]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/socket.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
core,network: major per-object logging rework
[thirdparty/systemd.git] / src / core / socket.c
CommitLineData
d6c9574f 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
5cb5a6ff 2
a7334b09
LP		 3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
a7334b09 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
83c60c9f
LP		 22#include <sys/stat.h>
23#include <unistd.h>
24#include <errno.h>
25#include <fcntl.h>
f94ea366 26#include <sys/epoll.h>
034c6ed7 27#include <signal.h>
4f2d528d 28#include <arpa/inet.h>
718db961 29#include <netinet/tcp.h>
916abb21 30#include <mqueue.h>
83c60c9f 31
718db961 32#include "sd-event.h"
83c60c9f 33#include "log.h"
9e2f7c11 34#include "strv.h"
49e942b2 35#include "mkdir.h"
9eb977db 36#include "path-util.h"
4f2d528d 37#include "unit-name.h"
41f9172f 38#include "unit-printf.h"
4fd5948e 39#include "missing.h"
a40eb732 40#include "special.h"
e51bc1a2 41#include "label.h"
9a57c629 42#include "exit-status.h"
f6a6225e 43#include "def.h"
5a045dad 44#include "smack-util.h"
718db961
LP		 45#include "bus-util.h"
46#include "bus-error.h"
d7b8eec7 47#include "selinux-util.h"
e821075a
LP		 48#include "dbus-socket.h"
49#include "unit.h"
50#include "socket.h"
6482f626 51#include "formats-util.h"
83c60c9f 52
acbb0225 53static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
87f0e418
LP		 54 [SOCKET_DEAD] = UNIT_INACTIVE,
55 [SOCKET_START_PRE] = UNIT_ACTIVATING,
3900e5fd 56 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
87f0e418
LP		 57 [SOCKET_START_POST] = UNIT_ACTIVATING,
58 [SOCKET_LISTENING] = UNIT_ACTIVE,
59 [SOCKET_RUNNING] = UNIT_ACTIVE,
60 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
61 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
62 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
80876c20
LP		 64 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
65 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
fdf20a31 66 [SOCKET_FAILED] = UNIT_FAILED
83c60c9f 67};
5cb5a6ff 68
718db961
LP		 69static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
70static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
71
a16e1123
LP		 72static void socket_init(Unit *u) {
73 Socket *s = SOCKET(u);
74
75 assert(u);
ac155bb8 76 assert(u->load_state == UNIT_STUB);
a16e1123 77
a16e1123 78 s->backlog = SOMAXCONN;
1f19a534 79 s->timeout_usec = u->manager->default_timeout_start_usec;
a16e1123 80 s->directory_mode = 0755;
9131f660 81 s->socket_mode = 0666;
a16e1123 82
6cf6bbc2
LP		 83 s->max_connections = 64;
84
4fd5948e 85 s->priority = -1;
4fd5948e
LP		 86 s->ip_tos = -1;
87 s->ip_ttl = -1;
4fd5948e 88 s->mark = -1;
4fd5948e 89
ac155bb8
MS		 90 s->exec_context.std_output = u->manager->default_std_output;
91 s->exec_context.std_error = u->manager->default_std_error;
085afe36 92
a16e1123
LP		 93 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
94}
acbb0225 95
5e94833f
LP		 96static void socket_unwatch_control_pid(Socket *s) {
97 assert(s);
98
99 if (s->control_pid <= 0)
100 return;
101
102 unit_unwatch_pid(UNIT(s), s->control_pid);
103 s->control_pid = 0;
104}
105
74051b9b 106void socket_free_ports(Socket *s) {
034c6ed7
LP		 107 SocketPort *p;
108
109 assert(s);
110
111 while ((p = s->ports)) {
71fda00f 112 LIST_REMOVE(port, s->ports, p);
034c6ed7 113
718db961
LP		 114 sd_event_source_unref(p->event_source);
115
03e334a1 116 safe_close(p->fd);
034c6ed7
LP		 117 free(p->path);
118 free(p);
119 }
74051b9b
LP		 120}
121
122static void socket_done(Unit *u) {
123 Socket *s = SOCKET(u);
124
125 assert(s);
126
127 socket_free_ports(s);
034c6ed7 128
613b411c 129 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
e537352b 130 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
034c6ed7
LP		 131 s->control_command = NULL;
132
5e94833f 133 socket_unwatch_control_pid(s);
034c6ed7 134
57020a3a 135 unit_ref_unset(&s->service);
034c6ed7 136
cebf8b20
TT		 137 free(s->tcp_congestion);
138 s->tcp_congestion = NULL;
139
acbb0225 140 free(s->bind_to_device);
e537352b 141 s->bind_to_device = NULL;
acbb0225 142
0eb59ccf
AK		 143 free(s->smack);
144 free(s->smack_ip_in);
145 free(s->smack_ip_out);
146
811ba7a0
LP		 147 strv_free(s->symlinks);
148
3900e5fd
LP		 149 free(s->user);
150 free(s->group);
151
718db961
LP		 152 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
153}
154
155static int socket_arm_timer(Socket *s) {
156 int r;
157
158 assert(s);
159
160 if (s->timeout_usec <= 0) {
161 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
162 return 0;
163 }
164
165 if (s->timer_event_source) {
166 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
167 if (r < 0)
168 return r;
169
170 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
171 }
172
7dfbe2e3 173 r = sd_event_add_time(
6a0f1f6d
LP		 174 UNIT(s)->manager->event,
175 &s->timer_event_source,
176 CLOCK_MONOTONIC,
177 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
178 socket_dispatch_timer, s);
7dfbe2e3
TG		 179 if (r < 0)
180 return r;
181
182 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
183
184 return 0;
5cb5a6ff
LP		 185}
186
8b835fcc
ZJS		 187int socket_instantiate_service(Socket *s) {
188 _cleanup_free_ char *prefix = NULL, *name = NULL;
b15bdda8
LP		 189 int r;
190 Unit *u;
191
192 assert(s);
193
194 /* This fills in s->service if it isn't filled in yet. For
195 * Accept=yes sockets we create the next connection service
196 * here. For Accept=no this is mostly a NOP since the service
197 * is figured out at load time anyway. */
198
7410616c 199 if (UNIT_DEREF(s->service))
b15bdda8
LP		 200 return 0;
201
7410616c
LP		 202 if (!s->accept)
203 return 0;
204
205 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
206 if (r < 0)
207 return r;
b15bdda8 208
315db1a8 209 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
b15bdda8
LP		 210 return -ENOMEM;
211
1124fe6f 212 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
b15bdda8
LP		 213 if (r < 0)
214 return r;
215
ac155bb8 216 u->no_gc = true;
57020a3a
LP		 217 unit_ref_set(&s->service, u);
218
219 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
b15bdda8
LP		 220}
221
4f2d528d
LP		 222static bool have_non_accept_socket(Socket *s) {
223 SocketPort *p;
224
225 assert(s);
226
227 if (!s->accept)
228 return true;
229
dd5ad9d4
LP		 230 LIST_FOREACH(port, p, s->ports) {
231
232 if (p->type != SOCKET_SOCKET)
233 return true;
234
4f2d528d
LP		 235 if (!socket_address_can_accept(&p->address))
236 return true;
dd5ad9d4 237 }
4f2d528d
LP		 238
239 return false;
240}
241
a57f7e2c 242static int socket_add_mount_links(Socket *s) {
6e2ef85b 243 SocketPort *p;
6e2ef85b
LP		 244 int r;
245
246 assert(s);
6e2ef85b 247
a57f7e2c
LP		 248 LIST_FOREACH(port, p, s->ports) {
249 const char *path = NULL;
6e2ef85b 250
a57f7e2c
LP		 251 if (p->type == SOCKET_SOCKET)
252 path = socket_address_get_path(&p->address);
253 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
254 path = p->path;
6e2ef85b 255
a57f7e2c
LP		 256 if (!path)
257 continue;
6e2ef85b 258
a57f7e2c 259 r = unit_require_mounts_for(UNIT(s), path);
b87705cd 260 if (r < 0)
6e2ef85b 261 return r;
b87705cd 262 }
6e2ef85b
LP		 263
264 return 0;
265}
266
267static int socket_add_device_link(Socket *s) {
268 char *t;
6e2ef85b
LP		 269
270 assert(s);
271
7d0c710d 272 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
6e2ef85b
LP		 273 return 0;
274
63c372cb 275 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
e821075a 276 return unit_add_node_link(UNIT(s), t, false);
6e2ef85b
LP		 277}
278
a40eb732
LP		 279static int socket_add_default_dependencies(Socket *s) {
280 int r;
281 assert(s);
282
e3d84721
LP		 283 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
284 if (r < 0)
285 return r;
2a77d31d 286
e3d84721
LP		 287 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
288 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
289 if (r < 0)
a40eb732 290 return r;
2a77d31d 291 }
a40eb732 292
ead8e478 293 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
a40eb732
LP		 294}
295
44a6b1b6 296_pure_ static bool socket_has_exec(Socket *s) {
4cfc6dbe
LP		 297 unsigned i;
298 assert(s);
299
300 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
301 if (s->exec_command[i])
302 return true;
303
304 return false;
305}
306
e821075a
LP		 307static int socket_add_extras(Socket *s) {
308 Unit *u = UNIT(s);
e537352b 309 int r;
44d8db9e 310
e821075a 311 assert(s);
57020a3a 312
e821075a 313 if (have_non_accept_socket(s)) {
23a177ef 314
e821075a
LP		 315 if (!UNIT_DEREF(s->service)) {
316 Unit *x;
57020a3a 317
e821075a 318 r = unit_load_related_unit(u, ".service", &x);
57020a3a 319 if (r < 0)
4f2d528d 320 return r;
e821075a
LP		 321
322 unit_ref_set(&s->service, x);
4f2d528d 323 }
44d8db9e 324
e821075a
LP		 325 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
326 if (r < 0)
6e2ef85b 327 return r;
e821075a 328 }
6e2ef85b 329
e821075a
LP		 330 r = socket_add_mount_links(s);
331 if (r < 0)
332 return r;
6e2ef85b 333
e821075a
LP		 334 r = socket_add_device_link(s);
335 if (r < 0)
336 return r;
337
598459ce 338 r = unit_patch_contexts(u);
e821075a
LP		 339 if (r < 0)
340 return r;
341
342 if (socket_has_exec(s)) {
343 r = unit_add_exec_dependencies(u, &s->exec_context);
344 if (r < 0)
345 return r;
23a177ef 346
598459ce 347 r = unit_add_default_slice(u, &s->cgroup_context);
a016b922
LP		 348 if (r < 0)
349 return r;
e821075a 350 }
a016b922 351
e821075a
LP		 352 if (u->default_dependencies) {
353 r = socket_add_default_dependencies(s);
354 if (r < 0)
355 return r;
356 }
357
358 return 0;
359}
360
811ba7a0
LP		 361static const char *socket_find_symlink_target(Socket *s) {
362 const char *found = NULL;
363 SocketPort *p;
364
365 LIST_FOREACH(port, p, s->ports) {
366 const char *f = NULL;
367
368 switch (p->type) {
369
370 case SOCKET_FIFO:
371 f = p->path;
372 break;
373
374 case SOCKET_SOCKET:
375 if (p->address.sockaddr.un.sun_path[0] != 0)
376 f = p->address.sockaddr.un.sun_path;
377 break;
378
379 default:
380 break;
381 }
382
383 if (f) {
