]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/socket.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
util-lib: split our string related calls from util.[ch] into its own file string...
[thirdparty/systemd.git] / src / core / socket.c
CommitLineData
d6c9574f 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
5cb5a6ff 2
a7334b09
LP		 3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
a7334b09 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
e8da24a6 22#include <arpa/inet.h>
83c60c9f
LP		 23#include <errno.h>
24#include <fcntl.h>
916abb21 25#include <mqueue.h>
e8da24a6
LP		 26#include <netinet/tcp.h>
27#include <signal.h>
28#include <sys/epoll.h>
29#include <sys/stat.h>
30#include <unistd.h>
83c60c9f 31
718db961 32#include "sd-event.h"
e8da24a6
LP		 33
34#include "bus-error.h"
35#include "bus-util.h"
36#include "copy.h"
37#include "dbus-socket.h"
38#include "def.h"
39#include "exit-status.h"
40#include "formats-util.h"
41#include "label.h"
83c60c9f 42#include "log.h"
e8da24a6 43#include "missing.h"
49e942b2 44#include "mkdir.h"
9eb977db 45#include "path-util.h"
d7b8eec7 46#include "selinux-util.h"
24882e06 47#include "signal-util.h"
e8da24a6 48#include "smack-util.h"
24882e06 49#include "socket.h"
e8da24a6 50#include "special.h"
07630cea 51#include "string-util.h"
e8da24a6
LP		 52#include "strv.h"
53#include "unit-name.h"
54#include "unit-printf.h"
55#include "unit.h"
83c60c9f 56
acbb0225 57static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
87f0e418
LP		 58 [SOCKET_DEAD] = UNIT_INACTIVE,
59 [SOCKET_START_PRE] = UNIT_ACTIVATING,
3900e5fd 60 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
87f0e418
LP		 61 [SOCKET_START_POST] = UNIT_ACTIVATING,
62 [SOCKET_LISTENING] = UNIT_ACTIVE,
63 [SOCKET_RUNNING] = UNIT_ACTIVE,
64 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
66 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
67 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
80876c20
LP		 68 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
69 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
fdf20a31 70 [SOCKET_FAILED] = UNIT_FAILED
83c60c9f 71};
5cb5a6ff 72
718db961
LP		 73static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
74static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
75
a16e1123
LP		 76static void socket_init(Unit *u) {
77 Socket *s = SOCKET(u);
78
79 assert(u);
ac155bb8 80 assert(u->load_state == UNIT_STUB);
a16e1123 81
a16e1123 82 s->backlog = SOMAXCONN;
1f19a534 83 s->timeout_usec = u->manager->default_timeout_start_usec;
a16e1123 84 s->directory_mode = 0755;
9131f660 85 s->socket_mode = 0666;
a16e1123 86
6cf6bbc2
LP		 87 s->max_connections = 64;
88
4fd5948e 89 s->priority = -1;
4fd5948e
LP		 90 s->ip_tos = -1;
91 s->ip_ttl = -1;
4fd5948e 92 s->mark = -1;
4fd5948e 93
ac155bb8
MS		 94 s->exec_context.std_output = u->manager->default_std_output;
95 s->exec_context.std_error = u->manager->default_std_error;
085afe36 96
a16e1123
LP		 97 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
98}
acbb0225 99
5e94833f
LP		 100static void socket_unwatch_control_pid(Socket *s) {
101 assert(s);
102
103 if (s->control_pid <= 0)
104 return;
105
106 unit_unwatch_pid(UNIT(s), s->control_pid);
107 s->control_pid = 0;
108}
109
15087cdb
PS		 110static void socket_cleanup_fd_list(SocketPort *p) {
111 int k = p->n_auxiliary_fds;
112
113 while (k--)
114 safe_close(p->auxiliary_fds[k]);
115
116 p->auxiliary_fds = mfree(p->auxiliary_fds);
117 p->n_auxiliary_fds = 0;
118}
119
74051b9b 120void socket_free_ports(Socket *s) {
034c6ed7
LP		 121 SocketPort *p;
122
123 assert(s);
124
125 while ((p = s->ports)) {
71fda00f 126 LIST_REMOVE(port, s->ports, p);
034c6ed7 127
718db961
LP		 128 sd_event_source_unref(p->event_source);
129
15087cdb 130 socket_cleanup_fd_list(p);
03e334a1 131 safe_close(p->fd);
034c6ed7
LP		 132 free(p->path);
133 free(p);
134 }
74051b9b
LP		 135}
136
137static void socket_done(Unit *u) {
138 Socket *s = SOCKET(u);
139
140 assert(s);
141
142 socket_free_ports(s);
034c6ed7 143
613b411c 144 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
e537352b 145 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
034c6ed7
LP		 146 s->control_command = NULL;
147
5e94833f 148 socket_unwatch_control_pid(s);
034c6ed7 149
57020a3a 150 unit_ref_unset(&s->service);
034c6ed7 151
a1e58e8e
LP		 152 s->tcp_congestion = mfree(s->tcp_congestion);
153 s->bind_to_device = mfree(s->bind_to_device);
acbb0225 154
0eb59ccf
AK		 155 free(s->smack);
156 free(s->smack_ip_in);
157 free(s->smack_ip_out);
158
811ba7a0
LP		 159 strv_free(s->symlinks);
160
3900e5fd
LP		 161 free(s->user);
162 free(s->group);
163
718db961
LP		 164 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
165}
166
167static int socket_arm_timer(Socket *s) {
168 int r;
169
170 assert(s);
171
172 if (s->timeout_usec <= 0) {
173 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
174 return 0;
175 }
176
177 if (s->timer_event_source) {
178 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
179 if (r < 0)
180 return r;
181
182 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
183 }
184
7dfbe2e3 185 r = sd_event_add_time(
6a0f1f6d
LP		 186 UNIT(s)->manager->event,
187 &s->timer_event_source,
188 CLOCK_MONOTONIC,
189 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
190 socket_dispatch_timer, s);
7dfbe2e3
TG		 191 if (r < 0)
192 return r;
193
194 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
195
196 return 0;
5cb5a6ff
LP		 197}
198
8b835fcc
ZJS		 199int socket_instantiate_service(Socket *s) {
200 _cleanup_free_ char *prefix = NULL, *name = NULL;
b15bdda8
LP		 201 int r;
202 Unit *u;
203
204 assert(s);
205
206 /* This fills in s->service if it isn't filled in yet. For
207 * Accept=yes sockets we create the next connection service
208 * here. For Accept=no this is mostly a NOP since the service
209 * is figured out at load time anyway. */
210
7410616c 211 if (UNIT_DEREF(s->service))
b15bdda8
LP		 212 return 0;
213
7410616c
LP		 214 if (!s->accept)
215 return 0;
216
217 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
218 if (r < 0)
219 return r;
b15bdda8 220
315db1a8 221 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
b15bdda8
LP		 222 return -ENOMEM;
223
1124fe6f 224 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
b15bdda8
LP		 225 if (r < 0)
226 return r;
227
ac155bb8 228 u->no_gc = true;
57020a3a
LP		 229 unit_ref_set(&s->service, u);
230
231 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
b15bdda8
LP		 232}
233
4f2d528d
LP		 234static bool have_non_accept_socket(Socket *s) {
235 SocketPort *p;
236
237 assert(s);
238
239 if (!s->accept)
240 return true;
241
dd5ad9d4
LP		 242 LIST_FOREACH(port, p, s->ports) {
243
244 if (p->type != SOCKET_SOCKET)
245 return true;
246
4f2d528d
LP		 247 if (!socket_address_can_accept(&p->address))
248 return true;
dd5ad9d4 249 }
4f2d528d
LP		 250
251 return false;
252}
253
a57f7e2c 254static int socket_add_mount_links(Socket *s) {
6e2ef85b 255 SocketPort *p;
6e2ef85b
LP		 256 int r;
257
258 assert(s);
6e2ef85b 259
a57f7e2c
LP		 260 LIST_FOREACH(port, p, s->ports) {
261 const char *path = NULL;
6e2ef85b 262
a57f7e2c
LP		 263 if (p->type == SOCKET_SOCKET)
264 path = socket_address_get_path(&p->address);
60252446 265 else if (IN_SET(p->type, SOCKET_FIFO, SOCKET_SPECIAL, SOCKET_USB_FUNCTION))
a57f7e2c 266 path = p->path;
6e2ef85b 267
a57f7e2c
LP		 268 if (!path)
269 continue;
6e2ef85b 270
a57f7e2c 271 r = unit_require_mounts_for(UNIT(s), path);
b87705cd 272 if (r < 0)
6e2ef85b 273 return r;
b87705cd 274 }
6e2ef85b
LP		 275
276 return 0;
277}
278
279static int socket_add_device_link(Socket *s) {
280 char *t;
6e2ef85b
LP		 281
282 assert(s);
283
7d0c710d 284 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
6e2ef85b
LP		 285 return 0;
286
63c372cb 287 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
e821075a 288 return unit_add_node_link(UNIT(s), t, false);
6e2ef85b
LP		 289}
290
a40eb732
LP		 291static int socket_add_default_dependencies(Socket *s) {
292 int r;
293 assert(s);
294
e3d84721
LP		 295 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
296 if (r < 0)
297 return r;
2a77d31d 298
b2c23da8 299 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
e3d84721
LP		 300 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
301 if (r < 0)
a40eb732 302 return r;
2a77d31d 303 }
a40eb732 304
ead8e478 305 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
a40eb732
LP		 306}
307
44a6b1b6 308_pure_ static bool socket_has_exec(Socket *s) {
4cfc6dbe
LP		 309 unsigned i;
310 assert(s);
311
312 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
313 if (s->exec_command[i])
314 return true;
315
316 return false;
317}
318
e821075a
LP		 319static int socket_add_extras(Socket *s) {
320 Unit *u = UNIT(s);
e537352b 321 int r;
44d8db9e 322
e821075a 323 assert(s);
57020a3a 324
e821075a 325 if (have_non_accept_socket(s)) {
23a177ef 326
e821075a
LP		 327 if (!UNIT_DEREF(s->service)) {
328 Unit *x;
57020a3a 329
e821075a 330 r = unit_load_related_unit(u, ".service", &x);
57020a3a 331 if (r < 0)
4f2d528d 332 return r;
e821075a
LP		 333
334 unit_ref_set(&s->service, x);
4f2d528d 335 }
44d8db9e 336
e821075a
LP		 337 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
338 if (r < 0)
6e2ef85b 339 return r;
e821075a 340 }
6e2ef85b 341
e821075a
LP		 342 r = socket_add_mount_links(s);
343 if (r < 0)
344 return r;
6e2ef85b 345
e821075a
LP		 346 r = socket_add_device_link(s);
347 if (r < 0)
348 return r;
349
598459ce 350 r = unit_patch_contexts(u);
e821075a
LP		 351 if (r < 0)
352 return r;
353
354 if (socket_has_exec(s)) {
355 r = unit_add_exec_dependencies(u, &s->exec_context);
356 if (r < 0)
357 return r;
23a177ef 358
d79200e2 359 r = unit_set_default_slice(u);
a016b922
LP		 360 if (r < 0)
361 return r;
e821075a 362 }
a016b922 363
e821075a
LP		 364 if (u->default_dependencies) {
365 r = socket_add_default_dependencies(s);
366 if (r < 0)
367 return r;
368 }
369
370 return 0;
371}
372
811ba7a0
LP		 373static const char *socket_find_symlink_target(Socket *s) {
374 const char *found = NULL;
375 SocketPort *p;
376
377 LIST_FOREACH(port, p, s->ports) {
378 const char *f = NULL;
379
380 switch (p->type) {
381
382 case SOCKET_FIFO:
383 f = p->path;
384 break;
385
