summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2019-12-12 18:10:48 +0100
committerJosé Bollo <jose.bollo@iot.bzh>2019-12-13 16:00:27 +0100
commitc29761cd1628960ee2b11a469763479ac5ef1dfa (patch)
tree5bca3e838d04fc87814dcf9ce476679d15ab4f86
parent23bc1035a51fe54600db691981f8ed1537cbe125 (diff)
Improve integration of cynagoraicefish_8.99.4icefish/8.99.48.99.4
Allow to be more flexible when starting with or without systemd. At end this change will allows to start within systemd with socket activation or not and by sending notification without need of option. Make setting of the sockets more accurate. The admin and agent socket are now accessible only to clients of the expected group, cynagora by default. Bug-AGL: SPEC-3230 Bug-AGL: SPEC-2968 Change-Id: I3e5c7c00dfa0494628c18ffc016cfc8599a5bf9b Signed-off-by: José Bollo <jose.bollo@iot.bzh>
-rw-r--r--CMakeLists.txt3
-rw-r--r--src/CMakeLists.txt2
-rw-r--r--src/cyn-server.c8
-rw-r--r--src/main-cynagorad.c57
-rw-r--r--src/meson.build2
-rw-r--r--src/socket.c4
-rw-r--r--systemd/CMakeLists.txt3
-rw-r--r--systemd/cynagora-admin.socket.in4
-rw-r--r--systemd/cynagora-agent.socket.in4
-rw-r--r--systemd/cynagora-check.socket.in2
-rw-r--r--systemd/cynagora.service.in (renamed from systemd/cynagora.service)6
11 files changed, 51 insertions, 44 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 26942d6..3a508bb 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -44,6 +44,9 @@ set(CYNAGORA_SOVERSION ${PROJECT_VERSION_MAJOR})
option(WITH_SYSTEMD "should include systemd compatibility" ON)
option(WITH_CYNARA_COMPAT "produce artifacts for compatibility with cynara" OFF)
+set(USER cynagora CACHE STRING "user of the daemon")
+set(GROUP cynagora CACHE STRING "group of the daemon")
+
set(DEFAULT_DB_DIR "${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/lib/cynagora"
CACHE PATH "directory path of the database")
set(DEFAULT_SOCKET_DIR "${CMAKE_INSTALL_FULL_RUNSTATEDIR}/cynagora"
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index f9034de..6de796d 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -96,7 +96,7 @@ target_compile_definitions(cynagorad PRIVATE
DEFAULT_INIT_FILE="${DEFAULT_INIT_FILE}"
)
if(WITH_SYSTEMD)
- target_compile_definitions(cynagorad PRIVATE WITH_SYSTEMD_ACTIVATION)
+ target_compile_definitions(cynagorad PRIVATE WITH_SYSTEMD)
target_link_libraries(cynagorad ${libsystemd_LDFLAGS} ${libsystemd_LINK_LIBRARIES})
target_include_directories(cynagorad PRIVATE ${libsystemd_INCLUDE_DIRS})
target_compile_options(cynagorad PRIVATE ${libsystemd_CFLAGS})
diff --git a/src/cyn-server.c b/src/cyn-server.c
index abf37d7..fbef41b 100644
--- a/src/cyn-server.c
+++ b/src/cyn-server.c
@@ -35,6 +35,7 @@
#include <sys/epoll.h>
#include <sys/types.h>
#include <sys/socket.h>
+#include <sys/stat.h>
#include "data.h"
#include "prot.h"
@@ -1008,6 +1009,7 @@ cyn_server_create(
const char *check_socket_spec,
const char *agent_socket_spec
) {
+ mode_t um;
cyn_server_t *srv;
int rc;
@@ -1030,7 +1032,9 @@ cyn_server_create(
/* create the admin server socket */
admin_socket_spec = cyn_get_socket_admin(admin_socket_spec);
+ um = umask(017);
srv->admin.fd = socket_open(admin_socket_spec, 1);
+ umask(um);
if (srv->admin.fd < 0) {
rc = -errno;
fprintf(stderr, "can't create admin server socket %s: %m\n", admin_socket_spec);
@@ -1049,7 +1053,9 @@ cyn_server_create(
/* create the check server socket */
check_socket_spec = cyn_get_socket_check(check_socket_spec);
+ um = umask(011);
srv->check.fd = socket_open(check_socket_spec, 1);
+ umask(um);
if (srv->check.fd < 0) {
rc = -errno;
fprintf(stderr, "can't create check server socket %s: %m\n", check_socket_spec);
@@ -1068,7 +1074,9 @@ cyn_server_create(
