]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
core,network: major per-object logging rework
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/stat.h>
23 #include <unistd.h>
24 #include <errno.h>
25 #include <fcntl.h>
26 #include <sys/epoll.h>
27 #include <signal.h>
28 #include <arpa/inet.h>
29 #include <netinet/tcp.h>
30 #include <mqueue.h>
31
32 #include "sd-event.h"
33 #include "log.h"
34 #include "strv.h"
35 #include "mkdir.h"
36 #include "path-util.h"
37 #include "unit-name.h"
38 #include "unit-printf.h"
39 #include "missing.h"
40 #include "special.h"
41 #include "label.h"
42 #include "exit-status.h"
43 #include "def.h"
44 #include "smack-util.h"
45 #include "bus-util.h"
46 #include "bus-error.h"
47 #include "selinux-util.h"
48 #include "dbus-socket.h"
49 #include "unit.h"
50 #include "socket.h"
51 #include "formats-util.h"
52
53 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
54 [SOCKET_DEAD] = UNIT_INACTIVE,
55 [SOCKET_START_PRE] = UNIT_ACTIVATING,
56 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
57 [SOCKET_START_POST] = UNIT_ACTIVATING,
58 [SOCKET_LISTENING] = UNIT_ACTIVE,
59 [SOCKET_RUNNING] = UNIT_ACTIVE,
60 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
61 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
62 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
64 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
65 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
66 [SOCKET_FAILED] = UNIT_FAILED
67 };
68
69 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
70 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
71
72 static void socket_init(Unit *u) {
73 Socket *s = SOCKET(u);
74
75 assert(u);
76 assert(u->load_state == UNIT_STUB);
77
78 s->backlog = SOMAXCONN;
79 s->timeout_usec = u->manager->default_timeout_start_usec;
80 s->directory_mode = 0755;
81 s->socket_mode = 0666;
82
83 s->max_connections = 64;
84
85 s->priority = -1;
86 s->ip_tos = -1;
87 s->ip_ttl = -1;
88 s->mark = -1;
89
90 s->exec_context.std_output = u->manager->default_std_output;
91 s->exec_context.std_error = u->manager->default_std_error;
92
93 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
94 }
95
96 static void socket_unwatch_control_pid(Socket *s) {
97 assert(s);
98
99 if (s->control_pid <= 0)
100 return;
101
102 unit_unwatch_pid(UNIT(s), s->control_pid);
103 s->control_pid = 0;
104 }
105
106 void socket_free_ports(Socket *s) {
107 SocketPort *p;
108
109 assert(s);
110
111 while ((p = s->ports)) {
112 LIST_REMOVE(port, s->ports, p);
113
114 sd_event_source_unref(p->event_source);
115
116 safe_close(p->fd);
117 free(p->path);
118 free(p);
119 }
120 }
121
122 static void socket_done(Unit *u) {
123 Socket *s = SOCKET(u);
124
125 assert(s);
126
127 socket_free_ports(s);
128
129 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
130 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
131 s->control_command = NULL;
132
133 socket_unwatch_control_pid(s);
134
135 unit_ref_unset(&s->service);
136
137 free(s->tcp_congestion);
138 s->tcp_congestion = NULL;
139
140 free(s->bind_to_device);
141 s->bind_to_device = NULL;
142
143 free(s->smack);
144 free(s->smack_ip_in);
145 free(s->smack_ip_out);
146
147 strv_free(s->symlinks);
148
149 free(s->user);
150 free(s->group);
151
152 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
153 }
154
155 static int socket_arm_timer(Socket *s) {
156 int r;
157
158 assert(s);
159
160 if (s->timeout_usec <= 0) {
161 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
162 return 0;
163 }
164
165 if (s->timer_event_source) {
166 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
167 if (r < 0)
168 return r;
169
170 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
171 }
172
173 r = sd_event_add_time(
174 UNIT(s)->manager->event,
175 &s->timer_event_source,
176 CLOCK_MONOTONIC,
177 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
178 socket_dispatch_timer, s);
179 if (r < 0)
180 return r;
181
182 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
183
184 return 0;
185 }
186
187 int socket_instantiate_service(Socket *s) {
188 _cleanup_free_ char *prefix = NULL, *name = NULL;
189 int r;
190 Unit *u;
191
192 assert(s);
193
194 /* This fills in s->service if it isn't filled in yet. For
195 * Accept=yes sockets we create the next connection service
196 * here. For Accept=no this is mostly a NOP since the service
197 * is figured out at load time anyway. */
198
199 if (UNIT_DEREF(s->service))
200 return 0;
201
202 if (!s->accept)
203 return 0;
204
205 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
206 if (r < 0)
207 return r;
208
209 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
210 return -ENOMEM;
211
212 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
213 if (r < 0)
214 return r;
215
216 u->no_gc = true;
217 unit_ref_set(&s->service, u);
218
219 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
220 }
221
222 static bool have_non_accept_socket(Socket *s) {
223 SocketPort *p;
224
225 assert(s);
226
227 if (!s->accept)
228 return true;
229
230 LIST_FOREACH(port, p, s->ports) {
231
232 if (p->type != SOCKET_SOCKET)
233 return true;
234
235 if (!socket_address_can_accept(&p->address))
236 return true;
237 }
238
239 return false;
240 }
241
242 static int socket_add_mount_links(Socket *s) {
243 SocketPort *p;
244 int r;
245
246 assert(s);
247
248 LIST_FOREACH(port, p, s->ports) {
249 const char *path = NULL;
250
251 if (p->type == SOCKET_SOCKET)
252 path = socket_address_get_path(&p->address);
253 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
254 path = p->path;
255
256 if (!path)
257 continue;
258
259 r = unit_require_mounts_for(UNIT(s), path);
260 if (r < 0)
261 return r;
262 }
263
264 return 0;
265 }
266
267 static int socket_add_device_link(Socket *s) {
268 char *t;
269
270 assert(s);
271
272 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
273 return 0;
274
275 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
276 return unit_add_node_link(UNIT(s), t, false);
277 }
278
279 static int socket_add_default_dependencies(Socket *s) {
280 int r;
281 assert(s);
282
283 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
284 if (r < 0)
285 return r;
286
287 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
288 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
289 if (r < 0)
290 return r;
291 }
292
293 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
294 }
295
296 _pure_ static bool socket_has_exec(Socket *s) {
297 unsigned i;
298 assert(s);
299
300 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
301 if (s->exec_command[i])
302 return true;
303
304 return false;
305 }
306
307 static int socket_add_extras(Socket *s) {
308 Unit *u = UNIT(s);
309 int r;
310
311 assert(s);
312
313 if (have_non_accept_socket(s)) {
314
315 if (!UNIT_DEREF(s->service)) {
316 Unit *x;
317
318 r = unit_load_related_unit(u, ".service", &x);
319 if (r < 0)
320 return r;
321
322 unit_ref_set(&s->service, x);
323 }
324
325 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
326 if (r < 0)
327 return r;
328 }
329
330 r = socket_add_mount_links(s);
331 if (r < 0)
332 return r;
333
334 r = socket_add_device_link(s);
335 if (r < 0)
336 return r;
337
338 r = unit_patch_contexts(u);
339 if (r < 0)
340 return r;
341
342 if (socket_has_exec(s)) {
343 r = unit_add_exec_dependencies(u, &s->exec_context);
344 if (r < 0)
345 return r;
346
347 r = unit_add_default_slice(u, &s->cgroup_context);
348 if (r < 0)
349 return r;
350 }
351
352 if (u->default_dependencies) {
353 r = socket_add_default_dependencies(s);
354 if (r < 0)
355 return r;
356 }
357
358 return 0;
359 }
360
361 static const char *socket_find_symlink_target(Socket *s) {
362 const char *found = NULL;
363 SocketPort *p;
364
365 LIST_FOREACH(port, p, s->ports) {
366 const char *f = NULL;
367
368 switch (p->type) {
369
370 case SOCKET_FIFO:
371 f = p->path;
372 break;
373
374 case SOCKET_SOCKET:
375 if (p->address.sockaddr.un.sun_path[0] != 0)
376 f = p->address.sockaddr.un.sun_path;
377 break;
378
379 default:
380 break;
381 }
382
383 if (f) {
384 if (found)
385 return NULL;
386
387 found = f;
388 }
389 }
390
391 return found;
392 }
393
394 static int socket_verify(Socket *s) {
395 assert(s);
396
397 if (UNIT(s)->load_state != UNIT_LOADED)
398 return 0;
399
400 if (!s->ports) {
401 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
402 return -EINVAL;
403 }
404
