]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:


88aae4815b30da05723d05c91a49e961d0706bfa
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/types.h>
23 #include <sys/stat.h>
24 #include <unistd.h>
25 #include <errno.h>
26 #include <fcntl.h>
27 #include <sys/epoll.h>
28 #include <signal.h>
29 #include <arpa/inet.h>
30 #include <netinet/tcp.h>
31 #include <mqueue.h>
32 #include <sys/xattr.h>
33
34 #include "sd-event.h"
35 #include "log.h"
36 #include "load-dropin.h"
37 #include "load-fragment.h"
38 #include "strv.h"
39 #include "mkdir.h"
40 #include "path-util.h"
41 #include "unit-name.h"
42 #include "unit-printf.h"
43 #include "missing.h"
44 #include "special.h"
45 #include "label.h"
46 #include "exit-status.h"
47 #include "def.h"
48 #include "smack-util.h"
49 #include "bus-util.h"
50 #include "bus-error.h"
51 #include "selinux-util.h"
52 #include "dbus-socket.h"
53 #include "unit.h"
54 #include "socket.h"
55
56 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
57 [SOCKET_DEAD] = UNIT_INACTIVE,
58 [SOCKET_START_PRE] = UNIT_ACTIVATING,
59 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
60 [SOCKET_START_POST] = UNIT_ACTIVATING,
61 [SOCKET_LISTENING] = UNIT_ACTIVE,
62 [SOCKET_RUNNING] = UNIT_ACTIVE,
63 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
66 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
67 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
68 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
69 [SOCKET_FAILED] = UNIT_FAILED
70 };
71
72 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
73 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
74
75 static void socket_init(Unit *u) {
76 Socket *s = SOCKET(u);
77
78 assert(u);
79 assert(u->load_state == UNIT_STUB);
80
81 s->backlog = SOMAXCONN;
82 s->timeout_usec = u->manager->default_timeout_start_usec;
83 s->directory_mode = 0755;
84 s->socket_mode = 0666;
85
86 s->max_connections = 64;
87
88 s->priority = -1;
89 s->ip_tos = -1;
90 s->ip_ttl = -1;
91 s->mark = -1;
92
93 s->exec_context.std_output = u->manager->default_std_output;
94 s->exec_context.std_error = u->manager->default_std_error;
95
96 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
97 }
98
99 static void socket_unwatch_control_pid(Socket *s) {
100 assert(s);
101
102 if (s->control_pid <= 0)
103 return;
104
105 unit_unwatch_pid(UNIT(s), s->control_pid);
106 s->control_pid = 0;
107 }
108
109 void socket_free_ports(Socket *s) {
110 SocketPort *p;
111
112 assert(s);
113
114 while ((p = s->ports)) {
115 LIST_REMOVE(port, s->ports, p);
116
117 sd_event_source_unref(p->event_source);
118
119 safe_close(p->fd);
120 free(p->path);
121 free(p);
122 }
123 }
124
125 static void socket_done(Unit *u) {
126 Socket *s = SOCKET(u);
127
128 assert(s);
129
130 socket_free_ports(s);
131
132 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
133 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
134 s->control_command = NULL;
135
136 socket_unwatch_control_pid(s);
137
138 unit_ref_unset(&s->service);
139
140 free(s->tcp_congestion);
141 s->tcp_congestion = NULL;
142
143 free(s->bind_to_device);
144 s->bind_to_device = NULL;
145
146 free(s->smack);
147 free(s->smack_ip_in);
148 free(s->smack_ip_out);
149
150 strv_free(s->symlinks);
151
152 free(s->user);
153 free(s->group);
154
155 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
156 }
157
158 static int socket_arm_timer(Socket *s) {
159 int r;
160
161 assert(s);
162
163 if (s->timeout_usec <= 0) {
164 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
165 return 0;
166 }
167
168 if (s->timer_event_source) {
169 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
170 if (r < 0)
171 return r;
172
173 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
174 }
175
176 return sd_event_add_time(
177 UNIT(s)->manager->event,
178 &s->timer_event_source,
179 CLOCK_MONOTONIC,
180 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
181 socket_dispatch_timer, s);
182 }
183
184 int socket_instantiate_service(Socket *s) {
185 _cleanup_free_ char *prefix = NULL, *name = NULL;
186 int r;
187 Unit *u;
188
189 assert(s);
190
191 /* This fills in s->service if it isn't filled in yet. For
192 * Accept=yes sockets we create the next connection service
193 * here. For Accept=no this is mostly a NOP since the service
194 * is figured out at load time anyway. */
195
196 if (UNIT_DEREF(s->service) || !s->accept)
197 return 0;
198
199 prefix = unit_name_to_prefix(UNIT(s)->id);
200 if (!prefix)
201 return -ENOMEM;
202
203 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
204 return -ENOMEM;
205
206 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
207 if (r < 0)
208 return r;
209
210 u->no_gc = true;
211 unit_ref_set(&s->service, u);
212
213 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
214 }
215
216 static bool have_non_accept_socket(Socket *s) {
217 SocketPort *p;
218
219 assert(s);
220
221 if (!s->accept)
222 return true;
223
224 LIST_FOREACH(port, p, s->ports) {
225
226 if (p->type != SOCKET_SOCKET)
227 return true;
228
229 if (!socket_address_can_accept(&p->address))
230 return true;
231 }
232
233 return false;
234 }
235
236 static int socket_add_mount_links(Socket *s) {
237 SocketPort *p;
238 int r;
239
240 assert(s);
241
242 LIST_FOREACH(port, p, s->ports) {
243 const char *path = NULL;
244
245 if (p->type == SOCKET_SOCKET)
246 path = socket_address_get_path(&p->address);
247 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
248 path = p->path;
249
250 if (!path)
251 continue;
252
253 r = unit_require_mounts_for(UNIT(s), path);
254 if (r < 0)
255 return r;
256 }
257
258 return 0;
259 }
260
261 static int socket_add_device_link(Socket *s) {
262 char *t;
263
264 assert(s);
265
266 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
267 return 0;
268
269 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
270 return unit_add_node_link(UNIT(s), t, false);
271 }
272
273 static int socket_add_default_dependencies(Socket *s) {
274 int r;
275 assert(s);
276
277 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
278 if (r < 0)
279 return r;
280
281 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
282 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
283 if (r < 0)
284 return r;
285 }
286
287 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
288 }
289
290 _pure_ static bool socket_has_exec(Socket *s) {
291 unsigned i;
292 assert(s);
293
294 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
295 if (s->exec_command[i])
296 return true;
297
298 return false;
299 }
300
301 static int socket_add_extras(Socket *s) {
302 Unit *u = UNIT(s);
303 int r;
304
305 assert(s);
306
307 if (have_non_accept_socket(s)) {
308
309 if (!UNIT_DEREF(s->service)) {
310 Unit *x;
311
312 r = unit_load_related_unit(u, ".service", &x);
313 if (r < 0)
314 return r;
315
316 unit_ref_set(&s->service, x);
317 }
318
319 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
320 if (r < 0)
321 return r;
322 }
323
324 r = socket_add_mount_links(s);
325 if (r < 0)
326 return r;
327
328 r = socket_add_device_link(s);
329 if (r < 0)
330 return r;
331
332 r = unit_patch_contexts(u);
333 if (r < 0)
334 return r;
335
336 if (socket_has_exec(s)) {
337 r = unit_add_exec_dependencies(u, &s->exec_context);
338 if (r < 0)
339 return r;
340
341 r = unit_add_default_slice(u, &s->cgroup_context);
342 if (r < 0)
343 return r;
344 }
345
346 if (u->default_dependencies) {
347 r = socket_add_default_dependencies(s);
348 if (r < 0)
349 return r;
350 }
351
352 return 0;
353 }
354
355 static const char *socket_find_symlink_target(Socket *s) {
356 const char *found = NULL;
357 SocketPort *p;
358
359 LIST_FOREACH(port, p, s->ports) {
360 const char *f = NULL;
361
362 switch (p->type) {
363
364 case SOCKET_FIFO:
365 f = p->path;
366 break;
367
368 case SOCKET_SOCKET:
369 if (p->address.sockaddr.un.sun_path[0] != 0)
370 f = p->address.sockaddr.un.sun_path;
371 break;
372
373 default:
374 break;
375 }
376
377 if (f) {
378 if (found)
379 return NULL;
380
381 found = f;
382 }
383 }
384
385 return found;
386 }
387
388 static int socket_verify(Socket *s) {
389 assert(s);
390
391 if (UNIT(s)->load_state != UNIT_LOADED)
392 return 0;
393
394 if (!s->ports) {
395 log_unit_error(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
396 return -EINVAL;
397 }
398
399 if (s->accept && have_non_accept_socket(s)) {
400 log_unit_error(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
401 UNIT(s)->id);
402 return -EINVAL;
403 }
404
405 if (s->accept && s->max_connections <= 0) {
406 log_unit_error(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
407 return -EINVAL;
408 }
409
410 if (s->accept && UNIT_DEREF(s->service)) {
411 log_unit_error(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
412 return -EINVAL;
413 }
414
415 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
416 log_unit_error(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
417 return -EINVAL;
418 }
419
420 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
421 log_unit_error(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
422 return -EINVAL;
423 }
424
425 return 0;
426 }
427
428 static int socket_load(Unit *u) {
429 Socket *s = SOCKET(u);
430 int r;
431
432 assert(u);
433 assert(u->load_state == UNIT_STUB);
434
435 r = unit_load_fragment_and_dropin(u);
436 if (r < 0)
437 return r;
438
439 if (u->load_state == UNIT_LOADED) {
440 /* This is a new unit? Then let's add in some extras */
441 r = socket_add_extras(s);
442 if (r < 0)
443 return r;
444 }
445
446 return socket_verify(s);
447 }
448
449 _const_ static const char* listen_lookup(int family, int type) {
450
451 if (family == AF_NETLINK)
452 return "ListenNetlink";
453
454 if (type == SOCK_STREAM)
455 return "ListenStream";
456 else if (type == SOCK_DGRAM)
457 return "ListenDatagram";
458 else if (type == SOCK_SEQPACKET)
459 return "ListenSequentialPacket";
460
461 assert_not_reached("Unknown socket type");
462 return NULL;
463 }
464
465 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
466 char time_string[FORMAT_TIMESPAN_MAX];
467 SocketExecCommand c;
468 Socket *s = SOCKET(u);
469 SocketPort *p;
470 const char *prefix2;
471
472 assert(s);
473 assert(f);
474
475 prefix = strempty(prefix);
476 prefix2 = strjoina(prefix, "\t");
477
478 fprintf(f,
479 "%sSocket State: %s\n"
480 "%sResult: %s\n"
481 "%sBindIPv6Only: %s\n"
482 "%sBacklog: %u\n"
483 "%sSocketMode: %04o\n"
484 "%sDirectoryMode: %04o\n"
485 "%sKeepAlive: %s\n"
486 "%sNoDelay: %s\n"
487 "%sFreeBind: %s\n"
488 "%sTransparent: %s\n"
489 "%sBroadcast: %s\n"
490 "%sPassCredentials: %s\n"
491 "%sPassSecurity: %s\n"
492 "%sTCPCongestion: %s\n"
493 "%sRemoveOnStop: %s\n"
494 "%sSELinuxContextFromNet: %s\n",
495 prefix, socket_state_to_string(s->state),
496 prefix, socket_result_to_string(s->result),
497 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
498 prefix, s->backlog,
499 prefix, s->socket_mode,
500 prefix, s->directory_mode,
501 prefix, yes_no(s->keep_alive),
502 prefix, yes_no(s->no_delay),
503 prefix, yes_no(s->free_bind),
504 prefix, yes_no(s->transparent),
505 prefix, yes_no(s->broadcast),
506 prefix, yes_no(s->pass_cred),
507 prefix, yes_no(s->pass_sec),
508 prefix, strna(s->tcp_congestion),
509 prefix, yes_no(s->remove_on_stop),
510 prefix, yes_no(s->selinux_context_from_net));
511
512 if (s->control_pid > 0)
513 fprintf(f,
514 "%sControl PID: "PID_FMT"\n",
515 prefix, s->control_pid);
516
517 if (s->bind_to_device)
518 fprintf(f,
519 "%sBindToDevice: %s\n",
520 prefix, s->bind_to_device);
521
522 if (s->accept)
523 fprintf(f,
524 "%sAccepted: %u\n"
525 "%sNConnections: %u\n"
526 "%sMaxConnections: %u\n",
527 prefix, s->n_accepted,
528 prefix, s->n_connections,
529 prefix, s->max_connections);
530
531 if (s->priority >= 0)
532 fprintf(f,
533 "%sPriority: %i\n",
534 prefix, s->priority);
535
536 if (s->receive_buffer > 0)
537 fprintf(f,
538 "%sReceiveBuffer: %zu\n",
539 prefix, s->receive_buffer);
540
541 if (s->send_buffer > 0)
542 fprintf(f,
543 "%sSendBuffer: %zu\n",
544 prefix, s->send_buffer);
545
546 if (s->ip_tos >= 0)
547 fprintf(f,
548 "%sIPTOS: %i\n",
549 prefix, s->ip_tos);
550
551 if (s->ip_ttl >= 0)
552 fprintf(f,
553 "%sIPTTL: %i\n",
554 prefix, s->ip_ttl);
555
556 if (s->pipe_size > 0)
557 fprintf(f,
558 "%sPipeSize: %zu\n",
559 prefix, s->pipe_size);
560
561 if (s->mark >= 0)
562 fprintf(f,
563 "%sMark: %i\n",
564 prefix, s->mark);
565
566 if (s->mq_maxmsg > 0)
567 fprintf(f,
568 "%sMessageQueueMaxMessages: %li\n",
569 prefix, s->mq_maxmsg);
570
571 if (s->mq_msgsize > 0)
572 fprintf(f,
573 "%sMessageQueueMessageSize: %li\n",
574 prefix, s->mq_msgsize);
575
576 if (s->reuse_port)
577 fprintf(f,
578 "%sReusePort: %s\n",
579 prefix, yes_no(s->reuse_port));
580
581 if (s->smack)
582 fprintf(f,
583 "%sSmackLabel: %s\n",
584 prefix, s->smack);
585
586 if (s->smack_ip_in)
587 fprintf(f,
588 "%sSmackLabelIPIn: %s\n",
589 prefix, s->smack_ip_in);
590
591 if (s->smack_ip_out)
592 fprintf(f,
593 "%sSmackLabelIPOut: %s\n",
594 prefix, s->smack_ip_out);
595
596 if (!isempty(s->user) || !isempty(s->group))
597 fprintf(f,
598 "%sOwnerUser: %s\n"
599 "%sOwnerGroup: %s\n",
600 prefix, strna(s->user),
601 prefix, strna(s->group));
602
603 if (s->keep_alive_time > 0)
604 fprintf(f,
605 "%sKeepAliveTimeSec: %s\n",
606 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
607
608 if (s->keep_alive_interval)
609 fprintf(f,
610 "%sKeepAliveIntervalSec: %s\n",
611 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
612
613 if (s->keep_alive_cnt)
614 fprintf(f,
615 "%sKeepAliveProbes: %u\n",
616 prefix, s->keep_alive_cnt);
617
618 if (s->defer_accept)
619 fprintf(f,
620 "%sDeferAcceptSec: %s\n",
621 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
622
623 LIST_FOREACH(port, p, s->ports) {
624
625 if (p->type == SOCKET_SOCKET) {
626 const char *t;
627 int r;
628 char *k = NULL;
629
630 if ((r = socket_address_print(&p->address, &k)) < 0)
631 t = strerror(-r);
632 else
633 t = k;
634
635 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
636 free(k);
637 } else if (p->type == SOCKET_SPECIAL)
638 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
639 else if (p->type == SOCKET_MQUEUE)
640 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
641 else
642 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
643 }
644
645 exec_context_dump(&s->exec_context, f, prefix);
646 kill_context_dump(&s->kill_context, f, prefix);
647
648 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
649 if (!s->exec_command[c])
650 continue;
651
652 fprintf(f, "%s-> %s:\n",
653 prefix, socket_exec_command_to_string(c));
654
655 exec_command_dump_list(s->exec_command[c], f, prefix2);
656 }
657 }
658
659 static int instance_from_socket(int fd, unsigned nr, char **instance) {
660 socklen_t l;
661 char *r;
662 union sockaddr_union local, remote;
663
664 assert(fd >= 0);
665 assert(instance);
666
667 l = sizeof(local);
668 if (getsockname(fd, &local.sa, &l) < 0)
669 return -errno;
670
671 l = sizeof(remote);
672 if (getpeername(fd, &remote.sa, &l) < 0)
673 return -errno;
674
675 switch (local.sa.sa_family) {
676
677 case AF_INET: {
678 uint32_t
679 a = ntohl(local.in.sin_addr.s_addr),
680 b = ntohl(remote.in.sin_addr.s_addr);
681
682 if (asprintf(&r,
683 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
684 nr,
685 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
686 ntohs(local.in.sin_port),
687 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
688 ntohs(remote.in.sin_port)) < 0)
689 return -ENOMEM;
690
691 break;
692 }
693
694 case AF_INET6: {
695 static const unsigned char ipv4_prefix[] = {
696 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
697 };
698
699 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
700 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
701 const uint8_t
702 *a = local.in6.sin6_addr.s6_addr+12,
703 *b = remote.in6.sin6_addr.s6_addr+12;
704
705 if (asprintf(&r,
706 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
707 nr,
708 a[0], a[1], a[2], a[3],
709 ntohs(local.in6.sin6_port),
710 b[0], b[1], b[2], b[3],
711 ntohs(remote.in6.sin6_port)) < 0)
712 return -ENOMEM;
713 } else {
714 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
715
716 if (asprintf(&r,
717 "%u-%s:%u-%s:%u",
718 nr,
719 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
720 ntohs(local.in6.sin6_port),
721 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
722 ntohs(remote.in6.sin6_port)) < 0)
723 return -ENOMEM;
724 }
725
726 break;
727 }
728
729 case AF_UNIX: {
730 struct ucred ucred;
731 int k;
732
733 k = getpeercred(fd, &ucred);
734 if (k >= 0) {
735 if (asprintf(&r,
736 "%u-"PID_FMT"-"UID_FMT,
737 nr, ucred.pid, ucred.uid) < 0)
738 return -ENOMEM;
739 } else if (k == -ENODATA) {
740 /* This handles the case where somebody is
741 * connecting from another pid/uid namespace
742 * (e.g. from outside of our container). */
743 if (asprintf(&r,
744 "%u-unknown",
745 nr) < 0)
746 return -ENOMEM;
747 } else
748 return k;
749
750 break;
751 }
752
753 default:
754 assert_not_reached("Unhandled socket type.");
755 }
756
757 *instance = r;
758 return 0;
759 }
760
761 static void socket_close_fds(Socket *s) {
762 SocketPort *p;
763 char **i;
764
765 assert(s);
766
767 LIST_FOREACH(port, p, s->ports) {
768
769 p->event_source = sd_event_source_unref(p->event_source);
770
771 if (p->fd < 0)
772 continue;
773
774 p->fd = safe_close(p->fd);
775
776 /* One little note: we should normally not delete any
777 * sockets in the file system here! After all some
778 * other process we spawned might still have a
779 * reference of this fd and wants to continue to use
780 * it. Therefore we delete sockets in the file system
781 * before we create a new one, not after we stopped
782 * using one! */
783
784 if (s->remove_on_stop) {
785 switch (p->type) {
786
787 case SOCKET_FIFO:
788 unlink(p->path);
789 break;
790
791 case SOCKET_MQUEUE:
792 mq_unlink(p->path);
793 break;
794
795 case SOCKET_SOCKET:
796 socket_address_unlink(&p->address);
797 break;
798
799 default:
800 break;
801 }
802 }
803 }
804
805 if (s->remove_on_stop)
806 STRV_FOREACH(i, s->symlinks)
807 unlink(*i);
808 }
809
810 static void socket_apply_socket_options(Socket *s, int fd) {
811 int r;
812
813 assert(s);
814 assert(fd >= 0);
815
816 if (s->keep_alive) {
817 int b = s->keep_alive;
818 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
819 log_unit_warning(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
820 }
821
822 if (s->keep_alive_time) {
823 int value = s->keep_alive_time / USEC_PER_SEC;
824 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
825 log_unit_warning(UNIT(s)->id, "TCP_KEEPIDLE failed: %m");
826 }
827
828 if (s->keep_alive_interval) {
829 int value = s->keep_alive_interval / USEC_PER_SEC;
830 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
831 log_unit_warning(UNIT(s)->id, "TCP_KEEPINTVL failed: %m");
832 }
833
834 if (s->keep_alive_cnt) {
835 int value = s->keep_alive_cnt;
836 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
837 log_unit_warning(UNIT(s)->id, "TCP_KEEPCNT failed: %m");
838 }
839
840 if (s->defer_accept) {
841 int value = s->defer_accept / USEC_PER_SEC;
842 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
843 log_unit_warning(UNIT(s)->id, "TCP_DEFER_ACCEPT failed: %m");
844 }
845
846 if (s->no_delay) {
847 int b = s->no_delay;
848 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
849 log_unit_warning(UNIT(s)->id, "TCP_NODELAY failed: %m");
850 }
851
852 if (s->broadcast) {
853 int one = 1;
854 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
855 log_unit_warning(UNIT(s)->id, "SO_BROADCAST failed: %m");
856 }
857
858 if (s->pass_cred) {
859 int one = 1;
860 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
861 log_unit_warning(UNIT(s)->id, "SO_PASSCRED failed: %m");
862 }
863
864 if (s->pass_sec) {
865 int one = 1;
866 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
867 log_unit_warning(UNIT(s)->id, "SO_PASSSEC failed: %m");
868 }
869
870 if (s->priority >= 0)
871 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
872 log_unit_warning(UNIT(s)->id, "SO_PRIORITY failed: %m");
873
874 if (s->receive_buffer > 0) {
875 int value = (int) s->receive_buffer;
876
877 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
878
879 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
880 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
881 log_unit_warning(UNIT(s)->id, "SO_RCVBUF failed: %m");
882 }
883
884 if (s->send_buffer > 0) {
885 int value = (int) s->send_buffer;
886 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
887 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
888 log_unit_warning(UNIT(s)->id, "SO_SNDBUF failed: %m");
889 }
890
891 if (s->mark >= 0)
892 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
893 log_unit_warning(UNIT(s)->id, "SO_MARK failed: %m");
894
895 if (s->ip_tos >= 0)
896 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
897 log_unit_warning(UNIT(s)->id, "IP_TOS failed: %m");
898
899 if (s->ip_ttl >= 0) {
900 int x;
901
902 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
903
904 if (socket_ipv6_is_supported())
905 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
906 else {
907 x = -1;
908 errno = EAFNOSUPPORT;
909 }
910
911 if (r < 0 && x < 0)
912 log_unit_warning(UNIT(s)->id,
913 "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
914 }
915
916 if (s->tcp_congestion)
917 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
918 log_unit_warning(UNIT(s)->id, "TCP_CONGESTION failed: %m");
919
920 if (s->reuse_port) {
921 int b = s->reuse_port;
922 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
923 log_unit_warning(UNIT(s)->id, "SO_REUSEPORT failed: %m");
924 }
925
926 if (s->smack_ip_in) {
927 r = mac_smack_apply_ip_in_fd(fd, s->smack_ip_in);
928 if (r < 0)
929 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_ip_in_fd: %m");
930 }
931
932 if (s->smack_ip_out) {
933 r = mac_smack_apply_ip_out_fd(fd, s->smack_ip_out);
934 if (r < 0)
935 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_ip_out_fd: %m");
936 }
937 }
938
939 static void socket_apply_fifo_options(Socket *s, int fd) {
940 int r;
941
942 assert(s);
943 assert(fd >= 0);
944
945 if (s->pipe_size > 0)
946 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
947 log_unit_warning(UNIT(s)->id, "F_SETPIPE_SZ: %m");
948
949 if (s->smack) {
950 r = mac_smack_apply_fd(fd, s->smack);
951 if (r < 0)
952 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_fd: %m");
953 }
954 }
955
956 static int fifo_address_create(
957 const char *path,
958 mode_t directory_mode,
959 mode_t socket_mode,
960 int *_fd) {
961
962 int fd = -1, r = 0;
963 struct stat st;
964 mode_t old_mask;
965
966 assert(path);
967 assert(_fd);
968
969 mkdir_parents_label(path, directory_mode);
970
971 r = mac_selinux_create_file_prepare(path, S_IFIFO);
972 if (r < 0)
973 goto fail;
974
975 /* Enforce the right access mode for the fifo */
976 old_mask = umask(~ socket_mode);
977
978 /* Include the original umask in our mask */
979 umask(~socket_mode | old_mask);
980
981 r = mkfifo(path, socket_mode);
982 umask(old_mask);
983
984 if (r < 0 && errno != EEXIST) {
985 r = -errno;
986 goto fail;
987 }
988
989 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
990 r = -errno;
991 goto fail;
992 }
993
994 mac_selinux_create_file_clear();
995
996 if (fstat(fd, &st) < 0) {
997 r = -errno;
998 goto fail;
999 }
1000
1001 if (!S_ISFIFO(st.st_mode) ||
1002 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1003 st.st_uid != getuid() ||
1004 st.st_gid != getgid()) {
1005
1006 r = -EEXIST;
1007 goto fail;
1008 }
1009
1010 *_fd = fd;
1011 return 0;
1012
1013 fail:
1014 mac_selinux_create_file_clear();
1015 safe_close(fd);
1016
1017 return r;
1018 }
1019
1020 static int special_address_create(
1021 const char *path,
1022 int *_fd) {
1023
1024 int fd = -1, r = 0;
1025 struct stat st;
1026
1027 assert(path);
1028 assert(_fd);
1029
1030 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1031 if (fd < 0) {
1032 r = -errno;
1033 goto fail;
1034 }
1035
1036 if (fstat(fd, &st) < 0) {
1037 r = -errno;
1038 goto fail;
1039 }
1040
1041 /* Check whether this is a /proc, /sys or /dev file or char device */
1042 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1043 r = -EEXIST;
1044 goto fail;
1045 }
1046
1047 *_fd = fd;
1048 return 0;
1049
1050 fail:
1051 safe_close(fd);
1052
1053 return r;
1054 }
1055
1056 static int mq_address_create(
1057 const char *path,
1058 mode_t mq_mode,
1059 long maxmsg,
1060 long msgsize,
1061 int *_fd) {
1062
1063 int fd = -1, r = 0;
1064 struct stat st;
1065 mode_t old_mask;
1066 struct mq_attr _attr, *attr = NULL;
1067
1068 assert(path);
1069 assert(_fd);
1070
1071 if (maxmsg > 0 && msgsize > 0) {
1072 zero(_attr);
1073 _attr.mq_flags = O_NONBLOCK;
1074 _attr.mq_maxmsg = maxmsg;
1075 _attr.mq_msgsize = msgsize;
1076 attr = &_attr;
1077 }
1078
1079 /* Enforce the right access mode for the mq */
1080 old_mask = umask(~ mq_mode);
1081
1082 /* Include the original umask in our mask */
1083 umask(~mq_mode | old_mask);
1084 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1085 umask(old_mask);
1086
1087 if (fd < 0) {
1088 r = -errno;
1089 goto fail;
1090 }
1091
1092 if (fstat(fd, &st) < 0) {
1093 r = -errno;
1094 goto fail;
1095 }
1096
1097 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1098 st.st_uid != getuid() ||
1099 st.st_gid != getgid()) {
1100
1101 r = -EEXIST;
1102 goto fail;
1103 }
1104
1105 *_fd = fd;
1106 return 0;
1107
1108 fail:
1109 safe_close(fd);
1110 return r;
1111 }
1112
1113 static int socket_symlink(Socket *s) {
1114 const char *p;
1115 char **i;
1116
1117 assert(s);
1118
1119 p = socket_find_symlink_target(s);
1120 if (!p)
1121 return 0;
1122
1123 STRV_FOREACH(i, s->symlinks)
1124 symlink_label(p, *i);
1125
1126 return 0;
1127 }
1128
1129 static int socket_open_fds(Socket *s) {
1130 SocketPort *p;
1131 int r;
1132 char *label = NULL;
1133 bool know_label = false;
1134
1135 assert(s);
1136
1137 LIST_FOREACH(port, p, s->ports) {
1138
1139 if (p->fd >= 0)
1140 continue;
1141
1142 if (p->type == SOCKET_SOCKET) {
1143
1144 if (!know_label) {
1145 /* Figure out label, if we don't it know
1146 * yet. We do it once, for the first
1147 * socket where we need this and
1148 * remember it for the rest. */
1149
1150 if (s->selinux_context_from_net) {
1151 /* Get it from the network label */
1152
1153 r = mac_selinux_get_our_label(&label);
1154 if (r < 0 && r != -EOPNOTSUPP)
1155 goto rollback;
1156
1157 } else {
1158 /* Get it from the executable we are about to start */
1159
1160 r = socket_instantiate_service(s);
1161 if (r < 0)
1162 goto rollback;
1163
1164 if (UNIT_ISSET(s->service) &&
1165 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1166 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1167 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1168 goto rollback;
1169 }
1170 }
1171
1172 know_label = true;
1173 }
1174
1175 r = socket_address_listen(
1176 &p->address,
1177 SOCK_CLOEXEC|SOCK_NONBLOCK,
1178 s->backlog,
1179 s->bind_ipv6_only,
1180 s->bind_to_device,
1181 s->free_bind,
1182 s->transparent,
1183 s->directory_mode,
1184 s->socket_mode,
1185 label);
1186 if (r < 0)
1187 goto rollback;
1188
1189 p->fd = r;
1190 socket_apply_socket_options(s, p->fd);
1191 socket_symlink(s);
1192
1193 } else if (p->type == SOCKET_SPECIAL) {
1194
1195 r = special_address_create(
1196 p->path,
1197 &p->fd);
1198 if (r < 0)
1199 goto rollback;
1200
1201 } else if (p->type == SOCKET_FIFO) {
1202
1203 r = fifo_address_create(
1204 p->path,
1205 s->directory_mode,
1206 s->socket_mode,
1207 &p->fd);
1208 if (r < 0)
1209 goto rollback;
1210
1211 socket_apply_fifo_options(s, p->fd);
1212 socket_symlink(s);
1213
1214 } else if (p->type == SOCKET_MQUEUE) {
1215
1216 r = mq_address_create(
1217 p->path,
1218 s->socket_mode,
1219 s->mq_maxmsg,
1220 s->mq_msgsize,
1221 &p->fd);
1222 if (r < 0)
1223 goto rollback;
1224 } else
1225 assert_not_reached("Unknown port type");
1226 }
1227
1228 mac_selinux_free(label);
1229 return 0;
1230
1231 rollback:
1232 socket_close_fds(s);
1233 mac_selinux_free(label);
1234
1235 return r;
1236 }
1237
1238 static void socket_unwatch_fds(Socket *s) {
1239 SocketPort *p;
1240 int r;
1241
1242 assert(s);
1243
1244 LIST_FOREACH(port, p, s->ports) {
1245 if (p->fd < 0)
1246 continue;
1247
1248 if (!p->event_source)
1249 continue;
1250
1251 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1252 if (r < 0)
1253 log_unit_debug(UNIT(s)->id, "Failed to disable event source.");
1254 }
1255 }
1256
1257 static int socket_watch_fds(Socket *s) {
1258 SocketPort *p;
1259 int r;
1260
1261 assert(s);
1262
1263 LIST_FOREACH(port, p, s->ports) {
1264 if (p->fd < 0)
1265 continue;
1266
1267 if (p->event_source)
1268 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1269 else
1270 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1271
1272 if (r < 0) {
1273 log_unit_warning_errno(UNIT(s)->id, r, "Failed to watch listening fds: %m");
1274 goto fail;
1275 }
1276 }
1277
1278 return 0;
1279
1280 fail:
1281 socket_unwatch_fds(s);
1282 return r;
1283 }
1284
1285 static void socket_set_state(Socket *s, SocketState state) {
1286 SocketState old_state;
1287 assert(s);
1288
1289 old_state = s->state;
1290 s->state = state;
1291
1292 if (!IN_SET(state,
1293 SOCKET_START_PRE,
1294 SOCKET_START_CHOWN,
1295 SOCKET_START_POST,
1296 SOCKET_STOP_PRE,
1297 SOCKET_STOP_PRE_SIGTERM,
1298 SOCKET_STOP_PRE_SIGKILL,
1299 SOCKET_STOP_POST,
1300 SOCKET_FINAL_SIGTERM,
1301 SOCKET_FINAL_SIGKILL)) {
1302
1303 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1304 socket_unwatch_control_pid(s);
1305 s->control_command = NULL;
1306 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1307 }
1308
1309 if (state != SOCKET_LISTENING)
1310 socket_unwatch_fds(s);
1311
1312 if (!IN_SET(state,
1313 SOCKET_START_CHOWN,
1314 SOCKET_START_POST,
1315 SOCKET_LISTENING,
1316 SOCKET_RUNNING,
1317 SOCKET_STOP_PRE,
1318 SOCKET_STOP_PRE_SIGTERM,
1319 SOCKET_STOP_PRE_SIGKILL))
1320 socket_close_fds(s);
1321
1322 if (state != old_state)
1323 log_unit_debug(UNIT(s)->id, "%s changed %s -> %s",
1324 UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
1325
1326 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1327 }
1328
1329 static int socket_coldplug(Unit *u) {
1330 Socket *s = SOCKET(u);
1331 int r;
1332
1333 assert(s);
1334 assert(s->state == SOCKET_DEAD);
1335
1336 if (s->deserialized_state == s->state)
1337 return 0;
1338
1339 if (IN_SET(s->deserialized_state,
1340 SOCKET_START_PRE,
1341 SOCKET_START_CHOWN,
1342 SOCKET_START_POST,
1343 SOCKET_STOP_PRE,
1344 SOCKET_STOP_PRE_SIGTERM,
1345 SOCKET_STOP_PRE_SIGKILL,
1346 SOCKET_STOP_POST,
1347 SOCKET_FINAL_SIGTERM,
1348 SOCKET_FINAL_SIGKILL)) {
1349
1350 if (s->control_pid <= 0)
1351 return -EBADMSG;
1352
1353 r = unit_watch_pid(UNIT(s), s->control_pid);
1354 if (r < 0)
1355 return r;
1356
1357 r = socket_arm_timer(s);
1358 if (r < 0)
1359 return r;
1360 }
1361
1362 if (IN_SET(s->deserialized_state,
1363 SOCKET_START_CHOWN,
1364 SOCKET_START_POST,
1365 SOCKET_LISTENING,
1366 SOCKET_RUNNING,
1367 SOCKET_STOP_PRE,
1368 SOCKET_STOP_PRE_SIGTERM,
1369 SOCKET_STOP_PRE_SIGKILL)) {
1370 r = socket_open_fds(s);
1371 if (r < 0)
1372 return r;
1373 }
1374
1375 if (s->deserialized_state == SOCKET_LISTENING) {
1376 r = socket_watch_fds(s);
1377 if (r < 0)
1378 return r;
1379 }
1380
1381 socket_set_state(s, s->deserialized_state);
1382 return 0;
1383 }
1384
1385 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1386 _cleanup_free_ char **argv = NULL;
1387 pid_t pid;
1388 int r;
1389 ExecParameters exec_params = {
1390 .apply_permissions = true,
1391 .apply_chroot = true,
1392 .apply_tty_stdin = true,
1393 };
1394
1395 assert(s);
1396 assert(c);
1397 assert(_pid);
1398
1399 unit_realize_cgroup(UNIT(s));
1400
1401 r = unit_setup_exec_runtime(UNIT(s));
1402 if (r < 0)
1403 goto fail;
1404
1405 r = socket_arm_timer(s);
1406 if (r < 0)
1407 goto fail;
1408
1409 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1410 if (r < 0)
1411 goto fail;
1412
1413 exec_params.argv = argv;
1414 exec_params.environment = UNIT(s)->manager->environment;
1415 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1416 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1417 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1418 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1419 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1420 exec_params.unit_id = UNIT(s)->id;
1421
1422 r = exec_spawn(c,
1423 &s->exec_context,
1424 &exec_params,
1425 s->exec_runtime,
1426 &pid);
1427 if (r < 0)
1428 goto fail;
1429
1430 r = unit_watch_pid(UNIT(s), pid);
1431 if (r < 0)
1432 /* FIXME: we need to do something here */
1433 goto fail;
1434
1435 *_pid = pid;
1436 return 0;
1437
1438 fail:
1439 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1440 return r;
1441 }
1442
1443 static int socket_chown(Socket *s, pid_t *_pid) {
1444 pid_t pid;
1445 int r;
1446
1447 r = socket_arm_timer(s);
1448 if (r < 0)
1449 goto fail;
1450
1451 /* We have to resolve the user names out-of-process, hence
1452 * let's fork here. It's messy, but well, what can we do? */
1453
1454 pid = fork();
1455 if (pid < 0)
1456 return -errno;
1457
1458 if (pid == 0) {
1459 SocketPort *p;
1460 uid_t uid = UID_INVALID;
1461 gid_t gid = GID_INVALID;
1462 int ret;
1463
1464 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1465 ignore_signals(SIGPIPE, -1);
1466 log_forget_fds();
1467
1468 if (!isempty(s->user)) {
1469 const char *user = s->user;
1470
1471 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1472 if (r < 0) {
1473 ret = EXIT_USER;
1474 goto fail_child;
1475 }
1476 }
1477
1478 if (!isempty(s->group)) {
1479 const char *group = s->group;
1480
1481 r = get_group_creds(&group, &gid);
1482 if (r < 0) {
1483 ret = EXIT_GROUP;
1484 goto fail_child;
1485 }
1486 }
1487
1488 LIST_FOREACH(port, p, s->ports) {
1489 const char *path = NULL;
1490
1491 if (p->type == SOCKET_SOCKET)
1492 path = socket_address_get_path(&p->address);
1493 else if (p->type == SOCKET_FIFO)
1494 path = p->path;
1495
1496 if (!path)
1497 continue;
1498
1499 if (chown(path, uid, gid) < 0) {
1500 r = -errno;
1501 ret = EXIT_CHOWN;
1502 goto fail_child;
1503 }
1504 }
1505
1506 _exit(0);
1507
1508 fail_child:
1509 log_open();
1510 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1511
1512 _exit(ret);
1513 }
1514
1515 r = unit_watch_pid(UNIT(s), pid);
1516 if (r < 0)
1517 goto fail;
1518
1519 *_pid = pid;
1520 return 0;
1521
1522 fail:
1523 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1524 return r;
1525 }
1526
1527 static void socket_enter_dead(Socket *s, SocketResult f) {
1528 assert(s);
1529
1530 if (f != SOCKET_SUCCESS)
1531 s->result = f;
1532
1533 exec_runtime_destroy(s->exec_runtime);
1534 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1535
1536 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1537
1538 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1539 }
1540
1541 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1542
1543 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1544 int r;
1545 assert(s);
1546
1547 if (f != SOCKET_SUCCESS)
1548 s->result = f;
1549
1550 socket_unwatch_control_pid(s);
1551 s->control_command_id = SOCKET_EXEC_STOP_POST;
1552 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1553
1554 if (s->control_command) {
1555 r = socket_spawn(s, s->control_command, &s->control_pid);
1556 if (r < 0)
1557 goto fail;
1558
1559 socket_set_state(s, SOCKET_STOP_POST);
1560 } else
1561 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1562
1563 return;
1564
1565 fail:
1566 log_unit_warning(UNIT(s)->id,
1567 "%s failed to run 'stop-post' task: %s",
1568 UNIT(s)->id, strerror(-r));
1569 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1570 }
1571
1572 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1573 int r;
1574
1575 assert(s);
1576
1577 if (f != SOCKET_SUCCESS)
1578 s->result = f;
1579
1580 r = unit_kill_context(
1581 UNIT(s),
1582 &s->kill_context,
1583 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1584 KILL_KILL : KILL_TERMINATE,
1585 -1,
1586 s->control_pid,
1587 false);
1588 if (r < 0)
1589 goto fail;
1590
1591 if (r > 0) {
1592 r = socket_arm_timer(s);
1593 if (r < 0)
1594 goto fail;
1595
1596 socket_set_state(s, state);
1597 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1598 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1599 else if (state == SOCKET_STOP_PRE_SIGKILL)
1600 socket_enter_stop_post(s, SOCKET_SUCCESS);
1601 else if (state == SOCKET_FINAL_SIGTERM)
1602 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1603 else
1604 socket_enter_dead(s, SOCKET_SUCCESS);
1605
1606 return;
1607
1608 fail:
1609 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to kill processes: %m", UNIT(s)->id);
1610
1611 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1612 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1613 else
1614 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1615 }
1616
1617 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1618 int r;
1619 assert(s);
1620
1621 if (f != SOCKET_SUCCESS)
1622 s->result = f;
1623
1624 socket_unwatch_control_pid(s);
1625 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1626 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1627
1628 if (s->control_command) {
1629 r = socket_spawn(s, s->control_command, &s->control_pid);
1630 if (r < 0)
1631 goto fail;
1632
1633 socket_set_state(s, SOCKET_STOP_PRE);
1634 } else
1635 socket_enter_stop_post(s, SOCKET_SUCCESS);
1636
1637 return;
1638
1639 fail:
1640 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'stop-pre' task: %m", UNIT(s)->id);
1641 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1642 }
1643
1644 static void socket_enter_listening(Socket *s) {
1645 int r;
1646 assert(s);
1647
1648 r = socket_watch_fds(s);
1649 if (r < 0) {
1650 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to watch sockets: %m", UNIT(s)->id);
1651 goto fail;
1652 }
1653
1654 socket_set_state(s, SOCKET_LISTENING);
1655 return;
1656
1657 fail:
1658 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1659 }
1660
1661 static void socket_enter_start_post(Socket *s) {
1662 int r;
1663 assert(s);
1664
1665 socket_unwatch_control_pid(s);
1666 s->control_command_id = SOCKET_EXEC_START_POST;
1667 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1668
1669 if (s->control_command) {
1670 r = socket_spawn(s, s->control_command, &s->control_pid);
1671 if (r < 0) {
1672 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'start-post' task: %m", UNIT(s)->id);
1673 goto fail;
1674 }
1675
1676 socket_set_state(s, SOCKET_START_POST);
1677 } else
1678 socket_enter_listening(s);
1679
1680 return;
1681
1682 fail:
1683 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1684 }
1685
1686 static void socket_enter_start_chown(Socket *s) {
1687 int r;
1688
1689 assert(s);
1690
1691 r = socket_open_fds(s);
1692 if (r < 0) {
1693 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to listen on sockets: %m", UNIT(s)->id);
1694 goto fail;
1695 }
1696
1697 if (!isempty(s->user) || !isempty(s->group)) {
1698
1699 socket_unwatch_control_pid(s);
1700 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1701 s->control_command = NULL;
1702
1703 r = socket_chown(s, &s->control_pid);
1704 if (r < 0) {
1705 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to fork 'start-chown' task: %m", UNIT(s)->id);
1706 goto fail;
1707 }
1708
1709 socket_set_state(s, SOCKET_START_CHOWN);
1710 } else
1711 socket_enter_start_post(s);
1712
1713 return;
1714
1715 fail:
1716 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1717 }
1718
1719 static void socket_enter_start_pre(Socket *s) {
1720 int r;
1721 assert(s);
1722
1723 socket_unwatch_control_pid(s);
1724 s->control_command_id = SOCKET_EXEC_START_PRE;
1725 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1726
1727 if (s->control_command) {
1728 r = socket_spawn(s, s->control_command, &s->control_pid);
1729 if (r < 0) {
1730 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'start-pre' task: %m", UNIT(s)->id);
1731 goto fail;
1732 }
1733
1734 socket_set_state(s, SOCKET_START_PRE);
1735 } else
1736 socket_enter_start_chown(s);
1737
1738 return;
1739
1740 fail:
1741 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1742 }
1743
1744 static void socket_enter_running(Socket *s, int cfd) {
1745 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1746 int r;
1747
1748 assert(s);
1749
1750 /* We don't take connections anymore if we are supposed to
1751 * shut down anyway */
1752 if (unit_stop_pending(UNIT(s))) {
1753
1754 log_unit_debug(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
1755
1756 if (cfd >= 0)
1757 safe_close(cfd);
1758 else {
1759 /* Flush all sockets by closing and reopening them */
1760 socket_close_fds(s);
1761
1762 r = socket_open_fds(s);
1763 if (r < 0) {
1764 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to listen on sockets: %m", UNIT(s)->id);
1765 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1766 return;
1767 }
1768
1769 r = socket_watch_fds(s);
1770 if (r < 0) {
1771 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to watch sockets: %m", UNIT(s)->id);
1772 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1773 }
1774 }
1775
1776 return;
1777 }
1778
1779 if (cfd < 0) {
1780 Iterator i;
1781 Unit *other;
1782 bool pending = false;
1783
1784 /* If there's already a start pending don't bother to
1785 * do anything */
1786 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1787 if (unit_active_or_pending(other)) {
1788 pending = true;
1789 break;
1790 }
1791
1792 if (!pending) {
1793 if (!UNIT_ISSET(s->service)) {
1794 log_unit_error(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
1795 r = -ENOENT;
1796 goto fail;
1797 }
1798
1799 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1800 if (r < 0)
1801 goto fail;
1802 }
1803
1804 socket_set_state(s, SOCKET_RUNNING);
1805 } else {
1806 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1807 Service *service;
1808
1809 if (s->n_connections >= s->max_connections) {
1810 log_unit_warning(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
1811 safe_close(cfd);
1812 return;
1813 }
1814
1815 r = socket_instantiate_service(s);
1816 if (r < 0)
1817 goto fail;
1818
1819 r = instance_from_socket(cfd, s->n_accepted, &instance);
1820 if (r < 0) {
1821 if (r != -ENOTCONN)
1822 goto fail;
1823
1824 /* ENOTCONN is legitimate if TCP RST was received.
