]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
core: only set event source name when we create an event source
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/stat.h>
23 #include <unistd.h>
24 #include <errno.h>
25 #include <fcntl.h>
26 #include <sys/epoll.h>
27 #include <signal.h>
28 #include <arpa/inet.h>
29 #include <netinet/tcp.h>
30 #include <mqueue.h>
31
32 #include "sd-event.h"
33 #include "log.h"
34 #include "strv.h"
35 #include "mkdir.h"
36 #include "path-util.h"
37 #include "unit-name.h"
38 #include "unit-printf.h"
39 #include "missing.h"
40 #include "special.h"
41 #include "label.h"
42 #include "exit-status.h"
43 #include "def.h"
44 #include "smack-util.h"
45 #include "bus-util.h"
46 #include "bus-error.h"
47 #include "selinux-util.h"
48 #include "dbus-socket.h"
49 #include "unit.h"
50 #include "socket.h"
51 #include "formats-util.h"
52
53 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
54 [SOCKET_DEAD] = UNIT_INACTIVE,
55 [SOCKET_START_PRE] = UNIT_ACTIVATING,
56 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
57 [SOCKET_START_POST] = UNIT_ACTIVATING,
58 [SOCKET_LISTENING] = UNIT_ACTIVE,
59 [SOCKET_RUNNING] = UNIT_ACTIVE,
60 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
61 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
62 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
64 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
65 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
66 [SOCKET_FAILED] = UNIT_FAILED
67 };
68
69 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
70 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
71
72 static void socket_init(Unit *u) {
73 Socket *s = SOCKET(u);
74
75 assert(u);
76 assert(u->load_state == UNIT_STUB);
77
78 s->backlog = SOMAXCONN;
79 s->timeout_usec = u->manager->default_timeout_start_usec;
80 s->directory_mode = 0755;
81 s->socket_mode = 0666;
82
83 s->max_connections = 64;
84
85 s->priority = -1;
86 s->ip_tos = -1;
87 s->ip_ttl = -1;
88 s->mark = -1;
89
90 s->exec_context.std_output = u->manager->default_std_output;
91 s->exec_context.std_error = u->manager->default_std_error;
92
93 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
94 }
95
96 static void socket_unwatch_control_pid(Socket *s) {
97 assert(s);
98
99 if (s->control_pid <= 0)
100 return;
101
102 unit_unwatch_pid(UNIT(s), s->control_pid);
103 s->control_pid = 0;
104 }
105
106 void socket_free_ports(Socket *s) {
107 SocketPort *p;
108
109 assert(s);
110
111 while ((p = s->ports)) {
112 LIST_REMOVE(port, s->ports, p);
113
114 sd_event_source_unref(p->event_source);
115
116 safe_close(p->fd);
117 free(p->path);
118 free(p);
119 }
120 }
121
122 static void socket_done(Unit *u) {
123 Socket *s = SOCKET(u);
124
125 assert(s);
126
127 socket_free_ports(s);
128
129 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
130 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
131 s->control_command = NULL;
132
133 socket_unwatch_control_pid(s);
134
135 unit_ref_unset(&s->service);
136
137 free(s->tcp_congestion);
138 s->tcp_congestion = NULL;
139
140 free(s->bind_to_device);
141 s->bind_to_device = NULL;
142
143 free(s->smack);
144 free(s->smack_ip_in);
145 free(s->smack_ip_out);
146
147 strv_free(s->symlinks);
148
149 free(s->user);
150 free(s->group);
151
152 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
153 }
154
155 static int socket_arm_timer(Socket *s) {
156 int r;
157
158 assert(s);
159
160 if (s->timeout_usec <= 0) {
161 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
162 return 0;
163 }
164
165 if (s->timer_event_source) {
166 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
167 if (r < 0)
168 return r;
169
170 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
171 }
172
173 r = sd_event_add_time(
174 UNIT(s)->manager->event,
175 &s->timer_event_source,
176 CLOCK_MONOTONIC,
177 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
178 socket_dispatch_timer, s);
179 if (r < 0)
180 return r;
181
182 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
183
184 return 0;
185 }
186
187 int socket_instantiate_service(Socket *s) {
188 _cleanup_free_ char *prefix = NULL, *name = NULL;
189 int r;
190 Unit *u;
191
192 assert(s);
193
194 /* This fills in s->service if it isn't filled in yet. For
195 * Accept=yes sockets we create the next connection service
196 * here. For Accept=no this is mostly a NOP since the service
197 * is figured out at load time anyway. */
198
199 if (UNIT_DEREF(s->service))
200 return 0;
201
202 if (!s->accept)
203 return 0;
204
205 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
206 if (r < 0)
207 return r;
208
209 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
210 return -ENOMEM;
211
212 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
213 if (r < 0)
214 return r;
215
216 u->no_gc = true;
217 unit_ref_set(&s->service, u);
218
219 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
220 }
221
222 static bool have_non_accept_socket(Socket *s) {
223 SocketPort *p;
224
225 assert(s);
226
227 if (!s->accept)
228 return true;
229
230 LIST_FOREACH(port, p, s->ports) {
231
232 if (p->type != SOCKET_SOCKET)
233 return true;
234
235 if (!socket_address_can_accept(&p->address))
236 return true;
237 }
238
239 return false;
240 }
241
242 static int socket_add_mount_links(Socket *s) {
243 SocketPort *p;
244 int r;
245
246 assert(s);
247
248 LIST_FOREACH(port, p, s->ports) {
249 const char *path = NULL;
250
251 if (p->type == SOCKET_SOCKET)
252 path = socket_address_get_path(&p->address);
253 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
254 path = p->path;
255
256 if (!path)
257 continue;
258
259 r = unit_require_mounts_for(UNIT(s), path);
260 if (r < 0)
261 return r;
262 }
263
264 return 0;
265 }
266
267 static int socket_add_device_link(Socket *s) {
268 char *t;
269
270 assert(s);
271
272 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
273 return 0;
274
275 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
276 return unit_add_node_link(UNIT(s), t, false);
277 }
278
279 static int socket_add_default_dependencies(Socket *s) {
280 int r;
281 assert(s);
282
283 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
284 if (r < 0)
285 return r;
286
287 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
288 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
289 if (r < 0)
290 return r;
291 }
292
293 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
294 }
295
296 _pure_ static bool socket_has_exec(Socket *s) {
297 unsigned i;
298 assert(s);
299
300 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
301 if (s->exec_command[i])
302 return true;
303
304 return false;
305 }
306
307 static int socket_add_extras(Socket *s) {
308 Unit *u = UNIT(s);
309 int r;
310
311 assert(s);
312
313 if (have_non_accept_socket(s)) {
314
315 if (!UNIT_DEREF(s->service)) {
316 Unit *x;
317
318 r = unit_load_related_unit(u, ".service", &x);
319 if (r < 0)
320 return r;
321
322 unit_ref_set(&s->service, x);
323 }
324
325 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
326 if (r < 0)
327 return r;
328 }
329
330 r = socket_add_mount_links(s);
331 if (r < 0)
332 return r;
333
334 r = socket_add_device_link(s);
335 if (r < 0)
336 return r;
337
338 r = unit_patch_contexts(u);
339 if (r < 0)
340 return r;
341
342 if (socket_has_exec(s)) {
343 r = unit_add_exec_dependencies(u, &s->exec_context);
344 if (r < 0)
345 return r;
346
347 r = unit_add_default_slice(u, &s->cgroup_context);
348 if (r < 0)
349 return r;
350 }
351
352 if (u->default_dependencies) {
353 r = socket_add_default_dependencies(s);
354 if (r < 0)
355 return r;
356 }
357
358 return 0;
359 }
360
361 static const char *socket_find_symlink_target(Socket *s) {
362 const char *found = NULL;
363 SocketPort *p;
364
365 LIST_FOREACH(port, p, s->ports) {
366 const char *f = NULL;
367
368 switch (p->type) {
369
370 case SOCKET_FIFO:
371 f = p->path;
372 break;
373
374 case SOCKET_SOCKET:
375 if (p->address.sockaddr.un.sun_path[0] != 0)
376 f = p->address.sockaddr.un.sun_path;
377 break;
378
379 default:
380 break;
381 }
382
383 if (f) {
384 if (found)
385 return NULL;
386
387 found = f;
388 }
389 }
390
391 return found;
392 }
393
394 static int socket_verify(Socket *s) {
395 assert(s);
396
397 if (UNIT(s)->load_state != UNIT_LOADED)
398 return 0;
399
400 if (!s->ports) {
401 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
402 return -EINVAL;
403 }
404
