]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/socket.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #1920 from teg/networkd-fixes
[thirdparty/systemd.git] / src / core / socket.c
CommitLineData
d6c9574f 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
5cb5a6ff 2
a7334b09
LP		 3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
a7334b09 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
e8da24a6 22#include <arpa/inet.h>
83c60c9f
LP		 23#include <errno.h>
24#include <fcntl.h>
916abb21 25#include <mqueue.h>
e8da24a6
LP		 26#include <netinet/tcp.h>
27#include <signal.h>
28#include <sys/epoll.h>
29#include <sys/stat.h>
30#include <unistd.h>
83c60c9f 31
718db961 32#include "sd-event.h"
e8da24a6 33
b5efdb8a 34#include "alloc-util.h"
e8da24a6
LP		 35#include "bus-error.h"
36#include "bus-util.h"
37#include "copy.h"
38#include "dbus-socket.h"
39#include "def.h"
40#include "exit-status.h"
3ffd4af2 41#include "fd-util.h"
e8da24a6
LP		 42#include "formats-util.h"
43#include "label.h"
83c60c9f 44#include "log.h"
e8da24a6 45#include "missing.h"
49e942b2 46#include "mkdir.h"
6bedfcbb 47#include "parse-util.h"
9eb977db 48#include "path-util.h"
7b3e062c 49#include "process-util.h"
d7b8eec7 50#include "selinux-util.h"
24882e06 51#include "signal-util.h"
e8da24a6 52#include "smack-util.h"
24882e06 53#include "socket.h"
e8da24a6 54#include "special.h"
8b43440b 55#include "string-table.h"
07630cea 56#include "string-util.h"
e8da24a6
LP		 57#include "strv.h"
58#include "unit-name.h"
59#include "unit-printf.h"
60#include "unit.h"
b1d4f8e1 61#include "user-util.h"
83c60c9f 62
acbb0225 63static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
87f0e418
LP		 64 [SOCKET_DEAD] = UNIT_INACTIVE,
65 [SOCKET_START_PRE] = UNIT_ACTIVATING,
3900e5fd 66 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
87f0e418
LP		 67 [SOCKET_START_POST] = UNIT_ACTIVATING,
68 [SOCKET_LISTENING] = UNIT_ACTIVE,
69 [SOCKET_RUNNING] = UNIT_ACTIVE,
70 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
71 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
72 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
73 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
80876c20
LP		 74 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
75 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
fdf20a31 76 [SOCKET_FAILED] = UNIT_FAILED
83c60c9f 77};
5cb5a6ff 78
718db961
LP		 79static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
80static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
81
a16e1123
LP		 82static void socket_init(Unit *u) {
83 Socket *s = SOCKET(u);
84
85 assert(u);
ac155bb8 86 assert(u->load_state == UNIT_STUB);
a16e1123 87
a16e1123 88 s->backlog = SOMAXCONN;
1f19a534 89 s->timeout_usec = u->manager->default_timeout_start_usec;
a16e1123 90 s->directory_mode = 0755;
9131f660 91 s->socket_mode = 0666;
a16e1123 92
6cf6bbc2
LP		 93 s->max_connections = 64;
94
4fd5948e 95 s->priority = -1;
4fd5948e
LP		 96 s->ip_tos = -1;
97 s->ip_ttl = -1;
4fd5948e 98 s->mark = -1;
4fd5948e 99
ac155bb8
MS		 100 s->exec_context.std_output = u->manager->default_std_output;
101 s->exec_context.std_error = u->manager->default_std_error;
085afe36 102
a16e1123
LP		 103 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
104}
acbb0225 105
5e94833f
LP		 106static void socket_unwatch_control_pid(Socket *s) {
107 assert(s);
108
109 if (s->control_pid <= 0)
110 return;
111
112 unit_unwatch_pid(UNIT(s), s->control_pid);
113 s->control_pid = 0;
114}
115
15087cdb 116static void socket_cleanup_fd_list(SocketPort *p) {
3ffd4af2 117 assert(p);
15087cdb 118
3ffd4af2 119 close_many(p->auxiliary_fds, p->n_auxiliary_fds);
15087cdb
PS		 120 p->auxiliary_fds = mfree(p->auxiliary_fds);
121 p->n_auxiliary_fds = 0;
122}
123
74051b9b 124void socket_free_ports(Socket *s) {
034c6ed7
LP		 125 SocketPort *p;
126
127 assert(s);
128
129 while ((p = s->ports)) {
71fda00f 130 LIST_REMOVE(port, s->ports, p);
034c6ed7 131
718db961
LP		 132 sd_event_source_unref(p->event_source);
133
15087cdb 134 socket_cleanup_fd_list(p);
03e334a1 135 safe_close(p->fd);
034c6ed7
LP		 136 free(p->path);
137 free(p);
138 }
74051b9b
LP		 139}
140
141static void socket_done(Unit *u) {
142 Socket *s = SOCKET(u);
143
144 assert(s);
145
146 socket_free_ports(s);
034c6ed7 147
613b411c 148 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
e537352b 149 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
034c6ed7
LP		 150 s->control_command = NULL;
151
5e94833f 152 socket_unwatch_control_pid(s);
034c6ed7 153
57020a3a 154 unit_ref_unset(&s->service);
034c6ed7 155
a1e58e8e
LP		 156 s->tcp_congestion = mfree(s->tcp_congestion);
157 s->bind_to_device = mfree(s->bind_to_device);
acbb0225 158
0eb59ccf
AK		 159 free(s->smack);
160 free(s->smack_ip_in);
161 free(s->smack_ip_out);
162
811ba7a0
LP		 163 strv_free(s->symlinks);
164
3900e5fd
LP		 165 free(s->user);
166 free(s->group);
167
718db961
LP		 168 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
169}
170
171static int socket_arm_timer(Socket *s) {
172 int r;
173
174 assert(s);
175
176 if (s->timeout_usec <= 0) {
177 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
178 return 0;
179 }
180
181 if (s->timer_event_source) {
182 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
183 if (r < 0)
184 return r;
185
186 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
187 }
188
7dfbe2e3 189 r = sd_event_add_time(
6a0f1f6d
LP		 190 UNIT(s)->manager->event,
191 &s->timer_event_source,
192 CLOCK_MONOTONIC,
193 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
194 socket_dispatch_timer, s);
7dfbe2e3
TG		 195 if (r < 0)
196 return r;
197
198 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
199
200 return 0;
5cb5a6ff
LP		 201}
202
8b835fcc
ZJS		 203int socket_instantiate_service(Socket *s) {
204 _cleanup_free_ char *prefix = NULL, *name = NULL;
b15bdda8
LP		 205 int r;
206 Unit *u;
207
208 assert(s);
209
210 /* This fills in s->service if it isn't filled in yet. For
211 * Accept=yes sockets we create the next connection service
212 * here. For Accept=no this is mostly a NOP since the service
213 * is figured out at load time anyway. */
214
7410616c 215 if (UNIT_DEREF(s->service))
b15bdda8
LP		 216 return 0;
217
7410616c
LP		 218 if (!s->accept)
219 return 0;
220
221 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
222 if (r < 0)
223 return r;
b15bdda8 224
315db1a8 225 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
b15bdda8
LP		 226 return -ENOMEM;
227
1124fe6f 228 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
b15bdda8
LP		 229 if (r < 0)
230 return r;
231
ac155bb8 232 u->no_gc = true;
57020a3a
LP		 233 unit_ref_set(&s->service, u);
234
235 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
b15bdda8
LP		 236}
237
4f2d528d
LP		 238static bool have_non_accept_socket(Socket *s) {
239 SocketPort *p;
240
241 assert(s);
242
243 if (!s->accept)
244 return true;
245
dd5ad9d4
LP		 246 LIST_FOREACH(port, p, s->ports) {
247
248 if (p->type != SOCKET_SOCKET)
249 return true;
250
4f2d528d
LP		 251 if (!socket_address_can_accept(&p->address))
252 return true;
dd5ad9d4 253 }
4f2d528d
LP		 254
255 return false;
256}
257
a57f7e2c 258static int socket_add_mount_links(Socket *s) {
6e2ef85b 259 SocketPort *p;
6e2ef85b
LP		 260 int r;
261
262 assert(s);
6e2ef85b 263
a57f7e2c
LP		 264 LIST_FOREACH(port, p, s->ports) {
265 const char *path = NULL;
6e2ef85b 266
a57f7e2c
LP		 267 if (p->type == SOCKET_SOCKET)
268 path = socket_address_get_path(&p->address);
60252446 269 else if (IN_SET(p->type, SOCKET_FIFO, SOCKET_SPECIAL, SOCKET_USB_FUNCTION))
a57f7e2c 270 path = p->path;
6e2ef85b 271
a57f7e2c
LP		 272 if (!path)
273 continue;
6e2ef85b 274
a57f7e2c 275 r = unit_require_mounts_for(UNIT(s), path);
b87705cd 276 if (r < 0)
6e2ef85b 277 return r;
b87705cd 278 }
6e2ef85b
LP		 279
280 return 0;
281}
282
283static int socket_add_device_link(Socket *s) {
284 char *t;
6e2ef85b
LP		 285
286 assert(s);
287
7d0c710d 288 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
6e2ef85b
LP		 289 return 0;
290
63c372cb 291 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
e821075a 292 return unit_add_node_link(UNIT(s), t, false);
6e2ef85b
LP		 293}
294
a40eb732
LP		 295static int socket_add_default_dependencies(Socket *s) {
296 int r;
297 assert(s);
298
4c9ea260
LP		 299 if (!UNIT(s)->default_dependencies)
300 return 0;
301
e3d84721
LP		 302 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
303 if (r < 0)
304 return r;
2a77d31d 305
b2c23da8 306 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
e3d84721
LP		 307 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
308 if (r < 0)
a40eb732 309 return r;
2a77d31d 310 }
a40eb732 311
ead8e478 312 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
a40eb732
LP		 313}
314
44a6b1b6 315_pure_ static bool socket_has_exec(Socket *s) {
4cfc6dbe
LP		 316 unsigned i;
317 assert(s);
318
319 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
320 if (s->exec_command[i])
321 return true;
322
323 return false;
324}
325
e821075a
LP		 326static int socket_add_extras(Socket *s) {
327 Unit *u = UNIT(s);
e537352b 328 int r;
44d8db9e 329
e821075a 330 assert(s);
57020a3a 331
e821075a 332 if (have_non_accept_socket(s)) {
23a177ef 333
e821075a
LP		 334 if (!UNIT_DEREF(s->service)) {
335 Unit *x;
57020a3a 336
e821075a 337 r = unit_load_related_unit(u, ".service", &x);
57020a3a 338 if (r < 0)
4f2d528d 339 return r;
e821075a
LP		 340
341 unit_ref_set(&s->service, x);
4f2d528d 342 }
44d8db9e 343
e821075a
LP		 344 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
345 if (r < 0)
6e2ef85b 346 return r;
e821075a 347 }
6e2ef85b 348
e821075a
LP		 349 r = socket_add_mount_links(s);
350 if (r < 0)
351 return r;
6e2ef85b 352
e821075a
LP		 353 r = socket_add_device_link(s);
354 if (r < 0)
355 return r;
356
598459ce 357 r = unit_patch_contexts(u);
e821075a
LP		 358 if (r < 0)
359 return r;
360
361 if (socket_has_exec(s)) {
362 r = unit_add_exec_dependencies(u, &s->exec_context);
363 if (r < 0)
364 return r;
23a177ef 365
d79200e2 366 r = unit_set_default_slice(u);
a016b922
LP		 367 if (r < 0)
368 return r;
e821075a 369 }
a016b922 370
4c9ea260
LP		 371 r = socket_add_default_dependencies(s);
372 if (r < 0)
373 return r;
e821075a
LP		 374
375 return 0;
376}
377
811ba7a0