405 if (s->accept && have_non_accept_socket(s)) {
406 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
407 return -EINVAL;
408 }
409
410 if (s->accept && s->max_connections <= 0) {
411 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
412 return -EINVAL;
413 }
414
415 if (s->accept && UNIT_DEREF(s->service)) {
416 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
417 return -EINVAL;
418 }
419
420 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
421 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
422 return -EINVAL;
423 }
424
425 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
426 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
427 return -EINVAL;
428 }
429
430 return 0;
431 }
432
433 static int socket_load(Unit *u) {
434 Socket *s = SOCKET(u);
435 int r;
436
437 assert(u);
438 assert(u->load_state == UNIT_STUB);
439
440 r = unit_load_fragment_and_dropin(u);
441 if (r < 0)
442 return r;
443
444 if (u->load_state == UNIT_LOADED) {
445 /* This is a new unit? Then let's add in some extras */
446 r = socket_add_extras(s);
447 if (r < 0)
448 return r;
449 }
450
451 return socket_verify(s);
452 }
453
454 _const_ static const char* listen_lookup(int family, int type) {
455
456 if (family == AF_NETLINK)
457 return "ListenNetlink";
458
459 if (type == SOCK_STREAM)
460 return "ListenStream";
461 else if (type == SOCK_DGRAM)
462 return "ListenDatagram";
463 else if (type == SOCK_SEQPACKET)
464 return "ListenSequentialPacket";
465
466 assert_not_reached("Unknown socket type");
467 return NULL;
468 }
469
470 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
471 char time_string[FORMAT_TIMESPAN_MAX];
472 SocketExecCommand c;
473 Socket *s = SOCKET(u);
474 SocketPort *p;
475 const char *prefix2;
476
477 assert(s);
478 assert(f);
479
480 prefix = strempty(prefix);
481 prefix2 = strjoina(prefix, "\t");
482
483 fprintf(f,
484 "%sSocket State: %s\n"
485 "%sResult: %s\n"
486 "%sBindIPv6Only: %s\n"
487 "%sBacklog: %u\n"
488 "%sSocketMode: %04o\n"
489 "%sDirectoryMode: %04o\n"
490 "%sKeepAlive: %s\n"
491 "%sNoDelay: %s\n"
492 "%sFreeBind: %s\n"
493 "%sTransparent: %s\n"
494 "%sBroadcast: %s\n"
495 "%sPassCredentials: %s\n"
496 "%sPassSecurity: %s\n"
497 "%sTCPCongestion: %s\n"
498 "%sRemoveOnStop: %s\n"
499 "%sSELinuxContextFromNet: %s\n",
500 prefix, socket_state_to_string(s->state),
501 prefix, socket_result_to_string(s->result),
502 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
503 prefix, s->backlog,
504 prefix, s->socket_mode,
505 prefix, s->directory_mode,
506 prefix, yes_no(s->keep_alive),
507 prefix, yes_no(s->no_delay),
508 prefix, yes_no(s->free_bind),
509 prefix, yes_no(s->transparent),
510 prefix, yes_no(s->broadcast),
511 prefix, yes_no(s->pass_cred),
512 prefix, yes_no(s->pass_sec),
513 prefix, strna(s->tcp_congestion),
514 prefix, yes_no(s->remove_on_stop),
515 prefix, yes_no(s->selinux_context_from_net));
516
517 if (s->control_pid > 0)
518 fprintf(f,
519 "%sControl PID: "PID_FMT"\n",
520 prefix, s->control_pid);
521
522 if (s->bind_to_device)
523 fprintf(f,
524 "%sBindToDevice: %s\n",
525 prefix, s->bind_to_device);
526
527 if (s->accept)
528 fprintf(f,
529 "%sAccepted: %u\n"
530 "%sNConnections: %u\n"
531 "%sMaxConnections: %u\n",
532 prefix, s->n_accepted,
533 prefix, s->n_connections,
534 prefix, s->max_connections);
535
536 if (s->priority >= 0)
537 fprintf(f,
538 "%sPriority: %i\n",
539 prefix, s->priority);
540
541 if (s->receive_buffer > 0)
542 fprintf(f,
543 "%sReceiveBuffer: %zu\n",
544 prefix, s->receive_buffer);
545
546 if (s->send_buffer > 0)
547 fprintf(f,
548 "%sSendBuffer: %zu\n",
549 prefix, s->send_buffer);
550
551 if (s->ip_tos >= 0)
552 fprintf(f,
553 "%sIPTOS: %i\n",
554 prefix, s->ip_tos);
555
556 if (s->ip_ttl >= 0)
557 fprintf(f,
558 "%sIPTTL: %i\n",
559 prefix, s->ip_ttl);
560
561 if (s->pipe_size > 0)
562 fprintf(f,
563 "%sPipeSize: %zu\n",
564 prefix, s->pipe_size);
565
566 if (s->mark >= 0)
567 fprintf(f,
568 "%sMark: %i\n",
569 prefix, s->mark);
570
571 if (s->mq_maxmsg > 0)
572 fprintf(f,
573 "%sMessageQueueMaxMessages: %li\n",
574 prefix, s->mq_maxmsg);
575
576 if (s->mq_msgsize > 0)
577 fprintf(f,
578 "%sMessageQueueMessageSize: %li\n",
579 prefix, s->mq_msgsize);
580
581 if (s->reuse_port)
582 fprintf(f,
583 "%sReusePort: %s\n",
584 prefix, yes_no(s->reuse_port));
585
586 if (s->smack)
587 fprintf(f,
588 "%sSmackLabel: %s\n",
589 prefix, s->smack);
590
591 if (s->smack_ip_in)
592 fprintf(f,
593 "%sSmackLabelIPIn: %s\n",
594 prefix, s->smack_ip_in);
595
596 if (s->smack_ip_out)
597 fprintf(f,
598 "%sSmackLabelIPOut: %s\n",
599 prefix, s->smack_ip_out);
600
601 if (!isempty(s->user) || !isempty(s->group))
602 fprintf(f,
603 "%sOwnerUser: %s\n"
604 "%sOwnerGroup: %s\n",
605 prefix, strna(s->user),
606 prefix, strna(s->group));
607
608 if (s->keep_alive_time > 0)
609 fprintf(f,
610 "%sKeepAliveTimeSec: %s\n",
611 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
612
613 if (s->keep_alive_interval)
614 fprintf(f,
615 "%sKeepAliveIntervalSec: %s\n",
616 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
617
618 if (s->keep_alive_cnt)
619 fprintf(f,
620 "%sKeepAliveProbes: %u\n",
621 prefix, s->keep_alive_cnt);
622
623 if (s->defer_accept)
624 fprintf(f,
625 "%sDeferAcceptSec: %s\n",
626 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
627
628 LIST_FOREACH(port, p, s->ports) {
629
630 if (p->type == SOCKET_SOCKET) {
631 const char *t;
632 int r;
633 char *k = NULL;
634
635 if ((r = socket_address_print(&p->address, &k)) < 0)
636 t = strerror(-r);
637 else
638 t = k;
639
640 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
641 free(k);
642 } else if (p->type == SOCKET_SPECIAL)
643 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
644 else if (p->type == SOCKET_MQUEUE)
645 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
646 else
647 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
648 }
649
650 exec_context_dump(&s->exec_context, f, prefix);
651 kill_context_dump(&s->kill_context, f, prefix);
652
653 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
654 if (!s->exec_command[c])
655 continue;
656
657 fprintf(f, "%s-> %s:\n",
658 prefix, socket_exec_command_to_string(c));
659
660 exec_command_dump_list(s->exec_command[c], f, prefix2);
661 }
662 }
663
664 static int instance_from_socket(int fd, unsigned nr, char **instance) {
665 socklen_t l;
666 char *r;
667 union sockaddr_union local, remote;
668
669 assert(fd >= 0);
670 assert(instance);
671
672 l = sizeof(local);
673 if (getsockname(fd, &local.sa, &l) < 0)
674 return -errno;
675
676 l = sizeof(remote);
677 if (getpeername(fd, &remote.sa, &l) < 0)
678 return -errno;
679
680 switch (local.sa.sa_family) {
681
682 case AF_INET: {
683 uint32_t
684 a = ntohl(local.in.sin_addr.s_addr),
685 b = ntohl(remote.in.sin_addr.s_addr);
686
687 if (asprintf(&r,
688 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
689 nr,
690 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
691 ntohs(local.in.sin_port),
692 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
693 ntohs(remote.in.sin_port)) < 0)
694 return -ENOMEM;
695
696 break;
697 }
698
699 case AF_INET6: {
700 static const unsigned char ipv4_prefix[] = {
701 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
702 };
703
704 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
705 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
706 const uint8_t
707 *a = local.in6.sin6_addr.s6_addr+12,
708 *b = remote.in6.sin6_addr.s6_addr+12;
709
710 if (asprintf(&r,
711 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
712 nr,
713 a[0], a[1], a[2], a[3],
714 ntohs(local.in6.sin6_port),
715 b[0], b[1], b[2], b[3],
716 ntohs(remote.in6.sin6_port)) < 0)
717 return -ENOMEM;
718 } else {
719 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
720
721 if (asprintf(&r,
722 "%u-%s:%u-%s:%u",
723 nr,
724 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
725 ntohs(local.in6.sin6_port),
726 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
727 ntohs(remote.in6.sin6_port)) < 0)
728 return -ENOMEM;
729 }
730
731 break;
732 }
733
734 case AF_UNIX: {
735 struct ucred ucred;
736 int k;
737
738 k = getpeercred(fd, &ucred);
739 if (k >= 0) {
740 if (asprintf(&r,
741 "%u-"PID_FMT"-"UID_FMT,
742 nr, ucred.pid, ucred.uid) < 0)
743 return -ENOMEM;
744 } else if (k == -ENODATA) {
745 /* This handles the case where somebody is
746 * connecting from another pid/uid namespace
