|
|
1abbee |
From afa96dafde9d50f2b53ccf8136ead9ed79544877 Mon Sep 17 00:00:00 2001
|
|
|
1abbee |
From: Shawn Landden <shawn@churchofgit.com>
|
|
|
1abbee |
Date: Tue, 10 Mar 2015 04:41:59 -0700
|
|
|
1abbee |
Subject: [PATCH] add REMOTE_ADDR and REMOTE_PORT for Accept=yes
|
|
|
1abbee |
|
|
|
1abbee |
Cherry-picked from: 3b1c524154c876aecebc98787975cc2943100210
|
|
|
1abbee |
Resolves: #1341154
|
|
|
1abbee |
---
|
|
|
1abbee |
TODO | 2 -
|
|
|
1abbee |
man/systemd.socket.xml | 7 ++-
|
|
|
23b3cf |
src/core/service.c | 42 ++++++++++++-
|
|
|
1abbee |
src/libsystemd/sd-resolve/test-resolve.c | 2 +-
|
|
|
23b3cf |
src/shared/socket-util.c | 76 +++++++++++++++++-------
|
|
|
1abbee |
src/shared/socket-util.h | 4 +-
|
|
|
1abbee |
src/timesync/timesyncd-server.h | 2 +-
|
|
|
1abbee |
7 files changed, 107 insertions(+), 28 deletions(-)
|
|
|
1abbee |
|
|
|
1abbee |
diff --git a/TODO b/TODO
|
|
Pablo Greco |
48fc63 |
index d96d2bf0ee..498d82c212 100644
|
|
|
1abbee |
--- a/TODO
|
|
|
1abbee |
+++ b/TODO
|
|
|
1abbee |
@@ -185,8 +185,6 @@ Features:
|
|
|
1abbee |
* as soon as we have kdbus, and sender timestamps, revisit coalescing multiple parallel daemon reloads:
|
|
|
1abbee |
http://lists.freedesktop.org/archives/systemd-devel/2014-December/025862.html
|
|
|
1abbee |
|
|
|
1abbee |
-* set $REMOTE_IP (or $REMOTE_ADDR/$REMOTE_PORT) environment variable when doing per-connection socket activation. use format introduced by xinetd or CGI for this
|
|
|
1abbee |
-
|
|
|
1abbee |
* the install state probably shouldn't get confused by generated units, think dbus1/kdbus compat!
|
|
|
1abbee |
|
|
|
1abbee |
* in systemctl list-unit-files: show the install value the presets would suggest for a service in a third column
|
|
|
1abbee |
diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml
|
|
Pablo Greco |
48fc63 |
index 2f541937f8..350a95648a 100644
|
|
|
1abbee |
--- a/man/systemd.socket.xml
|
|
|
1abbee |
+++ b/man/systemd.socket.xml
|
|
|
1abbee |
@@ -357,7 +357,12 @@
|
|
|
1abbee |
daemons designed for usage with
|
|
|
1abbee |
<citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
|
1abbee |
to work unmodified with systemd socket
|
|
|
1abbee |
- activation.</para></listitem>
|
|
|
1abbee |
+ activation.</para>
|
|
|
1abbee |
+
|
|
|
1abbee |
+ <para>For IPv4 and IPv6 connections the <varname>REMOTE_ADDR</varname>
|
|
|
1abbee |
+ environment variable will contain the remote IP, and <varname>REMOTE_PORT</varname>
|
|
|
1abbee |
+ will contain the remote port. This is the same as the format used by CGI.