386 case SOCKET_SOCKET:
387 if (p->address.sockaddr.un.sun_path[0] != 0)
388 f = p->address.sockaddr.un.sun_path;
389 break;
390
391 default:
392 break;
393 }
394
395 if (f) {
396 if (found)
397 return NULL;
398
399 found = f;
400 }
401 }
402
403 return found;
404}
405
e821075a
LP		 406static int socket_verify(Socket *s) {
407 assert(s);
408
409 if (UNIT(s)->load_state != UNIT_LOADED)
410 return 0;
411
412 if (!s->ports) {
f2341e0a 413 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
e821075a
LP		 414 return -EINVAL;
415 }
416
417 if (s->accept && have_non_accept_socket(s)) {
f2341e0a 418 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
e821075a
LP		 419 return -EINVAL;
420 }
421
422 if (s->accept && s->max_connections <= 0) {
f2341e0a 423 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
e821075a
LP		 424 return -EINVAL;
425 }
e06c73cc 426
e821075a 427 if (s->accept && UNIT_DEREF(s->service)) {
f2341e0a 428 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
e821075a
LP		 429 return -EINVAL;
430 }
431
432 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
f2341e0a 433 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
e821075a
LP		 434 return -EINVAL;
435 }
436
811ba7a0 437 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
f2341e0a 438 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
811ba7a0
LP		 439 return -EINVAL;
440 }
441
e821075a
LP		 442 return 0;
443}
444
445static int socket_load(Unit *u) {
446 Socket *s = SOCKET(u);
447 int r;
448
449 assert(u);
450 assert(u->load_state == UNIT_STUB);
451
452 r = unit_load_fragment_and_dropin(u);
453 if (r < 0)
454 return r;
455
456 if (u->load_state == UNIT_LOADED) {
457 /* This is a new unit? Then let's add in some extras */
458 r = socket_add_extras(s);
e06c73cc
LP		 459 if (r < 0)
460 return r;
23a177ef
LP		 461 }
462
4f2d528d 463 return socket_verify(s);
44d8db9e
LP		 464}
465
44a6b1b6 466_const_ static const char* listen_lookup(int family, int type) {
7a22745a
LP		 467
468 if (family == AF_NETLINK)
469 return "ListenNetlink";
542563ba
LP		 470
471 if (type == SOCK_STREAM)
472 return "ListenStream";
473 else if (type == SOCK_DGRAM)
474 return "ListenDatagram";
475 else if (type == SOCK_SEQPACKET)
476 return "ListenSequentialPacket";
477
034c6ed7 478 assert_not_reached("Unknown socket type");
542563ba
LP		 479 return NULL;
480}
481
87f0e418 482static void socket_dump(Unit *u, FILE *f, const char *prefix) {
209e9dcd 483 char time_string[FORMAT_TIMESPAN_MAX];
5cb5a6ff 484 SocketExecCommand c;
87f0e418 485 Socket *s = SOCKET(u);
542563ba 486 SocketPort *p;
82ba9f08 487 const char *prefix2;
5cb5a6ff
LP		 488
489 assert(s);
fa068367 490 assert(f);
5cb5a6ff 491
4c940960 492 prefix = strempty(prefix);
63c372cb 493 prefix2 = strjoina(prefix, "\t");
c43d20a0 494
5cb5a6ff
LP		 495 fprintf(f,
496 "%sSocket State: %s\n"
81a5c6d0 497 "%sResult: %s\n"
542563ba 498 "%sBindIPv6Only: %s\n"
b5a0699f
LP		 499 "%sBacklog: %u\n"
500 "%sSocketMode: %04o\n"
4fd5948e
LP		 501 "%sDirectoryMode: %04o\n"
502 "%sKeepAlive: %s\n"
4427c3f4 503 "%sNoDelay: %s\n"
cebf8b20 504 "%sFreeBind: %s\n"
6b6d2dee 505 "%sTransparent: %s\n"
ec6370a2 506 "%sBroadcast: %s\n"
ede3deb4 507 "%sPassCredentials: %s\n"
54ecda32 508 "%sPassSecurity: %s\n"
bd1fe7c7 509 "%sTCPCongestion: %s\n"
16115b0a 510 "%sRemoveOnStop: %s\n"
55301ec0 511 "%sWritable: %s\n"
8dd4c05b 512 "%sFDName: %s\n"
16115b0a 513 "%sSELinuxContextFromNet: %s\n",
a16e1123 514 prefix, socket_state_to_string(s->state),
81a5c6d0 515 prefix, socket_result_to_string(s->result),
c0120d99 516 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
b5a0699f
LP		 517 prefix, s->backlog,
518 prefix, s->socket_mode,
4fd5948e
LP		 519 prefix, s->directory_mode,
520 prefix, yes_no(s->keep_alive),
4427c3f4 521 prefix, yes_no(s->no_delay),
cebf8b20 522 prefix, yes_no(s->free_bind),
6b6d2dee 523 prefix, yes_no(s->transparent),
ec6370a2 524 prefix, yes_no(s->broadcast),
d68af586 525 prefix, yes_no(s->pass_cred),
54ecda32 526 prefix, yes_no(s->pass_sec),
bd1fe7c7 527 prefix, strna(s->tcp_congestion),
16115b0a 528 prefix, yes_no(s->remove_on_stop),
55301ec0 529 prefix, yes_no(s->writable),
8dd4c05b 530 prefix, socket_fdname(s),
16115b0a 531 prefix, yes_no(s->selinux_context_from_net));
542563ba 532
70123e68
LP		 533 if (s->control_pid > 0)
534 fprintf(f,
de0671ee
ZJS		 535 "%sControl PID: "PID_FMT"\n",
536 prefix, s->control_pid);
70123e68 537
acbb0225
LP		 538 if (s->bind_to_device)
539 fprintf(f,
540 "%sBindToDevice: %s\n",
541 prefix, s->bind_to_device);
542
4f2d528d
LP		 543 if (s->accept)
544 fprintf(f,
6cf6bbc2
LP		 545 "%sAccepted: %u\n"
546 "%sNConnections: %u\n"
547 "%sMaxConnections: %u\n",
548 prefix, s->n_accepted,
549 prefix, s->n_connections,
550 prefix, s->max_connections);
4f2d528d 551
4fd5948e
LP		 552 if (s->priority >= 0)
553 fprintf(f,
554 "%sPriority: %i\n",
555 prefix, s->priority);
556
557 if (s->receive_buffer > 0)
558 fprintf(f,
559 "%sReceiveBuffer: %zu\n",
560 prefix, s->receive_buffer);
561
562 if (s->send_buffer > 0)
563 fprintf(f,
564 "%sSendBuffer: %zu\n",
565 prefix, s->send_buffer);
566
567 if (s->ip_tos >= 0)
568 fprintf(f,
569 "%sIPTOS: %i\n",
570 prefix, s->ip_tos);
571
572 if (s->ip_ttl >= 0)
573 fprintf(f,
574 "%sIPTTL: %i\n",
575 prefix, s->ip_ttl);
576
577 if (s->pipe_size > 0)
578 fprintf(f,
579 "%sPipeSize: %zu\n",
580 prefix, s->pipe_size);
581
582 if (s->mark >= 0)
583 fprintf(f,
584 "%sMark: %i\n",
585 prefix, s->mark);
586
916abb21
LP		 587 if (s->mq_maxmsg > 0)
588 fprintf(f,
589 "%sMessageQueueMaxMessages: %li\n",
590 prefix, s->mq_maxmsg);
591
592 if (s->mq_msgsize > 0)
593 fprintf(f,
594 "%sMessageQueueMessageSize: %li\n",
595 prefix, s->mq_msgsize);
596
718db961 597 if (s->reuse_port)
f7db7a69
SL		 598 fprintf(f,
599 "%sReusePort: %s\n",
718db961 600 prefix, yes_no(s->reuse_port));
f7db7a69 601
0eb59ccf
AK		 602 if (s->smack)
603 fprintf(f,
604 "%sSmackLabel: %s\n",
605 prefix, s->smack);
606
607 if (s->smack_ip_in)
608 fprintf(f,
609 "%sSmackLabelIPIn: %s\n",
610 prefix, s->smack_ip_in);
611
612 if (s->smack_ip_out)
613 fprintf(f,
614 "%sSmackLabelIPOut: %s\n",
615 prefix, s->smack_ip_out);
616
3900e5fd
LP		 617 if (!isempty(s->user) || !isempty(s->group))
618 fprintf(f,
619 "%sOwnerUser: %s\n"
620 "%sOwnerGroup: %s\n",
621 prefix, strna(s->user),
622 prefix, strna(s->group));
623
3cd761e4 624 if (s->keep_alive_time > 0)
209e9dcd 625 fprintf(f,
3cd761e4
LP		 626 "%sKeepAliveTimeSec: %s\n",
627 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
209e9dcd 628
3cd761e4 629 if (s->keep_alive_interval)
209e9dcd 630 fprintf(f,
3cd761e4
LP		 631 "%sKeepAliveIntervalSec: %s\n",
632 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
209e9dcd 633
3cd761e4 634 if (s->keep_alive_cnt)
209e9dcd
SS		 635 fprintf(f,
636 "%sKeepAliveProbes: %u\n",
637 prefix, s->keep_alive_cnt);
638
3cd761e4 639 if (s->defer_accept)
cc567c9b 640 fprintf(f,
3cd761e4
LP		 641 "%sDeferAcceptSec: %s\n",
642 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
cc567c9b 643
034c6ed7 644 LIST_FOREACH(port, p, s->ports) {
5cb5a6ff 645
542563ba
LP		 646 if (p->type == SOCKET_SOCKET) {
647 const char *t;
648 int r;
e364ad06 649 char *k = NULL;
542563ba 650
e53fc357
LP		 651 r = socket_address_print(&p->address, &k);
652 if (r < 0)
542563ba
LP		 653 t = strerror(-r);
654 else
655 t = k;
656
7a22745a 657 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
542563ba 658 free(k);
b0a3f2bc
LP		 659 } else if (p->type == SOCKET_SPECIAL)
660 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
60252446
PS		 661 else if (p->type == SOCKET_USB_FUNCTION)
662 fprintf(f, "%sListenUSBFunction: %s\n", prefix, p->path);
916abb21
LP		 663 else if (p->type == SOCKET_MQUEUE)
664 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
b0a3f2bc 665 else
542563ba
LP		 666 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
667 }
5cb5a6ff
LP		 668
669 exec_context_dump(&s->exec_context, f, prefix);
4819ff03 670 kill_context_dump(&s->kill_context, f, prefix);
5cb5a6ff 671
e537352b 672 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
c43d20a0
LP		 673 if (!s->exec_command[c])
674 continue;
5cb5a6ff 675
40d50879 676 fprintf(f, "%s-> %s:\n",
a16e1123 677 prefix, socket_exec_command_to_string(c));
c43d20a0
LP		 678
679 exec_command_dump_list(s->exec_command[c], f, prefix2);
5cb5a6ff
LP		 680 }
681}
682
4f2d528d
LP		 683static int instance_from_socket(int fd, unsigned nr, char **instance) {
684 socklen_t l;
685 char *r;
9d16d0c7 686 union sockaddr_union local, remote;
4f2d528d
LP		 687
688 assert(fd >= 0);
689 assert(instance);
690
691 l = sizeof(local);
692 if (getsockname(fd, &local.sa, &l) < 0)
693 return -errno;
694
695 l = sizeof(remote);
696 if (getpeername(fd, &remote.sa, &l) < 0)
697 return -errno;
698
699 switch (local.sa.sa_family) {
700
701 case AF_INET: {
702 uint32_t
703 a = ntohl(local.in.sin_addr.s_addr),
704 b = ntohl(remote.in.sin_addr.s_addr);
705
706 if (asprintf(&r,
77b088c2
LP		 707 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
708 nr,
4f2d528d
LP		 709 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
710 ntohs(local.in.sin_port),
711 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
712 ntohs(remote.in.sin_port)) < 0)
713 return -ENOMEM;
714
715 break;
716 }
717
718 case AF_INET6: {
c65a0b14 719 static const unsigned char ipv4_prefix[] = {
2b061f5a
LP		 720 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
721 };
722
723 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
724 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
725 const uint8_t
726 *a = local.in6.sin6_addr.s6_addr+12,
727 *b = remote.in6.sin6_addr.s6_addr+12;
728
729 if (asprintf(&r,
77b088c2
LP		 730 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
731 nr,
2b061f5a
LP		 732 a[0], a[1], a[2], a[3],
733 ntohs(local.in6.sin6_port),
734 b[0], b[1], b[2], b[3],
735 ntohs(remote.in6.sin6_port)) < 0)
736 return -ENOMEM;
737 } else {
738 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
739
740 if (asprintf(&r,
77b088c2
LP		 741 "%u-%s:%u-%s:%u",
742 nr,
2b061f5a
LP		 743 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
744 ntohs(local.in6.sin6_port),
745 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
746 ntohs(remote.in6.sin6_port)) < 0)
