* (C) Copyright IBM Corp. 2007, 2008
*
* Authors:
- * Daniel Lezcano <dlezcano at fr.ibm.com>
+ * Daniel Lezcano <daniel.lezcano at free.fr>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
+#include "config.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
-#define __USE_GNU
+#include <errno.h>
#include <sys/socket.h>
-#undef __USE_GNU
#include <sys/un.h>
+#include "log.h"
+
+lxc_log_define(lxc_af_unix, lxc);
-int lxc_af_unix_open(const char *path, int type, int flags)
+int lxc_abstract_unix_open(const char *path, int type, int flags)
{
int fd;
+ size_t len;
struct sockaddr_un addr;
- if (flags & O_TRUNC)
- unlink(path);
-
fd = socket(PF_UNIX, type, 0);
if (fd < 0)
return -1;
+ /* Clear address structure */
memset(&addr, 0, sizeof(addr));
if (!path)
return fd;
addr.sun_family = AF_UNIX;
- /* copy entire buffer in case of abstract socket */
- memcpy(addr.sun_path, path,
- path[0]?strlen(path):sizeof(addr.sun_path));
- if (bind(fd, (struct sockaddr *)&addr, sizeof(addr))) {
+ len = strlen(&path[1]);
+ /* do not enforce \0-termination */
+ if (len >= sizeof(addr.sun_path)) {
close(fd);
+ errno = ENAMETOOLONG;
return -1;
}
-
- if (listen(fd, 100)) {
+ /* addr.sun_path[0] has already been set to 0 by memset() */
+ strncpy(&addr.sun_path[1], &path[1], strlen(&path[1]));
+
+ if (bind(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len + 1)) {
+ int tmp = errno;
close(fd);
+ errno = tmp;
+ return -1;
+ }
+
+ if (type == SOCK_STREAM && listen(fd, 100)) {
+ int tmp = errno;
+ close(fd);
+ errno = tmp;
return -1;
}
return fd;
}
-int lxc_af_unix_close(int fd)
+int lxc_abstract_unix_close(int fd)
{
- struct sockaddr_un addr;
- socklen_t addrlen;
-
- if (!getsockname(fd, (struct sockaddr *)&addr, &addrlen) &&
- addr.sun_path[0])
- unlink(addr.sun_path);
-
close(fd);
return 0;
}
-int lxc_af_unix_connect(const char *path)
+int lxc_abstract_unix_connect(const char *path)
{
int fd;
+ size_t len;
struct sockaddr_un addr;
fd = socket(PF_UNIX, SOCK_STREAM, 0);
memset(&addr, 0, sizeof(addr));
addr.sun_family = AF_UNIX;
- /* copy entire buffer in case of abstract socket */
- memcpy(addr.sun_path, path,
- path[0]?strlen(path):sizeof(addr.sun_path));
- if (connect(fd, (struct sockaddr *)&addr, sizeof(addr))) {
+ len = strlen(&path[1]);
+ /* do not enforce \0-termination */
+ if (len >= sizeof(addr.sun_path)) {
+ close(fd);
+ errno = ENAMETOOLONG;
+ return -1;
+ }
+ /* addr.sun_path[0] has already been set to 0 by memset() */
+ strncpy(&addr.sun_path[1], &path[1], strlen(&path[1]));
+
+ if (connect(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len + 1)) {
+ int tmp = errno;
+ /* special case to connect to older containers */
+ if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) == 0)
+ return fd;
close(fd);
+ errno = tmp;
return -1;
}
return fd;
}
-int lxc_af_unix_send_fd(int fd, int sendfd, void *data, size_t size)
+int lxc_abstract_unix_send_fds(int fd, int *sendfds, int num_sendfds,
+ void *data, size_t size)
{
- struct msghdr msg = { 0 };
- struct iovec iov;
- struct cmsghdr *cmsg;
- char cmsgbuf[CMSG_SPACE(sizeof(int))];
- char buf[1];
-
- msg.msg_control = cmsgbuf;
- msg.msg_controllen = sizeof(cmsgbuf);