747 * (e.g. from outside of our container). */
748 if (asprintf(&r,
749 "%u-unknown",
750 nr) < 0)
751 return -ENOMEM;
752 } else
753 return k;
754
755 break;
756 }
757
758 default:
759 assert_not_reached("Unhandled socket type.");
760 }
761
762 *instance = r;
763 return 0;
764 }
765
766 static void socket_close_fds(Socket *s) {
767 SocketPort *p;
768 char **i;
769
770 assert(s);
771
772 LIST_FOREACH(port, p, s->ports) {
773
774 p->event_source = sd_event_source_unref(p->event_source);
775
776 if (p->fd < 0)
777 continue;
778
779 p->fd = safe_close(p->fd);
780
781 /* One little note: we should normally not delete any
782 * sockets in the file system here! After all some
783 * other process we spawned might still have a
784 * reference of this fd and wants to continue to use
785 * it. Therefore we delete sockets in the file system
786 * before we create a new one, not after we stopped
787 * using one! */
788
789 if (s->remove_on_stop) {
790 switch (p->type) {
791
792 case SOCKET_FIFO:
793 unlink(p->path);
794 break;
795
796 case SOCKET_MQUEUE:
797 mq_unlink(p->path);
798 break;
799
800 case SOCKET_SOCKET:
801 socket_address_unlink(&p->address);
802 break;
803
804 default:
805 break;
806 }
807 }
808 }
809
810 if (s->remove_on_stop)
811 STRV_FOREACH(i, s->symlinks)
812 unlink(*i);
813 }
814
815 static void socket_apply_socket_options(Socket *s, int fd) {
816 int r;
817
818 assert(s);
819 assert(fd >= 0);
820
821 if (s->keep_alive) {
822 int b = s->keep_alive;
823 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
824 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
825 }
826
827 if (s->keep_alive_time) {
828 int value = s->keep_alive_time / USEC_PER_SEC;
829 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
830 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
831 }
832
833 if (s->keep_alive_interval) {
834 int value = s->keep_alive_interval / USEC_PER_SEC;
835 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
836 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
837 }
838
839 if (s->keep_alive_cnt) {
840 int value = s->keep_alive_cnt;
841 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
842 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
843 }
844
845 if (s->defer_accept) {
846 int value = s->defer_accept / USEC_PER_SEC;
847 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
848 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
849 }
850
851 if (s->no_delay) {
852 int b = s->no_delay;
853 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
854 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
855 }
856
857 if (s->broadcast) {
858 int one = 1;
859 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
860 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
861 }
862
863 if (s->pass_cred) {
864 int one = 1;
865 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
866 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
867 }
868
869 if (s->pass_sec) {
870 int one = 1;
871 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
872 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
873 }
874
875 if (s->priority >= 0)
876 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
877 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
878
879 if (s->receive_buffer > 0) {
880 int value = (int) s->receive_buffer;
881
882 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
883
884 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
885 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
886 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
887 }
888
889 if (s->send_buffer > 0) {
890 int value = (int) s->send_buffer;
891 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
892 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
893 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
894 }
895
896 if (s->mark >= 0)
897 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
898 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
899
900 if (s->ip_tos >= 0)
901 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
902 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
903
904 if (s->ip_ttl >= 0) {
905 int x;
906
907 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
908
909 if (socket_ipv6_is_supported())
910 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
911 else {
912 x = -1;
913 errno = EAFNOSUPPORT;
914 }
915
916 if (r < 0 && x < 0)
917 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
918 }
919
920 if (s->tcp_congestion)
921 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
922 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
923
924 if (s->reuse_port) {
925 int b = s->reuse_port;
926 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
927 log_unit_warning_errno(UNIT(s), errno, "SO_REUSEPORT failed: %m");
928 }
929
930 if (s->smack_ip_in) {
931 r = mac_smack_apply_ip_in_fd(fd, s->smack_ip_in);
932 if (r < 0)
933 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
934 }
935
936 if (s->smack_ip_out) {
937 r = mac_smack_apply_ip_out_fd(fd, s->smack_ip_out);
938 if (r < 0)
939 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
940 }
941 }
942
943 static void socket_apply_fifo_options(Socket *s, int fd) {
944 int r;
945
946 assert(s);
947 assert(fd >= 0);
948
949 if (s->pipe_size > 0)
950 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
951 log_unit_warning_errno(UNIT(s), errno, "F_SETPIPE_SZ: %m");
952
953 if (s->smack) {
954 r = mac_smack_apply_fd(fd, s->smack);
955 if (r < 0)
956 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_fd: %m");
957 }
958 }
959
960 static int fifo_address_create(
961 const char *path,
962 mode_t directory_mode,
963 mode_t socket_mode,
964 int *_fd) {
965
966 int fd = -1, r = 0;
967 struct stat st;
968 mode_t old_mask;
969
970 assert(path);
971 assert(_fd);
972
973 mkdir_parents_label(path, directory_mode);
974
975 r = mac_selinux_create_file_prepare(path, S_IFIFO);
976 if (r < 0)
977 goto fail;
978
979 /* Enforce the right access mode for the fifo */
980 old_mask = umask(~ socket_mode);
981
982 /* Include the original umask in our mask */
983 umask(~socket_mode | old_mask);
984
985 r = mkfifo(path, socket_mode);
986 umask(old_mask);
987
988 if (r < 0 && errno != EEXIST) {
989 r = -errno;
990 goto fail;
991 }
992
993 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
994 r = -errno;
995 goto fail;
996 }
997
998 mac_selinux_create_file_clear();
999
1000 if (fstat(fd, &st) < 0) {
1001 r = -errno;
1002 goto fail;
1003 }
1004
1005 if (!S_ISFIFO(st.st_mode) ||
1006 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1007 st.st_uid != getuid() ||
1008 st.st_gid != getgid()) {
1009
1010 r = -EEXIST;
1011 goto fail;
1012 }
1013
1014 *_fd = fd;
1015 return 0;
1016
1017 fail:
1018 mac_selinux_create_file_clear();
1019 safe_close(fd);
1020
1021 return r;
1022 }
1023
1024 static int special_address_create(
1025 const char *path,
1026 int *_fd) {
1027
1028 int fd = -1, r = 0;
1029 struct stat st;
1030
1031 assert(path);
1032 assert(_fd);
1033
1034 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1035 if (fd < 0) {
1036 r = -errno;
1037 goto fail;
1038 }
1039
1040 if (fstat(fd, &st) < 0) {
1041 r = -errno;
1042 goto fail;
1043 }
1044
1045 /* Check whether this is a /proc, /sys or /dev file or char device */
1046 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1047 r = -EEXIST;
1048 goto fail;
1049 }
1050
1051 *_fd = fd;
1052 return 0;
1053
1054 fail:
1055 safe_close(fd);
1056
1057 return r;
1058 }
1059
1060 static int mq_address_create(
1061 const char *path,
1062 mode_t mq_mode,
1063 long maxmsg,
1064 long msgsize,
1065 int *_fd) {
1066
1067 int fd = -1, r = 0;
1068 struct stat st;
1069 mode_t old_mask;
1070 struct mq_attr _attr, *attr = NULL;
1071
1072 assert(path);
1073 assert(_fd);
1074
1075 if (maxmsg > 0 && msgsize > 0) {
1076 zero(_attr);
1077 _attr.mq_flags = O_NONBLOCK;
1078 _attr.mq_maxmsg = maxmsg;
1079 _attr.mq_msgsize = msgsize;
1080 attr = &_attr;
1081 }
1082
1083 /* Enforce the right access mode for the mq */
1084 old_mask = umask(~ mq_mode);
1085
1086 /* Include the original umask in our mask */
1087 umask(~mq_mode | old_mask);
1088 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1089 umask(old_mask);
1090
1091 if (fd < 0) {
1092 r = -errno;
1093 goto fail;
1094 }
1095
1096 if (fstat(fd, &st) < 0) {
1097 r = -errno;
1098 goto fail;
1099 }
1100
1101 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1102 st.st_uid != getuid() ||