405 if (s->accept && have_non_accept_socket(s)) {
406 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
407 return -EINVAL;
408 }
409
410 if (s->accept && s->max_connections <= 0) {
411 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
412 return -EINVAL;
413 }
414
415 if (s->accept && UNIT_DEREF(s->service)) {
416 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
417 return -EINVAL;
418 }
419
420 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
421 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
422 return -EINVAL;
423 }
424
425 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
426 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
427 return -EINVAL;
428 }
429
430 return 0;
431 }
432
433 static int socket_load(Unit *u) {
434 Socket *s = SOCKET(u);
435 int r;
436
437 assert(u);
438 assert(u->load_state == UNIT_STUB);
439
440 r = unit_load_fragment_and_dropin(u);
441 if (r < 0)
442 return r;
443
444 if (u->load_state == UNIT_LOADED) {
445 /* This is a new unit? Then let's add in some extras */
446 r = socket_add_extras(s);
447 if (r < 0)
448 return r;
449 }
450
451 return socket_verify(s);
452 }
453
454 _const_ static const char* listen_lookup(int family, int type) {
455
456 if (family == AF_NETLINK)
457 return "ListenNetlink";
458
459 if (type == SOCK_STREAM)
460 return "ListenStream";
461 else if (type == SOCK_DGRAM)
462 return "ListenDatagram";
463 else if (type == SOCK_SEQPACKET)
464 return "ListenSequentialPacket";
465
466 assert_not_reached("Unknown socket type");
467 return NULL;
468 }
469
470 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
471 char time_string[FORMAT_TIMESPAN_MAX];
472 SocketExecCommand c;
473 Socket *s = SOCKET(u);
474 SocketPort *p;
475 const char *prefix2;
476
477 assert(s);
478 assert(f);
479
480 prefix = strempty(prefix);
481 prefix2 = strjoina(prefix, "\t");
482
483 fprintf(f,
484 "%sSocket State: %s\n"
485 "%sResult: %s\n"
486 "%sBindIPv6Only: %s\n"
487 "%sBacklog: %u\n"
488 "%sSocketMode: %04o\n"
489 "%sDirectoryMode: %04o\n"
490 "%sKeepAlive: %s\n"
491 "%sNoDelay: %s\n"
492 "%sFreeBind: %s\n"
493 "%sTransparent: %s\n"
494 "%sBroadcast: %s\n"
495 "%sPassCredentials: %s\n"
496 "%sPassSecurity: %s\n"
497 "%sTCPCongestion: %s\n"
498 "%sRemoveOnStop: %s\n"
499 "%sSELinuxContextFromNet: %s\n",
500 prefix, socket_state_to_string(s->state),
501 prefix, socket_result_to_string(s->result),
502 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
503 prefix, s->backlog,
504 prefix, s->socket_mode,
505 prefix, s->directory_mode,
506 prefix, yes_no(s->keep_alive),
507 prefix, yes_no(s->no_delay),
508 prefix, yes_no(s->free_bind),
509 prefix, yes_no(s->transparent),
510 prefix, yes_no(s->broadcast),
511 prefix, yes_no(s->pass_cred),
512 prefix, yes_no(s->pass_sec),
513 prefix, strna(s->tcp_congestion),
514 prefix, yes_no(s->remove_on_stop),
515 prefix, yes_no(s->selinux_context_from_net));
516
517 if (s->control_pid > 0)
518 fprintf(f,
519 "%sControl PID: "PID_FMT"\n",
520 prefix, s->control_pid);
521
522 if (s->bind_to_device)
523 fprintf(f,
524 "%sBindToDevice: %s\n",
525 prefix, s->bind_to_device);
526
527 if (s->accept)
528 fprintf(f,
529 "%sAccepted: %u\n"
530 "%sNConnections: %u\n"
531 "%sMaxConnections: %u\n",
532 prefix, s->n_accepted,
533 prefix, s->n_connections,
534 prefix, s->max_connections);
535
536 if (s->priority >= 0)
537 fprintf(f,
538 "%sPriority: %i\n",
539 prefix, s->priority);
540
541 if (s->receive_buffer > 0)
542 fprintf(f,
543 "%sReceiveBuffer: %zu\n",
544 prefix, s->receive_buffer);
545
546 if (s->send_buffer > 0)
547 fprintf(f,
548 "%sSendBuffer: %zu\n",
549 prefix, s->send_buffer);
550
551 if (s->ip_tos >= 0)
552 fprintf(f,
553 "%sIPTOS: %i\n",
554 prefix, s->ip_tos);
555
556 if (s->ip_ttl >= 0)
557 fprintf(f,
558 "%sIPTTL: %i\n",
559 prefix, s->ip_ttl);
560
561 if (s->pipe_size > 0)
562 fprintf(f,
563 "%sPipeSize: %zu\n",
564 prefix, s->pipe_size);
565
566 if (s->mark >= 0)
567 fprintf(f,
568 "%sMark: %i\n",
569 prefix, s->mark);
570
571 if (s->mq_maxmsg > 0)
572 fprintf(f,
573 "%sMessageQueueMaxMessages: %li\n",
574 prefix, s->mq_maxmsg);
575
576 if (s->mq_msgsize > 0)
577 fprintf(f,
578 "%sMessageQueueMessageSize: %li\n",
579 prefix, s->mq_msgsize);
580
581 if (s->reuse_port)
582 fprintf(f,
583 "%sReusePort: %s\n",
584 prefix, yes_no(s->reuse_port));
585
586 if (s->smack)
587 fprintf(f,
588 "%sSmackLabel: %s\n",
589 prefix, s->smack);
590
591 if (s->smack_ip_in)
592 fprintf(f,
593 "%sSmackLabelIPIn: %s\n",
594 prefix, s->smack_ip_in);
595
596 if (s->smack_ip_out)
597 fprintf(f,
598 "%sSmackLabelIPOut: %s\n",
599 prefix, s->smack_ip_out);
600
601 if (!isempty(s->user) || !isempty(s->group))
602 fprintf(f,
603 "%sOwnerUser: %s\n"
604 "%sOwnerGroup: %s\n",
605 prefix, strna(s->user),
606 prefix, strna(s->group));
607
608 if (s->keep_alive_time > 0)
609 fprintf(f,
610 "%sKeepAliveTimeSec: %s\n",
611 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
612
613 if (s->keep_alive_interval)
614 fprintf(f,
615 "%sKeepAliveIntervalSec: %s\n",
616 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
617
618 if (s->keep_alive_cnt)
619 fprintf(f,
620 "%sKeepAliveProbes: %u\n",
621 prefix, s->keep_alive_cnt);
622
623 if (s->defer_accept)
624 fprintf(f,
625 "%sDeferAcceptSec: %s\n",
626 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
627
628 LIST_FOREACH(port, p, s->ports) {
629
630 if (p->type == SOCKET_SOCKET) {
631 const char *t;
632 int r;
633 char *k = NULL;
634
635 if ((r = socket_address_print(&p->address, &k)) < 0)
636 t = strerror(-r);
637 else
638 t = k;
639
640 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
641 free(k);
642 } else if (p->type == SOCKET_SPECIAL)
643 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
644 else if (p->type == SOCKET_MQUEUE)
645 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
646 else
647 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
648 }
649
650 exec_context_dump(&s->exec_context, f, prefix);
651 kill_context_dump(&s->kill_context, f, prefix);
652
653 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
654 if (!s->exec_command[c])
655 continue;
656
657 fprintf(f, "%s-> %s:\n",
658 prefix, socket_exec_command_to_string(c));
659
660 exec_command_dump_list(s->exec_command[c], f, prefix2);
661 }
662 }
663
664 static int instance_from_socket(int fd, unsigned nr, char **instance) {
665 socklen_t l;
666 char *r;
667 union sockaddr_union local, remote;
668
669 assert(fd >= 0);
670 assert(instance);
671
672 l = sizeof(local);
673 if (getsockname(fd, &local.sa, &l) < 0)
674 return -errno;
675
676 l = sizeof(remote);
677 if (getpeername(fd, &remote.sa, &l) < 0)
678 return -errno;
679
680 switch (local.sa.sa_family) {
681
682 case AF_INET: {
683 uint32_t
684 a = ntohl(local.in.sin_addr.s_addr),
685 b = ntohl(remote.in.sin_addr.s_addr);
686
687 if (asprintf(&r,
688 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
689 nr,
690 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
691 ntohs(local.in.sin_port),
692 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
693 ntohs(remote.in.sin_port)) < 0)
694 return -ENOMEM;
695
696 break;
697 }
698
699 case AF_INET6: {
700 static const unsigned char ipv4_prefix[] = {
701 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
702 };
703
704 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
705 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
706 const uint8_t
707 *a = local.in6.sin6_addr.s6_addr+12,
708 *b = remote.in6.sin6_addr.s6_addr+12;
709
710 if (asprintf(&r,
711 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
712 nr,
713 a[0], a[1], a[2], a[3],
714 ntohs(local.in6.sin6_port),
715 b[0], b[1], b[2], b[3],
716 ntohs(remote.in6.sin6_port)) < 0)
717 return -ENOMEM;
718 } else {
719 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
720
721 if (asprintf(&r,
722 "%u-%s:%u-%s:%u",
723 nr,
724 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
725 ntohs(local.in6.sin6_port),
726 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
727 ntohs(remote.in6.sin6_port)) < 0)
728 return -ENOMEM;
729 }
730
731 break;
732 }
733
734 case AF_UNIX: {
735 struct ucred ucred;
736 int k;
737
738 k = getpeercred(fd, &ucred);
739 if (k >= 0) {
740 if (asprintf(&r,
741 "%u-"PID_FMT"-"UID_FMT,
742 nr, ucred.pid, ucred.uid) < 0)
743 return -ENOMEM;
744 } else if (k == -ENODATA) {
745 /* This handles the case where somebody is
746 * connecting from another pid/uid namespace
