]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #2131 from evverx/regenerate-m4-on-reconfigure
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <arpa/inet.h>
23 #include <errno.h>
24 #include <fcntl.h>
25 #include <mqueue.h>
26 #include <netinet/tcp.h>
27 #include <signal.h>
28 #include <sys/epoll.h>
29 #include <sys/stat.h>
30 #include <unistd.h>
31 #include <linux/sctp.h>
32
33 #include "sd-event.h"
34 #include "alloc-util.h"
35 #include "bus-error.h"
36 #include "bus-util.h"
37 #include "copy.h"
38 #include "dbus-socket.h"
39 #include "def.h"
40 #include "exit-status.h"
41 #include "fd-util.h"
42 #include "formats-util.h"
43 #include "label.h"
44 #include "log.h"
45 #include "missing.h"
46 #include "mkdir.h"
47 #include "parse-util.h"
48 #include "path-util.h"
49 #include "process-util.h"
50 #include "selinux-util.h"
51 #include "signal-util.h"
52 #include "smack-util.h"
53 #include "socket.h"
54 #include "special.h"
55 #include "string-table.h"
56 #include "string-util.h"
57 #include "strv.h"
58 #include "unit-name.h"
59 #include "unit-printf.h"
60 #include "unit.h"
61 #include "user-util.h"
62
63 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
64 [SOCKET_DEAD] = UNIT_INACTIVE,
65 [SOCKET_START_PRE] = UNIT_ACTIVATING,
66 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
67 [SOCKET_START_POST] = UNIT_ACTIVATING,
68 [SOCKET_LISTENING] = UNIT_ACTIVE,
69 [SOCKET_RUNNING] = UNIT_ACTIVE,
70 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
71 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
72 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
73 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
74 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
75 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
76 [SOCKET_FAILED] = UNIT_FAILED
77 };
78
79 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
80 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
81
82 static void socket_init(Unit *u) {
83 Socket *s = SOCKET(u);
84
85 assert(u);
86 assert(u->load_state == UNIT_STUB);
87
88 s->backlog = SOMAXCONN;
89 s->timeout_usec = u->manager->default_timeout_start_usec;
90 s->directory_mode = 0755;
91 s->socket_mode = 0666;
92
93 s->max_connections = 64;
94
95 s->priority = -1;
96 s->ip_tos = -1;
97 s->ip_ttl = -1;
98 s->mark = -1;
99
100 s->exec_context.std_output = u->manager->default_std_output;
101 s->exec_context.std_error = u->manager->default_std_error;
102
103 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
104 }
105
106 static void socket_unwatch_control_pid(Socket *s) {
107 assert(s);
108
109 if (s->control_pid <= 0)
110 return;
111
112 unit_unwatch_pid(UNIT(s), s->control_pid);
113 s->control_pid = 0;
114 }
115
116 static void socket_cleanup_fd_list(SocketPort *p) {
117 assert(p);
118
119 close_many(p->auxiliary_fds, p->n_auxiliary_fds);
120 p->auxiliary_fds = mfree(p->auxiliary_fds);
121 p->n_auxiliary_fds = 0;
122 }
123
124 void socket_free_ports(Socket *s) {
125 SocketPort *p;
126
127 assert(s);
128
129 while ((p = s->ports)) {
130 LIST_REMOVE(port, s->ports, p);
131
132 sd_event_source_unref(p->event_source);
133
134 socket_cleanup_fd_list(p);
135 safe_close(p->fd);
136 free(p->path);
137 free(p);
138 }
139 }
140
141 static void socket_done(Unit *u) {
142 Socket *s = SOCKET(u);
143
144 assert(s);
145
146 socket_free_ports(s);
147
148 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
149 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
150 s->control_command = NULL;
151
152 socket_unwatch_control_pid(s);
153
154 unit_ref_unset(&s->service);
155
156 s->tcp_congestion = mfree(s->tcp_congestion);
157 s->bind_to_device = mfree(s->bind_to_device);
158
159 s->smack = mfree(s->smack);
160 s->smack_ip_in = mfree(s->smack_ip_in);
161 s->smack_ip_out = mfree(s->smack_ip_out);
162
163 strv_free(s->symlinks);
164
165 s->user = mfree(s->user);
166 s->group = mfree(s->group);
167
168 s->fdname = mfree(s->fdname);
169
170 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
171 }
172
173 static int socket_arm_timer(Socket *s) {
174 int r;
175
176 assert(s);
177
178 if (s->timeout_usec <= 0) {
179 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
180 return 0;
181 }
182
183 if (s->timer_event_source) {
184 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
185 if (r < 0)
186 return r;
187
188 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
189 }
190
191 r = sd_event_add_time(
192 UNIT(s)->manager->event,
193 &s->timer_event_source,
194 CLOCK_MONOTONIC,
195 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
196 socket_dispatch_timer, s);
197 if (r < 0)
198 return r;
199
200 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
201
202 return 0;
203 }
204
205 int socket_instantiate_service(Socket *s) {
206 _cleanup_free_ char *prefix = NULL, *name = NULL;
207 int r;
208 Unit *u;
209
210 assert(s);
211
212 /* This fills in s->service if it isn't filled in yet. For
213 * Accept=yes sockets we create the next connection service
214 * here. For Accept=no this is mostly a NOP since the service
215 * is figured out at load time anyway. */
216
217 if (UNIT_DEREF(s->service))
218 return 0;
219
220 if (!s->accept)
221 return 0;
222
223 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
224 if (r < 0)
225 return r;
226
227 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
228 return -ENOMEM;
229
230 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
231 if (r < 0)
232 return r;
233
234 u->no_gc = true;
235 unit_ref_set(&s->service, u);
236
237 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
238 }
239
240 static bool have_non_accept_socket(Socket *s) {
241 SocketPort *p;
242
243 assert(s);
244
245 if (!s->accept)
246 return true;
247
248 LIST_FOREACH(port, p, s->ports) {
249
250 if (p->type != SOCKET_SOCKET)
251 return true;
252
253 if (!socket_address_can_accept(&p->address))
254 return true;
255 }
256
257 return false;
258 }
259
260 static int socket_add_mount_links(Socket *s) {
261 SocketPort *p;
262 int r;
263
264 assert(s);
265
266 LIST_FOREACH(port, p, s->ports) {
267 const char *path = NULL;
268
269 if (p->type == SOCKET_SOCKET)
270 path = socket_address_get_path(&p->address);
271 else if (IN_SET(p->type, SOCKET_FIFO, SOCKET_SPECIAL, SOCKET_USB_FUNCTION))
272 path = p->path;
273
274 if (!path)
275 continue;
276
277 r = unit_require_mounts_for(UNIT(s), path);
278 if (r < 0)
279 return r;
280 }
281
282 return 0;
283 }
284
285 static int socket_add_device_link(Socket *s) {
286 char *t;
287
288 assert(s);
289
290 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
291 return 0;
292
293 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
294 return unit_add_node_link(UNIT(s), t, false, UNIT_BINDS_TO);
295 }
296
297 static int socket_add_default_dependencies(Socket *s) {
298 int r;
299 assert(s);
300
301 if (!UNIT(s)->default_dependencies)
302 return 0;
303
304 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
305 if (r < 0)
306 return r;
307
308 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
309 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
310 if (r < 0)
311 return r;
312 }
313
314 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
315 }
316
317 _pure_ static bool socket_has_exec(Socket *s) {
318 unsigned i;
319 assert(s);
320
321 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
322 if (s->exec_command[i])
323 return true;
324
325 return false;
326 }
327
328 static int socket_add_extras(Socket *s) {
329 Unit *u = UNIT(s);
330 int r;
331
332 assert(s);
333
334 if (have_non_accept_socket(s)) {
335
336 if (!UNIT_DEREF(s->service)) {
337 Unit *x;
338
339 r = unit_load_related_unit(u, ".service", &x);
340 if (r < 0)
341 return r;
342
343 unit_ref_set(&s->service, x);
344 }
345
346 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
347 if (r < 0)
348 return r;
349 }
350
351 r = socket_add_mount_links(s);
352 if (r < 0)
353 return r;
354
355 r = socket_add_device_link(s);
356 if (r < 0)
357 return r;
358
359 r = unit_patch_contexts(u);
360 if (r < 0)
361 return r;
362
363 if (socket_has_exec(s)) {
364 r = unit_add_exec_dependencies(u, &s->exec_context);
365 if (r < 0)
366 return r;
367
368 r = unit_set_default_slice(u);
369 if (r < 0)
370 return r;
371 }
372
373 r = socket_add_default_dependencies(s);
374 if (r < 0)
375 return r;
376
377 return 0;
378 }
379
380 static const char *socket_find_symlink_target(Socket *s) {
381 const char *found = NULL;
382 SocketPort *p;
383
384 LIST_FOREACH(port, p, s->ports) {
385 const char *f = NULL;
386
387 switch (p->type) {
388
389 case SOCKET_FIFO:
390 f = p->path;
391 break;
392
393 case SOCKET_SOCKET:
394 if (p->address.sockaddr.un.sun_path[0] != 0)
395 f = p->address.sockaddr.un.sun_path;
396 break;
397
398 default:
399 break;
400 }
401
402 if (f) {
403 if (found)
404 return NULL;
405
406 found = f;
407 }
408 }
409
410 return found;
411 }
412
413 static int socket_verify(Socket *s) {
414 assert(s);
415
416 if (UNIT(s)->load_state != UNIT_LOADED)
417 return 0;
418
419 if (!s->ports) {
420 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
421 return -EINVAL;
422 }
423
424 if (s->accept && have_non_accept_socket(s)) {
425 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
426 return -EINVAL;
427 }
428
429 if (s->accept && s->max_connections <= 0) {
430 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
431 return -EINVAL;
432 }
433
434 if (s->accept && UNIT_DEREF(s->service)) {
435 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
436 return -EINVAL;
437 }
438
439 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
440 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
441 return -EINVAL;
442 }
443
444 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
445 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
446 return -EINVAL;
447 }
448
449 return 0;
450 }
451
452 static int socket_load(Unit *u) {
453 Socket *s = SOCKET(u);
454 int r;
455
456 assert(u);
457 assert(u->load_state == UNIT_STUB);
458
459 r = unit_load_fragment_and_dropin(u);
460 if (r < 0)
461 return r;
462
463 if (u->load_state == UNIT_LOADED) {
464 /* This is a new unit? Then let's add in some extras */
465 r = socket_add_extras(s);
466 if (r < 0)
467 return r;
468 }
469
470 return socket_verify(s);
471 }
472
473 _const_ static const char* listen_lookup(int family, int type) {
474
475 if (family == AF_NETLINK)
476 return "ListenNetlink";
477
478 if (type == SOCK_STREAM)
479 return "ListenStream";
480 else if (type == SOCK_DGRAM)
481 return "ListenDatagram";
482 else if (type == SOCK_SEQPACKET)
483 return "ListenSequentialPacket";
484
485 assert_not_reached("Unknown socket type");
486 return NULL;
487 }
488
489 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
490 char time_string[FORMAT_TIMESPAN_MAX];
491 SocketExecCommand c;
492 Socket *s = SOCKET(u);
493 SocketPort *p;
494 const char *prefix2;
495
496 assert(s);
497 assert(f);
498
499 prefix = strempty(prefix);
500 prefix2 = strjoina(prefix, "\t");
501
502 fprintf(f,
503 "%sSocket State: %s\n"
504 "%sResult: %s\n"
505 "%sBindIPv6Only: %s\n"
506 "%sBacklog: %u\n"
507 "%sSocketMode: %04o\n"
508 "%sDirectoryMode: %04o\n"
509 "%sKeepAlive: %s\n"
510 "%sNoDelay: %s\n"
511 "%sFreeBind: %s\n"
512 "%sTransparent: %s\n"
513 "%sBroadcast: %s\n"
514 "%sPassCredentials: %s\n"
515 "%sPassSecurity: %s\n"
516 "%sTCPCongestion: %s\n"
517 "%sRemoveOnStop: %s\n"
518 "%sWritable: %s\n"
519 "%sFDName: %s\n"
520 "%sSELinuxContextFromNet: %s\n",
521 prefix, socket_state_to_string(s->state),
522 prefix, socket_result_to_string(s->result),
523 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
524 prefix, s->backlog,
525 prefix, s->socket_mode,
526 prefix, s->directory_mode,
527 prefix, yes_no(s->keep_alive),
528 prefix, yes_no(s->no_delay),
529 prefix, yes_no(s->free_bind),
530 prefix, yes_no(s->transparent),
531 prefix, yes_no(s->broadcast),
532 prefix, yes_no(s->pass_cred),
533 prefix, yes_no(s->pass_sec),
534 prefix, strna(s->tcp_congestion),
535 prefix, yes_no(s->remove_on_stop),
536 prefix, yes_no(s->writable),
537 prefix, socket_fdname(s),
538 prefix, yes_no(s->selinux_context_from_net));
539
540 if (s->control_pid > 0)
541 fprintf(f,
542 "%sControl PID: "PID_FMT"\n",
543 prefix, s->control_pid);
544
545 if (s->bind_to_device)
546 fprintf(f,
547 "%sBindToDevice: %s\n",
548 prefix, s->bind_to_device);
549
550 if (s->accept)
551 fprintf(f,
552 "%sAccepted: %u\n"
553 "%sNConnections: %u\n"
554 "%sMaxConnections: %u\n",
555 prefix, s->n_accepted,
556 prefix, s->n_connections,
557 prefix, s->max_connections);
558
559 if (s->priority >= 0)
560 fprintf(f,
561 "%sPriority: %i\n",
562 prefix, s->priority);
563
564 if (s->receive_buffer > 0)
565 fprintf(f,
566 "%sReceiveBuffer: %zu\n",
567 prefix, s->receive_buffer);
568
569 if (s->send_buffer > 0)
570 fprintf(f,
571 "%sSendBuffer: %zu\n",
572 prefix, s->send_buffer);
573
574 if (s->ip_tos >= 0)
575 fprintf(f,
576 "%sIPTOS: %i\n",
577 prefix, s->ip_tos);
578
579 if (s->ip_ttl >= 0)
580 fprintf(f,
581 "%sIPTTL: %i\n",
582 prefix, s->ip_ttl);
583
584 if (s->pipe_size > 0)
585 fprintf(f,
586 "%sPipeSize: %zu\n",
587 prefix, s->pipe_size);
588
589 if (s->mark >= 0)
590 fprintf(f,
591 "%sMark: %i\n",
592 prefix, s->mark);
593
594 if (s->mq_maxmsg > 0)
595 fprintf(f,
596 "%sMessageQueueMaxMessages: %li\n",
597 prefix, s->mq_maxmsg);
598
599 if (s->mq_msgsize > 0)
600 fprintf(f,
601 "%sMessageQueueMessageSize: %li\n",
602 prefix, s->mq_msgsize);
603
604 if (s->reuse_port)
605 fprintf(f,
606 "%sReusePort: %s\n",
607 prefix, yes_no(s->reuse_port));
608
609 if (s->smack)
610 fprintf(f,
611 "%sSmackLabel: %s\n",
612 prefix, s->smack);
613
614 if (s->smack_ip_in)
615 fprintf(f,
616 "%sSmackLabelIPIn: %s\n",
617 prefix, s->smack_ip_in);
618
619 if (s->smack_ip_out)
620 fprintf(f,
621 "%sSmackLabelIPOut: %s\n",
622 prefix, s->smack_ip_out);
623
624 if (!isempty(s->user) || !isempty(s->group))
625 fprintf(f,
626 "%sOwnerUser: %s\n"
627 "%sOwnerGroup: %s\n",
628 prefix, strna(s->user),
629 prefix, strna(s->group));
630
631 if (s->keep_alive_time > 0)
632 fprintf(f,
633 "%sKeepAliveTimeSec: %s\n",
634 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
635
636 if (s->keep_alive_interval)
637 fprintf(f,
638 "%sKeepAliveIntervalSec: %s\n",
639 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
640
641 if (s->keep_alive_cnt)
642 fprintf(f,
643 "%sKeepAliveProbes: %u\n",
644 prefix, s->keep_alive_cnt);
645
646 if (s->defer_accept)
647 fprintf(f,
648 "%sDeferAcceptSec: %s\n",
649 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
650
651 LIST_FOREACH(port, p, s->ports) {
652
653 if (p->type == SOCKET_SOCKET) {
654 const char *t;
655 int r;
656 char *k = NULL;
657
658 r = socket_address_print(&p->address, &k);
659 if (r < 0)
660 t = strerror(-r);
661 else
662 t = k;
663
664 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
665 free(k);
666 } else if (p->type == SOCKET_SPECIAL)
667 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
668 else if (p->type == SOCKET_USB_FUNCTION)
669 fprintf(f, "%sListenUSBFunction: %s\n", prefix, p->path);
670 else if (p->type == SOCKET_MQUEUE)
671 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
672 else
673 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
674 }
675
676 exec_context_dump(&s->exec_context, f, prefix);
677 kill_context_dump(&s->kill_context, f, prefix);
678
679 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
680 if (!s->exec_command[c])
681 continue;
682
683 fprintf(f, "%s-> %s:\n",
684 prefix, socket_exec_command_to_string(c));
685
686 exec_command_dump_list(s->exec_command[c], f, prefix2);
687 }
688 }
689
690 static int instance_from_socket(int fd, unsigned nr, char **instance) {
691 socklen_t l;
692 char *r;
693 union sockaddr_union local, remote;
694
695 assert(fd >= 0);
696 assert(instance);
697
698 l = sizeof(local);
699 if (getsockname(fd, &local.sa, &l) < 0)
700 return -errno;
701
702 l = sizeof(remote);
703 if (getpeername(fd, &remote.sa, &l) < 0)
704 return -errno;
705
706 switch (local.sa.sa_family) {
707
708 case AF_INET: {
709 uint32_t
710 a = ntohl(local.in.sin_addr.s_addr),
711 b = ntohl(remote.in.sin_addr.s_addr);
712
713 if (asprintf(&r,
714 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
715 nr,
716 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
717 ntohs(local.in.sin_port),
718 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
719 ntohs(remote.in.sin_port)) < 0)
720 return -ENOMEM;
721
722 break;
723 }
724
725 case AF_INET6: {
726 static const unsigned char ipv4_prefix[] = {
727 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
728 };
729
730 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
731 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
732 const uint8_t
733 *a = local.in6.sin6_addr.s6_addr+12,
734 *b = remote.in6.sin6_addr.s6_addr+12;
735
736 if (asprintf(&r,
737 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
738 nr,
739 a[0], a[1], a[2], a[3],
740 ntohs(local.in6.sin6_port),
741 b[0], b[1], b[2], b[3],
742 ntohs(remote.in6.sin6_port)) < 0)
743 return -ENOMEM;
744 } else {
745 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
746
747 if (asprintf(&r,
748 "%u-%s:%u-%s:%u",
749 nr,
750 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
751 ntohs(local.in6.sin6_port),
