[mirror_lxc.git] / src / lxc / af_unix.c

/* SPDX-License-Identifier: LGPL-2.1+ */

#include "config.h"

#include <errno.h>
#include <fcntl.h>
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/socket.h>
#include <sys/syscall.h>
#include <sys/un.h>

#include "af_unix.h"
#include "log.h"
#include "macro.h"
#include "memory_utils.h"
#include "process_utils.h"
#include "utils.h"

#if !HAVE_STRLCPY
#include "strlcpy.h"
#endif

lxc_log_define(af_unix, lxc);

static ssize_t lxc_abstract_unix_set_sockaddr(struct sockaddr_un *addr,
					      const char *path)
{
	size_t len;

	if (!addr || !path)
		return ret_errno(EINVAL);

	/* Clear address structure */
	memset(addr, 0, sizeof(*addr));

	addr->sun_family = AF_UNIX;

	len = strlen(&path[1]);

	/* do not enforce \0-termination */
	if (len >= INT_MAX || len >= sizeof(addr->sun_path))
		return ret_errno(ENAMETOOLONG);

	/* do not enforce \0-termination */
	memcpy(&addr->sun_path[1], &path[1], len);
	return len;
}

int lxc_abstract_unix_open(const char *path, int type, int flags)
{
	__do_close int fd = -EBADF;
	int ret;
	ssize_t len;
	struct sockaddr_un addr;

	fd = socket(PF_UNIX, type | SOCK_CLOEXEC, 0);
	if (fd < 0)
		return -1;

	if (!path)
		return move_fd(fd);

	len = lxc_abstract_unix_set_sockaddr(&addr, path);
	if (len < 0)
		return -1;

	ret = bind(fd, (struct sockaddr *)&addr,
		   offsetof(struct sockaddr_un, sun_path) + len + 1);
	if (ret < 0)
		return -1;

	if (type == SOCK_STREAM) {
		ret = listen(fd, 100);
		if (ret < 0)
			return -1;
	}

	return move_fd(fd);
}

void lxc_abstract_unix_close(int fd)
{
	close(fd);
}

int lxc_abstract_unix_connect(const char *path)
{
	__do_close int fd = -EBADF;
	int ret;
	ssize_t len;
	struct sockaddr_un addr;

	fd = socket(PF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
	if (fd < 0)
		return -1;

	len = lxc_abstract_unix_set_sockaddr(&addr, path);
	if (len < 0)
		return -1;

	ret = connect(fd, (struct sockaddr *)&addr,
		      offsetof(struct sockaddr_un, sun_path) + len + 1);
	if (ret < 0)
		return -1;

	return move_fd(fd);
}

int lxc_abstract_unix_send_fds_iov(int fd, const int *sendfds, int num_sendfds,
				   struct iovec *const iov, size_t iovlen)
{
	__do_free char *cmsgbuf = NULL;
	int ret;
	struct msghdr msg = {};
	struct cmsghdr *cmsg = NULL;
	size_t cmsgbufsize = CMSG_SPACE(num_sendfds * sizeof(int));

	if (num_sendfds <= 0)
		return ret_errno(EINVAL);

	cmsgbuf = malloc(cmsgbufsize);
	if (!cmsgbuf)
		return ret_errno(-ENOMEM);

	msg.msg_control = cmsgbuf;
	msg.msg_controllen = cmsgbufsize;

	cmsg = CMSG_FIRSTHDR(&msg);
	cmsg->cmsg_level = SOL_SOCKET;
	cmsg->cmsg_type = SCM_RIGHTS;
	cmsg->cmsg_len = CMSG_LEN(num_sendfds * sizeof(int));

	msg.msg_controllen = cmsg->cmsg_len;

	memcpy(CMSG_DATA(cmsg), sendfds, num_sendfds * sizeof(int));

	msg.msg_iov = iov;
	msg.msg_iovlen = iovlen;

	do {
		ret = sendmsg(fd, &msg, MSG_NOSIGNAL);
	} while (ret < 0 && errno == EINTR);

	return ret;
}

int lxc_abstract_unix_send_fds(int fd, const int *sendfds, int num_sendfds,
			       void *data, size_t size)
{
	char buf[1] = {};
	struct iovec iov = {
		.iov_base	= data ? data : buf,
		.iov_len	= data ? size : sizeof(buf),
	};
	return lxc_abstract_unix_send_fds_iov(fd, sendfds, num_sendfds, &iov, 1);
}

int lxc_unix_send_fds(int fd, int *sendfds, int num_sendfds, void *data,
		      size_t size)
{
	return lxc_abstract_unix_send_fds(fd, sendfds, num_sendfds, data, size);
}

int __lxc_abstract_unix_send_two_fds(int fd, int fd_first, int fd_second,
				     void *data, size_t size)
{
	int fd_send[2] = {
		fd_first,
		fd_second,
	};
	return lxc_abstract_unix_send_fds(fd, fd_send, 2, data, size);
}

static ssize_t lxc_abstract_unix_recv_fds_iov(int fd,
					      struct unix_fds *ret_fds,
					      struct iovec *ret_iov,
					      size_t size_ret_iov)
{
	__do_free char *cmsgbuf = NULL;
	ssize_t ret;
	struct msghdr msg = {};
	struct cmsghdr *cmsg = NULL;
	size_t cmsgbufsize = CMSG_SPACE(sizeof(struct ucred)) +
			     CMSG_SPACE(ret_fds->fd_count_max * sizeof(int));

