]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/socket.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
util: split out escaping code into escape.[ch]
[thirdparty/systemd.git] / src / core / socket.c
CommitLineData
d6c9574f 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
5cb5a6ff 2
a7334b09
LP		 3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
a7334b09 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
e8da24a6 22#include <arpa/inet.h>
83c60c9f
LP		 23#include <errno.h>
24#include <fcntl.h>
916abb21 25#include <mqueue.h>
e8da24a6
LP		 26#include <netinet/tcp.h>
27#include <signal.h>
28#include <sys/epoll.h>
29#include <sys/stat.h>
30#include <unistd.h>
83c60c9f 31
718db961 32#include "sd-event.h"
e8da24a6
LP		 33
34#include "bus-error.h"
35#include "bus-util.h"
36#include "copy.h"
37#include "dbus-socket.h"
38#include "def.h"
39#include "exit-status.h"
40#include "formats-util.h"
41#include "label.h"
83c60c9f 42#include "log.h"
e8da24a6 43#include "missing.h"
49e942b2 44#include "mkdir.h"
9eb977db 45#include "path-util.h"
d7b8eec7 46#include "selinux-util.h"
24882e06 47#include "signal-util.h"
e8da24a6 48#include "smack-util.h"
24882e06 49#include "socket.h"
e8da24a6
LP		 50#include "special.h"
51#include "strv.h"
52#include "unit-name.h"
53#include "unit-printf.h"
54#include "unit.h"
83c60c9f 55
acbb0225 56static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
87f0e418
LP		 57 [SOCKET_DEAD] = UNIT_INACTIVE,
58 [SOCKET_START_PRE] = UNIT_ACTIVATING,
3900e5fd 59 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
87f0e418
LP		 60 [SOCKET_START_POST] = UNIT_ACTIVATING,
61 [SOCKET_LISTENING] = UNIT_ACTIVE,
62 [SOCKET_RUNNING] = UNIT_ACTIVE,
63 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
66 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
80876c20
LP		 67 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
68 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
fdf20a31 69 [SOCKET_FAILED] = UNIT_FAILED
83c60c9f 70};
5cb5a6ff 71
718db961
LP		 72static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
73static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
74
a16e1123
LP		 75static void socket_init(Unit *u) {
76 Socket *s = SOCKET(u);
77
78 assert(u);
ac155bb8 79 assert(u->load_state == UNIT_STUB);
a16e1123 80
a16e1123 81 s->backlog = SOMAXCONN;
1f19a534 82 s->timeout_usec = u->manager->default_timeout_start_usec;
a16e1123 83 s->directory_mode = 0755;
9131f660 84 s->socket_mode = 0666;
a16e1123 85
6cf6bbc2
LP		 86 s->max_connections = 64;
87
4fd5948e 88 s->priority = -1;
4fd5948e
LP		 89 s->ip_tos = -1;
90 s->ip_ttl = -1;
4fd5948e 91 s->mark = -1;
4fd5948e 92
ac155bb8
MS		 93 s->exec_context.std_output = u->manager->default_std_output;
94 s->exec_context.std_error = u->manager->default_std_error;
085afe36 95
a16e1123
LP		 96 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
97}
acbb0225 98
5e94833f
LP		 99static void socket_unwatch_control_pid(Socket *s) {
100 assert(s);
101
102 if (s->control_pid <= 0)
103 return;
104
105 unit_unwatch_pid(UNIT(s), s->control_pid);
106 s->control_pid = 0;
107}
108
15087cdb
PS		 109static void socket_cleanup_fd_list(SocketPort *p) {
110 int k = p->n_auxiliary_fds;
111
112 while (k--)
113 safe_close(p->auxiliary_fds[k]);
114
115 p->auxiliary_fds = mfree(p->auxiliary_fds);
116 p->n_auxiliary_fds = 0;
117}
118
74051b9b 119void socket_free_ports(Socket *s) {
034c6ed7
LP		 120 SocketPort *p;
121
122 assert(s);
123
124 while ((p = s->ports)) {
71fda00f 125 LIST_REMOVE(port, s->ports, p);
034c6ed7 126
718db961
LP		 127 sd_event_source_unref(p->event_source);
128
15087cdb 129 socket_cleanup_fd_list(p);
03e334a1 130 safe_close(p->fd);
034c6ed7
LP		 131 free(p->path);
132 free(p);
133 }
74051b9b
LP		 134}
135
136static void socket_done(Unit *u) {
137 Socket *s = SOCKET(u);
138
139 assert(s);
140
141 socket_free_ports(s);
034c6ed7 142
613b411c 143 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
e537352b 144 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
034c6ed7
LP		 145 s->control_command = NULL;
146
5e94833f 147 socket_unwatch_control_pid(s);
034c6ed7 148
57020a3a 149 unit_ref_unset(&s->service);
034c6ed7 150
a1e58e8e
LP		 151 s->tcp_congestion = mfree(s->tcp_congestion);
152 s->bind_to_device = mfree(s->bind_to_device);
acbb0225 153
0eb59ccf
AK		 154 free(s->smack);
155 free(s->smack_ip_in);
156 free(s->smack_ip_out);
157
811ba7a0
LP		 158 strv_free(s->symlinks);
159
3900e5fd
LP		 160 free(s->user);
161 free(s->group);
162
718db961
LP		 163 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
164}
165
166static int socket_arm_timer(Socket *s) {
167 int r;
168
169 assert(s);
170
171 if (s->timeout_usec <= 0) {
172 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
173 return 0;
174 }
175
176 if (s->timer_event_source) {
177 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
178 if (r < 0)
179 return r;
180
181 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
182 }
183
7dfbe2e3 184 r = sd_event_add_time(
6a0f1f6d
LP		 185 UNIT(s)->manager->event,
186 &s->timer_event_source,
187 CLOCK_MONOTONIC,
188 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
189 socket_dispatch_timer, s);
7dfbe2e3
TG		 190 if (r < 0)
191 return r;
192
193 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
194
195 return 0;
5cb5a6ff
LP		 196}
197
8b835fcc
ZJS		 198int socket_instantiate_service(Socket *s) {
199 _cleanup_free_ char *prefix = NULL, *name = NULL;
b15bdda8
LP		 200 int r;
201 Unit *u;
202
203 assert(s);
204
205 /* This fills in s->service if it isn't filled in yet. For
206 * Accept=yes sockets we create the next connection service
207 * here. For Accept=no this is mostly a NOP since the service
208 * is figured out at load time anyway. */
209
7410616c 210 if (UNIT_DEREF(s->service))
b15bdda8
LP		 211 return 0;
212
7410616c
LP		 213 if (!s->accept)
214 return 0;
215
216 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
217 if (r < 0)
218 return r;
b15bdda8 219
315db1a8 220 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
b15bdda8
LP		 221 return -ENOMEM;
222
1124fe6f 223 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
b15bdda8
LP		 224 if (r < 0)
225 return r;
226
ac155bb8 227 u->no_gc = true;
57020a3a
LP		 228 unit_ref_set(&s->service, u);
229
230 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
b15bdda8
LP		 231}
232
4f2d528d
LP		 233static bool have_non_accept_socket(Socket *s) {
234 SocketPort *p;
235
236 assert(s);
237
238 if (!s->accept)
239 return true;
240
dd5ad9d4
LP		 241 LIST_FOREACH(port, p, s->ports) {
242
243 if (p->type != SOCKET_SOCKET)
244 return true;
245
4f2d528d
LP		 246 if (!socket_address_can_accept(&p->address))
247 return true;
dd5ad9d4 248 }
4f2d528d
LP		 249
250 return false;
251}
252
a57f7e2c 253static int socket_add_mount_links(Socket *s) {
6e2ef85b 254 SocketPort *p;
6e2ef85b
LP		 255 int r;
256
257 assert(s);
6e2ef85b 258
a57f7e2c
LP		 259 LIST_FOREACH(port, p, s->ports) {
260 const char *path = NULL;
6e2ef85b 261
a57f7e2c
LP		 262 if (p->type == SOCKET_SOCKET)
263 path = socket_address_get_path(&p->address);
60252446 264 else if (IN_SET(p->type, SOCKET_FIFO, SOCKET_SPECIAL, SOCKET_USB_FUNCTION))
a57f7e2c 265 path = p->path;
6e2ef85b 266
a57f7e2c
LP		 267 if (!path)
268 continue;
6e2ef85b 269
a57f7e2c 270 r = unit_require_mounts_for(UNIT(s), path);
b87705cd 271 if (r < 0)
6e2ef85b 272 return r;
b87705cd 273 }
6e2ef85b
LP		 274
275 return 0;
276}
277
278static int socket_add_device_link(Socket *s) {
279 char *t;
6e2ef85b
LP		 280
281 assert(s);
282
7d0c710d 283 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
6e2ef85b
LP		 284 return 0;
285
63c372cb 286 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
e821075a 287 return unit_add_node_link(UNIT(s), t, false);
6e2ef85b
LP		 288}
289
a40eb732
LP		 290static int socket_add_default_dependencies(Socket *s) {
291 int r;
292 assert(s);
293
e3d84721
LP		 294 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
295 if (r < 0)
296 return r;
2a77d31d 297
b2c23da8 298 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
e3d84721
LP		 299 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
300 if (r < 0)
a40eb732 301 return r;
2a77d31d 302 }
a40eb732 303
ead8e478 304 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
a40eb732
LP		 305}
306
44a6b1b6 307_pure_ static bool socket_has_exec(Socket *s) {
4cfc6dbe
LP		 308 unsigned i;
309 assert(s);
310
311 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
312 if (s->exec_command[i])
313 return true;
314
315 return false;
316}
317
e821075a
LP		 318static int socket_add_extras(Socket *s) {
319 Unit *u = UNIT(s);
e537352b 320 int r;
44d8db9e 321
e821075a 322 assert(s);
57020a3a 323
e821075a 324 if (have_non_accept_socket(s)) {
23a177ef 325
e821075a
LP		 326 if (!UNIT_DEREF(s->service)) {
327 Unit *x;
57020a3a 328
e821075a 329 r = unit_load_related_unit(u, ".service", &x);
57020a3a 330 if (r < 0)
4f2d528d 331 return r;
e821075a
LP		 332
333 unit_ref_set(&s->service, x);
4f2d528d 334 }
44d8db9e 335
e821075a
LP		 336 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
337 if (r < 0)
6e2ef85b 338 return r;
e821075a 339 }
6e2ef85b 340
e821075a
LP		 341 r = socket_add_mount_links(s);
342 if (r < 0)
343 return r;
6e2ef85b 344
e821075a
LP		 345 r = socket_add_device_link(s);
346 if (r < 0)
347 return r;
348
598459ce 349 r = unit_patch_contexts(u);
e821075a
LP		 350 if (r < 0)
351 return r;
352
353 if (socket_has_exec(s)) {
354 r = unit_add_exec_dependencies(u, &s->exec_context);
355 if (r < 0)
356 return r;
23a177ef 357
d79200e2 358 r = unit_set_default_slice(u);
a016b922
LP		 359 if (r < 0)
360 return r;
e821075a 361 }
a016b922 362
e821075a
LP		 363 if (u->default_dependencies) {
364 r = socket_add_default_dependencies(s);
365 if (r < 0)
366 return r;
367 }
368
369 return 0;
370}
371
811ba7a0
LP		 372static const char *socket_find_symlink_target(Socket *s) {
373 const char *found = NULL;
374 SocketPort *p;
375
376 LIST_FOREACH(port, p, s->ports) {
377 const char *f = NULL;
378
379 switch (p->type) {
380
381 case SOCKET_FIFO:
382 f = p->path;
383 break;
384
385 case SOCKET_SOCKET:
386 if (p->address.sockaddr.un.sun_path[0] != 0)
387 f = p->address.sockaddr.un.sun_path;
388 break;
389
