]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/socket.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
label: move is_dir() to util.c
[thirdparty/systemd.git] / src / core / socket.c
CommitLineData
d6c9574f 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
5cb5a6ff 2
a7334b09
LP		 3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
a7334b09 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
83c60c9f
LP		 22#include <sys/types.h>
23#include <sys/stat.h>
24#include <unistd.h>
25#include <errno.h>
26#include <fcntl.h>
f94ea366 27#include <sys/epoll.h>
034c6ed7 28#include <signal.h>
4f2d528d 29#include <arpa/inet.h>
718db961 30#include <netinet/tcp.h>
916abb21 31#include <mqueue.h>
d2edfae0 32#include <sys/xattr.h>
83c60c9f 33
718db961 34#include "sd-event.h"
83c60c9f 35#include "log.h"
23a177ef
LP		 36#include "load-dropin.h"
37#include "load-fragment.h"
9e2f7c11 38#include "strv.h"
49e942b2 39#include "mkdir.h"
9eb977db 40#include "path-util.h"
4f2d528d 41#include "unit-name.h"
41f9172f 42#include "unit-printf.h"
4fd5948e 43#include "missing.h"
a40eb732 44#include "special.h"
e51bc1a2 45#include "label.h"
9a57c629 46#include "exit-status.h"
f6a6225e 47#include "def.h"
5a045dad 48#include "smack-util.h"
718db961
LP		 49#include "bus-util.h"
50#include "bus-error.h"
e821075a
LP		 51#include "dbus-socket.h"
52#include "unit.h"
53#include "socket.h"
83c60c9f 54
acbb0225 55static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
87f0e418
LP		 56 [SOCKET_DEAD] = UNIT_INACTIVE,
57 [SOCKET_START_PRE] = UNIT_ACTIVATING,
3900e5fd 58 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
87f0e418
LP		 59 [SOCKET_START_POST] = UNIT_ACTIVATING,
60 [SOCKET_LISTENING] = UNIT_ACTIVE,
61 [SOCKET_RUNNING] = UNIT_ACTIVE,
62 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
80876c20
LP		 66 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
67 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
fdf20a31 68 [SOCKET_FAILED] = UNIT_FAILED
83c60c9f 69};
5cb5a6ff 70
718db961
LP		 71static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
72static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
73
a16e1123
LP		 74static void socket_init(Unit *u) {
75 Socket *s = SOCKET(u);
76
77 assert(u);
ac155bb8 78 assert(u->load_state == UNIT_STUB);
a16e1123 79
a16e1123 80 s->backlog = SOMAXCONN;
1f19a534 81 s->timeout_usec = u->manager->default_timeout_start_usec;
a16e1123 82 s->directory_mode = 0755;
9131f660 83 s->socket_mode = 0666;
a16e1123 84
6cf6bbc2
LP		 85 s->max_connections = 64;
86
4fd5948e 87 s->priority = -1;
4fd5948e
LP		 88 s->ip_tos = -1;
89 s->ip_ttl = -1;
4fd5948e 90 s->mark = -1;
4fd5948e 91
ac155bb8
MS		 92 s->exec_context.std_output = u->manager->default_std_output;
93 s->exec_context.std_error = u->manager->default_std_error;
085afe36 94
a16e1123
LP		 95 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
96}
acbb0225 97
5e94833f
LP		 98static void socket_unwatch_control_pid(Socket *s) {
99 assert(s);
100
101 if (s->control_pid <= 0)
102 return;
103
104 unit_unwatch_pid(UNIT(s), s->control_pid);
105 s->control_pid = 0;
106}
107
74051b9b 108void socket_free_ports(Socket *s) {
034c6ed7
LP		 109 SocketPort *p;
110
111 assert(s);
112
113 while ((p = s->ports)) {
71fda00f 114 LIST_REMOVE(port, s->ports, p);
034c6ed7 115
718db961
LP		 116 sd_event_source_unref(p->event_source);
117
03e334a1 118 safe_close(p->fd);
034c6ed7
LP		 119 free(p->path);
120 free(p);
121 }
74051b9b
LP		 122}
123
124static void socket_done(Unit *u) {
125 Socket *s = SOCKET(u);
126
127 assert(s);
128
129 socket_free_ports(s);
034c6ed7 130
613b411c 131 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
e537352b 132 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
034c6ed7
LP		 133 s->control_command = NULL;
134
5e94833f 135 socket_unwatch_control_pid(s);
034c6ed7 136
57020a3a 137 unit_ref_unset(&s->service);
034c6ed7 138
cebf8b20
TT		 139 free(s->tcp_congestion);
140 s->tcp_congestion = NULL;
141
acbb0225 142 free(s->bind_to_device);
e537352b 143 s->bind_to_device = NULL;
acbb0225 144
0eb59ccf
AK		 145 free(s->smack);
146 free(s->smack_ip_in);
147 free(s->smack_ip_out);
148
811ba7a0
LP		 149 strv_free(s->symlinks);
150
3900e5fd
LP		 151 free(s->user);
152 free(s->group);
153
718db961
LP		 154 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
155}
156
157static int socket_arm_timer(Socket *s) {
158 int r;
159
160 assert(s);
161
162 if (s->timeout_usec <= 0) {
163 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
164 return 0;
165 }
166
167 if (s->timer_event_source) {
168 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
169 if (r < 0)
170 return r;
171
172 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
173 }
174
6a0f1f6d
LP		 175 return sd_event_add_time(
176 UNIT(s)->manager->event,
177 &s->timer_event_source,
178 CLOCK_MONOTONIC,
179 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
180 socket_dispatch_timer, s);
5cb5a6ff
LP		 181}
182
8b835fcc
ZJS		 183int socket_instantiate_service(Socket *s) {
184 _cleanup_free_ char *prefix = NULL, *name = NULL;
b15bdda8
LP		 185 int r;
186 Unit *u;
187
188 assert(s);
189
190 /* This fills in s->service if it isn't filled in yet. For
191 * Accept=yes sockets we create the next connection service
192 * here. For Accept=no this is mostly a NOP since the service
193 * is figured out at load time anyway. */
194
8b835fcc 195 if (UNIT_DEREF(s->service) || !s->accept)
b15bdda8
LP		 196 return 0;
197
315db1a8
ZJS		 198 prefix = unit_name_to_prefix(UNIT(s)->id);
199 if (!prefix)
b15bdda8
LP		 200 return -ENOMEM;
201
315db1a8 202 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
b15bdda8
LP		 203 return -ENOMEM;
204
1124fe6f 205 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
b15bdda8
LP		 206 if (r < 0)
207 return r;
208
ac155bb8 209 u->no_gc = true;
57020a3a
LP		 210 unit_ref_set(&s->service, u);
211
212 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
b15bdda8
LP		 213}
214
4f2d528d
LP		 215static bool have_non_accept_socket(Socket *s) {
216 SocketPort *p;
217
218 assert(s);
219
220 if (!s->accept)
221 return true;
222
dd5ad9d4
LP		 223 LIST_FOREACH(port, p, s->ports) {
224
225 if (p->type != SOCKET_SOCKET)
226 return true;
227
4f2d528d
LP		 228 if (!socket_address_can_accept(&p->address))
229 return true;
dd5ad9d4 230 }
4f2d528d
LP		 231
232 return false;
233}
234
a57f7e2c 235static int socket_add_mount_links(Socket *s) {
6e2ef85b 236 SocketPort *p;
6e2ef85b
LP		 237 int r;
238
239 assert(s);
6e2ef85b 240
a57f7e2c
LP		 241 LIST_FOREACH(port, p, s->ports) {
242 const char *path = NULL;
6e2ef85b 243
a57f7e2c
LP		 244 if (p->type == SOCKET_SOCKET)
245 path = socket_address_get_path(&p->address);
246 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
247 path = p->path;
6e2ef85b 248
a57f7e2c
LP		 249 if (!path)
250 continue;
6e2ef85b 251
a57f7e2c 252 r = unit_require_mounts_for(UNIT(s), path);
b87705cd 253 if (r < 0)
6e2ef85b 254 return r;
b87705cd 255 }
6e2ef85b
LP		 256
257 return 0;
258}
259
260static int socket_add_device_link(Socket *s) {
261 char *t;
6e2ef85b
LP		 262
263 assert(s);
264
7d0c710d 265 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
6e2ef85b
LP		 266 return 0;
267
e821075a
LP		 268 t = strappenda("/sys/subsystem/net/devices/", s->bind_to_device);
269 return unit_add_node_link(UNIT(s), t, false);
6e2ef85b
LP		 270}
271
a40eb732
LP		 272static int socket_add_default_dependencies(Socket *s) {
273 int r;
274 assert(s);
275
e3d84721
LP		 276 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
277 if (r < 0)
278 return r;
2a77d31d 279
e3d84721
LP		 280 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
281 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
282 if (r < 0)
a40eb732 283 return r;
2a77d31d 284 }
a40eb732 285
ead8e478 286 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
a40eb732
LP		 287}
288
44a6b1b6 289_pure_ static bool socket_has_exec(Socket *s) {
4cfc6dbe
LP		 290 unsigned i;
291 assert(s);
292
293 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
294 if (s->exec_command[i])
295 return true;
296
297 return false;
298}
299
e821075a
LP		 300static int socket_add_extras(Socket *s) {
301 Unit *u = UNIT(s);
e537352b 302 int r;
44d8db9e 303
e821075a 304 assert(s);
57020a3a 305
e821075a 306 if (have_non_accept_socket(s)) {
23a177ef 307
e821075a
LP		 308 if (!UNIT_DEREF(s->service)) {
309 Unit *x;
57020a3a 310
e821075a 311 r = unit_load_related_unit(u, ".service", &x);
57020a3a 312 if (r < 0)
4f2d528d 313 return r;
e821075a
LP		 314
315 unit_ref_set(&s->service, x);
4f2d528d 316 }
44d8db9e 317
e821075a
LP		 318 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
319 if (r < 0)
6e2ef85b 320 return r;
e821075a 321 }
6e2ef85b 322
e821075a
LP		 323 r = socket_add_mount_links(s);
324 if (r < 0)
325 return r;
6e2ef85b 326
e821075a
LP		 327 r = socket_add_device_link(s);
328 if (r < 0)
329 return r;
330
598459ce 331 r = unit_patch_contexts(u);
e821075a
LP		 332 if (r < 0)
333 return r;
334
335 if (socket_has_exec(s)) {
336 r = unit_add_exec_dependencies(u, &s->exec_context);
337 if (r < 0)
338 return r;
23a177ef 339
598459ce 340 r = unit_add_default_slice(u, &s->cgroup_context);
a016b922
LP		 341 if (r < 0)
342 return r;
e821075a 343 }
a016b922 344
e821075a
LP		 345 if (u->default_dependencies) {
346 r = socket_add_default_dependencies(s);
347 if (r < 0)
348 return r;
349 }
350
351 return 0;
352}
353
811ba7a0
LP		 354static const char *socket_find_symlink_target(Socket *s) {
355 const char *found = NULL;
356 SocketPort *p;
357
358 LIST_FOREACH(port, p, s->ports) {
359 const char *f = NULL;
360
361 switch (p->type) {
362
363 case SOCKET_FIFO:
364 f = p->path;
365 break;
366
367 case SOCKET_SOCKET:
368 if (p->address.sockaddr.un.sun_path[0] != 0)
369 f = p->address.sockaddr.un.sun_path;
370 break;
371
372 default:
373 break;
374 }
375
376 if (f) {
377 if (found)
378 return NULL;
379
380 found = f;
381 }
382 }
383
384 return found;
385}
386
e821075a
LP		 387static int socket_verify(Socket *s) {
