src/lxc/af_unix.c

   1 /*
   2  * lxc: linux Container library
   3  *
   4  * (C) Copyright IBM Corp. 2007, 2008
   5  *
   6  * Authors:
   7  * Daniel Lezcano <dlezcano at fr.ibm.com>
   8  *
   9  * This library is free software; you can redistribute it and/or
  10  * modify it under the terms of the GNU Lesser General Public
  11  * License as published by the Free Software Foundation; either
  12  * version 2.1 of the License, or (at your option) any later version.
  13  *
  14  * This library is distributed in the hope that it will be useful,
  15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  17  * Lesser General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU Lesser General Public
  20  * License along with this library; if not, write to the Free Software
  21  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  22  */
  23 #include <string.h>
  24 #include <unistd.h>
  25 #include <fcntl.h>
  26 #include <errno.h>
  27 #define __USE_GNU
  28 #include <sys/socket.h>
  29 #undef __USE_GNU
  30 #include <sys/un.h>
  31
  32 #include "log.h"
  33
  34 lxc_log_define(lxc_af_unix, lxc);
  35
  36 int lxc_af_unix_open(const char *path, int type, int flags)
  37 {
  38         int fd;
  39         struct sockaddr_un addr;
  40
  41         if (flags & O_TRUNC)
  42                 unlink(path);
  43
  44         fd = socket(PF_UNIX, type, 0);
  45         if (fd < 0)
  46                 return -1;
  47
  48         memset(&addr, 0, sizeof(addr));
  49
  50         if (!path)
  51                 return fd;
  52
  53         addr.sun_family = AF_UNIX;
  54         /* copy entire buffer in case of abstract socket */
  55         memcpy(addr.sun_path, path,
  56                path[0]?strlen(path):sizeof(addr.sun_path));
  57
  58         if (bind(fd, (struct sockaddr *)&addr, sizeof(addr))) {
  59                 int tmp = errno;
  60                 close(fd);
  61                 errno = tmp;
  62                 return -1;
  63         }
  64
  65         if (type == SOCK_STREAM && listen(fd, 100)) {
  66                 int tmp = errno;
  67                 close(fd);
  68                 errno = tmp;
  69                 return -1;
  70         }
  71
  72         return fd;
  73 }
  74
  75 int lxc_af_unix_close(int fd)
  76 {
  77         struct sockaddr_un addr;
  78         socklen_t addrlen;
  79
  80         if (!getsockname(fd, (struct sockaddr *)&addr, &addrlen) &&
  81             addr.sun_path[0])
  82                 unlink(addr.sun_path);
  83
  84         close(fd);
  85
  86         return 0;
  87 }
  88
  89 int lxc_af_unix_connect(const char *path)
  90 {
  91         int fd;
  92         struct sockaddr_un addr;
  93
  94         fd = socket(PF_UNIX, SOCK_STREAM, 0);
  95         if (fd < 0)
  96                 return -1;
  97
  98         memset(&addr, 0, sizeof(addr));
  99
 100         addr.sun_family = AF_UNIX;
 101         /* copy entire buffer in case of abstract socket */
 102         memcpy(addr.sun_path, path,
 103                path[0]?strlen(path):sizeof(addr.sun_path));
 104
 105         if (connect(fd, (struct sockaddr *)&addr, sizeof(addr))) {
 106                 int tmp = errno;
 107                 close(fd);
 108                 errno = tmp;
 109                 return -1;
 110         }
 111
 112         return fd;
 113 }
 114
 115 int lxc_af_unix_send_fd(int fd, int sendfd, void *data, size_t size)
 116 {
 117         struct msghdr msg = { 0 };
 118         struct iovec iov;
 119         struct cmsghdr *cmsg;
 120         char cmsgbuf[CMSG_SPACE(sizeof(int))];
 121         char buf[1];
 122         int *val;
 123
 124         msg.msg_control = cmsgbuf;
 125         msg.msg_controllen = sizeof(cmsgbuf);
 126
 127         cmsg = CMSG_FIRSTHDR(&msg);
 128         cmsg->cmsg_len = CMSG_LEN(sizeof(int));
 129         cmsg->cmsg_level = SOL_SOCKET;
 130         cmsg->cmsg_type = SCM_RIGHTS;
 131         val = (int *)(CMSG_DATA(cmsg));
 132         *val = sendfd;
 133
 134         msg.msg_name = NULL;
