[mirror_lxc.git] / src / lxc / confile_utils.c

/* liblxcapi
 *
 * Copyright © 2017 Christian Brauner <christian.brauner@ubuntu.com>.
 * Copyright © 2017 Canonical Ltd.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2, as
 * published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

#include "config.h"

#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <arpa/inet.h>

#include "conf.h"
#include "confile.h"
#include "confile_utils.h"
#include "error.h"
#include "list.h"
#include "log.h"
#include "lxccontainer.h"
#include "network.h"
#include "parse.h"
#include "utils.h"

#ifndef HAVE_STRLCPY
#include "include/strlcpy.h"
#endif

lxc_log_define(confile_utils, lxc);

int parse_idmaps(const char *idmap, char *type, unsigned long *nsid,
		 unsigned long *hostid, unsigned long *range)
{
	int ret = -1;
	unsigned long tmp_hostid, tmp_nsid, tmp_range;
	char tmp_type;
	char *window, *slide;
	char *dup = NULL;

	/* Duplicate string. */
	dup = strdup(idmap);
	if (!dup)
		goto on_error;

	/* A prototypical idmap entry would be: "u 1000 1000000 65536" */

	/* align */
	slide = window = dup;
	/* skip whitespace */
	slide += strspn(slide, " \t\r");
	if (slide != window && *slide == '\0')
		goto on_error;

	/* Validate type. */
	if (*slide != 'u' && *slide != 'g') {
		ERROR("Invalid id mapping type: %c", *slide);
		goto on_error;
	}

	/* Assign type. */
	tmp_type = *slide;

	/* move beyond type */
	slide++;
	/* align */
	window = slide;
	/* Validate that only whitespace follows. */
	slide += strspn(slide, " \t\r");
	/* There must be whitespace. */
	if (slide == window)
		goto on_error;

	/* Mark beginning of nsid. */
	window = slide;
	/* Validate that non-whitespace follows. */
	slide += strcspn(slide, " \t\r");
	/* There must be non-whitespace. */
	if (slide == window || *slide == '\0')
		goto on_error;
	/* Mark end of nsid. */
	*slide = '\0';

	/* Parse nsid. */
	if (lxc_safe_ulong(window, &tmp_nsid) < 0) {
		ERROR("Failed to parse nsid: %s", window);
		goto on_error;
	}

	/* Move beyond \0. */
	slide++;
	/* Validate that only whitespace follows. */
	slide += strspn(slide, " \t\r");
	/* If there was only one whitespace then we whiped it with our \0 above.
	 * So only ensure that we're not at the end of the string.
	 */
	if (*slide == '\0')
		goto on_error;

	/* Mark beginning of hostid. */
	window = slide;
	/* Validate that non-whitespace follows. */
	slide += strcspn(slide, " \t\r");
	/* There must be non-whitespace. */
	if (slide == window || *slide == '\0')
		goto on_error;
	/* Mark end of nsid. */
	*slide = '\0';

	/* Parse hostid. */
	if (lxc_safe_ulong(window, &tmp_hostid) < 0) {
		ERROR("Failed to parse hostid: %s", window);
		goto on_error;
	}

	/* Move beyond \0. */
	slide++;
	/* Validate that only whitespace follows. */
	slide += strspn(slide, " \t\r");
	/* If there was only one whitespace then we whiped it with our \0 above.
	 * So only ensure that we're not at the end of the string.
	 */
	if (*slide == '\0')
		goto on_error;

	/* Mark beginning of range. */
	window = slide;
	/* Validate that non-whitespace follows. */
	slide += strcspn(slide, " \t\r");
	/* There must be non-whitespace. */
	if (slide == window)
		goto on_error;

	/* The range is the last valid entry we expect. So make sure that there
	 * is no trailing garbage and if there is, error out.
	 */
	if (*(slide + strspn(slide, " \t\r\n")) != '\0')
		goto on_error;
	/* Mark end of range. */
	*slide = '\0';

	/* Parse range. */
	if (lxc_safe_ulong(window, &tmp_range) < 0) {
		ERROR("Failed to parse id mapping range: %s", window);
		goto on_error;
	}

	*type = tmp_type;
	*nsid = tmp_nsid;
	*hostid = tmp_hostid;
	*range = tmp_range;

	/* Yay, we survived. */
	ret = 0;

on_error:
	free(dup);

	return ret;
}

bool lxc_config_value_empty(const char *value)
{
	if (value && strlen(value) > 0)
		return false;

	return true;
}

struct lxc_netdev *lxc_network_add(struct lxc_list *networks, int idx, bool tail)
{
	struct lxc_list *newlist;
	struct lxc_netdev *netdev = NULL;

	/* network does not exist */
	netdev = malloc(sizeof(*netdev));
	if (!netdev)
		return NULL;

	memset(netdev, 0, sizeof(*netdev));
	lxc_list_init(&netdev->ipv4);
	lxc_list_init(&netdev->ipv6);

	/* give network a unique index */
	netdev->idx = idx;

	/* prepare new list */
	newlist = malloc(sizeof(*newlist));
	if (!newlist) {
		free(netdev);
		return NULL;
	}

	lxc_list_init(newlist);
	newlist->elem = netdev;

	if (tail)
		lxc_list_add_tail(networks, newlist);
	else
		lxc_list_add(networks, newlist);
	return netdev;
}

/* Takes care of finding the correct netdev struct in the networks list or
 * allocates a new one if it couldn't be found.
 */
struct lxc_netdev *lxc_get_netdev_by_idx(struct lxc_conf *conf,
					 unsigned int idx, bool allocate)
{
	struct lxc_netdev *netdev = NULL;
	struct lxc_list *networks = &conf->network;
	struct lxc_list *insert = networks;

	/* lookup network */
	if (!lxc_list_empty(networks)) {
		lxc_list_for_each(insert, networks) {
			netdev = insert->elem;
			if (netdev->idx == idx)
				return netdev;
			else if (netdev->idx > idx)
				break;
		}
	}

	if (!allocate)
		return NULL;

	return lxc_network_add(insert, idx, true);
}

void lxc_log_configured_netdevs(const struct lxc_conf *conf)
{
	struct lxc_netdev *netdev;
	struct lxc_list *it = (struct lxc_list *)&conf->network;;

	if ((conf->loglevel != LXC_LOG_LEVEL_TRACE) &&
	    (lxc_log_get_level() != LXC_LOG_LEVEL_TRACE))
		return;

	if (lxc_list_empty(it)) {
		TRACE("container has no networks configured");
		return;
	}

	lxc_list_for_each(it, &conf->network) {
		struct lxc_list *cur, *next;
		struct lxc_inetdev *inet4dev;
		struct lxc_inet6dev *inet6dev;
		char bufinet4[INET_ADDRSTRLEN], bufinet6[INET6_ADDRSTRLEN];

		netdev = it->elem;

		TRACE("index: %zd", netdev->idx);
		TRACE("ifindex: %d", netdev->ifindex);
		switch (netdev->type) {
		case LXC_NET_VETH:
			TRACE("type: veth");
			if (netdev->priv.veth_attr.pair[0] != '\0')
				TRACE("veth pair: %s",
				      netdev->priv.veth_attr.pair);
			if (netdev->priv.veth_attr.veth1[0] != '\0')
				TRACE("veth1 : %s",
				      netdev->priv.veth_attr.veth1);
			if (netdev->priv.veth_attr.ifindex > 0)
				TRACE("host side ifindex for veth device: %d",
				      netdev->priv.veth_attr.ifindex);
			break;
		case LXC_NET_MACVLAN:
			TRACE("type: macvlan");
			if (netdev->priv.macvlan_attr.mode > 0) {
				char *macvlan_mode;
				macvlan_mode = lxc_macvlan_flag_to_mode(
				    netdev->priv.macvlan_attr.mode);
				TRACE("macvlan mode: %s",
				      macvlan_mode ? macvlan_mode
						   : "(invalid mode)");
			}
			break;
		case LXC_NET_VLAN:
			TRACE("type: vlan");
			TRACE("vlan id: %d", netdev->priv.vlan_attr.vid);
			break;
		case LXC_NET_PHYS:
			TRACE("type: phys");
			if (netdev->priv.phys_attr.ifindex > 0) {
				TRACE("host side ifindex for phys device: %d",
				      netdev->priv.phys_attr.ifindex);
			}
			break;
		case LXC_NET_EMPTY:
			TRACE("type: empty");
			break;
		case LXC_NET_NONE:
			TRACE("type: none");
			break;
		default:
			ERROR("invalid network type %d", netdev->type);
			return;
		}

		if (netdev->type != LXC_NET_EMPTY) {
			TRACE("flags: %s",
			      netdev->flags == IFF_UP ? "up" : "none");
			if (netdev->link[0] != '\0')
				TRACE("link: %s", netdev->link);
			if (netdev->name[0] != '\0')
				TRACE("name: %s", netdev->name);
			if (netdev->hwaddr)
				TRACE("hwaddr: %s", netdev->hwaddr);
			if (netdev->mtu)
				TRACE("mtu: %s", netdev->mtu);
			if (netdev->upscript)
				TRACE("upscript: %s", netdev->upscript);
			if (netdev->downscript)
				TRACE("downscript: %s", netdev->downscript);

			TRACE("ipv4 gateway auto: %s",
			      netdev->ipv4_gateway_auto ? "true" : "false");

			if (netdev->ipv4_gateway) {
				inet_ntop(AF_INET, netdev->ipv4_gateway,
					  bufinet4, sizeof(bufinet4));
				TRACE("ipv4 gateway: %s", bufinet4);
			}

			lxc_list_for_each_safe(cur, &netdev->ipv4, next) {
				inet4dev = cur->elem;
				inet_ntop(AF_INET, &inet4dev->addr, bufinet4,
					  sizeof(bufinet4));
				TRACE("ipv4 addr: %s", bufinet4);
			}

			TRACE("ipv6 gateway auto: %s",
			      netdev->ipv6_gateway_auto ? "true" : "false");
			if (netdev->ipv6_gateway) {
				inet_ntop(AF_INET6, netdev->ipv6_gateway,
					  bufinet6, sizeof(bufinet6));
				TRACE("ipv6 gateway: %s", bufinet6);
			}
			lxc_list_for_each_safe(cur, &netdev->ipv6, next) {
				inet6dev = cur->elem;
				inet_ntop(AF_INET6, &inet6dev->addr, bufinet6,
					  sizeof(bufinet6));
				TRACE("ipv6 addr: %s", bufinet6);
			}
		}
	}
}

static void lxc_free_netdev(struct lxc_netdev *netdev)
{
	struct lxc_list *cur, *next;

	free(netdev->upscript);
	free(netdev->downscript);
	free(netdev->hwaddr);
	free(netdev->mtu);

	free(netdev->ipv4_gateway);
	lxc_list_for_each_safe(cur, &netdev->ipv4, next) {
		lxc_list_del(cur);
		free(cur->elem);
		free(cur);
	}

	free(netdev->ipv6_gateway);
	lxc_list_for_each_safe(cur, &netdev->ipv6, next) {
		lxc_list_del(cur);
		free(cur->elem);
		free(cur);
	}

	free(netdev);
}

bool lxc_remove_nic_by_idx(struct lxc_conf *conf, unsigned int idx)
{
	struct lxc_list *cur, *next;
	struct lxc_netdev *netdev;
	bool found = false;

	lxc_list_for_each_safe(cur, &conf->network, next) {
		netdev = cur->elem;
		if (netdev->idx != idx)
			continue;

		lxc_list_del(cur);
		found = true;
		break;
	}

	if (!found)
		return false;

	lxc_free_netdev(netdev);
	free(cur);

	return true;
}

void lxc_free_networks(struct lxc_list *networks)
{
	struct lxc_list *cur, *next;
	struct lxc_netdev *netdev;

	lxc_list_for_each_safe(cur, networks, next) {
		netdev = cur->elem;
		lxc_free_netdev(netdev);
		free(cur);
	}