388 assert(s);
389
390 if (UNIT(s)->load_state != UNIT_LOADED)
391 return 0;
392
393 if (!s->ports) {
394 log_error_unit(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
395 return -EINVAL;
396 }
397
398 if (s->accept && have_non_accept_socket(s)) {
399 log_error_unit(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
400 UNIT(s)->id);
401 return -EINVAL;
402 }
403
404 if (s->accept && s->max_connections <= 0) {
405 log_error_unit(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
406 return -EINVAL;
407 }
e06c73cc 408
e821075a
LP		 409 if (s->accept && UNIT_DEREF(s->service)) {
410 log_error_unit(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
411 return -EINVAL;
412 }
413
414 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
415 log_error_unit(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
416 return -EINVAL;
417 }
418
811ba7a0
LP		 419 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
420 log_error_unit(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
421 return -EINVAL;
422 }
423
e821075a
LP		 424 return 0;
425}
426
427static int socket_load(Unit *u) {
428 Socket *s = SOCKET(u);
429 int r;
430
431 assert(u);
432 assert(u->load_state == UNIT_STUB);
433
434 r = unit_load_fragment_and_dropin(u);
435 if (r < 0)
436 return r;
437
438 if (u->load_state == UNIT_LOADED) {
439 /* This is a new unit? Then let's add in some extras */
440 r = socket_add_extras(s);
e06c73cc
LP		 441 if (r < 0)
442 return r;
23a177ef
LP		 443 }
444
4f2d528d 445 return socket_verify(s);
44d8db9e
LP		 446}
447
44a6b1b6 448_const_ static const char* listen_lookup(int family, int type) {
7a22745a
LP		 449
450 if (family == AF_NETLINK)
451 return "ListenNetlink";
542563ba
LP		 452
453 if (type == SOCK_STREAM)
454 return "ListenStream";
455 else if (type == SOCK_DGRAM)
456 return "ListenDatagram";
457 else if (type == SOCK_SEQPACKET)
458 return "ListenSequentialPacket";
459
034c6ed7 460 assert_not_reached("Unknown socket type");
542563ba
LP		 461 return NULL;
462}
463
87f0e418 464static void socket_dump(Unit *u, FILE *f, const char *prefix) {
209e9dcd 465 char time_string[FORMAT_TIMESPAN_MAX];
5cb5a6ff 466 SocketExecCommand c;
87f0e418 467 Socket *s = SOCKET(u);
542563ba 468 SocketPort *p;
82ba9f08 469 const char *prefix2;
5cb5a6ff
LP		 470
471 assert(s);
fa068367 472 assert(f);
5cb5a6ff 473
4c940960 474 prefix = strempty(prefix);
e821075a 475 prefix2 = strappenda(prefix, "\t");
c43d20a0 476
5cb5a6ff
LP		 477 fprintf(f,
478 "%sSocket State: %s\n"
81a5c6d0 479 "%sResult: %s\n"
542563ba 480 "%sBindIPv6Only: %s\n"
b5a0699f
LP		 481 "%sBacklog: %u\n"
482 "%sSocketMode: %04o\n"
4fd5948e
LP		 483 "%sDirectoryMode: %04o\n"
484 "%sKeepAlive: %s\n"
4427c3f4 485 "%sNoDelay: %s\n"
cebf8b20 486 "%sFreeBind: %s\n"
6b6d2dee 487 "%sTransparent: %s\n"
ec6370a2 488 "%sBroadcast: %s\n"
ede3deb4 489 "%sPassCredentials: %s\n"
54ecda32 490 "%sPassSecurity: %s\n"
bd1fe7c7 491 "%sTCPCongestion: %s\n"
16115b0a
MS		 492 "%sRemoveOnStop: %s\n"
493 "%sSELinuxContextFromNet: %s\n",
a16e1123 494 prefix, socket_state_to_string(s->state),
81a5c6d0 495 prefix, socket_result_to_string(s->result),
c0120d99 496 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
b5a0699f
LP		 497 prefix, s->backlog,
498 prefix, s->socket_mode,
4fd5948e
LP		 499 prefix, s->directory_mode,
500 prefix, yes_no(s->keep_alive),
4427c3f4 501 prefix, yes_no(s->no_delay),
cebf8b20 502 prefix, yes_no(s->free_bind),
6b6d2dee 503 prefix, yes_no(s->transparent),
ec6370a2 504 prefix, yes_no(s->broadcast),
d68af586 505 prefix, yes_no(s->pass_cred),
54ecda32 506 prefix, yes_no(s->pass_sec),
bd1fe7c7 507 prefix, strna(s->tcp_congestion),
16115b0a
MS		 508 prefix, yes_no(s->remove_on_stop),
509 prefix, yes_no(s->selinux_context_from_net));
542563ba 510
70123e68
LP		 511 if (s->control_pid > 0)
512 fprintf(f,
de0671ee
ZJS		 513 "%sControl PID: "PID_FMT"\n",
514 prefix, s->control_pid);
70123e68 515
acbb0225
LP		 516 if (s->bind_to_device)
517 fprintf(f,
518 "%sBindToDevice: %s\n",
519 prefix, s->bind_to_device);
520
4f2d528d
LP		 521 if (s->accept)
522 fprintf(f,
6cf6bbc2
LP		 523 "%sAccepted: %u\n"
524 "%sNConnections: %u\n"
525 "%sMaxConnections: %u\n",
526 prefix, s->n_accepted,
527 prefix, s->n_connections,
528 prefix, s->max_connections);
4f2d528d 529
4fd5948e
LP		 530 if (s->priority >= 0)
531 fprintf(f,
532 "%sPriority: %i\n",
533 prefix, s->priority);
534
535 if (s->receive_buffer > 0)
536 fprintf(f,
537 "%sReceiveBuffer: %zu\n",
538 prefix, s->receive_buffer);
539
540 if (s->send_buffer > 0)
541 fprintf(f,
542 "%sSendBuffer: %zu\n",
543 prefix, s->send_buffer);
544
545 if (s->ip_tos >= 0)
546 fprintf(f,
547 "%sIPTOS: %i\n",
548 prefix, s->ip_tos);
549
550 if (s->ip_ttl >= 0)
551 fprintf(f,
552 "%sIPTTL: %i\n",
553 prefix, s->ip_ttl);
554
555 if (s->pipe_size > 0)
556 fprintf(f,
557 "%sPipeSize: %zu\n",
558 prefix, s->pipe_size);
559
560 if (s->mark >= 0)
561 fprintf(f,
562 "%sMark: %i\n",
563 prefix, s->mark);
564
916abb21
LP		 565 if (s->mq_maxmsg > 0)
566 fprintf(f,
567 "%sMessageQueueMaxMessages: %li\n",
568 prefix, s->mq_maxmsg);
569
570 if (s->mq_msgsize > 0)
571 fprintf(f,
572 "%sMessageQueueMessageSize: %li\n",
573 prefix, s->mq_msgsize);
574
718db961 575 if (s->reuse_port)
f7db7a69
SL		 576 fprintf(f,
577 "%sReusePort: %s\n",
718db961 578 prefix, yes_no(s->reuse_port));
f7db7a69 579
0eb59ccf
AK		 580 if (s->smack)
581 fprintf(f,
582 "%sSmackLabel: %s\n",
583 prefix, s->smack);
584
585 if (s->smack_ip_in)
586 fprintf(f,
587 "%sSmackLabelIPIn: %s\n",
588 prefix, s->smack_ip_in);
589
590 if (s->smack_ip_out)
591 fprintf(f,
592 "%sSmackLabelIPOut: %s\n",
593 prefix, s->smack_ip_out);
594
3900e5fd
LP		 595 if (!isempty(s->user) || !isempty(s->group))
596 fprintf(f,
597 "%sOwnerUser: %s\n"
598 "%sOwnerGroup: %s\n",
599 prefix, strna(s->user),
600 prefix, strna(s->group));
601
3cd761e4 602 if (s->keep_alive_time > 0)
209e9dcd 603 fprintf(f,
3cd761e4
LP		 604 "%sKeepAliveTimeSec: %s\n",
605 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
209e9dcd 606
3cd761e4 607 if (s->keep_alive_interval)
209e9dcd 608 fprintf(f,
3cd761e4
LP		 609 "%sKeepAliveIntervalSec: %s\n",
610 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
209e9dcd 611
3cd761e4 612 if (s->keep_alive_cnt)
209e9dcd
SS		 613 fprintf(f,
614 "%sKeepAliveProbes: %u\n",
615 prefix, s->keep_alive_cnt);
616
3cd761e4 617 if (s->defer_accept)
cc567c9b 618 fprintf(f,
3cd761e4
LP		 619 "%sDeferAcceptSec: %s\n",
620 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
cc567c9b 621
034c6ed7 622 LIST_FOREACH(port, p, s->ports) {
5cb5a6ff 623
542563ba
LP		 624 if (p->type == SOCKET_SOCKET) {
625 const char *t;
626 int r;
e364ad06 627 char *k = NULL;
542563ba
LP		 628
629 if ((r = socket_address_print(&p->address, &k)) < 0)
630 t = strerror(-r);
631 else
632 t = k;
633
7a22745a 634 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
542563ba 635 free(k);
b0a3f2bc
LP		 636 } else if (p->type == SOCKET_SPECIAL)
637 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
916abb21
LP		 638 else if (p->type == SOCKET_MQUEUE)
639 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
b0a3f2bc 640 else
542563ba
LP		 641 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
642 }
5cb5a6ff
LP		 643
644 exec_context_dump(&s->exec_context, f, prefix);
4819ff03 645 kill_context_dump(&s->kill_context, f, prefix);
5cb5a6ff 646
e537352b 647 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
c43d20a0
LP		 648 if (!s->exec_command[c])
649 continue;
5cb5a6ff 650
40d50879 651 fprintf(f, "%s-> %s:\n",
a16e1123 652 prefix, socket_exec_command_to_string(c));
c43d20a0
LP		 653
654 exec_command_dump_list(s->exec_command[c], f, prefix2);
5cb5a6ff
LP		 655 }
656}
657
4f2d528d
LP		 658static int instance_from_socket(int fd, unsigned nr, char **instance) {
659 socklen_t l;
660 char *r;
9d16d0c7 661 union sockaddr_union local, remote;
4f2d528d
LP		 662
663 assert(fd >= 0);
664 assert(instance);
665
666 l = sizeof(local);
667 if (getsockname(fd, &local.sa, &l) < 0)
668 return -errno;
669
670 l = sizeof(remote);
671 if (getpeername(fd, &remote.sa, &l) < 0)
672 return -errno;
673
674 switch (local.sa.sa_family) {
675
676 case AF_INET: {
677 uint32_t
678 a = ntohl(local.in.sin_addr.s_addr),
679 b = ntohl(remote.in.sin_addr.s_addr);
680
681 if (asprintf(&r,
77b088c2
LP		 682 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
683 nr,
4f2d528d
LP		 684 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
685 ntohs(local.in.sin_port),
686 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
687 ntohs(remote.in.sin_port)) < 0)
688 return -ENOMEM;
689
690 break;
691 }
692
693 case AF_INET6: {
c65a0b14 694 static const unsigned char ipv4_prefix[] = {
2b061f5a
LP		 695 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
696 };
697
698 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
699 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
700 const uint8_t
701 *a = local.in6.sin6_addr.s6_addr+12,
702 *b = remote.in6.sin6_addr.s6_addr+12;
703
704 if (asprintf(&r,
77b088c2
LP		 705 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
706 nr,
2b061f5a
LP		 707 a[0], a[1], a[2], a[3],
708 ntohs(local.in6.sin6_port),
709 b[0], b[1], b[2], b[3],
710 ntohs(remote.in6.sin6_port)) < 0)
711 return -ENOMEM;
712 } else {
713 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
714
715 if (asprintf(&r,
77b088c2
LP		 716 "%u-%s:%u-%s:%u",
717 nr,
2b061f5a
LP		 718 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
719 ntohs(local.in6.sin6_port),
720 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
721 ntohs(remote.in6.sin6_port)) < 0)
722 return -ENOMEM;
723 }
4f2d528d
LP		 724
725 break;
726 }
727
728 case AF_UNIX: {
729 struct ucred ucred;
eff05270 730 int k;
4f2d528d 731
eff05270 732 k = getpeercred(fd, &ucred);
d38f6e34
ZJS		 733 if (k >= 0) {
734 if (asprintf(&r,
735 "%u-"PID_FMT"-"UID_FMT,
736 nr, ucred.pid, ucred.uid) < 0)
737 return -ENOMEM;
738 } else if (k == -ENODATA) {
