SET(TARGET_SECURITY_CLIENT "security-server-client")
SET(TARGET_SERVER_COMMON "security-server-commons")
+INSTALL(FILES
+ ${CMAKE_SOURCE_DIR}/packaging/libsecurity-server-client.manifest
+ ${CMAKE_SOURCE_DIR}/packaging/security-server.manifest
+ DESTINATION
+ /usr/share
+)
+
ADD_SUBDIRECTORY(src)
ADD_SUBDIRECTORY(build)
+ADD_SUBDIRECTORY(systemd)
Group: Security/Service
License: Apache-2.0
Source0: %{name}-%{version}.tar.gz
-Source2: libsecurity-server-client.manifest
-Source3: security-server.service
-Source1001: %{name}.manifest
BuildRequires: cmake
BuildRequires: zip
BuildRequires: pkgconfig(dlog)
Requires(post): systemd
Requires(postun): systemd
BuildRequires: pkgconfig(libprivilege-control)
+BuildRequires: pkgconfig(libsystemd-daemon)
+%{?systemd_requires}
%description
Tizen security server and utilities
%make_install
mkdir -p %{buildroot}/usr/lib/systemd/system/multi-user.target.wants
+mkdir -p %{buildroot}/usr/lib/systemd/system/sockets.target.wants
+ln -s ../security-server.service %{buildroot}/usr/lib/systemd/system/multi-user.target.wants/security-server.service
+ln -s ../security-server.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/security-server.socket
+ln -s ../security-server-data-share.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/security-server-data-share.socket
+
+mkdir -p %{buildroot}/usr/lib/systemd/system/multi-user.target.wants
install -m 0644 %{SOURCE3} %{buildroot}/usr/lib/systemd/system/security-server.service
ln -s ../security-server.service %{buildroot}/usr/lib/systemd/system/multi-user.target.wants/security-server.service
/usr/lib/systemd/system/security-server.service
%attr(755,root,root) /usr/bin/security-server
%{_libdir}/libsecurity-server-commons.so.*
+%attr(-,root,root) /usr/lib/systemd/system/multi-user.target.wants/security-server.service
+%attr(-,root,root) /usr/lib/systemd/system/security-server.service
+%attr(-,root,root) /usr/lib/systemd/system/sockets.target.wants/security-server.socket
+%attr(-,root,root) /usr/lib/systemd/system/security-server.socket
+%attr(-,root,root) /usr/lib/systemd/system/sockets.target.wants/security-server-data-share.socket
+%attr(-,root,root) /usr/lib/systemd/system/security-server-data-share.socket
%{_datadir}/license/%{name}
openssl
libsmack
libprivilege-control
+ libsystemd-daemon
REQUIRED
)
#include <limits.h>
#include <ctype.h>
+#include <systemd/sd-daemon.h>
+
#include "security-server-common.h"
#include "security-server-comm.h"
return SECURITY_SERVER_SUCCESS;
}
+/* Get socket from systemd */
+int get_socket_from_systemd(int *sockfd)
+{
+ int n = sd_listen_fds(0);
+ int fd;
+
+ for(fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START+n; ++fd) {
+ if (0 < sd_is_socket_unix(fd, SOCK_STREAM, 1,
+ SECURITY_SERVER_SOCK_PATH, 0))
+ {
+ *sockfd = fd;
+ return SECURITY_SERVER_SUCCESS;
+ }
+ }
+ return SECURITY_SERVER_ERROR_SOCKET;
+}
+
/* Create a Unix domain socket and bind */
int create_new_socket(int *sockfd)
{
const unsigned int max_challenge,
const unsigned int valid_period_in_days);
int send_set_pwd_history_request(int sock_fd, int num);
+int get_socket_from_systemd(int *sockfd);
#endif
initiate_try();
/* Create and bind a Unix domain socket */
- retval = create_new_socket(&server_sockfd);
- if (retval != SECURITY_SERVER_SUCCESS)
+ if(SECURITY_SERVER_SUCCESS != get_socket_from_systemd(&server_sockfd))
{
- SEC_SVR_ERR("%s", "cannot create socket. exiting...");
- goto error;
- }
+ SEC_SVR_ERR("%s", "Error in get_socket_from_systemd");
+ retval = create_new_socket(&server_sockfd);
+ if (retval != SECURITY_SERVER_SUCCESS)
+ {
+ SEC_SVR_ERR("%s", "cannot create socket. exiting...");
+ goto error;
+ }
- if (listen(server_sockfd, 5) < 0)
- {
- SEC_SVR_ERR("%s", "listen() failed. exiting...");
- goto error;
+ if (listen(server_sockfd, 5) < 0)
+ {
+ SEC_SVR_ERR("%s", "listen() failed. exiting...");
+ goto error;
+ }
+ } else {
+ SEC_SVR_ERR("%s", "Socket was passed by systemd");
}
/* Create a default cookie --> Cookie for root process */
namespace SecurityServer {
char const * const SERVICE_SOCKET_SHARED_MEMORY =
- "/tmp/security-server-api-data-share";
+ "/tmp/.security-server-api-data-share.sock";
char const * const SERVICE_SOCKET_ECHO =
- "/tmp/security-server-api-echo";
+ "/tmp/.security-server-api-echo.sock";
} // namespace SecurityServer
#include <errno.h>
#include <time.h>
+#include <systemd/sd-daemon.h>
+
#include <dpl/log/log.h>
#include <dpl/assert.h>
}
SocketManager::~SocketManager() {
-
+ // TODO clean up all services!
