]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
socket: minor modernizations
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/stat.h>
23 #include <unistd.h>
24 #include <errno.h>
25 #include <fcntl.h>
26 #include <sys/epoll.h>
27 #include <signal.h>
28 #include <arpa/inet.h>
29 #include <netinet/tcp.h>
30 #include <mqueue.h>
31
32 #include "sd-event.h"
33 #include "log.h"
34 #include "strv.h"
35 #include "mkdir.h"
36 #include "path-util.h"
37 #include "unit-name.h"
38 #include "unit-printf.h"
39 #include "missing.h"
40 #include "special.h"
41 #include "label.h"
42 #include "exit-status.h"
43 #include "def.h"
44 #include "smack-util.h"
45 #include "bus-util.h"
46 #include "bus-error.h"
47 #include "selinux-util.h"
48 #include "dbus-socket.h"
49 #include "unit.h"
50 #include "socket.h"
51
52 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
53 [SOCKET_DEAD] = UNIT_INACTIVE,
54 [SOCKET_START_PRE] = UNIT_ACTIVATING,
55 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
56 [SOCKET_START_POST] = UNIT_ACTIVATING,
57 [SOCKET_LISTENING] = UNIT_ACTIVE,
58 [SOCKET_RUNNING] = UNIT_ACTIVE,
59 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
60 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
61 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
62 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
63 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
64 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
65 [SOCKET_FAILED] = UNIT_FAILED
66 };
67
68 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
69 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
70
71 static void socket_init(Unit *u) {
72 Socket *s = SOCKET(u);
73
74 assert(u);
75 assert(u->load_state == UNIT_STUB);
76
77 s->backlog = SOMAXCONN;
78 s->timeout_usec = u->manager->default_timeout_start_usec;
79 s->directory_mode = 0755;
80 s->socket_mode = 0666;
81
82 s->max_connections = 64;
83
84 s->priority = -1;
85 s->ip_tos = -1;
86 s->ip_ttl = -1;
87 s->mark = -1;
88
89 s->exec_context.std_output = u->manager->default_std_output;
90 s->exec_context.std_error = u->manager->default_std_error;
91
92 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
93 }
94
95 static void socket_unwatch_control_pid(Socket *s) {
96 assert(s);
97
98 if (s->control_pid <= 0)
99 return;
100
101 unit_unwatch_pid(UNIT(s), s->control_pid);
102 s->control_pid = 0;
103 }
104
105 void socket_free_ports(Socket *s) {
106 SocketPort *p;
107
108 assert(s);
109
110 while ((p = s->ports)) {
111 LIST_REMOVE(port, s->ports, p);
112
113 sd_event_source_unref(p->event_source);
114
115 safe_close(p->fd);
116 free(p->path);
117 free(p);
118 }
119 }
120
121 static void socket_done(Unit *u) {
122 Socket *s = SOCKET(u);
123
124 assert(s);
125
126 socket_free_ports(s);
127
128 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
129 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
130 s->control_command = NULL;
131
132 socket_unwatch_control_pid(s);
133
134 unit_ref_unset(&s->service);
135
136 free(s->tcp_congestion);
137 s->tcp_congestion = NULL;
138
139 free(s->bind_to_device);
140 s->bind_to_device = NULL;
141
142 free(s->smack);
143 free(s->smack_ip_in);
144 free(s->smack_ip_out);
145
146 strv_free(s->symlinks);
147
148 free(s->user);
149 free(s->group);
150
151 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
152 }
153
154 static int socket_arm_timer(Socket *s) {
155 int r;
156
157 assert(s);
158
159 if (s->timeout_usec <= 0) {
160 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
161 return 0;
162 }
163
164 if (s->timer_event_source) {
165 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
166 if (r < 0)
167 return r;
168
169 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
170 }
171
172 return sd_event_add_time(
173 UNIT(s)->manager->event,
174 &s->timer_event_source,
175 CLOCK_MONOTONIC,
176 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
177 socket_dispatch_timer, s);
178 }
179
180 int socket_instantiate_service(Socket *s) {
181 _cleanup_free_ char *prefix = NULL, *name = NULL;
182 int r;
183 Unit *u;
184
185 assert(s);
186
187 /* This fills in s->service if it isn't filled in yet. For
188 * Accept=yes sockets we create the next connection service
189 * here. For Accept=no this is mostly a NOP since the service
190 * is figured out at load time anyway. */
191
192 if (UNIT_DEREF(s->service) || !s->accept)
193 return 0;
194
195 prefix = unit_name_to_prefix(UNIT(s)->id);
196 if (!prefix)
197 return -ENOMEM;
198
199 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
200 return -ENOMEM;
201
202 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
203 if (r < 0)
204 return r;
205
206 u->no_gc = true;
207 unit_ref_set(&s->service, u);
208
209 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
210 }
211
212 static bool have_non_accept_socket(Socket *s) {
213 SocketPort *p;
214
215 assert(s);
216
217 if (!s->accept)
218 return true;
219
220 LIST_FOREACH(port, p, s->ports) {
221
222 if (p->type != SOCKET_SOCKET)
223 return true;
224
225 if (!socket_address_can_accept(&p->address))
226 return true;
227 }
228
229 return false;
230 }
231
232 static int socket_add_mount_links(Socket *s) {
233 SocketPort *p;
234 int r;
235
236 assert(s);
237
238 LIST_FOREACH(port, p, s->ports) {
239 const char *path = NULL;
240
241 if (p->type == SOCKET_SOCKET)
242 path = socket_address_get_path(&p->address);
243 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
244 path = p->path;
245
246 if (!path)
247 continue;
248
249 r = unit_require_mounts_for(UNIT(s), path);
250 if (r < 0)
251 return r;
252 }
253
254 return 0;
255 }
256
257 static int socket_add_device_link(Socket *s) {
258 char *t;
259
260 assert(s);
261
262 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
263 return 0;
264
265 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
266 return unit_add_node_link(UNIT(s), t, false);
267 }
268
269 static int socket_add_default_dependencies(Socket *s) {
270 int r;
271 assert(s);
272
273 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
274 if (r < 0)
275 return r;
276
277 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
278 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
279 if (r < 0)
280 return r;
281 }
282
283 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
284 }
285
286 _pure_ static bool socket_has_exec(Socket *s) {
287 unsigned i;
288 assert(s);
289
290 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
291 if (s->exec_command[i])
292 return true;
293
294 return false;
295 }
296
297 static int socket_add_extras(Socket *s) {
298 Unit *u = UNIT(s);
299 int r;
300
301 assert(s);
302
303 if (have_non_accept_socket(s)) {
304
305 if (!UNIT_DEREF(s->service)) {
306 Unit *x;
307
308 r = unit_load_related_unit(u, ".service", &x);
309 if (r < 0)
310 return r;
311
312 unit_ref_set(&s->service, x);
313 }
314
315 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
316 if (r < 0)
317 return r;
318 }
319
320 r = socket_add_mount_links(s);
321 if (r < 0)
322 return r;
323
324 r = socket_add_device_link(s);
325 if (r < 0)
326 return r;
327
328 r = unit_patch_contexts(u);
329 if (r < 0)
330 return r;
331
332 if (socket_has_exec(s)) {
333 r = unit_add_exec_dependencies(u, &s->exec_context);
334 if (r < 0)
335 return r;
336
337 r = unit_add_default_slice(u, &s->cgroup_context);
338 if (r < 0)
339 return r;
340 }
341
342 if (u->default_dependencies) {
343 r = socket_add_default_dependencies(s);
344 if (r < 0)
345 return r;
346 }
347
348 return 0;
349 }
350
351 static const char *socket_find_symlink_target(Socket *s) {
352 const char *found = NULL;
353 SocketPort *p;
354
355 LIST_FOREACH(port, p, s->ports) {
356 const char *f = NULL;
357
358 switch (p->type) {
359
360 case SOCKET_FIFO:
361 f = p->path;
362 break;
363
364 case SOCKET_SOCKET:
365 if (p->address.sockaddr.un.sun_path[0] != 0)
366 f = p->address.sockaddr.un.sun_path;
367 break;
368
369 default:
370 break;
371 }
372
373 if (f) {
374 if (found)
375 return NULL;
376
377 found = f;
378 }
379 }
380
381 return found;
382 }
383
384 static int socket_verify(Socket *s) {
385 assert(s);
386
387 if (UNIT(s)->load_state != UNIT_LOADED)
388 return 0;
389
390 if (!s->ports) {
391 log_unit_error(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
392 return -EINVAL;
393 }
394
395 if (s->accept && have_non_accept_socket(s)) {
396 log_unit_error(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
397 UNIT(s)->id);
398 return -EINVAL;
399 }
400
401 if (s->accept && s->max_connections <= 0) {
