]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/socket.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
socket: don't double close the same fd for FIFOs
[thirdparty/systemd.git] / src / core / socket.c
CommitLineData
d6c9574f 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
5cb5a6ff 2
a7334b09
LP		 3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
a7334b09 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
e8da24a6 22#include <arpa/inet.h>
83c60c9f
LP		 23#include <errno.h>
24#include <fcntl.h>
916abb21 25#include <mqueue.h>
e8da24a6
LP		 26#include <netinet/tcp.h>
27#include <signal.h>
28#include <sys/epoll.h>
29#include <sys/stat.h>
30#include <unistd.h>
83c60c9f 31
718db961 32#include "sd-event.h"
e8da24a6
LP		 33
34#include "bus-error.h"
35#include "bus-util.h"
36#include "copy.h"
37#include "dbus-socket.h"
38#include "def.h"
39#include "exit-status.h"
40#include "formats-util.h"
41#include "label.h"
83c60c9f 42#include "log.h"
e8da24a6 43#include "missing.h"
49e942b2 44#include "mkdir.h"
9eb977db 45#include "path-util.h"
d7b8eec7 46#include "selinux-util.h"
24882e06 47#include "signal-util.h"
e8da24a6 48#include "smack-util.h"
24882e06 49#include "socket.h"
e8da24a6
LP		 50#include "special.h"
51#include "strv.h"
52#include "unit-name.h"
53#include "unit-printf.h"
54#include "unit.h"
83c60c9f 55
acbb0225 56static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
87f0e418
LP		 57 [SOCKET_DEAD] = UNIT_INACTIVE,
58 [SOCKET_START_PRE] = UNIT_ACTIVATING,
3900e5fd 59 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
87f0e418
LP		 60 [SOCKET_START_POST] = UNIT_ACTIVATING,
61 [SOCKET_LISTENING] = UNIT_ACTIVE,
62 [SOCKET_RUNNING] = UNIT_ACTIVE,
63 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
66 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
80876c20
LP		 67 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
68 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
fdf20a31 69 [SOCKET_FAILED] = UNIT_FAILED
83c60c9f 70};
5cb5a6ff 71
718db961
LP		 72static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
73static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
74
a16e1123
LP		 75static void socket_init(Unit *u) {
76 Socket *s = SOCKET(u);
77
78 assert(u);
ac155bb8 79 assert(u->load_state == UNIT_STUB);
a16e1123 80
a16e1123 81 s->backlog = SOMAXCONN;
1f19a534 82 s->timeout_usec = u->manager->default_timeout_start_usec;
a16e1123 83 s->directory_mode = 0755;
9131f660 84 s->socket_mode = 0666;
a16e1123 85
6cf6bbc2
LP		 86 s->max_connections = 64;
87
4fd5948e 88 s->priority = -1;
4fd5948e
LP		 89 s->ip_tos = -1;
90 s->ip_ttl = -1;
4fd5948e 91 s->mark = -1;
4fd5948e 92
ac155bb8
MS		 93 s->exec_context.std_output = u->manager->default_std_output;
94 s->exec_context.std_error = u->manager->default_std_error;
085afe36 95
a16e1123
LP		 96 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
97}
acbb0225 98
5e94833f
LP		 99static void socket_unwatch_control_pid(Socket *s) {
100 assert(s);
101
102 if (s->control_pid <= 0)
103 return;
104
105 unit_unwatch_pid(UNIT(s), s->control_pid);
106 s->control_pid = 0;
107}
108
15087cdb
PS		 109static void socket_cleanup_fd_list(SocketPort *p) {
110 int k = p->n_auxiliary_fds;
111
112 while (k--)
113 safe_close(p->auxiliary_fds[k]);
114
115 p->auxiliary_fds = mfree(p->auxiliary_fds);
116 p->n_auxiliary_fds = 0;
117}
118
74051b9b 119void socket_free_ports(Socket *s) {
034c6ed7
LP		 120 SocketPort *p;
121
122 assert(s);
123
124 while ((p = s->ports)) {
71fda00f 125 LIST_REMOVE(port, s->ports, p);
034c6ed7 126
718db961
LP		 127 sd_event_source_unref(p->event_source);
128
15087cdb 129 socket_cleanup_fd_list(p);
03e334a1 130 safe_close(p->fd);
034c6ed7
LP		 131 free(p->path);
132 free(p);
133 }
74051b9b
LP		 134}
135
136static void socket_done(Unit *u) {
137 Socket *s = SOCKET(u);
138
139 assert(s);
140
141 socket_free_ports(s);
034c6ed7 142
613b411c 143 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
e537352b 144 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
034c6ed7
LP		 145 s->control_command = NULL;
146
5e94833f 147 socket_unwatch_control_pid(s);
034c6ed7 148
57020a3a 149 unit_ref_unset(&s->service);
034c6ed7 150
a1e58e8e
LP		 151 s->tcp_congestion = mfree(s->tcp_congestion);
152 s->bind_to_device = mfree(s->bind_to_device);
acbb0225 153
0eb59ccf
AK		 154 free(s->smack);
155 free(s->smack_ip_in);
156 free(s->smack_ip_out);
157
811ba7a0
LP		 158 strv_free(s->symlinks);
159
3900e5fd
LP		 160 free(s->user);
161 free(s->group);
162
718db961
LP		 163 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
164}
165
166static int socket_arm_timer(Socket *s) {
167 int r;
168
169 assert(s);
170
171 if (s->timeout_usec <= 0) {
172 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
173 return 0;
174 }
175
176 if (s->timer_event_source) {
177 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
178 if (r < 0)
179 return r;
180
181 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
182 }
183
7dfbe2e3 184 r = sd_event_add_time(
6a0f1f6d
LP		 185 UNIT(s)->manager->event,
186 &s->timer_event_source,
187 CLOCK_MONOTONIC,
188 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
189 socket_dispatch_timer, s);
7dfbe2e3
TG		 190 if (r < 0)
191 return r;
192
193 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
194
195 return 0;
5cb5a6ff
LP		 196}
197
8b835fcc
ZJS		 198int socket_instantiate_service(Socket *s) {
199 _cleanup_free_ char *prefix = NULL, *name = NULL;
b15bdda8
LP		 200 int r;
201 Unit *u;
202
203 assert(s);
204
205 /* This fills in s->service if it isn't filled in yet. For
206 * Accept=yes sockets we create the next connection service
207 * here. For Accept=no this is mostly a NOP since the service
208 * is figured out at load time anyway. */
209
7410616c 210 if (UNIT_DEREF(s->service))
b15bdda8
LP		 211 return 0;
212
7410616c
LP		 213 if (!s->accept)
214 return 0;
215
216 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
217 if (r < 0)
218 return r;
b15bdda8 219
315db1a8 220 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
b15bdda8
LP		 221 return -ENOMEM;
222
1124fe6f 223 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
b15bdda8
LP		 224 if (r < 0)
225 return r;
226
ac155bb8 227 u->no_gc = true;
57020a3a
LP		 228 unit_ref_set(&s->service, u);
229
230 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
b15bdda8
LP		 231}
232
4f2d528d
LP		 233static bool have_non_accept_socket(Socket *s) {
234 SocketPort *p;
235
236 assert(s);
237
238 if (!s->accept)
239 return true;
240
dd5ad9d4
LP		 241 LIST_FOREACH(port, p, s->ports) {
242
243 if (p->type != SOCKET_SOCKET)
244 return true;
245
4f2d528d
LP		 246 if (!socket_address_can_accept(&p->address))
247 return true;
dd5ad9d4 248 }
4f2d528d
LP		 249
250 return false;
251}
252
a57f7e2c 253static int socket_add_mount_links(Socket *s) {
6e2ef85b 254 SocketPort *p;
6e2ef85b
LP		 255 int r;
256
257 assert(s);
6e2ef85b 258
a57f7e2c
LP		 259 LIST_FOREACH(port, p, s->ports) {
260 const char *path = NULL;
6e2ef85b 261
a57f7e2c
LP		 262 if (p->type == SOCKET_SOCKET)
263 path = socket_address_get_path(&p->address);
60252446 264 else if (IN_SET(p->type, SOCKET_FIFO, SOCKET_SPECIAL, SOCKET_USB_FUNCTION))
a57f7e2c 265 path = p->path;
6e2ef85b 266
a57f7e2c
LP		 267 if (!path)
268 continue;
6e2ef85b 269
a57f7e2c 270 r = unit_require_mounts_for(UNIT(s), path);
b87705cd 271 if (r < 0)
6e2ef85b 272 return r;
b87705cd 273 }
6e2ef85b
LP		 274
275 return 0;
276}
277
278static int socket_add_device_link(Socket *s) {
279 char *t;
6e2ef85b
LP		 280
281 assert(s);
282
7d0c710d 283 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
6e2ef85b
LP		 284 return 0;
285
63c372cb 286 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
e821075a 287 return unit_add_node_link(UNIT(s), t, false);
6e2ef85b
LP		 288}
289
a40eb732
LP		 290static int socket_add_default_dependencies(Socket *s) {
291 int r;
292 assert(s);
293
e3d84721
LP		 294 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
295 if (r < 0)
296 return r;
2a77d31d 297
b2c23da8 298 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
e3d84721
LP		 299 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
300 if (r < 0)
a40eb732 301 return r;
2a77d31d 302 }
a40eb732 303
ead8e478 304 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
a40eb732
LP		 305}
306
44a6b1b6 307_pure_ static bool socket_has_exec(Socket *s) {
4cfc6dbe
LP		 308 unsigned i;
309 assert(s);
310
311 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
312 if (s->exec_command[i])
313 return true;
314
315 return false;
316}
317
e821075a
LP		 318static int socket_add_extras(Socket *s) {
319 Unit *u = UNIT(s);
e537352b 320 int r;
44d8db9e 321
e821075a 322 assert(s);
57020a3a 323
e821075a 324 if (have_non_accept_socket(s)) {
23a177ef 325
e821075a
LP		 326 if (!UNIT_DEREF(s->service)) {
327 Unit *x;
57020a3a 328
e821075a 329 r = unit_load_related_unit(u, ".service", &x);
57020a3a 330 if (r < 0)
4f2d528d 331 return r;
e821075a
LP		 332
333 unit_ref_set(&s->service, x);
4f2d528d 334 }
44d8db9e 335
e821075a
LP		 336 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
337 if (r < 0)
6e2ef85b 338 return r;
e821075a 339 }
6e2ef85b 340
e821075a
LP		 341 r = socket_add_mount_links(s);
342 if (r < 0)
343 return r;
6e2ef85b 344
e821075a
LP		 345 r = socket_add_device_link(s);
346 if (r < 0)
347 return r;
348
598459ce 349 r = unit_patch_contexts(u);
e821075a
LP		 350 if (r < 0)
351 return r;
352
353 if (socket_has_exec(s)) {
354 r = unit_add_exec_dependencies(u, &s->exec_context);
355 if (r < 0)
356 return r;
23a177ef 357
d79200e2 358 r = unit_set_default_slice(u);
a016b922
LP		 359 if (r < 0)
360 return r;
e821075a 361 }
a016b922 362
e821075a
LP		 363 if (u->default_dependencies) {
364 r = socket_add_default_dependencies(s);
365 if (r < 0)
366 return r;
367 }
368
369 return 0;
370}
371
811ba7a0
LP		 372static const char *socket_find_symlink_target(Socket *s) {
373 const char *found = NULL;
374 SocketPort *p;
375
376 LIST_FOREACH(port, p, s->ports) {
377 const char *f = NULL;
378
379 switch (p->type) {
380
381 case SOCKET_FIFO:
382 f = p->path;
383 break;
384
385 case SOCKET_SOCKET:
386 if (p->address.sockaddr.un.sun_path[0] != 0)
