]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/af_unix.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Use actual length of socket's name for abstract sockets (v3)
[mirror_lxc.git] / src / lxc / af_unix.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2008
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23 #include <stddef.h>
24 #include <string.h>
25 #include <unistd.h>
26 #include <fcntl.h>
27 #include <errno.h>
28 #define __USE_GNU
29 #include <sys/socket.h>
30 #undef __USE_GNU
31 #include <sys/un.h>
32
33 #include "log.h"
34 #include "lxclock.h"
35
36 lxc_log_define(lxc_af_unix, lxc);
37
38 int lxc_abstract_unix_open(const char *path, int type, int flags)
39 {
40 int fd;
41 size_t len;
42 struct sockaddr_un addr;
43
44 if (flags & O_TRUNC)
45 unlink(path);
46
47 process_lock();
48 fd = socket(PF_UNIX, type, 0);
49 process_unlock();
50 if (fd < 0)
51 return -1;
52
53 /* Clear address structure */
54 memset(&addr, 0, sizeof(addr));
55
56 if (!path)
57 return fd;
58
59 addr.sun_family = AF_UNIX;
60
61 len = strlen(&path[1]) + 1;
62 if (len >= sizeof(addr.sun_path) - 1) {
63 process_lock();
64 close(fd);
65 process_unlock();
66 errno = ENAMETOOLONG;
67 return -1;
68 }
69 /* addr.sun_path[0] has already been set to 0 by memset() */
70 strncpy(&addr.sun_path[1], &path[1], strlen(&path[1]));
71
72 if (bind(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len)) {
73 int tmp = errno;
74 process_lock();
75 close(fd);
76 process_unlock();
77 errno = tmp;
78 return -1;
79 }
80
81 if (type == SOCK_STREAM && listen(fd, 100)) {
82 int tmp = errno;
83 process_lock();
84 close(fd);
85 process_unlock();
86 errno = tmp;
87 return -1;
88 }
89
90 return fd;
91 }
92
93 int lxc_abstract_unix_close(int fd)
94 {
95 struct sockaddr_un addr;
96 socklen_t addrlen = sizeof(addr);
97
98 if (!getsockname(fd, (struct sockaddr *)&addr, &addrlen) &&
99 addr.sun_path[0])
100 unlink(addr.sun_path);
101
102 process_lock();
103 close(fd);
104 process_unlock();
105
106 return 0;
107 }
108
109 int lxc_abstract_unix_connect(const char *path)
110 {
111 int fd;
112 size_t len;
113 struct sockaddr_un addr;
114
115 process_lock();
116 fd = socket(PF_UNIX, SOCK_STREAM, 0);
117 process_unlock();
118 if (fd < 0)
119 return -1;
120
121 memset(&addr, 0, sizeof(addr));
122
123 addr.sun_family = AF_UNIX;
124
125 len = strlen(&path[1]) + 1;
126 if (len >= sizeof(addr.sun_path) - 1) {
127 process_lock();
128 close(fd);
129 process_unlock();
130 errno = ENAMETOOLONG;
131 return -1;
132 }
133 /* addr.sun_path[0] has already been set to 0 by memset() */
134 strncpy(&addr.sun_path[1], &path[1], strlen(&path[1]));
135
136 if (connect(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len)) {
137 int tmp = errno;
138 process_lock();
139 close(fd);
140 process_unlock();
141 errno = tmp;
142 return -1;
143 }
144
145 return fd;
146 }
147
148 int lxc_abstract_unix_send_fd(int fd, int sendfd, void *data, size_t size)
149 {
150 struct msghdr msg = { 0 };
151 struct iovec iov;
152 struct cmsghdr *cmsg;
153 char cmsgbuf[CMSG_SPACE(sizeof(int))];
154 char buf[1];
155 int *val;
156
157 msg.msg_control = cmsgbuf;
158 msg.msg_controllen = sizeof(cmsgbuf);
159
160 cmsg = CMSG_FIRSTHDR(&msg);
161 cmsg->cmsg_len = CMSG_LEN(sizeof(int));