-
- cmsg = CMSG_FIRSTHDR(&msg);
- cmsg->cmsg_len = CMSG_LEN(sizeof(int));
- cmsg->cmsg_level = SOL_SOCKET;
- cmsg->cmsg_type = SCM_RIGHTS;
- *((int *) CMSG_DATA(cmsg)) = sendfd;
- msg.msg_controllen = cmsg->cmsg_len;
-
- msg.msg_name = NULL;
- msg.msg_namelen = 0;
-
- iov.iov_base = data ? data : buf;
- iov.iov_len = data ? size : sizeof(buf);
- msg.msg_iov = &iov;
- msg.msg_iovlen = 1;
-
- return sendmsg(fd, &msg, 0);
+ int ret;
+ struct msghdr msg;
+ struct iovec iov;
+ struct cmsghdr *cmsg = NULL;
+ char buf[1] = {0};
+ char *cmsgbuf;
+ size_t cmsgbufsize = CMSG_SPACE(num_sendfds * sizeof(int));
+
+ memset(&msg, 0, sizeof(msg));
+ memset(&iov, 0, sizeof(iov));
+
+ cmsgbuf = malloc(cmsgbufsize);
+ if (!cmsgbuf)
+ return -1;
+
+ msg.msg_control = cmsgbuf;
+ msg.msg_controllen = cmsgbufsize;
+
+ cmsg = CMSG_FIRSTHDR(&msg);
+ cmsg->cmsg_level = SOL_SOCKET;
+ cmsg->cmsg_type = SCM_RIGHTS;
+ cmsg->cmsg_len = CMSG_LEN(num_sendfds * sizeof(int));
+
+ msg.msg_controllen = cmsg->cmsg_len;
+
+ memcpy(CMSG_DATA(cmsg), sendfds, num_sendfds * sizeof(int));
+
+ iov.iov_base = data ? data : buf;
+ iov.iov_len = data ? size : sizeof(buf);
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+
+ ret = sendmsg(fd, &msg, MSG_NOSIGNAL);
+ free(cmsgbuf);
+ return ret;
}
-int lxc_af_unix_recv_fd(int fd, int *recvfd, void *data, size_t size)
+int lxc_abstract_unix_recv_fds(int fd, int *recvfds, int num_recvfds,
+ void *data, size_t size)
{
- struct msghdr msg = { 0 };
- struct iovec iov;
- struct cmsghdr *cmsg;
- char cmsgbuf[CMSG_SPACE(sizeof(int))];
- char buf[1];
int ret;
+ struct msghdr msg;
+ struct iovec iov;
+ struct cmsghdr *cmsg = NULL;
+ char buf[1] = {0};
+ char *cmsgbuf;
+ size_t cmsgbufsize = CMSG_SPACE(num_recvfds * sizeof(int));
+
+ memset(&msg, 0, sizeof(msg));
+ memset(&iov, 0, sizeof(iov));
+
+ cmsgbuf = malloc(cmsgbufsize);
+ if (!cmsgbuf)
+ return -1;
- msg.msg_name = NULL;
- msg.msg_namelen = 0;
- msg.msg_control = cmsgbuf;
- msg.msg_controllen = sizeof(cmsgbuf);
+ msg.msg_control = cmsgbuf;
+ msg.msg_controllen = cmsgbufsize;
- iov.iov_base = data ? data : buf;
- iov.iov_len = data ? size : sizeof(buf);
- msg.msg_iov = &iov;
- msg.msg_iovlen = 1;
+ iov.iov_base = data ? data : buf;
+ iov.iov_len = data ? size : sizeof(buf);
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
ret = recvmsg(fd, &msg, 0);
if (ret <= 0)
goto out;
- cmsg = CMSG_FIRSTHDR(&msg);
+ cmsg = CMSG_FIRSTHDR(&msg);
- /* if the message is wrong the variable will not be
- * filled and the peer will notified about a problem */
- *recvfd = -1;
+ memset(recvfds, -1, num_recvfds * sizeof(int));
+ if (cmsg && cmsg->cmsg_len == CMSG_LEN(num_recvfds * sizeof(int)) &&
+ cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
+ memcpy(recvfds, CMSG_DATA(cmsg), num_recvfds * sizeof(int));
+ }
- if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(int)) &&
- cmsg->cmsg_level == SOL_SOCKET &&
- cmsg->cmsg_type == SCM_RIGHTS) {
- *recvfd = *((int *) CMSG_DATA(cmsg));
- }
out:
- return ret;
+ free(cmsgbuf);
+ return ret;
}
-int lxc_af_unix_send_credential(int fd, void *data, size_t size)