|
|
|
1abbee |
+ For SOCK_RAW the port is the IP protocol.</para></listitem>
|
|
|
1abbee |
</varlistentry>
|
|
|
1abbee |
|
|
|
1abbee |
<varlistentry>
|
|
|
1abbee |
diff --git a/src/core/service.c b/src/core/service.c
|
|
Pablo Greco |
48fc63 |
index ae5e610008..c76713b1ce 100644
|
|
|
1abbee |
--- a/src/core/service.c
|
|
|
1abbee |
+++ b/src/core/service.c
|
|
|
1abbee |
@@ -1094,7 +1094,7 @@ static int service_spawn(
|
|
|
1abbee |
if (r < 0)
|
|
|
1abbee |
goto fail;
|
|
|
1abbee |
|
|
|
1abbee |
- our_env = new0(char*, 4);
|
|
|
1abbee |
+ our_env = new0(char*, 6);
|
|
|
1abbee |
if (!our_env) {
|
|
|
1abbee |
r = -ENOMEM;
|
|
|
1abbee |
goto fail;
|
|
|
1abbee |
@@ -1118,6 +1118,46 @@ static int service_spawn(
|
|
|
1abbee |
goto fail;
|
|
|
1abbee |
}
|
|
|
1abbee |
|
|
|
1abbee |
+ if (UNIT_DEREF(s->accept_socket)) {
|
|
|
1abbee |
+ union sockaddr_union sa;
|
|
|
1abbee |
+ socklen_t salen = sizeof(sa);
|
|
|
1abbee |
+
|
|
|
1abbee |
+ r = getpeername(s->socket_fd, &sa.sa, &salen);
|
|
|
1abbee |
+ if (r < 0) {
|
|
|
1abbee |
+ r = -errno;
|
|
|
1abbee |
+ goto fail;
|
|
|
1abbee |
+ }
|
|
|
1abbee |
+
|
|
|
1abbee |
+ if (IN_SET(sa.sa.sa_family, AF_INET, AF_INET6)) {
|
|
|
1abbee |
+ _cleanup_free_ char *addr = NULL;
|
|
|
1abbee |
+ char *t;
|
|
|
1abbee |
+ int port;
|
|
|
1abbee |
+
|
|
|
1abbee |
+ r = sockaddr_pretty(&sa.sa, salen, true, false, &addr);
|
|
|
1abbee |
+ if (r < 0)
|
|
|
1abbee |
+ goto fail;
|
|
|
1abbee |
+
|
|
|
1abbee |
+ t = strappend("REMOTE_ADDR=", addr);
|
|
|
1abbee |
+ if (!t) {
|
|
|
1abbee |
+ r = -ENOMEM;
|
|
|
1abbee |
+ goto fail;
|
|
|
1abbee |
+ }
|
|
|
1abbee |
+ our_env[n_env++] = t;
|
|
|
1abbee |
+
|
|
|
1abbee |
+ port = sockaddr_port(&sa.sa);
|
|
|
1abbee |
+ if (port < 0) {
|
|
|
1abbee |
+ r = port;
|
|
|
1abbee |
+ goto fail;
|
|
|
1abbee |
+ }
|
|
|
1abbee |
+
|
|
|
1abbee |
+ if (asprintf(&t, "REMOTE_PORT=%u", port) < 0) {
|
|
|
1abbee |
+ r = -ENOMEM;
|
|
|
1abbee |
+ goto fail;
|
|
|
1abbee |
+ }
|
|
|
1abbee |
+ our_env[n_env++] = t;
|
|
|
1abbee |
+ }
|
|
|
1abbee |
+ }
|
|
|
1abbee |
+
|
|
|
1abbee |
final_env = strv_env_merge(2, UNIT(s)->manager->environment, our_env, NULL);
|
|
|
1abbee |
if (!final_env) {
|
|
|
1abbee |
r = -ENOMEM;
|
|
|
1abbee |
diff --git a/src/libsystemd/sd-resolve/test-resolve.c b/src/libsystemd/sd-resolve/test-resolve.c
|
|
Pablo Greco |
48fc63 |
index d08e1b5a05..a14b6de19f 100644
|
|
|
1abbee |
--- a/src/libsystemd/sd-resolve/test-resolve.c
|
|
|
1abbee |
+++ b/src/libsystemd/sd-resolve/test-resolve.c
|
|
|
1abbee |
