]> git.ipfire.org Git - thirdparty/systemd.git/blame_incremental - src/core/socket.c
projects / thirdparty / systemd.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
mac: rename apis with mac_{selinux/smack}_ prefix
[thirdparty/systemd.git] / src / core / socket.c
... / ...
CommitLineData
1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
22#include <sys/types.h>
23#include <sys/stat.h>
24#include <unistd.h>
25#include <errno.h>
26#include <fcntl.h>
27#include <sys/epoll.h>
28#include <signal.h>
29#include <arpa/inet.h>
30#include <netinet/tcp.h>
31#include <mqueue.h>
32#include <sys/xattr.h>
33
34#include "sd-event.h"
35#include "log.h"
36#include "load-dropin.h"
37#include "load-fragment.h"
38#include "strv.h"
39#include "mkdir.h"
40#include "path-util.h"
41#include "unit-name.h"
42#include "unit-printf.h"
43#include "missing.h"
44#include "special.h"
45#include "label.h"
46#include "exit-status.h"
47#include "def.h"
48#include "smack-util.h"
49#include "bus-util.h"
50#include "bus-error.h"
51#include "dbus-socket.h"
52#include "unit.h"
53#include "socket.h"
54
55static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
56 [SOCKET_DEAD] = UNIT_INACTIVE,
57 [SOCKET_START_PRE] = UNIT_ACTIVATING,
58 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
59 [SOCKET_START_POST] = UNIT_ACTIVATING,
60 [SOCKET_LISTENING] = UNIT_ACTIVE,
61 [SOCKET_RUNNING] = UNIT_ACTIVE,
62 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
66 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
67 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
68 [SOCKET_FAILED] = UNIT_FAILED
69};
70
71static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
72static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
73
74static void socket_init(Unit *u) {
75 Socket *s = SOCKET(u);
76
77 assert(u);
78 assert(u->load_state == UNIT_STUB);
79
80 s->backlog = SOMAXCONN;
81 s->timeout_usec = u->manager->default_timeout_start_usec;
82 s->directory_mode = 0755;
83 s->socket_mode = 0666;
84
85 s->max_connections = 64;
86
87 s->priority = -1;
88 s->ip_tos = -1;
89 s->ip_ttl = -1;
90 s->mark = -1;
91
92 s->exec_context.std_output = u->manager->default_std_output;
93 s->exec_context.std_error = u->manager->default_std_error;
94
95 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
96}
97
98static void socket_unwatch_control_pid(Socket *s) {
99 assert(s);
100
101 if (s->control_pid <= 0)
102 return;
103
104 unit_unwatch_pid(UNIT(s), s->control_pid);
105 s->control_pid = 0;
106}
107
108void socket_free_ports(Socket *s) {
109 SocketPort *p;
110
111 assert(s);
112
113 while ((p = s->ports)) {
114 LIST_REMOVE(port, s->ports, p);
115
116 sd_event_source_unref(p->event_source);
117
118 safe_close(p->fd);
119 free(p->path);
120 free(p);
121 }
122}
123
124static void socket_done(Unit *u) {
125 Socket *s = SOCKET(u);
126
127 assert(s);
128
129 socket_free_ports(s);
130
131 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
132 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
133 s->control_command = NULL;
134
135 socket_unwatch_control_pid(s);
136
137 unit_ref_unset(&s->service);
138
139 free(s->tcp_congestion);
140 s->tcp_congestion = NULL;
141
142 free(s->bind_to_device);
143 s->bind_to_device = NULL;
144
145 free(s->smack);
146 free(s->smack_ip_in);
147 free(s->smack_ip_out);
148
149 strv_free(s->symlinks);
150
151 free(s->user);
152 free(s->group);
153
154 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
155}
156
157static int socket_arm_timer(Socket *s) {
158 int r;
159
160 assert(s);
161
162 if (s->timeout_usec <= 0) {
163 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
164 return 0;
165 }
166
167 if (s->timer_event_source) {
168 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
169 if (r < 0)
170 return r;
171
172 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
173 }
174
175 return sd_event_add_time(
176 UNIT(s)->manager->event,
177 &s->timer_event_source,
178 CLOCK_MONOTONIC,
179 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
180 socket_dispatch_timer, s);
181}
182
183int socket_instantiate_service(Socket *s) {
184 _cleanup_free_ char *prefix = NULL, *name = NULL;
185 int r;
186 Unit *u;
187
188 assert(s);
189
190 /* This fills in s->service if it isn't filled in yet. For
191 * Accept=yes sockets we create the next connection service
192 * here. For Accept=no this is mostly a NOP since the service
193 * is figured out at load time anyway. */
194
195 if (UNIT_DEREF(s->service) || !s->accept)
196 return 0;
197
198 prefix = unit_name_to_prefix(UNIT(s)->id);
199 if (!prefix)
200 return -ENOMEM;
201
202 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
203 return -ENOMEM;
204
205 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
206 if (r < 0)
207 return r;
208
209 u->no_gc = true;
210 unit_ref_set(&s->service, u);
211
212 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
213}
214
215static bool have_non_accept_socket(Socket *s) {
216 SocketPort *p;
217
218 assert(s);
219
220 if (!s->accept)
221 return true;
222
223 LIST_FOREACH(port, p, s->ports) {
224
225 if (p->type != SOCKET_SOCKET)
226 return true;
227
228 if (!socket_address_can_accept(&p->address))
229 return true;
230 }
231
232 return false;
233}
234
235static int socket_add_mount_links(Socket *s) {
236 SocketPort *p;
237 int r;
238
239 assert(s);
240
241 LIST_FOREACH(port, p, s->ports) {
242 const char *path = NULL;
243
244 if (p->type == SOCKET_SOCKET)
245 path = socket_address_get_path(&p->address);
246 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
247 path = p->path;
248
249 if (!path)
250 continue;
251
252 r = unit_require_mounts_for(UNIT(s), path);
253 if (r < 0)
254 return r;
255 }
256
257 return 0;
258}
259
260static int socket_add_device_link(Socket *s) {
261 char *t;
262
263 assert(s);
264
265 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
266 return 0;
267
268 t = strappenda("/sys/subsystem/net/devices/", s->bind_to_device);
269 return unit_add_node_link(UNIT(s), t, false);
270}
271
272static int socket_add_default_dependencies(Socket *s) {
273 int r;
274 assert(s);
275
276 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
277 if (r < 0)
278 return r;
279
280 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
281 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
282 if (r < 0)
283 return r;
284 }
285
286 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
287}
288
289_pure_ static bool socket_has_exec(Socket *s) {
290 unsigned i;
291 assert(s);
292
293 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
294 if (s->exec_command[i])
295 return true;
296
297 return false;
298}
299
300static int socket_add_extras(Socket *s) {
301 Unit *u = UNIT(s);
302 int r;
303
304 assert(s);
305
306 if (have_non_accept_socket(s)) {
307
308 if (!UNIT_DEREF(s->service)) {
309 Unit *x;
310
311 r = unit_load_related_unit(u, ".service", &x);
312 if (r < 0)
313 return r;
314
315 unit_ref_set(&s->service, x);
316 }
317
318 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
319 if (r < 0)
320 return r;
321 }
322
323 r = socket_add_mount_links(s);
324 if (r < 0)
325 return r;
326
327 r = socket_add_device_link(s);
328 if (r < 0)
329 return r;
330
331 r = unit_patch_contexts(u);
332 if (r < 0)
333 return r;
334
335 if (socket_has_exec(s)) {
336 r = unit_add_exec_dependencies(u, &s->exec_context);
337 if (r < 0)
338 return r;
339
340 r = unit_add_default_slice(u, &s->cgroup_context);
341 if (r < 0)
342 return r;
343 }
344
345 if (u->default_dependencies) {
346 r = socket_add_default_dependencies(s);
347 if (r < 0)
348 return r;
349 }
350
351 return 0;
352}
353
354static const char *socket_find_symlink_target(Socket *s) {
355 const char *found = NULL;
356 SocketPort *p;
357
358 LIST_FOREACH(port, p, s->ports) {
359 const char *f = NULL;
360
361 switch (p->type) {
362
363 case SOCKET_FIFO:
364 f = p->path;
365 break;
366
367 case SOCKET_SOCKET:
368 if (p->address.sockaddr.un.sun_path[0] != 0)
369 f = p->address.sockaddr.un.sun_path;
370 break;
371
372 default:
373 break;
374 }
375
376 if (f) {
377 if (found)
378 return NULL;
379
380 found = f;
381 }
382 }
383
384 return found;
385}
386
387static int socket_verify(Socket *s) {
388 assert(s);
389
390 if (UNIT(s)->load_state != UNIT_LOADED)
391 return 0;
392
393 if (!s->ports) {
394 log_error_unit(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
395 return -EINVAL;
396 }
397