/* create the agent server socket */
agent_socket_spec = cyn_get_socket_agent(agent_socket_spec);
+ um = umask(017);
srv->agent.fd = socket_open(agent_socket_spec, 1);
+ umask(um);
if (srv->agent.fd < 0) {
rc = -errno;
fprintf(stderr, "can't create agent server socket %s: %m\n", agent_socket_spec);
diff --git a/src/main-cynagorad.c b/src/main-cynagorad.c
index 0af145c..836e7c8 100644
--- a/src/main-cynagorad.c
+++ b/src/main-cynagorad.c
@@ -38,7 +38,7 @@
#include <sys/file.h>
#include <sys/capability.h>
-#if defined(WITH_SYSTEMD_ACTIVATION)
+#if defined(WITH_SYSTEMD)
#include <systemd/sd-daemon.h>
#endif
@@ -82,11 +82,7 @@
static
const char
-shortopts[] = "d:g:hi:lmMOoS:u:v"
-#if defined(WITH_SYSTEMD_ACTIVATION)
- "s"
-#endif
-;
+shortopts[] = "d:g:hi:lmMOoS:u:v";
static
const struct option
@@ -101,9 +97,6 @@ longopts[] = {
{ "own-db-dir", 0, NULL, _OWNDBDIR_ },
{ "own-socket-dir", 0, NULL, _OWNSOCKDIR_ },
{ "socketdir", 1, NULL, _SOCKETDIR_ },
-#if defined(WITH_SYSTEMD_ACTIVATION)
- { "systemd", 0, NULL, _SYSTEMD_ },
-#endif
{ "user", 1, NULL, _USER_ },
{ "version", 0, NULL, _VERSION_ },
{ NULL, 0, NULL, 0 }
@@ -116,9 +109,6 @@ helptxt[] =
"usage: cynagorad [options]...\n"
"\n"
"otpions:\n"
-#if defined(WITH_SYSTEMD_ACTIVATION)
- " -s, --systemd socket activation by systemd\n"
-#endif
" -u, --user xxx set the user\n"
" -g, --group xxx set the group\n"
" -i, --init xxx initialize if needed the database with file xxx\n"
@@ -161,7 +151,6 @@ int main(int ac, char **av)
int help = 0;
int version = 0;
int error = 0;
- int systemd = 0;
int uid = -1;
int gid = -1;
const char *init = NULL;
@@ -215,11 +204,6 @@ int main(int ac, char **av)
case _SOCKETDIR_:
socketdir = optarg;
break;
-#if defined(WITH_SYSTEMD_ACTIVATION)
- case _SYSTEMD_:
- systemd = 1;
- break;
-#endif
case _USER_:
user = optarg;
break;
@@ -243,11 +227,6 @@ int main(int ac, char **av)
}
if (error)
return 1;
- if (systemd && (socketdir || makesockdir)) {
- fprintf(stderr, "can't set options --systemd and --%s together\n",
- socketdir ? "socketdir" : "make-socket-dir");
- return 1;
- }
/* set the defaults */
dbdir = dbdir ?: DEFAULT_DB_DIR;
@@ -261,15 +240,30 @@ int main(int ac, char **av)
/* compute socket specs */
spec_socket_admin = spec_socket_check = spec_socket_agent = 0;
- if (systemd) {
- spec_socket_admin = strdup("sd:admin");
- spec_socket_check = strdup("sd:check");
- spec_socket_agent = strdup("sd:agent");
- } else {
+#if defined(WITH_SYSTEMD)
+ {
+ char **names = 0;
+ rc = sd_listen_fds_with_names(0, &names);
+ if (rc >= 0 && names) {
+ for (rc = 0 ; names[rc] ; rc++) {
+ if (!strcmp(names[rc], "admin"))
+ spec_socket_admin = strdup("sd:admin");
+ else if (!strcmp(names[rc], "check"))
+ spec_socket_check = strdup("sd:check");
+ else if (!strcmp(names[rc], "agent"))
+ spec_socket_agent = strdup("sd:agent");
+ free(names[rc]);
+ }
+ free(names);
+ }
+ }
+#endif
+ if (!spec_socket_admin)
rc = asprintf(&spec_socket_admin, "%s:%s/%s", cyn_default_socket_scheme, socketdir, cyn_default_admin_socket_base);
+ if (!spec_socket_check)
rc = asprintf(&spec_socket_check, "%s:%s/%s", cyn_default_socket_scheme, socketdir, cyn_default_check_socket_base);
+ if (!spec_socket_agent)
rc = asprintf(&spec_socket_agent, "%s:%s/%s", cyn_default_socket_scheme, socketdir, cyn_default_agent_socket_base);
- }
if (!spec_socket_admin || !spec_socket_check || !spec_socket_agent) {
fprintf(stderr, "can't make socket paths\n");
return 1;
@@ -361,9 +355,8 @@ int main(int ac, char **av)
}
/* ready ! */
-#if defined(WITH_SYSTEMD_ACTIVATION)
- if (systemd)
- sd_notify(0, "READY=1");
+#if defined(WITH_SYSTEMD)
+ sd_notify(0, "READY=1");
#endif
/* serve */
