]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/socket.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
util-lib: move string table stuff into its own string-table.[ch]
[thirdparty/systemd.git] / src / core / socket.c
CommitLineData
d6c9574f 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
5cb5a6ff 2
a7334b09
LP		 3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
a7334b09 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
e8da24a6 22#include <arpa/inet.h>
83c60c9f
LP		 23#include <errno.h>
24#include <fcntl.h>
916abb21 25#include <mqueue.h>
e8da24a6
LP		 26#include <netinet/tcp.h>
27#include <signal.h>
28#include <sys/epoll.h>
29#include <sys/stat.h>
30#include <unistd.h>
83c60c9f 31
718db961 32#include "sd-event.h"
e8da24a6
LP		 33
34#include "bus-error.h"
35#include "bus-util.h"
36#include "copy.h"
37#include "dbus-socket.h"
38#include "def.h"
39#include "exit-status.h"
3ffd4af2 40#include "fd-util.h"
e8da24a6
LP		 41#include "formats-util.h"
42#include "label.h"
83c60c9f 43#include "log.h"
e8da24a6 44#include "missing.h"
49e942b2 45#include "mkdir.h"
6bedfcbb 46#include "parse-util.h"
9eb977db 47#include "path-util.h"
d7b8eec7 48#include "selinux-util.h"
24882e06 49#include "signal-util.h"
e8da24a6 50#include "smack-util.h"
24882e06 51#include "socket.h"
e8da24a6 52#include "special.h"
8b43440b 53#include "string-table.h"
07630cea 54#include "string-util.h"
e8da24a6
LP		 55#include "strv.h"
56#include "unit-name.h"
57#include "unit-printf.h"
58#include "unit.h"
b1d4f8e1 59#include "user-util.h"
83c60c9f 60
acbb0225 61static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
87f0e418
LP		 62 [SOCKET_DEAD] = UNIT_INACTIVE,
63 [SOCKET_START_PRE] = UNIT_ACTIVATING,
3900e5fd 64 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
87f0e418
LP		 65 [SOCKET_START_POST] = UNIT_ACTIVATING,
66 [SOCKET_LISTENING] = UNIT_ACTIVE,
67 [SOCKET_RUNNING] = UNIT_ACTIVE,
68 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
69 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
70 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
71 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
80876c20
LP		 72 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
73 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
fdf20a31 74 [SOCKET_FAILED] = UNIT_FAILED
83c60c9f 75};
5cb5a6ff 76
718db961
LP		 77static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
78static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
79
a16e1123
LP		 80static void socket_init(Unit *u) {
81 Socket *s = SOCKET(u);
82
83 assert(u);
ac155bb8 84 assert(u->load_state == UNIT_STUB);
a16e1123 85
a16e1123 86 s->backlog = SOMAXCONN;
1f19a534 87 s->timeout_usec = u->manager->default_timeout_start_usec;
a16e1123 88 s->directory_mode = 0755;
9131f660 89 s->socket_mode = 0666;
a16e1123 90
6cf6bbc2
LP		 91 s->max_connections = 64;
92
4fd5948e 93 s->priority = -1;
4fd5948e
LP		 94 s->ip_tos = -1;
95 s->ip_ttl = -1;
4fd5948e 96 s->mark = -1;
4fd5948e 97
ac155bb8
MS		 98 s->exec_context.std_output = u->manager->default_std_output;
99 s->exec_context.std_error = u->manager->default_std_error;
085afe36 100
a16e1123
LP		 101 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
102}
acbb0225 103
5e94833f
LP		 104static void socket_unwatch_control_pid(Socket *s) {
105 assert(s);
106
107 if (s->control_pid <= 0)
108 return;
109
110 unit_unwatch_pid(UNIT(s), s->control_pid);
111 s->control_pid = 0;
112}
113
15087cdb 114static void socket_cleanup_fd_list(SocketPort *p) {
3ffd4af2 115 assert(p);
15087cdb 116
3ffd4af2 117 close_many(p->auxiliary_fds, p->n_auxiliary_fds);
15087cdb
PS		 118 p->auxiliary_fds = mfree(p->auxiliary_fds);
119 p->n_auxiliary_fds = 0;
120}
121
74051b9b 122void socket_free_ports(Socket *s) {
034c6ed7
LP		 123 SocketPort *p;
124
125 assert(s);
126
127 while ((p = s->ports)) {
71fda00f 128 LIST_REMOVE(port, s->ports, p);
034c6ed7 129
718db961
LP		 130 sd_event_source_unref(p->event_source);
131
15087cdb 132 socket_cleanup_fd_list(p);
03e334a1 133 safe_close(p->fd);
034c6ed7
LP		 134 free(p->path);
135 free(p);
136 }
74051b9b
LP		 137}
138
139static void socket_done(Unit *u) {
140 Socket *s = SOCKET(u);
141
142 assert(s);
143
144 socket_free_ports(s);
034c6ed7 145
613b411c 146 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
e537352b 147 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
034c6ed7
LP		 148 s->control_command = NULL;
149
5e94833f 150 socket_unwatch_control_pid(s);
034c6ed7 151
57020a3a 152 unit_ref_unset(&s->service);
034c6ed7 153
a1e58e8e
LP		 154 s->tcp_congestion = mfree(s->tcp_congestion);
155 s->bind_to_device = mfree(s->bind_to_device);
acbb0225 156
0eb59ccf
AK		 157 free(s->smack);
158 free(s->smack_ip_in);
159 free(s->smack_ip_out);
160
811ba7a0
LP		 161 strv_free(s->symlinks);
162
3900e5fd
LP		 163 free(s->user);
164 free(s->group);
165
718db961
LP		 166 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
167}
168
169static int socket_arm_timer(Socket *s) {
170 int r;
171
172 assert(s);
173
174 if (s->timeout_usec <= 0) {
175 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
176 return 0;
177 }
178
179 if (s->timer_event_source) {
180 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
181 if (r < 0)
182 return r;
183
184 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
185 }
186
7dfbe2e3 187 r = sd_event_add_time(
6a0f1f6d
LP		 188 UNIT(s)->manager->event,
189 &s->timer_event_source,
190 CLOCK_MONOTONIC,
191 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
192 socket_dispatch_timer, s);
7dfbe2e3
TG		 193 if (r < 0)
194 return r;
195
196 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
197
198 return 0;
5cb5a6ff
LP		 199}
200
8b835fcc
ZJS		 201int socket_instantiate_service(Socket *s) {
202 _cleanup_free_ char *prefix = NULL, *name = NULL;
b15bdda8
LP		 203 int r;
204 Unit *u;
205
206 assert(s);
207
208 /* This fills in s->service if it isn't filled in yet. For
209 * Accept=yes sockets we create the next connection service
210 * here. For Accept=no this is mostly a NOP since the service
211 * is figured out at load time anyway. */
212
7410616c 213 if (UNIT_DEREF(s->service))
b15bdda8
LP		 214 return 0;
215
7410616c
LP		 216 if (!s->accept)
217 return 0;
218
219 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
220 if (r < 0)
221 return r;
b15bdda8 222
315db1a8 223 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
b15bdda8
LP		 224 return -ENOMEM;
225
1124fe6f 226 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
b15bdda8
LP		 227 if (r < 0)
228 return r;
229
ac155bb8 230 u->no_gc = true;
57020a3a
LP		 231 unit_ref_set(&s->service, u);
232
233 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
b15bdda8
LP		 234}
235
4f2d528d
LP		 236static bool have_non_accept_socket(Socket *s) {
237 SocketPort *p;
238
239 assert(s);
240
241 if (!s->accept)
242 return true;
243
dd5ad9d4
LP		 244 LIST_FOREACH(port, p, s->ports) {
245
246 if (p->type != SOCKET_SOCKET)
247 return true;
248
4f2d528d
LP		 249 if (!socket_address_can_accept(&p->address))
250 return true;
dd5ad9d4 251 }
4f2d528d
LP		 252
253 return false;
254}
255
a57f7e2c 256static int socket_add_mount_links(Socket *s) {
6e2ef85b 257 SocketPort *p;
6e2ef85b
LP		 258 int r;
259
260 assert(s);
6e2ef85b 261
a57f7e2c
LP		 262 LIST_FOREACH(port, p, s->ports) {
263 const char *path = NULL;
6e2ef85b 264
a57f7e2c
LP		 265 if (p->type == SOCKET_SOCKET)
266 path = socket_address_get_path(&p->address);
60252446 267 else if (IN_SET(p->type, SOCKET_FIFO, SOCKET_SPECIAL, SOCKET_USB_FUNCTION))
a57f7e2c 268 path = p->path;
6e2ef85b 269
a57f7e2c
LP		 270 if (!path)
271 continue;
6e2ef85b 272
a57f7e2c 273 r = unit_require_mounts_for(UNIT(s), path);
b87705cd 274 if (r < 0)
6e2ef85b 275 return r;
b87705cd 276 }
6e2ef85b
LP		 277
278 return 0;
279}
280
281static int socket_add_device_link(Socket *s) {
282 char *t;
6e2ef85b
LP		 283
284 assert(s);
285
7d0c710d 286 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
6e2ef85b
LP		 287 return 0;
288
63c372cb 289 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
e821075a 290 return unit_add_node_link(UNIT(s), t, false);
6e2ef85b
LP		 291}
292
a40eb732
LP		 293static int socket_add_default_dependencies(Socket *s) {
294 int r;
295 assert(s);
296
e3d84721
LP		 297 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
298 if (r < 0)
299 return r;
2a77d31d 300
b2c23da8 301 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
e3d84721
LP		 302 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
303 if (r < 0)
a40eb732 304 return r;
2a77d31d 305 }
a40eb732 306
ead8e478 307 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
a40eb732
LP		 308}
309
44a6b1b6 310_pure_ static bool socket_has_exec(Socket *s) {
4cfc6dbe
LP		 311 unsigned i;
312 assert(s);
313
314 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
315 if (s->exec_command[i])
316 return true;
317
318 return false;
319}
320
e821075a
LP		 321static int socket_add_extras(Socket *s) {
322 Unit *u = UNIT(s);
e537352b 323 int r;
44d8db9e 324
e821075a 325 assert(s);
57020a3a 326
e821075a 327 if (have_non_accept_socket(s)) {
23a177ef 328
e821075a
LP		 329 if (!UNIT_DEREF(s->service)) {
330 Unit *x;
57020a3a 331
e821075a 332 r = unit_load_related_unit(u, ".service", &x);
57020a3a 333 if (r < 0)
4f2d528d 334 return r;
e821075a
LP		 335
336 unit_ref_set(&s->service, x);
4f2d528d 337 }
44d8db9e 338
e821075a
LP		 339 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
340 if (r < 0)
6e2ef85b 341 return r;
e821075a 342 }
6e2ef85b 343
e821075a
LP		 344 r = socket_add_mount_links(s);
345 if (r < 0)
346 return r;
6e2ef85b 347
e821075a
LP		 348 r = socket_add_device_link(s);
349 if (r < 0)
350 return r;
351
598459ce 352 r = unit_patch_contexts(u);
e821075a
LP		 353 if (r < 0)
354 return r;
355
356 if (socket_has_exec(s)) {
357 r = unit_add_exec_dependencies(u, &s->exec_context);
358 if (r < 0)
359 return r;
23a177ef 360
d79200e2 361 r = unit_set_default_slice(u);
a016b922
LP		 362 if (r < 0)
363 return r;
e821075a 364 }
a016b922 365
e821075a
LP		 366 if (u->default_dependencies) {
367 r = socket_add_default_dependencies(s);
368 if (r < 0)
369 return r;
370 }
371
372 return 0;
373}
374
811ba7a0
LP		 375static const char *socket_find_symlink_target(Socket *s) {
376 const char *found = NULL;