LP		 378static const char *socket_find_symlink_target(Socket *s) {
379 const char *found = NULL;
380 SocketPort *p;
381
382 LIST_FOREACH(port, p, s->ports) {
383 const char *f = NULL;
384
385 switch (p->type) {
386
387 case SOCKET_FIFO:
388 f = p->path;
389 break;
390
391 case SOCKET_SOCKET:
392 if (p->address.sockaddr.un.sun_path[0] != 0)
393 f = p->address.sockaddr.un.sun_path;
394 break;
395
396 default:
397 break;
398 }
399
400 if (f) {
401 if (found)
402 return NULL;
403
404 found = f;
405 }
406 }
407
408 return found;
409}
410
e821075a
LP		 411static int socket_verify(Socket *s) {
412 assert(s);
413
414 if (UNIT(s)->load_state != UNIT_LOADED)
415 return 0;
416
417 if (!s->ports) {
f2341e0a 418 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
e821075a
LP		 419 return -EINVAL;
420 }
421
422 if (s->accept && have_non_accept_socket(s)) {
f2341e0a 423 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
e821075a
LP		 424 return -EINVAL;
425 }
426
427 if (s->accept && s->max_connections <= 0) {
f2341e0a 428 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
e821075a
LP		 429 return -EINVAL;
430 }
e06c73cc 431
e821075a 432 if (s->accept && UNIT_DEREF(s->service)) {
f2341e0a 433 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
e821075a
LP		 434 return -EINVAL;
435 }
436
437 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
f2341e0a 438 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
e821075a
LP		 439 return -EINVAL;
440 }
441
811ba7a0 442 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
f2341e0a 443 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
811ba7a0
LP		 444 return -EINVAL;
445 }
446
e821075a
LP		 447 return 0;
448}
449
450static int socket_load(Unit *u) {
451 Socket *s = SOCKET(u);
452 int r;
453
454 assert(u);
455 assert(u->load_state == UNIT_STUB);
456
457 r = unit_load_fragment_and_dropin(u);
458 if (r < 0)
459 return r;
460
461 if (u->load_state == UNIT_LOADED) {
462 /* This is a new unit? Then let's add in some extras */
463 r = socket_add_extras(s);
e06c73cc
LP		 464 if (r < 0)
465 return r;
23a177ef
LP		 466 }
467
4f2d528d 468 return socket_verify(s);
44d8db9e
LP		 469}
470
44a6b1b6 471_const_ static const char* listen_lookup(int family, int type) {
7a22745a
LP		 472
473 if (family == AF_NETLINK)
474 return "ListenNetlink";
542563ba
LP		 475
476 if (type == SOCK_STREAM)
477 return "ListenStream";
478 else if (type == SOCK_DGRAM)
479 return "ListenDatagram";
480 else if (type == SOCK_SEQPACKET)
481 return "ListenSequentialPacket";
482
034c6ed7 483 assert_not_reached("Unknown socket type");
542563ba
LP		 484 return NULL;
485}
486
87f0e418 487static void socket_dump(Unit *u, FILE *f, const char *prefix) {
209e9dcd 488 char time_string[FORMAT_TIMESPAN_MAX];
5cb5a6ff 489 SocketExecCommand c;
87f0e418 490 Socket *s = SOCKET(u);
542563ba 491 SocketPort *p;
82ba9f08 492 const char *prefix2;
5cb5a6ff
LP		 493
494 assert(s);
fa068367 495 assert(f);
5cb5a6ff 496
4c940960 497 prefix = strempty(prefix);
63c372cb 498 prefix2 = strjoina(prefix, "\t");
c43d20a0 499
5cb5a6ff
LP		 500 fprintf(f,
501 "%sSocket State: %s\n"
81a5c6d0 502 "%sResult: %s\n"
542563ba 503 "%sBindIPv6Only: %s\n"
b5a0699f
LP		 504 "%sBacklog: %u\n"
505 "%sSocketMode: %04o\n"
4fd5948e
LP		 506 "%sDirectoryMode: %04o\n"
507 "%sKeepAlive: %s\n"
4427c3f4 508 "%sNoDelay: %s\n"
cebf8b20 509 "%sFreeBind: %s\n"
6b6d2dee 510 "%sTransparent: %s\n"
ec6370a2 511 "%sBroadcast: %s\n"
ede3deb4 512 "%sPassCredentials: %s\n"
54ecda32 513 "%sPassSecurity: %s\n"
bd1fe7c7 514 "%sTCPCongestion: %s\n"
16115b0a 515 "%sRemoveOnStop: %s\n"
55301ec0 516 "%sWritable: %s\n"
8dd4c05b 517 "%sFDName: %s\n"
16115b0a 518 "%sSELinuxContextFromNet: %s\n",
a16e1123 519 prefix, socket_state_to_string(s->state),
81a5c6d0 520 prefix, socket_result_to_string(s->result),
c0120d99 521 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
b5a0699f
LP		 522 prefix, s->backlog,
523 prefix, s->socket_mode,
4fd5948e
LP		 524 prefix, s->directory_mode,
525 prefix, yes_no(s->keep_alive),
4427c3f4 526 prefix, yes_no(s->no_delay),
cebf8b20 527 prefix, yes_no(s->free_bind),
6b6d2dee 528 prefix, yes_no(s->transparent),
ec6370a2 529 prefix, yes_no(s->broadcast),
d68af586 530 prefix, yes_no(s->pass_cred),
54ecda32 531 prefix, yes_no(s->pass_sec),
bd1fe7c7 532 prefix, strna(s->tcp_congestion),
16115b0a 533 prefix, yes_no(s->remove_on_stop),
55301ec0 534 prefix, yes_no(s->writable),
8dd4c05b 535 prefix, socket_fdname(s),
16115b0a 536 prefix, yes_no(s->selinux_context_from_net));
542563ba 537
70123e68
LP		 538 if (s->control_pid > 0)
539 fprintf(f,
de0671ee
ZJS		 540 "%sControl PID: "PID_FMT"\n",
541 prefix, s->control_pid);
70123e68 542
acbb0225
LP		 543 if (s->bind_to_device)
544 fprintf(f,
545 "%sBindToDevice: %s\n",
546 prefix, s->bind_to_device);
547
4f2d528d
LP		 548 if (s->accept)
549 fprintf(f,
6cf6bbc2
LP		 550 "%sAccepted: %u\n"
551 "%sNConnections: %u\n"
552 "%sMaxConnections: %u\n",
553 prefix, s->n_accepted,
554 prefix, s->n_connections,
555 prefix, s->max_connections);
4f2d528d 556
4fd5948e
LP		 557 if (s->priority >= 0)
558 fprintf(f,
559 "%sPriority: %i\n",
560 prefix, s->priority);
561
562 if (s->receive_buffer > 0)
563 fprintf(f,
564 "%sReceiveBuffer: %zu\n",
565 prefix, s->receive_buffer);
566
567 if (s->send_buffer > 0)
568 fprintf(f,
569 "%sSendBuffer: %zu\n",
570 prefix, s->send_buffer);
571
572 if (s->ip_tos >= 0)
573 fprintf(f,
574 "%sIPTOS: %i\n",
575 prefix, s->ip_tos);
576
577 if (s->ip_ttl >= 0)
578 fprintf(f,
579 "%sIPTTL: %i\n",
580 prefix, s->ip_ttl);
581
582 if (s->pipe_size > 0)
583 fprintf(f,
584 "%sPipeSize: %zu\n",
585 prefix, s->pipe_size);
586
587 if (s->mark >= 0)
588 fprintf(f,
589 "%sMark: %i\n",
590 prefix, s->mark);
591
916abb21
LP		 592 if (s->mq_maxmsg > 0)
593 fprintf(f,
594 "%sMessageQueueMaxMessages: %li\n",
595 prefix, s->mq_maxmsg);
596
597 if (s->mq_msgsize > 0)
598 fprintf(f,
599 "%sMessageQueueMessageSize: %li\n",
600 prefix, s->mq_msgsize);
601
718db961 602 if (s->reuse_port)
f7db7a69
SL		 603 fprintf(f,
604 "%sReusePort: %s\n",
718db961 605 prefix, yes_no(s->reuse_port));
f7db7a69 606
0eb59ccf
AK		 607 if (s->smack)
608 fprintf(f,
609 "%sSmackLabel: %s\n",
610 prefix, s->smack);
611
612 if (s->smack_ip_in)
613 fprintf(f,
614 "%sSmackLabelIPIn: %s\n",
615 prefix, s->smack_ip_in);
616
617 if (s->smack_ip_out)
618 fprintf(f,
619 "%sSmackLabelIPOut: %s\n",
620 prefix, s->smack_ip_out);
621
3900e5fd
LP		 622 if (!isempty(s->user) || !isempty(s->group))
623 fprintf(f,
624 "%sOwnerUser: %s\n"
625 "%sOwnerGroup: %s\n",
626 prefix, strna(s->user),
627 prefix, strna(s->group));
628
3cd761e4 629 if (s->keep_alive_time > 0)
209e9dcd 630 fprintf(f,
3cd761e4
LP		 631 "%sKeepAliveTimeSec: %s\n",
632 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
209e9dcd 633
3cd761e4 634 if (s->keep_alive_interval)
209e9dcd 635 fprintf(f,
3cd761e4
LP		 636 "%sKeepAliveIntervalSec: %s\n",
637 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
209e9dcd 638
3cd761e4 639 if (s->keep_alive_cnt)
209e9dcd
SS		 640 fprintf(f,
641 "%sKeepAliveProbes: %u\n",
642 prefix, s->keep_alive_cnt);
643
3cd761e4 644 if (s->defer_accept)
cc567c9b 645 fprintf(f,
3cd761e4
LP		 646 "%sDeferAcceptSec: %s\n",
647 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
cc567c9b 648
034c6ed7 649 LIST_FOREACH(port, p, s->ports) {
5cb5a6ff 650
542563ba
LP		 651 if (p->type == SOCKET_SOCKET) {
652 const char *t;
653 int r;
e364ad06 654 char *k = NULL;
542563ba 655
e53fc357
LP		 656 r = socket_address_print(&p->address, &k);
657 if (r < 0)
542563ba
LP		 658 t = strerror(-r);
659 else
660 t = k;
661
7a22745a 662 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
542563ba 663 free(k);
b0a3f2bc
LP		 664 } else if (p->type == SOCKET_SPECIAL)
665 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
60252446
PS		 666 else if (p->type == SOCKET_USB_FUNCTION)
667 fprintf(f, "%sListenUSBFunction: %s\n", prefix, p->path);
916abb21
LP		 668 else if (p->type == SOCKET_MQUEUE)
669 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
b0a3f2bc 670 else
542563ba
LP		 671 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
672 }
5cb5a6ff
LP		 673
674 exec_context_dump(&s->exec_context, f, prefix);
4819ff03 675 kill_context_dump(&s->kill_context, f, prefix);
5cb5a6ff 676
e537352b 677 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
c43d20a0
LP		 678 if (!s->exec_command[c])
679 continue;
5cb5a6ff 680
40d50879 681 fprintf(f, "%s-> %s:\n",
a16e1123 682 prefix, socket_exec_command_to_string(c));
c43d20a0
LP		 683
684 exec_command_dump_list(s->exec_command[c], f, prefix2);
5cb5a6ff
LP		 685 }
686}
687
4f2d528d
LP		 688static int instance_from_socket(int fd, unsigned nr, char **instance) {
689 socklen_t l;
690 char *r;
9d16d0c7 691 union sockaddr_union local, remote;
4f2d528d
LP		 692
693 assert(fd >= 0);
694 assert(instance);
695
696 l = sizeof(local);
697 if (getsockname(fd, &local.sa, &l) < 0)
698 return -errno;
699
700 l = sizeof(remote);
701 if (getpeername(fd, &remote.sa, &l) < 0)
702 return -errno;
703
704 switch (local.sa.sa_family) {
705
706 case AF_INET: {
707 uint32_t
708 a = ntohl(local.in.sin_addr.s_addr),
709 b = ntohl(remote.in.sin_addr.s_addr);
710
711 if (asprintf(&r,
77b088c2
LP		 712 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
713 nr,
4f2d528d
LP		 714 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
715 ntohs(local.in.sin_port),
716 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
717 ntohs(remote.in.sin_port)) < 0)
718 return -ENOMEM;
719
720 break;
721 }
722
723 case AF_INET6: {
c65a0b14 724 static const unsigned char ipv4_prefix[] = {
2b061f5a
LP		 725 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
726 };
727
728 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
729 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
730 const uint8_t
731 *a = local.in6.sin6_addr.s6_addr+12,
732 *b = remote.in6.sin6_addr.s6_addr+12;
733
734 if (asprintf(&r,
77b088c2
LP		 735 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
736 nr,
2b061f5a
LP		 737 a[0], a[1], a[2], a[3],
738 ntohs(local.in6.sin6_port),
739 b[0], b[1], b[2], b[3],
740 ntohs(remote.in6.sin6_port)) < 0)
741 return -ENOMEM;
742 } else {
743 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
744
745 if (asprintf(&r,
77b088c2
LP		 746 "%u-%s:%u-%s:%u",
747 nr,
