]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/af_unix.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
raw_syscalls: add lxc_raw_getpid()
[mirror_lxc.git] / src / lxc / af_unix.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2008
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23
24 #ifndef _GNU_SOURCE
25 #define _GNU_SOURCE 1
26 #endif
27 #include <errno.h>
28 #include <fcntl.h>
29 #include <stddef.h>
30 #include <stdio.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <unistd.h>
34 #include <sys/socket.h>
35 #include <sys/syscall.h>
36 #include <sys/un.h>
37
38 #include "config.h"
39 #include "log.h"
40 #include "raw_syscalls.h"
41 #include "utils.h"
42
43 #ifndef HAVE_STRLCPY
44 #include "include/strlcpy.h"
45 #endif
46
47 lxc_log_define(af_unix, lxc);
48
49 static ssize_t lxc_abstract_unix_set_sockaddr(struct sockaddr_un *addr,
50 const char *path)
51 {
52 size_t len;
53
54 if (!addr || !path) {
55 errno = EINVAL;
56 return -1;
57 }
58
59 /* Clear address structure */
60 memset(addr, 0, sizeof(*addr));
61
62 addr->sun_family = AF_UNIX;
63
64 len = strlen(&path[1]);
65
66 /* do not enforce \0-termination */
67 if (len >= INT_MAX || len >= sizeof(addr->sun_path)) {
68 errno = ENAMETOOLONG;
69 return -1;
70 }
71
72 /* do not enforce \0-termination */
73 memcpy(&addr->sun_path[1], &path[1], len);
74 return len;
75 }
76
77 int lxc_abstract_unix_open(const char *path, int type, int flags)
78 {
79 int fd, ret;
80 ssize_t len;
81 struct sockaddr_un addr;
82
83 fd = socket(PF_UNIX, type, 0);
84 if (fd < 0)
85 return -1;
86
87 if (!path)
88 return fd;
89
90 len = lxc_abstract_unix_set_sockaddr(&addr, path);
91 if (len < 0) {
92 int saved_errno = errno;
93 close(fd);
94 errno = saved_errno;
95 return -1;
96 }
97
98 ret = bind(fd, (struct sockaddr *)&addr,
99 offsetof(struct sockaddr_un, sun_path) + len + 1);
100 if (ret < 0) {
101 int saved_errno = errno;
102 close(fd);
103 errno = saved_errno;
104 return -1;
105 }
106
107 if (type == SOCK_STREAM) {
108 ret = listen(fd, 100);
109 if (ret < 0) {
110 int saved_errno = errno;
111 close(fd);
112 errno = saved_errno;
113 return -1;
114 }
115 }
116
117 return fd;
118 }
119
120 void lxc_abstract_unix_close(int fd)
121 {
122 close(fd);
123 }
124
125 int lxc_abstract_unix_connect(const char *path)
126 {
127 int fd, ret;
128 ssize_t len;
129 struct sockaddr_un addr;
130
131 fd = socket(PF_UNIX, SOCK_STREAM, 0);
132 if (fd < 0)
133 return -1;
134
135 len = lxc_abstract_unix_set_sockaddr(&addr, path);
136 if (len < 0) {
137 int saved_errno = errno;
138 close(fd);
139 errno = saved_errno;
140 return -1;
141 }
142
143 ret = connect(fd, (struct sockaddr *)&addr,
144 offsetof(struct sockaddr_un, sun_path) + len + 1);
145 if (ret < 0) {
146 int saved_errno = errno;
147 close(fd);
148 errno = saved_errno;
149 return -1;
150 }
151
152 return fd;
153 }
154
155 int lxc_abstract_unix_send_fds(int fd, int *sendfds, int num_sendfds,
156 void *data, size_t size)
157 {
158 int ret;
159 struct msghdr msg;
160 struct iovec iov;
161 struct cmsghdr *cmsg = NULL;
162 char buf[1] = {0};
163 char *cmsgbuf;
164 size_t cmsgbufsize = CMSG_SPACE(num_sendfds * sizeof(int));
165
166 memset(&msg, 0, sizeof(msg));
167 memset(&iov, 0, sizeof(iov));
168
169 cmsgbuf = malloc(cmsgbufsize);
170 if (!cmsgbuf) {
171 errno = ENOMEM;
172 return -1;
173 }
174
175 msg.msg_control = cmsgbuf;
176 msg.msg_controllen = cmsgbufsize;
177
178 cmsg = CMSG_FIRSTHDR(&msg);
179 cmsg->cmsg_level = SOL_SOCKET;
