]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
util-lib: split string parsing related calls from util.[ch] into parse-util.[ch]
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <arpa/inet.h>
23 #include <errno.h>
24 #include <fcntl.h>
25 #include <mqueue.h>
26 #include <netinet/tcp.h>
27 #include <signal.h>
28 #include <sys/epoll.h>
29 #include <sys/stat.h>
30 #include <unistd.h>
31
32 #include "sd-event.h"
33
34 #include "bus-error.h"
35 #include "bus-util.h"
36 #include "copy.h"
37 #include "dbus-socket.h"
38 #include "def.h"
39 #include "exit-status.h"
40 #include "fd-util.h"
41 #include "formats-util.h"
42 #include "label.h"
43 #include "log.h"
44 #include "missing.h"
45 #include "mkdir.h"
46 #include "parse-util.h"
47 #include "path-util.h"
48 #include "selinux-util.h"
49 #include "signal-util.h"
50 #include "smack-util.h"
51 #include "socket.h"
52 #include "special.h"
53 #include "string-util.h"
54 #include "strv.h"
55 #include "unit-name.h"
56 #include "unit-printf.h"
57 #include "unit.h"
58 #include "user-util.h"
59
60 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
61 [SOCKET_DEAD] = UNIT_INACTIVE,
62 [SOCKET_START_PRE] = UNIT_ACTIVATING,
63 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
64 [SOCKET_START_POST] = UNIT_ACTIVATING,
65 [SOCKET_LISTENING] = UNIT_ACTIVE,
66 [SOCKET_RUNNING] = UNIT_ACTIVE,
67 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
68 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
69 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
70 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
71 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
72 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
73 [SOCKET_FAILED] = UNIT_FAILED
74 };
75
76 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
77 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
78
79 static void socket_init(Unit *u) {
80 Socket *s = SOCKET(u);
81
82 assert(u);
83 assert(u->load_state == UNIT_STUB);
84
85 s->backlog = SOMAXCONN;
86 s->timeout_usec = u->manager->default_timeout_start_usec;
87 s->directory_mode = 0755;
88 s->socket_mode = 0666;
89
90 s->max_connections = 64;
91
92 s->priority = -1;
93 s->ip_tos = -1;
94 s->ip_ttl = -1;
95 s->mark = -1;
96
97 s->exec_context.std_output = u->manager->default_std_output;
98 s->exec_context.std_error = u->manager->default_std_error;
99
100 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
101 }
102
103 static void socket_unwatch_control_pid(Socket *s) {
104 assert(s);
105
106 if (s->control_pid <= 0)
107 return;
108
109 unit_unwatch_pid(UNIT(s), s->control_pid);
110 s->control_pid = 0;
111 }
112
113 static void socket_cleanup_fd_list(SocketPort *p) {
114 assert(p);
115
116 close_many(p->auxiliary_fds, p->n_auxiliary_fds);
117 p->auxiliary_fds = mfree(p->auxiliary_fds);
118 p->n_auxiliary_fds = 0;
119 }
120
121 void socket_free_ports(Socket *s) {
122 SocketPort *p;
123
124 assert(s);
125
126 while ((p = s->ports)) {
127 LIST_REMOVE(port, s->ports, p);
128
129 sd_event_source_unref(p->event_source);
130
131 socket_cleanup_fd_list(p);
132 safe_close(p->fd);
133 free(p->path);
134 free(p);
135 }
136 }
137
138 static void socket_done(Unit *u) {
139 Socket *s = SOCKET(u);
140
141 assert(s);
142
143 socket_free_ports(s);
144
145 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
146 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
147 s->control_command = NULL;
148
149 socket_unwatch_control_pid(s);
150
151 unit_ref_unset(&s->service);
152
153 s->tcp_congestion = mfree(s->tcp_congestion);
154 s->bind_to_device = mfree(s->bind_to_device);
155
156 free(s->smack);
157 free(s->smack_ip_in);
158 free(s->smack_ip_out);
159
160 strv_free(s->symlinks);
161
162 free(s->user);
163 free(s->group);
164
165 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
166 }
167
168 static int socket_arm_timer(Socket *s) {
169 int r;
170
171 assert(s);
172
173 if (s->timeout_usec <= 0) {
174 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
175 return 0;
176 }
177
178 if (s->timer_event_source) {
179 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
180 if (r < 0)
181 return r;
182
183 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
184 }
185
186 r = sd_event_add_time(
187 UNIT(s)->manager->event,