	if (ret_fds->flags & ~UNIX_FDS_ACCEPT_MASK)
		return ret_errno(EINVAL);

	if (hweight32((ret_fds->flags & ~UNIX_FDS_ACCEPT_NONE)) > 1)
		return ret_errno(EINVAL);

	if (ret_fds->fd_count_max >= KERNEL_SCM_MAX_FD)
		return ret_errno(EINVAL);

	if (ret_fds->fd_count_ret != 0)
		return ret_errno(EINVAL);

	cmsgbuf = zalloc(cmsgbufsize);
	if (!cmsgbuf)
		return ret_errno(ENOMEM);

	msg.msg_control		= cmsgbuf;
	msg.msg_controllen	= cmsgbufsize;

	msg.msg_iov	= ret_iov;
	msg.msg_iovlen	= size_ret_iov;

again:
	ret = recvmsg(fd, &msg, MSG_CMSG_CLOEXEC);
	if (ret < 0) {
		if (errno == EINTR)
			goto again;

		return syserror("Failed to receive response");
	}
	if (ret == 0)
		return 0;

	/* If SO_PASSCRED is set we will always get a ucred message. */
	for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
                if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
			__u32 idx;
			/*
			 * This causes some compilers to complain about
			 * increased alignment requirements but I haven't found
			 * a better way to deal with this yet. Suggestions
			 * welcome!
			 */
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wcast-align"
			int *fds_raw = (int *)CMSG_DATA(cmsg);
#pragma GCC diagnostic pop
			__u32 num_raw = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);

			/*
			 * We received an insane amount of file descriptors
			 * which exceeds the kernel limit we know about so
			 * close them and return an error.
			 */
			if (num_raw >= KERNEL_SCM_MAX_FD) {
				for (idx = 0; idx < num_raw; idx++)
					close(fds_raw[idx]);

				return syserror_set(-EFBIG, "Received excessive number of file descriptors");
			}

			if (msg.msg_flags & MSG_CTRUNC) {
				for (idx = 0; idx < num_raw; idx++)
					close(fds_raw[idx]);

				return syserror_set(-EFBIG, "Control message was truncated; closing all fds and rejecting incomplete message");
			}

			if (ret_fds->fd_count_max > num_raw) {
				if (!(ret_fds->flags & UNIX_FDS_ACCEPT_LESS)) {
					for (idx = 0; idx < num_raw; idx++)
						close(fds_raw[idx]);

					return syserror_set(-EINVAL, "Received fewer file descriptors than we expected %u != %u",
							    ret_fds->fd_count_max, num_raw);
				}

				/*
				 * Make sure any excess entries in the fd array
				 * are set to -EBADF so our cleanup functions
				 * can safely be called.
				 */
				for (idx = num_raw; idx < ret_fds->fd_count_max; idx++)
					ret_fds->fd[idx] = -EBADF;

				ret_fds->flags |= UNIX_FDS_RECEIVED_LESS;
			} else if (ret_fds->fd_count_max < num_raw) {
				if (!(ret_fds->flags & UNIX_FDS_ACCEPT_MORE)) {
					for (idx = 0; idx < num_raw; idx++)
						close(fds_raw[idx]);

					return syserror_set(-EINVAL, "Received more file descriptors than we expected %u != %u",
							    ret_fds->fd_count_max, num_raw);
				}

				/* Make sure we close any excess fds we received. */
				for (idx = ret_fds->fd_count_max; idx < num_raw; idx++)
					close(fds_raw[idx]);

				/* Cap the number of received file descriptors. */
				num_raw = ret_fds->fd_count_max;
				ret_fds->flags |= UNIX_FDS_RECEIVED_MORE;
			} else {
				ret_fds->flags |= UNIX_FDS_RECEIVED_EXACT;
			}

			if (hweight32((ret_fds->flags & ~UNIX_FDS_ACCEPT_MASK)) > 1) {
				for (idx = 0; idx < num_raw; idx++)
					close(fds_raw[idx]);

				return syserror_set(-EINVAL, "Invalid flag combination; closing to not risk leaking fds %u != %u",
						    ret_fds->fd_count_max, num_raw);
			}

			memcpy(ret_fds->fd, CMSG_DATA(cmsg), num_raw * sizeof(int));
			ret_fds->fd_count_ret = num_raw;
			break;
		}
	}

	if (ret_fds->fd_count_ret == 0) {
		ret_fds->flags |= UNIX_FDS_RECEIVED_NONE;

