]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/terminal.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
build: add src/include to build and simplify header inclusions
[mirror_lxc.git] / src / lxc / terminal.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2
3 #ifndef _GNU_SOURCE
4 #define _GNU_SOURCE 1
5 #endif
6 #include <errno.h>
7 #include <fcntl.h>
8 #include <lxc/lxccontainer.h>
9 #include <pthread.h>
10 #include <signal.h>
11 #include <stdio.h>
12 #include <stdlib.h>
13 #include <sys/epoll.h>
14 #include <sys/types.h>
15 #include <termios.h>
16 #include <unistd.h>
17
18 #include "af_unix.h"
19 #include "caps.h"
20 #include "commands.h"
21 #include "conf.h"
22 #include "config.h"
23 #include "log.h"
24 #include "lxclock.h"
25 #include "mainloop.h"
26 #include "memory_utils.h"
27 #include "start.h"
28 #include "syscall_wrappers.h"
29 #include "terminal.h"
30 #include "utils.h"
31
32 #if HAVE_OPENPTY
33 #include <pty.h>
34 #else
35 #include "openpty.h"
36 #endif
37
38 #define LXC_TERMINAL_BUFFER_SIZE 1024
39
40 lxc_log_define(terminal, lxc);
41
42 void lxc_terminal_winsz(int srcfd, int dstfd)
43 {
44 int ret;
45 struct winsize wsz;
46
47 if (!isatty(srcfd))
48 return;
49
50 ret = ioctl(srcfd, TIOCGWINSZ, &wsz);
51 if (ret < 0) {
52 WARN("Failed to get window size");
53 return;
54 }
55
56 ret = ioctl(dstfd, TIOCSWINSZ, &wsz);
57 if (ret < 0)
58 WARN("Failed to set window size");
59 else
60 DEBUG("Set window size to %d columns and %d rows", wsz.ws_col,
61 wsz.ws_row);
62
63 return;
64 }
65
66 static void lxc_terminal_winch(struct lxc_terminal_state *ts)
67 {
68 lxc_terminal_winsz(ts->stdinfd, ts->ptxfd);
69 }
70
71 int lxc_terminal_signalfd_cb(int fd, uint32_t events, void *cbdata,
72 struct lxc_async_descr *descr)
73 {
74 ssize_t ret;
75 struct signalfd_siginfo siginfo;
76 struct lxc_terminal_state *ts = cbdata;
77
78 ret = lxc_read_nointr(fd, &siginfo, sizeof(siginfo));
79 if (ret < 0 || (size_t)ret < sizeof(siginfo)) {
80 ERROR("Failed to read signal info");
81 return LXC_MAINLOOP_ERROR;
82 }
83
84 if (siginfo.ssi_signo == SIGTERM) {
85 DEBUG("Received SIGTERM. Detaching from the terminal");
86 return LXC_MAINLOOP_CLOSE;
87 }
88
89 if (siginfo.ssi_signo == SIGWINCH)
90 lxc_terminal_winch(ts);
91
92 return LXC_MAINLOOP_CONTINUE;
93 }
94
95 struct lxc_terminal_state *lxc_terminal_signal_init(int srcfd, int dstfd)
96 {
97 __do_close int signal_fd = -EBADF;
98 __do_free struct lxc_terminal_state *ts = NULL;
99 int ret;
100 sigset_t mask;
101
102 ts = malloc(sizeof(*ts));
103 if (!ts)
104 return NULL;
105
106 memset(ts, 0, sizeof(*ts));
107 ts->stdinfd = srcfd;
108 ts->ptxfd = dstfd;
109 ts->sigfd = -1;
110
111 ret = sigemptyset(&mask);
112 if (ret < 0) {
113 SYSERROR("Failed to initialize an empty signal set");
114 return NULL;
115 }
116
117 if (isatty(srcfd)) {
118 ret = sigaddset(&mask, SIGWINCH);
119 if (ret < 0)
120 SYSNOTICE("Failed to add SIGWINCH to signal set");
121 } else {
122 INFO("fd %d does not refer to a tty device", srcfd);
123 }
124
125 /* Exit the mainloop cleanly on SIGTERM. */
126 ret = sigaddset(&mask, SIGTERM);
127 if (ret < 0) {
128 SYSERROR("Failed to add SIGWINCH to signal set");
129 return NULL;
130 }
131
132 ret = pthread_sigmask(SIG_BLOCK, &mask, &ts->oldmask);
133 if (ret < 0) {
134 WARN("Failed to block signals");
135 return NULL;
136 }
137
138 signal_fd = signalfd(-1, &mask, SFD_CLOEXEC);
139 if (signal_fd < 0) {
140 WARN("Failed to create signal fd");
141 (void)pthread_sigmask(SIG_SETMASK, &ts->oldmask, NULL);
142 return NULL;
143 }
144 ts->sigfd = move_fd(signal_fd);
145 TRACE("Created signal fd %d", ts->sigfd);
146
147 return move_ptr(ts);
148 }
149
150 int lxc_terminal_signal_sigmask_safe_blocked(struct lxc_terminal *terminal)
151 {
152 struct lxc_terminal_state *state = terminal->tty_state;
153
154 if (!state)
155 return 0;
156
157 return pthread_sigmask(SIG_SETMASK, &state->oldmask, NULL);
158 }
159
160 /**
161 * lxc_terminal_signal_fini: uninstall signal handler
162 *
163 * @terminal: terminal instance
164 *
165 * Restore the saved signal handler that was in effect at the time
166 * lxc_terminal_signal_init() was called.
