]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/socket.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #4994 from poettering/private-tmp-tmpfiles
[thirdparty/systemd.git] / src / core / socket.c
CommitLineData
a7334b09
LP		 1/***
2 This file is part of systemd.
3
4 Copyright 2010 Lennart Poettering
5
6 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 9 (at your option) any later version.
10
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 14 Lesser General Public License for more details.
a7334b09 15
5430f7f2 16 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
18***/
19
e8da24a6 20#include <arpa/inet.h>
83c60c9f
LP		 21#include <errno.h>
22#include <fcntl.h>
916abb21 23#include <mqueue.h>
e8da24a6
LP		 24#include <netinet/tcp.h>
25#include <signal.h>
26#include <sys/epoll.h>
27#include <sys/stat.h>
28#include <unistd.h>
62bc4efc 29#include <linux/sctp.h>
83c60c9f 30
b5efdb8a 31#include "alloc-util.h"
e8da24a6
LP		 32#include "bus-error.h"
33#include "bus-util.h"
34#include "copy.h"
35#include "dbus-socket.h"
36#include "def.h"
37#include "exit-status.h"
3ffd4af2 38#include "fd-util.h"
f97b34a6 39#include "format-util.h"
60d9771c 40#include "io-util.h"
e8da24a6 41#include "label.h"
83c60c9f 42#include "log.h"
e8da24a6 43#include "missing.h"
49e942b2 44#include "mkdir.h"
6bedfcbb 45#include "parse-util.h"
9eb977db 46#include "path-util.h"
7b3e062c 47#include "process-util.h"
d7b8eec7 48#include "selinux-util.h"
24882e06 49#include "signal-util.h"
e8da24a6 50#include "smack-util.h"
24882e06 51#include "socket.h"
e8da24a6 52#include "special.h"
8b43440b 53#include "string-table.h"
07630cea 54#include "string-util.h"
e8da24a6
LP		 55#include "strv.h"
56#include "unit-name.h"
e8da24a6 57#include "unit.h"
b1d4f8e1 58#include "user-util.h"
9d565427 59#include "in-addr-util.h"
83c60c9f 60
166cf510
ZJS		 61struct SocketPeer {
62 unsigned n_ref;
63
64 Socket *socket;
65 union sockaddr_union peer;
66};
67
acbb0225 68static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
87f0e418
LP		 69 [SOCKET_DEAD] = UNIT_INACTIVE,
70 [SOCKET_START_PRE] = UNIT_ACTIVATING,
3900e5fd 71 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
87f0e418
LP		 72 [SOCKET_START_POST] = UNIT_ACTIVATING,
73 [SOCKET_LISTENING] = UNIT_ACTIVE,
74 [SOCKET_RUNNING] = UNIT_ACTIVE,
75 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
76 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
77 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
78 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
80876c20
LP		 79 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
80 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
fdf20a31 81 [SOCKET_FAILED] = UNIT_FAILED
83c60c9f 82};
5cb5a6ff 83
718db961
LP		 84static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
85static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
86
a16e1123
LP		 87static void socket_init(Unit *u) {
88 Socket *s = SOCKET(u);
89
90 assert(u);
ac155bb8 91 assert(u->load_state == UNIT_STUB);
a16e1123 92
a16e1123 93 s->backlog = SOMAXCONN;
1f19a534 94 s->timeout_usec = u->manager->default_timeout_start_usec;
a16e1123 95 s->directory_mode = 0755;
9131f660 96 s->socket_mode = 0666;
a16e1123 97
6cf6bbc2
LP		 98 s->max_connections = 64;
99
4fd5948e 100 s->priority = -1;
4fd5948e
LP		 101 s->ip_tos = -1;
102 s->ip_ttl = -1;
4fd5948e 103 s->mark = -1;
4fd5948e 104
ac155bb8
MS		 105 s->exec_context.std_output = u->manager->default_std_output;
106 s->exec_context.std_error = u->manager->default_std_error;
085afe36 107
a16e1123 108 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
8b26cdbd 109
1f15ce28
LP		 110 s->trigger_limit.interval = USEC_INFINITY;
111 s->trigger_limit.burst = (unsigned) -1;
a16e1123 112}
acbb0225 113
5e94833f
LP		 114static void socket_unwatch_control_pid(Socket *s) {
115 assert(s);
116
117 if (s->control_pid <= 0)
118 return;
119
120 unit_unwatch_pid(UNIT(s), s->control_pid);
121 s->control_pid = 0;
122}
123
15087cdb 124static void socket_cleanup_fd_list(SocketPort *p) {
3ffd4af2 125 assert(p);
15087cdb 126
3ffd4af2 127 close_many(p->auxiliary_fds, p->n_auxiliary_fds);
15087cdb
PS		 128 p->auxiliary_fds = mfree(p->auxiliary_fds);
129 p->n_auxiliary_fds = 0;
130}
131
74051b9b 132void socket_free_ports(Socket *s) {
034c6ed7
LP		 133 SocketPort *p;
134
135 assert(s);
136
137 while ((p = s->ports)) {
71fda00f 138 LIST_REMOVE(port, s->ports, p);
034c6ed7 139
718db961
LP		 140 sd_event_source_unref(p->event_source);
141
15087cdb 142 socket_cleanup_fd_list(p);
03e334a1 143 safe_close(p->fd);
034c6ed7
LP		 144 free(p->path);
145 free(p);
146 }
74051b9b
LP		 147}
148
149static void socket_done(Unit *u) {
150 Socket *s = SOCKET(u);
9d565427 151 SocketPeer *p;
74051b9b
LP		 152
153 assert(s);
154
155 socket_free_ports(s);
034c6ed7 156
9a73653c 157 while ((p = set_steal_first(s->peers_by_address)))
9d565427
SS		 158 p->socket = NULL;
159
9a73653c 160 s->peers_by_address = set_free(s->peers_by_address);
9d565427 161
613b411c 162 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
e537352b 163 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
034c6ed7
LP		 164 s->control_command = NULL;
165
29206d46
LP		 166 dynamic_creds_unref(&s->dynamic_creds);
167
5e94833f 168 socket_unwatch_control_pid(s);
034c6ed7 169
57020a3a 170 unit_ref_unset(&s->service);
034c6ed7 171
a1e58e8e
LP		 172 s->tcp_congestion = mfree(s->tcp_congestion);
173 s->bind_to_device = mfree(s->bind_to_device);
acbb0225 174
0a78712e
DM		 175 s->smack = mfree(s->smack);
176 s->smack_ip_in = mfree(s->smack_ip_in);
177 s->smack_ip_out = mfree(s->smack_ip_out);
0eb59ccf 178
811ba7a0
LP		 179 strv_free(s->symlinks);
180
0a78712e
DM		 181 s->user = mfree(s->user);
182 s->group = mfree(s->group);
3900e5fd 183
a97b23d6
DM		 184 s->fdname = mfree(s->fdname);
185
718db961
LP		 186 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
187}
188
36c16a7c 189static int socket_arm_timer(Socket *s, usec_t usec) {
718db961
LP		 190 int r;
191
192 assert(s);
193
718db961 194 if (s->timer_event_source) {
36c16a7c 195 r = sd_event_source_set_time(s->timer_event_source, usec);
718db961
LP		 196 if (r < 0)
197 return r;
198
199 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
200 }
201
36c16a7c
LP		 202 if (usec == USEC_INFINITY)
203 return 0;
204
7dfbe2e3 205 r = sd_event_add_time(
6a0f1f6d
LP		 206 UNIT(s)->manager->event,
207 &s->timer_event_source,
208 CLOCK_MONOTONIC,
36c16a7c 209 usec, 0,
6a0f1f6d 210 socket_dispatch_timer, s);
7dfbe2e3
TG		 211 if (r < 0)
212 return r;
213
214 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
215
216 return 0;
5cb5a6ff
LP		 217}
218
8b835fcc
ZJS		 219int socket_instantiate_service(Socket *s) {
220 _cleanup_free_ char *prefix = NULL, *name = NULL;
b15bdda8
LP		 221 int r;
222 Unit *u;
223
224 assert(s);
225
226 /* This fills in s->service if it isn't filled in yet. For
227 * Accept=yes sockets we create the next connection service
228 * here. For Accept=no this is mostly a NOP since the service
229 * is figured out at load time anyway. */
230
7410616c 231 if (UNIT_DEREF(s->service))
b15bdda8
LP		 232 return 0;
233
7410616c
LP		 234 if (!s->accept)
235 return 0;
236
237 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
238 if (r < 0)
239 return r;
b15bdda8 240
315db1a8 241 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
b15bdda8
LP		 242 return -ENOMEM;
243
1124fe6f 244 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
b15bdda8
LP		 245 if (r < 0)
246 return r;
247
57020a3a
LP		 248 unit_ref_set(&s->service, u);
249
250 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
b15bdda8
LP		 251}
252
4f2d528d
LP		 253static bool have_non_accept_socket(Socket *s) {
254 SocketPort *p;
255
256 assert(s);
257
258 if (!s->accept)
259 return true;
260
dd5ad9d4
LP		 261 LIST_FOREACH(port, p, s->ports) {
262
263 if (p->type != SOCKET_SOCKET)
264 return true;
265
4f2d528d
LP		 266 if (!socket_address_can_accept(&p->address))
267 return true;
dd5ad9d4 268 }
4f2d528d
LP		 269
270 return false;
271}
272
a57f7e2c 273static int socket_add_mount_links(Socket *s) {
6e2ef85b 274 SocketPort *p;
6e2ef85b
LP		 275 int r;
276
277 assert(s);
6e2ef85b 278
a57f7e2c
LP		 279 LIST_FOREACH(port, p, s->ports) {
280 const char *path = NULL;
6e2ef85b 281
a57f7e2c
LP		 282 if (p->type == SOCKET_SOCKET)
283 path = socket_address_get_path(&p->address);
60252446 284 else if (IN_SET(p->type, SOCKET_FIFO, SOCKET_SPECIAL, SOCKET_USB_FUNCTION))
a57f7e2c 285 path = p->path;
6e2ef85b 286
a57f7e2c
LP		 287 if (!path)
288 continue;
6e2ef85b 289
a57f7e2c 290 r = unit_require_mounts_for(UNIT(s), path);
b87705cd 291 if (r < 0)
6e2ef85b 292 return r;
b87705cd 293 }
6e2ef85b
LP		 294
295 return 0;
296}
297
298static int socket_add_device_link(Socket *s) {
299 char *t;
6e2ef85b
LP		 300
301 assert(s);
302
7d0c710d 303 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
6e2ef85b
LP		 304 return 0;
305
63c372cb 306 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
9d06297e 307 return unit_add_node_link(UNIT(s), t, false, UNIT_BINDS_TO);
6e2ef85b
LP		 308}
309
a40eb732
LP		 310static int socket_add_default_dependencies(Socket *s) {
311 int r;
312 assert(s);
313
4c9ea260
LP		 314 if (!UNIT(s)->default_dependencies)
315 return 0;
316
e3d84721
LP		 317 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
318 if (r < 0)
319 return r;
2a77d31d 320
463d0d15 321 if (MANAGER_IS_SYSTEM(UNIT(s)->manager)) {
e3d84721
LP		 322 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
323 if (r < 0)
a40eb732 324 return r;
2a77d31d 325 }
a40eb732 326
ead8e478 327 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
a40eb732
LP		 328}
329
44a6b1b6 330_pure_ static bool socket_has_exec(Socket *s) {
4cfc6dbe
LP		 331 unsigned i;
332 assert(s);
333
334 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
335 if (s->exec_command[i])
336 return true;
337
338 return false;
339}
340
e821075a
LP		 341static int socket_add_extras(Socket *s) {
342 Unit *u = UNIT(s);
e537352b 343 int r;
44d8db9e 344
e821075a 345 assert(s);
57020a3a 346
1f15ce28
LP		 347 /* Pick defaults for the trigger limit, if nothing was explicitly configured. We pick a relatively high limit
348 * in Accept=yes mode, and a lower limit for Accept=no. Reason: in Accept=yes mode we are invoking accept()
349 * ourselves before the trigger limit can hit, thus incoming connections are taken off the socket queue quickly
350 * and reliably. This is different for Accept=no, where the spawned service has to take the incoming traffic
351 * off the queues, which it might not necessarily do. Moreover, while Accept=no services are supposed to
352 * process whatever is queued in one go, and thus should normally never have to be started frequently. This is
353 * different for Accept=yes where each connection is processed by a new service instance, and thus frequent
354 * service starts are typical. */
355
356 if (s->trigger_limit.interval == USEC_INFINITY)
357 s->trigger_limit.interval = 2 * USEC_PER_SEC;
358
359 if (s->trigger_limit.burst == (unsigned) -1) {
360 if (s->accept)
361 s->trigger_limit.burst = 200;
362 else
363 s->trigger_limit.burst = 20;
364 }
365
e821075a 366 if (have_non_accept_socket(s)) {
23a177ef 367
e821075a
LP		 368 if (!UNIT_DEREF(s->service)) {
369 Unit *x;
57020a3a 370
e821075a 371 r = unit_load_related_unit(u, ".service", &x);
57020a3a 372 if (r < 0)
4f2d528d 373 return r;
e821075a
LP		 374
375 unit_ref_set(&s->service, x);
4f2d528d 376 }
44d8db9e 377
e821075a
LP		 378 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
379 if (r < 0)
6e2ef85b 380 return r;
e821075a 381 }
6e2ef85b 382
e821075a
LP		 383 r = socket_add_mount_links(s);
