]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/shared/socket-util.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
rename basic.la to shared.la and put selinux deps in shared-selinx.la
[thirdparty/systemd.git] / src / shared / socket-util.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <assert.h>
23 #include <string.h>
24 #include <unistd.h>
25 #include <errno.h>
26 #include <stdlib.h>
27 #include <arpa/inet.h>
28 #include <stdio.h>
29 #include <net/if.h>
30 #include <sys/types.h>
31 #include <sys/stat.h>
32 #include <stddef.h>
33 #include <sys/ioctl.h>
34
35 #include "macro.h"
36 #include "util.h"
37 #include "mkdir.h"
38 #include "socket-util.h"
39 #include "missing.h"
40 #include "label.h"
41
42 int socket_address_parse(SocketAddress *a, const char *s) {
43 int r;
44 char *e, *n;
45 unsigned u;
46
47 assert(a);
48 assert(s);
49
50 zero(*a);
51 a->type = SOCK_STREAM;
52
53 if (*s == '[') {
54 /* IPv6 in [x:.....:z]:p notation */
55
56 if (!socket_ipv6_is_supported()) {
57 log_warning("Binding to IPv6 address not available since kernel does not support IPv6.");
58 return -EAFNOSUPPORT;
59 }
60
61 if (!(e = strchr(s+1, ']')))
62 return -EINVAL;
63
64 if (!(n = strndup(s+1, e-s-1)))
65 return -ENOMEM;
66
67 errno = 0;
68 if (inet_pton(AF_INET6, n, &a->sockaddr.in6.sin6_addr) <= 0) {
69 free(n);
70 return errno != 0 ? -errno : -EINVAL;
71 }
72
73 free(n);
74
75 e++;
76 if (*e != ':')
77 return -EINVAL;
78
79 e++;
80 if ((r = safe_atou(e, &u)) < 0)
81 return r;
82
83 if (u <= 0 || u > 0xFFFF)
84 return -EINVAL;
85
86 a->sockaddr.in6.sin6_family = AF_INET6;
87 a->sockaddr.in6.sin6_port = htons((uint16_t) u);
88 a->size = sizeof(struct sockaddr_in6);
89
90 } else if (*s == '/') {
91 /* AF_UNIX socket */
92
93 size_t l;
94
95 l = strlen(s);
96 if (l >= sizeof(a->sockaddr.un.sun_path))
97 return -EINVAL;
98
99 a->sockaddr.un.sun_family = AF_UNIX;
100 memcpy(a->sockaddr.un.sun_path, s, l);
101 a->size = offsetof(struct sockaddr_un, sun_path) + l + 1;
102
103 } else if (*s == '@') {
104 /* Abstract AF_UNIX socket */
105 size_t l;
106
107 l = strlen(s+1);
108 if (l >= sizeof(a->sockaddr.un.sun_path) - 1)
109 return -EINVAL;
110
111 a->sockaddr.un.sun_family = AF_UNIX;
112 memcpy(a->sockaddr.un.sun_path+1, s+1, l);
113 a->size = offsetof(struct sockaddr_un, sun_path) + 1 + l;
114
115 } else {
116
117 if ((e = strchr(s, ':'))) {
118
119 if ((r = safe_atou(e+1, &u)) < 0)
120 return r;
121
122 if (u <= 0 || u > 0xFFFF)
123 return -EINVAL;
124
125 if (!(n = strndup(s, e-s)))
126 return -ENOMEM;
127
128 /* IPv4 in w.x.y.z:p notation? */
129 if ((r = inet_pton(AF_INET, n, &a->sockaddr.in4.sin_addr)) < 0) {
130 free(n);
131 return -errno;
132 }
133
134 if (r > 0) {
135 /* Gotcha, it's a traditional IPv4 address */
136 free(n);
137
138 a->sockaddr.in4.sin_family = AF_INET;
139 a->sockaddr.in4.sin_port = htons((uint16_t) u);
140 a->size = sizeof(struct sockaddr_in);
141 } else {
142 unsigned idx;
143
144 if (strlen(n) > IF_NAMESIZE-1) {
145 free(n);
146 return -EINVAL;
147 }
148
149 /* Uh, our last resort, an interface name */
