]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/socket.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
util-lib: split string parsing related calls from util.[ch] into parse-util.[ch]
[thirdparty/systemd.git] / src / core / socket.c
CommitLineData
d6c9574f 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
5cb5a6ff 2
a7334b09
LP		 3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
a7334b09 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
e8da24a6 22#include <arpa/inet.h>
83c60c9f
LP		 23#include <errno.h>
24#include <fcntl.h>
916abb21 25#include <mqueue.h>
e8da24a6
LP		 26#include <netinet/tcp.h>
27#include <signal.h>
28#include <sys/epoll.h>
29#include <sys/stat.h>
30#include <unistd.h>
83c60c9f 31
718db961 32#include "sd-event.h"
e8da24a6
LP		 33
34#include "bus-error.h"
35#include "bus-util.h"
36#include "copy.h"
37#include "dbus-socket.h"
38#include "def.h"
39#include "exit-status.h"
3ffd4af2 40#include "fd-util.h"
e8da24a6
LP		 41#include "formats-util.h"
42#include "label.h"
83c60c9f 43#include "log.h"
e8da24a6 44#include "missing.h"
49e942b2 45#include "mkdir.h"
6bedfcbb 46#include "parse-util.h"
9eb977db 47#include "path-util.h"
d7b8eec7 48#include "selinux-util.h"
24882e06 49#include "signal-util.h"
e8da24a6 50#include "smack-util.h"
24882e06 51#include "socket.h"
e8da24a6 52#include "special.h"
07630cea 53#include "string-util.h"
e8da24a6
LP		 54#include "strv.h"
55#include "unit-name.h"
56#include "unit-printf.h"
57#include "unit.h"
b1d4f8e1 58#include "user-util.h"
83c60c9f 59
acbb0225 60static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
87f0e418
LP		 61 [SOCKET_DEAD] = UNIT_INACTIVE,
62 [SOCKET_START_PRE] = UNIT_ACTIVATING,
3900e5fd 63 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
87f0e418
LP		 64 [SOCKET_START_POST] = UNIT_ACTIVATING,
65 [SOCKET_LISTENING] = UNIT_ACTIVE,
66 [SOCKET_RUNNING] = UNIT_ACTIVE,
67 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
68 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
69 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
70 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
80876c20
LP		 71 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
72 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
fdf20a31 73 [SOCKET_FAILED] = UNIT_FAILED
83c60c9f 74};
5cb5a6ff 75
718db961
LP		 76static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
77static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
78
a16e1123
LP		 79static void socket_init(Unit *u) {
80 Socket *s = SOCKET(u);
81
82 assert(u);
ac155bb8 83 assert(u->load_state == UNIT_STUB);
a16e1123 84
a16e1123 85 s->backlog = SOMAXCONN;
1f19a534 86 s->timeout_usec = u->manager->default_timeout_start_usec;
a16e1123 87 s->directory_mode = 0755;
9131f660 88 s->socket_mode = 0666;
a16e1123 89
6cf6bbc2
LP		 90 s->max_connections = 64;
91
4fd5948e 92 s->priority = -1;
4fd5948e
LP		 93 s->ip_tos = -1;
94 s->ip_ttl = -1;
4fd5948e 95 s->mark = -1;
4fd5948e 96
ac155bb8
MS		 97 s->exec_context.std_output = u->manager->default_std_output;
98 s->exec_context.std_error = u->manager->default_std_error;
085afe36 99
a16e1123
LP		 100 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
101}
acbb0225 102
5e94833f
LP		 103static void socket_unwatch_control_pid(Socket *s) {
104 assert(s);
105
106 if (s->control_pid <= 0)
107 return;
108
109 unit_unwatch_pid(UNIT(s), s->control_pid);
110 s->control_pid = 0;
111}
112
15087cdb 113static void socket_cleanup_fd_list(SocketPort *p) {
3ffd4af2 114 assert(p);
15087cdb 115
3ffd4af2 116 close_many(p->auxiliary_fds, p->n_auxiliary_fds);
15087cdb
PS		 117 p->auxiliary_fds = mfree(p->auxiliary_fds);
118 p->n_auxiliary_fds = 0;
119}
120
74051b9b 121void socket_free_ports(Socket *s) {
034c6ed7
LP		 122 SocketPort *p;
123
124 assert(s);
125
126 while ((p = s->ports)) {
71fda00f 127 LIST_REMOVE(port, s->ports, p);
034c6ed7 128
718db961
LP		 129 sd_event_source_unref(p->event_source);
130
15087cdb 131 socket_cleanup_fd_list(p);
03e334a1 132 safe_close(p->fd);
034c6ed7
LP		 133 free(p->path);
134 free(p);
135 }
74051b9b
LP		 136}
137
138static void socket_done(Unit *u) {
139 Socket *s = SOCKET(u);
140
141 assert(s);
142
143 socket_free_ports(s);
034c6ed7 144
613b411c 145 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
e537352b 146 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
034c6ed7
LP		 147 s->control_command = NULL;
148
5e94833f 149 socket_unwatch_control_pid(s);
034c6ed7 150
57020a3a 151 unit_ref_unset(&s->service);
034c6ed7 152
a1e58e8e
LP		 153 s->tcp_congestion = mfree(s->tcp_congestion);
154 s->bind_to_device = mfree(s->bind_to_device);
acbb0225 155
0eb59ccf
AK		 156 free(s->smack);
157 free(s->smack_ip_in);
158 free(s->smack_ip_out);
159
811ba7a0
LP		 160 strv_free(s->symlinks);
161
3900e5fd
LP		 162 free(s->user);
163 free(s->group);
164
718db961
LP		 165 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
166}
167
168static int socket_arm_timer(Socket *s) {
169 int r;
170
171 assert(s);
172
173 if (s->timeout_usec <= 0) {
174 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
175 return 0;
176 }
177
178 if (s->timer_event_source) {
179 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
180 if (r < 0)
181 return r;
182
183 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
184 }
185
7dfbe2e3 186 r = sd_event_add_time(
6a0f1f6d
LP		 187 UNIT(s)->manager->event,
188 &s->timer_event_source,
189 CLOCK_MONOTONIC,
190 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
191 socket_dispatch_timer, s);
7dfbe2e3
TG		 192 if (r < 0)
193 return r;
194
195 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
196
197 return 0;
5cb5a6ff
LP		 198}
199
8b835fcc
ZJS		 200int socket_instantiate_service(Socket *s) {
201 _cleanup_free_ char *prefix = NULL, *name = NULL;
b15bdda8
LP		 202 int r;
203 Unit *u;
204
205 assert(s);
206
207 /* This fills in s->service if it isn't filled in yet. For
208 * Accept=yes sockets we create the next connection service
209 * here. For Accept=no this is mostly a NOP since the service
210 * is figured out at load time anyway. */
211
7410616c 212 if (UNIT_DEREF(s->service))
b15bdda8
LP		 213 return 0;
214
7410616c
LP		 215 if (!s->accept)
216 return 0;
217
218 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
219 if (r < 0)
220 return r;
b15bdda8 221
315db1a8 222 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
b15bdda8
LP		 223 return -ENOMEM;
224
1124fe6f 225 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
b15bdda8
LP		 226 if (r < 0)
227 return r;
228
ac155bb8 229 u->no_gc = true;
57020a3a
LP		 230 unit_ref_set(&s->service, u);
231
232 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
b15bdda8
LP		 233}
234
4f2d528d
LP		 235static bool have_non_accept_socket(Socket *s) {
236 SocketPort *p;
237
238 assert(s);
239
240 if (!s->accept)
241 return true;
242
dd5ad9d4
LP		 243 LIST_FOREACH(port, p, s->ports) {
244
245 if (p->type != SOCKET_SOCKET)
246 return true;
247
4f2d528d
LP		 248 if (!socket_address_can_accept(&p->address))
249 return true;
dd5ad9d4 250 }
4f2d528d
LP		 251
252 return false;
253}
254
a57f7e2c 255static int socket_add_mount_links(Socket *s) {
6e2ef85b 256 SocketPort *p;
6e2ef85b
LP		 257 int r;
258
259 assert(s);
6e2ef85b 260
a57f7e2c
LP		 261 LIST_FOREACH(port, p, s->ports) {
262 const char *path = NULL;
6e2ef85b 263
a57f7e2c
LP		 264 if (p->type == SOCKET_SOCKET)
265 path = socket_address_get_path(&p->address);
60252446 266 else if (IN_SET(p->type, SOCKET_FIFO, SOCKET_SPECIAL, SOCKET_USB_FUNCTION))
a57f7e2c 267 path = p->path;
6e2ef85b 268
a57f7e2c
LP		 269 if (!path)
270 continue;
6e2ef85b 271
a57f7e2c 272 r = unit_require_mounts_for(UNIT(s), path);
b87705cd 273 if (r < 0)
6e2ef85b 274 return r;
b87705cd 275 }
6e2ef85b
LP		 276
277 return 0;
278}
279
280static int socket_add_device_link(Socket *s) {
281 char *t;
6e2ef85b
LP		 282
283 assert(s);
284
7d0c710d 285 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
6e2ef85b
LP		 286 return 0;
287
63c372cb 288 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
e821075a 289 return unit_add_node_link(UNIT(s), t, false);
6e2ef85b
LP		 290}
291
a40eb732
LP		 292static int socket_add_default_dependencies(Socket *s) {
293 int r;
294 assert(s);
295
e3d84721
LP		 296 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
297 if (r < 0)
298 return r;
2a77d31d 299
b2c23da8 300 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
e3d84721
LP		 301 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
302 if (r < 0)
a40eb732 303 return r;
2a77d31d 304 }
a40eb732 305
ead8e478 306 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
a40eb732
LP		 307}
308
44a6b1b6 309_pure_ static bool socket_has_exec(Socket *s) {
4cfc6dbe
LP		 310 unsigned i;
311 assert(s);
312
313 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
314 if (s->exec_command[i])
315 return true;
316
317 return false;
318}
319
e821075a
LP		 320static int socket_add_extras(Socket *s) {
321 Unit *u = UNIT(s);
e537352b 322 int r;
44d8db9e 323
e821075a 324 assert(s);
57020a3a 325
e821075a 326 if (have_non_accept_socket(s)) {
23a177ef 327
e821075a
LP		 328 if (!UNIT_DEREF(s->service)) {
329 Unit *x;
57020a3a 330
e821075a 331 r = unit_load_related_unit(u, ".service", &x);
57020a3a 332 if (r < 0)
4f2d528d 333 return r;
e821075a
LP		 334
335 unit_ref_set(&s->service, x);
4f2d528d 336 }
44d8db9e 337
e821075a
LP		 338 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
339 if (r < 0)
6e2ef85b 340 return r;
e821075a 341 }
6e2ef85b 342
e821075a
LP		 343 r = socket_add_mount_links(s);
344 if (r < 0)
345 return r;
6e2ef85b 346
e821075a
LP		 347 r = socket_add_device_link(s);
348 if (r < 0)
349 return r;
350
598459ce 351 r = unit_patch_contexts(u);
e821075a
LP		 352 if (r < 0)
353 return r;
354
355 if (socket_has_exec(s)) {
356 r = unit_add_exec_dependencies(u, &s->exec_context);
357 if (r < 0)
358 return r;
23a177ef 359
d79200e2 360 r = unit_set_default_slice(u);
a016b922
LP		 361 if (r < 0)
362 return r;
e821075a 363 }
a016b922 364
e821075a
LP		 365 if (u->default_dependencies) {
366 r = socket_add_default_dependencies(s);
367 if (r < 0)
368 return r;
369 }
370
371 return 0;
372}
373
811ba7a0
LP		 374static const char *socket_find_symlink_target(Socket *s) {
375 const char *found = NULL;
376 SocketPort *p;
