]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #2216 from zonque/nameownerchanged
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <arpa/inet.h>
23 #include <errno.h>
24 #include <fcntl.h>
25 #include <mqueue.h>
26 #include <netinet/tcp.h>
27 #include <signal.h>
28 #include <sys/epoll.h>
29 #include <sys/stat.h>
30 #include <unistd.h>
31
32 #include "sd-event.h"
33
34 #include "alloc-util.h"
35 #include "bus-error.h"
36 #include "bus-util.h"
37 #include "copy.h"
38 #include "dbus-socket.h"
39 #include "def.h"
40 #include "exit-status.h"
41 #include "fd-util.h"
42 #include "formats-util.h"
43 #include "label.h"
44 #include "log.h"
45 #include "missing.h"
46 #include "mkdir.h"
47 #include "parse-util.h"
48 #include "path-util.h"
49 #include "process-util.h"
50 #include "selinux-util.h"
51 #include "signal-util.h"
52 #include "smack-util.h"
53 #include "socket.h"
54 #include "special.h"
55 #include "string-table.h"
56 #include "string-util.h"
57 #include "strv.h"
58 #include "unit-name.h"
59 #include "unit-printf.h"
60 #include "unit.h"
61 #include "user-util.h"
62
63 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
64 [SOCKET_DEAD] = UNIT_INACTIVE,
65 [SOCKET_START_PRE] = UNIT_ACTIVATING,
66 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
67 [SOCKET_START_POST] = UNIT_ACTIVATING,
68 [SOCKET_LISTENING] = UNIT_ACTIVE,
69 [SOCKET_RUNNING] = UNIT_ACTIVE,
70 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
71 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
72 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
73 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
74 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
75 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
76 [SOCKET_FAILED] = UNIT_FAILED
77 };
78
79 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
80 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
81
82 static void socket_init(Unit *u) {
83 Socket *s = SOCKET(u);
84
85 assert(u);
86 assert(u->load_state == UNIT_STUB);
87
88 s->backlog = SOMAXCONN;
89 s->timeout_usec = u->manager->default_timeout_start_usec;
90 s->directory_mode = 0755;
91 s->socket_mode = 0666;
92
93 s->max_connections = 64;
94
95 s->priority = -1;
96 s->ip_tos = -1;
97 s->ip_ttl = -1;
98 s->mark = -1;
99
100 s->exec_context.std_output = u->manager->default_std_output;
101 s->exec_context.std_error = u->manager->default_std_error;
102
103 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
104 }
105
106 static void socket_unwatch_control_pid(Socket *s) {
107 assert(s);
108
109 if (s->control_pid <= 0)
110 return;
111
112 unit_unwatch_pid(UNIT(s), s->control_pid);
113 s->control_pid = 0;
114 }
115
116 static void socket_cleanup_fd_list(SocketPort *p) {
117 assert(p);
118
119 close_many(p->auxiliary_fds, p->n_auxiliary_fds);
120 p->auxiliary_fds = mfree(p->auxiliary_fds);
121 p->n_auxiliary_fds = 0;
122 }
123
124 void socket_free_ports(Socket *s) {
125 SocketPort *p;
126
127 assert(s);
128
129 while ((p = s->ports)) {
130 LIST_REMOVE(port, s->ports, p);
131
132 sd_event_source_unref(p->event_source);
133
134 socket_cleanup_fd_list(p);
135 safe_close(p->fd);
136 free(p->path);
137 free(p);
138 }
139 }
140
141 static void socket_done(Unit *u) {
142 Socket *s = SOCKET(u);
143
144 assert(s);
145
146 socket_free_ports(s);
147
148 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
149 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
150 s->control_command = NULL;
151
152 socket_unwatch_control_pid(s);
153
154 unit_ref_unset(&s->service);
155
156 s->tcp_congestion = mfree(s->tcp_congestion);
157 s->bind_to_device = mfree(s->bind_to_device);
158
159 s->smack = mfree(s->smack);
160 s->smack_ip_in = mfree(s->smack_ip_in);
161 s->smack_ip_out = mfree(s->smack_ip_out);
162
163 strv_free(s->symlinks);
164
165 s->user = mfree(s->user);
166 s->group = mfree(s->group);
167
168 s->fdname = mfree(s->fdname);
169
170 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
171 }
172
173 static int socket_arm_timer(Socket *s) {
174 int r;
175
176 assert(s);
177
178 if (s->timeout_usec <= 0) {
179 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
180 return 0;
181 }
182
183 if (s->timer_event_source) {
184 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
185 if (r < 0)
186 return r;
187
188 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
189 }
190
191 r = sd_event_add_time(
192 UNIT(s)->manager->event,
193 &s->timer_event_source,
194 CLOCK_MONOTONIC,
195 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
196 socket_dispatch_timer, s);
197 if (r < 0)
198 return r;
199
200 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
201
202 return 0;
203 }
204
205 int socket_instantiate_service(Socket *s) {
206 _cleanup_free_ char *prefix = NULL, *name = NULL;
207 int r;
208 Unit *u;
209
210 assert(s);
211
212 /* This fills in s->service if it isn't filled in yet. For
213 * Accept=yes sockets we create the next connection service
214 * here. For Accept=no this is mostly a NOP since the service
215 * is figured out at load time anyway. */
216
217 if (UNIT_DEREF(s->service))
218 return 0;
219
220 if (!s->accept)
221 return 0;
222
223 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
224 if (r < 0)
225 return r;
226
227 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
228 return -ENOMEM;
229
230 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
231 if (r < 0)
232 return r;
233
234 u->no_gc = true;
235 unit_ref_set(&s->service, u);
236
237 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
238 }
239
240 static bool have_non_accept_socket(Socket *s) {
241 SocketPort *p;
242
243 assert(s);
244
245 if (!s->accept)
246 return true;
247
248 LIST_FOREACH(port, p, s->ports) {
249
250 if (p->type != SOCKET_SOCKET)
251 return true;
252
253 if (!socket_address_can_accept(&p->address))
254 return true;
255 }
256
257 return false;
258 }
259
260 static int socket_add_mount_links(Socket *s) {
261 SocketPort *p;
262 int r;
263
264 assert(s);
265
266 LIST_FOREACH(port, p, s->ports) {
267 const char *path = NULL;
268
269 if (p->type == SOCKET_SOCKET)
270 path = socket_address_get_path(&p->address);
271 else if (IN_SET(p->type, SOCKET_FIFO, SOCKET_SPECIAL, SOCKET_USB_FUNCTION))
272 path = p->path;
273
274 if (!path)
275 continue;
276
277 r = unit_require_mounts_for(UNIT(s), path);
278 if (r < 0)
279 return r;
280 }
281
282 return 0;
283 }
284
285 static int socket_add_device_link(Socket *s) {
286 char *t;
287
288 assert(s);
289
290 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
291 return 0;
292
293 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
294 return unit_add_node_link(UNIT(s), t, false, UNIT_BINDS_TO);
295 }
296
297 static int socket_add_default_dependencies(Socket *s) {
298 int r;
299 assert(s);
300
301 if (!UNIT(s)->default_dependencies)
302 return 0;
303
304 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
305 if (r < 0)
306 return r;
307
308 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
309 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
310 if (r < 0)
311 return r;
312 }
313
314 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
315 }
316
317 _pure_ static bool socket_has_exec(Socket *s) {
318 unsigned i;
319 assert(s);
320
321 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
322 if (s->exec_command[i])
323 return true;
324
325 return false;
326 }
327
328 static int socket_add_extras(Socket *s) {
329 Unit *u = UNIT(s);
330 int r;
331
332 assert(s);
333
334 if (have_non_accept_socket(s)) {
335
336 if (!UNIT_DEREF(s->service)) {
337 Unit *x;
338
339 r = unit_load_related_unit(u, ".service", &x);
340 if (r < 0)
341 return r;
342
343 unit_ref_set(&s->service, x);
344 }
345
346 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
347 if (r < 0)
348 return r;
349 }
350
351 r = socket_add_mount_links(s);
352 if (r < 0)
353 return r;
354
355 r = socket_add_device_link(s);
356 if (r < 0)
357 return r;
358
359 r = unit_patch_contexts(u);
360 if (r < 0)
361 return r;
362
363 if (socket_has_exec(s)) {
364 r = unit_add_exec_dependencies(u, &s->exec_context);
365 if (r < 0)
366 return r;
367
368 r = unit_set_default_slice(u);
369 if (r < 0)
370 return r;
371 }
372
373 r = socket_add_default_dependencies(s);
374 if (r < 0)
375 return r;
376
377 return 0;
378 }
379
380 static const char *socket_find_symlink_target(Socket *s) {
381 const char *found = NULL;
382 SocketPort *p;
383
384 LIST_FOREACH(port, p, s->ports) {
385 const char *f = NULL;
386
387 switch (p->type) {
388
389 case SOCKET_FIFO:
390 f = p->path;
391 break;
392
393 case SOCKET_SOCKET:
394 if (p->address.sockaddr.un.sun_path[0] != 0)
395 f = p->address.sockaddr.un.sun_path;
396 break;
397
398 default:
399 break;
400 }
401
402 if (f) {
403 if (found)
404 return NULL;
405
406 found = f;
407 }
408 }
409
410 return found;
411 }
412
413 static int socket_verify(Socket *s) {
414 assert(s);
415
416 if (UNIT(s)->load_state != UNIT_LOADED)
417 return 0;
418
419 if (!s->ports) {
420 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
421 return -EINVAL;
422 }
423
424 if (s->accept && have_non_accept_socket(s)) {
425 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
426 return -EINVAL;
427 }
428
429 if (s->accept && s->max_connections <= 0) {
430 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
431 return -EINVAL;
432 }
433
434 if (s->accept && UNIT_DEREF(s->service)) {
435 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
436 return -EINVAL;
437 }
438
439 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
440 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
441 return -EINVAL;
442 }
443
444 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
445 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
446 return -EINVAL;
447 }
448
449 return 0;
450 }
451
452 static int socket_load(Unit *u) {
453 Socket *s = SOCKET(u);
454 int r;
455
456 assert(u);
457 assert(u->load_state == UNIT_STUB);
458
459 r = unit_load_fragment_and_dropin(u);
460 if (r < 0)
461 return r;
462
463 if (u->load_state == UNIT_LOADED) {
464 /* This is a new unit? Then let's add in some extras */
465 r = socket_add_extras(s);
466 if (r < 0)
467 return r;
468 }
469
470 return socket_verify(s);
471 }
472
473 _const_ static const char* listen_lookup(int family, int type) {
474
475 if (family == AF_NETLINK)
476 return "ListenNetlink";
477
478 if (type == SOCK_STREAM)
479 return "ListenStream";
480 else if (type == SOCK_DGRAM)
481 return "ListenDatagram";
482 else if (type == SOCK_SEQPACKET)
483 return "ListenSequentialPacket";
484
485 assert_not_reached("Unknown socket type");
486 return NULL;
487 }
488
489 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
490 char time_string[FORMAT_TIMESPAN_MAX];
491 SocketExecCommand c;
492 Socket *s = SOCKET(u);
493 SocketPort *p;
494 const char *prefix2;
495
496 assert(s);
497 assert(f);
498
499 prefix = strempty(prefix);
500 prefix2 = strjoina(prefix, "\t");
501
502 fprintf(f,
503 "%sSocket State: %s\n"
504 "%sResult: %s\n"
505 "%sBindIPv6Only: %s\n"
506 "%sBacklog: %u\n"
507 "%sSocketMode: %04o\n"
508 "%sDirectoryMode: %04o\n"
509 "%sKeepAlive: %s\n"
510 "%sNoDelay: %s\n"
511 "%sFreeBind: %s\n"
512 "%sTransparent: %s\n"
513 "%sBroadcast: %s\n"
514 "%sPassCredentials: %s\n"
515 "%sPassSecurity: %s\n"
516 "%sTCPCongestion: %s\n"
517 "%sRemoveOnStop: %s\n"
518 "%sWritable: %s\n"
519 "%sFDName: %s\n"
520 "%sSELinuxContextFromNet: %s\n",
521 prefix, socket_state_to_string(s->state),
522 prefix, socket_result_to_string(s->result),
523 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
524 prefix, s->backlog,
525 prefix, s->socket_mode,
526 prefix, s->directory_mode,
527 prefix, yes_no(s->keep_alive),
528 prefix, yes_no(s->no_delay),
529 prefix, yes_no(s->free_bind),
530 prefix, yes_no(s->transparent),
531 prefix, yes_no(s->broadcast),
532 prefix, yes_no(s->pass_cred),
533 prefix, yes_no(s->pass_sec),
534 prefix, strna(s->tcp_congestion),
535 prefix, yes_no(s->remove_on_stop),
536 prefix, yes_no(s->writable),
537 prefix, socket_fdname(s),
538 prefix, yes_no(s->selinux_context_from_net));
539
540 if (s->control_pid > 0)
541 fprintf(f,
542 "%sControl PID: "PID_FMT"\n",
543 prefix, s->control_pid);
544
545 if (s->bind_to_device)
546 fprintf(f,
547 "%sBindToDevice: %s\n",
548 prefix, s->bind_to_device);
549
550 if (s->accept)
551 fprintf(f,
552 "%sAccepted: %u\n"
553 "%sNConnections: %u\n"
554 "%sMaxConnections: %u\n",
555 prefix, s->n_accepted,
556 prefix, s->n_connections,
557 prefix, s->max_connections);
558
559 if (s->priority >= 0)
560 fprintf(f,
561 "%sPriority: %i\n",
562 prefix, s->priority);
563
564 if (s->receive_buffer > 0)
565 fprintf(f,
566 "%sReceiveBuffer: %zu\n",
567 prefix, s->receive_buffer);
568
569 if (s->send_buffer > 0)
570 fprintf(f,
571 "%sSendBuffer: %zu\n",
572 prefix, s->send_buffer);
573
574 if (s->ip_tos >= 0)
575 fprintf(f,
576 "%sIPTOS: %i\n",
577 prefix, s->ip_tos);
578
579 if (s->ip_ttl >= 0)
580 fprintf(f,
581 "%sIPTTL: %i\n",
582 prefix, s->ip_ttl);
583
584 if (s->pipe_size > 0)
585 fprintf(f,
586 "%sPipeSize: %zu\n",
587 prefix, s->pipe_size);
588
589 if (s->mark >= 0)
590 fprintf(f,
591 "%sMark: %i\n",
592 prefix, s->mark);
593
594 if (s->mq_maxmsg > 0)
595 fprintf(f,
596 "%sMessageQueueMaxMessages: %li\n",
597 prefix, s->mq_maxmsg);
598
599 if (s->mq_msgsize > 0)
600 fprintf(f,
601 "%sMessageQueueMessageSize: %li\n",
602 prefix, s->mq_msgsize);
603
604 if (s->reuse_port)
605 fprintf(f,
606 "%sReusePort: %s\n",
607 prefix, yes_no(s->reuse_port));
608
609 if (s->smack)
610 fprintf(f,
611 "%sSmackLabel: %s\n",
612 prefix, s->smack);
613
614 if (s->smack_ip_in)
615 fprintf(f,
616 "%sSmackLabelIPIn: %s\n",
617 prefix, s->smack_ip_in);
618
619 if (s->smack_ip_out)
620 fprintf(f,
621 "%sSmackLabelIPOut: %s\n",
622 prefix, s->smack_ip_out);
623
624 if (!isempty(s->user) || !isempty(s->group))
625 fprintf(f,
626 "%sOwnerUser: %s\n"
627 "%sOwnerGroup: %s\n",
628 prefix, strna(s->user),
629 prefix, strna(s->group));
630
631 if (s->keep_alive_time > 0)
632 fprintf(f,
633 "%sKeepAliveTimeSec: %s\n",
634 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
635
636 if (s->keep_alive_interval)
637 fprintf(f,
638 "%sKeepAliveIntervalSec: %s\n",
639 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
640
641 if (s->keep_alive_cnt)
642 fprintf(f,
643 "%sKeepAliveProbes: %u\n",
644 prefix, s->keep_alive_cnt);
645
646 if (s->defer_accept)
647 fprintf(f,
648 "%sDeferAcceptSec: %s\n",
649 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
650
651 LIST_FOREACH(port, p, s->ports) {
652
653 if (p->type == SOCKET_SOCKET) {
654 const char *t;
655 int r;
656 char *k = NULL;
657
658 r = socket_address_print(&p->address, &k);
659 if (r < 0)
660 t = strerror(-r);
661 else
662 t = k;
663
664 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
665 free(k);
666 } else if (p->type == SOCKET_SPECIAL)
667 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
668 else if (p->type == SOCKET_USB_FUNCTION)
669 fprintf(f, "%sListenUSBFunction: %s\n", prefix, p->path);
670 else if (p->type == SOCKET_MQUEUE)
671 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
672 else
673 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
674 }
675
676 exec_context_dump(&s->exec_context, f, prefix);
677 kill_context_dump(&s->kill_context, f, prefix);
678
679 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
680 if (!s->exec_command[c])
681 continue;
682
683 fprintf(f, "%s-> %s:\n",
684 prefix, socket_exec_command_to_string(c));
685
686 exec_command_dump_list(s->exec_command[c], f, prefix2);
687 }
688 }
689
690 static int instance_from_socket(int fd, unsigned nr, char **instance) {
691 socklen_t l;
692 char *r;
693 union sockaddr_union local, remote;
694
695 assert(fd >= 0);
696 assert(instance);
697
698 l = sizeof(local);
699 if (getsockname(fd, &local.sa, &l) < 0)
700 return -errno;
701
702 l = sizeof(remote);
703 if (getpeername(fd, &remote.sa, &l) < 0)
704 return -errno;
705
706 switch (local.sa.sa_family) {
707
708 case AF_INET: {
709 uint32_t
710 a = ntohl(local.in.sin_addr.s_addr),
711 b = ntohl(remote.in.sin_addr.s_addr);
712
713 if (asprintf(&r,
714 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
715 nr,
716 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
717 ntohs(local.in.sin_port),
718 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
719 ntohs(remote.in.sin_port)) < 0)
720 return -ENOMEM;
721
722 break;
723 }
724
725 case AF_INET6: {
726 static const unsigned char ipv4_prefix[] = {
727 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
728 };
729
730 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
731 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
732 const uint8_t
733 *a = local.in6.sin6_addr.s6_addr+12,
734 *b = remote.in6.sin6_addr.s6_addr+12;
735
736 if (asprintf(&r,
737 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
738 nr,
739 a[0], a[1], a[2], a[3],
740 ntohs(local.in6.sin6_port),
741 b[0], b[1], b[2], b[3],
742 ntohs(remote.in6.sin6_port)) < 0)
743 return -ENOMEM;
744 } else {
745 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
746
747 if (asprintf(&r,
748 "%u-%s:%u-%s:%u",
749 nr,
750 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
751 ntohs(local.in6.sin6_port),
752 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
753 ntohs(remote.in6.sin6_port)) < 0)
754 return -ENOMEM;
755 }
756
757 break;
758 }
759
760 case AF_UNIX: {
761 struct ucred ucred;
762 int k;
763
764 k = getpeercred(fd, &ucred);
765 if (k >= 0) {
766 if (asprintf(&r,
767 "%u-"PID_FMT"-"UID_FMT,
768 nr, ucred.pid, ucred.uid) < 0)
769 return -ENOMEM;
770 } else if (k == -ENODATA) {
771 /* This handles the case where somebody is
772 * connecting from another pid/uid namespace
773 * (e.g. from outside of our container). */
774 if (asprintf(&r,
775 "%u-unknown",
776 nr) < 0)
777 return -ENOMEM;
778 } else
779 return k;
780
781 break;
782 }
783
784 default:
785 assert_not_reached("Unhandled socket type.");
786 }
787
788 *instance = r;
789 return 0;
790 }
791
792 static void socket_close_fds(Socket *s) {
793 SocketPort *p;
794 char **i;
795
796 assert(s);
797
798 LIST_FOREACH(port, p, s->ports) {
799
800 p->event_source = sd_event_source_unref(p->event_source);
801
802 if (p->fd < 0)
803 continue;
804
805 p->fd = safe_close(p->fd);
806 socket_cleanup_fd_list(p);
807
808 /* One little note: we should normally not delete any
809 * sockets in the file system here! After all some
810 * other process we spawned might still have a
811 * reference of this fd and wants to continue to use
812 * it. Therefore we delete sockets in the file system
813 * before we create a new one, not after we stopped
814 * using one! */
815
816 if (s->remove_on_stop) {
817 switch (p->type) {
818
819 case SOCKET_FIFO:
820 unlink(p->path);
821 break;
822
823 case SOCKET_MQUEUE:
824 mq_unlink(p->path);
825 break;
826
827 case SOCKET_SOCKET:
828 socket_address_unlink(&p->address);
829 break;
830
831 default:
832 break;
833 }
834 }
835 }
836
837 if (s->remove_on_stop)
838 STRV_FOREACH(i, s->symlinks)
839 unlink(*i);
840 }
841
842 static void socket_apply_socket_options(Socket *s, int fd) {
843 int r;
844
845 assert(s);
846 assert(fd >= 0);
847
848 if (s->keep_alive) {
849 int b = s->keep_alive;
850 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
851 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
852 }
853
854 if (s->keep_alive_time) {
855 int value = s->keep_alive_time / USEC_PER_SEC;
856 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
857 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
858 }
859
860 if (s->keep_alive_interval) {
861 int value = s->keep_alive_interval / USEC_PER_SEC;
862 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
863 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
864 }
865
866 if (s->keep_alive_cnt) {
867 int value = s->keep_alive_cnt;
868 if (setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &value, sizeof(value)) < 0)
869 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
870 }
871
872 if (s->defer_accept) {
873 int value = s->defer_accept / USEC_PER_SEC;
874 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
875 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
876 }
877
878 if (s->no_delay) {
879 int b = s->no_delay;
880 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
881 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
882 }
883
884 if (s->broadcast) {
885 int one = 1;
886 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
887 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
888 }
889
890 if (s->pass_cred) {
891 int one = 1;
892 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
893 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
894 }
895
896 if (s->pass_sec) {
897 int one = 1;
898 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
899 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
900 }
901
902 if (s->priority >= 0)
903 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
904 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
905
906 if (s->receive_buffer > 0) {
907 int value = (int) s->receive_buffer;
908
909 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
910
911 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
912 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
913 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
914 }
915
916 if (s->send_buffer > 0) {
917 int value = (int) s->send_buffer;
918 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
919 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
920 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
921 }
922
923 if (s->mark >= 0)
924 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
925 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
926
927 if (s->ip_tos >= 0)
928 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
929 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
930
931 if (s->ip_ttl >= 0) {
932 int x;
933
934 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
935
936 if (socket_ipv6_is_supported())
937 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
938 else {
939 x = -1;
940 errno = EAFNOSUPPORT;
941 }
942
943 if (r < 0 && x < 0)
944 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
945 }
946
947 if (s->tcp_congestion)
948 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
949 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
950
951 if (s->smack_ip_in) {
952 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
953 if (r < 0)
954 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
955 }
956
957 if (s->smack_ip_out) {
958 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
959 if (r < 0)
960 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
961 }
962 }
963
964 static void socket_apply_fifo_options(Socket *s, int fd) {
965 int r;
966
967 assert(s);
968 assert(fd >= 0);
969
970 if (s->pipe_size > 0)
971 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
972 log_unit_warning_errno(UNIT(s), errno, "Setting pipe size failed, ignoring: %m");
973
974 if (s->smack) {
975 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
976 if (r < 0)
977 log_unit_error_errno(UNIT(s), r, "SMACK relabelling failed, ignoring: %m");
978 }
979 }
980
981 static int fifo_address_create(
982 const char *path,
983 mode_t directory_mode,
984 mode_t socket_mode) {
985
986 _cleanup_close_ int fd = -1;
987 mode_t old_mask;
988 struct stat st;
989 int r;
990
991 assert(path);
992
993 mkdir_parents_label(path, directory_mode);
994
995 r = mac_selinux_create_file_prepare(path, S_IFIFO);
996 if (r < 0)
997 return r;
998
999 /* Enforce the right access mode for the fifo */
1000 old_mask = umask(~ socket_mode);
1001
1002 /* Include the original umask in our mask */
1003 (void) umask(~socket_mode | old_mask);
1004
1005 r = mkfifo(path, socket_mode);
1006 (void) umask(old_mask);
1007
1008 if (r < 0 && errno != EEXIST) {
1009 r = -errno;
1010 goto fail;
1011 }
1012
1013 fd = open(path, O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
1014 if (fd < 0) {
1015 r = -errno;
1016 goto fail;
1017 }
1018
1019 mac_selinux_create_file_clear();
1020
1021 if (fstat(fd, &st) < 0) {
1022 r = -errno;
1023 goto fail;
1024 }
1025
1026 if (!S_ISFIFO(st.st_mode) ||
1027 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1028 st.st_uid != getuid() ||
1029 st.st_gid != getgid()) {
1030 r = -EEXIST;
1031 goto fail;
1032 }
1033
1034 r = fd;
1035 fd = -1;
1036
1037 return r;
1038
1039 fail:
1040 mac_selinux_create_file_clear();
1041 return r;
1042 }
1043
1044 static int special_address_create(const char *path, bool writable) {
1045 _cleanup_close_ int fd = -1;
1046 struct stat st;
1047 int r;
1048
1049 assert(path);
1050
1051 fd = open(path, (writable ? O_RDWR : O_RDONLY)|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1052 if (fd < 0)
1053 return -errno;
1054
1055 if (fstat(fd, &st) < 0)
1056 return -errno;
1057
1058 /* Check whether this is a /proc, /sys or /dev file or char device */
1059 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode))
1060 return -EEXIST;
1061
1062 r = fd;
1063 fd = -1;
1064
1065 return r;
1066 }
1067
1068 static int usbffs_address_create(const char *path) {
1069 _cleanup_close_ int fd = -1;
1070 struct stat st;
1071 int r;
1072
1073 assert(path);
1074
1075 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1076 if (fd < 0)
1077 return -errno;
1078
1079 if (fstat(fd, &st) < 0)
1080 return -errno;
1081
1082 /* Check whether this is a regular file (ffs endpoint)*/
1083 if (!S_ISREG(st.st_mode))
1084 return -EEXIST;
1085
1086 r = fd;
1087 fd = -1;
1088
1089 return r;
1090 }
1091
1092 static int mq_address_create(
1093 const char *path,
1094 mode_t mq_mode,
1095 long maxmsg,
1096 long msgsize) {
1097
1098 _cleanup_close_ int fd = -1;
1099 struct stat st;
1100 mode_t old_mask;
1101 struct mq_attr _attr, *attr = NULL;
1102 int r;
1103
1104 assert(path);
1105
1106 if (maxmsg > 0 && msgsize > 0) {
1107 _attr = (struct mq_attr) {
1108 .mq_flags = O_NONBLOCK,
1109 .mq_maxmsg = maxmsg,
1110 .mq_msgsize = msgsize,
1111 };
1112 attr = &_attr;
1113 }
1114
1115 /* Enforce the right access mode for the mq */
1116 old_mask = umask(~ mq_mode);
1117
1118 /* Include the original umask in our mask */
1119 (void) umask(~mq_mode | old_mask);
1120 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1121 (void) umask(old_mask);
1122
1123 if (fd < 0)
1124 return -errno;
1125
1126 if (fstat(fd, &st) < 0)
1127 return -errno;
1128
1129 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1130 st.st_uid != getuid() ||
1131 st.st_gid != getgid())
1132 return -EEXIST;
1133
1134 r = fd;
1135 fd = -1;
1136
1137 return r;
1138 }
1139
1140 static int socket_symlink(Socket *s) {
1141 const char *p;
1142 char **i;
1143
1144 assert(s);
1145
1146 p = socket_find_symlink_target(s);
1147 if (!p)
1148 return 0;
1149
1150 STRV_FOREACH(i, s->symlinks)
1151 symlink_label(p, *i);
1152
1153 return 0;
1154 }
1155
1156 static int usbffs_write_descs(int fd, Service *s) {
1157 int r;
1158
1159 if (!s->usb_function_descriptors || !s->usb_function_strings)
1160 return -EINVAL;
1161
1162 r = copy_file_fd(s->usb_function_descriptors, fd, false);
1163 if (r < 0)
1164 return r;
1165
1166 return copy_file_fd(s->usb_function_strings, fd, false);
1167 }
1168
1169 static int usbffs_select_ep(const struct dirent *d) {
1170 return d->d_name[0] != '.' && !streq(d->d_name, "ep0");
1171 }
1172
1173 static int usbffs_dispatch_eps(SocketPort *p) {
1174 _cleanup_free_ struct dirent **ent = NULL;
1175 _cleanup_free_ char *path = NULL;
1176 int r, i, n, k;
1177
1178 path = dirname_malloc(p->path);
1179 if (!path)
1180 return -ENOMEM;
1181
1182 r = scandir(path, &ent, usbffs_select_ep, alphasort);
1183 if (r < 0)
1184 return -errno;
1185
1186 n = r;
1187 p->auxiliary_fds = new(int, n);
1188 if (!p->auxiliary_fds)
1189 return -ENOMEM;
1190
1191 p->n_auxiliary_fds = n;
1192
1193 k = 0;
1194 for (i = 0; i < n; ++i) {
1195 _cleanup_free_ char *ep = NULL;
1196
1197 ep = path_make_absolute(ent[i]->d_name, path);
1198 if (!ep)
1199 return -ENOMEM;
1200
1201 path_kill_slashes(ep);
1202
1203 r = usbffs_address_create(ep);
1204 if (r < 0)
1205 goto fail;
1206
1207 p->auxiliary_fds[k] = r;
1208
1209 ++k;
1210 free(ent[i]);
1211 }
1212
1213 return r;
1214
1215 fail:
1216 close_many(p->auxiliary_fds, k);
1217 p->auxiliary_fds = mfree(p->auxiliary_fds);
1218 p->n_auxiliary_fds = 0;
1219
1220 return r;
1221 }
1222
1223 static int socket_open_fds(Socket *s) {
1224 _cleanup_(mac_selinux_freep) char *label = NULL;
1225 bool know_label = false;
1226 SocketPort *p;
1227 int r;
1228
1229 assert(s);
1230
1231 LIST_FOREACH(port, p, s->ports) {
1232
1233 if (p->fd >= 0)
1234 continue;
1235
1236 switch (p->type) {
1237
1238 case SOCKET_SOCKET:
1239
1240 if (!know_label) {
1241 /* Figure out label, if we don't it know
1242 * yet. We do it once, for the first
1243 * socket where we need this and
1244 * remember it for the rest. */
1245
1246 if (s->selinux_context_from_net) {
1247 /* Get it from the network label */
1248
1249 r = mac_selinux_get_our_label(&label);
1250 if (r < 0 && r != -EOPNOTSUPP)
1251 goto rollback;
1252
1253 } else {
1254 /* Get it from the executable we are about to start */
1255
1256 r = socket_instantiate_service(s);
1257 if (r < 0)
1258 goto rollback;
1259
1260 if (UNIT_ISSET(s->service) &&
1261 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1262 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1263 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1264 goto rollback;
1265 }
1266 }
1267
1268 know_label = true;
1269 }
1270
1271 /* Apply the socket protocol */
1272 switch(p->address.type) {
1273 case SOCK_STREAM:
1274 case SOCK_SEQPACKET:
1275 if (p->socket->socket_protocol == IPPROTO_SCTP)
1276 p->address.protocol = p->socket->socket_protocol;
1277 break;
1278 case SOCK_DGRAM:
1279 if (p->socket->socket_protocol == IPPROTO_UDPLITE)
1280 p->address.protocol = p->socket->socket_protocol;
1281 break;
1282 }
1283
1284 r = socket_address_listen(
1285 &p->address,
1286 SOCK_CLOEXEC|SOCK_NONBLOCK,
1287 s->backlog,
1288 s->bind_ipv6_only,
1289 s->bind_to_device,
1290 s->reuse_port,
1291 s->free_bind,
1292 s->transparent,
1293 s->directory_mode,
1294 s->socket_mode,
1295 label);
1296 if (r < 0)
1297 goto rollback;
1298
1299 p->fd = r;
1300 socket_apply_socket_options(s, p->fd);
1301 socket_symlink(s);
1302 break;
1303
1304 case SOCKET_SPECIAL:
1305
1306 p->fd = special_address_create(p->path, s->writable);
1307 if (p->fd < 0) {
1308 r = p->fd;
1309 goto rollback;
1310 }
1311 break;
1312
1313 case SOCKET_FIFO:
1314
1315 p->fd = fifo_address_create(
1316 p->path,
1317 s->directory_mode,
1318 s->socket_mode);
1319 if (p->fd < 0) {
1320 r = p->fd;
1321 goto rollback;
1322 }
1323
1324 socket_apply_fifo_options(s, p->fd);
1325 socket_symlink(s);
1326 break;
1327
1328 case SOCKET_MQUEUE:
1329
1330 p->fd = mq_address_create(
1331 p->path,
1332 s->socket_mode,
1333 s->mq_maxmsg,
1334 s->mq_msgsize);
1335 if (p->fd < 0) {
1336 r = p->fd;
1337 goto rollback;
1338 }
1339 break;
1340
1341 case SOCKET_USB_FUNCTION:
1342
1343 p->fd = usbffs_address_create(p->path);
1344 if (p->fd < 0) {
1345 r = p->fd;
1346 goto rollback;
1347 }
1348
1349 r = usbffs_write_descs(p->fd, SERVICE(UNIT_DEREF(s->service)));
1350 if (r < 0)
1351 goto rollback;
1352
1353 r = usbffs_dispatch_eps(p);
1354 if (r < 0)
1355 goto rollback;
1356
1357 break;
1358
1359 default:
1360 assert_not_reached("Unknown port type");
1361 }
1362 }
1363
1364 return 0;
1365
1366 rollback:
1367 socket_close_fds(s);
1368 return r;
1369 }
1370
1371 static void socket_unwatch_fds(Socket *s) {
1372 SocketPort *p;
1373 int r;
1374
1375 assert(s);
1376
1377 LIST_FOREACH(port, p, s->ports) {
1378 if (p->fd < 0)
1379 continue;
1380
1381 if (!p->event_source)
1382 continue;
1383
1384 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1385 if (r < 0)
1386 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
1387 }
1388 }
1389
1390 static int socket_watch_fds(Socket *s) {
1391 SocketPort *p;
1392 int r;
1393
1394 assert(s);
1395
1396 LIST_FOREACH(port, p, s->ports) {
1397 if (p->fd < 0)
1398 continue;
1399
1400 if (p->event_source) {
1401 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1402 if (r < 0)
1403 goto fail;
1404 } else {
1405 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1406 if (r < 0)
1407 goto fail;
1408
1409 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1410 }
1411 }
1412
1413 return 0;
1414
1415 fail:
1416 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
1417 socket_unwatch_fds(s);
1418 return r;
1419 }
1420
1421 static void socket_set_state(Socket *s, SocketState state) {
1422 SocketState old_state;
1423 assert(s);
1424
1425 old_state = s->state;
1426 s->state = state;
1427
1428 if (!IN_SET(state,
1429 SOCKET_START_PRE,
1430 SOCKET_START_CHOWN,
1431 SOCKET_START_POST,
1432 SOCKET_STOP_PRE,
1433 SOCKET_STOP_PRE_SIGTERM,
1434 SOCKET_STOP_PRE_SIGKILL,
1435 SOCKET_STOP_POST,
1436 SOCKET_FINAL_SIGTERM,
1437 SOCKET_FINAL_SIGKILL)) {
1438
1439 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1440 socket_unwatch_control_pid(s);
1441 s->control_command = NULL;
1442 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1443 }
1444
1445 if (state != SOCKET_LISTENING)
1446 socket_unwatch_fds(s);
1447
1448 if (!IN_SET(state,
1449 SOCKET_START_CHOWN,
1450 SOCKET_START_POST,
1451 SOCKET_LISTENING,
1452 SOCKET_RUNNING,
1453 SOCKET_STOP_PRE,
1454 SOCKET_STOP_PRE_SIGTERM,
1455 SOCKET_STOP_PRE_SIGKILL))
1456 socket_close_fds(s);
1457
1458 if (state != old_state)
1459 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
1460
1461 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1462 }
1463
1464 static int socket_coldplug(Unit *u) {
1465 Socket *s = SOCKET(u);
1466 int r;
1467
1468 assert(s);
1469 assert(s->state == SOCKET_DEAD);
1470
1471 if (s->deserialized_state == s->state)
1472 return 0;
1473
1474 if (s->control_pid > 0 &&
1475 pid_is_unwaited(s->control_pid) &&
1476 IN_SET(s->deserialized_state,
1477 SOCKET_START_PRE,
1478 SOCKET_START_CHOWN,
1479 SOCKET_START_POST,
1480 SOCKET_STOP_PRE,
1481 SOCKET_STOP_PRE_SIGTERM,
1482 SOCKET_STOP_PRE_SIGKILL,
1483 SOCKET_STOP_POST,
1484 SOCKET_FINAL_SIGTERM,
1485 SOCKET_FINAL_SIGKILL)) {
1486
1487 r = unit_watch_pid(UNIT(s), s->control_pid);
1488 if (r < 0)
1489 return r;
1490
1491 r = socket_arm_timer(s);
1492 if (r < 0)
1493 return r;
1494 }
1495
1496 if (IN_SET(s->deserialized_state,
1497 SOCKET_START_CHOWN,
1498 SOCKET_START_POST,
1499 SOCKET_LISTENING,
1500 SOCKET_RUNNING,
1501 SOCKET_STOP_PRE,
1502 SOCKET_STOP_PRE_SIGTERM,
1503 SOCKET_STOP_PRE_SIGKILL)) {
1504 r = socket_open_fds(s);
1505 if (r < 0)
1506 return r;
1507 }
1508
1509 if (s->deserialized_state == SOCKET_LISTENING) {
1510 r = socket_watch_fds(s);
1511 if (r < 0)
1512 return r;
1513 }
1514
1515 socket_set_state(s, s->deserialized_state);
1516 return 0;
1517 }
1518
1519 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1520 _cleanup_free_ char **argv = NULL;
1521 pid_t pid;
1522 int r;
1523 ExecParameters exec_params = {
1524 .apply_permissions = true,
1525 .apply_chroot = true,
1526 .apply_tty_stdin = true,
1527 .bus_endpoint_fd = -1,
1528 .stdin_fd = -1,
1529 .stdout_fd = -1,
1530 .stderr_fd = -1,
1531 };
1532
1533 assert(s);
1534 assert(c);
1535 assert(_pid);
1536
1537 (void) unit_realize_cgroup(UNIT(s));
1538 if (s->reset_cpu_usage) {
1539 (void) unit_reset_cpu_usage(UNIT(s));
1540 s->reset_cpu_usage = false;
1541 }
1542
1543 r = unit_setup_exec_runtime(UNIT(s));
1544 if (r < 0)
1545 goto fail;
1546
1547 r = socket_arm_timer(s);
1548 if (r < 0)
1549 goto fail;
1550
1551 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1552 if (r < 0)
1553 goto fail;
1554
1555 exec_params.argv = argv;
1556 exec_params.environment = UNIT(s)->manager->environment;
1557 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1558 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1559 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1560 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1561 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1562
1563 r = exec_spawn(UNIT(s),
1564 c,
1565 &s->exec_context,
1566 &exec_params,
1567 s->exec_runtime,
1568 &pid);
1569 if (r < 0)
1570 goto fail;
1571
1572 r = unit_watch_pid(UNIT(s), pid);
1573 if (r < 0)
1574 /* FIXME: we need to do something here */
1575 goto fail;
1576
1577 *_pid = pid;
1578 return 0;
1579
1580 fail:
1581 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1582 return r;
1583 }
1584
1585 static int socket_chown(Socket *s, pid_t *_pid) {
1586 pid_t pid;
1587 int r;
1588
1589 r = socket_arm_timer(s);
1590 if (r < 0)
1591 goto fail;
1592
1593 /* We have to resolve the user names out-of-process, hence
1594 * let's fork here. It's messy, but well, what can we do? */
1595
1596 pid = fork();
1597 if (pid < 0)
1598 return -errno;
1599
1600 if (pid == 0) {
1601 SocketPort *p;
1602 uid_t uid = UID_INVALID;
1603 gid_t gid = GID_INVALID;
1604 int ret;
1605
1606 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1607 (void) ignore_signals(SIGPIPE, -1);
1608 log_forget_fds();
1609
1610 if (!isempty(s->user)) {
1611 const char *user = s->user;
1612
1613 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1614 if (r < 0) {
1615 ret = EXIT_USER;
1616 goto fail_child;
1617 }
1618 }
1619
1620 if (!isempty(s->group)) {
1621 const char *group = s->group;
1622
1623 r = get_group_creds(&group, &gid);
1624 if (r < 0) {
1625 ret = EXIT_GROUP;
1626 goto fail_child;
1627 }
1628 }
1629
1630 LIST_FOREACH(port, p, s->ports) {
1631 const char *path = NULL;
1632
1633 if (p->type == SOCKET_SOCKET)
1634 path = socket_address_get_path(&p->address);
1635 else if (p->type == SOCKET_FIFO)
1636 path = p->path;
1637
1638 if (!path)
1639 continue;
1640
1641 if (chown(path, uid, gid) < 0) {
1642 r = -errno;
1643 ret = EXIT_CHOWN;
1644 goto fail_child;
1645 }
1646 }
1647
1648 _exit(0);
1649
1650 fail_child:
1651 log_open();
1652 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1653
1654 _exit(ret);
1655 }
1656
1657 r = unit_watch_pid(UNIT(s), pid);
1658 if (r < 0)
1659 goto fail;
1660
1661 *_pid = pid;
1662 return 0;
1663
1664 fail:
1665 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1666 return r;
1667 }
1668
1669 static void socket_enter_dead(Socket *s, SocketResult f) {
1670 assert(s);
1671
1672 if (f != SOCKET_SUCCESS)
1673 s->result = f;
1674
1675 exec_runtime_destroy(s->exec_runtime);
1676 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1677
1678 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1679
1680 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1681 }
1682
1683 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1684
1685 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1686 int r;
1687 assert(s);
1688
1689 if (f != SOCKET_SUCCESS)
1690 s->result = f;
1691
1692 socket_unwatch_control_pid(s);
1693 s->control_command_id = SOCKET_EXEC_STOP_POST;
1694 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1695
1696 if (s->control_command) {
1697 r = socket_spawn(s, s->control_command, &s->control_pid);
1698 if (r < 0)
1699 goto fail;
1700
1701 socket_set_state(s, SOCKET_STOP_POST);
1702 } else
1703 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1704
1705 return;
1706
1707 fail:
1708 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
1709 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1710 }
1711
1712 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1713 int r;
1714
1715 assert(s);
1716
1717 if (f != SOCKET_SUCCESS)
1718 s->result = f;
1719
1720 r = unit_kill_context(
1721 UNIT(s),
1722 &s->kill_context,
1723 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1724 KILL_KILL : KILL_TERMINATE,
1725 -1,
1726 s->control_pid,
1727 false);
1728 if (r < 0)
1729 goto fail;
1730
1731 if (r > 0) {
1732 r = socket_arm_timer(s);
1733 if (r < 0)
1734 goto fail;
1735
1736 socket_set_state(s, state);
1737 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1738 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1739 else if (state == SOCKET_STOP_PRE_SIGKILL)
1740 socket_enter_stop_post(s, SOCKET_SUCCESS);
1741 else if (state == SOCKET_FINAL_SIGTERM)
1742 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1743 else
1744 socket_enter_dead(s, SOCKET_SUCCESS);
1745
1746 return;
1747
1748 fail:
1749 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
1750
1751 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1752 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1753 else
1754 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1755 }
1756
1757 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1758 int r;
1759 assert(s);
1760
1761 if (f != SOCKET_SUCCESS)
1762 s->result = f;
1763
1764 socket_unwatch_control_pid(s);
1765 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1766 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1767
1768 if (s->control_command) {
1769 r = socket_spawn(s, s->control_command, &s->control_pid);
1770 if (r < 0)
1771 goto fail;
1772
1773 socket_set_state(s, SOCKET_STOP_PRE);
1774 } else
1775 socket_enter_stop_post(s, SOCKET_SUCCESS);
1776
1777 return;
1778
1779 fail:
1780 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
1781 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1782 }
1783
1784 static void socket_enter_listening(Socket *s) {
1785 int r;
1786 assert(s);
1787
1788 r = socket_watch_fds(s);
1789 if (r < 0) {
1790 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1791 goto fail;
1792 }
1793
1794 socket_set_state(s, SOCKET_LISTENING);
1795 return;
1796
1797 fail:
1798 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1799 }
1800
1801 static void socket_enter_start_post(Socket *s) {
1802 int r;
1803 assert(s);
1804
1805 socket_unwatch_control_pid(s);
1806 s->control_command_id = SOCKET_EXEC_START_POST;
1807 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1808
1809 if (s->control_command) {
1810 r = socket_spawn(s, s->control_command, &s->control_pid);
1811 if (r < 0) {
1812 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
1813 goto fail;
1814 }
1815
1816 socket_set_state(s, SOCKET_START_POST);
1817 } else
1818 socket_enter_listening(s);
1819
1820 return;
1821
1822 fail:
1823 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1824 }
1825
1826 static void socket_enter_start_chown(Socket *s) {
1827 int r;
1828
1829 assert(s);
1830
1831 r = socket_open_fds(s);
1832 if (r < 0) {
1833 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1834 goto fail;
1835 }
1836
1837 if (!isempty(s->user) || !isempty(s->group)) {
1838
1839 socket_unwatch_control_pid(s);
1840 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1841 s->control_command = NULL;
1842
1843 r = socket_chown(s, &s->control_pid);
1844 if (r < 0) {
1845 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
1846 goto fail;
1847 }
1848
1849 socket_set_state(s, SOCKET_START_CHOWN);
1850 } else
1851 socket_enter_start_post(s);
1852
1853 return;
1854
1855 fail:
1856 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1857 }
1858
1859 static void socket_enter_start_pre(Socket *s) {
1860 int r;
1861 assert(s);
1862
1863 socket_unwatch_control_pid(s);
1864 s->control_command_id = SOCKET_EXEC_START_PRE;
1865 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1866
1867 if (s->control_command) {
1868 r = socket_spawn(s, s->control_command, &s->control_pid);
1869 if (r < 0) {
1870 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
1871 goto fail;
1872 }
1873
1874 socket_set_state(s, SOCKET_START_PRE);
1875 } else
1876 socket_enter_start_chown(s);
1877
1878 return;
1879
1880 fail:
1881 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1882 }
1883
1884 static void socket_enter_running(Socket *s, int cfd) {
1885 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
1886 int r;
1887
1888 assert(s);
1889
1890 /* We don't take connections anymore if we are supposed to
1891 * shut down anyway */
1892 if (unit_stop_pending(UNIT(s))) {
1893
1894 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
1895
1896 if (cfd >= 0)
1897 safe_close(cfd);
1898 else {
1899 /* Flush all sockets by closing and reopening them */
1900 socket_close_fds(s);
1901
1902 r = socket_open_fds(s);
1903 if (r < 0) {
1904 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1905 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1906 return;
1907 }
1908
1909 r = socket_watch_fds(s);
1910 if (r < 0) {
1911 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1912 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1913 }
1914 }
1915
1916 return;
1917 }
1918
1919 if (cfd < 0) {
1920 Iterator i;
1921 Unit *other;
1922 bool pending = false;
1923
1924 /* If there's already a start pending don't bother to
1925 * do anything */
1926 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1927 if (unit_active_or_pending(other)) {
1928 pending = true;
1929 break;
1930 }
1931
1932 if (!pending) {
1933 if (!UNIT_ISSET(s->service)) {
1934 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
1935 r = -ENOENT;
1936 goto fail;
1937 }
1938
1939 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, &error, NULL);
1940 if (r < 0)
1941 goto fail;
1942 }
1943
1944 socket_set_state(s, SOCKET_RUNNING);
1945 } else {
1946 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1947 Service *service;
1948
1949 if (s->n_connections >= s->max_connections) {
1950 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
1951 safe_close(cfd);
1952 return;
1953 }
1954
1955 r = socket_instantiate_service(s);
1956 if (r < 0)
1957 goto fail;
1958
1959 r = instance_from_socket(cfd, s->n_accepted, &instance);
1960 if (r < 0) {
1961 if (r != -ENOTCONN)
1962 goto fail;
1963
1964 /* ENOTCONN is legitimate if TCP RST was received.
1965 * This connection is over, but the socket unit lives on. */
1966 safe_close(cfd);
1967 return;
1968 }
1969
1970 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1971 if (r < 0)
1972 goto fail;
1973
1974 r = unit_name_build(prefix, instance, ".service", &name);
1975 if (r < 0)
1976 goto fail;
1977
1978 r = unit_add_name(UNIT_DEREF(s->service), name);
1979 if (r < 0)
1980 goto fail;
1981
1982 service = SERVICE(UNIT_DEREF(s->service));
1983 unit_ref_unset(&s->service);
1984 s->n_accepted ++;
1985
1986 UNIT(service)->no_gc = false;
1987
1988 unit_choose_id(UNIT(service), name);
1989
1990 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1991 if (r < 0)
1992 goto fail;
1993
1994 cfd = -1;
1995 s->n_connections ++;
1996
1997 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, &error, NULL);
1998 if (r < 0)
1999 goto fail;
2000
2001 /* Notify clients about changed counters */
2002 unit_add_to_dbus_queue(UNIT(s));
2003 }
2004
2005 return;
2006
2007 fail:
2008 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
2009 cfd >= 0 ? "template" : "non-template",
2010 bus_error_message(&error, r));
2011
2012 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2013 safe_close(cfd);
2014 }
2015
2016 static void socket_run_next(Socket *s) {
2017 int r;
2018
2019 assert(s);
2020 assert(s->control_command);
2021 assert(s->control_command->command_next);
2022
2023 socket_unwatch_control_pid(s);
2024
2025 s->control_command = s->control_command->command_next;
2026
2027 r = socket_spawn(s, s->control_command, &s->control_pid);
2028 if (r < 0)
2029 goto fail;
2030
2031 return;
2032
2033 fail:
2034 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
2035
2036 if (s->state == SOCKET_START_POST)
2037 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2038 else if (s->state == SOCKET_STOP_POST)
2039 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
2040 else
2041 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
2042 }
2043
2044 static int socket_start(Unit *u) {
2045 Socket *s = SOCKET(u);
2046
2047 assert(s);
2048
2049 /* We cannot fulfill this request right now, try again later
2050 * please! */
2051 if (IN_SET(s->state,
2052 SOCKET_STOP_PRE,
2053 SOCKET_STOP_PRE_SIGKILL,
2054 SOCKET_STOP_PRE_SIGTERM,
2055 SOCKET_STOP_POST,
2056 SOCKET_FINAL_SIGTERM,
2057 SOCKET_FINAL_SIGKILL))
2058 return -EAGAIN;
2059
2060 /* Already on it! */
2061 if (IN_SET(s->state,
2062 SOCKET_START_PRE,
2063 SOCKET_START_CHOWN,
2064 SOCKET_START_POST))
2065 return 0;
2066
2067 /* Cannot run this without the service being around */
2068 if (UNIT_ISSET(s->service)) {
2069 Service *service;
2070
2071 service = SERVICE(UNIT_DEREF(s->service));
2072
2073 if (UNIT(service)->load_state != UNIT_LOADED) {
2074 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
2075 return -ENOENT;
2076 }
2077
2078 /* If the service is already active we cannot start the
2079 * socket */
2080 if (service->state != SERVICE_DEAD &&
2081 service->state != SERVICE_FAILED &&
2082 service->state != SERVICE_AUTO_RESTART) {
2083 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
2084 return -EBUSY;
2085 }
2086 }
2087
2088 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
2089
2090 s->result = SOCKET_SUCCESS;
2091 s->reset_cpu_usage = true;
2092
2093 socket_enter_start_pre(s);
2094
2095 return 1;
2096 }
2097
2098 static int socket_stop(Unit *u) {
2099 Socket *s = SOCKET(u);
2100
2101 assert(s);
2102
2103 /* Already on it */
2104 if (IN_SET(s->state,
2105 SOCKET_STOP_PRE,
2106 SOCKET_STOP_PRE_SIGTERM,
2107 SOCKET_STOP_PRE_SIGKILL,
2108 SOCKET_STOP_POST,
2109 SOCKET_FINAL_SIGTERM,
2110 SOCKET_FINAL_SIGKILL))
2111 return 0;
2112
2113 /* If there's already something running we go directly into
2114 * kill mode. */
2115 if (IN_SET(s->state,
2116 SOCKET_START_PRE,
2117 SOCKET_START_CHOWN,
2118 SOCKET_START_POST)) {
2119 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
2120 return -EAGAIN;
2121 }
2122
2123 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
2124
2125 socket_enter_stop_pre(s, SOCKET_SUCCESS);
2126 return 1;
2127 }
2128
2129 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2130 Socket *s = SOCKET(u);
2131 SocketPort *p;
2132 int r;
2133
2134 assert(u);
2135 assert(f);
2136 assert(fds);
2137
2138 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2139 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2140 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2141
2142 if (s->control_pid > 0)
2143 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2144
2145 if (s->control_command_id >= 0)
2146 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2147
2148 LIST_FOREACH(port, p, s->ports) {
2149 int copy;
2150
2151 if (p->fd < 0)
2152 continue;
2153
2154 copy = fdset_put_dup(fds, p->fd);
2155 if (copy < 0)
2156 return copy;
2157
2158 if (p->type == SOCKET_SOCKET) {
2159 _cleanup_free_ char *t = NULL;
2160
2161 r = socket_address_print(&p->address, &t);
2162 if (r < 0)
2163 return r;
2164
2165 if (socket_address_family(&p->address) == AF_NETLINK)
2166 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2167 else
2168 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2169
2170 } else if (p->type == SOCKET_SPECIAL)
2171 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2172 else if (p->type == SOCKET_MQUEUE)
2173 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2174 else if (p->type == SOCKET_USB_FUNCTION)
2175 unit_serialize_item_format(u, f, "ffs", "%i %s", copy, p->path);
2176 else {
2177 assert(p->type == SOCKET_FIFO);
2178 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2179 }
2180 }
2181
2182 return 0;
2183 }
2184
2185 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2186 Socket *s = SOCKET(u);
2187
2188 assert(u);
2189 assert(key);
2190 assert(value);
2191
2192 if (streq(key, "state")) {
2193 SocketState state;
2194
2195 state = socket_state_from_string(value);
2196 if (state < 0)
2197 log_unit_debug(u, "Failed to parse state value: %s", value);