387 f = p->address.sockaddr.un.sun_path;
388 break;
389
390 default:
391 break;
392 }
393
394 if (f) {
395 if (found)
396 return NULL;
397
398 found = f;
399 }
400 }
401
402 return found;
403}
404
e821075a
LP		 405static int socket_verify(Socket *s) {
406 assert(s);
407
408 if (UNIT(s)->load_state != UNIT_LOADED)
409 return 0;
410
411 if (!s->ports) {
f2341e0a 412 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
e821075a
LP		 413 return -EINVAL;
414 }
415
416 if (s->accept && have_non_accept_socket(s)) {
f2341e0a 417 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
e821075a
LP		 418 return -EINVAL;
419 }
420
421 if (s->accept && s->max_connections <= 0) {
f2341e0a 422 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
e821075a
LP		 423 return -EINVAL;
424 }
e06c73cc 425
e821075a 426 if (s->accept && UNIT_DEREF(s->service)) {
f2341e0a 427 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
e821075a
LP		 428 return -EINVAL;
429 }
430
431 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
f2341e0a 432 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
e821075a
LP		 433 return -EINVAL;
434 }
435
811ba7a0 436 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
f2341e0a 437 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
811ba7a0
LP		 438 return -EINVAL;
439 }
440
e821075a
LP		 441 return 0;
442}
443
444static int socket_load(Unit *u) {
445 Socket *s = SOCKET(u);
446 int r;
447
448 assert(u);
449 assert(u->load_state == UNIT_STUB);
450
451 r = unit_load_fragment_and_dropin(u);
452 if (r < 0)
453 return r;
454
455 if (u->load_state == UNIT_LOADED) {
456 /* This is a new unit? Then let's add in some extras */
457 r = socket_add_extras(s);
e06c73cc
LP		 458 if (r < 0)
459 return r;
23a177ef
LP		 460 }
461
4f2d528d 462 return socket_verify(s);
44d8db9e
LP		 463}
464
44a6b1b6 465_const_ static const char* listen_lookup(int family, int type) {
7a22745a
LP		 466
467 if (family == AF_NETLINK)
468 return "ListenNetlink";
542563ba
LP		 469
470 if (type == SOCK_STREAM)
471 return "ListenStream";
472 else if (type == SOCK_DGRAM)
473 return "ListenDatagram";
474 else if (type == SOCK_SEQPACKET)
475 return "ListenSequentialPacket";
476
034c6ed7 477 assert_not_reached("Unknown socket type");
542563ba
LP		 478 return NULL;
479}
480
87f0e418 481static void socket_dump(Unit *u, FILE *f, const char *prefix) {
209e9dcd 482 char time_string[FORMAT_TIMESPAN_MAX];
5cb5a6ff 483 SocketExecCommand c;
87f0e418 484 Socket *s = SOCKET(u);
542563ba 485 SocketPort *p;
82ba9f08 486 const char *prefix2;
5cb5a6ff
LP		 487
488 assert(s);
fa068367 489 assert(f);
5cb5a6ff 490
4c940960 491 prefix = strempty(prefix);
63c372cb 492 prefix2 = strjoina(prefix, "\t");
c43d20a0 493
5cb5a6ff
LP		 494 fprintf(f,
495 "%sSocket State: %s\n"
81a5c6d0 496 "%sResult: %s\n"
542563ba 497 "%sBindIPv6Only: %s\n"
b5a0699f
LP		 498 "%sBacklog: %u\n"
499 "%sSocketMode: %04o\n"
4fd5948e
LP		 500 "%sDirectoryMode: %04o\n"
501 "%sKeepAlive: %s\n"
4427c3f4 502 "%sNoDelay: %s\n"
cebf8b20 503 "%sFreeBind: %s\n"
6b6d2dee 504 "%sTransparent: %s\n"
ec6370a2 505 "%sBroadcast: %s\n"
ede3deb4 506 "%sPassCredentials: %s\n"
54ecda32 507 "%sPassSecurity: %s\n"
bd1fe7c7 508 "%sTCPCongestion: %s\n"
16115b0a 509 "%sRemoveOnStop: %s\n"
55301ec0 510 "%sWritable: %s\n"
16115b0a 511 "%sSELinuxContextFromNet: %s\n",
a16e1123 512 prefix, socket_state_to_string(s->state),
81a5c6d0 513 prefix, socket_result_to_string(s->result),
c0120d99 514 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
b5a0699f
LP		 515 prefix, s->backlog,
516 prefix, s->socket_mode,
4fd5948e
LP		 517 prefix, s->directory_mode,
518 prefix, yes_no(s->keep_alive),
4427c3f4 519 prefix, yes_no(s->no_delay),
cebf8b20 520 prefix, yes_no(s->free_bind),
6b6d2dee 521 prefix, yes_no(s->transparent),
ec6370a2 522 prefix, yes_no(s->broadcast),
d68af586 523 prefix, yes_no(s->pass_cred),
54ecda32 524 prefix, yes_no(s->pass_sec),
bd1fe7c7 525 prefix, strna(s->tcp_congestion),
16115b0a 526 prefix, yes_no(s->remove_on_stop),
55301ec0 527 prefix, yes_no(s->writable),
16115b0a 528 prefix, yes_no(s->selinux_context_from_net));
542563ba 529
70123e68
LP		 530 if (s->control_pid > 0)
531 fprintf(f,
de0671ee
ZJS		 532 "%sControl PID: "PID_FMT"\n",
533 prefix, s->control_pid);
70123e68 534
acbb0225
LP		 535 if (s->bind_to_device)
536 fprintf(f,
537 "%sBindToDevice: %s\n",
538 prefix, s->bind_to_device);
539
4f2d528d
LP		 540 if (s->accept)
541 fprintf(f,
6cf6bbc2
LP		 542 "%sAccepted: %u\n"
543 "%sNConnections: %u\n"
544 "%sMaxConnections: %u\n",
545 prefix, s->n_accepted,
546 prefix, s->n_connections,
547 prefix, s->max_connections);
4f2d528d 548
4fd5948e
LP		 549 if (s->priority >= 0)
550 fprintf(f,
551 "%sPriority: %i\n",
552 prefix, s->priority);
553
554 if (s->receive_buffer > 0)
555 fprintf(f,
556 "%sReceiveBuffer: %zu\n",
557 prefix, s->receive_buffer);
558
559 if (s->send_buffer > 0)
560 fprintf(f,
561 "%sSendBuffer: %zu\n",
562 prefix, s->send_buffer);
563
564 if (s->ip_tos >= 0)
565 fprintf(f,
566 "%sIPTOS: %i\n",
567 prefix, s->ip_tos);
568
569 if (s->ip_ttl >= 0)
570 fprintf(f,
571 "%sIPTTL: %i\n",
572 prefix, s->ip_ttl);
573
574 if (s->pipe_size > 0)
575 fprintf(f,
576 "%sPipeSize: %zu\n",
577 prefix, s->pipe_size);
578
579 if (s->mark >= 0)
580 fprintf(f,
581 "%sMark: %i\n",
582 prefix, s->mark);
583
916abb21
LP		 584 if (s->mq_maxmsg > 0)
585 fprintf(f,
586 "%sMessageQueueMaxMessages: %li\n",
587 prefix, s->mq_maxmsg);
588
589 if (s->mq_msgsize > 0)
590 fprintf(f,
591 "%sMessageQueueMessageSize: %li\n",
592 prefix, s->mq_msgsize);
593
718db961 594 if (s->reuse_port)
f7db7a69
SL		 595 fprintf(f,
596 "%sReusePort: %s\n",
718db961 597 prefix, yes_no(s->reuse_port));
f7db7a69 598
0eb59ccf
AK		 599 if (s->smack)
600 fprintf(f,
601 "%sSmackLabel: %s\n",
602 prefix, s->smack);
603
604 if (s->smack_ip_in)
605 fprintf(f,
606 "%sSmackLabelIPIn: %s\n",
607 prefix, s->smack_ip_in);
608
609 if (s->smack_ip_out)
610 fprintf(f,
611 "%sSmackLabelIPOut: %s\n",
612 prefix, s->smack_ip_out);
613
3900e5fd
LP		 614 if (!isempty(s->user) || !isempty(s->group))
615 fprintf(f,
616 "%sOwnerUser: %s\n"
617 "%sOwnerGroup: %s\n",
618 prefix, strna(s->user),
619 prefix, strna(s->group));
620
3cd761e4 621 if (s->keep_alive_time > 0)
209e9dcd 622 fprintf(f,
3cd761e4
LP		 623 "%sKeepAliveTimeSec: %s\n",
624 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
209e9dcd 625
3cd761e4 626 if (s->keep_alive_interval)
209e9dcd 627 fprintf(f,
3cd761e4
LP		 628 "%sKeepAliveIntervalSec: %s\n",
629 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
209e9dcd 630
3cd761e4 631 if (s->keep_alive_cnt)
209e9dcd
SS		 632 fprintf(f,
633 "%sKeepAliveProbes: %u\n",
634 prefix, s->keep_alive_cnt);
635
3cd761e4 636 if (s->defer_accept)
cc567c9b 637 fprintf(f,
3cd761e4
LP		 638 "%sDeferAcceptSec: %s\n",
639 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
cc567c9b 640
034c6ed7 641 LIST_FOREACH(port, p, s->ports) {
5cb5a6ff 642
542563ba
LP		 643 if (p->type == SOCKET_SOCKET) {
644 const char *t;
645 int r;
e364ad06 646 char *k = NULL;
542563ba 647
e53fc357
LP		 648 r = socket_address_print(&p->address, &k);
649 if (r < 0)
542563ba
LP		 650 t = strerror(-r);
651 else
652 t = k;
653
7a22745a 654 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
542563ba 655 free(k);
b0a3f2bc
LP		 656 } else if (p->type == SOCKET_SPECIAL)
657 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
60252446
PS		 658 else if (p->type == SOCKET_USB_FUNCTION)
659 fprintf(f, "%sListenUSBFunction: %s\n", prefix, p->path);
916abb21
LP		 660 else if (p->type == SOCKET_MQUEUE)
661 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
b0a3f2bc 662 else
542563ba
LP		 663 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
664 }
5cb5a6ff
LP		 665
666 exec_context_dump(&s->exec_context, f, prefix);
4819ff03 667 kill_context_dump(&s->kill_context, f, prefix);
5cb5a6ff 668
e537352b 669 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
c43d20a0
LP		 670 if (!s->exec_command[c])
671 continue;
5cb5a6ff 672
40d50879 673 fprintf(f, "%s-> %s:\n",
a16e1123 674 prefix, socket_exec_command_to_string(c));
c43d20a0
LP		 675
676 exec_command_dump_list(s->exec_command[c], f, prefix2);
5cb5a6ff
LP		 677 }
678}
679
4f2d528d
LP		 680static int instance_from_socket(int fd, unsigned nr, char **instance) {
681 socklen_t l;
682 char *r;
9d16d0c7 683 union sockaddr_union local, remote;
4f2d528d
LP		 684
685 assert(fd >= 0);
686 assert(instance);
687
688 l = sizeof(local);
689 if (getsockname(fd, &local.sa, &l) < 0)
690 return -errno;
691
692 l = sizeof(remote);
693 if (getpeername(fd, &remote.sa, &l) < 0)
694 return -errno;
695
696 switch (local.sa.sa_family) {
697
698 case AF_INET: {
699 uint32_t
700 a = ntohl(local.in.sin_addr.s_addr),
701 b = ntohl(remote.in.sin_addr.s_addr);
702
703 if (asprintf(&r,
77b088c2
LP		 704 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
705 nr,
4f2d528d
LP		 706 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
707 ntohs(local.in.sin_port),
708 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
709 ntohs(remote.in.sin_port)) < 0)
710 return -ENOMEM;
711
712 break;
713 }
714
715 case AF_INET6: {
c65a0b14 716 static const unsigned char ipv4_prefix[] = {
2b061f5a
LP		 717 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
718 };
719
720 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
721 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
722 const uint8_t
723 *a = local.in6.sin6_addr.s6_addr+12,
724 *b = remote.in6.sin6_addr.s6_addr+12;
725
726 if (asprintf(&r,
77b088c2
LP		 727 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
728 nr,
2b061f5a
LP		 729 a[0], a[1], a[2], a[3],
730 ntohs(local.in6.sin6_port),
731 b[0], b[1], b[2], b[3],
732 ntohs(remote.in6.sin6_port)) < 0)
733 return -ENOMEM;
734 } else {
735 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
736
737 if (asprintf(&r,
77b088c2
LP		 738 "%u-%s:%u-%s:%u",
739 nr,
2b061f5a
LP		 740 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
741 ntohs(local.in6.sin6_port),
742 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
743 ntohs(remote.in6.sin6_port)) < 0)
744 return -ENOMEM;
745 }
4f2d528d
LP		 746
747 break;
748 }
749
750 case AF_UNIX: {
