]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
util-lib: split out allocation calls into alloc-util.[ch]
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <arpa/inet.h>
23 #include <errno.h>
24 #include <fcntl.h>
25 #include <mqueue.h>
26 #include <netinet/tcp.h>
27 #include <signal.h>
28 #include <sys/epoll.h>
29 #include <sys/stat.h>
30 #include <unistd.h>
31
32 #include "sd-event.h"
33
34 #include "alloc-util.h"
35 #include "bus-error.h"
36 #include "bus-util.h"
37 #include "copy.h"
38 #include "dbus-socket.h"
39 #include "def.h"
40 #include "exit-status.h"
41 #include "fd-util.h"
42 #include "formats-util.h"
43 #include "label.h"
44 #include "log.h"
45 #include "missing.h"
46 #include "mkdir.h"
47 #include "parse-util.h"
48 #include "path-util.h"
49 #include "selinux-util.h"
50 #include "signal-util.h"
51 #include "smack-util.h"
52 #include "socket.h"
53 #include "special.h"
54 #include "string-table.h"
55 #include "string-util.h"
56 #include "strv.h"
57 #include "unit-name.h"
58 #include "unit-printf.h"
59 #include "unit.h"
60 #include "user-util.h"
61
62 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
63 [SOCKET_DEAD] = UNIT_INACTIVE,
64 [SOCKET_START_PRE] = UNIT_ACTIVATING,
65 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
66 [SOCKET_START_POST] = UNIT_ACTIVATING,
67 [SOCKET_LISTENING] = UNIT_ACTIVE,
68 [SOCKET_RUNNING] = UNIT_ACTIVE,
69 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
70 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
71 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
72 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
73 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
74 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
75 [SOCKET_FAILED] = UNIT_FAILED
76 };
77
78 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
79 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
80
81 static void socket_init(Unit *u) {
82 Socket *s = SOCKET(u);
83
84 assert(u);
85 assert(u->load_state == UNIT_STUB);
86
87 s->backlog = SOMAXCONN;
88 s->timeout_usec = u->manager->default_timeout_start_usec;
89 s->directory_mode = 0755;
90 s->socket_mode = 0666;
91
92 s->max_connections = 64;
93
94 s->priority = -1;
95 s->ip_tos = -1;
96 s->ip_ttl = -1;
97 s->mark = -1;
98
99 s->exec_context.std_output = u->manager->default_std_output;
100 s->exec_context.std_error = u->manager->default_std_error;
101
102 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
103 }
104
105 static void socket_unwatch_control_pid(Socket *s) {
106 assert(s);
107
108 if (s->control_pid <= 0)
109 return;
110
111 unit_unwatch_pid(UNIT(s), s->control_pid);
112 s->control_pid = 0;
113 }
114
115 static void socket_cleanup_fd_list(SocketPort *p) {
116 assert(p);
117
118 close_many(p->auxiliary_fds, p->n_auxiliary_fds);
119 p->auxiliary_fds = mfree(p->auxiliary_fds);
120 p->n_auxiliary_fds = 0;
121 }
122
123 void socket_free_ports(Socket *s) {
124 SocketPort *p;
125
126 assert(s);
127
128 while ((p = s->ports)) {
129 LIST_REMOVE(port, s->ports, p);
130
131 sd_event_source_unref(p->event_source);
132
133 socket_cleanup_fd_list(p);
134 safe_close(p->fd);
135 free(p->path);
136 free(p);
137 }
138 }
139
140 static void socket_done(Unit *u) {
141 Socket *s = SOCKET(u);
142
143 assert(s);
144
145 socket_free_ports(s);
146
147 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
148 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
149 s->control_command = NULL;
150
151 socket_unwatch_control_pid(s);
152
153 unit_ref_unset(&s->service);
154
155 s->tcp_congestion = mfree(s->tcp_congestion);
156 s->bind_to_device = mfree(s->bind_to_device);
157
158 free(s->smack);
159 free(s->smack_ip_in);
160 free(s->smack_ip_out);
161
162 strv_free(s->symlinks);
163
164 free(s->user);
165 free(s->group);
166
167 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
168 }
169
170 static int socket_arm_timer(Socket *s) {
171 int r;
172
173 assert(s);
174
175 if (s->timeout_usec <= 0) {
176 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
177 return 0;
178 }
179
180 if (s->timer_event_source) {
181 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
182 if (r < 0)
183 return r;
184
185 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
186 }
187
188 r = sd_event_add_time(
189 UNIT(s)->manager->event,
190 &s->timer_event_source,
191 CLOCK_MONOTONIC,
192 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
193 socket_dispatch_timer, s);
194 if (r < 0)
195 return r;
196
197 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
198
199 return 0;
200 }
201
202 int socket_instantiate_service(Socket *s) {
203 _cleanup_free_ char *prefix = NULL, *name = NULL;
204 int r;
205 Unit *u;
206
207 assert(s);
208
209 /* This fills in s->service if it isn't filled in yet. For
210 * Accept=yes sockets we create the next connection service
211 * here. For Accept=no this is mostly a NOP since the service
212 * is figured out at load time anyway. */
213
214 if (UNIT_DEREF(s->service))
215 return 0;
216
217 if (!s->accept)
218 return 0;
219
220 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
221 if (r < 0)
222 return r;
223
224 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
225 return -ENOMEM;
226
227 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
228 if (r < 0)
229 return r;
230
231 u->no_gc = true;
232 unit_ref_set(&s->service, u);
233
234 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
235 }
236
237 static bool have_non_accept_socket(Socket *s) {
238 SocketPort *p;
239
240 assert(s);
241
242 if (!s->accept)
243 return true;
244
245 LIST_FOREACH(port, p, s->ports) {
246
247 if (p->type != SOCKET_SOCKET)
248 return true;
249
250 if (!socket_address_can_accept(&p->address))
251 return true;
252 }
253
254 return false;
255 }
256
257 static int socket_add_mount_links(Socket *s) {
258 SocketPort *p;
259 int r;
260
261 assert(s);
262
263 LIST_FOREACH(port, p, s->ports) {
264 const char *path = NULL;
265
266 if (p->type == SOCKET_SOCKET)
267 path = socket_address_get_path(&p->address);
268 else if (IN_SET(p->type, SOCKET_FIFO, SOCKET_SPECIAL, SOCKET_USB_FUNCTION))
269 path = p->path;
270
271 if (!path)
272 continue;
273
274 r = unit_require_mounts_for(UNIT(s), path);
275 if (r < 0)
276 return r;
277 }
278
279 return 0;
280 }
281
282 static int socket_add_device_link(Socket *s) {
283 char *t;
284
285 assert(s);
286
287 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
288 return 0;
289
290 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
291 return unit_add_node_link(UNIT(s), t, false);
292 }
293
294 static int socket_add_default_dependencies(Socket *s) {
295 int r;
296 assert(s);
297
298 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
299 if (r < 0)
300 return r;
301
302 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
303 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
304 if (r < 0)
305 return r;
306 }
307
308 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
309 }
310
311 _pure_ static bool socket_has_exec(Socket *s) {
312 unsigned i;
313 assert(s);
314
315 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
316 if (s->exec_command[i])
317 return true;
318
319 return false;
320 }
321
322 static int socket_add_extras(Socket *s) {
323 Unit *u = UNIT(s);
324 int r;
325
326 assert(s);
327
328 if (have_non_accept_socket(s)) {
329
330 if (!UNIT_DEREF(s->service)) {
331 Unit *x;
332
333 r = unit_load_related_unit(u, ".service", &x);
334 if (r < 0)
335 return r;
336
337 unit_ref_set(&s->service, x);
338 }
339
340 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
341 if (r < 0)
342 return r;
343 }
344
345 r = socket_add_mount_links(s);
346 if (r < 0)
347 return r;
348
349 r = socket_add_device_link(s);
350 if (r < 0)
351 return r;
352
353 r = unit_patch_contexts(u);
354 if (r < 0)
355 return r;
356
357 if (socket_has_exec(s)) {
358 r = unit_add_exec_dependencies(u, &s->exec_context);
359 if (r < 0)
360 return r;
361
362 r = unit_set_default_slice(u);
363 if (r < 0)
364 return r;
365 }
366
367 if (u->default_dependencies) {
368 r = socket_add_default_dependencies(s);
369 if (r < 0)
370 return r;
371 }
372
373 return 0;
374 }
375
376 static const char *socket_find_symlink_target(Socket *s) {
377 const char *found = NULL;
378 SocketPort *p;
379
380 LIST_FOREACH(port, p, s->ports) {
381 const char *f = NULL;
382
383 switch (p->type) {
384
385 case SOCKET_FIFO:
386 f = p->path;
387 break;
388
389 case SOCKET_SOCKET:
390 if (p->address.sockaddr.un.sun_path[0] != 0)
391 f = p->address.sockaddr.un.sun_path;
392 break;