402 log_unit_error(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
403 return -EINVAL;
404 }
405
406 if (s->accept && UNIT_DEREF(s->service)) {
407 log_unit_error(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
408 return -EINVAL;
409 }
410
411 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
412 log_unit_error(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
413 return -EINVAL;
414 }
415
416 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
417 log_unit_error(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
418 return -EINVAL;
419 }
420
421 return 0;
422 }
423
424 static int socket_load(Unit *u) {
425 Socket *s = SOCKET(u);
426 int r;
427
428 assert(u);
429 assert(u->load_state == UNIT_STUB);
430
431 r = unit_load_fragment_and_dropin(u);
432 if (r < 0)
433 return r;
434
435 if (u->load_state == UNIT_LOADED) {
436 /* This is a new unit? Then let's add in some extras */
437 r = socket_add_extras(s);
438 if (r < 0)
439 return r;
440 }
441
442 return socket_verify(s);
443 }
444
445 _const_ static const char* listen_lookup(int family, int type) {
446
447 if (family == AF_NETLINK)
448 return "ListenNetlink";
449
450 if (type == SOCK_STREAM)
451 return "ListenStream";
452 else if (type == SOCK_DGRAM)
453 return "ListenDatagram";
454 else if (type == SOCK_SEQPACKET)
455 return "ListenSequentialPacket";
456
457 assert_not_reached("Unknown socket type");
458 return NULL;
459 }
460
461 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
462 char time_string[FORMAT_TIMESPAN_MAX];
463 SocketExecCommand c;
464 Socket *s = SOCKET(u);
465 SocketPort *p;
466 const char *prefix2;
467
468 assert(s);
469 assert(f);
470
471 prefix = strempty(prefix);
472 prefix2 = strjoina(prefix, "\t");
473
474 fprintf(f,
475 "%sSocket State: %s\n"
476 "%sResult: %s\n"
477 "%sBindIPv6Only: %s\n"
478 "%sBacklog: %u\n"
479 "%sSocketMode: %04o\n"
480 "%sDirectoryMode: %04o\n"
481 "%sKeepAlive: %s\n"
482 "%sNoDelay: %s\n"
483 "%sFreeBind: %s\n"
484 "%sTransparent: %s\n"
485 "%sBroadcast: %s\n"
486 "%sPassCredentials: %s\n"
487 "%sPassSecurity: %s\n"
488 "%sTCPCongestion: %s\n"
489 "%sRemoveOnStop: %s\n"
490 "%sSELinuxContextFromNet: %s\n",
491 prefix, socket_state_to_string(s->state),
492 prefix, socket_result_to_string(s->result),
493 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
494 prefix, s->backlog,
495 prefix, s->socket_mode,
496 prefix, s->directory_mode,
497 prefix, yes_no(s->keep_alive),
498 prefix, yes_no(s->no_delay),
499 prefix, yes_no(s->free_bind),
500 prefix, yes_no(s->transparent),
501 prefix, yes_no(s->broadcast),
502 prefix, yes_no(s->pass_cred),
503 prefix, yes_no(s->pass_sec),
504 prefix, strna(s->tcp_congestion),
505 prefix, yes_no(s->remove_on_stop),
506 prefix, yes_no(s->selinux_context_from_net));
507
508 if (s->control_pid > 0)
509 fprintf(f,
510 "%sControl PID: "PID_FMT"\n",
511 prefix, s->control_pid);
512
513 if (s->bind_to_device)
514 fprintf(f,
515 "%sBindToDevice: %s\n",
516 prefix, s->bind_to_device);
517
518 if (s->accept)
519 fprintf(f,
520 "%sAccepted: %u\n"
521 "%sNConnections: %u\n"
522 "%sMaxConnections: %u\n",
523 prefix, s->n_accepted,
524 prefix, s->n_connections,
525 prefix, s->max_connections);
526
527 if (s->priority >= 0)
528 fprintf(f,
529 "%sPriority: %i\n",
530 prefix, s->priority);
531
532 if (s->receive_buffer > 0)
533 fprintf(f,
534 "%sReceiveBuffer: %zu\n",
535 prefix, s->receive_buffer);
536
537 if (s->send_buffer > 0)
538 fprintf(f,
539 "%sSendBuffer: %zu\n",
540 prefix, s->send_buffer);
541
542 if (s->ip_tos >= 0)
543 fprintf(f,
544 "%sIPTOS: %i\n",
545 prefix, s->ip_tos);
546
547 if (s->ip_ttl >= 0)
548 fprintf(f,
549 "%sIPTTL: %i\n",
550 prefix, s->ip_ttl);
551
552 if (s->pipe_size > 0)
553 fprintf(f,
554 "%sPipeSize: %zu\n",
555 prefix, s->pipe_size);
556
557 if (s->mark >= 0)
558 fprintf(f,
559 "%sMark: %i\n",
560 prefix, s->mark);
561
562 if (s->mq_maxmsg > 0)
563 fprintf(f,
564 "%sMessageQueueMaxMessages: %li\n",
565 prefix, s->mq_maxmsg);
566
567 if (s->mq_msgsize > 0)
568 fprintf(f,
569 "%sMessageQueueMessageSize: %li\n",
570 prefix, s->mq_msgsize);
571
572 if (s->reuse_port)
573 fprintf(f,
574 "%sReusePort: %s\n",
575 prefix, yes_no(s->reuse_port));
576
577 if (s->smack)
578 fprintf(f,
579 "%sSmackLabel: %s\n",
580 prefix, s->smack);
581
582 if (s->smack_ip_in)
583 fprintf(f,
584 "%sSmackLabelIPIn: %s\n",
585 prefix, s->smack_ip_in);
586
587 if (s->smack_ip_out)
588 fprintf(f,
589 "%sSmackLabelIPOut: %s\n",
590 prefix, s->smack_ip_out);
591
592 if (!isempty(s->user) || !isempty(s->group))
593 fprintf(f,
594 "%sOwnerUser: %s\n"
595 "%sOwnerGroup: %s\n",
596 prefix, strna(s->user),
597 prefix, strna(s->group));
598
599 if (s->keep_alive_time > 0)
600 fprintf(f,
601 "%sKeepAliveTimeSec: %s\n",
602 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
603
604 if (s->keep_alive_interval)
605 fprintf(f,
606 "%sKeepAliveIntervalSec: %s\n",
607 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
608
609 if (s->keep_alive_cnt)
610 fprintf(f,
611 "%sKeepAliveProbes: %u\n",
612 prefix, s->keep_alive_cnt);
613
614 if (s->defer_accept)
615 fprintf(f,
616 "%sDeferAcceptSec: %s\n",
617 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
618
619 LIST_FOREACH(port, p, s->ports) {
620
621 if (p->type == SOCKET_SOCKET) {
622 const char *t;
623 int r;
624 char *k = NULL;
625
626 if ((r = socket_address_print(&p->address, &k)) < 0)
627 t = strerror(-r);
628 else
629 t = k;
630
631 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
632 free(k);
633 } else if (p->type == SOCKET_SPECIAL)
634 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
635 else if (p->type == SOCKET_MQUEUE)
636 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
637 else
638 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
639 }
640
641 exec_context_dump(&s->exec_context, f, prefix);
642 kill_context_dump(&s->kill_context, f, prefix);
643
644 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
645 if (!s->exec_command[c])
646 continue;
647
648 fprintf(f, "%s-> %s:\n",
649 prefix, socket_exec_command_to_string(c));
650
651 exec_command_dump_list(s->exec_command[c], f, prefix2);
652 }
653 }
654
655 static int instance_from_socket(int fd, unsigned nr, char **instance) {
656 socklen_t l;
657 char *r;
658 union sockaddr_union local, remote;
659
660 assert(fd >= 0);
661 assert(instance);
662
663 l = sizeof(local);
664 if (getsockname(fd, &local.sa, &l) < 0)
665 return -errno;
666
667 l = sizeof(remote);
668 if (getpeername(fd, &remote.sa, &l) < 0)
669 return -errno;
670
671 switch (local.sa.sa_family) {
672
673 case AF_INET: {
674 uint32_t
675 a = ntohl(local.in.sin_addr.s_addr),
676 b = ntohl(remote.in.sin_addr.s_addr);
677
678 if (asprintf(&r,
679 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
680 nr,
681 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
682 ntohs(local.in.sin_port),
683 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
684 ntohs(remote.in.sin_port)) < 0)
685 return -ENOMEM;
686
687 break;
688 }
689
690 case AF_INET6: {
691 static const unsigned char ipv4_prefix[] = {
692 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
693 };
694
695 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
696 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
697 const uint8_t
698 *a = local.in6.sin6_addr.s6_addr+12,
699 *b = remote.in6.sin6_addr.s6_addr+12;
700
701 if (asprintf(&r,
702 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
703 nr,
704 a[0], a[1], a[2], a[3],
705 ntohs(local.in6.sin6_port),
706 b[0], b[1], b[2], b[3],
707 ntohs(remote.in6.sin6_port)) < 0)
708 return -ENOMEM;
709 } else {
710 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
711
712 if (asprintf(&r,
713 "%u-%s:%u-%s:%u",
714 nr,
715 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
716 ntohs(local.in6.sin6_port),
717 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
718 ntohs(remote.in6.sin6_port)) < 0)
719 return -ENOMEM;
720 }
721
722 break;
723 }
724
725 case AF_UNIX: {
726 struct ucred ucred;
727 int k;
728
729 k = getpeercred(fd, &ucred);
730 if (k >= 0) {
731 if (asprintf(&r,
732 "%u-"PID_FMT"-"UID_FMT,
733 nr, ucred.pid, ucred.uid) < 0)
734 return -ENOMEM;
735 } else if (k == -ENODATA) {
736 /* This handles the case where somebody is
737 * connecting from another pid/uid namespace
738 * (e.g. from outside of our container). */
739 if (asprintf(&r,
740 "%u-unknown",
741 nr) < 0)
742 return -ENOMEM;
743 } else
744 return k;
745
746 break;
747 }
748
749 default:
750 assert_not_reached("Unhandled socket type.");
751 }
752
