src: implement APIs for passing FDs over UNIX sockets

This is a simplified variant of gnulib's passfd module
without the portability code that we do not require.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrangé 2020-01-17 11:57:17 +00:00
parent d575590c52
commit 17460825f3
6 changed files with 151 additions and 10 deletions

View File

@ -3012,6 +3012,11 @@ virSecretLookupFormatSecret;
virSecretLookupParseSecret; virSecretLookupParseSecret;
# util/virsocket.h
virSocketRecvFD;
virSocketSendFD;
# util/virsocketaddr.h # util/virsocketaddr.h
virSocketAddrBroadcast; virSocketAddrBroadcast;
virSocketAddrBroadcastByPrefix; virSocketAddrBroadcastByPrefix;

View File

@ -25,7 +25,6 @@
#include "domain_audit.h" #include "domain_audit.h"
#include "domain_nwfilter.h" #include "domain_nwfilter.h"
#include "qemu_interface.h" #include "qemu_interface.h"
#include "passfd.h"
#include "viralloc.h" #include "viralloc.h"
#include "virlog.h" #include "virlog.h"
#include "virstring.h" #include "virstring.h"
@ -34,6 +33,7 @@
#include "virnetdevmacvlan.h" #include "virnetdevmacvlan.h"
#include "virnetdevbridge.h" #include "virnetdevbridge.h"
#include "virnetdevvportprofile.h" #include "virnetdevvportprofile.h"
#include "virsocket.h"
#include <sys/stat.h> #include <sys/stat.h>
#include <fcntl.h> #include <fcntl.h>
@ -347,7 +347,7 @@ qemuCreateInBridgePortWithHelper(virQEMUDriverConfigPtr cfg,
} }
do { do {
*tapfd = recvfd(pair[0], 0); *tapfd = virSocketRecvFD(pair[0], 0);
} while (*tapfd < 0 && errno == EINTR); } while (*tapfd < 0 && errno == EINTR);
if (*tapfd < 0) { if (*tapfd < 0) {

View File

@ -56,7 +56,6 @@
#include "virprobe.h" #include "virprobe.h"
#include "virprocess.h" #include "virprocess.h"
#include "virstring.h" #include "virstring.h"
#include "passfd.h"
#if WITH_SSH2 #if WITH_SSH2
# include "virnetsshsession.h" # include "virnetsshsession.h"
@ -2029,7 +2028,7 @@ int virNetSocketSendFD(virNetSocketPtr sock, int fd)
virObjectLock(sock); virObjectLock(sock);
PROBE(RPC_SOCKET_SEND_FD, PROBE(RPC_SOCKET_SEND_FD,
"sock=%p fd=%d", sock, fd); "sock=%p fd=%d", sock, fd);
if (sendfd(sock->fd, fd) < 0) { if (virSocketSendFD(sock->fd, fd) < 0) {
if (errno == EAGAIN) if (errno == EAGAIN)
ret = 0; ret = 0;
else else
@ -2062,7 +2061,7 @@ int virNetSocketRecvFD(virNetSocketPtr sock, int *fd)
} }
virObjectLock(sock); virObjectLock(sock);
if ((*fd = recvfd(sock->fd, O_CLOEXEC)) < 0) { if ((*fd = virSocketRecvFD(sock->fd, O_CLOEXEC)) < 0) {
if (errno == EAGAIN) if (errno == EAGAIN)
ret = 0; ret = 0;
else else

View File

@ -25,7 +25,6 @@
#include <config.h> #include <config.h>
#include "internal.h" #include "internal.h"
#include <passfd.h>
#include <fcntl.h> #include <fcntl.h>
#ifndef WIN32 #ifndef WIN32
# include <termios.h> # include <termios.h>
@ -2268,7 +2267,7 @@ virFileOpenForked(const char *path, int openflags, mode_t mode,
} }
do { do {
ret = sendfd(pair[1], fd); ret = virSocketSendFD(pair[1], fd);
} while (ret < 0 && errno == EINTR); } while (ret < 0 && errno == EINTR);
if (ret < 0) { if (ret < 0) {
@ -2302,7 +2301,7 @@ virFileOpenForked(const char *path, int openflags, mode_t mode,
VIR_FORCE_CLOSE(pair[1]); VIR_FORCE_CLOSE(pair[1]);
do { do {
fd = recvfd(pair[0], 0); fd = virSocketRecvFD(pair[0], 0);
} while (fd < 0 && errno == EINTR); } while (fd < 0 && errno == EINTR);
VIR_FORCE_CLOSE(pair[0]); /* NB: this preserves errno */ VIR_FORCE_CLOSE(pair[0]); /* NB: this preserves errno */
if (fd < 0) if (fd < 0)

