]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Always check asprintf return code
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/types.h>
23 #include <sys/stat.h>
24 #include <unistd.h>
25 #include <errno.h>
26 #include <fcntl.h>
27 #include <sys/epoll.h>
28 #include <signal.h>
29 #include <arpa/inet.h>
30 #include <netinet/tcp.h>
31 #include <mqueue.h>
32 #include <sys/xattr.h>
33
34 #include "sd-event.h"
35 #include "log.h"
36 #include "load-dropin.h"
37 #include "load-fragment.h"
38 #include "strv.h"
39 #include "mkdir.h"
40 #include "path-util.h"
41 #include "unit-name.h"
42 #include "unit-printf.h"
43 #include "missing.h"
44 #include "special.h"
45 #include "label.h"
46 #include "exit-status.h"
47 #include "def.h"
48 #include "smack-util.h"
49 #include "bus-util.h"
50 #include "bus-error.h"
51 #include "dbus-socket.h"
52 #include "unit.h"
53 #include "socket.h"
54
55 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
56 [SOCKET_DEAD] = UNIT_INACTIVE,
57 [SOCKET_START_PRE] = UNIT_ACTIVATING,
58 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
59 [SOCKET_START_POST] = UNIT_ACTIVATING,
60 [SOCKET_LISTENING] = UNIT_ACTIVE,
61 [SOCKET_RUNNING] = UNIT_ACTIVE,
62 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
66 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
67 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
68 [SOCKET_FAILED] = UNIT_FAILED
69 };
70
71 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
72 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
73
74 static void socket_init(Unit *u) {
75 Socket *s = SOCKET(u);
76
77 assert(u);
78 assert(u->load_state == UNIT_STUB);
79
80 s->backlog = SOMAXCONN;
81 s->timeout_usec = u->manager->default_timeout_start_usec;
82 s->directory_mode = 0755;
83 s->socket_mode = 0666;
84
85 s->max_connections = 64;
86
87 s->priority = -1;
88 s->ip_tos = -1;
89 s->ip_ttl = -1;
90 s->mark = -1;
91
92 s->exec_context.std_output = u->manager->default_std_output;
93 s->exec_context.std_error = u->manager->default_std_error;
94
95 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
96 }
97
98 static void socket_unwatch_control_pid(Socket *s) {
99 assert(s);
100
101 if (s->control_pid <= 0)
102 return;
103
104 unit_unwatch_pid(UNIT(s), s->control_pid);
105 s->control_pid = 0;
106 }
107
108 void socket_free_ports(Socket *s) {
109 SocketPort *p;
110
111 assert(s);
112
113 while ((p = s->ports)) {
114 LIST_REMOVE(port, s->ports, p);
115
116 sd_event_source_unref(p->event_source);
117
118 safe_close(p->fd);
119 free(p->path);
120 free(p);
121 }
122 }
123
124 static void socket_done(Unit *u) {
125 Socket *s = SOCKET(u);
126
127 assert(s);
128
129 socket_free_ports(s);
130
131 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
132 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
133 s->control_command = NULL;
134
135 socket_unwatch_control_pid(s);
136
137 unit_ref_unset(&s->service);
138
139 free(s->tcp_congestion);
140 s->tcp_congestion = NULL;
141
142 free(s->bind_to_device);
143 s->bind_to_device = NULL;
144
145 free(s->smack);
146 free(s->smack_ip_in);
147 free(s->smack_ip_out);
148
149 strv_free(s->symlinks);
150
151 free(s->user);
152 free(s->group);
153
154 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
155 }
156
157 static int socket_arm_timer(Socket *s) {
158 int r;
159
160 assert(s);
161
162 if (s->timeout_usec <= 0) {
163 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
164 return 0;
165 }
166
167 if (s->timer_event_source) {
168 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
169 if (r < 0)
170 return r;
171
172 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
173 }
174
175 return sd_event_add_time(
176 UNIT(s)->manager->event,
177 &s->timer_event_source,
178 CLOCK_MONOTONIC,
179 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
180 socket_dispatch_timer, s);
181 }
182
183 int socket_instantiate_service(Socket *s) {
184 _cleanup_free_ char *prefix = NULL, *name = NULL;
185 int r;
186 Unit *u;
187
188 assert(s);
189
190 /* This fills in s->service if it isn't filled in yet. For
191 * Accept=yes sockets we create the next connection service
192 * here. For Accept=no this is mostly a NOP since the service
193 * is figured out at load time anyway. */
194
195 if (UNIT_DEREF(s->service) || !s->accept)
196 return 0;
197
198 prefix = unit_name_to_prefix(UNIT(s)->id);
199 if (!prefix)
200 return -ENOMEM;
201
202 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
203 return -ENOMEM;
204
205 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
206 if (r < 0)
207 return r;
208
209 u->no_gc = true;
210 unit_ref_set(&s->service, u);
211
212 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
213 }
214
215 static bool have_non_accept_socket(Socket *s) {
216 SocketPort *p;
217
218 assert(s);
219
220 if (!s->accept)
221 return true;
222
223 LIST_FOREACH(port, p, s->ports) {
224
225 if (p->type != SOCKET_SOCKET)
226 return true;
227
228 if (!socket_address_can_accept(&p->address))
229 return true;
230 }
231
232 return false;
233 }
234
235 static int socket_add_mount_links(Socket *s) {
236 SocketPort *p;
237 int r;
238
239 assert(s);
240
241 LIST_FOREACH(port, p, s->ports) {
242 const char *path = NULL;
243
244 if (p->type == SOCKET_SOCKET)
245 path = socket_address_get_path(&p->address);
246 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
247 path = p->path;
248
249 if (!path)
250 continue;
251
252 r = unit_require_mounts_for(UNIT(s), path);
253 if (r < 0)
254 return r;
255 }
256
257 return 0;
258 }
259
260 static int socket_add_device_link(Socket *s) {
261 char *t;
262
263 assert(s);
264
265 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
266 return 0;
267
268 t = strappenda("/sys/subsystem/net/devices/", s->bind_to_device);
269 return unit_add_node_link(UNIT(s), t, false);
270 }
271
272 static int socket_add_default_dependencies(Socket *s) {
273 int r;
274 assert(s);
275
276 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
277 if (r < 0)
278 return r;
279
280 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
281 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
282 if (r < 0)
283 return r;
284 }
285
286 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
287 }
288
289 _pure_ static bool socket_has_exec(Socket *s) {
290 unsigned i;
291 assert(s);
292
293 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
294 if (s->exec_command[i])
295 return true;
296
297 return false;
298 }
299
300 static int socket_add_extras(Socket *s) {
301 Unit *u = UNIT(s);
302 int r;
303
304 assert(s);
305
306 if (have_non_accept_socket(s)) {
307
308 if (!UNIT_DEREF(s->service)) {
309 Unit *x;
310
311 r = unit_load_related_unit(u, ".service", &x);
312 if (r < 0)
313 return r;
314
315 unit_ref_set(&s->service, x);
316 }
317
318 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
319 if (r < 0)
320 return r;
321 }
322
323 r = socket_add_mount_links(s);
324 if (r < 0)
325 return r;
326
327 r = socket_add_device_link(s);
328 if (r < 0)
329 return r;
330
331 r = unit_patch_contexts(u);
332 if (r < 0)
333 return r;
334
335 if (socket_has_exec(s)) {
336 r = unit_add_exec_dependencies(u, &s->exec_context);
337 if (r < 0)
338 return r;
339
340 r = unit_add_default_slice(u, &s->cgroup_context);
341 if (r < 0)
342 return r;
343 }
344
345 if (u->default_dependencies) {
346 r = socket_add_default_dependencies(s);
347 if (r < 0)
348 return r;
349 }
350
351 return 0;
352 }
353
354 static const char *socket_find_symlink_target(Socket *s) {
355 const char *found = NULL;
356 SocketPort *p;
357
358 LIST_FOREACH(port, p, s->ports) {
359 const char *f = NULL;
360
361 switch (p->type) {
362
363 case SOCKET_FIFO:
364 f = p->path;
365 break;
366
367 case SOCKET_SOCKET:
368 if (p->address.sockaddr.un.sun_path[0] != 0)
369 f = p->address.sockaddr.un.sun_path;
370 break;
371
372 default:
373 break;
374 }
375
376 if (f) {
377 if (found)
378 return NULL;
379
380 found = f;
381 }
382 }
383
384 return found;
385 }
386
387 static int socket_verify(Socket *s) {
388 assert(s);
389
390 if (UNIT(s)->load_state != UNIT_LOADED)
391 return 0;
392
393 if (!s->ports) {
394 log_error_unit(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
395 return -EINVAL;
396 }
397
398 if (s->accept && have_non_accept_socket(s)) {
399 log_error_unit(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
400 UNIT(s)->id);
401 return -EINVAL;
402 }
403
404 if (s->accept && s->max_connections <= 0) {
405 log_error_unit(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
406 return -EINVAL;
407 }
408
409 if (s->accept && UNIT_DEREF(s->service)) {
410 log_error_unit(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
411 return -EINVAL;
412 }
413
414 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
415 log_error_unit(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
416 return -EINVAL;
417 }
418
419 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
420 log_error_unit(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
421 return -EINVAL;
422 }
423
424 return 0;
425 }
426
427 static int socket_load(Unit *u) {
428 Socket *s = SOCKET(u);
429 int r;
430
431 assert(u);
432 assert(u->load_state == UNIT_STUB);
433
434 r = unit_load_fragment_and_dropin(u);
435 if (r < 0)
436 return r;
437
438 if (u->load_state == UNIT_LOADED) {
439 /* This is a new unit? Then let's add in some extras */
440 r = socket_add_extras(s);
441 if (r < 0)
442 return r;
443 }
444
445 return socket_verify(s);
446 }
447
448 _const_ static const char* listen_lookup(int family, int type) {
449
450 if (family == AF_NETLINK)
451 return "ListenNetlink";
452
453 if (type == SOCK_STREAM)
454 return "ListenStream";
455 else if (type == SOCK_DGRAM)
456 return "ListenDatagram";
457 else if (type == SOCK_SEQPACKET)
458 return "ListenSequentialPacket";
459
460 assert_not_reached("Unknown socket type");
461 return NULL;
462 }
463
464 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
465 SocketExecCommand c;
466 Socket *s = SOCKET(u);
467 SocketPort *p;
468 const char *prefix2;
469
470 assert(s);
471 assert(f);
472
473 prefix2 = strappenda(prefix, "\t");
474
475 fprintf(f,
476 "%sSocket State: %s\n"
477 "%sResult: %s\n"
478 "%sBindIPv6Only: %s\n"
479 "%sBacklog: %u\n"
480 "%sSocketMode: %04o\n"
481 "%sDirectoryMode: %04o\n"
482 "%sKeepAlive: %s\n"
483 "%sFreeBind: %s\n"
484 "%sTransparent: %s\n"
485 "%sBroadcast: %s\n"
486 "%sPassCredentials: %s\n"
487 "%sPassSecurity: %s\n"
488 "%sTCPCongestion: %s\n"
489 "%sRemoveOnStop: %s\n",
490 prefix, socket_state_to_string(s->state),
491 prefix, socket_result_to_string(s->result),
492 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
493 prefix, s->backlog,
494 prefix, s->socket_mode,
495 prefix, s->directory_mode,
496 prefix, yes_no(s->keep_alive),
497 prefix, yes_no(s->free_bind),
498 prefix, yes_no(s->transparent),
499 prefix, yes_no(s->broadcast),
500 prefix, yes_no(s->pass_cred),
501 prefix, yes_no(s->pass_sec),
502 prefix, strna(s->tcp_congestion),
503 prefix, yes_no(s->remove_on_stop));
504
505 if (s->control_pid > 0)
506 fprintf(f,
507 "%sControl PID: "PID_FMT"\n",
508 prefix, s->control_pid);
509
510 if (s->bind_to_device)
511 fprintf(f,
512 "%sBindToDevice: %s\n",
513 prefix, s->bind_to_device);
514
515 if (s->accept)
516 fprintf(f,
517 "%sAccepted: %u\n"
518 "%sNConnections: %u\n"
519 "%sMaxConnections: %u\n",
520 prefix, s->n_accepted,
521 prefix, s->n_connections,
522 prefix, s->max_connections);
523
524 if (s->priority >= 0)
525 fprintf(f,
526 "%sPriority: %i\n",
527 prefix, s->priority);
528
529 if (s->receive_buffer > 0)
530 fprintf(f,
531 "%sReceiveBuffer: %zu\n",
532 prefix, s->receive_buffer);
533
534 if (s->send_buffer > 0)
535 fprintf(f,
536 "%sSendBuffer: %zu\n",
537 prefix, s->send_buffer);
538
539 if (s->ip_tos >= 0)
540 fprintf(f,
541 "%sIPTOS: %i\n",
542 prefix, s->ip_tos);
543
544 if (s->ip_ttl >= 0)
545 fprintf(f,
546 "%sIPTTL: %i\n",
547 prefix, s->ip_ttl);
548
549 if (s->pipe_size > 0)
550 fprintf(f,
551 "%sPipeSize: %zu\n",
552 prefix, s->pipe_size);
553
554 if (s->mark >= 0)
555 fprintf(f,
556 "%sMark: %i\n",
557 prefix, s->mark);
558
559 if (s->mq_maxmsg > 0)
560 fprintf(f,
561 "%sMessageQueueMaxMessages: %li\n",
562 prefix, s->mq_maxmsg);
563
564 if (s->mq_msgsize > 0)
565 fprintf(f,
566 "%sMessageQueueMessageSize: %li\n",
567 prefix, s->mq_msgsize);
568
569 if (s->reuse_port)
570 fprintf(f,
571 "%sReusePort: %s\n",
572 prefix, yes_no(s->reuse_port));
573
574 if (s->smack)
575 fprintf(f,
576 "%sSmackLabel: %s\n",
577 prefix, s->smack);
578
579 if (s->smack_ip_in)
580 fprintf(f,
581 "%sSmackLabelIPIn: %s\n",
582 prefix, s->smack_ip_in);
583
584 if (s->smack_ip_out)
585 fprintf(f,
586 "%sSmackLabelIPOut: %s\n",
587 prefix, s->smack_ip_out);
588
589 if (!isempty(s->user) || !isempty(s->group))
590 fprintf(f,
591 "%sOwnerUser: %s\n"
592 "%sOwnerGroup: %s\n",
593 prefix, strna(s->user),
594 prefix, strna(s->group));
595
596 LIST_FOREACH(port, p, s->ports) {
597
598 if (p->type == SOCKET_SOCKET) {
599 const char *t;
600 int r;
601 char *k = NULL;
602
603 if ((r = socket_address_print(&p->address, &k)) < 0)
604 t = strerror(-r);
605 else
606 t = k;
607
608 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
609 free(k);
610 } else if (p->type == SOCKET_SPECIAL)
611 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
612 else if (p->type == SOCKET_MQUEUE)
613 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
614 else
615 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
616 }
617
618 exec_context_dump(&s->exec_context, f, prefix);
619 kill_context_dump(&s->kill_context, f, prefix);
620
621 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
622 if (!s->exec_command[c])
623 continue;
624
625 fprintf(f, "%s-> %s:\n",
626 prefix, socket_exec_command_to_string(c));
627
628 exec_command_dump_list(s->exec_command[c], f, prefix2);
629 }
630 }
631
632 static int instance_from_socket(int fd, unsigned nr, char **instance) {
633 socklen_t l;
634 char *r;
635 union sockaddr_union local, remote;
636
637 assert(fd >= 0);
638 assert(instance);
639
640 l = sizeof(local);
641 if (getsockname(fd, &local.sa, &l) < 0)
642 return -errno;
643
644 l = sizeof(remote);
645 if (getpeername(fd, &remote.sa, &l) < 0)
646 return -errno;
647
648 switch (local.sa.sa_family) {
649
650 case AF_INET: {
651 uint32_t
652 a = ntohl(local.in.sin_addr.s_addr),
653 b = ntohl(remote.in.sin_addr.s_addr);
654
655 if (asprintf(&r,
656 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
657 nr,
658 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
659 ntohs(local.in.sin_port),
660 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
661 ntohs(remote.in.sin_port)) < 0)
662 return -ENOMEM;
663
664 break;
665 }
666
667 case AF_INET6: {
668 static const unsigned char ipv4_prefix[] = {
669 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
670 };
671
672 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
673 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
674 const uint8_t
675 *a = local.in6.sin6_addr.s6_addr+12,
676 *b = remote.in6.sin6_addr.s6_addr+12;
677
678 if (asprintf(&r,
679 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
680 nr,
681 a[0], a[1], a[2], a[3],
682 ntohs(local.in6.sin6_port),
683 b[0], b[1], b[2], b[3],
684 ntohs(remote.in6.sin6_port)) < 0)
685 return -ENOMEM;
686 } else {
687 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
688
689 if (asprintf(&r,
690 "%u-%s:%u-%s:%u",
691 nr,
692 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
693 ntohs(local.in6.sin6_port),
694 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
695 ntohs(remote.in6.sin6_port)) < 0)
696 return -ENOMEM;
697 }
698
699 break;
700 }
701
702 case AF_UNIX: {
703 struct ucred ucred;
704 int k;
705
706 k = getpeercred(fd, &ucred);
707 if (k >= 0) {
708 if (asprintf(&r,
709 "%u-"PID_FMT"-"UID_FMT,