377
378 LIST_FOREACH(port, p, s->ports) {
379 const char *f = NULL;
380
381 switch (p->type) {
382
383 case SOCKET_FIFO:
384 f = p->path;
385 break;
386
387 case SOCKET_SOCKET:
388 if (p->address.sockaddr.un.sun_path[0] != 0)
389 f = p->address.sockaddr.un.sun_path;
390 break;
391
392 default:
393 break;
394 }
395
396 if (f) {
397 if (found)
398 return NULL;
399
400 found = f;
401 }
402 }
403
404 return found;
405}
406
e821075a
LP		 407static int socket_verify(Socket *s) {
408 assert(s);
409
410 if (UNIT(s)->load_state != UNIT_LOADED)
411 return 0;
412
413 if (!s->ports) {
f2341e0a 414 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
e821075a
LP		 415 return -EINVAL;
416 }
417
418 if (s->accept && have_non_accept_socket(s)) {
f2341e0a 419 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
e821075a
LP		 420 return -EINVAL;
421 }
422
423 if (s->accept && s->max_connections <= 0) {
f2341e0a 424 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
e821075a
LP		 425 return -EINVAL;
426 }
e06c73cc 427
e821075a 428 if (s->accept && UNIT_DEREF(s->service)) {
f2341e0a 429 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
e821075a
LP		 430 return -EINVAL;
431 }
432
433 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
f2341e0a 434 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
e821075a
LP		 435 return -EINVAL;
436 }
437
811ba7a0 438 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
f2341e0a 439 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
811ba7a0
LP		 440 return -EINVAL;
441 }
442
e821075a
LP		 443 return 0;
444}
445
446static int socket_load(Unit *u) {
447 Socket *s = SOCKET(u);
448 int r;
449
450 assert(u);
451 assert(u->load_state == UNIT_STUB);
452
453 r = unit_load_fragment_and_dropin(u);
454 if (r < 0)
455 return r;
456
457 if (u->load_state == UNIT_LOADED) {
458 /* This is a new unit? Then let's add in some extras */
459 r = socket_add_extras(s);
e06c73cc
LP		 460 if (r < 0)
461 return r;
23a177ef
LP		 462 }
463
4f2d528d 464 return socket_verify(s);
44d8db9e
LP		 465}
466
44a6b1b6 467_const_ static const char* listen_lookup(int family, int type) {
7a22745a
LP		 468
469 if (family == AF_NETLINK)
470 return "ListenNetlink";
542563ba
LP		 471
472 if (type == SOCK_STREAM)
473 return "ListenStream";
474 else if (type == SOCK_DGRAM)
475 return "ListenDatagram";
476 else if (type == SOCK_SEQPACKET)
477 return "ListenSequentialPacket";
478
034c6ed7 479 assert_not_reached("Unknown socket type");
542563ba
LP		 480 return NULL;
481}
482
87f0e418 483static void socket_dump(Unit *u, FILE *f, const char *prefix) {
209e9dcd 484 char time_string[FORMAT_TIMESPAN_MAX];
5cb5a6ff 485 SocketExecCommand c;
87f0e418 486 Socket *s = SOCKET(u);
542563ba 487 SocketPort *p;
82ba9f08 488 const char *prefix2;
5cb5a6ff
LP		 489
490 assert(s);
fa068367 491 assert(f);
5cb5a6ff 492
4c940960 493 prefix = strempty(prefix);
63c372cb 494 prefix2 = strjoina(prefix, "\t");
c43d20a0 495
5cb5a6ff
LP		 496 fprintf(f,
497 "%sSocket State: %s\n"
81a5c6d0 498 "%sResult: %s\n"
542563ba 499 "%sBindIPv6Only: %s\n"
b5a0699f
LP		 500 "%sBacklog: %u\n"
501 "%sSocketMode: %04o\n"
4fd5948e
LP		 502 "%sDirectoryMode: %04o\n"
503 "%sKeepAlive: %s\n"
4427c3f4 504 "%sNoDelay: %s\n"
cebf8b20 505 "%sFreeBind: %s\n"
6b6d2dee 506 "%sTransparent: %s\n"
ec6370a2 507 "%sBroadcast: %s\n"
ede3deb4 508 "%sPassCredentials: %s\n"
54ecda32 509 "%sPassSecurity: %s\n"
bd1fe7c7 510 "%sTCPCongestion: %s\n"
16115b0a 511 "%sRemoveOnStop: %s\n"
55301ec0 512 "%sWritable: %s\n"
8dd4c05b 513 "%sFDName: %s\n"
16115b0a 514 "%sSELinuxContextFromNet: %s\n",
a16e1123 515 prefix, socket_state_to_string(s->state),
81a5c6d0 516 prefix, socket_result_to_string(s->result),
c0120d99 517 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
b5a0699f
LP		 518 prefix, s->backlog,
519 prefix, s->socket_mode,
4fd5948e
LP		 520 prefix, s->directory_mode,
521 prefix, yes_no(s->keep_alive),
4427c3f4 522 prefix, yes_no(s->no_delay),
cebf8b20 523 prefix, yes_no(s->free_bind),
6b6d2dee 524 prefix, yes_no(s->transparent),
ec6370a2 525 prefix, yes_no(s->broadcast),
d68af586 526 prefix, yes_no(s->pass_cred),
54ecda32 527 prefix, yes_no(s->pass_sec),
bd1fe7c7 528 prefix, strna(s->tcp_congestion),
16115b0a 529 prefix, yes_no(s->remove_on_stop),
55301ec0 530 prefix, yes_no(s->writable),
8dd4c05b 531 prefix, socket_fdname(s),
16115b0a 532 prefix, yes_no(s->selinux_context_from_net));
542563ba 533
70123e68
LP		 534 if (s->control_pid > 0)
535 fprintf(f,
de0671ee
ZJS		 536 "%sControl PID: "PID_FMT"\n",
537 prefix, s->control_pid);
70123e68 538
acbb0225
LP		 539 if (s->bind_to_device)
540 fprintf(f,
541 "%sBindToDevice: %s\n",
542 prefix, s->bind_to_device);
543
4f2d528d
LP		 544 if (s->accept)
545 fprintf(f,
6cf6bbc2
LP		 546 "%sAccepted: %u\n"
547 "%sNConnections: %u\n"
548 "%sMaxConnections: %u\n",
549 prefix, s->n_accepted,
550 prefix, s->n_connections,
551 prefix, s->max_connections);
4f2d528d 552
4fd5948e
LP		 553 if (s->priority >= 0)
554 fprintf(f,
555 "%sPriority: %i\n",
556 prefix, s->priority);
557
558 if (s->receive_buffer > 0)
559 fprintf(f,
560 "%sReceiveBuffer: %zu\n",
561 prefix, s->receive_buffer);
562
563 if (s->send_buffer > 0)
564 fprintf(f,
565 "%sSendBuffer: %zu\n",
566 prefix, s->send_buffer);
567
568 if (s->ip_tos >= 0)
569 fprintf(f,
570 "%sIPTOS: %i\n",
571 prefix, s->ip_tos);
572
573 if (s->ip_ttl >= 0)
574 fprintf(f,
575 "%sIPTTL: %i\n",
576 prefix, s->ip_ttl);
577
578 if (s->pipe_size > 0)
579 fprintf(f,
580 "%sPipeSize: %zu\n",
581 prefix, s->pipe_size);
582
583 if (s->mark >= 0)
584 fprintf(f,
585 "%sMark: %i\n",
586 prefix, s->mark);
587
916abb21
LP		 588 if (s->mq_maxmsg > 0)
589 fprintf(f,
590 "%sMessageQueueMaxMessages: %li\n",
591 prefix, s->mq_maxmsg);
592
593 if (s->mq_msgsize > 0)
594 fprintf(f,
595 "%sMessageQueueMessageSize: %li\n",
596 prefix, s->mq_msgsize);
597
718db961 598 if (s->reuse_port)
f7db7a69
SL		 599 fprintf(f,
600 "%sReusePort: %s\n",
718db961 601 prefix, yes_no(s->reuse_port));
f7db7a69 602
0eb59ccf
AK		 603 if (s->smack)
604 fprintf(f,
605 "%sSmackLabel: %s\n",
606 prefix, s->smack);
607
608 if (s->smack_ip_in)
609 fprintf(f,
610 "%sSmackLabelIPIn: %s\n",
611 prefix, s->smack_ip_in);
612
613 if (s->smack_ip_out)
614 fprintf(f,
615 "%sSmackLabelIPOut: %s\n",
616 prefix, s->smack_ip_out);
617
3900e5fd
LP		 618 if (!isempty(s->user) || !isempty(s->group))
619 fprintf(f,
620 "%sOwnerUser: %s\n"
621 "%sOwnerGroup: %s\n",
622 prefix, strna(s->user),
623 prefix, strna(s->group));
624
3cd761e4 625 if (s->keep_alive_time > 0)
209e9dcd 626 fprintf(f,
3cd761e4
LP		 627 "%sKeepAliveTimeSec: %s\n",
628 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
209e9dcd 629
3cd761e4 630 if (s->keep_alive_interval)
209e9dcd 631 fprintf(f,
3cd761e4
LP		 632 "%sKeepAliveIntervalSec: %s\n",
633 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
209e9dcd 634
3cd761e4 635 if (s->keep_alive_cnt)
209e9dcd
SS		 636 fprintf(f,
637 "%sKeepAliveProbes: %u\n",
638 prefix, s->keep_alive_cnt);
639
3cd761e4 640 if (s->defer_accept)
cc567c9b 641 fprintf(f,
3cd761e4
LP		 642 "%sDeferAcceptSec: %s\n",
643 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
cc567c9b 644
034c6ed7 645 LIST_FOREACH(port, p, s->ports) {
5cb5a6ff 646
542563ba
LP		 647 if (p->type == SOCKET_SOCKET) {
648 const char *t;
649 int r;
e364ad06 650 char *k = NULL;
542563ba 651
e53fc357
LP		 652 r = socket_address_print(&p->address, &k);
653 if (r < 0)
542563ba
LP		 654 t = strerror(-r);
655 else
656 t = k;
657
7a22745a 658 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
542563ba 659 free(k);
b0a3f2bc
LP		 660 } else if (p->type == SOCKET_SPECIAL)
661 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
60252446
PS		 662 else if (p->type == SOCKET_USB_FUNCTION)
663 fprintf(f, "%sListenUSBFunction: %s\n", prefix, p->path);
916abb21
LP		 664 else if (p->type == SOCKET_MQUEUE)
665 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
b0a3f2bc 666 else
542563ba
LP		 667 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
668 }
5cb5a6ff
LP		 669
670 exec_context_dump(&s->exec_context, f, prefix);
4819ff03 671 kill_context_dump(&s->kill_context, f, prefix);
5cb5a6ff 672
e537352b 673 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
c43d20a0
LP		 674 if (!s->exec_command[c])
675 continue;
5cb5a6ff 676
40d50879 677 fprintf(f, "%s-> %s:\n",
a16e1123 678 prefix, socket_exec_command_to_string(c));
c43d20a0
LP		 679
680 exec_command_dump_list(s->exec_command[c], f, prefix2);
5cb5a6ff
LP		 681 }
682}
683
4f2d528d
LP		 684static int instance_from_socket(int fd, unsigned nr, char **instance) {
685 socklen_t l;
686 char *r;
9d16d0c7 687 union sockaddr_union local, remote;
4f2d528d
LP		 688
689 assert(fd >= 0);
690 assert(instance);
691
692 l = sizeof(local);
693 if (getsockname(fd, &local.sa, &l) < 0)
694 return -errno;
695
696 l = sizeof(remote);
697 if (getpeername(fd, &remote.sa, &l) < 0)
698 return -errno;
699
700 switch (local.sa.sa_family) {
701
702 case AF_INET: {
703 uint32_t
704 a = ntohl(local.in.sin_addr.s_addr),
705 b = ntohl(remote.in.sin_addr.s_addr);
706
707 if (asprintf(&r,
77b088c2
LP		 708 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
709 nr,
4f2d528d
LP		 710 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
711 ntohs(local.in.sin_port),
712 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
713 ntohs(remote.in.sin_port)) < 0)
714 return -ENOMEM;
715
716 break;
717 }
718
719 case AF_INET6: {
c65a0b14 720 static const unsigned char ipv4_prefix[] = {
2b061f5a
LP		 721 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
722 };
723
724 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
725 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
726 const uint8_t
727 *a = local.in6.sin6_addr.s6_addr+12,
728 *b = remote.in6.sin6_addr.s6_addr+12;
729
730 if (asprintf(&r,
77b088c2
LP		 731 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
732 nr,
2b061f5a
LP		 733 a[0], a[1], a[2], a[3],
734 ntohs(local.in6.sin6_port),
735 b[0], b[1], b[2], b[3],
736 ntohs(remote.in6.sin6_port)) < 0)
737 return -ENOMEM;
738 } else {
739 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
740
741 if (asprintf(&r,
77b088c2
LP		 742 "%u-%s:%u-%s:%u",
743 nr,
2b061f5a
LP		 744 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