752 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
753 ntohs(remote.in6.sin6_port)) < 0)
754 return -ENOMEM;
755 }
756
757 break;
758 }
759
760 case AF_UNIX: {
761 struct ucred ucred;
762 int k;
763
764 k = getpeercred(fd, &ucred);
765 if (k >= 0) {
766 if (asprintf(&r,
767 "%u-"PID_FMT"-"UID_FMT,
768 nr, ucred.pid, ucred.uid) < 0)
769 return -ENOMEM;
770 } else if (k == -ENODATA) {
771 /* This handles the case where somebody is
772 * connecting from another pid/uid namespace
773 * (e.g. from outside of our container). */
774 if (asprintf(&r,
775 "%u-unknown",
776 nr) < 0)
777 return -ENOMEM;
778 } else
779 return k;
780
781 break;
782 }
783
784 default:
785 assert_not_reached("Unhandled socket type.");
786 }
787
788 *instance = r;
789 return 0;
790 }
791
792 static void socket_close_fds(Socket *s) {
793 SocketPort *p;
794 char **i;
795
796 assert(s);
797
798 LIST_FOREACH(port, p, s->ports) {
799
800 p->event_source = sd_event_source_unref(p->event_source);
801
802 if (p->fd < 0)
803 continue;
804
805 p->fd = safe_close(p->fd);
806 socket_cleanup_fd_list(p);
807
808 /* One little note: we should normally not delete any
809 * sockets in the file system here! After all some
810 * other process we spawned might still have a
811 * reference of this fd and wants to continue to use
812 * it. Therefore we delete sockets in the file system
813 * before we create a new one, not after we stopped
814 * using one! */
815
816 if (s->remove_on_stop) {
817 switch (p->type) {
818
819 case SOCKET_FIFO:
820 unlink(p->path);
821 break;
822
823 case SOCKET_MQUEUE:
824 mq_unlink(p->path);
825 break;
826
827 case SOCKET_SOCKET:
828 socket_address_unlink(&p->address);
829 break;
830
831 default:
832 break;
833 }
834 }
835 }
836
837 if (s->remove_on_stop)
838 STRV_FOREACH(i, s->symlinks)
839 unlink(*i);
840 }
841
842 static void socket_apply_socket_options(Socket *s, int fd) {
843 int r;
844
845 assert(s);
846 assert(fd >= 0);
847
848 if (s->keep_alive) {
849 int b = s->keep_alive;
850 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
851 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
852 }
853
854 if (s->keep_alive_time) {
855 int value = s->keep_alive_time / USEC_PER_SEC;
856 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
857 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
858 }
859
860 if (s->keep_alive_interval) {
861 int value = s->keep_alive_interval / USEC_PER_SEC;
862 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
863 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
864 }
865
866 if (s->keep_alive_cnt) {
867 int value = s->keep_alive_cnt;
868 if (setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &value, sizeof(value)) < 0)
869 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
870 }
871
872 if (s->defer_accept) {
873 int value = s->defer_accept / USEC_PER_SEC;
874 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
875 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
876 }
877
878 if (s->no_delay) {
879 int b = s->no_delay;
880
881 if (s->socket_protocol == IPPROTO_SCTP) {
882 if (setsockopt(fd, SOL_SCTP, SCTP_NODELAY, &b, sizeof(b)) < 0)
883 log_unit_warning_errno(UNIT(s), errno, "SCTP_NODELAY failed: %m");
884 } else {
885 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
886 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
887 }
888 }
889
890 if (s->broadcast) {
891 int one = 1;
892 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
893 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
894 }
895
896 if (s->pass_cred) {
897 int one = 1;
898 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
899 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
900 }
901
902 if (s->pass_sec) {
903 int one = 1;
904 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
905 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
906 }
907
908 if (s->priority >= 0)
909 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
910 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
911
912 if (s->receive_buffer > 0) {
913 int value = (int) s->receive_buffer;
914
915 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
916
917 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
918 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
919 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
920 }
921
922 if (s->send_buffer > 0) {
923 int value = (int) s->send_buffer;
924 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
925 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
926 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
927 }
928
929 if (s->mark >= 0)
930 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
931 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
932
933 if (s->ip_tos >= 0)
934 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
935 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
936
937 if (s->ip_ttl >= 0) {
938 int x;
939
940 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
941
942 if (socket_ipv6_is_supported())
943 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
944 else {
945 x = -1;
946 errno = EAFNOSUPPORT;
947 }
948
949 if (r < 0 && x < 0)
950 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
951 }
952
953 if (s->tcp_congestion)
954 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
955 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
956
957 if (s->smack_ip_in) {
958 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
959 if (r < 0)
960 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
961 }
962
963 if (s->smack_ip_out) {
964 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
965 if (r < 0)
966 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
967 }
968 }
969
970 static void socket_apply_fifo_options(Socket *s, int fd) {
971 int r;
972
973 assert(s);
974 assert(fd >= 0);
975
976 if (s->pipe_size > 0)
977 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
978 log_unit_warning_errno(UNIT(s), errno, "Setting pipe size failed, ignoring: %m");
979
980 if (s->smack) {
981 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
982 if (r < 0)
983 log_unit_error_errno(UNIT(s), r, "SMACK relabelling failed, ignoring: %m");
984 }
985 }
986
987 static int fifo_address_create(
988 const char *path,
989 mode_t directory_mode,
990 mode_t socket_mode) {
991
992 _cleanup_close_ int fd = -1;
993 mode_t old_mask;
994 struct stat st;
995 int r;
996
997 assert(path);
998
999 mkdir_parents_label(path, directory_mode);
1000
1001 r = mac_selinux_create_file_prepare(path, S_IFIFO);
1002 if (r < 0)
1003 return r;
1004
1005 /* Enforce the right access mode for the fifo */
1006 old_mask = umask(~ socket_mode);
1007
1008 /* Include the original umask in our mask */
1009 (void) umask(~socket_mode | old_mask);
1010
1011 r = mkfifo(path, socket_mode);
1012 (void) umask(old_mask);
1013
1014 if (r < 0 && errno != EEXIST) {
1015 r = -errno;
1016 goto fail;
1017 }
1018
1019 fd = open(path, O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
1020 if (fd < 0) {
1021 r = -errno;
1022 goto fail;
1023 }
1024
1025 mac_selinux_create_file_clear();
1026
1027 if (fstat(fd, &st) < 0) {
1028 r = -errno;
1029 goto fail;
1030 }
1031
1032 if (!S_ISFIFO(st.st_mode) ||
1033 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1034 st.st_uid != getuid() ||
1035 st.st_gid != getgid()) {
1036 r = -EEXIST;
1037 goto fail;
1038 }
1039
1040 r = fd;
1041 fd = -1;
1042
1043 return r;
1044
1045 fail:
1046 mac_selinux_create_file_clear();
1047 return r;
1048 }
1049
1050 static int special_address_create(const char *path, bool writable) {
1051 _cleanup_close_ int fd = -1;
1052 struct stat st;
1053 int r;
1054
1055 assert(path);
1056
1057 fd = open(path, (writable ? O_RDWR : O_RDONLY)|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1058 if (fd < 0)
1059 return -errno;
1060
1061 if (fstat(fd, &st) < 0)
1062 return -errno;
1063
1064 /* Check whether this is a /proc, /sys or /dev file or char device */
1065 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode))
1066 return -EEXIST;
1067
1068 r = fd;
1069 fd = -1;
1070
1071 return r;
1072 }
1073
1074 static int usbffs_address_create(const char *path) {
1075 _cleanup_close_ int fd = -1;
1076 struct stat st;
1077 int r;
1078
1079 assert(path);
1080
1081 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1082 if (fd < 0)
1083 return -errno;
1084
1085 if (fstat(fd, &st) < 0)
1086 return -errno;
1087
1088 /* Check whether this is a regular file (ffs endpoint)*/
1089 if (!S_ISREG(st.st_mode))
1090 return -EEXIST;
1091
1092 r = fd;
1093 fd = -1;
1094
1095 return r;
1096 }
1097
1098 static int mq_address_create(
1099 const char *path,
