]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/socket.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
core: annotate event sources
[thirdparty/systemd.git] / src / core / socket.c
CommitLineData
d6c9574f 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
5cb5a6ff 2
a7334b09
LP		 3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
a7334b09 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
83c60c9f
LP		 22#include <sys/stat.h>
23#include <unistd.h>
24#include <errno.h>
25#include <fcntl.h>
f94ea366 26#include <sys/epoll.h>
034c6ed7 27#include <signal.h>
4f2d528d 28#include <arpa/inet.h>
718db961 29#include <netinet/tcp.h>
916abb21 30#include <mqueue.h>
83c60c9f 31
718db961 32#include "sd-event.h"
83c60c9f 33#include "log.h"
9e2f7c11 34#include "strv.h"
49e942b2 35#include "mkdir.h"
9eb977db 36#include "path-util.h"
4f2d528d 37#include "unit-name.h"
41f9172f 38#include "unit-printf.h"
4fd5948e 39#include "missing.h"
a40eb732 40#include "special.h"
e51bc1a2 41#include "label.h"
9a57c629 42#include "exit-status.h"
f6a6225e 43#include "def.h"
5a045dad 44#include "smack-util.h"
718db961
LP		 45#include "bus-util.h"
46#include "bus-error.h"
d7b8eec7 47#include "selinux-util.h"
e821075a
LP		 48#include "dbus-socket.h"
49#include "unit.h"
50#include "socket.h"
6482f626 51#include "formats-util.h"
83c60c9f 52
acbb0225 53static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
87f0e418
LP		 54 [SOCKET_DEAD] = UNIT_INACTIVE,
55 [SOCKET_START_PRE] = UNIT_ACTIVATING,
3900e5fd 56 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
87f0e418
LP		 57 [SOCKET_START_POST] = UNIT_ACTIVATING,
58 [SOCKET_LISTENING] = UNIT_ACTIVE,
59 [SOCKET_RUNNING] = UNIT_ACTIVE,
60 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
61 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
62 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
80876c20
LP		 64 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
65 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
fdf20a31 66 [SOCKET_FAILED] = UNIT_FAILED
83c60c9f 67};
5cb5a6ff 68
718db961
LP		 69static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
70static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
71
a16e1123
LP		 72static void socket_init(Unit *u) {
73 Socket *s = SOCKET(u);
74
75 assert(u);
ac155bb8 76 assert(u->load_state == UNIT_STUB);
a16e1123 77
a16e1123 78 s->backlog = SOMAXCONN;
1f19a534 79 s->timeout_usec = u->manager->default_timeout_start_usec;
a16e1123 80 s->directory_mode = 0755;
9131f660 81 s->socket_mode = 0666;
a16e1123 82
6cf6bbc2
LP		 83 s->max_connections = 64;
84
4fd5948e 85 s->priority = -1;
4fd5948e
LP		 86 s->ip_tos = -1;
87 s->ip_ttl = -1;
4fd5948e 88 s->mark = -1;
4fd5948e 89
ac155bb8
MS		 90 s->exec_context.std_output = u->manager->default_std_output;
91 s->exec_context.std_error = u->manager->default_std_error;
085afe36 92
a16e1123
LP		 93 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
94}
acbb0225 95
5e94833f
LP		 96static void socket_unwatch_control_pid(Socket *s) {
97 assert(s);
98
99 if (s->control_pid <= 0)
100 return;
101
102 unit_unwatch_pid(UNIT(s), s->control_pid);
103 s->control_pid = 0;
104}
105
74051b9b 106void socket_free_ports(Socket *s) {
034c6ed7
LP		 107 SocketPort *p;
108
109 assert(s);
110
111 while ((p = s->ports)) {
71fda00f 112 LIST_REMOVE(port, s->ports, p);
034c6ed7 113
718db961
LP		 114 sd_event_source_unref(p->event_source);
115
03e334a1 116 safe_close(p->fd);
034c6ed7
LP		 117 free(p->path);
118 free(p);
119 }
74051b9b
LP		 120}
121
122static void socket_done(Unit *u) {
123 Socket *s = SOCKET(u);
124
125 assert(s);
126
127 socket_free_ports(s);
034c6ed7 128
613b411c 129 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
e537352b 130 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
034c6ed7
LP		 131 s->control_command = NULL;
132
5e94833f 133 socket_unwatch_control_pid(s);
034c6ed7 134
57020a3a 135 unit_ref_unset(&s->service);
034c6ed7 136
cebf8b20
TT		 137 free(s->tcp_congestion);
138 s->tcp_congestion = NULL;
139
acbb0225 140 free(s->bind_to_device);
e537352b 141 s->bind_to_device = NULL;
acbb0225 142
0eb59ccf
AK		 143 free(s->smack);
144 free(s->smack_ip_in);
145 free(s->smack_ip_out);
146
811ba7a0
LP		 147 strv_free(s->symlinks);
148
3900e5fd
LP		 149 free(s->user);
150 free(s->group);
151
718db961
LP		 152 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
153}
154
155static int socket_arm_timer(Socket *s) {
156 int r;
157
158 assert(s);
159
160 if (s->timeout_usec <= 0) {
161 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
162 return 0;
163 }
164
165 if (s->timer_event_source) {
166 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
167 if (r < 0)
168 return r;
169
170 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
171 }
172
7dfbe2e3 173 r = sd_event_add_time(
6a0f1f6d
LP		 174 UNIT(s)->manager->event,
175 &s->timer_event_source,
176 CLOCK_MONOTONIC,
177 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
178 socket_dispatch_timer, s);
7dfbe2e3
TG		 179 if (r < 0)
180 return r;
181
182 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
183
184 return 0;
5cb5a6ff
LP		 185}
186
8b835fcc
ZJS		 187int socket_instantiate_service(Socket *s) {
188 _cleanup_free_ char *prefix = NULL, *name = NULL;
b15bdda8
LP		 189 int r;
190 Unit *u;
191
192 assert(s);
193
194 /* This fills in s->service if it isn't filled in yet. For
195 * Accept=yes sockets we create the next connection service
196 * here. For Accept=no this is mostly a NOP since the service
197 * is figured out at load time anyway. */
198
8b835fcc 199 if (UNIT_DEREF(s->service) || !s->accept)
b15bdda8
LP		 200 return 0;
201
315db1a8
ZJS		 202 prefix = unit_name_to_prefix(UNIT(s)->id);
203 if (!prefix)
b15bdda8
LP		 204 return -ENOMEM;
205
315db1a8 206 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
b15bdda8
LP		 207 return -ENOMEM;
208
1124fe6f 209 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
b15bdda8
LP		 210 if (r < 0)
211 return r;
212
ac155bb8 213 u->no_gc = true;
57020a3a
LP		 214 unit_ref_set(&s->service, u);
215
216 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
b15bdda8
LP		 217}
218
4f2d528d
LP		 219static bool have_non_accept_socket(Socket *s) {
220 SocketPort *p;
221
222 assert(s);
223
224 if (!s->accept)
225 return true;
226
dd5ad9d4
LP		 227 LIST_FOREACH(port, p, s->ports) {
228
229 if (p->type != SOCKET_SOCKET)
230 return true;
231
4f2d528d
LP		 232 if (!socket_address_can_accept(&p->address))
233 return true;
dd5ad9d4 234 }
4f2d528d
LP		 235
236 return false;
237}
238
a57f7e2c 239static int socket_add_mount_links(Socket *s) {
6e2ef85b 240 SocketPort *p;
6e2ef85b
LP		 241 int r;
242
243 assert(s);
6e2ef85b 244
a57f7e2c
LP		 245 LIST_FOREACH(port, p, s->ports) {
246 const char *path = NULL;
6e2ef85b 247
a57f7e2c
LP		 248 if (p->type == SOCKET_SOCKET)
249 path = socket_address_get_path(&p->address);
250 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
251 path = p->path;
6e2ef85b 252
a57f7e2c
LP		 253 if (!path)
254 continue;
6e2ef85b 255
a57f7e2c 256 r = unit_require_mounts_for(UNIT(s), path);
b87705cd 257 if (r < 0)
6e2ef85b 258 return r;
b87705cd 259 }
6e2ef85b
LP		 260
261 return 0;
262}
263
264static int socket_add_device_link(Socket *s) {
265 char *t;
6e2ef85b
LP		 266
267 assert(s);
268
7d0c710d 269 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
6e2ef85b
LP		 270 return 0;
271
63c372cb 272 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
e821075a 273 return unit_add_node_link(UNIT(s), t, false);
6e2ef85b
LP		 274}
275
a40eb732
LP		 276static int socket_add_default_dependencies(Socket *s) {
277 int r;
278 assert(s);
279
e3d84721
LP		 280 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
281 if (r < 0)
282 return r;
2a77d31d 283
e3d84721
LP		 284 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
285 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
286 if (r < 0)
a40eb732 287 return r;
2a77d31d 288 }
a40eb732 289
ead8e478 290 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
a40eb732
LP		 291}
292
44a6b1b6 293_pure_ static bool socket_has_exec(Socket *s) {
4cfc6dbe
LP		 294 unsigned i;
295 assert(s);
296
297 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
298 if (s->exec_command[i])
299 return true;
300
301 return false;
302}
303
e821075a
LP		 304static int socket_add_extras(Socket *s) {
305 Unit *u = UNIT(s);
e537352b 306 int r;
44d8db9e 307
e821075a 308 assert(s);
57020a3a 309
e821075a 310 if (have_non_accept_socket(s)) {
23a177ef 311
e821075a
LP		 312 if (!UNIT_DEREF(s->service)) {
313 Unit *x;
57020a3a 314
e821075a 315 r = unit_load_related_unit(u, ".service", &x);
57020a3a 316 if (r < 0)
4f2d528d 317 return r;
e821075a
LP		 318
319 unit_ref_set(&s->service, x);
4f2d528d 320 }
44d8db9e 321
e821075a
LP		 322 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
323 if (r < 0)
6e2ef85b 324 return r;
e821075a 325 }
6e2ef85b 326
e821075a
LP		 327 r = socket_add_mount_links(s);
328 if (r < 0)
329 return r;
6e2ef85b 330
e821075a
LP		 331 r = socket_add_device_link(s);
332 if (r < 0)
333 return r;
334
598459ce 335 r = unit_patch_contexts(u);
e821075a
LP		 336 if (r < 0)
337 return r;
338
339 if (socket_has_exec(s)) {
340 r = unit_add_exec_dependencies(u, &s->exec_context);
341 if (r < 0)
342 return r;
23a177ef 343
598459ce 344 r = unit_add_default_slice(u, &s->cgroup_context);
a016b922
LP		 345 if (r < 0)
346 return r;
e821075a 347 }
a016b922 348
e821075a
LP		 349 if (u->default_dependencies) {
350 r = socket_add_default_dependencies(s);
351 if (r < 0)
352 return r;
353 }
354
355 return 0;
356}
357
811ba7a0
LP		 358static const char *socket_find_symlink_target(Socket *s) {
359 const char *found = NULL;
360 SocketPort *p;
361
362 LIST_FOREACH(port, p, s->ports) {
363 const char *f = NULL;
364
365 switch (p->type) {
366
367 case SOCKET_FIFO:
368 f = p->path;
369 break;
370
371 case SOCKET_SOCKET:
372 if (p->address.sockaddr.un.sun_path[0] != 0)
373 f = p->address.sockaddr.un.sun_path;
374 break;
375
376 default:
377 break;
378 }
379
380 if (f) {
381 if (found)
382 return NULL;
383
384 found = f;
385 }
386 }
387
388 return found;
389}
390
e821075a
LP		 391static int socket_verify(Socket *s) {
392 assert(s);
393
394 if (UNIT(s)->load_state != UNIT_LOADED)
395 return 0;
396
397 if (!s->ports) {
79008bdd 398 log_unit_error(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
e821075a
LP		 399 return -EINVAL;
400 }
401
402 if (s->accept && have_non_accept_socket(s)) {
79008bdd 403 log_unit_error(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
e821075a
LP		 404 UNIT(s)->id);
405 return -EINVAL;
406 }
407
408 if (s->accept && s->max_connections <= 0) {
79008bdd 409 log_unit_error(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
e821075a
LP		 410 return -EINVAL;
411 }
e06c73cc 412
e821075a 413 if (s->accept && UNIT_DEREF(s->service)) {
79008bdd 414 log_unit_error(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
e821075a
LP		 415 return -EINVAL;
416 }
417
418 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
79008bdd 419 log_unit_error(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
e821075a
LP		 420 return -EINVAL;
421 }
422
811ba7a0 423 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
79008bdd 424 log_unit_error(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
811ba7a0
LP		 425 return -EINVAL;
426 }
427
e821075a
LP		 428 return 0;
429}
430
431static int socket_load(Unit *u) {
432 Socket *s = SOCKET(u);
433 int r;
434
435 assert(u);
436 assert(u->load_state == UNIT_STUB);
437
438 r = unit_load_fragment_and_dropin(u);
439 if (r < 0)
440 return r;
441
442 if (u->load_state == UNIT_LOADED) {
443 /* This is a new unit? Then let's add in some extras */
444 r = socket_add_extras(s);
e06c73cc
LP		 445 if (r < 0)
446 return r;
23a177ef
LP		 447 }
448
4f2d528d 449 return socket_verify(s);
44d8db9e
LP		 450}
451
44a6b1b6 452_const_ static const char* listen_lookup(int family, int type) {
7a22745a
LP		 453
454 if (family == AF_NETLINK)
455 return "ListenNetlink";
542563ba
LP		 456
457 if (type == SOCK_STREAM)
458 return "ListenStream";
459 else if (type == SOCK_DGRAM)
460 return "ListenDatagram";
461 else if (type == SOCK_SEQPACKET)
462 return "ListenSequentialPacket";
463
034c6ed7 464 assert_not_reached("Unknown socket type");
542563ba
LP		 465 return NULL;
466}
467
87f0e418 468static void socket_dump(Unit *u, FILE *f, const char *prefix) {
209e9dcd 469 char time_string[FORMAT_TIMESPAN_MAX];
5cb5a6ff 470 SocketExecCommand c;
87f0e418 471 Socket *s = SOCKET(u);
542563ba 472 SocketPort *p;
82ba9f08 473 const char *prefix2;
5cb5a6ff
LP		 474
475 assert(s);
fa068367 476 assert(f);
5cb5a6ff 477
4c940960 478 prefix = strempty(prefix);
63c372cb 479 prefix2 = strjoina(prefix, "\t");
c43d20a0 480
5cb5a6ff
LP		 481 fprintf(f,
482 "%sSocket State: %s\n"
81a5c6d0 483 "%sResult: %s\n"
542563ba 484 "%sBindIPv6Only: %s\n"
b5a0699f
LP		 485 "%sBacklog: %u\n"
486 "%sSocketMode: %04o\n"
4fd5948e
LP		 487 "%sDirectoryMode: %04o\n"
488 "%sKeepAlive: %s\n"
4427c3f4 489 "%sNoDelay: %s\n"
cebf8b20 490 "%sFreeBind: %s\n"
6b6d2dee 491 "%sTransparent: %s\n"
ec6370a2 492 "%sBroadcast: %s\n"
ede3deb4 493 "%sPassCredentials: %s\n"
54ecda32 494 "%sPassSecurity: %s\n"
bd1fe7c7 495 "%sTCPCongestion: %s\n"
16115b0a
MS		 496 "%sRemoveOnStop: %s\n"
497 "%sSELinuxContextFromNet: %s\n",
a16e1123 498 prefix, socket_state_to_string(s->state),
81a5c6d0 499 prefix, socket_result_to_string(s->result),
c0120d99 500 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
b5a0699f
LP		 501 prefix, s->backlog,
502 prefix, s->socket_mode,
4fd5948e
LP		 503 prefix, s->directory_mode,
504 prefix, yes_no(s->keep_alive),
4427c3f4 505 prefix, yes_no(s->no_delay),
cebf8b20 506 prefix, yes_no(s->free_bind),
6b6d2dee 507 prefix, yes_no(s->transparent),
ec6370a2 508 prefix, yes_no(s->broadcast),
d68af586 509 prefix, yes_no(s->pass_cred),
54ecda32 510 prefix, yes_no(s->pass_sec),
bd1fe7c7 511 prefix, strna(s->tcp_congestion),
16115b0a
MS		 512 prefix, yes_no(s->remove_on_stop),
513 prefix, yes_no(s->selinux_context_from_net));
542563ba 514
70123e68
LP		 515 if (s->control_pid > 0)
516 fprintf(f,
de0671ee
ZJS		 517 "%sControl PID: "PID_FMT"\n",
518 prefix, s->control_pid);
70123e68 519
acbb0225
LP		 520 if (s->bind_to_device)
521 fprintf(f,
522 "%sBindToDevice: %s\n",
523 prefix, s->bind_to_device);
524
4f2d528d
LP		 525 if (s->accept)
526 fprintf(f,
6cf6bbc2
LP		 527 "%sAccepted: %u\n"
528 "%sNConnections: %u\n"
529 "%sMaxConnections: %u\n",
530 prefix, s->n_accepted,
531 prefix, s->n_connections,
532 prefix, s->max_connections);
4f2d528d 533
4fd5948e
LP		 534 if (s->priority >= 0)
535 fprintf(f,
536 "%sPriority: %i\n",
537 prefix, s->priority);
538
539 if (s->receive_buffer > 0)
540 fprintf(f,
541 "%sReceiveBuffer: %zu\n",
542 prefix, s->receive_buffer);
543
544 if (s->send_buffer > 0)
545 fprintf(f,
546 "%sSendBuffer: %zu\n",
547 prefix, s->send_buffer);
548
549 if (s->ip_tos >= 0)
550 fprintf(f,
551 "%sIPTOS: %i\n",
552 prefix, s->ip_tos);
553
554 if (s->ip_ttl >= 0)
555 fprintf(f,
556 "%sIPTTL: %i\n",
557 prefix, s->ip_ttl);
558
559 if (s->pipe_size > 0)
560 fprintf(f,
561 "%sPipeSize: %zu\n",
562 prefix, s->pipe_size);
563
564 if (s->mark >= 0)
565 fprintf(f,
566 "%sMark: %i\n",
567 prefix, s->mark);
568
916abb21
LP		 569 if (s->mq_maxmsg > 0)
570 fprintf(f,
571 "%sMessageQueueMaxMessages: %li\n",
572 prefix, s->mq_maxmsg);
573
574 if (s->mq_msgsize > 0)
575 fprintf(f,
576 "%sMessageQueueMessageSize: %li\n",
577 prefix, s->mq_msgsize);
578
718db961 579 if (s->reuse_port)
f7db7a69
SL		 580 fprintf(f,
581 "%sReusePort: %s\n",
718db961 582 prefix, yes_no(s->reuse_port));
f7db7a69 583
0eb59ccf
AK		 584 if (s->smack)
585 fprintf(f,
586 "%sSmackLabel: %s\n",
587 prefix, s->smack);
588
589 if (s->smack_ip_in)
590 fprintf(f,
591 "%sSmackLabelIPIn: %s\n",
592 prefix, s->smack_ip_in);
593
594 if (s->smack_ip_out)
595 fprintf(f,
596 "%sSmackLabelIPOut: %s\n",
597 prefix, s->smack_ip_out);
598
3900e5fd
LP		 599 if (!isempty(s->user) || !isempty(s->group))
600 fprintf(f,
601 "%sOwnerUser: %s\n"
602 "%sOwnerGroup: %s\n",
603 prefix, strna(s->user),
604 prefix, strna(s->group));
605
3cd761e4 606 if (s->keep_alive_time > 0)
209e9dcd 607 fprintf(f,
3cd761e4
LP		 608 "%sKeepAliveTimeSec: %s\n",
609 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
209e9dcd 610
3cd761e4 611 if (s->keep_alive_interval)
209e9dcd 612 fprintf(f,
3cd761e4
LP		 613 "%sKeepAliveIntervalSec: %s\n",
614 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
209e9dcd 615
3cd761e4 616 if (s->keep_alive_cnt)
209e9dcd
SS		 617 fprintf(f,
618 "%sKeepAliveProbes: %u\n",
619 prefix, s->keep_alive_cnt);
620
3cd761e4 621 if (s->defer_accept)
cc567c9b 622 fprintf(f,
3cd761e4
LP		 623 "%sDeferAcceptSec: %s\n",
624 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
cc567c9b 625
034c6ed7 626 LIST_FOREACH(port, p, s->ports) {
5cb5a6ff 627
542563ba
LP		 628 if (p->type == SOCKET_SOCKET) {
629 const char *t;
630 int r;
e364ad06 631 char *k = NULL;
542563ba
LP		 632
633 if ((r = socket_address_print(&p->address, &k)) < 0)
634 t = strerror(-r);
635 else
636 t = k;
637
7a22745a 638 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
542563ba 639 free(k);
b0a3f2bc
LP		 640 } else if (p->type == SOCKET_SPECIAL)
641 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
916abb21
LP		 642 else if (p->type == SOCKET_MQUEUE)
643 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
b0a3f2bc 644 else
542563ba
LP		 645 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
646 }
5cb5a6ff
LP		 647
648 exec_context_dump(&s->exec_context, f, prefix);
4819ff03 649 kill_context_dump(&s->kill_context, f, prefix);
5cb5a6ff 650
e537352b 651 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
c43d20a0
LP		 652 if (!s->exec_command[c])
653 continue;
5cb5a6ff 654
40d50879 655 fprintf(f, "%s-> %s:\n",
a16e1123 656 prefix, socket_exec_command_to_string(c));
c43d20a0
LP		 657
658 exec_command_dump_list(s->exec_command[c], f, prefix2);
5cb5a6ff
LP		 659 }
660}
661
4f2d528d
LP		 662static int instance_from_socket(int fd, unsigned nr, char **instance) {
663 socklen_t l;
664 char *r;
9d16d0c7 665 union sockaddr_union local, remote;
4f2d528d
LP		 666
667 assert(fd >= 0);
668 assert(instance);
669
670 l = sizeof(local);
671 if (getsockname(fd, &local.sa, &l) < 0)
672 return -errno;
673
674 l = sizeof(remote);
675 if (getpeername(fd, &remote.sa, &l) < 0)
676 return -errno;
677
678 switch (local.sa.sa_family) {
679
680 case AF_INET: {
681 uint32_t
682 a = ntohl(local.in.sin_addr.s_addr),
683 b = ntohl(remote.in.sin_addr.s_addr);
684
685 if (asprintf(&r,
77b088c2
LP		 686 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
687 nr,
4f2d528d
LP		 688 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
689 ntohs(local.in.sin_port),
690 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
691 ntohs(remote.in.sin_port)) < 0)
692 return -ENOMEM;
693
694 break;
695 }
696
697 case AF_INET6: {
c65a0b14 698 static const unsigned char ipv4_prefix[] = {
2b061f5a
LP		 699 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
700 };
701
702 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
703 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
704 const uint8_t
705 *a = local.in6.sin6_addr.s6_addr+12,
706 *b = remote.in6.sin6_addr.s6_addr+12;
707
708 if (asprintf(&r,
77b088c2
LP		 709 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
710 nr,
2b061f5a
LP		 711 a[0], a[1], a[2], a[3],
712 ntohs(local.in6.sin6_port),
713 b[0], b[1], b[2], b[3],
714 ntohs(remote.in6.sin6_port)) < 0)
715 return -ENOMEM;
716 } else {
717 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
718
719 if (asprintf(&r,
77b088c2
LP		 720 "%u-%s:%u-%s:%u",
721 nr,
2b061f5a
LP		 722 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
723 ntohs(local.in6.sin6_port),
724 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
725 ntohs(remote.in6.sin6_port)) < 0)
726 return -ENOMEM;
727 }
4f2d528d
LP		 728
729 break;
730 }
731
732 case AF_UNIX: {
733 struct ucred ucred;
eff05270 734 int k;
4f2d528d 735
eff05270 736 k = getpeercred(fd, &ucred);
d38f6e34
ZJS		 737 if (k >= 0) {
738 if (asprintf(&r,
739 "%u-"PID_FMT"-"UID_FMT,
740 nr, ucred.pid, ucred.uid) < 0)
741 return -ENOMEM;
742 } else if (k == -ENODATA) {
743 /* This handles the case where somebody is
744 * connecting from another pid/uid namespace
745 * (e.g. from outside of our container). */
746 if (asprintf(&r,
747 "%u-unknown",
748 nr) < 0)
749 return -ENOMEM;
750 } else
eff05270 751 return k;
2f20a8eb 752
2f20a8eb 753 break;
4f2d528d
LP		 754 }
755
756 default:
757 assert_not_reached("Unhandled socket type.");
758 }
759
760 *instance = r;
761 return 0;
762}
763
034c6ed7 764static void socket_close_fds(Socket *s) {
83c60c9f 765 SocketPort *p;
811ba7a0 766 char **i;
83c60c9f
LP		 767
768 assert(s);
769
034c6ed7 770 LIST_FOREACH(port, p, s->ports) {
718db961
LP		 771
772 p->event_source = sd_event_source_unref(p->event_source);
773
83c60c9f
LP		 774 if (p->fd < 0)
775 continue;
776
03e334a1 777 p->fd = safe_close(p->fd);
a16e1123 778
bd1fe7c7
LP		 779 /* One little note: we should normally not delete any
780 * sockets in the file system here! After all some
781 * other process we spawned might still have a
782 * reference of this fd and wants to continue to use
783 * it. Therefore we delete sockets in the file system
784 * before we create a new one, not after we stopped
785 * using one! */
786
787 if (s->remove_on_stop) {
788 switch (p->type) {
789
790 case SOCKET_FIFO:
791 unlink(p->path);
792 break;
793
794 case SOCKET_MQUEUE:
795 mq_unlink(p->path);
796 break;
797
798 case SOCKET_SOCKET:
799 socket_address_unlink(&p->address);
800 break;
801
802 default:
803 break;
804 }
805 }
83c60c9f 806 }
811ba7a0
LP		 807
808 if (s->remove_on_stop)
809 STRV_FOREACH(i, s->symlinks)
810 unlink(*i);
83c60c9f
LP		 811}
812
4fd5948e 813static void socket_apply_socket_options(Socket *s, int fd) {
d53e386d
LP		 814 int r;
815
4fd5948e
LP		 816 assert(s);
817 assert(fd >= 0);
818
819 if (s->keep_alive) {
820 int b = s->keep_alive;
821 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
79008bdd 822 log_unit_warning(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
4fd5948e
LP		 823 }
824
209e9dcd
SS		 825 if (s->keep_alive_time) {
826 int value = s->keep_alive_time / USEC_PER_SEC;
827 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
79008bdd 828 log_unit_warning(UNIT(s)->id, "TCP_KEEPIDLE failed: %m");
209e9dcd
SS		 829 }
830
831 if (s->keep_alive_interval) {
832 int value = s->keep_alive_interval / USEC_PER_SEC;
833 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
79008bdd 834 log_unit_warning(UNIT(s)->id, "TCP_KEEPINTVL failed: %m");
209e9dcd
SS		 835 }
836
837 if (s->keep_alive_cnt) {
838 int value = s->keep_alive_cnt;
839 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
79008bdd 840 log_unit_warning(UNIT(s)->id, "TCP_KEEPCNT failed: %m");
209e9dcd
SS		 841 }
842
cc567c9b
SS		 843 if (s->defer_accept) {
844 int value = s->defer_accept / USEC_PER_SEC;
845 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
79008bdd 846 log_unit_warning(UNIT(s)->id, "TCP_DEFER_ACCEPT failed: %m");
cc567c9b
SS		 847 }
848
4427c3f4
SS		 849 if (s->no_delay) {
850 int b = s->no_delay;
851 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
79008bdd 852 log_unit_warning(UNIT(s)->id, "TCP_NODELAY failed: %m");
4427c3f4
SS		 853 }
854
ec6370a2
LP		 855 if (s->broadcast) {
856 int one = 1;
857 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
79008bdd 858 log_unit_warning(UNIT(s)->id, "SO_BROADCAST failed: %m");
ec6370a2
LP		 859 }
860
d68af586
MS		 861 if (s->pass_cred) {
862 int one = 1;
863 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
79008bdd 864 log_unit_warning(UNIT(s)->id, "SO_PASSCRED failed: %m");
d68af586
MS		 865 }
866
54ecda32
LP		 867 if (s->pass_sec) {
868 int one = 1;
869 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
79008bdd 870 log_unit_warning(UNIT(s)->id, "SO_PASSSEC failed: %m");
54ecda32
LP		 871 }
872
4fd5948e
LP		 873 if (s->priority >= 0)
874 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
79008bdd 875 log_unit_warning(UNIT(s)->id, "SO_PRIORITY failed: %m");
4fd5948e
LP		 876
877 if (s->receive_buffer > 0) {
878 int value = (int) s->receive_buffer;
7d9eaa84
LP		 879
880 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
881
b8cef44e 882 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 883 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
79008bdd 884 log_unit_warning(UNIT(s)->id, "SO_RCVBUF failed: %m");
4fd5948e
LP		 885 }
886
887 if (s->send_buffer > 0) {
888 int value = (int) s->send_buffer;
b8cef44e 889 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 890 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
79008bdd 891 log_unit_warning(UNIT(s)->id, "SO_SNDBUF failed: %m");
4fd5948e
LP		 892 }
893
894 if (s->mark >= 0)
895 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
79008bdd 896 log_unit_warning(UNIT(s)->id, "SO_MARK failed: %m");
4fd5948e
LP		 897
898 if (s->ip_tos >= 0)
899 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
79008bdd 900 log_unit_warning(UNIT(s)->id, "IP_TOS failed: %m");
4fd5948e 901
46925ac5 902 if (s->ip_ttl >= 0) {
d53e386d 903 int x;
46925ac5
LP		 904
905 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
5bfcc1c6
FF		 906
907 if (socket_ipv6_is_supported())
908 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
909 else {
910 x = -1;
911 errno = EAFNOSUPPORT;
912 }
46925ac5
LP		 913
914 if (r < 0 && x < 0)
79008bdd 915 log_unit_warning(UNIT(s)->id,
66870f90 916 "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
46925ac5 917 }
cebf8b20
TT		 918
919 if (s->tcp_congestion)
920 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
79008bdd 921 log_unit_warning(UNIT(s)->id, "TCP_CONGESTION failed: %m");
0eb59ccf 922
718db961
LP		 923 if (s->reuse_port) {
924 int b = s->reuse_port;
f0511bd7 925 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
79008bdd 926 log_unit_warning(UNIT(s)->id, "SO_REUSEPORT failed: %m");
f7db7a69
SL		 927 }
928
d53e386d
LP		 929 if (s->smack_ip_in) {
930 r = mac_smack_apply_ip_in_fd(fd, s->smack_ip_in);
931 if (r < 0)
31938a85 932 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_ip_in_fd: %m");
d53e386d 933 }
9a4e038c 934
d53e386d
LP		 935 if (s->smack_ip_out) {
936 r = mac_smack_apply_ip_out_fd(fd, s->smack_ip_out);
937 if (r < 0)
31938a85 938 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_ip_out_fd: %m");
d53e386d 939 }
4fd5948e
LP		 940}
941
b15bdda8 942static void socket_apply_fifo_options(Socket *s, int fd) {
d53e386d
LP		 943 int r;
944
4fd5948e
LP		 945 assert(s);
946 assert(fd >= 0);
947
948 if (s->pipe_size > 0)
949 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
79008bdd 950 log_unit_warning(UNIT(s)->id, "F_SETPIPE_SZ: %m");
0eb59ccf 951
d53e386d
LP		 952 if (s->smack) {
953 r = mac_smack_apply_fd(fd, s->smack);
954 if (r < 0)
31938a85 955 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_fd: %m");
d53e386d 956 }
4fd5948e
LP		 957}
958
b15bdda8
LP		 959static int fifo_address_create(
960 const char *path,
961 mode_t directory_mode,
962 mode_t socket_mode,
b15bdda8
LP		 963 int *_fd) {
964
7a58bfa4 965 int fd = -1, r = 0;
b15bdda8
LP		 966 struct stat st;
967 mode_t old_mask;
968
969 assert(path);
970 assert(_fd);
971
d2e54fae 972 mkdir_parents_label(path, directory_mode);
b15bdda8 973
ecabcf8b 974 r = mac_selinux_create_file_prepare(path, S_IFIFO);
e9a5ef7c 975 if (r < 0)
56cf987f 976 goto fail;
b15bdda8
LP		 977
978 /* Enforce the right access mode for the fifo */
979 old_mask = umask(~ socket_mode);
980
981 /* Include the original umask in our mask */
982 umask(~socket_mode | old_mask);
983
984 r = mkfifo(path, socket_mode);
985 umask(old_mask);
986
94bc2731 987 if (r < 0 && errno != EEXIST) {
b15bdda8
LP		 988 r = -errno;
989 goto fail;
990 }
991
e4f44e73 992 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
b15bdda8
LP		 993 r = -errno;
994 goto fail;
995 }
996
ecabcf8b 997 mac_selinux_create_file_clear();
7a58bfa4 998
b15bdda8
LP		 999 if (fstat(fd, &st) < 0) {
1000 r = -errno;
1001 goto fail;
1002 }
1003
1004 if (!S_ISFIFO(st.st_mode) ||
de0200fc 1005 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
e4f44e73
DR		 1006 st.st_uid != getuid() ||
1007 st.st_gid != getgid()) {
b15bdda8
LP		 1008
1009 r = -EEXIST;
1010 goto fail;
1011 }
1012
1013 *_fd = fd;
1014 return 0;
1015
1016fail:
ecabcf8b 1017 mac_selinux_create_file_clear();
03e334a1 1018 safe_close(fd);
b15bdda8
LP		 1019
1020 return r;
1021}
1022
b0a3f2bc
LP		 1023static int special_address_create(
1024 const char *path,
1025 int *_fd) {
1026
1027 int fd = -1, r = 0;
1028 struct stat st;
1029
1030 assert(path);
1031 assert(_fd);
1032
811ba7a0
LP		 1033 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1034 if (fd < 0) {
b0a3f2bc
LP		 1035 r = -errno;
1036 goto fail;
1037 }
1038
1039 if (fstat(fd, &st) < 0) {
1040 r = -errno;
1041 goto fail;
1042 }
1043
1044 /* Check whether this is a /proc, /sys or /dev file or char device */
1045 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1046 r = -EEXIST;
1047 goto fail;
1048 }
1049
1050 *_fd = fd;
1051 return 0;
1052
1053fail:
03e334a1 1054 safe_close(fd);
b0a3f2bc
LP		 1055
1056 return r;
1057}
1058
916abb21
LP		 1059static int mq_address_create(
1060 const char *path,
1061 mode_t mq_mode,
1062 long maxmsg,
1063 long msgsize,
1064 int *_fd) {
1065
1066 int fd = -1, r = 0;
1067 struct stat st;
1068 mode_t old_mask;
1069 struct mq_attr _attr, *attr = NULL;
1070
1071 assert(path);
1072 assert(_fd);
1073
1074 if (maxmsg > 0 && msgsize > 0) {
1075 zero(_attr);
1076 _attr.mq_flags = O_NONBLOCK;
1077 _attr.mq_maxmsg = maxmsg;
1078 _attr.mq_msgsize = msgsize;
1079 attr = &_attr;
1080 }
1081
1082 /* Enforce the right access mode for the mq */
1083 old_mask = umask(~ mq_mode);
1084
1085 /* Include the original umask in our mask */
1086 umask(~mq_mode | old_mask);
916abb21
LP		 1087 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1088 umask(old_mask);
1089
8ea913b2 1090 if (fd < 0) {
916abb21
LP		 1091 r = -errno;
1092 goto fail;
1093 }
1094
1095 if (fstat(fd, &st) < 0) {
1096 r = -errno;
1097 goto fail;
1098 }
1099
1100 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1101 st.st_uid != getuid() ||
1102 st.st_gid != getgid()) {
1103
1104 r = -EEXIST;
1105 goto fail;
1106 }
1107
1108 *_fd = fd;
1109 return 0;
1110
1111fail:
03e334a1 1112 safe_close(fd);
916abb21
LP		 1113 return r;
1114}
1115
811ba7a0
LP		 1116static int socket_symlink(Socket *s) {
1117 const char *p;
1118 char **i;
1119
1120 assert(s);
1121