739 /* This handles the case where somebody is
740 * connecting from another pid/uid namespace
741 * (e.g. from outside of our container). */
742 if (asprintf(&r,
743 "%u-unknown",
744 nr) < 0)
745 return -ENOMEM;
746 } else
eff05270 747 return k;
2f20a8eb 748
2f20a8eb 749 break;
4f2d528d
LP		 750 }
751
752 default:
753 assert_not_reached("Unhandled socket type.");
754 }
755
756 *instance = r;
757 return 0;
758}
759
034c6ed7 760static void socket_close_fds(Socket *s) {
83c60c9f 761 SocketPort *p;
811ba7a0 762 char **i;
83c60c9f
LP		 763
764 assert(s);
765
034c6ed7 766 LIST_FOREACH(port, p, s->ports) {
718db961
LP		 767
768 p->event_source = sd_event_source_unref(p->event_source);
769
83c60c9f
LP		 770 if (p->fd < 0)
771 continue;
772
03e334a1 773 p->fd = safe_close(p->fd);
a16e1123 774
bd1fe7c7
LP		 775 /* One little note: we should normally not delete any
776 * sockets in the file system here! After all some
777 * other process we spawned might still have a
778 * reference of this fd and wants to continue to use
779 * it. Therefore we delete sockets in the file system
780 * before we create a new one, not after we stopped
781 * using one! */
782
783 if (s->remove_on_stop) {
784 switch (p->type) {
785
786 case SOCKET_FIFO:
787 unlink(p->path);
788 break;
789
790 case SOCKET_MQUEUE:
791 mq_unlink(p->path);
792 break;
793
794 case SOCKET_SOCKET:
795 socket_address_unlink(&p->address);
796 break;
797
798 default:
799 break;
800 }
801 }
83c60c9f 802 }
811ba7a0
LP		 803
804 if (s->remove_on_stop)
805 STRV_FOREACH(i, s->symlinks)
806 unlink(*i);
83c60c9f
LP		 807}
808
4fd5948e 809static void socket_apply_socket_options(Socket *s, int fd) {
d53e386d
LP		 810 int r;
811
4fd5948e
LP		 812 assert(s);
813 assert(fd >= 0);
814
815 if (s->keep_alive) {
816 int b = s->keep_alive;
817 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
66870f90 818 log_warning_unit(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
4fd5948e
LP		 819 }
820
209e9dcd
SS		 821 if (s->keep_alive_time) {
822 int value = s->keep_alive_time / USEC_PER_SEC;
823 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
824 log_warning_unit(UNIT(s)->id, "TCP_KEEPIDLE failed: %m");
825 }
826
827 if (s->keep_alive_interval) {
828 int value = s->keep_alive_interval / USEC_PER_SEC;
829 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
830 log_warning_unit(UNIT(s)->id, "TCP_KEEPINTVL failed: %m");
831 }
832
833 if (s->keep_alive_cnt) {
834 int value = s->keep_alive_cnt;
835 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
836 log_warning_unit(UNIT(s)->id, "TCP_KEEPCNT failed: %m");
837 }
838
cc567c9b
SS		 839 if (s->defer_accept) {
840 int value = s->defer_accept / USEC_PER_SEC;
841 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
842 log_warning_unit(UNIT(s)->id, "TCP_DEFER_ACCEPT failed: %m");
843 }
844
4427c3f4
SS		 845 if (s->no_delay) {
846 int b = s->no_delay;
847 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
848 log_warning_unit(UNIT(s)->id, "TCP_NODELAY failed: %m");
849 }
850
ec6370a2
LP		 851 if (s->broadcast) {
852 int one = 1;
853 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
66870f90 854 log_warning_unit(UNIT(s)->id, "SO_BROADCAST failed: %m");
ec6370a2
LP		 855 }
856
d68af586
MS		 857 if (s->pass_cred) {
858 int one = 1;
859 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
66870f90 860 log_warning_unit(UNIT(s)->id, "SO_PASSCRED failed: %m");
d68af586
MS		 861 }
862
54ecda32
LP		 863 if (s->pass_sec) {
864 int one = 1;
865 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
66870f90 866 log_warning_unit(UNIT(s)->id, "SO_PASSSEC failed: %m");
54ecda32
LP		 867 }
868
4fd5948e
LP		 869 if (s->priority >= 0)
870 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
66870f90 871 log_warning_unit(UNIT(s)->id, "SO_PRIORITY failed: %m");
4fd5948e
LP		 872
873 if (s->receive_buffer > 0) {
874 int value = (int) s->receive_buffer;
7d9eaa84
LP		 875
876 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
877
b8cef44e 878 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 879 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
66870f90 880 log_warning_unit(UNIT(s)->id, "SO_RCVBUF failed: %m");
4fd5948e
LP		 881 }
882
883 if (s->send_buffer > 0) {
884 int value = (int) s->send_buffer;
b8cef44e 885 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 886 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
66870f90 887 log_warning_unit(UNIT(s)->id, "SO_SNDBUF failed: %m");
4fd5948e
LP		 888 }
889
890 if (s->mark >= 0)
891 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
66870f90 892 log_warning_unit(UNIT(s)->id, "SO_MARK failed: %m");
4fd5948e
LP		 893
894 if (s->ip_tos >= 0)
895 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
66870f90 896 log_warning_unit(UNIT(s)->id, "IP_TOS failed: %m");
4fd5948e 897
46925ac5 898 if (s->ip_ttl >= 0) {
d53e386d 899 int x;
46925ac5
LP		 900
901 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
5bfcc1c6
FF		 902
903 if (socket_ipv6_is_supported())
904 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
905 else {
906 x = -1;
907 errno = EAFNOSUPPORT;
908 }
46925ac5
LP		 909
910 if (r < 0 && x < 0)
66870f90
ZJS		 911 log_warning_unit(UNIT(s)->id,
912 "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
46925ac5 913 }
cebf8b20
TT		 914
915 if (s->tcp_congestion)
916 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
66870f90 917 log_warning_unit(UNIT(s)->id, "TCP_CONGESTION failed: %m");
0eb59ccf 918
718db961
LP		 919 if (s->reuse_port) {
920 int b = s->reuse_port;
f0511bd7 921 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
f7db7a69
SL		 922 log_warning_unit(UNIT(s)->id, "SO_REUSEPORT failed: %m");
923 }
924
d53e386d
LP		 925 if (s->smack_ip_in) {
926 r = mac_smack_apply_ip_in_fd(fd, s->smack_ip_in);
927 if (r < 0)
928 log_error_unit(UNIT(s)->id, "mac_smack_apply_ip_in_fd: %s", strerror(-r));
929 }
9a4e038c 930
d53e386d
LP		 931 if (s->smack_ip_out) {
932 r = mac_smack_apply_ip_out_fd(fd, s->smack_ip_out);
933 if (r < 0)
934 log_error_unit(UNIT(s)->id, "mac_smack_apply_ip_out_fd: %s", strerror(-r));
935 }
4fd5948e
LP		 936}
937
b15bdda8 938static void socket_apply_fifo_options(Socket *s, int fd) {
d53e386d
LP		 939 int r;
940
4fd5948e
LP		 941 assert(s);
942 assert(fd >= 0);
943
944 if (s->pipe_size > 0)
945 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
d53e386d 946 log_warning_unit(UNIT(s)->id, "F_SETPIPE_SZ: %m");
0eb59ccf 947
d53e386d
LP		 948 if (s->smack) {
949 r = mac_smack_apply_fd(fd, s->smack);
950 if (r < 0)
951 log_error_unit(UNIT(s)->id, "mac_smack_apply_fd: %s", strerror(-r));
952 }
4fd5948e
LP		 953}
954
b15bdda8
LP		 955static int fifo_address_create(
956 const char *path,
957 mode_t directory_mode,
958 mode_t socket_mode,
b15bdda8
LP		 959 int *_fd) {
960
7a58bfa4 961 int fd = -1, r = 0;
b15bdda8
LP		 962 struct stat st;
963 mode_t old_mask;
964
965 assert(path);
966 assert(_fd);
967
d2e54fae 968 mkdir_parents_label(path, directory_mode);
b15bdda8 969
ecabcf8b 970 r = mac_selinux_create_file_prepare(path, S_IFIFO);
e9a5ef7c 971 if (r < 0)
56cf987f 972 goto fail;
b15bdda8
LP		 973
974 /* Enforce the right access mode for the fifo */
975 old_mask = umask(~ socket_mode);
976
977 /* Include the original umask in our mask */
978 umask(~socket_mode | old_mask);
979
980 r = mkfifo(path, socket_mode);
981 umask(old_mask);
982
94bc2731 983 if (r < 0 && errno != EEXIST) {
b15bdda8
LP		 984 r = -errno;
985 goto fail;
986 }
987
e4f44e73 988 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
b15bdda8
LP		 989 r = -errno;
990 goto fail;
991 }
992
ecabcf8b 993 mac_selinux_create_file_clear();
7a58bfa4 994
b15bdda8
LP		 995 if (fstat(fd, &st) < 0) {
996 r = -errno;
997 goto fail;
998 }
999
1000 if (!S_ISFIFO(st.st_mode) ||
de0200fc 1001 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
e4f44e73
DR		 1002 st.st_uid != getuid() ||
1003 st.st_gid != getgid()) {
b15bdda8
LP		 1004
1005 r = -EEXIST;
1006 goto fail;
1007 }
1008
1009 *_fd = fd;
1010 return 0;
1011
1012fail:
ecabcf8b 1013 mac_selinux_create_file_clear();
03e334a1 1014 safe_close(fd);
b15bdda8
LP		 1015
1016 return r;
1017}
1018
b0a3f2bc
LP		 1019static int special_address_create(
1020 const char *path,
1021 int *_fd) {
1022
1023 int fd = -1, r = 0;
1024 struct stat st;
1025
1026 assert(path);
1027 assert(_fd);
1028
811ba7a0
LP		 1029 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1030 if (fd < 0) {
b0a3f2bc
LP		 1031 r = -errno;
1032 goto fail;
1033 }
1034
1035 if (fstat(fd, &st) < 0) {
1036 r = -errno;
1037 goto fail;
1038 }
1039
1040 /* Check whether this is a /proc, /sys or /dev file or char device */
1041 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1042 r = -EEXIST;
1043 goto fail;
1044 }
1045
1046 *_fd = fd;
1047 return 0;
1048
1049fail:
03e334a1 1050 safe_close(fd);
b0a3f2bc
LP		 1051
1052 return r;
1053}
1054
916abb21
LP		 1055static int mq_address_create(
1056 const char *path,
1057 mode_t mq_mode,
1058 long maxmsg,
1059 long msgsize,
1060 int *_fd) {
1061
1062 int fd = -1, r = 0;
1063 struct stat st;
1064 mode_t old_mask;
1065 struct mq_attr _attr, *attr = NULL;
1066
1067 assert(path);
1068 assert(_fd);
1069
1070 if (maxmsg > 0 && msgsize > 0) {
1071 zero(_attr);
1072 _attr.mq_flags = O_NONBLOCK;
1073 _attr.mq_maxmsg = maxmsg;
1074 _attr.mq_msgsize = msgsize;
1075 attr = &_attr;
1076 }
1077
1078 /* Enforce the right access mode for the mq */
1079 old_mask = umask(~ mq_mode);
1080
1081 /* Include the original umask in our mask */
1082 umask(~mq_mode | old_mask);
916abb21
LP		 1083 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1084 umask(old_mask);
1085
8ea913b2 1086 if (fd < 0) {
916abb21
LP		 1087 r = -errno;
1088 goto fail;
1089 }
1090
1091 if (fstat(fd, &st) < 0) {
1092 r = -errno;
1093 goto fail;
1094 }
1095
1096 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1097 st.st_uid != getuid() ||
1098 st.st_gid != getgid()) {
1099
1100 r = -EEXIST;
1101 goto fail;
1102 }
1103
1104 *_fd = fd;
1105 return 0;
1106
1107fail:
03e334a1 1108 safe_close(fd);
916abb21
LP		 1109 return r;
1110}
1111
811ba7a0
LP		 1112static int socket_symlink(Socket *s) {
1113 const char *p;
1114 char **i;
1115
1116 assert(s);
1117
1118 p = socket_find_symlink_target(s);
1119 if (!p)
1120 return 0;
1121
1122 STRV_FOREACH(i, s->symlinks)
1123 symlink(p, *i);
1124
1125 return 0;
1126}
1127
034c6ed7 1128static int socket_open_fds(Socket *s) {
83c60c9f
LP		 1129 SocketPort *p;
1130 int r;
56cf987f 1131 char *label = NULL;
049f8642 1132 bool know_label = false;
83c60c9f
LP		 1133
1134 assert(s);
1135
034c6ed7 1136 LIST_FOREACH(port, p, s->ports) {
83c60c9f 1137
034c6ed7
LP		 1138 if (p->fd >= 0)
1139 continue;
83c60c9f
LP		 1140
1141 if (p->type == SOCKET_SOCKET) {
049f8642 1142
7f416dae
LP		 1143 if (!know_label) {
1144 /* Figure out label, if we don't it know
1145 * yet. We do it once, for the first
1146 * socket where we need this and
1147 * remember it for the rest. */
1148
1149 if (s->selinux_context_from_net) {
1150 /* Get it from the network label */
1151
1152 r = mac_selinux_get_our_label(&label);
1153 if (r < 0 && r != EOPNOTSUPP)
1154 goto rollback;
049f8642 1155
7f416dae
LP		 1156 } else {
1157 /* Get it from the executable we are about to start */
1158
1159 r = socket_instantiate_service(s);
1160 if (r < 0)
1161 goto rollback;
1162
1163 if (UNIT_ISSET(s->service) &&
1164 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1165 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1166 if (r < 0 && r != -EPERM && r != EOPNOTSUPP)
1167 goto rollback;
1168 }
189583d7 1169 }
049f8642
LP		 1170
1171 know_label = true;
1172 }
1173
175a3d25
LP		 1174 r = socket_address_listen(
1175 &p->address,
1176 SOCK_CLOEXEC|SOCK_NONBLOCK,
1177 s->backlog,
1178 s->bind_ipv6_only,
1179 s->bind_to_device,
1180 s->free_bind,
1181 s->transparent,
1182 s->directory_mode,
1183 s->socket_mode,
1184 label);
1185 if (r < 0)
83c60c9f
LP		 1186 goto rollback;
1187
175a3d25 1188 p->fd = r;
4fd5948e 1189 socket_apply_socket_options(s, p->fd);
811ba7a0 1190 socket_symlink(s);
4fd5948e 1191
b0a3f2bc
LP		 1192 } else if (p->type == SOCKET_SPECIAL) {
1193
175a3d25
LP		 1194 r = special_address_create(
1195 p->path,
1196 &p->fd);
1197 if (r < 0)
b0a3f2bc
LP		 1198 goto rollback;
1199
b15bdda8 1200 } else if (p->type == SOCKET_FIFO) {
83c60c9f 1201
175a3d25
LP		 1202 r = fifo_address_create(
1203 p->path,
1204 s->directory_mode,
1205 s->socket_mode,
1206 &p->fd);
1207 if (r < 0)
83c60c9f 1208 goto rollback;
83c60c9f 1209
b15bdda8 1210 socket_apply_fifo_options(s, p->fd);
811ba7a0
LP		 1211 socket_symlink(s);
1212
916abb21 1213 } else if (p->type == SOCKET_MQUEUE) {
83c60c9f 1214
175a3d25
LP		 1215 r = mq_address_create(
1216 p->path,
1217 s->socket_mode,
1218 s->mq_maxmsg,
1219 s->mq_msgsize,
1220 &p->fd);
1221 if (r < 0)
916abb21 1222 goto rollback;
b15bdda8
LP		 1223 } else
1224 assert_not_reached("Unknown port type");
034c6ed7
LP		 1225 }
1226
cc56fafe 1227 mac_selinux_free(label);
034c6ed7
LP		 1228 return 0;
1229
1230rollback:
1231 socket_close_fds(s);
cc56fafe 1232 mac_selinux_free(label);
7f416dae 1233
034c6ed7
LP		 1234 return r;
1235}
1236
1237static void socket_unwatch_fds(Socket *s) {
1238 SocketPort *p;
718db961 1239 int r;
9152c765 1240
034c6ed7
LP		 1241 assert(s);
1242
1243 LIST_FOREACH(port, p, s->ports) {
1244 if (p->fd < 0)
1245 continue;
1246
a4152e3f
LP		 1247 if (!p->event_source)
1248 continue;
1249
1250 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1251 if (r < 0)
1252 log_debug_unit(UNIT(s)->id, "Failed to disable event source.");
83c60c9f 1253 }
034c6ed7
LP		 1254}
1255
1256static int socket_watch_fds(Socket *s) {
1257 SocketPort *p;
1258 int r;
1259
1260 assert(s);
83c60c9f 1261
034c6ed7
LP		 1262 LIST_FOREACH(port, p, s->ports) {
1263 if (p->fd < 0)
1264 continue;
1265
718db961
LP		 1266 if (p->event_source)
1267 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1268 else
151b9b96 1269 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
4f2d528d 1270
718db961
LP		 1271 if (r < 0) {
1272 log_warning_unit(UNIT(s)->id, "Failed to watch listening fds: %s", strerror(-r));
034c6ed7 1273 goto fail;
718db961 1274 }
034c6ed7 1275 }
83c60c9f 1276
542563ba 1277 return 0;
83c60c9f 1278
034c6ed7
LP		 1279fail:
1280 socket_unwatch_fds(s);
1281 return r;
1282}
1283
1284static void socket_set_state(Socket *s, SocketState state) {
1285 SocketState old_state;
1286 assert(s);
1287
1288 old_state = s->state;
1289 s->state = state;
1290
bd1fe7c7
LP		 1291 if (!IN_SET(state,
1292 SOCKET_START_PRE,
3900e5fd 1293 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1294 SOCKET_START_POST,
1295 SOCKET_STOP_PRE,
1296 SOCKET_STOP_PRE_SIGTERM,
1297 SOCKET_STOP_PRE_SIGKILL,
1298 SOCKET_STOP_POST,
1299 SOCKET_FINAL_SIGTERM,
1300 SOCKET_FINAL_SIGKILL)) {
718db961
LP		 1301
1302 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
5e94833f 1303 socket_unwatch_control_pid(s);
034c6ed7 1304 s->control_command = NULL;
a16e1123 1305 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
e537352b 1306 }
034c6ed7 1307
a16e1123
LP		 1308 if (state != SOCKET_LISTENING)
1309 socket_unwatch_fds(s);
1310
bd1fe7c7 1311 if (!IN_SET(state,
3900e5fd 1312 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1313 SOCKET_START_POST,
1314 SOCKET_LISTENING,
1315 SOCKET_RUNNING,
1316 SOCKET_STOP_PRE,
1317 SOCKET_STOP_PRE_SIGTERM,
1318 SOCKET_STOP_PRE_SIGKILL))
034c6ed7
LP		 1319 socket_close_fds(s);
1320
e537352b 1321 if (state != old_state)
e821075a
LP		 1322 log_debug_unit(UNIT(s)->id, "%s changed %s -> %s",
1323 UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
acbb0225 1324
e2f3b44c 1325 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
034c6ed7
LP		 1326}
1327
a16e1123
LP		 1328static int socket_coldplug(Unit *u) {
1329 Socket *s = SOCKET(u);
1330 int r;
1331
1332 assert(s);
1333 assert(s->state == SOCKET_DEAD);
1334
e821075a
LP		 1335 if (s->deserialized_state == s->state)
1336 return 0;
a16e1123 1337
3900e5fd
LP		 1338 if (IN_SET(s->deserialized_state,
1339 SOCKET_START_PRE,
1340 SOCKET_START_CHOWN,
1341 SOCKET_START_POST,
1342 SOCKET_STOP_PRE,
1343 SOCKET_STOP_PRE_SIGTERM,
1344 SOCKET_STOP_PRE_SIGKILL,
1345 SOCKET_STOP_POST,
1346 SOCKET_FINAL_SIGTERM,
1347 SOCKET_FINAL_SIGKILL)) {
a16e1123 1348
e821075a
LP		 1349 if (s->control_pid <= 0)
1350 return -EBADMSG;
a16e1123 1351
e821075a
LP		 1352 r = unit_watch_pid(UNIT(s), s->control_pid);
1353 if (r < 0)
1354 return r;
a16e1123 1355
e821075a
LP		 1356 r = socket_arm_timer(s);
1357 if (r < 0)
1358 return r;
1359 }
a16e1123 1360
3900e5fd
LP		 1361 if (IN_SET(s->deserialized_state,
1362 SOCKET_START_CHOWN,
1363 SOCKET_START_POST,
1364 SOCKET_LISTENING,
1365 SOCKET_RUNNING,
1366 SOCKET_STOP_PRE,
1367 SOCKET_STOP_PRE_SIGTERM,
1368 SOCKET_STOP_PRE_SIGKILL)) {
e821075a
LP		 1369 r = socket_open_fds(s);
1370 if (r < 0)
1371 return r;
1372 }
a16e1123 1373
e821075a
LP		 1374 if (s->deserialized_state == SOCKET_LISTENING) {
1375 r = socket_watch_fds(s);
1376 if (r < 0)
1377 return r;
a16e1123
LP		 1378 }
1379
e821075a 1380 socket_set_state(s, s->deserialized_state);
a16e1123
LP		 1381 return 0;
1382}
1383
e537352b 1384static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
3900e5fd 1385 _cleanup_free_ char **argv = NULL;
034c6ed7
LP		 1386 pid_t pid;
1387 int r;
9fa95f85
DM		 1388 ExecParameters exec_params = {
1389 .apply_permissions = true,
1390 .apply_chroot = true,
1391 .apply_tty_stdin = true,
1392 };
034c6ed7
LP		 1393
1394 assert(s);
1395 assert(c);
1396 assert(_pid);
1397
4ad49000
LP		 1398 unit_realize_cgroup(UNIT(s));
1399
613b411c
LP		 1400 r = unit_setup_exec_runtime(UNIT(s));
1401 if (r < 0)
1402 goto fail;
1403
718db961 1404 r = socket_arm_timer(s);
36697dc0 1405 if (r < 0)
e537352b 1406 goto fail;
034c6ed7 1407
19f6d710
LP		 1408 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1409 if (r < 0)
9e2f7c11 1410 goto fail;
9e2f7c11 1411
9fa95f85
DM		 1412 exec_params.argv = argv;
1413 exec_params.environment = UNIT(s)->manager->environment;
1414 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1415 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1416 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1417 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1418 exec_params.unit_id = UNIT(s)->id;
1419
9e2f7c11 1420 r = exec_spawn(c,
9e2f7c11 1421 &s->exec_context,
9fa95f85 1422 &exec_params,
613b411c 1423 s->exec_runtime,
9e2f7c11 1424 &pid);
cee288ad
TA		 1425 if (r < 0)
1426 goto fail;
9e2f7c11 1427
3900e5fd 1428 r = unit_watch_pid(UNIT(s), pid);
9e2f7c11 1429 if (r < 0)
3900e5fd 1430 /* FIXME: we need to do something here */
034c6ed7
LP		 1431 goto fail;
1432
3900e5fd
LP		 1433 *_pid = pid;
1434 return 0;
1435
1436fail:
1437 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1438 return r;
1439}
1440
1441static int socket_chown(Socket *s, pid_t *_pid) {
1442 pid_t pid;
1443 int r;
1444
1445 r = socket_arm_timer(s);
1446 if (r < 0)
1447 goto fail;
1448
1449 /* We have to resolve the user names out-of-process, hence
1450 * let's fork here. It's messy, but well, what can we do? */
1451
1452 pid = fork();
1453 if (pid < 0)
1454 return -errno;
1455
1456 if (pid == 0) {
1457 SocketPort *p;
1458 uid_t uid = (uid_t) -1;
1459 gid_t gid = (gid_t) -1;
1460 int ret;
1461
1462 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1463 ignore_signals(SIGPIPE, -1);
1464 log_forget_fds();
1465
1466 if (!isempty(s->user)) {
1467 const char *user = s->user;
1468
1469 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1470 if (r < 0) {
1471 ret = EXIT_USER;
1472 goto fail_child;
1473 }
1474 }
1475
1476 if (!isempty(s->group)) {
1477 const char *group = s->group;
1478
1479 r = get_group_creds(&group, &gid);
1480 if (r < 0) {
1481 ret = EXIT_GROUP;
1482 goto fail_child;
1483 }
1484 }
1485
1486 LIST_FOREACH(port, p, s->ports) {
e5a1c18d 1487 const char *path = NULL;
3900e5fd
LP		 1488
1489 if (p->type == SOCKET_SOCKET)
1490 path = socket_address_get_path(&p->address);
1491 else if (p->type == SOCKET_FIFO)
1492 path = p->path;
1493
1494 if (!path)
1495 continue;
1496
1497 if (chown(path, uid, gid) < 0) {
1498 r = -errno;
1499 ret = EXIT_CHOWN;
1500 goto fail_child;
1501 }
1502 }
1503
1504 _exit(0);
1505
1506 fail_child:
1507 log_open();
1508 log_error("Failed to chown socket at step %s: %s", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD), strerror(-r));
1509
1510 _exit(ret);
1511 }
1512
718db961
LP		 1513 r = unit_watch_pid(UNIT(s), pid);
1514 if (r < 0)
034c6ed7 1515 goto fail;
83c60c9f 1516
034c6ed7 1517 *_pid = pid;
034c6ed7
LP		 1518 return 0;
1519
1520fail:
718db961 1521 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
83c60c9f 1522 return r;
542563ba
LP		 1523}
1524
cfc4eb4c 1525static void socket_enter_dead(Socket *s, SocketResult f) {
034c6ed7
LP		 1526 assert(s);
1527
cfc4eb4c
LP		 1528 if (f != SOCKET_SUCCESS)
1529 s->result = f;
034c6ed7 1530
613b411c
LP		 1531 exec_runtime_destroy(s->exec_runtime);
1532 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1533
e66cf1a3
LP		 1534 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1535
cfc4eb4c 1536 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
034c6ed7
LP		 1537}
1538
cfc4eb4c 1539static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
80876c20 1540
cfc4eb4c 1541static void socket_enter_stop_post(Socket *s, SocketResult f) {
034c6ed7
LP		 1542 int r;
1543 assert(s);
1544
cfc4eb4c
LP		 1545 if (f != SOCKET_SUCCESS)
1546 s->result = f;
034c6ed7 1547
5e94833f 1548 socket_unwatch_control_pid(s);
a16e1123 1549 s->control_command_id = SOCKET_EXEC_STOP_POST;
3900e5fd 1550 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
a16e1123 1551
3900e5fd
LP		 1552 if (s->control_command) {
1553 r = socket_spawn(s, s->control_command, &s->control_pid);
1554 if (r < 0)
034c6ed7
LP		 1555 goto fail;
1556
80876c20
LP		 1557 socket_set_state(s, SOCKET_STOP_POST);
1558 } else
cfc4eb4c 1559 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
034c6ed7
LP		 1560
1561 return;
1562
1563fail:
66870f90
ZJS		 1564 log_warning_unit(UNIT(s)->id,
1565 "%s failed to run 'stop-post' task: %s",
1566 UNIT(s)->id, strerror(-r));
cfc4eb4c 1567 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1568}
1569
cfc4eb4c 1570static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
034c6ed7
LP		 1571 int r;
1572
1573 assert(s);
1574
cfc4eb4c
LP		 1575 if (f != SOCKET_SUCCESS)
1576 s->result = f;
034c6ed7 1577
cd2086fe
LP		 1578 r = unit_kill_context(
1579 UNIT(s),
1580 &s->kill_context,
1581 state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM,
1582 -1,
1583 s->control_pid,
1584 false);
1585 if (r < 0)
1586 goto fail;
034c6ed7 1587
cd2086fe 1588 if (r > 0) {
718db961 1589 r = socket_arm_timer(s);
36697dc0 1590 if (r < 0)
80876c20 1591 goto fail;
d6ea93e3 1592
80876c20 1593 socket_set_state(s, state);
ac84d1fb
LP		 1594 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1595 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1596 else if (state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1597 socket_enter_stop_post(s, SOCKET_SUCCESS);
ac84d1fb
LP		 1598 else if (state == SOCKET_FINAL_SIGTERM)
1599 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
80876c20 1600 else
cfc4eb4c 1601 socket_enter_dead(s, SOCKET_SUCCESS);
034c6ed7
LP		 1602
1603 return;
1604
1605fail:
e821075a 1606 log_warning_unit(UNIT(s)->id, "%s failed to kill processes: %s", UNIT(s)->id, strerror(-r));
034c6ed7
LP		 1607
1608 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1609 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1610 else
cfc4eb4c 1611 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1612}
1613
cfc4eb4c 1614static void socket_enter_stop_pre(Socket *s, SocketResult f) {
034c6ed7
LP		 1615 int r;
1616 assert(s);
1617
cfc4eb4c
LP		 1618 if (f != SOCKET_SUCCESS)
1619 s->result = f;
034c6ed7 1620
5e94833f 1621 socket_unwatch_control_pid(s);
a16e1123 1622 s->control_command_id = SOCKET_EXEC_STOP_PRE;
3900e5fd 1623 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
a16e1123 1624
3900e5fd
LP		 1625 if (s->control_command) {
1626 r = socket_spawn(s, s->control_command, &s->control_pid);
1627 if (r < 0)
034c6ed7
LP		 1628 goto fail;
1629
80876c20
LP		 1630 socket_set_state(s, SOCKET_STOP_PRE);
1631 } else
cfc4eb4c 1632 socket_enter_stop_post(s, SOCKET_SUCCESS);
034c6ed7
LP		 1633
1634 return;
1635
1636fail:
e821075a 1637 log_warning_unit(UNIT(s)->id, "%s failed to run 'stop-pre' task: %s", UNIT(s)->id, strerror(-r));
cfc4eb4c 1638 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1639}
1640
e9af15c3
LP		 1641static void socket_enter_listening(Socket *s) {
1642 int r;
1643 assert(s);
1644
cfc4eb4c
LP		 1645 r = socket_watch_fds(s);
1646 if (r < 0) {
e821075a 1647 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
e9af15c3
LP		 1648 goto fail;
1649 }
1650
1651 socket_set_state(s, SOCKET_LISTENING);
1652 return;
1653
1654fail:
cfc4eb4c 1655 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
e9af15c3
LP		 1656}
1657
034c6ed7
LP		 1658static void socket_enter_start_post(Socket *s) {
1659 int r;
1660 assert(s);
1661
3900e5fd
LP		 1662 socket_unwatch_control_pid(s);
1663 s->control_command_id = SOCKET_EXEC_START_POST;
1664 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1665
1666 if (s->control_command) {
1667 r = socket_spawn(s, s->control_command, &s->control_pid);
1668 if (r < 0) {
1669 log_warning_unit(UNIT(s)->id, "%s failed to run 'start-post' task: %s", UNIT(s)->id, strerror(-r));
1670 goto fail;
1671 }
1672
1673 socket_set_state(s, SOCKET_START_POST);
1674 } else
1675 socket_enter_listening(s);
1676
1677 return;
1678
1679fail:
1680 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1681}
1682
1683static void socket_enter_start_chown(Socket *s) {
1684 int r;
1685
1686 assert(s);
1687
cfc4eb4c
LP		 1688 r = socket_open_fds(s);
1689 if (r < 0) {
e821075a 1690 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
034c6ed7
LP		 1691 goto fail;
1692 }
1693
3900e5fd 1694 if (!isempty(s->user) || !isempty(s->group)) {
5e94833f 1695
3900e5fd
LP		 1696 socket_unwatch_control_pid(s);
1697 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1698 s->control_command = NULL;
a16e1123 1699
3900e5fd 1700 r = socket_chown(s, &s->control_pid);
cfc4eb4c 1701 if (r < 0) {
3900e5fd 1702 log_warning_unit(UNIT(s)->id, "%s failed to fork 'start-chown' task: %s", UNIT(s)->id, strerror(-r));
034c6ed7
LP		 1703 goto fail;
1704 }
1705
3900e5fd 1706 socket_set_state(s, SOCKET_START_CHOWN);
80876c20 1707 } else
3900e5fd 1708 socket_enter_start_post(s);
034c6ed7
LP		 1709
1710 return;
1711
1712fail:
cfc4eb4c 1713 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1714}
1715
1716static void socket_enter_start_pre(Socket *s) {
1717 int r;
1718 assert(s);
1719
5e94833f 1720 socket_unwatch_control_pid(s);
a16e1123 1721 s->control_command_id = SOCKET_EXEC_START_PRE;
3900e5fd 1722 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
a16e1123 1723
3900e5fd 1724 if (s->control_command) {
e821075a 1725 r = socket_spawn(s, s->control_command, &s->control_pid);
3900e5fd
LP		 1726 if (r < 0) {
1727 log_warning_unit(UNIT(s)->id, "%s failed to run 'start-pre' task: %s", UNIT(s)->id, strerror(-r));
034c6ed7 1728 goto fail;
3900e5fd 1729 }
034c6ed7 1730
80876c20
LP		 1731 socket_set_state(s, SOCKET_START_PRE);
1732 } else
3900e5fd 1733 socket_enter_start_chown(s);
034c6ed7
LP		 1734
1735 return;
1736
1737fail:
cfc4eb4c 1738 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1739}
1740
4f2d528d 1741static void socket_enter_running(Socket *s, int cfd) {
718db961 1742 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
034c6ed7
LP		 1743 int r;
1744
1745 assert(s);
1746
ba3e67a7
LP		 1747 /* We don't take connections anymore if we are supposed to
1748 * shut down anyway */
31afa0a4 1749 if (unit_stop_pending(UNIT(s))) {
e821075a
LP		 1750
1751 log_debug_unit(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
5d909e3e 1752
7c610628 1753 if (cfd >= 0)
03e334a1 1754 safe_close(cfd);
7c610628
LP		 1755 else {
1756 /* Flush all sockets by closing and reopening them */
1757 socket_close_fds(s);
1758
16ac4014
LP		 1759 r = socket_open_fds(s);
1760 if (r < 0) {
1761 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1762 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1763 return;
1764 }
1765
1a710b43
MS		 1766 r = socket_watch_fds(s);
1767 if (r < 0) {
e821075a 1768 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
cfc4eb4c 1769 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
7c610628
LP		 1770 }
1771 }
1772
ba3e67a7
LP		 1773 return;
1774 }
1775
4f2d528d 1776 if (cfd < 0) {
57020a3a 1777 Iterator i;
e821075a 1778 Unit *other;
f976f3f6 1779 bool pending = false;
f976f3f6
LP		 1780
1781 /* If there's already a start pending don't bother to
1782 * do anything */
e821075a
LP		 1783 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1784 if (unit_active_or_pending(other)) {
57020a3a
LP		 1785 pending = true;
1786 break;
1787 }
f976f3f6 1788
1a710b43 1789 if (!pending) {
640ace4a
LP		 1790 if (!UNIT_ISSET(s->service)) {
1791 log_error_unit(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
1792 r = -ENOENT;
1793 goto fail;
1794 }
1795
1a710b43
MS		 1796 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1797 if (r < 0)
f976f3f6 1798 goto fail;
1a710b43 1799 }
4f2d528d
LP		 1800
1801 socket_set_state(s, SOCKET_RUNNING);
1802 } else {
e55001eb 1803 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
b15bdda8 1804 Service *service;
4f2d528d 1805
6cf6bbc2 1806 if (s->n_connections >= s->max_connections) {
e821075a 1807 log_warning_unit(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
03e334a1 1808 safe_close(cfd);
6cf6bbc2
LP		 1809 return;
1810 }
1811
1a710b43
MS		 1812 r = socket_instantiate_service(s);
1813 if (r < 0)
b15bdda8
LP		 1814 goto fail;
1815
1a710b43
MS		 1816 r = instance_from_socket(cfd, s->n_accepted, &instance);
1817 if (r < 0) {
1818 if (r != -ENOTCONN)
1819 goto fail;
1820
1821 /* ENOTCONN is legitimate if TCP RST was received.