		/* We expected to receive file descriptors. */
		if ((ret_fds->flags & UNIX_FDS_ACCEPT_MASK) &&
		    !(ret_fds->flags & UNIX_FDS_ACCEPT_NONE))
			return syserror_set(-EINVAL, "Received no file descriptors");
	}

	return ret;
}

ssize_t lxc_abstract_unix_recv_fds(int fd, struct unix_fds *ret_fds,
				   void *ret_data, size_t size_ret_data)
{
	char buf[1] = {};
	struct iovec iov = {
		.iov_base	= ret_data ? ret_data : buf,
		.iov_len	= ret_data ? size_ret_data : sizeof(buf),
	};
	ssize_t ret;

	ret = lxc_abstract_unix_recv_fds_iov(fd, ret_fds, &iov, 1);
	if (ret < 0)
		return ret;

	return ret;
}

ssize_t lxc_abstract_unix_recv_one_fd(int fd, int *ret_fd, void *ret_data,
				      size_t size_ret_data)
{
	call_cleaner(put_unix_fds) struct unix_fds *fds = NULL;
	char buf[1] = {};
	struct iovec iov = {
		.iov_base	= ret_data ? ret_data : buf,
		.iov_len	= ret_data ? size_ret_data : sizeof(buf),
	};
	ssize_t ret;

	fds = &(struct unix_fds){
		.fd_count_max = 1,
	};

	ret = lxc_abstract_unix_recv_fds_iov(fd, fds, &iov, 1);
	if (ret < 0)
		return ret;

	if (ret == 0)
		return ret_errno(ENODATA);

	if (fds->fd_count_ret != fds->fd_count_max)
		*ret_fd = -EBADF;
	else
		*ret_fd = move_fd(fds->fd[0]);

	return ret;
}

ssize_t __lxc_abstract_unix_recv_two_fds(int fd, int *fd_first, int *fd_second,
					 void *data, size_t size)
{
	call_cleaner(put_unix_fds) struct unix_fds *fds = NULL;
	char buf[1] = {};
	struct iovec iov = {
	    .iov_base	= data ?: buf,
	    .iov_len	= size ?: sizeof(buf),
	};
	ssize_t ret;

	fds = &(struct unix_fds){
		.fd_count_max = 2,
	};

	ret = lxc_abstract_unix_recv_fds_iov(fd, fds, &iov, 1);
	if (ret < 0)
		return ret;

	if (ret == 0)
		return ret_errno(ENODATA);

	if (fds->fd_count_ret != fds->fd_count_max) {
		*fd_first = -EBADF;
		*fd_second = -EBADF;
	} else {
		*fd_first = move_fd(fds->fd[0]);
		*fd_second = move_fd(fds->fd[1]);
	}

	return 0;
}

int lxc_abstract_unix_send_credential(int fd, void *data, size_t size)
{
	struct msghdr msg = {0};
	struct iovec iov;
	struct cmsghdr *cmsg;
	struct ucred cred = {
		.pid = lxc_raw_getpid(),
		.uid = getuid(),
		.gid = getgid(),
	};
	char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
	char buf[1] = {0};

	msg.msg_control = cmsgbuf;
	msg.msg_controllen = sizeof(cmsgbuf);

	cmsg = CMSG_FIRSTHDR(&msg);
	cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
	cmsg->cmsg_level = SOL_SOCKET;
	cmsg->cmsg_type = SCM_CREDENTIALS;
	memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));

	msg.msg_name = NULL;
	msg.msg_namelen = 0;

	iov.iov_base = data ? data : buf;
	iov.iov_len = data ? size : sizeof(buf);
	msg.msg_iov = &iov;
	msg.msg_iovlen = 1;

	return sendmsg(fd, &msg, MSG_NOSIGNAL);
}

int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size)
{
	struct msghdr msg = {0};
	struct iovec iov;
	struct cmsghdr *cmsg;
	struct ucred cred;
	int ret;
	char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
	char buf[1] = {0};

	msg.msg_name = NULL;
	msg.msg_namelen = 0;
	msg.msg_control = cmsgbuf;
	msg.msg_controllen = sizeof(cmsgbuf);

	iov.iov_base = data ? data : buf;
	iov.iov_len = data ? size : sizeof(buf);
	msg.msg_iov = &iov;
	msg.msg_iovlen = 1;

	ret = recvmsg(fd, &msg, 0);
	if (ret <= 0)
		return ret;

	cmsg = CMSG_FIRSTHDR(&msg);

	if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
	    cmsg->cmsg_level == SOL_SOCKET &&
	    cmsg->cmsg_type == SCM_CREDENTIALS) {
		memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));

		if (cred.uid && (cred.uid != getuid() || cred.gid != getgid()))
			return syserror_set(-EACCES, "Message denied for '%d/%d'", cred.uid, cred.gid);
	}

	return ret;
}

int lxc_unix_sockaddr(struct sockaddr_un *ret, const char *path)
{
	size_t len;

	len = strlen(path);
	if (len == 0)
		return ret_errno(EINVAL);
	if (path[0] != '/' && path[0] != '@')
		return ret_errno(EINVAL);
	if (path[1] == '\0')
		return ret_errno(EINVAL);

	if (len + 1 > sizeof(ret->sun_path))
		return ret_errno(EINVAL);

