X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=python%2Fvserverimpl.c;h=2a102462d923b5e365d5b31adda10e03029261cc;hb=a741f6faf2baae1e823d334012f6a09e6a1bda51;hp=49a22c91af56ed59a14ebc12258df12925b226d5;hpb=93df17be4f833ac7131835ec0505fe8a546a0495;p=util-vserver.git

diff --git a/python/vserverimpl.c b/python/vserverimpl.c
index 49a22c9..2a10246 100644
--- a/python/vserverimpl.c
+++ b/python/vserverimpl.c
@@ -41,6 +41,11 @@ POSSIBILITY OF SUCH DAMAGE.
 #include <unistd.h>
 #include <sys/socket.h>
 #include <arpa/inet.h>
+#include <ifaddrs.h>
+#include <stddef.h>
+#include <fcntl.h>
+#include <sys/mount.h>
+#include <utmp.h>
 
 #include "config.h"
 #include "pathconfig.h"
@@ -49,7 +54,13 @@ POSSIBILITY OF SUCH DAMAGE.
 #include "planetlab.h"
 #include "vserver-internal.h"
 
-#define NONE  ({ Py_INCREF(Py_None); Py_None; })
+static inline PyObject *inc_and_ret_none(void)
+{
+  Py_INCREF(Py_None);
+  return Py_None;
+}
+
+#define NONE  inc_and_ret_none()
 
 /*
  * context create
@@ -371,38 +382,106 @@ vserver_bcaps2text(PyObject *self, PyObject *args)
 }
 
 static inline int
-convertAddress(const char *str, vc_net_nx_type *type, void *dst)
+convert_address(const char *str, struct vc_net_addr *addr)
+{
+  void *dst;
+  if (inet_pton(AF_INET6, str, addr->vna_v6_ip.s6_addr) > 0) {
+    addr->vna_type = VC_NXA_TYPE_IPV6;
+    return 0;
+  }
+  else if (inet_pton(AF_INET, str, &addr->vna_v4_ip.s_addr) > 0) {
+    addr->vna_type = VC_NXA_TYPE_IPV4;
+    return 0;
+  }
+  return -1;
+}
+
+static int
+mask_to_prefix(void *data, int limit)
+{
+  uint8_t *mask = data;
+  int prefix;
+  for (prefix = 0; prefix < limit && mask[prefix >> 3] & (1 << (prefix & 0x07)); prefix++)
+    ;
+  return prefix;
+}
+
+static int
+get_mask(struct vc_net_addr *addr)
 {
-  int   ret;
-  if (type) *type = vcNET_IPV4;
-  ret = inet_pton(AF_INET, str, dst);
-  if (ret==0) {
-    if (type) *type = vcNET_IPV6;
-    ret = inet_pton(AF_INET6, str, dst);
+  struct ifaddrs *head, *ifa;
+  int ret = 0;
+  int family, offset, len;
+  void *ip;
+
+  switch (addr->vna_type) {
+  case VC_NXA_TYPE_IPV4:
+    family = AF_INET;
+    offset = offsetof(struct sockaddr_in,  sin_addr.s_addr);
+    ip = &addr->vna_v4_ip.s_addr;
+    len = 4;
+    addr->vna_v4_mask.s_addr = htonl(0xffffff00);
+    addr->vna_prefix = 24;
+    break;
+  case VC_NXA_TYPE_IPV6:
+    family = AF_INET6;
+    offset = offsetof(struct sockaddr_in6, sin6_addr.s6_addr);
+    ip = addr->vna_v6_ip.s6_addr;
+    len = 16;
+    addr->vna_v6_mask.s6_addr32[9] = addr->vna_v6_mask.s6_addr32[1] = 0xffffffff;
+    addr->vna_v6_mask.s6_addr32[2] = addr->vna_v6_mask.s6_addr32[3] = 0x00000000;
+    addr->vna_prefix = 64;
+    break;
+  default:
+    errno = -EINVAL;
+    return -1;
+  }
+
+  if (getifaddrs(&head) == -1)
+    return -1;
+  for (ifa = head; ifa; ifa = ifa->ifa_next) {
+    if (ifa->ifa_addr->sa_family == family &&
+        memcmp((char *) ifa->ifa_addr + offset, ip, len) == 0) {
+      switch (addr->vna_type) {
+      case VC_NXA_TYPE_IPV4:
+	memcpy(&addr->vna_v4_mask.s_addr, ifa->ifa_netmask + offset, len);
+	addr->vna_prefix = mask_to_prefix(&addr->vna_v4_mask.s_addr, 32);
+	break;
+      case VC_NXA_TYPE_IPV6:
+	memcpy(addr->vna_v6_mask.s6_addr, ifa->ifa_netmask + offset, len);
+	addr->vna_prefix = mask_to_prefix(addr->vna_v6_mask.s6_addr, 128);
+	break;
+      }
+      ret = 1;
+      break;
+    }
   }
-  return ret > 0 ? 0 : -1;
+  freeifaddrs(head);
+  return ret;
 }
 