384 if (found)
385 return NULL;
386
387 found = f;
388 }
389 }
390
391 return found;
392}
393
e821075a
LP		 394static int socket_verify(Socket *s) {
395 assert(s);
396
397 if (UNIT(s)->load_state != UNIT_LOADED)
398 return 0;
399
400 if (!s->ports) {
f2341e0a 401 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
e821075a
LP		 402 return -EINVAL;
403 }
404
405 if (s->accept && have_non_accept_socket(s)) {
f2341e0a 406 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
e821075a
LP		 407 return -EINVAL;
408 }
409
410 if (s->accept && s->max_connections <= 0) {
f2341e0a 411 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
e821075a
LP		 412 return -EINVAL;
413 }
e06c73cc 414
e821075a 415 if (s->accept && UNIT_DEREF(s->service)) {
f2341e0a 416 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
e821075a
LP		 417 return -EINVAL;
418 }
419
420 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
f2341e0a 421 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
e821075a
LP		 422 return -EINVAL;
423 }
424
811ba7a0 425 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
f2341e0a 426 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
811ba7a0
LP		 427 return -EINVAL;
428 }
429
e821075a
LP		 430 return 0;
431}
432
433static int socket_load(Unit *u) {
434 Socket *s = SOCKET(u);
435 int r;
436
437 assert(u);
438 assert(u->load_state == UNIT_STUB);
439
440 r = unit_load_fragment_and_dropin(u);
441 if (r < 0)
442 return r;
443
444 if (u->load_state == UNIT_LOADED) {
445 /* This is a new unit? Then let's add in some extras */
446 r = socket_add_extras(s);
e06c73cc
LP		 447 if (r < 0)
448 return r;
23a177ef
LP		 449 }
450
4f2d528d 451 return socket_verify(s);
44d8db9e
LP		 452}
453
44a6b1b6 454_const_ static const char* listen_lookup(int family, int type) {
7a22745a
LP		 455
456 if (family == AF_NETLINK)
457 return "ListenNetlink";
542563ba
LP		 458
459 if (type == SOCK_STREAM)
460 return "ListenStream";
461 else if (type == SOCK_DGRAM)
462 return "ListenDatagram";
463 else if (type == SOCK_SEQPACKET)
464 return "ListenSequentialPacket";
465
034c6ed7 466 assert_not_reached("Unknown socket type");
542563ba
LP		 467 return NULL;
468}
469
87f0e418 470static void socket_dump(Unit *u, FILE *f, const char *prefix) {
209e9dcd 471 char time_string[FORMAT_TIMESPAN_MAX];
5cb5a6ff 472 SocketExecCommand c;
87f0e418 473 Socket *s = SOCKET(u);
542563ba 474 SocketPort *p;
82ba9f08 475 const char *prefix2;
5cb5a6ff
LP		 476
477 assert(s);
fa068367 478 assert(f);
5cb5a6ff 479
4c940960 480 prefix = strempty(prefix);
63c372cb 481 prefix2 = strjoina(prefix, "\t");
c43d20a0 482
5cb5a6ff
LP		 483 fprintf(f,
484 "%sSocket State: %s\n"
81a5c6d0 485 "%sResult: %s\n"
542563ba 486 "%sBindIPv6Only: %s\n"
b5a0699f
LP		 487 "%sBacklog: %u\n"
488 "%sSocketMode: %04o\n"
4fd5948e
LP		 489 "%sDirectoryMode: %04o\n"
490 "%sKeepAlive: %s\n"
4427c3f4 491 "%sNoDelay: %s\n"
cebf8b20 492 "%sFreeBind: %s\n"
6b6d2dee 493 "%sTransparent: %s\n"
ec6370a2 494 "%sBroadcast: %s\n"
ede3deb4 495 "%sPassCredentials: %s\n"
54ecda32 496 "%sPassSecurity: %s\n"
bd1fe7c7 497 "%sTCPCongestion: %s\n"
16115b0a
MS		 498 "%sRemoveOnStop: %s\n"
499 "%sSELinuxContextFromNet: %s\n",
a16e1123 500 prefix, socket_state_to_string(s->state),
81a5c6d0 501 prefix, socket_result_to_string(s->result),
c0120d99 502 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
b5a0699f
LP		 503 prefix, s->backlog,
504 prefix, s->socket_mode,
4fd5948e
LP		 505 prefix, s->directory_mode,
506 prefix, yes_no(s->keep_alive),
4427c3f4 507 prefix, yes_no(s->no_delay),
cebf8b20 508 prefix, yes_no(s->free_bind),
6b6d2dee 509 prefix, yes_no(s->transparent),
ec6370a2 510 prefix, yes_no(s->broadcast),
d68af586 511 prefix, yes_no(s->pass_cred),
54ecda32 512 prefix, yes_no(s->pass_sec),
bd1fe7c7 513 prefix, strna(s->tcp_congestion),
16115b0a
MS		 514 prefix, yes_no(s->remove_on_stop),
515 prefix, yes_no(s->selinux_context_from_net));
542563ba 516
70123e68
LP		 517 if (s->control_pid > 0)
518 fprintf(f,
de0671ee
ZJS		 519 "%sControl PID: "PID_FMT"\n",
520 prefix, s->control_pid);
70123e68 521
acbb0225
LP		 522 if (s->bind_to_device)
523 fprintf(f,
524 "%sBindToDevice: %s\n",
525 prefix, s->bind_to_device);
526
4f2d528d
LP		 527 if (s->accept)
528 fprintf(f,
6cf6bbc2
LP		 529 "%sAccepted: %u\n"
530 "%sNConnections: %u\n"
531 "%sMaxConnections: %u\n",
532 prefix, s->n_accepted,
533 prefix, s->n_connections,
534 prefix, s->max_connections);
4f2d528d 535
4fd5948e
LP		 536 if (s->priority >= 0)
537 fprintf(f,
538 "%sPriority: %i\n",
539 prefix, s->priority);
540
541 if (s->receive_buffer > 0)
542 fprintf(f,
543 "%sReceiveBuffer: %zu\n",
544 prefix, s->receive_buffer);
545
546 if (s->send_buffer > 0)
547 fprintf(f,
548 "%sSendBuffer: %zu\n",
549 prefix, s->send_buffer);
550
551 if (s->ip_tos >= 0)
552 fprintf(f,
553 "%sIPTOS: %i\n",
554 prefix, s->ip_tos);
555
556 if (s->ip_ttl >= 0)
557 fprintf(f,
558 "%sIPTTL: %i\n",
559 prefix, s->ip_ttl);
560
561 if (s->pipe_size > 0)
562 fprintf(f,
563 "%sPipeSize: %zu\n",
564 prefix, s->pipe_size);
565
566 if (s->mark >= 0)
567 fprintf(f,
568 "%sMark: %i\n",
569 prefix, s->mark);
570
916abb21
LP		 571 if (s->mq_maxmsg > 0)
572 fprintf(f,
573 "%sMessageQueueMaxMessages: %li\n",
574 prefix, s->mq_maxmsg);
575
576 if (s->mq_msgsize > 0)
577 fprintf(f,
578 "%sMessageQueueMessageSize: %li\n",
579 prefix, s->mq_msgsize);
580
718db961 581 if (s->reuse_port)
f7db7a69
SL		 582 fprintf(f,
583 "%sReusePort: %s\n",
718db961 584 prefix, yes_no(s->reuse_port));
f7db7a69 585
0eb59ccf
AK		 586 if (s->smack)
587 fprintf(f,
588 "%sSmackLabel: %s\n",
589 prefix, s->smack);
590
591 if (s->smack_ip_in)
592 fprintf(f,
593 "%sSmackLabelIPIn: %s\n",
594 prefix, s->smack_ip_in);
595
596 if (s->smack_ip_out)
597 fprintf(f,
598 "%sSmackLabelIPOut: %s\n",
599 prefix, s->smack_ip_out);
600
3900e5fd
LP		 601 if (!isempty(s->user) || !isempty(s->group))
602 fprintf(f,
603 "%sOwnerUser: %s\n"
604 "%sOwnerGroup: %s\n",
605 prefix, strna(s->user),
606 prefix, strna(s->group));
607
3cd761e4 608 if (s->keep_alive_time > 0)
209e9dcd 609 fprintf(f,
3cd761e4
LP		 610 "%sKeepAliveTimeSec: %s\n",
611 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
209e9dcd 612
3cd761e4 613 if (s->keep_alive_interval)
209e9dcd 614 fprintf(f,
3cd761e4
LP		 615 "%sKeepAliveIntervalSec: %s\n",
616 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
209e9dcd 617
3cd761e4 618 if (s->keep_alive_cnt)
209e9dcd
SS		 619 fprintf(f,
620 "%sKeepAliveProbes: %u\n",
621 prefix, s->keep_alive_cnt);
622
3cd761e4 623 if (s->defer_accept)
cc567c9b 624 fprintf(f,
3cd761e4
LP		 625 "%sDeferAcceptSec: %s\n",
626 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
cc567c9b 627
034c6ed7 628 LIST_FOREACH(port, p, s->ports) {
5cb5a6ff 629
542563ba
LP		 630 if (p->type == SOCKET_SOCKET) {
631 const char *t;
632 int r;
e364ad06 633 char *k = NULL;
542563ba
LP		 634
635 if ((r = socket_address_print(&p->address, &k)) < 0)
636 t = strerror(-r);
637 else
638 t = k;
639
7a22745a 640 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
542563ba 641 free(k);
b0a3f2bc
LP		 642 } else if (p->type == SOCKET_SPECIAL)
643 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
916abb21
LP		 644 else if (p->type == SOCKET_MQUEUE)
645 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
b0a3f2bc 646 else
542563ba
LP		 647 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
648 }
5cb5a6ff
LP		 649
650 exec_context_dump(&s->exec_context, f, prefix);
4819ff03 651 kill_context_dump(&s->kill_context, f, prefix);
5cb5a6ff 652
e537352b 653 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
c43d20a0
LP		 654 if (!s->exec_command[c])
655 continue;
5cb5a6ff 656
40d50879 657 fprintf(f, "%s-> %s:\n",
a16e1123 658 prefix, socket_exec_command_to_string(c));
c43d20a0
LP		 659
660 exec_command_dump_list(s->exec_command[c], f, prefix2);
5cb5a6ff
LP		 661 }
662}
663
4f2d528d
LP		 664static int instance_from_socket(int fd, unsigned nr, char **instance) {
665 socklen_t l;
666 char *r;
9d16d0c7 667 union sockaddr_union local, remote;
4f2d528d
LP		 668
669 assert(fd >= 0);
670 assert(instance);
671
672 l = sizeof(local);
673 if (getsockname(fd, &local.sa, &l) < 0)
674 return -errno;
675
676 l = sizeof(remote);
677 if (getpeername(fd, &remote.sa, &l) < 0)
678 return -errno;
679
680 switch (local.sa.sa_family) {
681
682 case AF_INET: {
683 uint32_t
684 a = ntohl(local.in.sin_addr.s_addr),
685 b = ntohl(remote.in.sin_addr.s_addr);
686
687 if (asprintf(&r,
77b088c2
LP		 688 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
689 nr,
4f2d528d
LP		 690 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
691 ntohs(local.in.sin_port),
692 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
693 ntohs(remote.in.sin_port)) < 0)
694 return -ENOMEM;
695
696 break;
697 }
698
699 case AF_INET6: {
c65a0b14 700 static const unsigned char ipv4_prefix[] = {
2b061f5a
LP		 701 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
702 };
703
704 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
705 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
706 const uint8_t
707 *a = local.in6.sin6_addr.s6_addr+12,
708 *b = remote.in6.sin6_addr.s6_addr+12;
709
710 if (asprintf(&r,
77b088c2
LP		 711 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
712 nr,
2b061f5a
LP		 713 a[0], a[1], a[2], a[3],
714 ntohs(local.in6.sin6_port),
715 b[0], b[1], b[2], b[3],
716 ntohs(remote.in6.sin6_port)) < 0)
717 return -ENOMEM;
718 } else {
719 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
720
721 if (asprintf(&r,
77b088c2
LP		 722 "%u-%s:%u-%s:%u",
723 nr,
2b061f5a
LP		 724 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
725 ntohs(local.in6.sin6_port),
726 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
727 ntohs(remote.in6.sin6_port)) < 0)
728 return -ENOMEM;
729 }
4f2d528d
LP		 730
731 break;
732 }
733
734 case AF_UNIX: {
735 struct ucred ucred;
eff05270 736 int k;
4f2d528d 737
eff05270 738 k = getpeercred(fd, &ucred);
d38f6e34
ZJS		 739 if (k >= 0) {
740 if (asprintf(&r,
741 "%u-"PID_FMT"-"UID_FMT,
742 nr, ucred.pid, ucred.uid) < 0)
