src/lxc/af_unix.c

   1 /*
   2  * lxc: linux Container library
   3  *
   4  * (C) Copyright IBM Corp. 2007, 2008
   5  *
   6  * Authors:
   7  * Daniel Lezcano <dlezcano at fr.ibm.com>
   8  *
   9  * This library is free software; you can redistribute it and/or
  10  * modify it under the terms of the GNU Lesser General Public
  11  * License as published by the Free Software Foundation; either
  12  * version 2.1 of the License, or (at your option) any later version.
  13  *
  14  * This library is distributed in the hope that it will be useful,
  15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  17  * Lesser General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU Lesser General Public
  20  * License along with this library; if not, write to the Free Software
  21  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  22  */
  23 #include <string.h>
  24 #include <unistd.h>
  25 #include <fcntl.h>
  26 #include <errno.h>
  27 #define __USE_GNU
  28 #include <sys/socket.h>
  29 #undef __USE_GNU
  30 #include <sys/un.h>
  31
  32 #include "log.h"
  33
  34 lxc_log_define(lxc_af_unix, lxc);
  35
  36 int lxc_af_unix_open(const char *path, int type, int flags)
  37 {
  38         int fd;
  39         struct sockaddr_un addr;
  40
  41         if (flags & O_TRUNC)
  42                 unlink(path);
  43
  44         fd = socket(PF_UNIX, type, 0);
  45         if (fd < 0)
  46                 return -1;
  47
  48         memset(&addr, 0, sizeof(addr));
  49
  50         if (!path)
  51                 return fd;
  52
  53         addr.sun_family = AF_UNIX;
  54         /* copy entire buffer in case of abstract socket */
  55         memcpy(addr.sun_path, path,
  56                path[0]?strlen(path):sizeof(addr.sun_path));
  57
  58         if (bind(fd, (struct sockaddr *)&addr, sizeof(addr))) {
  59                 close(fd);
  60                 return -1;
  61         }
  62
  63         if (type == SOCK_STREAM && listen(fd, 100)) {
  64                 close(fd);
  65                 return -1;
  66         }
  67
  68         return fd;
  69 }
  70
  71 int lxc_af_unix_close(int fd)
  72 {
  73         struct sockaddr_un addr;
  74         socklen_t addrlen;
  75
  76         if (!getsockname(fd, (struct sockaddr *)&addr, &addrlen) &&
  77             addr.sun_path[0])
  78                 unlink(addr.sun_path);
  79
  80         close(fd);
  81
  82         return 0;
  83 }
  84
  85 int lxc_af_unix_connect(const char *path)
  86 {
  87         int fd;
  88         struct sockaddr_un addr;
  89
  90         fd = socket(PF_UNIX, SOCK_STREAM, 0);
  91         if (fd < 0)
  92                 return -1;
  93
  94         memset(&addr, 0, sizeof(addr));
  95
  96         addr.sun_family = AF_UNIX;
  97         /* copy entire buffer in case of abstract socket */
  98         memcpy(addr.sun_path, path,
  99                path[0]?strlen(path):sizeof(addr.sun_path));
 100
 101         if (connect(fd, (struct sockaddr *)&addr, sizeof(addr))) {
 102                 close(fd);
 103                 return -1;
 104         }
 105
 106         return fd;
 107 }
 108
 109 int lxc_af_unix_send_fd(int fd, int sendfd, void *data, size_t size)
 110 {
 111         struct msghdr msg = { 0 };
 112         struct iovec iov;
 113         struct cmsghdr *cmsg;
 114         char cmsgbuf[CMSG_SPACE(sizeof(int))];
 115         char buf[1];
 116         int *val;
 117
 118         msg.msg_control = cmsgbuf;
 119         msg.msg_controllen = sizeof(cmsgbuf);
 120
 121         cmsg = CMSG_FIRSTHDR(&msg);
 122         cmsg->cmsg_len = CMSG_LEN(sizeof(int));
 123         cmsg->cmsg_level = SOL_SOCKET;
 124         cmsg->cmsg_type = SCM_RIGHTS;
 125         val = (int *)(CMSG_DATA(cmsg));
 126         *val = sendfd;
 127
 128         msg.msg_name = NULL;
 129         msg.msg_namelen = 0;
 130
 131         iov.iov_base = data ? data : buf;