150 idx = if_nametoindex(n);
151 free(n);
152
153 if (idx == 0)
154 return -EINVAL;
155
156 if (!socket_ipv6_is_supported()) {
157 log_warning("Binding to interface is not available since kernel does not support IPv6.");
158 return -EAFNOSUPPORT;
159 }
160
161 a->sockaddr.in6.sin6_family = AF_INET6;
162 a->sockaddr.in6.sin6_port = htons((uint16_t) u);
163 a->sockaddr.in6.sin6_scope_id = idx;
164 a->sockaddr.in6.sin6_addr = in6addr_any;
165 a->size = sizeof(struct sockaddr_in6);
166 }
167 } else {
168
169 /* Just a port */
170 if ((r = safe_atou(s, &u)) < 0)
171 return r;
172
173 if (u <= 0 || u > 0xFFFF)
174 return -EINVAL;
175
176 if (socket_ipv6_is_supported()) {
177 a->sockaddr.in6.sin6_family = AF_INET6;
178 a->sockaddr.in6.sin6_port = htons((uint16_t) u);
179 a->sockaddr.in6.sin6_addr = in6addr_any;
180 a->size = sizeof(struct sockaddr_in6);
181 } else {
182 a->sockaddr.in4.sin_family = AF_INET;
183 a->sockaddr.in4.sin_port = htons((uint16_t) u);
184 a->sockaddr.in4.sin_addr.s_addr = INADDR_ANY;
185 a->size = sizeof(struct sockaddr_in);
186 }
187 }
188 }
189
190 return 0;
191 }
192
193 int socket_address_parse_netlink(SocketAddress *a, const char *s) {
194 int family;
195 unsigned group = 0;
196 char* sfamily = NULL;
197 assert(a);
198 assert(s);
199
200 zero(*a);
201 a->type = SOCK_RAW;
202
203 errno = 0;
204 if (sscanf(s, "%ms %u", &sfamily, &group) < 1)
205 return errno ? -errno : -EINVAL;
206
207 if ((family = netlink_family_from_string(sfamily)) < 0)
208 if (safe_atoi(sfamily, &family) < 0) {
209 free(sfamily);
210 return -EINVAL;
211 }
212
213 free(sfamily);
214
215 a->sockaddr.nl.nl_family = AF_NETLINK;
216 a->sockaddr.nl.nl_groups = group;
217
218 a->type = SOCK_RAW;
219 a->size = sizeof(struct sockaddr_nl);
220 a->protocol = family;
221
222 return 0;
223 }
224
225 int socket_address_verify(const SocketAddress *a) {
226 assert(a);
227
228 switch (socket_address_family(a)) {
229
230 case AF_INET:
231 if (a->size != sizeof(struct sockaddr_in))
232 return -EINVAL;
233
234 if (a->sockaddr.in4.sin_port == 0)
235 return -EINVAL;
236
237 if (a->type != SOCK_STREAM && a->type != SOCK_DGRAM)
238 return -EINVAL;
239
240 return 0;
241
242 case AF_INET6:
243 if (a->size != sizeof(struct sockaddr_in6))
244 return -EINVAL;
245
246 if (a->sockaddr.in6.sin6_port == 0)
247 return -EINVAL;
248
249 if (a->type != SOCK_STREAM && a->type != SOCK_DGRAM)
250 return -EINVAL;
251
252 return 0;
253
254 case AF_UNIX:
255 if (a->size < offsetof(struct sockaddr_un, sun_path))
256 return -EINVAL;
257
258 if (a->size > offsetof(struct sockaddr_un, sun_path)) {
259
260 if (a->sockaddr.un.sun_path[0] != 0) {
261 char *e;
262
263 /* path */
264 if (!(e = memchr(a->sockaddr.un.sun_path, 0, sizeof(a->sockaddr.un.sun_path))))
265 return -EINVAL;
266
267 if (a->size != offsetof(struct sockaddr_un, sun_path) + (e - a->sockaddr.un.sun_path) + 1)
268 return -EINVAL;
269 }
270 }
271
272 if (a->type != SOCK_STREAM && a->type != SOCK_DGRAM && a->type != SOCK_SEQPACKET)
273 return -EINVAL;
274
275 return 0;
276