1103 st.st_gid != getgid()) {
1104
1105 r = -EEXIST;
1106 goto fail;
1107 }
1108
1109 *_fd = fd;
1110 return 0;
1111
1112 fail:
1113 safe_close(fd);
1114 return r;
1115 }
1116
1117 static int socket_symlink(Socket *s) {
1118 const char *p;
1119 char **i;
1120
1121 assert(s);
1122
1123 p = socket_find_symlink_target(s);
1124 if (!p)
1125 return 0;
1126
1127 STRV_FOREACH(i, s->symlinks)
1128 symlink_label(p, *i);
1129
1130 return 0;
1131 }
1132
1133 static int socket_open_fds(Socket *s) {
1134 SocketPort *p;
1135 int r;
1136 char *label = NULL;
1137 bool know_label = false;
1138
1139 assert(s);
1140
1141 LIST_FOREACH(port, p, s->ports) {
1142
1143 if (p->fd >= 0)
1144 continue;
1145
1146 if (p->type == SOCKET_SOCKET) {
1147
1148 if (!know_label) {
1149 /* Figure out label, if we don't it know
1150 * yet. We do it once, for the first
1151 * socket where we need this and
1152 * remember it for the rest. */
1153
1154 if (s->selinux_context_from_net) {
1155 /* Get it from the network label */
1156
1157 r = mac_selinux_get_our_label(&label);
1158 if (r < 0 && r != -EOPNOTSUPP)
1159 goto rollback;
1160
1161 } else {
1162 /* Get it from the executable we are about to start */
1163
1164 r = socket_instantiate_service(s);
1165 if (r < 0)
1166 goto rollback;
1167
1168 if (UNIT_ISSET(s->service) &&
1169 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1170 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1171 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1172 goto rollback;
1173 }
1174 }
1175
1176 know_label = true;
1177 }
1178
1179 r = socket_address_listen(
1180 &p->address,
1181 SOCK_CLOEXEC|SOCK_NONBLOCK,
1182 s->backlog,
1183 s->bind_ipv6_only,
1184 s->bind_to_device,
1185 s->free_bind,
1186 s->transparent,
1187 s->directory_mode,
1188 s->socket_mode,
1189 label);
1190 if (r < 0)
1191 goto rollback;
1192
1193 p->fd = r;
1194 socket_apply_socket_options(s, p->fd);
1195 socket_symlink(s);
1196
1197 } else if (p->type == SOCKET_SPECIAL) {
1198
1199 r = special_address_create(
1200 p->path,
1201 &p->fd);
1202 if (r < 0)
1203 goto rollback;
1204
1205 } else if (p->type == SOCKET_FIFO) {
1206
1207 r = fifo_address_create(
1208 p->path,
1209 s->directory_mode,
1210 s->socket_mode,
1211 &p->fd);
1212 if (r < 0)
1213 goto rollback;
1214
1215 socket_apply_fifo_options(s, p->fd);
1216 socket_symlink(s);
1217
1218 } else if (p->type == SOCKET_MQUEUE) {
1219
1220 r = mq_address_create(
1221 p->path,
1222 s->socket_mode,
1223 s->mq_maxmsg,
1224 s->mq_msgsize,
1225 &p->fd);
1226 if (r < 0)
1227 goto rollback;
1228 } else
1229 assert_not_reached("Unknown port type");
1230 }
1231
1232 mac_selinux_free(label);
1233 return 0;
1234
1235 rollback:
1236 socket_close_fds(s);
1237 mac_selinux_free(label);
1238
1239 return r;
1240 }
1241
1242 static void socket_unwatch_fds(Socket *s) {
1243 SocketPort *p;
1244 int r;
1245
1246 assert(s);
1247
1248 LIST_FOREACH(port, p, s->ports) {
1249 if (p->fd < 0)
1250 continue;
1251
1252 if (!p->event_source)
1253 continue;
1254
1255 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1256 if (r < 0)
1257 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
1258 }
1259 }
1260
1261 static int socket_watch_fds(Socket *s) {
1262 SocketPort *p;
1263 int r;
1264
1265 assert(s);
1266
1267 LIST_FOREACH(port, p, s->ports) {
1268 if (p->fd < 0)
1269 continue;
1270
1271 if (p->event_source)
1272 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1273 else
1274 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1275
1276 if (r < 0) {
1277 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
1278 goto fail;
1279 }
1280
1281 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1282 }
1283
1284 return 0;
1285
1286 fail:
1287 socket_unwatch_fds(s);
1288 return r;
1289 }
1290
1291 static void socket_set_state(Socket *s, SocketState state) {
1292 SocketState old_state;
1293 assert(s);
1294
1295 old_state = s->state;
1296 s->state = state;
1297
1298 if (!IN_SET(state,
1299 SOCKET_START_PRE,
1300 SOCKET_START_CHOWN,
1301 SOCKET_START_POST,
1302 SOCKET_STOP_PRE,
1303 SOCKET_STOP_PRE_SIGTERM,
1304 SOCKET_STOP_PRE_SIGKILL,
1305 SOCKET_STOP_POST,
1306 SOCKET_FINAL_SIGTERM,
1307 SOCKET_FINAL_SIGKILL)) {
1308
1309 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1310 socket_unwatch_control_pid(s);
1311 s->control_command = NULL;
1312 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1313 }
1314
1315 if (state != SOCKET_LISTENING)
1316 socket_unwatch_fds(s);
1317
1318 if (!IN_SET(state,
1319 SOCKET_START_CHOWN,
1320 SOCKET_START_POST,
1321 SOCKET_LISTENING,
1322 SOCKET_RUNNING,
1323 SOCKET_STOP_PRE,
1324 SOCKET_STOP_PRE_SIGTERM,
1325 SOCKET_STOP_PRE_SIGKILL))
1326 socket_close_fds(s);
1327
1328 if (state != old_state)
1329 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
1330
1331 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1332 }
1333
1334 static int socket_coldplug(Unit *u) {
1335 Socket *s = SOCKET(u);
1336 int r;
1337
1338 assert(s);
1339 assert(s->state == SOCKET_DEAD);
1340
1341 if (s->deserialized_state == s->state)
1342 return 0;
1343
1344 if (IN_SET(s->deserialized_state,
1345 SOCKET_START_PRE,
1346 SOCKET_START_CHOWN,
1347 SOCKET_START_POST,
1348 SOCKET_STOP_PRE,
1349 SOCKET_STOP_PRE_SIGTERM,
1350 SOCKET_STOP_PRE_SIGKILL,
1351 SOCKET_STOP_POST,
1352 SOCKET_FINAL_SIGTERM,
1353 SOCKET_FINAL_SIGKILL)) {
1354
1355 if (s->control_pid <= 0)
1356 return -EBADMSG;
1357
1358 r = unit_watch_pid(UNIT(s), s->control_pid);
1359 if (r < 0)
1360 return r;
1361
1362 r = socket_arm_timer(s);
1363 if (r < 0)
1364 return r;
1365 }
1366
1367 if (IN_SET(s->deserialized_state,
1368 SOCKET_START_CHOWN,
1369 SOCKET_START_POST,
1370 SOCKET_LISTENING,
1371 SOCKET_RUNNING,
1372 SOCKET_STOP_PRE,
1373 SOCKET_STOP_PRE_SIGTERM,
1374 SOCKET_STOP_PRE_SIGKILL)) {
1375 r = socket_open_fds(s);
1376 if (r < 0)
1377 return r;
1378 }
1379
1380 if (s->deserialized_state == SOCKET_LISTENING) {
1381 r = socket_watch_fds(s);
1382 if (r < 0)
1383 return r;
1384 }
1385
1386 socket_set_state(s, s->deserialized_state);
1387 return 0;
1388 }
1389
1390 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1391 _cleanup_free_ char **argv = NULL;
1392 pid_t pid;
1393 int r;
1394 ExecParameters exec_params = {
1395 .apply_permissions = true,
1396 .apply_chroot = true,
1397 .apply_tty_stdin = true,
1398 .bus_endpoint_fd = -1,
1399 };
1400
1401 assert(s);
1402 assert(c);
1403 assert(_pid);
1404
1405 (void) unit_realize_cgroup(UNIT(s));
1406 if (s->reset_cpu_usage) {
1407 (void) unit_reset_cpu_usage(UNIT(s));
1408 s->reset_cpu_usage = false;
1409 }
1410
1411 r = unit_setup_exec_runtime(UNIT(s));
1412 if (r < 0)
1413 goto fail;
1414
1415 r = socket_arm_timer(s);
1416 if (r < 0)
1417 goto fail;
1418
1419 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1420 if (r < 0)
1421 goto fail;
1422
1423 exec_params.argv = argv;
1424 exec_params.environment = UNIT(s)->manager->environment;
1425 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1426 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1427 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1428 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1429 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1430
1431 r = exec_spawn(UNIT(s),
1432 c,
1433 &s->exec_context,
1434 &exec_params,
1435 s->exec_runtime,
1436 &pid);
1437 if (r < 0)
1438 goto fail;
1439
1440 r = unit_watch_pid(UNIT(s), pid);
1441 if (r < 0)
1442 /* FIXME: we need to do something here */
1443 goto fail;
1444
1445 *_pid = pid;
1446 return 0;
1447
1448 fail:
1449 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1450 return r;
1451 }
1452
1453 static int socket_chown(Socket *s, pid_t *_pid) {
1454 pid_t pid;
1455 int r;
1456
1457 r = socket_arm_timer(s);
1458 if (r < 0)
1459 goto fail;
1460
1461 /* We have to resolve the user names out-of-process, hence
1462 * let's fork here. It's messy, but well, what can we do? */
1463
1464 pid = fork();
1465 if (pid < 0)
1466 return -errno;
1467
1468 if (pid == 0) {
1469 SocketPort *p;
1470 uid_t uid = UID_INVALID;
1471 gid_t gid = GID_INVALID;
1472 int ret;
1473
1474 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1475 ignore_signals(SIGPIPE, -1);
1476 log_forget_fds();
1477
1478 if (!isempty(s->user)) {
1479 const char *user = s->user;
1480
1481 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1482 if (r < 0) {
1483 ret = EXIT_USER;