398 if (s->accept && have_non_accept_socket(s)) {
399 log_error_unit(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
400 UNIT(s)->id);
401 return -EINVAL;
402 }
403
404 if (s->accept && s->max_connections <= 0) {
405 log_error_unit(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
406 return -EINVAL;
407 }
408
409 if (s->accept && UNIT_DEREF(s->service)) {
410 log_error_unit(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
411 return -EINVAL;
412 }
413
414 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
415 log_error_unit(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
416 return -EINVAL;
417 }
418
419 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
420 log_error_unit(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
421 return -EINVAL;
422 }
423
424 return 0;
425}
426
427static int socket_load(Unit *u) {
428 Socket *s = SOCKET(u);
429 int r;
430
431 assert(u);
432 assert(u->load_state == UNIT_STUB);
433
434 r = unit_load_fragment_and_dropin(u);
435 if (r < 0)
436 return r;
437
438 if (u->load_state == UNIT_LOADED) {
439 /* This is a new unit? Then let's add in some extras */
440 r = socket_add_extras(s);
441 if (r < 0)
442 return r;
443 }
444
445 return socket_verify(s);
446}
447
448_const_ static const char* listen_lookup(int family, int type) {
449
450 if (family == AF_NETLINK)
451 return "ListenNetlink";
452
453 if (type == SOCK_STREAM)
454 return "ListenStream";
455 else if (type == SOCK_DGRAM)
456 return "ListenDatagram";
457 else if (type == SOCK_SEQPACKET)
458 return "ListenSequentialPacket";
459
460 assert_not_reached("Unknown socket type");
461 return NULL;
462}
463
464static void socket_dump(Unit *u, FILE *f, const char *prefix) {
465 char time_string[FORMAT_TIMESPAN_MAX];
466 SocketExecCommand c;
467 Socket *s = SOCKET(u);
468 SocketPort *p;
469 const char *prefix2;
470
471 assert(s);
472 assert(f);
473
474 prefix = strempty(prefix);
475 prefix2 = strappenda(prefix, "\t");
476
477 fprintf(f,
478 "%sSocket State: %s\n"
479 "%sResult: %s\n"
480 "%sBindIPv6Only: %s\n"
481 "%sBacklog: %u\n"
482 "%sSocketMode: %04o\n"
483 "%sDirectoryMode: %04o\n"
484 "%sKeepAlive: %s\n"
485 "%sNoDelay: %s\n"
486 "%sFreeBind: %s\n"
487 "%sTransparent: %s\n"
488 "%sBroadcast: %s\n"
489 "%sPassCredentials: %s\n"
490 "%sPassSecurity: %s\n"
491 "%sTCPCongestion: %s\n"
492 "%sRemoveOnStop: %s\n"
493 "%sSELinuxContextFromNet: %s\n",
494 prefix, socket_state_to_string(s->state),
495 prefix, socket_result_to_string(s->result),
496 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
497 prefix, s->backlog,
498 prefix, s->socket_mode,
499 prefix, s->directory_mode,
500 prefix, yes_no(s->keep_alive),
501 prefix, yes_no(s->no_delay),
502 prefix, yes_no(s->free_bind),
503 prefix, yes_no(s->transparent),
504 prefix, yes_no(s->broadcast),
505 prefix, yes_no(s->pass_cred),
506 prefix, yes_no(s->pass_sec),
507 prefix, strna(s->tcp_congestion),
508 prefix, yes_no(s->remove_on_stop),
509 prefix, yes_no(s->selinux_context_from_net));
510
511 if (s->control_pid > 0)
512 fprintf(f,
513 "%sControl PID: "PID_FMT"\n",
514 prefix, s->control_pid);
515
516 if (s->bind_to_device)
517 fprintf(f,
518 "%sBindToDevice: %s\n",
519 prefix, s->bind_to_device);
520
521 if (s->accept)
522 fprintf(f,
523 "%sAccepted: %u\n"
524 "%sNConnections: %u\n"
525 "%sMaxConnections: %u\n",
526 prefix, s->n_accepted,
527 prefix, s->n_connections,
528 prefix, s->max_connections);
529
530 if (s->priority >= 0)
531 fprintf(f,
532 "%sPriority: %i\n",
533 prefix, s->priority);
534
535 if (s->receive_buffer > 0)
536 fprintf(f,
537 "%sReceiveBuffer: %zu\n",
538 prefix, s->receive_buffer);
539
540 if (s->send_buffer > 0)
541 fprintf(f,
542 "%sSendBuffer: %zu\n",
543 prefix, s->send_buffer);
544
545 if (s->ip_tos >= 0)
546 fprintf(f,
547 "%sIPTOS: %i\n",
548 prefix, s->ip_tos);
549
550 if (s->ip_ttl >= 0)
551 fprintf(f,
552 "%sIPTTL: %i\n",
553 prefix, s->ip_ttl);
554
555 if (s->pipe_size > 0)
556 fprintf(f,
557 "%sPipeSize: %zu\n",
558 prefix, s->pipe_size);
559
560 if (s->mark >= 0)
561 fprintf(f,
562 "%sMark: %i\n",
563 prefix, s->mark);
564
565 if (s->mq_maxmsg > 0)
566 fprintf(f,
567 "%sMessageQueueMaxMessages: %li\n",
568 prefix, s->mq_maxmsg);
569
570 if (s->mq_msgsize > 0)
571 fprintf(f,
572 "%sMessageQueueMessageSize: %li\n",
573 prefix, s->mq_msgsize);
574
575 if (s->reuse_port)
576 fprintf(f,
577 "%sReusePort: %s\n",
578 prefix, yes_no(s->reuse_port));
579
580 if (s->smack)
581 fprintf(f,
582 "%sSmackLabel: %s\n",
583 prefix, s->smack);
584
585 if (s->smack_ip_in)
586 fprintf(f,
587 "%sSmackLabelIPIn: %s\n",
588 prefix, s->smack_ip_in);
589
590 if (s->smack_ip_out)
591 fprintf(f,
592 "%sSmackLabelIPOut: %s\n",
593 prefix, s->smack_ip_out);
594
595 if (!isempty(s->user) || !isempty(s->group))
596 fprintf(f,
597 "%sOwnerUser: %s\n"
598 "%sOwnerGroup: %s\n",
599 prefix, strna(s->user),
600 prefix, strna(s->group));
601
602 if (s->keep_alive_time > 0)
603 fprintf(f,
604 "%sKeepAliveTimeSec: %s\n",
605 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
606
607 if (s->keep_alive_interval)
608 fprintf(f,
609 "%sKeepAliveIntervalSec: %s\n",
610 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
611
612 if (s->keep_alive_cnt)
613 fprintf(f,
614 "%sKeepAliveProbes: %u\n",
615 prefix, s->keep_alive_cnt);
616
617 if (s->defer_accept)
618 fprintf(f,
619 "%sDeferAcceptSec: %s\n",
620 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
621
622 LIST_FOREACH(port, p, s->ports) {
623
624 if (p->type == SOCKET_SOCKET) {
625 const char *t;
626 int r;
627 char *k = NULL;
628
629 if ((r = socket_address_print(&p->address, &k)) < 0)
630 t = strerror(-r);
631 else
632 t = k;
633
634 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
635 free(k);
636 } else if (p->type == SOCKET_SPECIAL)
637 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
638 else if (p->type == SOCKET_MQUEUE)
639 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
640 else
641 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
642 }
643
644 exec_context_dump(&s->exec_context, f, prefix);
645 kill_context_dump(&s->kill_context, f, prefix);
646
647 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
648 if (!s->exec_command[c])
649 continue;
650
651 fprintf(f, "%s-> %s:\n",
652 prefix, socket_exec_command_to_string(c));
653
654 exec_command_dump_list(s->exec_command[c], f, prefix2);
655 }
656}
657
658static int instance_from_socket(int fd, unsigned nr, char **instance) {
659 socklen_t l;
660 char *r;
661 union sockaddr_union local, remote;
662
663 assert(fd >= 0);
664 assert(instance);
665
666 l = sizeof(local);
667 if (getsockname(fd, &local.sa, &l) < 0)
668 return -errno;
669
670 l = sizeof(remote);
671 if (getpeername(fd, &remote.sa, &l) < 0)
672 return -errno;
673
674 switch (local.sa.sa_family) {
675
676 case AF_INET: {
677 uint32_t
678 a = ntohl(local.in.sin_addr.s_addr),
679 b = ntohl(remote.in.sin_addr.s_addr);
680
681 if (asprintf(&r,
682 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
683 nr,
684 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
685 ntohs(local.in.sin_port),
686 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
687 ntohs(remote.in.sin_port)) < 0)
688 return -ENOMEM;
689
690 break;
691 }
692
693 case AF_INET6: {
694 static const unsigned char ipv4_prefix[] = {
695 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
696 };
697
698 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
699 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
700 const uint8_t
701 *a = local.in6.sin6_addr.s6_addr+12,
702 *b = remote.in6.sin6_addr.s6_addr+12;
703
704 if (asprintf(&r,
705 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
706 nr,
707 a[0], a[1], a[2], a[3],
708 ntohs(local.in6.sin6_port),
709 b[0], b[1], b[2], b[3],
710 ntohs(remote.in6.sin6_port)) < 0)
711 return -ENOMEM;
712 } else {
713 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
714
715 if (asprintf(&r,
716 "%u-%s:%u-%s:%u",
717 nr,
718 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
719 ntohs(local.in6.sin6_port),
720 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
721 ntohs(remote.in6.sin6_port)) < 0)
722 return -ENOMEM;
723 }
724
725 break;
726 }
727
728 case AF_UNIX: {
729 struct ucred ucred;
730 int k;
731
732 k = getpeercred(fd, &ucred);
733 if (k >= 0) {
734 if (asprintf(&r,
735 "%u-"PID_FMT"-"UID_FMT,
736 nr, ucred.pid, ucred.uid) < 0)
737 return -ENOMEM;
738 } else if (k == -ENODATA) {
739 /* This handles the case where somebody is
740 * connecting from another pid/uid namespace
741 * (e.g. from outside of our container). */
742 if (asprintf(&r,
743 "%u-unknown",
744 nr) < 0)
745 return -ENOMEM;
746 } else
747 return k;
748
749 break;
750 }
751
752 default:
753 assert_not_reached("Unhandled socket type.");
754 }
755
756 *instance = r;
757 return 0;
758}
759
760static void socket_close_fds(Socket *s) {
761 SocketPort *p;
762 char **i;
763
764 assert(s);
765
766 LIST_FOREACH(port, p, s->ports) {
767
768 p->event_source = sd_event_source_unref(p->event_source);
769
770 if (p->fd < 0)
771 continue;
772
773 p->fd = safe_close(p->fd);
774
775 /* One little note: we should normally not delete any
776 * sockets in the file system here! After all some
777 * other process we spawned might still have a
778 * reference of this fd and wants to continue to use
779 * it. Therefore we delete sockets in the file system
780 * before we create a new one, not after we stopped
781 * using one! */
782
783 if (s->remove_on_stop) {
784 switch (p->type) {
785
786 case SOCKET_FIFO:
787 unlink(p->path);
788 break;
789
790 case SOCKET_MQUEUE:
791 mq_unlink(p->path);
792 break;
793
794 case SOCKET_SOCKET:
795 socket_address_unlink(&p->address);
796 break;
797
798 default:
799 break;
800 }
801 }
802 }
803
804 if (s->remove_on_stop)
805 STRV_FOREACH(i, s->symlinks)
806 unlink(*i);
807}
808
809static void socket_apply_socket_options(Socket *s, int fd) {
810 assert(s);
811 assert(fd >= 0);
812
813 if (s->keep_alive) {
814 int b = s->keep_alive;
815 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
816 log_warning_unit(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
817 }
818
819 if (s->keep_alive_time) {
820 int value = s->keep_alive_time / USEC_PER_SEC;
821 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
822 log_warning_unit(UNIT(s)->id, "TCP_KEEPIDLE failed: %m");
823 }
824
825 if (s->keep_alive_interval) {
826 int value = s->keep_alive_interval / USEC_PER_SEC;
827 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
828 log_warning_unit(UNIT(s)->id, "TCP_KEEPINTVL failed: %m");
829 }
830
831 if (s->keep_alive_cnt) {
832 int value = s->keep_alive_cnt;
833 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
834 log_warning_unit(UNIT(s)->id, "TCP_KEEPCNT failed: %m");
835 }
836
837 if (s->defer_accept) {
838 int value = s->defer_accept / USEC_PER_SEC;
839 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
840 log_warning_unit(UNIT(s)->id, "TCP_DEFER_ACCEPT failed: %m");
841 }
842
843 if (s->no_delay) {
844 int b = s->no_delay;
845 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
846 log_warning_unit(UNIT(s)->id, "TCP_NODELAY failed: %m");
847 }
848
849 if (s->broadcast) {
850 int one = 1;
851 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
852 log_warning_unit(UNIT(s)->id, "SO_BROADCAST failed: %m");
853 }
854
855 if (s->pass_cred) {
856 int one = 1;
857 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
858 log_warning_unit(UNIT(s)->id, "SO_PASSCRED failed: %m");
859 }
860
861 if (s->pass_sec) {
862 int one = 1;
863 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
864 log_warning_unit(UNIT(s)->id, "SO_PASSSEC failed: %m");
865 }
866
867 if (s->priority >= 0)
868 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
869 log_warning_unit(UNIT(s)->id, "SO_PRIORITY failed: %m");
870
871 if (s->receive_buffer > 0) {
872 int value = (int) s->receive_buffer;
873
874 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
875
876 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
877 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
878 log_warning_unit(UNIT(s)->id, "SO_RCVBUF failed: %m");
879 }
880
881 if (s->send_buffer > 0) {
882 int value = (int) s->send_buffer;
883 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
884 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
885 log_warning_unit(UNIT(s)->id, "SO_SNDBUF failed: %m");
886 }
887
888 if (s->mark >= 0)
889 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
890 log_warning_unit(UNIT(s)->id, "SO_MARK failed: %m");
891
892 if (s->ip_tos >= 0)
893 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
894 log_warning_unit(UNIT(s)->id, "IP_TOS failed: %m");
895
896 if (s->ip_ttl >= 0) {
897 int r, x;
898
899 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
900
901 if (socket_ipv6_is_supported())
902 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
903 else {
904 x = -1;
905 errno = EAFNOSUPPORT;
906 }
907
908 if (r < 0 && x < 0)
909 log_warning_unit(UNIT(s)->id,
910 "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
911 }
912
913 if (s->tcp_congestion)
914 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
915 log_warning_unit(UNIT(s)->id, "TCP_CONGESTION failed: %m");
916
917 if (s->reuse_port) {
918 int b = s->reuse_port;
919 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
920 log_warning_unit(UNIT(s)->id, "SO_REUSEPORT failed: %m");
921 }
922
923 if (s->smack_ip_in)
924 if (mac_smack_set_ip_in_fd(fd, s->smack_ip_in) < 0)
925 log_error_unit(UNIT(s)->id, "mac_smack_set_ip_in_fd: %m");
926
927 if (s->smack_ip_out)
928 if (mac_smack_set_ip_out_fd(fd, s->smack_ip_out) < 0)
929 log_error_unit(UNIT(s)->id, "mac_smack_set_ip_out_fd: %m");
930}
931
932static void socket_apply_fifo_options(Socket *s, int fd) {
933 assert(s);
934 assert(fd >= 0);
935
936 if (s->pipe_size > 0)
937 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
938 log_warning_unit(UNIT(s)->id,
939 "F_SETPIPE_SZ: %m");
940
941 if (s->smack)
942 if (mac_smack_set_fd(fd, s->smack) < 0)
943 log_error_unit(UNIT(s)->id, "mac_smack_set_fd: %m");
944}
945
946static int fifo_address_create(
947 const char *path,
948 mode_t directory_mode,
949 mode_t socket_mode,
950 int *_fd) {
951
952 int fd = -1, r = 0;
953 struct stat st;
954 mode_t old_mask;
955
956 assert(path);
957 assert(_fd);
958
959 mkdir_parents_label(path, directory_mode);
960
961 r = mac_selinux_context_set(path, S_IFIFO);
962 if (r < 0)
963 goto fail;
964
965 /* Enforce the right access mode for the fifo */
966 old_mask = umask(~ socket_mode);
967
968 /* Include the original umask in our mask */
969 umask(~socket_mode | old_mask);
970
971 r = mkfifo(path, socket_mode);
972 umask(old_mask);
973
974 if (r < 0 && errno != EEXIST) {
975 r = -errno;
976 goto fail;
977 }
978
979 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
980 r = -errno;
981 goto fail;
982 }
983
984 mac_selinux_context_clear();
985
986 if (fstat(fd, &st) < 0) {
987 r = -errno;
988 goto fail;
989 }
990
991 if (!S_ISFIFO(st.st_mode) ||
992 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
993 st.st_uid != getuid() ||
994 st.st_gid != getgid()) {
995
996 r = -EEXIST;
997 goto fail;
998 }
999
1000 *_fd = fd;
1001 return 0;
1002
1003fail:
1004 mac_selinux_context_clear();
1005 safe_close(fd);
1006
1007 return r;
1008}
1009
1010static int special_address_create(
1011 const char *path,
1012 int *_fd) {
1013
1014 int fd = -1, r = 0;
1015 struct stat st;
1016
1017 assert(path);
1018 assert(_fd);
1019
1020 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1021 if (fd < 0) {
1022 r = -errno;
1023 goto fail;
1024 }
1025
1026 if (fstat(fd, &st) < 0) {
1027 r = -errno;
1028 goto fail;
1029 }
1030
1031 /* Check whether this is a /proc, /sys or /dev file or char device */
1032 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1033 r = -EEXIST;
1034 goto fail;
1035 }
1036
1037 *_fd = fd;
1038 return 0;
1039
1040fail:
1041 safe_close(fd);
1042
1043 return r;
1044}
1045
1046static int mq_address_create(
1047 const char *path,
1048 mode_t mq_mode,
1049 long maxmsg,
1050 long msgsize,
1051 int *_fd) {
1052
1053 int fd = -1, r = 0;
1054 struct stat st;
1055 mode_t old_mask;
1056 struct mq_attr _attr, *attr = NULL;
1057
1058 assert(path);
1059 assert(_fd);
1060
1061 if (maxmsg > 0 && msgsize > 0) {
1062 zero(_attr);
1063 _attr.mq_flags = O_NONBLOCK;
1064 _attr.mq_maxmsg = maxmsg;
1065 _attr.mq_msgsize = msgsize;
1066 attr = &_attr;
1067 }
1068
1069 /* Enforce the right access mode for the mq */
1070 old_mask = umask(~ mq_mode);
1071
1072 /* Include the original umask in our mask */
1073 umask(~mq_mode | old_mask);
1074 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1075 umask(old_mask);
1076
1077 if (fd < 0) {
1078 r = -errno;
1079 goto fail;
1080 }
1081
1082 if (fstat(fd, &st) < 0) {
1083 r = -errno;
1084 goto fail;
1085 }
1086
1087 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1088 st.st_uid != getuid() ||
1089 st.st_gid != getgid()) {
1090
1091 r = -EEXIST;
1092 goto fail;
1093 }
1094
1095 *_fd = fd;
1096 return 0;
1097
1098fail:
1099 safe_close(fd);
1100 return r;
1101}
1102
1103static int socket_symlink(Socket *s) {
1104 const char *p;
1105 char **i;
1106
1107 assert(s);
1108
1109 p = socket_find_symlink_target(s);
1110 if (!p)
1111 return 0;
1112
1113 STRV_FOREACH(i, s->symlinks)
1114 symlink(p, *i);
1115
1116 return 0;
1117}
1118
1119static int socket_open_fds(Socket *s) {
1120 SocketPort *p;
1121 int r;
1122 char *label = NULL;
1123 bool know_label = false;
1124
1125 assert(s);
1126
1127 LIST_FOREACH(port, p, s->ports) {
1128
1129 if (p->fd >= 0)
1130 continue;
1131
1132 if (p->type == SOCKET_SOCKET) {
1133 if (!know_label && s->selinux_context_from_net) {
1134 r = mac_selinux_get_our_label(&label);
1135 if (r < 0)
1136 return r;
1137 know_label = true;
1138 } else if (!know_label) {
1139
1140 r = socket_instantiate_service(s);
1141 if (r < 0)
1142 return r;
1143
1144 if (UNIT_ISSET(s->service) &&
1145 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1146 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1147 if (r < 0 && r != -EPERM)
1148 return r;
1149 }
1150
1151 know_label = true;
1152 }
1153
1154 r = socket_address_listen(
1155 &p->address,
1156 SOCK_CLOEXEC|SOCK_NONBLOCK,
1157 s->backlog,
1158 s->bind_ipv6_only,
1159 s->bind_to_device,
1160 s->free_bind,
1161 s->transparent,
1162 s->directory_mode,
1163 s->socket_mode,
1164 label);
1165 if (r < 0)
1166 goto rollback;
1167
1168 p->fd = r;
1169 socket_apply_socket_options(s, p->fd);
1170 socket_symlink(s);
1171
1172 } else if (p->type == SOCKET_SPECIAL) {
1173
1174 r = special_address_create(
1175 p->path,
1176 &p->fd);
1177 if (r < 0)
1178 goto rollback;
1179
1180 } else if (p->type == SOCKET_FIFO) {
1181
1182 r = fifo_address_create(
1183 p->path,
1184 s->directory_mode,
1185 s->socket_mode,
1186 &p->fd);
1187 if (r < 0)
1188 goto rollback;
1189
1190 socket_apply_fifo_options(s, p->fd);
1191 socket_symlink(s);
1192
1193 } else if (p->type == SOCKET_MQUEUE) {
1194
1195 r = mq_address_create(
1196 p->path,
1197 s->socket_mode,
1198 s->mq_maxmsg,
1199 s->mq_msgsize,
1200 &p->fd);
1201 if (r < 0)
1202 goto rollback;
1203 } else
1204 assert_not_reached("Unknown port type");
1205 }
1206
1207 mac_selinux_free(label);
1208 return 0;
1209
1210rollback:
1211 socket_close_fds(s);
1212 mac_selinux_free(label);
1213 return r;
1214}
1215
1216static void socket_unwatch_fds(Socket *s) {
1217 SocketPort *p;
1218 int r;
1219
1220 assert(s);
1221
1222 LIST_FOREACH(port, p, s->ports) {
1223 if (p->fd < 0)
1224 continue;
1225
1226 if (!p->event_source)
1227 continue;
1228
1229 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1230 if (r < 0)
1231 log_debug_unit(UNIT(s)->id, "Failed to disable event source.");
1232 }
1233}
1234
1235static int socket_watch_fds(Socket *s) {
1236 SocketPort *p;
1237 int r;
1238
1239 assert(s);
1240
1241 LIST_FOREACH(port, p, s->ports) {
1242 if (p->fd < 0)
1243 continue;
1244
1245 if (p->event_source)
1246 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1247 else
1248 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1249
1250 if (r < 0) {
1251 log_warning_unit(UNIT(s)->id, "Failed to watch listening fds: %s", strerror(-r));
1252 goto fail;
1253 }
1254 }
1255
1256 return 0;
1257
1258fail:
1259 socket_unwatch_fds(s);
1260 return r;
1261}
1262
1263static void socket_set_state(Socket *s, SocketState state) {
1264 SocketState old_state;
1265 assert(s);
1266
1267 old_state = s->state;
1268 s->state = state;
1269
1270 if (!IN_SET(state,
1271 SOCKET_START_PRE,
1272 SOCKET_START_CHOWN,
1273 SOCKET_START_POST,
1274 SOCKET_STOP_PRE,
1275 SOCKET_STOP_PRE_SIGTERM,
1276 SOCKET_STOP_PRE_SIGKILL,
1277 SOCKET_STOP_POST,
1278 SOCKET_FINAL_SIGTERM,
1279 SOCKET_FINAL_SIGKILL)) {
1280
1281 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1282 socket_unwatch_control_pid(s);
1283 s->control_command = NULL;
1284 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1285 }
1286
1287 if (state != SOCKET_LISTENING)
1288 socket_unwatch_fds(s);
1289
1290 if (!IN_SET(state,
1291 SOCKET_START_CHOWN,
1292 SOCKET_START_POST,
1293 SOCKET_LISTENING,
1294 SOCKET_RUNNING,
1295 SOCKET_STOP_PRE,
1296 SOCKET_STOP_PRE_SIGTERM,
1297 SOCKET_STOP_PRE_SIGKILL))
1298 socket_close_fds(s);
1299
1300 if (state != old_state)
1301 log_debug_unit(UNIT(s)->id, "%s changed %s -> %s",
1302 UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
1303
1304 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1305}
1306
1307static int socket_coldplug(Unit *u) {
1308 Socket *s = SOCKET(u);
1309 int r;
1310
1311 assert(s);
1312 assert(s->state == SOCKET_DEAD);
1313
1314 if (s->deserialized_state == s->state)
1315 return 0;
1316
1317 if (IN_SET(s->deserialized_state,
1318 SOCKET_START_PRE,
1319 SOCKET_START_CHOWN,
1320 SOCKET_START_POST,
1321 SOCKET_STOP_PRE,
1322 SOCKET_STOP_PRE_SIGTERM,
1323 SOCKET_STOP_PRE_SIGKILL,
1324 SOCKET_STOP_POST,
1325 SOCKET_FINAL_SIGTERM,
1326 SOCKET_FINAL_SIGKILL)) {
1327
1328 if (s->control_pid <= 0)
1329 return -EBADMSG;
1330
1331 r = unit_watch_pid(UNIT(s), s->control_pid);
1332 if (r < 0)
1333 return r;
1334
1335 r = socket_arm_timer(s);
1336 if (r < 0)
1337 return r;
1338 }
1339
1340 if (IN_SET(s->deserialized_state,
1341 SOCKET_START_CHOWN,
1342 SOCKET_START_POST,
1343 SOCKET_LISTENING,
1344 SOCKET_RUNNING,
1345 SOCKET_STOP_PRE,
1346 SOCKET_STOP_PRE_SIGTERM,
1347 SOCKET_STOP_PRE_SIGKILL)) {
1348 r = socket_open_fds(s);
1349 if (r < 0)
1350 return r;
1351 }
1352
1353 if (s->deserialized_state == SOCKET_LISTENING) {
1354 r = socket_watch_fds(s);
1355 if (r < 0)
1356 return r;
1357 }
1358
1359 socket_set_state(s, s->deserialized_state);
1360 return 0;
1361}
1362
1363static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1364 _cleanup_free_ char **argv = NULL;
1365 pid_t pid;
1366 int r;
1367 ExecParameters exec_params = {
1368 .apply_permissions = true,
1369 .apply_chroot = true,
1370 .apply_tty_stdin = true,
1371 };
1372
1373 assert(s);
1374 assert(c);
1375 assert(_pid);
1376
1377 unit_realize_cgroup(UNIT(s));
1378
1379 r = unit_setup_exec_runtime(UNIT(s));
1380 if (r < 0)
1381 goto fail;
1382
1383 r = socket_arm_timer(s);
1384 if (r < 0)
1385 goto fail;
1386
1387 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1388 if (r < 0)
1389 goto fail;
1390
1391 exec_params.argv = argv;
1392 exec_params.environment = UNIT(s)->manager->environment;
1393 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1394 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1395 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1396 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1397 exec_params.unit_id = UNIT(s)->id;
1398
1399 r = exec_spawn(c,
1400 &s->exec_context,
1401 &exec_params,
1402 s->exec_runtime,
1403 &pid);
1404 if (r < 0)
1405 goto fail;
1406
1407 r = unit_watch_pid(UNIT(s), pid);
1408 if (r < 0)
1409 /* FIXME: we need to do something here */
1410 goto fail;
1411
1412 *_pid = pid;
1413 return 0;
1414
1415fail:
1416 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1417 return r;
1418}
1419
1420static int socket_chown(Socket *s, pid_t *_pid) {
1421 pid_t pid;
1422 int r;
1423
1424 r = socket_arm_timer(s);
1425 if (r < 0)
1426 goto fail;
1427
1428 /* We have to resolve the user names out-of-process, hence
1429 * let's fork here. It's messy, but well, what can we do? */
1430
1431 pid = fork();
1432 if (pid < 0)
1433 return -errno;
1434
1435 if (pid == 0) {
1436 SocketPort *p;
1437 uid_t uid = (uid_t) -1;
1438 gid_t gid = (gid_t) -1;
1439 int ret;
1440
1441 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1442 ignore_signals(SIGPIPE, -1);
1443 log_forget_fds();
1444
1445 if (!isempty(s->user)) {
1446 const char *user = s->user;
1447
1448 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1449 if (r < 0) {
1450 ret = EXIT_USER;
1451 goto fail_child;
1452 }
1453 }
1454
1455 if (!isempty(s->group)) {
1456 const char *group = s->group;
1457
1458 r = get_group_creds(&group, &gid);
1459 if (r < 0) {
1460 ret = EXIT_GROUP;
1461 goto fail_child;
1462 }
1463 }
1464
1465 LIST_FOREACH(port, p, s->ports) {
1466 const char *path = NULL;
1467
1468 if (p->type == SOCKET_SOCKET)
1469 path = socket_address_get_path(&p->address);
1470 else if (p->type == SOCKET_FIFO)
1471 path = p->path;
1472
1473 if (!path)
1474 continue;
1475
1476 if (chown(path, uid, gid) < 0) {
1477 r = -errno;
1478 ret = EXIT_CHOWN;
1479 goto fail_child;
1480 }
1481 }
1482
1483 _exit(0);
1484
1485 fail_child:
1486 log_open();
1487 log_error("Failed to chown socket at step %s: %s", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD), strerror(-r));
1488
1489 _exit(ret);
1490 }
1491
1492 r = unit_watch_pid(UNIT(s), pid);
1493 if (r < 0)
1494 goto fail;
1495
1496 *_pid = pid;
1497 return 0;
1498
1499fail:
1500 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1501 return r;
1502}
1503
1504static void socket_enter_dead(Socket *s, SocketResult f) {
1505 assert(s);
1506
1507 if (f != SOCKET_SUCCESS)
1508 s->result = f;
1509
1510 exec_runtime_destroy(s->exec_runtime);
1511 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1512
1513 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1514
1515 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1516}
1517
1518static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1519
1520static void socket_enter_stop_post(Socket *s, SocketResult f) {
1521 int r;
1522 assert(s);
1523
1524 if (f != SOCKET_SUCCESS)
1525 s->result = f;
1526
1527 socket_unwatch_control_pid(s);
1528 s->control_command_id = SOCKET_EXEC_STOP_POST;
1529 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1530
1531 if (s->control_command) {
1532 r = socket_spawn(s, s->control_command, &s->control_pid);
1533 if (r < 0)
1534 goto fail;
1535
1536 socket_set_state(s, SOCKET_STOP_POST);
1537 } else
1538 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1539
1540 return;
1541
1542fail:
1543 log_warning_unit(UNIT(s)->id,
1544 "%s failed to run 'stop-post' task: %s",
1545 UNIT(s)->id, strerror(-r));
1546 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1547}
1548
1549static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1550 int r;
1551
1552 assert(s);
1553
1554 if (f != SOCKET_SUCCESS)
1555 s->result = f;
1556
1557 r = unit_kill_context(
1558 UNIT(s),
1559 &s->kill_context,
1560 state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM,
1561 -1,
1562 s->control_pid,
1563 false);
1564 if (r < 0)
1565 goto fail;
1566
1567 if (r > 0) {
1568 r = socket_arm_timer(s);
1569 if (r < 0)
1570 goto fail;
1571
1572 socket_set_state(s, state);
1573 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1574 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1575 else if (state == SOCKET_STOP_PRE_SIGKILL)
1576 socket_enter_stop_post(s, SOCKET_SUCCESS);
1577 else if (state == SOCKET_FINAL_SIGTERM)
1578 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1579 else
1580 socket_enter_dead(s, SOCKET_SUCCESS);
1581
1582 return;
1583
1584fail:
1585 log_warning_unit(UNIT(s)->id, "%s failed to kill processes: %s", UNIT(s)->id, strerror(-r));
1586
1587 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1588 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1589 else
1590 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1591}
1592
1593static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1594 int r;
1595 assert(s);
1596
1597 if (f != SOCKET_SUCCESS)
1598 s->result = f;
1599
1600 socket_unwatch_control_pid(s);
1601 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1602 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1603
1604 if (s->control_command) {
1605 r = socket_spawn(s, s->control_command, &s->control_pid);
1606 if (r < 0)
1607 goto fail;
1608
1609 socket_set_state(s, SOCKET_STOP_PRE);
1610 } else
1611 socket_enter_stop_post(s, SOCKET_SUCCESS);
1612
1613 return;
1614
1615fail:
1616 log_warning_unit(UNIT(s)->id, "%s failed to run 'stop-pre' task: %s", UNIT(s)->id, strerror(-r));
1617 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1618}
1619
1620static void socket_enter_listening(Socket *s) {
1621 int r;
1622 assert(s);
1623
1624 r = socket_watch_fds(s);
1625 if (r < 0) {
1626 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1627 goto fail;
1628 }
1629
1630 socket_set_state(s, SOCKET_LISTENING);
1631 return;
1632
1633fail:
1634 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1635}
1636
1637static void socket_enter_start_post(Socket *s) {
1638 int r;
1639 assert(s);
1640
1641 socket_unwatch_control_pid(s);
1642 s->control_command_id = SOCKET_EXEC_START_POST;
1643 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1644
1645 if (s->control_command) {
1646 r = socket_spawn(s, s->control_command, &s->control_pid);
1647 if (r < 0) {
1648 log_warning_unit(UNIT(s)->id, "%s failed to run 'start-post' task: %s", UNIT(s)->id, strerror(-r));
1649 goto fail;
1650 }
1651
1652 socket_set_state(s, SOCKET_START_POST);
1653 } else
1654 socket_enter_listening(s);
1655
1656 return;
1657
1658fail:
1659 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1660}
1661
1662static void socket_enter_start_chown(Socket *s) {
1663 int r;
1664
1665 assert(s);
1666
1667 r = socket_open_fds(s);
1668 if (r < 0) {
1669 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1670 goto fail;
1671 }
1672
1673 if (!isempty(s->user) || !isempty(s->group)) {
1674
1675 socket_unwatch_control_pid(s);
1676 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1677 s->control_command = NULL;
1678
1679 r = socket_chown(s, &s->control_pid);
1680 if (r < 0) {
1681 log_warning_unit(UNIT(s)->id, "%s failed to fork 'start-chown' task: %s", UNIT(s)->id, strerror(-r));
1682 goto fail;
1683 }
1684
1685 socket_set_state(s, SOCKET_START_CHOWN);
1686 } else
1687 socket_enter_start_post(s);
1688
1689 return;
1690
1691fail:
1692 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1693}
1694
1695static void socket_enter_start_pre(Socket *s) {
1696 int r;
1697 assert(s);
1698
1699 socket_unwatch_control_pid(s);
1700 s->control_command_id = SOCKET_EXEC_START_PRE;
1701 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1702
1703 if (s->control_command) {
1704 r = socket_spawn(s, s->control_command, &s->control_pid);
1705 if (r < 0) {
1706 log_warning_unit(UNIT(s)->id, "%s failed to run 'start-pre' task: %s", UNIT(s)->id, strerror(-r));
1707 goto fail;
1708 }
1709
1710 socket_set_state(s, SOCKET_START_PRE);
1711 } else
1712 socket_enter_start_chown(s);
1713
1714 return;
1715
1716fail:
1717 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1718}
1719
1720static void socket_enter_running(Socket *s, int cfd) {
1721 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1722 int r;
1723
1724 assert(s);
1725
1726 /* We don't take connections anymore if we are supposed to
1727 * shut down anyway */
1728 if (unit_stop_pending(UNIT(s))) {
1729
1730 log_debug_unit(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
1731
1732 if (cfd >= 0)
1733 safe_close(cfd);
1734 else {
1735 /* Flush all sockets by closing and reopening them */
1736 socket_close_fds(s);
1737
1738 r = socket_open_fds(s);
1739 if (r < 0) {
1740 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1741 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1742 return;
1743 }
1744
1745 r = socket_watch_fds(s);
1746 if (r < 0) {
1747 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1748 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1749 }
1750 }
1751
1752 return;
1753 }
1754
1755 if (cfd < 0) {
1756 Iterator i;
1757 Unit *other;
1758 bool pending = false;
1759
1760 /* If there's already a start pending don't bother to
1761 * do anything */
1762 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1763 if (unit_active_or_pending(other)) {
1764 pending = true;
1765 break;
1766 }
1767
1768 if (!pending) {
1769 if (!UNIT_ISSET(s->service)) {
1770 log_error_unit(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
1771 r = -ENOENT;
1772 goto fail;
1773 }
1774
1775 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1776 if (r < 0)
1777 goto fail;
1778 }
1779
1780 socket_set_state(s, SOCKET_RUNNING);
1781 } else {
1782 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1783 Service *service;
1784
1785 if (s->n_connections >= s->max_connections) {
1786 log_warning_unit(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
1787 safe_close(cfd);
1788 return;
1789 }
1790
1791 r = socket_instantiate_service(s);
1792 if (r < 0)
1793 goto fail;
1794
1795 r = instance_from_socket(cfd, s->n_accepted, &instance);
1796 if (r < 0) {
1797 if (r != -ENOTCONN)
1798 goto fail;
1799
1800 /* ENOTCONN is legitimate if TCP RST was received.
1801 * This connection is over, but the socket unit lives on. */
1802 safe_close(cfd);
1803 return;
1804 }
1805
1806 prefix = unit_name_to_prefix(UNIT(s)->id);
1807 if (!prefix) {
1808 r = -ENOMEM;
1809 goto fail;
1810 }
1811
1812 name = unit_name_build(prefix, instance, ".service");
1813 if (!name) {
1814 r = -ENOMEM;
1815 goto fail;
1816 }
1817
1818 r = unit_add_name(UNIT_DEREF(s->service), name);
1819 if (r < 0)
1820 goto fail;
1821
1822 service = SERVICE(UNIT_DEREF(s->service));
1823 unit_ref_unset(&s->service);
1824 s->n_accepted ++;
1825
1826 UNIT(service)->no_gc = false;
1827
1828 unit_choose_id(UNIT(service), name);
1829
1830 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1831 if (r < 0)
1832 goto fail;
1833
1834 cfd = -1;
1835 s->n_connections ++;
1836
1837 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1838 if (r < 0)
1839 goto fail;
1840
1841 /* Notify clients about changed counters */
1842 unit_add_to_dbus_queue(UNIT(s));
1843 }
1844
1845 return;
1846
1847fail:
1848 log_warning_unit(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1849 UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
1850 bus_error_message(&error, r));
1851
1852 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1853 safe_close(cfd);
1854}
1855
1856static void socket_run_next(Socket *s) {
1857 int r;
1858
1859 assert(s);
1860 assert(s->control_command);
1861 assert(s->control_command->command_next);
1862
1863 socket_unwatch_control_pid(s);
1864
1865 s->control_command = s->control_command->command_next;
1866
1867 r = socket_spawn(s, s->control_command, &s->control_pid);
1868 if (r < 0)
1869 goto fail;
1870
1871 return;
1872
1873fail:
1874 log_warning_unit(UNIT(s)->id, "%s failed to run next task: %s", UNIT(s)->id, strerror(-r));
1875
1876 if (s->state == SOCKET_START_POST)
1877 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1878 else if (s->state == SOCKET_STOP_POST)
1879 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1880 else
1881 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1882}
1883
1884static int socket_start(Unit *u) {
1885 Socket *s = SOCKET(u);
1886
1887 assert(s);
1888
1889 /* We cannot fulfill this request right now, try again later
1890 * please! */
1891 if (IN_SET(s->state,
1892 SOCKET_STOP_PRE,
1893 SOCKET_STOP_PRE_SIGKILL,
1894 SOCKET_STOP_PRE_SIGTERM,
1895 SOCKET_STOP_POST,
1896 SOCKET_FINAL_SIGTERM,
1897 SOCKET_FINAL_SIGKILL))
1898 return -EAGAIN;
1899
1900 /* Already on it! */
1901 if (IN_SET(s->state,
1902 SOCKET_START_PRE,
1903 SOCKET_START_CHOWN,
1904 SOCKET_START_POST))
1905 return 0;
1906
1907 /* Cannot run this without the service being around */
1908 if (UNIT_ISSET(s->service)) {
1909 Service *service;
1910
1911 service = SERVICE(UNIT_DEREF(s->service));
1912
1913 if (UNIT(service)->load_state != UNIT_LOADED) {
1914 log_error_unit(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1915 return -ENOENT;
1916 }
1917
1918 /* If the service is already active we cannot start the
1919 * socket */
1920 if (service->state != SERVICE_DEAD &&
1921 service->state != SERVICE_FAILED &&
1922 service->state != SERVICE_AUTO_RESTART) {
1923 log_error_unit(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
1924 return -EBUSY;
1925 }
1926 }
1927
1928 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1929
1930 s->result = SOCKET_SUCCESS;
1931 socket_enter_start_pre(s);
1932
1933 return 0;
1934}
1935
1936static int socket_stop(Unit *u) {
1937 Socket *s = SOCKET(u);
1938
1939 assert(s);
1940
1941 /* Already on it */
1942 if (IN_SET(s->state,
1943 SOCKET_STOP_PRE,
1944 SOCKET_STOP_PRE_SIGTERM,
1945 SOCKET_STOP_PRE_SIGKILL,
1946 SOCKET_STOP_POST,
1947 SOCKET_FINAL_SIGTERM,
1948 SOCKET_FINAL_SIGKILL))
1949 return 0;
1950
1951 /* If there's already something running we go directly into
1952 * kill mode. */
1953 if (IN_SET(s->state,
1954 SOCKET_START_PRE,
1955 SOCKET_START_CHOWN,
1956 SOCKET_START_POST)) {
1957 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1958 return -EAGAIN;
1959 }
1960
1961 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1962
1963 socket_enter_stop_pre(s, SOCKET_SUCCESS);
1964 return 0;
1965}
1966
1967static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1968 Socket *s = SOCKET(u);
1969 SocketPort *p;
1970 int r;
1971
1972 assert(u);
1973 assert(f);
1974 assert(fds);
1975
1976 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
1977 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
1978 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
1979
1980 if (s->control_pid > 0)
1981 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
1982
1983 if (s->control_command_id >= 0)
1984 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
1985
1986 LIST_FOREACH(port, p, s->ports) {
1987 int copy;
1988
1989 if (p->fd < 0)
1990 continue;
1991
1992 copy = fdset_put_dup(fds, p->fd);
1993 if (copy < 0)
1994 return copy;
1995
1996 if (p->type == SOCKET_SOCKET) {
1997 _cleanup_free_ char *t = NULL;
1998
1999 r = socket_address_print(&p->address, &t);
2000 if (r < 0)
2001 return r;
2002
2003 if (socket_address_family(&p->address) == AF_NETLINK)
2004 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2005 else
2006 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2007
2008 } else if (p->type == SOCKET_SPECIAL)
2009 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2010 else if (p->type == SOCKET_MQUEUE)
2011 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2012 else {
2013 assert(p->type == SOCKET_FIFO);
2014 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2015 }
2016 }
2017
2018 return 0;
2019}
2020
2021static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2022 Socket *s = SOCKET(u);
2023
2024 assert(u);
2025 assert(key);
2026 assert(value);
2027
2028 if (streq(key, "state")) {
2029 SocketState state;
2030
2031 state = socket_state_from_string(value);
2032 if (state < 0)
2033 log_debug_unit(u->id, "Failed to parse state value %s", value);
2034 else
2035 s->deserialized_state = state;
2036 } else if (streq(key, "result")) {
2037 SocketResult f;
2038
2039 f = socket_result_from_string(value);
2040 if (f < 0)
2041 log_debug_unit(u->id, "Failed to parse result value %s", value);
2042 else if (f != SOCKET_SUCCESS)
2043 s->result = f;
2044
2045 } else if (streq(key, "n-accepted")) {
2046 unsigned k;
2047
2048 if (safe_atou(value, &k) < 0)
2049 log_debug_unit(u->id, "Failed to parse n-accepted value %s", value);
2050 else
2051 s->n_accepted += k;
2052 } else if (streq(key, "control-pid")) {
2053 pid_t pid;
2054
2055 if (parse_pid(value, &pid) < 0)
2056 log_debug_unit(u->id, "Failed to parse control-pid value %s", value);
2057 else
2058 s->control_pid = pid;
2059 } else if (streq(key, "control-command")) {
2060 SocketExecCommand id;
2061
2062 id = socket_exec_command_from_string(value);
2063 if (id < 0)
2064 log_debug_unit(u->id, "Failed to parse exec-command value %s", value);
2065 else {
2066 s->control_command_id = id;
2067 s->control_command = s->exec_command[id];
2068 }
2069 } else if (streq(key, "fifo")) {
2070 int fd, skip = 0;
2071 SocketPort *p;
2072
2073 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2074 log_debug_unit(u->id, "Failed to parse fifo value %s", value);
2075 else {
2076
2077 LIST_FOREACH(port, p, s->ports)
2078 if (p->type == SOCKET_FIFO &&
2079 streq_ptr(p->path, value+skip))
2080 break;
2081
2082 if (p) {
2083 safe_close(p->fd);
2084 p->fd = fdset_remove(fds, fd);
2085 }
2086 }
2087
2088 } else if (streq(key, "special")) {
2089 int fd, skip = 0;
2090 SocketPort *p;
2091
2092 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2093 log_debug_unit(u->id, "Failed to parse special value %s", value);
2094 else {
2095
2096 LIST_FOREACH(port, p, s->ports)
2097 if (p->type == SOCKET_SPECIAL &&
2098 streq_ptr(p->path, value+skip))
2099 break;
2100
2101 if (p) {
2102 safe_close(p->fd);
2103 p->fd = fdset_remove(fds, fd);
2104 }
2105 }
2106
2107 } else if (streq(key, "mqueue")) {
2108 int fd, skip = 0;
2109 SocketPort *p;
2110
2111 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2112 log_debug_unit(u->id, "Failed to parse mqueue value %s", value);
2113 else {
2114
2115 LIST_FOREACH(port, p, s->ports)
2116 if (p->type == SOCKET_MQUEUE &&
2117 streq_ptr(p->path, value+skip))
2118 break;
2119
2120 if (p) {
2121 safe_close(p->fd);
2122 p->fd = fdset_remove(fds, fd);
2123 }
2124 }
2125
2126 } else if (streq(key, "socket")) {
2127 int fd, type, skip = 0;
2128 SocketPort *p;
2129
2130 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2131 log_debug_unit(u->id, "Failed to parse socket value %s", value);
2132 else {
2133
2134 LIST_FOREACH(port, p, s->ports)
2135 if (socket_address_is(&p->address, value+skip, type))
2136 break;
2137
2138 if (p) {
2139 safe_close(p->fd);
2140 p->fd = fdset_remove(fds, fd);
2141 }
2142 }
2143
2144 } else if (streq(key, "netlink")) {
2145 int fd, skip = 0;
2146 SocketPort *p;
2147
2148 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2149 log_debug_unit(u->id, "Failed to parse socket value %s", value);
2150 else {
2151
2152 LIST_FOREACH(port, p, s->ports)
2153 if (socket_address_is_netlink(&p->address, value+skip))
2154 break;
2155
2156 if (p) {
2157 safe_close(p->fd);
2158 p->fd = fdset_remove(fds, fd);
2159 }
2160 }
2161 } else
2162 log_debug_unit(UNIT(s)->id, "Unknown serialization key '%s'", key);
2163
2164 return 0;
2165}
2166
2167static int socket_distribute_fds(Unit *u, FDSet *fds) {
2168 Socket *s = SOCKET(u);
2169 SocketPort *p;
2170
2171 assert(u);
2172
2173 LIST_FOREACH(port, p, s->ports) {
2174 Iterator i;
2175 int fd;
2176
2177 if (p->type != SOCKET_SOCKET)
2178 continue;
2179
2180 if (p->fd >= 0)
2181 continue;
2182
2183 FDSET_FOREACH(fd, fds, i) {
2184 if (socket_address_matches_fd(&p->address, fd)) {
2185 p->fd = fdset_remove(fds, fd);
2186 s->deserialized_state = SOCKET_LISTENING;
2187 break;
2188 }
2189 }
2190 }
2191
2192 return 0;
2193}
2194
2195_pure_ static UnitActiveState socket_active_state(Unit *u) {
2196 assert(u);
2197
2198 return state_translation_table[SOCKET(u)->state];
2199}
2200
2201_pure_ static const char *socket_sub_state_to_string(Unit *u) {
2202 assert(u);
2203
2204 return socket_state_to_string(SOCKET(u)->state);
2205}
2206
2207const char* socket_port_type_to_string(SocketPort *p) {
2208
2209 assert(p);
2210
2211 switch (p->type) {
2212
2213 case SOCKET_SOCKET:
2214
2215 switch (p->address.type) {
2216
2217 case SOCK_STREAM:
2218 return "Stream";
2219
2220 case SOCK_DGRAM:
2221 return "Datagram";
2222
2223 case SOCK_SEQPACKET:
2224 return "SequentialPacket";
2225
2226 case SOCK_RAW:
2227 if (socket_address_family(&p->address) == AF_NETLINK)
2228 return "Netlink";
2229
2230 default:
2231 return NULL;
2232 }
2233
2234 case SOCKET_SPECIAL:
2235 return "Special";
2236
2237 case SOCKET_MQUEUE:
2238 return "MessageQueue";
2239
2240 case SOCKET_FIFO:
2241 return "FIFO";
2242
2243 default:
2244 return NULL;
2245 }
2246}
2247
2248_pure_ static bool socket_check_gc(Unit *u) {
2249 Socket *s = SOCKET(u);
2250
2251 assert(u);
2252
2253 return s->n_connections > 0;
2254}
2255
2256static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2257 SocketPort *p = userdata;
2258 int cfd = -1;
2259
2260 assert(p);
2261 assert(fd >= 0);
2262
2263 if (p->socket->state != SOCKET_LISTENING)
2264 return 0;
2265
2266 log_debug_unit(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
2267
2268 if (revents != EPOLLIN) {
2269
2270 if (revents & EPOLLHUP)
2271 log_error_unit(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
2272 UNIT(p->socket)->id);
2273 else
2274 log_error_unit(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
2275 UNIT(p->socket)->id, revents);
2276
2277 goto fail;
2278 }
2279
2280 if (p->socket->accept &&
2281 p->type == SOCKET_SOCKET &&
2282 socket_address_can_accept(&p->address)) {
2283
2284 for (;;) {
2285
2286 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2287 if (cfd < 0) {
2288
2289 if (errno == EINTR)
2290 continue;
2291
2292 log_error_unit(UNIT(p->socket)->id,
2293 "Failed to accept socket: %m");
2294 goto fail;
2295 }
2296
2297 break;
2298 }
2299
2300 socket_apply_socket_options(p->socket, cfd);
2301 }
2302
2303 socket_enter_running(p->socket, cfd);
2304 return 0;
2305
2306fail:
2307 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2308 return 0;
2309}
2310
2311static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2312 Socket *s = SOCKET(u);
2313 SocketResult f;
2314
2315 assert(s);
2316 assert(pid >= 0);
2317
2318 if (pid != s->control_pid)
2319 return;
2320
2321 s->control_pid = 0;
2322
2323 if (is_clean_exit(code, status, NULL))
2324 f = SOCKET_SUCCESS;
2325 else if (code == CLD_EXITED)
2326 f = SOCKET_FAILURE_EXIT_CODE;
2327 else if (code == CLD_KILLED)
2328 f = SOCKET_FAILURE_SIGNAL;
2329 else if (code == CLD_DUMPED)
2330 f = SOCKET_FAILURE_CORE_DUMP;
2331 else
2332 assert_not_reached("Unknown sigchld code");
2333
2334 if (s->control_command) {
2335 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2336
2337 if (s->control_command->ignore)
2338 f = SOCKET_SUCCESS;
2339 }
2340
2341 log_full_unit(f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
2342 u->id,
2343 "%s control process exited, code=%s status=%i",
2344 u->id, sigchld_code_to_string(code), status);
2345
2346 if (f != SOCKET_SUCCESS)
2347 s->result = f;
2348
2349 if (s->control_command &&
2350 s->control_command->command_next &&
2351 f == SOCKET_SUCCESS) {
2352
2353 log_debug_unit(u->id,
2354 "%s running next command for state %s",
2355 u->id, socket_state_to_string(s->state));
2356 socket_run_next(s);
2357 } else {
2358 s->control_command = NULL;
2359 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2360
2361 /* No further commands for this step, so let's figure
2362 * out what to do next */
2363
2364 log_debug_unit(u->id,
2365 "%s got final SIGCHLD for state %s",
2366 u->id, socket_state_to_string(s->state));
2367
2368 switch (s->state) {
2369
2370 case SOCKET_START_PRE:
2371 if (f == SOCKET_SUCCESS)
2372 socket_enter_start_chown(s);
2373 else
2374 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2375 break;
2376
2377 case SOCKET_START_CHOWN:
2378 if (f == SOCKET_SUCCESS)
2379 socket_enter_start_post(s);
2380 else
2381 socket_enter_stop_pre(s, f);
2382 break;
2383
2384 case SOCKET_START_POST:
2385 if (f == SOCKET_SUCCESS)
2386 socket_enter_listening(s);
2387 else
2388 socket_enter_stop_pre(s, f);
2389 break;
2390
2391 case SOCKET_STOP_PRE:
2392 case SOCKET_STOP_PRE_SIGTERM:
2393 case SOCKET_STOP_PRE_SIGKILL:
2394 socket_enter_stop_post(s, f);
2395 break;
2396
2397 case SOCKET_STOP_POST:
2398 case SOCKET_FINAL_SIGTERM:
2399 case SOCKET_FINAL_SIGKILL:
2400 socket_enter_dead(s, f);
2401 break;
2402
2403 default:
2404 assert_not_reached("Uh, control process died at wrong time.");
2405 }
2406 }
2407
2408 /* Notify clients about changed exit status */
2409 unit_add_to_dbus_queue(u);
2410}
2411
2412static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2413 Socket *s = SOCKET(userdata);
2414
2415 assert(s);
2416 assert(s->timer_event_source == source);
2417
2418 switch (s->state) {
2419
2420 case SOCKET_START_PRE:
2421 log_warning_unit(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
2422 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2423 break;
2424
2425 case SOCKET_START_CHOWN:
2426 case SOCKET_START_POST:
2427 log_warning_unit(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
2428 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2429 break;
2430
2431 case SOCKET_STOP_PRE:
2432 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
2433 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2434 break;
2435
2436 case SOCKET_STOP_PRE_SIGTERM:
2437 if (s->kill_context.send_sigkill) {
2438 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
2439 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2440 } else {