747 return -ENOMEM;
748 }
4f2d528d
LP		 749
750 break;
751 }
752
753 case AF_UNIX: {
754 struct ucred ucred;
eff05270 755 int k;
4f2d528d 756
eff05270 757 k = getpeercred(fd, &ucred);
d38f6e34
ZJS		 758 if (k >= 0) {
759 if (asprintf(&r,
760 "%u-"PID_FMT"-"UID_FMT,
761 nr, ucred.pid, ucred.uid) < 0)
762 return -ENOMEM;
763 } else if (k == -ENODATA) {
764 /* This handles the case where somebody is
765 * connecting from another pid/uid namespace
766 * (e.g. from outside of our container). */
767 if (asprintf(&r,
768 "%u-unknown",
769 nr) < 0)
770 return -ENOMEM;
771 } else
eff05270 772 return k;
2f20a8eb 773
2f20a8eb 774 break;
4f2d528d
LP		 775 }
776
777 default:
778 assert_not_reached("Unhandled socket type.");
779 }
780
781 *instance = r;
782 return 0;
783}
784
034c6ed7 785static void socket_close_fds(Socket *s) {
83c60c9f 786 SocketPort *p;
811ba7a0 787 char **i;
83c60c9f
LP		 788
789 assert(s);
790
034c6ed7 791 LIST_FOREACH(port, p, s->ports) {
718db961
LP		 792
793 p->event_source = sd_event_source_unref(p->event_source);
794
83c60c9f
LP		 795 if (p->fd < 0)
796 continue;
797
03e334a1 798 p->fd = safe_close(p->fd);
15087cdb 799 socket_cleanup_fd_list(p);
a16e1123 800
bd1fe7c7
LP		 801 /* One little note: we should normally not delete any
802 * sockets in the file system here! After all some
803 * other process we spawned might still have a
804 * reference of this fd and wants to continue to use
805 * it. Therefore we delete sockets in the file system
806 * before we create a new one, not after we stopped
807 * using one! */
808
809 if (s->remove_on_stop) {
810 switch (p->type) {
811
812 case SOCKET_FIFO:
813 unlink(p->path);
814 break;
815
816 case SOCKET_MQUEUE:
817 mq_unlink(p->path);
818 break;
819
820 case SOCKET_SOCKET:
821 socket_address_unlink(&p->address);
822 break;
823
824 default:
825 break;
826 }
827 }
83c60c9f 828 }
811ba7a0
LP		 829
830 if (s->remove_on_stop)
831 STRV_FOREACH(i, s->symlinks)
832 unlink(*i);
83c60c9f
LP		 833}
834
4fd5948e 835static void socket_apply_socket_options(Socket *s, int fd) {
d53e386d
LP		 836 int r;
837
4fd5948e
LP		 838 assert(s);
839 assert(fd >= 0);
840
841 if (s->keep_alive) {
842 int b = s->keep_alive;
843 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
f2341e0a 844 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
4fd5948e
LP		 845 }
846
209e9dcd
SS		 847 if (s->keep_alive_time) {
848 int value = s->keep_alive_time / USEC_PER_SEC;
849 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
f2341e0a 850 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
209e9dcd
SS		 851 }
852
853 if (s->keep_alive_interval) {
920b52e4 854 int value = s->keep_alive_interval / USEC_PER_SEC;
209e9dcd 855 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
f2341e0a 856 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
209e9dcd
SS		 857 }
858
859 if (s->keep_alive_cnt) {
860 int value = s->keep_alive_cnt;
172cfe87 861 if (setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &value, sizeof(value)) < 0)
f2341e0a 862 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
209e9dcd
SS		 863 }
864
cc567c9b
SS		 865 if (s->defer_accept) {
866 int value = s->defer_accept / USEC_PER_SEC;
867 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
f2341e0a 868 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
cc567c9b
SS		 869 }
870
4427c3f4
SS		 871 if (s->no_delay) {
872 int b = s->no_delay;
873 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
f2341e0a 874 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
4427c3f4
SS		 875 }
876
ec6370a2
LP		 877 if (s->broadcast) {
878 int one = 1;
879 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
f2341e0a 880 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
ec6370a2
LP		 881 }
882
d68af586
MS		 883 if (s->pass_cred) {
884 int one = 1;
885 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
f2341e0a 886 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
d68af586
MS		 887 }
888
54ecda32
LP		 889 if (s->pass_sec) {
890 int one = 1;
891 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
f2341e0a 892 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
54ecda32
LP		 893 }
894
4fd5948e
LP		 895 if (s->priority >= 0)
896 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
f2341e0a 897 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
4fd5948e
LP		 898
899 if (s->receive_buffer > 0) {
900 int value = (int) s->receive_buffer;
7d9eaa84
LP		 901
902 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
903
b8cef44e 904 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 905 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
f2341e0a 906 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
4fd5948e
LP		 907 }
908
909 if (s->send_buffer > 0) {
910 int value = (int) s->send_buffer;
b8cef44e 911 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 912 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
f2341e0a 913 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
4fd5948e
LP		 914 }
915
916 if (s->mark >= 0)
917 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
f2341e0a 918 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
4fd5948e
LP		 919
920 if (s->ip_tos >= 0)
921 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
f2341e0a 922 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
4fd5948e 923
46925ac5 924 if (s->ip_ttl >= 0) {
d53e386d 925 int x;
46925ac5
LP		 926
927 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
5bfcc1c6
FF		 928
929 if (socket_ipv6_is_supported())
930 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
931 else {
932 x = -1;
933 errno = EAFNOSUPPORT;
934 }
46925ac5
LP		 935
936 if (r < 0 && x < 0)
f2341e0a 937 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
46925ac5 938 }
cebf8b20
TT		 939
940 if (s->tcp_congestion)
941 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
f2341e0a 942 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
0eb59ccf 943
d53e386d 944 if (s->smack_ip_in) {
5ab58c20 945 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
d53e386d 946 if (r < 0)
f2341e0a 947 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
d53e386d 948 }
9a4e038c 949
d53e386d 950 if (s->smack_ip_out) {
5ab58c20 951 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
d53e386d 952 if (r < 0)
f2341e0a 953 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
d53e386d 954 }
4fd5948e
LP		 955}
956
b15bdda8 957static void socket_apply_fifo_options(Socket *s, int fd) {
d53e386d
LP		 958 int r;
959
4fd5948e
LP		 960 assert(s);
961 assert(fd >= 0);
962
963 if (s->pipe_size > 0)
964 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
ed460b07 965 log_unit_warning_errno(UNIT(s), errno, "Setting pipe size failed, ignoring: %m");
0eb59ccf 966
d53e386d 967 if (s->smack) {
5ab58c20 968 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
d53e386d 969 if (r < 0)
ed460b07 970 log_unit_error_errno(UNIT(s), r, "SMACK relabelling failed, ignoring: %m");
d53e386d 971 }
4fd5948e
LP		 972}
973
b15bdda8
LP		 974static int fifo_address_create(
975 const char *path,
976 mode_t directory_mode,
e8da24a6 977 mode_t socket_mode) {
b15bdda8 978
e8da24a6 979 _cleanup_close_ int fd = -1;
b15bdda8 980 mode_t old_mask;
e8da24a6
LP		 981 struct stat st;
982 int r;
b15bdda8
LP		 983
984 assert(path);
b15bdda8 985
d2e54fae 986 mkdir_parents_label(path, directory_mode);
b15bdda8 987
ecabcf8b 988 r = mac_selinux_create_file_prepare(path, S_IFIFO);
e9a5ef7c 989 if (r < 0)
e8da24a6 990 return r;
b15bdda8
LP		 991
992 /* Enforce the right access mode for the fifo */
993 old_mask = umask(~ socket_mode);
994
995 /* Include the original umask in our mask */
e8da24a6 996 (void) umask(~socket_mode | old_mask);
b15bdda8
LP		 997
998 r = mkfifo(path, socket_mode);
e8da24a6 999 (void) umask(old_mask);
b15bdda8 1000
94bc2731 1001 if (r < 0 && errno != EEXIST) {
b15bdda8
LP		 1002 r = -errno;
1003 goto fail;
1004 }
1005
e8da24a6 1006 fd = open(path, O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
3cc2aff1 1007 if (fd < 0) {
b15bdda8
LP		 1008 r = -errno;
1009 goto fail;
1010 }
1011
ecabcf8b 1012 mac_selinux_create_file_clear();
7a58bfa4 1013
b15bdda8
LP		 1014 if (fstat(fd, &st) < 0) {
1015 r = -errno;
1016 goto fail;
1017 }
1018
1019 if (!S_ISFIFO(st.st_mode) ||
de0200fc 1020 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
e4f44e73
DR		 1021 st.st_uid != getuid() ||
1022 st.st_gid != getgid()) {
b15bdda8
LP		 1023 r = -EEXIST;
1024 goto fail;
1025 }
1026
e8da24a6
LP		 1027 r = fd;
1028 fd = -1;
1029
1030 return r;
b15bdda8
LP		 1031
1032fail:
ecabcf8b 1033 mac_selinux_create_file_clear();
b15bdda8
LP		 1034 return r;
1035}
1036
55301ec0 1037static int special_address_create(const char *path, bool writable) {
e8da24a6 1038 _cleanup_close_ int fd = -1;
b0a3f2bc 1039 struct stat st;
e8da24a6 1040 int r;
b0a3f2bc
LP		 1041
1042 assert(path);
b0a3f2bc 1043
55301ec0 1044 fd = open(path, (writable ? O_RDWR : O_RDONLY)|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
e8da24a6
LP		 1045 if (fd < 0)
1046 return -errno;
b0a3f2bc 1047
e8da24a6
LP		 1048 if (fstat(fd, &st) < 0)
1049 return -errno;
b0a3f2bc
LP		 1050
1051 /* Check whether this is a /proc, /sys or /dev file or char device */
e8da24a6
LP		 1052 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode))
1053 return -EEXIST;
b0a3f2bc 1054
e8da24a6
LP		 1055 r = fd;
1056 fd = -1;
b0a3f2bc
LP		 1057
1058 return r;
1059}
1060
36078102 1061static int usbffs_address_create(const char *path) {
60252446
PS		 1062 _cleanup_close_ int fd = -1;
1063 struct stat st;
e8da24a6 1064 int r;
60252446
PS		 1065
1066 assert(path);
60252446
PS		 1067
1068 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1069 if (fd < 0)
1070 return -errno;
1071
1072 if (fstat(fd, &st) < 0)
1073 return -errno;
1074
1075 /* Check whether this is a regular file (ffs endpoint)*/
1076 if (!S_ISREG(st.st_mode))
1077 return -EEXIST;
1078
e8da24a6 1079 r = fd;
60252446
PS		 1080 fd = -1;
1081
e8da24a6 1082 return r;
60252446
PS		 1083}
1084
916abb21
LP		 1085static int mq_address_create(
1086 const char *path,
1087 mode_t mq_mode,
1088 long maxmsg,
e8da24a6 1089 long msgsize) {
916abb21 1090
e8da24a6 1091 _cleanup_close_ int fd = -1;
916abb21
LP		 1092 struct stat st;
1093 mode_t old_mask;
