diff options
author | Michel Normand <normand@fr.ibm.com> | 2009-10-07 16:06:08 +0200 |
---|---|---|
committer | Daniel Lezcano <dlezcano@fr.ibm.com> | 2009-10-07 16:06:08 +0200 |
commit | 2dcb28a9d0381beac65d2fb89f0b4cb51eb4fd40 (patch) | |
tree | 150dfb57a54aada7f86d220bec74a02265e0443c | |
parent | export struct lxc_handler from start.c to start.h (diff) | |
download | lxc-2dcb28a9d0381beac65d2fb89f0b4cb51eb4fd40.tar.gz lxc-2dcb28a9d0381beac65d2fb89f0b4cb51eb4fd40.tar.bz2 lxc-2dcb28a9d0381beac65d2fb89f0b4cb51eb4fd40.zip |
lxc_af_unix_rcv_credential to report rcvd length
to have better error reporting done by caller.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Michel Normand <normand@fr.ibm.com>
-rw-r--r-- | src/lxc/af_unix.c | 12 | ||||
-rw-r--r-- | src/lxc/start.c | 15 |
2 files changed, 22 insertions, 5 deletions
diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c index 79f64ae..ad3e94c 100644 --- a/src/lxc/af_unix.c +++ b/src/lxc/af_unix.c @@ -23,11 +23,15 @@ #include <string.h> #include <unistd.h> #include <fcntl.h> +#include <errno.h> #define __USE_GNU #include <sys/socket.h> #undef __USE_GNU #include <sys/un.h> +#include "log.h" + +lxc_log_define(lxc_af_unix, lxc); int lxc_af_unix_open(const char *path, int type, int flags) { @@ -229,14 +233,14 @@ int lxc_af_unix_rcv_credential(int fd, void *data, size_t size) cmsg = CMSG_FIRSTHDR(&msg); - ret = -1; - if (cmsg && cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)) && cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_CREDENTIALS) { cred = *((struct ucred *) CMSG_DATA(cmsg)); - if (cred.uid == getuid() && cred.gid == getgid()) - ret = 0; + if (cred.uid != getuid() || cred.gid != getgid()) { + INFO("message denied for '%d/%d'", cred.uid, cred.gid); + return -EPERM; + } } out: return ret; diff --git a/src/lxc/start.c b/src/lxc/start.c index 055d381..28ce88c 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -200,8 +200,21 @@ static int ttyservice_handler(int fd, void *data, goto out_close; } - if (lxc_af_unix_rcv_credential(conn, &ttynum, sizeof(ttynum))) + ret = lxc_af_unix_rcv_credential(conn, &ttynum, sizeof(ttynum)); + if (ret < 0) { + SYSERROR("failed to receive data on tty socket"); goto out_close; + } + + if (!ret) { + DEBUG("peer has disconnected"); + goto out_close; + } + + if (ret != sizeof(ttynum)) { + WARN("partial request, ignored"); + goto out_close; + } if (ttynum > 0) { if (ttynum > tty_info->nbtty) |