2198 else
2199 s->deserialized_state = state;
2200 } else if (streq(key, "result")) {
2201 SocketResult f;
2202
2203 f = socket_result_from_string(value);
2204 if (f < 0)
2205 log_unit_debug(u, "Failed to parse result value: %s", value);
2206 else if (f != SOCKET_SUCCESS)
2207 s->result = f;
2208
2209 } else if (streq(key, "n-accepted")) {
2210 unsigned k;
2211
2212 if (safe_atou(value, &k) < 0)
2213 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
2214 else
2215 s->n_accepted += k;
2216 } else if (streq(key, "control-pid")) {
2217 pid_t pid;
2218
2219 if (parse_pid(value, &pid) < 0)
2220 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
2221 else
2222 s->control_pid = pid;
2223 } else if (streq(key, "control-command")) {
2224 SocketExecCommand id;
2225
2226 id = socket_exec_command_from_string(value);
2227 if (id < 0)
2228 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
2229 else {
2230 s->control_command_id = id;
2231 s->control_command = s->exec_command[id];
2232 }
2233 } else if (streq(key, "fifo")) {
2234 int fd, skip = 0;
2235 SocketPort *p;
2236
2237 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2238 log_unit_debug(u, "Failed to parse fifo value: %s", value);
2239 else {
2240
2241 LIST_FOREACH(port, p, s->ports)
2242 if (p->type == SOCKET_FIFO &&
2243 path_equal_or_files_same(p->path, value+skip))
2244 break;
2245
2246 if (p) {
2247 safe_close(p->fd);
2248 p->fd = fdset_remove(fds, fd);
2249 }
2250 }
2251
2252 } else if (streq(key, "special")) {
2253 int fd, skip = 0;
2254 SocketPort *p;
2255
2256 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2257 log_unit_debug(u, "Failed to parse special value: %s", value);
2258 else {
2259
2260 LIST_FOREACH(port, p, s->ports)
2261 if (p->type == SOCKET_SPECIAL &&
2262 path_equal_or_files_same(p->path, value+skip))
2263 break;
2264
2265 if (p) {
2266 safe_close(p->fd);
2267 p->fd = fdset_remove(fds, fd);
2268 }
2269 }
2270
2271 } else if (streq(key, "mqueue")) {
2272 int fd, skip = 0;
2273 SocketPort *p;
2274
2275 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2276 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
2277 else {
2278
2279 LIST_FOREACH(port, p, s->ports)
2280 if (p->type == SOCKET_MQUEUE &&
2281 streq(p->path, value+skip))
2282 break;
2283
2284 if (p) {
2285 safe_close(p->fd);
2286 p->fd = fdset_remove(fds, fd);
2287 }
2288 }
2289
2290 } else if (streq(key, "socket")) {
2291 int fd, type, skip = 0;
2292 SocketPort *p;
2293
2294 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2295 log_unit_debug(u, "Failed to parse socket value: %s", value);
2296 else {
2297
2298 LIST_FOREACH(port, p, s->ports)
2299 if (socket_address_is(&p->address, value+skip, type))
2300 break;
2301
2302 if (p) {
2303 safe_close(p->fd);
2304 p->fd = fdset_remove(fds, fd);
2305 }
2306 }
2307
2308 } else if (streq(key, "netlink")) {
2309 int fd, skip = 0;
2310 SocketPort *p;
2311
2312 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2313 log_unit_debug(u, "Failed to parse socket value: %s", value);
2314 else {
2315
2316 LIST_FOREACH(port, p, s->ports)
2317 if (socket_address_is_netlink(&p->address, value+skip))
2318 break;
2319
2320 if (p) {
2321 safe_close(p->fd);
2322 p->fd = fdset_remove(fds, fd);
2323 }
2324 }
2325
2326 } else if (streq(key, "ffs")) {
2327 int fd, skip = 0;
2328 SocketPort *p;
2329
2330 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2331 log_unit_debug(u, "Failed to parse ffs value: %s", value);
2332 else {
2333
2334 LIST_FOREACH(port, p, s->ports)
2335 if (p->type == SOCKET_USB_FUNCTION &&
2336 path_equal_or_files_same(p->path, value+skip))
2337 break;
2338
2339 if (p) {
2340 safe_close(p->fd);
2341 p->fd = fdset_remove(fds, fd);
2342 }
2343 }
2344
2345 } else
2346 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
2347
2348 return 0;
2349 }
2350
2351 static void socket_distribute_fds(Unit *u, FDSet *fds) {
2352 Socket *s = SOCKET(u);
2353 SocketPort *p;
2354
2355 assert(u);
2356
2357 LIST_FOREACH(port, p, s->ports) {
2358 Iterator i;
2359 int fd;
2360
2361 if (p->type != SOCKET_SOCKET)
2362 continue;
2363
2364 if (p->fd >= 0)
2365 continue;
2366
2367 FDSET_FOREACH(fd, fds, i) {
2368 if (socket_address_matches_fd(&p->address, fd)) {
2369 p->fd = fdset_remove(fds, fd);
2370 s->deserialized_state = SOCKET_LISTENING;
2371 break;
2372 }
2373 }
2374 }
2375 }
2376
2377 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2378 assert(u);
2379
2380 return state_translation_table[SOCKET(u)->state];
2381 }
2382
2383 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2384 assert(u);
2385
2386 return socket_state_to_string(SOCKET(u)->state);
2387 }
2388
2389 const char* socket_port_type_to_string(SocketPort *p) {
2390
2391 assert(p);
2392
2393 switch (p->type) {
2394
2395 case SOCKET_SOCKET:
2396
2397 switch (p->address.type) {
2398
2399 case SOCK_STREAM:
2400 return "Stream";
2401
2402 case SOCK_DGRAM:
2403 return "Datagram";
2404
2405 case SOCK_SEQPACKET:
2406 return "SequentialPacket";
2407
2408 case SOCK_RAW:
2409 if (socket_address_family(&p->address) == AF_NETLINK)
2410 return "Netlink";
2411
2412 default:
2413 return NULL;
2414 }
2415
2416 case SOCKET_SPECIAL:
2417 return "Special";
2418
2419 case SOCKET_MQUEUE:
2420 return "MessageQueue";
2421
2422 case SOCKET_FIFO:
2423 return "FIFO";
2424
2425 case SOCKET_USB_FUNCTION:
2426 return "USBFunction";
2427
2428 default:
2429 return NULL;
2430 }
2431 }
2432
2433 _pure_ static bool socket_check_gc(Unit *u) {
2434 Socket *s = SOCKET(u);
2435
2436 assert(u);
2437
2438 return s->n_connections > 0;
2439 }
2440
2441 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2442 SocketPort *p = userdata;
2443 int cfd = -1;
2444
2445 assert(p);
2446 assert(fd >= 0);
2447
2448 if (p->socket->state != SOCKET_LISTENING)
2449 return 0;
2450
2451 log_unit_debug(UNIT(p->socket), "Incoming traffic");
2452
2453 if (revents != EPOLLIN) {
2454
2455 if (revents & EPOLLHUP)
2456 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2457 else
2458 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
2459 goto fail;
2460 }
2461
2462 if (p->socket->accept &&
2463 p->type == SOCKET_SOCKET &&
2464 socket_address_can_accept(&p->address)) {
2465
2466 for (;;) {
2467
2468 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2469 if (cfd < 0) {
2470
2471 if (errno == EINTR)
2472 continue;
2473
2474 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
2475 goto fail;
2476 }
2477
2478 break;
2479 }
2480
2481 socket_apply_socket_options(p->socket, cfd);
2482 }
2483
2484 socket_enter_running(p->socket, cfd);
2485 return 0;
2486
2487 fail:
2488 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2489 return 0;
2490 }
2491
2492 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2493 Socket *s = SOCKET(u);
2494 SocketResult f;
2495
2496 assert(s);
2497 assert(pid >= 0);
2498
2499 if (pid != s->control_pid)
2500 return;
2501
2502 s->control_pid = 0;
2503
2504 if (is_clean_exit(code, status, NULL))
2505 f = SOCKET_SUCCESS;
2506 else if (code == CLD_EXITED)
2507 f = SOCKET_FAILURE_EXIT_CODE;
2508 else if (code == CLD_KILLED)
2509 f = SOCKET_FAILURE_SIGNAL;
2510 else if (code == CLD_DUMPED)
2511 f = SOCKET_FAILURE_CORE_DUMP;
2512 else
2513 assert_not_reached("Unknown sigchld code");
2514
2515 if (s->control_command) {
2516 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2517
2518 if (s->control_command->ignore)
2519 f = SOCKET_SUCCESS;
2520 }
2521
2522 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2523 "Control process exited, code=%s status=%i",
2524 sigchld_code_to_string(code), status);
2525
2526 if (f != SOCKET_SUCCESS)
2527 s->result = f;
2528
2529 if (s->control_command &&
2530 s->control_command->command_next &&
2531 f == SOCKET_SUCCESS) {
2532
2533 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
2534 socket_run_next(s);
2535 } else {
2536 s->control_command = NULL;
2537 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2538
2539 /* No further commands for this step, so let's figure
2540 * out what to do next */
2541
2542 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
2543
2544 switch (s->state) {
2545
2546 case SOCKET_START_PRE:
2547 if (f == SOCKET_SUCCESS)
2548 socket_enter_start_chown(s);
2549 else
2550 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2551 break;
2552
2553 case SOCKET_START_CHOWN:
2554 if (f == SOCKET_SUCCESS)
2555 socket_enter_start_post(s);
2556 else
2557 socket_enter_stop_pre(s, f);
2558 break;
2559
2560 case SOCKET_START_POST:
2561 if (f == SOCKET_SUCCESS)
2562 socket_enter_listening(s);
2563 else
2564 socket_enter_stop_pre(s, f);