390 default:
391 break;
392 }
393
394 if (f) {
395 if (found)
396 return NULL;
397
398 found = f;
399 }
400 }
401
402 return found;
403}
404
e821075a
LP		 405static int socket_verify(Socket *s) {
406 assert(s);
407
408 if (UNIT(s)->load_state != UNIT_LOADED)
409 return 0;
410
411 if (!s->ports) {
f2341e0a 412 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
e821075a
LP		 413 return -EINVAL;
414 }
415
416 if (s->accept && have_non_accept_socket(s)) {
f2341e0a 417 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
e821075a
LP		 418 return -EINVAL;
419 }
420
421 if (s->accept && s->max_connections <= 0) {
f2341e0a 422 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
e821075a
LP		 423 return -EINVAL;
424 }
e06c73cc 425
e821075a 426 if (s->accept && UNIT_DEREF(s->service)) {
f2341e0a 427 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
e821075a
LP		 428 return -EINVAL;
429 }
430
431 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
f2341e0a 432 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
e821075a
LP		 433 return -EINVAL;
434 }
435
811ba7a0 436 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
f2341e0a 437 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
811ba7a0
LP		 438 return -EINVAL;
439 }
440
e821075a
LP		 441 return 0;
442}
443
444static int socket_load(Unit *u) {
445 Socket *s = SOCKET(u);
446 int r;
447
448 assert(u);
449 assert(u->load_state == UNIT_STUB);
450
451 r = unit_load_fragment_and_dropin(u);
452 if (r < 0)
453 return r;
454
455 if (u->load_state == UNIT_LOADED) {
456 /* This is a new unit? Then let's add in some extras */
457 r = socket_add_extras(s);
e06c73cc
LP		 458 if (r < 0)
459 return r;
23a177ef
LP		 460 }
461
4f2d528d 462 return socket_verify(s);
44d8db9e
LP		 463}
464
44a6b1b6 465_const_ static const char* listen_lookup(int family, int type) {
7a22745a
LP		 466
467 if (family == AF_NETLINK)
468 return "ListenNetlink";
542563ba
LP		 469
470 if (type == SOCK_STREAM)
471 return "ListenStream";
472 else if (type == SOCK_DGRAM)
473 return "ListenDatagram";
474 else if (type == SOCK_SEQPACKET)
475 return "ListenSequentialPacket";
476
034c6ed7 477 assert_not_reached("Unknown socket type");
542563ba
LP		 478 return NULL;
479}
480
87f0e418 481static void socket_dump(Unit *u, FILE *f, const char *prefix) {
209e9dcd 482 char time_string[FORMAT_TIMESPAN_MAX];
5cb5a6ff 483 SocketExecCommand c;
87f0e418 484 Socket *s = SOCKET(u);
542563ba 485 SocketPort *p;
82ba9f08 486 const char *prefix2;
5cb5a6ff
LP		 487
488 assert(s);
fa068367 489 assert(f);
5cb5a6ff 490
4c940960 491 prefix = strempty(prefix);
63c372cb 492 prefix2 = strjoina(prefix, "\t");
c43d20a0 493
5cb5a6ff
LP		 494 fprintf(f,
495 "%sSocket State: %s\n"
81a5c6d0 496 "%sResult: %s\n"
542563ba 497 "%sBindIPv6Only: %s\n"
b5a0699f
LP		 498 "%sBacklog: %u\n"
499 "%sSocketMode: %04o\n"
4fd5948e
LP		 500 "%sDirectoryMode: %04o\n"
501 "%sKeepAlive: %s\n"
4427c3f4 502 "%sNoDelay: %s\n"
cebf8b20 503 "%sFreeBind: %s\n"
6b6d2dee 504 "%sTransparent: %s\n"
ec6370a2 505 "%sBroadcast: %s\n"
ede3deb4 506 "%sPassCredentials: %s\n"
54ecda32 507 "%sPassSecurity: %s\n"
bd1fe7c7 508 "%sTCPCongestion: %s\n"
16115b0a 509 "%sRemoveOnStop: %s\n"
55301ec0 510 "%sWritable: %s\n"
8dd4c05b 511 "%sFDName: %s\n"
16115b0a 512 "%sSELinuxContextFromNet: %s\n",
a16e1123 513 prefix, socket_state_to_string(s->state),
81a5c6d0 514 prefix, socket_result_to_string(s->result),
c0120d99 515 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
b5a0699f
LP		 516 prefix, s->backlog,
517 prefix, s->socket_mode,
4fd5948e
LP		 518 prefix, s->directory_mode,
519 prefix, yes_no(s->keep_alive),
4427c3f4 520 prefix, yes_no(s->no_delay),
cebf8b20 521 prefix, yes_no(s->free_bind),
6b6d2dee 522 prefix, yes_no(s->transparent),
ec6370a2 523 prefix, yes_no(s->broadcast),
d68af586 524 prefix, yes_no(s->pass_cred),
54ecda32 525 prefix, yes_no(s->pass_sec),
bd1fe7c7 526 prefix, strna(s->tcp_congestion),
16115b0a 527 prefix, yes_no(s->remove_on_stop),
55301ec0 528 prefix, yes_no(s->writable),
8dd4c05b 529 prefix, socket_fdname(s),
16115b0a 530 prefix, yes_no(s->selinux_context_from_net));
542563ba 531
70123e68
LP		 532 if (s->control_pid > 0)
533 fprintf(f,
de0671ee
ZJS		 534 "%sControl PID: "PID_FMT"\n",
535 prefix, s->control_pid);
70123e68 536
acbb0225
LP		 537 if (s->bind_to_device)
538 fprintf(f,
539 "%sBindToDevice: %s\n",
540 prefix, s->bind_to_device);
541
4f2d528d
LP		 542 if (s->accept)
543 fprintf(f,
6cf6bbc2
LP		 544 "%sAccepted: %u\n"
545 "%sNConnections: %u\n"
546 "%sMaxConnections: %u\n",
547 prefix, s->n_accepted,
548 prefix, s->n_connections,
549 prefix, s->max_connections);
4f2d528d 550
4fd5948e
LP		 551 if (s->priority >= 0)
552 fprintf(f,
553 "%sPriority: %i\n",
554 prefix, s->priority);
555
556 if (s->receive_buffer > 0)
557 fprintf(f,
558 "%sReceiveBuffer: %zu\n",
559 prefix, s->receive_buffer);
560
561 if (s->send_buffer > 0)
562 fprintf(f,
563 "%sSendBuffer: %zu\n",
564 prefix, s->send_buffer);
565
566 if (s->ip_tos >= 0)
567 fprintf(f,
568 "%sIPTOS: %i\n",
569 prefix, s->ip_tos);
570
571 if (s->ip_ttl >= 0)
572 fprintf(f,
573 "%sIPTTL: %i\n",
574 prefix, s->ip_ttl);
575
576 if (s->pipe_size > 0)
577 fprintf(f,
578 "%sPipeSize: %zu\n",
579 prefix, s->pipe_size);
580
581 if (s->mark >= 0)
582 fprintf(f,
583 "%sMark: %i\n",
584 prefix, s->mark);
585
916abb21
LP		 586 if (s->mq_maxmsg > 0)
587 fprintf(f,
588 "%sMessageQueueMaxMessages: %li\n",
589 prefix, s->mq_maxmsg);
590
591 if (s->mq_msgsize > 0)
592 fprintf(f,
593 "%sMessageQueueMessageSize: %li\n",
594 prefix, s->mq_msgsize);
595
718db961 596 if (s->reuse_port)
f7db7a69
SL		 597 fprintf(f,
598 "%sReusePort: %s\n",
718db961 599 prefix, yes_no(s->reuse_port));
f7db7a69 600
0eb59ccf
AK		 601 if (s->smack)
602 fprintf(f,
603 "%sSmackLabel: %s\n",
604 prefix, s->smack);
605
606 if (s->smack_ip_in)
607 fprintf(f,
608 "%sSmackLabelIPIn: %s\n",
609 prefix, s->smack_ip_in);
610
611 if (s->smack_ip_out)
612 fprintf(f,
613 "%sSmackLabelIPOut: %s\n",
614 prefix, s->smack_ip_out);
615
3900e5fd
LP		 616 if (!isempty(s->user) || !isempty(s->group))
617 fprintf(f,
618 "%sOwnerUser: %s\n"
619 "%sOwnerGroup: %s\n",
620 prefix, strna(s->user),
621 prefix, strna(s->group));
622
3cd761e4 623 if (s->keep_alive_time > 0)
209e9dcd 624 fprintf(f,
3cd761e4
LP		 625 "%sKeepAliveTimeSec: %s\n",
626 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
209e9dcd 627
3cd761e4 628 if (s->keep_alive_interval)
209e9dcd 629 fprintf(f,
3cd761e4
LP		 630 "%sKeepAliveIntervalSec: %s\n",
631 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
209e9dcd 632
3cd761e4 633 if (s->keep_alive_cnt)
209e9dcd
SS		 634 fprintf(f,
635 "%sKeepAliveProbes: %u\n",
636 prefix, s->keep_alive_cnt);
637
3cd761e4 638 if (s->defer_accept)
cc567c9b 639 fprintf(f,
3cd761e4
LP		 640 "%sDeferAcceptSec: %s\n",
641 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
cc567c9b 642
034c6ed7 643 LIST_FOREACH(port, p, s->ports) {
5cb5a6ff 644
542563ba
LP		 645 if (p->type == SOCKET_SOCKET) {
646 const char *t;
647 int r;
e364ad06 648 char *k = NULL;
542563ba 649
e53fc357
LP		 650 r = socket_address_print(&p->address, &k);
651 if (r < 0)
542563ba
LP		 652 t = strerror(-r);
653 else
654 t = k;
655
7a22745a 656 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
542563ba 657 free(k);
b0a3f2bc
LP		 658 } else if (p->type == SOCKET_SPECIAL)
659 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
60252446
PS		 660 else if (p->type == SOCKET_USB_FUNCTION)
661 fprintf(f, "%sListenUSBFunction: %s\n", prefix, p->path);
916abb21
LP		 662 else if (p->type == SOCKET_MQUEUE)
663 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
b0a3f2bc 664 else
542563ba
LP		 665 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
666 }
5cb5a6ff
LP		 667
668 exec_context_dump(&s->exec_context, f, prefix);
4819ff03 669 kill_context_dump(&s->kill_context, f, prefix);
5cb5a6ff 670
e537352b 671 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
c43d20a0
LP		 672 if (!s->exec_command[c])
673 continue;
5cb5a6ff 674
40d50879 675 fprintf(f, "%s-> %s:\n",
a16e1123 676 prefix, socket_exec_command_to_string(c));
c43d20a0
LP		 677
678 exec_command_dump_list(s->exec_command[c], f, prefix2);
5cb5a6ff
LP		 679 }
680}
681
4f2d528d
LP		 682static int instance_from_socket(int fd, unsigned nr, char **instance) {
683 socklen_t l;
684 char *r;
9d16d0c7 685 union sockaddr_union local, remote;
4f2d528d
LP		 686
687 assert(fd >= 0);
688 assert(instance);
689
690 l = sizeof(local);
691 if (getsockname(fd, &local.sa, &l) < 0)
692 return -errno;
693
694 l = sizeof(remote);
695 if (getpeername(fd, &remote.sa, &l) < 0)
696 return -errno;
697
698 switch (local.sa.sa_family) {
699
700 case AF_INET: {
701 uint32_t
702 a = ntohl(local.in.sin_addr.s_addr),
703 b = ntohl(remote.in.sin_addr.s_addr);
704
705 if (asprintf(&r,
77b088c2
LP		 706 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
707 nr,
4f2d528d
LP		 708 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
709 ntohs(local.in.sin_port),
710 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
711 ntohs(remote.in.sin_port)) < 0)
712 return -ENOMEM;
713
714 break;
715 }
716
717 case AF_INET6: {
c65a0b14 718 static const unsigned char ipv4_prefix[] = {
2b061f5a
LP		 719 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
720 };
721
722 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
723 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
724 const uint8_t
725 *a = local.in6.sin6_addr.s6_addr+12,
726 *b = remote.in6.sin6_addr.s6_addr+12;
727
728 if (asprintf(&r,
77b088c2
LP		 729 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
730 nr,
2b061f5a
LP		 731 a[0], a[1], a[2], a[3],
732 ntohs(local.in6.sin6_port),
733 b[0], b[1], b[2], b[3],
734 ntohs(remote.in6.sin6_port)) < 0)
735 return -ENOMEM;
736 } else {
737 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
738
739 if (asprintf(&r,
77b088c2
LP		 740 "%u-%s:%u-%s:%u",
741 nr,
2b061f5a
LP		 742 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
743 ntohs(local.in6.sin6_port),
744 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
745 ntohs(remote.in6.sin6_port)) < 0)
746 return -ENOMEM;
747 }
4f2d528d
LP		 748
749 break;
750 }
751
752 case AF_UNIX: {
753 struct ucred ucred;