diff --git a/src/meson.build b/src/meson.build
index bb0f4d7..c9778e8 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -79,7 +79,7 @@ executable('cynagorad', srvsrcs,
'-DDEFAULT_DB_DIR="' + dbdir + '"',
'-DDEFAULT_SOCKET_DIR="' + socketdir + '"',
'-DDEFAULT_INIT_FILE="' + init_file + '"',
- get_option('with-cynara-compat') ? '-DWITH_SYSTEMD_ACTIVATION' : '-DWITHOUT_SYSTEMD_ACTIVATION'
+ get_option('with-systemd') ? '-DWITH_SYSTEMD' : '-DWITHOUT_SYSTEMD'
],
dependencies: [ sysd, cap ],
link_with: corelib,
diff --git a/src/socket.c b/src/socket.c
index fde9648..6f8a060 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -32,7 +32,7 @@
#include <sys/socket.h>
#include <sys/un.h>
-#if defined(WITH_SYSTEMD_ACTIVATION)
+#if defined(WITH_SYSTEMD)
#include <systemd/sd-daemon.h>
#endif
@@ -212,7 +212,7 @@ static int open_tcp(const char *spec, int server)
*/
static int open_systemd(const char *spec)
{
-#if defined(WITH_SYSTEMD_ACTIVATION)
+#if defined(WITH_SYSTEMD)
char **names;
int fd = -1;
int c = sd_listen_fds_with_names(0, &names);
diff --git a/systemd/CMakeLists.txt b/systemd/CMakeLists.txt
index c68f7f5..bb9d059 100644
--- a/systemd/CMakeLists.txt
+++ b/systemd/CMakeLists.txt
@@ -19,12 +19,13 @@
set(SYSTEMD_UNIT_DIR "${CMAKE_INSTALL_FULL_LIBDIR}/systemd/system"
CACHE PATH "Path to systemd system unit files")
+CONFIGURE_FILE(cynagora.service.in cynagora.service @ONLY)
CONFIGURE_FILE(cynagora-admin.socket.in cynagora-admin.socket @ONLY)
CONFIGURE_FILE(cynagora-check.socket.in cynagora-check.socket @ONLY)
CONFIGURE_FILE(cynagora-agent.socket.in cynagora-agent.socket @ONLY)
INSTALL(FILES
- ${CMAKE_CURRENT_SOURCE_DIR}/cynagora.service
+ ${CMAKE_CURRENT_BINARY_DIR}/cynagora.service
${CMAKE_CURRENT_SOURCE_DIR}/cynagora.target
${CMAKE_CURRENT_BINARY_DIR}/cynagora-admin.socket
${CMAKE_CURRENT_BINARY_DIR}/cynagora-check.socket
diff --git a/systemd/cynagora-admin.socket.in b/systemd/cynagora-admin.socket.in
index 622c023..b2f5874 100644
--- a/systemd/cynagora-admin.socket.in
+++ b/systemd/cynagora-admin.socket.in
@@ -1,7 +1,9 @@
[Socket]
FileDescriptorName=admin
ListenStream=@DEFAULT_SOCKET_DIR@/cynagora.admin
-SocketMode=0600
+SocketUser=@USER@
+SocketGroup=@GROUP@
+SocketMode=0660
SmackLabelIPIn=@
SmackLabelIPOut=@
diff --git a/systemd/cynagora-agent.socket.in b/systemd/cynagora-agent.socket.in
index a5e66b8..3671113 100644
--- a/systemd/cynagora-agent.socket.in
+++ b/systemd/cynagora-agent.socket.in
@@ -1,7 +1,9 @@
[Socket]
FileDescriptorName=agent
ListenStream=@DEFAULT_SOCKET_DIR@/cynagora.agent
-SocketMode=0600
+SocketUser=@USER@
+SocketGroup=@GROUP@
+SocketMode=0660
SmackLabelIPIn=@
SmackLabelIPOut=@
diff --git a/systemd/cynagora-check.socket.in b/systemd/cynagora-check.socket.in
index fcd6ed1..0eeae57 100644
--- a/systemd/cynagora-check.socket.in
+++ b/systemd/cynagora-check.socket.in
@@ -1,6 +1,8 @@
[Socket]
FileDescriptorName=check
ListenStream=@DEFAULT_SOCKET_DIR@/cynagora.check
+SocketUser=@USER@
+SocketGroup=@GROUP@
SocketMode=0666
SmackLabelIPIn=*
SmackLabelIPOut=@
diff --git a/systemd/cynagora.service b/systemd/cynagora.service.in
index 97a0f36..9035d00 100644
--- a/systemd/cynagora.service
+++ b/systemd/cynagora.service.in
@@ -4,7 +4,7 @@ Requires=afm-system-setup.service
After=afm-system-setup.service
[Service]
-ExecStart=/usr/bin/cynagorad --systemd --user cynagora --group cynagora --make-db-dir --own-db-dir
+ExecStart=/usr/bin/cynagorad --user @USER@ --group @GROUP@ --make-db-dir --own-db-dir
Type=notify
@@ -15,11 +15,7 @@ Restart=always
Sockets=cynagora-admin.socket
Sockets=cynagora-check.socket
Sockets=cynagora-agent.socket
-SmackProcessLabel=System
-#UMask=0000
-#User=cynagora
-#Group=cynagora
#NoNewPrivileges=true
[Install]