745 ntohs(local.in6.sin6_port),
746 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
747 ntohs(remote.in6.sin6_port)) < 0)
748 return -ENOMEM;
749 }
4f2d528d
LP		 750
751 break;
752 }
753
754 case AF_UNIX: {
755 struct ucred ucred;
eff05270 756 int k;
4f2d528d 757
eff05270 758 k = getpeercred(fd, &ucred);
d38f6e34
ZJS		 759 if (k >= 0) {
760 if (asprintf(&r,
761 "%u-"PID_FMT"-"UID_FMT,
762 nr, ucred.pid, ucred.uid) < 0)
763 return -ENOMEM;
764 } else if (k == -ENODATA) {
765 /* This handles the case where somebody is
766 * connecting from another pid/uid namespace
767 * (e.g. from outside of our container). */
768 if (asprintf(&r,
769 "%u-unknown",
770 nr) < 0)
771 return -ENOMEM;
772 } else
eff05270 773 return k;
2f20a8eb 774
2f20a8eb 775 break;
4f2d528d
LP		 776 }
777
778 default:
779 assert_not_reached("Unhandled socket type.");
780 }
781
782 *instance = r;
783 return 0;
784}
785
034c6ed7 786static void socket_close_fds(Socket *s) {
83c60c9f 787 SocketPort *p;
811ba7a0 788 char **i;
83c60c9f
LP		 789
790 assert(s);
791
034c6ed7 792 LIST_FOREACH(port, p, s->ports) {
718db961
LP		 793
794 p->event_source = sd_event_source_unref(p->event_source);
795
83c60c9f
LP		 796 if (p->fd < 0)
797 continue;
798
03e334a1 799 p->fd = safe_close(p->fd);
15087cdb 800 socket_cleanup_fd_list(p);
a16e1123 801
bd1fe7c7
LP		 802 /* One little note: we should normally not delete any
803 * sockets in the file system here! After all some
804 * other process we spawned might still have a
805 * reference of this fd and wants to continue to use
806 * it. Therefore we delete sockets in the file system
807 * before we create a new one, not after we stopped
808 * using one! */
809
810 if (s->remove_on_stop) {
811 switch (p->type) {
812
813 case SOCKET_FIFO:
814 unlink(p->path);
815 break;
816
817 case SOCKET_MQUEUE:
818 mq_unlink(p->path);
819 break;
820
821 case SOCKET_SOCKET:
822 socket_address_unlink(&p->address);
823 break;
824
825 default:
826 break;
827 }
828 }
83c60c9f 829 }
811ba7a0
LP		 830
831 if (s->remove_on_stop)
832 STRV_FOREACH(i, s->symlinks)
833 unlink(*i);
83c60c9f
LP		 834}
835
4fd5948e 836static void socket_apply_socket_options(Socket *s, int fd) {
d53e386d
LP		 837 int r;
838
4fd5948e
LP		 839 assert(s);
840 assert(fd >= 0);
841
842 if (s->keep_alive) {
843 int b = s->keep_alive;
844 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
f2341e0a 845 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
4fd5948e
LP		 846 }
847
209e9dcd
SS		 848 if (s->keep_alive_time) {
849 int value = s->keep_alive_time / USEC_PER_SEC;
850 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
f2341e0a 851 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
209e9dcd
SS		 852 }
853
854 if (s->keep_alive_interval) {
920b52e4 855 int value = s->keep_alive_interval / USEC_PER_SEC;
209e9dcd 856 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
f2341e0a 857 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
209e9dcd
SS		 858 }
859
860 if (s->keep_alive_cnt) {
861 int value = s->keep_alive_cnt;
172cfe87 862 if (setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &value, sizeof(value)) < 0)
f2341e0a 863 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
209e9dcd
SS		 864 }
865
cc567c9b
SS		 866 if (s->defer_accept) {
867 int value = s->defer_accept / USEC_PER_SEC;
868 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
f2341e0a 869 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
cc567c9b
SS		 870 }
871
4427c3f4
SS		 872 if (s->no_delay) {
873 int b = s->no_delay;
874 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
f2341e0a 875 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
4427c3f4
SS		 876 }
877
ec6370a2
LP		 878 if (s->broadcast) {
879 int one = 1;
880 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
f2341e0a 881 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
ec6370a2
LP		 882 }
883
d68af586
MS		 884 if (s->pass_cred) {
885 int one = 1;
886 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
f2341e0a 887 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
d68af586
MS		 888 }
889
54ecda32
LP		 890 if (s->pass_sec) {
891 int one = 1;
892 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
f2341e0a 893 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
54ecda32
LP		 894 }
895
4fd5948e
LP		 896 if (s->priority >= 0)
897 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
f2341e0a 898 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
4fd5948e
LP		 899
900 if (s->receive_buffer > 0) {
901 int value = (int) s->receive_buffer;
7d9eaa84
LP		 902
903 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
904
b8cef44e 905 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 906 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
f2341e0a 907 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
4fd5948e
LP		 908 }
909
910 if (s->send_buffer > 0) {
911 int value = (int) s->send_buffer;
b8cef44e 912 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 913 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
f2341e0a 914 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
4fd5948e
LP		 915 }
916
917 if (s->mark >= 0)
918 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
f2341e0a 919 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
4fd5948e
LP		 920
921 if (s->ip_tos >= 0)
922 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
f2341e0a 923 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
4fd5948e 924
46925ac5 925 if (s->ip_ttl >= 0) {
d53e386d 926 int x;
46925ac5
LP		 927
928 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
5bfcc1c6
FF		 929
930 if (socket_ipv6_is_supported())
931 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
932 else {
933 x = -1;
934 errno = EAFNOSUPPORT;
935 }
46925ac5
LP		 936
937 if (r < 0 && x < 0)
f2341e0a 938 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
46925ac5 939 }
cebf8b20
TT		 940
941 if (s->tcp_congestion)
942 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
f2341e0a 943 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
0eb59ccf 944
d53e386d 945 if (s->smack_ip_in) {
5ab58c20 946 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
d53e386d 947 if (r < 0)
f2341e0a 948 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
d53e386d 949 }
9a4e038c 950
d53e386d 951 if (s->smack_ip_out) {
5ab58c20 952 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
d53e386d 953 if (r < 0)
f2341e0a 954 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
d53e386d 955 }
4fd5948e
LP		 956}
957
b15bdda8 958static void socket_apply_fifo_options(Socket *s, int fd) {
d53e386d
LP		 959 int r;
960
4fd5948e
LP		 961 assert(s);
962 assert(fd >= 0);
963
964 if (s->pipe_size > 0)
965 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
ed460b07 966 log_unit_warning_errno(UNIT(s), errno, "Setting pipe size failed, ignoring: %m");
0eb59ccf 967
d53e386d 968 if (s->smack) {
5ab58c20 969 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
d53e386d 970 if (r < 0)
ed460b07 971 log_unit_error_errno(UNIT(s), r, "SMACK relabelling failed, ignoring: %m");
d53e386d 972 }
4fd5948e
LP		 973}
974
b15bdda8
LP		 975static int fifo_address_create(
976 const char *path,
977 mode_t directory_mode,
e8da24a6 978 mode_t socket_mode) {
b15bdda8 979
e8da24a6 980 _cleanup_close_ int fd = -1;
b15bdda8 981 mode_t old_mask;
e8da24a6
LP		 982 struct stat st;
983 int r;
b15bdda8
LP		 984
985 assert(path);
b15bdda8 986
d2e54fae 987 mkdir_parents_label(path, directory_mode);
b15bdda8 988
ecabcf8b 989 r = mac_selinux_create_file_prepare(path, S_IFIFO);
e9a5ef7c 990 if (r < 0)
e8da24a6 991 return r;
b15bdda8
LP		 992
993 /* Enforce the right access mode for the fifo */
994 old_mask = umask(~ socket_mode);
995
996 /* Include the original umask in our mask */
e8da24a6 997 (void) umask(~socket_mode | old_mask);
b15bdda8
LP		 998
999 r = mkfifo(path, socket_mode);
e8da24a6 1000 (void) umask(old_mask);
b15bdda8 1001
94bc2731 1002 if (r < 0 && errno != EEXIST) {
b15bdda8
LP		 1003 r = -errno;
1004 goto fail;
1005 }
1006
e8da24a6 1007 fd = open(path, O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
3cc2aff1 1008 if (fd < 0) {
b15bdda8
LP		 1009 r = -errno;
1010 goto fail;
1011 }
1012
ecabcf8b 1013 mac_selinux_create_file_clear();
7a58bfa4 1014
b15bdda8
LP		 1015 if (fstat(fd, &st) < 0) {
1016 r = -errno;
1017 goto fail;
1018 }
1019
1020 if (!S_ISFIFO(st.st_mode) ||
de0200fc 1021 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
e4f44e73
DR		 1022 st.st_uid != getuid() ||
1023 st.st_gid != getgid()) {
b15bdda8
LP		 1024 r = -EEXIST;
1025 goto fail;
1026 }
1027
e8da24a6
LP		 1028 r = fd;
1029 fd = -1;
1030
1031 return r;
b15bdda8
LP		 1032
1033fail:
ecabcf8b 1034 mac_selinux_create_file_clear();
b15bdda8
LP		 1035 return r;
1036}
1037
55301ec0 1038static int special_address_create(const char *path, bool writable) {
e8da24a6 1039 _cleanup_close_ int fd = -1;
b0a3f2bc 1040 struct stat st;
e8da24a6 1041 int r;
b0a3f2bc
LP		 1042
1043 assert(path);
b0a3f2bc 1044
55301ec0 1045 fd = open(path, (writable ? O_RDWR : O_RDONLY)|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
e8da24a6
LP		 1046 if (fd < 0)
1047 return -errno;
b0a3f2bc 1048
e8da24a6
LP		 1049 if (fstat(fd, &st) < 0)
1050 return -errno;
b0a3f2bc
LP		 1051
1052 /* Check whether this is a /proc, /sys or /dev file or char device */
e8da24a6
LP		 1053 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode))
1054 return -EEXIST;
b0a3f2bc 1055
e8da24a6
LP		 1056 r = fd;
1057 fd = -1;
b0a3f2bc
LP		 1058
1059 return r;
1060}
1061
36078102 1062static int usbffs_address_create(const char *path) {
60252446
PS		 1063 _cleanup_close_ int fd = -1;
1064 struct stat st;
e8da24a6 1065 int r;
60252446
PS		 1066
1067 assert(path);
60252446
PS		 1068
1069 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1070 if (fd < 0)
1071 return -errno;
1072
1073 if (fstat(fd, &st) < 0)
1074 return -errno;
1075
1076 /* Check whether this is a regular file (ffs endpoint)*/
1077 if (!S_ISREG(st.st_mode))
1078 return -EEXIST;
1079
e8da24a6 1080 r = fd;
60252446
PS		 1081 fd = -1;
1082
e8da24a6 1083 return r;
60252446
PS		 1084}
1085
916abb21
LP		 1086static int mq_address_create(
1087 const char *path,
1088 mode_t mq_mode,
1089 long maxmsg,
e8da24a6 1090 long msgsize) {
916abb21 1091
e8da24a6 1092 _cleanup_close_ int fd = -1;
916abb21
LP		 1093 struct stat st;
1094 mode_t old_mask;
1095 struct mq_attr _attr, *attr = NULL;
e8da24a6 1096 int r;
916abb21
LP		 1097
1098 assert(path);
916abb21
LP		 1099
1100 if (maxmsg > 0 && msgsize > 0) {
e8da24a6
LP		 1101 _attr = (struct mq_attr) {
1102 .mq_flags = O_NONBLOCK,
1103 .mq_maxmsg = maxmsg,
1104 .mq_msgsize = msgsize,
1105 };
916abb21
LP		 1106 attr = &_attr;
1107 }
1108
1109 /* Enforce the right access mode for the mq */
1110 old_mask = umask(~ mq_mode);
1111
1112 /* Include the original umask in our mask */
e8da24a6 1113 (void) umask(~mq_mode | old_mask);
916abb21 1114 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
e8da24a6 1115 (void) umask(old_mask);
916abb21 1116
e8da24a6
LP		 1117 if (fd < 0)
1118 return -errno;
916abb21 1119
e8da24a6
LP		 1120 if (fstat(fd, &st) < 0)
1121 return -errno;
916abb21
LP		 1122
1123 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1124 st.st_uid != getuid() ||
e8da24a6
LP		 1125 st.st_gid != getgid())
1126 return -EEXIST;
916abb21 1127
e8da24a6
LP		 1128 r = fd;
1129 fd = -1;
916abb21 1130
916abb21
LP		 1131 return r;
1132}
1133
811ba7a0
LP		 1134static int socket_symlink(Socket *s) {
1135 const char *p;
1136 char **i;
1137
1138 assert(s);
1139
1140 p = socket_find_symlink_target(s);
1141 if (!p)
1142 return 0;
1143
1144 STRV_FOREACH(i, s->symlinks)
43b133b4 1145 symlink_label(p, *i);
811ba7a0
LP		 1146
1147 return 0;
1148}
1149
36078102 1150static int usbffs_write_descs(int fd, Service *s) {
6b7e5923
PS		 1151 int r;
1152
1153 if (!s->usb_function_descriptors || !s->usb_function_strings)
1154 return -EINVAL;
1155
1156 r = copy_file_fd(s->usb_function_descriptors, fd, false);
1157 if (r < 0)
e8da24a6 1158 return r;
6b7e5923 1159
e8da24a6 1160 return copy_file_fd(s->usb_function_strings, fd, false);
6b7e5923
PS		 1161}
1162
36078102 1163static int usbffs_select_ep(const struct dirent *d) {
60252446
PS		 1164 return d->d_name[0] != '.' && !streq(d->d_name, "ep0");
1165}
1166
36078102 1167static int usbffs_dispatch_eps(SocketPort *p) {
60252446 1168 _cleanup_free_ struct dirent **ent = NULL;
60252446 1169 _cleanup_free_ char *path = NULL;
36078102 1170 int r, i, n, k;
60252446
PS		 1171
1172 r = path_get_parent(p->path, &path);
1173 if (r < 0)
1174 return r;
1175
36078102 1176 r = scandir(path, &ent, usbffs_select_ep, alphasort);
60252446
PS		 1177 if (r < 0)
1178 return -errno;
1179
1180 n = r;
1181 p->auxiliary_fds = new(int, n);
1182 if (!p->auxiliary_fds)
1183 return -ENOMEM;
1184
1185 p->n_auxiliary_fds = n;
1186
1187 k = 0;
1188 for (i = 0; i < n; ++i) {
1189 _cleanup_free_ char *ep = NULL;
1190
1191 ep = path_make_absolute(ent[i]->d_name, path);
1192 if (!ep)
1193 return -ENOMEM;
1194
1195 path_kill_slashes(ep);
1196
36078102 1197 r = usbffs_address_create(ep);
60252446
PS		 1198 if (r < 0)
1199 goto fail;
1200
e8da24a6
LP		 1201 p->auxiliary_fds[k] = r;
1202
60252446
PS		 1203 ++k;
1204 free(ent[i]);
1205 }
1206
1207 return r;
1208
1209fail:
e8da24a6 1210 close_many(p->auxiliary_fds, k);
60252446
PS		 1211 p->auxiliary_fds = mfree(p->auxiliary_fds);
1212 p->n_auxiliary_fds = 0;
1213
1214 return r;
1215}
1216
034c6ed7 1217static int socket_open_fds(Socket *s) {
710a6b50
LP		 1218 _cleanup_(mac_selinux_freep) char *label = NULL;
1219 bool know_label = false;
83c60c9f
LP		 1220 SocketPort *p;
1221 int r;
1222
1223 assert(s);
1224
034c6ed7 1225 LIST_FOREACH(port, p, s->ports) {
83c60c9f 1226
034c6ed7
LP		 1227 if (p->fd >= 0)
1228 continue;
83c60c9f 1229
00411a13
LP		 1230 switch (p->type) {
1231
1232 case SOCKET_SOCKET:
049f8642 1233
7f416dae
LP		 1234 if (!know_label) {
1235 /* Figure out label, if we don't it know
1236 * yet. We do it once, for the first
1237 * socket where we need this and
1238 * remember it for the rest. */
1239
1240 if (s->selinux_context_from_net) {
1241 /* Get it from the network label */
1242
1243 r = mac_selinux_get_our_label(&label);
75514a70 1244 if (r < 0 && r != -EOPNOTSUPP)
7f416dae 1245 goto rollback;
049f8642 1246
7f416dae
LP		 1247 } else {
1248 /* Get it from the executable we are about to start */
1249
1250 r = socket_instantiate_service(s);
1251 if (r < 0)
1252 goto rollback;
1253
1254 if (UNIT_ISSET(s->service) &&
1255 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1256 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
75514a70 1257 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
7f416dae
LP		 1258 goto rollback;
1259 }
189583d7 1260 }
049f8642
LP		 1261
1262 know_label = true;
1263 }
1264
175a3d25
LP		 1265 r = socket_address_listen(
1266 &p->address,
1267 SOCK_CLOEXEC|SOCK_NONBLOCK,
1268 s->backlog,
1269 s->bind_ipv6_only,
1270 s->bind_to_device,
54255c64 1271 s->reuse_port,
175a3d25
LP		 1272 s->free_bind,
1273 s->transparent,
1274 s->directory_mode,
1275 s->socket_mode,
1276 label);
1277 if (r < 0)
83c60c9f
LP		 1278 goto rollback;
1279
175a3d25 1280 p->fd = r;
4fd5948e 1281 socket_apply_socket_options(s, p->fd);
811ba7a0 1282 socket_symlink(s);
00411a13 1283 break;
4fd5948e 1284
00411a13 1285 case SOCKET_SPECIAL:
b0a3f2bc 1286
55301ec0 1287 p->fd = special_address_create(p->path, s->writable);
e8da24a6
LP		 1288 if (p->fd < 0) {
1289 r = p->fd;
b0a3f2bc 1290 goto rollback;
e8da24a6 1291 }
00411a13 1292 break;
b0a3f2bc 1293
00411a13 1294 case SOCKET_FIFO:
83c60c9f 1295
e8da24a6 1296 p->fd = fifo_address_create(
175a3d25
LP		 1297 p->path,
1298 s->directory_mode,
e8da24a6
LP		 1299 s->socket_mode);
1300 if (p->fd < 0) {
1301 r = p->fd;
83c60c9f 1302 goto rollback;
e8da24a6 1303 }
83c60c9f 1304
b15bdda8 1305 socket_apply_fifo_options(s, p->fd);
811ba7a0 1306 socket_symlink(s);
00411a13 1307 break;
811ba7a0 1308
00411a13 1309 case SOCKET_MQUEUE:
83c60c9f 1310
e8da24a6 1311 p->fd = mq_address_create(
175a3d25
LP		 1312 p->path,
1313 s->socket_mode,
1314 s->mq_maxmsg,
e8da24a6
LP		 1315 s->mq_msgsize);
1316 if (p->fd < 0) {
1317 r = p->fd;
916abb21 1318 goto rollback;
e8da24a6 1319 }
00411a13 1320 break;
e8da24a6 1321
00411a13 1322 case SOCKET_USB_FUNCTION:
60252446 1323
36078102 1324 p->fd = usbffs_address_create(p->path);
e8da24a6
LP		 1325 if (p->fd < 0) {
1326 r = p->fd;
60252446 1327 goto rollback;
e8da24a6 1328 }
60252446 1329
36078102 1330 r = usbffs_write_descs(p->fd, SERVICE(UNIT_DEREF(s->service)));
6b7e5923
PS		 1331 if (r < 0)
1332 goto rollback;
1333
36078102 1334 r = usbffs_dispatch_eps(p);
60252446
PS		 1335 if (r < 0)
1336 goto rollback;
00411a13
LP		 1337
1338 break;
1339
1340 default:
b15bdda8 1341 assert_not_reached("Unknown port type");
00411a13 1342 }
034c6ed7
LP		 1343 }
1344
1345 return 0;
1346
1347rollback:
1348 socket_close_fds(s);
1349 return r;
1350}
1351
1352static void socket_unwatch_fds(Socket *s) {
1353 SocketPort *p;
718db961 1354 int r;
9152c765 1355
034c6ed7
LP		 1356 assert(s);
1357
1358 LIST_FOREACH(port, p, s->ports) {
1359 if (p->fd < 0)
1360 continue;
1361
a4152e3f
LP		 1362 if (!p->event_source)
1363 continue;
1364
1365 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1366 if (r < 0)
f2341e0a 1367 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
83c60c9f 1368 }
034c6ed7
LP		 1369}
1370
1371static int socket_watch_fds(Socket *s) {
1372 SocketPort *p;
1373 int r;
1374
1375 assert(s);
83c60c9f 1376
034c6ed7
LP		 1377 LIST_FOREACH(port, p, s->ports) {
1378 if (p->fd < 0)
1379 continue;
1380
cbf60d0a 1381 if (p->event_source) {
718db961 1382 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
cbf60d0a
LP		 1383 if (r < 0)
1384 goto fail;
1385 } else {
151b9b96 1386 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
cbf60d0a
LP		 1387 if (r < 0)
1388 goto fail;
4f2d528d 1389
cbf60d0a 1390 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
718db961 1391 }
034c6ed7 1392 }
83c60c9f 1393
542563ba 1394 return 0;
83c60c9f 1395
034c6ed7 1396fail:
cbf60d0a 1397 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
034c6ed7
LP		 1398 socket_unwatch_fds(s);
1399 return r;
1400}
1401
1402static void socket_set_state(Socket *s, SocketState state) {
1403 SocketState old_state;
1404 assert(s);
1405
1406 old_state = s->state;
1407 s->state = state;
1408
bd1fe7c7
LP		 1409 if (!IN_SET(state,
1410 SOCKET_START_PRE,
3900e5fd 1411 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1412 SOCKET_START_POST,
1413 SOCKET_STOP_PRE,
1414 SOCKET_STOP_PRE_SIGTERM,
1415 SOCKET_STOP_PRE_SIGKILL,
1416 SOCKET_STOP_POST,
1417 SOCKET_FINAL_SIGTERM,
1418 SOCKET_FINAL_SIGKILL)) {
718db961
LP		 1419
1420 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
5e94833f 1421 socket_unwatch_control_pid(s);
034c6ed7 1422 s->control_command = NULL;
a16e1123 1423 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
e537352b 1424 }
034c6ed7 1425
a16e1123
LP		 1426 if (state != SOCKET_LISTENING)
1427 socket_unwatch_fds(s);
1428
bd1fe7c7 1429 if (!IN_SET(state,
3900e5fd 1430 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1431 SOCKET_START_POST,
1432 SOCKET_LISTENING,
1433 SOCKET_RUNNING,
1434 SOCKET_STOP_PRE,
1435 SOCKET_STOP_PRE_SIGTERM,
1436 SOCKET_STOP_PRE_SIGKILL))
034c6ed7
LP		 1437 socket_close_fds(s);
1438
e537352b 1439 if (state != old_state)
f2341e0a 1440 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
acbb0225 1441
e2f3b44c 1442 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
034c6ed7
LP		 1443}
1444
be847e82 1445static int socket_coldplug(Unit *u) {
a16e1123
LP		 1446 Socket *s = SOCKET(u);
1447 int r;
1448
1449 assert(s);
1450 assert(s->state == SOCKET_DEAD);
1451
e821075a
LP		 1452 if (s->deserialized_state == s->state)
1453 return 0;
a16e1123 1454
3900e5fd
LP		 1455 if (IN_SET(s->deserialized_state,
1456 SOCKET_START_PRE,
1457 SOCKET_START_CHOWN,
1458 SOCKET_START_POST,
1459 SOCKET_STOP_PRE,
1460 SOCKET_STOP_PRE_SIGTERM,
1461 SOCKET_STOP_PRE_SIGKILL,
1462 SOCKET_STOP_POST,
1463 SOCKET_FINAL_SIGTERM,
1464 SOCKET_FINAL_SIGKILL)) {
a16e1123 1465
e821075a
LP		 1466 if (s->control_pid <= 0)
1467 return -EBADMSG;
a16e1123 1468
e821075a
LP		 1469 r = unit_watch_pid(UNIT(s), s->control_pid);
1470 if (r < 0)
1471 return r;
a16e1123 1472
e821075a
LP		 1473 r = socket_arm_timer(s);
1474 if (r < 0)
1475 return r;
1476 }
a16e1123 1477
3900e5fd
LP		 1478 if (IN_SET(s->deserialized_state,
1479 SOCKET_START_CHOWN,
1480 SOCKET_START_POST,
1481 SOCKET_LISTENING,