eff05270 754 int k;
4f2d528d 755
eff05270 756 k = getpeercred(fd, &ucred);
d38f6e34
ZJS		 757 if (k >= 0) {
758 if (asprintf(&r,
759 "%u-"PID_FMT"-"UID_FMT,
760 nr, ucred.pid, ucred.uid) < 0)
761 return -ENOMEM;
762 } else if (k == -ENODATA) {
763 /* This handles the case where somebody is
764 * connecting from another pid/uid namespace
765 * (e.g. from outside of our container). */
766 if (asprintf(&r,
767 "%u-unknown",
768 nr) < 0)
769 return -ENOMEM;
770 } else
eff05270 771 return k;
2f20a8eb 772
2f20a8eb 773 break;
4f2d528d
LP		 774 }
775
776 default:
777 assert_not_reached("Unhandled socket type.");
778 }
779
780 *instance = r;
781 return 0;
782}
783
034c6ed7 784static void socket_close_fds(Socket *s) {
83c60c9f 785 SocketPort *p;
811ba7a0 786 char **i;
83c60c9f
LP		 787
788 assert(s);
789
034c6ed7 790 LIST_FOREACH(port, p, s->ports) {
718db961
LP		 791
792 p->event_source = sd_event_source_unref(p->event_source);
793
83c60c9f
LP		 794 if (p->fd < 0)
795 continue;
796
03e334a1 797 p->fd = safe_close(p->fd);
15087cdb 798 socket_cleanup_fd_list(p);
a16e1123 799
bd1fe7c7
LP		 800 /* One little note: we should normally not delete any
801 * sockets in the file system here! After all some
802 * other process we spawned might still have a
803 * reference of this fd and wants to continue to use
804 * it. Therefore we delete sockets in the file system
805 * before we create a new one, not after we stopped
806 * using one! */
807
808 if (s->remove_on_stop) {
809 switch (p->type) {
810
811 case SOCKET_FIFO:
812 unlink(p->path);
813 break;
814
815 case SOCKET_MQUEUE:
816 mq_unlink(p->path);
817 break;
818
819 case SOCKET_SOCKET:
820 socket_address_unlink(&p->address);
821 break;
822
823 default:
824 break;
825 }
826 }
83c60c9f 827 }
811ba7a0
LP		 828
829 if (s->remove_on_stop)
830 STRV_FOREACH(i, s->symlinks)
831 unlink(*i);
83c60c9f
LP		 832}
833
4fd5948e 834static void socket_apply_socket_options(Socket *s, int fd) {
d53e386d
LP		 835 int r;
836
4fd5948e
LP		 837 assert(s);
838 assert(fd >= 0);
839
840 if (s->keep_alive) {
841 int b = s->keep_alive;
842 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
f2341e0a 843 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
4fd5948e
LP		 844 }
845
209e9dcd
SS		 846 if (s->keep_alive_time) {
847 int value = s->keep_alive_time / USEC_PER_SEC;
848 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
f2341e0a 849 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
209e9dcd
SS		 850 }
851
852 if (s->keep_alive_interval) {
920b52e4 853 int value = s->keep_alive_interval / USEC_PER_SEC;
209e9dcd 854 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
f2341e0a 855 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
209e9dcd
SS		 856 }
857
858 if (s->keep_alive_cnt) {
859 int value = s->keep_alive_cnt;
172cfe87 860 if (setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &value, sizeof(value)) < 0)
f2341e0a 861 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
209e9dcd
SS		 862 }
863
cc567c9b
SS		 864 if (s->defer_accept) {
865 int value = s->defer_accept / USEC_PER_SEC;
866 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
f2341e0a 867 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
cc567c9b
SS		 868 }
869
4427c3f4
SS		 870 if (s->no_delay) {
871 int b = s->no_delay;
872 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
f2341e0a 873 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
4427c3f4
SS		 874 }
875
ec6370a2
LP		 876 if (s->broadcast) {
877 int one = 1;
878 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
f2341e0a 879 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
ec6370a2
LP		 880 }
881
d68af586
MS		 882 if (s->pass_cred) {
883 int one = 1;
884 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
f2341e0a 885 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
d68af586
MS		 886 }
887
54ecda32
LP		 888 if (s->pass_sec) {
889 int one = 1;
890 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
f2341e0a 891 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
54ecda32
LP		 892 }
893
4fd5948e
LP		 894 if (s->priority >= 0)
895 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
f2341e0a 896 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
4fd5948e
LP		 897
898 if (s->receive_buffer > 0) {
899 int value = (int) s->receive_buffer;
7d9eaa84
LP		 900
901 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
902
b8cef44e 903 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 904 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
f2341e0a 905 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
4fd5948e
LP		 906 }
907
908 if (s->send_buffer > 0) {
909 int value = (int) s->send_buffer;
b8cef44e 910 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 911 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
f2341e0a 912 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
4fd5948e
LP		 913 }
914
915 if (s->mark >= 0)
916 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
f2341e0a 917 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
4fd5948e
LP		 918
919 if (s->ip_tos >= 0)
920 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
f2341e0a 921 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
4fd5948e 922
46925ac5 923 if (s->ip_ttl >= 0) {
d53e386d 924 int x;
46925ac5
LP		 925
926 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
5bfcc1c6
FF		 927
928 if (socket_ipv6_is_supported())
929 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
930 else {
931 x = -1;
932 errno = EAFNOSUPPORT;
933 }
46925ac5
LP		 934
935 if (r < 0 && x < 0)
f2341e0a 936 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
46925ac5 937 }
cebf8b20
TT		 938
939 if (s->tcp_congestion)
940 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
f2341e0a 941 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
0eb59ccf 942
d53e386d 943 if (s->smack_ip_in) {
5ab58c20 944 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
d53e386d 945 if (r < 0)
f2341e0a 946 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
d53e386d 947 }
9a4e038c 948
d53e386d 949 if (s->smack_ip_out) {
5ab58c20 950 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
d53e386d 951 if (r < 0)
f2341e0a 952 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
d53e386d 953 }
4fd5948e
LP		 954}
955
b15bdda8 956static void socket_apply_fifo_options(Socket *s, int fd) {
d53e386d
LP		 957 int r;
958
4fd5948e
LP		 959 assert(s);
960 assert(fd >= 0);
961
962 if (s->pipe_size > 0)
963 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
ed460b07 964 log_unit_warning_errno(UNIT(s), errno, "Setting pipe size failed, ignoring: %m");
0eb59ccf 965
d53e386d 966 if (s->smack) {
5ab58c20 967 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
d53e386d 968 if (r < 0)
ed460b07 969 log_unit_error_errno(UNIT(s), r, "SMACK relabelling failed, ignoring: %m");
d53e386d 970 }
4fd5948e
LP		 971}
972
b15bdda8
LP		 973static int fifo_address_create(
974 const char *path,
975 mode_t directory_mode,
e8da24a6 976 mode_t socket_mode) {
b15bdda8 977
e8da24a6 978 _cleanup_close_ int fd = -1;
b15bdda8 979 mode_t old_mask;
e8da24a6
LP		 980 struct stat st;
981 int r;
b15bdda8
LP		 982
983 assert(path);
b15bdda8 984
d2e54fae 985 mkdir_parents_label(path, directory_mode);
b15bdda8 986
ecabcf8b 987 r = mac_selinux_create_file_prepare(path, S_IFIFO);
e9a5ef7c 988 if (r < 0)
e8da24a6 989 return r;
b15bdda8
LP		 990
991 /* Enforce the right access mode for the fifo */
992 old_mask = umask(~ socket_mode);
993
994 /* Include the original umask in our mask */
e8da24a6 995 (void) umask(~socket_mode | old_mask);
b15bdda8
LP		 996
997 r = mkfifo(path, socket_mode);
e8da24a6 998 (void) umask(old_mask);
b15bdda8 999
94bc2731 1000 if (r < 0 && errno != EEXIST) {
b15bdda8
LP		 1001 r = -errno;
1002 goto fail;
1003 }
1004
e8da24a6 1005 fd = open(path, O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
3cc2aff1 1006 if (fd < 0) {
b15bdda8
LP		 1007 r = -errno;
1008 goto fail;
1009 }
1010
ecabcf8b 1011 mac_selinux_create_file_clear();
7a58bfa4 1012
b15bdda8
LP		 1013 if (fstat(fd, &st) < 0) {
1014 r = -errno;
1015 goto fail;
1016 }
1017
1018 if (!S_ISFIFO(st.st_mode) ||
de0200fc 1019 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
e4f44e73
DR		 1020 st.st_uid != getuid() ||
1021 st.st_gid != getgid()) {
b15bdda8
LP		 1022 r = -EEXIST;
1023 goto fail;
1024 }
1025
e8da24a6
LP		 1026 r = fd;
1027 fd = -1;
1028
1029 return r;
b15bdda8
LP		 1030
1031fail:
ecabcf8b 1032 mac_selinux_create_file_clear();
b15bdda8
LP		 1033 return r;
1034}
1035
55301ec0 1036static int special_address_create(const char *path, bool writable) {
e8da24a6 1037 _cleanup_close_ int fd = -1;
b0a3f2bc 1038 struct stat st;
e8da24a6 1039 int r;
b0a3f2bc
LP		 1040
1041 assert(path);
b0a3f2bc 1042
55301ec0 1043 fd = open(path, (writable ? O_RDWR : O_RDONLY)|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
e8da24a6
LP		 1044 if (fd < 0)
1045 return -errno;
b0a3f2bc 1046
e8da24a6
LP		 1047 if (fstat(fd, &st) < 0)
1048 return -errno;
b0a3f2bc
LP		 1049
1050 /* Check whether this is a /proc, /sys or /dev file or char device */
e8da24a6
LP		 1051 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode))
1052 return -EEXIST;
b0a3f2bc 1053
e8da24a6
LP		 1054 r = fd;
1055 fd = -1;
b0a3f2bc
LP		 1056
1057 return r;
1058}
1059
36078102 1060static int usbffs_address_create(const char *path) {
60252446
PS		 1061 _cleanup_close_ int fd = -1;
1062 struct stat st;
e8da24a6 1063 int r;
60252446
PS		 1064
1065 assert(path);
60252446
PS		 1066
1067 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1068 if (fd < 0)
1069 return -errno;
1070
1071 if (fstat(fd, &st) < 0)
1072 return -errno;
1073
1074 /* Check whether this is a regular file (ffs endpoint)*/
1075 if (!S_ISREG(st.st_mode))
1076 return -EEXIST;
1077
e8da24a6 1078 r = fd;
60252446
PS		 1079 fd = -1;
1080
e8da24a6 1081 return r;
60252446
PS		 1082}
1083
916abb21
LP		 1084static int mq_address_create(
1085 const char *path,
1086 mode_t mq_mode,
1087 long maxmsg,
e8da24a6 1088 long msgsize) {
916abb21 1089
e8da24a6 1090 _cleanup_close_ int fd = -1;
916abb21
LP		 1091 struct stat st;
1092 mode_t old_mask;
1093 struct mq_attr _attr, *attr = NULL;
e8da24a6 1094 int r;
916abb21
LP		 1095
1096 assert(path);
916abb21
LP		 1097
1098 if (maxmsg > 0 && msgsize > 0) {
e8da24a6
LP		 1099 _attr = (struct mq_attr) {
1100 .mq_flags = O_NONBLOCK,
1101 .mq_maxmsg = maxmsg,
1102 .mq_msgsize = msgsize,
1103 };
916abb21
LP		 1104 attr = &_attr;
1105 }
1106
1107 /* Enforce the right access mode for the mq */
1108 old_mask = umask(~ mq_mode);
1109
1110 /* Include the original umask in our mask */
e8da24a6 1111 (void) umask(~mq_mode | old_mask);
916abb21 1112 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
e8da24a6 1113 (void) umask(old_mask);
916abb21 1114
e8da24a6
LP		 1115 if (fd < 0)
1116 return -errno;
916abb21 1117
e8da24a6
LP		 1118 if (fstat(fd, &st) < 0)
1119 return -errno;
916abb21
LP		 1120
1121 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1122 st.st_uid != getuid() ||
e8da24a6
LP		 1123 st.st_gid != getgid())
1124 return -EEXIST;
916abb21 1125
e8da24a6
LP		 1126 r = fd;
1127 fd = -1;
916abb21 1128
916abb21
LP		 1129 return r;
1130}
1131
811ba7a0
LP		 1132static int socket_symlink(Socket *s) {
1133 const char *p;
1134 char **i;
1135
1136 assert(s);
1137
1138 p = socket_find_symlink_target(s);
1139 if (!p)
1140 return 0;
1141
1142 STRV_FOREACH(i, s->symlinks)
43b133b4 1143 symlink_label(p, *i);
811ba7a0
LP		 1144
1145 return 0;
1146}
1147
36078102 1148static int usbffs_write_descs(int fd, Service *s) {
6b7e5923
PS		 1149 int r;
1150
1151 if (!s->usb_function_descriptors || !s->usb_function_strings)
1152 return -EINVAL;
1153
1154 r = copy_file_fd(s->usb_function_descriptors, fd, false);
1155 if (r < 0)
e8da24a6 1156 return r;
6b7e5923 1157
e8da24a6 1158 return copy_file_fd(s->usb_function_strings, fd, false);
6b7e5923
PS		 1159}
1160
36078102 1161static int usbffs_select_ep(const struct dirent *d) {
60252446
PS		 1162 return d->d_name[0] != '.' && !streq(d->d_name, "ep0");
1163}
1164
36078102 1165static int usbffs_dispatch_eps(SocketPort *p) {
60252446 1166 _cleanup_free_ struct dirent **ent = NULL;
60252446 1167 _cleanup_free_ char *path = NULL;
36078102 1168 int r, i, n, k;
60252446
PS		 1169
1170 r = path_get_parent(p->path, &path);
1171 if (r < 0)
1172 return r;
1173
36078102 1174 r = scandir(path, &ent, usbffs_select_ep, alphasort);
60252446
PS		 1175 if (r < 0)
1176 return -errno;
1177
1178 n = r;
1179 p->auxiliary_fds = new(int, n);
1180 if (!p->auxiliary_fds)
1181 return -ENOMEM;
1182
1183 p->n_auxiliary_fds = n;
1184
1185 k = 0;
1186 for (i = 0; i < n; ++i) {
1187 _cleanup_free_ char *ep = NULL;
1188
1189 ep = path_make_absolute(ent[i]->d_name, path);
1190 if (!ep)
1191 return -ENOMEM;
1192
1193 path_kill_slashes(ep);
1194
36078102 1195 r = usbffs_address_create(ep);
60252446
PS		 1196 if (r < 0)
1197 goto fail;
1198
e8da24a6
LP		 1199 p->auxiliary_fds[k] = r;
1200
60252446
PS		 1201 ++k;
1202 free(ent[i]);
1203 }
1204
1205 return r;
1206
1207fail:
e8da24a6 1208 close_many(p->auxiliary_fds, k);
60252446
PS		 1209 p->auxiliary_fds = mfree(p->auxiliary_fds);
1210 p->n_auxiliary_fds = 0;
1211
1212 return r;
1213}
1214
034c6ed7 1215static int socket_open_fds(Socket *s) {
710a6b50
LP		 1216 _cleanup_(mac_selinux_freep) char *label = NULL;
1217 bool know_label = false;
83c60c9f
LP		 1218 SocketPort *p;
1219 int r;
1220
1221 assert(s);
1222
034c6ed7 1223 LIST_FOREACH(port, p, s->ports) {
83c60c9f 1224
034c6ed7
LP		 1225 if (p->fd >= 0)
1226 continue;
83c60c9f 1227
00411a13
LP		 1228 switch (p->type) {
1229
1230 case SOCKET_SOCKET:
049f8642 1231
7f416dae
LP		 1232 if (!know_label) {
1233 /* Figure out label, if we don't it know
1234 * yet. We do it once, for the first
1235 * socket where we need this and
1236 * remember it for the rest. */
1237
1238 if (s->selinux_context_from_net) {
1239 /* Get it from the network label */
1240
1241 r = mac_selinux_get_our_label(&label);
75514a70 1242 if (r < 0 && r != -EOPNOTSUPP)
7f416dae 1243 goto rollback;
049f8642 1244
7f416dae
LP		 1245 } else {
1246 /* Get it from the executable we are about to start */
1247
1248 r = socket_instantiate_service(s);
1249 if (r < 0)
1250 goto rollback;
1251
1252 if (UNIT_ISSET(s->service) &&
1253 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1254 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
75514a70 1255 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
7f416dae
LP		 1256 goto rollback;
1257 }
189583d7 1258 }
049f8642
LP		 1259
1260 know_label = true;
1261 }
1262
175a3d25
LP		 1263 r = socket_address_listen(
1264 &p->address,
1265 SOCK_CLOEXEC|SOCK_NONBLOCK,
1266 s->backlog,
1267 s->bind_ipv6_only,
1268 s->bind_to_device,
54255c64 1269 s->reuse_port,
175a3d25
LP		 1270 s->free_bind,
1271 s->transparent,
1272 s->directory_mode,
1273 s->socket_mode,
1274 label);
1275 if (r < 0)
83c60c9f
LP		 1276 goto rollback;
1277
175a3d25 1278 p->fd = r;
4fd5948e 1279 socket_apply_socket_options(s, p->fd);
811ba7a0 1280 socket_symlink(s);
00411a13 1281 break;
4fd5948e 1282
00411a13 1283 case SOCKET_SPECIAL:
b0a3f2bc 1284
55301ec0 1285 p->fd = special_address_create(p->path, s->writable);
e8da24a6
LP		 1286 if (p->fd < 0) {
1287 r = p->fd;
b0a3f2bc 1288 goto rollback;
e8da24a6 1289 }
00411a13 1290 break;
b0a3f2bc 1291
00411a13 1292 case SOCKET_FIFO:
83c60c9f 1293
e8da24a6 1294 p->fd = fifo_address_create(
175a3d25
LP		 1295 p->path,
1296 s->directory_mode,
e8da24a6
LP		 1297 s->socket_mode);
1298 if (p->fd < 0) {
1299 r = p->fd;
83c60c9f 1300 goto rollback;
e8da24a6 1301 }
83c60c9f 1302
b15bdda8 1303 socket_apply_fifo_options(s, p->fd);
811ba7a0 1304 socket_symlink(s);
00411a13 1305 break;
811ba7a0 1306
00411a13 1307 case SOCKET_MQUEUE:
83c60c9f 1308
e8da24a6 1309 p->fd = mq_address_create(
175a3d25
LP		 1310 p->path,
1311 s->socket_mode,
1312 s->mq_maxmsg,
e8da24a6
LP		 1313 s->mq_msgsize);
1314 if (p->fd < 0) {
1315 r = p->fd;
916abb21 1316 goto rollback;
e8da24a6 1317 }
00411a13 1318 break;
e8da24a6 1319
00411a13 1320 case SOCKET_USB_FUNCTION:
60252446 1321
36078102 1322 p->fd = usbffs_address_create(p->path);
e8da24a6
LP		 1323 if (p->fd < 0) {
1324 r = p->fd;
60252446 1325 goto rollback;
e8da24a6 1326 }
60252446 1327
36078102 1328 r = usbffs_write_descs(p->fd, SERVICE(UNIT_DEREF(s->service)));
6b7e5923
PS		 1329 if (r < 0)
1330 goto rollback;
1331
36078102 1332 r = usbffs_dispatch_eps(p);
60252446
PS		 1333 if (r < 0)
1334 goto rollback;
00411a13
LP		 1335
1336 break;
1337
1338 default:
b15bdda8 1339 assert_not_reached("Unknown port type");
00411a13 1340 }
034c6ed7
LP		 1341 }
1342
1343 return 0;
1344
1345rollback:
1346 socket_close_fds(s);
1347 return r;
1348}
1349
1350static void socket_unwatch_fds(Socket *s) {
1351 SocketPort *p;
718db961 1352 int r;
9152c765 1353
034c6ed7
LP		 1354 assert(s);
1355
1356 LIST_FOREACH(port, p, s->ports) {
1357 if (p->fd < 0)
1358 continue;
1359
a4152e3f
LP		 1360 if (!p->event_source)
1361 continue;
1362
1363 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1364 if (r < 0)
f2341e0a 1365 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
83c60c9f 1366 }
034c6ed7
LP		 1367}
1368
1369static int socket_watch_fds(Socket *s) {
1370 SocketPort *p;
1371 int r;
1372
1373 assert(s);
83c60c9f 1374
034c6ed7
LP		 1375 LIST_FOREACH(port, p, s->ports) {
1376 if (p->fd < 0)
1377 continue;
1378
cbf60d0a 1379 if (p->event_source) {
718db961 1380 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
cbf60d0a
LP		 1381 if (r < 0)
1382 goto fail;
1383 } else {
151b9b96 1384 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
cbf60d0a
LP		 1385 if (r < 0)
1386 goto fail;
4f2d528d 1387
cbf60d0a 1388 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
718db961 1389 }
034c6ed7 1390 }
83c60c9f 1391
542563ba 1392 return 0;
83c60c9f 1393
034c6ed7 1394fail:
cbf60d0a 1395 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
034c6ed7
LP		 1396 socket_unwatch_fds(s);
1397 return r;
1398}
1399
1400static void socket_set_state(Socket *s, SocketState state) {
1401 SocketState old_state;
1402 assert(s);
1403
1404 old_state = s->state;
1405 s->state = state;
1406
bd1fe7c7
LP		 1407 if (!IN_SET(state,
1408 SOCKET_START_PRE,
3900e5fd 1409 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1410 SOCKET_START_POST,
1411 SOCKET_STOP_PRE,
1412 SOCKET_STOP_PRE_SIGTERM,
1413 SOCKET_STOP_PRE_SIGKILL,
1414 SOCKET_STOP_POST,
1415 SOCKET_FINAL_SIGTERM,
1416 SOCKET_FINAL_SIGKILL)) {
718db961
LP		 1417
1418 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
5e94833f 1419 socket_unwatch_control_pid(s);
034c6ed7 1420 s->control_command = NULL;
a16e1123 1421 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
e537352b 1422 }
034c6ed7 1423
a16e1123
LP		 1424 if (state != SOCKET_LISTENING)
1425 socket_unwatch_fds(s);
1426
bd1fe7c7 1427 if (!IN_SET(state,
3900e5fd 1428 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1429 SOCKET_START_POST,
1430 SOCKET_LISTENING,
1431 SOCKET_RUNNING,
1432 SOCKET_STOP_PRE,
1433 SOCKET_STOP_PRE_SIGTERM,
1434 SOCKET_STOP_PRE_SIGKILL))
034c6ed7
LP		 1435 socket_close_fds(s);
1436
e537352b 1437 if (state != old_state)
f2341e0a 1438 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
acbb0225 1439
e2f3b44c 1440 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
034c6ed7
LP		 1441}
1442
be847e82 1443static int socket_coldplug(Unit *u) {
a16e1123
LP		 1444 Socket *s = SOCKET(u);
1445 int r;
1446
1447 assert(s);
1448 assert(s->state == SOCKET_DEAD);
1449
e821075a
LP		 1450 if (s->deserialized_state == s->state)
1451 return 0;
a16e1123 1452
3900e5fd
LP		 1453 if (IN_SET(s->deserialized_state,
1454 SOCKET_START_PRE,
1455 SOCKET_START_CHOWN,
1456 SOCKET_START_POST,
1457 SOCKET_STOP_PRE,
1458 SOCKET_STOP_PRE_SIGTERM,
1459 SOCKET_STOP_PRE_SIGKILL,
1460 SOCKET_STOP_POST,
1461 SOCKET_FINAL_SIGTERM,
1462 SOCKET_FINAL_SIGKILL)) {
a16e1123 1463
e821075a
LP		 1464 if (s->control_pid <= 0)
1465 return -EBADMSG;
a16e1123 1466
e821075a
LP		 1467 r = unit_watch_pid(UNIT(s), s->control_pid);
1468 if (r < 0)
1469 return r;
a16e1123 1470
e821075a
LP		 1471 r = socket_arm_timer(s);
1472 if (r < 0)
1473 return r;
1474 }
a16e1123 1475
3900e5fd
LP		 1476 if (IN_SET(s->deserialized_state,
1477 SOCKET_START_CHOWN,
1478 SOCKET_START_POST,
1479 SOCKET_LISTENING,
1480 SOCKET_RUNNING,
1481 SOCKET_STOP_PRE,
1482 SOCKET_STOP_PRE_SIGTERM,
1483 SOCKET_STOP_PRE_SIGKILL)) {
e821075a
LP		 1484 r = socket_open_fds(s);
1485 if (r < 0)
1486 return r;
