>From 2d21a703e9395430d0989d5d2ce80e28ccf1381d Mon Sep 17 00:00:00 2001 From: Joseph Artsimovich Date: Thu, 22 Aug 2013 16:13:46 +0100 Subject: [PATCH] Support systemd socket activation mechanism The idea behind systemd socket activation is to launch a server on demand, when a client connects to it. Unlike with inetd, it doesn't mean a separate instance of a server is launched for each client connection. Instead, systemd passes a listening socket to the server process. In libsoup, to receive a listening socket from systemd, use: soup_server_new (SOUP_SERVER_SYSTEMD_SOCKET_ACTIVATION, TRUE, NULL) This functionality is also available on SoupSocket level: soup_socket_new (SOUP_SOCKET_SYSTEMD_SOCKET_ACTIVATION, TRUE, NULL) You still need to call soup_socket_listen() afterwards. --- configure.ac | 16 ++ libsoup/Makefile.am | 8 + libsoup/sd-daemon.c | 520 +++++++++++++++++++++++++++++++++++++++++++++++++ libsoup/sd-daemon.h | 282 ++++++++++++++++++++++++++ libsoup/soup-server.c | 28 +++ libsoup/soup-server.h | 17 +- libsoup/soup-socket.c | 124 +++++++++--- libsoup/soup-socket.h | 27 ++-- tests/Makefile.am | 4 + tests/systemd-test.c | 155 +++++++++++++++ 10 files changed, 1132 insertions(+), 49 deletions(-) create mode 100644 libsoup/sd-daemon.c create mode 100644 libsoup/sd-daemon.h create mode 100644 tests/systemd-test.c diff --git a/configure.ac b/configure.ac index 742e543..27b5fa4 100644 --- a/configure.ac +++ b/configure.ac @@ -113,6 +113,22 @@ esac AC_MSG_RESULT([$os_win32]) AM_CONDITIONAL(OS_WIN32, [test $os_win32 = yes]) +dnl *********************** +dnl *** Check for Linux *** +dnl *********************** + +AC_MSG_CHECKING([for Linux]) +case "$host" in + *-*-linux*) + os_linux=yes + ;; + *) + os_linux=no + ;; +esac +AC_MSG_RESULT([$os_linux]) +AM_CONDITIONAL(OS_LINUX, [test $os_linux = yes]) + dnl ************************ dnl *** gettext/intltool *** dnl ************************ diff --git a/libsoup/Makefile.am b/libsoup/Makefile.am index 60920bd..deec9f6 100644 --- a/libsoup/Makefile.am +++ b/libsoup/Makefile.am @@ -69,6 +69,10 @@ soup_headers = \ soup-value-utils.h \ soup-xmlrpc.h +if OS_LINUX +soup_headers += sd-daemon.h +endif + libsoupinclude_HEADERS = \ $(soup_headers) \ soup-enum-types.h @@ -184,6 +188,10 @@ libsoup_2_4_la_SOURCES = \ soup-version.c \ soup-xmlrpc.c +if OS_LINUX +libsoup_2_4_la_SOURCES += sd-daemon.c +endif + # TLD rules EXTRA_DIST += tld-parser.py diff --git a/libsoup/sd-daemon.c b/libsoup/sd-daemon.c new file mode 100644 index 0000000..485b301 --- /dev/null +++ b/libsoup/sd-daemon.c @@ -0,0 +1,520 @@ +/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ + +/*** + Copyright 2010 Lennart Poettering + + Permission is hereby granted, free of charge, to any person + obtaining a copy of this software and associated documentation files + (the "Software"), to deal in the Software without restriction, + including without limitation the rights to use, copy, modify, merge, + publish, distribute, sublicense, and/or sell copies of the Software, + and to permit persons to whom the Software is furnished to do so, + subject to the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. +***/ + +#ifndef _GNU_SOURCE +# define _GNU_SOURCE +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#if defined(__linux__) && !defined(SD_DAEMON_DISABLE_MQ) +# include +#endif + +#include "sd-daemon.h" + +#if (__GNUC__ >= 4) +# ifdef SD_EXPORT_SYMBOLS +/* Export symbols */ +# define _sd_export_ __attribute__ ((visibility("default"))) +# else +/* Don't export the symbols */ +# define _sd_export_ __attribute__ ((visibility("hidden"))) +# endif +#else +# define _sd_export_ +#endif + +_sd_export_ int sd_listen_fds(int unset_environment) { + +#if defined(DISABLE_SYSTEMD) || !defined(__linux__) + return 0; +#else + int r, fd; + const char *e; + char *p = NULL; + unsigned long l; + + e = getenv("LISTEN_PID"); + if (!e) { + r = 0; + goto finish; + } + + errno = 0; + l = strtoul(e, &p, 10); + + if (errno > 0) { + r = -errno; + goto finish; + } + + if (!p || p == e || *p || l <= 0) { + r = -EINVAL; + goto finish; + } + + /* Is this for us? */ + if (getpid() != (pid_t) l) { + r = 0; + goto finish; + } + + e = getenv("LISTEN_FDS"); + if (!e) { + r = 0; + goto finish; + } + + errno = 0; + l = strtoul(e, &p, 10); + + if (errno > 0) { + r = -errno; + goto finish; + } + + if (!p || p == e || *p) { + r = -EINVAL; + goto finish; + } + + for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + (int) l; fd ++) { + int flags; + + flags = fcntl(fd, F_GETFD); + if (flags < 0) { + r = -errno; + goto finish; + } + + if (flags & FD_CLOEXEC) + continue; + + if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) < 0) { + r = -errno; + goto finish; + } + } + + r = (int) l; + +finish: + if (unset_environment) { + unsetenv("LISTEN_PID"); + unsetenv("LISTEN_FDS"); + } + + return r; +#endif +} + +_sd_export_ int sd_is_fifo(int fd, const char *path) { + struct stat st_fd; + + if (fd < 0) + return -EINVAL; + + if (fstat(fd, &st_fd) < 0) + return -errno; + + if (!S_ISFIFO(st_fd.st_mode)) + return 0; + + if (path) { + struct stat st_path; + + if (stat(path, &st_path) < 0) { + + if (errno == ENOENT || errno == ENOTDIR) + return 0; + + return -errno; + } + + return + st_path.st_dev == st_fd.st_dev && + st_path.st_ino == st_fd.st_ino; + } + + return 1; +} + +_sd_export_ int sd_is_special(int fd, const char *path) { + struct stat st_fd; + + if (fd < 0) + return -EINVAL; + + if (fstat(fd, &st_fd) < 0) + return -errno; + + if (!S_ISREG(st_fd.st_mode) && !S_ISCHR(st_fd.st_mode)) + return 0; + + if (path) { + struct stat st_path; + + if (stat(path, &st_path) < 0) { + + if (errno == ENOENT || errno == ENOTDIR) + return 0; + + return -errno; + } + + if (S_ISREG(st_fd.st_mode) && S_ISREG(st_path.st_mode)) + return + st_path.st_dev == st_fd.st_dev && + st_path.st_ino == st_fd.st_ino; + else if (S_ISCHR(st_fd.st_mode) && S_ISCHR(st_path.st_mode)) + return st_path.st_rdev == st_fd.st_rdev; + else + return 0; + } + + return 1; +} + +static int sd_is_socket_internal(int fd, int type, int listening) { + struct stat st_fd; + + if (fd < 0 || type < 0) + return -EINVAL; + + if (fstat(fd, &st_fd) < 0) + return -errno; + + if (!S_ISSOCK(st_fd.st_mode)) + return 0; + + if (type != 0) { + int other_type = 0; + socklen_t l = sizeof(other_type); + + if (getsockopt(fd, SOL_SOCKET, SO_TYPE, &other_type, &l) < 0) + return -errno; + + if (l != sizeof(other_type)) + return -EINVAL; + + if (other_type != type) + return 0; + } + + if (listening >= 0) { + int accepting = 0; + socklen_t l = sizeof(accepting); + + if (getsockopt(fd, SOL_SOCKET, SO_ACCEPTCONN, &accepting, &l) < 0) + return -errno; + + if (l != sizeof(accepting)) + return -EINVAL; + + if (!accepting != !listening) + return 0; + } + + return 1; +} + +union sockaddr_union { + struct sockaddr sa; + struct sockaddr_in in4; + struct sockaddr_in6 in6; + struct sockaddr_un un; + struct sockaddr_storage storage; +}; + +_sd_export_ int sd_is_socket(int fd, int family, int type, int listening) { + int r; + + if (family < 0) + return -EINVAL; + + r = sd_is_socket_internal(fd, type, listening); + if (r <= 0) + return r; + + if (family > 0) { + union sockaddr_union sockaddr = {}; + socklen_t l = sizeof(sockaddr); + + if (getsockname(fd, &sockaddr.sa, &l) < 0) + return -errno; + + if (l < sizeof(sa_family_t)) + return -EINVAL; + + return sockaddr.sa.sa_family == family; + } + + return 1; +} + +_sd_export_ int sd_is_socket_inet(int fd, int family, int type, int listening, uint16_t port) { + union sockaddr_union sockaddr = {}; + socklen_t l = sizeof(sockaddr); + int r; + + if (family != 0 && family != AF_INET && family != AF_INET6) + return -EINVAL; + + r = sd_is_socket_internal(fd, type, listening); + if (r <= 0) + return r; + + if (getsockname(fd, &sockaddr.sa, &l) < 0) + return -errno; + + if (l < sizeof(sa_family_t)) + return -EINVAL; + + if (sockaddr.sa.sa_family != AF_INET && + sockaddr.sa.sa_family != AF_INET6) + return 0; + + if (family > 0) + if (sockaddr.sa.sa_family != family) + return 0; + + if (port > 0) { + if (sockaddr.sa.sa_family == AF_INET) { + if (l < sizeof(struct sockaddr_in)) + return -EINVAL; + + return htons(port) == sockaddr.in4.sin_port; + } else { + if (l < sizeof(struct sockaddr_in6)) + return -EINVAL; + + return htons(port) == sockaddr.in6.sin6_port; + } + } + + return 1; +} + +_sd_export_ int sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t length) { + union sockaddr_union sockaddr = {}; + socklen_t l = sizeof(sockaddr); + int r; + + r = sd_is_socket_internal(fd, type, listening); + if (r <= 0) + return r; + + if (getsockname(fd, &sockaddr.sa, &l) < 0) + return -errno; + + if (l < sizeof(sa_family_t)) + return -EINVAL; + + if (sockaddr.sa.sa_family != AF_UNIX) + return 0; + + if (path) { + if (length == 0) + length = strlen(path); + + if (length == 0) + /* Unnamed socket */ + return l == offsetof(struct sockaddr_un, sun_path); + + if (path[0]) + /* Normal path socket */ + return + (l >= offsetof(struct sockaddr_un, sun_path) + length + 1) && + memcmp(path, sockaddr.un.sun_path, length+1) == 0; + else + /* Abstract namespace socket */ + return + (l == offsetof(struct sockaddr_un, sun_path) + length) && + memcmp(path, sockaddr.un.sun_path, length) == 0; + } + + return 1; +} + +_sd_export_ int sd_is_mq(int fd, const char *path) { +#if !defined(__linux__) || defined(SD_DAEMON_DISABLE_MQ) + return 0; +#else + struct mq_attr attr; + + if (fd < 0) + return -EINVAL; + + if (mq_getattr(fd, &attr) < 0) + return -errno; + + if (path) { + char fpath[PATH_MAX]; + struct stat a, b; + + if (path[0] != '/') + return -EINVAL; + + if (fstat(fd, &a) < 0) + return -errno; + + strncpy(stpcpy(fpath, "/dev/mqueue"), path, sizeof(fpath) - 12); + fpath[sizeof(fpath)-1] = 0; + + if (stat(fpath, &b) < 0) + return -errno; + + if (a.st_dev != b.st_dev || + a.st_ino != b.st_ino) + return 0; + } + + return 1; +#endif +} + +_sd_export_ int sd_notify(int unset_environment, const char *state) { +#if defined(DISABLE_SYSTEMD) || !defined(__linux__) || !defined(SOCK_CLOEXEC) + return 0; +#else + int fd = -1, r; + struct msghdr msghdr; + struct iovec iovec; + union sockaddr_union sockaddr; + const char *e; + + if (!state) { + r = -EINVAL; + goto finish; + } + + e = getenv("NOTIFY_SOCKET"); + if (!e) + return 0; + + /* Must be an abstract socket, or an absolute path */ + if ((e[0] != '@' && e[0] != '/') || e[1] == 0) { + r = -EINVAL; + goto finish; + } + + fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0); + if (fd < 0) { + r = -errno; + goto finish; + } + + memset(&sockaddr, 0, sizeof(sockaddr)); + sockaddr.sa.sa_family = AF_UNIX; + strncpy(sockaddr.un.sun_path, e, sizeof(sockaddr.un.sun_path)); + + if (sockaddr.un.sun_path[0] == '@') + sockaddr.un.sun_path[0] = 0; + + memset(&iovec, 0, sizeof(iovec)); + iovec.iov_base = (char*) state; + iovec.iov_len = strlen(state); + + memset(&msghdr, 0, sizeof(msghdr)); + msghdr.msg_name = &sockaddr; + msghdr.msg_namelen = offsetof(struct sockaddr_un, sun_path) + strlen(e); + + if (msghdr.msg_namelen > sizeof(struct sockaddr_un)) + msghdr.msg_namelen = sizeof(struct sockaddr_un); + + msghdr.msg_iov = &iovec; + msghdr.msg_iovlen = 1; + + if (sendmsg(fd, &msghdr, MSG_NOSIGNAL) < 0) { + r = -errno; + goto finish; + } + + r = 1; + +finish: + if (unset_environment) + unsetenv("NOTIFY_SOCKET"); + + if (fd >= 0) + close(fd); + + return r; +#endif +} + +_sd_export_ int sd_notifyf(int unset_environment, const char *format, ...) { +#if defined(DISABLE_SYSTEMD) || !defined(__linux__) + return 0; +#else + va_list ap; + char *p = NULL; + int r; + + va_start(ap, format); + r = vasprintf(&p, format, ap); + va_end(ap); + + if (r < 0 || !p) + return -ENOMEM; + + r = sd_notify(unset_environment, p); + free(p); + + return r; +#endif +} + +_sd_export_ int sd_booted(void) { +#if defined(DISABLE_SYSTEMD) || !defined(__linux__) + return 0; +#else + struct stat st; + + /* We test whether the runtime unit file directory has been + * created. This takes place in mount-setup.c, so is + * guaranteed to happen very early during boot. */ + + if (lstat("/run/systemd/system/", &st) < 0) + return 0; + + return !!S_ISDIR(st.st_mode); +#endif +} diff --git a/libsoup/sd-daemon.h b/libsoup/sd-daemon.h new file mode 100644 index 0000000..daa3f4c --- /dev/null +++ b/libsoup/sd-daemon.h @@ -0,0 +1,282 @@ +/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ + +#ifndef foosddaemonhfoo +#define foosddaemonhfoo + +/*** + Copyright 2010 Lennart Poettering + + Permission is hereby granted, free of charge, to any person + obtaining a copy of this software and associated documentation files + (the "Software"), to deal in the Software without restriction, + including without limitation the rights to use, copy, modify, merge, + publish, distribute, sublicense, and/or sell copies of the Software, + and to permit persons to whom the Software is furnished to do so, + subject to the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. +***/ + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + Reference implementation of a few systemd related interfaces for + writing daemons. These interfaces are trivial to implement. To + simplify porting we provide this reference implementation. + Applications are welcome to reimplement the algorithms described + here if they do not want to include these two source files. + + The following functionality is provided: + + - Support for logging with log levels on stderr + - File descriptor passing for socket-based activation + - Daemon startup and status notification + - Detection of systemd boots + + You may compile this with -DDISABLE_SYSTEMD to disable systemd + support. This makes all those calls NOPs that are directly related to + systemd (i.e. only sd_is_xxx() will stay useful). + + Since this is drop-in code we don't want any of our symbols to be + exported in any case. Hence we declare hidden visibility for all of + them. + + You may find an up-to-date version of these source files online: + + http://cgit.freedesktop.org/systemd/systemd/plain/src/systemd/sd-daemon.h + http://cgit.freedesktop.org/systemd/systemd/plain/src/libsystemd-daemon/sd-daemon.c + + This should compile on non-Linux systems, too, but with the + exception of the sd_is_xxx() calls all functions will become NOPs. + + See sd-daemon(3) for more information. +*/ + +#ifndef _sd_printf_attr_ +# if __GNUC__ >= 4 +# define _sd_printf_attr_(a,b) __attribute__ ((format (printf, a, b))) +# else +# define _sd_printf_attr_(a,b) +# endif +#endif + +/* + Log levels for usage on stderr: + + fprintf(stderr, SD_NOTICE "Hello World!