]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/af_unix.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #2657 from ssup2/master
[mirror_lxc.git] / src / lxc / af_unix.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2008
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23
24 #ifndef _GNU_SOURCE
25 #define _GNU_SOURCE 1
26 #endif
27 #include <errno.h>
28 #include <fcntl.h>
29 #include <stddef.h>
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <unistd.h>
34 #include <sys/socket.h>
35 #include <sys/syscall.h>
36 #include <sys/un.h>
37
38 #include "config.h"
39 #include "log.h"
40 #include "utils.h"
41
42 #ifndef HAVE_STRLCPY
43 #include "include/strlcpy.h"
44 #endif
45
46 lxc_log_define(af_unix, lxc);
47
48 static ssize_t lxc_abstract_unix_set_sockaddr(struct sockaddr_un *addr,
49 const char *path)
50 {
51 size_t len;
52
53 if (!addr || !path) {
54 errno = EINVAL;
55 return -1;
56 }
57
58 /* Clear address structure */
59 memset(addr, 0, sizeof(*addr));
60
61 addr->sun_family = AF_UNIX;
62
63 len = strlen(&path[1]);
64
65 /* do not enforce \0-termination */
66 if (len >= INT_MAX || len >= sizeof(addr->sun_path)) {
67 errno = ENAMETOOLONG;
68 return -1;
69 }
70
71 /* do not enforce \0-termination */
72 memcpy(&addr->sun_path[1], &path[1], len);
73 return len;
74 }
75
76 int lxc_abstract_unix_open(const char *path, int type, int flags)
77 {
78 int fd, ret;
79 ssize_t len;
80 struct sockaddr_un addr;
81
82 fd = socket(PF_UNIX, type, 0);
83 if (fd < 0)
84 return -1;
85
86 if (!path)
87 return fd;
88
89 len = lxc_abstract_unix_set_sockaddr(&addr, path);
90 if (len < 0) {
91 int saved_errno = errno;
92 close(fd);
93 errno = saved_errno;
94 return -1;
95 }
96
97 ret = bind(fd, (struct sockaddr *)&addr,
98 offsetof(struct sockaddr_un, sun_path) + len + 1);
99 if (ret < 0) {
100 int saved_errno = errno;
101 close(fd);
102 errno = saved_errno;
103 return -1;
104 }
105
106 if (type == SOCK_STREAM) {
107 ret = listen(fd, 100);
108 if (ret < 0) {
109 int saved_errno = errno;
110 close(fd);
111 errno = saved_errno;
112 return -1;
113 }
114 }
115
116 return fd;
117 }
118
119 void lxc_abstract_unix_close(int fd)
120 {
121 close(fd);
122 }
123
124 int lxc_abstract_unix_connect(const char *path)
125 {
126 int fd, ret;
127 ssize_t len;
128 struct sockaddr_un addr;
129
130 fd = socket(PF_UNIX, SOCK_STREAM, 0);
131 if (fd < 0)
132 return -1;
133
134 len = lxc_abstract_unix_set_sockaddr(&addr, path);
135 if (len < 0) {
136 int saved_errno = errno;
137 close(fd);
138 errno = saved_errno;
139 return -1;
140 }
141
142 ret = connect(fd, (struct sockaddr *)&addr,
143 offsetof(struct sockaddr_un, sun_path) + len + 1);
144 if (ret < 0) {
145 int saved_errno = errno;
146 close(fd);
147 errno = saved_errno;
148 return -1;
149 }
150
151 return fd;
152 }
153
154 int lxc_abstract_unix_send_fds(int fd, int *sendfds, int num_sendfds,
155 void *data, size_t size)
156 {
157 int ret;
158 struct msghdr msg;
159 struct iovec iov;
160 struct cmsghdr *cmsg = NULL;
161 char buf[1] = {0};
162 char *cmsgbuf;
163 size_t cmsgbufsize = CMSG_SPACE(num_sendfds * sizeof(int));
164
165 memset(&msg, 0, sizeof(msg));
166 memset(&iov, 0, sizeof(iov));
167
168 cmsgbuf = malloc(cmsgbufsize);
169 if (!cmsgbuf) {
170 errno = ENOMEM;
171 return -1;
172 }
173
174 msg.msg_control = cmsgbuf;
175 msg.msg_controllen = cmsgbufsize;
176
177 cmsg = CMSG_FIRSTHDR(&msg);
178 cmsg->cmsg_level = SOL_SOCKET;
179 cmsg->cmsg_type = SCM_RIGHTS;
