From: Julia Kartseva Date: Wed, 23 Jun 2021 23:37:53 +0000 (-0700) Subject: dbus: extend SocketBind{Allow|Deny}= with ip proto X-Git-Tag: v249-rc3~23^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=60477eb98a18383b2369d1d3d55c9963fa8ccb31;p=thirdparty%2Fsystemd.git dbus: extend SocketBind{Allow|Deny}= with ip proto --- diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c index 9f20d547cb2..84c3caf3a5b 100644 --- a/src/core/dbus-cgroup.c +++ b/src/core/dbus-cgroup.c @@ -15,6 +15,7 @@ #include "errno-util.h" #include "fd-util.h" #include "fileio.h" +#include "ip-protocol-list.h" #include "limits-util.h" #include "parse-util.h" #include "path-util.h" @@ -1895,8 +1896,8 @@ int bus_cgroup_set_property( if (!IN_SET(family, AF_UNSPEC, AF_INET, AF_INET6)) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects INET or INET6 family, if specified.", name); - if (ip_protocol != 0) - return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects ip protocol equals to 0, for the time being.", name); + if (!IN_SET(ip_protocol, 0, IPPROTO_TCP, IPPROTO_UDP)) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects TCP or UDP protocol, if specified.", name); if (port_min + (uint32_t) nr_ports > (1 << 16)) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects maximum port value lesser than 65536.", name); diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c index 4c9fb305e41..31a6c63f0c9 100644 --- a/src/shared/bus-unit-util.c +++ b/src/shared/bus-unit-util.c @@ -27,6 +27,7 @@ #include "mountpoint-util.h" #include "nsflags.h" #include "numa-util.h" +#include "parse-socket-bind-item.h" #include "parse-util.h" #include "path-util.h" #include "percent-util.h" @@ -868,42 +869,17 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons if (isempty(eq)) r = sd_bus_message_append(m, "(sv)", field, "a(iiqq)", 0); else { - /* No ip protocol specified for now. */ - int32_t family = AF_UNSPEC, ip_protocol = 0; - const char *address_family, *user_port; - _cleanup_free_ char *word = NULL; + int32_t family, ip_protocol; + uint16_t nr_ports, port_min; - r = extract_first_word(&eq, &word, ":", 0); + r = parse_socket_bind_item(eq, &family, &ip_protocol, &nr_ports, &port_min); if (r == -ENOMEM) return log_oom(); if (r < 0) - return log_error_errno(r, "Failed to parse %s: %m", field); - - address_family = eq ? word : NULL; - if (address_family) { - family = af_from_ipv4_ipv6(address_family); - if (family == AF_UNSPEC) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Only \"ipv4\" and \"ipv6\" protocols are supported"); - } + return log_error_errno(r, "Failed to parse %s", field); - user_port = eq ? eq : word; - if (streq(user_port, "any")) { - r = sd_bus_message_append(m, "(sv)", field, "a(iiqq)", 1, family, ip_protocol, 0, 0); - if (r < 0) - return bus_log_create_error(r); - } else { - uint16_t port_min, port_max; - - r = parse_ip_port_range(user_port, &port_min, &port_max); - if (r == -ENOMEM) - return log_oom(); - if (r < 0) - return log_error_errno(r, "Invalid port or port range: %s", user_port); - - r = sd_bus_message_append( - m, "(sv)", field, "a(iiqq)", 1, family, ip_protocol, port_max - port_min + 1, port_min); - } + r = sd_bus_message_append( + m, "(sv)", field, "a(iiqq)", 1, family, ip_protocol, nr_ports, port_min); } if (r < 0) return bus_log_create_error(r); diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c index 178270b4b0a..470ff617d60 100644 --- a/src/systemctl/systemctl-show.c +++ b/src/systemctl/systemctl-show.c @@ -17,6 +17,7 @@ #include "hexdecoct.h" #include "hostname-util.h" #include "in-addr-util.h" +#include "ip-protocol-list.h" #include "journal-file.h" #include "list.h" #include "locale-util.h" @@ -1718,19 +1719,27 @@ static int print_property(const char *name, const char *expected_value, sd_bus_m if (r < 0) return bus_log_parse_error(r); while ((r = sd_bus_message_read(m, "(iiqq)", &af, &ip_protocol, &nr_ports, &port_min)) > 0) { - const char *family, *colon; + const char *family, *colon1, *protocol = "", *colon2 = ""; family = strempty(af_to_ipv4_ipv6(af)); - colon = isempty(family) ? "" : ":"; + colon1 = isempty(family) ? "" : ":"; + + if (ip_protocol != 0) { + protocol = ip_protocol_to_tcp_udp(ip_protocol); + colon2 = ""; + } if (nr_ports == 0) - bus_print_property_valuef(name, expected_value, flags, "%s%sany", family, colon); + bus_print_property_valuef(name, expected_value, flags, "%s%s%s%sany", + family, colon1, protocol, colon2); else if (nr_ports == 1) bus_print_property_valuef( - name, expected_value, flags, "%s%s%hu", family, colon, port_min); + name, expected_value, flags, "%s%s%s%s%hu", + family, colon1, protocol, colon2, port_min); else bus_print_property_valuef( - name, expected_value, flags, "%s%s%hu-%hu", family, colon, port_min, + name, expected_value, flags, "%s%s%s%s%hu-%hu", + family, colon1, protocol, colon2, port_min, (uint16_t) (port_min + nr_ports - 1)); } if (r < 0)