]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/af_unix.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
commands: handle epipe
[mirror_lxc.git] / src / lxc / af_unix.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2008
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23 #include "config.h"
24
25 #include <stddef.h>
26 #include <string.h>
27 #include <unistd.h>
28 #include <fcntl.h>
29 #include <errno.h>
30 #include <sys/socket.h>
31 #include <sys/un.h>
32
33 #include "log.h"
34
35 lxc_log_define(lxc_af_unix, lxc);
36
37 int lxc_abstract_unix_open(const char *path, int type, int flags)
38 {
39 int fd;
40 size_t len;
41 struct sockaddr_un addr;
42
43 if (flags & O_TRUNC)
44 unlink(path);
45
46 fd = socket(PF_UNIX, type, 0);
47 if (fd < 0)
48 return -1;
49
50 /* Clear address structure */
51 memset(&addr, 0, sizeof(addr));
52
53 if (!path)
54 return fd;
55
56 addr.sun_family = AF_UNIX;
57
58 len = strlen(&path[1]) + 1;
59 if (len >= sizeof(addr.sun_path) - 1) {
60 close(fd);
61 errno = ENAMETOOLONG;
62 return -1;
63 }
64 /* addr.sun_path[0] has already been set to 0 by memset() */
65 strncpy(&addr.sun_path[1], &path[1], strlen(&path[1]));
66
67 if (bind(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len)) {
68 int tmp = errno;
69 close(fd);
70 errno = tmp;
71 return -1;
72 }
73
74 if (type == SOCK_STREAM && listen(fd, 100)) {
75 int tmp = errno;
76 close(fd);
77 errno = tmp;
78 return -1;
79 }
80
81 return fd;
82 }
83
84 int lxc_abstract_unix_close(int fd)
85 {
86 struct sockaddr_un addr;
87 socklen_t addrlen = sizeof(addr);
88
89 if (!getsockname(fd, (struct sockaddr *)&addr, &addrlen) &&
90 addr.sun_path[0])
91 unlink(addr.sun_path);
92
93 close(fd);
94
95 return 0;
96 }
97
98 int lxc_abstract_unix_connect(const char *path)
99 {
100 int fd;
101 size_t len;
102 struct sockaddr_un addr;
103
104 fd = socket(PF_UNIX, SOCK_STREAM, 0);
105 if (fd < 0)
106 return -1;
107
108 memset(&addr, 0, sizeof(addr));
109
110 addr.sun_family = AF_UNIX;
111
112 len = strlen(&path[1]) + 1;
113 if (len >= sizeof(addr.sun_path) - 1) {
114 close(fd);
115 errno = ENAMETOOLONG;
116 return -1;
117 }
118 /* addr.sun_path[0] has already been set to 0 by memset() */
119 strncpy(&addr.sun_path[1], &path[1], strlen(&path[1]));
120
121 if (connect(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len)) {
122 int tmp = errno;
123 /* special case to connect to older containers */
124 if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) == 0)
125 return fd;
126 close(fd);
127 errno = tmp;
128 return -1;
129 }
130
131 return fd;
132 }
133
134 int lxc_abstract_unix_send_fd(int fd, int sendfd, void *data, size_t size)
135 {
136 struct msghdr msg = { 0 };
137 struct iovec iov;
138 struct cmsghdr *cmsg;
139 char cmsgbuf[CMSG_SPACE(sizeof(int))];
140 char buf[1];
141 int *val;
142
143 msg.msg_control = cmsgbuf;
144 msg.msg_controllen = sizeof(cmsgbuf);
145
146 cmsg = CMSG_FIRSTHDR(&msg);
147 cmsg->cmsg_len = CMSG_LEN(sizeof(int));
148 cmsg->cmsg_level = SOL_SOCKET;
149 cmsg->cmsg_type = SCM_RIGHTS;
150 val = (int *)(CMSG_DATA(cmsg));
151 *val = sendfd;
152
153 msg.msg_name = NULL;