384 if (r < 0)
385 return r;
6e2ef85b 386
e821075a
LP		 387 r = socket_add_device_link(s);
388 if (r < 0)
389 return r;
390
598459ce 391 r = unit_patch_contexts(u);
e821075a
LP		 392 if (r < 0)
393 return r;
394
395 if (socket_has_exec(s)) {
396 r = unit_add_exec_dependencies(u, &s->exec_context);
397 if (r < 0)
398 return r;
23a177ef 399
d79200e2 400 r = unit_set_default_slice(u);
a016b922
LP		 401 if (r < 0)
402 return r;
e821075a 403 }
a016b922 404
4c9ea260
LP		 405 r = socket_add_default_dependencies(s);
406 if (r < 0)
407 return r;
e821075a
LP		 408
409 return 0;
410}
411
811ba7a0
LP		 412static const char *socket_find_symlink_target(Socket *s) {
413 const char *found = NULL;
414 SocketPort *p;
415
416 LIST_FOREACH(port, p, s->ports) {
417 const char *f = NULL;
418
419 switch (p->type) {
420
421 case SOCKET_FIFO:
422 f = p->path;
423 break;
424
425 case SOCKET_SOCKET:
b9495e8d 426 f = socket_address_get_path(&p->address);
811ba7a0
LP		 427 break;
428
429 default:
430 break;
431 }
432
433 if (f) {
434 if (found)
435 return NULL;
436
437 found = f;
438 }
439 }
440
441 return found;
442}
443
e821075a
LP		 444static int socket_verify(Socket *s) {
445 assert(s);
446
447 if (UNIT(s)->load_state != UNIT_LOADED)
448 return 0;
449
450 if (!s->ports) {
4d1fe20a 451 log_unit_error(UNIT(s), "Unit has no Listen setting (e.g. ListenStream=, ListenDatagram=, ListenFIFO, ...). Refusing.");
e821075a
LP		 452 return -EINVAL;
453 }
454
455 if (s->accept && have_non_accept_socket(s)) {
f2341e0a 456 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
e821075a
LP		 457 return -EINVAL;
458 }
459
460 if (s->accept && s->max_connections <= 0) {
f2341e0a 461 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
e821075a
LP		 462 return -EINVAL;
463 }
e06c73cc 464
e821075a 465 if (s->accept && UNIT_DEREF(s->service)) {
f2341e0a 466 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
e821075a
LP		 467 return -EINVAL;
468 }
469
470 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
f2341e0a 471 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
e821075a
LP		 472 return -EINVAL;
473 }
474
811ba7a0 475 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
f2341e0a 476 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
811ba7a0
LP		 477 return -EINVAL;
478 }
479
e821075a
LP		 480 return 0;
481}
482
9d565427
SS		 483static void peer_address_hash_func(const void *p, struct siphash *state) {
484 const SocketPeer *s = p;
485
486 assert(s);
166cf510 487 assert(IN_SET(s->peer.sa.sa_family, AF_INET, AF_INET6));
9d565427
SS		 488
489 if (s->peer.sa.sa_family == AF_INET)
490 siphash24_compress(&s->peer.in.sin_addr, sizeof(s->peer.in.sin_addr), state);
166cf510 491 else
9d565427
SS		 492 siphash24_compress(&s->peer.in6.sin6_addr, sizeof(s->peer.in6.sin6_addr), state);
493}
494
495static int peer_address_compare_func(const void *a, const void *b) {
496 const SocketPeer *x = a, *y = b;
497
498 if (x->peer.sa.sa_family < y->peer.sa.sa_family)
499 return -1;
500 if (x->peer.sa.sa_family > y->peer.sa.sa_family)
501 return 1;
502
503 switch(x->peer.sa.sa_family) {
504 case AF_INET:
505 return memcmp(&x->peer.in.sin_addr, &y->peer.in.sin_addr, sizeof(x->peer.in.sin_addr));
506 case AF_INET6:
507 return memcmp(&x->peer.in6.sin6_addr, &y->peer.in6.sin6_addr, sizeof(x->peer.in6.sin6_addr));
508 }
166cf510 509 assert_not_reached("Black sheep in the family!");
9d565427
SS		 510}
511
512const struct hash_ops peer_address_hash_ops = {
513 .hash = peer_address_hash_func,
514 .compare = peer_address_compare_func
515};
516
e821075a
LP		 517static int socket_load(Unit *u) {
518 Socket *s = SOCKET(u);
519 int r;
520
521 assert(u);
522 assert(u->load_state == UNIT_STUB);
523
9a73653c 524 r = set_ensure_allocated(&s->peers_by_address, &peer_address_hash_ops);
9d565427
SS		 525 if (r < 0)
526 return r;
527
e821075a
LP		 528 r = unit_load_fragment_and_dropin(u);
529 if (r < 0)
530 return r;
531
532 if (u->load_state == UNIT_LOADED) {
533 /* This is a new unit? Then let's add in some extras */
534 r = socket_add_extras(s);
e06c73cc
LP		 535 if (r < 0)
536 return r;
23a177ef
LP		 537 }
538
4f2d528d 539 return socket_verify(s);
44d8db9e
LP		 540}
541
166cf510
ZJS		 542static SocketPeer *socket_peer_new(void) {
543 SocketPeer *p;
544
545 p = new0(SocketPeer, 1);
546 if (!p)
547 return NULL;
548
549 p->n_ref = 1;
550
551 return p;
552}
553
554SocketPeer *socket_peer_ref(SocketPeer *p) {
555 if (!p)
556 return NULL;
557
558 assert(p->n_ref > 0);
559 p->n_ref++;
560
561 return p;
562}
563
564SocketPeer *socket_peer_unref(SocketPeer *p) {
565 if (!p)
566 return NULL;
567
568 assert(p->n_ref > 0);
569
570 p->n_ref--;
571
572 if (p->n_ref > 0)
573 return NULL;
574
575 if (p->socket)
576 set_remove(p->socket->peers_by_address, p);
577
578 return mfree(p);
579}
580
3ebcd323 581int socket_acquire_peer(Socket *s, int fd, SocketPeer **p) {
166cf510
ZJS		 582 _cleanup_(socket_peer_unrefp) SocketPeer *remote = NULL;
583 SocketPeer sa = {}, *i;
584 socklen_t salen = sizeof(sa.peer);
585 int r;
586
587 assert(fd >= 0);
588 assert(s);
589
590 r = getpeername(fd, &sa.peer.sa, &salen);
591 if (r < 0)
592 return log_error_errno(errno, "getpeername failed: %m");
593
594 if (!IN_SET(sa.peer.sa.sa_family, AF_INET, AF_INET6)) {
595 *p = NULL;
596 return 0;
597 }
598
599 i = set_get(s->peers_by_address, &sa);
600 if (i) {
601 *p = socket_peer_ref(i);
602 return 1;
603 }
604
605 remote = socket_peer_new();
606 if (!remote)
607 return log_oom();
608
609 remote->peer = sa.peer;
610
611 r = set_put(s->peers_by_address, remote);
612 if (r < 0)
613 return r;
614
615 remote->socket = s;
616
617 *p = remote;
618 remote = NULL;
619
620 return 1;
621}
622
44a6b1b6 623_const_ static const char* listen_lookup(int family, int type) {
7a22745a
LP		 624
625 if (family == AF_NETLINK)
626 return "ListenNetlink";
542563ba
LP		 627
628 if (type == SOCK_STREAM)
629 return "ListenStream";
630 else if (type == SOCK_DGRAM)
631 return "ListenDatagram";
632 else if (type == SOCK_SEQPACKET)
633 return "ListenSequentialPacket";
634
034c6ed7 635 assert_not_reached("Unknown socket type");
542563ba
LP		 636 return NULL;
637}
638
87f0e418 639static void socket_dump(Unit *u, FILE *f, const char *prefix) {
209e9dcd 640 char time_string[FORMAT_TIMESPAN_MAX];
5cb5a6ff 641 SocketExecCommand c;
87f0e418 642 Socket *s = SOCKET(u);
542563ba 643 SocketPort *p;
82ba9f08 644 const char *prefix2;
5cb5a6ff
LP		 645
646 assert(s);
fa068367 647 assert(f);
5cb5a6ff 648
4c940960 649 prefix = strempty(prefix);
63c372cb 650 prefix2 = strjoina(prefix, "\t");
c43d20a0 651
5cb5a6ff
LP		 652 fprintf(f,
653 "%sSocket State: %s\n"
81a5c6d0 654 "%sResult: %s\n"
542563ba 655 "%sBindIPv6Only: %s\n"
b5a0699f
LP		 656 "%sBacklog: %u\n"
657 "%sSocketMode: %04o\n"
4fd5948e
LP		 658 "%sDirectoryMode: %04o\n"
659 "%sKeepAlive: %s\n"
4427c3f4 660 "%sNoDelay: %s\n"
cebf8b20 661 "%sFreeBind: %s\n"
6b6d2dee 662 "%sTransparent: %s\n"
ec6370a2 663 "%sBroadcast: %s\n"
ede3deb4 664 "%sPassCredentials: %s\n"
54ecda32 665 "%sPassSecurity: %s\n"
bd1fe7c7 666 "%sTCPCongestion: %s\n"
16115b0a 667 "%sRemoveOnStop: %s\n"
55301ec0 668 "%sWritable: %s\n"
8dd4c05b 669 "%sFDName: %s\n"
16115b0a 670 "%sSELinuxContextFromNet: %s\n",
a16e1123 671 prefix, socket_state_to_string(s->state),
81a5c6d0 672 prefix, socket_result_to_string(s->result),
c0120d99 673 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
b5a0699f
LP		 674 prefix, s->backlog,
675 prefix, s->socket_mode,
4fd5948e
LP		 676 prefix, s->directory_mode,
677 prefix, yes_no(s->keep_alive),
4427c3f4 678 prefix, yes_no(s->no_delay),
cebf8b20 679 prefix, yes_no(s->free_bind),
6b6d2dee 680 prefix, yes_no(s->transparent),
ec6370a2 681 prefix, yes_no(s->broadcast),
d68af586 682 prefix, yes_no(s->pass_cred),
54ecda32 683 prefix, yes_no(s->pass_sec),
bd1fe7c7 684 prefix, strna(s->tcp_congestion),
16115b0a 685 prefix, yes_no(s->remove_on_stop),
55301ec0 686 prefix, yes_no(s->writable),
8dd4c05b 687 prefix, socket_fdname(s),
16115b0a 688 prefix, yes_no(s->selinux_context_from_net));
542563ba 689
70123e68
LP		 690 if (s->control_pid > 0)
691 fprintf(f,
de0671ee
ZJS		 692 "%sControl PID: "PID_FMT"\n",
693 prefix, s->control_pid);
70123e68 694
acbb0225
LP		 695 if (s->bind_to_device)
696 fprintf(f,
697 "%sBindToDevice: %s\n",
698 prefix, s->bind_to_device);
699
4f2d528d
LP		 700 if (s->accept)
701 fprintf(f,
6cf6bbc2
LP		 702 "%sAccepted: %u\n"
703 "%sNConnections: %u\n"
704 "%sMaxConnections: %u\n",
705 prefix, s->n_accepted,
706 prefix, s->n_connections,
707 prefix, s->max_connections);
4f2d528d 708
4fd5948e
LP		 709 if (s->priority >= 0)
710 fprintf(f,
711 "%sPriority: %i\n",
712 prefix, s->priority);
713
714 if (s->receive_buffer > 0)
715 fprintf(f,
716 "%sReceiveBuffer: %zu\n",
717 prefix, s->receive_buffer);
718
719 if (s->send_buffer > 0)
720 fprintf(f,
721 "%sSendBuffer: %zu\n",
722 prefix, s->send_buffer);
723
724 if (s->ip_tos >= 0)
725 fprintf(f,
726 "%sIPTOS: %i\n",
727 prefix, s->ip_tos);
728
729 if (s->ip_ttl >= 0)
730 fprintf(f,
731 "%sIPTTL: %i\n",
732 prefix, s->ip_ttl);
733
734 if (s->pipe_size > 0)
735 fprintf(f,
736 "%sPipeSize: %zu\n",
737 prefix, s->pipe_size);
738
739 if (s->mark >= 0)
740 fprintf(f,
741 "%sMark: %i\n",
742 prefix, s->mark);
743
916abb21
LP		 744 if (s->mq_maxmsg > 0)
745 fprintf(f,
746 "%sMessageQueueMaxMessages: %li\n",
747 prefix, s->mq_maxmsg);
748
749 if (s->mq_msgsize > 0)
750 fprintf(f,
751 "%sMessageQueueMessageSize: %li\n",
752 prefix, s->mq_msgsize);
753
718db961 754 if (s->reuse_port)
f7db7a69
SL		 755 fprintf(f,
756 "%sReusePort: %s\n",
718db961 757 prefix, yes_no(s->reuse_port));
f7db7a69 758
0eb59ccf
AK		 759 if (s->smack)
760 fprintf(f,
761 "%sSmackLabel: %s\n",
762 prefix, s->smack);
763
764 if (s->smack_ip_in)
765 fprintf(f,
766 "%sSmackLabelIPIn: %s\n",
767 prefix, s->smack_ip_in);
768
769 if (s->smack_ip_out)
770 fprintf(f,
771 "%sSmackLabelIPOut: %s\n",
772 prefix, s->smack_ip_out);
773
3900e5fd
LP		 774 if (!isempty(s->user) || !isempty(s->group))
775 fprintf(f,
d2a50e3b
LP		 776 "%sSocketUser: %s\n"
777 "%sSocketGroup: %s\n",
3900e5fd
LP		 778 prefix, strna(s->user),
779 prefix, strna(s->group));
780
3cd761e4 781 if (s->keep_alive_time > 0)
209e9dcd 782 fprintf(f,
3cd761e4
LP		 783 "%sKeepAliveTimeSec: %s\n",
784 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
209e9dcd 785
3cd761e4 786 if (s->keep_alive_interval)
209e9dcd 787 fprintf(f,
3cd761e4
LP		 788 "%sKeepAliveIntervalSec: %s\n",
789 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
209e9dcd 790
3cd761e4 791 if (s->keep_alive_cnt)
209e9dcd
SS		 792 fprintf(f,
793 "%sKeepAliveProbes: %u\n",
794 prefix, s->keep_alive_cnt);
795
3cd761e4 796 if (s->defer_accept)
cc567c9b 797 fprintf(f,
3cd761e4
LP		 798 "%sDeferAcceptSec: %s\n",
799 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
cc567c9b 800
034c6ed7 801 LIST_FOREACH(port, p, s->ports) {
5cb5a6ff 802
542563ba
LP		 803 if (p->type == SOCKET_SOCKET) {
804 const char *t;
805 int r;
e364ad06 806 char *k = NULL;
542563ba 807
e53fc357
LP		 808 r = socket_address_print(&p->address, &k);
809 if (r < 0)
542563ba
LP		 810 t = strerror(-r);
811 else
812 t = k;
813
7a22745a 814 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
542563ba 815 free(k);
b0a3f2bc
LP		 816 } else if (p->type == SOCKET_SPECIAL)
817 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
60252446
PS		 818 else if (p->type == SOCKET_USB_FUNCTION)
819 fprintf(f, "%sListenUSBFunction: %s\n", prefix, p->path);
916abb21
LP		 820 else if (p->type == SOCKET_MQUEUE)
821 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
b0a3f2bc 822 else
542563ba