710 nr, ucred.pid, ucred.uid) < 0)
711 return -ENOMEM;
712 } else if (k == -ENODATA) {
713 /* This handles the case where somebody is
714 * connecting from another pid/uid namespace
715 * (e.g. from outside of our container). */
716 if (asprintf(&r,
717 "%u-unknown",
718 nr) < 0)
719 return -ENOMEM;
720 } else
721 return k;
722
723 break;
724 }
725
726 default:
727 assert_not_reached("Unhandled socket type.");
728 }
729
730 *instance = r;
731 return 0;
732 }
733
734 static void socket_close_fds(Socket *s) {
735 SocketPort *p;
736 char **i;
737
738 assert(s);
739
740 LIST_FOREACH(port, p, s->ports) {
741
742 p->event_source = sd_event_source_unref(p->event_source);
743
744 if (p->fd < 0)
745 continue;
746
747 p->fd = safe_close(p->fd);
748
749 /* One little note: we should normally not delete any
750 * sockets in the file system here! After all some
751 * other process we spawned might still have a
752 * reference of this fd and wants to continue to use
753 * it. Therefore we delete sockets in the file system
754 * before we create a new one, not after we stopped
755 * using one! */
756
757 if (s->remove_on_stop) {
758 switch (p->type) {
759
760 case SOCKET_FIFO:
761 unlink(p->path);
762 break;
763
764 case SOCKET_MQUEUE:
765 mq_unlink(p->path);
766 break;
767
768 case SOCKET_SOCKET:
769 socket_address_unlink(&p->address);
770 break;
771
772 default:
773 break;
774 }
775 }
776 }
777
778 if (s->remove_on_stop)
779 STRV_FOREACH(i, s->symlinks)
780 unlink(*i);
781 }
782
783 static void socket_apply_socket_options(Socket *s, int fd) {
784 assert(s);
785 assert(fd >= 0);
786
787 if (s->keep_alive) {
788 int b = s->keep_alive;
789 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
790 log_warning_unit(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
791 }
792
793 if (s->broadcast) {
794 int one = 1;
795 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
796 log_warning_unit(UNIT(s)->id, "SO_BROADCAST failed: %m");
797 }
798
799 if (s->pass_cred) {
800 int one = 1;
801 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
802 log_warning_unit(UNIT(s)->id, "SO_PASSCRED failed: %m");
803 }
804
805 if (s->pass_sec) {
806 int one = 1;
807 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
808 log_warning_unit(UNIT(s)->id, "SO_PASSSEC failed: %m");
809 }
810
811 if (s->priority >= 0)
812 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
813 log_warning_unit(UNIT(s)->id, "SO_PRIORITY failed: %m");
814
815 if (s->receive_buffer > 0) {
816 int value = (int) s->receive_buffer;
817
818 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
819
820 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
821 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
822 log_warning_unit(UNIT(s)->id, "SO_RCVBUF failed: %m");
823 }
824
825 if (s->send_buffer > 0) {
826 int value = (int) s->send_buffer;
827 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
828 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
829 log_warning_unit(UNIT(s)->id, "SO_SNDBUF failed: %m");
830 }
831
832 if (s->mark >= 0)
833 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
834 log_warning_unit(UNIT(s)->id, "SO_MARK failed: %m");
835
836 if (s->ip_tos >= 0)
837 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
838 log_warning_unit(UNIT(s)->id, "IP_TOS failed: %m");
839
840 if (s->ip_ttl >= 0) {
841 int r, x;
842
843 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
844
845 if (socket_ipv6_is_supported())
846 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
847 else {
848 x = -1;
849 errno = EAFNOSUPPORT;
850 }
851
852 if (r < 0 && x < 0)
853 log_warning_unit(UNIT(s)->id,
854 "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
855 }
856
857 if (s->tcp_congestion)
858 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
859 log_warning_unit(UNIT(s)->id, "TCP_CONGESTION failed: %m");
860
861 if (s->reuse_port) {
862 int b = s->reuse_port;
863 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
864 log_warning_unit(UNIT(s)->id, "SO_REUSEPORT failed: %m");
865 }
866
867 if (s->smack_ip_in)
868 if (smack_label_ip_in_fd(fd, s->smack_ip_in) < 0)
869 log_error_unit(UNIT(s)->id, "smack_label_ip_in_fd: %m");
870
871 if (s->smack_ip_out)
872 if (smack_label_ip_out_fd(fd, s->smack_ip_out) < 0)
873 log_error_unit(UNIT(s)->id, "smack_label_ip_out_fd: %m");
874 }
875
876 static void socket_apply_fifo_options(Socket *s, int fd) {
877 assert(s);
878 assert(fd >= 0);
879
880 if (s->pipe_size > 0)
881 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
882 log_warning_unit(UNIT(s)->id,
883 "F_SETPIPE_SZ: %m");
884
885 if (s->smack)
886 if (smack_label_fd(fd, s->smack) < 0)
887 log_error_unit(UNIT(s)->id, "smack_label_fd: %m");
888 }
889
890 static int fifo_address_create(
891 const char *path,
892 mode_t directory_mode,
893 mode_t socket_mode,
894 int *_fd) {
895
896 int fd = -1, r = 0;
897 struct stat st;
898 mode_t old_mask;
899
900 assert(path);
901 assert(_fd);
902
903 mkdir_parents_label(path, directory_mode);
904
905 r = label_context_set(path, S_IFIFO);
906 if (r < 0)
907 goto fail;
908
909 /* Enforce the right access mode for the fifo */
910 old_mask = umask(~ socket_mode);
911
912 /* Include the original umask in our mask */
913 umask(~socket_mode | old_mask);
914
915 r = mkfifo(path, socket_mode);
916 umask(old_mask);
917
918 if (r < 0 && errno != EEXIST) {
919 r = -errno;
920 goto fail;
921 }
922
923 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
924 r = -errno;
925 goto fail;
926 }
927
928 label_context_clear();
929
930 if (fstat(fd, &st) < 0) {
931 r = -errno;
932 goto fail;
933 }
934
935 if (!S_ISFIFO(st.st_mode) ||
936 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
937 st.st_uid != getuid() ||
938 st.st_gid != getgid()) {
939
940 r = -EEXIST;
941 goto fail;
942 }
943
944 *_fd = fd;
945 return 0;
946
947 fail:
948 label_context_clear();
949 safe_close(fd);
950
951 return r;
952 }
953
954 static int special_address_create(
955 const char *path,
956 int *_fd) {
957
958 int fd = -1, r = 0;
959 struct stat st;
960
961 assert(path);
962 assert(_fd);
963
964 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
965 if (fd < 0) {
966 r = -errno;
967 goto fail;
968 }
969
970 if (fstat(fd, &st) < 0) {
971 r = -errno;
972 goto fail;
973 }
974
975 /* Check whether this is a /proc, /sys or /dev file or char device */
976 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
977 r = -EEXIST;
978 goto fail;
979 }
980
981 *_fd = fd;
982 return 0;
983
984 fail:
985 safe_close(fd);
986
987 return r;
988 }
989
990 static int mq_address_create(
991 const char *path,
992 mode_t mq_mode,
993 long maxmsg,
994 long msgsize,
995 int *_fd) {
996
997 int fd = -1, r = 0;
998 struct stat st;
999 mode_t old_mask;
1000 struct mq_attr _attr, *attr = NULL;
1001
1002 assert(path);
1003 assert(_fd);
1004
1005 if (maxmsg > 0 && msgsize > 0) {
1006 zero(_attr);
1007 _attr.mq_flags = O_NONBLOCK;
1008 _attr.mq_maxmsg = maxmsg;
1009 _attr.mq_msgsize = msgsize;
1010 attr = &_attr;
1011 }
1012
1013 /* Enforce the right access mode for the mq */
1014 old_mask = umask(~ mq_mode);
1015
1016 /* Include the original umask in our mask */
1017 umask(~mq_mode | old_mask);
1018 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1019 umask(old_mask);
1020
1021 if (fd < 0) {
1022 r = -errno;
1023 goto fail;
1024 }
1025
1026 if (fstat(fd, &st) < 0) {
1027 r = -errno;
1028 goto fail;
1029 }
1030
1031 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1032 st.st_uid != getuid() ||
1033 st.st_gid != getgid()) {
1034
1035 r = -EEXIST;
1036 goto fail;
1037 }
1038
1039 *_fd = fd;
1040 return 0;
1041
1042 fail:
1043 safe_close(fd);
1044 return r;
1045 }
1046
1047 static int socket_symlink(Socket *s) {
1048 const char *p;
1049 char **i;
1050
1051 assert(s);
1052
1053 p = socket_find_symlink_target(s);
1054 if (!p)
1055 return 0;
1056
1057 STRV_FOREACH(i, s->symlinks)
1058 symlink(p, *i);
1059
1060 return 0;
1061 }
1062
1063 static int socket_open_fds(Socket *s) {
1064 SocketPort *p;
1065 int r;
1066 char *label = NULL;
1067 bool know_label = false;
1068
1069 assert(s);
1070
1071 LIST_FOREACH(port, p, s->ports) {
1072
1073 if (p->fd >= 0)
1074 continue;
1075
1076 if (p->type == SOCKET_SOCKET) {
1077
1078 if (!know_label) {
1079
1080 r = socket_instantiate_service(s);
1081 if (r < 0)
1082 return r;
1083
1084 if (UNIT_ISSET(s->service) &&
1085 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1086 r = label_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1087 if (r < 0 && r != -EPERM)
1088 return r;
1089 }
1090
1091 know_label = true;
1092 }
1093
1094 r = socket_address_listen(
1095 &p->address,
1096 SOCK_CLOEXEC|SOCK_NONBLOCK,
1097 s->backlog,
1098 s->bind_ipv6_only,
1099 s->bind_to_device,
1100 s->free_bind,
1101 s->transparent,
1102 s->directory_mode,
1103 s->socket_mode,
1104 label);
1105 if (r < 0)
1106 goto rollback;
1107
1108 p->fd = r;
1109 socket_apply_socket_options(s, p->fd);
1110 socket_symlink(s);
1111
1112 } else if (p->type == SOCKET_SPECIAL) {
1113
1114 r = special_address_create(
1115 p->path,
1116 &p->fd);
1117 if (r < 0)
1118 goto rollback;
1119
1120 } else if (p->type == SOCKET_FIFO) {
1121
1122 r = fifo_address_create(
1123 p->path,
1124 s->directory_mode,
1125 s->socket_mode,
1126 &p->fd);
1127 if (r < 0)
1128 goto rollback;
1129
1130 socket_apply_fifo_options(s, p->fd);
1131 socket_symlink(s);
1132
1133 } else if (p->type == SOCKET_MQUEUE) {
1134
1135 r = mq_address_create(
1136 p->path,
1137 s->socket_mode,
1138 s->mq_maxmsg,
1139 s->mq_msgsize,
1140 &p->fd);
1141 if (r < 0)
1142 goto rollback;
1143 } else
1144 assert_not_reached("Unknown port type");
1145 }
1146
1147 label_free(label);
1148 return 0;
1149
1150 rollback:
1151 socket_close_fds(s);
1152 label_free(label);
1153 return r;
1154 }
1155
1156 static void socket_unwatch_fds(Socket *s) {
1157 SocketPort *p;
1158 int r;
1159
1160 assert(s);
1161
1162 LIST_FOREACH(port, p, s->ports) {
1163 if (p->fd < 0)
1164 continue;
1165
1166 if (!p->event_source)
1167 continue;
1168
1169 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1170 if (r < 0)
1171 log_debug_unit(UNIT(s)->id, "Failed to disable event source.");
1172 }
1173 }
1174
1175 static int socket_watch_fds(Socket *s) {
1176 SocketPort *p;
1177 int r;
1178
1179 assert(s);
1180
1181 LIST_FOREACH(port, p, s->ports) {
1182 if (p->fd < 0)
1183 continue;
1184
1185 if (p->event_source)
1186 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1187 else
1188 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1189
1190 if (r < 0) {
1191 log_warning_unit(UNIT(s)->id, "Failed to watch listening fds: %s", strerror(-r));
1192 goto fail;
1193 }
1194 }
1195
1196 return 0;
1197
1198 fail:
1199 socket_unwatch_fds(s);
1200 return r;
1201 }
1202
1203 static void socket_set_state(Socket *s, SocketState state) {
1204 SocketState old_state;
1205 assert(s);
1206
1207 old_state = s->state;
1208 s->state = state;
1209
1210 if (!IN_SET(state,
1211 SOCKET_START_PRE,
1212 SOCKET_START_CHOWN,
1213 SOCKET_START_POST,
1214 SOCKET_STOP_PRE,
1215 SOCKET_STOP_PRE_SIGTERM,
1216 SOCKET_STOP_PRE_SIGKILL,
1217 SOCKET_STOP_POST,
1218 SOCKET_FINAL_SIGTERM,
1219 SOCKET_FINAL_SIGKILL)) {
1220
1221 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1222 socket_unwatch_control_pid(s);
1223 s->control_command = NULL;
1224 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1225 }
1226
1227 if (state != SOCKET_LISTENING)
1228 socket_unwatch_fds(s);
1229
1230 if (!IN_SET(state,
1231 SOCKET_START_CHOWN,
1232 SOCKET_START_POST,
1233 SOCKET_LISTENING,
1234 SOCKET_RUNNING,
1235 SOCKET_STOP_PRE,
1236 SOCKET_STOP_PRE_SIGTERM,
1237 SOCKET_STOP_PRE_SIGKILL))
1238 socket_close_fds(s);
1239
1240 if (state != old_state)
1241 log_debug_unit(UNIT(s)->id, "%s changed %s -> %s",
1242 UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
1243
1244 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1245 }
1246
1247 static int socket_coldplug(Unit *u) {
1248 Socket *s = SOCKET(u);
1249 int r;
1250
1251 assert(s);
1252 assert(s->state == SOCKET_DEAD);
1253
1254 if (s->deserialized_state == s->state)
1255 return 0;
1256
1257 if (IN_SET(s->deserialized_state,
1258 SOCKET_START_PRE,
1259 SOCKET_START_CHOWN,
1260 SOCKET_START_POST,
1261 SOCKET_STOP_PRE,
1262 SOCKET_STOP_PRE_SIGTERM,
1263 SOCKET_STOP_PRE_SIGKILL,
1264 SOCKET_STOP_POST,
1265 SOCKET_FINAL_SIGTERM,
1266 SOCKET_FINAL_SIGKILL)) {
1267
1268 if (s->control_pid <= 0)
1269 return -EBADMSG;
1270
1271 r = unit_watch_pid(UNIT(s), s->control_pid);
1272 if (r < 0)
1273 return r;
1274
1275 r = socket_arm_timer(s);
1276 if (r < 0)
1277 return r;
1278 }
1279
1280 if (IN_SET(s->deserialized_state,
1281 SOCKET_START_CHOWN,
1282 SOCKET_START_POST,
1283 SOCKET_LISTENING,
1284 SOCKET_RUNNING,
1285 SOCKET_STOP_PRE,
1286 SOCKET_STOP_PRE_SIGTERM,
1287 SOCKET_STOP_PRE_SIGKILL)) {
1288 r = socket_open_fds(s);
1289 if (r < 0)
1290 return r;
1291 }
1292
1293 if (s->deserialized_state == SOCKET_LISTENING) {
1294 r = socket_watch_fds(s);
1295 if (r < 0)
1296 return r;
1297 }
1298
1299 socket_set_state(s, s->deserialized_state);
1300 return 0;
1301 }
1302
1303 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1304 _cleanup_free_ char **argv = NULL;
1305 pid_t pid;
1306 int r;
1307
1308 assert(s);
1309 assert(c);
1310 assert(_pid);
1311
1312 unit_realize_cgroup(UNIT(s));
1313
1314 r = unit_setup_exec_runtime(UNIT(s));
1315 if (r < 0)
1316 goto fail;
1317
1318 r = socket_arm_timer(s);
1319 if (r < 0)
1320 goto fail;
1321
1322 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1323 if (r < 0)
1324 goto fail;
1325
1326 r = exec_spawn(c,
1327 argv,
1328 &s->exec_context,
1329 NULL, 0,
1330 UNIT(s)->manager->environment,
1331 true,
1332 true,
1333 true,
1334 UNIT(s)->manager->confirm_spawn,
1335 UNIT(s)->manager->cgroup_supported,
1336 UNIT(s)->cgroup_path,
1337 manager_get_runtime_prefix(UNIT(s)->manager),
1338 UNIT(s)->id,
1339 0,
1340 NULL,
1341 s->exec_runtime,
1342 &pid);
1343 if (r < 0)
1344 goto fail;
1345
1346 r = unit_watch_pid(UNIT(s), pid);
1347 if (r < 0)
1348 /* FIXME: we need to do something here */
1349 goto fail;
1350
1351 *_pid = pid;
1352 return 0;
1353
1354 fail:
1355 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1356 return r;
1357 }
1358
1359 static int socket_chown(Socket *s, pid_t *_pid) {
1360 pid_t pid;
1361 int r;
1362
1363 r = socket_arm_timer(s);
1364 if (r < 0)
1365 goto fail;
1366
1367 /* We have to resolve the user names out-of-process, hence
1368 * let's fork here. It's messy, but well, what can we do? */
1369
1370 pid = fork();
1371 if (pid < 0)
1372 return -errno;
1373
1374 if (pid == 0) {
1375 SocketPort *p;
1376 uid_t uid = (uid_t) -1;
1377 gid_t gid = (gid_t) -1;
1378 int ret;
1379
1380 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1381 ignore_signals(SIGPIPE, -1);
1382 log_forget_fds();
1383
1384 if (!isempty(s->user)) {
1385 const char *user = s->user;
1386
1387 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1388 if (r < 0) {
1389 ret = EXIT_USER;
1390 goto fail_child;
1391 }
1392 }
1393
1394 if (!isempty(s->group)) {
1395 const char *group = s->group;
1396
1397 r = get_group_creds(&group, &gid);
1398 if (r < 0) {
1399 ret = EXIT_GROUP;
1400 goto fail_child;
1401 }
1402 }
1403
1404 LIST_FOREACH(port, p, s->ports) {
1405 const char *path = NULL;
1406
1407 if (p->type == SOCKET_SOCKET)
1408 path = socket_address_get_path(&p->address);
1409 else if (p->type == SOCKET_FIFO)
1410 path = p->path;
1411
1412 if (!path)
1413 continue;
1414
1415 if (chown(path, uid, gid) < 0) {
1416 r = -errno;
1417 ret = EXIT_CHOWN;
1418 goto fail_child;
1419 }
1420 }
1421
1422 _exit(0);
1423
1424 fail_child:
1425 log_open();
1426 log_error("Failed to chown socket at step %s: %s", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD), strerror(-r));
1427
1428 _exit(ret);
1429 }
1430
1431 r = unit_watch_pid(UNIT(s), pid);
1432 if (r < 0)
1433 goto fail;
1434
1435 *_pid = pid;
1436 return 0;
1437
1438 fail:
1439 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1440 return r;
1441 }
1442
1443 static void socket_enter_dead(Socket *s, SocketResult f) {
1444 assert(s);
1445
1446 if (f != SOCKET_SUCCESS)
1447 s->result = f;
1448
1449 exec_runtime_destroy(s->exec_runtime);
1450 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1451
1452 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1453
1454 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1455 }
1456
1457 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1458
1459 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1460 int r;
1461 assert(s);
1462
1463 if (f != SOCKET_SUCCESS)
1464 s->result = f;
1465
1466 socket_unwatch_control_pid(s);
1467 s->control_command_id = SOCKET_EXEC_STOP_POST;
1468 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1469
1470 if (s->control_command) {
1471 r = socket_spawn(s, s->control_command, &s->control_pid);
1472 if (r < 0)
1473 goto fail;
1474
1475 socket_set_state(s, SOCKET_STOP_POST);
1476 } else
1477 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1478
1479 return;
1480
1481 fail:
1482 log_warning_unit(UNIT(s)->id,
1483 "%s failed to run 'stop-post' task: %s",
1484 UNIT(s)->id, strerror(-r));
1485 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1486 }
1487
1488 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1489 int r;
1490
1491 assert(s);
1492
1493 if (f != SOCKET_SUCCESS)
1494 s->result = f;
1495
1496 r = unit_kill_context(
1497 UNIT(s),
1498 &s->kill_context,
1499 state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM,
1500 -1,
1501 s->control_pid,
1502 false);
1503 if (r < 0)
1504 goto fail;
1505
1506 if (r > 0) {
1507 r = socket_arm_timer(s);
1508 if (r < 0)
1509 goto fail;
1510
1511 socket_set_state(s, state);
1512 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1513 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1514 else if (state == SOCKET_STOP_PRE_SIGKILL)
1515 socket_enter_stop_post(s, SOCKET_SUCCESS);
1516 else if (state == SOCKET_FINAL_SIGTERM)
1517 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1518 else
1519 socket_enter_dead(s, SOCKET_SUCCESS);
1520
1521 return;
1522
1523 fail:
1524 log_warning_unit(UNIT(s)->id, "%s failed to kill processes: %s", UNIT(s)->id, strerror(-r));
1525
1526 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1527 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1528 else
1529 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1530 }
1531
1532 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1533 int r;
1534 assert(s);
1535
1536 if (f != SOCKET_SUCCESS)
1537 s->result = f;
1538
1539 socket_unwatch_control_pid(s);
1540 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1541 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1542
1543 if (s->control_command) {
1544 r = socket_spawn(s, s->control_command, &s->control_pid);
1545 if (r < 0)
1546 goto fail;
1547
1548 socket_set_state(s, SOCKET_STOP_PRE);
1549 } else
1550 socket_enter_stop_post(s, SOCKET_SUCCESS);
1551
1552 return;
1553
1554 fail:
1555 log_warning_unit(UNIT(s)->id, "%s failed to run 'stop-pre' task: %s", UNIT(s)->id, strerror(-r));
1556 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1557 }
1558
1559 static void socket_enter_listening(Socket *s) {
1560 int r;
1561 assert(s);
1562
1563 r = socket_watch_fds(s);
1564 if (r < 0) {
1565 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1566 goto fail;
1567 }
1568
1569 socket_set_state(s, SOCKET_LISTENING);
1570 return;
1571
1572 fail:
1573 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1574 }
1575
1576 static void socket_enter_start_post(Socket *s) {
1577 int r;
1578 assert(s);
1579
1580 socket_unwatch_control_pid(s);
1581 s->control_command_id = SOCKET_EXEC_START_POST;
1582 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1583
1584 if (s->control_command) {
1585 r = socket_spawn(s, s->control_command, &s->control_pid);
1586 if (r < 0) {
1587 log_warning_unit(UNIT(s)->id, "%s failed to run 'start-post' task: %s", UNIT(s)->id, strerror(-r));
1588 goto fail;
1589 }
1590
1591 socket_set_state(s, SOCKET_START_POST);
1592 } else
1593 socket_enter_listening(s);
1594
1595 return;
1596
1597 fail:
1598 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1599 }
1600
1601 static void socket_enter_start_chown(Socket *s) {
1602 int r;
1603
1604 assert(s);
1605
1606 r = socket_open_fds(s);
1607 if (r < 0) {
1608 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1609 goto fail;
1610 }
1611
1612 if (!isempty(s->user) || !isempty(s->group)) {
1613
1614 socket_unwatch_control_pid(s);
1615 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1616 s->control_command = NULL;
1617
1618 r = socket_chown(s, &s->control_pid);
1619 if (r < 0) {
1620 log_warning_unit(UNIT(s)->id, "%s failed to fork 'start-chown' task: %s", UNIT(s)->id, strerror(-r));
1621 goto fail;
1622 }
1623
1624 socket_set_state(s, SOCKET_START_CHOWN);
1625 } else
1626 socket_enter_start_post(s);
1627
1628 return;
1629
1630 fail:
1631 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1632 }
1633
1634 static void socket_enter_start_pre(Socket *s) {
1635 int r;
1636 assert(s);
1637
1638 socket_unwatch_control_pid(s);
1639 s->control_command_id = SOCKET_EXEC_START_PRE;
1640 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1641
1642 if (s->control_command) {
1643 r = socket_spawn(s, s->control_command, &s->control_pid);
1644 if (r < 0) {
1645 log_warning_unit(UNIT(s)->id, "%s failed to run 'start-pre' task: %s", UNIT(s)->id, strerror(-r));
1646 goto fail;
1647 }
1648
1649 socket_set_state(s, SOCKET_START_PRE);
1650 } else
1651 socket_enter_start_chown(s);
1652
1653 return;
1654
1655 fail:
1656 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1657 }
1658
1659 static void socket_enter_running(Socket *s, int cfd) {
1660 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1661 int r;
1662
1663 assert(s);
1664
1665 /* We don't take connections anymore if we are supposed to
1666 * shut down anyway */
1667 if (unit_stop_pending(UNIT(s))) {
1668
1669 log_debug_unit(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
1670
1671 if (cfd >= 0)
1672 safe_close(cfd);
1673 else {
1674 /* Flush all sockets by closing and reopening them */
1675 socket_close_fds(s);
1676
1677 r = socket_open_fds(s);
1678 if (r < 0) {
1679 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1680 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1681 return;
1682 }
1683
1684 r = socket_watch_fds(s);
1685 if (r < 0) {
1686 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1687 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1688 }
1689 }
1690
1691 return;
1692 }
1693
1694 if (cfd < 0) {
1695 Iterator i;
1696 Unit *other;
1697 bool pending = false;
1698
1699 /* If there's already a start pending don't bother to
1700 * do anything */
1701 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1702 if (unit_active_or_pending(other)) {
1703 pending = true;
1704 break;
1705 }
1706
1707 if (!pending) {
1708 if (!UNIT_ISSET(s->service)) {
1709 log_error_unit(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
1710 r = -ENOENT;
1711 goto fail;
1712 }
1713
1714 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1715 if (r < 0)
1716 goto fail;
1717 }
1718
1719 socket_set_state(s, SOCKET_RUNNING);
1720 } else {
1721 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1722 Service *service;
1723
1724 if (s->n_connections >= s->max_connections) {
1725 log_warning_unit(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
1726 safe_close(cfd);
1727 return;
1728 }
1729
1730 r = socket_instantiate_service(s);
1731 if (r < 0)
1732 goto fail;
1733
1734 r = instance_from_socket(cfd, s->n_accepted, &instance);
1735 if (r < 0) {
1736 if (r != -ENOTCONN)
1737 goto fail;
1738
1739 /* ENOTCONN is legitimate if TCP RST was received.
1740 * This connection is over, but the socket unit lives on. */
1741 safe_close(cfd);
1742 return;
1743 }
1744
1745 prefix = unit_name_to_prefix(UNIT(s)->id);
1746 if (!prefix) {
1747 r = -ENOMEM;
1748 goto fail;
1749 }
1750
1751 name = unit_name_build(prefix, instance, ".service");
1752 if (!name) {
1753 r = -ENOMEM;
1754 goto fail;
1755 }
1756
1757 r = unit_add_name(UNIT_DEREF(s->service), name);
1758 if (r < 0)
1759 goto fail;
1760
1761 service = SERVICE(UNIT_DEREF(s->service));
1762 unit_ref_unset(&s->service);
1763 s->n_accepted ++;
1764
1765 UNIT(service)->no_gc = false;
1766
1767 unit_choose_id(UNIT(service), name);
1768
1769 r = service_set_socket_fd(service, cfd, s);
1770 if (r < 0)
1771 goto fail;
1772
1773 cfd = -1;
1774 s->n_connections ++;
1775
1776 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1777 if (r < 0)
1778 goto fail;
1779
1780 /* Notify clients about changed counters */
1781 unit_add_to_dbus_queue(UNIT(s));
1782 }
1783
1784 return;
1785
1786 fail:
1787 log_warning_unit(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1788 UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
1789 bus_error_message(&error, r));
1790
1791 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1792 safe_close(cfd);
1793 }
1794
1795 static void socket_run_next(Socket *s) {
1796 int r;
1797
1798 assert(s);
1799 assert(s->control_command);
1800 assert(s->control_command->command_next);
1801
1802 socket_unwatch_control_pid(s);
1803
1804 s->control_command = s->control_command->command_next;
1805
1806 r = socket_spawn(s, s->control_command, &s->control_pid);
1807 if (r < 0)
1808 goto fail;
1809
1810 return;
1811
1812 fail:
1813 log_warning_unit(UNIT(s)->id, "%s failed to run next task: %s", UNIT(s)->id, strerror(-r));
1814
1815 if (s->state == SOCKET_START_POST)
1816 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1817 else if (s->state == SOCKET_STOP_POST)
1818 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1819 else
1820 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1821 }
1822
1823 static int socket_start(Unit *u) {
1824 Socket *s = SOCKET(u);
1825
1826 assert(s);
1827
1828 /* We cannot fulfill this request right now, try again later
1829 * please! */
1830 if (IN_SET(s->state,
1831 SOCKET_STOP_PRE,
1832 SOCKET_STOP_PRE_SIGKILL,
1833 SOCKET_STOP_PRE_SIGTERM,
1834 SOCKET_STOP_POST,
1835 SOCKET_FINAL_SIGTERM,
1836 SOCKET_FINAL_SIGKILL))
1837 return -EAGAIN;
1838
1839 /* Already on it! */
1840 if (IN_SET(s->state,
1841 SOCKET_START_PRE,
1842 SOCKET_START_CHOWN,
1843 SOCKET_START_POST))
1844 return 0;
1845
1846 /* Cannot run this without the service being around */
1847 if (UNIT_ISSET(s->service)) {
1848 Service *service;
1849
1850 service = SERVICE(UNIT_DEREF(s->service));
1851
1852 if (UNIT(service)->load_state != UNIT_LOADED) {
1853 log_error_unit(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1854 return -ENOENT;
1855 }
1856
1857 /* If the service is already active we cannot start the
1858 * socket */
1859 if (service->state != SERVICE_DEAD &&
1860 service->state != SERVICE_FAILED &&
1861 service->state != SERVICE_AUTO_RESTART) {
1862 log_error_unit(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
1863 return -EBUSY;
1864 }
1865 }
1866
1867 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1868
1869 s->result = SOCKET_SUCCESS;
1870 socket_enter_start_pre(s);
1871
1872 return 0;
1873 }
1874
1875 static int socket_stop(Unit *u) {
1876 Socket *s = SOCKET(u);
1877
1878 assert(s);
1879
1880 /* Already on it */
1881 if (IN_SET(s->state,
1882 SOCKET_STOP_PRE,
1883 SOCKET_STOP_PRE_SIGTERM,
1884 SOCKET_STOP_PRE_SIGKILL,
1885 SOCKET_STOP_POST,
1886 SOCKET_FINAL_SIGTERM,
1887 SOCKET_FINAL_SIGKILL))
1888 return 0;
1889
1890 /* If there's already something running we go directly into
1891 * kill mode. */
1892 if (IN_SET(s->state,
1893 SOCKET_START_PRE,
1894 SOCKET_START_CHOWN,
1895 SOCKET_START_POST)) {
1896 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1897 return -EAGAIN;
1898 }
1899
1900 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1901
1902 socket_enter_stop_pre(s, SOCKET_SUCCESS);
1903 return 0;
1904 }
1905
1906 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1907 Socket *s = SOCKET(u);
1908 SocketPort *p;
1909 int r;
1910
1911 assert(u);
1912 assert(f);
1913 assert(fds);
1914
1915 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
1916 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
1917 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
1918
1919 if (s->control_pid > 0)
1920 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
1921
1922 if (s->control_command_id >= 0)
1923 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
1924
1925 LIST_FOREACH(port, p, s->ports) {
1926 int copy;
1927
1928 if (p->fd < 0)
1929 continue;
1930
1931 copy = fdset_put_dup(fds, p->fd);
1932 if (copy < 0)
1933 return copy;
1934
1935 if (p->type == SOCKET_SOCKET) {
1936 _cleanup_free_ char *t = NULL;
1937
1938 r = socket_address_print(&p->address, &t);
1939 if (r < 0)
1940 return r;
1941
1942 if (socket_address_family(&p->address) == AF_NETLINK)
1943 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
1944 else
1945 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
1946
1947 } else if (p->type == SOCKET_SPECIAL)
1948 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
1949 else if (p->type == SOCKET_MQUEUE)
1950 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
1951 else {
1952 assert(p->type == SOCKET_FIFO);
1953 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
1954 }
1955 }
1956
1957 return 0;
1958 }
1959
1960 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
1961 Socket *s = SOCKET(u);
1962
1963 assert(u);
1964 assert(key);
1965 assert(value);
1966
1967 if (streq(key, "state")) {
1968 SocketState state;
1969
1970 state = socket_state_from_string(value);
1971 if (state < 0)
1972 log_debug_unit(u->id, "Failed to parse state value %s", value);
1973 else
1974 s->deserialized_state = state;
1975 } else if (streq(key, "result")) {
1976 SocketResult f;
1977
1978 f = socket_result_from_string(value);
1979 if (f < 0)
1980 log_debug_unit(u->id, "Failed to parse result value %s", value);
1981 else if (f != SOCKET_SUCCESS)
1982 s->result = f;
1983
1984 } else if (streq(key, "n-accepted")) {
1985 unsigned k;
1986
1987 if (safe_atou(value, &k) < 0)
1988 log_debug_unit(u->id, "Failed to parse n-accepted value %s", value);
1989 else
1990 s->n_accepted += k;
1991 } else if (streq(key, "control-pid")) {
1992 pid_t pid;
1993
1994 if (parse_pid(value, &pid) < 0)
1995 log_debug_unit(u->id, "Failed to parse control-pid value %s", value);
1996 else
1997 s->control_pid = pid;
1998 } else if (streq(key, "control-command")) {
1999 SocketExecCommand id;
2000
2001 id = socket_exec_command_from_string(value);
2002 if (id < 0)
2003 log_debug_unit(u->id, "Failed to parse exec-command value %s", value);
2004 else {
2005 s->control_command_id = id;
2006 s->control_command = s->exec_command[id];
2007 }
2008 } else if (streq(key, "fifo")) {
2009 int fd, skip = 0;
2010 SocketPort *p;
2011
2012 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2013 log_debug_unit(u->id, "Failed to parse fifo value %s", value);
2014 else {
2015
2016 LIST_FOREACH(port, p, s->ports)
2017 if (p->type == SOCKET_FIFO &&
2018 streq_ptr(p->path, value+skip))
2019 break;
2020
2021 if (p) {
2022 safe_close(p->fd);
2023 p->fd = fdset_remove(fds, fd);
2024 }
2025 }
2026
2027 } else if (streq(key, "special")) {
2028 int fd, skip = 0;
2029 SocketPort *p;
2030
2031 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2032 log_debug_unit(u->id, "Failed to parse special value %s", value);
2033 else {
2034
2035 LIST_FOREACH(port, p, s->ports)
2036 if (p->type == SOCKET_SPECIAL &&
2037 streq_ptr(p->path, value+skip))
2038 break;
2039
2040 if (p) {
2041 safe_close(p->fd);
2042 p->fd = fdset_remove(fds, fd);
2043 }
