]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/af_unix.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #1665 from brauner/2017-07-01/deprecate_lxc_rootfs_backend
[mirror_lxc.git] / src / lxc / af_unix.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2008
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23 #include "config.h"
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <stddef.h>
28 #include <string.h>
29 #include <unistd.h>
30 #include <fcntl.h>
31 #include <errno.h>
32 #include <sys/socket.h>
33 #include <sys/un.h>
34
35 #include "log.h"
36
37 lxc_log_define(lxc_af_unix, lxc);
38
39 int lxc_abstract_unix_open(const char *path, int type, int flags)
40 {
41 int fd;
42 size_t len;
43 struct sockaddr_un addr;
44
45 fd = socket(PF_UNIX, type, 0);
46 if (fd < 0)
47 return -1;
48
49 /* Clear address structure */
50 memset(&addr, 0, sizeof(addr));
51
52 if (!path)
53 return fd;
54
55 addr.sun_family = AF_UNIX;
56
57 len = strlen(&path[1]);
58 /* do not enforce \0-termination */
59 if (len >= sizeof(addr.sun_path)) {
60 close(fd);
61 errno = ENAMETOOLONG;
62 return -1;
63 }
64 /* addr.sun_path[0] has already been set to 0 by memset() */
65 strncpy(&addr.sun_path[1], &path[1], strlen(&path[1]));
66
67 if (bind(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len + 1)) {
68 int tmp = errno;
69 close(fd);
70 errno = tmp;
71 return -1;
72 }
73
74 if (type == SOCK_STREAM && listen(fd, 100)) {
75 int tmp = errno;
76 close(fd);
77 errno = tmp;
78 return -1;
79 }
80
81 return fd;
82 }
83
84 int lxc_abstract_unix_close(int fd)
85 {
86 close(fd);
87
88 return 0;
89 }
90
91 int lxc_abstract_unix_connect(const char *path)
92 {
93 int fd;
94 size_t len;
95 struct sockaddr_un addr;
96
97 fd = socket(PF_UNIX, SOCK_STREAM, 0);
98 if (fd < 0)
99 return -1;
100
101 memset(&addr, 0, sizeof(addr));
102
103 addr.sun_family = AF_UNIX;
104
105 len = strlen(&path[1]);
106 /* do not enforce \0-termination */
107 if (len >= sizeof(addr.sun_path)) {
108 close(fd);
109 errno = ENAMETOOLONG;
110 return -1;
111 }
112 /* addr.sun_path[0] has already been set to 0 by memset() */
113 strncpy(&addr.sun_path[1], &path[1], strlen(&path[1]));
114
115 if (connect(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len + 1)) {
116 close(fd);
117 return -1;
118 }
119
120 return fd;
121 }
122
123 int lxc_abstract_unix_send_fds(int fd, int *sendfds, int num_sendfds,
124 void *data, size_t size)
125 {
126 int ret;
127 struct msghdr msg;
128 struct iovec iov;
129 struct cmsghdr *cmsg = NULL;
130 char buf[1] = {0};
131 char *cmsgbuf;
132 size_t cmsgbufsize = CMSG_SPACE(num_sendfds * sizeof(int));
133
134 memset(&msg, 0, sizeof(msg));
135 memset(&iov, 0, sizeof(iov));
136
137 cmsgbuf = malloc(cmsgbufsize);
138 if (!cmsgbuf)
139 return -1;
140
141 msg.msg_control = cmsgbuf;
142 msg.msg_controllen = cmsgbufsize;
143
144 cmsg = CMSG_FIRSTHDR(&msg);
145 cmsg->cmsg_level = SOL_SOCKET;
146 cmsg->cmsg_type = SCM_RIGHTS;
147 cmsg->cmsg_len = CMSG_LEN(num_sendfds * sizeof(int));
148
149 msg.msg_controllen = cmsg->cmsg_len;
150
151 memcpy(CMSG_DATA(cmsg), sendfds, num_sendfds * sizeof(int));
152
153 iov.iov_base = data ? data : buf;
154 iov.iov_len = data ? size : sizeof(buf);
