]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
smack: rework smack APIs a bit
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/types.h>
23 #include <sys/stat.h>
24 #include <unistd.h>
25 #include <errno.h>
26 #include <fcntl.h>
27 #include <sys/epoll.h>
28 #include <signal.h>
29 #include <arpa/inet.h>
30 #include <netinet/tcp.h>
31 #include <mqueue.h>
32 #include <sys/xattr.h>
33
34 #include "sd-event.h"
35 #include "log.h"
36 #include "load-dropin.h"
37 #include "load-fragment.h"
38 #include "strv.h"
39 #include "mkdir.h"
40 #include "path-util.h"
41 #include "unit-name.h"
42 #include "unit-printf.h"
43 #include "missing.h"
44 #include "special.h"
45 #include "label.h"
46 #include "exit-status.h"
47 #include "def.h"
48 #include "smack-util.h"
49 #include "bus-util.h"
50 #include "bus-error.h"
51 #include "dbus-socket.h"
52 #include "unit.h"
53 #include "socket.h"
54
55 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
56 [SOCKET_DEAD] = UNIT_INACTIVE,
57 [SOCKET_START_PRE] = UNIT_ACTIVATING,
58 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
59 [SOCKET_START_POST] = UNIT_ACTIVATING,
60 [SOCKET_LISTENING] = UNIT_ACTIVE,
61 [SOCKET_RUNNING] = UNIT_ACTIVE,
62 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
66 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
67 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
68 [SOCKET_FAILED] = UNIT_FAILED
69 };
70
71 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
72 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
73
74 static void socket_init(Unit *u) {
75 Socket *s = SOCKET(u);
76
77 assert(u);
78 assert(u->load_state == UNIT_STUB);
79
80 s->backlog = SOMAXCONN;
81 s->timeout_usec = u->manager->default_timeout_start_usec;
82 s->directory_mode = 0755;
83 s->socket_mode = 0666;
84
85 s->max_connections = 64;
86
87 s->priority = -1;
88 s->ip_tos = -1;
89 s->ip_ttl = -1;
90 s->mark = -1;
91
92 s->exec_context.std_output = u->manager->default_std_output;
93 s->exec_context.std_error = u->manager->default_std_error;
94
95 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
96 }
97
98 static void socket_unwatch_control_pid(Socket *s) {
99 assert(s);
100
101 if (s->control_pid <= 0)
102 return;
103
104 unit_unwatch_pid(UNIT(s), s->control_pid);
105 s->control_pid = 0;
106 }
107
108 void socket_free_ports(Socket *s) {
109 SocketPort *p;
110
111 assert(s);
112
113 while ((p = s->ports)) {
114 LIST_REMOVE(port, s->ports, p);
115
116 sd_event_source_unref(p->event_source);
117
118 safe_close(p->fd);
119 free(p->path);
120 free(p);
121 }
122 }
123
124 static void socket_done(Unit *u) {
125 Socket *s = SOCKET(u);
126
127 assert(s);
128
129 socket_free_ports(s);
130
131 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
132 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
133 s->control_command = NULL;
134
135 socket_unwatch_control_pid(s);
136
137 unit_ref_unset(&s->service);
138
139 free(s->tcp_congestion);
140 s->tcp_congestion = NULL;
141
142 free(s->bind_to_device);
143 s->bind_to_device = NULL;
144
145 free(s->smack);
146 free(s->smack_ip_in);
147 free(s->smack_ip_out);
148
149 strv_free(s->symlinks);
150
151 free(s->user);
152 free(s->group);
153
154 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
155 }
156
157 static int socket_arm_timer(Socket *s) {
158 int r;
159
160 assert(s);
161
162 if (s->timeout_usec <= 0) {
163 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
164 return 0;
165 }
166
167 if (s->timer_event_source) {
168 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
169 if (r < 0)
170 return r;
171
172 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
173 }
174
175 return sd_event_add_time(
176 UNIT(s)->manager->event,
177 &s->timer_event_source,
178 CLOCK_MONOTONIC,
179 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
180 socket_dispatch_timer, s);
181 }
182
183 int socket_instantiate_service(Socket *s) {
184 _cleanup_free_ char *prefix = NULL, *name = NULL;
185 int r;
186 Unit *u;
187
188 assert(s);
189
190 /* This fills in s->service if it isn't filled in yet. For
191 * Accept=yes sockets we create the next connection service
192 * here. For Accept=no this is mostly a NOP since the service
193 * is figured out at load time anyway. */
194
195 if (UNIT_DEREF(s->service) || !s->accept)
196 return 0;
197
198 prefix = unit_name_to_prefix(UNIT(s)->id);
199 if (!prefix)
200 return -ENOMEM;
201
202 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
203 return -ENOMEM;
204
205 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
206 if (r < 0)
207 return r;
208
209 u->no_gc = true;
210 unit_ref_set(&s->service, u);
211
212 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
213 }
214
215 static bool have_non_accept_socket(Socket *s) {
216 SocketPort *p;
217
218 assert(s);
219
220 if (!s->accept)
221 return true;
222
223 LIST_FOREACH(port, p, s->ports) {
224
225 if (p->type != SOCKET_SOCKET)
226 return true;
227
228 if (!socket_address_can_accept(&p->address))
229 return true;
230 }
231
232 return false;
233 }
234
235 static int socket_add_mount_links(Socket *s) {
236 SocketPort *p;
237 int r;
238
239 assert(s);
240
241 LIST_FOREACH(port, p, s->ports) {
242 const char *path = NULL;
243
244 if (p->type == SOCKET_SOCKET)
245 path = socket_address_get_path(&p->address);
246 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
247 path = p->path;
248
249 if (!path)
250 continue;
251
252 r = unit_require_mounts_for(UNIT(s), path);
253 if (r < 0)
254 return r;
255 }
256
257 return 0;
258 }
259
260 static int socket_add_device_link(Socket *s) {
261 char *t;
262
263 assert(s);
264
265 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
266 return 0;
267
268 t = strappenda("/sys/subsystem/net/devices/", s->bind_to_device);
269 return unit_add_node_link(UNIT(s), t, false);
270 }
271
272 static int socket_add_default_dependencies(Socket *s) {
273 int r;
274 assert(s);
275
276 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
277 if (r < 0)
278 return r;
279
280 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
281 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
282 if (r < 0)
283 return r;
284 }
285
286 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
287 }
288
289 _pure_ static bool socket_has_exec(Socket *s) {
290 unsigned i;
291 assert(s);
292
293 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
294 if (s->exec_command[i])
295 return true;
296
297 return false;
298 }
299
300 static int socket_add_extras(Socket *s) {
301 Unit *u = UNIT(s);
302 int r;
303
304 assert(s);
305
306 if (have_non_accept_socket(s)) {
307
308 if (!UNIT_DEREF(s->service)) {
309 Unit *x;
310
311 r = unit_load_related_unit(u, ".service", &x);
312 if (r < 0)
313 return r;
314
315 unit_ref_set(&s->service, x);
316 }
317
318 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
319 if (r < 0)
320 return r;
321 }
322
323 r = socket_add_mount_links(s);
324 if (r < 0)
325 return r;
326
327 r = socket_add_device_link(s);
328 if (r < 0)
329 return r;
330
331 r = unit_patch_contexts(u);
332 if (r < 0)
333 return r;
334
335 if (socket_has_exec(s)) {
336 r = unit_add_exec_dependencies(u, &s->exec_context);
337 if (r < 0)
338 return r;
339
340 r = unit_add_default_slice(u, &s->cgroup_context);
341 if (r < 0)
342 return r;
343 }
344
345 if (u->default_dependencies) {
346 r = socket_add_default_dependencies(s);
347 if (r < 0)
348 return r;
349 }
350
351 return 0;
352 }
353
354 static const char *socket_find_symlink_target(Socket *s) {
355 const char *found = NULL;
356 SocketPort *p;
357
358 LIST_FOREACH(port, p, s->ports) {
359 const char *f = NULL;
360
361 switch (p->type) {
362
363 case SOCKET_FIFO:
364 f = p->path;
365 break;
366
367 case SOCKET_SOCKET:
368 if (p->address.sockaddr.un.sun_path[0] != 0)
369 f = p->address.sockaddr.un.sun_path;
370 break;
371
372 default:
373 break;
374 }
375
376 if (f) {
377 if (found)
378 return NULL;
379
380 found = f;
381 }
382 }
383
384 return found;
385 }
386
387 static int socket_verify(Socket *s) {
388 assert(s);
389
390 if (UNIT(s)->load_state != UNIT_LOADED)
391 return 0;
392
393 if (!s->ports) {
394 log_error_unit(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
395 return -EINVAL;
396 }
397
398 if (s->accept && have_non_accept_socket(s)) {
399 log_error_unit(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
400 UNIT(s)->id);
401 return -EINVAL;
402 }
403
