]> git.ipfire.org Git - thirdparty/systemd.git/blame_incremental - src/core/socket.c
projects / thirdparty / systemd.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Merge pull request #1920 from teg/networkd-fixes
[thirdparty/systemd.git] / src / core / socket.c
... / ...
CommitLineData
1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
22#include <arpa/inet.h>
23#include <errno.h>
24#include <fcntl.h>
25#include <mqueue.h>
26#include <netinet/tcp.h>
27#include <signal.h>
28#include <sys/epoll.h>
29#include <sys/stat.h>
30#include <unistd.h>
31
32#include "sd-event.h"
33
34#include "alloc-util.h"
35#include "bus-error.h"
36#include "bus-util.h"
37#include "copy.h"
38#include "dbus-socket.h"
39#include "def.h"
40#include "exit-status.h"
41#include "fd-util.h"
42#include "formats-util.h"
43#include "label.h"
44#include "log.h"
45#include "missing.h"
46#include "mkdir.h"
47#include "parse-util.h"
48#include "path-util.h"
49#include "process-util.h"
50#include "selinux-util.h"
51#include "signal-util.h"
52#include "smack-util.h"
53#include "socket.h"
54#include "special.h"
55#include "string-table.h"
56#include "string-util.h"
57#include "strv.h"
58#include "unit-name.h"
59#include "unit-printf.h"
60#include "unit.h"
61#include "user-util.h"
62
63static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
64 [SOCKET_DEAD] = UNIT_INACTIVE,
65 [SOCKET_START_PRE] = UNIT_ACTIVATING,
66 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
67 [SOCKET_START_POST] = UNIT_ACTIVATING,
68 [SOCKET_LISTENING] = UNIT_ACTIVE,
69 [SOCKET_RUNNING] = UNIT_ACTIVE,
70 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
71 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
72 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
73 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
74 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
75 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
76 [SOCKET_FAILED] = UNIT_FAILED
77};
78
79static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
80static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
81
82static void socket_init(Unit *u) {
83 Socket *s = SOCKET(u);
84
85 assert(u);
86 assert(u->load_state == UNIT_STUB);
87
88 s->backlog = SOMAXCONN;
89 s->timeout_usec = u->manager->default_timeout_start_usec;
90 s->directory_mode = 0755;
91 s->socket_mode = 0666;
92
93 s->max_connections = 64;
94
95 s->priority = -1;
96 s->ip_tos = -1;
97 s->ip_ttl = -1;
98 s->mark = -1;
99
100 s->exec_context.std_output = u->manager->default_std_output;
101 s->exec_context.std_error = u->manager->default_std_error;
102
103 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
104}
105
106static void socket_unwatch_control_pid(Socket *s) {
107 assert(s);
108
109 if (s->control_pid <= 0)
110 return;
111
112 unit_unwatch_pid(UNIT(s), s->control_pid);
113 s->control_pid = 0;
114}
115
116static void socket_cleanup_fd_list(SocketPort *p) {
117 assert(p);
118
119 close_many(p->auxiliary_fds, p->n_auxiliary_fds);
120 p->auxiliary_fds = mfree(p->auxiliary_fds);
121 p->n_auxiliary_fds = 0;
122}
123
124void socket_free_ports(Socket *s) {
125 SocketPort *p;
126
127 assert(s);
128
129 while ((p = s->ports)) {
130 LIST_REMOVE(port, s->ports, p);
131
132 sd_event_source_unref(p->event_source);
133
134 socket_cleanup_fd_list(p);
135 safe_close(p->fd);
136 free(p->path);
137 free(p);
138 }
139}
140
141static void socket_done(Unit *u) {
142 Socket *s = SOCKET(u);
143
144 assert(s);
145
146 socket_free_ports(s);
147
148 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
149 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
150 s->control_command = NULL;
151
152 socket_unwatch_control_pid(s);
153
154 unit_ref_unset(&s->service);
155
156 s->tcp_congestion = mfree(s->tcp_congestion);
157 s->bind_to_device = mfree(s->bind_to_device);
158
159 free(s->smack);
160 free(s->smack_ip_in);
161 free(s->smack_ip_out);
162
163 strv_free(s->symlinks);
164
165 free(s->user);
166 free(s->group);
167
168 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
169}
170
171static int socket_arm_timer(Socket *s) {
172 int r;
173
174 assert(s);
175
176 if (s->timeout_usec <= 0) {
177 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
178 return 0;
179 }
180
181 if (s->timer_event_source) {
182 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
183 if (r < 0)
184 return r;
185
186 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
187 }
188
189 r = sd_event_add_time(
190 UNIT(s)->manager->event,
191 &s->timer_event_source,
192 CLOCK_MONOTONIC,
193 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
194 socket_dispatch_timer, s);
195 if (r < 0)
196 return r;
197
198 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
199
200 return 0;
201}
202
203int socket_instantiate_service(Socket *s) {
204 _cleanup_free_ char *prefix = NULL, *name = NULL;
205 int r;
206 Unit *u;
207
208 assert(s);
209
210 /* This fills in s->service if it isn't filled in yet. For
211 * Accept=yes sockets we create the next connection service
212 * here. For Accept=no this is mostly a NOP since the service
213 * is figured out at load time anyway. */
214
215 if (UNIT_DEREF(s->service))
216 return 0;
217
218 if (!s->accept)
219 return 0;
220
221 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
222 if (r < 0)
223 return r;
224
225 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
226 return -ENOMEM;
227
228 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
229 if (r < 0)
230 return r;
231
232 u->no_gc = true;
233 unit_ref_set(&s->service, u);
234
235 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
236}
237
238static bool have_non_accept_socket(Socket *s) {
239 SocketPort *p;
240
241 assert(s);
242
243 if (!s->accept)
244 return true;
245
246 LIST_FOREACH(port, p, s->ports) {
247
248 if (p->type != SOCKET_SOCKET)
249 return true;
250
251 if (!socket_address_can_accept(&p->address))
252 return true;
253 }
254
255 return false;
256}
257
258static int socket_add_mount_links(Socket *s) {
259 SocketPort *p;
260 int r;
261
262 assert(s);
263
264 LIST_FOREACH(port, p, s->ports) {
265 const char *path = NULL;
266
267 if (p->type == SOCKET_SOCKET)
268 path = socket_address_get_path(&p->address);
269 else if (IN_SET(p->type, SOCKET_FIFO, SOCKET_SPECIAL, SOCKET_USB_FUNCTION))
270 path = p->path;
271
272 if (!path)
273 continue;
274
275 r = unit_require_mounts_for(UNIT(s), path);
276 if (r < 0)
277 return r;
278 }
279
280 return 0;
281}
282
283static int socket_add_device_link(Socket *s) {
284 char *t;
285
286 assert(s);
287
288 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
289 return 0;
290
291 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
292 return unit_add_node_link(UNIT(s), t, false);
293}
294
295static int socket_add_default_dependencies(Socket *s) {
296 int r;
297 assert(s);
298
299 if (!UNIT(s)->default_dependencies)
300 return 0;
301
302 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
303 if (r < 0)
304 return r;
305
306 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
307 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
308 if (r < 0)
309 return r;
310 }
311
312 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
313}
314
315_pure_ static bool socket_has_exec(Socket *s) {
316 unsigned i;
317 assert(s);
318
319 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
320 if (s->exec_command[i])
321 return true;
322
323 return false;
324}
325
326static int socket_add_extras(Socket *s) {
327 Unit *u = UNIT(s);
328 int r;
329
330 assert(s);
331
332 if (have_non_accept_socket(s)) {
333
334 if (!UNIT_DEREF(s->service)) {
335 Unit *x;
336
337 r = unit_load_related_unit(u, ".service", &x);
338 if (r < 0)
339 return r;
340
341 unit_ref_set(&s->service, x);
342 }
343
344 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
345 if (r < 0)
346 return r;
347 }
348
349 r = socket_add_mount_links(s);
350 if (r < 0)
351 return r;
352
353 r = socket_add_device_link(s);
354 if (r < 0)
355 return r;
356
357 r = unit_patch_contexts(u);
358 if (r < 0)
359 return r;
360
361 if (socket_has_exec(s)) {
362 r = unit_add_exec_dependencies(u, &s->exec_context);
363 if (r < 0)
364 return r;
365
366 r = unit_set_default_slice(u);
367 if (r < 0)
368 return r;
369 }
370
371 r = socket_add_default_dependencies(s);
372 if (r < 0)
373 return r;
374
375 return 0;
376}
377
378static const char *socket_find_symlink_target(Socket *s) {
379 const char *found = NULL;
380 SocketPort *p;
381
382 LIST_FOREACH(port, p, s->ports) {
383 const char *f = NULL;
384
385 switch (p->type) {
386
387 case SOCKET_FIFO:
388 f = p->path;
389 break;
390
391 case SOCKET_SOCKET:
392 if (p->address.sockaddr.un.sun_path[0] != 0)
393 f = p->address.sockaddr.un.sun_path;
394 break;
395
396 default:
397 break;
398 }
399
400 if (f) {
401 if (found)
402 return NULL;
403
404 found = f;
405 }
406 }
407
408 return found;
409}
410
411static int socket_verify(Socket *s) {
412 assert(s);
413
414 if (UNIT(s)->load_state != UNIT_LOADED)
415 return 0;
416
417 if (!s->ports) {
418 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
419 return -EINVAL;
420 }
421
422 if (s->accept && have_non_accept_socket(s)) {
423 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
424 return -EINVAL;
425 }
426
427 if (s->accept && s->max_connections <= 0) {
428 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
429 return -EINVAL;
430 }
431
432 if (s->accept && UNIT_DEREF(s->service)) {
433 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
434 return -EINVAL;
435 }
436
437 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
438 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
439 return -EINVAL;
440 }
441
442 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
443 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
444 return -EINVAL;
445 }
446
447 return 0;
448}
449
450static int socket_load(Unit *u) {
451 Socket *s = SOCKET(u);
452 int r;
453
454 assert(u);
455 assert(u->load_state == UNIT_STUB);
456
457 r = unit_load_fragment_and_dropin(u);
458 if (r < 0)
459 return r;
460
461 if (u->load_state == UNIT_LOADED) {
462 /* This is a new unit? Then let's add in some extras */
463 r = socket_add_extras(s);
464 if (r < 0)
465 return r;
466 }
467
468 return socket_verify(s);
469}
470
471_const_ static const char* listen_lookup(int family, int type) {
472
473 if (family == AF_NETLINK)
474 return "ListenNetlink";
475
476 if (type == SOCK_STREAM)
477 return "ListenStream";
478 else if (type == SOCK_DGRAM)
479 return "ListenDatagram";
480 else if (type == SOCK_SEQPACKET)
481 return "ListenSequentialPacket";
482
483 assert_not_reached("Unknown socket type");
484 return NULL;
485}
486
487static void socket_dump(Unit *u, FILE *f, const char *prefix) {
488 char time_string[FORMAT_TIMESPAN_MAX];
489 SocketExecCommand c;
490 Socket *s = SOCKET(u);
491 SocketPort *p;
492 const char *prefix2;
493
494 assert(s);
495 assert(f);
496
497 prefix = strempty(prefix);
498 prefix2 = strjoina(prefix, "\t");
499
500 fprintf(f,
501 "%sSocket State: %s\n"
502 "%sResult: %s\n"
503 "%sBindIPv6Only: %s\n"
504 "%sBacklog: %u\n"
505 "%sSocketMode: %04o\n"
506 "%sDirectoryMode: %04o\n"
507 "%sKeepAlive: %s\n"
508 "%sNoDelay: %s\n"
509 "%sFreeBind: %s\n"
510 "%sTransparent: %s\n"
511 "%sBroadcast: %s\n"
512 "%sPassCredentials: %s\n"
513 "%sPassSecurity: %s\n"
514 "%sTCPCongestion: %s\n"
515 "%sRemoveOnStop: %s\n"
516 "%sWritable: %s\n"
517 "%sFDName: %s\n"
518 "%sSELinuxContextFromNet: %s\n",
519 prefix, socket_state_to_string(s->state),
520 prefix, socket_result_to_string(s->result),
521 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
522 prefix, s->backlog,
523 prefix, s->socket_mode,
524 prefix, s->directory_mode,
525 prefix, yes_no(s->keep_alive),
526 prefix, yes_no(s->no_delay),
527 prefix, yes_no(s->free_bind),
528 prefix, yes_no(s->transparent),
529 prefix, yes_no(s->broadcast),
530 prefix, yes_no(s->pass_cred),
531 prefix, yes_no(s->pass_sec),
532 prefix, strna(s->tcp_congestion),
533 prefix, yes_no(s->remove_on_stop),
534 prefix, yes_no(s->writable),
535 prefix, socket_fdname(s),
536 prefix, yes_no(s->selinux_context_from_net));
537
538 if (s->control_pid > 0)
539 fprintf(f,
540 "%sControl PID: "PID_FMT"\n",
541 prefix, s->control_pid);
542
543 if (s->bind_to_device)
544 fprintf(f,
545 "%sBindToDevice: %s\n",
546 prefix, s->bind_to_device);
547
548 if (s->accept)
549 fprintf(f,
550 "%sAccepted: %u\n"
551 "%sNConnections: %u\n"
552 "%sMaxConnections: %u\n",
553 prefix, s->n_accepted,
554 prefix, s->n_connections,
555 prefix, s->max_connections);
556
557 if (s->priority >= 0)
558 fprintf(f,
559 "%sPriority: %i\n",
560 prefix, s->priority);
561
562 if (s->receive_buffer > 0)
563 fprintf(f,
564 "%sReceiveBuffer: %zu\n",
565 prefix, s->receive_buffer);
566
567 if (s->send_buffer > 0)
568 fprintf(f,
569 "%sSendBuffer: %zu\n",
570 prefix, s->send_buffer);
571
572 if (s->ip_tos >= 0)
573 fprintf(f,
574 "%sIPTOS: %i\n",
575 prefix, s->ip_tos);
576
577 if (s->ip_ttl >= 0)
578 fprintf(f,
579 "%sIPTTL: %i\n",
580 prefix, s->ip_ttl);
581
582 if (s->pipe_size > 0)
583 fprintf(f,
584 "%sPipeSize: %zu\n",
585 prefix, s->pipe_size);
586
587 if (s->mark >= 0)
588 fprintf(f,
589 "%sMark: %i\n",
590 prefix, s->mark);
591
592 if (s->mq_maxmsg > 0)
593 fprintf(f,
594 "%sMessageQueueMaxMessages: %li\n",
595 prefix, s->mq_maxmsg);
596
597 if (s->mq_msgsize > 0)
598 fprintf(f,
599 "%sMessageQueueMessageSize: %li\n",
600 prefix, s->mq_msgsize);
601
602 if (s->reuse_port)
603 fprintf(f,
604 "%sReusePort: %s\n",
605 prefix, yes_no(s->reuse_port));
606
607 if (s->smack)
608 fprintf(f,
609 "%sSmackLabel: %s\n",
610 prefix, s->smack);
611
612 if (s->smack_ip_in)
613 fprintf(f,
614 "%sSmackLabelIPIn: %s\n",
615 prefix, s->smack_ip_in);
616
617 if (s->smack_ip_out)
618 fprintf(f,
619 "%sSmackLabelIPOut: %s\n",
620 prefix, s->smack_ip_out);
621
622 if (!isempty(s->user) || !isempty(s->group))
623 fprintf(f,
624 "%sOwnerUser: %s\n"
625 "%sOwnerGroup: %s\n",
626 prefix, strna(s->user),
627 prefix, strna(s->group));
628
629 if (s->keep_alive_time > 0)
630 fprintf(f,
631 "%sKeepAliveTimeSec: %s\n",
632 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
633
634 if (s->keep_alive_interval)
635 fprintf(f,
636 "%sKeepAliveIntervalSec: %s\n",
637 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
638
639 if (s->keep_alive_cnt)
640 fprintf(f,
641 "%sKeepAliveProbes: %u\n",
642 prefix, s->keep_alive_cnt);
643
644 if (s->defer_accept)
645 fprintf(f,
646 "%sDeferAcceptSec: %s\n",
647 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
648
649 LIST_FOREACH(port, p, s->ports) {
650
651 if (p->type == SOCKET_SOCKET) {
652 const char *t;
653 int r;
654 char *k = NULL;
655
656 r = socket_address_print(&p->address, &k);
657 if (r < 0)
658 t = strerror(-r);
659 else
660 t = k;
661
662 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
663 free(k);
664 } else if (p->type == SOCKET_SPECIAL)
665 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
666 else if (p->type == SOCKET_USB_FUNCTION)
667 fprintf(f, "%sListenUSBFunction: %s\n", prefix, p->path);
668 else if (p->type == SOCKET_MQUEUE)
669 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
670 else
671 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
672 }
673
674 exec_context_dump(&s->exec_context, f, prefix);
675 kill_context_dump(&s->kill_context, f, prefix);
676
677 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
678 if (!s->exec_command[c])
679 continue;
680
681 fprintf(f, "%s-> %s:\n",
682 prefix, socket_exec_command_to_string(c));
683
684 exec_command_dump_list(s->exec_command[c], f, prefix2);
685 }
686}
687
688static int instance_from_socket(int fd, unsigned nr, char **instance) {
689 socklen_t l;
690 char *r;
691 union sockaddr_union local, remote;
692
693 assert(fd >= 0);
694 assert(instance);
695
696 l = sizeof(local);
697 if (getsockname(fd, &local.sa, &l) < 0)
698 return -errno;
699
700 l = sizeof(remote);
701 if (getpeername(fd, &remote.sa, &l) < 0)
702 return -errno;
703
704 switch (local.sa.sa_family) {
705
706 case AF_INET: {
707 uint32_t
708 a = ntohl(local.in.sin_addr.s_addr),
709 b = ntohl(remote.in.sin_addr.s_addr);
710
711 if (asprintf(&r,
712 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
713 nr,
714 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
715 ntohs(local.in.sin_port),
716 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
717 ntohs(remote.in.sin_port)) < 0)
718 return -ENOMEM;
719
720 break;
721 }
722
723 case AF_INET6: {
724 static const unsigned char ipv4_prefix[] = {
725 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
726 };
727
728 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
729 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
730 const uint8_t
731 *a = local.in6.sin6_addr.s6_addr+12,
732 *b = remote.in6.sin6_addr.s6_addr+12;
733
734 if (asprintf(&r,
735 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
736 nr,
737 a[0], a[1], a[2], a[3],
738 ntohs(local.in6.sin6_port),
739 b[0], b[1], b[2], b[3],
740 ntohs(remote.in6.sin6_port)) < 0)
741 return -ENOMEM;
742 } else {
743 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