2b061f5a
LP		 748 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
749 ntohs(local.in6.sin6_port),
750 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
751 ntohs(remote.in6.sin6_port)) < 0)
752 return -ENOMEM;
753 }
4f2d528d
LP		 754
755 break;
756 }
757
758 case AF_UNIX: {
759 struct ucred ucred;
eff05270 760 int k;
4f2d528d 761
eff05270 762 k = getpeercred(fd, &ucred);
d38f6e34
ZJS		 763 if (k >= 0) {
764 if (asprintf(&r,
765 "%u-"PID_FMT"-"UID_FMT,
766 nr, ucred.pid, ucred.uid) < 0)
767 return -ENOMEM;
768 } else if (k == -ENODATA) {
769 /* This handles the case where somebody is
770 * connecting from another pid/uid namespace
771 * (e.g. from outside of our container). */
772 if (asprintf(&r,
773 "%u-unknown",
774 nr) < 0)
775 return -ENOMEM;
776 } else
eff05270 777 return k;
2f20a8eb 778
2f20a8eb 779 break;
4f2d528d
LP		 780 }
781
782 default:
783 assert_not_reached("Unhandled socket type.");
784 }
785
786 *instance = r;
787 return 0;
788}
789
034c6ed7 790static void socket_close_fds(Socket *s) {
83c60c9f 791 SocketPort *p;
811ba7a0 792 char **i;
83c60c9f
LP		 793
794 assert(s);
795
034c6ed7 796 LIST_FOREACH(port, p, s->ports) {
718db961
LP		 797
798 p->event_source = sd_event_source_unref(p->event_source);
799
83c60c9f
LP		 800 if (p->fd < 0)
801 continue;
802
03e334a1 803 p->fd = safe_close(p->fd);
15087cdb 804 socket_cleanup_fd_list(p);
a16e1123 805
bd1fe7c7
LP		 806 /* One little note: we should normally not delete any
807 * sockets in the file system here! After all some
808 * other process we spawned might still have a
809 * reference of this fd and wants to continue to use
810 * it. Therefore we delete sockets in the file system
811 * before we create a new one, not after we stopped
812 * using one! */
813
814 if (s->remove_on_stop) {
815 switch (p->type) {
816
817 case SOCKET_FIFO:
818 unlink(p->path);
819 break;
820
821 case SOCKET_MQUEUE:
822 mq_unlink(p->path);
823 break;
824
825 case SOCKET_SOCKET:
826 socket_address_unlink(&p->address);
827 break;
828
829 default:
830 break;
831 }
832 }
83c60c9f 833 }
811ba7a0
LP		 834
835 if (s->remove_on_stop)
836 STRV_FOREACH(i, s->symlinks)
837 unlink(*i);
83c60c9f
LP		 838}
839
4fd5948e 840static void socket_apply_socket_options(Socket *s, int fd) {
d53e386d
LP		 841 int r;
842
4fd5948e
LP		 843 assert(s);
844 assert(fd >= 0);
845
846 if (s->keep_alive) {
847 int b = s->keep_alive;
848 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
f2341e0a 849 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
4fd5948e
LP		 850 }
851
209e9dcd
SS		 852 if (s->keep_alive_time) {
853 int value = s->keep_alive_time / USEC_PER_SEC;
854 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
f2341e0a 855 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
209e9dcd
SS		 856 }
857
858 if (s->keep_alive_interval) {
920b52e4 859 int value = s->keep_alive_interval / USEC_PER_SEC;
209e9dcd 860 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
f2341e0a 861 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
209e9dcd
SS		 862 }
863
864 if (s->keep_alive_cnt) {
865 int value = s->keep_alive_cnt;
172cfe87 866 if (setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &value, sizeof(value)) < 0)
f2341e0a 867 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
209e9dcd
SS		 868 }
869
cc567c9b
SS		 870 if (s->defer_accept) {
871 int value = s->defer_accept / USEC_PER_SEC;
872 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
f2341e0a 873 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
cc567c9b
SS		 874 }
875
4427c3f4
SS		 876 if (s->no_delay) {
877 int b = s->no_delay;
878 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
f2341e0a 879 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
4427c3f4
SS		 880 }
881
ec6370a2
LP		 882 if (s->broadcast) {
883 int one = 1;
884 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
f2341e0a 885 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
ec6370a2
LP		 886 }
887
d68af586
MS		 888 if (s->pass_cred) {
889 int one = 1;
890 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
f2341e0a 891 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
d68af586
MS		 892 }
893
54ecda32
LP		 894 if (s->pass_sec) {
895 int one = 1;
896 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
f2341e0a 897 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
54ecda32
LP		 898 }
899
4fd5948e
LP		 900 if (s->priority >= 0)
901 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
f2341e0a 902 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
4fd5948e
LP		 903
904 if (s->receive_buffer > 0) {
905 int value = (int) s->receive_buffer;
7d9eaa84
LP		 906
907 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
908
b8cef44e 909 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 910 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
f2341e0a 911 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
4fd5948e
LP		 912 }
913
914 if (s->send_buffer > 0) {
915 int value = (int) s->send_buffer;
b8cef44e 916 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 917 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
f2341e0a 918 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
4fd5948e
LP		 919 }
920
921 if (s->mark >= 0)
922 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
f2341e0a 923 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
4fd5948e
LP		 924
925 if (s->ip_tos >= 0)
926 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
f2341e0a 927 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
4fd5948e 928
46925ac5 929 if (s->ip_ttl >= 0) {
d53e386d 930 int x;
46925ac5
LP		 931
932 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
5bfcc1c6
FF		 933
934 if (socket_ipv6_is_supported())
935 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
936 else {
937 x = -1;
938 errno = EAFNOSUPPORT;
939 }
46925ac5
LP		 940
941 if (r < 0 && x < 0)
f2341e0a 942 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
46925ac5 943 }
cebf8b20
TT		 944
945 if (s->tcp_congestion)
946 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
f2341e0a 947 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
0eb59ccf 948
d53e386d 949 if (s->smack_ip_in) {
5ab58c20 950 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
d53e386d 951 if (r < 0)
f2341e0a 952 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
d53e386d 953 }
9a4e038c 954
d53e386d 955 if (s->smack_ip_out) {
5ab58c20 956 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
d53e386d 957 if (r < 0)
f2341e0a 958 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
d53e386d 959 }
4fd5948e
LP		 960}
961
b15bdda8 962static void socket_apply_fifo_options(Socket *s, int fd) {
d53e386d
LP		 963 int r;
964
4fd5948e
LP		 965 assert(s);
966 assert(fd >= 0);
967
968 if (s->pipe_size > 0)
969 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
ed460b07 970 log_unit_warning_errno(UNIT(s), errno, "Setting pipe size failed, ignoring: %m");
0eb59ccf 971
d53e386d 972 if (s->smack) {
5ab58c20 973 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
d53e386d 974 if (r < 0)
ed460b07 975 log_unit_error_errno(UNIT(s), r, "SMACK relabelling failed, ignoring: %m");
d53e386d 976 }
4fd5948e
LP		 977}
978
b15bdda8
LP		 979static int fifo_address_create(
980 const char *path,
981 mode_t directory_mode,
e8da24a6 982 mode_t socket_mode) {
b15bdda8 983
e8da24a6 984 _cleanup_close_ int fd = -1;
b15bdda8 985 mode_t old_mask;
e8da24a6
LP		 986 struct stat st;
987 int r;
b15bdda8
LP		 988
989 assert(path);
b15bdda8 990
d2e54fae 991 mkdir_parents_label(path, directory_mode);
b15bdda8 992
ecabcf8b 993 r = mac_selinux_create_file_prepare(path, S_IFIFO);
e9a5ef7c 994 if (r < 0)
e8da24a6 995 return r;
b15bdda8
LP		 996
997 /* Enforce the right access mode for the fifo */
998 old_mask = umask(~ socket_mode);
999
1000 /* Include the original umask in our mask */
e8da24a6 1001 (void) umask(~socket_mode | old_mask);
b15bdda8
LP		 1002
1003 r = mkfifo(path, socket_mode);
e8da24a6 1004 (void) umask(old_mask);
b15bdda8 1005
94bc2731 1006 if (r < 0 && errno != EEXIST) {
b15bdda8
LP		 1007 r = -errno;
1008 goto fail;
1009 }
1010
e8da24a6 1011 fd = open(path, O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
3cc2aff1 1012 if (fd < 0) {
b15bdda8
LP		 1013 r = -errno;
1014 goto fail;
1015 }
1016
ecabcf8b 1017 mac_selinux_create_file_clear();
7a58bfa4 1018
b15bdda8
LP		 1019 if (fstat(fd, &st) < 0) {
1020 r = -errno;
1021 goto fail;
1022 }
1023
1024 if (!S_ISFIFO(st.st_mode) ||
de0200fc 1025 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
e4f44e73
DR		 1026 st.st_uid != getuid() ||
1027 st.st_gid != getgid()) {
b15bdda8
LP		 1028 r = -EEXIST;
1029 goto fail;
1030 }
1031
e8da24a6
LP		 1032 r = fd;
1033 fd = -1;
1034
1035 return r;
b15bdda8
LP		 1036
1037fail:
ecabcf8b 1038 mac_selinux_create_file_clear();
b15bdda8
LP		 1039 return r;
1040}
1041
55301ec0 1042static int special_address_create(const char *path, bool writable) {
e8da24a6 1043 _cleanup_close_ int fd = -1;
b0a3f2bc 1044 struct stat st;
e8da24a6 1045 int r;
b0a3f2bc
LP		 1046
1047 assert(path);
b0a3f2bc 1048
55301ec0 1049 fd = open(path, (writable ? O_RDWR : O_RDONLY)|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
e8da24a6
LP		 1050 if (fd < 0)
1051 return -errno;
b0a3f2bc 1052
e8da24a6
LP		 1053 if (fstat(fd, &st) < 0)
1054 return -errno;
b0a3f2bc
LP		 1055
1056 /* Check whether this is a /proc, /sys or /dev file or char device */
e8da24a6
LP		 1057 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode))
1058 return -EEXIST;
b0a3f2bc 1059
e8da24a6
LP		 1060 r = fd;
1061 fd = -1;
b0a3f2bc
LP		 1062
1063 return r;
1064}
1065
36078102 1066static int usbffs_address_create(const char *path) {
60252446
PS		 1067 _cleanup_close_ int fd = -1;
1068 struct stat st;
e8da24a6 1069 int r;
60252446
PS		 1070
1071 assert(path);
60252446
PS		 1072
1073 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1074 if (fd < 0)
1075 return -errno;
1076
1077 if (fstat(fd, &st) < 0)
1078 return -errno;
1079
1080 /* Check whether this is a regular file (ffs endpoint)*/
1081 if (!S_ISREG(st.st_mode))
1082 return -EEXIST;
1083
e8da24a6 1084 r = fd;
60252446
PS		 1085 fd = -1;
1086
e8da24a6 1087 return r;
60252446
PS		 1088}
1089
916abb21
LP		 1090static int mq_address_create(
1091 const char *path,
1092 mode_t mq_mode,