404 if (s->accept && s->max_connections <= 0) {
405 log_error_unit(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
406 return -EINVAL;
407 }
408
409 if (s->accept && UNIT_DEREF(s->service)) {
410 log_error_unit(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
411 return -EINVAL;
412 }
413
414 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
415 log_error_unit(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
416 return -EINVAL;
417 }
418
419 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
420 log_error_unit(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
421 return -EINVAL;
422 }
423
424 return 0;
425 }
426
427 static int socket_load(Unit *u) {
428 Socket *s = SOCKET(u);
429 int r;
430
431 assert(u);
432 assert(u->load_state == UNIT_STUB);
433
434 r = unit_load_fragment_and_dropin(u);
435 if (r < 0)
436 return r;
437
438 if (u->load_state == UNIT_LOADED) {
439 /* This is a new unit? Then let's add in some extras */
440 r = socket_add_extras(s);
441 if (r < 0)
442 return r;
443 }
444
445 return socket_verify(s);
446 }
447
448 _const_ static const char* listen_lookup(int family, int type) {
449
450 if (family == AF_NETLINK)
451 return "ListenNetlink";
452
453 if (type == SOCK_STREAM)
454 return "ListenStream";
455 else if (type == SOCK_DGRAM)
456 return "ListenDatagram";
457 else if (type == SOCK_SEQPACKET)
458 return "ListenSequentialPacket";
459
460 assert_not_reached("Unknown socket type");
461 return NULL;
462 }
463
464 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
465 char time_string[FORMAT_TIMESPAN_MAX];
466 SocketExecCommand c;
467 Socket *s = SOCKET(u);
468 SocketPort *p;
469 const char *prefix2;
470
471 assert(s);
472 assert(f);
473
474 prefix = strempty(prefix);
475 prefix2 = strappenda(prefix, "\t");
476
477 fprintf(f,
478 "%sSocket State: %s\n"
479 "%sResult: %s\n"
480 "%sBindIPv6Only: %s\n"
481 "%sBacklog: %u\n"
482 "%sSocketMode: %04o\n"
483 "%sDirectoryMode: %04o\n"
484 "%sKeepAlive: %s\n"
485 "%sNoDelay: %s\n"
486 "%sFreeBind: %s\n"
487 "%sTransparent: %s\n"
488 "%sBroadcast: %s\n"
489 "%sPassCredentials: %s\n"
490 "%sPassSecurity: %s\n"
491 "%sTCPCongestion: %s\n"
492 "%sRemoveOnStop: %s\n"
493 "%sSELinuxContextFromNet: %s\n",
494 prefix, socket_state_to_string(s->state),
495 prefix, socket_result_to_string(s->result),
496 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
497 prefix, s->backlog,
498 prefix, s->socket_mode,
499 prefix, s->directory_mode,
500 prefix, yes_no(s->keep_alive),
501 prefix, yes_no(s->no_delay),
502 prefix, yes_no(s->free_bind),
503 prefix, yes_no(s->transparent),
504 prefix, yes_no(s->broadcast),
505 prefix, yes_no(s->pass_cred),
506 prefix, yes_no(s->pass_sec),
507 prefix, strna(s->tcp_congestion),
508 prefix, yes_no(s->remove_on_stop),
509 prefix, yes_no(s->selinux_context_from_net));
510
511 if (s->control_pid > 0)
512 fprintf(f,
513 "%sControl PID: "PID_FMT"\n",
514 prefix, s->control_pid);
515
516 if (s->bind_to_device)
517 fprintf(f,
518 "%sBindToDevice: %s\n",
519 prefix, s->bind_to_device);
520
521 if (s->accept)
522 fprintf(f,
523 "%sAccepted: %u\n"
524 "%sNConnections: %u\n"
525 "%sMaxConnections: %u\n",
526 prefix, s->n_accepted,
527 prefix, s->n_connections,
528 prefix, s->max_connections);
529
530 if (s->priority >= 0)
531 fprintf(f,
532 "%sPriority: %i\n",
533 prefix, s->priority);
534
535 if (s->receive_buffer > 0)
536 fprintf(f,
537 "%sReceiveBuffer: %zu\n",
538 prefix, s->receive_buffer);
539
540 if (s->send_buffer > 0)
541 fprintf(f,
542 "%sSendBuffer: %zu\n",
543 prefix, s->send_buffer);
544
545 if (s->ip_tos >= 0)
546 fprintf(f,
547 "%sIPTOS: %i\n",
548 prefix, s->ip_tos);
549
550 if (s->ip_ttl >= 0)
551 fprintf(f,
552 "%sIPTTL: %i\n",
553 prefix, s->ip_ttl);
554
555 if (s->pipe_size > 0)
556 fprintf(f,
557 "%sPipeSize: %zu\n",
558 prefix, s->pipe_size);
559
560 if (s->mark >= 0)
561 fprintf(f,
562 "%sMark: %i\n",
563 prefix, s->mark);
564
565 if (s->mq_maxmsg > 0)
566 fprintf(f,
567 "%sMessageQueueMaxMessages: %li\n",
568 prefix, s->mq_maxmsg);
569
570 if (s->mq_msgsize > 0)
571 fprintf(f,
572 "%sMessageQueueMessageSize: %li\n",
573 prefix, s->mq_msgsize);
574
575 if (s->reuse_port)
576 fprintf(f,
577 "%sReusePort: %s\n",
578 prefix, yes_no(s->reuse_port));
579
580 if (s->smack)
581 fprintf(f,
582 "%sSmackLabel: %s\n",
583 prefix, s->smack);
584
585 if (s->smack_ip_in)
586 fprintf(f,
587 "%sSmackLabelIPIn: %s\n",
588 prefix, s->smack_ip_in);
589
590 if (s->smack_ip_out)
591 fprintf(f,
592 "%sSmackLabelIPOut: %s\n",
593 prefix, s->smack_ip_out);
594
595 if (!isempty(s->user) || !isempty(s->group))
596 fprintf(f,
597 "%sOwnerUser: %s\n"
598 "%sOwnerGroup: %s\n",
599 prefix, strna(s->user),
600 prefix, strna(s->group));
601
602 if (s->keep_alive_time > 0)
603 fprintf(f,
604 "%sKeepAliveTimeSec: %s\n",
605 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
606
607 if (s->keep_alive_interval)
608 fprintf(f,
609 "%sKeepAliveIntervalSec: %s\n",
610 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
611
612 if (s->keep_alive_cnt)
613 fprintf(f,
614 "%sKeepAliveProbes: %u\n",
615 prefix, s->keep_alive_cnt);
616
617 if (s->defer_accept)
618 fprintf(f,
619 "%sDeferAcceptSec: %s\n",
620 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
621
622 LIST_FOREACH(port, p, s->ports) {
623
624 if (p->type == SOCKET_SOCKET) {
625 const char *t;
626 int r;
627 char *k = NULL;
628
629 if ((r = socket_address_print(&p->address, &k)) < 0)
630 t = strerror(-r);
631 else
632 t = k;
633
634 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
635 free(k);
636 } else if (p->type == SOCKET_SPECIAL)
637 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
638 else if (p->type == SOCKET_MQUEUE)
639 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
640 else
641 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
642 }
643
644 exec_context_dump(&s->exec_context, f, prefix);
645 kill_context_dump(&s->kill_context, f, prefix);
646
647 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
648 if (!s->exec_command[c])
649 continue;
650
651 fprintf(f, "%s-> %s:\n",
652 prefix, socket_exec_command_to_string(c));
653
654 exec_command_dump_list(s->exec_command[c], f, prefix2);
655 }
656 }
657
658 static int instance_from_socket(int fd, unsigned nr, char **instance) {
659 socklen_t l;
660 char *r;
661 union sockaddr_union local, remote;
662
663 assert(fd >= 0);
664 assert(instance);
665
666 l = sizeof(local);
667 if (getsockname(fd, &local.sa, &l) < 0)
668 return -errno;
669
670 l = sizeof(remote);
671 if (getpeername(fd, &remote.sa, &l) < 0)
672 return -errno;
673
674 switch (local.sa.sa_family) {
675
676 case AF_INET: {
677 uint32_t
678 a = ntohl(local.in.sin_addr.s_addr),
679 b = ntohl(remote.in.sin_addr.s_addr);
680
681 if (asprintf(&r,
682 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
683 nr,
684 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
685 ntohs(local.in.sin_port),
686 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
687 ntohs(remote.in.sin_port)) < 0)
688 return -ENOMEM;
689
690 break;
691 }
692
693 case AF_INET6: {
694 static const unsigned char ipv4_prefix[] = {
695 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
696 };
697
698 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
699 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
700 const uint8_t
701 *a = local.in6.sin6_addr.s6_addr+12,
702 *b = remote.in6.sin6_addr.s6_addr+12;
703
704 if (asprintf(&r,
705 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
706 nr,
707 a[0], a[1], a[2], a[3],
708 ntohs(local.in6.sin6_port),
709 b[0], b[1], b[2], b[3],
710 ntohs(remote.in6.sin6_port)) < 0)
711 return -ENOMEM;
712 } else {
713 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
714
715 if (asprintf(&r,
716 "%u-%s:%u-%s:%u",
717 nr,
718 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
719 ntohs(local.in6.sin6_port),
720 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
721 ntohs(remote.in6.sin6_port)) < 0)
722 return -ENOMEM;
723 }
724
725 break;
726 }
727
728 case AF_UNIX: {
729 struct ucred ucred;
730 int k;
731
732 k = getpeercred(fd, &ucred);
733 if (k >= 0) {
734 if (asprintf(&r,
735 "%u-"PID_FMT"-"UID_FMT,
736 nr, ucred.pid, ucred.uid) < 0)
737 return -ENOMEM;
738 } else if (k == -ENODATA) {
739 /* This handles the case where somebody is
740 * connecting from another pid/uid namespace
741 * (e.g. from outside of our container). */
742 if (asprintf(&r,
743 "%u-unknown",
744 nr) < 0)
745 return -ENOMEM;
746 } else
747 return k;
748
749 break;
750 }
751
752 default:
753 assert_not_reached("Unhandled socket type.");
754 }
755
756 *instance = r;
757 return 0;
758 }
759
760 static void socket_close_fds(Socket *s) {
761 SocketPort *p;
762 char **i;
763
764 assert(s);
765
766 LIST_FOREACH(port, p, s->ports) {
767
768 p->event_source = sd_event_source_unref(p->event_source);
769
770 if (p->fd < 0)
771 continue;
772
773 p->fd = safe_close(p->fd);
774
775 /* One little note: we should normally not delete any
776 * sockets in the file system here! After all some
777 * other process we spawned might still have a
778 * reference of this fd and wants to continue to use
779 * it. Therefore we delete sockets in the file system
780 * before we create a new one, not after we stopped
781 * using one! */
782
783 if (s->remove_on_stop) {
784 switch (p->type) {
785
786 case SOCKET_FIFO:
787 unlink(p->path);
788 break;
789
790 case SOCKET_MQUEUE:
791 mq_unlink(p->path);
792 break;
793
794 case SOCKET_SOCKET:
795 socket_address_unlink(&p->address);
796 break;
797
798 default:
799 break;
800 }
801 }
802 }
803
804 if (s->remove_on_stop)
805 STRV_FOREACH(i, s->symlinks)
806 unlink(*i);
807 }
808
809 static void socket_apply_socket_options(Socket *s, int fd) {
810 int r;
811
812 assert(s);
813 assert(fd >= 0);
814
815 if (s->keep_alive) {
816 int b = s->keep_alive;
817 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
818 log_warning_unit(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
819 }
820
821 if (s->keep_alive_time) {
822 int value = s->keep_alive_time / USEC_PER_SEC;
823 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
824 log_warning_unit(UNIT(s)->id, "TCP_KEEPIDLE failed: %m");
825 }
826
827 if (s->keep_alive_interval) {
828 int value = s->keep_alive_interval / USEC_PER_SEC;
829 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
830 log_warning_unit(UNIT(s)->id, "TCP_KEEPINTVL failed: %m");
831 }
832
833 if (s->keep_alive_cnt) {
834 int value = s->keep_alive_cnt;
835 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
836 log_warning_unit(UNIT(s)->id, "TCP_KEEPCNT failed: %m");
837 }
838
839 if (s->defer_accept) {
840 int value = s->defer_accept / USEC_PER_SEC;
841 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
842 log_warning_unit(UNIT(s)->id, "TCP_DEFER_ACCEPT failed: %m");
843 }
844
845 if (s->no_delay) {
846 int b = s->no_delay;
847 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
848 log_warning_unit(UNIT(s)->id, "TCP_NODELAY failed: %m");
849 }
850
851 if (s->broadcast) {
852 int one = 1;
853 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
854 log_warning_unit(UNIT(s)->id, "SO_BROADCAST failed: %m");
855 }
856
857 if (s->pass_cred) {
858 int one = 1;
859 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
860 log_warning_unit(UNIT(s)->id, "SO_PASSCRED failed: %m");
861 }
862
863 if (s->pass_sec) {
864 int one = 1;
865 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
866 log_warning_unit(UNIT(s)->id, "SO_PASSSEC failed: %m");
867 }
868
869 if (s->priority >= 0)
870 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
871 log_warning_unit(UNIT(s)->id, "SO_PRIORITY failed: %m");
872
873 if (s->receive_buffer > 0) {
874 int value = (int) s->receive_buffer;
875
876 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
877
878 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
879 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
880 log_warning_unit(UNIT(s)->id, "SO_RCVBUF failed: %m");
881 }
882
883 if (s->send_buffer > 0) {
884 int value = (int) s->send_buffer;
885 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
886 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
887 log_warning_unit(UNIT(s)->id, "SO_SNDBUF failed: %m");
888 }
889
890 if (s->mark >= 0)
891 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
892 log_warning_unit(UNIT(s)->id, "SO_MARK failed: %m");
893
894 if (s->ip_tos >= 0)
895 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
896 log_warning_unit(UNIT(s)->id, "IP_TOS failed: %m");
897
898 if (s->ip_ttl >= 0) {
899 int x;
900
901 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
902
903 if (socket_ipv6_is_supported())
904 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
905 else {
906 x = -1;
907 errno = EAFNOSUPPORT;
908 }
909
910 if (r < 0 && x < 0)
911 log_warning_unit(UNIT(s)->id,
912 "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
913 }
914
915 if (s->tcp_congestion)
916 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
917 log_warning_unit(UNIT(s)->id, "TCP_CONGESTION failed: %m");
918
919 if (s->reuse_port) {
920 int b = s->reuse_port;
921 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
922 log_warning_unit(UNIT(s)->id, "SO_REUSEPORT failed: %m");
923 }
924
925 if (s->smack_ip_in) {
926 r = mac_smack_apply_ip_in_fd(fd, s->smack_ip_in);
927 if (r < 0)
928 log_error_unit(UNIT(s)->id, "mac_smack_apply_ip_in_fd: %s", strerror(-r));
929 }
930
931 if (s->smack_ip_out) {
932 r = mac_smack_apply_ip_out_fd(fd, s->smack_ip_out);
933 if (r < 0)
934 log_error_unit(UNIT(s)->id, "mac_smack_apply_ip_out_fd: %s", strerror(-r));
935 }
936 }
937
938 static void socket_apply_fifo_options(Socket *s, int fd) {
939 int r;
940
941 assert(s);
942 assert(fd >= 0);
943
944 if (s->pipe_size > 0)
945 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
946 log_warning_unit(UNIT(s)->id, "F_SETPIPE_SZ: %m");
947
948 if (s->smack) {
949 r = mac_smack_apply_fd(fd, s->smack);
950 if (r < 0)
951 log_error_unit(UNIT(s)->id, "mac_smack_apply_fd: %s", strerror(-r));
952 }
953 }
954
955 static int fifo_address_create(
956 const char *path,
957 mode_t directory_mode,
958 mode_t socket_mode,
959 int *_fd) {
960
961 int fd = -1, r = 0;
962 struct stat st;
963 mode_t old_mask;
964
965 assert(path);
966 assert(_fd);
967
968 mkdir_parents_label(path, directory_mode);
969
970 r = mac_selinux_context_set(path, S_IFIFO);
971 if (r < 0)
972 goto fail;
973
974 /* Enforce the right access mode for the fifo */
975 old_mask = umask(~ socket_mode);
976
977 /* Include the original umask in our mask */
978 umask(~socket_mode | old_mask);
979
980 r = mkfifo(path, socket_mode);
981 umask(old_mask);
982
983 if (r < 0 && errno != EEXIST) {
984 r = -errno;
985 goto fail;
986 }
987
988 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
989 r = -errno;
990 goto fail;
991 }
992
993 mac_selinux_context_clear();
994
995 if (fstat(fd, &st) < 0) {
996 r = -errno;
997 goto fail;
998 }
999
1000 if (!S_ISFIFO(st.st_mode) ||
1001 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1002 st.st_uid != getuid() ||
1003 st.st_gid != getgid()) {
1004
1005 r = -EEXIST;
1006 goto fail;
1007 }
1008
1009 *_fd = fd;
1010 return 0;
1011
1012 fail:
1013 mac_selinux_context_clear();
1014 safe_close(fd);
1015
1016 return r;
1017 }
1018
1019 static int special_address_create(
1020 const char *path,
1021 int *_fd) {
1022
1023 int fd = -1, r = 0;
1024 struct stat st;
1025
1026 assert(path);
1027 assert(_fd);
1028
1029 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1030 if (fd < 0) {
1031 r = -errno;
1032 goto fail;
1033 }
1034
1035 if (fstat(fd, &st) < 0) {
1036 r = -errno;
1037 goto fail;
1038 }
1039
1040 /* Check whether this is a /proc, /sys or /dev file or char device */
1041 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1042 r = -EEXIST;
1043 goto fail;
1044 }
1045
1046 *_fd = fd;
1047 return 0;
1048
1049 fail:
1050 safe_close(fd);
1051
1052 return r;
1053 }
1054
1055 static int mq_address_create(
1056 const char *path,
1057 mode_t mq_mode,
1058 long maxmsg,
1059 long msgsize,
1060 int *_fd) {
1061
1062 int fd = -1, r = 0;
1063 struct stat st;
1064 mode_t old_mask;
1065 struct mq_attr _attr, *attr = NULL;
1066
1067 assert(path);
1068 assert(_fd);
1069
1070 if (maxmsg > 0 && msgsize > 0) {
1071 zero(_attr);
1072 _attr.mq_flags = O_NONBLOCK;
1073 _attr.mq_maxmsg = maxmsg;
1074 _attr.mq_msgsize = msgsize;
1075 attr = &_attr;
1076 }
1077
1078 /* Enforce the right access mode for the mq */
1079 old_mask = umask(~ mq_mode);
1080
1081 /* Include the original umask in our mask */
1082 umask(~mq_mode | old_mask);
1083 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1084 umask(old_mask);
1085
1086 if (fd < 0) {
1087 r = -errno;
1088 goto fail;
1089 }
1090
1091 if (fstat(fd, &st) < 0) {
1092 r = -errno;