1484 goto fail_child;
1485 }
1486 }
1487
1488 if (!isempty(s->group)) {
1489 const char *group = s->group;
1490
1491 r = get_group_creds(&group, &gid);
1492 if (r < 0) {
1493 ret = EXIT_GROUP;
1494 goto fail_child;
1495 }
1496 }
1497
1498 LIST_FOREACH(port, p, s->ports) {
1499 const char *path = NULL;
1500
1501 if (p->type == SOCKET_SOCKET)
1502 path = socket_address_get_path(&p->address);
1503 else if (p->type == SOCKET_FIFO)
1504 path = p->path;
1505
1506 if (!path)
1507 continue;
1508
1509 if (chown(path, uid, gid) < 0) {
1510 r = -errno;
1511 ret = EXIT_CHOWN;
1512 goto fail_child;
1513 }
1514 }
1515
1516 _exit(0);
1517
1518 fail_child:
1519 log_open();
1520 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1521
1522 _exit(ret);
1523 }
1524
1525 r = unit_watch_pid(UNIT(s), pid);
1526 if (r < 0)
1527 goto fail;
1528
1529 *_pid = pid;
1530 return 0;
1531
1532 fail:
1533 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1534 return r;
1535 }
1536
1537 static void socket_enter_dead(Socket *s, SocketResult f) {
1538 assert(s);
1539
1540 if (f != SOCKET_SUCCESS)
1541 s->result = f;
1542
1543 exec_runtime_destroy(s->exec_runtime);
1544 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1545
1546 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1547
1548 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1549 }
1550
1551 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1552
1553 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1554 int r;
1555 assert(s);
1556
1557 if (f != SOCKET_SUCCESS)
1558 s->result = f;
1559
1560 socket_unwatch_control_pid(s);
1561 s->control_command_id = SOCKET_EXEC_STOP_POST;
1562 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1563
1564 if (s->control_command) {
1565 r = socket_spawn(s, s->control_command, &s->control_pid);
1566 if (r < 0)
1567 goto fail;
1568
1569 socket_set_state(s, SOCKET_STOP_POST);
1570 } else
1571 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1572
1573 return;
1574
1575 fail:
1576 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
1577 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1578 }
1579
1580 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1581 int r;
1582
1583 assert(s);
1584
1585 if (f != SOCKET_SUCCESS)
1586 s->result = f;
1587
1588 r = unit_kill_context(
1589 UNIT(s),
1590 &s->kill_context,
1591 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1592 KILL_KILL : KILL_TERMINATE,
1593 -1,
1594 s->control_pid,
1595 false);
1596 if (r < 0)
1597 goto fail;
1598
1599 if (r > 0) {
1600 r = socket_arm_timer(s);
1601 if (r < 0)
1602 goto fail;
1603
1604 socket_set_state(s, state);
1605 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1606 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1607 else if (state == SOCKET_STOP_PRE_SIGKILL)
1608 socket_enter_stop_post(s, SOCKET_SUCCESS);
1609 else if (state == SOCKET_FINAL_SIGTERM)
1610 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1611 else
1612 socket_enter_dead(s, SOCKET_SUCCESS);
1613
1614 return;
1615
1616 fail:
1617 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
1618
1619 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1620 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1621 else
1622 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1623 }
1624
1625 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1626 int r;
1627 assert(s);
1628
1629 if (f != SOCKET_SUCCESS)
1630 s->result = f;
1631
1632 socket_unwatch_control_pid(s);
1633 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1634 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1635
1636 if (s->control_command) {
1637 r = socket_spawn(s, s->control_command, &s->control_pid);
1638 if (r < 0)
1639 goto fail;
1640
1641 socket_set_state(s, SOCKET_STOP_PRE);
1642 } else
1643 socket_enter_stop_post(s, SOCKET_SUCCESS);
1644
1645 return;
1646
1647 fail:
1648 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
1649 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1650 }
1651
1652 static void socket_enter_listening(Socket *s) {
1653 int r;
1654 assert(s);
1655
1656 r = socket_watch_fds(s);
1657 if (r < 0) {
1658 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1659 goto fail;
1660 }
1661
1662 socket_set_state(s, SOCKET_LISTENING);
1663 return;
1664
1665 fail:
1666 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1667 }
1668
1669 static void socket_enter_start_post(Socket *s) {
1670 int r;
1671 assert(s);
1672
1673 socket_unwatch_control_pid(s);
1674 s->control_command_id = SOCKET_EXEC_START_POST;
1675 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1676
1677 if (s->control_command) {
1678 r = socket_spawn(s, s->control_command, &s->control_pid);
1679 if (r < 0) {
1680 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
1681 goto fail;
1682 }
1683
1684 socket_set_state(s, SOCKET_START_POST);
1685 } else
1686 socket_enter_listening(s);
1687
1688 return;
1689
1690 fail:
1691 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1692 }
1693
1694 static void socket_enter_start_chown(Socket *s) {
1695 int r;
1696
1697 assert(s);
1698
1699 r = socket_open_fds(s);
1700 if (r < 0) {
1701 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1702 goto fail;
1703 }
1704
1705 if (!isempty(s->user) || !isempty(s->group)) {
1706
1707 socket_unwatch_control_pid(s);
1708 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1709 s->control_command = NULL;
1710
1711 r = socket_chown(s, &s->control_pid);
1712 if (r < 0) {
1713 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
1714 goto fail;
1715 }
1716
1717 socket_set_state(s, SOCKET_START_CHOWN);
1718 } else
1719 socket_enter_start_post(s);
1720
1721 return;
1722
1723 fail:
1724 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1725 }
1726
1727 static void socket_enter_start_pre(Socket *s) {
1728 int r;
1729 assert(s);
1730
1731 socket_unwatch_control_pid(s);
1732 s->control_command_id = SOCKET_EXEC_START_PRE;
1733 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1734
1735 if (s->control_command) {
1736 r = socket_spawn(s, s->control_command, &s->control_pid);
1737 if (r < 0) {
1738 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
1739 goto fail;
1740 }
1741
1742 socket_set_state(s, SOCKET_START_PRE);
1743 } else
1744 socket_enter_start_chown(s);
1745
1746 return;
1747
1748 fail:
1749 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1750 }
1751
1752 static void socket_enter_running(Socket *s, int cfd) {
1753 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1754 int r;
1755
1756 assert(s);
1757
1758 /* We don't take connections anymore if we are supposed to
1759 * shut down anyway */
1760 if (unit_stop_pending(UNIT(s))) {
1761
1762 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
1763
1764 if (cfd >= 0)
1765 safe_close(cfd);
1766 else {
1767 /* Flush all sockets by closing and reopening them */
1768 socket_close_fds(s);
1769
1770 r = socket_open_fds(s);
1771 if (r < 0) {
1772 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1773 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1774 return;
1775 }
1776
1777 r = socket_watch_fds(s);
1778 if (r < 0) {
1779 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1780 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1781 }
1782 }
1783
1784 return;
1785 }
1786
1787 if (cfd < 0) {
1788 Iterator i;
1789 Unit *other;
1790 bool pending = false;
1791
1792 /* If there's already a start pending don't bother to
1793 * do anything */
1794 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1795 if (unit_active_or_pending(other)) {
1796 pending = true;
1797 break;
1798 }
1799
1800 if (!pending) {
1801 if (!UNIT_ISSET(s->service)) {
1802 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
1803 r = -ENOENT;
1804 goto fail;
1805 }
1806
1807 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1808 if (r < 0)
1809 goto fail;
1810 }
1811
1812 socket_set_state(s, SOCKET_RUNNING);
1813 } else {
1814 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1815 Service *service;
1816
1817 if (s->n_connections >= s->max_connections) {
1818 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
1819 safe_close(cfd);
1820 return;
1821 }
1822
1823 r = socket_instantiate_service(s);
1824 if (r < 0)
1825 goto fail;
1826
1827 r = instance_from_socket(cfd, s->n_accepted, &instance);
1828 if (r < 0) {
1829 if (r != -ENOTCONN)
1830 goto fail;
1831
1832 /* ENOTCONN is legitimate if TCP RST was received.
