]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/socket.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #674 from ssahani/tunnel
[thirdparty/systemd.git] / src / core / socket.c
CommitLineData
d6c9574f 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
5cb5a6ff 2
a7334b09
LP		 3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
a7334b09 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
83c60c9f
LP		 22#include <sys/stat.h>
23#include <unistd.h>
24#include <errno.h>
25#include <fcntl.h>
f94ea366 26#include <sys/epoll.h>
034c6ed7 27#include <signal.h>
4f2d528d 28#include <arpa/inet.h>
718db961 29#include <netinet/tcp.h>
916abb21 30#include <mqueue.h>
83c60c9f 31
718db961 32#include "sd-event.h"
83c60c9f 33#include "log.h"
9e2f7c11 34#include "strv.h"
49e942b2 35#include "mkdir.h"
9eb977db 36#include "path-util.h"
4f2d528d 37#include "unit-name.h"
41f9172f 38#include "unit-printf.h"
4fd5948e 39#include "missing.h"
a40eb732 40#include "special.h"
e51bc1a2 41#include "label.h"
9a57c629 42#include "exit-status.h"
f6a6225e 43#include "def.h"
5a045dad 44#include "smack-util.h"
718db961
LP		 45#include "bus-util.h"
46#include "bus-error.h"
d7b8eec7 47#include "selinux-util.h"
e821075a
LP		 48#include "dbus-socket.h"
49#include "unit.h"
6482f626 50#include "formats-util.h"
24882e06
LP		 51#include "signal-util.h"
52#include "socket.h"
83c60c9f 53
acbb0225 54static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
87f0e418
LP		 55 [SOCKET_DEAD] = UNIT_INACTIVE,
56 [SOCKET_START_PRE] = UNIT_ACTIVATING,
3900e5fd 57 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
87f0e418
LP		 58 [SOCKET_START_POST] = UNIT_ACTIVATING,
59 [SOCKET_LISTENING] = UNIT_ACTIVE,
60 [SOCKET_RUNNING] = UNIT_ACTIVE,
61 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
62 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
80876c20
LP		 65 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
66 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
fdf20a31 67 [SOCKET_FAILED] = UNIT_FAILED
83c60c9f 68};
5cb5a6ff 69
718db961
LP		 70static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
71static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
72
a16e1123
LP		 73static void socket_init(Unit *u) {
74 Socket *s = SOCKET(u);
75
76 assert(u);
ac155bb8 77 assert(u->load_state == UNIT_STUB);
a16e1123 78
a16e1123 79 s->backlog = SOMAXCONN;
1f19a534 80 s->timeout_usec = u->manager->default_timeout_start_usec;
a16e1123 81 s->directory_mode = 0755;
9131f660 82 s->socket_mode = 0666;
a16e1123 83
6cf6bbc2
LP		 84 s->max_connections = 64;
85
4fd5948e 86 s->priority = -1;
4fd5948e
LP		 87 s->ip_tos = -1;
88 s->ip_ttl = -1;
4fd5948e 89 s->mark = -1;
4fd5948e 90
ac155bb8
MS		 91 s->exec_context.std_output = u->manager->default_std_output;
92 s->exec_context.std_error = u->manager->default_std_error;
085afe36 93
a16e1123
LP		 94 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
95}
acbb0225 96
5e94833f
LP		 97static void socket_unwatch_control_pid(Socket *s) {
98 assert(s);
99
100 if (s->control_pid <= 0)
101 return;
102
103 unit_unwatch_pid(UNIT(s), s->control_pid);
104 s->control_pid = 0;
105}
106
74051b9b 107void socket_free_ports(Socket *s) {
034c6ed7
LP		 108 SocketPort *p;
109
110 assert(s);
111
112 while ((p = s->ports)) {
71fda00f 113 LIST_REMOVE(port, s->ports, p);
034c6ed7 114
718db961
LP		 115 sd_event_source_unref(p->event_source);
116
03e334a1 117 safe_close(p->fd);
034c6ed7
LP		 118 free(p->path);
119 free(p);
120 }
74051b9b
LP		 121}
122
123static void socket_done(Unit *u) {
124 Socket *s = SOCKET(u);
125
126 assert(s);
127
128 socket_free_ports(s);
034c6ed7 129
613b411c 130 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
e537352b 131 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
034c6ed7
LP		 132 s->control_command = NULL;
133
5e94833f 134 socket_unwatch_control_pid(s);
034c6ed7 135
57020a3a 136 unit_ref_unset(&s->service);
034c6ed7 137
cebf8b20
TT		 138 free(s->tcp_congestion);
139 s->tcp_congestion = NULL;
140
acbb0225 141 free(s->bind_to_device);
e537352b 142 s->bind_to_device = NULL;
acbb0225 143
0eb59ccf
AK		 144 free(s->smack);
145 free(s->smack_ip_in);
146 free(s->smack_ip_out);
147
811ba7a0
LP		 148 strv_free(s->symlinks);
149
3900e5fd
LP		 150 free(s->user);
151 free(s->group);
152
718db961
LP		 153 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
154}
155
156static int socket_arm_timer(Socket *s) {
157 int r;
158
159 assert(s);
160
161 if (s->timeout_usec <= 0) {
162 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
163 return 0;
164 }
165
166 if (s->timer_event_source) {
167 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
168 if (r < 0)
169 return r;
170
171 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
172 }
173
7dfbe2e3 174 r = sd_event_add_time(
6a0f1f6d
LP		 175 UNIT(s)->manager->event,
176 &s->timer_event_source,
177 CLOCK_MONOTONIC,
178 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
179 socket_dispatch_timer, s);
7dfbe2e3
TG		 180 if (r < 0)
181 return r;
182
183 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
184
185 return 0;
5cb5a6ff
LP		 186}
187
8b835fcc
ZJS		 188int socket_instantiate_service(Socket *s) {
189 _cleanup_free_ char *prefix = NULL, *name = NULL;
b15bdda8
LP		 190 int r;
191 Unit *u;
192
193 assert(s);
194
195 /* This fills in s->service if it isn't filled in yet. For
196 * Accept=yes sockets we create the next connection service
197 * here. For Accept=no this is mostly a NOP since the service
198 * is figured out at load time anyway. */
199
7410616c 200 if (UNIT_DEREF(s->service))
b15bdda8
LP		 201 return 0;
202
7410616c
LP		 203 if (!s->accept)
204 return 0;
205
206 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
207 if (r < 0)
208 return r;
b15bdda8 209
315db1a8 210 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
b15bdda8
LP		 211 return -ENOMEM;
212
1124fe6f 213 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
b15bdda8
LP		 214 if (r < 0)
215 return r;
216
ac155bb8 217 u->no_gc = true;
57020a3a
LP		 218 unit_ref_set(&s->service, u);
219
220 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
b15bdda8
LP		 221}
222
4f2d528d
LP		 223static bool have_non_accept_socket(Socket *s) {
224 SocketPort *p;
225
226 assert(s);
227
228 if (!s->accept)
229 return true;
230
dd5ad9d4
LP		 231 LIST_FOREACH(port, p, s->ports) {
232
233 if (p->type != SOCKET_SOCKET)
234 return true;
235
4f2d528d
LP		 236 if (!socket_address_can_accept(&p->address))
237 return true;
dd5ad9d4 238 }
4f2d528d
LP		 239
240 return false;
241}
242
a57f7e2c 243static int socket_add_mount_links(Socket *s) {
6e2ef85b 244 SocketPort *p;
6e2ef85b
LP		 245 int r;
246
247 assert(s);
6e2ef85b 248
a57f7e2c
LP		 249 LIST_FOREACH(port, p, s->ports) {
250 const char *path = NULL;
6e2ef85b 251
a57f7e2c
LP		 252 if (p->type == SOCKET_SOCKET)
253 path = socket_address_get_path(&p->address);
254 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
255 path = p->path;
6e2ef85b 256
a57f7e2c
LP		 257 if (!path)
258 continue;
6e2ef85b 259
a57f7e2c 260 r = unit_require_mounts_for(UNIT(s), path);
b87705cd 261 if (r < 0)
6e2ef85b 262 return r;
b87705cd 263 }
6e2ef85b
LP		 264
265 return 0;
266}
267
268static int socket_add_device_link(Socket *s) {
269 char *t;
6e2ef85b
LP		 270
271 assert(s);
272
7d0c710d 273 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
6e2ef85b
LP		 274 return 0;
275
63c372cb 276 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
e821075a 277 return unit_add_node_link(UNIT(s), t, false);
6e2ef85b
LP		 278}
279
a40eb732
LP		 280static int socket_add_default_dependencies(Socket *s) {
281 int r;
282 assert(s);
283
e3d84721
LP		 284 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
285 if (r < 0)
286 return r;
2a77d31d 287
b2c23da8 288 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
e3d84721
LP		 289 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
290 if (r < 0)
a40eb732 291 return r;
2a77d31d 292 }
a40eb732 293
ead8e478 294 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
a40eb732
LP		 295}
296
44a6b1b6 297_pure_ static bool socket_has_exec(Socket *s) {
4cfc6dbe
LP		 298 unsigned i;
299 assert(s);
300
301 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
302 if (s->exec_command[i])
303 return true;
304
305 return false;
306}
307
e821075a
LP		 308static int socket_add_extras(Socket *s) {
309 Unit *u = UNIT(s);
e537352b 310 int r;
44d8db9e 311
e821075a 312 assert(s);
57020a3a 313
e821075a 314 if (have_non_accept_socket(s)) {
23a177ef 315
e821075a
LP		 316 if (!UNIT_DEREF(s->service)) {
317 Unit *x;
57020a3a 318
e821075a 319 r = unit_load_related_unit(u, ".service", &x);
57020a3a 320 if (r < 0)
4f2d528d 321 return r;
e821075a
LP		 322
323 unit_ref_set(&s->service, x);
4f2d528d 324 }
44d8db9e 325
e821075a
LP		 326 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
327 if (r < 0)
6e2ef85b 328 return r;
e821075a 329 }
6e2ef85b 330
e821075a
LP		 331 r = socket_add_mount_links(s);
332 if (r < 0)
333 return r;
6e2ef85b 334
e821075a
LP		 335 r = socket_add_device_link(s);
336 if (r < 0)
337 return r;
338
598459ce 339 r = unit_patch_contexts(u);
e821075a
LP		 340 if (r < 0)
341 return r;
342
343 if (socket_has_exec(s)) {
344 r = unit_add_exec_dependencies(u, &s->exec_context);
345 if (r < 0)
346 return r;
23a177ef 347
598459ce 348 r = unit_add_default_slice(u, &s->cgroup_context);
a016b922
LP		 349 if (r < 0)
350 return r;
e821075a 351 }
a016b922 352
e821075a
LP		 353 if (u->default_dependencies) {
354 r = socket_add_default_dependencies(s);
355 if (r < 0)
356 return r;
357 }
358
359 return 0;
360}
361
811ba7a0
LP		 362static const char *socket_find_symlink_target(Socket *s) {
363 const char *found = NULL;
364 SocketPort *p;
365
366 LIST_FOREACH(port, p, s->ports) {
367 const char *f = NULL;
368
369 switch (p->type) {
370
371 case SOCKET_FIFO:
372 f = p->path;
373 break;
374
375 case SOCKET_SOCKET:
376 if (p->address.sockaddr.un.sun_path[0] != 0)
377 f = p->address.sockaddr.un.sun_path;
378 break;
379
380 default:
381 break;
382 }
383
384 if (f) {