LP		 823 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
824 }
5cb5a6ff 825
1745fa70
EV		 826 fprintf(f,
827 "%sTriggerLimitIntervalSec: %s\n"
828 "%sTriggerLimitBurst: %u\n",
829 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->trigger_limit.interval, USEC_PER_SEC),
830 prefix, s->trigger_limit.burst);
831
5cb5a6ff 832 exec_context_dump(&s->exec_context, f, prefix);
4819ff03 833 kill_context_dump(&s->kill_context, f, prefix);
5cb5a6ff 834
e537352b 835 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
c43d20a0
LP		 836 if (!s->exec_command[c])
837 continue;
5cb5a6ff 838
40d50879 839 fprintf(f, "%s-> %s:\n",
a16e1123 840 prefix, socket_exec_command_to_string(c));
c43d20a0
LP		 841
842 exec_command_dump_list(s->exec_command[c], f, prefix2);
5cb5a6ff
LP		 843 }
844}
845
4f2d528d
LP		 846static int instance_from_socket(int fd, unsigned nr, char **instance) {
847 socklen_t l;
848 char *r;
9d16d0c7 849 union sockaddr_union local, remote;
4f2d528d
LP		 850
851 assert(fd >= 0);
852 assert(instance);
853
854 l = sizeof(local);
855 if (getsockname(fd, &local.sa, &l) < 0)
856 return -errno;
857
858 l = sizeof(remote);
859 if (getpeername(fd, &remote.sa, &l) < 0)
860 return -errno;
861
862 switch (local.sa.sa_family) {
863
864 case AF_INET: {
865 uint32_t
8e38570e
LP		 866 a = be32toh(local.in.sin_addr.s_addr),
867 b = be32toh(remote.in.sin_addr.s_addr);
4f2d528d
LP		 868
869 if (asprintf(&r,
77b088c2
LP		 870 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
871 nr,
4f2d528d 872 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
8e38570e 873 be16toh(local.in.sin_port),
4f2d528d 874 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
8e38570e 875 be16toh(remote.in.sin_port)) < 0)
4f2d528d
LP		 876 return -ENOMEM;
877
878 break;
879 }
880
881 case AF_INET6: {
c65a0b14 882 static const unsigned char ipv4_prefix[] = {
2b061f5a
LP		 883 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
884 };
885
886 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
887 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
888 const uint8_t
889 *a = local.in6.sin6_addr.s6_addr+12,
890 *b = remote.in6.sin6_addr.s6_addr+12;
891
892 if (asprintf(&r,
77b088c2
LP		 893 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
894 nr,
2b061f5a 895 a[0], a[1], a[2], a[3],
8e38570e 896 be16toh(local.in6.sin6_port),
2b061f5a 897 b[0], b[1], b[2], b[3],
8e38570e 898 be16toh(remote.in6.sin6_port)) < 0)
2b061f5a
LP		 899 return -ENOMEM;
900 } else {
901 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
902
903 if (asprintf(&r,
77b088c2
LP		 904 "%u-%s:%u-%s:%u",
905 nr,
2b061f5a 906 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
8e38570e 907 be16toh(local.in6.sin6_port),
2b061f5a 908 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
8e38570e 909 be16toh(remote.in6.sin6_port)) < 0)
2b061f5a
LP		 910 return -ENOMEM;
911 }
4f2d528d
LP		 912
913 break;
914 }
915
916 case AF_UNIX: {
917 struct ucred ucred;
eff05270 918 int k;
4f2d528d 919
eff05270 920 k = getpeercred(fd, &ucred);
d38f6e34
ZJS		 921 if (k >= 0) {
922 if (asprintf(&r,
923 "%u-"PID_FMT"-"UID_FMT,
924 nr, ucred.pid, ucred.uid) < 0)
925 return -ENOMEM;
926 } else if (k == -ENODATA) {
927 /* This handles the case where somebody is
928 * connecting from another pid/uid namespace
929 * (e.g. from outside of our container). */
930 if (asprintf(&r,
931 "%u-unknown",
932 nr) < 0)
933 return -ENOMEM;
934 } else
eff05270 935 return k;
2f20a8eb 936
2f20a8eb 937 break;
4f2d528d
LP		 938 }
939
940 default:
941 assert_not_reached("Unhandled socket type.");
942 }
943
944 *instance = r;
945 return 0;
946}
947
034c6ed7 948static void socket_close_fds(Socket *s) {
83c60c9f 949 SocketPort *p;
811ba7a0 950 char **i;
83c60c9f
LP		 951
952 assert(s);
953
034c6ed7 954 LIST_FOREACH(port, p, s->ports) {
18e854f8 955 bool was_open;
718db961 956
18e854f8 957 was_open = p->fd >= 0;
83c60c9f 958
18e854f8 959 p->event_source = sd_event_source_unref(p->event_source);
03e334a1 960 p->fd = safe_close(p->fd);
15087cdb 961 socket_cleanup_fd_list(p);
a16e1123 962
18e854f8
LP		 963 /* One little note: we should normally not delete any sockets in the file system here! After all some
964 * other process we spawned might still have a reference of this fd and wants to continue to use
965 * it. Therefore we normally delete sockets in the file system before we create a new one, not after we
966 * stopped using one! That all said, if the user explicitly requested this, we'll delete them here
967 * anyway, but only then. */
bd1fe7c7 968
18e854f8
LP		 969 if (!was_open || !s->remove_on_stop)
970 continue;
971
972 switch (p->type) {
bd1fe7c7 973
18e854f8
LP		 974 case SOCKET_FIFO:
975 (void) unlink(p->path);
976 break;
bd1fe7c7 977
18e854f8
LP		 978 case SOCKET_MQUEUE:
979 (void) mq_unlink(p->path);
980 break;
bd1fe7c7 981
18e854f8
LP		 982 case SOCKET_SOCKET:
983 (void) socket_address_unlink(&p->address);
984 break;
bd1fe7c7 985
18e854f8
LP		 986 default:
987 break;
bd1fe7c7 988 }
83c60c9f 989 }
811ba7a0
LP		 990
991 if (s->remove_on_stop)
992 STRV_FOREACH(i, s->symlinks)
18e854f8 993 (void) unlink(*i);
83c60c9f
LP		 994}
995
4fd5948e 996static void socket_apply_socket_options(Socket *s, int fd) {
d53e386d
LP		 997 int r;
998
4fd5948e
LP		 999 assert(s);
1000 assert(fd >= 0);
1001
1002 if (s->keep_alive) {
1003 int b = s->keep_alive;
1004 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
f2341e0a 1005 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
4fd5948e
LP		 1006 }
1007
209e9dcd
SS		 1008 if (s->keep_alive_time) {
1009 int value = s->keep_alive_time / USEC_PER_SEC;
1010 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
f2341e0a 1011 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
209e9dcd
SS		 1012 }
1013
1014 if (s->keep_alive_interval) {
920b52e4 1015 int value = s->keep_alive_interval / USEC_PER_SEC;
209e9dcd 1016 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
f2341e0a 1017 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
209e9dcd
SS		 1018 }
1019
1020 if (s->keep_alive_cnt) {
1021 int value = s->keep_alive_cnt;
172cfe87 1022 if (setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &value, sizeof(value)) < 0)
f2341e0a 1023 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
209e9dcd
SS		 1024 }
1025
cc567c9b
SS		 1026 if (s->defer_accept) {
1027 int value = s->defer_accept / USEC_PER_SEC;
1028 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
f2341e0a 1029 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
cc567c9b
SS		 1030 }
1031
4427c3f4
SS		 1032 if (s->no_delay) {
1033 int b = s->no_delay;
62bc4efc
SS		 1034
1035 if (s->socket_protocol == IPPROTO_SCTP) {
1036 if (setsockopt(fd, SOL_SCTP, SCTP_NODELAY, &b, sizeof(b)) < 0)
1037 log_unit_warning_errno(UNIT(s), errno, "SCTP_NODELAY failed: %m");
1038 } else {
1039 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
1040 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
1041 }
4427c3f4
SS		 1042 }
1043
ec6370a2
LP		 1044 if (s->broadcast) {
1045 int one = 1;
1046 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
f2341e0a 1047 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
ec6370a2
LP		 1048 }
1049
d68af586
MS		 1050 if (s->pass_cred) {
1051 int one = 1;
1052 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
f2341e0a 1053 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
d68af586
MS		 1054 }
1055
54ecda32
LP		 1056 if (s->pass_sec) {
1057 int one = 1;
1058 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
f2341e0a 1059 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
54ecda32
LP		 1060 }
1061
4fd5948e
LP		 1062 if (s->priority >= 0)
1063 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
f2341e0a 1064 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
4fd5948e
LP		 1065
1066 if (s->receive_buffer > 0) {
1067 int value = (int) s->receive_buffer;
7d9eaa84
LP		 1068
1069 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
1070
b8cef44e 1071 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 1072 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
f2341e0a 1073 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
4fd5948e
LP		 1074 }
1075
1076 if (s->send_buffer > 0) {
1077 int value = (int) s->send_buffer;
b8cef44e 1078 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 1079 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
f2341e0a 1080 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
4fd5948e
LP		 1081 }
1082
1083 if (s->mark >= 0)
1084 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
f2341e0a 1085 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
4fd5948e
LP		 1086
1087 if (s->ip_tos >= 0)
1088 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
f2341e0a 1089 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
4fd5948e 1090
46925ac5 1091 if (s->ip_ttl >= 0) {
d53e386d 1092 int x;
46925ac5
LP		 1093
1094 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
5bfcc1c6
FF		 1095
1096 if (socket_ipv6_is_supported())
1097 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
1098 else {
1099 x = -1;
1100 errno = EAFNOSUPPORT;
1101 }
46925ac5
LP		 1102
1103 if (r < 0 && x < 0)
f2341e0a 1104 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
46925ac5 1105 }
cebf8b20
TT		 1106
1107 if (s->tcp_congestion)
1108 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
f2341e0a 1109 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
0eb59ccf 1110
d53e386d 1111 if (s->smack_ip_in) {
5ab58c20 1112 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
d53e386d 1113 if (r < 0)
f2341e0a 1114 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
d53e386d 1115 }
9a4e038c 1116
d53e386d 1117 if (s->smack_ip_out) {
5ab58c20 1118 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
d53e386d 1119 if (r < 0)
f2341e0a 1120 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
d53e386d 1121 }
4fd5948e
LP		 1122}
1123
b15bdda8 1124static void socket_apply_fifo_options(Socket *s, int fd) {
d53e386d
LP		 1125 int r;
1126
4fd5948e
LP		 1127 assert(s);
1128 assert(fd >= 0);
1129
1130 if (s->pipe_size > 0)
1131 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
ed460b07 1132 log_unit_warning_errno(UNIT(s), errno, "Setting pipe size failed, ignoring: %m");
0eb59ccf 1133
d53e386d 1134 if (s->smack) {
5ab58c20 1135 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
d53e386d 1136 if (r < 0)
ed460b07 1137 log_unit_error_errno(UNIT(s), r, "SMACK relabelling failed, ignoring: %m");
d53e386d 1138 }
4fd5948e
LP		 1139}
1140
b15bdda8
LP		 1141static int fifo_address_create(
1142 const char *path,
1143 mode_t directory_mode,
e8da24a6 1144 mode_t socket_mode) {
b15bdda8 1145
e8da24a6 1146 _cleanup_close_ int fd = -1;
b15bdda8 1147 mode_t old_mask;
e8da24a6
LP		 1148 struct stat st;
1149 int r;
b15bdda8
LP		 1150
1151 assert(path);
b15bdda8 1152
d2e54fae 1153 mkdir_parents_label(path, directory_mode);
b15bdda8 1154
ecabcf8b 1155 r = mac_selinux_create_file_prepare(path, S_IFIFO);
e9a5ef7c 1156 if (r < 0)
e8da24a6 1157 return r;
b15bdda8
LP		 1158
1159 /* Enforce the right access mode for the fifo */
1160 old_mask = umask(~ socket_mode);
1161
1162 /* Include the original umask in our mask */
e8da24a6 1163 (void) umask(~socket_mode | old_mask);
b15bdda8
LP		 1164
1165 r = mkfifo(path, socket_mode);
e8da24a6 1166 (void) umask(old_mask);
b15bdda8 1167
94bc2731 1168 if (r < 0 && errno != EEXIST) {
b15bdda8
LP		 1169 r = -errno;
1170 goto fail;
1171 }
1172
e8da24a6 1173 fd = open(path, O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
3cc2aff1 1174 if (fd < 0) {
b15bdda8
LP		 1175 r = -errno;
1176 goto fail;
1177 }
1178
ecabcf8b 1179 mac_selinux_create_file_clear();