377 SocketPort *p;
378
379 LIST_FOREACH(port, p, s->ports) {
380 const char *f = NULL;
381
382 switch (p->type) {
383
384 case SOCKET_FIFO:
385 f = p->path;
386 break;
387
388 case SOCKET_SOCKET:
389 if (p->address.sockaddr.un.sun_path[0] != 0)
390 f = p->address.sockaddr.un.sun_path;
391 break;
392
393 default:
394 break;
395 }
396
397 if (f) {
398 if (found)
399 return NULL;
400
401 found = f;
402 }
403 }
404
405 return found;
406}
407
e821075a
LP		 408static int socket_verify(Socket *s) {
409 assert(s);
410
411 if (UNIT(s)->load_state != UNIT_LOADED)
412 return 0;
413
414 if (!s->ports) {
f2341e0a 415 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
e821075a
LP		 416 return -EINVAL;
417 }
418
419 if (s->accept && have_non_accept_socket(s)) {
f2341e0a 420 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
e821075a
LP		 421 return -EINVAL;
422 }
423
424 if (s->accept && s->max_connections <= 0) {
f2341e0a 425 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
e821075a
LP		 426 return -EINVAL;
427 }
e06c73cc 428
e821075a 429 if (s->accept && UNIT_DEREF(s->service)) {
f2341e0a 430 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
e821075a
LP		 431 return -EINVAL;
432 }
433
434 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
f2341e0a 435 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
e821075a
LP		 436 return -EINVAL;
437 }
438
811ba7a0 439 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
f2341e0a 440 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
811ba7a0
LP		 441 return -EINVAL;
442 }
443
e821075a
LP		 444 return 0;
445}
446
447static int socket_load(Unit *u) {
448 Socket *s = SOCKET(u);
449 int r;
450
451 assert(u);
452 assert(u->load_state == UNIT_STUB);
453
454 r = unit_load_fragment_and_dropin(u);
455 if (r < 0)
456 return r;
457
458 if (u->load_state == UNIT_LOADED) {
459 /* This is a new unit? Then let's add in some extras */
460 r = socket_add_extras(s);
e06c73cc
LP		 461 if (r < 0)
462 return r;
23a177ef
LP		 463 }
464
4f2d528d 465 return socket_verify(s);
44d8db9e
LP		 466}
467
44a6b1b6 468_const_ static const char* listen_lookup(int family, int type) {
7a22745a
LP		 469
470 if (family == AF_NETLINK)
471 return "ListenNetlink";
542563ba
LP		 472
473 if (type == SOCK_STREAM)
474 return "ListenStream";
475 else if (type == SOCK_DGRAM)
476 return "ListenDatagram";
477 else if (type == SOCK_SEQPACKET)
478 return "ListenSequentialPacket";
479
034c6ed7 480 assert_not_reached("Unknown socket type");
542563ba
LP		 481 return NULL;
482}
483
87f0e418 484static void socket_dump(Unit *u, FILE *f, const char *prefix) {
209e9dcd 485 char time_string[FORMAT_TIMESPAN_MAX];
5cb5a6ff 486 SocketExecCommand c;
87f0e418 487 Socket *s = SOCKET(u);
542563ba 488 SocketPort *p;
82ba9f08 489 const char *prefix2;
5cb5a6ff
LP		 490
491 assert(s);
fa068367 492 assert(f);
5cb5a6ff 493
4c940960 494 prefix = strempty(prefix);
63c372cb 495 prefix2 = strjoina(prefix, "\t");
c43d20a0 496
5cb5a6ff
LP		 497 fprintf(f,
498 "%sSocket State: %s\n"
81a5c6d0 499 "%sResult: %s\n"
542563ba 500 "%sBindIPv6Only: %s\n"
b5a0699f
LP		 501 "%sBacklog: %u\n"
502 "%sSocketMode: %04o\n"
4fd5948e
LP		 503 "%sDirectoryMode: %04o\n"
504 "%sKeepAlive: %s\n"
4427c3f4 505 "%sNoDelay: %s\n"
cebf8b20 506 "%sFreeBind: %s\n"
6b6d2dee 507 "%sTransparent: %s\n"
ec6370a2 508 "%sBroadcast: %s\n"
ede3deb4 509 "%sPassCredentials: %s\n"
54ecda32 510 "%sPassSecurity: %s\n"
bd1fe7c7 511 "%sTCPCongestion: %s\n"
16115b0a 512 "%sRemoveOnStop: %s\n"
55301ec0 513 "%sWritable: %s\n"
8dd4c05b 514 "%sFDName: %s\n"
16115b0a 515 "%sSELinuxContextFromNet: %s\n",
a16e1123 516 prefix, socket_state_to_string(s->state),
81a5c6d0 517 prefix, socket_result_to_string(s->result),
c0120d99 518 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
b5a0699f
LP		 519 prefix, s->backlog,
520 prefix, s->socket_mode,
4fd5948e
LP		 521 prefix, s->directory_mode,
522 prefix, yes_no(s->keep_alive),
4427c3f4 523 prefix, yes_no(s->no_delay),
cebf8b20 524 prefix, yes_no(s->free_bind),
6b6d2dee 525 prefix, yes_no(s->transparent),
ec6370a2 526 prefix, yes_no(s->broadcast),
d68af586 527 prefix, yes_no(s->pass_cred),
54ecda32 528 prefix, yes_no(s->pass_sec),
bd1fe7c7 529 prefix, strna(s->tcp_congestion),
16115b0a 530 prefix, yes_no(s->remove_on_stop),
55301ec0 531 prefix, yes_no(s->writable),
8dd4c05b 532 prefix, socket_fdname(s),
16115b0a 533 prefix, yes_no(s->selinux_context_from_net));
542563ba 534
70123e68
LP		 535 if (s->control_pid > 0)
536 fprintf(f,
de0671ee
ZJS		 537 "%sControl PID: "PID_FMT"\n",
538 prefix, s->control_pid);
70123e68 539
acbb0225
LP		 540 if (s->bind_to_device)
541 fprintf(f,
542 "%sBindToDevice: %s\n",
543 prefix, s->bind_to_device);
544
4f2d528d
LP		 545 if (s->accept)
546 fprintf(f,
6cf6bbc2
LP		 547 "%sAccepted: %u\n"
548 "%sNConnections: %u\n"
549 "%sMaxConnections: %u\n",
550 prefix, s->n_accepted,
551 prefix, s->n_connections,
552 prefix, s->max_connections);
4f2d528d 553
4fd5948e
LP		 554 if (s->priority >= 0)
555 fprintf(f,
556 "%sPriority: %i\n",
557 prefix, s->priority);
558
559 if (s->receive_buffer > 0)
560 fprintf(f,
561 "%sReceiveBuffer: %zu\n",
562 prefix, s->receive_buffer);
563
564 if (s->send_buffer > 0)
565 fprintf(f,
566 "%sSendBuffer: %zu\n",
567 prefix, s->send_buffer);
568
569 if (s->ip_tos >= 0)
570 fprintf(f,
571 "%sIPTOS: %i\n",
572 prefix, s->ip_tos);
573
574 if (s->ip_ttl >= 0)
575 fprintf(f,
576 "%sIPTTL: %i\n",
577 prefix, s->ip_ttl);
578
579 if (s->pipe_size > 0)
580 fprintf(f,
581 "%sPipeSize: %zu\n",
582 prefix, s->pipe_size);
583
584 if (s->mark >= 0)
585 fprintf(f,
586 "%sMark: %i\n",
587 prefix, s->mark);
588
916abb21
LP		 589 if (s->mq_maxmsg > 0)
590 fprintf(f,
591 "%sMessageQueueMaxMessages: %li\n",
592 prefix, s->mq_maxmsg);
593
594 if (s->mq_msgsize > 0)
595 fprintf(f,
596 "%sMessageQueueMessageSize: %li\n",
597 prefix, s->mq_msgsize);
598
718db961 599 if (s->reuse_port)
f7db7a69
SL		 600 fprintf(f,
601 "%sReusePort: %s\n",
718db961 602 prefix, yes_no(s->reuse_port));
f7db7a69 603
0eb59ccf
AK		 604 if (s->smack)
605 fprintf(f,
606 "%sSmackLabel: %s\n",
607 prefix, s->smack);
608
609 if (s->smack_ip_in)
610 fprintf(f,
611 "%sSmackLabelIPIn: %s\n",
612 prefix, s->smack_ip_in);
613
614 if (s->smack_ip_out)
615 fprintf(f,
616 "%sSmackLabelIPOut: %s\n",
617 prefix, s->smack_ip_out);
618
3900e5fd
LP		 619 if (!isempty(s->user) || !isempty(s->group))
620 fprintf(f,
621 "%sOwnerUser: %s\n"
622 "%sOwnerGroup: %s\n",
623 prefix, strna(s->user),
624 prefix, strna(s->group));
625
3cd761e4 626 if (s->keep_alive_time > 0)
209e9dcd 627 fprintf(f,
3cd761e4
LP		 628 "%sKeepAliveTimeSec: %s\n",
629 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
209e9dcd 630
3cd761e4 631 if (s->keep_alive_interval)
209e9dcd 632 fprintf(f,
3cd761e4
LP		 633 "%sKeepAliveIntervalSec: %s\n",
634 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
209e9dcd 635
3cd761e4 636 if (s->keep_alive_cnt)
209e9dcd
SS		 637 fprintf(f,
638 "%sKeepAliveProbes: %u\n",
639 prefix, s->keep_alive_cnt);
640
3cd761e4 641 if (s->defer_accept)
cc567c9b 642 fprintf(f,
3cd761e4
LP		 643 "%sDeferAcceptSec: %s\n",
644 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
cc567c9b 645
034c6ed7 646 LIST_FOREACH(port, p, s->ports) {
5cb5a6ff 647
542563ba
LP		 648 if (p->type == SOCKET_SOCKET) {
649 const char *t;
650 int r;
e364ad06 651 char *k = NULL;
542563ba 652
e53fc357
LP		 653 r = socket_address_print(&p->address, &k);
654 if (r < 0)
542563ba
LP		 655 t = strerror(-r);
656 else
657 t = k;
658
7a22745a 659 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
542563ba 660 free(k);
b0a3f2bc
LP		 661 } else if (p->type == SOCKET_SPECIAL)
662 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
60252446
PS		 663 else if (p->type == SOCKET_USB_FUNCTION)
664 fprintf(f, "%sListenUSBFunction: %s\n", prefix, p->path);
916abb21
LP		 665 else if (p->type == SOCKET_MQUEUE)
666 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
b0a3f2bc 667 else
542563ba
LP		 668 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
669 }
5cb5a6ff
LP		 670
671 exec_context_dump(&s->exec_context, f, prefix);
4819ff03 672 kill_context_dump(&s->kill_context, f, prefix);
5cb5a6ff 673
e537352b 674 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
c43d20a0
LP		 675 if (!s->exec_command[c])
676 continue;
5cb5a6ff 677
40d50879 678 fprintf(f, "%s-> %s:\n",
a16e1123 679 prefix, socket_exec_command_to_string(c));
c43d20a0
LP		 680
681 exec_command_dump_list(s->exec_command[c], f, prefix2);
5cb5a6ff
LP		 682 }
683}
684
4f2d528d
LP		 685static int instance_from_socket(int fd, unsigned nr, char **instance) {
686 socklen_t l;
687 char *r;
9d16d0c7 688 union sockaddr_union local, remote;
4f2d528d
LP		 689
690 assert(fd >= 0);
691 assert(instance);
692
693 l = sizeof(local);
694 if (getsockname(fd, &local.sa, &l) < 0)
695 return -errno;
696
697 l = sizeof(remote);
698 if (getpeername(fd, &remote.sa, &l) < 0)
699 return -errno;
700
701 switch (local.sa.sa_family) {
702
703 case AF_INET: {
704 uint32_t
705 a = ntohl(local.in.sin_addr.s_addr),
706 b = ntohl(remote.in.sin_addr.s_addr);
707
708 if (asprintf(&r,
77b088c2
LP		 709 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
710 nr,
4f2d528d
LP		 711 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
712 ntohs(local.in.sin_port),
713 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
714 ntohs(remote.in.sin_port)) < 0)
715 return -ENOMEM;
716
717 break;
718 }
719
720 case AF_INET6: {
c65a0b14 721 static const unsigned char ipv4_prefix[] = {
2b061f5a
LP		 722 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
723 };
724
725 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
726 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
727 const uint8_t
728 *a = local.in6.sin6_addr.s6_addr+12,
729 *b = remote.in6.sin6_addr.s6_addr+12;
730
731 if (asprintf(&r,
77b088c2
LP		 732 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
733 nr,
2b061f5a
LP		 734 a[0], a[1], a[2], a[3],
735 ntohs(local.in6.sin6_port),
736 b[0], b[1], b[2], b[3],
737 ntohs(remote.in6.sin6_port)) < 0)
738 return -ENOMEM;
739 } else {
740 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
741
742 if (asprintf(&r,
77b088c2
LP		 743 "%u-%s:%u-%s:%u",
744 nr,
2b061f5a
LP		 745 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