1487 }
a16e1123 1488
e821075a
LP		 1489 if (s->deserialized_state == SOCKET_LISTENING) {
1490 r = socket_watch_fds(s);
1491 if (r < 0)
1492 return r;
a16e1123
LP		 1493 }
1494
e821075a 1495 socket_set_state(s, s->deserialized_state);
a16e1123
LP		 1496 return 0;
1497}
1498
e537352b 1499static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
3900e5fd 1500 _cleanup_free_ char **argv = NULL;
034c6ed7
LP		 1501 pid_t pid;
1502 int r;
9fa95f85
DM		 1503 ExecParameters exec_params = {
1504 .apply_permissions = true,
1505 .apply_chroot = true,
1506 .apply_tty_stdin = true,
6f856a09 1507 .bus_endpoint_fd = -1,
a34ceba6
LP		 1508 .stdin_fd = -1,
1509 .stdout_fd = -1,
1510 .stderr_fd = -1,
9fa95f85 1511 };
034c6ed7
LP		 1512
1513 assert(s);
1514 assert(c);
1515 assert(_pid);
1516
5ad096b3
LP		 1517 (void) unit_realize_cgroup(UNIT(s));
1518 if (s->reset_cpu_usage) {
1519 (void) unit_reset_cpu_usage(UNIT(s));
1520 s->reset_cpu_usage = false;
1521 }
4ad49000 1522
613b411c
LP		 1523 r = unit_setup_exec_runtime(UNIT(s));
1524 if (r < 0)
1525 goto fail;
1526
718db961 1527 r = socket_arm_timer(s);
36697dc0 1528 if (r < 0)
e537352b 1529 goto fail;
034c6ed7 1530
19f6d710
LP		 1531 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1532 if (r < 0)
9e2f7c11 1533 goto fail;
9e2f7c11 1534
9fa95f85
DM		 1535 exec_params.argv = argv;
1536 exec_params.environment = UNIT(s)->manager->environment;
1537 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1538 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1539 exec_params.cgroup_path = UNIT(s)->cgroup_path;
a931ad47 1540 exec_params.cgroup_delegate = s->cgroup_context.delegate;
9fa95f85 1541 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
9fa95f85 1542
f2341e0a
LP		 1543 r = exec_spawn(UNIT(s),
1544 c,
9e2f7c11 1545 &s->exec_context,
9fa95f85 1546 &exec_params,
613b411c 1547 s->exec_runtime,
9e2f7c11 1548 &pid);
cee288ad
TA		 1549 if (r < 0)
1550 goto fail;
9e2f7c11 1551
3900e5fd 1552 r = unit_watch_pid(UNIT(s), pid);
9e2f7c11 1553 if (r < 0)
3900e5fd 1554 /* FIXME: we need to do something here */
034c6ed7
LP		 1555 goto fail;
1556
3900e5fd
LP		 1557 *_pid = pid;
1558 return 0;
1559
1560fail:
1561 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1562 return r;
1563}
1564
1565static int socket_chown(Socket *s, pid_t *_pid) {
1566 pid_t pid;
1567 int r;
1568
1569 r = socket_arm_timer(s);
1570 if (r < 0)
1571 goto fail;
1572
1573 /* We have to resolve the user names out-of-process, hence
1574 * let's fork here. It's messy, but well, what can we do? */
1575
1576 pid = fork();
1577 if (pid < 0)
1578 return -errno;
1579
1580 if (pid == 0) {
1581 SocketPort *p;
fed1e721
LP		 1582 uid_t uid = UID_INVALID;
1583 gid_t gid = GID_INVALID;
3900e5fd
LP		 1584 int ret;
1585
ce30c8dc
LP		 1586 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1587 (void) ignore_signals(SIGPIPE, -1);
3900e5fd
LP		 1588 log_forget_fds();
1589
1590 if (!isempty(s->user)) {
1591 const char *user = s->user;
1592
1593 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1594 if (r < 0) {
1595 ret = EXIT_USER;
1596 goto fail_child;
1597 }
1598 }
1599
1600 if (!isempty(s->group)) {
1601 const char *group = s->group;
1602
1603 r = get_group_creds(&group, &gid);
1604 if (r < 0) {
1605 ret = EXIT_GROUP;
1606 goto fail_child;
1607 }
1608 }
1609
1610 LIST_FOREACH(port, p, s->ports) {
e5a1c18d 1611 const char *path = NULL;
3900e5fd
LP		 1612
1613 if (p->type == SOCKET_SOCKET)
1614 path = socket_address_get_path(&p->address);
1615 else if (p->type == SOCKET_FIFO)
1616 path = p->path;
1617
1618 if (!path)
1619 continue;
1620
1621 if (chown(path, uid, gid) < 0) {
1622 r = -errno;
1623 ret = EXIT_CHOWN;
1624 goto fail_child;
1625 }
1626 }
1627
1628 _exit(0);
1629
1630 fail_child:
1631 log_open();
da927ba9 1632 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
3900e5fd
LP		 1633
1634 _exit(ret);
1635 }
1636
718db961
LP		 1637 r = unit_watch_pid(UNIT(s), pid);
1638 if (r < 0)
034c6ed7 1639 goto fail;
83c60c9f 1640
034c6ed7 1641 *_pid = pid;
034c6ed7
LP		 1642 return 0;
1643
1644fail:
718db961 1645 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
83c60c9f 1646 return r;
542563ba
LP		 1647}
1648
cfc4eb4c 1649static void socket_enter_dead(Socket *s, SocketResult f) {
034c6ed7
LP		 1650 assert(s);
1651
cfc4eb4c
LP		 1652 if (f != SOCKET_SUCCESS)
1653 s->result = f;
034c6ed7 1654
613b411c
LP		 1655 exec_runtime_destroy(s->exec_runtime);
1656 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1657
e66cf1a3
LP		 1658 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1659
cfc4eb4c 1660 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
034c6ed7
LP		 1661}
1662
cfc4eb4c 1663static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
80876c20 1664
cfc4eb4c 1665static void socket_enter_stop_post(Socket *s, SocketResult f) {
034c6ed7
LP		 1666 int r;
1667 assert(s);
1668
cfc4eb4c
LP		 1669 if (f != SOCKET_SUCCESS)
1670 s->result = f;
034c6ed7 1671
5e94833f 1672 socket_unwatch_control_pid(s);
a16e1123 1673 s->control_command_id = SOCKET_EXEC_STOP_POST;
3900e5fd 1674 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
a16e1123 1675
3900e5fd
LP		 1676 if (s->control_command) {
1677 r = socket_spawn(s, s->control_command, &s->control_pid);
1678 if (r < 0)
034c6ed7
LP		 1679 goto fail;
1680
80876c20
LP		 1681 socket_set_state(s, SOCKET_STOP_POST);
1682 } else
cfc4eb4c 1683 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
034c6ed7
LP		 1684
1685 return;
1686
1687fail:
f2341e0a 1688 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
cfc4eb4c 1689 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1690}
1691
cfc4eb4c 1692static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
034c6ed7
LP		 1693 int r;
1694
1695 assert(s);
1696
cfc4eb4c
LP		 1697 if (f != SOCKET_SUCCESS)
1698 s->result = f;
034c6ed7 1699
cd2086fe
LP		 1700 r = unit_kill_context(
1701 UNIT(s),
1702 &s->kill_context,
db2cb23b
UTL		 1703 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1704 KILL_KILL : KILL_TERMINATE,
cd2086fe
LP		 1705 -1,
1706 s->control_pid,
1707 false);
1708 if (r < 0)
1709 goto fail;
034c6ed7 1710
cd2086fe 1711 if (r > 0) {
718db961 1712 r = socket_arm_timer(s);
36697dc0 1713 if (r < 0)
80876c20 1714 goto fail;
d6ea93e3 1715
80876c20 1716 socket_set_state(s, state);
ac84d1fb
LP		 1717 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1718 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1719 else if (state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1720 socket_enter_stop_post(s, SOCKET_SUCCESS);
ac84d1fb
LP		 1721 else if (state == SOCKET_FINAL_SIGTERM)
1722 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
80876c20 1723 else
cfc4eb4c 1724 socket_enter_dead(s, SOCKET_SUCCESS);
034c6ed7
LP		 1725
1726 return;
1727
1728fail:
f2341e0a 1729 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
034c6ed7
LP		 1730
1731 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1732 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1733 else
cfc4eb4c 1734 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1735}
1736
cfc4eb4c 1737static void socket_enter_stop_pre(Socket *s, SocketResult f) {
034c6ed7
LP		 1738 int r;
1739 assert(s);
1740
cfc4eb4c
LP		 1741 if (f != SOCKET_SUCCESS)
1742 s->result = f;
034c6ed7 1743
5e94833f 1744 socket_unwatch_control_pid(s);
a16e1123 1745 s->control_command_id = SOCKET_EXEC_STOP_PRE;
3900e5fd 1746 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
a16e1123 1747
3900e5fd
LP		 1748 if (s->control_command) {
1749 r = socket_spawn(s, s->control_command, &s->control_pid);
1750 if (r < 0)
034c6ed7
LP		 1751 goto fail;
1752
80876c20
LP		 1753 socket_set_state(s, SOCKET_STOP_PRE);
1754 } else
cfc4eb4c 1755 socket_enter_stop_post(s, SOCKET_SUCCESS);
034c6ed7
LP		 1756
1757 return;
1758
1759fail:
f2341e0a 1760 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
cfc4eb4c 1761 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1762}
1763
e9af15c3
LP		 1764static void socket_enter_listening(Socket *s) {
1765 int r;
1766 assert(s);
1767
cfc4eb4c
LP		 1768 r = socket_watch_fds(s);
1769 if (r < 0) {
f2341e0a 1770 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
e9af15c3
LP		 1771 goto fail;
1772 }
1773
1774 socket_set_state(s, SOCKET_LISTENING);
1775 return;
1776
1777fail:
cfc4eb4c 1778 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
e9af15c3
LP		 1779}
1780
034c6ed7
LP		 1781static void socket_enter_start_post(Socket *s) {
1782 int r;
1783 assert(s);
1784
3900e5fd
LP		 1785 socket_unwatch_control_pid(s);
1786 s->control_command_id = SOCKET_EXEC_START_POST;
1787 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1788
1789 if (s->control_command) {
1790 r = socket_spawn(s, s->control_command, &s->control_pid);
1791 if (r < 0) {
f2341e0a 1792 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
3900e5fd
LP		 1793 goto fail;
1794 }
1795
1796 socket_set_state(s, SOCKET_START_POST);
1797 } else
1798 socket_enter_listening(s);
1799
1800 return;
1801
1802fail:
1803 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1804}
1805
1806static void socket_enter_start_chown(Socket *s) {
1807 int r;
1808
1809 assert(s);
1810
cfc4eb4c
LP		 1811 r = socket_open_fds(s);
1812 if (r < 0) {
f2341e0a 1813 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
034c6ed7
LP		 1814 goto fail;
1815 }
1816
3900e5fd 1817 if (!isempty(s->user) || !isempty(s->group)) {
5e94833f 1818
3900e5fd
LP		 1819 socket_unwatch_control_pid(s);
1820 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1821 s->control_command = NULL;
a16e1123 1822
3900e5fd 1823 r = socket_chown(s, &s->control_pid);
cfc4eb4c 1824 if (r < 0) {
f2341e0a 1825 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
034c6ed7
LP		 1826 goto fail;
1827 }
1828
3900e5fd 1829 socket_set_state(s, SOCKET_START_CHOWN);
80876c20 1830 } else
3900e5fd 1831 socket_enter_start_post(s);
034c6ed7
LP		 1832
1833 return;
1834
1835fail:
cfc4eb4c 1836 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1837}
1838
1839static void socket_enter_start_pre(Socket *s) {
1840 int r;
1841 assert(s);
1842
5e94833f 1843 socket_unwatch_control_pid(s);
a16e1123 1844 s->control_command_id = SOCKET_EXEC_START_PRE;
3900e5fd 1845 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