1122 p = socket_find_symlink_target(s);
1123 if (!p)
1124 return 0;
1125
1126 STRV_FOREACH(i, s->symlinks)
43b133b4 1127 symlink_label(p, *i);
811ba7a0
LP		 1128
1129 return 0;
1130}
1131
034c6ed7 1132static int socket_open_fds(Socket *s) {
83c60c9f
LP		 1133 SocketPort *p;
1134 int r;
56cf987f 1135 char *label = NULL;
049f8642 1136 bool know_label = false;
83c60c9f
LP		 1137
1138 assert(s);
1139
034c6ed7 1140 LIST_FOREACH(port, p, s->ports) {
83c60c9f 1141
034c6ed7
LP		 1142 if (p->fd >= 0)
1143 continue;
83c60c9f
LP		 1144
1145 if (p->type == SOCKET_SOCKET) {
049f8642 1146
7f416dae
LP		 1147 if (!know_label) {
1148 /* Figure out label, if we don't it know
1149 * yet. We do it once, for the first
1150 * socket where we need this and
1151 * remember it for the rest. */
1152
1153 if (s->selinux_context_from_net) {
1154 /* Get it from the network label */
1155
1156 r = mac_selinux_get_our_label(&label);
75514a70 1157 if (r < 0 && r != -EOPNOTSUPP)
7f416dae 1158 goto rollback;
049f8642 1159
7f416dae
LP		 1160 } else {
1161 /* Get it from the executable we are about to start */
1162
1163 r = socket_instantiate_service(s);
1164 if (r < 0)
1165 goto rollback;
1166
1167 if (UNIT_ISSET(s->service) &&
1168 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1169 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
75514a70 1170 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
7f416dae
LP		 1171 goto rollback;
1172 }
189583d7 1173 }
049f8642
LP		 1174
1175 know_label = true;
1176 }
1177
175a3d25
LP		 1178 r = socket_address_listen(
1179 &p->address,
1180 SOCK_CLOEXEC|SOCK_NONBLOCK,
1181 s->backlog,
1182 s->bind_ipv6_only,
1183 s->bind_to_device,
1184 s->free_bind,
1185 s->transparent,
1186 s->directory_mode,
1187 s->socket_mode,
1188 label);
1189 if (r < 0)
83c60c9f
LP		 1190 goto rollback;
1191
175a3d25 1192 p->fd = r;
4fd5948e 1193 socket_apply_socket_options(s, p->fd);
811ba7a0 1194 socket_symlink(s);
4fd5948e 1195
b0a3f2bc
LP		 1196 } else if (p->type == SOCKET_SPECIAL) {
1197
175a3d25
LP		 1198 r = special_address_create(
1199 p->path,
1200 &p->fd);
1201 if (r < 0)
b0a3f2bc
LP		 1202 goto rollback;
1203
b15bdda8 1204 } else if (p->type == SOCKET_FIFO) {
83c60c9f 1205
175a3d25
LP		 1206 r = fifo_address_create(
1207 p->path,
1208 s->directory_mode,
1209 s->socket_mode,
1210 &p->fd);
1211 if (r < 0)
83c60c9f 1212 goto rollback;
83c60c9f 1213
b15bdda8 1214 socket_apply_fifo_options(s, p->fd);
811ba7a0
LP		 1215 socket_symlink(s);
1216
916abb21 1217 } else if (p->type == SOCKET_MQUEUE) {
83c60c9f 1218
175a3d25
LP		 1219 r = mq_address_create(
1220 p->path,
1221 s->socket_mode,
1222 s->mq_maxmsg,
1223 s->mq_msgsize,
1224 &p->fd);
1225 if (r < 0)
916abb21 1226 goto rollback;
b15bdda8
LP		 1227 } else
1228 assert_not_reached("Unknown port type");
034c6ed7
LP		 1229 }
1230
cc56fafe 1231 mac_selinux_free(label);
034c6ed7
LP		 1232 return 0;
1233
1234rollback:
1235 socket_close_fds(s);
cc56fafe 1236 mac_selinux_free(label);
7f416dae 1237
034c6ed7
LP		 1238 return r;
1239}
1240
1241static void socket_unwatch_fds(Socket *s) {
1242 SocketPort *p;
718db961 1243 int r;
9152c765 1244
034c6ed7
LP		 1245 assert(s);
1246
1247 LIST_FOREACH(port, p, s->ports) {
1248 if (p->fd < 0)
1249 continue;
1250
a4152e3f
LP		 1251 if (!p->event_source)
1252 continue;
1253
1254 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1255 if (r < 0)
79008bdd 1256 log_unit_debug(UNIT(s)->id, "Failed to disable event source.");
83c60c9f 1257 }
034c6ed7
LP		 1258}
1259
1260static int socket_watch_fds(Socket *s) {
1261 SocketPort *p;
1262 int r;
1263
1264 assert(s);
83c60c9f 1265
034c6ed7
LP		 1266 LIST_FOREACH(port, p, s->ports) {
1267 if (p->fd < 0)
1268 continue;
1269
718db961
LP		 1270 if (p->event_source)
1271 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1272 else
151b9b96 1273 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
4f2d528d 1274
7dfbe2e3 1275 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
718db961 1276 if (r < 0) {
31938a85 1277 log_unit_warning_errno(UNIT(s)->id, r, "Failed to watch listening fds: %m");
034c6ed7 1278 goto fail;
718db961 1279 }
034c6ed7 1280 }
83c60c9f 1281
542563ba 1282 return 0;
83c60c9f 1283
034c6ed7
LP		 1284fail:
1285 socket_unwatch_fds(s);
1286 return r;
1287}
1288
1289static void socket_set_state(Socket *s, SocketState state) {
1290 SocketState old_state;
1291 assert(s);
1292
1293 old_state = s->state;
1294 s->state = state;
1295
bd1fe7c7
LP		 1296 if (!IN_SET(state,
1297 SOCKET_START_PRE,
3900e5fd 1298 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1299 SOCKET_START_POST,
1300 SOCKET_STOP_PRE,
1301 SOCKET_STOP_PRE_SIGTERM,
1302 SOCKET_STOP_PRE_SIGKILL,
1303 SOCKET_STOP_POST,
1304 SOCKET_FINAL_SIGTERM,
1305 SOCKET_FINAL_SIGKILL)) {
718db961
LP		 1306
1307 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
5e94833f 1308 socket_unwatch_control_pid(s);
034c6ed7 1309 s->control_command = NULL;
a16e1123 1310 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
e537352b 1311 }
034c6ed7 1312
a16e1123
LP		 1313 if (state != SOCKET_LISTENING)
1314 socket_unwatch_fds(s);
1315
bd1fe7c7 1316 if (!IN_SET(state,
3900e5fd 1317 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1318 SOCKET_START_POST,
1319 SOCKET_LISTENING,
1320 SOCKET_RUNNING,
1321 SOCKET_STOP_PRE,
1322 SOCKET_STOP_PRE_SIGTERM,
1323 SOCKET_STOP_PRE_SIGKILL))
034c6ed7
LP		 1324 socket_close_fds(s);
1325
e537352b 1326 if (state != old_state)
79008bdd 1327 log_unit_debug(UNIT(s)->id, "%s changed %s -> %s",
e821075a 1328 UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
acbb0225 1329
e2f3b44c 1330 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
034c6ed7
LP		 1331}
1332
be847e82 1333static int socket_coldplug(Unit *u) {
a16e1123
LP		 1334 Socket *s = SOCKET(u);
1335 int r;
1336
1337 assert(s);
1338 assert(s->state == SOCKET_DEAD);
1339
e821075a
LP		 1340 if (s->deserialized_state == s->state)
1341 return 0;
a16e1123 1342
3900e5fd
LP		 1343 if (IN_SET(s->deserialized_state,
1344 SOCKET_START_PRE,
1345 SOCKET_START_CHOWN,
1346 SOCKET_START_POST,
1347 SOCKET_STOP_PRE,
1348 SOCKET_STOP_PRE_SIGTERM,
1349 SOCKET_STOP_PRE_SIGKILL,
1350 SOCKET_STOP_POST,
1351 SOCKET_FINAL_SIGTERM,
1352 SOCKET_FINAL_SIGKILL)) {
a16e1123 1353
e821075a
LP		 1354 if (s->control_pid <= 0)
1355 return -EBADMSG;
a16e1123 1356
e821075a
LP		 1357 r = unit_watch_pid(UNIT(s), s->control_pid);
1358 if (r < 0)
1359 return r;
a16e1123 1360
e821075a
LP		 1361 r = socket_arm_timer(s);
1362 if (r < 0)
1363 return r;
1364 }
a16e1123 1365
3900e5fd
LP		 1366 if (IN_SET(s->deserialized_state,
1367 SOCKET_START_CHOWN,
1368 SOCKET_START_POST,
1369 SOCKET_LISTENING,
1370 SOCKET_RUNNING,
1371 SOCKET_STOP_PRE,
1372 SOCKET_STOP_PRE_SIGTERM,
1373 SOCKET_STOP_PRE_SIGKILL)) {
e821075a
LP		 1374 r = socket_open_fds(s);
1375 if (r < 0)
1376 return r;
1377 }
a16e1123 1378
e821075a
LP		 1379 if (s->deserialized_state == SOCKET_LISTENING) {
1380 r = socket_watch_fds(s);
1381 if (r < 0)
1382 return r;
a16e1123
LP		 1383 }
1384
e821075a 1385 socket_set_state(s, s->deserialized_state);
a16e1123
LP		 1386 return 0;
1387}
1388
e537352b 1389static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
3900e5fd 1390 _cleanup_free_ char **argv = NULL;
034c6ed7
LP		 1391 pid_t pid;
1392 int r;
9fa95f85
DM		 1393 ExecParameters exec_params = {
1394 .apply_permissions = true,
1395 .apply_chroot = true,
1396 .apply_tty_stdin = true,
1397 };
034c6ed7
LP		 1398
1399 assert(s);
1400 assert(c);
1401 assert(_pid);
1402
5ad096b3
LP		 1403 (void) unit_realize_cgroup(UNIT(s));
1404 if (s->reset_cpu_usage) {
1405 (void) unit_reset_cpu_usage(UNIT(s));
1406 s->reset_cpu_usage = false;
1407 }
4ad49000 1408
613b411c
LP		 1409 r = unit_setup_exec_runtime(UNIT(s));
1410 if (r < 0)
1411 goto fail;
1412
718db961 1413 r = socket_arm_timer(s);
36697dc0 1414 if (r < 0)
e537352b 1415 goto fail;
034c6ed7 1416
19f6d710
LP		 1417 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1418 if (r < 0)
9e2f7c11 1419 goto fail;
9e2f7c11 1420
9fa95f85
DM		 1421 exec_params.argv = argv;
1422 exec_params.environment = UNIT(s)->manager->environment;
1423 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1424 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1425 exec_params.cgroup_path = UNIT(s)->cgroup_path;
a931ad47 1426 exec_params.cgroup_delegate = s->cgroup_context.delegate;
9fa95f85
DM		 1427 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1428 exec_params.unit_id = UNIT(s)->id;
1429
9e2f7c11 1430 r = exec_spawn(c,
9e2f7c11 1431 &s->exec_context,
9fa95f85 1432 &exec_params,
613b411c 1433 s->exec_runtime,
9e2f7c11 1434 &pid);
cee288ad
TA		 1435 if (r < 0)
1436 goto fail;
9e2f7c11 1437
3900e5fd 1438 r = unit_watch_pid(UNIT(s), pid);
9e2f7c11 1439 if (r < 0)
3900e5fd 1440 /* FIXME: we need to do something here */
034c6ed7
LP		 1441 goto fail;
1442
3900e5fd
LP		 1443 *_pid = pid;
1444 return 0;
1445
1446fail:
1447 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1448 return r;
1449}
1450
1451static int socket_chown(Socket *s, pid_t *_pid) {
1452 pid_t pid;
1453 int r;
1454
1455 r = socket_arm_timer(s);
1456 if (r < 0)
1457 goto fail;
1458
1459 /* We have to resolve the user names out-of-process, hence
1460 * let's fork here. It's messy, but well, what can we do? */
1461
1462 pid = fork();
1463 if (pid < 0)
1464 return -errno;
1465
1466 if (pid == 0) {
1467 SocketPort *p;
fed1e721
LP		 1468 uid_t uid = UID_INVALID;
1469 gid_t gid = GID_INVALID;
3900e5fd
LP		 1470 int ret;
1471
1472 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1473 ignore_signals(SIGPIPE, -1);
1474 log_forget_fds();
1475
1476 if (!isempty(s->user)) {
1477 const char *user = s->user;
1478
1479 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1480 if (r < 0) {
1481 ret = EXIT_USER;
1482 goto fail_child;
1483 }
1484 }
1485
1486 if (!isempty(s->group)) {
1487 const char *group = s->group;
1488
1489 r = get_group_creds(&group, &gid);
1490 if (r < 0) {
1491 ret = EXIT_GROUP;
1492 goto fail_child;
1493 }
1494 }
1495
1496 LIST_FOREACH(port, p, s->ports) {
e5a1c18d 1497 const char *path = NULL;
3900e5fd
LP		 1498
1499 if (p->type == SOCKET_SOCKET)
1500 path = socket_address_get_path(&p->address);
1501 else if (p->type == SOCKET_FIFO)