@@ -49,7 +49,7 @@ static int getaddrinfo_handler(sd_resolve_query *q, int ret, const struct addrin
|
|
|
1abbee |
for (i = ai; i; i = i->ai_next) {
|
|
|
1abbee |
_cleanup_free_ char *addr = NULL;
|
|
|
1abbee |
|
|
|
1abbee |
- assert_se(sockaddr_pretty(i->ai_addr, i->ai_addrlen, false, &addr) == 0);
|
|
|
1abbee |
+ assert_se(sockaddr_pretty(i->ai_addr, i->ai_addrlen, false, true, &addr) == 0);
|
|
|
1abbee |
puts(addr);
|
|
|
1abbee |
}
|
|
|
1abbee |
|
|
|
1abbee |
diff --git a/src/shared/socket-util.c b/src/shared/socket-util.c
|
|
Pablo Greco |
48fc63 |
index 407d0afee3..a212510146 100644
|
|
|
1abbee |
--- a/src/shared/socket-util.c
|
|
|
1abbee |
+++ b/src/shared/socket-util.c
|
|
|
1abbee |
@@ -302,7 +302,7 @@ int socket_address_print(const SocketAddress *a, char **ret) {
|
|
|
1abbee |
return 0;
|
|
|
1abbee |
}
|
|
|
1abbee |
|
|
|
1abbee |
- return sockaddr_pretty(&a->sockaddr.sa, a->size, false, ret);
|
|
|
1abbee |
+ return sockaddr_pretty(&a->sockaddr.sa, a->size, false, true, ret);
|
|
|
1abbee |
}
|
|
|
1abbee |
|
|
|
1abbee |
bool socket_address_can_accept(const SocketAddress *a) {
|
|
|
1abbee |
@@ -471,7 +471,20 @@ bool socket_address_matches_fd(const SocketAddress *a, int fd) {
|
|
|
1abbee |
return socket_address_equal(a, &b);
|
|
|
1abbee |
}
|
|
|
1abbee |
|
|
|
1abbee |
-int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, char **ret) {
|
|
|
1abbee |
+int sockaddr_port(const struct sockaddr *_sa) {
|
|
|
1abbee |
+ union sockaddr_union *sa = (union sockaddr_union*) _sa;
|
|
|
1abbee |
+
|
|
|
1abbee |
+ assert(sa);
|
|
|
1abbee |
+
|
|
|
1abbee |
+ if (!IN_SET(sa->sa.sa_family, AF_INET, AF_INET6))
|
|
|
1abbee |
+ return -EAFNOSUPPORT;
|
|
|
1abbee |
+
|
|
|
1abbee |
+ return ntohs(sa->sa.sa_family == AF_INET6 ?
|
|
|
1abbee |
+ sa->in6.sin6_port :
|
|
|
1abbee |
+ sa->in.sin_port);
|
|
|
1abbee |
+}
|
|
|
1abbee |
+
|
|
|
1abbee |
+int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, bool include_port, char **ret) {
|
|
|
1abbee |
union sockaddr_union *sa = (union sockaddr_union*) _sa;
|
|
|
1abbee |
char *p;
|
|
|
1abbee |
|
|
|
1abbee |
@@ -485,11 +498,18 @@ int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_
|
|
|
1abbee |
|
|
|
1abbee |
a = ntohl(sa->in.sin_addr.s_addr);
|
|
|
1abbee |
|
|
|
1abbee |
- if (asprintf(&p,
|
|
|
1abbee |
- "%u.%u.%u.%u:%u",
|
|
|
1abbee |
- a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
|
|
|
1abbee |
- ntohs(sa->in.sin_port)) < 0)
|
|
|
1abbee |
- return -ENOMEM;
|
|
|
1abbee |
+ if (include_port) {
|
|
|
1abbee |
+ if (asprintf(&p,
|
|
|
1abbee |
+ "%u.%u.%u.%u:%u",
|
|
|
1abbee |
