diff options
author | Dave Reisner <dreisner@archlinux.org> | 2012-11-05 12:50:19 -0500 |
---|---|---|
committer | Dave Reisner <dreisner@archlinux.org> | 2012-11-05 21:17:55 -0500 |
commit | aea54018a5e66a41318afb6c6be745b6aef48d9e (patch) | |
tree | a76adbe80c82522b3a15f2a46d6e4258905727d3 | |
parent | edca2e2348b314e2d892fe6f8ae276fdc223f014 (diff) |
Implement SocketUser= and SocketGroup= for [Socket]
Since we already allow defining the mode of AF_UNIX sockets and FIFO, it
makes sense to also allow specific user/group ownership of the socket
file for restricting access.
-rw-r--r-- | man/systemd.socket.xml | 24 | ||||
-rw-r--r-- | src/core/dbus-socket.c | 4 | ||||
-rw-r--r-- | src/core/load-fragment-gperf.gperf.m4 | 2 | ||||
-rw-r--r-- | src/core/socket.c | 67 | ||||
-rw-r--r-- | src/core/socket.h | 2 | ||||
-rw-r--r-- | src/shared/socket-label.c | 1 |
6 files changed, 97 insertions, 3 deletions
diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml index 4b1fcc8b0c..dc0d78f0a2 100644 --- a/man/systemd.socket.xml +++ b/man/systemd.socket.xml @@ -358,6 +358,30 @@ </varlistentry> <varlistentry> + <term><varname>SocketUser=</varname></term> + <listitem><para>If listening on a file system + socket or FIFO, this option specifies the + user owner of the created socket. When + defining this, keep in mind that name + switch services for user name lookups may + not be available. It is advisable to use a + numeric UID for this + setting.</para></listitem> + </varlistentry> + + <varlistentry> + <term><varname>SocketGroup=</varname></term> + <listitem><para>If listening on a file system + socket or FIFO, this option specifies the + group owner of the created socket. When + defining this, keep in mind that name + switch services for group name lookups may + not be available. It is advisable to use a + numeric GID for this + setting.</para></listitem> + </varlistentry> + + <varlistentry> <term><varname>Accept=</varname></term> <listitem><para>Takes a boolean argument. If true, a service instance diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c index 095a031612..887c80eb89 100644 --- a/src/core/dbus-socket.c +++ b/src/core/dbus-socket.c @@ -43,6 +43,8 @@ " <property name=\"BindToDevice\" type=\"s\" access=\"read\"/>\n" \ " <property name=\"DirectoryMode\" type=\"u\" access=\"read\"/>\n" \ " <property name=\"SocketMode\" type=\"u\" access=\"read\"/>\n" \ + " <property name=\"SocketUser\" type=\"s\" access=\"read\"/>\n" \ + " <property name=\"SocketGroup\" type=\"s\" access=\"read\"/>\n" \ " <property name=\"Accept\" type=\"b\" access=\"read\"/>\n" \ " <property name=\"KeepAlive\" type=\"b\" access=\"read\"/>\n" \ " <property name=\"Priority\" type=\"i\" access=\"read\"/>\n" \ @@ -109,6 +111,8 @@ static const BusProperty bus_socket_properties[] = { { "BindToDevice", bus_property_append_string, "s", offsetof(Socket, bind_to_device), true }, { "DirectoryMode", bus_property_append_mode, "u", offsetof(Socket, directory_mode) }, { "SocketMode", bus_property_append_mode, "u", offsetof(Socket, socket_mode) }, + { "SocketUser", bus_property_append_string, "s", offsetof(Socket, socket_user), true }, + { "SocketGroup", bus_property_append_string, "s", offsetof(Socket, socket_group), true }, { "Accept", bus_property_append_bool, "b", offsetof(Socket, accept) }, { "KeepAlive", bus_property_append_bool, "b", offsetof(Socket, keep_alive) }, { "Priority", bus_property_append_int, "i", offsetof(Socket, priority) }, diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4 index 0c5ccebd73..b48e9e9f56 100644 --- a/src/core/load-fragment-gperf.gperf.m4 +++ b/src/core/load-fragment-gperf.gperf.m4 @@ -189,6 +189,8 @@ Socket.ExecStopPost, config_parse_exec, SOCKET_EXEC Socket.TimeoutSec, config_parse_usec, 0, offsetof(Socket, timeout_usec) Socket.DirectoryMode, config_parse_mode, 0, offsetof(Socket, directory_mode) Socket.SocketMode, config_parse_mode, 0, offsetof(Socket, socket_mode) +Socket.SocketUser, config_parse_string, 