743 return -ENOMEM;
744 } else if (k == -ENODATA) {
745 /* This handles the case where somebody is
746 * connecting from another pid/uid namespace
747 * (e.g. from outside of our container). */
748 if (asprintf(&r,
749 "%u-unknown",
750 nr) < 0)
751 return -ENOMEM;
752 } else
eff05270 753 return k;
2f20a8eb 754
2f20a8eb 755 break;
4f2d528d
LP		 756 }
757
758 default:
759 assert_not_reached("Unhandled socket type.");
760 }
761
762 *instance = r;
763 return 0;
764}
765
034c6ed7 766static void socket_close_fds(Socket *s) {
83c60c9f 767 SocketPort *p;
811ba7a0 768 char **i;
83c60c9f
LP		 769
770 assert(s);
771
034c6ed7 772 LIST_FOREACH(port, p, s->ports) {
718db961
LP		 773
774 p->event_source = sd_event_source_unref(p->event_source);
775
83c60c9f
LP		 776 if (p->fd < 0)
777 continue;
778
03e334a1 779 p->fd = safe_close(p->fd);
a16e1123 780
bd1fe7c7
LP		 781 /* One little note: we should normally not delete any
782 * sockets in the file system here! After all some
783 * other process we spawned might still have a
784 * reference of this fd and wants to continue to use
785 * it. Therefore we delete sockets in the file system
786 * before we create a new one, not after we stopped
787 * using one! */
788
789 if (s->remove_on_stop) {
790 switch (p->type) {
791
792 case SOCKET_FIFO:
793 unlink(p->path);
794 break;
795
796 case SOCKET_MQUEUE:
797 mq_unlink(p->path);
798 break;
799
800 case SOCKET_SOCKET:
801 socket_address_unlink(&p->address);
802 break;
803
804 default:
805 break;
806 }
807 }
83c60c9f 808 }
811ba7a0
LP		 809
810 if (s->remove_on_stop)
811 STRV_FOREACH(i, s->symlinks)
812 unlink(*i);
83c60c9f
LP		 813}
814
4fd5948e 815static void socket_apply_socket_options(Socket *s, int fd) {
d53e386d
LP		 816 int r;
817
4fd5948e
LP		 818 assert(s);
819 assert(fd >= 0);
820
821 if (s->keep_alive) {
822 int b = s->keep_alive;
823 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
f2341e0a 824 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
4fd5948e
LP		 825 }
826
209e9dcd
SS		 827 if (s->keep_alive_time) {
828 int value = s->keep_alive_time / USEC_PER_SEC;
829 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
f2341e0a 830 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
209e9dcd
SS		 831 }
832
833 if (s->keep_alive_interval) {
834 int value = s->keep_alive_interval / USEC_PER_SEC;
835 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
f2341e0a 836 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
209e9dcd
SS		 837 }
838
839 if (s->keep_alive_cnt) {
840 int value = s->keep_alive_cnt;
841 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
f2341e0a 842 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
209e9dcd
SS		 843 }
844
cc567c9b
SS		 845 if (s->defer_accept) {
846 int value = s->defer_accept / USEC_PER_SEC;
847 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
f2341e0a 848 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
cc567c9b
SS		 849 }
850
4427c3f4
SS		 851 if (s->no_delay) {
852 int b = s->no_delay;
853 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
f2341e0a 854 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
4427c3f4
SS		 855 }
856
ec6370a2
LP		 857 if (s->broadcast) {
858 int one = 1;
859 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
f2341e0a 860 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
ec6370a2
LP		 861 }
862
d68af586
MS		 863 if (s->pass_cred) {
864 int one = 1;
865 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
f2341e0a 866 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
d68af586
MS		 867 }
868
54ecda32
LP		 869 if (s->pass_sec) {
870 int one = 1;
871 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
f2341e0a 872 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
54ecda32
LP		 873 }
874
4fd5948e
LP		 875 if (s->priority >= 0)
876 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
f2341e0a 877 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
4fd5948e
LP		 878
879 if (s->receive_buffer > 0) {
880 int value = (int) s->receive_buffer;
7d9eaa84
LP		 881
882 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
883
b8cef44e 884 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 885 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
f2341e0a 886 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
4fd5948e
LP		 887 }
888
889 if (s->send_buffer > 0) {
890 int value = (int) s->send_buffer;
b8cef44e 891 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 892 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
f2341e0a 893 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
4fd5948e
LP		 894 }
895
896 if (s->mark >= 0)
897 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
f2341e0a 898 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
4fd5948e
LP		 899
900 if (s->ip_tos >= 0)
901 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
f2341e0a 902 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
4fd5948e 903
46925ac5 904 if (s->ip_ttl >= 0) {
d53e386d 905 int x;
46925ac5
LP		 906
907 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
5bfcc1c6
FF		 908
909 if (socket_ipv6_is_supported())
910 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
911 else {
912 x = -1;
913 errno = EAFNOSUPPORT;
914 }
46925ac5
LP		 915
916 if (r < 0 && x < 0)
f2341e0a 917 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
46925ac5 918 }
cebf8b20
TT		 919
920 if (s->tcp_congestion)
921 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
f2341e0a 922 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
0eb59ccf 923
718db961
LP		 924 if (s->reuse_port) {
925 int b = s->reuse_port;
f0511bd7 926 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
f2341e0a 927 log_unit_warning_errno(UNIT(s), errno, "SO_REUSEPORT failed: %m");
f7db7a69
SL		 928 }
929
d53e386d
LP		 930 if (s->smack_ip_in) {
931 r = mac_smack_apply_ip_in_fd(fd, s->smack_ip_in);
932 if (r < 0)
f2341e0a 933 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
d53e386d 934 }
9a4e038c 935
d53e386d
LP		 936 if (s->smack_ip_out) {
937 r = mac_smack_apply_ip_out_fd(fd, s->smack_ip_out);
938 if (r < 0)
f2341e0a 939 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
d53e386d 940 }
4fd5948e
LP		 941}
942
b15bdda8 943static void socket_apply_fifo_options(Socket *s, int fd) {
d53e386d
LP		 944 int r;
945
4fd5948e
LP		 946 assert(s);
947 assert(fd >= 0);
948
949 if (s->pipe_size > 0)
950 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
f2341e0a 951 log_unit_warning_errno(UNIT(s), errno, "F_SETPIPE_SZ: %m");
0eb59ccf 952
d53e386d
LP		 953 if (s->smack) {
954 r = mac_smack_apply_fd(fd, s->smack);
955 if (r < 0)
f2341e0a 956 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_fd: %m");
d53e386d 957 }
4fd5948e
LP		 958}
959
b15bdda8
LP		 960static int fifo_address_create(
961 const char *path,
962 mode_t directory_mode,
963 mode_t socket_mode,
b15bdda8
LP		 964 int *_fd) {
965
7a58bfa4 966 int fd = -1, r = 0;
b15bdda8
LP		 967 struct stat st;
968 mode_t old_mask;
969
970 assert(path);
971 assert(_fd);
972
d2e54fae 973 mkdir_parents_label(path, directory_mode);
b15bdda8 974
ecabcf8b 975 r = mac_selinux_create_file_prepare(path, S_IFIFO);
e9a5ef7c 976 if (r < 0)
56cf987f 977 goto fail;
b15bdda8
LP		 978
979 /* Enforce the right access mode for the fifo */
980 old_mask = umask(~ socket_mode);
981
982 /* Include the original umask in our mask */
983 umask(~socket_mode | old_mask);
984
985 r = mkfifo(path, socket_mode);
986 umask(old_mask);
987
94bc2731 988 if (r < 0 && errno != EEXIST) {
b15bdda8
LP		 989 r = -errno;
990 goto fail;
991 }
992
e4f44e73 993 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
b15bdda8
LP		 994 r = -errno;
995 goto fail;
996 }
997
ecabcf8b 998 mac_selinux_create_file_clear();
7a58bfa4 999
b15bdda8
LP		 1000 if (fstat(fd, &st) < 0) {
1001 r = -errno;
1002 goto fail;
1003 }
1004
1005 if (!S_ISFIFO(st.st_mode) ||
de0200fc 1006 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
e4f44e73
DR		 1007 st.st_uid != getuid() ||
1008 st.st_gid != getgid()) {
b15bdda8
LP		 1009
1010 r = -EEXIST;
1011 goto fail;
1012 }
1013
1014 *_fd = fd;
1015 return 0;
1016
1017fail:
ecabcf8b 1018 mac_selinux_create_file_clear();
03e334a1 1019 safe_close(fd);
b15bdda8
LP		 1020
1021 return r;
1022}
1023
b0a3f2bc
LP		 1024static int special_address_create(
1025 const char *path,
1026 int *_fd) {
1027
1028 int fd = -1, r = 0;
1029 struct stat st;
1030
1031 assert(path);
1032 assert(_fd);
1033
811ba7a0
LP		 1034 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1035 if (fd < 0) {
b0a3f2bc
LP		 1036 r = -errno;
1037 goto fail;
1038 }
1039
1040 if (fstat(fd, &st) < 0) {
1041 r = -errno;
1042 goto fail;
1043 }
1044
1045 /* Check whether this is a /proc, /sys or /dev file or char device */
1046 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1047 r = -EEXIST;
1048 goto fail;
1049 }
1050
1051 *_fd = fd;
1052 return 0;
1053
1054fail:
03e334a1 1055 safe_close(fd);
b0a3f2bc
LP		 1056
1057 return r;
1058}
1059
916abb21
LP		 1060static int mq_address_create(
1061 const char *path,
1062 mode_t mq_mode,
1063 long maxmsg,
1064 long msgsize,
1065 int *_fd) {
1066
1067 int fd = -1, r = 0;
1068 struct stat st;
1069 mode_t old_mask;
1070 struct mq_attr _attr, *attr = NULL;
1071
1072 assert(path);
1073 assert(_fd);
1074
1075 if (maxmsg > 0 && msgsize > 0) {
1076 zero(_attr);
1077 _attr.mq_flags = O_NONBLOCK;
1078 _attr.mq_maxmsg = maxmsg;
1079 _attr.mq_msgsize = msgsize;
1080 attr = &_attr;
1081 }
1082
1083 /* Enforce the right access mode for the mq */
1084 old_mask = umask(~ mq_mode);
1085
1086 /* Include the original umask in our mask */
1087 umask(~mq_mode | old_mask);
916abb21
LP		 1088 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1089 umask(old_mask);
1090
8ea913b2 1091 if (fd < 0) {
916abb21
LP		 1092 r = -errno;
1093 goto fail;
1094 }
1095
1096 if (fstat(fd, &st) < 0) {
1097 r = -errno;
1098 goto fail;
1099 }
1100
1101 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1102 st.st_uid != getuid() ||
1103 st.st_gid != getgid()) {
1104
1105 r = -EEXIST;
1106 goto fail;
1107 }
1108
