diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/dbus-socket.c | 2 | ||||
-rw-r--r-- | src/load-fragment.c | 1 | ||||
-rw-r--r-- | src/logger.c | 6 | ||||
-rw-r--r-- | src/socket.c | 15 | ||||
-rw-r--r-- | src/socket.h | 2 | ||||
-rw-r--r-- | src/tcpwrap.c | 66 | ||||
-rw-r--r-- | src/tcpwrap.h | 29 |
7 files changed, 121 insertions, 0 deletions
diff --git a/src/dbus-socket.c b/src/dbus-socket.c index 426af2b4cf..fa84191140 100644 --- a/src/dbus-socket.c +++ b/src/dbus-socket.c @@ -37,6 +37,7 @@ " <property name=\"DirectoryMode\" type=\"u\" access=\"read\"/>\n" \ " <property name=\"SocketMode\" type=\"u\" access=\"read\"/>\n" \ " <property name=\"Accept\" type=\"b\" access=\"read\"/>\n" \ + " <property name=\"TCPWrapName\" type=\"s\" access=\"read\"/>\n" \ " </interface>\n" \ #define INTROSPECTION \ @@ -66,6 +67,7 @@ DBusHandlerResult bus_socket_message_handler(Unit *u, DBusMessage *message) { { "org.freedesktop.systemd1.Socket", "DirectoryMode", bus_property_append_mode, "u", &u->socket.directory_mode }, { "org.freedesktop.systemd1.Socket", "SocketMode", bus_property_append_mode, "u", &u->socket.socket_mode }, { "org.freedesktop.systemd1.Socket", "Accept", bus_property_append_bool, "b", &u->socket.accept }, + { "org.freedesktop.systemd1.Socket", "TCPWrapName", bus_property_append_string, "s", u->socket.tcpwrap_name }, { NULL, NULL, NULL, NULL, NULL } }; diff --git a/src/load-fragment.c b/src/load-fragment.c index cf1434eb1e..94a637541f 100644 --- a/src/load-fragment.c +++ b/src/load-fragment.c @@ -1444,6 +1444,7 @@ static int load_from_path(Unit *u, const char *path) { { "SocketMode", config_parse_mode, &u->socket.socket_mode, "Socket" }, { "KillMode", config_parse_kill_mode, &u->socket.kill_mode, "Socket" }, { "Accept", config_parse_bool, &u->socket.accept, "Socket" }, + { "TCPWrapName", config_parse_string, &u->socket.tcpwrap_name, "Socket" }, EXEC_CONTEXT_CONFIG_ITEMS(u->socket.exec_context, "Socket"), { "What", config_parse_string, &u->mount.parameters_fragment.what, "Mount" }, diff --git a/src/logger.c b/src/logger.c index 48eee6cd12..de4dfad386 100644 --- a/src/logger.c +++ b/src/logger.c @@ -36,6 +36,7 @@ #include "log.h" #include "list.h" #include "sd-daemon.h" +#include "tcpwrap.h" #define STREAM_BUFFER 2048 #define STREAMS_MAX 256 @@ -340,6 +341,11 @@ static int stream_new(Server *s, int server_fd) { return 0; } + if (!socket_tcpwrap(fd, "systemd-logger")) { + close_nointr_nofail(fd); + return 0; + } + if (!(stream = new0(Stream, 1))) { close_nointr_nofail(fd); return -ENOMEM; diff --git a/src/socket.c b/src/socket.c index 1852fe9375..71f1672027 100644 --- a/src/socket.c +++ b/src/socket.c @@ -36,6 +36,7 @@ #include "strv.h" #include "unit-name.h" #include "dbus-socket.h" +#include "tcpwrap.h" static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = { [SOCKET_DEAD] = UNIT_INACTIVE, @@ -107,6 +108,9 @@ static void socket_done(Unit *u) { free(s->bind_to_device); s->bind_to_device = NULL; + free(s->tcpwrap_name); + s->tcpwrap_name = NULL; + unit_unwatch_timer(u, &s->timer_watch); } @@ -305,6 +309,11 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) { "%sBindToDevice: %s\n", prefix, s->bind_to_device); + if (s->tcpwrap_name) + fprintf(f, + "%sTCPWrapName: %s\n", + prefix, s->tcpwrap_name); + if (s->accept) fprintf(f, "%sAccepted: %u\n", @@ -1212,6 +1221,12 @@ static void socket_fd_event(Unit *u, int fd, uint32_t events, Watch *w) { break; } + + if (s->tcpwrap_name) + if (!socket_tcpwrap(cfd, s->tcpwrap_name)) { + close_nointr_nofail(cfd); + return; + } } socket_enter_running(s, cfd); diff --git a/src/socket.h b/src/socket.h index 5a2cd06d9d..de3e913f7c 100644 --- a/src/socket.h +++ b/src/socket.h @@ -101,6 +101,8 @@ struct Socket { mode_t directory_mode; mode_t socket_mode; + char *tcpwrap_name; + bool accept; unsigned n_accepted; diff --git a/src/tcpwrap.c b/src/tcpwrap.c new file mode 100644 index 0000000000..579aad56e9 --- /dev/null +++ b/src/tcpwrap.c @@ -0,0 +1,66 @@ +/*-*- Mode: C; c-basic-offset: 8 -*-*/ + +/*** + This file is part of systemd. + + Copyright 2010 Lennart Poettering + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with systemd; If not, see <http://www.gnu.org/licenses/>. +***/ + +#include <sys/socket.h> +#include <sys/un.h> + +#ifdef HAVE_LIBWRAP +#include <tcpd.h> +#endif + +#include "tcpwrap.h" +#include "log.h" + +bool socket_tcpwrap(int fd, const char *name) { +#ifdef HAVE_LIBWRAP + struct request_info req; + union { + struct sockaddr sa; + struct sockaddr_in in; + struct sockaddr_in6 in6; + struct sockaddr_un un; + struct sockaddr_storage storage; + } sa_union; + socklen_t l = sizeof(sa_union); + + if (getsockname(fd, &sa_union.sa, &l) < 0) + return true; + + if (sa_union.sa.sa_family != AF_INET && + sa_union.sa.sa_family != AF_INET6) + return true; + + request_init(&req, + RQ_DAEMON, name, + RQ_FILE, fd, + NULL); + + fromhost(&req); + + if (!hosts_access(&req)) { + log_warning("Connection refused by tcpwrap."); + return false; + } + + log_debug("Connection accepted by tcpwrap."); +#endif + return true; +} diff --git a/src/tcpwrap.h b/src/tcpwrap.h new file mode 100644 index 0000000000..b47169610c --- /dev/null +++ b/src/tcpwrap.h @@ -0,0 +1,29 @@ +/*-*- Mode: C; c-basic-offset: 8 -*-*/ + +#ifndef foolibwraphfoo +#define foolibwraphfoo + +/*** + This file is part of systemd. + + Copyright 2010 Lennart Poettering + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with systemd; If not, see <http://www.gnu.org/licenses/>. +***/ + +#include <stdbool.h> + +bool socket_tcpwrap(int fd, const char *name); + +#endif |