\n"); + + This is similar to printk() usage in the kernel. +*/ +#define SD_EMERG "<0>" /* system is unusable */ +#define SD_ALERT "<1>" /* action must be taken immediately */ +#define SD_CRIT "<2>" /* critical conditions */ +#define SD_ERR "<3>" /* error conditions */ +#define SD_WARNING "<4>" /* warning conditions */ +#define SD_NOTICE "<5>" /* normal but significant condition */ +#define SD_INFO "<6>" /* informational */ +#define SD_DEBUG "<7>" /* debug-level messages */ + +/* The first passed file descriptor is fd 3 */ +#define SD_LISTEN_FDS_START 3 + +/* + Returns how many file descriptors have been passed, or a negative + errno code on failure. Optionally, removes the $LISTEN_FDS and + $LISTEN_PID file descriptors from the environment (recommended, but + problematic in threaded environments). If r is the return value of + this function you'll find the file descriptors passed as fds + SD_LISTEN_FDS_START to SD_LISTEN_FDS_START+r-1. Returns a negative + errno style error code on failure. This function call ensures that + the FD_CLOEXEC flag is set for the passed file descriptors, to make + sure they are not passed on to child processes. If FD_CLOEXEC shall + not be set, the caller needs to unset it after this call for all file + descriptors that are used. + + See sd_listen_fds(3) for more information. +*/ +int sd_listen_fds(int unset_environment); + +/* + Helper call for identifying a passed file descriptor. Returns 1 if + the file descriptor is a FIFO in the file system stored under the + specified path, 0 otherwise. If path is NULL a path name check will + not be done and the call only verifies if the file descriptor + refers to a FIFO. Returns a negative errno style error code on + failure. + + See sd_is_fifo(3) for more information. +*/ +int sd_is_fifo(int fd, const char *path); + +/* + Helper call for identifying a passed file descriptor. Returns 1 if + the file descriptor is a special character device on the file + system stored under the specified path, 0 otherwise. + If path is NULL a path name check will not be done and the call + only verifies if the file descriptor refers to a special character. + Returns a negative errno style error code on failure. + + See sd_is_special(3) for more information. +*/ +int sd_is_special(int fd, const char *path); + +/* + Helper call for identifying a passed file descriptor. Returns 1 if + the file descriptor is a socket of the specified family (AF_INET, + ...) and type (SOCK_DGRAM, SOCK_STREAM, ...), 0 otherwise. If + family is 0 a socket family check will not be done. If type is 0 a + socket type check will not be done and the call only verifies if + the file descriptor refers to a socket. If listening is > 0 it is + verified that the socket is in listening mode. (i.e. listen() has + been called) If listening is == 0 it is verified that the socket is + not in listening mode. If listening is < 0 no listening mode check + is done. Returns a negative errno style error code on failure. + + See sd_is_socket(3) for more information. +*/ +int sd_is_socket(int fd, int family, int type, int listening); + +/* + Helper call for identifying a passed file descriptor. Returns 1 if + the file descriptor is an Internet socket, of the specified family + (either AF_INET or AF_INET6) and the specified type (SOCK_DGRAM, + SOCK_STREAM, ...), 0 otherwise. If version is 0 a protocol version + check is not done. If type is 0 a socket type check will not be + done. If port is 0 a socket port check will not be done. The + listening flag is used the same way as in sd_is_socket(). Returns a + negative errno style error code on failure. + + See sd_is_socket_inet(3) for more information. +*/ +int sd_is_socket_inet(int fd, int family, int type, int listening, uint16_t port); + +/* + Helper call for identifying a passed file descriptor. Returns 1 if + the file descriptor is an AF_UNIX socket of the specified type + (SOCK_DGRAM, SOCK_STREAM, ...) and path, 0 otherwise. If type is 0 + a socket type check will not be done. If path is NULL a socket path + check will not be done. For normal AF_UNIX sockets set length to + 0. For