180 cmsg->cmsg_type = SCM_RIGHTS;
181 cmsg->cmsg_len = CMSG_LEN(num_sendfds * sizeof(int));
182
183 msg.msg_controllen = cmsg->cmsg_len;
184
185 memcpy(CMSG_DATA(cmsg), sendfds, num_sendfds * sizeof(int));
186
187 iov.iov_base = data ? data : buf;
188 iov.iov_len = data ? size : sizeof(buf);
189 msg.msg_iov = &iov;
190 msg.msg_iovlen = 1;
191
192 ret = sendmsg(fd, &msg, MSG_NOSIGNAL);
193 free(cmsgbuf);
194 return ret;
195 }
196
197 int lxc_abstract_unix_recv_fds(int fd, int *recvfds, int num_recvfds,
198 void *data, size_t size)
199 {
200 int ret;
201 struct msghdr msg;
202 struct iovec iov;
203 struct cmsghdr *cmsg = NULL;
204 char buf[1] = {0};
205 char *cmsgbuf;
206 size_t cmsgbufsize = CMSG_SPACE(num_recvfds * sizeof(int));
207
208 memset(&msg, 0, sizeof(msg));
209 memset(&iov, 0, sizeof(iov));
210
211 cmsgbuf = malloc(cmsgbufsize);
212 if (!cmsgbuf) {
213 errno = ENOMEM;
214 return -1;
215 }
216
217 msg.msg_control = cmsgbuf;
218 msg.msg_controllen = cmsgbufsize;
219
220 iov.iov_base = data ? data : buf;
221 iov.iov_len = data ? size : sizeof(buf);
222 msg.msg_iov = &iov;
223 msg.msg_iovlen = 1;
224
225 ret = recvmsg(fd, &msg, 0);
226 if (ret <= 0)
227 goto out;
228
229 cmsg = CMSG_FIRSTHDR(&msg);
230
231 memset(recvfds, -1, num_recvfds * sizeof(int));
232 if (cmsg && cmsg->cmsg_len == CMSG_LEN(num_recvfds * sizeof(int)) &&
233 cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS)
234 memcpy(recvfds, CMSG_DATA(cmsg), num_recvfds * sizeof(int));
235
236 out:
237 free(cmsgbuf);
238 return ret;
239 }
240
241 int lxc_abstract_unix_send_credential(int fd, void *data, size_t size)
242 {
243 struct msghdr msg = {0};
244 struct iovec iov;
245 struct cmsghdr *cmsg;
246 struct ucred cred = {
247 .pid = lxc_raw_getpid(), .uid = getuid(), .gid = getgid(),
248 };
249 char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
250 char buf[1] = {0};
251
252 msg.msg_control = cmsgbuf;
253 msg.msg_controllen = sizeof(cmsgbuf);
254
255 cmsg = CMSG_FIRSTHDR(&msg);
256 cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
257 cmsg->cmsg_level = SOL_SOCKET;
258 cmsg->cmsg_type = SCM_CREDENTIALS;
259 memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));
260
261 msg.msg_name = NULL;
262 msg.msg_namelen = 0;
263
264 iov.iov_base = data ? data : buf;
265 iov.iov_len = data ? size : sizeof(buf);
266 msg.msg_iov = &iov;
267 msg.msg_iovlen = 1;
268
269 return sendmsg(fd, &msg, MSG_NOSIGNAL);
270 }
271
272 int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size)
273 {
274 struct msghdr msg = {0};
275 struct iovec iov;
276 struct cmsghdr *cmsg;
277 struct ucred cred;
278 int ret;
279 char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
280 char buf[1] = {0};
281
282 msg.msg_name = NULL;
283 msg.msg_namelen = 0;
284 msg.msg_control = cmsgbuf;
285 msg.msg_controllen = sizeof(cmsgbuf);
286
287 iov.iov_base = data ? data : buf;
288 iov.iov_len = data ? size : sizeof(buf);
289 msg.msg_iov = &iov;
290 msg.msg_iovlen = 1;
291
292 ret = recvmsg(fd, &msg, 0);
293 if (ret <= 0)
294 goto out;
295
296 cmsg = CMSG_FIRSTHDR(&msg);
297
298 if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
299 cmsg->cmsg_level == SOL_SOCKET &&
300 cmsg->cmsg_type == SCM_CREDENTIALS) {
301 memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));
302 if (cred.uid &&
303 (cred.uid != getuid() || cred.gid != getgid())) {
304 INFO("Message denied for '%d/%d'", cred.uid, cred.gid);
305 errno = EACCES;
306 return -1;
307 }
308 }
309
310 out:
311 return ret;
312 }
LXC mirror