167 */
168 static void lxc_terminal_signal_fini(struct lxc_terminal *terminal)
169 {
170 struct lxc_terminal_state *state = terminal->tty_state;
171
172 if (!terminal->tty_state)
173 return;
174
175 state = terminal->tty_state;
176 if (state->sigfd >= 0) {
177 close(state->sigfd);
178
179 if (pthread_sigmask(SIG_SETMASK, &state->oldmask, NULL) < 0)
180 SYSWARN("Failed to restore signal mask");
181 }
182
183 free(terminal->tty_state);
184 terminal->tty_state = NULL;
185 }
186
187 static int lxc_terminal_truncate_log_file(struct lxc_terminal *terminal)
188 {
189 /* be very certain things are kosher */
190 if (!terminal->log_path || terminal->log_fd < 0)
191 return -EBADF;
192
193 return lxc_unpriv(ftruncate(terminal->log_fd, 0));
194 }
195
196 static int lxc_terminal_rotate_log_file(struct lxc_terminal *terminal)
197 {
198 __do_free char *tmp = NULL;
199 int ret;
200 size_t len;
201
202 if (!terminal->log_path || terminal->log_rotate == 0)
203 return -EOPNOTSUPP;
204
205 /* be very certain things are kosher */
206 if (terminal->log_fd < 0)
207 return -EBADF;
208
209 len = strlen(terminal->log_path) + sizeof(".1");
210 tmp = must_realloc(NULL, len);
211
212 ret = strnprintf(tmp, len, "%s.1", terminal->log_path);
213 if (ret < 0)
214 return -EFBIG;
215
216 close(terminal->log_fd);
217 terminal->log_fd = -1;
218 ret = lxc_unpriv(rename(terminal->log_path, tmp));
219 if (ret < 0)
220 return ret;
221
222 return lxc_terminal_create_log_file(terminal);
223 }
224
225 static int lxc_terminal_write_log_file(struct lxc_terminal *terminal, char *buf,
226 int bytes_read)
227 {
228 int ret;
229 struct stat st;
230 int64_t space_left = -1;
231
232 if (terminal->log_fd < 0)
233 return 0;
234
235 /* A log size <= 0 means that there's no limit on the size of the log
236 * file at which point we simply ignore whether the log is supposed to
237 * be rotated or not.
238 */
239 if (terminal->log_size <= 0)
240 return lxc_write_nointr(terminal->log_fd, buf, bytes_read);
241
242 /* Get current size of the log file. */
243 ret = fstat(terminal->log_fd, &st);
244 if (ret < 0) {
245 SYSERROR("Failed to stat the terminal log file descriptor");
246 return -1;
247 }
248
249 /* handle non-regular files */
250 if ((st.st_mode & S_IFMT) != S_IFREG) {
251 /* This isn't a regular file. so rotating the file seems a
252 * dangerous thing to do, size limits are also very
253 * questionable. Let's not risk anything and tell the user that
254 * they're requesting us to do weird stuff.
255 */
256 if (terminal->log_rotate > 0 || terminal->log_size > 0)
257 return -EINVAL;
258
259 /* I mean, sure log wherever you want to. */
260 return lxc_write_nointr(terminal->log_fd, buf, bytes_read);
261 }
262
263 space_left = terminal->log_size - st.st_size;
264
265 /* User doesn't want to rotate the log file and there's no more space
266 * left so simply truncate it.
267 */
268 if (space_left <= 0 && terminal->log_rotate <= 0) {
269 ret = lxc_terminal_truncate_log_file(terminal);
270 if (ret < 0)
271 return ret;
272
273 if (bytes_read <= terminal->log_size)
274 return lxc_write_nointr(terminal->log_fd, buf, bytes_read);
275
276 /* Write as much as we can into the buffer and loose the rest. */
277 return lxc_write_nointr(terminal->log_fd, buf, terminal->log_size);
278 }
279
280 /* There's enough space left. */
281 if (bytes_read <= space_left)
282 return lxc_write_nointr(terminal->log_fd, buf, bytes_read);
283
284 /* There's not enough space left but at least write as much as we can
285 * into the old log file.
286 */
287 ret = lxc_write_nointr(terminal->log_fd, buf, space_left);
288 if (ret < 0)
289 return -1;
290
291 /* Calculate how many bytes we still need to write. */
292 bytes_read -= space_left;
293
294 /* There'd be more to write but we aren't instructed to rotate the log
295 * file so simply return. There's no error on our side here.
296 */
297 if (terminal->log_rotate > 0)
298 ret = lxc_terminal_rotate_log_file(terminal);
299 else
300 ret = lxc_terminal_truncate_log_file(terminal);
301 if (ret < 0)
302 return ret;
303
304 if (terminal->log_size < bytes_read) {
305 /* Well, this is unfortunate because it means that there is more
306 * to write than the user has granted us space. There are
307 * multiple ways to handle this but let's use the simplest one:
308 * write as much as we can, tell the user that there was more
309 * stuff to write and move on.
310 * Note that this scenario shouldn't actually happen with the
311 * standard pty-based terminal that LXC allocates since it will
312 * be switched into raw mode. In raw mode only 1 byte at a time
313 * should be read and written.