	*ret = (struct sockaddr_un){
		.sun_family = AF_UNIX,
	};

	if (path[0] == '@') {
		memcpy(ret->sun_path + 1, path + 1, len);
		return (int)(offsetof(struct sockaddr_un, sun_path) + len);
	}

	memcpy(ret->sun_path, path, len + 1);
	return (int)(offsetof(struct sockaddr_un, sun_path) + len + 1);
}

int lxc_unix_connect_type(struct sockaddr_un *addr, int type)
{
	__do_close int fd = -EBADF;
	int ret;
	ssize_t len;

	fd = socket(AF_UNIX, type | SOCK_CLOEXEC, 0);
	if (fd < 0)
		return syserror("Failed to open new AF_UNIX socket");

	if (addr->sun_path[0] == '\0')
		len = strlen(&addr->sun_path[1]);
	else
		len = strlen(&addr->sun_path[0]);

	ret = connect(fd, (struct sockaddr *)addr,
		      offsetof(struct sockaddr_un, sun_path) + len);
	if (ret < 0)
		return syserror("Failed to connect AF_UNIX socket");

	return move_fd(fd);
}

int lxc_unix_connect(struct sockaddr_un *addr)
{
	return lxc_unix_connect_type(addr, SOCK_STREAM);
}

int lxc_socket_set_timeout(int fd, int rcv_timeout, int snd_timeout)
{
	struct timeval out = {0};
	int ret;

	out.tv_sec = snd_timeout;
	ret = setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, (const void *)&out,
			 sizeof(out));
	if (ret < 0)
		return -1;

	out.tv_sec = rcv_timeout;
	ret = setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, (const void *)&out,
			 sizeof(out));
	if (ret < 0)
		return -1;