1093 goto fail;
1094 }
1095
1096 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1097 st.st_uid != getuid() ||
1098 st.st_gid != getgid()) {
1099
1100 r = -EEXIST;
1101 goto fail;
1102 }
1103
1104 *_fd = fd;
1105 return 0;
1106
1107 fail:
1108 safe_close(fd);
1109 return r;
1110 }
1111
1112 static int socket_symlink(Socket *s) {
1113 const char *p;
1114 char **i;
1115
1116 assert(s);
1117
1118 p = socket_find_symlink_target(s);
1119 if (!p)
1120 return 0;
1121
1122 STRV_FOREACH(i, s->symlinks)
1123 symlink(p, *i);
1124
1125 return 0;
1126 }
1127
1128 static int socket_open_fds(Socket *s) {
1129 SocketPort *p;
1130 int r;
1131 char *label = NULL;
1132 bool know_label = false;
1133
1134 assert(s);
1135
1136 LIST_FOREACH(port, p, s->ports) {
1137
1138 if (p->fd >= 0)
1139 continue;
1140
1141 if (p->type == SOCKET_SOCKET) {
1142 if (!know_label && s->selinux_context_from_net) {
1143 r = mac_selinux_get_our_label(&label);
1144 if (r < 0)
1145 return r;
1146 know_label = true;
1147 } else if (!know_label) {
1148
1149 r = socket_instantiate_service(s);
1150 if (r < 0)
1151 return r;
1152
1153 if (UNIT_ISSET(s->service) &&
1154 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1155 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1156 if (r < 0 && r != -EPERM)
1157 return r;
1158 }
1159
1160 know_label = true;
1161 }
1162
1163 r = socket_address_listen(
1164 &p->address,
1165 SOCK_CLOEXEC|SOCK_NONBLOCK,
1166 s->backlog,
1167 s->bind_ipv6_only,
1168 s->bind_to_device,
1169 s->free_bind,
1170 s->transparent,
1171 s->directory_mode,
1172 s->socket_mode,
1173 label);
1174 if (r < 0)
1175 goto rollback;
1176
1177 p->fd = r;
1178 socket_apply_socket_options(s, p->fd);
1179 socket_symlink(s);
1180
1181 } else if (p->type == SOCKET_SPECIAL) {
1182
1183 r = special_address_create(
1184 p->path,
1185 &p->fd);
1186 if (r < 0)
1187 goto rollback;
1188
1189 } else if (p->type == SOCKET_FIFO) {
1190
1191 r = fifo_address_create(
1192 p->path,
1193 s->directory_mode,
1194 s->socket_mode,
1195 &p->fd);
1196 if (r < 0)
1197 goto rollback;
1198
1199 socket_apply_fifo_options(s, p->fd);
1200 socket_symlink(s);
1201
1202 } else if (p->type == SOCKET_MQUEUE) {
1203
1204 r = mq_address_create(
1205 p->path,
1206 s->socket_mode,
1207 s->mq_maxmsg,
1208 s->mq_msgsize,
1209 &p->fd);
1210 if (r < 0)
1211 goto rollback;
1212 } else
1213 assert_not_reached("Unknown port type");
1214 }
1215
1216 mac_selinux_free(label);
1217 return 0;
1218
1219 rollback:
1220 socket_close_fds(s);
1221 mac_selinux_free(label);
1222 return r;
1223 }
1224
1225 static void socket_unwatch_fds(Socket *s) {
1226 SocketPort *p;
1227 int r;
1228
1229 assert(s);
1230
1231 LIST_FOREACH(port, p, s->ports) {
1232 if (p->fd < 0)
1233 continue;
1234
1235 if (!p->event_source)
1236 continue;
1237
1238 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1239 if (r < 0)
1240 log_debug_unit(UNIT(s)->id, "Failed to disable event source.");
1241 }
1242 }
1243
1244 static int socket_watch_fds(Socket *s) {
1245 SocketPort *p;
1246 int r;
1247
1248 assert(s);
1249
1250 LIST_FOREACH(port, p, s->ports) {
1251 if (p->fd < 0)
1252 continue;
1253
1254 if (p->event_source)
1255 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1256 else
1257 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1258
1259 if (r < 0) {
1260 log_warning_unit(UNIT(s)->id, "Failed to watch listening fds: %s", strerror(-r));
1261 goto fail;
1262 }
1263 }
1264
1265 return 0;
1266
1267 fail:
1268 socket_unwatch_fds(s);
1269 return r;
1270 }
1271
1272 static void socket_set_state(Socket *s, SocketState state) {
1273 SocketState old_state;
1274 assert(s);
1275
1276 old_state = s->state;
1277 s->state = state;
1278
1279 if (!IN_SET(state,
1280 SOCKET_START_PRE,
1281 SOCKET_START_CHOWN,
1282 SOCKET_START_POST,
1283 SOCKET_STOP_PRE,
1284 SOCKET_STOP_PRE_SIGTERM,
1285 SOCKET_STOP_PRE_SIGKILL,
1286 SOCKET_STOP_POST,
1287 SOCKET_FINAL_SIGTERM,
1288 SOCKET_FINAL_SIGKILL)) {
1289
1290 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1291 socket_unwatch_control_pid(s);
1292 s->control_command = NULL;
1293 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1294 }
1295
1296 if (state != SOCKET_LISTENING)
1297 socket_unwatch_fds(s);
1298
1299 if (!IN_SET(state,
1300 SOCKET_START_CHOWN,
1301 SOCKET_START_POST,
1302 SOCKET_LISTENING,
1303 SOCKET_RUNNING,
1304 SOCKET_STOP_PRE,
1305 SOCKET_STOP_PRE_SIGTERM,
1306 SOCKET_STOP_PRE_SIGKILL))
1307 socket_close_fds(s);
1308
1309 if (state != old_state)
1310 log_debug_unit(UNIT(s)->id, "%s changed %s -> %s",
1311 UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
1312
1313 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1314 }
1315
1316 static int socket_coldplug(Unit *u) {
1317 Socket *s = SOCKET(u);
1318 int r;
1319
1320 assert(s);
1321 assert(s->state == SOCKET_DEAD);
1322
1323 if (s->deserialized_state == s->state)
1324 return 0;
1325
1326 if (IN_SET(s->deserialized_state,
1327 SOCKET_START_PRE,
1328 SOCKET_START_CHOWN,
1329 SOCKET_START_POST,
1330 SOCKET_STOP_PRE,
1331 SOCKET_STOP_PRE_SIGTERM,
1332 SOCKET_STOP_PRE_SIGKILL,
1333 SOCKET_STOP_POST,
1334 SOCKET_FINAL_SIGTERM,
1335 SOCKET_FINAL_SIGKILL)) {
1336
1337 if (s->control_pid <= 0)
1338 return -EBADMSG;
1339
1340 r = unit_watch_pid(UNIT(s), s->control_pid);
1341 if (r < 0)
1342 return r;
1343
1344 r = socket_arm_timer(s);
1345 if (r < 0)
1346 return r;
1347 }
1348
1349 if (IN_SET(s->deserialized_state,
1350 SOCKET_START_CHOWN,
1351 SOCKET_START_POST,
1352 SOCKET_LISTENING,
1353 SOCKET_RUNNING,
1354 SOCKET_STOP_PRE,
1355 SOCKET_STOP_PRE_SIGTERM,
1356 SOCKET_STOP_PRE_SIGKILL)) {
1357 r = socket_open_fds(s);
1358 if (r < 0)
1359 return r;
1360 }
1361
1362 if (s->deserialized_state == SOCKET_LISTENING) {
1363 r = socket_watch_fds(s);
1364 if (r < 0)
1365 return r;
1366 }
1367
1368 socket_set_state(s, s->deserialized_state);
1369 return 0;
1370 }
1371
1372 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1373 _cleanup_free_ char **argv = NULL;
1374 pid_t pid;
1375 int r;
1376 ExecParameters exec_params = {
1377 .apply_permissions = true,
1378 .apply_chroot = true,
1379 .apply_tty_stdin = true,
1380 };
1381
1382 assert(s);
1383 assert(c);
1384 assert(_pid);
1385
1386 unit_realize_cgroup(UNIT(s));
1387
1388 r = unit_setup_exec_runtime(UNIT(s));
1389 if (r < 0)
1390 goto fail;
1391
1392 r = socket_arm_timer(s);
1393 if (r < 0)
1394 goto fail;
1395
1396 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1397 if (r < 0)
1398 goto fail;
1399
1400 exec_params.argv = argv;
1401 exec_params.environment = UNIT(s)->manager->environment;
1402 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1403 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1404 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1405 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1406 exec_params.unit_id = UNIT(s)->id;
1407
1408 r = exec_spawn(c,
1409 &s->exec_context,
1410 &exec_params,
1411 s->exec_runtime,
1412 &pid);
1413 if (r < 0)
1414 goto fail;
1415
1416 r = unit_watch_pid(UNIT(s), pid);
1417 if (r < 0)
1418 /* FIXME: we need to do something here */
1419 goto fail;
1420
1421 *_pid = pid;
1422 return 0;
1423
1424 fail:
1425 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1426 return r;
1427 }
1428
1429 static int socket_chown(Socket *s, pid_t *_pid) {
1430 pid_t pid;
1431 int r;
1432
1433 r = socket_arm_timer(s);
1434 if (r < 0)
1435 goto fail;
1436
1437 /* We have to resolve the user names out-of-process, hence
1438 * let's fork here. It's messy, but well, what can we do? */
1439
1440 pid = fork();
1441 if (pid < 0)
1442 return -errno;
1443
1444 if (pid == 0) {
1445 SocketPort *p;
1446 uid_t uid = (uid_t) -1;
1447 gid_t gid = (gid_t) -1;
1448 int ret;
1449
1450 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1451 ignore_signals(SIGPIPE, -1);
1452 log_forget_fds();
1453
1454 if (!isempty(s->user)) {
1455 const char *user = s->user;
1456
1457 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1458 if (r < 0) {
1459 ret = EXIT_USER;
1460 goto fail_child;
1461 }
1462 }
1463
1464 if (!isempty(s->group)) {
1465 const char *group = s->group;
1466
1467 r = get_group_creds(&group, &gid);
1468 if (r < 0) {
1469 ret = EXIT_GROUP;
1470 goto fail_child;
1471 }
1472 }
1473
1474 LIST_FOREACH(port, p, s->ports) {
1475 const char *path = NULL;
1476
1477 if (p->type == SOCKET_SOCKET)
1478 path = socket_address_get_path(&p->address);