314 */
315 WARN("Size of terminal log file is smaller than the bytes to write");
316 ret = lxc_write_nointr(terminal->log_fd, buf, terminal->log_size);
317 if (ret < 0)
318 return -1;
319 bytes_read -= ret;
320 return bytes_read;
321 }
322
323 /* Yay, we made it. */
324 ret = lxc_write_nointr(terminal->log_fd, buf, bytes_read);
325 if (ret < 0)
326 return -1;
327 bytes_read -= ret;
328 return bytes_read;
329 }
330
331 static int lxc_terminal_ptx_io(struct lxc_terminal *terminal)
332 {
333 char buf[LXC_TERMINAL_BUFFER_SIZE];
334 int r, w, w_log, w_rbuf;
335
336 w = r = lxc_read_nointr(terminal->ptx, buf, sizeof(buf));
337 if (r <= 0)
338 return -1;
339
340 w_rbuf = w_log = 0;
341 /* write to peer first */
342 if (terminal->peer >= 0)
343 w = lxc_write_nointr(terminal->peer, buf, r);
344
345 /* write to terminal ringbuffer */
346 if (terminal->buffer_size > 0)
347 w_rbuf = lxc_ringbuf_write(&terminal->ringbuf, buf, r);
348
349 /* write to terminal log */
350 if (terminal->log_fd >= 0)
351 w_log = lxc_terminal_write_log_file(terminal, buf, r);
352
353 if (w != r)
354 WARN("Short write on terminal r:%d != w:%d", r, w);
355
356 if (w_rbuf < 0) {
357 errno = -w_rbuf;
358 SYSTRACE("Failed to write %d bytes to terminal ringbuffer", r);
359 }
360
361 if (w_log < 0)
362 TRACE("Failed to write %d bytes to terminal log", r);
363
364 return 0;
365 }
366
367 static int lxc_terminal_peer_io(struct lxc_terminal *terminal)
368 {
369 char buf[LXC_TERMINAL_BUFFER_SIZE];
370 int r, w;
371
372 w = r = lxc_read_nointr(terminal->peer, buf, sizeof(buf));
373 if (r <= 0)
374 return -1;
375
376 w = lxc_write_nointr(terminal->ptx, buf, r);
377 if (w != r)
378 WARN("Short write on terminal r:%d != w:%d", r, w);
379
380 return 0;
381 }
382
383 static int lxc_terminal_ptx_io_handler(int fd, uint32_t events, void *data,
384 struct lxc_async_descr *descr)
385 {
386 struct lxc_terminal *terminal = data;
387 int ret;
388
389 ret = lxc_terminal_ptx_io(data);
390 if (ret < 0)
391 return log_info(LXC_MAINLOOP_CLOSE,
392 "Terminal client on fd %d has exited",
393 terminal->ptx);
394
395 return LXC_MAINLOOP_CONTINUE;
396 }
397
398 static int lxc_terminal_peer_io_handler(int fd, uint32_t events, void *data,
399 struct lxc_async_descr *descr)
400 {
401 struct lxc_terminal *terminal = data;
402 int ret;
403
404 ret = lxc_terminal_peer_io(data);
405 if (ret < 0)
406 return log_info(LXC_MAINLOOP_CLOSE,
407 "Terminal client on fd %d has exited",
408 terminal->peer);
409
410 return LXC_MAINLOOP_CONTINUE;
411 }
412
413 static int lxc_terminal_mainloop_add_peer(struct lxc_terminal *terminal)
414 {
415 int ret;
416
417 if (terminal->peer >= 0) {
418 ret = lxc_mainloop_add_handler(terminal->descr, terminal->peer,
419 lxc_terminal_peer_io_handler,
420 default_cleanup_handler,
421 terminal, "lxc_terminal_peer_io_handler");
422 if (ret < 0) {
423 WARN("Failed to add terminal peer handler to mainloop");
424 return -1;
425 }
426 }
427
428 if (!terminal->tty_state || terminal->tty_state->sigfd < 0)
429 return 0;
430
431 ret = lxc_mainloop_add_handler(terminal->descr,
432 terminal->tty_state->sigfd,
433 lxc_terminal_signalfd_cb,
434 default_cleanup_handler,
435 terminal->tty_state,
436 "lxc_terminal_signalfd_cb");
437 if (ret < 0) {
438 WARN("Failed to add signal handler to mainloop");
439 return -1;
440 }
441
442 return 0;
443 }
444
445 int lxc_terminal_mainloop_add(struct lxc_async_descr *descr,
446 struct lxc_terminal *terminal)
447 {
448 int ret;
449
450 if (terminal->ptx < 0) {
451 INFO("Terminal is not initialized");
452 return 0;
453 }
454
455 ret = lxc_mainloop_add_handler(descr, terminal->ptx,
456 lxc_terminal_ptx_io_handler,
457 default_cleanup_handler,
458 terminal, "lxc_terminal_ptx_io_handler");
459 if (ret < 0) {
460 ERROR("Failed to add handler for terminal ptx fd %d to mainloop", terminal->ptx);
461 return -1;
462 }
463
464 /* We cache the descr so that we can add an fd to it when someone
465 * does attach to it in lxc_terminal_allocate().
466 */
467 terminal->descr = descr;
468
469 return lxc_terminal_mainloop_add_peer(terminal);
470 }
471
472 int lxc_setup_tios(int fd, struct termios *oldtios)
473 {
474 int ret;
475 struct termios newtios;
476
477 if (!isatty(fd)) {
478 ERROR("File descriptor %d does not refer to a terminal", fd);
479 return -1;
480 }
481
482 /* Get current termios. */
483 ret = tcgetattr(fd, oldtios);
484 if (ret < 0) {
485 SYSERROR("Failed to get current terminal settings");
486 return -1;
487 }
488
489 /* ensure we don't end up in an endless loop:
490 * The kernel might fire SIGTTOU while an
491 * ioctl() in tcsetattr() is executed. When the ioctl()
492 * is resumed and retries, the signal handler interrupts it again.
493 */
494 signal (SIGTTIN, SIG_IGN);
495 signal (SIGTTOU, SIG_IGN);
496
497 newtios = *oldtios;
498
499 /* We use the same settings that ssh does. */
500 newtios.c_iflag |= IGNPAR;
501 newtios.c_iflag &= ~(ISTRIP | INLCR | IGNCR | ICRNL | IXON | IXANY | IXOFF);
502 #ifdef IUCLC
503 newtios.c_iflag &= ~IUCLC;
504 #endif
505 newtios.c_lflag &= ~(TOSTOP | ISIG | ICANON | ECHO | ECHOE | ECHOK | ECHONL);
506 #ifdef IEXTEN
507 newtios.c_lflag &= ~IEXTEN;
508 #endif
509 newtios.c_oflag |= ONLCR;
510 newtios.c_oflag |= OPOST;
511 newtios.c_cc[VMIN] = 1;
512 newtios.c_cc[VTIME] = 0;
513
514 /* Set new attributes. */
515 ret = tcsetattr(fd, TCSAFLUSH, &newtios);
516 if (ret < 0) {
517 ERROR("Failed to set new terminal settings");
518 return -1;
519 }
520
521 return 0;
522 }
523
524 static void lxc_terminal_peer_proxy_free(struct lxc_terminal *terminal)
525 {
526 lxc_terminal_signal_fini(terminal);
527
528 close(terminal->proxy.ptx);
529 terminal->proxy.ptx = -1;
530
531 close(terminal->proxy.pty);
532 terminal->proxy.pty = -1;
533
534 terminal->proxy.busy = -1;
535
536 terminal->proxy.name[0] = '\0';
537
538 terminal->peer = -1;
539 }
540
541 static int lxc_terminal_peer_proxy_alloc(struct lxc_terminal *terminal,
542 int sockfd)
543 {
544 int ret;
545 struct termios oldtermio;
546 struct lxc_terminal_state *ts;
547
548 if (terminal->ptx < 0) {
549 ERROR("Terminal not set up");
550 return -1;
551 }
552
553 if (terminal->proxy.busy != -1 || terminal->peer != -1) {
554 NOTICE("Terminal already in use");
555 return -1;
556 }
557
558 if (terminal->tty_state) {
559 ERROR("Terminal has already been initialized");
560 return -1;
561 }
562
563 /* This is the proxy terminal that will be given to the client, and
564 * that the real terminal ptx will send to / recv from.