 /* XXX These two functions are really similar */
 static PyObject *
 vserver_net_add(PyObject *self, PyObject *args)
 {
-  struct vc_net_nx addr;
+  struct vc_net_addr addr;
   nid_t nid;
   const char *ip;
 
   if (!PyArg_ParseTuple(args, "Is", &nid, &ip))
     return NULL;
 
-  if (convertAddress(ip, &addr.type, &addr.ip) == -1)
+  if (convert_address(ip, &addr) == -1)
     return PyErr_Format(PyExc_ValueError, "%s is not a valid IP address", ip);
 
-  switch (addr.type) {
-  case vcNET_IPV4:	addr.mask[0] = htonl(0xffffff00); break;
-  case vcNET_IPV6:	addr.mask[0] = 64; break;
-  default:		addr.mask[0] = 0; break;
+  switch (get_mask(&addr)) {
+  case -1:
+    return PyErr_SetFromErrno(PyExc_OSError);
+  case 0:
+    /* XXX error here? */
+    break;
   }
-  addr.count = 1;
+  addr.vna_type |= VC_NXA_TYPE_ADDR;
 
   if (vc_net_add(nid, &addr) == -1 && errno != ESRCH)
     return PyErr_SetFromErrno(PyExc_OSError);
@@ -413,7 +492,7 @@ vserver_net_add(PyObject *self, PyObject *args)
 static PyObject *
 vserver_net_remove(PyObject *self, PyObject *args)
 {
-  struct vc_net_nx addr;
+  struct vc_net_addr addr;
   nid_t nid;
   const char *ip;
 
@@ -421,21 +500,21 @@ vserver_net_remove(PyObject *self, PyObject *args)
     return NULL;
 
   if (strcmp(ip, "all") == 0)
-    addr.type = vcNET_ANY;
+    addr.vna_type = VC_NXA_TYPE_ANY;
   else if (strcmp(ip, "all4") == 0)
-    addr.type = vcNET_IPV4A;
+    addr.vna_type = VC_NXA_TYPE_IPV6 | VC_NXA_TYPE_ANY;
   else if (strcmp(ip, "all6") == 0)
-    addr.type = vcNET_IPV6A;
-  else
-    if (convertAddress(ip, &addr.type, &addr.ip) == -1)
+    addr.vna_type = VC_NXA_TYPE_IPV6 | VC_NXA_TYPE_ANY;
+  else {
+    if (convert_address(ip, &addr) == -1)
       return PyErr_Format(PyExc_ValueError, "%s is not a valid IP address", ip);
+    addr.vna_type |= VC_NXA_TYPE_ADDR;
+  }
 
-  switch (addr.type) {
-  case vcNET_IPV4:	addr.mask[0] = htonl(0xffffff00); break;
-  case vcNET_IPV6:	addr.mask[0] = 64; break;
-  default:		addr.mask[0] = 0; break;
+  switch (get_mask(&addr)) {
+  case -1:
+    return PyErr_SetFromErrno(PyExc_OSError);
   }
-  addr.count = 1;
 
   if (vc_net_remove(nid, &addr) == -1 && errno != ESRCH)
     return PyErr_SetFromErrno(PyExc_OSError);
@@ -443,6 +522,150 @@ vserver_net_remove(PyObject *self, PyObject *args)
   return NONE;
 }
 