7a58bfa4 1180
b15bdda8
LP		 1181 if (fstat(fd, &st) < 0) {
1182 r = -errno;
1183 goto fail;
1184 }
1185
1186 if (!S_ISFIFO(st.st_mode) ||
de0200fc 1187 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
e4f44e73
DR		 1188 st.st_uid != getuid() ||
1189 st.st_gid != getgid()) {
b15bdda8
LP		 1190 r = -EEXIST;
1191 goto fail;
1192 }
1193
e8da24a6
LP		 1194 r = fd;
1195 fd = -1;
1196
1197 return r;
b15bdda8
LP		 1198
1199fail:
ecabcf8b 1200 mac_selinux_create_file_clear();
b15bdda8
LP		 1201 return r;
1202}
1203
55301ec0 1204static int special_address_create(const char *path, bool writable) {
e8da24a6 1205 _cleanup_close_ int fd = -1;
b0a3f2bc 1206 struct stat st;
e8da24a6 1207 int r;
b0a3f2bc
LP		 1208
1209 assert(path);
b0a3f2bc 1210
55301ec0 1211 fd = open(path, (writable ? O_RDWR : O_RDONLY)|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
e8da24a6
LP		 1212 if (fd < 0)
1213 return -errno;
b0a3f2bc 1214
e8da24a6
LP		 1215 if (fstat(fd, &st) < 0)
1216 return -errno;
b0a3f2bc
LP		 1217
1218 /* Check whether this is a /proc, /sys or /dev file or char device */
e8da24a6
LP		 1219 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode))
1220 return -EEXIST;
b0a3f2bc 1221
e8da24a6
LP		 1222 r = fd;
1223 fd = -1;
b0a3f2bc
LP		 1224
1225 return r;
1226}
1227
36078102 1228static int usbffs_address_create(const char *path) {
60252446
PS		 1229 _cleanup_close_ int fd = -1;
1230 struct stat st;
e8da24a6 1231 int r;
60252446
PS		 1232
1233 assert(path);
60252446
PS		 1234
1235 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1236 if (fd < 0)
1237 return -errno;
1238
1239 if (fstat(fd, &st) < 0)
1240 return -errno;
1241
1242 /* Check whether this is a regular file (ffs endpoint)*/
1243 if (!S_ISREG(st.st_mode))
1244 return -EEXIST;
1245
e8da24a6 1246 r = fd;
60252446
PS		 1247 fd = -1;
1248
e8da24a6 1249 return r;
60252446
PS		 1250}
1251
916abb21
LP		 1252static int mq_address_create(
1253 const char *path,
1254 mode_t mq_mode,
1255 long maxmsg,
e8da24a6 1256 long msgsize) {
916abb21 1257
e8da24a6 1258 _cleanup_close_ int fd = -1;
916abb21
LP		 1259 struct stat st;
1260 mode_t old_mask;
1261 struct mq_attr _attr, *attr = NULL;
e8da24a6 1262 int r;
916abb21
LP		 1263
1264 assert(path);
916abb21
LP		 1265
1266 if (maxmsg > 0 && msgsize > 0) {
e8da24a6
LP		 1267 _attr = (struct mq_attr) {
1268 .mq_flags = O_NONBLOCK,
1269 .mq_maxmsg = maxmsg,
1270 .mq_msgsize = msgsize,
1271 };
916abb21
LP		 1272 attr = &_attr;
1273 }
1274
1275 /* Enforce the right access mode for the mq */
1276 old_mask = umask(~ mq_mode);
1277
1278 /* Include the original umask in our mask */
e8da24a6 1279 (void) umask(~mq_mode | old_mask);
916abb21 1280 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
e8da24a6 1281 (void) umask(old_mask);
916abb21 1282
e8da24a6
LP		 1283 if (fd < 0)
1284 return -errno;
916abb21 1285
e8da24a6
LP		 1286 if (fstat(fd, &st) < 0)
1287 return -errno;
916abb21
LP		 1288
1289 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1290 st.st_uid != getuid() ||
e8da24a6
LP		 1291 st.st_gid != getgid())
1292 return -EEXIST;
916abb21 1293
e8da24a6
LP		 1294 r = fd;
1295 fd = -1;
916abb21 1296
916abb21
LP		 1297 return r;
1298}
1299
811ba7a0
LP		 1300static int socket_symlink(Socket *s) {
1301 const char *p;
1302 char **i;
1303
1304 assert(s);
1305
1306 p = socket_find_symlink_target(s);
1307 if (!p)
1308 return 0;
1309
1310 STRV_FOREACH(i, s->symlinks)
43b133b4 1311 symlink_label(p, *i);
811ba7a0
LP		 1312
1313 return 0;
1314}
1315
36078102 1316static int usbffs_write_descs(int fd, Service *s) {
6b7e5923
PS		 1317 int r;
1318
1319 if (!s->usb_function_descriptors || !s->usb_function_strings)
1320 return -EINVAL;
1321
1322 r = copy_file_fd(s->usb_function_descriptors, fd, false);
1323 if (r < 0)
e8da24a6 1324 return r;
6b7e5923 1325
e8da24a6 1326 return copy_file_fd(s->usb_function_strings, fd, false);
6b7e5923
PS		 1327}
1328
36078102 1329static int usbffs_select_ep(const struct dirent *d) {
60252446
PS		 1330 return d->d_name[0] != '.' && !streq(d->d_name, "ep0");
1331}
1332
36078102 1333static int usbffs_dispatch_eps(SocketPort *p) {
60252446 1334 _cleanup_free_ struct dirent **ent = NULL;
36078102 1335 int r, i, n, k;
60252446 1336
00bb64ec 1337 r = scandir(p->path, &ent, usbffs_select_ep, alphasort);
60252446
PS		 1338 if (r < 0)
1339 return -errno;
1340
1341 n = r;
1342 p->auxiliary_fds = new(int, n);
1343 if (!p->auxiliary_fds)
1344 return -ENOMEM;
1345
1346 p->n_auxiliary_fds = n;
1347
1348 k = 0;
1349 for (i = 0; i < n; ++i) {
1350 _cleanup_free_ char *ep = NULL;
1351
00bb64ec 1352 ep = path_make_absolute(ent[i]->d_name, p->path);
60252446
PS		 1353 if (!ep)
1354 return -ENOMEM;
1355
1356 path_kill_slashes(ep);
1357
36078102 1358 r = usbffs_address_create(ep);
60252446
PS		 1359 if (r < 0)
1360 goto fail;
1361
e8da24a6
LP		 1362 p->auxiliary_fds[k] = r;
1363
60252446
PS		 1364 ++k;
1365 free(ent[i]);
1366 }
1367
1368 return r;
1369
1370fail:
e8da24a6 1371 close_many(p->auxiliary_fds, k);
60252446
PS		 1372 p->auxiliary_fds = mfree(p->auxiliary_fds);
1373 p->n_auxiliary_fds = 0;
1374
1375 return r;
1376}
1377
d24e561d
LP		 1378static int socket_determine_selinux_label(Socket *s, char **ret) {
1379 ExecCommand *c;
1380 int r;
1381
1382 assert(s);
1383 assert(ret);
1384
1385 if (s->selinux_context_from_net) {
1386 /* If this is requested, get label from the network label */
1387
1388 r = mac_selinux_get_our_label(ret);
1389 if (r == -EOPNOTSUPP)
1390 goto no_label;
1391
1392 } else {
1393 /* Otherwise, get it from the executable we are about to start */
1394 r = socket_instantiate_service(s);
1395 if (r < 0)
1396 return r;
1397
1398 if (!UNIT_ISSET(s->service))
1399 goto no_label;
1400
1401 c = SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START];
1402 if (!c)
1403 goto no_label;
1404
1405 r = mac_selinux_get_create_label_from_exe(c->path, ret);
1406 if (r == -EPERM || r == -EOPNOTSUPP)
1407 goto no_label;
1408 }
1409
1410 return r;
1411
1412no_label:
1413 *ret = NULL;
1414 return 0;
1415}
1416
034c6ed7 1417static int socket_open_fds(Socket *s) {
710a6b50
LP		 1418 _cleanup_(mac_selinux_freep) char *label = NULL;
1419 bool know_label = false;
83c60c9f
LP		 1420 SocketPort *p;
1421 int r;
1422
1423 assert(s);
1424
034c6ed7 1425 LIST_FOREACH(port, p, s->ports) {
83c60c9f 1426
034c6ed7
LP		 1427 if (p->fd >= 0)
1428 continue;
83c60c9f 1429
00411a13
LP		 1430 switch (p->type) {
1431
1432 case SOCKET_SOCKET:
049f8642 1433
7f416dae 1434 if (!know_label) {
d24e561d
LP		 1435 /* Figure out label, if we don't it know yet. We do it once, for the first socket where
1436 * we need this and remember it for the rest. */
7f416dae 1437
d24e561d
LP		 1438 r = socket_determine_selinux_label(s, &label);
1439 if (r < 0)
1440 goto rollback;
049f8642
LP		 1441
1442 know_label = true;
1443 }
1444
74bb646e 1445 /* Apply the socket protocol */
d24e561d 1446 switch (p->address.type) {
d2a50e3b 1447
74bb646e
SS		 1448 case SOCK_STREAM:
1449 case SOCK_SEQPACKET:
d24e561d
LP		 1450 if (s->socket_protocol == IPPROTO_SCTP)
1451 p->address.protocol = s->socket_protocol;
74bb646e 1452 break;
d2a50e3b 1453
74bb646e 1454 case SOCK_DGRAM:
d24e561d
LP		 1455 if (s->socket_protocol == IPPROTO_UDPLITE)
1456 p->address.protocol = s->socket_protocol;
74bb646e
SS		 1457 break;
1458 }
1459
175a3d25
LP		 1460 r = socket_address_listen(
1461 &p->address,
1462 SOCK_CLOEXEC|SOCK_NONBLOCK,
1463 s->backlog,
1464 s->bind_ipv6_only,
1465 s->bind_to_device,
54255c64 1466 s->reuse_port,
175a3d25
LP		 1467 s->free_bind,
1468 s->transparent,
1469 s->directory_mode,
1470 s->socket_mode,
1471 label);
1472 if (r < 0)
83c60c9f
LP		 1473 goto rollback;
1474
175a3d25 1475 p->fd = r;
4fd5948e 1476 socket_apply_socket_options(s, p->fd);
811ba7a0 1477 socket_symlink(s);
00411a13 1478 break;
4fd5948e 1479
00411a13 1480 case SOCKET_SPECIAL:
b0a3f2bc 1481
55301ec0 1482 p->fd = special_address_create(p->path, s->writable);
e8da24a6
LP		 1483 if (p->fd < 0) {
1484 r = p->fd;
b0a3f2bc 1485 goto rollback;
e8da24a6 1486 }
00411a13 1487 break;
b0a3f2bc 1488
00411a13 1489 case SOCKET_FIFO:
83c60c9f 1490
e8da24a6 1491 p->fd = fifo_address_create(
175a3d25
LP		 1492 p->path,
1493 s->directory_mode,
e8da24a6
LP		 1494 s->socket_mode);
1495 if (p->fd < 0) {
1496 r = p->fd;
83c60c9f 1497 goto rollback;
e8da24a6 1498 }
83c60c9f 1499
b15bdda8 1500 socket_apply_fifo_options(s, p->fd);
811ba7a0 1501 socket_symlink(s);
00411a13 1502 break;
811ba7a0 1503
00411a13 1504 case SOCKET_MQUEUE:
83c60c9f 1505
e8da24a6 1506 p->fd = mq_address_create(
175a3d25
LP		 1507 p->path,
1508 s->socket_mode,
1509 s->mq_maxmsg,
e8da24a6
LP		 1510 s->mq_msgsize);
1511 if (p->fd < 0) {
1512 r = p->fd;
916abb21 1513 goto rollback;
e8da24a6 1514 }
00411a13 1515 break;
e8da24a6 1516
d2a50e3b 1517 case SOCKET_USB_FUNCTION: {
27a6ea91 1518 _cleanup_free_ char *ep = NULL;
60252446 1519
27a6ea91
GB		 1520 ep = path_make_absolute("ep0", p->path);
1521
1522 p->fd = usbffs_address_create(ep);
e8da24a6
LP		 1523 if (p->fd < 0) {
1524 r = p->fd;
60252446 1525 goto rollback;
e8da24a6 1526 }
60252446 1527
36078102 1528 r = usbffs_write_descs(p->fd, SERVICE(UNIT_DEREF(s->service)));
6b7e5923
PS		 1529 if (r < 0)
1530 goto rollback;
1531
36078102 1532 r = usbffs_dispatch_eps(p);
60252446
PS		 1533 if (r < 0)
1534 goto rollback;
00411a13
LP		 1535
1536 break;
27a6ea91 1537 }
00411a13 1538 default:
b15bdda8 1539 assert_not_reached("Unknown port type");
00411a13 1540 }
034c6ed7
LP		 1541 }
1542
1543 return 0;
1544
1545rollback:
1546 socket_close_fds(s);
1547 return r;
1548}
1549
1550static void socket_unwatch_fds(Socket *s) {
1551 SocketPort *p;
718db961 1552 int r;
9152c765 1553
034c6ed7
LP		 1554 assert(s);
1555
1556 LIST_FOREACH(port, p, s->ports) {
1557 if (p->fd < 0)
1558 continue;
1559
a4152e3f
LP		 1560 if (!p->event_source)
1561 continue;
1562
1563 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1564 if (r < 0)
f2341e0a 1565 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
83c60c9f 1566 }
034c6ed7
LP		 1567}
1568
1569static int socket_watch_fds(Socket *s) {
1570 SocketPort *p;
1571 int r;
1572
1573 assert(s);
83c60c9f 1574
034c6ed7
LP		 1575 LIST_FOREACH(port, p, s->ports) {
1576 if (p->fd < 0)
1577 continue;
1578
cbf60d0a 1579 if (p->event_source) {
718db961 1580 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
cbf60d0a
LP		 1581 if (r < 0)
1582 goto fail;
1583 } else {
151b9b96 1584 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
cbf60d0a
LP		 1585 if (r < 0)
1586 goto fail;
4f2d528d 1587
cbf60d0a 1588 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
718db961 1589 }
034c6ed7 1590 }
83c60c9f 1591
542563ba 1592 return 0;
83c60c9f 1593
034c6ed7 1594fail:
cbf60d0a 1595 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
034c6ed7
LP		 1596 socket_unwatch_fds(s);
1597 return r;
1598}
1599
01a8b467
LP		 1600enum {
1601 SOCKET_OPEN_NONE,
1602 SOCKET_OPEN_SOME,
1603 SOCKET_OPEN_ALL,
1604};
1605
1606static int socket_check_open(Socket *s) {
1607 bool have_open = false, have_closed = false;
1608 SocketPort *p;
1609
1610 assert(s);
1611
1612 LIST_FOREACH(port, p, s->ports) {
1613 if (p->fd < 0)
1614 have_closed = true;
1615 else
1616 have_open = true;
1617
1618 if (have_open && have_closed)
1619 return SOCKET_OPEN_SOME;
1620 }
1621
1622 if (have_open)
1623 return SOCKET_OPEN_ALL;
1624
1625 return SOCKET_OPEN_NONE;
1626}
1627
034c6ed7
LP		 1628static void socket_set_state(Socket *s, SocketState state) {
1629 SocketState old_state;
1630 assert(s);
1631
1632 old_state = s->state;
1633 s->state = state;
1634
bd1fe7c7
LP		 1635 if (!IN_SET(state,
1636 SOCKET_START_PRE,
