src/socket-util.c

   1 /*-*- Mode: C; c-basic-offset: 8 -*-*/
   2
   3 /***
   4   This file is part of systemd.
   5
   6   Copyright 2010 Lennart Poettering
   7
   8   systemd is free software; you can redistribute it and/or modify it
   9   under the terms of the GNU General Public License as published by
  10   the Free Software Foundation; either version 2 of the License, or
  11   (at your option) any later version.
  12
  13   systemd is distributed in the hope that it will be useful, but
  14   WITHOUT ANY WARRANTY; without even the implied warranty of
  15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  16   General Public License for more details.
  17
  18   You should have received a copy of the GNU General Public License
  19   along with systemd; If not, see <http://www.gnu.org/licenses/>.
  20 ***/
  21
  22 #include <assert.h>
  23 #include <string.h>
  24 #include <unistd.h>
  25 #include <errno.h>
  26 #include <stdlib.h>
  27 #include <arpa/inet.h>
  28 #include <stdio.h>
  29 #include <net/if.h>
  30 #include <sys/types.h>
  31 #include <sys/stat.h>
  32 #include <selinux/selinux.h>
  33
  34 #include "macro.h"
  35 #include "util.h"
  36 #include "socket-util.h"
  37 #include "missing.h"
  38
  39 int socket_address_parse(SocketAddress *a, const char *s) {
  40         int r;
  41         char *e, *n;
  42         unsigned u;
  43
  44         assert(a);
  45         assert(s);
  46
  47         zero(*a);
  48         a->type = SOCK_STREAM;
  49
  50         if (*s == '[') {
  51                 /* IPv6 in [x:.....:z]:p notation */
  52
  53                 if (!(e = strchr(s+1, ']')))
  54                         return -EINVAL;
  55
  56                 if (!(n = strndup(s+1, e-s-1)))
  57                         return -ENOMEM;
  58
  59                 errno = 0;
  60                 if (inet_pton(AF_INET6, n, &a->sockaddr.in6.sin6_addr) <= 0) {
  61                         free(n);
  62                         return errno != 0 ? -errno : -EINVAL;
  63                 }
  64
  65                 free(n);
  66
  67                 e++;
  68                 if (*e != ':')
  69                         return -EINVAL;
  70
  71                 e++;
  72                 if ((r = safe_atou(e, &u)) < 0)
  73                         return r;
  74
  75                 if (u <= 0 || u > 0xFFFF)
  76                         return -EINVAL;
  77
  78                 a->sockaddr.in6.sin6_family = AF_INET6;
  79                 a->sockaddr.in6.sin6_port = htons((uint16_t) u);
  80                 a->size = sizeof(struct sockaddr_in6);
  81
  82         } else if (*s == '/') {
  83                 /* AF_UNIX socket */
  84
  85                 size_t l;
  86
  87                 l = strlen(s);
  88                 if (l >= sizeof(a->sockaddr.un.sun_path))
  89                         return -EINVAL;
  90
  91                 a->sockaddr.un.sun_family = AF_UNIX;
  92                 memcpy(a->sockaddr.un.sun_path, s, l);
  93                 a->size = sizeof(sa_family_t) + l + 1;
  94
  95         } else if (*s == '@') {
  96                 /* Abstract AF_UNIX socket */
  97                 size_t l;
  98
  99                 l = strlen(s+1);
 100                 if (l >= sizeof(a->sockaddr.un.sun_path) - 1)
 101                         return -EINVAL;
 102
 103                 a->sockaddr.un.sun_family = AF_UNIX;
 104                 memcpy(a->sockaddr.un.sun_path+1, s+1, l);
 105                 a->size = sizeof(sa_family_t) + 1 + l;
 106
 107         } else {
 108
 109                 if ((e = strchr(s, ':'))) {
 110
 111                         if ((r = safe_atou(e+1, &u)) < 0)
 112                                 return r;
 113
 114                         if (u <= 0 || u > 0xFFFF)
 115                                 return -EINVAL;
 116
 117                         if (!(n = strndup(s, e-s)))
 118                                 return -ENOMEM;
 119
 120                         /* IPv4 in w.x.y.z:p notation? */
 121                         if ((r = inet_pton(AF_INET, n, &a->sockaddr.in4.sin_addr)) < 0) {
 122                                 free(n);
 123                                 return -errno;
 124                         }
 125
 126                         if (r > 0) {
 127                                 /* Gotcha, it's a traditional IPv4 address */
 128                                 free(n);
 129
 130                                 a->sockaddr.in4.sin_family = AF_INET;
 131                                 a->sockaddr.in4.sin_port = htons((uint16_t) u);
