]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
treewide: auto-convert the simple cases to log_*_errno()
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/types.h>
23 #include <sys/stat.h>
24 #include <unistd.h>
25 #include <errno.h>
26 #include <fcntl.h>
27 #include <sys/epoll.h>
28 #include <signal.h>
29 #include <arpa/inet.h>
30 #include <netinet/tcp.h>
31 #include <mqueue.h>
32 #include <sys/xattr.h>
33
34 #include "sd-event.h"
35 #include "log.h"
36 #include "load-dropin.h"
37 #include "load-fragment.h"
38 #include "strv.h"
39 #include "mkdir.h"
40 #include "path-util.h"
41 #include "unit-name.h"
42 #include "unit-printf.h"
43 #include "missing.h"
44 #include "special.h"
45 #include "label.h"
46 #include "exit-status.h"
47 #include "def.h"
48 #include "smack-util.h"
49 #include "bus-util.h"
50 #include "bus-error.h"
51 #include "dbus-socket.h"
52 #include "unit.h"
53 #include "socket.h"
54
55 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
56 [SOCKET_DEAD] = UNIT_INACTIVE,
57 [SOCKET_START_PRE] = UNIT_ACTIVATING,
58 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
59 [SOCKET_START_POST] = UNIT_ACTIVATING,
60 [SOCKET_LISTENING] = UNIT_ACTIVE,
61 [SOCKET_RUNNING] = UNIT_ACTIVE,
62 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
66 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
67 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
68 [SOCKET_FAILED] = UNIT_FAILED
69 };
70
71 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
72 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
73
74 static void socket_init(Unit *u) {
75 Socket *s = SOCKET(u);
76
77 assert(u);
78 assert(u->load_state == UNIT_STUB);
79
80 s->backlog = SOMAXCONN;
81 s->timeout_usec = u->manager->default_timeout_start_usec;
82 s->directory_mode = 0755;
83 s->socket_mode = 0666;
84
85 s->max_connections = 64;
86
87 s->priority = -1;
88 s->ip_tos = -1;
89 s->ip_ttl = -1;
90 s->mark = -1;
91
92 s->exec_context.std_output = u->manager->default_std_output;
93 s->exec_context.std_error = u->manager->default_std_error;
94
95 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
96 }
97
98 static void socket_unwatch_control_pid(Socket *s) {
99 assert(s);
100
101 if (s->control_pid <= 0)
102 return;
103
104 unit_unwatch_pid(UNIT(s), s->control_pid);
105 s->control_pid = 0;
106 }
107
108 void socket_free_ports(Socket *s) {
109 SocketPort *p;
110
111 assert(s);
112
113 while ((p = s->ports)) {
114 LIST_REMOVE(port, s->ports, p);
115
116 sd_event_source_unref(p->event_source);
117
118 safe_close(p->fd);
119 free(p->path);
120 free(p);
121 }
122 }
123
124 static void socket_done(Unit *u) {
125 Socket *s = SOCKET(u);
126
127 assert(s);
128
129 socket_free_ports(s);
130
131 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
132 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
133 s->control_command = NULL;
134
135 socket_unwatch_control_pid(s);
136
137 unit_ref_unset(&s->service);
138
139 free(s->tcp_congestion);
140 s->tcp_congestion = NULL;
141
142 free(s->bind_to_device);
143 s->bind_to_device = NULL;
144
145 free(s->smack);
146 free(s->smack_ip_in);
147 free(s->smack_ip_out);
148
149 strv_free(s->symlinks);
150
151 free(s->user);
152 free(s->group);
153
154 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
155 }
156
157 static int socket_arm_timer(Socket *s) {
158 int r;
159
160 assert(s);
161
162 if (s->timeout_usec <= 0) {
163 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
164 return 0;
165 }
166
167 if (s->timer_event_source) {
168 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
169 if (r < 0)
170 return r;
171
172 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
173 }
174
175 return sd_event_add_time(
176 UNIT(s)->manager->event,
177 &s->timer_event_source,
178 CLOCK_MONOTONIC,
179 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
180 socket_dispatch_timer, s);
181 }
182
183 int socket_instantiate_service(Socket *s) {
184 _cleanup_free_ char *prefix = NULL, *name = NULL;
185 int r;
186 Unit *u;
187
188 assert(s);
189
190 /* This fills in s->service if it isn't filled in yet. For
191 * Accept=yes sockets we create the next connection service
192 * here. For Accept=no this is mostly a NOP since the service
193 * is figured out at load time anyway. */
194
195 if (UNIT_DEREF(s->service) || !s->accept)
196 return 0;
197
198 prefix = unit_name_to_prefix(UNIT(s)->id);
199 if (!prefix)
200 return -ENOMEM;
201
202 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
203 return -ENOMEM;
204
205 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
206 if (r < 0)
207 return r;
208
209 u->no_gc = true;
210 unit_ref_set(&s->service, u);
211
212 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
213 }
214
215 static bool have_non_accept_socket(Socket *s) {
216 SocketPort *p;
217
218 assert(s);
219
220 if (!s->accept)
221 return true;
222
223 LIST_FOREACH(port, p, s->ports) {
224
225 if (p->type != SOCKET_SOCKET)
226 return true;
227
228 if (!socket_address_can_accept(&p->address))
229 return true;
230 }
231
232 return false;
233 }
234
235 static int socket_add_mount_links(Socket *s) {
236 SocketPort *p;
237 int r;
238
239 assert(s);
240
241 LIST_FOREACH(port, p, s->ports) {
242 const char *path = NULL;
243
244 if (p->type == SOCKET_SOCKET)
245 path = socket_address_get_path(&p->address);
246 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
247 path = p->path;
248
249 if (!path)
250 continue;
251
252 r = unit_require_mounts_for(UNIT(s), path);
253 if (r < 0)
254 return r;
255 }
256
257 return 0;
258 }
259
260 static int socket_add_device_link(Socket *s) {
261 char *t;
262
263 assert(s);
264
265 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
266 return 0;
267
268 t = strappenda("/sys/subsystem/net/devices/", s->bind_to_device);
269 return unit_add_node_link(UNIT(s), t, false);
270 }
271
272 static int socket_add_default_dependencies(Socket *s) {
273 int r;
274 assert(s);
275
276 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
277 if (r < 0)
278 return r;
279
280 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
281 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
282 if (r < 0)
283 return r;
284 }
285
286 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
287 }
288
289 _pure_ static bool socket_has_exec(Socket *s) {
290 unsigned i;
291 assert(s);
292
293 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
294 if (s->exec_command[i])
295 return true;
296
297 return false;
298 }
299
300 static int socket_add_extras(Socket *s) {
301 Unit *u = UNIT(s);
302 int r;
303
304 assert(s);
305
306 if (have_non_accept_socket(s)) {
307
308 if (!UNIT_DEREF(s->service)) {
309 Unit *x;
310
311 r = unit_load_related_unit(u, ".service", &x);
312 if (r < 0)
313 return r;
314
315 unit_ref_set(&s->service, x);
316 }
317
318 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
319 if (r < 0)
320 return r;
321 }
322
323 r = socket_add_mount_links(s);
324 if (r < 0)
325 return r;
326
327 r = socket_add_device_link(s);
328 if (r < 0)
329 return r;
330
331 r = unit_patch_contexts(u);
332 if (r < 0)
333 return r;
334
335 if (socket_has_exec(s)) {
336 r = unit_add_exec_dependencies(u, &s->exec_context);
337 if (r < 0)
338 return r;
339
340 r = unit_add_default_slice(u, &s->cgroup_context);
341 if (r < 0)
342 return r;
343 }
344
345 if (u->default_dependencies) {
346 r = socket_add_default_dependencies(s);
347 if (r < 0)
348 return r;
349 }
350
351 return 0;
352 }
353
354 static const char *socket_find_symlink_target(Socket *s) {
355 const char *found = NULL;
356 SocketPort *p;
357
358 LIST_FOREACH(port, p, s->ports) {
359 const char *f = NULL;
360
361 switch (p->type) {
362
363 case SOCKET_FIFO:
364 f = p->path;
365 break;
366
367 case SOCKET_SOCKET:
368 if (p->address.sockaddr.un.sun_path[0] != 0)
369 f = p->address.sockaddr.un.sun_path;
370 break;
371
372 default:
373 break;
374 }
375
376 if (f) {
377 if (found)
378 return NULL;
379
380 found = f;
381 }
382 }
383
384 return found;
385 }
386
387 static int socket_verify(Socket *s) {
388 assert(s);
389
390 if (UNIT(s)->load_state != UNIT_LOADED)
391 return 0;
392
393 if (!s->ports) {
394 log_unit_error(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
395 return -EINVAL;
396 }
397
398 if (s->accept && have_non_accept_socket(s)) {
399 log_unit_error(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
400 UNIT(s)->id);
401 return -EINVAL;
402 }
403
404 if (s->accept && s->max_connections <= 0) {
