[thirdparty/systemd.git] / src / basic / socket-label.c

/* SPDX-License-Identifier: LGPL-2.1+ */

#include <errno.h>
#include <netinet/in.h>
#include <stdbool.h>
#include <stddef.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <unistd.h>

#include "alloc-util.h"
#include "fd-util.h"
#include "fs-util.h"
#include "log.h"
#include "macro.h"
#include "missing.h"
#include "mkdir.h"
#include "selinux-util.h"
#include "socket-util.h"
#include "umask-util.h"

int socket_address_listen(
                const SocketAddress *a,
                int flags,
                int backlog,
                SocketAddressBindIPv6Only only,
                const char *bind_to_device,
                bool reuse_port,
                bool free_bind,
                bool transparent,
                mode_t directory_mode,
                mode_t socket_mode,
                const char *label) {

        _cleanup_close_ int fd = -1;
        const char *p;
        int r, one;

        assert(a);

        r = socket_address_verify(a);
        if (r < 0)
                return r;

        if (socket_address_family(a) == AF_INET6 && !socket_ipv6_is_supported())
                return -EAFNOSUPPORT;

        if (label) {
                r = mac_selinux_create_socket_prepare(label);
                if (r < 0)
                        return r;
        }

        fd = socket(socket_address_family(a), a->type | flags, a->protocol);
        r = fd < 0 ? -errno : 0;

        if (label)
                mac_selinux_create_socket_clear();

        if (r < 0)
                return r;

        if (socket_address_family(a) == AF_INET6 && only != SOCKET_ADDRESS_DEFAULT) {
                int flag = only == SOCKET_ADDRESS_IPV6_ONLY;

                if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &flag, sizeof(flag)) < 0)
                        return -errno;
        }

        if (IN_SET(socket_address_family(a), AF_INET, AF_INET6)) {
                if (bind_to_device)
                        if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, bind_to_device, strlen(bind_to_device)+1) < 0)
                                return -errno;

                if (reuse_port) {
                        one = 1;
                        if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &one, sizeof(one)) < 0)
                                log_warning_errno(errno, "SO_REUSEPORT failed: %m");
                }

                if (free_bind) {
                        one = 1;
                        if (setsockopt(fd, IPPROTO_IP, IP_FREEBIND, &one, sizeof(one)) < 0)
                                log_warning_errno(errno, "IP_FREEBIND failed: %m");
                }

                if (transparent) {
                        one = 1;
                        if (setsockopt(fd, IPPROTO_IP, IP_TRANSPARENT, &one, sizeof(one)) < 0)
                                log_warning_errno(errno, "IP_TRANSPARENT failed: %m");
                }
        }

        one = 1;
        if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)) < 0)
                return -errno;

        p = socket_address_get_path(a);
        if (p) {
                /* Create parents */
                (void) mkdir_parents_label(p, directory_mode);

                /* Enforce the right access mode for the socket */
                RUN_WITH_UMASK(~socket_mode) {
                        r = mac_selinux_bind(fd, &a->sockaddr.sa, a->size);
                        if (r == -EADDRINUSE) {
                                /* Unlink and try again */

                                if (unlink(p) < 0)
                                        return r; /* didn't work, return original error */

                                r = mac_selinux_bind(fd, &a->sockaddr.sa, a->size);
                        }
                        if (r < 0)
                                return r;
                }
        } else {
                if (bind(fd, &a->sockaddr.sa, a->size) < 0)
                        return -errno;
        }

        if (socket_address_can_accept(a))
                if (listen(fd, backlog) < 0)
                        return -errno;