a16e1123 1846
3900e5fd 1847 if (s->control_command) {
e821075a 1848 r = socket_spawn(s, s->control_command, &s->control_pid);
3900e5fd 1849 if (r < 0) {
f2341e0a 1850 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
034c6ed7 1851 goto fail;
3900e5fd 1852 }
034c6ed7 1853
80876c20
LP		 1854 socket_set_state(s, SOCKET_START_PRE);
1855 } else
3900e5fd 1856 socket_enter_start_chown(s);
034c6ed7
LP		 1857
1858 return;
1859
1860fail:
cfc4eb4c 1861 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1862}
1863
4f2d528d 1864static void socket_enter_running(Socket *s, int cfd) {
718db961 1865 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
034c6ed7
LP		 1866 int r;
1867
1868 assert(s);
1869
ba3e67a7
LP		 1870 /* We don't take connections anymore if we are supposed to
1871 * shut down anyway */
31afa0a4 1872 if (unit_stop_pending(UNIT(s))) {
e821075a 1873
f2341e0a 1874 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
5d909e3e 1875
7c610628 1876 if (cfd >= 0)
03e334a1 1877 safe_close(cfd);
7c610628
LP		 1878 else {
1879 /* Flush all sockets by closing and reopening them */
1880 socket_close_fds(s);
1881
16ac4014
LP		 1882 r = socket_open_fds(s);
1883 if (r < 0) {
f2341e0a 1884 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
16ac4014
LP		 1885 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1886 return;
1887 }
1888
1a710b43
MS		 1889 r = socket_watch_fds(s);
1890 if (r < 0) {
f2341e0a 1891 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
cfc4eb4c 1892 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
7c610628
LP		 1893 }
1894 }
1895
ba3e67a7
LP		 1896 return;
1897 }
1898
4f2d528d 1899 if (cfd < 0) {
57020a3a 1900 Iterator i;
e821075a 1901 Unit *other;
f976f3f6 1902 bool pending = false;
f976f3f6
LP		 1903
1904 /* If there's already a start pending don't bother to
1905 * do anything */
e821075a
LP		 1906 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1907 if (unit_active_or_pending(other)) {
57020a3a
LP		 1908 pending = true;
1909 break;
1910 }
f976f3f6 1911
1a710b43 1912 if (!pending) {
640ace4a 1913 if (!UNIT_ISSET(s->service)) {
f2341e0a 1914 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
640ace4a
LP		 1915 r = -ENOENT;
1916 goto fail;
1917 }
1918
1a710b43
MS		 1919 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1920 if (r < 0)
f976f3f6 1921 goto fail;
1a710b43 1922 }
4f2d528d
LP		 1923
1924 socket_set_state(s, SOCKET_RUNNING);
1925 } else {
e55001eb 1926 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
b15bdda8 1927 Service *service;
4f2d528d 1928
6cf6bbc2 1929 if (s->n_connections >= s->max_connections) {
f2341e0a 1930 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
03e334a1 1931 safe_close(cfd);
6cf6bbc2
LP		 1932 return;
1933 }
1934
1a710b43
MS		 1935 r = socket_instantiate_service(s);
1936 if (r < 0)
b15bdda8
LP		 1937 goto fail;
1938
1a710b43
MS		 1939 r = instance_from_socket(cfd, s->n_accepted, &instance);
1940 if (r < 0) {
1941 if (r != -ENOTCONN)
1942 goto fail;
1943
1944 /* ENOTCONN is legitimate if TCP RST was received.
1945 * This connection is over, but the socket unit lives on. */
03e334a1 1946 safe_close(cfd);
1a710b43
MS		 1947 return;
1948 }
4f2d528d 1949
7410616c
LP		 1950 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1951 if (r < 0)
4f2d528d 1952 goto fail;
4f2d528d 1953
7410616c
LP		 1954 r = unit_name_build(prefix, instance, ".service", &name);
1955 if (r < 0)
b6dbbe1c 1956 goto fail;
4f2d528d 1957
1a710b43 1958 r = unit_add_name(UNIT_DEREF(s->service), name);
e55001eb 1959 if (r < 0)
4f2d528d 1960 goto fail;
b15bdda8 1961
57020a3a
LP		 1962 service = SERVICE(UNIT_DEREF(s->service));
1963 unit_ref_unset(&s->service);
b15bdda8 1964 s->n_accepted ++;
4f2d528d 1965
1124fe6f 1966 UNIT(service)->no_gc = false;
6c073082 1967
b15bdda8 1968 unit_choose_id(UNIT(service), name);
b15bdda8 1969
16115b0a 1970 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1a710b43 1971 if (r < 0)
4f2d528d
LP		 1972 goto fail;
1973
1974 cfd = -1;
6cf6bbc2
LP		 1975 s->n_connections ++;
1976
1a710b43
MS		 1977 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1978 if (r < 0)
4f2d528d 1979 goto fail;
c4e2ceae
LP		 1980
1981 /* Notify clients about changed counters */
1982 unit_add_to_dbus_queue(UNIT(s));
4f2d528d 1983 }
034c6ed7 1984
034c6ed7
LP		 1985 return;
1986
1987fail:
f2341e0a
LP		 1988 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1989 cfd >= 0 ? "template" : "non-template",
718db961 1990 bus_error_message(&error, r));
e821075a 1991
60089004 1992 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
03e334a1 1993 safe_close(cfd);
034c6ed7
LP		 1994}
1995
cfc4eb4c 1996static void socket_run_next(Socket *s) {
034c6ed7
LP		 1997 int r;
1998
1999 assert(s);
2000 assert(s->control_command);
2001 assert(s->control_command->command_next);
2002
5e94833f
LP		 2003 socket_unwatch_control_pid(s);
2004
034c6ed7
LP		 2005 s->control_command = s->control_command->command_next;
2006
e821075a
LP		 2007 r = socket_spawn(s, s->control_command, &s->control_pid);
2008 if (r < 0)
034c6ed7
LP		 2009 goto fail;
2010
2011 return;
2012
2013fail:
f2341e0a 2014 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
80876c20
LP		 2015
2016 if (s->state == SOCKET_START_POST)
cfc4eb4c 2017 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 2018 else if (s->state == SOCKET_STOP_POST)
cfc4eb4c 2019 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 2020 else
cfc4eb4c 2021 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 2022}
2023
87f0e418
LP		 2024static int socket_start(Unit *u) {
2025 Socket *s = SOCKET(u);
83c60c9f
LP		 2026
2027 assert(s);
2028
034c6ed7
LP		 2029 /* We cannot fulfill this request right now, try again later
2030 * please! */
3900e5fd
LP		 2031 if (IN_SET(s->state,
2032 SOCKET_STOP_PRE,
2033 SOCKET_STOP_PRE_SIGKILL,
2034 SOCKET_STOP_PRE_SIGTERM,
2035 SOCKET_STOP_POST,
2036 SOCKET_FINAL_SIGTERM,
2037 SOCKET_FINAL_SIGKILL))
034c6ed7
LP		 2038 return -EAGAIN;
2039
a4152e3f 2040 /* Already on it! */
3900e5fd
LP		 2041 if (IN_SET(s->state,
2042 SOCKET_START_PRE,
2043 SOCKET_START_CHOWN,
2044 SOCKET_START_POST))
034c6ed7 2045 return 0;
83c60c9f 2046
034c6ed7 2047 /* Cannot run this without the service being around */
9444b1f2 2048 if (UNIT_ISSET(s->service)) {
57020a3a
LP		 2049 Service *service;
2050
2051 service = SERVICE(UNIT_DEREF(s->service));
2052
1124fe6f 2053 if (UNIT(service)->load_state != UNIT_LOADED) {
f2341e0a 2054 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
4f2d528d 2055 return -ENOENT;
4ac9236f 2056 }
4f2d528d 2057
35b8ca3a 2058 /* If the service is already active we cannot start the
4f2d528d 2059 * socket */
57020a3a
LP		 2060 if (service->state != SERVICE_DEAD &&
2061 service->state != SERVICE_FAILED &&
2062 service->state != SERVICE_AUTO_RESTART) {
f2341e0a 2063 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
4f2d528d 2064 return -EBUSY;
4ac9236f 2065 }
4f2d528d 2066 }
e537352b 2067
fdf20a31 2068 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
83c60c9f 2069
cfc4eb4c 2070 s->result = SOCKET_SUCCESS;
5ad096b3
LP		 2071 s->reset_cpu_usage = true;
2072
034c6ed7 2073 socket_enter_start_pre(s);
e821075a 2074
82a2b6bb 2075 return 1;
034c6ed7 2076}
83c60c9f 2077
87f0e418
LP		 2078static int socket_stop(Unit *u) {
2079 Socket *s = SOCKET(u);
034c6ed7
LP		 2080
2081 assert(s);
2082
e537352b 2083 /* Already on it */
3900e5fd
LP		 2084 if (IN_SET(s->state,
2085 SOCKET_STOP_PRE,
2086 SOCKET_STOP_PRE_SIGTERM,
2087 SOCKET_STOP_PRE_SIGKILL,
2088 SOCKET_STOP_POST,
2089 SOCKET_FINAL_SIGTERM,
2090 SOCKET_FINAL_SIGKILL))
e537352b
LP		 2091 return 0;
2092
3f6c78dc
LP		 2093 /* If there's already something running we go directly into
2094 * kill mode. */
3900e5fd
LP		 2095 if (IN_SET(s->state,
2096 SOCKET_START_PRE,
2097 SOCKET_START_CHOWN,
2098 SOCKET_START_POST)) {
cfc4eb4c 2099 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
3f6c78dc
LP		 2100 return -EAGAIN;
2101 }
2102
034c6ed7 2103 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
83c60c9f 2104
cfc4eb4c 2105 socket_enter_stop_pre(s, SOCKET_SUCCESS);
82a2b6bb 2106 return 1;
542563ba
LP		 2107}
2108
a16e1123
LP		 2109static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2110 Socket *s = SOCKET(u);
2111 SocketPort *p;
2112 int r;
2113
2114 assert(u);
2115 assert(f);
2116 assert(fds);
2117
2118 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
cfc4eb4c 2119 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
a16e1123
LP		 2120 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2121
2122 if (s->control_pid > 0)
de0671ee 2123 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
a16e1123
LP		 2124
2125 if (s->control_command_id >= 0)
2126 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2127
2128 LIST_FOREACH(port, p, s->ports) {
2129 int copy;
2130
2131 if (p->fd < 0)
2132 continue;
2133
613b411c
LP		 2134 copy = fdset_put_dup(fds, p->fd);
2135 if (copy < 0)
a16e1123
LP		 2136 return copy;
2137
2138 if (p->type == SOCKET_SOCKET) {
613b411c 2139 _cleanup_free_ char *t = NULL;
a16e1123 2140
ee092817
LP		 2141 r = socket_address_print(&p->address, &t);
2142 if (r < 0)
a16e1123
LP		 2143 return r;
2144
7a22745a
LP		 2145 if (socket_address_family(&p->address) == AF_NETLINK)
2146 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2147 else
2148 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
613b411c 2149
b0a3f2bc
LP		 2150 } else if (p->type == SOCKET_SPECIAL)
2151 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
ee092817
LP		 2152 else if (p->type == SOCKET_MQUEUE)
2153 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
60252446
PS		 2154 else if (p->type == SOCKET_USB_FUNCTION)
2155 unit_serialize_item_format(u, f, "ffs", "%i %s", copy, p->path);
b0a3f2bc 2156 else {
a16e1123
LP		 2157 assert(p->type == SOCKET_FIFO);
2158 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2159 }
2160 }
2161
2162 return 0;
2163}
2164
2165static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2166 Socket *s = SOCKET(u);
a16e1123
LP		 2167
2168 assert(u);
2169 assert(key);
2170 assert(value);
a16e1123
LP		 2171
2172 if (streq(key, "state")) {
2173 SocketState state;
2174
ee092817
LP		 2175 state = socket_state_from_string(value);
2176 if (state < 0)