1825 * This connection is over, but the socket unit lives on. */
1826 safe_close(cfd);
1827 return;
1828 }
1829
1830 prefix = unit_name_to_prefix(UNIT(s)->id);
1831 if (!prefix) {
1832 r = -ENOMEM;
1833 goto fail;
1834 }
1835
1836 name = unit_name_build(prefix, instance, ".service");
1837 if (!name) {
1838 r = -ENOMEM;
1839 goto fail;
1840 }
1841
1842 r = unit_add_name(UNIT_DEREF(s->service), name);
1843 if (r < 0)
1844 goto fail;
1845
1846 service = SERVICE(UNIT_DEREF(s->service));
1847 unit_ref_unset(&s->service);
1848 s->n_accepted ++;
1849
1850 UNIT(service)->no_gc = false;
1851
1852 unit_choose_id(UNIT(service), name);
1853
1854 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1855 if (r < 0)
1856 goto fail;
1857
1858 cfd = -1;
1859 s->n_connections ++;
1860
1861 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1862 if (r < 0)
1863 goto fail;
1864
1865 /* Notify clients about changed counters */
1866 unit_add_to_dbus_queue(UNIT(s));
1867 }
1868
1869 return;
1870
1871 fail:
1872 log_unit_warning(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1873 UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
1874 bus_error_message(&error, r));
1875
1876 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1877 safe_close(cfd);
1878 }
1879
1880 static void socket_run_next(Socket *s) {
1881 int r;
1882
1883 assert(s);
1884 assert(s->control_command);
1885 assert(s->control_command->command_next);
1886
1887 socket_unwatch_control_pid(s);
1888
1889 s->control_command = s->control_command->command_next;
1890
1891 r = socket_spawn(s, s->control_command, &s->control_pid);
1892 if (r < 0)
1893 goto fail;
1894
1895 return;
1896
1897 fail:
1898 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run next task: %m", UNIT(s)->id);
1899
1900 if (s->state == SOCKET_START_POST)
1901 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1902 else if (s->state == SOCKET_STOP_POST)
1903 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1904 else
1905 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1906 }
1907
1908 static int socket_start(Unit *u) {
1909 Socket *s = SOCKET(u);
1910
1911 assert(s);
1912
1913 /* We cannot fulfill this request right now, try again later
1914 * please! */
1915 if (IN_SET(s->state,
1916 SOCKET_STOP_PRE,
1917 SOCKET_STOP_PRE_SIGKILL,
1918 SOCKET_STOP_PRE_SIGTERM,
1919 SOCKET_STOP_POST,
1920 SOCKET_FINAL_SIGTERM,
1921 SOCKET_FINAL_SIGKILL))
1922 return -EAGAIN;
1923
1924 /* Already on it! */
1925 if (IN_SET(s->state,
1926 SOCKET_START_PRE,
1927 SOCKET_START_CHOWN,
1928 SOCKET_START_POST))
1929 return 0;
1930
1931 /* Cannot run this without the service being around */
1932 if (UNIT_ISSET(s->service)) {
1933 Service *service;
1934
1935 service = SERVICE(UNIT_DEREF(s->service));
1936
1937 if (UNIT(service)->load_state != UNIT_LOADED) {
1938 log_unit_error(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1939 return -ENOENT;
1940 }
1941
1942 /* If the service is already active we cannot start the
1943 * socket */
1944 if (service->state != SERVICE_DEAD &&
1945 service->state != SERVICE_FAILED &&
1946 service->state != SERVICE_AUTO_RESTART) {
1947 log_unit_error(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
1948 return -EBUSY;
1949 }
1950 }
1951
1952 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1953
1954 s->result = SOCKET_SUCCESS;
1955 socket_enter_start_pre(s);
1956
1957 return 1;
1958 }
1959
1960 static int socket_stop(Unit *u) {
1961 Socket *s = SOCKET(u);
1962
1963 assert(s);
1964
1965 /* Already on it */
1966 if (IN_SET(s->state,
1967 SOCKET_STOP_PRE,
1968 SOCKET_STOP_PRE_SIGTERM,
1969 SOCKET_STOP_PRE_SIGKILL,
1970 SOCKET_STOP_POST,
1971 SOCKET_FINAL_SIGTERM,
1972 SOCKET_FINAL_SIGKILL))
1973 return 0;
1974
1975 /* If there's already something running we go directly into
1976 * kill mode. */
1977 if (IN_SET(s->state,
1978 SOCKET_START_PRE,
1979 SOCKET_START_CHOWN,
1980 SOCKET_START_POST)) {
1981 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1982 return -EAGAIN;
1983 }
1984
1985 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1986
1987 socket_enter_stop_pre(s, SOCKET_SUCCESS);
1988 return 1;
1989 }
1990
1991 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1992 Socket *s = SOCKET(u);
1993 SocketPort *p;
1994 int r;
1995
1996 assert(u);
1997 assert(f);
1998 assert(fds);
1999
2000 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2001 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2002 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2003
2004 if (s->control_pid > 0)
2005 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2006
2007 if (s->control_command_id >= 0)
2008 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2009
2010 LIST_FOREACH(port, p, s->ports) {
2011 int copy;
2012
2013 if (p->fd < 0)
2014 continue;
2015
2016 copy = fdset_put_dup(fds, p->fd);
2017 if (copy < 0)
2018 return copy;
2019
2020 if (p->type == SOCKET_SOCKET) {
2021 _cleanup_free_ char *t = NULL;
2022
2023 r = socket_address_print(&p->address, &t);
2024 if (r < 0)
2025 return r;
2026
2027 if (socket_address_family(&p->address) == AF_NETLINK)
2028 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2029 else
2030 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2031
2032 } else if (p->type == SOCKET_SPECIAL)
2033 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2034 else if (p->type == SOCKET_MQUEUE)
2035 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2036 else {
2037 assert(p->type == SOCKET_FIFO);
2038 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2039 }
2040 }
2041
2042 return 0;
2043 }
2044
2045 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2046 Socket *s = SOCKET(u);
2047
2048 assert(u);
2049 assert(key);
2050 assert(value);
2051
2052 if (streq(key, "state")) {
2053 SocketState state;
2054
2055 state = socket_state_from_string(value);
2056 if (state < 0)
2057 log_unit_debug(u->id, "Failed to parse state value %s", value);
2058 else
2059 s->deserialized_state = state;
2060 } else if (streq(key, "result")) {
2061 SocketResult f;
2062
2063 f = socket_result_from_string(value);
2064 if (f < 0)
2065 log_unit_debug(u->id, "Failed to parse result value %s", value);
2066 else if (f != SOCKET_SUCCESS)
2067 s->result = f;
2068
2069 } else if (streq(key, "n-accepted")) {
2070 unsigned k;
2071
2072 if (safe_atou(value, &k) < 0)
2073 log_unit_debug(u->id, "Failed to parse n-accepted value %s", value);
2074 else
2075 s->n_accepted += k;
2076 } else if (streq(key, "control-pid")) {
2077 pid_t pid;
2078
2079 if (parse_pid(value, &pid) < 0)
2080 log_unit_debug(u->id, "Failed to parse control-pid value %s", value);
2081 else
2082 s->control_pid = pid;
2083 } else if (streq(key, "control-command")) {
2084 SocketExecCommand id;
2085
2086 id = socket_exec_command_from_string(value);
2087 if (id < 0)
2088 log_unit_debug(u->id, "Failed to parse exec-command value %s", value);
2089 else {
2090 s->control_command_id = id;
2091 s->control_command = s->exec_command[id];
2092 }
2093 } else if (streq(key, "fifo")) {
2094 int fd, skip = 0;
2095 SocketPort *p;
2096
2097 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2098 log_unit_debug(u->id, "Failed to parse fifo value %s", value);
2099 else {
2100
2101 LIST_FOREACH(port, p, s->ports)
2102 if (p->type == SOCKET_FIFO &&
2103 path_equal_or_files_same(p->path, value+skip))
2104 break;
2105
2106 if (p) {
2107 safe_close(p->fd);
2108 p->fd = fdset_remove(fds, fd);
2109 }
2110 }
2111
2112 } else if (streq(key, "special")) {
2113 int fd, skip = 0;
2114 SocketPort *p;
2115
2116 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2117 log_unit_debug(u->id, "Failed to parse special value %s", value);
2118 else {
2119
2120 LIST_FOREACH(port, p, s->ports)
2121 if (p->type == SOCKET_SPECIAL &&
2122 path_equal_or_files_same(p->path, value+skip))
2123 break;
2124
2125 if (p) {