747 * (e.g. from outside of our container). */
748 if (asprintf(&r,
749 "%u-unknown",
750 nr) < 0)
751 return -ENOMEM;
752 } else
753 return k;
754
755 break;
756 }
757
758 default:
759 assert_not_reached("Unhandled socket type.");
760 }
761
762 *instance = r;
763 return 0;
764 }
765
766 static void socket_close_fds(Socket *s) {
767 SocketPort *p;
768 char **i;
769
770 assert(s);
771
772 LIST_FOREACH(port, p, s->ports) {
773
774 p->event_source = sd_event_source_unref(p->event_source);
775
776 if (p->fd < 0)
777 continue;
778
779 p->fd = safe_close(p->fd);
780
781 /* One little note: we should normally not delete any
782 * sockets in the file system here! After all some
783 * other process we spawned might still have a
784 * reference of this fd and wants to continue to use
785 * it. Therefore we delete sockets in the file system
786 * before we create a new one, not after we stopped
787 * using one! */
788
789 if (s->remove_on_stop) {
790 switch (p->type) {
791
792 case SOCKET_FIFO:
793 unlink(p->path);
794 break;
795
796 case SOCKET_MQUEUE:
797 mq_unlink(p->path);
798 break;
799
800 case SOCKET_SOCKET:
801 socket_address_unlink(&p->address);
802 break;
803
804 default:
805 break;
806 }
807 }
808 }
809
810 if (s->remove_on_stop)
811 STRV_FOREACH(i, s->symlinks)
812 unlink(*i);
813 }
814
815 static void socket_apply_socket_options(Socket *s, int fd) {
816 int r;
817
818 assert(s);
819 assert(fd >= 0);
820
821 if (s->keep_alive) {
822 int b = s->keep_alive;
823 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
824 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
825 }
826
827 if (s->keep_alive_time) {
828 int value = s->keep_alive_time / USEC_PER_SEC;
829 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
830 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
831 }
832
833 if (s->keep_alive_interval) {
834 int value = s->keep_alive_interval / USEC_PER_SEC;
835 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
836 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
837 }
838
839 if (s->keep_alive_cnt) {
840 int value = s->keep_alive_cnt;
841 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
842 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
843 }
844
845 if (s->defer_accept) {
846 int value = s->defer_accept / USEC_PER_SEC;
847 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
848 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
849 }
850
851 if (s->no_delay) {
852 int b = s->no_delay;
853 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
854 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
855 }
856
857 if (s->broadcast) {
858 int one = 1;
859 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
860 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
861 }
862
863 if (s->pass_cred) {
864 int one = 1;
865 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
866 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
867 }
868
869 if (s->pass_sec) {
870 int one = 1;
871 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
872 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
873 }
874
875 if (s->priority >= 0)
876 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
877 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
878
879 if (s->receive_buffer > 0) {
880 int value = (int) s->receive_buffer;
881
882 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
883
884 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
885 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
886 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
887 }
888
889 if (s->send_buffer > 0) {
890 int value = (int) s->send_buffer;
891 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
892 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
893 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
894 }
895
896 if (s->mark >= 0)
897 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
898 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
899
900 if (s->ip_tos >= 0)
901 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
902 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
903
904 if (s->ip_ttl >= 0) {
905 int x;
906
907 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
908
909 if (socket_ipv6_is_supported())
910 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
911 else {
912 x = -1;
913 errno = EAFNOSUPPORT;
914 }
915
916 if (r < 0 && x < 0)
917 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
918 }
919
920 if (s->tcp_congestion)
921 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
922 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
923
924 if (s->reuse_port) {
925 int b = s->reuse_port;
926 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
927 log_unit_warning_errno(UNIT(s), errno, "SO_REUSEPORT failed: %m");
928 }
929
930 if (s->smack_ip_in) {
931 r = mac_smack_apply_ip_in_fd(fd, s->smack_ip_in);
932 if (r < 0)
933 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
934 }
935
936 if (s->smack_ip_out) {
937 r = mac_smack_apply_ip_out_fd(fd, s->smack_ip_out);
938 if (r < 0)
939 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
940 }
941 }
942
943 static void socket_apply_fifo_options(Socket *s, int fd) {
944 int r;
945
946 assert(s);
947 assert(fd >= 0);
948
949 if (s->pipe_size > 0)
950 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
951 log_unit_warning_errno(UNIT(s), errno, "F_SETPIPE_SZ: %m");
952
953 if (s->smack) {
954 r = mac_smack_apply_fd(fd, s->smack);
955 if (r < 0)
956 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_fd: %m");
957 }
958 }
959
960 static int fifo_address_create(
961 const char *path,
962 mode_t directory_mode,
963 mode_t socket_mode,
964 int *_fd) {
965
966 int fd = -1, r = 0;
967 struct stat st;
968 mode_t old_mask;
969
970 assert(path);
971 assert(_fd);
972
973 mkdir_parents_label(path, directory_mode);
974
975 r = mac_selinux_create_file_prepare(path, S_IFIFO);
976 if (r < 0)
977 goto fail;
978
979 /* Enforce the right access mode for the fifo */
980 old_mask = umask(~ socket_mode);
981
982 /* Include the original umask in our mask */
983 umask(~socket_mode | old_mask);
984
985 r = mkfifo(path, socket_mode);
986 umask(old_mask);
987
988 if (r < 0 && errno != EEXIST) {
989 r = -errno;
990 goto fail;
991 }
992
993 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
994 r = -errno;
995 goto fail;
996 }
997
998 mac_selinux_create_file_clear();
999
1000 if (fstat(fd, &st) < 0) {
1001 r = -errno;
1002 goto fail;
1003 }
1004
1005 if (!S_ISFIFO(st.st_mode) ||
1006 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1007 st.st_uid != getuid() ||
1008 st.st_gid != getgid()) {
1009
1010 r = -EEXIST;
1011 goto fail;
1012 }
1013
1014 *_fd = fd;
1015 return 0;
1016
1017 fail:
1018 mac_selinux_create_file_clear();
1019 safe_close(fd);
1020
1021 return r;
1022 }
1023
1024 static int special_address_create(
1025 const char *path,
1026 int *_fd) {
1027
1028 int fd = -1, r = 0;
1029 struct stat st;
1030
1031 assert(path);
1032 assert(_fd);
1033
1034 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1035 if (fd < 0) {
1036 r = -errno;
1037 goto fail;
1038 }
1039
1040 if (fstat(fd, &st) < 0) {
1041 r = -errno;
1042 goto fail;
1043 }
1044
1045 /* Check whether this is a /proc, /sys or /dev file or char device */
1046 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1047 r = -EEXIST;
1048 goto fail;
1049 }
1050
1051 *_fd = fd;
1052 return 0;
1053
1054 fail:
1055 safe_close(fd);
1056
1057 return r;
1058 }
1059
1060 static int mq_address_create(
1061 const char *path,
1062 mode_t mq_mode,
1063 long maxmsg,
1064 long msgsize,
1065 int *_fd) {
1066
1067 int fd = -1, r = 0;
1068 struct stat st;
1069 mode_t old_mask;
1070 struct mq_attr _attr, *attr = NULL;
1071
1072 assert(path);
1073 assert(_fd);
1074
1075 if (maxmsg > 0 && msgsize > 0) {
1076 zero(_attr);
1077 _attr.mq_flags = O_NONBLOCK;
1078 _attr.mq_maxmsg = maxmsg;
1079 _attr.mq_msgsize = msgsize;
1080 attr = &_attr;
1081 }
1082
1083 /* Enforce the right access mode for the mq */
1084 old_mask = umask(~ mq_mode);
1085
1086 /* Include the original umask in our mask */
1087 umask(~mq_mode | old_mask);
1088 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1089 umask(old_mask);
1090
1091 if (fd < 0) {
1092 r = -errno;
1093 goto fail;
1094 }
1095
1096 if (fstat(fd, &st) < 0) {
1097 r = -errno;
1098 goto fail;
1099 }
1100
1101 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1102 st.st_uid != getuid() ||