 132                                 a->size = sizeof(struct sockaddr_in);
 133                         } else {
 134                                 unsigned idx;
 135
 136                                 if (strlen(n) > IF_NAMESIZE-1) {
 137                                         free(n);
 138                                         return -EINVAL;
 139                                 }
 140
 141                                 /* Uh, our last resort, an interface name */
 142                                 idx = if_nametoindex(n);
 143                                 free(n);
 144
 145                                 if (idx == 0)
 146                                         return -EINVAL;
 147
 148                                 a->sockaddr.in6.sin6_family = AF_INET6;
 149                                 a->sockaddr.in6.sin6_port = htons((uint16_t) u);
 150                                 a->sockaddr.in6.sin6_scope_id = idx;
 151                                 a->sockaddr.in6.sin6_addr = in6addr_any;
 152                                 a->size = sizeof(struct sockaddr_in6);
 153
 154                         }
 155                 } else {
 156
 157                         /* Just a port */
 158                         if ((r = safe_atou(s, &u)) < 0)
 159                                 return r;
 160
 161                         if (u <= 0 || u > 0xFFFF)
 162                                 return -EINVAL;
 163
 164                         a->sockaddr.in6.sin6_family = AF_INET6;
 165                         a->sockaddr.in6.sin6_port = htons((uint16_t) u);
 166                         a->sockaddr.in6.sin6_addr = in6addr_any;
 167                         a->size = sizeof(struct sockaddr_in6);
 168                 }
 169         }
 170
 171         return 0;
 172 }
 173
 174 int socket_address_verify(const SocketAddress *a) {
 175         assert(a);
 176
 177         switch (socket_address_family(a)) {
 178                 case AF_INET:
 179                         if (a->size != sizeof(struct sockaddr_in))
 180                                 return -EINVAL;
 181
 182                         if (a->sockaddr.in4.sin_port == 0)
 183                                 return -EINVAL;
 184
 185                         return 0;
 186
 187                 case AF_INET6:
 188                         if (a->size != sizeof(struct sockaddr_in6))
 189                                 return -EINVAL;
 190
 191                         if (a->sockaddr.in6.sin6_port == 0)
 192                                 return -EINVAL;
 193
 194                         return 0;
 195
 196                 case AF_UNIX:
 197                         if (a->size < sizeof(sa_family_t))
 198                                 return -EINVAL;
 199
 200                         if (a->size > sizeof(sa_family_t)) {
 201
 202                                 if (a->sockaddr.un.sun_path[0] != 0) {
 203                                         char *e;
 204
 205                                         /* path */
 206                                         if (!(e = memchr(a->sockaddr.un.sun_path, 0, sizeof(a->sockaddr.un.sun_path))))
 207                                                 return -EINVAL;
 208
 209                                         if (a->size != sizeof(sa_family_t) + (e - a->sockaddr.un.sun_path) + 1)
 210                                                 return -EINVAL;
 211                                 }
 212                         }
 213
 214                         return 0;
 215
 216                 default:
 217                         return -EAFNOSUPPORT;
 218         }
 219 }
 220
 221 int socket_address_print(const SocketAddress *a, char **p) {
 222         int r;
 223         assert(a);
 224         assert(p);
 225
 226         if ((r = socket_address_verify(a)) < 0)
 227                 return r;
 228
 229         switch (socket_address_family(a)) {
 230                 case AF_INET: {
 231                         char *ret;
 232
 233                         if (!(ret = new(char, INET_ADDRSTRLEN+1+5+1)))
 234                                 return -ENOMEM;
 235
 236                         if (!inet_ntop(AF_INET, &a->sockaddr.in4.sin_addr, ret, INET_ADDRSTRLEN)) {
 237                                 free(ret);
 238                                 return -errno;
 239                         }
 240
 241                         sprintf(strchr(ret, 0), ":%u", ntohs(a->sockaddr.in4.sin_port));
 242                         *p = ret;
 243                         return 0;