188 &s->timer_event_source,
189 CLOCK_MONOTONIC,
190 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
191 socket_dispatch_timer, s);
192 if (r < 0)
193 return r;
194
195 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
196
197 return 0;
198 }
199
200 int socket_instantiate_service(Socket *s) {
201 _cleanup_free_ char *prefix = NULL, *name = NULL;
202 int r;
203 Unit *u;
204
205 assert(s);
206
207 /* This fills in s->service if it isn't filled in yet. For
208 * Accept=yes sockets we create the next connection service
209 * here. For Accept=no this is mostly a NOP since the service
210 * is figured out at load time anyway. */
211
212 if (UNIT_DEREF(s->service))
213 return 0;
214
215 if (!s->accept)
216 return 0;
217
218 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
219 if (r < 0)
220 return r;
221
222 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
223 return -ENOMEM;
224
225 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
226 if (r < 0)
227 return r;
228
229 u->no_gc = true;
230 unit_ref_set(&s->service, u);
231
232 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
233 }
234
235 static bool have_non_accept_socket(Socket *s) {
236 SocketPort *p;
237
238 assert(s);
239
240 if (!s->accept)
241 return true;
242
243 LIST_FOREACH(port, p, s->ports) {
244
245 if (p->type != SOCKET_SOCKET)
246 return true;
247
248 if (!socket_address_can_accept(&p->address))
249 return true;
250 }
251
252 return false;
253 }
254
255 static int socket_add_mount_links(Socket *s) {
256 SocketPort *p;
257 int r;
258
259 assert(s);
260
261 LIST_FOREACH(port, p, s->ports) {
262 const char *path = NULL;
263
264 if (p->type == SOCKET_SOCKET)
265 path = socket_address_get_path(&p->address);
266 else if (IN_SET(p->type, SOCKET_FIFO, SOCKET_SPECIAL, SOCKET_USB_FUNCTION))
267 path = p->path;
268
269 if (!path)
270 continue;
271
272 r = unit_require_mounts_for(UNIT(s), path);
273 if (r < 0)
274 return r;
275 }
276
277 return 0;
278 }
279
280 static int socket_add_device_link(Socket *s) {
281 char *t;
282
283 assert(s);
284
285 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
286 return 0;
287
288 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
289 return unit_add_node_link(UNIT(s), t, false);
290 }
291
292 static int socket_add_default_dependencies(Socket *s) {
293 int r;
294 assert(s);
295
296 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
297 if (r < 0)
298 return r;
299
300 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
301 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
302 if (r < 0)
303 return r;
304 }
305
306 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
307 }
308
309 _pure_ static bool socket_has_exec(Socket *s) {
310 unsigned i;
311 assert(s);
312
313 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
314 if (s->exec_command[i])
315 return true;
316
317 return false;
318 }
319
320 static int socket_add_extras(Socket *s) {
321 Unit *u = UNIT(s);
322 int r;
323
324 assert(s);
325
326 if (have_non_accept_socket(s)) {
327
328 if (!UNIT_DEREF(s->service)) {
329 Unit *x;
330
331 r = unit_load_related_unit(u, ".service", &x);
332 if (r < 0)
333 return r;
334
335 unit_ref_set(&s->service, x);
336 }
337
338 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
339 if (r < 0)
340 return r;
341 }
342
343 r = socket_add_mount_links(s);
344 if (r < 0)
345 return r;
346
347 r = socket_add_device_link(s);
348 if (r < 0)
349 return r;
350
351 r = unit_patch_contexts(u);
352 if (r < 0)
353 return r;
354
355 if (socket_has_exec(s)) {
356 r = unit_add_exec_dependencies(u, &s->exec_context);
357 if (r < 0)
358 return r;
359
360 r = unit_set_default_slice(u);
361 if (r < 0)
362 return r;
363 }
364
365 if (u->default_dependencies) {
366 r = socket_add_default_dependencies(s);
367 if (r < 0)
368 return r;
369 }
370
371 return 0;
372 }
373
374 static const char *socket_find_symlink_target(Socket *s) {
375 const char *found = NULL;
376 SocketPort *p;
377
378 LIST_FOREACH(port, p, s->ports) {
379 const char *f = NULL;
380
381 switch (p->type) {
382
383 case SOCKET_FIFO:
384 f = p->path;
385 break;
386
387 case SOCKET_SOCKET:
388 if (p->address.sockaddr.un.sun_path[0] != 0)
389 f = p->address.sockaddr.un.sun_path;
390 break;
391
392 default:
393 break;
394 }
395
396 if (f) {
