lxc_af_unix_rcv_credential to report rcvd length

author Michel Normand <normand@fr.ibm.com>

Wed, 7 Oct 2009 14:06:08 +0000 (16:06 +0200)

committer Daniel Lezcano <dlezcano@fr.ibm.com>

Wed, 7 Oct 2009 14:06:08 +0000 (16:06 +0200)
author Michel Normand <normand@fr.ibm.com>
Wed, 7 Oct 2009 14:06:08 +0000 (16:06 +0200)
committer Daniel Lezcano <dlezcano@fr.ibm.com>
Wed, 7 Oct 2009 14:06:08 +0000 (16:06 +0200)
diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c

index 79f64ae3fbcec73f106179c7def99c0fa5f5d154..ad3e94ca8b6a3b682f85c1237298f4365eeec039 100644 (file)
--- a/src/lxc/af_unix.c
+++ b/src/lxc/af_unix.c
@@ -23,11 +23,15 @@
  #include <string.h>
  #include <unistd.h>
  #include <fcntl.h>
+#include <errno.h>
  #define __USE_GNU
  #include <sys/socket.h>
  #undef __USE_GNU
  #include <sys/un.h>
  
+#include "log.h"
+
+lxc_log_define(lxc_af_unix, lxc);
  
  int lxc_af_unix_open(const char *path, int type, int flags)
  {
@@ -229,14 +233,14 @@ int lxc_af_unix_rcv_credential(int fd, void *data, size_t size)
  
          cmsg = CMSG_FIRSTHDR(&msg);
  
-       ret = -1;
-
          if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
              cmsg->cmsg_level == SOL_SOCKET &&
              cmsg->cmsg_type == SCM_CREDENTIALS) {
                  cred = *((struct ucred *) CMSG_DATA(cmsg));
-               if (cred.uid == getuid() && cred.gid == getgid())
-                       ret = 0;
+               if (cred.uid != getuid() || cred.gid != getgid()) {
+                       INFO("message denied for '%d/%d'", cred.uid, cred.gid);
+                       return -EPERM;
+               }
          }
  out:
          return ret;
diff --git a/src/lxc/start.c b/src/lxc/start.c

index 055d381f644644a24af763b341986de1a05135b6..28ce88c54a7eed782752ea16cc06be696829858e 100644 (file)
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -200,8 +200,21 @@ static int ttyservice_handler(int fd, void *data,
                 goto out_close;
         }
  
-       if (lxc_af_unix_rcv_credential(conn, &ttynum, sizeof(ttynum)))
+       ret = lxc_af_unix_rcv_credential(conn, &ttynum, sizeof(ttynum));
+       if (ret < 0) {
+               SYSERROR("failed to receive data on tty socket");
                 goto out_close;
+       }
+
+       if (!ret) {
+               DEBUG("peer has disconnected");
+               goto out_close;
+       }
+
+       if (ret != sizeof(ttynum)) {
+               WARN("partial request, ignored");
+               goto out_close;
+       }
  
         if (ttynum > 0) {
                 if (ttynum > tty_info->nbtty)
author	Michel Normand <normand@fr.ibm.com>
	Wed, 7 Oct 2009 14:06:08 +0000 (16:06 +0200)
committer	Daniel Lezcano <dlezcano@fr.ibm.com>
	Wed, 7 Oct 2009 14:06:08 +0000 (16:06 +0200)
src/lxc/af_unix.c		patch \| blob \| blame \| history
src/lxc/start.c		patch \| blob \| blame \| history