]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/af_unix.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #2044 from brauner/2017-12-16/lxc_ls_add_unprivileged_field
[mirror_lxc.git] / src / lxc / af_unix.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2008
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23 #include "config.h"
24
25 #include <errno.h>
26 #include <fcntl.h>
27 #include <stddef.h>
28 #include <stdio.h>
29 #include <stdlib.h>
30 #include <string.h>
31 #include <unistd.h>
32 #include <sys/socket.h>
33 #include <sys/syscall.h>
34 #include <sys/un.h>
35
36 #include "log.h"
37 #include "utils.h"
38
39 lxc_log_define(lxc_af_unix, lxc);
40
41 int lxc_abstract_unix_open(const char *path, int type, int flags)
42 {
43 int fd, ret;
44 size_t len;
45 struct sockaddr_un addr;
46
47 fd = socket(PF_UNIX, type, 0);
48 if (fd < 0)
49 return -1;
50
51 /* Clear address structure */
52 memset(&addr, 0, sizeof(addr));
53
54 if (!path)
55 return fd;
56
57 addr.sun_family = AF_UNIX;
58
59 len = strlen(&path[1]);
60 /* do not enforce \0-termination */
61 if (len >= sizeof(addr.sun_path)) {
62 close(fd);
63 errno = ENAMETOOLONG;
64 return -1;
65 }
66 /* addr.sun_path[0] has already been set to 0 by memset() */
67 strncpy(&addr.sun_path[1], &path[1], len);
68
69 ret = bind(fd, (struct sockaddr *)&addr,
70 offsetof(struct sockaddr_un, sun_path) + len + 1);
71 if (ret < 0) {
72 int tmp = errno;
73 close(fd);
74 errno = tmp;
75 return -1;
76 }
77
78 if (type == SOCK_STREAM) {
79 ret = listen(fd, 100);
80 if (ret < 0) {
81 int tmp = errno;
82 close(fd);
83 errno = tmp;
84 return -1;
85 }
86
87 }
88
89 return fd;
90 }
91
92 int lxc_abstract_unix_close(int fd)
93 {
94 close(fd);
95 return 0;
96 }
97
98 int lxc_abstract_unix_connect(const char *path)
99 {
100 int fd, ret;
101 size_t len;
102 struct sockaddr_un addr;
103
104 fd = socket(PF_UNIX, SOCK_STREAM, 0);
105 if (fd < 0)
106 return -1;
107
108 memset(&addr, 0, sizeof(addr));
109
110 addr.sun_family = AF_UNIX;
111
112 len = strlen(&path[1]);
113 /* do not enforce \0-termination */
114 if (len >= sizeof(addr.sun_path)) {
115 close(fd);
116 errno = ENAMETOOLONG;
117 return -1;
118 }
119 /* addr.sun_path[0] has already been set to 0 by memset() */
120 strncpy(&addr.sun_path[1], &path[1], strlen(&path[1]));
121
122 ret = connect(fd, (struct sockaddr *)&addr,
123 offsetof(struct sockaddr_un, sun_path) + len + 1);
124 if (ret < 0) {
125 close(fd);
126 return -1;
127 }
128
129 return fd;
130 }
131
132 int lxc_abstract_unix_send_fds(int fd, int *sendfds, int num_sendfds,
133 void *data, size_t size)
134 {
135 int ret;
136 struct msghdr msg;
137 struct iovec iov;
138 struct cmsghdr *cmsg = NULL;
139 char buf[1] = {0};
140 char *cmsgbuf;
141 size_t cmsgbufsize = CMSG_SPACE(num_sendfds * sizeof(int));
142
143 memset(&msg, 0, sizeof(msg));
144 memset(&iov, 0, sizeof(iov));
145
146 cmsgbuf = malloc(cmsgbufsize);
147 if (!cmsgbuf)
148 return -1;
149
150 msg.msg_control = cmsgbuf;
151 msg.msg_controllen = cmsgbufsize;
152
153 cmsg = CMSG_FIRSTHDR(&msg);
154 cmsg->cmsg_level = SOL_SOCKET;
155 cmsg->cmsg_type = SCM_RIGHTS;
156 cmsg->cmsg_len = CMSG_LEN(num_sendfds * sizeof(int));
157
158 msg.msg_controllen = cmsg->cmsg_len;
159
160 memcpy(CMSG_DATA(cmsg), sendfds, num_sendfds * sizeof(int));