397 if (found)
398 return NULL;
399
400 found = f;
401 }
402 }
403
404 return found;
405 }
406
407 static int socket_verify(Socket *s) {
408 assert(s);
409
410 if (UNIT(s)->load_state != UNIT_LOADED)
411 return 0;
412
413 if (!s->ports) {
414 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
415 return -EINVAL;
416 }
417
418 if (s->accept && have_non_accept_socket(s)) {
419 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
420 return -EINVAL;
421 }
422
423 if (s->accept && s->max_connections <= 0) {
424 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
425 return -EINVAL;
426 }
427
428 if (s->accept && UNIT_DEREF(s->service)) {
429 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
430 return -EINVAL;
431 }
432
433 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
434 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
435 return -EINVAL;
436 }
437
438 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
439 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
440 return -EINVAL;
441 }
442
443 return 0;
444 }
445
446 static int socket_load(Unit *u) {
447 Socket *s = SOCKET(u);
448 int r;
449
450 assert(u);
451 assert(u->load_state == UNIT_STUB);
452
453 r = unit_load_fragment_and_dropin(u);
454 if (r < 0)
455 return r;
456
457 if (u->load_state == UNIT_LOADED) {
458 /* This is a new unit? Then let's add in some extras */
459 r = socket_add_extras(s);
460 if (r < 0)
461 return r;
462 }
463
464 return socket_verify(s);
465 }
466
467 _const_ static const char* listen_lookup(int family, int type) {
468
469 if (family == AF_NETLINK)
470 return "ListenNetlink";
471
472 if (type == SOCK_STREAM)
473 return "ListenStream";
474 else if (type == SOCK_DGRAM)
475 return "ListenDatagram";
476 else if (type == SOCK_SEQPACKET)
477 return "ListenSequentialPacket";
478
479 assert_not_reached("Unknown socket type");
480 return NULL;
481 }
482
483 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
484 char time_string[FORMAT_TIMESPAN_MAX];
485 SocketExecCommand c;
486 Socket *s = SOCKET(u);
487 SocketPort *p;
488 const char *prefix2;
489
490 assert(s);
491 assert(f);
492
493 prefix = strempty(prefix);
494 prefix2 = strjoina(prefix, "\t");
495
496 fprintf(f,
497 "%sSocket State: %s\n"
498 "%sResult: %s\n"
499 "%sBindIPv6Only: %s\n"
500 "%sBacklog: %u\n"
501 "%sSocketMode: %04o\n"
502 "%sDirectoryMode: %04o\n"
503 "%sKeepAlive: %s\n"
504 "%sNoDelay: %s\n"
505 "%sFreeBind: %s\n"
506 "%sTransparent: %s\n"
507 "%sBroadcast: %s\n"
508 "%sPassCredentials: %s\n"
509 "%sPassSecurity: %s\n"
510 "%sTCPCongestion: %s\n"
511 "%sRemoveOnStop: %s\n"
512 "%sWritable: %s\n"
513 "%sFDName: %s\n"
514 "%sSELinuxContextFromNet: %s\n",
515 prefix, socket_state_to_string(s->state),
516 prefix, socket_result_to_string(s->result),
517 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
518 prefix, s->backlog,
519 prefix, s->socket_mode,
520 prefix, s->directory_mode,
521 prefix, yes_no(s->keep_alive),
522 prefix, yes_no(s->no_delay),
523 prefix, yes_no(s->free_bind),
524 prefix, yes_no(s->transparent),
525 prefix, yes_no(s->broadcast),
526 prefix, yes_no(s->pass_cred),
527 prefix, yes_no(s->pass_sec),
528 prefix, strna(s->tcp_congestion),
529 prefix, yes_no(s->remove_on_stop),
530 prefix, yes_no(s->writable),
531 prefix, socket_fdname(s),
532 prefix, yes_no(s->selinux_context_from_net));
533
534 if (s->control_pid > 0)
535 fprintf(f,
536 "%sControl PID: "PID_FMT"\n",
537 prefix, s->control_pid);
538
539 if (s->bind_to_device)
540 fprintf(f,
541 "%sBindToDevice: %s\n",
542 prefix, s->bind_to_device);
543
544 if (s->accept)
545 fprintf(f,
546 "%sAccepted: %u\n"
547 "%sNConnections: %u\n"
548 "%sMaxConnections: %u\n",
549 prefix, s->n_accepted,
550 prefix, s->n_connections,
551 prefix, s->max_connections);
552
553 if (s->priority >= 0)
554 fprintf(f,
555 "%sPriority: %i\n",
556 prefix, s->priority);
557
558 if (s->receive_buffer > 0)
559 fprintf(f,
560 "%sReceiveBuffer: %zu\n",
561 prefix, s->receive_buffer);
562
563 if (s->send_buffer > 0)
564 fprintf(f,
565 "%sSendBuffer: %zu\n",
566 prefix, s->send_buffer);
567
568 if (s->ip_tos >= 0)
569 fprintf(f,
570 "%sIPTOS: %i\n",
571 prefix, s->ip_tos);
572
573 if (s->ip_ttl >= 0)
574 fprintf(f,
575 "%sIPTTL: %i\n",
576 prefix, s->ip_ttl);
577
578 if (s->pipe_size > 0)