1502 path = p->path;
1503
1504 if (!path)
1505 continue;
1506
1507 if (chown(path, uid, gid) < 0) {
1508 r = -errno;
1509 ret = EXIT_CHOWN;
1510 goto fail_child;
1511 }
1512 }
1513
1514 _exit(0);
1515
1516 fail_child:
1517 log_open();
da927ba9 1518 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
3900e5fd
LP		 1519
1520 _exit(ret);
1521 }
1522
718db961
LP		 1523 r = unit_watch_pid(UNIT(s), pid);
1524 if (r < 0)
034c6ed7 1525 goto fail;
83c60c9f 1526
034c6ed7 1527 *_pid = pid;
034c6ed7
LP		 1528 return 0;
1529
1530fail:
718db961 1531 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
83c60c9f 1532 return r;
542563ba
LP		 1533}
1534
cfc4eb4c 1535static void socket_enter_dead(Socket *s, SocketResult f) {
034c6ed7
LP		 1536 assert(s);
1537
cfc4eb4c
LP		 1538 if (f != SOCKET_SUCCESS)
1539 s->result = f;
034c6ed7 1540
613b411c
LP		 1541 exec_runtime_destroy(s->exec_runtime);
1542 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1543
e66cf1a3
LP		 1544 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1545
cfc4eb4c 1546 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
034c6ed7
LP		 1547}
1548
cfc4eb4c 1549static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
80876c20 1550
cfc4eb4c 1551static void socket_enter_stop_post(Socket *s, SocketResult f) {
034c6ed7
LP		 1552 int r;
1553 assert(s);
1554
cfc4eb4c
LP		 1555 if (f != SOCKET_SUCCESS)
1556 s->result = f;
034c6ed7 1557
5e94833f 1558 socket_unwatch_control_pid(s);
a16e1123 1559 s->control_command_id = SOCKET_EXEC_STOP_POST;
3900e5fd 1560 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
a16e1123 1561
3900e5fd
LP		 1562 if (s->control_command) {
1563 r = socket_spawn(s, s->control_command, &s->control_pid);
1564 if (r < 0)
034c6ed7
LP		 1565 goto fail;
1566
80876c20
LP		 1567 socket_set_state(s, SOCKET_STOP_POST);
1568 } else
cfc4eb4c 1569 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
034c6ed7
LP		 1570
1571 return;
1572
1573fail:
79008bdd 1574 log_unit_warning(UNIT(s)->id,
66870f90
ZJS		 1575 "%s failed to run 'stop-post' task: %s",
1576 UNIT(s)->id, strerror(-r));
cfc4eb4c 1577 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1578}
1579
cfc4eb4c 1580static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
034c6ed7
LP		 1581 int r;
1582
1583 assert(s);
1584
cfc4eb4c
LP		 1585 if (f != SOCKET_SUCCESS)
1586 s->result = f;
034c6ed7 1587
cd2086fe
LP		 1588 r = unit_kill_context(
1589 UNIT(s),
1590 &s->kill_context,
db2cb23b
UTL		 1591 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1592 KILL_KILL : KILL_TERMINATE,
cd2086fe
LP		 1593 -1,
1594 s->control_pid,
1595 false);
1596 if (r < 0)
1597 goto fail;
034c6ed7 1598
cd2086fe 1599 if (r > 0) {
718db961 1600 r = socket_arm_timer(s);
36697dc0 1601 if (r < 0)
80876c20 1602 goto fail;
d6ea93e3 1603
80876c20 1604 socket_set_state(s, state);
ac84d1fb
LP		 1605 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1606 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1607 else if (state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1608 socket_enter_stop_post(s, SOCKET_SUCCESS);
ac84d1fb
LP		 1609 else if (state == SOCKET_FINAL_SIGTERM)
1610 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
80876c20 1611 else
cfc4eb4c 1612 socket_enter_dead(s, SOCKET_SUCCESS);
034c6ed7
LP		 1613
1614 return;
1615
1616fail:
31938a85 1617 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to kill processes: %m", UNIT(s)->id);
034c6ed7
LP		 1618
1619 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1620 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1621 else
cfc4eb4c 1622 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1623}
1624
cfc4eb4c 1625static void socket_enter_stop_pre(Socket *s, SocketResult f) {
034c6ed7
LP		 1626 int r;
1627 assert(s);
1628
cfc4eb4c
LP		 1629 if (f != SOCKET_SUCCESS)
1630 s->result = f;
034c6ed7 1631
5e94833f 1632 socket_unwatch_control_pid(s);
a16e1123 1633 s->control_command_id = SOCKET_EXEC_STOP_PRE;
3900e5fd 1634 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
a16e1123 1635
3900e5fd
LP		 1636 if (s->control_command) {
1637 r = socket_spawn(s, s->control_command, &s->control_pid);
1638 if (r < 0)
034c6ed7
LP		 1639 goto fail;
1640
80876c20
LP		 1641 socket_set_state(s, SOCKET_STOP_PRE);
1642 } else
cfc4eb4c 1643 socket_enter_stop_post(s, SOCKET_SUCCESS);
034c6ed7
LP		 1644
1645 return;
1646
1647fail:
31938a85 1648 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'stop-pre' task: %m", UNIT(s)->id);
cfc4eb4c 1649 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1650}
1651
e9af15c3
LP		 1652static void socket_enter_listening(Socket *s) {
1653 int r;
1654 assert(s);
1655
cfc4eb4c
LP		 1656 r = socket_watch_fds(s);
1657 if (r < 0) {
31938a85 1658 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to watch sockets: %m", UNIT(s)->id);
e9af15c3
LP		 1659 goto fail;
1660 }
1661
1662 socket_set_state(s, SOCKET_LISTENING);
1663 return;
1664
1665fail:
cfc4eb4c 1666 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
e9af15c3
LP		 1667}
1668
034c6ed7
LP		 1669static void socket_enter_start_post(Socket *s) {
1670 int r;
1671 assert(s);
1672
3900e5fd
LP		 1673 socket_unwatch_control_pid(s);
1674 s->control_command_id = SOCKET_EXEC_START_POST;
1675 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1676
1677 if (s->control_command) {
1678 r = socket_spawn(s, s->control_command, &s->control_pid);
1679 if (r < 0) {
31938a85 1680 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'start-post' task: %m", UNIT(s)->id);
3900e5fd
LP		 1681 goto fail;
1682 }
1683
1684 socket_set_state(s, SOCKET_START_POST);
1685 } else
1686 socket_enter_listening(s);
1687
1688 return;
1689
1690fail:
1691 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1692}
1693
1694static void socket_enter_start_chown(Socket *s) {
1695 int r;
1696
1697 assert(s);
1698
cfc4eb4c
LP		 1699 r = socket_open_fds(s);
1700 if (r < 0) {
31938a85 1701 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to listen on sockets: %m", UNIT(s)->id);
034c6ed7
LP		 1702 goto fail;
1703 }
1704
3900e5fd 1705 if (!isempty(s->user) || !isempty(s->group)) {
5e94833f 1706
3900e5fd
LP		 1707 socket_unwatch_control_pid(s);
1708 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1709 s->control_command = NULL;
a16e1123 1710
3900e5fd 1711 r = socket_chown(s, &s->control_pid);
cfc4eb4c 1712 if (r < 0) {
31938a85 1713 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to fork 'start-chown' task: %m", UNIT(s)->id);
034c6ed7
LP		 1714 goto fail;
1715 }
1716
3900e5fd 1717 socket_set_state(s, SOCKET_START_CHOWN);
80876c20 1718 } else
3900e5fd 1719 socket_enter_start_post(s);
034c6ed7
LP		 1720
1721 return;
1722
1723fail:
cfc4eb4c 1724 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1725}
1726
1727static void socket_enter_start_pre(Socket *s) {
1728 int r;
1729 assert(s);
1730
5e94833f 1731 socket_unwatch_control_pid(s);
a16e1123 1732 s->control_command_id = SOCKET_EXEC_START_PRE;
3900e5fd 1733 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
a16e1123 1734
3900e5fd 1735 if (s->control_command) {
e821075a 1736 r = socket_spawn(s, s->control_command, &s->control_pid);
3900e5fd 1737 if (r < 0) {
31938a85 1738 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'start-pre' task: %m", UNIT(s)->id);
034c6ed7 1739 goto fail;
3900e5fd 1740 }
034c6ed7 1741
80876c20
LP		 1742 socket_set_state(s, SOCKET_START_PRE);
1743 } else
3900e5fd 1744 socket_enter_start_chown(s);
034c6ed7
LP		 1745
1746 return;
1747
1748fail:
cfc4eb4c 1749 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1750}
1751
4f2d528d 1752static void socket_enter_running(Socket *s, int cfd) {
718db961 1753 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
034c6ed7
LP		 1754 int r;
1755
1756 assert(s);
1757
ba3e67a7
LP		 1758 /* We don't take connections anymore if we are supposed to
1759 * shut down anyway */
31afa0a4 1760 if (unit_stop_pending(UNIT(s))) {
e821075a 1761
79008bdd 1762 log_unit_debug(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
5d909e3e 1763
7c610628 1764 if (cfd >= 0)
03e334a1 1765 safe_close(cfd);
7c610628
LP		 1766 else {
1767 /* Flush all sockets by closing and reopening them */
1768 socket_close_fds(s);
1769
16ac4014
LP		 1770 r = socket_open_fds(s);
1771 if (r < 0) {
31938a85 1772 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to listen on sockets: %m", UNIT(s)->id);
16ac4014
LP		 1773 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1774 return;
1775 }
1776
1a710b43
MS		 1777 r = socket_watch_fds(s);
1778 if (r < 0) {
31938a85 1779 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to watch sockets: %m", UNIT(s)->id);
cfc4eb4c 1780 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
7c610628
LP		 1781 }
1782 }
1783
ba3e67a7
LP		 1784 return;
1785 }
1786
4f2d528d 1787 if (cfd < 0) {
57020a3a 1788 Iterator i;
e821075a 1789 Unit *other;
f976f3f6 1790 bool pending = false;
f976f3f6
LP		 1791
1792 /* If there's already a start pending don't bother to
1793 * do anything */
e821075a
LP		 1794 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1795 if (unit_active_or_pending(other)) {
57020a3a
LP		 1796 pending = true;
1797 break;
1798 }
f976f3f6 1799
1a710b43 1800 if (!pending) {
640ace4a 1801 if (!UNIT_ISSET(s->service)) {
79008bdd 1802 log_unit_error(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
640ace4a
LP		 1803 r = -ENOENT;
1804 goto fail;
1805 }
1806
1a710b43
MS		 1807 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1808 if (r < 0)
f976f3f6 1809 goto fail;
1a710b43 1810 }
4f2d528d
LP		 1811
1812 socket_set_state(s, SOCKET_RUNNING);
1813 } else {
e55001eb 1814 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
b15bdda8 1815 Service *service;
4f2d528d 1816
6cf6bbc2 1817 if (s->n_connections >= s->max_connections) {
79008bdd 1818 log_unit_warning(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
03e334a1 1819 safe_close(cfd);
6cf6bbc2
LP		 1820 return;
1821 }
1822
1a710b43
MS		 1823 r = socket_instantiate_service(s);
1824 if (r < 0)
b15bdda8
LP		 1825 goto fail;
1826
1a710b43
MS		 1827 r = instance_from_socket(cfd, s->n_accepted, &instance);
1828 if (r < 0) {
1829 if (r != -ENOTCONN)
1830 goto fail;
1831
1832 /* ENOTCONN is legitimate if TCP RST was received.
