]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/core/socket.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
mac: rename apis with mac_{selinux/smack}_ prefix
[thirdparty/systemd.git] / src / core / socket.c
CommitLineData
d6c9574f 1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
5cb5a6ff 2
a7334b09
LP		 3/***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
5430f7f2
LP		 9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
a7334b09
LP		 11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2 16 Lesser General Public License for more details.
a7334b09 17
5430f7f2 18 You should have received a copy of the GNU Lesser General Public License
a7334b09
LP		 19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
83c60c9f
LP		 22#include <sys/types.h>
23#include <sys/stat.h>
24#include <unistd.h>
25#include <errno.h>
26#include <fcntl.h>
f94ea366 27#include <sys/epoll.h>
034c6ed7 28#include <signal.h>
4f2d528d 29#include <arpa/inet.h>
718db961 30#include <netinet/tcp.h>
916abb21 31#include <mqueue.h>
d2edfae0 32#include <sys/xattr.h>
83c60c9f 33
718db961 34#include "sd-event.h"
83c60c9f 35#include "log.h"
23a177ef
LP		 36#include "load-dropin.h"
37#include "load-fragment.h"
9e2f7c11 38#include "strv.h"
49e942b2 39#include "mkdir.h"
9eb977db 40#include "path-util.h"
4f2d528d 41#include "unit-name.h"
41f9172f 42#include "unit-printf.h"
4fd5948e 43#include "missing.h"
a40eb732 44#include "special.h"
e51bc1a2 45#include "label.h"
9a57c629 46#include "exit-status.h"
f6a6225e 47#include "def.h"
5a045dad 48#include "smack-util.h"
718db961
LP		 49#include "bus-util.h"
50#include "bus-error.h"
e821075a
LP		 51#include "dbus-socket.h"
52#include "unit.h"
53#include "socket.h"
83c60c9f 54
acbb0225 55static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
87f0e418
LP		 56 [SOCKET_DEAD] = UNIT_INACTIVE,
57 [SOCKET_START_PRE] = UNIT_ACTIVATING,
3900e5fd 58 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
87f0e418
LP		 59 [SOCKET_START_POST] = UNIT_ACTIVATING,
60 [SOCKET_LISTENING] = UNIT_ACTIVE,
61 [SOCKET_RUNNING] = UNIT_ACTIVE,
62 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
80876c20
LP		 66 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
67 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
fdf20a31 68 [SOCKET_FAILED] = UNIT_FAILED
83c60c9f 69};
5cb5a6ff 70
718db961
LP		 71static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
72static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
73
a16e1123
LP		 74static void socket_init(Unit *u) {
75 Socket *s = SOCKET(u);
76
77 assert(u);
ac155bb8 78 assert(u->load_state == UNIT_STUB);
a16e1123 79
a16e1123 80 s->backlog = SOMAXCONN;
1f19a534 81 s->timeout_usec = u->manager->default_timeout_start_usec;
a16e1123 82 s->directory_mode = 0755;
9131f660 83 s->socket_mode = 0666;
a16e1123 84
6cf6bbc2
LP		 85 s->max_connections = 64;
86
4fd5948e 87 s->priority = -1;
4fd5948e
LP		 88 s->ip_tos = -1;
89 s->ip_ttl = -1;
4fd5948e 90 s->mark = -1;
4fd5948e 91
ac155bb8
MS		 92 s->exec_context.std_output = u->manager->default_std_output;
93 s->exec_context.std_error = u->manager->default_std_error;
085afe36 94
a16e1123
LP		 95 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
96}
acbb0225 97
5e94833f
LP		 98static void socket_unwatch_control_pid(Socket *s) {
99 assert(s);
100
101 if (s->control_pid <= 0)
102 return;
103
104 unit_unwatch_pid(UNIT(s), s->control_pid);
105 s->control_pid = 0;
106}
107
74051b9b 108void socket_free_ports(Socket *s) {
034c6ed7
LP		 109 SocketPort *p;
110
111 assert(s);
112
113 while ((p = s->ports)) {
71fda00f 114 LIST_REMOVE(port, s->ports, p);
034c6ed7 115
718db961
LP		 116 sd_event_source_unref(p->event_source);
117
03e334a1 118 safe_close(p->fd);
034c6ed7
LP		 119 free(p->path);
120 free(p);
121 }
74051b9b
LP		 122}
123
124static void socket_done(Unit *u) {
125 Socket *s = SOCKET(u);
126
127 assert(s);
128
129 socket_free_ports(s);
034c6ed7 130
613b411c 131 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
e537352b 132 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
034c6ed7
LP		 133 s->control_command = NULL;
134
5e94833f 135 socket_unwatch_control_pid(s);
034c6ed7 136
57020a3a 137 unit_ref_unset(&s->service);
034c6ed7 138
cebf8b20
TT		 139 free(s->tcp_congestion);
140 s->tcp_congestion = NULL;
141
acbb0225 142 free(s->bind_to_device);
e537352b 143 s->bind_to_device = NULL;
acbb0225 144
0eb59ccf
AK		 145 free(s->smack);
146 free(s->smack_ip_in);
147 free(s->smack_ip_out);
148
811ba7a0
LP		 149 strv_free(s->symlinks);
150
3900e5fd
LP		 151 free(s->user);
152 free(s->group);
153
718db961
LP		 154 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
155}
156
157static int socket_arm_timer(Socket *s) {
158 int r;
159
160 assert(s);
161
162 if (s->timeout_usec <= 0) {
163 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
164 return 0;
165 }
166
167 if (s->timer_event_source) {
168 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
169 if (r < 0)
170 return r;
171
172 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
173 }
174
6a0f1f6d
LP		 175 return sd_event_add_time(
176 UNIT(s)->manager->event,
177 &s->timer_event_source,
178 CLOCK_MONOTONIC,
179 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
180 socket_dispatch_timer, s);
5cb5a6ff
LP		 181}
182
8b835fcc
ZJS		 183int socket_instantiate_service(Socket *s) {
184 _cleanup_free_ char *prefix = NULL, *name = NULL;
b15bdda8
LP		 185 int r;
186 Unit *u;
187
188 assert(s);
189
190 /* This fills in s->service if it isn't filled in yet. For
191 * Accept=yes sockets we create the next connection service
192 * here. For Accept=no this is mostly a NOP since the service
193 * is figured out at load time anyway. */
194
8b835fcc 195 if (UNIT_DEREF(s->service) || !s->accept)
b15bdda8
LP		 196 return 0;
197
315db1a8
ZJS		 198 prefix = unit_name_to_prefix(UNIT(s)->id);
199 if (!prefix)
b15bdda8
LP		 200 return -ENOMEM;
201
315db1a8 202 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
b15bdda8
LP		 203 return -ENOMEM;
204
1124fe6f 205 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
b15bdda8
LP		 206 if (r < 0)
207 return r;
208
ac155bb8 209 u->no_gc = true;
57020a3a
LP		 210 unit_ref_set(&s->service, u);
211
212 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
b15bdda8
LP		 213}
214
4f2d528d
LP		 215static bool have_non_accept_socket(Socket *s) {
216 SocketPort *p;
217
218 assert(s);
219
220 if (!s->accept)
221 return true;
222
dd5ad9d4
LP		 223 LIST_FOREACH(port, p, s->ports) {
224
225 if (p->type != SOCKET_SOCKET)
226 return true;
227
4f2d528d
LP		 228 if (!socket_address_can_accept(&p->address))
229 return true;
dd5ad9d4 230 }
4f2d528d
LP		 231
232 return false;
233}
234
a57f7e2c 235static int socket_add_mount_links(Socket *s) {
6e2ef85b 236 SocketPort *p;
6e2ef85b
LP		 237 int r;
238
239 assert(s);
6e2ef85b 240
a57f7e2c
LP		 241 LIST_FOREACH(port, p, s->ports) {
242 const char *path = NULL;
6e2ef85b 243
a57f7e2c
LP		 244 if (p->type == SOCKET_SOCKET)
245 path = socket_address_get_path(&p->address);
246 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
247 path = p->path;
6e2ef85b 248
a57f7e2c
LP		 249 if (!path)
250 continue;
6e2ef85b 251
a57f7e2c 252 r = unit_require_mounts_for(UNIT(s), path);
b87705cd 253 if (r < 0)
6e2ef85b 254 return r;
b87705cd 255 }
6e2ef85b
LP		 256
257 return 0;
258}
259
260static int socket_add_device_link(Socket *s) {
261 char *t;
6e2ef85b
LP		 262
263 assert(s);
264
7d0c710d 265 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
6e2ef85b
LP		 266 return 0;
267
e821075a
LP		 268 t = strappenda("/sys/subsystem/net/devices/", s->bind_to_device);
269 return unit_add_node_link(UNIT(s), t, false);
6e2ef85b
LP		 270}
271
a40eb732
LP		 272static int socket_add_default_dependencies(Socket *s) {
273 int r;
274 assert(s);
275
e3d84721
LP		 276 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
277 if (r < 0)
278 return r;
2a77d31d 279
e3d84721
LP		 280 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
281 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
282 if (r < 0)
a40eb732 283 return r;
2a77d31d 284 }
a40eb732 285
ead8e478 286 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
a40eb732
LP		 287}
288
44a6b1b6 289_pure_ static bool socket_has_exec(Socket *s) {
4cfc6dbe
LP		 290 unsigned i;
291 assert(s);
292
293 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
294 if (s->exec_command[i])
295 return true;
296
297 return false;
298}
299
e821075a
LP		 300static int socket_add_extras(Socket *s) {
301 Unit *u = UNIT(s);
e537352b 302 int r;
44d8db9e 303
e821075a 304 assert(s);
57020a3a 305
e821075a 306 if (have_non_accept_socket(s)) {
23a177ef 307
e821075a
LP		 308 if (!UNIT_DEREF(s->service)) {
309 Unit *x;
57020a3a 310
e821075a 311 r = unit_load_related_unit(u, ".service", &x);
57020a3a 312 if (r < 0)
4f2d528d 313 return r;
e821075a
LP		 314
315 unit_ref_set(&s->service, x);
4f2d528d 316 }
44d8db9e 317
e821075a
LP		 318 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
319 if (r < 0)
6e2ef85b 320 return r;
e821075a 321 }
6e2ef85b 322
e821075a
LP		 323 r = socket_add_mount_links(s);
324 if (r < 0)
325 return r;
6e2ef85b 326
e821075a
LP		 327 r = socket_add_device_link(s);
328 if (r < 0)
329 return r;
330
598459ce 331 r = unit_patch_contexts(u);
e821075a
LP		 332 if (r < 0)
333 return r;
334
335 if (socket_has_exec(s)) {
336 r = unit_add_exec_dependencies(u, &s->exec_context);
337 if (r < 0)
338 return r;
23a177ef 339
598459ce 340 r = unit_add_default_slice(u, &s->cgroup_context);
a016b922
LP		 341 if (r < 0)
342 return r;
e821075a 343 }
a016b922 344
e821075a
LP		 345 if (u->default_dependencies) {
346 r = socket_add_default_dependencies(s);
347 if (r < 0)
348 return r;
349 }
350
351 return 0;
352}
353
811ba7a0
LP		 354static const char *socket_find_symlink_target(Socket *s) {
355 const char *found = NULL;
356 SocketPort *p;
357
358 LIST_FOREACH(port, p, s->ports) {
359 const char *f = NULL;
360
361 switch (p->type) {
362
363 case SOCKET_FIFO:
364 f = p->path;
365 break;
366
367 case SOCKET_SOCKET:
368 if (p->address.sockaddr.un.sun_path[0] != 0)
369 f = p->address.sockaddr.un.sun_path;
370 break;
371
372 default:
373 break;
374 }
375
376 if (f) {
377 if (found)
378 return NULL;
379
380 found = f;
381 }
382 }
383
384 return found;
385}
386
e821075a
LP		 387static int socket_verify(Socket *s) {
388 assert(s);
389
390 if (UNIT(s)->load_state != UNIT_LOADED)
391 return 0;
392
393 if (!s->ports) {
394 log_error_unit(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
395 return -EINVAL;
396 }
397
398 if (s->accept && have_non_accept_socket(s)) {
399 log_error_unit(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
400 UNIT(s)->id);
401 return -EINVAL;
402 }
403
404 if (s->accept && s->max_connections <= 0) {
405 log_error_unit(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
406 return -EINVAL;
407 }
e06c73cc 408
e821075a
LP		 409 if (s->accept && UNIT_DEREF(s->service)) {
410 log_error_unit(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
411 return -EINVAL;
412 }
413
414 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
415 log_error_unit(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
416 return -EINVAL;
417 }
418
811ba7a0
LP		 419 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
420 log_error_unit(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
421 return -EINVAL;
422 }
423
e821075a
LP		 424 return 0;
425}
426
427static int socket_load(Unit *u) {
428 Socket *s = SOCKET(u);
429 int r;
430
431 assert(u);
432 assert(u->load_state == UNIT_STUB);
433
434 r = unit_load_fragment_and_dropin(u);
435 if (r < 0)
436 return r;
437
438 if (u->load_state == UNIT_LOADED) {
439 /* This is a new unit? Then let's add in some extras */
440 r = socket_add_extras(s);
e06c73cc
LP		 441 if (r < 0)
442 return r;
23a177ef
LP		 443 }
444
4f2d528d 445 return socket_verify(s);
44d8db9e
LP		 446}
447
44a6b1b6 448_const_ static const char* listen_lookup(int family, int type) {
7a22745a
LP		 449
450 if (family == AF_NETLINK)
451 return "ListenNetlink";
542563ba
LP		 452
453 if (type == SOCK_STREAM)
454 return "ListenStream";
455 else if (type == SOCK_DGRAM)
456 return "ListenDatagram";
457 else if (type == SOCK_SEQPACKET)
458 return "ListenSequentialPacket";
459
034c6ed7 460 assert_not_reached("Unknown socket type");
542563ba
LP		 461 return NULL;
462}
463
87f0e418 464static void socket_dump(Unit *u, FILE *f, const char *prefix) {
209e9dcd 465 char time_string[FORMAT_TIMESPAN_MAX];
5cb5a6ff 466 SocketExecCommand c;
87f0e418 467 Socket *s = SOCKET(u);
542563ba 468 SocketPort *p;
82ba9f08 469 const char *prefix2;
5cb5a6ff
LP		 470
471 assert(s);
fa068367 472 assert(f);
5cb5a6ff 473
4c940960 474 prefix = strempty(prefix);
e821075a 475 prefix2 = strappenda(prefix, "\t");
c43d20a0 476
5cb5a6ff
LP		 477 fprintf(f,
478 "%sSocket State: %s\n"
81a5c6d0 479 "%sResult: %s\n"
542563ba 480 "%sBindIPv6Only: %s\n"
b5a0699f
LP		 481 "%sBacklog: %u\n"
482 "%sSocketMode: %04o\n"
4fd5948e
LP		 483 "%sDirectoryMode: %04o\n"
484 "%sKeepAlive: %s\n"
4427c3f4 485 "%sNoDelay: %s\n"
cebf8b20 486 "%sFreeBind: %s\n"
6b6d2dee 487 "%sTransparent: %s\n"
ec6370a2 488 "%sBroadcast: %s\n"
ede3deb4 489 "%sPassCredentials: %s\n"
54ecda32 490 "%sPassSecurity: %s\n"
bd1fe7c7 491 "%sTCPCongestion: %s\n"
16115b0a
MS		 492 "%sRemoveOnStop: %s\n"
493 "%sSELinuxContextFromNet: %s\n",
a16e1123 494 prefix, socket_state_to_string(s->state),
81a5c6d0 495 prefix, socket_result_to_string(s->result),
c0120d99 496 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
b5a0699f
LP		 497 prefix, s->backlog,
498 prefix, s->socket_mode,
4fd5948e
LP		 499 prefix, s->directory_mode,
500 prefix, yes_no(s->keep_alive),
4427c3f4 501 prefix, yes_no(s->no_delay),
cebf8b20 502 prefix, yes_no(s->free_bind),
6b6d2dee 503 prefix, yes_no(s->transparent),
ec6370a2 504 prefix, yes_no(s->broadcast),
d68af586 505 prefix, yes_no(s->pass_cred),
54ecda32 506 prefix, yes_no(s->pass_sec),
bd1fe7c7 507 prefix, strna(s->tcp_congestion),
16115b0a
MS		 508 prefix, yes_no(s->remove_on_stop),
509 prefix, yes_no(s->selinux_context_from_net));
542563ba 510
70123e68
LP		 511 if (s->control_pid > 0)
512 fprintf(f,
de0671ee
ZJS		 513 "%sControl PID: "PID_FMT"\n",
514 prefix, s->control_pid);
70123e68 515
acbb0225
LP		 516 if (s->bind_to_device)
517 fprintf(f,
518 "%sBindToDevice: %s\n",
519 prefix, s->bind_to_device);
520
4f2d528d
LP		 521 if (s->accept)
522 fprintf(f,
6cf6bbc2
LP		 523 "%sAccepted: %u\n"
524 "%sNConnections: %u\n"
525 "%sMaxConnections: %u\n",
526 prefix, s->n_accepted,
527 prefix, s->n_connections,
528 prefix, s->max_connections);
4f2d528d 529
4fd5948e
LP		 530 if (s->priority >= 0)
531 fprintf(f,
532 "%sPriority: %i\n",
533 prefix, s->priority);
534
535 if (s->receive_buffer > 0)
536 fprintf(f,
537 "%sReceiveBuffer: %zu\n",
538 prefix, s->receive_buffer);
539
540 if (s->send_buffer > 0)
541 fprintf(f,
542 "%sSendBuffer: %zu\n",
543 prefix, s->send_buffer);
544
545 if (s->ip_tos >= 0)
546 fprintf(f,
547 "%sIPTOS: %i\n",
548 prefix, s->ip_tos);
549
550 if (s->ip_ttl >= 0)
551 fprintf(f,
552 "%sIPTTL: %i\n",
553 prefix, s->ip_ttl);
554
555 if (s->pipe_size > 0)
556 fprintf(f,
557 "%sPipeSize: %zu\n",
558 prefix, s->pipe_size);
559
560 if (s->mark >= 0)
561 fprintf(f,
562 "%sMark: %i\n",
563 prefix, s->mark);
564
916abb21
LP		 565 if (s->mq_maxmsg > 0)
566 fprintf(f,
567 "%sMessageQueueMaxMessages: %li\n",
568 prefix, s->mq_maxmsg);
569
570 if (s->mq_msgsize > 0)
571 fprintf(f,
572 "%sMessageQueueMessageSize: %li\n",
573 prefix, s->mq_msgsize);
574
718db961 575 if (s->reuse_port)
f7db7a69
SL		 576 fprintf(f,
577 "%sReusePort: %s\n",
718db961 578 prefix, yes_no(s->reuse_port));
f7db7a69 579
0eb59ccf
AK		 580 if (s->smack)
581 fprintf(f,
582 "%sSmackLabel: %s\n",
583 prefix, s->smack);
584
585 if (s->smack_ip_in)
586 fprintf(f,
587 "%sSmackLabelIPIn: %s\n",
588 prefix, s->smack_ip_in);
589
590 if (s->smack_ip_out)
591 fprintf(f,
592 "%sSmackLabelIPOut: %s\n",
593 prefix, s->smack_ip_out);
594
3900e5fd
LP		 595 if (!isempty(s->user) || !isempty(s->group))
596 fprintf(f,
597 "%sOwnerUser: %s\n"
598 "%sOwnerGroup: %s\n",
599 prefix, strna(s->user),
600 prefix, strna(s->group));
601
3cd761e4 602 if (s->keep_alive_time > 0)
209e9dcd 603 fprintf(f,
3cd761e4
LP		 604 "%sKeepAliveTimeSec: %s\n",
605 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
209e9dcd 606
3cd761e4 607 if (s->keep_alive_interval)
209e9dcd 608 fprintf(f,
3cd761e4
LP		 609 "%sKeepAliveIntervalSec: %s\n",
610 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
209e9dcd 611
3cd761e4 612 if (s->keep_alive_cnt)
209e9dcd
SS		 613 fprintf(f,
614 "%sKeepAliveProbes: %u\n",
615 prefix, s->keep_alive_cnt);
616
3cd761e4 617 if (s->defer_accept)
cc567c9b 618 fprintf(f,
3cd761e4
LP		 619 "%sDeferAcceptSec: %s\n",
620 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
cc567c9b 621
034c6ed7 622 LIST_FOREACH(port, p, s->ports) {
5cb5a6ff 623
542563ba
LP		 624 if (p->type == SOCKET_SOCKET) {
625 const char *t;
626 int r;
e364ad06 627 char *k = NULL;
542563ba
LP		 628
629 if ((r = socket_address_print(&p->address, &k)) < 0)
630 t = strerror(-r);
631 else
632 t = k;
633
7a22745a 634 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
542563ba 635 free(k);
b0a3f2bc
LP		 636 } else if (p->type == SOCKET_SPECIAL)
637 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
916abb21
LP		 638 else if (p->type == SOCKET_MQUEUE)
639 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
b0a3f2bc 640 else
542563ba
LP		 641 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
642 }
5cb5a6ff
LP		 643
644 exec_context_dump(&s->exec_context, f, prefix);
4819ff03 645 kill_context_dump(&s->kill_context, f, prefix);
5cb5a6ff 646
e537352b 647 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
c43d20a0
LP		 648 if (!s->exec_command[c])
649 continue;
5cb5a6ff 650
40d50879 651 fprintf(f, "%s-> %s:\n",
a16e1123 652 prefix, socket_exec_command_to_string(c));
c43d20a0
LP		 653
654 exec_command_dump_list(s->exec_command[c], f, prefix2);
5cb5a6ff
LP		 655 }
656}
657
4f2d528d
LP		 658static int instance_from_socket(int fd, unsigned nr, char **instance) {
659 socklen_t l;
660 char *r;
9d16d0c7 661 union sockaddr_union local, remote;
4f2d528d
LP		 662
663 assert(fd >= 0);
664 assert(instance);
665
666 l = sizeof(local);
667 if (getsockname(fd, &local.sa, &l) < 0)
668 return -errno;
669
670 l = sizeof(remote);
671 if (getpeername(fd, &remote.sa, &l) < 0)
672 return -errno;
673
674 switch (local.sa.sa_family) {
675
676 case AF_INET: {
677 uint32_t
678 a = ntohl(local.in.sin_addr.s_addr),
679 b = ntohl(remote.in.sin_addr.s_addr);
680
681 if (asprintf(&r,
77b088c2
LP		 682 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
683 nr,
4f2d528d
LP		 684 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
685 ntohs(local.in.sin_port),
686 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
687 ntohs(remote.in.sin_port)) < 0)
688 return -ENOMEM;
689
690 break;
691 }
692
693 case AF_INET6: {
c65a0b14 694 static const unsigned char ipv4_prefix[] = {
2b061f5a
LP		 695 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
696 };
697
698 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
699 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
700 const uint8_t
701 *a = local.in6.sin6_addr.s6_addr+12,
702 *b = remote.in6.sin6_addr.s6_addr+12;
703
704 if (asprintf(&r,
77b088c2
LP		 705 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
706 nr,
2b061f5a
LP		 707 a[0], a[1], a[2], a[3],
708 ntohs(local.in6.sin6_port),
709 b[0], b[1], b[2], b[3],
710 ntohs(remote.in6.sin6_port)) < 0)
711 return -ENOMEM;
712 } else {
713 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
714
715 if (asprintf(&r,
77b088c2
LP		 716 "%u-%s:%u-%s:%u",
717 nr,
2b061f5a
LP		 718 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
719 ntohs(local.in6.sin6_port),
720 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
721 ntohs(remote.in6.sin6_port)) < 0)