405 log_unit_error(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
406 return -EINVAL;
407 }
408
409 if (s->accept && UNIT_DEREF(s->service)) {
410 log_unit_error(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
411 return -EINVAL;
412 }
413
414 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
415 log_unit_error(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
416 return -EINVAL;
417 }
418
419 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
420 log_unit_error(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
421 return -EINVAL;
422 }
423
424 return 0;
425 }
426
427 static int socket_load(Unit *u) {
428 Socket *s = SOCKET(u);
429 int r;
430
431 assert(u);
432 assert(u->load_state == UNIT_STUB);
433
434 r = unit_load_fragment_and_dropin(u);
435 if (r < 0)
436 return r;
437
438 if (u->load_state == UNIT_LOADED) {
439 /* This is a new unit? Then let's add in some extras */
440 r = socket_add_extras(s);
441 if (r < 0)
442 return r;
443 }
444
445 return socket_verify(s);
446 }
447
448 _const_ static const char* listen_lookup(int family, int type) {
449
450 if (family == AF_NETLINK)
451 return "ListenNetlink";
452
453 if (type == SOCK_STREAM)
454 return "ListenStream";
455 else if (type == SOCK_DGRAM)
456 return "ListenDatagram";
457 else if (type == SOCK_SEQPACKET)
458 return "ListenSequentialPacket";
459
460 assert_not_reached("Unknown socket type");
461 return NULL;
462 }
463
464 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
465 char time_string[FORMAT_TIMESPAN_MAX];
466 SocketExecCommand c;
467 Socket *s = SOCKET(u);
468 SocketPort *p;
469 const char *prefix2;
470
471 assert(s);
472 assert(f);
473
474 prefix = strempty(prefix);
475 prefix2 = strappenda(prefix, "\t");
476
477 fprintf(f,
478 "%sSocket State: %s\n"
479 "%sResult: %s\n"
480 "%sBindIPv6Only: %s\n"
481 "%sBacklog: %u\n"
482 "%sSocketMode: %04o\n"
483 "%sDirectoryMode: %04o\n"
484 "%sKeepAlive: %s\n"
485 "%sNoDelay: %s\n"
486 "%sFreeBind: %s\n"
487 "%sTransparent: %s\n"
488 "%sBroadcast: %s\n"
489 "%sPassCredentials: %s\n"
490 "%sPassSecurity: %s\n"
491 "%sTCPCongestion: %s\n"
492 "%sRemoveOnStop: %s\n"
493 "%sSELinuxContextFromNet: %s\n",
494 prefix, socket_state_to_string(s->state),
495 prefix, socket_result_to_string(s->result),
496 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
497 prefix, s->backlog,
498 prefix, s->socket_mode,
499 prefix, s->directory_mode,
500 prefix, yes_no(s->keep_alive),
501 prefix, yes_no(s->no_delay),
502 prefix, yes_no(s->free_bind),
503 prefix, yes_no(s->transparent),
504 prefix, yes_no(s->broadcast),
505 prefix, yes_no(s->pass_cred),
506 prefix, yes_no(s->pass_sec),
507 prefix, strna(s->tcp_congestion),
508 prefix, yes_no(s->remove_on_stop),
509 prefix, yes_no(s->selinux_context_from_net));
510
511 if (s->control_pid > 0)
512 fprintf(f,
513 "%sControl PID: "PID_FMT"\n",
514 prefix, s->control_pid);
515
516 if (s->bind_to_device)
517 fprintf(f,
518 "%sBindToDevice: %s\n",
519 prefix, s->bind_to_device);
520
521 if (s->accept)
522 fprintf(f,
523 "%sAccepted: %u\n"
524 "%sNConnections: %u\n"
525 "%sMaxConnections: %u\n",
526 prefix, s->n_accepted,
527 prefix, s->n_connections,
528 prefix, s->max_connections);
529
530 if (s->priority >= 0)
531 fprintf(f,
532 "%sPriority: %i\n",
533 prefix, s->priority);
534
535 if (s->receive_buffer > 0)
536 fprintf(f,
537 "%sReceiveBuffer: %zu\n",
538 prefix, s->receive_buffer);
539
540 if (s->send_buffer > 0)
541 fprintf(f,
542 "%sSendBuffer: %zu\n",
543 prefix, s->send_buffer);
544
545 if (s->ip_tos >= 0)
546 fprintf(f,
547 "%sIPTOS: %i\n",
548 prefix, s->ip_tos);
549
550 if (s->ip_ttl >= 0)
551 fprintf(f,
552 "%sIPTTL: %i\n",
553 prefix, s->ip_ttl);
554
555 if (s->pipe_size > 0)
556 fprintf(f,
557 "%sPipeSize: %zu\n",
558 prefix, s->pipe_size);
559
560 if (s->mark >= 0)
561 fprintf(f,
562 "%sMark: %i\n",
563 prefix, s->mark);
564
565 if (s->mq_maxmsg > 0)
566 fprintf(f,
567 "%sMessageQueueMaxMessages: %li\n",
568 prefix, s->mq_maxmsg);
569
570 if (s->mq_msgsize > 0)
571 fprintf(f,
572 "%sMessageQueueMessageSize: %li\n",
573 prefix, s->mq_msgsize);
574
575 if (s->reuse_port)
576 fprintf(f,
577 "%sReusePort: %s\n",
578 prefix, yes_no(s->reuse_port));
579
580 if (s->smack)
581 fprintf(f,
582 "%sSmackLabel: %s\n",
583 prefix, s->smack);
584
585 if (s->smack_ip_in)
586 fprintf(f,
587 "%sSmackLabelIPIn: %s\n",
588 prefix, s->smack_ip_in);
589
590 if (s->smack_ip_out)
591 fprintf(f,
592 "%sSmackLabelIPOut: %s\n",
593 prefix, s->smack_ip_out);
594
595 if (!isempty(s->user) || !isempty(s->group))
596 fprintf(f,
597 "%sOwnerUser: %s\n"
598 "%sOwnerGroup: %s\n",
599 prefix, strna(s->user),
600 prefix, strna(s->group));
601
602 if (s->keep_alive_time > 0)
603 fprintf(f,
604 "%sKeepAliveTimeSec: %s\n",
605 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
606
607 if (s->keep_alive_interval)
608 fprintf(f,
609 "%sKeepAliveIntervalSec: %s\n",
610 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
611
612 if (s->keep_alive_cnt)
613 fprintf(f,
614 "%sKeepAliveProbes: %u\n",
615 prefix, s->keep_alive_cnt);
616
617 if (s->defer_accept)
618 fprintf(f,
619 "%sDeferAcceptSec: %s\n",
620 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
621
622 LIST_FOREACH(port, p, s->ports) {
623
624 if (p->type == SOCKET_SOCKET) {
625 const char *t;
626 int r;
627 char *k = NULL;
628
629 if ((r = socket_address_print(&p->address, &k)) < 0)
630 t = strerror(-r);
631 else
632 t = k;
633
634 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
635 free(k);
636 } else if (p->type == SOCKET_SPECIAL)
637 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
638 else if (p->type == SOCKET_MQUEUE)
639 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
640 else
641 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
642 }
643
644 exec_context_dump(&s->exec_context, f, prefix);
645 kill_context_dump(&s->kill_context, f, prefix);
646
647 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
648 if (!s->exec_command[c])
649 continue;
650
651 fprintf(f, "%s-> %s:\n",
652 prefix, socket_exec_command_to_string(c));
653
654 exec_command_dump_list(s->exec_command[c], f, prefix2);
655 }
656 }
657
658 static int instance_from_socket(int fd, unsigned nr, char **instance) {
659 socklen_t l;
660 char *r;
661 union sockaddr_union local, remote;
662
663 assert(fd >= 0);
664 assert(instance);
665
666 l = sizeof(local);
667 if (getsockname(fd, &local.sa, &l) < 0)
668 return -errno;
669
670 l = sizeof(remote);
671 if (getpeername(fd, &remote.sa, &l) < 0)
672 return -errno;
673
674 switch (local.sa.sa_family) {
675
676 case AF_INET: {
677 uint32_t
678 a = ntohl(local.in.sin_addr.s_addr),
679 b = ntohl(remote.in.sin_addr.s_addr);
680
681 if (asprintf(&r,
682 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
683 nr,
684 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
685 ntohs(local.in.sin_port),
686 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
687 ntohs(remote.in.sin_port)) < 0)
688 return -ENOMEM;
689
690 break;
691 }
692
693 case AF_INET6: {
694 static const unsigned char ipv4_prefix[] = {
695 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
696 };
697
698 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
699 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
700 const uint8_t
701 *a = local.in6.sin6_addr.s6_addr+12,
702 *b = remote.in6.sin6_addr.s6_addr+12;
703
704 if (asprintf(&r,
705 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
706 nr,
707 a[0], a[1], a[2], a[3],
708 ntohs(local.in6.sin6_port),
709 b[0], b[1], b[2], b[3],
710 ntohs(remote.in6.sin6_port)) < 0)
711 return -ENOMEM;
712 } else {
713 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
714
715 if (asprintf(&r,
716 "%u-%s:%u-%s:%u",
717 nr,
718 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
719 ntohs(local.in6.sin6_port),
720 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
721 ntohs(remote.in6.sin6_port)) < 0)
722 return -ENOMEM;
723 }
724
725 break;
726 }
727
728 case AF_UNIX: {
729 struct ucred ucred;
730 int k;
731
732 k = getpeercred(fd, &ucred);
733 if (k >= 0) {
734 if (asprintf(&r,
735 "%u-"PID_FMT"-"UID_FMT,
736 nr, ucred.pid, ucred.uid) < 0)
737 return -ENOMEM;
738 } else if (k == -ENODATA) {
739 /* This handles the case where somebody is
740 * connecting from another pid/uid namespace
741 * (e.g. from outside of our container). */
742 if (asprintf(&r,
743 "%u-unknown",
744 nr) < 0)
745 return -ENOMEM;
746 } else
747 return k;
748
749 break;
750 }
751
752 default:
753 assert_not_reached("Unhandled socket type.");
754 }
755
756 *instance = r;
757 return 0;
758 }
759
760 static void socket_close_fds(Socket *s) {
761 SocketPort *p;
762 char **i;
763
764 assert(s);
765
766 LIST_FOREACH(port, p, s->ports) {
767
768 p->event_source = sd_event_source_unref(p->event_source);
769
770 if (p->fd < 0)
771 continue;
772
773 p->fd = safe_close(p->fd);
774
775 /* One little note: we should normally not delete any
776 * sockets in the file system here! After all some
777 * other process we spawned might still have a
778 * reference of this fd and wants to continue to use
779 * it. Therefore we delete sockets in the file system
780 * before we create a new one, not after we stopped
781 * using one! */
782
783 if (s->remove_on_stop) {
784 switch (p->type) {
785
786 case SOCKET_FIFO:
787 unlink(p->path);
788 break;
789
790 case SOCKET_MQUEUE:
791 mq_unlink(p->path);
792 break;
793
794 case SOCKET_SOCKET:
795 socket_address_unlink(&p->address);
796 break;
797
798 default:
799 break;
800 }
801 }
802 }
803
804 if (s->remove_on_stop)
805 STRV_FOREACH(i, s->symlinks)
806 unlink(*i);
807 }
808
809 static void socket_apply_socket_options(Socket *s, int fd) {
810 int r;
811
812 assert(s);
813 assert(fd >= 0);
814
815 if (s->keep_alive) {
816 int b = s->keep_alive;
817 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
818 log_unit_warning(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
819 }
820
821 if (s->keep_alive_time) {
822 int value = s->keep_alive_time / USEC_PER_SEC;
823 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
824 log_unit_warning(UNIT(s)->id, "TCP_KEEPIDLE failed: %m");
825 }
826
827 if (s->keep_alive_interval) {
828 int value = s->keep_alive_interval / USEC_PER_SEC;
829 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
830 log_unit_warning(UNIT(s)->id, "TCP_KEEPINTVL failed: %m");
831 }
832
833 if (s->keep_alive_cnt) {
834 int value = s->keep_alive_cnt;
835 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
836 log_unit_warning(UNIT(s)->id, "TCP_KEEPCNT failed: %m");
837 }
838
839 if (s->defer_accept) {
840 int value = s->defer_accept / USEC_PER_SEC;
841 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
842 log_unit_warning(UNIT(s)->id, "TCP_DEFER_ACCEPT failed: %m");
843 }
844
845 if (s->no_delay) {
846 int b = s->no_delay;
847 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
848 log_unit_warning(UNIT(s)->id, "TCP_NODELAY failed: %m");
849 }
850
851 if (s->broadcast) {
852 int one = 1;
853 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
854 log_unit_warning(UNIT(s)->id, "SO_BROADCAST failed: %m");
855 }
856
857 if (s->pass_cred) {
858 int one = 1;
859 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
860 log_unit_warning(UNIT(s)->id, "SO_PASSCRED failed: %m");
861 }
862
863 if (s->pass_sec) {
864 int one = 1;
865 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
866 log_unit_warning(UNIT(s)->id, "SO_PASSSEC failed: %m");
867 }
868
869 if (s->priority >= 0)
870 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
871 log_unit_warning(UNIT(s)->id, "SO_PRIORITY failed: %m");
872
873 if (s->receive_buffer > 0) {
874 int value = (int) s->receive_buffer;
875
876 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
877
878 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
879 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
880 log_unit_warning(UNIT(s)->id, "SO_RCVBUF failed: %m");
881 }
882
883 if (s->send_buffer > 0) {
884 int value = (int) s->send_buffer;
885 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
886 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
887 log_unit_warning(UNIT(s)->id, "SO_SNDBUF failed: %m");
888 }
889
890 if (s->mark >= 0)
891 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
892 log_unit_warning(UNIT(s)->id, "SO_MARK failed: %m");
893
894 if (s->ip_tos >= 0)
895 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
896 log_unit_warning(UNIT(s)->id, "IP_TOS failed: %m");
897
898 if (s->ip_ttl >= 0) {
899 int x;
900
901 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
902
903 if (socket_ipv6_is_supported())
904 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
905 else {
906 x = -1;
907 errno = EAFNOSUPPORT;
908 }
909
910 if (r < 0 && x < 0)
911 log_unit_warning(UNIT(s)->id,
912 "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
913 }
914
915 if (s->tcp_congestion)
916 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
917 log_unit_warning(UNIT(s)->id, "TCP_CONGESTION failed: %m");
918
919 if (s->reuse_port) {
920 int b = s->reuse_port;
921 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
922 log_unit_warning(UNIT(s)->id, "SO_REUSEPORT failed: %m");
923 }
924
925 if (s->smack_ip_in) {
926 r = mac_smack_apply_ip_in_fd(fd, s->smack_ip_in);
927 if (r < 0)
928 log_unit_error(UNIT(s)->id, "mac_smack_apply_ip_in_fd: %s", strerror(-r));
929 }
930
931 if (s->smack_ip_out) {
932 r = mac_smack_apply_ip_out_fd(fd, s->smack_ip_out);
933 if (r < 0)
934 log_unit_error(UNIT(s)->id, "mac_smack_apply_ip_out_fd: %s", strerror(-r));
935 }
936 }
937
938 static void socket_apply_fifo_options(Socket *s, int fd) {
939 int r;
940
941 assert(s);
942 assert(fd >= 0);
943
944 if (s->pipe_size > 0)
945 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
946 log_unit_warning(UNIT(s)->id, "F_SETPIPE_SZ: %m");
947
948 if (s->smack) {
949 r = mac_smack_apply_fd(fd, s->smack);
950 if (r < 0)
951 log_unit_error(UNIT(s)->id, "mac_smack_apply_fd: %s", strerror(-r));
952 }
953 }
954
955 static int fifo_address_create(
956 const char *path,
957 mode_t directory_mode,
958 mode_t socket_mode,
959 int *_fd) {
960
961 int fd = -1, r = 0;
962 struct stat st;
963 mode_t old_mask;
964
965 assert(path);
966 assert(_fd);
967
968 mkdir_parents_label(path, directory_mode);
969
970 r = mac_selinux_create_file_prepare(path, S_IFIFO);
971 if (r < 0)
972 goto fail;
973
974 /* Enforce the right access mode for the fifo */
975 old_mask = umask(~ socket_mode);
976
977 /* Include the original umask in our mask */
978 umask(~socket_mode | old_mask);
979
980 r = mkfifo(path, socket_mode);
981 umask(old_mask);
982
983 if (r < 0 && errno != EEXIST) {
984 r = -errno;
985 goto fail;
986 }
987
988 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
989 r = -errno;
990 goto fail;
991 }
992
993 mac_selinux_create_file_clear();
994
995 if (fstat(fd, &st) < 0) {
996 r = -errno;
997 goto fail;
998 }
999
1000 if (!S_ISFIFO(st.st_mode) ||
1001 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1002 st.st_uid != getuid() ||
1003 st.st_gid != getgid()) {
1004
1005 r = -EEXIST;
1006 goto fail;
1007 }
1008
1009 *_fd = fd;
1010 return 0;
1011
1012 fail:
1013 mac_selinux_create_file_clear();
1014 safe_close(fd);
1015
1016 return r;
1017 }
1018
1019 static int special_address_create(
1020 const char *path,
1021 int *_fd) {
1022
1023 int fd = -1, r = 0;
1024 struct stat st;
1025
1026 assert(path);
1027 assert(_fd);
1028
1029 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1030 if (fd < 0) {
1031 r = -errno;
1032 goto fail;
1033 }
1034
1035 if (fstat(fd, &st) < 0) {
1036 r = -errno;
1037 goto fail;
1038 }
1039
1040 /* Check whether this is a /proc, /sys or /dev file or char device */
1041 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1042 r = -EEXIST;
1043 goto fail;
1044 }
1045
1046 *_fd = fd;
1047 return 0;
1048
1049 fail:
1050 safe_close(fd);
1051
1052 return r;
1053 }
1054
1055 static int mq_address_create(
1056 const char *path,
1057 mode_t mq_mode,
1058 long maxmsg,
1059 long msgsize,
1060 int *_fd) {
1061
1062 int fd = -1, r = 0;
1063 struct stat st;
1064 mode_t old_mask;
1065 struct mq_attr _attr, *attr = NULL;
1066
1067 assert(path);
1068 assert(_fd);
1069
1070 if (maxmsg > 0 && msgsize > 0) {
1071 zero(_attr);
1072 _attr.mq_flags = O_NONBLOCK;
1073 _attr.mq_maxmsg = maxmsg;
1074 _attr.mq_msgsize = msgsize;
1075 attr = &_attr;
1076 }
1077
1078 /* Enforce the right access mode for the mq */
1079 old_mask = umask(~ mq_mode);
1080
1081 /* Include the original umask in our mask */
1082 umask(~mq_mode | old_mask);
1083 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1084 umask(old_mask);
1085
1086 if (fd < 0) {
1087 r = -errno;
1088 goto fail;
1089 }
1090
1091 if (fstat(fd, &st) < 0) {
1092 r = -errno;
1093 goto fail;
1094 }
1095
1096 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1097 st.st_uid != getuid() ||
1098 st.st_gid != getgid()) {
1099
1100 r = -EEXIST;
1101 goto fail;
1102 }
1103
1104 *_fd = fd;
1105 return 0;
1106
1107 fail:
1108 safe_close(fd);
1109 return r;
1110 }
1111
1112 static int socket_symlink(Socket *s) {
1113 const char *p;
1114 char **i;
1115
1116 assert(s);
1117
1118 p = socket_find_symlink_target(s);
1119 if (!p)
1120 return 0;
1121
1122 STRV_FOREACH(i, s->symlinks)
1123 symlink_label(p, *i);
1124
1125 return 0;
1126 }
1127
1128 static int socket_open_fds(Socket *s) {
1129 SocketPort *p;
1130 int r;
1131 char *label = NULL;
1132 bool know_label = false;
1133
1134 assert(s);
1135
1136 LIST_FOREACH(port, p, s->ports) {
1137
1138 if (p->fd >= 0)
1139 continue;
1140
1141 if (p->type == SOCKET_SOCKET) {
1142
1143 if (!know_label) {
1144 /* Figure out label, if we don't it know
1145 * yet. We do it once, for the first
1146 * socket where we need this and
1147 * remember it for the rest. */
1148
1149 if (s->selinux_context_from_net) {
1150 /* Get it from the network label */
1151
1152 r = mac_selinux_get_our_label(&label);
1153 if (r < 0 && r != -EOPNOTSUPP)
1154 goto rollback;
1155
1156 } else {
1157 /* Get it from the executable we are about to start */
1158
1159 r = socket_instantiate_service(s);
1160 if (r < 0)
1161 goto rollback;
1162
1163 if (UNIT_ISSET(s->service) &&
1164 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1165 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1166 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1167 goto rollback;
1168 }
1169 }
1170
1171 know_label = true;
1172 }
1173
1174 r = socket_address_listen(
1175 &p->address,
1176 SOCK_CLOEXEC|SOCK_NONBLOCK,
1177 s->backlog,
1178 s->bind_ipv6_only,
1179 s->bind_to_device,
1180 s->free_bind,
1181 s->transparent,
1182 s->directory_mode,
1183 s->socket_mode,
1184 label);
1185 if (r < 0)
1186 goto rollback;
1187
1188 p->fd = r;
1189 socket_apply_socket_options(s, p->fd);
1190 socket_symlink(s);
1191
1192 } else if (p->type == SOCKET_SPECIAL) {
1193
1194 r = special_address_create(
1195 p->path,
1196 &p->fd);
1197 if (r < 0)
1198 goto rollback;
1199
1200 } else if (p->type == SOCKET_FIFO) {
1201
1202 r = fifo_address_create(
1203 p->path,
1204 s->directory_mode,
1205 s->socket_mode,
1206 &p->fd);
1207 if (r < 0)
1208 goto rollback;
1209
1210 socket_apply_fifo_options(s, p->fd);
1211 socket_symlink(s);
1212
1213 } else if (p->type == SOCKET_MQUEUE) {
1214
1215 r = mq_address_create(
1216 p->path,
1217 s->socket_mode,
1218 s->mq_maxmsg,
1219 s->mq_msgsize,
1220 &p->fd);
1221 if (r < 0)
1222 goto rollback;
1223 } else
1224 assert_not_reached("Unknown port type");
1225 }
1226
1227 mac_selinux_free(label);
1228 return 0;
1229
1230 rollback:
1231 socket_close_fds(s);
1232 mac_selinux_free(label);
1233
1234 return r;
1235 }
1236
1237 static void socket_unwatch_fds(Socket *s) {
1238 SocketPort *p;
1239 int r;
1240
1241 assert(s);
1242
1243 LIST_FOREACH(port, p, s->ports) {
1244 if (p->fd < 0)
1245 continue;
1246
1247 if (!p->event_source)
1248 continue;
1249
1250 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1251 if (r < 0)
1252 log_unit_debug(UNIT(s)->id, "Failed to disable event source.");
1253 }
1254 }
1255
1256 static int socket_watch_fds(Socket *s) {
1257 SocketPort *p;
1258 int r;
1259
1260 assert(s);
1261
1262 LIST_FOREACH(port, p, s->ports) {
1263 if (p->fd < 0)
1264 continue;
1265
1266 if (p->event_source)
1267 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1268 else
1269 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1270
1271 if (r < 0) {
1272 log_unit_warning(UNIT(s)->id, "Failed to watch listening fds: %s", strerror(-r));
1273 goto fail;
1274 }
1275 }
1276
1277 return 0;
1278
1279 fail:
1280 socket_unwatch_fds(s);
1281 return r;
1282 }
1283
1284 static void socket_set_state(Socket *s, SocketState state) {
1285 SocketState old_state;
1286 assert(s);
1287
1288 old_state = s->state;
1289 s->state = state;
1290
1291 if (!IN_SET(state,
1292 SOCKET_START_PRE,
1293 SOCKET_START_CHOWN,
1294 SOCKET_START_POST,
1295 SOCKET_STOP_PRE,
1296 SOCKET_STOP_PRE_SIGTERM,
1297 SOCKET_STOP_PRE_SIGKILL,
1298 SOCKET_STOP_POST,
1299 SOCKET_FINAL_SIGTERM,
1300 SOCKET_FINAL_SIGKILL)) {
1301
1302 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1303 socket_unwatch_control_pid(s);
1304 s->control_command = NULL;
1305 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1306 }
1307
1308 if (state != SOCKET_LISTENING)
1309 socket_unwatch_fds(s);
1310
1311 if (!IN_SET(state,
1312 SOCKET_START_CHOWN,
1313 SOCKET_START_POST,
1314 SOCKET_LISTENING,
1315 SOCKET_RUNNING,
1316 SOCKET_STOP_PRE,
1317 SOCKET_STOP_PRE_SIGTERM,
1318 SOCKET_STOP_PRE_SIGKILL))
1319 socket_close_fds(s);
1320
1321 if (state != old_state)
1322 log_unit_debug(UNIT(s)->id, "%s changed %s -> %s",
1323 UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
1324
1325 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1326 }
1327
1328 static int socket_coldplug(Unit *u) {
1329 Socket *s = SOCKET(u);
1330 int r;
1331
1332 assert(s);
1333 assert(s->state == SOCKET_DEAD);
1334
1335 if (s->deserialized_state == s->state)
1336 return 0;
1337
1338 if (IN_SET(s->deserialized_state,
1339 SOCKET_START_PRE,
1340 SOCKET_START_CHOWN,
1341 SOCKET_START_POST,
1342 SOCKET_STOP_PRE,
1343 SOCKET_STOP_PRE_SIGTERM,
1344 SOCKET_STOP_PRE_SIGKILL,
1345 SOCKET_STOP_POST,
1346 SOCKET_FINAL_SIGTERM,
1347 SOCKET_FINAL_SIGKILL)) {
1348
1349 if (s->control_pid <= 0)
1350 return -EBADMSG;
1351
1352 r = unit_watch_pid(UNIT(s), s->control_pid);
1353 if (r < 0)
1354 return r;
1355
1356 r = socket_arm_timer(s);
1357 if (r < 0)
1358 return r;
1359 }
1360
1361 if (IN_SET(s->deserialized_state,
1362 SOCKET_START_CHOWN,
1363 SOCKET_START_POST,
1364 SOCKET_LISTENING,
1365 SOCKET_RUNNING,
1366 SOCKET_STOP_PRE,
1367 SOCKET_STOP_PRE_SIGTERM,
1368 SOCKET_STOP_PRE_SIGKILL)) {
1369 r = socket_open_fds(s);
1370 if (r < 0)
1371 return r;
1372 }
1373
1374 if (s->deserialized_state == SOCKET_LISTENING) {
1375 r = socket_watch_fds(s);
1376 if (r < 0)
1377 return r;
1378 }
1379
1380 socket_set_state(s, s->deserialized_state);
1381 return 0;
1382 }
1383
1384 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1385 _cleanup_free_ char **argv = NULL;
1386 pid_t pid;
1387 int r;
1388 ExecParameters exec_params = {
1389 .apply_permissions = true,
1390 .apply_chroot = true,
1391 .apply_tty_stdin = true,
1392 };
1393
1394 assert(s);
1395 assert(c);
1396 assert(_pid);
1397
1398 unit_realize_cgroup(UNIT(s));
1399
1400 r = unit_setup_exec_runtime(UNIT(s));
1401 if (r < 0)
1402 goto fail;
1403
1404 r = socket_arm_timer(s);
1405 if (r < 0)
1406 goto fail;
1407
1408 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1409 if (r < 0)
1410 goto fail;
1411
1412 exec_params.argv = argv;
1413 exec_params.environment = UNIT(s)->manager->environment;
1414 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1415 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1416 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1417 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1418 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1419 exec_params.unit_id = UNIT(s)->id;
1420
1421 r = exec_spawn(c,
1422 &s->exec_context,
1423 &exec_params,
1424 s->exec_runtime,
1425 &pid);
1426 if (r < 0)
1427 goto fail;
1428
1429 r = unit_watch_pid(UNIT(s), pid);
1430 if (r < 0)
1431 /* FIXME: we need to do something here */
1432 goto fail;
1433
1434 *_pid = pid;
1435 return 0;
1436
1437 fail:
1438 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1439 return r;
1440 }
1441
1442 static int socket_chown(Socket *s, pid_t *_pid) {
1443 pid_t pid;
1444 int r;
1445
1446 r = socket_arm_timer(s);
1447 if (r < 0)
1448 goto fail;
1449
1450 /* We have to resolve the user names out-of-process, hence
1451 * let's fork here. It's messy, but well, what can we do? */
1452
1453 pid = fork();
1454 if (pid < 0)
1455 return -errno;
1456
1457 if (pid == 0) {
1458 SocketPort *p;
1459 uid_t uid = (uid_t) -1;
1460 gid_t gid = (gid_t) -1;
1461 int ret;
1462
1463 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1464 ignore_signals(SIGPIPE, -1);
1465 log_forget_fds();
1466
1467 if (!isempty(s->user)) {
1468 const char *user = s->user;
1469
1470 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1471 if (r < 0) {
1472 ret = EXIT_USER;
1473 goto fail_child;
1474 }
1475 }
1476
1477 if (!isempty(s->group)) {
1478 const char *group = s->group;
1479
1480 r = get_group_creds(&group, &gid);
1481 if (r < 0) {
1482 ret = EXIT_GROUP;
1483 goto fail_child;
1484 }
1485 }
1486
1487 LIST_FOREACH(port, p, s->ports) {
1488 const char *path = NULL;
1489
1490 if (p->type == SOCKET_SOCKET)