	/* prevent segfaults */
	lxc_list_init(networks);
}

static struct macvlan_mode {
	char *name;
	int mode;
} macvlan_mode[] = {
    { "private",  MACVLAN_MODE_PRIVATE  },
    { "vepa",     MACVLAN_MODE_VEPA     },
    { "bridge",   MACVLAN_MODE_BRIDGE   },
    { "passthru", MACVLAN_MODE_PASSTHRU },
};

int lxc_macvlan_mode_to_flag(int *mode, const char *value)
{
	size_t i;

	for (i = 0; i < sizeof(macvlan_mode) / sizeof(macvlan_mode[0]); i++) {
		if (strcmp(macvlan_mode[i].name, value))
			continue;

		*mode = macvlan_mode[i].mode;
		return 0;
	}

	return -1;
}

char *lxc_macvlan_flag_to_mode(int mode)
{
	size_t i;

	for (i = 0; i < sizeof(macvlan_mode) / sizeof(macvlan_mode[0]); i++) {
		if (macvlan_mode[i].mode == mode)
			continue;

		return macvlan_mode[i].name;
	}

	return NULL;
}

int set_config_string_item(char **conf_item, const char *value)
{
	char *new_value;

	if (lxc_config_value_empty(value)) {
		free(*conf_item);
		*conf_item = NULL;
		return 0;
	}

	new_value = strdup(value);
	if (!new_value) {
		SYSERROR("failed to duplicate string \"%s\"", value);
		return -1;
	}

	free(*conf_item);
	*conf_item = new_value;
	return 0;
}

int set_config_string_item_max(char **conf_item, const char *value, size_t max)
{
	if (strlen(value) >= max) {
		ERROR("%s is too long (>= %lu)", value, (unsigned long)max);
		return -1;
	}

	return set_config_string_item(conf_item, value);
}

int set_config_path_item(char **conf_item, const char *value)
{
	return set_config_string_item_max(conf_item, value, PATH_MAX);
}

int config_ip_prefix(struct in_addr *addr)
{
	if (IN_CLASSA(addr->s_addr))
		return 32 - IN_CLASSA_NSHIFT;
	if (IN_CLASSB(addr->s_addr))
		return 32 - IN_CLASSB_NSHIFT;
	if (IN_CLASSC(addr->s_addr))
		return 32 - IN_CLASSC_NSHIFT;

	return 0;
}

int network_ifname(char *valuep, const char *value, size_t size)
{
	size_t retlen;

	if (!valuep || !value)
		return -1;

	retlen = strlcpy(valuep, value, size);
	if (retlen >= size) {
		ERROR("Network devie name \"%s\" is too long (>= %zu)", value,
		      size);
	}

	return 0;
}

int rand_complete_hwaddr(char *hwaddr)
{
	const char hex[] = "0123456789abcdef";
	char *curs = hwaddr;

#ifndef HAVE_RAND_R
	randseed(true);
#else
	unsigned int seed;

	seed = randseed(false);
#endif
	while (*curs != '\0' && *curs != '\n') {
		if (*curs == 'x' || *curs == 'X') {
			if (curs - hwaddr == 1) {
				/* ensure address is unicast */
#ifdef HAVE_RAND_R
				*curs = hex[rand_r(&seed) & 0x0E];
			} else {
				*curs = hex[rand_r(&seed) & 0x0F];
#else
				*curs = hex[rand() & 0x0E];
			} else {
				*curs = hex[rand() & 0x0F];
#endif
			}
		}
		curs++;
	}
	return 0;
}

bool lxc_config_net_hwaddr(const char *line)
{
	unsigned index;
	char tmp[7];

	if (strncmp(line, "lxc.net", 7) != 0)
		return false;
	if (strncmp(line, "lxc.net.hwaddr", 14) == 0)
		return true;
	if (strncmp(line, "lxc.network.hwaddr", 18) == 0)
		return true;
	if (sscanf(line, "lxc.net.%u.%6s", &index, tmp) == 2 || sscanf(line, "lxc.network.%u.%6s", &index, tmp) == 2)
		return strncmp(tmp, "hwaddr", 6) == 0;

	return false;
}

/*
 * If we find a lxc.net.[i].hwaddr or lxc.network.hwaddr in the original config
 * file, we expand it in the unexpanded_config, so that after a save_config we
 * store the hwaddr for re-use.
 * This is only called when reading the config file, not when executing a
 * lxc.include.
 * 'x' and 'X' are substituted in-place.
 */
void update_hwaddr(const char *line)
{
	char *p;

	line += lxc_char_left_gc(line, strlen(line));
	if (line[0] == '#')
		return;

	if (!lxc_config_net_hwaddr(line))
		return;

	/* Let config_net_hwaddr raise the error. */
	p = strchr(line, '=');
	if (!p)
		return;
	p++;

	while (isblank(*p))
		p++;

	if (!*p)
		return;

	rand_complete_hwaddr(p);
}

bool new_hwaddr(char *hwaddr)
{
	int ret;

	(void)randseed(true);

	ret = snprintf(hwaddr, 18, "00:16:3e:%02x:%02x:%02x", rand() % 255,
		       rand() % 255, rand() % 255);
	if (ret < 0 || ret >= 18) {
		SYSERROR("Failed to call snprintf().");
		return false;
	}

	return true;
}

int lxc_get_conf_str(char *retv, int inlen, const char *value)
{
	size_t value_len;

	if (!value)
		return 0;

	value_len = strlen(value);
	if (retv && inlen >= value_len + 1)
		memcpy(retv, value, value_len + 1);

	return strlen(value);
}

int lxc_get_conf_int(struct lxc_conf *c, char *retv, int inlen, int v)
{
	int len;
	int fulllen = 0;

	if (!retv)
		inlen = 0;
	else
		memset(retv, 0, inlen);

	strprint(retv, inlen, "%d", v);

	return fulllen;
}

int lxc_get_conf_size_t(struct lxc_conf *c, char *retv, int inlen, size_t v)
{
	int len;
	int fulllen = 0;

	if (!retv)
		inlen = 0;
	else
		memset(retv, 0, inlen);

	strprint(retv, inlen, "%zu", v);

	return fulllen;
}

int lxc_get_conf_uint64(struct lxc_conf *c, char *retv, int inlen, uint64_t v)
{
	int len;
	int fulllen = 0;

	if (!retv)
		inlen = 0;
	else
		memset(retv, 0, inlen);

	strprint(retv, inlen, "%"PRIu64, v);