1822 * This connection is over, but the socket unit lives on. */
03e334a1 1823 safe_close(cfd);
1a710b43
MS		 1824 return;
1825 }
4f2d528d 1826
1a710b43
MS		 1827 prefix = unit_name_to_prefix(UNIT(s)->id);
1828 if (!prefix) {
4f2d528d
LP		 1829 r = -ENOMEM;
1830 goto fail;
1831 }
1832
1833 name = unit_name_build(prefix, instance, ".service");
b6dbbe1c 1834 if (!name) {
4f2d528d 1835 r = -ENOMEM;
b6dbbe1c
LP		 1836 goto fail;
1837 }
4f2d528d 1838
1a710b43 1839 r = unit_add_name(UNIT_DEREF(s->service), name);
e55001eb 1840 if (r < 0)
4f2d528d 1841 goto fail;
b15bdda8 1842
57020a3a
LP		 1843 service = SERVICE(UNIT_DEREF(s->service));
1844 unit_ref_unset(&s->service);
b15bdda8 1845 s->n_accepted ++;
4f2d528d 1846
1124fe6f 1847 UNIT(service)->no_gc = false;
6c073082 1848
b15bdda8 1849 unit_choose_id(UNIT(service), name);
b15bdda8 1850
16115b0a 1851 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1a710b43 1852 if (r < 0)
4f2d528d
LP		 1853 goto fail;
1854
1855 cfd = -1;
6cf6bbc2
LP		 1856 s->n_connections ++;
1857
1a710b43
MS		 1858 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1859 if (r < 0)
4f2d528d 1860 goto fail;
c4e2ceae
LP		 1861
1862 /* Notify clients about changed counters */
1863 unit_add_to_dbus_queue(UNIT(s));
4f2d528d 1864 }
034c6ed7 1865
034c6ed7
LP		 1866 return;
1867
1868fail:
e821075a
LP		 1869 log_warning_unit(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1870 UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
718db961 1871 bus_error_message(&error, r));
e821075a 1872
60089004 1873 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
03e334a1 1874 safe_close(cfd);
034c6ed7
LP		 1875}
1876
cfc4eb4c 1877static void socket_run_next(Socket *s) {
034c6ed7
LP		 1878 int r;
1879
1880 assert(s);
1881 assert(s->control_command);
1882 assert(s->control_command->command_next);
1883
5e94833f
LP		 1884 socket_unwatch_control_pid(s);
1885
034c6ed7
LP		 1886 s->control_command = s->control_command->command_next;
1887
e821075a
LP		 1888 r = socket_spawn(s, s->control_command, &s->control_pid);
1889 if (r < 0)
034c6ed7
LP		 1890 goto fail;
1891
1892 return;
1893
1894fail:
e821075a 1895 log_warning_unit(UNIT(s)->id, "%s failed to run next task: %s", UNIT(s)->id, strerror(-r));
80876c20
LP		 1896
1897 if (s->state == SOCKET_START_POST)
cfc4eb4c 1898 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1899 else if (s->state == SOCKET_STOP_POST)
cfc4eb4c 1900 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1901 else
cfc4eb4c 1902 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1903}
1904
87f0e418
LP		 1905static int socket_start(Unit *u) {
1906 Socket *s = SOCKET(u);
83c60c9f
LP		 1907
1908 assert(s);
1909
034c6ed7
LP		 1910 /* We cannot fulfill this request right now, try again later
1911 * please! */
3900e5fd
LP		 1912 if (IN_SET(s->state,
1913 SOCKET_STOP_PRE,
1914 SOCKET_STOP_PRE_SIGKILL,
1915 SOCKET_STOP_PRE_SIGTERM,
1916 SOCKET_STOP_POST,
1917 SOCKET_FINAL_SIGTERM,
1918 SOCKET_FINAL_SIGKILL))
034c6ed7
LP		 1919 return -EAGAIN;
1920
a4152e3f 1921 /* Already on it! */
3900e5fd
LP		 1922 if (IN_SET(s->state,
1923 SOCKET_START_PRE,
1924 SOCKET_START_CHOWN,
1925 SOCKET_START_POST))
034c6ed7 1926 return 0;
83c60c9f 1927
034c6ed7 1928 /* Cannot run this without the service being around */
9444b1f2 1929 if (UNIT_ISSET(s->service)) {
57020a3a
LP		 1930 Service *service;
1931
1932 service = SERVICE(UNIT_DEREF(s->service));
1933
1124fe6f 1934 if (UNIT(service)->load_state != UNIT_LOADED) {
e821075a 1935 log_error_unit(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
4f2d528d 1936 return -ENOENT;
4ac9236f 1937 }
4f2d528d 1938
35b8ca3a 1939 /* If the service is already active we cannot start the
4f2d528d 1940 * socket */
57020a3a
LP		 1941 if (service->state != SERVICE_DEAD &&
1942 service->state != SERVICE_FAILED &&
1943 service->state != SERVICE_AUTO_RESTART) {
e821075a 1944 log_error_unit(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
4f2d528d 1945 return -EBUSY;
4ac9236f 1946 }
4f2d528d 1947 }
e537352b 1948
fdf20a31 1949 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
83c60c9f 1950
cfc4eb4c 1951 s->result = SOCKET_SUCCESS;
034c6ed7 1952 socket_enter_start_pre(s);
e821075a 1953
034c6ed7
LP		 1954 return 0;
1955}
83c60c9f 1956
87f0e418
LP		 1957static int socket_stop(Unit *u) {
1958 Socket *s = SOCKET(u);
034c6ed7
LP		 1959
1960 assert(s);
1961
e537352b 1962 /* Already on it */
3900e5fd
LP		 1963 if (IN_SET(s->state,
1964 SOCKET_STOP_PRE,
1965 SOCKET_STOP_PRE_SIGTERM,
1966 SOCKET_STOP_PRE_SIGKILL,
1967 SOCKET_STOP_POST,
1968 SOCKET_FINAL_SIGTERM,
1969 SOCKET_FINAL_SIGKILL))
e537352b
LP		 1970 return 0;
1971
3f6c78dc
LP		 1972 /* If there's already something running we go directly into
1973 * kill mode. */
3900e5fd
LP		 1974 if (IN_SET(s->state,
1975 SOCKET_START_PRE,
1976 SOCKET_START_CHOWN,
1977 SOCKET_START_POST)) {
cfc4eb4c 1978 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
3f6c78dc
LP		 1979 return -EAGAIN;
1980 }
1981
034c6ed7 1982 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
83c60c9f 1983
cfc4eb4c 1984 socket_enter_stop_pre(s, SOCKET_SUCCESS);
542563ba
LP		 1985 return 0;
1986}
1987
a16e1123
LP		 1988static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1989 Socket *s = SOCKET(u);
1990 SocketPort *p;
1991 int r;
1992
1993 assert(u);
1994 assert(f);
1995 assert(fds);
1996
1997 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
cfc4eb4c 1998 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
a16e1123
LP		 1999 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2000
2001 if (s->control_pid > 0)
de0671ee 2002 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
a16e1123
LP		 2003
2004 if (s->control_command_id >= 0)
2005 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2006
2007 LIST_FOREACH(port, p, s->ports) {
2008 int copy;
2009
2010 if (p->fd < 0)
2011 continue;
2012
613b411c
LP		 2013 copy = fdset_put_dup(fds, p->fd);
2014 if (copy < 0)
a16e1123
LP		 2015 return copy;
2016
2017 if (p->type == SOCKET_SOCKET) {
613b411c 2018 _cleanup_free_ char *t = NULL;
a16e1123 2019
ee092817
LP		 2020 r = socket_address_print(&p->address, &t);
2021 if (r < 0)
a16e1123
LP		 2022 return r;
2023
7a22745a
LP		 2024 if (socket_address_family(&p->address) == AF_NETLINK)
2025 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2026 else
2027 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
613b411c 2028
b0a3f2bc
LP		 2029 } else if (p->type == SOCKET_SPECIAL)
2030 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
ee092817
LP		 2031 else if (p->type == SOCKET_MQUEUE)
2032 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
b0a3f2bc 2033 else {
a16e1123
LP		 2034 assert(p->type == SOCKET_FIFO);
2035 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2036 }
2037 }
2038
2039 return 0;
2040}
2041
2042static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2043 Socket *s = SOCKET(u);
a16e1123
LP		 2044
2045 assert(u);
2046 assert(key);
2047 assert(value);
a16e1123
LP		 2048
2049 if (streq(key, "state")) {
2050 SocketState state;
2051
ee092817
LP		 2052 state = socket_state_from_string(value);
2053 if (state < 0)
e821075a 2054 log_debug_unit(u->id, "Failed to parse state value %s", value);
a16e1123
LP		 2055 else
2056 s->deserialized_state = state;
cfc4eb4c
LP		 2057 } else if (streq(key, "result")) {
2058 SocketResult f;
a16e1123 2059
cfc4eb4c
LP		 2060 f = socket_result_from_string(value);
2061 if (f < 0)
e821075a 2062 log_debug_unit(u->id, "Failed to parse result value %s", value);
cfc4eb4c
LP		 2063 else if (f != SOCKET_SUCCESS)
2064 s->result = f;
a16e1123
LP		 2065
2066 } else if (streq(key, "n-accepted")) {
2067 unsigned k;
2068
e364ad06 2069 if (safe_atou(value, &k) < 0)
e821075a 2070 log_debug_unit(u->id, "Failed to parse n-accepted value %s", value);
a16e1123
LP		 2071 else
2072 s->n_accepted += k;
2073 } else if (streq(key, "control-pid")) {
5925dd3c 2074 pid_t pid;
a16e1123 2075
e364ad06 2076 if (parse_pid(value, &pid) < 0)
e821075a 2077 log_debug_unit(u->id, "Failed to parse control-pid value %s", value);
a16e1123 2078 else
5925dd3c 2079 s->control_pid = pid;
a16e1123
LP		 2080 } else if (streq(key, "control-command")) {
2081 SocketExecCommand id;
2082
66870f90
ZJS		 2083 id = socket_exec_command_from_string(value);
2084 if (id < 0)
e821075a 2085 log_debug_unit(u->id, "Failed to parse exec-command value %s", value);
a16e1123
LP		 2086 else {
2087 s->control_command_id = id;
2088 s->control_command = s->exec_command[id];
2089 }
2090 } else if (streq(key, "fifo")) {
2091 int fd, skip = 0;
2092 SocketPort *p;
2093
2094 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
e821075a 2095 log_debug_unit(u->id, "Failed to parse fifo value %s", value);
a16e1123
LP		 2096 else {
2097
2098 LIST_FOREACH(port, p, s->ports)
b0a3f2bc
LP		 2099 if (p->type == SOCKET_FIFO &&
2100 streq_ptr(p->path, value+skip))
2101 break;
2102
2103 if (p) {
03e334a1 2104 safe_close(p->fd);
b0a3f2bc
LP		 2105 p->fd = fdset_remove(fds, fd);
2106 }
2107 }
2108
2109 } else if (streq(key, "special")) {
2110 int fd, skip = 0;
2111 SocketPort *p;
2112
2113 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
e821075a 2114 log_debug_unit(u->id, "Failed to parse special value %s", value);
b0a3f2bc
LP		 2115 else {
2116
2117 LIST_FOREACH(port, p, s->ports)
