]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/af_unix.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #1615 from 0x0916/expose-lxc_log_init
[mirror_lxc.git] / src / lxc / af_unix.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2008
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23 #include "config.h"
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <stddef.h>
28 #include <string.h>
29 #include <unistd.h>
30 #include <fcntl.h>
31 #include <errno.h>
32 #include <sys/socket.h>
33 #include <sys/un.h>
34
35 #include "log.h"
36
37 lxc_log_define(lxc_af_unix, lxc);
38
39 int lxc_abstract_unix_open(const char *path, int type, int flags)
40 {
41 int fd;
42 size_t len;
43 struct sockaddr_un addr;
44
45 if (flags & O_TRUNC)
46 unlink(path);
47
48 fd = socket(PF_UNIX, type, 0);
49 if (fd < 0)
50 return -1;
51
52 /* Clear address structure */
53 memset(&addr, 0, sizeof(addr));
54
55 if (!path)
56 return fd;
57
58 addr.sun_family = AF_UNIX;
59
60 len = strlen(&path[1]);
61 /* do not enforce \0-termination */
62 if (len >= sizeof(addr.sun_path)) {
63 close(fd);
64 errno = ENAMETOOLONG;
65 return -1;
66 }
67 /* addr.sun_path[0] has already been set to 0 by memset() */
68 strncpy(&addr.sun_path[1], &path[1], strlen(&path[1]));
69
70 if (bind(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len + 1)) {
71 int tmp = errno;
72 close(fd);
73 errno = tmp;
74 return -1;
75 }
76
77 if (type == SOCK_STREAM && listen(fd, 100)) {
78 int tmp = errno;
79 close(fd);
80 errno = tmp;
81 return -1;
82 }
83
84 return fd;
85 }
86
87 int lxc_abstract_unix_close(int fd)
88 {
89 struct sockaddr_un addr;
90 socklen_t addrlen = sizeof(addr);
91
92 if (!getsockname(fd, (struct sockaddr *)&addr, &addrlen) &&
93 addr.sun_path[0])
94 unlink(addr.sun_path);
95
96 close(fd);
97
98 return 0;
99 }
100
101 int lxc_abstract_unix_connect(const char *path)
102 {
103 int fd;
104 size_t len;
105 struct sockaddr_un addr;
106
107 fd = socket(PF_UNIX, SOCK_STREAM, 0);
108 if (fd < 0)
109 return -1;
110
111 memset(&addr, 0, sizeof(addr));
112
113 addr.sun_family = AF_UNIX;
114
115 len = strlen(&path[1]);
116 /* do not enforce \0-termination */
117 if (len >= sizeof(addr.sun_path)) {
118 close(fd);
119 errno = ENAMETOOLONG;
120 return -1;
121 }
122 /* addr.sun_path[0] has already been set to 0 by memset() */
123 strncpy(&addr.sun_path[1], &path[1], strlen(&path[1]));
124
125 if (connect(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len + 1)) {
126 int tmp = errno;
127 /* special case to connect to older containers */
128 if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) == 0)
129 return fd;
130 close(fd);
131 errno = tmp;
132 return -1;
133 }
134
135 return fd;
136 }
137
138 int lxc_abstract_unix_send_fds(int fd, int *sendfds, int num_sendfds,
139 void *data, size_t size)
140 {
141 int ret;
142 struct msghdr msg;
143 struct iovec iov;
144 struct cmsghdr *cmsg = NULL;
145 char buf[1] = {0};
146 char *cmsgbuf;
147 size_t cmsgbufsize = CMSG_SPACE(num_sendfds * sizeof(int));
148
149 memset(&msg, 0, sizeof(msg));
150 memset(&iov, 0, sizeof(iov));
151
152 cmsgbuf = malloc(cmsgbufsize);
153 if (!cmsgbuf)
154 return -1;
155
156 msg.msg_control = cmsgbuf;
157 msg.msg_controllen = cmsgbufsize;
158
159 cmsg = CMSG_FIRSTHDR(&msg);
160 cmsg->cmsg_level = SOL_SOCKET;
161 cmsg->cmsg_type = SCM_RIGHTS;
162 cmsg->cmsg_len = CMSG_LEN(num_sendfds * sizeof(int));