1093 long maxmsg,
e8da24a6 1094 long msgsize) {
916abb21 1095
e8da24a6 1096 _cleanup_close_ int fd = -1;
916abb21
LP		 1097 struct stat st;
1098 mode_t old_mask;
1099 struct mq_attr _attr, *attr = NULL;
e8da24a6 1100 int r;
916abb21
LP		 1101
1102 assert(path);
916abb21
LP		 1103
1104 if (maxmsg > 0 && msgsize > 0) {
e8da24a6
LP		 1105 _attr = (struct mq_attr) {
1106 .mq_flags = O_NONBLOCK,
1107 .mq_maxmsg = maxmsg,
1108 .mq_msgsize = msgsize,
1109 };
916abb21
LP		 1110 attr = &_attr;
1111 }
1112
1113 /* Enforce the right access mode for the mq */
1114 old_mask = umask(~ mq_mode);
1115
1116 /* Include the original umask in our mask */
e8da24a6 1117 (void) umask(~mq_mode | old_mask);
916abb21 1118 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
e8da24a6 1119 (void) umask(old_mask);
916abb21 1120
e8da24a6
LP		 1121 if (fd < 0)
1122 return -errno;
916abb21 1123
e8da24a6
LP		 1124 if (fstat(fd, &st) < 0)
1125 return -errno;
916abb21
LP		 1126
1127 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1128 st.st_uid != getuid() ||
e8da24a6
LP		 1129 st.st_gid != getgid())
1130 return -EEXIST;
916abb21 1131
e8da24a6
LP		 1132 r = fd;
1133 fd = -1;
916abb21 1134
916abb21
LP		 1135 return r;
1136}
1137
811ba7a0
LP		 1138static int socket_symlink(Socket *s) {
1139 const char *p;
1140 char **i;
1141
1142 assert(s);
1143
1144 p = socket_find_symlink_target(s);
1145 if (!p)
1146 return 0;
1147
1148 STRV_FOREACH(i, s->symlinks)
43b133b4 1149 symlink_label(p, *i);
811ba7a0
LP		 1150
1151 return 0;
1152}
1153
36078102 1154static int usbffs_write_descs(int fd, Service *s) {
6b7e5923
PS		 1155 int r;
1156
1157 if (!s->usb_function_descriptors || !s->usb_function_strings)
1158 return -EINVAL;
1159
1160 r = copy_file_fd(s->usb_function_descriptors, fd, false);
1161 if (r < 0)
e8da24a6 1162 return r;
6b7e5923 1163
e8da24a6 1164 return copy_file_fd(s->usb_function_strings, fd, false);
6b7e5923
PS		 1165}
1166
36078102 1167static int usbffs_select_ep(const struct dirent *d) {
60252446
PS		 1168 return d->d_name[0] != '.' && !streq(d->d_name, "ep0");
1169}
1170
36078102 1171static int usbffs_dispatch_eps(SocketPort *p) {
60252446 1172 _cleanup_free_ struct dirent **ent = NULL;
60252446 1173 _cleanup_free_ char *path = NULL;
36078102 1174 int r, i, n, k;
60252446 1175
5f311f8c
LP		 1176 path = dirname_malloc(p->path);
1177 if (!path)
1178 return -ENOMEM;
60252446 1179
36078102 1180 r = scandir(path, &ent, usbffs_select_ep, alphasort);
60252446
PS		 1181 if (r < 0)
1182 return -errno;
1183
1184 n = r;
1185 p->auxiliary_fds = new(int, n);
1186 if (!p->auxiliary_fds)
1187 return -ENOMEM;
1188
1189 p->n_auxiliary_fds = n;
1190
1191 k = 0;
1192 for (i = 0; i < n; ++i) {
1193 _cleanup_free_ char *ep = NULL;
1194
1195 ep = path_make_absolute(ent[i]->d_name, path);
1196 if (!ep)
1197 return -ENOMEM;
1198
1199 path_kill_slashes(ep);
1200
36078102 1201 r = usbffs_address_create(ep);
60252446
PS		 1202 if (r < 0)
1203 goto fail;
1204
e8da24a6
LP		 1205 p->auxiliary_fds[k] = r;
1206
60252446
PS		 1207 ++k;
1208 free(ent[i]);
1209 }
1210
1211 return r;
1212
1213fail:
e8da24a6 1214 close_many(p->auxiliary_fds, k);
60252446
PS		 1215 p->auxiliary_fds = mfree(p->auxiliary_fds);
1216 p->n_auxiliary_fds = 0;
1217
1218 return r;
1219}
1220
034c6ed7 1221static int socket_open_fds(Socket *s) {
710a6b50
LP		 1222 _cleanup_(mac_selinux_freep) char *label = NULL;
1223 bool know_label = false;
83c60c9f
LP		 1224 SocketPort *p;
1225 int r;
1226
1227 assert(s);
1228
034c6ed7 1229 LIST_FOREACH(port, p, s->ports) {
83c60c9f 1230
034c6ed7
LP		 1231 if (p->fd >= 0)
1232 continue;
83c60c9f 1233
00411a13
LP		 1234 switch (p->type) {
1235
1236 case SOCKET_SOCKET:
049f8642 1237
7f416dae
LP		 1238 if (!know_label) {
1239 /* Figure out label, if we don't it know
1240 * yet. We do it once, for the first
1241 * socket where we need this and
1242 * remember it for the rest. */
1243
1244 if (s->selinux_context_from_net) {
1245 /* Get it from the network label */
1246
1247 r = mac_selinux_get_our_label(&label);
75514a70 1248 if (r < 0 && r != -EOPNOTSUPP)
7f416dae 1249 goto rollback;
049f8642 1250
7f416dae
LP		 1251 } else {
1252 /* Get it from the executable we are about to start */
1253
1254 r = socket_instantiate_service(s);
1255 if (r < 0)
1256 goto rollback;
1257
1258 if (UNIT_ISSET(s->service) &&
1259 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1260 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
75514a70 1261 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
7f416dae
LP		 1262 goto rollback;
1263 }
189583d7 1264 }
049f8642
LP		 1265
1266 know_label = true;
1267 }
1268
175a3d25
LP		 1269 r = socket_address_listen(
1270 &p->address,
1271 SOCK_CLOEXEC|SOCK_NONBLOCK,
1272 s->backlog,
1273 s->bind_ipv6_only,
1274 s->bind_to_device,
54255c64 1275 s->reuse_port,
175a3d25
LP		 1276 s->free_bind,
1277 s->transparent,
1278 s->directory_mode,
1279 s->socket_mode,
1280 label);
1281 if (r < 0)
83c60c9f
LP		 1282 goto rollback;
1283
175a3d25 1284 p->fd = r;
4fd5948e 1285 socket_apply_socket_options(s, p->fd);
811ba7a0 1286 socket_symlink(s);
00411a13 1287 break;
4fd5948e 1288
00411a13 1289 case SOCKET_SPECIAL:
b0a3f2bc 1290
55301ec0 1291 p->fd = special_address_create(p->path, s->writable);
e8da24a6
LP		 1292 if (p->fd < 0) {
1293 r = p->fd;
b0a3f2bc 1294 goto rollback;
e8da24a6 1295 }
00411a13 1296 break;
b0a3f2bc 1297
00411a13 1298 case SOCKET_FIFO:
83c60c9f 1299
e8da24a6 1300 p->fd = fifo_address_create(
175a3d25
LP		 1301 p->path,
1302 s->directory_mode,
e8da24a6
LP		 1303 s->socket_mode);
1304 if (p->fd < 0) {
1305 r = p->fd;
83c60c9f 1306 goto rollback;
e8da24a6 1307 }
83c60c9f 1308
b15bdda8 1309 socket_apply_fifo_options(s, p->fd);
811ba7a0 1310 socket_symlink(s);
00411a13 1311 break;
811ba7a0 1312
00411a13 1313 case SOCKET_MQUEUE:
83c60c9f 1314
e8da24a6 1315 p->fd = mq_address_create(
175a3d25
LP		 1316 p->path,
1317 s->socket_mode,
1318 s->mq_maxmsg,
e8da24a6
LP		 1319 s->mq_msgsize);
1320 if (p->fd < 0) {
1321 r = p->fd;
916abb21 1322 goto rollback;
e8da24a6 1323 }
00411a13 1324 break;
e8da24a6 1325
00411a13 1326 case SOCKET_USB_FUNCTION:
60252446 1327
36078102 1328 p->fd = usbffs_address_create(p->path);
e8da24a6
LP		 1329 if (p->fd < 0) {
1330 r = p->fd;
60252446 1331 goto rollback;
e8da24a6 1332 }
60252446 1333
36078102 1334 r = usbffs_write_descs(p->fd, SERVICE(UNIT_DEREF(s->service)));
6b7e5923
PS		 1335 if (r < 0)
1336 goto rollback;
1337
36078102 1338 r = usbffs_dispatch_eps(p);
60252446
PS		 1339 if (r < 0)
1340 goto rollback;
00411a13
LP		 1341
1342 break;
1343
1344 default:
b15bdda8 1345 assert_not_reached("Unknown port type");
00411a13 1346 }
034c6ed7
LP		 1347 }
1348
1349 return 0;
1350
1351rollback:
1352 socket_close_fds(s);
1353 return r;
1354}
1355
1356static void socket_unwatch_fds(Socket *s) {
1357 SocketPort *p;
718db961 1358 int r;
9152c765 1359
034c6ed7
LP		 1360 assert(s);
1361
1362 LIST_FOREACH(port, p, s->ports) {
1363 if (p->fd < 0)
1364 continue;
1365
a4152e3f
LP		 1366 if (!p->event_source)
1367 continue;
1368
1369 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1370 if (r < 0)
f2341e0a 1371 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
83c60c9f 1372 }
034c6ed7
LP		 1373}
1374
1375static int socket_watch_fds(Socket *s) {
1376 SocketPort *p;
1377 int r;
1378
1379 assert(s);
83c60c9f 1380
034c6ed7
LP		 1381 LIST_FOREACH(port, p, s->ports) {
1382 if (p->fd < 0)
1383 continue;
1384
cbf60d0a 1385 if (p->event_source) {
718db961 1386 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
cbf60d0a
LP		 1387 if (r < 0)
1388 goto fail;
1389 } else {
151b9b96 1390 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
cbf60d0a
LP		 1391 if (r < 0)
1392 goto fail;
4f2d528d 1393
cbf60d0a 1394 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
718db961 1395 }
034c6ed7 1396 }
83c60c9f 1397
542563ba 1398 return 0;
83c60c9f 1399
034c6ed7 1400fail:
cbf60d0a 1401 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
034c6ed7
LP		 1402 socket_unwatch_fds(s);
1403 return r;
1404}
1405
1406static void socket_set_state(Socket *s, SocketState state) {
1407 SocketState old_state;
1408 assert(s);
1409
1410 old_state = s->state;
1411 s->state = state;
1412
bd1fe7c7
LP		 1413 if (!IN_SET(state,
1414 SOCKET_START_PRE,
3900e5fd 1415 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1416 SOCKET_START_POST,
1417 SOCKET_STOP_PRE,
1418 SOCKET_STOP_PRE_SIGTERM,
1419 SOCKET_STOP_PRE_SIGKILL,
1420 SOCKET_STOP_POST,
1421 SOCKET_FINAL_SIGTERM,
1422 SOCKET_FINAL_SIGKILL)) {
718db961
LP		 1423
1424 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
5e94833f 1425 socket_unwatch_control_pid(s);
034c6ed7 1426 s->control_command = NULL;
a16e1123 1427 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
e537352b 1428 }
034c6ed7 1429
a16e1123
LP		 1430 if (state != SOCKET_LISTENING)
1431 socket_unwatch_fds(s);
1432
bd1fe7c7 1433 if (!IN_SET(state,
3900e5fd 1434 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1435 SOCKET_START_POST,
1436 SOCKET_LISTENING,
1437 SOCKET_RUNNING,
1438 SOCKET_STOP_PRE,
1439 SOCKET_STOP_PRE_SIGTERM,
1440 SOCKET_STOP_PRE_SIGKILL))
034c6ed7
LP		 1441 socket_close_fds(s);
1442
e537352b 1443 if (state != old_state)
f2341e0a 1444 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
acbb0225 1445
e2f3b44c 1446 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
034c6ed7
LP		 1447}
1448
be847e82 1449static int socket_coldplug(Unit *u) {
a16e1123
LP		 1450 Socket *s = SOCKET(u);
1451 int r;
1452
1453 assert(s);
1454 assert(s->state == SOCKET_DEAD);
1455
e821075a
LP		 1456 if (s->deserialized_state == s->state)
1457 return 0;
a16e1123 1458
c386f588
LP		 1459 if (s->control_pid > 0 &&
1460 pid_is_unwaited(s->control_pid) &&
1461 IN_SET(s->deserialized_state,
3900e5fd
LP		 1462 SOCKET_START_PRE,
1463 SOCKET_START_CHOWN,
1464 SOCKET_START_POST,
1465 SOCKET_STOP_PRE,
1466 SOCKET_STOP_PRE_SIGTERM,
1467 SOCKET_STOP_PRE_SIGKILL,
1468 SOCKET_STOP_POST,
1469 SOCKET_FINAL_SIGTERM,
1470 SOCKET_FINAL_SIGKILL)) {
a16e1123 1471
e821075a
LP		 1472 r = unit_watch_pid(UNIT(s), s->control_pid);
1473 if (r < 0)
1474 return r;
a16e1123 1475
e821075a
LP		 1476 r = socket_arm_timer(s);
1477 if (r < 0)
1478 return r;
1479 }
a16e1123 1480
3900e5fd
LP		 1481 if (IN_SET(s->deserialized_state,
1482 SOCKET_START_CHOWN,