393
394 default:
395 break;
396 }
397
398 if (f) {
399 if (found)
400 return NULL;
401
402 found = f;
403 }
404 }
405
406 return found;
407 }
408
409 static int socket_verify(Socket *s) {
410 assert(s);
411
412 if (UNIT(s)->load_state != UNIT_LOADED)
413 return 0;
414
415 if (!s->ports) {
416 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
417 return -EINVAL;
418 }
419
420 if (s->accept && have_non_accept_socket(s)) {
421 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
422 return -EINVAL;
423 }
424
425 if (s->accept && s->max_connections <= 0) {
426 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
427 return -EINVAL;
428 }
429
430 if (s->accept && UNIT_DEREF(s->service)) {
431 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
432 return -EINVAL;
433 }
434
435 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
436 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
437 return -EINVAL;
438 }
439
440 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
441 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
442 return -EINVAL;
443 }
444
445 return 0;
446 }
447
448 static int socket_load(Unit *u) {
449 Socket *s = SOCKET(u);
450 int r;
451
452 assert(u);
453 assert(u->load_state == UNIT_STUB);
454
455 r = unit_load_fragment_and_dropin(u);
456 if (r < 0)
457 return r;
458
459 if (u->load_state == UNIT_LOADED) {
460 /* This is a new unit? Then let's add in some extras */
461 r = socket_add_extras(s);
462 if (r < 0)
463 return r;
464 }
465
466 return socket_verify(s);
467 }
468
469 _const_ static const char* listen_lookup(int family, int type) {
470
471 if (family == AF_NETLINK)
472 return "ListenNetlink";
473
474 if (type == SOCK_STREAM)
475 return "ListenStream";
476 else if (type == SOCK_DGRAM)
477 return "ListenDatagram";
478 else if (type == SOCK_SEQPACKET)
479 return "ListenSequentialPacket";
480
481 assert_not_reached("Unknown socket type");
482 return NULL;
483 }
484
485 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
486 char time_string[FORMAT_TIMESPAN_MAX];
487 SocketExecCommand c;
488 Socket *s = SOCKET(u);
489 SocketPort *p;
490 const char *prefix2;
491
492 assert(s);
493 assert(f);
494
495 prefix = strempty(prefix);
496 prefix2 = strjoina(prefix, "\t");
497
498 fprintf(f,
499 "%sSocket State: %s\n"
500 "%sResult: %s\n"
501 "%sBindIPv6Only: %s\n"
502 "%sBacklog: %u\n"
503 "%sSocketMode: %04o\n"
504 "%sDirectoryMode: %04o\n"
505 "%sKeepAlive: %s\n"
506 "%sNoDelay: %s\n"
507 "%sFreeBind: %s\n"
508 "%sTransparent: %s\n"
509 "%sBroadcast: %s\n"
510 "%sPassCredentials: %s\n"
511 "%sPassSecurity: %s\n"
512 "%sTCPCongestion: %s\n"
513 "%sRemoveOnStop: %s\n"
514 "%sWritable: %s\n"
515 "%sFDName: %s\n"
516 "%sSELinuxContextFromNet: %s\n",
517 prefix, socket_state_to_string(s->state),
518 prefix, socket_result_to_string(s->result),
519 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
520 prefix, s->backlog,
521 prefix, s->socket_mode,
522 prefix, s->directory_mode,
523 prefix, yes_no(s->keep_alive),
524 prefix, yes_no(s->no_delay),
525 prefix, yes_no(s->free_bind),
526 prefix, yes_no(s->transparent),
527 prefix, yes_no(s->broadcast),
528 prefix, yes_no(s->pass_cred),
529 prefix, yes_no(s->pass_sec),
530 prefix, strna(s->tcp_congestion),
531 prefix, yes_no(s->remove_on_stop),
532 prefix, yes_no(s->writable),
533 prefix, socket_fdname(s),
534 prefix, yes_no(s->selinux_context_from_net));
535
536 if (s->control_pid > 0)
537 fprintf(f,
538 "%sControl PID: "PID_FMT"\n",
539 prefix, s->control_pid);
540
541 if (s->bind_to_device)
542 fprintf(f,
543 "%sBindToDevice: %s\n",
544 prefix, s->bind_to_device);
545
546 if (s->accept)
547 fprintf(f,
548 "%sAccepted: %u\n"
549 "%sNConnections: %u\n"
550 "%sMaxConnections: %u\n",
551 prefix, s->n_accepted,
552 prefix, s->n_connections,
553 prefix, s->max_connections);
554
555 if (s->priority >= 0)
556 fprintf(f,
557 "%sPriority: %i\n",
558 prefix, s->priority);
559
560 if (s->receive_buffer > 0)
561 fprintf(f,
562 "%sReceiveBuffer: %zu\n",
563 prefix, s->receive_buffer);
564
565 if (s->send_buffer > 0)
566 fprintf(f,
567 "%sSendBuffer: %zu\n",
568 prefix, s->send_buffer);
569
570 if (s->ip_tos >= 0)
571 fprintf(f,
572 "%sIPTOS: %i\n",
573 prefix, s->ip_tos);
574
575 if (s->ip_ttl >= 0)
576 fprintf(f,
577 "%sIPTTL: %i\n",
578 prefix, s->ip_ttl);
579
580 if (s->pipe_size > 0)
581 fprintf(f,
582 "%sPipeSize: %zu\n",
583 prefix, s->pipe_size);
584
585 if (s->mark >= 0)
586 fprintf(f,
587 "%sMark: %i\n",
588 prefix, s->mark);
589
590 if (s->mq_maxmsg > 0)
591 fprintf(f,
592 "%sMessageQueueMaxMessages: %li\n",
593 prefix, s->mq_maxmsg);
594
595 if (s->mq_msgsize > 0)
596 fprintf(f,
597 "%sMessageQueueMessageSize: %li\n",
598 prefix, s->mq_msgsize);
599
600 if (s->reuse_port)
601 fprintf(f,
602 "%sReusePort: %s\n",
603 prefix, yes_no(s->reuse_port));
604
605 if (s->smack)
606 fprintf(f,
607 "%sSmackLabel: %s\n",
608 prefix, s->smack);
609
610 if (s->smack_ip_in)
611 fprintf(f,
612 "%sSmackLabelIPIn: %s\n",
613 prefix, s->smack_ip_in);
614
615 if (s->smack_ip_out)
616 fprintf(f,
617 "%sSmackLabelIPOut: %s\n",
618 prefix, s->smack_ip_out);
619
620 if (!isempty(s->user) || !isempty(s->group))
621 fprintf(f,
622 "%sOwnerUser: %s\n"
623 "%sOwnerGroup: %s\n",
624 prefix, strna(s->user),
625 prefix, strna(s->group));
626
627 if (s->keep_alive_time > 0)
628 fprintf(f,
629 "%sKeepAliveTimeSec: %s\n",
630 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
631
632 if (s->keep_alive_interval)
633 fprintf(f,
634 "%sKeepAliveIntervalSec: %s\n",
635 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
636
637 if (s->keep_alive_cnt)
638 fprintf(f,
639 "%sKeepAliveProbes: %u\n",
640 prefix, s->keep_alive_cnt);
641
642 if (s->defer_accept)
643 fprintf(f,
644 "%sDeferAcceptSec: %s\n",
645 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
646
647 LIST_FOREACH(port, p, s->ports) {
648
649 if (p->type == SOCKET_SOCKET) {
650 const char *t;
651 int r;
652 char *k = NULL;
653
654 r = socket_address_print(&p->address, &k);
655 if (r < 0)
656 t = strerror(-r);
657 else
658 t = k;
659
660 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
661 free(k);
662 } else if (p->type == SOCKET_SPECIAL)
663 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
664 else if (p->type == SOCKET_USB_FUNCTION)
665 fprintf(f, "%sListenUSBFunction: %s\n", prefix, p->path);
666 else if (p->type == SOCKET_MQUEUE)
667 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
668 else
669 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
670 }
671
672 exec_context_dump(&s->exec_context, f, prefix);
673 kill_context_dump(&s->kill_context, f, prefix);
674
675 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
676 if (!s->exec_command[c])
677 continue;
678
679 fprintf(f, "%s-> %s:\n",
680 prefix, socket_exec_command_to_string(c));
681
682 exec_command_dump_list(s->exec_command[c], f, prefix2);
683 }
684 }
685
686 static int instance_from_socket(int fd, unsigned nr, char **instance) {
687 socklen_t l;
688 char *r;
689 union sockaddr_union local, remote;
690
691 assert(fd >= 0);
692 assert(instance);
693
694 l = sizeof(local);
695 if (getsockname(fd, &local.sa, &l) < 0)
696 return -errno;
697
698 l = sizeof(remote);
699 if (getpeername(fd, &remote.sa, &l) < 0)
700 return -errno;
701
702 switch (local.sa.sa_family) {
703
704 case AF_INET: {
705 uint32_t
706 a = ntohl(local.in.sin_addr.s_addr),
707 b = ntohl(remote.in.sin_addr.s_addr);
708
709 if (asprintf(&r,
710 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
711 nr,
712 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
713 ntohs(local.in.sin_port),
714 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
715 ntohs(remote.in.sin_port)) < 0)
716 return -ENOMEM;
717
718 break;
719 }
720
721 case AF_INET6: {
722 static const unsigned char ipv4_prefix[] = {
723 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
724 };
725
726 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
727 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
728 const uint8_t
729 *a = local.in6.sin6_addr.s6_addr+12,
730 *b = remote.in6.sin6_addr.s6_addr+12;
731
732 if (asprintf(&r,
733 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
734 nr,
735 a[0], a[1], a[2], a[3],
736 ntohs(local.in6.sin6_port),
737 b[0], b[1], b[2], b[3],
738 ntohs(remote.in6.sin6_port)) < 0)
739 return -ENOMEM;
740 } else {
741 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
742
743 if (asprintf(&r,
744 "%u-%s:%u-%s:%u",
745 nr,
746 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
747 ntohs(local.in6.sin6_port),
748 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
749 ntohs(remote.in6.sin6_port)) < 0)
750 return -ENOMEM;
751 }
752
753 break;
754 }
755
756 case AF_UNIX: {
757 struct ucred ucred;
758 int k;
759
760 k = getpeercred(fd, &ucred);
761 if (k >= 0) {
762 if (asprintf(&r,
763 "%u-"PID_FMT"-"UID_FMT,
764 nr, ucred.pid, ucred.uid) < 0)
765 return -ENOMEM;
766 } else if (k == -ENODATA) {
767 /* This handles the case where somebody is
768 * connecting from another pid/uid namespace
769 * (e.g. from outside of our container). */
770 if (asprintf(&r,
771 "%u-unknown",
772 nr) < 0)
773 return -ENOMEM;
774 } else
775 return k;
776
777 break;
778 }
779
780 default:
781 assert_not_reached("Unhandled socket type.");
782 }
783
784 *instance = r;
785 return 0;
786 }
787
788 static void socket_close_fds(Socket *s) {
789 SocketPort *p;
790 char **i;
791
792 assert(s);
793
794 LIST_FOREACH(port, p, s->ports) {
795
796 p->event_source = sd_event_source_unref(p->event_source);
797
798 if (p->fd < 0)
799 continue;
800
801 p->fd = safe_close(p->fd);
802 socket_cleanup_fd_list(p);
803
804 /* One little note: we should normally not delete any
805 * sockets in the file system here! After all some
806 * other process we spawned might still have a
807 * reference of this fd and wants to continue to use
808 * it. Therefore we delete sockets in the file system
809 * before we create a new one, not after we stopped
810 * using one! */
811
812 if (s->remove_on_stop) {
813 switch (p->type) {
814
815 case SOCKET_FIFO:
816 unlink(p->path);
817 break;
818
819 case SOCKET_MQUEUE:
820 mq_unlink(p->path);
821 break;
822
823 case SOCKET_SOCKET:
824 socket_address_unlink(&p->address);
825 break;
826
827 default:
828 break;
829 }
830 }
831 }
832
833 if (s->remove_on_stop)
834 STRV_FOREACH(i, s->symlinks)
835 unlink(*i);
836 }
837
838 static void socket_apply_socket_options(Socket *s, int fd) {
839 int r;
840
841 assert(s);
842 assert(fd >= 0);
843
844 if (s->keep_alive) {
845 int b = s->keep_alive;
846 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
847 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
848 }
849
850 if (s->keep_alive_time) {
851 int value = s->keep_alive_time / USEC_PER_SEC;
852 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
853 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
854 }
855
856 if (s->keep_alive_interval) {
857 int value = s->keep_alive_interval / USEC_PER_SEC;
858 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
859 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
860 }
861
862 if (s->keep_alive_cnt) {
863 int value = s->keep_alive_cnt;
864 if (setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &value, sizeof(value)) < 0)
865 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
866 }
867
868 if (s->defer_accept) {
869 int value = s->defer_accept / USEC_PER_SEC;
870 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
871 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
872 }
873
874 if (s->no_delay) {
875 int b = s->no_delay;
876 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
877 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
878 }
879
880 if (s->broadcast) {
881 int one = 1;
882 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
883 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
884 }
885
886 if (s->pass_cred) {
887 int one = 1;
888 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
889 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
890 }
891
892 if (s->pass_sec) {
893 int one = 1;
894 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
895 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
896 }
897
898 if (s->priority >= 0)
899 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
900 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
901
902 if (s->receive_buffer > 0) {
903 int value = (int) s->receive_buffer;
904
905 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
906
907 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
908 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
909 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
910 }
911
912 if (s->send_buffer > 0) {
913 int value = (int) s->send_buffer;
914 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
915 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
916 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
917 }
918
919 if (s->mark >= 0)
920 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
921 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
922
923 if (s->ip_tos >= 0)
924 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
925 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
926
927 if (s->ip_ttl >= 0) {
928 int x;
929
930 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
931
932 if (socket_ipv6_is_supported())
933 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
934 else {
935 x = -1;
936 errno = EAFNOSUPPORT;
937 }
938
939 if (r < 0 && x < 0)
940 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
941 }
942
943 if (s->tcp_congestion)
944 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
945 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
946
947 if (s->smack_ip_in) {
948 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
949 if (r < 0)
950 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
951 }
952
953 if (s->smack_ip_out) {
954 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
955 if (r < 0)
956 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
957 }
958 }
959
960 static void socket_apply_fifo_options(Socket *s, int fd) {
961 int r;
962
963 assert(s);
964 assert(fd >= 0);
965
966 if (s->pipe_size > 0)
967 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
968 log_unit_warning_errno(UNIT(s), errno, "Setting pipe size failed, ignoring: %m");
969
970 if (s->smack) {
971 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
972 if (r < 0)
973 log_unit_error_errno(UNIT(s), r, "SMACK relabelling failed, ignoring: %m");
974 }
975 }
976
977 static int fifo_address_create(
978 const char *path,
979 mode_t directory_mode,
980 mode_t socket_mode) {
981
982 _cleanup_close_ int fd = -1;
983 mode_t old_mask;
984 struct stat st;
985 int r;
986
987 assert(path);
988
989 mkdir_parents_label(path, directory_mode);
990
991 r = mac_selinux_create_file_prepare(path, S_IFIFO);
992 if (r < 0)
993 return r;
994
995 /* Enforce the right access mode for the fifo */
996 old_mask = umask(~ socket_mode);
997
998 /* Include the original umask in our mask */
999 (void) umask(~socket_mode | old_mask);
1000
1001 r = mkfifo(path, socket_mode);
1002 (void) umask(old_mask);
1003
1004 if (r < 0 && errno != EEXIST) {
1005 r = -errno;
1006 goto fail;
1007 }
1008
1009 fd = open(path, O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
1010 if (fd < 0) {
1011 r = -errno;
1012 goto fail;
1013 }
1014
1015 mac_selinux_create_file_clear();
1016
1017 if (fstat(fd, &st) < 0) {
1018 r = -errno;
1019 goto fail;
1020 }
1021
1022 if (!S_ISFIFO(st.st_mode) ||
1023 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1024 st.st_uid != getuid() ||
1025 st.st_gid != getgid()) {
1026 r = -EEXIST;
1027 goto fail;
1028 }
1029
1030 r = fd;
1031 fd = -1;
1032
1033 return r;
1034
1035 fail:
1036 mac_selinux_create_file_clear();
1037 return r;
1038 }
1039
1040 static int special_address_create(const char *path, bool writable) {
1041 _cleanup_close_ int fd = -1;
1042 struct stat st;
1043 int r;
1044
1045 assert(path);
1046
1047 fd = open(path, (writable ? O_RDWR : O_RDONLY)|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1048 if (fd < 0)
1049 return -errno;
1050
1051 if (fstat(fd, &st) < 0)
1052 return -errno;
1053
1054 /* Check whether this is a /proc, /sys or /dev file or char device */
1055 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode))
1056 return -EEXIST;
1057
1058 r = fd;
1059 fd = -1;
1060
1061 return r;
1062 }
1063
1064 static int usbffs_address_create(const char *path) {
1065 _cleanup_close_ int fd = -1;
1066 struct stat st;
1067 int r;
1068
1069 assert(path);
1070
1071 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1072 if (fd < 0)
1073 return -errno;
1074
1075 if (fstat(fd, &st) < 0)
1076 return -errno;
1077
1078 /* Check whether this is a regular file (ffs endpoint)*/
1079 if (!S_ISREG(st.st_mode))
1080 return -EEXIST;
1081
1082 r = fd;
1083 fd = -1;
1084
1085 return r;
1086 }
1087
1088 static int mq_address_create(
1089 const char *path,
1090 mode_t mq_mode,
1091 long maxmsg,
1092 long msgsize) {
1093
1094 _cleanup_close_ int fd = -1;
1095 struct stat st;
1096 mode_t old_mask;
1097 struct mq_attr _attr, *attr = NULL;
1098 int r;
1099
1100 assert(path);
1101
1102 if (maxmsg > 0 && msgsize > 0) {
1103 _attr = (struct mq_attr) {
1104 .mq_flags = O_NONBLOCK,
1105 .mq_maxmsg = maxmsg,
1106 .mq_msgsize = msgsize,
1107 };
1108 attr = &_attr;
1109 }
1110
1111 /* Enforce the right access mode for the mq */
1112 old_mask = umask(~ mq_mode);
1113
1114 /* Include the original umask in our mask */
1115 (void) umask(~mq_mode | old_mask);
1116 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1117 (void) umask(old_mask);
1118
1119 if (fd < 0)
1120 return -errno;
1121
1122 if (fstat(fd, &st) < 0)
1123 return -errno;
1124
1125 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1126 st.st_uid != getuid() ||
1127 st.st_gid != getgid())
1128 return -EEXIST;
1129
1130 r = fd;
1131 fd = -1;
1132
1133 return r;
1134 }
1135
1136 static int socket_symlink(Socket *s) {
1137 const char *p;
1138 char **i;
1139
1140 assert(s);
1141
1142 p = socket_find_symlink_target(s);
1143 if (!p)
1144 return 0;
1145
1146 STRV_FOREACH(i, s->symlinks)
1147 symlink_label(p, *i);
1148
1149 return 0;
1150 }
1151
1152 static int usbffs_write_descs(int fd, Service *s) {
1153 int r;
1154
1155 if (!s->usb_function_descriptors || !s->usb_function_strings)
1156 return -EINVAL;
1157
1158 r = copy_file_fd(s->usb_function_descriptors, fd, false);
1159 if (r < 0)
1160 return r;
1161
1162 return copy_file_fd(s->usb_function_strings, fd, false);
1163 }
1164
1165 static int usbffs_select_ep(const struct dirent *d) {
1166 return d->d_name[0] != '.' && !streq(d->d_name, "ep0");
1167 }
1168
1169 static int usbffs_dispatch_eps(SocketPort *p) {
1170 _cleanup_free_ struct dirent **ent = NULL;
1171 _cleanup_free_ char *path = NULL;
1172 int r, i, n, k;
1173
1174 path = dirname_malloc(p->path);
1175 if (!path)
1176 return -ENOMEM;
1177
1178 r = scandir(path, &ent, usbffs_select_ep, alphasort);
1179 if (r < 0)
1180 return -errno;
1181
1182 n = r;
1183 p->auxiliary_fds = new(int, n);
1184 if (!p->auxiliary_fds)
1185 return -ENOMEM;
1186
1187 p->n_auxiliary_fds = n;
1188
1189 k = 0;
1190 for (i = 0; i < n; ++i) {
1191 _cleanup_free_ char *ep = NULL;
1192
1193 ep = path_make_absolute(ent[i]->d_name, path);
1194 if (!ep)
1195 return -ENOMEM;
1196
1197 path_kill_slashes(ep);
1198
1199 r = usbffs_address_create(ep);
1200 if (r < 0)
1201 goto fail;
1202
1203 p->auxiliary_fds[k] = r;
1204
1205 ++k;
1206 free(ent[i]);
1207 }
1208
1209 return r;
1210
1211 fail:
1212 close_many(p->auxiliary_fds, k);
1213 p->auxiliary_fds = mfree(p->auxiliary_fds);
1214 p->n_auxiliary_fds = 0;
1215
1216 return r;
1217 }
1218
1219 static int socket_open_fds(Socket *s) {
1220 _cleanup_(mac_selinux_freep) char *label = NULL;
1221 bool know_label = false;
1222 SocketPort *p;
1223 int r;
1224
1225 assert(s);
1226
1227 LIST_FOREACH(port, p, s->ports) {
1228
1229 if (p->fd >= 0)
1230 continue;
1231
1232 switch (p->type) {
1233
1234 case SOCKET_SOCKET:
1235
1236 if (!know_label) {
1237 /* Figure out label, if we don't it know
1238 * yet. We do it once, for the first
1239 * socket where we need this and
1240 * remember it for the rest. */
1241
1242 if (s->selinux_context_from_net) {
1243 /* Get it from the network label */
1244
1245 r = mac_selinux_get_our_label(&label);
1246 if (r < 0 && r != -EOPNOTSUPP)
1247 goto rollback;
1248
1249 } else {
1250 /* Get it from the executable we are about to start */
1251
1252 r = socket_instantiate_service(s);
1253 if (r < 0)
1254 goto rollback;
1255
1256 if (UNIT_ISSET(s->service) &&
1257 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1258 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1259 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1260 goto rollback;
1261 }
1262 }
1263
1264 know_label = true;
1265 }
1266
1267 r = socket_address_listen(
1268 &p->address,
1269 SOCK_CLOEXEC|SOCK_NONBLOCK,
1270 s->backlog,
1271 s->bind_ipv6_only,
1272 s->bind_to_device,
1273 s->reuse_port,
1274 s->free_bind,
1275 s->transparent,
1276 s->directory_mode,
1277 s->socket_mode,
1278 label);
1279 if (r < 0)
1280 goto rollback;
1281
1282 p->fd = r;
1283 socket_apply_socket_options(s, p->fd);
1284 socket_symlink(s);
1285 break;
1286
1287 case SOCKET_SPECIAL:
1288
1289 p->fd = special_address_create(p->path, s->writable);
1290 if (p->fd < 0) {
1291 r = p->fd;
1292 goto rollback;
1293 }
1294 break;
1295
1296 case SOCKET_FIFO:
1297
1298 p->fd = fifo_address_create(
1299 p->path,
1300 s->directory_mode,
1301 s->socket_mode);
1302 if (p->fd < 0) {
1303 r = p->fd;
1304 goto rollback;
1305 }
1306
1307 socket_apply_fifo_options(s, p->fd);
1308 socket_symlink(s);
1309 break;
1310
1311 case SOCKET_MQUEUE:
1312
1313 p->fd = mq_address_create(
1314 p->path,
1315 s->socket_mode,
1316 s->mq_maxmsg,
1317 s->mq_msgsize);
1318 if (p->fd < 0) {
1319 r = p->fd;
1320 goto rollback;
1321 }
1322 break;
1323
1324 case SOCKET_USB_FUNCTION:
1325
1326 p->fd = usbffs_address_create(p->path);
1327 if (p->fd < 0) {
1328 r = p->fd;
1329 goto rollback;
1330 }
1331
1332 r = usbffs_write_descs(p->fd, SERVICE(UNIT_DEREF(s->service)));
1333 if (r < 0)
1334 goto rollback;
1335
1336 r = usbffs_dispatch_eps(p);
1337 if (r < 0)
1338 goto rollback;
1339
1340 break;
1341
1342 default:
1343 assert_not_reached("Unknown port type");
1344 }
1345 }
1346
1347 return 0;
1348
1349 rollback:
1350 socket_close_fds(s);
1351 return r;
1352 }
1353
1354 static void socket_unwatch_fds(Socket *s) {
1355 SocketPort *p;
1356 int r;
1357
1358 assert(s);
1359
1360 LIST_FOREACH(port, p, s->ports) {
1361 if (p->fd < 0)
1362 continue;
1363
1364 if (!p->event_source)
1365 continue;
1366
1367 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1368 if (r < 0)
1369 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
1370 }
1371 }
1372
1373 static int socket_watch_fds(Socket *s) {
1374 SocketPort *p;
1375 int r;
1376
1377 assert(s);
1378
1379 LIST_FOREACH(port, p, s->ports) {
1380 if (p->fd < 0)
1381 continue;
1382
1383 if (p->event_source) {
1384 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1385 if (r < 0)
1386 goto fail;
1387 } else {
1388 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1389 if (r < 0)
1390 goto fail;
1391
1392 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1393 }
1394 }
1395
1396 return 0;
1397
1398 fail:
1399 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
1400 socket_unwatch_fds(s);
1401 return r;
1402 }
1403
1404 static void socket_set_state(Socket *s, SocketState state) {
1405 SocketState old_state;
1406 assert(s);
1407
1408 old_state = s->state;
1409 s->state = state;
1410
1411 if (!IN_SET(state,
1412 SOCKET_START_PRE,
1413 SOCKET_START_CHOWN,
1414 SOCKET_START_POST,
1415 SOCKET_STOP_PRE,
1416 SOCKET_STOP_PRE_SIGTERM,
1417 SOCKET_STOP_PRE_SIGKILL,
1418 SOCKET_STOP_POST,
1419 SOCKET_FINAL_SIGTERM,
1420 SOCKET_FINAL_SIGKILL)) {
1421
1422 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1423 socket_unwatch_control_pid(s);
1424 s->control_command = NULL;
1425 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1426 }
1427
1428 if (state != SOCKET_LISTENING)
1429 socket_unwatch_fds(s);
1430
1431 if (!IN_SET(state,
1432 SOCKET_START_CHOWN,
1433 SOCKET_START_POST,
1434 SOCKET_LISTENING,
1435 SOCKET_RUNNING,
1436 SOCKET_STOP_PRE,
1437 SOCKET_STOP_PRE_SIGTERM,
1438 SOCKET_STOP_PRE_SIGKILL))
1439 socket_close_fds(s);
1440
1441 if (state != old_state)
1442 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
1443
1444 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1445 }
1446
1447 static int socket_coldplug(Unit *u) {
1448 Socket *s = SOCKET(u);
1449 int r;
1450
1451 assert(s);
1452 assert(s->state == SOCKET_DEAD);
1453
1454 if (s->deserialized_state == s->state)
1455 return 0;
1456
1457 if (IN_SET(s->deserialized_state,
1458 SOCKET_START_PRE,
1459 SOCKET_START_CHOWN,
1460 SOCKET_START_POST,
1461 SOCKET_STOP_PRE,
1462 SOCKET_STOP_PRE_SIGTERM,
1463 SOCKET_STOP_PRE_SIGKILL,
1464 SOCKET_STOP_POST,
1465 SOCKET_FINAL_SIGTERM,
1466 SOCKET_FINAL_SIGKILL)) {
1467
1468 if (s->control_pid <= 0)
1469 return -EBADMSG;
1470
1471 r = unit_watch_pid(UNIT(s), s->control_pid);
1472 if (r < 0)
1473 return r;
1474
1475 r = socket_arm_timer(s);
1476 if (r < 0)
1477 return r;
1478 }
1479
1480 if (IN_SET(s->deserialized_state,
1481 SOCKET_START_CHOWN,
1482 SOCKET_START_POST,
1483 SOCKET_LISTENING,
1484 SOCKET_RUNNING,
1485 SOCKET_STOP_PRE,
1486 SOCKET_STOP_PRE_SIGTERM,
1487 SOCKET_STOP_PRE_SIGKILL)) {
1488 r = socket_open_fds(s);
1489 if (r < 0)
1490 return r;
1491 }
1492