+struct secure_dirs {
+  int host_fd;
+  int cwd_fd;
+  int guest_fd;
+  int target_fd;
+};
+
+static inline int
+fchroot(int fd)
+{
+  if (fchdir(fd) == -1 || chroot(".") == -1)
+    return -1;
+  return 0;
+}
+
+static inline int
+restore_dirs(struct secure_dirs *dirs)
+{
+  if (dirs->host_fd != -1) {
+    if (fchroot(dirs->host_fd) == -1)
+      return -1;
+    if (close(dirs->host_fd) == -1)
+      return -1;
+  }
+  if (dirs->guest_fd != -1) {
+    if (close(dirs->guest_fd) == -1)
+      return -1;
+  }
+  if (dirs->target_fd != -1) {
+    if (close(dirs->target_fd) == -1)
+      return -1;
+  }
+  if (dirs->cwd_fd != -1) {
+    if (fchdir(dirs->cwd_fd) == -1)
+      return -1;
+    if (close(dirs->cwd_fd) == -1)
+      return -1;
+  }
+  return 0;
+}
+
+static inline int
+secure_chdir(struct secure_dirs *dirs, const char *guest, const char *target)
+{
+  dirs->host_fd = dirs->cwd_fd = dirs->guest_fd = dirs->target_fd = -1;
+
+  dirs->host_fd = open("/", O_RDONLY|O_DIRECTORY);
+  if (dirs->host_fd == -1)
+    return -1;
+
+  dirs->cwd_fd = open(".", O_RDONLY|O_DIRECTORY);
+  if (dirs->cwd_fd == -1)
+    return -1;
+
+  dirs->guest_fd = open(guest, O_RDONLY|O_DIRECTORY);
+  if (dirs->guest_fd == -1)
+    return -1;
+  if (fchroot(dirs->guest_fd) == -1)
+    return -1;
+
+  dirs->target_fd = open(target, O_RDONLY|O_DIRECTORY);
+  if (dirs->target_fd == -1)
+    return -1;
+
+  if (fchroot(dirs->host_fd) == -1 || close(dirs->host_fd) == -1)
+    return -1;
+  dirs->host_fd = -1;
+  if (close(dirs->guest_fd) == -1)
+    return -1;
+  dirs->guest_fd = -1;
+
+  if (fchdir(dirs->target_fd) == -1 || close(dirs->target_fd) == -1)
+    return -1;
+
+  return 0;
+}
+
+static PyObject *
+vserver_mount(PyObject *self, PyObject *args)
+{
+  const char *guest, *target, *source, *type, *data = NULL;
+  unsigned long flags = 0;
+  struct secure_dirs dirs;
+
+  if (!PyArg_ParseTuple(args, "ssss|ks", &source, &guest, &target, &type,
+			&flags, &data))
+    return NULL;
+
+  if (secure_chdir(&dirs, guest, target) == -1)
+    goto out;
+  if (mount(source, ".", type, flags, data) == -1)
+    goto out;
+  restore_dirs(&dirs);
+
+  return NONE;
+
+out:
+  restore_dirs(&dirs);
+  return PyErr_SetFromErrno(PyExc_OSError);
+}
+
+static PyObject *
+vserver_umount(PyObject *self, PyObject *args)
+{
+  const char *guest, *target;
+  int flags = 0;
+  char *path;
+  PyObject *ret;
+
+  if (!PyArg_ParseTuple(args, "ss|i", &guest, &target, &flags))
+    return NULL;
+
+  path = calloc(strlen(guest) + strlen(target) + 2, sizeof(char));
+  sprintf(path, "%s/%s", guest, target);
+  if (umount2(path, flags) == -1)
+    ret = PyErr_SetFromErrno(PyExc_OSError);
+  else
+    ret = NONE;
+  free(path);
+
+  return ret;
+}
+
+static PyObject *
+vserver_set_runlevel(PyObject *self, PyObject *args)
+{
+  const char *file;
+  int runlevel;
+  struct utmp ut;
+
+  if (!PyArg_ParseTuple(args, "si", &file, &runlevel))
+    return NULL;
+
+  utmpname(file);
+  setutent();
+  memset(&ut, 0, sizeof(ut));
+  ut.ut_type = RUN_LVL;
+  ut.ut_pid = ('#' << 8) + runlevel + '0';
+  pututline(&ut);
+  endutent();
+
+  return NONE;
+}
+
 static PyMethodDef  methods[] = {
   { "chcontext", vserver_chcontext, METH_VARARGS,
     "chcontext to vserver with provided flags" },
@@ -476,6 +699,12 @@ static PyMethodDef  methods[] = {
     "Assign an IP address to a context" },
   { "netremove", vserver_net_remove, METH_VARARGS,
     "Remove IP address(es) from a context" },
+  { "mount", vserver_mount, METH_VARARGS,
+    "Perform the mount() system call" },
+  { "umount", vserver_umount, METH_VARARGS,
+    "Perform the umount2() system call" },
+  { "setrunlevel", vserver_set_runlevel, METH_VARARGS,
+    "Set the runlevel in utmp" },
   { NULL, NULL, 0, NULL }
 };