Last active
March 7, 2017 23:50
-
-
Save marktheunissen/7ce9426e66aa8f0ec2e1 to your computer and use it in GitHub Desktop.
Revisions
-
marktheunissen revised this gist
May 14, 2014 . 1 changed file with 17 additions and 17 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,4 @@ diff a/configure.ac b/configure.ac --- a/configure.ac +++ b/configure.ac @@ -478,8 +478,18 @@ if test "$fips" = "auto"; then @@ -23,8 +22,7 @@ index 42ebc88..cd39a47 100644 AC_MSG_NOTICE([**************************************** write the results]) AC_CONFIG_FILES([Makefile src/Makefile src/stunnel3 doc/Makefile tools/Makefile tools/stunnel.conf-sample tools/stunnel.init tools/stunnel.service]) diff a/src/stunnel.c b/src/stunnel.c --- a/src/stunnel.c +++ b/src/stunnel.c @@ -37,6 +37,9 @@ @@ -41,31 +39,33 @@ index 019372a..f3de256 100644 int bind_ports(void) { SERVICE_OPTIONS *opt; char *local_address; + int systemd_fds; #ifdef USE_LIBWRAP /* execute after parse_commandline() to know service_options.next, @@ -394,8 +398,23 @@ int bind_ports(void) { for(opt=service_options.next; opt; opt=opt->next) { if(opt->option.accept) { - opt->fd=s_socket(opt->local_addr.sa.sa_family, - SOCK_STREAM, 0, 1, "accept socket"); + systemd_fds=0; +#ifdef HAVE_SYSTEMD + systemd_fds = sd_listen_fds(0); + if(systemd_fds>1) { + s_log(LOG_ERR, "Too many file descriptors received from systemd, got %d", systemd_fds); + return 1; + } else if(systemd_fds==1) { + s_log(LOG_INFO, "Received file descriptor from systemd"); + opt->fd = SD_LISTEN_FDS_START + 0; + } else if(systemd_fds<0) { + s_log(LOG_ERR, "Error from systemd, code %d", systemd_fds); + return 1; + } +#endif + if(systemd_fds<1) + opt->fd=s_socket(opt->local_addr.sa.sa_family, + SOCK_STREAM, 0, 1, "accept socket"); if(opt->fd<0) return 1; if(set_socket_options(opt->fd, 0)<0) { @@ -89,7 +89,7 @@ index 019372a..f3de256 100644 - str_free(local_address); - return 1; + /* we don't bind or listen on a socket inherited from systemd */ + if(systemd_fds<1) { + if(bind(opt->fd, &opt->local_addr.sa, addr_len(&opt->local_addr))) { + s_log(LOG_ERR, "Error binding service [%s] to %s", + opt->servname, local_address); -
May 14, 2014 . 1 changed file with 0 additions and 94 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,81 +1,3 @@ diff --git a/configure.ac b/configure.ac index 42ebc88..cd39a47 100644 --- a/configure.ac @@ -100,22 +22,6 @@ index 42ebc88..cd39a47 100644 AC_MSG_NOTICE([**************************************** write the results]) AC_CONFIG_FILES([Makefile src/Makefile src/stunnel3 doc/Makefile tools/Makefile tools/stunnel.conf-sample tools/stunnel.init tools/stunnel.service]) diff --git a/src/stunnel.c b/src/stunnel.c index 019372a..f3de256 100644 -
May 13, 2014 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,205 @@ diff --git a/configure b/configure index f413652..973b535 100755 --- a/configure +++ b/configure @@ -13317,8 +13317,72 @@ done fi +# Check for systemd support for socket activation. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sd_notify in -lsystemd-daemon" >&5 +$as_echo_n "checking for sd_notify in -lsystemd-daemon... " >&6; } +if ${ac_cv_lib_systemd_daemon_sd_notify+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lsystemd-daemon $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char sd_notify (); +int +main () +{ +return sd_notify (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_systemd_daemon_sd_notify=yes +else + ac_cv_lib_systemd_daemon_sd_notify=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_systemd_daemon_sd_notify" >&5 +$as_echo "$ac_cv_lib_systemd_daemon_sd_notify" >&6; } +if test "x$ac_cv_lib_systemd_daemon_sd_notify" = xyes; then : + SYSTEMD_LIBS="-lsystemd-daemon" +fi + +for ac_header in systemd/sd-daemon.