753 *instance = r;
754 return 0;
755 }
756
757 static void socket_close_fds(Socket *s) {
758 SocketPort *p;
759 char **i;
760
761 assert(s);
762
763 LIST_FOREACH(port, p, s->ports) {
764
765 p->event_source = sd_event_source_unref(p->event_source);
766
767 if (p->fd < 0)
768 continue;
769
770 p->fd = safe_close(p->fd);
771
772 /* One little note: we should normally not delete any
773 * sockets in the file system here! After all some
774 * other process we spawned might still have a
775 * reference of this fd and wants to continue to use
776 * it. Therefore we delete sockets in the file system
777 * before we create a new one, not after we stopped
778 * using one! */
779
780 if (s->remove_on_stop) {
781 switch (p->type) {
782
783 case SOCKET_FIFO:
784 unlink(p->path);
785 break;
786
787 case SOCKET_MQUEUE:
788 mq_unlink(p->path);
789 break;
790
791 case SOCKET_SOCKET:
792 socket_address_unlink(&p->address);
793 break;
794
795 default:
796 break;
797 }
798 }
799 }
800
801 if (s->remove_on_stop)
802 STRV_FOREACH(i, s->symlinks)
803 unlink(*i);
804 }
805
806 static void socket_apply_socket_options(Socket *s, int fd) {
807 int r;
808
809 assert(s);
810 assert(fd >= 0);
811
812 if (s->keep_alive) {
813 int b = s->keep_alive;
814 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
815 log_unit_warning(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
816 }
817
818 if (s->keep_alive_time) {
819 int value = s->keep_alive_time / USEC_PER_SEC;
820 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
821 log_unit_warning(UNIT(s)->id, "TCP_KEEPIDLE failed: %m");
822 }
823
824 if (s->keep_alive_interval) {
825 int value = s->keep_alive_interval / USEC_PER_SEC;
826 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
827 log_unit_warning(UNIT(s)->id, "TCP_KEEPINTVL failed: %m");
828 }
829
830 if (s->keep_alive_cnt) {
831 int value = s->keep_alive_cnt;
832 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
833 log_unit_warning(UNIT(s)->id, "TCP_KEEPCNT failed: %m");
834 }
835
836 if (s->defer_accept) {
837 int value = s->defer_accept / USEC_PER_SEC;
838 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
839 log_unit_warning(UNIT(s)->id, "TCP_DEFER_ACCEPT failed: %m");
840 }
841
842 if (s->no_delay) {
843 int b = s->no_delay;
844 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
845 log_unit_warning(UNIT(s)->id, "TCP_NODELAY failed: %m");
846 }
847
848 if (s->broadcast) {
849 int one = 1;
850 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
851 log_unit_warning(UNIT(s)->id, "SO_BROADCAST failed: %m");
852 }
853
854 if (s->pass_cred) {
855 int one = 1;
856 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
857 log_unit_warning(UNIT(s)->id, "SO_PASSCRED failed: %m");
858 }
859
860 if (s->pass_sec) {
861 int one = 1;
862 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
863 log_unit_warning(UNIT(s)->id, "SO_PASSSEC failed: %m");
864 }
865
866 if (s->priority >= 0)
867 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
868 log_unit_warning(UNIT(s)->id, "SO_PRIORITY failed: %m");
869
870 if (s->receive_buffer > 0) {
871 int value = (int) s->receive_buffer;
872
873 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
874
875 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
876 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
877 log_unit_warning(UNIT(s)->id, "SO_RCVBUF failed: %m");
878 }
879
880 if (s->send_buffer > 0) {
881 int value = (int) s->send_buffer;
882 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
883 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
884 log_unit_warning(UNIT(s)->id, "SO_SNDBUF failed: %m");
885 }
886
887 if (s->mark >= 0)
888 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
889 log_unit_warning(UNIT(s)->id, "SO_MARK failed: %m");
890
891 if (s->ip_tos >= 0)
892 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
893 log_unit_warning(UNIT(s)->id, "IP_TOS failed: %m");
894
895 if (s->ip_ttl >= 0) {
896 int x;
897
898 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
899
900 if (socket_ipv6_is_supported())
901 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
902 else {
903 x = -1;
904 errno = EAFNOSUPPORT;
905 }
906
907 if (r < 0 && x < 0)
908 log_unit_warning(UNIT(s)->id,
909 "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
910 }
911
912 if (s->tcp_congestion)
913 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
914 log_unit_warning(UNIT(s)->id, "TCP_CONGESTION failed: %m");
915
916 if (s->reuse_port) {
917 int b = s->reuse_port;
918 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
919 log_unit_warning(UNIT(s)->id, "SO_REUSEPORT failed: %m");
920 }
921
922 if (s->smack_ip_in) {
923 r = mac_smack_apply_ip_in_fd(fd, s->smack_ip_in);
924 if (r < 0)
925 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_ip_in_fd: %m");
926 }
927
928 if (s->smack_ip_out) {
929 r = mac_smack_apply_ip_out_fd(fd, s->smack_ip_out);
930 if (r < 0)
931 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_ip_out_fd: %m");
932 }
933 }
934
935 static void socket_apply_fifo_options(Socket *s, int fd) {
936 int r;
937
938 assert(s);
939 assert(fd >= 0);
940
941 if (s->pipe_size > 0)
942 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
943 log_unit_warning(UNIT(s)->id, "F_SETPIPE_SZ: %m");
944
945 if (s->smack) {
946 r = mac_smack_apply_fd(fd, s->smack);
947 if (r < 0)
948 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_fd: %m");
949 }
950 }
951
952 static int fifo_address_create(
953 const char *path,
954 mode_t directory_mode,
955 mode_t socket_mode,
956 int *_fd) {
957
958 int fd = -1, r = 0;
959 struct stat st;
960 mode_t old_mask;
961
962 assert(path);
963 assert(_fd);
964
965 mkdir_parents_label(path, directory_mode);
966
967 r = mac_selinux_create_file_prepare(path, S_IFIFO);
968 if (r < 0)
969 goto fail;
970
971 /* Enforce the right access mode for the fifo */
972 old_mask = umask(~ socket_mode);
973
974 /* Include the original umask in our mask */
975 umask(~socket_mode | old_mask);
976
977 r = mkfifo(path, socket_mode);
978 umask(old_mask);
979
980 if (r < 0 && errno != EEXIST) {
981 r = -errno;
982 goto fail;
983 }
984
985 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
986 r = -errno;
987 goto fail;
988 }
989
990 mac_selinux_create_file_clear();
991
992 if (fstat(fd, &st) < 0) {
993 r = -errno;
994 goto fail;
995 }
996
997 if (!S_ISFIFO(st.st_mode) ||
998 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
999 st.st_uid != getuid() ||
1000 st.st_gid != getgid()) {
1001
1002 r = -EEXIST;
1003 goto fail;
1004 }
1005
1006 *_fd = fd;
1007 return 0;
1008
1009 fail:
1010 mac_selinux_create_file_clear();
1011 safe_close(fd);
1012
1013 return r;
1014 }
1015
1016 static int special_address_create(
1017 const char *path,
1018 int *_fd) {
1019
1020 int fd = -1, r = 0;
1021 struct stat st;
1022
1023 assert(path);
1024 assert(_fd);
1025
1026 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1027 if (fd < 0) {
1028 r = -errno;
1029 goto fail;
1030 }
1031
1032 if (fstat(fd, &st) < 0) {
1033 r = -errno;
1034 goto fail;
1035 }
1036
1037 /* Check whether this is a /proc, /sys or /dev file or char device */
1038 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1039 r = -EEXIST;
1040 goto fail;
1041 }
1042
1043 *_fd = fd;
1044 return 0;
1045
1046 fail:
1047 safe_close(fd);
1048
1049 return r;
1050 }
1051
1052 static int mq_address_create(
1053 const char *path,
1054 mode_t mq_mode,
1055 long maxmsg,
1056 long msgsize,
1057 int *_fd) {
1058
1059 int fd = -1, r = 0;
1060 struct stat st;
1061 mode_t old_mask;
1062 struct mq_attr _attr, *attr = NULL;
1063
1064 assert(path);
1065 assert(_fd);
1066
1067 if (maxmsg > 0 && msgsize > 0) {
1068 zero(_attr);
1069 _attr.mq_flags = O_NONBLOCK;
1070 _attr.mq_maxmsg = maxmsg;
1071 _attr.mq_msgsize = msgsize;
1072 attr = &_attr;
1073 }
1074
1075 /* Enforce the right access mode for the mq */
1076 old_mask = umask(~ mq_mode);
1077
1078 /* Include the original umask in our mask */
1079 umask(~mq_mode | old_mask);
1080 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1081 umask(old_mask);
1082
1083 if (fd < 0) {
1084 r = -errno;
1085 goto fail;
1086 }
1087
1088 if (fstat(fd, &st) < 0) {
1089 r = -errno;
1090 goto fail;
1091 }
1092
1093 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1094 st.st_uid != getuid() ||
1095 st.st_gid != getgid()) {
1096
1097 r = -EEXIST;
1098 goto fail;
1099 }
1100
1101 *_fd = fd;
1102 return 0;
1103
1104 fail:
1105 safe_close(fd);
1106 return r;
1107 }
1108
1109 static int socket_symlink(Socket *s) {
1110 const char *p;
1111 char **i;
1112
1113 assert(s);
1114
1115 p = socket_find_symlink_target(s);
1116 if (!p)
1117 return 0;
1118
1119 STRV_FOREACH(i, s->symlinks)
1120 symlink_label(p, *i);
1121
1122 return 0;
1123 }
1124
1125 static int socket_open_fds(Socket *s) {
1126 SocketPort *p;
1127 int r;
1128 char *label = NULL;
1129 bool know_label = false;
1130
1131 assert(s);
1132
1133 LIST_FOREACH(port, p, s->ports) {
1134
1135 if (p->fd >= 0)
1136 continue;
1137
1138 if (p->type == SOCKET_SOCKET) {
1139
1140 if (!know_label) {
1141 /* Figure out label, if we don't it know
1142 * yet. We do it once, for the first
1143 * socket where we need this and
1144 * remember it for the rest. */
1145
1146 if (s->selinux_context_from_net) {
1147 /* Get it from the network label */
1148
1149 r = mac_selinux_get_our_label(&label);
1150 if (r < 0 && r != -EOPNOTSUPP)
1151 goto rollback;
1152
1153 } else {
1154 /* Get it from the executable we are about to start */
1155
1156 r = socket_instantiate_service(s);
1157 if (r < 0)
1158 goto rollback;
1159
1160 if (UNIT_ISSET(s->service) &&
1161 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1162 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1163 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1164 goto rollback;
1165 }
1166 }
1167
1168 know_label = true;
1169 }
1170
1171 r = socket_address_listen(
1172 &p->address,
1173 SOCK_CLOEXEC|SOCK_NONBLOCK,
1174 s->backlog,
1175 s->bind_ipv6_only,
1176 s->bind_to_device,
1177 s->free_bind,
1178 s->transparent,
1179 s->directory_mode,
1180 s->socket_mode,
1181 label);
1182 if (r < 0)
1183 goto rollback;
1184
1185 p->fd = r;
1186 socket_apply_socket_options(s, p->fd);
1187 socket_symlink(s);
1188
1189 } else if (p->type == SOCKET_SPECIAL) {
1190
1191 r = special_address_create(
1192 p->path,
1193 &p->fd);
1194 if (r < 0)
1195 goto rollback;
1196
1197 } else if (p->type == SOCKET_FIFO) {
1198
1199 r = fifo_address_create(
1200 p->path,
1201 s->directory_mode,
1202 s->socket_mode,
1203 &p->fd);
1204 if (r < 0)
1205 goto rollback;
1206
1207 socket_apply_fifo_options(s, p->fd);
1208 socket_symlink(s);
1209
1210 } else if (p->type == SOCKET_MQUEUE) {
1211
1212 r = mq_address_create(
1213 p->path,
1214 s->socket_mode,
1215 s->mq_maxmsg,
1216 s->mq_msgsize,
1217 &p->fd);
1218 if (r < 0)
1219 goto rollback;
1220 } else
1221 assert_not_reached("Unknown port type");
1222 }
1223
1224 mac_selinux_free(label);
1225 return 0;
1226
1227 rollback:
1228 socket_close_fds(s);
1229 mac_selinux_free(label);
1230
1231 return r;
1232 }
1233
1234 static void socket_unwatch_fds(Socket *s) {
1235 SocketPort *p;
1236 int r;
1237
1238 assert(s);
1239
1240 LIST_FOREACH(port, p, s->ports) {
1241 if (p->fd < 0)
1242 continue;
1243
1244 if (!p->event_source)
1245 continue;
1246
1247 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1248 if (r < 0)
1249 log_unit_debug(UNIT(s)->id, "Failed to disable event source.");
1250 }
1251 }
1252
1253 static int socket_watch_fds(Socket *s) {
1254 SocketPort *p;
1255 int r;
1256
1257 assert(s);
1258
1259 LIST_FOREACH(port, p, s->ports) {
1260 if (p->fd < 0)
1261 continue;
1262
1263 if (p->event_source)
1264 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1265 else
1266 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1267
1268 if (r < 0) {
1269 log_unit_warning_errno(UNIT(s)->id, r, "Failed to watch listening fds: %m");
1270 goto fail;
1271 }
1272 }
1273
1274 return 0;
1275
1276 fail:
1277 socket_unwatch_fds(s);
1278 return r;
1279 }
1280
1281 static void socket_set_state(Socket *s, SocketState state) {
1282 SocketState old_state;
1283 assert(s);
1284
1285 old_state = s->state;
1286 s->state = state;
1287
1288 if (!IN_SET(state,
1289 SOCKET_START_PRE,
1290 SOCKET_START_CHOWN,
1291 SOCKET_START_POST,
1292 SOCKET_STOP_PRE,
1293 SOCKET_STOP_PRE_SIGTERM,
1294 SOCKET_STOP_PRE_SIGKILL,
1295 SOCKET_STOP_POST,
1296 SOCKET_FINAL_SIGTERM,
1297 SOCKET_FINAL_SIGKILL)) {
1298
1299 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1300 socket_unwatch_control_pid(s);
1301 s->control_command = NULL;
1302 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1303 }
1304
1305 if (state != SOCKET_LISTENING)
1306 socket_unwatch_fds(s);
1307
1308 if (!IN_SET(state,
1309 SOCKET_START_CHOWN,
1310 SOCKET_START_POST,
1311 SOCKET_LISTENING,
1312 SOCKET_RUNNING,
1313 SOCKET_STOP_PRE,
1314 SOCKET_STOP_PRE_SIGTERM,
1315 SOCKET_STOP_PRE_SIGKILL))
1316 socket_close_fds(s);
1317
1318 if (state != old_state)
1319 log_unit_debug(UNIT(s)->id, "%s changed %s -> %s",
1320 UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
1321
1322 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1323 }
1324
1325 static int socket_coldplug(Unit *u, Hashmap *deferred_work) {
1326 Socket *s = SOCKET(u);
1327 int r;
1328
1329 assert(s);
1330 assert(s->state == SOCKET_DEAD);
1331
1332 if (s->deserialized_state == s->state)
1333 return 0;
1334
1335 if (IN_SET(s->deserialized_state,
1336 SOCKET_START_PRE,
1337 SOCKET_START_CHOWN,
1338 SOCKET_START_POST,
1339 SOCKET_STOP_PRE,
1340 SOCKET_STOP_PRE_SIGTERM,
1341 SOCKET_STOP_PRE_SIGKILL,
1342 SOCKET_STOP_POST,
1343 SOCKET_FINAL_SIGTERM,
1344 SOCKET_FINAL_SIGKILL)) {
1345
1346 if (s->control_pid <= 0)
1347 return -EBADMSG;
1348
1349 r = unit_watch_pid(UNIT(s), s->control_pid);
1350 if (r < 0)
1351 return r;
1352
1353 r = socket_arm_timer(s);
1354 if (r < 0)
1355 return r;
1356 }
1357
1358 if (IN_SET(s->deserialized_state,
1359 SOCKET_START_CHOWN,
1360 SOCKET_START_POST,
1361 SOCKET_LISTENING,
1362 SOCKET_RUNNING,
1363 SOCKET_STOP_PRE,
1364 SOCKET_STOP_PRE_SIGTERM,
1365 SOCKET_STOP_PRE_SIGKILL)) {
1366 r = socket_open_fds(s);
1367 if (r < 0)
1368 return r;
1369 }
1370
1371 if (s->deserialized_state == SOCKET_LISTENING) {
1372 r = socket_watch_fds(s);
1373 if (r < 0)
1374 return r;
1375 }
1376
1377 socket_set_state(s, s->deserialized_state);
1378 return 0;
1379 }
1380
1381 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1382 _cleanup_free_ char **argv = NULL;
1383 pid_t pid;
1384 int r;
1385 ExecParameters exec_params = {
1386 .apply_permissions = true,
1387 .apply_chroot = true,
1388 .apply_tty_stdin = true,
1389 };
1390
1391 assert(s);
1392 assert(c);
1393 assert(_pid);
1394
1395 (void) unit_realize_cgroup(UNIT(s));
1396 if (s->reset_cpu_usage) {
1397 (void) unit_reset_cpu_usage(UNIT(s));
1398 s->reset_cpu_usage = false;
1399 }
1400
1401 r = unit_setup_exec_runtime(UNIT(s));
1402 if (r < 0)
1403 goto fail;
1404
1405 r = socket_arm_timer(s);
1406 if (r < 0)
1407 goto fail;
1408
1409 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1410 if (r < 0)
1411 goto fail;
1412
1413 exec_params.argv = argv;
1414 exec_params.environment = UNIT(s)->manager->environment;
1415 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1416 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1417 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1418 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1419 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1420 exec_params.unit_id = UNIT(s)->id;
1421
1422 r = exec_spawn(c,
1423 &s->exec_context,
1424 &exec_params,
1425 s->exec_runtime,
1426 &pid);
1427 if (r < 0)
1428 goto fail;
1429
1430 r = unit_watch_pid(UNIT(s), pid);
1431 if (r < 0)
1432 /* FIXME: we need to do something here */
1433 goto fail;
1434
1435 *_pid = pid;
1436 return 0;
1437
1438 fail:
1439 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1440 return r;
1441 }
1442
1443 static int socket_chown(Socket *s, pid_t *_pid) {
1444 pid_t pid;
1445 int r;
1446
1447 r = socket_arm_timer(s);
1448 if (r < 0)
1449 goto fail;
1450
1451 /* We have to resolve the user names out-of-process, hence
1452 * let's fork here. It's messy, but well, what can we do? */
1453
1454 pid = fork();
1455 if (pid < 0)
1456 return -errno;
1457
1458 if (pid == 0) {
1459 SocketPort *p;
1460 uid_t uid = UID_INVALID;
1461 gid_t gid = GID_INVALID;
1462 int ret;
1463
1464 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1465 ignore_signals(SIGPIPE, -1);
1466 log_forget_fds();
1467
1468 if (!isempty(s->user)) {
1469 const char *user = s->user;
1470
1471 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1472 if (r < 0) {
1473 ret = EXIT_USER;
1474 goto fail_child;
1475 }
1476 }
1477
1478 if (!isempty(s->group)) {
1479 const char *group = s->group;
1480
1481 r = get_group_creds(&group, &gid);
1482 if (r < 0) {
1483 ret = EXIT_GROUP;
1484 goto fail_child;
1485 }
1486 }
1487
1488 LIST_FOREACH(port, p, s->ports) {
1489 const char *path = NULL;
1490
1491 if (p->type == SOCKET_SOCKET)
