[systemd-devel] [PATCH] add REMOTE_ADDR and REMOTE_PORT for Accept=yes

Zbigniew Jędrzejewski-Szmek zbyszek at in.waw.pl
Tue Mar 10 06:01:19 PDT 2015


On Tue, Mar 10, 2015 at 01:21:27PM +0100, Ronny Chevalier wrote:
> 2015-03-10 12:41 GMT+01:00 Shawn Landden <shawn at churchofgit.com>:
> > ---
> >  TODO                                     |  2 -
> >  man/systemd.socket.xml                   |  7 ++-
> >  src/core/service.c                       | 41 ++++++++++++++++-
> >  src/libsystemd/sd-resolve/test-resolve.c |  2 +-
> >  src/shared/socket-util.c                 | 76 +++++++++++++++++++++++---------
> >  src/shared/socket-util.h                 |  4 +-
> >  src/timesync/timesyncd-server.h          |  2 +-
> >  7 files changed, 106 insertions(+), 28 deletions(-)
Applied (with the fix for IN_SET).

Zbyszek


> >
> > diff --git a/TODO b/TODO
> > index ae32388..780084a 100644
> > --- a/TODO
> > +++ b/TODO
> > @@ -164,8 +164,6 @@ Features:
> >  * as soon as we have kdbus, and sender timestamps, revisit coalescing multiple parallel daemon reloads:
> >    http://lists.freedesktop.org/archives/systemd-devel/2014-December/025862.html
> >
> > -* set $REMOTE_IP (or $REMOTE_ADDR/$REMOTE_PORT) environment variable when doing per-connection socket activation. use format introduced by xinetd or CGI for this
> > -
> >  * the install state probably shouldn't get confused by generated units, think dbus1/kdbus compat!
> >
> >  * in systemctl list-unit-files: show the install value the presets would suggest for a service in a third column
> > diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml
> > index 3938345..6808179 100644
> > --- a/man/systemd.socket.xml
> > +++ b/man/systemd.socket.xml
> > @@ -357,7 +357,12 @@
> >          daemons designed for usage with
> >          <citerefentry><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
> >          to work unmodified with systemd socket
> > -        activation.</para></listitem>
> > +        activation.</para>
> > +
> > +        <para>For IPv4 and IPv6 connections the <varname>REMOTE_ADDR</varname>
> > +        environment variable will contain the remote IP, and <varname>REMOTE_PORT</varname>
> > +        will contain the remote port. This is the same as the format used by CGI.
> > +        For SOCK_RAW the port is the IP protocol.</para></listitem>
> >        </varlistentry>
> >
> >        <varlistentry>
> > diff --git a/src/core/service.c b/src/core/service.c
> > index cc4ea19..bcfce96 100644
> > --- a/src/core/service.c
> > +++ b/src/core/service.c
> > @@ -1095,7 +1095,7 @@ static int service_spawn(
> >          if (r < 0)
> >                  goto fail;
> >
> > -        our_env = new0(char*, 4);
> > +        our_env = new0(char*, 6);
> >          if (!our_env) {
> >                  r = -ENOMEM;
> >                  goto fail;
> > @@ -1119,6 +1119,45 @@ static int service_spawn(
> >                          goto fail;
> >                  }
> >
> > +        if (UNIT_DEREF(s->accept_socket)) {
> > +                union sockaddr_union sa;
> > +                socklen_t salen = sizeof(sa);
> > +
> > +                r = getpeername(s->socket_fd, &sa.sa, &salen);
> > +                if (r < 0) {
> > +                        r = -errno;
> > +                        goto fail;
> > +                }
> > +
> > +                if (IN_SET(sa.sa.sa_family, AF_INET, AF_INET6)) {
> > +                        _cleanup_free_ char *addr = NULL;
> > +                        char *t;
> > +                        int port;
> > +
> > +                        r = sockaddr_pretty(&sa.sa, salen, true, false, &addr);
> > +                        if (r < 0)
> > +                                goto fail;
> > +
> > +                        t = strappend("REMOTE_ADDR=", addr);
> > +                        if (!t) {
> > +                                r = -ENOMEM;
> > +                                goto fail;
> > +                        }
> > +                        our_env[n_env++] = t;
> > +
> > +                        port = sockaddr_port(&sa.sa);
> > +                        if (port < 0) {
> > +                                r = port;
> > +                                goto fail;
> > +                        }
> > +
> > +                        if (asprintf((our_env + n_env++), "REMOTE_PORT=%u", port) < 0) {
> > +                                r = -ENOMEM;
> > +                                goto fail;
> > +                        }