3900e5fd 1637 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1638 SOCKET_START_POST,
1639 SOCKET_STOP_PRE,
1640 SOCKET_STOP_PRE_SIGTERM,
1641 SOCKET_STOP_PRE_SIGKILL,
1642 SOCKET_STOP_POST,
1643 SOCKET_FINAL_SIGTERM,
1644 SOCKET_FINAL_SIGKILL)) {
718db961
LP		 1645
1646 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
5e94833f 1647 socket_unwatch_control_pid(s);
034c6ed7 1648 s->control_command = NULL;
a16e1123 1649 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
e537352b 1650 }
034c6ed7 1651
a16e1123
LP		 1652 if (state != SOCKET_LISTENING)
1653 socket_unwatch_fds(s);
1654
bd1fe7c7 1655 if (!IN_SET(state,
3900e5fd 1656 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1657 SOCKET_START_POST,
1658 SOCKET_LISTENING,
1659 SOCKET_RUNNING,
1660 SOCKET_STOP_PRE,
1661 SOCKET_STOP_PRE_SIGTERM,
1662 SOCKET_STOP_PRE_SIGKILL))
034c6ed7
LP		 1663 socket_close_fds(s);
1664
e537352b 1665 if (state != old_state)
f2341e0a 1666 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
acbb0225 1667
e2f3b44c 1668 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
034c6ed7
LP		 1669}
1670
be847e82 1671static int socket_coldplug(Unit *u) {
a16e1123
LP		 1672 Socket *s = SOCKET(u);
1673 int r;
1674
1675 assert(s);
1676 assert(s->state == SOCKET_DEAD);
1677
e821075a
LP		 1678 if (s->deserialized_state == s->state)
1679 return 0;
a16e1123 1680
c386f588
LP		 1681 if (s->control_pid > 0 &&
1682 pid_is_unwaited(s->control_pid) &&
1683 IN_SET(s->deserialized_state,
3900e5fd
LP		 1684 SOCKET_START_PRE,
1685 SOCKET_START_CHOWN,
1686 SOCKET_START_POST,
1687 SOCKET_STOP_PRE,
1688 SOCKET_STOP_PRE_SIGTERM,
1689 SOCKET_STOP_PRE_SIGKILL,
1690 SOCKET_STOP_POST,
1691 SOCKET_FINAL_SIGTERM,
1692 SOCKET_FINAL_SIGKILL)) {
a16e1123 1693
e821075a
LP		 1694 r = unit_watch_pid(UNIT(s), s->control_pid);
1695 if (r < 0)
1696 return r;
a16e1123 1697
36c16a7c 1698 r = socket_arm_timer(s, usec_add(u->state_change_timestamp.monotonic, s->timeout_usec));
e821075a
LP		 1699 if (r < 0)
1700 return r;
1701 }
a16e1123 1702
3900e5fd
LP		 1703 if (IN_SET(s->deserialized_state,
1704 SOCKET_START_CHOWN,
1705 SOCKET_START_POST,
1706 SOCKET_LISTENING,
01a8b467
LP		 1707 SOCKET_RUNNING)) {
1708
1709 /* Originally, we used to simply reopen all sockets here that we didn't have file descriptors
1710 * for. However, this is problematic, as we won't traverse throught the SOCKET_START_CHOWN state for
1711 * them, and thus the UID/GID wouldn't be right. Hence, instead simply check if we have all fds open,
1712 * and if there's a mismatch, warn loudly. */
1713
1714 r = socket_check_open(s);
1715 if (r == SOCKET_OPEN_NONE)
1716 log_unit_warning(UNIT(s),
1717 "Socket unit configuration has changed while unit has been running, "
1718 "no open socket file descriptor left. "
1719 "The socket unit is not functional until restarted.");
1720 else if (r == SOCKET_OPEN_SOME)
1721 log_unit_warning(UNIT(s),
1722 "Socket unit configuration has changed while unit has been running, "
1723 "and some socket file descriptors have not been opened yet. "
1724 "The socket unit is not fully functional until restarted.");
e821075a 1725 }
a16e1123 1726
e821075a
LP		 1727 if (s->deserialized_state == SOCKET_LISTENING) {
1728 r = socket_watch_fds(s);
1729 if (r < 0)
1730 return r;
a16e1123
LP		 1731 }
1732
29206d46
LP		 1733 if (!IN_SET(s->deserialized_state, SOCKET_DEAD, SOCKET_FAILED))
1734 (void) unit_setup_dynamic_creds(u);
1735
e821075a 1736 socket_set_state(s, s->deserialized_state);
a16e1123
LP		 1737 return 0;
1738}
1739
e537352b 1740static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
034c6ed7
LP		 1741 pid_t pid;
1742 int r;
9fa95f85 1743 ExecParameters exec_params = {
c39f1ce2
LP		 1744 .flags = EXEC_APPLY_PERMISSIONS|EXEC_APPLY_CHROOT|EXEC_APPLY_TTY_STDIN,
1745 .stdin_fd = -1,
1746 .stdout_fd = -1,
1747 .stderr_fd = -1,
9fa95f85 1748 };
034c6ed7
LP		 1749
1750 assert(s);
1751 assert(c);
1752 assert(_pid);
1753
5ad096b3
LP		 1754 (void) unit_realize_cgroup(UNIT(s));
1755 if (s->reset_cpu_usage) {
1756 (void) unit_reset_cpu_usage(UNIT(s));
1757 s->reset_cpu_usage = false;
1758 }
4ad49000 1759
613b411c
LP		 1760 r = unit_setup_exec_runtime(UNIT(s));
1761 if (r < 0)
36c16a7c 1762 return r;
613b411c 1763
29206d46
LP		 1764 r = unit_setup_dynamic_creds(UNIT(s));
1765 if (r < 0)
1766 return r;
1767
36c16a7c 1768 r = socket_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->timeout_usec));
36697dc0 1769 if (r < 0)
36c16a7c 1770 return r;
034c6ed7 1771
5125e762 1772 exec_params.argv = c->argv;
9fa95f85 1773 exec_params.environment = UNIT(s)->manager->environment;
7d5ceb64 1774 exec_params.confirm_spawn = manager_get_confirm_spawn(UNIT(s)->manager);
9fa95f85
DM		 1775 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1776 exec_params.cgroup_path = UNIT(s)->cgroup_path;
a931ad47 1777 exec_params.cgroup_delegate = s->cgroup_context.delegate;
9fa95f85 1778 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
9fa95f85 1779
f2341e0a
LP		 1780 r = exec_spawn(UNIT(s),
1781 c,
9e2f7c11 1782 &s->exec_context,
9fa95f85 1783 &exec_params,
613b411c 1784 s->exec_runtime,
29206d46 1785 &s->dynamic_creds,
9e2f7c11 1786 &pid);
cee288ad 1787 if (r < 0)
36c16a7c 1788 return r;
9e2f7c11 1789
3900e5fd 1790 r = unit_watch_pid(UNIT(s), pid);
9e2f7c11 1791 if (r < 0)
3900e5fd 1792 /* FIXME: we need to do something here */
36c16a7c 1793 return r;
034c6ed7 1794
3900e5fd
LP		 1795 *_pid = pid;
1796 return 0;
3900e5fd
LP		 1797}
1798
1799static int socket_chown(Socket *s, pid_t *_pid) {
1800 pid_t pid;
1801 int r;
1802
36c16a7c 1803 r = socket_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->timeout_usec));
3900e5fd
LP		 1804 if (r < 0)
1805 goto fail;
1806
1807 /* We have to resolve the user names out-of-process, hence
1808 * let's fork here. It's messy, but well, what can we do? */
1809
1810 pid = fork();
1811 if (pid < 0)
1812 return -errno;
1813
1814 if (pid == 0) {
1815 SocketPort *p;
fed1e721
LP		 1816 uid_t uid = UID_INVALID;
1817 gid_t gid = GID_INVALID;
3900e5fd
LP		 1818 int ret;
1819
ce30c8dc
LP		 1820 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1821 (void) ignore_signals(SIGPIPE, -1);
3900e5fd
LP		 1822 log_forget_fds();
1823
1824 if (!isempty(s->user)) {
1825 const char *user = s->user;
1826
1827 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1828 if (r < 0) {
1829 ret = EXIT_USER;
1830 goto fail_child;
1831 }
1832 }
1833
1834 if (!isempty(s->group)) {
1835 const char *group = s->group;
1836
1837 r = get_group_creds(&group, &gid);
1838 if (r < 0) {
1839 ret = EXIT_GROUP;
1840 goto fail_child;
1841 }
1842 }
1843
1844 LIST_FOREACH(port, p, s->ports) {
e5a1c18d 1845 const char *path = NULL;
3900e5fd
LP		 1846
1847 if (p->type == SOCKET_SOCKET)
1848 path = socket_address_get_path(&p->address);
1849 else if (p->type == SOCKET_FIFO)
1850 path = p->path;
1851
1852 if (!path)
1853 continue;
1854
1855 if (chown(path, uid, gid) < 0) {
1856 r = -errno;
1857 ret = EXIT_CHOWN;
1858 goto fail_child;
1859 }
1860 }
1861
1862 _exit(0);
1863
1864 fail_child:
1865 log_open();
da927ba9 1866 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
3900e5fd
LP		 1867
1868 _exit(ret);
1869 }
1870
718db961
LP		 1871 r = unit_watch_pid(UNIT(s), pid);
1872 if (r < 0)
034c6ed7 1873 goto fail;
83c60c9f 1874
034c6ed7 1875 *_pid = pid;
034c6ed7
LP		 1876 return 0;
1877
1878fail:
718db961 1879 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
83c60c9f 1880 return r;
542563ba
LP		 1881}
1882
cfc4eb4c 1883static void socket_enter_dead(Socket *s, SocketResult f) {
034c6ed7
LP		 1884 assert(s);
1885
a0fef983 1886 if (s->result == SOCKET_SUCCESS)
cfc4eb4c 1887 s->result = f;
034c6ed7 1888
29206d46
LP		 1889 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1890
613b411c
LP		 1891 exec_runtime_destroy(s->exec_runtime);
1892 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1893
e66cf1a3
LP		 1894 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1895
00d9ef85
LP		 1896 unit_unref_uid_gid(UNIT(s), true);
1897
29206d46 1898 dynamic_creds_destroy(&s->dynamic_creds);
034c6ed7
LP		 1899}
1900
cfc4eb4c 1901static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
80876c20 1902
cfc4eb4c 1903static void socket_enter_stop_post(Socket *s, SocketResult f) {
034c6ed7
LP		 1904 int r;
1905 assert(s);
1906
a0fef983 1907 if (s->result == SOCKET_SUCCESS)
cfc4eb4c 1908 s->result = f;
034c6ed7 1909
5e94833f 1910 socket_unwatch_control_pid(s);
a16e1123 1911 s->control_command_id = SOCKET_EXEC_STOP_POST;
3900e5fd 1912 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
a16e1123 1913
3900e5fd
LP		 1914 if (s->control_command) {
1915 r = socket_spawn(s, s->control_command, &s->control_pid);
1916 if (r < 0)
034c6ed7
LP		 1917 goto fail;
1918
80876c20
LP		 1919 socket_set_state(s, SOCKET_STOP_POST);
1920 } else
cfc4eb4c 1921 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
034c6ed7
LP		 1922
1923 return;
1924
1925fail:
f2341e0a 1926 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
cfc4eb4c 1927 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1928}
1929
cfc4eb4c 1930static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
034c6ed7
LP		 1931 int r;
1932
1933 assert(s);
1934
a0fef983 1935 if (s->result == SOCKET_SUCCESS)
cfc4eb4c 1936 s->result = f;
034c6ed7 1937
cd2086fe
LP		 1938 r = unit_kill_context(
1939 UNIT(s),
1940 &s->kill_context,
db2cb23b
UTL		 1941 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1942 KILL_KILL : KILL_TERMINATE,
cd2086fe
LP		 1943 -1,
1944 s->control_pid,
1945 false);
1946 if (r < 0)
1947 goto fail;
034c6ed7 1948
cd2086fe 1949 if (r > 0) {
36c16a7c 1950 r = socket_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->timeout_usec));
36697dc0 1951 if (r < 0)
80876c20 1952 goto fail;
d6ea93e3 1953
80876c20 1954 socket_set_state(s, state);
ac84d1fb
LP		 1955 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1956 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1957 else if (state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1958 socket_enter_stop_post(s, SOCKET_SUCCESS);
ac84d1fb
LP		 1959 else if (state == SOCKET_FINAL_SIGTERM)
1960 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
80876c20 1961 else
cfc4eb4c 1962 socket_enter_dead(s, SOCKET_SUCCESS);
034c6ed7
LP		 1963
1964 return;
1965
1966fail:
f2341e0a 1967 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
034c6ed7
LP		 1968
1969 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1970 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1971 else
cfc4eb4c 1972 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1973}
1974
cfc4eb4c 1975static void socket_enter_stop_pre(Socket *s, SocketResult f) {
034c6ed7
LP		 1976 int r;
1977 assert(s);
1978
a0fef983 1979 if (s->result == SOCKET_SUCCESS)
cfc4eb4c 1980 s->result = f;
034c6ed7 1981
5e94833f 1982 socket_unwatch_control_pid(s);
a16e1123 1983 s->control_command_id = SOCKET_EXEC_STOP_PRE;
3900e5fd 1984 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
a16e1123 1985
3900e5fd
LP		 1986 if (s->control_command) {
1987 r = socket_spawn(s, s->control_command, &s->control_pid);
1988 if (r < 0)
034c6ed7
LP		 1989 goto fail;
1990
80876c20
LP		 1991 socket_set_state(s, SOCKET_STOP_PRE);
1992 } else
cfc4eb4c 1993 socket_enter_stop_post(s, SOCKET_SUCCESS);
034c6ed7
LP		 1994
1995 return;
1996
1997fail:
f2341e0a 1998 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
cfc4eb4c 1999 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 2000}
2001
e9af15c3
LP		 2002static void socket_enter_listening(Socket *s) {
2003 int r;
2004 assert(s);
2005
cfc4eb4c
LP		 2006 r = socket_watch_fds(s);
2007 if (r < 0) {
f2341e0a 2008 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