746 ntohs(local.in6.sin6_port),
747 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
748 ntohs(remote.in6.sin6_port)) < 0)
749 return -ENOMEM;
750 }
4f2d528d
LP		 751
752 break;
753 }
754
755 case AF_UNIX: {
756 struct ucred ucred;
eff05270 757 int k;
4f2d528d 758
eff05270 759 k = getpeercred(fd, &ucred);
d38f6e34
ZJS		 760 if (k >= 0) {
761 if (asprintf(&r,
762 "%u-"PID_FMT"-"UID_FMT,
763 nr, ucred.pid, ucred.uid) < 0)
764 return -ENOMEM;
765 } else if (k == -ENODATA) {
766 /* This handles the case where somebody is
767 * connecting from another pid/uid namespace
768 * (e.g. from outside of our container). */
769 if (asprintf(&r,
770 "%u-unknown",
771 nr) < 0)
772 return -ENOMEM;
773 } else
eff05270 774 return k;
2f20a8eb 775
2f20a8eb 776 break;
4f2d528d
LP		 777 }
778
779 default:
780 assert_not_reached("Unhandled socket type.");
781 }
782
783 *instance = r;
784 return 0;
785}
786
034c6ed7 787static void socket_close_fds(Socket *s) {
83c60c9f 788 SocketPort *p;
811ba7a0 789 char **i;
83c60c9f
LP		 790
791 assert(s);
792
034c6ed7 793 LIST_FOREACH(port, p, s->ports) {
718db961
LP		 794
795 p->event_source = sd_event_source_unref(p->event_source);
796
83c60c9f
LP		 797 if (p->fd < 0)
798 continue;
799
03e334a1 800 p->fd = safe_close(p->fd);
15087cdb 801 socket_cleanup_fd_list(p);
a16e1123 802
bd1fe7c7
LP		 803 /* One little note: we should normally not delete any
804 * sockets in the file system here! After all some
805 * other process we spawned might still have a
806 * reference of this fd and wants to continue to use
807 * it. Therefore we delete sockets in the file system
808 * before we create a new one, not after we stopped
809 * using one! */
810
811 if (s->remove_on_stop) {
812 switch (p->type) {
813
814 case SOCKET_FIFO:
815 unlink(p->path);
816 break;
817
818 case SOCKET_MQUEUE:
819 mq_unlink(p->path);
820 break;
821
822 case SOCKET_SOCKET:
823 socket_address_unlink(&p->address);
824 break;
825
826 default:
827 break;
828 }
829 }
83c60c9f 830 }
811ba7a0
LP		 831
832 if (s->remove_on_stop)
833 STRV_FOREACH(i, s->symlinks)
834 unlink(*i);
83c60c9f
LP		 835}
836
4fd5948e 837static void socket_apply_socket_options(Socket *s, int fd) {
d53e386d
LP		 838 int r;
839
4fd5948e
LP		 840 assert(s);
841 assert(fd >= 0);
842
843 if (s->keep_alive) {
844 int b = s->keep_alive;
845 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
f2341e0a 846 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
4fd5948e
LP		 847 }
848
209e9dcd
SS		 849 if (s->keep_alive_time) {
850 int value = s->keep_alive_time / USEC_PER_SEC;
851 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
f2341e0a 852 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
209e9dcd
SS		 853 }
854
855 if (s->keep_alive_interval) {
920b52e4 856 int value = s->keep_alive_interval / USEC_PER_SEC;
209e9dcd 857 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
f2341e0a 858 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
209e9dcd
SS		 859 }
860
861 if (s->keep_alive_cnt) {
862 int value = s->keep_alive_cnt;
172cfe87 863 if (setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &value, sizeof(value)) < 0)
f2341e0a 864 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
209e9dcd
SS		 865 }
866
cc567c9b
SS		 867 if (s->defer_accept) {
868 int value = s->defer_accept / USEC_PER_SEC;
869 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
f2341e0a 870 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
cc567c9b
SS		 871 }
872
4427c3f4
SS		 873 if (s->no_delay) {
874 int b = s->no_delay;
875 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
f2341e0a 876 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
4427c3f4
SS		 877 }
878
ec6370a2
LP		 879 if (s->broadcast) {
880 int one = 1;
881 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
f2341e0a 882 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
ec6370a2
LP		 883 }
884
d68af586
MS		 885 if (s->pass_cred) {
886 int one = 1;
887 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
f2341e0a 888 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
d68af586
MS		 889 }
890
54ecda32
LP		 891 if (s->pass_sec) {
892 int one = 1;
893 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
f2341e0a 894 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
54ecda32
LP		 895 }
896
4fd5948e
LP		 897 if (s->priority >= 0)
898 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
f2341e0a 899 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
4fd5948e
LP		 900
901 if (s->receive_buffer > 0) {
902 int value = (int) s->receive_buffer;
7d9eaa84
LP		 903
904 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
905
b8cef44e 906 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 907 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
f2341e0a 908 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
4fd5948e
LP		 909 }
910
911 if (s->send_buffer > 0) {
912 int value = (int) s->send_buffer;
b8cef44e 913 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 914 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
f2341e0a 915 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
4fd5948e
LP		 916 }
917
918 if (s->mark >= 0)
919 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
f2341e0a 920 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
4fd5948e
LP		 921
922 if (s->ip_tos >= 0)
923 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
f2341e0a 924 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
4fd5948e 925
46925ac5 926 if (s->ip_ttl >= 0) {
d53e386d 927 int x;
46925ac5
LP		 928
929 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
5bfcc1c6
FF		 930
931 if (socket_ipv6_is_supported())
932 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
933 else {
934 x = -1;
935 errno = EAFNOSUPPORT;
936 }
46925ac5
LP		 937
938 if (r < 0 && x < 0)
f2341e0a 939 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
46925ac5 940 }
cebf8b20
TT		 941
942 if (s->tcp_congestion)
943 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
f2341e0a 944 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
0eb59ccf 945
d53e386d 946 if (s->smack_ip_in) {
5ab58c20 947 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
d53e386d 948 if (r < 0)
f2341e0a 949 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
d53e386d 950 }
9a4e038c 951
d53e386d 952 if (s->smack_ip_out) {
5ab58c20 953 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
d53e386d 954 if (r < 0)
f2341e0a 955 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
d53e386d 956 }
4fd5948e
LP		 957}
958
b15bdda8 959static void socket_apply_fifo_options(Socket *s, int fd) {
d53e386d
LP		 960 int r;
961
4fd5948e
LP		 962 assert(s);
963 assert(fd >= 0);
964
965 if (s->pipe_size > 0)
966 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
ed460b07 967 log_unit_warning_errno(UNIT(s), errno, "Setting pipe size failed, ignoring: %m");
0eb59ccf 968
d53e386d 969 if (s->smack) {
5ab58c20 970 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
d53e386d 971 if (r < 0)
ed460b07 972 log_unit_error_errno(UNIT(s), r, "SMACK relabelling failed, ignoring: %m");
d53e386d 973 }
4fd5948e
LP		 974}
975
b15bdda8
LP		 976static int fifo_address_create(
977 const char *path,
978 mode_t directory_mode,
e8da24a6 979 mode_t socket_mode) {
b15bdda8 980
e8da24a6 981 _cleanup_close_ int fd = -1;
b15bdda8 982 mode_t old_mask;
e8da24a6
LP		 983 struct stat st;
984 int r;
b15bdda8
LP		 985
986 assert(path);
b15bdda8 987
d2e54fae 988 mkdir_parents_label(path, directory_mode);
b15bdda8 989
ecabcf8b 990 r = mac_selinux_create_file_prepare(path, S_IFIFO);
e9a5ef7c 991 if (r < 0)
e8da24a6 992 return r;
b15bdda8
LP		 993
994 /* Enforce the right access mode for the fifo */
995 old_mask = umask(~ socket_mode);
996
997 /* Include the original umask in our mask */
e8da24a6 998 (void) umask(~socket_mode | old_mask);
b15bdda8
LP		 999
1000 r = mkfifo(path, socket_mode);
e8da24a6 1001 (void) umask(old_mask);
b15bdda8 1002
94bc2731 1003 if (r < 0 && errno != EEXIST) {
b15bdda8
LP		 1004 r = -errno;
1005 goto fail;
1006 }
1007
e8da24a6 1008 fd = open(path, O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
3cc2aff1 1009 if (fd < 0) {
b15bdda8
LP		 1010 r = -errno;
1011 goto fail;
1012 }
1013
ecabcf8b 1014 mac_selinux_create_file_clear();
7a58bfa4 1015
b15bdda8
LP		 1016 if (fstat(fd, &st) < 0) {
1017 r = -errno;
1018 goto fail;
1019 }
1020
1021 if (!S_ISFIFO(st.st_mode) ||
de0200fc 1022 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
e4f44e73
DR		 1023 st.st_uid != getuid() ||
1024 st.st_gid != getgid()) {
b15bdda8
LP		 1025 r = -EEXIST;
1026 goto fail;
1027 }
1028
e8da24a6
LP		 1029 r = fd;
1030 fd = -1;
1031
1032 return r;
b15bdda8
LP		 1033
1034fail:
ecabcf8b 1035 mac_selinux_create_file_clear();
b15bdda8
LP		 1036 return r;
1037}
1038
55301ec0 1039static int special_address_create(const char *path, bool writable) {
e8da24a6 1040 _cleanup_close_ int fd = -1;
b0a3f2bc 1041 struct stat st;
e8da24a6 1042 int r;
b0a3f2bc
LP		 1043
1044 assert(path);
b0a3f2bc 1045
55301ec0 1046 fd = open(path, (writable ? O_RDWR : O_RDONLY)|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
e8da24a6
LP		 1047 if (fd < 0)
1048 return -errno;
b0a3f2bc 1049
e8da24a6
LP		 1050 if (fstat(fd, &st) < 0)
1051 return -errno;
b0a3f2bc
LP		 1052
1053 /* Check whether this is a /proc, /sys or /dev file or char device */
e8da24a6
LP		 1054 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode))
1055 return -EEXIST;
b0a3f2bc 1056
e8da24a6
LP		 1057 r = fd;
1058 fd = -1;
b0a3f2bc
LP		 1059
1060 return r;
1061}
1062
36078102 1063static int usbffs_address_create(const char *path) {
60252446
PS		 1064 _cleanup_close_ int fd = -1;
1065 struct stat st;
e8da24a6 1066 int r;
60252446
PS		 1067
1068 assert(path);
60252446
PS		 1069
1070 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1071 if (fd < 0)
1072 return -errno;
1073
1074 if (fstat(fd, &st) < 0)
1075 return -errno;
1076
1077 /* Check whether this is a regular file (ffs endpoint)*/
1078 if (!S_ISREG(st.st_mode))
1079 return -EEXIST;
1080
e8da24a6 1081 r = fd;
60252446
PS		 1082 fd = -1;
1083
e8da24a6 1084 return r;
60252446
PS		 1085}
1086
916abb21
LP		 1087static int mq_address_create(
1088 const char *path,
1089 mode_t mq_mode,
1090 long maxmsg,
e8da24a6 1091 long msgsize) {