163
164 msg.msg_controllen = cmsg->cmsg_len;
165
166 memcpy(CMSG_DATA(cmsg), sendfds, num_sendfds * sizeof(int));
167
168 iov.iov_base = data ? data : buf;
169 iov.iov_len = data ? size : sizeof(buf);
170 msg.msg_iov = &iov;
171 msg.msg_iovlen = 1;
172
173 ret = sendmsg(fd, &msg, MSG_NOSIGNAL);
174 free(cmsgbuf);
175 return ret;
176 }
177
178 int lxc_abstract_unix_recv_fds(int fd, int *recvfds, int num_recvfds,
179 void *data, size_t size)
180 {
181 int ret;
182 struct msghdr msg;
183 struct iovec iov;
184 struct cmsghdr *cmsg = NULL;
185 char buf[1] = {0};
186 char *cmsgbuf;
187 size_t cmsgbufsize = CMSG_SPACE(num_recvfds * sizeof(int));
188
189 memset(&msg, 0, sizeof(msg));
190 memset(&iov, 0, sizeof(iov));
191
192 cmsgbuf = malloc(cmsgbufsize);
193 if (!cmsgbuf)
194 return -1;
195
196 msg.msg_control = cmsgbuf;
197 msg.msg_controllen = cmsgbufsize;
198
199 iov.iov_base = data ? data : buf;
200 iov.iov_len = data ? size : sizeof(buf);
201 msg.msg_iov = &iov;
202 msg.msg_iovlen = 1;
203
204 ret = recvmsg(fd, &msg, 0);
205 if (ret <= 0)
206 goto out;
207
208 cmsg = CMSG_FIRSTHDR(&msg);
209
210 memset(recvfds, -1, num_recvfds * sizeof(int));
211 if (cmsg && cmsg->cmsg_len == CMSG_LEN(num_recvfds * sizeof(int)) &&
212 cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
213 memcpy(recvfds, CMSG_DATA(cmsg), num_recvfds * sizeof(int));
214 }
215
216 out:
217 free(cmsgbuf);
218 return ret;
219 }
220
221 int lxc_abstract_unix_send_credential(int fd, void *data, size_t size)
222 {
223 struct msghdr msg = { 0 };
224 struct iovec iov;
225 struct cmsghdr *cmsg;
226 struct ucred cred = {
227 .pid = getpid(),
228 .uid = getuid(),
229 .gid = getgid(),
230 };
231 char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
232 char buf[1] = {0};
233
234 msg.msg_control = cmsgbuf;
235 msg.msg_controllen = sizeof(cmsgbuf);
236
237 cmsg = CMSG_FIRSTHDR(&msg);
238 cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
239 cmsg->cmsg_level = SOL_SOCKET;
240 cmsg->cmsg_type = SCM_CREDENTIALS;
241 memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));
242
243 msg.msg_name = NULL;
244 msg.msg_namelen = 0;
245
246 iov.iov_base = data ? data : buf;
247 iov.iov_len = data ? size : sizeof(buf);
248 msg.msg_iov = &iov;
249 msg.msg_iovlen = 1;
250
251 return sendmsg(fd, &msg, MSG_NOSIGNAL);
252 }
253
254 int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size)
255 {
256 struct msghdr msg = { 0 };
257 struct iovec iov;
258 struct cmsghdr *cmsg;
259 struct ucred cred;
260 int ret;
261 char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
262 char buf[1] = {0};
263
264 msg.msg_name = NULL;
265 msg.msg_namelen = 0;
266 msg.msg_control = cmsgbuf;
267 msg.msg_controllen = sizeof(cmsgbuf);
268
269 iov.iov_base = data ? data : buf;
270 iov.iov_len = data ? size : sizeof(buf);
271 msg.msg_iov = &iov;
272 msg.msg_iovlen = 1;
273
274 ret = recvmsg(fd, &msg, 0);
275 if (ret <= 0)
276 goto out;
277
278 cmsg = CMSG_FIRSTHDR(&msg);
279
280 if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
281 cmsg->cmsg_level == SOL_SOCKET &&
282 cmsg->cmsg_type == SCM_CREDENTIALS) {
283 memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));
284 if (cred.uid && (cred.uid != getuid() || cred.gid != getgid())) {
285 INFO("message denied for '%d/%d'", cred.uid, cred.gid);
286 return -EACCES;
287 }
288 }
289 out:
290 return ret;
291 }
LXC mirror