0, offsetof(Socket, socket_user) +Socket.SocketGroup, config_parse_string, 0, offsetof(Socket, socket_group) Socket.Accept, config_parse_bool, 0, offsetof(Socket, accept) Socket.MaxConnections, config_parse_unsigned, 0, offsetof(Socket, max_connections) Socket.KeepAlive, config_parse_bool, 0, offsetof(Socket, keep_alive) diff --git a/src/core/socket.c b/src/core/socket.c index c0959815c1..f3f09cac43 100644 --- a/src/core/socket.c +++ b/src/core/socket.c @@ -136,6 +136,12 @@ static void socket_done(Unit *u) { free(s->smack_ip_in); free(s->smack_ip_out); + free(s->socket_user); + s->socket_user = NULL; + + free(s->socket_group); + s->socket_group = NULL; + unit_unwatch_timer(u, &s->timer_watch); } @@ -449,6 +455,16 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) { prefix, yes_no(s->pass_sec), prefix, strna(s->tcp_congestion)); + if (s->socket_user) + fprintf(f, + "SocketUser: %s\n", + s->socket_user); + + if (s->socket_group) + fprintf(f, + "SocketGroup: %s\n", + s->socket_group); + if (s->control_pid > 0) fprintf(f, "%sControl PID: %lu\n", @@ -692,6 +708,9 @@ static void socket_close_fds(Socket *s) { } static void socket_apply_socket_options(Socket *s, int fd) { + uid_t uid = 0; + gid_t gid = 0; + assert(s); assert(fd >= 0); @@ -775,6 +794,21 @@ static void socket_apply_socket_options(Socket *s, int fd) { if (s->smack_ip_out) if (fsetxattr(fd, "security.SMACK64IPOUT", s->smack_ip_out, strlen(s->smack_ip_out), 0) < 0) log_error("fsetxattr(\"security.SMACK64IPOUT\"): %m"); + + if (s->socket_user && + get_user_creds((const char **)&s->socket_user, &uid, + NULL, NULL, NULL) < 0) { + log_warning("failed to lookup user: %s", s->socket_user); + } + + if (s->socket_group && + get_group_creds((const char **)&s->socket_group, &gid) < 0) { + log_warning("failed to lookup group: %s", s->socket_group); + } + + if ((uid != 0 || gid != 0) && fchown(fd, uid, gid) < 0) { + log_warning("failed to change ownership of socket"); + } } static void socket_apply_fifo_options(Socket *s, int fd) { @@ -794,11 +828,15 @@ static int fifo_address_create( const char *path, mode_t directory_mode, mode_t socket_mode, + const char *socket_user, + const char *socket_group, int *_fd) { int fd = -1, r = 0; struct stat st; mode_t old_mask; + uid_t uid = 0; + gid_t gid = 0; assert(path); assert(_fd); @@ -823,7 +861,8 @@ static int fifo_address_create( goto fail; } - if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) { + fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW); + if (fd < 0) { r = -errno; goto fail; } @@ -835,15 +874,35 @@ static int fifo_address_create( goto fail; } + if (socket_user && + get_user_creds(&socket_user, &uid, NULL, NULL, NULL) < 0) { + r = -errno; + log_error("failed to lookup user: %s", socket_user); + goto fail; + } + + if (socket_group && + get_group_creds(&socket_group, &gid) < 0) { + r = -errno; + log_error("failed to lookup group: %s", socket_group); + goto fail; + } + if (!S_ISFIFO(st.st_mode) || (st.st_mode & 0777) != (socket_mode & ~old_mask) || - st.st_uid != getuid() || - st.st_gid != getgid()) { + st.st_uid != uid || + st.st_gid != gid) { r = -EEXIST; goto fail; } + if ((uid != 0 || gid != 0) && fchown(fd, uid, gid) < 0) { + r = -errno; + log_error("failed to changed ownership of FIFO: %s", path); + goto fail; + } + *_fd = fd; return 0; @@ -1013,6 +1072,8 @@ static int socket_open_fds(Socket *s) { p->path, s->directory_mode, s->socket_mode, + s->socket_user, + s->socket_group, &p->fd)) < 0) goto rollback; diff --git a/src/core/socket.h b/src/core/socket.h index f099520dce..a273ac2740 100644 --- a/src/core/socket.h +++ b/src/core/socket.h @@ -118,6 +118,8 @@ struct Socket { mode_t directory_mode; mode_t socket_mode; + char *socket_user; + char *socket_group; SocketResult result; diff --git a/src/shared/socket-label.c b/src/shared/socket-label.c index ff212de825..d105a66fe8 100644 --- a/src/shared/socket-label.c +++ b/src/shared/socket-label.c @@ -52,6 +52,7 @@ int socket_address_listen( int *ret) { int r, fd, one; + assert(a); assert(ret); |