277 case AF_NETLINK:
278
279 if (a->size != sizeof(struct sockaddr_nl))
280 return -EINVAL;
281
282 if (a->type != SOCK_RAW && a->type != SOCK_DGRAM)
283 return -EINVAL;
284
285 return 0;
286
287 default:
288 return -EAFNOSUPPORT;
289 }
290 }
291
292 int socket_address_print(const SocketAddress *a, char **p) {
293 int r;
294 assert(a);
295 assert(p);
296
297 if ((r = socket_address_verify(a)) < 0)
298 return r;
299
300 switch (socket_address_family(a)) {
301
302 case AF_INET: {
303 char *ret;
304
305 if (!(ret = new(char, INET_ADDRSTRLEN+1+5+1)))
306 return -ENOMEM;
307
308 if (!inet_ntop(AF_INET, &a->sockaddr.in4.sin_addr, ret, INET_ADDRSTRLEN)) {
309 free(ret);
310 return -errno;
311 }
312
313 sprintf(strchr(ret, 0), ":%u", ntohs(a->sockaddr.in4.sin_port));
314 *p = ret;
315 return 0;
316 }
317
318 case AF_INET6: {
319 char *ret;
320
321 if (!(ret = new(char, 1+INET6_ADDRSTRLEN+2+5+1)))
322 return -ENOMEM;
323
324 ret[0] = '[';
325 if (!inet_ntop(AF_INET6, &a->sockaddr.in6.sin6_addr, ret+1, INET6_ADDRSTRLEN)) {
326 free(ret);
327 return -errno;
328 }
329
330 sprintf(strchr(ret, 0), "]:%u", ntohs(a->sockaddr.in6.sin6_port));
331 *p = ret;
332 return 0;
333 }
334
335 case AF_UNIX: {
336 char *ret;
337
338 if (a->size <= offsetof(struct sockaddr_un, sun_path)) {
339
340 if (!(ret = strdup("<unnamed>")))
341 return -ENOMEM;
342
343 } else if (a->sockaddr.un.sun_path[0] == 0) {
344 /* abstract */
345
346 /* FIXME: We assume we can print the
347 * socket path here and that it hasn't
348 * more than one NUL byte. That is
349 * actually an invalid assumption */
350
351 if (!(ret = new(char, sizeof(a->sockaddr.un.sun_path)+1)))
352 return -ENOMEM;
353
354 ret[0] = '@';
355 memcpy(ret+1, a->sockaddr.un.sun_path+1, sizeof(a->sockaddr.un.sun_path)-1);
356 ret[sizeof(a->sockaddr.un.sun_path)] = 0;
357
358 } else {
359
360 if (!(ret = strdup(a->sockaddr.un.sun_path)))
361 return -ENOMEM;
362 }
363
364 *p = ret;
365 return 0;
366 }
367
368 case AF_NETLINK: {
369 const char *sfamily;
370
371 if ((sfamily = netlink_family_to_string(a->protocol)))
372 r = asprintf(p, "%s %u", sfamily, a->sockaddr.nl.nl_groups);
373 else
374 r = asprintf(p, "%i %u", a->protocol, a->sockaddr.nl.nl_groups);
375
376 if (r < 0)
377 return -ENOMEM;
378
379 return 0;
380 }
381
382 default:
383 return -EINVAL;
384 }
385 }
386
387 int socket_address_listen(
388 const SocketAddress *a,
389 int backlog,
390 SocketAddressBindIPv6Only only,
391 const char *bind_to_device,
392 bool free_bind,
393 bool transparent,
394 mode_t directory_mode,
395 mode_t socket_mode,
396 const char *label,
397 int *ret) {
398
399 int r, fd, one;
400 assert(a);
401 assert(ret);
402
403 if ((r = socket_address_verify(a)) < 0)
404 return r;
405
406 if (socket_address_family(a) == AF_INET6 && !socket_ipv6_is_supported())
407 return -EAFNOSUPPORT;
408
409 r = label_socket_set(label);
410 if (r < 0)
411 return r;
412
413 fd = socket(socket_address_family(a), a->type | SOCK_NONBLOCK | SOCK_CLOEXEC, a->protocol);
414 r = fd < 0 ? -errno : 0;
415
416 label_socket_clear();
417
418 if (r < 0)