1094 struct mq_attr _attr, *attr = NULL;
e8da24a6 1095 int r;
916abb21
LP		 1096
1097 assert(path);
916abb21
LP		 1098
1099 if (maxmsg > 0 && msgsize > 0) {
e8da24a6
LP		 1100 _attr = (struct mq_attr) {
1101 .mq_flags = O_NONBLOCK,
1102 .mq_maxmsg = maxmsg,
1103 .mq_msgsize = msgsize,
1104 };
916abb21
LP		 1105 attr = &_attr;
1106 }
1107
1108 /* Enforce the right access mode for the mq */
1109 old_mask = umask(~ mq_mode);
1110
1111 /* Include the original umask in our mask */
e8da24a6 1112 (void) umask(~mq_mode | old_mask);
916abb21 1113 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
e8da24a6 1114 (void) umask(old_mask);
916abb21 1115
e8da24a6
LP		 1116 if (fd < 0)
1117 return -errno;
916abb21 1118
e8da24a6
LP		 1119 if (fstat(fd, &st) < 0)
1120 return -errno;
916abb21
LP		 1121
1122 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1123 st.st_uid != getuid() ||
e8da24a6
LP		 1124 st.st_gid != getgid())
1125 return -EEXIST;
916abb21 1126
e8da24a6
LP		 1127 r = fd;
1128 fd = -1;
916abb21 1129
916abb21
LP		 1130 return r;
1131}
1132
811ba7a0
LP		 1133static int socket_symlink(Socket *s) {
1134 const char *p;
1135 char **i;
1136
1137 assert(s);
1138
1139 p = socket_find_symlink_target(s);
1140 if (!p)
1141 return 0;
1142
1143 STRV_FOREACH(i, s->symlinks)
43b133b4 1144 symlink_label(p, *i);
811ba7a0
LP		 1145
1146 return 0;
1147}
1148
36078102 1149static int usbffs_write_descs(int fd, Service *s) {
6b7e5923
PS		 1150 int r;
1151
1152 if (!s->usb_function_descriptors || !s->usb_function_strings)
1153 return -EINVAL;
1154
1155 r = copy_file_fd(s->usb_function_descriptors, fd, false);
1156 if (r < 0)
e8da24a6 1157 return r;
6b7e5923 1158
e8da24a6 1159 return copy_file_fd(s->usb_function_strings, fd, false);
6b7e5923
PS		 1160}
1161
36078102 1162static int usbffs_select_ep(const struct dirent *d) {
60252446
PS		 1163 return d->d_name[0] != '.' && !streq(d->d_name, "ep0");
1164}
1165
36078102 1166static int usbffs_dispatch_eps(SocketPort *p) {
60252446 1167 _cleanup_free_ struct dirent **ent = NULL;
60252446 1168 _cleanup_free_ char *path = NULL;
36078102 1169 int r, i, n, k;
60252446
PS		 1170
1171 r = path_get_parent(p->path, &path);
1172 if (r < 0)
1173 return r;
1174
36078102 1175 r = scandir(path, &ent, usbffs_select_ep, alphasort);
60252446
PS		 1176 if (r < 0)
1177 return -errno;
1178
1179 n = r;
1180 p->auxiliary_fds = new(int, n);
1181 if (!p->auxiliary_fds)
1182 return -ENOMEM;
1183
1184 p->n_auxiliary_fds = n;
1185
1186 k = 0;
1187 for (i = 0; i < n; ++i) {
1188 _cleanup_free_ char *ep = NULL;
1189
1190 ep = path_make_absolute(ent[i]->d_name, path);
1191 if (!ep)
1192 return -ENOMEM;
1193
1194 path_kill_slashes(ep);
1195
36078102 1196 r = usbffs_address_create(ep);
60252446
PS		 1197 if (r < 0)
1198 goto fail;
1199
e8da24a6
LP		 1200 p->auxiliary_fds[k] = r;
1201
60252446
PS		 1202 ++k;
1203 free(ent[i]);
1204 }
1205
1206 return r;
1207
1208fail:
e8da24a6 1209 close_many(p->auxiliary_fds, k);
60252446
PS		 1210 p->auxiliary_fds = mfree(p->auxiliary_fds);
1211 p->n_auxiliary_fds = 0;
1212
1213 return r;
1214}
1215
034c6ed7 1216static int socket_open_fds(Socket *s) {
710a6b50
LP		 1217 _cleanup_(mac_selinux_freep) char *label = NULL;
1218 bool know_label = false;
83c60c9f
LP		 1219 SocketPort *p;
1220 int r;
1221
1222 assert(s);
1223
034c6ed7 1224 LIST_FOREACH(port, p, s->ports) {
83c60c9f 1225
034c6ed7
LP		 1226 if (p->fd >= 0)
1227 continue;
83c60c9f 1228
00411a13
LP		 1229 switch (p->type) {
1230
1231 case SOCKET_SOCKET:
049f8642 1232
7f416dae
LP		 1233 if (!know_label) {
1234 /* Figure out label, if we don't it know
1235 * yet. We do it once, for the first
1236 * socket where we need this and
1237 * remember it for the rest. */
1238
1239 if (s->selinux_context_from_net) {
1240 /* Get it from the network label */
1241
1242 r = mac_selinux_get_our_label(&label);
75514a70 1243 if (r < 0 && r != -EOPNOTSUPP)
7f416dae 1244 goto rollback;
049f8642 1245
7f416dae
LP		 1246 } else {
1247 /* Get it from the executable we are about to start */
1248
1249 r = socket_instantiate_service(s);
1250 if (r < 0)
1251 goto rollback;
1252
1253 if (UNIT_ISSET(s->service) &&
1254 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1255 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
75514a70 1256 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
7f416dae
LP		 1257 goto rollback;
1258 }
189583d7 1259 }
049f8642
LP		 1260
1261 know_label = true;
1262 }
1263
175a3d25
LP		 1264 r = socket_address_listen(
1265 &p->address,
1266 SOCK_CLOEXEC|SOCK_NONBLOCK,
1267 s->backlog,
1268 s->bind_ipv6_only,
1269 s->bind_to_device,
54255c64 1270 s->reuse_port,
175a3d25
LP		 1271 s->free_bind,
1272 s->transparent,
1273 s->directory_mode,
1274 s->socket_mode,
1275 label);
1276 if (r < 0)
83c60c9f
LP		 1277 goto rollback;
1278
175a3d25 1279 p->fd = r;
4fd5948e 1280 socket_apply_socket_options(s, p->fd);
811ba7a0 1281 socket_symlink(s);
00411a13 1282 break;
4fd5948e 1283
00411a13 1284 case SOCKET_SPECIAL:
b0a3f2bc 1285
55301ec0 1286 p->fd = special_address_create(p->path, s->writable);
e8da24a6
LP		 1287 if (p->fd < 0) {
1288 r = p->fd;
b0a3f2bc 1289 goto rollback;
e8da24a6 1290 }
00411a13 1291 break;
b0a3f2bc 1292
00411a13 1293 case SOCKET_FIFO:
83c60c9f 1294
e8da24a6 1295 p->fd = fifo_address_create(
175a3d25
LP		 1296 p->path,
1297 s->directory_mode,
e8da24a6
LP		 1298 s->socket_mode);
1299 if (p->fd < 0) {
1300 r = p->fd;
83c60c9f 1301 goto rollback;
e8da24a6 1302 }
83c60c9f 1303
b15bdda8 1304 socket_apply_fifo_options(s, p->fd);
811ba7a0 1305 socket_symlink(s);
00411a13 1306 break;
811ba7a0 1307
00411a13 1308 case SOCKET_MQUEUE:
83c60c9f 1309
e8da24a6 1310 p->fd = mq_address_create(
175a3d25
LP		 1311 p->path,
1312 s->socket_mode,
1313 s->mq_maxmsg,
e8da24a6
LP		 1314 s->mq_msgsize);
1315 if (p->fd < 0) {
1316 r = p->fd;
916abb21 1317 goto rollback;
e8da24a6 1318 }
00411a13 1319 break;
e8da24a6 1320
00411a13 1321 case SOCKET_USB_FUNCTION:
60252446 1322
36078102 1323 p->fd = usbffs_address_create(p->path);
e8da24a6
LP		 1324 if (p->fd < 0) {
1325 r = p->fd;
60252446 1326 goto rollback;
e8da24a6 1327 }
60252446 1328
36078102 1329 r = usbffs_write_descs(p->fd, SERVICE(UNIT_DEREF(s->service)));
6b7e5923
PS		 1330 if (r < 0)
1331 goto rollback;
1332
36078102 1333 r = usbffs_dispatch_eps(p);
60252446
PS		 1334 if (r < 0)
1335 goto rollback;
00411a13
LP		 1336
1337 break;
1338
1339 default:
b15bdda8 1340 assert_not_reached("Unknown port type");
00411a13 1341 }
034c6ed7
LP		 1342 }
1343
1344 return 0;
1345
1346rollback:
1347 socket_close_fds(s);
1348 return r;
1349}
1350
1351static void socket_unwatch_fds(Socket *s) {
1352 SocketPort *p;
718db961 1353 int r;
9152c765 1354
034c6ed7
LP		 1355 assert(s);
1356
1357 LIST_FOREACH(port, p, s->ports) {
1358 if (p->fd < 0)
1359 continue;
1360
a4152e3f
LP		 1361 if (!p->event_source)
1362 continue;
1363
1364 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1365 if (r < 0)
f2341e0a 1366 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
83c60c9f 1367 }
034c6ed7
LP		 1368}
1369
1370static int socket_watch_fds(Socket *s) {
1371 SocketPort *p;
1372 int r;
1373
1374 assert(s);
83c60c9f 1375
034c6ed7
LP		 1376 LIST_FOREACH(port, p, s->ports) {
1377 if (p->fd < 0)
1378 continue;
1379
cbf60d0a 1380 if (p->event_source) {
718db961 1381 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
cbf60d0a
LP		 1382 if (r < 0)
1383 goto fail;
1384 } else {
151b9b96 1385 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
cbf60d0a
LP		 1386 if (r < 0)
1387 goto fail;
4f2d528d 1388
cbf60d0a 1389 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
718db961 1390 }
034c6ed7 1391 }
83c60c9f 1392
542563ba 1393 return 0;
83c60c9f 1394
034c6ed7 1395fail:
cbf60d0a 1396 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
034c6ed7
LP		 1397 socket_unwatch_fds(s);
1398 return r;
1399}
1400
1401static void socket_set_state(Socket *s, SocketState state) {
1402 SocketState old_state;
1403 assert(s);
1404
1405 old_state = s->state;
1406 s->state = state;
1407
bd1fe7c7
LP		 1408 if (!IN_SET(state,
1409 SOCKET_START_PRE,
3900e5fd 1410 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1411 SOCKET_START_POST,
1412 SOCKET_STOP_PRE,
1413 SOCKET_STOP_PRE_SIGTERM,
1414 SOCKET_STOP_PRE_SIGKILL,
1415 SOCKET_STOP_POST,
1416 SOCKET_FINAL_SIGTERM,
1417 SOCKET_FINAL_SIGKILL)) {
718db961
LP		 1418
1419 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
5e94833f 1420 socket_unwatch_control_pid(s);
034c6ed7 1421 s->control_command = NULL;
a16e1123 1422 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
e537352b 1423 }
034c6ed7 1424
a16e1123
LP		 1425 if (state != SOCKET_LISTENING)
1426 socket_unwatch_fds(s);
1427
bd1fe7c7 1428 if (!IN_SET(state,
3900e5fd 1429 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1430 SOCKET_START_POST,
1431 SOCKET_LISTENING,
1432 SOCKET_RUNNING,
1433 SOCKET_STOP_PRE,
1434 SOCKET_STOP_PRE_SIGTERM,
1435 SOCKET_STOP_PRE_SIGKILL))
034c6ed7
LP		 1436 socket_close_fds(s);
1437
e537352b 1438 if (state != old_state)
f2341e0a 1439 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
acbb0225 1440
e2f3b44c 1441 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
034c6ed7
LP		 1442}
1443
be847e82 1444static int socket_coldplug(Unit *u) {
a16e1123
LP		 1445 Socket *s = SOCKET(u);
1446 int r;
1447
1448 assert(s);
1449 assert(s->state == SOCKET_DEAD);
1450
e821075a
LP		 1451 if (s->deserialized_state == s->state)
1452 return 0;
a16e1123 1453
3900e5fd
LP		 1454 if (IN_SET(s->deserialized_state,
1455 SOCKET_START_PRE,
1456 SOCKET_START_CHOWN,
1457 SOCKET_START_POST,
1458 SOCKET_STOP_PRE,
1459 SOCKET_STOP_PRE_SIGTERM,
1460 SOCKET_STOP_PRE_SIGKILL,
1461 SOCKET_STOP_POST,
1462 SOCKET_FINAL_SIGTERM,
1463 SOCKET_FINAL_SIGKILL)) {
a16e1123 1464
e821075a
LP		 1465 if (s->control_pid <= 0)
1466 return -EBADMSG;
a16e1123 1467
e821075a
LP		 1468 r = unit_watch_pid(UNIT(s), s->control_pid);
1469 if (r < 0)
1470 return r;
a16e1123 1471
e821075a
LP		 1472 r = socket_arm_timer(s);
1473 if (r < 0)
1474 return r;
1475 }
a16e1123 1476
3900e5fd
LP		 1477 if (IN_SET(s->deserialized_state,
1478 SOCKET_START_CHOWN,
1479 SOCKET_START_POST,
1480 SOCKET_LISTENING,
1481 SOCKET_RUNNING,
1482 SOCKET_STOP_PRE,
1483 SOCKET_STOP_PRE_SIGTERM,
1484 SOCKET_STOP_PRE_SIGKILL)) {