1109 *_fd = fd;
1110 return 0;
1111
1112fail:
03e334a1 1113 safe_close(fd);
916abb21
LP		 1114 return r;
1115}
1116
811ba7a0
LP		 1117static int socket_symlink(Socket *s) {
1118 const char *p;
1119 char **i;
1120
1121 assert(s);
1122
1123 p = socket_find_symlink_target(s);
1124 if (!p)
1125 return 0;
1126
1127 STRV_FOREACH(i, s->symlinks)
43b133b4 1128 symlink_label(p, *i);
811ba7a0
LP		 1129
1130 return 0;
1131}
1132
034c6ed7 1133static int socket_open_fds(Socket *s) {
83c60c9f
LP		 1134 SocketPort *p;
1135 int r;
56cf987f 1136 char *label = NULL;
049f8642 1137 bool know_label = false;
83c60c9f
LP		 1138
1139 assert(s);
1140
034c6ed7 1141 LIST_FOREACH(port, p, s->ports) {
83c60c9f 1142
034c6ed7
LP		 1143 if (p->fd >= 0)
1144 continue;
83c60c9f
LP		 1145
1146 if (p->type == SOCKET_SOCKET) {
049f8642 1147
7f416dae
LP		 1148 if (!know_label) {
1149 /* Figure out label, if we don't it know
1150 * yet. We do it once, for the first
1151 * socket where we need this and
1152 * remember it for the rest. */
1153
1154 if (s->selinux_context_from_net) {
1155 /* Get it from the network label */
1156
1157 r = mac_selinux_get_our_label(&label);
75514a70 1158 if (r < 0 && r != -EOPNOTSUPP)
7f416dae 1159 goto rollback;
049f8642 1160
7f416dae
LP		 1161 } else {
1162 /* Get it from the executable we are about to start */
1163
1164 r = socket_instantiate_service(s);
1165 if (r < 0)
1166 goto rollback;
1167
1168 if (UNIT_ISSET(s->service) &&
1169 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1170 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
75514a70 1171 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
7f416dae
LP		 1172 goto rollback;
1173 }
189583d7 1174 }
049f8642
LP		 1175
1176 know_label = true;
1177 }
1178
175a3d25
LP		 1179 r = socket_address_listen(
1180 &p->address,
1181 SOCK_CLOEXEC|SOCK_NONBLOCK,
1182 s->backlog,
1183 s->bind_ipv6_only,
1184 s->bind_to_device,
1185 s->free_bind,
1186 s->transparent,
1187 s->directory_mode,
1188 s->socket_mode,
1189 label);
1190 if (r < 0)
83c60c9f
LP		 1191 goto rollback;
1192
175a3d25 1193 p->fd = r;
4fd5948e 1194 socket_apply_socket_options(s, p->fd);
811ba7a0 1195 socket_symlink(s);
4fd5948e 1196
b0a3f2bc
LP		 1197 } else if (p->type == SOCKET_SPECIAL) {
1198
175a3d25
LP		 1199 r = special_address_create(
1200 p->path,
1201 &p->fd);
1202 if (r < 0)
b0a3f2bc
LP		 1203 goto rollback;
1204
b15bdda8 1205 } else if (p->type == SOCKET_FIFO) {
83c60c9f 1206
175a3d25
LP		 1207 r = fifo_address_create(
1208 p->path,
1209 s->directory_mode,
1210 s->socket_mode,
1211 &p->fd);
1212 if (r < 0)
83c60c9f 1213 goto rollback;
83c60c9f 1214
b15bdda8 1215 socket_apply_fifo_options(s, p->fd);
811ba7a0
LP		 1216 socket_symlink(s);
1217
916abb21 1218 } else if (p->type == SOCKET_MQUEUE) {
83c60c9f 1219
175a3d25
LP		 1220 r = mq_address_create(
1221 p->path,
1222 s->socket_mode,
1223 s->mq_maxmsg,
1224 s->mq_msgsize,
1225 &p->fd);
1226 if (r < 0)
916abb21 1227 goto rollback;
b15bdda8
LP		 1228 } else
1229 assert_not_reached("Unknown port type");
034c6ed7
LP		 1230 }
1231
cc56fafe 1232 mac_selinux_free(label);
034c6ed7
LP		 1233 return 0;
1234
1235rollback:
1236 socket_close_fds(s);
cc56fafe 1237 mac_selinux_free(label);
7f416dae 1238
034c6ed7
LP		 1239 return r;
1240}
1241
1242static void socket_unwatch_fds(Socket *s) {
1243 SocketPort *p;
718db961 1244 int r;
9152c765 1245
034c6ed7
LP		 1246 assert(s);
1247
1248 LIST_FOREACH(port, p, s->ports) {
1249 if (p->fd < 0)
1250 continue;
1251
a4152e3f
LP		 1252 if (!p->event_source)
1253 continue;
1254
1255 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1256 if (r < 0)
f2341e0a 1257 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
83c60c9f 1258 }
034c6ed7
LP		 1259}
1260
1261static int socket_watch_fds(Socket *s) {
1262 SocketPort *p;
1263 int r;
1264
1265 assert(s);
83c60c9f 1266
034c6ed7
LP		 1267 LIST_FOREACH(port, p, s->ports) {
1268 if (p->fd < 0)
1269 continue;
1270
718db961
LP		 1271 if (p->event_source)
1272 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1273 else
151b9b96 1274 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
4f2d528d 1275
718db961 1276 if (r < 0) {
f2341e0a 1277 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
034c6ed7 1278 goto fail;
718db961 1279 }
cfa9677b
MM		 1280
1281 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
034c6ed7 1282 }
83c60c9f 1283
542563ba 1284 return 0;
83c60c9f 1285
034c6ed7
LP		 1286fail:
1287 socket_unwatch_fds(s);
1288 return r;
1289}
1290
1291static void socket_set_state(Socket *s, SocketState state) {
1292 SocketState old_state;
1293 assert(s);
1294
1295 old_state = s->state;
1296 s->state = state;
1297
bd1fe7c7
LP		 1298 if (!IN_SET(state,
1299 SOCKET_START_PRE,
3900e5fd 1300 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1301 SOCKET_START_POST,
1302 SOCKET_STOP_PRE,
1303 SOCKET_STOP_PRE_SIGTERM,
1304 SOCKET_STOP_PRE_SIGKILL,
1305 SOCKET_STOP_POST,
1306 SOCKET_FINAL_SIGTERM,
1307 SOCKET_FINAL_SIGKILL)) {
718db961
LP		 1308
1309 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
5e94833f 1310 socket_unwatch_control_pid(s);
034c6ed7 1311 s->control_command = NULL;
a16e1123 1312 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
e537352b 1313 }
034c6ed7 1314
a16e1123
LP		 1315 if (state != SOCKET_LISTENING)
1316 socket_unwatch_fds(s);
1317
bd1fe7c7 1318 if (!IN_SET(state,
3900e5fd 1319 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1320 SOCKET_START_POST,
1321 SOCKET_LISTENING,
1322 SOCKET_RUNNING,
1323 SOCKET_STOP_PRE,
1324 SOCKET_STOP_PRE_SIGTERM,
1325 SOCKET_STOP_PRE_SIGKILL))
034c6ed7
LP		 1326 socket_close_fds(s);
1327
e537352b 1328 if (state != old_state)
f2341e0a 1329 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
acbb0225 1330
e2f3b44c 1331 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
034c6ed7
LP		 1332}
1333
be847e82 1334static int socket_coldplug(Unit *u) {
a16e1123
LP		 1335 Socket *s = SOCKET(u);
1336 int r;
1337
1338 assert(s);
1339 assert(s->state == SOCKET_DEAD);
1340
e821075a
LP		 1341 if (s->deserialized_state == s->state)
1342 return 0;
a16e1123 1343
3900e5fd
LP		 1344 if (IN_SET(s->deserialized_state,
1345 SOCKET_START_PRE,
1346 SOCKET_START_CHOWN,
1347 SOCKET_START_POST,
1348 SOCKET_STOP_PRE,
1349 SOCKET_STOP_PRE_SIGTERM,
1350 SOCKET_STOP_PRE_SIGKILL,
1351 SOCKET_STOP_POST,
1352 SOCKET_FINAL_SIGTERM,
1353 SOCKET_FINAL_SIGKILL)) {
a16e1123 1354
e821075a
LP		 1355 if (s->control_pid <= 0)
1356 return -EBADMSG;
a16e1123 1357
e821075a
LP		 1358 r = unit_watch_pid(UNIT(s), s->control_pid);
1359 if (r < 0)
1360 return r;
a16e1123 1361
e821075a
LP		 1362 r = socket_arm_timer(s);
1363 if (r < 0)
1364 return r;
1365 }
a16e1123 1366
3900e5fd
LP		 1367 if (IN_SET(s->deserialized_state,
1368 SOCKET_START_CHOWN,
1369 SOCKET_START_POST,
1370 SOCKET_LISTENING,
1371 SOCKET_RUNNING,
1372 SOCKET_STOP_PRE,
1373 SOCKET_STOP_PRE_SIGTERM,
1374 SOCKET_STOP_PRE_SIGKILL)) {
e821075a
LP		 1375 r = socket_open_fds(s);
1376 if (r < 0)
1377 return r;
1378 }
a16e1123 1379
e821075a
LP		 1380 if (s->deserialized_state == SOCKET_LISTENING) {
1381 r = socket_watch_fds(s);
1382 if (r < 0)
1383 return r;
a16e1123
LP		 1384 }
1385
e821075a 1386 socket_set_state(s, s->deserialized_state);
a16e1123
LP		 1387 return 0;
1388}
1389
e537352b 1390static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
3900e5fd 1391 _cleanup_free_ char **argv = NULL;
034c6ed7
LP		 1392 pid_t pid;
1393 int r;
9fa95f85
DM		 1394 ExecParameters exec_params = {
1395 .apply_permissions = true,
1396 .apply_chroot = true,
1397 .apply_tty_stdin = true,
6f856a09 1398 .bus_endpoint_fd = -1,
9fa95f85 1399 };
034c6ed7
LP		 1400
1401 assert(s);
1402 assert(c);
1403 assert(_pid);
1404
5ad096b3
LP		 1405 (void) unit_realize_cgroup(UNIT(s));
1406 if (s->reset_cpu_usage) {
1407 (void) unit_reset_cpu_usage(UNIT(s));
1408 s->reset_cpu_usage = false;
1409 }
4ad49000 1410
613b411c
LP		 1411 r = unit_setup_exec_runtime(UNIT(s));
1412 if (r < 0)
1413 goto fail;
1414
718db961 1415 r = socket_arm_timer(s);
36697dc0 1416 if (r < 0)
e537352b 1417 goto fail;
034c6ed7 1418
19f6d710
LP		 1419 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1420 if (r < 0)
9e2f7c11 1421 goto fail;
9e2f7c11 1422
9fa95f85
DM		 1423 exec_params.argv = argv;
1424 exec_params.environment = UNIT(s)->manager->environment;
1425 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1426 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1427 exec_params.cgroup_path = UNIT(s)->cgroup_path;
a931ad47 1428 exec_params.cgroup_delegate = s->cgroup_context.delegate;
9fa95f85 1429 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
9fa95f85 1430
f2341e0a
LP		 1431 r = exec_spawn(UNIT(s),
1432 c,
9e2f7c11 1433 &s->exec_context,
9fa95f85 1434 &exec_params,
613b411c 1435 s->exec_runtime,
9e2f7c11 1436 &pid);
cee288ad
TA		 1437 if (r < 0)
1438 goto fail;
9e2f7c11 1439
3900e5fd 1440 r = unit_watch_pid(UNIT(s), pid);
9e2f7c11 1441 if (r < 0)
3900e5fd 1442 /* FIXME: we need to do something here */
034c6ed7
LP		 1443 goto fail;
1444
3900e5fd
LP		 1445 *_pid = pid;
1446 return 0;
1447
1448fail:
1449 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1450 return r;
1451}
1452
1453static int socket_chown(Socket *s, pid_t *_pid) {
1454 pid_t pid;
1455 int r;
1456
1457 r = socket_arm_timer(s);
1458 if (r < 0)
1459 goto fail;
1460
1461 /* We have to resolve the user names out-of-process, hence
1462 * let's fork here. It's messy, but well, what can we do? */
1463
1464 pid = fork();
1465 if (pid < 0)
1466 return -errno;
1467
1468 if (pid == 0) {
1469 SocketPort *p;
fed1e721
LP		 1470 uid_t uid = UID_INVALID;
1471 gid_t gid = GID_INVALID;
3900e5fd
LP		 1472 int ret;
1473
1474 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1475 ignore_signals(SIGPIPE, -1);
1476 log_forget_fds();
1477
1478 if (!isempty(s->user)) {
1479 const char *user = s->user;
1480
1481 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1482 if (r < 0) {
1483 ret = EXIT_USER;
1484 goto fail_child;
1485 }
1486 }
1487
1488 if (!isempty(s->group)) {
1489 const char *group = s->group;
1490
1491 r = get_group_creds(&group, &gid);