1482 SOCKET_RUNNING,
1483 SOCKET_STOP_PRE,
1484 SOCKET_STOP_PRE_SIGTERM,
1485 SOCKET_STOP_PRE_SIGKILL)) {
e821075a
LP		 1486 r = socket_open_fds(s);
1487 if (r < 0)
1488 return r;
1489 }
a16e1123 1490
e821075a
LP		 1491 if (s->deserialized_state == SOCKET_LISTENING) {
1492 r = socket_watch_fds(s);
1493 if (r < 0)
1494 return r;
a16e1123
LP		 1495 }
1496
e821075a 1497 socket_set_state(s, s->deserialized_state);
a16e1123
LP		 1498 return 0;
1499}
1500
e537352b 1501static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
3900e5fd 1502 _cleanup_free_ char **argv = NULL;
034c6ed7
LP		 1503 pid_t pid;
1504 int r;
9fa95f85
DM		 1505 ExecParameters exec_params = {
1506 .apply_permissions = true,
1507 .apply_chroot = true,
1508 .apply_tty_stdin = true,
6f856a09 1509 .bus_endpoint_fd = -1,
a34ceba6
LP		 1510 .stdin_fd = -1,
1511 .stdout_fd = -1,
1512 .stderr_fd = -1,
9fa95f85 1513 };
034c6ed7
LP		 1514
1515 assert(s);
1516 assert(c);
1517 assert(_pid);
1518
5ad096b3
LP		 1519 (void) unit_realize_cgroup(UNIT(s));
1520 if (s->reset_cpu_usage) {
1521 (void) unit_reset_cpu_usage(UNIT(s));
1522 s->reset_cpu_usage = false;
1523 }
4ad49000 1524
613b411c
LP		 1525 r = unit_setup_exec_runtime(UNIT(s));
1526 if (r < 0)
1527 goto fail;
1528
718db961 1529 r = socket_arm_timer(s);
36697dc0 1530 if (r < 0)
e537352b 1531 goto fail;
034c6ed7 1532
19f6d710
LP		 1533 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1534 if (r < 0)
9e2f7c11 1535 goto fail;
9e2f7c11 1536
9fa95f85
DM		 1537 exec_params.argv = argv;
1538 exec_params.environment = UNIT(s)->manager->environment;
1539 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1540 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1541 exec_params.cgroup_path = UNIT(s)->cgroup_path;
a931ad47 1542 exec_params.cgroup_delegate = s->cgroup_context.delegate;
9fa95f85 1543 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
9fa95f85 1544
f2341e0a
LP		 1545 r = exec_spawn(UNIT(s),
1546 c,
9e2f7c11 1547 &s->exec_context,
9fa95f85 1548 &exec_params,
613b411c 1549 s->exec_runtime,
9e2f7c11 1550 &pid);
cee288ad
TA		 1551 if (r < 0)
1552 goto fail;
9e2f7c11 1553
3900e5fd 1554 r = unit_watch_pid(UNIT(s), pid);
9e2f7c11 1555 if (r < 0)
3900e5fd 1556 /* FIXME: we need to do something here */
034c6ed7
LP		 1557 goto fail;
1558
3900e5fd
LP		 1559 *_pid = pid;
1560 return 0;
1561
1562fail:
1563 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1564 return r;
1565}
1566
1567static int socket_chown(Socket *s, pid_t *_pid) {
1568 pid_t pid;
1569 int r;
1570
1571 r = socket_arm_timer(s);
1572 if (r < 0)
1573 goto fail;
1574
1575 /* We have to resolve the user names out-of-process, hence
1576 * let's fork here. It's messy, but well, what can we do? */
1577
1578 pid = fork();
1579 if (pid < 0)
1580 return -errno;
1581
1582 if (pid == 0) {
1583 SocketPort *p;
fed1e721
LP		 1584 uid_t uid = UID_INVALID;
1585 gid_t gid = GID_INVALID;
3900e5fd
LP		 1586 int ret;
1587
ce30c8dc
LP		 1588 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1589 (void) ignore_signals(SIGPIPE, -1);
3900e5fd
LP		 1590 log_forget_fds();
1591
1592 if (!isempty(s->user)) {
1593 const char *user = s->user;
1594
1595 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1596 if (r < 0) {
1597 ret = EXIT_USER;
1598 goto fail_child;
1599 }
1600 }
1601
1602 if (!isempty(s->group)) {
1603 const char *group = s->group;
1604
1605 r = get_group_creds(&group, &gid);
1606 if (r < 0) {
1607 ret = EXIT_GROUP;
1608 goto fail_child;
1609 }
1610 }
1611
1612 LIST_FOREACH(port, p, s->ports) {
e5a1c18d 1613 const char *path = NULL;
3900e5fd
LP		 1614
1615 if (p->type == SOCKET_SOCKET)
1616 path = socket_address_get_path(&p->address);
1617 else if (p->type == SOCKET_FIFO)
1618 path = p->path;
1619
1620 if (!path)
1621 continue;
1622
1623 if (chown(path, uid, gid) < 0) {
1624 r = -errno;
1625 ret = EXIT_CHOWN;
1626 goto fail_child;
1627 }
1628 }
1629
1630 _exit(0);
1631
1632 fail_child:
1633 log_open();
da927ba9 1634 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
3900e5fd
LP		 1635
1636 _exit(ret);
1637 }
1638
718db961
LP		 1639 r = unit_watch_pid(UNIT(s), pid);
1640 if (r < 0)
034c6ed7 1641 goto fail;
83c60c9f 1642
034c6ed7 1643 *_pid = pid;
034c6ed7
LP		 1644 return 0;
1645
1646fail:
718db961 1647 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
83c60c9f 1648 return r;
542563ba
LP		 1649}
1650
cfc4eb4c 1651static void socket_enter_dead(Socket *s, SocketResult f) {
034c6ed7
LP		 1652 assert(s);
1653
cfc4eb4c
LP		 1654 if (f != SOCKET_SUCCESS)
1655 s->result = f;
034c6ed7 1656
613b411c
LP		 1657 exec_runtime_destroy(s->exec_runtime);
1658 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1659
e66cf1a3
LP		 1660 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1661
cfc4eb4c 1662 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
034c6ed7
LP		 1663}
1664
cfc4eb4c 1665static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
80876c20 1666
cfc4eb4c 1667static void socket_enter_stop_post(Socket *s, SocketResult f) {
034c6ed7
LP		 1668 int r;
1669 assert(s);
1670
cfc4eb4c
LP		 1671 if (f != SOCKET_SUCCESS)
1672 s->result = f;
034c6ed7 1673
5e94833f 1674 socket_unwatch_control_pid(s);
a16e1123 1675 s->control_command_id = SOCKET_EXEC_STOP_POST;
3900e5fd 1676 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
a16e1123 1677
3900e5fd
LP		 1678 if (s->control_command) {
1679 r = socket_spawn(s, s->control_command, &s->control_pid);
1680 if (r < 0)
034c6ed7
LP		 1681 goto fail;
1682
80876c20
LP		 1683 socket_set_state(s, SOCKET_STOP_POST);
1684 } else
cfc4eb4c 1685 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
034c6ed7
LP		 1686
1687 return;
1688
1689fail:
f2341e0a 1690 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
cfc4eb4c 1691 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1692}
1693
cfc4eb4c 1694static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
034c6ed7
LP		 1695 int r;
1696
1697 assert(s);
1698
cfc4eb4c
LP		 1699 if (f != SOCKET_SUCCESS)
1700 s->result = f;
034c6ed7 1701
cd2086fe
LP		 1702 r = unit_kill_context(
1703 UNIT(s),
1704 &s->kill_context,
db2cb23b
UTL		 1705 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1706 KILL_KILL : KILL_TERMINATE,
cd2086fe
LP		 1707 -1,
1708 s->control_pid,
1709 false);
1710 if (r < 0)
1711 goto fail;
034c6ed7 1712
cd2086fe 1713 if (r > 0) {
718db961 1714 r = socket_arm_timer(s);
36697dc0 1715 if (r < 0)
80876c20 1716 goto fail;
d6ea93e3 1717
80876c20 1718 socket_set_state(s, state);
ac84d1fb
LP		 1719 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1720 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1721 else if (state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1722 socket_enter_stop_post(s, SOCKET_SUCCESS);
ac84d1fb
LP		 1723 else if (state == SOCKET_FINAL_SIGTERM)
1724 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
80876c20 1725 else
cfc4eb4c 1726 socket_enter_dead(s, SOCKET_SUCCESS);
034c6ed7
LP		 1727
1728 return;
1729
1730fail:
f2341e0a 1731 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
034c6ed7
LP		 1732
1733 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1734 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1735 else
cfc4eb4c 1736 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1737}
1738
cfc4eb4c 1739static void socket_enter_stop_pre(Socket *s, SocketResult f) {
034c6ed7
LP		 1740 int r;
1741 assert(s);
1742
cfc4eb4c
LP		 1743 if (f != SOCKET_SUCCESS)
1744 s->result = f;
034c6ed7 1745
5e94833f 1746 socket_unwatch_control_pid(s);
a16e1123 1747 s->control_command_id = SOCKET_EXEC_STOP_PRE;
3900e5fd 1748 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
a16e1123 1749
3900e5fd
LP		 1750 if (s->control_command) {
1751 r = socket_spawn(s, s->control_command, &s->control_pid);
1752 if (r < 0)
034c6ed7
LP		 1753 goto fail;
1754
80876c20
LP		 1755 socket_set_state(s, SOCKET_STOP_PRE);
1756 } else
cfc4eb4c 1757 socket_enter_stop_post(s, SOCKET_SUCCESS);
034c6ed7
LP		 1758
1759 return;
1760
1761fail:
f2341e0a 1762 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
cfc4eb4c 1763 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1764}
1765
e9af15c3
LP		 1766static void socket_enter_listening(Socket *s) {
1767 int r;
1768 assert(s);
1769
cfc4eb4c
LP		 1770 r = socket_watch_fds(s);
1771 if (r < 0) {
f2341e0a 1772 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
e9af15c3
LP		 1773 goto fail;
1774 }
1775
1776 socket_set_state(s, SOCKET_LISTENING);
1777 return;
1778
1779fail:
cfc4eb4c 1780 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
e9af15c3
LP		 1781}
1782
034c6ed7
LP		 1783static void socket_enter_start_post(Socket *s) {
1784 int r;
1785 assert(s);
1786
3900e5fd
LP		 1787 socket_unwatch_control_pid(s);
1788 s->control_command_id = SOCKET_EXEC_START_POST;
1789 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1790
1791 if (s->control_command) {
1792 r = socket_spawn(s, s->control_command, &s->control_pid);
1793 if (r < 0) {
f2341e0a 1794 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
3900e5fd
LP		 1795 goto fail;
1796 }
1797
1798 socket_set_state(s, SOCKET_START_POST);
1799 } else
1800 socket_enter_listening(s);
1801
1802 return;
1803
1804fail:
1805 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1806}
1807
1808static void socket_enter_start_chown(Socket *s) {
1809 int r;
1810
1811 assert(s);
1812
cfc4eb4c
LP		 1813 r = socket_open_fds(s);
1814 if (r < 0) {
f2341e0a 1815 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
034c6ed7
LP		 1816 goto fail;
1817 }
1818
3900e5fd 1819 if (!isempty(s->user) || !isempty(s->group)) {
5e94833f 1820
3900e5fd
LP		 1821 socket_unwatch_control_pid(s);
1822 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1823 s->control_command = NULL;
a16e1123 1824
3900e5fd 1825 r = socket_chown(s, &s->control_pid);
cfc4eb4c 1826 if (r < 0) {
f2341e0a 1827 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
034c6ed7
LP		 1828 goto fail;
1829 }
1830
3900e5fd 1831 socket_set_state(s, SOCKET_START_CHOWN);
80876c20 1832 } else
3900e5fd 1833 socket_enter_start_post(s);
034c6ed7
LP		 1834
1835 return;
1836
1837fail:
cfc4eb4c 1838 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1839}
1840
1841static void socket_enter_start_pre(Socket *s) {
1842 int r;
1843 assert(s);
1844
5e94833f 1845 socket_unwatch_control_pid(s);