+ a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
|
|
|
1abbee |
+ ntohs(sa->in.sin_port)) < 0)
|
|
|
1abbee |
+ return -ENOMEM;
|
|
|
1abbee |
+ } else {
|
|
|
1abbee |
+ if (asprintf(&p,
|
|
|
1abbee |
+ "%u.%u.%u.%u",
|
|
|
1abbee |
+ a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF) < 0)
|
|
|
1abbee |
+ return -ENOMEM;
|
|
|
1abbee |
+ }
|
|
|
1abbee |
|
|
|
1abbee |
break;
|
|
|
1abbee |
}
|
|
|
1abbee |
@@ -501,20 +521,34 @@ int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_
|
|
|
1abbee |
|
|
|
1abbee |
if (translate_ipv6 && memcmp(&sa->in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
|
|
|
1abbee |
const uint8_t *a = sa->in6.sin6_addr.s6_addr+12;
|
|
|
1abbee |
-
|
|
|
1abbee |
- if (asprintf(&p,
|
|
|
1abbee |
- "%u.%u.%u.%u:%u",
|
|
|
1abbee |
- a[0], a[1], a[2], a[3],
|
|
|
1abbee |
- ntohs(sa->in6.sin6_port)) < 0)
|
|
|
1abbee |
- return -ENOMEM;
|
|
|
1abbee |
+ if (include_port) {
|
|
|
1abbee |
+ if (asprintf(&p,
|
|
|
1abbee |
+ "%u.%u.%u.%u:%u",
|
|
|
1abbee |
+ a[0], a[1], a[2], a[3],
|
|
|
1abbee |
+ ntohs(sa->in6.sin6_port)) < 0)
|
|
|
1abbee |
+ return -ENOMEM;
|
|
|
1abbee |
+ } else {
|
|
|
1abbee |
+ if (asprintf(&p,
|
|
|
1abbee |
+ "%u.%u.%u.%u",
|
|
|
1abbee |
+ a[0], a[1], a[2], a[3]) < 0)
|
|
|
1abbee |
+ return -ENOMEM;
|
|
|
1abbee |
+ }
|
|
|
1abbee |
} else {
|
|
|
1abbee |
char a[INET6_ADDRSTRLEN];
|
|
|
1abbee |
|
|
|
1abbee |
- if (asprintf(&p,
|
|
|
1abbee |
- "[%s]:%u",
|
|
|
1abbee |
- inet_ntop(AF_INET6, &sa->in6.sin6_addr, a, sizeof(a)),
|
|
|
1abbee |
- ntohs(sa->in6.sin6_port)) < 0)
|
|
|
1abbee |
- return -ENOMEM;
|
|
|
1abbee |
+ inet_ntop(AF_INET6, &sa->in6.sin6_addr, a, sizeof(a));
|
|
|
1abbee |
+
|
|
|
1abbee |
+ if (include_port) {
|
|
|
1abbee |
+ if (asprintf(&p,
|
|
|
1abbee |
+ "[%s]:%u",
|
|
|
1abbee |
+ a,
|
|
|
1abbee |
+ ntohs(sa->in6.sin6_port)) < 0)
|
|
|
1abbee |
+ return -ENOMEM;
|
|
|
1abbee |
+ } else {
|
|
|
1abbee |
+ p = strdup(a);
|
|
|
1abbee |
+ if (!p)
|
|
|
1abbee |
+ return -ENOMEM;
|
|
|
1abbee |
+ }
|
|
|
1abbee |
}
|
|
|
1abbee |
|
|
|
1abbee |
break;
|
|
|
1abbee |
@@ -589,7 +623,7 @@ int getpeername_pretty(int fd, char **ret) {
|
|
|
1abbee |
/* For remote sockets we translate IPv6 addresses back to IPv4
|
|
|
1abbee |
* if applicable, since that's nicer. */
|
|
|
1abbee |
|
|
|
1abbee |
- return sockaddr_pretty(&sa.sa, salen, true, ret);
|
|
|
1abbee |
+ return sockaddr_pretty(&sa.sa, salen, true, true, ret);
|
|
|
1abbee |
}
|
|
|
1abbee |
|
|
|
1abbee |
int getsockname_pretty(int fd, char **ret) {
|
|
|
1abbee |
@@ -607,7 +641,7 @@ int getsockname_pretty(int fd, char **ret) {