2118 if (p->type == SOCKET_SPECIAL &&
2119 streq_ptr(p->path, value+skip))
a16e1123
LP		 2120 break;
2121
2122 if (p) {
03e334a1 2123 safe_close(p->fd);
a16e1123
LP		 2124 p->fd = fdset_remove(fds, fd);
2125 }
2126 }
2127
ee092817
LP		 2128 } else if (streq(key, "mqueue")) {
2129 int fd, skip = 0;
2130 SocketPort *p;
2131
2132 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
e821075a 2133 log_debug_unit(u->id, "Failed to parse mqueue value %s", value);
ee092817
LP		 2134 else {
2135
2136 LIST_FOREACH(port, p, s->ports)
2137 if (p->type == SOCKET_MQUEUE &&
2138 streq_ptr(p->path, value+skip))
2139 break;
2140
2141 if (p) {
03e334a1 2142 safe_close(p->fd);
ee092817
LP		 2143 p->fd = fdset_remove(fds, fd);
2144 }
2145 }
2146
a16e1123 2147 } else if (streq(key, "socket")) {
27ca8d7a 2148 int fd, type, skip = 0;
a16e1123
LP		 2149 SocketPort *p;
2150
27ca8d7a 2151 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
e821075a 2152 log_debug_unit(u->id, "Failed to parse socket value %s", value);
a16e1123
LP		 2153 else {
2154
2155 LIST_FOREACH(port, p, s->ports)
27ca8d7a 2156 if (socket_address_is(&p->address, value+skip, type))
a16e1123
LP		 2157 break;
2158
2159 if (p) {
03e334a1 2160 safe_close(p->fd);
a16e1123
LP		 2161 p->fd = fdset_remove(fds, fd);
2162 }
2163 }
2164
7a22745a
LP		 2165 } else if (streq(key, "netlink")) {
2166 int fd, skip = 0;
2167 SocketPort *p;
2168
2169 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
e821075a 2170 log_debug_unit(u->id, "Failed to parse socket value %s", value);
7a22745a
LP		 2171 else {
2172
2173 LIST_FOREACH(port, p, s->ports)
2174 if (socket_address_is_netlink(&p->address, value+skip))
2175 break;
2176
2177 if (p) {
03e334a1 2178 safe_close(p->fd);
7a22745a
LP		 2179 p->fd = fdset_remove(fds, fd);
2180 }
2181 }
a16e1123 2182 } else
e821075a 2183 log_debug_unit(UNIT(s)->id, "Unknown serialization key '%s'", key);
a16e1123
LP		 2184
2185 return 0;
2186}
2187
01e10de3
LP		 2188static int socket_distribute_fds(Unit *u, FDSet *fds) {
2189 Socket *s = SOCKET(u);
2190 SocketPort *p;
2191
2192 assert(u);
2193
2194 LIST_FOREACH(port, p, s->ports) {
2195 Iterator i;
2196 int fd;
2197
2198 if (p->type != SOCKET_SOCKET)
2199 continue;
2200
2201 if (p->fd >= 0)
2202 continue;
2203
2204 FDSET_FOREACH(fd, fds, i) {
2205 if (socket_address_matches_fd(&p->address, fd)) {
2206 p->fd = fdset_remove(fds, fd);
2207 s->deserialized_state = SOCKET_LISTENING;
2208 break;
2209 }
2210 }
2211 }
2212
2213 return 0;
2214}
2215
44a6b1b6 2216_pure_ static UnitActiveState socket_active_state(Unit *u) {
87f0e418 2217 assert(u);
5cb5a6ff 2218
acbb0225 2219 return state_translation_table[SOCKET(u)->state];
5cb5a6ff
LP		 2220}
2221
44a6b1b6 2222_pure_ static const char *socket_sub_state_to_string(Unit *u) {
10a94420
LP		 2223 assert(u);
2224
a16e1123 2225 return socket_state_to_string(SOCKET(u)->state);
10a94420
LP		 2226}
2227
67419600
OS		 2228const char* socket_port_type_to_string(SocketPort *p) {
2229
2230 assert(p);
2231
2232 switch (p->type) {
718db961
LP		 2233
2234 case SOCKET_SOCKET:
2235
2236 switch (p->address.type) {
2237
2238 case SOCK_STREAM:
2239 return "Stream";
2240
2241 case SOCK_DGRAM:
2242 return "Datagram";
2243
2244 case SOCK_SEQPACKET:
2245 return "SequentialPacket";
2246
2247 case SOCK_RAW:
2248 if (socket_address_family(&p->address) == AF_NETLINK)
2249 return "Netlink";
2250
2251 default:
2252 return NULL;
2253 }
2254
2255 case SOCKET_SPECIAL:
2256 return "Special";
2257
2258 case SOCKET_MQUEUE:
2259 return "MessageQueue";
2260
2261 case SOCKET_FIFO:
2262 return "FIFO";
2263
2264 default:
2265 return NULL;
67419600
OS		 2266 }
2267}
2268
44a6b1b6 2269_pure_ static bool socket_check_gc(Unit *u) {
6cf6bbc2
LP		 2270 Socket *s = SOCKET(u);
2271
2272 assert(u);
2273
2274 return s->n_connections > 0;
2275}
2276
718db961
LP		 2277static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2278 SocketPort *p = userdata;
4f2d528d 2279 int cfd = -1;
9152c765 2280
718db961 2281 assert(p);
8d567588 2282 assert(fd >= 0);
9152c765 2283
718db961
LP		 2284 if (p->socket->state != SOCKET_LISTENING)
2285 return 0;
871d7de4 2286
718db961 2287 log_debug_unit(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
9152c765 2288
718db961 2289 if (revents != EPOLLIN) {
641e01dc 2290
718db961 2291 if (revents & EPOLLHUP)
e821075a 2292 log_error_unit(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
718db961 2293 UNIT(p->socket)->id);
641e01dc 2294 else
e821075a 2295 log_error_unit(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
718db961 2296 UNIT(p->socket)->id, revents);
641e01dc 2297
8d567588 2298 goto fail;
4f2d528d
LP		 2299 }
2300
718db961
LP		 2301 if (p->socket->accept &&
2302 p->type == SOCKET_SOCKET &&
2303 socket_address_can_accept(&p->address)) {
2304
4f2d528d
LP		 2305 for (;;) {
2306
b14eda96
LP		 2307 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2308 if (cfd < 0) {
4f2d528d
LP		 2309
2310 if (errno == EINTR)
2311 continue;
2312
718db961 2313 log_error_unit(UNIT(p->socket)->id,
66870f90 2314 "Failed to accept socket: %m");
8d567588 2315 goto fail;
4f2d528d
LP		 2316 }
2317
2318 break;
2319 }
4fd5948e 2320
718db961 2321 socket_apply_socket_options(p->socket, cfd);
4f2d528d 2322 }
9152c765 2323
718db961
LP		 2324 socket_enter_running(p->socket, cfd);
2325 return 0;
8d567588
LP		 2326
2327fail:
718db961
LP		 2328 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2329 return 0;
9152c765
LP		 2330}
2331
87f0e418
LP		 2332static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2333 Socket *s = SOCKET(u);
cfc4eb4c 2334 SocketResult f;
5cb5a6ff
LP		 2335
2336 assert(s);
034c6ed7 2337 assert(pid >= 0);
5cb5a6ff 2338
8c47c732
LP		 2339 if (pid != s->control_pid)
2340 return;
542563ba 2341
034c6ed7
LP		 2342 s->control_pid = 0;
2343
96342de6 2344 if (is_clean_exit(code, status, NULL))
cfc4eb4c
LP		 2345 f = SOCKET_SUCCESS;
2346 else if (code == CLD_EXITED)
2347 f = SOCKET_FAILURE_EXIT_CODE;
2348 else if (code == CLD_KILLED)
2349 f = SOCKET_FAILURE_SIGNAL;
2350 else if (code == CLD_DUMPED)
2351 f = SOCKET_FAILURE_CORE_DUMP;
2352 else
a4152e3f 2353 assert_not_reached("Unknown sigchld code");
8c47c732 2354
b708e7ce 2355 if (s->control_command) {
6ea832a2 2356 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
a16e1123 2357
b708e7ce 2358 if (s->control_command->ignore)
cfc4eb4c 2359 f = SOCKET_SUCCESS;
b708e7ce
LP		 2360 }
2361
66870f90
ZJS		 2362 log_full_unit(f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
2363 u->id,
2364 "%s control process exited, code=%s status=%i",
2365 u->id, sigchld_code_to_string(code), status);
034c6ed7 2366
cfc4eb4c
LP		 2367 if (f != SOCKET_SUCCESS)
2368 s->result = f;
2369
2370 if (s->control_command &&
2371 s->control_command->command_next &&
2372 f == SOCKET_SUCCESS) {
2373
66870f90
ZJS		 2374 log_debug_unit(u->id,
2375 "%s running next command for state %s",
2376 u->id, socket_state_to_string(s->state));
cfc4eb4c 2377 socket_run_next(s);
acbb0225 2378 } else {
a16e1123
LP		 2379 s->control_command = NULL;
2380 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2381
034c6ed7
LP		 2382 /* No further commands for this step, so let's figure
2383 * out what to do next */
5cb5a6ff 2384
66870f90
ZJS		 2385 log_debug_unit(u->id,
2386 "%s got final SIGCHLD for state %s",
2387 u->id, socket_state_to_string(s->state));
acbb0225 2388
034c6ed7
LP		 2389 switch (s->state) {
2390
2391 case SOCKET_START_PRE:
cfc4eb4c 2392 if (f == SOCKET_SUCCESS)
3900e5fd 2393 socket_enter_start_chown(s);
034c6ed7 2394 else
cfc4eb4c 2395 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
034c6ed7
LP		 2396 break;
2397
3900e5fd
LP		 2398 case SOCKET_START_CHOWN:
2399 if (f == SOCKET_SUCCESS)
2400 socket_enter_start_post(s);
2401 else
2402 socket_enter_stop_pre(s, f);
2403 break;
2404
034c6ed7 2405 case SOCKET_START_POST:
cfc4eb4c 2406 if (f == SOCKET_SUCCESS)
e9af15c3 2407 socket_enter_listening(s);
034c6ed7 2408 else
cfc4eb4c 2409 socket_enter_stop_pre(s, f);
034c6ed7
LP		 2410 break;
2411
2412 case SOCKET_STOP_PRE:
2413 case SOCKET_STOP_PRE_SIGTERM:
2414 case SOCKET_STOP_PRE_SIGKILL:
cfc4eb4c 2415 socket_enter_stop_post(s, f);
034c6ed7
LP		 2416 break;
2417
2418 case SOCKET_STOP_POST:
80876c20
LP		 2419 case SOCKET_FINAL_SIGTERM:
2420 case SOCKET_FINAL_SIGKILL:
cfc4eb4c 2421 socket_enter_dead(s, f);
034c6ed7
LP		 2422 break;
2423
2424 default:
2425 assert_not_reached("Uh, control process died at wrong time.");
2426 }
2427 }
c4e2ceae
LP		 2428
2429 /* Notify clients about changed exit status */
2430 unit_add_to_dbus_queue(u);
034c6ed7 2431}
5cb5a6ff 2432
718db961
LP		 2433static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2434 Socket *s = SOCKET(userdata);
5cb5a6ff 2435
034c6ed7 2436 assert(s);
718db961 2437 assert(s->timer_event_source == source);
034c6ed7
LP		 2438
2439 switch (s->state) {
2440
2441 case SOCKET_START_PRE:
3900e5fd 2442 log_warning_unit(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
cfc4eb4c 2443 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
da19d5c1 2444 break;
80876c20 2445
3900e5fd 2446 case SOCKET_START_CHOWN:
034c6ed7 2447 case SOCKET_START_POST:
3900e5fd 2448 log_warning_unit(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
cfc4eb4c 2449 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2450 break;
2451