1493 if (s->deserialized_state == SOCKET_LISTENING) {
1494 r = socket_watch_fds(s);
1495 if (r < 0)
1496 return r;
1497 }
1498
1499 socket_set_state(s, s->deserialized_state);
1500 return 0;
1501 }
1502
1503 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1504 _cleanup_free_ char **argv = NULL;
1505 pid_t pid;
1506 int r;
1507 ExecParameters exec_params = {
1508 .apply_permissions = true,
1509 .apply_chroot = true,
1510 .apply_tty_stdin = true,
1511 .bus_endpoint_fd = -1,
1512 .stdin_fd = -1,
1513 .stdout_fd = -1,
1514 .stderr_fd = -1,
1515 };
1516
1517 assert(s);
1518 assert(c);
1519 assert(_pid);
1520
1521 (void) unit_realize_cgroup(UNIT(s));
1522 if (s->reset_cpu_usage) {
1523 (void) unit_reset_cpu_usage(UNIT(s));
1524 s->reset_cpu_usage = false;
1525 }
1526
1527 r = unit_setup_exec_runtime(UNIT(s));
1528 if (r < 0)
1529 goto fail;
1530
1531 r = socket_arm_timer(s);
1532 if (r < 0)
1533 goto fail;
1534
1535 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1536 if (r < 0)
1537 goto fail;
1538
1539 exec_params.argv = argv;
1540 exec_params.environment = UNIT(s)->manager->environment;
1541 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1542 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1543 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1544 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1545 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1546
1547 r = exec_spawn(UNIT(s),
1548 c,
1549 &s->exec_context,
1550 &exec_params,
1551 s->exec_runtime,
1552 &pid);
1553 if (r < 0)
1554 goto fail;
1555
1556 r = unit_watch_pid(UNIT(s), pid);
1557 if (r < 0)
1558 /* FIXME: we need to do something here */
1559 goto fail;
1560
1561 *_pid = pid;
1562 return 0;
1563
1564 fail:
1565 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1566 return r;
1567 }
1568
1569 static int socket_chown(Socket *s, pid_t *_pid) {
1570 pid_t pid;
1571 int r;
1572
1573 r = socket_arm_timer(s);
1574 if (r < 0)
1575 goto fail;
1576
1577 /* We have to resolve the user names out-of-process, hence
1578 * let's fork here. It's messy, but well, what can we do? */
1579
1580 pid = fork();
1581 if (pid < 0)
1582 return -errno;
1583
1584 if (pid == 0) {
1585 SocketPort *p;
1586 uid_t uid = UID_INVALID;
1587 gid_t gid = GID_INVALID;
1588 int ret;
1589
1590 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1591 (void) ignore_signals(SIGPIPE, -1);
1592 log_forget_fds();
1593
1594 if (!isempty(s->user)) {
1595 const char *user = s->user;
1596
1597 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1598 if (r < 0) {
1599 ret = EXIT_USER;
1600 goto fail_child;
1601 }
1602 }
1603
1604 if (!isempty(s->group)) {
1605 const char *group = s->group;
1606
1607 r = get_group_creds(&group, &gid);
1608 if (r < 0) {
1609 ret = EXIT_GROUP;
1610 goto fail_child;
1611 }
1612 }
1613
1614 LIST_FOREACH(port, p, s->ports) {
1615 const char *path = NULL;
1616
1617 if (p->type == SOCKET_SOCKET)
1618 path = socket_address_get_path(&p->address);
1619 else if (p->type == SOCKET_FIFO)
1620 path = p->path;
1621
1622 if (!path)
1623 continue;
1624
1625 if (chown(path, uid, gid) < 0) {
1626 r = -errno;
1627 ret = EXIT_CHOWN;
1628 goto fail_child;
1629 }
1630 }
1631
1632 _exit(0);
1633
1634 fail_child:
1635 log_open();
1636 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1637
1638 _exit(ret);
1639 }
1640
1641 r = unit_watch_pid(UNIT(s), pid);
1642 if (r < 0)
1643 goto fail;
1644
1645 *_pid = pid;
1646 return 0;
1647
1648 fail:
1649 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1650 return r;
1651 }
1652
1653 static void socket_enter_dead(Socket *s, SocketResult f) {
1654 assert(s);
1655
1656 if (f != SOCKET_SUCCESS)
1657 s->result = f;
1658
1659 exec_runtime_destroy(s->exec_runtime);
1660 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1661
1662 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1663
1664 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1665 }
1666
1667 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1668
1669 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1670 int r;
1671 assert(s);
1672
1673 if (f != SOCKET_SUCCESS)
1674 s->result = f;
1675
1676 socket_unwatch_control_pid(s);
1677 s->control_command_id = SOCKET_EXEC_STOP_POST;
1678 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1679
1680 if (s->control_command) {
1681 r = socket_spawn(s, s->control_command, &s->control_pid);
1682 if (r < 0)
1683 goto fail;
1684
1685 socket_set_state(s, SOCKET_STOP_POST);
1686 } else
1687 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1688
1689 return;
1690
1691 fail:
1692 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
1693 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1694 }
1695
1696 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1697 int r;
1698
1699 assert(s);
1700
1701 if (f != SOCKET_SUCCESS)
1702 s->result = f;
1703
1704 r = unit_kill_context(
1705 UNIT(s),
1706 &s->kill_context,
1707 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1708 KILL_KILL : KILL_TERMINATE,
1709 -1,
1710 s->control_pid,
1711 false);
1712 if (r < 0)
1713 goto fail;
1714
1715 if (r > 0) {
1716 r = socket_arm_timer(s);
1717 if (r < 0)
1718 goto fail;
1719
1720 socket_set_state(s, state);
1721 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1722 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1723 else if (state == SOCKET_STOP_PRE_SIGKILL)
1724 socket_enter_stop_post(s, SOCKET_SUCCESS);
1725 else if (state == SOCKET_FINAL_SIGTERM)
1726 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1727 else
1728 socket_enter_dead(s, SOCKET_SUCCESS);
1729
1730 return;
1731
1732 fail:
1733 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
1734
1735 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1736 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1737 else
1738 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1739 }
1740
1741 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1742 int r;
1743 assert(s);
1744
1745 if (f != SOCKET_SUCCESS)
1746 s->result = f;
1747
1748 socket_unwatch_control_pid(s);
1749 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1750 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1751
1752 if (s->control_command) {
1753 r = socket_spawn(s, s->control_command, &s->control_pid);
1754 if (r < 0)
1755 goto fail;
1756
1757 socket_set_state(s, SOCKET_STOP_PRE);
1758 } else
1759 socket_enter_stop_post(s, SOCKET_SUCCESS);
1760
1761 return;
1762
1763 fail:
1764 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
1765 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1766 }
1767
1768 static void socket_enter_listening(Socket *s) {
1769 int r;
1770 assert(s);
1771
1772 r = socket_watch_fds(s);
1773 if (r < 0) {
1774 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1775 goto fail;
1776 }
1777
1778 socket_set_state(s, SOCKET_LISTENING);
1779 return;
1780
1781 fail:
1782 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1783 }
1784
1785 static void socket_enter_start_post(Socket *s) {
1786 int r;
1787 assert(s);
1788
1789 socket_unwatch_control_pid(s);
1790 s->control_command_id = SOCKET_EXEC_START_POST;
1791 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1792
1793 if (s->control_command) {
1794 r = socket_spawn(s, s->control_command, &s->control_pid);
1795 if (r < 0) {
1796 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
1797 goto fail;
1798 }
1799
1800 socket_set_state(s, SOCKET_START_POST);
1801 } else
1802 socket_enter_listening(s);
1803
1804 return;
1805
1806 fail:
1807 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1808 }
1809
1810 static void socket_enter_start_chown(Socket *s) {
1811 int r;
1812
1813 assert(s);
1814
1815 r = socket_open_fds(s);
1816 if (r < 0) {
1817 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1818 goto fail;
1819 }
1820
1821 if (!isempty(s->user) || !isempty(s->group)) {
1822
1823 socket_unwatch_control_pid(s);
1824 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1825 s->control_command = NULL;
1826
1827 r = socket_chown(s, &s->control_pid);
1828 if (r < 0) {
1829 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
1830 goto fail;
1831 }
1832
1833 socket_set_state(s, SOCKET_START_CHOWN);
1834 } else
1835 socket_enter_start_post(s);
1836
1837 return;
1838
1839 fail:
1840 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1841 }
1842
1843 static void socket_enter_start_pre(Socket *s) {
1844 int r;
1845 assert(s);
1846
1847 socket_unwatch_control_pid(s);
1848 s->control_command_id = SOCKET_EXEC_START_PRE;
1849 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1850