1833 * This connection is over, but the socket unit lives on. */
1834 safe_close(cfd);
1835 return;
1836 }
1837
1838 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1839 if (r < 0)
1840 goto fail;
1841
1842 r = unit_name_build(prefix, instance, ".service", &name);
1843 if (r < 0)
1844 goto fail;
1845
1846 r = unit_add_name(UNIT_DEREF(s->service), name);
1847 if (r < 0)
1848 goto fail;
1849
1850 service = SERVICE(UNIT_DEREF(s->service));
1851 unit_ref_unset(&s->service);
1852 s->n_accepted ++;
1853
1854 UNIT(service)->no_gc = false;
1855
1856 unit_choose_id(UNIT(service), name);
1857
1858 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1859 if (r < 0)
1860 goto fail;
1861
1862 cfd = -1;
1863 s->n_connections ++;
1864
1865 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1866 if (r < 0)
1867 goto fail;
1868
1869 /* Notify clients about changed counters */
1870 unit_add_to_dbus_queue(UNIT(s));
1871 }
1872
1873 return;
1874
1875 fail:
1876 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1877 cfd >= 0 ? "template" : "non-template",
1878 bus_error_message(&error, r));
1879
1880 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1881 safe_close(cfd);
1882 }
1883
1884 static void socket_run_next(Socket *s) {
1885 int r;
1886
1887 assert(s);
1888 assert(s->control_command);
1889 assert(s->control_command->command_next);
1890
1891 socket_unwatch_control_pid(s);
1892
1893 s->control_command = s->control_command->command_next;
1894
1895 r = socket_spawn(s, s->control_command, &s->control_pid);
1896 if (r < 0)
1897 goto fail;
1898
1899 return;
1900
1901 fail:
1902 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
1903
1904 if (s->state == SOCKET_START_POST)
1905 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1906 else if (s->state == SOCKET_STOP_POST)
1907 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1908 else
1909 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1910 }
1911
1912 static int socket_start(Unit *u) {
1913 Socket *s = SOCKET(u);
1914
1915 assert(s);
1916
1917 /* We cannot fulfill this request right now, try again later
1918 * please! */
1919 if (IN_SET(s->state,
1920 SOCKET_STOP_PRE,
1921 SOCKET_STOP_PRE_SIGKILL,
1922 SOCKET_STOP_PRE_SIGTERM,
1923 SOCKET_STOP_POST,
1924 SOCKET_FINAL_SIGTERM,
1925 SOCKET_FINAL_SIGKILL))
1926 return -EAGAIN;
1927
1928 /* Already on it! */
1929 if (IN_SET(s->state,
1930 SOCKET_START_PRE,
1931 SOCKET_START_CHOWN,
1932 SOCKET_START_POST))
1933 return 0;
1934
1935 /* Cannot run this without the service being around */
1936 if (UNIT_ISSET(s->service)) {
1937 Service *service;
1938
1939 service = SERVICE(UNIT_DEREF(s->service));
1940
1941 if (UNIT(service)->load_state != UNIT_LOADED) {
1942 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1943 return -ENOENT;
1944 }
1945
1946 /* If the service is already active we cannot start the
1947 * socket */
1948 if (service->state != SERVICE_DEAD &&
1949 service->state != SERVICE_FAILED &&
1950 service->state != SERVICE_AUTO_RESTART) {
1951 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
1952 return -EBUSY;
1953 }
1954 }
1955
1956 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1957
1958 s->result = SOCKET_SUCCESS;
1959 s->reset_cpu_usage = true;
1960
1961 socket_enter_start_pre(s);
1962
1963 return 1;
1964 }
1965
1966 static int socket_stop(Unit *u) {
1967 Socket *s = SOCKET(u);
1968
1969 assert(s);
1970
1971 /* Already on it */
1972 if (IN_SET(s->state,
1973 SOCKET_STOP_PRE,
1974 SOCKET_STOP_PRE_SIGTERM,
1975 SOCKET_STOP_PRE_SIGKILL,
1976 SOCKET_STOP_POST,
1977 SOCKET_FINAL_SIGTERM,
1978 SOCKET_FINAL_SIGKILL))
1979 return 0;
1980
1981 /* If there's already something running we go directly into
1982 * kill mode. */
1983 if (IN_SET(s->state,
1984 SOCKET_START_PRE,
1985 SOCKET_START_CHOWN,
1986 SOCKET_START_POST)) {
1987 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1988 return -EAGAIN;
1989 }
1990
1991 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1992
1993 socket_enter_stop_pre(s, SOCKET_SUCCESS);
1994 return 1;
1995 }
1996
1997 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1998 Socket *s = SOCKET(u);
1999 SocketPort *p;
2000 int r;
2001
2002 assert(u);
2003 assert(f);
2004 assert(fds);
2005
2006 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2007 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2008 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2009
2010 if (s->control_pid > 0)
2011 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2012
2013 if (s->control_command_id >= 0)
2014 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2015
2016 LIST_FOREACH(port, p, s->ports) {
2017 int copy;
2018
2019 if (p->fd < 0)
2020 continue;
2021
2022 copy = fdset_put_dup(fds, p->fd);
2023 if (copy < 0)
2024 return copy;
2025
2026 if (p->type == SOCKET_SOCKET) {
2027 _cleanup_free_ char *t = NULL;
2028
2029 r = socket_address_print(&p->address, &t);
2030 if (r < 0)
2031 return r;
2032
2033 if (socket_address_family(&p->address) == AF_NETLINK)
2034 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2035 else
2036 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2037
2038 } else if (p->type == SOCKET_SPECIAL)
2039 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2040 else if (p->type == SOCKET_MQUEUE)
2041 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2042 else {
2043 assert(p->type == SOCKET_FIFO);
2044 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2045 }
2046 }
2047
2048 return 0;
2049 }
2050
2051 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2052 Socket *s = SOCKET(u);
2053
2054 assert(u);
2055 assert(key);
2056 assert(value);
2057
2058 if (streq(key, "state")) {
2059 SocketState state;
2060
2061 state = socket_state_from_string(value);
2062 if (state < 0)
2063 log_unit_debug(u, "Failed to parse state value: %s", value);
2064 else
2065 s->deserialized_state = state;
2066 } else if (streq(key, "result")) {
2067 SocketResult f;
2068
2069 f = socket_result_from_string(value);
2070 if (f < 0)
2071 log_unit_debug(u, "Failed to parse result value: %s", value);
2072 else if (f != SOCKET_SUCCESS)
2073 s->result = f;
2074
2075 } else if (streq(key, "n-accepted")) {
2076 unsigned k;
2077
2078 if (safe_atou(value, &k) < 0)
2079 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
2080 else
2081 s->n_accepted += k;
2082 } else if (streq(key, "control-pid")) {
2083 pid_t pid;
2084
2085 if (parse_pid(value, &pid) < 0)
2086 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
2087 else
2088 s->control_pid = pid;
2089 } else if (streq(key, "control-command")) {
2090 SocketExecCommand id;
2091
2092 id = socket_exec_command_from_string(value);
2093 if (id < 0)
2094 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
2095 else {
2096 s->control_command_id = id;
2097 s->control_command = s->exec_command[id];
2098 }
2099 } else if (streq(key, "fifo")) {
2100 int fd, skip = 0;
2101 SocketPort *p;
2102
2103 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2104 log_unit_debug(u, "Failed to parse fifo value: %s", value);
2105 else {
2106
2107 LIST_FOREACH(port, p, s->ports)
2108 if (p->type == SOCKET_FIFO &&
2109 path_equal_or_files_same(p->path, value+skip))
2110 break;
2111
2112 if (p) {
2113 safe_close(p->fd);
2114 p->fd = fdset_remove(fds, fd);
2115 }
2116 }
2117
2118 } else if (streq(key, "special")) {
2119 int fd, skip = 0;
2120 SocketPort *p;
2121
2122 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2123 log_unit_debug(u, "Failed to parse special value: %s", value);
2124 else {
2125
2126 LIST_FOREACH(port, p, s->ports)
2127 if (p->type == SOCKET_SPECIAL &&
2128 path_equal_or_files_same(p->path, value+skip))
2129 break;
2130