722 return -ENOMEM;
723 }
4f2d528d
LP		 724
725 break;
726 }
727
728 case AF_UNIX: {
729 struct ucred ucred;
eff05270 730 int k;
4f2d528d 731
eff05270 732 k = getpeercred(fd, &ucred);
d38f6e34
ZJS		 733 if (k >= 0) {
734 if (asprintf(&r,
735 "%u-"PID_FMT"-"UID_FMT,
736 nr, ucred.pid, ucred.uid) < 0)
737 return -ENOMEM;
738 } else if (k == -ENODATA) {
739 /* This handles the case where somebody is
740 * connecting from another pid/uid namespace
741 * (e.g. from outside of our container). */
742 if (asprintf(&r,
743 "%u-unknown",
744 nr) < 0)
745 return -ENOMEM;
746 } else
eff05270 747 return k;
2f20a8eb 748
2f20a8eb 749 break;
4f2d528d
LP		 750 }
751
752 default:
753 assert_not_reached("Unhandled socket type.");
754 }
755
756 *instance = r;
757 return 0;
758}
759
034c6ed7 760static void socket_close_fds(Socket *s) {
83c60c9f 761 SocketPort *p;
811ba7a0 762 char **i;
83c60c9f
LP		 763
764 assert(s);
765
034c6ed7 766 LIST_FOREACH(port, p, s->ports) {
718db961
LP		 767
768 p->event_source = sd_event_source_unref(p->event_source);
769
83c60c9f
LP		 770 if (p->fd < 0)
771 continue;
772
03e334a1 773 p->fd = safe_close(p->fd);
a16e1123 774
bd1fe7c7
LP		 775 /* One little note: we should normally not delete any
776 * sockets in the file system here! After all some
777 * other process we spawned might still have a
778 * reference of this fd and wants to continue to use
779 * it. Therefore we delete sockets in the file system
780 * before we create a new one, not after we stopped
781 * using one! */
782
783 if (s->remove_on_stop) {
784 switch (p->type) {
785
786 case SOCKET_FIFO:
787 unlink(p->path);
788 break;
789
790 case SOCKET_MQUEUE:
791 mq_unlink(p->path);
792 break;
793
794 case SOCKET_SOCKET:
795 socket_address_unlink(&p->address);
796 break;
797
798 default:
799 break;
800 }
801 }
83c60c9f 802 }
811ba7a0
LP		 803
804 if (s->remove_on_stop)
805 STRV_FOREACH(i, s->symlinks)
806 unlink(*i);
83c60c9f
LP		 807}
808
4fd5948e
LP		 809static void socket_apply_socket_options(Socket *s, int fd) {
810 assert(s);
811 assert(fd >= 0);
812
813 if (s->keep_alive) {
814 int b = s->keep_alive;
815 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
66870f90 816 log_warning_unit(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
4fd5948e
LP		 817 }
818
209e9dcd
SS		 819 if (s->keep_alive_time) {
820 int value = s->keep_alive_time / USEC_PER_SEC;
821 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
822 log_warning_unit(UNIT(s)->id, "TCP_KEEPIDLE failed: %m");
823 }
824
825 if (s->keep_alive_interval) {
826 int value = s->keep_alive_interval / USEC_PER_SEC;
827 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
828 log_warning_unit(UNIT(s)->id, "TCP_KEEPINTVL failed: %m");
829 }
830
831 if (s->keep_alive_cnt) {
832 int value = s->keep_alive_cnt;
833 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
834 log_warning_unit(UNIT(s)->id, "TCP_KEEPCNT failed: %m");
835 }
836
cc567c9b
SS		 837 if (s->defer_accept) {
838 int value = s->defer_accept / USEC_PER_SEC;
839 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
840 log_warning_unit(UNIT(s)->id, "TCP_DEFER_ACCEPT failed: %m");
841 }
842
4427c3f4
SS		 843 if (s->no_delay) {
844 int b = s->no_delay;
845 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
846 log_warning_unit(UNIT(s)->id, "TCP_NODELAY failed: %m");
847 }
848
ec6370a2
LP		 849 if (s->broadcast) {
850 int one = 1;
851 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
66870f90 852 log_warning_unit(UNIT(s)->id, "SO_BROADCAST failed: %m");
ec6370a2
LP		 853 }
854
d68af586
MS		 855 if (s->pass_cred) {
856 int one = 1;
857 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
66870f90 858 log_warning_unit(UNIT(s)->id, "SO_PASSCRED failed: %m");
d68af586
MS		 859 }
860
54ecda32
LP		 861 if (s->pass_sec) {
862 int one = 1;
863 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
66870f90 864 log_warning_unit(UNIT(s)->id, "SO_PASSSEC failed: %m");
54ecda32
LP		 865 }
866
4fd5948e
LP		 867 if (s->priority >= 0)
868 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
66870f90 869 log_warning_unit(UNIT(s)->id, "SO_PRIORITY failed: %m");
4fd5948e
LP		 870
871 if (s->receive_buffer > 0) {
872 int value = (int) s->receive_buffer;
7d9eaa84
LP		 873
874 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
875
b8cef44e 876 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 877 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
66870f90 878 log_warning_unit(UNIT(s)->id, "SO_RCVBUF failed: %m");
4fd5948e
LP		 879 }
880
881 if (s->send_buffer > 0) {
882 int value = (int) s->send_buffer;
b8cef44e 883 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
7d9eaa84 884 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
66870f90 885 log_warning_unit(UNIT(s)->id, "SO_SNDBUF failed: %m");
4fd5948e
LP		 886 }
887
888 if (s->mark >= 0)
889 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
66870f90 890 log_warning_unit(UNIT(s)->id, "SO_MARK failed: %m");
4fd5948e
LP		 891
892 if (s->ip_tos >= 0)
893 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
66870f90 894 log_warning_unit(UNIT(s)->id, "IP_TOS failed: %m");
4fd5948e 895
46925ac5
LP		 896 if (s->ip_ttl >= 0) {
897 int r, x;
898
899 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
5bfcc1c6
FF		 900
901 if (socket_ipv6_is_supported())
902 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
903 else {
904 x = -1;
905 errno = EAFNOSUPPORT;
906 }
46925ac5
LP		 907
908 if (r < 0 && x < 0)
66870f90
ZJS		 909 log_warning_unit(UNIT(s)->id,
910 "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
46925ac5 911 }
cebf8b20
TT		 912
913 if (s->tcp_congestion)
914 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
66870f90 915 log_warning_unit(UNIT(s)->id, "TCP_CONGESTION failed: %m");
0eb59ccf 916
718db961
LP		 917 if (s->reuse_port) {
918 int b = s->reuse_port;
f0511bd7 919 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
f7db7a69
SL		 920 log_warning_unit(UNIT(s)->id, "SO_REUSEPORT failed: %m");
921 }
922
9a4e038c 923 if (s->smack_ip_in)
cc56fafe
WC		 924 if (mac_smack_set_ip_in_fd(fd, s->smack_ip_in) < 0)
925 log_error_unit(UNIT(s)->id, "mac_smack_set_ip_in_fd: %m");
9a4e038c
KS		 926
927 if (s->smack_ip_out)
cc56fafe
WC		 928 if (mac_smack_set_ip_out_fd(fd, s->smack_ip_out) < 0)
929 log_error_unit(UNIT(s)->id, "mac_smack_set_ip_out_fd: %m");
4fd5948e
LP		 930}
931
b15bdda8 932static void socket_apply_fifo_options(Socket *s, int fd) {
4fd5948e
LP		 933 assert(s);
934 assert(fd >= 0);
935
936 if (s->pipe_size > 0)
937 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
66870f90
ZJS		 938 log_warning_unit(UNIT(s)->id,
939 "F_SETPIPE_SZ: %m");
0eb59ccf 940
9a4e038c 941 if (s->smack)
cc56fafe
WC		 942 if (mac_smack_set_fd(fd, s->smack) < 0)
943 log_error_unit(UNIT(s)->id, "mac_smack_set_fd: %m");
4fd5948e
LP		 944}
945
b15bdda8
LP		 946static int fifo_address_create(
947 const char *path,
948 mode_t directory_mode,
949 mode_t socket_mode,
b15bdda8
LP		 950 int *_fd) {
951
7a58bfa4 952 int fd = -1, r = 0;
b15bdda8
LP		 953 struct stat st;
954 mode_t old_mask;
955
956 assert(path);
957 assert(_fd);
958
d2e54fae 959 mkdir_parents_label(path, directory_mode);
b15bdda8 960
cc56fafe 961 r = mac_selinux_context_set(path, S_IFIFO);
e9a5ef7c 962 if (r < 0)
56cf987f 963 goto fail;
b15bdda8
LP		 964
965 /* Enforce the right access mode for the fifo */
966 old_mask = umask(~ socket_mode);
967
968 /* Include the original umask in our mask */
969 umask(~socket_mode | old_mask);
970
971 r = mkfifo(path, socket_mode);
972 umask(old_mask);
973
94bc2731 974 if (r < 0 && errno != EEXIST) {
b15bdda8
LP		 975 r = -errno;
976 goto fail;
977 }
978
e4f44e73 979 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
b15bdda8
LP		 980 r = -errno;
981 goto fail;
982 }
983
cc56fafe 984 mac_selinux_context_clear();
7a58bfa4 985
b15bdda8
LP		 986 if (fstat(fd, &st) < 0) {
987 r = -errno;
988 goto fail;
989 }
990
991 if (!S_ISFIFO(st.st_mode) ||
de0200fc 992 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
e4f44e73
DR		 993 st.st_uid != getuid() ||
994 st.st_gid != getgid()) {
b15bdda8
LP		 995
996 r = -EEXIST;
997 goto fail;
998 }
999
1000 *_fd = fd;
1001 return 0;
1002
1003fail:
cc56fafe 1004 mac_selinux_context_clear();
03e334a1 1005 safe_close(fd);
b15bdda8
LP		 1006
1007 return r;
1008}
1009
b0a3f2bc
LP		 1010static int special_address_create(
1011 const char *path,
1012 int *_fd) {
1013
1014 int fd = -1, r = 0;
1015 struct stat st;
1016
1017 assert(path);
1018 assert(_fd);
1019
811ba7a0
LP		 1020 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1021 if (fd < 0) {
b0a3f2bc
LP		 1022 r = -errno;
1023 goto fail;
1024 }
1025
1026 if (fstat(fd, &st) < 0) {
1027 r = -errno;
1028 goto fail;
1029 }
1030
1031 /* Check whether this is a /proc, /sys or /dev file or char device */
1032 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1033 r = -EEXIST;
1034 goto fail;
1035 }
1036
1037 *_fd = fd;
1038 return 0;
1039
1040fail:
03e334a1 1041 safe_close(fd);
b0a3f2bc
LP		 1042
1043 return r;
1044}
1045
916abb21
LP		 1046static int mq_address_create(
1047 const char *path,
1048 mode_t mq_mode,
1049 long maxmsg,
1050 long msgsize,
1051 int *_fd) {
1052
1053 int fd = -1, r = 0;
1054 struct stat st;
1055 mode_t old_mask;
1056 struct mq_attr _attr, *attr = NULL;
1057
1058 assert(path);
1059 assert(_fd);
1060
1061 if (maxmsg > 0 && msgsize > 0) {
1062 zero(_attr);
1063 _attr.mq_flags = O_NONBLOCK;
1064 _attr.mq_maxmsg = maxmsg;
1065 _attr.mq_msgsize = msgsize;
1066 attr = &_attr;
1067 }
1068
1069 /* Enforce the right access mode for the mq */
1070 old_mask = umask(~ mq_mode);
1071
1072 /* Include the original umask in our mask */
1073 umask(~mq_mode | old_mask);
916abb21
LP		 1074 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1075 umask(old_mask);
1076
8ea913b2 1077 if (fd < 0) {
916abb21
LP		 1078 r = -errno;
1079 goto fail;
1080 }
1081
1082 if (fstat(fd, &st) < 0) {
1083 r = -errno;
1084 goto fail;
1085 }
1086