1103 st.st_gid != getgid()) {
1104
1105 r = -EEXIST;
1106 goto fail;
1107 }
1108
1109 *_fd = fd;
1110 return 0;
1111
1112 fail:
1113 safe_close(fd);
1114 return r;
1115 }
1116
1117 static int socket_symlink(Socket *s) {
1118 const char *p;
1119 char **i;
1120
1121 assert(s);
1122
1123 p = socket_find_symlink_target(s);
1124 if (!p)
1125 return 0;
1126
1127 STRV_FOREACH(i, s->symlinks)
1128 symlink_label(p, *i);
1129
1130 return 0;
1131 }
1132
1133 static int socket_open_fds(Socket *s) {
1134 SocketPort *p;
1135 int r;
1136 char *label = NULL;
1137 bool know_label = false;
1138
1139 assert(s);
1140
1141 LIST_FOREACH(port, p, s->ports) {
1142
1143 if (p->fd >= 0)
1144 continue;
1145
1146 if (p->type == SOCKET_SOCKET) {
1147
1148 if (!know_label) {
1149 /* Figure out label, if we don't it know
1150 * yet. We do it once, for the first
1151 * socket where we need this and
1152 * remember it for the rest. */
1153
1154 if (s->selinux_context_from_net) {
1155 /* Get it from the network label */
1156
1157 r = mac_selinux_get_our_label(&label);
1158 if (r < 0 && r != -EOPNOTSUPP)
1159 goto rollback;
1160
1161 } else {
1162 /* Get it from the executable we are about to start */
1163
1164 r = socket_instantiate_service(s);
1165 if (r < 0)
1166 goto rollback;
1167
1168 if (UNIT_ISSET(s->service) &&
1169 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1170 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1171 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1172 goto rollback;
1173 }
1174 }
1175
1176 know_label = true;
1177 }
1178
1179 r = socket_address_listen(
1180 &p->address,
1181 SOCK_CLOEXEC|SOCK_NONBLOCK,
1182 s->backlog,
1183 s->bind_ipv6_only,
1184 s->bind_to_device,
1185 s->free_bind,
1186 s->transparent,
1187 s->directory_mode,
1188 s->socket_mode,
1189 label);
1190 if (r < 0)
1191 goto rollback;
1192
1193 p->fd = r;
1194 socket_apply_socket_options(s, p->fd);
1195 socket_symlink(s);
1196
1197 } else if (p->type == SOCKET_SPECIAL) {
1198
1199 r = special_address_create(
1200 p->path,
1201 &p->fd);
1202 if (r < 0)
1203 goto rollback;
1204
1205 } else if (p->type == SOCKET_FIFO) {
1206
1207 r = fifo_address_create(
1208 p->path,
1209 s->directory_mode,
1210 s->socket_mode,
1211 &p->fd);
1212 if (r < 0)
1213 goto rollback;
1214
1215 socket_apply_fifo_options(s, p->fd);
1216 socket_symlink(s);
1217
1218 } else if (p->type == SOCKET_MQUEUE) {
1219
1220 r = mq_address_create(
1221 p->path,
1222 s->socket_mode,
1223 s->mq_maxmsg,
1224 s->mq_msgsize,
1225 &p->fd);
1226 if (r < 0)
1227 goto rollback;
1228 } else
1229 assert_not_reached("Unknown port type");
1230 }
1231
1232 mac_selinux_free(label);
1233 return 0;
1234
1235 rollback:
1236 socket_close_fds(s);
1237 mac_selinux_free(label);
1238
1239 return r;
1240 }
1241
1242 static void socket_unwatch_fds(Socket *s) {
1243 SocketPort *p;
1244 int r;
1245
1246 assert(s);
1247
1248 LIST_FOREACH(port, p, s->ports) {
1249 if (p->fd < 0)
1250 continue;
1251
1252 if (!p->event_source)
1253 continue;
1254
1255 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1256 if (r < 0)
1257 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
1258 }
1259 }
1260
1261 static int socket_watch_fds(Socket *s) {
1262 SocketPort *p;
1263 int r;
1264
1265 assert(s);
1266
1267 LIST_FOREACH(port, p, s->ports) {
1268 if (p->fd < 0)
1269 continue;
1270
1271 if (p->event_source) {
1272 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1273 if (r < 0)
1274 goto fail;
1275 } else {
1276 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1277 if (r < 0)
1278 goto fail;
1279
1280 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1281 }
1282 }
1283
1284 return 0;
1285
1286 fail:
1287 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
1288 socket_unwatch_fds(s);
1289 return r;
1290 }
1291
1292 static void socket_set_state(Socket *s, SocketState state) {
1293 SocketState old_state;
1294 assert(s);
1295
1296 old_state = s->state;
1297 s->state = state;
1298
1299 if (!IN_SET(state,
1300 SOCKET_START_PRE,
1301 SOCKET_START_CHOWN,
1302 SOCKET_START_POST,
1303 SOCKET_STOP_PRE,
1304 SOCKET_STOP_PRE_SIGTERM,
1305 SOCKET_STOP_PRE_SIGKILL,
1306 SOCKET_STOP_POST,
1307 SOCKET_FINAL_SIGTERM,
1308 SOCKET_FINAL_SIGKILL)) {
1309
1310 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1311 socket_unwatch_control_pid(s);
1312 s->control_command = NULL;
1313 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1314 }
1315
1316 if (state != SOCKET_LISTENING)
1317 socket_unwatch_fds(s);
1318
1319 if (!IN_SET(state,
1320 SOCKET_START_CHOWN,
1321 SOCKET_START_POST,
1322 SOCKET_LISTENING,
1323 SOCKET_RUNNING,
1324 SOCKET_STOP_PRE,
1325 SOCKET_STOP_PRE_SIGTERM,
1326 SOCKET_STOP_PRE_SIGKILL))
1327 socket_close_fds(s);
1328
1329 if (state != old_state)
1330 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
1331
1332 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1333 }
1334
1335 static int socket_coldplug(Unit *u) {
1336 Socket *s = SOCKET(u);
1337 int r;
1338
1339 assert(s);
1340 assert(s->state == SOCKET_DEAD);
1341
1342 if (s->deserialized_state == s->state)
1343 return 0;
1344
1345 if (IN_SET(s->deserialized_state,
1346 SOCKET_START_PRE,
1347 SOCKET_START_CHOWN,
1348 SOCKET_START_POST,
1349 SOCKET_STOP_PRE,
1350 SOCKET_STOP_PRE_SIGTERM,
1351 SOCKET_STOP_PRE_SIGKILL,
1352 SOCKET_STOP_POST,
1353 SOCKET_FINAL_SIGTERM,
1354 SOCKET_FINAL_SIGKILL)) {
1355
1356 if (s->control_pid <= 0)
1357 return -EBADMSG;
1358
1359 r = unit_watch_pid(UNIT(s), s->control_pid);
1360 if (r < 0)
1361 return r;
1362
1363 r = socket_arm_timer(s);
1364 if (r < 0)
1365 return r;
1366 }
1367
1368 if (IN_SET(s->deserialized_state,
1369 SOCKET_START_CHOWN,
1370 SOCKET_START_POST,
1371 SOCKET_LISTENING,
1372 SOCKET_RUNNING,
1373 SOCKET_STOP_PRE,
1374 SOCKET_STOP_PRE_SIGTERM,
1375 SOCKET_STOP_PRE_SIGKILL)) {
1376 r = socket_open_fds(s);
1377 if (r < 0)
1378 return r;
1379 }
1380
1381 if (s->deserialized_state == SOCKET_LISTENING) {
1382 r = socket_watch_fds(s);
1383 if (r < 0)
1384 return r;
1385 }
1386
1387 socket_set_state(s, s->deserialized_state);
1388 return 0;
1389 }
1390
1391 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1392 _cleanup_free_ char **argv = NULL;
1393 pid_t pid;
1394 int r;
1395 ExecParameters exec_params = {
1396 .apply_permissions = true,
1397 .apply_chroot = true,
1398 .apply_tty_stdin = true,
1399 .bus_endpoint_fd = -1,
1400 };
1401
1402 assert(s);
1403 assert(c);
1404 assert(_pid);
1405
1406 (void) unit_realize_cgroup(UNIT(s));
1407 if (s->reset_cpu_usage) {
1408 (void) unit_reset_cpu_usage(UNIT(s));
1409 s->reset_cpu_usage = false;
1410 }
1411
1412 r = unit_setup_exec_runtime(UNIT(s));
1413 if (r < 0)
1414 goto fail;
1415
1416 r = socket_arm_timer(s);
1417 if (r < 0)
1418 goto fail;
1419
1420 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1421 if (r < 0)
1422 goto fail;
1423
1424 exec_params.argv = argv;
1425 exec_params.environment = UNIT(s)->manager->environment;
1426 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1427 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1428 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1429 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1430 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1431
1432 r = exec_spawn(UNIT(s),
1433 c,
1434 &s->exec_context,
1435 &exec_params,
1436 s->exec_runtime,
1437 &pid);
1438 if (r < 0)
1439 goto fail;
1440
1441 r = unit_watch_pid(UNIT(s), pid);
1442 if (r < 0)
1443 /* FIXME: we need to do something here */
1444 goto fail;
1445
1446 *_pid = pid;
1447 return 0;
1448
1449 fail:
1450 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1451 return r;
1452 }
1453
1454 static int socket_chown(Socket *s, pid_t *_pid) {
1455 pid_t pid;
1456 int r;
1457
1458 r = socket_arm_timer(s);
1459 if (r < 0)
1460 goto fail;
1461
1462 /* We have to resolve the user names out-of-process, hence
1463 * let's fork here. It's messy, but well, what can we do? */
1464
1465 pid = fork();
1466 if (pid < 0)
1467 return -errno;
1468
1469 if (pid == 0) {
1470 SocketPort *p;
1471 uid_t uid = UID_INVALID;
1472 gid_t gid = GID_INVALID;
1473 int ret;
1474
1475 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1476 ignore_signals(SIGPIPE, -1);
1477 log_forget_fds();
1478
1479 if (!isempty(s->user)) {
1480 const char *user = s->user;
1481
1482 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1483 if (r < 0) {
1484 ret = EXIT_USER;