1492 path = socket_address_get_path(&p->address);
1493 else if (p->type == SOCKET_FIFO)
1494 path = p->path;
1495
1496 if (!path)
1497 continue;
1498
1499 if (chown(path, uid, gid) < 0) {
1500 r = -errno;
1501 ret = EXIT_CHOWN;
1502 goto fail_child;
1503 }
1504 }
1505
1506 _exit(0);
1507
1508 fail_child:
1509 log_open();
1510 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1511
1512 _exit(ret);
1513 }
1514
1515 r = unit_watch_pid(UNIT(s), pid);
1516 if (r < 0)
1517 goto fail;
1518
1519 *_pid = pid;
1520 return 0;
1521
1522 fail:
1523 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1524 return r;
1525 }
1526
1527 static void socket_enter_dead(Socket *s, SocketResult f) {
1528 assert(s);
1529
1530 if (f != SOCKET_SUCCESS)
1531 s->result = f;
1532
1533 exec_runtime_destroy(s->exec_runtime);
1534 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1535
1536 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1537
1538 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1539 }
1540
1541 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1542
1543 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1544 int r;
1545 assert(s);
1546
1547 if (f != SOCKET_SUCCESS)
1548 s->result = f;
1549
1550 socket_unwatch_control_pid(s);
1551 s->control_command_id = SOCKET_EXEC_STOP_POST;
1552 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1553
1554 if (s->control_command) {
1555 r = socket_spawn(s, s->control_command, &s->control_pid);
1556 if (r < 0)
1557 goto fail;
1558
1559 socket_set_state(s, SOCKET_STOP_POST);
1560 } else
1561 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1562
1563 return;
1564
1565 fail:
1566 log_unit_warning(UNIT(s)->id,
1567 "%s failed to run 'stop-post' task: %s",
1568 UNIT(s)->id, strerror(-r));
1569 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1570 }
1571
1572 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1573 int r;
1574
1575 assert(s);
1576
1577 if (f != SOCKET_SUCCESS)
1578 s->result = f;
1579
1580 r = unit_kill_context(
1581 UNIT(s),
1582 &s->kill_context,
1583 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1584 KILL_KILL : KILL_TERMINATE,
1585 -1,
1586 s->control_pid,
1587 false);
1588 if (r < 0)
1589 goto fail;
1590
1591 if (r > 0) {
1592 r = socket_arm_timer(s);
1593 if (r < 0)
1594 goto fail;
1595
1596 socket_set_state(s, state);
1597 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1598 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1599 else if (state == SOCKET_STOP_PRE_SIGKILL)
1600 socket_enter_stop_post(s, SOCKET_SUCCESS);
1601 else if (state == SOCKET_FINAL_SIGTERM)
1602 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1603 else
1604 socket_enter_dead(s, SOCKET_SUCCESS);
1605
1606 return;
1607
1608 fail:
1609 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to kill processes: %m", UNIT(s)->id);
1610
1611 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1612 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1613 else
1614 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1615 }
1616
1617 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1618 int r;
1619 assert(s);
1620
1621 if (f != SOCKET_SUCCESS)
1622 s->result = f;
1623
1624 socket_unwatch_control_pid(s);
1625 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1626 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1627
1628 if (s->control_command) {
1629 r = socket_spawn(s, s->control_command, &s->control_pid);
1630 if (r < 0)
1631 goto fail;
1632
1633 socket_set_state(s, SOCKET_STOP_PRE);
1634 } else
1635 socket_enter_stop_post(s, SOCKET_SUCCESS);
1636
1637 return;
1638
1639 fail:
1640 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'stop-pre' task: %m", UNIT(s)->id);
1641 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1642 }
1643
1644 static void socket_enter_listening(Socket *s) {
1645 int r;
1646 assert(s);
1647
1648 r = socket_watch_fds(s);
1649 if (r < 0) {
1650 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to watch sockets: %m", UNIT(s)->id);
1651 goto fail;
1652 }
1653
1654 socket_set_state(s, SOCKET_LISTENING);
1655 return;
1656
1657 fail:
1658 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1659 }
1660
1661 static void socket_enter_start_post(Socket *s) {
1662 int r;
1663 assert(s);
1664
1665 socket_unwatch_control_pid(s);
1666 s->control_command_id = SOCKET_EXEC_START_POST;
1667 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1668
1669 if (s->control_command) {
1670 r = socket_spawn(s, s->control_command, &s->control_pid);
1671 if (r < 0) {
1672 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'start-post' task: %m", UNIT(s)->id);
1673 goto fail;
1674 }
1675
1676 socket_set_state(s, SOCKET_START_POST);
1677 } else
1678 socket_enter_listening(s);
1679
1680 return;
1681
1682 fail:
1683 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1684 }
1685
1686 static void socket_enter_start_chown(Socket *s) {
1687 int r;
1688
1689 assert(s);
1690
1691 r = socket_open_fds(s);
1692 if (r < 0) {
1693 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to listen on sockets: %m", UNIT(s)->id);
1694 goto fail;
1695 }
1696
1697 if (!isempty(s->user) || !isempty(s->group)) {
1698
1699 socket_unwatch_control_pid(s);
1700 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1701 s->control_command = NULL;
1702
1703 r = socket_chown(s, &s->control_pid);
1704 if (r < 0) {
1705 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to fork 'start-chown' task: %m", UNIT(s)->id);
1706 goto fail;
1707 }
1708
1709 socket_set_state(s, SOCKET_START_CHOWN);
1710 } else
1711 socket_enter_start_post(s);
1712
1713 return;
1714
1715 fail:
1716 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1717 }
1718
1719 static void socket_enter_start_pre(Socket *s) {
1720 int r;
1721 assert(s);
1722
1723 socket_unwatch_control_pid(s);
1724 s->control_command_id = SOCKET_EXEC_START_PRE;
1725 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1726
1727 if (s->control_command) {
1728 r = socket_spawn(s, s->control_command, &s->control_pid);
1729 if (r < 0) {
1730 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'start-pre' task: %m", UNIT(s)->id);
1731 goto fail;
1732 }
1733
1734 socket_set_state(s, SOCKET_START_PRE);
1735 } else
1736 socket_enter_start_chown(s);
1737
1738 return;
1739
1740 fail:
1741 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1742 }
1743
1744 static void socket_enter_running(Socket *s, int cfd) {
1745 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1746 int r;
1747
1748 assert(s);
1749
1750 /* We don't take connections anymore if we are supposed to
1751 * shut down anyway */
1752 if (unit_stop_pending(UNIT(s))) {
1753
1754 log_unit_debug(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
1755
1756 if (cfd >= 0)
1757 safe_close(cfd);
1758 else {
1759 /* Flush all sockets by closing and reopening them */
1760 socket_close_fds(s);
1761
1762 r = socket_open_fds(s);
1763 if (r < 0) {
1764 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to listen on sockets: %m", UNIT(s)->id);
1765 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1766 return;
1767 }
1768
1769 r = socket_watch_fds(s);
1770 if (r < 0) {
1771 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to watch sockets: %m", UNIT(s)->id);
1772 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1773 }
1774 }
1775
1776 return;
1777 }
1778
1779 if (cfd < 0) {
1780 Iterator i;
1781 Unit *other;
1782 bool pending = false;
1783
1784 /* If there's already a start pending don't bother to
1785 * do anything */
1786 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1787 if (unit_active_or_pending(other)) {
1788 pending = true;
1789 break;
1790 }
1791
1792 if (!pending) {
1793 if (!UNIT_ISSET(s->service)) {
1794 log_unit_error(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
1795 r = -ENOENT;
1796 goto fail;
1797 }
1798
1799 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1800 if (r < 0)
1801 goto fail;
1802 }
1803
1804 socket_set_state(s, SOCKET_RUNNING);
1805 } else {
1806 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1807 Service *service;
1808
1809 if (s->n_connections >= s->max_connections) {
1810 log_unit_warning(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
1811 safe_close(cfd);
1812 return;
1813 }
1814
1815 r = socket_instantiate_service(s);
1816 if (r < 0)
1817 goto fail;
1818
1819 r = instance_from_socket(cfd, s->n_accepted, &instance);
1820 if (r < 0) {
1821 if (r != -ENOTCONN)
1822 goto fail;
1823
1824 /* ENOTCONN is legitimate if TCP RST was received.