579 fprintf(f,
580 "%sPipeSize: %zu\n",
581 prefix, s->pipe_size);
582
583 if (s->mark >= 0)
584 fprintf(f,
585 "%sMark: %i\n",
586 prefix, s->mark);
587
588 if (s->mq_maxmsg > 0)
589 fprintf(f,
590 "%sMessageQueueMaxMessages: %li\n",
591 prefix, s->mq_maxmsg);
592
593 if (s->mq_msgsize > 0)
594 fprintf(f,
595 "%sMessageQueueMessageSize: %li\n",
596 prefix, s->mq_msgsize);
597
598 if (s->reuse_port)
599 fprintf(f,
600 "%sReusePort: %s\n",
601 prefix, yes_no(s->reuse_port));
602
603 if (s->smack)
604 fprintf(f,
605 "%sSmackLabel: %s\n",
606 prefix, s->smack);
607
608 if (s->smack_ip_in)
609 fprintf(f,
610 "%sSmackLabelIPIn: %s\n",
611 prefix, s->smack_ip_in);
612
613 if (s->smack_ip_out)
614 fprintf(f,
615 "%sSmackLabelIPOut: %s\n",
616 prefix, s->smack_ip_out);
617
618 if (!isempty(s->user) || !isempty(s->group))
619 fprintf(f,
620 "%sOwnerUser: %s\n"
621 "%sOwnerGroup: %s\n",
622 prefix, strna(s->user),
623 prefix, strna(s->group));
624
625 if (s->keep_alive_time > 0)
626 fprintf(f,
627 "%sKeepAliveTimeSec: %s\n",
628 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
629
630 if (s->keep_alive_interval)
631 fprintf(f,
632 "%sKeepAliveIntervalSec: %s\n",
633 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
634
635 if (s->keep_alive_cnt)
636 fprintf(f,
637 "%sKeepAliveProbes: %u\n",
638 prefix, s->keep_alive_cnt);
639
640 if (s->defer_accept)
641 fprintf(f,
642 "%sDeferAcceptSec: %s\n",
643 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
644
645 LIST_FOREACH(port, p, s->ports) {
646
647 if (p->type == SOCKET_SOCKET) {
648 const char *t;
649 int r;
650 char *k = NULL;
651
652 r = socket_address_print(&p->address, &k);
653 if (r < 0)
654 t = strerror(-r);
655 else
656 t = k;
657
658 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
659 free(k);
660 } else if (p->type == SOCKET_SPECIAL)
661 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
662 else if (p->type == SOCKET_USB_FUNCTION)
663 fprintf(f, "%sListenUSBFunction: %s\n", prefix, p->path);
664 else if (p->type == SOCKET_MQUEUE)
665 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
666 else
667 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
668 }
669
670 exec_context_dump(&s->exec_context, f, prefix);
671 kill_context_dump(&s->kill_context, f, prefix);
672
673 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
674 if (!s->exec_command[c])
675 continue;
676
677 fprintf(f, "%s-> %s:\n",
678 prefix, socket_exec_command_to_string(c));
679
680 exec_command_dump_list(s->exec_command[c], f, prefix2);
681 }
682 }
683
684 static int instance_from_socket(int fd, unsigned nr, char **instance) {
685 socklen_t l;
686 char *r;
687 union sockaddr_union local, remote;
688
689 assert(fd >= 0);
690 assert(instance);
691
692 l = sizeof(local);
693 if (getsockname(fd, &local.sa, &l) < 0)
694 return -errno;
695
696 l = sizeof(remote);
697 if (getpeername(fd, &remote.sa, &l) < 0)
698 return -errno;
699
700 switch (local.sa.sa_family) {
701
702 case AF_INET: {
703 uint32_t
704 a = ntohl(local.in.sin_addr.s_addr),
705 b = ntohl(remote.in.sin_addr.s_addr);
706
707 if (asprintf(&r,
708 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
709 nr,
710 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
711 ntohs(local.in.sin_port),
712 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
713 ntohs(remote.in.sin_port)) < 0)
714 return -ENOMEM;
715
716 break;
717 }
718
719 case AF_INET6: {
720 static const unsigned char ipv4_prefix[] = {
721 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
722 };
723
724 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
725 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
726 const uint8_t
727 *a = local.in6.sin6_addr.s6_addr+12,
728 *b = remote.in6.sin6_addr.s6_addr+12;
729
730 if (asprintf(&r,
731 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
732 nr,
733 a[0], a[1], a[2], a[3],
734 ntohs(local.in6.sin6_port),
735 b[0], b[1], b[2], b[3],
736 ntohs(remote.in6.sin6_port)) < 0)
737 return -ENOMEM;
738 } else {
739 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
740
741 if (asprintf(&r,
742 "%u-%s:%u-%s:%u",
743 nr,
744 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
745 ntohs(local.in6.sin6_port),
746 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