1491 path = socket_address_get_path(&p->address);
1492 else if (p->type == SOCKET_FIFO)
1493 path = p->path;
1494
1495 if (!path)
1496 continue;
1497
1498 if (chown(path, uid, gid) < 0) {
1499 r = -errno;
1500 ret = EXIT_CHOWN;
1501 goto fail_child;
1502 }
1503 }
1504
1505 _exit(0);
1506
1507 fail_child:
1508 log_open();
1509 log_error_errno(-r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1510
1511 _exit(ret);
1512 }
1513
1514 r = unit_watch_pid(UNIT(s), pid);
1515 if (r < 0)
1516 goto fail;
1517
1518 *_pid = pid;
1519 return 0;
1520
1521 fail:
1522 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1523 return r;
1524 }
1525
1526 static void socket_enter_dead(Socket *s, SocketResult f) {
1527 assert(s);
1528
1529 if (f != SOCKET_SUCCESS)
1530 s->result = f;
1531
1532 exec_runtime_destroy(s->exec_runtime);
1533 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1534
1535 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1536
1537 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1538 }
1539
1540 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1541
1542 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1543 int r;
1544 assert(s);
1545
1546 if (f != SOCKET_SUCCESS)
1547 s->result = f;
1548
1549 socket_unwatch_control_pid(s);
1550 s->control_command_id = SOCKET_EXEC_STOP_POST;
1551 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1552
1553 if (s->control_command) {
1554 r = socket_spawn(s, s->control_command, &s->control_pid);
1555 if (r < 0)
1556 goto fail;
1557
1558 socket_set_state(s, SOCKET_STOP_POST);
1559 } else
1560 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1561
1562 return;
1563
1564 fail:
1565 log_unit_warning(UNIT(s)->id,
1566 "%s failed to run 'stop-post' task: %s",
1567 UNIT(s)->id, strerror(-r));
1568 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1569 }
1570
1571 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1572 int r;
1573
1574 assert(s);
1575
1576 if (f != SOCKET_SUCCESS)
1577 s->result = f;
1578
1579 r = unit_kill_context(
1580 UNIT(s),
1581 &s->kill_context,
1582 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1583 KILL_KILL : KILL_TERMINATE,
1584 -1,
1585 s->control_pid,
1586 false);
1587 if (r < 0)
1588 goto fail;
1589
1590 if (r > 0) {
1591 r = socket_arm_timer(s);
1592 if (r < 0)
1593 goto fail;
1594
1595 socket_set_state(s, state);
1596 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1597 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1598 else if (state == SOCKET_STOP_PRE_SIGKILL)
1599 socket_enter_stop_post(s, SOCKET_SUCCESS);
1600 else if (state == SOCKET_FINAL_SIGTERM)
1601 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1602 else
1603 socket_enter_dead(s, SOCKET_SUCCESS);
1604
1605 return;
1606
1607 fail:
1608 log_unit_warning(UNIT(s)->id, "%s failed to kill processes: %s", UNIT(s)->id, strerror(-r));
1609
1610 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1611 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1612 else
1613 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1614 }
1615
1616 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1617 int r;
1618 assert(s);
1619
1620 if (f != SOCKET_SUCCESS)
1621 s->result = f;
1622
1623 socket_unwatch_control_pid(s);
1624 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1625 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1626
1627 if (s->control_command) {
1628 r = socket_spawn(s, s->control_command, &s->control_pid);
1629 if (r < 0)
1630 goto fail;
1631
1632 socket_set_state(s, SOCKET_STOP_PRE);
1633 } else
1634 socket_enter_stop_post(s, SOCKET_SUCCESS);
1635
1636 return;
1637
1638 fail:
1639 log_unit_warning(UNIT(s)->id, "%s failed to run 'stop-pre' task: %s", UNIT(s)->id, strerror(-r));
1640 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1641 }
1642
1643 static void socket_enter_listening(Socket *s) {
1644 int r;
1645 assert(s);
1646
1647 r = socket_watch_fds(s);
1648 if (r < 0) {
1649 log_unit_warning(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1650 goto fail;
1651 }
1652
1653 socket_set_state(s, SOCKET_LISTENING);
1654 return;
1655
1656 fail:
1657 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1658 }
1659
1660 static void socket_enter_start_post(Socket *s) {
1661 int r;
1662 assert(s);
1663
1664 socket_unwatch_control_pid(s);
1665 s->control_command_id = SOCKET_EXEC_START_POST;
1666 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1667
1668 if (s->control_command) {
1669 r = socket_spawn(s, s->control_command, &s->control_pid);
1670 if (r < 0) {
1671 log_unit_warning(UNIT(s)->id, "%s failed to run 'start-post' task: %s", UNIT(s)->id, strerror(-r));
1672 goto fail;
1673 }
1674
1675 socket_set_state(s, SOCKET_START_POST);
1676 } else
1677 socket_enter_listening(s);
1678
1679 return;
1680
1681 fail:
1682 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1683 }
1684
1685 static void socket_enter_start_chown(Socket *s) {
1686 int r;
1687
1688 assert(s);
1689
1690 r = socket_open_fds(s);
1691 if (r < 0) {
1692 log_unit_warning(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1693 goto fail;
1694 }
1695
1696 if (!isempty(s->user) || !isempty(s->group)) {
1697
1698 socket_unwatch_control_pid(s);
1699 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1700 s->control_command = NULL;
1701
1702 r = socket_chown(s, &s->control_pid);
1703 if (r < 0) {
1704 log_unit_warning(UNIT(s)->id, "%s failed to fork 'start-chown' task: %s", UNIT(s)->id, strerror(-r));
1705 goto fail;
1706 }
1707
1708 socket_set_state(s, SOCKET_START_CHOWN);
1709 } else
1710 socket_enter_start_post(s);
1711
1712 return;
1713
1714 fail:
1715 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1716 }
1717
1718 static void socket_enter_start_pre(Socket *s) {
1719 int r;
1720 assert(s);
1721
1722 socket_unwatch_control_pid(s);
1723 s->control_command_id = SOCKET_EXEC_START_PRE;
1724 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1725
1726 if (s->control_command) {
1727 r = socket_spawn(s, s->control_command, &s->control_pid);
1728 if (r < 0) {
1729 log_unit_warning(UNIT(s)->id, "%s failed to run 'start-pre' task: %s", UNIT(s)->id, strerror(-r));
1730 goto fail;
1731 }
1732
1733 socket_set_state(s, SOCKET_START_PRE);
1734 } else
1735 socket_enter_start_chown(s);
1736
1737 return;
1738
1739 fail:
1740 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1741 }
1742
1743 static void socket_enter_running(Socket *s, int cfd) {
1744 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1745 int r;
1746
1747 assert(s);
1748
1749 /* We don't take connections anymore if we are supposed to
1750 * shut down anyway */
1751 if (unit_stop_pending(UNIT(s))) {
1752
1753 log_unit_debug(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
1754
1755 if (cfd >= 0)
1756 safe_close(cfd);
1757 else {
1758 /* Flush all sockets by closing and reopening them */
1759 socket_close_fds(s);
1760
1761 r = socket_open_fds(s);
1762 if (r < 0) {
1763 log_unit_warning(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1764 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1765 return;
1766 }
1767
1768 r = socket_watch_fds(s);
1769 if (r < 0) {
1770 log_unit_warning(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1771 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1772 }
1773 }
1774
1775 return;
1776 }
1777
1778 if (cfd < 0) {
1779 Iterator i;
1780 Unit *other;
1781 bool pending = false;
1782
1783 /* If there's already a start pending don't bother to
1784 * do anything */
1785 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1786 if (unit_active_or_pending(other)) {
1787 pending = true;
1788 break;
1789 }
1790
1791 if (!pending) {
1792 if (!UNIT_ISSET(s->service)) {
1793 log_unit_error(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
1794 r = -ENOENT;
1795 goto fail;
1796 }
1797
1798 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1799 if (r < 0)
1800 goto fail;
1801 }
1802
1803 socket_set_state(s, SOCKET_RUNNING);
1804 } else {
1805 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1806 Service *service;
1807
1808 if (s->n_connections >= s->max_connections) {
1809 log_unit_warning(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
1810 safe_close(cfd);
1811 return;
1812 }
1813
1814 r = socket_instantiate_service(s);
1815 if (r < 0)
1816 goto fail;
1817
1818 r = instance_from_socket(cfd, s->n_accepted, &instance);
1819 if (r < 0) {
1820 if (r != -ENOTCONN)
1821 goto fail;
1822
1823 /* ENOTCONN is legitimate if TCP RST was received.