	return fulllen;
}

bool parse_limit_value(const char **value, rlim_t *res)
{
	char *endptr = NULL;

	if (strncmp(*value, "unlimited", sizeof("unlimited") - 1) == 0) {
		*res = RLIM_INFINITY;
		*value += sizeof("unlimited") - 1;
		return true;
	}

	errno = 0;
	*res = strtoull(*value, &endptr, 10);
	if (errno || !endptr)
		return false;
	*value = endptr;

	return true;
}

static int lxc_container_name_to_pid(const char *lxcname_or_pid,
				     const char *lxcpath)
{
	int ret;
	signed long int pid;
	char *err = NULL;

	pid = strtol(lxcname_or_pid, &err, 10);
	if (*err != '\0' || pid < 1) {
		struct lxc_container *c;

		c = lxc_container_new(lxcname_or_pid, lxcpath);
		if (!c) {
			ERROR("\"%s\" is not a valid pid nor a container name",
			      lxcname_or_pid);
			return -1;
		}

		if (!c->may_control(c)) {
			ERROR("Insufficient privileges to control container "
			      "\"%s\"", c->name);
			lxc_container_put(c);
			return -1;
		}

		pid = c->init_pid(c);
		if (pid < 1) {
			ERROR("Container \"%s\" is not running", c->name);
			lxc_container_put(c);
			return -1;
		}

		lxc_container_put(c);
	}

	ret = kill(pid, 0);
	if (ret < 0) {
		SYSERROR("Failed to send signal to pid %d", (int)pid);
		return -EPERM;
	}

	return pid;
}

int lxc_inherit_namespace(const char *lxcname_or_pid, const char *lxcpath,
			  const char *namespace)
{
	int fd, pid;
	char *dup, *lastslash;

	lastslash = strrchr(lxcname_or_pid, '/');
	if (lastslash) {
		dup = strdup(lxcname_or_pid);
		if (!dup)
			return -ENOMEM;

		dup[lastslash - lxcname_or_pid] = '\0';
		pid = lxc_container_name_to_pid(lastslash + 1, dup);
		free(dup);
	} else {
		pid = lxc_container_name_to_pid(lxcname_or_pid, lxcpath);
	}

	if (pid < 0)
		return -EINVAL;

	fd = lxc_preserve_ns(pid, namespace);
	if (fd < 0)
		return -EINVAL;