	return 0;
}
Commit	Line	Data
cc73685d	1	/* SPDX-License-Identifier: LGPL-2.1+ */
d06245b8	2
1160ce89 CB	3	#include "config.h"
1160ce89 CB	4
94ac256f CB	5	#include <errno.h>
	6	#include <fcntl.h>
	7	#include <stddef.h>
ae467c54 CB	8	#include <stdio.h>
ae467c54 CB	9	#include <stdlib.h>
b0a33c1e	10	#include <string.h>
b0a33c1e	11	#include <unistd.h>
b0a33c1e	12	#include <sys/socket.h>
94ac256f	13	#include <sys/syscall.h>
b0a33c1e	14	#include <sys/un.h>
b0a33c1e	15
59eac805	16	#include "af_unix.h"
2dcb28a9	17	#include "log.h"
2fb94e95	18	#include "macro.h"
83c11f1d	19	#include "memory_utils.h"
f40988c7	20	#include "process_utils.h"
0059379f	21	#include "utils.h"
2dcb28a9	22
db4af8c5	23	#if !HAVE_STRLCPY
58db1a61	24	#include "strlcpy.h"
9de31d5a CB	25	#endif
9de31d5a CB	26
ac2cecc4	27	lxc_log_define(af_unix, lxc);
b0a33c1e	28
c62fb5e0	29	static ssize_t lxc_abstract_unix_set_sockaddr(struct sockaddr_un *addr,
2fb94e95	30	const char *path)
b0a33c1e	31	{
ddb17f1f	32	size_t len;
b0a33c1e	33
2fb94e95 CB	34	if (!addr \|\| !path)
2fb94e95 CB	35	return ret_errno(EINVAL);
b0a33c1e	36
aae93dd3	37	/* Clear address structure */
c62fb5e0	38	memset(addr, 0, sizeof(*addr));
b0a33c1e	39
c62fb5e0	40	addr->sun_family = AF_UNIX;
aae93dd3	41
caf3beb0	42	len = strlen(&path[1]);
c62fb5e0	43
caf3beb0	44	/* do not enforce \0-termination */
2fb94e95 CB	45	if (len >= INT_MAX \|\| len >= sizeof(addr->sun_path))
2fb94e95 CB	46	return ret_errno(ENAMETOOLONG);
9de31d5a CB	47
9de31d5a CB	48	/* do not enforce \0-termination */
c62fb5e0	49	memcpy(&addr->sun_path[1], &path[1], len);
	50	return len;
	51	}
	52
	53	int lxc_abstract_unix_open(const char *path, int type, int flags)
	54	{
f62cf1d4	55	__do_close int fd = -EBADF;
2fb94e95	56	int ret;
c62fb5e0	57	ssize_t len;
	58	struct sockaddr_un addr;
	59
ad9429e5	60	fd = socket(PF_UNIX, type \| SOCK_CLOEXEC, 0);
c62fb5e0	61	if (fd < 0)
	62	return -1;
	63
	64	if (!path)
2fb94e95	65	return move_fd(fd);
c62fb5e0	66
c62fb5e0	67	len = lxc_abstract_unix_set_sockaddr(&addr, path);
2fb94e95	68	if (len < 0)
c62fb5e0	69	return -1;
b0a33c1e	70
77b0073a CB	71	ret = bind(fd, (struct sockaddr *)&addr,
77b0073a CB	72	offsetof(struct sockaddr_un, sun_path) + len + 1);
2fb94e95	73	if (ret < 0)
b0a33c1e	74	return -1;
ddb17f1f	75
77b0073a CB	76	if (type == SOCK_STREAM) {
77b0073a CB	77	ret = listen(fd, 100);
2fb94e95	78	if (ret < 0)
77b0073a	79	return -1;
b0a33c1e	80	}
b0a33c1e	81
2fb94e95	82	return move_fd(fd);
b0a33c1e	83	}
b0a33c1e	84
9044b79e	85	void lxc_abstract_unix_close(int fd)
b0a33c1e	86	{
b0a33c1e	87	close(fd);
b0a33c1e	88	}
b0a33c1e	89
aae93dd3	90	int lxc_abstract_unix_connect(const char *path)
b0a33c1e	91	{
f62cf1d4	92	__do_close int fd = -EBADF;
2fb94e95	93	int ret;
c62fb5e0	94	ssize_t len;
b0a33c1e	95	struct sockaddr_un addr;
b0a33c1e	96
ad9429e5	97	fd = socket(PF_UNIX, SOCK_STREAM \| SOCK_CLOEXEC, 0);
b0a33c1e	98	if (fd < 0)
	99	return -1;
	100
c62fb5e0	101	len = lxc_abstract_unix_set_sockaddr(&addr, path);
2fb94e95	102	if (len < 0)
aae93dd3	103	return -1;
9de31d5a	104
77b0073a CB	105	ret = connect(fd, (struct sockaddr *)&addr,
77b0073a CB	106	offsetof(struct sockaddr_un, sun_path) + len + 1);
2fb94e95	107	if (ret < 0)
b0a33c1e	108	return -1;
b0a33c1e	109
2fb94e95	110	return move_fd(fd);
b0a33c1e	111	}
b0a33c1e	112
d17c815d	113	int lxc_abstract_unix_send_fds_iov(int fd, const int *sendfds, int num_sendfds,
780215cf	114	struct iovec *const iov, size_t iovlen)
b0a33c1e	115	{
c3e3c21a CB	116	__do_free char *cmsgbuf = NULL;
c3e3c21a CB	117	int ret;
d17c815d	118	struct msghdr msg = {};
ae467c54	119	struct cmsghdr *cmsg = NULL;
ae467c54 CB	120	size_t cmsgbufsize = CMSG_SPACE(num_sendfds * sizeof(int));
ae467c54 CB	121
95103b60 CB	122	if (num_sendfds <= 0)
	123	return ret_errno(EINVAL);
	124
ae467c54	125	cmsgbuf = malloc(cmsgbufsize);
d17c815d CB	126	if (!cmsgbuf)
d17c815d CB	127	return ret_errno(-ENOMEM);
b0a33c1e	128
604f0955	129	msg.msg_control = cmsgbuf;
ae467c54	130	msg.msg_controllen = cmsgbufsize;
b0a33c1e	131
604f0955	132	cmsg = CMSG_FIRSTHDR(&msg);
604f0955 ÇO	133	cmsg->cmsg_level = SOL_SOCKET;
604f0955 ÇO	134	cmsg->cmsg_type = SCM_RIGHTS;
ae467c54	135	cmsg->cmsg_len = CMSG_LEN(num_sendfds * sizeof(int));
b0a33c1e	136
ae467c54 CB	137	msg.msg_controllen = cmsg->cmsg_len;
	138
	139	memcpy(CMSG_DATA(cmsg), sendfds, num_sendfds * sizeof(int));
b0a33c1e	140
e1726045 WB	141	msg.msg_iov = iov;