1479 else if (p->type == SOCKET_FIFO)
1480 path = p->path;
1481
1482 if (!path)
1483 continue;
1484
1485 if (chown(path, uid, gid) < 0) {
1486 r = -errno;
1487 ret = EXIT_CHOWN;
1488 goto fail_child;
1489 }
1490 }
1491
1492 _exit(0);
1493
1494 fail_child:
1495 log_open();
1496 log_error("Failed to chown socket at step %s: %s", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD), strerror(-r));
1497
1498 _exit(ret);
1499 }
1500
1501 r = unit_watch_pid(UNIT(s), pid);
1502 if (r < 0)
1503 goto fail;
1504
1505 *_pid = pid;
1506 return 0;
1507
1508 fail:
1509 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1510 return r;
1511 }
1512
1513 static void socket_enter_dead(Socket *s, SocketResult f) {
1514 assert(s);
1515
1516 if (f != SOCKET_SUCCESS)
1517 s->result = f;
1518
1519 exec_runtime_destroy(s->exec_runtime);
1520 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1521
1522 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1523
1524 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1525 }
1526
1527 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1528
1529 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1530 int r;
1531 assert(s);
1532
1533 if (f != SOCKET_SUCCESS)
1534 s->result = f;
1535
1536 socket_unwatch_control_pid(s);
1537 s->control_command_id = SOCKET_EXEC_STOP_POST;
1538 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1539
1540 if (s->control_command) {
1541 r = socket_spawn(s, s->control_command, &s->control_pid);
1542 if (r < 0)
1543 goto fail;
1544
1545 socket_set_state(s, SOCKET_STOP_POST);
1546 } else
1547 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1548
1549 return;
1550
1551 fail:
1552 log_warning_unit(UNIT(s)->id,
1553 "%s failed to run 'stop-post' task: %s",
1554 UNIT(s)->id, strerror(-r));
1555 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1556 }
1557
1558 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1559 int r;
1560
1561 assert(s);
1562
1563 if (f != SOCKET_SUCCESS)
1564 s->result = f;
1565
1566 r = unit_kill_context(
1567 UNIT(s),
1568 &s->kill_context,
1569 state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM,
1570 -1,
1571 s->control_pid,
1572 false);
1573 if (r < 0)
1574 goto fail;
1575
1576 if (r > 0) {
1577 r = socket_arm_timer(s);
1578 if (r < 0)
1579 goto fail;
1580
1581 socket_set_state(s, state);
1582 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1583 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1584 else if (state == SOCKET_STOP_PRE_SIGKILL)
1585 socket_enter_stop_post(s, SOCKET_SUCCESS);
1586 else if (state == SOCKET_FINAL_SIGTERM)
1587 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1588 else
1589 socket_enter_dead(s, SOCKET_SUCCESS);
1590
1591 return;
1592
1593 fail:
1594 log_warning_unit(UNIT(s)->id, "%s failed to kill processes: %s", UNIT(s)->id, strerror(-r));
1595
1596 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1597 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1598 else
1599 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1600 }
1601
1602 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1603 int r;
1604 assert(s);
1605
1606 if (f != SOCKET_SUCCESS)
1607 s->result = f;
1608
1609 socket_unwatch_control_pid(s);
1610 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1611 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1612
1613 if (s->control_command) {
1614 r = socket_spawn(s, s->control_command, &s->control_pid);
1615 if (r < 0)
1616 goto fail;
1617
1618 socket_set_state(s, SOCKET_STOP_PRE);
1619 } else
1620 socket_enter_stop_post(s, SOCKET_SUCCESS);
1621
1622 return;
1623
1624 fail:
1625 log_warning_unit(UNIT(s)->id, "%s failed to run 'stop-pre' task: %s", UNIT(s)->id, strerror(-r));
1626 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1627 }
1628
1629 static void socket_enter_listening(Socket *s) {
1630 int r;
1631 assert(s);
1632
1633 r = socket_watch_fds(s);
1634 if (r < 0) {
1635 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1636 goto fail;
1637 }
1638
1639 socket_set_state(s, SOCKET_LISTENING);
1640 return;
1641
1642 fail:
1643 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1644 }
1645
1646 static void socket_enter_start_post(Socket *s) {
1647 int r;
1648 assert(s);
1649
1650 socket_unwatch_control_pid(s);
1651 s->control_command_id = SOCKET_EXEC_START_POST;
1652 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1653
1654 if (s->control_command) {
1655 r = socket_spawn(s, s->control_command, &s->control_pid);
1656 if (r < 0) {
1657 log_warning_unit(UNIT(s)->id, "%s failed to run 'start-post' task: %s", UNIT(s)->id, strerror(-r));
1658 goto fail;
1659 }
1660
1661 socket_set_state(s, SOCKET_START_POST);
1662 } else
1663 socket_enter_listening(s);
1664
1665 return;
1666
1667 fail:
1668 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1669 }
1670
1671 static void socket_enter_start_chown(Socket *s) {
1672 int r;
1673
1674 assert(s);
1675
1676 r = socket_open_fds(s);
1677 if (r < 0) {
1678 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1679 goto fail;
1680 }
1681
1682 if (!isempty(s->user) || !isempty(s->group)) {
1683
1684 socket_unwatch_control_pid(s);
1685 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1686 s->control_command = NULL;
1687
1688 r = socket_chown(s, &s->control_pid);
1689 if (r < 0) {
1690 log_warning_unit(UNIT(s)->id, "%s failed to fork 'start-chown' task: %s", UNIT(s)->id, strerror(-r));
1691 goto fail;
1692 }
1693
1694 socket_set_state(s, SOCKET_START_CHOWN);
1695 } else
1696 socket_enter_start_post(s);
1697
1698 return;
1699
1700 fail:
1701 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1702 }
1703
1704 static void socket_enter_start_pre(Socket *s) {
1705 int r;
1706 assert(s);
1707
1708 socket_unwatch_control_pid(s);
1709 s->control_command_id = SOCKET_EXEC_START_PRE;
1710 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1711
1712 if (s->control_command) {
1713 r = socket_spawn(s, s->control_command, &s->control_pid);
1714 if (r < 0) {
1715 log_warning_unit(UNIT(s)->id, "%s failed to run 'start-pre' task: %s", UNIT(s)->id, strerror(-r));
1716 goto fail;
1717 }
1718
1719 socket_set_state(s, SOCKET_START_PRE);
1720 } else
1721 socket_enter_start_chown(s);
1722
1723 return;
1724
1725 fail:
1726 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1727 }
1728
1729 static void socket_enter_running(Socket *s, int cfd) {
1730 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1731 int r;
1732
1733 assert(s);
1734
1735 /* We don't take connections anymore if we are supposed to
1736 * shut down anyway */
1737 if (unit_stop_pending(UNIT(s))) {
1738
1739 log_debug_unit(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
1740
1741 if (cfd >= 0)
1742 safe_close(cfd);
1743 else {
1744 /* Flush all sockets by closing and reopening them */
1745 socket_close_fds(s);
1746
1747 r = socket_open_fds(s);
1748 if (r < 0) {
1749 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1750 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1751 return;
1752 }
1753
1754 r = socket_watch_fds(s);
1755 if (r < 0) {
1756 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1757 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1758 }
1759 }
1760
1761 return;
1762 }
1763
1764 if (cfd < 0) {
1765 Iterator i;
1766 Unit *other;
1767 bool pending = false;
1768
1769 /* If there's already a start pending don't bother to
1770 * do anything */
1771 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1772 if (unit_active_or_pending(other)) {
1773 pending = true;
1774 break;
1775 }
1776
1777 if (!pending) {
1778 if (!UNIT_ISSET(s->service)) {
1779 log_error_unit(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
1780 r = -ENOENT;
1781 goto fail;
1782 }
1783
1784 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1785 if (r < 0)
1786 goto fail;
1787 }
1788
1789 socket_set_state(s, SOCKET_RUNNING);
1790 } else {
1791 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1792 Service *service;
1793
1794 if (s->n_connections >= s->max_connections) {
1795 log_warning_unit(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
1796 safe_close(cfd);
1797 return;
1798 }
1799
1800 r = socket_instantiate_service(s);
1801 if (r < 0)
1802 goto fail;
1803
1804 r = instance_from_socket(cfd, s->n_accepted, &instance);
1805 if (r < 0) {
1806 if (r != -ENOTCONN)
1807 goto fail;
1808
1809 /* ENOTCONN is legitimate if TCP RST was received.