916abb21 1092
e8da24a6 1093 _cleanup_close_ int fd = -1;
916abb21
LP		 1094 struct stat st;
1095 mode_t old_mask;
1096 struct mq_attr _attr, *attr = NULL;
e8da24a6 1097 int r;
916abb21
LP		 1098
1099 assert(path);
916abb21
LP		 1100
1101 if (maxmsg > 0 && msgsize > 0) {
e8da24a6
LP		 1102 _attr = (struct mq_attr) {
1103 .mq_flags = O_NONBLOCK,
1104 .mq_maxmsg = maxmsg,
1105 .mq_msgsize = msgsize,
1106 };
916abb21
LP		 1107 attr = &_attr;
1108 }
1109
1110 /* Enforce the right access mode for the mq */
1111 old_mask = umask(~ mq_mode);
1112
1113 /* Include the original umask in our mask */
e8da24a6 1114 (void) umask(~mq_mode | old_mask);
916abb21 1115 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
e8da24a6 1116 (void) umask(old_mask);
916abb21 1117
e8da24a6
LP		 1118 if (fd < 0)
1119 return -errno;
916abb21 1120
e8da24a6
LP		 1121 if (fstat(fd, &st) < 0)
1122 return -errno;
916abb21
LP		 1123
1124 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1125 st.st_uid != getuid() ||
e8da24a6
LP		 1126 st.st_gid != getgid())
1127 return -EEXIST;
916abb21 1128
e8da24a6
LP		 1129 r = fd;
1130 fd = -1;
916abb21 1131
916abb21
LP		 1132 return r;
1133}
1134
811ba7a0
LP		 1135static int socket_symlink(Socket *s) {
1136 const char *p;
1137 char **i;
1138
1139 assert(s);
1140
1141 p = socket_find_symlink_target(s);
1142 if (!p)
1143 return 0;
1144
1145 STRV_FOREACH(i, s->symlinks)
43b133b4 1146 symlink_label(p, *i);
811ba7a0
LP		 1147
1148 return 0;
1149}
1150
36078102 1151static int usbffs_write_descs(int fd, Service *s) {
6b7e5923
PS		 1152 int r;
1153
1154 if (!s->usb_function_descriptors || !s->usb_function_strings)
1155 return -EINVAL;
1156
1157 r = copy_file_fd(s->usb_function_descriptors, fd, false);
1158 if (r < 0)
e8da24a6 1159 return r;
6b7e5923 1160
e8da24a6 1161 return copy_file_fd(s->usb_function_strings, fd, false);
6b7e5923
PS		 1162}
1163
36078102 1164static int usbffs_select_ep(const struct dirent *d) {
60252446
PS		 1165 return d->d_name[0] != '.' && !streq(d->d_name, "ep0");
1166}
1167
36078102 1168static int usbffs_dispatch_eps(SocketPort *p) {
60252446 1169 _cleanup_free_ struct dirent **ent = NULL;
60252446 1170 _cleanup_free_ char *path = NULL;
36078102 1171 int r, i, n, k;
60252446 1172
5f311f8c
LP		 1173 path = dirname_malloc(p->path);
1174 if (!path)
1175 return -ENOMEM;
60252446 1176
36078102 1177 r = scandir(path, &ent, usbffs_select_ep, alphasort);
60252446
PS		 1178 if (r < 0)
1179 return -errno;
1180
1181 n = r;
1182 p->auxiliary_fds = new(int, n);
1183 if (!p->auxiliary_fds)
1184 return -ENOMEM;
1185
1186 p->n_auxiliary_fds = n;
1187
1188 k = 0;
1189 for (i = 0; i < n; ++i) {
1190 _cleanup_free_ char *ep = NULL;
1191
1192 ep = path_make_absolute(ent[i]->d_name, path);
1193 if (!ep)
1194 return -ENOMEM;
1195
1196 path_kill_slashes(ep);
1197
36078102 1198 r = usbffs_address_create(ep);
60252446
PS		 1199 if (r < 0)
1200 goto fail;
1201
e8da24a6
LP		 1202 p->auxiliary_fds[k] = r;
1203
60252446
PS		 1204 ++k;
1205 free(ent[i]);
1206 }
1207
1208 return r;
1209
1210fail:
e8da24a6 1211 close_many(p->auxiliary_fds, k);
60252446
PS		 1212 p->auxiliary_fds = mfree(p->auxiliary_fds);
1213 p->n_auxiliary_fds = 0;
1214
1215 return r;
1216}
1217
034c6ed7 1218static int socket_open_fds(Socket *s) {
710a6b50
LP		 1219 _cleanup_(mac_selinux_freep) char *label = NULL;
1220 bool know_label = false;
83c60c9f
LP		 1221 SocketPort *p;
1222 int r;
1223
1224 assert(s);
1225
034c6ed7 1226 LIST_FOREACH(port, p, s->ports) {
83c60c9f 1227
034c6ed7
LP		 1228 if (p->fd >= 0)
1229 continue;
83c60c9f 1230
00411a13
LP		 1231 switch (p->type) {
1232
1233 case SOCKET_SOCKET:
049f8642 1234
7f416dae
LP		 1235 if (!know_label) {
1236 /* Figure out label, if we don't it know
1237 * yet. We do it once, for the first
1238 * socket where we need this and
1239 * remember it for the rest. */
1240
1241 if (s->selinux_context_from_net) {
1242 /* Get it from the network label */
1243
1244 r = mac_selinux_get_our_label(&label);
75514a70 1245 if (r < 0 && r != -EOPNOTSUPP)
7f416dae 1246 goto rollback;
049f8642 1247
7f416dae
LP		 1248 } else {
1249 /* Get it from the executable we are about to start */
1250
1251 r = socket_instantiate_service(s);
1252 if (r < 0)
1253 goto rollback;
1254
1255 if (UNIT_ISSET(s->service) &&
1256 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1257 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
75514a70 1258 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
7f416dae
LP		 1259 goto rollback;
1260 }
189583d7 1261 }
049f8642
LP		 1262
1263 know_label = true;
1264 }
1265
175a3d25
LP		 1266 r = socket_address_listen(
1267 &p->address,
1268 SOCK_CLOEXEC|SOCK_NONBLOCK,
1269 s->backlog,
1270 s->bind_ipv6_only,
1271 s->bind_to_device,
54255c64 1272 s->reuse_port,
175a3d25
LP		 1273 s->free_bind,
1274 s->transparent,
1275 s->directory_mode,
1276 s->socket_mode,
1277 label);
1278 if (r < 0)
83c60c9f
LP		 1279 goto rollback;
1280
175a3d25 1281 p->fd = r;
4fd5948e 1282 socket_apply_socket_options(s, p->fd);
811ba7a0 1283 socket_symlink(s);
00411a13 1284 break;
4fd5948e 1285
00411a13 1286 case SOCKET_SPECIAL:
b0a3f2bc 1287
55301ec0 1288 p->fd = special_address_create(p->path, s->writable);
e8da24a6
LP		 1289 if (p->fd < 0) {
1290 r = p->fd;
b0a3f2bc 1291 goto rollback;
e8da24a6 1292 }
00411a13 1293 break;
b0a3f2bc 1294
00411a13 1295 case SOCKET_FIFO:
83c60c9f 1296
e8da24a6 1297 p->fd = fifo_address_create(
175a3d25
LP		 1298 p->path,
1299 s->directory_mode,
e8da24a6
LP		 1300 s->socket_mode);
1301 if (p->fd < 0) {
1302 r = p->fd;
83c60c9f 1303 goto rollback;
e8da24a6 1304 }
83c60c9f 1305
b15bdda8 1306 socket_apply_fifo_options(s, p->fd);
811ba7a0 1307 socket_symlink(s);
00411a13 1308 break;
811ba7a0 1309
00411a13 1310 case SOCKET_MQUEUE:
83c60c9f 1311
e8da24a6 1312 p->fd = mq_address_create(
175a3d25
LP		 1313 p->path,
1314 s->socket_mode,
1315 s->mq_maxmsg,
e8da24a6
LP		 1316 s->mq_msgsize);
1317 if (p->fd < 0) {
1318 r = p->fd;
916abb21 1319 goto rollback;
e8da24a6 1320 }
00411a13 1321 break;
e8da24a6 1322
00411a13 1323 case SOCKET_USB_FUNCTION:
60252446 1324
36078102 1325 p->fd = usbffs_address_create(p->path);
e8da24a6
LP		 1326 if (p->fd < 0) {
1327 r = p->fd;
60252446 1328 goto rollback;
e8da24a6 1329 }
60252446 1330
36078102 1331 r = usbffs_write_descs(p->fd, SERVICE(UNIT_DEREF(s->service)));
6b7e5923
PS		 1332 if (r < 0)
1333 goto rollback;
1334
36078102 1335 r = usbffs_dispatch_eps(p);
60252446
PS		 1336 if (r < 0)
1337 goto rollback;
00411a13
LP		 1338
1339 break;
1340
1341 default:
b15bdda8 1342 assert_not_reached("Unknown port type");
00411a13 1343 }
034c6ed7
LP		 1344 }
1345
1346 return 0;
1347
1348rollback:
1349 socket_close_fds(s);
1350 return r;
1351}
1352
1353static void socket_unwatch_fds(Socket *s) {
1354 SocketPort *p;
718db961 1355 int r;
9152c765 1356
034c6ed7
LP		 1357 assert(s);
1358
1359 LIST_FOREACH(port, p, s->ports) {
1360 if (p->fd < 0)
1361 continue;
1362
a4152e3f
LP		 1363 if (!p->event_source)
1364 continue;
1365
1366 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1367 if (r < 0)
f2341e0a 1368 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
83c60c9f 1369 }
034c6ed7
LP		 1370}
1371
1372static int socket_watch_fds(Socket *s) {
1373 SocketPort *p;
1374 int r;
1375
1376 assert(s);
83c60c9f 1377
034c6ed7
LP		 1378 LIST_FOREACH(port, p, s->ports) {
1379 if (p->fd < 0)
1380 continue;
1381
cbf60d0a 1382 if (p->event_source) {
718db961 1383 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
cbf60d0a
LP		 1384 if (r < 0)
1385 goto fail;
1386 } else {
151b9b96 1387 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
cbf60d0a
LP		 1388 if (r < 0)
1389 goto fail;
4f2d528d 1390
cbf60d0a 1391 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
718db961 1392 }
034c6ed7 1393 }
83c60c9f 1394
542563ba 1395 return 0;
83c60c9f 1396
034c6ed7 1397fail:
cbf60d0a 1398 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
034c6ed7
LP		 1399 socket_unwatch_fds(s);
1400 return r;
1401}
1402
1403static void socket_set_state(Socket *s, SocketState state) {
1404 SocketState old_state;
1405 assert(s);
1406
1407 old_state = s->state;
1408 s->state = state;
1409
bd1fe7c7
LP		 1410 if (!IN_SET(state,
1411 SOCKET_START_PRE,
3900e5fd 1412 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1413 SOCKET_START_POST,
1414 SOCKET_STOP_PRE,
1415 SOCKET_STOP_PRE_SIGTERM,
1416 SOCKET_STOP_PRE_SIGKILL,
1417 SOCKET_STOP_POST,
1418 SOCKET_FINAL_SIGTERM,
1419 SOCKET_FINAL_SIGKILL)) {
718db961
LP		 1420
1421 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
5e94833f 1422 socket_unwatch_control_pid(s);
034c6ed7 1423 s->control_command = NULL;
a16e1123 1424 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
e537352b 1425 }
034c6ed7 1426
a16e1123
LP		 1427 if (state != SOCKET_LISTENING)
1428 socket_unwatch_fds(s);
1429
bd1fe7c7 1430 if (!IN_SET(state,
3900e5fd 1431 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1432 SOCKET_START_POST,
1433 SOCKET_LISTENING,
1434 SOCKET_RUNNING,
1435 SOCKET_STOP_PRE,
1436 SOCKET_STOP_PRE_SIGTERM,
1437 SOCKET_STOP_PRE_SIGKILL))
034c6ed7
LP		 1438 socket_close_fds(s);
1439
e537352b 1440 if (state != old_state)
f2341e0a 1441 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
acbb0225 1442
e2f3b44c 1443 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
034c6ed7
LP		 1444}
1445
be847e82 1446static int socket_coldplug(Unit *u) {
a16e1123
LP		 1447 Socket *s = SOCKET(u);
1448 int r;
1449
1450 assert(s);
1451 assert(s->state == SOCKET_DEAD);
1452
e821075a
LP		 1453 if (s->deserialized_state == s->state)
1454 return 0;
a16e1123 1455
3900e5fd
LP		 1456 if (IN_SET(s->deserialized_state,
1457 SOCKET_START_PRE,
1458 SOCKET_START_CHOWN,
1459 SOCKET_START_POST,
1460 SOCKET_STOP_PRE,
1461 SOCKET_STOP_PRE_SIGTERM,
1462 SOCKET_STOP_PRE_SIGKILL,
1463 SOCKET_STOP_POST,
1464 SOCKET_FINAL_SIGTERM,
1465 SOCKET_FINAL_SIGKILL)) {
a16e1123 1466
e821075a
LP		 1467 if (s->control_pid <= 0)
1468 return -EBADMSG;
a16e1123 1469
e821075a
LP		 1470 r = unit_watch_pid(UNIT(s), s->control_pid);
1471 if (r < 0)
1472 return r;
a16e1123 1473
e821075a
LP		 1474 r = socket_arm_timer(s);
1475 if (r < 0)
1476 return r;
1477 }
a16e1123 1478
3900e5fd
LP		 1479 if (IN_SET(s->deserialized_state,
1480 SOCKET_START_CHOWN,
1481 SOCKET_START_POST,