751 struct ucred ucred;
eff05270 752 int k;
4f2d528d 753
eff05270 754 k = getpeercred(fd, &ucred);
d38f6e34
ZJS		 755 if (k >= 0) {
756 if (asprintf(&r,
757 "%u-"PID_FMT"-"UID_FMT,
758 nr, ucred.pid, ucred.uid) < 0)
759 return -ENOMEM;
760 } else if (k == -ENODATA) {
761 /* This handles the case where somebody is
762 * connecting from another pid/uid namespace
763 * (e.g. from outside of our container). */
764 if (asprintf(&r,
765 "%u-unknown",
766 nr) < 0)
767 return -ENOMEM;
768 } else
eff05270 769 return k;
2f20a8eb 770
2f20a8eb 771 break;
4f2d528d
LP		 772 }
773
774 default:
775 assert_not_reached("Unhandled socket type.");
776 }
777
778 *instance = r;
779 return 0;
780}
781
034c6ed7 782static void socket_close_fds(Socket *s) {
83c60c9f 783 SocketPort *p;
811ba7a0 784 char **i;
83c60c9f
LP		 785
786 assert(s);
787
034c6ed7 788 LIST_FOREACH(port, p, s->ports) {
718db961
LP		 789
790 p->event_source = sd_event_source_unref(p->event_source);
791
83c60c9f
LP		 792 if (p->fd < 0)
793 continue;
794
03e334a1 795 p->fd = safe_close(p->fd);
15087cdb 796 socket_cleanup_fd_list(p);
a16e1123 797
bd1fe7c7
LP		 798 /* One little note: we should normally not delete any
799 * sockets in the file system here! After all some
800 * other process we spawned might still have a
801 * reference of this fd and wants to continue to use
802 * it. Therefore we delete sockets in the file system
803 * before we create a new one, not after we stopped
804 * using one! */
805
806 if (s->remove_on_stop) {
807 switch (p->type) {
808
809 case SOCKET_FIFO:
810 unlink(p->path);
811 break;
812
813 case SOCKET_MQUEUE:
814 mq_unlink(p->path);
815 break;
816
817 case SOCKET_SOCKET:
818 socket_address_unlink(&p->address);
819 break;
820
821 default:
822 break;
823 }
824 }
83c60c9f 825 }
811ba7a0
LP		 826
827 if (s->remove_on_stop)
828 STRV_FOREACH(i, s->symlinks)
829 unlink(*i);
83c60c9f
LP		 830}
831
4fd5948e 832static void socket_apply_socket_options(Socket *s, int fd) {
d53e386d
LP		 833 int r;
834
4fd5948e
LP		 835 assert(s);
836 assert(fd >= 0);
837
838 if (s->keep_alive) {
839 int b = s->keep_alive;
840 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
f2341e0a 841 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
4fd5948e
LP		 842 }
843
209e9dcd
SS		 844 if (s->keep_alive_time) {
845 int value = s->keep_alive_time / USEC_PER_SEC;
846 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
f2341e0a 847 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
209e9dcd
SS		 848 }
849
850 if (s->keep_alive_interval) {
920b52e4 851 int value = s->keep_alive_interval / USEC_PER_SEC;
209e9dcd 852 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
f2341e0a 853 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
209e9dcd
SS		 854 }
855
856 if (s->keep_alive_cnt) {
857 int value = s->keep_alive_cnt;
172cfe87 858 if (setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &value, sizeof(value)) < 0)
f2341e0a 859 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
209e9dcd
SS		 860 }
861
cc567c9b
SS		 862 if (s->defer_accept) {
863 int value = s->defer_accept / USEC_PER_SEC;
864 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
f2341e0a 865 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
cc567c9b
SS		 866 }
867
4427c3f4
SS		 868 if (s->no_delay) {
869 int b = s->no_delay;
870 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
f2341e0a 871 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
4427c3f4
SS		 872 }
873
ec6370a2
LP		 874 if (s->broadcast) {
875 int one = 1;
876 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
f2341e0a 877 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
ec6370a2
LP		 878 }
879
d68af586
MS		 880 if (s->pass_cred) {
881 int one = 1;
882 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
f2341e0a 883 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
d68af586
MS		 884 }
885
54ecda32
LP		 886 if (s->pass_sec) {
887 int one = 1;
888 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
f2341e0a 889 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
54ecda32
LP		 890 }
891
4fd5948e
LP		 892 if (s->priority >= 0)
893 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
f2341e0a 894 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
4fd5948e
LP		 895
896 if (s->receive_buffer > 0) {
897 int value = (int) s->receive_buffer;
7d9eaa84
LP		 898
899 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
900
b8cef44e 901 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 902 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
f2341e0a 903 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
4fd5948e
LP		 904 }
905
906 if (s->send_buffer > 0) {
907 int value = (int) s->send_buffer;
b8cef44e 908 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 909 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
f2341e0a 910 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
4fd5948e
LP		 911 }
912
913 if (s->mark >= 0)
914 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
f2341e0a 915 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
4fd5948e
LP		 916
917 if (s->ip_tos >= 0)
918 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
f2341e0a 919 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
4fd5948e 920
46925ac5 921 if (s->ip_ttl >= 0) {
d53e386d 922 int x;
46925ac5
LP		 923
924 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
5bfcc1c6
FF		 925
926 if (socket_ipv6_is_supported())
927 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
928 else {
929 x = -1;
930 errno = EAFNOSUPPORT;
931 }
46925ac5
LP		 932
933 if (r < 0 && x < 0)
f2341e0a 934 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
46925ac5 935 }
cebf8b20
TT		 936
937 if (s->tcp_congestion)
938 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
f2341e0a 939 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
0eb59ccf 940
d53e386d 941 if (s->smack_ip_in) {
5ab58c20 942 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
d53e386d 943 if (r < 0)
f2341e0a 944 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
d53e386d 945 }
9a4e038c 946
d53e386d 947 if (s->smack_ip_out) {
5ab58c20 948 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
d53e386d 949 if (r < 0)
f2341e0a 950 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
d53e386d 951 }
4fd5948e
LP		 952}
953
b15bdda8 954static void socket_apply_fifo_options(Socket *s, int fd) {
d53e386d
LP		 955 int r;
956
4fd5948e
LP		 957 assert(s);
958 assert(fd >= 0);
959
960 if (s->pipe_size > 0)
961 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
ed460b07 962 log_unit_warning_errno(UNIT(s), errno, "Setting pipe size failed, ignoring: %m");
0eb59ccf 963
d53e386d 964 if (s->smack) {
5ab58c20 965 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
d53e386d 966 if (r < 0)
ed460b07 967 log_unit_error_errno(UNIT(s), r, "SMACK relabelling failed, ignoring: %m");
d53e386d 968 }
4fd5948e
LP		 969}
970
b15bdda8
LP		 971static int fifo_address_create(
972 const char *path,
973 mode_t directory_mode,
e8da24a6 974 mode_t socket_mode) {
b15bdda8 975
e8da24a6 976 _cleanup_close_ int fd = -1;
b15bdda8 977 mode_t old_mask;
e8da24a6
LP		 978 struct stat st;
979 int r;
b15bdda8
LP		 980
981 assert(path);
b15bdda8 982
d2e54fae 983 mkdir_parents_label(path, directory_mode);
b15bdda8 984
ecabcf8b 985 r = mac_selinux_create_file_prepare(path, S_IFIFO);
e9a5ef7c 986 if (r < 0)
e8da24a6 987 return r;
b15bdda8
LP		 988
989 /* Enforce the right access mode for the fifo */
990 old_mask = umask(~ socket_mode);
991
992 /* Include the original umask in our mask */
e8da24a6 993 (void) umask(~socket_mode | old_mask);
b15bdda8
LP		 994
995 r = mkfifo(path, socket_mode);
e8da24a6 996 (void) umask(old_mask);
b15bdda8 997
94bc2731 998 if (r < 0 && errno != EEXIST) {
b15bdda8
LP		 999 r = -errno;
1000 goto fail;
1001 }
1002
e8da24a6 1003 fd = open(path, O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
3cc2aff1 1004 if (fd < 0) {
b15bdda8
LP		 1005 r = -errno;
1006 goto fail;
1007 }
1008
ecabcf8b 1009 mac_selinux_create_file_clear();
7a58bfa4 1010
b15bdda8
LP		 1011 if (fstat(fd, &st) < 0) {
1012 r = -errno;
1013 goto fail;
1014 }
1015
1016 if (!S_ISFIFO(st.st_mode) ||
de0200fc 1017 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
e4f44e73
DR		 1018 st.st_uid != getuid() ||
1019 st.st_gid != getgid()) {
b15bdda8
LP		 1020 r = -EEXIST;
1021 goto fail;
1022 }
1023
e8da24a6
LP		 1024 r = fd;
1025 fd = -1;
1026
1027 return r;
b15bdda8
LP		 1028
1029fail:
ecabcf8b 1030 mac_selinux_create_file_clear();
b15bdda8
LP		 1031 return r;
1032}
1033
55301ec0 1034static int special_address_create(const char *path, bool writable) {
e8da24a6 1035 _cleanup_close_ int fd = -1;
b0a3f2bc 1036 struct stat st;
e8da24a6 1037 int r;
b0a3f2bc
LP		 1038
1039 assert(path);
b0a3f2bc 1040
55301ec0 1041 fd = open(path, (writable ? O_RDWR : O_RDONLY)|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
e8da24a6
LP		 1042 if (fd < 0)
1043 return -errno;
b0a3f2bc 1044
e8da24a6
LP		 1045 if (fstat(fd, &st) < 0)
1046 return -errno;
b0a3f2bc
LP		 1047
1048 /* Check whether this is a /proc, /sys or /dev file or char device */
e8da24a6
LP		 1049 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode))
1050 return -EEXIST;
b0a3f2bc 1051
e8da24a6
LP		 1052 r = fd;
1053 fd = -1;
b0a3f2bc
LP		 1054
1055 return r;
1056}
1057
36078102 1058static int usbffs_address_create(const char *path) {
60252446
PS		 1059 _cleanup_close_ int fd = -1;
1060 struct stat st;
e8da24a6 1061 int r;
60252446
PS		 1062
1063 assert(path);
60252446
PS		 1064
1065 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1066 if (fd < 0)
1067 return -errno;
1068
1069 if (fstat(fd, &st) < 0)
1070 return -errno;
1071
1072 /* Check whether this is a regular file (ffs endpoint)*/
1073 if (!S_ISREG(st.st_mode))
1074 return -EEXIST;
1075
e8da24a6 1076 r = fd;
60252446
PS		 1077 fd = -1;
1078
e8da24a6 1079 return r;
60252446
PS		 1080}
1081
916abb21
LP		 1082static int mq_address_create(
1083 const char *path,
1084 mode_t mq_mode,
1085 long maxmsg,
e8da24a6 1086 long msgsize) {
916abb21 1087
e8da24a6 1088 _cleanup_close_ int fd = -1;
916abb21
LP		 1089 struct stat st;
1090 mode_t old_mask;