e1726045 WB	142	msg.msg_iovlen = iovlen;
b0a33c1e	143
2fb94e95 CB	144	do {
	145	ret = sendmsg(fd, &msg, MSG_NOSIGNAL);
	146	} while (ret < 0 && errno == EINTR);
c3e3c21a CB	147
c3e3c21a CB	148	return ret;
b0a33c1e	149	}
b0a33c1e	150
d17c815d	151	int lxc_abstract_unix_send_fds(int fd, const int *sendfds, int num_sendfds,
e1726045 WB	152	void *data, size_t size)
e1726045 WB	153	{
d17c815d	154	char buf[1] = {};
e1726045	155	struct iovec iov = {
d17c815d CB	156	.iov_base = data ? data : buf,
d17c815d CB	157	.iov_len = data ? size : sizeof(buf),
e1726045	158	};
2fb94e95	159	return lxc_abstract_unix_send_fds_iov(fd, sendfds, num_sendfds, &iov, 1);
e1726045 WB	160	}
e1726045 WB	161
5ed06d3a CB	162	int lxc_unix_send_fds(int fd, int sendfds, int num_sendfds, void data,
	163	size_t size)
	164	{
	165	return lxc_abstract_unix_send_fds(fd, sendfds, num_sendfds, data, size);
	166	}
	167
1b82d721 CB	168	int __lxc_abstract_unix_send_two_fds(int fd, int fd_first, int fd_second,
	169	void *data, size_t size)
	170	{
	171	int fd_send[2] = {
	172	fd_first,
	173	fd_second,
	174	};
	175	return lxc_abstract_unix_send_fds(fd, fd_send, 2, data, size);
	176	}
	177
d17c815d CB	178	static ssize_t lxc_abstract_unix_recv_fds_iov(int fd,
	179	struct unix_fds *ret_fds,
	180	struct iovec *ret_iov,
	181	size_t size_ret_iov)
b0a33c1e	182	{
c3e3c21a	183	__do_free char *cmsgbuf = NULL;
d17c815d CB	184	ssize_t ret;
	185	struct msghdr msg = {};
	186	struct cmsghdr *cmsg = NULL;
cdb2a47f	187	size_t cmsgbufsize = CMSG_SPACE(sizeof(struct ucred)) +
d17c815d	188	CMSG_SPACE(ret_fds->fd_count_max * sizeof(int));
ae467c54	189
780215cf CB	190	if (ret_fds->flags & ~UNIX_FDS_ACCEPT_MASK)
	191	return ret_errno(EINVAL);
	192
	193	if (hweight32((ret_fds->flags & ~UNIX_FDS_ACCEPT_NONE)) > 1)
	194	return ret_errno(EINVAL);
	195
d961ebd9 CB	196	if (ret_fds->fd_count_max >= KERNEL_SCM_MAX_FD)
	197	return ret_errno(EINVAL);
	198
	199	if (ret_fds->fd_count_ret != 0)
	200	return ret_errno(EINVAL);
	201
d17c815d	202	cmsgbuf = zalloc(cmsgbufsize);
2fb94e95 CB	203	if (!cmsgbuf)
2fb94e95 CB	204	return ret_errno(ENOMEM);
b0a33c1e	205
d17c815d CB	206	msg.msg_control = cmsgbuf;
d17c815d CB	207	msg.msg_controllen = cmsgbufsize;
b0a33c1e	208
d17c815d CB	209	msg.msg_iov = ret_iov;
d17c815d CB	210	msg.msg_iovlen = size_ret_iov;
b0a33c1e	211
d17c815d CB	212	again:
	213	ret = recvmsg(fd, &msg, MSG_CMSG_CLOEXEC);
	214	if (ret < 0) {
	215	if (errno == EINTR)
	216	goto again;
b0a33c1e	217
2d7b0895	218	return syserror("Failed to receive response");
d17c815d CB	219	}
	220	if (ret == 0)
	221	return 0;
	222
	223	/* If SO_PASSCRED is set we will always get a ucred message. */
	224	for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
	225	if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
	226	__u32 idx;
8af9b5da	227	/*
780215cf	228	* This causes some compilers to complain about
8af9b5da CB	229	* increased alignment requirements but I haven't found
	230	* a better way to deal with this yet. Suggestions
	231	* welcome!
	232	*/
d17c815d CB	233	#pragma GCC diagnostic push
	234	#pragma GCC diagnostic ignored "-Wcast-align"
	235	int fds_raw = (int )CMSG_DATA(cmsg);
	236	#pragma GCC diagnostic pop
	237	__u32 num_raw = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
	238
	239	/*
	240	* We received an insane amount of file descriptors
	241	* which exceeds the kernel limit we know about so
	242	* close them and return an error.
	243	*/
92fea74b	244	if (num_raw >= KERNEL_SCM_MAX_FD) {
d17c815d CB	245	for (idx = 0; idx < num_raw; idx++)
	246	close(fds_raw[idx]);
	247
060aaa39	248	return syserror_set(-EFBIG, "Received excessive number of file descriptors");
d17c815d CB	249	}
d17c815d CB	250
780215cf CB	251	if (msg.msg_flags & MSG_CTRUNC) {
	252	for (idx = 0; idx < num_raw; idx++)
	253	close(fds_raw[idx]);
	254
060aaa39	255	return syserror_set(-EFBIG, "Control message was truncated; closing all fds and rejecting incomplete message");
780215cf CB	256	}
780215cf CB	257
d17c815d	258	if (ret_fds->fd_count_max > num_raw) {
780215cf CB	259	if (!(ret_fds->flags & UNIX_FDS_ACCEPT_LESS)) {
	260	for (idx = 0; idx < num_raw; idx++)
	261	close(fds_raw[idx]);
	262
060aaa39	263	return syserror_set(-EINVAL, "Received fewer file descriptors than we expected %u != %u",
780215cf CB	264	ret_fds->fd_count_max, num_raw);
	265	}
	266
d17c815d CB	267	/*
	268	* Make sure any excess entries in the fd array
	269	* are set to -EBADF so our cleanup functions