747 ntohs(remote.in6.sin6_port)) < 0)
748 return -ENOMEM;
749 }
750
751 break;
752 }
753
754 case AF_UNIX: {
755 struct ucred ucred;
756 int k;
757
758 k = getpeercred(fd, &ucred);
759 if (k >= 0) {
760 if (asprintf(&r,
761 "%u-"PID_FMT"-"UID_FMT,
762 nr, ucred.pid, ucred.uid) < 0)
763 return -ENOMEM;
764 } else if (k == -ENODATA) {
765 /* This handles the case where somebody is
766 * connecting from another pid/uid namespace
767 * (e.g. from outside of our container). */
768 if (asprintf(&r,
769 "%u-unknown",
770 nr) < 0)
771 return -ENOMEM;
772 } else
773 return k;
774
775 break;
776 }
777
778 default:
779 assert_not_reached("Unhandled socket type.");
780 }
781
782 *instance = r;
783 return 0;
784 }
785
786 static void socket_close_fds(Socket *s) {
787 SocketPort *p;
788 char **i;
789
790 assert(s);
791
792 LIST_FOREACH(port, p, s->ports) {
793
794 p->event_source = sd_event_source_unref(p->event_source);
795
796 if (p->fd < 0)
797 continue;
798
799 p->fd = safe_close(p->fd);
800 socket_cleanup_fd_list(p);
801
802 /* One little note: we should normally not delete any
803 * sockets in the file system here! After all some
804 * other process we spawned might still have a
805 * reference of this fd and wants to continue to use
806 * it. Therefore we delete sockets in the file system
807 * before we create a new one, not after we stopped
808 * using one! */
809
810 if (s->remove_on_stop) {
811 switch (p->type) {
812
813 case SOCKET_FIFO:
814 unlink(p->path);
815 break;
816
817 case SOCKET_MQUEUE:
818 mq_unlink(p->path);
819 break;
820
821 case SOCKET_SOCKET:
822 socket_address_unlink(&p->address);
823 break;
824
825 default:
826 break;
827 }
828 }
829 }
830
831 if (s->remove_on_stop)
832 STRV_FOREACH(i, s->symlinks)
833 unlink(*i);
834 }
835
836 static void socket_apply_socket_options(Socket *s, int fd) {
837 int r;
838
839 assert(s);
840 assert(fd >= 0);
841
842 if (s->keep_alive) {
843 int b = s->keep_alive;
844 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
845 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
846 }
847
848 if (s->keep_alive_time) {
849 int value = s->keep_alive_time / USEC_PER_SEC;
850 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
851 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
852 }
853
854 if (s->keep_alive_interval) {
855 int value = s->keep_alive_interval / USEC_PER_SEC;
856 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
857 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
858 }
859
860 if (s->keep_alive_cnt) {
861 int value = s->keep_alive_cnt;
862 if (setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &value, sizeof(value)) < 0)
863 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
864 }
865
866 if (s->defer_accept) {
867 int value = s->defer_accept / USEC_PER_SEC;
868 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
869 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
870 }
871
872 if (s->no_delay) {
873 int b = s->no_delay;
874 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
875 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
876 }
877
878 if (s->broadcast) {
879 int one = 1;
880 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
881 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
882 }
883
884 if (s->pass_cred) {
885 int one = 1;
886 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
887 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
888 }
889
890 if (s->pass_sec) {
891 int one = 1;
892 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
893 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
894 }
895
896 if (s->priority >= 0)
897 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
898 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
899
900 if (s->receive_buffer > 0) {
901 int value = (int) s->receive_buffer;
902
903 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
904
905 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
906 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
907 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
908 }
909
910 if (s->send_buffer > 0) {
911 int value = (int) s->send_buffer;
912 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
913 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
914 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
915 }
916
917 if (s->mark >= 0)
918 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
919 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
920
921 if (s->ip_tos >= 0)
922 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
923 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
924
925 if (s->ip_ttl >= 0) {
926 int x;
927
928 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
929
930 if (socket_ipv6_is_supported())
931 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
932 else {
933 x = -1;
934 errno = EAFNOSUPPORT;
935 }
936
937 if (r < 0 && x < 0)
938 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
939 }
940
941 if (s->tcp_congestion)
942 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
943 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
944
945 if (s->smack_ip_in) {
946 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
947 if (r < 0)
948 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
949 }
950
951 if (s->smack_ip_out) {
952 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
953 if (r < 0)
954 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
955 }
956 }
957
958 static void socket_apply_fifo_options(Socket *s, int fd) {
959 int r;
960
961 assert(s);
962 assert(fd >= 0);
963
964 if (s->pipe_size > 0)
965 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
966 log_unit_warning_errno(UNIT(s), errno, "Setting pipe size failed, ignoring: %m");
967
968 if (s->smack) {
969 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
970 if (r < 0)
971 log_unit_error_errno(UNIT(s), r, "SMACK relabelling failed, ignoring: %m");
972 }
973 }
974
975 static int fifo_address_create(
976 const char *path,
977 mode_t directory_mode,
978 mode_t socket_mode) {
979
980 _cleanup_close_ int fd = -1;
981 mode_t old_mask;
982 struct stat st;
983 int r;
984
985 assert(path);
986
987 mkdir_parents_label(path, directory_mode);
988
989 r = mac_selinux_create_file_prepare(path, S_IFIFO);
990 if (r < 0)
991 return r;
992
993 /* Enforce the right access mode for the fifo */
994 old_mask = umask(~ socket_mode);
995
996 /* Include the original umask in our mask */
997 (void) umask(~socket_mode | old_mask);
998
999 r = mkfifo(path, socket_mode);
1000 (void) umask(old_mask);
1001
1002 if (r < 0 && errno != EEXIST) {
1003 r = -errno;
1004 goto fail;
1005 }
1006
1007 fd = open(path, O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
1008 if (fd < 0) {
1009 r = -errno;
1010 goto fail;
1011 }
1012
1013 mac_selinux_create_file_clear();
1014
1015 if (fstat(fd, &st) < 0) {
1016 r = -errno;
1017 goto fail;
1018 }
1019
1020 if (!S_ISFIFO(st.st_mode) ||
1021 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1022 st.st_uid != getuid() ||
1023 st.st_gid != getgid()) {
1024 r = -EEXIST;
1025 goto fail;
1026 }
1027
1028 r = fd;
1029 fd = -1;
1030
1031 return r;
1032
1033 fail:
1034 mac_selinux_create_file_clear();
1035 return r;
1036 }
1037
1038 static int special_address_create(const char *path, bool writable) {
1039 _cleanup_close_ int fd = -1;
1040 struct stat st;
1041 int r;
1042
1043 assert(path);
1044
1045 fd = open(path, (writable ? O_RDWR : O_RDONLY)|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1046 if (fd < 0)
1047 return -errno;
1048
1049 if (fstat(fd, &st) < 0)
1050 return -errno;
1051
1052 /* Check whether this is a /proc, /sys or /dev file or char device */
1053 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode))
1054 return -EEXIST;
1055
1056 r = fd;
1057 fd = -1;
1058
1059 return r;
1060 }
1061
1062 static int usbffs_address_create(const char *path) {
1063 _cleanup_close_ int fd = -1;
1064 struct stat st;
1065 int r;
1066
1067 assert(path);
1068
1069 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1070 if (fd < 0)
1071 return -errno;
1072
1073 if (fstat(fd, &st) < 0)
1074 return -errno;
1075
1076 /* Check whether this is a regular file (ffs endpoint)*/
1077 if (!S_ISREG(st.st_mode))
1078 return -EEXIST;
1079
1080 r = fd;
1081 fd = -1;
1082
1083 return r;
1084 }
1085
1086 static int mq_address_create(
1087 const char *path,
1088 mode_t mq_mode,
1089 long maxmsg,
1090 long msgsize) {
1091
1092 _cleanup_close_ int fd = -1;
1093 struct stat st;
1094 mode_t old_mask;
1095 struct mq_attr _attr, *attr = NULL;
1096 int r;