1492 if (r < 0) {
1493 ret = EXIT_GROUP;
1494 goto fail_child;
1495 }
1496 }
1497
1498 LIST_FOREACH(port, p, s->ports) {
e5a1c18d 1499 const char *path = NULL;
3900e5fd
LP		 1500
1501 if (p->type == SOCKET_SOCKET)
1502 path = socket_address_get_path(&p->address);
1503 else if (p->type == SOCKET_FIFO)
1504 path = p->path;
1505
1506 if (!path)
1507 continue;
1508
1509 if (chown(path, uid, gid) < 0) {
1510 r = -errno;
1511 ret = EXIT_CHOWN;
1512 goto fail_child;
1513 }
1514 }
1515
1516 _exit(0);
1517
1518 fail_child:
1519 log_open();
da927ba9 1520 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
3900e5fd
LP		 1521
1522 _exit(ret);
1523 }
1524
718db961
LP		 1525 r = unit_watch_pid(UNIT(s), pid);
1526 if (r < 0)
034c6ed7 1527 goto fail;
83c60c9f 1528
034c6ed7 1529 *_pid = pid;
034c6ed7
LP		 1530 return 0;
1531
1532fail:
718db961 1533 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
83c60c9f 1534 return r;
542563ba
LP		 1535}
1536
cfc4eb4c 1537static void socket_enter_dead(Socket *s, SocketResult f) {
034c6ed7
LP		 1538 assert(s);
1539
cfc4eb4c
LP		 1540 if (f != SOCKET_SUCCESS)
1541 s->result = f;
034c6ed7 1542
613b411c
LP		 1543 exec_runtime_destroy(s->exec_runtime);
1544 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1545
e66cf1a3
LP		 1546 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1547
cfc4eb4c 1548 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
034c6ed7
LP		 1549}
1550
cfc4eb4c 1551static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
80876c20 1552
cfc4eb4c 1553static void socket_enter_stop_post(Socket *s, SocketResult f) {
034c6ed7
LP		 1554 int r;
1555 assert(s);
1556
cfc4eb4c
LP		 1557 if (f != SOCKET_SUCCESS)
1558 s->result = f;
034c6ed7 1559
5e94833f 1560 socket_unwatch_control_pid(s);
a16e1123 1561 s->control_command_id = SOCKET_EXEC_STOP_POST;
3900e5fd 1562 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
a16e1123 1563
3900e5fd
LP		 1564 if (s->control_command) {
1565 r = socket_spawn(s, s->control_command, &s->control_pid);
1566 if (r < 0)
034c6ed7
LP		 1567 goto fail;
1568
80876c20
LP		 1569 socket_set_state(s, SOCKET_STOP_POST);
1570 } else
cfc4eb4c 1571 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
034c6ed7
LP		 1572
1573 return;
1574
1575fail:
f2341e0a 1576 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
cfc4eb4c 1577 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1578}
1579
cfc4eb4c 1580static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
034c6ed7
LP		 1581 int r;
1582
1583 assert(s);
1584
cfc4eb4c
LP		 1585 if (f != SOCKET_SUCCESS)
1586 s->result = f;
034c6ed7 1587
cd2086fe
LP		 1588 r = unit_kill_context(
1589 UNIT(s),
1590 &s->kill_context,
db2cb23b
UTL		 1591 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1592 KILL_KILL : KILL_TERMINATE,
cd2086fe
LP		 1593 -1,
1594 s->control_pid,
1595 false);
1596 if (r < 0)
1597 goto fail;
034c6ed7 1598
cd2086fe 1599 if (r > 0) {
718db961 1600 r = socket_arm_timer(s);
36697dc0 1601 if (r < 0)
80876c20 1602 goto fail;
d6ea93e3 1603
80876c20 1604 socket_set_state(s, state);
ac84d1fb
LP		 1605 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1606 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1607 else if (state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1608 socket_enter_stop_post(s, SOCKET_SUCCESS);
ac84d1fb
LP		 1609 else if (state == SOCKET_FINAL_SIGTERM)
1610 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
80876c20 1611 else
cfc4eb4c 1612 socket_enter_dead(s, SOCKET_SUCCESS);
034c6ed7
LP		 1613
1614 return;
1615
1616fail:
f2341e0a 1617 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
034c6ed7
LP		 1618
1619 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1620 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1621 else
cfc4eb4c 1622 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1623}
1624
cfc4eb4c 1625static void socket_enter_stop_pre(Socket *s, SocketResult f) {
034c6ed7
LP		 1626 int r;
1627 assert(s);
1628
cfc4eb4c
LP		 1629 if (f != SOCKET_SUCCESS)
1630 s->result = f;
034c6ed7 1631
5e94833f 1632 socket_unwatch_control_pid(s);
a16e1123 1633 s->control_command_id = SOCKET_EXEC_STOP_PRE;
3900e5fd 1634 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
a16e1123 1635
3900e5fd
LP		 1636 if (s->control_command) {
1637 r = socket_spawn(s, s->control_command, &s->control_pid);
1638 if (r < 0)
034c6ed7
LP		 1639 goto fail;
1640
80876c20
LP		 1641 socket_set_state(s, SOCKET_STOP_PRE);
1642 } else
cfc4eb4c 1643 socket_enter_stop_post(s, SOCKET_SUCCESS);
034c6ed7
LP		 1644
1645 return;
1646
1647fail:
f2341e0a 1648 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
cfc4eb4c 1649 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1650}
1651
e9af15c3
LP		 1652static void socket_enter_listening(Socket *s) {
1653 int r;
1654 assert(s);
1655
cfc4eb4c
LP		 1656 r = socket_watch_fds(s);
1657 if (r < 0) {
f2341e0a 1658 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
e9af15c3
LP		 1659 goto fail;
1660 }
1661
1662 socket_set_state(s, SOCKET_LISTENING);
1663 return;
1664
1665fail:
cfc4eb4c 1666 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
e9af15c3
LP		 1667}
1668
034c6ed7
LP		 1669static void socket_enter_start_post(Socket *s) {
1670 int r;
1671 assert(s);
1672
3900e5fd
LP		 1673 socket_unwatch_control_pid(s);
1674 s->control_command_id = SOCKET_EXEC_START_POST;
1675 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1676
1677 if (s->control_command) {
1678 r = socket_spawn(s, s->control_command, &s->control_pid);
1679 if (r < 0) {
f2341e0a 1680 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
3900e5fd
LP		 1681 goto fail;
1682 }
1683
1684 socket_set_state(s, SOCKET_START_POST);
1685 } else
1686 socket_enter_listening(s);
1687
1688 return;
1689
1690fail:
1691 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1692}
1693
1694static void socket_enter_start_chown(Socket *s) {
1695 int r;
1696
1697 assert(s);
1698
cfc4eb4c
LP		 1699 r = socket_open_fds(s);
1700 if (r < 0) {
f2341e0a 1701 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
034c6ed7
LP		 1702 goto fail;
1703 }
1704
3900e5fd 1705 if (!isempty(s->user) || !isempty(s->group)) {
5e94833f 1706
3900e5fd
LP		 1707 socket_unwatch_control_pid(s);
1708 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1709 s->control_command = NULL;
a16e1123 1710
3900e5fd 1711 r = socket_chown(s, &s->control_pid);
cfc4eb4c 1712 if (r < 0) {
f2341e0a 1713 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
034c6ed7
LP		 1714 goto fail;
1715 }
1716
3900e5fd 1717 socket_set_state(s, SOCKET_START_CHOWN);
80876c20 1718 } else
3900e5fd 1719 socket_enter_start_post(s);
034c6ed7
LP		 1720
1721 return;
1722
1723fail:
cfc4eb4c 1724 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1725}
1726
1727static void socket_enter_start_pre(Socket *s) {
1728 int r;
1729 assert(s);
1730
5e94833f 1731 socket_unwatch_control_pid(s);
a16e1123 1732 s->control_command_id = SOCKET_EXEC_START_PRE;
3900e5fd 1733 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
a16e1123 1734
3900e5fd 1735 if (s->control_command) {
e821075a 1736 r = socket_spawn(s, s->control_command, &s->control_pid);
3900e5fd 1737 if (r < 0) {
f2341e0a 1738 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
034c6ed7 1739 goto fail;
3900e5fd 1740 }
034c6ed7 1741
80876c20
LP		 1742 socket_set_state(s, SOCKET_START_PRE);
1743 } else
3900e5fd 1744 socket_enter_start_chown(s);
034c6ed7
LP		 1745
1746 return;
1747
1748fail:
cfc4eb4c 1749 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1750}
1751
4f2d528d 1752static void socket_enter_running(Socket *s, int cfd) {
718db961 1753 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
034c6ed7
LP		 1754 int r;
1755
1756 assert(s);
1757
ba3e67a7
LP		 1758 /* We don't take connections anymore if we are supposed to
1759 * shut down anyway */
31afa0a4 1760 if (unit_stop_pending(UNIT(s))) {
e821075a 1761
f2341e0a 1762 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
5d909e3e 1763
7c610628 1764 if (cfd >= 0)
03e334a1 1765 safe_close(cfd);
7c610628
LP		 1766 else {
1767 /* Flush all sockets by closing and reopening them */
1768 socket_close_fds(s);
1769
16ac4014
LP		 1770 r = socket_open_fds(s);
1771 if (r < 0) {
f2341e0a 1772 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
16ac4014
LP		 1773 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1774 return;
1775 }
1776
1a710b43
MS		 1777 r = socket_watch_fds(s);
1778 if (r < 0) {
f2341e0a 1779 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
cfc4eb4c 1780 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
7c610628
LP		 1781 }
1782 }
1783
ba3e67a7
LP		 1784 return;
1785 }
1786
4f2d528d 1787 if (cfd < 0) {
57020a3a 1788 Iterator i;
e821075a 1789 Unit *other;
f976f3f6 1790 bool pending = false;
f976f3f6
LP		 1791
1792 /* If there's already a start pending don't bother to
1793 * do anything */
e821075a
LP		 1794 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1795 if (unit_active_or_pending(other)) {
57020a3a
LP		 1796 pending = true;
1797 break;
1798 }
f976f3f6 1799
1a710b43 1800 if (!pending) {
640ace4a 1801 if (!UNIT_ISSET(s->service)) {
f2341e0a 1802 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
640ace4a
LP		 1803 r = -ENOENT;
1804 goto fail;
1805 }
1806
1a710b43
MS		 1807 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1808 if (r < 0)
f976f3f6 1809 goto fail;
1a710b43 1810 }
4f2d528d
LP		 1811
1812 socket_set_state(s, SOCKET_RUNNING);
1813 } else {
e55001eb 1814 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
b15bdda8 1815 Service *service;
4f2d528d 1816
6cf6bbc2 1817 if (s->n_connections >= s->max_connections) {
f2341e0a 1818 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
03e334a1 1819 safe_close(cfd);
6cf6bbc2
LP		 1820 return;
1821 }
1822
1a710b43
MS		 1823 r = socket_instantiate_service(s);
1824 if (r < 0)
b15bdda8
LP		 1825 goto fail;
1826
1a710b43
MS		 1827 r = instance_from_socket(cfd, s->n_accepted, &instance);
1828 if (r < 0) {
1829 if (r != -ENOTCONN)
1830 goto fail;
1831
1832 /* ENOTCONN is legitimate if TCP RST was received.