 135         msg.msg_namelen = 0;
 136
 137         iov.iov_base = data ? data : buf;
 138         iov.iov_len = data ? size : sizeof(buf);
 139         msg.msg_iov = &iov;
 140         msg.msg_iovlen = 1;
 141
 142         return sendmsg(fd, &msg, 0);
 143 }
 144
 145 int lxc_af_unix_recv_fd(int fd, int *recvfd, void *data, size_t size)
 146 {
 147         struct msghdr msg = { 0 };
 148         struct iovec iov;
 149         struct cmsghdr *cmsg;
 150         char cmsgbuf[CMSG_SPACE(sizeof(int))];
 151         char buf[1];
 152         int ret, *val;
 153
 154         msg.msg_name = NULL;
 155         msg.msg_namelen = 0;
 156         msg.msg_control = cmsgbuf;
 157         msg.msg_controllen = sizeof(cmsgbuf);
 158
 159         iov.iov_base = data ? data : buf;
 160         iov.iov_len = data ? size : sizeof(buf);
 161         msg.msg_iov = &iov;
 162         msg.msg_iovlen = 1;
 163
 164         ret = recvmsg(fd, &msg, 0);
 165         if (ret <= 0)
 166                 goto out;
 167
 168         cmsg = CMSG_FIRSTHDR(&msg);
 169
 170         /* if the message is wrong the variable will not be
 171          * filled and the peer will notified about a problem */
 172         *recvfd = -1;
 173
 174         if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(int)) &&
 175             cmsg->cmsg_level == SOL_SOCKET &&
 176             cmsg->cmsg_type == SCM_RIGHTS) {
 177                 val = (int *) CMSG_DATA(cmsg);
 178                 *recvfd = *val;
 179         }
 180 out:
 181         return ret;
 182 }
 183
 184 int lxc_af_unix_send_credential(int fd, void *data, size_t size)
 185 {
 186         struct msghdr msg = { 0 };
 187         struct iovec iov;
 188         struct cmsghdr *cmsg;
 189         struct ucred cred = {
 190                 .pid = getpid(),
 191                 .uid = getuid(),
 192                 .gid = getgid(),
 193         };
 194         char cmsgbuf[CMSG_SPACE(sizeof(cred))];
 195         char buf[1];
 196
 197         msg.msg_control = cmsgbuf;
 198         msg.msg_controllen = sizeof(cmsgbuf);
 199
 200         cmsg = CMSG_FIRSTHDR(&msg);
 201         cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
 202         cmsg->cmsg_level = SOL_SOCKET;
 203         cmsg->cmsg_type = SCM_CREDENTIALS;
 204         memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));
 205
 206         msg.msg_name = NULL;
 207         msg.msg_namelen = 0;
 208
 209         iov.iov_base = data ? data : buf;
 210         iov.iov_len = data ? size : sizeof(buf);
 211         msg.msg_iov = &iov;
 212         msg.msg_iovlen = 1;
 213
 214         return sendmsg(fd, &msg, 0);
 215 }
 216
 217 int lxc_af_unix_rcv_credential(int fd, void *data, size_t size)
 218 {
 219         struct msghdr msg = { 0 };
 220         struct iovec iov;
 221         struct cmsghdr *cmsg;
 222         struct ucred cred;
 223         char cmsgbuf[CMSG_SPACE(sizeof(cred))];
 224         char buf[1];
 225         int ret;
 226
 227         msg.msg_name = NULL;
 228         msg.msg_namelen = 0;
 229         msg.msg_control = cmsgbuf;
 230         msg.msg_controllen = sizeof(cmsgbuf);
 231
 232         iov.iov_base = data ? data : buf;
 233         iov.iov_len = data ? size : sizeof(buf);
 234         msg.msg_iov = &iov;
 235         msg.msg_iovlen = 1;
 236
 237         ret = recvmsg(fd, &msg, 0);
 238         if (ret <= 0)
 239                 goto out;
 240
 241         cmsg = CMSG_FIRSTHDR(&msg);
 242
 243         if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
 244             cmsg->cmsg_level == SOL_SOCKET &&
 245             cmsg->cmsg_type == SCM_CREDENTIALS) {
 246                 memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));
 247                 if (cred.uid && (cred.uid != getuid() || cred.gid != getgid())) {
 248                         INFO("message denied for '%d/%d'", cred.uid, cred.gid);
 249                         return -EACCES;
 250                 }
 251         }
 252 out:
 253         return ret;
 254 }