1483 SOCKET_START_POST,
1484 SOCKET_LISTENING,
1485 SOCKET_RUNNING,
1486 SOCKET_STOP_PRE,
1487 SOCKET_STOP_PRE_SIGTERM,
1488 SOCKET_STOP_PRE_SIGKILL)) {
e821075a
LP		 1489 r = socket_open_fds(s);
1490 if (r < 0)
1491 return r;
1492 }
a16e1123 1493
e821075a
LP		 1494 if (s->deserialized_state == SOCKET_LISTENING) {
1495 r = socket_watch_fds(s);
1496 if (r < 0)
1497 return r;
a16e1123
LP		 1498 }
1499
e821075a 1500 socket_set_state(s, s->deserialized_state);
a16e1123
LP		 1501 return 0;
1502}
1503
e537352b 1504static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
3900e5fd 1505 _cleanup_free_ char **argv = NULL;
034c6ed7
LP		 1506 pid_t pid;
1507 int r;
9fa95f85
DM		 1508 ExecParameters exec_params = {
1509 .apply_permissions = true,
1510 .apply_chroot = true,
1511 .apply_tty_stdin = true,
6f856a09 1512 .bus_endpoint_fd = -1,
a34ceba6
LP		 1513 .stdin_fd = -1,
1514 .stdout_fd = -1,
1515 .stderr_fd = -1,
9fa95f85 1516 };
034c6ed7
LP		 1517
1518 assert(s);
1519 assert(c);
1520 assert(_pid);
1521
5ad096b3
LP		 1522 (void) unit_realize_cgroup(UNIT(s));
1523 if (s->reset_cpu_usage) {
1524 (void) unit_reset_cpu_usage(UNIT(s));
1525 s->reset_cpu_usage = false;
1526 }
4ad49000 1527
613b411c
LP		 1528 r = unit_setup_exec_runtime(UNIT(s));
1529 if (r < 0)
1530 goto fail;
1531
718db961 1532 r = socket_arm_timer(s);
36697dc0 1533 if (r < 0)
e537352b 1534 goto fail;
034c6ed7 1535
19f6d710
LP		 1536 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1537 if (r < 0)
9e2f7c11 1538 goto fail;
9e2f7c11 1539
9fa95f85
DM		 1540 exec_params.argv = argv;
1541 exec_params.environment = UNIT(s)->manager->environment;
1542 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1543 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1544 exec_params.cgroup_path = UNIT(s)->cgroup_path;
a931ad47 1545 exec_params.cgroup_delegate = s->cgroup_context.delegate;
9fa95f85 1546 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
9fa95f85 1547
f2341e0a
LP		 1548 r = exec_spawn(UNIT(s),
1549 c,
9e2f7c11 1550 &s->exec_context,
9fa95f85 1551 &exec_params,
613b411c 1552 s->exec_runtime,
9e2f7c11 1553 &pid);
cee288ad
TA		 1554 if (r < 0)
1555 goto fail;
9e2f7c11 1556
3900e5fd 1557 r = unit_watch_pid(UNIT(s), pid);
9e2f7c11 1558 if (r < 0)
3900e5fd 1559 /* FIXME: we need to do something here */
034c6ed7
LP		 1560 goto fail;
1561
3900e5fd
LP		 1562 *_pid = pid;
1563 return 0;
1564
1565fail:
1566 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1567 return r;
1568}
1569
1570static int socket_chown(Socket *s, pid_t *_pid) {
1571 pid_t pid;
1572 int r;
1573
1574 r = socket_arm_timer(s);
1575 if (r < 0)
1576 goto fail;
1577
1578 /* We have to resolve the user names out-of-process, hence
1579 * let's fork here. It's messy, but well, what can we do? */
1580
1581 pid = fork();
1582 if (pid < 0)
1583 return -errno;
1584
1585 if (pid == 0) {
1586 SocketPort *p;
fed1e721
LP		 1587 uid_t uid = UID_INVALID;
1588 gid_t gid = GID_INVALID;
3900e5fd
LP		 1589 int ret;
1590
ce30c8dc
LP		 1591 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1592 (void) ignore_signals(SIGPIPE, -1);
3900e5fd
LP		 1593 log_forget_fds();
1594
1595 if (!isempty(s->user)) {
1596 const char *user = s->user;
1597
1598 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1599 if (r < 0) {
1600 ret = EXIT_USER;
1601 goto fail_child;
1602 }
1603 }
1604
1605 if (!isempty(s->group)) {
1606 const char *group = s->group;
1607
1608 r = get_group_creds(&group, &gid);
1609 if (r < 0) {
1610 ret = EXIT_GROUP;
1611 goto fail_child;
1612 }
1613 }
1614
1615 LIST_FOREACH(port, p, s->ports) {
e5a1c18d 1616 const char *path = NULL;
3900e5fd
LP		 1617
1618 if (p->type == SOCKET_SOCKET)
1619 path = socket_address_get_path(&p->address);
1620 else if (p->type == SOCKET_FIFO)
1621 path = p->path;
1622
1623 if (!path)
1624 continue;
1625
1626 if (chown(path, uid, gid) < 0) {
1627 r = -errno;
1628 ret = EXIT_CHOWN;
1629 goto fail_child;
1630 }
1631 }
1632
1633 _exit(0);
1634
1635 fail_child:
1636 log_open();
da927ba9 1637 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
3900e5fd
LP		 1638
1639 _exit(ret);
1640 }
1641
718db961
LP		 1642 r = unit_watch_pid(UNIT(s), pid);
1643 if (r < 0)
034c6ed7 1644 goto fail;
83c60c9f 1645
034c6ed7 1646 *_pid = pid;
034c6ed7
LP		 1647 return 0;
1648
1649fail:
718db961 1650 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
83c60c9f 1651 return r;
542563ba
LP		 1652}
1653
cfc4eb4c 1654static void socket_enter_dead(Socket *s, SocketResult f) {
034c6ed7
LP		 1655 assert(s);
1656
cfc4eb4c
LP		 1657 if (f != SOCKET_SUCCESS)
1658 s->result = f;
034c6ed7 1659
613b411c
LP		 1660 exec_runtime_destroy(s->exec_runtime);
1661 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1662
e66cf1a3
LP		 1663 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1664
cfc4eb4c 1665 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
034c6ed7
LP		 1666}
1667
cfc4eb4c 1668static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
80876c20 1669
cfc4eb4c 1670static void socket_enter_stop_post(Socket *s, SocketResult f) {
034c6ed7
LP		 1671 int r;
1672 assert(s);
1673
cfc4eb4c
LP		 1674 if (f != SOCKET_SUCCESS)
1675 s->result = f;
034c6ed7 1676
5e94833f 1677 socket_unwatch_control_pid(s);
a16e1123 1678 s->control_command_id = SOCKET_EXEC_STOP_POST;
3900e5fd 1679 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
a16e1123 1680
3900e5fd
LP		 1681 if (s->control_command) {
1682 r = socket_spawn(s, s->control_command, &s->control_pid);
1683 if (r < 0)
034c6ed7
LP		 1684 goto fail;
1685
80876c20
LP		 1686 socket_set_state(s, SOCKET_STOP_POST);
1687 } else
cfc4eb4c 1688 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
034c6ed7
LP		 1689
1690 return;
1691
1692fail:
f2341e0a 1693 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
cfc4eb4c 1694 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1695}
1696
cfc4eb4c 1697static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
034c6ed7
LP		 1698 int r;
1699
1700 assert(s);
1701
cfc4eb4c
LP		 1702 if (f != SOCKET_SUCCESS)
1703 s->result = f;
034c6ed7 1704
cd2086fe
LP		 1705 r = unit_kill_context(
1706 UNIT(s),
1707 &s->kill_context,
db2cb23b
UTL		 1708 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1709 KILL_KILL : KILL_TERMINATE,
cd2086fe
LP		 1710 -1,
1711 s->control_pid,
1712 false);
1713 if (r < 0)
1714 goto fail;
034c6ed7 1715
cd2086fe 1716 if (r > 0) {
718db961 1717 r = socket_arm_timer(s);
36697dc0 1718 if (r < 0)
80876c20 1719 goto fail;
d6ea93e3 1720
80876c20 1721 socket_set_state(s, state);
ac84d1fb
LP		 1722 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1723 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1724 else if (state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1725 socket_enter_stop_post(s, SOCKET_SUCCESS);
ac84d1fb
LP		 1726 else if (state == SOCKET_FINAL_SIGTERM)
1727 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
80876c20 1728 else
cfc4eb4c 1729 socket_enter_dead(s, SOCKET_SUCCESS);
034c6ed7
LP		 1730
1731 return;
1732
1733fail:
f2341e0a 1734 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
034c6ed7
LP		 1735
1736 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1737 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1738 else
cfc4eb4c 1739 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1740}
1741
cfc4eb4c 1742static void socket_enter_stop_pre(Socket *s, SocketResult f) {
034c6ed7
LP		 1743 int r;
1744 assert(s);
1745
cfc4eb4c
LP		 1746 if (f != SOCKET_SUCCESS)
1747 s->result = f;
034c6ed7 1748
5e94833f 1749 socket_unwatch_control_pid(s);
a16e1123 1750 s->control_command_id = SOCKET_EXEC_STOP_PRE;
3900e5fd 1751 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
a16e1123 1752
3900e5fd
LP		 1753 if (s->control_command) {
1754 r = socket_spawn(s, s->control_command, &s->control_pid);
1755 if (r < 0)
034c6ed7
LP		 1756 goto fail;
1757
80876c20
LP		 1758 socket_set_state(s, SOCKET_STOP_PRE);
1759 } else
cfc4eb4c 1760 socket_enter_stop_post(s, SOCKET_SUCCESS);
034c6ed7
LP		 1761
1762 return;
1763
1764fail:
f2341e0a 1765 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
cfc4eb4c 1766 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1767}
1768
e9af15c3
LP		 1769static void socket_enter_listening(Socket *s) {
1770 int r;
1771 assert(s);
1772
cfc4eb4c
LP		 1773 r = socket_watch_fds(s);
1774 if (r < 0) {
f2341e0a 1775 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
e9af15c3
LP		 1776 goto fail;
1777 }
1778
1779 socket_set_state(s, SOCKET_LISTENING);
1780 return;
1781
1782fail:
cfc4eb4c 1783 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
e9af15c3
LP		 1784}
1785
034c6ed7
LP		 1786static void socket_enter_start_post(Socket *s) {
1787 int r;
1788 assert(s);
1789
3900e5fd
LP		 1790 socket_unwatch_control_pid(s);
1791 s->control_command_id = SOCKET_EXEC_START_POST;
1792 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1793
1794 if (s->control_command) {
1795 r = socket_spawn(s, s->control_command, &s->control_pid);
1796 if (r < 0) {
f2341e0a 1797 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
3900e5fd
LP		 1798 goto fail;
1799 }
1800
1801 socket_set_state(s, SOCKET_START_POST);
1802 } else
1803 socket_enter_listening(s);
1804
1805 return;
1806
1807fail:
1808 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1809}
1810
1811static void socket_enter_start_chown(Socket *s) {
1812 int r;
1813
1814 assert(s);
1815
cfc4eb4c
LP		 1816 r = socket_open_fds(s);
1817 if (r < 0) {
f2341e0a 1818 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
034c6ed7
LP		 1819 goto fail;
1820 }
1821
3900e5fd 1822 if (!isempty(s->user) || !isempty(s->group)) {
5e94833f 1823
3900e5fd
LP		 1824 socket_unwatch_control_pid(s);
1825 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1826 s->control_command = NULL;
a16e1123 1827
3900e5fd 1828 r = socket_chown(s, &s->control_pid);
cfc4eb4c 1829 if (r < 0) {
f2341e0a 1830 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
034c6ed7
LP		 1831 goto fail;
1832 }
1833
3900e5fd 1834 socket_set_state(s, SOCKET_START_CHOWN);
80876c20 1835 } else
3900e5fd 1836 socket_enter_start_post(s);
034c6ed7
LP		 1837
1838 return;
1839
1840fail:
cfc4eb4c 1841 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1842}
1843
1844static void socket_enter_start_pre(Socket *s) {
1845 int r;
1846 assert(s);
1847