1087 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1088 st.st_uid != getuid() ||
1089 st.st_gid != getgid()) {
1090
1091 r = -EEXIST;
1092 goto fail;
1093 }
1094
1095 *_fd = fd;
1096 return 0;
1097
1098fail:
03e334a1 1099 safe_close(fd);
916abb21
LP		 1100 return r;
1101}
1102
811ba7a0
LP		 1103static int socket_symlink(Socket *s) {
1104 const char *p;
1105 char **i;
1106
1107 assert(s);
1108
1109 p = socket_find_symlink_target(s);
1110 if (!p)
1111 return 0;
1112
1113 STRV_FOREACH(i, s->symlinks)
1114 symlink(p, *i);
1115
1116 return 0;
1117}
1118
034c6ed7 1119static int socket_open_fds(Socket *s) {
83c60c9f
LP		 1120 SocketPort *p;
1121 int r;
56cf987f 1122 char *label = NULL;
049f8642 1123 bool know_label = false;
83c60c9f
LP		 1124
1125 assert(s);
1126
034c6ed7 1127 LIST_FOREACH(port, p, s->ports) {
83c60c9f 1128
034c6ed7
LP		 1129 if (p->fd >= 0)
1130 continue;
83c60c9f
LP		 1131
1132 if (p->type == SOCKET_SOCKET) {
16115b0a 1133 if (!know_label && s->selinux_context_from_net) {
cc56fafe 1134 r = mac_selinux_get_our_label(&label);
16115b0a
MS		 1135 if (r < 0)
1136 return r;
1137 know_label = true;
1138 } else if (!know_label) {
049f8642 1139
bd1fe7c7
LP		 1140 r = socket_instantiate_service(s);
1141 if (r < 0)
049f8642
LP		 1142 return r;
1143
9444b1f2 1144 if (UNIT_ISSET(s->service) &&
57020a3a 1145 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
cc56fafe 1146 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
bd1fe7c7
LP		 1147 if (r < 0 && r != -EPERM)
1148 return r;
189583d7 1149 }
049f8642
LP		 1150
1151 know_label = true;
1152 }
1153
175a3d25
LP		 1154 r = socket_address_listen(
1155 &p->address,
1156 SOCK_CLOEXEC|SOCK_NONBLOCK,
1157 s->backlog,
1158 s->bind_ipv6_only,
1159 s->bind_to_device,
1160 s->free_bind,
1161 s->transparent,
1162 s->directory_mode,
1163 s->socket_mode,
1164 label);
1165 if (r < 0)
83c60c9f
LP		 1166 goto rollback;
1167
175a3d25 1168 p->fd = r;
4fd5948e 1169 socket_apply_socket_options(s, p->fd);
811ba7a0 1170 socket_symlink(s);
4fd5948e 1171
b0a3f2bc
LP		 1172 } else if (p->type == SOCKET_SPECIAL) {
1173
175a3d25
LP		 1174 r = special_address_create(
1175 p->path,
1176 &p->fd);
1177 if (r < 0)
b0a3f2bc
LP		 1178 goto rollback;
1179
b15bdda8 1180 } else if (p->type == SOCKET_FIFO) {
83c60c9f 1181
175a3d25
LP		 1182 r = fifo_address_create(
1183 p->path,
1184 s->directory_mode,
1185 s->socket_mode,
1186 &p->fd);
1187 if (r < 0)
83c60c9f 1188 goto rollback;
83c60c9f 1189
b15bdda8 1190 socket_apply_fifo_options(s, p->fd);
811ba7a0
LP		 1191 socket_symlink(s);
1192
916abb21 1193 } else if (p->type == SOCKET_MQUEUE) {
83c60c9f 1194
175a3d25
LP		 1195 r = mq_address_create(
1196 p->path,
1197 s->socket_mode,
1198 s->mq_maxmsg,
1199 s->mq_msgsize,
1200 &p->fd);
1201 if (r < 0)
916abb21 1202 goto rollback;
b15bdda8
LP		 1203 } else
1204 assert_not_reached("Unknown port type");
034c6ed7
LP		 1205 }
1206
cc56fafe 1207 mac_selinux_free(label);
034c6ed7
LP		 1208 return 0;
1209
1210rollback:
1211 socket_close_fds(s);
cc56fafe 1212 mac_selinux_free(label);
034c6ed7
LP		 1213 return r;
1214}
1215
1216static void socket_unwatch_fds(Socket *s) {
1217 SocketPort *p;
718db961 1218 int r;
9152c765 1219
034c6ed7
LP		 1220 assert(s);
1221
1222 LIST_FOREACH(port, p, s->ports) {
1223 if (p->fd < 0)
1224 continue;
1225
a4152e3f
LP		 1226 if (!p->event_source)
1227 continue;
1228
1229 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1230 if (r < 0)
1231 log_debug_unit(UNIT(s)->id, "Failed to disable event source.");
83c60c9f 1232 }
034c6ed7
LP		 1233}
1234
1235static int socket_watch_fds(Socket *s) {
1236 SocketPort *p;
1237 int r;
1238
1239 assert(s);
83c60c9f 1240
034c6ed7
LP		 1241 LIST_FOREACH(port, p, s->ports) {
1242 if (p->fd < 0)
1243 continue;
1244
718db961
LP		 1245 if (p->event_source)
1246 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1247 else
151b9b96 1248 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
4f2d528d 1249
718db961
LP		 1250 if (r < 0) {
1251 log_warning_unit(UNIT(s)->id, "Failed to watch listening fds: %s", strerror(-r));
034c6ed7 1252 goto fail;
718db961 1253 }
034c6ed7 1254 }
83c60c9f 1255
542563ba 1256 return 0;
83c60c9f 1257
034c6ed7
LP		 1258fail:
1259 socket_unwatch_fds(s);
1260 return r;
1261}
1262
1263static void socket_set_state(Socket *s, SocketState state) {
1264 SocketState old_state;
1265 assert(s);
1266
1267 old_state = s->state;
1268 s->state = state;
1269
bd1fe7c7
LP		 1270 if (!IN_SET(state,
1271 SOCKET_START_PRE,
3900e5fd 1272 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1273 SOCKET_START_POST,
1274 SOCKET_STOP_PRE,
1275 SOCKET_STOP_PRE_SIGTERM,
1276 SOCKET_STOP_PRE_SIGKILL,
1277 SOCKET_STOP_POST,
1278 SOCKET_FINAL_SIGTERM,
1279 SOCKET_FINAL_SIGKILL)) {
718db961
LP		 1280
1281 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
5e94833f 1282 socket_unwatch_control_pid(s);
034c6ed7 1283 s->control_command = NULL;
a16e1123 1284 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
e537352b 1285 }
034c6ed7 1286
a16e1123
LP		 1287 if (state != SOCKET_LISTENING)
1288 socket_unwatch_fds(s);
1289
bd1fe7c7 1290 if (!IN_SET(state,
3900e5fd 1291 SOCKET_START_CHOWN,
bd1fe7c7
LP		 1292 SOCKET_START_POST,
1293 SOCKET_LISTENING,
1294 SOCKET_RUNNING,
1295 SOCKET_STOP_PRE,
1296 SOCKET_STOP_PRE_SIGTERM,
1297 SOCKET_STOP_PRE_SIGKILL))
034c6ed7
LP		 1298 socket_close_fds(s);
1299
e537352b 1300 if (state != old_state)
e821075a
LP		 1301 log_debug_unit(UNIT(s)->id, "%s changed %s -> %s",
1302 UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
acbb0225 1303
e2f3b44c 1304 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
034c6ed7
LP		 1305}
1306
a16e1123
LP		 1307static int socket_coldplug(Unit *u) {
1308 Socket *s = SOCKET(u);
1309 int r;
1310
1311 assert(s);
1312 assert(s->state == SOCKET_DEAD);
1313
e821075a
LP		 1314 if (s->deserialized_state == s->state)
1315 return 0;
a16e1123 1316
3900e5fd
LP		 1317 if (IN_SET(s->deserialized_state,
1318 SOCKET_START_PRE,
1319 SOCKET_START_CHOWN,
1320 SOCKET_START_POST,
1321 SOCKET_STOP_PRE,
1322 SOCKET_STOP_PRE_SIGTERM,
1323 SOCKET_STOP_PRE_SIGKILL,
1324 SOCKET_STOP_POST,
1325 SOCKET_FINAL_SIGTERM,
1326 SOCKET_FINAL_SIGKILL)) {
a16e1123 1327
e821075a
LP		 1328 if (s->control_pid <= 0)
1329 return -EBADMSG;
a16e1123 1330
e821075a
LP		 1331 r = unit_watch_pid(UNIT(s), s->control_pid);
1332 if (r < 0)
1333 return r;
a16e1123 1334
e821075a
LP		 1335 r = socket_arm_timer(s);
1336 if (r < 0)
1337 return r;
1338 }
a16e1123 1339
3900e5fd
LP		 1340 if (IN_SET(s->deserialized_state,
1341 SOCKET_START_CHOWN,
1342 SOCKET_START_POST,
1343 SOCKET_LISTENING,
1344 SOCKET_RUNNING,
1345 SOCKET_STOP_PRE,
1346 SOCKET_STOP_PRE_SIGTERM,
1347 SOCKET_STOP_PRE_SIGKILL)) {
e821075a
LP		 1348 r = socket_open_fds(s);
1349 if (r < 0)
1350 return r;
1351 }
a16e1123 1352
e821075a
LP		 1353 if (s->deserialized_state == SOCKET_LISTENING) {
1354 r = socket_watch_fds(s);
1355 if (r < 0)
1356 return r;
a16e1123
LP		 1357 }
1358
e821075a 1359 socket_set_state(s, s->deserialized_state);
a16e1123
LP		 1360 return 0;
1361}
1362
e537352b 1363static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
3900e5fd 1364 _cleanup_free_ char **argv = NULL;
034c6ed7
LP		 1365 pid_t pid;
1366 int r;
9fa95f85
DM		 1367 ExecParameters exec_params = {
1368 .apply_permissions = true,
1369 .apply_chroot = true,
1370 .apply_tty_stdin = true,
1371 };
034c6ed7
LP		 1372
1373 assert(s);
1374 assert(c);
1375 assert(_pid);
1376
4ad49000
LP		 1377 unit_realize_cgroup(UNIT(s));
1378
613b411c
LP		 1379 r = unit_setup_exec_runtime(UNIT(s));
1380 if (r < 0)
1381 goto fail;
1382
718db961 1383 r = socket_arm_timer(s);
36697dc0 1384 if (r < 0)
e537352b 1385 goto fail;
034c6ed7 1386
19f6d710
LP		 1387 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1388 if (r < 0)
9e2f7c11 1389 goto fail;
9e2f7c11 1390
9fa95f85
DM		 1391 exec_params.argv = argv;
1392 exec_params.environment = UNIT(s)->manager->environment;
1393 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1394 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1395 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1396 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1397 exec_params.unit_id = UNIT(s)->id;
1398
9e2f7c11 1399 r = exec_spawn(c,
9e2f7c11 1400 &s->exec_context,
9fa95f85 1401 &exec_params,
613b411c 1402 s->exec_runtime,
9e2f7c11 1403 &pid);
cee288ad
TA		 1404 if (r < 0)
1405 goto fail;
9e2f7c11 1406
3900e5fd 1407 r = unit_watch_pid(UNIT(s), pid);
9e2f7c11 1408 if (r < 0)
3900e5fd 1409 /* FIXME: we need to do something here */
034c6ed7
LP		 1410 goto fail;
1411
3900e5fd
LP		 1412 *_pid = pid;
1413 return 0;
1414
1415fail:
1416 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1417 return r;
1418}
1419
1420static int socket_chown(Socket *s, pid_t *_pid) {
1421 pid_t pid;
1422 int r;
1423
1424 r = socket_arm_timer(s);
1425 if (r < 0)
1426 goto fail;
1427
1428 /* We have to resolve the user names out-of-process, hence
1429 * let's fork here. It's messy, but well, what can we do? */
1430
1431 pid = fork();
1432 if (pid < 0)
1433 return -errno;
1434
1435 if (pid == 0) {
1436 SocketPort *p;
1437 uid_t uid = (uid_t) -1;
1438 gid_t gid = (gid_t) -1;
1439 int ret;
1440
1441 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1442 ignore_signals(SIGPIPE, -1);
1443 log_forget_fds();
1444
1445 if (!isempty(s->user)) {
1446 const char *user = s->user;
1447
1448 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1449 if (r < 0) {
1450 ret = EXIT_USER;
1451 goto fail_child;
1452 }
1453 }
1454
1455 if (!isempty(s->group)) {
1456 const char *group = s->group;
1457
1458 r = get_group_creds(&group, &gid);
1459 if (r < 0) {
1460 ret = EXIT_GROUP;
1461 goto fail_child;
1462 }
1463 }
1464
1465 LIST_FOREACH(port, p, s->ports) {
e5a1c18d 1466 const char *path = NULL;
3900e5fd
LP		 1467
1468 if (p->type == SOCKET_SOCKET)
1469 path = socket_address_get_path(&p->address);
1470 else if (p->type == SOCKET_FIFO)
1471 path = p->path;
1472
1473 if (!path)