154 msg.msg_namelen = 0;
155
156 iov.iov_base = data ? data : buf;
157 iov.iov_len = data ? size : sizeof(buf);
158 msg.msg_iov = &iov;
159 msg.msg_iovlen = 1;
160
161 return sendmsg(fd, &msg, MSG_NOSIGNAL);
162 }
163
164 int lxc_abstract_unix_recv_fd(int fd, int *recvfd, void *data, size_t size)
165 {
166 struct msghdr msg = { 0 };
167 struct iovec iov;
168 struct cmsghdr *cmsg;
169 char cmsgbuf[CMSG_SPACE(sizeof(int))];
170 char buf[1];
171 int ret, *val;
172
173 msg.msg_name = NULL;
174 msg.msg_namelen = 0;
175 msg.msg_control = cmsgbuf;
176 msg.msg_controllen = sizeof(cmsgbuf);
177
178 iov.iov_base = data ? data : buf;
179 iov.iov_len = data ? size : sizeof(buf);
180 msg.msg_iov = &iov;
181 msg.msg_iovlen = 1;
182
183 ret = recvmsg(fd, &msg, 0);
184 if (ret <= 0)
185 goto out;
186
187 cmsg = CMSG_FIRSTHDR(&msg);
188
189 /* if the message is wrong the variable will not be
190 * filled and the peer will notified about a problem */
191 *recvfd = -1;
192
193 if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(int)) &&
194 cmsg->cmsg_level == SOL_SOCKET &&
195 cmsg->cmsg_type == SCM_RIGHTS) {
196 val = (int *) CMSG_DATA(cmsg);
197 *recvfd = *val;
198 }
199 out:
200 return ret;
201 }
202
203 int lxc_abstract_unix_send_credential(int fd, void *data, size_t size)
204 {
205 struct msghdr msg = { 0 };
206 struct iovec iov;
207 struct cmsghdr *cmsg;
208 struct ucred cred = {
209 .pid = getpid(),
210 .uid = getuid(),
211 .gid = getgid(),
212 };
213 char cmsgbuf[CMSG_SPACE(sizeof(cred))];
214 char buf[1];
215
216 msg.msg_control = cmsgbuf;
217 msg.msg_controllen = sizeof(cmsgbuf);
218
219 cmsg = CMSG_FIRSTHDR(&msg);
220 cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
221 cmsg->cmsg_level = SOL_SOCKET;
222 cmsg->cmsg_type = SCM_CREDENTIALS;
223 memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));
224
225 msg.msg_name = NULL;
226 msg.msg_namelen = 0;
227
228 iov.iov_base = data ? data : buf;
229 iov.iov_len = data ? size : sizeof(buf);
230 msg.msg_iov = &iov;
231 msg.msg_iovlen = 1;
232
233 return sendmsg(fd, &msg, MSG_NOSIGNAL);
234 }
235
236 int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size)
237 {
238 struct msghdr msg = { 0 };
239 struct iovec iov;
240 struct cmsghdr *cmsg;
241 struct ucred cred;
242 char cmsgbuf[CMSG_SPACE(sizeof(cred))];
243 char buf[1];
244 int ret;
245
246 msg.msg_name = NULL;
247 msg.msg_namelen = 0;
248 msg.msg_control = cmsgbuf;
249 msg.msg_controllen = sizeof(cmsgbuf);
250
251 iov.iov_base = data ? data : buf;
252 iov.iov_len = data ? size : sizeof(buf);
253 msg.msg_iov = &iov;
254 msg.msg_iovlen = 1;
255
256 ret = recvmsg(fd, &msg, 0);
257 if (ret <= 0)
258 goto out;
259
260 cmsg = CMSG_FIRSTHDR(&msg);
261
262 if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
263 cmsg->cmsg_level == SOL_SOCKET &&
264 cmsg->cmsg_type == SCM_CREDENTIALS) {
265 memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));
266 if (cred.uid && (cred.uid != getuid() || cred.gid != getgid())) {
267 INFO("message denied for '%d/%d'", cred.uid, cred.gid);
268 return -EACCES;
269 }
270 }
271 out:
272 return ret;
273 }
LXC mirror