	270	* can safely be called.
	271	*/
	272	for (idx = num_raw; idx < ret_fds->fd_count_max; idx++)
	273	ret_fds->fd[idx] = -EBADF;
	274
780215cf	275	ret_fds->flags \|= UNIX_FDS_RECEIVED_LESS;
d17c815d	276	} else if (ret_fds->fd_count_max < num_raw) {
780215cf CB	277	if (!(ret_fds->flags & UNIX_FDS_ACCEPT_MORE)) {
	278	for (idx = 0; idx < num_raw; idx++)
	279	close(fds_raw[idx]);
	280
060aaa39	281	return syserror_set(-EINVAL, "Received more file descriptors than we expected %u != %u",
780215cf CB	282	ret_fds->fd_count_max, num_raw);
	283	}
	284
d17c815d CB	285	/* Make sure we close any excess fds we received. */
	286	for (idx = ret_fds->fd_count_max; idx < num_raw; idx++)
	287	close(fds_raw[idx]);
	288
d17c815d CB	289	/* Cap the number of received file descriptors. */
d17c815d CB	290	num_raw = ret_fds->fd_count_max;
780215cf CB	291	ret_fds->flags \|= UNIX_FDS_RECEIVED_MORE;
	292	} else {
	293	ret_fds->flags \|= UNIX_FDS_RECEIVED_EXACT;
	294	}
	295
	296	if (hweight32((ret_fds->flags & ~UNIX_FDS_ACCEPT_MASK)) > 1) {
	297	for (idx = 0; idx < num_raw; idx++)
	298	close(fds_raw[idx]);
	299
060aaa39	300	return syserror_set(-EINVAL, "Invalid flag combination; closing to not risk leaking fds %u != %u",
780215cf	301	ret_fds->fd_count_max, num_raw);
d17c815d CB	302	}
	303
	304	memcpy(ret_fds->fd, CMSG_DATA(cmsg), num_raw * sizeof(int));
	305	ret_fds->fd_count_ret = num_raw;
	306	break;
	307	}
cdb2a47f	308	}
ae467c54	309
780215cf CB	310	if (ret_fds->fd_count_ret == 0) {
	311	ret_fds->flags \|= UNIX_FDS_RECEIVED_NONE;
	312
	313	/* We expected to receive file descriptors. */
	314	if ((ret_fds->flags & UNIX_FDS_ACCEPT_MASK) &&
	315	!(ret_fds->flags & UNIX_FDS_ACCEPT_NONE))
060aaa39	316	return syserror_set(-EINVAL, "Received no file descriptors");
780215cf CB	317	}
780215cf CB	318
604f0955	319	return ret;
b0a33c1e	320	}
b0a33c1e	321
d17c815d CB	322	ssize_t lxc_abstract_unix_recv_fds(int fd, struct unix_fds *ret_fds,
d17c815d CB	323	void *ret_data, size_t size_ret_data)
dc85e31e	324	{
d17c815d CB	325	char buf[1] = {};
	326	struct iovec iov = {
	327	.iov_base = ret_data ? ret_data : buf,
	328	.iov_len = ret_data ? size_ret_data : sizeof(buf),
	329	};
	330	ssize_t ret;
	331
	332	ret = lxc_abstract_unix_recv_fds_iov(fd, ret_fds, &iov, 1);
	333	if (ret < 0)
	334	return ret;
	335
	336	return ret;
	337	}
	338
	339	ssize_t lxc_abstract_unix_recv_one_fd(int fd, int ret_fd, void ret_data,
	340	size_t size_ret_data)
	341	{
	342	call_cleaner(put_unix_fds) struct unix_fds *fds = NULL;
	343	char buf[1] = {};
	344	struct iovec iov = {
	345	.iov_base = ret_data ? ret_data : buf,
	346	.iov_len = ret_data ? size_ret_data : sizeof(buf),
	347	};
	348	ssize_t ret;
	349
	350	fds = &(struct unix_fds){
	351	.fd_count_max = 1,
	352	};
	353
	354	ret = lxc_abstract_unix_recv_fds_iov(fd, fds, &iov, 1);
	355	if (ret < 0)
	356	return ret;
	357
	358	if (ret == 0)
	359	return ret_errno(ENODATA);
	360
	361	if (fds->fd_count_ret != fds->fd_count_max)
	362	*ret_fd = -EBADF;
	363	else
	364	*ret_fd = move_fd(fds->fd[0]);
	365
	366	return ret;
	367	}
	368
1b82d721 CB	369	ssize_t __lxc_abstract_unix_recv_two_fds(int fd, int fd_first, int fd_second,
1b82d721 CB	370	void *data, size_t size)
d17c815d CB	371	{
	372	call_cleaner(put_unix_fds) struct unix_fds *fds = NULL;
	373	char buf[1] = {};
dc85e31e	374	struct iovec iov = {
1b82d721 CB	375	.iov_base = data ?: buf,
1b82d721 CB	376	.iov_len = size ?: sizeof(buf),
dc85e31e	377	};
d17c815d CB	378	ssize_t ret;
	379
	380	fds = &(struct unix_fds){
	381	.fd_count_max = 2,
	382	};
	383
	384	ret = lxc_abstract_unix_recv_fds_iov(fd, fds, &iov, 1);
	385	if (ret < 0)
	386	return ret;
	387
	388	if (ret == 0)
	389	return ret_errno(ENODATA);
	390
	391	if (fds->fd_count_ret != fds->fd_count_max) {
1b82d721 CB	392	*fd_first = -EBADF;
1b82d721 CB	393	*fd_second = -EBADF;
d17c815d	394	} else {
1b82d721 CB	395	*fd_first = move_fd(fds->fd[0]);
1b82d721 CB	396	*fd_second = move_fd(fds->fd[1]);
d17c815d CB	397	}
	398
	399	return 0;
dc85e31e CB	400	}
dc85e31e CB	401
aae93dd3	402	int lxc_abstract_unix_send_credential(int fd, void *data, size_t size)
b0a33c1e	403	{
77b0073a	404	struct msghdr msg = {0};
604f0955 ÇO	405	struct iovec iov;
604f0955 ÇO	406	struct cmsghdr *cmsg;
b0a33c1e	407	struct ucred cred = {
2fb94e95 CB	408	.pid = lxc_raw_getpid(),
	409	.uid = getuid(),
	410	.gid = getgid(),
b0a33c1e	411	};