5e94833f 1848 socket_unwatch_control_pid(s);
a16e1123 1849 s->control_command_id = SOCKET_EXEC_START_PRE;
3900e5fd 1850 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
a16e1123 1851
3900e5fd 1852 if (s->control_command) {
e821075a 1853 r = socket_spawn(s, s->control_command, &s->control_pid);
3900e5fd 1854 if (r < 0) {
f2341e0a 1855 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
034c6ed7 1856 goto fail;
3900e5fd 1857 }
034c6ed7 1858
80876c20
LP		 1859 socket_set_state(s, SOCKET_START_PRE);
1860 } else
3900e5fd 1861 socket_enter_start_chown(s);
034c6ed7
LP		 1862
1863 return;
1864
1865fail:
cfc4eb4c 1866 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1867}
1868
4f2d528d 1869static void socket_enter_running(Socket *s, int cfd) {
718db961 1870 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
034c6ed7
LP		 1871 int r;
1872
1873 assert(s);
1874
ba3e67a7
LP		 1875 /* We don't take connections anymore if we are supposed to
1876 * shut down anyway */
31afa0a4 1877 if (unit_stop_pending(UNIT(s))) {
e821075a 1878
f2341e0a 1879 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
5d909e3e 1880
7c610628 1881 if (cfd >= 0)
03e334a1 1882 safe_close(cfd);
7c610628
LP		 1883 else {
1884 /* Flush all sockets by closing and reopening them */
1885 socket_close_fds(s);
1886
16ac4014
LP		 1887 r = socket_open_fds(s);
1888 if (r < 0) {
f2341e0a 1889 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
16ac4014
LP		 1890 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1891 return;
1892 }
1893
1a710b43
MS		 1894 r = socket_watch_fds(s);
1895 if (r < 0) {
f2341e0a 1896 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
cfc4eb4c 1897 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
7c610628
LP		 1898 }
1899 }
1900
ba3e67a7
LP		 1901 return;
1902 }
1903
4f2d528d 1904 if (cfd < 0) {
57020a3a 1905 Iterator i;
e821075a 1906 Unit *other;
f976f3f6 1907 bool pending = false;
f976f3f6
LP		 1908
1909 /* If there's already a start pending don't bother to
1910 * do anything */
e821075a
LP		 1911 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1912 if (unit_active_or_pending(other)) {
57020a3a
LP		 1913 pending = true;
1914 break;
1915 }
f976f3f6 1916
1a710b43 1917 if (!pending) {
640ace4a 1918 if (!UNIT_ISSET(s->service)) {
f2341e0a 1919 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
640ace4a
LP		 1920 r = -ENOENT;
1921 goto fail;
1922 }
1923
4bd29fe5 1924 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, &error, NULL);
1a710b43 1925 if (r < 0)
f976f3f6 1926 goto fail;
1a710b43 1927 }
4f2d528d
LP		 1928
1929 socket_set_state(s, SOCKET_RUNNING);
1930 } else {
e55001eb 1931 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
b15bdda8 1932 Service *service;
4f2d528d 1933
6cf6bbc2 1934 if (s->n_connections >= s->max_connections) {
f2341e0a 1935 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
03e334a1 1936 safe_close(cfd);
6cf6bbc2
LP		 1937 return;
1938 }
1939
1a710b43
MS		 1940 r = socket_instantiate_service(s);
1941 if (r < 0)
b15bdda8
LP		 1942 goto fail;
1943
1a710b43
MS		 1944 r = instance_from_socket(cfd, s->n_accepted, &instance);
1945 if (r < 0) {
1946 if (r != -ENOTCONN)
1947 goto fail;
1948
1949 /* ENOTCONN is legitimate if TCP RST was received.
1950 * This connection is over, but the socket unit lives on. */
03e334a1 1951 safe_close(cfd);
1a710b43
MS		 1952 return;
1953 }
4f2d528d 1954
7410616c
LP		 1955 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1956 if (r < 0)
4f2d528d 1957 goto fail;
4f2d528d 1958
7410616c
LP		 1959 r = unit_name_build(prefix, instance, ".service", &name);
1960 if (r < 0)
b6dbbe1c 1961 goto fail;
4f2d528d 1962
1a710b43 1963 r = unit_add_name(UNIT_DEREF(s->service), name);
e55001eb 1964 if (r < 0)
4f2d528d 1965 goto fail;
b15bdda8 1966
57020a3a
LP		 1967 service = SERVICE(UNIT_DEREF(s->service));
1968 unit_ref_unset(&s->service);
b15bdda8 1969 s->n_accepted ++;
4f2d528d 1970
1124fe6f 1971 UNIT(service)->no_gc = false;
6c073082 1972
b15bdda8 1973 unit_choose_id(UNIT(service), name);
b15bdda8 1974
16115b0a 1975 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1a710b43 1976 if (r < 0)
4f2d528d
LP		 1977 goto fail;
1978
1979 cfd = -1;
6cf6bbc2
LP		 1980 s->n_connections ++;
1981
4bd29fe5 1982 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, &error, NULL);
1a710b43 1983 if (r < 0)
4f2d528d 1984 goto fail;
c4e2ceae
LP		 1985
1986 /* Notify clients about changed counters */
1987 unit_add_to_dbus_queue(UNIT(s));
4f2d528d 1988 }
034c6ed7 1989
034c6ed7
LP		 1990 return;
1991
1992fail:
f2341e0a
LP		 1993 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1994 cfd >= 0 ? "template" : "non-template",
718db961 1995 bus_error_message(&error, r));
e821075a 1996
60089004 1997 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
03e334a1 1998 safe_close(cfd);
034c6ed7
LP		 1999}
2000
cfc4eb4c 2001static void socket_run_next(Socket *s) {
034c6ed7
LP		 2002 int r;
2003
2004 assert(s);
2005 assert(s->control_command);
2006 assert(s->control_command->command_next);
2007
5e94833f
LP		 2008 socket_unwatch_control_pid(s);
2009
034c6ed7
LP		 2010 s->control_command = s->control_command->command_next;
2011
e821075a
LP		 2012 r = socket_spawn(s, s->control_command, &s->control_pid);
2013 if (r < 0)
034c6ed7
LP		 2014 goto fail;
2015
2016 return;
2017
2018fail:
f2341e0a 2019 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
80876c20
LP		 2020
2021 if (s->state == SOCKET_START_POST)
cfc4eb4c 2022 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 2023 else if (s->state == SOCKET_STOP_POST)
cfc4eb4c 2024 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 2025 else
cfc4eb4c 2026 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 2027}
2028
87f0e418
LP		 2029static int socket_start(Unit *u) {
2030 Socket *s = SOCKET(u);
83c60c9f
LP		 2031
2032 assert(s);
2033
034c6ed7
LP		 2034 /* We cannot fulfill this request right now, try again later
2035 * please! */
3900e5fd
LP		 2036 if (IN_SET(s->state,
2037 SOCKET_STOP_PRE,
2038 SOCKET_STOP_PRE_SIGKILL,
2039 SOCKET_STOP_PRE_SIGTERM,
2040 SOCKET_STOP_POST,
2041 SOCKET_FINAL_SIGTERM,
2042 SOCKET_FINAL_SIGKILL))
034c6ed7
LP		 2043 return -EAGAIN;
2044
a4152e3f 2045 /* Already on it! */
3900e5fd
LP		 2046 if (IN_SET(s->state,
2047 SOCKET_START_PRE,
2048 SOCKET_START_CHOWN,
2049 SOCKET_START_POST))
034c6ed7 2050 return 0;
83c60c9f 2051
034c6ed7 2052 /* Cannot run this without the service being around */
9444b1f2 2053 if (UNIT_ISSET(s->service)) {
57020a3a
LP		 2054 Service *service;
2055
2056 service = SERVICE(UNIT_DEREF(s->service));
2057
1124fe6f 2058 if (UNIT(service)->load_state != UNIT_LOADED) {
f2341e0a 2059 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
4f2d528d 2060 return -ENOENT;
4ac9236f 2061 }
4f2d528d 2062
35b8ca3a 2063 /* If the service is already active we cannot start the
4f2d528d 2064 * socket */
57020a3a
LP		 2065 if (service->state != SERVICE_DEAD &&
2066 service->state != SERVICE_FAILED &&
2067 service->state != SERVICE_AUTO_RESTART) {
f2341e0a 2068 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
4f2d528d 2069 return -EBUSY;
4ac9236f 2070 }
4f2d528d 2071 }
e537352b 2072
fdf20a31 2073 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
83c60c9f 2074
cfc4eb4c 2075 s->result = SOCKET_SUCCESS;
5ad096b3
LP		 2076 s->reset_cpu_usage = true;
2077
034c6ed7 2078 socket_enter_start_pre(s);
e821075a 2079
82a2b6bb 2080 return 1;
034c6ed7 2081}
83c60c9f 2082
87f0e418
LP		 2083static int socket_stop(Unit *u) {
2084 Socket *s = SOCKET(u);
034c6ed7
LP		 2085
2086 assert(s);
2087
e537352b 2088 /* Already on it */
3900e5fd
LP		 2089 if (IN_SET(s->state,
2090 SOCKET_STOP_PRE,
2091 SOCKET_STOP_PRE_SIGTERM,
2092 SOCKET_STOP_PRE_SIGKILL,
2093 SOCKET_STOP_POST,
2094 SOCKET_FINAL_SIGTERM,
2095 SOCKET_FINAL_SIGKILL))
e537352b
LP		 2096 return 0;
2097
3f6c78dc
LP		 2098 /* If there's already something running we go directly into
2099 * kill mode. */
3900e5fd
LP		 2100 if (IN_SET(s->state,
2101 SOCKET_START_PRE,
2102 SOCKET_START_CHOWN,
2103 SOCKET_START_POST)) {
cfc4eb4c 2104 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
3f6c78dc
LP		 2105 return -EAGAIN;
2106 }
2107
034c6ed7 2108 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
83c60c9f 2109
cfc4eb4c 2110 socket_enter_stop_pre(s, SOCKET_SUCCESS);
82a2b6bb 2111 return 1;
542563ba
LP		 2112}
2113
a16e1123
LP		 2114static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2115 Socket *s = SOCKET(u);
2116 SocketPort *p;
2117 int r;
2118
2119 assert(u);
2120 assert(f);
2121 assert(fds);
2122
2123 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
cfc4eb4c 2124 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
a16e1123
LP		 2125 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2126
2127 if (s->control_pid > 0)
de0671ee 2128 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
a16e1123
LP		 2129
2130 if (s->control_command_id >= 0)
2131 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2132
2133 LIST_FOREACH(port, p, s->ports) {
2134 int copy;
2135
2136 if (p->fd < 0)
2137 continue;
2138
613b411c
LP		 2139 copy = fdset_put_dup(fds, p->fd);
2140 if (copy < 0)
a16e1123
LP		 2141 return copy;
2142
2143 if (p->type == SOCKET_SOCKET) {
613b411c 2144 _cleanup_free_ char *t = NULL;
a16e1123 2145
ee092817
LP		 2146 r = socket_address_print(&p->address, &t);
2147 if (r < 0)
a16e1123
LP		 2148 return r;
2149
7a22745a
LP		 2150 if (socket_address_family(&p->address) == AF_NETLINK)
2151 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2152 else
2153 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
613b411c 2154
b0a3f2bc
LP		 2155 } else if (p->type == SOCKET_SPECIAL)
2156 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
ee092817
LP		 2157 else if (p->type == SOCKET_MQUEUE)
2158 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
60252446
PS		 2159 else if (p->type == SOCKET_USB_FUNCTION)
2160 unit_serialize_item_format(u, f, "ffs", "%i %s", copy, p->path);
b0a3f2bc 2161 else {
a16e1123
LP		 2162 assert(p->type == SOCKET_FIFO);
2163 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2164 }
2165 }
2166
2167 return 0;
2168}
2169
2170static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2171 Socket *s = SOCKET(u);
a16e1123
LP		 2172
2173 assert(u);
2174 assert(key);
2175 assert(value);
a16e1123
LP		 2176