	return fd;
}
Commit	Line	Data
0b843d35 CB	1	/* liblxcapi
	2	*
	3	* Copyright © 2017 Christian Brauner <christian.brauner@ubuntu.com>.
	4	* Copyright © 2017 Canonical Ltd.
	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License version 2, as
	8	* published by the Free Software Foundation.
	9	*
	10	* This program is distributed in the hope that it will be useful,
	11	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	12	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	13	* GNU General Public License for more details.
	14	*
	15	* You should have received a copy of the GNU General Public License along
	16	* with this program; if not, write to the Free Software Foundation, Inc.,
	17	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	18	*/
	19
ce2f5ae8 CB	20	#include "config.h"
ce2f5ae8 CB	21
f9373e40	22	#include <ctype.h>
0b843d35	23	#include <stdio.h>
ce2f5ae8	24	#include <stdlib.h>
0b843d35	25	#include <string.h>
9b0df30f	26	#include <arpa/inet.h>
0b843d35	27
663e9916	28	#include "conf.h"
ce2f5ae8 CB	29	#include "confile.h"
	30	#include "confile_utils.h"
	31	#include "error.h"
ce2f5ae8	32	#include "list.h"
28d9e29e CB	33	#include "log.h"
28d9e29e CB	34	#include "lxccontainer.h"
811ef482	35	#include "network.h"
f9373e40	36	#include "parse.h"
0b843d35 CB	37	#include "utils.h"
0b843d35 CB	38
18cd4b54 DJ	39	#ifndef HAVE_STRLCPY
	40	#include "include/strlcpy.h"
	41	#endif
	42
ac2cecc4	43	lxc_log_define(confile_utils, lxc);
ce2f5ae8	44
0b843d35 CB	45	int parse_idmaps(const char idmap, char type, unsigned long *nsid,
	46	unsigned long hostid, unsigned long range)
	47	{
	48	int ret = -1;
	49	unsigned long tmp_hostid, tmp_nsid, tmp_range;
	50	char tmp_type;
	51	char window, slide;
	52	char *dup = NULL;
	53
	54	/* Duplicate string. */
	55	dup = strdup(idmap);
	56	if (!dup)
	57	goto on_error;
	58
	59	/* A prototypical idmap entry would be: "u 1000 1000000 65536" */
	60
	61	/* align */
	62	slide = window = dup;
	63	/* skip whitespace */
	64	slide += strspn(slide, " \t\r");
	65	if (slide != window && *slide == '\0')
	66	goto on_error;
	67
	68	/* Validate type. */
a8b1ac78	69	if (slide != 'u' && slide != 'g') {
f37d1c22	70	ERROR("Invalid id mapping type: %c", *slide);
0b843d35	71	goto on_error;
a8b1ac78 TA	72	}
a8b1ac78 TA	73
0b843d35 CB	74	/* Assign type. */
	75	tmp_type = *slide;
	76
	77	/* move beyond type */
	78	slide++;
	79	/* align */
	80	window = slide;
	81	/* Validate that only whitespace follows. */
	82	slide += strspn(slide, " \t\r");
	83	/* There must be whitespace. */
	84	if (slide == window)
	85	goto on_error;
	86
f37d1c22	87	/* Mark beginning of nsid. */
0b843d35 CB	88	window = slide;
	89	/* Validate that non-whitespace follows. */
	90	slide += strcspn(slide, " \t\r");
	91	/* There must be non-whitespace. */
	92	if (slide == window \|\| *slide == '\0')
	93	goto on_error;
f37d1c22	94	/* Mark end of nsid. */
0b843d35 CB	95	*slide = '\0';
0b843d35 CB	96
f37d1c22	97	/* Parse nsid. */
a8b1ac78	98	if (lxc_safe_ulong(window, &tmp_nsid) < 0) {
f37d1c22	99	ERROR("Failed to parse nsid: %s", window);
0b843d35	100	goto on_error;
a8b1ac78	101	}
0b843d35 CB	102
	103	/* Move beyond \0. */
	104	slide++;
0b843d35 CB	105	/* Validate that only whitespace follows. */
	106	slide += strspn(slide, " \t\r");
	107	/* If there was only one whitespace then we whiped it with our \0 above.
	108	* So only ensure that we're not at the end of the string.
	109	*/
	110	if (*slide == '\0')
	111	goto on_error;
	112
	113	/* Mark beginning of hostid. */
	114	window = slide;
	115	/* Validate that non-whitespace follows. */
	116	slide += strcspn(slide, " \t\r");
	117	/* There must be non-whitespace. */
	118	if (slide == window \|\| *slide == '\0')
	119	goto on_error;
f37d1c22	120	/* Mark end of nsid. */
0b843d35 CB	121	*slide = '\0';
	122
	123	/* Parse hostid. */
a8b1ac78	124	if (lxc_safe_ulong(window, &tmp_hostid) < 0) {
f37d1c22	125	ERROR("Failed to parse hostid: %s", window);
0b843d35	126	goto on_error;
a8b1ac78	127	}
0b843d35 CB	128
	129	/* Move beyond \0. */
	130	slide++;
0b843d35 CB	131	/* Validate that only whitespace follows. */
	132	slide += strspn(slide, " \t\r");
	133	/* If there was only one whitespace then we whiped it with our \0 above.
	134	* So only ensure that we're not at the end of the string.
	135	*/
	136	if (*slide == '\0')
	137	goto on_error;
	138
	139	/* Mark beginning of range. */
	140	window = slide;
	141	/* Validate that non-whitespace follows. */
	142	slide += strcspn(slide, " \t\r");
	143	/* There must be non-whitespace. */
	144	if (slide == window)
	145	goto on_error;
	146
	147	/* The range is the last valid entry we expect. So make sure that there
f37d1c22	148	* is no trailing garbage and if there is, error out.
0b843d35 CB	149	*/
	150	if (*(slide + strspn(slide, " \t\r\n")) != '\0')
	151	goto on_error;
	152	/* Mark end of range. */
	153	*slide = '\0';
	154
	155	/* Parse range. */
a8b1ac78	156	if (lxc_safe_ulong(window, &tmp_range) < 0) {
f37d1c22	157	ERROR("Failed to parse id mapping range: %s", window);
0b843d35	158	goto on_error;
a8b1ac78	159	}
0b843d35 CB	160
	161	*type = tmp_type;
	162	*nsid = tmp_nsid;
	163	*hostid = tmp_hostid;
	164	*range = tmp_range;
	165
	166	/* Yay, we survived. */
	167	ret = 0;
	168
	169	on_error:
	170	free(dup);
	171
