socket: add option for SO_PASSCRED

Add an option to enable SO_PASSCRED for unix sockets.

diff --git a/src/dbus-socket.c b/src/dbus-socket.c
index 2a1a17d7804dc8230f85f2bded494183eb877d0b..37ab7eb3e252f1662432c09737ec336d9d73ccfa 100644 (file)
--- a/src/dbus-socket.c
+++ b/src/dbus-socket.c
@@ -51,6 +51,7 @@
         "  <property name=\"FreeBind\" type=\"b\" access=\"read\"/>\n"  \
         "  <property name=\"Transparent\" type=\"b\" access=\"read\"/>\n" \
         "  <property name=\"Broadcast\" type=\"b\" access=\"read\"/>\n" \
+        "  <property name=\"PassCred\" type=\"b\" access=\"read\"/>\n" \
         "  <property name=\"Mark\" type=\"i\" access=\"read\"/>\n"      \
         "  <property name=\"MaxConnections\" type=\"u\" access=\"read\"/>\n" \
         "  <property name=\"NAccepted\" type=\"u\" access=\"read\"/>\n" \
@@ -113,6 +114,7 @@ DBusHandlerResult bus_socket_message_handler(Unit *u, DBusConnection *c, DBusMes
                 { "org.freedesktop.systemd1.Socket", "FreeBind",       bus_property_append_bool,         "b", &u->socket.free_bind       },
                 { "org.freedesktop.systemd1.Socket", "Transparent",    bus_property_append_bool,         "b", &u->socket.transparent     },
                 { "org.freedesktop.systemd1.Socket", "Broadcast",      bus_property_append_bool,         "b", &u->socket.broadcast       },
+                { "org.freedesktop.systemd1.Socket", "PassCred",       bus_property_append_bool,         "b", &u->socket.pass_cred       },
                 { "org.freedesktop.systemd1.Socket", "Mark",           bus_property_append_int,          "i", &u->socket.mark            },
                 { "org.freedesktop.systemd1.Socket", "MaxConnections", bus_property_append_unsigned,     "u", &u->socket.max_connections },
                 { "org.freedesktop.systemd1.Socket", "NConnections",   bus_property_append_unsigned,     "u", &u->socket.n_connections   },

diff --git a/src/load-fragment-gperf.gperf.m4 b/src/load-fragment-gperf.gperf.m4
index 41797d20c0f095d27a9007b6e4d33d5888af97bc..84ae28ca38d2f6536cbed87c92c2618462c88567 100644 (file)
--- a/src/load-fragment-gperf.gperf.m4
+++ b/src/load-fragment-gperf.gperf.m4
@@ -177,6 +177,7 @@ Socket.PipeSize,                 config_parse_size,                  0,
 Socket.FreeBind,                 config_parse_bool,                  0,                             offsetof(Socket, free_bind)
 Socket.Transparent,              config_parse_bool,                  0,                             offsetof(Socket, transparent)
 Socket.Broadcast,                config_parse_bool,                  0,                             offsetof(Socket, broadcast)
+Socket.PassCred,                 config_parse_bool,                  0,                             offsetof(Socket, pass_cred)
 Socket.TCPCongestion,            config_parse_string,                0,                             offsetof(Socket, tcp_congestion)
 Socket.MessageQueueMaxMessages,  config_parse_long,                  0,                             offsetof(Socket, mq_maxmsg)
 Socket.MessageQueueMessageSize,  config_parse_long,                  0,                             offsetof(Socket, mq_msgsize)

diff --git a/src/socket.c b/src/socket.c
index 7ddf326a2252c40481b5b86124dd45f25945d13a..0864cce86d8969fc0ee357ffaae275ebcd544bbf 100644 (file)
--- a/src/socket.c
+++ b/src/socket.c
@@ -406,6 +406,7 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
                 "%sFreeBind: %s\n"
                 "%sTransparent: %s\n"
                 "%sBroadcast: %s\n"
+                "%sPassCred: %s\n"
                 "%sTCPCongestion: %s\n",
                 prefix, socket_state_to_string(s->state),
                 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
@@ -416,6 +417,7 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
                 prefix, yes_no(s->free_bind),
                 prefix, yes_no(s->transparent),
                 prefix, yes_no(s->broadcast),
+                prefix, yes_no(s->pass_cred),
                 prefix, strna(s->tcp_congestion));
 
         if (s->control_pid > 0)
@@ -657,6 +659,12 @@ static void socket_apply_socket_options(Socket *s, int fd) {
                         log_warning("SO_BROADCAST failed: %m");
         }
 
+        if (s->pass_cred) {
+                int one = 1;
+                if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
+                        log_warning("SO_PASSCRED failed: %m");
+        }
+
         if (s->priority >= 0)
                 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
                         log_warning("SO_PRIORITY failed: %m");

diff --git a/src/socket.h b/src/socket.h
index fd13ac4e4c8e035033523f9b6bb64a085d7a813a..fbd29dad7243d1fc1988eb39719fa32dd9d00324 100644 (file)
--- a/src/socket.h
+++ b/src/socket.h
@@ -118,6 +118,7 @@ struct Socket {
         bool free_bind;
         bool transparent;
         bool broadcast;
+        bool pass_cred;
         int priority;
         int mark;
         size_t receive_buffer;