View File

@ -19,11 +19,13 @@
#include <config.h> #include <config.h>
#include "virsocket.h" #include "virsocket.h"
#include "virutil.h"
#ifdef WIN32 #include "virfile.h"
#include <fcntl.h> #include <fcntl.h>
#ifdef WIN32
# define FD2SK(fd) _get_osfhandle(fd) # define FD2SK(fd) _get_osfhandle(fd)
# define SK2FD(sk) (_open_osfhandle((intptr_t) (sk), O_RDWR | O_BINARY)) # define SK2FD(sk) (_open_osfhandle((intptr_t) (sk), O_RDWR | O_BINARY))
@ -365,3 +367,136 @@ vir_socket(int domain, int type, int protocol)
} }
#endif /* WIN32 */ #endif /* WIN32 */
/* The following two methods are derived from GNULIB's
* passfd code */
/* MSG_CMSG_CLOEXEC is defined only on Linux, as of 2011. */
#ifndef MSG_CMSG_CLOEXEC
# define MSG_CMSG_CLOEXEC 0
#endif
#ifndef WIN32
/* virSocketSendFD sends the file descriptor fd along the socket
to a process calling virSocketRecvFD on the other end.
Return 0 on success, or -1 with errno set in case of error.
*/
int
virSocketSendFD(int sock, int fd)
{
char byte = 0;
struct iovec iov;
struct msghdr msg;
struct cmsghdr *cmsg;
char buf[CMSG_SPACE(sizeof(fd))];
/* send at least one char */
memset(&msg, 0, sizeof(msg));
iov.iov_base = &byte;
iov.iov_len = 1;
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
msg.msg_name = NULL;
msg.msg_namelen = 0;
msg.msg_control = buf;
msg.msg_controllen = sizeof(buf);
cmsg = CMSG_FIRSTHDR(&msg);
cmsg->cmsg_level = SOL_SOCKET;
cmsg->cmsg_type = SCM_RIGHTS;
cmsg->cmsg_len = CMSG_LEN(sizeof(fd));
/* Initialize the payload: */
memcpy(CMSG_DATA(cmsg), &fd, sizeof(fd));
msg.msg_controllen = cmsg->cmsg_len;
if (sendmsg(sock, &msg, 0) != iov.iov_len)
return -1;
return 0;
}
/* virSocketRecvFD receives a file descriptor through the socket.
The flags are a bitmask, possibly including O_CLOEXEC (defined in <fcntl.h>).
Return the fd on success, or -1 with errno set in case of error.
*/
int
virSocketRecvFD(int sock, int fdflags)
{
char byte = 0;
struct iovec iov;
struct msghdr msg;
int fd = -1;
ssize_t len;
struct cmsghdr *cmsg;
char buf[CMSG_SPACE(sizeof(fd))];
int fdflags_recvmsg = fdflags & O_CLOEXEC ? MSG_CMSG_CLOEXEC : 0;
if ((fdflags & ~O_CLOEXEC) != 0) {
errno = EINVAL;
return -1;
}
/* send at least one char */
memset(&msg, 0, sizeof(msg));
iov.iov_base = &byte;
iov.iov_len = 1;
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
msg.msg_name = NULL;
msg.msg_namelen = 0;
msg.msg_control = buf;
msg.msg_controllen = sizeof(buf);
cmsg = CMSG_FIRSTHDR(&msg);
cmsg->cmsg_level = SOL_SOCKET;
cmsg->cmsg_type = SCM_RIGHTS;
cmsg->cmsg_len = CMSG_LEN(sizeof(fd));
/* Initialize the payload: */
memcpy(CMSG_DATA(cmsg), &fd, sizeof(fd));
msg.msg_controllen = cmsg->cmsg_len;
len = recvmsg(sock, &msg, fdflags_recvmsg);
if (len < 0)
return -1;
cmsg = CMSG_FIRSTHDR(&msg);
/* be paranoiac */
if (len == 0 || cmsg == NULL || cmsg->cmsg_len != CMSG_LEN(sizeof(fd))
|| cmsg->cmsg_level != SOL_SOCKET || cmsg->cmsg_type != SCM_RIGHTS) {
/* fake errno: at end the file is not available */
errno = len ? EACCES : ENOTCONN;
return -1;
}
memcpy(&fd, CMSG_DATA(cmsg), sizeof(fd));
/* set close-on-exec flag */
if (!MSG_CMSG_CLOEXEC && (fdflags & O_CLOEXEC)) {
if (virSetCloseExec(fd) < 0) {
int saved_errno = errno;
VIR_FORCE_CLOSE(fd);
errno = saved_errno;
return -1;
}
}
return fd;
}
#else /* WIN32 */
int
virSocketSendFD(int sock G_GNUC_UNUSED, int fd G_GNUC_UNUSED)
{
errno = ENOSYS;
return -1;
}
int
virSocketRecvFD(int sock G_GNUC_UNUSED, int fdflags G_GNUC_UNUSED)
{
errno = ENOSYS;
return -1;
}
#endif /* WIN32 */

View File

@ -20,6 +20,9 @@
#include "internal.h" #include "internal.h"
int virSocketSendFD(int sock, int fd);
int virSocketRecvFD(int sock, int fdflags);
#ifdef WIN32 #ifdef WIN32
# define WIN32_LEAN_AND_MEAN # define WIN32_LEAN_AND_MEAN