f2341e0a 2177 log_unit_debug(u, "Failed to parse state value: %s", value);
a16e1123
LP		 2178 else
2179 s->deserialized_state = state;
cfc4eb4c
LP		 2180 } else if (streq(key, "result")) {
2181 SocketResult f;
a16e1123 2182
cfc4eb4c
LP		 2183 f = socket_result_from_string(value);
2184 if (f < 0)
f2341e0a 2185 log_unit_debug(u, "Failed to parse result value: %s", value);
cfc4eb4c
LP		 2186 else if (f != SOCKET_SUCCESS)
2187 s->result = f;
a16e1123
LP		 2188
2189 } else if (streq(key, "n-accepted")) {
2190 unsigned k;
2191
e364ad06 2192 if (safe_atou(value, &k) < 0)
f2341e0a 2193 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
a16e1123
LP		 2194 else
2195 s->n_accepted += k;
2196 } else if (streq(key, "control-pid")) {
5925dd3c 2197 pid_t pid;
a16e1123 2198
e364ad06 2199 if (parse_pid(value, &pid) < 0)
f2341e0a 2200 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
a16e1123 2201 else
5925dd3c 2202 s->control_pid = pid;
a16e1123
LP		 2203 } else if (streq(key, "control-command")) {
2204 SocketExecCommand id;
2205
66870f90
ZJS		 2206 id = socket_exec_command_from_string(value);
2207 if (id < 0)
f2341e0a 2208 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
a16e1123
LP		 2209 else {
2210 s->control_command_id = id;
2211 s->control_command = s->exec_command[id];
2212 }
2213 } else if (streq(key, "fifo")) {
2214 int fd, skip = 0;
2215 SocketPort *p;
2216
2217 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2218 log_unit_debug(u, "Failed to parse fifo value: %s", value);
a16e1123
LP		 2219 else {
2220
2221 LIST_FOREACH(port, p, s->ports)
b0a3f2bc 2222 if (p->type == SOCKET_FIFO &&
c78e47a6 2223 path_equal_or_files_same(p->path, value+skip))
b0a3f2bc
LP		 2224 break;
2225
2226 if (p) {
03e334a1 2227 safe_close(p->fd);
b0a3f2bc
LP		 2228 p->fd = fdset_remove(fds, fd);
2229 }
2230 }
2231
2232 } else if (streq(key, "special")) {
2233 int fd, skip = 0;
2234 SocketPort *p;
2235
2236 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2237 log_unit_debug(u, "Failed to parse special value: %s", value);
b0a3f2bc
LP		 2238 else {
2239
2240 LIST_FOREACH(port, p, s->ports)
2241 if (p->type == SOCKET_SPECIAL &&
c78e47a6 2242 path_equal_or_files_same(p->path, value+skip))
a16e1123
LP		 2243 break;
2244
2245 if (p) {
03e334a1 2246 safe_close(p->fd);
a16e1123
LP		 2247 p->fd = fdset_remove(fds, fd);
2248 }
2249 }
2250
ee092817
LP		 2251 } else if (streq(key, "mqueue")) {
2252 int fd, skip = 0;
2253 SocketPort *p;
2254
2255 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2256 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
ee092817
LP		 2257 else {
2258
2259 LIST_FOREACH(port, p, s->ports)
2260 if (p->type == SOCKET_MQUEUE &&
c78e47a6 2261 streq(p->path, value+skip))
ee092817
LP		 2262 break;
2263
2264 if (p) {
03e334a1 2265 safe_close(p->fd);
ee092817
LP		 2266 p->fd = fdset_remove(fds, fd);
2267 }
2268 }
2269
a16e1123 2270 } else if (streq(key, "socket")) {
27ca8d7a 2271 int fd, type, skip = 0;
a16e1123
LP		 2272 SocketPort *p;
2273
27ca8d7a 2274 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
f2341e0a 2275 log_unit_debug(u, "Failed to parse socket value: %s", value);
a16e1123
LP		 2276 else {
2277
2278 LIST_FOREACH(port, p, s->ports)
27ca8d7a 2279 if (socket_address_is(&p->address, value+skip, type))
a16e1123
LP		 2280 break;
2281
2282 if (p) {
03e334a1 2283 safe_close(p->fd);
a16e1123
LP		 2284 p->fd = fdset_remove(fds, fd);
2285 }
2286 }
2287
7a22745a
LP		 2288 } else if (streq(key, "netlink")) {
2289 int fd, skip = 0;
2290 SocketPort *p;
2291
2292 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2293 log_unit_debug(u, "Failed to parse socket value: %s", value);
7a22745a
LP		 2294 else {
2295
2296 LIST_FOREACH(port, p, s->ports)
2297 if (socket_address_is_netlink(&p->address, value+skip))
2298 break;
2299
2300 if (p) {
03e334a1 2301 safe_close(p->fd);
7a22745a
LP		 2302 p->fd = fdset_remove(fds, fd);
2303 }
2304 }
60252446
PS		 2305
2306 } else if (streq(key, "ffs")) {
2307 int fd, skip = 0;
2308 SocketPort *p;
2309
2310 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2311 log_unit_debug(u, "Failed to parse ffs value: %s", value);
2312 else {
2313
2314 LIST_FOREACH(port, p, s->ports)
2315 if (p->type == SOCKET_USB_FUNCTION &&
2316 path_equal_or_files_same(p->path, value+skip))
2317 break;
2318
2319 if (p) {
2320 safe_close(p->fd);
2321 p->fd = fdset_remove(fds, fd);
2322 }
2323 }
2324
a16e1123 2325 } else
f2341e0a 2326 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
a16e1123
LP		 2327
2328 return 0;
2329}
2330
01e10de3
LP		 2331static int socket_distribute_fds(Unit *u, FDSet *fds) {
2332 Socket *s = SOCKET(u);
2333 SocketPort *p;
2334
2335 assert(u);
2336
2337 LIST_FOREACH(port, p, s->ports) {
2338 Iterator i;
2339 int fd;
2340
2341 if (p->type != SOCKET_SOCKET)
2342 continue;
2343
2344 if (p->fd >= 0)
2345 continue;
2346
2347 FDSET_FOREACH(fd, fds, i) {
2348 if (socket_address_matches_fd(&p->address, fd)) {
2349 p->fd = fdset_remove(fds, fd);
2350 s->deserialized_state = SOCKET_LISTENING;
2351 break;
2352 }
2353 }
2354 }
2355
2356 return 0;
2357}
2358
44a6b1b6 2359_pure_ static UnitActiveState socket_active_state(Unit *u) {
87f0e418 2360 assert(u);
5cb5a6ff 2361
acbb0225 2362 return state_translation_table[SOCKET(u)->state];
5cb5a6ff
LP		 2363}
2364
44a6b1b6 2365_pure_ static const char *socket_sub_state_to_string(Unit *u) {
10a94420
LP		 2366 assert(u);
2367
a16e1123 2368 return socket_state_to_string(SOCKET(u)->state);
10a94420
LP		 2369}
2370
67419600
OS		 2371const char* socket_port_type_to_string(SocketPort *p) {
2372
2373 assert(p);
2374
2375 switch (p->type) {
718db961
LP		 2376
2377 case SOCKET_SOCKET:
2378
2379 switch (p->address.type) {
2380
2381 case SOCK_STREAM:
2382 return "Stream";
2383
2384 case SOCK_DGRAM:
2385 return "Datagram";
2386
2387 case SOCK_SEQPACKET:
2388 return "SequentialPacket";
2389
2390 case SOCK_RAW:
2391 if (socket_address_family(&p->address) == AF_NETLINK)
2392 return "Netlink";
2393
2394 default:
2395 return NULL;
2396 }
2397
2398 case SOCKET_SPECIAL:
2399 return "Special";
2400
2401 case SOCKET_MQUEUE:
2402 return "MessageQueue";
2403
2404 case SOCKET_FIFO:
2405 return "FIFO";
2406
60252446
PS		 2407 case SOCKET_USB_FUNCTION:
2408 return "USBFunction";
2409
718db961
LP		 2410 default:
2411 return NULL;
67419600
OS		 2412 }
2413}
2414
44a6b1b6 2415_pure_ static bool socket_check_gc(Unit *u) {
6cf6bbc2
LP		 2416 Socket *s = SOCKET(u);
2417
2418 assert(u);
2419
2420 return s->n_connections > 0;
2421}
2422
718db961
LP		 2423static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2424 SocketPort *p = userdata;
4f2d528d 2425 int cfd = -1;
9152c765 2426
718db961 2427 assert(p);
8d567588 2428 assert(fd >= 0);
9152c765 2429
718db961
LP		 2430 if (p->socket->state != SOCKET_LISTENING)
2431 return 0;
871d7de4 2432
f2341e0a 2433 log_unit_debug(UNIT(p->socket), "Incoming traffic");
9152c765 2434
718db961 2435 if (revents != EPOLLIN) {
641e01dc 2436
718db961 2437 if (revents & EPOLLHUP)
f2341e0a 2438 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
641e01dc 2439 else
f2341e0a 2440 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
8d567588 2441 goto fail;
4f2d528d
LP		 2442 }
2443
718db961
LP		 2444 if (p->socket->accept &&
2445 p->type == SOCKET_SOCKET &&
2446 socket_address_can_accept(&p->address)) {
2447
4f2d528d
LP		 2448 for (;;) {
2449
b14eda96
LP		 2450 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2451 if (cfd < 0) {
4f2d528d
LP		 2452
2453 if (errno == EINTR)
2454 continue;
2455
f2341e0a 2456 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
8d567588 2457 goto fail;
4f2d528d
LP		 2458 }
2459
2460 break;
2461 }
4fd5948e 2462
718db961 2463 socket_apply_socket_options(p->socket, cfd);
4f2d528d 2464 }
9152c765 2465
718db961
LP		 2466 socket_enter_running(p->socket, cfd);
2467 return 0;
8d567588
LP		 2468
2469fail:
718db961
LP		 2470 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2471 return 0;
9152c765
LP		 2472}
2473
87f0e418
LP		 2474static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2475 Socket *s = SOCKET(u);
cfc4eb4c 2476 SocketResult f;
5cb5a6ff
LP		 2477
2478 assert(s);
034c6ed7 2479 assert(pid >= 0);
5cb5a6ff 2480
8c47c732
LP		 2481 if (pid != s->control_pid)
2482 return;
542563ba 2483
034c6ed7
LP		 2484 s->control_pid = 0;
2485
96342de6 2486 if (is_clean_exit(code, status, NULL))
cfc4eb4c
LP		 2487 f = SOCKET_SUCCESS;
2488 else if (code == CLD_EXITED)
2489 f = SOCKET_FAILURE_EXIT_CODE;
2490 else if (code == CLD_KILLED)
2491 f = SOCKET_FAILURE_SIGNAL;
2492 else if (code == CLD_DUMPED)
2493 f = SOCKET_FAILURE_CORE_DUMP;
2494 else
a4152e3f 2495 assert_not_reached("Unknown sigchld code");
8c47c732 2496
b708e7ce 2497 if (s->control_command) {
6ea832a2 2498 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
a16e1123 2499
b708e7ce 2500 if (s->control_command->ignore)
cfc4eb4c 2501 f = SOCKET_SUCCESS;
b708e7ce
LP		 2502 }
2503
f2341e0a
LP		 2504 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2505 "Control process exited, code=%s status=%i",
2506 sigchld_code_to_string(code), status);
034c6ed7 2507
cfc4eb4c
LP		 2508 if (f != SOCKET_SUCCESS)
2509 s->result = f;
2510
2511 if (s->control_command &&
2512 s->control_command->command_next &&
2513 f == SOCKET_SUCCESS) {
2514
f2341e0a 2515 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
cfc4eb4c 2516 socket_run_next(s);
acbb0225 2517 } else {
a16e1123
LP		 2518 s->control_command = NULL;
2519 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2520
034c6ed7
LP		 2521 /* No further commands for this step, so let's figure
2522 * out what to do next */
5cb5a6ff 2523
f2341e0a 2524 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
acbb0225 2525
034c6ed7
LP		 2526 switch (s->state) {
2527
2528 case SOCKET_START_PRE:
cfc4eb4c 2529 if (f == SOCKET_SUCCESS)
3900e5fd 2530 socket_enter_start_chown(s);
034c6ed7 2531 else
cfc4eb4c 2532 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
034c6ed7
LP		 2533 break;
2534
3900e5fd
LP		 2535 case SOCKET_START_CHOWN:
2536 if (f == SOCKET_SUCCESS)
2537 socket_enter_start_post(s);
2538 else
2539 socket_enter_stop_pre(s, f);
2540 break;
2541
034c6ed7 2542 case SOCKET_START_POST:
cfc4eb4c 2543 if (f == SOCKET_SUCCESS)