565 */
566 ret = openpty(&terminal->proxy.ptx, &terminal->proxy.pty, NULL,
567 NULL, NULL);
568 if (ret < 0) {
569 SYSERROR("Failed to open proxy terminal");
570 return -1;
571 }
572
573 ret = ttyname_r(terminal->proxy.pty, terminal->proxy.name,
574 sizeof(terminal->proxy.name));
575 if (ret < 0) {
576 SYSERROR("Failed to retrieve name of proxy terminal pty");
577 goto on_error;
578 }
579
580 ret = fd_cloexec(terminal->proxy.ptx, true);
581 if (ret < 0) {
582 SYSERROR("Failed to set FD_CLOEXEC flag on proxy terminal ptx");
583 goto on_error;
584 }
585
586 ret = fd_cloexec(terminal->proxy.pty, true);
587 if (ret < 0) {
588 SYSERROR("Failed to set FD_CLOEXEC flag on proxy terminal pty");
589 goto on_error;
590 }
591
592 ret = lxc_setup_tios(terminal->proxy.pty, &oldtermio);
593 if (ret < 0)
594 goto on_error;
595
596 ts = lxc_terminal_signal_init(terminal->proxy.ptx, terminal->ptx);
597 if (!ts)
598 goto on_error;
599
600 terminal->tty_state = ts;
601 terminal->peer = terminal->proxy.pty;
602 terminal->proxy.busy = sockfd;
603 ret = lxc_terminal_mainloop_add_peer(terminal);
604 if (ret < 0)
605 goto on_error;
606
607 NOTICE("Opened proxy terminal with ptx fd %d and pty fd %d",
608 terminal->proxy.ptx, terminal->proxy.pty);
609 return 0;
610
611 on_error:
612 lxc_terminal_peer_proxy_free(terminal);
613 return -1;
614 }
615
616 int lxc_terminal_allocate(struct lxc_conf *conf, int sockfd, int *ttyreq)
617 {
618 int ttynum;
619 int ptxfd = -1;
620 struct lxc_tty_info *ttys = &conf->ttys;
621 struct lxc_terminal *terminal = &conf->console;
622
623 if (*ttyreq == 0) {
624 int ret;
625
626 ret = lxc_terminal_peer_proxy_alloc(terminal, sockfd);
627 if (ret < 0)
628 goto out;
629
630 ptxfd = terminal->proxy.ptx;
631 goto out;
632 }
633
634 if (*ttyreq > 0) {
635 if (*ttyreq > ttys->max)
636 goto out;
637
638 if (ttys->tty[*ttyreq - 1].busy >= 0)
639 goto out;
640
641 /* The requested tty is available. */
642 ttynum = *ttyreq;
643 goto out_tty;
644 }
645
646 /* Search for next available tty, fixup index tty1 => [0]. */
647 for (ttynum = 1; ttynum <= ttys->max && ttys->tty[ttynum - 1].busy >= 0; ttynum++) {
648 ;
649 }
650
651 /* We didn't find any available slot for tty. */
652 if (ttynum > ttys->max)
653 goto out;
654
655 *ttyreq = ttynum;
656
657 out_tty:
658 ttys->tty[ttynum - 1].busy = sockfd;
659 ptxfd = ttys->tty[ttynum - 1].ptx;
660
661 out:
662 return ptxfd;
663 }
664
665 void lxc_terminal_free(struct lxc_conf *conf, int fd)
666 {
667 int i;
668 struct lxc_tty_info *ttys = &conf->ttys;
669 struct lxc_terminal *terminal = &conf->console;
670
671 for (i = 0; i < ttys->max; i++)
672 if (ttys->tty[i].busy == fd)
673 ttys->tty[i].busy = -1;
674
675 if (terminal->proxy.busy != fd)
676 return;
677
678 lxc_mainloop_del_handler(terminal->descr, terminal->proxy.pty);
679 lxc_terminal_peer_proxy_free(terminal);
680 }
681
682 static int lxc_terminal_peer_default(struct lxc_terminal *terminal)
683 {
684 struct lxc_terminal_state *ts;
685 const char *path;
686 int ret = 0;
687
688 if (terminal->path)
689 path = terminal->path;
690 else
691 path = "/dev/tty";
692
693 terminal->peer = lxc_unpriv(open(path, O_RDWR | O_CLOEXEC));
694 if (terminal->peer < 0) {
695 if (!terminal->path) {
696 errno = ENODEV;
697 SYSDEBUG("The process does not have a controlling terminal");
698 goto on_succes;
699 }
700
701 SYSERROR("Failed to open proxy terminal \"%s\"", path);
702 return -ENOTTY;
703 }
704 DEBUG("Using terminal \"%s\" as proxy", path);
705
706 if (!isatty(terminal->peer)) {
707 ERROR("File descriptor for \"%s\" does not refer to a terminal", path);
708 goto on_error_free_tios;
709 }
710
711 ts = lxc_terminal_signal_init(terminal->peer, terminal->ptx);
712 terminal->tty_state = ts;
713 if (!ts) {
714 WARN("Failed to install signal handler");
