]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/af_unix.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
make heavier use of process_lock (v2)
[mirror_lxc.git] / src / lxc / af_unix.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2008
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23 #include <string.h>
24 #include <unistd.h>
25 #include <fcntl.h>
26 #include <errno.h>
27 #define __USE_GNU
28 #include <sys/socket.h>
29 #undef __USE_GNU
30 #include <sys/un.h>
31
32 #include "log.h"
33 #include "lxclock.h"
34
35 lxc_log_define(lxc_af_unix, lxc);
36
37 int lxc_af_unix_open(const char *path, int type, int flags)
38 {
39 int fd;
40 size_t len;
41 struct sockaddr_un addr;
42
43 if (flags & O_TRUNC)
44 unlink(path);
45
46 process_lock();
47 fd = socket(PF_UNIX, type, 0);
48 process_unlock();
49 if (fd < 0)
50 return -1;
51
52 memset(&addr, 0, sizeof(addr));
53
54 if (!path)
55 return fd;
56
57 addr.sun_family = AF_UNIX;
58 /* copy entire buffer in case of abstract socket */
59 len = sizeof(addr.sun_path);
60 if (path[0]) {
61 len = strlen(path);
62 if (len >= sizeof(addr.sun_path)) {
63 process_lock();
64 close(fd);
65 process_unlock();
66 errno = ENAMETOOLONG;
67 return -1;
68 }
69 }
70 memcpy(addr.sun_path, path, len);
71
72 if (bind(fd, (struct sockaddr *)&addr, sizeof(addr))) {
73 int tmp = errno;
74 process_lock();
75 close(fd);
76 process_unlock();
77 errno = tmp;
78 return -1;
79 }
80
81 if (type == SOCK_STREAM && listen(fd, 100)) {
82 int tmp = errno;
83 process_lock();
84 close(fd);
85 process_unlock();
86 errno = tmp;
87 return -1;
88 }
89
90 return fd;
91 }
92
93 int lxc_af_unix_close(int fd)
94 {
95 struct sockaddr_un addr;
96 socklen_t addrlen = sizeof(addr);
97
98 if (!getsockname(fd, (struct sockaddr *)&addr, &addrlen) &&
99 addr.sun_path[0])
100 unlink(addr.sun_path);
101
102 process_lock();
103 close(fd);
104 process_unlock();
105
106 return 0;
107 }
108
109 int lxc_af_unix_connect(const char *path)
110 {
111 int fd;
112 struct sockaddr_un addr;
113
114 process_lock();
115 fd = socket(PF_UNIX, SOCK_STREAM, 0);
116 process_unlock();
117 if (fd < 0)
118 return -1;
119
120 memset(&addr, 0, sizeof(addr));
121
122 addr.sun_family = AF_UNIX;
123 /* copy entire buffer in case of abstract socket */
124 memcpy(addr.sun_path, path,
125 path[0]?strlen(path):sizeof(addr.sun_path));
126
127 if (connect(fd, (struct sockaddr *)&addr, sizeof(addr))) {
128 int tmp = errno;
129 process_lock();
130 close(fd);
131 process_unlock();
132 errno = tmp;
133 return -1;
134 }
135
136 return fd;
137 }
138
139 int lxc_af_unix_send_fd(int fd, int sendfd, void *data, size_t size)
140 {
141 struct msghdr msg = { 0 };
142 struct iovec iov;
143 struct cmsghdr *cmsg;
144 char cmsgbuf[CMSG_SPACE(sizeof(int))];
145 char buf[1];
146 int *val;
147
148 msg.msg_control = cmsgbuf;
149 msg.msg_controllen = sizeof(cmsgbuf);
150
151 cmsg = CMSG_FIRSTHDR(&msg);
152 cmsg->cmsg_len = CMSG_LEN(sizeof(int));
153 cmsg->cmsg_level = SOL_SOCKET;
154 cmsg->cmsg_type = SCM_RIGHTS;
155 val = (int *)(CMSG_DATA(cmsg));
156 *val = sendfd;
157
158 msg.msg_name = NULL;
