]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/socket.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #954 from poettering/nss-myhostname-loopback
[thirdparty/systemd.git] / src / core / socket.c
CommitLineData
d6c9574f 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
5cb5a6ff 2
a7334b09
LP		 3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
a7334b09 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
83c60c9f
LP		 22#include <sys/stat.h>
23#include <unistd.h>
24#include <errno.h>
25#include <fcntl.h>
f94ea366 26#include <sys/epoll.h>
034c6ed7 27#include <signal.h>
4f2d528d 28#include <arpa/inet.h>
718db961 29#include <netinet/tcp.h>
916abb21 30#include <mqueue.h>
83c60c9f 31
718db961 32#include "sd-event.h"
83c60c9f 33#include "log.h"
9e2f7c11 34#include "strv.h"
49e942b2 35#include "mkdir.h"
9eb977db 36#include "path-util.h"
4f2d528d 37#include "unit-name.h"
41f9172f 38#include "unit-printf.h"
4fd5948e 39#include "missing.h"
a40eb732 40#include "special.h"
e51bc1a2 41#include "label.h"
9a57c629 42#include "exit-status.h"
f6a6225e 43#include "def.h"
5a045dad 44#include "smack-util.h"
718db961 45#include "bus-util.h"
d7b8eec7 46#include "selinux-util.h"
e821075a
LP		 47#include "dbus-socket.h"
48#include "unit.h"
6482f626 49#include "formats-util.h"
24882e06
LP		 50#include "signal-util.h"
51#include "socket.h"
83c60c9f 52
acbb0225 53static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
87f0e418
LP		 54 [SOCKET_DEAD] = UNIT_INACTIVE,
55 [SOCKET_START_PRE] = UNIT_ACTIVATING,
3900e5fd 56 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
87f0e418
LP		 57 [SOCKET_START_POST] = UNIT_ACTIVATING,
58 [SOCKET_LISTENING] = UNIT_ACTIVE,
59 [SOCKET_RUNNING] = UNIT_ACTIVE,
60 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
61 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
62 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
80876c20
LP		 64 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
65 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
fdf20a31 66 [SOCKET_FAILED] = UNIT_FAILED
83c60c9f 67};
5cb5a6ff 68
718db961
LP		 69static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
70static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
71
a16e1123
LP		 72static void socket_init(Unit *u) {
73 Socket *s = SOCKET(u);
74
75 assert(u);
ac155bb8 76 assert(u->load_state == UNIT_STUB);
a16e1123 77
a16e1123 78 s->backlog = SOMAXCONN;
1f19a534 79 s->timeout_usec = u->manager->default_timeout_start_usec;
a16e1123 80 s->directory_mode = 0755;
9131f660 81 s->socket_mode = 0666;
a16e1123 82
6cf6bbc2
LP		 83 s->max_connections = 64;
84
4fd5948e 85 s->priority = -1;
4fd5948e
LP		 86 s->ip_tos = -1;
87 s->ip_ttl = -1;
4fd5948e 88 s->mark = -1;
4fd5948e 89
ac155bb8
MS		 90 s->exec_context.std_output = u->manager->default_std_output;
91 s->exec_context.std_error = u->manager->default_std_error;
085afe36 92
a16e1123
LP		 93 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
94}
acbb0225 95
5e94833f
LP		 96static void socket_unwatch_control_pid(Socket *s) {
97 assert(s);
98
99 if (s->control_pid <= 0)
100 return;
101
102 unit_unwatch_pid(UNIT(s), s->control_pid);
103 s->control_pid = 0;
104}
105
74051b9b 106void socket_free_ports(Socket *s) {
034c6ed7
LP		 107 SocketPort *p;
108
109 assert(s);
110
111 while ((p = s->ports)) {
71fda00f 112 LIST_REMOVE(port, s->ports, p);
034c6ed7 113
718db961
LP		 114 sd_event_source_unref(p->event_source);
115
03e334a1 116 safe_close(p->fd);
034c6ed7
LP		 117 free(p->path);
118 free(p);
119 }
74051b9b
LP		 120}
121
122static void socket_done(Unit *u) {
123 Socket *s = SOCKET(u);
124
125 assert(s);
126
127 socket_free_ports(s);
034c6ed7 128
613b411c 129 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
e537352b 130 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
034c6ed7
LP		 131 s->control_command = NULL;
132
5e94833f 133 socket_unwatch_control_pid(s);
034c6ed7 134
57020a3a 135 unit_ref_unset(&s->service);
034c6ed7 136
cebf8b20
TT		 137 free(s->tcp_congestion);
138 s->tcp_congestion = NULL;
139
acbb0225 140 free(s->bind_to_device);
e537352b 141 s->bind_to_device = NULL;
acbb0225 142
0eb59ccf
AK		 143 free(s->smack);
144 free(s->smack_ip_in);
145 free(s->smack_ip_out);
146
811ba7a0
LP		 147 strv_free(s->symlinks);
148
3900e5fd
LP		 149 free(s->user);
150 free(s->group);
151
718db961
LP		 152 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
153}
154
155static int socket_arm_timer(Socket *s) {
156 int r;
157
158 assert(s);
159
160 if (s->timeout_usec <= 0) {
161 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
162 return 0;
163 }
164
165 if (s->timer_event_source) {
166 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
167 if (r < 0)
168 return r;
169
170 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
171 }
172
7dfbe2e3 173 r = sd_event_add_time(
6a0f1f6d
LP		 174 UNIT(s)->manager->event,
175 &s->timer_event_source,
176 CLOCK_MONOTONIC,
177 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
178 socket_dispatch_timer, s);
7dfbe2e3
TG		 179 if (r < 0)
180 return r;
181
182 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
183
184 return 0;
5cb5a6ff
LP		 185}
186
8b835fcc
ZJS		 187int socket_instantiate_service(Socket *s) {
188 _cleanup_free_ char *prefix = NULL, *name = NULL;
b15bdda8
LP		 189 int r;
190 Unit *u;
191
192 assert(s);
193
194 /* This fills in s->service if it isn't filled in yet. For
195 * Accept=yes sockets we create the next connection service
196 * here. For Accept=no this is mostly a NOP since the service
197 * is figured out at load time anyway. */
198
7410616c 199 if (UNIT_DEREF(s->service))
b15bdda8
LP		 200 return 0;
201
7410616c
LP		 202 if (!s->accept)
203 return 0;
204
205 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
206 if (r < 0)
207 return r;
b15bdda8 208
315db1a8 209 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
b15bdda8
LP		 210 return -ENOMEM;
211
1124fe6f 212 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
b15bdda8
LP		 213 if (r < 0)
214 return r;
215
ac155bb8 216 u->no_gc = true;
57020a3a
LP		 217 unit_ref_set(&s->service, u);
218
219 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
b15bdda8
LP		 220}
221
4f2d528d
LP		 222static bool have_non_accept_socket(Socket *s) {
223 SocketPort *p;
224
225 assert(s);
226
227 if (!s->accept)
228 return true;
229
dd5ad9d4
LP		 230 LIST_FOREACH(port, p, s->ports) {
231
232 if (p->type != SOCKET_SOCKET)
233 return true;
234
4f2d528d
LP		 235 if (!socket_address_can_accept(&p->address))
236 return true;
dd5ad9d4 237 }
4f2d528d
LP		 238
239 return false;
240}
241
a57f7e2c 242static int socket_add_mount_links(Socket *s) {
6e2ef85b 243 SocketPort *p;
6e2ef85b
LP		 244 int r;
245
246 assert(s);
6e2ef85b 247
a57f7e2c
LP		 248 LIST_FOREACH(port, p, s->ports) {
249 const char *path = NULL;
6e2ef85b 250
a57f7e2c
LP		 251 if (p->type == SOCKET_SOCKET)
252 path = socket_address_get_path(&p->address);
253 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
254 path = p->path;
6e2ef85b 255
a57f7e2c
LP		 256 if (!path)
257 continue;
6e2ef85b 258
a57f7e2c 259 r = unit_require_mounts_for(UNIT(s), path);
b87705cd 260 if (r < 0)
6e2ef85b 261 return r;
b87705cd 262 }
6e2ef85b
LP		 263
264 return 0;
265}
266
267static int socket_add_device_link(Socket *s) {
268 char *t;
6e2ef85b
LP		 269
270 assert(s);
271
7d0c710d 272 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
6e2ef85b
LP		 273 return 0;
274
63c372cb 275 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
e821075a 276 return unit_add_node_link(UNIT(s), t, false);
6e2ef85b
LP		 277}
278
a40eb732
LP		 279static int socket_add_default_dependencies(Socket *s) {
280 int r;
281 assert(s);
282
e3d84721
LP		 283 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
284 if (r < 0)
285 return r;
2a77d31d 286
b2c23da8 287 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
e3d84721
LP		 288 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
289 if (r < 0)
a40eb732 290 return r;
2a77d31d 291 }
a40eb732 292
ead8e478 293 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
a40eb732
LP		 294}
295
44a6b1b6 296_pure_ static bool socket_has_exec(Socket *s) {
4cfc6dbe
LP		 297 unsigned i;
298 assert(s);
299
300 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
301 if (s->exec_command[i])
302 return true;
303
304 return false;
305}
306
e821075a
LP		 307static int socket_add_extras(Socket *s) {
308 Unit *u = UNIT(s);
e537352b 309 int r;
44d8db9e 310
e821075a 311 assert(s);
57020a3a 312
e821075a 313 if (have_non_accept_socket(s)) {
23a177ef 314
e821075a
LP		 315 if (!UNIT_DEREF(s->service)) {
316 Unit *x;
57020a3a 317
e821075a 318 r = unit_load_related_unit(u, ".service", &x);
57020a3a 319 if (r < 0)
4f2d528d 320 return r;
e821075a
LP		 321
322 unit_ref_set(&s->service, x);
4f2d528d 323 }
44d8db9e 324
e821075a
LP		 325 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
326 if (r < 0)
6e2ef85b 327 return r;
e821075a 328 }
6e2ef85b 329
e821075a
LP		 330 r = socket_add_mount_links(s);
331 if (r < 0)
332 return r;
6e2ef85b 333
e821075a
LP		 334 r = socket_add_device_link(s);
335 if (r < 0)
336 return r;
337
598459ce 338 r = unit_patch_contexts(u);
e821075a
LP		 339 if (r < 0)
340 return r;
341
342 if (socket_has_exec(s)) {
343 r = unit_add_exec_dependencies(u, &s->exec_context);
344 if (r < 0)
345 return r;
23a177ef 346
598459ce 347 r = unit_add_default_slice(u, &s->cgroup_context);
a016b922
LP		 348 if (r < 0)
349 return r;
e821075a 350 }
a016b922 351
e821075a
LP		 352 if (u->default_dependencies) {
353 r = socket_add_default_dependencies(s);
354 if (r < 0)
355 return r;
356 }
357
358 return 0;
359}
360
811ba7a0
LP		 361static const char *socket_find_symlink_target(Socket *s) {
362 const char *found = NULL;
363 SocketPort *p;
364
365 LIST_FOREACH(port, p, s->ports) {
366 const char *f = NULL;
367
368 switch (p->type) {
369
370 case SOCKET_FIFO:
371 f = p->path;
372 break;
373
374 case SOCKET_SOCKET:
375 if (p->address.sockaddr.un.sun_path[0] != 0)
376 f = p->address.sockaddr.un.sun_path;
377 break;
378
379 default:
380 break;
381 }
382
383 if (f) {
384 if (found)
385 return NULL;
386
387 found = f;
388 }
389 }
390
391 return found;
392}
393
e821075a
LP		 394static int socket_verify(Socket *s) {
395 assert(s);
396
397 if (UNIT(s)->load_state != UNIT_LOADED)
398 return 0;
399
400 if (!s->ports) {
f2341e0a 401 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
e821075a
LP		 402 return -EINVAL;
403 }
404
405 if (s->accept && have_non_accept_socket(s)) {
f2341e0a 406 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
e821075a
LP		 407 return -EINVAL;
408 }
409
410 if (s->accept && s->max_connections <= 0) {
f2341e0a 411 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
e821075a
LP		 412 return -EINVAL;
413 }
e06c73cc 414
e821075a 415 if (s->accept && UNIT_DEREF(s->service)) {
f2341e0a 416 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
e821075a
LP		 417 return -EINVAL;
418 }
419
420 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
f2341e0a 421 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
e821075a
LP		 422 return -EINVAL;
423 }
424
811ba7a0 425 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
f2341e0a 426 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
811ba7a0
LP		 427 return -EINVAL;
428 }
429
e821075a
LP		 430 return 0;
431}
432
433static int socket_load(Unit *u) {
434 Socket *s = SOCKET(u);
435 int r;
436
437 assert(u);
438 assert(u->load_state == UNIT_STUB);
439
440 r = unit_load_fragment_and_dropin(u);
441 if (r < 0)
442 return r;
443
444 if (u->load_state == UNIT_LOADED) {
445 /* This is a new unit? Then let's add in some extras */
446 r = socket_add_extras(s);
e06c73cc
LP		 447 if (r < 0)
448 return r;
23a177ef
LP		 449 }
450
4f2d528d 451 return socket_verify(s);
44d8db9e
LP		 452}
453
44a6b1b6 454_const_ static const char* listen_lookup(int family, int type) {
7a22745a
LP		 455
456 if (family == AF_NETLINK)
457 return "ListenNetlink";
542563ba
LP		 458
459 if (type == SOCK_STREAM)
460 return "ListenStream";
461 else if (type == SOCK_DGRAM)
462 return "ListenDatagram";
463 else if (type == SOCK_SEQPACKET)
464 return "ListenSequentialPacket";
465
034c6ed7 466 assert_not_reached("Unknown socket type");
542563ba
LP		 467 return NULL;
468}
469
87f0e418 470static void socket_dump(Unit *u, FILE *f, const char *prefix) {
209e9dcd 471 char time_string[FORMAT_TIMESPAN_MAX];
5cb5a6ff 472 SocketExecCommand c;
87f0e418 473 Socket *s = SOCKET(u);
542563ba 474 SocketPort *p;
82ba9f08 475 const char *prefix2;
5cb5a6ff
LP		 476
477 assert(s);
fa068367 478 assert(f);
5cb5a6ff 479
4c940960 480 prefix = strempty(prefix);
63c372cb 481 prefix2 = strjoina(prefix, "\t");
c43d20a0 482
5cb5a6ff
LP		 483 fprintf(f,
484 "%sSocket State: %s\n"
81a5c6d0 485 "%sResult: %s\n"
542563ba 486 "%sBindIPv6Only: %s\n"
b5a0699f
LP		 487 "%sBacklog: %u\n"
488 "%sSocketMode: %04o\n"
4fd5948e
LP		 489 "%sDirectoryMode: %04o\n"
490 "%sKeepAlive: %s\n"
4427c3f4 491 "%sNoDelay: %s\n"
cebf8b20 492 "%sFreeBind: %s\n"
6b6d2dee 493 "%sTransparent: %s\n"
ec6370a2 494 "%sBroadcast: %s\n"
ede3deb4 495 "%sPassCredentials: %s\n"
54ecda32 496 "%sPassSecurity: %s\n"
bd1fe7c7 497 "%sTCPCongestion: %s\n"
16115b0a
MS		 498 "%sRemoveOnStop: %s\n"
499 "%sSELinuxContextFromNet: %s\n",
a16e1123 500 prefix, socket_state_to_string(s->state),
81a5c6d0 501 prefix, socket_result_to_string(s->result),
c0120d99 502 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
b5a0699f
LP		 503 prefix, s->backlog,
504 prefix, s->socket_mode,
4fd5948e
LP		 505 prefix, s->directory_mode,
506 prefix, yes_no(s->keep_alive),
4427c3f4 507 prefix, yes_no(s->no_delay),
cebf8b20 508 prefix, yes_no(s->free_bind),
6b6d2dee 509 prefix, yes_no(s->transparent),
ec6370a2 510 prefix, yes_no(s->broadcast),
d68af586 511 prefix, yes_no(s->pass_cred),
54ecda32 512 prefix, yes_no(s->pass_sec),
bd1fe7c7 513 prefix, strna(s->tcp_congestion),
16115b0a
MS		 514 prefix, yes_no(s->remove_on_stop),
515 prefix, yes_no(s->selinux_context_from_net));
542563ba 516
70123e68
LP		 517 if (s->control_pid > 0)
518 fprintf(f,
de0671ee
ZJS		 519 "%sControl PID: "PID_FMT"\n",
520 prefix, s->control_pid);
70123e68 521
acbb0225
LP		 522 if (s->bind_to_device)
523 fprintf(f,
524 "%sBindToDevice: %s\n",
525 prefix, s->bind_to_device);
526
4f2d528d
LP		 527 if (s->accept)
528 fprintf(f,
6cf6bbc2
LP		 529 "%sAccepted: %u\n"
530 "%sNConnections: %u\n"
531 "%sMaxConnections: %u\n",
532 prefix, s->n_accepted,
533 prefix, s->n_connections,
534 prefix, s->max_connections);
4f2d528d 535
4fd5948e
LP		 536 if (s->priority >= 0)
537 fprintf(f,
538 "%sPriority: %i\n",
539 prefix, s->priority);
540
541 if (s->receive_buffer > 0)
542 fprintf(f,
543 "%sReceiveBuffer: %zu\n",
544 prefix, s->receive_buffer);
545
546 if (s->send_buffer > 0)
547 fprintf(f,
548 "%sSendBuffer: %zu\n",
549 prefix, s->send_buffer);
550
551 if (s->ip_tos >= 0)
552 fprintf(f,
553 "%sIPTOS: %i\n",
554 prefix, s->ip_tos);
555
556 if (s->ip_ttl >= 0)
557 fprintf(f,
558 "%sIPTTL: %i\n",
559 prefix, s->ip_ttl);
560
561 if (s->pipe_size > 0)
562 fprintf(f,
563 "%sPipeSize: %zu\n",
564 prefix, s->pipe_size);
565
566 if (s->mark >= 0)
567 fprintf(f,
568 "%sMark: %i\n",
569 prefix, s->mark);
570
916abb21
LP		 571 if (s->mq_maxmsg > 0)
572 fprintf(f,
573 "%sMessageQueueMaxMessages: %li\n",
574 prefix, s->mq_maxmsg);
575
576 if (s->mq_msgsize > 0)
577 fprintf(f,
578 "%sMessageQueueMessageSize: %li\n",
579 prefix, s->mq_msgsize);
580
718db961 581 if (s->reuse_port)
f7db7a69
SL		 582 fprintf(f,
583 "%sReusePort: %s\n",
718db961 584 prefix, yes_no(s->reuse_port));
f7db7a69 585
0eb59ccf
AK		 586 if (s->smack)
587 fprintf(f,
588 "%sSmackLabel: %s\n",
589 prefix, s->smack);
590
591 if (s->smack_ip_in)
592 fprintf(f,
593 "%sSmackLabelIPIn: %s\n",
594 prefix, s->smack_ip_in);
595
596 if (s->smack_ip_out)
597 fprintf(f,
598 "%sSmackLabelIPOut: %s\n",
599 prefix, s->smack_ip_out);
600
3900e5fd
LP		 601 if (!isempty(s->user) || !isempty(s->group))
602 fprintf(f,
603 "%sOwnerUser: %s\n"
604 "%sOwnerGroup: %s\n",
605 prefix, strna(s->user),
606 prefix, strna(s->group));
607
3cd761e4 608 if (s->keep_alive_time > 0)
209e9dcd 609 fprintf(f,
3cd761e4
LP		 610 "%sKeepAliveTimeSec: %s\n",
611 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
209e9dcd 612
3cd761e4 613 if (s->keep_alive_interval)
209e9dcd 614 fprintf(f,
3cd761e4
LP		 615 "%sKeepAliveIntervalSec: %s\n",
616 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
209e9dcd 617
3cd761e4 618 if (s->keep_alive_cnt)
209e9dcd
SS		 619 fprintf(f,
620 "%sKeepAliveProbes: %u\n",
621 prefix, s->keep_alive_cnt);
622
3cd761e4 623 if (s->defer_accept)
cc567c9b 624 fprintf(f,
3cd761e4
LP		 625 "%sDeferAcceptSec: %s\n",
626 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
cc567c9b 627
034c6ed7 628 LIST_FOREACH(port, p, s->ports) {
5cb5a6ff 629
542563ba
LP		 630 if (p->type == SOCKET_SOCKET) {
631 const char *t;
632 int r;
e364ad06 633 char *k = NULL;
542563ba
LP		 634
635 if ((r = socket_address_print(&p->address, &k)) < 0)
636 t = strerror(-r);
637 else
638 t = k;
639
7a22745a 640 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
542563ba 641 free(k);
b0a3f2bc
LP		 642 } else if (p->type == SOCKET_SPECIAL)
643 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
916abb21
LP		 644 else if (p->type == SOCKET_MQUEUE)
645 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
b0a3f2bc 646 else
542563ba
LP		 647 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
648 }
5cb5a6ff
LP		 649
650 exec_context_dump(&s->exec_context, f, prefix);
4819ff03 651 kill_context_dump(&s->kill_context, f, prefix);
5cb5a6ff 652
e537352b 653 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
c43d20a0
LP		 654 if (!s->exec_command[c])
655 continue;
5cb5a6ff 656
40d50879 657 fprintf(f, "%s-> %s:\n",
a16e1123 658 prefix, socket_exec_command_to_string(c));
c43d20a0
LP		 659
660 exec_command_dump_list(s->exec_command[c], f, prefix2);
5cb5a6ff
LP		 661 }
662}
663
4f2d528d
LP		 664static int instance_from_socket(int fd, unsigned nr, char **instance) {
665 socklen_t l;
666 char *r;
9d16d0c7 667 union sockaddr_union local, remote;
4f2d528d
LP		 668
669 assert(fd >= 0);
670 assert(instance);
671
672 l = sizeof(local);
673 if (getsockname(fd, &local.sa, &l) < 0)
674 return -errno;
675
676 l = sizeof(remote);
677 if (getpeername(fd, &remote.sa, &l) < 0)
678 return -errno;
679
680 switch (local.sa.sa_family) {
681
682 case AF_INET: {
683 uint32_t
684 a = ntohl(local.in.sin_addr.s_addr),
685 b = ntohl(remote.in.sin_addr.s_addr);
686
687 if (asprintf(&r,
77b088c2
LP		 688 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
689 nr,
4f2d528d
LP		 690 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
691 ntohs(local.in.sin_port),
692 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
693 ntohs(remote.in.sin_port)) < 0)
694 return -ENOMEM;
695
696 break;
697 }
698
699 case AF_INET6: {
c65a0b14 700 static const unsigned char ipv4_prefix[] = {
2b061f5a
LP		 701 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
702 };
703
704 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
705 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
706 const uint8_t
707 *a = local.in6.sin6_addr.s6_addr+12,
708 *b = remote.in6.sin6_addr.s6_addr+12;
709
710 if (asprintf(&r,
77b088c2
LP		 711 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
712 nr,
2b061f5a
LP		 713 a[0], a[1], a[2], a[3],
714 ntohs(local.in6.sin6_port),
715 b[0], b[1], b[2], b[3],
716 ntohs(remote.in6.sin6_port)) < 0)
717 return -ENOMEM;
718 } else {
719 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
720
721 if (asprintf(&r,
77b088c2
LP		 722 "%u-%s:%u-%s:%u",
723 nr,
2b061f5a
LP		 724 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
725 ntohs(local.in6.sin6_port),
726 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
727 ntohs(remote.in6.sin6_port)) < 0)
728 return -ENOMEM;
729 }
4f2d528d
LP		 730
731 break;
732 }
733
734 case AF_UNIX: {
735 struct ucred ucred;
eff05270 736 int k;
4f2d528d 737
eff05270 738 k = getpeercred(fd, &ucred);
d38f6e34
ZJS		 739 if (k >= 0) {
740 if (asprintf(&r,
741 "%u-"PID_FMT"-"UID_FMT,
742 nr, ucred.pid, ucred.uid) < 0)
743 return -ENOMEM;
744 } else if (k == -ENODATA) {
745 /* This handles the case where somebody is
746 * connecting from another pid/uid namespace
747 * (e.g. from outside of our container). */
748 if (asprintf(&r,
749 "%u-unknown",
750 nr) < 0)
751 return -ENOMEM;
752 } else
eff05270 753 return k;
2f20a8eb 754
2f20a8eb 755 break;
4f2d528d
LP		 756 }
757
758 default:
759 assert_not_reached("Unhandled socket type.");
760 }
761
762 *instance = r;
763 return 0;
764}
765
034c6ed7 766static void socket_close_fds(Socket *s) {
83c60c9f 767 SocketPort *p;
811ba7a0 768 char **i;
83c60c9f
LP		 769
770 assert(s);
771
034c6ed7 772 LIST_FOREACH(port, p, s->ports) {
718db961
LP		 773
774 p->event_source = sd_event_source_unref(p->event_source);
775
83c60c9f
LP		 776 if (p->fd < 0)
777 continue;
778
03e334a1 779 p->fd = safe_close(p->fd);
a16e1123 780
bd1fe7c7
LP		 781 /* One little note: we should normally not delete any
782 * sockets in the file system here! After all some
783 * other process we spawned might still have a
784 * reference of this fd and wants to continue to use
785 * it. Therefore we delete sockets in the file system
786 * before we create a new one, not after we stopped
787 * using one! */
788
789 if (s->remove_on_stop) {
790 switch (p->type) {
791
792 case SOCKET_FIFO:
793 unlink(p->path);
794 break;
795
796 case SOCKET_MQUEUE:
797 mq_unlink(p->path);
798 break;
799
800 case SOCKET_SOCKET:
801 socket_address_unlink(&p->address);
802 break;
803
804 default:
805 break;
806 }
807 }
83c60c9f 808 }
811ba7a0
LP		 809
810 if (s->remove_on_stop)
811 STRV_FOREACH(i, s->symlinks)
812 unlink(*i);
83c60c9f
LP		 813}
814
4fd5948e 815static void socket_apply_socket_options(Socket *s, int fd) {
d53e386d
LP		 816 int r;
817
4fd5948e
LP		 818 assert(s);
819 assert(fd >= 0);
820
821 if (s->keep_alive) {
822 int b = s->keep_alive;
823 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
f2341e0a 824 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
4fd5948e
LP		 825 }
826
209e9dcd
SS		 827 if (s->keep_alive_time) {
828 int value = s->keep_alive_time / USEC_PER_SEC;
829 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
f2341e0a 830 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
209e9dcd
SS		 831 }
832
833 if (s->keep_alive_interval) {
920b52e4 834 int value = s->keep_alive_interval / USEC_PER_SEC;
209e9dcd 835 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
f2341e0a 836 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
209e9dcd
SS		 837 }
838
839 if (s->keep_alive_cnt) {
840 int value = s->keep_alive_cnt;
841 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
f2341e0a 842 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
209e9dcd
SS		 843 }
844
cc567c9b
SS		 845 if (s->defer_accept) {
846 int value = s->defer_accept / USEC_PER_SEC;
847 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
f2341e0a 848 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
cc567c9b
SS		 849 }
850
4427c3f4
SS		 851 if (s->no_delay) {
852 int b = s->no_delay;
853 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
f2341e0a 854 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
4427c3f4
SS		 855 }
856
ec6370a2
LP		 857 if (s->broadcast) {
858 int one = 1;
859 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
f2341e0a 860 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
ec6370a2
LP		 861 }
862
d68af586
MS		 863 if (s->pass_cred) {
864 int one = 1;
865 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
f2341e0a 866 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
d68af586
MS		 867 }
868
54ecda32
LP		 869 if (s->pass_sec) {
870 int one = 1;
871 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
f2341e0a 872 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
54ecda32
LP		 873 }
874
4fd5948e
LP		 875 if (s->priority >= 0)
876 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
f2341e0a 877 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
4fd5948e
LP		 878
879 if (s->receive_buffer > 0) {
880 int value = (int) s->receive_buffer;
7d9eaa84
LP		 881
882 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
883
b8cef44e 884 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 885 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
f2341e0a 886 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
4fd5948e
LP		 887 }
888
889 if (s->send_buffer > 0) {
890 int value = (int) s->send_buffer;
b8cef44e 891 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 892 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
f2341e0a 893 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
4fd5948e
LP		 894 }
895
896 if (s->mark >= 0)
897 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
f2341e0a 898 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
4fd5948e
LP		 899
900 if (s->ip_tos >= 0)
901 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
f2341e0a 902 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
4fd5948e 903
46925ac5 904 if (s->ip_ttl >= 0) {
d53e386d 905 int x;
46925ac5
LP		 906
907 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
5bfcc1c6
FF		 908
909 if (socket_ipv6_is_supported())
910 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
911 else {
912 x = -1;
913 errno = EAFNOSUPPORT;
914 }
46925ac5
LP		 915
916 if (r < 0 && x < 0)
f2341e0a 917 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
46925ac5 918 }
cebf8b20
TT		 919
920 if (s->tcp_congestion)
921 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
f2341e0a 922 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
0eb59ccf 923
d53e386d 924 if (s->smack_ip_in) {
5ab58c20 925 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
d53e386d 926 if (r < 0)
f2341e0a 927 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
d53e386d 928 }
9a4e038c 929
d53e386d 930 if (s->smack_ip_out) {
5ab58c20 931 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
d53e386d 932 if (r < 0)
f2341e0a 933 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
d53e386d 934 }
4fd5948e
LP		 935}
936
b15bdda8 937static void socket_apply_fifo_options(Socket *s, int fd) {
d53e386d
LP		 938 int r;
939
4fd5948e
LP		 940 assert(s);
941 assert(fd >= 0);
942
943 if (s->pipe_size > 0)
944 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
f2341e0a 945 log_unit_warning_errno(UNIT(s), errno, "F_SETPIPE_SZ: %m");
0eb59ccf 946
d53e386d 947 if (s->smack) {
5ab58c20 948 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
d53e386d 949 if (r < 0)
f2341e0a 950 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_fd: %m");
d53e386d 951 }
4fd5948e
LP		 952}
953
b15bdda8
LP		 954static int fifo_address_create(
955 const char *path,
956 mode_t directory_mode,
957 mode_t socket_mode,
b15bdda8
LP		 958 int *_fd) {
959
7a58bfa4 960 int fd = -1, r = 0;
b15bdda8
LP		 961 struct stat st;
962 mode_t old_mask;
963
964 assert(path);
965 assert(_fd);
966
d2e54fae 967 mkdir_parents_label(path, directory_mode);
b15bdda8 968
ecabcf8b 969 r = mac_selinux_create_file_prepare(path, S_IFIFO);
e9a5ef7c 970 if (r < 0)
56cf987f 971 goto fail;
b15bdda8
LP		 972
973 /* Enforce the right access mode for the fifo */
974 old_mask = umask(~ socket_mode);
975
976 /* Include the original umask in our mask */
977 umask(~socket_mode | old_mask);
978
979 r = mkfifo(path, socket_mode);
980 umask(old_mask);
981
94bc2731 982 if (r < 0 && errno != EEXIST) {
b15bdda8
LP		 983 r = -errno;
984 goto fail;
985 }
986
e4f44e73 987 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
b15bdda8
LP		 988 r = -errno;
989 goto fail;
990 }
991
ecabcf8b 992 mac_selinux_create_file_clear();
7a58bfa4 993
b15bdda8
LP		 994 if (fstat(fd, &st) < 0) {
995 r = -errno;
996 goto fail;
997 }
998
999 if (!S_ISFIFO(st.st_mode) ||
de0200fc 1000 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
e4f44e73
DR		 1001 st.st_uid != getuid() ||
1002 st.st_gid != getgid()) {
b15bdda8
LP		 1003
1004 r = -EEXIST;
1005 goto fail;
1006 }
1007
1008 *_fd = fd;
1009 return 0;
1010
1011fail:
ecabcf8b 1012 mac_selinux_create_file_clear();
03e334a1 1013 safe_close(fd);
b15bdda8
LP		 1014
1015 return r;
1016}
1017
b0a3f2bc
LP		 1018static int special_address_create(
1019 const char *path,
1020 int *_fd) {
1021
1022 int fd = -1, r = 0;
1023 struct stat st;
1024
1025 assert(path);
1026 assert(_fd);
1027
811ba7a0
LP		 1028 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1029 if (fd < 0) {
b0a3f2bc
LP		 1030 r = -errno;
1031 goto fail;
1032 }
1033
1034 if (fstat(fd, &st) < 0) {
1035 r = -errno;
1036 goto fail;
1037 }
1038
1039 /* Check whether this is a /proc, /sys or /dev file or char device */
1040 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1041 r = -EEXIST;
1042 goto fail;
1043 }
1044
1045 *_fd = fd;
1046 return 0;
1047
1048fail:
03e334a1 1049 safe_close(fd);
b0a3f2bc
LP		 1050
1051 return r;
1052}
1053
916abb21
LP		 1054static int mq_address_create(
1055 const char *path,
1056 mode_t mq_mode,
1057 long maxmsg,
1058 long msgsize,
1059 int *_fd) {
1060
1061 int fd = -1, r = 0;
1062 struct stat st;
1063 mode_t old_mask;
1064 struct mq_attr _attr, *attr = NULL;
1065
1066 assert(path);
1067 assert(_fd);
1068
1069 if (maxmsg > 0 && msgsize > 0) {
1070 zero(_attr);
1071 _attr.mq_flags = O_NONBLOCK;
1072 _attr.mq_maxmsg = maxmsg;
1073 _attr.mq_msgsize = msgsize;
1074 attr = &_attr;
1075 }
1076
1077 /* Enforce the right access mode for the mq */
1078 old_mask = umask(~ mq_mode);
1079
1080 /* Include the original umask in our mask */
1081 umask(~mq_mode | old_mask);
916abb21
LP		 1082 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1083 umask(old_mask);
1084
8ea913b2 1085 if (fd < 0) {
916abb21
LP		 1086 r = -errno;
1087 goto fail;
1088 }
1089
1090 if (fstat(fd, &st) < 0) {
1091 r = -errno;
1092 goto fail;
1093 }
1094
1095 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1096 st.st_uid != getuid() ||
1097 st.st_gid != getgid()) {
1098
1099 r = -EEXIST;
1100 goto fail;
1101 }
1102
1103 *_fd = fd;
1104 return 0;
1105
1106fail:
03e334a1 1107 safe_close(fd);
916abb21
LP		 1108 return r;
1109}
1110
811ba7a0
LP		 1111static int socket_symlink(Socket *s) {
1112 const char *p;
1113 char **i;
1114
1115 assert(s);
1116
1117 p = socket_find_symlink_target(s);
1118 if (!p)
1119 return 0;
1120
1121 STRV_FOREACH(i, s->symlinks)
43b133b4 1122 symlink_label(p, *i);
811ba7a0
LP		 1123
1124 return 0;
1125}
1126
034c6ed7 1127static int socket_open_fds(Socket *s) {
83c60c9f
LP		 1128 SocketPort *p;
1129 int r;
56cf987f 1130 char *label = NULL;
049f8642 1131 bool know_label = false;
83c60c9f
LP		 1132
1133 assert(s);
1134
034c6ed7 1135 LIST_FOREACH(port, p, s->ports) {
83c60c9f 1136
034c6ed7
LP		 1137 if (p->fd >= 0)
1138 continue;
83c60c9f
LP		 1139
1140 if (p->type == SOCKET_SOCKET) {
049f8642 1141
7f416dae
LP		 1142 if (!know_label) {
1143 /* Figure out label, if we don't it know
1144 * yet. We do it once, for the first
1145 * socket where we need this and
1146 * remember it for the rest. */
1147
1148 if (s->selinux_context_from_net) {
1149 /* Get it from the network label */
1150
1151 r = mac_selinux_get_our_label(&label);
75514a70 1152 if (r < 0 && r != -EOPNOTSUPP)
7f416dae 1153 goto rollback;
049f8642 1154
7f416dae
LP		 1155 } else {
1156 /* Get it from the executable we are about to start */
1157
1158 r = socket_instantiate_service(s);
1159 if (r < 0)
1160 goto rollback;
1161
1162 if (UNIT_ISSET(s->service) &&
1163 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1164 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
75514a70 1165 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
7f416dae
LP		 1166 goto rollback;
1167 }
189583d7 1168 }
049f8642
LP		 1169
1170 know_label = true;
1171 }
1172
175a3d25
LP		 1173 r = socket_address_listen(
1174 &p->address,
1175 SOCK_CLOEXEC|SOCK_NONBLOCK,
1176 s->backlog,
1177 s->bind_ipv6_only,
1178 s->bind_to_device,
54255c64 1179 s->reuse_port,
175a3d25
LP		 1180 s->free_bind,
1181 s->transparent,
1182 s->directory_mode,
1183 s->socket_mode,
1184 label);
1185 if (r < 0)
83c60c9f
LP		 1186 goto rollback;
1187
175a3d25 1188 p->fd = r;
4fd5948e 1189 socket_apply_socket_options(s, p->fd);
811ba7a0 1190 socket_symlink(s);
4fd5948e 1191
b0a3f2bc
LP		 1192 } else if (p->type == SOCKET_SPECIAL) {
1193
175a3d25
LP		 1194 r = special_address_create(
1195 p->path,
1196 &p->fd);
1197 if (r < 0)
b0a3f2bc
LP		 1198 goto rollback;
1199
b15bdda8 1200 } else if (p->type == SOCKET_FIFO) {
83c60c9f 1201
175a3d25
LP		 1202 r = fifo_address_create(
1203 p->path,
1204 s->directory_mode,
1205 s->socket_mode,
1206 &p->fd);
1207 if (r < 0)
83c60c9f 1208 goto rollback;
83c60c9f 1209
b15bdda8 1210 socket_apply_fifo_options(s, p->fd);
811ba7a0
LP		 1211 socket_symlink(s);
1212
916abb21 1213 } else if (p->type == SOCKET_MQUEUE) {
83c60c9f 1214
175a3d25
LP		 1215 r = mq_address_create(
1216 p->path,
1217 s->socket_mode,
1218 s->mq_maxmsg,
1219 s->mq_msgsize,
1220 &p->fd);
1221 if (r < 0)
916abb21 1222 goto rollback;
b15bdda8
LP		 1223 } else
1224 assert_not_reached("Unknown port type");
034c6ed7
LP		 1225 }
1226
cc56fafe 1227 mac_selinux_free(label);
034c6ed7
LP		 1228 return 0;
1229
1230rollback:
1231 socket_close_fds(s);
cc56fafe 1232 mac_selinux_free(label);
7f416dae 1233
034c6ed7
LP		 1234 return r;
1235}
1236
1237static void socket_unwatch_fds(Socket *s) {
1238 SocketPort *p;
718db961 1239 int r;
9152c765 1240
034c6ed7
LP		 1241 assert(s);
1242
1243 LIST_FOREACH(port, p, s->ports) {
1244 if (p->fd < 0)
1245 continue;
1246
a4152e3f
LP		 1247 if (!p->event_source)
1248 continue;
1249
1250 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1251 if (r < 0)
f2341e0a 1252 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
83c60c9f 1253 }
034c6ed7
LP		 1254}
1255
1256static int socket_watch_fds(Socket *s) {
1257 SocketPort *p;
1258 int r;
1259
1260 assert(s);
83c60c9f 1261
034c6ed7
LP		 1262 LIST_FOREACH(port, p, s->ports) {
1263 if (p->fd < 0)
1264 continue;
1265
cbf60d0a 1266 if (p->event_source) {
718db961 1267 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
cbf60d0a
LP		 1268 if (r < 0)
1269 goto fail;
1270 } else {
151b9b96 1271 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
cbf60d0a
LP		 1272 if (r < 0)
1273 goto fail;
4f2d528d 1274
cbf60d0a 1275 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
718db961 1276 }
034c6ed7 1277 }
83c60c9f 1278
542563ba 1279 return 0;
83c60c9f 1280
034c6ed7 1281fail:
cbf60d0a 1282 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
034c6ed7
LP		 1283 socket_unwatch_fds(s);
1284 return r;
1285}
1286
1287static void socket_set_state(Socket *s, SocketState state) {
1288 SocketState old_state;
1289 assert(s);
1290
1291 old_state = s->state;
1292 s->state = state;
1293
bd1fe7c7
LP		 1294 if (!IN_SET(state,
1295 SOCKET_START_PRE,
3900e5fd 1296 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1297 SOCKET_START_POST,
1298 SOCKET_STOP_PRE,
1299 SOCKET_STOP_PRE_SIGTERM,
1300 SOCKET_STOP_PRE_SIGKILL,
1301 SOCKET_STOP_POST,
1302 SOCKET_FINAL_SIGTERM,
1303 SOCKET_FINAL_SIGKILL)) {
718db961
LP		 1304
1305 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
5e94833f 1306 socket_unwatch_control_pid(s);
034c6ed7 1307 s->control_command = NULL;
a16e1123 1308 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
e537352b 1309 }
034c6ed7 1310
a16e1123
LP		 1311 if (state != SOCKET_LISTENING)
1312 socket_unwatch_fds(s);
1313
bd1fe7c7 1314 if (!IN_SET(state,
3900e5fd 1315 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1316 SOCKET_START_POST,
1317 SOCKET_LISTENING,
1318 SOCKET_RUNNING,
1319 SOCKET_STOP_PRE,
1320 SOCKET_STOP_PRE_SIGTERM,
1321 SOCKET_STOP_PRE_SIGKILL))
034c6ed7
LP		 1322 socket_close_fds(s);
1323
e537352b 1324 if (state != old_state)
f2341e0a 1325 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
acbb0225 1326
e2f3b44c 1327 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
034c6ed7
LP		 1328}
1329
be847e82 1330static int socket_coldplug(Unit *u) {
a16e1123
LP		 1331 Socket *s = SOCKET(u);
1332 int r;
1333
1334 assert(s);
1335 assert(s->state == SOCKET_DEAD);
1336
e821075a
LP		 1337 if (s->deserialized_state == s->state)
1338 return 0;
a16e1123 1339
3900e5fd
LP		 1340 if (IN_SET(s->deserialized_state,
1341 SOCKET_START_PRE,
1342 SOCKET_START_CHOWN,
1343 SOCKET_START_POST,
1344 SOCKET_STOP_PRE,
1345 SOCKET_STOP_PRE_SIGTERM,
1346 SOCKET_STOP_PRE_SIGKILL,
1347 SOCKET_STOP_POST,
1348 SOCKET_FINAL_SIGTERM,
1349 SOCKET_FINAL_SIGKILL)) {
a16e1123 1350
e821075a
LP		 1351 if (s->control_pid <= 0)
1352 return -EBADMSG;
a16e1123 1353
e821075a
LP		 1354 r = unit_watch_pid(UNIT(s), s->control_pid);
1355 if (r < 0)
1356 return r;
a16e1123 1357
e821075a
LP		 1358 r = socket_arm_timer(s);
1359 if (r < 0)
1360 return r;
1361 }
a16e1123 1362
3900e5fd
LP		 1363 if (IN_SET(s->deserialized_state,
1364 SOCKET_START_CHOWN,
1365 SOCKET_START_POST,
1366 SOCKET_LISTENING,
1367 SOCKET_RUNNING,
1368 SOCKET_STOP_PRE,
1369 SOCKET_STOP_PRE_SIGTERM,
1370 SOCKET_STOP_PRE_SIGKILL)) {
e821075a
LP		 1371 r = socket_open_fds(s);
1372 if (r < 0)
1373 return r;
1374 }
a16e1123 1375
e821075a
LP		 1376 if (s->deserialized_state == SOCKET_LISTENING) {
1377 r = socket_watch_fds(s);
1378 if (r < 0)
1379 return r;
a16e1123
LP		 1380 }
1381
e821075a 1382 socket_set_state(s, s->deserialized_state);
a16e1123
LP		 1383 return 0;
1384}
1385
e537352b 1386static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
3900e5fd 1387 _cleanup_free_ char **argv = NULL;
034c6ed7
LP		 1388 pid_t pid;
1389 int r;
9fa95f85
DM		 1390 ExecParameters exec_params = {
1391 .apply_permissions = true,
1392 .apply_chroot = true,
1393 .apply_tty_stdin = true,
6f856a09 1394 .bus_endpoint_fd = -1,
9fa95f85 1395 };
034c6ed7
LP		 1396
1397 assert(s);
1398 assert(c);
1399 assert(_pid);
1400
5ad096b3
LP		 1401 (void) unit_realize_cgroup(UNIT(s));
1402 if (s->reset_cpu_usage) {
1403 (void) unit_reset_cpu_usage(UNIT(s));
1404 s->reset_cpu_usage = false;
1405 }
4ad49000 1406
613b411c
LP		 1407 r = unit_setup_exec_runtime(UNIT(s));
1408 if (r < 0)
1409 goto fail;
1410
718db961 1411 r = socket_arm_timer(s);
36697dc0 1412 if (r < 0)
e537352b 1413 goto fail;
034c6ed7 1414
19f6d710
LP		 1415 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1416 if (r < 0)
9e2f7c11 1417 goto fail;
9e2f7c11 1418
9fa95f85
DM		 1419 exec_params.argv = argv;
1420 exec_params.environment = UNIT(s)->manager->environment;
1421 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1422 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1423 exec_params.cgroup_path = UNIT(s)->cgroup_path;
a931ad47 1424 exec_params.cgroup_delegate = s->cgroup_context.delegate;
9fa95f85 1425 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
9fa95f85 1426
f2341e0a
LP		 1427 r = exec_spawn(UNIT(s),
1428 c,
9e2f7c11 1429 &s->exec_context,
9fa95f85 1430 &exec_params,
613b411c 1431 s->exec_runtime,
9e2f7c11 1432 &pid);
cee288ad
TA		 1433 if (r < 0)
1434 goto fail;
9e2f7c11 1435
3900e5fd 1436 r = unit_watch_pid(UNIT(s), pid);
9e2f7c11 1437 if (r < 0)
3900e5fd 1438 /* FIXME: we need to do something here */
034c6ed7
LP		 1439 goto fail;
1440
3900e5fd
LP		 1441 *_pid = pid;
1442 return 0;
1443
1444fail:
1445 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1446 return r;
1447}
1448
1449static int socket_chown(Socket *s, pid_t *_pid) {
1450 pid_t pid;
1451 int r;
1452
1453 r = socket_arm_timer(s);
1454 if (r < 0)
1455 goto fail;
1456
1457 /* We have to resolve the user names out-of-process, hence
1458 * let's fork here. It's messy, but well, what can we do? */
1459
1460 pid = fork();
1461 if (pid < 0)
1462 return -errno;
1463
1464 if (pid == 0) {
1465 SocketPort *p;
fed1e721
LP		 1466 uid_t uid = UID_INVALID;
1467 gid_t gid = GID_INVALID;
3900e5fd
LP		 1468 int ret;
1469
ce30c8dc
LP		 1470 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1471 (void) ignore_signals(SIGPIPE, -1);
3900e5fd
LP		 1472 log_forget_fds();
1473
1474 if (!isempty(s->user)) {
1475 const char *user = s->user;
1476
1477 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1478 if (r < 0) {
1479 ret = EXIT_USER;
1480 goto fail_child;
1481 }
1482 }
1483
1484 if (!isempty(s->group)) {
1485 const char *group = s->group;
1486
1487 r = get_group_creds(&group, &gid);
1488 if (r < 0) {
1489 ret = EXIT_GROUP;
1490 goto fail_child;
1491 }
1492 }
1493
1494 LIST_FOREACH(port, p, s->ports) {
e5a1c18d 1495 const char *path = NULL;
3900e5fd
LP		 1496
1497 if (p->type == SOCKET_SOCKET)
1498 path = socket_address_get_path(&p->address);
1499 else if (p->type == SOCKET_FIFO)
1500 path = p->path;
1501
1502 if (!path)
1503 continue;
1504
1505 if (chown(path, uid, gid) < 0) {
1506 r = -errno;
1507 ret = EXIT_CHOWN;
1508 goto fail_child;
1509 }
1510 }
1511
1512 _exit(0);
1513
1514 fail_child:
1515 log_open();
da927ba9 1516 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
3900e5fd
LP		 1517
1518 _exit(ret);
1519 }
1520
718db961
LP		 1521 r = unit_watch_pid(UNIT(s), pid);
1522 if (r < 0)
034c6ed7 1523 goto fail;
83c60c9f 1524
034c6ed7 1525 *_pid = pid;
034c6ed7
LP		 1526 return 0;
1527
1528fail:
718db961 1529 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
83c60c9f 1530 return r;
542563ba
LP		 1531}
1532
cfc4eb4c 1533static void socket_enter_dead(Socket *s, SocketResult f) {
034c6ed7
LP		 1534 assert(s);
1535
cfc4eb4c
LP		 1536 if (f != SOCKET_SUCCESS)
1537 s->result = f;
034c6ed7 1538
613b411c
LP		 1539 exec_runtime_destroy(s->exec_runtime);
1540 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1541
e66cf1a3
LP		 1542 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1543
cfc4eb4c 1544 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
034c6ed7
LP		 1545}
1546
cfc4eb4c 1547static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
80876c20 1548
cfc4eb4c 1549static void socket_enter_stop_post(Socket *s, SocketResult f) {
034c6ed7
LP		 1550 int r;
1551 assert(s);
1552
cfc4eb4c
LP		 1553 if (f != SOCKET_SUCCESS)
1554 s->result = f;
034c6ed7 1555
5e94833f 1556 socket_unwatch_control_pid(s);
a16e1123 1557 s->control_command_id = SOCKET_EXEC_STOP_POST;
3900e5fd 1558 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
a16e1123 1559
3900e5fd
LP		 1560 if (s->control_command) {
1561 r = socket_spawn(s, s->control_command, &s->control_pid);
1562 if (r < 0)
034c6ed7
LP		 1563 goto fail;
1564
80876c20
LP		 1565 socket_set_state(s, SOCKET_STOP_POST);
1566 } else
cfc4eb4c 1567 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
034c6ed7
LP		 1568
1569 return;
1570
1571fail:
f2341e0a 1572 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
cfc4eb4c 1573 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1574}
1575
cfc4eb4c 1576static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
034c6ed7
LP		 1577 int r;
1578
1579 assert(s);
1580
cfc4eb4c
LP		 1581 if (f != SOCKET_SUCCESS)
1582 s->result = f;
034c6ed7 1583
cd2086fe
LP		 1584 r = unit_kill_context(
1585 UNIT(s),
1586 &s->kill_context,
db2cb23b
UTL		 1587 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1588 KILL_KILL : KILL_TERMINATE,
cd2086fe
LP		 1589 -1,
1590 s->control_pid,
1591 false);
1592 if (r < 0)
1593 goto fail;
034c6ed7 1594
cd2086fe 1595 if (r > 0) {
718db961 1596 r = socket_arm_timer(s);
36697dc0 1597 if (r < 0)
80876c20 1598 goto fail;
d6ea93e3 1599
80876c20 1600 socket_set_state(s, state);
ac84d1fb
LP		 1601 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1602 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1603 else if (state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1604 socket_enter_stop_post(s, SOCKET_SUCCESS);
ac84d1fb
LP		 1605 else if (state == SOCKET_FINAL_SIGTERM)
1606 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
80876c20 1607 else
cfc4eb4c 1608 socket_enter_dead(s, SOCKET_SUCCESS);
034c6ed7
LP		 1609
1610 return;
1611
1612fail:
f2341e0a 1613 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
034c6ed7
LP		 1614
1615 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1616 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1617 else
cfc4eb4c 1618 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1619}
1620
cfc4eb4c 1621static void socket_enter_stop_pre(Socket *s, SocketResult f) {
034c6ed7
LP		 1622 int r;
1623 assert(s);
1624
cfc4eb4c
LP		 1625 if (f != SOCKET_SUCCESS)
1626 s->result = f;
034c6ed7 1627
5e94833f 1628 socket_unwatch_control_pid(s);
a16e1123 1629 s->control_command_id = SOCKET_EXEC_STOP_PRE;
3900e5fd 1630 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
a16e1123 1631
3900e5fd
LP		 1632 if (s->control_command) {
1633 r = socket_spawn(s, s->control_command, &s->control_pid);
1634 if (r < 0)
034c6ed7
LP		 1635 goto fail;
1636
80876c20
LP		 1637 socket_set_state(s, SOCKET_STOP_PRE);
1638 } else
cfc4eb4c 1639 socket_enter_stop_post(s, SOCKET_SUCCESS);
034c6ed7
LP		 1640
1641 return;
1642
1643fail:
f2341e0a 1644 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
cfc4eb4c 1645 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1646}
1647
e9af15c3
LP		 1648static void socket_enter_listening(Socket *s) {
1649 int r;
1650 assert(s);
1651
cfc4eb4c
LP		 1652 r = socket_watch_fds(s);
1653 if (r < 0) {
f2341e0a 1654 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
e9af15c3
LP		 1655 goto fail;
1656 }
1657
1658 socket_set_state(s, SOCKET_LISTENING);
1659 return;
1660
1661fail:
cfc4eb4c 1662 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
e9af15c3
LP		 1663}
1664
034c6ed7
LP		 1665static void socket_enter_start_post(Socket *s) {
1666 int r;
1667 assert(s);
1668
3900e5fd
LP		 1669 socket_unwatch_control_pid(s);
1670 s->control_command_id = SOCKET_EXEC_START_POST;
1671 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1672
1673 if (s->control_command) {
1674 r = socket_spawn(s, s->control_command, &s->control_pid);
1675 if (r < 0) {
f2341e0a 1676 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
3900e5fd
LP		 1677 goto fail;
1678 }
1679
1680 socket_set_state(s, SOCKET_START_POST);
1681 } else
1682 socket_enter_listening(s);
1683
1684 return;
1685
1686fail:
1687 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1688}
1689
1690static void socket_enter_start_chown(Socket *s) {
1691 int r;
1692
1693 assert(s);
1694
cfc4eb4c
LP		 1695 r = socket_open_fds(s);
1696 if (r < 0) {
f2341e0a 1697 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
034c6ed7
LP		 1698 goto fail;
1699 }
1700
3900e5fd 1701 if (!isempty(s->user) || !isempty(s->group)) {
5e94833f 1702
3900e5fd
LP		 1703 socket_unwatch_control_pid(s);
1704 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1705 s->control_command = NULL;
a16e1123 1706
3900e5fd 1707 r = socket_chown(s, &s->control_pid);
cfc4eb4c 1708 if (r < 0) {
f2341e0a 1709 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
034c6ed7
LP		 1710 goto fail;
1711 }
1712
3900e5fd 1713 socket_set_state(s, SOCKET_START_CHOWN);
80876c20 1714 } else
3900e5fd 1715 socket_enter_start_post(s);
034c6ed7
LP		 1716
1717 return;
1718
1719fail:
cfc4eb4c 1720 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1721}
1722
1723static void socket_enter_start_pre(Socket *s) {
1724 int r;
1725 assert(s);
1726
5e94833f 1727 socket_unwatch_control_pid(s);
a16e1123 1728 s->control_command_id = SOCKET_EXEC_START_PRE;
3900e5fd 1729 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
a16e1123 1730
3900e5fd 1731 if (s->control_command) {
e821075a 1732 r = socket_spawn(s, s->control_command, &s->control_pid);
3900e5fd 1733 if (r < 0) {
f2341e0a 1734 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
034c6ed7 1735 goto fail;
3900e5fd 1736 }
034c6ed7 1737
80876c20
LP		 1738 socket_set_state(s, SOCKET_START_PRE);
1739 } else
3900e5fd 1740 socket_enter_start_chown(s);
034c6ed7
LP		 1741
1742 return;
1743
1744fail:
cfc4eb4c 1745 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1746}
1747
4f2d528d 1748static void socket_enter_running(Socket *s, int cfd) {
718db961 1749 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
034c6ed7
LP		 1750 int r;
1751
1752 assert(s);
1753
ba3e67a7
LP		 1754 /* We don't take connections anymore if we are supposed to
1755 * shut down anyway */
31afa0a4 1756 if (unit_stop_pending(UNIT(s))) {
e821075a 1757
f2341e0a 1758 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
5d909e3e 1759
7c610628 1760 if (cfd >= 0)
03e334a1 1761 safe_close(cfd);
7c610628
LP		 1762 else {
1763 /* Flush all sockets by closing and reopening them */
1764 socket_close_fds(s);
1765
16ac4014
LP		 1766 r = socket_open_fds(s);
1767 if (r < 0) {
f2341e0a 1768 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
16ac4014
LP		 1769 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1770 return;
1771 }
1772
1a710b43
MS		 1773 r = socket_watch_fds(s);
1774 if (r < 0) {
f2341e0a 1775 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
cfc4eb4c 1776 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
7c610628
LP		 1777 }
1778 }
1779
ba3e67a7
LP		 1780 return;
1781 }
1782
4f2d528d 1783 if (cfd < 0) {
57020a3a 1784 Iterator i;
e821075a 1785 Unit *other;
f976f3f6 1786 bool pending = false;
f976f3f6
LP		 1787
1788 /* If there's already a start pending don't bother to
1789 * do anything */
e821075a
LP		 1790 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1791 if (unit_active_or_pending(other)) {
57020a3a
LP		 1792 pending = true;
1793 break;
1794 }
f976f3f6 1795
1a710b43 1796 if (!pending) {
640ace4a 1797 if (!UNIT_ISSET(s->service)) {
f2341e0a 1798 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
640ace4a
LP		 1799 r = -ENOENT;
1800 goto fail;
1801 }
1802
1a710b43
MS		 1803 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1804 if (r < 0)
f976f3f6 1805 goto fail;
1a710b43 1806 }
4f2d528d
LP		 1807
1808 socket_set_state(s, SOCKET_RUNNING);
1809 } else {
e55001eb 1810 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
b15bdda8 1811 Service *service;
4f2d528d 1812
6cf6bbc2 1813 if (s->n_connections >= s->max_connections) {
f2341e0a 1814 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
03e334a1 1815 safe_close(cfd);
6cf6bbc2
LP		 1816 return;
1817 }
1818
1a710b43
MS		 1819 r = socket_instantiate_service(s);
1820 if (r < 0)
b15bdda8
LP		 1821 goto fail;
1822
1a710b43
MS		 1823 r = instance_from_socket(cfd, s->n_accepted, &instance);
1824 if (r < 0) {
1825 if (r != -ENOTCONN)
1826 goto fail;
1827
1828 /* ENOTCONN is legitimate if TCP RST was received.
1829 * This connection is over, but the socket unit lives on. */
03e334a1 1830 safe_close(cfd);
1a710b43
MS		 1831 return;
1832 }
4f2d528d 1833
7410616c
LP		 1834 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1835 if (r < 0)
4f2d528d 1836 goto fail;
4f2d528d 1837
7410616c
LP		 1838 r = unit_name_build(prefix, instance, ".service", &name);
1839 if (r < 0)
b6dbbe1c 1840 goto fail;
4f2d528d 1841
1a710b43 1842 r = unit_add_name(UNIT_DEREF(s->service), name);
e55001eb 1843 if (r < 0)
4f2d528d 1844 goto fail;
b15bdda8 1845
57020a3a
LP		 1846 service = SERVICE(UNIT_DEREF(s->service));
1847 unit_ref_unset(&s->service);
b15bdda8 1848 s->n_accepted ++;
4f2d528d 1849
1124fe6f 1850 UNIT(service)->no_gc = false;
6c073082 1851
b15bdda8 1852 unit_choose_id(UNIT(service), name);
b15bdda8 1853
16115b0a 1854 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1a710b43 1855 if (r < 0)
4f2d528d
LP		 1856 goto fail;
1857
1858 cfd = -1;
6cf6bbc2
LP		 1859 s->n_connections ++;
1860
1a710b43
MS		 1861 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1862 if (r < 0)
4f2d528d 1863 goto fail;
c4e2ceae
LP		 1864
1865 /* Notify clients about changed counters */
1866 unit_add_to_dbus_queue(UNIT(s));
4f2d528d 1867 }
034c6ed7 1868
034c6ed7
LP		 1869 return;
1870
1871fail:
f2341e0a
LP		 1872 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1873 cfd >= 0 ? "template" : "non-template",
718db961 1874 bus_error_message(&error, r));
e821075a 1875
60089004 1876 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
03e334a1 1877 safe_close(cfd);
034c6ed7
LP		 1878}
1879
cfc4eb4c 1880static void socket_run_next(Socket *s) {
034c6ed7
LP		 1881 int r;
1882
1883 assert(s);
1884 assert(s->control_command);
1885 assert(s->control_command->command_next);
1886
5e94833f
LP		 1887 socket_unwatch_control_pid(s);
1888
034c6ed7
LP		 1889 s->control_command = s->control_command->command_next;
1890
e821075a
LP		 1891 r = socket_spawn(s, s->control_command, &s->control_pid);
1892 if (r < 0)
034c6ed7
LP		 1893 goto fail;
1894
1895 return;
1896
1897fail:
f2341e0a 1898 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
80876c20
LP		 1899
1900 if (s->state == SOCKET_START_POST)
cfc4eb4c 1901 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1902 else if (s->state == SOCKET_STOP_POST)
cfc4eb4c 1903 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1904 else
cfc4eb4c 1905 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1906}
1907
87f0e418
LP		 1908static int socket_start(Unit *u) {
1909 Socket *s = SOCKET(u);
83c60c9f
LP		 1910
1911 assert(s);
1912
034c6ed7
LP		 1913 /* We cannot fulfill this request right now, try again later
1914 * please! */
3900e5fd
LP		 1915 if (IN_SET(s->state,
1916 SOCKET_STOP_PRE,
1917 SOCKET_STOP_PRE_SIGKILL,
1918 SOCKET_STOP_PRE_SIGTERM,
1919 SOCKET_STOP_POST,
1920 SOCKET_FINAL_SIGTERM,
1921 SOCKET_FINAL_SIGKILL))
034c6ed7
LP		 1922 return -EAGAIN;
1923
a4152e3f 1924 /* Already on it! */
3900e5fd
LP		 1925 if (IN_SET(s->state,
1926 SOCKET_START_PRE,
1927 SOCKET_START_CHOWN,
1928 SOCKET_START_POST))
034c6ed7 1929 return 0;
83c60c9f 1930
034c6ed7 1931 /* Cannot run this without the service being around */
9444b1f2 1932 if (UNIT_ISSET(s->service)) {
57020a3a
LP		 1933 Service *service;
1934
1935 service = SERVICE(UNIT_DEREF(s->service));
1936
1124fe6f 1937 if (UNIT(service)->load_state != UNIT_LOADED) {
f2341e0a 1938 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
4f2d528d 1939 return -ENOENT;
4ac9236f 1940 }
4f2d528d 1941
35b8ca3a 1942 /* If the service is already active we cannot start the
4f2d528d 1943 * socket */
57020a3a
LP		 1944 if (service->state != SERVICE_DEAD &&
1945 service->state != SERVICE_FAILED &&
1946 service->state != SERVICE_AUTO_RESTART) {
f2341e0a 1947 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
4f2d528d 1948 return -EBUSY;
4ac9236f 1949 }
4f2d528d 1950 }
e537352b 1951
fdf20a31 1952 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
83c60c9f 1953
cfc4eb4c 1954 s->result = SOCKET_SUCCESS;
5ad096b3
LP		 1955 s->reset_cpu_usage = true;
1956
034c6ed7 1957 socket_enter_start_pre(s);
e821075a 1958
82a2b6bb 1959 return 1;
034c6ed7 1960}
83c60c9f 1961
87f0e418
LP		 1962static int socket_stop(Unit *u) {
1963 Socket *s = SOCKET(u);
034c6ed7
LP		 1964
1965 assert(s);
1966
e537352b 1967 /* Already on it */
3900e5fd
LP		 1968 if (IN_SET(s->state,
1969 SOCKET_STOP_PRE,
1970 SOCKET_STOP_PRE_SIGTERM,
1971 SOCKET_STOP_PRE_SIGKILL,
1972 SOCKET_STOP_POST,
1973 SOCKET_FINAL_SIGTERM,
1974 SOCKET_FINAL_SIGKILL))
e537352b
LP		 1975 return 0;
1976
3f6c78dc
LP		 1977 /* If there's already something running we go directly into
1978 * kill mode. */
3900e5fd
LP		 1979 if (IN_SET(s->state,
1980 SOCKET_START_PRE,
1981 SOCKET_START_CHOWN,
1982 SOCKET_START_POST)) {
cfc4eb4c 1983 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
3f6c78dc
LP		 1984 return -EAGAIN;
1985 }
1986
034c6ed7 1987 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
83c60c9f 1988
cfc4eb4c 1989 socket_enter_stop_pre(s, SOCKET_SUCCESS);
82a2b6bb 1990 return 1;
542563ba
LP		 1991}
1992
a16e1123
LP		 1993static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1994 Socket *s = SOCKET(u);
1995 SocketPort *p;
1996 int r;
1997
1998 assert(u);
1999 assert(f);
2000 assert(fds);
2001
2002 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
cfc4eb4c 2003 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
a16e1123
LP		 2004 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2005
2006 if (s->control_pid > 0)
de0671ee 2007 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
a16e1123
LP		 2008
2009 if (s->control_command_id >= 0)
2010 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2011
2012 LIST_FOREACH(port, p, s->ports) {
2013 int copy;
2014
2015 if (p->fd < 0)
2016 continue;
2017
613b411c
LP		 2018 copy = fdset_put_dup(fds, p->fd);
2019 if (copy < 0)
a16e1123
LP		 2020 return copy;
2021
2022 if (p->type == SOCKET_SOCKET) {
613b411c 2023 _cleanup_free_ char *t = NULL;
a16e1123 2024
ee092817
LP		 2025 r = socket_address_print(&p->address, &t);
2026 if (r < 0)
a16e1123
LP		 2027 return r;
2028
7a22745a
LP		 2029 if (socket_address_family(&p->address) == AF_NETLINK)
2030 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2031 else
2032 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
613b411c 2033
b0a3f2bc
LP		 2034 } else if (p->type == SOCKET_SPECIAL)
2035 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
ee092817
LP		 2036 else if (p->type == SOCKET_MQUEUE)
2037 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
b0a3f2bc 2038 else {
a16e1123
LP		 2039 assert(p->type == SOCKET_FIFO);
2040 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2041 }
2042 }
2043
2044 return 0;
2045}
2046
2047static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2048 Socket *s = SOCKET(u);
a16e1123
LP		 2049
2050 assert(u);
2051 assert(key);
2052 assert(value);
a16e1123
LP		 2053
2054 if (streq(key, "state")) {
2055 SocketState state;
2056
ee092817
LP		 2057 state = socket_state_from_string(value);
2058 if (state < 0)
f2341e0a 2059 log_unit_debug(u, "Failed to parse state value: %s", value);
a16e1123
LP		 2060 else
2061 s->deserialized_state = state;
cfc4eb4c
LP		 2062 } else if (streq(key, "result")) {
2063 SocketResult f;
a16e1123 2064
cfc4eb4c
LP		 2065 f = socket_result_from_string(value);
2066 if (f < 0)
f2341e0a 2067 log_unit_debug(u, "Failed to parse result value: %s", value);
cfc4eb4c
LP		 2068 else if (f != SOCKET_SUCCESS)
2069 s->result = f;
a16e1123
LP		 2070
2071 } else if (streq(key, "n-accepted")) {
2072 unsigned k;
2073
e364ad06 2074 if (safe_atou(value, &k) < 0)
f2341e0a 2075 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
a16e1123
LP		 2076 else
2077 s->n_accepted += k;
2078 } else if (streq(key, "control-pid")) {
5925dd3c 2079 pid_t pid;
a16e1123 2080
e364ad06 2081 if (parse_pid(value, &pid) < 0)
f2341e0a 2082 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
a16e1123 2083 else
5925dd3c 2084 s->control_pid = pid;
a16e1123
LP		 2085 } else if (streq(key, "control-command")) {
2086 SocketExecCommand id;
2087
66870f90
ZJS		 2088 id = socket_exec_command_from_string(value);
2089 if (id < 0)
f2341e0a 2090 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
a16e1123
LP		 2091 else {
2092 s->control_command_id = id;
2093 s->control_command = s->exec_command[id];
2094 }
2095 } else if (streq(key, "fifo")) {
2096 int fd, skip = 0;
2097 SocketPort *p;
2098
2099 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2100 log_unit_debug(u, "Failed to parse fifo value: %s", value);
a16e1123
LP		 2101 else {
2102
2103 LIST_FOREACH(port, p, s->ports)
b0a3f2bc 2104 if (p->type == SOCKET_FIFO &&
c78e47a6 2105 path_equal_or_files_same(p->path, value+skip))
b0a3f2bc
LP		 2106 break;
2107
2108 if (p) {
03e334a1 2109 safe_close(p->fd);
b0a3f2bc
LP		 2110 p->fd = fdset_remove(fds, fd);
2111 }
2112 }
2113
2114 } else if (streq(key, "special")) {
2115 int fd, skip = 0;
2116 SocketPort *p;
2117
2118 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2119 log_unit_debug(u, "Failed to parse special value: %s", value);
