[1];
136 int *val;
137
138 msg.msg_control = cmsgbuf;
139 msg.msg_controllen = sizeof(cmsgbuf);
140
141 cmsg = CMSG_FIRSTHDR(&msg);
142 cmsg->cmsg_len = CMSG_LEN(sizeof(int));
143 cmsg->cmsg_level = SOL_SOCKET;
144 cmsg->cmsg_type = SCM_RIGHTS;
145 val = (int *)(CMSG_DATA(cmsg));
146 *val = sendfd;
147
148 msg.msg_name = NULL;
149 msg.msg_namelen = 0;
150
151 iov.iov_base = data ? data : buf;
152 iov.iov_len = data ? size : sizeof(buf);
153 msg.msg_iov = &iov;
154 msg.msg_iovlen = 1;
155
156 return sendmsg(fd, &msg, 0);
157 }
158
159 int lxc_af_unix_recv_fd(int fd, int *recvfd, void *data, size_t size)
160 {
161 struct msghdr msg = { 0 };
162 struct iovec iov;
163 struct cmsghdr *cmsg;
164 char cmsgbuf[CMSG_SPACE(sizeof(int))];
165 char buf[1];
166 int ret, *val;
167
168 msg.msg_name = NULL;
169 msg.msg_namelen = 0;
170 msg.msg_control = cmsgbuf;
171 msg.msg_controllen = sizeof(cmsgbuf);
172
173 iov.iov_base = data ? data : buf;
174 iov.iov_len = data ? size : sizeof(buf);
175 msg.msg_iov = &iov;
176 msg.msg_iovlen = 1;
177
178 ret = recvmsg(fd, &msg, 0);
179 if (ret <= 0)
180 goto out;
181
182 cmsg = CMSG_FIRSTHDR(&msg);
183
184 /* if the message is wrong the variable will not be
185 * filled and the peer will notified about a problem */
186 *recvfd = -1;
187
188 if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(int)) &&
189 cmsg->cmsg_level == SOL_SOCKET &&
190 cmsg->cmsg_type == SCM_RIGHTS) {
191 val = (int *) CMSG_DATA(cmsg);
192 *recvfd = *val;
193 }
194 out:
195 return ret;
196 }
197
198 int lxc_af_unix_send_credential(int fd, void *data, size_t size)
199 {
200 struct msghdr msg = { 0 };
201 struct iovec iov;
202 struct cmsghdr *cmsg;
203 struct ucred cred = {
204 .pid = getpid(),
205 .uid = getuid(),
206 .gid = getgid(),
207 };
208 char cmsgbuf[CMSG_SPACE(sizeof(cred))];
209 char buf[1];
210
211 msg.msg_control = cmsgbuf;
212 msg.msg_controllen = sizeof(cmsgbuf);
213
214 cmsg = CMSG_FIRSTHDR(&msg);
215 cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
216 cmsg->cmsg_level = SOL_SOCKET;
217 cmsg->cmsg_type = SCM_CREDENTIALS;
218 memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));
219
220 msg.msg_name = NULL;
221 msg.msg_namelen = 0;
222
223 iov.iov_base = data ? data : buf;
224 iov.iov_len = data ? size : sizeof(buf);
225 msg.msg_iov = &iov;
226 msg.msg_iovlen = 1;
227
228 return sendmsg(fd, &msg, 0);
229 }
230
231 int lxc_af_unix_rcv_credential(int fd, void *data, size_t size)
232 {
233 struct msghdr msg = { 0 };
234 struct iovec iov;
235 struct cmsghdr *cmsg;
236 struct ucred cred;
237 char cmsgbuf[CMSG_SPACE(sizeof(cred))];
238 char buf[1];
239 int ret;
240
241 msg.msg_name = NULL;
242 msg.msg_namelen = 0;
243 msg.msg_control = cmsgbuf;
244 msg.msg_controllen = sizeof(cmsgbuf);
245
246 iov.iov_base = data ? data : buf;
247 iov.iov_len = data ? size : sizeof(buf);
248 msg.msg_iov = &iov;
249 msg.msg_iovlen = 1;
250
251 ret = recvmsg(fd, &msg, 0);
252 if (ret <= 0)
253 goto out;
254
255 cmsg = CMSG_FIRSTHDR(&msg);
256
257 if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
258 cmsg->cmsg_level == SOL_SOCKET &&
259 cmsg->cmsg_type == SCM_CREDENTIALS) {
260 memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));
261 if (cred.uid && (cred.uid != getuid() || cred.gid != getgid())) {
262 INFO("message denied for '%d/%d'", cred.uid, cred.gid);
263 return -EACCES;
264 }
265 }
266 out:
267 return ret;
268 }
LXC mirror