1482 SOCKET_LISTENING,
1483 SOCKET_RUNNING,
1484 SOCKET_STOP_PRE,
1485 SOCKET_STOP_PRE_SIGTERM,
1486 SOCKET_STOP_PRE_SIGKILL)) {
e821075a
LP		 1487 r = socket_open_fds(s);
1488 if (r < 0)
1489 return r;
1490 }
a16e1123 1491
e821075a
LP		 1492 if (s->deserialized_state == SOCKET_LISTENING) {
1493 r = socket_watch_fds(s);
1494 if (r < 0)
1495 return r;
a16e1123
LP		 1496 }
1497
e821075a 1498 socket_set_state(s, s->deserialized_state);
a16e1123
LP		 1499 return 0;
1500}
1501
e537352b 1502static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
3900e5fd 1503 _cleanup_free_ char **argv = NULL;
034c6ed7
LP		 1504 pid_t pid;
1505 int r;
9fa95f85
DM		 1506 ExecParameters exec_params = {
1507 .apply_permissions = true,
1508 .apply_chroot = true,
1509 .apply_tty_stdin = true,
6f856a09 1510 .bus_endpoint_fd = -1,
a34ceba6
LP		 1511 .stdin_fd = -1,
1512 .stdout_fd = -1,
1513 .stderr_fd = -1,
9fa95f85 1514 };
034c6ed7
LP		 1515
1516 assert(s);
1517 assert(c);
1518 assert(_pid);
1519
5ad096b3
LP		 1520 (void) unit_realize_cgroup(UNIT(s));
1521 if (s->reset_cpu_usage) {
1522 (void) unit_reset_cpu_usage(UNIT(s));
1523 s->reset_cpu_usage = false;
1524 }
4ad49000 1525
613b411c
LP		 1526 r = unit_setup_exec_runtime(UNIT(s));
1527 if (r < 0)
1528 goto fail;
1529
718db961 1530 r = socket_arm_timer(s);
36697dc0 1531 if (r < 0)
e537352b 1532 goto fail;
034c6ed7 1533
19f6d710
LP		 1534 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1535 if (r < 0)
9e2f7c11 1536 goto fail;
9e2f7c11 1537
9fa95f85
DM		 1538 exec_params.argv = argv;
1539 exec_params.environment = UNIT(s)->manager->environment;
1540 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1541 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1542 exec_params.cgroup_path = UNIT(s)->cgroup_path;
a931ad47 1543 exec_params.cgroup_delegate = s->cgroup_context.delegate;
9fa95f85 1544 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
9fa95f85 1545
f2341e0a
LP		 1546 r = exec_spawn(UNIT(s),
1547 c,
9e2f7c11 1548 &s->exec_context,
9fa95f85 1549 &exec_params,
613b411c 1550 s->exec_runtime,
9e2f7c11 1551 &pid);
cee288ad
TA		 1552 if (r < 0)
1553 goto fail;
9e2f7c11 1554
3900e5fd 1555 r = unit_watch_pid(UNIT(s), pid);
9e2f7c11 1556 if (r < 0)
3900e5fd 1557 /* FIXME: we need to do something here */
034c6ed7
LP		 1558 goto fail;
1559
3900e5fd
LP		 1560 *_pid = pid;
1561 return 0;
1562
1563fail:
1564 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1565 return r;
1566}
1567
1568static int socket_chown(Socket *s, pid_t *_pid) {
1569 pid_t pid;
1570 int r;
1571
1572 r = socket_arm_timer(s);
1573 if (r < 0)
1574 goto fail;
1575
1576 /* We have to resolve the user names out-of-process, hence
1577 * let's fork here. It's messy, but well, what can we do? */
1578
1579 pid = fork();
1580 if (pid < 0)
1581 return -errno;
1582
1583 if (pid == 0) {
1584 SocketPort *p;
fed1e721
LP		 1585 uid_t uid = UID_INVALID;
1586 gid_t gid = GID_INVALID;
3900e5fd
LP		 1587 int ret;
1588
ce30c8dc
LP		 1589 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1590 (void) ignore_signals(SIGPIPE, -1);
3900e5fd
LP		 1591 log_forget_fds();
1592
1593 if (!isempty(s->user)) {
1594 const char *user = s->user;
1595
1596 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1597 if (r < 0) {
1598 ret = EXIT_USER;
1599 goto fail_child;
1600 }
1601 }
1602
1603 if (!isempty(s->group)) {
1604 const char *group = s->group;
1605
1606 r = get_group_creds(&group, &gid);
1607 if (r < 0) {
1608 ret = EXIT_GROUP;
1609 goto fail_child;
1610 }
1611 }
1612
1613 LIST_FOREACH(port, p, s->ports) {
e5a1c18d 1614 const char *path = NULL;
3900e5fd
LP		 1615
1616 if (p->type == SOCKET_SOCKET)
1617 path = socket_address_get_path(&p->address);
1618 else if (p->type == SOCKET_FIFO)
1619 path = p->path;
1620
1621 if (!path)
1622 continue;
1623
1624 if (chown(path, uid, gid) < 0) {
1625 r = -errno;
1626 ret = EXIT_CHOWN;
1627 goto fail_child;
1628 }
1629 }
1630
1631 _exit(0);
1632
1633 fail_child:
1634 log_open();
da927ba9 1635 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
3900e5fd
LP		 1636
1637 _exit(ret);
1638 }
1639
718db961
LP		 1640 r = unit_watch_pid(UNIT(s), pid);
1641 if (r < 0)
034c6ed7 1642 goto fail;
83c60c9f 1643
034c6ed7 1644 *_pid = pid;
034c6ed7
LP		 1645 return 0;
1646
1647fail:
718db961 1648 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
83c60c9f 1649 return r;
542563ba
LP		 1650}
1651
cfc4eb4c 1652static void socket_enter_dead(Socket *s, SocketResult f) {
034c6ed7
LP		 1653 assert(s);
1654
cfc4eb4c
LP		 1655 if (f != SOCKET_SUCCESS)
1656 s->result = f;
034c6ed7 1657
613b411c
LP		 1658 exec_runtime_destroy(s->exec_runtime);
1659 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1660
e66cf1a3
LP		 1661 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1662
cfc4eb4c 1663 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
034c6ed7
LP		 1664}
1665
cfc4eb4c 1666static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
80876c20 1667
cfc4eb4c 1668static void socket_enter_stop_post(Socket *s, SocketResult f) {
034c6ed7
LP		 1669 int r;
1670 assert(s);
1671
cfc4eb4c
LP		 1672 if (f != SOCKET_SUCCESS)
1673 s->result = f;
034c6ed7 1674
5e94833f 1675 socket_unwatch_control_pid(s);
a16e1123 1676 s->control_command_id = SOCKET_EXEC_STOP_POST;
3900e5fd 1677 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
a16e1123 1678
3900e5fd
LP		 1679 if (s->control_command) {
1680 r = socket_spawn(s, s->control_command, &s->control_pid);
1681 if (r < 0)
034c6ed7
LP		 1682 goto fail;
1683
80876c20
LP		 1684 socket_set_state(s, SOCKET_STOP_POST);
1685 } else
cfc4eb4c 1686 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
034c6ed7
LP		 1687
1688 return;
1689
1690fail:
f2341e0a 1691 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
cfc4eb4c 1692 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1693}
1694
cfc4eb4c 1695static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
034c6ed7
LP		 1696 int r;
1697
1698 assert(s);
1699
cfc4eb4c
LP		 1700 if (f != SOCKET_SUCCESS)
1701 s->result = f;
034c6ed7 1702
cd2086fe
LP		 1703 r = unit_kill_context(
1704 UNIT(s),
1705 &s->kill_context,
db2cb23b
UTL		 1706 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1707 KILL_KILL : KILL_TERMINATE,
cd2086fe
LP		 1708 -1,
1709 s->control_pid,
1710 false);
1711 if (r < 0)
1712 goto fail;
034c6ed7 1713
cd2086fe 1714 if (r > 0) {
718db961 1715 r = socket_arm_timer(s);
36697dc0 1716 if (r < 0)
80876c20 1717 goto fail;
d6ea93e3 1718
80876c20 1719 socket_set_state(s, state);
ac84d1fb
LP		 1720 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1721 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1722 else if (state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1723 socket_enter_stop_post(s, SOCKET_SUCCESS);
ac84d1fb
LP		 1724 else if (state == SOCKET_FINAL_SIGTERM)
1725 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
80876c20 1726 else
cfc4eb4c 1727 socket_enter_dead(s, SOCKET_SUCCESS);
034c6ed7
LP		 1728
1729 return;
1730
1731fail:
f2341e0a 1732 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
034c6ed7
LP		 1733
1734 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1735 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1736 else
cfc4eb4c 1737 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1738}
1739
cfc4eb4c 1740static void socket_enter_stop_pre(Socket *s, SocketResult f) {
034c6ed7
LP		 1741 int r;
1742 assert(s);
1743
cfc4eb4c
LP		 1744 if (f != SOCKET_SUCCESS)
1745 s->result = f;
034c6ed7 1746
5e94833f 1747 socket_unwatch_control_pid(s);
a16e1123 1748 s->control_command_id = SOCKET_EXEC_STOP_PRE;
3900e5fd 1749 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
a16e1123 1750
3900e5fd
LP		 1751 if (s->control_command) {
1752 r = socket_spawn(s, s->control_command, &s->control_pid);
1753 if (r < 0)
034c6ed7
LP		 1754 goto fail;
1755
80876c20
LP		 1756 socket_set_state(s, SOCKET_STOP_PRE);
1757 } else
cfc4eb4c 1758 socket_enter_stop_post(s, SOCKET_SUCCESS);
034c6ed7
LP		 1759
1760 return;
1761
1762fail:
f2341e0a 1763 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
cfc4eb4c 1764 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1765}
1766
e9af15c3
LP		 1767static void socket_enter_listening(Socket *s) {
1768 int r;
1769 assert(s);
1770
cfc4eb4c
LP		 1771 r = socket_watch_fds(s);
1772 if (r < 0) {
f2341e0a 1773 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
e9af15c3
LP		 1774 goto fail;
1775 }
1776
1777 socket_set_state(s, SOCKET_LISTENING);
1778 return;
1779
1780fail:
cfc4eb4c 1781 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
e9af15c3
LP		 1782}
1783
034c6ed7
LP		 1784static void socket_enter_start_post(Socket *s) {
1785 int r;
1786 assert(s);
1787
3900e5fd
LP		 1788 socket_unwatch_control_pid(s);
1789 s->control_command_id = SOCKET_EXEC_START_POST;
1790 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1791
1792 if (s->control_command) {
1793 r = socket_spawn(s, s->control_command, &s->control_pid);
1794 if (r < 0) {
f2341e0a 1795 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
3900e5fd
LP		 1796 goto fail;
1797 }
1798
1799 socket_set_state(s, SOCKET_START_POST);
1800 } else
1801 socket_enter_listening(s);
1802
1803 return;
1804
1805fail:
1806 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1807}
1808
1809static void socket_enter_start_chown(Socket *s) {
1810 int r;
1811
1812 assert(s);
1813
cfc4eb4c
LP		 1814 r = socket_open_fds(s);
1815 if (r < 0) {
f2341e0a 1816 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
034c6ed7
LP		 1817 goto fail;
1818 }
1819
3900e5fd 1820 if (!isempty(s->user) || !isempty(s->group)) {
5e94833f 1821
3900e5fd
LP		 1822 socket_unwatch_control_pid(s);
1823 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1824 s->control_command = NULL;
a16e1123 1825
3900e5fd 1826 r = socket_chown(s, &s->control_pid);
cfc4eb4c 1827 if (r < 0) {
f2341e0a 1828 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
034c6ed7
LP		 1829 goto fail;
1830 }
1831
3900e5fd 1832 socket_set_state(s, SOCKET_START_CHOWN);
80876c20 1833 } else
3900e5fd 1834 socket_enter_start_post(s);
034c6ed7
LP		 1835
1836 return;
1837
1838fail:
cfc4eb4c 1839 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1840}
1841
1842static void socket_enter_start_pre(Socket *s) {
1843 int r;
1844 assert(s);
1845