2126 safe_close(p->fd);
2127 p->fd = fdset_remove(fds, fd);
2128 }
2129 }
2130
2131 } else if (streq(key, "mqueue")) {
2132 int fd, skip = 0;
2133 SocketPort *p;
2134
2135 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2136 log_unit_debug(u->id, "Failed to parse mqueue value %s", value);
2137 else {
2138
2139 LIST_FOREACH(port, p, s->ports)
2140 if (p->type == SOCKET_MQUEUE &&
2141 streq(p->path, value+skip))
2142 break;
2143
2144 if (p) {
2145 safe_close(p->fd);
2146 p->fd = fdset_remove(fds, fd);
2147 }
2148 }
2149
2150 } else if (streq(key, "socket")) {
2151 int fd, type, skip = 0;
2152 SocketPort *p;
2153
2154 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2155 log_unit_debug(u->id, "Failed to parse socket value %s", value);
2156 else {
2157
2158 LIST_FOREACH(port, p, s->ports)
2159 if (socket_address_is(&p->address, value+skip, type))
2160 break;
2161
2162 if (p) {
2163 safe_close(p->fd);
2164 p->fd = fdset_remove(fds, fd);
2165 }
2166 }
2167
2168 } else if (streq(key, "netlink")) {
2169 int fd, skip = 0;
2170 SocketPort *p;
2171
2172 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2173 log_unit_debug(u->id, "Failed to parse socket value %s", value);
2174 else {
2175
2176 LIST_FOREACH(port, p, s->ports)
2177 if (socket_address_is_netlink(&p->address, value+skip))
2178 break;
2179
2180 if (p) {
2181 safe_close(p->fd);
2182 p->fd = fdset_remove(fds, fd);
2183 }
2184 }
2185 } else
2186 log_unit_debug(UNIT(s)->id, "Unknown serialization key '%s'", key);
2187
2188 return 0;
2189 }
2190
2191 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2192 Socket *s = SOCKET(u);
2193 SocketPort *p;
2194
2195 assert(u);
2196
2197 LIST_FOREACH(port, p, s->ports) {
2198 Iterator i;
2199 int fd;
2200
2201 if (p->type != SOCKET_SOCKET)
2202 continue;
2203
2204 if (p->fd >= 0)
2205 continue;
2206
2207 FDSET_FOREACH(fd, fds, i) {
2208 if (socket_address_matches_fd(&p->address, fd)) {
2209 p->fd = fdset_remove(fds, fd);
2210 s->deserialized_state = SOCKET_LISTENING;
2211 break;
2212 }
2213 }
2214 }
2215
2216 return 0;
2217 }
2218
2219 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2220 assert(u);
2221
2222 return state_translation_table[SOCKET(u)->state];
2223 }
2224
2225 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2226 assert(u);
2227
2228 return socket_state_to_string(SOCKET(u)->state);
2229 }
2230
2231 const char* socket_port_type_to_string(SocketPort *p) {
2232
2233 assert(p);
2234
2235 switch (p->type) {
2236
2237 case SOCKET_SOCKET:
2238
2239 switch (p->address.type) {
2240
2241 case SOCK_STREAM:
2242 return "Stream";
2243
2244 case SOCK_DGRAM:
2245 return "Datagram";
2246
2247 case SOCK_SEQPACKET:
2248 return "SequentialPacket";
2249
2250 case SOCK_RAW:
2251 if (socket_address_family(&p->address) == AF_NETLINK)
2252 return "Netlink";
2253
2254 default:
2255 return NULL;
2256 }
2257
2258 case SOCKET_SPECIAL:
2259 return "Special";
2260
2261 case SOCKET_MQUEUE:
2262 return "MessageQueue";
2263
2264 case SOCKET_FIFO:
2265 return "FIFO";
2266
2267 default:
2268 return NULL;
2269 }
2270 }
2271
2272 _pure_ static bool socket_check_gc(Unit *u) {
2273 Socket *s = SOCKET(u);
2274
2275 assert(u);
2276
2277 return s->n_connections > 0;
2278 }
2279
2280 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2281 SocketPort *p = userdata;
2282 int cfd = -1;
2283
2284 assert(p);
2285 assert(fd >= 0);
2286
2287 if (p->socket->state != SOCKET_LISTENING)
2288 return 0;
2289
2290 log_unit_debug(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
2291
2292 if (revents != EPOLLIN) {
2293
2294 if (revents & EPOLLHUP)
2295 log_unit_error(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
2296 UNIT(p->socket)->id);
2297 else
2298 log_unit_error(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
2299 UNIT(p->socket)->id, revents);
2300
2301 goto fail;
2302 }
2303
2304 if (p->socket->accept &&
2305 p->type == SOCKET_SOCKET &&
2306 socket_address_can_accept(&p->address)) {
2307
2308 for (;;) {
2309
2310 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2311 if (cfd < 0) {
2312
2313 if (errno == EINTR)
2314 continue;
2315
2316 log_unit_error(UNIT(p->socket)->id,
2317 "Failed to accept socket: %m");
2318 goto fail;
2319 }
2320
2321 break;
2322 }
2323
2324 socket_apply_socket_options(p->socket, cfd);
2325 }
2326
2327 socket_enter_running(p->socket, cfd);
2328 return 0;
2329
2330 fail:
2331 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2332 return 0;
2333 }
2334
2335 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2336 Socket *s = SOCKET(u);
2337 SocketResult f;
2338
2339 assert(s);
2340 assert(pid >= 0);
2341
2342 if (pid != s->control_pid)
2343 return;
2344
2345 s->control_pid = 0;
2346
2347 if (is_clean_exit(code, status, NULL))
2348 f = SOCKET_SUCCESS;
2349 else if (code == CLD_EXITED)
2350 f = SOCKET_FAILURE_EXIT_CODE;
2351 else if (code == CLD_KILLED)
2352 f = SOCKET_FAILURE_SIGNAL;
2353 else if (code == CLD_DUMPED)
2354 f = SOCKET_FAILURE_CORE_DUMP;
2355 else
2356 assert_not_reached("Unknown sigchld code");
2357
2358 if (s->control_command) {
2359 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2360
2361 if (s->control_command->ignore)
2362 f = SOCKET_SUCCESS;
2363 }
2364
2365 log_unit_full(u->id,
2366 f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
2367 "%s control process exited, code=%s status=%i",
2368 u->id, sigchld_code_to_string(code), status);
2369
2370 if (f != SOCKET_SUCCESS)
2371 s->result = f;
2372
2373 if (s->control_command &&
2374 s->control_command->command_next &&
2375 f == SOCKET_SUCCESS) {
2376
2377 log_unit_debug(u->id,
2378 "%s running next command for state %s",
2379 u->id, socket_state_to_string(s->state));
2380 socket_run_next(s);
2381 } else {
2382 s->control_command = NULL;
2383 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2384
2385 /* No further commands for this step, so let's figure
2386 * out what to do next */
2387
2388 log_unit_debug(u->id,
2389 "%s got final SIGCHLD for state %s",
2390 u->id, socket_state_to_string(s->state));
2391
2392 switch (s->state) {
2393
2394 case SOCKET_START_PRE:
2395 if (f == SOCKET_SUCCESS)
2396 socket_enter_start_chown(s);
2397 else
2398 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2399 break;
2400
2401 case SOCKET_START_CHOWN:
2402 if (f == SOCKET_SUCCESS)
2403 socket_enter_start_post(s);
2404 else
2405 socket_enter_stop_pre(s, f);
2406 break;
2407
2408 case SOCKET_START_POST:
2409 if (f == SOCKET_SUCCESS)
2410 socket_enter_listening(s);
2411 else
2412 socket_enter_stop_pre(s, f);
2413 break;
2414
2415 case SOCKET_STOP_PRE:
2416 case SOCKET_STOP_PRE_SIGTERM:
2417 case SOCKET_STOP_PRE_SIGKILL:
2418 socket_enter_stop_post(s, f);
2419 break;
2420
2421 case SOCKET_STOP_POST:
2422 case SOCKET_FINAL_SIGTERM:
2423 case SOCKET_FINAL_SIGKILL:
2424 socket_enter_dead(s, f);
2425 break;
2426
2427 default:
2428 assert_not_reached("Uh, control process died at wrong time.");
2429 }
2430 }
2431
2432 /* Notify clients about changed exit status */
2433 unit_add_to_dbus_queue(u);
2434 }
2435
2436 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2437 Socket *s = SOCKET(userdata);
2438
2439 assert(s);
2440 assert(s->timer_event_source == source);
2441
2442 switch (s->state) {
2443
2444 case SOCKET_START_PRE:
2445 log_unit_warning(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
2446 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2447 break;
2448
2449 case SOCKET_START_CHOWN:
2450 case SOCKET_START_POST:
2451 log_unit_warning(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
2452 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2453 break;
2454
2455 case SOCKET_STOP_PRE:
2456 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
2457 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2458 break;
2459
2460 case SOCKET_STOP_PRE_SIGTERM:
2461 if (s->kill_context.send_sigkill) {