	172	return ret;
	173	}
663e9916 CB	174
	175	bool lxc_config_value_empty(const char *value)
	176	{
	177	if (value && strlen(value) > 0)
	178	return false;
	179
	180	return true;
	181	}
ce2f5ae8	182
c302b476	183	struct lxc_netdev lxc_network_add(struct lxc_list networks, int idx, bool tail)
ce2f5ae8 CB	184	{
	185	struct lxc_list *newlist;
	186	struct lxc_netdev *netdev = NULL;
ce2f5ae8 CB	187
	188	/* network does not exist */
	189	netdev = malloc(sizeof(*netdev));
	190	if (!netdev)
	191	return NULL;
	192
	193	memset(netdev, 0, sizeof(*netdev));
	194	lxc_list_init(&netdev->ipv4);
	195	lxc_list_init(&netdev->ipv6);
	196
	197	/* give network a unique index */
	198	netdev->idx = idx;
	199
	200	/* prepare new list */
	201	newlist = malloc(sizeof(*newlist));
	202	if (!newlist) {
	203	free(netdev);
	204	return NULL;
	205	}
	206
	207	lxc_list_init(newlist);
	208	newlist->elem = netdev;
	209
c302b476 CB	210	if (tail)
	211	lxc_list_add_tail(networks, newlist);
	212	else
	213	lxc_list_add(networks, newlist);
ce2f5ae8 CB	214	return netdev;
ce2f5ae8 CB	215	}
1ed6ba91	216
c302b476 CB	217	/* Takes care of finding the correct netdev struct in the networks list or
	218	* allocates a new one if it couldn't be found.
	219	*/
	220	struct lxc_netdev lxc_get_netdev_by_idx(struct lxc_conf conf,
	221	unsigned int idx, bool allocate)
	222	{
	223	struct lxc_netdev *netdev = NULL;
	224	struct lxc_list *networks = &conf->network;
	225	struct lxc_list *insert = networks;
	226
	227	/* lookup network */
	228	if (!lxc_list_empty(networks)) {
	229	lxc_list_for_each(insert, networks) {
	230	netdev = insert->elem;
	231	if (netdev->idx == idx)
	232	return netdev;
	233	else if (netdev->idx > idx)
	234	break;
	235	}
	236	}
	237
	238	if (!allocate)
	239	return NULL;
	240
	241	return lxc_network_add(insert, idx, true);
	242	}
	243
1ed6ba91 CB	244	void lxc_log_configured_netdevs(const struct lxc_conf *conf)
	245	{
	246	struct lxc_netdev *netdev;
	247	struct lxc_list it = (struct lxc_list )&conf->network;;
	248
	249	if ((conf->loglevel != LXC_LOG_LEVEL_TRACE) &&
	250	(lxc_log_get_level() != LXC_LOG_LEVEL_TRACE))
	251	return;
	252
	253	if (lxc_list_empty(it)) {
	254	TRACE("container has no networks configured");
	255	return;
	256	}
	257
	258	lxc_list_for_each(it, &conf->network) {
9b0df30f CB	259	struct lxc_list cur, next;
	260	struct lxc_inetdev *inet4dev;
	261	struct lxc_inet6dev *inet6dev;
	262	char bufinet4[INET_ADDRSTRLEN], bufinet6[INET6_ADDRSTRLEN];
	263
1ed6ba91 CB	264	netdev = it->elem;
1ed6ba91 CB	265
c302b476	266	TRACE("index: %zd", netdev->idx);
7a582518	267	TRACE("ifindex: %d", netdev->ifindex);
1ed6ba91 CB	268	switch (netdev->type) {
	269	case LXC_NET_VETH:
	270	TRACE("type: veth");
de4855a8	271	if (netdev->priv.veth_attr.pair[0] != '\0')
9b0df30f CB	272	TRACE("veth pair: %s",
9b0df30f CB	273	netdev->priv.veth_attr.pair);
8ce727fc CB	274	if (netdev->priv.veth_attr.veth1[0] != '\0')
	275	TRACE("veth1 : %s",
	276	netdev->priv.veth_attr.veth1);
d952b351 CB	277	if (netdev->priv.veth_attr.ifindex > 0)
	278	TRACE("host side ifindex for veth device: %d",
	279	netdev->priv.veth_attr.ifindex);
1ed6ba91 CB	280	break;
	281	case LXC_NET_MACVLAN:
	282	TRACE("type: macvlan");
9b0df30f CB	283	if (netdev->priv.macvlan_attr.mode > 0) {
	284	char *macvlan_mode;
	285	macvlan_mode = lxc_macvlan_flag_to_mode(
	286	netdev->priv.macvlan_attr.mode);
	287	TRACE("macvlan mode: %s",
	288	macvlan_mode ? macvlan_mode
	289	: "(invalid mode)");
	290	}
1ed6ba91 CB	291	break;
	292	case LXC_NET_VLAN:
	293	TRACE("type: vlan");
9b0df30f	294	TRACE("vlan id: %d", netdev->priv.vlan_attr.vid);
1ed6ba91 CB	295	break;
	296	case LXC_NET_PHYS:
	297	TRACE("type: phys");
b809f232 CB	298	if (netdev->priv.phys_attr.ifindex > 0) {
	299	TRACE("host side ifindex for phys device: %d",
	300	netdev->priv.phys_attr.ifindex);
	301	}
1ed6ba91 CB	302	break;
	303	case LXC_NET_EMPTY:
	304	TRACE("type: empty");
	305	break;
	306	case LXC_NET_NONE:
	307	TRACE("type: none");
	308	break;
	309	default:
	310	ERROR("invalid network type %d", netdev->type);
	311	return;
	312	}
	313
9b0df30f CB	314	if (netdev->type != LXC_NET_EMPTY) {
	315	TRACE("flags: %s",
	316	netdev->flags == IFF_UP ? "up" : "none");
de4855a8	317	if (netdev->link[0] != '\0')
9b0df30f	318	TRACE("link: %s", netdev->link);
de4855a8	319	if (netdev->name[0] != '\0')
9b0df30f CB	320	TRACE("name: %s", netdev->name);
	321	if (netdev->hwaddr)
	322	TRACE("hwaddr: %s", netdev->hwaddr);
	323	if (netdev->mtu)
	324	TRACE("mtu: %s", netdev->mtu);
	325	if (netdev->upscript)
	326	TRACE("upscript: %s", netdev->upscript);
	327	if (netdev->downscript)
	328	TRACE("downscript: %s", netdev->downscript);
	329
	330	TRACE("ipv4 gateway auto: %s",
	331	netdev->ipv4_gateway_auto ? "true" : "false");
	332
	333	if (netdev->ipv4_gateway) {
	334	inet_ntop(AF_INET, netdev->ipv4_gateway,
	335	bufinet4, sizeof(bufinet4));
	336	TRACE("ipv4 gateway: %s", bufinet4);
	337	}
	338
	339	lxc_list_for_each_safe(cur, &netdev->ipv4, next) {
	340	inet4dev = cur->elem;
	341	inet_ntop(AF_INET, &inet4dev->addr, bufinet4,
	342	sizeof(bufinet4));
	343	TRACE("ipv4 addr: %s", bufinet4);
	344	}
	345
	346	TRACE("ipv6 gateway auto: %s",
	347	netdev->ipv6_gateway_auto ? "true" : "false");
	348	if (netdev->ipv6_gateway) {
	349	inet_ntop(AF_INET6, netdev->ipv6_gateway,