> > +                }
> > +        }
> > +
> >          final_env = strv_env_merge(2, UNIT(s)->manager->environment, our_env, NULL);
> >          if (!final_env) {
> >                  r = -ENOMEM;
> > diff --git a/src/libsystemd/sd-resolve/test-resolve.c b/src/libsystemd/sd-resolve/test-resolve.c
> > index 3187ce9..354a407 100644
> > --- a/src/libsystemd/sd-resolve/test-resolve.c
> > +++ b/src/libsystemd/sd-resolve/test-resolve.c
> > @@ -46,7 +46,7 @@ static int getaddrinfo_handler(sd_resolve_query *q, int ret, const struct addrin
> >          for (i = ai; i; i = i->ai_next) {
> >                  _cleanup_free_ char *addr = NULL;
> >
> > -                assert_se(sockaddr_pretty(i->ai_addr, i->ai_addrlen, false, &addr) == 0);
> > +                assert_se(sockaddr_pretty(i->ai_addr, i->ai_addrlen, false, true, &addr) == 0);
> >                  puts(addr);
> >          }
> >
> > diff --git a/src/shared/socket-util.c b/src/shared/socket-util.c
> > index 74d90fa..0d87cb1 100644
> > --- a/src/shared/socket-util.c
> > +++ b/src/shared/socket-util.c
> > @@ -297,7 +297,7 @@ int socket_address_print(const SocketAddress *a, char **ret) {
> >                  return 0;
> >          }
> >
> > -        return sockaddr_pretty(&a->sockaddr.sa, a->size, false, ret);
> > +        return sockaddr_pretty(&a->sockaddr.sa, a->size, false, true, ret);
> >  }
> >
> >  bool socket_address_can_accept(const SocketAddress *a) {
> > @@ -466,7 +466,20 @@ bool socket_address_matches_fd(const SocketAddress *a, int fd) {
> >          return socket_address_equal(a, &b);
> >  }
> >
> > -int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, char **ret) {
> > +int sockaddr_port(const struct sockaddr *_sa) {
> > +        union sockaddr_union *sa = (union sockaddr_union*) _sa;
> > +
> > +        assert(sa);
> > +
> > +        if (IN_SET(sa->sa.sa_family, AF_INET, AF_INET6))
> > +                return -EAFNOSUPPORT;
> 
> I think you meant
>         if (!IN_SET(...))
> 
> > +
> > +        return ntohs(sa->sa.sa_family == AF_INET6 ?
> > +                       sa->in6.sin6_port :
> > +                       sa->in.sin_port);
> > +}
> > +
> > +int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, bool include_port, char **ret) {
> >          union sockaddr_union *sa = (union sockaddr_union*) _sa;
> >          char *p;
> >
> > @@ -480,11 +493,18 @@ int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_
> >
> >                  a = ntohl(sa->in.sin_addr.s_addr);
> >
> > -                if (asprintf(&p,
> > -                             "%u.%u.%u.%u:%u",
> > -                             a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
> > -                             ntohs(sa->in.sin_port)) < 0)
> > -                        return -ENOMEM;
> > +                if (include_port) {
> > +                        if (asprintf(&p,
> > +                                     "%u.%u.%u.%u:%u",
> > +                                     a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
> > +                                     ntohs(sa->in.sin_port)) < 0)
> > +                                return -ENOMEM;
> > +                } else {
> > +                        if (asprintf(&p,
> > +                                     "%u.%u.%u.%u",
> > +                                     a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF) < 0)
> > +                                return -ENOMEM;
> > +                }
> >
> >                  break;
> >          }
> > @@ -496,20 +516,34 @@ int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_
> >
> >                  if (translate_ipv6 && memcmp(&sa->in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
> >                          const uint8_t *a = sa->in6.sin6_addr.s6_addr+12;
> > -
> > -                        if (asprintf(&p,
> > -                                     "%u.%u.%u.%u:%u",
> > -                                     a[0], a[1], a[2], a[3],
> > -                                     ntohs(sa->in6.sin6_port)) < 0)
> > -                                return -ENOMEM;
> > +                        if (include_port) {
> > +                                if (asprintf(&p,
> > +                                             "%u.%u.%u.%u:%u",
> > +                                             a[0], a[1], a[2], a[3],
> > +                                             ntohs(sa->in6.sin6_port)) < 0)
> > +                                        return -ENOMEM;