1100 mode_t mq_mode,
1101 long maxmsg,
1102 long msgsize) {
1103
1104 _cleanup_close_ int fd = -1;
1105 struct stat st;
1106 mode_t old_mask;
1107 struct mq_attr _attr, *attr = NULL;
1108 int r;
1109
1110 assert(path);
1111
1112 if (maxmsg > 0 && msgsize > 0) {
1113 _attr = (struct mq_attr) {
1114 .mq_flags = O_NONBLOCK,
1115 .mq_maxmsg = maxmsg,
1116 .mq_msgsize = msgsize,
1117 };
1118 attr = &_attr;
1119 }
1120
1121 /* Enforce the right access mode for the mq */
1122 old_mask = umask(~ mq_mode);
1123
1124 /* Include the original umask in our mask */
1125 (void) umask(~mq_mode | old_mask);
1126 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1127 (void) umask(old_mask);
1128
1129 if (fd < 0)
1130 return -errno;
1131
1132 if (fstat(fd, &st) < 0)
1133 return -errno;
1134
1135 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1136 st.st_uid != getuid() ||
1137 st.st_gid != getgid())
1138 return -EEXIST;
1139
1140 r = fd;
1141 fd = -1;
1142
1143 return r;
1144 }
1145
1146 static int socket_symlink(Socket *s) {
1147 const char *p;
1148 char **i;
1149
1150 assert(s);
1151
1152 p = socket_find_symlink_target(s);
1153 if (!p)
1154 return 0;
1155
1156 STRV_FOREACH(i, s->symlinks)
1157 symlink_label(p, *i);
1158
1159 return 0;
1160 }
1161
1162 static int usbffs_write_descs(int fd, Service *s) {
1163 int r;
1164
1165 if (!s->usb_function_descriptors || !s->usb_function_strings)
1166 return -EINVAL;
1167
1168 r = copy_file_fd(s->usb_function_descriptors, fd, false);
1169 if (r < 0)
1170 return r;
1171
1172 return copy_file_fd(s->usb_function_strings, fd, false);
1173 }
1174
1175 static int usbffs_select_ep(const struct dirent *d) {
1176 return d->d_name[0] != '.' && !streq(d->d_name, "ep0");
1177 }
1178
1179 static int usbffs_dispatch_eps(SocketPort *p) {
1180 _cleanup_free_ struct dirent **ent = NULL;
1181 _cleanup_free_ char *path = NULL;
1182 int r, i, n, k;
1183
1184 path = dirname_malloc(p->path);
1185 if (!path)
1186 return -ENOMEM;
1187
1188 r = scandir(path, &ent, usbffs_select_ep, alphasort);
1189 if (r < 0)
1190 return -errno;
1191
1192 n = r;
1193 p->auxiliary_fds = new(int, n);
1194 if (!p->auxiliary_fds)
1195 return -ENOMEM;
1196
1197 p->n_auxiliary_fds = n;
1198
1199 k = 0;
1200 for (i = 0; i < n; ++i) {
1201 _cleanup_free_ char *ep = NULL;
1202
1203 ep = path_make_absolute(ent[i]->d_name, path);
1204 if (!ep)
1205 return -ENOMEM;
1206
1207 path_kill_slashes(ep);
1208
1209 r = usbffs_address_create(ep);
1210 if (r < 0)
1211 goto fail;
1212
1213 p->auxiliary_fds[k] = r;
1214
1215 ++k;
1216 free(ent[i]);
1217 }
1218
1219 return r;
1220
1221 fail:
1222 close_many(p->auxiliary_fds, k);
1223 p->auxiliary_fds = mfree(p->auxiliary_fds);
1224 p->n_auxiliary_fds = 0;
1225
1226 return r;
1227 }
1228
1229 static int socket_open_fds(Socket *s) {
1230 _cleanup_(mac_selinux_freep) char *label = NULL;
1231 bool know_label = false;
1232 SocketPort *p;
1233 int r;
1234
1235 assert(s);
1236
1237 LIST_FOREACH(port, p, s->ports) {
1238
1239 if (p->fd >= 0)
1240 continue;
1241
1242 switch (p->type) {
1243
1244 case SOCKET_SOCKET:
1245
1246 if (!know_label) {
1247 /* Figure out label, if we don't it know
1248 * yet. We do it once, for the first
1249 * socket where we need this and
1250 * remember it for the rest. */
1251
1252 if (s->selinux_context_from_net) {
1253 /* Get it from the network label */
1254
1255 r = mac_selinux_get_our_label(&label);
1256 if (r < 0 && r != -EOPNOTSUPP)
1257 goto rollback;
1258
1259 } else {
1260 /* Get it from the executable we are about to start */
1261
1262 r = socket_instantiate_service(s);
1263 if (r < 0)
1264 goto rollback;
1265
1266 if (UNIT_ISSET(s->service) &&
1267 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1268 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1269 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1270 goto rollback;
1271 }
1272 }
1273
1274 know_label = true;
1275 }
1276
1277 /* Apply the socket protocol */
1278 switch(p->address.type) {
1279 case SOCK_STREAM:
1280 case SOCK_SEQPACKET:
1281 if (p->socket->socket_protocol == IPPROTO_SCTP)
1282 p->address.protocol = p->socket->socket_protocol;
1283 break;
1284 case SOCK_DGRAM:
1285 if (p->socket->socket_protocol == IPPROTO_UDPLITE)
1286 p->address.protocol = p->socket->socket_protocol;
1287 break;
1288 }
1289
1290 r = socket_address_listen(
1291 &p->address,
1292 SOCK_CLOEXEC|SOCK_NONBLOCK,
1293 s->backlog,
1294 s->bind_ipv6_only,
1295 s->bind_to_device,
1296 s->reuse_port,
1297 s->free_bind,
1298 s->transparent,
1299 s->directory_mode,
1300 s->socket_mode,
1301 label);
1302 if (r < 0)
1303 goto rollback;
1304
1305 p->fd = r;
1306 socket_apply_socket_options(s, p->fd);
1307 socket_symlink(s);
1308 break;
1309
1310 case SOCKET_SPECIAL:
1311
1312 p->fd = special_address_create(p->path, s->writable);
1313 if (p->fd < 0) {
1314 r = p->fd;
1315 goto rollback;
1316 }
1317 break;
1318
1319 case SOCKET_FIFO:
1320
1321 p->fd = fifo_address_create(
1322 p->path,
1323 s->directory_mode,
1324 s->socket_mode);
1325 if (p->fd < 0) {
1326 r = p->fd;
1327 goto rollback;
1328 }
1329
1330 socket_apply_fifo_options(s, p->fd);
1331 socket_symlink(s);
1332 break;
1333
1334 case SOCKET_MQUEUE:
1335
1336 p->fd = mq_address_create(
1337 p->path,
1338 s->socket_mode,
1339 s->mq_maxmsg,
1340 s->mq_msgsize);
1341 if (p->fd < 0) {
1342 r = p->fd;
1343 goto rollback;
1344 }
1345 break;
1346
1347 case SOCKET_USB_FUNCTION:
1348
1349 p->fd = usbffs_address_create(p->path);
1350 if (p->fd < 0) {
1351 r = p->fd;
1352 goto rollback;
1353 }
1354
1355 r = usbffs_write_descs(p->fd, SERVICE(UNIT_DEREF(s->service)));
1356 if (r < 0)
1357 goto rollback;
1358
1359 r = usbffs_dispatch_eps(p);
1360 if (r < 0)
1361 goto rollback;
1362
1363 break;
1364
1365 default:
1366 assert_not_reached("Unknown port type");
1367 }
1368 }
1369
1370 return 0;
1371
1372 rollback:
1373 socket_close_fds(s);
1374 return r;
1375 }
1376
1377 static void socket_unwatch_fds(Socket *s) {
1378 SocketPort *p;
1379 int r;
1380
1381 assert(s);
1382
1383 LIST_FOREACH(port, p, s->ports) {
1384 if (p->fd < 0)
1385 continue;
1386
1387 if (!p->event_source)
1388 continue;
1389
1390 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1391 if (r < 0)
1392 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
1393 }
1394 }
1395
1396 static int socket_watch_fds(Socket *s) {
1397 SocketPort *p;
1398 int r;
1399
1400 assert(s);
1401
1402 LIST_FOREACH(port, p, s->ports) {
1403 if (p->fd < 0)
1404 continue;
1405
1406 if (p->event_source) {
1407 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1408 if (r < 0)
1409 goto fail;
1410 } else {
1411 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1412 if (r < 0)
1413 goto fail;
1414
1415 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1416 }
1417 }
1418
1419 return 0;
1420
1421 fail:
1422 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
1423 socket_unwatch_fds(s);
1424 return r;
1425 }
1426
1427 static void socket_set_state(Socket *s, SocketState state) {
1428 SocketState old_state;
1429 assert(s);
1430
1431 old_state = s->state;
1432 s->state = state;
1433
1434 if (!IN_SET(state,
1435 SOCKET_START_PRE,
1436 SOCKET_START_CHOWN,
1437 SOCKET_START_POST,
1438 SOCKET_STOP_PRE,
1439 SOCKET_STOP_PRE_SIGTERM,
1440 SOCKET_STOP_PRE_SIGKILL,
1441 SOCKET_STOP_POST,
1442 SOCKET_FINAL_SIGTERM,
1443 SOCKET_FINAL_SIGKILL)) {
1444
1445 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1446 socket_unwatch_control_pid(s);
1447 s->control_command = NULL;
1448 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1449 }
1450
1451 if (state != SOCKET_LISTENING)
1452 socket_unwatch_fds(s);
1453
1454 if (!IN_SET(state,
1455 SOCKET_START_CHOWN,
1456 SOCKET_START_POST,
1457 SOCKET_LISTENING,
1458 SOCKET_RUNNING,
1459 SOCKET_STOP_PRE,
1460 SOCKET_STOP_PRE_SIGTERM,
1461 SOCKET_STOP_PRE_SIGKILL))
1462 socket_close_fds(s);
1463
1464 if (state != old_state)
1465 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
1466
1467 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1468 }
1469
1470 static int socket_coldplug(Unit *u) {
1471 Socket *s = SOCKET(u);
1472 int r;
1473
1474 assert(s);
1475 assert(s->state == SOCKET_DEAD);
1476
1477 if (s->deserialized_state == s->state)
1478 return 0;
1479
1480 if (s->control_pid > 0 &&
1481 pid_is_unwaited(s->control_pid) &&
1482 IN_SET(s->deserialized_state,
1483 SOCKET_START_PRE,
1484 SOCKET_START_CHOWN,
1485 SOCKET_START_POST,
1486 SOCKET_STOP_PRE,
1487 SOCKET_STOP_PRE_SIGTERM,
1488 SOCKET_STOP_PRE_SIGKILL,
1489 SOCKET_STOP_POST,
1490 SOCKET_FINAL_SIGTERM,
1491 SOCKET_FINAL_SIGKILL)) {
1492
1493 r = unit_watch_pid(UNIT(s), s->control_pid);
1494 if (r < 0)