caf3beb0 CB	412	char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
caf3beb0 CB	413	char buf[1] = {0};
b0a33c1e	414
604f0955 ÇO	415	msg.msg_control = cmsgbuf;
604f0955 ÇO	416	msg.msg_controllen = sizeof(cmsgbuf);
b0a33c1e	417
604f0955 ÇO	418	cmsg = CMSG_FIRSTHDR(&msg);
	419	cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
	420	cmsg->cmsg_level = SOL_SOCKET;
	421	cmsg->cmsg_type = SCM_CREDENTIALS;
0e391e57	422	memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));
b0a33c1e	423
604f0955 ÇO	424	msg.msg_name = NULL;
604f0955 ÇO	425	msg.msg_namelen = 0;
b0a33c1e	426
604f0955 ÇO	427	iov.iov_base = data ? data : buf;
	428	iov.iov_len = data ? size : sizeof(buf);
	429	msg.msg_iov = &iov;
	430	msg.msg_iovlen = 1;
b0a33c1e	431
6168ff15	432	return sendmsg(fd, &msg, MSG_NOSIGNAL);
b0a33c1e	433	}
b0a33c1e	434
aae93dd3	435	int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size)
b0a33c1e	436	{
77b0073a	437	struct msghdr msg = {0};
604f0955 ÇO	438	struct iovec iov;
604f0955 ÇO	439	struct cmsghdr *cmsg;
b0a33c1e	440	struct ucred cred;
b0a33c1e	441	int ret;
caf3beb0 CB	442	char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
caf3beb0 CB	443	char buf[1] = {0};
b0a33c1e	444
604f0955 ÇO	445	msg.msg_name = NULL;
	446	msg.msg_namelen = 0;
	447	msg.msg_control = cmsgbuf;
	448	msg.msg_controllen = sizeof(cmsgbuf);
b0a33c1e	449
604f0955 ÇO	450	iov.iov_base = data ? data : buf;
	451	iov.iov_len = data ? size : sizeof(buf);
	452	msg.msg_iov = &iov;
	453	msg.msg_iovlen = 1;
b0a33c1e	454
	455	ret = recvmsg(fd, &msg, 0);
	456	if (ret <= 0)
2fb94e95	457	return ret;
b0a33c1e	458
604f0955	459	cmsg = CMSG_FIRSTHDR(&msg);
b0a33c1e	460
604f0955	461	if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
77b0073a CB	462	cmsg->cmsg_level == SOL_SOCKET &&
77b0073a CB	463	cmsg->cmsg_type == SCM_CREDENTIALS) {
0e391e57	464	memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));
2fb94e95 CB	465
2fb94e95 CB	466	if (cred.uid && (cred.uid != getuid() \|\| cred.gid != getgid()))
d8487b30	467	return syserror_set(-EACCES, "Message denied for '%d/%d'", cred.uid, cred.gid);
604f0955	468	}
9044b79e	469
604f0955	470	return ret;
b0a33c1e	471	}
86ce1da1 CB	472
	473	int lxc_unix_sockaddr(struct sockaddr_un ret, const char path)
	474	{
	475	size_t len;
	476
	477	len = strlen(path);
	478	if (len == 0)
b28be01f	479	return ret_errno(EINVAL);
86ce1da1	480	if (path[0] != '/' && path[0] != '@')
b28be01f	481	return ret_errno(EINVAL);
86ce1da1	482	if (path[1] == '\0')
b28be01f	483	return ret_errno(EINVAL);
86ce1da1 CB	484
86ce1da1 CB	485	if (len + 1 > sizeof(ret->sun_path))
b28be01f	486	return ret_errno(EINVAL);
86ce1da1 CB	487
86ce1da1 CB	488	*ret = (struct sockaddr_un){
b28be01f	489	.sun_family = AF_UNIX,
86ce1da1 CB	490	};
	491
	492	if (path[0] == '@') {
	493	memcpy(ret->sun_path + 1, path + 1, len);
	494	return (int)(offsetof(struct sockaddr_un, sun_path) + len);
	495	}
	496
	497	memcpy(ret->sun_path, path, len + 1);
	498	return (int)(offsetof(struct sockaddr_un, sun_path) + len + 1);
	499	}
	500
970ef13d	501	int lxc_unix_connect_type(struct sockaddr_un *addr, int type)
86ce1da1	502	{
f62cf1d4	503	__do_close int fd = -EBADF;
86ce1da1 CB	504	int ret;
	505	ssize_t len;
	506
970ef13d	507	fd = socket(AF_UNIX, type \| SOCK_CLOEXEC, 0);
2fb94e95	508	if (fd < 0)
d8487b30	509	return syserror("Failed to open new AF_UNIX socket");
86ce1da1 CB	510
	511	if (addr->sun_path[0] == '\0')
	512	len = strlen(&addr->sun_path[1]);
	513	else
	514	len = strlen(&addr->sun_path[0]);
2ac0f627 CB	515
	516	ret = connect(fd, (struct sockaddr *)addr,
	517	offsetof(struct sockaddr_un, sun_path) + len);
2fb94e95	518	if (ret < 0)
8fd8c158	519	return syserror("Failed to connect AF_UNIX socket");
86ce1da1 CB	520
	521	return move_fd(fd);
	522	}
	523
59eac805	524	int lxc_unix_connect(struct sockaddr_un *addr)
970ef13d WB	525	{
	526	return lxc_unix_connect_type(addr, SOCK_STREAM);
	527	}
	528
86ce1da1 CB	529	int lxc_socket_set_timeout(int fd, int rcv_timeout, int snd_timeout)
	530	{
	531	struct timeval out = {0};
	532	int ret;
	533
	534	out.tv_sec = snd_timeout;
	535	ret = setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, (const void *)&out,
	536	sizeof(out));
	537	if (ret < 0)
	538	return -1;
	539
	540	out.tv_sec = rcv_timeout;
	541	ret = setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, (const void *)&out,
	542	sizeof(out));
	543	if (ret < 0)
	544	return -1;
	545
	546	return 0;
	547	}