5e94833f 1846 socket_unwatch_control_pid(s);
a16e1123 1847 s->control_command_id = SOCKET_EXEC_START_PRE;
3900e5fd 1848 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
a16e1123 1849
3900e5fd 1850 if (s->control_command) {
e821075a 1851 r = socket_spawn(s, s->control_command, &s->control_pid);
3900e5fd 1852 if (r < 0) {
f2341e0a 1853 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
034c6ed7 1854 goto fail;
3900e5fd 1855 }
034c6ed7 1856
80876c20
LP		 1857 socket_set_state(s, SOCKET_START_PRE);
1858 } else
3900e5fd 1859 socket_enter_start_chown(s);
034c6ed7
LP		 1860
1861 return;
1862
1863fail:
cfc4eb4c 1864 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1865}
1866
4f2d528d 1867static void socket_enter_running(Socket *s, int cfd) {
718db961 1868 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
034c6ed7
LP		 1869 int r;
1870
1871 assert(s);
1872
ba3e67a7
LP		 1873 /* We don't take connections anymore if we are supposed to
1874 * shut down anyway */
31afa0a4 1875 if (unit_stop_pending(UNIT(s))) {
e821075a 1876
f2341e0a 1877 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
5d909e3e 1878
7c610628 1879 if (cfd >= 0)
03e334a1 1880 safe_close(cfd);
7c610628
LP		 1881 else {
1882 /* Flush all sockets by closing and reopening them */
1883 socket_close_fds(s);
1884
16ac4014
LP		 1885 r = socket_open_fds(s);
1886 if (r < 0) {
f2341e0a 1887 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
16ac4014
LP		 1888 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1889 return;
1890 }
1891
1a710b43
MS		 1892 r = socket_watch_fds(s);
1893 if (r < 0) {
f2341e0a 1894 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
cfc4eb4c 1895 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
7c610628
LP		 1896 }
1897 }
1898
ba3e67a7
LP		 1899 return;
1900 }
1901
4f2d528d 1902 if (cfd < 0) {
57020a3a 1903 Iterator i;
e821075a 1904 Unit *other;
f976f3f6 1905 bool pending = false;
f976f3f6
LP		 1906
1907 /* If there's already a start pending don't bother to
1908 * do anything */
e821075a
LP		 1909 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1910 if (unit_active_or_pending(other)) {
57020a3a
LP		 1911 pending = true;
1912 break;
1913 }
f976f3f6 1914
1a710b43 1915 if (!pending) {
640ace4a 1916 if (!UNIT_ISSET(s->service)) {
f2341e0a 1917 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
640ace4a
LP		 1918 r = -ENOENT;
1919 goto fail;
1920 }
1921
1a710b43
MS		 1922 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1923 if (r < 0)
f976f3f6 1924 goto fail;
1a710b43 1925 }
4f2d528d
LP		 1926
1927 socket_set_state(s, SOCKET_RUNNING);
1928 } else {
e55001eb 1929 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
b15bdda8 1930 Service *service;
4f2d528d 1931
6cf6bbc2 1932 if (s->n_connections >= s->max_connections) {
f2341e0a 1933 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
03e334a1 1934 safe_close(cfd);
6cf6bbc2
LP		 1935 return;
1936 }
1937
1a710b43
MS		 1938 r = socket_instantiate_service(s);
1939 if (r < 0)
b15bdda8
LP		 1940 goto fail;
1941
1a710b43
MS		 1942 r = instance_from_socket(cfd, s->n_accepted, &instance);
1943 if (r < 0) {
1944 if (r != -ENOTCONN)
1945 goto fail;
1946
1947 /* ENOTCONN is legitimate if TCP RST was received.
1948 * This connection is over, but the socket unit lives on. */
03e334a1 1949 safe_close(cfd);
1a710b43
MS		 1950 return;
1951 }
4f2d528d 1952
7410616c
LP		 1953 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1954 if (r < 0)
4f2d528d 1955 goto fail;
4f2d528d 1956
7410616c
LP		 1957 r = unit_name_build(prefix, instance, ".service", &name);
1958 if (r < 0)
b6dbbe1c 1959 goto fail;
4f2d528d 1960
1a710b43 1961 r = unit_add_name(UNIT_DEREF(s->service), name);
e55001eb 1962 if (r < 0)
4f2d528d 1963 goto fail;
b15bdda8 1964
57020a3a
LP		 1965 service = SERVICE(UNIT_DEREF(s->service));
1966 unit_ref_unset(&s->service);
b15bdda8 1967 s->n_accepted ++;
4f2d528d 1968
1124fe6f 1969 UNIT(service)->no_gc = false;
6c073082 1970
b15bdda8 1971 unit_choose_id(UNIT(service), name);
b15bdda8 1972
16115b0a 1973 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1a710b43 1974 if (r < 0)
4f2d528d
LP		 1975 goto fail;
1976
1977 cfd = -1;
6cf6bbc2
LP		 1978 s->n_connections ++;
1979
1a710b43
MS		 1980 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1981 if (r < 0)
4f2d528d 1982 goto fail;
c4e2ceae
LP		 1983
1984 /* Notify clients about changed counters */
1985 unit_add_to_dbus_queue(UNIT(s));
4f2d528d 1986 }
034c6ed7 1987
034c6ed7
LP		 1988 return;
1989
1990fail:
f2341e0a
LP		 1991 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1992 cfd >= 0 ? "template" : "non-template",
718db961 1993 bus_error_message(&error, r));
e821075a 1994
60089004 1995 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
03e334a1 1996 safe_close(cfd);
034c6ed7
LP		 1997}
1998
cfc4eb4c 1999static void socket_run_next(Socket *s) {
034c6ed7
LP		 2000 int r;
2001
2002 assert(s);
2003 assert(s->control_command);
2004 assert(s->control_command->command_next);
2005
5e94833f
LP		 2006 socket_unwatch_control_pid(s);
2007
034c6ed7
LP		 2008 s->control_command = s->control_command->command_next;
2009
e821075a
LP		 2010 r = socket_spawn(s, s->control_command, &s->control_pid);
2011 if (r < 0)
034c6ed7
LP		 2012 goto fail;
2013
2014 return;
2015
2016fail:
f2341e0a 2017 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
80876c20
LP		 2018
2019 if (s->state == SOCKET_START_POST)
cfc4eb4c 2020 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 2021 else if (s->state == SOCKET_STOP_POST)
cfc4eb4c 2022 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 2023 else
cfc4eb4c 2024 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 2025}
2026
87f0e418
LP		 2027static int socket_start(Unit *u) {
2028 Socket *s = SOCKET(u);
83c60c9f
LP		 2029
2030 assert(s);
2031
034c6ed7
LP		 2032 /* We cannot fulfill this request right now, try again later
2033 * please! */
3900e5fd
LP		 2034 if (IN_SET(s->state,
2035 SOCKET_STOP_PRE,
2036 SOCKET_STOP_PRE_SIGKILL,
2037 SOCKET_STOP_PRE_SIGTERM,
2038 SOCKET_STOP_POST,
2039 SOCKET_FINAL_SIGTERM,
2040 SOCKET_FINAL_SIGKILL))
034c6ed7
LP		 2041 return -EAGAIN;
2042
a4152e3f 2043 /* Already on it! */
3900e5fd
LP		 2044 if (IN_SET(s->state,
2045 SOCKET_START_PRE,
2046 SOCKET_START_CHOWN,
2047 SOCKET_START_POST))
034c6ed7 2048 return 0;
83c60c9f 2049
034c6ed7 2050 /* Cannot run this without the service being around */
9444b1f2 2051 if (UNIT_ISSET(s->service)) {
57020a3a
LP		 2052 Service *service;
2053
2054 service = SERVICE(UNIT_DEREF(s->service));
2055
1124fe6f 2056 if (UNIT(service)->load_state != UNIT_LOADED) {
f2341e0a 2057 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
4f2d528d 2058 return -ENOENT;
4ac9236f 2059 }
4f2d528d 2060
35b8ca3a 2061 /* If the service is already active we cannot start the
4f2d528d 2062 * socket */
57020a3a
LP		 2063 if (service->state != SERVICE_DEAD &&
2064 service->state != SERVICE_FAILED &&
2065 service->state != SERVICE_AUTO_RESTART) {
f2341e0a 2066 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
4f2d528d 2067 return -EBUSY;
4ac9236f 2068 }
4f2d528d 2069 }
e537352b 2070
fdf20a31 2071 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
83c60c9f 2072
cfc4eb4c 2073 s->result = SOCKET_SUCCESS;
5ad096b3
LP		 2074 s->reset_cpu_usage = true;
2075
034c6ed7 2076 socket_enter_start_pre(s);
e821075a 2077
82a2b6bb 2078 return 1;
034c6ed7 2079}
83c60c9f 2080
87f0e418
LP		 2081static int socket_stop(Unit *u) {
2082 Socket *s = SOCKET(u);
034c6ed7
LP		 2083
2084 assert(s);
2085
e537352b 2086 /* Already on it */
3900e5fd
LP		 2087 if (IN_SET(s->state,
2088 SOCKET_STOP_PRE,
2089 SOCKET_STOP_PRE_SIGTERM,
2090 SOCKET_STOP_PRE_SIGKILL,
2091 SOCKET_STOP_POST,
2092 SOCKET_FINAL_SIGTERM,
2093 SOCKET_FINAL_SIGKILL))
e537352b
LP		 2094 return 0;
2095
3f6c78dc
LP		 2096 /* If there's already something running we go directly into
2097 * kill mode. */
3900e5fd
LP		 2098 if (IN_SET(s->state,
2099 SOCKET_START_PRE,
2100 SOCKET_START_CHOWN,
2101 SOCKET_START_POST)) {
cfc4eb4c 2102 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
3f6c78dc
LP		 2103 return -EAGAIN;
2104 }
2105
034c6ed7 2106 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
83c60c9f 2107
cfc4eb4c 2108 socket_enter_stop_pre(s, SOCKET_SUCCESS);
82a2b6bb 2109 return 1;
542563ba
LP		 2110}
2111
a16e1123
LP		 2112static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2113 Socket *s = SOCKET(u);
2114 SocketPort *p;
2115 int r;
2116
2117 assert(u);
2118 assert(f);
2119 assert(fds);
2120
2121 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
cfc4eb4c 2122 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
a16e1123
LP		 2123 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2124
2125 if (s->control_pid > 0)
de0671ee 2126 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
a16e1123
LP		 2127
2128 if (s->control_command_id >= 0)
2129 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2130
2131 LIST_FOREACH(port, p, s->ports) {
2132 int copy;
2133
2134 if (p->fd < 0)
2135 continue;
2136
613b411c
LP		 2137 copy = fdset_put_dup(fds, p->fd);
2138 if (copy < 0)
a16e1123
LP		 2139 return copy;
2140
2141 if (p->type == SOCKET_SOCKET) {
613b411c 2142 _cleanup_free_ char *t = NULL;
a16e1123 2143
ee092817
LP		 2144 r = socket_address_print(&p->address, &t);
2145 if (r < 0)
a16e1123
LP		 2146 return r;
2147
7a22745a
LP		 2148 if (socket_address_family(&p->address) == AF_NETLINK)
2149 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2150 else
2151 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
613b411c 2152
b0a3f2bc
LP		 2153 } else if (p->type == SOCKET_SPECIAL)
2154 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
ee092817
LP		 2155 else if (p->type == SOCKET_MQUEUE)
2156 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
60252446
PS		 2157 else if (p->type == SOCKET_USB_FUNCTION)
2158 unit_serialize_item_format(u, f, "ffs", "%i %s", copy, p->path);
b0a3f2bc 2159 else {
a16e1123
LP		 2160 assert(p->type == SOCKET_FIFO);
2161 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2162 }
2163 }
2164
2165 return 0;
2166}
2167
2168static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2169 Socket *s = SOCKET(u);
a16e1123
LP		 2170
2171 assert(u);
2172 assert(key);
2173 assert(value);
a16e1123
LP		 2174
2175 if (streq(key, "state")) {