e9af15c3 2544 socket_enter_listening(s);
034c6ed7 2545 else
cfc4eb4c 2546 socket_enter_stop_pre(s, f);
034c6ed7
LP		 2547 break;
2548
2549 case SOCKET_STOP_PRE:
2550 case SOCKET_STOP_PRE_SIGTERM:
2551 case SOCKET_STOP_PRE_SIGKILL:
cfc4eb4c 2552 socket_enter_stop_post(s, f);
034c6ed7
LP		 2553 break;
2554
2555 case SOCKET_STOP_POST:
80876c20
LP		 2556 case SOCKET_FINAL_SIGTERM:
2557 case SOCKET_FINAL_SIGKILL:
cfc4eb4c 2558 socket_enter_dead(s, f);
034c6ed7
LP		 2559 break;
2560
2561 default:
2562 assert_not_reached("Uh, control process died at wrong time.");
2563 }
2564 }
c4e2ceae
LP		 2565
2566 /* Notify clients about changed exit status */
2567 unit_add_to_dbus_queue(u);
034c6ed7 2568}
5cb5a6ff 2569
718db961
LP		 2570static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2571 Socket *s = SOCKET(userdata);
5cb5a6ff 2572
034c6ed7 2573 assert(s);
718db961 2574 assert(s->timer_event_source == source);
034c6ed7
LP		 2575
2576 switch (s->state) {
2577
2578 case SOCKET_START_PRE:
f2341e0a 2579 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
cfc4eb4c 2580 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
da19d5c1 2581 break;
80876c20 2582
3900e5fd 2583 case SOCKET_START_CHOWN:
034c6ed7 2584 case SOCKET_START_POST:
f2341e0a 2585 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
cfc4eb4c 2586 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2587 break;
2588
2589 case SOCKET_STOP_PRE:
f2341e0a 2590 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
cfc4eb4c 2591 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2592 break;
2593
2594 case SOCKET_STOP_PRE_SIGTERM:
4819ff03 2595 if (s->kill_context.send_sigkill) {
f2341e0a 2596 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
cfc4eb4c 2597 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2598 } else {
f2341e0a 2599 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
cfc4eb4c 2600 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2601 }
034c6ed7
LP		 2602 break;
2603
2604 case SOCKET_STOP_PRE_SIGKILL:
f2341e0a 2605 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
cfc4eb4c 2606 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2607 break;
2608
2609 case SOCKET_STOP_POST:
f2341e0a 2610 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
cfc4eb4c 2611 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2612 break;
2613
80876c20 2614 case SOCKET_FINAL_SIGTERM:
4819ff03 2615 if (s->kill_context.send_sigkill) {
f2341e0a 2616 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
cfc4eb4c 2617 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2618 } else {
f2341e0a 2619 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
cfc4eb4c 2620 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2621 }
034c6ed7
LP		 2622 break;
2623
80876c20 2624 case SOCKET_FINAL_SIGKILL:
f2341e0a 2625 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
cfc4eb4c 2626 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2627 break;
2628
2629 default:
2630 assert_not_reached("Timeout at wrong time.");
2631 }
718db961
LP		 2632
2633 return 0;
5cb5a6ff
LP		 2634}
2635
79c7626d
LP		 2636int socket_collect_fds(Socket *s, int **fds) {
2637 int *rfds, k = 0, n = 0;
44d8db9e
LP		 2638 SocketPort *p;
2639
2640 assert(s);
2641 assert(fds);
44d8db9e
LP		 2642
2643 /* Called from the service code for requesting our fds */
2644
15087cdb 2645 LIST_FOREACH(port, p, s->ports) {
44d8db9e 2646 if (p->fd >= 0)
79c7626d
LP		 2647 n++;
2648 n += p->n_auxiliary_fds;
15087cdb 2649 }
44d8db9e 2650
79c7626d 2651 if (n <= 0) {
de3756ab 2652 *fds = NULL;
de3756ab
LP		 2653 return 0;
2654 }
2655
79c7626d 2656 rfds = new(int, n);
e5403f09 2657 if (!rfds)
44d8db9e
LP		 2658 return -ENOMEM;
2659
15087cdb 2660 LIST_FOREACH(port, p, s->ports) {
79c7626d
LP		 2661 int i;
2662
44d8db9e
LP		 2663 if (p->fd >= 0)
2664 rfds[k++] = p->fd;
15087cdb
PS		 2665 for (i = 0; i < p->n_auxiliary_fds; ++i)
2666 rfds[k++] = p->auxiliary_fds[i];
2667 }
44d8db9e 2668
79c7626d 2669 assert(k == n);
44d8db9e
LP		 2670
2671 *fds = rfds;
79c7626d 2672 return n;
44d8db9e
LP		 2673}
2674
e821075a
LP		 2675static void socket_reset_failed(Unit *u) {
2676 Socket *s = SOCKET(u);
2677
2678 assert(s);
2679
2680 if (s->state == SOCKET_FAILED)
2681 socket_set_state(s, SOCKET_DEAD);
2682
2683 s->result = SOCKET_SUCCESS;
2684}
2685
d137a488 2686static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
ceee3d82
LP		 2687 assert(s);
2688
6cf6bbc2
LP		 2689 /* The service is dead. Dang!
2690 *
2691 * This is strictly for one-instance-for-all-connections
2692 * services. */
ceee3d82
LP		 2693
2694 if (s->state == SOCKET_RUNNING) {
f2341e0a 2695 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
6bda96a0
LP		 2696 if (failed_permanent)
2697 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
c2f34808
MS		 2698 else
2699 socket_enter_listening(s);
ceee3d82
LP		 2700 }
2701}
2702
6cf6bbc2
LP		 2703void socket_connection_unref(Socket *s) {
2704 assert(s);
2705
2706 /* The service is dead. Yay!
2707 *
35b8ca3a 2708 * This is strictly for one-instance-per-connection
6cf6bbc2
LP		 2709 * services. */
2710
2711 assert(s->n_connections > 0);
2712 s->n_connections--;
2713
f2341e0a 2714 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
5632e374
LP		 2715}
2716
d137a488
UTL		 2717static void socket_trigger_notify(Unit *u, Unit *other) {
2718 Socket *s = SOCKET(u);
e821075a 2719 Service *se;
d137a488
UTL		 2720
2721 assert(u);
2722 assert(other);
2723
2724 /* Don't propagate state changes from the service if we are
2725 already down or accepting connections */
920b52e4 2726 if ((s->state != SOCKET_RUNNING &&
d137a488
UTL		 2727 s->state != SOCKET_LISTENING) ||
2728 s->accept)
2729 return;
2730
2731 if (other->load_state != UNIT_LOADED ||
2732 other->type != UNIT_SERVICE)
2733 return;
2734
e821075a
LP		 2735 se = SERVICE(other);
2736
d137a488
UTL		 2737 if (se->state == SERVICE_FAILED)
2738 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2739
2740 if (se->state == SERVICE_DEAD ||
d137a488
UTL		 2741 se->state == SERVICE_FINAL_SIGTERM ||
2742 se->state == SERVICE_FINAL_SIGKILL ||
2743 se->state == SERVICE_AUTO_RESTART)
2744 socket_notify_service_dead(s, false);
2745
2746 if (se->state == SERVICE_RUNNING)
2747 socket_set_state(s, SOCKET_RUNNING);
2748}
2749
718db961 2750static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
814cc562 2751 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
8a0867d6
LP		 2752}
2753
68db7a3b
ZJS		 2754static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2755 Socket *s = SOCKET(u);
2756 int r;
2757
2758 if (!s->timer_event_source)
2759 return 0;
2760
2761 r = sd_event_source_get_time(s->timer_event_source, timeout);
2762 if (r < 0)
2763 return r;
2764
2765 return 1;
2766}
2767
8dd4c05b
LP		 2768char *socket_fdname(Socket *s) {
2769 assert(s);
2770
2771 /* Returns the name to use for $LISTEN_NAMES. If the user
2772 * didn't specify anything specifically, use the socket unit's
2773 * name as fallback. */
2774
2775 if (s->fdname)
2776 return s->fdname;
2777
2778 return UNIT(s)->id;
2779}
2780
a16e1123
LP		 2781static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2782 [SOCKET_EXEC_START_PRE] = "StartPre",
3900e5fd 2783 [SOCKET_EXEC_START_CHOWN] = "StartChown",
a16e1123
LP		 2784 [SOCKET_EXEC_START_POST] = "StartPost",
2785 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2786 [SOCKET_EXEC_STOP_POST] = "StopPost"
2787};
2788
2789DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2790
cfc4eb4c
LP		 2791static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2792 [SOCKET_SUCCESS] = "success",
2793 [SOCKET_FAILURE_RESOURCES] = "resources",
2794 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2795 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2796 [SOCKET_FAILURE_SIGNAL] = "signal",
c2f34808 2797 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
6bda96a0 2798 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
cfc4eb4c
LP		 2799};
2800
2801DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2802
87f0e418 2803const UnitVTable socket_vtable = {
7d17cfbc 2804 .object_size = sizeof(Socket),
718db961
LP		 2805 .exec_context_offset = offsetof(Socket, exec_context),
2806 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2807 .kill_context_offset = offsetof(Socket, kill_context),
613b411c 2808 .exec_runtime_offset = offsetof(Socket, exec_runtime),
3ef63c31 2809
f975e971
LP		 2810 .sections =
2811 "Unit\0"
2812 "Socket\0"
2813 "Install\0",
4ad49000 2814 .private_section = "Socket",
71645aca 2815
034c6ed7
LP		 2816 .init = socket_init,
2817 .done = socket_done,
a16e1123
LP		 2818 .load = socket_load,
2819
2820 .coldplug = socket_coldplug,
034c6ed7 2821
5cb5a6ff
LP		 2822 .dump = socket_dump,
2823
542563ba
LP		 2824 .start = socket_start,
2825 .stop = socket_stop,
5cb5a6ff 2826
718db961
LP		 2827 .kill = socket_kill,
2828
68db7a3b
ZJS		 2829 .get_timeout = socket_get_timeout,
2830
a16e1123
LP		 2831 .serialize = socket_serialize,
2832 .deserialize_item = socket_deserialize_item,
01e10de3 2833 .distribute_fds = socket_distribute_fds,
a16e1123 2834
5cb5a6ff 2835 .active_state = socket_active_state,
10a94420 2836 .sub_state_to_string = socket_sub_state_to_string,
5cb5a6ff 2837
6cf6bbc2
LP		 2838 .check_gc = socket_check_gc,
2839
034c6ed7 2840 .sigchld_event = socket_sigchld_event,
4139c1b2 2841
d137a488
UTL		 2842 .trigger_notify = socket_trigger_notify,
2843
fdf20a31 2844 .reset_failed = socket_reset_failed,
5632e374 2845
718db961 2846 .bus_vtable = bus_socket_vtable,
74c964d3
LP		 2847 .bus_set_property = bus_socket_set_property,
2848 .bus_commit_properties = bus_socket_commit_properties,
c6918296
MS		 2849
2850 .status_message_formats = {
2851 /*.starting_stopping = {
2852 [0] = "Starting socket %s...",
2853 [1] = "Stopping socket %s...",
2854 },*/
2855 .finished_start_job = {
2856 [JOB_DONE] = "Listening on %s.",
2857 [JOB_FAILED] = "Failed to listen on %s.",
c6918296
MS		 2858 [JOB_TIMEOUT] = "Timed out starting %s.",
2859 },
2860 .finished_stop_job = {
2861 [JOB_DONE] = "Closed %s.",
2862 [JOB_FAILED] = "Failed stopping %s.",
2863 [JOB_TIMEOUT] = "Timed out stopping %s.",
2864 },
2865 },
5cb5a6ff 2866};
Unnamed repository; edit this file 'description' to name the repository.