1825 * This connection is over, but the socket unit lives on. */
1826 safe_close(cfd);
1827 return;
1828 }
1829
1830 prefix = unit_name_to_prefix(UNIT(s)->id);
1831 if (!prefix) {
1832 r = -ENOMEM;
1833 goto fail;
1834 }
1835
1836 name = unit_name_build(prefix, instance, ".service");
1837 if (!name) {
1838 r = -ENOMEM;
1839 goto fail;
1840 }
1841
1842 r = unit_add_name(UNIT_DEREF(s->service), name);
1843 if (r < 0)
1844 goto fail;
1845
1846 service = SERVICE(UNIT_DEREF(s->service));
1847 unit_ref_unset(&s->service);
1848 s->n_accepted ++;
1849
1850 UNIT(service)->no_gc = false;
1851
1852 unit_choose_id(UNIT(service), name);
1853
1854 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1855 if (r < 0)
1856 goto fail;
1857
1858 cfd = -1;
1859 s->n_connections ++;
1860
1861 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1862 if (r < 0)
1863 goto fail;
1864
1865 /* Notify clients about changed counters */
1866 unit_add_to_dbus_queue(UNIT(s));
1867 }
1868
1869 return;
1870
1871 fail:
1872 log_unit_warning(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1873 UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
1874 bus_error_message(&error, r));
1875
1876 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1877 safe_close(cfd);
1878 }
1879
1880 static void socket_run_next(Socket *s) {
1881 int r;
1882
1883 assert(s);
1884 assert(s->control_command);
1885 assert(s->control_command->command_next);
1886
1887 socket_unwatch_control_pid(s);
1888
1889 s->control_command = s->control_command->command_next;
1890
1891 r = socket_spawn(s, s->control_command, &s->control_pid);
1892 if (r < 0)
1893 goto fail;
1894
1895 return;
1896
1897 fail:
1898 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run next task: %m", UNIT(s)->id);
1899
1900 if (s->state == SOCKET_START_POST)
1901 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1902 else if (s->state == SOCKET_STOP_POST)
1903 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1904 else
1905 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1906 }
1907
1908 static int socket_start(Unit *u) {
1909 Socket *s = SOCKET(u);
1910
1911 assert(s);
1912
1913 /* We cannot fulfill this request right now, try again later
1914 * please! */
1915 if (IN_SET(s->state,
1916 SOCKET_STOP_PRE,
1917 SOCKET_STOP_PRE_SIGKILL,
1918 SOCKET_STOP_PRE_SIGTERM,
1919 SOCKET_STOP_POST,
1920 SOCKET_FINAL_SIGTERM,
1921 SOCKET_FINAL_SIGKILL))
1922 return -EAGAIN;
1923
1924 /* Already on it! */
1925 if (IN_SET(s->state,
1926 SOCKET_START_PRE,
1927 SOCKET_START_CHOWN,
1928 SOCKET_START_POST))
1929 return 0;
1930
1931 /* Cannot run this without the service being around */
1932 if (UNIT_ISSET(s->service)) {
1933 Service *service;
1934
1935 service = SERVICE(UNIT_DEREF(s->service));
1936
1937 if (UNIT(service)->load_state != UNIT_LOADED) {
1938 log_unit_error(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1939 return -ENOENT;
1940 }
1941
1942 /* If the service is already active we cannot start the
1943 * socket */
1944 if (service->state != SERVICE_DEAD &&
1945 service->state != SERVICE_FAILED &&
1946 service->state != SERVICE_AUTO_RESTART) {
1947 log_unit_error(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
1948 return -EBUSY;
1949 }
1950 }
1951
1952 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1953
1954 s->result = SOCKET_SUCCESS;
1955 s->reset_cpu_usage = true;
1956
1957 socket_enter_start_pre(s);
1958
1959 return 1;
1960 }
1961
1962 static int socket_stop(Unit *u) {
1963 Socket *s = SOCKET(u);
1964
1965 assert(s);
1966
1967 /* Already on it */
1968 if (IN_SET(s->state,
1969 SOCKET_STOP_PRE,
1970 SOCKET_STOP_PRE_SIGTERM,
1971 SOCKET_STOP_PRE_SIGKILL,
1972 SOCKET_STOP_POST,
1973 SOCKET_FINAL_SIGTERM,
1974 SOCKET_FINAL_SIGKILL))
1975 return 0;
1976
1977 /* If there's already something running we go directly into
1978 * kill mode. */
1979 if (IN_SET(s->state,
1980 SOCKET_START_PRE,
1981 SOCKET_START_CHOWN,
1982 SOCKET_START_POST)) {
1983 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1984 return -EAGAIN;
1985 }
1986
1987 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1988
1989 socket_enter_stop_pre(s, SOCKET_SUCCESS);
1990 return 1;
1991 }
1992
1993 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1994 Socket *s = SOCKET(u);
1995 SocketPort *p;
1996 int r;
1997
1998 assert(u);
1999 assert(f);
2000 assert(fds);
2001
2002 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2003 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2004 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2005
2006 if (s->control_pid > 0)
2007 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2008
2009 if (s->control_command_id >= 0)
2010 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2011
2012 LIST_FOREACH(port, p, s->ports) {
2013 int copy;
2014
2015 if (p->fd < 0)
2016 continue;
2017
2018 copy = fdset_put_dup(fds, p->fd);
2019 if (copy < 0)
2020 return copy;
2021
2022 if (p->type == SOCKET_SOCKET) {
2023 _cleanup_free_ char *t = NULL;
2024
2025 r = socket_address_print(&p->address, &t);
2026 if (r < 0)
2027 return r;
2028
2029 if (socket_address_family(&p->address) == AF_NETLINK)
2030 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2031 else
2032 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2033
2034 } else if (p->type == SOCKET_SPECIAL)
2035 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2036 else if (p->type == SOCKET_MQUEUE)
2037 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2038 else {
2039 assert(p->type == SOCKET_FIFO);
2040 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2041 }
2042 }
2043
2044 return 0;
2045 }
2046
2047 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2048 Socket *s = SOCKET(u);
2049
2050 assert(u);
2051 assert(key);
2052 assert(value);
2053
2054 if (streq(key, "state")) {
2055 SocketState state;
2056
2057 state = socket_state_from_string(value);
2058 if (state < 0)
2059 log_unit_debug(u->id, "Failed to parse state value %s", value);
2060 else
2061 s->deserialized_state = state;
2062 } else if (streq(key, "result")) {
2063 SocketResult f;
2064
2065 f = socket_result_from_string(value);
2066 if (f < 0)
2067 log_unit_debug(u->id, "Failed to parse result value %s", value);
2068 else if (f != SOCKET_SUCCESS)
2069 s->result = f;
2070
2071 } else if (streq(key, "n-accepted")) {
2072 unsigned k;
2073
2074 if (safe_atou(value, &k) < 0)
2075 log_unit_debug(u->id, "Failed to parse n-accepted value %s", value);
2076 else
2077 s->n_accepted += k;
2078 } else if (streq(key, "control-pid")) {
2079 pid_t pid;
2080
2081 if (parse_pid(value, &pid) < 0)
2082 log_unit_debug(u->id, "Failed to parse control-pid value %s", value);
2083 else
2084 s->control_pid = pid;
2085 } else if (streq(key, "control-command")) {
2086 SocketExecCommand id;
2087
2088 id = socket_exec_command_from_string(value);
2089 if (id < 0)
2090 log_unit_debug(u->id, "Failed to parse exec-command value %s", value);
2091 else {
2092 s->control_command_id = id;
2093 s->control_command = s->exec_command[id];
2094 }
2095 } else if (streq(key, "fifo")) {
2096 int fd, skip = 0;
2097 SocketPort *p;
2098
2099 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2100 log_unit_debug(u->id, "Failed to parse fifo value %s", value);
2101 else {
2102
2103 LIST_FOREACH(port, p, s->ports)
2104 if (p->type == SOCKET_FIFO &&
2105 path_equal_or_files_same(p->path, value+skip))
2106 break;
2107
2108 if (p) {
2109 safe_close(p->fd);
2110 p->fd = fdset_remove(fds, fd);
2111 }
2112 }
2113
2114 } else if (streq(key, "special")) {
2115 int fd, skip = 0;
2116 SocketPort *p;
2117
2118 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2119 log_unit_debug(u->id, "Failed to parse special value %s", value);
2120 else {
2121
2122 LIST_FOREACH(port, p, s->ports)
2123 if (p->type == SOCKET_SPECIAL &&
2124 path_equal_or_files_same(p->path, value+skip))
2125 break;
2126