715 goto on_error_free_tios;
716 }
717
718 lxc_terminal_winsz(terminal->peer, terminal->ptx);
719
720 terminal->tios = malloc(sizeof(*terminal->tios));
721 if (!terminal->tios)
722 goto on_error_free_tios;
723
724 ret = lxc_setup_tios(terminal->peer, terminal->tios);
725 if (ret < 0)
726 goto on_error_close_peer;
727 else
728 goto on_succes;
729
730 on_error_free_tios:
731 free(terminal->tios);
732 terminal->tios = NULL;
733
734 on_error_close_peer:
735 close(terminal->peer);
736 terminal->peer = -1;
737 ret = -ENOTTY;
738
739 on_succes:
740 return ret;
741 }
742
743 int lxc_terminal_write_ringbuffer(struct lxc_terminal *terminal)
744 {
745 char *r_addr;
746 ssize_t ret;
747 uint64_t used;
748 struct lxc_ringbuf *buf = &terminal->ringbuf;
749
750 /* There's not log file where we can dump the ringbuffer to. */
751 if (terminal->log_fd < 0)
752 return 0;
753
754 used = lxc_ringbuf_used(buf);
755 if (used == 0)
756 return 0;
757
758 ret = lxc_terminal_truncate_log_file(terminal);
759 if (ret < 0)
760 return ret;
761
762 /* Write as much as we can without exceeding the limit. */
763 if (terminal->log_size < used)
764 used = terminal->log_size;
765
766 r_addr = lxc_ringbuf_get_read_addr(buf);
767 ret = lxc_write_nointr(terminal->log_fd, r_addr, used);
768 if (ret < 0)
769 return -EIO;
770
771 return 0;
772 }
773
774 void lxc_terminal_delete(struct lxc_terminal *terminal)
775 {
776 int ret;
777
778 ret = lxc_terminal_write_ringbuffer(terminal);
779 if (ret < 0)
780 WARN("Failed to write terminal log to disk");
781
782 if (terminal->tios && terminal->peer >= 0) {
783 ret = tcsetattr(terminal->peer, TCSAFLUSH, terminal->tios);
784 if (ret < 0)
785 SYSWARN("Failed to set old terminal settings");
786 }
787 free(terminal->tios);
788 terminal->tios = NULL;
789
790 if (terminal->peer >= 0)
791 close(terminal->peer);
792 terminal->peer = -1;
793
794 if (terminal->ptx >= 0)
795 close(terminal->ptx);
796 terminal->ptx = -1;
797
798 if (terminal->pty >= 0)
799 close(terminal->pty);
800 terminal->pty = -1;
801
802 terminal->pty_nr = -1;
803
804 if (terminal->log_fd >= 0)
805 close(terminal->log_fd);
806 terminal->log_fd = -1;
807 }
808
809 /**
810 * Note that this function needs to run before the mainloop starts. Since we
811 * register a handler for the terminal's ptxfd when we create the mainloop
812 * the terminal handler needs to see an allocated ringbuffer.
813 */
814 static int lxc_terminal_create_ringbuf(struct lxc_terminal *terminal)
815 {
816 int ret;
817 struct lxc_ringbuf *buf = &terminal->ringbuf;
818 uint64_t size = terminal->buffer_size;
819
820 /* no ringbuffer previously allocated and no ringbuffer requested */
821 if (!buf->addr && size <= 0)
822 return 0;
823
824 /* ringbuffer allocated but no new ringbuffer requested */
825 if (buf->addr && size <= 0) {
826 lxc_ringbuf_release(buf);
827 buf->addr = NULL;
828 buf->r_off = 0;
829 buf->w_off = 0;
830 buf->size = 0;
831 TRACE("Deallocated terminal ringbuffer");
832 return 0;
833 }
834
835 if (size <= 0)
836 return 0;
837
838 /* check wether the requested size for the ringbuffer has changed */
839 if (buf->addr && buf->size != size) {
840 TRACE("Terminal ringbuffer size changed from %" PRIu64
841 " to %" PRIu64 " bytes. Deallocating terminal ringbuffer",
842 buf->size, size);
843 lxc_ringbuf_release(buf);
844 }
845
846 ret = lxc_ringbuf_create(buf, size);
847 if (ret < 0) {
848 ERROR("Failed to setup %" PRIu64 " byte terminal ringbuffer", size);
849 return -1;
850 }
851
852 TRACE("Allocated %" PRIu64 " byte terminal ringbuffer", size);
853 return 0;
854 }
855
856 /**
857 * This is the terminal log file. Please note that the terminal log file is
858 * (implementation wise not content wise) independent of the terminal ringbuffer.