e821075a
LP		 1485 r = socket_open_fds(s);
1486 if (r < 0)
1487 return r;
1488 }
a16e1123 1489
e821075a
LP		 1490 if (s->deserialized_state == SOCKET_LISTENING) {
1491 r = socket_watch_fds(s);
1492 if (r < 0)
1493 return r;
a16e1123
LP		 1494 }
1495
e821075a 1496 socket_set_state(s, s->deserialized_state);
a16e1123
LP		 1497 return 0;
1498}
1499
e537352b 1500static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
3900e5fd 1501 _cleanup_free_ char **argv = NULL;
034c6ed7
LP		 1502 pid_t pid;
1503 int r;
9fa95f85
DM		 1504 ExecParameters exec_params = {
1505 .apply_permissions = true,
1506 .apply_chroot = true,
1507 .apply_tty_stdin = true,
6f856a09 1508 .bus_endpoint_fd = -1,
a34ceba6
LP		 1509 .stdin_fd = -1,
1510 .stdout_fd = -1,
1511 .stderr_fd = -1,
9fa95f85 1512 };
034c6ed7
LP		 1513
1514 assert(s);
1515 assert(c);
1516 assert(_pid);
1517
5ad096b3
LP		 1518 (void) unit_realize_cgroup(UNIT(s));
1519 if (s->reset_cpu_usage) {
1520 (void) unit_reset_cpu_usage(UNIT(s));
1521 s->reset_cpu_usage = false;
1522 }
4ad49000 1523
613b411c
LP		 1524 r = unit_setup_exec_runtime(UNIT(s));
1525 if (r < 0)
1526 goto fail;
1527
718db961 1528 r = socket_arm_timer(s);
36697dc0 1529 if (r < 0)
e537352b 1530 goto fail;
034c6ed7 1531
19f6d710
LP		 1532 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1533 if (r < 0)
9e2f7c11 1534 goto fail;
9e2f7c11 1535
9fa95f85
DM		 1536 exec_params.argv = argv;
1537 exec_params.environment = UNIT(s)->manager->environment;
1538 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1539 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1540 exec_params.cgroup_path = UNIT(s)->cgroup_path;
a931ad47 1541 exec_params.cgroup_delegate = s->cgroup_context.delegate;
9fa95f85 1542 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
9fa95f85 1543
f2341e0a
LP		 1544 r = exec_spawn(UNIT(s),
1545 c,
9e2f7c11 1546 &s->exec_context,
9fa95f85 1547 &exec_params,
613b411c 1548 s->exec_runtime,
9e2f7c11 1549 &pid);
cee288ad
TA		 1550 if (r < 0)
1551 goto fail;
9e2f7c11 1552
3900e5fd 1553 r = unit_watch_pid(UNIT(s), pid);
9e2f7c11 1554 if (r < 0)
3900e5fd 1555 /* FIXME: we need to do something here */
034c6ed7
LP		 1556 goto fail;
1557
3900e5fd
LP		 1558 *_pid = pid;
1559 return 0;
1560
1561fail:
1562 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1563 return r;
1564}
1565
1566static int socket_chown(Socket *s, pid_t *_pid) {
1567 pid_t pid;
1568 int r;
1569
1570 r = socket_arm_timer(s);
1571 if (r < 0)
1572 goto fail;
1573
1574 /* We have to resolve the user names out-of-process, hence
1575 * let's fork here. It's messy, but well, what can we do? */
1576
1577 pid = fork();
1578 if (pid < 0)
1579 return -errno;
1580
1581 if (pid == 0) {
1582 SocketPort *p;
fed1e721
LP		 1583 uid_t uid = UID_INVALID;
1584 gid_t gid = GID_INVALID;
3900e5fd
LP		 1585 int ret;
1586
ce30c8dc
LP		 1587 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1588 (void) ignore_signals(SIGPIPE, -1);
3900e5fd
LP		 1589 log_forget_fds();
1590
1591 if (!isempty(s->user)) {
1592 const char *user = s->user;
1593
1594 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1595 if (r < 0) {
1596 ret = EXIT_USER;
1597 goto fail_child;
1598 }
1599 }
1600
1601 if (!isempty(s->group)) {
1602 const char *group = s->group;
1603
1604 r = get_group_creds(&group, &gid);
1605 if (r < 0) {
1606 ret = EXIT_GROUP;
1607 goto fail_child;
1608 }
1609 }
1610
1611 LIST_FOREACH(port, p, s->ports) {
e5a1c18d 1612 const char *path = NULL;
3900e5fd
LP		 1613
1614 if (p->type == SOCKET_SOCKET)
1615 path = socket_address_get_path(&p->address);
1616 else if (p->type == SOCKET_FIFO)
1617 path = p->path;
1618
1619 if (!path)
1620 continue;
1621
1622 if (chown(path, uid, gid) < 0) {
1623 r = -errno;
1624 ret = EXIT_CHOWN;
1625 goto fail_child;
1626 }
1627 }
1628
1629 _exit(0);
1630
1631 fail_child:
1632 log_open();
da927ba9 1633 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
3900e5fd
LP		 1634
1635 _exit(ret);
1636 }
1637
718db961
LP		 1638 r = unit_watch_pid(UNIT(s), pid);
1639 if (r < 0)
034c6ed7 1640 goto fail;
83c60c9f 1641
034c6ed7 1642 *_pid = pid;
034c6ed7
LP		 1643 return 0;
1644
1645fail:
718db961 1646 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
83c60c9f 1647 return r;
542563ba
LP		 1648}
1649
cfc4eb4c 1650static void socket_enter_dead(Socket *s, SocketResult f) {
034c6ed7
LP		 1651 assert(s);
1652
cfc4eb4c
LP		 1653 if (f != SOCKET_SUCCESS)
1654 s->result = f;
034c6ed7 1655
613b411c
LP		 1656 exec_runtime_destroy(s->exec_runtime);
1657 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1658
e66cf1a3
LP		 1659 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1660
cfc4eb4c 1661 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
034c6ed7
LP		 1662}
1663
cfc4eb4c 1664static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
80876c20 1665
cfc4eb4c 1666static void socket_enter_stop_post(Socket *s, SocketResult f) {
034c6ed7
LP		 1667 int r;
1668 assert(s);
1669
cfc4eb4c
LP		 1670 if (f != SOCKET_SUCCESS)
1671 s->result = f;
034c6ed7 1672
5e94833f 1673 socket_unwatch_control_pid(s);
a16e1123 1674 s->control_command_id = SOCKET_EXEC_STOP_POST;
3900e5fd 1675 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
a16e1123 1676
3900e5fd
LP		 1677 if (s->control_command) {
1678 r = socket_spawn(s, s->control_command, &s->control_pid);
1679 if (r < 0)
034c6ed7
LP		 1680 goto fail;
1681
80876c20
LP		 1682 socket_set_state(s, SOCKET_STOP_POST);
1683 } else
cfc4eb4c 1684 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
034c6ed7
LP		 1685
1686 return;
1687
1688fail:
f2341e0a 1689 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
cfc4eb4c 1690 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1691}
1692
cfc4eb4c 1693static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
034c6ed7
LP		 1694 int r;
1695
1696 assert(s);
1697
cfc4eb4c
LP		 1698 if (f != SOCKET_SUCCESS)
1699 s->result = f;
034c6ed7 1700
cd2086fe
LP		 1701 r = unit_kill_context(
1702 UNIT(s),
1703 &s->kill_context,
db2cb23b
UTL		 1704 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1705 KILL_KILL : KILL_TERMINATE,
cd2086fe
LP		 1706 -1,
1707 s->control_pid,
1708 false);
1709 if (r < 0)
1710 goto fail;
034c6ed7 1711
cd2086fe 1712 if (r > 0) {
718db961 1713 r = socket_arm_timer(s);
36697dc0 1714 if (r < 0)
80876c20 1715 goto fail;
d6ea93e3 1716
80876c20 1717 socket_set_state(s, state);
ac84d1fb
LP		 1718 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1719 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1720 else if (state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1721 socket_enter_stop_post(s, SOCKET_SUCCESS);
ac84d1fb
LP		 1722 else if (state == SOCKET_FINAL_SIGTERM)
1723 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
80876c20 1724 else
cfc4eb4c 1725 socket_enter_dead(s, SOCKET_SUCCESS);
034c6ed7
LP		 1726
1727 return;
1728
1729fail:
f2341e0a 1730 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
034c6ed7
LP		 1731
1732 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1733 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1734 else
cfc4eb4c 1735 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1736}
1737
cfc4eb4c 1738static void socket_enter_stop_pre(Socket *s, SocketResult f) {
034c6ed7
LP		 1739 int r;
1740 assert(s);
1741
cfc4eb4c
LP		 1742 if (f != SOCKET_SUCCESS)
1743 s->result = f;
034c6ed7 1744
5e94833f 1745 socket_unwatch_control_pid(s);
a16e1123 1746 s->control_command_id = SOCKET_EXEC_STOP_PRE;
3900e5fd 1747 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
a16e1123 1748
3900e5fd
LP		 1749 if (s->control_command) {
1750 r = socket_spawn(s, s->control_command, &s->control_pid);
1751 if (r < 0)
034c6ed7
LP		 1752 goto fail;
1753
80876c20
LP		 1754 socket_set_state(s, SOCKET_STOP_PRE);
1755 } else
cfc4eb4c 1756 socket_enter_stop_post(s, SOCKET_SUCCESS);
034c6ed7
LP		 1757
1758 return;
1759
1760fail:
f2341e0a 1761 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
cfc4eb4c 1762 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1763}
1764
e9af15c3
LP		 1765static void socket_enter_listening(Socket *s) {
1766 int r;
1767 assert(s);
1768
cfc4eb4c
LP		 1769 r = socket_watch_fds(s);
1770 if (r < 0) {
f2341e0a 1771 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
e9af15c3
LP		 1772 goto fail;
1773 }
1774
1775 socket_set_state(s, SOCKET_LISTENING);
1776 return;
1777
1778fail:
cfc4eb4c 1779 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
e9af15c3
LP		 1780}
1781
034c6ed7
LP		 1782static void socket_enter_start_post(Socket *s) {
1783 int r;
1784 assert(s);
1785
3900e5fd
LP		 1786 socket_unwatch_control_pid(s);
1787 s->control_command_id = SOCKET_EXEC_START_POST;
1788 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1789
1790 if (s->control_command) {
1791 r = socket_spawn(s, s->control_command, &s->control_pid);
1792 if (r < 0) {
f2341e0a 1793 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
3900e5fd
LP		 1794 goto fail;
1795 }
1796
1797 socket_set_state(s, SOCKET_START_POST);
1798 } else
1799 socket_enter_listening(s);
1800
1801 return;
1802
1803fail:
1804 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1805}
1806
1807static void socket_enter_start_chown(Socket *s) {
1808 int r;
1809
1810 assert(s);
1811
cfc4eb4c
LP		 1812 r = socket_open_fds(s);
1813 if (r < 0) {
f2341e0a 1814 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
034c6ed7
LP		 1815 goto fail;
1816 }
1817
3900e5fd 1818 if (!isempty(s->user) || !isempty(s->group)) {
5e94833f 1819
3900e5fd
LP		 1820 socket_unwatch_control_pid(s);
1821 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1822 s->control_command = NULL;
a16e1123 1823
3900e5fd 1824 r = socket_chown(s, &s->control_pid);
cfc4eb4c 1825 if (r < 0) {
f2341e0a 1826 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
034c6ed7
LP		 1827 goto fail;
1828 }
1829
3900e5fd 1830 socket_set_state(s, SOCKET_START_CHOWN);
80876c20 1831 } else
3900e5fd 1832 socket_enter_start_post(s);
034c6ed7
LP		 1833
1834 return;
1835
1836fail:
cfc4eb4c 1837 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1838}
1839
1840static void socket_enter_start_pre(Socket *s) {
1841 int r;
1842 assert(s);
1843
5e94833f 1844 socket_unwatch_control_pid(s);
a16e1123 1845 s->control_command_id = SOCKET_EXEC_START_PRE;