2462 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
2463 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2464 } else {
2465 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2466 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2467 }
2468 break;
2469
2470 case SOCKET_STOP_PRE_SIGKILL:
2471 log_unit_warning(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
2472 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2473 break;
2474
2475 case SOCKET_STOP_POST:
2476 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
2477 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2478 break;
2479
2480 case SOCKET_FINAL_SIGTERM:
2481 if (s->kill_context.send_sigkill) {
2482 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
2483 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2484 } else {
2485 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2486 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2487 }
2488 break;
2489
2490 case SOCKET_FINAL_SIGKILL:
2491 log_unit_warning(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
2492 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2493 break;
2494
2495 default:
2496 assert_not_reached("Timeout at wrong time.");
2497 }
2498
2499 return 0;
2500 }
2501
2502 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2503 int *rfds;
2504 unsigned rn_fds, k;
2505 SocketPort *p;
2506
2507 assert(s);
2508 assert(fds);
2509 assert(n_fds);
2510
2511 /* Called from the service code for requesting our fds */
2512
2513 rn_fds = 0;
2514 LIST_FOREACH(port, p, s->ports)
2515 if (p->fd >= 0)
2516 rn_fds++;
2517
2518 if (rn_fds <= 0) {
2519 *fds = NULL;
2520 *n_fds = 0;
2521 return 0;
2522 }
2523
2524 if (!(rfds = new(int, rn_fds)))
2525 return -ENOMEM;
2526
2527 k = 0;
2528 LIST_FOREACH(port, p, s->ports)
2529 if (p->fd >= 0)
2530 rfds[k++] = p->fd;
2531
2532 assert(k == rn_fds);
2533
2534 *fds = rfds;
2535 *n_fds = rn_fds;
2536
2537 return 0;
2538 }
2539
2540 static void socket_reset_failed(Unit *u) {
2541 Socket *s = SOCKET(u);
2542
2543 assert(s);
2544
2545 if (s->state == SOCKET_FAILED)
2546 socket_set_state(s, SOCKET_DEAD);
2547
2548 s->result = SOCKET_SUCCESS;
2549 }
2550
2551 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2552 assert(s);
2553
2554 /* The service is dead. Dang!
2555 *
2556 * This is strictly for one-instance-for-all-connections
2557 * services. */
2558
2559 if (s->state == SOCKET_RUNNING) {
2560 log_unit_debug(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
2561 if (failed_permanent)
2562 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2563 else
2564 socket_enter_listening(s);
2565 }
2566 }
2567
2568 void socket_connection_unref(Socket *s) {
2569 assert(s);
2570
2571 /* The service is dead. Yay!
2572 *
2573 * This is strictly for one-instance-per-connection
2574 * services. */
2575
2576 assert(s->n_connections > 0);
2577 s->n_connections--;
2578
2579 log_unit_debug(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
2580 }
2581
2582 static void socket_trigger_notify(Unit *u, Unit *other) {
2583 Socket *s = SOCKET(u);
2584 Service *se;
2585
2586 assert(u);
2587 assert(other);
2588
2589 /* Don't propagate state changes from the service if we are
2590 already down or accepting connections */
2591 if ((s->state != SOCKET_RUNNING &&
2592 s->state != SOCKET_LISTENING) ||
2593 s->accept)
2594 return;
2595
2596 if (other->load_state != UNIT_LOADED ||
2597 other->type != UNIT_SERVICE)
2598 return;
2599
2600 se = SERVICE(other);
2601
2602 if (se->state == SERVICE_FAILED)
2603 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2604
2605 if (se->state == SERVICE_DEAD ||
2606 se->state == SERVICE_FINAL_SIGTERM ||
2607 se->state == SERVICE_FINAL_SIGKILL ||
2608 se->state == SERVICE_AUTO_RESTART)
2609 socket_notify_service_dead(s, false);
2610
2611 if (se->state == SERVICE_RUNNING)
2612 socket_set_state(s, SOCKET_RUNNING);
2613 }
2614
2615 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2616 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2617 }
2618
2619 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2620 Socket *s = SOCKET(u);
2621 int r;
2622
2623 if (!s->timer_event_source)
2624 return 0;
2625
2626 r = sd_event_source_get_time(s->timer_event_source, timeout);
2627 if (r < 0)
2628 return r;
2629
2630 return 1;
2631 }
2632
2633 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2634 [SOCKET_DEAD] = "dead",
2635 [SOCKET_START_PRE] = "start-pre",
2636 [SOCKET_START_CHOWN] = "start-chown",
2637 [SOCKET_START_POST] = "start-post",
2638 [SOCKET_LISTENING] = "listening",
2639 [SOCKET_RUNNING] = "running",
2640 [SOCKET_STOP_PRE] = "stop-pre",
2641 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2642 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2643 [SOCKET_STOP_POST] = "stop-post",
2644 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2645 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2646 [SOCKET_FAILED] = "failed"
2647 };
2648
2649 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2650
2651 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2652 [SOCKET_EXEC_START_PRE] = "StartPre",
2653 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2654 [SOCKET_EXEC_START_POST] = "StartPost",
2655 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2656 [SOCKET_EXEC_STOP_POST] = "StopPost"
2657 };
2658
2659 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2660
2661 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2662 [SOCKET_SUCCESS] = "success",
2663 [SOCKET_FAILURE_RESOURCES] = "resources",
2664 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2665 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2666 [SOCKET_FAILURE_SIGNAL] = "signal",
2667 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2668 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2669 };
2670
2671 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2672
2673 const UnitVTable socket_vtable = {
2674 .object_size = sizeof(Socket),
2675 .exec_context_offset = offsetof(Socket, exec_context),
2676 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2677 .kill_context_offset = offsetof(Socket, kill_context),
2678 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2679
2680 .sections =
2681 "Unit\0"
2682 "Socket\0"
2683 "Install\0",
2684 .private_section = "Socket",
2685
2686 .init = socket_init,
2687 .done = socket_done,
2688 .load = socket_load,
2689
2690 .coldplug = socket_coldplug,
2691
2692 .dump = socket_dump,
2693
2694 .start = socket_start,
2695 .stop = socket_stop,
2696
2697 .kill = socket_kill,
2698
2699 .get_timeout = socket_get_timeout,
2700
2701 .serialize = socket_serialize,
2702 .deserialize_item = socket_deserialize_item,
2703 .distribute_fds = socket_distribute_fds,
2704
2705 .active_state = socket_active_state,
2706 .sub_state_to_string = socket_sub_state_to_string,
2707
2708 .check_gc = socket_check_gc,
2709
2710 .sigchld_event = socket_sigchld_event,
2711
2712 .trigger_notify = socket_trigger_notify,
2713
2714 .reset_failed = socket_reset_failed,
2715
2716 .bus_interface = "org.freedesktop.systemd1.Socket",
2717 .bus_vtable = bus_socket_vtable,
2718 .bus_set_property = bus_socket_set_property,
2719 .bus_commit_properties = bus_socket_commit_properties,
2720
2721 .status_message_formats = {
2722 /*.starting_stopping = {
2723 [0] = "Starting socket %s...",
2724 [1] = "Stopping socket %s...",
2725 },*/
2726 .finished_start_job = {
2727 [JOB_DONE] = "Listening on %s.",
2728 [JOB_FAILED] = "Failed to listen on %s.",
2729 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2730 [JOB_TIMEOUT] = "Timed out starting %s.",
2731 },
2732 .finished_stop_job = {
2733 [JOB_DONE] = "Closed %s.",
2734 [JOB_FAILED] = "Failed stopping %s.",
2735 [JOB_TIMEOUT] = "Timed out stopping %s.",
2736 },
2737 },
2738 };
Unnamed repository; edit this file 'description' to name the repository.