        /* Let's trigger an inotify event on the socket node, so that anyone waiting for this socket to be connectable
         * gets notified */
        if (p)
                (void) touch(p);

        r = fd;
        fd = -1;

        return r;
}

int make_socket_fd(int log_level, const char* address, int type, int flags) {
        SocketAddress a;
        int fd, r;

        r = socket_address_parse(&a, address);
        if (r < 0)
                return log_error_errno(r, "Failed to parse socket address \"%s\": %m", address);

        a.type = type;

        fd = socket_address_listen(&a, type | flags, SOMAXCONN, SOCKET_ADDRESS_DEFAULT,
                                   NULL, false, false, false, 0755, 0644, NULL);
        if (fd < 0 || log_get_max_level() >= log_level) {
                _cleanup_free_ char *p = NULL;

                r = socket_address_print(&a, &p);
                if (r < 0)
                        return log_error_errno(r, "socket_address_print(): %m");

                if (fd < 0)
                        log_error_errno(fd, "Failed to listen on %s: %m", p);
                else
                        log_full(log_level, "Listening on %s", p);
        }

        return fd;
}
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
cc527a47	2
cc527a47	3	#include <errno.h>
11c3a366 TA	4	#include <netinet/in.h>
11c3a366 TA	5	#include <stdbool.h>
cc527a47	6	#include <stddef.h>
3ffd4af2	7	#include <string.h>
11c3a366	8	#include <sys/socket.h>
11c3a366	9	#include <sys/un.h>
3ffd4af2	10	#include <unistd.h>
cc527a47	11
b5efdb8a	12	#include "alloc-util.h"
3ffd4af2	13	#include "fd-util.h"
294d46f1	14	#include "fs-util.h"
93cc7779	15	#include "log.h"
cc527a47	16	#include "macro.h"
cc527a47	17	#include "missing.h"
3ffd4af2	18	#include "mkdir.h"
d7b8eec7 LP	19	#include "selinux-util.h"
d7b8eec7 LP	20	#include "socket-util.h"
825546ef	21	#include "umask-util.h"
cc527a47 KS	22
	23	int socket_address_listen(
	24	const SocketAddress *a,
175a3d25	25	int flags,
cc527a47 KS	26	int backlog,
	27	SocketAddressBindIPv6Only only,
	28	const char *bind_to_device,
54255c64	29	bool reuse_port,
cc527a47 KS	30	bool free_bind,
	31	bool transparent,
	32	mode_t directory_mode,
	33	mode_t socket_mode,
175a3d25 LP	34	const char *label) {
	35
	36	_cleanup_close_ int fd = -1;
294d46f1	37	const char *p;
175a3d25	38	int r, one;
cc527a47	39
cc527a47	40	assert(a);
cc527a47	41
175a3d25 LP	42	r = socket_address_verify(a);
175a3d25 LP	43	if (r < 0)
cc527a47 KS	44	return r;
	45
	46	if (socket_address_family(a) == AF_INET6 && !socket_ipv6_is_supported())
	47	return -EAFNOSUPPORT;
	48
175a3d25	49	if (label) {
ecabcf8b	50	r = mac_selinux_create_socket_prepare(label);
175a3d25 LP	51	if (r < 0)
	52	return r;
	53	}
cc527a47	54
175a3d25	55	fd = socket(socket_address_family(a), a->type \| flags, a->protocol);
cc527a47 KS	56	r = fd < 0 ? -errno : 0;
cc527a47 KS	57
175a3d25	58	if (label)
ecabcf8b	59	mac_selinux_create_socket_clear();
cc527a47 KS	60
	61	if (r < 0)
	62	return r;
	63
	64	if (socket_address_family(a) == AF_INET6 && only != SOCKET_ADDRESS_DEFAULT) {
	65	int flag = only == SOCKET_ADDRESS_IPV6_ONLY;
	66
	67	if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &flag, sizeof(flag)) < 0)
175a3d25	68	return -errno;
cc527a47 KS	69	}
cc527a47 KS	70
5ed272cf	71	if (IN_SET(socket_address_family(a), AF_INET, AF_INET6)) {
cc527a47 KS	72	if (bind_to_device)
cc527a47 KS	73	if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, bind_to_device, strlen(bind_to_device)+1) < 0)
175a3d25	74	return -errno;
cc527a47	75
54255c64 CT	76	if (reuse_port) {
	77	one = 1;
	78	if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &one, sizeof(one)) < 0)
	79	log_warning_errno(errno, "SO_REUSEPORT failed: %m");
	80	}
	81
cc527a47 KS	82	if (free_bind) {
	83	one = 1;
	84	if (setsockopt(fd, IPPROTO_IP, IP_FREEBIND, &one, sizeof(one)) < 0)
56f64d95	85	log_warning_errno(errno, "IP_FREEBIND failed: %m");
cc527a47 KS	86	}
	87
	88	if (transparent) {
	89	one = 1;
	90	if (setsockopt(fd, IPPROTO_IP, IP_TRANSPARENT, &one, sizeof(one)) < 0)
56f64d95	91	log_warning_errno(errno, "IP_TRANSPARENT failed: %m");
cc527a47 KS	92	}
	93	}
	94
	95	one = 1;
	96	if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)) < 0)
175a3d25	97	return -errno;
cc527a47	98
294d46f1 LP	99	p = socket_address_get_path(a);
294d46f1 LP	100	if (p) {
cc527a47	101	/* Create parents */
294d46f1	102	(void) mkdir_parents_label(p, directory_mode);
cc527a47	103
175a3d25	104	/* Enforce the right access mode for the socket */
825546ef ZJS	105	RUN_WITH_UMASK(~socket_mode) {
	106	r = mac_selinux_bind(fd, &a->sockaddr.sa, a->size);
	107	if (r == -EADDRINUSE) {
	108	/* Unlink and try again */
706d7c27 LP	109
	110	if (unlink(p) < 0)
	111	return r; /* didn't work, return original error */
	112
	113	r = mac_selinux_bind(fd, &a->sockaddr.sa, a->size);
	114	}
	115	if (r < 0)
825546ef	116	return r;
cc527a47	117	}
825546ef ZJS	118	} else {
	119	if (bind(fd, &a->sockaddr.sa, a->size) < 0)
	120	return -errno;
	121	}
cc527a47 KS	122
	123	if (socket_address_can_accept(a))
	124	if (listen(fd, backlog) < 0)
175a3d25	125	return -errno;
cc527a47	126
5b5e6dea LP	127	/* Let's trigger an inotify event on the socket node, so that anyone waiting for this socket to be connectable
	128	* gets notified */
	129	if (p)
	130	(void) touch(p);
	131
175a3d25 LP	132	r = fd;
175a3d25 LP	133	fd = -1;
cc527a47	134
cc527a47 KS	135	return r;
cc527a47 KS	136	}
e0aa3726	137
7b7afdfc	138	int make_socket_fd(int log_level, const char* address, int type, int flags) {
e0aa3726 ZJS	139	SocketAddress a;
	140	int fd, r;
	141
	142	r = socket_address_parse(&a, address);
e53fc357 LP	143	if (r < 0)
e53fc357 LP	144	return log_error_errno(r, "Failed to parse socket address \"%s\": %m", address);
e0aa3726	145
7b7afdfc SS	146	a.type = type;
	147
	148	fd = socket_address_listen(&a, type \| flags, SOMAXCONN, SOCKET_ADDRESS_DEFAULT,
54255c64	149	NULL, false, false, false, 0755, 0644, NULL);
e0aa3726	150	if (fd < 0 \|\| log_get_max_level() >= log_level) {
c8b32e11	151	_cleanup_free_ char *p = NULL;
e0aa3726 ZJS	152
e0aa3726 ZJS	153	r = socket_address_print(&a, &p);
f647962d MS	154	if (r < 0)
f647962d MS	155	return log_error_errno(r, "socket_address_print(): %m");
e0aa3726 ZJS	156
e0aa3726 ZJS	157	if (fd < 0)
da927ba9	158	log_error_errno(fd, "Failed to listen on %s: %m", p);
e0aa3726 ZJS	159	else
	160	log_full(log_level, "Listening on %s", p);
	161	}
	162
	163	return fd;
	164	}