	350	bufinet6, sizeof(bufinet6));
	351	TRACE("ipv6 gateway: %s", bufinet6);
	352	}
	353	lxc_list_for_each_safe(cur, &netdev->ipv6, next) {
	354	inet6dev = cur->elem;
	355	inet_ntop(AF_INET6, &inet6dev->addr, bufinet6,
	356	sizeof(bufinet6));
	357	TRACE("ipv6 addr: %s", bufinet6);
	358	}
	359	}
1ed6ba91 CB	360	}
1ed6ba91 CB	361	}
519df1c1	362
e5d2fd7c CB	363	static void lxc_free_netdev(struct lxc_netdev *netdev)
	364	{
	365	struct lxc_list cur, next;
	366
e5d2fd7c CB	367	free(netdev->upscript);
	368	free(netdev->downscript);
	369	free(netdev->hwaddr);
	370	free(netdev->mtu);
	371
	372	free(netdev->ipv4_gateway);
	373	lxc_list_for_each_safe(cur, &netdev->ipv4, next) {
	374	lxc_list_del(cur);
	375	free(cur->elem);
	376	free(cur);
	377	}
	378
	379	free(netdev->ipv6_gateway);
	380	lxc_list_for_each_safe(cur, &netdev->ipv6, next) {
	381	lxc_list_del(cur);
	382	free(cur->elem);
	383	free(cur);
	384	}
	385
	386	free(netdev);
	387	}
	388
519df1c1 CB	389	bool lxc_remove_nic_by_idx(struct lxc_conf *conf, unsigned int idx)
519df1c1 CB	390	{
e5d2fd7c	391	struct lxc_list cur, next;
519df1c1 CB	392	struct lxc_netdev *netdev;
	393	bool found = false;
	394
	395	lxc_list_for_each_safe(cur, &conf->network, next) {
	396	netdev = cur->elem;
	397	if (netdev->idx != idx)
	398	continue;
	399
	400	lxc_list_del(cur);
	401	found = true;
	402	break;
	403	}
	404
	405	if (!found)
	406	return false;
	407
e5d2fd7c	408	lxc_free_netdev(netdev);
519df1c1 CB	409	free(cur);
	410
	411	return true;
	412	}
e5d2fd7c	413
c302b476	414	void lxc_free_networks(struct lxc_list *networks)
e5d2fd7c CB	415	{
	416	struct lxc_list cur, next;
	417	struct lxc_netdev *netdev;
	418
c302b476	419	lxc_list_for_each_safe(cur, networks, next) {
e5d2fd7c CB	420	netdev = cur->elem;
	421	lxc_free_netdev(netdev);
	422	free(cur);
	423	}
	424
	425	/* prevent segfaults */
c302b476	426	lxc_list_init(networks);
e5d2fd7c	427	}
9b0df30f CB	428
	429	static struct macvlan_mode {
	430	char *name;
	431	int mode;
	432	} macvlan_mode[] = {
	433	{ "private", MACVLAN_MODE_PRIVATE },
	434	{ "vepa", MACVLAN_MODE_VEPA },
	435	{ "bridge", MACVLAN_MODE_BRIDGE },
	436	{ "passthru", MACVLAN_MODE_PASSTHRU },
	437	};
	438
	439	int lxc_macvlan_mode_to_flag(int mode, const char value)
	440	{
	441	size_t i;
	442
	443	for (i = 0; i < sizeof(macvlan_mode) / sizeof(macvlan_mode[0]); i++) {
	444	if (strcmp(macvlan_mode[i].name, value))
	445	continue;
	446
	447	*mode = macvlan_mode[i].mode;
	448	return 0;
	449	}
	450
	451	return -1;
	452	}
	453
	454	char *lxc_macvlan_flag_to_mode(int mode)
	455	{
	456	size_t i;
	457
	458	for (i = 0; i < sizeof(macvlan_mode) / sizeof(macvlan_mode[0]); i++) {
	459	if (macvlan_mode[i].mode == mode)
	460	continue;
	461
	462	return macvlan_mode[i].name;
	463	}
	464
	465	return NULL;
	466	}
f9373e40 CB	467
	468	int set_config_string_item(char *conf_item, const char value)
	469	{
	470	char *new_value;
	471
	472	if (lxc_config_value_empty(value)) {
	473	free(*conf_item);
	474	*conf_item = NULL;
	475	return 0;
	476	}
	477
	478	new_value = strdup(value);
	479	if (!new_value) {
	480	SYSERROR("failed to duplicate string \"%s\"", value);
	481	return -1;
	482	}
	483
	484	free(*conf_item);
	485	*conf_item = new_value;
	486	return 0;
	487	}
	488
	489	int set_config_string_item_max(char *conf_item, const char value, size_t max)
	490	{
	491	if (strlen(value) >= max) {
	492	ERROR("%s is too long (>= %lu)", value, (unsigned long)max);
	493	return -1;
	494	}
	495
	496	return set_config_string_item(conf_item, value);
	497	}
	498
	499	int set_config_path_item(char *conf_item, const char value)
	500	{
	501	return set_config_string_item_max(conf_item, value, PATH_MAX);
	502	}
	503
	504	int config_ip_prefix(struct in_addr *addr)
	505	{
	506	if (IN_CLASSA(addr->s_addr))
	507	return 32 - IN_CLASSA_NSHIFT;
	508	if (IN_CLASSB(addr->s_addr))
	509	return 32 - IN_CLASSB_NSHIFT;
	510	if (IN_CLASSC(addr->s_addr))
	511	return 32 - IN_CLASSC_NSHIFT;
	512
	513	return 0;
	514	}
	515
18cd4b54	516	int network_ifname(char valuep, const char value, size_t size)
f9373e40	517	{
18cd4b54 DJ	518	size_t retlen;
	519
	520	if (!valuep \|\| !value)
	521	return -1;
	522
	523	retlen = strlcpy(valuep, value, size);
	524	if (retlen >= size) {
de4855a8	525	ERROR("Network devie name \"%s\" is too long (>= %zu)", value,
18cd4b54	526	size);
de4855a8 CB	527	}
de4855a8 CB	528
de4855a8	529	return 0;
f9373e40 CB	530	}
	531
	532	int rand_complete_hwaddr(char *hwaddr)
	533	{
	534	const char hex[] = "0123456789abcdef";
	535	char *curs = hwaddr;
	536
	537	#ifndef HAVE_RAND_R
	538	randseed(true);
	539	#else
	540	unsigned int seed;
	541
	542	seed = randseed(false);
	543	#endif
	544	while (curs != '\0' && curs != '\n') {
	545	if (curs == 'x' \|\| curs == 'X') {
	546	if (curs - hwaddr == 1) {
	547	/* ensure address is unicast */
	548	#ifdef HAVE_RAND_R
	549	*curs = hex[rand_r(&seed) & 0x0E];
	550	} else {
	551	*curs = hex[rand_r(&seed) & 0x0F];
	552	#else
	553	*curs = hex[rand() & 0x0E];
	554	} else {
	555	*curs = hex[rand() & 0x0F];
	556	#endif
	557	}
	558	}
	559	curs++;
	560	}
	561	return 0;
	562	}
	563
ce4be612	564	bool lxc_config_net_hwaddr(const char *line)
ce4be612	565	{
44047b2b FA	566	unsigned index;
44047b2b FA	567	char tmp[7];
ce4be612	568