 244                 }
 245
 246                 case AF_INET6: {
 247                         char *ret;
 248
 249                         if (!(ret = new(char, 1+INET6_ADDRSTRLEN+2+5+1)))
 250                                 return -ENOMEM;
 251
 252                         ret[0] = '[';
 253                         if (!inet_ntop(AF_INET6, &a->sockaddr.in6.sin6_addr, ret+1, INET6_ADDRSTRLEN)) {
 254                                 free(ret);
 255                                 return -errno;
 256                         }
 257
 258                         sprintf(strchr(ret, 0), "]:%u", ntohs(a->sockaddr.in6.sin6_port));
 259                         *p = ret;
 260                         return 0;
 261                 }
 262
 263                 case AF_UNIX: {
 264                         char *ret;
 265
 266                         if (a->size <= sizeof(sa_family_t)) {
 267
 268                                 if (!(ret = strdup("<unamed>")))
 269                                         return -ENOMEM;
 270
 271                         } else if (a->sockaddr.un.sun_path[0] == 0) {
 272                                 /* abstract */
 273
 274                                 /* FIXME: We assume we can print the
 275                                  * socket path here and that it hasn't
 276                                  * more than one NUL byte. That is
 277                                  * actually an invalid assumption */
 278
 279                                 if (!(ret = new(char, sizeof(a->sockaddr.un.sun_path)+1)))
 280                                         return -ENOMEM;
 281
 282                                 ret[0] = '@';
 283                                 memcpy(ret+1, a->sockaddr.un.sun_path+1, sizeof(a->sockaddr.un.sun_path)-1);
 284                                 ret[sizeof(a->sockaddr.un.sun_path)] = 0;
 285
 286                         } else {
 287
 288                                 if (!(ret = strdup(a->sockaddr.un.sun_path)))
 289                                         return -ENOMEM;
 290                         }
 291
 292                         *p = ret;
 293                         return 0;
 294                 }
 295
 296                 default:
 297                         return -EINVAL;
 298         }
 299 }
 300
 301 int socket_address_listen(
 302                 const SocketAddress *a,
 303                 int backlog,
 304                 SocketAddressBindIPv6Only only,
 305                 const char *bind_to_device,
 306                 bool free_bind,
 307                 mode_t directory_mode,
 308                 mode_t socket_mode,
 309                 security_context_t scon,
 310                 int *ret) {
 311
 312         int r, fd, one;
 313         assert(a);
 314         assert(ret);
 315
 316         if ((r = socket_address_verify(a)) < 0)
 317                 return r;
 318
 319         if (setsockcreatecon(scon) < 0) {
 320                 log_error("Failed to set SELinux context (%s) on socket: %m", scon);
 321                 if (security_getenforce() == 1)
 322                         return -errno;
 323         }
 324
 325         fd = socket(socket_address_family(a), a->type | SOCK_NONBLOCK | SOCK_CLOEXEC, 0);
 326         r = fd < 0 ? -errno : 0;
 327
 328         setsockcreatecon(NULL);
 329
 330         if (r < 0)
 331                 return r;
 332
 333         if (socket_address_family(a) == AF_INET6 && only != SOCKET_ADDRESS_DEFAULT) {
 334                 int flag = only == SOCKET_ADDRESS_IPV6_ONLY;
 335
 336                 if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &flag, sizeof(flag)) < 0)
 337                         goto fail;
 338         }
 339
 340         if (bind_to_device)
 341                 if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, bind_to_device, strlen(bind_to_device)+1) < 0)
 342                         goto fail;
 343
 344         if (free_bind) {
 345                 one = 1;
 346                 if (setsockopt(fd, IPPROTO_IP, IP_FREEBIND, &one, sizeof(one)) < 0)
 347                         log_warning("IP_FREEBIND failed: %m");
 348         }
 349
 350         one = 1;
 351         if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)) < 0)
 352                 goto fail;
 353
 354         if (socket_address_family(a) == AF_UNIX && a->sockaddr.un.sun_path[0] != 0) {
 355                 mode_t old_mask;
 356
 357                 /* Create parents */
 358                 mkdir_parents(a->sockaddr.un.sun_path, directory_mode);
 359
