]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/af_unix.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #2964 from tomponline/tp-l2proxy
[mirror_lxc.git] / src / lxc / af_unix.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2008
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23
24 #ifndef _GNU_SOURCE
25 #define _GNU_SOURCE 1
26 #endif
27 #include <errno.h>
28 #include <fcntl.h>
29 #include <stddef.h>
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <unistd.h>
34 #include <sys/socket.h>
35 #include <sys/syscall.h>
36 #include <sys/un.h>
37
38 #include "config.h"
39 #include "log.h"
40 #include "memory_utils.h"
41 #include "raw_syscalls.h"
42 #include "utils.h"
43
44 #ifndef HAVE_STRLCPY
45 #include "include/strlcpy.h"
46 #endif
47
48 lxc_log_define(af_unix, lxc);
49
50 static ssize_t lxc_abstract_unix_set_sockaddr(struct sockaddr_un *addr,
51 const char *path)
52 {
53 size_t len;
54
55 if (!addr || !path) {
56 errno = EINVAL;
57 return -1;
58 }
59
60 /* Clear address structure */
61 memset(addr, 0, sizeof(*addr));
62
63 addr->sun_family = AF_UNIX;
64
65 len = strlen(&path[1]);
66
67 /* do not enforce \0-termination */
68 if (len >= INT_MAX || len >= sizeof(addr->sun_path)) {
69 errno = ENAMETOOLONG;
70 return -1;
71 }
72
73 /* do not enforce \0-termination */
74 memcpy(&addr->sun_path[1], &path[1], len);
75 return len;
76 }
77
78 int lxc_abstract_unix_open(const char *path, int type, int flags)
79 {
80 int fd, ret;
81 ssize_t len;
82 struct sockaddr_un addr;
83
84 fd = socket(PF_UNIX, type, 0);
85 if (fd < 0)
86 return -1;
87
88 if (!path)
89 return fd;
90
91 len = lxc_abstract_unix_set_sockaddr(&addr, path);
92 if (len < 0) {
93 int saved_errno = errno;
94 close(fd);
95 errno = saved_errno;
96 return -1;
97 }
98
99 ret = bind(fd, (struct sockaddr *)&addr,
100 offsetof(struct sockaddr_un, sun_path) + len + 1);
101 if (ret < 0) {
102 int saved_errno = errno;
103 close(fd);
104 errno = saved_errno;
105 return -1;
106 }
107
108 if (type == SOCK_STREAM) {
109 ret = listen(fd, 100);
110 if (ret < 0) {
111 int saved_errno = errno;
112 close(fd);
113 errno = saved_errno;
114 return -1;
115 }
116 }
117
118 return fd;
119 }
120
121 void lxc_abstract_unix_close(int fd)
122 {
123 close(fd);
124 }
125
126 int lxc_abstract_unix_connect(const char *path)
127 {
128 int fd, ret;
129 ssize_t len;
130 struct sockaddr_un addr;
131
132 fd = socket(PF_UNIX, SOCK_STREAM, 0);
133 if (fd < 0)
134 return -1;
135
136 len = lxc_abstract_unix_set_sockaddr(&addr, path);
137 if (len < 0) {
138 int saved_errno = errno;
139 close(fd);