1824 * This connection is over, but the socket unit lives on. */
1825 safe_close(cfd);
1826 return;
1827 }
1828
1829 prefix = unit_name_to_prefix(UNIT(s)->id);
1830 if (!prefix) {
1831 r = -ENOMEM;
1832 goto fail;
1833 }
1834
1835 name = unit_name_build(prefix, instance, ".service");
1836 if (!name) {
1837 r = -ENOMEM;
1838 goto fail;
1839 }
1840
1841 r = unit_add_name(UNIT_DEREF(s->service), name);
1842 if (r < 0)
1843 goto fail;
1844
1845 service = SERVICE(UNIT_DEREF(s->service));
1846 unit_ref_unset(&s->service);
1847 s->n_accepted ++;
1848
1849 UNIT(service)->no_gc = false;
1850
1851 unit_choose_id(UNIT(service), name);
1852
1853 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1854 if (r < 0)
1855 goto fail;
1856
1857 cfd = -1;
1858 s->n_connections ++;
1859
1860 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1861 if (r < 0)
1862 goto fail;
1863
1864 /* Notify clients about changed counters */
1865 unit_add_to_dbus_queue(UNIT(s));
1866 }
1867
1868 return;
1869
1870 fail:
1871 log_unit_warning(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1872 UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
1873 bus_error_message(&error, r));
1874
1875 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1876 safe_close(cfd);
1877 }
1878
1879 static void socket_run_next(Socket *s) {
1880 int r;
1881
1882 assert(s);
1883 assert(s->control_command);
1884 assert(s->control_command->command_next);
1885
1886 socket_unwatch_control_pid(s);
1887
1888 s->control_command = s->control_command->command_next;
1889
1890 r = socket_spawn(s, s->control_command, &s->control_pid);
1891 if (r < 0)
1892 goto fail;
1893
1894 return;
1895
1896 fail:
1897 log_unit_warning(UNIT(s)->id, "%s failed to run next task: %s", UNIT(s)->id, strerror(-r));
1898
1899 if (s->state == SOCKET_START_POST)
1900 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1901 else if (s->state == SOCKET_STOP_POST)
1902 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1903 else
1904 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1905 }
1906
1907 static int socket_start(Unit *u) {
1908 Socket *s = SOCKET(u);
1909
1910 assert(s);
1911
1912 /* We cannot fulfill this request right now, try again later
1913 * please! */
1914 if (IN_SET(s->state,
1915 SOCKET_STOP_PRE,
1916 SOCKET_STOP_PRE_SIGKILL,
1917 SOCKET_STOP_PRE_SIGTERM,
1918 SOCKET_STOP_POST,
1919 SOCKET_FINAL_SIGTERM,
1920 SOCKET_FINAL_SIGKILL))
1921 return -EAGAIN;
1922
1923 /* Already on it! */
1924 if (IN_SET(s->state,
1925 SOCKET_START_PRE,
1926 SOCKET_START_CHOWN,
1927 SOCKET_START_POST))
1928 return 0;
1929
1930 /* Cannot run this without the service being around */
1931 if (UNIT_ISSET(s->service)) {
1932 Service *service;
1933
1934 service = SERVICE(UNIT_DEREF(s->service));
1935
1936 if (UNIT(service)->load_state != UNIT_LOADED) {
1937 log_unit_error(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1938 return -ENOENT;
1939 }
1940
1941 /* If the service is already active we cannot start the
1942 * socket */
1943 if (service->state != SERVICE_DEAD &&
1944 service->state != SERVICE_FAILED &&
1945 service->state != SERVICE_AUTO_RESTART) {
1946 log_unit_error(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
1947 return -EBUSY;
1948 }
1949 }
1950
1951 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1952
1953 s->result = SOCKET_SUCCESS;
1954 socket_enter_start_pre(s);
1955
1956 return 0;
1957 }
1958
1959 static int socket_stop(Unit *u) {
1960 Socket *s = SOCKET(u);
1961
1962 assert(s);
1963
1964 /* Already on it */
1965 if (IN_SET(s->state,
1966 SOCKET_STOP_PRE,
1967 SOCKET_STOP_PRE_SIGTERM,
1968 SOCKET_STOP_PRE_SIGKILL,
1969 SOCKET_STOP_POST,
1970 SOCKET_FINAL_SIGTERM,
1971 SOCKET_FINAL_SIGKILL))
1972 return 0;
1973
1974 /* If there's already something running we go directly into
1975 * kill mode. */
1976 if (IN_SET(s->state,
1977 SOCKET_START_PRE,
1978 SOCKET_START_CHOWN,
1979 SOCKET_START_POST)) {
1980 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1981 return -EAGAIN;
1982 }
1983
1984 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1985
1986 socket_enter_stop_pre(s, SOCKET_SUCCESS);
1987 return 0;
1988 }
1989
1990 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1991 Socket *s = SOCKET(u);
1992 SocketPort *p;
1993 int r;
1994
1995 assert(u);
1996 assert(f);
1997 assert(fds);
1998
1999 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2000 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2001 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2002
2003 if (s->control_pid > 0)
2004 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2005
2006 if (s->control_command_id >= 0)
2007 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2008
2009 LIST_FOREACH(port, p, s->ports) {
2010 int copy;
2011
2012 if (p->fd < 0)
2013 continue;
2014
2015 copy = fdset_put_dup(fds, p->fd);
2016 if (copy < 0)
2017 return copy;
2018
2019 if (p->type == SOCKET_SOCKET) {
2020 _cleanup_free_ char *t = NULL;
2021
2022 r = socket_address_print(&p->address, &t);
2023 if (r < 0)
2024 return r;
2025
2026 if (socket_address_family(&p->address) == AF_NETLINK)
2027 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2028 else
2029 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2030
2031 } else if (p->type == SOCKET_SPECIAL)
2032 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2033 else if (p->type == SOCKET_MQUEUE)
2034 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2035 else {
2036 assert(p->type == SOCKET_FIFO);
2037 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2038 }
2039 }
2040
2041 return 0;
2042 }
2043
2044 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2045 Socket *s = SOCKET(u);
2046
2047 assert(u);
2048 assert(key);
2049 assert(value);
2050
2051 if (streq(key, "state")) {
2052 SocketState state;
2053
2054 state = socket_state_from_string(value);
2055 if (state < 0)
2056 log_unit_debug(u->id, "Failed to parse state value %s", value);
2057 else
2058 s->deserialized_state = state;
2059 } else if (streq(key, "result")) {
2060 SocketResult f;
2061
2062 f = socket_result_from_string(value);
2063 if (f < 0)
2064 log_unit_debug(u->id, "Failed to parse result value %s", value);
2065 else if (f != SOCKET_SUCCESS)
2066 s->result = f;
2067
2068 } else if (streq(key, "n-accepted")) {
2069 unsigned k;
2070
2071 if (safe_atou(value, &k) < 0)
2072 log_unit_debug(u->id, "Failed to parse n-accepted value %s", value);
2073 else
2074 s->n_accepted += k;
2075 } else if (streq(key, "control-pid")) {
2076 pid_t pid;
2077
2078 if (parse_pid(value, &pid) < 0)
2079 log_unit_debug(u->id, "Failed to parse control-pid value %s", value);
2080 else
2081 s->control_pid = pid;
2082 } else if (streq(key, "control-command")) {
2083 SocketExecCommand id;
2084
2085 id = socket_exec_command_from_string(value);
2086 if (id < 0)
2087 log_unit_debug(u->id, "Failed to parse exec-command value %s", value);
2088 else {
2089 s->control_command_id = id;
2090 s->control_command = s->exec_command[id];
2091 }
2092 } else if (streq(key, "fifo")) {
2093 int fd, skip = 0;
2094 SocketPort *p;
2095
2096 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2097 log_unit_debug(u->id, "Failed to parse fifo value %s", value);
2098 else {
2099
2100 LIST_FOREACH(port, p, s->ports)
2101 if (p->type == SOCKET_FIFO &&
2102 streq_ptr(p->path, value+skip))
2103 break;
2104
2105 if (p) {
2106 safe_close(p->fd);
2107 p->fd = fdset_remove(fds, fd);
2108 }
2109 }
2110
2111 } else if (streq(key, "special")) {
2112 int fd, skip = 0;
2113 SocketPort *p;
2114
2115 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2116 log_unit_debug(u->id, "Failed to parse special value %s", value);
2117 else {
2118
2119 LIST_FOREACH(port, p, s->ports)
2120 if (p->type == SOCKET_SPECIAL &&
2121 streq_ptr(p->path, value+skip))
2122 break;
2123
2124 if (p) {
2125 safe_close(p->fd);
2126 p->fd = fdset_remove(fds, fd);
2127 }
2128 }
2129