1495 return r;
1496
1497 r = socket_arm_timer(s);
1498 if (r < 0)
1499 return r;
1500 }
1501
1502 if (IN_SET(s->deserialized_state,
1503 SOCKET_START_CHOWN,
1504 SOCKET_START_POST,
1505 SOCKET_LISTENING,
1506 SOCKET_RUNNING,
1507 SOCKET_STOP_PRE,
1508 SOCKET_STOP_PRE_SIGTERM,
1509 SOCKET_STOP_PRE_SIGKILL)) {
1510 r = socket_open_fds(s);
1511 if (r < 0)
1512 return r;
1513 }
1514
1515 if (s->deserialized_state == SOCKET_LISTENING) {
1516 r = socket_watch_fds(s);
1517 if (r < 0)
1518 return r;
1519 }
1520
1521 socket_set_state(s, s->deserialized_state);
1522 return 0;
1523 }
1524
1525 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1526 _cleanup_free_ char **argv = NULL;
1527 pid_t pid;
1528 int r;
1529 ExecParameters exec_params = {
1530 .apply_permissions = true,
1531 .apply_chroot = true,
1532 .apply_tty_stdin = true,
1533 .bus_endpoint_fd = -1,
1534 .stdin_fd = -1,
1535 .stdout_fd = -1,
1536 .stderr_fd = -1,
1537 };
1538
1539 assert(s);
1540 assert(c);
1541 assert(_pid);
1542
1543 (void) unit_realize_cgroup(UNIT(s));
1544 if (s->reset_cpu_usage) {
1545 (void) unit_reset_cpu_usage(UNIT(s));
1546 s->reset_cpu_usage = false;
1547 }
1548
1549 r = unit_setup_exec_runtime(UNIT(s));
1550 if (r < 0)
1551 goto fail;
1552
1553 r = socket_arm_timer(s);
1554 if (r < 0)
1555 goto fail;
1556
1557 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1558 if (r < 0)
1559 goto fail;
1560
1561 exec_params.argv = argv;
1562 exec_params.environment = UNIT(s)->manager->environment;
1563 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1564 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1565 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1566 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1567 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1568
1569 r = exec_spawn(UNIT(s),
1570 c,
1571 &s->exec_context,
1572 &exec_params,
1573 s->exec_runtime,
1574 &pid);
1575 if (r < 0)
1576 goto fail;
1577
1578 r = unit_watch_pid(UNIT(s), pid);
1579 if (r < 0)
1580 /* FIXME: we need to do something here */
1581 goto fail;
1582
1583 *_pid = pid;
1584 return 0;
1585
1586 fail:
1587 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1588 return r;
1589 }
1590
1591 static int socket_chown(Socket *s, pid_t *_pid) {
1592 pid_t pid;
1593 int r;
1594
1595 r = socket_arm_timer(s);
1596 if (r < 0)
1597 goto fail;
1598
1599 /* We have to resolve the user names out-of-process, hence
1600 * let's fork here. It's messy, but well, what can we do? */
1601
1602 pid = fork();
1603 if (pid < 0)
1604 return -errno;
1605
1606 if (pid == 0) {
1607 SocketPort *p;
1608 uid_t uid = UID_INVALID;
1609 gid_t gid = GID_INVALID;
1610 int ret;
1611
1612 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1613 (void) ignore_signals(SIGPIPE, -1);
1614 log_forget_fds();
1615
1616 if (!isempty(s->user)) {
1617 const char *user = s->user;
1618
1619 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1620 if (r < 0) {
1621 ret = EXIT_USER;
1622 goto fail_child;
1623 }
1624 }
1625
1626 if (!isempty(s->group)) {
1627 const char *group = s->group;
1628
1629 r = get_group_creds(&group, &gid);
1630 if (r < 0) {
1631 ret = EXIT_GROUP;
1632 goto fail_child;
1633 }
1634 }
1635
1636 LIST_FOREACH(port, p, s->ports) {
1637 const char *path = NULL;
1638
1639 if (p->type == SOCKET_SOCKET)
1640 path = socket_address_get_path(&p->address);
1641 else if (p->type == SOCKET_FIFO)
1642 path = p->path;
1643
1644 if (!path)
1645 continue;
1646
1647 if (chown(path, uid, gid) < 0) {
1648 r = -errno;
1649 ret = EXIT_CHOWN;
1650 goto fail_child;
1651 }
1652 }
1653
1654 _exit(0);
1655
1656 fail_child:
1657 log_open();
1658 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1659
1660 _exit(ret);
1661 }
1662
1663 r = unit_watch_pid(UNIT(s), pid);
1664 if (r < 0)
1665 goto fail;
1666
1667 *_pid = pid;
1668 return 0;
1669
1670 fail:
1671 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1672 return r;
1673 }
1674
1675 static void socket_enter_dead(Socket *s, SocketResult f) {
1676 assert(s);
1677
1678 if (f != SOCKET_SUCCESS)
1679 s->result = f;
1680
1681 exec_runtime_destroy(s->exec_runtime);
1682 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1683
1684 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1685
1686 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1687 }
1688
1689 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1690
1691 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1692 int r;
1693 assert(s);
1694
1695 if (f != SOCKET_SUCCESS)
1696 s->result = f;
1697
1698 socket_unwatch_control_pid(s);
1699 s->control_command_id = SOCKET_EXEC_STOP_POST;
1700 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1701
1702 if (s->control_command) {
1703 r = socket_spawn(s, s->control_command, &s->control_pid);
1704 if (r < 0)
1705 goto fail;
1706
1707 socket_set_state(s, SOCKET_STOP_POST);
1708 } else
1709 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1710
1711 return;
1712
1713 fail:
1714 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
1715 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1716 }
1717
1718 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1719 int r;
1720
1721 assert(s);
1722
1723 if (f != SOCKET_SUCCESS)
1724 s->result = f;
1725
1726 r = unit_kill_context(
1727 UNIT(s),
1728 &s->kill_context,
1729 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1730 KILL_KILL : KILL_TERMINATE,
1731 -1,
1732 s->control_pid,
1733 false);
1734 if (r < 0)
1735 goto fail;
1736
1737 if (r > 0) {
1738 r = socket_arm_timer(s);
1739 if (r < 0)
1740 goto fail;
1741
1742 socket_set_state(s, state);
1743 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1744 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1745 else if (state == SOCKET_STOP_PRE_SIGKILL)
1746 socket_enter_stop_post(s, SOCKET_SUCCESS);
1747 else if (state == SOCKET_FINAL_SIGTERM)
1748 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1749 else
1750 socket_enter_dead(s, SOCKET_SUCCESS);
1751
1752 return;
1753
1754 fail:
1755 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
1756
1757 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1758 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1759 else
1760 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1761 }
1762
1763 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1764 int r;
1765 assert(s);
1766
1767 if (f != SOCKET_SUCCESS)
1768 s->result = f;
1769
1770 socket_unwatch_control_pid(s);
1771 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1772 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1773
1774 if (s->control_command) {
1775 r = socket_spawn(s, s->control_command, &s->control_pid);
1776 if (r < 0)
1777 goto fail;
1778
1779 socket_set_state(s, SOCKET_STOP_PRE);
1780 } else
1781 socket_enter_stop_post(s, SOCKET_SUCCESS);
1782
1783 return;
1784
1785 fail:
1786 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
1787 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1788 }
1789
1790 static void socket_enter_listening(Socket *s) {
1791 int r;
1792 assert(s);
1793
1794 r = socket_watch_fds(s);
1795 if (r < 0) {
1796 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1797 goto fail;
1798 }
1799
1800 socket_set_state(s, SOCKET_LISTENING);
1801 return;
1802
1803 fail:
1804 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1805 }
1806
1807 static void socket_enter_start_post(Socket *s) {
1808 int r;
1809 assert(s);
1810
1811 socket_unwatch_control_pid(s);
1812 s->control_command_id = SOCKET_EXEC_START_POST;
1813 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1814
1815 if (s->control_command) {
1816 r = socket_spawn(s, s->control_command, &s->control_pid);
1817 if (r < 0) {
1818 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
1819 goto fail;
1820 }
1821
1822 socket_set_state(s, SOCKET_START_POST);
1823 } else
1824 socket_enter_listening(s);
1825
1826 return;
1827
1828 fail:
1829 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1830 }
1831
1832 static void socket_enter_start_chown(Socket *s) {
1833 int r;
1834
1835 assert(s);
1836
1837 r = socket_open_fds(s);
1838 if (r < 0) {
1839 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1840 goto fail;
1841 }
1842
1843 if (!isempty(s->user) || !isempty(s->group)) {
1844
1845 socket_unwatch_control_pid(s);
1846 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1847 s->control_command = NULL;
1848
1849 r = socket_chown(s, &s->control_pid);
1850 if (r < 0) {
1851 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
1852 goto fail;
1853 }
1854
1855 socket_set_state(s, SOCKET_START_CHOWN);
1856 } else
1857 socket_enter_start_post(s);
1858
1859 return;
1860