1810 * This connection is over, but the socket unit lives on. */
1811 safe_close(cfd);
1812 return;
1813 }
1814
1815 prefix = unit_name_to_prefix(UNIT(s)->id);
1816 if (!prefix) {
1817 r = -ENOMEM;
1818 goto fail;
1819 }
1820
1821 name = unit_name_build(prefix, instance, ".service");
1822 if (!name) {
1823 r = -ENOMEM;
1824 goto fail;
1825 }
1826
1827 r = unit_add_name(UNIT_DEREF(s->service), name);
1828 if (r < 0)
1829 goto fail;
1830
1831 service = SERVICE(UNIT_DEREF(s->service));
1832 unit_ref_unset(&s->service);
1833 s->n_accepted ++;
1834
1835 UNIT(service)->no_gc = false;
1836
1837 unit_choose_id(UNIT(service), name);
1838
1839 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1840 if (r < 0)
1841 goto fail;
1842
1843 cfd = -1;
1844 s->n_connections ++;
1845
1846 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1847 if (r < 0)
1848 goto fail;
1849
1850 /* Notify clients about changed counters */
1851 unit_add_to_dbus_queue(UNIT(s));
1852 }
1853
1854 return;
1855
1856 fail:
1857 log_warning_unit(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1858 UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
1859 bus_error_message(&error, r));
1860
1861 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1862 safe_close(cfd);
1863 }
1864
1865 static void socket_run_next(Socket *s) {
1866 int r;
1867
1868 assert(s);
1869 assert(s->control_command);
1870 assert(s->control_command->command_next);
1871
1872 socket_unwatch_control_pid(s);
1873
1874 s->control_command = s->control_command->command_next;
1875
1876 r = socket_spawn(s, s->control_command, &s->control_pid);
1877 if (r < 0)
1878 goto fail;
1879
1880 return;
1881
1882 fail:
1883 log_warning_unit(UNIT(s)->id, "%s failed to run next task: %s", UNIT(s)->id, strerror(-r));
1884
1885 if (s->state == SOCKET_START_POST)
1886 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1887 else if (s->state == SOCKET_STOP_POST)
1888 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1889 else
1890 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1891 }
1892
1893 static int socket_start(Unit *u) {
1894 Socket *s = SOCKET(u);
1895
1896 assert(s);
1897
1898 /* We cannot fulfill this request right now, try again later
1899 * please! */
1900 if (IN_SET(s->state,
1901 SOCKET_STOP_PRE,
1902 SOCKET_STOP_PRE_SIGKILL,
1903 SOCKET_STOP_PRE_SIGTERM,
1904 SOCKET_STOP_POST,
1905 SOCKET_FINAL_SIGTERM,
1906 SOCKET_FINAL_SIGKILL))
1907 return -EAGAIN;
1908
1909 /* Already on it! */
1910 if (IN_SET(s->state,
1911 SOCKET_START_PRE,
1912 SOCKET_START_CHOWN,
1913 SOCKET_START_POST))
1914 return 0;
1915
1916 /* Cannot run this without the service being around */
1917 if (UNIT_ISSET(s->service)) {
1918 Service *service;
1919
1920 service = SERVICE(UNIT_DEREF(s->service));
1921
1922 if (UNIT(service)->load_state != UNIT_LOADED) {
1923 log_error_unit(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1924 return -ENOENT;
1925 }
1926
1927 /* If the service is already active we cannot start the
1928 * socket */
1929 if (service->state != SERVICE_DEAD &&
1930 service->state != SERVICE_FAILED &&
1931 service->state != SERVICE_AUTO_RESTART) {
1932 log_error_unit(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
1933 return -EBUSY;
1934 }
1935 }
1936
1937 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1938
1939 s->result = SOCKET_SUCCESS;
1940 socket_enter_start_pre(s);
1941
1942 return 0;
1943 }
1944
1945 static int socket_stop(Unit *u) {
1946 Socket *s = SOCKET(u);
1947
1948 assert(s);
1949
1950 /* Already on it */
1951 if (IN_SET(s->state,
1952 SOCKET_STOP_PRE,
1953 SOCKET_STOP_PRE_SIGTERM,
1954 SOCKET_STOP_PRE_SIGKILL,
1955 SOCKET_STOP_POST,
1956 SOCKET_FINAL_SIGTERM,
1957 SOCKET_FINAL_SIGKILL))
1958 return 0;
1959
1960 /* If there's already something running we go directly into
1961 * kill mode. */
1962 if (IN_SET(s->state,
1963 SOCKET_START_PRE,
1964 SOCKET_START_CHOWN,
1965 SOCKET_START_POST)) {
1966 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1967 return -EAGAIN;
1968 }
1969
1970 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1971
1972 socket_enter_stop_pre(s, SOCKET_SUCCESS);
1973 return 0;
1974 }
1975
1976 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1977 Socket *s = SOCKET(u);
1978 SocketPort *p;
1979 int r;
1980
1981 assert(u);
1982 assert(f);
1983 assert(fds);
1984
1985 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
1986 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
1987 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
1988
1989 if (s->control_pid > 0)
1990 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
1991
1992 if (s->control_command_id >= 0)
1993 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
1994
1995 LIST_FOREACH(port, p, s->ports) {
1996 int copy;
1997
1998 if (p->fd < 0)
1999 continue;
2000
2001 copy = fdset_put_dup(fds, p->fd);
2002 if (copy < 0)
2003 return copy;
2004
2005 if (p->type == SOCKET_SOCKET) {
2006 _cleanup_free_ char *t = NULL;
2007
2008 r = socket_address_print(&p->address, &t);
2009 if (r < 0)
2010 return r;
2011
2012 if (socket_address_family(&p->address) == AF_NETLINK)
2013 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2014 else
2015 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2016
2017 } else if (p->type == SOCKET_SPECIAL)
2018 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2019 else if (p->type == SOCKET_MQUEUE)
2020 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2021 else {
2022 assert(p->type == SOCKET_FIFO);
2023 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2024 }
2025 }
2026
2027 return 0;
2028 }
2029
2030 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2031 Socket *s = SOCKET(u);
2032
2033 assert(u);
2034 assert(key);
2035 assert(value);
2036
2037 if (streq(key, "state")) {
2038 SocketState state;
2039
2040 state = socket_state_from_string(value);
2041 if (state < 0)
2042 log_debug_unit(u->id, "Failed to parse state value %s", value);
2043 else
2044 s->deserialized_state = state;
2045 } else if (streq(key, "result")) {
2046 SocketResult f;
2047
2048 f = socket_result_from_string(value);
2049 if (f < 0)
2050 log_debug_unit(u->id, "Failed to parse result value %s", value);
2051 else if (f != SOCKET_SUCCESS)
2052 s->result = f;
2053
2054 } else if (streq(key, "n-accepted")) {
2055 unsigned k;
2056
2057 if (safe_atou(value, &k) < 0)
2058 log_debug_unit(u->id, "Failed to parse n-accepted value %s", value);
2059 else
2060 s->n_accepted += k;
2061 } else if (streq(key, "control-pid")) {
2062 pid_t pid;
2063
2064 if (parse_pid(value, &pid) < 0)
2065 log_debug_unit(u->id, "Failed to parse control-pid value %s", value);
2066 else
2067 s->control_pid = pid;
2068 } else if (streq(key, "control-command")) {
2069 SocketExecCommand id;
2070
2071 id = socket_exec_command_from_string(value);
2072 if (id < 0)
2073 log_debug_unit(u->id, "Failed to parse exec-command value %s", value);
2074 else {
2075 s->control_command_id = id;
2076 s->control_command = s->exec_command[id];
2077 }
2078 } else if (streq(key, "fifo")) {
2079 int fd, skip = 0;
2080 SocketPort *p;
2081
2082 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2083 log_debug_unit(u->id, "Failed to parse fifo value %s", value);
2084 else {
2085
2086 LIST_FOREACH(port, p, s->ports)
2087 if (p->type == SOCKET_FIFO &&
2088 streq_ptr(p->path, value+skip))
2089 break;
2090
2091 if (p) {
2092 safe_close(p->fd);
2093 p->fd = fdset_remove(fds, fd);
2094 }
2095 }
2096
2097 } else if (streq(key, "special")) {
2098 int fd, skip = 0;
2099 SocketPort *p;
2100
2101 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2102 log_debug_unit(u->id, "Failed to parse special value %s", value);
2103 else {
2104
2105 LIST_FOREACH(port, p, s->ports)
2106 if (p->type == SOCKET_SPECIAL &&
2107 streq_ptr(p->path, value+skip))
2108 break;
2109
2110 if (p) {
2111 safe_close(p->fd);
2112 p->fd = fdset_remove(fds, fd);
2113 }