1833 * This connection is over, but the socket unit lives on. */
03e334a1 1834 safe_close(cfd);
1a710b43
MS		 1835 return;
1836 }
4f2d528d 1837
1a710b43
MS		 1838 prefix = unit_name_to_prefix(UNIT(s)->id);
1839 if (!prefix) {
4f2d528d
LP		 1840 r = -ENOMEM;
1841 goto fail;
1842 }
1843
1844 name = unit_name_build(prefix, instance, ".service");
b6dbbe1c 1845 if (!name) {
4f2d528d 1846 r = -ENOMEM;
b6dbbe1c
LP		 1847 goto fail;
1848 }
4f2d528d 1849
1a710b43 1850 r = unit_add_name(UNIT_DEREF(s->service), name);
e55001eb 1851 if (r < 0)
4f2d528d 1852 goto fail;
b15bdda8 1853
57020a3a
LP		 1854 service = SERVICE(UNIT_DEREF(s->service));
1855 unit_ref_unset(&s->service);
b15bdda8 1856 s->n_accepted ++;
4f2d528d 1857
1124fe6f 1858 UNIT(service)->no_gc = false;
6c073082 1859
b15bdda8 1860 unit_choose_id(UNIT(service), name);
b15bdda8 1861
16115b0a 1862 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1a710b43 1863 if (r < 0)
4f2d528d
LP		 1864 goto fail;
1865
1866 cfd = -1;
6cf6bbc2
LP		 1867 s->n_connections ++;
1868
1a710b43
MS		 1869 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1870 if (r < 0)
4f2d528d 1871 goto fail;
c4e2ceae
LP		 1872
1873 /* Notify clients about changed counters */
1874 unit_add_to_dbus_queue(UNIT(s));
4f2d528d 1875 }
034c6ed7 1876
034c6ed7
LP		 1877 return;
1878
1879fail:
79008bdd 1880 log_unit_warning(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
e821075a 1881 UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
718db961 1882 bus_error_message(&error, r));
e821075a 1883
60089004 1884 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
03e334a1 1885 safe_close(cfd);
034c6ed7
LP		 1886}
1887
cfc4eb4c 1888static void socket_run_next(Socket *s) {
034c6ed7
LP		 1889 int r;
1890
1891 assert(s);
1892 assert(s->control_command);
1893 assert(s->control_command->command_next);
1894
5e94833f
LP		 1895 socket_unwatch_control_pid(s);
1896
034c6ed7
LP		 1897 s->control_command = s->control_command->command_next;
1898
e821075a
LP		 1899 r = socket_spawn(s, s->control_command, &s->control_pid);
1900 if (r < 0)
034c6ed7
LP		 1901 goto fail;
1902
1903 return;
1904
1905fail:
31938a85 1906 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run next task: %m", UNIT(s)->id);
80876c20
LP		 1907
1908 if (s->state == SOCKET_START_POST)
cfc4eb4c 1909 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1910 else if (s->state == SOCKET_STOP_POST)
cfc4eb4c 1911 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1912 else
cfc4eb4c 1913 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1914}
1915
87f0e418
LP		 1916static int socket_start(Unit *u) {
1917 Socket *s = SOCKET(u);
83c60c9f
LP		 1918
1919 assert(s);
1920
034c6ed7
LP		 1921 /* We cannot fulfill this request right now, try again later
1922 * please! */
3900e5fd
LP		 1923 if (IN_SET(s->state,
1924 SOCKET_STOP_PRE,
1925 SOCKET_STOP_PRE_SIGKILL,
1926 SOCKET_STOP_PRE_SIGTERM,
1927 SOCKET_STOP_POST,
1928 SOCKET_FINAL_SIGTERM,
1929 SOCKET_FINAL_SIGKILL))
034c6ed7
LP		 1930 return -EAGAIN;
1931
a4152e3f 1932 /* Already on it! */
3900e5fd
LP		 1933 if (IN_SET(s->state,
1934 SOCKET_START_PRE,
1935 SOCKET_START_CHOWN,
1936 SOCKET_START_POST))
034c6ed7 1937 return 0;
83c60c9f 1938
034c6ed7 1939 /* Cannot run this without the service being around */
9444b1f2 1940 if (UNIT_ISSET(s->service)) {
57020a3a
LP		 1941 Service *service;
1942
1943 service = SERVICE(UNIT_DEREF(s->service));
1944
1124fe6f 1945 if (UNIT(service)->load_state != UNIT_LOADED) {
79008bdd 1946 log_unit_error(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
4f2d528d 1947 return -ENOENT;
4ac9236f 1948 }
4f2d528d 1949
35b8ca3a 1950 /* If the service is already active we cannot start the
4f2d528d 1951 * socket */
57020a3a
LP		 1952 if (service->state != SERVICE_DEAD &&
1953 service->state != SERVICE_FAILED &&
1954 service->state != SERVICE_AUTO_RESTART) {
79008bdd 1955 log_unit_error(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
4f2d528d 1956 return -EBUSY;
4ac9236f 1957 }
4f2d528d 1958 }
e537352b 1959
fdf20a31 1960 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
83c60c9f 1961
cfc4eb4c 1962 s->result = SOCKET_SUCCESS;
5ad096b3
LP		 1963 s->reset_cpu_usage = true;
1964
034c6ed7 1965 socket_enter_start_pre(s);
e821075a 1966
82a2b6bb 1967 return 1;
034c6ed7 1968}
83c60c9f 1969
87f0e418
LP		 1970static int socket_stop(Unit *u) {
1971 Socket *s = SOCKET(u);
034c6ed7
LP		 1972
1973 assert(s);
1974
e537352b 1975 /* Already on it */
3900e5fd
LP		 1976 if (IN_SET(s->state,
1977 SOCKET_STOP_PRE,
1978 SOCKET_STOP_PRE_SIGTERM,
1979 SOCKET_STOP_PRE_SIGKILL,
1980 SOCKET_STOP_POST,
1981 SOCKET_FINAL_SIGTERM,
1982 SOCKET_FINAL_SIGKILL))
e537352b
LP		 1983 return 0;
1984
3f6c78dc
LP		 1985 /* If there's already something running we go directly into
1986 * kill mode. */
3900e5fd
LP		 1987 if (IN_SET(s->state,
1988 SOCKET_START_PRE,
1989 SOCKET_START_CHOWN,
1990 SOCKET_START_POST)) {
cfc4eb4c 1991 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
3f6c78dc
LP		 1992 return -EAGAIN;
1993 }
1994
034c6ed7 1995 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
83c60c9f 1996
cfc4eb4c 1997 socket_enter_stop_pre(s, SOCKET_SUCCESS);
82a2b6bb 1998 return 1;
542563ba
LP		 1999}
2000
a16e1123
LP		 2001static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2002 Socket *s = SOCKET(u);
2003 SocketPort *p;
2004 int r;
2005
2006 assert(u);
2007 assert(f);
2008 assert(fds);
2009
2010 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
cfc4eb4c 2011 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
a16e1123
LP		 2012 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2013
2014 if (s->control_pid > 0)
de0671ee 2015 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
a16e1123
LP		 2016
2017 if (s->control_command_id >= 0)
2018 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2019
2020 LIST_FOREACH(port, p, s->ports) {
2021 int copy;
2022
2023 if (p->fd < 0)
2024 continue;
2025
613b411c
LP		 2026 copy = fdset_put_dup(fds, p->fd);
2027 if (copy < 0)
a16e1123
LP		 2028 return copy;
2029
2030 if (p->type == SOCKET_SOCKET) {
613b411c 2031 _cleanup_free_ char *t = NULL;
a16e1123 2032
ee092817
LP		 2033 r = socket_address_print(&p->address, &t);
2034 if (r < 0)
a16e1123
LP		 2035 return r;
2036
7a22745a
LP		 2037 if (socket_address_family(&p->address) == AF_NETLINK)
2038 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2039 else
2040 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
613b411c 2041
b0a3f2bc
LP		 2042 } else if (p->type == SOCKET_SPECIAL)
2043 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
ee092817
LP		 2044 else if (p->type == SOCKET_MQUEUE)
2045 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
b0a3f2bc 2046 else {
a16e1123
LP		 2047 assert(p->type == SOCKET_FIFO);
2048 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2049 }
2050 }
2051
2052 return 0;
2053}
2054
2055static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2056 Socket *s = SOCKET(u);
a16e1123
LP		 2057
2058 assert(u);
2059 assert(key);
2060 assert(value);
a16e1123
LP		 2061
2062 if (streq(key, "state")) {
2063 SocketState state;
2064
ee092817
LP		 2065 state = socket_state_from_string(value);
2066 if (state < 0)
79008bdd 2067 log_unit_debug(u->id, "Failed to parse state value %s", value);
a16e1123
LP		 2068 else
2069 s->deserialized_state = state;
cfc4eb4c
LP		 2070 } else if (streq(key, "result")) {
2071 SocketResult f;
a16e1123 2072
cfc4eb4c
LP		 2073 f = socket_result_from_string(value);
2074 if (f < 0)
79008bdd 2075 log_unit_debug(u->id, "Failed to parse result value %s", value);
cfc4eb4c
LP		 2076 else if (f != SOCKET_SUCCESS)
2077 s->result = f;
a16e1123
LP		 2078
2079 } else if (streq(key, "n-accepted")) {
2080 unsigned k;
2081
e364ad06 2082 if (safe_atou(value, &k) < 0)
79008bdd 2083 log_unit_debug(u->id, "Failed to parse n-accepted value %s", value);
a16e1123
LP		 2084 else
2085 s->n_accepted += k;
2086 } else if (streq(key, "control-pid")) {
5925dd3c 2087 pid_t pid;
a16e1123 2088
e364ad06 2089 if (parse_pid(value, &pid) < 0)
79008bdd 2090 log_unit_debug(u->id, "Failed to parse control-pid value %s", value);
a16e1123 2091 else
5925dd3c 2092 s->control_pid = pid;
a16e1123
LP		 2093 } else if (streq(key, "control-command")) {
2094 SocketExecCommand id;
2095
66870f90
ZJS		 2096 id = socket_exec_command_from_string(value);
2097 if (id < 0)
79008bdd 2098 log_unit_debug(u->id, "Failed to parse exec-command value %s", value);
a16e1123
LP		 2099 else {
2100 s->control_command_id = id;
2101 s->control_command = s->exec_command[id];
2102 }
2103 } else if (streq(key, "fifo")) {
2104 int fd, skip = 0;
2105 SocketPort *p;
2106
2107 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
79008bdd 2108 log_unit_debug(u->id, "Failed to parse fifo value %s", value);
a16e1123
LP		 2109 else {
2110
2111 LIST_FOREACH(port, p, s->ports)
b0a3f2bc 2112 if (p->type == SOCKET_FIFO &&
c78e47a6 2113 path_equal_or_files_same(p->path, value+skip))
b0a3f2bc
LP		 2114 break;
2115
2116 if (p) {
03e334a1 2117 safe_close(p->fd);
b0a3f2bc
LP		 2118 p->fd = fdset_remove(fds, fd);
2119 }
2120 }
2121
2122 } else if (streq(key, "special")) {
2123 int fd, skip = 0;
2124 SocketPort *p;
2125
2126 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
79008bdd 2127 log_unit_debug(u->id, "Failed to parse special value %s", value);