419 return r;
420
421 if (socket_address_family(a) == AF_INET6 && only != SOCKET_ADDRESS_DEFAULT) {
422 int flag = only == SOCKET_ADDRESS_IPV6_ONLY;
423
424 if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &flag, sizeof(flag)) < 0)
425 goto fail;
426 }
427
428 if (socket_address_family(a) == AF_INET || socket_address_family(a) == AF_INET6) {
429 if (bind_to_device)
430 if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, bind_to_device, strlen(bind_to_device)+1) < 0)
431 goto fail;
432
433 if (free_bind) {
434 one = 1;
435 if (setsockopt(fd, IPPROTO_IP, IP_FREEBIND, &one, sizeof(one)) < 0)
436 log_warning("IP_FREEBIND failed: %m");
437 }
438
439 if (transparent) {
440 one = 1;
441 if (setsockopt(fd, IPPROTO_IP, IP_TRANSPARENT, &one, sizeof(one)) < 0)
442 log_warning("IP_TRANSPARENT failed: %m");
443 }
444 }
445
446 one = 1;
447 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)) < 0)
448 goto fail;
449
450 if (socket_address_family(a) == AF_UNIX && a->sockaddr.un.sun_path[0] != 0) {
451 mode_t old_mask;
452
453 /* Create parents */
454 mkdir_parents(a->sockaddr.un.sun_path, directory_mode);
455
456 /* Enforce the right access mode for the socket*/
457 old_mask = umask(~ socket_mode);
458
459 /* Include the original umask in our mask */
460 umask(~socket_mode | old_mask);
461
462 r = label_bind(fd, &a->sockaddr.sa, a->size);
463
464 if (r < 0 && errno == EADDRINUSE) {
465 /* Unlink and try again */
466 unlink(a->sockaddr.un.sun_path);
467 r = bind(fd, &a->sockaddr.sa, a->size);
468 }
469
470 umask(old_mask);
471 } else
472 r = bind(fd, &a->sockaddr.sa, a->size);
473
474 if (r < 0)
475 goto fail;
476
477 if (socket_address_can_accept(a))
478 if (listen(fd, backlog) < 0)
479 goto fail;
480
481 *ret = fd;
482 return 0;
483
484 fail:
485 r = -errno;
486 close_nointr_nofail(fd);
487 return r;
488 }
489
490 bool socket_address_can_accept(const SocketAddress *a) {
491 assert(a);
492
493 return
494 a->type == SOCK_STREAM ||
495 a->type == SOCK_SEQPACKET;
496 }
497
498 bool socket_address_equal(const SocketAddress *a, const SocketAddress *b) {
499 assert(a);
500 assert(b);
501
502 /* Invalid addresses are unequal to all */
503 if (socket_address_verify(a) < 0 ||
504 socket_address_verify(b) < 0)
505 return false;
506
507 if (a->type != b->type)
508 return false;
509
510 if (a->size != b->size)
511 return false;
512
513 if (socket_address_family(a) != socket_address_family(b))
514 return false;
515
516 switch (socket_address_family(a)) {
517
518 case AF_INET:
519 if (a->sockaddr.in4.sin_addr.s_addr != b->sockaddr.in4.sin_addr.s_addr)
520 return false;
521
522 if (a->sockaddr.in4.sin_port != b->sockaddr.in4.sin_port)
523 return false;
524
525 break;
526
527 case AF_INET6:
528 if (memcmp(&a->sockaddr.in6.sin6_addr, &b->sockaddr.in6.sin6_addr, sizeof(a->sockaddr.in6.sin6_addr)) != 0)
529 return false;
530
531 if (a->sockaddr.in6.sin6_port != b->sockaddr.in6.sin6_port)
532 return false;
533
534 break;
535
536 case AF_UNIX:
537
538 if ((a->sockaddr.un.sun_path[0] == 0) != (b->sockaddr.un.sun_path[0] == 0))