385 if (found)
386 return NULL;
387
388 found = f;
389 }
390 }
391
392 return found;
393}
394
e821075a
LP		 395static int socket_verify(Socket *s) {
396 assert(s);
397
398 if (UNIT(s)->load_state != UNIT_LOADED)
399 return 0;
400
401 if (!s->ports) {
f2341e0a 402 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
e821075a
LP		 403 return -EINVAL;
404 }
405
406 if (s->accept && have_non_accept_socket(s)) {
f2341e0a 407 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
e821075a
LP		 408 return -EINVAL;
409 }
410
411 if (s->accept && s->max_connections <= 0) {
f2341e0a 412 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
e821075a
LP		 413 return -EINVAL;
414 }
e06c73cc 415
e821075a 416 if (s->accept && UNIT_DEREF(s->service)) {
f2341e0a 417 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
e821075a
LP		 418 return -EINVAL;
419 }
420
421 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
f2341e0a 422 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
e821075a
LP		 423 return -EINVAL;
424 }
425
811ba7a0 426 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
f2341e0a 427 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
811ba7a0
LP		 428 return -EINVAL;
429 }
430
e821075a
LP		 431 return 0;
432}
433
434static int socket_load(Unit *u) {
435 Socket *s = SOCKET(u);
436 int r;
437
438 assert(u);
439 assert(u->load_state == UNIT_STUB);
440
441 r = unit_load_fragment_and_dropin(u);
442 if (r < 0)
443 return r;
444
445 if (u->load_state == UNIT_LOADED) {
446 /* This is a new unit? Then let's add in some extras */
447 r = socket_add_extras(s);
e06c73cc
LP		 448 if (r < 0)
449 return r;
23a177ef
LP		 450 }
451
4f2d528d 452 return socket_verify(s);
44d8db9e
LP		 453}
454
44a6b1b6 455_const_ static const char* listen_lookup(int family, int type) {
7a22745a
LP		 456
457 if (family == AF_NETLINK)
458 return "ListenNetlink";
542563ba
LP		 459
460 if (type == SOCK_STREAM)
461 return "ListenStream";
462 else if (type == SOCK_DGRAM)
463 return "ListenDatagram";
464 else if (type == SOCK_SEQPACKET)
465 return "ListenSequentialPacket";
466
034c6ed7 467 assert_not_reached("Unknown socket type");
542563ba
LP		 468 return NULL;
469}
470
87f0e418 471static void socket_dump(Unit *u, FILE *f, const char *prefix) {
209e9dcd 472 char time_string[FORMAT_TIMESPAN_MAX];
5cb5a6ff 473 SocketExecCommand c;
87f0e418 474 Socket *s = SOCKET(u);
542563ba 475 SocketPort *p;
82ba9f08 476 const char *prefix2;
5cb5a6ff
LP		 477
478 assert(s);
fa068367 479 assert(f);
5cb5a6ff 480
4c940960 481 prefix = strempty(prefix);
63c372cb 482 prefix2 = strjoina(prefix, "\t");
c43d20a0 483
5cb5a6ff
LP		 484 fprintf(f,
485 "%sSocket State: %s\n"
81a5c6d0 486 "%sResult: %s\n"
542563ba 487 "%sBindIPv6Only: %s\n"
b5a0699f
LP		 488 "%sBacklog: %u\n"
489 "%sSocketMode: %04o\n"
4fd5948e
LP		 490 "%sDirectoryMode: %04o\n"
491 "%sKeepAlive: %s\n"
4427c3f4 492 "%sNoDelay: %s\n"
cebf8b20 493 "%sFreeBind: %s\n"
6b6d2dee 494 "%sTransparent: %s\n"
ec6370a2 495 "%sBroadcast: %s\n"
ede3deb4 496 "%sPassCredentials: %s\n"
54ecda32 497 "%sPassSecurity: %s\n"
bd1fe7c7 498 "%sTCPCongestion: %s\n"
16115b0a
MS		 499 "%sRemoveOnStop: %s\n"
500 "%sSELinuxContextFromNet: %s\n",
a16e1123 501 prefix, socket_state_to_string(s->state),
81a5c6d0 502 prefix, socket_result_to_string(s->result),
c0120d99 503 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
b5a0699f
LP		 504 prefix, s->backlog,
505 prefix, s->socket_mode,
4fd5948e
LP		 506 prefix, s->directory_mode,
507 prefix, yes_no(s->keep_alive),
4427c3f4 508 prefix, yes_no(s->no_delay),
cebf8b20 509 prefix, yes_no(s->free_bind),
6b6d2dee 510 prefix, yes_no(s->transparent),
ec6370a2 511 prefix, yes_no(s->broadcast),
d68af586 512 prefix, yes_no(s->pass_cred),
54ecda32 513 prefix, yes_no(s->pass_sec),
bd1fe7c7 514 prefix, strna(s->tcp_congestion),
16115b0a
MS		 515 prefix, yes_no(s->remove_on_stop),
516 prefix, yes_no(s->selinux_context_from_net));
542563ba 517
70123e68
LP		 518 if (s->control_pid > 0)
519 fprintf(f,
de0671ee
ZJS		 520 "%sControl PID: "PID_FMT"\n",
521 prefix, s->control_pid);
70123e68 522
acbb0225
LP		 523 if (s->bind_to_device)
524 fprintf(f,
525 "%sBindToDevice: %s\n",
526 prefix, s->bind_to_device);
527
4f2d528d
LP		 528 if (s->accept)
529 fprintf(f,
6cf6bbc2
LP		 530 "%sAccepted: %u\n"
531 "%sNConnections: %u\n"
532 "%sMaxConnections: %u\n",
533 prefix, s->n_accepted,
534 prefix, s->n_connections,
535 prefix, s->max_connections);
4f2d528d 536
4fd5948e
LP		 537 if (s->priority >= 0)
538 fprintf(f,
539 "%sPriority: %i\n",
540 prefix, s->priority);
541
542 if (s->receive_buffer > 0)
543 fprintf(f,
544 "%sReceiveBuffer: %zu\n",
545 prefix, s->receive_buffer);
546
547 if (s->send_buffer > 0)
548 fprintf(f,
549 "%sSendBuffer: %zu\n",
550 prefix, s->send_buffer);
551
552 if (s->ip_tos >= 0)
553 fprintf(f,
554 "%sIPTOS: %i\n",
555 prefix, s->ip_tos);
556
557 if (s->ip_ttl >= 0)
558 fprintf(f,
559 "%sIPTTL: %i\n",
560 prefix, s->ip_ttl);
561
562 if (s->pipe_size > 0)
563 fprintf(f,
564 "%sPipeSize: %zu\n",
565 prefix, s->pipe_size);
566
567 if (s->mark >= 0)
568 fprintf(f,
569 "%sMark: %i\n",
570 prefix, s->mark);
571
916abb21
LP		 572 if (s->mq_maxmsg > 0)
573 fprintf(f,
574 "%sMessageQueueMaxMessages: %li\n",
575 prefix, s->mq_maxmsg);
576
577 if (s->mq_msgsize > 0)
578 fprintf(f,
579 "%sMessageQueueMessageSize: %li\n",
580 prefix, s->mq_msgsize);
581
718db961 582 if (s->reuse_port)
f7db7a69
SL		 583 fprintf(f,
584 "%sReusePort: %s\n",
718db961 585 prefix, yes_no(s->reuse_port));
f7db7a69 586
0eb59ccf
AK		 587 if (s->smack)
588 fprintf(f,
589 "%sSmackLabel: %s\n",
590 prefix, s->smack);
591
592 if (s->smack_ip_in)
593 fprintf(f,
594 "%sSmackLabelIPIn: %s\n",
595 prefix, s->smack_ip_in);
596
597 if (s->smack_ip_out)
598 fprintf(f,
599 "%sSmackLabelIPOut: %s\n",
600 prefix, s->smack_ip_out);
601
3900e5fd
LP		 602 if (!isempty(s->user) || !isempty(s->group))
603 fprintf(f,
604 "%sOwnerUser: %s\n"
605 "%sOwnerGroup: %s\n",
606 prefix, strna(s->user),
607 prefix, strna(s->group));
608
3cd761e4 609 if (s->keep_alive_time > 0)
209e9dcd 610 fprintf(f,
3cd761e4
LP		 611 "%sKeepAliveTimeSec: %s\n",
612 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
209e9dcd 613
3cd761e4 614 if (s->keep_alive_interval)
209e9dcd 615 fprintf(f,
3cd761e4
LP		 616 "%sKeepAliveIntervalSec: %s\n",
617 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
209e9dcd 618
3cd761e4 619 if (s->keep_alive_cnt)
209e9dcd
SS		 620 fprintf(f,
621 "%sKeepAliveProbes: %u\n",
622 prefix, s->keep_alive_cnt);
623
3cd761e4 624 if (s->defer_accept)
cc567c9b 625 fprintf(f,
3cd761e4
LP		 626 "%sDeferAcceptSec: %s\n",
627 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
cc567c9b 628
034c6ed7 629 LIST_FOREACH(port, p, s->ports) {
5cb5a6ff 630
542563ba
LP		 631 if (p->type == SOCKET_SOCKET) {
632 const char *t;
633 int r;
e364ad06 634 char *k = NULL;
542563ba
LP		 635
636 if ((r = socket_address_print(&p->address, &k)) < 0)
637 t = strerror(-r);
638 else
639 t = k;
640
7a22745a 641 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
542563ba 642 free(k);
b0a3f2bc
LP		 643 } else if (p->type == SOCKET_SPECIAL)
644 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
916abb21
LP		 645 else if (p->type == SOCKET_MQUEUE)
646 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
b0a3f2bc 647 else
542563ba
LP		 648 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
649 }
5cb5a6ff
LP		 650
651 exec_context_dump(&s->exec_context, f, prefix);
4819ff03 652 kill_context_dump(&s->kill_context, f, prefix);
5cb5a6ff 653
e537352b 654 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
c43d20a0
LP		 655 if (!s->exec_command[c])
656 continue;
5cb5a6ff 657
40d50879 658 fprintf(f, "%s-> %s:\n",
a16e1123 659 prefix, socket_exec_command_to_string(c));
c43d20a0
LP		 660
661 exec_command_dump_list(s->exec_command[c], f, prefix2);
5cb5a6ff
LP		 662 }
663}
664
4f2d528d
LP		 665static int instance_from_socket(int fd, unsigned nr, char **instance) {
666 socklen_t l;
667 char *r;
9d16d0c7 668 union sockaddr_union local, remote;
4f2d528d
LP		 669
670 assert(fd >= 0);
671 assert(instance);
672
673 l = sizeof(local);
674 if (getsockname(fd, &local.sa, &l) < 0)
675 return -errno;
676
677 l = sizeof(remote);
678 if (getpeername(fd, &remote.sa, &l) < 0)
679 return -errno;
680
681 switch (local.sa.sa_family) {
682
683 case AF_INET: {
684 uint32_t
685 a = ntohl(local.in.sin_addr.s_addr),
686 b = ntohl(remote.in.sin_addr.s_addr);
687
688 if (asprintf(&r,
77b088c2
LP		 689 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
690 nr,
4f2d528d
LP		 691 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
692 ntohs(local.in.sin_port),
693 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
694 ntohs(remote.in.sin_port)) < 0)
695 return -ENOMEM;
696
697 break;
698 }
699
700 case AF_INET6: {
c65a0b14 701 static const unsigned char ipv4_prefix[] = {
2b061f5a
LP		 702 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
703 };
704
705 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
706 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
707 const uint8_t
708 *a = local.in6.sin6_addr.s6_addr+12,
709 *b = remote.in6.sin6_addr.s6_addr+12;
710
711 if (asprintf(&r,
77b088c2
LP		 712 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
713 nr,
2b061f5a
LP		 714 a[0], a[1], a[2], a[3],
715 ntohs(local.in6.sin6_port),
716 b[0], b[1], b[2], b[3],
717 ntohs(remote.in6.sin6_port)) < 0)
718 return -ENOMEM;
719 } else {
720 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
721
722 if (asprintf(&r,
77b088c2
LP		 723 "%u-%s:%u-%s:%u",
724 nr,
2b061f5a
LP		 725 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
726 ntohs(local.in6.sin6_port),
727 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
728 ntohs(remote.in6.sin6_port)) < 0)
729 return -ENOMEM;
730 }
4f2d528d
LP		 731
732 break;
733 }
734
735 case AF_UNIX: {
736 struct ucred ucred;
eff05270 737 int k;
4f2d528d 738
eff05270 739 k = getpeercred(fd, &ucred);
d38f6e34
ZJS		 740 if (k >= 0) {
741 if (asprintf(&r,
742 "%u-"PID_FMT"-"UID_FMT,
743 nr, ucred.pid, ucred.uid) < 0)
744 return -ENOMEM;
745 } else if (k == -ENODATA) {
746 /* This handles the case where somebody is
747 * connecting from another pid/uid namespace
748 * (e.g. from outside of our container). */
749 if (asprintf(&r,
750 "%u-unknown",
751 nr) < 0)
752 return -ENOMEM;
753 } else
eff05270 754 return k;
2f20a8eb 755
2f20a8eb 756 break;
4f2d528d
LP		 757 }
758
759 default:
760 assert_not_reached("Unhandled socket type.");
761 }
762
763 *instance = r;
764 return 0;
765}
766
034c6ed7 767static void socket_close_fds(Socket *s) {
83c60c9f 768 SocketPort *p;
811ba7a0 769 char **i;
83c60c9f
LP		 770
771 assert(s);
772
034c6ed7 773 LIST_FOREACH(port, p, s->ports) {
718db961
LP		 774
775 p->event_source = sd_event_source_unref(p->event_source);
776
83c60c9f
LP		 777 if (p->fd < 0)
778 continue;
779
03e334a1 780 p->fd = safe_close(p->fd);
a16e1123 781
bd1fe7c7
LP		 782 /* One little note: we should normally not delete any
783 * sockets in the file system here! After all some
784 * other process we spawned might still have a
785 * reference of this fd and wants to continue to use
786 * it. Therefore we delete sockets in the file system
787 * before we create a new one, not after we stopped
788 * using one! */
789
790 if (s->remove_on_stop) {
791 switch (p->type) {
792
793 case SOCKET_FIFO:
794 unlink(p->path);
795 break;
796
797 case SOCKET_MQUEUE:
798 mq_unlink(p->path);
799 break;
800
801 case SOCKET_SOCKET:
802 socket_address_unlink(&p->address);
803 break;
804
805 default:
806 break;
807 }
808 }
83c60c9f 809 }
811ba7a0
LP		 810
811 if (s->remove_on_stop)
812 STRV_FOREACH(i, s->symlinks)
813 unlink(*i);
83c60c9f
LP		 814}
815
4fd5948e 816static void socket_apply_socket_options(Socket *s, int fd) {
d53e386d
LP		 817 int r;
818
4fd5948e
LP		 819 assert(s);
820 assert(fd >= 0);
821
822 if (s->keep_alive) {
823 int b = s->keep_alive;
824 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
f2341e0a 825 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
4fd5948e
LP		 826 }
827
209e9dcd
SS		 828 if (s->keep_alive_time) {
829 int value = s->keep_alive_time / USEC_PER_SEC;
830 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
f2341e0a 831 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
209e9dcd
SS		 832 }
833
834 if (s->keep_alive_interval) {
920b52e4 835 int value = s->keep_alive_interval / USEC_PER_SEC;
209e9dcd 836 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
f2341e0a 837 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
209e9dcd
SS		 838 }
839
840 if (s->keep_alive_cnt) {
841 int value = s->keep_alive_cnt;
842 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
f2341e0a 843 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
209e9dcd
SS		 844 }
845
cc567c9b
SS		 846 if (s->defer_accept) {
847 int value = s->defer_accept / USEC_PER_SEC;
848 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
f2341e0a 849 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
cc567c9b
SS		 850 }
851
4427c3f4
SS		 852 if (s->no_delay) {
853 int b = s->no_delay;
854 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
f2341e0a 855 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
4427c3f4
SS		 856 }
857
ec6370a2
LP		 858 if (s->broadcast) {
859 int one = 1;
860 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
f2341e0a 861 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
ec6370a2
LP		 862 }
863
d68af586
MS		 864 if (s->pass_cred) {
865 int one = 1;
866 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
f2341e0a 867 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
d68af586
MS		 868 }
869
54ecda32
LP		 870 if (s->pass_sec) {
871 int one = 1;
872 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
f2341e0a 873 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
54ecda32
LP		 874 }
875
4fd5948e
LP		 876 if (s->priority >= 0)
877 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
f2341e0a 878 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
4fd5948e
LP		 879
880 if (s->receive_buffer > 0) {
881 int value = (int) s->receive_buffer;
7d9eaa84
LP		 882
883 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
884
b8cef44e 885 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 886 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
f2341e0a 887 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
4fd5948e
LP		 888 }
889
890 if (s->send_buffer > 0) {
891 int value = (int) s->send_buffer;
b8cef44e 892 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 893 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
f2341e0a 894 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
4fd5948e
LP		 895 }
896
897 if (s->mark >= 0)
898 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
f2341e0a 899 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
4fd5948e
LP		 900
901 if (s->ip_tos >= 0)
902 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
f2341e0a 903 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
4fd5948e 904
46925ac5 905 if (s->ip_ttl >= 0) {
d53e386d 906 int x;
46925ac5
LP		 907
908 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
5bfcc1c6
FF		 909
910 if (socket_ipv6_is_supported())
911 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
912 else {
913 x = -1;
914 errno = EAFNOSUPPORT;
915 }
46925ac5
LP		 916
917 if (r < 0 && x < 0)
f2341e0a 918 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
46925ac5 919 }
cebf8b20
TT		 920
921 if (s->tcp_congestion)
922 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
f2341e0a 923 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
0eb59ccf 924
d53e386d
LP		 925 if (s->smack_ip_in) {
926 r = mac_smack_apply_ip_in_fd(fd, s->smack_ip_in);
927 if (r < 0)
f2341e0a 928 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
d53e386d 929 }
9a4e038c 930
d53e386d
LP		 931 if (s->smack_ip_out) {
932 r = mac_smack_apply_ip_out_fd(fd, s->smack_ip_out);
933 if (r < 0)
f2341e0a 934 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
d53e386d 935 }
4fd5948e
LP		 936}
937
b15bdda8 938static void socket_apply_fifo_options(Socket *s, int fd) {
d53e386d
LP		 939 int r;
940
4fd5948e
LP		 941 assert(s);
942 assert(fd >= 0);
943
944 if (s->pipe_size > 0)
945 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
f2341e0a 946 log_unit_warning_errno(UNIT(s), errno, "F_SETPIPE_SZ: %m");
0eb59ccf 947
d53e386d
LP		 948 if (s->smack) {
949 r = mac_smack_apply_fd(fd, s->smack);
950 if (r < 0)
f2341e0a 951 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_fd: %m");
d53e386d 952 }
4fd5948e
LP		 953}
954
b15bdda8
LP		 955static int fifo_address_create(
956 const char *path,
957 mode_t directory_mode,
958 mode_t socket_mode,
b15bdda8
LP		 959 int *_fd) {
960
7a58bfa4 961 int fd = -1, r = 0;
b15bdda8
LP		 962 struct stat st;
963 mode_t old_mask;
964
965 assert(path);
966 assert(_fd);
967
d2e54fae 968 mkdir_parents_label(path, directory_mode);
b15bdda8 969
ecabcf8b 970 r = mac_selinux_create_file_prepare(path, S_IFIFO);
e9a5ef7c 971 if (r < 0)
56cf987f 972 goto fail;
b15bdda8
LP		 973
974 /* Enforce the right access mode for the fifo */
975 old_mask = umask(~ socket_mode);
976
977 /* Include the original umask in our mask */
978 umask(~socket_mode | old_mask);
979
980 r = mkfifo(path, socket_mode);
981 umask(old_mask);
982
94bc2731 983 if (r < 0 && errno != EEXIST) {
b15bdda8
LP		 984 r = -errno;
985 goto fail;
986 }
987
e4f44e73 988 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
b15bdda8
LP		 989 r = -errno;
990 goto fail;
991 }
992
ecabcf8b 993 mac_selinux_create_file_clear();
7a58bfa4 994
b15bdda8
LP		 995 if (fstat(fd, &st) < 0) {
996 r = -errno;
997 goto fail;
998 }
999
1000 if (!S_ISFIFO(st.st_mode) ||
de0200fc 1001 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
e4f44e73
DR		 1002 st.st_uid != getuid() ||
1003 st.st_gid != getgid()) {
b15bdda8
LP		 1004
1005 r = -EEXIST;
1006 goto fail;
1007 }
1008
1009 *_fd = fd;
1010 return 0;
1011
1012fail:
ecabcf8b 1013 mac_selinux_create_file_clear();
03e334a1 1014 safe_close(fd);
b15bdda8
LP		 1015
1016 return r;
1017}
1018
b0a3f2bc
LP		 1019static int special_address_create(
1020 const char *path,
1021 int *_fd) {
1022
1023 int fd = -1, r = 0;
1024 struct stat st;
1025
1026 assert(path);
1027 assert(_fd);
1028
811ba7a0
LP		 1029 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1030 if (fd < 0) {
b0a3f2bc
LP		 1031 r = -errno;
1032 goto fail;
1033 }
1034
1035 if (fstat(fd, &st) < 0) {
1036 r = -errno;
1037 goto fail;
1038 }
1039
1040 /* Check whether this is a /proc, /sys or /dev file or char device */
1041 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1042 r = -EEXIST;
1043 goto fail;
1044 }
1045
1046 *_fd = fd;
1047 return 0;
1048
1049fail:
03e334a1 1050 safe_close(fd);
b0a3f2bc
LP		 1051
1052 return r;
1053}
1054
916abb21
LP		 1055static int mq_address_create(
1056 const char *path,
1057 mode_t mq_mode,
1058 long maxmsg,
1059 long msgsize,
1060 int *_fd) {
1061
1062 int fd = -1, r = 0;
1063 struct stat st;
1064 mode_t old_mask;
1065 struct mq_attr _attr, *attr = NULL;
1066
1067 assert(path);
1068 assert(_fd);
1069
1070 if (maxmsg > 0 && msgsize > 0) {
1071 zero(_attr);
1072 _attr.mq_flags = O_NONBLOCK;
1073 _attr.mq_maxmsg = maxmsg;
1074 _attr.mq_msgsize = msgsize;
1075 attr = &_attr;
1076 }
1077
1078 /* Enforce the right access mode for the mq */
1079 old_mask = umask(~ mq_mode);
1080
1081 /* Include the original umask in our mask */
1082 umask(~mq_mode | old_mask);
916abb21
LP		 1083 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1084 umask(old_mask);
1085
8ea913b2 1086 if (fd < 0) {
916abb21
LP		 1087 r = -errno;
1088 goto fail;
1089 }
1090
1091 if (fstat(fd, &st) < 0) {
1092 r = -errno;
1093 goto fail;
1094 }
1095
1096 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1097 st.st_uid != getuid() ||
1098 st.st_gid != getgid()) {
1099
1100 r = -EEXIST;
1101 goto fail;
1102 }
1103
1104 *_fd = fd;
1105 return 0;
1106
1107fail:
03e334a1 1108 safe_close(fd);
916abb21
LP		 1109 return r;
1110}
1111
811ba7a0
LP		 1112static int socket_symlink(Socket *s) {
1113 const char *p;
1114 char **i;
1115
1116 assert(s);
1117
1118 p = socket_find_symlink_target(s);
1119 if (!p)
1120 return 0;
1121
1122 STRV_FOREACH(i, s->symlinks)
43b133b4 1123 symlink_label(p, *i);
811ba7a0
LP		 1124
1125 return 0;
1126}
1127
034c6ed7 1128static int socket_open_fds(Socket *s) {
83c60c9f
LP		 1129 SocketPort *p;
1130 int r;
56cf987f 1131 char *label = NULL;
049f8642 1132 bool know_label = false;
83c60c9f
LP		 1133
1134 assert(s);
1135
034c6ed7 1136 LIST_FOREACH(port, p, s->ports) {
83c60c9f 1137
034c6ed7
LP		 1138 if (p->fd >= 0)
1139 continue;
83c60c9f
LP		 1140
1141 if (p->type == SOCKET_SOCKET) {
049f8642 1142
7f416dae
LP		 1143 if (!know_label) {
1144 /* Figure out label, if we don't it know
1145 * yet. We do it once, for the first
1146 * socket where we need this and
1147 * remember it for the rest. */
1148
1149 if (s->selinux_context_from_net) {
1150 /* Get it from the network label */
1151
1152 r = mac_selinux_get_our_label(&label);
75514a70 1153 if (r < 0 && r != -EOPNOTSUPP)
7f416dae 1154 goto rollback;
049f8642 1155
7f416dae
LP		 1156 } else {
1157 /* Get it from the executable we are about to start */
1158
1159 r = socket_instantiate_service(s);
1160 if (r < 0)
1161 goto rollback;
1162
1163 if (UNIT_ISSET(s->service) &&
1164 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1165 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
75514a70 1166 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
7f416dae
LP		 1167 goto rollback;
1168 }
189583d7 1169 }
049f8642
LP		 1170
1171 know_label = true;
1172 }
1173
175a3d25
LP		 1174 r = socket_address_listen(
1175 &p->address,
1176 SOCK_CLOEXEC|SOCK_NONBLOCK,
1177 s->backlog,
1178 s->bind_ipv6_only,
1179 s->bind_to_device,
54255c64 1180 s->reuse_port,
175a3d25
LP		 1181 s->free_bind,
1182 s->transparent,
1183 s->directory_mode,
1184 s->socket_mode,
1185 label);
1186 if (r < 0)
83c60c9f
LP		 1187 goto rollback;
1188
175a3d25 1189 p->fd = r;
4fd5948e 1190 socket_apply_socket_options(s, p->fd);
811ba7a0 1191 socket_symlink(s);
4fd5948e 1192
b0a3f2bc
LP		 1193 } else if (p->type == SOCKET_SPECIAL) {
1194
175a3d25
LP		 1195 r = special_address_create(
1196 p->path,
1197 &p->fd);
1198 if (r < 0)
b0a3f2bc
LP		 1199 goto rollback;
1200
b15bdda8 1201 } else if (p->type == SOCKET_FIFO) {
83c60c9f 1202
175a3d25
LP		 1203 r = fifo_address_create(
1204 p->path,
1205 s->directory_mode,
1206 s->socket_mode,
1207 &p->fd);
1208 if (r < 0)
83c60c9f 1209 goto rollback;
83c60c9f 1210
b15bdda8 1211 socket_apply_fifo_options(s, p->fd);
811ba7a0
LP		 1212 socket_symlink(s);
1213
916abb21 1214 } else if (p->type == SOCKET_MQUEUE) {
83c60c9f 1215
175a3d25
LP		 1216 r = mq_address_create(
1217 p->path,
1218 s->socket_mode,
1219 s->mq_maxmsg,
1220 s->mq_msgsize,
1221 &p->fd);
1222 if (r < 0)
916abb21 1223 goto rollback;
b15bdda8
LP		 1224 } else
1225 assert_not_reached("Unknown port type");
034c6ed7
LP		 1226 }
1227
cc56fafe 1228 mac_selinux_free(label);
034c6ed7
LP		 1229 return 0;
1230
1231rollback:
1232 socket_close_fds(s);
cc56fafe 1233 mac_selinux_free(label);
7f416dae 1234
034c6ed7
LP		 1235 return r;
1236}
1237
1238static void socket_unwatch_fds(Socket *s) {
1239 SocketPort *p;
718db961 1240 int r;
9152c765 1241
034c6ed7
LP		 1242 assert(s);
1243
1244 LIST_FOREACH(port, p, s->ports) {
1245 if (p->fd < 0)
1246 continue;
1247
a4152e3f
LP		 1248 if (!p->event_source)
1249 continue;
1250
1251 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1252 if (r < 0)
f2341e0a 1253 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
83c60c9f 1254 }
034c6ed7
LP		 1255}
1256
1257static int socket_watch_fds(Socket *s) {
1258 SocketPort *p;
1259 int r;
1260
1261 assert(s);
83c60c9f 1262
034c6ed7
LP		 1263 LIST_FOREACH(port, p, s->ports) {
1264 if (p->fd < 0)
1265 continue;
1266
cbf60d0a 1267 if (p->event_source) {
718db961 1268 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
cbf60d0a
LP		 1269 if (r < 0)
1270 goto fail;
1271 } else {
151b9b96 1272 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
cbf60d0a
LP		 1273 if (r < 0)
1274 goto fail;
4f2d528d 1275
cbf60d0a 1276 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
718db961 1277 }
034c6ed7 1278 }
83c60c9f 1279
542563ba 1280 return 0;
83c60c9f 1281
034c6ed7 1282fail:
cbf60d0a 1283 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
034c6ed7
LP		 1284 socket_unwatch_fds(s);
1285 return r;
1286}
1287
1288static void socket_set_state(Socket *s, SocketState state) {
1289 SocketState old_state;
1290 assert(s);
1291
1292 old_state = s->state;
1293 s->state = state;
1294
bd1fe7c7
LP		 1295 if (!IN_SET(state,
1296 SOCKET_START_PRE,
3900e5fd 1297 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1298 SOCKET_START_POST,
1299 SOCKET_STOP_PRE,
1300 SOCKET_STOP_PRE_SIGTERM,
1301 SOCKET_STOP_PRE_SIGKILL,
1302 SOCKET_STOP_POST,
1303 SOCKET_FINAL_SIGTERM,
1304 SOCKET_FINAL_SIGKILL)) {
718db961
LP		 1305
1306 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
5e94833f 1307 socket_unwatch_control_pid(s);
034c6ed7 1308 s->control_command = NULL;
a16e1123 1309 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
e537352b 1310 }
034c6ed7 1311
a16e1123
LP		 1312 if (state != SOCKET_LISTENING)
1313 socket_unwatch_fds(s);
1314
bd1fe7c7 1315 if (!IN_SET(state,
3900e5fd 1316 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1317 SOCKET_START_POST,
1318 SOCKET_LISTENING,
1319 SOCKET_RUNNING,
1320 SOCKET_STOP_PRE,
1321 SOCKET_STOP_PRE_SIGTERM,
1322 SOCKET_STOP_PRE_SIGKILL))
034c6ed7
LP		 1323 socket_close_fds(s);
1324
e537352b 1325 if (state != old_state)
f2341e0a 1326 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
acbb0225 1327
e2f3b44c 1328 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
034c6ed7
LP		 1329}
1330
be847e82 1331static int socket_coldplug(Unit *u) {
a16e1123
LP		 1332 Socket *s = SOCKET(u);
1333 int r;
1334
1335 assert(s);
1336 assert(s->state == SOCKET_DEAD);
1337
e821075a
LP		 1338 if (s->deserialized_state == s->state)
1339 return 0;
a16e1123 1340
3900e5fd
LP		 1341 if (IN_SET(s->deserialized_state,
1342 SOCKET_START_PRE,
1343 SOCKET_START_CHOWN,
1344 SOCKET_START_POST,
1345 SOCKET_STOP_PRE,
1346 SOCKET_STOP_PRE_SIGTERM,
1347 SOCKET_STOP_PRE_SIGKILL,
1348 SOCKET_STOP_POST,
1349 SOCKET_FINAL_SIGTERM,
1350 SOCKET_FINAL_SIGKILL)) {
a16e1123 1351
e821075a
LP		 1352 if (s->control_pid <= 0)
1353 return -EBADMSG;
a16e1123 1354
e821075a
LP		 1355 r = unit_watch_pid(UNIT(s), s->control_pid);
1356 if (r < 0)
1357 return r;
a16e1123 1358
e821075a
LP		 1359 r = socket_arm_timer(s);
1360 if (r < 0)
1361 return r;
1362 }
a16e1123 1363
3900e5fd
LP		 1364 if (IN_SET(s->deserialized_state,
1365 SOCKET_START_CHOWN,
1366 SOCKET_START_POST,
1367 SOCKET_LISTENING,
1368 SOCKET_RUNNING,
1369 SOCKET_STOP_PRE,
1370 SOCKET_STOP_PRE_SIGTERM,
1371 SOCKET_STOP_PRE_SIGKILL)) {
e821075a
LP		 1372 r = socket_open_fds(s);
1373 if (r < 0)
1374 return r;
1375 }
a16e1123 1376
e821075a
LP		 1377 if (s->deserialized_state == SOCKET_LISTENING) {
1378 r = socket_watch_fds(s);
1379 if (r < 0)
1380 return r;
a16e1123
LP		 1381 }
1382
e821075a 1383 socket_set_state(s, s->deserialized_state);
a16e1123
LP		 1384 return 0;
1385}
1386
e537352b 1387static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
3900e5fd 1388 _cleanup_free_ char **argv = NULL;
034c6ed7
LP		 1389 pid_t pid;
1390 int r;
9fa95f85
DM		 1391 ExecParameters exec_params = {
1392 .apply_permissions = true,
1393 .apply_chroot = true,
1394 .apply_tty_stdin = true,
6f856a09 1395 .bus_endpoint_fd = -1,
9fa95f85 1396 };
034c6ed7
LP		 1397
1398 assert(s);
1399 assert(c);
1400 assert(_pid);
1401
5ad096b3
LP		 1402 (void) unit_realize_cgroup(UNIT(s));
1403 if (s->reset_cpu_usage) {
1404 (void) unit_reset_cpu_usage(UNIT(s));
1405 s->reset_cpu_usage = false;
1406 }
4ad49000 1407
613b411c
LP		 1408 r = unit_setup_exec_runtime(UNIT(s));
1409 if (r < 0)
1410 goto fail;
1411
718db961 1412 r = socket_arm_timer(s);
36697dc0 1413 if (r < 0)
e537352b 1414 goto fail;
034c6ed7 1415
19f6d710
LP		 1416 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1417 if (r < 0)
9e2f7c11 1418 goto fail;
9e2f7c11 1419
9fa95f85
DM		 1420 exec_params.argv = argv;
1421 exec_params.environment = UNIT(s)->manager->environment;
1422 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1423 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1424 exec_params.cgroup_path = UNIT(s)->cgroup_path;
a931ad47 1425 exec_params.cgroup_delegate = s->cgroup_context.delegate;
9fa95f85 1426 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
9fa95f85 1427
f2341e0a
LP		 1428 r = exec_spawn(UNIT(s),
1429 c,
9e2f7c11 1430 &s->exec_context,
9fa95f85 1431 &exec_params,
613b411c 1432 s->exec_runtime,
9e2f7c11 1433 &pid);
cee288ad
TA		 1434 if (r < 0)
1435 goto fail;
9e2f7c11 1436
3900e5fd 1437 r = unit_watch_pid(UNIT(s), pid);
9e2f7c11 1438 if (r < 0)
3900e5fd 1439 /* FIXME: we need to do something here */
034c6ed7
LP		 1440 goto fail;
1441
3900e5fd
LP		 1442 *_pid = pid;
1443 return 0;
1444
1445fail:
1446 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1447 return r;
1448}
1449
1450static int socket_chown(Socket *s, pid_t *_pid) {
1451 pid_t pid;
1452 int r;
1453
1454 r = socket_arm_timer(s);
1455 if (r < 0)
1456 goto fail;
1457
1458 /* We have to resolve the user names out-of-process, hence
1459 * let's fork here. It's messy, but well, what can we do? */
1460
1461 pid = fork();
1462 if (pid < 0)
1463 return -errno;
1464
1465 if (pid == 0) {
1466 SocketPort *p;
fed1e721
LP		 1467 uid_t uid = UID_INVALID;
1468 gid_t gid = GID_INVALID;
3900e5fd
LP		 1469 int ret;
1470
ce30c8dc
LP		 1471 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1472 (void) ignore_signals(SIGPIPE, -1);
3900e5fd
LP		 1473 log_forget_fds();
1474
1475 if (!isempty(s->user)) {
1476 const char *user = s->user;
1477
1478 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1479 if (r < 0) {
1480 ret = EXIT_USER;
1481 goto fail_child;
1482 }
1483 }
1484
1485 if (!isempty(s->group)) {
1486 const char *group = s->group;
1487
1488 r = get_group_creds(&group, &gid);
1489 if (r < 0) {
1490 ret = EXIT_GROUP;
1491 goto fail_child;
1492 }
1493 }
1494
1495 LIST_FOREACH(port, p, s->ports) {
e5a1c18d 1496 const char *path = NULL;
3900e5fd
LP		 1497
1498 if (p->type == SOCKET_SOCKET)
1499 path = socket_address_get_path(&p->address);
1500 else if (p->type == SOCKET_FIFO)
1501 path = p->path;
1502
1503 if (!path)
1504 continue;
1505
1506 if (chown(path, uid, gid) < 0) {
1507 r = -errno;
1508 ret = EXIT_CHOWN;
1509 goto fail_child;
1510 }
1511 }
1512
1513 _exit(0);
1514
1515 fail_child:
1516 log_open();
da927ba9 1517 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
3900e5fd
LP		 1518
1519 _exit(ret);
1520 }
1521
718db961
LP		 1522 r = unit_watch_pid(UNIT(s), pid);
1523 if (r < 0)
034c6ed7 1524 goto fail;
83c60c9f 1525
034c6ed7 1526 *_pid = pid;
034c6ed7
LP		 1527 return 0;
1528
1529fail:
718db961 1530 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
83c60c9f 1531 return r;
542563ba
LP		 1532}
1533
cfc4eb4c 1534static void socket_enter_dead(Socket *s, SocketResult f) {
034c6ed7
LP		 1535 assert(s);
1536
cfc4eb4c
LP		 1537 if (f != SOCKET_SUCCESS)
1538 s->result = f;
034c6ed7 1539
613b411c
LP		 1540 exec_runtime_destroy(s->exec_runtime);
1541 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1542
e66cf1a3
LP		 1543 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1544
cfc4eb4c 1545 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
034c6ed7
LP		 1546}
1547
cfc4eb4c 1548static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
80876c20 1549
cfc4eb4c 1550static void socket_enter_stop_post(Socket *s, SocketResult f) {
034c6ed7
LP		 1551 int r;
1552 assert(s);
1553
cfc4eb4c
LP		 1554 if (f != SOCKET_SUCCESS)
1555 s->result = f;
034c6ed7 1556
5e94833f 1557 socket_unwatch_control_pid(s);
a16e1123 1558 s->control_command_id = SOCKET_EXEC_STOP_POST;
3900e5fd 1559 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
a16e1123 1560
3900e5fd
LP		 1561 if (s->control_command) {
1562 r = socket_spawn(s, s->control_command, &s->control_pid);
1563 if (r < 0)
034c6ed7
LP		 1564 goto fail;
1565
80876c20
LP		 1566 socket_set_state(s, SOCKET_STOP_POST);
1567 } else
cfc4eb4c 1568 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
034c6ed7
LP		 1569
1570 return;
1571
1572fail:
f2341e0a 1573 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
cfc4eb4c 1574 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1575}
1576
cfc4eb4c 1577static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
034c6ed7
LP		 1578 int r;
1579
1580 assert(s);
1581
cfc4eb4c
LP		 1582 if (f != SOCKET_SUCCESS)
1583 s->result = f;
034c6ed7 1584
cd2086fe
LP		 1585 r = unit_kill_context(
1586 UNIT(s),
1587 &s->kill_context,
db2cb23b
UTL		 1588 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1589 KILL_KILL : KILL_TERMINATE,
cd2086fe
LP		 1590 -1,
1591 s->control_pid,
1592 false);
1593 if (r < 0)
1594 goto fail;
034c6ed7 1595
cd2086fe 1596 if (r > 0) {
718db961 1597 r = socket_arm_timer(s);
36697dc0 1598 if (r < 0)
80876c20 1599 goto fail;
d6ea93e3 1600
80876c20 1601 socket_set_state(s, state);
ac84d1fb
LP		 1602 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1603 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1604 else if (state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1605 socket_enter_stop_post(s, SOCKET_SUCCESS);
ac84d1fb
LP		 1606 else if (state == SOCKET_FINAL_SIGTERM)
1607 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
80876c20 1608 else
cfc4eb4c 1609 socket_enter_dead(s, SOCKET_SUCCESS);
034c6ed7
LP		 1610
1611 return;
1612
1613fail:
f2341e0a 1614 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
034c6ed7
LP		 1615
1616 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1617 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1618 else
cfc4eb4c 1619 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1620}
1621
cfc4eb4c 1622static void socket_enter_stop_pre(Socket *s, SocketResult f) {
034c6ed7
LP		 1623 int r;
1624 assert(s);
1625
cfc4eb4c
LP		 1626 if (f != SOCKET_SUCCESS)
1627 s->result = f;
034c6ed7 1628
5e94833f 1629 socket_unwatch_control_pid(s);
a16e1123 1630 s->control_command_id = SOCKET_EXEC_STOP_PRE;
3900e5fd 1631 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
a16e1123 1632
3900e5fd
LP		 1633 if (s->control_command) {
1634 r = socket_spawn(s, s->control_command, &s->control_pid);
1635 if (r < 0)
034c6ed7
LP		 1636 goto fail;
1637
80876c20
LP		 1638 socket_set_state(s, SOCKET_STOP_PRE);
1639 } else
cfc4eb4c 1640 socket_enter_stop_post(s, SOCKET_SUCCESS);
034c6ed7
LP		 1641
1642 return;
1643
1644fail:
f2341e0a 1645 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
cfc4eb4c 1646 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1647}
1648
e9af15c3
LP		 1649static void socket_enter_listening(Socket *s) {
1650 int r;
1651 assert(s);
1652
cfc4eb4c
LP		 1653 r = socket_watch_fds(s);
1654 if (r < 0) {
f2341e0a 1655 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
e9af15c3
LP		 1656 goto fail;
1657 }
1658
1659 socket_set_state(s, SOCKET_LISTENING);
1660 return;
1661
1662fail:
cfc4eb4c 1663 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
e9af15c3
LP		 1664}
1665
034c6ed7
LP		 1666static void socket_enter_start_post(Socket *s) {
1667 int r;
1668 assert(s);
1669
3900e5fd
LP		 1670 socket_unwatch_control_pid(s);
1671 s->control_command_id = SOCKET_EXEC_START_POST;
1672 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1673
1674 if (s->control_command) {
1675 r = socket_spawn(s, s->control_command, &s->control_pid);
1676 if (r < 0) {
f2341e0a 1677 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
3900e5fd
LP		 1678 goto fail;
1679 }
1680
1681 socket_set_state(s, SOCKET_START_POST);
1682 } else
1683 socket_enter_listening(s);
1684
1685 return;
1686
1687fail:
1688 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1689}
1690
1691static void socket_enter_start_chown(Socket *s) {
1692 int r;
1693
1694 assert(s);
1695
cfc4eb4c
LP		 1696 r = socket_open_fds(s);
1697 if (r < 0) {
f2341e0a 1698 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
034c6ed7
LP		 1699 goto fail;
1700 }
1701
3900e5fd 1702 if (!isempty(s->user) || !isempty(s->group)) {
5e94833f 1703
3900e5fd
LP		 1704 socket_unwatch_control_pid(s);
1705 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1706 s->control_command = NULL;
a16e1123 1707
3900e5fd 1708 r = socket_chown(s, &s->control_pid);
cfc4eb4c 1709 if (r < 0) {
f2341e0a 1710 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
034c6ed7
LP		 1711 goto fail;
1712 }
1713
3900e5fd 1714 socket_set_state(s, SOCKET_START_CHOWN);
80876c20 1715 } else
3900e5fd 1716 socket_enter_start_post(s);
034c6ed7
LP		 1717
1718 return;
1719
1720fail:
cfc4eb4c 1721 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1722}
1723
1724static void socket_enter_start_pre(Socket *s) {
1725 int r;
1726 assert(s);
1727
5e94833f 1728 socket_unwatch_control_pid(s);
a16e1123 1729 s->control_command_id = SOCKET_EXEC_START_PRE;
3900e5fd 1730 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
a16e1123 1731
3900e5fd 1732 if (s->control_command) {
e821075a 1733 r = socket_spawn(s, s->control_command, &s->control_pid);
3900e5fd 1734 if (r < 0) {
f2341e0a 1735 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
034c6ed7 1736 goto fail;
3900e5fd 1737 }
034c6ed7 1738
80876c20
LP		 1739 socket_set_state(s, SOCKET_START_PRE);
1740 } else
3900e5fd 1741 socket_enter_start_chown(s);
034c6ed7
LP		 1742
1743 return;
1744
1745fail:
cfc4eb4c 1746 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1747}
1748
4f2d528d 1749static void socket_enter_running(Socket *s, int cfd) {
718db961 1750 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
034c6ed7
LP		 1751 int r;
1752
1753 assert(s);
1754
ba3e67a7
LP		 1755 /* We don't take connections anymore if we are supposed to
1756 * shut down anyway */
31afa0a4 1757 if (unit_stop_pending(UNIT(s))) {
e821075a 1758
f2341e0a 1759 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
5d909e3e 1760
7c610628 1761 if (cfd >= 0)
03e334a1 1762 safe_close(cfd);
7c610628
LP		 1763 else {
1764 /* Flush all sockets by closing and reopening them */
1765 socket_close_fds(s);
1766
16ac4014
LP		 1767 r = socket_open_fds(s);
1768 if (r < 0) {
f2341e0a 1769 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
16ac4014
LP		 1770 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1771 return;
1772 }
1773
1a710b43
MS		 1774 r = socket_watch_fds(s);
1775 if (r < 0) {
f2341e0a 1776 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
cfc4eb4c 1777 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
7c610628
LP		 1778 }
1779 }
1780
ba3e67a7
LP		 1781 return;
1782 }
1783
4f2d528d 1784 if (cfd < 0) {
57020a3a 1785 Iterator i;
e821075a 1786 Unit *other;
f976f3f6 1787 bool pending = false;
f976f3f6
LP		 1788
1789 /* If there's already a start pending don't bother to
1790 * do anything */
e821075a
LP		 1791 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1792 if (unit_active_or_pending(other)) {
57020a3a
LP		 1793 pending = true;
1794 break;
1795 }
f976f3f6 1796
1a710b43 1797 if (!pending) {
640ace4a 1798 if (!UNIT_ISSET(s->service)) {
f2341e0a 1799 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
640ace4a
LP		 1800 r = -ENOENT;
1801 goto fail;
1802 }
1803
1a710b43
MS		 1804 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1805 if (r < 0)
f976f3f6 1806 goto fail;
1a710b43 1807 }
4f2d528d
LP		 1808
1809 socket_set_state(s, SOCKET_RUNNING);
1810 } else {
e55001eb 1811 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
b15bdda8 1812 Service *service;
4f2d528d 1813
6cf6bbc2 1814 if (s->n_connections >= s->max_connections) {
f2341e0a 1815 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
03e334a1 1816 safe_close(cfd);
6cf6bbc2
LP		 1817 return;
1818 }
1819
1a710b43
MS		 1820 r = socket_instantiate_service(s);
1821 if (r < 0)
b15bdda8
LP		 1822 goto fail;
1823
1a710b43
MS		 1824 r = instance_from_socket(cfd, s->n_accepted, &instance);
1825 if (r < 0) {
1826 if (r != -ENOTCONN)
1827 goto fail;
1828
1829 /* ENOTCONN is legitimate if TCP RST was received.