1474 continue;
1475
1476 if (chown(path, uid, gid) < 0) {
1477 r = -errno;
1478 ret = EXIT_CHOWN;
1479 goto fail_child;
1480 }
1481 }
1482
1483 _exit(0);
1484
1485 fail_child:
1486 log_open();
1487 log_error("Failed to chown socket at step %s: %s", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD), strerror(-r));
1488
1489 _exit(ret);
1490 }
1491
718db961
LP		 1492 r = unit_watch_pid(UNIT(s), pid);
1493 if (r < 0)
034c6ed7 1494 goto fail;
83c60c9f 1495
034c6ed7 1496 *_pid = pid;
034c6ed7
LP		 1497 return 0;
1498
1499fail:
718db961 1500 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
83c60c9f 1501 return r;
542563ba
LP		 1502}
1503
cfc4eb4c 1504static void socket_enter_dead(Socket *s, SocketResult f) {
034c6ed7
LP		 1505 assert(s);
1506
cfc4eb4c
LP		 1507 if (f != SOCKET_SUCCESS)
1508 s->result = f;
034c6ed7 1509
613b411c
LP		 1510 exec_runtime_destroy(s->exec_runtime);
1511 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1512
e66cf1a3
LP		 1513 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1514
cfc4eb4c 1515 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
034c6ed7
LP		 1516}
1517
cfc4eb4c 1518static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
80876c20 1519
cfc4eb4c 1520static void socket_enter_stop_post(Socket *s, SocketResult f) {
034c6ed7
LP		 1521 int r;
1522 assert(s);
1523
cfc4eb4c
LP		 1524 if (f != SOCKET_SUCCESS)
1525 s->result = f;
034c6ed7 1526
5e94833f 1527 socket_unwatch_control_pid(s);
a16e1123 1528 s->control_command_id = SOCKET_EXEC_STOP_POST;
3900e5fd 1529 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
a16e1123 1530
3900e5fd
LP		 1531 if (s->control_command) {
1532 r = socket_spawn(s, s->control_command, &s->control_pid);
1533 if (r < 0)
034c6ed7
LP		 1534 goto fail;
1535
80876c20
LP		 1536 socket_set_state(s, SOCKET_STOP_POST);
1537 } else
cfc4eb4c 1538 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
034c6ed7
LP		 1539
1540 return;
1541
1542fail:
66870f90
ZJS		 1543 log_warning_unit(UNIT(s)->id,
1544 "%s failed to run 'stop-post' task: %s",
1545 UNIT(s)->id, strerror(-r));
cfc4eb4c 1546 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1547}
1548
cfc4eb4c 1549static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
034c6ed7
LP		 1550 int r;
1551
1552 assert(s);
1553
cfc4eb4c
LP		 1554 if (f != SOCKET_SUCCESS)
1555 s->result = f;
034c6ed7 1556
cd2086fe
LP		 1557 r = unit_kill_context(
1558 UNIT(s),
1559 &s->kill_context,
1560 state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM,
1561 -1,
1562 s->control_pid,
1563 false);
1564 if (r < 0)
1565 goto fail;
034c6ed7 1566
cd2086fe 1567 if (r > 0) {
718db961 1568 r = socket_arm_timer(s);
36697dc0 1569 if (r < 0)
80876c20 1570 goto fail;
d6ea93e3 1571
80876c20 1572 socket_set_state(s, state);
ac84d1fb
LP		 1573 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1574 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1575 else if (state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1576 socket_enter_stop_post(s, SOCKET_SUCCESS);
ac84d1fb
LP		 1577 else if (state == SOCKET_FINAL_SIGTERM)
1578 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
80876c20 1579 else
cfc4eb4c 1580 socket_enter_dead(s, SOCKET_SUCCESS);
034c6ed7
LP		 1581
1582 return;
1583
1584fail:
e821075a 1585 log_warning_unit(UNIT(s)->id, "%s failed to kill processes: %s", UNIT(s)->id, strerror(-r));
034c6ed7
LP		 1586
1587 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
cfc4eb4c 1588 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1589 else
cfc4eb4c 1590 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1591}
1592
cfc4eb4c 1593static void socket_enter_stop_pre(Socket *s, SocketResult f) {
034c6ed7
LP		 1594 int r;
1595 assert(s);
1596
cfc4eb4c
LP		 1597 if (f != SOCKET_SUCCESS)
1598 s->result = f;
034c6ed7 1599
5e94833f 1600 socket_unwatch_control_pid(s);
a16e1123 1601 s->control_command_id = SOCKET_EXEC_STOP_PRE;
3900e5fd 1602 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
a16e1123 1603
3900e5fd
LP		 1604 if (s->control_command) {
1605 r = socket_spawn(s, s->control_command, &s->control_pid);
1606 if (r < 0)
034c6ed7
LP		 1607 goto fail;
1608
80876c20
LP		 1609 socket_set_state(s, SOCKET_STOP_PRE);
1610 } else
cfc4eb4c 1611 socket_enter_stop_post(s, SOCKET_SUCCESS);
034c6ed7
LP		 1612
1613 return;
1614
1615fail:
e821075a 1616 log_warning_unit(UNIT(s)->id, "%s failed to run 'stop-pre' task: %s", UNIT(s)->id, strerror(-r));
cfc4eb4c 1617 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1618}
1619
e9af15c3
LP		 1620static void socket_enter_listening(Socket *s) {
1621 int r;
1622 assert(s);
1623
cfc4eb4c
LP		 1624 r = socket_watch_fds(s);
1625 if (r < 0) {
e821075a 1626 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
e9af15c3
LP		 1627 goto fail;
1628 }
1629
1630 socket_set_state(s, SOCKET_LISTENING);
1631 return;
1632
1633fail:
cfc4eb4c 1634 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
e9af15c3
LP		 1635}
1636
034c6ed7
LP		 1637static void socket_enter_start_post(Socket *s) {
1638 int r;
1639 assert(s);
1640
3900e5fd
LP		 1641 socket_unwatch_control_pid(s);
1642 s->control_command_id = SOCKET_EXEC_START_POST;
1643 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1644
1645 if (s->control_command) {
1646 r = socket_spawn(s, s->control_command, &s->control_pid);
1647 if (r < 0) {
1648 log_warning_unit(UNIT(s)->id, "%s failed to run 'start-post' task: %s", UNIT(s)->id, strerror(-r));
1649 goto fail;
1650 }
1651
1652 socket_set_state(s, SOCKET_START_POST);
1653 } else
1654 socket_enter_listening(s);
1655
1656 return;
1657
1658fail:
1659 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1660}
1661
1662static void socket_enter_start_chown(Socket *s) {
1663 int r;
1664
1665 assert(s);
1666
cfc4eb4c
LP		 1667 r = socket_open_fds(s);
1668 if (r < 0) {
e821075a 1669 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
034c6ed7
LP		 1670 goto fail;
1671 }
1672
3900e5fd 1673 if (!isempty(s->user) || !isempty(s->group)) {
5e94833f 1674
3900e5fd
LP		 1675 socket_unwatch_control_pid(s);
1676 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1677 s->control_command = NULL;
a16e1123 1678
3900e5fd 1679 r = socket_chown(s, &s->control_pid);
cfc4eb4c 1680 if (r < 0) {
3900e5fd 1681 log_warning_unit(UNIT(s)->id, "%s failed to fork 'start-chown' task: %s", UNIT(s)->id, strerror(-r));
034c6ed7
LP		 1682 goto fail;
1683 }
1684
3900e5fd 1685 socket_set_state(s, SOCKET_START_CHOWN);
80876c20 1686 } else
3900e5fd 1687 socket_enter_start_post(s);
034c6ed7
LP		 1688
1689 return;
1690
1691fail:
cfc4eb4c 1692 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1693}
1694
1695static void socket_enter_start_pre(Socket *s) {
1696 int r;
1697 assert(s);
1698
5e94833f 1699 socket_unwatch_control_pid(s);
a16e1123 1700 s->control_command_id = SOCKET_EXEC_START_PRE;
3900e5fd 1701 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
a16e1123 1702
3900e5fd 1703 if (s->control_command) {
e821075a 1704 r = socket_spawn(s, s->control_command, &s->control_pid);
3900e5fd
LP		 1705 if (r < 0) {
1706 log_warning_unit(UNIT(s)->id, "%s failed to run 'start-pre' task: %s", UNIT(s)->id, strerror(-r));
034c6ed7 1707 goto fail;
3900e5fd 1708 }
034c6ed7 1709
80876c20
LP		 1710 socket_set_state(s, SOCKET_START_PRE);
1711 } else
3900e5fd 1712 socket_enter_start_chown(s);
034c6ed7
LP		 1713
1714 return;
1715
1716fail:
cfc4eb4c 1717 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1718}
1719
4f2d528d 1720static void socket_enter_running(Socket *s, int cfd) {
718db961 1721 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
034c6ed7
LP		 1722 int r;
1723
1724 assert(s);
1725
ba3e67a7
LP		 1726 /* We don't take connections anymore if we are supposed to
1727 * shut down anyway */
31afa0a4 1728 if (unit_stop_pending(UNIT(s))) {
e821075a
LP		 1729
1730 log_debug_unit(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
5d909e3e 1731
7c610628 1732 if (cfd >= 0)
03e334a1 1733 safe_close(cfd);
7c610628
LP		 1734 else {
1735 /* Flush all sockets by closing and reopening them */
1736 socket_close_fds(s);
1737
16ac4014
LP		 1738 r = socket_open_fds(s);
1739 if (r < 0) {
1740 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1741 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1742 return;
1743 }
1744
1a710b43
MS		 1745 r = socket_watch_fds(s);
1746 if (r < 0) {
e821075a 1747 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
cfc4eb4c 1748 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
7c610628
LP		 1749 }
1750 }
1751
ba3e67a7
LP		 1752 return;
1753 }
1754
4f2d528d 1755 if (cfd < 0) {
57020a3a 1756 Iterator i;
e821075a 1757 Unit *other;
f976f3f6 1758 bool pending = false;
f976f3f6
LP		 1759
1760 /* If there's already a start pending don't bother to
1761 * do anything */
e821075a
LP		 1762 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1763 if (unit_active_or_pending(other)) {
57020a3a
LP		 1764 pending = true;
1765 break;
1766 }
f976f3f6 1767
1a710b43 1768 if (!pending) {
640ace4a
LP		 1769 if (!UNIT_ISSET(s->service)) {
1770 log_error_unit(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
1771 r = -ENOENT;
1772 goto fail;
1773 }
1774
1a710b43
MS		 1775 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1776 if (r < 0)
f976f3f6 1777 goto fail;
1a710b43 1778 }
4f2d528d
LP		 1779
1780 socket_set_state(s, SOCKET_RUNNING);
1781 } else {
e55001eb 1782 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
b15bdda8 1783 Service *service;
4f2d528d 1784
6cf6bbc2 1785 if (s->n_connections >= s->max_connections) {
e821075a 1786 log_warning_unit(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
03e334a1 1787 safe_close(cfd);
6cf6bbc2
LP		 1788 return;
1789 }
1790
1a710b43
MS		 1791 r = socket_instantiate_service(s);
1792 if (r < 0)
b15bdda8
LP		 1793 goto fail;
1794
1a710b43
MS		 1795 r = instance_from_socket(cfd, s->n_accepted, &instance);
1796 if (r < 0) {
1797 if (r != -ENOTCONN)
1798 goto fail;
1799
1800 /* ENOTCONN is legitimate if TCP RST was received.