e9af15c3
LP		 2009 goto fail;
2010 }
2011
2012 socket_set_state(s, SOCKET_LISTENING);
2013 return;
2014
2015fail:
cfc4eb4c 2016 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
e9af15c3
LP		 2017}
2018
034c6ed7
LP		 2019static void socket_enter_start_post(Socket *s) {
2020 int r;
2021 assert(s);
2022
3900e5fd
LP		 2023 socket_unwatch_control_pid(s);
2024 s->control_command_id = SOCKET_EXEC_START_POST;
2025 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
2026
2027 if (s->control_command) {
2028 r = socket_spawn(s, s->control_command, &s->control_pid);
2029 if (r < 0) {
f2341e0a 2030 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
3900e5fd
LP		 2031 goto fail;
2032 }
2033
2034 socket_set_state(s, SOCKET_START_POST);
2035 } else
2036 socket_enter_listening(s);
2037
2038 return;
2039
2040fail:
2041 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2042}
2043
2044static void socket_enter_start_chown(Socket *s) {
2045 int r;
2046
2047 assert(s);
2048
cfc4eb4c
LP		 2049 r = socket_open_fds(s);
2050 if (r < 0) {
f2341e0a 2051 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
034c6ed7
LP		 2052 goto fail;
2053 }
2054
3900e5fd 2055 if (!isempty(s->user) || !isempty(s->group)) {
5e94833f 2056
3900e5fd
LP		 2057 socket_unwatch_control_pid(s);
2058 s->control_command_id = SOCKET_EXEC_START_CHOWN;
2059 s->control_command = NULL;
a16e1123 2060
3900e5fd 2061 r = socket_chown(s, &s->control_pid);
cfc4eb4c 2062 if (r < 0) {
f2341e0a 2063 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
034c6ed7
LP		 2064 goto fail;
2065 }
2066
3900e5fd 2067 socket_set_state(s, SOCKET_START_CHOWN);
80876c20 2068 } else
3900e5fd 2069 socket_enter_start_post(s);
034c6ed7
LP		 2070
2071 return;
2072
2073fail:
cfc4eb4c 2074 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 2075}
2076
2077static void socket_enter_start_pre(Socket *s) {
2078 int r;
2079 assert(s);
2080
5e94833f 2081 socket_unwatch_control_pid(s);
a16e1123 2082 s->control_command_id = SOCKET_EXEC_START_PRE;
3900e5fd 2083 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
a16e1123 2084
3900e5fd 2085 if (s->control_command) {
e821075a 2086 r = socket_spawn(s, s->control_command, &s->control_pid);
3900e5fd 2087 if (r < 0) {
f2341e0a 2088 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
034c6ed7 2089 goto fail;
3900e5fd 2090 }
034c6ed7 2091
80876c20
LP		 2092 socket_set_state(s, SOCKET_START_PRE);
2093 } else
3900e5fd 2094 socket_enter_start_chown(s);
034c6ed7
LP		 2095
2096 return;
2097
2098fail:
cfc4eb4c 2099 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 2100}
2101
60d9771c
LP		 2102static void flush_ports(Socket *s) {
2103 SocketPort *p;
2104
2105 /* Flush all incoming traffic, regardless if actual bytes or new connections, so that this socket isn't busy
2106 * anymore */
2107
2108 LIST_FOREACH(port, p, s->ports) {
2109 if (p->fd < 0)
2110 continue;
2111
2112 (void) flush_accept(p->fd);
2113 (void) flush_fd(p->fd);
2114 }
2115}
2116
4f2d528d 2117static void socket_enter_running(Socket *s, int cfd) {
4afd3348 2118 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
034c6ed7
LP		 2119 int r;
2120
8b26cdbd
LP		 2121 /* Note that this call takes possession of the connection fd passed. It either has to assign it somewhere or
2122 * close it. */
2123
034c6ed7
LP		 2124 assert(s);
2125
60d9771c 2126 /* We don't take connections anymore if we are supposed to shut down anyway */
31afa0a4 2127 if (unit_stop_pending(UNIT(s))) {
e821075a 2128
f2341e0a 2129 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
5d909e3e 2130
7c610628 2131 if (cfd >= 0)
8b26cdbd 2132 cfd = safe_close(cfd);
60d9771c
LP		 2133 else
2134 flush_ports(s);
7c610628 2135
ba3e67a7
LP		 2136 return;
2137 }
2138
8b26cdbd
LP		 2139 if (!ratelimit_test(&s->trigger_limit)) {
2140 safe_close(cfd);
2141 log_unit_warning(UNIT(s), "Trigger limit hit, refusing further activation.");
2142 socket_enter_stop_pre(s, SOCKET_FAILURE_TRIGGER_LIMIT_HIT);
2143 return;
2144 }
2145
4f2d528d 2146 if (cfd < 0) {
57020a3a 2147 Iterator i;
e821075a 2148 Unit *other;
f976f3f6 2149 bool pending = false;
f976f3f6
LP		 2150
2151 /* If there's already a start pending don't bother to
2152 * do anything */
e821075a
LP		 2153 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
2154 if (unit_active_or_pending(other)) {
57020a3a
LP		 2155 pending = true;
2156 break;
2157 }
f976f3f6 2158
1a710b43 2159 if (!pending) {
640ace4a 2160 if (!UNIT_ISSET(s->service)) {
f2341e0a 2161 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
640ace4a
LP		 2162 r = -ENOENT;
2163 goto fail;
2164 }
2165
4bd29fe5 2166 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, &error, NULL);
1a710b43 2167 if (r < 0)
f976f3f6 2168 goto fail;
1a710b43 2169 }
4f2d528d
LP		 2170
2171 socket_set_state(s, SOCKET_RUNNING);
2172 } else {
e55001eb 2173 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
9d565427 2174 _cleanup_(socket_peer_unrefp) SocketPeer *p = NULL;
b15bdda8 2175 Service *service;
4f2d528d 2176
6cf6bbc2 2177 if (s->n_connections >= s->max_connections) {
ea8f50f8 2178 log_unit_warning(UNIT(s), "Too many incoming connections (%u), dropping connection.",
166cf510 2179 s->n_connections);
03e334a1 2180 safe_close(cfd);
6cf6bbc2
LP		 2181 return;
2182 }
2183
9d565427 2184 if (s->max_connections_per_source > 0) {
166cf510 2185 r = socket_acquire_peer(s, cfd, &p);
9d565427
SS		 2186 if (r < 0) {
2187 safe_close(cfd);
2188 return;
166cf510 2189 } else if (r > 0 && p->n_ref > s->max_connections_per_source) {
ea8f50f8
ZJS		 2190 _cleanup_free_ char *t = NULL;
2191
2192 sockaddr_pretty(&p->peer.sa, FAMILY_ADDRESS_SIZE(p->peer.sa.sa_family), true, false, &t);
2193
166cf510 2194 log_unit_warning(UNIT(s),
ea8f50f8
ZJS		 2195 "Too many incoming connections (%u) from source %s, dropping connection.",
2196 p->n_ref, strnull(t));
9d565427 2197 safe_close(cfd);
9d565427
SS		 2198 return;
2199 }
2200 }
2201
1a710b43
MS		 2202 r = socket_instantiate_service(s);
2203 if (r < 0)
b15bdda8
LP		 2204 goto fail;
2205
1a710b43
MS		 2206 r = instance_from_socket(cfd, s->n_accepted, &instance);
2207 if (r < 0) {
2208 if (r != -ENOTCONN)
2209 goto fail;
2210
2211 /* ENOTCONN is legitimate if TCP RST was received.
2212 * This connection is over, but the socket unit lives on. */
8b26cdbd 2213 log_unit_debug(UNIT(s), "Got ENOTCONN on incoming socket, assuming aborted connection attempt, ignoring.");
03e334a1 2214 safe_close(cfd);
1a710b43
MS		 2215 return;
2216 }
4f2d528d 2217
7410616c
LP		 2218 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
2219 if (r < 0)
4f2d528d 2220 goto fail;
4f2d528d 2221
7410616c
LP		 2222 r = unit_name_build(prefix, instance, ".service", &name);
2223 if (r < 0)
b6dbbe1c 2224 goto fail;
4f2d528d 2225
1a710b43 2226 r = unit_add_name(UNIT_DEREF(s->service), name);
e55001eb 2227 if (r < 0)
4f2d528d 2228 goto fail;
b15bdda8 2229
57020a3a
LP		 2230 service = SERVICE(UNIT_DEREF(s->service));
2231 unit_ref_unset(&s->service);
6c073082 2232
e4f67317 2233 s->n_accepted++;
b15bdda8 2234 unit_choose_id(UNIT(service), name);
b15bdda8 2235
16115b0a 2236 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1a710b43 2237 if (r < 0)
4f2d528d
LP		 2238 goto fail;
2239
8b26cdbd 2240 cfd = -1; /* We passed ownership of the fd to the service now. Forget it here. */
313cefa1 2241 s->n_connections++;
6cf6bbc2 2242
166cf510
ZJS		 2243 service->peer = p; /* Pass ownership of the peer reference */
2244 p = NULL;
9d565427 2245
4bd29fe5 2246 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, &error, NULL);
3e7a1f50
LP		 2247 if (r < 0) {
2248 /* We failed to activate the new service, but it still exists. Let's make sure the service
2249 * closes and forgets the connection fd again, immediately. */
2250 service_close_socket_fd(service);
4f2d528d 2251 goto fail;
3e7a1f50 2252 }
c4e2ceae
LP		 2253
2254 /* Notify clients about changed counters */
2255 unit_add_to_dbus_queue(UNIT(s));
4f2d528d 2256 }
034c6ed7 2257
034c6ed7
LP		 2258 return;
2259
2260fail:
f2341e0a
LP		 2261 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
2262 cfd >= 0 ? "template" : "non-template",
718db961 2263 bus_error_message(&error, r));
e821075a 2264
60089004 2265 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
03e334a1 2266 safe_close(cfd);
034c6ed7
LP		 2267}
2268
cfc4eb4c 2269static void socket_run_next(Socket *s) {
034c6ed7
LP		 2270 int r;
2271
2272 assert(s);
2273 assert(s->control_command);
2274 assert(s->control_command->command_next);
2275
5e94833f
LP		 2276 socket_unwatch_control_pid(s);
2277
034c6ed7
LP		 2278 s->control_command = s->control_command->command_next;
2279
e821075a
LP		 2280 r = socket_spawn(s, s->control_command, &s->control_pid);
2281 if (r < 0)
034c6ed7
LP		 2282 goto fail;
2283
2284 return;
2285
2286fail:
f2341e0a 2287 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
80876c20
LP		 2288
2289 if (s->state == SOCKET_START_POST)
cfc4eb4c 2290 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 2291 else if (s->state == SOCKET_STOP_POST)
cfc4eb4c 2292 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 2293 else
cfc4eb4c 2294 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 2295}
2296
87f0e418
LP		 2297static int socket_start(Unit *u) {
2298 Socket *s = SOCKET(u);
07299350 2299 int r;
83c60c9f
LP		 2300
2301 assert(s);
2302
034c6ed7
LP		 2303 /* We cannot fulfill this request right now, try again later
2304 * please! */
3900e5fd
LP		 2305 if (IN_SET(s->state,
2306 SOCKET_STOP_PRE,
2307 SOCKET_STOP_PRE_SIGKILL,
2308 SOCKET_STOP_PRE_SIGTERM,
2309 SOCKET_STOP_POST,
2310 SOCKET_FINAL_SIGTERM,
2311 SOCKET_FINAL_SIGKILL))
034c6ed7
LP		 2312 return -EAGAIN;
2313
a4152e3f 2314 /* Already on it! */
3900e5fd
LP		 2315 if (IN_SET(s->state,
2316 SOCKET_START_PRE,
2317 SOCKET_START_CHOWN,
2318 SOCKET_START_POST))
034c6ed7 2319 return 0;
83c60c9f 2320
034c6ed7 2321 /* Cannot run this without the service being around */
9444b1f2 2322 if (UNIT_ISSET(s->service)) {
57020a3a
LP		 2323 Service *service;
2324
2325 service = SERVICE(UNIT_DEREF(s->service));
2326
1124fe6f 2327 if (UNIT(service)->load_state != UNIT_LOADED) {
f2341e0a 2328 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
4f2d528d 2329 return -ENOENT;
4ac9236f 2330 }
4f2d528d 2331
35b8ca3a 2332 /* If the service is already active we cannot start the
4f2d528d 2333 * socket */
57020a3a
LP		 2334 if (service->state != SERVICE_DEAD &&
2335 service->state != SERVICE_FAILED &&
2336 service->state != SERVICE_AUTO_RESTART) {
f2341e0a 2337 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
4f2d528d 2338 return -EBUSY;
4ac9236f 2339 }
4f2d528d 2340 }
e537352b 2341
fdf20a31 2342 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
83c60c9f 2343
07299350
LP		 2344 r = unit_start_limit_test(u);
2345 if (r < 0) {
2346 socket_enter_dead(s, SOCKET_FAILURE_START_LIMIT_HIT);
2347 return r;
2348 }
2349
4b58153d
LP		 2350 r = unit_acquire_invocation_id(u);
2351 if (r < 0)
2352 return r;
2353
cfc4eb4c 2354 s->result = SOCKET_SUCCESS;
5ad096b3
LP		 2355 s->reset_cpu_usage = true;
2356
034c6ed7 2357 socket_enter_start_pre(s);
82a2b6bb 2358 return 1;
034c6ed7 2359}
83c60c9f 2360
87f0e418
LP		 2361static int socket_stop(Unit *u) {
2362 Socket *s = SOCKET(u);
034c6ed7
LP		 2363
2364 assert(s);
2365
e537352b 2366 /* Already on it */
3900e5fd
LP		 2367 if (IN_SET(s->state,
2368 SOCKET_STOP_PRE,
2369 SOCKET_STOP_PRE_SIGTERM,
2370 SOCKET_STOP_PRE_SIGKILL,
2371 SOCKET_STOP_POST,
2372 SOCKET_FINAL_SIGTERM,
2373 SOCKET_FINAL_SIGKILL))
e537352b
LP		 2374 return 0;
2375
3f6c78dc
LP		 2376 /* If there's already something running we go directly into
2377 * kill mode. */
3900e5fd
LP		 2378 if (IN_SET(s->state,