 132         iov.iov_len = data ? size : sizeof(buf);
 133         msg.msg_iov = &iov;
 134         msg.msg_iovlen = 1;
 135
 136         return sendmsg(fd, &msg, 0);
 137 }
 138
 139 int lxc_af_unix_recv_fd(int fd, int *recvfd, void *data, size_t size)
 140 {
 141         struct msghdr msg = { 0 };
 142         struct iovec iov;
 143         struct cmsghdr *cmsg;
 144         char cmsgbuf[CMSG_SPACE(sizeof(int))];
 145         char buf[1];
 146         int ret, *val;
 147
 148         msg.msg_name = NULL;
 149         msg.msg_namelen = 0;
 150         msg.msg_control = cmsgbuf;
 151         msg.msg_controllen = sizeof(cmsgbuf);
 152
 153         iov.iov_base = data ? data : buf;
 154         iov.iov_len = data ? size : sizeof(buf);
 155         msg.msg_iov = &iov;
 156         msg.msg_iovlen = 1;
 157
 158         ret = recvmsg(fd, &msg, 0);
 159         if (ret <= 0)
 160                 goto out;
 161
 162         cmsg = CMSG_FIRSTHDR(&msg);
 163
 164         /* if the message is wrong the variable will not be
 165          * filled and the peer will notified about a problem */
 166         *recvfd = -1;
 167
 168         if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(int)) &&
 169             cmsg->cmsg_level == SOL_SOCKET &&
 170             cmsg->cmsg_type == SCM_RIGHTS) {
 171                 val = (int *) CMSG_DATA(cmsg);
 172                 *recvfd = *val;
 173         }
 174 out:
 175         return ret;
 176 }
 177
 178 int lxc_af_unix_send_credential(int fd, void *data, size_t size)
 179 {
 180         struct msghdr msg = { 0 };
 181         struct iovec iov;
 182         struct cmsghdr *cmsg;
 183         struct ucred cred = {
 184                 .pid = getpid(),
 185                 .uid = getuid(),
 186                 .gid = getgid(),
 187         };
 188         char cmsgbuf[CMSG_SPACE(sizeof(cred))];
 189         char buf[1];
 190
 191         msg.msg_control = cmsgbuf;
 192         msg.msg_controllen = sizeof(cmsgbuf);
 193
 194         cmsg = CMSG_FIRSTHDR(&msg);
 195         cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
 196         cmsg->cmsg_level = SOL_SOCKET;
 197         cmsg->cmsg_type = SCM_CREDENTIALS;
 198         memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));
 199
 200         msg.msg_name = NULL;
 201         msg.msg_namelen = 0;
 202
 203         iov.iov_base = data ? data : buf;
 204         iov.iov_len = data ? size : sizeof(buf);
 205         msg.msg_iov = &iov;
 206         msg.msg_iovlen = 1;
 207
 208         return sendmsg(fd, &msg, 0);
 209 }
 210
 211 int lxc_af_unix_rcv_credential(int fd, void *data, size_t size)
 212 {
 213         struct msghdr msg = { 0 };
 214         struct iovec iov;
 215         struct cmsghdr *cmsg;
 216         struct ucred cred;
 217         char cmsgbuf[CMSG_SPACE(sizeof(cred))];
 218         char buf[1];
 219         int ret;
 220
 221         msg.msg_name = NULL;
 222         msg.msg_namelen = 0;
 223         msg.msg_control = cmsgbuf;
 224         msg.msg_controllen = sizeof(cmsgbuf);
 225
 226         iov.iov_base = data ? data : buf;
 227         iov.iov_len = data ? size : sizeof(buf);
 228         msg.msg_iov = &iov;
 229         msg.msg_iovlen = 1;
 230
 231         ret = recvmsg(fd, &msg, 0);
 232         if (ret <= 0)
 233                 goto out;
 234
 235         cmsg = CMSG_FIRSTHDR(&msg);
 236
 237         if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
 238             cmsg->cmsg_level == SOL_SOCKET &&
 239             cmsg->cmsg_type == SCM_CREDENTIALS) {
 240                 memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));
 241                 if (cred.uid && (cred.uid != getuid() || cred.gid != getgid())) {
 242                         INFO("message denied for '%d/%d'", cred.uid, cred.gid);
 243                         return -EACCES;
 244                 }
 245         }
 246 out:
 247         return ret;
 248 }