1091 struct mq_attr _attr, *attr = NULL;
e8da24a6 1092 int r;
916abb21
LP		 1093
1094 assert(path);
916abb21
LP		 1095
1096 if (maxmsg > 0 && msgsize > 0) {
e8da24a6
LP		 1097 _attr = (struct mq_attr) {
1098 .mq_flags = O_NONBLOCK,
1099 .mq_maxmsg = maxmsg,
1100 .mq_msgsize = msgsize,
1101 };
916abb21
LP		 1102 attr = &_attr;
1103 }
1104
1105 /* Enforce the right access mode for the mq */
1106 old_mask = umask(~ mq_mode);
1107
1108 /* Include the original umask in our mask */
e8da24a6 1109 (void) umask(~mq_mode | old_mask);
916abb21 1110 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
e8da24a6 1111 (void) umask(old_mask);
916abb21 1112
e8da24a6
LP		 1113 if (fd < 0)
1114 return -errno;
916abb21 1115
e8da24a6
LP		 1116 if (fstat(fd, &st) < 0)
1117 return -errno;
916abb21
LP		 1118
1119 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1120 st.st_uid != getuid() ||
e8da24a6
LP		 1121 st.st_gid != getgid())
1122 return -EEXIST;
916abb21 1123
e8da24a6
LP		 1124 r = fd;
1125 fd = -1;
916abb21 1126
916abb21
LP		 1127 return r;
1128}
1129
811ba7a0
LP		 1130static int socket_symlink(Socket *s) {
1131 const char *p;
1132 char **i;
1133
1134 assert(s);
1135
1136 p = socket_find_symlink_target(s);
1137 if (!p)
1138 return 0;
1139
1140 STRV_FOREACH(i, s->symlinks)
43b133b4 1141 symlink_label(p, *i);
811ba7a0
LP		 1142
1143 return 0;
1144}
1145
36078102 1146static int usbffs_write_descs(int fd, Service *s) {
6b7e5923
PS		 1147 int r;
1148
1149 if (!s->usb_function_descriptors || !s->usb_function_strings)
1150 return -EINVAL;
1151
1152 r = copy_file_fd(s->usb_function_descriptors, fd, false);
1153 if (r < 0)
e8da24a6 1154 return r;
6b7e5923 1155
e8da24a6 1156 return copy_file_fd(s->usb_function_strings, fd, false);
6b7e5923
PS		 1157}
1158
36078102 1159static int usbffs_select_ep(const struct dirent *d) {
60252446
PS		 1160 return d->d_name[0] != '.' && !streq(d->d_name, "ep0");
1161}
1162
36078102 1163static int usbffs_dispatch_eps(SocketPort *p) {
60252446 1164 _cleanup_free_ struct dirent **ent = NULL;
60252446 1165 _cleanup_free_ char *path = NULL;
36078102 1166 int r, i, n, k;
60252446
PS		 1167
1168 r = path_get_parent(p->path, &path);
1169 if (r < 0)
1170 return r;
1171
36078102 1172 r = scandir(path, &ent, usbffs_select_ep, alphasort);
60252446
PS		 1173 if (r < 0)
1174 return -errno;
1175
1176 n = r;
1177 p->auxiliary_fds = new(int, n);
1178 if (!p->auxiliary_fds)
1179 return -ENOMEM;
1180
1181 p->n_auxiliary_fds = n;
1182
1183 k = 0;
1184 for (i = 0; i < n; ++i) {
1185 _cleanup_free_ char *ep = NULL;
1186
1187 ep = path_make_absolute(ent[i]->d_name, path);
1188 if (!ep)
1189 return -ENOMEM;
1190
1191 path_kill_slashes(ep);
1192
36078102 1193 r = usbffs_address_create(ep);
60252446
PS		 1194 if (r < 0)
1195 goto fail;
1196
e8da24a6
LP		 1197 p->auxiliary_fds[k] = r;
1198
60252446
PS		 1199 ++k;
1200 free(ent[i]);
1201 }
1202
1203 return r;
1204
1205fail:
e8da24a6 1206 close_many(p->auxiliary_fds, k);
60252446
PS		 1207 p->auxiliary_fds = mfree(p->auxiliary_fds);
1208 p->n_auxiliary_fds = 0;
1209
1210 return r;
1211}
1212
034c6ed7 1213static int socket_open_fds(Socket *s) {
710a6b50
LP		 1214 _cleanup_(mac_selinux_freep) char *label = NULL;
1215 bool know_label = false;
83c60c9f
LP		 1216 SocketPort *p;
1217 int r;
1218
1219 assert(s);
1220
034c6ed7 1221 LIST_FOREACH(port, p, s->ports) {
83c60c9f 1222
034c6ed7
LP		 1223 if (p->fd >= 0)
1224 continue;
83c60c9f 1225
00411a13
LP		 1226 switch (p->type) {
1227
1228 case SOCKET_SOCKET:
049f8642 1229
7f416dae
LP		 1230 if (!know_label) {
1231 /* Figure out label, if we don't it know
1232 * yet. We do it once, for the first
1233 * socket where we need this and
1234 * remember it for the rest. */
1235
1236 if (s->selinux_context_from_net) {
1237 /* Get it from the network label */
1238
1239 r = mac_selinux_get_our_label(&label);
75514a70 1240 if (r < 0 && r != -EOPNOTSUPP)
7f416dae 1241 goto rollback;
049f8642 1242
7f416dae
LP		 1243 } else {
1244 /* Get it from the executable we are about to start */
1245
1246 r = socket_instantiate_service(s);
1247 if (r < 0)
1248 goto rollback;
1249
1250 if (UNIT_ISSET(s->service) &&
1251 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1252 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
75514a70 1253 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
7f416dae
LP		 1254 goto rollback;
1255 }
189583d7 1256 }
049f8642
LP		 1257
1258 know_label = true;
1259 }
1260
175a3d25
LP		 1261 r = socket_address_listen(
1262 &p->address,
1263 SOCK_CLOEXEC|SOCK_NONBLOCK,
1264 s->backlog,
1265 s->bind_ipv6_only,
1266 s->bind_to_device,
54255c64 1267 s->reuse_port,
175a3d25
LP		 1268 s->free_bind,
1269 s->transparent,
1270 s->directory_mode,
1271 s->socket_mode,
1272 label);
1273 if (r < 0)
83c60c9f
LP		 1274 goto rollback;
1275
175a3d25 1276 p->fd = r;
4fd5948e 1277 socket_apply_socket_options(s, p->fd);
811ba7a0 1278 socket_symlink(s);
00411a13 1279 break;
4fd5948e 1280
00411a13 1281 case SOCKET_SPECIAL:
b0a3f2bc 1282
55301ec0 1283 p->fd = special_address_create(p->path, s->writable);
e8da24a6
LP		 1284 if (p->fd < 0) {
1285 r = p->fd;
b0a3f2bc 1286 goto rollback;
e8da24a6 1287 }
00411a13 1288 break;
b0a3f2bc 1289
00411a13 1290 case SOCKET_FIFO:
83c60c9f 1291
e8da24a6 1292 p->fd = fifo_address_create(
175a3d25
LP		 1293 p->path,
1294 s->directory_mode,
e8da24a6
LP		 1295 s->socket_mode);
1296 if (p->fd < 0) {
1297 r = p->fd;
83c60c9f 1298 goto rollback;
e8da24a6 1299 }
83c60c9f 1300
b15bdda8 1301 socket_apply_fifo_options(s, p->fd);
811ba7a0 1302 socket_symlink(s);
00411a13 1303 break;
811ba7a0 1304
00411a13 1305 case SOCKET_MQUEUE:
83c60c9f 1306
e8da24a6 1307 p->fd = mq_address_create(
175a3d25
LP		 1308 p->path,
1309 s->socket_mode,
1310 s->mq_maxmsg,
e8da24a6
LP		 1311 s->mq_msgsize);
1312 if (p->fd < 0) {
1313 r = p->fd;
916abb21 1314 goto rollback;
e8da24a6 1315 }
00411a13 1316 break;
e8da24a6 1317
00411a13 1318 case SOCKET_USB_FUNCTION:
60252446 1319
36078102 1320 p->fd = usbffs_address_create(p->path);
e8da24a6
LP		 1321 if (p->fd < 0) {
1322 r = p->fd;
60252446 1323 goto rollback;
e8da24a6 1324 }
60252446 1325
36078102 1326 r = usbffs_write_descs(p->fd, SERVICE(UNIT_DEREF(s->service)));
6b7e5923
PS		 1327 if (r < 0)
1328 goto rollback;
1329
36078102 1330 r = usbffs_dispatch_eps(p);
60252446
PS		 1331 if (r < 0)
1332 goto rollback;
00411a13
LP		 1333
1334 break;
1335
1336 default:
b15bdda8 1337 assert_not_reached("Unknown port type");
00411a13 1338 }
034c6ed7
LP		 1339 }
1340
1341 return 0;
1342
1343rollback:
1344 socket_close_fds(s);
1345 return r;
1346}
1347
1348static void socket_unwatch_fds(Socket *s) {
1349 SocketPort *p;
718db961 1350 int r;
9152c765 1351
034c6ed7
LP		 1352 assert(s);
1353
1354 LIST_FOREACH(port, p, s->ports) {
1355 if (p->fd < 0)
1356 continue;
1357
a4152e3f
LP		 1358 if (!p->event_source)
1359 continue;
1360
1361 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1362 if (r < 0)
f2341e0a 1363 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
83c60c9f 1364 }
034c6ed7
LP		 1365}
1366
1367static int socket_watch_fds(Socket *s) {
1368 SocketPort *p;
1369 int r;
1370
1371 assert(s);
83c60c9f 1372
034c6ed7
LP		 1373 LIST_FOREACH(port, p, s->ports) {
1374 if (p->fd < 0)
1375 continue;
1376
cbf60d0a 1377 if (p->event_source) {
718db961 1378 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
cbf60d0a
LP		 1379 if (r < 0)
1380 goto fail;
1381 } else {
151b9b96 1382 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
cbf60d0a
LP		 1383 if (r < 0)
1384 goto fail;
4f2d528d 1385
cbf60d0a 1386 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
718db961 1387 }
034c6ed7 1388 }
83c60c9f 1389
542563ba 1390 return 0;
83c60c9f 1391
034c6ed7 1392fail:
cbf60d0a 1393 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
034c6ed7
LP		 1394 socket_unwatch_fds(s);
1395 return r;
1396}
1397
1398static void socket_set_state(Socket *s, SocketState state) {
1399 SocketState old_state;
1400 assert(s);
1401
1402 old_state = s->state;
1403 s->state = state;
1404
bd1fe7c7
LP		 1405 if (!IN_SET(state,
1406 SOCKET_START_PRE,
3900e5fd 1407 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1408 SOCKET_START_POST,
1409 SOCKET_STOP_PRE,
1410 SOCKET_STOP_PRE_SIGTERM,
1411 SOCKET_STOP_PRE_SIGKILL,
1412 SOCKET_STOP_POST,
1413 SOCKET_FINAL_SIGTERM,
1414 SOCKET_FINAL_SIGKILL)) {
718db961
LP		 1415
1416 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
5e94833f 1417 socket_unwatch_control_pid(s);
034c6ed7 1418 s->control_command = NULL;
a16e1123 1419 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
e537352b 1420 }
034c6ed7 1421
a16e1123
LP		 1422 if (state != SOCKET_LISTENING)
1423 socket_unwatch_fds(s);
1424
bd1fe7c7 1425 if (!IN_SET(state,
3900e5fd 1426 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1427 SOCKET_START_POST,
1428 SOCKET_LISTENING,
1429 SOCKET_RUNNING,
1430 SOCKET_STOP_PRE,
1431 SOCKET_STOP_PRE_SIGTERM,
1432 SOCKET_STOP_PRE_SIGKILL))
034c6ed7
LP		 1433 socket_close_fds(s);
1434
e537352b 1435 if (state != old_state)
f2341e0a 1436 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
acbb0225 1437
e2f3b44c 1438 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
034c6ed7
LP		 1439}
1440
be847e82 1441static int socket_coldplug(Unit *u) {
a16e1123
LP		 1442 Socket *s = SOCKET(u);
1443 int r;
1444
1445 assert(s);
1446 assert(s->state == SOCKET_DEAD);
1447
e821075a
LP		 1448 if (s->deserialized_state == s->state)
1449 return 0;
a16e1123 1450
3900e5fd
LP		 1451 if (IN_SET(s->deserialized_state,
1452 SOCKET_START_PRE,
1453 SOCKET_START_CHOWN,
1454 SOCKET_START_POST,
1455 SOCKET_STOP_PRE,
1456 SOCKET_STOP_PRE_SIGTERM,
1457 SOCKET_STOP_PRE_SIGKILL,
1458 SOCKET_STOP_POST,
1459 SOCKET_FINAL_SIGTERM,
1460 SOCKET_FINAL_SIGKILL)) {
a16e1123 1461
e821075a
LP		 1462 if (s->control_pid <= 0)
1463 return -EBADMSG;
a16e1123 1464
e821075a
LP		 1465 r = unit_watch_pid(UNIT(s), s->control_pid);
1466 if (r < 0)
1467 return r;
a16e1123 1468
e821075a
LP		 1469 r = socket_arm_timer(s);
1470 if (r < 0)
1471 return r;
1472 }
a16e1123 1473
3900e5fd
LP		 1474 if (IN_SET(s->deserialized_state,
1475 SOCKET_START_CHOWN,
1476 SOCKET_START_POST,
1477 SOCKET_LISTENING,
1478 SOCKET_RUNNING,
1479 SOCKET_STOP_PRE,