2114 }
2115
2116 } else if (streq(key, "mqueue")) {
2117 int fd, skip = 0;
2118 SocketPort *p;
2119
2120 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2121 log_debug_unit(u->id, "Failed to parse mqueue value %s", value);
2122 else {
2123
2124 LIST_FOREACH(port, p, s->ports)
2125 if (p->type == SOCKET_MQUEUE &&
2126 streq_ptr(p->path, value+skip))
2127 break;
2128
2129 if (p) {
2130 safe_close(p->fd);
2131 p->fd = fdset_remove(fds, fd);
2132 }
2133 }
2134
2135 } else if (streq(key, "socket")) {
2136 int fd, type, skip = 0;
2137 SocketPort *p;
2138
2139 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2140 log_debug_unit(u->id, "Failed to parse socket value %s", value);
2141 else {
2142
2143 LIST_FOREACH(port, p, s->ports)
2144 if (socket_address_is(&p->address, value+skip, type))
2145 break;
2146
2147 if (p) {
2148 safe_close(p->fd);
2149 p->fd = fdset_remove(fds, fd);
2150 }
2151 }
2152
2153 } else if (streq(key, "netlink")) {
2154 int fd, skip = 0;
2155 SocketPort *p;
2156
2157 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2158 log_debug_unit(u->id, "Failed to parse socket value %s", value);
2159 else {
2160
2161 LIST_FOREACH(port, p, s->ports)
2162 if (socket_address_is_netlink(&p->address, value+skip))
2163 break;
2164
2165 if (p) {
2166 safe_close(p->fd);
2167 p->fd = fdset_remove(fds, fd);
2168 }
2169 }
2170 } else
2171 log_debug_unit(UNIT(s)->id, "Unknown serialization key '%s'", key);
2172
2173 return 0;
2174 }
2175
2176 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2177 Socket *s = SOCKET(u);
2178 SocketPort *p;
2179
2180 assert(u);
2181
2182 LIST_FOREACH(port, p, s->ports) {
2183 Iterator i;
2184 int fd;
2185
2186 if (p->type != SOCKET_SOCKET)
2187 continue;
2188
2189 if (p->fd >= 0)
2190 continue;
2191
2192 FDSET_FOREACH(fd, fds, i) {
2193 if (socket_address_matches_fd(&p->address, fd)) {
2194 p->fd = fdset_remove(fds, fd);
2195 s->deserialized_state = SOCKET_LISTENING;
2196 break;
2197 }
2198 }
2199 }
2200
2201 return 0;
2202 }
2203
2204 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2205 assert(u);
2206
2207 return state_translation_table[SOCKET(u)->state];
2208 }
2209
2210 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2211 assert(u);
2212
2213 return socket_state_to_string(SOCKET(u)->state);
2214 }
2215
2216 const char* socket_port_type_to_string(SocketPort *p) {
2217
2218 assert(p);
2219
2220 switch (p->type) {
2221
2222 case SOCKET_SOCKET:
2223
2224 switch (p->address.type) {
2225
2226 case SOCK_STREAM:
2227 return "Stream";
2228
2229 case SOCK_DGRAM:
2230 return "Datagram";
2231
2232 case SOCK_SEQPACKET:
2233 return "SequentialPacket";
2234
2235 case SOCK_RAW:
2236 if (socket_address_family(&p->address) == AF_NETLINK)
2237 return "Netlink";
2238
2239 default:
2240 return NULL;
2241 }
2242
2243 case SOCKET_SPECIAL:
2244 return "Special";
2245
2246 case SOCKET_MQUEUE:
2247 return "MessageQueue";
2248
2249 case SOCKET_FIFO:
2250 return "FIFO";
2251
2252 default:
2253 return NULL;
2254 }
2255 }
2256
2257 _pure_ static bool socket_check_gc(Unit *u) {
2258 Socket *s = SOCKET(u);
2259
2260 assert(u);
2261
2262 return s->n_connections > 0;
2263 }
2264
2265 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2266 SocketPort *p = userdata;
2267 int cfd = -1;
2268
2269 assert(p);
2270 assert(fd >= 0);
2271
2272 if (p->socket->state != SOCKET_LISTENING)
2273 return 0;
2274
2275 log_debug_unit(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
2276
2277 if (revents != EPOLLIN) {
2278
2279 if (revents & EPOLLHUP)
2280 log_error_unit(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
2281 UNIT(p->socket)->id);
2282 else
2283 log_error_unit(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
2284 UNIT(p->socket)->id, revents);
2285
2286 goto fail;
2287 }
2288
2289 if (p->socket->accept &&
2290 p->type == SOCKET_SOCKET &&
2291 socket_address_can_accept(&p->address)) {
2292
2293 for (;;) {
2294
2295 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2296 if (cfd < 0) {
2297
2298 if (errno == EINTR)
2299 continue;
2300
2301 log_error_unit(UNIT(p->socket)->id,
2302 "Failed to accept socket: %m");
2303 goto fail;
2304 }
2305
2306 break;
2307 }
2308
2309 socket_apply_socket_options(p->socket, cfd);
2310 }
2311
2312 socket_enter_running(p->socket, cfd);
2313 return 0;
2314
2315 fail:
2316 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2317 return 0;
2318 }
2319
2320 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2321 Socket *s = SOCKET(u);
2322 SocketResult f;
2323
2324 assert(s);
2325 assert(pid >= 0);
2326
2327 if (pid != s->control_pid)
2328 return;
2329
2330 s->control_pid = 0;
2331
2332 if (is_clean_exit(code, status, NULL))
2333 f = SOCKET_SUCCESS;
2334 else if (code == CLD_EXITED)
2335 f = SOCKET_FAILURE_EXIT_CODE;
2336 else if (code == CLD_KILLED)
2337 f = SOCKET_FAILURE_SIGNAL;
2338 else if (code == CLD_DUMPED)
2339 f = SOCKET_FAILURE_CORE_DUMP;
2340 else
2341 assert_not_reached("Unknown sigchld code");
2342
2343 if (s->control_command) {
2344 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2345
2346 if (s->control_command->ignore)
2347 f = SOCKET_SUCCESS;
2348 }
2349
2350 log_full_unit(f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
2351 u->id,
2352 "%s control process exited, code=%s status=%i",
2353 u->id, sigchld_code_to_string(code), status);
2354
2355 if (f != SOCKET_SUCCESS)
2356 s->result = f;
2357
2358 if (s->control_command &&
2359 s->control_command->command_next &&
2360 f == SOCKET_SUCCESS) {
2361
2362 log_debug_unit(u->id,
2363 "%s running next command for state %s",
2364 u->id, socket_state_to_string(s->state));
2365 socket_run_next(s);
2366 } else {
2367 s->control_command = NULL;
2368 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2369
2370 /* No further commands for this step, so let's figure
2371 * out what to do next */
2372
2373 log_debug_unit(u->id,
2374 "%s got final SIGCHLD for state %s",
2375 u->id, socket_state_to_string(s->state));
2376
2377 switch (s->state) {
2378
2379 case SOCKET_START_PRE:
2380 if (f == SOCKET_SUCCESS)
2381 socket_enter_start_chown(s);
2382 else
2383 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2384 break;
2385
2386 case SOCKET_START_CHOWN:
2387 if (f == SOCKET_SUCCESS)
2388 socket_enter_start_post(s);
2389 else
2390 socket_enter_stop_pre(s, f);
2391 break;
2392
2393 case SOCKET_START_POST:
2394 if (f == SOCKET_SUCCESS)
2395 socket_enter_listening(s);
2396 else
2397 socket_enter_stop_pre(s, f);
2398 break;
2399
2400 case SOCKET_STOP_PRE:
2401 case SOCKET_STOP_PRE_SIGTERM:
2402 case SOCKET_STOP_PRE_SIGKILL:
2403 socket_enter_stop_post(s, f);
2404 break;
2405
2406 case SOCKET_STOP_POST:
2407 case SOCKET_FINAL_SIGTERM:
2408 case SOCKET_FINAL_SIGKILL:
2409 socket_enter_dead(s, f);
2410 break;
2411
2412 default:
2413 assert_not_reached("Uh, control process died at wrong time.");
2414 }
2415 }
2416
2417 /* Notify clients about changed exit status */
2418 unit_add_to_dbus_queue(u);
2419 }
2420
2421 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2422 Socket *s = SOCKET(userdata);
2423
2424 assert(s);
2425 assert(s->timer_event_source == source);
2426
2427 switch (s->state) {
2428
2429 case SOCKET_START_PRE:
2430 log_warning_unit(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
2431 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2432 break;
2433
2434 case SOCKET_START_CHOWN:
2435 case SOCKET_START_POST:
2436 log_warning_unit(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
2437 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2438 break;
2439
2440 case SOCKET_STOP_PRE:
2441 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
2442 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2443 break;
2444
2445 case SOCKET_STOP_PRE_SIGTERM:
2446 if (s->kill_context.send_sigkill) {
2447 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