180 cmsg->cmsg_len = CMSG_LEN(num_sendfds * sizeof(int));
181
182 msg.msg_controllen = cmsg->cmsg_len;
183
184 memcpy(CMSG_DATA(cmsg), sendfds, num_sendfds * sizeof(int));
185
186 iov.iov_base = data ? data : buf;
187 iov.iov_len = data ? size : sizeof(buf);
188 msg.msg_iov = &iov;
189 msg.msg_iovlen = 1;
190
191 ret = sendmsg(fd, &msg, MSG_NOSIGNAL);
192 free(cmsgbuf);
193 return ret;
194 }
195
196 int lxc_abstract_unix_recv_fds(int fd, int *recvfds, int num_recvfds,
197 void *data, size_t size)
198 {
199 int ret;
200 struct msghdr msg;
201 struct iovec iov;
202 struct cmsghdr *cmsg = NULL;
203 char buf[1] = {0};
204 char *cmsgbuf;
205 size_t cmsgbufsize = CMSG_SPACE(num_recvfds * sizeof(int));
206
207 memset(&msg, 0, sizeof(msg));
208 memset(&iov, 0, sizeof(iov));
209
210 cmsgbuf = malloc(cmsgbufsize);
211 if (!cmsgbuf) {
212 errno = ENOMEM;
213 return -1;
214 }
215
216 msg.msg_control = cmsgbuf;
217 msg.msg_controllen = cmsgbufsize;
218
219 iov.iov_base = data ? data : buf;
220 iov.iov_len = data ? size : sizeof(buf);
221 msg.msg_iov = &iov;
222 msg.msg_iovlen = 1;
223
224 ret = recvmsg(fd, &msg, 0);
225 if (ret <= 0)
226 goto out;
227
228 cmsg = CMSG_FIRSTHDR(&msg);
229
230 memset(recvfds, -1, num_recvfds * sizeof(int));
231 if (cmsg && cmsg->cmsg_len == CMSG_LEN(num_recvfds * sizeof(int)) &&
232 cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS)
233 memcpy(recvfds, CMSG_DATA(cmsg), num_recvfds * sizeof(int));
234
235 out:
236 free(cmsgbuf);
237 return ret;
238 }
239
240 int lxc_abstract_unix_send_credential(int fd, void *data, size_t size)
241 {
242 struct msghdr msg = {0};
243 struct iovec iov;
244 struct cmsghdr *cmsg;
245 struct ucred cred = {
246 .pid = lxc_raw_getpid(), .uid = getuid(), .gid = getgid(),
247 };
248 char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
249 char buf[1] = {0};
250
251 msg.msg_control = cmsgbuf;
252 msg.msg_controllen = sizeof(cmsgbuf);
253
254 cmsg = CMSG_FIRSTHDR(&msg);
255 cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
256 cmsg->cmsg_level = SOL_SOCKET;
257 cmsg->cmsg_type = SCM_CREDENTIALS;
258 memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));
259
260 msg.msg_name = NULL;
261 msg.msg_namelen = 0;
262
263 iov.iov_base = data ? data : buf;
264 iov.iov_len = data ? size : sizeof(buf);
265 msg.msg_iov = &iov;
266 msg.msg_iovlen = 1;
267
268 return sendmsg(fd, &msg, MSG_NOSIGNAL);
269 }
270
271 int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size)
272 {
273 struct msghdr msg = {0};
274 struct iovec iov;
275 struct cmsghdr *cmsg;
276 struct ucred cred;
277 int ret;
278 char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
279 char buf[1] = {0};
280
281 msg.msg_name = NULL;
282 msg.msg_namelen = 0;
283 msg.msg_control = cmsgbuf;
284 msg.msg_controllen = sizeof(cmsgbuf);
285
286 iov.iov_base = data ? data : buf;
287 iov.iov_len = data ? size : sizeof(buf);
288 msg.msg_iov = &iov;
289 msg.msg_iovlen = 1;
290
291 ret = recvmsg(fd, &msg, 0);
292 if (ret <= 0)
293 goto out;
294
295 cmsg = CMSG_FIRSTHDR(&msg);
296
297 if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
298 cmsg->cmsg_level == SOL_SOCKET &&
299 cmsg->cmsg_type == SCM_CREDENTIALS) {
300 memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));
301 if (cred.uid &&
302 (cred.uid != getuid() || cred.gid != getgid())) {
303 INFO("Message denied for '%d/%d'", cred.uid, cred.gid);
304 errno = EACCES;
305 return -1;
306 }
307 }
308
309 out:
310 return ret;
311 }
LXC mirror