1480 SOCKET_STOP_PRE_SIGTERM,
1481 SOCKET_STOP_PRE_SIGKILL)) {
e821075a
LP		 1482 r = socket_open_fds(s);
1483 if (r < 0)
1484 return r;
1485 }
a16e1123 1486
e821075a
LP		 1487 if (s->deserialized_state == SOCKET_LISTENING) {
1488 r = socket_watch_fds(s);
1489 if (r < 0)
1490 return r;
a16e1123
LP		 1491 }
1492
e821075a 1493 socket_set_state(s, s->deserialized_state);
a16e1123
LP		 1494 return 0;
1495}
1496
e537352b 1497static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
3900e5fd 1498 _cleanup_free_ char **argv = NULL;
034c6ed7
LP		 1499 pid_t pid;
1500 int r;
9fa95f85
DM		 1501 ExecParameters exec_params = {
1502 .apply_permissions = true,
1503 .apply_chroot = true,
1504 .apply_tty_stdin = true,
6f856a09 1505 .bus_endpoint_fd = -1,
9fa95f85 1506 };
034c6ed7
LP		 1507
1508 assert(s);
1509 assert(c);
1510 assert(_pid);
1511
5ad096b3
LP		 1512 (void) unit_realize_cgroup(UNIT(s));
1513 if (s->reset_cpu_usage) {
1514 (void) unit_reset_cpu_usage(UNIT(s));
1515 s->reset_cpu_usage = false;
1516 }
4ad49000 1517
613b411c
LP		 1518 r = unit_setup_exec_runtime(UNIT(s));
1519 if (r < 0)
1520 goto fail;
1521
718db961 1522 r = socket_arm_timer(s);
36697dc0 1523 if (r < 0)
e537352b 1524 goto fail;
034c6ed7 1525
19f6d710
LP		 1526 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1527 if (r < 0)
9e2f7c11 1528 goto fail;
9e2f7c11 1529
9fa95f85
DM		 1530 exec_params.argv = argv;
1531 exec_params.environment = UNIT(s)->manager->environment;
1532 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1533 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1534 exec_params.cgroup_path = UNIT(s)->cgroup_path;
a931ad47 1535 exec_params.cgroup_delegate = s->cgroup_context.delegate;
9fa95f85 1536 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
9fa95f85 1537
f2341e0a
LP		 1538 r = exec_spawn(UNIT(s),
1539 c,
9e2f7c11 1540 &s->exec_context,
9fa95f85 1541 &exec_params,
613b411c 1542 s->exec_runtime,
9e2f7c11 1543 &pid);
cee288ad
TA		 1544 if (r < 0)
1545 goto fail;
9e2f7c11 1546
3900e5fd 1547 r = unit_watch_pid(UNIT(s), pid);
9e2f7c11 1548 if (r < 0)
3900e5fd 1549 /* FIXME: we need to do something here */
034c6ed7
LP		 1550 goto fail;
1551
3900e5fd
LP		 1552 *_pid = pid;
1553 return 0;
1554
1555fail:
1556 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1557 return r;
1558}
1559
1560static int socket_chown(Socket *s, pid_t *_pid) {
1561 pid_t pid;
1562 int r;
1563
1564 r = socket_arm_timer(s);
1565 if (r < 0)
1566 goto fail;
1567
1568 /* We have to resolve the user names out-of-process, hence
1569 * let's fork here. It's messy, but well, what can we do? */
1570
1571 pid = fork();
1572 if (pid < 0)
1573 return -errno;
1574
1575 if (pid == 0) {
1576 SocketPort *p;
fed1e721
LP		 1577 uid_t uid = UID_INVALID;
1578 gid_t gid = GID_INVALID;
3900e5fd
LP		 1579 int ret;
1580
ce30c8dc
LP		 1581 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1582 (void) ignore_signals(SIGPIPE, -1);
3900e5fd
LP		 1583 log_forget_fds();
1584
1585 if (!isempty(s->user)) {
1586 const char *user = s->user;
1587
1588 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1589 if (r < 0) {
1590 ret = EXIT_USER;
1591 goto fail_child;
1592 }
1593 }
1594
1595 if (!isempty(s->group)) {
1596 const char *group = s->group;
1597
1598 r = get_group_creds(&group, &gid);
1599 if (r < 0) {
1600 ret = EXIT_GROUP;
1601 goto fail_child;
1602 }
1603 }
1604
1605 LIST_FOREACH(port, p, s->ports) {
e5a1c18d 1606 const char *path = NULL;
3900e5fd
LP		 1607
1608 if (p->type == SOCKET_SOCKET)
1609 path = socket_address_get_path(&p->address);
1610 else if (p->type == SOCKET_FIFO)
1611 path = p->path;
1612
1613 if (!path)
1614 continue;
1615
1616 if (chown(path, uid, gid) < 0) {
1617 r = -errno;
1618 ret = EXIT_CHOWN;
1619 goto fail_child;
1620 }
1621 }
1622
1623 _exit(0);
1624
1625 fail_child:
1626 log_open();
da927ba9 1627 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
3900e5fd
LP		 1628
1629 _exit(ret);
1630 }
1631
718db961
LP		 1632 r = unit_watch_pid(UNIT(s), pid);
1633 if (r < 0)
034c6ed7 1634 goto fail;
83c60c9f 1635
034c6ed7 1636 *_pid = pid;
034c6ed7
LP		 1637 return 0;
1638
1639fail:
718db961 1640 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
83c60c9f 1641 return r;
542563ba
LP		 1642}
1643
cfc4eb4c 1644static void socket_enter_dead(Socket *s, SocketResult f) {
034c6ed7
LP		 1645 assert(s);
1646
cfc4eb4c
LP		 1647 if (f != SOCKET_SUCCESS)
1648 s->result = f;
034c6ed7 1649
613b411c
LP		 1650 exec_runtime_destroy(s->exec_runtime);
1651 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1652
e66cf1a3
LP		 1653 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1654
cfc4eb4c 1655 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
034c6ed7
LP		 1656}
1657
cfc4eb4c 1658static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
80876c20 1659
cfc4eb4c 1660static void socket_enter_stop_post(Socket *s, SocketResult f) {
034c6ed7
LP		 1661 int r;
1662 assert(s);
1663
cfc4eb4c
LP		 1664 if (f != SOCKET_SUCCESS)
1665 s->result = f;
034c6ed7 1666
5e94833f 1667 socket_unwatch_control_pid(s);
a16e1123 1668 s->control_command_id = SOCKET_EXEC_STOP_POST;
3900e5fd 1669 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
a16e1123 1670
3900e5fd
LP		 1671 if (s->control_command) {
1672 r = socket_spawn(s, s->control_command, &s->control_pid);
1673 if (r < 0)
034c6ed7
LP		 1674 goto fail;
1675
80876c20
LP		 1676 socket_set_state(s, SOCKET_STOP_POST);
1677 } else
cfc4eb4c 1678 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
034c6ed7
LP		 1679
1680 return;
1681
1682fail:
f2341e0a 1683 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
cfc4eb4c 1684 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1685}
1686
cfc4eb4c 1687static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
034c6ed7
LP		 1688 int r;
1689
1690 assert(s);
1691
cfc4eb4c
LP		 1692 if (f != SOCKET_SUCCESS)
1693 s->result = f;
034c6ed7 1694
cd2086fe
LP		 1695 r = unit_kill_context(
1696 UNIT(s),
1697 &s->kill_context,
db2cb23b
UTL		 1698 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1699 KILL_KILL : KILL_TERMINATE,
cd2086fe
LP		 1700 -1,
1701 s->control_pid,
1702 false);
1703 if (r < 0)
1704 goto fail;
034c6ed7 1705
cd2086fe 1706 if (r > 0) {
718db961 1707 r = socket_arm_timer(s);
36697dc0 1708 if (r < 0)
80876c20 1709 goto fail;
d6ea93e3 1710
80876c20 1711 socket_set_state(s, state);
ac84d1fb
LP		 1712 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1713 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1714 else if (state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1715 socket_enter_stop_post(s, SOCKET_SUCCESS);
ac84d1fb
LP		 1716 else if (state == SOCKET_FINAL_SIGTERM)
1717 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
80876c20 1718 else
cfc4eb4c 1719 socket_enter_dead(s, SOCKET_SUCCESS);
034c6ed7
LP		 1720
1721 return;
1722
1723fail:
f2341e0a 1724 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
034c6ed7
LP		 1725
1726 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1727 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1728 else
cfc4eb4c 1729 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1730}
1731
cfc4eb4c 1732static void socket_enter_stop_pre(Socket *s, SocketResult f) {
034c6ed7
LP		 1733 int r;
1734 assert(s);
1735
cfc4eb4c
LP		 1736 if (f != SOCKET_SUCCESS)
1737 s->result = f;
034c6ed7 1738
5e94833f 1739 socket_unwatch_control_pid(s);
a16e1123 1740 s->control_command_id = SOCKET_EXEC_STOP_PRE;
3900e5fd 1741 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
a16e1123 1742
3900e5fd
LP		 1743 if (s->control_command) {
1744 r = socket_spawn(s, s->control_command, &s->control_pid);
1745 if (r < 0)
034c6ed7
LP		 1746 goto fail;
1747
80876c20
LP		 1748 socket_set_state(s, SOCKET_STOP_PRE);
1749 } else
cfc4eb4c 1750 socket_enter_stop_post(s, SOCKET_SUCCESS);
034c6ed7
LP		 1751
1752 return;
1753
1754fail:
f2341e0a 1755 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
cfc4eb4c 1756 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1757}
1758
e9af15c3
LP		 1759static void socket_enter_listening(Socket *s) {
1760 int r;
1761 assert(s);
1762
cfc4eb4c
LP		 1763 r = socket_watch_fds(s);
1764 if (r < 0) {
f2341e0a 1765 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
e9af15c3
LP		 1766 goto fail;
1767 }
1768
1769 socket_set_state(s, SOCKET_LISTENING);
1770 return;
1771
1772fail:
cfc4eb4c 1773 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
e9af15c3
LP		 1774}
1775
034c6ed7
LP		 1776static void socket_enter_start_post(Socket *s) {
1777 int r;
1778 assert(s);
1779
3900e5fd
LP		 1780 socket_unwatch_control_pid(s);
1781 s->control_command_id = SOCKET_EXEC_START_POST;
1782 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1783
1784 if (s->control_command) {
1785 r = socket_spawn(s, s->control_command, &s->control_pid);
1786 if (r < 0) {
f2341e0a 1787 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
3900e5fd
LP		 1788 goto fail;
1789 }
1790
1791 socket_set_state(s, SOCKET_START_POST);
1792 } else
1793 socket_enter_listening(s);
1794
1795 return;
1796
1797fail:
1798 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1799}
1800
1801static void socket_enter_start_chown(Socket *s) {
1802 int r;
1803
1804 assert(s);
1805
cfc4eb4c
LP		 1806 r = socket_open_fds(s);
1807 if (r < 0) {
f2341e0a 1808 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
034c6ed7
LP		 1809 goto fail;
1810 }
1811
3900e5fd 1812 if (!isempty(s->user) || !isempty(s->group)) {
5e94833f 1813
3900e5fd
LP		 1814 socket_unwatch_control_pid(s);
1815 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1816 s->control_command = NULL;
a16e1123 1817
3900e5fd 1818 r = socket_chown(s, &s->control_pid);
cfc4eb4c 1819 if (r < 0) {
f2341e0a 1820 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
034c6ed7
LP		 1821 goto fail;
1822 }
1823
3900e5fd 1824 socket_set_state(s, SOCKET_START_CHOWN);
80876c20 1825 } else
3900e5fd 1826 socket_enter_start_post(s);
034c6ed7
LP		 1827
1828 return;
1829
1830fail:
cfc4eb4c 1831 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1832}
1833
1834static void socket_enter_start_pre(Socket *s) {
1835 int r;
1836 assert(s);
1837
5e94833f 1838 socket_unwatch_control_pid(s);
