picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add REMOTE_ADDR and REMOTE_PORT for Accept=yes

This commit is contained in:
Shawn Landden 2015-03-10 04:41:59 -07:00 committed by Zbigniew Jędrzejewski-Szmek
parent 54bcf1557c
commit 3b1c524154
7 changed files with 107 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
TODO
View File

@ -171,8 +171,6 @@ Features:
* as soon as we have kdbus, and sender timestamps, revisit coalescing multiple parallel daemon reloads: * as soon as we have kdbus, and sender timestamps, revisit coalescing multiple parallel daemon reloads:
http://lists.freedesktop.org/archives/systemd-devel/2014-December/025862.html http://lists.freedesktop.org/archives/systemd-devel/2014-December/025862.html
* set $REMOTE_IP (or $REMOTE_ADDR/$REMOTE_PORT) environment variable when doing per-connection socket activation. use format introduced by xinetd or CGI for this
* the install state probably shouldn't get confused by generated units, think dbus1/kdbus compat! * the install state probably shouldn't get confused by generated units, think dbus1/kdbus compat!
* in systemctl list-unit-files: show the install value the presets would suggest for a service in a third column * in systemctl list-unit-files: show the install value the presets would suggest for a service in a third column

7
man/systemd.socket.xml
View File

@ -357,7 +357,12 @@
daemons designed for usage with daemons designed for usage with
<citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry> <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
to work unmodified with systemd socket to work unmodified with systemd socket
activation.</para></listitem> activation.</para>
<para>For IPv4 and IPv6 connections the <varname>REMOTE_ADDR</varname>
environment variable will contain the remote IP, and <varname>REMOTE_PORT</varname>
will contain the remote port. This is the same as the format used by CGI.
For SOCK_RAW the port is the IP protocol.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>

42
src/core/service.c
View File

@ -1095,7 +1095,7 @@ static int service_spawn(
if (r < 0) if (r < 0)
goto fail; goto fail;
our_env = new0(char*, 4); our_env = new0(char*, 6);
if (!our_env) { if (!our_env) {
r = -ENOMEM; r = -ENOMEM;
goto fail; goto fail;
@ -1119,6 +1119,46 @@ static int service_spawn(
goto fail; goto fail;
} }
if (UNIT_DEREF(s->accept_socket)) {
union sockaddr_union sa;
socklen_t salen = sizeof(sa);
r = getpeername(s->socket_fd, &sa.sa, &salen);
if (r < 0) {
r = -errno;
goto fail;
}
if (IN_SET(sa.sa.sa_family, AF_INET, AF_INET6)) {
_cleanup_free_ char *addr = NULL;
char *t;
int port;
r = sockaddr_pretty(&sa.sa, salen, true, false, &addr);
if (r < 0)
goto fail;
t = strappend("REMOTE_ADDR=", addr);
if (!t) {
r = -ENOMEM;
goto fail;
}
our_env[n_env++] = t;
port = sockaddr_port(&sa.sa);
if (port < 0) {
r = port;
goto fail;
}
if (asprintf(&t, "REMOTE_PORT=%u", port) < 0) {
r = -ENOMEM;
goto fail;
}
our_env[n_env++] = t;
}
}
final_env = strv_env_merge(2, UNIT(s)->manager->environment, our_env, NULL); final_env = strv_env_merge(2, UNIT(s)->manager->environment, our_env, NULL);
if (!final_env) { if (!final_env) {
r = -ENOMEM; r = -ENOMEM;

2
src/libsystemd/sd-resolve/test-resolve.c
View File

@ -46,7 +46,7 @@ static int getaddrinfo_handler(sd_resolve_query *q, int ret, const struct addrin
for (i = ai; i; i = i->ai_next) { for (i = ai; i; i = i->ai_next) {
_cleanup_free_ char *addr = NULL; _cleanup_free_ char *addr = NULL;
assert_se(sockaddr_pretty(i->ai_addr, i->ai_addrlen, false, &addr) == 0); assert_se(sockaddr_pretty(i->ai_addr, i->ai_addrlen, false, true, &addr) == 0);
puts(addr); puts(addr);
} }