1833 * This connection is over, but the socket unit lives on. */
03e334a1 1834 safe_close(cfd);
1a710b43
MS		 1835 return;
1836 }
4f2d528d 1837
7410616c
LP		 1838 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1839 if (r < 0)
4f2d528d 1840 goto fail;
4f2d528d 1841
7410616c
LP		 1842 r = unit_name_build(prefix, instance, ".service", &name);
1843 if (r < 0)
b6dbbe1c 1844 goto fail;
4f2d528d 1845
1a710b43 1846 r = unit_add_name(UNIT_DEREF(s->service), name);
e55001eb 1847 if (r < 0)
4f2d528d 1848 goto fail;
b15bdda8 1849
57020a3a
LP		 1850 service = SERVICE(UNIT_DEREF(s->service));
1851 unit_ref_unset(&s->service);
b15bdda8 1852 s->n_accepted ++;
4f2d528d 1853
1124fe6f 1854 UNIT(service)->no_gc = false;
6c073082 1855
b15bdda8 1856 unit_choose_id(UNIT(service), name);
b15bdda8 1857
16115b0a 1858 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1a710b43 1859 if (r < 0)
4f2d528d
LP		 1860 goto fail;
1861
1862 cfd = -1;
6cf6bbc2
LP		 1863 s->n_connections ++;
1864
1a710b43
MS		 1865 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1866 if (r < 0)
4f2d528d 1867 goto fail;
c4e2ceae
LP		 1868
1869 /* Notify clients about changed counters */
1870 unit_add_to_dbus_queue(UNIT(s));
4f2d528d 1871 }
034c6ed7 1872
034c6ed7
LP		 1873 return;
1874
1875fail:
f2341e0a
LP		 1876 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1877 cfd >= 0 ? "template" : "non-template",
718db961 1878 bus_error_message(&error, r));
e821075a 1879
60089004 1880 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
03e334a1 1881 safe_close(cfd);
034c6ed7
LP		 1882}
1883
cfc4eb4c 1884static void socket_run_next(Socket *s) {
034c6ed7
LP		 1885 int r;
1886
1887 assert(s);
1888 assert(s->control_command);
1889 assert(s->control_command->command_next);
1890
5e94833f
LP		 1891 socket_unwatch_control_pid(s);
1892
034c6ed7
LP		 1893 s->control_command = s->control_command->command_next;
1894
e821075a
LP		 1895 r = socket_spawn(s, s->control_command, &s->control_pid);
1896 if (r < 0)
034c6ed7
LP		 1897 goto fail;
1898
1899 return;
1900
1901fail:
f2341e0a 1902 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
80876c20
LP		 1903
1904 if (s->state == SOCKET_START_POST)
cfc4eb4c 1905 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1906 else if (s->state == SOCKET_STOP_POST)
cfc4eb4c 1907 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1908 else
cfc4eb4c 1909 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1910}
1911
87f0e418
LP		 1912static int socket_start(Unit *u) {
1913 Socket *s = SOCKET(u);
83c60c9f
LP		 1914
1915 assert(s);
1916
034c6ed7
LP		 1917 /* We cannot fulfill this request right now, try again later
1918 * please! */
3900e5fd
LP		 1919 if (IN_SET(s->state,
1920 SOCKET_STOP_PRE,
1921 SOCKET_STOP_PRE_SIGKILL,
1922 SOCKET_STOP_PRE_SIGTERM,
1923 SOCKET_STOP_POST,
1924 SOCKET_FINAL_SIGTERM,
1925 SOCKET_FINAL_SIGKILL))
034c6ed7
LP		 1926 return -EAGAIN;
1927
a4152e3f 1928 /* Already on it! */
3900e5fd
LP		 1929 if (IN_SET(s->state,
1930 SOCKET_START_PRE,
1931 SOCKET_START_CHOWN,
1932 SOCKET_START_POST))
034c6ed7 1933 return 0;
83c60c9f 1934
034c6ed7 1935 /* Cannot run this without the service being around */
9444b1f2 1936 if (UNIT_ISSET(s->service)) {
57020a3a
LP		 1937 Service *service;
1938
1939 service = SERVICE(UNIT_DEREF(s->service));
1940
1124fe6f 1941 if (UNIT(service)->load_state != UNIT_LOADED) {
f2341e0a 1942 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
4f2d528d 1943 return -ENOENT;
4ac9236f 1944 }
4f2d528d 1945
35b8ca3a 1946 /* If the service is already active we cannot start the
4f2d528d 1947 * socket */
57020a3a
LP		 1948 if (service->state != SERVICE_DEAD &&
1949 service->state != SERVICE_FAILED &&
1950 service->state != SERVICE_AUTO_RESTART) {
f2341e0a 1951 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
4f2d528d 1952 return -EBUSY;
4ac9236f 1953 }
4f2d528d 1954 }
e537352b 1955
fdf20a31 1956 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
83c60c9f 1957
cfc4eb4c 1958 s->result = SOCKET_SUCCESS;
5ad096b3
LP		 1959 s->reset_cpu_usage = true;
1960
034c6ed7 1961 socket_enter_start_pre(s);
e821075a 1962
82a2b6bb 1963 return 1;
034c6ed7 1964}
83c60c9f 1965
87f0e418
LP		 1966static int socket_stop(Unit *u) {
1967 Socket *s = SOCKET(u);
034c6ed7
LP		 1968
1969 assert(s);
1970
e537352b 1971 /* Already on it */
3900e5fd
LP		 1972 if (IN_SET(s->state,
1973 SOCKET_STOP_PRE,
1974 SOCKET_STOP_PRE_SIGTERM,
1975 SOCKET_STOP_PRE_SIGKILL,
1976 SOCKET_STOP_POST,
1977 SOCKET_FINAL_SIGTERM,
1978 SOCKET_FINAL_SIGKILL))
e537352b
LP		 1979 return 0;
1980
3f6c78dc
LP		 1981 /* If there's already something running we go directly into
1982 * kill mode. */
3900e5fd
LP		 1983 if (IN_SET(s->state,
1984 SOCKET_START_PRE,
1985 SOCKET_START_CHOWN,
1986 SOCKET_START_POST)) {
cfc4eb4c 1987 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
3f6c78dc
LP		 1988 return -EAGAIN;
1989 }
1990
034c6ed7 1991 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
83c60c9f 1992
cfc4eb4c 1993 socket_enter_stop_pre(s, SOCKET_SUCCESS);
82a2b6bb 1994 return 1;
542563ba
LP		 1995}
1996
a16e1123
LP		 1997static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1998 Socket *s = SOCKET(u);
1999 SocketPort *p;
2000 int r;
2001
2002 assert(u);
2003 assert(f);
2004 assert(fds);
2005
2006 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
cfc4eb4c 2007 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
a16e1123
LP		 2008 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2009
2010 if (s->control_pid > 0)
de0671ee 2011 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
a16e1123
LP		 2012
2013 if (s->control_command_id >= 0)
2014 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2015
2016 LIST_FOREACH(port, p, s->ports) {
2017 int copy;
2018
2019 if (p->fd < 0)
2020 continue;
2021
613b411c
LP		 2022 copy = fdset_put_dup(fds, p->fd);
2023 if (copy < 0)
a16e1123
LP		 2024 return copy;
2025
2026 if (p->type == SOCKET_SOCKET) {
613b411c 2027 _cleanup_free_ char *t = NULL;
a16e1123 2028
ee092817
LP		 2029 r = socket_address_print(&p->address, &t);
2030 if (r < 0)
a16e1123
LP		 2031 return r;
2032
7a22745a
LP		 2033 if (socket_address_family(&p->address) == AF_NETLINK)
2034 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2035 else
2036 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
613b411c 2037
b0a3f2bc
LP		 2038 } else if (p->type == SOCKET_SPECIAL)
2039 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
ee092817
LP		 2040 else if (p->type == SOCKET_MQUEUE)
2041 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
b0a3f2bc 2042 else {
a16e1123
LP		 2043 assert(p->type == SOCKET_FIFO);
2044 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2045 }
2046 }
2047
2048 return 0;
2049}
2050
2051static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2052 Socket *s = SOCKET(u);
a16e1123
LP		 2053
2054 assert(u);
2055 assert(key);
2056 assert(value);
a16e1123
LP		 2057
2058 if (streq(key, "state")) {
2059 SocketState state;
2060
ee092817
LP		 2061 state = socket_state_from_string(value);
2062 if (state < 0)
f2341e0a 2063 log_unit_debug(u, "Failed to parse state value: %s", value);
a16e1123
LP		 2064 else
2065 s->deserialized_state = state;
cfc4eb4c
LP		 2066 } else if (streq(key, "result")) {
2067 SocketResult f;
a16e1123 2068
cfc4eb4c
LP		 2069 f = socket_result_from_string(value);
2070 if (f < 0)
f2341e0a 2071 log_unit_debug(u, "Failed to parse result value: %s", value);
cfc4eb4c
LP		 2072 else if (f != SOCKET_SUCCESS)
2073 s->result = f;
a16e1123
LP		 2074
2075 } else if (streq(key, "n-accepted")) {
2076 unsigned k;
2077
e364ad06 2078 if (safe_atou(value, &k) < 0)
f2341e0a 2079 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
a16e1123
LP		 2080 else
2081 s->n_accepted += k;
2082 } else if (streq(key, "control-pid")) {
5925dd3c 2083 pid_t pid;
a16e1123 2084
e364ad06 2085 if (parse_pid(value, &pid) < 0)
f2341e0a 2086 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
a16e1123 2087 else
5925dd3c 2088 s->control_pid = pid;
a16e1123
LP		 2089 } else if (streq(key, "control-command")) {
2090 SocketExecCommand id;
2091
66870f90
ZJS		 2092 id = socket_exec_command_from_string(value);
2093 if (id < 0)
f2341e0a 2094 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
a16e1123
LP		 2095 else {
2096 s->control_command_id = id;
2097 s->control_command = s->exec_command[id];
2098 }
2099 } else if (streq(key, "fifo")) {
2100 int fd, skip = 0;
2101 SocketPort *p;
2102
2103 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2104 log_unit_debug(u, "Failed to parse fifo value: %s", value);
a16e1123
LP		 2105 else {
2106
2107 LIST_FOREACH(port, p, s->ports)
b0a3f2bc 2108 if (p->type == SOCKET_FIFO &&
c78e47a6 2109 path_equal_or_files_same(p->path, value+skip))
b0a3f2bc
LP		 2110 break;
2111
2112 if (p) {
03e334a1 2113 safe_close(p->fd);
b0a3f2bc
LP		 2114 p->fd = fdset_remove(fds, fd);
2115 }
2116 }
2117
2118 } else if (streq(key, "special")) {
2119 int fd, skip = 0;
2120 SocketPort *p;
2121
2122 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2123 log_unit_debug(u, "Failed to parse special value: %s", value);