159 msg.msg_namelen = 0;
160
161 iov.iov_base = data ? data : buf;
162 iov.iov_len = data ? size : sizeof(buf);
163 msg.msg_iov = &iov;
164 msg.msg_iovlen = 1;
165
166 return sendmsg(fd, &msg, 0);
167 }
168
169 int lxc_af_unix_recv_fd(int fd, int *recvfd, void *data, size_t size)
170 {
171 struct msghdr msg = { 0 };
172 struct iovec iov;
173 struct cmsghdr *cmsg;
174 char cmsgbuf[CMSG_SPACE(sizeof(int))];
175 char buf[1];
176 int ret, *val;
177
178 msg.msg_name = NULL;
179 msg.msg_namelen = 0;
180 msg.msg_control = cmsgbuf;
181 msg.msg_controllen = sizeof(cmsgbuf);
182
183 iov.iov_base = data ? data : buf;
184 iov.iov_len = data ? size : sizeof(buf);
185 msg.msg_iov = &iov;
186 msg.msg_iovlen = 1;
187
188 ret = recvmsg(fd, &msg, 0);
189 if (ret <= 0)
190 goto out;
191
192 cmsg = CMSG_FIRSTHDR(&msg);
193
194 /* if the message is wrong the variable will not be
195 * filled and the peer will notified about a problem */
196 *recvfd = -1;
197
198 if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(int)) &&
199 cmsg->cmsg_level == SOL_SOCKET &&
200 cmsg->cmsg_type == SCM_RIGHTS) {
201 val = (int *) CMSG_DATA(cmsg);
202 *recvfd = *val;
203 }
204 out:
205 return ret;
206 }
207
208 int lxc_af_unix_send_credential(int fd, void *data, size_t size)
209 {
210 struct msghdr msg = { 0 };
211 struct iovec iov;
212 struct cmsghdr *cmsg;
213 struct ucred cred = {
214 .pid = getpid(),
215 .uid = getuid(),
216 .gid = getgid(),
217 };
218 char cmsgbuf[CMSG_SPACE(sizeof(cred))];
219 char buf[1];
220
221 msg.msg_control = cmsgbuf;
222 msg.msg_controllen = sizeof(cmsgbuf);
223
224 cmsg = CMSG_FIRSTHDR(&msg);
225 cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
226 cmsg->cmsg_level = SOL_SOCKET;
227 cmsg->cmsg_type = SCM_CREDENTIALS;
228 memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));
229
230 msg.msg_name = NULL;
231 msg.msg_namelen = 0;
232
233 iov.iov_base = data ? data : buf;
234 iov.iov_len = data ? size : sizeof(buf);
235 msg.msg_iov = &iov;
236 msg.msg_iovlen = 1;
237
238 return sendmsg(fd, &msg, 0);
239 }
240
241 int lxc_af_unix_rcv_credential(int fd, void *data, size_t size)
242 {
243 struct msghdr msg = { 0 };
244 struct iovec iov;
245 struct cmsghdr *cmsg;
246 struct ucred cred;
247 char cmsgbuf[CMSG_SPACE(sizeof(cred))];
248 char buf[1];
249 int ret;
250
251 msg.msg_name = NULL;
252 msg.msg_namelen = 0;
253 msg.msg_control = cmsgbuf;
254 msg.msg_controllen = sizeof(cmsgbuf);
255
256 iov.iov_base = data ? data : buf;
257 iov.iov_len = data ? size : sizeof(buf);
258 msg.msg_iov = &iov;
259 msg.msg_iovlen = 1;
260
261 ret = recvmsg(fd, &msg, 0);
262 if (ret <= 0)
263 goto out;
264
265 cmsg = CMSG_FIRSTHDR(&msg);
266
267 if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
268 cmsg->cmsg_level == SOL_SOCKET &&
269 cmsg->cmsg_type == SCM_CREDENTIALS) {
270 memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));
271 if (cred.uid && (cred.uid != getuid() || cred.gid != getgid())) {
272 INFO("message denied for '%d/%d'", cred.uid, cred.gid);
273 return -EACCES;
274 }
275 }
276 out:
277 return ret;
278 }
LXC mirror