1830 * This connection is over, but the socket unit lives on. */
03e334a1 1831 safe_close(cfd);
1a710b43
MS		 1832 return;
1833 }
4f2d528d 1834
7410616c
LP		 1835 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1836 if (r < 0)
4f2d528d 1837 goto fail;
4f2d528d 1838
7410616c
LP		 1839 r = unit_name_build(prefix, instance, ".service", &name);
1840 if (r < 0)
b6dbbe1c 1841 goto fail;
4f2d528d 1842
1a710b43 1843 r = unit_add_name(UNIT_DEREF(s->service), name);
e55001eb 1844 if (r < 0)
4f2d528d 1845 goto fail;
b15bdda8 1846
57020a3a
LP		 1847 service = SERVICE(UNIT_DEREF(s->service));
1848 unit_ref_unset(&s->service);
b15bdda8 1849 s->n_accepted ++;
4f2d528d 1850
1124fe6f 1851 UNIT(service)->no_gc = false;
6c073082 1852
b15bdda8 1853 unit_choose_id(UNIT(service), name);
b15bdda8 1854
16115b0a 1855 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1a710b43 1856 if (r < 0)
4f2d528d
LP		 1857 goto fail;
1858
1859 cfd = -1;
6cf6bbc2
LP		 1860 s->n_connections ++;
1861
1a710b43
MS		 1862 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1863 if (r < 0)
4f2d528d 1864 goto fail;
c4e2ceae
LP		 1865
1866 /* Notify clients about changed counters */
1867 unit_add_to_dbus_queue(UNIT(s));
4f2d528d 1868 }
034c6ed7 1869
034c6ed7
LP		 1870 return;
1871
1872fail:
f2341e0a
LP		 1873 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1874 cfd >= 0 ? "template" : "non-template",
718db961 1875 bus_error_message(&error, r));
e821075a 1876
60089004 1877 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
03e334a1 1878 safe_close(cfd);
034c6ed7
LP		 1879}
1880
cfc4eb4c 1881static void socket_run_next(Socket *s) {
034c6ed7
LP		 1882 int r;
1883
1884 assert(s);
1885 assert(s->control_command);
1886 assert(s->control_command->command_next);
1887
5e94833f
LP		 1888 socket_unwatch_control_pid(s);
1889
034c6ed7
LP		 1890 s->control_command = s->control_command->command_next;
1891
e821075a
LP		 1892 r = socket_spawn(s, s->control_command, &s->control_pid);
1893 if (r < 0)
034c6ed7
LP		 1894 goto fail;
1895
1896 return;
1897
1898fail:
f2341e0a 1899 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
80876c20
LP		 1900
1901 if (s->state == SOCKET_START_POST)
cfc4eb4c 1902 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1903 else if (s->state == SOCKET_STOP_POST)
cfc4eb4c 1904 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1905 else
cfc4eb4c 1906 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1907}
1908
87f0e418
LP		 1909static int socket_start(Unit *u) {
1910 Socket *s = SOCKET(u);
83c60c9f
LP		 1911
1912 assert(s);
1913
034c6ed7
LP		 1914 /* We cannot fulfill this request right now, try again later
1915 * please! */
3900e5fd
LP		 1916 if (IN_SET(s->state,
1917 SOCKET_STOP_PRE,
1918 SOCKET_STOP_PRE_SIGKILL,
1919 SOCKET_STOP_PRE_SIGTERM,
1920 SOCKET_STOP_POST,
1921 SOCKET_FINAL_SIGTERM,
1922 SOCKET_FINAL_SIGKILL))
034c6ed7
LP		 1923 return -EAGAIN;
1924
a4152e3f 1925 /* Already on it! */
3900e5fd
LP		 1926 if (IN_SET(s->state,
1927 SOCKET_START_PRE,
1928 SOCKET_START_CHOWN,
1929 SOCKET_START_POST))
034c6ed7 1930 return 0;
83c60c9f 1931
034c6ed7 1932 /* Cannot run this without the service being around */
9444b1f2 1933 if (UNIT_ISSET(s->service)) {
57020a3a
LP		 1934 Service *service;
1935
1936 service = SERVICE(UNIT_DEREF(s->service));
1937
1124fe6f 1938 if (UNIT(service)->load_state != UNIT_LOADED) {
f2341e0a 1939 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
4f2d528d 1940 return -ENOENT;
4ac9236f 1941 }
4f2d528d 1942
35b8ca3a 1943 /* If the service is already active we cannot start the
4f2d528d 1944 * socket */
57020a3a
LP		 1945 if (service->state != SERVICE_DEAD &&
1946 service->state != SERVICE_FAILED &&
1947 service->state != SERVICE_AUTO_RESTART) {
f2341e0a 1948 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
4f2d528d 1949 return -EBUSY;
4ac9236f 1950 }
4f2d528d 1951 }
e537352b 1952
fdf20a31 1953 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
83c60c9f 1954
cfc4eb4c 1955 s->result = SOCKET_SUCCESS;
5ad096b3
LP		 1956 s->reset_cpu_usage = true;
1957
034c6ed7 1958 socket_enter_start_pre(s);
e821075a 1959
82a2b6bb 1960 return 1;
034c6ed7 1961}
83c60c9f 1962
87f0e418
LP		 1963static int socket_stop(Unit *u) {
1964 Socket *s = SOCKET(u);
034c6ed7
LP		 1965
1966 assert(s);
1967
e537352b 1968 /* Already on it */
3900e5fd
LP		 1969 if (IN_SET(s->state,
1970 SOCKET_STOP_PRE,
1971 SOCKET_STOP_PRE_SIGTERM,
1972 SOCKET_STOP_PRE_SIGKILL,
1973 SOCKET_STOP_POST,
1974 SOCKET_FINAL_SIGTERM,
1975 SOCKET_FINAL_SIGKILL))
e537352b
LP		 1976 return 0;
1977
3f6c78dc
LP		 1978 /* If there's already something running we go directly into
1979 * kill mode. */
3900e5fd
LP		 1980 if (IN_SET(s->state,
1981 SOCKET_START_PRE,
1982 SOCKET_START_CHOWN,
1983 SOCKET_START_POST)) {
cfc4eb4c 1984 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
3f6c78dc
LP		 1985 return -EAGAIN;
1986 }
1987
034c6ed7 1988 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
83c60c9f 1989
cfc4eb4c 1990 socket_enter_stop_pre(s, SOCKET_SUCCESS);
82a2b6bb 1991 return 1;
542563ba
LP		 1992}
1993
a16e1123
LP		 1994static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1995 Socket *s = SOCKET(u);
1996 SocketPort *p;
1997 int r;
1998
1999 assert(u);
2000 assert(f);
2001 assert(fds);
2002
2003 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
cfc4eb4c 2004 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
a16e1123
LP		 2005 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2006
2007 if (s->control_pid > 0)
de0671ee 2008 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
a16e1123
LP		 2009
2010 if (s->control_command_id >= 0)
2011 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2012
2013 LIST_FOREACH(port, p, s->ports) {
2014 int copy;
2015
2016 if (p->fd < 0)
2017 continue;
2018
613b411c
LP		 2019 copy = fdset_put_dup(fds, p->fd);
2020 if (copy < 0)
a16e1123
LP		 2021 return copy;
2022
2023 if (p->type == SOCKET_SOCKET) {
613b411c 2024 _cleanup_free_ char *t = NULL;
a16e1123 2025
ee092817
LP		 2026 r = socket_address_print(&p->address, &t);
2027 if (r < 0)
a16e1123
LP		 2028 return r;
2029
7a22745a
LP		 2030 if (socket_address_family(&p->address) == AF_NETLINK)
2031 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2032 else
2033 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
613b411c 2034
b0a3f2bc
LP		 2035 } else if (p->type == SOCKET_SPECIAL)
2036 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
ee092817
LP		 2037 else if (p->type == SOCKET_MQUEUE)
2038 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
b0a3f2bc 2039 else {
a16e1123
LP		 2040 assert(p->type == SOCKET_FIFO);
2041 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2042 }
2043 }
2044
2045 return 0;
2046}
2047
2048static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2049 Socket *s = SOCKET(u);
a16e1123
LP		 2050
2051 assert(u);
2052 assert(key);
2053 assert(value);
a16e1123
LP		 2054
2055 if (streq(key, "state")) {
2056 SocketState state;
2057
ee092817
LP		 2058 state = socket_state_from_string(value);
2059 if (state < 0)
f2341e0a 2060 log_unit_debug(u, "Failed to parse state value: %s", value);
a16e1123
LP		 2061 else
2062 s->deserialized_state = state;
cfc4eb4c
LP		 2063 } else if (streq(key, "result")) {
2064 SocketResult f;
a16e1123 2065
cfc4eb4c
LP		 2066 f = socket_result_from_string(value);
2067 if (f < 0)
f2341e0a 2068 log_unit_debug(u, "Failed to parse result value: %s", value);
cfc4eb4c
LP		 2069 else if (f != SOCKET_SUCCESS)
2070 s->result = f;
a16e1123
LP		 2071
2072 } else if (streq(key, "n-accepted")) {
2073 unsigned k;
2074
e364ad06 2075 if (safe_atou(value, &k) < 0)
f2341e0a 2076 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
a16e1123
LP		 2077 else
2078 s->n_accepted += k;
2079 } else if (streq(key, "control-pid")) {
5925dd3c 2080 pid_t pid;
a16e1123 2081
e364ad06 2082 if (parse_pid(value, &pid) < 0)
f2341e0a 2083 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
a16e1123 2084 else
5925dd3c 2085 s->control_pid = pid;
a16e1123
LP		 2086 } else if (streq(key, "control-command")) {
2087 SocketExecCommand id;
2088
66870f90
ZJS		 2089 id = socket_exec_command_from_string(value);
2090 if (id < 0)
f2341e0a 2091 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
a16e1123
LP		 2092 else {
2093 s->control_command_id = id;
2094 s->control_command = s->exec_command[id];
2095 }
2096 } else if (streq(key, "fifo")) {
2097 int fd, skip = 0;
2098 SocketPort *p;
2099
2100 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2101 log_unit_debug(u, "Failed to parse fifo value: %s", value);
a16e1123
LP		 2102 else {
2103
2104 LIST_FOREACH(port, p, s->ports)
b0a3f2bc 2105 if (p->type == SOCKET_FIFO &&
c78e47a6 2106 path_equal_or_files_same(p->path, value+skip))
b0a3f2bc
LP		 2107 break;
2108
2109 if (p) {
03e334a1 2110 safe_close(p->fd);
b0a3f2bc
LP		 2111 p->fd = fdset_remove(fds, fd);
2112 }
2113 }
2114
2115 } else if (streq(key, "special")) {
2116 int fd, skip = 0;
2117 SocketPort *p;
2118
2119 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2120 log_unit_debug(u, "Failed to parse special value: %s", value);