2130 } else if (streq(key, "mqueue")) {
2131 int fd, skip = 0;
2132 SocketPort *p;
2133
2134 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2135 log_unit_debug(u->id, "Failed to parse mqueue value %s", value);
2136 else {
2137
2138 LIST_FOREACH(port, p, s->ports)
2139 if (p->type == SOCKET_MQUEUE &&
2140 streq_ptr(p->path, value+skip))
2141 break;
2142
2143 if (p) {
2144 safe_close(p->fd);
2145 p->fd = fdset_remove(fds, fd);
2146 }
2147 }
2148
2149 } else if (streq(key, "socket")) {
2150 int fd, type, skip = 0;
2151 SocketPort *p;
2152
2153 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2154 log_unit_debug(u->id, "Failed to parse socket value %s", value);
2155 else {
2156
2157 LIST_FOREACH(port, p, s->ports)
2158 if (socket_address_is(&p->address, value+skip, type))
2159 break;
2160
2161 if (p) {
2162 safe_close(p->fd);
2163 p->fd = fdset_remove(fds, fd);
2164 }
2165 }
2166
2167 } else if (streq(key, "netlink")) {
2168 int fd, skip = 0;
2169 SocketPort *p;
2170
2171 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2172 log_unit_debug(u->id, "Failed to parse socket value %s", value);
2173 else {
2174
2175 LIST_FOREACH(port, p, s->ports)
2176 if (socket_address_is_netlink(&p->address, value+skip))
2177 break;
2178
2179 if (p) {
2180 safe_close(p->fd);
2181 p->fd = fdset_remove(fds, fd);
2182 }
2183 }
2184 } else
2185 log_unit_debug(UNIT(s)->id, "Unknown serialization key '%s'", key);
2186
2187 return 0;
2188 }
2189
2190 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2191 Socket *s = SOCKET(u);
2192 SocketPort *p;
2193
2194 assert(u);
2195
2196 LIST_FOREACH(port, p, s->ports) {
2197 Iterator i;
2198 int fd;
2199
2200 if (p->type != SOCKET_SOCKET)
2201 continue;
2202
2203 if (p->fd >= 0)
2204 continue;
2205
2206 FDSET_FOREACH(fd, fds, i) {
2207 if (socket_address_matches_fd(&p->address, fd)) {
2208 p->fd = fdset_remove(fds, fd);
2209 s->deserialized_state = SOCKET_LISTENING;
2210 break;
2211 }
2212 }
2213 }
2214
2215 return 0;
2216 }
2217
2218 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2219 assert(u);
2220
2221 return state_translation_table[SOCKET(u)->state];
2222 }
2223
2224 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2225 assert(u);
2226
2227 return socket_state_to_string(SOCKET(u)->state);
2228 }
2229
2230 const char* socket_port_type_to_string(SocketPort *p) {
2231
2232 assert(p);
2233
2234 switch (p->type) {
2235
2236 case SOCKET_SOCKET:
2237
2238 switch (p->address.type) {
2239
2240 case SOCK_STREAM:
2241 return "Stream";
2242
2243 case SOCK_DGRAM:
2244 return "Datagram";
2245
2246 case SOCK_SEQPACKET:
2247 return "SequentialPacket";
2248
2249 case SOCK_RAW:
2250 if (socket_address_family(&p->address) == AF_NETLINK)
2251 return "Netlink";
2252
2253 default:
2254 return NULL;
2255 }
2256
2257 case SOCKET_SPECIAL:
2258 return "Special";
2259
2260 case SOCKET_MQUEUE:
2261 return "MessageQueue";
2262
2263 case SOCKET_FIFO:
2264 return "FIFO";
2265
2266 default:
2267 return NULL;
2268 }
2269 }
2270
2271 _pure_ static bool socket_check_gc(Unit *u) {
2272 Socket *s = SOCKET(u);
2273
2274 assert(u);
2275
2276 return s->n_connections > 0;
2277 }
2278
2279 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2280 SocketPort *p = userdata;
2281 int cfd = -1;
2282
2283 assert(p);
2284 assert(fd >= 0);
2285
2286 if (p->socket->state != SOCKET_LISTENING)
2287 return 0;
2288
2289 log_unit_debug(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
2290
2291 if (revents != EPOLLIN) {
2292
2293 if (revents & EPOLLHUP)
2294 log_unit_error(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
2295 UNIT(p->socket)->id);
2296 else
2297 log_unit_error(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
2298 UNIT(p->socket)->id, revents);
2299
2300 goto fail;
2301 }
2302
2303 if (p->socket->accept &&
2304 p->type == SOCKET_SOCKET &&
2305 socket_address_can_accept(&p->address)) {
2306
2307 for (;;) {
2308
2309 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2310 if (cfd < 0) {
2311
2312 if (errno == EINTR)
2313 continue;
2314
2315 log_unit_error(UNIT(p->socket)->id,
2316 "Failed to accept socket: %m");
2317 goto fail;
2318 }
2319
2320 break;
2321 }
2322
2323 socket_apply_socket_options(p->socket, cfd);
2324 }
2325
2326 socket_enter_running(p->socket, cfd);
2327 return 0;
2328
2329 fail:
2330 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2331 return 0;
2332 }
2333
2334 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2335 Socket *s = SOCKET(u);
2336 SocketResult f;
2337
2338 assert(s);
2339 assert(pid >= 0);
2340
2341 if (pid != s->control_pid)
2342 return;
2343
2344 s->control_pid = 0;
2345
2346 if (is_clean_exit(code, status, NULL))
2347 f = SOCKET_SUCCESS;
2348 else if (code == CLD_EXITED)
2349 f = SOCKET_FAILURE_EXIT_CODE;
2350 else if (code == CLD_KILLED)
2351 f = SOCKET_FAILURE_SIGNAL;
2352 else if (code == CLD_DUMPED)
2353 f = SOCKET_FAILURE_CORE_DUMP;
2354 else
2355 assert_not_reached("Unknown sigchld code");
2356
2357 if (s->control_command) {
2358 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2359
2360 if (s->control_command->ignore)
2361 f = SOCKET_SUCCESS;
2362 }
2363
2364 log_unit_full(u->id,
2365 f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
2366 "%s control process exited, code=%s status=%i",
2367 u->id, sigchld_code_to_string(code), status);
2368
2369 if (f != SOCKET_SUCCESS)
2370 s->result = f;
2371
2372 if (s->control_command &&
2373 s->control_command->command_next &&
2374 f == SOCKET_SUCCESS) {
2375
2376 log_unit_debug(u->id,
2377 "%s running next command for state %s",
2378 u->id, socket_state_to_string(s->state));
2379 socket_run_next(s);
2380 } else {
2381 s->control_command = NULL;
2382 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2383
2384 /* No further commands for this step, so let's figure
2385 * out what to do next */
2386
2387 log_unit_debug(u->id,
2388 "%s got final SIGCHLD for state %s",
2389 u->id, socket_state_to_string(s->state));
2390
2391 switch (s->state) {
2392
2393 case SOCKET_START_PRE:
2394 if (f == SOCKET_SUCCESS)
2395 socket_enter_start_chown(s);
2396 else
2397 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2398 break;
2399
2400 case SOCKET_START_CHOWN:
2401 if (f == SOCKET_SUCCESS)
2402 socket_enter_start_post(s);
2403 else
2404 socket_enter_stop_pre(s, f);
2405 break;
2406
2407 case SOCKET_START_POST:
2408 if (f == SOCKET_SUCCESS)
2409 socket_enter_listening(s);
2410 else
2411 socket_enter_stop_pre(s, f);
2412 break;
2413
2414 case SOCKET_STOP_PRE:
2415 case SOCKET_STOP_PRE_SIGTERM:
2416 case SOCKET_STOP_PRE_SIGKILL:
2417 socket_enter_stop_post(s, f);
2418 break;
2419
2420 case SOCKET_STOP_POST:
2421 case SOCKET_FINAL_SIGTERM:
2422 case SOCKET_FINAL_SIGKILL:
2423 socket_enter_dead(s, f);
2424 break;
2425
2426 default:
2427 assert_not_reached("Uh, control process died at wrong time.");
2428 }
2429 }
2430
2431 /* Notify clients about changed exit status */
2432 unit_add_to_dbus_queue(u);
2433 }
2434
2435 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2436 Socket *s = SOCKET(userdata);
2437
2438 assert(s);
2439 assert(s->timer_event_source == source);
2440
2441 switch (s->state) {
2442
2443 case SOCKET_START_PRE:
2444 log_unit_warning(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
2445 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2446 break;
2447
2448 case SOCKET_START_CHOWN:
2449 case SOCKET_START_POST:
2450 log_unit_warning(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
2451 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2452 break;
2453
2454 case SOCKET_STOP_PRE:
2455 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
2456 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2457 break;
2458
2459 case SOCKET_STOP_PRE_SIGTERM:
2460 if (s->kill_context.send_sigkill) {
2461 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
2462 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2463 } else {