155 msg.msg_iov = &iov;
156 msg.msg_iovlen = 1;
157
158 ret = sendmsg(fd, &msg, MSG_NOSIGNAL);
159 free(cmsgbuf);
160 return ret;
161 }
162
163 int lxc_abstract_unix_recv_fds(int fd, int *recvfds, int num_recvfds,
164 void *data, size_t size)
165 {
166 int ret;
167 struct msghdr msg;
168 struct iovec iov;
169 struct cmsghdr *cmsg = NULL;
170 char buf[1] = {0};
171 char *cmsgbuf;
172 size_t cmsgbufsize = CMSG_SPACE(num_recvfds * sizeof(int));
173
174 memset(&msg, 0, sizeof(msg));
175 memset(&iov, 0, sizeof(iov));
176
177 cmsgbuf = malloc(cmsgbufsize);
178 if (!cmsgbuf)
179 return -1;
180
181 msg.msg_control = cmsgbuf;
182 msg.msg_controllen = cmsgbufsize;
183
184 iov.iov_base = data ? data : buf;
185 iov.iov_len = data ? size : sizeof(buf);
186 msg.msg_iov = &iov;
187 msg.msg_iovlen = 1;
188
189 ret = recvmsg(fd, &msg, 0);
190 if (ret <= 0)
191 goto out;
192
193 cmsg = CMSG_FIRSTHDR(&msg);
194
195 memset(recvfds, -1, num_recvfds * sizeof(int));
196 if (cmsg && cmsg->cmsg_len == CMSG_LEN(num_recvfds * sizeof(int)) &&
197 cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
198 memcpy(recvfds, CMSG_DATA(cmsg), num_recvfds * sizeof(int));
199 }
200
201 out:
202 free(cmsgbuf);
203 return ret;
204 }
205
206 int lxc_abstract_unix_send_credential(int fd, void *data, size_t size)
207 {
208 struct msghdr msg = { 0 };
209 struct iovec iov;
210 struct cmsghdr *cmsg;
211 struct ucred cred = {
212 .pid = getpid(),
213 .uid = getuid(),
214 .gid = getgid(),
215 };
216 char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
217 char buf[1] = {0};
218
219 msg.msg_control = cmsgbuf;
220 msg.msg_controllen = sizeof(cmsgbuf);
221
222 cmsg = CMSG_FIRSTHDR(&msg);
223 cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
224 cmsg->cmsg_level = SOL_SOCKET;
225 cmsg->cmsg_type = SCM_CREDENTIALS;
226 memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));
227
228 msg.msg_name = NULL;
229 msg.msg_namelen = 0;
230
231 iov.iov_base = data ? data : buf;
232 iov.iov_len = data ? size : sizeof(buf);
233 msg.msg_iov = &iov;
234 msg.msg_iovlen = 1;
235
236 return sendmsg(fd, &msg, MSG_NOSIGNAL);
237 }
238
239 int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size)
240 {
241 struct msghdr msg = { 0 };
242 struct iovec iov;
243 struct cmsghdr *cmsg;
244 struct ucred cred;
245 int ret;
246 char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
247 char buf[1] = {0};
248
249 msg.msg_name = NULL;
250 msg.msg_namelen = 0;
251 msg.msg_control = cmsgbuf;
252 msg.msg_controllen = sizeof(cmsgbuf);
253
254 iov.iov_base = data ? data : buf;
255 iov.iov_len = data ? size : sizeof(buf);
256 msg.msg_iov = &iov;
257 msg.msg_iovlen = 1;
258
259 ret = recvmsg(fd, &msg, 0);
260 if (ret <= 0)
261 goto out;
262
263 cmsg = CMSG_FIRSTHDR(&msg);
264
265 if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
266 cmsg->cmsg_level == SOL_SOCKET &&
267 cmsg->cmsg_type == SCM_CREDENTIALS) {
268 memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));
269 if (cred.uid && (cred.uid != getuid() || cred.gid != getgid())) {
270 INFO("message denied for '%d/%d'", cred.uid, cred.gid);
271 return -EACCES;
272 }
273 }
274 out:
275 return ret;
276 }
LXC mirror