2127 if (p) {
2128 safe_close(p->fd);
2129 p->fd = fdset_remove(fds, fd);
2130 }
2131 }
2132
2133 } else if (streq(key, "mqueue")) {
2134 int fd, skip = 0;
2135 SocketPort *p;
2136
2137 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2138 log_unit_debug(u->id, "Failed to parse mqueue value %s", value);
2139 else {
2140
2141 LIST_FOREACH(port, p, s->ports)
2142 if (p->type == SOCKET_MQUEUE &&
2143 streq(p->path, value+skip))
2144 break;
2145
2146 if (p) {
2147 safe_close(p->fd);
2148 p->fd = fdset_remove(fds, fd);
2149 }
2150 }
2151
2152 } else if (streq(key, "socket")) {
2153 int fd, type, skip = 0;
2154 SocketPort *p;
2155
2156 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2157 log_unit_debug(u->id, "Failed to parse socket value %s", value);
2158 else {
2159
2160 LIST_FOREACH(port, p, s->ports)
2161 if (socket_address_is(&p->address, value+skip, type))
2162 break;
2163
2164 if (p) {
2165 safe_close(p->fd);
2166 p->fd = fdset_remove(fds, fd);
2167 }
2168 }
2169
2170 } else if (streq(key, "netlink")) {
2171 int fd, skip = 0;
2172 SocketPort *p;
2173
2174 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2175 log_unit_debug(u->id, "Failed to parse socket value %s", value);
2176 else {
2177
2178 LIST_FOREACH(port, p, s->ports)
2179 if (socket_address_is_netlink(&p->address, value+skip))
2180 break;
2181
2182 if (p) {
2183 safe_close(p->fd);
2184 p->fd = fdset_remove(fds, fd);
2185 }
2186 }
2187 } else
2188 log_unit_debug(UNIT(s)->id, "Unknown serialization key '%s'", key);
2189
2190 return 0;
2191 }
2192
2193 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2194 Socket *s = SOCKET(u);
2195 SocketPort *p;
2196
2197 assert(u);
2198
2199 LIST_FOREACH(port, p, s->ports) {
2200 Iterator i;
2201 int fd;
2202
2203 if (p->type != SOCKET_SOCKET)
2204 continue;
2205
2206 if (p->fd >= 0)
2207 continue;
2208
2209 FDSET_FOREACH(fd, fds, i) {
2210 if (socket_address_matches_fd(&p->address, fd)) {
2211 p->fd = fdset_remove(fds, fd);
2212 s->deserialized_state = SOCKET_LISTENING;
2213 break;
2214 }
2215 }
2216 }
2217
2218 return 0;
2219 }
2220
2221 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2222 assert(u);
2223
2224 return state_translation_table[SOCKET(u)->state];
2225 }
2226
2227 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2228 assert(u);
2229
2230 return socket_state_to_string(SOCKET(u)->state);
2231 }
2232
2233 const char* socket_port_type_to_string(SocketPort *p) {
2234
2235 assert(p);
2236
2237 switch (p->type) {
2238
2239 case SOCKET_SOCKET:
2240
2241 switch (p->address.type) {
2242
2243 case SOCK_STREAM:
2244 return "Stream";
2245
2246 case SOCK_DGRAM:
2247 return "Datagram";
2248
2249 case SOCK_SEQPACKET:
2250 return "SequentialPacket";
2251
2252 case SOCK_RAW:
2253 if (socket_address_family(&p->address) == AF_NETLINK)
2254 return "Netlink";
2255
2256 default:
2257 return NULL;
2258 }
2259
2260 case SOCKET_SPECIAL:
2261 return "Special";
2262
2263 case SOCKET_MQUEUE:
2264 return "MessageQueue";
2265
2266 case SOCKET_FIFO:
2267 return "FIFO";
2268
2269 default:
2270 return NULL;
2271 }
2272 }
2273
2274 _pure_ static bool socket_check_gc(Unit *u) {
2275 Socket *s = SOCKET(u);
2276
2277 assert(u);
2278
2279 return s->n_connections > 0;
2280 }
2281
2282 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2283 SocketPort *p = userdata;
2284 int cfd = -1;
2285
2286 assert(p);
2287 assert(fd >= 0);
2288
2289 if (p->socket->state != SOCKET_LISTENING)
2290 return 0;
2291
2292 log_unit_debug(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
2293
2294 if (revents != EPOLLIN) {
2295
2296 if (revents & EPOLLHUP)
2297 log_unit_error(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
2298 UNIT(p->socket)->id);
2299 else
2300 log_unit_error(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
2301 UNIT(p->socket)->id, revents);
2302
2303 goto fail;
2304 }
2305
2306 if (p->socket->accept &&
2307 p->type == SOCKET_SOCKET &&
2308 socket_address_can_accept(&p->address)) {
2309
2310 for (;;) {
2311
2312 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2313 if (cfd < 0) {
2314
2315 if (errno == EINTR)
2316 continue;
2317
2318 log_unit_error(UNIT(p->socket)->id, "Failed to accept socket: %m");
2319 goto fail;
2320 }
2321
2322 break;
2323 }
2324
2325 socket_apply_socket_options(p->socket, cfd);
2326 }
2327
2328 socket_enter_running(p->socket, cfd);
2329 return 0;
2330
2331 fail:
2332 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2333 return 0;
2334 }
2335
2336 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2337 Socket *s = SOCKET(u);
2338 SocketResult f;
2339
2340 assert(s);
2341 assert(pid >= 0);
2342
2343 if (pid != s->control_pid)
2344 return;
2345
2346 s->control_pid = 0;
2347
2348 if (is_clean_exit(code, status, NULL))
2349 f = SOCKET_SUCCESS;
2350 else if (code == CLD_EXITED)
2351 f = SOCKET_FAILURE_EXIT_CODE;
2352 else if (code == CLD_KILLED)
2353 f = SOCKET_FAILURE_SIGNAL;
2354 else if (code == CLD_DUMPED)
2355 f = SOCKET_FAILURE_CORE_DUMP;
2356 else
2357 assert_not_reached("Unknown sigchld code");
2358
2359 if (s->control_command) {
2360 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2361
2362 if (s->control_command->ignore)
2363 f = SOCKET_SUCCESS;
2364 }
2365
2366 log_unit_full(u->id,
2367 f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
2368 "%s control process exited, code=%s status=%i",
2369 u->id, sigchld_code_to_string(code), status);
2370
2371 if (f != SOCKET_SUCCESS)
2372 s->result = f;
2373
2374 if (s->control_command &&
2375 s->control_command->command_next &&
2376 f == SOCKET_SUCCESS) {
2377
2378 log_unit_debug(u->id,
2379 "%s running next command for state %s",
2380 u->id, socket_state_to_string(s->state));
2381 socket_run_next(s);
2382 } else {
2383 s->control_command = NULL;
2384 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2385
2386 /* No further commands for this step, so let's figure
2387 * out what to do next */
2388
2389 log_unit_debug(u->id,
2390 "%s got final SIGCHLD for state %s",
2391 u->id, socket_state_to_string(s->state));
2392
2393 switch (s->state) {
2394
2395 case SOCKET_START_PRE:
2396 if (f == SOCKET_SUCCESS)
2397 socket_enter_start_chown(s);
2398 else
2399 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2400 break;
2401
2402 case SOCKET_START_CHOWN:
2403 if (f == SOCKET_SUCCESS)
2404 socket_enter_start_post(s);
2405 else
2406 socket_enter_stop_pre(s, f);
2407 break;
2408
2409 case SOCKET_START_POST:
2410 if (f == SOCKET_SUCCESS)
2411 socket_enter_listening(s);
2412 else
2413 socket_enter_stop_pre(s, f);
2414 break;
2415
2416 case SOCKET_STOP_PRE:
2417 case SOCKET_STOP_PRE_SIGTERM:
2418 case SOCKET_STOP_PRE_SIGKILL:
2419 socket_enter_stop_post(s, f);
2420 break;
2421
2422 case SOCKET_STOP_POST:
2423 case SOCKET_FINAL_SIGTERM:
2424 case SOCKET_FINAL_SIGKILL:
2425 socket_enter_dead(s, f);
2426 break;
2427
2428 default:
2429 assert_not_reached("Uh, control process died at wrong time.");
2430 }
2431 }
2432
2433 /* Notify clients about changed exit status */
2434 unit_add_to_dbus_queue(u);
2435 }
2436
2437 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2438 Socket *s = SOCKET(userdata);
2439
2440 assert(s);
2441 assert(s->timer_event_source == source);
2442
2443 switch (s->state) {
2444
2445 case SOCKET_START_PRE:
2446 log_unit_warning(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
2447 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2448 break;
2449
2450 case SOCKET_START_CHOWN:
2451 case SOCKET_START_POST:
2452 log_unit_warning(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
2453 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2454 break;
2455
2456 case SOCKET_STOP_PRE:
2457 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
2458 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2459 break;
2460
2461 case SOCKET_STOP_PRE_SIGTERM:
2462 if (s->kill_context.send_sigkill) {