1097
1098 assert(path);
1099
1100 if (maxmsg > 0 && msgsize > 0) {
1101 _attr = (struct mq_attr) {
1102 .mq_flags = O_NONBLOCK,
1103 .mq_maxmsg = maxmsg,
1104 .mq_msgsize = msgsize,
1105 };
1106 attr = &_attr;
1107 }
1108
1109 /* Enforce the right access mode for the mq */
1110 old_mask = umask(~ mq_mode);
1111
1112 /* Include the original umask in our mask */
1113 (void) umask(~mq_mode | old_mask);
1114 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1115 (void) umask(old_mask);
1116
1117 if (fd < 0)
1118 return -errno;
1119
1120 if (fstat(fd, &st) < 0)
1121 return -errno;
1122
1123 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1124 st.st_uid != getuid() ||
1125 st.st_gid != getgid())
1126 return -EEXIST;
1127
1128 r = fd;
1129 fd = -1;
1130
1131 return r;
1132 }
1133
1134 static int socket_symlink(Socket *s) {
1135 const char *p;
1136 char **i;
1137
1138 assert(s);
1139
1140 p = socket_find_symlink_target(s);
1141 if (!p)
1142 return 0;
1143
1144 STRV_FOREACH(i, s->symlinks)
1145 symlink_label(p, *i);
1146
1147 return 0;
1148 }
1149
1150 static int usbffs_write_descs(int fd, Service *s) {
1151 int r;
1152
1153 if (!s->usb_function_descriptors || !s->usb_function_strings)
1154 return -EINVAL;
1155
1156 r = copy_file_fd(s->usb_function_descriptors, fd, false);
1157 if (r < 0)
1158 return r;
1159
1160 return copy_file_fd(s->usb_function_strings, fd, false);
1161 }
1162
1163 static int usbffs_select_ep(const struct dirent *d) {
1164 return d->d_name[0] != '.' && !streq(d->d_name, "ep0");
1165 }
1166
1167 static int usbffs_dispatch_eps(SocketPort *p) {
1168 _cleanup_free_ struct dirent **ent = NULL;
1169 _cleanup_free_ char *path = NULL;
1170 int r, i, n, k;
1171
1172 r = path_get_parent(p->path, &path);
1173 if (r < 0)
1174 return r;
1175
1176 r = scandir(path, &ent, usbffs_select_ep, alphasort);
1177 if (r < 0)
1178 return -errno;
1179
1180 n = r;
1181 p->auxiliary_fds = new(int, n);
1182 if (!p->auxiliary_fds)
1183 return -ENOMEM;
1184
1185 p->n_auxiliary_fds = n;
1186
1187 k = 0;
1188 for (i = 0; i < n; ++i) {
1189 _cleanup_free_ char *ep = NULL;
1190
1191 ep = path_make_absolute(ent[i]->d_name, path);
1192 if (!ep)
1193 return -ENOMEM;
1194
1195 path_kill_slashes(ep);
1196
1197 r = usbffs_address_create(ep);
1198 if (r < 0)
1199 goto fail;
1200
1201 p->auxiliary_fds[k] = r;
1202
1203 ++k;
1204 free(ent[i]);
1205 }
1206
1207 return r;
1208
1209 fail:
1210 close_many(p->auxiliary_fds, k);
1211 p->auxiliary_fds = mfree(p->auxiliary_fds);
1212 p->n_auxiliary_fds = 0;
1213
1214 return r;
1215 }
1216
1217 static int socket_open_fds(Socket *s) {
1218 _cleanup_(mac_selinux_freep) char *label = NULL;
1219 bool know_label = false;
1220 SocketPort *p;
1221 int r;
1222
1223 assert(s);
1224
1225 LIST_FOREACH(port, p, s->ports) {
1226
1227 if (p->fd >= 0)
1228 continue;
1229
1230 switch (p->type) {
1231
1232 case SOCKET_SOCKET:
1233
1234 if (!know_label) {
1235 /* Figure out label, if we don't it know
1236 * yet. We do it once, for the first
1237 * socket where we need this and
1238 * remember it for the rest. */
1239
1240 if (s->selinux_context_from_net) {
1241 /* Get it from the network label */
1242
1243 r = mac_selinux_get_our_label(&label);
1244 if (r < 0 && r != -EOPNOTSUPP)
1245 goto rollback;
1246
1247 } else {
1248 /* Get it from the executable we are about to start */
1249
1250 r = socket_instantiate_service(s);
1251 if (r < 0)
1252 goto rollback;
1253
1254 if (UNIT_ISSET(s->service) &&
1255 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1256 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1257 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1258 goto rollback;
1259 }
1260 }
1261
1262 know_label = true;
1263 }
1264
1265 r = socket_address_listen(
1266 &p->address,
1267 SOCK_CLOEXEC|SOCK_NONBLOCK,
1268 s->backlog,
1269 s->bind_ipv6_only,
1270 s->bind_to_device,
1271 s->reuse_port,
1272 s->free_bind,
1273 s->transparent,
1274 s->directory_mode,
1275 s->socket_mode,
1276 label);
1277 if (r < 0)
1278 goto rollback;
1279
1280 p->fd = r;
1281 socket_apply_socket_options(s, p->fd);
1282 socket_symlink(s);
1283 break;
1284
1285 case SOCKET_SPECIAL:
1286
1287 p->fd = special_address_create(p->path, s->writable);
1288 if (p->fd < 0) {
1289 r = p->fd;
1290 goto rollback;
1291 }
