summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/dbus-socket.c2
-rw-r--r--src/load-fragment.c1
-rw-r--r--src/logger.c6
-rw-r--r--src/socket.c15
-rw-r--r--src/socket.h2
-rw-r--r--src/tcpwrap.c66
-rw-r--r--src/tcpwrap.h29
7 files changed, 121 insertions, 0 deletions
diff --git a/src/dbus-socket.c b/src/dbus-socket.c
index 426af2b4cf..fa84191140 100644
--- a/src/dbus-socket.c
+++ b/src/dbus-socket.c
@@ -37,6 +37,7 @@
" <property name=\"DirectoryMode\" type=\"u\" access=\"read\"/>\n" \
" <property name=\"SocketMode\" type=\"u\" access=\"read\"/>\n" \
" <property name=\"Accept\" type=\"b\" access=\"read\"/>\n" \
+ " <property name=\"TCPWrapName\" type=\"s\" access=\"read\"/>\n" \
" </interface>\n" \
#define INTROSPECTION \
@@ -66,6 +67,7 @@ DBusHandlerResult bus_socket_message_handler(Unit *u, DBusMessage *message) {
{ "org.freedesktop.systemd1.Socket", "DirectoryMode", bus_property_append_mode, "u", &u->socket.directory_mode },
{ "org.freedesktop.systemd1.Socket", "SocketMode", bus_property_append_mode, "u", &u->socket.socket_mode },
{ "org.freedesktop.systemd1.Socket", "Accept", bus_property_append_bool, "b", &u->socket.accept },
+ { "org.freedesktop.systemd1.Socket", "TCPWrapName", bus_property_append_string, "s", u->socket.tcpwrap_name },
{ NULL, NULL, NULL, NULL, NULL }
};
diff --git a/src/load-fragment.c b/src/load-fragment.c
index cf1434eb1e..94a637541f 100644
--- a/src/load-fragment.c
+++ b/src/load-fragment.c
@@ -1444,6 +1444,7 @@ static int load_from_path(Unit *u, const char *path) {
{ "SocketMode", config_parse_mode, &u->socket.socket_mode, "Socket" },
{ "KillMode", config_parse_kill_mode, &u->socket.kill_mode, "Socket" },
{ "Accept", config_parse_bool, &u->socket.accept, "Socket" },
+ { "TCPWrapName", config_parse_string, &u->socket.tcpwrap_name, "Socket" },
EXEC_CONTEXT_CONFIG_ITEMS(u->socket.exec_context, "Socket"),
{ "What", config_parse_string, &u->mount.parameters_fragment.what, "Mount" },
diff --git a/src/logger.c b/src/logger.c
index 48eee6cd12..de4dfad386 100644
--- a/src/logger.c
+++ b/src/logger.c
@@ -36,6 +36,7 @@
#include "log.h"
#include "list.h"
#include "sd-daemon.h"
+#include "tcpwrap.h"
#define STREAM_BUFFER 2048
#define STREAMS_MAX 256
@@ -340,6 +341,11 @@ static int stream_new(Server *s, int server_fd) {
return 0;
}
+ if (!socket_tcpwrap(fd, "systemd-logger")) {
+ close_nointr_nofail(fd);
+ return 0;
+ }
+
if (!(stream = new0(Stream, 1))) {
close_nointr_nofail(fd);
return -ENOMEM;
diff --git a/src/socket.c b/src/socket.c
index 1852fe9375..71f1672027 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -36,6 +36,7 @@
#include "strv.h"
#include "unit-name.h"
#include "dbus-socket.h"
+#include "tcpwrap.h"
static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
[SOCKET_DEAD] = UNIT_INACTIVE,
@@ -107,6 +108,9 @@ static void socket_done(Unit *u) {
free(s->bind_to_device);
s->bind_to_device = NULL;
+ free(s->tcpwrap_name);
+ s->tcpwrap_name = NULL;
+
unit_unwatch_timer(u, &s->timer_watch);
}
@@ -305,6 +309,11 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
"%sBindToDevice: %s\n",
prefix, s->bind_to_device);
+ if (s->tcpwrap_name)
+ fprintf(f,
+ "%sTCPWrapName: %s\n",
+ prefix, s->tcpwrap_name);
+
if (s->accept)
fprintf(f,
"%sAccepted: %u\n",
@@ -1212,6 +1221,12 @@ static void socket_fd_event(Unit *u, int fd, uint32_t events, Watch *w) {
break;
}
+
+ if (s->tcpwrap_name)
+ if (!socket_tcpwrap(cfd, s->tcpwrap_name)) {
+ close_nointr_nofail(cfd);
+ return;
+ }
}
socket_enter_running(s, cfd);
diff --git a/src/socket.h b/src/socket.h
index 5a2cd06d9d..de3e913f7c 100644
--- a/src/socket.h
+++ b/src/socket.h
@@ -101,6 +101,8 @@ struct Socket {
mode_t directory_mode;
mode_t socket_mode;
+ char *tcpwrap_name;
+
bool accept;
unsigned n_accepted;
diff --git a/src/tcpwrap.c b/src/tcpwrap.c
new file mode 100644
index 0000000000..579aad56e9
--- /dev/null
+++ b/src/tcpwrap.c
@@ -0,0 +1,66 @@
+/*-*- Mode: C; c-basic-offset: 8 -*-*/
+
+/***
+ This file is part of systemd.
+
+ Copyright 2010 Lennart Poettering
+
+ systemd is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ systemd is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <sys/socket.h>
+#include <sys/un.h>
+
+#ifdef HAVE_LIBWRAP
+#include <tcpd.h>
+#endif
+
+#include "tcpwrap.h"
+#include "log.h"
+
+bool socket_tcpwrap(int fd, const char *name) {
+#ifdef HAVE_LIBWRAP
+ struct request_info req;
+ union {
+ struct sockaddr sa;
+ struct sockaddr_in in;
+ struct sockaddr_in6 in6;
+ struct sockaddr_un un;
+ struct sockaddr_storage storage;
+ } sa_union;
+ socklen_t l = sizeof(sa_union);
+
+ if (getsockname(fd, &sa_union.sa, &l) < 0)
+ return true;
+
+ if (sa_union.sa.sa_family != AF_INET &&
+ sa_union.sa.sa_family != AF_INET6)
+ return true;
+
+ request_init(&req,
+ RQ_DAEMON, name,
+ RQ_FILE, fd,
+ NULL);
+
+ fromhost(&req);
+
+ if (!hosts_access(&req)) {
+ log_warning("Connection refused by tcpwrap.");
+ return false;
+ }
+
+ log_debug("Connection accepted by tcpwrap.");
+#endif
+ return true;
+}
diff --git a/src/tcpwrap.h b/src/tcpwrap.h
new file mode 100644
index 0000000000..b47169610c
--- /dev/null
+++ b/src/tcpwrap.h
@@ -0,0 +1,29 @@
+/*-*- Mode: C; c-basic-offset: 8 -*-*/
+
+#ifndef foolibwraphfoo
+#define foolibwraphfoo
+
+/***
+ This file is part of systemd.
+
+ Copyright 2010 Lennart Poettering
+
+ systemd is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ systemd is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <stdbool.h>
+
+bool socket_tcpwrap(int fd, const char *name);
+
+#endif