1861 fail:
1862 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1863 }
1864
1865 static void socket_enter_start_pre(Socket *s) {
1866 int r;
1867 assert(s);
1868
1869 socket_unwatch_control_pid(s);
1870 s->control_command_id = SOCKET_EXEC_START_PRE;
1871 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1872
1873 if (s->control_command) {
1874 r = socket_spawn(s, s->control_command, &s->control_pid);
1875 if (r < 0) {
1876 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
1877 goto fail;
1878 }
1879
1880 socket_set_state(s, SOCKET_START_PRE);
1881 } else
1882 socket_enter_start_chown(s);
1883
1884 return;
1885
1886 fail:
1887 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1888 }
1889
1890 static void socket_enter_running(Socket *s, int cfd) {
1891 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
1892 int r;
1893
1894 assert(s);
1895
1896 /* We don't take connections anymore if we are supposed to
1897 * shut down anyway */
1898 if (unit_stop_pending(UNIT(s))) {
1899
1900 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
1901
1902 if (cfd >= 0)
1903 safe_close(cfd);
1904 else {
1905 /* Flush all sockets by closing and reopening them */
1906 socket_close_fds(s);
1907
1908 r = socket_open_fds(s);
1909 if (r < 0) {
1910 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1911 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1912 return;
1913 }
1914
1915 r = socket_watch_fds(s);
1916 if (r < 0) {
1917 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1918 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1919 }
1920 }
1921
1922 return;
1923 }
1924
1925 if (cfd < 0) {
1926 Iterator i;
1927 Unit *other;
1928 bool pending = false;
1929
1930 /* If there's already a start pending don't bother to
1931 * do anything */
1932 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1933 if (unit_active_or_pending(other)) {
1934 pending = true;
1935 break;
1936 }
1937
1938 if (!pending) {
1939 if (!UNIT_ISSET(s->service)) {
1940 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
1941 r = -ENOENT;
1942 goto fail;
1943 }
1944
1945 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, &error, NULL);
1946 if (r < 0)
1947 goto fail;
1948 }
1949
1950 socket_set_state(s, SOCKET_RUNNING);
1951 } else {
1952 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1953 Service *service;
1954
1955 if (s->n_connections >= s->max_connections) {
1956 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
1957 safe_close(cfd);
1958 return;
1959 }
1960
1961 r = socket_instantiate_service(s);
1962 if (r < 0)
1963 goto fail;
1964
1965 r = instance_from_socket(cfd, s->n_accepted, &instance);
1966 if (r < 0) {
1967 if (r != -ENOTCONN)
1968 goto fail;
1969
1970 /* ENOTCONN is legitimate if TCP RST was received.
1971 * This connection is over, but the socket unit lives on. */
1972 safe_close(cfd);
1973 return;
1974 }
1975
1976 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1977 if (r < 0)
1978 goto fail;
1979
1980 r = unit_name_build(prefix, instance, ".service", &name);
1981 if (r < 0)
1982 goto fail;
1983
1984 r = unit_add_name(UNIT_DEREF(s->service), name);
1985 if (r < 0)
1986 goto fail;
1987
1988 service = SERVICE(UNIT_DEREF(s->service));
1989 unit_ref_unset(&s->service);
1990 s->n_accepted ++;
1991
1992 UNIT(service)->no_gc = false;
1993
1994 unit_choose_id(UNIT(service), name);
1995
1996 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1997 if (r < 0)
1998 goto fail;
1999
2000 cfd = -1;
2001 s->n_connections ++;
2002
2003 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, &error, NULL);
2004 if (r < 0)
2005 goto fail;
2006
2007 /* Notify clients about changed counters */
2008 unit_add_to_dbus_queue(UNIT(s));
2009 }
2010
2011 return;
2012
2013 fail:
2014 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
2015 cfd >= 0 ? "template" : "non-template",
2016 bus_error_message(&error, r));
2017
2018 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2019 safe_close(cfd);
2020 }
2021
2022 static void socket_run_next(Socket *s) {
2023 int r;
2024
2025 assert(s);
2026 assert(s->control_command);
2027 assert(s->control_command->command_next);
2028
2029 socket_unwatch_control_pid(s);
2030
2031 s->control_command = s->control_command->command_next;
2032
2033 r = socket_spawn(s, s->control_command, &s->control_pid);
2034 if (r < 0)
2035 goto fail;
2036
2037 return;
2038
2039 fail:
2040 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
2041
2042 if (s->state == SOCKET_START_POST)
2043 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2044 else if (s->state == SOCKET_STOP_POST)
2045 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
2046 else
2047 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
2048 }
2049
2050 static int socket_start(Unit *u) {
2051 Socket *s = SOCKET(u);
2052
2053 assert(s);
2054
2055 /* We cannot fulfill this request right now, try again later
2056 * please! */
2057 if (IN_SET(s->state,
2058 SOCKET_STOP_PRE,
2059 SOCKET_STOP_PRE_SIGKILL,
2060 SOCKET_STOP_PRE_SIGTERM,
2061 SOCKET_STOP_POST,
2062 SOCKET_FINAL_SIGTERM,
2063 SOCKET_FINAL_SIGKILL))
2064 return -EAGAIN;
2065
2066 /* Already on it! */
2067 if (IN_SET(s->state,
2068 SOCKET_START_PRE,
2069 SOCKET_START_CHOWN,
2070 SOCKET_START_POST))
2071 return 0;
2072
2073 /* Cannot run this without the service being around */
2074 if (UNIT_ISSET(s->service)) {
2075 Service *service;
2076
2077 service = SERVICE(UNIT_DEREF(s->service));
2078
2079 if (UNIT(service)->load_state != UNIT_LOADED) {
2080 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
2081 return -ENOENT;
2082 }
2083
2084 /* If the service is already active we cannot start the
2085 * socket */
2086 if (service->state != SERVICE_DEAD &&
2087 service->state != SERVICE_FAILED &&
2088 service->state != SERVICE_AUTO_RESTART) {
2089 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
2090 return -EBUSY;
2091 }
2092 }
2093
2094 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
2095
2096 s->result = SOCKET_SUCCESS;
2097 s->reset_cpu_usage = true;
2098
2099 socket_enter_start_pre(s);
2100
2101 return 1;
2102 }
2103
2104 static int socket_stop(Unit *u) {
2105 Socket *s = SOCKET(u);
2106
2107 assert(s);
2108
2109 /* Already on it */
2110 if (IN_SET(s->state,
2111 SOCKET_STOP_PRE,
2112 SOCKET_STOP_PRE_SIGTERM,
2113 SOCKET_STOP_PRE_SIGKILL,
2114 SOCKET_STOP_POST,
2115 SOCKET_FINAL_SIGTERM,
2116 SOCKET_FINAL_SIGKILL))
2117 return 0;
2118
2119 /* If there's already something running we go directly into
2120 * kill mode. */
2121 if (IN_SET(s->state,
2122 SOCKET_START_PRE,
2123 SOCKET_START_CHOWN,
2124 SOCKET_START_POST)) {
2125 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
2126 return -EAGAIN;
2127 }
2128
2129 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
2130
2131 socket_enter_stop_pre(s, SOCKET_SUCCESS);
2132 return 1;
2133 }
2134
2135 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2136 Socket *s = SOCKET(u);
2137 SocketPort *p;
2138 int r;
2139
2140 assert(u);
2141 assert(f);
2142 assert(fds);
2143
2144 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2145 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2146 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2147
2148 if (s->control_pid > 0)
2149 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2150
2151 if (s->control_command_id >= 0)
2152 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2153
2154 LIST_FOREACH(port, p, s->ports) {
2155 int copy;
2156
2157 if (p->fd < 0)
2158 continue;
2159
2160 copy = fdset_put_dup(fds, p->fd);
2161 if (copy < 0)
2162 return copy;
2163
2164 if (p->type == SOCKET_SOCKET) {
2165 _cleanup_free_ char *t = NULL;
2166
2167 r = socket_address_print(&p->address, &t);
2168 if (r < 0)
2169 return r;
2170
2171 if (socket_address_family(&p->address) == AF_NETLINK)
2172 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2173 else
2174 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2175
2176 } else if (p->type == SOCKET_SPECIAL)
2177 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2178 else if (p->type == SOCKET_MQUEUE)
2179 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2180 else if (p->type == SOCKET_USB_FUNCTION)
2181 unit_serialize_item_format(u, f, "ffs", "%i %s", copy, p->path);
2182 else {
2183 assert(p->type == SOCKET_FIFO);
2184 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2185 }
2186 }
2187
2188 return 0;
2189 }
2190
2191 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2192 Socket *s = SOCKET(u);
2193
2194 assert(u);
2195 assert(key);
2196 assert(value);
2197
2198 if (streq(key, "state")) {
2199 SocketState state;
2200
2201 state = socket_state_from_string(value);