2464 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2465 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2466 }
2467 break;
2468
2469 case SOCKET_STOP_PRE_SIGKILL:
2470 log_unit_warning(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
2471 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2472 break;
2473
2474 case SOCKET_STOP_POST:
2475 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
2476 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2477 break;
2478
2479 case SOCKET_FINAL_SIGTERM:
2480 if (s->kill_context.send_sigkill) {
2481 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
2482 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2483 } else {
2484 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2485 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2486 }
2487 break;
2488
2489 case SOCKET_FINAL_SIGKILL:
2490 log_unit_warning(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
2491 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2492 break;
2493
2494 default:
2495 assert_not_reached("Timeout at wrong time.");
2496 }
2497
2498 return 0;
2499 }
2500
2501 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2502 int *rfds;
2503 unsigned rn_fds, k;
2504 SocketPort *p;
2505
2506 assert(s);
2507 assert(fds);
2508 assert(n_fds);
2509
2510 /* Called from the service code for requesting our fds */
2511
2512 rn_fds = 0;
2513 LIST_FOREACH(port, p, s->ports)
2514 if (p->fd >= 0)
2515 rn_fds++;
2516
2517 if (rn_fds <= 0) {
2518 *fds = NULL;
2519 *n_fds = 0;
2520 return 0;
2521 }
2522
2523 if (!(rfds = new(int, rn_fds)))
2524 return -ENOMEM;
2525
2526 k = 0;
2527 LIST_FOREACH(port, p, s->ports)
2528 if (p->fd >= 0)
2529 rfds[k++] = p->fd;
2530
2531 assert(k == rn_fds);
2532
2533 *fds = rfds;
2534 *n_fds = rn_fds;
2535
2536 return 0;
2537 }
2538
2539 static void socket_reset_failed(Unit *u) {
2540 Socket *s = SOCKET(u);
2541
2542 assert(s);
2543
2544 if (s->state == SOCKET_FAILED)
2545 socket_set_state(s, SOCKET_DEAD);
2546
2547 s->result = SOCKET_SUCCESS;
2548 }
2549
2550 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2551 assert(s);
2552
2553 /* The service is dead. Dang!
2554 *
2555 * This is strictly for one-instance-for-all-connections
2556 * services. */
2557
2558 if (s->state == SOCKET_RUNNING) {
2559 log_unit_debug(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
2560 if (failed_permanent)
2561 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2562 else
2563 socket_enter_listening(s);
2564 }
2565 }
2566
2567 void socket_connection_unref(Socket *s) {
2568 assert(s);
2569
2570 /* The service is dead. Yay!
2571 *
2572 * This is strictly for one-instance-per-connection
2573 * services. */
2574
2575 assert(s->n_connections > 0);
2576 s->n_connections--;
2577
2578 log_unit_debug(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
2579 }
2580
2581 static void socket_trigger_notify(Unit *u, Unit *other) {
2582 Socket *s = SOCKET(u);
2583 Service *se;
2584
2585 assert(u);
2586 assert(other);
2587
2588 /* Don't propagate state changes from the service if we are
2589 already down or accepting connections */
2590 if ((s->state != SOCKET_RUNNING &&
2591 s->state != SOCKET_LISTENING) ||
2592 s->accept)
2593 return;
2594
2595 if (other->load_state != UNIT_LOADED ||
2596 other->type != UNIT_SERVICE)
2597 return;
2598
2599 se = SERVICE(other);
2600
2601 if (se->state == SERVICE_FAILED)
2602 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2603
2604 if (se->state == SERVICE_DEAD ||
2605 se->state == SERVICE_STOP ||
2606 se->state == SERVICE_STOP_SIGTERM ||
2607 se->state == SERVICE_STOP_SIGKILL ||
2608 se->state == SERVICE_STOP_POST ||
2609 se->state == SERVICE_FINAL_SIGTERM ||
2610 se->state == SERVICE_FINAL_SIGKILL ||
2611 se->state == SERVICE_AUTO_RESTART)
2612 socket_notify_service_dead(s, false);
2613
2614 if (se->state == SERVICE_RUNNING)
2615 socket_set_state(s, SOCKET_RUNNING);
2616 }
2617
2618 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2619 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2620 }
2621
2622 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2623 Socket *s = SOCKET(u);
2624 int r;
2625
2626 if (!s->timer_event_source)
2627 return 0;
2628
2629 r = sd_event_source_get_time(s->timer_event_source, timeout);
2630 if (r < 0)
2631 return r;
2632
2633 return 1;
2634 }
2635
2636 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2637 [SOCKET_DEAD] = "dead",
2638 [SOCKET_START_PRE] = "start-pre",
2639 [SOCKET_START_CHOWN] = "start-chown",
2640 [SOCKET_START_POST] = "start-post",
2641 [SOCKET_LISTENING] = "listening",
2642 [SOCKET_RUNNING] = "running",
2643 [SOCKET_STOP_PRE] = "stop-pre",
2644 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2645 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2646 [SOCKET_STOP_POST] = "stop-post",
2647 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2648 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2649 [SOCKET_FAILED] = "failed"
2650 };
2651
2652 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2653
2654 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2655 [SOCKET_EXEC_START_PRE] = "StartPre",
2656 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2657 [SOCKET_EXEC_START_POST] = "StartPost",
2658 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2659 [SOCKET_EXEC_STOP_POST] = "StopPost"
2660 };
2661
2662 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2663
2664 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2665 [SOCKET_SUCCESS] = "success",
2666 [SOCKET_FAILURE_RESOURCES] = "resources",
2667 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2668 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2669 [SOCKET_FAILURE_SIGNAL] = "signal",
2670 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2671 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2672 };
2673
2674 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2675
2676 const UnitVTable socket_vtable = {
2677 .object_size = sizeof(Socket),
2678 .exec_context_offset = offsetof(Socket, exec_context),
2679 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2680 .kill_context_offset = offsetof(Socket, kill_context),
2681 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2682
2683 .sections =
2684 "Unit\0"
2685 "Socket\0"
2686 "Install\0",
2687 .private_section = "Socket",
2688
2689 .init = socket_init,
2690 .done = socket_done,
2691 .load = socket_load,
2692
2693 .coldplug = socket_coldplug,
2694
2695 .dump = socket_dump,
2696
2697 .start = socket_start,
2698 .stop = socket_stop,
2699
2700 .kill = socket_kill,
2701
2702 .get_timeout = socket_get_timeout,
2703
2704 .serialize = socket_serialize,
2705 .deserialize_item = socket_deserialize_item,
2706 .distribute_fds = socket_distribute_fds,
2707
2708 .active_state = socket_active_state,
2709 .sub_state_to_string = socket_sub_state_to_string,
2710
2711 .check_gc = socket_check_gc,
2712
2713 .sigchld_event = socket_sigchld_event,
2714
2715 .trigger_notify = socket_trigger_notify,
2716
2717 .reset_failed = socket_reset_failed,
2718
2719 .bus_interface = "org.freedesktop.systemd1.Socket",
2720 .bus_vtable = bus_socket_vtable,
2721 .bus_set_property = bus_socket_set_property,
2722 .bus_commit_properties = bus_socket_commit_properties,
2723
2724 .status_message_formats = {
2725 /*.starting_stopping = {
2726 [0] = "Starting socket %s...",
2727 [1] = "Stopping socket %s...",
2728 },*/
2729 .finished_start_job = {
2730 [JOB_DONE] = "Listening on %s.",
2731 [JOB_FAILED] = "Failed to listen on %s.",
2732 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2733 [JOB_TIMEOUT] = "Timed out starting %s.",
2734 },
2735 .finished_stop_job = {
2736 [JOB_DONE] = "Closed %s.",
2737 [JOB_FAILED] = "Failed stopping %s.",
2738 [JOB_TIMEOUT] = "Timed out stopping %s.",
2739 },
2740 },
2741 };
Unnamed repository; edit this file 'description' to name the repository.