1485 goto fail_child;
1486 }
1487 }
1488
1489 if (!isempty(s->group)) {
1490 const char *group = s->group;
1491
1492 r = get_group_creds(&group, &gid);
1493 if (r < 0) {
1494 ret = EXIT_GROUP;
1495 goto fail_child;
1496 }
1497 }
1498
1499 LIST_FOREACH(port, p, s->ports) {
1500 const char *path = NULL;
1501
1502 if (p->type == SOCKET_SOCKET)
1503 path = socket_address_get_path(&p->address);
1504 else if (p->type == SOCKET_FIFO)
1505 path = p->path;
1506
1507 if (!path)
1508 continue;
1509
1510 if (chown(path, uid, gid) < 0) {
1511 r = -errno;
1512 ret = EXIT_CHOWN;
1513 goto fail_child;
1514 }
1515 }
1516
1517 _exit(0);
1518
1519 fail_child:
1520 log_open();
1521 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1522
1523 _exit(ret);
1524 }
1525
1526 r = unit_watch_pid(UNIT(s), pid);
1527 if (r < 0)
1528 goto fail;
1529
1530 *_pid = pid;
1531 return 0;
1532
1533 fail:
1534 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1535 return r;
1536 }
1537
1538 static void socket_enter_dead(Socket *s, SocketResult f) {
1539 assert(s);
1540
1541 if (f != SOCKET_SUCCESS)
1542 s->result = f;
1543
1544 exec_runtime_destroy(s->exec_runtime);
1545 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1546
1547 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1548
1549 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1550 }
1551
1552 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1553
1554 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1555 int r;
1556 assert(s);
1557
1558 if (f != SOCKET_SUCCESS)
1559 s->result = f;
1560
1561 socket_unwatch_control_pid(s);
1562 s->control_command_id = SOCKET_EXEC_STOP_POST;
1563 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1564
1565 if (s->control_command) {
1566 r = socket_spawn(s, s->control_command, &s->control_pid);
1567 if (r < 0)
1568 goto fail;
1569
1570 socket_set_state(s, SOCKET_STOP_POST);
1571 } else
1572 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1573
1574 return;
1575
1576 fail:
1577 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
1578 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1579 }
1580
1581 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1582 int r;
1583
1584 assert(s);
1585
1586 if (f != SOCKET_SUCCESS)
1587 s->result = f;
1588
1589 r = unit_kill_context(
1590 UNIT(s),
1591 &s->kill_context,
1592 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1593 KILL_KILL : KILL_TERMINATE,
1594 -1,
1595 s->control_pid,
1596 false);
1597 if (r < 0)
1598 goto fail;
1599
1600 if (r > 0) {
1601 r = socket_arm_timer(s);
1602 if (r < 0)
1603 goto fail;
1604
1605 socket_set_state(s, state);
1606 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1607 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1608 else if (state == SOCKET_STOP_PRE_SIGKILL)
1609 socket_enter_stop_post(s, SOCKET_SUCCESS);
1610 else if (state == SOCKET_FINAL_SIGTERM)
1611 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1612 else
1613 socket_enter_dead(s, SOCKET_SUCCESS);
1614
1615 return;
1616
1617 fail:
1618 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
1619
1620 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1621 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1622 else
1623 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1624 }
1625
1626 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1627 int r;
1628 assert(s);
1629
1630 if (f != SOCKET_SUCCESS)
1631 s->result = f;
1632
1633 socket_unwatch_control_pid(s);
1634 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1635 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1636
1637 if (s->control_command) {
1638 r = socket_spawn(s, s->control_command, &s->control_pid);
1639 if (r < 0)
1640 goto fail;
1641
1642 socket_set_state(s, SOCKET_STOP_PRE);
1643 } else
1644 socket_enter_stop_post(s, SOCKET_SUCCESS);
1645
1646 return;
1647
1648 fail:
1649 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
1650 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1651 }
1652
1653 static void socket_enter_listening(Socket *s) {
1654 int r;
1655 assert(s);
1656
1657 r = socket_watch_fds(s);
1658 if (r < 0) {
1659 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1660 goto fail;
1661 }
1662
1663 socket_set_state(s, SOCKET_LISTENING);
1664 return;
1665
1666 fail:
1667 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1668 }
1669
1670 static void socket_enter_start_post(Socket *s) {
1671 int r;
1672 assert(s);
1673
1674 socket_unwatch_control_pid(s);
1675 s->control_command_id = SOCKET_EXEC_START_POST;
1676 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1677
1678 if (s->control_command) {
1679 r = socket_spawn(s, s->control_command, &s->control_pid);
1680 if (r < 0) {
1681 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
1682 goto fail;
1683 }
1684
1685 socket_set_state(s, SOCKET_START_POST);
1686 } else
1687 socket_enter_listening(s);
1688
1689 return;
1690
1691 fail:
1692 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1693 }
1694
1695 static void socket_enter_start_chown(Socket *s) {
1696 int r;
1697
1698 assert(s);
1699
1700 r = socket_open_fds(s);
1701 if (r < 0) {
1702 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1703 goto fail;
1704 }
1705
1706 if (!isempty(s->user) || !isempty(s->group)) {
1707
1708 socket_unwatch_control_pid(s);
1709 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1710 s->control_command = NULL;
1711
1712 r = socket_chown(s, &s->control_pid);
1713 if (r < 0) {
1714 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
1715 goto fail;
1716 }
1717
1718 socket_set_state(s, SOCKET_START_CHOWN);
1719 } else
1720 socket_enter_start_post(s);
1721
1722 return;
1723
1724 fail:
1725 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1726 }
1727
1728 static void socket_enter_start_pre(Socket *s) {
1729 int r;
1730 assert(s);
1731
1732 socket_unwatch_control_pid(s);
1733 s->control_command_id = SOCKET_EXEC_START_PRE;
1734 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1735
1736 if (s->control_command) {
1737 r = socket_spawn(s, s->control_command, &s->control_pid);
1738 if (r < 0) {
1739 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
1740 goto fail;
1741 }
1742
1743 socket_set_state(s, SOCKET_START_PRE);
1744 } else
1745 socket_enter_start_chown(s);
1746
1747 return;
1748
1749 fail:
1750 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1751 }
1752
1753 static void socket_enter_running(Socket *s, int cfd) {
1754 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1755 int r;
1756
1757 assert(s);
1758
1759 /* We don't take connections anymore if we are supposed to
1760 * shut down anyway */
1761 if (unit_stop_pending(UNIT(s))) {
1762
1763 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
1764
1765 if (cfd >= 0)
1766 safe_close(cfd);
1767 else {
1768 /* Flush all sockets by closing and reopening them */
1769 socket_close_fds(s);
1770
1771 r = socket_open_fds(s);
1772 if (r < 0) {
1773 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1774 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1775 return;
1776 }
1777
1778 r = socket_watch_fds(s);
1779 if (r < 0) {
1780 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1781 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1782 }
1783 }
1784
1785 return;
1786 }
1787
1788 if (cfd < 0) {
1789 Iterator i;
1790 Unit *other;
1791 bool pending = false;
1792
1793 /* If there's already a start pending don't bother to
1794 * do anything */
1795 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1796 if (unit_active_or_pending(other)) {
1797 pending = true;
1798 break;
1799 }
1800
1801 if (!pending) {
1802 if (!UNIT_ISSET(s->service)) {
1803 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
1804 r = -ENOENT;
1805 goto fail;
1806 }
1807
1808 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1809 if (r < 0)
1810 goto fail;
1811 }
1812
1813 socket_set_state(s, SOCKET_RUNNING);
1814 } else {
1815 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1816 Service *service;
1817
1818 if (s->n_connections >= s->max_connections) {
1819 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
1820 safe_close(cfd);
1821 return;
1822 }
1823
1824 r = socket_instantiate_service(s);
1825 if (r < 0)
1826 goto fail;
1827
1828 r = instance_from_socket(cfd, s->n_accepted, &instance);
1829 if (r < 0) {
1830 if (r != -ENOTCONN)
1831 goto fail;
1832
1833 /* ENOTCONN is legitimate if TCP RST was received.
