Skip to content

L
lxc
Commit 2dcb28a9 by Michel Normand Committed by Daniel Lezcano
Options

lxc_af_unix_rcv_credential to report rcvd length

to have better error reporting done by caller. Signed-off-by: 's avatarDaniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: 's avatarMichel Normand <normand@fr.ibm.com>
parent e2001e1c
Showing with 22 additions and 5 deletions
src/lxc/af_unix.c
...@@ -23,11 +23,15 @@ ...@@ -23,11 +23,15 @@
#include <string.h> #include <string.h>
#include <unistd.h> #include <unistd.h>
#include <fcntl.h> #include <fcntl.h>
#include <errno.h>
#define __USE_GNU #define __USE_GNU
#include <sys/socket.h> #include <sys/socket.h>
#undef __USE_GNU #undef __USE_GNU
#include <sys/un.h> #include <sys/un.h>
#include "log.h"
lxc_log_define(lxc_af_unix, lxc);
int lxc_af_unix_open(const char *path, int type, int flags) int lxc_af_unix_open(const char *path, int type, int flags)
{ {
...@@ -229,14 +233,14 @@ int lxc_af_unix_rcv_credential(int fd, void *data, size_t size) ...@@ -229,14 +233,14 @@ int lxc_af_unix_rcv_credential(int fd, void *data, size_t size)
cmsg = CMSG_FIRSTHDR(&msg); cmsg = CMSG_FIRSTHDR(&msg);
ret = -1;
if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) && if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) &&
cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_level == SOL_SOCKET &&
cmsg->cmsg_type == SCM_CREDENTIALS) { cmsg->cmsg_type == SCM_CREDENTIALS) {
cred = *((struct ucred *) CMSG_DATA(cmsg)); cred = *((struct ucred *) CMSG_DATA(cmsg));
if (cred.uid == getuid() && cred.gid == getgid()) if (cred.uid != getuid() || cred.gid != getgid()) {
ret = 0; INFO("message denied for '%d/%d'", cred.uid, cred.gid);
return -EPERM;
}
} }
out: out:
return ret; return ret;
......
src/lxc/start.c
...@@ -200,8 +200,21 @@ static int ttyservice_handler(int fd, void *data, ...@@ -200,8 +200,21 @@ static int ttyservice_handler(int fd, void *data,
goto out_close; goto out_close;
} }
if (lxc_af_unix_rcv_credential(conn, &ttynum, sizeof(ttynum))) ret = lxc_af_unix_rcv_credential(conn, &ttynum, sizeof(ttynum));
if (ret < 0) {
SYSERROR("failed to receive data on tty socket");
goto out_close; goto out_close;
}
if (!ret) {
DEBUG("peer has disconnected");
goto out_close;
}
if (ret != sizeof(ttynum)) {
WARN("partial request, ignored");
goto out_close;
}
if (ttynum > 0) { if (ttynum > 0) {
if (ttynum > tty_info->nbtty) if (ttynum > tty_info->nbtty)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment