src/activate/activate.c

   1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
   2
   3 #include <getopt.h>
   4 #include <sys/epoll.h>
   5 #include <sys/prctl.h>
   6 #include <sys/wait.h>
   7 #include <unistd.h>
   8
   9 #include "sd-daemon.h"
  10
  11 #include "alloc-util.h"
  12 #include "errno-util.h"
  13 #include "escape.h"
  14 #include "fd-util.h"
  15 #include "log.h"
  16 #include "macro.h"
  17 #include "pretty-print.h"
  18 #include "process-util.h"
  19 #include "signal-util.h"
  20 #include "socket-netlink.h"
  21 #include "socket-util.h"
  22 #include "string-util.h"
  23 #include "strv.h"
  24 #include "terminal-util.h"
  25 #include "util.h"
  26
  27 static char **arg_listen = NULL;
  28 static bool arg_accept = false;
  29 static int arg_socket_type = SOCK_STREAM;
  30 static char **arg_args = NULL;
  31 static char **arg_setenv = NULL;
  32 static char **arg_fdnames = NULL;
  33 static bool arg_inetd = false;
  34
  35 static int add_epoll(int epoll_fd, int fd) {
  36         struct epoll_event ev = {
  37                 .events = EPOLLIN,
  38                 .data.fd = fd,
  39         };
  40
  41         assert(epoll_fd >= 0);
  42         assert(fd >= 0);
  43
  44         if (epoll_ctl(epoll_fd, EPOLL_CTL_ADD, fd, &ev) < 0)
  45                 return log_error_errno(errno, "Failed to add event on epoll fd:%d for fd:%d: %m", epoll_fd, fd);
  46
  47         return 0;
  48 }
  49
  50 static int open_sockets(int *epoll_fd, bool accept) {
  51         char **address;
  52         int n, fd, r, count = 0;
  53
  54         n = sd_listen_fds(true);
  55         if (n < 0)
  56                 return log_error_errno(n, "Failed to read listening file descriptors from environment: %m");
  57         if (n > 0) {
  58                 log_info("Received %i descriptors via the environment.", n);
  59
  60                 for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd++) {
  61                         r = fd_cloexec(fd, arg_accept);
  62                         if (r < 0)
  63                                 return r;
  64
  65                         count++;
  66                 }
  67         }
  68
  69         /* Close logging and all other descriptors */
  70         if (arg_listen) {
  71                 _cleanup_free_ int *except = NULL;
  72                 int i;
  73
  74                 except = new(int, n);
  75                 if (!except)
  76                         return log_oom();
  77
  78                 for (i = 0; i < n; i++)
  79                         except[i] = SD_LISTEN_FDS_START + i;
  80
  81                 log_close();
  82                 r = close_all_fds(except, n);
  83                 if (r < 0)
  84                         return log_error_errno(r, "Failed to close all file descriptors: %m");
  85         }
  86
  87         /** Note: we leak some fd's on error here. I doesn't matter
  88          *  much, since the program will exit immediately anyway, but
  89          *  would be a pain to fix.
  90          */
  91
  92         STRV_FOREACH(address, arg_listen) {
  93                 fd = make_socket_fd(LOG_DEBUG, *address, arg_socket_type, (arg_accept * SOCK_CLOEXEC));
  94                 if (fd < 0) {
  95                         log_open();
  96                         return log_error_errno(fd, "Failed to open '%s': %m", *address);
  97                 }
  98
  99                 assert(fd == SD_LISTEN_FDS_START + count);
 100                 count++;
 101         }
 102
 103         if (arg_listen)
 104                 log_open();
 105
 106         *epoll_fd = epoll_create1(EPOLL_CLOEXEC);
 107         if (*epoll_fd < 0)
 108                 return log_error_errno(errno, "Failed to create epoll object: %m");
 109
 110         for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + count; fd++) {
 111                 _cleanup_free_ char *name = NULL;
 112
 113                 getsockname_pretty(fd, &name);
 114                 log_info("Listening on %s as %i.", strna(name), fd);
 115
 116                 r = add_epoll(*epoll_fd, fd);
 117                 if (r < 0)
 118                         return r;
 119         }
 120
 121         return count;
 122 }
 123
 124 static int exec_process(const char *name, char **argv, char **env, int start_fd, size_t n_fds) {
 125         _cleanup_strv_free_ char **envp = NULL;
 126         _cleanup_free_ char *joined = NULL;
 127         size_t n_env = 0, length;
 128         const char *tocopy;
 129         char **s;
 130         int r;
 131
 132         if (arg_inetd && n_fds != 1)
 133                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
 134                                        "--inetd only supported for single file descriptors.");
 135
 136         length = strv_length(arg_setenv);
 137
 138         /* PATH, TERM, HOME, USER, LISTEN_FDS, LISTEN_PID, LISTEN_FDNAMES, NULL */
 139         envp = new0(char *, length + 8);
 140         if (!envp)
 141                 return log_oom();
 142
 143         STRV_FOREACH(s, arg_setenv) {
 144
 145                 if (strchr(*s, '=')) {
 146                         char *k;
 147
 148                         k = strdup(*s);
 149                         if (!k)
 150                                 return log_oom();
 151
 152                         envp[n_env++] = k;
 153                 } else {
 154                         _cleanup_free_ char *p;
 155                         const char *n;
 156
 157                         p = strjoin(*s, "=");
 158                         if (!p)
 159                                 return log_oom();
 160
 161                         n = strv_find_prefix(env, p);
 162                         if (!n)
 163                                 continue;
 164
 165                         envp[n_env] = strdup(n);
 166                         if (!envp[n_env])
 167                                 return log_oom();
 168
 169                         n_env++;
 170                 }
 171         }
 172
 173         FOREACH_STRING(tocopy, "TERM=", "PATH=", "USER=", "HOME=") {
 174                 const char *n;
 175
 176                 n = strv_find_prefix(env, tocopy);
 177                 if (!n)
 178                         continue;
 179
 180                 envp[n_env] = strdup(n);
 181                 if (!envp[n_env])
 182                         return log_oom();
 183
 184                 n_env++;
 185         }
 186
 187         if (arg_inetd) {
 188                 assert(n_fds == 1);
 189
 190                 r = rearrange_stdio(start_fd, start_fd, STDERR_FILENO); /* invalidates start_fd on success + error */
 191                 if (r < 0)
 192                         return log_error_errno(r, "Failed to move fd to stdin+stdout: %m");
 193
 194         } else {
 195                 if (start_fd != SD_LISTEN_FDS_START) {
 196                         assert(n_fds == 1);
 197
 198                         if (dup2(start_fd, SD_LISTEN_FDS_START) < 0)
 199                                 return log_error_errno(errno, "Failed to dup connection: %m");
 200
 201                         safe_close(start_fd);
 202                 }
 203
 204                 if (asprintf((char **) (envp + n_env++), "LISTEN_FDS=%zu", n_fds) < 0)
 205                         return log_oom();
 206
 207                 if (asprintf((char **) (envp + n_env++), "LISTEN_PID=" PID_FMT, getpid_cached()) < 0)
 208                         return log_oom();
 209
 210                 if (arg_fdnames) {
 211                         _cleanup_free_ char *names = NULL;
 212                         size_t len;
 213                         char *e;
 214
 215                         len = strv_length(arg_fdnames);
 216                         if (len == 1)
 217                                 for (size_t i = 1; i < n_fds; i++) {
 218                                         r = strv_extend(&arg_fdnames, arg_fdnames[0]);
 219                                         if (r < 0)
 220                                                 return log_oom();
 221                                 }
 222                         else if (len != n_fds)
 223                                 log_warning("The number of fd names is different than number of fds: %zu vs %zu", len, n_fds);
 224
 225                         names = strv_join(arg_fdnames, ":");
 226                         if (!names)
 227                                 return log_oom();
 228
 229                         e = strjoin("LISTEN_FDNAMES=", names);
 230                         if (!e)
 231                                 return log_oom();
 232
 233                         envp[n_env++] = e;
 234                 }
 235         }
 236
 237         joined = strv_join(argv, " ");
 238         if (!joined)
 239                 return log_oom();
 240
 241         log_info("Execing %s (%s)", name, joined);
 242         execvpe(name, argv, envp);
 243
 244         return log_error_errno(errno, "Failed to execp %s (%s): %m", name, joined);
 245 }
 246
 247 static int fork_and_exec_process(const char *child, char **argv, char **env, int fd) {
 248         _cleanup_free_ char *joined = NULL;
 249         pid_t child_pid;
 250         int r;
 251
 252         joined = strv_join(argv, " ");
 253         if (!joined)
 254                 return log_oom();
 255
 256         r = safe_fork("(activate)",
 257                       FORK_RESET_SIGNALS | FORK_DEATHSIG | FORK_RLIMIT_NOFILE_SAFE | FORK_LOG,
 258                       &child_pid);
 259         if (r < 0)
 260                 return r;
 261         if (r == 0) {
 262                 /* In the child */
 263                 exec_process(child, argv, env, fd, 1);
 264                 _exit(EXIT_FAILURE);
 265         }
 266
 267         log_info("Spawned %s (%s) as PID " PID_FMT ".", child, joined, child_pid);
 268         return 0;
 269 }
 270
 271 static int do_accept(const char *name, char **argv, char **envp, int fd) {
 272         _cleanup_free_ char *local = NULL, *peer = NULL;
 273         _cleanup_close_ int fd_accepted = -1;
 274
 275         fd_accepted = accept4(fd, NULL, NULL, 0);
 276         if (fd_accepted < 0) {
 277                 if (ERRNO_IS_ACCEPT_AGAIN(errno))
 278                         return 0;
 279
 280                 return log_error_errno(errno, "Failed to accept connection on fd:%d: %m", fd);
 281         }
 282
 283         (void) getsockname_pretty(fd_accepted, &local);
 284         (void) getpeername_pretty(fd_accepted, true, &peer);
 285         log_info("Connection from %s to %s", strna(peer), strna(local));
 286
 287         return fork_and_exec_process(name, argv, envp, fd_accepted);
 288 }
 289
 290 /* SIGCHLD handler. */
 291 static void sigchld_hdl(int sig) {
 292         PROTECT_ERRNO;
 293
 294         for (;;) {
 295                 siginfo_t si;
 296                 int r;
 297
 298                 si.si_pid = 0;
 299                 r = waitid(P_ALL, 0, &si, WEXITED | WNOHANG);
 300                 if (r < 0) {
 301                         if (errno != ECHILD)
 302                                 log_error_errno(errno, "Failed to reap children: %m");
 303                         return;
 304                 }
 305                 if (si.si_pid == 0)
 306                         return;
 307
 308                 log_info("Child %d died with code %d", si.si_pid, si.si_status);
 309         }
 310 }
 311
 312 static int install_chld_handler(void) {
 313         static const struct sigaction act = {
 314                 .sa_flags = SA_NOCLDSTOP | SA_RESTART,
 315                 .sa_handler = sigchld_hdl,
 316         };
 317
 318         if (sigaction(SIGCHLD, &act, 0) < 0)
 319                 return log_error_errno(errno, "Failed to install SIGCHLD handler: %m");
 320
 321         return 0;
 322 }
 323
 324 static int help(void) {
 325         _cleanup_free_ char *link = NULL;
 326         int r;
 327
 328         r = terminal_urlify_man("systemd-socket-activate", "1", &link);
 329         if (r < 0)
 330                 return log_oom();
 331
 332         printf("%s [OPTIONS...]\n"
 333                "\n%sListen on sockets and launch child on connection.%s\n"
 334                "\nOptions:\n"
 335                "  -h --help                  Show this help and exit\n"
 336                "     --version               Print version string and exit\n"
 337                "  -l --listen=ADDR           Listen for raw connections at ADDR\n"
 338                "  -d --datagram              Listen on datagram instead of stream socket\n"
 339                "     --seqpacket             Listen on SOCK_SEQPACKET instead of stream socket\n"
 340                "  -a --accept                Spawn separate child for each connection\n"
 341                "  -E --setenv=NAME[=VALUE]   Pass an environment variable to children\n"
 342                "     --fdname=NAME[:NAME...] Specify names for file descriptors\n"
 343                "     --inetd                 Enable inetd file descriptor passing protocol\n"
 344                "\nNote: file descriptors from sd_listen_fds() will be passed through.\n"
 345                "\nSee the %s for details.\n",
 346                program_invocation_short_name,
 347                ansi_highlight(),
 348                ansi_normal(),
 349                link);
 350
 351         return 0;
 352 }
 353
 354 static int parse_argv(int argc, char *argv[]) {
 355         enum {
 356                 ARG_VERSION = 0x100,
 357                 ARG_FDNAME,
 358                 ARG_SEQPACKET,
 359                 ARG_INETD,
 360         };
 361
 362         static const struct option options[] = {
 363                 { "help",        no_argument,       NULL, 'h'           },
 364                 { "version",     no_argument,       NULL, ARG_VERSION   },
 365                 { "datagram",    no_argument,       NULL, 'd'           },
 366                 { "seqpacket",   no_argument,       NULL, ARG_SEQPACKET },
 367                 { "listen",      required_argument, NULL, 'l'           },
 368                 { "accept",      no_argument,       NULL, 'a'           },
 369                 { "setenv",      required_argument, NULL, 'E'           },
 370                 { "environment", required_argument, NULL, 'E'           }, /* legacy alias */
 371                 { "fdname",      required_argument, NULL, ARG_FDNAME    },
 372                 { "inetd",       no_argument,       NULL, ARG_INETD     },
 373                 {}
 374         };
 375
 376         int c, r;
 377
 378         assert(argc >= 0);
 379         assert(argv);
 380
 381         while ((c = getopt_long(argc, argv, "+hl:aE:d", options, NULL)) >= 0)
 382                 switch (c) {
 383                 case 'h':
 384                         return help();
 385
 386                 case ARG_VERSION:
 387                         return version();
 388
 389                 case 'l':
 390                         r = strv_extend(&arg_listen, optarg);
 391                         if (r < 0)
 392                                 return log_oom();
 393
 394                         break;
 395
 396                 case 'd':
 397                         if (arg_socket_type == SOCK_SEQPACKET)
 398                                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
 399                                                        "--datagram may not be combined with --seqpacket.");
 400
 401                         arg_socket_type = SOCK_DGRAM;
 402                         break;
 403
 404                 case ARG_SEQPACKET:
 405                         if (arg_socket_type == SOCK_DGRAM)
 406                                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
 407                                                        "--seqpacket may not be combined with --datagram.");
 408
 409                         arg_socket_type = SOCK_SEQPACKET;
 410                         break;
 411
 412                 case 'a':
 413                         arg_accept = true;
 414                         break;
 415
 416                 case 'E':
 417                         r = strv_extend(&arg_setenv, optarg);
 418                         if (r < 0)
 419                                 return log_oom();
 420
 421                         break;
 422
 423                 case ARG_FDNAME: {
 424                         _cleanup_strv_free_ char **names;
 425                         char **s;
 426
 427                         names = strv_split(optarg, ":");
 428                         if (!names)
 429                                 return log_oom();
 430
 431                         STRV_FOREACH(s, names)
 432                                 if (!fdname_is_valid(*s)) {
 433                                         _cleanup_free_ char *esc;
 434
 435                                         esc = cescape(*s);
 436                                         log_warning("File descriptor name \"%s\" is not valid.", esc);
 437                                 }
 438
 439                         /* Empty optargs means one empty name */
 440                         r = strv_extend_strv(&arg_fdnames,
 441                                              strv_isempty(names) ? STRV_MAKE("") : names,
 442                                              false);
 443                         if (r < 0)
 444                                 return log_error_errno(r, "strv_extend_strv: %m");
 445                         break;
 446                 }
 447
 448                 case ARG_INETD:
 449                         arg_inetd = true;
 450                         break;
 451
 452                 case '?':
 453                         return -EINVAL;
 454
 455                 default:
 456                         assert_not_reached("Unhandled option");
 457                 }
 458
 459         if (optind == argc)
 460                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
 461                                        "%s: command to execute is missing.",
 462                                        program_invocation_short_name);
 463
 464         if (arg_socket_type == SOCK_DGRAM && arg_accept)
 465                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
 466                                        "Datagram sockets do not accept connections. "
 467                                        "The --datagram and --accept options may not be combined.");
 468
 469         arg_args = argv + optind;
 470
 471         return 1 /* work to do */;
 472 }
 473
 474 int main(int argc, char **argv, char **envp) {
 475         int r, n;
 476         int epoll_fd = -1;
 477
 478         log_show_color(true);
 479         log_parse_environment();
 480         log_open();
 481
 482         r = parse_argv(argc, argv);
 483         if (r <= 0)
 484                 return r == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
 485
 486         r = install_chld_handler();
 487         if (r < 0)
 488                 return EXIT_FAILURE;
 489
 490         n = open_sockets(&epoll_fd, arg_accept);
 491         if (n < 0)
 492                 return EXIT_FAILURE;
 493         if (n == 0) {
 494                 log_error("No sockets to listen on specified or passed in.");
 495                 return EXIT_FAILURE;
 496         }
 497
 498         for (;;) {
 499                 struct epoll_event event;
 500
 501                 if (epoll_wait(epoll_fd, &event, 1, -1) < 0) {
 502                         if (errno == EINTR)
 503                                 continue;
 504
 505                         log_error_errno(errno, "epoll_wait() failed: %m");
 506                         return EXIT_FAILURE;
 507                 }
 508
 509                 log_info("Communication attempt on fd %i.", event.data.fd);
 510                 if (arg_accept) {
 511                         r = do_accept(argv[optind], argv + optind, envp, event.data.fd);
 512                         if (r < 0)
 513                                 return EXIT_FAILURE;
 514                 } else
 515                         break;
 516         }
 517
 518         exec_process(argv[optind], argv + optind, envp, SD_LISTEN_FDS_START, (size_t) n);
 519
 520         return EXIT_SUCCESS;
 521 }