]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/socket.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
update fixme
[thirdparty/systemd.git] / src / socket.c
CommitLineData
5cb5a6ff
LP		 1/*-*- Mode: C; c-basic-offset: 8 -*-*/
2
a7334b09
LP		 3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
83c60c9f
LP		 22#include <sys/types.h>
23#include <sys/stat.h>
24#include <unistd.h>
25#include <errno.h>
26#include <fcntl.h>
f94ea366 27#include <sys/epoll.h>
034c6ed7 28#include <signal.h>
4f2d528d 29#include <arpa/inet.h>
7a58bfa4 30#include <selinux/selinux.h>
83c60c9f 31
87f0e418 32#include "unit.h"
5cb5a6ff 33#include "socket.h"
cebf8b20 34#include "netinet/tcp.h"
83c60c9f 35#include "log.h"
23a177ef
LP		 36#include "load-dropin.h"
37#include "load-fragment.h"
9e2f7c11 38#include "strv.h"
4f2d528d 39#include "unit-name.h"
4139c1b2 40#include "dbus-socket.h"
4fd5948e 41#include "missing.h"
a40eb732 42#include "special.h"
398ef8ba 43#include "bus-errors.h"
83c60c9f 44
acbb0225 45static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
87f0e418
LP		 46 [SOCKET_DEAD] = UNIT_INACTIVE,
47 [SOCKET_START_PRE] = UNIT_ACTIVATING,
48 [SOCKET_START_POST] = UNIT_ACTIVATING,
49 [SOCKET_LISTENING] = UNIT_ACTIVE,
50 [SOCKET_RUNNING] = UNIT_ACTIVE,
51 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
52 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
53 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
54 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
80876c20
LP		 55 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
56 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
032ff4af 57 [SOCKET_MAINTENANCE] = UNIT_MAINTENANCE
83c60c9f 58};
5cb5a6ff 59
a16e1123
LP		 60static void socket_init(Unit *u) {
61 Socket *s = SOCKET(u);
62
63 assert(u);
64 assert(u->meta.load_state == UNIT_STUB);
65
a16e1123
LP		 66 s->backlog = SOMAXCONN;
67 s->timeout_usec = DEFAULT_TIMEOUT_USEC;
68 s->directory_mode = 0755;
69 s->socket_mode = 0666;
70
6cf6bbc2
LP		 71 s->max_connections = 64;
72
4fd5948e 73 s->priority = -1;
4fd5948e
LP		 74 s->ip_tos = -1;
75 s->ip_ttl = -1;
4fd5948e 76 s->mark = -1;
4fd5948e 77
a16e1123
LP		 78 exec_context_init(&s->exec_context);
79
80 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
81}
acbb0225 82
5e94833f
LP		 83static void socket_unwatch_control_pid(Socket *s) {
84 assert(s);
85
86 if (s->control_pid <= 0)
87 return;
88
89 unit_unwatch_pid(UNIT(s), s->control_pid);
90 s->control_pid = 0;
91}
92
87f0e418
LP		 93static void socket_done(Unit *u) {
94 Socket *s = SOCKET(u);
034c6ed7 95 SocketPort *p;
6cf6bbc2 96 Meta *i;
034c6ed7
LP		 97
98 assert(s);
99
100 while ((p = s->ports)) {
101 LIST_REMOVE(SocketPort, port, s->ports, p);
102
a16e1123
LP		 103 if (p->fd >= 0) {
104 unit_unwatch_fd(UNIT(s), &p->fd_watch);
105 close_nointr_nofail(p->fd);
106 }
107
034c6ed7
LP		 108 free(p->path);
109 free(p);
110 }
111
112 exec_context_done(&s->exec_context);
e537352b 113 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
034c6ed7
LP		 114 s->control_command = NULL;
115
5e94833f 116 socket_unwatch_control_pid(s);
034c6ed7
LP		 117
118 s->service = NULL;
119
cebf8b20
TT		 120 free(s->tcp_congestion);
121 s->tcp_congestion = NULL;
122
acbb0225 123 free(s->bind_to_device);
e537352b 124 s->bind_to_device = NULL;
acbb0225
LP		 125
126 unit_unwatch_timer(u, &s->timer_watch);
6cf6bbc2
LP		 127
128 /* Make sure no service instance refers to us anymore. */
129 LIST_FOREACH(units_per_type, i, u->meta.manager->units_per_type[UNIT_SERVICE]) {
130 Service *service = (Service *) i;
131
132 if (service->socket == s)
133 service->socket = NULL;
134 }
5cb5a6ff
LP		 135}
136
b15bdda8
LP		 137static int socket_instantiate_service(Socket *s) {
138 char *prefix, *name;
139 int r;
140 Unit *u;
141
142 assert(s);
143
144 /* This fills in s->service if it isn't filled in yet. For
145 * Accept=yes sockets we create the next connection service
146 * here. For Accept=no this is mostly a NOP since the service
147 * is figured out at load time anyway. */
148
149 if (s->service)
150 return 0;
151
152 assert(s->accept);
153
154 if (!(prefix = unit_name_to_prefix(s->meta.id)))
155 return -ENOMEM;
156
157 r = asprintf(&name, "%s@%u.service", prefix, s->n_accepted);
158 free(prefix);
159
160 if (r < 0)
161 return -ENOMEM;
162
163 r = manager_load_unit(s->meta.manager, name, NULL, NULL, &u);
164 free(name);
165
166 if (r < 0)
167 return r;
168
169 s->service = SERVICE(u);
170 return 0;
171}
172
4f2d528d
LP		 173static bool have_non_accept_socket(Socket *s) {
174 SocketPort *p;
175
176 assert(s);
177
178 if (!s->accept)
179 return true;
180
dd5ad9d4
LP		 181 LIST_FOREACH(port, p, s->ports) {
182
183 if (p->type != SOCKET_SOCKET)
184 return true;
185
4f2d528d
LP		 186 if (!socket_address_can_accept(&p->address))
187 return true;
dd5ad9d4 188 }
4f2d528d
LP		 189
190 return false;
191}
192
193static int socket_verify(Socket *s) {
194 assert(s);
195
4cd1fbcc 196 if (s->meta.load_state != UNIT_LOADED)
4f2d528d
LP		 197 return 0;
198
199 if (!s->ports) {
4cd1fbcc 200 log_error("%s lacks Listen setting. Refusing.", s->meta.id);
4f2d528d
LP		 201 return -EINVAL;
202 }
203
0009d2a6
LP		 204 if (s->accept && have_non_accept_socket(s)) {
205 log_error("%s configured for accepting sockets, but sockets are non-accepting. Refusing.", s->meta.id);
206 return -EINVAL;
207 }
208
6cf6bbc2 209 if (s->accept && s->max_connections <= 0) {
4d0e5dbd
LP		 210 log_error("%s's MaxConnection setting too small. Refusing.", s->meta.id);
211 return -EINVAL;
212 }
213
2e22afe9 214 if (s->exec_context.pam_name && s->exec_context.kill_mode != KILL_CONTROL_GROUP) {
4d0e5dbd 215 log_error("%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", s->meta.id);
6cf6bbc2
LP		 216 return -EINVAL;
217 }
218
4f2d528d
LP		 219 return 0;
220}
221
6e2ef85b
LP		 222static bool socket_needs_mount(Socket *s, const char *prefix) {
223 SocketPort *p;
224
225 assert(s);
226
227 LIST_FOREACH(port, p, s->ports) {
228
229 if (p->type == SOCKET_SOCKET) {
230 if (socket_address_needs_mount(&p->address, prefix))
231 return true;
232 } else {
233 assert(p->type == SOCKET_FIFO);
234 if (path_startswith(p->path, prefix))
235 return true;
236 }
237 }
238
239 return false;
240}
241
242int socket_add_one_mount_link(Socket *s, Mount *m) {
243 int r;
244
245 assert(s);
246 assert(m);
247
248 if (s->meta.load_state != UNIT_LOADED ||
249 m->meta.load_state != UNIT_LOADED)
250 return 0;
251
252 if (!socket_needs_mount(s, m->where))
253 return 0;
254
2c966c03 255 if ((r = unit_add_two_dependencies(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, UNIT(m), true)) < 0)
6e2ef85b
LP		 256 return r;
257
258 return 0;
259}
260
261static int socket_add_mount_links(Socket *s) {
262 Meta *other;
263 int r;
264
265 assert(s);
266
267 LIST_FOREACH(units_per_type, other, s->meta.manager->units_per_type[UNIT_MOUNT])
268 if ((r = socket_add_one_mount_link(s, (Mount*) other)) < 0)
269 return r;
270
271 return 0;
272}
273
274static int socket_add_device_link(Socket *s) {
275 char *t;
276 int r;
277
278 assert(s);
279
280 if (!s->bind_to_device)
281 return 0;
282
283 if (asprintf(&t, "/sys/subsystem/net/devices/%s", s->bind_to_device) < 0)
284 return -ENOMEM;
285
286 r = unit_add_node_link(UNIT(s), t, false);
287 free(t);
288
289 return r;
290}
291
a40eb732
LP		 292static int socket_add_default_dependencies(Socket *s) {
293 int r;
294 assert(s);
295
296 if (s->meta.manager->running_as == MANAGER_SYSTEM)
297 if ((r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true)) < 0)
298 return r;
299
300 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
301}
302
e537352b
LP		 303static int socket_load(Unit *u) {
304 Socket *s = SOCKET(u);
305 int r;
44d8db9e 306
e537352b
LP		 307 assert(u);
308 assert(u->meta.load_state == UNIT_STUB);
44d8db9e 309
e537352b 310 if ((r = unit_load_fragment_and_dropin(u)) < 0)
23a177ef 311 return r;
44d8db9e 312
23a177ef 313 /* This is a new unit? Then let's add in some extras */
e537352b 314 if (u->meta.load_state == UNIT_LOADED) {
44d8db9e 315
4f2d528d 316 if (have_non_accept_socket(s)) {
25366e09 317 if ((r = unit_load_related_unit(u, ".service", (Unit**) &s->service)) < 0)
4f2d528d 318 return r;
23a177ef 319
701cc384 320 if ((r = unit_add_dependency(u, UNIT_BEFORE, UNIT(s->service), true)) < 0)
4f2d528d
LP		 321 return r;
322 }
44d8db9e 323
6e2ef85b
LP		 324 if ((r = socket_add_mount_links(s)) < 0)
325 return r;
326
327 if ((r = socket_add_device_link(s)) < 0)
328 return r;
329
23a177ef
LP		 330 if ((r = unit_add_exec_dependencies(u, &s->exec_context)) < 0)
331 return r;
332
333 if ((r = unit_add_default_cgroup(u)) < 0)
334 return r;
a40eb732
LP		 335
336 if (s->meta.default_dependencies)
337 if ((r = socket_add_default_dependencies(s)) < 0)
338 return r;
23a177ef
LP		 339 }
340
4f2d528d 341 return socket_verify(s);
44d8db9e
LP		 342}
343
542563ba
LP		 344static const char* listen_lookup(int type) {
345
346 if (type == SOCK_STREAM)
347 return "ListenStream";
348 else if (type == SOCK_DGRAM)
349 return "ListenDatagram";
350 else if (type == SOCK_SEQPACKET)
351 return "ListenSequentialPacket";
352
034c6ed7 353 assert_not_reached("Unknown socket type");
542563ba
LP		 354 return NULL;
355}
356
87f0e418 357static void socket_dump(Unit *u, FILE *f, const char *prefix) {
5cb5a6ff 358
5cb5a6ff 359 SocketExecCommand c;
87f0e418 360 Socket *s = SOCKET(u);
542563ba 361 SocketPort *p;
82ba9f08
LP		 362 const char *prefix2;
363 char *p2;
5cb5a6ff
LP		 364
365 assert(s);
fa068367 366 assert(f);
5cb5a6ff 367
82ba9f08
LP		 368 p2 = strappend(prefix, "\t");
369 prefix2 = p2 ? p2 : prefix;
c43d20a0 370
5cb5a6ff
LP		 371 fprintf(f,
372 "%sSocket State: %s\n"
542563ba 373 "%sBindIPv6Only: %s\n"
b5a0699f
LP		 374 "%sBacklog: %u\n"
375 "%sSocketMode: %04o\n"
4fd5948e
LP		 376 "%sDirectoryMode: %04o\n"
377 "%sKeepAlive: %s\n"
cebf8b20
TT		 378 "%sFreeBind: %s\n"
379 "%sTCPCongestion: %s\n",
a16e1123 380 prefix, socket_state_to_string(s->state),
c0120d99 381 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
b5a0699f
LP		 382 prefix, s->backlog,
383 prefix, s->socket_mode,
4fd5948e
LP		 384 prefix, s->directory_mode,
385 prefix, yes_no(s->keep_alive),
cebf8b20
TT		 386 prefix, yes_no(s->free_bind),
387 prefix, s->tcp_congestion);
542563ba 388
70123e68
LP		 389 if (s->control_pid > 0)
390 fprintf(f,
bb00e604
LP		 391 "%sControl PID: %lu\n",
392 prefix, (unsigned long) s->control_pid);
70123e68 393
acbb0225
LP		 394 if (s->bind_to_device)
395 fprintf(f,
396 "%sBindToDevice: %s\n",
397 prefix, s->bind_to_device);
398
4f2d528d
LP		 399 if (s->accept)
400 fprintf(f,
6cf6bbc2
LP		 401 "%sAccepted: %u\n"
402 "%sNConnections: %u\n"
403 "%sMaxConnections: %u\n",
404 prefix, s->n_accepted,
405 prefix, s->n_connections,
406 prefix, s->max_connections);
4f2d528d 407
4fd5948e
LP		 408 if (s->priority >= 0)
409 fprintf(f,
410 "%sPriority: %i\n",
411 prefix, s->priority);
412
413 if (s->receive_buffer > 0)
414 fprintf(f,
415 "%sReceiveBuffer: %zu\n",
416 prefix, s->receive_buffer);
417
418 if (s->send_buffer > 0)
419 fprintf(f,
420 "%sSendBuffer: %zu\n",
421 prefix, s->send_buffer);
422
423 if (s->ip_tos >= 0)
424 fprintf(f,
425 "%sIPTOS: %i\n",
426 prefix, s->ip_tos);
427
428 if (s->ip_ttl >= 0)
429 fprintf(f,
430 "%sIPTTL: %i\n",
431 prefix, s->ip_ttl);
432
433 if (s->pipe_size > 0)
434 fprintf(f,
435 "%sPipeSize: %zu\n",
436 prefix, s->pipe_size);
437
438 if (s->mark >= 0)
439 fprintf(f,
440 "%sMark: %i\n",
441 prefix, s->mark);
442
034c6ed7 443 LIST_FOREACH(port, p, s->ports) {
5cb5a6ff 444
542563ba
LP		 445 if (p->type == SOCKET_SOCKET) {
446 const char *t;
447 int r;
448 char *k;
449
450 if ((r = socket_address_print(&p->address, &k)) < 0)
451 t = strerror(-r);
452 else
453 t = k;
454
455 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(p->address.type), k);
456 free(k);
457 } else
458 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
459 }
5cb5a6ff
LP		 460
461 exec_context_dump(&s->exec_context, f, prefix);
462
e537352b 463 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
c43d20a0
LP		 464 if (!s->exec_command[c])
465 continue;
5cb5a6ff 466
40d50879 467 fprintf(f, "%s-> %s:\n",
a16e1123 468 prefix, socket_exec_command_to_string(c));
c43d20a0
LP		 469
470 exec_command_dump_list(s->exec_command[c], f, prefix2);
5cb5a6ff 471 }
c43d20a0 472
82ba9f08 473 free(p2);
5cb5a6ff
LP		 474}
475
4f2d528d
LP		 476static int instance_from_socket(int fd, unsigned nr, char **instance) {
477 socklen_t l;
478 char *r;
479 union {
480 struct sockaddr sa;
481 struct sockaddr_un un;
482 struct sockaddr_in in;
483 struct sockaddr_in6 in6;
484 struct sockaddr_storage storage;
485 } local, remote;
486
487 assert(fd >= 0);
488 assert(instance);
489
490 l = sizeof(local);
491 if (getsockname(fd, &local.sa, &l) < 0)
492 return -errno;
493
494 l = sizeof(remote);
495 if (getpeername(fd, &remote.sa, &l) < 0)
496 return -errno;
497
498 switch (local.sa.sa_family) {
499
500 case AF_INET: {
501 uint32_t
502 a = ntohl(local.in.sin_addr.s_addr),
503 b = ntohl(remote.in.sin_addr.s_addr);
504
505 if (asprintf(&r,
b15bdda8 506 "%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
4f2d528d
LP		 507 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
508 ntohs(local.in.sin_port),
509 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
510 ntohs(remote.in.sin_port)) < 0)
511 return -ENOMEM;
512
513 break;
514 }
515
516 case AF_INET6: {
2b061f5a
LP		 517 static const char ipv4_prefix[] = {
518 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
519 };
520
521 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
522 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
523 const uint8_t
524 *a = local.in6.sin6_addr.s6_addr+12,
525 *b = remote.in6.sin6_addr.s6_addr+12;
526
527 if (asprintf(&r,
b15bdda8 528 "%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
2b061f5a
LP		 529 a[0], a[1], a[2], a[3],
530 ntohs(local.in6.sin6_port),
531 b[0], b[1], b[2], b[3],
532 ntohs(remote.in6.sin6_port)) < 0)
533 return -ENOMEM;
534 } else {
535 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
536
537 if (asprintf(&r,
b15bdda8 538 "%s:%u-%s:%u",
2b061f5a
LP		 539 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
540 ntohs(local.in6.sin6_port),
541 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
542 ntohs(remote.in6.sin6_port)) < 0)
543 return -ENOMEM;
544 }
4f2d528d
LP		 545
546 break;
547 }
548
549 case AF_UNIX: {
550 struct ucred ucred;
551
552 l = sizeof(ucred);
553 if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &l) < 0)
554 return -errno;
555
556 if (asprintf(&r,
bb00e604 557 "%u-%lu-%lu",
4f2d528d 558 nr,
bb00e604
LP		 559 (unsigned long) ucred.pid,
560 (unsigned long) ucred.uid) < 0)
4f2d528d
LP		 561 return -ENOMEM;
562
563 break;
564 }
565
566 default:
567 assert_not_reached("Unhandled socket type.");
568 }
569
570 *instance = r;
571 return 0;
572}
573
034c6ed7 574static void socket_close_fds(Socket *s) {
83c60c9f
LP		 575 SocketPort *p;
576
577 assert(s);
578
034c6ed7 579 LIST_FOREACH(port, p, s->ports) {
83c60c9f
LP		 580 if (p->fd < 0)
581 continue;
582
acbb0225 583 unit_unwatch_fd(UNIT(s), &p->fd_watch);
a16e1123
LP		 584 close_nointr_nofail(p->fd);
585
586 /* One little note: we should never delete any sockets
587 * in the file system here! After all some other
588 * process we spawned might still have a reference of
589 * this fd and wants to continue to use it. Therefore
590 * we delete sockets in the file system before we
591 * create a new one, not after we stopped using
592 * one! */
9152c765 593
83c60c9f
LP		 594 p->fd = -1;
595 }
596}
597
4fd5948e
LP		 598static void socket_apply_socket_options(Socket *s, int fd) {
599 assert(s);
600 assert(fd >= 0);
601
602 if (s->keep_alive) {
603 int b = s->keep_alive;
604 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
605 log_warning("SO_KEEPALIVE failed: %m");
606 }
607
608 if (s->priority >= 0)
609 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
610 log_warning("SO_PRIORITY failed: %m");
611
612 if (s->receive_buffer > 0) {
613 int value = (int) s->receive_buffer;
614 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
615 log_warning("SO_RCVBUF failed: %m");
616 }
617
618 if (s->send_buffer > 0) {
619 int value = (int) s->send_buffer;
620 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
621 log_warning("SO_SNDBUF failed: %m");
622 }
623
624 if (s->mark >= 0)
625 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
626 log_warning("SO_MARK failed: %m");
627
628 if (s->ip_tos >= 0)
629 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
630 log_warning("IP_TOS failed: %m");
631
46925ac5
LP		 632 if (s->ip_ttl >= 0) {
633 int r, x;
634
635 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
636 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
637
638 if (r < 0 && x < 0)
639 log_warning("IP_TTL/IPV6_UNICAST_HOPS failed: %m");
640 }
cebf8b20
TT		 641
642 if (s->tcp_congestion)
643 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
644 log_warning("TCP_CONGESTION failed: %m");
4fd5948e
LP		 645}
646
b15bdda8 647static void socket_apply_fifo_options(Socket *s, int fd) {
4fd5948e
LP		 648 assert(s);
649 assert(fd >= 0);
650
651 if (s->pipe_size > 0)
652 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
653 log_warning("F_SETPIPE_SZ: %m");
654}
655
7a58bfa4
DW		 656static int selinux_getconfromexe(
657 const char *exe,
658 security_context_t *newcon) {
659
660 security_context_t mycon = NULL, fcon = NULL;
661 security_class_t sclass;
662 int r = 0;
663
664 r = getcon(&mycon);
665 if (r < 0)
666 goto fail;
667
668 r = getfilecon(exe, &fcon);
669 if (r < 0)
670 goto fail;
671
672 sclass = string_to_security_class("process");
673 r = security_compute_create(mycon, fcon, sclass, newcon);
674
675fail:
676 if (r < 0)
677 r = -errno;
678
679 freecon(mycon);
680 freecon(fcon);
681 return r;
682}
683
684static int selinux_getfileconfrompath(
685 const security_context_t scon,
686 const char *path,
687 const char *class,
688 security_context_t *fcon) {
689
690 security_context_t dir_con = NULL;
691 security_class_t sclass;
692 int r = 0;
693
694 r = getfilecon(path, &dir_con);
695 if (r >= 0) {
696 r = -1;
697 if ((sclass = string_to_security_class(class)) != 0)
698 r = security_compute_create(scon, dir_con, sclass, fcon);
699 }
700 if (r < 0)
701 r = -errno;
702
703 freecon(dir_con);
704 return r;
705}
706
b15bdda8
LP		 707static int fifo_address_create(
708 const char *path,
709 mode_t directory_mode,
710 mode_t socket_mode,
7a58bfa4 711 security_context_t scon,
b15bdda8
LP		 712 int *_fd) {
713
7a58bfa4 714 int fd = -1, r = 0;
b15bdda8
LP		 715 struct stat st;
716 mode_t old_mask;
7a58bfa4 717 security_context_t filecon = NULL;
b15bdda8
LP		 718
719 assert(path);
720 assert(_fd);
721
722 mkdir_parents(path, directory_mode);
723
7a58bfa4
DW		 724 if (scon) {
725 if (scon && ((r = selinux_getfileconfrompath(scon, path, "fifo_file", &filecon)) == 0)) {
726 r = setfscreatecon(filecon);
727
728 if (r < 0) {
729 log_error("Failed to set SELinux file context (%s) on %s: %m", scon, path);
730 r = -errno;
731 }
732
733 freecon(filecon);
734 }
735
736 if (r < 0 && security_getenforce() == 1)
737 goto fail;
738 }
b15bdda8
LP		 739
740 /* Enforce the right access mode for the fifo */
741 old_mask = umask(~ socket_mode);
742
743 /* Include the original umask in our mask */
744 umask(~socket_mode | old_mask);
745
746 r = mkfifo(path, socket_mode);
747 umask(old_mask);
748
749 if (r < 0) {
750 r = -errno;
751 goto fail;
752 }
753
754 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
755 r = -errno;
756 goto fail;
757 }
758
7a58bfa4
DW		 759 setfscreatecon(NULL);
760
b15bdda8
LP		 761 if (fstat(fd, &st) < 0) {
762 r = -errno;
763 goto fail;
764 }
765
766 if (!S_ISFIFO(st.st_mode) ||
de0200fc 767 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
b15bdda8
LP		 768 st.st_uid != getuid() ||
769 st.st_gid != getgid()) {
770
771 r = -EEXIST;
772 goto fail;
773 }
774
775 *_fd = fd;
776 return 0;
777
778fail:
7a58bfa4 779 setfscreatecon(NULL);
b15bdda8
LP		 780 if (fd >= 0)
781 close_nointr_nofail(fd);
782
783 return r;
784}
785
034c6ed7 786static int socket_open_fds(Socket *s) {
83c60c9f
LP		 787 SocketPort *p;
788 int r;
7a58bfa4 789 security_context_t scon = NULL;
83c60c9f
LP		 790
791 assert(s);
792
b15bdda8
LP		 793 if ((r = socket_instantiate_service(s)) < 0)
794 return r;
795
7a58bfa4
DW		 796 if (selinux_getconfromexe(s->service->exec_command[SERVICE_EXEC_START]->path, &scon) < 0) {
797 log_error("Failed to get SELinux exec context for %s \n", s->service->exec_command[SERVICE_EXEC_START]->path);
798 if (security_getenforce() == 1)
799 return -errno;
800 }
b15bdda8 801
7a58bfa4 802 log_debug("SELinux Socket context for %s set to %s\n", s->service->exec_command[SERVICE_EXEC_START]->path, scon);
034c6ed7 803 LIST_FOREACH(port, p, s->ports) {
83c60c9f 804
034c6ed7
LP		 805 if (p->fd >= 0)
806 continue;
83c60c9f
LP		 807
808 if (p->type == SOCKET_SOCKET) {
809
b5a0699f
LP		 810 if ((r = socket_address_listen(
811 &p->address,
812 s->backlog,
813 s->bind_ipv6_only,
814 s->bind_to_device,
4fd5948e 815 s->free_bind,
b5a0699f
LP		 816 s->directory_mode,
817 s->socket_mode,
7a58bfa4 818 scon,
b5a0699f 819 &p->fd)) < 0)
83c60c9f
LP		 820 goto rollback;
821
4fd5948e
LP		 822 socket_apply_socket_options(s, p->fd);
823
b15bdda8 824 } else if (p->type == SOCKET_FIFO) {
83c60c9f 825
b15bdda8
LP		 826 if ((r = fifo_address_create(
827 p->path,
828 s->directory_mode,
829 s->socket_mode,
7a58bfa4 830 scon,
b15bdda8 831 &p->fd)) < 0)
83c60c9f 832 goto rollback;
83c60c9f 833
b15bdda8 834 socket_apply_fifo_options(s, p->fd);
83c60c9f 835
b15bdda8
LP		 836 } else
837 assert_not_reached("Unknown port type");
034c6ed7
LP		 838 }
839
7a58bfa4 840 freecon(scon);
034c6ed7
LP		 841 return 0;
842
843rollback:
844 socket_close_fds(s);
7a58bfa4 845 freecon(scon);
034c6ed7
LP		 846 return r;
847}
848
849static void socket_unwatch_fds(Socket *s) {
850 SocketPort *p;
9152c765 851
034c6ed7
LP		 852 assert(s);
853
854 LIST_FOREACH(port, p, s->ports) {
855 if (p->fd < 0)
856 continue;
857
acbb0225 858 unit_unwatch_fd(UNIT(s), &p->fd_watch);
83c60c9f 859 }
034c6ed7
LP		 860}
861
862static int socket_watch_fds(Socket *s) {
863 SocketPort *p;
864 int r;
865
866 assert(s);
83c60c9f 867
034c6ed7
LP		 868 LIST_FOREACH(port, p, s->ports) {
869 if (p->fd < 0)
870 continue;
871
cabab516 872 p->fd_watch.socket_accept =
4f2d528d 873 s->accept &&
dd5ad9d4 874 p->type == SOCKET_SOCKET &&
4f2d528d
LP		 875 socket_address_can_accept(&p->address);
876
f94ea366 877 if ((r = unit_watch_fd(UNIT(s), p->fd, EPOLLIN, &p->fd_watch)) < 0)
034c6ed7
LP		 878 goto fail;
879 }
83c60c9f 880
542563ba 881 return 0;
83c60c9f 882
034c6ed7
LP		 883fail:
884 socket_unwatch_fds(s);
885 return r;
886}
887
888static void socket_set_state(Socket *s, SocketState state) {
889 SocketState old_state;
890 assert(s);
891
892 old_state = s->state;
893 s->state = state;
894
895 if (state != SOCKET_START_PRE &&
896 state != SOCKET_START_POST &&
897 state != SOCKET_STOP_PRE &&
898 state != SOCKET_STOP_PRE_SIGTERM &&
899 state != SOCKET_STOP_PRE_SIGKILL &&
900 state != SOCKET_STOP_POST &&
80876c20
LP		 901 state != SOCKET_FINAL_SIGTERM &&
902 state != SOCKET_FINAL_SIGKILL) {
acbb0225 903 unit_unwatch_timer(UNIT(s), &s->timer_watch);
5e94833f 904 socket_unwatch_control_pid(s);
034c6ed7 905 s->control_command = NULL;
a16e1123 906 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
e537352b 907 }
034c6ed7 908
a16e1123
LP		 909 if (state != SOCKET_LISTENING)
910 socket_unwatch_fds(s);
911
034c6ed7
LP		 912 if (state != SOCKET_START_POST &&
913 state != SOCKET_LISTENING &&
914 state != SOCKET_RUNNING &&
915 state != SOCKET_STOP_PRE &&
916 state != SOCKET_STOP_PRE_SIGTERM &&
917 state != SOCKET_STOP_PRE_SIGKILL)
918 socket_close_fds(s);
919
e537352b 920 if (state != old_state)
40d50879 921 log_debug("%s changed %s -> %s",
a16e1123
LP		 922 s->meta.id,
923 socket_state_to_string(old_state),
924 socket_state_to_string(state));
acbb0225
LP		 925
926 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state]);
034c6ed7
LP		 927}
928
a16e1123
LP		 929static int socket_coldplug(Unit *u) {
930 Socket *s = SOCKET(u);
931 int r;
932
933 assert(s);
934 assert(s->state == SOCKET_DEAD);
935
936 if (s->deserialized_state != s->state) {
937
938 if (s->deserialized_state == SOCKET_START_PRE ||
939 s->deserialized_state == SOCKET_START_POST ||
940 s->deserialized_state == SOCKET_STOP_PRE ||
941 s->deserialized_state == SOCKET_STOP_PRE_SIGTERM ||
942 s->deserialized_state == SOCKET_STOP_PRE_SIGKILL ||
943 s->deserialized_state == SOCKET_STOP_POST ||
944 s->deserialized_state == SOCKET_FINAL_SIGTERM ||
945 s->deserialized_state == SOCKET_FINAL_SIGKILL) {
946
947 if (s->control_pid <= 0)
948 return -EBADMSG;
949
950 if ((r = unit_watch_pid(UNIT(s), s->control_pid)) < 0)
951 return r;
952
953 if ((r = unit_watch_timer(UNIT(s), s->timeout_usec, &s->timer_watch)) < 0)
954 return r;
955 }
956
957 if (s->deserialized_state == SOCKET_START_POST ||
958 s->deserialized_state == SOCKET_LISTENING ||
959 s->deserialized_state == SOCKET_RUNNING ||
960 s->deserialized_state == SOCKET_STOP_PRE ||
961 s->deserialized_state == SOCKET_STOP_PRE_SIGTERM ||
962 s->deserialized_state == SOCKET_STOP_PRE_SIGKILL)
963 if ((r = socket_open_fds(s)) < 0)
964 return r;
965
966 if (s->deserialized_state == SOCKET_LISTENING)
967 if ((r = socket_watch_fds(s)) < 0)
968 return r;
969
970 socket_set_state(s, s->deserialized_state);
971 }
972
973 return 0;
974}
975
e537352b 976static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
034c6ed7
LP		 977 pid_t pid;
978 int r;
9e2f7c11 979 char **argv;
034c6ed7
LP		 980
981 assert(s);
982 assert(c);
983 assert(_pid);
984
e537352b
LP		 985 if ((r = unit_watch_timer(UNIT(s), s->timeout_usec, &s->timer_watch)) < 0)
986 goto fail;
034c6ed7 987
9e2f7c11
LP		 988 if (!(argv = unit_full_printf_strv(UNIT(s), c->argv))) {
989 r = -ENOMEM;
990 goto fail;
991 }
992
993 r = exec_spawn(c,
994 argv,
995 &s->exec_context,
996 NULL, 0,
1137a57c 997 s->meta.manager->environment,
9e2f7c11
LP		 998 true,
999 true,
1e3ad081 1000 true,
4cd1fbcc
LP		 1001 s->meta.manager->confirm_spawn,
1002 s->meta.cgroup_bondings,
9e2f7c11
LP		 1003 &pid);
1004
1005 strv_free(argv);
1006 if (r < 0)
034c6ed7
LP		 1007 goto fail;
1008
87f0e418 1009 if ((r = unit_watch_pid(UNIT(s), pid)) < 0)
034c6ed7
LP		 1010 /* FIXME: we need to do something here */
1011 goto fail;
83c60c9f 1012
034c6ed7
LP		 1013 *_pid = pid;
1014
1015 return 0;
1016
1017fail:
e537352b 1018 unit_unwatch_timer(UNIT(s), &s->timer_watch);
83c60c9f
LP		 1019
1020 return r;
542563ba
LP		 1021}
1022
034c6ed7
LP		 1023static void socket_enter_dead(Socket *s, bool success) {
1024 assert(s);
1025
1026 if (!success)
1027 s->failure = true;
1028
18c78fb1 1029 socket_set_state(s, s->failure ? SOCKET_MAINTENANCE : SOCKET_DEAD);
034c6ed7
LP		 1030}
1031
80876c20
LP		 1032static void socket_enter_signal(Socket *s, SocketState state, bool success);
1033
034c6ed7
LP		 1034static void socket_enter_stop_post(Socket *s, bool success) {
1035 int r;
1036 assert(s);
1037
1038 if (!success)
1039 s->failure = true;
1040
5e94833f
LP		 1041 socket_unwatch_control_pid(s);
1042
a16e1123
LP		 1043 s->control_command_id = SOCKET_EXEC_STOP_POST;
1044
80876c20 1045 if ((s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST])) {
e537352b 1046 if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0)
034c6ed7
LP		 1047 goto fail;
1048
80876c20
LP		 1049 socket_set_state(s, SOCKET_STOP_POST);
1050 } else
1051 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, true);
034c6ed7
LP		 1052
1053 return;
1054
1055fail:
6cf6bbc2 1056 log_warning("%s failed to run 'stop-post' task: %s", s->meta.id, strerror(-r));
80876c20 1057 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, false);
034c6ed7
LP		 1058}
1059
1060static void socket_enter_signal(Socket *s, SocketState state, bool success) {
1061 int r;
80876c20 1062 bool sent = false;
034c6ed7
LP		 1063
1064 assert(s);
1065
1066 if (!success)
1067 s->failure = true;
1068
2e22afe9
LP		 1069 if (s->exec_context.kill_mode != KILL_NONE) {
1070 int sig = (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_FINAL_SIGTERM) ? s->exec_context.kill_signal : SIGKILL;
034c6ed7 1071
2e22afe9 1072 if (s->exec_context.kill_mode == KILL_CONTROL_GROUP) {
50159e6a 1073
4cd1fbcc 1074 if ((r = cgroup_bonding_kill_list(s->meta.cgroup_bondings, sig)) < 0) {
50159e6a
LP		 1075 if (r != -EAGAIN && r != -ESRCH)
1076 goto fail;
1077 } else
1078 sent = true;
034c6ed7 1079 }
50159e6a 1080
80876c20 1081 if (!sent && s->control_pid > 0)
2e22afe9 1082 if (kill(s->exec_context.kill_mode == KILL_PROCESS ? s->control_pid : -s->control_pid, sig) < 0 && errno != ESRCH) {
50159e6a
LP		 1083 r = -errno;
1084 goto fail;
1085 }
d6ea93e3 1086 }
034c6ed7 1087
e93bc5a6 1088 if (sent && s->control_pid > 0) {
80876c20
LP		 1089 if ((r = unit_watch_timer(UNIT(s), s->timeout_usec, &s->timer_watch)) < 0)
1090 goto fail;
d6ea93e3 1091
80876c20
LP		 1092 socket_set_state(s, state);
1093 } else if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1094 socket_enter_stop_post(s, true);
1095 else
034c6ed7
LP		 1096 socket_enter_dead(s, true);
1097
1098 return;
1099
1100fail:
9e2f7c11 1101 log_warning("%s failed to kill processes: %s", s->meta.id, strerror(-r));
034c6ed7
LP		 1102
1103 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1104 socket_enter_stop_post(s, false);
1105 else
1106 socket_enter_dead(s, false);
1107}
1108
1109static void socket_enter_stop_pre(Socket *s, bool success) {
1110 int r;
1111 assert(s);
1112
1113 if (!success)
1114 s->failure = true;
1115
5e94833f
LP		 1116 socket_unwatch_control_pid(s);
1117
a16e1123
LP		 1118 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1119
80876c20 1120 if ((s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE])) {
e537352b 1121 if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0)
034c6ed7
LP		 1122 goto fail;
1123
80876c20
LP		 1124 socket_set_state(s, SOCKET_STOP_PRE);
1125 } else
034c6ed7
LP		 1126 socket_enter_stop_post(s, true);
1127
1128 return;
1129
1130fail:
6cf6bbc2 1131 log_warning("%s failed to run 'stop-pre' task: %s", s->meta.id, strerror(-r));
034c6ed7
LP		 1132 socket_enter_stop_post(s, false);
1133}
1134
e9af15c3
LP		 1135static void socket_enter_listening(Socket *s) {
1136 int r;
1137 assert(s);
1138
1139 if ((r = socket_watch_fds(s)) < 0) {
9e2f7c11 1140 log_warning("%s failed to watch sockets: %s", s->meta.id, strerror(-r));
e9af15c3
LP		 1141 goto fail;
1142 }
1143
1144 socket_set_state(s, SOCKET_LISTENING);
1145 return;
1146
1147fail:
1148 socket_enter_stop_pre(s, false);
1149}
1150
034c6ed7
LP		 1151static void socket_enter_start_post(Socket *s) {
1152 int r;
1153 assert(s);
1154
e9af15c3 1155 if ((r = socket_open_fds(s)) < 0) {
9e2f7c11 1156 log_warning("%s failed to listen on sockets: %s", s->meta.id, strerror(-r));
034c6ed7
LP		 1157 goto fail;
1158 }
1159
5e94833f
LP		 1160 socket_unwatch_control_pid(s);
1161
a16e1123
LP		 1162 s->control_command_id = SOCKET_EXEC_START_POST;
1163
80876c20 1164 if ((s->control_command = s->exec_command[SOCKET_EXEC_START_POST])) {
e537352b 1165 if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0) {
6cf6bbc2 1166 log_warning("%s failed to run 'start-post' task: %s", s->meta.id, strerror(-r));
034c6ed7
LP		 1167 goto fail;
1168 }
1169
80876c20
LP		 1170 socket_set_state(s, SOCKET_START_POST);
1171 } else
e9af15c3 1172 socket_enter_listening(s);
034c6ed7
LP		 1173
1174 return;
1175
1176fail:
1177 socket_enter_stop_pre(s, false);
1178}
1179
1180static void socket_enter_start_pre(Socket *s) {
1181 int r;
1182 assert(s);
1183
5e94833f
LP		 1184 socket_unwatch_control_pid(s);
1185
a16e1123
LP		 1186 s->control_command_id = SOCKET_EXEC_START_PRE;
1187
80876c20 1188 if ((s->control_command = s->exec_command[SOCKET_EXEC_START_PRE])) {
e537352b 1189 if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0)
034c6ed7
LP		 1190 goto fail;
1191
80876c20
LP		 1192 socket_set_state(s, SOCKET_START_PRE);
1193 } else
034c6ed7
LP		 1194 socket_enter_start_post(s);
1195
1196 return;
1197
1198fail:
6cf6bbc2 1199 log_warning("%s failed to run 'start-pre' task: %s", s->meta.id, strerror(-r));
034c6ed7
LP		 1200 socket_enter_dead(s, false);
1201}
1202
4f2d528d 1203static void socket_enter_running(Socket *s, int cfd) {
034c6ed7 1204 int r;
398ef8ba 1205 DBusError error;
034c6ed7
LP		 1206
1207 assert(s);
398ef8ba 1208 dbus_error_init(&error);
034c6ed7 1209
ba3e67a7
LP		 1210 /* We don't take connections anymore if we are supposed to
1211 * shut down anyway */
1212 if (s->meta.job && s->meta.job->type == JOB_STOP) {
7c610628
LP		 1213 if (cfd >= 0)
1214 close_nointr_nofail(cfd);
1215 else {
1216 /* Flush all sockets by closing and reopening them */
1217 socket_close_fds(s);
1218
1219 if ((r = socket_watch_fds(s)) < 0) {
1220 log_warning("%s failed to watch sockets: %s", s->meta.id, strerror(-r));
1221 socket_enter_stop_pre(s, false);
1222 }
1223 }
1224
ba3e67a7
LP		 1225 return;
1226 }
1227
4f2d528d 1228 if (cfd < 0) {
398ef8ba 1229 if ((r = manager_add_job(s->meta.manager, JOB_START, UNIT(s->service), JOB_REPLACE, true, &error, NULL)) < 0)
4f2d528d
LP		 1230 goto fail;
1231
1232 socket_set_state(s, SOCKET_RUNNING);
1233 } else {
b4f10a5e 1234 char *prefix, *instance = NULL, *name;
b15bdda8 1235 Service *service;
4f2d528d 1236
6cf6bbc2
LP		 1237 if (s->n_connections >= s->max_connections) {
1238 log_warning("Too many incoming connections (%u)", s->n_connections);
1239 close_nointr_nofail(cfd);
1240 return;
1241 }
1242
b15bdda8
LP		 1243 if ((r = socket_instantiate_service(s)) < 0)
1244 goto fail;
1245
1246 if ((r = instance_from_socket(cfd, s->n_accepted, &instance)) < 0)
4f2d528d
LP		 1247 goto fail;
1248
4cd1fbcc 1249 if (!(prefix = unit_name_to_prefix(s->meta.id))) {
4f2d528d
LP		 1250 free(instance);
1251 r = -ENOMEM;
1252 goto fail;
1253 }
1254
1255 name = unit_name_build(prefix, instance, ".service");
1256 free(prefix);
1257 free(instance);
1258
b6dbbe1c 1259 if (!name) {
4f2d528d 1260 r = -ENOMEM;
b6dbbe1c
LP		 1261 goto fail;
1262 }
4f2d528d 1263
b15bdda8
LP		 1264 if ((r = unit_add_name(UNIT(s->service), name)) < 0) {
1265 free(name);
4f2d528d 1266 goto fail;
b15bdda8
LP		 1267 }
1268
1269 service = s->service;
1270 s->service = NULL;
1271 s->n_accepted ++;
4f2d528d 1272
b15bdda8
LP		 1273 unit_choose_id(UNIT(service), name);
1274 free(name);
1275
1276 if ((r = service_set_socket_fd(service, cfd, s)) < 0)
4f2d528d
LP		 1277 goto fail;
1278
1279 cfd = -1;
6cf6bbc2
LP		 1280 s->n_connections ++;
1281
b15bdda8 1282 if ((r = manager_add_job(s->meta.manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL)) < 0)
4f2d528d
LP		 1283 goto fail;
1284 }
034c6ed7 1285
034c6ed7
LP		 1286 return;
1287
1288fail:
398ef8ba 1289 log_warning("%s failed to queue socket startup job: %s", s->meta.id, bus_error(&error, r));
80876c20 1290 socket_enter_stop_pre(s, false);
4f2d528d
LP		 1291
1292 if (cfd >= 0)
1293 close_nointr_nofail(cfd);
398ef8ba
LP		 1294
1295 dbus_error_free(&error);
034c6ed7
LP		 1296}
1297
1298static void socket_run_next(Socket *s, bool success) {
1299 int r;
1300
1301 assert(s);
1302 assert(s->control_command);
1303 assert(s->control_command->command_next);
1304
1305 if (!success)
1306 s->failure = true;
1307
5e94833f
LP		 1308 socket_unwatch_control_pid(s);
1309
034c6ed7
LP		 1310 s->control_command = s->control_command->command_next;
1311
e537352b 1312 if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0)
034c6ed7
LP		 1313 goto fail;
1314
1315 return;
1316
1317fail:
6cf6bbc2 1318 log_warning("%s failed to run next task: %s", s->meta.id, strerror(-r));
80876c20
LP		 1319
1320 if (s->state == SOCKET_START_POST)
1321 socket_enter_stop_pre(s, false);
034c6ed7
LP		 1322 else if (s->state == SOCKET_STOP_POST)
1323 socket_enter_dead(s, false);
1324 else
80876c20 1325 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, false);
034c6ed7
LP		 1326}
1327
87f0e418
LP		 1328static int socket_start(Unit *u) {
1329 Socket *s = SOCKET(u);
83c60c9f
LP		 1330
1331 assert(s);
1332
034c6ed7
LP		 1333 /* We cannot fulfill this request right now, try again later
1334 * please! */
1335 if (s->state == SOCKET_STOP_PRE ||
1336 s->state == SOCKET_STOP_PRE_SIGKILL ||
1337 s->state == SOCKET_STOP_PRE_SIGTERM ||
1338 s->state == SOCKET_STOP_POST ||
80876c20
LP		 1339 s->state == SOCKET_FINAL_SIGTERM ||
1340 s->state == SOCKET_FINAL_SIGKILL)
034c6ed7
LP		 1341 return -EAGAIN;
1342
83c60c9f
LP		 1343 if (s->state == SOCKET_START_PRE ||
1344 s->state == SOCKET_START_POST)
034c6ed7 1345 return 0;
83c60c9f 1346
034c6ed7 1347 /* Cannot run this without the service being around */
4f2d528d
LP		 1348 if (s->service) {
1349 if (s->service->meta.load_state != UNIT_LOADED)
1350 return -ENOENT;
1351
1352 /* If the service is alredy actvie we cannot start the
1353 * socket */
1354 if (s->service->state != SERVICE_DEAD &&
18c78fb1 1355 s->service->state != SERVICE_MAINTENANCE &&
4f2d528d
LP		 1356 s->service->state != SERVICE_AUTO_RESTART)
1357 return -EBUSY;
1358 }
e537352b 1359
18c78fb1 1360 assert(s->state == SOCKET_DEAD || s->state == SOCKET_MAINTENANCE);
83c60c9f 1361
034c6ed7
LP		 1362 s->failure = false;
1363 socket_enter_start_pre(s);
1364 return 0;
1365}
83c60c9f 1366
87f0e418
LP		 1367static int socket_stop(Unit *u) {
1368 Socket *s = SOCKET(u);
034c6ed7
LP		 1369
1370 assert(s);
1371
e537352b
LP		 1372 /* Already on it */
1373 if (s->state == SOCKET_STOP_PRE ||
1374 s->state == SOCKET_STOP_PRE_SIGTERM ||
1375 s->state == SOCKET_STOP_PRE_SIGKILL ||
1376 s->state == SOCKET_STOP_POST ||
80876c20 1377 s->state == SOCKET_FINAL_SIGTERM ||
3f6c78dc 1378 s->state == SOCKET_FINAL_SIGKILL)
e537352b
LP		 1379 return 0;
1380
3f6c78dc
LP		 1381 /* If there's already something running we go directly into
1382 * kill mode. */
1383 if (s->state == SOCKET_START_PRE ||
1384 s->state == SOCKET_START_POST) {
1385 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, true);
1386 return -EAGAIN;
1387 }
1388
034c6ed7 1389 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
83c60c9f 1390
034c6ed7 1391 socket_enter_stop_pre(s, true);
542563ba
LP		 1392 return 0;
1393}
1394
a16e1123
LP		 1395static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1396 Socket *s = SOCKET(u);
1397 SocketPort *p;
1398 int r;
1399
1400 assert(u);
1401 assert(f);
1402 assert(fds);
1403
1404 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
1405 unit_serialize_item(u, f, "failure", yes_no(s->failure));
1406 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
1407
1408 if (s->control_pid > 0)
5925dd3c 1409 unit_serialize_item_format(u, f, "control-pid", "%lu", (unsigned long) s->control_pid);
a16e1123
LP		 1410
1411 if (s->control_command_id >= 0)
1412 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
1413
1414 LIST_FOREACH(port, p, s->ports) {
1415 int copy;
1416
1417 if (p->fd < 0)
1418 continue;
1419
1420 if ((copy = fdset_put_dup(fds, p->fd)) < 0)
1421 return copy;
1422
1423 if (p->type == SOCKET_SOCKET) {
1424 char *t;
1425
1426 if ((r = socket_address_print(&p->address, &t)) < 0)
1427 return r;
1428
27ca8d7a 1429 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
a16e1123
LP		 1430 free(t);
1431 } else {
1432 assert(p->type == SOCKET_FIFO);
1433 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
1434 }
1435 }
1436
1437 return 0;
1438}
1439
1440static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
1441 Socket *s = SOCKET(u);
1442 int r;
1443
1444 assert(u);
1445 assert(key);
1446 assert(value);
1447 assert(fds);
1448
1449 if (streq(key, "state")) {
1450 SocketState state;
1451
1452 if ((state = socket_state_from_string(value)) < 0)
1453 log_debug("Failed to parse state value %s", value);
1454 else
1455 s->deserialized_state = state;
1456 } else if (streq(key, "failure")) {
1457 int b;
1458
1459 if ((b = parse_boolean(value)) < 0)
1460 log_debug("Failed to parse failure value %s", value);
1461 else
1462 s->failure = b || s->failure;
1463
1464 } else if (streq(key, "n-accepted")) {
1465 unsigned k;
1466
1467 if ((r = safe_atou(value, &k)) < 0)
1468 log_debug("Failed to parse n-accepted value %s", value);
1469 else
1470 s->n_accepted += k;
1471 } else if (streq(key, "control-pid")) {
5925dd3c 1472 pid_t pid;
a16e1123 1473
5925dd3c 1474 if ((r = parse_pid(value, &pid)) < 0)
a16e1123
LP		 1475 log_debug("Failed to parse control-pid value %s", value);
1476 else
5925dd3c 1477 s->control_pid = pid;
a16e1123
LP		 1478 } else if (streq(key, "control-command")) {
1479 SocketExecCommand id;
1480
1481 if ((id = socket_exec_command_from_string(value)) < 0)
1482 log_debug("Failed to parse exec-command value %s", value);
1483 else {
1484 s->control_command_id = id;
1485 s->control_command = s->exec_command[id];
1486 }
1487 } else if (streq(key, "fifo")) {
1488 int fd, skip = 0;
1489 SocketPort *p;
1490
1491 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
1492 log_debug("Failed to parse fifo value %s", value);
1493 else {
1494
1495 LIST_FOREACH(port, p, s->ports)
1496 if (streq(p->path, value+skip))
1497 break;
1498
1499 if (p) {
1500 if (p->fd >= 0)
1501 close_nointr_nofail(p->fd);
1502 p->fd = fdset_remove(fds, fd);
1503 }
1504 }
1505
1506 } else if (streq(key, "socket")) {
27ca8d7a 1507 int fd, type, skip = 0;
a16e1123
LP		 1508 SocketPort *p;
1509
27ca8d7a 1510 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
a16e1123
LP		 1511 log_debug("Failed to parse socket value %s", value);
1512 else {
1513
1514 LIST_FOREACH(port, p, s->ports)
27ca8d7a 1515 if (socket_address_is(&p->address, value+skip, type))
a16e1123
LP		 1516 break;
1517
1518 if (p) {
1519 if (p->fd >= 0)
1520 close_nointr_nofail(p->fd);
1521 p->fd = fdset_remove(fds, fd);
1522 }
1523 }
1524
1525 } else
1526 log_debug("Unknown serialization key '%s'", key);
1527
1528 return 0;
1529}
1530
87f0e418
LP		 1531static UnitActiveState socket_active_state(Unit *u) {
1532 assert(u);
5cb5a6ff 1533
acbb0225 1534 return state_translation_table[SOCKET(u)->state];
5cb5a6ff
LP		 1535}
1536
10a94420
LP		 1537static const char *socket_sub_state_to_string(Unit *u) {
1538 assert(u);
1539
a16e1123 1540 return socket_state_to_string(SOCKET(u)->state);
10a94420
LP		 1541}
1542
6cf6bbc2
LP		 1543static bool socket_check_gc(Unit *u) {
1544 Socket *s = SOCKET(u);
1545
1546 assert(u);
1547
1548 return s->n_connections > 0;
1549}
1550
acbb0225 1551static void socket_fd_event(Unit *u, int fd, uint32_t events, Watch *w) {
87f0e418 1552 Socket *s = SOCKET(u);
4f2d528d 1553 int cfd = -1;
9152c765 1554
034c6ed7 1555 assert(s);
8d567588 1556 assert(fd >= 0);
9152c765 1557
871d7de4
LP		 1558 if (s->state != SOCKET_LISTENING)
1559 return;
1560
9e2f7c11 1561 log_debug("Incoming traffic on %s", u->meta.id);
9152c765 1562
4f2d528d
LP		 1563 if (events != EPOLLIN) {
1564 log_error("Got invalid poll event on socket.");
8d567588 1565 goto fail;
4f2d528d
LP		 1566 }
1567
cabab516 1568 if (w->socket_accept) {
4f2d528d
LP		 1569 for (;;) {
1570
1571 if ((cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK)) < 0) {
1572
1573 if (errno == EINTR)
1574 continue;
1575
1576 log_error("Failed to accept socket: %m");
8d567588 1577 goto fail;
4f2d528d
LP		 1578 }
1579
1580 break;
1581 }
4fd5948e
LP		 1582
1583 socket_apply_socket_options(s, cfd);
4f2d528d 1584 }
9152c765 1585
4f2d528d 1586 socket_enter_running(s, cfd);
8d567588
LP		 1587 return;
1588
1589fail:
1590 socket_enter_stop_pre(s, false);
9152c765
LP		 1591}
1592
87f0e418
LP		 1593static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
1594 Socket *s = SOCKET(u);
034c6ed7 1595 bool success;
5cb5a6ff
LP		 1596
1597 assert(s);
034c6ed7 1598 assert(pid >= 0);
5cb5a6ff 1599
8c47c732
LP		 1600 if (pid != s->control_pid)
1601 return;
542563ba 1602
034c6ed7
LP		 1603 s->control_pid = 0;
1604
8c47c732 1605 success = is_clean_exit(code, status);
8c47c732 1606
b708e7ce 1607 if (s->control_command) {
b58b4116 1608 exec_status_exit(&s->control_command->exec_status, pid, code, status);
a16e1123 1609
b708e7ce
LP		 1610 if (s->control_command->ignore)
1611 success = true;
1612 }
1613
92abbefb
LP		 1614 log_full(success ? LOG_DEBUG : LOG_NOTICE,
1615 "%s control process exited, code=%s status=%i", u->meta.id, sigchld_code_to_string(code), status);
b708e7ce 1616 s->failure = s->failure || !success;
034c6ed7 1617
a16e1123
LP		 1618 if (s->control_command && s->control_command->command_next && success) {
1619 log_debug("%s running next command for state %s", u->meta.id, socket_state_to_string(s->state));
034c6ed7 1620 socket_run_next(s, success);
acbb0225 1621 } else {
a16e1123
LP		 1622 s->control_command = NULL;
1623 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1624
034c6ed7
LP		 1625 /* No further commands for this step, so let's figure
1626 * out what to do next */
5cb5a6ff 1627
a16e1123 1628 log_debug("%s got final SIGCHLD for state %s", u->meta.id, socket_state_to_string(s->state));
acbb0225 1629
034c6ed7
LP		 1630 switch (s->state) {
1631
1632 case SOCKET_START_PRE:
1633 if (success)
acbb0225 1634 socket_enter_start_post(s);
034c6ed7 1635 else
80876c20 1636 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, false);
034c6ed7
LP		 1637 break;
1638
1639 case SOCKET_START_POST:
1640 if (success)
e9af15c3 1641 socket_enter_listening(s);
034c6ed7
LP		 1642 else
1643 socket_enter_stop_pre(s, false);
1644 break;
1645
1646 case SOCKET_STOP_PRE:
1647 case SOCKET_STOP_PRE_SIGTERM:
1648 case SOCKET_STOP_PRE_SIGKILL:
1649 socket_enter_stop_post(s, success);
1650 break;
1651
1652 case SOCKET_STOP_POST:
80876c20
LP		 1653 case SOCKET_FINAL_SIGTERM:
1654 case SOCKET_FINAL_SIGKILL:
034c6ed7
LP		 1655 socket_enter_dead(s, success);
1656 break;
1657
1658 default:
1659 assert_not_reached("Uh, control process died at wrong time.");
1660 }
1661 }
1662}
5cb5a6ff 1663
acbb0225 1664static void socket_timer_event(Unit *u, uint64_t elapsed, Watch *w) {
87f0e418 1665 Socket *s = SOCKET(u);
5cb5a6ff 1666
034c6ed7
LP		 1667 assert(s);
1668 assert(elapsed == 1);
acbb0225 1669 assert(w == &s->timer_watch);
034c6ed7
LP		 1670
1671 switch (s->state) {
1672
1673 case SOCKET_START_PRE:
9e2f7c11 1674 log_warning("%s starting timed out. Terminating.", u->meta.id);
80876c20
LP		 1675 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, false);
1676
034c6ed7 1677 case SOCKET_START_POST:
9e2f7c11 1678 log_warning("%s starting timed out. Stopping.", u->meta.id);
034c6ed7
LP		 1679 socket_enter_stop_pre(s, false);
1680 break;
1681
1682 case SOCKET_STOP_PRE:
9e2f7c11 1683 log_warning("%s stopping timed out. Terminating.", u->meta.id);
034c6ed7
LP		 1684 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, false);
1685 break;
1686
1687 case SOCKET_STOP_PRE_SIGTERM:
9e2f7c11 1688 log_warning("%s stopping timed out. Killing.", u->meta.id);
034c6ed7
LP		 1689 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, false);
1690 break;
1691
1692 case SOCKET_STOP_PRE_SIGKILL:
9e2f7c11 1693 log_warning("%s still around after SIGKILL. Ignoring.", u->meta.id);
034c6ed7
LP		 1694 socket_enter_stop_post(s, false);
1695 break;
1696
1697 case SOCKET_STOP_POST:
9e2f7c11 1698 log_warning("%s stopping timed out (2). Terminating.", u->meta.id);
80876c20 1699 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, false);
034c6ed7
LP		 1700 break;
1701
80876c20 1702 case SOCKET_FINAL_SIGTERM:
9e2f7c11 1703 log_warning("%s stopping timed out (2). Killing.", u->meta.id);
80876c20 1704 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, false);
034c6ed7
LP		 1705 break;
1706
80876c20 1707 case SOCKET_FINAL_SIGKILL:
18c78fb1 1708 log_warning("%s still around after SIGKILL (2). Entering maintenance mode.", u->meta.id);
034c6ed7
LP		 1709 socket_enter_dead(s, false);
1710 break;
1711
1712 default:
1713 assert_not_reached("Timeout at wrong time.");
1714 }
5cb5a6ff
LP		 1715}
1716
44d8db9e
LP		 1717int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
1718 int *rfds;
1719 unsigned rn_fds, k;
1720 SocketPort *p;
1721
1722 assert(s);
1723 assert(fds);
1724 assert(n_fds);
1725
1726 /* Called from the service code for requesting our fds */
1727
1728 rn_fds = 0;
1729 LIST_FOREACH(port, p, s->ports)
1730 if (p->fd >= 0)
1731 rn_fds++;
1732
1733 if (!(rfds = new(int, rn_fds)) < 0)
1734 return -ENOMEM;
1735
1736 k = 0;
1737 LIST_FOREACH(port, p, s->ports)
1738 if (p->fd >= 0)
1739 rfds[k++] = p->fd;
1740
1741 assert(k == rn_fds);
1742
1743 *fds = rfds;
1744 *n_fds = rn_fds;
1745
1746 return 0;
1747}
1748
ceee3d82
LP		 1749void socket_notify_service_dead(Socket *s) {
1750 assert(s);
1751
6cf6bbc2
LP		 1752 /* The service is dead. Dang!
1753 *
1754 * This is strictly for one-instance-for-all-connections
1755 * services. */
ceee3d82
LP		 1756
1757 if (s->state == SOCKET_RUNNING) {
9e2f7c11 1758 log_debug("%s got notified about service death.", s->meta.id);
ceee3d82
LP		 1759 socket_enter_listening(s);
1760 }
1761}
1762
6cf6bbc2
LP		 1763void socket_connection_unref(Socket *s) {
1764 assert(s);
1765
1766 /* The service is dead. Yay!
1767 *
1768 * This is strictly for one-onstance-per-connection
1769 * services. */
1770
1771 assert(s->n_connections > 0);
1772 s->n_connections--;
1773
1774 log_debug("%s: One connection closed, %u left.", s->meta.id, s->n_connections);
1775}
1776
5632e374
LP		 1777static void socket_reset_maintenance(Unit *u) {
1778 Socket *s = SOCKET(u);
1779
1780 assert(s);
1781
1782 if (s->state == SOCKET_MAINTENANCE)
1783 socket_set_state(s, SOCKET_DEAD);
1784
1785 s->failure = false;
1786}
1787
a16e1123
LP		 1788static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
1789 [SOCKET_DEAD] = "dead",
1790 [SOCKET_START_PRE] = "start-pre",
1791 [SOCKET_START_POST] = "start-post",
1792 [SOCKET_LISTENING] = "listening",
1793 [SOCKET_RUNNING] = "running",
1794 [SOCKET_STOP_PRE] = "stop-pre",
1795 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
1796 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
1797 [SOCKET_STOP_POST] = "stop-post",
1798 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
1799 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
18c78fb1 1800 [SOCKET_MAINTENANCE] = "maintenance"
a16e1123
LP		 1801};
1802
1803DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
1804
1805static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
1806 [SOCKET_EXEC_START_PRE] = "StartPre",
1807 [SOCKET_EXEC_START_POST] = "StartPost",
1808 [SOCKET_EXEC_STOP_PRE] = "StopPre",
1809 [SOCKET_EXEC_STOP_POST] = "StopPost"
1810};
1811
1812DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
1813
87f0e418 1814const UnitVTable socket_vtable = {
5cb5a6ff
LP		 1815 .suffix = ".socket",
1816
034c6ed7
LP		 1817 .init = socket_init,
1818 .done = socket_done,
a16e1123
LP		 1819 .load = socket_load,
1820
1821 .coldplug = socket_coldplug,
034c6ed7 1822
5cb5a6ff
LP		 1823 .dump = socket_dump,
1824
542563ba
LP		 1825 .start = socket_start,
1826 .stop = socket_stop,
5cb5a6ff 1827
a16e1123
LP		 1828 .serialize = socket_serialize,
1829 .deserialize_item = socket_deserialize_item,
1830
5cb5a6ff 1831 .active_state = socket_active_state,
10a94420 1832 .sub_state_to_string = socket_sub_state_to_string,
5cb5a6ff 1833
6cf6bbc2
LP		 1834 .check_gc = socket_check_gc,
1835
9152c765 1836 .fd_event = socket_fd_event,
034c6ed7 1837 .sigchld_event = socket_sigchld_event,
4139c1b2
LP		 1838 .timer_event = socket_timer_event,
1839
5632e374
LP		 1840 .reset_maintenance = socket_reset_maintenance,
1841
4139c1b2 1842 .bus_message_handler = bus_socket_message_handler
5cb5a6ff 1843};
Unnamed repository; edit this file 'description' to name the repository.