2131 if (p) {
2132 safe_close(p->fd);
2133 p->fd = fdset_remove(fds, fd);
2134 }
2135 }
2136
2137 } else if (streq(key, "mqueue")) {
2138 int fd, skip = 0;
2139 SocketPort *p;
2140
2141 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2142 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
2143 else {
2144
2145 LIST_FOREACH(port, p, s->ports)
2146 if (p->type == SOCKET_MQUEUE &&
2147 streq(p->path, value+skip))
2148 break;
2149
2150 if (p) {
2151 safe_close(p->fd);
2152 p->fd = fdset_remove(fds, fd);
2153 }
2154 }
2155
2156 } else if (streq(key, "socket")) {
2157 int fd, type, skip = 0;
2158 SocketPort *p;
2159
2160 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2161 log_unit_debug(u, "Failed to parse socket value: %s", value);
2162 else {
2163
2164 LIST_FOREACH(port, p, s->ports)
2165 if (socket_address_is(&p->address, value+skip, type))
2166 break;
2167
2168 if (p) {
2169 safe_close(p->fd);
2170 p->fd = fdset_remove(fds, fd);
2171 }
2172 }
2173
2174 } else if (streq(key, "netlink")) {
2175 int fd, skip = 0;
2176 SocketPort *p;
2177
2178 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2179 log_unit_debug(u, "Failed to parse socket value: %s", value);
2180 else {
2181
2182 LIST_FOREACH(port, p, s->ports)
2183 if (socket_address_is_netlink(&p->address, value+skip))
2184 break;
2185
2186 if (p) {
2187 safe_close(p->fd);
2188 p->fd = fdset_remove(fds, fd);
2189 }
2190 }
2191 } else
2192 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
2193
2194 return 0;
2195 }
2196
2197 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2198 Socket *s = SOCKET(u);
2199 SocketPort *p;
2200
2201 assert(u);
2202
2203 LIST_FOREACH(port, p, s->ports) {
2204 Iterator i;
2205 int fd;
2206
2207 if (p->type != SOCKET_SOCKET)
2208 continue;
2209
2210 if (p->fd >= 0)
2211 continue;
2212
2213 FDSET_FOREACH(fd, fds, i) {
2214 if (socket_address_matches_fd(&p->address, fd)) {
2215 p->fd = fdset_remove(fds, fd);
2216 s->deserialized_state = SOCKET_LISTENING;
2217 break;
2218 }
2219 }
2220 }
2221
2222 return 0;
2223 }
2224
2225 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2226 assert(u);
2227
2228 return state_translation_table[SOCKET(u)->state];
2229 }
2230
2231 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2232 assert(u);
2233
2234 return socket_state_to_string(SOCKET(u)->state);
2235 }
2236
2237 const char* socket_port_type_to_string(SocketPort *p) {
2238
2239 assert(p);
2240
2241 switch (p->type) {
2242
2243 case SOCKET_SOCKET:
2244
2245 switch (p->address.type) {
2246
2247 case SOCK_STREAM:
2248 return "Stream";
2249
2250 case SOCK_DGRAM:
2251 return "Datagram";
2252
2253 case SOCK_SEQPACKET:
2254 return "SequentialPacket";
2255
2256 case SOCK_RAW:
2257 if (socket_address_family(&p->address) == AF_NETLINK)
2258 return "Netlink";
2259
2260 default:
2261 return NULL;
2262 }
2263
2264 case SOCKET_SPECIAL:
2265 return "Special";
2266
2267 case SOCKET_MQUEUE:
2268 return "MessageQueue";
2269
2270 case SOCKET_FIFO:
2271 return "FIFO";
2272
2273 default:
2274 return NULL;
2275 }
2276 }
2277
2278 _pure_ static bool socket_check_gc(Unit *u) {
2279 Socket *s = SOCKET(u);
2280
2281 assert(u);
2282
2283 return s->n_connections > 0;
2284 }
2285
2286 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2287 SocketPort *p = userdata;
2288 int cfd = -1;
2289
2290 assert(p);
2291 assert(fd >= 0);
2292
2293 if (p->socket->state != SOCKET_LISTENING)
2294 return 0;
2295
2296 log_unit_debug(UNIT(p->socket), "Incoming traffic");
2297
2298 if (revents != EPOLLIN) {
2299
2300 if (revents & EPOLLHUP)
2301 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2302 else
2303 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
2304
2305 goto fail;
2306 }
2307
2308 if (p->socket->accept &&
2309 p->type == SOCKET_SOCKET &&
2310 socket_address_can_accept(&p->address)) {
2311
2312 for (;;) {
2313
2314 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2315 if (cfd < 0) {
2316
2317 if (errno == EINTR)
2318 continue;
2319
2320 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
2321 goto fail;
2322 }
2323
2324 break;
2325 }
2326
2327 socket_apply_socket_options(p->socket, cfd);
2328 }
2329
2330 socket_enter_running(p->socket, cfd);
2331 return 0;
2332
2333 fail:
2334 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2335 return 0;
2336 }
2337
2338 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2339 Socket *s = SOCKET(u);
2340 SocketResult f;
2341
2342 assert(s);
2343 assert(pid >= 0);
2344
2345 if (pid != s->control_pid)
2346 return;
2347
2348 s->control_pid = 0;
2349
2350 if (is_clean_exit(code, status, NULL))
2351 f = SOCKET_SUCCESS;
2352 else if (code == CLD_EXITED)
2353 f = SOCKET_FAILURE_EXIT_CODE;
2354 else if (code == CLD_KILLED)
2355 f = SOCKET_FAILURE_SIGNAL;
2356 else if (code == CLD_DUMPED)
2357 f = SOCKET_FAILURE_CORE_DUMP;
2358 else
2359 assert_not_reached("Unknown sigchld code");
2360
2361 if (s->control_command) {
2362 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2363
2364 if (s->control_command->ignore)
2365 f = SOCKET_SUCCESS;
2366 }
2367
2368 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2369 "Control process exited, code=%s status=%i",
2370 sigchld_code_to_string(code), status);
2371
2372 if (f != SOCKET_SUCCESS)
2373 s->result = f;
2374
2375 if (s->control_command &&
2376 s->control_command->command_next &&
2377 f == SOCKET_SUCCESS) {
2378
2379 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
2380 socket_run_next(s);
2381 } else {
2382 s->control_command = NULL;
2383 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2384
2385 /* No further commands for this step, so let's figure
2386 * out what to do next */
2387
2388 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
2389
2390 switch (s->state) {
2391
2392 case SOCKET_START_PRE:
2393 if (f == SOCKET_SUCCESS)
2394 socket_enter_start_chown(s);
2395 else
2396 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2397 break;
2398
2399 case SOCKET_START_CHOWN:
2400 if (f == SOCKET_SUCCESS)
2401 socket_enter_start_post(s);
2402 else
2403 socket_enter_stop_pre(s, f);
2404 break;
2405
2406 case SOCKET_START_POST:
2407 if (f == SOCKET_SUCCESS)
2408 socket_enter_listening(s);
2409 else
2410 socket_enter_stop_pre(s, f);
2411 break;
2412
2413 case SOCKET_STOP_PRE:
2414 case SOCKET_STOP_PRE_SIGTERM:
2415 case SOCKET_STOP_PRE_SIGKILL:
2416 socket_enter_stop_post(s, f);
2417 break;
2418
2419 case SOCKET_STOP_POST:
2420 case SOCKET_FINAL_SIGTERM:
2421 case SOCKET_FINAL_SIGKILL:
2422 socket_enter_dead(s, f);
2423 break;
2424
2425 default:
2426 assert_not_reached("Uh, control process died at wrong time.");
2427 }
2428 }
2429
2430 /* Notify clients about changed exit status */
2431 unit_add_to_dbus_queue(u);
2432 }
2433
2434 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2435 Socket *s = SOCKET(userdata);
2436
2437 assert(s);
2438 assert(s->timer_event_source == source);
2439
2440 switch (s->state) {
2441
2442 case SOCKET_START_PRE:
2443 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
2444 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2445 break;
2446
2447 case SOCKET_START_CHOWN:
2448 case SOCKET_START_POST:
2449 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
2450 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2451 break;
2452
2453 case SOCKET_STOP_PRE:
2454 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
2455 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2456 break;
2457
2458 case SOCKET_STOP_PRE_SIGTERM:
2459 if (s->kill_context.send_sigkill) {
2460 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
2461 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2462 } else {