b0a3f2bc
LP		 2124 else {
2125
2126 LIST_FOREACH(port, p, s->ports)
2127 if (p->type == SOCKET_SPECIAL &&
c78e47a6 2128 path_equal_or_files_same(p->path, value+skip))
a16e1123
LP		 2129 break;
2130
2131 if (p) {
03e334a1 2132 safe_close(p->fd);
a16e1123
LP		 2133 p->fd = fdset_remove(fds, fd);
2134 }
2135 }
2136
ee092817
LP		 2137 } else if (streq(key, "mqueue")) {
2138 int fd, skip = 0;
2139 SocketPort *p;
2140
2141 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2142 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
ee092817
LP		 2143 else {
2144
2145 LIST_FOREACH(port, p, s->ports)
2146 if (p->type == SOCKET_MQUEUE &&
c78e47a6 2147 streq(p->path, value+skip))
ee092817
LP		 2148 break;
2149
2150 if (p) {
03e334a1 2151 safe_close(p->fd);
ee092817
LP		 2152 p->fd = fdset_remove(fds, fd);
2153 }
2154 }
2155
a16e1123 2156 } else if (streq(key, "socket")) {
27ca8d7a 2157 int fd, type, skip = 0;
a16e1123
LP		 2158 SocketPort *p;
2159
27ca8d7a 2160 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
f2341e0a 2161 log_unit_debug(u, "Failed to parse socket value: %s", value);
a16e1123
LP		 2162 else {
2163
2164 LIST_FOREACH(port, p, s->ports)
27ca8d7a 2165 if (socket_address_is(&p->address, value+skip, type))
a16e1123
LP		 2166 break;
2167
2168 if (p) {
03e334a1 2169 safe_close(p->fd);
a16e1123
LP		 2170 p->fd = fdset_remove(fds, fd);
2171 }
2172 }
2173
7a22745a
LP		 2174 } else if (streq(key, "netlink")) {
2175 int fd, skip = 0;
2176 SocketPort *p;
2177
2178 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2179 log_unit_debug(u, "Failed to parse socket value: %s", value);
7a22745a
LP		 2180 else {
2181
2182 LIST_FOREACH(port, p, s->ports)
2183 if (socket_address_is_netlink(&p->address, value+skip))
2184 break;
2185
2186 if (p) {
03e334a1 2187 safe_close(p->fd);
7a22745a
LP		 2188 p->fd = fdset_remove(fds, fd);
2189 }
2190 }
a16e1123 2191 } else
f2341e0a 2192 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
a16e1123
LP		 2193
2194 return 0;
2195}
2196
01e10de3
LP		 2197static int socket_distribute_fds(Unit *u, FDSet *fds) {
2198 Socket *s = SOCKET(u);
2199 SocketPort *p;
2200
2201 assert(u);
2202
2203 LIST_FOREACH(port, p, s->ports) {
2204 Iterator i;
2205 int fd;
2206
2207 if (p->type != SOCKET_SOCKET)
2208 continue;
2209
2210 if (p->fd >= 0)
2211 continue;
2212
2213 FDSET_FOREACH(fd, fds, i) {
2214 if (socket_address_matches_fd(&p->address, fd)) {
2215 p->fd = fdset_remove(fds, fd);
2216 s->deserialized_state = SOCKET_LISTENING;
2217 break;
2218 }
2219 }
2220 }
2221
2222 return 0;
2223}
2224
44a6b1b6 2225_pure_ static UnitActiveState socket_active_state(Unit *u) {
87f0e418 2226 assert(u);
5cb5a6ff 2227
acbb0225 2228 return state_translation_table[SOCKET(u)->state];
5cb5a6ff
LP		 2229}
2230
44a6b1b6 2231_pure_ static const char *socket_sub_state_to_string(Unit *u) {
10a94420
LP		 2232 assert(u);
2233
a16e1123 2234 return socket_state_to_string(SOCKET(u)->state);
10a94420
LP		 2235}
2236
67419600
OS		 2237const char* socket_port_type_to_string(SocketPort *p) {
2238
2239 assert(p);
2240
2241 switch (p->type) {
718db961
LP		 2242
2243 case SOCKET_SOCKET:
2244
2245 switch (p->address.type) {
2246
2247 case SOCK_STREAM:
2248 return "Stream";
2249
2250 case SOCK_DGRAM:
2251 return "Datagram";
2252
2253 case SOCK_SEQPACKET:
2254 return "SequentialPacket";
2255
2256 case SOCK_RAW:
2257 if (socket_address_family(&p->address) == AF_NETLINK)
2258 return "Netlink";
2259
2260 default:
2261 return NULL;
2262 }
2263
2264 case SOCKET_SPECIAL:
2265 return "Special";
2266
2267 case SOCKET_MQUEUE:
2268 return "MessageQueue";
2269
2270 case SOCKET_FIFO:
2271 return "FIFO";
2272
2273 default:
2274 return NULL;
67419600
OS		 2275 }
2276}
2277
44a6b1b6 2278_pure_ static bool socket_check_gc(Unit *u) {
6cf6bbc2
LP		 2279 Socket *s = SOCKET(u);
2280
2281 assert(u);
2282
2283 return s->n_connections > 0;
2284}
2285
718db961
LP		 2286static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2287 SocketPort *p = userdata;
4f2d528d 2288 int cfd = -1;
9152c765 2289
718db961 2290 assert(p);
8d567588 2291 assert(fd >= 0);
9152c765 2292
718db961
LP		 2293 if (p->socket->state != SOCKET_LISTENING)
2294 return 0;
871d7de4 2295
f2341e0a 2296 log_unit_debug(UNIT(p->socket), "Incoming traffic");
9152c765 2297
718db961 2298 if (revents != EPOLLIN) {
641e01dc 2299
718db961 2300 if (revents & EPOLLHUP)
f2341e0a 2301 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
641e01dc 2302 else
f2341e0a 2303 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
641e01dc 2304
8d567588 2305 goto fail;
4f2d528d
LP		 2306 }
2307
718db961
LP		 2308 if (p->socket->accept &&
2309 p->type == SOCKET_SOCKET &&
2310 socket_address_can_accept(&p->address)) {
2311
4f2d528d
LP		 2312 for (;;) {
2313
b14eda96
LP		 2314 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2315 if (cfd < 0) {
4f2d528d
LP		 2316
2317 if (errno == EINTR)
2318 continue;
2319
f2341e0a 2320 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
8d567588 2321 goto fail;
4f2d528d
LP		 2322 }
2323
2324 break;
2325 }
4fd5948e 2326
718db961 2327 socket_apply_socket_options(p->socket, cfd);
4f2d528d 2328 }
9152c765 2329
718db961
LP		 2330 socket_enter_running(p->socket, cfd);
2331 return 0;
8d567588
LP		 2332
2333fail:
718db961
LP		 2334 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2335 return 0;
9152c765
LP		 2336}
2337
87f0e418
LP		 2338static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2339 Socket *s = SOCKET(u);
cfc4eb4c 2340 SocketResult f;
5cb5a6ff
LP		 2341
2342 assert(s);
034c6ed7 2343 assert(pid >= 0);
5cb5a6ff 2344
8c47c732
LP		 2345 if (pid != s->control_pid)
2346 return;
542563ba 2347
034c6ed7
LP		 2348 s->control_pid = 0;
2349
96342de6 2350 if (is_clean_exit(code, status, NULL))
cfc4eb4c
LP		 2351 f = SOCKET_SUCCESS;
2352 else if (code == CLD_EXITED)
2353 f = SOCKET_FAILURE_EXIT_CODE;
2354 else if (code == CLD_KILLED)
2355 f = SOCKET_FAILURE_SIGNAL;
2356 else if (code == CLD_DUMPED)
2357 f = SOCKET_FAILURE_CORE_DUMP;
2358 else
a4152e3f 2359 assert_not_reached("Unknown sigchld code");
8c47c732 2360
b708e7ce 2361 if (s->control_command) {
6ea832a2 2362 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
a16e1123 2363
b708e7ce 2364 if (s->control_command->ignore)
cfc4eb4c 2365 f = SOCKET_SUCCESS;
b708e7ce
LP		 2366 }
2367
f2341e0a
LP		 2368 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2369 "Control process exited, code=%s status=%i",
2370 sigchld_code_to_string(code), status);
034c6ed7 2371
cfc4eb4c
LP		 2372 if (f != SOCKET_SUCCESS)
2373 s->result = f;
2374
2375 if (s->control_command &&
2376 s->control_command->command_next &&
2377 f == SOCKET_SUCCESS) {
2378
f2341e0a 2379 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
cfc4eb4c 2380 socket_run_next(s);
acbb0225 2381 } else {
a16e1123
LP		 2382 s->control_command = NULL;
2383 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2384
034c6ed7
LP		 2385 /* No further commands for this step, so let's figure
2386 * out what to do next */
5cb5a6ff 2387
f2341e0a 2388 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
acbb0225 2389
034c6ed7
LP		 2390 switch (s->state) {
2391
2392 case SOCKET_START_PRE:
cfc4eb4c 2393 if (f == SOCKET_SUCCESS)
3900e5fd 2394 socket_enter_start_chown(s);
034c6ed7 2395 else
cfc4eb4c 2396 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
034c6ed7
LP		 2397 break;
2398
3900e5fd
LP		 2399 case SOCKET_START_CHOWN:
2400 if (f == SOCKET_SUCCESS)
2401 socket_enter_start_post(s);
2402 else
2403 socket_enter_stop_pre(s, f);
2404 break;
2405
034c6ed7 2406 case SOCKET_START_POST:
cfc4eb4c 2407 if (f == SOCKET_SUCCESS)
e9af15c3 2408 socket_enter_listening(s);
034c6ed7 2409 else
cfc4eb4c 2410 socket_enter_stop_pre(s, f);
034c6ed7
LP		 2411 break;
2412
2413 case SOCKET_STOP_PRE:
2414 case SOCKET_STOP_PRE_SIGTERM:
2415 case SOCKET_STOP_PRE_SIGKILL:
cfc4eb4c 2416 socket_enter_stop_post(s, f);
034c6ed7
LP		 2417 break;
2418
2419 case SOCKET_STOP_POST:
80876c20
LP		 2420 case SOCKET_FINAL_SIGTERM:
2421 case SOCKET_FINAL_SIGKILL:
cfc4eb4c 2422 socket_enter_dead(s, f);
034c6ed7
LP		 2423 break;
2424
2425 default:
2426 assert_not_reached("Uh, control process died at wrong time.");
2427 }
2428 }
c4e2ceae
LP		 2429
2430 /* Notify clients about changed exit status */
2431 unit_add_to_dbus_queue(u);
034c6ed7 2432}
5cb5a6ff 2433
718db961
LP		 2434static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2435 Socket *s = SOCKET(userdata);
5cb5a6ff 2436
034c6ed7 2437 assert(s);
718db961 2438 assert(s->timer_event_source == source);
034c6ed7
LP		 2439
2440 switch (s->state) {
2441
2442 case SOCKET_START_PRE:
f2341e0a 2443 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
cfc4eb4c 2444 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
da19d5c1 2445 break;
80876c20 2446
3900e5fd 2447 case SOCKET_START_CHOWN:
034c6ed7 2448 case SOCKET_START_POST:
f2341e0a 2449 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
cfc4eb4c 2450 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2451 break;
2452
2453 case SOCKET_STOP_PRE:
f2341e0a 2454 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