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "systemd/sd-daemon.h" "ac_cv_header_systemd_sd_daemon_h" "$ac_includes_default" +if test "x$ac_cv_header_systemd_sd_daemon_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SYSTEMD_SD_DAEMON_H 1 +_ACEOF + +fi + +done + +if test "${ac_cv_header_systemd_sd_daemon_h}" = "no" || test -z "${SYSTEMD_LIBS}"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: Your system does not support systemd." >&5 +$as_echo "$as_me: Your system does not support systemd." >&6;} +else + +$as_echo "#define HAVE_SYSTEMD 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: systemd detected" >&5 +$as_echo "$as_me: systemd detected" >&6;} +fi + CPPFLAGS="$valid_CPPFLAGS" -LIBS="$valid_LIBS" +LIBS="$valid_LIBS $SYSTEMD_LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** write the results" >&5 $as_echo "$as_me: **************************************** write the results" >&6;} diff --git a/configure.ac b/configure.ac index 42ebc88..cd39a47 100644 --- a/configure.ac +++ b/configure.ac @@ -478,8 +478,18 @@ if test "$fips" = "auto"; then ]) fi +# Check for systemd support for socket activation. +AC_CHECK_LIB(systemd-daemon, sd_notify, SYSTEMD_LIBS="-lsystemd-daemon") +AC_CHECK_HEADERS(systemd/sd-daemon.h) +if test "${ac_cv_header_systemd_sd_daemon_h}" = "no" || test -z "${SYSTEMD_LIBS}"; then + AC_MSG_NOTICE([Your system does not support systemd.]) +else + AC_DEFINE(HAVE_SYSTEMD, 1, [Define if systemd is supported]) + AC_MSG_NOTICE([systemd detected]) +fi + CPPFLAGS="$valid_CPPFLAGS" -LIBS="$valid_LIBS" +LIBS="$valid_LIBS $SYSTEMD_LIBS" AC_MSG_NOTICE([**************************************** write the results]) AC_CONFIG_FILES([Makefile src/Makefile src/stunnel3 doc/Makefile tools/Makefile tools/stunnel.conf-sample tools/stunnel.init tools/stunnel.service]) diff --git a/src/config.h.in b/src/config.h.in index 31b9731..ecf890b 100644 --- a/src/config.h.in +++ b/src/config.h.in @@ -141,6 +141,12 @@ /* Define to 1 if you have the `sysconf' function. */ #undef HAVE_SYSCONF +/* Define if systemd is supported */ +#undef HAVE_SYSTEMD + +/* Define to 1 if you have the <systemd/sd-daemon.h> header file. */ +#undef HAVE_SYSTEMD_SD_DAEMON_H + /* Define to 1 if you have the <sys/filio.h> header file. */ #undef HAVE_SYS_FILIO_H diff --git a/src/stunnel.c b/src/stunnel.c index 019372a..f3de256 100644 --- a/src/stunnel.c +++ b/src/stunnel.c @@ -37,6 +37,9 @@ #include "common.h" #include "prototypes.h" +#ifdef HAVE_SYSTEMD +#include <systemd/sd-daemon.h> +#endif /* http://www.openssl.org/support/faq.html#PROG2 */ #ifdef USE_WIN32 @@ -374,6 +377,7 @@ void unbind_ports(void) { int bind_ports(void) { SERVICE_OPTIONS *opt; char *local_address; + int n; #ifdef USE_LIBWRAP /* execute after parse_commandline() to know service_options.next, @@ -394,8 +398,23 @@ int bind_ports(void) { for(opt=service_options.next; opt; opt=opt->next) { if(opt->option.accept) { +#ifdef HAVE_SYSTEMD + n = sd_listen_fds(0); + if(n>1) { + s_log(LOG_ERR, "Too many file descriptors received from systemd, got %d", n); + return 1; + } else if(n==1) { + s_log(LOG_INFO, "Received file descriptor from systemd"); + opt->fd = SD_LISTEN_FDS_START + 0; + } else { + opt->fd=s_socket(opt->local_addr.sa.sa_family, + SOCK_STREAM, 0, 1, "accept socket"); + } +#else + n=-1; opt->fd=s_socket(opt->local_addr.sa.sa_family, SOCK_STREAM, 0, 1, "accept socket"); +#endif if(opt->fd<0) return 1; if(set_socket_options(opt->fd, 0)<0) { @@ -405,21 +424,24 @@ int bind_ports(void) { } /* local socket can't be unnamed */ local_address=s_ntop(&opt->local_addr, addr_len(&opt->local_addr)); - if(bind(opt->fd, &opt->local_addr.sa, addr_len(&opt->local_addr))) { - s_log(LOG_ERR, "Error binding service [%s] to %s", - opt->servname, local_address); - sockerror("bind"); - closesocket(opt->fd); - opt->fd=-1; - str_free(local_address); - return 1; - } - if(listen(opt->fd, SOMAXCONN)) { - sockerror("listen"); - closesocket(opt->fd); - opt->fd=-1; - str_free(local_address); - return 1; + /* we don't bind or listen on a socket inherited from systemd */ + if(n<1) { + if(bind(opt->fd, &opt->local_addr.sa, addr_len(&opt->local_addr))) { + s_log(LOG_ERR, "Error binding service [%s] to %s", + opt->servname, local_address); + sockerror("bind"); + closesocket(opt->fd); + opt->fd=-1; + str_free(local_address); + return 1; + } + if(listen(opt->fd, SOMAXCONN)) { + sockerror("listen"); + closesocket(opt->fd); + opt->fd=-1; + str_free(local_address); + return 1; + } } s_poll_add(fds, opt->fd, 1, 0); s_log(LOG_DEBUG, "Service [%s] (FD=%d) bound to %s",