162 cmsg->cmsg_level = SOL_SOCKET;
163 cmsg->cmsg_type = SCM_RIGHTS;
164 val = (int *)(CMSG_DATA(cmsg));
165 *val = sendfd;
166
167 msg.msg_name = NULL;
168 msg.msg_namelen = 0;
169
170 iov.iov_base = data ? data : buf;
171 iov.iov_len = data ? size : sizeof(buf);
172 msg.msg_iov = &iov;
173 msg.msg_iovlen = 1;
174
175 return sendmsg(fd, &msg, 0);
176 }
177
178 int lxc_abstract_unix_recv_fd(int fd, int *recvfd, void *data, size_t size)
179 {
180 struct msghdr msg = { 0 };
181 struct iovec iov;
182 struct cmsghdr *cmsg;
183 char cmsgbuf[CMSG_SPACE(sizeof(int))];
184 char buf[1];
185 int ret, *val;
186
187 msg.msg_name = NULL;
188 msg.msg_namelen = 0;
189 msg.msg_control = cmsgbuf;
190 msg.msg_controllen = sizeof(cmsgbuf);
191
192 iov.iov_base = data ? data : buf;
193 iov.iov_len = data ? size : sizeof(buf);
194 msg.msg_iov = &iov;
195 msg.msg_iovlen = 1;
196
197 ret = recvmsg(fd, &msg, 0);
198 if (ret <= 0)
199 goto out;
200
201 cmsg = CMSG_FIRSTHDR(&msg);
202
203 /* if the message is wrong the variable will not be
204 * filled and the peer will notified about a problem */
205 *recvfd = -1;
206
207 if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(int)) &&
208 cmsg->cmsg_level == SOL_SOCKET &&
209 cmsg->cmsg_type == SCM_RIGHTS) {
210 val = (int *) CMSG_DATA(cmsg);
211 *recvfd = *val;
212 }
213 out:
214 return ret;
215 }
216
217 int lxc_abstract_unix_send_credential(int fd, void *data, size_t size)
218 {
219 struct msghdr msg = { 0 };
220 struct iovec iov;
221 struct cmsghdr *cmsg;
222 struct ucred cred = {
223 .pid = getpid(),
224 .uid = getuid(),
225 .gid = getgid(),
226 };
227 char cmsgbuf[CMSG_SPACE(sizeof(cred))];
228 char buf[1];
229
230 msg.msg_control = cmsgbuf;
231 msg.msg_controllen = sizeof(cmsgbuf);
232
233 cmsg = CMSG_FIRSTHDR(&msg);
234 cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
235 cmsg->cmsg_level = SOL_SOCKET;
236 cmsg->cmsg_type = SCM_CREDENTIALS;
237 memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));
238
239 msg.msg_name = NULL;
240 msg.msg_namelen = 0;
241
242 iov.iov_base = data ? data : buf;
243 iov.iov_len = data ? size : sizeof(buf);
244 msg.msg_iov = &iov;
245 msg.msg_iovlen = 1;
246
247 return sendmsg(fd, &msg, 0);
248 }
249
250 int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size)
251 {
252 struct msghdr msg = { 0 };
253 struct iovec iov;
254 struct cmsghdr *cmsg;
255 struct ucred cred;
256 char cmsgbuf[CMSG_SPACE(sizeof(cred))];
257 char buf[1];
258 int ret;
259
260 msg.msg_name = NULL;
261 msg.msg_namelen = 0;
262 msg.msg_control = cmsgbuf;
263 msg.msg_controllen = sizeof(cmsgbuf);
264
265 iov.iov_base = data ? data : buf;
266 iov.iov_len = data ? size : sizeof(buf);
267 msg.msg_iov = &iov;
268 msg.msg_iovlen = 1;
269
270 ret = recvmsg(fd, &msg, 0);
271 if (ret <= 0)
272 goto out;
273
274 cmsg = CMSG_FIRSTHDR(&msg);
275
276 if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
277 cmsg->cmsg_level == SOL_SOCKET &&
278 cmsg->cmsg_type == SCM_CREDENTIALS) {
279 memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));
280 if (cred.uid && (cred.uid != getuid() || cred.gid != getgid())) {
281 INFO("message denied for '%d/%d'", cred.uid, cred.gid);
282 return -EACCES;
283 }
284 }
285 out:
286 return ret;
287 }
LXC mirror