140 errno = saved_errno;
141 return -1;
142 }
143
144 ret = connect(fd, (struct sockaddr *)&addr,
145 offsetof(struct sockaddr_un, sun_path) + len + 1);
146 if (ret < 0) {
147 int saved_errno = errno;
148 close(fd);
149 errno = saved_errno;
150 return -1;
151 }
152
153 return fd;
154 }
155
156 int lxc_abstract_unix_send_fds(int fd, int *sendfds, int num_sendfds,
157 void *data, size_t size)
158 {
159 __do_free char *cmsgbuf = NULL;
160 int ret;
161 struct msghdr msg;
162 struct iovec iov;
163 struct cmsghdr *cmsg = NULL;
164 char buf[1] = {0};
165 size_t cmsgbufsize = CMSG_SPACE(num_sendfds * sizeof(int));
166
167 memset(&msg, 0, sizeof(msg));
168 memset(&iov, 0, sizeof(iov));
169
170 cmsgbuf = malloc(cmsgbufsize);
171 if (!cmsgbuf) {
172 errno = ENOMEM;
173 return -1;
174 }
175
176 msg.msg_control = cmsgbuf;
177 msg.msg_controllen = cmsgbufsize;
178
179 cmsg = CMSG_FIRSTHDR(&msg);
180 cmsg->cmsg_level = SOL_SOCKET;
181 cmsg->cmsg_type = SCM_RIGHTS;
182 cmsg->cmsg_len = CMSG_LEN(num_sendfds * sizeof(int));
183
184 msg.msg_controllen = cmsg->cmsg_len;
185
186 memcpy(CMSG_DATA(cmsg), sendfds, num_sendfds * sizeof(int));
187
188 iov.iov_base = data ? data : buf;
189 iov.iov_len = data ? size : sizeof(buf);
190 msg.msg_iov = &iov;
191 msg.msg_iovlen = 1;
192
193 again:
194 ret = sendmsg(fd, &msg, MSG_NOSIGNAL);
195 if (ret < 0)
196 if (errno == EINTR)
197 goto again;
198
199 return ret;
200 }
201
202 int lxc_unix_send_fds(int fd, int *sendfds, int num_sendfds, void *data,
203 size_t size)
204 {
205 return lxc_abstract_unix_send_fds(fd, sendfds, num_sendfds, data, size);
206 }
207
208 int lxc_abstract_unix_recv_fds(int fd, int *recvfds, int num_recvfds,
209 void *data, size_t size)
210 {
211 __do_free char *cmsgbuf = NULL;
212 int ret;
213 struct msghdr msg;
214 struct iovec iov;
215 struct cmsghdr *cmsg = NULL;
216 char buf[1] = {0};
217 size_t cmsgbufsize = CMSG_SPACE(sizeof(struct ucred)) +
218 CMSG_SPACE(num_recvfds * sizeof(int));
219
220 memset(&msg, 0, sizeof(msg));
221 memset(&iov, 0, sizeof(iov));
222
223 cmsgbuf = malloc(cmsgbufsize);
224 if (!cmsgbuf) {
225 errno = ENOMEM;
226 return -1;
227 }
228
229 msg.msg_control = cmsgbuf;
230 msg.msg_controllen = cmsgbufsize;
231
232 iov.iov_base = data ? data : buf;
233 iov.iov_len = data ? size : sizeof(buf);
234 msg.msg_iov = &iov;
235 msg.msg_iovlen = 1;
236
237 again:
238 ret = recvmsg(fd, &msg, 0);
239 if (ret < 0) {
240 if (errno == EINTR)
241 goto again;
242
243 goto out;
244 }
245 if (ret == 0)
246 goto out;
247
248 /*
249 * If SO_PASSCRED is set we will always get a ucred message.