859 */
860 int lxc_terminal_create_log_file(struct lxc_terminal *terminal)
861 {
862 if (!terminal->log_path)
863 return 0;
864
865 terminal->log_fd = lxc_unpriv(open(terminal->log_path, O_CLOEXEC | O_RDWR | O_CREAT | O_APPEND, 0600));
866 if (terminal->log_fd < 0) {
867 SYSERROR("Failed to open terminal log file \"%s\"", terminal->log_path);
868 return -1;
869 }
870
871 DEBUG("Using \"%s\" as terminal log file", terminal->log_path);
872 return 0;
873 }
874
875 static int lxc_terminal_map_ids(struct lxc_conf *c, struct lxc_terminal *terminal)
876 {
877 int ret;
878
879 if (list_empty(&c->id_map))
880 return 0;
881
882 if (is_empty_string(terminal->name) && terminal->pty < 0)
883 return 0;
884
885 if (terminal->pty >= 0)
886 ret = userns_exec_mapped_root(NULL, terminal->pty, c);
887 else
888 ret = userns_exec_mapped_root(terminal->name, -EBADF, c);
889 if (ret < 0)
890 return log_error(-1, "Failed to chown terminal %d(%s)", terminal->pty,
891 !is_empty_string(terminal->name) ? terminal->name : "(null)");
892
893 TRACE("Chowned terminal %d(%s)", terminal->pty,
894 !is_empty_string(terminal->name) ? terminal->name : "(null)");
895
896 return 0;
897 }
898
899 static int lxc_terminal_create_foreign(struct lxc_conf *conf, struct lxc_terminal *terminal)
900 {
901 int ret;
902
903 ret = openpty(&terminal->ptx, &terminal->pty, NULL, NULL, NULL);
904 if (ret < 0) {
905 SYSERROR("Failed to open terminal");
906 return -1;
907 }
908
909 ret = lxc_terminal_map_ids(conf, terminal);
910 if (ret < 0) {
911 SYSERROR("Failed to change ownership of terminal multiplexer device");
912 goto err;
913 }
914
915 ret = ttyname_r(terminal->pty, terminal->name, sizeof(terminal->name));
916 if (ret < 0) {
917 SYSERROR("Failed to retrieve name of terminal pty");
918 goto err;
919 }
920
921 ret = fd_cloexec(terminal->ptx, true);
922 if (ret < 0) {
923 SYSERROR("Failed to set FD_CLOEXEC flag on terminal ptx");
924 goto err;
925 }
926
927 ret = fd_cloexec(terminal->pty, true);
928 if (ret < 0) {
929 SYSERROR("Failed to set FD_CLOEXEC flag on terminal pty");
930 goto err;
931 }
932
933 ret = lxc_terminal_peer_default(terminal);
934 if (ret < 0) {
935 ERROR("Failed to allocate proxy terminal");
936 goto err;
937 }
938
939 return 0;
940
941 err:
942 lxc_terminal_delete(terminal);
943 return -ENODEV;
944 }
945
946 int lxc_devpts_terminal(int devpts_fd, int *ret_ptx, int *ret_pty,
947 int *ret_pty_nr, bool require_tiocgptpeer)
948 {
949 __do_close int fd_devpts = -EBADF, fd_ptx = -EBADF,
950 fd_opath_pty = -EBADF, fd_pty = -EBADF;
951 int pty_nr = -1;
952 int ret;
953
954 /*
955 * When we aren't told what devpts instance to allocate from we assume
956 * it is the one in the caller's mount namespace.
957 * This poses a slight complication, a lot of distros will change
958 * permissions on /dev/ptmx so it can be opened by unprivileged users
959 * but will not change permissions on /dev/pts/ptmx itself. In
960 * addition, /dev/ptmx can either be a symlink, a bind-mount, or a
961 * separate device node. So we need to allow for fairly lax lookup.
962 */
963 if (devpts_fd < 0)
964 fd_ptx = open_at(-EBADF, "/dev/ptmx", PROTECT_OPEN_RW & ~O_NOFOLLOW,
965 PROTECT_LOOKUP_ABSOLUTE_XDEV_SYMLINKS, 0);
966 else
967 fd_ptx = open_beneath(devpts_fd, "ptmx", O_RDWR | O_NOCTTY | O_CLOEXEC);
968 if (fd_ptx < 0) {
969 if (errno == ENOSPC)
970 return systrace("Exceeded number of allocatable terminals");
971
972 return syserror("Failed to open terminal multiplexer device");
973 }
974
975 if (devpts_fd < 0) {
976 fd_devpts = open_at(-EBADF, "/dev/pts", PROTECT_OPATH_DIRECTORY,
977 PROTECT_LOOKUP_ABSOLUTE_XDEV, 0);
978 if (fd_devpts < 0)
979 return syserror("Failed to open devpts instance");
980
981 if (!same_device(fd_devpts, "ptmx", fd_ptx, ""))
982 return syserror("The acquired ptmx devices don't match");
983 devpts_fd = fd_devpts;
984 }
985
986 ret = unlockpt(fd_ptx);
987 if (ret < 0)
988 return syswarn_set(-ENODEV, "Failed to unlock multiplexer device device");
989
990 fd_pty = ioctl(fd_ptx, TIOCGPTPEER, O_RDWR | O_NOCTTY | O_CLOEXEC);
991 if (fd_pty < 0) {
992 switch (errno) {
993 case ENOTTY:
994 SYSTRACE("Pure fd-based terminal allocation not possible");
995 break;
996 case ENOSPC:
997 SYSTRACE("Exceeded number of allocatable terminals");
998 break;
999 default:
1000 SYSWARN("Failed to allocate new pty device");
1001 return -errno;
1002 }
1003
1004 /* The caller tells us that they trust the devpts instance. */
1005 if (require_tiocgptpeer)
1006 return ret_errno(ENODEV);
1007 }
1008
1009 ret = ioctl(fd_ptx, TIOCGPTN, &pty_nr);
1010 if (ret)
1011 return syswarn_set(-ENODEV, "Failed to retrieve name of terminal pty");
1012
1013 if (fd_pty < 0) {
1014 /*
1015 * If we end up it means that TIOCGPTPEER isn't supported but
1016 * the caller told us they trust the devpts instance so we use
1017 * the pty nr to open the pty side.