2463 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
2464 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2465 } else {
2466 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2467 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2468 }
2469 break;
2470
2471 case SOCKET_STOP_PRE_SIGKILL:
2472 log_unit_warning(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
2473 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2474 break;
2475
2476 case SOCKET_STOP_POST:
2477 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
2478 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2479 break;
2480
2481 case SOCKET_FINAL_SIGTERM:
2482 if (s->kill_context.send_sigkill) {
2483 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
2484 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2485 } else {
2486 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2487 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2488 }
2489 break;
2490
2491 case SOCKET_FINAL_SIGKILL:
2492 log_unit_warning(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
2493 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2494 break;
2495
2496 default:
2497 assert_not_reached("Timeout at wrong time.");
2498 }
2499
2500 return 0;
2501 }
2502
2503 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2504 int *rfds;
2505 unsigned rn_fds, k;
2506 SocketPort *p;
2507
2508 assert(s);
2509 assert(fds);
2510 assert(n_fds);
2511
2512 /* Called from the service code for requesting our fds */
2513
2514 rn_fds = 0;
2515 LIST_FOREACH(port, p, s->ports)
2516 if (p->fd >= 0)
2517 rn_fds++;
2518
2519 if (rn_fds <= 0) {
2520 *fds = NULL;
2521 *n_fds = 0;
2522 return 0;
2523 }
2524
2525 rfds = new(int, rn_fds);
2526 if (!rfds)
2527 return -ENOMEM;
2528
2529 k = 0;
2530 LIST_FOREACH(port, p, s->ports)
2531 if (p->fd >= 0)
2532 rfds[k++] = p->fd;
2533
2534 assert(k == rn_fds);
2535
2536 *fds = rfds;
2537 *n_fds = rn_fds;
2538
2539 return 0;
2540 }
2541
2542 static void socket_reset_failed(Unit *u) {
2543 Socket *s = SOCKET(u);
2544
2545 assert(s);
2546
2547 if (s->state == SOCKET_FAILED)
2548 socket_set_state(s, SOCKET_DEAD);
2549
2550 s->result = SOCKET_SUCCESS;
2551 }
2552
2553 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2554 assert(s);
2555
2556 /* The service is dead. Dang!
2557 *
2558 * This is strictly for one-instance-for-all-connections
2559 * services. */
2560
2561 if (s->state == SOCKET_RUNNING) {
2562 log_unit_debug(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
2563 if (failed_permanent)
2564 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2565 else
2566 socket_enter_listening(s);
2567 }
2568 }
2569
2570 void socket_connection_unref(Socket *s) {
2571 assert(s);
2572
2573 /* The service is dead. Yay!
2574 *
2575 * This is strictly for one-instance-per-connection
2576 * services. */
2577
2578 assert(s->n_connections > 0);
2579 s->n_connections--;
2580
2581 log_unit_debug(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
2582 }
2583
2584 static void socket_trigger_notify(Unit *u, Unit *other) {
2585 Socket *s = SOCKET(u);
2586 Service *se;
2587
2588 assert(u);
2589 assert(other);
2590
2591 /* Don't propagate state changes from the service if we are
2592 already down or accepting connections */
2593 if ((s->state != SOCKET_RUNNING &&
2594 s->state != SOCKET_LISTENING) ||
2595 s->accept)
2596 return;
2597
2598 if (other->load_state != UNIT_LOADED ||
2599 other->type != UNIT_SERVICE)
2600 return;
2601
2602 se = SERVICE(other);
2603
2604 if (se->state == SERVICE_FAILED)
2605 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2606
2607 if (se->state == SERVICE_DEAD ||
2608 se->state == SERVICE_FINAL_SIGTERM ||
2609 se->state == SERVICE_FINAL_SIGKILL ||
2610 se->state == SERVICE_AUTO_RESTART)
2611 socket_notify_service_dead(s, false);
2612
2613 if (se->state == SERVICE_RUNNING)
2614 socket_set_state(s, SOCKET_RUNNING);
2615 }
2616
2617 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2618 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2619 }
2620
2621 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2622 Socket *s = SOCKET(u);
2623 int r;
2624
2625 if (!s->timer_event_source)
2626 return 0;
2627
2628 r = sd_event_source_get_time(s->timer_event_source, timeout);
2629 if (r < 0)
2630 return r;
2631
2632 return 1;
2633 }
2634
2635 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2636 [SOCKET_DEAD] = "dead",
2637 [SOCKET_START_PRE] = "start-pre",
2638 [SOCKET_START_CHOWN] = "start-chown",
2639 [SOCKET_START_POST] = "start-post",
2640 [SOCKET_LISTENING] = "listening",
2641 [SOCKET_RUNNING] = "running",
2642 [SOCKET_STOP_PRE] = "stop-pre",
2643 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2644 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2645 [SOCKET_STOP_POST] = "stop-post",
2646 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2647 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2648 [SOCKET_FAILED] = "failed"
2649 };
2650
2651 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2652
2653 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2654 [SOCKET_EXEC_START_PRE] = "StartPre",
2655 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2656 [SOCKET_EXEC_START_POST] = "StartPost",
2657 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2658 [SOCKET_EXEC_STOP_POST] = "StopPost"
2659 };
2660
2661 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2662
2663 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2664 [SOCKET_SUCCESS] = "success",
2665 [SOCKET_FAILURE_RESOURCES] = "resources",
2666 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2667 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2668 [SOCKET_FAILURE_SIGNAL] = "signal",
2669 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2670 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2671 };
2672
2673 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2674
2675 const UnitVTable socket_vtable = {
2676 .object_size = sizeof(Socket),
2677 .exec_context_offset = offsetof(Socket, exec_context),
2678 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2679 .kill_context_offset = offsetof(Socket, kill_context),
2680 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2681
2682 .sections =
2683 "Unit\0"
2684 "Socket\0"
2685 "Install\0",
2686 .private_section = "Socket",
2687
2688 .init = socket_init,
2689 .done = socket_done,
2690 .load = socket_load,
2691
2692 .coldplug = socket_coldplug,
2693
2694 .dump = socket_dump,
2695
2696 .start = socket_start,
2697 .stop = socket_stop,
2698
2699 .kill = socket_kill,
2700
2701 .get_timeout = socket_get_timeout,
2702
2703 .serialize = socket_serialize,
2704 .deserialize_item = socket_deserialize_item,
2705 .distribute_fds = socket_distribute_fds,
2706
2707 .active_state = socket_active_state,
2708 .sub_state_to_string = socket_sub_state_to_string,
2709
2710 .check_gc = socket_check_gc,
2711
2712 .sigchld_event = socket_sigchld_event,
2713
2714 .trigger_notify = socket_trigger_notify,
2715
2716 .reset_failed = socket_reset_failed,
2717
2718 .bus_interface = "org.freedesktop.systemd1.Socket",
2719 .bus_vtable = bus_socket_vtable,
2720 .bus_set_property = bus_socket_set_property,
2721 .bus_commit_properties = bus_socket_commit_properties,
2722
2723 .status_message_formats = {
2724 /*.starting_stopping = {
2725 [0] = "Starting socket %s...",
2726 [1] = "Stopping socket %s...",
2727 },*/
2728 .finished_start_job = {
2729 [JOB_DONE] = "Listening on %s.",
2730 [JOB_FAILED] = "Failed to listen on %s.",
2731 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2732 [JOB_TIMEOUT] = "Timed out starting %s.",
2733 },
2734 .finished_stop_job = {
2735 [JOB_DONE] = "Closed %s.",
2736 [JOB_FAILED] = "Failed stopping %s.",
2737 [JOB_TIMEOUT] = "Timed out stopping %s.",
2738 },
2739 },
2740 };
Unnamed repository; edit this file 'description' to name the repository.