1801 * This connection is over, but the socket unit lives on. */
03e334a1 1802 safe_close(cfd);
1a710b43
MS		 1803 return;
1804 }
4f2d528d 1805
1a710b43
MS		 1806 prefix = unit_name_to_prefix(UNIT(s)->id);
1807 if (!prefix) {
4f2d528d
LP		 1808 r = -ENOMEM;
1809 goto fail;
1810 }
1811
1812 name = unit_name_build(prefix, instance, ".service");
b6dbbe1c 1813 if (!name) {
4f2d528d 1814 r = -ENOMEM;
b6dbbe1c
LP		 1815 goto fail;
1816 }
4f2d528d 1817
1a710b43 1818 r = unit_add_name(UNIT_DEREF(s->service), name);
e55001eb 1819 if (r < 0)
4f2d528d 1820 goto fail;
b15bdda8 1821
57020a3a
LP		 1822 service = SERVICE(UNIT_DEREF(s->service));
1823 unit_ref_unset(&s->service);
b15bdda8 1824 s->n_accepted ++;
4f2d528d 1825
1124fe6f 1826 UNIT(service)->no_gc = false;
6c073082 1827
b15bdda8 1828 unit_choose_id(UNIT(service), name);
b15bdda8 1829
16115b0a 1830 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1a710b43 1831 if (r < 0)
4f2d528d
LP		 1832 goto fail;
1833
1834 cfd = -1;
6cf6bbc2
LP		 1835 s->n_connections ++;
1836
1a710b43
MS		 1837 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1838 if (r < 0)
4f2d528d 1839 goto fail;
c4e2ceae
LP		 1840
1841 /* Notify clients about changed counters */
1842 unit_add_to_dbus_queue(UNIT(s));
4f2d528d 1843 }
034c6ed7 1844
034c6ed7
LP		 1845 return;
1846
1847fail:
e821075a
LP		 1848 log_warning_unit(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1849 UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
718db961 1850 bus_error_message(&error, r));
e821075a 1851
60089004 1852 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
03e334a1 1853 safe_close(cfd);
034c6ed7
LP		 1854}
1855
cfc4eb4c 1856static void socket_run_next(Socket *s) {
034c6ed7
LP		 1857 int r;
1858
1859 assert(s);
1860 assert(s->control_command);
1861 assert(s->control_command->command_next);
1862
5e94833f
LP		 1863 socket_unwatch_control_pid(s);
1864
034c6ed7
LP		 1865 s->control_command = s->control_command->command_next;
1866
e821075a
LP		 1867 r = socket_spawn(s, s->control_command, &s->control_pid);
1868 if (r < 0)
034c6ed7
LP		 1869 goto fail;
1870
1871 return;
1872
1873fail:
e821075a 1874 log_warning_unit(UNIT(s)->id, "%s failed to run next task: %s", UNIT(s)->id, strerror(-r));
80876c20
LP		 1875
1876 if (s->state == SOCKET_START_POST)
cfc4eb4c 1877 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1878 else if (s->state == SOCKET_STOP_POST)
cfc4eb4c 1879 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
034c6ed7 1880 else
cfc4eb4c 1881 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
034c6ed7
LP		 1882}
1883
87f0e418
LP		 1884static int socket_start(Unit *u) {
1885 Socket *s = SOCKET(u);
83c60c9f
LP		 1886
1887 assert(s);
1888
034c6ed7
LP		 1889 /* We cannot fulfill this request right now, try again later
1890 * please! */
3900e5fd
LP		 1891 if (IN_SET(s->state,
1892 SOCKET_STOP_PRE,
1893 SOCKET_STOP_PRE_SIGKILL,
1894 SOCKET_STOP_PRE_SIGTERM,
1895 SOCKET_STOP_POST,
1896 SOCKET_FINAL_SIGTERM,
1897 SOCKET_FINAL_SIGKILL))
034c6ed7
LP		 1898 return -EAGAIN;
1899
a4152e3f 1900 /* Already on it! */
3900e5fd
LP		 1901 if (IN_SET(s->state,
1902 SOCKET_START_PRE,
1903 SOCKET_START_CHOWN,
1904 SOCKET_START_POST))
034c6ed7 1905 return 0;
83c60c9f 1906
034c6ed7 1907 /* Cannot run this without the service being around */
9444b1f2 1908 if (UNIT_ISSET(s->service)) {
57020a3a
LP		 1909 Service *service;
1910
1911 service = SERVICE(UNIT_DEREF(s->service));
1912
1124fe6f 1913 if (UNIT(service)->load_state != UNIT_LOADED) {
e821075a 1914 log_error_unit(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
4f2d528d 1915 return -ENOENT;
4ac9236f 1916 }
4f2d528d 1917
35b8ca3a 1918 /* If the service is already active we cannot start the
4f2d528d 1919 * socket */
57020a3a
LP		 1920 if (service->state != SERVICE_DEAD &&
1921 service->state != SERVICE_FAILED &&
1922 service->state != SERVICE_AUTO_RESTART) {
e821075a 1923 log_error_unit(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
4f2d528d 1924 return -EBUSY;
4ac9236f 1925 }
4f2d528d 1926 }
e537352b 1927
fdf20a31 1928 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
83c60c9f 1929
cfc4eb4c 1930 s->result = SOCKET_SUCCESS;
034c6ed7 1931 socket_enter_start_pre(s);
e821075a 1932
034c6ed7
LP		 1933 return 0;
1934}
83c60c9f 1935
87f0e418
LP		 1936static int socket_stop(Unit *u) {
1937 Socket *s = SOCKET(u);
034c6ed7
LP		 1938
1939 assert(s);
1940
e537352b 1941 /* Already on it */
3900e5fd
LP		 1942 if (IN_SET(s->state,
1943 SOCKET_STOP_PRE,
1944 SOCKET_STOP_PRE_SIGTERM,
1945 SOCKET_STOP_PRE_SIGKILL,
1946 SOCKET_STOP_POST,
1947 SOCKET_FINAL_SIGTERM,
1948 SOCKET_FINAL_SIGKILL))
e537352b
LP		 1949 return 0;
1950
3f6c78dc
LP		 1951 /* If there's already something running we go directly into
1952 * kill mode. */
3900e5fd
LP		 1953 if (IN_SET(s->state,
1954 SOCKET_START_PRE,
1955 SOCKET_START_CHOWN,
1956 SOCKET_START_POST)) {
cfc4eb4c 1957 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
3f6c78dc
LP		 1958 return -EAGAIN;
1959 }
1960
034c6ed7 1961 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
83c60c9f 1962
cfc4eb4c 1963 socket_enter_stop_pre(s, SOCKET_SUCCESS);
542563ba
LP		 1964 return 0;
1965}
1966
a16e1123
LP		 1967static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1968 Socket *s = SOCKET(u);
1969 SocketPort *p;
1970 int r;
1971
1972 assert(u);
1973 assert(f);
1974 assert(fds);
1975
1976 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
cfc4eb4c 1977 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
a16e1123
LP		 1978 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
1979
1980 if (s->control_pid > 0)
de0671ee 1981 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
a16e1123
LP		 1982
1983 if (s->control_command_id >= 0)
1984 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
1985
1986 LIST_FOREACH(port, p, s->ports) {
1987 int copy;
1988
1989 if (p->fd < 0)
1990 continue;
1991
613b411c
LP		 1992 copy = fdset_put_dup(fds, p->fd);
1993 if (copy < 0)
a16e1123
LP		 1994 return copy;
1995
1996 if (p->type == SOCKET_SOCKET) {
613b411c 1997 _cleanup_free_ char *t = NULL;
a16e1123 1998
ee092817
LP		 1999 r = socket_address_print(&p->address, &t);
2000 if (r < 0)
a16e1123
LP		 2001 return r;
2002
7a22745a
LP		 2003 if (socket_address_family(&p->address) == AF_NETLINK)
2004 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2005 else
2006 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
613b411c 2007
b0a3f2bc
LP		 2008 } else if (p->type == SOCKET_SPECIAL)
2009 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
ee092817
LP		 2010 else if (p->type == SOCKET_MQUEUE)
2011 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
b0a3f2bc 2012 else {
a16e1123
LP		 2013 assert(p->type == SOCKET_FIFO);
2014 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2015 }
2016 }
2017
2018 return 0;
2019}
2020
2021static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2022 Socket *s = SOCKET(u);
a16e1123
LP		 2023
2024 assert(u);
2025 assert(key);
2026 assert(value);
a16e1123
LP		 2027
2028 if (streq(key, "state")) {
2029 SocketState state;
2030
ee092817
LP		 2031 state = socket_state_from_string(value);
2032 if (state < 0)
e821075a 2033 log_debug_unit(u->id, "Failed to parse state value %s", value);
a16e1123
LP		 2034 else
2035 s->deserialized_state = state;
cfc4eb4c
LP		 2036 } else if (streq(key, "result")) {
2037 SocketResult f;
a16e1123 2038
cfc4eb4c
LP		 2039 f = socket_result_from_string(value);
2040 if (f < 0)
e821075a 2041 log_debug_unit(u->id, "Failed to parse result value %s", value);
cfc4eb4c
LP		 2042 else if (f != SOCKET_SUCCESS)
2043 s->result = f;
a16e1123
LP		 2044
2045 } else if (streq(key, "n-accepted")) {
2046 unsigned k;
2047
e364ad06 2048 if (safe_atou(value, &k) < 0)
e821075a 2049 log_debug_unit(u->id, "Failed to parse n-accepted value %s", value);
a16e1123
LP		 2050 else
2051 s->n_accepted += k;
2052 } else if (streq(key, "control-pid")) {
5925dd3c 2053 pid_t pid;
a16e1123 2054
e364ad06 2055 if (parse_pid(value, &pid) < 0)
e821075a 2056 log_debug_unit(u->id, "Failed to parse control-pid value %s", value);
a16e1123 2057 else
5925dd3c 2058 s->control_pid = pid;
a16e1123
LP		 2059 } else if (streq(key, "control-command")) {
2060 SocketExecCommand id;
2061
66870f90
ZJS		 2062 id = socket_exec_command_from_string(value);
2063 if (id < 0)
e821075a 2064 log_debug_unit(u->id, "Failed to parse exec-command value %s", value);
a16e1123
LP		 2065 else {
2066 s->control_command_id = id;
2067 s->control_command = s->exec_command[id];
2068 }
2069 } else if (streq(key, "fifo")) {
2070 int fd, skip = 0;
2071 SocketPort *p;
2072
2073 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
e821075a 2074 log_debug_unit(u->id, "Failed to parse fifo value %s", value);
a16e1123
LP		 2075 else {
2076
2077 LIST_FOREACH(port, p, s->ports)
b0a3f2bc
LP		 2078 if (p->type == SOCKET_FIFO &&
2079 streq_ptr(p->path, value+skip))
2080 break;
2081
2082 if (p) {
03e334a1 2083 safe_close(p->fd);
b0a3f2bc
LP		 2084 p->fd = fdset_remove(fds, fd);
2085 }
2086 }
2087
2088 } else if (streq(key, "special")) {
2089 int fd, skip = 0;
2090 SocketPort *p;
2091
2092 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
e821075a 2093 log_debug_unit(u->id, "Failed to parse special value %s", value);
b0a3f2bc
LP		 2094 else {
2095
2096 LIST_FOREACH(port, p, s->ports)