a16e1123 1846 s->control_command_id = SOCKET_EXEC_START_PRE;
3900e5fd 1847 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
a16e1123 1848
3900e5fd 1849 if (s->control_command) {
e821075a 1850 r = socket_spawn(s, s->control_command, &s->control_pid);
3900e5fd 1851 if (r < 0) {
f2341e0a 1852 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
034c6ed7 1853 goto fail;
3900e5fd 1854 }
034c6ed7 1855
80876c20
LP		 1856 socket_set_state(s, SOCKET_START_PRE);
1857 } else
3900e5fd 1858 socket_enter_start_chown(s);
034c6ed7
LP		 1859
1860 return;
1861
1862fail:
cfc4eb4c 1863 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1864}
1865
4f2d528d 1866static void socket_enter_running(Socket *s, int cfd) {
718db961 1867 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
034c6ed7
LP		 1868 int r;
1869
1870 assert(s);
1871
ba3e67a7
LP		 1872 /* We don't take connections anymore if we are supposed to
1873 * shut down anyway */
31afa0a4 1874 if (unit_stop_pending(UNIT(s))) {
e821075a 1875
f2341e0a 1876 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
5d909e3e 1877
7c610628 1878 if (cfd >= 0)
03e334a1 1879 safe_close(cfd);
7c610628
LP		 1880 else {
1881 /* Flush all sockets by closing and reopening them */
1882 socket_close_fds(s);
1883
16ac4014
LP		 1884 r = socket_open_fds(s);
1885 if (r < 0) {
f2341e0a 1886 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
16ac4014
LP		 1887 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1888 return;
1889 }
1890
1a710b43
MS		 1891 r = socket_watch_fds(s);
1892 if (r < 0) {
f2341e0a 1893 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
cfc4eb4c 1894 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
7c610628
LP		 1895 }
1896 }
1897
ba3e67a7
LP		 1898 return;
1899 }
1900
4f2d528d 1901 if (cfd < 0) {
57020a3a 1902 Iterator i;
e821075a 1903 Unit *other;
f976f3f6 1904 bool pending = false;
f976f3f6
LP		 1905
1906 /* If there's already a start pending don't bother to
1907 * do anything */
e821075a
LP		 1908 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1909 if (unit_active_or_pending(other)) {
57020a3a
LP		 1910 pending = true;
1911 break;
1912 }
f976f3f6 1913
1a710b43 1914 if (!pending) {
640ace4a 1915 if (!UNIT_ISSET(s->service)) {
f2341e0a 1916 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
640ace4a
LP		 1917 r = -ENOENT;
1918 goto fail;
1919 }
1920
1a710b43
MS		 1921 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1922 if (r < 0)
f976f3f6 1923 goto fail;
1a710b43 1924 }
4f2d528d
LP		 1925
1926 socket_set_state(s, SOCKET_RUNNING);
1927 } else {
e55001eb 1928 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
b15bdda8 1929 Service *service;
4f2d528d 1930
6cf6bbc2 1931 if (s->n_connections >= s->max_connections) {
f2341e0a 1932 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
03e334a1 1933 safe_close(cfd);
6cf6bbc2
LP		 1934 return;
1935 }
1936
1a710b43
MS		 1937 r = socket_instantiate_service(s);
1938 if (r < 0)
b15bdda8
LP		 1939 goto fail;
1940
1a710b43
MS		 1941 r = instance_from_socket(cfd, s->n_accepted, &instance);
1942 if (r < 0) {
1943 if (r != -ENOTCONN)
1944 goto fail;
1945
1946 /* ENOTCONN is legitimate if TCP RST was received.
1947 * This connection is over, but the socket unit lives on. */
03e334a1 1948 safe_close(cfd);
1a710b43
MS		 1949 return;
1950 }
4f2d528d 1951
7410616c
LP		 1952 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1953 if (r < 0)
4f2d528d 1954 goto fail;
4f2d528d 1955
7410616c
LP		 1956 r = unit_name_build(prefix, instance, ".service", &name);
1957 if (r < 0)
b6dbbe1c 1958 goto fail;
4f2d528d 1959
1a710b43 1960 r = unit_add_name(UNIT_DEREF(s->service), name);
e55001eb 1961 if (r < 0)
4f2d528d 1962 goto fail;
b15bdda8 1963
57020a3a
LP		 1964 service = SERVICE(UNIT_DEREF(s->service));
1965 unit_ref_unset(&s->service);
b15bdda8 1966 s->n_accepted ++;
4f2d528d 1967
1124fe6f 1968 UNIT(service)->no_gc = false;
6c073082 1969
b15bdda8 1970 unit_choose_id(UNIT(service), name);
b15bdda8 1971
16115b0a 1972 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1a710b43 1973 if (r < 0)
4f2d528d
LP		 1974 goto fail;
1975
1976 cfd = -1;
6cf6bbc2
LP		 1977 s->n_connections ++;
1978
1a710b43
MS		 1979 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1980 if (r < 0)
4f2d528d 1981 goto fail;
c4e2ceae
LP		 1982
1983 /* Notify clients about changed counters */
1984 unit_add_to_dbus_queue(UNIT(s));
4f2d528d 1985 }
034c6ed7 1986
034c6ed7
LP		 1987 return;
1988
1989fail:
f2341e0a
LP		 1990 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1991 cfd >= 0 ? "template" : "non-template",
718db961 1992 bus_error_message(&error, r));
e821075a 1993
60089004 1994 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
03e334a1 1995 safe_close(cfd);
034c6ed7
LP		 1996}
1997
cfc4eb4c 1998static void socket_run_next(Socket *s) {
034c6ed7
LP		 1999 int r;
2000
2001 assert(s);
2002 assert(s->control_command);
2003 assert(s->control_command->command_next);
2004
5e94833f
LP		 2005 socket_unwatch_control_pid(s);
2006
034c6ed7
LP		 2007 s->control_command = s->control_command->command_next;
2008
e821075a
LP		 2009 r = socket_spawn(s, s->control_command, &s->control_pid);
2010 if (r < 0)
034c6ed7
LP		 2011 goto fail;
2012
2013 return;
2014
2015fail:
f2341e0a 2016 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
80876c20
LP		 2017
2018 if (s->state == SOCKET_START_POST)
cfc4eb4c 2019 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 2020 else if (s->state == SOCKET_STOP_POST)
cfc4eb4c 2021 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 2022 else
cfc4eb4c 2023 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 2024}
2025
87f0e418
LP		 2026static int socket_start(Unit *u) {
2027 Socket *s = SOCKET(u);
83c60c9f
LP		 2028
2029 assert(s);
2030
034c6ed7
LP		 2031 /* We cannot fulfill this request right now, try again later
2032 * please! */
3900e5fd
LP		 2033 if (IN_SET(s->state,
2034 SOCKET_STOP_PRE,
2035 SOCKET_STOP_PRE_SIGKILL,
2036 SOCKET_STOP_PRE_SIGTERM,
2037 SOCKET_STOP_POST,
2038 SOCKET_FINAL_SIGTERM,
2039 SOCKET_FINAL_SIGKILL))
034c6ed7
LP		 2040 return -EAGAIN;
2041
a4152e3f 2042 /* Already on it! */
3900e5fd
LP		 2043 if (IN_SET(s->state,
2044 SOCKET_START_PRE,
2045 SOCKET_START_CHOWN,
2046 SOCKET_START_POST))
034c6ed7 2047 return 0;
83c60c9f 2048
034c6ed7 2049 /* Cannot run this without the service being around */
9444b1f2 2050 if (UNIT_ISSET(s->service)) {
57020a3a
LP		 2051 Service *service;
2052
2053 service = SERVICE(UNIT_DEREF(s->service));
2054
1124fe6f 2055 if (UNIT(service)->load_state != UNIT_LOADED) {
f2341e0a 2056 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
4f2d528d 2057 return -ENOENT;
4ac9236f 2058 }
4f2d528d 2059
35b8ca3a 2060 /* If the service is already active we cannot start the
4f2d528d 2061 * socket */
57020a3a
LP		 2062 if (service->state != SERVICE_DEAD &&
2063 service->state != SERVICE_FAILED &&
2064 service->state != SERVICE_AUTO_RESTART) {
f2341e0a 2065 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
4f2d528d 2066 return -EBUSY;
4ac9236f 2067 }
4f2d528d 2068 }
e537352b 2069
fdf20a31 2070 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
83c60c9f 2071
cfc4eb4c 2072 s->result = SOCKET_SUCCESS;
5ad096b3
LP		 2073 s->reset_cpu_usage = true;
2074
034c6ed7 2075 socket_enter_start_pre(s);
e821075a 2076
82a2b6bb 2077 return 1;
034c6ed7 2078}
83c60c9f 2079
87f0e418
LP		 2080static int socket_stop(Unit *u) {
2081 Socket *s = SOCKET(u);
034c6ed7
LP		 2082
2083 assert(s);
2084
e537352b 2085 /* Already on it */
3900e5fd
LP		 2086 if (IN_SET(s->state,
2087 SOCKET_STOP_PRE,
2088 SOCKET_STOP_PRE_SIGTERM,
2089 SOCKET_STOP_PRE_SIGKILL,
2090 SOCKET_STOP_POST,
2091 SOCKET_FINAL_SIGTERM,
2092 SOCKET_FINAL_SIGKILL))
e537352b
LP		 2093 return 0;
2094
3f6c78dc
LP		 2095 /* If there's already something running we go directly into
2096 * kill mode. */
3900e5fd
LP		 2097 if (IN_SET(s->state,
2098 SOCKET_START_PRE,
2099 SOCKET_START_CHOWN,
2100 SOCKET_START_POST)) {
cfc4eb4c 2101 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
3f6c78dc
LP		 2102 return -EAGAIN;
2103 }
2104
034c6ed7 2105 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
83c60c9f 2106
cfc4eb4c 2107 socket_enter_stop_pre(s, SOCKET_SUCCESS);
82a2b6bb 2108 return 1;
542563ba
LP		 2109}
2110
a16e1123
LP		 2111static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2112 Socket *s = SOCKET(u);
2113 SocketPort *p;
2114 int r;
2115
2116 assert(u);
2117 assert(f);
2118 assert(fds);
2119
2120 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
cfc4eb4c 2121 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
a16e1123
LP		 2122 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2123
2124 if (s->control_pid > 0)
de0671ee 2125 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
a16e1123
LP		 2126
2127 if (s->control_command_id >= 0)
2128 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2129
2130 LIST_FOREACH(port, p, s->ports) {
2131 int copy;
2132
2133 if (p->fd < 0)
2134 continue;
2135
613b411c
LP		 2136 copy = fdset_put_dup(fds, p->fd);
2137 if (copy < 0)
a16e1123
LP		 2138 return copy;
2139
2140 if (p->type == SOCKET_SOCKET) {
613b411c 2141 _cleanup_free_ char *t = NULL;
a16e1123 2142
ee092817
LP		 2143 r = socket_address_print(&p->address, &t);
2144 if (r < 0)
a16e1123
LP		 2145 return r;
2146
7a22745a
LP		 2147 if (socket_address_family(&p->address) == AF_NETLINK)
2148 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2149 else
2150 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
613b411c 2151
b0a3f2bc
LP		 2152 } else if (p->type == SOCKET_SPECIAL)
2153 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
ee092817
LP		 2154 else if (p->type == SOCKET_MQUEUE)
2155 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
60252446
PS		 2156 else if (p->type == SOCKET_USB_FUNCTION)
2157 unit_serialize_item_format(u, f, "ffs", "%i %s", copy, p->path);
b0a3f2bc 2158 else {
a16e1123
LP		 2159 assert(p->type == SOCKET_FIFO);
2160 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2161 }
2162 }
2163
2164 return 0;
2165}
2166
2167static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2168 Socket *s = SOCKET(u);
a16e1123
LP		 2169
2170 assert(u);
2171 assert(key);
2172 assert(value);
a16e1123
LP		 2173
2174 if (streq(key, "state")) {
2175 SocketState state;
