2020-11-09 05:23:58 +01:00
|
|
|
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
2012-04-11 12:30:53 +02:00
|
|
|
|
|
|
|
#include <errno.h>
|
2015-11-30 21:43:37 +01:00
|
|
|
#include <netinet/in.h>
|
|
|
|
#include <stdbool.h>
|
2012-04-11 12:30:53 +02:00
|
|
|
#include <stddef.h>
|
2015-10-25 13:14:12 +01:00
|
|
|
#include <string.h>
|
2015-11-30 21:43:37 +01:00
|
|
|
#include <sys/un.h>
|
2015-10-25 13:14:12 +01:00
|
|
|
#include <unistd.h>
|
2012-04-11 12:30:53 +02:00
|
|
|
|
2015-10-27 03:01:06 +01:00
|
|
|
#include "alloc-util.h"
|
2015-10-25 13:14:12 +01:00
|
|
|
#include "fd-util.h"
|
2017-12-27 16:50:24 +01:00
|
|
|
#include "fs-util.h"
|
2015-12-01 23:22:03 +01:00
|
|
|
#include "log.h"
|
2012-04-11 12:30:53 +02:00
|
|
|
#include "macro.h"
|
2019-10-31 03:07:23 +01:00
|
|
|
#include "missing_socket.h"
|
2015-10-25 13:14:12 +01:00
|
|
|
#include "mkdir.h"
|
2014-12-27 18:46:36 +01:00
|
|
|
#include "selinux-util.h"
|
|
|
|
#include "socket-util.h"
|
2016-03-10 15:24:08 +01:00
|
|
|
#include "umask-util.h"
|
2012-04-11 12:30:53 +02:00
|
|
|
|
|
|
|
int socket_address_listen(
|
|
|
|
const SocketAddress *a,
|
2013-11-06 22:30:35 +01:00
|
|
|
int flags,
|
2012-04-11 12:30:53 +02:00
|
|
|
int backlog,
|
|
|
|
SocketAddressBindIPv6Only only,
|
|
|
|
const char *bind_to_device,
|
2015-07-01 13:39:53 +02:00
|
|
|
bool reuse_port,
|
2012-04-11 12:30:53 +02:00
|
|
|
bool free_bind,
|
|
|
|
bool transparent,
|
|
|
|
mode_t directory_mode,
|
|
|
|
mode_t socket_mode,
|
2013-11-06 22:30:35 +01:00
|
|
|
const char *label) {
|
|
|
|
|
|
|
|
_cleanup_close_ int fd = -1;
|
2017-12-27 16:50:24 +01:00
|
|
|
const char *p;
|
2018-10-15 19:21:37 +02:00
|
|
|
int r;
|
2012-04-11 12:30:53 +02:00
|
|
|
|
|
|
|
assert(a);
|
|
|
|
|
2018-11-30 11:54:42 +01:00
|
|
|
r = socket_address_verify(a, true);
|
2013-11-06 22:30:35 +01:00
|
|
|
if (r < 0)
|
2012-04-11 12:30:53 +02:00
|
|
|
return r;
|
|
|
|
|
|
|
|
if (socket_address_family(a) == AF_INET6 && !socket_ipv6_is_supported())
|
|
|
|
return -EAFNOSUPPORT;
|
|
|
|
|
2013-11-06 22:30:35 +01:00
|
|
|
if (label) {
|
2014-10-23 19:41:27 +02:00
|
|
|
r = mac_selinux_create_socket_prepare(label);
|
2013-11-06 22:30:35 +01:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
}
|
2012-04-11 12:30:53 +02:00
|
|
|
|
2013-11-06 22:30:35 +01:00
|
|
|
fd = socket(socket_address_family(a), a->type | flags, a->protocol);
|
2012-04-11 12:30:53 +02:00
|
|
|
r = fd < 0 ? -errno : 0;
|
|
|
|
|
2013-11-06 22:30:35 +01:00
|
|
|
if (label)
|
2014-10-23 19:41:27 +02:00
|
|
|
mac_selinux_create_socket_clear();
|
2012-04-11 12:30:53 +02:00
|
|
|
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
if (socket_address_family(a) == AF_INET6 && only != SOCKET_ADDRESS_DEFAULT) {
|
2018-10-18 19:48:18 +02:00
|
|
|
r = setsockopt_int(fd, IPPROTO_IPV6, IPV6_V6ONLY, only == SOCKET_ADDRESS_IPV6_ONLY);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2012-04-11 12:30:53 +02:00