}
void SocketManager::ReadyForAccept(int sock) {
}
void SocketManager::MainLoop() {
+ // remove evironment values passed by systemd
+ // uncomment it after removing old security-server code
+ // sd_listen_fds(1);
+
+ // Daemon is ready to work.
+ sd_notify(0, "READY=1");
+
m_working = true;
while(m_working) {
fd_set readSet = m_readSet;
}
}
-void SocketManager::CreateDomainSocket(
- GenericSocketService *service,
+int SocketManager::GetSocketFromSystemD(
const GenericSocketService::ServiceDescription &desc)
{
- int sockfd = -1;
+ int fd;
+
+ // TODO optimalization - do it once in object constructor
+ // and remember all information path->sockfd
+ int n = sd_listen_fds(0);
+
+ LogInfo("sd_listen_fds returns: " << n);
+
+ if (n < 0) {
+ LogError("Error in sd_listend_fds");
+ ThrowMsg(Exception::InitFailed, "Error in sd_listend_fds");
+ }
+
+ for(fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START+n; ++fd) {
+ if (0 < sd_is_socket_unix(fd, SOCK_STREAM, 1,
+ desc.serviceHandlerPath.c_str(), 0))
+ {
+ LogInfo("Useable socket " << desc.serviceHandlerPath <<
+ " was passed by SystemD");
+ return fd;
+ }
+ }
+ LogInfo("No useable sockets were passed by systemd.");
+ return -1;
+}
+
+int SocketManager::CreateDomainSocketHelp(
+ const GenericSocketService::ServiceDescription &desc)
+{
+ int sockfd;
if (-1 == (sockfd = socket(AF_UNIX, SOCK_STREAM, 0))) {
int err = errno;
ThrowMsg(Exception::InitFailed, "Error in listen: " << strerror(err));
}
+ return sockfd;
+}
+
+void SocketManager::CreateDomainSocket(
+ GenericSocketService *service,
+ const GenericSocketService::ServiceDescription &desc)
+{
+ int sockfd = GetSocketFromSystemD(desc);
+ if (-1 == sockfd)
+ sockfd = CreateDomainSocketHelp(desc);
+
auto &description = CreateDefaultReadSocketDescription(sockfd, false);
description.isListen = true;
void CreateDomainSocket(
GenericSocketService *service,
const GenericSocketService::ServiceDescription &desc);
+ int CreateDomainSocketHelp(
+ const GenericSocketService::ServiceDescription &desc);
+ int GetSocketFromSystemD(
+ const GenericSocketService::ServiceDescription &desc);
+
void ReadyForRead(int sock);
void ReadyForWrite(int sock);
void ReadyForAccept(int sock);
--- /dev/null
+INSTALL(FILES
+ ${CMAKE_SOURCE_DIR}/systemd/security-server.service
+ ${CMAKE_SOURCE_DIR}/systemd/security-server.socket
+ ${CMAKE_SOURCE_DIR}/systemd/security-server-data-share.socket
+ DESTINATION
+ /usr/lib/systemd/system
+)
+
--- /dev/null
+[Socket]
+ListenStream=/tmp/.security-server-api-data-share.sock
+SocketMode=0777
+SmackLabelIPIn=security-server::api-data-share
+SmackLabelIPOut=@
+
+Service=security-server.service
+
+[Install]
+WantedBy=sockets.target
--- /dev/null
+[Unit]
+Description=Start the security server
+
+[Service]
+Type=notify
+ExecStart=/usr/bin/security-server
+Sockets=security-server.socket
+Sockets=security-server-data-share.socket
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+[Socket]
+ListenStream=/tmp/.security_server.sock
+SocketMode=0777
+SmackLabelIPIn=*
+SmackLabelIPOut=@
+
+[Install]
+WantedBy=sockets.target