2177 if (streq(key, "state")) {
2178 SocketState state;
2179
ee092817
LP		 2180 state = socket_state_from_string(value);
2181 if (state < 0)
f2341e0a 2182 log_unit_debug(u, "Failed to parse state value: %s", value);
a16e1123
LP		 2183 else
2184 s->deserialized_state = state;
cfc4eb4c
LP		 2185 } else if (streq(key, "result")) {
2186 SocketResult f;
a16e1123 2187
cfc4eb4c
LP		 2188 f = socket_result_from_string(value);
2189 if (f < 0)
f2341e0a 2190 log_unit_debug(u, "Failed to parse result value: %s", value);
cfc4eb4c
LP		 2191 else if (f != SOCKET_SUCCESS)
2192 s->result = f;
a16e1123
LP		 2193
2194 } else if (streq(key, "n-accepted")) {
2195 unsigned k;
2196
e364ad06 2197 if (safe_atou(value, &k) < 0)
f2341e0a 2198 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
a16e1123
LP		 2199 else
2200 s->n_accepted += k;
2201 } else if (streq(key, "control-pid")) {
5925dd3c 2202 pid_t pid;
a16e1123 2203
e364ad06 2204 if (parse_pid(value, &pid) < 0)
f2341e0a 2205 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
a16e1123 2206 else
5925dd3c 2207 s->control_pid = pid;
a16e1123
LP		 2208 } else if (streq(key, "control-command")) {
2209 SocketExecCommand id;
2210
66870f90
ZJS		 2211 id = socket_exec_command_from_string(value);
2212 if (id < 0)
f2341e0a 2213 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
a16e1123
LP		 2214 else {
2215 s->control_command_id = id;
2216 s->control_command = s->exec_command[id];
2217 }
2218 } else if (streq(key, "fifo")) {
2219 int fd, skip = 0;
2220 SocketPort *p;
2221
2222 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2223 log_unit_debug(u, "Failed to parse fifo value: %s", value);
a16e1123
LP		 2224 else {
2225
2226 LIST_FOREACH(port, p, s->ports)
b0a3f2bc 2227 if (p->type == SOCKET_FIFO &&
c78e47a6 2228 path_equal_or_files_same(p->path, value+skip))
b0a3f2bc
LP		 2229 break;
2230
2231 if (p) {
03e334a1 2232 safe_close(p->fd);
b0a3f2bc
LP		 2233 p->fd = fdset_remove(fds, fd);
2234 }
2235 }
2236
2237 } else if (streq(key, "special")) {
2238 int fd, skip = 0;
2239 SocketPort *p;
2240
2241 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2242 log_unit_debug(u, "Failed to parse special value: %s", value);
b0a3f2bc
LP		 2243 else {
2244
2245 LIST_FOREACH(port, p, s->ports)
2246 if (p->type == SOCKET_SPECIAL &&
c78e47a6 2247 path_equal_or_files_same(p->path, value+skip))
a16e1123
LP		 2248 break;
2249
2250 if (p) {
03e334a1 2251 safe_close(p->fd);
a16e1123
LP		 2252 p->fd = fdset_remove(fds, fd);
2253 }
2254 }
2255
ee092817
LP		 2256 } else if (streq(key, "mqueue")) {
2257 int fd, skip = 0;
2258 SocketPort *p;
2259
2260 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2261 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
ee092817
LP		 2262 else {
2263
2264 LIST_FOREACH(port, p, s->ports)
2265 if (p->type == SOCKET_MQUEUE &&
c78e47a6 2266 streq(p->path, value+skip))
ee092817
LP		 2267 break;
2268
2269 if (p) {
03e334a1 2270 safe_close(p->fd);
ee092817
LP		 2271 p->fd = fdset_remove(fds, fd);
2272 }
2273 }
2274
a16e1123 2275 } else if (streq(key, "socket")) {
27ca8d7a 2276 int fd, type, skip = 0;
a16e1123
LP		 2277 SocketPort *p;
2278
27ca8d7a 2279 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
f2341e0a 2280 log_unit_debug(u, "Failed to parse socket value: %s", value);
a16e1123
LP		 2281 else {
2282
2283 LIST_FOREACH(port, p, s->ports)
27ca8d7a 2284 if (socket_address_is(&p->address, value+skip, type))
a16e1123
LP		 2285 break;
2286
2287 if (p) {
03e334a1 2288 safe_close(p->fd);
a16e1123
LP		 2289 p->fd = fdset_remove(fds, fd);
2290 }
2291 }
2292
7a22745a
LP		 2293 } else if (streq(key, "netlink")) {
2294 int fd, skip = 0;
2295 SocketPort *p;
2296
2297 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2298 log_unit_debug(u, "Failed to parse socket value: %s", value);
7a22745a
LP		 2299 else {
2300
2301 LIST_FOREACH(port, p, s->ports)
2302 if (socket_address_is_netlink(&p->address, value+skip))
2303 break;
2304
2305 if (p) {
03e334a1 2306 safe_close(p->fd);
7a22745a
LP		 2307 p->fd = fdset_remove(fds, fd);
2308 }
2309 }
60252446
PS		 2310
2311 } else if (streq(key, "ffs")) {
2312 int fd, skip = 0;
2313 SocketPort *p;
2314
2315 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2316 log_unit_debug(u, "Failed to parse ffs value: %s", value);
2317 else {
2318
2319 LIST_FOREACH(port, p, s->ports)
2320 if (p->type == SOCKET_USB_FUNCTION &&
2321 path_equal_or_files_same(p->path, value+skip))
2322 break;
2323
2324 if (p) {
2325 safe_close(p->fd);
2326 p->fd = fdset_remove(fds, fd);
2327 }
2328 }
2329
a16e1123 2330 } else
f2341e0a 2331 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
a16e1123
LP		 2332
2333 return 0;
2334}
2335
9ff1a6f1 2336static void socket_distribute_fds(Unit *u, FDSet *fds) {
01e10de3
LP		 2337 Socket *s = SOCKET(u);
2338 SocketPort *p;
2339
2340 assert(u);
2341
2342 LIST_FOREACH(port, p, s->ports) {
2343 Iterator i;
2344 int fd;
2345
2346 if (p->type != SOCKET_SOCKET)
2347 continue;
2348
2349 if (p->fd >= 0)
2350 continue;
2351
2352 FDSET_FOREACH(fd, fds, i) {
2353 if (socket_address_matches_fd(&p->address, fd)) {
2354 p->fd = fdset_remove(fds, fd);
2355 s->deserialized_state = SOCKET_LISTENING;
2356 break;
2357 }
2358 }
2359 }
01e10de3
LP		 2360}
2361
44a6b1b6 2362_pure_ static UnitActiveState socket_active_state(Unit *u) {
87f0e418 2363 assert(u);
5cb5a6ff 2364
acbb0225 2365 return state_translation_table[SOCKET(u)->state];
5cb5a6ff
LP		 2366}
2367
44a6b1b6 2368_pure_ static const char *socket_sub_state_to_string(Unit *u) {
10a94420
LP		 2369 assert(u);
2370
a16e1123 2371 return socket_state_to_string(SOCKET(u)->state);
10a94420
LP		 2372}
2373
67419600
OS		 2374const char* socket_port_type_to_string(SocketPort *p) {
2375
2376 assert(p);
2377
2378 switch (p->type) {
718db961
LP		 2379
2380 case SOCKET_SOCKET:
2381
2382 switch (p->address.type) {
2383
2384 case SOCK_STREAM:
2385 return "Stream";
2386
2387 case SOCK_DGRAM:
2388 return "Datagram";
2389
2390 case SOCK_SEQPACKET:
2391 return "SequentialPacket";
2392
2393 case SOCK_RAW:
2394 if (socket_address_family(&p->address) == AF_NETLINK)
2395 return "Netlink";
2396
2397 default:
2398 return NULL;
2399 }
2400
2401 case SOCKET_SPECIAL:
2402 return "Special";
2403
2404 case SOCKET_MQUEUE:
2405 return "MessageQueue";
2406
2407 case SOCKET_FIFO:
2408 return "FIFO";
2409
60252446
PS		 2410 case SOCKET_USB_FUNCTION:
2411 return "USBFunction";
2412
718db961
LP		 2413 default:
2414 return NULL;
67419600
OS		 2415 }
2416}
2417
44a6b1b6 2418_pure_ static bool socket_check_gc(Unit *u) {
6cf6bbc2
LP		 2419 Socket *s = SOCKET(u);
2420
2421 assert(u);
2422
2423 return s->n_connections > 0;
2424}
2425
718db961
LP		 2426static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2427 SocketPort *p = userdata;
4f2d528d 2428 int cfd = -1;
9152c765 2429
718db961 2430 assert(p);
8d567588 2431 assert(fd >= 0);
9152c765 2432
718db961
LP		 2433 if (p->socket->state != SOCKET_LISTENING)
2434 return 0;
871d7de4 2435
f2341e0a 2436 log_unit_debug(UNIT(p->socket), "Incoming traffic");
9152c765 2437
718db961 2438 if (revents != EPOLLIN) {
641e01dc 2439
718db961 2440 if (revents & EPOLLHUP)
f2341e0a 2441 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
641e01dc 2442 else
f2341e0a 2443 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
8d567588 2444 goto fail;
4f2d528d
LP		 2445 }
2446
718db961
LP		 2447 if (p->socket->accept &&
2448 p->type == SOCKET_SOCKET &&
2449 socket_address_can_accept(&p->address)) {
2450
4f2d528d
LP		 2451 for (;;) {
2452
b14eda96
LP		 2453 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2454 if (cfd < 0) {
4f2d528d
LP		 2455
2456 if (errno == EINTR)
2457 continue;
2458
f2341e0a 2459 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
8d567588 2460 goto fail;
4f2d528d
LP		 2461 }
2462
2463 break;
2464 }
4fd5948e 2465
718db961 2466 socket_apply_socket_options(p->socket, cfd);
4f2d528d 2467 }
9152c765 2468
718db961
LP		 2469 socket_enter_running(p->socket, cfd);
2470 return 0;
8d567588
LP		 2471
2472fail:
718db961
LP		 2473 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2474 return 0;
9152c765
LP		 2475}
2476
87f0e418
LP		 2477static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2478 Socket *s = SOCKET(u);
cfc4eb4c 2479 SocketResult f;
5cb5a6ff
LP		 2480
2481 assert(s);
034c6ed7 2482 assert(pid >= 0);
5cb5a6ff 2483
8c47c732
LP		 2484 if (pid != s->control_pid)
2485 return;
542563ba 2486
034c6ed7
LP		 2487 s->control_pid = 0;
2488
96342de6 2489 if (is_clean_exit(code, status, NULL))
cfc4eb4c
LP		 2490 f = SOCKET_SUCCESS;
2491 else if (code == CLD_EXITED)
2492 f = SOCKET_FAILURE_EXIT_CODE;
2493 else if (code == CLD_KILLED)
2494 f = SOCKET_FAILURE_SIGNAL;
2495 else if (code == CLD_DUMPED)
2496 f = SOCKET_FAILURE_CORE_DUMP;
2497 else
a4152e3f 2498 assert_not_reached("Unknown sigchld code");
8c47c732 2499
b708e7ce 2500 if (s->control_command) {
6ea832a2 2501 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
a16e1123 2502
b708e7ce 2503 if (s->control_command->ignore)
cfc4eb4c 2504 f = SOCKET_SUCCESS;
b708e7ce
LP		 2505 }
2506
f2341e0a
LP		 2507 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2508 "Control process exited, code=%s status=%i",
2509 sigchld_code_to_string(code), status);
034c6ed7 2510
cfc4eb4c
LP		 2511 if (f != SOCKET_SUCCESS)
2512 s->result = f;
2513
2514 if (s->control_command &&
2515 s->control_command->command_next &&
2516 f == SOCKET_SUCCESS) {
2517
f2341e0a 2518 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
cfc4eb4c 2519 socket_run_next(s);
acbb0225 2520 } else {
a16e1123
LP		 2521 s->control_command = NULL;
2522 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2523
034c6ed7
LP		 2524 /* No further commands for this step, so let's figure
2525 * out what to do next */
5cb5a6ff 2526
f2341e0a 2527 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
acbb0225 2528
034c6ed7
LP		 2529 switch (s->state) {
2530
2531 case SOCKET_START_PRE:
cfc4eb4c 2532 if (f == SOCKET_SUCCESS)
3900e5fd 2533 socket_enter_start_chown(s);
034c6ed7 2534 else
cfc4eb4c 2535 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
034c6ed7
LP		 2536 break;
2537
3900e5fd
LP		 2538 case SOCKET_START_CHOWN:
2539 if (f == SOCKET_SUCCESS)
2540 socket_enter_start_post(s);
2541 else
2542 socket_enter_stop_pre(s, f);
2543 break;
2544
034c6ed7 2545 case SOCKET_START_POST:
cfc4eb4c 2546 if (f == SOCKET_SUCCESS)
e9af15c3 2547 socket_enter_listening(s);
034c6ed7 2548 else
cfc4eb4c 2549 socket_enter_stop_pre(s, f);
034c6ed7
LP		 2550 break;
2551
2552 case SOCKET_STOP_PRE:
2553 case SOCKET_STOP_PRE_SIGTERM:
2554 case SOCKET_STOP_PRE_SIGKILL:
cfc4eb4c 2555 socket_enter_stop_post(s, f);
034c6ed7
LP		 2556 break;
2557
2558 case SOCKET_STOP_POST:
80876c20
LP		 2559 case SOCKET_FINAL_SIGTERM:
2560 case SOCKET_FINAL_SIGKILL:
cfc4eb4c 2561 socket_enter_dead(s, f);
034c6ed7
LP		 2562 break;
2563
2564 default:
2565 assert_not_reached("Uh, control process died at wrong time.");
2566 }
2567 }
c4e2ceae
LP		 2568
2569 /* Notify clients about changed exit status */
2570 unit_add_to_dbus_queue(u);
034c6ed7 2571}
5cb5a6ff 2572
718db961
LP		 2573static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2574 Socket *s = SOCKET(userdata);
5cb5a6ff 2575
034c6ed7 2576 assert(s);
718db961 2577 assert(s->timer_event_source == source);
034c6ed7
LP		 2578
2579 switch (s->state) {
2580
2581 case SOCKET_START_PRE:
f2341e0a 2582 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
cfc4eb4c 2583 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
da19d5c1 2584 break;
80876c20 2585
3900e5fd 2586 case SOCKET_START_CHOWN:
034c6ed7 2587 case SOCKET_START_POST:
f2341e0a 2588 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
cfc4eb4c 2589 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2590 break;
2591
2592 case SOCKET_STOP_PRE:
f2341e0a 2593 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
cfc4eb4c 2594 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2595 break;
2596
2597 case SOCKET_STOP_PRE_SIGTERM:
4819ff03 2598 if (s->kill_context.send_sigkill) {
f2341e0a 2599 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
cfc4eb4c 2600 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2601 } else {
f2341e0a 2602 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
cfc4eb4c 2603 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2604 }
034c6ed7
LP		 2605 break;
2606
2607 case SOCKET_STOP_PRE_SIGKILL:
f2341e0a 2608 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
cfc4eb4c 2609 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2610 break;
2611
2612 case SOCKET_STOP_POST:
f2341e0a 2613 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
cfc4eb4c 2614 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2615 break;
2616
80876c20 2617 case SOCKET_FINAL_SIGTERM:
4819ff03 2618 if (s->kill_context.send_sigkill) {
f2341e0a 2619 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
cfc4eb4c 2620 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2621 } else {
f2341e0a 2622 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
cfc4eb4c 2623 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2624 }
034c6ed7
LP		 2625 break;
2626
80876c20 2627 case SOCKET_FINAL_SIGKILL:
f2341e0a 2628 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
cfc4eb4c 2629 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2630 break;
2631
2632 default:
2633 assert_not_reached("Timeout at wrong time.");
2634 }
718db961
LP		 2635
2636 return 0;
5cb5a6ff
LP		 2637}
2638
79c7626d
LP		 2639int socket_collect_fds(Socket *s, int **fds) {
2640 int *rfds, k = 0, n = 0;
44d8db9e
LP		 2641 SocketPort *p;
2642
2643 assert(s);
2644 assert(fds);
44d8db9e
LP		 2645
2646 /* Called from the service code for requesting our fds */
2647
15087cdb 2648 LIST_FOREACH(port, p, s->ports) {
44d8db9e 2649 if (p->fd >= 0)
79c7626d
LP		 2650 n++;
2651 n += p->n_auxiliary_fds;
15087cdb 2652 }
44d8db9e 2653
79c7626d 2654 if (n <= 0) {
de3756ab 2655 *fds = NULL;
de3756ab
LP		 2656 return 0;
2657 }
2658
79c7626d 2659 rfds = new(int, n);
e5403f09 2660 if (!rfds)
44d8db9e
LP		 2661 return -ENOMEM;
2662
15087cdb 2663 LIST_FOREACH(port, p, s->ports) {
79c7626d
LP		 2664 int i;
2665
44d8db9e
LP		 2666 if (p->fd >= 0)
2667 rfds[k++] = p->fd;
15087cdb
PS		 2668 for (i = 0; i < p->n_auxiliary_fds; ++i)
2669 rfds[k++] = p->auxiliary_fds[i];
2670 }
44d8db9e 2671
79c7626d 2672 assert(k == n);
44d8db9e
LP		 2673
2674 *fds = rfds;
79c7626d 2675 return n;
44d8db9e
LP		 2676}
2677
e821075a
LP		 2678static void socket_reset_failed(Unit *u) {
2679 Socket *s = SOCKET(u);
2680
2681 assert(s);
2682
2683 if (s->state == SOCKET_FAILED)
2684 socket_set_state(s, SOCKET_DEAD);
2685
2686 s->result = SOCKET_SUCCESS;
2687}
2688
d137a488 2689static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
ceee3d82
LP		 2690 assert(s);
2691
6cf6bbc2
LP		 2692 /* The service is dead. Dang!
2693 *
2694 * This is strictly for one-instance-for-all-connections
2695 * services. */
ceee3d82
LP		 2696
2697 if (s->state == SOCKET_RUNNING) {
f2341e0a 2698 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
6bda96a0
LP		 2699 if (failed_permanent)
2700 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
c2f34808
MS		 2701 else
2702 socket_enter_listening(s);
ceee3d82
LP		 2703 }
2704}
2705
6cf6bbc2
LP		 2706void socket_connection_unref(Socket *s) {
2707 assert(s);
2708
2709 /* The service is dead. Yay!
2710 *
35b8ca3a 2711 * This is strictly for one-instance-per-connection
6cf6bbc2
LP		 2712 * services. */
2713
2714 assert(s->n_connections > 0);
2715 s->n_connections--;
2716
f2341e0a 2717 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
5632e374
LP		 2718}
2719
d137a488
UTL		 2720static void socket_trigger_notify(Unit *u, Unit *other) {
2721 Socket *s = SOCKET(u);
e821075a 2722 Service *se;
d137a488
UTL		 2723
2724 assert(u);
2725 assert(other);
2726
2727 /* Don't propagate state changes from the service if we are
2728 already down or accepting connections */
920b52e4 2729 if ((s->state != SOCKET_RUNNING &&
d137a488
UTL		 2730 s->state != SOCKET_LISTENING) ||
2731 s->accept)
2732 return;
2733
2734 if (other->load_state != UNIT_LOADED ||
2735 other->type != UNIT_SERVICE)
2736 return;
2737
e821075a
LP		 2738 se = SERVICE(other);
2739
d137a488
UTL		 2740 if (se->state == SERVICE_FAILED)
2741 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2742
2743 if (se->state == SERVICE_DEAD ||
d137a488
UTL		 2744 se->state == SERVICE_FINAL_SIGTERM ||
2745 se->state == SERVICE_FINAL_SIGKILL ||
2746 se->state == SERVICE_AUTO_RESTART)
2747 socket_notify_service_dead(s, false);
2748
2749 if (se->state == SERVICE_RUNNING)
2750 socket_set_state(s, SOCKET_RUNNING);
2751}
2752
718db961 2753static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
814cc562 2754 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
8a0867d6
LP		 2755}
2756
68db7a3b
ZJS		 2757static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2758 Socket *s = SOCKET(u);
2759 int r;
2760
2761 if (!s->timer_event_source)
2762 return 0;
2763
2764 r = sd_event_source_get_time(s->timer_event_source, timeout);
2765 if (r < 0)
2766 return r;
2767
2768 return 1;
2769}
2770
8dd4c05b
LP		 2771char *socket_fdname(Socket *s) {
2772 assert(s);
2773
2774 /* Returns the name to use for $LISTEN_NAMES. If the user
2775 * didn't specify anything specifically, use the socket unit's
2776 * name as fallback. */
2777
2778 if (s->fdname)
2779 return s->fdname;
2780
2781 return UNIT(s)->id;
2782}
2783
a16e1123
LP		 2784static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2785 [SOCKET_EXEC_START_PRE] = "StartPre",
3900e5fd 2786 [SOCKET_EXEC_START_CHOWN] = "StartChown",
a16e1123
LP		 2787 [SOCKET_EXEC_START_POST] = "StartPost",
2788 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2789 [SOCKET_EXEC_STOP_POST] = "StopPost"
2790};
2791
2792DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2793
cfc4eb4c
LP		 2794static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2795 [SOCKET_SUCCESS] = "success",
2796 [SOCKET_FAILURE_RESOURCES] = "resources",
2797 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2798 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2799 [SOCKET_FAILURE_SIGNAL] = "signal",
c2f34808 2800 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
6bda96a0 2801 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
cfc4eb4c
LP		 2802};
2803
2804DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2805
87f0e418 2806const UnitVTable socket_vtable = {
7d17cfbc 2807 .object_size = sizeof(Socket),
718db961
LP		 2808 .exec_context_offset = offsetof(Socket, exec_context),
2809 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2810 .kill_context_offset = offsetof(Socket, kill_context),
613b411c 2811 .exec_runtime_offset = offsetof(Socket, exec_runtime),
3ef63c31 2812
f975e971
LP		 2813 .sections =
2814 "Unit\0"
2815 "Socket\0"
2816 "Install\0",
4ad49000 2817 .private_section = "Socket",
71645aca 2818
034c6ed7
LP		 2819 .init = socket_init,
2820 .done = socket_done,
a16e1123
LP		 2821 .load = socket_load,
2822
2823 .coldplug = socket_coldplug,
034c6ed7 2824
5cb5a6ff
LP		 2825 .dump = socket_dump,
2826
542563ba
LP		 2827 .start = socket_start,
2828 .stop = socket_stop,
5cb5a6ff 2829
718db961
LP		 2830 .kill = socket_kill,
2831
68db7a3b
ZJS		 2832 .get_timeout = socket_get_timeout,
2833
a16e1123
LP		 2834 .serialize = socket_serialize,
2835 .deserialize_item = socket_deserialize_item,
01e10de3 2836 .distribute_fds = socket_distribute_fds,
a16e1123 2837
5cb5a6ff 2838 .active_state = socket_active_state,
10a94420 2839 .sub_state_to_string = socket_sub_state_to_string,
5cb5a6ff 2840
6cf6bbc2
LP		 2841 .check_gc = socket_check_gc,
2842
034c6ed7 2843 .sigchld_event = socket_sigchld_event,
4139c1b2 2844
d137a488
UTL		 2845 .trigger_notify = socket_trigger_notify,
2846
fdf20a31 2847 .reset_failed = socket_reset_failed,
5632e374 2848
718db961 2849 .bus_vtable = bus_socket_vtable,
74c964d3
LP		 2850 .bus_set_property = bus_socket_set_property,
2851 .bus_commit_properties = bus_socket_commit_properties,
c6918296
MS		 2852
2853 .status_message_formats = {
2854 /*.starting_stopping = {
2855 [0] = "Starting socket %s...",
2856 [1] = "Stopping socket %s...",
2857 },*/
2858 .finished_start_job = {
2859 [JOB_DONE] = "Listening on %s.",
2860 [JOB_FAILED] = "Failed to listen on %s.",
c6918296
MS		 2861 [JOB_TIMEOUT] = "Timed out starting %s.",
2862 },
2863 .finished_stop_job = {
2864 [JOB_DONE] = "Closed %s.",
2865 [JOB_FAILED] = "Failed stopping %s.",
2866 [JOB_TIMEOUT] = "Timed out stopping %s.",
2867 },
2868 },
5cb5a6ff 2869};
Unnamed repository; edit this file 'description' to name the repository.