3900e5fd 1846 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
a16e1123 1847
3900e5fd 1848 if (s->control_command) {
e821075a 1849 r = socket_spawn(s, s->control_command, &s->control_pid);
3900e5fd 1850 if (r < 0) {
f2341e0a 1851 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
034c6ed7 1852 goto fail;
3900e5fd 1853 }
034c6ed7 1854
80876c20
LP		 1855 socket_set_state(s, SOCKET_START_PRE);
1856 } else
3900e5fd 1857 socket_enter_start_chown(s);
034c6ed7
LP		 1858
1859 return;
1860
1861fail:
cfc4eb4c 1862 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1863}
1864
4f2d528d 1865static void socket_enter_running(Socket *s, int cfd) {
718db961 1866 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
034c6ed7
LP		 1867 int r;
1868
1869 assert(s);
1870
ba3e67a7
LP		 1871 /* We don't take connections anymore if we are supposed to
1872 * shut down anyway */
31afa0a4 1873 if (unit_stop_pending(UNIT(s))) {
e821075a 1874
f2341e0a 1875 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
5d909e3e 1876
7c610628 1877 if (cfd >= 0)
03e334a1 1878 safe_close(cfd);
7c610628
LP		 1879 else {
1880 /* Flush all sockets by closing and reopening them */
1881 socket_close_fds(s);
1882
16ac4014
LP		 1883 r = socket_open_fds(s);
1884 if (r < 0) {
f2341e0a 1885 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
16ac4014
LP		 1886 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1887 return;
1888 }
1889
1a710b43
MS		 1890 r = socket_watch_fds(s);
1891 if (r < 0) {
f2341e0a 1892 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
cfc4eb4c 1893 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
7c610628
LP		 1894 }
1895 }
1896
ba3e67a7
LP		 1897 return;
1898 }
1899
4f2d528d 1900 if (cfd < 0) {
57020a3a 1901 Iterator i;
e821075a 1902 Unit *other;
f976f3f6 1903 bool pending = false;
f976f3f6
LP		 1904
1905 /* If there's already a start pending don't bother to
1906 * do anything */
e821075a
LP		 1907 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1908 if (unit_active_or_pending(other)) {
57020a3a
LP		 1909 pending = true;
1910 break;
1911 }
f976f3f6 1912
1a710b43 1913 if (!pending) {
640ace4a 1914 if (!UNIT_ISSET(s->service)) {
f2341e0a 1915 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
640ace4a
LP		 1916 r = -ENOENT;
1917 goto fail;
1918 }
1919
1a710b43
MS		 1920 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1921 if (r < 0)
f976f3f6 1922 goto fail;
1a710b43 1923 }
4f2d528d
LP		 1924
1925 socket_set_state(s, SOCKET_RUNNING);
1926 } else {
e55001eb 1927 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
b15bdda8 1928 Service *service;
4f2d528d 1929
6cf6bbc2 1930 if (s->n_connections >= s->max_connections) {
f2341e0a 1931 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
03e334a1 1932 safe_close(cfd);
6cf6bbc2
LP		 1933 return;
1934 }
1935
1a710b43
MS		 1936 r = socket_instantiate_service(s);
1937 if (r < 0)
b15bdda8
LP		 1938 goto fail;
1939
1a710b43
MS		 1940 r = instance_from_socket(cfd, s->n_accepted, &instance);
1941 if (r < 0) {
1942 if (r != -ENOTCONN)
1943 goto fail;
1944
1945 /* ENOTCONN is legitimate if TCP RST was received.
1946 * This connection is over, but the socket unit lives on. */
03e334a1 1947 safe_close(cfd);
1a710b43
MS		 1948 return;
1949 }
4f2d528d 1950
7410616c
LP		 1951 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1952 if (r < 0)
4f2d528d 1953 goto fail;
4f2d528d 1954
7410616c
LP		 1955 r = unit_name_build(prefix, instance, ".service", &name);
1956 if (r < 0)
b6dbbe1c 1957 goto fail;
4f2d528d 1958
1a710b43 1959 r = unit_add_name(UNIT_DEREF(s->service), name);
e55001eb 1960 if (r < 0)
4f2d528d 1961 goto fail;
b15bdda8 1962
57020a3a
LP		 1963 service = SERVICE(UNIT_DEREF(s->service));
1964 unit_ref_unset(&s->service);
b15bdda8 1965 s->n_accepted ++;
4f2d528d 1966
1124fe6f 1967 UNIT(service)->no_gc = false;
6c073082 1968
b15bdda8 1969 unit_choose_id(UNIT(service), name);
b15bdda8 1970
16115b0a 1971 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1a710b43 1972 if (r < 0)
4f2d528d
LP		 1973 goto fail;
1974
1975 cfd = -1;
6cf6bbc2
LP		 1976 s->n_connections ++;
1977
1a710b43
MS		 1978 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1979 if (r < 0)
4f2d528d 1980 goto fail;
c4e2ceae
LP		 1981
1982 /* Notify clients about changed counters */
1983 unit_add_to_dbus_queue(UNIT(s));
4f2d528d 1984 }
034c6ed7 1985
034c6ed7
LP		 1986 return;
1987
1988fail:
f2341e0a
LP		 1989 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1990 cfd >= 0 ? "template" : "non-template",
718db961 1991 bus_error_message(&error, r));
e821075a 1992
60089004 1993 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
03e334a1 1994 safe_close(cfd);
034c6ed7
LP		 1995}
1996
cfc4eb4c 1997static void socket_run_next(Socket *s) {
034c6ed7
LP		 1998 int r;
1999
2000 assert(s);
2001 assert(s->control_command);
2002 assert(s->control_command->command_next);
2003
5e94833f
LP		 2004 socket_unwatch_control_pid(s);
2005
034c6ed7
LP		 2006 s->control_command = s->control_command->command_next;
2007
e821075a
LP		 2008 r = socket_spawn(s, s->control_command, &s->control_pid);
2009 if (r < 0)
034c6ed7
LP		 2010 goto fail;
2011
2012 return;
2013
2014fail:
f2341e0a 2015 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
80876c20
LP		 2016
2017 if (s->state == SOCKET_START_POST)
cfc4eb4c 2018 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 2019 else if (s->state == SOCKET_STOP_POST)
cfc4eb4c 2020 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 2021 else
cfc4eb4c 2022 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 2023}
2024
87f0e418
LP		 2025static int socket_start(Unit *u) {
2026 Socket *s = SOCKET(u);
83c60c9f
LP		 2027
2028 assert(s);
2029
034c6ed7
LP		 2030 /* We cannot fulfill this request right now, try again later
2031 * please! */
3900e5fd
LP		 2032 if (IN_SET(s->state,
2033 SOCKET_STOP_PRE,
2034 SOCKET_STOP_PRE_SIGKILL,
2035 SOCKET_STOP_PRE_SIGTERM,
2036 SOCKET_STOP_POST,
2037 SOCKET_FINAL_SIGTERM,
2038 SOCKET_FINAL_SIGKILL))
034c6ed7
LP		 2039 return -EAGAIN;
2040
a4152e3f 2041 /* Already on it! */
3900e5fd
LP		 2042 if (IN_SET(s->state,
2043 SOCKET_START_PRE,
2044 SOCKET_START_CHOWN,
2045 SOCKET_START_POST))
034c6ed7 2046 return 0;
83c60c9f 2047
034c6ed7 2048 /* Cannot run this without the service being around */
9444b1f2 2049 if (UNIT_ISSET(s->service)) {
57020a3a
LP		 2050 Service *service;
2051
2052 service = SERVICE(UNIT_DEREF(s->service));
2053
1124fe6f 2054 if (UNIT(service)->load_state != UNIT_LOADED) {
f2341e0a 2055 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
4f2d528d 2056 return -ENOENT;
4ac9236f 2057 }
4f2d528d 2058
35b8ca3a 2059 /* If the service is already active we cannot start the
4f2d528d 2060 * socket */
57020a3a
LP		 2061 if (service->state != SERVICE_DEAD &&
2062 service->state != SERVICE_FAILED &&
2063 service->state != SERVICE_AUTO_RESTART) {
f2341e0a 2064 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
4f2d528d 2065 return -EBUSY;
4ac9236f 2066 }
4f2d528d 2067 }
e537352b 2068
fdf20a31 2069 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
83c60c9f 2070
cfc4eb4c 2071 s->result = SOCKET_SUCCESS;
5ad096b3
LP		 2072 s->reset_cpu_usage = true;
2073
034c6ed7 2074 socket_enter_start_pre(s);
e821075a 2075
82a2b6bb 2076 return 1;
034c6ed7 2077}
83c60c9f 2078
87f0e418
LP		 2079static int socket_stop(Unit *u) {
2080 Socket *s = SOCKET(u);
034c6ed7
LP		 2081
2082 assert(s);
2083
e537352b 2084 /* Already on it */
3900e5fd
LP		 2085 if (IN_SET(s->state,
2086 SOCKET_STOP_PRE,
2087 SOCKET_STOP_PRE_SIGTERM,
2088 SOCKET_STOP_PRE_SIGKILL,
2089 SOCKET_STOP_POST,
2090 SOCKET_FINAL_SIGTERM,
2091 SOCKET_FINAL_SIGKILL))
e537352b
LP		 2092 return 0;
2093
3f6c78dc
LP		 2094 /* If there's already something running we go directly into
2095 * kill mode. */
3900e5fd
LP		 2096 if (IN_SET(s->state,
2097 SOCKET_START_PRE,
2098 SOCKET_START_CHOWN,
2099 SOCKET_START_POST)) {
cfc4eb4c 2100 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
3f6c78dc
LP		 2101 return -EAGAIN;
2102 }
2103
034c6ed7 2104 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
83c60c9f 2105
cfc4eb4c 2106 socket_enter_stop_pre(s, SOCKET_SUCCESS);
82a2b6bb 2107 return 1;
542563ba
LP		 2108}
2109
a16e1123
LP		 2110static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2111 Socket *s = SOCKET(u);
2112 SocketPort *p;
2113 int r;
2114
2115 assert(u);
2116 assert(f);
2117 assert(fds);
2118
2119 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
cfc4eb4c 2120 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
a16e1123
LP		 2121 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2122
2123 if (s->control_pid > 0)
de0671ee 2124 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
a16e1123
LP		 2125
2126 if (s->control_command_id >= 0)
2127 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2128
2129 LIST_FOREACH(port, p, s->ports) {
2130 int copy;
2131
2132 if (p->fd < 0)
2133 continue;
2134
613b411c
LP		 2135 copy = fdset_put_dup(fds, p->fd);
2136 if (copy < 0)
a16e1123
LP		 2137 return copy;
2138
2139 if (p->type == SOCKET_SOCKET) {
613b411c 2140 _cleanup_free_ char *t = NULL;
a16e1123 2141
ee092817
LP		 2142 r = socket_address_print(&p->address, &t);
2143 if (r < 0)
a16e1123
LP		 2144 return r;
2145
7a22745a
LP		 2146 if (socket_address_family(&p->address) == AF_NETLINK)
2147 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2148 else
2149 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
613b411c 2150
b0a3f2bc
LP		 2151 } else if (p->type == SOCKET_SPECIAL)
2152 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
ee092817
LP		 2153 else if (p->type == SOCKET_MQUEUE)
2154 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
60252446
PS		 2155 else if (p->type == SOCKET_USB_FUNCTION)
2156 unit_serialize_item_format(u, f, "ffs", "%i %s", copy, p->path);
b0a3f2bc 2157 else {
a16e1123
LP		 2158 assert(p->type == SOCKET_FIFO);
2159 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2160 }
2161 }
2162
2163 return 0;
2164}
2165
2166static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2167 Socket *s = SOCKET(u);
a16e1123
LP		 2168
2169 assert(u);
2170 assert(key);
2171 assert(value);
a16e1123
LP		 2172
2173 if (streq(key, "state")) {
2174 SocketState state;
2175
ee092817
LP		 2176 state = socket_state_from_string(value);