2176 SocketState state;
2177
ee092817
LP		 2178 state = socket_state_from_string(value);
2179 if (state < 0)
f2341e0a 2180 log_unit_debug(u, "Failed to parse state value: %s", value);
a16e1123
LP		 2181 else
2182 s->deserialized_state = state;
cfc4eb4c
LP		 2183 } else if (streq(key, "result")) {
2184 SocketResult f;
a16e1123 2185
cfc4eb4c
LP		 2186 f = socket_result_from_string(value);
2187 if (f < 0)
f2341e0a 2188 log_unit_debug(u, "Failed to parse result value: %s", value);
cfc4eb4c
LP		 2189 else if (f != SOCKET_SUCCESS)
2190 s->result = f;
a16e1123
LP		 2191
2192 } else if (streq(key, "n-accepted")) {
2193 unsigned k;
2194
e364ad06 2195 if (safe_atou(value, &k) < 0)
f2341e0a 2196 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
a16e1123
LP		 2197 else
2198 s->n_accepted += k;
2199 } else if (streq(key, "control-pid")) {
5925dd3c 2200 pid_t pid;
a16e1123 2201
e364ad06 2202 if (parse_pid(value, &pid) < 0)
f2341e0a 2203 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
a16e1123 2204 else
5925dd3c 2205 s->control_pid = pid;
a16e1123
LP		 2206 } else if (streq(key, "control-command")) {
2207 SocketExecCommand id;
2208
66870f90
ZJS		 2209 id = socket_exec_command_from_string(value);
2210 if (id < 0)
f2341e0a 2211 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
a16e1123
LP		 2212 else {
2213 s->control_command_id = id;
2214 s->control_command = s->exec_command[id];
2215 }
2216 } else if (streq(key, "fifo")) {
2217 int fd, skip = 0;
2218 SocketPort *p;
2219
2220 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2221 log_unit_debug(u, "Failed to parse fifo value: %s", value);
a16e1123
LP		 2222 else {
2223
2224 LIST_FOREACH(port, p, s->ports)
b0a3f2bc 2225 if (p->type == SOCKET_FIFO &&
c78e47a6 2226 path_equal_or_files_same(p->path, value+skip))
b0a3f2bc
LP		 2227 break;
2228
2229 if (p) {
03e334a1 2230 safe_close(p->fd);
b0a3f2bc
LP		 2231 p->fd = fdset_remove(fds, fd);
2232 }
2233 }
2234
2235 } else if (streq(key, "special")) {
2236 int fd, skip = 0;
2237 SocketPort *p;
2238
2239 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2240 log_unit_debug(u, "Failed to parse special value: %s", value);
b0a3f2bc
LP		 2241 else {
2242
2243 LIST_FOREACH(port, p, s->ports)
2244 if (p->type == SOCKET_SPECIAL &&
c78e47a6 2245 path_equal_or_files_same(p->path, value+skip))
a16e1123
LP		 2246 break;
2247
2248 if (p) {
03e334a1 2249 safe_close(p->fd);
a16e1123
LP		 2250 p->fd = fdset_remove(fds, fd);
2251 }
2252 }
2253
ee092817
LP		 2254 } else if (streq(key, "mqueue")) {
2255 int fd, skip = 0;
2256 SocketPort *p;
2257
2258 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2259 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
ee092817
LP		 2260 else {
2261
2262 LIST_FOREACH(port, p, s->ports)
2263 if (p->type == SOCKET_MQUEUE &&
c78e47a6 2264 streq(p->path, value+skip))
ee092817
LP		 2265 break;
2266
2267 if (p) {
03e334a1 2268 safe_close(p->fd);
ee092817
LP		 2269 p->fd = fdset_remove(fds, fd);
2270 }
2271 }
2272
a16e1123 2273 } else if (streq(key, "socket")) {
27ca8d7a 2274 int fd, type, skip = 0;
a16e1123
LP		 2275 SocketPort *p;
2276
27ca8d7a 2277 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
f2341e0a 2278 log_unit_debug(u, "Failed to parse socket value: %s", value);
a16e1123
LP		 2279 else {
2280
2281 LIST_FOREACH(port, p, s->ports)
27ca8d7a 2282 if (socket_address_is(&p->address, value+skip, type))
a16e1123
LP		 2283 break;
2284
2285 if (p) {
03e334a1 2286 safe_close(p->fd);
a16e1123
LP		 2287 p->fd = fdset_remove(fds, fd);
2288 }
2289 }
2290
7a22745a
LP		 2291 } else if (streq(key, "netlink")) {
2292 int fd, skip = 0;
2293 SocketPort *p;
2294
2295 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2296 log_unit_debug(u, "Failed to parse socket value: %s", value);
7a22745a
LP		 2297 else {
2298
2299 LIST_FOREACH(port, p, s->ports)
2300 if (socket_address_is_netlink(&p->address, value+skip))
2301 break;
2302
2303 if (p) {
03e334a1 2304 safe_close(p->fd);
7a22745a
LP		 2305 p->fd = fdset_remove(fds, fd);
2306 }
2307 }
60252446
PS		 2308
2309 } else if (streq(key, "ffs")) {
2310 int fd, skip = 0;
2311 SocketPort *p;
2312
2313 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2314 log_unit_debug(u, "Failed to parse ffs value: %s", value);
2315 else {
2316
2317 LIST_FOREACH(port, p, s->ports)
2318 if (p->type == SOCKET_USB_FUNCTION &&
2319 path_equal_or_files_same(p->path, value+skip))
2320 break;
2321
2322 if (p) {
2323 safe_close(p->fd);
2324 p->fd = fdset_remove(fds, fd);
2325 }
2326 }
2327
a16e1123 2328 } else
f2341e0a 2329 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
a16e1123
LP		 2330
2331 return 0;
2332}
2333
01e10de3
LP		 2334static int socket_distribute_fds(Unit *u, FDSet *fds) {
2335 Socket *s = SOCKET(u);
2336 SocketPort *p;
2337
2338 assert(u);
2339
2340 LIST_FOREACH(port, p, s->ports) {
2341 Iterator i;
2342 int fd;
2343
2344 if (p->type != SOCKET_SOCKET)
2345 continue;
2346
2347 if (p->fd >= 0)
2348 continue;
2349
2350 FDSET_FOREACH(fd, fds, i) {
2351 if (socket_address_matches_fd(&p->address, fd)) {
2352 p->fd = fdset_remove(fds, fd);
2353 s->deserialized_state = SOCKET_LISTENING;
2354 break;
2355 }
2356 }
2357 }
2358
2359 return 0;
2360}
2361
44a6b1b6 2362_pure_ static UnitActiveState socket_active_state(Unit *u) {
87f0e418 2363 assert(u);
5cb5a6ff 2364
acbb0225 2365 return state_translation_table[SOCKET(u)->state];
5cb5a6ff
LP		 2366}
2367
44a6b1b6 2368_pure_ static const char *socket_sub_state_to_string(Unit *u) {
10a94420
LP		 2369 assert(u);
2370
a16e1123 2371 return socket_state_to_string(SOCKET(u)->state);
10a94420
LP		 2372}
2373
67419600
OS		 2374const char* socket_port_type_to_string(SocketPort *p) {
2375
2376 assert(p);
2377
2378 switch (p->type) {
718db961
LP		 2379
2380 case SOCKET_SOCKET:
2381
2382 switch (p->address.type) {
2383
2384 case SOCK_STREAM:
2385 return "Stream";
2386
2387 case SOCK_DGRAM:
2388 return "Datagram";
2389
2390 case SOCK_SEQPACKET:
2391 return "SequentialPacket";
2392
2393 case SOCK_RAW:
2394 if (socket_address_family(&p->address) == AF_NETLINK)
2395 return "Netlink";
2396
2397 default:
2398 return NULL;
2399 }
2400
2401 case SOCKET_SPECIAL:
2402 return "Special";
2403
2404 case SOCKET_MQUEUE:
2405 return "MessageQueue";
2406
2407 case SOCKET_FIFO:
2408 return "FIFO";
2409
60252446
PS		 2410 case SOCKET_USB_FUNCTION:
2411 return "USBFunction";
2412
718db961
LP		 2413 default:
2414 return NULL;
67419600
OS		 2415 }
2416}
2417
44a6b1b6 2418_pure_ static bool socket_check_gc(Unit *u) {
6cf6bbc2
LP		 2419 Socket *s = SOCKET(u);
2420
2421 assert(u);
2422
2423 return s->n_connections > 0;
2424}
2425
718db961
LP		 2426static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2427 SocketPort *p = userdata;
4f2d528d 2428 int cfd = -1;
9152c765 2429
718db961 2430 assert(p);
8d567588 2431 assert(fd >= 0);
9152c765 2432
718db961
LP		 2433 if (p->socket->state != SOCKET_LISTENING)
2434 return 0;
871d7de4 2435
f2341e0a 2436 log_unit_debug(UNIT(p->socket), "Incoming traffic");
9152c765 2437
718db961 2438 if (revents != EPOLLIN) {
641e01dc 2439
718db961 2440 if (revents & EPOLLHUP)
f2341e0a 2441 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
641e01dc 2442 else
f2341e0a 2443 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
8d567588 2444 goto fail;
4f2d528d
LP		 2445 }
2446
718db961
LP		 2447 if (p->socket->accept &&
2448 p->type == SOCKET_SOCKET &&
2449 socket_address_can_accept(&p->address)) {
2450
4f2d528d
LP		 2451 for (;;) {
2452
b14eda96
LP		 2453 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2454 if (cfd < 0) {
4f2d528d
LP		 2455
2456 if (errno == EINTR)
2457 continue;
2458
f2341e0a 2459 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
8d567588 2460 goto fail;
4f2d528d
LP		 2461 }
2462
2463 break;
2464 }
4fd5948e 2465
718db961 2466 socket_apply_socket_options(p->socket, cfd);
4f2d528d 2467 }
9152c765 2468
718db961
LP		 2469 socket_enter_running(p->socket, cfd);
2470 return 0;
8d567588
LP		 2471
2472fail:
718db961
LP		 2473 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2474 return 0;
9152c765
LP		 2475}
2476
87f0e418
LP		 2477static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2478 Socket *s = SOCKET(u);
cfc4eb4c 2479 SocketResult f;
5cb5a6ff
LP		 2480
2481 assert(s);
034c6ed7 2482 assert(pid >= 0);
5cb5a6ff 2483
8c47c732
LP		 2484 if (pid != s->control_pid)
2485 return;
542563ba 2486
034c6ed7
LP		 2487 s->control_pid = 0;
2488
96342de6 2489 if (is_clean_exit(code, status, NULL))
cfc4eb4c
LP		 2490 f = SOCKET_SUCCESS;
2491 else if (code == CLD_EXITED)
2492 f = SOCKET_FAILURE_EXIT_CODE;
2493 else if (code == CLD_KILLED)
2494 f = SOCKET_FAILURE_SIGNAL;
2495 else if (code == CLD_DUMPED)
2496 f = SOCKET_FAILURE_CORE_DUMP;
2497 else
a4152e3f 2498 assert_not_reached("Unknown sigchld code");
8c47c732 2499
b708e7ce 2500 if (s->control_command) {
6ea832a2 2501 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
a16e1123 2502
b708e7ce 2503 if (s->control_command->ignore)
cfc4eb4c 2504 f = SOCKET_SUCCESS;
b708e7ce
LP		 2505 }
2506
f2341e0a
LP		 2507 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2508 "Control process exited, code=%s status=%i",
2509 sigchld_code_to_string(code), status);
034c6ed7 2510
cfc4eb4c
LP		 2511 if (f != SOCKET_SUCCESS)
2512 s->result = f;
2513
2514 if (s->control_command &&
2515 s->control_command->command_next &&
2516 f == SOCKET_SUCCESS) {
2517
f2341e0a 2518 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
cfc4eb4c 2519 socket_run_next(s);
acbb0225 2520 } else {
a16e1123
LP		 2521 s->control_command = NULL;
2522 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2523
034c6ed7
LP		 2524 /* No further commands for this step, so let's figure
2525 * out what to do next */
5cb5a6ff 2526
f2341e0a 2527 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
acbb0225 2528
034c6ed7
LP		 2529 switch (s->state) {
2530
2531 case SOCKET_START_PRE:
cfc4eb4c 2532 if (f == SOCKET_SUCCESS)
3900e5fd 2533 socket_enter_start_chown(s);
034c6ed7 2534 else
cfc4eb4c 2535 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
034c6ed7
LP		 2536 break;
2537
3900e5fd
LP		 2538 case SOCKET_START_CHOWN:
2539 if (f == SOCKET_SUCCESS)
2540 socket_enter_start_post(s);
2541 else
2542 socket_enter_stop_pre(s, f);
2543 break;
2544
034c6ed7 2545 case SOCKET_START_POST:
