summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDave Reisner <dreisner@archlinux.org>2012-11-05 12:50:19 -0500
committerDave Reisner <dreisner@archlinux.org>2012-11-05 21:17:55 -0500
commitaea54018a5e66a41318afb6c6be745b6aef48d9e (patch)
treea76adbe80c82522b3a15f2a46d6e4258905727d3
parentedca2e2348b314e2d892fe6f8ae276fdc223f014 (diff)
Implement SocketUser= and SocketGroup= for [Socket]
Since we already allow defining the mode of AF_UNIX sockets and FIFO, it makes sense to also allow specific user/group ownership of the socket file for restricting access.
-rw-r--r--man/systemd.socket.xml24
-rw-r--r--src/core/dbus-socket.c4
-rw-r--r--src/core/load-fragment-gperf.gperf.m42
-rw-r--r--src/core/socket.c67
-rw-r--r--src/core/socket.h2
-rw-r--r--src/shared/socket-label.c1
6 files changed, 97 insertions, 3 deletions
diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml
index 4b1fcc8b0c..dc0d78f0a2 100644
--- a/man/systemd.socket.xml
+++ b/man/systemd.socket.xml
@@ -358,6 +358,30 @@
</varlistentry>
<varlistentry>
+ <term><varname>SocketUser=</varname></term>
+ <listitem><para>If listening on a file system
+ socket or FIFO, this option specifies the
+ user owner of the created socket. When
+ defining this, keep in mind that name
+ switch services for user name lookups may
+ not be available. It is advisable to use a
+ numeric UID for this
+ setting.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>SocketGroup=</varname></term>
+ <listitem><para>If listening on a file system
+ socket or FIFO, this option specifies the
+ group owner of the created socket. When
+ defining this, keep in mind that name
+ switch services for group name lookups may
+ not be available. It is advisable to use a
+ numeric GID for this
+ setting.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><varname>Accept=</varname></term>
<listitem><para>Takes a boolean
argument. If true, a service instance
diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c
index 095a031612..887c80eb89 100644
--- a/src/core/dbus-socket.c
+++ b/src/core/dbus-socket.c
@@ -43,6 +43,8 @@
" <property name=\"BindToDevice\" type=\"s\" access=\"read\"/>\n" \
" <property name=\"DirectoryMode\" type=\"u\" access=\"read\"/>\n" \
" <property name=\"SocketMode\" type=\"u\" access=\"read\"/>\n" \
+ " <property name=\"SocketUser\" type=\"s\" access=\"read\"/>\n" \
+ " <property name=\"SocketGroup\" type=\"s\" access=\"read\"/>\n" \
" <property name=\"Accept\" type=\"b\" access=\"read\"/>\n" \
" <property name=\"KeepAlive\" type=\"b\" access=\"read\"/>\n" \
" <property name=\"Priority\" type=\"i\" access=\"read\"/>\n" \
@@ -109,6 +111,8 @@ static const BusProperty bus_socket_properties[] = {
{ "BindToDevice", bus_property_append_string, "s", offsetof(Socket, bind_to_device), true },
{ "DirectoryMode", bus_property_append_mode, "u", offsetof(Socket, directory_mode) },
{ "SocketMode", bus_property_append_mode, "u", offsetof(Socket, socket_mode) },
+ { "SocketUser", bus_property_append_string, "s", offsetof(Socket, socket_user), true },
+ { "SocketGroup", bus_property_append_string, "s", offsetof(Socket, socket_group), true },
{ "Accept", bus_property_append_bool, "b", offsetof(Socket, accept) },
{ "KeepAlive", bus_property_append_bool, "b", offsetof(Socket, keep_alive) },
{ "Priority", bus_property_append_int, "i", offsetof(Socket, priority) },
diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
index 0c5ccebd73..b48e9e9f56 100644
--- a/src/core/load-fragment-gperf.gperf.m4
+++ b/src/core/load-fragment-gperf.gperf.m4
@@ -189,6 +189,8 @@ Socket.ExecStopPost, config_parse_exec, SOCKET_EXEC
Socket.TimeoutSec, config_parse_usec, 0, offsetof(Socket, timeout_usec)
Socket.DirectoryMode, config_parse_mode, 0, offsetof(Socket, directory_mode)
Socket.SocketMode, config_parse_mode, 0, offsetof(Socket, socket_mode)
+Socket.SocketUser, config_parse_string, 0, offsetof(Socket, socket_user)
+Socket.SocketGroup, config_parse_string, 0, offsetof(Socket, socket_group)