b0a3f2bc
LP		 2128 else {
2129
2130 LIST_FOREACH(port, p, s->ports)
2131 if (p->type == SOCKET_SPECIAL &&
c78e47a6 2132 path_equal_or_files_same(p->path, value+skip))
a16e1123
LP		 2133 break;
2134
2135 if (p) {
03e334a1 2136 safe_close(p->fd);
a16e1123
LP		 2137 p->fd = fdset_remove(fds, fd);
2138 }
2139 }
2140
ee092817
LP		 2141 } else if (streq(key, "mqueue")) {
2142 int fd, skip = 0;
2143 SocketPort *p;
2144
2145 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
79008bdd 2146 log_unit_debug(u->id, "Failed to parse mqueue value %s", value);
ee092817
LP		 2147 else {
2148
2149 LIST_FOREACH(port, p, s->ports)
2150 if (p->type == SOCKET_MQUEUE &&
c78e47a6 2151 streq(p->path, value+skip))
ee092817
LP		 2152 break;
2153
2154 if (p) {
03e334a1 2155 safe_close(p->fd);
ee092817
LP		 2156 p->fd = fdset_remove(fds, fd);
2157 }
2158 }
2159
a16e1123 2160 } else if (streq(key, "socket")) {
27ca8d7a 2161 int fd, type, skip = 0;
a16e1123
LP		 2162 SocketPort *p;
2163
27ca8d7a 2164 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
79008bdd 2165 log_unit_debug(u->id, "Failed to parse socket value %s", value);
a16e1123
LP		 2166 else {
2167
2168 LIST_FOREACH(port, p, s->ports)
27ca8d7a 2169 if (socket_address_is(&p->address, value+skip, type))
a16e1123
LP		 2170 break;
2171
2172 if (p) {
03e334a1 2173 safe_close(p->fd);
a16e1123
LP		 2174 p->fd = fdset_remove(fds, fd);
2175 }
2176 }
2177
7a22745a
LP		 2178 } else if (streq(key, "netlink")) {
2179 int fd, skip = 0;
2180 SocketPort *p;
2181
2182 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
79008bdd 2183 log_unit_debug(u->id, "Failed to parse socket value %s", value);
7a22745a
LP		 2184 else {
2185
2186 LIST_FOREACH(port, p, s->ports)
2187 if (socket_address_is_netlink(&p->address, value+skip))
2188 break;
2189
2190 if (p) {
03e334a1 2191 safe_close(p->fd);
7a22745a
LP		 2192 p->fd = fdset_remove(fds, fd);
2193 }
2194 }
a16e1123 2195 } else
79008bdd 2196 log_unit_debug(UNIT(s)->id, "Unknown serialization key '%s'", key);
a16e1123
LP		 2197
2198 return 0;
2199}
2200
01e10de3
LP		 2201static int socket_distribute_fds(Unit *u, FDSet *fds) {
2202 Socket *s = SOCKET(u);
2203 SocketPort *p;
2204
2205 assert(u);
2206
2207 LIST_FOREACH(port, p, s->ports) {
2208 Iterator i;
2209 int fd;
2210
2211 if (p->type != SOCKET_SOCKET)
2212 continue;
2213
2214 if (p->fd >= 0)
2215 continue;
2216
2217 FDSET_FOREACH(fd, fds, i) {
2218 if (socket_address_matches_fd(&p->address, fd)) {
2219 p->fd = fdset_remove(fds, fd);
2220 s->deserialized_state = SOCKET_LISTENING;
2221 break;
2222 }
2223 }
2224 }
2225
2226 return 0;
2227}
2228
44a6b1b6 2229_pure_ static UnitActiveState socket_active_state(Unit *u) {
87f0e418 2230 assert(u);
5cb5a6ff 2231
acbb0225 2232 return state_translation_table[SOCKET(u)->state];
5cb5a6ff
LP		 2233}
2234
44a6b1b6 2235_pure_ static const char *socket_sub_state_to_string(Unit *u) {
10a94420
LP		 2236 assert(u);
2237
a16e1123 2238 return socket_state_to_string(SOCKET(u)->state);
10a94420
LP		 2239}
2240
67419600
OS		 2241const char* socket_port_type_to_string(SocketPort *p) {
2242
2243 assert(p);
2244
2245 switch (p->type) {
718db961
LP		 2246
2247 case SOCKET_SOCKET:
2248
2249 switch (p->address.type) {
2250
2251 case SOCK_STREAM:
2252 return "Stream";
2253
2254 case SOCK_DGRAM:
2255 return "Datagram";
2256
2257 case SOCK_SEQPACKET:
2258 return "SequentialPacket";
2259
2260 case SOCK_RAW:
2261 if (socket_address_family(&p->address) == AF_NETLINK)
2262 return "Netlink";
2263
2264 default:
2265 return NULL;
2266 }
2267
2268 case SOCKET_SPECIAL:
2269 return "Special";
2270
2271 case SOCKET_MQUEUE:
2272 return "MessageQueue";
2273
2274 case SOCKET_FIFO:
2275 return "FIFO";
2276
2277 default:
2278 return NULL;
67419600
OS		 2279 }
2280}
2281
44a6b1b6 2282_pure_ static bool socket_check_gc(Unit *u) {
6cf6bbc2
LP		 2283 Socket *s = SOCKET(u);
2284
2285 assert(u);
2286
2287 return s->n_connections > 0;
2288}
2289
718db961
LP		 2290static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2291 SocketPort *p = userdata;
4f2d528d 2292 int cfd = -1;
9152c765 2293
718db961 2294 assert(p);
8d567588 2295 assert(fd >= 0);
9152c765 2296
718db961
LP		 2297 if (p->socket->state != SOCKET_LISTENING)
2298 return 0;
871d7de4 2299
79008bdd 2300 log_unit_debug(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
9152c765 2301
718db961 2302 if (revents != EPOLLIN) {
641e01dc 2303
718db961 2304 if (revents & EPOLLHUP)
79008bdd 2305 log_unit_error(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
718db961 2306 UNIT(p->socket)->id);
641e01dc 2307 else
79008bdd 2308 log_unit_error(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
718db961 2309 UNIT(p->socket)->id, revents);
641e01dc 2310
8d567588 2311 goto fail;
4f2d528d
LP		 2312 }
2313
718db961
LP		 2314 if (p->socket->accept &&
2315 p->type == SOCKET_SOCKET &&
2316 socket_address_can_accept(&p->address)) {
2317
4f2d528d
LP		 2318 for (;;) {
2319
b14eda96
LP		 2320 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2321 if (cfd < 0) {
4f2d528d
LP		 2322
2323 if (errno == EINTR)
2324 continue;
2325
e5403f09 2326 log_unit_error(UNIT(p->socket)->id, "Failed to accept socket: %m");
8d567588 2327 goto fail;
4f2d528d
LP		 2328 }
2329
2330 break;
2331 }
4fd5948e 2332
718db961 2333 socket_apply_socket_options(p->socket, cfd);
4f2d528d 2334 }
9152c765 2335
718db961
LP		 2336 socket_enter_running(p->socket, cfd);
2337 return 0;
8d567588
LP		 2338
2339fail:
718db961
LP		 2340 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2341 return 0;
9152c765
LP		 2342}
2343
87f0e418
LP		 2344static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2345 Socket *s = SOCKET(u);
cfc4eb4c 2346 SocketResult f;
5cb5a6ff
LP		 2347
2348 assert(s);
034c6ed7 2349 assert(pid >= 0);
5cb5a6ff 2350
8c47c732
LP		 2351 if (pid != s->control_pid)
2352 return;
542563ba 2353
034c6ed7
LP		 2354 s->control_pid = 0;
2355
96342de6 2356 if (is_clean_exit(code, status, NULL))
cfc4eb4c
LP		 2357 f = SOCKET_SUCCESS;
2358 else if (code == CLD_EXITED)
2359 f = SOCKET_FAILURE_EXIT_CODE;
2360 else if (code == CLD_KILLED)
2361 f = SOCKET_FAILURE_SIGNAL;
2362 else if (code == CLD_DUMPED)
2363 f = SOCKET_FAILURE_CORE_DUMP;
2364 else
a4152e3f 2365 assert_not_reached("Unknown sigchld code");
8c47c732 2366
b708e7ce 2367 if (s->control_command) {
6ea832a2 2368 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
a16e1123 2369
b708e7ce 2370 if (s->control_command->ignore)
cfc4eb4c 2371 f = SOCKET_SUCCESS;
b708e7ce
LP		 2372 }
2373
79008bdd
LP		 2374 log_unit_full(u->id,
2375 f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
66870f90
ZJS		 2376 "%s control process exited, code=%s status=%i",
2377 u->id, sigchld_code_to_string(code), status);
034c6ed7 2378
cfc4eb4c
LP		 2379 if (f != SOCKET_SUCCESS)
2380 s->result = f;
2381
2382 if (s->control_command &&
2383 s->control_command->command_next &&
2384 f == SOCKET_SUCCESS) {
2385
79008bdd 2386 log_unit_debug(u->id,
66870f90
ZJS		 2387 "%s running next command for state %s",
2388 u->id, socket_state_to_string(s->state));
cfc4eb4c 2389 socket_run_next(s);
acbb0225 2390 } else {
a16e1123
LP		 2391 s->control_command = NULL;
2392 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2393
034c6ed7
LP		 2394 /* No further commands for this step, so let's figure
2395 * out what to do next */
5cb5a6ff 2396
79008bdd 2397 log_unit_debug(u->id,
66870f90
ZJS		 2398 "%s got final SIGCHLD for state %s",
2399 u->id, socket_state_to_string(s->state));
acbb0225 2400
034c6ed7
LP		 2401 switch (s->state) {
2402
2403 case SOCKET_START_PRE:
cfc4eb4c 2404 if (f == SOCKET_SUCCESS)
3900e5fd 2405 socket_enter_start_chown(s);
034c6ed7 2406 else
cfc4eb4c 2407 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
034c6ed7
LP		 2408 break;
2409
3900e5fd
LP		 2410 case SOCKET_START_CHOWN:
2411 if (f == SOCKET_SUCCESS)
2412 socket_enter_start_post(s);
2413 else
2414 socket_enter_stop_pre(s, f);
2415 break;
2416
034c6ed7 2417 case SOCKET_START_POST:
cfc4eb4c 2418 if (f == SOCKET_SUCCESS)
e9af15c3 2419 socket_enter_listening(s);
034c6ed7 2420 else
cfc4eb4c 2421 socket_enter_stop_pre(s, f);
034c6ed7
LP		 2422 break;
2423
2424 case SOCKET_STOP_PRE:
2425 case SOCKET_STOP_PRE_SIGTERM:
2426 case SOCKET_STOP_PRE_SIGKILL:
cfc4eb4c 2427 socket_enter_stop_post(s, f);
034c6ed7
LP		 2428 break;
2429
2430 case SOCKET_STOP_POST:
80876c20
LP		 2431 case SOCKET_FINAL_SIGTERM:
2432 case SOCKET_FINAL_SIGKILL:
cfc4eb4c 2433 socket_enter_dead(s, f);
034c6ed7
LP		 2434 break;
2435
2436 default:
2437 assert_not_reached("Uh, control process died at wrong time.");
2438 }
2439 }
c4e2ceae
LP		 2440
2441 /* Notify clients about changed exit status */
2442 unit_add_to_dbus_queue(u);
034c6ed7 2443}
5cb5a6ff 2444
718db961
LP		 2445static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2446 Socket *s = SOCKET(userdata);
5cb5a6ff 2447
034c6ed7 2448 assert(s);
718db961 2449 assert(s->timer_event_source == source);
034c6ed7
LP		 2450
2451 switch (s->state) {
2452
2453 case SOCKET_START_PRE:
79008bdd 2454 log_unit_warning(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
cfc4eb4c 2455 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
da19d5c1 2456 break;
80876c20 2457
3900e5fd 2458 case SOCKET_START_CHOWN:
034c6ed7 2459 case SOCKET_START_POST:
79008bdd 2460 log_unit_warning(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