1834 * This connection is over, but the socket unit lives on. */
1835 safe_close(cfd);
1836 return;
1837 }
1838
1839 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1840 if (r < 0)
1841 goto fail;
1842
1843 r = unit_name_build(prefix, instance, ".service", &name);
1844 if (r < 0)
1845 goto fail;
1846
1847 r = unit_add_name(UNIT_DEREF(s->service), name);
1848 if (r < 0)
1849 goto fail;
1850
1851 service = SERVICE(UNIT_DEREF(s->service));
1852 unit_ref_unset(&s->service);
1853 s->n_accepted ++;
1854
1855 UNIT(service)->no_gc = false;
1856
1857 unit_choose_id(UNIT(service), name);
1858
1859 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1860 if (r < 0)
1861 goto fail;
1862
1863 cfd = -1;
1864 s->n_connections ++;
1865
1866 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1867 if (r < 0)
1868 goto fail;
1869
1870 /* Notify clients about changed counters */
1871 unit_add_to_dbus_queue(UNIT(s));
1872 }
1873
1874 return;
1875
1876 fail:
1877 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1878 cfd >= 0 ? "template" : "non-template",
1879 bus_error_message(&error, r));
1880
1881 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1882 safe_close(cfd);
1883 }
1884
1885 static void socket_run_next(Socket *s) {
1886 int r;
1887
1888 assert(s);
1889 assert(s->control_command);
1890 assert(s->control_command->command_next);
1891
1892 socket_unwatch_control_pid(s);
1893
1894 s->control_command = s->control_command->command_next;
1895
1896 r = socket_spawn(s, s->control_command, &s->control_pid);
1897 if (r < 0)
1898 goto fail;
1899
1900 return;
1901
1902 fail:
1903 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
1904
1905 if (s->state == SOCKET_START_POST)
1906 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1907 else if (s->state == SOCKET_STOP_POST)
1908 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1909 else
1910 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1911 }
1912
1913 static int socket_start(Unit *u) {
1914 Socket *s = SOCKET(u);
1915
1916 assert(s);
1917
1918 /* We cannot fulfill this request right now, try again later
1919 * please! */
1920 if (IN_SET(s->state,
1921 SOCKET_STOP_PRE,
1922 SOCKET_STOP_PRE_SIGKILL,
1923 SOCKET_STOP_PRE_SIGTERM,
1924 SOCKET_STOP_POST,
1925 SOCKET_FINAL_SIGTERM,
1926 SOCKET_FINAL_SIGKILL))
1927 return -EAGAIN;
1928
1929 /* Already on it! */
1930 if (IN_SET(s->state,
1931 SOCKET_START_PRE,
1932 SOCKET_START_CHOWN,
1933 SOCKET_START_POST))
1934 return 0;
1935
1936 /* Cannot run this without the service being around */
1937 if (UNIT_ISSET(s->service)) {
1938 Service *service;
1939
1940 service = SERVICE(UNIT_DEREF(s->service));
1941
1942 if (UNIT(service)->load_state != UNIT_LOADED) {
1943 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1944 return -ENOENT;
1945 }
1946
1947 /* If the service is already active we cannot start the
1948 * socket */
1949 if (service->state != SERVICE_DEAD &&
1950 service->state != SERVICE_FAILED &&
1951 service->state != SERVICE_AUTO_RESTART) {
1952 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
1953 return -EBUSY;
1954 }
1955 }
1956
1957 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1958
1959 s->result = SOCKET_SUCCESS;
1960 s->reset_cpu_usage = true;
1961
1962 socket_enter_start_pre(s);
1963
1964 return 1;
1965 }
1966
1967 static int socket_stop(Unit *u) {
1968 Socket *s = SOCKET(u);
1969
1970 assert(s);
1971
1972 /* Already on it */
1973 if (IN_SET(s->state,
1974 SOCKET_STOP_PRE,
1975 SOCKET_STOP_PRE_SIGTERM,
1976 SOCKET_STOP_PRE_SIGKILL,
1977 SOCKET_STOP_POST,
1978 SOCKET_FINAL_SIGTERM,
1979 SOCKET_FINAL_SIGKILL))
1980 return 0;
1981
1982 /* If there's already something running we go directly into
1983 * kill mode. */
1984 if (IN_SET(s->state,
1985 SOCKET_START_PRE,
1986 SOCKET_START_CHOWN,
1987 SOCKET_START_POST)) {
1988 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1989 return -EAGAIN;
1990 }
1991
1992 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1993
1994 socket_enter_stop_pre(s, SOCKET_SUCCESS);
1995 return 1;
1996 }
1997
1998 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1999 Socket *s = SOCKET(u);
2000 SocketPort *p;
2001 int r;
2002
2003 assert(u);
2004 assert(f);
2005 assert(fds);
2006
2007 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2008 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2009 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2010
2011 if (s->control_pid > 0)
2012 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2013
2014 if (s->control_command_id >= 0)
2015 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2016
2017 LIST_FOREACH(port, p, s->ports) {
2018 int copy;
2019
2020 if (p->fd < 0)
2021 continue;
2022
2023 copy = fdset_put_dup(fds, p->fd);
2024 if (copy < 0)
2025 return copy;
2026
2027 if (p->type == SOCKET_SOCKET) {
2028 _cleanup_free_ char *t = NULL;
2029
2030 r = socket_address_print(&p->address, &t);
2031 if (r < 0)
2032 return r;
2033
2034 if (socket_address_family(&p->address) == AF_NETLINK)
2035 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2036 else
2037 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2038
2039 } else if (p->type == SOCKET_SPECIAL)
2040 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2041 else if (p->type == SOCKET_MQUEUE)
2042 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2043 else {
2044 assert(p->type == SOCKET_FIFO);
2045 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2046 }
2047 }
2048
2049 return 0;
2050 }
2051
2052 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2053 Socket *s = SOCKET(u);
2054
2055 assert(u);
2056 assert(key);
2057 assert(value);
2058
2059 if (streq(key, "state")) {
2060 SocketState state;
2061
2062 state = socket_state_from_string(value);
2063 if (state < 0)
2064 log_unit_debug(u, "Failed to parse state value: %s", value);
2065 else
2066 s->deserialized_state = state;
2067 } else if (streq(key, "result")) {
2068 SocketResult f;
2069
2070 f = socket_result_from_string(value);
2071 if (f < 0)
2072 log_unit_debug(u, "Failed to parse result value: %s", value);
2073 else if (f != SOCKET_SUCCESS)
2074 s->result = f;
2075
2076 } else if (streq(key, "n-accepted")) {
2077 unsigned k;
2078
2079 if (safe_atou(value, &k) < 0)
2080 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
2081 else
2082 s->n_accepted += k;
2083 } else if (streq(key, "control-pid")) {
2084 pid_t pid;
2085
2086 if (parse_pid(value, &pid) < 0)
2087 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
2088 else
2089 s->control_pid = pid;
2090 } else if (streq(key, "control-command")) {
2091 SocketExecCommand id;
2092
2093 id = socket_exec_command_from_string(value);
2094 if (id < 0)
2095 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
2096 else {
2097 s->control_command_id = id;
2098 s->control_command = s->exec_command[id];
2099 }
2100 } else if (streq(key, "fifo")) {
2101 int fd, skip = 0;
2102 SocketPort *p;
2103
2104 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2105 log_unit_debug(u, "Failed to parse fifo value: %s", value);
2106 else {
2107
2108 LIST_FOREACH(port, p, s->ports)
2109 if (p->type == SOCKET_FIFO &&
2110 path_equal_or_files_same(p->path, value+skip))
2111 break;
2112
2113 if (p) {
2114 safe_close(p->fd);
2115 p->fd = fdset_remove(fds, fd);
2116 }
2117 }
2118
2119 } else if (streq(key, "special")) {
2120 int fd, skip = 0;
2121 SocketPort *p;
2122
2123 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2124 log_unit_debug(u, "Failed to parse special value: %s", value);
2125 else {
2126
2127 LIST_FOREACH(port, p, s->ports)
2128 if (p->type == SOCKET_SPECIAL &&
2129 path_equal_or_files_same(p->path, value+skip))
2130 break;
2131