> > +                        } else {
> > +                                if (asprintf(&p,
> > +                                             "%u.%u.%u.%u",
> > +                                             a[0], a[1], a[2], a[3]) < 0)
> > +                                        return -ENOMEM;
> > +                        }
> >                  } else {
> >                          char a[INET6_ADDRSTRLEN];
> >
> > -                        if (asprintf(&p,
> > -                                     "[%s]:%u",
> > -                                     inet_ntop(AF_INET6, &sa->in6.sin6_addr, a, sizeof(a)),
> > -                                     ntohs(sa->in6.sin6_port)) < 0)
> > -                                return -ENOMEM;
> > +                        inet_ntop(AF_INET6, &sa->in6.sin6_addr, a, sizeof(a));
> > +
> > +                        if (include_port) {
> > +                                if (asprintf(&p,
> > +                                             "[%s]:%u",
> > +                                             a,
> > +                                             ntohs(sa->in6.sin6_port)) < 0)
> > +                                        return -ENOMEM;
> > +                        } else {
> > +                                p = strdup(a);
> > +                                if (!p)
> > +                                        return -ENOMEM;
> > +                        }
> >                  }
> >
> >                  break;
> > @@ -584,7 +618,7 @@ int getpeername_pretty(int fd, char **ret) {
> >          /* For remote sockets we translate IPv6 addresses back to IPv4
> >           * if applicable, since that's nicer. */
> >
> > -        return sockaddr_pretty(&sa.sa, salen, true, ret);
> > +        return sockaddr_pretty(&sa.sa, salen, true, true, ret);
> >  }
> >
> >  int getsockname_pretty(int fd, char **ret) {
> > @@ -602,7 +636,7 @@ int getsockname_pretty(int fd, char **ret) {
> >           * listening sockets where the difference between IPv4 and
> >           * IPv6 matters. */
> >
> > -        return sockaddr_pretty(&sa.sa, salen, false, ret);
> > +        return sockaddr_pretty(&sa.sa, salen, false, true, ret);
> >  }
> >
> >  int socknameinfo_pretty(union sockaddr_union *sa, socklen_t salen, char **_ret) {
> > @@ -616,7 +650,7 @@ int socknameinfo_pretty(union sockaddr_union *sa, socklen_t salen, char **_ret)
> >          if (r != 0) {
> >                  int saved_errno = errno;
> >
> > -                r = sockaddr_pretty(&sa->sa, salen, true, &ret);
> > +                r = sockaddr_pretty(&sa->sa, salen, true, true, &ret);
> >                  if (r < 0)
> >                          return log_error_errno(r, "sockadd_pretty() failed: %m");
> >
> > diff --git a/src/shared/socket-util.h b/src/shared/socket-util.h
> > index 2d2b902..1f48230 100644
> > --- a/src/shared/socket-util.h
> > +++ b/src/shared/socket-util.h
> > @@ -97,7 +97,9 @@ const char* socket_address_get_path(const SocketAddress *a);
> >
> >  bool socket_ipv6_is_supported(void);
> >
> > -int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, char **ret);
> > +int sockaddr_port(const struct sockaddr *_sa) _pure_;
> > +
> > +int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, bool include_port, char **ret);
> >  int getpeername_pretty(int fd, char **ret);
> >  int getsockname_pretty(int fd, char **ret);
> >
> > diff --git a/src/timesync/timesyncd-server.h b/src/timesync/timesyncd-server.h
> > index 243b44a..18c4444 100644
> > --- a/src/timesync/timesyncd-server.h
> > +++ b/src/timesync/timesyncd-server.h
> > @@ -59,7 +59,7 @@ struct ServerName {
> >  int server_address_new(ServerName *n, ServerAddress **ret, const union sockaddr_union *sockaddr, socklen_t socklen);
> >  ServerAddress* server_address_free(ServerAddress *a);
> >  static inline int server_address_pretty(ServerAddress *a, char **pretty) {
> > -        return sockaddr_pretty(&a->sockaddr.sa, a->socklen, true, pretty);
> > +        return sockaddr_pretty(&a->sockaddr.sa, a->socklen, true, true, pretty);
> >  }
> >
> >  int server_name_new(Manager *m, ServerName **ret, ServerType type,const char *string);
> > --
> > 2.2.1.209.g41e5f3a
> >
> > _______________________________________________
> > systemd-devel mailing list
> > systemd-devel at lists.freedesktop.org
> > http://lists.freedesktop.org/mailman/listinfo/systemd-devel
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel


More information about the systemd-devel mailing list