	569	if (strncmp(line, "lxc.net", 7) != 0)
	570	return false;
44047b2b	571	if (strncmp(line, "lxc.net.hwaddr", 14) == 0)
ce4be612	572	return true;
44047b2b	573	if (strncmp(line, "lxc.network.hwaddr", 18) == 0)
ce4be612	574	return true;
44047b2b FA	575	if (sscanf(line, "lxc.net.%u.%6s", &index, tmp) == 2 \|\| sscanf(line, "lxc.network.%u.%6s", &index, tmp) == 2)
44047b2b FA	576	return strncmp(tmp, "hwaddr", 6) == 0;
ce4be612	577
ce4be612	578	return false;
	579	}
	580
f9373e40	581	/*
ae1dc8b4	582	* If we find a lxc.net.[i].hwaddr or lxc.network.hwaddr in the original config
	583	* file, we expand it in the unexpanded_config, so that after a save_config we
	584	* store the hwaddr for re-use.
f9373e40 CB	585	* This is only called when reading the config file, not when executing a
	586	* lxc.include.
	587	* 'x' and 'X' are substituted in-place.
	588	*/
	589	void update_hwaddr(const char *line)
	590	{
	591	char *p;
	592
	593	line += lxc_char_left_gc(line, strlen(line));
	594	if (line[0] == '#')
	595	return;
	596
ae1dc8b4	597	if (!lxc_config_net_hwaddr(line))
f9373e40 CB	598	return;
	599
	600	/* Let config_net_hwaddr raise the error. */
	601	p = strchr(line, '=');
	602	if (!p)
	603	return;
	604	p++;
	605
	606	while (isblank(*p))
	607	p++;
	608
	609	if (!*p)
	610	return;
	611
	612	rand_complete_hwaddr(p);
	613	}
	614
	615	bool new_hwaddr(char *hwaddr)
	616	{
	617	int ret;
	618
	619	(void)randseed(true);
	620
	621	ret = snprintf(hwaddr, 18, "00:16:3e:%02x:%02x:%02x", rand() % 255,
	622	rand() % 255, rand() % 255);
	623	if (ret < 0 \|\| ret >= 18) {
	624	SYSERROR("Failed to call snprintf().");
	625	return false;
	626	}
	627
	628	return true;
	629	}
953fe44f CB	630
	631	int lxc_get_conf_str(char retv, int inlen, const char value)
	632	{
d3bdf12c CB	633	size_t value_len;
d3bdf12c CB	634
953fe44f CB	635	if (!value)
953fe44f CB	636	return 0;
d3bdf12c CB	637
	638	value_len = strlen(value);
	639	if (retv && inlen >= value_len + 1)
	640	memcpy(retv, value, value_len + 1);
953fe44f CB	641
	642	return strlen(value);
	643	}
	644
	645	int lxc_get_conf_int(struct lxc_conf c, char retv, int inlen, int v)
	646	{
1396b610 DJ	647	int len;
	648	int fulllen = 0;
	649
953fe44f CB	650	if (!retv)
	651	inlen = 0;
	652	else
	653	memset(retv, 0, inlen);
	654
1396b610 DJ	655	strprint(retv, inlen, "%d", v);
	656
	657	return fulllen;
953fe44f	658	}
240d4b74	659
885766f5 CB	660	int lxc_get_conf_size_t(struct lxc_conf c, char retv, int inlen, size_t v)
885766f5 CB	661	{
1396b610 DJ	662	int len;
	663	int fulllen = 0;
	664
885766f5 CB	665	if (!retv)
	666	inlen = 0;
	667	else
	668	memset(retv, 0, inlen);
	669
1396b610 DJ	670	strprint(retv, inlen, "%zu", v);
	671
	672	return fulllen;
885766f5 CB	673	}
885766f5 CB	674
2ea479c9 CB	675	int lxc_get_conf_uint64(struct lxc_conf c, char retv, int inlen, uint64_t v)
2ea479c9 CB	676	{
1396b610 DJ	677	int len;
	678	int fulllen = 0;
	679
2ea479c9 CB	680	if (!retv)
	681	inlen = 0;
	682	else
	683	memset(retv, 0, inlen);
	684
1396b610 DJ	685	strprint(retv, inlen, "%"PRIu64, v);
	686
	687	return fulllen;
2ea479c9 CB	688	}
2ea479c9 CB	689
71460831	690	bool parse_limit_value(const char *value, rlim_t res)
240d4b74	691	{
	692	char *endptr = NULL;
	693
	694	if (strncmp(*value, "unlimited", sizeof("unlimited") - 1) == 0) {
	695	*res = RLIM_INFINITY;
	696	*value += sizeof("unlimited") - 1;
	697	return true;
	698	}
	699
	700	errno = 0;
71460831	701	res = strtoull(value, &endptr, 10);
240d4b74	702	if (errno \|\| !endptr)
	703	return false;
	704	*value = endptr;
	705
	706	return true;
	707	}
28d9e29e CB	708
	709	static int lxc_container_name_to_pid(const char *lxcname_or_pid,
	710	const char *lxcpath)
	711	{
	712	int ret;
	713	signed long int pid;
	714	char *err = NULL;
	715
	716	pid = strtol(lxcname_or_pid, &err, 10);
	717	if (*err != '\0' \|\| pid < 1) {
	718	struct lxc_container *c;
	719
	720	c = lxc_container_new(lxcname_or_pid, lxcpath);
	721	if (!c) {
	722	ERROR("\"%s\" is not a valid pid nor a container name",
	723	lxcname_or_pid);
	724	return -1;
	725	}
	726
	727	if (!c->may_control(c)) {
	728	ERROR("Insufficient privileges to control container "
	729	"\"%s\"", c->name);
	730	lxc_container_put(c);
	731	return -1;
	732	}
	733
	734	pid = c->init_pid(c);
	735	if (pid < 1) {
	736	ERROR("Container \"%s\" is not running", c->name);
	737	lxc_container_put(c);
	738	return -1;
	739	}
	740
	741	lxc_container_put(c);
	742	}
	743
	744	ret = kill(pid, 0);
	745	if (ret < 0) {
6d1400b5	746	SYSERROR("Failed to send signal to pid %d", (int)pid);
28d9e29e CB	747	return -EPERM;
	748	}
	749
	750	return pid;
	751	}
	752
	753	int lxc_inherit_namespace(const char lxcname_or_pid, const char lxcpath,
	754	const char *namespace)
	755	{
	756	int fd, pid;
	757	char dup, lastslash;
	758
	759	lastslash = strrchr(lxcname_or_pid, '/');
	760	if (lastslash) {
	761	dup = strdup(lxcname_or_pid);
	762	if (!dup)
	763	return -ENOMEM;
	764
71649566 L	765	dup[lastslash - lxcname_or_pid] = '\0';
71649566 L	766	pid = lxc_container_name_to_pid(lastslash + 1, dup);
28d9e29e CB	767	free(dup);
	768	} else {
	769	pid = lxc_container_name_to_pid(lxcname_or_pid, lxcpath);
	770	}
	771
	772	if (pid < 0)
	773	return -EINVAL;
	774
	775	fd = lxc_preserve_ns(pid, namespace);
	776	if (fd < 0)
	777	return -EINVAL;
	778
	779	return fd;
	780	}