2044 }
2045
2046 } else if (streq(key, "mqueue")) {
2047 int fd, skip = 0;
2048 SocketPort *p;
2049
2050 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2051 log_debug_unit(u->id, "Failed to parse mqueue value %s", value);
2052 else {
2053
2054 LIST_FOREACH(port, p, s->ports)
2055 if (p->type == SOCKET_MQUEUE &&
2056 streq_ptr(p->path, value+skip))
2057 break;
2058
2059 if (p) {
2060 safe_close(p->fd);
2061 p->fd = fdset_remove(fds, fd);
2062 }
2063 }
2064
2065 } else if (streq(key, "socket")) {
2066 int fd, type, skip = 0;
2067 SocketPort *p;
2068
2069 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2070 log_debug_unit(u->id, "Failed to parse socket value %s", value);
2071 else {
2072
2073 LIST_FOREACH(port, p, s->ports)
2074 if (socket_address_is(&p->address, value+skip, type))
2075 break;
2076
2077 if (p) {
2078 safe_close(p->fd);
2079 p->fd = fdset_remove(fds, fd);
2080 }
2081 }
2082
2083 } else if (streq(key, "netlink")) {
2084 int fd, skip = 0;
2085 SocketPort *p;
2086
2087 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2088 log_debug_unit(u->id, "Failed to parse socket value %s", value);
2089 else {
2090
2091 LIST_FOREACH(port, p, s->ports)
2092 if (socket_address_is_netlink(&p->address, value+skip))
2093 break;
2094
2095 if (p) {
2096 safe_close(p->fd);
2097 p->fd = fdset_remove(fds, fd);
2098 }
2099 }
2100 } else
2101 log_debug_unit(UNIT(s)->id, "Unknown serialization key '%s'", key);
2102
2103 return 0;
2104 }
2105
2106 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2107 Socket *s = SOCKET(u);
2108 SocketPort *p;
2109
2110 assert(u);
2111
2112 LIST_FOREACH(port, p, s->ports) {
2113 Iterator i;
2114 int fd;
2115
2116 if (p->type != SOCKET_SOCKET)
2117 continue;
2118
2119 if (p->fd >= 0)
2120 continue;
2121
2122 FDSET_FOREACH(fd, fds, i) {
2123 if (socket_address_matches_fd(&p->address, fd)) {
2124 p->fd = fdset_remove(fds, fd);
2125 s->deserialized_state = SOCKET_LISTENING;
2126 break;
2127 }
2128 }
2129 }
2130
2131 return 0;
2132 }
2133
2134 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2135 assert(u);
2136
2137 return state_translation_table[SOCKET(u)->state];
2138 }
2139
2140 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2141 assert(u);
2142
2143 return socket_state_to_string(SOCKET(u)->state);
2144 }
2145
2146 const char* socket_port_type_to_string(SocketPort *p) {
2147
2148 assert(p);
2149
2150 switch (p->type) {
2151
2152 case SOCKET_SOCKET:
2153
2154 switch (p->address.type) {
2155
2156 case SOCK_STREAM:
2157 return "Stream";
2158
2159 case SOCK_DGRAM:
2160 return "Datagram";
2161
2162 case SOCK_SEQPACKET:
2163 return "SequentialPacket";
2164
2165 case SOCK_RAW:
2166 if (socket_address_family(&p->address) == AF_NETLINK)
2167 return "Netlink";
2168
2169 default:
2170 return NULL;
2171 }
2172
2173 case SOCKET_SPECIAL:
2174 return "Special";
2175
2176 case SOCKET_MQUEUE:
2177 return "MessageQueue";
2178
2179 case SOCKET_FIFO:
2180 return "FIFO";
2181
2182 default:
2183 return NULL;
2184 }
2185 }
2186
2187 _pure_ static bool socket_check_gc(Unit *u) {
2188 Socket *s = SOCKET(u);
2189
2190 assert(u);
2191
2192 return s->n_connections > 0;
2193 }
2194
2195 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2196 SocketPort *p = userdata;
2197 int cfd = -1;
2198
2199 assert(p);
2200 assert(fd >= 0);
2201
2202 if (p->socket->state != SOCKET_LISTENING)
2203 return 0;
2204
2205 log_debug_unit(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
2206
2207 if (revents != EPOLLIN) {
2208
2209 if (revents & EPOLLHUP)
2210 log_error_unit(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
2211 UNIT(p->socket)->id);
2212 else
2213 log_error_unit(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
2214 UNIT(p->socket)->id, revents);
2215
2216 goto fail;
2217 }
2218
2219 if (p->socket->accept &&
2220 p->type == SOCKET_SOCKET &&
2221 socket_address_can_accept(&p->address)) {
2222
2223 for (;;) {
2224
2225 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2226 if (cfd < 0) {
2227
2228 if (errno == EINTR)
2229 continue;
2230
2231 log_error_unit(UNIT(p->socket)->id,
2232 "Failed to accept socket: %m");
2233 goto fail;
2234 }
2235
2236 break;
2237 }
2238
2239 socket_apply_socket_options(p->socket, cfd);
2240 }
2241
2242 socket_enter_running(p->socket, cfd);
2243 return 0;
2244
2245 fail:
2246 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2247 return 0;
2248 }
2249
2250 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2251 Socket *s = SOCKET(u);
2252 SocketResult f;
2253
2254 assert(s);
2255 assert(pid >= 0);
2256
2257 if (pid != s->control_pid)
2258 return;
2259
2260 s->control_pid = 0;
2261
2262 if (is_clean_exit(code, status, NULL))
2263 f = SOCKET_SUCCESS;
2264 else if (code == CLD_EXITED)
2265 f = SOCKET_FAILURE_EXIT_CODE;
2266 else if (code == CLD_KILLED)
2267 f = SOCKET_FAILURE_SIGNAL;
2268 else if (code == CLD_DUMPED)
2269 f = SOCKET_FAILURE_CORE_DUMP;
2270 else
2271 assert_not_reached("Unknown sigchld code");
2272
2273 if (s->control_command) {
2274 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2275
2276 if (s->control_command->ignore)
2277 f = SOCKET_SUCCESS;
2278 }
2279
2280 log_full_unit(f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
2281 u->id,
2282 "%s control process exited, code=%s status=%i",
2283 u->id, sigchld_code_to_string(code), status);
2284
2285 if (f != SOCKET_SUCCESS)
2286 s->result = f;
2287
2288 if (s->control_command &&
2289 s->control_command->command_next &&
2290 f == SOCKET_SUCCESS) {
2291
2292 log_debug_unit(u->id,
2293 "%s running next command for state %s",
2294 u->id, socket_state_to_string(s->state));
2295 socket_run_next(s);
2296 } else {
2297 s->control_command = NULL;
2298 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2299
2300 /* No further commands for this step, so let's figure
2301 * out what to do next */
2302
2303 log_debug_unit(u->id,
2304 "%s got final SIGCHLD for state %s",
2305 u->id, socket_state_to_string(s->state));
2306
2307 switch (s->state) {
2308
2309 case SOCKET_START_PRE:
2310 if (f == SOCKET_SUCCESS)
2311 socket_enter_start_chown(s);
2312 else
2313 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2314 break;
2315
2316 case SOCKET_START_CHOWN:
2317 if (f == SOCKET_SUCCESS)
2318 socket_enter_start_post(s);
2319 else
2320 socket_enter_stop_pre(s, f);
2321 break;
2322
2323 case SOCKET_START_POST:
2324 if (f == SOCKET_SUCCESS)
2325 socket_enter_listening(s);
2326 else
2327 socket_enter_stop_pre(s, f);
2328 break;
2329
2330 case SOCKET_STOP_PRE:
2331 case SOCKET_STOP_PRE_SIGTERM:
2332 case SOCKET_STOP_PRE_SIGKILL:
2333 socket_enter_stop_post(s, f);
2334 break;
2335
2336 case SOCKET_STOP_POST:
2337 case SOCKET_FINAL_SIGTERM:
2338 case SOCKET_FINAL_SIGKILL:
2339 socket_enter_dead(s, f);
2340 break;
2341
2342 default:
2343 assert_not_reached("Uh, control process died at wrong time.");
2344 }
2345 }
2346
2347 /* Notify clients about changed exit status */
2348 unit_add_to_dbus_queue(u);
2349 }
2350
2351 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2352 Socket *s = SOCKET(userdata);
2353
2354 assert(s);
2355 assert(s->timer_event_source == source);
2356
2357 switch (s->state) {
2358
2359 case SOCKET_START_PRE:
2360 log_warning_unit(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
2361 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2362 break;
2363
2364 case SOCKET_START_CHOWN:
2365 case SOCKET_START_POST:
2366 log_warning_unit(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
2367 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2368 break;
2369
2370 case SOCKET_STOP_PRE:
2371 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
2372 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2373 break;
2374
2375 case SOCKET_STOP_PRE_SIGTERM:
2376 if (s->kill_context.send_sigkill) {
2377 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
2378 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2379 } else {