161
162 iov.iov_base = data ? data : buf;
163 iov.iov_len = data ? size : sizeof(buf);
164 msg.msg_iov = &iov;
165 msg.msg_iovlen = 1;
166
167 ret = sendmsg(fd, &msg, MSG_NOSIGNAL);
168 free(cmsgbuf);
169 return ret;
170 }
171
172 int lxc_abstract_unix_recv_fds(int fd, int *recvfds, int num_recvfds,
173 void *data, size_t size)
174 {
175 int ret;
176 struct msghdr msg;
177 struct iovec iov;
178 struct cmsghdr *cmsg = NULL;
179 char buf[1] = {0};
180 char *cmsgbuf;
181 size_t cmsgbufsize = CMSG_SPACE(num_recvfds * sizeof(int));
182
183 memset(&msg, 0, sizeof(msg));
184 memset(&iov, 0, sizeof(iov));
185
186 cmsgbuf = malloc(cmsgbufsize);
187 if (!cmsgbuf)
188 return -1;
189
190 msg.msg_control = cmsgbuf;
191 msg.msg_controllen = cmsgbufsize;
192
193 iov.iov_base = data ? data : buf;
194 iov.iov_len = data ? size : sizeof(buf);
195 msg.msg_iov = &iov;
196 msg.msg_iovlen = 1;
197
198 ret = recvmsg(fd, &msg, 0);
199 if (ret <= 0)
200 goto out;
201
202 cmsg = CMSG_FIRSTHDR(&msg);
203
204 memset(recvfds, -1, num_recvfds * sizeof(int));
205 if (cmsg && cmsg->cmsg_len == CMSG_LEN(num_recvfds * sizeof(int)) &&
206 cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
207 memcpy(recvfds, CMSG_DATA(cmsg), num_recvfds * sizeof(int));
208 }
209
210 out:
211 free(cmsgbuf);
212 return ret;
213 }
214
215 int lxc_abstract_unix_send_credential(int fd, void *data, size_t size)
216 {
217 struct msghdr msg = {0};
218 struct iovec iov;
219 struct cmsghdr *cmsg;
220 struct ucred cred = {
221 .pid = lxc_raw_getpid(), .uid = getuid(), .gid = getgid(),
222 };
223 char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
224 char buf[1] = {0};
225
226 msg.msg_control = cmsgbuf;
227 msg.msg_controllen = sizeof(cmsgbuf);
228
229 cmsg = CMSG_FIRSTHDR(&msg);
230 cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
231 cmsg->cmsg_level = SOL_SOCKET;
232 cmsg->cmsg_type = SCM_CREDENTIALS;
233 memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));
234
235 msg.msg_name = NULL;
236 msg.msg_namelen = 0;
237
238 iov.iov_base = data ? data : buf;
239 iov.iov_len = data ? size : sizeof(buf);
240 msg.msg_iov = &iov;
241 msg.msg_iovlen = 1;
242
243 return sendmsg(fd, &msg, MSG_NOSIGNAL);
244 }
245
246 int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size)
247 {
248 struct msghdr msg = {0};
249 struct iovec iov;
250 struct cmsghdr *cmsg;
251 struct ucred cred;
252 int ret;
253 char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
254 char buf[1] = {0};
255
256 msg.msg_name = NULL;
257 msg.msg_namelen = 0;
258 msg.msg_control = cmsgbuf;
259 msg.msg_controllen = sizeof(cmsgbuf);
260
261 iov.iov_base = data ? data : buf;
262 iov.iov_len = data ? size : sizeof(buf);
263 msg.msg_iov = &iov;
264 msg.msg_iovlen = 1;
265
266 ret = recvmsg(fd, &msg, 0);
267 if (ret <= 0)
268 goto out;
269
270 cmsg = CMSG_FIRSTHDR(&msg);
271
272 if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
273 cmsg->cmsg_level == SOL_SOCKET &&
274 cmsg->cmsg_type == SCM_CREDENTIALS) {
275 memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));
276 if (cred.uid &&
277 (cred.uid != getuid() || cred.gid != getgid())) {
278 INFO("message denied for '%d/%d'", cred.uid, cred.gid);
279 return -EACCES;
280 }
281 }
282 out:
283 return ret;
284 }
LXC mirror