2132 if (p) {
2133 safe_close(p->fd);
2134 p->fd = fdset_remove(fds, fd);
2135 }
2136 }
2137
2138 } else if (streq(key, "mqueue")) {
2139 int fd, skip = 0;
2140 SocketPort *p;
2141
2142 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2143 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
2144 else {
2145
2146 LIST_FOREACH(port, p, s->ports)
2147 if (p->type == SOCKET_MQUEUE &&
2148 streq(p->path, value+skip))
2149 break;
2150
2151 if (p) {
2152 safe_close(p->fd);
2153 p->fd = fdset_remove(fds, fd);
2154 }
2155 }
2156
2157 } else if (streq(key, "socket")) {
2158 int fd, type, skip = 0;
2159 SocketPort *p;
2160
2161 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2162 log_unit_debug(u, "Failed to parse socket value: %s", value);
2163 else {
2164
2165 LIST_FOREACH(port, p, s->ports)
2166 if (socket_address_is(&p->address, value+skip, type))
2167 break;
2168
2169 if (p) {
2170 safe_close(p->fd);
2171 p->fd = fdset_remove(fds, fd);
2172 }
2173 }
2174
2175 } else if (streq(key, "netlink")) {
2176 int fd, skip = 0;
2177 SocketPort *p;
2178
2179 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2180 log_unit_debug(u, "Failed to parse socket value: %s", value);
2181 else {
2182
2183 LIST_FOREACH(port, p, s->ports)
2184 if (socket_address_is_netlink(&p->address, value+skip))
2185 break;
2186
2187 if (p) {
2188 safe_close(p->fd);
2189 p->fd = fdset_remove(fds, fd);
2190 }
2191 }
2192 } else
2193 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
2194
2195 return 0;
2196 }
2197
2198 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2199 Socket *s = SOCKET(u);
2200 SocketPort *p;
2201
2202 assert(u);
2203
2204 LIST_FOREACH(port, p, s->ports) {
2205 Iterator i;
2206 int fd;
2207
2208 if (p->type != SOCKET_SOCKET)
2209 continue;
2210
2211 if (p->fd >= 0)
2212 continue;
2213
2214 FDSET_FOREACH(fd, fds, i) {
2215 if (socket_address_matches_fd(&p->address, fd)) {
2216 p->fd = fdset_remove(fds, fd);
2217 s->deserialized_state = SOCKET_LISTENING;
2218 break;
2219 }
2220 }
2221 }
2222
2223 return 0;
2224 }
2225
2226 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2227 assert(u);
2228
2229 return state_translation_table[SOCKET(u)->state];
2230 }
2231
2232 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2233 assert(u);
2234
2235 return socket_state_to_string(SOCKET(u)->state);
2236 }
2237
2238 const char* socket_port_type_to_string(SocketPort *p) {
2239
2240 assert(p);
2241
2242 switch (p->type) {
2243
2244 case SOCKET_SOCKET:
2245
2246 switch (p->address.type) {
2247
2248 case SOCK_STREAM:
2249 return "Stream";
2250
2251 case SOCK_DGRAM:
2252 return "Datagram";
2253
2254 case SOCK_SEQPACKET:
2255 return "SequentialPacket";
2256
2257 case SOCK_RAW:
2258 if (socket_address_family(&p->address) == AF_NETLINK)
2259 return "Netlink";
2260
2261 default:
2262 return NULL;
2263 }
2264
2265 case SOCKET_SPECIAL:
2266 return "Special";
2267
2268 case SOCKET_MQUEUE:
2269 return "MessageQueue";
2270
2271 case SOCKET_FIFO:
2272 return "FIFO";
2273
2274 default:
2275 return NULL;
2276 }
2277 }
2278
2279 _pure_ static bool socket_check_gc(Unit *u) {
2280 Socket *s = SOCKET(u);
2281
2282 assert(u);
2283
2284 return s->n_connections > 0;
2285 }
2286
2287 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2288 SocketPort *p = userdata;
2289 int cfd = -1;
2290
2291 assert(p);
2292 assert(fd >= 0);
2293
2294 if (p->socket->state != SOCKET_LISTENING)
2295 return 0;
2296
2297 log_unit_debug(UNIT(p->socket), "Incoming traffic");
2298
2299 if (revents != EPOLLIN) {
2300
2301 if (revents & EPOLLHUP)
2302 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2303 else
2304 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
2305
2306 goto fail;
2307 }
2308
2309 if (p->socket->accept &&
2310 p->type == SOCKET_SOCKET &&
2311 socket_address_can_accept(&p->address)) {
2312
2313 for (;;) {
2314
2315 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2316 if (cfd < 0) {
2317
2318 if (errno == EINTR)
2319 continue;
2320
2321 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
2322 goto fail;
2323 }
2324
2325 break;
2326 }
2327
2328 socket_apply_socket_options(p->socket, cfd);
2329 }
2330
2331 socket_enter_running(p->socket, cfd);
2332 return 0;
2333
2334 fail:
2335 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2336 return 0;
2337 }
2338
2339 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2340 Socket *s = SOCKET(u);
2341 SocketResult f;
2342
2343 assert(s);
2344 assert(pid >= 0);
2345
2346 if (pid != s->control_pid)
2347 return;
2348
2349 s->control_pid = 0;
2350
2351 if (is_clean_exit(code, status, NULL))
2352 f = SOCKET_SUCCESS;
2353 else if (code == CLD_EXITED)
2354 f = SOCKET_FAILURE_EXIT_CODE;
2355 else if (code == CLD_KILLED)
2356 f = SOCKET_FAILURE_SIGNAL;
2357 else if (code == CLD_DUMPED)
2358 f = SOCKET_FAILURE_CORE_DUMP;
2359 else
2360 assert_not_reached("Unknown sigchld code");
2361
2362 if (s->control_command) {
2363 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2364
2365 if (s->control_command->ignore)
2366 f = SOCKET_SUCCESS;
2367 }
2368
2369 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2370 "Control process exited, code=%s status=%i",
2371 sigchld_code_to_string(code), status);
2372
2373 if (f != SOCKET_SUCCESS)
2374 s->result = f;
2375
2376 if (s->control_command &&
2377 s->control_command->command_next &&
2378 f == SOCKET_SUCCESS) {
2379
2380 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
2381 socket_run_next(s);
2382 } else {
2383 s->control_command = NULL;
2384 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2385
2386 /* No further commands for this step, so let's figure
2387 * out what to do next */
2388
2389 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
2390
2391 switch (s->state) {
2392
2393 case SOCKET_START_PRE:
2394 if (f == SOCKET_SUCCESS)
2395 socket_enter_start_chown(s);
2396 else
2397 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2398 break;
2399
2400 case SOCKET_START_CHOWN:
2401 if (f == SOCKET_SUCCESS)
2402 socket_enter_start_post(s);
2403 else
2404 socket_enter_stop_pre(s, f);
2405 break;
2406
2407 case SOCKET_START_POST:
2408 if (f == SOCKET_SUCCESS)
2409 socket_enter_listening(s);
2410 else
2411 socket_enter_stop_pre(s, f);
2412 break;
2413
2414 case SOCKET_STOP_PRE:
2415 case SOCKET_STOP_PRE_SIGTERM:
2416 case SOCKET_STOP_PRE_SIGKILL:
2417 socket_enter_stop_post(s, f);
2418 break;
2419
2420 case SOCKET_STOP_POST:
2421 case SOCKET_FINAL_SIGTERM:
2422 case SOCKET_FINAL_SIGKILL:
2423 socket_enter_dead(s, f);
2424 break;
2425
2426 default:
2427 assert_not_reached("Uh, control process died at wrong time.");
2428 }
2429 }
2430
2431 /* Notify clients about changed exit status */
2432 unit_add_to_dbus_queue(u);
2433 }
2434
2435 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2436 Socket *s = SOCKET(userdata);
2437
2438 assert(s);
2439 assert(s->timer_event_source == source);
2440
2441 switch (s->state) {
2442
2443 case SOCKET_START_PRE:
2444 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
2445 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2446 break;
2447
2448 case SOCKET_START_CHOWN:
2449 case SOCKET_START_POST:
2450 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
2451 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2452 break;
2453
2454 case SOCKET_STOP_PRE:
2455 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
2456 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2457 break;
2458
2459 case SOCKET_STOP_PRE_SIGTERM:
2460 if (s->kill_context.send_sigkill) {
2461 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
2462 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2463 } else {
