socket: fix IPv6 availability detection

[elogind.git] / src / socket-util.c

diff --git a/src/socket-util.c b/src/socket-util.c
index 3a00fcf43f1289c728d5566ecedaf16dcdbcf95e..9b4a1b3b48f8aa53f5e6b2ec2aa8a71511024ea0 100644 (file)
--- a/src/socket-util.c
+++ b/src/socket-util.c
@@ -1,4 +1,4 @@
-/*-*- Mode: C; c-basic-offset: 8 -*-*/
+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
 
 /***
   This file is part of systemd.
@@ -29,12 +29,14 @@
 #include <net/if.h>
 #include <sys/types.h>
 #include <sys/stat.h>
-#include <selinux/selinux.h>
+#include <stddef.h>
+#include <sys/ioctl.h>
 
 #include "macro.h"
 #include "util.h"
 #include "socket-util.h"
 #include "missing.h"
+#include "label.h"
 
 int socket_address_parse(SocketAddress *a, const char *s) {
         int r;
@@ -50,6 +52,11 @@ int socket_address_parse(SocketAddress *a, const char *s) {
         if (*s == '[') {
                 /* IPv6 in [x:.....:z]:p notation */
 
+                if (!socket_ipv6_is_supported()) {
+                        log_warning("Binding to IPv6 address not available since kernel does not support IPv6.");
+                        return -EAFNOSUPPORT;
+                }
+
                 if (!(e = strchr(s+1, ']')))
                         return -EINVAL;
 
@@ -90,7 +97,7 @@ int socket_address_parse(SocketAddress *a, const char *s) {
 
                 a->sockaddr.un.sun_family = AF_UNIX;
                 memcpy(a->sockaddr.un.sun_path, s, l);
-                a->size = sizeof(sa_family_t) + l + 1;
+                a->size = offsetof(struct sockaddr_un, sun_path) + l + 1;
 
         } else if (*s == '@') {
                 /* Abstract AF_UNIX socket */
@@ -102,7 +109,7 @@ int socket_address_parse(SocketAddress *a, const char *s) {
 
                 a->sockaddr.un.sun_family = AF_UNIX;
                 memcpy(a->sockaddr.un.sun_path+1, s+1, l);
-                a->size = sizeof(sa_family_t) + 1 + l;
+                a->size = offsetof(struct sockaddr_un, sun_path) + 1 + l;
 
         } else {
 
@@ -145,12 +152,16 @@ int socket_address_parse(SocketAddress *a, const char *s) {
                                 if (idx == 0)
                                         return -EINVAL;
 
+                                if (!socket_ipv6_is_supported()) {
+                                        log_warning("Binding to interface is not available since kernel does not support IPv6.");
+                                        return -EAFNOSUPPORT;
+                                }
+
                                 a->sockaddr.in6.sin6_family = AF_INET6;
                                 a->sockaddr.in6.sin6_port = htons((uint16_t) u);
                                 a->sockaddr.in6.sin6_scope_id = idx;
                                 a->sockaddr.in6.sin6_addr = in6addr_any;
                                 a->size = sizeof(struct sockaddr_in6);
-
                         }
                 } else {
 
@@ -161,10 +172,17 @@ int socket_address_parse(SocketAddress *a, const char *s) {
                         if (u <= 0 || u > 0xFFFF)
                                 return -EINVAL;
 
-                        a->sockaddr.in6.sin6_family = AF_INET6;
-                        a->sockaddr.in6.sin6_port = htons((uint16_t) u);
-                        a->sockaddr.in6.sin6_addr = in6addr_any;
-                        a->size = sizeof(struct sockaddr_in6);
+                        if (socket_ipv6_is_supported()) {
+                                a->sockaddr.in6.sin6_family = AF_INET6;
+                                a->sockaddr.in6.sin6_port = htons((uint16_t) u);
+                                a->sockaddr.in6.sin6_addr = in6addr_any;
+                                a->size = sizeof(struct sockaddr_in6);
+                        } else {
+                                a->sockaddr.in4.sin_family = AF_INET;
+                                a->sockaddr.in4.sin_port = htons((uint16_t) u);
+                                a->sockaddr.in4.sin_addr.s_addr = INADDR_ANY;
+                                a->size = sizeof(struct sockaddr_in);
+                        }
                 }
         }
 