Socket.Accept, config_parse_bool, 0, offsetof(Socket, accept)
Socket.MaxConnections, config_parse_unsigned, 0, offsetof(Socket, max_connections)
Socket.KeepAlive, config_parse_bool, 0, offsetof(Socket, keep_alive)
diff --git a/src/core/socket.c b/src/core/socket.c
index c0959815c1..f3f09cac43 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -136,6 +136,12 @@ static void socket_done(Unit *u) {
free(s->smack_ip_in);
free(s->smack_ip_out);
+ free(s->socket_user);
+ s->socket_user = NULL;
+
+ free(s->socket_group);
+ s->socket_group = NULL;
+
unit_unwatch_timer(u, &s->timer_watch);
}
@@ -449,6 +455,16 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
prefix, yes_no(s->pass_sec),
prefix, strna(s->tcp_congestion));
+ if (s->socket_user)
+ fprintf(f,
+ "SocketUser: %s\n",
+ s->socket_user);
+
+ if (s->socket_group)
+ fprintf(f,
+ "SocketGroup: %s\n",
+ s->socket_group);
+
if (s->control_pid > 0)
fprintf(f,
"%sControl PID: %lu\n",
@@ -692,6 +708,9 @@ static void socket_close_fds(Socket *s) {
}
static void socket_apply_socket_options(Socket *s, int fd) {
+ uid_t uid = 0;
+ gid_t gid = 0;
+
assert(s);
assert(fd >= 0);
@@ -775,6 +794,21 @@ static void socket_apply_socket_options(Socket *s, int fd) {
if (s->smack_ip_out)
if (fsetxattr(fd, "security.SMACK64IPOUT", s->smack_ip_out, strlen(s->smack_ip_out), 0) < 0)
log_error("fsetxattr(\"security.SMACK64IPOUT\"): %m");
+
+ if (s->socket_user &&
+ get_user_creds((const char **)&s->socket_user, &uid,
+ NULL, NULL, NULL) < 0) {
+ log_warning("failed to lookup user: %s", s->socket_user);
+ }
+
+ if (s->socket_group &&
+ get_group_creds((const char **)&s->socket_group, &gid) < 0) {
+ log_warning("failed to lookup group: %s", s->socket_group);
+ }
+
+ if ((uid != 0 || gid != 0) && fchown(fd, uid, gid) < 0) {
+ log_warning("failed to change ownership of socket");
+ }
}
static void socket_apply_fifo_options(Socket *s, int fd) {
@@ -794,11 +828,15 @@ static int fifo_address_create(
const char *path,
mode_t directory_mode,
mode_t socket_mode,
+ const char *socket_user,
+ const char *socket_group,
int *_fd) {
int fd = -1, r = 0;
struct stat st;
mode_t old_mask;
+ uid_t uid = 0;
+ gid_t gid = 0;
assert(path);
assert(_fd);
@@ -823,7 +861,8 @@ static int fifo_address_create(
goto fail;
}
- if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
+ fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
+ if (fd < 0) {
r = -errno;
goto fail;
}
@@ -835,15 +874,35 @@ static int fifo_address_create(
goto fail;
}
+ if (socket_user &&
+ get_user_creds(&socket_user, &uid, NULL, NULL, NULL) < 0) {
+ r = -errno;
+ log_error("failed to lookup user: %s", socket_user);
+ goto fail;
+ }
+
+ if (socket_group &&
+ get_group_creds(&socket_group, &gid) < 0) {
+ r = -errno;
+ log_error("failed to lookup group: %s", socket_group);
+ goto fail;
+ }
+
if (!S_ISFIFO(st.st_mode) ||
(st.st_mode & 0777) != (socket_mode & ~old_mask) ||
- st.st_uid != getuid() ||
- st.st_gid != getgid()) {
+ st.st_uid != uid ||
+ st.st_gid != gid) {
r = -EEXIST;
goto fail;
}
+ if ((uid != 0 || gid != 0) && fchown(fd, uid, gid) < 0) {
+ r = -errno;
+ log_error("failed to changed ownership of FIFO: %s", path);
+ goto fail;
+ }
+
*_fd = fd;
return 0;
@@ -1013,6 +1072,8 @@ static int socket_open_fds(Socket *s) {
p->path,
s->directory_mode,
s->socket_mode,
+ s->socket_user,
+ s->socket_group,
&p->fd)) < 0)
goto rollback;
diff --git a/src/core/socket.h b/src/core/socket.h
index f099520dce..a273ac2740 100644
--- a/src/core/socket.h
+++ b/src/core/socket.h
@@ -118,6 +118,8 @@ struct Socket {
mode_t directory_mode;
mode_t socket_mode;
+ char *socket_user;
+ char *socket_group;
SocketResult result;
diff --git a/src/shared/socket-label.c b/src/shared/socket-label.c
index ff212de825..d105a66fe8 100644
--- a/src/shared/socket-label.c
+++ b/src/shared/socket-label.c
@@ -52,6 +52,7 @@ int socket_address_listen(
int *ret) {
int r, fd, one;
+
assert(a);
assert(ret);