2177 if (state < 0)
f2341e0a 2178 log_unit_debug(u, "Failed to parse state value: %s", value);
a16e1123
LP		 2179 else
2180 s->deserialized_state = state;
cfc4eb4c
LP		 2181 } else if (streq(key, "result")) {
2182 SocketResult f;
a16e1123 2183
cfc4eb4c
LP		 2184 f = socket_result_from_string(value);
2185 if (f < 0)
f2341e0a 2186 log_unit_debug(u, "Failed to parse result value: %s", value);
cfc4eb4c
LP		 2187 else if (f != SOCKET_SUCCESS)
2188 s->result = f;
a16e1123
LP		 2189
2190 } else if (streq(key, "n-accepted")) {
2191 unsigned k;
2192
e364ad06 2193 if (safe_atou(value, &k) < 0)
f2341e0a 2194 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
a16e1123
LP		 2195 else
2196 s->n_accepted += k;
2197 } else if (streq(key, "control-pid")) {
5925dd3c 2198 pid_t pid;
a16e1123 2199
e364ad06 2200 if (parse_pid(value, &pid) < 0)
f2341e0a 2201 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
a16e1123 2202 else
5925dd3c 2203 s->control_pid = pid;
a16e1123
LP		 2204 } else if (streq(key, "control-command")) {
2205 SocketExecCommand id;
2206
66870f90
ZJS		 2207 id = socket_exec_command_from_string(value);
2208 if (id < 0)
f2341e0a 2209 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
a16e1123
LP		 2210 else {
2211 s->control_command_id = id;
2212 s->control_command = s->exec_command[id];
2213 }
2214 } else if (streq(key, "fifo")) {
2215 int fd, skip = 0;
2216 SocketPort *p;
2217
2218 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2219 log_unit_debug(u, "Failed to parse fifo value: %s", value);
a16e1123
LP		 2220 else {
2221
2222 LIST_FOREACH(port, p, s->ports)
b0a3f2bc 2223 if (p->type == SOCKET_FIFO &&
c78e47a6 2224 path_equal_or_files_same(p->path, value+skip))
b0a3f2bc
LP		 2225 break;
2226
2227 if (p) {
03e334a1 2228 safe_close(p->fd);
b0a3f2bc
LP		 2229 p->fd = fdset_remove(fds, fd);
2230 }
2231 }
2232
2233 } else if (streq(key, "special")) {
2234 int fd, skip = 0;
2235 SocketPort *p;
2236
2237 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2238 log_unit_debug(u, "Failed to parse special value: %s", value);
b0a3f2bc
LP		 2239 else {
2240
2241 LIST_FOREACH(port, p, s->ports)
2242 if (p->type == SOCKET_SPECIAL &&
c78e47a6 2243 path_equal_or_files_same(p->path, value+skip))
a16e1123
LP		 2244 break;
2245
2246 if (p) {
03e334a1 2247 safe_close(p->fd);
a16e1123
LP		 2248 p->fd = fdset_remove(fds, fd);
2249 }
2250 }
2251
ee092817
LP		 2252 } else if (streq(key, "mqueue")) {
2253 int fd, skip = 0;
2254 SocketPort *p;
2255
2256 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2257 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
ee092817
LP		 2258 else {
2259
2260 LIST_FOREACH(port, p, s->ports)
2261 if (p->type == SOCKET_MQUEUE &&
c78e47a6 2262 streq(p->path, value+skip))
ee092817
LP		 2263 break;
2264
2265 if (p) {
03e334a1 2266 safe_close(p->fd);
ee092817
LP		 2267 p->fd = fdset_remove(fds, fd);
2268 }
2269 }
2270
a16e1123 2271 } else if (streq(key, "socket")) {
27ca8d7a 2272 int fd, type, skip = 0;
a16e1123
LP		 2273 SocketPort *p;
2274
27ca8d7a 2275 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
f2341e0a 2276 log_unit_debug(u, "Failed to parse socket value: %s", value);
a16e1123
LP		 2277 else {
2278
2279 LIST_FOREACH(port, p, s->ports)
27ca8d7a 2280 if (socket_address_is(&p->address, value+skip, type))
a16e1123
LP		 2281 break;
2282
2283 if (p) {
03e334a1 2284 safe_close(p->fd);
a16e1123
LP		 2285 p->fd = fdset_remove(fds, fd);
2286 }
2287 }
2288
7a22745a
LP		 2289 } else if (streq(key, "netlink")) {
2290 int fd, skip = 0;
2291 SocketPort *p;
2292
2293 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2294 log_unit_debug(u, "Failed to parse socket value: %s", value);
7a22745a
LP		 2295 else {
2296
2297 LIST_FOREACH(port, p, s->ports)
2298 if (socket_address_is_netlink(&p->address, value+skip))
2299 break;
2300
2301 if (p) {
03e334a1 2302 safe_close(p->fd);
7a22745a
LP		 2303 p->fd = fdset_remove(fds, fd);
2304 }
2305 }
60252446
PS		 2306
2307 } else if (streq(key, "ffs")) {
2308 int fd, skip = 0;
2309 SocketPort *p;
2310
2311 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2312 log_unit_debug(u, "Failed to parse ffs value: %s", value);
2313 else {
2314
2315 LIST_FOREACH(port, p, s->ports)
2316 if (p->type == SOCKET_USB_FUNCTION &&
2317 path_equal_or_files_same(p->path, value+skip))
2318 break;
2319
2320 if (p) {
2321 safe_close(p->fd);
2322 p->fd = fdset_remove(fds, fd);
2323 }
2324 }
2325
a16e1123 2326 } else
f2341e0a 2327 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
a16e1123
LP		 2328
2329 return 0;
2330}
2331
01e10de3
LP		 2332static int socket_distribute_fds(Unit *u, FDSet *fds) {
2333 Socket *s = SOCKET(u);
2334 SocketPort *p;
2335
2336 assert(u);
2337
2338 LIST_FOREACH(port, p, s->ports) {
2339 Iterator i;
2340 int fd;
2341
2342 if (p->type != SOCKET_SOCKET)
2343 continue;
2344
2345 if (p->fd >= 0)
2346 continue;
2347
2348 FDSET_FOREACH(fd, fds, i) {
2349 if (socket_address_matches_fd(&p->address, fd)) {
2350 p->fd = fdset_remove(fds, fd);
2351 s->deserialized_state = SOCKET_LISTENING;
2352 break;
2353 }
2354 }
2355 }
2356
2357 return 0;
2358}
2359
44a6b1b6 2360_pure_ static UnitActiveState socket_active_state(Unit *u) {
87f0e418 2361 assert(u);
5cb5a6ff 2362
acbb0225 2363 return state_translation_table[SOCKET(u)->state];
5cb5a6ff
LP		 2364}
2365
44a6b1b6 2366_pure_ static const char *socket_sub_state_to_string(Unit *u) {
10a94420
LP		 2367 assert(u);
2368
a16e1123 2369 return socket_state_to_string(SOCKET(u)->state);
10a94420
LP		 2370}
2371
67419600
OS		 2372const char* socket_port_type_to_string(SocketPort *p) {
2373
2374 assert(p);
2375
2376 switch (p->type) {
718db961
LP		 2377
2378 case SOCKET_SOCKET:
2379
2380 switch (p->address.type) {
2381
2382 case SOCK_STREAM:
2383 return "Stream";
2384
2385 case SOCK_DGRAM:
2386 return "Datagram";
2387
2388 case SOCK_SEQPACKET:
2389 return "SequentialPacket";
2390
2391 case SOCK_RAW:
2392 if (socket_address_family(&p->address) == AF_NETLINK)
2393 return "Netlink";
2394
2395 default:
2396 return NULL;
2397 }
2398
2399 case SOCKET_SPECIAL:
2400 return "Special";
2401
2402 case SOCKET_MQUEUE:
2403 return "MessageQueue";
2404
2405 case SOCKET_FIFO:
2406 return "FIFO";
2407
60252446
PS		 2408 case SOCKET_USB_FUNCTION:
2409 return "USBFunction";
2410
718db961
LP		 2411 default:
2412 return NULL;
67419600
OS		 2413 }
2414}
2415
44a6b1b6 2416_pure_ static bool socket_check_gc(Unit *u) {
6cf6bbc2
LP		 2417 Socket *s = SOCKET(u);
2418
2419 assert(u);
2420
2421 return s->n_connections > 0;
2422}
2423
718db961
LP		 2424static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2425 SocketPort *p = userdata;
4f2d528d 2426 int cfd = -1;
9152c765 2427
718db961 2428 assert(p);
8d567588 2429 assert(fd >= 0);
9152c765 2430
718db961
LP		 2431 if (p->socket->state != SOCKET_LISTENING)
2432 return 0;
871d7de4 2433
f2341e0a 2434 log_unit_debug(UNIT(p->socket), "Incoming traffic");
9152c765 2435
718db961 2436 if (revents != EPOLLIN) {
641e01dc 2437
718db961 2438 if (revents & EPOLLHUP)
f2341e0a 2439 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
641e01dc 2440 else
f2341e0a 2441 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
8d567588 2442 goto fail;
4f2d528d
LP		 2443 }
2444
718db961
LP		 2445 if (p->socket->accept &&
2446 p->type == SOCKET_SOCKET &&
2447 socket_address_can_accept(&p->address)) {
2448
4f2d528d
LP		 2449 for (;;) {
2450
b14eda96
LP		 2451 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2452 if (cfd < 0) {
4f2d528d
LP		 2453
2454 if (errno == EINTR)
2455 continue;
2456
f2341e0a 2457 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
8d567588 2458 goto fail;
4f2d528d
LP		 2459 }
2460
2461 break;
2462 }
4fd5948e 2463
718db961 2464 socket_apply_socket_options(p->socket, cfd);
4f2d528d 2465 }
9152c765 2466
718db961
LP		 2467 socket_enter_running(p->socket, cfd);
2468 return 0;
8d567588
LP		 2469
2470fail:
718db961
LP		 2471 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2472 return 0;
9152c765
LP		 2473}
2474
87f0e418
LP		 2475static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2476 Socket *s = SOCKET(u);
cfc4eb4c 2477 SocketResult f;
5cb5a6ff
LP		 2478
2479 assert(s);
034c6ed7 2480 assert(pid >= 0);
5cb5a6ff 2481
8c47c732
LP		 2482 if (pid != s->control_pid)
2483 return;
542563ba 2484
034c6ed7
LP		 2485 s->control_pid = 0;
2486
96342de6 2487 if (is_clean_exit(code, status, NULL))
cfc4eb4c
LP		 2488 f = SOCKET_SUCCESS;
2489 else if (code == CLD_EXITED)
2490 f = SOCKET_FAILURE_EXIT_CODE;
2491 else if (code == CLD_KILLED)
2492 f = SOCKET_FAILURE_SIGNAL;
2493 else if (code == CLD_DUMPED)
2494 f = SOCKET_FAILURE_CORE_DUMP;
2495 else
a4152e3f 2496 assert_not_reached("Unknown sigchld code");
8c47c732 2497
b708e7ce 2498 if (s->control_command) {
6ea832a2 2499 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
a16e1123 2500
b708e7ce 2501 if (s->control_command->ignore)
cfc4eb4c 2502 f = SOCKET_SUCCESS;
b708e7ce
LP		 2503 }
2504
f2341e0a
LP		 2505 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2506 "Control process exited, code=%s status=%i",
2507 sigchld_code_to_string(code), status);
034c6ed7 2508
cfc4eb4c
LP		 2509 if (f != SOCKET_SUCCESS)
2510 s->result = f;
2511
2512 if (s->control_command &&
2513 s->control_command->command_next &&
2514 f == SOCKET_SUCCESS) {
2515
f2341e0a 2516 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
cfc4eb4c 2517 socket_run_next(s);
acbb0225 2518 } else {
a16e1123
LP		 2519 s->control_command = NULL;
2520 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2521
034c6ed7
LP		 2522 /* No further commands for this step, so let's figure
2523 * out what to do next */
5cb5a6ff 2524
f2341e0a 2525 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
acbb0225 2526
034c6ed7
LP		 2527 switch (s->state) {
2528
2529 case SOCKET_START_PRE:
cfc4eb4c 2530 if (f == SOCKET_SUCCESS)
3900e5fd 2531 socket_enter_start_chown(s);
034c6ed7 2532 else
cfc4eb4c 2533 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
034c6ed7
LP		 2534 break;
2535
3900e5fd
LP		 2536 case SOCKET_START_CHOWN:
2537 if (f == SOCKET_SUCCESS)
2538 socket_enter_start_post(s);
2539 else
2540 socket_enter_stop_pre(s, f);
2541 break;
2542
034c6ed7 2543 case SOCKET_START_POST:
cfc4eb4c 2544 if (f == SOCKET_SUCCESS)
