]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/af_unix.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #2626 from brauner/2018-09-20/remove_locking
[mirror_lxc.git] / src / lxc / af_unix.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2008
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23 #include "config.h"
24
25 #include <errno.h>
26 #include <fcntl.h>
27 #include <stddef.h>
28 #include <stdio.h>
29 #include <stdlib.h>
30 #include <string.h>
31 #include <unistd.h>
32 #include <sys/socket.h>
33 #include <sys/syscall.h>
34 #include <sys/un.h>
35
36 #include "log.h"
37 #include "utils.h"
38
39 #ifndef HAVE_STRLCPY
40 #include "include/strlcpy.h"
41 #endif
42
43 lxc_log_define(af_unix, lxc);
44
45 static ssize_t lxc_abstract_unix_set_sockaddr(struct sockaddr_un *addr,
46 const char *path)
47 {
48 size_t len;
49
50 if (!addr || !path) {
51 errno = EINVAL;
52 return -1;
53 }
54
55 /* Clear address structure */
56 memset(addr, 0, sizeof(*addr));
57
58 addr->sun_family = AF_UNIX;
59
60 len = strlen(&path[1]);
61
62 /* do not enforce \0-termination */
63 if (len >= INT_MAX || len >= sizeof(addr->sun_path)) {
64 errno = ENAMETOOLONG;
65 return -1;
66 }
67
68 /* do not enforce \0-termination */
69 memcpy(&addr->sun_path[1], &path[1], len);
70 return len;
71 }
72
73 int lxc_abstract_unix_open(const char *path, int type, int flags)
74 {
75 int fd, ret;
76 ssize_t len;
77 struct sockaddr_un addr;
78
79 fd = socket(PF_UNIX, type, 0);
80 if (fd < 0)
81 return -1;
82
83 if (!path)
84 return fd;
85
86 len = lxc_abstract_unix_set_sockaddr(&addr, path);
87 if (len < 0) {
88 int saved_errno = errno;
89 close(fd);
90 errno = saved_errno;
91 return -1;
92 }
93
94 ret = bind(fd, (struct sockaddr *)&addr,
95 offsetof(struct sockaddr_un, sun_path) + len + 1);
96 if (ret < 0) {
97 int saved_errno = errno;
98 close(fd);
99 errno = saved_errno;
100 return -1;
101 }
102
103 if (type == SOCK_STREAM) {
104 ret = listen(fd, 100);
105 if (ret < 0) {
106 int saved_errno = errno;
107 close(fd);
108 errno = saved_errno;
109 return -1;
110 }
111 }
112
113 return fd;
114 }
115
116 void lxc_abstract_unix_close(int fd)
117 {
118 close(fd);
119 }
120
121 int lxc_abstract_unix_connect(const char *path)
122 {
123 int fd, ret;
124 ssize_t len;
125 struct sockaddr_un addr;
126
127 fd = socket(PF_UNIX, SOCK_STREAM, 0);
128 if (fd < 0)
129 return -1;
130
131 len = lxc_abstract_unix_set_sockaddr(&addr, path);
132 if (len < 0) {
133 int saved_errno = errno;
134 close(fd);
135 errno = saved_errno;
136 return -1;
137 }
138
139 ret = connect(fd, (struct sockaddr *)&addr,
140 offsetof(struct sockaddr_un, sun_path) + len + 1);
141 if (ret < 0) {
142 int saved_errno = errno;
143 close(fd);
144 errno = saved_errno;
145 return -1;
146 }
147
148 return fd;
149 }
150
151 int lxc_abstract_unix_send_fds(int fd, int *sendfds, int num_sendfds,
152 void *data, size_t size)
153 {
154 int ret;
155 struct msghdr msg;
156 struct iovec iov;
157 struct cmsghdr *cmsg = NULL;
158 char buf[1] = {0};
159 char *cmsgbuf;
160 size_t cmsgbufsize = CMSG_SPACE(num_sendfds * sizeof(int));
161
162 memset(&msg, 0, sizeof(msg));
163 memset(&iov, 0, sizeof(iov));
164
165 cmsgbuf = malloc(cmsgbufsize);
166 if (!cmsgbuf) {
167 errno = ENOMEM;
168 return -1;
169 }
170
171 msg.msg_control = cmsgbuf;
172 msg.msg_controllen = cmsgbufsize;
173
174 cmsg = CMSG_FIRSTHDR(&msg);
175 cmsg->cmsg_level = SOL_SOCKET;
176 cmsg->cmsg_type = SCM_RIGHTS;
