Skip to content

L
lxc
Unverified Commit cd64caf5 by Christian Brauner Committed by Stéphane Graber
Options

af_unix: non-functional changes

Signed-off-by: 's avatarChristian Brauner <christian.brauner@ubuntu.com>
parent a19b826d
Showing with 19 additions and 13 deletions
src/lxc/af_unix.c
...@@ -38,7 +38,7 @@ lxc_log_define(lxc_af_unix, lxc); ...@@ -38,7 +38,7 @@ lxc_log_define(lxc_af_unix, lxc);
int lxc_abstract_unix_open(const char *path, int type, int flags) int lxc_abstract_unix_open(const char *path, int type, int flags)
{ {
int fd; int fd, ret;
size_t len; size_t len;
struct sockaddr_un addr; struct sockaddr_un addr;
...@@ -64,33 +64,38 @@ int lxc_abstract_unix_open(const char *path, int type, int flags) ...@@ -64,33 +64,38 @@ int lxc_abstract_unix_open(const char *path, int type, int flags)
/* addr.sun_path[0] has already been set to 0 by memset() */ /* addr.sun_path[0] has already been set to 0 by memset() */
strncpy(&addr.sun_path[1], &path[1], strlen(&path[1])); strncpy(&addr.sun_path[1], &path[1], strlen(&path[1]));
if (bind(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len + 1)) { ret = bind(fd, (struct sockaddr *)&addr,
offsetof(struct sockaddr_un, sun_path) + len + 1);
if (ret < 0) {
int tmp = errno; int tmp = errno;
close(fd); close(fd);
errno = tmp; errno = tmp;
return -1; return -1;
} }
if (type == SOCK_STREAM && listen(fd, 100)) { if (type == SOCK_STREAM) {
ret = listen(fd, 100);
if (ret < 0) {
int tmp = errno; int tmp = errno;
close(fd); close(fd);
errno = tmp; errno = tmp;
return -1; return -1;
} }
}
return fd; return fd;
} }
int lxc_abstract_unix_close(int fd) int lxc_abstract_unix_close(int fd)
{ {
close(fd); close(fd);
return 0; return 0;
} }
int lxc_abstract_unix_connect(const char *path) int lxc_abstract_unix_connect(const char *path)
{ {
int fd; int fd, ret;
size_t len; size_t len;
struct sockaddr_un addr; struct sockaddr_un addr;
...@@ -112,7 +117,9 @@ int lxc_abstract_unix_connect(const char *path) ...@@ -112,7 +117,9 @@ int lxc_abstract_unix_connect(const char *path)
/* addr.sun_path[0] has already been set to 0 by memset() */ /* addr.sun_path[0] has already been set to 0 by memset() */
strncpy(&addr.sun_path[1], &path[1], strlen(&path[1])); strncpy(&addr.sun_path[1], &path[1], strlen(&path[1]));
if (connect(fd, (struct sockaddr *)&addr, offsetof(struct sockaddr_un, sun_path) + len + 1)) { ret = connect(fd, (struct sockaddr *)&addr,
offsetof(struct sockaddr_un, sun_path) + len + 1);
if (ret < 0) {
close(fd); close(fd);
return -1; return -1;
} }
...@@ -205,13 +212,11 @@ out: ...@@ -205,13 +212,11 @@ out:
int lxc_abstract_unix_send_credential(int fd, void *data, size_t size) int lxc_abstract_unix_send_credential(int fd, void *data, size_t size)
{ {
struct msghdr msg = { 0 }; struct msghdr msg = {0};
struct iovec iov; struct iovec iov;
struct cmsghdr *cmsg; struct cmsghdr *cmsg;
struct ucred cred = { struct ucred cred = {
.pid = getpid(), .pid = getpid(), .uid = getuid(), .gid = getgid(),
.uid = getuid(),
.gid = getgid(),
}; };
char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0}; char cmsgbuf[CMSG_SPACE(sizeof(cred))] = {0};
char buf[1] = {0}; char buf[1] = {0};
...@@ -238,7 +243,7 @@ int lxc_abstract_unix_send_credential(int fd, void *data, size_t size) ...@@ -238,7 +243,7 @@ int lxc_abstract_unix_send_credential(int fd, void *data, size_t size)
int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size) int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size)
{ {
struct msghdr msg = { 0 }; struct msghdr msg = {0};
struct iovec iov; struct iovec iov;
struct cmsghdr *cmsg; struct cmsghdr *cmsg;
struct ucred cred; struct ucred cred;
...@@ -266,7 +271,8 @@ int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size) ...@@ -266,7 +271,8 @@ int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size)
cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_level == SOL_SOCKET &&
cmsg->cmsg_type == SCM_CREDENTIALS) { cmsg->cmsg_type == SCM_CREDENTIALS) {
memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred)); memcpy(&cred, CMSG_DATA(cmsg), sizeof(cred));
if (cred.uid && (cred.uid != getuid() || cred.gid != getgid())) { if (cred.uid &&
(cred.uid != getuid() || cred.gid != getgid())) {
INFO("message denied for '%d/%d'", cred.uid, cred.gid); INFO("message denied for '%d/%d'", cred.uid, cred.gid);
return -EACCES; return -EACCES;
} }
......
src/lxc/af_unix.h
...@@ -38,4 +38,4 @@ extern int lxc_abstract_unix_recv_fds(int fd, int *recvfds, int num_recvfds, ...@@ -38,4 +38,4 @@ extern int lxc_abstract_unix_recv_fds(int fd, int *recvfds, int num_recvfds,
extern int lxc_abstract_unix_send_credential(int fd, void *data, size_t size); extern int lxc_abstract_unix_send_credential(int fd, void *data, size_t size);
extern int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size); extern int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size);
#endif #endif /* __LXC_AF_UNIX_H */
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment