[thirdparty/systemd.git] / src / basic / socket-label.c

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <sys/stat.h>
#include <stddef.h>

#include "macro.h"
#include "util.h"
#include "mkdir.h"
#include "missing.h"
#include "selinux-util.h"
#include "socket-util.h"

int socket_address_listen(
                const SocketAddress *a,
                int flags,
                int backlog,
                SocketAddressBindIPv6Only only,
                const char *bind_to_device,
                bool free_bind,
                bool transparent,
                mode_t directory_mode,
                mode_t socket_mode,
                const char *label) {

        _cleanup_close_ int fd = -1;
        int r, one;

        assert(a);

        r = socket_address_verify(a);
        if (r < 0)
                return r;

        if (socket_address_family(a) == AF_INET6 && !socket_ipv6_is_supported())
                return -EAFNOSUPPORT;

        if (label) {
                r = mac_selinux_create_socket_prepare(label);
                if (r < 0)
                        return r;
        }

        fd = socket(socket_address_family(a), a->type | flags, a->protocol);
        r = fd < 0 ? -errno : 0;

        if (label)
                mac_selinux_create_socket_clear();

        if (r < 0)
                return r;

        if (socket_address_family(a) == AF_INET6 && only != SOCKET_ADDRESS_DEFAULT) {
                int flag = only == SOCKET_ADDRESS_IPV6_ONLY;

                if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &flag, sizeof(flag)) < 0)
                        return -errno;
        }

        if (socket_address_family(a) == AF_INET || socket_address_family(a) == AF_INET6) {
                if (bind_to_device)
                        if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, bind_to_device, strlen(bind_to_device)+1) < 0)
                                return -errno;

                if (free_bind) {
                        one = 1;
                        if (setsockopt(fd, IPPROTO_IP, IP_FREEBIND, &one, sizeof(one)) < 0)
                                log_warning_errno(errno, "IP_FREEBIND failed: %m");
                }

                if (transparent) {
                        one = 1;
                        if (setsockopt(fd, IPPROTO_IP, IP_TRANSPARENT, &one, sizeof(one)) < 0)
                                log_warning_errno(errno, "IP_TRANSPARENT failed: %m");
                }
        }

        one = 1;
        if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)) < 0)
                return -errno;

        if (socket_address_family(a) == AF_UNIX && a->sockaddr.un.sun_path[0] != 0) {
                mode_t old_mask;

                /* Create parents */
                mkdir_parents_label(a->sockaddr.un.sun_path, directory_mode);

                /* Enforce the right access mode for the socket */
                old_mask = umask(~ socket_mode);

                r = mac_selinux_bind(fd, &a->sockaddr.sa, a->size);

                if (r < 0 && errno == EADDRINUSE) {
                        /* Unlink and try again */
                        unlink(a->sockaddr.un.sun_path);
                        r = bind(fd, &a->sockaddr.sa, a->size);
                }

                umask(old_mask);
        } else
                r = bind(fd, &a->sockaddr.sa, a->size);

        if (r < 0)
                return -errno;

        if (socket_address_can_accept(a))
                if (listen(fd, backlog) < 0)
                        return -errno;

        r = fd;
        fd = -1;

        return r;
}

int make_socket_fd(int log_level, const char* address, int flags) {
        SocketAddress a;
        int fd, r;

        r = socket_address_parse(&a, address);
        if (r < 0) {
                log_error("Failed to parse socket address \"%s\": %s",
                          address, strerror(-r));
                return r;
        }

        fd = socket_address_listen(&a, flags, SOMAXCONN, SOCKET_ADDRESS_DEFAULT,
                                   NULL, false, false, 0755, 0644, NULL);
        if (fd < 0 || log_get_max_level() >= log_level) {
                _cleanup_free_ char *p = NULL;

                r = socket_address_print(&a, &p);
                if (r < 0)
                        return log_error_errno(r, "socket_address_print(): %m");

                if (fd < 0)
                        log_error_errno(fd, "Failed to listen on %s: %m", p);
                else
                        log_full(log_level, "Listening on %s", p);
        }

        return fd;
}
Commit	Line	Data
cc527a47 KS	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
	2
	3	/***
	4	This file is part of systemd.
	5
	6	Copyright 2010 Lennart Poettering
	7
	8	systemd is free software; you can redistribute it and/or modify it
5430f7f2 LP	9	under the terms of the GNU Lesser General Public License as published by
5430f7f2 LP	10	the Free Software Foundation; either version 2.1 of the License, or
cc527a47 KS	11	(at your option) any later version.
	12
	13	systemd is distributed in the hope that it will be useful, but
	14	WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2	16	Lesser General Public License for more details.
cc527a47	17
5430f7f2	18	You should have received a copy of the GNU Lesser General Public License
cc527a47 KS	19	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	20	***/
	21
cc527a47 KS	22	#include <string.h>
	23	#include <unistd.h>
	24	#include <errno.h>
cc527a47 KS	25	#include <sys/stat.h>
cc527a47 KS	26	#include <stddef.h>
cc527a47 KS	27
	28	#include "macro.h"
	29	#include "util.h"
	30	#include "mkdir.h"
cc527a47	31	#include "missing.h"
d7b8eec7 LP	32	#include "selinux-util.h"
d7b8eec7 LP	33	#include "socket-util.h"
cc527a47 KS	34
	35	int socket_address_listen(
	36	const SocketAddress *a,
175a3d25	37	int flags,
cc527a47 KS	38	int backlog,
	39	SocketAddressBindIPv6Only only,
	40	const char *bind_to_device,
	41	bool free_bind,
	42	bool transparent,
	43	mode_t directory_mode,
	44	mode_t socket_mode,
175a3d25 LP	45	const char *label) {
	46
	47	_cleanup_close_ int fd = -1;
	48	int r, one;
cc527a47	49
cc527a47	50	assert(a);
cc527a47	51
175a3d25 LP	52	r = socket_address_verify(a);
175a3d25 LP	53	if (r < 0)
cc527a47 KS	54	return r;
	55
	56	if (socket_address_family(a) == AF_INET6 && !socket_ipv6_is_supported())
	57	return -EAFNOSUPPORT;
	58
175a3d25	59	if (label) {
ecabcf8b	60	r = mac_selinux_create_socket_prepare(label);
175a3d25 LP	61	if (r < 0)
	62	return r;
	63	}
cc527a47	64
175a3d25	65	fd = socket(socket_address_family(a), a->type \| flags, a->protocol);
cc527a47 KS	66	r = fd < 0 ? -errno : 0;
cc527a47 KS	67
175a3d25	68	if (label)
ecabcf8b	69	mac_selinux_create_socket_clear();
cc527a47 KS	70
	71	if (r < 0)
	72	return r;
	73
	74	if (socket_address_family(a) == AF_INET6 && only != SOCKET_ADDRESS_DEFAULT) {
	75	int flag = only == SOCKET_ADDRESS_IPV6_ONLY;
	76
	77	if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &flag, sizeof(flag)) < 0)
175a3d25	78	return -errno;
cc527a47 KS	79	}
	80
	81	if (socket_address_family(a) == AF_INET \|\| socket_address_family(a) == AF_INET6) {
	82	if (bind_to_device)
	83	if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, bind_to_device, strlen(bind_to_device)+1) < 0)
175a3d25	84	return -errno;
cc527a47 KS	85
	86	if (free_bind) {
	87	one = 1;
	88	if (setsockopt(fd, IPPROTO_IP, IP_FREEBIND, &one, sizeof(one)) < 0)
56f64d95	89	log_warning_errno(errno, "IP_FREEBIND failed: %m");
cc527a47 KS	90	}
	91
	92	if (transparent) {
	93	one = 1;
	94	if (setsockopt(fd, IPPROTO_IP, IP_TRANSPARENT, &one, sizeof(one)) < 0)
56f64d95	95	log_warning_errno(errno, "IP_TRANSPARENT failed: %m");
cc527a47 KS	96	}
	97	}
	98
	99	one = 1;
	100	if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)) < 0)
175a3d25	101	return -errno;
cc527a47 KS	102
	103	if (socket_address_family(a) == AF_UNIX && a->sockaddr.un.sun_path[0] != 0) {
	104	mode_t old_mask;
	105
	106	/* Create parents */
d2e54fae	107	mkdir_parents_label(a->sockaddr.un.sun_path, directory_mode);
cc527a47	108
175a3d25	109	/* Enforce the right access mode for the socket */
cc527a47 KS	110	old_mask = umask(~ socket_mode);
cc527a47 KS	111
cc56fafe	112	r = mac_selinux_bind(fd, &a->sockaddr.sa, a->size);
cc527a47 KS	113
	114	if (r < 0 && errno == EADDRINUSE) {
	115	/* Unlink and try again */
	116	unlink(a->sockaddr.un.sun_path);
	117	r = bind(fd, &a->sockaddr.sa, a->size);
	118	}
	119
	120	umask(old_mask);
	121	} else
	122	r = bind(fd, &a->sockaddr.sa, a->size);
	123
	124	if (r < 0)
175a3d25	125	return -errno;
cc527a47 KS	126
	127	if (socket_address_can_accept(a))
	128	if (listen(fd, backlog) < 0)
175a3d25	129	return -errno;
cc527a47	130
175a3d25 LP	131	r = fd;
175a3d25 LP	132	fd = -1;
cc527a47	133
cc527a47 KS	134	return r;
cc527a47 KS	135	}
e0aa3726 ZJS	136
	137	int make_socket_fd(int log_level, const char* address, int flags) {
	138	SocketAddress a;
	139	int fd, r;
	140
	141	r = socket_address_parse(&a, address);
	142	if (r < 0) {
1af719ed ZJS	143	log_error("Failed to parse socket address \"%s\": %s",
1af719ed ZJS	144	address, strerror(-r));
e0aa3726 ZJS	145	return r;
	146	}
	147
	148	fd = socket_address_listen(&a, flags, SOMAXCONN, SOCKET_ADDRESS_DEFAULT,
	149	NULL, false, false, 0755, 0644, NULL);
	150	if (fd < 0 \|\| log_get_max_level() >= log_level) {
c8b32e11	151	_cleanup_free_ char *p = NULL;
e0aa3726 ZJS	152
e0aa3726 ZJS	153	r = socket_address_print(&a, &p);
f647962d MS	154	if (r < 0)
f647962d MS	155	return log_error_errno(r, "socket_address_print(): %m");
e0aa3726 ZJS	156
e0aa3726 ZJS	157	if (fd < 0)
da927ba9	158	log_error_errno(fd, "Failed to listen on %s: %m", p);
e0aa3726 ZJS	159	else
	160	log_full(log_level, "Listening on %s", p);
	161	}
	162
	163	return fd;
	164	}