177 cmsg->cmsg_len = CMSG_LEN(num_sendfds * sizeof(int));
178
179 msg.msg_controllen = cmsg->cmsg_len;
180
181 memcpy(CMSG_DATA(cmsg), sendfds, num_sendfds * sizeof(int));
182
183 iov.iov_base = data ? data : buf;
184 iov.iov_len = data ? size : sizeof(buf);
185 msg.msg_iov = &iov;
186 msg.msg_iovlen = 1;
187
188 ret = sendmsg(fd, &msg, MSG_NOSIGNAL);
189 free(cmsgbuf);
190 return ret;
191 }
192
193 int lxc_abstract_unix_recv_fds(int fd, int *recvfds, int num_recvfds,
194 void *data, size_t size)
195 {
196 int ret;
197 struct msghdr msg;
198 struct iovec iov;
199 struct cmsghdr *cmsg = NULL;
200 char buf[1] = {0};
201 char *cmsgbuf;
202 size_t cmsgbufsize = CMSG_SPACE(num_recvfds * sizeof(int));
203
204 memset(&msg, 0, sizeof(msg));
205 memset(&iov, 0, sizeof(iov));
206
207 cmsgbuf = malloc(cmsgbufsize);
208 if (!cmsgbuf) {
209 errno = ENOMEM;
210 return -1;
211 }
212
213 msg.msg_control = cmsgbuf;
214 msg.msg_controllen = cmsgbufsize;
215
216 iov.iov_base = data ? data : buf;
217 iov.iov_len = data ? size : sizeof(buf);
218 msg.msg_iov = &iov;
219 msg.msg_iovlen = 1;
220
221 ret = recvmsg(fd, &msg, 0);
222 if (ret <= 0)
223 goto out;
224
225 cmsg = CMSG_FIRSTHDR(&msg);
226
227 memset(recvfds, -1, num_recvfds * sizeof(int));
228 if (cmsg && cmsg->cmsg_len == CMSG_LEN(num_recvfds * sizeof(int)) &&
229 cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS)
230 memcpy(recvfds, CMSG_DATA(cmsg), num_recvfds * sizeof(int));
231
232 out:
233 free(cmsgbuf);
234 return ret;
235 }
236
237 int lxc_abstract_unix_send_credential(int fd, void *data, size_t size)
238 {
239 struct msghdr msg = {0};
240 struct iovec iov;
241 struct cmsghdr *cmsg;
242 struct ucred cred = {
243 .pid = lxc_raw_getpid(), .uid = getuid(), .gid = getgid(),
244 };
245 char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
246 char buf[1] = {0};
247
248 msg.msg_control = cmsgbuf;
249 msg.msg_controllen = sizeof(cmsgbuf);
250
251 cmsg = CMSG_FIRSTHDR(&msg);
252 cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
253 cmsg->cmsg_level = SOL_SOCKET;
254 cmsg->cmsg_type = SCM_CREDENTIALS;
255 memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));
256
257 msg.msg_name = NULL;
258 msg.msg_namelen = 0;
259
260 iov.iov_base = data ? data : buf;
261 iov.iov_len = data ? size : sizeof(buf);
262 msg.msg_iov = &iov;
263 msg.msg_iovlen = 1;
264
265 return sendmsg(fd, &msg, MSG_NOSIGNAL);
266 }
267
268 int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size)
269 {
270 struct msghdr msg = {0};
271 struct iovec iov;
272 struct cmsghdr *cmsg;
273 struct ucred cred;
274 int ret;
275 char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
276 char buf[1] = {0};
277
278 msg.msg_name = NULL;
279 msg.msg_namelen = 0;
280 msg.msg_control = cmsgbuf;
281 msg.msg_controllen = sizeof(cmsgbuf);
282
283 iov.iov_base = data ? data : buf;
284 iov.iov_len = data ? size : sizeof(buf);
285 msg.msg_iov = &iov;
286 msg.msg_iovlen = 1;
287
288 ret = recvmsg(fd, &msg, 0);
289 if (ret <= 0)
290 goto out;
291
292 cmsg = CMSG_FIRSTHDR(&msg);
293
294 if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
295 cmsg->cmsg_level == SOL_SOCKET &&
296 cmsg->cmsg_type == SCM_CREDENTIALS) {
297 memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));
298 if (cred.uid &&
299 (cred.uid != getuid() || cred.gid != getgid())) {
300 INFO("Message denied for '%d/%d'", cred.uid, cred.gid);
301 errno = EACCES;
302 return -1;
303 }
304 }
305
306 out:
307 return ret;
308 }
LXC mirror