+int lxc_abstract_unix_send_credential(int fd, void *data, size_t size)
{
- struct msghdr msg = { 0 };
- struct iovec iov;
- struct cmsghdr *cmsg;
+ struct msghdr msg = { 0 };
+ struct iovec iov;
+ struct cmsghdr *cmsg;
struct ucred cred = {
.pid = getpid(),
.uid = getuid(),
.gid = getgid(),
};
- char cmsgbuf[CMSG_SPACE(sizeof(cred))];
- char buf[1];
+ char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
+ char buf[1] = {0};
- msg.msg_control = cmsgbuf;
- msg.msg_controllen = sizeof(cmsgbuf);
+ msg.msg_control = cmsgbuf;
+ msg.msg_controllen = sizeof(cmsgbuf);
- cmsg = CMSG_FIRSTHDR(&msg);
- cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
- cmsg->cmsg_level = SOL_SOCKET;
- cmsg->cmsg_type = SCM_CREDENTIALS;
- *((struct ucred *) CMSG_DATA(cmsg)) = cred;
- msg.msg_controllen = cmsg->cmsg_len;
+ cmsg = CMSG_FIRSTHDR(&msg);
+ cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
+ cmsg->cmsg_level = SOL_SOCKET;
+ cmsg->cmsg_type = SCM_CREDENTIALS;
+ memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));
- msg.msg_name = NULL;
- msg.msg_namelen = 0;
+ msg.msg_name = NULL;
+ msg.msg_namelen = 0;
- iov.iov_base = data ? data : buf;
- iov.iov_len = data ? size : sizeof(buf);
- msg.msg_iov = &iov;
- msg.msg_iovlen = 1;
+ iov.iov_base = data ? data : buf;
+ iov.iov_len = data ? size : sizeof(buf);
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
- return sendmsg(fd, &msg, 0);
+ return sendmsg(fd, &msg, MSG_NOSIGNAL);
}
-int lxc_af_unix_rcv_credential(int fd, void *data, size_t size)
+int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size)
{
- struct msghdr msg = { 0 };
- struct iovec iov;
- struct cmsghdr *cmsg;
+ struct msghdr msg = { 0 };
+ struct iovec iov;
+ struct cmsghdr *cmsg;
struct ucred cred;
- char cmsgbuf[CMSG_SPACE(sizeof(cred))];
- char buf[1];
int ret;
+ char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
+ char buf[1] = {0};
- msg.msg_name = NULL;
- msg.msg_namelen = 0;
- msg.msg_control = cmsgbuf;
- msg.msg_controllen = sizeof(cmsgbuf);
+ msg.msg_name = NULL;
+ msg.msg_namelen = 0;
+ msg.msg_control = cmsgbuf;
+ msg.msg_controllen = sizeof(cmsgbuf);
- iov.iov_base = data ? data : buf;
- iov.iov_len = data ? size : sizeof(buf);
- msg.msg_iov = &iov;
- msg.msg_iovlen = 1;
+ iov.iov_base = data ? data : buf;
+ iov.iov_len = data ? size : sizeof(buf);
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
ret = recvmsg(fd, &msg, 0);
if (ret <= 0)
goto out;
- cmsg = CMSG_FIRSTHDR(&msg);
-
- ret = -1;
+ cmsg = CMSG_FIRSTHDR(&msg);
- if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
- cmsg->cmsg_level == SOL_SOCKET &&
- cmsg->cmsg_type == SCM_CREDENTIALS) {
- cred = *((struct ucred *) CMSG_DATA(cmsg));
- if (cred.uid == getuid() && cred.gid == getgid())
- ret = 0;
- }
+ if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
+ cmsg->cmsg_level == SOL_SOCKET &&
+ cmsg->cmsg_type == SCM_CREDENTIALS) {
+ memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));
+ if (cred.uid && (cred.uid != getuid() || cred.gid != getgid())) {
+ INFO("message denied for '%d/%d'", cred.uid, cred.gid);
+ return -EACCES;
+ }
+ }
out:
- return ret;
+ return ret;
}
projects / mirror_lxc.git / blobdiff