1851 if (s->control_command) {
1852 r = socket_spawn(s, s->control_command, &s->control_pid);
1853 if (r < 0) {
1854 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
1855 goto fail;
1856 }
1857
1858 socket_set_state(s, SOCKET_START_PRE);
1859 } else
1860 socket_enter_start_chown(s);
1861
1862 return;
1863
1864 fail:
1865 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1866 }
1867
1868 static void socket_enter_running(Socket *s, int cfd) {
1869 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1870 int r;
1871
1872 assert(s);
1873
1874 /* We don't take connections anymore if we are supposed to
1875 * shut down anyway */
1876 if (unit_stop_pending(UNIT(s))) {
1877
1878 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
1879
1880 if (cfd >= 0)
1881 safe_close(cfd);
1882 else {
1883 /* Flush all sockets by closing and reopening them */
1884 socket_close_fds(s);
1885
1886 r = socket_open_fds(s);
1887 if (r < 0) {
1888 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1889 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1890 return;
1891 }
1892
1893 r = socket_watch_fds(s);
1894 if (r < 0) {
1895 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1896 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1897 }
1898 }
1899
1900 return;
1901 }
1902
1903 if (cfd < 0) {
1904 Iterator i;
1905 Unit *other;
1906 bool pending = false;
1907
1908 /* If there's already a start pending don't bother to
1909 * do anything */
1910 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1911 if (unit_active_or_pending(other)) {
1912 pending = true;
1913 break;
1914 }
1915
1916 if (!pending) {
1917 if (!UNIT_ISSET(s->service)) {
1918 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
1919 r = -ENOENT;
1920 goto fail;
1921 }
1922
1923 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1924 if (r < 0)
1925 goto fail;
1926 }
1927
1928 socket_set_state(s, SOCKET_RUNNING);
1929 } else {
1930 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1931 Service *service;
1932
1933 if (s->n_connections >= s->max_connections) {
1934 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
1935 safe_close(cfd);
1936 return;
1937 }
1938
1939 r = socket_instantiate_service(s);
1940 if (r < 0)
1941 goto fail;
1942
1943 r = instance_from_socket(cfd, s->n_accepted, &instance);
1944 if (r < 0) {
1945 if (r != -ENOTCONN)
1946 goto fail;
1947
1948 /* ENOTCONN is legitimate if TCP RST was received.
1949 * This connection is over, but the socket unit lives on. */
1950 safe_close(cfd);
1951 return;
1952 }
1953
1954 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1955 if (r < 0)
1956 goto fail;
1957
1958 r = unit_name_build(prefix, instance, ".service", &name);
1959 if (r < 0)
1960 goto fail;
1961
1962 r = unit_add_name(UNIT_DEREF(s->service), name);
1963 if (r < 0)
1964 goto fail;
1965
1966 service = SERVICE(UNIT_DEREF(s->service));
1967 unit_ref_unset(&s->service);
1968 s->n_accepted ++;
1969
1970 UNIT(service)->no_gc = false;
1971
1972 unit_choose_id(UNIT(service), name);
1973
1974 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1975 if (r < 0)
1976 goto fail;
1977
1978 cfd = -1;
1979 s->n_connections ++;
1980
1981 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1982 if (r < 0)
1983 goto fail;
1984
1985 /* Notify clients about changed counters */
1986 unit_add_to_dbus_queue(UNIT(s));
1987 }
1988
1989 return;
1990
1991 fail:
1992 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1993 cfd >= 0 ? "template" : "non-template",
1994 bus_error_message(&error, r));
1995
1996 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1997 safe_close(cfd);
1998 }
1999
2000 static void socket_run_next(Socket *s) {
2001 int r;
2002
2003 assert(s);
2004 assert(s->control_command);
2005 assert(s->control_command->command_next);
2006
2007 socket_unwatch_control_pid(s);
2008
2009 s->control_command = s->control_command->command_next;
2010
2011 r = socket_spawn(s, s->control_command, &s->control_pid);
2012 if (r < 0)
2013 goto fail;
2014
2015 return;
2016
2017 fail:
2018 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
2019
2020 if (s->state == SOCKET_START_POST)
2021 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2022 else if (s->state == SOCKET_STOP_POST)
2023 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
2024 else
2025 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
2026 }
2027
2028 static int socket_start(Unit *u) {
2029 Socket *s = SOCKET(u);
2030
2031 assert(s);
2032
2033 /* We cannot fulfill this request right now, try again later
2034 * please! */
2035 if (IN_SET(s->state,
2036 SOCKET_STOP_PRE,
2037 SOCKET_STOP_PRE_SIGKILL,
2038 SOCKET_STOP_PRE_SIGTERM,
2039 SOCKET_STOP_POST,
2040 SOCKET_FINAL_SIGTERM,
2041 SOCKET_FINAL_SIGKILL))
2042 return -EAGAIN;
2043
2044 /* Already on it! */
2045 if (IN_SET(s->state,
2046 SOCKET_START_PRE,
2047 SOCKET_START_CHOWN,
2048 SOCKET_START_POST))
2049 return 0;
2050
2051 /* Cannot run this without the service being around */
2052 if (UNIT_ISSET(s->service)) {
2053 Service *service;
2054
2055 service = SERVICE(UNIT_DEREF(s->service));
2056
2057 if (UNIT(service)->load_state != UNIT_LOADED) {
2058 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
2059 return -ENOENT;
2060 }
2061
2062 /* If the service is already active we cannot start the
2063 * socket */
2064 if (service->state != SERVICE_DEAD &&
2065 service->state != SERVICE_FAILED &&
2066 service->state != SERVICE_AUTO_RESTART) {
2067 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
2068 return -EBUSY;
2069 }
2070 }
2071
2072 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
2073
2074 s->result = SOCKET_SUCCESS;
2075 s->reset_cpu_usage = true;
2076
2077 socket_enter_start_pre(s);
2078
2079 return 1;
2080 }
2081
2082 static int socket_stop(Unit *u) {
2083 Socket *s = SOCKET(u);
2084
2085 assert(s);
2086
2087 /* Already on it */
2088 if (IN_SET(s->state,
2089 SOCKET_STOP_PRE,
2090 SOCKET_STOP_PRE_SIGTERM,
2091 SOCKET_STOP_PRE_SIGKILL,
2092 SOCKET_STOP_POST,
2093 SOCKET_FINAL_SIGTERM,
2094 SOCKET_FINAL_SIGKILL))
2095 return 0;
2096
2097 /* If there's already something running we go directly into
2098 * kill mode. */
2099 if (IN_SET(s->state,
2100 SOCKET_START_PRE,
2101 SOCKET_START_CHOWN,
2102 SOCKET_START_POST)) {
2103 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
2104 return -EAGAIN;
2105 }
2106
2107 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
2108
2109 socket_enter_stop_pre(s, SOCKET_SUCCESS);
2110 return 1;
2111 }
2112
2113 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2114 Socket *s = SOCKET(u);
2115 SocketPort *p;
2116 int r;
2117
2118 assert(u);
2119 assert(f);
2120 assert(fds);
2121
2122 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2123 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2124 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2125
2126 if (s->control_pid > 0)
2127 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2128
2129 if (s->control_command_id >= 0)
2130 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2131
2132 LIST_FOREACH(port, p, s->ports) {
2133 int copy;
2134
2135 if (p->fd < 0)
2136 continue;
2137
2138 copy = fdset_put_dup(fds, p->fd);
2139 if (copy < 0)
2140 return copy;
2141
2142 if (p->type == SOCKET_SOCKET) {
2143 _cleanup_free_ char *t = NULL;
2144
2145 r = socket_address_print(&p->address, &t);
2146 if (r < 0)
2147 return r;
2148
2149 if (socket_address_family(&p->address) == AF_NETLINK)
2150 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2151 else
2152 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2153
2154 } else if (p->type == SOCKET_SPECIAL)
2155 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2156 else if (p->type == SOCKET_MQUEUE)
2157 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2158 else if (p->type == SOCKET_USB_FUNCTION)
2159 unit_serialize_item_format(u, f, "ffs", "%i %s", copy, p->path);
2160 else {
2161 assert(p->type == SOCKET_FIFO);
2162 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2163 }
2164 }
2165
2166 return 0;
2167 }
2168
2169 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2170 Socket *s = SOCKET(u);
2171
2172 assert(u);
2173 assert(key);
2174 assert(value);
2175
2176 if (streq(key, "state")) {
2177 SocketState state;
2178
2179 state = socket_state_from_string(value);
2180 if (state < 0)
2181 log_unit_debug(u, "Failed to parse state value: %s", value);
2182 else
2183 s->deserialized_state = state;
2184 } else if (streq(key, "result")) {
2185 SocketResult f;
2186