744
745 if (asprintf(&r,
746 "%u-%s:%u-%s:%u",
747 nr,
748 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
749 ntohs(local.in6.sin6_port),
750 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
751 ntohs(remote.in6.sin6_port)) < 0)
752 return -ENOMEM;
753 }
754
755 break;
756 }
757
758 case AF_UNIX: {
759 struct ucred ucred;
760 int k;
761
762 k = getpeercred(fd, &ucred);
763 if (k >= 0) {
764 if (asprintf(&r,
765 "%u-"PID_FMT"-"UID_FMT,
766 nr, ucred.pid, ucred.uid) < 0)
767 return -ENOMEM;
768 } else if (k == -ENODATA) {
769 /* This handles the case where somebody is
770 * connecting from another pid/uid namespace
771 * (e.g. from outside of our container). */
772 if (asprintf(&r,
773 "%u-unknown",
774 nr) < 0)
775 return -ENOMEM;
776 } else
777 return k;
778
779 break;
780 }
781
782 default:
783 assert_not_reached("Unhandled socket type.");
784 }
785
786 *instance = r;
787 return 0;
788}
789
790static void socket_close_fds(Socket *s) {
791 SocketPort *p;
792 char **i;
793
794 assert(s);
795
796 LIST_FOREACH(port, p, s->ports) {
797
798 p->event_source = sd_event_source_unref(p->event_source);
799
800 if (p->fd < 0)
801 continue;
802
803 p->fd = safe_close(p->fd);
804 socket_cleanup_fd_list(p);
805
806 /* One little note: we should normally not delete any
807 * sockets in the file system here! After all some
808 * other process we spawned might still have a
809 * reference of this fd and wants to continue to use
810 * it. Therefore we delete sockets in the file system
811 * before we create a new one, not after we stopped
812 * using one! */
813
814 if (s->remove_on_stop) {
815 switch (p->type) {
816
817 case SOCKET_FIFO:
818 unlink(p->path);
819 break;
820
821 case SOCKET_MQUEUE:
822 mq_unlink(p->path);
823 break;
824
825 case SOCKET_SOCKET:
826 socket_address_unlink(&p->address);
827 break;
828
829 default:
830 break;
831 }
832 }
833 }
834
835 if (s->remove_on_stop)
836 STRV_FOREACH(i, s->symlinks)
837 unlink(*i);
838}
839
840static void socket_apply_socket_options(Socket *s, int fd) {
841 int r;
842
843 assert(s);
844 assert(fd >= 0);
845
846 if (s->keep_alive) {
847 int b = s->keep_alive;
848 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
849 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
850 }
851
852 if (s->keep_alive_time) {
853 int value = s->keep_alive_time / USEC_PER_SEC;
854 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
855 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
856 }
857
858 if (s->keep_alive_interval) {
859 int value = s->keep_alive_interval / USEC_PER_SEC;
860 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
861 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
862 }
863
864 if (s->keep_alive_cnt) {
865 int value = s->keep_alive_cnt;
866 if (setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &value, sizeof(value)) < 0)
867 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
868 }
869
870 if (s->defer_accept) {
871 int value = s->defer_accept / USEC_PER_SEC;
872 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
873 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
874 }
875
876 if (s->no_delay) {
877 int b = s->no_delay;
878 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
879 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
880 }
881
882 if (s->broadcast) {
883 int one = 1;
884 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
885 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
886 }
887
888 if (s->pass_cred) {
889 int one = 1;
890 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
891 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
892 }
893
894 if (s->pass_sec) {
895 int one = 1;
896 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
897 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
898 }
899
900 if (s->priority >= 0)
901 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
902 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
903
904 if (s->receive_buffer > 0) {
905 int value = (int) s->receive_buffer;
906
907 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
908
909 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
910 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
911 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
912 }
913
914 if (s->send_buffer > 0) {
915 int value = (int) s->send_buffer;
916 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
917 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
918 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
919 }
920
921 if (s->mark >= 0)
922 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
923 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
924
925 if (s->ip_tos >= 0)
926 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
927 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
928
929 if (s->ip_ttl >= 0) {
930 int x;
931
932 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
933
934 if (socket_ipv6_is_supported())
935 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
936 else {
937 x = -1;
938 errno = EAFNOSUPPORT;
939 }
940
941 if (r < 0 && x < 0)
942 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
943 }
944
945 if (s->tcp_congestion)
946 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
947 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
948
949 if (s->smack_ip_in) {
950 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
951 if (r < 0)
952 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
953 }
954
955 if (s->smack_ip_out) {
956 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
957 if (r < 0)
958 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
959 }
960}
961
962static void socket_apply_fifo_options(Socket *s, int fd) {
963 int r;
964
965 assert(s);
966 assert(fd >= 0);
967
968 if (s->pipe_size > 0)
969 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
970 log_unit_warning_errno(UNIT(s), errno, "Setting pipe size failed, ignoring: %m");
971
972 if (s->smack) {
973 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
974 if (r < 0)
975 log_unit_error_errno(UNIT(s), r, "SMACK relabelling failed, ignoring: %m");
976 }
977}
978
979static int fifo_address_create(
980 const char *path,
981 mode_t directory_mode,
982 mode_t socket_mode) {
983
984 _cleanup_close_ int fd = -1;
985 mode_t old_mask;
986 struct stat st;
987 int r;
988
989 assert(path);
990
991 mkdir_parents_label(path, directory_mode);
992
993 r = mac_selinux_create_file_prepare(path, S_IFIFO);
994 if (r < 0)
995 return r;
996
997 /* Enforce the right access mode for the fifo */
998 old_mask = umask(~ socket_mode);
999
1000 /* Include the original umask in our mask */
1001 (void) umask(~socket_mode | old_mask);
1002
1003 r = mkfifo(path, socket_mode);
1004 (void) umask(old_mask);
1005
1006 if (r < 0 && errno != EEXIST) {
1007 r = -errno;
1008 goto fail;
1009 }
1010
1011 fd = open(path, O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
1012 if (fd < 0) {
1013 r = -errno;
1014 goto fail;
1015 }
1016
1017 mac_selinux_create_file_clear();
1018
1019 if (fstat(fd, &st) < 0) {
1020 r = -errno;
1021 goto fail;
1022 }
1023
1024 if (!S_ISFIFO(st.st_mode) ||
1025 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1026 st.st_uid != getuid() ||
1027 st.st_gid != getgid()) {
1028 r = -EEXIST;
1029 goto fail;
1030 }
1031
1032 r = fd;
1033 fd = -1;
1034
1035 return r;
1036
1037fail:
1038 mac_selinux_create_file_clear();
1039 return r;
1040}
1041
1042static int special_address_create(const char *path, bool writable) {
1043 _cleanup_close_ int fd = -1;
1044 struct stat st;
1045 int r;
1046
1047 assert(path);
1048
1049 fd = open(path, (writable ? O_RDWR : O_RDONLY)|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1050 if (fd < 0)
1051 return -errno;
1052
1053 if (fstat(fd, &st) < 0)
1054 return -errno;
1055
1056 /* Check whether this is a /proc, /sys or /dev file or char device */
1057 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode))
1058 return -EEXIST;
1059
1060 r = fd;
1061 fd = -1;
1062
1063 return r;
1064}
1065
1066static int usbffs_address_create(const char *path) {
1067 _cleanup_close_ int fd = -1;
1068 struct stat st;
1069 int r;
1070
1071 assert(path);
1072
1073 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1074 if (fd < 0)
1075 return -errno;
1076
1077 if (fstat(fd, &st) < 0)
1078 return -errno;
1079
1080 /* Check whether this is a regular file (ffs endpoint)*/
1081 if (!S_ISREG(st.st_mode))
1082 return -EEXIST;
1083
1084 r = fd;
1085 fd = -1;
1086
1087 return r;
1088}
1089
1090static int mq_address_create(
1091 const char *path,
1092 mode_t mq_mode,
1093 long maxmsg,
1094 long msgsize) {
1095
1096 _cleanup_close_ int fd = -1;
1097 struct stat st;
1098 mode_t old_mask;
1099 struct mq_attr _attr, *attr = NULL;
1100 int r;
1101
1102 assert(path);
1103
1104 if (maxmsg > 0 && msgsize > 0) {
1105 _attr = (struct mq_attr) {
1106 .mq_flags = O_NONBLOCK,
1107 .mq_maxmsg = maxmsg,
1108 .mq_msgsize = msgsize,
1109 };
1110 attr = &_attr;
1111 }
1112
1113 /* Enforce the right access mode for the mq */
1114 old_mask = umask(~ mq_mode);
1115
1116 /* Include the original umask in our mask */
1117 (void) umask(~mq_mode | old_mask);
1118 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1119 (void) umask(old_mask);
1120
1121 if (fd < 0)
1122 return -errno;
1123
1124 if (fstat(fd, &st) < 0)
1125 return -errno;
1126
1127 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1128 st.st_uid != getuid() ||
1129 st.st_gid != getgid())
1130 return -EEXIST;
1131
1132 r = fd;
1133 fd = -1;
1134
1135 return r;
1136}
1137
1138static int socket_symlink(Socket *s) {
1139 const char *p;
1140 char **i;
1141
1142 assert(s);
1143
1144 p = socket_find_symlink_target(s);
1145 if (!p)
1146 return 0;
1147
1148 STRV_FOREACH(i, s->symlinks)
1149 symlink_label(p, *i);
1150
1151 return 0;
1152}
1153
1154static int usbffs_write_descs(int fd, Service *s) {
1155 int r;
1156
1157 if (!s->usb_function_descriptors || !s->usb_function_strings)
1158 return -EINVAL;
1159
1160 r = copy_file_fd(s->usb_function_descriptors, fd, false);
1161 if (r < 0)
1162 return r;
1163
1164 return copy_file_fd(s->usb_function_strings, fd, false);
1165}
1166
1167static int usbffs_select_ep(const struct dirent *d) {
1168 return d->d_name[0] != '.' && !streq(d->d_name, "ep0");
1169}
1170
1171static int usbffs_dispatch_eps(SocketPort *p) {
1172 _cleanup_free_ struct dirent **ent = NULL;
1173 _cleanup_free_ char *path = NULL;
1174 int r, i, n, k;
1175
1176 path = dirname_malloc(p->path);
1177 if (!path)
1178 return -ENOMEM;
1179
1180 r = scandir(path, &ent, usbffs_select_ep, alphasort);
1181 if (r < 0)
1182 return -errno;
1183
1184 n = r;
1185 p->auxiliary_fds = new(int, n);
1186 if (!p->auxiliary_fds)
1187 return -ENOMEM;
1188
1189 p->n_auxiliary_fds = n;
1190
1191 k = 0;
1192 for (i = 0; i < n; ++i) {
1193 _cleanup_free_ char *ep = NULL;
1194
1195 ep = path_make_absolute(ent[i]->d_name, path);
1196 if (!ep)
1197 return -ENOMEM;
1198
1199 path_kill_slashes(ep);
1200
1201 r = usbffs_address_create(ep);
1202 if (r < 0)
1203 goto fail;
1204
1205 p->auxiliary_fds[k] = r;
1206
1207 ++k;
1208 free(ent[i]);
1209 }
1210
1211 return r;
1212
1213fail:
1214 close_many(p->auxiliary_fds, k);
1215 p->auxiliary_fds = mfree(p->auxiliary_fds);
1216 p->n_auxiliary_fds = 0;
1217
1218 return r;
1219}
1220
1221static int socket_open_fds(Socket *s) {
1222 _cleanup_(mac_selinux_freep) char *label = NULL;
1223 bool know_label = false;
1224 SocketPort *p;
1225 int r;
1226
1227 assert(s);
1228
1229 LIST_FOREACH(port, p, s->ports) {
1230
1231 if (p->fd >= 0)
1232 continue;
1233
1234 switch (p->type) {
1235
1236 case SOCKET_SOCKET:
1237
1238 if (!know_label) {
1239 /* Figure out label, if we don't it know
1240 * yet. We do it once, for the first
1241 * socket where we need this and
1242 * remember it for the rest. */
1243
1244 if (s->selinux_context_from_net) {
1245 /* Get it from the network label */
1246
1247 r = mac_selinux_get_our_label(&label);
1248 if (r < 0 && r != -EOPNOTSUPP)
1249 goto rollback;
1250
1251 } else {
1252 /* Get it from the executable we are about to start */
1253
1254 r = socket_instantiate_service(s);
1255 if (r < 0)
1256 goto rollback;
1257
1258 if (UNIT_ISSET(s->service) &&
1259 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1260 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1261 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1262 goto rollback;
1263 }
1264 }
1265
1266 know_label = true;
1267 }
1268
1269 r = socket_address_listen(
1270 &p->address,
1271 SOCK_CLOEXEC|SOCK_NONBLOCK,
1272 s->backlog,
1273 s->bind_ipv6_only,
1274 s->bind_to_device,
1275 s->reuse_port,
1276 s->free_bind,
1277 s->transparent,
1278 s->directory_mode,
1279 s->socket_mode,
1280 label);
1281 if (r < 0)
1282 goto rollback;
1283
1284 p->fd = r;
1285 socket_apply_socket_options(s, p->fd);
1286 socket_symlink(s);
1287 break;
1288
1289 case SOCKET_SPECIAL:
1290
1291 p->fd = special_address_create(p->path, s->writable);
1292 if (p->fd < 0) {
1293 r = p->fd;
1294 goto rollback;
1295 }
1296 break;
1297
1298 case SOCKET_FIFO:
1299
1300 p->fd = fifo_address_create(
1301 p->path,
1302 s->directory_mode,
1303 s->socket_mode);
1304 if (p->fd < 0) {
1305 r = p->fd;
1306 goto rollback;
1307 }
1308
1309 socket_apply_fifo_options(s, p->fd);
1310 socket_symlink(s);
1311 break;
1312
1313 case SOCKET_MQUEUE:
1314
1315 p->fd = mq_address_create(
1316 p->path,
1317 s->socket_mode,
1318 s->mq_maxmsg,
1319 s->mq_msgsize);
1320 if (p->fd < 0) {
1321 r = p->fd;
1322 goto rollback;
1323 }
1324 break;
1325
1326 case SOCKET_USB_FUNCTION:
1327
1328 p->fd = usbffs_address_create(p->path);
1329 if (p->fd < 0) {
1330 r = p->fd;
1331 goto rollback;
1332 }
1333
1334 r = usbffs_write_descs(p->fd, SERVICE(UNIT_DEREF(s->service)));
1335 if (r < 0)
1336 goto rollback;
1337
1338 r = usbffs_dispatch_eps(p);
1339 if (r < 0)
1340 goto rollback;
1341
1342 break;
1343
1344 default:
1345 assert_not_reached("Unknown port type");
1346 }
1347 }
1348
1349 return 0;
1350
1351rollback:
1352 socket_close_fds(s);
1353 return r;
1354}
1355
1356static void socket_unwatch_fds(Socket *s) {
1357 SocketPort *p;
1358 int r;
1359
1360 assert(s);
1361
1362 LIST_FOREACH(port, p, s->ports) {
1363 if (p->fd < 0)
1364 continue;
1365
1366 if (!p->event_source)
1367 continue;
1368
1369 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1370 if (r < 0)
1371 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
1372 }
1373}
1374
1375static int socket_watch_fds(Socket *s) {
1376 SocketPort *p;
1377 int r;
1378
1379 assert(s);
1380
1381 LIST_FOREACH(port, p, s->ports) {
1382 if (p->fd < 0)
1383 continue;
1384
1385 if (p->event_source) {
1386 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1387 if (r < 0)
1388 goto fail;
1389 } else {
1390 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1391 if (r < 0)
1392 goto fail;
1393
1394 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1395 }
1396 }
1397
1398 return 0;
1399
1400fail:
1401 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
1402 socket_unwatch_fds(s);
1403 return r;
1404}
1405
1406static void socket_set_state(Socket *s, SocketState state) {
1407 SocketState old_state;
1408 assert(s);
1409
1410 old_state = s->state;
1411 s->state = state;
1412
1413 if (!IN_SET(state,
1414 SOCKET_START_PRE,
1415 SOCKET_START_CHOWN,
1416 SOCKET_START_POST,
1417 SOCKET_STOP_PRE,
1418 SOCKET_STOP_PRE_SIGTERM,
1419 SOCKET_STOP_PRE_SIGKILL,
1420 SOCKET_STOP_POST,
1421 SOCKET_FINAL_SIGTERM,
1422 SOCKET_FINAL_SIGKILL)) {
1423
1424 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1425 socket_unwatch_control_pid(s);
1426 s->control_command = NULL;
1427 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1428 }
1429
1430 if (state != SOCKET_LISTENING)
1431 socket_unwatch_fds(s);
1432
1433 if (!IN_SET(state,
1434 SOCKET_START_CHOWN,
1435 SOCKET_START_POST,
1436 SOCKET_LISTENING,
1437 SOCKET_RUNNING,
1438 SOCKET_STOP_PRE,
1439 SOCKET_STOP_PRE_SIGTERM,
1440 SOCKET_STOP_PRE_SIGKILL))
1441 socket_close_fds(s);
1442
1443 if (state != old_state)
1444 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
1445
1446 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1447}
1448
1449static int socket_coldplug(Unit *u) {
1450 Socket *s = SOCKET(u);
1451 int r;
1452
1453 assert(s);
1454 assert(s->state == SOCKET_DEAD);
1455
1456 if (s->deserialized_state == s->state)
1457 return 0;
1458
1459 if (s->control_pid > 0 &&
1460 pid_is_unwaited(s->control_pid) &&
1461 IN_SET(s->deserialized_state,
1462 SOCKET_START_PRE,
1463 SOCKET_START_CHOWN,
1464 SOCKET_START_POST,
1465 SOCKET_STOP_PRE,
1466 SOCKET_STOP_PRE_SIGTERM,
1467 SOCKET_STOP_PRE_SIGKILL,
1468 SOCKET_STOP_POST,
1469 SOCKET_FINAL_SIGTERM,
1470 SOCKET_FINAL_SIGKILL)) {
1471
1472 r = unit_watch_pid(UNIT(s), s->control_pid);
1473 if (r < 0)
1474 return r;
1475
1476 r = socket_arm_timer(s);
1477 if (r < 0)
1478 return r;
1479 }
1480
1481 if (IN_SET(s->deserialized_state,
1482 SOCKET_START_CHOWN,
1483 SOCKET_START_POST,
1484 SOCKET_LISTENING,
1485 SOCKET_RUNNING,
1486 SOCKET_STOP_PRE,
1487 SOCKET_STOP_PRE_SIGTERM,
1488 SOCKET_STOP_PRE_SIGKILL)) {
1489 r = socket_open_fds(s);
1490 if (r < 0)
1491 return r;
1492 }
1493
1494 if (s->deserialized_state == SOCKET_LISTENING) {
1495 r = socket_watch_fds(s);
1496 if (r < 0)
1497 return r;
1498 }
1499
1500 socket_set_state(s, s->deserialized_state);
1501 return 0;
1502}
1503
1504static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1505 _cleanup_free_ char **argv = NULL;
1506 pid_t pid;
1507 int r;
1508 ExecParameters exec_params = {
1509 .apply_permissions = true,
1510 .apply_chroot = true,
1511 .apply_tty_stdin = true,
1512 .bus_endpoint_fd = -1,
1513 .stdin_fd = -1,
1514 .stdout_fd = -1,
1515 .stderr_fd = -1,
1516 };
1517
1518 assert(s);
1519 assert(c);
1520 assert(_pid);
1521
1522 (void) unit_realize_cgroup(UNIT(s));
1523 if (s->reset_cpu_usage) {
1524 (void) unit_reset_cpu_usage(UNIT(s));
1525 s->reset_cpu_usage = false;
1526 }
1527
1528 r = unit_setup_exec_runtime(UNIT(s));
1529 if (r < 0)
1530 goto fail;
1531
1532 r = socket_arm_timer(s);
1533 if (r < 0)
1534 goto fail;
1535
1536 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1537 if (r < 0)
1538 goto fail;
1539
1540 exec_params.argv = argv;
1541 exec_params.environment = UNIT(s)->manager->environment;
1542 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1543 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1544 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1545 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1546 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1547
1548 r = exec_spawn(UNIT(s),
1549 c,
1550 &s->exec_context,
1551 &exec_params,
1552 s->exec_runtime,
1553 &pid);
1554 if (r < 0)
1555 goto fail;
1556
1557 r = unit_watch_pid(UNIT(s), pid);
1558 if (r < 0)
1559 /* FIXME: we need to do something here */
1560 goto fail;
1561
1562 *_pid = pid;
1563 return 0;
1564
1565fail:
1566 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1567 return r;
1568}
1569
1570static int socket_chown(Socket *s, pid_t *_pid) {
1571 pid_t pid;
1572 int r;
1573
1574 r = socket_arm_timer(s);
1575 if (r < 0)
1576 goto fail;
1577
1578 /* We have to resolve the user names out-of-process, hence
1579 * let's fork here. It's messy, but well, what can we do? */
1580
1581 pid = fork();
1582 if (pid < 0)
1583 return -errno;
1584
1585 if (pid == 0) {
1586 SocketPort *p;
1587 uid_t uid = UID_INVALID;
1588 gid_t gid = GID_INVALID;
1589 int ret;
1590
1591 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1592 (void) ignore_signals(SIGPIPE, -1);
1593 log_forget_fds();
1594
1595 if (!isempty(s->user)) {
1596 const char *user = s->user;
1597
1598 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1599 if (r < 0) {
1600 ret = EXIT_USER;
1601 goto fail_child;
1602 }
1603 }
1604
1605 if (!isempty(s->group)) {
1606 const char *group = s->group;
1607
1608 r = get_group_creds(&group, &gid);
1609 if (r < 0) {
1610 ret = EXIT_GROUP;
1611 goto fail_child;
1612 }
1613 }
1614
1615 LIST_FOREACH(port, p, s->ports) {
1616 const char *path = NULL;
1617
1618 if (p->type == SOCKET_SOCKET)
1619 path = socket_address_get_path(&p->address);
1620 else if (p->type == SOCKET_FIFO)
1621 path = p->path;
1622
1623 if (!path)
1624 continue;
1625
1626 if (chown(path, uid, gid) < 0) {
1627 r = -errno;
1628 ret = EXIT_CHOWN;
1629 goto fail_child;
1630 }
1631 }
1632
1633 _exit(0);
1634
1635 fail_child:
1636 log_open();
1637 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1638
1639 _exit(ret);
1640 }
1641
1642 r = unit_watch_pid(UNIT(s), pid);
1643 if (r < 0)
1644 goto fail;
1645
1646 *_pid = pid;
1647 return 0;
1648
1649fail:
1650 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1651 return r;
1652}
1653
1654static void socket_enter_dead(Socket *s, SocketResult f) {
1655 assert(s);
1656
1657 if (f != SOCKET_SUCCESS)
1658 s->result = f;
1659
1660 exec_runtime_destroy(s->exec_runtime);
1661 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1662
1663 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1664
1665 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1666}
1667
1668static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1669
1670static void socket_enter_stop_post(Socket *s, SocketResult f) {
1671 int r;
1672 assert(s);
1673
1674 if (f != SOCKET_SUCCESS)
1675 s->result = f;
1676
1677 socket_unwatch_control_pid(s);
1678 s->control_command_id = SOCKET_EXEC_STOP_POST;
1679 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1680
1681 if (s->control_command) {
1682 r = socket_spawn(s, s->control_command, &s->control_pid);
1683 if (r < 0)
1684 goto fail;
1685
1686 socket_set_state(s, SOCKET_STOP_POST);
1687 } else
1688 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1689
1690 return;
1691
1692fail:
1693 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
1694 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1695}
1696
1697static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1698 int r;
1699
1700 assert(s);
1701
1702 if (f != SOCKET_SUCCESS)
1703 s->result = f;
1704
1705 r = unit_kill_context(
1706 UNIT(s),
1707 &s->kill_context,
1708 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1709 KILL_KILL : KILL_TERMINATE,
1710 -1,
1711 s->control_pid,
1712 false);
1713 if (r < 0)
1714 goto fail;
1715
1716 if (r > 0) {
1717 r = socket_arm_timer(s);
1718 if (r < 0)
1719 goto fail;
1720
1721 socket_set_state(s, state);
1722 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1723 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1724 else if (state == SOCKET_STOP_PRE_SIGKILL)
1725 socket_enter_stop_post(s, SOCKET_SUCCESS);
1726 else if (state == SOCKET_FINAL_SIGTERM)
1727 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1728 else
1729 socket_enter_dead(s, SOCKET_SUCCESS);
1730
1731 return;
1732
1733fail:
1734 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
1735
1736 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1737 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1738 else
1739 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1740}
1741
1742static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1743 int r;
1744 assert(s);
1745
1746 if (f != SOCKET_SUCCESS)
1747 s->result = f;
1748
1749 socket_unwatch_control_pid(s);
1750 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1751 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1752
1753 if (s->control_command) {
1754 r = socket_spawn(s, s->control_command, &s->control_pid);
1755 if (r < 0)
1756 goto fail;
1757
1758 socket_set_state(s, SOCKET_STOP_PRE);
1759 } else
1760 socket_enter_stop_post(s, SOCKET_SUCCESS);
1761
1762 return;
1763
1764fail:
1765 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
1766 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1767}
1768
1769static void socket_enter_listening(Socket *s) {
1770 int r;
1771 assert(s);
1772
1773 r = socket_watch_fds(s);
1774 if (r < 0) {
1775 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1776 goto fail;
1777 }
1778
1779 socket_set_state(s, SOCKET_LISTENING);
1780 return;
1781
1782fail:
1783 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1784}
1785
1786static void socket_enter_start_post(Socket *s) {
1787 int r;
1788 assert(s);
1789
1790 socket_unwatch_control_pid(s);
1791 s->control_command_id = SOCKET_EXEC_START_POST;
1792 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1793
1794 if (s->control_command) {
1795 r = socket_spawn(s, s->control_command, &s->control_pid);
1796 if (r < 0) {
1797 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
1798 goto fail;
1799 }
1800
1801 socket_set_state(s, SOCKET_START_POST);
1802 } else
1803 socket_enter_listening(s);
1804
1805 return;
1806
1807fail:
1808 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1809}
1810
1811static void socket_enter_start_chown(Socket *s) {
1812 int r;
1813
1814 assert(s);
1815
1816 r = socket_open_fds(s);
1817 if (r < 0) {
1818 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1819 goto fail;
1820 }
1821
1822 if (!isempty(s->user) || !isempty(s->group)) {
1823
1824 socket_unwatch_control_pid(s);
1825 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1826 s->control_command = NULL;
1827
1828 r = socket_chown(s, &s->control_pid);
1829 if (r < 0) {
1830 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
1831 goto fail;
1832 }
1833
1834 socket_set_state(s, SOCKET_START_CHOWN);
1835 } else
1836 socket_enter_start_post(s);
1837
1838 return;
1839
1840fail:
1841 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1842}
1843
1844static void socket_enter_start_pre(Socket *s) {
1845 int r;
1846 assert(s);
1847
1848 socket_unwatch_control_pid(s);
1849 s->control_command_id = SOCKET_EXEC_START_PRE;
1850 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1851
1852 if (s->control_command) {
1853 r = socket_spawn(s, s->control_command, &s->control_pid);
1854 if (r < 0) {
1855 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
1856 goto fail;
1857 }
1858
1859 socket_set_state(s, SOCKET_START_PRE);
1860 } else
1861 socket_enter_start_chown(s);
1862
1863 return;
1864
1865fail:
1866 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1867}
1868
1869static void socket_enter_running(Socket *s, int cfd) {
1870 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1871 int r;
1872
1873 assert(s);
1874
1875 /* We don't take connections anymore if we are supposed to
1876 * shut down anyway */
1877 if (unit_stop_pending(UNIT(s))) {
1878
1879 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
1880
1881 if (cfd >= 0)
1882 safe_close(cfd);
1883 else {
1884 /* Flush all sockets by closing and reopening them */
1885 socket_close_fds(s);
1886
1887 r = socket_open_fds(s);
1888 if (r < 0) {
1889 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1890 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1891 return;
1892 }
1893
1894 r = socket_watch_fds(s);
1895 if (r < 0) {
1896 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1897 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1898 }
1899 }
1900
1901 return;
1902 }
1903
1904 if (cfd < 0) {
1905 Iterator i;
1906 Unit *other;
1907 bool pending = false;
1908
1909 /* If there's already a start pending don't bother to
1910 * do anything */
1911 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1912 if (unit_active_or_pending(other)) {
1913 pending = true;
1914 break;
1915 }
1916
1917 if (!pending) {
1918 if (!UNIT_ISSET(s->service)) {
1919 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
1920 r = -ENOENT;
1921 goto fail;
1922 }
1923
1924 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, &error, NULL);
1925 if (r < 0)
1926 goto fail;
1927 }
1928
1929 socket_set_state(s, SOCKET_RUNNING);
1930 } else {
1931 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1932 Service *service;
1933
1934 if (s->n_connections >= s->max_connections) {
1935 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
1936 safe_close(cfd);
1937 return;
1938 }
1939
1940 r = socket_instantiate_service(s);
1941 if (r < 0)
1942 goto fail;
1943
1944 r = instance_from_socket(cfd, s->n_accepted, &instance);
1945 if (r < 0) {
1946 if (r != -ENOTCONN)
1947 goto fail;
1948
1949 /* ENOTCONN is legitimate if TCP RST was received.
1950 * This connection is over, but the socket unit lives on. */
1951 safe_close(cfd);
1952 return;
1953 }
1954
1955 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1956 if (r < 0)
1957 goto fail;
1958
1959 r = unit_name_build(prefix, instance, ".service", &name);
1960 if (r < 0)
1961 goto fail;
1962
1963 r = unit_add_name(UNIT_DEREF(s->service), name);
1964 if (r < 0)
1965 goto fail;
1966
1967 service = SERVICE(UNIT_DEREF(s->service));
1968 unit_ref_unset(&s->service);
1969 s->n_accepted ++;
1970
1971 UNIT(service)->no_gc = false;
1972
1973 unit_choose_id(UNIT(service), name);
1974
1975 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1976 if (r < 0)
1977 goto fail;
1978
1979 cfd = -1;
1980 s->n_connections ++;
1981
1982 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, &error, NULL);
1983 if (r < 0)
1984 goto fail;
1985
1986 /* Notify clients about changed counters */
1987 unit_add_to_dbus_queue(UNIT(s));
1988 }
1989
1990 return;
1991
1992fail:
1993 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1994 cfd >= 0 ? "template" : "non-template",
1995 bus_error_message(&error, r));
1996
1997 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1998 safe_close(cfd);
1999}
2000
2001static void socket_run_next(Socket *s) {
2002 int r;
2003
2004 assert(s);
2005 assert(s->control_command);
2006 assert(s->control_command->command_next);
2007
2008 socket_unwatch_control_pid(s);
2009
2010 s->control_command = s->control_command->command_next;
2011
2012 r = socket_spawn(s, s->control_command, &s->control_pid);
2013 if (r < 0)
2014 goto fail;
2015
2016 return;
2017
2018fail:
2019 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
2020
2021 if (s->state == SOCKET_START_POST)
2022 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2023 else if (s->state == SOCKET_STOP_POST)
2024 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
2025 else
2026 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
2027}
2028
2029static int socket_start(Unit *u) {
2030 Socket *s = SOCKET(u);
2031
2032 assert(s);
2033
2034 /* We cannot fulfill this request right now, try again later
2035 * please! */
2036 if (IN_SET(s->state,
2037 SOCKET_STOP_PRE,
2038 SOCKET_STOP_PRE_SIGKILL,
2039 SOCKET_STOP_PRE_SIGTERM,
2040 SOCKET_STOP_POST,
2041 SOCKET_FINAL_SIGTERM,
2042 SOCKET_FINAL_SIGKILL))
2043 return -EAGAIN;
2044
2045 /* Already on it! */
2046 if (IN_SET(s->state,
2047 SOCKET_START_PRE,
2048 SOCKET_START_CHOWN,
2049 SOCKET_START_POST))
2050 return 0;
2051
2052 /* Cannot run this without the service being around */
2053 if (UNIT_ISSET(s->service)) {
2054 Service *service;
2055
2056 service = SERVICE(UNIT_DEREF(s->service));
2057
2058 if (UNIT(service)->load_state != UNIT_LOADED) {
2059 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
2060 return -ENOENT;
2061 }
2062
2063 /* If the service is already active we cannot start the
2064 * socket */
2065 if (service->state != SERVICE_DEAD &&
2066 service->state != SERVICE_FAILED &&
2067 service->state != SERVICE_AUTO_RESTART) {
2068 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
2069 return -EBUSY;
2070 }
2071 }
2072
2073 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
2074
2075 s->result = SOCKET_SUCCESS;
2076 s->reset_cpu_usage = true;
2077
2078 socket_enter_start_pre(s);
2079
2080 return 1;
2081}
2082
2083static int socket_stop(Unit *u) {
2084 Socket *s = SOCKET(u);
2085
2086 assert(s);
2087
2088 /* Already on it */
2089 if (IN_SET(s->state,
2090 SOCKET_STOP_PRE,
2091 SOCKET_STOP_PRE_SIGTERM,
2092 SOCKET_STOP_PRE_SIGKILL,
2093 SOCKET_STOP_POST,
2094 SOCKET_FINAL_SIGTERM,
2095 SOCKET_FINAL_SIGKILL))
2096 return 0;
2097
2098 /* If there's already something running we go directly into
2099 * kill mode. */
2100 if (IN_SET(s->state,
2101 SOCKET_START_PRE,
2102 SOCKET_START_CHOWN,
2103 SOCKET_START_POST)) {
2104 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
2105 return -EAGAIN;
2106 }
2107
2108 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
2109
2110 socket_enter_stop_pre(s, SOCKET_SUCCESS);
2111 return 1;
2112}
2113
2114static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2115 Socket *s = SOCKET(u);
2116 SocketPort *p;
2117 int r;
2118
2119 assert(u);
2120 assert(f);
2121 assert(fds);
2122
2123 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2124 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2125 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2126
2127 if (s->control_pid > 0)
2128 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2129
2130 if (s->control_command_id >= 0)
2131 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2132
2133 LIST_FOREACH(port, p, s->ports) {
2134 int copy;
2135
2136 if (p->fd < 0)
2137 continue;
2138
2139 copy = fdset_put_dup(fds, p->fd);
2140 if (copy < 0)
2141 return copy;
2142
2143 if (p->type == SOCKET_SOCKET) {
2144 _cleanup_free_ char *t = NULL;
2145
2146 r = socket_address_print(&p->address, &t);
2147 if (r < 0)
2148 return r;
2149
2150 if (socket_address_family(&p->address) == AF_NETLINK)
2151 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2152 else
2153 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2154
2155 } else if (p->type == SOCKET_SPECIAL)
2156 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2157 else if (p->type == SOCKET_MQUEUE)
2158 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2159 else if (p->type == SOCKET_USB_FUNCTION)
2160 unit_serialize_item_format(u, f, "ffs", "%i %s", copy, p->path);
2161 else {
2162 assert(p->type == SOCKET_FIFO);
2163 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2164 }
2165 }
2166
2167 return 0;
2168}
2169
2170static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2171 Socket *s = SOCKET(u);
2172
2173 assert(u);
2174 assert(key);
2175 assert(value);
2176
2177 if (streq(key, "state")) {
2178 SocketState state;
2179
2180 state = socket_state_from_string(value);
2181 if (state < 0)
2182 log_unit_debug(u, "Failed to parse state value: %s", value);
2183 else
2184 s->deserialized_state = state;
2185 } else if (streq(key, "result")) {
2186 SocketResult f;
2187
2188 f = socket_result_from_string(value);
2189 if (f < 0)
2190 log_unit_debug(u, "Failed to parse result value: %s", value);
2191 else if (f != SOCKET_SUCCESS)
2192 s->result = f;
2193
2194 } else if (streq(key, "n-accepted")) {
2195 unsigned k;
2196
2197 if (safe_atou(value, &k) < 0)
2198 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
2199 else
2200 s->n_accepted += k;
2201 } else if (streq(key, "control-pid")) {
2202 pid_t pid;
2203
2204 if (parse_pid(value, &pid) < 0)
2205 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
2206 else
2207 s->control_pid = pid;
2208 } else if (streq(key, "control-command")) {
2209 SocketExecCommand id;
2210
2211 id = socket_exec_command_from_string(value);
2212 if (id < 0)
2213 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
2214 else {
2215 s->control_command_id = id;
2216 s->control_command = s->exec_command[id];
2217 }
2218 } else if (streq(key, "fifo")) {
2219 int fd, skip = 0;
2220 SocketPort *p;
2221
2222 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2223 log_unit_debug(u, "Failed to parse fifo value: %s", value);
2224 else {
2225
2226 LIST_FOREACH(port, p, s->ports)
2227 if (p->type == SOCKET_FIFO &&
2228 path_equal_or_files_same(p->path, value+skip))
2229 break;
2230
2231 if (p) {
2232 safe_close(p->fd);
2233 p->fd = fdset_remove(fds, fd);
2234 }
2235 }
2236
2237 } else if (streq(key, "special")) {
2238 int fd, skip = 0;
2239 SocketPort *p;
2240
2241 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2242 log_unit_debug(u, "Failed to parse special value: %s", value);
2243 else {
2244
2245 LIST_FOREACH(port, p, s->ports)
2246 if (p->type == SOCKET_SPECIAL &&
2247 path_equal_or_files_same(p->path, value+skip))
2248 break;
2249
2250 if (p) {
2251 safe_close(p->fd);
2252 p->fd = fdset_remove(fds, fd);
2253 }
2254 }
2255
2256 } else if (streq(key, "mqueue")) {
2257 int fd, skip = 0;
2258 SocketPort *p;
2259
2260 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2261 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
2262 else {
2263
2264 LIST_FOREACH(port, p, s->ports)
2265 if (p->type == SOCKET_MQUEUE &&
2266 streq(p->path, value+skip))
2267 break;
2268
2269 if (p) {
2270 safe_close(p->fd);
2271 p->fd = fdset_remove(fds, fd);
2272 }
2273 }
2274
2275 } else if (streq(key, "socket")) {
2276 int fd, type, skip = 0;
2277 SocketPort *p;
2278
2279 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2280 log_unit_debug(u, "Failed to parse socket value: %s", value);
2281 else {
2282
2283 LIST_FOREACH(port, p, s->ports)
2284 if (socket_address_is(&p->address, value+skip, type))
2285 break;
2286
2287 if (p) {
2288 safe_close(p->fd);
2289 p->fd = fdset_remove(fds, fd);
2290 }
2291 }
2292
2293 } else if (streq(key, "netlink")) {
2294 int fd, skip = 0;
2295 SocketPort *p;
2296
2297 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2298 log_unit_debug(u, "Failed to parse socket value: %s", value);
2299 else {
2300
2301 LIST_FOREACH(port, p, s->ports)
2302 if (socket_address_is_netlink(&p->address, value+skip))
2303 break;
2304
2305 if (p) {
2306 safe_close(p->fd);
2307 p->fd = fdset_remove(fds, fd);
2308 }
2309 }
2310
2311 } else if (streq(key, "ffs")) {
2312 int fd, skip = 0;
2313 SocketPort *p;
2314
2315 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2316 log_unit_debug(u, "Failed to parse ffs value: %s", value);
2317 else {
2318
2319 LIST_FOREACH(port, p, s->ports)
2320 if (p->type == SOCKET_USB_FUNCTION &&
2321 path_equal_or_files_same(p->path, value+skip))
2322 break;
2323
2324 if (p) {
2325 safe_close(p->fd);
2326 p->fd = fdset_remove(fds, fd);
2327 }
2328 }
2329
2330 } else
2331 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
2332
2333 return 0;
2334}
2335
2336static void socket_distribute_fds(Unit *u, FDSet *fds) {
2337 Socket *s = SOCKET(u);
2338 SocketPort *p;
2339
2340 assert(u);
2341
2342 LIST_FOREACH(port, p, s->ports) {
2343 Iterator i;
2344 int fd;
2345
2346 if (p->type != SOCKET_SOCKET)
2347 continue;
2348
2349 if (p->fd >= 0)
2350 continue;
2351
2352 FDSET_FOREACH(fd, fds, i) {
2353 if (socket_address_matches_fd(&p->address, fd)) {
2354 p->fd = fdset_remove(fds, fd);
2355 s->deserialized_state = SOCKET_LISTENING;
2356 break;
2357 }
2358 }
2359 }
2360}
2361
2362_pure_ static UnitActiveState socket_active_state(Unit *u) {
2363 assert(u);
2364
2365 return state_translation_table[SOCKET(u)->state];
2366}
2367
2368_pure_ static const char *socket_sub_state_to_string(Unit *u) {
2369 assert(u);
2370
2371 return socket_state_to_string(SOCKET(u)->state);
2372}
2373
2374const char* socket_port_type_to_string(SocketPort *p) {
2375
2376 assert(p);
2377
2378 switch (p->type) {
2379
2380 case SOCKET_SOCKET:
2381
2382 switch (p->address.type) {
2383
2384 case SOCK_STREAM:
2385 return "Stream";
2386
2387 case SOCK_DGRAM:
2388 return "Datagram";
2389
2390 case SOCK_SEQPACKET:
2391 return "SequentialPacket";
2392
2393 case SOCK_RAW:
2394 if (socket_address_family(&p->address) == AF_NETLINK)
2395 return "Netlink";
2396
2397 default:
2398 return NULL;
2399 }
2400
2401 case SOCKET_SPECIAL:
2402 return "Special";
2403
2404 case SOCKET_MQUEUE:
2405 return "MessageQueue";
2406
2407 case SOCKET_FIFO:
2408 return "FIFO";
2409
2410 case SOCKET_USB_FUNCTION:
2411 return "USBFunction";
2412
2413 default:
2414 return NULL;
2415 }
2416}
2417
2418_pure_ static bool socket_check_gc(Unit *u) {
2419 Socket *s = SOCKET(u);
2420
2421 assert(u);
2422
2423 return s->n_connections > 0;
2424}
2425
2426static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2427 SocketPort *p = userdata;
2428 int cfd = -1;
2429
2430 assert(p);
2431 assert(fd >= 0);
2432
2433 if (p->socket->state != SOCKET_LISTENING)
2434 return 0;
2435
2436 log_unit_debug(UNIT(p->socket), "Incoming traffic");
2437
2438 if (revents != EPOLLIN) {
2439
2440 if (revents & EPOLLHUP)
2441 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2442 else
2443 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
2444 goto fail;
2445 }
2446
2447 if (p->socket->accept &&
2448 p->type == SOCKET_SOCKET &&
2449 socket_address_can_accept(&p->address)) {
2450
2451 for (;;) {
2452
2453 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2454 if (cfd < 0) {
2455
2456 if (errno == EINTR)
2457 continue;
2458
2459 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
2460 goto fail;
2461 }
2462
2463 break;
2464 }
2465
2466 socket_apply_socket_options(p->socket, cfd);
2467 }
2468
2469 socket_enter_running(p->socket, cfd);
2470 return 0;
2471
2472fail:
2473 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2474 return 0;
2475}
2476
2477static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2478 Socket *s = SOCKET(u);
2479 SocketResult f;
2480
2481 assert(s);
2482 assert(pid >= 0);
2483
2484 if (pid != s->control_pid)
2485 return;
2486
2487 s->control_pid = 0;
2488
2489 if (is_clean_exit(code, status, NULL))
2490 f = SOCKET_SUCCESS;
2491 else if (code == CLD_EXITED)
2492 f = SOCKET_FAILURE_EXIT_CODE;
2493 else if (code == CLD_KILLED)
2494 f = SOCKET_FAILURE_SIGNAL;
2495 else if (code == CLD_DUMPED)
2496 f = SOCKET_FAILURE_CORE_DUMP;
2497 else
2498 assert_not_reached("Unknown sigchld code");
2499
2500 if (s->control_command) {
2501 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2502
2503 if (s->control_command->ignore)
2504 f = SOCKET_SUCCESS;
2505 }
2506
2507 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2508 "Control process exited, code=%s status=%i",
2509 sigchld_code_to_string(code), status);
2510
2511 if (f != SOCKET_SUCCESS)
2512 s->result = f;
2513
2514 if (s->control_command &&
2515 s->control_command->command_next &&
2516 f == SOCKET_SUCCESS) {
2517
2518 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
2519 socket_run_next(s);
2520 } else {
2521 s->control_command = NULL;
2522 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2523
2524 /* No further commands for this step, so let's figure
2525 * out what to do next */
2526
2527 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
2528
2529 switch (s->state) {
2530
2531 case SOCKET_START_PRE:
2532 if (f == SOCKET_SUCCESS)
2533 socket_enter_start_chown(s);
2534 else
2535 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2536 break;
2537
2538 case SOCKET_START_CHOWN:
2539 if (f == SOCKET_SUCCESS)
2540 socket_enter_start_post(s);
2541 else
2542 socket_enter_stop_pre(s, f);
2543 break;
2544
2545 case SOCKET_START_POST:
2546 if (f == SOCKET_SUCCESS)
2547 socket_enter_listening(s);
2548 else
2549 socket_enter_stop_pre(s, f);
2550 break;
2551
2552 case SOCKET_STOP_PRE:
2553 case SOCKET_STOP_PRE_SIGTERM:
2554 case SOCKET_STOP_PRE_SIGKILL:
2555 socket_enter_stop_post(s, f);
2556 break;
2557
2558 case SOCKET_STOP_POST:
2559 case SOCKET_FINAL_SIGTERM:
2560 case SOCKET_FINAL_SIGKILL:
2561 socket_enter_dead(s, f);
2562 break;
2563
2564 default:
2565 assert_not_reached("Uh, control process died at wrong time.");
2566 }
2567 }
2568
2569 /* Notify clients about changed exit status */
2570 unit_add_to_dbus_queue(u);
2571}
2572
2573static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2574 Socket *s = SOCKET(userdata);
2575
2576 assert(s);
2577 assert(s->timer_event_source == source);
2578
2579 switch (s->state) {
2580
2581 case SOCKET_START_PRE:
2582 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
2583 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2584 break;
2585
2586 case SOCKET_START_CHOWN:
2587 case SOCKET_START_POST:
2588 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
2589 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2590 break;
2591
2592 case SOCKET_STOP_PRE:
2593 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
2594 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2595 break;
2596
2597 case SOCKET_STOP_PRE_SIGTERM:
2598 if (s->kill_context.send_sigkill) {
2599 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
2600 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2601 } else {
2602 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2603 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2604 }
2605 break;
2606
2607 case SOCKET_STOP_PRE_SIGKILL:
2608 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
2609 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2610 break;
2611
2612 case SOCKET_STOP_POST:
2613 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
2614 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2615 break;
2616
2617 case SOCKET_FINAL_SIGTERM:
2618 if (s->kill_context.send_sigkill) {
2619 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
2620 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2621 } else {
2622 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2623 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2624 }
2625 break;
2626
2627 case SOCKET_FINAL_SIGKILL:
2628 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
2629 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2630 break;
2631
2632 default:
2633 assert_not_reached("Timeout at wrong time.");
2634 }
2635
2636 return 0;
2637}
2638
2639int socket_collect_fds(Socket *s, int **fds) {
2640 int *rfds, k = 0, n = 0;
2641 SocketPort *p;
2642
2643 assert(s);
2644 assert(fds);
2645
2646 /* Called from the service code for requesting our fds */
2647
2648 LIST_FOREACH(port, p, s->ports) {
2649 if (p->fd >= 0)
2650 n++;
2651 n += p->n_auxiliary_fds;
2652 }
2653
2654 if (n <= 0) {
2655 *fds = NULL;
2656 return 0;
2657 }
2658
2659 rfds = new(int, n);
2660 if (!rfds)
2661 return -ENOMEM;
2662
2663 LIST_FOREACH(port, p, s->ports) {
2664 int i;
2665
2666 if (p->fd >= 0)
2667 rfds[k++] = p->fd;
2668 for (i = 0; i < p->n_auxiliary_fds; ++i)
2669 rfds[k++] = p->auxiliary_fds[i];
2670 }
2671
2672 assert(k == n);
2673
2674 *fds = rfds;
2675 return n;
2676}
2677
2678static void socket_reset_failed(Unit *u) {
2679 Socket *s = SOCKET(u);
2680
2681 assert(s);
2682
2683 if (s->state == SOCKET_FAILED)
2684 socket_set_state(s, SOCKET_DEAD);
2685
2686 s->result = SOCKET_SUCCESS;
2687}
2688
2689static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2690 assert(s);
2691
2692 /* The service is dead. Dang!
2693 *
2694 * This is strictly for one-instance-for-all-connections
2695 * services. */
2696
2697 if (s->state == SOCKET_RUNNING) {
2698 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
2699 if (failed_permanent)
2700 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2701 else
2702 socket_enter_listening(s);
2703 }
2704}
2705
2706void socket_connection_unref(Socket *s) {
2707 assert(s);
2708
2709 /* The service is dead. Yay!
2710 *
2711 * This is strictly for one-instance-per-connection
2712 * services. */
2713
2714 assert(s->n_connections > 0);
2715 s->n_connections--;
2716
2717 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
2718}
2719
2720static void socket_trigger_notify(Unit *u, Unit *other) {
2721 Socket *s = SOCKET(u);
2722 Service *se;
2723
2724 assert(u);
2725 assert(other);
2726
2727 /* Don't propagate state changes from the service if we are
2728 already down or accepting connections */
2729 if ((s->state != SOCKET_RUNNING &&
2730 s->state != SOCKET_LISTENING) ||
2731 s->accept)
2732 return;
2733
2734 if (other->load_state != UNIT_LOADED ||
2735 other->type != UNIT_SERVICE)
2736 return;
2737
2738 se = SERVICE(other);
2739
2740 if (se->state == SERVICE_FAILED)
2741 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2742
2743 if (se->state == SERVICE_DEAD ||
2744 se->state == SERVICE_FINAL_SIGTERM ||
2745 se->state == SERVICE_FINAL_SIGKILL ||
2746 se->state == SERVICE_AUTO_RESTART)
2747 socket_notify_service_dead(s, false);
2748
2749 if (se->state == SERVICE_RUNNING)
2750 socket_set_state(s, SOCKET_RUNNING);
2751}
2752
2753static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2754 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2755}
2756
2757static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2758 Socket *s = SOCKET(u);
2759 int r;
2760
2761 if (!s->timer_event_source)
2762 return 0;
2763
2764 r = sd_event_source_get_time(s->timer_event_source, timeout);
2765 if (r < 0)
2766 return r;
2767
2768 return 1;
2769}
2770
2771char *socket_fdname(Socket *s) {
2772 assert(s);
2773
2774 /* Returns the name to use for $LISTEN_NAMES. If the user
2775 * didn't specify anything specifically, use the socket unit's
2776 * name as fallback. */
2777
2778 if (s->fdname)
2779 return s->fdname;
2780
2781 return UNIT(s)->id;
2782}
2783
2784static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2785 [SOCKET_EXEC_START_PRE] = "StartPre",
2786 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2787 [SOCKET_EXEC_START_POST] = "StartPost",
2788 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2789 [SOCKET_EXEC_STOP_POST] = "StopPost"
2790};
2791
2792DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2793
2794static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2795 [SOCKET_SUCCESS] = "success",
2796 [SOCKET_FAILURE_RESOURCES] = "resources",
2797 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2798 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2799 [SOCKET_FAILURE_SIGNAL] = "signal",
2800 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2801 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2802};
2803
2804DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2805
2806const UnitVTable socket_vtable = {
2807 .object_size = sizeof(Socket),
2808 .exec_context_offset = offsetof(Socket, exec_context),
2809 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2810 .kill_context_offset = offsetof(Socket, kill_context),
2811 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2812
2813 .sections =
2814 "Unit\0"
2815 "Socket\0"
2816 "Install\0",
2817 .private_section = "Socket",
2818
2819 .init = socket_init,
2820 .done = socket_done,
2821 .load = socket_load,
2822
2823 .coldplug = socket_coldplug,
2824
2825 .dump = socket_dump,
2826
2827 .start = socket_start,
2828 .stop = socket_stop,
2829
2830 .kill = socket_kill,
2831
2832 .get_timeout = socket_get_timeout,
2833
2834 .serialize = socket_serialize,
2835 .deserialize_item = socket_deserialize_item,
2836 .distribute_fds = socket_distribute_fds,
2837
2838 .active_state = socket_active_state,
2839 .sub_state_to_string = socket_sub_state_to_string,
2840
2841 .check_gc = socket_check_gc,
2842
2843 .sigchld_event = socket_sigchld_event,
2844
2845 .trigger_notify = socket_trigger_notify,
2846
2847 .reset_failed = socket_reset_failed,
2848
2849 .bus_vtable = bus_socket_vtable,
2850 .bus_set_property = bus_socket_set_property,
2851 .bus_commit_properties = bus_socket_commit_properties,
2852
2853 .status_message_formats = {
2854 /*.starting_stopping = {
2855 [0] = "Starting socket %s...",
2856 [1] = "Stopping socket %s...",
2857 },*/
2858 .finished_start_job = {
2859 [JOB_DONE] = "Listening on %s.",
2860 [JOB_FAILED] = "Failed to listen on %s.",
2861 [JOB_TIMEOUT] = "Timed out starting %s.",
2862 },
2863 .finished_stop_job = {
2864 [JOB_DONE] = "Closed %s.",
2865 [JOB_FAILED] = "Failed stopping %s.",
2866 [JOB_TIMEOUT] = "Timed out stopping %s.",
2867 },
2868 },
2869};
Unnamed repository; edit this file 'description' to name the repository.