1018 */
1019 fd_pty = open_at(devpts_fd, fdstr(pty_nr), PROTECT_OPEN_RW,
1020 PROTECT_LOOKUP_ABSOLUTE_XDEV, 0);
1021 if (fd_pty < 0)
1022 return syswarn_set(-ENODEV, "Failed to open terminal pty fd by path %d/%d",
1023 devpts_fd, pty_nr);
1024 } else {
1025 fd_opath_pty = open_at(devpts_fd, fdstr(pty_nr), PROTECT_OPATH_FILE,
1026 PROTECT_LOOKUP_ABSOLUTE_XDEV, 0);
1027 if (fd_opath_pty < 0)
1028 return syswarn_set(-ENODEV, "Failed to open terminal pty fd by path %d/%d",
1029 devpts_fd, pty_nr);
1030
1031 if (!same_file_lax(fd_pty, fd_opath_pty))
1032 return syswarn_set(-ENODEV, "Terminal file descriptor changed");
1033 }
1034
1035 *ret_ptx = move_fd(fd_ptx);
1036 *ret_pty = move_fd(fd_pty);
1037 *ret_pty_nr = pty_nr;
1038 return 0;
1039 }
1040
1041 int lxc_terminal_parent(struct lxc_conf *conf)
1042 {
1043 struct lxc_terminal *console = &conf->console;
1044 int ret;
1045
1046 if (!wants_console(&conf->console))
1047 return 0;
1048
1049 /* Allocate console from the container's devpts. */
1050 if (conf->pty_max > 1)
1051 return 0;
1052
1053 /* Allocate console for the container from the host's devpts. */
1054 ret = lxc_devpts_terminal(-EBADF, &console->ptx, &console->pty,
1055 &console->pty_nr, false);
1056 if (ret < 0)
1057 return syserror("Failed to allocate console");
1058
1059 ret = strnprintf(console->name, sizeof(console->name),
1060 "/dev/pts/%d", console->pty_nr);
1061 if (ret < 0)
1062 return syserror("Failed to create console path");
1063
1064 return lxc_terminal_map_ids(conf, &conf->console);
1065 }
1066
1067 static int lxc_terminal_create_native(const char *name, const char *lxcpath,
1068 struct lxc_terminal *terminal)
1069 {
1070 __do_close int devpts_fd = -EBADF;
1071 int ret;
1072
1073 devpts_fd = lxc_cmd_get_devpts_fd(name, lxcpath);
1074 if (devpts_fd < 0)
1075 return sysinfo("Failed to receive devpts fd");
1076
1077 ret = lxc_devpts_terminal(devpts_fd, &terminal->ptx, &terminal->pty,
1078 &terminal->pty_nr, true);
1079 if (ret < 0)
1080 return ret;
1081
1082 ret = strnprintf(terminal->name, sizeof(terminal->name),
1083 "/dev/pts/%d", terminal->pty_nr);
1084 if (ret < 0)
1085 return syserror("Failed to create path");
1086
1087 ret = lxc_terminal_peer_default(terminal);
1088 if (ret < 0) {
1089 lxc_terminal_delete(terminal);
1090 return syswarn_set(-ENODEV, "Failed to allocate proxy terminal");
1091 }
1092
1093 return 0;
1094 }
1095
1096 int lxc_terminal_create(const char *name, const char *lxcpath,
1097 struct lxc_conf *conf, struct lxc_terminal *terminal)
1098 {
1099 if (!lxc_terminal_create_native(name, lxcpath, terminal))
1100 return 0;
1101
1102 return lxc_terminal_create_foreign(conf, terminal);
1103 }
1104
1105 int lxc_terminal_setup(struct lxc_conf *conf)
1106 {
1107 int ret;
1108 struct lxc_terminal *terminal = &conf->console;
1109
1110 if (terminal->path && strequal(terminal->path, "none"))
1111 return log_info(0, "No terminal requested");
1112
1113 ret = lxc_terminal_peer_default(terminal);
1114 if (ret < 0)
1115 goto err;
1116
1117 ret = lxc_terminal_create_log_file(terminal);
1118 if (ret < 0)
1119 goto err;
1120
1121 ret = lxc_terminal_create_ringbuf(terminal);
1122 if (ret < 0)
1123 goto err;
1124
1125 return 0;
1126
1127 err:
1128 lxc_terminal_delete(terminal);
1129 return -ENODEV;
1130 }
1131
1132 static bool __terminal_dup2(int duplicate, int original)
1133 {
1134 int ret;
1135
1136 if (!isatty(original))
1137 return true;
1138
1139 ret = dup2(duplicate, original);
1140 if (ret < 0) {
1141 SYSERROR("Failed to dup2(%d, %d)", duplicate, original);
1142 return false;
1143 }
1144
1145 return true;
1146 }
1147
1148 int lxc_terminal_set_stdfds(int fd)
1149 {
1150 int i;
1151
1152 if (fd < 0)
1153 return 0;
1154
1155 for (i = 0; i < 3; i++)
1156 if (!__terminal_dup2(fd, (int[]){STDIN_FILENO, STDOUT_FILENO,
1157 STDERR_FILENO}[i]))
1158 return -1;
1159
1160 return 0;
1161 }
1162
1163 int lxc_terminal_stdin_cb(int fd, uint32_t events, void *cbdata,
1164 struct lxc_async_descr *descr)
1165 {
1166 int ret;
1167 char c;
1168 struct lxc_terminal_state *ts = cbdata;
1169
1170 if (fd != ts->stdinfd)
1171 return LXC_MAINLOOP_CLOSE;
1172
1173 ret = lxc_read_nointr(ts->stdinfd, &c, 1);
1174 if (ret <= 0)
1175 return LXC_MAINLOOP_CLOSE;
1176
1177 if (ts->escape >= 1) {
1178 /* we want to exit the terminal with Ctrl+a q */
1179 if (c == ts->escape && !ts->saw_escape) {
1180 ts->saw_escape = 1;
1181 return LXC_MAINLOOP_CONTINUE;
1182 }
1183
1184 if (c == 'q' && ts->saw_escape)
1185 return LXC_MAINLOOP_CLOSE;
1186
1187 ts->saw_escape = 0;
1188 }
1189
1190 ret = lxc_write_nointr(ts->ptxfd, &c, 1);
1191 if (ret <= 0)
1192 return LXC_MAINLOOP_CLOSE;
1193
1194 return LXC_MAINLOOP_CONTINUE;
1195 }
1196
1197 int lxc_terminal_ptx_cb(int fd, uint32_t events, void *cbdata,
1198 struct lxc_async_descr *descr)