|
|
|
}
|
|
|
|
|
2017-09-07 11:15:27 +02:00
|
|
|
if (IN_SET(socket_address_family(a), AF_INET, AF_INET6)) {
|
2019-03-18 12:01:02 +01:00
|
|
|
if (bind_to_device) {
|
|
|
|
r = socket_bind_to_ifname(fd, bind_to_device);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
}
|
2012-04-11 12:30:53 +02:00
|
|
|
|
2015-07-01 13:39:53 +02:00
|
|
|
if (reuse_port) {
|
2018-10-18 19:48:18 +02:00
|
|
|
r = setsockopt_int(fd, SOL_SOCKET, SO_REUSEPORT, true);
|
|
|
|
if (r < 0)
|
|
|
|
log_warning_errno(r, "SO_REUSEPORT failed: %m");
|
2015-07-01 13:39:53 +02:00
|
|
|
}
|
|
|
|
|
2012-04-11 12:30:53 +02:00
|
|
|
if (free_bind) {
|
2020-09-10 16:31:31 +02:00
|
|
|
r = socket_set_freebind(fd, socket_address_family(a), true);
|
2018-10-18 19:48:18 +02:00
|
|
|
if (r < 0)
|
2020-09-10 16:31:31 +02:00
|
|
|
log_warning_errno(r, "IP_FREEBIND/IPV6_FREEBIND failed: %m");
|
2012-04-11 12:30:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (transparent) {
|
2020-09-10 16:31:31 +02:00
|
|
|
r = socket_set_transparent(fd, socket_address_family(a), true);
|
2018-10-18 19:48:18 +02:00
|
|
|
if (r < 0)
|
2020-09-10 16:31:31 +02:00
|
|
|
log_warning_errno(r, "IP_TRANSPARENT/IPV6_TRANSPARENT failed: %m");
|
2012-04-11 12:30:53 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-10-18 19:48:18 +02:00
|
|
|
r = setsockopt_int(fd, SOL_SOCKET, SO_REUSEADDR, true);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2012-04-11 12:30:53 +02:00
|
|
|
|
2017-12-27 16:50:24 +01:00
|
|
|
p = socket_address_get_path(a);
|
|
|
|
if (p) {
|
2012-04-11 12:30:53 +02:00
|
|
|
/* Create parents */
|
2017-12-27 16:50:24 +01:00
|
|
|
(void) mkdir_parents_label(p, directory_mode);
|
2012-04-11 12:30:53 +02:00
|
|
|
|
2013-11-06 22:30:35 +01:00
|
|
|
/* Enforce the right access mode for the socket */
|
2016-03-10 15:24:08 +01:00
|
|
|
RUN_WITH_UMASK(~socket_mode) {
|
|
|
|
r = mac_selinux_bind(fd, &a->sockaddr.sa, a->size);
|
|
|
|
if (r == -EADDRINUSE) {
|
|
|
|
/* Unlink and try again */
|
2017-12-27 16:59:44 +01:00
|
|
|
|
|
|
|
if (unlink(p) < 0)
|
|
|
|
return r; /* didn't work, return original error */
|
|
|
|
|
|
|
|
r = mac_selinux_bind(fd, &a->sockaddr.sa, a->size);
|
|
|
|
}
|
|
|
|
if (r < 0)
|
2016-03-10 15:24:08 +01:00
|
|
|
return r;
|
2012-04-11 12:30:53 +02:00
|
|
|
}
|
2016-03-10 15:24:08 +01:00
|
|
|
} else {
|
|
|
|
if (bind(fd, &a->sockaddr.sa, a->size) < 0)
|
|
|
|
return -errno;
|
|
|
|
}
|
2012-04-11 12:30:53 +02:00
|
|
|
|
|
|
|
if (socket_address_can_accept(a))
|
|
|
|
if (listen(fd, backlog) < 0)
|
2013-11-06 22:30:35 +01:00
|
|
|
return -errno;
|
2012-04-11 12:30:53 +02:00
|
|
|
|
2017-12-27 18:22:31 +01:00
|
|
|
/* Let's trigger an inotify event on the socket node, so that anyone waiting for this socket to be connectable
|
|
|
|
* gets notified */
|
|
|
|
if (p)
|
|
|
|
(void) touch(p);
|
|
|
|
|
2020-10-09 14:59:44 +02:00
|
|
|
return TAKE_FD(fd);
|
2012-04-11 12:30:53 +02:00
|
|
|
}
|