2441 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2442 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2443 }
2444 break;
2445
2446 case SOCKET_STOP_PRE_SIGKILL:
2447 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
2448 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2449 break;
2450
2451 case SOCKET_STOP_POST:
2452 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
2453 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2454 break;
2455
2456 case SOCKET_FINAL_SIGTERM:
2457 if (s->kill_context.send_sigkill) {
2458 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
2459 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2460 } else {
2461 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2462 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2463 }
2464 break;
2465
2466 case SOCKET_FINAL_SIGKILL:
2467 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
2468 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2469 break;
2470
2471 default:
2472 assert_not_reached("Timeout at wrong time.");
2473 }
2474
2475 return 0;
2476}
2477
2478int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2479 int *rfds;
2480 unsigned rn_fds, k;
2481 SocketPort *p;
2482
2483 assert(s);
2484 assert(fds);
2485 assert(n_fds);
2486
2487 /* Called from the service code for requesting our fds */
2488
2489 rn_fds = 0;
2490 LIST_FOREACH(port, p, s->ports)
2491 if (p->fd >= 0)
2492 rn_fds++;
2493
2494 if (rn_fds <= 0) {
2495 *fds = NULL;
2496 *n_fds = 0;
2497 return 0;
2498 }
2499
2500 if (!(rfds = new(int, rn_fds)))
2501 return -ENOMEM;
2502
2503 k = 0;
2504 LIST_FOREACH(port, p, s->ports)
2505 if (p->fd >= 0)
2506 rfds[k++] = p->fd;
2507
2508 assert(k == rn_fds);
2509
2510 *fds = rfds;
2511 *n_fds = rn_fds;
2512
2513 return 0;
2514}
2515
2516static void socket_reset_failed(Unit *u) {
2517 Socket *s = SOCKET(u);
2518
2519 assert(s);
2520
2521 if (s->state == SOCKET_FAILED)
2522 socket_set_state(s, SOCKET_DEAD);
2523
2524 s->result = SOCKET_SUCCESS;
2525}
2526
2527static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2528 assert(s);
2529
2530 /* The service is dead. Dang!
2531 *
2532 * This is strictly for one-instance-for-all-connections
2533 * services. */
2534
2535 if (s->state == SOCKET_RUNNING) {
2536 log_debug_unit(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
2537 if (failed_permanent)
2538 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2539 else
2540 socket_enter_listening(s);
2541 }
2542}
2543
2544void socket_connection_unref(Socket *s) {
2545 assert(s);
2546
2547 /* The service is dead. Yay!
2548 *
2549 * This is strictly for one-instance-per-connection
2550 * services. */
2551
2552 assert(s->n_connections > 0);
2553 s->n_connections--;
2554
2555 log_debug_unit(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
2556}
2557
2558static void socket_trigger_notify(Unit *u, Unit *other) {
2559 Socket *s = SOCKET(u);
2560 Service *se;
2561
2562 assert(u);
2563 assert(other);
2564
2565 /* Don't propagate state changes from the service if we are
2566 already down or accepting connections */
2567 if ((s->state != SOCKET_RUNNING &&
2568 s->state != SOCKET_LISTENING) ||
2569 s->accept)
2570 return;
2571
2572 if (other->load_state != UNIT_LOADED ||
2573 other->type != UNIT_SERVICE)
2574 return;
2575
2576 se = SERVICE(other);
2577
2578 if (se->state == SERVICE_FAILED)
2579 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2580
2581 if (se->state == SERVICE_DEAD ||
2582 se->state == SERVICE_STOP ||
2583 se->state == SERVICE_STOP_SIGTERM ||
2584 se->state == SERVICE_STOP_SIGKILL ||
2585 se->state == SERVICE_STOP_POST ||
2586 se->state == SERVICE_FINAL_SIGTERM ||
2587 se->state == SERVICE_FINAL_SIGKILL ||
2588 se->state == SERVICE_AUTO_RESTART)
2589 socket_notify_service_dead(s, false);
2590
2591 if (se->state == SERVICE_RUNNING)
2592 socket_set_state(s, SOCKET_RUNNING);
2593}
2594
2595static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2596 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2597}
2598
2599static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2600 Socket *s = SOCKET(u);
2601 int r;
2602
2603 if (!s->timer_event_source)
2604 return 0;
2605
2606 r = sd_event_source_get_time(s->timer_event_source, timeout);
2607 if (r < 0)
2608 return r;
2609
2610 return 1;
2611}
2612
2613static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2614 [SOCKET_DEAD] = "dead",
2615 [SOCKET_START_PRE] = "start-pre",
2616 [SOCKET_START_CHOWN] = "start-chown",
2617 [SOCKET_START_POST] = "start-post",
2618 [SOCKET_LISTENING] = "listening",
2619 [SOCKET_RUNNING] = "running",
2620 [SOCKET_STOP_PRE] = "stop-pre",
2621 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2622 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2623 [SOCKET_STOP_POST] = "stop-post",
2624 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2625 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2626 [SOCKET_FAILED] = "failed"
2627};
2628
2629DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2630
2631static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2632 [SOCKET_EXEC_START_PRE] = "StartPre",
2633 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2634 [SOCKET_EXEC_START_POST] = "StartPost",
2635 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2636 [SOCKET_EXEC_STOP_POST] = "StopPost"
2637};
2638
2639DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2640
2641static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2642 [SOCKET_SUCCESS] = "success",
2643 [SOCKET_FAILURE_RESOURCES] = "resources",
2644 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2645 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2646 [SOCKET_FAILURE_SIGNAL] = "signal",
2647 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2648 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2649};
2650
2651DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2652
2653const UnitVTable socket_vtable = {
2654 .object_size = sizeof(Socket),
2655 .exec_context_offset = offsetof(Socket, exec_context),
2656 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2657 .kill_context_offset = offsetof(Socket, kill_context),
2658 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2659
2660 .sections =
2661 "Unit\0"
2662 "Socket\0"
2663 "Install\0",
2664 .private_section = "Socket",
2665
2666 .init = socket_init,
2667 .done = socket_done,
2668 .load = socket_load,
2669
2670 .coldplug = socket_coldplug,
2671
2672 .dump = socket_dump,
2673
2674 .start = socket_start,
2675 .stop = socket_stop,
2676
2677 .kill = socket_kill,
2678
2679 .get_timeout = socket_get_timeout,
2680
2681 .serialize = socket_serialize,
2682 .deserialize_item = socket_deserialize_item,
2683 .distribute_fds = socket_distribute_fds,
2684
2685 .active_state = socket_active_state,
2686 .sub_state_to_string = socket_sub_state_to_string,
2687
2688 .check_gc = socket_check_gc,
2689
2690 .sigchld_event = socket_sigchld_event,
2691
2692 .trigger_notify = socket_trigger_notify,
2693
2694 .reset_failed = socket_reset_failed,
2695
2696 .bus_interface = "org.freedesktop.systemd1.Socket",
2697 .bus_vtable = bus_socket_vtable,
2698 .bus_set_property = bus_socket_set_property,
2699 .bus_commit_properties = bus_socket_commit_properties,
2700
2701 .status_message_formats = {
2702 /*.starting_stopping = {
2703 [0] = "Starting socket %s...",
2704 [1] = "Stopping socket %s...",
2705 },*/
2706 .finished_start_job = {
2707 [JOB_DONE] = "Listening on %s.",
2708 [JOB_FAILED] = "Failed to listen on %s.",
2709 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2710 [JOB_TIMEOUT] = "Timed out starting %s.",
2711 },
2712 .finished_stop_job = {
2713 [JOB_DONE] = "Closed %s.",
2714 [JOB_FAILED] = "Failed stopping %s.",
2715 [JOB_TIMEOUT] = "Timed out stopping %s.",
2716 },
2717 },
2718};
Unnamed repository; edit this file 'description' to name the repository.