2187 f = socket_result_from_string(value);
2188 if (f < 0)
2189 log_unit_debug(u, "Failed to parse result value: %s", value);
2190 else if (f != SOCKET_SUCCESS)
2191 s->result = f;
2192
2193 } else if (streq(key, "n-accepted")) {
2194 unsigned k;
2195
2196 if (safe_atou(value, &k) < 0)
2197 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
2198 else
2199 s->n_accepted += k;
2200 } else if (streq(key, "control-pid")) {
2201 pid_t pid;
2202
2203 if (parse_pid(value, &pid) < 0)
2204 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
2205 else
2206 s->control_pid = pid;
2207 } else if (streq(key, "control-command")) {
2208 SocketExecCommand id;
2209
2210 id = socket_exec_command_from_string(value);
2211 if (id < 0)
2212 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
2213 else {
2214 s->control_command_id = id;
2215 s->control_command = s->exec_command[id];
2216 }
2217 } else if (streq(key, "fifo")) {
2218 int fd, skip = 0;
2219 SocketPort *p;
2220
2221 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2222 log_unit_debug(u, "Failed to parse fifo value: %s", value);
2223 else {
2224
2225 LIST_FOREACH(port, p, s->ports)
2226 if (p->type == SOCKET_FIFO &&
2227 path_equal_or_files_same(p->path, value+skip))
2228 break;
2229
2230 if (p) {
2231 safe_close(p->fd);
2232 p->fd = fdset_remove(fds, fd);
2233 }
2234 }
2235
2236 } else if (streq(key, "special")) {
2237 int fd, skip = 0;
2238 SocketPort *p;
2239
2240 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2241 log_unit_debug(u, "Failed to parse special value: %s", value);
2242 else {
2243
2244 LIST_FOREACH(port, p, s->ports)
2245 if (p->type == SOCKET_SPECIAL &&
2246 path_equal_or_files_same(p->path, value+skip))
2247 break;
2248
2249 if (p) {
2250 safe_close(p->fd);
2251 p->fd = fdset_remove(fds, fd);
2252 }
2253 }
2254
2255 } else if (streq(key, "mqueue")) {
2256 int fd, skip = 0;
2257 SocketPort *p;
2258
2259 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2260 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
2261 else {
2262
2263 LIST_FOREACH(port, p, s->ports)
2264 if (p->type == SOCKET_MQUEUE &&
2265 streq(p->path, value+skip))
2266 break;
2267
2268 if (p) {
2269 safe_close(p->fd);
2270 p->fd = fdset_remove(fds, fd);
2271 }
2272 }
2273
2274 } else if (streq(key, "socket")) {
2275 int fd, type, skip = 0;
2276 SocketPort *p;
2277
2278 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2279 log_unit_debug(u, "Failed to parse socket value: %s", value);
2280 else {
2281
2282 LIST_FOREACH(port, p, s->ports)
2283 if (socket_address_is(&p->address, value+skip, type))
2284 break;
2285
2286 if (p) {
2287 safe_close(p->fd);
2288 p->fd = fdset_remove(fds, fd);
2289 }
2290 }
2291
2292 } else if (streq(key, "netlink")) {
2293 int fd, skip = 0;
2294 SocketPort *p;
2295
2296 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2297 log_unit_debug(u, "Failed to parse socket value: %s", value);
2298 else {
2299
2300 LIST_FOREACH(port, p, s->ports)
2301 if (socket_address_is_netlink(&p->address, value+skip))
2302 break;
2303
2304 if (p) {
2305 safe_close(p->fd);
2306 p->fd = fdset_remove(fds, fd);
2307 }
2308 }
2309
2310 } else if (streq(key, "ffs")) {
2311 int fd, skip = 0;
2312 SocketPort *p;
2313
2314 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2315 log_unit_debug(u, "Failed to parse ffs value: %s", value);
2316 else {
2317
2318 LIST_FOREACH(port, p, s->ports)
2319 if (p->type == SOCKET_USB_FUNCTION &&
2320 path_equal_or_files_same(p->path, value+skip))
2321 break;
2322
2323 if (p) {
2324 safe_close(p->fd);
2325 p->fd = fdset_remove(fds, fd);
2326 }
2327 }
2328
2329 } else
2330 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
2331
2332 return 0;
2333 }
2334
2335 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2336 Socket *s = SOCKET(u);
2337 SocketPort *p;
2338
2339 assert(u);
2340
2341 LIST_FOREACH(port, p, s->ports) {
2342 Iterator i;
2343 int fd;
2344
2345 if (p->type != SOCKET_SOCKET)
2346 continue;
2347
2348 if (p->fd >= 0)
2349 continue;
2350
2351 FDSET_FOREACH(fd, fds, i) {
2352 if (socket_address_matches_fd(&p->address, fd)) {
2353 p->fd = fdset_remove(fds, fd);
2354 s->deserialized_state = SOCKET_LISTENING;
2355 break;
2356 }
2357 }
2358 }
2359
2360 return 0;
2361 }
2362
2363 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2364 assert(u);
2365
2366 return state_translation_table[SOCKET(u)->state];
2367 }
2368
2369 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2370 assert(u);
2371
2372 return socket_state_to_string(SOCKET(u)->state);
2373 }
2374
2375 const char* socket_port_type_to_string(SocketPort *p) {
2376
2377 assert(p);
2378
2379 switch (p->type) {
2380
2381 case SOCKET_SOCKET:
2382
2383 switch (p->address.type) {
2384
2385 case SOCK_STREAM:
2386 return "Stream";
2387
2388 case SOCK_DGRAM:
2389 return "Datagram";
2390
2391 case SOCK_SEQPACKET:
2392 return "SequentialPacket";
2393
2394 case SOCK_RAW:
2395 if (socket_address_family(&p->address) == AF_NETLINK)
2396 return "Netlink";
2397
2398 default:
2399 return NULL;
2400 }
2401
2402 case SOCKET_SPECIAL:
2403 return "Special";
2404
2405 case SOCKET_MQUEUE:
2406 return "MessageQueue";
2407
2408 case SOCKET_FIFO:
2409 return "FIFO";
2410
2411 case SOCKET_USB_FUNCTION:
2412 return "USBFunction";
2413
2414 default:
2415 return NULL;
2416 }
2417 }
2418
2419 _pure_ static bool socket_check_gc(Unit *u) {
2420 Socket *s = SOCKET(u);
2421
2422 assert(u);
2423
2424 return s->n_connections > 0;
2425 }
2426
2427 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2428 SocketPort *p = userdata;
2429 int cfd = -1;
2430
2431 assert(p);
2432 assert(fd >= 0);
2433
2434 if (p->socket->state != SOCKET_LISTENING)
2435 return 0;
2436
2437 log_unit_debug(UNIT(p->socket), "Incoming traffic");
2438
2439 if (revents != EPOLLIN) {
2440
2441 if (revents & EPOLLHUP)
2442 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2443 else
2444 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
2445 goto fail;
2446 }
2447
2448 if (p->socket->accept &&
2449 p->type == SOCKET_SOCKET &&
2450 socket_address_can_accept(&p->address)) {
2451
2452 for (;;) {
2453
2454 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2455 if (cfd < 0) {
2456
2457 if (errno == EINTR)
2458 continue;
2459
2460 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
2461 goto fail;
2462 }
2463
2464 break;
2465 }
2466
2467 socket_apply_socket_options(p->socket, cfd);
2468 }
2469
2470 socket_enter_running(p->socket, cfd);
2471 return 0;
2472
2473 fail:
2474 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2475 return 0;
2476 }
2477
2478 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2479 Socket *s = SOCKET(u);
2480 SocketResult f;
2481
2482 assert(s);
2483 assert(pid >= 0);
2484
2485 if (pid != s->control_pid)
2486 return;
2487
2488 s->control_pid = 0;
2489
2490 if (is_clean_exit(code, status, NULL))
2491 f = SOCKET_SUCCESS;
2492 else if (code == CLD_EXITED)
2493 f = SOCKET_FAILURE_EXIT_CODE;
2494 else if (code == CLD_KILLED)
2495 f = SOCKET_FAILURE_SIGNAL;
2496 else if (code == CLD_DUMPED)
2497 f = SOCKET_FAILURE_CORE_DUMP;
2498 else
2499 assert_not_reached("Unknown sigchld code");
2500
2501 if (s->control_command) {
2502 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2503
2504 if (s->control_command->ignore)
2505 f = SOCKET_SUCCESS;
2506 }
2507
2508 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2509 "Control process exited, code=%s status=%i",
2510 sigchld_code_to_string(code), status);
2511
2512 if (f != SOCKET_SUCCESS)
2513 s->result = f;
2514
2515 if (s->control_command &&
2516 s->control_command->command_next &&
2517 f == SOCKET_SUCCESS) {
2518
2519 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
2520 socket_run_next(s);
2521 } else {
2522 s->control_command = NULL;
2523 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2524
2525 /* No further commands for this step, so let's figure
2526 * out what to do next */
2527
2528 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
2529
2530 switch (s->state) {
2531
2532 case SOCKET_START_PRE:
2533 if (f == SOCKET_SUCCESS)
2534 socket_enter_start_chown(s);
2535 else
2536 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2537 break;
2538
2539 case SOCKET_START_CHOWN:
2540 if (f == SOCKET_SUCCESS)
2541 socket_enter_start_post(s);
2542 else
2543 socket_enter_stop_pre(s, f);
2544 break;
2545
2546 case SOCKET_START_POST:
2547 if (f == SOCKET_SUCCESS)
2548 socket_enter_listening(s);
2549 else
2550 socket_enter_stop_pre(s, f);
2551 break;
2552
2553 case SOCKET_STOP_PRE:
2554 case SOCKET_STOP_PRE_SIGTERM:
2555 case SOCKET_STOP_PRE_SIGKILL:
2556 socket_enter_stop_post(s, f);
2557 break;
2558
2559 case SOCKET_STOP_POST:
2560 case SOCKET_FINAL_SIGTERM:
2561 case SOCKET_FINAL_SIGKILL:
2562 socket_enter_dead(s, f);
2563 break;
2564
2565 default:
2566 assert_not_reached("Uh, control process died at wrong time.");
2567 }
2568 }
2569
2570 /* Notify clients about changed exit status */
2571 unit_add_to_dbus_queue(u);
2572 }
2573
2574 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2575 Socket *s = SOCKET(userdata);
2576
2577 assert(s);
2578 assert(s->timer_event_source == source);
2579
2580 switch (s->state) {
2581
2582 case SOCKET_START_PRE:
2583 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
2584 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2585 break;
2586
2587 case SOCKET_START_CHOWN:
2588 case SOCKET_START_POST:
2589 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
2590 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2591 break;
2592
2593 case SOCKET_STOP_PRE:
2594 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
2595 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2596 break;
2597
2598 case SOCKET_STOP_PRE_SIGTERM:
2599 if (s->kill_context.send_sigkill) {
2600 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
2601 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2602 } else {
2603 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2604 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2605 }
2606 break;
2607
2608 case SOCKET_STOP_PRE_SIGKILL:
2609 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
2610 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2611 break;
2612
2613 case SOCKET_STOP_POST:
2614 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
2615 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2616 break;
2617
2618 case SOCKET_FINAL_SIGTERM:
2619 if (s->kill_context.send_sigkill) {
2620 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
2621 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2622 } else {
2623 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2624 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2625 }
2626 break;
2627
2628 case SOCKET_FINAL_SIGKILL:
2629 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
2630 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2631 break;
2632
2633 default:
2634 assert_not_reached("Timeout at wrong time.");
2635 }
2636
2637 return 0;
2638 }
2639
2640 int socket_collect_fds(Socket *s, int **fds) {
2641 int *rfds, k = 0, n = 0;
2642 SocketPort *p;
2643
2644 assert(s);
2645 assert(fds);
2646
2647 /* Called from the service code for requesting our fds */
2648
2649 LIST_FOREACH(port, p, s->ports) {
2650 if (p->fd >= 0)
2651 n++;
2652 n += p->n_auxiliary_fds;
2653 }
2654
2655 if (n <= 0) {
2656 *fds = NULL;
2657 return 0;
2658 }
2659
2660 rfds = new(int, n);
2661 if (!rfds)
2662 return -ENOMEM;
2663
2664 LIST_FOREACH(port, p, s->ports) {
2665 int i;
2666
2667 if (p->fd >= 0)
2668 rfds[k++] = p->fd;
2669 for (i = 0; i < p->n_auxiliary_fds; ++i)
2670 rfds[k++] = p->auxiliary_fds[i];
2671 }
2672
2673 assert(k == n);
2674
2675 *fds = rfds;
2676 return n;
2677 }
2678
2679 static void socket_reset_failed(Unit *u) {
2680 Socket *s = SOCKET(u);
2681
2682 assert(s);
2683
2684 if (s->state == SOCKET_FAILED)
2685 socket_set_state(s, SOCKET_DEAD);
2686
2687 s->result = SOCKET_SUCCESS;
2688 }
2689
2690 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2691 assert(s);
2692
2693 /* The service is dead. Dang!
2694 *
2695 * This is strictly for one-instance-for-all-connections
2696 * services. */
2697
2698 if (s->state == SOCKET_RUNNING) {
2699 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
2700 if (failed_permanent)
2701 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2702 else
2703 socket_enter_listening(s);
2704 }
2705 }
2706
2707 void socket_connection_unref(Socket *s) {
2708 assert(s);
2709
2710 /* The service is dead. Yay!
2711 *
2712 * This is strictly for one-instance-per-connection
2713 * services. */
2714
2715 assert(s->n_connections > 0);
2716 s->n_connections--;
2717
2718 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
2719 }
2720
2721 static void socket_trigger_notify(Unit *u, Unit *other) {
2722 Socket *s = SOCKET(u);
2723 Service *se;
2724
2725 assert(u);
2726 assert(other);
2727
2728 /* Don't propagate state changes from the service if we are
2729 already down or accepting connections */
2730 if ((s->state != SOCKET_RUNNING &&
2731 s->state != SOCKET_LISTENING) ||
2732 s->accept)
2733 return;
2734
2735 if (other->load_state != UNIT_LOADED ||
2736 other->type != UNIT_SERVICE)
2737 return;
2738
2739 se = SERVICE(other);
2740
2741 if (se->state == SERVICE_FAILED)
2742 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2743
2744 if (se->state == SERVICE_DEAD ||
2745 se->state == SERVICE_FINAL_SIGTERM ||
2746 se->state == SERVICE_FINAL_SIGKILL ||
2747 se->state == SERVICE_AUTO_RESTART)
2748 socket_notify_service_dead(s, false);
2749
2750 if (se->state == SERVICE_RUNNING)
2751 socket_set_state(s, SOCKET_RUNNING);
2752 }
2753
2754 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2755 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2756 }
2757
2758 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2759 Socket *s = SOCKET(u);
2760 int r;
2761
2762 if (!s->timer_event_source)
2763 return 0;
2764
2765 r = sd_event_source_get_time(s->timer_event_source, timeout);
2766 if (r < 0)
2767 return r;
2768
2769 return 1;
2770 }
2771
2772 char *socket_fdname(Socket *s) {
2773 assert(s);
2774
2775 /* Returns the name to use for $LISTEN_NAMES. If the user
2776 * didn't specify anything specifically, use the socket unit's
2777 * name as fallback. */
2778
2779 if (s->fdname)
2780 return s->fdname;
2781
2782 return UNIT(s)->id;
2783 }
2784
2785 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2786 [SOCKET_EXEC_START_PRE] = "StartPre",
2787 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2788 [SOCKET_EXEC_START_POST] = "StartPost",
2789 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2790 [SOCKET_EXEC_STOP_POST] = "StopPost"
2791 };
2792
2793 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2794
2795 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2796 [SOCKET_SUCCESS] = "success",
2797 [SOCKET_FAILURE_RESOURCES] = "resources",
2798 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2799 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2800 [SOCKET_FAILURE_SIGNAL] = "signal",
2801 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2802 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2803 };
2804
2805 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2806
2807 const UnitVTable socket_vtable = {
2808 .object_size = sizeof(Socket),
2809 .exec_context_offset = offsetof(Socket, exec_context),
2810 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2811 .kill_context_offset = offsetof(Socket, kill_context),
2812 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2813
2814 .sections =
2815 "Unit\0"
2816 "Socket\0"
2817 "Install\0",
2818 .private_section = "Socket",
2819
2820 .init = socket_init,
2821 .done = socket_done,
2822 .load = socket_load,
2823
2824 .coldplug = socket_coldplug,
2825
2826 .dump = socket_dump,
2827
2828 .start = socket_start,
2829 .stop = socket_stop,
2830
2831 .kill = socket_kill,
2832
2833 .get_timeout = socket_get_timeout,
2834
2835 .serialize = socket_serialize,
2836 .deserialize_item = socket_deserialize_item,
2837 .distribute_fds = socket_distribute_fds,
2838
2839 .active_state = socket_active_state,
2840 .sub_state_to_string = socket_sub_state_to_string,
2841
2842 .check_gc = socket_check_gc,
2843
2844 .sigchld_event = socket_sigchld_event,
2845
2846 .trigger_notify = socket_trigger_notify,
2847
2848 .reset_failed = socket_reset_failed,
2849
2850 .bus_vtable = bus_socket_vtable,
2851 .bus_set_property = bus_socket_set_property,
2852 .bus_commit_properties = bus_socket_commit_properties,
2853
2854 .status_message_formats = {
2855 /*.starting_stopping = {
2856 [0] = "Starting socket %s...",
2857 [1] = "Stopping socket %s...",
2858 },*/
2859 .finished_start_job = {
2860 [JOB_DONE] = "Listening on %s.",
2861 [JOB_FAILED] = "Failed to listen on %s.",
2862 [JOB_TIMEOUT] = "Timed out starting %s.",
2863 },
2864 .finished_stop_job = {
2865 [JOB_DONE] = "Closed %s.",
2866 [JOB_FAILED] = "Failed stopping %s.",
2867 [JOB_TIMEOUT] = "Timed out stopping %s.",
2868 },
2869 },
2870 };
Unnamed repository; edit this file 'description' to name the repository.