1199 {
1200 int r, w;
1201 char buf[LXC_TERMINAL_BUFFER_SIZE];
1202 struct lxc_terminal_state *ts = cbdata;
1203
1204 if (fd != ts->ptxfd)
1205 return LXC_MAINLOOP_CLOSE;
1206
1207 r = lxc_read_nointr(fd, buf, sizeof(buf));
1208 if (r <= 0)
1209 return LXC_MAINLOOP_CLOSE;
1210
1211 w = lxc_write_nointr(ts->stdoutfd, buf, r);
1212 if (w <= 0 || w != r)
1213 return LXC_MAINLOOP_CLOSE;
1214
1215 return LXC_MAINLOOP_CONTINUE;
1216 }
1217
1218 int lxc_terminal_getfd(struct lxc_container *c, int *ttynum, int *ptxfd)
1219 {
1220 return lxc_cmd_get_tty_fd(c->name, ttynum, ptxfd, c->config_path);
1221 }
1222
1223 int lxc_console(struct lxc_container *c, int ttynum,
1224 int stdinfd, int stdoutfd, int stderrfd,
1225 int escape)
1226 {
1227 int ptxfd, ret, ttyfd;
1228 struct lxc_async_descr descr;
1229 struct termios oldtios;
1230 struct lxc_terminal_state *ts;
1231 struct lxc_terminal terminal = {
1232 .tty_state = NULL,
1233 };
1234 int istty = 0;
1235
1236 ttyfd = lxc_cmd_get_tty_fd(c->name, &ttynum, &ptxfd, c->config_path);
1237 if (ttyfd < 0)
1238 return -1;
1239
1240 ret = setsid();
1241 if (ret < 0)
1242 TRACE("Process is already group leader");
1243
1244 ts = lxc_terminal_signal_init(stdinfd, ptxfd);
1245 if (!ts) {
1246 ret = -1;
1247 goto close_fds;
1248 }
1249 terminal.tty_state = ts;
1250 ts->escape = escape;
1251 ts->stdoutfd = stdoutfd;
1252
1253 istty = isatty(stdinfd);
1254 if (istty) {
1255 lxc_terminal_winsz(stdinfd, ptxfd);
1256 lxc_terminal_winsz(ts->stdinfd, ts->ptxfd);
1257 } else {
1258 INFO("File descriptor %d does not refer to a terminal", stdinfd);
1259 }
1260
1261 ret = lxc_mainloop_open(&descr);
1262 if (ret) {
1263 ERROR("Failed to create mainloop");
1264 goto sigwinch_fini;
1265 }
1266
1267 if (ts->sigfd != -1) {
1268 ret = lxc_mainloop_add_handler(&descr, ts->sigfd,
1269 lxc_terminal_signalfd_cb,
1270 default_cleanup_handler,
1271 ts, "lxc_terminal_signalfd_cb");
1272 if (ret < 0) {
1273 ERROR("Failed to add signal handler to mainloop");
1274 goto close_mainloop;
1275 }
1276 }
1277
1278 ret = lxc_mainloop_add_handler(&descr, ts->stdinfd,
1279 lxc_terminal_stdin_cb,
1280 default_cleanup_handler,
1281 ts, "lxc_terminal_stdin_cb");
1282 if (ret < 0) {
1283 ERROR("Failed to add stdin handler");
1284 goto close_mainloop;
1285 }
1286
1287 ret = lxc_mainloop_add_handler(&descr, ts->ptxfd,
1288 lxc_terminal_ptx_cb,
1289 default_cleanup_handler,
1290 ts, "lxc_terminal_ptx_cb");
1291 if (ret < 0) {
1292 ERROR("Failed to add ptx handler");
1293 goto close_mainloop;
1294 }
1295
1296 if (ts->escape >= 1) {
1297 fprintf(stderr,
1298 "\n"
1299 "Connected to tty %1$d\n"
1300 "Type <Ctrl+%2$c q> to exit the console, "
1301 "<Ctrl+%2$c Ctrl+%2$c> to enter Ctrl+%2$c itself\n",
1302 ttynum, 'a' + escape - 1);
1303 }
1304
1305 if (istty) {
1306 ret = lxc_setup_tios(stdinfd, &oldtios);
1307 if (ret < 0)
1308 goto close_mainloop;
1309 }
1310
1311 ret = lxc_mainloop(&descr, -1);
1312 if (ret < 0) {
1313 ERROR("The mainloop returned an error");
1314 goto restore_tios;
1315 }
1316
1317 ret = 0;
1318
1319 restore_tios:
1320 if (istty) {
1321 istty = tcsetattr(stdinfd, TCSAFLUSH, &oldtios);
1322 if (istty < 0)
1323 SYSWARN("Failed to restore terminal properties");
1324 }
1325
1326 close_mainloop:
1327 lxc_mainloop_close(&descr);
1328
1329 sigwinch_fini:
1330 lxc_terminal_signal_fini(&terminal);
1331
1332 close_fds:
1333 close(ptxfd);
1334 close(ttyfd);
1335
1336 return ret;
1337 }
1338
1339 int lxc_make_controlling_terminal(int fd)
1340 {
1341 int ret;
1342
1343 setsid();
1344
1345 ret = ioctl(fd, TIOCSCTTY, (char *)NULL);
1346 if (ret < 0)
1347 return -1;
1348
1349 return 0;
1350 }
1351
1352 int lxc_terminal_prepare_login(int fd)
1353 {
1354 int ret;
1355
1356 ret = lxc_make_controlling_terminal(fd);
1357 if (ret < 0)
1358 return -1;
1359
1360 ret = lxc_terminal_set_stdfds(fd);
1361 if (ret < 0)
1362 return -1;
1363
1364 if (fd > STDERR_FILENO)
1365 close(fd);
1366
1367 return 0;
1368 }
1369
1370 void lxc_terminal_info_init(struct lxc_terminal_info *terminal)
1371 {
1372 terminal->name[0] = '\0';
1373 terminal->ptx = -EBADF;
1374 terminal->pty = -EBADF;
1375 terminal->busy = -1;
1376 }
1377
1378 void lxc_terminal_init(struct lxc_terminal *terminal)
1379 {
1380 memset(terminal, 0, sizeof(*terminal));
1381 terminal->pty_nr = -1;
1382 terminal->pty = -EBADF;
1383 terminal->ptx = -EBADF;
1384 terminal->peer = -EBADF;
1385 terminal->log_fd = -EBADF;
1386 lxc_terminal_info_init(&terminal->proxy);
1387 }
1388
1389 void lxc_terminal_conf_free(struct lxc_terminal *terminal)
1390 {
1391 free(terminal->log_path);
1392 free(terminal->path);
1393 if (terminal->buffer_size > 0 && terminal->ringbuf.addr)
1394 lxc_ringbuf_release(&terminal->ringbuf);
1395 lxc_terminal_signal_fini(terminal);
1396 }
LXC mirror