2176
ee092817
LP		 2177 state = socket_state_from_string(value);
2178 if (state < 0)
f2341e0a 2179 log_unit_debug(u, "Failed to parse state value: %s", value);
a16e1123
LP		 2180 else
2181 s->deserialized_state = state;
cfc4eb4c
LP		 2182 } else if (streq(key, "result")) {
2183 SocketResult f;
a16e1123 2184
cfc4eb4c
LP		 2185 f = socket_result_from_string(value);
2186 if (f < 0)
f2341e0a 2187 log_unit_debug(u, "Failed to parse result value: %s", value);
cfc4eb4c
LP		 2188 else if (f != SOCKET_SUCCESS)
2189 s->result = f;
a16e1123
LP		 2190
2191 } else if (streq(key, "n-accepted")) {
2192 unsigned k;
2193
e364ad06 2194 if (safe_atou(value, &k) < 0)
f2341e0a 2195 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
a16e1123
LP		 2196 else
2197 s->n_accepted += k;
2198 } else if (streq(key, "control-pid")) {
5925dd3c 2199 pid_t pid;
a16e1123 2200
e364ad06 2201 if (parse_pid(value, &pid) < 0)
f2341e0a 2202 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
a16e1123 2203 else
5925dd3c 2204 s->control_pid = pid;
a16e1123
LP		 2205 } else if (streq(key, "control-command")) {
2206 SocketExecCommand id;
2207
66870f90
ZJS		 2208 id = socket_exec_command_from_string(value);
2209 if (id < 0)
f2341e0a 2210 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
a16e1123
LP		 2211 else {
2212 s->control_command_id = id;
2213 s->control_command = s->exec_command[id];
2214 }
2215 } else if (streq(key, "fifo")) {
2216 int fd, skip = 0;
2217 SocketPort *p;
2218
2219 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2220 log_unit_debug(u, "Failed to parse fifo value: %s", value);
a16e1123
LP		 2221 else {
2222
2223 LIST_FOREACH(port, p, s->ports)
b0a3f2bc 2224 if (p->type == SOCKET_FIFO &&
c78e47a6 2225 path_equal_or_files_same(p->path, value+skip))
b0a3f2bc
LP		 2226 break;
2227
2228 if (p) {
03e334a1 2229 safe_close(p->fd);
b0a3f2bc
LP		 2230 p->fd = fdset_remove(fds, fd);
2231 }
2232 }
2233
2234 } else if (streq(key, "special")) {
2235 int fd, skip = 0;
2236 SocketPort *p;
2237
2238 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2239 log_unit_debug(u, "Failed to parse special value: %s", value);
b0a3f2bc
LP		 2240 else {
2241
2242 LIST_FOREACH(port, p, s->ports)
2243 if (p->type == SOCKET_SPECIAL &&
c78e47a6 2244 path_equal_or_files_same(p->path, value+skip))
a16e1123
LP		 2245 break;
2246
2247 if (p) {
03e334a1 2248 safe_close(p->fd);
a16e1123
LP		 2249 p->fd = fdset_remove(fds, fd);
2250 }
2251 }
2252
ee092817
LP		 2253 } else if (streq(key, "mqueue")) {
2254 int fd, skip = 0;
2255 SocketPort *p;
2256
2257 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2258 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
ee092817
LP		 2259 else {
2260
2261 LIST_FOREACH(port, p, s->ports)
2262 if (p->type == SOCKET_MQUEUE &&
c78e47a6 2263 streq(p->path, value+skip))
ee092817
LP		 2264 break;
2265
2266 if (p) {
03e334a1 2267 safe_close(p->fd);
ee092817
LP		 2268 p->fd = fdset_remove(fds, fd);
2269 }
2270 }
2271
a16e1123 2272 } else if (streq(key, "socket")) {
27ca8d7a 2273 int fd, type, skip = 0;
a16e1123
LP		 2274 SocketPort *p;
2275
27ca8d7a 2276 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
f2341e0a 2277 log_unit_debug(u, "Failed to parse socket value: %s", value);
a16e1123
LP		 2278 else {
2279
2280 LIST_FOREACH(port, p, s->ports)
27ca8d7a 2281 if (socket_address_is(&p->address, value+skip, type))
a16e1123
LP		 2282 break;
2283
2284 if (p) {
03e334a1 2285 safe_close(p->fd);
a16e1123
LP		 2286 p->fd = fdset_remove(fds, fd);
2287 }
2288 }
2289
7a22745a
LP		 2290 } else if (streq(key, "netlink")) {
2291 int fd, skip = 0;
2292 SocketPort *p;
2293
2294 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2295 log_unit_debug(u, "Failed to parse socket value: %s", value);
7a22745a
LP		 2296 else {
2297
2298 LIST_FOREACH(port, p, s->ports)
2299 if (socket_address_is_netlink(&p->address, value+skip))
2300 break;
2301
2302 if (p) {
03e334a1 2303 safe_close(p->fd);
7a22745a
LP		 2304 p->fd = fdset_remove(fds, fd);
2305 }
2306 }
60252446
PS		 2307
2308 } else if (streq(key, "ffs")) {
2309 int fd, skip = 0;
2310 SocketPort *p;
2311
2312 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2313 log_unit_debug(u, "Failed to parse ffs value: %s", value);
2314 else {
2315
2316 LIST_FOREACH(port, p, s->ports)
2317 if (p->type == SOCKET_USB_FUNCTION &&
2318 path_equal_or_files_same(p->path, value+skip))
2319 break;
2320
2321 if (p) {
2322 safe_close(p->fd);
2323 p->fd = fdset_remove(fds, fd);
2324 }
2325 }
2326
a16e1123 2327 } else
f2341e0a 2328 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
a16e1123
LP		 2329
2330 return 0;
2331}
2332
01e10de3
LP		 2333static int socket_distribute_fds(Unit *u, FDSet *fds) {
2334 Socket *s = SOCKET(u);
2335 SocketPort *p;
2336
2337 assert(u);
2338
2339 LIST_FOREACH(port, p, s->ports) {
2340 Iterator i;
2341 int fd;
2342
2343 if (p->type != SOCKET_SOCKET)
2344 continue;
2345
2346 if (p->fd >= 0)
2347 continue;
2348
2349 FDSET_FOREACH(fd, fds, i) {
2350 if (socket_address_matches_fd(&p->address, fd)) {
2351 p->fd = fdset_remove(fds, fd);
2352 s->deserialized_state = SOCKET_LISTENING;
2353 break;
2354 }
2355 }
2356 }
2357
2358 return 0;
2359}
2360
44a6b1b6 2361_pure_ static UnitActiveState socket_active_state(Unit *u) {
87f0e418 2362 assert(u);
5cb5a6ff 2363
acbb0225 2364 return state_translation_table[SOCKET(u)->state];
5cb5a6ff
LP		 2365}
2366
44a6b1b6 2367_pure_ static const char *socket_sub_state_to_string(Unit *u) {
10a94420
LP		 2368 assert(u);
2369
a16e1123 2370 return socket_state_to_string(SOCKET(u)->state);
10a94420
LP		 2371}
2372
67419600
OS		 2373const char* socket_port_type_to_string(SocketPort *p) {
2374
2375 assert(p);
2376
2377 switch (p->type) {
718db961
LP		 2378
2379 case SOCKET_SOCKET:
2380
2381 switch (p->address.type) {
2382
2383 case SOCK_STREAM:
2384 return "Stream";
2385
2386 case SOCK_DGRAM:
2387 return "Datagram";
2388
2389 case SOCK_SEQPACKET:
2390 return "SequentialPacket";
2391
2392 case SOCK_RAW:
2393 if (socket_address_family(&p->address) == AF_NETLINK)
2394 return "Netlink";
2395
2396 default:
2397 return NULL;
2398 }
2399
2400 case SOCKET_SPECIAL:
2401 return "Special";
2402
2403 case SOCKET_MQUEUE:
2404 return "MessageQueue";
2405
2406 case SOCKET_FIFO:
2407 return "FIFO";
2408
60252446
PS		 2409 case SOCKET_USB_FUNCTION:
2410 return "USBFunction";
2411
718db961
LP		 2412 default:
2413 return NULL;
67419600
OS		 2414 }
2415}
2416
44a6b1b6 2417_pure_ static bool socket_check_gc(Unit *u) {
6cf6bbc2
LP		 2418 Socket *s = SOCKET(u);
2419
2420 assert(u);
2421
2422 return s->n_connections > 0;
2423}
2424
718db961
LP		 2425static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2426 SocketPort *p = userdata;
4f2d528d 2427 int cfd = -1;
9152c765 2428
718db961 2429 assert(p);
8d567588 2430 assert(fd >= 0);
9152c765 2431
718db961
LP		 2432 if (p->socket->state != SOCKET_LISTENING)
2433 return 0;
871d7de4 2434
f2341e0a 2435 log_unit_debug(UNIT(p->socket), "Incoming traffic");
9152c765 2436
718db961 2437 if (revents != EPOLLIN) {
641e01dc 2438
718db961 2439 if (revents & EPOLLHUP)
f2341e0a 2440 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
641e01dc 2441 else
f2341e0a 2442 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
8d567588 2443 goto fail;
4f2d528d
LP		 2444 }
2445
718db961
LP		 2446 if (p->socket->accept &&
2447 p->type == SOCKET_SOCKET &&
2448 socket_address_can_accept(&p->address)) {
2449
4f2d528d
LP		 2450 for (;;) {
2451
b14eda96
LP		 2452 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2453 if (cfd < 0) {
4f2d528d
LP		 2454
2455 if (errno == EINTR)
2456 continue;
2457
f2341e0a 2458 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
8d567588 2459 goto fail;
4f2d528d
LP		 2460 }
2461
2462 break;
2463 }
4fd5948e 2464
718db961 2465 socket_apply_socket_options(p->socket, cfd);
4f2d528d 2466 }
9152c765 2467
718db961
LP		 2468 socket_enter_running(p->socket, cfd);
2469 return 0;
8d567588
LP		 2470
2471fail:
718db961
LP		 2472 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2473 return 0;
9152c765
LP		 2474}
2475
87f0e418
LP		 2476static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2477 Socket *s = SOCKET(u);
cfc4eb4c 2478 SocketResult f;
5cb5a6ff
LP		 2479
2480 assert(s);
034c6ed7 2481 assert(pid >= 0);
5cb5a6ff 2482
8c47c732
LP		 2483 if (pid != s->control_pid)
2484 return;
542563ba 2485
034c6ed7
LP		 2486 s->control_pid = 0;
2487
96342de6 2488 if (is_clean_exit(code, status, NULL))
cfc4eb4c
LP		 2489 f = SOCKET_SUCCESS;
2490 else if (code == CLD_EXITED)
2491 f = SOCKET_FAILURE_EXIT_CODE;
2492 else if (code == CLD_KILLED)
2493 f = SOCKET_FAILURE_SIGNAL;
2494 else if (code == CLD_DUMPED)
2495 f = SOCKET_FAILURE_CORE_DUMP;
2496 else
a4152e3f 2497 assert_not_reached("Unknown sigchld code");
8c47c732 2498
b708e7ce 2499 if (s->control_command) {
6ea832a2 2500 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
a16e1123 2501
b708e7ce 2502 if (s->control_command->ignore)
cfc4eb4c 2503 f = SOCKET_SUCCESS;
b708e7ce
LP		 2504 }
2505
f2341e0a
LP		 2506 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2507 "Control process exited, code=%s status=%i",
2508 sigchld_code_to_string(code), status);
034c6ed7 2509
cfc4eb4c
LP		 2510 if (f != SOCKET_SUCCESS)
2511 s->result = f;
2512
2513 if (s->control_command &&
2514 s->control_command->command_next &&
2515 f == SOCKET_SUCCESS) {
2516
f2341e0a 2517 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
cfc4eb4c 2518 socket_run_next(s);
acbb0225 2519 } else {
a16e1123
LP		 2520 s->control_command = NULL;
2521 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2522
034c6ed7
LP		 2523 /* No further commands for this step, so let's figure
2524 * out what to do next */
5cb5a6ff 2525
f2341e0a 2526 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
acbb0225 2527
034c6ed7
LP		 2528 switch (s->state) {
2529
2530 case SOCKET_START_PRE:
cfc4eb4c 2531 if (f == SOCKET_SUCCESS)
3900e5fd 2532 socket_enter_start_chown(s);
034c6ed7 2533 else
cfc4eb4c 2534 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
034c6ed7
LP		 2535 break;
2536
3900e5fd
LP		 2537 case SOCKET_START_CHOWN:
2538 if (f == SOCKET_SUCCESS)
2539 socket_enter_start_post(s);
2540 else
2541 socket_enter_stop_pre(s, f);
2542 break;
2543
034c6ed7 2544 case SOCKET_START_POST:
cfc4eb4c 2545 if (f == SOCKET_SUCCESS)
e9af15c3 2546 socket_enter_listening(s);
034c6ed7 2547 else
cfc4eb4c 2548 socket_enter_stop_pre(s, f);
034c6ed7
LP		 2549 break;
2550
2551 case SOCKET_STOP_PRE:
2552 case SOCKET_STOP_PRE_SIGTERM:
2553 case SOCKET_STOP_PRE_SIGKILL:
cfc4eb4c 2554 socket_enter_stop_post(s, f);
034c6ed7
LP		 2555 break;
2556
2557 case SOCKET_STOP_POST:
80876c20
LP		 2558 case SOCKET_FINAL_SIGTERM:
2559 case SOCKET_FINAL_SIGKILL:
cfc4eb4c 2560 socket_enter_dead(s, f);
034c6ed7
LP		 2561 break;
2562
2563 default:
2564 assert_not_reached("Uh, control process died at wrong time.");
2565 }
2566 }
c4e2ceae
LP		 2567
2568 /* Notify clients about changed exit status */
2569 unit_add_to_dbus_queue(u);
034c6ed7 2570}
5cb5a6ff 2571
718db961
LP		 2572static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2573 Socket *s = SOCKET(userdata);
5cb5a6ff 2574
034c6ed7 2575 assert(s);
718db961 2576 assert(s->timer_event_source == source);
034c6ed7
LP		 2577
2578 switch (s->state) {
2579
2580 case SOCKET_START_PRE:
f2341e0a 2581 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
cfc4eb4c 2582 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
da19d5c1 2583 break;
80876c20 2584
3900e5fd 2585 case SOCKET_START_CHOWN:
034c6ed7 2586 case SOCKET_START_POST:
f2341e0a 2587 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
cfc4eb4c 2588 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2589 break;
2590
2591 case SOCKET_STOP_PRE:
f2341e0a 2592 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
cfc4eb4c 2593 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2594 break;
2595
2596 case SOCKET_STOP_PRE_SIGTERM:
4819ff03 2597 if (s->kill_context.send_sigkill) {
f2341e0a 2598 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
cfc4eb4c 2599 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2600 } else {
f2341e0a 2601 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
cfc4eb4c 2602 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2603 }
034c6ed7
LP		 2604 break;
2605
2606 case SOCKET_STOP_PRE_SIGKILL:
f2341e0a 2607 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
cfc4eb4c 2608 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2609 break;
2610
2611 case SOCKET_STOP_POST:
f2341e0a 2612 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
cfc4eb4c 2613 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2614 break;
2615
80876c20 2616 case SOCKET_FINAL_SIGTERM:
4819ff03 2617 if (s->kill_context.send_sigkill) {
f2341e0a 2618 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
cfc4eb4c 2619 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2620 } else {
f2341e0a 2621 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
cfc4eb4c 2622 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2623 }
034c6ed7
LP		 2624 break;
2625
80876c20 2626 case SOCKET_FINAL_SIGKILL:
f2341e0a 2627 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
cfc4eb4c 2628 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2629 break;
2630
2631 default:
2632 assert_not_reached("Timeout at wrong time.");
2633 }
718db961
LP		 2634
2635 return 0;
5cb5a6ff
LP		 2636}
2637
79c7626d
LP		 2638int socket_collect_fds(Socket *s, int **fds) {
2639 int *rfds, k = 0, n = 0;
44d8db9e
LP		 2640 SocketPort *p;
2641
2642 assert(s);
2643 assert(fds);
44d8db9e
LP		 2644
2645 /* Called from the service code for requesting our fds */
2646
15087cdb 2647 LIST_FOREACH(port, p, s->ports) {
44d8db9e 2648 if (p->fd >= 0)
79c7626d
LP		 2649 n++;
2650 n += p->n_auxiliary_fds;
15087cdb 2651 }
44d8db9e 2652
79c7626d 2653 if (n <= 0) {
de3756ab 2654 *fds = NULL;
de3756ab
LP		 2655 return 0;
2656 }
2657
79c7626d 2658 rfds = new(int, n);
e5403f09 2659 if (!rfds)
44d8db9e
LP		 2660 return -ENOMEM;
2661
15087cdb 2662 LIST_FOREACH(port, p, s->ports) {
79c7626d
LP		 2663 int i;
2664
44d8db9e
LP		 2665 if (p->fd >= 0)
2666 rfds[k++] = p->fd;
15087cdb
PS		 2667 for (i = 0; i < p->n_auxiliary_fds; ++i)
2668 rfds[k++] = p->auxiliary_fds[i];
2669 }
44d8db9e 2670
79c7626d 2671 assert(k == n);
44d8db9e
LP		 2672
2673 *fds = rfds;
79c7626d 2674 return n;
44d8db9e
LP		 2675}
2676
e821075a
LP		 2677static void socket_reset_failed(Unit *u) {
2678 Socket *s = SOCKET(u);
2679
2680 assert(s);
2681
2682 if (s->state == SOCKET_FAILED)
2683 socket_set_state(s, SOCKET_DEAD);
2684
2685 s->result = SOCKET_SUCCESS;
2686}
2687
d137a488 2688static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
ceee3d82
LP		 2689 assert(s);
2690
6cf6bbc2
LP		 2691 /* The service is dead. Dang!
2692 *
2693 * This is strictly for one-instance-for-all-connections
2694 * services. */
ceee3d82
LP		 2695
2696 if (s->state == SOCKET_RUNNING) {
f2341e0a 2697 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
6bda96a0
LP		 2698 if (failed_permanent)
2699 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
c2f34808
MS		 2700 else
2701 socket_enter_listening(s);
ceee3d82
LP		 2702 }
2703}
2704
6cf6bbc2
LP		 2705void socket_connection_unref(Socket *s) {
2706 assert(s);
2707
2708 /* The service is dead. Yay!
2709 *
35b8ca3a 2710 * This is strictly for one-instance-per-connection
6cf6bbc2
LP		 2711 * services. */
2712
2713 assert(s->n_connections > 0);
2714 s->n_connections--;
2715
f2341e0a 2716 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
5632e374
LP		 2717}
2718
d137a488
UTL		 2719static void socket_trigger_notify(Unit *u, Unit *other) {
2720 Socket *s = SOCKET(u);
e821075a 2721 Service *se;
d137a488
UTL		 2722
2723 assert(u);
2724 assert(other);
2725
2726 /* Don't propagate state changes from the service if we are
2727 already down or accepting connections */
920b52e4 2728 if ((s->state != SOCKET_RUNNING &&
d137a488
UTL		 2729 s->state != SOCKET_LISTENING) ||
2730 s->accept)
2731 return;
2732
2733 if (other->load_state != UNIT_LOADED ||
2734 other->type != UNIT_SERVICE)
2735 return;
2736
e821075a
LP		 2737 se = SERVICE(other);
2738
d137a488
UTL		 2739 if (se->state == SERVICE_FAILED)
2740 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2741
2742 if (se->state == SERVICE_DEAD ||
d137a488
UTL		 2743 se->state == SERVICE_FINAL_SIGTERM ||
2744 se->state == SERVICE_FINAL_SIGKILL ||
2745 se->state == SERVICE_AUTO_RESTART)
2746 socket_notify_service_dead(s, false);
2747
2748 if (se->state == SERVICE_RUNNING)
2749 socket_set_state(s, SOCKET_RUNNING);
2750}
2751
718db961 2752static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
814cc562 2753 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
8a0867d6
LP		 2754}
2755
68db7a3b
ZJS		 2756static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2757 Socket *s = SOCKET(u);
2758 int r;
2759
2760 if (!s->timer_event_source)
2761 return 0;
2762
2763 r = sd_event_source_get_time(s->timer_event_source, timeout);
2764 if (r < 0)
2765 return r;
2766
2767 return 1;
2768}
2769
8dd4c05b
LP		 2770char *socket_fdname(Socket *s) {
2771 assert(s);
2772
2773 /* Returns the name to use for $LISTEN_NAMES. If the user
2774 * didn't specify anything specifically, use the socket unit's
2775 * name as fallback. */
2776
2777 if (s->fdname)
2778 return s->fdname;
2779
2780 return UNIT(s)->id;
2781}
2782
a16e1123
LP		 2783static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2784 [SOCKET_EXEC_START_PRE] = "StartPre",
3900e5fd 2785 [SOCKET_EXEC_START_CHOWN] = "StartChown",
a16e1123
LP		 2786 [SOCKET_EXEC_START_POST] = "StartPost",
2787 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2788 [SOCKET_EXEC_STOP_POST] = "StopPost"
2789};
2790
2791DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2792
cfc4eb4c
LP		 2793static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2794 [SOCKET_SUCCESS] = "success",
2795 [SOCKET_FAILURE_RESOURCES] = "resources",
2796 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2797 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2798 [SOCKET_FAILURE_SIGNAL] = "signal",
c2f34808 2799 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
6bda96a0 2800 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
cfc4eb4c
LP		 2801};
2802
2803DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2804
87f0e418 2805const UnitVTable socket_vtable = {
7d17cfbc 2806 .object_size = sizeof(Socket),
718db961
LP		 2807 .exec_context_offset = offsetof(Socket, exec_context),
2808 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2809 .kill_context_offset = offsetof(Socket, kill_context),
613b411c 2810 .exec_runtime_offset = offsetof(Socket, exec_runtime),
3ef63c31 2811
f975e971
LP		 2812 .sections =
2813 "Unit\0"
2814 "Socket\0"
2815 "Install\0",
4ad49000 2816 .private_section = "Socket",
71645aca 2817
034c6ed7
LP		 2818 .init = socket_init,
2819 .done = socket_done,
a16e1123
LP		 2820 .load = socket_load,
2821
2822 .coldplug = socket_coldplug,
034c6ed7 2823
5cb5a6ff
LP		 2824 .dump = socket_dump,
2825
542563ba
LP		 2826 .start = socket_start,
2827 .stop = socket_stop,
5cb5a6ff 2828
718db961
LP		 2829 .kill = socket_kill,
2830
68db7a3b
ZJS		 2831 .get_timeout = socket_get_timeout,
2832
a16e1123
LP		 2833 .serialize = socket_serialize,
2834 .deserialize_item = socket_deserialize_item,
01e10de3 2835 .distribute_fds = socket_distribute_fds,
a16e1123 2836
5cb5a6ff 2837 .active_state = socket_active_state,
10a94420 2838 .sub_state_to_string = socket_sub_state_to_string,
5cb5a6ff 2839
6cf6bbc2
LP		 2840 .check_gc = socket_check_gc,
2841
034c6ed7 2842 .sigchld_event = socket_sigchld_event,
4139c1b2 2843
d137a488
UTL		 2844 .trigger_notify = socket_trigger_notify,
2845
fdf20a31 2846 .reset_failed = socket_reset_failed,
5632e374 2847
718db961 2848 .bus_vtable = bus_socket_vtable,
74c964d3
LP		 2849 .bus_set_property = bus_socket_set_property,
2850 .bus_commit_properties = bus_socket_commit_properties,
c6918296
MS		 2851
2852 .status_message_formats = {
2853 /*.starting_stopping = {
2854 [0] = "Starting socket %s...",
2855 [1] = "Stopping socket %s...",
2856 },*/
2857 .finished_start_job = {
2858 [JOB_DONE] = "Listening on %s.",
2859 [JOB_FAILED] = "Failed to listen on %s.",
c6918296
MS		 2860 [JOB_TIMEOUT] = "Timed out starting %s.",
2861 },
2862 .finished_stop_job = {
2863 [JOB_DONE] = "Closed %s.",
2864 [JOB_FAILED] = "Failed stopping %s.",
2865 [JOB_TIMEOUT] = "Timed out stopping %s.",
2866 },
2867 },
5cb5a6ff 2868};
Unnamed repository; edit this file 'description' to name the repository.