a16e1123 1839 s->control_command_id = SOCKET_EXEC_START_PRE;
3900e5fd 1840 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
a16e1123 1841
3900e5fd 1842 if (s->control_command) {
e821075a 1843 r = socket_spawn(s, s->control_command, &s->control_pid);
3900e5fd 1844 if (r < 0) {
f2341e0a 1845 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
034c6ed7 1846 goto fail;
3900e5fd 1847 }
034c6ed7 1848
80876c20
LP		 1849 socket_set_state(s, SOCKET_START_PRE);
1850 } else
3900e5fd 1851 socket_enter_start_chown(s);
034c6ed7
LP		 1852
1853 return;
1854
1855fail:
cfc4eb4c 1856 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1857}
1858
4f2d528d 1859static void socket_enter_running(Socket *s, int cfd) {
718db961 1860 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
034c6ed7
LP		 1861 int r;
1862
1863 assert(s);
1864
ba3e67a7
LP		 1865 /* We don't take connections anymore if we are supposed to
1866 * shut down anyway */
31afa0a4 1867 if (unit_stop_pending(UNIT(s))) {
e821075a 1868
f2341e0a 1869 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
5d909e3e 1870
7c610628 1871 if (cfd >= 0)
03e334a1 1872 safe_close(cfd);
7c610628
LP		 1873 else {
1874 /* Flush all sockets by closing and reopening them */
1875 socket_close_fds(s);
1876
16ac4014
LP		 1877 r = socket_open_fds(s);
1878 if (r < 0) {
f2341e0a 1879 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
16ac4014
LP		 1880 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1881 return;
1882 }
1883
1a710b43
MS		 1884 r = socket_watch_fds(s);
1885 if (r < 0) {
f2341e0a 1886 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
cfc4eb4c 1887 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
7c610628
LP		 1888 }
1889 }
1890
ba3e67a7
LP		 1891 return;
1892 }
1893
4f2d528d 1894 if (cfd < 0) {
57020a3a 1895 Iterator i;
e821075a 1896 Unit *other;
f976f3f6 1897 bool pending = false;
f976f3f6
LP		 1898
1899 /* If there's already a start pending don't bother to
1900 * do anything */
e821075a
LP		 1901 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1902 if (unit_active_or_pending(other)) {
57020a3a
LP		 1903 pending = true;
1904 break;
1905 }
f976f3f6 1906
1a710b43 1907 if (!pending) {
640ace4a 1908 if (!UNIT_ISSET(s->service)) {
f2341e0a 1909 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
640ace4a
LP		 1910 r = -ENOENT;
1911 goto fail;
1912 }
1913
1a710b43
MS		 1914 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1915 if (r < 0)
f976f3f6 1916 goto fail;
1a710b43 1917 }
4f2d528d
LP		 1918
1919 socket_set_state(s, SOCKET_RUNNING);
1920 } else {
e55001eb 1921 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
b15bdda8 1922 Service *service;
4f2d528d 1923
6cf6bbc2 1924 if (s->n_connections >= s->max_connections) {
f2341e0a 1925 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
03e334a1 1926 safe_close(cfd);
6cf6bbc2
LP		 1927 return;
1928 }
1929
1a710b43
MS		 1930 r = socket_instantiate_service(s);
1931 if (r < 0)
b15bdda8
LP		 1932 goto fail;
1933
1a710b43
MS		 1934 r = instance_from_socket(cfd, s->n_accepted, &instance);
1935 if (r < 0) {
1936 if (r != -ENOTCONN)
1937 goto fail;
1938
1939 /* ENOTCONN is legitimate if TCP RST was received.
1940 * This connection is over, but the socket unit lives on. */
03e334a1 1941 safe_close(cfd);
1a710b43
MS		 1942 return;
1943 }
4f2d528d 1944
7410616c
LP		 1945 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1946 if (r < 0)
4f2d528d 1947 goto fail;
4f2d528d 1948
7410616c
LP		 1949 r = unit_name_build(prefix, instance, ".service", &name);
1950 if (r < 0)
b6dbbe1c 1951 goto fail;
4f2d528d 1952
1a710b43 1953 r = unit_add_name(UNIT_DEREF(s->service), name);
e55001eb 1954 if (r < 0)
4f2d528d 1955 goto fail;
b15bdda8 1956
57020a3a
LP		 1957 service = SERVICE(UNIT_DEREF(s->service));
1958 unit_ref_unset(&s->service);
b15bdda8 1959 s->n_accepted ++;
4f2d528d 1960
1124fe6f 1961 UNIT(service)->no_gc = false;
6c073082 1962
b15bdda8 1963 unit_choose_id(UNIT(service), name);
b15bdda8 1964
16115b0a 1965 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1a710b43 1966 if (r < 0)
4f2d528d
LP		 1967 goto fail;
1968
1969 cfd = -1;
6cf6bbc2
LP		 1970 s->n_connections ++;
1971
1a710b43
MS		 1972 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1973 if (r < 0)
4f2d528d 1974 goto fail;
c4e2ceae
LP		 1975
1976 /* Notify clients about changed counters */
1977 unit_add_to_dbus_queue(UNIT(s));
4f2d528d 1978 }
034c6ed7 1979
034c6ed7
LP		 1980 return;
1981
1982fail:
f2341e0a
LP		 1983 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1984 cfd >= 0 ? "template" : "non-template",
718db961 1985 bus_error_message(&error, r));
e821075a 1986
60089004 1987 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
03e334a1 1988 safe_close(cfd);
034c6ed7
LP		 1989}
1990
cfc4eb4c 1991static void socket_run_next(Socket *s) {
034c6ed7
LP		 1992 int r;
1993
1994 assert(s);
1995 assert(s->control_command);
1996 assert(s->control_command->command_next);
1997
5e94833f
LP		 1998 socket_unwatch_control_pid(s);
1999
034c6ed7
LP		 2000 s->control_command = s->control_command->command_next;
2001
e821075a
LP		 2002 r = socket_spawn(s, s->control_command, &s->control_pid);
2003 if (r < 0)
034c6ed7
LP		 2004 goto fail;
2005
2006 return;
2007
2008fail:
f2341e0a 2009 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
80876c20
LP		 2010
2011 if (s->state == SOCKET_START_POST)
cfc4eb4c 2012 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 2013 else if (s->state == SOCKET_STOP_POST)
cfc4eb4c 2014 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 2015 else
cfc4eb4c 2016 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 2017}
2018
87f0e418
LP		 2019static int socket_start(Unit *u) {
2020 Socket *s = SOCKET(u);
83c60c9f
LP		 2021
2022 assert(s);
2023
034c6ed7
LP		 2024 /* We cannot fulfill this request right now, try again later
2025 * please! */
3900e5fd
LP		 2026 if (IN_SET(s->state,
2027 SOCKET_STOP_PRE,
2028 SOCKET_STOP_PRE_SIGKILL,
2029 SOCKET_STOP_PRE_SIGTERM,
2030 SOCKET_STOP_POST,
2031 SOCKET_FINAL_SIGTERM,
2032 SOCKET_FINAL_SIGKILL))
034c6ed7
LP		 2033 return -EAGAIN;
2034
a4152e3f 2035 /* Already on it! */
3900e5fd
LP		 2036 if (IN_SET(s->state,
2037 SOCKET_START_PRE,
2038 SOCKET_START_CHOWN,
2039 SOCKET_START_POST))
034c6ed7 2040 return 0;
83c60c9f 2041
034c6ed7 2042 /* Cannot run this without the service being around */
9444b1f2 2043 if (UNIT_ISSET(s->service)) {
57020a3a
LP		 2044 Service *service;
2045
2046 service = SERVICE(UNIT_DEREF(s->service));
2047
1124fe6f 2048 if (UNIT(service)->load_state != UNIT_LOADED) {
f2341e0a 2049 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
4f2d528d 2050 return -ENOENT;
4ac9236f 2051 }
4f2d528d 2052
35b8ca3a 2053 /* If the service is already active we cannot start the
4f2d528d 2054 * socket */
57020a3a
LP		 2055 if (service->state != SERVICE_DEAD &&
2056 service->state != SERVICE_FAILED &&
2057 service->state != SERVICE_AUTO_RESTART) {
f2341e0a 2058 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
4f2d528d 2059 return -EBUSY;
4ac9236f 2060 }
4f2d528d 2061 }
e537352b 2062
fdf20a31 2063 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
83c60c9f 2064
cfc4eb4c 2065 s->result = SOCKET_SUCCESS;
5ad096b3
LP		 2066 s->reset_cpu_usage = true;
2067
034c6ed7 2068 socket_enter_start_pre(s);
e821075a 2069
82a2b6bb 2070 return 1;
034c6ed7 2071}
83c60c9f 2072
87f0e418
LP		 2073static int socket_stop(Unit *u) {
2074 Socket *s = SOCKET(u);
034c6ed7
LP		 2075
2076 assert(s);
2077
e537352b 2078 /* Already on it */
3900e5fd
LP		 2079 if (IN_SET(s->state,
2080 SOCKET_STOP_PRE,
2081 SOCKET_STOP_PRE_SIGTERM,
2082 SOCKET_STOP_PRE_SIGKILL,
2083 SOCKET_STOP_POST,
2084 SOCKET_FINAL_SIGTERM,
2085 SOCKET_FINAL_SIGKILL))
e537352b
LP		 2086 return 0;
2087
3f6c78dc
LP		 2088 /* If there's already something running we go directly into
2089 * kill mode. */
3900e5fd
LP		 2090 if (IN_SET(s->state,
2091 SOCKET_START_PRE,
2092 SOCKET_START_CHOWN,
2093 SOCKET_START_POST)) {
cfc4eb4c 2094 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
3f6c78dc
LP		 2095 return -EAGAIN;
2096 }
2097
034c6ed7 2098 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
83c60c9f 2099
cfc4eb4c 2100 socket_enter_stop_pre(s, SOCKET_SUCCESS);
82a2b6bb 2101 return 1;
542563ba
LP		 2102}
2103
a16e1123
LP		 2104static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2105 Socket *s = SOCKET(u);
2106 SocketPort *p;
2107 int r;
2108
2109 assert(u);
2110 assert(f);
2111 assert(fds);
2112
2113 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
cfc4eb4c 2114 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
a16e1123
LP		 2115 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2116
2117 if (s->control_pid > 0)
de0671ee 2118 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
a16e1123
LP		 2119
2120 if (s->control_command_id >= 0)
2121 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2122
2123 LIST_FOREACH(port, p, s->ports) {
2124 int copy;
2125
2126 if (p->fd < 0)
2127 continue;
2128
613b411c
LP		 2129 copy = fdset_put_dup(fds, p->fd);
2130 if (copy < 0)
a16e1123
LP		 2131 return copy;
2132
2133 if (p->type == SOCKET_SOCKET) {
613b411c 2134 _cleanup_free_ char *t = NULL;
a16e1123 2135
ee092817
LP		 2136 r = socket_address_print(&p->address, &t);
2137 if (r < 0)
a16e1123
LP		 2138 return r;
2139
7a22745a
LP		 2140 if (socket_address_family(&p->address) == AF_NETLINK)
2141 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2142 else
2143 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
613b411c 2144
b0a3f2bc
LP		 2145 } else if (p->type == SOCKET_SPECIAL)
2146 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
ee092817
LP		 2147 else if (p->type == SOCKET_MQUEUE)
2148 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
60252446
PS		 2149 else if (p->type == SOCKET_USB_FUNCTION)
2150 unit_serialize_item_format(u, f, "ffs", "%i %s", copy, p->path);
b0a3f2bc 2151 else {
a16e1123
LP		 2152 assert(p->type == SOCKET_FIFO);
2153 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2154 }
2155 }
2156
2157 return 0;
2158}
2159
2160static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2161 Socket *s = SOCKET(u);
a16e1123
LP		 2162
2163 assert(u);
2164 assert(key);
2165 assert(value);