abstract namespace sockets set length to the length of the + socket name (including the initial 0 byte), and pass the full + socket path in path (including the initial 0 byte). The listening + flag is used the same way as in sd_is_socket(). Returns a negative + errno style error code on failure. + + See sd_is_socket_unix(3) for more information. +*/ +int sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t length); + +/* + Helper call for identifying a passed file descriptor. Returns 1 if + the file descriptor is a POSIX Message Queue of the specified name, + 0 otherwise. If path is NULL a message queue name check is not + done. Returns a negative errno style error code on failure. +*/ +int sd_is_mq(int fd, const char *path); + +/* + Informs systemd about changed daemon state. This takes a number of + newline separated environment-style variable assignments in a + string. The following variables are known: + + READY=1 Tells systemd that daemon startup is finished (only + relevant for services of Type=notify). The passed + argument is a boolean "1" or "0". Since there is + little value in signaling non-readiness the only + value daemons should send is "READY=1". + + STATUS=... Passes a single-line status string back to systemd + that describes the daemon state. This is free-from + and can be used for various purposes: general state + feedback, fsck-like programs could pass completion + percentages and failing programs could pass a human + readable error message. Example: "STATUS=Completed + 66% of file system check..." + + ERRNO=... If a daemon fails, the errno-style error code, + formatted as string. Example: "ERRNO=2" for ENOENT. + + BUSERROR=... If a daemon fails, the D-Bus error-style error + code. Example: "BUSERROR=org.freedesktop.DBus.Error.TimedOut" + + MAINPID=... The main pid of a daemon, in case systemd did not + fork off the process itself. Example: "MAINPID=4711" + + WATCHDOG=1 Tells systemd to update the watchdog timestamp. + Services using this feature should do this in + regular intervals. A watchdog framework can use the + timestamps to detect failed services. + + Daemons can choose to send additional variables. However, it is + recommended to prefix variable names not listed above with X_. + + Returns a negative errno-style error code on failure. Returns > 0 + if systemd could be notified, 0 if it couldn't possibly because + systemd is not running. + + Example: When a daemon finished starting up, it could issue this + call to notify systemd about it: + + sd_notify(0, "READY=1"); + + See sd_notifyf() for more complete examples. + + See sd_notify(3) for more information. +*/ +int sd_notify(int unset_environment, const char *state); + +/* + Similar to sd_notify() but takes a format string. + + Example 1: A daemon could send the following after initialization: + + sd_notifyf(0, "READY=1\n" + "STATUS=Processing requests...\n" + "MAINPID=%lu", + (unsigned long) getpid()); + + Example 2: A daemon could send the following shortly before + exiting, on failure: + + sd_notifyf(0, "STATUS=Failed to start up: %s\n" + "ERRNO=%i", + strerror(errno), + errno); + + See sd_notifyf(3) for more information. +*/ +int sd_notifyf(int unset_environment, const char *format, ...) _sd_printf_attr_(2,3); + +/* + Returns > 0 if the system was booted with systemd. Returns < 0 on + error. Returns 0 if the system was not booted with systemd. Note + that all of the functions above handle non-systemd boots just + fine. You should NOT protect them with a call to this function. Also + note that this function checks whether the system, not the user + session is controlled by systemd. However the functions above work + for both user and system services. + + See sd_booted(3) for more information. +*/ +int sd_booted(void); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libsoup/soup-server.c b/libsoup/soup-server.c index ff51e5b..b86af85 100644 --- a/libsoup/soup-server.c +++ b/libsoup/soup-server.c @@ -87,6 +87,7 @@ typedef struct { typedef struct { SoupAddress *iface; guint port; + gboolean systemd_socket_activation; char *ssl_cert_file, *ssl_key_file; GTlsCertificate *ssl_cert; @@ -121,6 +122,7 @@ enum { PROP_ASYNC_CONTEXT, PROP_RAW_PATHS, PROP_SERVER_HEADER, + PROP_SYSTEMD_SOCKET_ACTIVATION, LAST_PROP }; @@ -233,6 +235,8 @@ soup_server_constructor (GType type, soup_socket_new (SOUP_SOCKET_LOCAL_ADDRESS, priv->iface, SOUP_SOCKET_SSL_CREDENTIALS, priv->ssl_cert, SOUP_SOCKET_ASYNC_CONTEXT, priv->async_context, + SOUP_SOCKET_SYSTEMD_SOCKET_ACTIVATION, + priv->systemd_socket_activation, NULL); if (!soup_socket_listen (priv->listen_sock)) { g_object_unref (server); @@ -304,6 +308,9 @@ soup_server_set_property (GObject *object, guint prop_id, } else priv->server_header = g_strdup (header); break; + case PROP_SYSTEMD_SOCKET_ACTIVATION: + priv->systemd_socket_activation = g_value_get_boolean (value); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -341,6 +348,9 @@ soup_server_get_property (GObject *object, guint prop_id, case PROP_SERVER_HEADER: g_value_set_string (value, priv->server_header); break; + case PROP_SYSTEMD_SOCKET_ACTIVATION: + g_value_set_boolean (value, priv->systemd_socket_activation); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -628,6 +638,24 @@ soup_server_class_init (SoupServerClass *server_class) "Server header", NULL, G_PARAM_READWRITE | G_PARAM_CONSTRUCT)); + + /** + * SOUP_SERVER_SYSTEMD_SOCKET_ACTIVATION: + * + * Alias for the #SoupServer:systemd-socket-activation property. + * If set to TRUE, the listening socket will be received + * through systemd socket activation mechanism. The #SoupServer:port + * and #SoupServer:interface properties are ignored in this case. + * + * Since: 2.44 + **/ + g_object_class_install_property ( + object_class, PROP_SYSTEMD_SOCKET_ACTIVATION, + g_param_spec_boolean (SOUP_SERVER_SYSTEMD_SOCKET_ACTIVATION, + "Systemd socket activation", + "Receive listening socket from systemd", + FALSE, + G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); } /** diff --git a/libsoup/soup-server.h b/libsoup/soup-server.h index e1c9bbf..ca3dfa1 100644 --- a/libsoup/soup-server.h +++ b/libsoup/soup-server.h @@ -56,14 +56,15 @@ typedef void (*SoupServerCallback) (SoupServer *server, SoupClientContext *client, gpointer user_data); -#define SOUP_SERVER_PORT "port" -#define SOUP_SERVER_INTERFACE "interface" -#define SOUP_SERVER_SSL_CERT_FILE "ssl-cert-file" -#define SOUP_SERVER_SSL_KEY_FILE "ssl-key-file" -#define SOUP_SERVER_TLS_CERTIFICATE "tls-certificate" -#define SOUP_SERVER_ASYNC_CONTEXT "async-context" -#define SOUP_SERVER_RAW_PATHS "raw-paths" -#define SOUP_SERVER_SERVER_HEADER "server-header" +#define SOUP_SERVER_PORT "port" +#define SOUP_SERVER_INTERFACE "interface" +#define SOUP_SERVER_SSL_CERT_FILE "ssl-cert-file" +#define SOUP_SERVER_SSL_KEY_FILE "ssl-key-file" +#define SOUP_SERVER_TLS_CERTIFICATE "tls-certificate" +#define SOUP_SERVER_ASYNC_CONTEXT "async-context" +#define SOUP_SERVER_RAW_PATHS "raw-paths" +#define SOUP_SERVER_SERVER_HEADER "server-header" +#define SOUP_SERVER_SYSTEMD_SOCKET_ACTIVATION "systemd-socket-activation" SoupServer *soup_server_new (const char *optname1, ...) G_GNUC_NULL_TERMINATED; diff --git a/libsoup/soup-socket.c b/libsoup/soup-socket.c index baa9290..61ee3f0 100644 --- a/libsoup/soup-socket.c +++ b/libsoup/soup-socket.c @@ -19,6 +19,10 @@ #include "soup-io-stream.h" #include "soup-misc-private.h" +#ifdef __linux__ +#include "sd-daemon.h" +#endif + /** * SECTION:soup-socket * @short_description: A network socket @@ -60,6 +64,7 @@ enum { PROP_TLS_CERTIFICATE, PROP_TLS_ERRORS, PROP_PROXY_RESOLVER, + PROP_SYSTEMD_SOCKET_ACTIVATION, LAST_PROP }; @@ -80,6 +85,7 @@ typedef struct { guint ssl_fallback:1; guint clean_dispose:1; guint use_thread_context:1; + guint systemd_socket_activation:1; gpointer ssl_creds; GMainContext *async_context; @@ -228,6 +234,9 @@ soup_socket_set_property (GObject *object, guint prop_id, case PROP_CLEAN_DISPOSE: priv->clean_dispose = g_value_get_boolean (value); break; + case PROP_SYSTEMD_SOCKET_ACTIVATION: + priv->systemd_socket_activation = g_value_get_boolean (value); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -286,6 +295,9 @@ soup_socket_get_property (GObject *object, guint prop_id, case PROP_PROXY_RESOLVER: g_value_set_object (value, priv->proxy_resolver); break; + case PROP_SYSTEMD_SOCKET_ACTIVATION: + g_value_set_boolean (value, priv->systemd_socket_activation); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -627,6 +639,24 @@ soup_socket_class_init (SoupSocketClass *socket_class) "GProxyResolver to use", G_TYPE_PROXY_RESOLVER, G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); + + /** + * SOUP_SOCKET_SYSTEMD_SOCKET_ACTIVATION: + * + * Alias for the #SoupSocket:systemd-socket-activation + * property. If set to TRUE, soup_socket_listen() will be receiving + * a listening socket from systemd socket activation mechanism. + * The #SoupSocket:local-address property is ignored in this case. + * + * Since: 2.44 + **/ + g_object_class_install_property ( + object_class, PROP_SYSTEMD_SOCKET_ACTIVATION, + g_param_spec_boolean (SOUP_SOCKET_SYSTEMD_SOCKET_ACTIVATION, + "Systemd socket activation", + "Receive listening socket from systemd", + FALSE, + G_PARAM_WRITABLE | G_PARAM_CONSTRUCT_ONLY)); } @@ -965,53 +995,91 @@ soup_socket_listen (SoupSocket *sock) { SoupSocketPrivate *priv; - GSocketAddress *addr; + GSocketAddress *addr = 0; g_return_val_if_fail (SOUP_IS_SOCKET (sock), FALSE); priv = SOUP_SOCKET_GET_PRIVATE (sock); g_return_val_if_fail (priv->gsock == NULL, FALSE); - g_return_val_if_fail (priv->local_addr != NULL, FALSE); + if (!priv->systemd_socket_activation) + g_return_val_if_fail (priv->local_addr != NULL, FALSE); priv->is_server = TRUE; - /* @local_addr may have its port set to 0. So we intentionally - * don't store it in priv->local_addr, so that if the - * caller calls soup_socket_get_local_address() later, we'll - * have to make a new addr by calling getsockname(), which - * will have the right port number. - */ - addr = soup_address_get_gsockaddr (priv->local_addr); - g_return_val_if_fail (addr != NULL, FALSE); - - priv->gsock = g_socket_new (g_socket_address_get_family (addr), - G_SOCKET_TYPE_STREAM, - G_SOCKET_PROTOCOL_DEFAULT, - NULL); - if (!priv->gsock) + if (priv->systemd_socket_activation) { +#ifndef __linux__ + g_warning ("Systemd socket activation is only available on Linux"); goto cant_listen; - finish_socket_setup (priv); +#else + int fd; + int num_fds = sd_listen_fds(0); + + if (num_fds == 0) { + g_warning ("Systemd didn't pass any file descriptors"); + goto cant_listen; + } else if (num_fds > 1) { + g_warning ("Systemd passed more than one file descriptor"); + goto cant_listen; + } - /* Bind */ - if (!g_socket_bind (priv->gsock, addr, TRUE, NULL)) - goto cant_listen; - /* Force local_addr to be re-resolved now */ - g_object_unref (priv->local_addr); - priv->local_addr = NULL; + fd = SD_LISTEN_FDS_START; + if (!sd_is_socket_inet(fd, /*any family*/0, SOCK_STREAM, + /*listen*/1, /*any port*/0)) { + g_warning ("A non-socket was received from systemd"); + goto cant_listen; + } - /* Listen */ - if (!g_socket_listen (priv->gsock, NULL)) - goto cant_listen; + priv->gsock = g_socket_new_from_fd (fd, NULL); + if (!priv->gsock) + goto cant_listen; + finish_socket_setup (priv); +#endif + } else { + /* @local_addr may have its port set to 0. So we intentionally + * don't store it in priv->local_addr, so that if the + * caller calls soup_socket_get_local_address() later, we'll + * have to make a new addr by calling getsockname(), which + * will have the right port number. + */ + addr = soup_address_get_gsockaddr (priv->local_addr); + g_return_val_if_fail (addr != NULL, FALSE); + + priv->gsock = g_socket_new (g_socket_address_get_family (addr), + G_SOCKET_TYPE_STREAM, + G_SOCKET_PROTOCOL_DEFAULT, + NULL); + + if (!priv->gsock) + goto cant_listen; + finish_socket_setup (priv); + + /* Bind */ + if (!g_socket_bind (priv->gsock, addr, TRUE, NULL)) + goto cant_listen; + + /* Listen */ + if (!g_socket_listen (priv->gsock, NULL)) + goto cant_listen; + + g_object_unref (addr); + } + + /* Force local_addr to be re-resolved now */ + if (priv->local_addr) { + g_object_unref (priv->local_addr); + priv->local_addr = NULL; + } priv->watch_src = soup_socket_create_watch (priv, G_IO_IN, listen_watch, sock, NULL); - g_object_unref (addr); return TRUE; cant_listen: if (priv->conn) disconnect_internal (sock, TRUE); - g_object_unref (addr); + + if (addr) + g_object_unref (addr); return FALSE; } diff --git a/libsoup/soup-socket.h b/libsoup/soup-socket.h index 5c1264f..a36b2a9 100644 --- a/libsoup/soup-socket.h +++ b/libsoup/soup-socket.h @@ -39,19 +39,20 @@ typedef struct { void (*_libsoup_reserved4) (void); } SoupSocketClass; -#define SOUP_SOCKET_LOCAL_ADDRESS "local-address" -#define SOUP_SOCKET_REMOTE_ADDRESS "remote-address" -#define SOUP_SOCKET_FLAG_NONBLOCKING "non-blocking" -#define SOUP_SOCKET_IS_SERVER "is-server" -#define SOUP_SOCKET_SSL_CREDENTIALS "ssl-creds" -#define SOUP_SOCKET_SSL_STRICT "ssl-strict" -#define SOUP_SOCKET_SSL_FALLBACK "ssl-fallback" -#define SOUP_SOCKET_TRUSTED_CERTIFICATE "trusted-certificate" -#define SOUP_SOCKET_ASYNC_CONTEXT "async-context" -#define SOUP_SOCKET_USE_THREAD_CONTEXT "use-thread-context" -#define SOUP_SOCKET_TIMEOUT "timeout" -#define SOUP_SOCKET_TLS_CERTIFICATE "tls-certificate" -#define SOUP_SOCKET_TLS_ERRORS "tls-errors" +#define SOUP_SOCKET_LOCAL_ADDRESS "local-address" +#define SOUP_SOCKET_REMOTE_ADDRESS "remote-address" +#define SOUP_SOCKET_FLAG_NONBLOCKING "non-blocking" +#define SOUP_SOCKET_IS_SERVER "is-server" +#define SOUP_SOCKET_SSL_CREDENTIALS "ssl-creds" +#define SOUP_SOCKET_SSL_STRICT "ssl-strict" +#define SOUP_SOCKET_SSL_FALLBACK "ssl-fallback" +#define SOUP_SOCKET_TRUSTED_CERTIFICATE "trusted-certificate" +#define SOUP_SOCKET_ASYNC_CONTEXT "async-context" +#define SOUP_SOCKET_USE_THREAD_CONTEXT "use-thread-context" +#define SOUP_SOCKET_TIMEOUT "timeout" +#define SOUP_SOCKET_TLS_CERTIFICATE "tls-certificate" +#define SOUP_SOCKET_TLS_ERRORS "tls-errors" +#define SOUP_SOCKET_SYSTEMD_SOCKET_ACTIVATION "systemd-socket-activation" typedef void (*SoupSocketCallback) (SoupSocket *sock, guint status, diff --git a/tests/Makefile.am b/tests/Makefile.am index 22c4a85..ea3e2ff 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -42,6 +42,10 @@ TESTS = \ xmlrpc-server-test \ xmlrpc-test +if OS_LINUX +TESTS += systemd-test +endif + noinst_PROGRAMS = \ ntlm-test-helper \ $(TESTS) diff --git a/tests/systemd-test.c b/tests/systemd-test.c new file mode 100644 index 0000000..bd1f29a --- /dev/null +++ b/tests/systemd-test.c @@ -0,0 +1,155 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ +/* + * Copyright 2013 YouView TV Ltd + */ + +#include "test-utils.h" + +#include +#include +#include +#include + +#define SD_LISTEN_FDS_START 3 + +/* Returns the port number of systemd listening socket. */ +static guint simulate_systemd_environment(void) +{ + int sockfd, iret; + guint port; + struct sockaddr_in addr; + socklen_t addrlen; + char listen_pid[100]; + + sockfd = socket (AF_INET, SOCK_STREAM, 0); + g_assert (sockfd >= 0); + + memset (&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; + addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + addr.sin_port = 0; /* Any port */ + iret = bind (sockfd, (struct sockaddr *)&addr, sizeof(addr)); + g_assert(iret == 0); + + iret = listen (sockfd, 5); + g_assert(iret == 0); + + /* Make sure the socket number is equal to SD_LISTEN_FDS_START */ + if (sockfd != SD_LISTEN_FDS_START) { + iret = dup2 (sockfd, SD_LISTEN_FDS_START); + g_assert (iret == SD_LISTEN_FDS_START); + close (sockfd); + sockfd = iret; + } + + addrlen = sizeof(addr); + iret = getsockname (sockfd, (struct sockaddr*)&addr, &addrlen); + g_assert (iret == 0); + g_assert (addrlen == sizeof(addr)); + g_assert (addr.sin_family == AF_INET); + port = ntohs (addr.sin_port); + + /* Set LISTEN_PID and LISTEN_FDS environment variables. */ + snprintf (listen_pid, sizeof(listen_pid), "%d", getpid()); + setenv ("LISTEN_PID", listen_pid, 1); + setenv ("LISTEN_FDS", "1", 1); /* Making 1 socket available. */ + + return port; +} + +static void +do_socket_systemd_test (void) +{ + SoupSocket* server_sock, *client_sock; + SoupAddress* server_addr; + gboolean bret; + guint uret, server_port_expected, server_port_actual; + + server_port_expected = simulate_systemd_environment (); + + server_sock = soup_socket_new (SOUP_SOCKET_SYSTEMD_SOCKET_ACTIVATION, TRUE, NULL); + g_assert (server_sock); + + bret = soup_socket_listen (server_sock); + g_assert (bret); + + server_addr = soup_socket_get_local_address (server_sock); + g_assert (server_addr); + server_port_actual = soup_address_get_port (server_addr); + g_assert_cmpuint (server_port_expected, ==, server_port_actual); + + client_sock = soup_socket_new (SOUP_SOCKET_REMOTE_ADDRESS, server_addr, NULL); + g_assert (client_sock); + + uret = soup_socket_connect_sync (client_sock, NULL); + g_assert_cmpuint (uret, ==, SOUP_STATUS_OK); + + g_object_unref (client_sock); + g_object_unref (server_sock); +} + +struct RequestContext +{ + GMainLoop* main_loop; + guint response_status; +}; + +static void +response_handler(SoupSession *session, SoupMessage *msg, gpointer user_data) +{ + struct RequestContext* ctx = user_data; + ctx->response_status = msg->status_code; + g_main_loop_quit (ctx->main_loop); +} + +static void +do_server_systemd_test (void) +{ + SoupServer* server; + SoupSession* session; + SoupMessage* message; + char http_addr[100]; + guint server_port_expected, server_port_actual; + struct RequestContext ctx; + + server_port_expected = simulate_systemd_environment(); + + ctx.main_loop = g_main_loop_new (NULL, FALSE); + ctx.response_status = 0; + g_assert (ctx.main_loop); + + server = soup_server_new (SOUP_SERVER_SYSTEMD_SOCKET_ACTIVATION, TRUE, NULL); + g_assert (server); + server_port_actual = soup_server_get_port (server); + g_assert(server_port_expected == server_port_actual); + + session = soup_session_async_new (); + g_assert (session); + + snprintf (http_addr, sizeof(http_addr), "http://127.0.0.1:%u/", server_port_actual); + message = soup_message_new ("GET", http_addr); + + soup_session_queue_message (session, message, &response_handler, &ctx); + + soup_server_run_async (server); + + g_main_loop_run (ctx.main_loop); + + g_object_unref (session); + g_object_unref (server); + g_main_loop_unref (ctx.main_loop); + + g_assert_cmpuint (ctx.response_status, ==, SOUP_STATUS_NOT_FOUND); +} + +int +main (int argc, char **argv) +{ + test_init (argc, argv, NULL); + + do_socket_systemd_test (); + do_server_systemd_test (); + + test_cleanup (); + return errors != 0; +} -- 1.7.1