e9af15c3 2545 socket_enter_listening(s);
034c6ed7 2546 else
cfc4eb4c 2547 socket_enter_stop_pre(s, f);
034c6ed7
LP		 2548 break;
2549
2550 case SOCKET_STOP_PRE:
2551 case SOCKET_STOP_PRE_SIGTERM:
2552 case SOCKET_STOP_PRE_SIGKILL:
cfc4eb4c 2553 socket_enter_stop_post(s, f);
034c6ed7
LP		 2554 break;
2555
2556 case SOCKET_STOP_POST:
80876c20
LP		 2557 case SOCKET_FINAL_SIGTERM:
2558 case SOCKET_FINAL_SIGKILL:
cfc4eb4c 2559 socket_enter_dead(s, f);
034c6ed7
LP		 2560 break;
2561
2562 default:
2563 assert_not_reached("Uh, control process died at wrong time.");
2564 }
2565 }
c4e2ceae
LP		 2566
2567 /* Notify clients about changed exit status */
2568 unit_add_to_dbus_queue(u);
034c6ed7 2569}
5cb5a6ff 2570
718db961
LP		 2571static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2572 Socket *s = SOCKET(userdata);
5cb5a6ff 2573
034c6ed7 2574 assert(s);
718db961 2575 assert(s->timer_event_source == source);
034c6ed7
LP		 2576
2577 switch (s->state) {
2578
2579 case SOCKET_START_PRE:
f2341e0a 2580 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
cfc4eb4c 2581 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
da19d5c1 2582 break;
80876c20 2583
3900e5fd 2584 case SOCKET_START_CHOWN:
034c6ed7 2585 case SOCKET_START_POST:
f2341e0a 2586 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
cfc4eb4c 2587 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2588 break;
2589
2590 case SOCKET_STOP_PRE:
f2341e0a 2591 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
cfc4eb4c 2592 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2593 break;
2594
2595 case SOCKET_STOP_PRE_SIGTERM:
4819ff03 2596 if (s->kill_context.send_sigkill) {
f2341e0a 2597 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
cfc4eb4c 2598 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2599 } else {
f2341e0a 2600 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
cfc4eb4c 2601 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2602 }
034c6ed7
LP		 2603 break;
2604
2605 case SOCKET_STOP_PRE_SIGKILL:
f2341e0a 2606 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
cfc4eb4c 2607 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2608 break;
2609
2610 case SOCKET_STOP_POST:
f2341e0a 2611 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
cfc4eb4c 2612 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2613 break;
2614
80876c20 2615 case SOCKET_FINAL_SIGTERM:
4819ff03 2616 if (s->kill_context.send_sigkill) {
f2341e0a 2617 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
cfc4eb4c 2618 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2619 } else {
f2341e0a 2620 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
cfc4eb4c 2621 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2622 }
034c6ed7
LP		 2623 break;
2624
80876c20 2625 case SOCKET_FINAL_SIGKILL:
f2341e0a 2626 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
cfc4eb4c 2627 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2628 break;
2629
2630 default:
2631 assert_not_reached("Timeout at wrong time.");
2632 }
718db961
LP		 2633
2634 return 0;
5cb5a6ff
LP		 2635}
2636
79c7626d
LP		 2637int socket_collect_fds(Socket *s, int **fds) {
2638 int *rfds, k = 0, n = 0;
44d8db9e
LP		 2639 SocketPort *p;
2640
2641 assert(s);
2642 assert(fds);
44d8db9e
LP		 2643
2644 /* Called from the service code for requesting our fds */
2645
15087cdb 2646 LIST_FOREACH(port, p, s->ports) {
44d8db9e 2647 if (p->fd >= 0)
79c7626d
LP		 2648 n++;
2649 n += p->n_auxiliary_fds;
15087cdb 2650 }
44d8db9e 2651
79c7626d 2652 if (n <= 0) {
de3756ab 2653 *fds = NULL;
de3756ab
LP		 2654 return 0;
2655 }
2656
79c7626d 2657 rfds = new(int, n);
e5403f09 2658 if (!rfds)
44d8db9e
LP		 2659 return -ENOMEM;
2660
15087cdb 2661 LIST_FOREACH(port, p, s->ports) {
79c7626d
LP		 2662 int i;
2663
44d8db9e
LP		 2664 if (p->fd >= 0)
2665 rfds[k++] = p->fd;
15087cdb
PS		 2666 for (i = 0; i < p->n_auxiliary_fds; ++i)
2667 rfds[k++] = p->auxiliary_fds[i];
2668 }
44d8db9e 2669
79c7626d 2670 assert(k == n);
44d8db9e
LP		 2671
2672 *fds = rfds;
79c7626d 2673 return n;
44d8db9e
LP		 2674}
2675
e821075a
LP		 2676static void socket_reset_failed(Unit *u) {
2677 Socket *s = SOCKET(u);
2678
2679 assert(s);
2680
2681 if (s->state == SOCKET_FAILED)
2682 socket_set_state(s, SOCKET_DEAD);
2683
2684 s->result = SOCKET_SUCCESS;
2685}
2686
d137a488 2687static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
ceee3d82
LP		 2688 assert(s);
2689
6cf6bbc2
LP		 2690 /* The service is dead. Dang!
2691 *
2692 * This is strictly for one-instance-for-all-connections
2693 * services. */
ceee3d82
LP		 2694
2695 if (s->state == SOCKET_RUNNING) {
f2341e0a 2696 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
6bda96a0
LP		 2697 if (failed_permanent)
2698 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
c2f34808
MS		 2699 else
2700 socket_enter_listening(s);
ceee3d82
LP		 2701 }
2702}
2703
6cf6bbc2
LP		 2704void socket_connection_unref(Socket *s) {
2705 assert(s);
2706
2707 /* The service is dead. Yay!
2708 *
35b8ca3a 2709 * This is strictly for one-instance-per-connection
6cf6bbc2
LP		 2710 * services. */
2711
2712 assert(s->n_connections > 0);
2713 s->n_connections--;
2714
f2341e0a 2715 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
5632e374
LP		 2716}
2717
d137a488
UTL		 2718static void socket_trigger_notify(Unit *u, Unit *other) {
2719 Socket *s = SOCKET(u);
e821075a 2720 Service *se;
d137a488
UTL		 2721
2722 assert(u);
2723 assert(other);
2724
2725 /* Don't propagate state changes from the service if we are
2726 already down or accepting connections */
920b52e4 2727 if ((s->state != SOCKET_RUNNING &&
d137a488
UTL		 2728 s->state != SOCKET_LISTENING) ||
2729 s->accept)
2730 return;
2731
2732 if (other->load_state != UNIT_LOADED ||
2733 other->type != UNIT_SERVICE)
2734 return;
2735
e821075a
LP		 2736 se = SERVICE(other);
2737
d137a488
UTL		 2738 if (se->state == SERVICE_FAILED)
2739 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2740
2741 if (se->state == SERVICE_DEAD ||
d137a488
UTL		 2742 se->state == SERVICE_FINAL_SIGTERM ||
2743 se->state == SERVICE_FINAL_SIGKILL ||
2744 se->state == SERVICE_AUTO_RESTART)
2745 socket_notify_service_dead(s, false);
2746
2747 if (se->state == SERVICE_RUNNING)
2748 socket_set_state(s, SOCKET_RUNNING);
2749}
2750
718db961 2751static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
814cc562 2752 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
8a0867d6
LP		 2753}
2754
68db7a3b
ZJS		 2755static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2756 Socket *s = SOCKET(u);
2757 int r;
2758
2759 if (!s->timer_event_source)
2760 return 0;
2761
2762 r = sd_event_source_get_time(s->timer_event_source, timeout);
2763 if (r < 0)
2764 return r;
2765
2766 return 1;
2767}
2768
8dd4c05b
LP		 2769char *socket_fdname(Socket *s) {
2770 assert(s);
2771
2772 /* Returns the name to use for $LISTEN_NAMES. If the user
2773 * didn't specify anything specifically, use the socket unit's
2774 * name as fallback. */
2775
2776 if (s->fdname)
2777 return s->fdname;
2778
2779 return UNIT(s)->id;
2780}
2781
a16e1123
LP		 2782static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2783 [SOCKET_EXEC_START_PRE] = "StartPre",
3900e5fd 2784 [SOCKET_EXEC_START_CHOWN] = "StartChown",
a16e1123
LP		 2785 [SOCKET_EXEC_START_POST] = "StartPost",
2786 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2787 [SOCKET_EXEC_STOP_POST] = "StopPost"
2788};
2789
2790DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2791
cfc4eb4c
LP		 2792static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2793 [SOCKET_SUCCESS] = "success",
2794 [SOCKET_FAILURE_RESOURCES] = "resources",
2795 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2796 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2797 [SOCKET_FAILURE_SIGNAL] = "signal",
c2f34808 2798 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
6bda96a0 2799 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
cfc4eb4c
LP		 2800};
2801
2802DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2803
87f0e418 2804const UnitVTable socket_vtable = {
7d17cfbc 2805 .object_size = sizeof(Socket),
718db961
LP		 2806 .exec_context_offset = offsetof(Socket, exec_context),
2807 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2808 .kill_context_offset = offsetof(Socket, kill_context),
613b411c 2809 .exec_runtime_offset = offsetof(Socket, exec_runtime),
3ef63c31 2810
f975e971
LP		 2811 .sections =
2812 "Unit\0"
2813 "Socket\0"
2814 "Install\0",
4ad49000 2815 .private_section = "Socket",
71645aca 2816
034c6ed7
LP		 2817 .init = socket_init,
2818 .done = socket_done,
a16e1123
LP		 2819 .load = socket_load,
2820
2821 .coldplug = socket_coldplug,
034c6ed7 2822
5cb5a6ff
LP		 2823 .dump = socket_dump,
2824
542563ba
LP		 2825 .start = socket_start,
2826 .stop = socket_stop,
5cb5a6ff 2827
718db961
LP		 2828 .kill = socket_kill,
2829
68db7a3b
ZJS		 2830 .get_timeout = socket_get_timeout,
2831
a16e1123
LP		 2832 .serialize = socket_serialize,
2833 .deserialize_item = socket_deserialize_item,
01e10de3 2834 .distribute_fds = socket_distribute_fds,
a16e1123 2835
5cb5a6ff 2836 .active_state = socket_active_state,
10a94420 2837 .sub_state_to_string = socket_sub_state_to_string,
5cb5a6ff 2838
6cf6bbc2
LP		 2839 .check_gc = socket_check_gc,
2840
034c6ed7 2841 .sigchld_event = socket_sigchld_event,
4139c1b2 2842
d137a488
UTL		 2843 .trigger_notify = socket_trigger_notify,
2844
fdf20a31 2845 .reset_failed = socket_reset_failed,
5632e374 2846
718db961 2847 .bus_vtable = bus_socket_vtable,
74c964d3
LP		 2848 .bus_set_property = bus_socket_set_property,
2849 .bus_commit_properties = bus_socket_commit_properties,
c6918296
MS		 2850
2851 .status_message_formats = {
2852 /*.starting_stopping = {
2853 [0] = "Starting socket %s...",
2854 [1] = "Stopping socket %s...",
2855 },*/
2856 .finished_start_job = {
2857 [JOB_DONE] = "Listening on %s.",
2858 [JOB_FAILED] = "Failed to listen on %s.",
c6918296
MS		 2859 [JOB_TIMEOUT] = "Timed out starting %s.",
2860 },
2861 .finished_stop_job = {
2862 [JOB_DONE] = "Closed %s.",
2863 [JOB_FAILED] = "Failed stopping %s.",
2864 [JOB_TIMEOUT] = "Timed out stopping %s.",
2865 },
2866 },
5cb5a6ff 2867};
Unnamed repository; edit this file 'description' to name the repository.