2464 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2465 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2466 }
2467 break;
2468
2469 case SOCKET_STOP_PRE_SIGKILL:
2470 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
2471 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2472 break;
2473
2474 case SOCKET_STOP_POST:
2475 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
2476 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2477 break;
2478
2479 case SOCKET_FINAL_SIGTERM:
2480 if (s->kill_context.send_sigkill) {
2481 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
2482 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2483 } else {
2484 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2485 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2486 }
2487 break;
2488
2489 case SOCKET_FINAL_SIGKILL:
2490 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
2491 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2492 break;
2493
2494 default:
2495 assert_not_reached("Timeout at wrong time.");
2496 }
2497
2498 return 0;
2499 }
2500
2501 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2502 int *rfds;
2503 unsigned rn_fds, k;
2504 SocketPort *p;
2505
2506 assert(s);
2507 assert(fds);
2508 assert(n_fds);
2509
2510 /* Called from the service code for requesting our fds */
2511
2512 rn_fds = 0;
2513 LIST_FOREACH(port, p, s->ports)
2514 if (p->fd >= 0)
2515 rn_fds++;
2516
2517 if (rn_fds <= 0) {
2518 *fds = NULL;
2519 *n_fds = 0;
2520 return 0;
2521 }
2522
2523 rfds = new(int, rn_fds);
2524 if (!rfds)
2525 return -ENOMEM;
2526
2527 k = 0;
2528 LIST_FOREACH(port, p, s->ports)
2529 if (p->fd >= 0)
2530 rfds[k++] = p->fd;
2531
2532 assert(k == rn_fds);
2533
2534 *fds = rfds;
2535 *n_fds = rn_fds;
2536
2537 return 0;
2538 }
2539
2540 static void socket_reset_failed(Unit *u) {
2541 Socket *s = SOCKET(u);
2542
2543 assert(s);
2544
2545 if (s->state == SOCKET_FAILED)
2546 socket_set_state(s, SOCKET_DEAD);
2547
2548 s->result = SOCKET_SUCCESS;
2549 }
2550
2551 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2552 assert(s);
2553
2554 /* The service is dead. Dang!
2555 *
2556 * This is strictly for one-instance-for-all-connections
2557 * services. */
2558
2559 if (s->state == SOCKET_RUNNING) {
2560 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
2561 if (failed_permanent)
2562 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2563 else
2564 socket_enter_listening(s);
2565 }
2566 }
2567
2568 void socket_connection_unref(Socket *s) {
2569 assert(s);
2570
2571 /* The service is dead. Yay!
2572 *
2573 * This is strictly for one-instance-per-connection
2574 * services. */
2575
2576 assert(s->n_connections > 0);
2577 s->n_connections--;
2578
2579 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
2580 }
2581
2582 static void socket_trigger_notify(Unit *u, Unit *other) {
2583 Socket *s = SOCKET(u);
2584 Service *se;
2585
2586 assert(u);
2587 assert(other);
2588
2589 /* Don't propagate state changes from the service if we are
2590 already down or accepting connections */
2591 if ((s->state != SOCKET_RUNNING &&
2592 s->state != SOCKET_LISTENING) ||
2593 s->accept)
2594 return;
2595
2596 if (other->load_state != UNIT_LOADED ||
2597 other->type != UNIT_SERVICE)
2598 return;
2599
2600 se = SERVICE(other);
2601
2602 if (se->state == SERVICE_FAILED)
2603 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2604
2605 if (se->state == SERVICE_DEAD ||
2606 se->state == SERVICE_FINAL_SIGTERM ||
2607 se->state == SERVICE_FINAL_SIGKILL ||
2608 se->state == SERVICE_AUTO_RESTART)
2609 socket_notify_service_dead(s, false);
2610
2611 if (se->state == SERVICE_RUNNING)
2612 socket_set_state(s, SOCKET_RUNNING);
2613 }
2614
2615 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2616 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2617 }
2618
2619 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2620 Socket *s = SOCKET(u);
2621 int r;
2622
2623 if (!s->timer_event_source)
2624 return 0;
2625
2626 r = sd_event_source_get_time(s->timer_event_source, timeout);
2627 if (r < 0)
2628 return r;
2629
2630 return 1;
2631 }
2632
2633 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2634 [SOCKET_DEAD] = "dead",
2635 [SOCKET_START_PRE] = "start-pre",
2636 [SOCKET_START_CHOWN] = "start-chown",
2637 [SOCKET_START_POST] = "start-post",
2638 [SOCKET_LISTENING] = "listening",
2639 [SOCKET_RUNNING] = "running",
2640 [SOCKET_STOP_PRE] = "stop-pre",
2641 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2642 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2643 [SOCKET_STOP_POST] = "stop-post",
2644 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2645 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2646 [SOCKET_FAILED] = "failed"
2647 };
2648
2649 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2650
2651 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2652 [SOCKET_EXEC_START_PRE] = "StartPre",
2653 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2654 [SOCKET_EXEC_START_POST] = "StartPost",
2655 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2656 [SOCKET_EXEC_STOP_POST] = "StopPost"
2657 };
2658
2659 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2660
2661 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2662 [SOCKET_SUCCESS] = "success",
2663 [SOCKET_FAILURE_RESOURCES] = "resources",
2664 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2665 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2666 [SOCKET_FAILURE_SIGNAL] = "signal",
2667 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2668 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2669 };
2670
2671 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2672
2673 const UnitVTable socket_vtable = {
2674 .object_size = sizeof(Socket),
2675 .exec_context_offset = offsetof(Socket, exec_context),
2676 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2677 .kill_context_offset = offsetof(Socket, kill_context),
2678 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2679
2680 .sections =
2681 "Unit\0"
2682 "Socket\0"
2683 "Install\0",
2684 .private_section = "Socket",
2685
2686 .init = socket_init,
2687 .done = socket_done,
2688 .load = socket_load,
2689
2690 .coldplug = socket_coldplug,
2691
2692 .dump = socket_dump,
2693
2694 .start = socket_start,
2695 .stop = socket_stop,
2696
2697 .kill = socket_kill,
2698
2699 .get_timeout = socket_get_timeout,
2700
2701 .serialize = socket_serialize,
2702 .deserialize_item = socket_deserialize_item,
2703 .distribute_fds = socket_distribute_fds,
2704
2705 .active_state = socket_active_state,
2706 .sub_state_to_string = socket_sub_state_to_string,
2707
2708 .check_gc = socket_check_gc,
2709
2710 .sigchld_event = socket_sigchld_event,
2711
2712 .trigger_notify = socket_trigger_notify,
2713
2714 .reset_failed = socket_reset_failed,
2715
2716 .bus_interface = "org.freedesktop.systemd1.Socket",
2717 .bus_vtable = bus_socket_vtable,
2718 .bus_set_property = bus_socket_set_property,
2719 .bus_commit_properties = bus_socket_commit_properties,
2720
2721 .status_message_formats = {
2722 /*.starting_stopping = {
2723 [0] = "Starting socket %s...",
2724 [1] = "Stopping socket %s...",
2725 },*/
2726 .finished_start_job = {
2727 [JOB_DONE] = "Listening on %s.",
2728 [JOB_FAILED] = "Failed to listen on %s.",
2729 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2730 [JOB_TIMEOUT] = "Timed out starting %s.",
2731 },
2732 .finished_stop_job = {
2733 [JOB_DONE] = "Closed %s.",
2734 [JOB_FAILED] = "Failed stopping %s.",
2735 [JOB_TIMEOUT] = "Timed out stopping %s.",
2736 },
2737 },
2738 };
Unnamed repository; edit this file 'description' to name the repository.