2448 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2449 } else {
2450 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2451 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2452 }
2453 break;
2454
2455 case SOCKET_STOP_PRE_SIGKILL:
2456 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
2457 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2458 break;
2459
2460 case SOCKET_STOP_POST:
2461 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
2462 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2463 break;
2464
2465 case SOCKET_FINAL_SIGTERM:
2466 if (s->kill_context.send_sigkill) {
2467 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
2468 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2469 } else {
2470 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2471 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2472 }
2473 break;
2474
2475 case SOCKET_FINAL_SIGKILL:
2476 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
2477 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2478 break;
2479
2480 default:
2481 assert_not_reached("Timeout at wrong time.");
2482 }
2483
2484 return 0;
2485 }
2486
2487 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2488 int *rfds;
2489 unsigned rn_fds, k;
2490 SocketPort *p;
2491
2492 assert(s);
2493 assert(fds);
2494 assert(n_fds);
2495
2496 /* Called from the service code for requesting our fds */
2497
2498 rn_fds = 0;
2499 LIST_FOREACH(port, p, s->ports)
2500 if (p->fd >= 0)
2501 rn_fds++;
2502
2503 if (rn_fds <= 0) {
2504 *fds = NULL;
2505 *n_fds = 0;
2506 return 0;
2507 }
2508
2509 if (!(rfds = new(int, rn_fds)))
2510 return -ENOMEM;
2511
2512 k = 0;
2513 LIST_FOREACH(port, p, s->ports)
2514 if (p->fd >= 0)
2515 rfds[k++] = p->fd;
2516
2517 assert(k == rn_fds);
2518
2519 *fds = rfds;
2520 *n_fds = rn_fds;
2521
2522 return 0;
2523 }
2524
2525 static void socket_reset_failed(Unit *u) {
2526 Socket *s = SOCKET(u);
2527
2528 assert(s);
2529
2530 if (s->state == SOCKET_FAILED)
2531 socket_set_state(s, SOCKET_DEAD);
2532
2533 s->result = SOCKET_SUCCESS;
2534 }
2535
2536 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2537 assert(s);
2538
2539 /* The service is dead. Dang!
2540 *
2541 * This is strictly for one-instance-for-all-connections
2542 * services. */
2543
2544 if (s->state == SOCKET_RUNNING) {
2545 log_debug_unit(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
2546 if (failed_permanent)
2547 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2548 else
2549 socket_enter_listening(s);
2550 }
2551 }
2552
2553 void socket_connection_unref(Socket *s) {
2554 assert(s);
2555
2556 /* The service is dead. Yay!
2557 *
2558 * This is strictly for one-instance-per-connection
2559 * services. */
2560
2561 assert(s->n_connections > 0);
2562 s->n_connections--;
2563
2564 log_debug_unit(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
2565 }
2566
2567 static void socket_trigger_notify(Unit *u, Unit *other) {
2568 Socket *s = SOCKET(u);
2569 Service *se;
2570
2571 assert(u);
2572 assert(other);
2573
2574 /* Don't propagate state changes from the service if we are
2575 already down or accepting connections */
2576 if ((s->state != SOCKET_RUNNING &&
2577 s->state != SOCKET_LISTENING) ||
2578 s->accept)
2579 return;
2580
2581 if (other->load_state != UNIT_LOADED ||
2582 other->type != UNIT_SERVICE)
2583 return;
2584
2585 se = SERVICE(other);
2586
2587 if (se->state == SERVICE_FAILED)
2588 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2589
2590 if (se->state == SERVICE_DEAD ||
2591 se->state == SERVICE_STOP ||
2592 se->state == SERVICE_STOP_SIGTERM ||
2593 se->state == SERVICE_STOP_SIGKILL ||
2594 se->state == SERVICE_STOP_POST ||
2595 se->state == SERVICE_FINAL_SIGTERM ||
2596 se->state == SERVICE_FINAL_SIGKILL ||
2597 se->state == SERVICE_AUTO_RESTART)
2598 socket_notify_service_dead(s, false);
2599
2600 if (se->state == SERVICE_RUNNING)
2601 socket_set_state(s, SOCKET_RUNNING);
2602 }
2603
2604 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2605 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2606 }
2607
2608 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2609 Socket *s = SOCKET(u);
2610 int r;
2611
2612 if (!s->timer_event_source)
2613 return 0;
2614
2615 r = sd_event_source_get_time(s->timer_event_source, timeout);
2616 if (r < 0)
2617 return r;
2618
2619 return 1;
2620 }
2621
2622 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2623 [SOCKET_DEAD] = "dead",
2624 [SOCKET_START_PRE] = "start-pre",
2625 [SOCKET_START_CHOWN] = "start-chown",
2626 [SOCKET_START_POST] = "start-post",
2627 [SOCKET_LISTENING] = "listening",
2628 [SOCKET_RUNNING] = "running",
2629 [SOCKET_STOP_PRE] = "stop-pre",
2630 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2631 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2632 [SOCKET_STOP_POST] = "stop-post",
2633 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2634 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2635 [SOCKET_FAILED] = "failed"
2636 };
2637
2638 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2639
2640 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2641 [SOCKET_EXEC_START_PRE] = "StartPre",
2642 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2643 [SOCKET_EXEC_START_POST] = "StartPost",
2644 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2645 [SOCKET_EXEC_STOP_POST] = "StopPost"
2646 };
2647
2648 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2649
2650 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2651 [SOCKET_SUCCESS] = "success",
2652 [SOCKET_FAILURE_RESOURCES] = "resources",
2653 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2654 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2655 [SOCKET_FAILURE_SIGNAL] = "signal",
2656 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2657 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2658 };
2659
2660 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2661
2662 const UnitVTable socket_vtable = {
2663 .object_size = sizeof(Socket),
2664 .exec_context_offset = offsetof(Socket, exec_context),
2665 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2666 .kill_context_offset = offsetof(Socket, kill_context),
2667 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2668
2669 .sections =
2670 "Unit\0"
2671 "Socket\0"
2672 "Install\0",
2673 .private_section = "Socket",
2674
2675 .init = socket_init,
2676 .done = socket_done,
2677 .load = socket_load,
2678
2679 .coldplug = socket_coldplug,
2680
2681 .dump = socket_dump,
2682
2683 .start = socket_start,
2684 .stop = socket_stop,
2685
2686 .kill = socket_kill,
2687
2688 .get_timeout = socket_get_timeout,
2689
2690 .serialize = socket_serialize,
2691 .deserialize_item = socket_deserialize_item,
2692 .distribute_fds = socket_distribute_fds,
2693
2694 .active_state = socket_active_state,
2695 .sub_state_to_string = socket_sub_state_to_string,
2696
2697 .check_gc = socket_check_gc,
2698
2699 .sigchld_event = socket_sigchld_event,
2700
2701 .trigger_notify = socket_trigger_notify,
2702
2703 .reset_failed = socket_reset_failed,
2704
2705 .bus_interface = "org.freedesktop.systemd1.Socket",
2706 .bus_vtable = bus_socket_vtable,
2707 .bus_set_property = bus_socket_set_property,
2708 .bus_commit_properties = bus_socket_commit_properties,
2709
2710 .status_message_formats = {
2711 /*.starting_stopping = {
2712 [0] = "Starting socket %s...",
2713 [1] = "Stopping socket %s...",
2714 },*/
2715 .finished_start_job = {
2716 [JOB_DONE] = "Listening on %s.",
2717 [JOB_FAILED] = "Failed to listen on %s.",
2718 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2719 [JOB_TIMEOUT] = "Timed out starting %s.",
2720 },
2721 .finished_stop_job = {
2722 [JOB_DONE] = "Closed %s.",
2723 [JOB_FAILED] = "Failed stopping %s.",
2724 [JOB_TIMEOUT] = "Timed out stopping %s.",
2725 },
2726 },
2727 };
Unnamed repository; edit this file 'description' to name the repository.