cfc4eb4c 2546 if (f == SOCKET_SUCCESS)
e9af15c3 2547 socket_enter_listening(s);
034c6ed7 2548 else
cfc4eb4c 2549 socket_enter_stop_pre(s, f);
034c6ed7
LP		 2550 break;
2551
2552 case SOCKET_STOP_PRE:
2553 case SOCKET_STOP_PRE_SIGTERM:
2554 case SOCKET_STOP_PRE_SIGKILL:
cfc4eb4c 2555 socket_enter_stop_post(s, f);
034c6ed7
LP		 2556 break;
2557
2558 case SOCKET_STOP_POST:
80876c20
LP		 2559 case SOCKET_FINAL_SIGTERM:
2560 case SOCKET_FINAL_SIGKILL:
cfc4eb4c 2561 socket_enter_dead(s, f);
034c6ed7
LP		 2562 break;
2563
2564 default:
2565 assert_not_reached("Uh, control process died at wrong time.");
2566 }
2567 }
c4e2ceae
LP		 2568
2569 /* Notify clients about changed exit status */
2570 unit_add_to_dbus_queue(u);
034c6ed7 2571}
5cb5a6ff 2572
718db961
LP		 2573static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2574 Socket *s = SOCKET(userdata);
5cb5a6ff 2575
034c6ed7 2576 assert(s);
718db961 2577 assert(s->timer_event_source == source);
034c6ed7
LP		 2578
2579 switch (s->state) {
2580
2581 case SOCKET_START_PRE:
f2341e0a 2582 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
cfc4eb4c 2583 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
da19d5c1 2584 break;
80876c20 2585
3900e5fd 2586 case SOCKET_START_CHOWN:
034c6ed7 2587 case SOCKET_START_POST:
f2341e0a 2588 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
cfc4eb4c 2589 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2590 break;
2591
2592 case SOCKET_STOP_PRE:
f2341e0a 2593 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
cfc4eb4c 2594 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2595 break;
2596
2597 case SOCKET_STOP_PRE_SIGTERM:
4819ff03 2598 if (s->kill_context.send_sigkill) {
f2341e0a 2599 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
cfc4eb4c 2600 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2601 } else {
f2341e0a 2602 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
cfc4eb4c 2603 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2604 }
034c6ed7
LP		 2605 break;
2606
2607 case SOCKET_STOP_PRE_SIGKILL:
f2341e0a 2608 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
cfc4eb4c 2609 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2610 break;
2611
2612 case SOCKET_STOP_POST:
f2341e0a 2613 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
cfc4eb4c 2614 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2615 break;
2616
80876c20 2617 case SOCKET_FINAL_SIGTERM:
4819ff03 2618 if (s->kill_context.send_sigkill) {
f2341e0a 2619 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
cfc4eb4c 2620 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2621 } else {
f2341e0a 2622 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
cfc4eb4c 2623 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2624 }
034c6ed7
LP		 2625 break;
2626
80876c20 2627 case SOCKET_FINAL_SIGKILL:
f2341e0a 2628 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
cfc4eb4c 2629 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2630 break;
2631
2632 default:
2633 assert_not_reached("Timeout at wrong time.");
2634 }
718db961
LP		 2635
2636 return 0;
5cb5a6ff
LP		 2637}
2638
79c7626d
LP		 2639int socket_collect_fds(Socket *s, int **fds) {
2640 int *rfds, k = 0, n = 0;
44d8db9e
LP		 2641 SocketPort *p;
2642
2643 assert(s);
2644 assert(fds);
44d8db9e
LP		 2645
2646 /* Called from the service code for requesting our fds */
2647
15087cdb 2648 LIST_FOREACH(port, p, s->ports) {
44d8db9e 2649 if (p->fd >= 0)
79c7626d
LP		 2650 n++;
2651 n += p->n_auxiliary_fds;
15087cdb 2652 }
44d8db9e 2653
79c7626d 2654 if (n <= 0) {
de3756ab 2655 *fds = NULL;
de3756ab
LP		 2656 return 0;
2657 }
2658
79c7626d 2659 rfds = new(int, n);
e5403f09 2660 if (!rfds)
44d8db9e
LP		 2661 return -ENOMEM;
2662
15087cdb 2663 LIST_FOREACH(port, p, s->ports) {
79c7626d
LP		 2664 int i;
2665
44d8db9e
LP		 2666 if (p->fd >= 0)
2667 rfds[k++] = p->fd;
15087cdb
PS		 2668 for (i = 0; i < p->n_auxiliary_fds; ++i)
2669 rfds[k++] = p->auxiliary_fds[i];
2670 }
44d8db9e 2671
79c7626d 2672 assert(k == n);
44d8db9e
LP		 2673
2674 *fds = rfds;
79c7626d 2675 return n;
44d8db9e
LP		 2676}
2677
e821075a
LP		 2678static void socket_reset_failed(Unit *u) {
2679 Socket *s = SOCKET(u);
2680
2681 assert(s);
2682
2683 if (s->state == SOCKET_FAILED)
2684 socket_set_state(s, SOCKET_DEAD);
2685
2686 s->result = SOCKET_SUCCESS;
2687}
2688
d137a488 2689static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
ceee3d82
LP		 2690 assert(s);
2691
6cf6bbc2
LP		 2692 /* The service is dead. Dang!
2693 *
2694 * This is strictly for one-instance-for-all-connections
2695 * services. */
ceee3d82
LP		 2696
2697 if (s->state == SOCKET_RUNNING) {
f2341e0a 2698 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
6bda96a0
LP		 2699 if (failed_permanent)
2700 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
c2f34808
MS		 2701 else
2702 socket_enter_listening(s);
ceee3d82
LP		 2703 }
2704}
2705
6cf6bbc2
LP		 2706void socket_connection_unref(Socket *s) {
2707 assert(s);
2708
2709 /* The service is dead. Yay!
2710 *
35b8ca3a 2711 * This is strictly for one-instance-per-connection
6cf6bbc2
LP		 2712 * services. */
2713
2714 assert(s->n_connections > 0);
2715 s->n_connections--;
2716
f2341e0a 2717 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
5632e374
LP		 2718}
2719
d137a488
UTL		 2720static void socket_trigger_notify(Unit *u, Unit *other) {
2721 Socket *s = SOCKET(u);
e821075a 2722 Service *se;
d137a488
UTL		 2723
2724 assert(u);
2725 assert(other);
2726
2727 /* Don't propagate state changes from the service if we are
2728 already down or accepting connections */
920b52e4 2729 if ((s->state != SOCKET_RUNNING &&
d137a488
UTL		 2730 s->state != SOCKET_LISTENING) ||
2731 s->accept)
2732 return;
2733
2734 if (other->load_state != UNIT_LOADED ||
2735 other->type != UNIT_SERVICE)
2736 return;
2737
e821075a
LP		 2738 se = SERVICE(other);
2739
d137a488
UTL		 2740 if (se->state == SERVICE_FAILED)
2741 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2742
2743 if (se->state == SERVICE_DEAD ||
d137a488
UTL		 2744 se->state == SERVICE_FINAL_SIGTERM ||
2745 se->state == SERVICE_FINAL_SIGKILL ||
2746 se->state == SERVICE_AUTO_RESTART)
2747 socket_notify_service_dead(s, false);
2748
2749 if (se->state == SERVICE_RUNNING)
2750 socket_set_state(s, SOCKET_RUNNING);
2751}
2752
718db961 2753static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
814cc562 2754 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
8a0867d6
LP		 2755}
2756
68db7a3b
ZJS		 2757static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2758 Socket *s = SOCKET(u);
2759 int r;
2760
2761 if (!s->timer_event_source)
2762 return 0;
2763
2764 r = sd_event_source_get_time(s->timer_event_source, timeout);
2765 if (r < 0)
2766 return r;
2767
2768 return 1;
2769}
2770
8dd4c05b
LP		 2771char *socket_fdname(Socket *s) {
2772 assert(s);
2773
2774 /* Returns the name to use for $LISTEN_NAMES. If the user
2775 * didn't specify anything specifically, use the socket unit's
2776 * name as fallback. */
2777
2778 if (s->fdname)
2779 return s->fdname;
2780
2781 return UNIT(s)->id;
2782}
2783
a16e1123
LP		 2784static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2785 [SOCKET_EXEC_START_PRE] = "StartPre",
3900e5fd 2786 [SOCKET_EXEC_START_CHOWN] = "StartChown",
a16e1123
LP		 2787 [SOCKET_EXEC_START_POST] = "StartPost",
2788 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2789 [SOCKET_EXEC_STOP_POST] = "StopPost"
2790};
2791
2792DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2793
cfc4eb4c
LP		 2794static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2795 [SOCKET_SUCCESS] = "success",
2796 [SOCKET_FAILURE_RESOURCES] = "resources",
2797 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2798 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2799 [SOCKET_FAILURE_SIGNAL] = "signal",
c2f34808 2800 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
6bda96a0 2801 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
cfc4eb4c
LP		 2802};
2803
2804DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2805
87f0e418 2806const UnitVTable socket_vtable = {
7d17cfbc 2807 .object_size = sizeof(Socket),
718db961
LP		 2808 .exec_context_offset = offsetof(Socket, exec_context),
2809 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2810 .kill_context_offset = offsetof(Socket, kill_context),
613b411c 2811 .exec_runtime_offset = offsetof(Socket, exec_runtime),
3ef63c31 2812
f975e971
LP		 2813 .sections =
2814 "Unit\0"
2815 "Socket\0"
2816 "Install\0",
4ad49000 2817 .private_section = "Socket",
71645aca 2818
034c6ed7
LP		 2819 .init = socket_init,
2820 .done = socket_done,
a16e1123
LP		 2821 .load = socket_load,
2822
2823 .coldplug = socket_coldplug,
034c6ed7 2824
5cb5a6ff
LP		 2825 .dump = socket_dump,
2826
542563ba
LP		 2827 .start = socket_start,
2828 .stop = socket_stop,
5cb5a6ff 2829
718db961
LP		 2830 .kill = socket_kill,
2831
68db7a3b
ZJS		 2832 .get_timeout = socket_get_timeout,
2833
a16e1123
LP		 2834 .serialize = socket_serialize,
2835 .deserialize_item = socket_deserialize_item,
01e10de3 2836 .distribute_fds = socket_distribute_fds,
a16e1123 2837
5cb5a6ff 2838 .active_state = socket_active_state,
10a94420 2839 .sub_state_to_string = socket_sub_state_to_string,
5cb5a6ff 2840
6cf6bbc2
LP		 2841 .check_gc = socket_check_gc,
2842
034c6ed7 2843 .sigchld_event = socket_sigchld_event,
4139c1b2 2844
d137a488
UTL		 2845 .trigger_notify = socket_trigger_notify,
2846
fdf20a31 2847 .reset_failed = socket_reset_failed,
5632e374 2848
718db961 2849 .bus_vtable = bus_socket_vtable,
74c964d3
LP		 2850 .bus_set_property = bus_socket_set_property,
2851 .bus_commit_properties = bus_socket_commit_properties,
c6918296
MS		 2852
2853 .status_message_formats = {
2854 /*.starting_stopping = {
2855 [0] = "Starting socket %s...",
2856 [1] = "Stopping socket %s...",
2857 },*/
2858 .finished_start_job = {
2859 [JOB_DONE] = "Listening on %s.",
2860 [JOB_FAILED] = "Failed to listen on %s.",
c6918296
MS		 2861 [JOB_TIMEOUT] = "Timed out starting %s.",
2862 },
2863 .finished_stop_job = {
2864 [JOB_DONE] = "Closed %s.",
2865 [JOB_FAILED] = "Failed stopping %s.",
2866 [JOB_TIMEOUT] = "Timed out stopping %s.",
2867 },
2868 },
5cb5a6ff 2869};
Unnamed repository; edit this file 'description' to name the repository.