b0a3f2bc
LP		 2120 else {
2121
2122 LIST_FOREACH(port, p, s->ports)
2123 if (p->type == SOCKET_SPECIAL &&
c78e47a6 2124 path_equal_or_files_same(p->path, value+skip))
a16e1123
LP		 2125 break;
2126
2127 if (p) {
03e334a1 2128 safe_close(p->fd);
a16e1123
LP		 2129 p->fd = fdset_remove(fds, fd);
2130 }
2131 }
2132
ee092817
LP		 2133 } else if (streq(key, "mqueue")) {
2134 int fd, skip = 0;
2135 SocketPort *p;
2136
2137 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2138 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
ee092817
LP		 2139 else {
2140
2141 LIST_FOREACH(port, p, s->ports)
2142 if (p->type == SOCKET_MQUEUE &&
c78e47a6 2143 streq(p->path, value+skip))
ee092817
LP		 2144 break;
2145
2146 if (p) {
03e334a1 2147 safe_close(p->fd);
ee092817
LP		 2148 p->fd = fdset_remove(fds, fd);
2149 }
2150 }
2151
a16e1123 2152 } else if (streq(key, "socket")) {
27ca8d7a 2153 int fd, type, skip = 0;
a16e1123
LP		 2154 SocketPort *p;
2155
27ca8d7a 2156 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
f2341e0a 2157 log_unit_debug(u, "Failed to parse socket value: %s", value);
a16e1123
LP		 2158 else {
2159
2160 LIST_FOREACH(port, p, s->ports)
27ca8d7a 2161 if (socket_address_is(&p->address, value+skip, type))
a16e1123
LP		 2162 break;
2163
2164 if (p) {
03e334a1 2165 safe_close(p->fd);
a16e1123
LP		 2166 p->fd = fdset_remove(fds, fd);
2167 }
2168 }
2169
7a22745a
LP		 2170 } else if (streq(key, "netlink")) {
2171 int fd, skip = 0;
2172 SocketPort *p;
2173
2174 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2175 log_unit_debug(u, "Failed to parse socket value: %s", value);
7a22745a
LP		 2176 else {
2177
2178 LIST_FOREACH(port, p, s->ports)
2179 if (socket_address_is_netlink(&p->address, value+skip))
2180 break;
2181
2182 if (p) {
03e334a1 2183 safe_close(p->fd);
7a22745a
LP		 2184 p->fd = fdset_remove(fds, fd);
2185 }
2186 }
a16e1123 2187 } else
f2341e0a 2188 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
a16e1123
LP		 2189
2190 return 0;
2191}
2192
01e10de3
LP		 2193static int socket_distribute_fds(Unit *u, FDSet *fds) {
2194 Socket *s = SOCKET(u);
2195 SocketPort *p;
2196
2197 assert(u);
2198
2199 LIST_FOREACH(port, p, s->ports) {
2200 Iterator i;
2201 int fd;
2202
2203 if (p->type != SOCKET_SOCKET)
2204 continue;
2205
2206 if (p->fd >= 0)
2207 continue;
2208
2209 FDSET_FOREACH(fd, fds, i) {
2210 if (socket_address_matches_fd(&p->address, fd)) {
2211 p->fd = fdset_remove(fds, fd);
2212 s->deserialized_state = SOCKET_LISTENING;
2213 break;
2214 }
2215 }
2216 }
2217
2218 return 0;
2219}
2220
44a6b1b6 2221_pure_ static UnitActiveState socket_active_state(Unit *u) {
87f0e418 2222 assert(u);
5cb5a6ff 2223
acbb0225 2224 return state_translation_table[SOCKET(u)->state];
5cb5a6ff
LP		 2225}
2226
44a6b1b6 2227_pure_ static const char *socket_sub_state_to_string(Unit *u) {
10a94420
LP		 2228 assert(u);
2229
a16e1123 2230 return socket_state_to_string(SOCKET(u)->state);
10a94420
LP		 2231}
2232
67419600
OS		 2233const char* socket_port_type_to_string(SocketPort *p) {
2234
2235 assert(p);
2236
2237 switch (p->type) {
718db961
LP		 2238
2239 case SOCKET_SOCKET:
2240
2241 switch (p->address.type) {
2242
2243 case SOCK_STREAM:
2244 return "Stream";
2245
2246 case SOCK_DGRAM:
2247 return "Datagram";
2248
2249 case SOCK_SEQPACKET:
2250 return "SequentialPacket";
2251
2252 case SOCK_RAW:
2253 if (socket_address_family(&p->address) == AF_NETLINK)
2254 return "Netlink";
2255
2256 default:
2257 return NULL;
2258 }
2259
2260 case SOCKET_SPECIAL:
2261 return "Special";
2262
2263 case SOCKET_MQUEUE:
2264 return "MessageQueue";
2265
2266 case SOCKET_FIFO:
2267 return "FIFO";
2268
2269 default:
2270 return NULL;
67419600
OS		 2271 }
2272}
2273
44a6b1b6 2274_pure_ static bool socket_check_gc(Unit *u) {
6cf6bbc2
LP		 2275 Socket *s = SOCKET(u);
2276
2277 assert(u);
2278
2279 return s->n_connections > 0;
2280}
2281
718db961
LP		 2282static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2283 SocketPort *p = userdata;
4f2d528d 2284 int cfd = -1;
9152c765 2285
718db961 2286 assert(p);
8d567588 2287 assert(fd >= 0);
9152c765 2288
718db961
LP		 2289 if (p->socket->state != SOCKET_LISTENING)
2290 return 0;
871d7de4 2291
f2341e0a 2292 log_unit_debug(UNIT(p->socket), "Incoming traffic");
9152c765 2293
718db961 2294 if (revents != EPOLLIN) {
641e01dc 2295
718db961 2296 if (revents & EPOLLHUP)
f2341e0a 2297 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
641e01dc 2298 else
f2341e0a 2299 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
641e01dc 2300
8d567588 2301 goto fail;
4f2d528d
LP		 2302 }
2303
718db961
LP		 2304 if (p->socket->accept &&
2305 p->type == SOCKET_SOCKET &&
2306 socket_address_can_accept(&p->address)) {
2307
4f2d528d
LP		 2308 for (;;) {
2309
b14eda96
LP		 2310 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2311 if (cfd < 0) {
4f2d528d
LP		 2312
2313 if (errno == EINTR)
2314 continue;
2315
f2341e0a 2316 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
8d567588 2317 goto fail;
4f2d528d
LP		 2318 }
2319
2320 break;
2321 }
4fd5948e 2322
718db961 2323 socket_apply_socket_options(p->socket, cfd);
4f2d528d 2324 }
9152c765 2325
718db961
LP		 2326 socket_enter_running(p->socket, cfd);
2327 return 0;
8d567588
LP		 2328
2329fail:
718db961
LP		 2330 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2331 return 0;
9152c765
LP		 2332}
2333
87f0e418
LP		 2334static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2335 Socket *s = SOCKET(u);
cfc4eb4c 2336 SocketResult f;
5cb5a6ff
LP		 2337
2338 assert(s);
034c6ed7 2339 assert(pid >= 0);
5cb5a6ff 2340
8c47c732
LP		 2341 if (pid != s->control_pid)
2342 return;
542563ba 2343
034c6ed7
LP		 2344 s->control_pid = 0;
2345
96342de6 2346 if (is_clean_exit(code, status, NULL))
cfc4eb4c
LP		 2347 f = SOCKET_SUCCESS;
2348 else if (code == CLD_EXITED)
2349 f = SOCKET_FAILURE_EXIT_CODE;
2350 else if (code == CLD_KILLED)
2351 f = SOCKET_FAILURE_SIGNAL;
2352 else if (code == CLD_DUMPED)
2353 f = SOCKET_FAILURE_CORE_DUMP;
2354 else
a4152e3f 2355 assert_not_reached("Unknown sigchld code");
8c47c732 2356
b708e7ce 2357 if (s->control_command) {
6ea832a2 2358 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
a16e1123 2359
b708e7ce 2360 if (s->control_command->ignore)
cfc4eb4c 2361 f = SOCKET_SUCCESS;
b708e7ce
LP		 2362 }
2363
f2341e0a
LP		 2364 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2365 "Control process exited, code=%s status=%i",
2366 sigchld_code_to_string(code), status);
034c6ed7 2367
cfc4eb4c
LP		 2368 if (f != SOCKET_SUCCESS)
2369 s->result = f;
2370
2371 if (s->control_command &&
2372 s->control_command->command_next &&
2373 f == SOCKET_SUCCESS) {
2374
f2341e0a 2375 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
cfc4eb4c 2376 socket_run_next(s);
acbb0225 2377 } else {
a16e1123
LP		 2378 s->control_command = NULL;
2379 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2380
034c6ed7
LP		 2381 /* No further commands for this step, so let's figure
2382 * out what to do next */
5cb5a6ff 2383
f2341e0a 2384 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
acbb0225 2385
034c6ed7
LP		 2386 switch (s->state) {
2387
2388 case SOCKET_START_PRE:
cfc4eb4c 2389 if (f == SOCKET_SUCCESS)
3900e5fd 2390 socket_enter_start_chown(s);
034c6ed7 2391 else
cfc4eb4c 2392 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
034c6ed7
LP		 2393 break;
2394
3900e5fd
LP		 2395 case SOCKET_START_CHOWN:
2396 if (f == SOCKET_SUCCESS)
2397 socket_enter_start_post(s);
2398 else
2399 socket_enter_stop_pre(s, f);
2400 break;
2401
034c6ed7 2402 case SOCKET_START_POST:
cfc4eb4c 2403 if (f == SOCKET_SUCCESS)
e9af15c3 2404 socket_enter_listening(s);
034c6ed7 2405 else
cfc4eb4c 2406 socket_enter_stop_pre(s, f);
034c6ed7
LP		 2407 break;
2408
2409 case SOCKET_STOP_PRE:
2410 case SOCKET_STOP_PRE_SIGTERM:
2411 case SOCKET_STOP_PRE_SIGKILL:
cfc4eb4c 2412 socket_enter_stop_post(s, f);
034c6ed7
LP		 2413 break;
2414
2415 case SOCKET_STOP_POST:
80876c20
LP		 2416 case SOCKET_FINAL_SIGTERM:
2417 case SOCKET_FINAL_SIGKILL:
cfc4eb4c 2418 socket_enter_dead(s, f);
034c6ed7
LP		 2419 break;
2420
2421 default:
2422 assert_not_reached("Uh, control process died at wrong time.");
2423 }
2424 }
c4e2ceae
LP		 2425
2426 /* Notify clients about changed exit status */
2427 unit_add_to_dbus_queue(u);
034c6ed7 2428}
5cb5a6ff 2429
718db961
LP		 2430static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2431 Socket *s = SOCKET(userdata);
5cb5a6ff 2432
034c6ed7 2433 assert(s);
718db961 2434 assert(s->timer_event_source == source);
034c6ed7
LP		 2435
2436 switch (s->state) {
2437
2438 case SOCKET_START_PRE:
f2341e0a 2439 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
cfc4eb4c 2440 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
da19d5c1 2441 break;
80876c20 2442
3900e5fd 2443 case SOCKET_START_CHOWN:
034c6ed7 2444 case SOCKET_START_POST:
f2341e0a 2445 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
cfc4eb4c 2446 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2447 break;
2448
2449 case SOCKET_STOP_PRE:
f2341e0a 2450 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
cfc4eb4c 2451 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2452 break;
2453
2454 case SOCKET_STOP_PRE_SIGTERM:
4819ff03 2455 if (s->kill_context.send_sigkill) {
f2341e0a 2456 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
cfc4eb4c 2457 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2458 } else {
f2341e0a 2459 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
cfc4eb4c 2460 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2461 }
034c6ed7
LP		 2462 break;
2463
2464 case SOCKET_STOP_PRE_SIGKILL:
f2341e0a 2465 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
cfc4eb4c 2466 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2467 break;
2468
2469 case SOCKET_STOP_POST:
f2341e0a 2470 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
cfc4eb4c 2471 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2472 break;
2473
80876c20 2474 case SOCKET_FINAL_SIGTERM:
4819ff03 2475 if (s->kill_context.send_sigkill) {
f2341e0a 2476 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
cfc4eb4c 2477 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2478 } else {
f2341e0a 2479 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
cfc4eb4c 2480 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2481 }
034c6ed7
LP		 2482 break;
2483
80876c20 2484 case SOCKET_FINAL_SIGKILL:
f2341e0a 2485 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
cfc4eb4c 2486 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2487 break;
2488
2489 default:
2490 assert_not_reached("Timeout at wrong time.");
2491 }
718db961
LP		 2492
2493 return 0;
5cb5a6ff
LP		 2494}
2495
44d8db9e
LP		 2496int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2497 int *rfds;
2498 unsigned rn_fds, k;
2499 SocketPort *p;
2500
2501 assert(s);
2502 assert(fds);
2503 assert(n_fds);
2504
2505 /* Called from the service code for requesting our fds */
2506
2507 rn_fds = 0;
2508 LIST_FOREACH(port, p, s->ports)
2509 if (p->fd >= 0)
2510 rn_fds++;
2511
de3756ab
LP		 2512 if (rn_fds <= 0) {
2513 *fds = NULL;
2514 *n_fds = 0;
2515 return 0;
2516 }
2517
e5403f09
LP		 2518 rfds = new(int, rn_fds);
2519 if (!rfds)
44d8db9e
LP		 2520 return -ENOMEM;
2521
2522 k = 0;
2523 LIST_FOREACH(port, p, s->ports)
2524 if (p->fd >= 0)
2525 rfds[k++] = p->fd;
2526
2527 assert(k == rn_fds);
2528
2529 *fds = rfds;
2530 *n_fds = rn_fds;
2531
2532 return 0;
2533}
2534
e821075a
LP		 2535static void socket_reset_failed(Unit *u) {
2536 Socket *s = SOCKET(u);
2537
2538 assert(s);
2539
2540 if (s->state == SOCKET_FAILED)
2541 socket_set_state(s, SOCKET_DEAD);
2542
2543 s->result = SOCKET_SUCCESS;
2544}
2545
d137a488 2546static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
ceee3d82
LP		 2547 assert(s);
2548
6cf6bbc2
LP		 2549 /* The service is dead. Dang!
2550 *
2551 * This is strictly for one-instance-for-all-connections
2552 * services. */
ceee3d82
LP		 2553
2554 if (s->state == SOCKET_RUNNING) {
f2341e0a 2555 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
6bda96a0
LP		 2556 if (failed_permanent)
2557 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
c2f34808
MS		 2558 else
2559 socket_enter_listening(s);
ceee3d82
LP		 2560 }
2561}
2562
6cf6bbc2
LP		 2563void socket_connection_unref(Socket *s) {
2564 assert(s);
2565
2566 /* The service is dead. Yay!
2567 *
35b8ca3a 2568 * This is strictly for one-instance-per-connection
6cf6bbc2
LP		 2569 * services. */
2570
2571 assert(s->n_connections > 0);
2572 s->n_connections--;
2573
f2341e0a 2574 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
5632e374
LP		 2575}
2576
d137a488
UTL		 2577static void socket_trigger_notify(Unit *u, Unit *other) {
2578 Socket *s = SOCKET(u);
e821075a 2579 Service *se;
d137a488
UTL		 2580
2581 assert(u);
2582 assert(other);
2583
2584 /* Don't propagate state changes from the service if we are
2585 already down or accepting connections */
920b52e4 2586 if ((s->state != SOCKET_RUNNING &&
d137a488
UTL		 2587 s->state != SOCKET_LISTENING) ||
2588 s->accept)
2589 return;
2590
2591 if (other->load_state != UNIT_LOADED ||
2592 other->type != UNIT_SERVICE)
2593 return;
2594
e821075a
LP		 2595 se = SERVICE(other);
2596
d137a488
UTL		 2597 if (se->state == SERVICE_FAILED)
2598 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2599
2600 if (se->state == SERVICE_DEAD ||
d137a488
UTL		 2601 se->state == SERVICE_FINAL_SIGTERM ||
2602 se->state == SERVICE_FINAL_SIGKILL ||
2603 se->state == SERVICE_AUTO_RESTART)
2604 socket_notify_service_dead(s, false);
2605
2606 if (se->state == SERVICE_RUNNING)
2607 socket_set_state(s, SOCKET_RUNNING);
2608}
2609
718db961 2610static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
814cc562 2611 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
8a0867d6
LP		 2612}
2613
68db7a3b
ZJS		 2614static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2615 Socket *s = SOCKET(u);
2616 int r;
2617
2618 if (!s->timer_event_source)
2619 return 0;
2620
2621 r = sd_event_source_get_time(s->timer_event_source, timeout);
2622 if (r < 0)
2623 return r;
2624
2625 return 1;
2626}
2627
a16e1123
LP		 2628static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2629 [SOCKET_DEAD] = "dead",
2630 [SOCKET_START_PRE] = "start-pre",
3900e5fd 2631 [SOCKET_START_CHOWN] = "start-chown",
a16e1123
LP		 2632 [SOCKET_START_POST] = "start-post",
2633 [SOCKET_LISTENING] = "listening",
2634 [SOCKET_RUNNING] = "running",
2635 [SOCKET_STOP_PRE] = "stop-pre",
2636 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2637 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2638 [SOCKET_STOP_POST] = "stop-post",
2639 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2640 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
fdf20a31 2641 [SOCKET_FAILED] = "failed"
a16e1123
LP		 2642};
2643
2644DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2645
2646static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2647 [SOCKET_EXEC_START_PRE] = "StartPre",
3900e5fd 2648 [SOCKET_EXEC_START_CHOWN] = "StartChown",
a16e1123
LP		 2649 [SOCKET_EXEC_START_POST] = "StartPost",
2650 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2651 [SOCKET_EXEC_STOP_POST] = "StopPost"
2652};
2653
2654DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2655
cfc4eb4c
LP		 2656static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2657 [SOCKET_SUCCESS] = "success",
2658 [SOCKET_FAILURE_RESOURCES] = "resources",
2659 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2660 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2661 [SOCKET_FAILURE_SIGNAL] = "signal",
c2f34808 2662 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
6bda96a0 2663 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
cfc4eb4c
LP		 2664};
2665
2666DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2667
87f0e418 2668const UnitVTable socket_vtable = {
7d17cfbc 2669 .object_size = sizeof(Socket),
718db961
LP		 2670 .exec_context_offset = offsetof(Socket, exec_context),
2671 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2672 .kill_context_offset = offsetof(Socket, kill_context),
613b411c 2673 .exec_runtime_offset = offsetof(Socket, exec_runtime),
3ef63c31 2674
f975e971
LP		 2675 .sections =
2676 "Unit\0"
2677 "Socket\0"
2678 "Install\0",
4ad49000 2679 .private_section = "Socket",
71645aca 2680
034c6ed7
LP		 2681 .init = socket_init,
2682 .done = socket_done,
a16e1123
LP		 2683 .load = socket_load,
2684
2685 .coldplug = socket_coldplug,
034c6ed7 2686
5cb5a6ff
LP		 2687 .dump = socket_dump,
2688
542563ba
LP		 2689 .start = socket_start,
2690 .stop = socket_stop,
5cb5a6ff 2691
718db961
LP		 2692 .kill = socket_kill,
2693
68db7a3b
ZJS		 2694 .get_timeout = socket_get_timeout,
2695
a16e1123
LP		 2696 .serialize = socket_serialize,
2697 .deserialize_item = socket_deserialize_item,
01e10de3 2698 .distribute_fds = socket_distribute_fds,
a16e1123 2699
5cb5a6ff 2700 .active_state = socket_active_state,
10a94420 2701 .sub_state_to_string = socket_sub_state_to_string,
5cb5a6ff 2702
6cf6bbc2
LP		 2703 .check_gc = socket_check_gc,
2704
034c6ed7 2705 .sigchld_event = socket_sigchld_event,
4139c1b2 2706
d137a488
UTL		 2707 .trigger_notify = socket_trigger_notify,
2708
fdf20a31 2709 .reset_failed = socket_reset_failed,
5632e374 2710
c4e2ceae 2711 .bus_interface = "org.freedesktop.systemd1.Socket",
718db961 2712 .bus_vtable = bus_socket_vtable,
74c964d3
LP		 2713 .bus_set_property = bus_socket_set_property,
2714 .bus_commit_properties = bus_socket_commit_properties,
c6918296
MS		 2715
2716 .status_message_formats = {
2717 /*.starting_stopping = {
2718 [0] = "Starting socket %s...",
2719 [1] = "Stopping socket %s...",
2720 },*/
2721 .finished_start_job = {
2722 [JOB_DONE] = "Listening on %s.",
2723 [JOB_FAILED] = "Failed to listen on %s.",
c6918296
MS		 2724 [JOB_TIMEOUT] = "Timed out starting %s.",
2725 },
2726 .finished_stop_job = {
2727 [JOB_DONE] = "Closed %s.",
2728 [JOB_FAILED] = "Failed stopping %s.",
2729 [JOB_TIMEOUT] = "Timed out stopping %s.",
2730 },
2731 },
5cb5a6ff 2732};
Unnamed repository; edit this file 'description' to name the repository.