 360                 /* Enforce the right access mode for the socket*/
 361                 old_mask = umask(~ socket_mode);
 362
 363                 /* Include the original umask in our mask */
 364                 umask(~socket_mode | old_mask);
 365
 366                 r = bind(fd, &a->sockaddr.sa, a->size);
 367
 368                 if (r < 0 && errno == EADDRINUSE) {
 369                         /* Unlink and try again */
 370                         unlink(a->sockaddr.un.sun_path);
 371                         r = bind(fd, &a->sockaddr.sa, a->size);
 372                 }
 373
 374                 umask(old_mask);
 375         } else
 376                 r = bind(fd, &a->sockaddr.sa, a->size);
 377
 378         if (r < 0)
 379                 goto fail;
 380
 381         if (a->type == SOCK_STREAM)
 382                 if (listen(fd, backlog) < 0)
 383                         goto fail;
 384
 385         *ret = fd;
 386         return 0;
 387
 388 fail:
 389         r = -errno;
 390         close_nointr_nofail(fd);
 391         return r;
 392 }
 393
 394 bool socket_address_can_accept(const SocketAddress *a) {
 395         assert(a);
 396
 397         return
 398                 a->type == SOCK_STREAM ||
 399                 a->type == SOCK_SEQPACKET;
 400 }
 401
 402 bool socket_address_equal(const SocketAddress *a, const SocketAddress *b) {
 403         assert(a);
 404         assert(b);
 405
 406         /* Invalid addresses are unequal to all */
 407         if (socket_address_verify(a) < 0 ||
 408             socket_address_verify(b) < 0)
 409                 return false;
 410
 411         if (a->type != b->type)
 412                 return false;
 413
 414         if (a->size != b->size)
 415                 return false;
 416
 417         if (socket_address_family(a) != socket_address_family(b))
 418                 return false;
 419
 420         switch (socket_address_family(a)) {
 421
 422         case AF_INET:
 423                 if (a->sockaddr.in4.sin_addr.s_addr != b->sockaddr.in4.sin_addr.s_addr)
 424                         return false;
 425
 426                 if (a->sockaddr.in4.sin_port != b->sockaddr.in4.sin_port)
 427                         return false;
 428
 429                 break;
 430
 431         case AF_INET6:
 432                 if (memcmp(&a->sockaddr.in6.sin6_addr, &b->sockaddr.in6.sin6_addr, sizeof(a->sockaddr.in6.sin6_addr)) != 0)
 433                         return false;
 434
 435                 if (a->sockaddr.in6.sin6_port != b->sockaddr.in6.sin6_port)
 436                         return false;
 437
 438                 break;
 439
 440         case AF_UNIX:
 441
 442                 if ((a->sockaddr.un.sun_path[0] == 0) != (b->sockaddr.un.sun_path[0] == 0))
 443                         return false;
 444
 445                 if (a->sockaddr.un.sun_path[0]) {
 446                         if (strncmp(a->sockaddr.un.sun_path, b->sockaddr.un.sun_path, sizeof(a->sockaddr.un.sun_path)) != 0)
 447                                 return false;
 448                 } else {
 449                         if (memcmp(a->sockaddr.un.sun_path, b->sockaddr.un.sun_path, a->size) != 0)
 450                                 return false;
 451                 }
 452
 453                 break;
 454
 455         default:
 456                 /* Cannot compare, so we assume the addresses are different */
 457                 return false;
 458         }
 459
 460         return true;
 461 }
 462
 463 bool socket_address_is(const SocketAddress *a, const char *s, int type) {
 464         struct SocketAddress b;
 465
 466         assert(a);
 467         assert(s);
 468
 469         if (socket_address_parse(&b, s) < 0)
 470                 return false;
 471
 472         b.type = type;
 473
 474         return socket_address_equal(a, &b);
 475 }
 476
 477 bool socket_address_needs_mount(const SocketAddress *a, const char *prefix) {
 478         assert(a);
 479
 480         if (socket_address_family(a) != AF_UNIX)
 481                 return false;
 482
 483         if (a->sockaddr.un.sun_path[0] == 0)
 484                 return false;
 485
 486         return path_startswith(a->sockaddr.un.sun_path, prefix);
 487 }
 488
 489 static const char* const socket_address_bind_ipv6_only_table[_SOCKET_ADDRESS_BIND_IPV6_ONLY_MAX] = {
 490         [SOCKET_ADDRESS_DEFAULT] = "default",
 491         [SOCKET_ADDRESS_BOTH] = "both",
 492         [SOCKET_ADDRESS_IPV6_ONLY] = "ipv6-only"
 493 };
 494
 495 DEFINE_STRING_TABLE_LOOKUP(socket_address_bind_ipv6_only, SocketAddressBindIPv6Only);