@@ -194,10 +212,10 @@ int socket_address_verify(const SocketAddress *a) {
                         return 0;
 
                 case AF_UNIX:
-                        if (a->size < sizeof(sa_family_t))
+                        if (a->size < offsetof(struct sockaddr_un, sun_path))
                                 return -EINVAL;
 
-                        if (a->size > sizeof(sa_family_t)) {
+                        if (a->size > offsetof(struct sockaddr_un, sun_path)) {
 
                                 if (a->sockaddr.un.sun_path[0] != 0) {
                                         char *e;
@@ -206,7 +224,7 @@ int socket_address_verify(const SocketAddress *a) {
                                         if (!(e = memchr(a->sockaddr.un.sun_path, 0, sizeof(a->sockaddr.un.sun_path))))
                                                 return -EINVAL;
 
-                                        if (a->size != sizeof(sa_family_t) + (e - a->sockaddr.un.sun_path) + 1)
+                                        if (a->size != offsetof(struct sockaddr_un, sun_path) + (e - a->sockaddr.un.sun_path) + 1)
                                                 return -EINVAL;
                                 }
                         }
@@ -263,7 +281,7 @@ int socket_address_print(const SocketAddress *a, char **p) {
                 case AF_UNIX: {
                         char *ret;
 
-                        if (a->size <= sizeof(sa_family_t)) {
+                        if (a->size <= offsetof(struct sockaddr_un, sun_path)) {
 
                                 if (!(ret = strdup("<unamed>")))
                                         return -ENOMEM;
@@ -306,7 +324,7 @@ int socket_address_listen(
                 bool free_bind,
                 mode_t directory_mode,
                 mode_t socket_mode,
-                security_context_t scon,
+                const char *label,
                 int *ret) {
 
         int r, fd, one;
@@ -316,16 +334,17 @@ int socket_address_listen(
         if ((r = socket_address_verify(a)) < 0)
                 return r;
 
-        if (setsockcreatecon(scon) < 0) {
-                log_error("Failed to set SELinux context (%s) on socket: %m", scon);
-                if (security_getenforce() == 1)
-                        return -errno;
-        }
+        if (socket_address_family(a) == AF_INET6 && !socket_ipv6_is_supported())
+                return -EAFNOSUPPORT;
+
+        r = label_socket_set(label);
+        if (r < 0)
+                return r;
 
         fd = socket(socket_address_family(a), a->type | SOCK_NONBLOCK | SOCK_CLOEXEC, 0);
         r = fd < 0 ? -errno : 0;
 
-        setsockcreatecon(NULL);
+        label_socket_clear();
 
         if (r < 0)
                 return r;
@@ -486,6 +505,24 @@ bool socket_address_needs_mount(const SocketAddress *a, const char *prefix) {
         return path_startswith(a->sockaddr.un.sun_path, prefix);
 }
 
+bool socket_ipv6_is_supported(void) {
+        char *l = 0;
+        bool enabled;
+
+        if (access("/sys/module/ipv6", F_OK) != 0)
+                return 0;
+
+        /* If we can't check "disable" parameter, assume enabled */
+        if (read_one_line_file("/sys/module/ipv6/parameters/disable", &l) < 0)
+                return 1;
+
+        /* If module was loaded with disable=1 no IPv6 available */
+        enabled = l[0] == '0';
+        free(l);
+
+        return enabled;
+}
+
 static const char* const socket_address_bind_ipv6_only_table[_SOCKET_ADDRESS_BIND_IPV6_ONLY_MAX] = {
         [SOCKET_ADDRESS_DEFAULT] = "default",
         [SOCKET_ADDRESS_BOTH] = "both",