539 return false;
540
541 if (a->sockaddr.un.sun_path[0]) {
542 if (strncmp(a->sockaddr.un.sun_path, b->sockaddr.un.sun_path, sizeof(a->sockaddr.un.sun_path)) != 0)
543 return false;
544 } else {
545 if (memcmp(a->sockaddr.un.sun_path, b->sockaddr.un.sun_path, a->size) != 0)
546 return false;
547 }
548
549 break;
550
551 case AF_NETLINK:
552
553 if (a->protocol != b->protocol)
554 return false;
555
556 if (a->sockaddr.nl.nl_groups != b->sockaddr.nl.nl_groups)
557 return false;
558
559 break;
560
561 default:
562 /* Cannot compare, so we assume the addresses are different */
563 return false;
564 }
565
566 return true;
567 }
568
569 bool socket_address_is(const SocketAddress *a, const char *s, int type) {
570 struct SocketAddress b;
571
572 assert(a);
573 assert(s);
574
575 if (socket_address_parse(&b, s) < 0)
576 return false;
577
578 b.type = type;
579
580 return socket_address_equal(a, &b);
581 }
582
583 bool socket_address_is_netlink(const SocketAddress *a, const char *s) {
584 struct SocketAddress b;
585
586 assert(a);
587 assert(s);
588
589 if (socket_address_parse_netlink(&b, s) < 0)
590 return false;
591
592 return socket_address_equal(a, &b);
593 }
594
595 bool socket_address_needs_mount(const SocketAddress *a, const char *prefix) {
596 assert(a);
597
598 if (socket_address_family(a) != AF_UNIX)
599 return false;
600
601 if (a->sockaddr.un.sun_path[0] == 0)
602 return false;
603
604 return path_startswith(a->sockaddr.un.sun_path, prefix);
605 }
606
607 bool socket_ipv6_is_supported(void) {
608 char *l = 0;
609 bool enabled;
610
611 if (access("/sys/module/ipv6", F_OK) != 0)
612 return 0;
613
614 /* If we can't check "disable" parameter, assume enabled */
615 if (read_one_line_file("/sys/module/ipv6/parameters/disable", &l) < 0)
616 return 1;
617
618 /* If module was loaded with disable=1 no IPv6 available */
619 enabled = l[0] == '0';
620 free(l);
621
622 return enabled;
623 }
624
625 static const char* const netlink_family_table[] = {
626 [NETLINK_ROUTE] = "route",
627 [NETLINK_FIREWALL] = "firewall",
628 [NETLINK_INET_DIAG] = "inet-diag",
629 [NETLINK_NFLOG] = "nflog",
630 [NETLINK_XFRM] = "xfrm",
631 [NETLINK_SELINUX] = "selinux",
632 [NETLINK_ISCSI] = "iscsi",
633 [NETLINK_AUDIT] = "audit",
634 [NETLINK_FIB_LOOKUP] = "fib-lookup",
635 [NETLINK_CONNECTOR] = "connector",
636 [NETLINK_NETFILTER] = "netfilter",
637 [NETLINK_IP6_FW] = "ip6-fw",
638 [NETLINK_DNRTMSG] = "dnrtmsg",
639 [NETLINK_KOBJECT_UEVENT] = "kobject-uevent",
640 [NETLINK_GENERIC] = "generic",
641 [NETLINK_SCSITRANSPORT] = "scsitransport",
642 [NETLINK_ECRYPTFS] = "ecryptfs"
643 };
644
645 DEFINE_STRING_TABLE_LOOKUP(netlink_family, int);
646
647 static const char* const socket_address_bind_ipv6_only_table[_SOCKET_ADDRESS_BIND_IPV6_ONLY_MAX] = {
648 [SOCKET_ADDRESS_DEFAULT] = "default",
649 [SOCKET_ADDRESS_BOTH] = "both",
650 [SOCKET_ADDRESS_IPV6_ONLY] = "ipv6-only"
651 };
652
653 DEFINE_STRING_TABLE_LOOKUP(socket_address_bind_ipv6_only, SocketAddressBindIPv6Only);
Unnamed repository; edit this file 'description' to name the repository.