b0a3f2bc
LP		 2121 else {
2122
2123 LIST_FOREACH(port, p, s->ports)
2124 if (p->type == SOCKET_SPECIAL &&
c78e47a6 2125 path_equal_or_files_same(p->path, value+skip))
a16e1123
LP		 2126 break;
2127
2128 if (p) {
03e334a1 2129 safe_close(p->fd);
a16e1123
LP		 2130 p->fd = fdset_remove(fds, fd);
2131 }
2132 }
2133
ee092817
LP		 2134 } else if (streq(key, "mqueue")) {
2135 int fd, skip = 0;
2136 SocketPort *p;
2137
2138 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2139 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
ee092817
LP		 2140 else {
2141
2142 LIST_FOREACH(port, p, s->ports)
2143 if (p->type == SOCKET_MQUEUE &&
c78e47a6 2144 streq(p->path, value+skip))
ee092817
LP		 2145 break;
2146
2147 if (p) {
03e334a1 2148 safe_close(p->fd);
ee092817
LP		 2149 p->fd = fdset_remove(fds, fd);
2150 }
2151 }
2152
a16e1123 2153 } else if (streq(key, "socket")) {
27ca8d7a 2154 int fd, type, skip = 0;
a16e1123
LP		 2155 SocketPort *p;
2156
27ca8d7a 2157 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
f2341e0a 2158 log_unit_debug(u, "Failed to parse socket value: %s", value);
a16e1123
LP		 2159 else {
2160
2161 LIST_FOREACH(port, p, s->ports)
27ca8d7a 2162 if (socket_address_is(&p->address, value+skip, type))
a16e1123
LP		 2163 break;
2164
2165 if (p) {
03e334a1 2166 safe_close(p->fd);
a16e1123
LP		 2167 p->fd = fdset_remove(fds, fd);
2168 }
2169 }
2170
7a22745a
LP		 2171 } else if (streq(key, "netlink")) {
2172 int fd, skip = 0;
2173 SocketPort *p;
2174
2175 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2176 log_unit_debug(u, "Failed to parse socket value: %s", value);
7a22745a
LP		 2177 else {
2178
2179 LIST_FOREACH(port, p, s->ports)
2180 if (socket_address_is_netlink(&p->address, value+skip))
2181 break;
2182
2183 if (p) {
03e334a1 2184 safe_close(p->fd);
7a22745a
LP		 2185 p->fd = fdset_remove(fds, fd);
2186 }
2187 }
a16e1123 2188 } else
f2341e0a 2189 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
a16e1123
LP		 2190
2191 return 0;
2192}
2193
01e10de3
LP		 2194static int socket_distribute_fds(Unit *u, FDSet *fds) {
2195 Socket *s = SOCKET(u);
2196 SocketPort *p;
2197
2198 assert(u);
2199
2200 LIST_FOREACH(port, p, s->ports) {
2201 Iterator i;
2202 int fd;
2203
2204 if (p->type != SOCKET_SOCKET)
2205 continue;
2206
2207 if (p->fd >= 0)
2208 continue;
2209
2210 FDSET_FOREACH(fd, fds, i) {
2211 if (socket_address_matches_fd(&p->address, fd)) {
2212 p->fd = fdset_remove(fds, fd);
2213 s->deserialized_state = SOCKET_LISTENING;
2214 break;
2215 }
2216 }
2217 }
2218
2219 return 0;
2220}
2221
44a6b1b6 2222_pure_ static UnitActiveState socket_active_state(Unit *u) {
87f0e418 2223 assert(u);
5cb5a6ff 2224
acbb0225 2225 return state_translation_table[SOCKET(u)->state];
5cb5a6ff
LP		 2226}
2227
44a6b1b6 2228_pure_ static const char *socket_sub_state_to_string(Unit *u) {
10a94420
LP		 2229 assert(u);
2230
a16e1123 2231 return socket_state_to_string(SOCKET(u)->state);
10a94420
LP		 2232}
2233
67419600
OS		 2234const char* socket_port_type_to_string(SocketPort *p) {
2235
2236 assert(p);
2237
2238 switch (p->type) {
718db961
LP		 2239
2240 case SOCKET_SOCKET:
2241
2242 switch (p->address.type) {
2243
2244 case SOCK_STREAM:
2245 return "Stream";
2246
2247 case SOCK_DGRAM:
2248 return "Datagram";
2249
2250 case SOCK_SEQPACKET:
2251 return "SequentialPacket";
2252
2253 case SOCK_RAW:
2254 if (socket_address_family(&p->address) == AF_NETLINK)
2255 return "Netlink";
2256
2257 default:
2258 return NULL;
2259 }
2260
2261 case SOCKET_SPECIAL:
2262 return "Special";
2263
2264 case SOCKET_MQUEUE:
2265 return "MessageQueue";
2266
2267 case SOCKET_FIFO:
2268 return "FIFO";
2269
2270 default:
2271 return NULL;
67419600
OS		 2272 }
2273}
2274
44a6b1b6 2275_pure_ static bool socket_check_gc(Unit *u) {
6cf6bbc2
LP		 2276 Socket *s = SOCKET(u);
2277
2278 assert(u);
2279
2280 return s->n_connections > 0;
2281}
2282
718db961
LP		 2283static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2284 SocketPort *p = userdata;
4f2d528d 2285 int cfd = -1;
9152c765 2286
718db961 2287 assert(p);
8d567588 2288 assert(fd >= 0);
9152c765 2289
718db961
LP		 2290 if (p->socket->state != SOCKET_LISTENING)
2291 return 0;
871d7de4 2292
f2341e0a 2293 log_unit_debug(UNIT(p->socket), "Incoming traffic");
9152c765 2294
718db961 2295 if (revents != EPOLLIN) {
641e01dc 2296
718db961 2297 if (revents & EPOLLHUP)
f2341e0a 2298 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
641e01dc 2299 else
f2341e0a 2300 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
641e01dc 2301
8d567588 2302 goto fail;
4f2d528d
LP		 2303 }
2304
718db961
LP		 2305 if (p->socket->accept &&
2306 p->type == SOCKET_SOCKET &&
2307 socket_address_can_accept(&p->address)) {
2308
4f2d528d
LP		 2309 for (;;) {
2310
b14eda96
LP		 2311 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2312 if (cfd < 0) {
4f2d528d
LP		 2313
2314 if (errno == EINTR)
2315 continue;
2316
f2341e0a 2317 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
8d567588 2318 goto fail;
4f2d528d
LP		 2319 }
2320
2321 break;
2322 }
4fd5948e 2323
718db961 2324 socket_apply_socket_options(p->socket, cfd);
4f2d528d 2325 }
9152c765 2326
718db961
LP		 2327 socket_enter_running(p->socket, cfd);
2328 return 0;
8d567588
LP		 2329
2330fail:
718db961
LP		 2331 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2332 return 0;
9152c765
LP		 2333}
2334
87f0e418
LP		 2335static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2336 Socket *s = SOCKET(u);
cfc4eb4c 2337 SocketResult f;
5cb5a6ff
LP		 2338
2339 assert(s);
034c6ed7 2340 assert(pid >= 0);
5cb5a6ff 2341
8c47c732
LP		 2342 if (pid != s->control_pid)
2343 return;
542563ba 2344
034c6ed7
LP		 2345 s->control_pid = 0;
2346
96342de6 2347 if (is_clean_exit(code, status, NULL))
cfc4eb4c
LP		 2348 f = SOCKET_SUCCESS;
2349 else if (code == CLD_EXITED)
2350 f = SOCKET_FAILURE_EXIT_CODE;
2351 else if (code == CLD_KILLED)
2352 f = SOCKET_FAILURE_SIGNAL;
2353 else if (code == CLD_DUMPED)
2354 f = SOCKET_FAILURE_CORE_DUMP;
2355 else
a4152e3f 2356 assert_not_reached("Unknown sigchld code");
8c47c732 2357
b708e7ce 2358 if (s->control_command) {
6ea832a2 2359 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
a16e1123 2360
b708e7ce 2361 if (s->control_command->ignore)
cfc4eb4c 2362 f = SOCKET_SUCCESS;
b708e7ce
LP		 2363 }
2364
f2341e0a
LP		 2365 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2366 "Control process exited, code=%s status=%i",
2367 sigchld_code_to_string(code), status);
034c6ed7 2368
cfc4eb4c
LP		 2369 if (f != SOCKET_SUCCESS)
2370 s->result = f;
2371
2372 if (s->control_command &&
2373 s->control_command->command_next &&
2374 f == SOCKET_SUCCESS) {
2375
f2341e0a 2376 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
cfc4eb4c 2377 socket_run_next(s);
acbb0225 2378 } else {
a16e1123
LP		 2379 s->control_command = NULL;
2380 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2381
034c6ed7
LP		 2382 /* No further commands for this step, so let's figure
2383 * out what to do next */
5cb5a6ff 2384
f2341e0a 2385 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
acbb0225 2386
034c6ed7
LP		 2387 switch (s->state) {
2388
2389 case SOCKET_START_PRE:
cfc4eb4c 2390 if (f == SOCKET_SUCCESS)
3900e5fd 2391 socket_enter_start_chown(s);
034c6ed7 2392 else
cfc4eb4c 2393 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
034c6ed7
LP		 2394 break;
2395
3900e5fd
LP		 2396 case SOCKET_START_CHOWN:
2397 if (f == SOCKET_SUCCESS)
2398 socket_enter_start_post(s);
2399 else
2400 socket_enter_stop_pre(s, f);
2401 break;
2402
034c6ed7 2403 case SOCKET_START_POST:
cfc4eb4c 2404 if (f == SOCKET_SUCCESS)
e9af15c3 2405 socket_enter_listening(s);
034c6ed7 2406 else
cfc4eb4c 2407 socket_enter_stop_pre(s, f);
034c6ed7
LP		 2408 break;
2409
2410 case SOCKET_STOP_PRE:
2411 case SOCKET_STOP_PRE_SIGTERM:
2412 case SOCKET_STOP_PRE_SIGKILL:
cfc4eb4c 2413 socket_enter_stop_post(s, f);
034c6ed7
LP		 2414 break;
2415
2416 case SOCKET_STOP_POST:
80876c20
LP		 2417 case SOCKET_FINAL_SIGTERM:
2418 case SOCKET_FINAL_SIGKILL:
cfc4eb4c 2419 socket_enter_dead(s, f);
034c6ed7
LP		 2420 break;
2421
2422 default:
2423 assert_not_reached("Uh, control process died at wrong time.");
2424 }
2425 }
c4e2ceae
LP		 2426
2427 /* Notify clients about changed exit status */
2428 unit_add_to_dbus_queue(u);
034c6ed7 2429}
5cb5a6ff 2430
718db961
LP		 2431static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2432 Socket *s = SOCKET(userdata);
5cb5a6ff 2433
034c6ed7 2434 assert(s);
718db961 2435 assert(s->timer_event_source == source);
034c6ed7
LP		 2436
2437 switch (s->state) {
2438
2439 case SOCKET_START_PRE:
f2341e0a 2440 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
cfc4eb4c 2441 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
da19d5c1 2442 break;
80876c20 2443
3900e5fd 2444 case SOCKET_START_CHOWN:
034c6ed7 2445 case SOCKET_START_POST:
f2341e0a 2446 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
cfc4eb4c 2447 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2448 break;
2449
2450 case SOCKET_STOP_PRE:
f2341e0a 2451 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
cfc4eb4c 2452 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2453 break;
2454
2455 case SOCKET_STOP_PRE_SIGTERM:
4819ff03 2456 if (s->kill_context.send_sigkill) {
f2341e0a 2457 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
cfc4eb4c 2458 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2459 } else {
f2341e0a 2460 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
cfc4eb4c 2461 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2462 }
034c6ed7
LP		 2463 break;
2464
2465 case SOCKET_STOP_PRE_SIGKILL:
f2341e0a 2466 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
cfc4eb4c 2467 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2468 break;
2469
2470 case SOCKET_STOP_POST:
f2341e0a 2471 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
cfc4eb4c 2472 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2473 break;
2474
80876c20 2475 case SOCKET_FINAL_SIGTERM:
4819ff03 2476 if (s->kill_context.send_sigkill) {
f2341e0a 2477 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
cfc4eb4c 2478 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2479 } else {
f2341e0a 2480 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
cfc4eb4c 2481 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2482 }
034c6ed7
LP		 2483 break;
2484
80876c20 2485 case SOCKET_FINAL_SIGKILL:
f2341e0a 2486 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
cfc4eb4c 2487 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2488 break;
2489
2490 default:
2491 assert_not_reached("Timeout at wrong time.");
2492 }
718db961
LP		 2493
2494 return 0;
5cb5a6ff
LP		 2495}
2496
44d8db9e
LP		 2497int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2498 int *rfds;
2499 unsigned rn_fds, k;
2500 SocketPort *p;
2501
2502 assert(s);
2503 assert(fds);
2504 assert(n_fds);
2505
2506 /* Called from the service code for requesting our fds */
2507
2508 rn_fds = 0;
2509 LIST_FOREACH(port, p, s->ports)
2510 if (p->fd >= 0)
2511 rn_fds++;
2512
de3756ab
LP		 2513 if (rn_fds <= 0) {
2514 *fds = NULL;
2515 *n_fds = 0;
2516 return 0;
2517 }
2518
e5403f09
LP		 2519 rfds = new(int, rn_fds);
2520 if (!rfds)
44d8db9e
LP		 2521 return -ENOMEM;
2522
2523 k = 0;
2524 LIST_FOREACH(port, p, s->ports)
2525 if (p->fd >= 0)
2526 rfds[k++] = p->fd;
2527
2528 assert(k == rn_fds);
2529
2530 *fds = rfds;
2531 *n_fds = rn_fds;
2532
2533 return 0;
2534}
2535
e821075a
LP		 2536static void socket_reset_failed(Unit *u) {
2537 Socket *s = SOCKET(u);
2538
2539 assert(s);
2540
2541 if (s->state == SOCKET_FAILED)
2542 socket_set_state(s, SOCKET_DEAD);
2543
2544 s->result = SOCKET_SUCCESS;
2545}
2546
d137a488 2547static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
ceee3d82
LP		 2548 assert(s);
2549
6cf6bbc2
LP		 2550 /* The service is dead. Dang!
2551 *
2552 * This is strictly for one-instance-for-all-connections
2553 * services. */
ceee3d82
LP		 2554
2555 if (s->state == SOCKET_RUNNING) {
f2341e0a 2556 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
6bda96a0
LP		 2557 if (failed_permanent)
2558 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
c2f34808
MS		 2559 else
2560 socket_enter_listening(s);
ceee3d82
LP		 2561 }
2562}
2563
6cf6bbc2
LP		 2564void socket_connection_unref(Socket *s) {
2565 assert(s);
2566
2567 /* The service is dead. Yay!
2568 *
35b8ca3a 2569 * This is strictly for one-instance-per-connection
6cf6bbc2
LP		 2570 * services. */
2571
2572 assert(s->n_connections > 0);
2573 s->n_connections--;
2574
f2341e0a 2575 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
5632e374
LP		 2576}
2577
d137a488
UTL		 2578static void socket_trigger_notify(Unit *u, Unit *other) {
2579 Socket *s = SOCKET(u);
e821075a 2580 Service *se;
d137a488
UTL		 2581
2582 assert(u);
2583 assert(other);
2584
2585 /* Don't propagate state changes from the service if we are
2586 already down or accepting connections */
920b52e4 2587 if ((s->state != SOCKET_RUNNING &&
d137a488
UTL		 2588 s->state != SOCKET_LISTENING) ||
2589 s->accept)
2590 return;
2591
2592 if (other->load_state != UNIT_LOADED ||
2593 other->type != UNIT_SERVICE)
2594 return;
2595
e821075a
LP		 2596 se = SERVICE(other);
2597
d137a488
UTL		 2598 if (se->state == SERVICE_FAILED)
2599 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2600
2601 if (se->state == SERVICE_DEAD ||
d137a488
UTL		 2602 se->state == SERVICE_FINAL_SIGTERM ||
2603 se->state == SERVICE_FINAL_SIGKILL ||
2604 se->state == SERVICE_AUTO_RESTART)
2605 socket_notify_service_dead(s, false);
2606
2607 if (se->state == SERVICE_RUNNING)
2608 socket_set_state(s, SOCKET_RUNNING);
2609}
2610
718db961 2611static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
814cc562 2612 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
8a0867d6
LP		 2613}
2614
68db7a3b
ZJS		 2615static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2616 Socket *s = SOCKET(u);
2617 int r;
2618
2619 if (!s->timer_event_source)
2620 return 0;
2621
2622 r = sd_event_source_get_time(s->timer_event_source, timeout);
2623 if (r < 0)
2624 return r;
2625
2626 return 1;
2627}
2628
a16e1123
LP		 2629static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2630 [SOCKET_DEAD] = "dead",
2631 [SOCKET_START_PRE] = "start-pre",
3900e5fd 2632 [SOCKET_START_CHOWN] = "start-chown",
a16e1123
LP		 2633 [SOCKET_START_POST] = "start-post",
2634 [SOCKET_LISTENING] = "listening",
2635 [SOCKET_RUNNING] = "running",
2636 [SOCKET_STOP_PRE] = "stop-pre",
2637 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2638 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2639 [SOCKET_STOP_POST] = "stop-post",
2640 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2641 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
fdf20a31 2642 [SOCKET_FAILED] = "failed"
a16e1123
LP		 2643};
2644
2645DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2646
2647static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2648 [SOCKET_EXEC_START_PRE] = "StartPre",
3900e5fd 2649 [SOCKET_EXEC_START_CHOWN] = "StartChown",
a16e1123
LP		 2650 [SOCKET_EXEC_START_POST] = "StartPost",
2651 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2652 [SOCKET_EXEC_STOP_POST] = "StopPost"
2653};
2654
2655DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2656
cfc4eb4c
LP		 2657static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2658 [SOCKET_SUCCESS] = "success",
2659 [SOCKET_FAILURE_RESOURCES] = "resources",
2660 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2661 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2662 [SOCKET_FAILURE_SIGNAL] = "signal",
c2f34808 2663 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
6bda96a0 2664 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
cfc4eb4c
LP		 2665};
2666
2667DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2668
87f0e418 2669const UnitVTable socket_vtable = {
7d17cfbc 2670 .object_size = sizeof(Socket),
718db961
LP		 2671 .exec_context_offset = offsetof(Socket, exec_context),
2672 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2673 .kill_context_offset = offsetof(Socket, kill_context),
613b411c 2674 .exec_runtime_offset = offsetof(Socket, exec_runtime),
3ef63c31 2675
f975e971
LP		 2676 .sections =
2677 "Unit\0"
2678 "Socket\0"
2679 "Install\0",
4ad49000 2680 .private_section = "Socket",
71645aca 2681
034c6ed7
LP		 2682 .init = socket_init,
2683 .done = socket_done,
a16e1123
LP		 2684 .load = socket_load,
2685
2686 .coldplug = socket_coldplug,
034c6ed7 2687
5cb5a6ff
LP		 2688 .dump = socket_dump,
2689
542563ba
LP		 2690 .start = socket_start,
2691 .stop = socket_stop,
5cb5a6ff 2692
718db961
LP		 2693 .kill = socket_kill,
2694
68db7a3b
ZJS		 2695 .get_timeout = socket_get_timeout,
2696
a16e1123
LP		 2697 .serialize = socket_serialize,
2698 .deserialize_item = socket_deserialize_item,
01e10de3 2699 .distribute_fds = socket_distribute_fds,
a16e1123 2700
5cb5a6ff 2701 .active_state = socket_active_state,
10a94420 2702 .sub_state_to_string = socket_sub_state_to_string,
5cb5a6ff 2703
6cf6bbc2
LP		 2704 .check_gc = socket_check_gc,
2705
034c6ed7 2706 .sigchld_event = socket_sigchld_event,
4139c1b2 2707
d137a488
UTL		 2708 .trigger_notify = socket_trigger_notify,
2709
fdf20a31 2710 .reset_failed = socket_reset_failed,
5632e374 2711
c4e2ceae 2712 .bus_interface = "org.freedesktop.systemd1.Socket",
718db961 2713 .bus_vtable = bus_socket_vtable,
74c964d3
LP		 2714 .bus_set_property = bus_socket_set_property,
2715 .bus_commit_properties = bus_socket_commit_properties,
c6918296
MS		 2716
2717 .status_message_formats = {
2718 /*.starting_stopping = {
2719 [0] = "Starting socket %s...",
2720 [1] = "Stopping socket %s...",
2721 },*/
2722 .finished_start_job = {
2723 [JOB_DONE] = "Listening on %s.",
2724 [JOB_FAILED] = "Failed to listen on %s.",
c6918296
MS		 2725 [JOB_TIMEOUT] = "Timed out starting %s.",
2726 },
2727 .finished_stop_job = {
2728 [JOB_DONE] = "Closed %s.",
2729 [JOB_FAILED] = "Failed stopping %s.",
2730 [JOB_TIMEOUT] = "Timed out stopping %s.",
2731 },
2732 },
5cb5a6ff 2733};
Unnamed repository; edit this file 'description' to name the repository.