76
src/shared/socket-util.c
View File

@ -297,7 +297,7 @@ int socket_address_print(const SocketAddress *a, char **ret) {
return 0; return 0;
} }
return sockaddr_pretty(&a->sockaddr.sa, a->size, false, ret); return sockaddr_pretty(&a->sockaddr.sa, a->size, false, true, ret);
} }
bool socket_address_can_accept(const SocketAddress *a) { bool socket_address_can_accept(const SocketAddress *a) {
@ -466,7 +466,20 @@ bool socket_address_matches_fd(const SocketAddress *a, int fd) {
return socket_address_equal(a, &b); return socket_address_equal(a, &b);
} }
int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, char **ret) { int sockaddr_port(const struct sockaddr *_sa) {
union sockaddr_union *sa = (union sockaddr_union*) _sa;
assert(sa);
if (!IN_SET(sa->sa.sa_family, AF_INET, AF_INET6))
return -EAFNOSUPPORT;
return ntohs(sa->sa.sa_family == AF_INET6 ?
sa->in6.sin6_port :
sa->in.sin_port);
}
int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, bool include_port, char **ret) {
union sockaddr_union *sa = (union sockaddr_union*) _sa; union sockaddr_union *sa = (union sockaddr_union*) _sa;
char *p; char *p;
@ -480,11 +493,18 @@ int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_
a = ntohl(sa->in.sin_addr.s_addr); a = ntohl(sa->in.sin_addr.s_addr);
if (asprintf(&p, if (include_port) {
"%u.%u.%u.%u:%u", if (asprintf(&p,
a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF, "%u.%u.%u.%u:%u",
ntohs(sa->in.sin_port)) < 0) a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
return -ENOMEM; ntohs(sa->in.sin_port)) < 0)
return -ENOMEM;
} else {
if (asprintf(&p,
"%u.%u.%u.%u",
a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF) < 0)
return -ENOMEM;
}
break; break;
} }
@ -496,20 +516,34 @@ int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_
if (translate_ipv6 && memcmp(&sa->in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) { if (translate_ipv6 && memcmp(&sa->in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
const uint8_t *a = sa->in6.sin6_addr.s6_addr+12; const uint8_t *a = sa->in6.sin6_addr.s6_addr+12;
if (include_port) {
if (asprintf(&p, if (asprintf(&p,
"%u.%u.%u.%u:%u", "%u.%u.%u.%u:%u",
a[0], a[1], a[2], a[3], a[0], a[1], a[2], a[3],
ntohs(sa->in6.sin6_port)) < 0) ntohs(sa->in6.sin6_port)) < 0)
return -ENOMEM; return -ENOMEM;
} else {
if (asprintf(&p,
"%u.%u.%u.%u",
a[0], a[1], a[2], a[3]) < 0)
return -ENOMEM;
}
} else { } else {
char a[INET6_ADDRSTRLEN]; char a[INET6_ADDRSTRLEN];
if (asprintf(&p, inet_ntop(AF_INET6, &sa->in6.sin6_addr, a, sizeof(a));
"[%s]:%u",
inet_ntop(AF_INET6, &sa->in6.sin6_addr, a, sizeof(a)), if (include_port) {
ntohs(sa->in6.sin6_port)) < 0) if (asprintf(&p,
return -ENOMEM; "[%s]:%u",
a,
ntohs(sa->in6.sin6_port)) < 0)
return -ENOMEM;
} else {
p = strdup(a);
if (!p)
return -ENOMEM;
}
} }
break; break;
@ -584,7 +618,7 @@ int getpeername_pretty(int fd, char **ret) {
/* For remote sockets we translate IPv6 addresses back to IPv4 /* For remote sockets we translate IPv6 addresses back to IPv4
* if applicable, since that's nicer. */ * if applicable, since that's nicer. */
return sockaddr_pretty(&sa.sa, salen, true, ret); return sockaddr_pretty(&sa.sa, salen, true, true, ret);
} }
int getsockname_pretty(int fd, char **ret) { int getsockname_pretty(int fd, char **ret) {
@ -602,7 +636,7 @@ int getsockname_pretty(int fd, char **ret) {
* listening sockets where the difference between IPv4 and * listening sockets where the difference between IPv4 and
* IPv6 matters. */ * IPv6 matters. */
return sockaddr_pretty(&sa.sa, salen, false, ret); return sockaddr_pretty(&sa.sa, salen, false, true, ret);
} }
int socknameinfo_pretty(union sockaddr_union *sa, socklen_t salen, char **_ret) { int socknameinfo_pretty(union sockaddr_union *sa, socklen_t salen, char **_ret) {
@ -616,7 +650,7 @@ int socknameinfo_pretty(union sockaddr_union *sa, socklen_t salen, char **_ret)
if (r != 0) { if (r != 0) {
int saved_errno = errno; int saved_errno = errno;
r = sockaddr_pretty(&sa->sa, salen, true, &ret); r = sockaddr_pretty(&sa->sa, salen, true, true, &ret);
if (r < 0) if (r < 0)
return log_error_errno(r, "sockadd_pretty() failed: %m"); return log_error_errno(r, "sockadd_pretty() failed: %m");

4
src/shared/socket-util.h
View File

@ -97,7 +97,9 @@ const char* socket_address_get_path(const SocketAddress *a);
bool socket_ipv6_is_supported(void); bool socket_ipv6_is_supported(void);
int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, char **ret); int sockaddr_port(const struct sockaddr *_sa) _pure_;
int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, bool include_port, char **ret);
int getpeername_pretty(int fd, char **ret); int getpeername_pretty(int fd, char **ret);
int getsockname_pretty(int fd, char **ret); int getsockname_pretty(int fd, char **ret);

2
src/timesync/timesyncd-server.h
View File

@ -59,7 +59,7 @@ struct ServerName {
int server_address_new(ServerName *n, ServerAddress **ret, const union sockaddr_union *sockaddr, socklen_t socklen); int server_address_new(ServerName *n, ServerAddress **ret, const union sockaddr_union *sockaddr, socklen_t socklen);
ServerAddress* server_address_free(ServerAddress *a); ServerAddress* server_address_free(ServerAddress *a);
static inline int server_address_pretty(ServerAddress *a, char **pretty) { static inline int server_address_pretty(ServerAddress *a, char **pretty) {
return sockaddr_pretty(&a->sockaddr.sa, a->socklen, true, pretty); return sockaddr_pretty(&a->sockaddr.sa, a->socklen, true, true, pretty);
} }
int server_name_new(Manager *m, ServerName **ret, ServerType type,const char *string); int server_name_new(Manager *m, ServerName **ret, ServerType type,const char *string);