cfc4eb4c 2455 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2456 break;
2457
2458 case SOCKET_STOP_PRE_SIGTERM:
4819ff03 2459 if (s->kill_context.send_sigkill) {
f2341e0a 2460 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
cfc4eb4c 2461 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2462 } else {
f2341e0a 2463 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
cfc4eb4c 2464 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2465 }
034c6ed7
LP		 2466 break;
2467
2468 case SOCKET_STOP_PRE_SIGKILL:
f2341e0a 2469 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
cfc4eb4c 2470 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2471 break;
2472
2473 case SOCKET_STOP_POST:
f2341e0a 2474 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
cfc4eb4c 2475 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2476 break;
2477
80876c20 2478 case SOCKET_FINAL_SIGTERM:
4819ff03 2479 if (s->kill_context.send_sigkill) {
f2341e0a 2480 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
cfc4eb4c 2481 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2482 } else {
f2341e0a 2483 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
cfc4eb4c 2484 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2485 }
034c6ed7
LP		 2486 break;
2487
80876c20 2488 case SOCKET_FINAL_SIGKILL:
f2341e0a 2489 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
cfc4eb4c 2490 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2491 break;
2492
2493 default:
2494 assert_not_reached("Timeout at wrong time.");
2495 }
718db961
LP		 2496
2497 return 0;
5cb5a6ff
LP		 2498}
2499
44d8db9e
LP		 2500int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2501 int *rfds;
2502 unsigned rn_fds, k;
2503 SocketPort *p;
2504
2505 assert(s);
2506 assert(fds);
2507 assert(n_fds);
2508
2509 /* Called from the service code for requesting our fds */
2510
2511 rn_fds = 0;
2512 LIST_FOREACH(port, p, s->ports)
2513 if (p->fd >= 0)
2514 rn_fds++;
2515
de3756ab
LP		 2516 if (rn_fds <= 0) {
2517 *fds = NULL;
2518 *n_fds = 0;
2519 return 0;
2520 }
2521
e5403f09
LP		 2522 rfds = new(int, rn_fds);
2523 if (!rfds)
44d8db9e
LP		 2524 return -ENOMEM;
2525
2526 k = 0;
2527 LIST_FOREACH(port, p, s->ports)
2528 if (p->fd >= 0)
2529 rfds[k++] = p->fd;
2530
2531 assert(k == rn_fds);
2532
2533 *fds = rfds;
2534 *n_fds = rn_fds;
2535
2536 return 0;
2537}
2538
e821075a
LP		 2539static void socket_reset_failed(Unit *u) {
2540 Socket *s = SOCKET(u);
2541
2542 assert(s);
2543
2544 if (s->state == SOCKET_FAILED)
2545 socket_set_state(s, SOCKET_DEAD);
2546
2547 s->result = SOCKET_SUCCESS;
2548}
2549
d137a488 2550static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
ceee3d82
LP		 2551 assert(s);
2552
6cf6bbc2
LP		 2553 /* The service is dead. Dang!
2554 *
2555 * This is strictly for one-instance-for-all-connections
2556 * services. */
ceee3d82
LP		 2557
2558 if (s->state == SOCKET_RUNNING) {
f2341e0a 2559 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
6bda96a0
LP		 2560 if (failed_permanent)
2561 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
c2f34808
MS		 2562 else
2563 socket_enter_listening(s);
ceee3d82
LP		 2564 }
2565}
2566
6cf6bbc2
LP		 2567void socket_connection_unref(Socket *s) {
2568 assert(s);
2569
2570 /* The service is dead. Yay!
2571 *
35b8ca3a 2572 * This is strictly for one-instance-per-connection
6cf6bbc2
LP		 2573 * services. */
2574
2575 assert(s->n_connections > 0);
2576 s->n_connections--;
2577
f2341e0a 2578 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
5632e374
LP		 2579}
2580
d137a488
UTL		 2581static void socket_trigger_notify(Unit *u, Unit *other) {
2582 Socket *s = SOCKET(u);
e821075a 2583 Service *se;
d137a488
UTL		 2584
2585 assert(u);
2586 assert(other);
2587
2588 /* Don't propagate state changes from the service if we are
2589 already down or accepting connections */
2590 if ((s->state != SOCKET_RUNNING &&
2591 s->state != SOCKET_LISTENING) ||
2592 s->accept)
2593 return;
2594
2595 if (other->load_state != UNIT_LOADED ||
2596 other->type != UNIT_SERVICE)
2597 return;
2598
e821075a
LP		 2599 se = SERVICE(other);
2600
d137a488
UTL		 2601 if (se->state == SERVICE_FAILED)
2602 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2603
2604 if (se->state == SERVICE_DEAD ||
d137a488
UTL		 2605 se->state == SERVICE_FINAL_SIGTERM ||
2606 se->state == SERVICE_FINAL_SIGKILL ||
2607 se->state == SERVICE_AUTO_RESTART)
2608 socket_notify_service_dead(s, false);
2609
2610 if (se->state == SERVICE_RUNNING)
2611 socket_set_state(s, SOCKET_RUNNING);
2612}
2613
718db961 2614static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
814cc562 2615 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
8a0867d6
LP		 2616}
2617
68db7a3b
ZJS		 2618static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2619 Socket *s = SOCKET(u);
2620 int r;
2621
2622 if (!s->timer_event_source)
2623 return 0;
2624
2625 r = sd_event_source_get_time(s->timer_event_source, timeout);
2626 if (r < 0)
2627 return r;
2628
2629 return 1;
2630}
2631
a16e1123
LP		 2632static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2633 [SOCKET_DEAD] = "dead",
2634 [SOCKET_START_PRE] = "start-pre",
3900e5fd 2635 [SOCKET_START_CHOWN] = "start-chown",
a16e1123
LP		 2636 [SOCKET_START_POST] = "start-post",
2637 [SOCKET_LISTENING] = "listening",
2638 [SOCKET_RUNNING] = "running",
2639 [SOCKET_STOP_PRE] = "stop-pre",
2640 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2641 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2642 [SOCKET_STOP_POST] = "stop-post",
2643 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2644 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
fdf20a31 2645 [SOCKET_FAILED] = "failed"
a16e1123
LP		 2646};
2647
2648DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2649
2650static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2651 [SOCKET_EXEC_START_PRE] = "StartPre",
3900e5fd 2652 [SOCKET_EXEC_START_CHOWN] = "StartChown",
a16e1123
LP		 2653 [SOCKET_EXEC_START_POST] = "StartPost",
2654 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2655 [SOCKET_EXEC_STOP_POST] = "StopPost"
2656};
2657
2658DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2659
cfc4eb4c
LP		 2660static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2661 [SOCKET_SUCCESS] = "success",
2662 [SOCKET_FAILURE_RESOURCES] = "resources",
2663 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2664 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2665 [SOCKET_FAILURE_SIGNAL] = "signal",
c2f34808 2666 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
6bda96a0 2667 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
cfc4eb4c
LP		 2668};
2669
2670DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2671
87f0e418 2672const UnitVTable socket_vtable = {
7d17cfbc 2673 .object_size = sizeof(Socket),
718db961
LP		 2674 .exec_context_offset = offsetof(Socket, exec_context),
2675 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2676 .kill_context_offset = offsetof(Socket, kill_context),
613b411c 2677 .exec_runtime_offset = offsetof(Socket, exec_runtime),
3ef63c31 2678
f975e971
LP		 2679 .sections =
2680 "Unit\0"
2681 "Socket\0"
2682 "Install\0",
4ad49000 2683 .private_section = "Socket",
71645aca 2684
034c6ed7
LP		 2685 .init = socket_init,
2686 .done = socket_done,
a16e1123
LP		 2687 .load = socket_load,
2688
2689 .coldplug = socket_coldplug,
034c6ed7 2690
5cb5a6ff
LP		 2691 .dump = socket_dump,
2692
542563ba
LP		 2693 .start = socket_start,
2694 .stop = socket_stop,
5cb5a6ff 2695
718db961
LP		 2696 .kill = socket_kill,
2697
68db7a3b
ZJS		 2698 .get_timeout = socket_get_timeout,
2699
a16e1123
LP		 2700 .serialize = socket_serialize,
2701 .deserialize_item = socket_deserialize_item,
01e10de3 2702 .distribute_fds = socket_distribute_fds,
a16e1123 2703
5cb5a6ff 2704 .active_state = socket_active_state,
10a94420 2705 .sub_state_to_string = socket_sub_state_to_string,
5cb5a6ff 2706
6cf6bbc2
LP		 2707 .check_gc = socket_check_gc,
2708
034c6ed7 2709 .sigchld_event = socket_sigchld_event,
4139c1b2 2710
d137a488
UTL		 2711 .trigger_notify = socket_trigger_notify,
2712
fdf20a31 2713 .reset_failed = socket_reset_failed,
5632e374 2714
c4e2ceae 2715 .bus_interface = "org.freedesktop.systemd1.Socket",
718db961 2716 .bus_vtable = bus_socket_vtable,
74c964d3
LP		 2717 .bus_set_property = bus_socket_set_property,
2718 .bus_commit_properties = bus_socket_commit_properties,
c6918296
MS		 2719
2720 .status_message_formats = {
2721 /*.starting_stopping = {
2722 [0] = "Starting socket %s...",
2723 [1] = "Stopping socket %s...",
2724 },*/
2725 .finished_start_job = {
2726 [JOB_DONE] = "Listening on %s.",
2727 [JOB_FAILED] = "Failed to listen on %s.",
2728 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2729 [JOB_TIMEOUT] = "Timed out starting %s.",
2730 },
2731 .finished_stop_job = {
2732 [JOB_DONE] = "Closed %s.",
2733 [JOB_FAILED] = "Failed stopping %s.",
2734 [JOB_TIMEOUT] = "Timed out stopping %s.",
2735 },
2736 },
5cb5a6ff 2737};
Unnamed repository; edit this file 'description' to name the repository.