2379 SOCKET_START_PRE,
2380 SOCKET_START_CHOWN,
2381 SOCKET_START_POST)) {
cfc4eb4c 2382 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
3f6c78dc
LP		 2383 return -EAGAIN;
2384 }
2385
034c6ed7 2386 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
83c60c9f 2387
cfc4eb4c 2388 socket_enter_stop_pre(s, SOCKET_SUCCESS);
82a2b6bb 2389 return 1;
542563ba
LP		 2390}
2391
a16e1123
LP		 2392static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2393 Socket *s = SOCKET(u);
2394 SocketPort *p;
2395 int r;
2396
2397 assert(u);
2398 assert(f);
2399 assert(fds);
2400
2401 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
cfc4eb4c 2402 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
a16e1123
LP		 2403 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2404
2405 if (s->control_pid > 0)
de0671ee 2406 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
a16e1123
LP		 2407
2408 if (s->control_command_id >= 0)
2409 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2410
2411 LIST_FOREACH(port, p, s->ports) {
2412 int copy;
2413
2414 if (p->fd < 0)
2415 continue;
2416
613b411c
LP		 2417 copy = fdset_put_dup(fds, p->fd);
2418 if (copy < 0)
a16e1123
LP		 2419 return copy;
2420
2421 if (p->type == SOCKET_SOCKET) {
613b411c 2422 _cleanup_free_ char *t = NULL;
a16e1123 2423
ee092817
LP		 2424 r = socket_address_print(&p->address, &t);
2425 if (r < 0)
a16e1123
LP		 2426 return r;
2427
7a22745a
LP		 2428 if (socket_address_family(&p->address) == AF_NETLINK)
2429 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2430 else
2431 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
613b411c 2432
b0a3f2bc
LP		 2433 } else if (p->type == SOCKET_SPECIAL)
2434 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
ee092817
LP		 2435 else if (p->type == SOCKET_MQUEUE)
2436 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
60252446
PS		 2437 else if (p->type == SOCKET_USB_FUNCTION)
2438 unit_serialize_item_format(u, f, "ffs", "%i %s", copy, p->path);
b0a3f2bc 2439 else {
a16e1123
LP		 2440 assert(p->type == SOCKET_FIFO);
2441 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2442 }
2443 }
2444
2445 return 0;
2446}
2447
80a58668
ZJS		 2448static void socket_port_take_fd(SocketPort *p, FDSet *fds, int fd) {
2449 safe_close(p->fd);
2450 p->fd = fdset_remove(fds, fd);
2451}
2452
a16e1123
LP		 2453static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2454 Socket *s = SOCKET(u);
a16e1123
LP		 2455
2456 assert(u);
2457 assert(key);
2458 assert(value);
a16e1123
LP		 2459
2460 if (streq(key, "state")) {
2461 SocketState state;
2462
ee092817
LP		 2463 state = socket_state_from_string(value);
2464 if (state < 0)
f2341e0a 2465 log_unit_debug(u, "Failed to parse state value: %s", value);
a16e1123
LP		 2466 else
2467 s->deserialized_state = state;
cfc4eb4c
LP		 2468 } else if (streq(key, "result")) {
2469 SocketResult f;
a16e1123 2470
cfc4eb4c
LP		 2471 f = socket_result_from_string(value);
2472 if (f < 0)
f2341e0a 2473 log_unit_debug(u, "Failed to parse result value: %s", value);
cfc4eb4c
LP		 2474 else if (f != SOCKET_SUCCESS)
2475 s->result = f;
a16e1123
LP		 2476
2477 } else if (streq(key, "n-accepted")) {
2478 unsigned k;
2479
e364ad06 2480 if (safe_atou(value, &k) < 0)
f2341e0a 2481 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
a16e1123
LP		 2482 else
2483 s->n_accepted += k;
2484 } else if (streq(key, "control-pid")) {
5925dd3c 2485 pid_t pid;
a16e1123 2486
e364ad06 2487 if (parse_pid(value, &pid) < 0)
f2341e0a 2488 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
a16e1123 2489 else
5925dd3c 2490 s->control_pid = pid;
a16e1123
LP		 2491 } else if (streq(key, "control-command")) {
2492 SocketExecCommand id;
2493
66870f90
ZJS		 2494 id = socket_exec_command_from_string(value);
2495 if (id < 0)
f2341e0a 2496 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
a16e1123
LP		 2497 else {
2498 s->control_command_id = id;
2499 s->control_command = s->exec_command[id];
2500 }
2501 } else if (streq(key, "fifo")) {
2502 int fd, skip = 0;
2503 SocketPort *p;
2504
2505 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2506 log_unit_debug(u, "Failed to parse fifo value: %s", value);
80a58668 2507 else
a16e1123 2508 LIST_FOREACH(port, p, s->ports)
b0a3f2bc 2509 if (p->type == SOCKET_FIFO &&
80a58668
ZJS		 2510 path_equal_or_files_same(p->path, value+skip)) {
2511 socket_port_take_fd(p, fds, fd);
b0a3f2bc 2512 break;
80a58668 2513 }
b0a3f2bc
LP		 2514
2515 } else if (streq(key, "special")) {
2516 int fd, skip = 0;
2517 SocketPort *p;
2518
2519 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2520 log_unit_debug(u, "Failed to parse special value: %s", value);
80a58668 2521 else
b0a3f2bc
LP		 2522 LIST_FOREACH(port, p, s->ports)
2523 if (p->type == SOCKET_SPECIAL &&
80a58668
ZJS		 2524 path_equal_or_files_same(p->path, value+skip)) {
2525 socket_port_take_fd(p, fds, fd);
a16e1123 2526 break;
80a58668 2527 }
a16e1123 2528
ee092817
LP		 2529 } else if (streq(key, "mqueue")) {
2530 int fd, skip = 0;
2531 SocketPort *p;
2532
2533 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2534 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
80a58668 2535 else
ee092817
LP		 2536 LIST_FOREACH(port, p, s->ports)
2537 if (p->type == SOCKET_MQUEUE &&
80a58668
ZJS		 2538 streq(p->path, value+skip)) {
2539 socket_port_take_fd(p, fds, fd);
ee092817 2540 break;
80a58668 2541 }
ee092817 2542
a16e1123 2543 } else if (streq(key, "socket")) {
27ca8d7a 2544 int fd, type, skip = 0;
a16e1123
LP		 2545 SocketPort *p;
2546
27ca8d7a 2547 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
f2341e0a 2548 log_unit_debug(u, "Failed to parse socket value: %s", value);
80a58668 2549 else
a16e1123 2550 LIST_FOREACH(port, p, s->ports)
80a58668
ZJS		 2551 if (socket_address_is(&p->address, value+skip, type)) {
2552 socket_port_take_fd(p, fds, fd);
a16e1123 2553 break;
80a58668 2554 }
a16e1123 2555
7a22745a
LP		 2556 } else if (streq(key, "netlink")) {
2557 int fd, skip = 0;
2558 SocketPort *p;
2559
2560 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2561 log_unit_debug(u, "Failed to parse socket value: %s", value);
80a58668 2562 else
7a22745a 2563 LIST_FOREACH(port, p, s->ports)
80a58668
ZJS		 2564 if (socket_address_is_netlink(&p->address, value+skip)) {
2565 socket_port_take_fd(p, fds, fd);
7a22745a 2566 break;
80a58668 2567 }
60252446
PS		 2568
2569 } else if (streq(key, "ffs")) {
2570 int fd, skip = 0;
2571 SocketPort *p;
2572
2573 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2574 log_unit_debug(u, "Failed to parse ffs value: %s", value);
80a58668 2575 else
60252446
PS		 2576 LIST_FOREACH(port, p, s->ports)
2577 if (p->type == SOCKET_USB_FUNCTION &&
80a58668
ZJS		 2578 path_equal_or_files_same(p->path, value+skip)) {
2579 socket_port_take_fd(p, fds, fd);
60252446 2580 break;
80a58668 2581 }
60252446 2582
a16e1123 2583 } else
f2341e0a 2584 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
a16e1123
LP		 2585
2586 return 0;
2587}
2588
9ff1a6f1 2589static void socket_distribute_fds(Unit *u, FDSet *fds) {
01e10de3
LP		 2590 Socket *s = SOCKET(u);
2591 SocketPort *p;
2592
2593 assert(u);
2594
2595 LIST_FOREACH(port, p, s->ports) {
2596 Iterator i;
2597 int fd;
2598
2599 if (p->type != SOCKET_SOCKET)
2600 continue;
2601
2602 if (p->fd >= 0)
2603 continue;
2604
2605 FDSET_FOREACH(fd, fds, i) {
2606 if (socket_address_matches_fd(&p->address, fd)) {
2607 p->fd = fdset_remove(fds, fd);
2608 s->deserialized_state = SOCKET_LISTENING;
2609 break;
2610 }
2611 }
2612 }
01e10de3
LP		 2613}
2614
44a6b1b6 2615_pure_ static UnitActiveState socket_active_state(Unit *u) {
87f0e418 2616 assert(u);
5cb5a6ff 2617
acbb0225 2618 return state_translation_table[SOCKET(u)->state];
5cb5a6ff
LP		 2619}
2620
44a6b1b6 2621_pure_ static const char *socket_sub_state_to_string(Unit *u) {
10a94420
LP		 2622 assert(u);
2623
a16e1123 2624 return socket_state_to_string(SOCKET(u)->state);
10a94420
LP		 2625}
2626
67419600
OS		 2627const char* socket_port_type_to_string(SocketPort *p) {
2628
2629 assert(p);
2630
2631 switch (p->type) {
718db961
LP		 2632
2633 case SOCKET_SOCKET:
2634
2635 switch (p->address.type) {
2636
2637 case SOCK_STREAM:
2638 return "Stream";
2639
2640 case SOCK_DGRAM:
2641 return "Datagram";
2642
2643 case SOCK_SEQPACKET:
2644 return "SequentialPacket";
2645
2646 case SOCK_RAW:
2647 if (socket_address_family(&p->address) == AF_NETLINK)
2648 return "Netlink";
2649
2650 default:
2651 return NULL;
2652 }
2653
2654 case SOCKET_SPECIAL:
2655 return "Special";
2656
2657 case SOCKET_MQUEUE:
2658 return "MessageQueue";
2659
2660 case SOCKET_FIFO:
2661 return "FIFO";
2662
60252446
PS		 2663 case SOCKET_USB_FUNCTION:
2664 return "USBFunction";
2665
718db961
LP		 2666 default:
2667 return NULL;
67419600
OS		 2668 }
2669}
2670
44a6b1b6 2671_pure_ static bool socket_check_gc(Unit *u) {
6cf6bbc2
LP		 2672 Socket *s = SOCKET(u);
2673
2674 assert(u);
2675
2676 return s->n_connections > 0;
2677}
2678
718db961
LP		 2679static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2680 SocketPort *p = userdata;
4f2d528d 2681 int cfd = -1;
9152c765 2682
718db961 2683 assert(p);
8d567588 2684 assert(fd >= 0);
9152c765 2685
718db961
LP		 2686 if (p->socket->state != SOCKET_LISTENING)
2687 return 0;
871d7de4 2688
f2341e0a 2689 log_unit_debug(UNIT(p->socket), "Incoming traffic");
9152c765 2690
718db961 2691 if (revents != EPOLLIN) {
641e01dc 2692
718db961 2693 if (revents & EPOLLHUP)
f2341e0a 2694 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
641e01dc 2695 else
f2341e0a 2696 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
8d567588 2697 goto fail;
4f2d528d
LP		 2698 }
2699
718db961
LP		 2700 if (p->socket->accept &&
2701 p->type == SOCKET_SOCKET &&
2702 socket_address_can_accept(&p->address)) {
2703
4f2d528d
LP		 2704 for (;;) {
2705
b14eda96
LP		 2706 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2707 if (cfd < 0) {
4f2d528d
LP		 2708
2709 if (errno == EINTR)
2710 continue;
2711
f2341e0a 2712 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
8d567588 2713 goto fail;
4f2d528d
LP		 2714 }
2715
2716 break;
2717 }
4fd5948e 2718
718db961 2719 socket_apply_socket_options(p->socket, cfd);
4f2d528d 2720 }
9152c765 2721
718db961
LP		 2722 socket_enter_running(p->socket, cfd);
2723 return 0;
8d567588
LP		 2724
2725fail:
718db961
LP		 2726 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2727 return 0;
9152c765
LP		 2728}
2729
87f0e418
LP		 2730static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2731 Socket *s = SOCKET(u);
cfc4eb4c 2732 SocketResult f;
5cb5a6ff
LP		 2733
2734 assert(s);
034c6ed7 2735 assert(pid >= 0);
5cb5a6ff 2736
8c47c732
LP		 2737 if (pid != s->control_pid)
2738 return;
542563ba 2739
034c6ed7
LP		 2740 s->control_pid = 0;
2741
1f0958f6 2742 if (is_clean_exit(code, status, EXIT_CLEAN_COMMAND, NULL))
cfc4eb4c
LP		 2743 f = SOCKET_SUCCESS;
2744 else if (code == CLD_EXITED)
2745 f = SOCKET_FAILURE_EXIT_CODE;
2746 else if (code == CLD_KILLED)
2747 f = SOCKET_FAILURE_SIGNAL;
2748 else if (code == CLD_DUMPED)
2749 f = SOCKET_FAILURE_CORE_DUMP;
2750 else
a4152e3f 2751 assert_not_reached("Unknown sigchld code");
8c47c732 2752
b708e7ce 2753 if (s->control_command) {
6ea832a2 2754 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
a16e1123 2755
b708e7ce 2756 if (s->control_command->ignore)
cfc4eb4c 2757 f = SOCKET_SUCCESS;
b708e7ce
LP		 2758 }
2759
f2341e0a
LP		 2760 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2761 "Control process exited, code=%s status=%i",
2762 sigchld_code_to_string(code), status);
034c6ed7 2763
a0fef983 2764 if (s->result == SOCKET_SUCCESS)
cfc4eb4c
LP		 2765 s->result = f;
2766