250 */
251 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
252 if (cmsg->cmsg_type != SCM_RIGHTS)
253 continue;
254
255 memset(recvfds, -1, num_recvfds * sizeof(int));
256 if (cmsg &&
257 cmsg->cmsg_len == CMSG_LEN(num_recvfds * sizeof(int)) &&
258 cmsg->cmsg_level == SOL_SOCKET)
259 memcpy(recvfds, CMSG_DATA(cmsg), num_recvfds * sizeof(int));
260 break;
261 }
262
263 out:
264 return ret;
265 }
266
267 int lxc_abstract_unix_send_credential(int fd, void *data, size_t size)
268 {
269 struct msghdr msg = {0};
270 struct iovec iov;
271 struct cmsghdr *cmsg;
272 struct ucred cred = {
273 .pid = lxc_raw_getpid(), .uid = getuid(), .gid = getgid(),
274 };
275 char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
276 char buf[1] = {0};
277
278 msg.msg_control = cmsgbuf;
279 msg.msg_controllen = sizeof(cmsgbuf);
280
281 cmsg = CMSG_FIRSTHDR(&msg);
282 cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
283 cmsg->cmsg_level = SOL_SOCKET;
284 cmsg->cmsg_type = SCM_CREDENTIALS;
285 memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));
286
287 msg.msg_name = NULL;
288 msg.msg_namelen = 0;
289
290 iov.iov_base = data ? data : buf;
291 iov.iov_len = data ? size : sizeof(buf);
292 msg.msg_iov = &iov;
293 msg.msg_iovlen = 1;
294
295 return sendmsg(fd, &msg, MSG_NOSIGNAL);
296 }
297
298 int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size)
299 {
300 struct msghdr msg = {0};
301 struct iovec iov;
302 struct cmsghdr *cmsg;
303 struct ucred cred;
304 int ret;
305 char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
306 char buf[1] = {0};
307
308 msg.msg_name = NULL;
309 msg.msg_namelen = 0;
310 msg.msg_control = cmsgbuf;
311 msg.msg_controllen = sizeof(cmsgbuf);
312
313 iov.iov_base = data ? data : buf;
314 iov.iov_len = data ? size : sizeof(buf);
315 msg.msg_iov = &iov;
316 msg.msg_iovlen = 1;
317
318 ret = recvmsg(fd, &msg, 0);
319 if (ret <= 0)
320 goto out;
321
322 cmsg = CMSG_FIRSTHDR(&msg);
323
324 if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
325 cmsg->cmsg_level == SOL_SOCKET &&
326 cmsg->cmsg_type == SCM_CREDENTIALS) {
327 memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));
328 if (cred.uid &&
329 (cred.uid != getuid() || cred.gid != getgid())) {
330 INFO("Message denied for '%d/%d'", cred.uid, cred.gid);
331 errno = EACCES;
332 return -1;
333 }
334 }
335
336 out:
337 return ret;
338 }
339
340 int lxc_unix_sockaddr(struct sockaddr_un *ret, const char *path)
341 {
342 size_t len;
343
344 len = strlen(path);
345 if (len == 0)
346 return minus_one_set_errno(EINVAL);
347 if (path[0] != '/' && path[0] != '@')
348 return minus_one_set_errno(EINVAL);
349 if (path[1] == '\0')
350 return minus_one_set_errno(EINVAL);
351
352 if (len + 1 > sizeof(ret->sun_path))
353 return minus_one_set_errno(EINVAL);
354
355 *ret = (struct sockaddr_un){
356 .sun_family = AF_UNIX,
357 };
358
359 if (path[0] == '@') {
360 memcpy(ret->sun_path + 1, path + 1, len);
361 return (int)(offsetof(struct sockaddr_un, sun_path) + len);
362 }
363
364 memcpy(ret->sun_path, path, len + 1);
365 return (int)(offsetof(struct sockaddr_un, sun_path) + len + 1);
366 }
367
368 int lxc_unix_connect(struct sockaddr_un *addr)
369 {
370 __do_close_prot_errno int fd = -EBADF;
371 int ret;
372 ssize_t len;
373
374 fd = socket(AF_UNIX, SOCK_STREAM, 0);
375 if (fd < 0) {
376 SYSERROR("Failed to open new AF_UNIX socket");
377 return -1;
378 }
379
380 if (addr->sun_path[0] == '\0')
381 len = strlen(&addr->sun_path[1]);
382 else
383 len = strlen(&addr->sun_path[0]);
384
385 ret = connect(fd, (struct sockaddr *)addr,
386 offsetof(struct sockaddr_un, sun_path) + len);
387 if (ret < 0) {
388 SYSERROR("Failed to bind new AF_UNIX socket");
389 return -1;
390 }
391
392 return move_fd(fd);
393 }
394
395 int lxc_socket_set_timeout(int fd, int rcv_timeout, int snd_timeout)
396 {
397 struct timeval out = {0};
398 int ret;
399
400 out.tv_sec = snd_timeout;
401 ret = setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, (const void *)&out,
402 sizeof(out));
403 if (ret < 0)
404 return -1;
405
406 out.tv_sec = rcv_timeout;
407 ret = setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, (const void *)&out,
408 sizeof(out));
409 if (ret < 0)
410 return -1;
411
412 return 0;
413 }
LXC mirror