2097 if (p->type == SOCKET_SPECIAL &&
2098 streq_ptr(p->path, value+skip))
a16e1123
LP		 2099 break;
2100
2101 if (p) {
03e334a1 2102 safe_close(p->fd);
a16e1123
LP		 2103 p->fd = fdset_remove(fds, fd);
2104 }
2105 }
2106
ee092817
LP		 2107 } else if (streq(key, "mqueue")) {
2108 int fd, skip = 0;
2109 SocketPort *p;
2110
2111 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
e821075a 2112 log_debug_unit(u->id, "Failed to parse mqueue value %s", value);
ee092817
LP		 2113 else {
2114
2115 LIST_FOREACH(port, p, s->ports)
2116 if (p->type == SOCKET_MQUEUE &&
2117 streq_ptr(p->path, value+skip))
2118 break;
2119
2120 if (p) {
03e334a1 2121 safe_close(p->fd);
ee092817
LP		 2122 p->fd = fdset_remove(fds, fd);
2123 }
2124 }
2125
a16e1123 2126 } else if (streq(key, "socket")) {
27ca8d7a 2127 int fd, type, skip = 0;
a16e1123
LP		 2128 SocketPort *p;
2129
27ca8d7a 2130 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
e821075a 2131 log_debug_unit(u->id, "Failed to parse socket value %s", value);
a16e1123
LP		 2132 else {
2133
2134 LIST_FOREACH(port, p, s->ports)
27ca8d7a 2135 if (socket_address_is(&p->address, value+skip, type))
a16e1123
LP		 2136 break;
2137
2138 if (p) {
03e334a1 2139 safe_close(p->fd);
a16e1123
LP		 2140 p->fd = fdset_remove(fds, fd);
2141 }
2142 }
2143
7a22745a
LP		 2144 } else if (streq(key, "netlink")) {
2145 int fd, skip = 0;
2146 SocketPort *p;
2147
2148 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
e821075a 2149 log_debug_unit(u->id, "Failed to parse socket value %s", value);
7a22745a
LP		 2150 else {
2151
2152 LIST_FOREACH(port, p, s->ports)
2153 if (socket_address_is_netlink(&p->address, value+skip))
2154 break;
2155
2156 if (p) {
03e334a1 2157 safe_close(p->fd);
7a22745a
LP		 2158 p->fd = fdset_remove(fds, fd);
2159 }
2160 }
a16e1123 2161 } else
e821075a 2162 log_debug_unit(UNIT(s)->id, "Unknown serialization key '%s'", key);
a16e1123
LP		 2163
2164 return 0;
2165}
2166
01e10de3
LP		 2167static int socket_distribute_fds(Unit *u, FDSet *fds) {
2168 Socket *s = SOCKET(u);
2169 SocketPort *p;
2170
2171 assert(u);
2172
2173 LIST_FOREACH(port, p, s->ports) {
2174 Iterator i;
2175 int fd;
2176
2177 if (p->type != SOCKET_SOCKET)
2178 continue;
2179
2180 if (p->fd >= 0)
2181 continue;
2182
2183 FDSET_FOREACH(fd, fds, i) {
2184 if (socket_address_matches_fd(&p->address, fd)) {
2185 p->fd = fdset_remove(fds, fd);
2186 s->deserialized_state = SOCKET_LISTENING;
2187 break;
2188 }
2189 }
2190 }
2191
2192 return 0;
2193}
2194
44a6b1b6 2195_pure_ static UnitActiveState socket_active_state(Unit *u) {
87f0e418 2196 assert(u);
5cb5a6ff 2197
acbb0225 2198 return state_translation_table[SOCKET(u)->state];
5cb5a6ff
LP		 2199}
2200
44a6b1b6 2201_pure_ static const char *socket_sub_state_to_string(Unit *u) {
10a94420
LP		 2202 assert(u);
2203
a16e1123 2204 return socket_state_to_string(SOCKET(u)->state);
10a94420
LP		 2205}
2206
67419600
OS		 2207const char* socket_port_type_to_string(SocketPort *p) {
2208
2209 assert(p);
2210
2211 switch (p->type) {
718db961
LP		 2212
2213 case SOCKET_SOCKET:
2214
2215 switch (p->address.type) {
2216
2217 case SOCK_STREAM:
2218 return "Stream";
2219
2220 case SOCK_DGRAM:
2221 return "Datagram";
2222
2223 case SOCK_SEQPACKET:
2224 return "SequentialPacket";
2225
2226 case SOCK_RAW:
2227 if (socket_address_family(&p->address) == AF_NETLINK)
2228 return "Netlink";
2229
2230 default:
2231 return NULL;
2232 }
2233
2234 case SOCKET_SPECIAL:
2235 return "Special";
2236
2237 case SOCKET_MQUEUE:
2238 return "MessageQueue";
2239
2240 case SOCKET_FIFO:
2241 return "FIFO";
2242
2243 default:
2244 return NULL;
67419600
OS		 2245 }
2246}
2247
44a6b1b6 2248_pure_ static bool socket_check_gc(Unit *u) {
6cf6bbc2
LP		 2249 Socket *s = SOCKET(u);
2250
2251 assert(u);
2252
2253 return s->n_connections > 0;
2254}
2255
718db961
LP		 2256static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2257 SocketPort *p = userdata;
4f2d528d 2258 int cfd = -1;
9152c765 2259
718db961 2260 assert(p);
8d567588 2261 assert(fd >= 0);
9152c765 2262
718db961
LP		 2263 if (p->socket->state != SOCKET_LISTENING)
2264 return 0;
871d7de4 2265
718db961 2266 log_debug_unit(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
9152c765 2267
718db961 2268 if (revents != EPOLLIN) {
641e01dc 2269
718db961 2270 if (revents & EPOLLHUP)
e821075a 2271 log_error_unit(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
718db961 2272 UNIT(p->socket)->id);
641e01dc 2273 else
e821075a 2274 log_error_unit(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
718db961 2275 UNIT(p->socket)->id, revents);
641e01dc 2276
8d567588 2277 goto fail;
4f2d528d
LP		 2278 }
2279
718db961
LP		 2280 if (p->socket->accept &&
2281 p->type == SOCKET_SOCKET &&
2282 socket_address_can_accept(&p->address)) {
2283
4f2d528d
LP		 2284 for (;;) {
2285
b14eda96
LP		 2286 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2287 if (cfd < 0) {
4f2d528d
LP		 2288
2289 if (errno == EINTR)
2290 continue;
2291
718db961 2292 log_error_unit(UNIT(p->socket)->id,
66870f90 2293 "Failed to accept socket: %m");
8d567588 2294 goto fail;
4f2d528d
LP		 2295 }
2296
2297 break;
2298 }
4fd5948e 2299
718db961 2300 socket_apply_socket_options(p->socket, cfd);
4f2d528d 2301 }
9152c765 2302
718db961
LP		 2303 socket_enter_running(p->socket, cfd);
2304 return 0;
8d567588
LP		 2305
2306fail:
718db961
LP		 2307 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2308 return 0;
9152c765
LP		 2309}
2310
87f0e418
LP		 2311static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2312 Socket *s = SOCKET(u);
cfc4eb4c 2313 SocketResult f;
5cb5a6ff
LP		 2314
2315 assert(s);
034c6ed7 2316 assert(pid >= 0);
5cb5a6ff 2317
8c47c732
LP		 2318 if (pid != s->control_pid)
2319 return;
542563ba 2320
034c6ed7
LP		 2321 s->control_pid = 0;
2322
96342de6 2323 if (is_clean_exit(code, status, NULL))
cfc4eb4c
LP		 2324 f = SOCKET_SUCCESS;
2325 else if (code == CLD_EXITED)
2326 f = SOCKET_FAILURE_EXIT_CODE;
2327 else if (code == CLD_KILLED)
2328 f = SOCKET_FAILURE_SIGNAL;
2329 else if (code == CLD_DUMPED)
2330 f = SOCKET_FAILURE_CORE_DUMP;
2331 else
a4152e3f 2332 assert_not_reached("Unknown sigchld code");
8c47c732 2333
b708e7ce 2334 if (s->control_command) {
6ea832a2 2335 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
a16e1123 2336
b708e7ce 2337 if (s->control_command->ignore)
cfc4eb4c 2338 f = SOCKET_SUCCESS;
b708e7ce
LP		 2339 }
2340
66870f90
ZJS		 2341 log_full_unit(f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
2342 u->id,
2343 "%s control process exited, code=%s status=%i",
2344 u->id, sigchld_code_to_string(code), status);
034c6ed7 2345
cfc4eb4c
LP		 2346 if (f != SOCKET_SUCCESS)
2347 s->result = f;
2348
2349 if (s->control_command &&
2350 s->control_command->command_next &&
2351 f == SOCKET_SUCCESS) {
2352
66870f90
ZJS		 2353 log_debug_unit(u->id,
2354 "%s running next command for state %s",
2355 u->id, socket_state_to_string(s->state));
cfc4eb4c 2356 socket_run_next(s);
acbb0225 2357 } else {
a16e1123
LP		 2358 s->control_command = NULL;
2359 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2360
034c6ed7
LP		 2361 /* No further commands for this step, so let's figure
2362 * out what to do next */
5cb5a6ff 2363
66870f90
ZJS		 2364 log_debug_unit(u->id,
2365 "%s got final SIGCHLD for state %s",
2366 u->id, socket_state_to_string(s->state));
acbb0225 2367
034c6ed7
LP		 2368 switch (s->state) {
2369
2370 case SOCKET_START_PRE:
cfc4eb4c 2371 if (f == SOCKET_SUCCESS)
3900e5fd 2372 socket_enter_start_chown(s);
034c6ed7 2373 else
cfc4eb4c 2374 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
034c6ed7
LP		 2375 break;
2376
3900e5fd
LP		 2377 case SOCKET_START_CHOWN:
2378 if (f == SOCKET_SUCCESS)
2379 socket_enter_start_post(s);
2380 else
2381 socket_enter_stop_pre(s, f);
2382 break;
2383
034c6ed7 2384 case SOCKET_START_POST:
cfc4eb4c 2385 if (f == SOCKET_SUCCESS)
e9af15c3 2386 socket_enter_listening(s);
034c6ed7 2387 else
cfc4eb4c 2388 socket_enter_stop_pre(s, f);
034c6ed7
LP		 2389 break;
2390
2391 case SOCKET_STOP_PRE:
2392 case SOCKET_STOP_PRE_SIGTERM:
2393 case SOCKET_STOP_PRE_SIGKILL:
cfc4eb4c 2394 socket_enter_stop_post(s, f);
034c6ed7
LP		 2395 break;
2396
2397 case SOCKET_STOP_POST:
80876c20
LP		 2398 case SOCKET_FINAL_SIGTERM:
2399 case SOCKET_FINAL_SIGKILL:
cfc4eb4c 2400 socket_enter_dead(s, f);
034c6ed7
LP		 2401 break;
2402
2403 default:
2404 assert_not_reached("Uh, control process died at wrong time.");
2405 }
2406 }
c4e2ceae
LP		 2407
2408 /* Notify clients about changed exit status */
2409 unit_add_to_dbus_queue(u);
034c6ed7 2410}
5cb5a6ff 2411
718db961
LP		 2412static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2413 Socket *s = SOCKET(userdata);
5cb5a6ff 2414
034c6ed7 2415 assert(s);
718db961 2416 assert(s->timer_event_source == source);
034c6ed7
LP		 2417
2418 switch (s->state) {
2419
2420 case SOCKET_START_PRE:
3900e5fd 2421 log_warning_unit(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
cfc4eb4c 2422 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
da19d5c1 2423 break;
80876c20 2424
3900e5fd 2425 case SOCKET_START_CHOWN:
034c6ed7 2426 case SOCKET_START_POST:
3900e5fd 2427 log_warning_unit(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
cfc4eb4c 2428 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2429 break;
2430
2431 case SOCKET_STOP_PRE:
3900e5fd 2432 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
cfc4eb4c 2433 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2434 break;
2435
2436 case SOCKET_STOP_PRE_SIGTERM:
4819ff03 2437 if (s->kill_context.send_sigkill) {
3900e5fd 2438 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
cfc4eb4c 2439 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2440 } else {
3900e5fd 2441 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
cfc4eb4c 2442 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2443 }
034c6ed7
LP		 2444 break;
2445
2446 case SOCKET_STOP_PRE_SIGKILL:
3900e5fd 2447 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
cfc4eb4c 2448 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2449 break;
2450
2451 case SOCKET_STOP_POST:
3900e5fd 2452 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
cfc4eb4c 2453 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2454 break;
2455
80876c20 2456 case SOCKET_FINAL_SIGTERM:
4819ff03 2457 if (s->kill_context.send_sigkill) {
3900e5fd 2458 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
cfc4eb4c 2459 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
ba035df2 2460 } else {
3900e5fd 2461 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
cfc4eb4c 2462 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
ba035df2 2463 }
034c6ed7
LP		 2464 break;
2465
80876c20 2466 case SOCKET_FINAL_SIGKILL:
3900e5fd 2467 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
cfc4eb4c 2468 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
034c6ed7
LP		 2469 break;
2470
2471 default:
2472 assert_not_reached("Timeout at wrong time.");
2473 }
718db961
LP		 2474
2475 return 0;
5cb5a6ff
LP		 2476}
2477
44d8db9e
LP		 2478int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2479 int *rfds;
2480 unsigned rn_fds, k;
2481 SocketPort *p;
2482
2483 assert(s);
2484 assert(fds);
2485 assert(n_fds);
2486
2487 /* Called from the service code for requesting our fds */
2488
2489 rn_fds = 0;
2490 LIST_FOREACH(port, p, s->ports)
2491 if (p->fd >= 0)
2492 rn_fds++;
2493
de3756ab
LP		 2494 if (rn_fds <= 0) {
2495 *fds = NULL;
2496 *n_fds = 0;
2497 return 0;
2498 }
2499
e364ad06 2500 if (!(rfds = new(int, rn_fds)))
44d8db9e
LP		 2501 return -ENOMEM;
2502
2503 k = 0;
2504 LIST_FOREACH(port, p, s->ports)
2505 if (p->fd >= 0)
2506 rfds[k++] = p->fd;
2507
2508 assert(k == rn_fds);
2509
2510 *fds = rfds;
2511 *n_fds = rn_fds;
2512
2513 return 0;
2514}
2515
e821075a
LP		 2516static void socket_reset_failed(Unit *u) {
2517 Socket *s = SOCKET(u);
2518
2519 assert(s);
2520
2521 if (s->state == SOCKET_FAILED)
2522 socket_set_state(s, SOCKET_DEAD);
2523
2524 s->result = SOCKET_SUCCESS;
2525}
2526
d137a488 2527static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
ceee3d82
LP		 2528 assert(s);
2529
6cf6bbc2
LP		 2530 /* The service is dead. Dang!
2531 *
2532 * This is strictly for one-instance-for-all-connections
2533 * services. */
ceee3d82
LP		 2534
2535 if (s->state == SOCKET_RUNNING) {
e821075a 2536 log_debug_unit(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
6bda96a0
LP		 2537 if (failed_permanent)
2538 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
c2f34808
MS		 2539 else
2540 socket_enter_listening(s);
ceee3d82
LP		 2541 }
2542}
2543
6cf6bbc2
LP		 2544void socket_connection_unref(Socket *s) {
2545 assert(s);
2546
2547 /* The service is dead. Yay!
2548 *
35b8ca3a 2549 * This is strictly for one-instance-per-connection
6cf6bbc2
LP		 2550 * services. */
2551
2552 assert(s->n_connections > 0);
2553 s->n_connections--;
2554
e821075a 2555 log_debug_unit(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
5632e374
LP		 2556}
2557
d137a488
UTL		 2558static void socket_trigger_notify(Unit *u, Unit *other) {
2559 Socket *s = SOCKET(u);
e821075a 2560 Service *se;
d137a488
UTL		 2561
2562 assert(u);
2563 assert(other);
2564
2565 /* Don't propagate state changes from the service if we are
2566 already down or accepting connections */
2567 if ((s->state != SOCKET_RUNNING &&
2568 s->state != SOCKET_LISTENING) ||
2569 s->accept)
2570 return;
2571
2572 if (other->load_state != UNIT_LOADED ||
2573 other->type != UNIT_SERVICE)
2574 return;
2575
e821075a
LP		 2576 se = SERVICE(other);
2577
d137a488
UTL		 2578 if (se->state == SERVICE_FAILED)
2579 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2580
2581 if (se->state == SERVICE_DEAD ||
2582 se->state == SERVICE_STOP ||
2583 se->state == SERVICE_STOP_SIGTERM ||
2584 se->state == SERVICE_STOP_SIGKILL ||
2585 se->state == SERVICE_STOP_POST ||
2586 se->state == SERVICE_FINAL_SIGTERM ||
2587 se->state == SERVICE_FINAL_SIGKILL ||
2588 se->state == SERVICE_AUTO_RESTART)
2589 socket_notify_service_dead(s, false);
2590
2591 if (se->state == SERVICE_RUNNING)
2592 socket_set_state(s, SOCKET_RUNNING);
2593}
2594
718db961 2595static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
814cc562 2596 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
8a0867d6
LP		 2597}
2598
68db7a3b
ZJS		 2599static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2600 Socket *s = SOCKET(u);
2601 int r;
2602
2603 if (!s->timer_event_source)
2604 return 0;
2605
2606 r = sd_event_source_get_time(s->timer_event_source, timeout);
2607 if (r < 0)
2608 return r;
2609
2610 return 1;
2611}
2612
a16e1123
LP		 2613static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2614 [SOCKET_DEAD] = "dead",
2615 [SOCKET_START_PRE] = "start-pre",
3900e5fd 2616 [SOCKET_START_CHOWN] = "start-chown",
a16e1123
LP		 2617 [SOCKET_START_POST] = "start-post",
2618 [SOCKET_LISTENING] = "listening",
2619 [SOCKET_RUNNING] = "running",
2620 [SOCKET_STOP_PRE] = "stop-pre",
2621 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2622 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2623 [SOCKET_STOP_POST] = "stop-post",
2624 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2625 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
fdf20a31 2626 [SOCKET_FAILED] = "failed"
a16e1123
LP		 2627};
2628
2629DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2630
2631static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2632 [SOCKET_EXEC_START_PRE] = "StartPre",
3900e5fd 2633 [SOCKET_EXEC_START_CHOWN] = "StartChown",
a16e1123
LP		 2634 [SOCKET_EXEC_START_POST] = "StartPost",
2635 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2636 [SOCKET_EXEC_STOP_POST] = "StopPost"
2637};
2638
2639DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2640
cfc4eb4c
LP		 2641static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2642 [SOCKET_SUCCESS] = "success",
2643 [SOCKET_FAILURE_RESOURCES] = "resources",
2644 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2645 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2646 [SOCKET_FAILURE_SIGNAL] = "signal",
c2f34808 2647 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
6bda96a0 2648 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
cfc4eb4c
LP		 2649};
2650
2651DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2652
87f0e418 2653const UnitVTable socket_vtable = {
7d17cfbc 2654 .object_size = sizeof(Socket),
718db961
LP		 2655 .exec_context_offset = offsetof(Socket, exec_context),
2656 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2657 .kill_context_offset = offsetof(Socket, kill_context),
613b411c 2658 .exec_runtime_offset = offsetof(Socket, exec_runtime),
3ef63c31 2659
f975e971
LP		 2660 .sections =
2661 "Unit\0"
2662 "Socket\0"
2663 "Install\0",
4ad49000 2664 .private_section = "Socket",
71645aca 2665
034c6ed7
LP		 2666 .init = socket_init,
2667 .done = socket_done,
a16e1123
LP		 2668 .load = socket_load,
2669
2670 .coldplug = socket_coldplug,
034c6ed7 2671
5cb5a6ff
LP		 2672 .dump = socket_dump,
2673
542563ba
LP		 2674 .start = socket_start,
2675 .stop = socket_stop,
5cb5a6ff 2676
718db961
LP		 2677 .kill = socket_kill,
2678
68db7a3b
ZJS		 2679 .get_timeout = socket_get_timeout,
2680
a16e1123
LP		 2681 .serialize = socket_serialize,
2682 .deserialize_item = socket_deserialize_item,
01e10de3 2683 .distribute_fds = socket_distribute_fds,
a16e1123 2684
5cb5a6ff 2685 .active_state = socket_active_state,
10a94420 2686 .sub_state_to_string = socket_sub_state_to_string,
5cb5a6ff 2687
6cf6bbc2
LP		 2688 .check_gc = socket_check_gc,
2689
034c6ed7 2690 .sigchld_event = socket_sigchld_event,
4139c1b2 2691
d137a488
UTL		 2692 .trigger_notify = socket_trigger_notify,
2693
fdf20a31 2694 .reset_failed = socket_reset_failed,
5632e374 2695
c4e2ceae 2696 .bus_interface = "org.freedesktop.systemd1.Socket",
718db961 2697 .bus_vtable = bus_socket_vtable,
74c964d3
LP		 2698 .bus_set_property = bus_socket_set_property,
2699 .bus_commit_properties = bus_socket_commit_properties,
c6918296
MS		 2700
2701 .status_message_formats = {
2702 /*.starting_stopping = {
2703 [0] = "Starting socket %s...",
2704 [1] = "Stopping socket %s...",
2705 },*/
2706 .finished_start_job = {
2707 [JOB_DONE] = "Listening on %s.",
2708 [JOB_FAILED] = "Failed to listen on %s.",
2709 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2710 [JOB_TIMEOUT] = "Timed out starting %s.",
2711 },
2712 .finished_stop_job = {
2713 [JOB_DONE] = "Closed %s.",
2714 [JOB_FAILED] = "Failed stopping %s.",
2715 [JOB_TIMEOUT] = "Timed out stopping %s.",
2716 },
2717 },
5cb5a6ff 2718};
Unnamed repository; edit this file 'description' to name the repository.