2463 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2464 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2465 }
2466 break;
2467
2468 case SOCKET_STOP_PRE_SIGKILL:
2469 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
2470 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2471 break;
2472
2473 case SOCKET_STOP_POST:
2474 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
2475 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2476 break;
2477
2478 case SOCKET_FINAL_SIGTERM:
2479 if (s->kill_context.send_sigkill) {
2480 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
2481 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2482 } else {
2483 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2484 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2485 }
2486 break;
2487
2488 case SOCKET_FINAL_SIGKILL:
2489 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
2490 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2491 break;
2492
2493 default:
2494 assert_not_reached("Timeout at wrong time.");
2495 }
2496
2497 return 0;
2498 }
2499
2500 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2501 int *rfds;
2502 unsigned rn_fds, k;
2503 SocketPort *p;
2504
2505 assert(s);
2506 assert(fds);
2507 assert(n_fds);
2508
2509 /* Called from the service code for requesting our fds */
2510
2511 rn_fds = 0;
2512 LIST_FOREACH(port, p, s->ports)
2513 if (p->fd >= 0)
2514 rn_fds++;
2515
2516 if (rn_fds <= 0) {
2517 *fds = NULL;
2518 *n_fds = 0;
2519 return 0;
2520 }
2521
2522 rfds = new(int, rn_fds);
2523 if (!rfds)
2524 return -ENOMEM;
2525
2526 k = 0;
2527 LIST_FOREACH(port, p, s->ports)
2528 if (p->fd >= 0)
2529 rfds[k++] = p->fd;
2530
2531 assert(k == rn_fds);
2532
2533 *fds = rfds;
2534 *n_fds = rn_fds;
2535
2536 return 0;
2537 }
2538
2539 static void socket_reset_failed(Unit *u) {
2540 Socket *s = SOCKET(u);
2541
2542 assert(s);
2543
2544 if (s->state == SOCKET_FAILED)
2545 socket_set_state(s, SOCKET_DEAD);
2546
2547 s->result = SOCKET_SUCCESS;
2548 }
2549
2550 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2551 assert(s);
2552
2553 /* The service is dead. Dang!
2554 *
2555 * This is strictly for one-instance-for-all-connections
2556 * services. */
2557
2558 if (s->state == SOCKET_RUNNING) {
2559 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
2560 if (failed_permanent)
2561 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2562 else
2563 socket_enter_listening(s);
2564 }
2565 }
2566
2567 void socket_connection_unref(Socket *s) {
2568 assert(s);
2569
2570 /* The service is dead. Yay!
2571 *
2572 * This is strictly for one-instance-per-connection
2573 * services. */
2574
2575 assert(s->n_connections > 0);
2576 s->n_connections--;
2577
2578 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
2579 }
2580
2581 static void socket_trigger_notify(Unit *u, Unit *other) {
2582 Socket *s = SOCKET(u);
2583 Service *se;
2584
2585 assert(u);
2586 assert(other);
2587
2588 /* Don't propagate state changes from the service if we are
2589 already down or accepting connections */
2590 if ((s->state != SOCKET_RUNNING &&
2591 s->state != SOCKET_LISTENING) ||
2592 s->accept)
2593 return;
2594
2595 if (other->load_state != UNIT_LOADED ||
2596 other->type != UNIT_SERVICE)
2597 return;
2598
2599 se = SERVICE(other);
2600
2601 if (se->state == SERVICE_FAILED)
2602 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2603
2604 if (se->state == SERVICE_DEAD ||
2605 se->state == SERVICE_FINAL_SIGTERM ||
2606 se->state == SERVICE_FINAL_SIGKILL ||
2607 se->state == SERVICE_AUTO_RESTART)
2608 socket_notify_service_dead(s, false);
2609
2610 if (se->state == SERVICE_RUNNING)
2611 socket_set_state(s, SOCKET_RUNNING);
2612 }
2613
2614 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2615 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2616 }
2617
2618 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2619 Socket *s = SOCKET(u);
2620 int r;
2621
2622 if (!s->timer_event_source)
2623 return 0;
2624
2625 r = sd_event_source_get_time(s->timer_event_source, timeout);
2626 if (r < 0)
2627 return r;
2628
2629 return 1;
2630 }
2631
2632 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2633 [SOCKET_DEAD] = "dead",
2634 [SOCKET_START_PRE] = "start-pre",
2635 [SOCKET_START_CHOWN] = "start-chown",
2636 [SOCKET_START_POST] = "start-post",
2637 [SOCKET_LISTENING] = "listening",
2638 [SOCKET_RUNNING] = "running",
2639 [SOCKET_STOP_PRE] = "stop-pre",
2640 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2641 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2642 [SOCKET_STOP_POST] = "stop-post",
2643 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2644 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2645 [SOCKET_FAILED] = "failed"
2646 };
2647
2648 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2649
2650 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2651 [SOCKET_EXEC_START_PRE] = "StartPre",
2652 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2653 [SOCKET_EXEC_START_POST] = "StartPost",
2654 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2655 [SOCKET_EXEC_STOP_POST] = "StopPost"
2656 };
2657
2658 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2659
2660 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2661 [SOCKET_SUCCESS] = "success",
2662 [SOCKET_FAILURE_RESOURCES] = "resources",
2663 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2664 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2665 [SOCKET_FAILURE_SIGNAL] = "signal",
2666 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2667 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2668 };
2669
2670 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2671
2672 const UnitVTable socket_vtable = {
2673 .object_size = sizeof(Socket),
2674 .exec_context_offset = offsetof(Socket, exec_context),
2675 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2676 .kill_context_offset = offsetof(Socket, kill_context),
2677 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2678
2679 .sections =
2680 "Unit\0"
2681 "Socket\0"
2682 "Install\0",
2683 .private_section = "Socket",
2684
2685 .init = socket_init,
2686 .done = socket_done,
2687 .load = socket_load,
2688
2689 .coldplug = socket_coldplug,
2690
2691 .dump = socket_dump,
2692
2693 .start = socket_start,
2694 .stop = socket_stop,
2695
2696 .kill = socket_kill,
2697
2698 .get_timeout = socket_get_timeout,
2699
2700 .serialize = socket_serialize,
2701 .deserialize_item = socket_deserialize_item,
2702 .distribute_fds = socket_distribute_fds,
2703
2704 .active_state = socket_active_state,
2705 .sub_state_to_string = socket_sub_state_to_string,
2706
2707 .check_gc = socket_check_gc,
2708
2709 .sigchld_event = socket_sigchld_event,
2710
2711 .trigger_notify = socket_trigger_notify,
2712
2713 .reset_failed = socket_reset_failed,
2714
2715 .bus_interface = "org.freedesktop.systemd1.Socket",
2716 .bus_vtable = bus_socket_vtable,
2717 .bus_set_property = bus_socket_set_property,
2718 .bus_commit_properties = bus_socket_commit_properties,
2719
2720 .status_message_formats = {
2721 /*.starting_stopping = {
2722 [0] = "Starting socket %s...",
2723 [1] = "Stopping socket %s...",
2724 },*/
2725 .finished_start_job = {
2726 [JOB_DONE] = "Listening on %s.",
2727 [JOB_FAILED] = "Failed to listen on %s.",
2728 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2729 [JOB_TIMEOUT] = "Timed out starting %s.",
2730 },
2731 .finished_stop_job = {
2732 [JOB_DONE] = "Closed %s.",
2733 [JOB_FAILED] = "Failed stopping %s.",
2734 [JOB_TIMEOUT] = "Timed out stopping %s.",
2735 },
2736 },
2737 };
Unnamed repository; edit this file 'description' to name the repository.