2565 break;
2566
2567 case SOCKET_STOP_PRE:
2568 case SOCKET_STOP_PRE_SIGTERM:
2569 case SOCKET_STOP_PRE_SIGKILL:
2570 socket_enter_stop_post(s, f);
2571 break;
2572
2573 case SOCKET_STOP_POST:
2574 case SOCKET_FINAL_SIGTERM:
2575 case SOCKET_FINAL_SIGKILL:
2576 socket_enter_dead(s, f);
2577 break;
2578
2579 default:
2580 assert_not_reached("Uh, control process died at wrong time.");
2581 }
2582 }
2583
2584 /* Notify clients about changed exit status */
2585 unit_add_to_dbus_queue(u);
2586 }
2587
2588 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2589 Socket *s = SOCKET(userdata);
2590
2591 assert(s);
2592 assert(s->timer_event_source == source);
2593
2594 switch (s->state) {
2595
2596 case SOCKET_START_PRE:
2597 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
2598 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2599 break;
2600
2601 case SOCKET_START_CHOWN:
2602 case SOCKET_START_POST:
2603 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
2604 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2605 break;
2606
2607 case SOCKET_STOP_PRE:
2608 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
2609 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2610 break;
2611
2612 case SOCKET_STOP_PRE_SIGTERM:
2613 if (s->kill_context.send_sigkill) {
2614 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
2615 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2616 } else {
2617 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2618 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2619 }
2620 break;
2621
2622 case SOCKET_STOP_PRE_SIGKILL:
2623 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
2624 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2625 break;
2626
2627 case SOCKET_STOP_POST:
2628 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
2629 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2630 break;
2631
2632 case SOCKET_FINAL_SIGTERM:
2633 if (s->kill_context.send_sigkill) {
2634 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
2635 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2636 } else {
2637 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2638 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2639 }
2640 break;
2641
2642 case SOCKET_FINAL_SIGKILL:
2643 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
2644 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2645 break;
2646
2647 default:
2648 assert_not_reached("Timeout at wrong time.");
2649 }
2650
2651 return 0;
2652 }
2653
2654 int socket_collect_fds(Socket *s, int **fds) {
2655 int *rfds, k = 0, n = 0;
2656 SocketPort *p;
2657
2658 assert(s);
2659 assert(fds);
2660
2661 /* Called from the service code for requesting our fds */
2662
2663 LIST_FOREACH(port, p, s->ports) {
2664 if (p->fd >= 0)
2665 n++;
2666 n += p->n_auxiliary_fds;
2667 }
2668
2669 if (n <= 0) {
2670 *fds = NULL;
2671 return 0;
2672 }
2673
2674 rfds = new(int, n);
2675 if (!rfds)
2676 return -ENOMEM;
2677
2678 LIST_FOREACH(port, p, s->ports) {
2679 int i;
2680
2681 if (p->fd >= 0)
2682 rfds[k++] = p->fd;
2683 for (i = 0; i < p->n_auxiliary_fds; ++i)
2684 rfds[k++] = p->auxiliary_fds[i];
2685 }
2686
2687 assert(k == n);
2688
2689 *fds = rfds;
2690 return n;
2691 }
2692
2693 static void socket_reset_failed(Unit *u) {
2694 Socket *s = SOCKET(u);
2695
2696 assert(s);
2697
2698 if (s->state == SOCKET_FAILED)
2699 socket_set_state(s, SOCKET_DEAD);
2700
2701 s->result = SOCKET_SUCCESS;
2702 }
2703
2704 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2705 assert(s);
2706
2707 /* The service is dead. Dang!
2708 *
2709 * This is strictly for one-instance-for-all-connections
2710 * services. */
2711
2712 if (s->state == SOCKET_RUNNING) {
2713 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
2714 if (failed_permanent)
2715 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2716 else
2717 socket_enter_listening(s);
2718 }
2719 }
2720
2721 void socket_connection_unref(Socket *s) {
2722 assert(s);
2723
2724 /* The service is dead. Yay!
2725 *
2726 * This is strictly for one-instance-per-connection
2727 * services. */
2728
2729 assert(s->n_connections > 0);
2730 s->n_connections--;
2731
2732 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
2733 }
2734
2735 static void socket_trigger_notify(Unit *u, Unit *other) {
2736 Socket *s = SOCKET(u);
2737 Service *se;
2738
2739 assert(u);
2740 assert(other);
2741
2742 /* Don't propagate state changes from the service if we are
2743 already down or accepting connections */
2744 if ((s->state != SOCKET_RUNNING &&
2745 s->state != SOCKET_LISTENING) ||
2746 s->accept)
2747 return;
2748
2749 if (other->load_state != UNIT_LOADED ||
2750 other->type != UNIT_SERVICE)
2751 return;
2752
2753 se = SERVICE(other);
2754
2755 if (se->state == SERVICE_FAILED)
2756 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2757
2758 if (se->state == SERVICE_DEAD ||
2759 se->state == SERVICE_FINAL_SIGTERM ||
2760 se->state == SERVICE_FINAL_SIGKILL ||
2761 se->state == SERVICE_AUTO_RESTART)
2762 socket_notify_service_dead(s, false);
2763
2764 if (se->state == SERVICE_RUNNING)
2765 socket_set_state(s, SOCKET_RUNNING);
2766 }
2767
2768 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2769 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2770 }
2771
2772 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2773 Socket *s = SOCKET(u);
2774 int r;
2775
2776 if (!s->timer_event_source)
2777 return 0;
2778
2779 r = sd_event_source_get_time(s->timer_event_source, timeout);
2780 if (r < 0)
2781 return r;
2782
2783 return 1;
2784 }
2785
2786 char *socket_fdname(Socket *s) {
2787 assert(s);
2788
2789 /* Returns the name to use for $LISTEN_NAMES. If the user
2790 * didn't specify anything specifically, use the socket unit's
2791 * name as fallback. */
2792
2793 if (s->fdname)
2794 return s->fdname;
2795
2796 return UNIT(s)->id;
2797 }
2798
2799 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2800 [SOCKET_EXEC_START_PRE] = "StartPre",
2801 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2802 [SOCKET_EXEC_START_POST] = "StartPost",
2803 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2804 [SOCKET_EXEC_STOP_POST] = "StopPost"
2805 };
2806
2807 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2808
2809 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2810 [SOCKET_SUCCESS] = "success",
2811 [SOCKET_FAILURE_RESOURCES] = "resources",
2812 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2813 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2814 [SOCKET_FAILURE_SIGNAL] = "signal",
2815 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2816 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2817 };
2818
2819 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2820
2821 const UnitVTable socket_vtable = {
2822 .object_size = sizeof(Socket),
2823 .exec_context_offset = offsetof(Socket, exec_context),
2824 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2825 .kill_context_offset = offsetof(Socket, kill_context),
2826 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2827
2828 .sections =
2829 "Unit\0"
2830 "Socket\0"
2831 "Install\0",
2832 .private_section = "Socket",
2833
2834 .init = socket_init,
2835 .done = socket_done,
2836 .load = socket_load,
2837
2838 .coldplug = socket_coldplug,
2839
2840 .dump = socket_dump,
2841
2842 .start = socket_start,
2843 .stop = socket_stop,
2844
2845 .kill = socket_kill,
2846
2847 .get_timeout = socket_get_timeout,
2848
2849 .serialize = socket_serialize,
2850 .deserialize_item = socket_deserialize_item,
2851 .distribute_fds = socket_distribute_fds,
2852
2853 .active_state = socket_active_state,
2854 .sub_state_to_string = socket_sub_state_to_string,
2855
2856 .check_gc = socket_check_gc,
2857
2858 .sigchld_event = socket_sigchld_event,
2859
2860 .trigger_notify = socket_trigger_notify,
2861
2862 .reset_failed = socket_reset_failed,
2863
2864 .bus_vtable = bus_socket_vtable,
2865 .bus_set_property = bus_socket_set_property,
2866 .bus_commit_properties = bus_socket_commit_properties,
2867
2868 .status_message_formats = {
2869 /*.starting_stopping = {
2870 [0] = "Starting socket %s...",
2871 [1] = "Stopping socket %s...",
2872 },*/
2873 .finished_start_job = {
2874 [JOB_DONE] = "Listening on %s.",
2875 [JOB_FAILED] = "Failed to listen on %s.",
2876 [JOB_TIMEOUT] = "Timed out starting %s.",
2877 },
2878 .finished_stop_job = {
2879 [JOB_DONE] = "Closed %s.",
2880 [JOB_FAILED] = "Failed stopping %s.",
2881 [JOB_TIMEOUT] = "Timed out stopping %s.",
2882 },
2883 },
2884 };
Unnamed repository; edit this file 'description' to name the repository.