cfc4eb4c 2461 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2462 break;
2463
2464 case SOCKET_STOP_PRE:
79008bdd 2465 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
cfc4eb4c 2466 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2467 break;
2468
2469 case SOCKET_STOP_PRE_SIGTERM:
4819ff03 2470 if (s->kill_context.send_sigkill) {
79008bdd 2471 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
cfc4eb4c 2472 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2473 } else {
79008bdd 2474 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
cfc4eb4c 2475 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2476 }
034c6ed7
LP		 2477 break;
2478
2479 case SOCKET_STOP_PRE_SIGKILL:
79008bdd 2480 log_unit_warning(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
cfc4eb4c 2481 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2482 break;
2483
2484 case SOCKET_STOP_POST:
79008bdd 2485 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
cfc4eb4c 2486 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2487 break;
2488
80876c20 2489 case SOCKET_FINAL_SIGTERM:
4819ff03 2490 if (s->kill_context.send_sigkill) {
79008bdd 2491 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
cfc4eb4c 2492 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2493 } else {
79008bdd 2494 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
cfc4eb4c 2495 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2496 }
034c6ed7
LP		 2497 break;
2498
80876c20 2499 case SOCKET_FINAL_SIGKILL:
79008bdd 2500 log_unit_warning(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
cfc4eb4c 2501 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2502 break;
2503
2504 default:
2505 assert_not_reached("Timeout at wrong time.");
2506 }
718db961
LP		 2507
2508 return 0;
5cb5a6ff
LP		 2509}
2510
44d8db9e
LP		 2511int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2512 int *rfds;
2513 unsigned rn_fds, k;
2514 SocketPort *p;
2515
2516 assert(s);
2517 assert(fds);
2518 assert(n_fds);
2519
2520 /* Called from the service code for requesting our fds */
2521
2522 rn_fds = 0;
2523 LIST_FOREACH(port, p, s->ports)
2524 if (p->fd >= 0)
2525 rn_fds++;
2526
de3756ab
LP		 2527 if (rn_fds <= 0) {
2528 *fds = NULL;
2529 *n_fds = 0;
2530 return 0;
2531 }
2532
e5403f09
LP		 2533 rfds = new(int, rn_fds);
2534 if (!rfds)
44d8db9e
LP		 2535 return -ENOMEM;
2536
2537 k = 0;
2538 LIST_FOREACH(port, p, s->ports)
2539 if (p->fd >= 0)
2540 rfds[k++] = p->fd;
2541
2542 assert(k == rn_fds);
2543
2544 *fds = rfds;
2545 *n_fds = rn_fds;
2546
2547 return 0;
2548}
2549
e821075a
LP		 2550static void socket_reset_failed(Unit *u) {
2551 Socket *s = SOCKET(u);
2552
2553 assert(s);
2554
2555 if (s->state == SOCKET_FAILED)
2556 socket_set_state(s, SOCKET_DEAD);
2557
2558 s->result = SOCKET_SUCCESS;
2559}
2560
d137a488 2561static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
ceee3d82
LP		 2562 assert(s);
2563
6cf6bbc2
LP		 2564 /* The service is dead. Dang!
2565 *
2566 * This is strictly for one-instance-for-all-connections
2567 * services. */
ceee3d82
LP		 2568
2569 if (s->state == SOCKET_RUNNING) {
79008bdd 2570 log_unit_debug(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
6bda96a0
LP		 2571 if (failed_permanent)
2572 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
c2f34808
MS		 2573 else
2574 socket_enter_listening(s);
ceee3d82
LP		 2575 }
2576}
2577
6cf6bbc2
LP		 2578void socket_connection_unref(Socket *s) {
2579 assert(s);
2580
2581 /* The service is dead. Yay!
2582 *
35b8ca3a 2583 * This is strictly for one-instance-per-connection
6cf6bbc2
LP		 2584 * services. */
2585
2586 assert(s->n_connections > 0);
2587 s->n_connections--;
2588
79008bdd 2589 log_unit_debug(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
5632e374
LP		 2590}
2591
d137a488
UTL		 2592static void socket_trigger_notify(Unit *u, Unit *other) {
2593 Socket *s = SOCKET(u);
e821075a 2594 Service *se;
d137a488
UTL		 2595
2596 assert(u);
2597 assert(other);
2598
2599 /* Don't propagate state changes from the service if we are
2600 already down or accepting connections */
2601 if ((s->state != SOCKET_RUNNING &&
2602 s->state != SOCKET_LISTENING) ||
2603 s->accept)
2604 return;
2605
2606 if (other->load_state != UNIT_LOADED ||
2607 other->type != UNIT_SERVICE)
2608 return;
2609
e821075a
LP		 2610 se = SERVICE(other);
2611
d137a488
UTL		 2612 if (se->state == SERVICE_FAILED)
2613 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2614
2615 if (se->state == SERVICE_DEAD ||
d137a488
UTL		 2616 se->state == SERVICE_FINAL_SIGTERM ||
2617 se->state == SERVICE_FINAL_SIGKILL ||
2618 se->state == SERVICE_AUTO_RESTART)
2619 socket_notify_service_dead(s, false);
2620
2621 if (se->state == SERVICE_RUNNING)
2622 socket_set_state(s, SOCKET_RUNNING);
2623}
2624
718db961 2625static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
814cc562 2626 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
8a0867d6
LP		 2627}
2628
68db7a3b
ZJS		 2629static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2630 Socket *s = SOCKET(u);
2631 int r;
2632
2633 if (!s->timer_event_source)
2634 return 0;
2635
2636 r = sd_event_source_get_time(s->timer_event_source, timeout);
2637 if (r < 0)
2638 return r;
2639
2640 return 1;
2641}
2642
a16e1123
LP		 2643static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2644 [SOCKET_DEAD] = "dead",
2645 [SOCKET_START_PRE] = "start-pre",
3900e5fd 2646 [SOCKET_START_CHOWN] = "start-chown",
a16e1123
LP		 2647 [SOCKET_START_POST] = "start-post",
2648 [SOCKET_LISTENING] = "listening",
2649 [SOCKET_RUNNING] = "running",
2650 [SOCKET_STOP_PRE] = "stop-pre",
2651 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2652 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2653 [SOCKET_STOP_POST] = "stop-post",
2654 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2655 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
fdf20a31 2656 [SOCKET_FAILED] = "failed"
a16e1123
LP		 2657};
2658
2659DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2660
2661static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2662 [SOCKET_EXEC_START_PRE] = "StartPre",
3900e5fd 2663 [SOCKET_EXEC_START_CHOWN] = "StartChown",
a16e1123
LP		 2664 [SOCKET_EXEC_START_POST] = "StartPost",
2665 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2666 [SOCKET_EXEC_STOP_POST] = "StopPost"
2667};
2668
2669DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2670
cfc4eb4c
LP		 2671static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2672 [SOCKET_SUCCESS] = "success",
2673 [SOCKET_FAILURE_RESOURCES] = "resources",
2674 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2675 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2676 [SOCKET_FAILURE_SIGNAL] = "signal",
c2f34808 2677 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
6bda96a0 2678 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
cfc4eb4c
LP		 2679};
2680
2681DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2682
87f0e418 2683const UnitVTable socket_vtable = {
7d17cfbc 2684 .object_size = sizeof(Socket),
718db961
LP		 2685 .exec_context_offset = offsetof(Socket, exec_context),
2686 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2687 .kill_context_offset = offsetof(Socket, kill_context),
613b411c 2688 .exec_runtime_offset = offsetof(Socket, exec_runtime),
3ef63c31 2689
f975e971
LP		 2690 .sections =
2691 "Unit\0"
2692 "Socket\0"
2693 "Install\0",
4ad49000 2694 .private_section = "Socket",
71645aca 2695
034c6ed7
LP		 2696 .init = socket_init,
2697 .done = socket_done,
a16e1123
LP		 2698 .load = socket_load,
2699
2700 .coldplug = socket_coldplug,
034c6ed7 2701
5cb5a6ff
LP		 2702 .dump = socket_dump,
2703
542563ba
LP		 2704 .start = socket_start,
2705 .stop = socket_stop,
5cb5a6ff 2706
718db961
LP		 2707 .kill = socket_kill,
2708
68db7a3b
ZJS		 2709 .get_timeout = socket_get_timeout,
2710
a16e1123
LP		 2711 .serialize = socket_serialize,
2712 .deserialize_item = socket_deserialize_item,
01e10de3 2713 .distribute_fds = socket_distribute_fds,
a16e1123 2714
5cb5a6ff 2715 .active_state = socket_active_state,
10a94420 2716 .sub_state_to_string = socket_sub_state_to_string,
5cb5a6ff 2717
6cf6bbc2
LP		 2718 .check_gc = socket_check_gc,
2719
034c6ed7 2720 .sigchld_event = socket_sigchld_event,
4139c1b2 2721
d137a488
UTL		 2722 .trigger_notify = socket_trigger_notify,
2723
fdf20a31 2724 .reset_failed = socket_reset_failed,
5632e374 2725
c4e2ceae 2726 .bus_interface = "org.freedesktop.systemd1.Socket",
718db961 2727 .bus_vtable = bus_socket_vtable,
74c964d3
LP		 2728 .bus_set_property = bus_socket_set_property,
2729 .bus_commit_properties = bus_socket_commit_properties,
c6918296
MS		 2730
2731 .status_message_formats = {
2732 /*.starting_stopping = {
2733 [0] = "Starting socket %s...",
2734 [1] = "Stopping socket %s...",
2735 },*/
2736 .finished_start_job = {
2737 [JOB_DONE] = "Listening on %s.",
2738 [JOB_FAILED] = "Failed to listen on %s.",
2739 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2740 [JOB_TIMEOUT] = "Timed out starting %s.",
2741 },
2742 .finished_stop_job = {
2743 [JOB_DONE] = "Closed %s.",
2744 [JOB_FAILED] = "Failed stopping %s.",
2745 [JOB_TIMEOUT] = "Timed out stopping %s.",
2746 },
2747 },
5cb5a6ff 2748};
Unnamed repository; edit this file 'description' to name the repository.