2767 if (s->control_command &&
2768 s->control_command->command_next &&
2769 f == SOCKET_SUCCESS) {
2770
f2341e0a 2771 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
cfc4eb4c 2772 socket_run_next(s);
acbb0225 2773 } else {
a16e1123
LP		 2774 s->control_command = NULL;
2775 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2776
034c6ed7
LP		 2777 /* No further commands for this step, so let's figure
2778 * out what to do next */
5cb5a6ff 2779
f2341e0a 2780 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
acbb0225 2781
034c6ed7
LP		 2782 switch (s->state) {
2783
2784 case SOCKET_START_PRE:
cfc4eb4c 2785 if (f == SOCKET_SUCCESS)
3900e5fd 2786 socket_enter_start_chown(s);
034c6ed7 2787 else
cfc4eb4c 2788 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
034c6ed7
LP		 2789 break;
2790
3900e5fd
LP		 2791 case SOCKET_START_CHOWN:
2792 if (f == SOCKET_SUCCESS)
2793 socket_enter_start_post(s);
2794 else
2795 socket_enter_stop_pre(s, f);
2796 break;
2797
034c6ed7 2798 case SOCKET_START_POST:
cfc4eb4c 2799 if (f == SOCKET_SUCCESS)
e9af15c3 2800 socket_enter_listening(s);
034c6ed7 2801 else
cfc4eb4c 2802 socket_enter_stop_pre(s, f);
034c6ed7
LP		 2803 break;
2804
2805 case SOCKET_STOP_PRE:
2806 case SOCKET_STOP_PRE_SIGTERM:
2807 case SOCKET_STOP_PRE_SIGKILL:
cfc4eb4c 2808 socket_enter_stop_post(s, f);
034c6ed7
LP		 2809 break;
2810
2811 case SOCKET_STOP_POST:
80876c20
LP		 2812 case SOCKET_FINAL_SIGTERM:
2813 case SOCKET_FINAL_SIGKILL:
cfc4eb4c 2814 socket_enter_dead(s, f);
034c6ed7
LP		 2815 break;
2816
2817 default:
2818 assert_not_reached("Uh, control process died at wrong time.");
2819 }
2820 }
c4e2ceae
LP		 2821
2822 /* Notify clients about changed exit status */
2823 unit_add_to_dbus_queue(u);
034c6ed7 2824}
5cb5a6ff 2825
718db961
LP		 2826static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2827 Socket *s = SOCKET(userdata);
5cb5a6ff 2828
034c6ed7 2829 assert(s);
718db961 2830 assert(s->timer_event_source == source);
034c6ed7
LP		 2831
2832 switch (s->state) {
2833
2834 case SOCKET_START_PRE:
f2341e0a 2835 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
cfc4eb4c 2836 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
da19d5c1 2837 break;
80876c20 2838
3900e5fd 2839 case SOCKET_START_CHOWN:
034c6ed7 2840 case SOCKET_START_POST:
f2341e0a 2841 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
cfc4eb4c 2842 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2843 break;
2844
2845 case SOCKET_STOP_PRE:
f2341e0a 2846 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
cfc4eb4c 2847 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2848 break;
2849
2850 case SOCKET_STOP_PRE_SIGTERM:
4819ff03 2851 if (s->kill_context.send_sigkill) {
f2341e0a 2852 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
cfc4eb4c 2853 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2854 } else {
f2341e0a 2855 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
cfc4eb4c 2856 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2857 }
034c6ed7
LP		 2858 break;
2859
2860 case SOCKET_STOP_PRE_SIGKILL:
f2341e0a 2861 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
cfc4eb4c 2862 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2863 break;
2864
2865 case SOCKET_STOP_POST:
f2341e0a 2866 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
cfc4eb4c 2867 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2868 break;
2869
80876c20 2870 case SOCKET_FINAL_SIGTERM:
4819ff03 2871 if (s->kill_context.send_sigkill) {
f2341e0a 2872 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
cfc4eb4c 2873 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2874 } else {
f2341e0a 2875 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
cfc4eb4c 2876 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2877 }
034c6ed7
LP		 2878 break;
2879
80876c20 2880 case SOCKET_FINAL_SIGKILL:
f2341e0a 2881 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
cfc4eb4c 2882 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2883 break;
2884
2885 default:
2886 assert_not_reached("Timeout at wrong time.");
2887 }
718db961
LP		 2888
2889 return 0;
5cb5a6ff
LP		 2890}
2891
79c7626d
LP		 2892int socket_collect_fds(Socket *s, int **fds) {
2893 int *rfds, k = 0, n = 0;
44d8db9e
LP		 2894 SocketPort *p;
2895
2896 assert(s);
2897 assert(fds);
44d8db9e
LP		 2898
2899 /* Called from the service code for requesting our fds */
2900
15087cdb 2901 LIST_FOREACH(port, p, s->ports) {
44d8db9e 2902 if (p->fd >= 0)
79c7626d
LP		 2903 n++;
2904 n += p->n_auxiliary_fds;
15087cdb 2905 }
44d8db9e 2906
79c7626d 2907 if (n <= 0) {
de3756ab 2908 *fds = NULL;
de3756ab
LP		 2909 return 0;
2910 }
2911
79c7626d 2912 rfds = new(int, n);
e5403f09 2913 if (!rfds)
44d8db9e
LP		 2914 return -ENOMEM;
2915
15087cdb 2916 LIST_FOREACH(port, p, s->ports) {
79c7626d
LP		 2917 int i;
2918
44d8db9e
LP		 2919 if (p->fd >= 0)
2920 rfds[k++] = p->fd;
15087cdb
PS		 2921 for (i = 0; i < p->n_auxiliary_fds; ++i)
2922 rfds[k++] = p->auxiliary_fds[i];
2923 }
44d8db9e 2924
79c7626d 2925 assert(k == n);
44d8db9e
LP		 2926
2927 *fds = rfds;
79c7626d 2928 return n;
44d8db9e
LP		 2929}
2930
e821075a
LP		 2931static void socket_reset_failed(Unit *u) {
2932 Socket *s = SOCKET(u);
2933
2934 assert(s);
2935
2936 if (s->state == SOCKET_FAILED)
2937 socket_set_state(s, SOCKET_DEAD);
2938
2939 s->result = SOCKET_SUCCESS;
2940}
2941
6cf6bbc2
LP		 2942void socket_connection_unref(Socket *s) {
2943 assert(s);
2944
2945 /* The service is dead. Yay!
2946 *
35b8ca3a 2947 * This is strictly for one-instance-per-connection
6cf6bbc2
LP		 2948 * services. */
2949
2950 assert(s->n_connections > 0);
2951 s->n_connections--;
2952
f2341e0a 2953 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
5632e374
LP		 2954}
2955
d137a488
UTL		 2956static void socket_trigger_notify(Unit *u, Unit *other) {
2957 Socket *s = SOCKET(u);
d137a488
UTL		 2958
2959 assert(u);
2960 assert(other);
2961
d14e3a0d
LP		 2962 /* Filter out invocations with bogus state */
2963 if (other->load_state != UNIT_LOADED || other->type != UNIT_SERVICE)
2964 return;
2965
2966 /* Don't propagate state changes from the service if we are already down */
2967 if (!IN_SET(s->state, SOCKET_RUNNING, SOCKET_LISTENING))
d137a488
UTL		 2968 return;
2969
d14e3a0d
LP		 2970 /* We don't care for the service state if we are in Accept=yes mode */
2971 if (s->accept)
2972 return;
2973
2974 /* Propagate start limit hit state */
6bf0f408
LP		 2975 if (other->start_limit_hit) {
2976 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_START_LIMIT_HIT);
d137a488 2977 return;
6bf0f408 2978 }
d137a488 2979
d14e3a0d
LP		 2980 /* Don't propagate anything if there's still a job queued */
2981 if (other->job)
6bf0f408 2982 return;
d137a488 2983
6bf0f408
LP		 2984 if (IN_SET(SERVICE(other)->state,
2985 SERVICE_DEAD, SERVICE_FAILED,
2986 SERVICE_FINAL_SIGTERM, SERVICE_FINAL_SIGKILL,
2987 SERVICE_AUTO_RESTART))
2988 socket_enter_listening(s);
d137a488 2989
6bf0f408 2990 if (SERVICE(other)->state == SERVICE_RUNNING)
d137a488
UTL		 2991 socket_set_state(s, SOCKET_RUNNING);
2992}
2993
718db961 2994static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
814cc562 2995 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
8a0867d6
LP		 2996}
2997
7a7821c8 2998static int socket_get_timeout(Unit *u, usec_t *timeout) {
68db7a3b 2999 Socket *s = SOCKET(u);
7a7821c8 3000 usec_t t;
68db7a3b
ZJS		 3001 int r;
3002
3003 if (!s->timer_event_source)
3004 return 0;
3005
7a7821c8 3006 r = sd_event_source_get_time(s->timer_event_source, &t);
68db7a3b
ZJS		 3007 if (r < 0)
3008 return r;
7a7821c8
LP		 3009 if (t == USEC_INFINITY)
3010 return 0;
68db7a3b 3011
7a7821c8 3012 *timeout = t;
68db7a3b
ZJS		 3013 return 1;
3014}
3015
8dd4c05b
LP		 3016char *socket_fdname(Socket *s) {
3017 assert(s);
3018
3019 /* Returns the name to use for $LISTEN_NAMES. If the user
3020 * didn't specify anything specifically, use the socket unit's
3021 * name as fallback. */
3022
3023 if (s->fdname)
3024 return s->fdname;
3025
3026 return UNIT(s)->id;
3027}
3028
291d565a
LP		 3029static int socket_control_pid(Unit *u) {
3030 Socket *s = SOCKET(u);
3031
3032 assert(s);
3033
3034 return s->control_pid;
3035}
3036
a16e1123
LP		 3037static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
3038 [SOCKET_EXEC_START_PRE] = "StartPre",
3900e5fd 3039 [SOCKET_EXEC_START_CHOWN] = "StartChown",
a16e1123
LP		 3040 [SOCKET_EXEC_START_POST] = "StartPost",
3041 [SOCKET_EXEC_STOP_PRE] = "StopPre",
3042 [SOCKET_EXEC_STOP_POST] = "StopPost"
3043};
3044
3045DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
3046
cfc4eb4c
LP		 3047static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
3048 [SOCKET_SUCCESS] = "success",
3049 [SOCKET_FAILURE_RESOURCES] = "resources",
3050 [SOCKET_FAILURE_TIMEOUT] = "timeout",
3051 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
3052 [SOCKET_FAILURE_SIGNAL] = "signal",
c2f34808 3053 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
07299350 3054 [SOCKET_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
8b26cdbd 3055 [SOCKET_FAILURE_TRIGGER_LIMIT_HIT] = "trigger-limit-hit",
6bf0f408 3056 [SOCKET_FAILURE_SERVICE_START_LIMIT_HIT] = "service-start-limit-hit"
cfc4eb4c
LP		 3057};
3058
3059DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
3060
87f0e418 3061const UnitVTable socket_vtable = {
7d17cfbc 3062 .object_size = sizeof(Socket),
718db961
LP		 3063 .exec_context_offset = offsetof(Socket, exec_context),
3064 .cgroup_context_offset = offsetof(Socket, cgroup_context),
3065 .kill_context_offset = offsetof(Socket, kill_context),
613b411c 3066 .exec_runtime_offset = offsetof(Socket, exec_runtime),
29206d46 3067 .dynamic_creds_offset = offsetof(Socket, dynamic_creds),
3ef63c31 3068
f975e971
LP		 3069 .sections =
3070 "Unit\0"
3071 "Socket\0"
3072 "Install\0",
4ad49000 3073 .private_section = "Socket",
71645aca 3074
034c6ed7
LP		 3075 .init = socket_init,
3076 .done = socket_done,
a16e1123
LP		 3077 .load = socket_load,
3078
3079 .coldplug = socket_coldplug,
034c6ed7 3080
5cb5a6ff
LP		 3081 .dump = socket_dump,
3082
542563ba
LP		 3083 .start = socket_start,
3084 .stop = socket_stop,
5cb5a6ff 3085
718db961
LP		 3086 .kill = socket_kill,
3087
68db7a3b
ZJS		 3088 .get_timeout = socket_get_timeout,
3089
a16e1123
LP		 3090 .serialize = socket_serialize,
3091 .deserialize_item = socket_deserialize_item,
01e10de3 3092 .distribute_fds = socket_distribute_fds,
a16e1123 3093
5cb5a6ff 3094 .active_state = socket_active_state,
10a94420 3095 .sub_state_to_string = socket_sub_state_to_string,
5cb5a6ff 3096
6cf6bbc2
LP		 3097 .check_gc = socket_check_gc,
3098
034c6ed7 3099 .sigchld_event = socket_sigchld_event,
4139c1b2 3100
d137a488
UTL		 3101 .trigger_notify = socket_trigger_notify,
3102
fdf20a31 3103 .reset_failed = socket_reset_failed,
5632e374 3104
291d565a
LP		 3105 .control_pid = socket_control_pid,
3106
718db961 3107 .bus_vtable = bus_socket_vtable,
74c964d3
LP		 3108 .bus_set_property = bus_socket_set_property,
3109 .bus_commit_properties = bus_socket_commit_properties,
c6918296
MS		 3110
3111 .status_message_formats = {
3112 /*.starting_stopping = {
3113 [0] = "Starting socket %s...",
3114 [1] = "Stopping socket %s...",
3115 },*/
3116 .finished_start_job = {
3117 [JOB_DONE] = "Listening on %s.",
3118 [JOB_FAILED] = "Failed to listen on %s.",
c6918296
MS		 3119 [JOB_TIMEOUT] = "Timed out starting %s.",
3120 },
3121 .finished_stop_job = {
3122 [JOB_DONE] = "Closed %s.",
3123 [JOB_FAILED] = "Failed stopping %s.",
3124 [JOB_TIMEOUT] = "Timed out stopping %s.",
3125 },
3126 },
5cb5a6ff 3127};
Unnamed repository; edit this file 'description' to name the repository.