a16e1123
LP		 2166
2167 if (streq(key, "state")) {
2168 SocketState state;
2169
ee092817
LP		 2170 state = socket_state_from_string(value);
2171 if (state < 0)
f2341e0a 2172 log_unit_debug(u, "Failed to parse state value: %s", value);
a16e1123
LP		 2173 else
2174 s->deserialized_state = state;
cfc4eb4c
LP		 2175 } else if (streq(key, "result")) {
2176 SocketResult f;
a16e1123 2177
cfc4eb4c
LP		 2178 f = socket_result_from_string(value);
2179 if (f < 0)
f2341e0a 2180 log_unit_debug(u, "Failed to parse result value: %s", value);
cfc4eb4c
LP		 2181 else if (f != SOCKET_SUCCESS)
2182 s->result = f;
a16e1123
LP		 2183
2184 } else if (streq(key, "n-accepted")) {
2185 unsigned k;
2186
e364ad06 2187 if (safe_atou(value, &k) < 0)
f2341e0a 2188 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
a16e1123
LP		 2189 else
2190 s->n_accepted += k;
2191 } else if (streq(key, "control-pid")) {
5925dd3c 2192 pid_t pid;
a16e1123 2193
e364ad06 2194 if (parse_pid(value, &pid) < 0)
f2341e0a 2195 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
a16e1123 2196 else
5925dd3c 2197 s->control_pid = pid;
a16e1123
LP		 2198 } else if (streq(key, "control-command")) {
2199 SocketExecCommand id;
2200
66870f90
ZJS		 2201 id = socket_exec_command_from_string(value);
2202 if (id < 0)
f2341e0a 2203 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
a16e1123
LP		 2204 else {
2205 s->control_command_id = id;
2206 s->control_command = s->exec_command[id];
2207 }
2208 } else if (streq(key, "fifo")) {
2209 int fd, skip = 0;
2210 SocketPort *p;
2211
2212 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2213 log_unit_debug(u, "Failed to parse fifo value: %s", value);
a16e1123
LP		 2214 else {
2215
2216 LIST_FOREACH(port, p, s->ports)
b0a3f2bc 2217 if (p->type == SOCKET_FIFO &&
c78e47a6 2218 path_equal_or_files_same(p->path, value+skip))
b0a3f2bc
LP		 2219 break;
2220
2221 if (p) {
03e334a1 2222 safe_close(p->fd);
b0a3f2bc
LP		 2223 p->fd = fdset_remove(fds, fd);
2224 }
2225 }
2226
2227 } else if (streq(key, "special")) {
2228 int fd, skip = 0;
2229 SocketPort *p;
2230
2231 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2232 log_unit_debug(u, "Failed to parse special value: %s", value);
b0a3f2bc
LP		 2233 else {
2234
2235 LIST_FOREACH(port, p, s->ports)
2236 if (p->type == SOCKET_SPECIAL &&
c78e47a6 2237 path_equal_or_files_same(p->path, value+skip))
a16e1123
LP		 2238 break;
2239
2240 if (p) {
03e334a1 2241 safe_close(p->fd);
a16e1123
LP		 2242 p->fd = fdset_remove(fds, fd);
2243 }
2244 }
2245
ee092817
LP		 2246 } else if (streq(key, "mqueue")) {
2247 int fd, skip = 0;
2248 SocketPort *p;
2249
2250 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2251 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
ee092817
LP		 2252 else {
2253
2254 LIST_FOREACH(port, p, s->ports)
2255 if (p->type == SOCKET_MQUEUE &&
c78e47a6 2256 streq(p->path, value+skip))
ee092817
LP		 2257 break;
2258
2259 if (p) {
03e334a1 2260 safe_close(p->fd);
ee092817
LP		 2261 p->fd = fdset_remove(fds, fd);
2262 }
2263 }
2264
a16e1123 2265 } else if (streq(key, "socket")) {
27ca8d7a 2266 int fd, type, skip = 0;
a16e1123
LP		 2267 SocketPort *p;
2268
27ca8d7a 2269 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
f2341e0a 2270 log_unit_debug(u, "Failed to parse socket value: %s", value);
a16e1123
LP		 2271 else {
2272
2273 LIST_FOREACH(port, p, s->ports)
27ca8d7a 2274 if (socket_address_is(&p->address, value+skip, type))
a16e1123
LP		 2275 break;
2276
2277 if (p) {
03e334a1 2278 safe_close(p->fd);
a16e1123
LP		 2279 p->fd = fdset_remove(fds, fd);
2280 }
2281 }
2282
7a22745a
LP		 2283 } else if (streq(key, "netlink")) {
2284 int fd, skip = 0;
2285 SocketPort *p;
2286
2287 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
f2341e0a 2288 log_unit_debug(u, "Failed to parse socket value: %s", value);
7a22745a
LP		 2289 else {
2290
2291 LIST_FOREACH(port, p, s->ports)
2292 if (socket_address_is_netlink(&p->address, value+skip))
2293 break;
2294
2295 if (p) {
03e334a1 2296 safe_close(p->fd);
7a22745a
LP		 2297 p->fd = fdset_remove(fds, fd);
2298 }
2299 }
60252446
PS		 2300
2301 } else if (streq(key, "ffs")) {
2302 int fd, skip = 0;
2303 SocketPort *p;
2304
2305 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2306 log_unit_debug(u, "Failed to parse ffs value: %s", value);
2307 else {
2308
2309 LIST_FOREACH(port, p, s->ports)
2310 if (p->type == SOCKET_USB_FUNCTION &&
2311 path_equal_or_files_same(p->path, value+skip))
2312 break;
2313
2314 if (p) {
2315 safe_close(p->fd);
2316 p->fd = fdset_remove(fds, fd);
2317 }
2318 }
2319
a16e1123 2320 } else
f2341e0a 2321 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
a16e1123
LP		 2322
2323 return 0;
2324}
2325
01e10de3
LP		 2326static int socket_distribute_fds(Unit *u, FDSet *fds) {
2327 Socket *s = SOCKET(u);
2328 SocketPort *p;
2329
2330 assert(u);
2331
2332 LIST_FOREACH(port, p, s->ports) {
2333 Iterator i;
2334 int fd;
2335
2336 if (p->type != SOCKET_SOCKET)
2337 continue;
2338
2339 if (p->fd >= 0)
2340 continue;
2341
2342 FDSET_FOREACH(fd, fds, i) {
2343 if (socket_address_matches_fd(&p->address, fd)) {
2344 p->fd = fdset_remove(fds, fd);
2345 s->deserialized_state = SOCKET_LISTENING;
2346 break;
2347 }
2348 }
2349 }
2350
2351 return 0;
2352}
2353
44a6b1b6 2354_pure_ static UnitActiveState socket_active_state(Unit *u) {
87f0e418 2355 assert(u);
5cb5a6ff 2356
acbb0225 2357 return state_translation_table[SOCKET(u)->state];
5cb5a6ff
LP		 2358}
2359
44a6b1b6 2360_pure_ static const char *socket_sub_state_to_string(Unit *u) {
10a94420
LP		 2361 assert(u);
2362
a16e1123 2363 return socket_state_to_string(SOCKET(u)->state);
10a94420
LP		 2364}
2365
67419600
OS		 2366const char* socket_port_type_to_string(SocketPort *p) {
2367
2368 assert(p);
2369
2370 switch (p->type) {
718db961
LP		 2371
2372 case SOCKET_SOCKET:
2373
2374 switch (p->address.type) {
2375
2376 case SOCK_STREAM:
2377 return "Stream";
2378
2379 case SOCK_DGRAM:
2380 return "Datagram";
2381
2382 case SOCK_SEQPACKET:
2383 return "SequentialPacket";
2384
2385 case SOCK_RAW:
2386 if (socket_address_family(&p->address) == AF_NETLINK)
2387 return "Netlink";
2388
2389 default:
2390 return NULL;
2391 }
2392
2393 case SOCKET_SPECIAL:
2394 return "Special";
2395
2396 case SOCKET_MQUEUE:
2397 return "MessageQueue";
2398
2399 case SOCKET_FIFO:
2400 return "FIFO";
2401
60252446
PS		 2402 case SOCKET_USB_FUNCTION:
2403 return "USBFunction";
2404
718db961
LP		 2405 default:
2406 return NULL;
67419600
OS		 2407 }
2408}
2409
44a6b1b6 2410_pure_ static bool socket_check_gc(Unit *u) {
6cf6bbc2
LP		 2411 Socket *s = SOCKET(u);
2412
2413 assert(u);
2414
2415 return s->n_connections > 0;
2416}
2417
718db961
LP		 2418static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2419 SocketPort *p = userdata;
4f2d528d 2420 int cfd = -1;
9152c765 2421
718db961 2422 assert(p);
8d567588 2423 assert(fd >= 0);
9152c765 2424
718db961
LP		 2425 if (p->socket->state != SOCKET_LISTENING)
2426 return 0;
871d7de4 2427
f2341e0a 2428 log_unit_debug(UNIT(p->socket), "Incoming traffic");
9152c765 2429
718db961 2430 if (revents != EPOLLIN) {
641e01dc 2431
718db961 2432 if (revents & EPOLLHUP)
f2341e0a 2433 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
641e01dc 2434 else
f2341e0a 2435 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
8d567588 2436 goto fail;
4f2d528d
LP		 2437 }
2438
718db961
LP		 2439 if (p->socket->accept &&
2440 p->type == SOCKET_SOCKET &&
2441 socket_address_can_accept(&p->address)) {
2442
4f2d528d
LP		 2443 for (;;) {
2444
b14eda96
LP		 2445 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2446 if (cfd < 0) {
4f2d528d
LP		 2447
2448 if (errno == EINTR)
2449 continue;
2450
f2341e0a 2451 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
8d567588 2452 goto fail;
4f2d528d
LP		 2453 }
2454
2455 break;
2456 }
4fd5948e 2457
718db961 2458 socket_apply_socket_options(p->socket, cfd);
4f2d528d 2459 }
9152c765 2460
718db961
LP		 2461 socket_enter_running(p->socket, cfd);
2462 return 0;
8d567588
LP		 2463
2464fail:
718db961
LP		 2465 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2466 return 0;
9152c765
LP		 2467}
2468
87f0e418
LP		 2469static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2470 Socket *s = SOCKET(u);
cfc4eb4c 2471 SocketResult f;
5cb5a6ff
LP		 2472
2473 assert(s);
034c6ed7 2474 assert(pid >= 0);
5cb5a6ff 2475
8c47c732
LP		 2476 if (pid != s->control_pid)
2477 return;
542563ba 2478
034c6ed7
LP		 2479 s->control_pid = 0;
2480
96342de6 2481 if (is_clean_exit(code, status, NULL))
cfc4eb4c
LP		 2482 f = SOCKET_SUCCESS;
2483 else if (code == CLD_EXITED)
2484 f = SOCKET_FAILURE_EXIT_CODE;
2485 else if (code == CLD_KILLED)
2486 f = SOCKET_FAILURE_SIGNAL;
2487 else if (code == CLD_DUMPED)
2488 f = SOCKET_FAILURE_CORE_DUMP;
2489 else
a4152e3f 2490 assert_not_reached("Unknown sigchld code");
8c47c732 2491
b708e7ce 2492 if (s->control_command) {
6ea832a2 2493 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
a16e1123 2494
b708e7ce 2495 if (s->control_command->ignore)
cfc4eb4c 2496 f = SOCKET_SUCCESS;
b708e7ce
LP		 2497 }
2498
f2341e0a
LP		 2499 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2500 "Control process exited, code=%s status=%i",
2501 sigchld_code_to_string(code), status);
034c6ed7 2502
cfc4eb4c
LP		 2503 if (f != SOCKET_SUCCESS)
2504 s->result = f;
2505
2506 if (s->control_command &&
2507 s->control_command->command_next &&
2508 f == SOCKET_SUCCESS) {
2509
f2341e0a 2510 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
cfc4eb4c 2511 socket_run_next(s);
acbb0225 2512 } else {
a16e1123
LP		 2513 s->control_command = NULL;
2514 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2515
034c6ed7
LP		 2516 /* No further commands for this step, so let's figure
2517 * out what to do next */
5cb5a6ff 2518
f2341e0a 2519 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
acbb0225 2520
034c6ed7
LP		 2521 switch (s->state) {
2522
2523 case SOCKET_START_PRE:
cfc4eb4c 2524 if (f == SOCKET_SUCCESS)
3900e5fd 2525 socket_enter_start_chown(s);
034c6ed7 2526 else
cfc4eb4c 2527 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
034c6ed7
LP		 2528 break;
2529
3900e5fd
LP		 2530 case SOCKET_START_CHOWN:
2531 if (f == SOCKET_SUCCESS)
2532 socket_enter_start_post(s);
2533 else
2534 socket_enter_stop_pre(s, f);
2535 break;
2536
034c6ed7 2537 case SOCKET_START_POST:
cfc4eb4c 2538 if (f == SOCKET_SUCCESS)
e9af15c3 2539 socket_enter_listening(s);
034c6ed7 2540 else
cfc4eb4c 2541 socket_enter_stop_pre(s, f);
034c6ed7
LP		 2542 break;
2543
2544 case SOCKET_STOP_PRE:
2545 case SOCKET_STOP_PRE_SIGTERM:
2546 case SOCKET_STOP_PRE_SIGKILL:
cfc4eb4c 2547 socket_enter_stop_post(s, f);
034c6ed7
LP		 2548 break;
2549
2550 case SOCKET_STOP_POST:
80876c20
LP		 2551 case SOCKET_FINAL_SIGTERM:
2552 case SOCKET_FINAL_SIGKILL:
cfc4eb4c 2553 socket_enter_dead(s, f);
034c6ed7
LP		 2554 break;
2555
2556 default:
2557 assert_not_reached("Uh, control process died at wrong time.");
2558 }
2559 }
c4e2ceae
LP		 2560
2561 /* Notify clients about changed exit status */
2562 unit_add_to_dbus_queue(u);
034c6ed7 2563}
5cb5a6ff 2564
718db961
LP		 2565static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2566 Socket *s = SOCKET(userdata);
5cb5a6ff 2567
034c6ed7 2568 assert(s);
718db961 2569 assert(s->timer_event_source == source);
034c6ed7
LP		 2570
2571 switch (s->state) {
2572
2573 case SOCKET_START_PRE:
f2341e0a 2574 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
cfc4eb4c 2575 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
da19d5c1 2576 break;
80876c20 2577
3900e5fd 2578 case SOCKET_START_CHOWN:
034c6ed7 2579 case SOCKET_START_POST:
f2341e0a 2580 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
cfc4eb4c 2581 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2582 break;
2583
2584 case SOCKET_STOP_PRE:
f2341e0a 2585 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
cfc4eb4c 2586 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2587 break;
2588
2589 case SOCKET_STOP_PRE_SIGTERM:
4819ff03 2590 if (s->kill_context.send_sigkill) {
f2341e0a 2591 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
cfc4eb4c 2592 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2593 } else {
f2341e0a 2594 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
cfc4eb4c 2595 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2596 }
034c6ed7
LP		 2597 break;
2598
2599 case SOCKET_STOP_PRE_SIGKILL:
f2341e0a 2600 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
cfc4eb4c 2601 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2602 break;
2603
2604 case SOCKET_STOP_POST:
f2341e0a 2605 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
cfc4eb4c 2606 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2607 break;
2608
80876c20 2609 case SOCKET_FINAL_SIGTERM:
4819ff03 2610 if (s->kill_context.send_sigkill) {
f2341e0a 2611 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
cfc4eb4c 2612 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2613 } else {
f2341e0a 2614 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
cfc4eb4c 2615 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2616 }
034c6ed7
LP		 2617 break;
2618
80876c20 2619 case SOCKET_FINAL_SIGKILL:
f2341e0a 2620 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
cfc4eb4c 2621 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2622 break;
2623
2624 default:
2625 assert_not_reached("Timeout at wrong time.");
2626 }
718db961
LP		 2627
2628 return 0;
5cb5a6ff
LP		 2629}
2630
44d8db9e
LP		 2631int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2632 int *rfds;
2633 unsigned rn_fds, k;
15087cdb 2634 int i;
44d8db9e
LP		 2635 SocketPort *p;
2636
2637 assert(s);
2638 assert(fds);
2639 assert(n_fds);
2640
2641 /* Called from the service code for requesting our fds */
2642
2643 rn_fds = 0;
15087cdb 2644 LIST_FOREACH(port, p, s->ports) {
44d8db9e
LP		 2645 if (p->fd >= 0)
2646 rn_fds++;
15087cdb
PS		 2647 rn_fds += p->n_auxiliary_fds;
2648 }
44d8db9e 2649
de3756ab
LP		 2650 if (rn_fds <= 0) {
2651 *fds = NULL;
2652 *n_fds = 0;
2653 return 0;
2654 }
2655
e5403f09
LP		 2656 rfds = new(int, rn_fds);
2657 if (!rfds)
44d8db9e
LP		 2658 return -ENOMEM;
2659
2660 k = 0;
15087cdb 2661 LIST_FOREACH(port, p, s->ports) {
44d8db9e
LP		 2662 if (p->fd >= 0)
2663 rfds[k++] = p->fd;
15087cdb
PS		 2664 for (i = 0; i < p->n_auxiliary_fds; ++i)
2665 rfds[k++] = p->auxiliary_fds[i];
2666 }
44d8db9e
LP		 2667
2668 assert(k == rn_fds);
2669
2670 *fds = rfds;
2671 *n_fds = rn_fds;
2672
2673 return 0;
2674}
2675
e821075a
LP		 2676static void socket_reset_failed(Unit *u) {
2677 Socket *s = SOCKET(u);
2678
2679 assert(s);
2680
2681 if (s->state == SOCKET_FAILED)
2682 socket_set_state(s, SOCKET_DEAD);
2683
2684 s->result = SOCKET_SUCCESS;
2685}
2686
d137a488 2687static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
ceee3d82
LP		 2688 assert(s);
2689
6cf6bbc2
LP		 2690 /* The service is dead. Dang!
2691 *
2692 * This is strictly for one-instance-for-all-connections
2693 * services. */
ceee3d82
LP		 2694
2695 if (s->state == SOCKET_RUNNING) {
f2341e0a 2696 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
6bda96a0
LP		 2697 if (failed_permanent)
2698 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
c2f34808
MS		 2699 else
2700 socket_enter_listening(s);
ceee3d82
LP		 2701 }
2702}
2703
6cf6bbc2
LP		 2704void socket_connection_unref(Socket *s) {
2705 assert(s);
2706
2707 /* The service is dead. Yay!
2708 *
35b8ca3a 2709 * This is strictly for one-instance-per-connection
6cf6bbc2
LP		 2710 * services. */
2711
2712 assert(s->n_connections > 0);
2713 s->n_connections--;
2714
f2341e0a 2715 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
5632e374
LP		 2716}
2717
d137a488
UTL		 2718static void socket_trigger_notify(Unit *u, Unit *other) {
2719 Socket *s = SOCKET(u);
e821075a 2720 Service *se;
d137a488
UTL		 2721
2722 assert(u);
2723 assert(other);
2724
2725 /* Don't propagate state changes from the service if we are
2726 already down or accepting connections */
920b52e4 2727 if ((s->state != SOCKET_RUNNING &&
d137a488
UTL		 2728 s->state != SOCKET_LISTENING) ||
2729 s->accept)
2730 return;
2731
2732 if (other->load_state != UNIT_LOADED ||
2733 other->type != UNIT_SERVICE)
2734 return;
2735
e821075a
LP		 2736 se = SERVICE(other);
2737
d137a488
UTL		 2738 if (se->state == SERVICE_FAILED)
2739 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2740
2741 if (se->state == SERVICE_DEAD ||
d137a488
UTL		 2742 se->state == SERVICE_FINAL_SIGTERM ||
2743 se->state == SERVICE_FINAL_SIGKILL ||
2744 se->state == SERVICE_AUTO_RESTART)
2745 socket_notify_service_dead(s, false);
2746
2747 if (se->state == SERVICE_RUNNING)
2748 socket_set_state(s, SOCKET_RUNNING);
2749}
2750
718db961 2751static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
814cc562 2752 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
8a0867d6
LP		 2753}
2754
68db7a3b
ZJS		 2755static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2756 Socket *s = SOCKET(u);
2757 int r;
2758
2759 if (!s->timer_event_source)
2760 return 0;
2761
2762 r = sd_event_source_get_time(s->timer_event_source, timeout);
2763 if (r < 0)
2764 return r;
2765
2766 return 1;
2767}
2768
a16e1123
LP		 2769static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2770 [SOCKET_EXEC_START_PRE] = "StartPre",
3900e5fd 2771 [SOCKET_EXEC_START_CHOWN] = "StartChown",
a16e1123
LP		 2772 [SOCKET_EXEC_START_POST] = "StartPost",
2773 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2774 [SOCKET_EXEC_STOP_POST] = "StopPost"
2775};
2776
2777DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2778
cfc4eb4c
LP		 2779static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2780 [SOCKET_SUCCESS] = "success",
2781 [SOCKET_FAILURE_RESOURCES] = "resources",
2782 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2783 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2784 [SOCKET_FAILURE_SIGNAL] = "signal",
c2f34808 2785 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
6bda96a0 2786 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
cfc4eb4c
LP		 2787};
2788
2789DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2790
87f0e418 2791const UnitVTable socket_vtable = {
7d17cfbc 2792 .object_size = sizeof(Socket),
718db961
LP		 2793 .exec_context_offset = offsetof(Socket, exec_context),
2794 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2795 .kill_context_offset = offsetof(Socket, kill_context),
613b411c 2796 .exec_runtime_offset = offsetof(Socket, exec_runtime),
3ef63c31 2797
f975e971
LP		 2798 .sections =
2799 "Unit\0"
2800 "Socket\0"
2801 "Install\0",
4ad49000 2802 .private_section = "Socket",
71645aca 2803
034c6ed7
LP		 2804 .init = socket_init,
2805 .done = socket_done,
a16e1123
LP		 2806 .load = socket_load,
2807
2808 .coldplug = socket_coldplug,
034c6ed7 2809
5cb5a6ff
LP		 2810 .dump = socket_dump,
2811
542563ba
LP		 2812 .start = socket_start,
2813 .stop = socket_stop,
5cb5a6ff 2814
718db961
LP		 2815 .kill = socket_kill,
2816
68db7a3b
ZJS		 2817 .get_timeout = socket_get_timeout,
2818
a16e1123
LP		 2819 .serialize = socket_serialize,
2820 .deserialize_item = socket_deserialize_item,
01e10de3 2821 .distribute_fds = socket_distribute_fds,
a16e1123 2822
5cb5a6ff 2823 .active_state = socket_active_state,
10a94420 2824 .sub_state_to_string = socket_sub_state_to_string,
5cb5a6ff 2825
6cf6bbc2
LP		 2826 .check_gc = socket_check_gc,
2827
034c6ed7 2828 .sigchld_event = socket_sigchld_event,
4139c1b2 2829
d137a488
UTL		 2830 .trigger_notify = socket_trigger_notify,
2831
fdf20a31 2832 .reset_failed = socket_reset_failed,
5632e374 2833
718db961 2834 .bus_vtable = bus_socket_vtable,
74c964d3
LP		 2835 .bus_set_property = bus_socket_set_property,
2836 .bus_commit_properties = bus_socket_commit_properties,
c6918296
MS		 2837
2838 .status_message_formats = {
2839 /*.starting_stopping = {
2840 [0] = "Starting socket %s...",
2841 [1] = "Stopping socket %s...",
2842 },*/
2843 .finished_start_job = {
2844 [JOB_DONE] = "Listening on %s.",
2845 [JOB_FAILED] = "Failed to listen on %s.",
c6918296
MS		 2846 [JOB_TIMEOUT] = "Timed out starting %s.",
2847 },
2848 .finished_stop_job = {
2849 [JOB_DONE] = "Closed %s.",
2850 [JOB_FAILED] = "Failed stopping %s.",
2851 [JOB_TIMEOUT] = "Timed out stopping %s.",
2852 },
2853 },
5cb5a6ff 2854};
Unnamed repository; edit this file 'description' to name the repository.