2380 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2381 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2382 }
2383 break;
2384
2385 case SOCKET_STOP_PRE_SIGKILL:
2386 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
2387 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2388 break;
2389
2390 case SOCKET_STOP_POST:
2391 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
2392 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2393 break;
2394
2395 case SOCKET_FINAL_SIGTERM:
2396 if (s->kill_context.send_sigkill) {
2397 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
2398 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2399 } else {
2400 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2401 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2402 }
2403 break;
2404
2405 case SOCKET_FINAL_SIGKILL:
2406 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
2407 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2408 break;
2409
2410 default:
2411 assert_not_reached("Timeout at wrong time.");
2412 }
2413
2414 return 0;
2415 }
2416
2417 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2418 int *rfds;
2419 unsigned rn_fds, k;
2420 SocketPort *p;
2421
2422 assert(s);
2423 assert(fds);
2424 assert(n_fds);
2425
2426 /* Called from the service code for requesting our fds */
2427
2428 rn_fds = 0;
2429 LIST_FOREACH(port, p, s->ports)
2430 if (p->fd >= 0)
2431 rn_fds++;
2432
2433 if (rn_fds <= 0) {
2434 *fds = NULL;
2435 *n_fds = 0;
2436 return 0;
2437 }
2438
2439 if (!(rfds = new(int, rn_fds)))
2440 return -ENOMEM;
2441
2442 k = 0;
2443 LIST_FOREACH(port, p, s->ports)
2444 if (p->fd >= 0)
2445 rfds[k++] = p->fd;
2446
2447 assert(k == rn_fds);
2448
2449 *fds = rfds;
2450 *n_fds = rn_fds;
2451
2452 return 0;
2453 }
2454
2455 static void socket_reset_failed(Unit *u) {
2456 Socket *s = SOCKET(u);
2457
2458 assert(s);
2459
2460 if (s->state == SOCKET_FAILED)
2461 socket_set_state(s, SOCKET_DEAD);
2462
2463 s->result = SOCKET_SUCCESS;
2464 }
2465
2466 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2467 assert(s);
2468
2469 /* The service is dead. Dang!
2470 *
2471 * This is strictly for one-instance-for-all-connections
2472 * services. */
2473
2474 if (s->state == SOCKET_RUNNING) {
2475 log_debug_unit(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
2476 if (failed_permanent)
2477 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2478 else
2479 socket_enter_listening(s);
2480 }
2481 }
2482
2483 void socket_connection_unref(Socket *s) {
2484 assert(s);
2485
2486 /* The service is dead. Yay!
2487 *
2488 * This is strictly for one-instance-per-connection
2489 * services. */
2490
2491 assert(s->n_connections > 0);
2492 s->n_connections--;
2493
2494 log_debug_unit(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
2495 }
2496
2497 static void socket_trigger_notify(Unit *u, Unit *other) {
2498 Socket *s = SOCKET(u);
2499 Service *se;
2500
2501 assert(u);
2502 assert(other);
2503
2504 /* Don't propagate state changes from the service if we are
2505 already down or accepting connections */
2506 if ((s->state != SOCKET_RUNNING &&
2507 s->state != SOCKET_LISTENING) ||
2508 s->accept)
2509 return;
2510
2511 if (other->load_state != UNIT_LOADED ||
2512 other->type != UNIT_SERVICE)
2513 return;
2514
2515 se = SERVICE(other);
2516
2517 if (se->state == SERVICE_FAILED)
2518 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2519
2520 if (se->state == SERVICE_DEAD ||
2521 se->state == SERVICE_STOP ||
2522 se->state == SERVICE_STOP_SIGTERM ||
2523 se->state == SERVICE_STOP_SIGKILL ||
2524 se->state == SERVICE_STOP_POST ||
2525 se->state == SERVICE_FINAL_SIGTERM ||
2526 se->state == SERVICE_FINAL_SIGKILL ||
2527 se->state == SERVICE_AUTO_RESTART)
2528 socket_notify_service_dead(s, false);
2529
2530 if (se->state == SERVICE_RUNNING)
2531 socket_set_state(s, SOCKET_RUNNING);
2532 }
2533
2534 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2535 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2536 }
2537
2538 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2539 Socket *s = SOCKET(u);
2540 int r;
2541
2542 if (!s->timer_event_source)
2543 return 0;
2544
2545 r = sd_event_source_get_time(s->timer_event_source, timeout);
2546 if (r < 0)
2547 return r;
2548
2549 return 1;
2550 }
2551
2552 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2553 [SOCKET_DEAD] = "dead",
2554 [SOCKET_START_PRE] = "start-pre",
2555 [SOCKET_START_CHOWN] = "start-chown",
2556 [SOCKET_START_POST] = "start-post",
2557 [SOCKET_LISTENING] = "listening",
2558 [SOCKET_RUNNING] = "running",
2559 [SOCKET_STOP_PRE] = "stop-pre",
2560 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2561 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2562 [SOCKET_STOP_POST] = "stop-post",
2563 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2564 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2565 [SOCKET_FAILED] = "failed"
2566 };
2567
2568 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2569
2570 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2571 [SOCKET_EXEC_START_PRE] = "StartPre",
2572 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2573 [SOCKET_EXEC_START_POST] = "StartPost",
2574 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2575 [SOCKET_EXEC_STOP_POST] = "StopPost"
2576 };
2577
2578 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2579
2580 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2581 [SOCKET_SUCCESS] = "success",
2582 [SOCKET_FAILURE_RESOURCES] = "resources",
2583 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2584 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2585 [SOCKET_FAILURE_SIGNAL] = "signal",
2586 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2587 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2588 };
2589
2590 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2591
2592 const UnitVTable socket_vtable = {
2593 .object_size = sizeof(Socket),
2594 .exec_context_offset = offsetof(Socket, exec_context),
2595 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2596 .kill_context_offset = offsetof(Socket, kill_context),
2597 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2598
2599 .sections =
2600 "Unit\0"
2601 "Socket\0"
2602 "Install\0",
2603 .private_section = "Socket",
2604
2605 .init = socket_init,
2606 .done = socket_done,
2607 .load = socket_load,
2608
2609 .coldplug = socket_coldplug,
2610
2611 .dump = socket_dump,
2612
2613 .start = socket_start,
2614 .stop = socket_stop,
2615
2616 .kill = socket_kill,
2617
2618 .get_timeout = socket_get_timeout,
2619
2620 .serialize = socket_serialize,
2621 .deserialize_item = socket_deserialize_item,
2622 .distribute_fds = socket_distribute_fds,
2623
2624 .active_state = socket_active_state,
2625 .sub_state_to_string = socket_sub_state_to_string,
2626
2627 .check_gc = socket_check_gc,
2628
2629 .sigchld_event = socket_sigchld_event,
2630
2631 .trigger_notify = socket_trigger_notify,
2632
2633 .reset_failed = socket_reset_failed,
2634
2635 .bus_interface = "org.freedesktop.systemd1.Socket",
2636 .bus_vtable = bus_socket_vtable,
2637 .bus_set_property = bus_socket_set_property,
2638 .bus_commit_properties = bus_socket_commit_properties,
2639
2640 .status_message_formats = {
2641 /*.starting_stopping = {
2642 [0] = "Starting socket %s...",
2643 [1] = "Stopping socket %s...",
2644 },*/
2645 .finished_start_job = {
2646 [JOB_DONE] = "Listening on %s.",
2647 [JOB_FAILED] = "Failed to listen on %s.",
2648 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2649 [JOB_TIMEOUT] = "Timed out starting %s.",
2650 },
2651 .finished_stop_job = {
2652 [JOB_DONE] = "Closed %s.",
2653 [JOB_FAILED] = "Failed stopping %s.",
2654 [JOB_TIMEOUT] = "Timed out stopping %s.",
2655 },
2656 },
2657 };
Unnamed repository; edit this file 'description' to name the repository.