2202 if (state < 0)
2203 log_unit_debug(u, "Failed to parse state value: %s", value);
2204 else
2205 s->deserialized_state = state;
2206 } else if (streq(key, "result")) {
2207 SocketResult f;
2208
2209 f = socket_result_from_string(value);
2210 if (f < 0)
2211 log_unit_debug(u, "Failed to parse result value: %s", value);
2212 else if (f != SOCKET_SUCCESS)
2213 s->result = f;
2214
2215 } else if (streq(key, "n-accepted")) {
2216 unsigned k;
2217
2218 if (safe_atou(value, &k) < 0)
2219 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
2220 else
2221 s->n_accepted += k;
2222 } else if (streq(key, "control-pid")) {
2223 pid_t pid;
2224
2225 if (parse_pid(value, &pid) < 0)
2226 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
2227 else
2228 s->control_pid = pid;
2229 } else if (streq(key, "control-command")) {
2230 SocketExecCommand id;
2231
2232 id = socket_exec_command_from_string(value);
2233 if (id < 0)
2234 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
2235 else {
2236 s->control_command_id = id;
2237 s->control_command = s->exec_command[id];
2238 }
2239 } else if (streq(key, "fifo")) {
2240 int fd, skip = 0;
2241 SocketPort *p;
2242
2243 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2244 log_unit_debug(u, "Failed to parse fifo value: %s", value);
2245 else {
2246
2247 LIST_FOREACH(port, p, s->ports)
2248 if (p->type == SOCKET_FIFO &&
2249 path_equal_or_files_same(p->path, value+skip))
2250 break;
2251
2252 if (p) {
2253 safe_close(p->fd);
2254 p->fd = fdset_remove(fds, fd);
2255 }
2256 }
2257
2258 } else if (streq(key, "special")) {
2259 int fd, skip = 0;
2260 SocketPort *p;
2261
2262 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2263 log_unit_debug(u, "Failed to parse special value: %s", value);
2264 else {
2265
2266 LIST_FOREACH(port, p, s->ports)
2267 if (p->type == SOCKET_SPECIAL &&
2268 path_equal_or_files_same(p->path, value+skip))
2269 break;
2270
2271 if (p) {
2272 safe_close(p->fd);
2273 p->fd = fdset_remove(fds, fd);
2274 }
2275 }
2276
2277 } else if (streq(key, "mqueue")) {
2278 int fd, skip = 0;
2279 SocketPort *p;
2280
2281 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2282 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
2283 else {
2284
2285 LIST_FOREACH(port, p, s->ports)
2286 if (p->type == SOCKET_MQUEUE &&
2287 streq(p->path, value+skip))
2288 break;
2289
2290 if (p) {
2291 safe_close(p->fd);
2292 p->fd = fdset_remove(fds, fd);
2293 }
2294 }
2295
2296 } else if (streq(key, "socket")) {
2297 int fd, type, skip = 0;
2298 SocketPort *p;
2299
2300 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2301 log_unit_debug(u, "Failed to parse socket value: %s", value);
2302 else {
2303
2304 LIST_FOREACH(port, p, s->ports)
2305 if (socket_address_is(&p->address, value+skip, type))
2306 break;
2307
2308 if (p) {
2309 safe_close(p->fd);
2310 p->fd = fdset_remove(fds, fd);
2311 }
2312 }
2313
2314 } else if (streq(key, "netlink")) {
2315 int fd, skip = 0;
2316 SocketPort *p;
2317
2318 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2319 log_unit_debug(u, "Failed to parse socket value: %s", value);
2320 else {
2321
2322 LIST_FOREACH(port, p, s->ports)
2323 if (socket_address_is_netlink(&p->address, value+skip))
2324 break;
2325
2326 if (p) {
2327 safe_close(p->fd);
2328 p->fd = fdset_remove(fds, fd);
2329 }
2330 }
2331
2332 } else if (streq(key, "ffs")) {
2333 int fd, skip = 0;
2334 SocketPort *p;
2335
2336 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2337 log_unit_debug(u, "Failed to parse ffs value: %s", value);
2338 else {
2339
2340 LIST_FOREACH(port, p, s->ports)
2341 if (p->type == SOCKET_USB_FUNCTION &&
2342 path_equal_or_files_same(p->path, value+skip))
2343 break;
2344
2345 if (p) {
2346 safe_close(p->fd);
2347 p->fd = fdset_remove(fds, fd);
2348 }
2349 }
2350
2351 } else
2352 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
2353
2354 return 0;
2355 }
2356
2357 static void socket_distribute_fds(Unit *u, FDSet *fds) {
2358 Socket *s = SOCKET(u);
2359 SocketPort *p;
2360
2361 assert(u);
2362
2363 LIST_FOREACH(port, p, s->ports) {
2364 Iterator i;
2365 int fd;
2366
2367 if (p->type != SOCKET_SOCKET)
2368 continue;
2369
2370 if (p->fd >= 0)
2371 continue;
2372
2373 FDSET_FOREACH(fd, fds, i) {
2374 if (socket_address_matches_fd(&p->address, fd)) {
2375 p->fd = fdset_remove(fds, fd);
2376 s->deserialized_state = SOCKET_LISTENING;
2377 break;
2378 }
2379 }
2380 }
2381 }
2382
2383 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2384 assert(u);
2385
2386 return state_translation_table[SOCKET(u)->state];
2387 }
2388
2389 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2390 assert(u);
2391
2392 return socket_state_to_string(SOCKET(u)->state);
2393 }
2394
2395 const char* socket_port_type_to_string(SocketPort *p) {
2396
2397 assert(p);
2398
2399 switch (p->type) {
2400
2401 case SOCKET_SOCKET:
2402
2403 switch (p->address.type) {
2404
2405 case SOCK_STREAM:
2406 return "Stream";
2407
2408 case SOCK_DGRAM:
2409 return "Datagram";
2410
2411 case SOCK_SEQPACKET:
2412 return "SequentialPacket";
2413
2414 case SOCK_RAW:
2415 if (socket_address_family(&p->address) == AF_NETLINK)
2416 return "Netlink";
2417
2418 default:
2419 return NULL;
2420 }
2421
2422 case SOCKET_SPECIAL:
2423 return "Special";
2424
2425 case SOCKET_MQUEUE:
2426 return "MessageQueue";
2427
2428 case SOCKET_FIFO:
2429 return "FIFO";
2430
2431 case SOCKET_USB_FUNCTION:
2432 return "USBFunction";
2433
2434 default:
2435 return NULL;
2436 }
2437 }
2438
2439 _pure_ static bool socket_check_gc(Unit *u) {
2440 Socket *s = SOCKET(u);
2441
2442 assert(u);
2443
2444 return s->n_connections > 0;
2445 }
2446
2447 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2448 SocketPort *p = userdata;
2449 int cfd = -1;
2450
2451 assert(p);
2452 assert(fd >= 0);
2453
2454 if (p->socket->state != SOCKET_LISTENING)
2455 return 0;
2456
2457 log_unit_debug(UNIT(p->socket), "Incoming traffic");
2458
2459 if (revents != EPOLLIN) {
2460
2461 if (revents & EPOLLHUP)
2462 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2463 else
2464 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
2465 goto fail;
2466 }
2467
2468 if (p->socket->accept &&
2469 p->type == SOCKET_SOCKET &&
2470 socket_address_can_accept(&p->address)) {
2471
2472 for (;;) {
2473
2474 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2475 if (cfd < 0) {
2476
2477 if (errno == EINTR)
2478 continue;
2479
2480 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
2481 goto fail;
2482 }
2483
2484 break;
2485 }
2486
2487 socket_apply_socket_options(p->socket, cfd);
2488 }
2489
2490 socket_enter_running(p->socket, cfd);
2491 return 0;
2492
2493 fail:
2494 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2495 return 0;
2496 }
2497
2498 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2499 Socket *s = SOCKET(u);
2500 SocketResult f;
2501
2502 assert(s);
2503 assert(pid >= 0);
2504
2505 if (pid != s->control_pid)
2506 return;
2507
2508 s->control_pid = 0;
2509
2510 if (is_clean_exit(code, status, NULL))
2511 f = SOCKET_SUCCESS;
2512 else if (code == CLD_EXITED)
2513 f = SOCKET_FAILURE_EXIT_CODE;
2514 else if (code == CLD_KILLED)
2515 f = SOCKET_FAILURE_SIGNAL;
2516 else if (code == CLD_DUMPED)
2517 f = SOCKET_FAILURE_CORE_DUMP;
2518 else
2519 assert_not_reached("Unknown sigchld code");
2520
2521 if (s->control_command) {
2522 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2523
2524 if (s->control_command->ignore)
2525 f = SOCKET_SUCCESS;
2526 }
2527
2528 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2529 "Control process exited, code=%s status=%i",
2530 sigchld_code_to_string(code), status);
2531
2532 if (f != SOCKET_SUCCESS)
2533 s->result = f;
2534
2535 if (s->control_command &&
2536 s->control_command->command_next &&
2537 f == SOCKET_SUCCESS) {
2538
2539 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
2540 socket_run_next(s);
2541 } else {
2542 s->control_command = NULL;
2543 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2544
2545 /* No further commands for this step, so let's figure
2546 * out what to do next */
2547
2548 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
2549
2550 switch (s->state) {
2551
2552 case SOCKET_START_PRE:
2553 if (f == SOCKET_SUCCESS)
2554 socket_enter_start_chown(s);
2555 else
2556 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2557 break;
2558
2559 case SOCKET_START_CHOWN:
2560 if (f == SOCKET_SUCCESS)
2561 socket_enter_start_post(s);
2562 else
2563 socket_enter_stop_pre(s, f);
2564 break;
2565
2566 case SOCKET_START_POST:
2567 if (f == SOCKET_SUCCESS)
2568 socket_enter_listening(s);
2569 else