|
|
|
1abbee |
* listening sockets where the difference between IPv4 and
|
|
|
1abbee |
* IPv6 matters. */
|
|
|
1abbee |
|
|
|
1abbee |
- return sockaddr_pretty(&sa.sa, salen, false, ret);
|
|
|
1abbee |
+ return sockaddr_pretty(&sa.sa, salen, false, true, ret);
|
|
|
1abbee |
}
|
|
|
1abbee |
|
|
|
1abbee |
int socknameinfo_pretty(union sockaddr_union *sa, socklen_t salen, char **_ret) {
|
|
|
1abbee |
@@ -621,7 +655,7 @@ int socknameinfo_pretty(union sockaddr_union *sa, socklen_t salen, char **_ret)
|
|
|
1abbee |
if (r != 0) {
|
|
|
1abbee |
int saved_errno = errno;
|
|
|
1abbee |
|
|
|
1abbee |
- r = sockaddr_pretty(&sa->sa, salen, true, &ret;;
|
|
|
1abbee |
+ r = sockaddr_pretty(&sa->sa, salen, true, true, &ret;;
|
|
|
1abbee |
if (r < 0)
|
|
|
1abbee |
return log_error_errno(r, "sockadd_pretty() failed: %m");
|
|
|
1abbee |
|
|
|
1abbee |
diff --git a/src/shared/socket-util.h b/src/shared/socket-util.h
|
|
Pablo Greco |
48fc63 |
index 07d0aff72b..6bfb677fb5 100644
|
|
|
1abbee |
--- a/src/shared/socket-util.h
|
|
|
1abbee |
+++ b/src/shared/socket-util.h
|
|
|
1abbee |
@@ -98,7 +98,9 @@ const char* socket_address_get_path(const SocketAddress *a);
|
|
|
1abbee |
|
|
|
1abbee |
bool socket_ipv6_is_supported(void);
|
|
|
1abbee |
|
|
|
1abbee |
-int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, char **ret);
|
|
|
1abbee |
+int sockaddr_port(const struct sockaddr *_sa) _pure_;
|
|
|
1abbee |
+
|
|
|
1abbee |
+int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, bool include_port, char **ret);
|
|
|
1abbee |
int getpeername_pretty(int fd, char **ret);
|
|
|
1abbee |
int getsockname_pretty(int fd, char **ret);
|
|
|
1abbee |
|
|
|
1abbee |
diff --git a/src/timesync/timesyncd-server.h b/src/timesync/timesyncd-server.h
|
|
Pablo Greco |
48fc63 |
index 243b44a0eb..18c44445e1 100644
|
|
|
1abbee |
--- a/src/timesync/timesyncd-server.h
|
|
|
1abbee |
+++ b/src/timesync/timesyncd-server.h
|
|
|
1abbee |
@@ -59,7 +59,7 @@ struct ServerName {
|
|
|
1abbee |
int server_address_new(ServerName *n, ServerAddress **ret, const union sockaddr_union *sockaddr, socklen_t socklen);
|
|
|
1abbee |
ServerAddress* server_address_free(ServerAddress *a);
|
|
|
1abbee |
static inline int server_address_pretty(ServerAddress *a, char **pretty) {
|
|
|
1abbee |
- return sockaddr_pretty(&a->sockaddr.sa, a->socklen, true, pretty);
|
|
|
1abbee |
+ return sockaddr_pretty(&a->sockaddr.sa, a->socklen, true, true, pretty);
|
|
|
1abbee |
}
|
|
|
1abbee |
|
|
|
1abbee |
int server_name_new(Manager *m, ServerName **ret, ServerType type,const char *string);
|