2452 case SOCKET_STOP_PRE:
3900e5fd 2453 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
cfc4eb4c 2454 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2455 break;
2456
2457 case SOCKET_STOP_PRE_SIGTERM:
4819ff03 2458 if (s->kill_context.send_sigkill) {
3900e5fd 2459 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
cfc4eb4c 2460 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2461 } else {
3900e5fd 2462 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
cfc4eb4c 2463 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2464 }
034c6ed7
LP		 2465 break;
2466
2467 case SOCKET_STOP_PRE_SIGKILL:
3900e5fd 2468 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
cfc4eb4c 2469 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2470 break;
2471
2472 case SOCKET_STOP_POST:
3900e5fd 2473 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
cfc4eb4c 2474 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2475 break;
2476
80876c20 2477 case SOCKET_FINAL_SIGTERM:
4819ff03 2478 if (s->kill_context.send_sigkill) {
3900e5fd 2479 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
cfc4eb4c 2480 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2481 } else {
3900e5fd 2482 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
cfc4eb4c 2483 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2484 }
034c6ed7
LP		 2485 break;
2486
80876c20 2487 case SOCKET_FINAL_SIGKILL:
3900e5fd 2488 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
cfc4eb4c 2489 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2490 break;
2491
2492 default:
2493 assert_not_reached("Timeout at wrong time.");
2494 }
718db961
LP		 2495
2496 return 0;
5cb5a6ff
LP		 2497}
2498
44d8db9e
LP		 2499int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2500 int *rfds;
2501 unsigned rn_fds, k;
2502 SocketPort *p;
2503
2504 assert(s);
2505 assert(fds);
2506 assert(n_fds);
2507
2508 /* Called from the service code for requesting our fds */
2509
2510 rn_fds = 0;
2511 LIST_FOREACH(port, p, s->ports)
2512 if (p->fd >= 0)
2513 rn_fds++;
2514
de3756ab
LP		 2515 if (rn_fds <= 0) {
2516 *fds = NULL;
2517 *n_fds = 0;
2518 return 0;
2519 }
2520
e364ad06 2521 if (!(rfds = new(int, rn_fds)))
44d8db9e
LP		 2522 return -ENOMEM;
2523
2524 k = 0;
2525 LIST_FOREACH(port, p, s->ports)
2526 if (p->fd >= 0)
2527 rfds[k++] = p->fd;
2528
2529 assert(k == rn_fds);
2530
2531 *fds = rfds;
2532 *n_fds = rn_fds;
2533
2534 return 0;
2535}
2536
e821075a
LP		 2537static void socket_reset_failed(Unit *u) {
2538 Socket *s = SOCKET(u);
2539
2540 assert(s);
2541
2542 if (s->state == SOCKET_FAILED)
2543 socket_set_state(s, SOCKET_DEAD);
2544
2545 s->result = SOCKET_SUCCESS;
2546}
2547
d137a488 2548static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
ceee3d82
LP		 2549 assert(s);
2550
6cf6bbc2
LP		 2551 /* The service is dead. Dang!
2552 *
2553 * This is strictly for one-instance-for-all-connections
2554 * services. */
ceee3d82
LP		 2555
2556 if (s->state == SOCKET_RUNNING) {
e821075a 2557 log_debug_unit(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
6bda96a0
LP		 2558 if (failed_permanent)
2559 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
c2f34808
MS		 2560 else
2561 socket_enter_listening(s);
ceee3d82
LP		 2562 }
2563}
2564
6cf6bbc2
LP		 2565void socket_connection_unref(Socket *s) {
2566 assert(s);
2567
2568 /* The service is dead. Yay!
2569 *
35b8ca3a 2570 * This is strictly for one-instance-per-connection
6cf6bbc2
LP		 2571 * services. */
2572
2573 assert(s->n_connections > 0);
2574 s->n_connections--;
2575
e821075a 2576 log_debug_unit(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
5632e374
LP		 2577}
2578
d137a488
UTL		 2579static void socket_trigger_notify(Unit *u, Unit *other) {
2580 Socket *s = SOCKET(u);
e821075a 2581 Service *se;
d137a488
UTL		 2582
2583 assert(u);
2584 assert(other);
2585
2586 /* Don't propagate state changes from the service if we are
2587 already down or accepting connections */
2588 if ((s->state != SOCKET_RUNNING &&
2589 s->state != SOCKET_LISTENING) ||
2590 s->accept)
2591 return;
2592
2593 if (other->load_state != UNIT_LOADED ||
2594 other->type != UNIT_SERVICE)
2595 return;
2596
e821075a
LP		 2597 se = SERVICE(other);
2598
d137a488
UTL		 2599 if (se->state == SERVICE_FAILED)
2600 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2601
2602 if (se->state == SERVICE_DEAD ||
2603 se->state == SERVICE_STOP ||
2604 se->state == SERVICE_STOP_SIGTERM ||
2605 se->state == SERVICE_STOP_SIGKILL ||
2606 se->state == SERVICE_STOP_POST ||
2607 se->state == SERVICE_FINAL_SIGTERM ||
2608 se->state == SERVICE_FINAL_SIGKILL ||
2609 se->state == SERVICE_AUTO_RESTART)
2610 socket_notify_service_dead(s, false);
2611
2612 if (se->state == SERVICE_RUNNING)
2613 socket_set_state(s, SOCKET_RUNNING);
2614}
2615
718db961 2616static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
814cc562 2617 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
8a0867d6
LP		 2618}
2619
68db7a3b
ZJS		 2620static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2621 Socket *s = SOCKET(u);
2622 int r;
2623
2624 if (!s->timer_event_source)
2625 return 0;
2626
2627 r = sd_event_source_get_time(s->timer_event_source, timeout);
2628 if (r < 0)
2629 return r;
2630
2631 return 1;
2632}
2633
a16e1123
LP		 2634static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2635 [SOCKET_DEAD] = "dead",
2636 [SOCKET_START_PRE] = "start-pre",
3900e5fd 2637 [SOCKET_START_CHOWN] = "start-chown",
a16e1123
LP		 2638 [SOCKET_START_POST] = "start-post",
2639 [SOCKET_LISTENING] = "listening",
2640 [SOCKET_RUNNING] = "running",
2641 [SOCKET_STOP_PRE] = "stop-pre",
2642 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2643 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2644 [SOCKET_STOP_POST] = "stop-post",
2645 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2646 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
fdf20a31 2647 [SOCKET_FAILED] = "failed"
a16e1123
LP		 2648};
2649
2650DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2651
2652static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2653 [SOCKET_EXEC_START_PRE] = "StartPre",
3900e5fd 2654 [SOCKET_EXEC_START_CHOWN] = "StartChown",
a16e1123
LP		 2655 [SOCKET_EXEC_START_POST] = "StartPost",
2656 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2657 [SOCKET_EXEC_STOP_POST] = "StopPost"
2658};
2659
2660DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2661
cfc4eb4c
LP		 2662static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2663 [SOCKET_SUCCESS] = "success",
2664 [SOCKET_FAILURE_RESOURCES] = "resources",
2665 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2666 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2667 [SOCKET_FAILURE_SIGNAL] = "signal",
c2f34808 2668 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
6bda96a0 2669 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
cfc4eb4c
LP		 2670};
2671
2672DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2673
87f0e418 2674const UnitVTable socket_vtable = {
7d17cfbc 2675 .object_size = sizeof(Socket),
718db961
LP		 2676 .exec_context_offset = offsetof(Socket, exec_context),
2677 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2678 .kill_context_offset = offsetof(Socket, kill_context),
613b411c 2679 .exec_runtime_offset = offsetof(Socket, exec_runtime),
3ef63c31 2680
f975e971
LP		 2681 .sections =
2682 "Unit\0"
2683 "Socket\0"
2684 "Install\0",
4ad49000 2685 .private_section = "Socket",
71645aca 2686
034c6ed7
LP		 2687 .init = socket_init,
2688 .done = socket_done,
a16e1123
LP		 2689 .load = socket_load,
2690
2691 .coldplug = socket_coldplug,
034c6ed7 2692
5cb5a6ff
LP		 2693 .dump = socket_dump,
2694
542563ba
LP		 2695 .start = socket_start,
2696 .stop = socket_stop,
5cb5a6ff 2697
718db961
LP		 2698 .kill = socket_kill,
2699
68db7a3b
ZJS		 2700 .get_timeout = socket_get_timeout,
2701
a16e1123
LP		 2702 .serialize = socket_serialize,
2703 .deserialize_item = socket_deserialize_item,
01e10de3 2704 .distribute_fds = socket_distribute_fds,
a16e1123 2705
5cb5a6ff 2706 .active_state = socket_active_state,
10a94420 2707 .sub_state_to_string = socket_sub_state_to_string,
5cb5a6ff 2708
6cf6bbc2
LP		 2709 .check_gc = socket_check_gc,
2710
034c6ed7 2711 .sigchld_event = socket_sigchld_event,
4139c1b2 2712
d137a488
UTL		 2713 .trigger_notify = socket_trigger_notify,
2714
fdf20a31 2715 .reset_failed = socket_reset_failed,
5632e374 2716
c4e2ceae 2717 .bus_interface = "org.freedesktop.systemd1.Socket",
718db961 2718 .bus_vtable = bus_socket_vtable,
74c964d3
LP		 2719 .bus_set_property = bus_socket_set_property,
2720 .bus_commit_properties = bus_socket_commit_properties,
c6918296
MS		 2721
2722 .status_message_formats = {
2723 /*.starting_stopping = {
2724 [0] = "Starting socket %s...",
2725 [1] = "Stopping socket %s...",
2726 },*/
2727 .finished_start_job = {
2728 [JOB_DONE] = "Listening on %s.",
2729 [JOB_FAILED] = "Failed to listen on %s.",
2730 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2731 [JOB_TIMEOUT] = "Timed out starting %s.",
2732 },
2733 .finished_stop_job = {
2734 [JOB_DONE] = "Closed %s.",
2735 [JOB_FAILED] = "Failed stopping %s.",
2736 [JOB_TIMEOUT] = "Timed out stopping %s.",
2737 },
2738 },
5cb5a6ff 2739};
Unnamed repository; edit this file 'description' to name the repository.