2570 socket_enter_stop_pre(s, f);
2571 break;
2572
2573 case SOCKET_STOP_PRE:
2574 case SOCKET_STOP_PRE_SIGTERM:
2575 case SOCKET_STOP_PRE_SIGKILL:
2576 socket_enter_stop_post(s, f);
2577 break;
2578
2579 case SOCKET_STOP_POST:
2580 case SOCKET_FINAL_SIGTERM:
2581 case SOCKET_FINAL_SIGKILL:
2582 socket_enter_dead(s, f);
2583 break;
2584
2585 default:
2586 assert_not_reached("Uh, control process died at wrong time.");
2587 }
2588 }
2589
2590 /* Notify clients about changed exit status */
2591 unit_add_to_dbus_queue(u);
2592 }
2593
2594 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2595 Socket *s = SOCKET(userdata);
2596
2597 assert(s);
2598 assert(s->timer_event_source == source);
2599
2600 switch (s->state) {
2601
2602 case SOCKET_START_PRE:
2603 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
2604 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2605 break;
2606
2607 case SOCKET_START_CHOWN:
2608 case SOCKET_START_POST:
2609 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
2610 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2611 break;
2612
2613 case SOCKET_STOP_PRE:
2614 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
2615 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2616 break;
2617
2618 case SOCKET_STOP_PRE_SIGTERM:
2619 if (s->kill_context.send_sigkill) {
2620 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
2621 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2622 } else {
2623 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2624 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2625 }
2626 break;
2627
2628 case SOCKET_STOP_PRE_SIGKILL:
2629 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
2630 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2631 break;
2632
2633 case SOCKET_STOP_POST:
2634 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
2635 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2636 break;
2637
2638 case SOCKET_FINAL_SIGTERM:
2639 if (s->kill_context.send_sigkill) {
2640 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
2641 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2642 } else {
2643 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2644 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2645 }
2646 break;
2647
2648 case SOCKET_FINAL_SIGKILL:
2649 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
2650 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2651 break;
2652
2653 default:
2654 assert_not_reached("Timeout at wrong time.");
2655 }
2656
2657 return 0;
2658 }
2659
2660 int socket_collect_fds(Socket *s, int **fds) {
2661 int *rfds, k = 0, n = 0;
2662 SocketPort *p;
2663
2664 assert(s);
2665 assert(fds);
2666
2667 /* Called from the service code for requesting our fds */
2668
2669 LIST_FOREACH(port, p, s->ports) {
2670 if (p->fd >= 0)
2671 n++;
2672 n += p->n_auxiliary_fds;
2673 }
2674
2675 if (n <= 0) {
2676 *fds = NULL;
2677 return 0;
2678 }
2679
2680 rfds = new(int, n);
2681 if (!rfds)
2682 return -ENOMEM;
2683
2684 LIST_FOREACH(port, p, s->ports) {
2685 int i;
2686
2687 if (p->fd >= 0)
2688 rfds[k++] = p->fd;
2689 for (i = 0; i < p->n_auxiliary_fds; ++i)
2690 rfds[k++] = p->auxiliary_fds[i];
2691 }
2692
2693 assert(k == n);
2694
2695 *fds = rfds;
2696 return n;
2697 }
2698
2699 static void socket_reset_failed(Unit *u) {
2700 Socket *s = SOCKET(u);
2701
2702 assert(s);
2703
2704 if (s->state == SOCKET_FAILED)
2705 socket_set_state(s, SOCKET_DEAD);
2706
2707 s->result = SOCKET_SUCCESS;
2708 }
2709
2710 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2711 assert(s);
2712
2713 /* The service is dead. Dang!
2714 *
2715 * This is strictly for one-instance-for-all-connections
2716 * services. */
2717
2718 if (s->state == SOCKET_RUNNING) {
2719 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
2720 if (failed_permanent)
2721 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2722 else
2723 socket_enter_listening(s);
2724 }
2725 }
2726
2727 void socket_connection_unref(Socket *s) {
2728 assert(s);
2729
2730 /* The service is dead. Yay!
2731 *
2732 * This is strictly for one-instance-per-connection
2733 * services. */
2734
2735 assert(s->n_connections > 0);
2736 s->n_connections--;
2737
2738 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
2739 }
2740
2741 static void socket_trigger_notify(Unit *u, Unit *other) {
2742 Socket *s = SOCKET(u);
2743 Service *se;
2744
2745 assert(u);
2746 assert(other);
2747
2748 /* Don't propagate state changes from the service if we are
2749 already down or accepting connections */
2750 if ((s->state != SOCKET_RUNNING &&
2751 s->state != SOCKET_LISTENING) ||
2752 s->accept)
2753 return;
2754
2755 if (other->load_state != UNIT_LOADED ||
2756 other->type != UNIT_SERVICE)
2757 return;
2758
2759 se = SERVICE(other);
2760
2761 if (se->state == SERVICE_FAILED)
2762 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2763
2764 if (se->state == SERVICE_DEAD ||
2765 se->state == SERVICE_FINAL_SIGTERM ||
2766 se->state == SERVICE_FINAL_SIGKILL ||
2767 se->state == SERVICE_AUTO_RESTART)
2768 socket_notify_service_dead(s, false);
2769
2770 if (se->state == SERVICE_RUNNING)
2771 socket_set_state(s, SOCKET_RUNNING);
2772 }
2773
2774 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2775 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2776 }
2777
2778 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2779 Socket *s = SOCKET(u);
2780 int r;
2781
2782 if (!s->timer_event_source)
2783 return 0;
2784
2785 r = sd_event_source_get_time(s->timer_event_source, timeout);
2786 if (r < 0)
2787 return r;
2788
2789 return 1;
2790 }
2791
2792 char *socket_fdname(Socket *s) {
2793 assert(s);
2794
2795 /* Returns the name to use for $LISTEN_NAMES. If the user
2796 * didn't specify anything specifically, use the socket unit's
2797 * name as fallback. */
2798
2799 if (s->fdname)
2800 return s->fdname;
2801
2802 return UNIT(s)->id;
2803 }
2804
2805 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2806 [SOCKET_EXEC_START_PRE] = "StartPre",
2807 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2808 [SOCKET_EXEC_START_POST] = "StartPost",
2809 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2810 [SOCKET_EXEC_STOP_POST] = "StopPost"
2811 };
2812
2813 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2814
2815 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2816 [SOCKET_SUCCESS] = "success",
2817 [SOCKET_FAILURE_RESOURCES] = "resources",
2818 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2819 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2820 [SOCKET_FAILURE_SIGNAL] = "signal",
2821 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2822 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2823 };
2824
2825 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2826
2827 const UnitVTable socket_vtable = {
2828 .object_size = sizeof(Socket),
2829 .exec_context_offset = offsetof(Socket, exec_context),
2830 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2831 .kill_context_offset = offsetof(Socket, kill_context),
2832 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2833
2834 .sections =
2835 "Unit\0"
2836 "Socket\0"
2837 "Install\0",
2838 .private_section = "Socket",
2839
2840 .init = socket_init,
2841 .done = socket_done,
2842 .load = socket_load,
2843
2844 .coldplug = socket_coldplug,
2845
2846 .dump = socket_dump,
2847
2848 .start = socket_start,
2849 .stop = socket_stop,
2850
2851 .kill = socket_kill,
2852
2853 .get_timeout = socket_get_timeout,
2854
2855 .serialize = socket_serialize,
2856 .deserialize_item = socket_deserialize_item,
2857 .distribute_fds = socket_distribute_fds,
2858
2859 .active_state = socket_active_state,
2860 .sub_state_to_string = socket_sub_state_to_string,
2861
2862 .check_gc = socket_check_gc,
2863
2864 .sigchld_event = socket_sigchld_event,
2865
2866 .trigger_notify = socket_trigger_notify,
2867
2868 .reset_failed = socket_reset_failed,
2869
2870 .bus_vtable = bus_socket_vtable,
2871 .bus_set_property = bus_socket_set_property,
2872 .bus_commit_properties = bus_socket_commit_properties,
2873
2874 .status_message_formats = {
2875 /*.starting_stopping = {
2876 [0] = "Starting socket %s...",
2877 [1] = "Stopping socket %s...",
2878 },*/
2879 .finished_start_job = {
2880 [JOB_DONE] = "Listening on %s.",
2881 [JOB_FAILED] = "Failed to listen on %s.",
2882 [JOB_TIMEOUT] = "Timed out starting %s.",
2883 },
2884 .finished_stop_job = {
2885 [JOB_DONE] = "Closed %s.",
2886 [JOB_FAILED] = "Failed stopping %s.",
2887 [JOB_TIMEOUT] = "Timed out stopping %s.",
2888 },
2889 },
2890 };
Unnamed repository; edit this file 'description' to name the repository.