1292 break;
1293
1294 case SOCKET_FIFO:
1295
1296 p->fd = fifo_address_create(
1297 p->path,
1298 s->directory_mode,
1299 s->socket_mode);
1300 if (p->fd < 0) {
1301 r = p->fd;
1302 goto rollback;
1303 }
1304
1305 socket_apply_fifo_options(s, p->fd);
1306 socket_symlink(s);
1307 break;
1308
1309 case SOCKET_MQUEUE:
1310
1311 p->fd = mq_address_create(
1312 p->path,
1313 s->socket_mode,
1314 s->mq_maxmsg,
1315 s->mq_msgsize);
1316 if (p->fd < 0) {
1317 r = p->fd;
1318 goto rollback;
1319 }
1320 break;
1321
1322 case SOCKET_USB_FUNCTION:
1323
1324 p->fd = usbffs_address_create(p->path);
1325 if (p->fd < 0) {
1326 r = p->fd;
1327 goto rollback;
1328 }
1329
1330 r = usbffs_write_descs(p->fd, SERVICE(UNIT_DEREF(s->service)));
1331 if (r < 0)
1332 goto rollback;
1333
1334 r = usbffs_dispatch_eps(p);
1335 if (r < 0)
1336 goto rollback;
1337
1338 break;
1339
1340 default:
1341 assert_not_reached("Unknown port type");
1342 }
1343 }
1344
1345 return 0;
1346
1347 rollback:
1348 socket_close_fds(s);
1349 return r;
1350 }
1351
1352 static void socket_unwatch_fds(Socket *s) {
1353 SocketPort *p;
1354 int r;
1355
1356 assert(s);
1357
1358 LIST_FOREACH(port, p, s->ports) {
1359 if (p->fd < 0)
1360 continue;
1361
1362 if (!p->event_source)
1363 continue;
1364
1365 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1366 if (r < 0)
1367 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
1368 }
1369 }
1370
1371 static int socket_watch_fds(Socket *s) {
1372 SocketPort *p;
1373 int r;
1374
1375 assert(s);
1376
1377 LIST_FOREACH(port, p, s->ports) {
1378 if (p->fd < 0)
1379 continue;
1380
1381 if (p->event_source) {
1382 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1383 if (r < 0)
1384 goto fail;
1385 } else {
1386 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1387 if (r < 0)
1388 goto fail;
1389
1390 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1391 }
1392 }
1393
1394 return 0;
1395
1396 fail:
1397 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
1398 socket_unwatch_fds(s);
1399 return r;
1400 }
1401
1402 static void socket_set_state(Socket *s, SocketState state) {
1403 SocketState old_state;
1404 assert(s);
1405
1406 old_state = s->state;
1407 s->state = state;
1408
1409 if (!IN_SET(state,
1410 SOCKET_START_PRE,
1411 SOCKET_START_CHOWN,
1412 SOCKET_START_POST,
1413 SOCKET_STOP_PRE,
1414 SOCKET_STOP_PRE_SIGTERM,
1415 SOCKET_STOP_PRE_SIGKILL,
1416 SOCKET_STOP_POST,
1417 SOCKET_FINAL_SIGTERM,
1418 SOCKET_FINAL_SIGKILL)) {
1419
1420 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1421 socket_unwatch_control_pid(s);
1422 s->control_command = NULL;
1423 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1424 }
1425
1426 if (state != SOCKET_LISTENING)
1427 socket_unwatch_fds(s);
1428
1429 if (!IN_SET(state,
1430 SOCKET_START_CHOWN,
1431 SOCKET_START_POST,
1432 SOCKET_LISTENING,
1433 SOCKET_RUNNING,
1434 SOCKET_STOP_PRE,
1435 SOCKET_STOP_PRE_SIGTERM,
1436 SOCKET_STOP_PRE_SIGKILL))
1437 socket_close_fds(s);
1438
1439 if (state != old_state)
1440 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
1441
1442 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1443 }
1444
1445 static int socket_coldplug(Unit *u) {
1446 Socket *s = SOCKET(u);
1447 int r;
1448
1449 assert(s);
1450 assert(s->state == SOCKET_DEAD);
1451
1452 if (s->deserialized_state == s->state)
1453 return 0;
1454
1455 if (IN_SET(s->deserialized_state,
1456 SOCKET_START_PRE,
1457 SOCKET_START_CHOWN,
1458 SOCKET_START_POST,
1459 SOCKET_STOP_PRE,
1460 SOCKET_STOP_PRE_SIGTERM,
1461 SOCKET_STOP_PRE_SIGKILL,
1462 SOCKET_STOP_POST,
1463 SOCKET_FINAL_SIGTERM,
1464 SOCKET_FINAL_SIGKILL)) {
1465
1466 if (s->control_pid <= 0)
1467 return -EBADMSG;
1468
1469 r = unit_watch_pid(UNIT(s), s->control_pid);
1470 if (r < 0)
1471 return r;
1472
1473 r = socket_arm_timer(s);
1474 if (r < 0)
1475 return r;
1476 }
1477
1478 if (IN_SET(s->deserialized_state,
1479 SOCKET_START_CHOWN,
1480 SOCKET_START_POST,
1481 SOCKET_LISTENING,
1482 SOCKET_RUNNING,
1483 SOCKET_STOP_PRE,
1484 SOCKET_STOP_PRE_SIGTERM,
1485 SOCKET_STOP_PRE_SIGKILL)) {
1486 r = socket_open_fds(s);
1487 if (r < 0)
1488 return r;
1489 }
1490
1491 if (s->deserialized_state == SOCKET_LISTENING) {
1492 r = socket_watch_fds(s);
1493 if (r < 0)
1494 return r;
1495 }
1496
1497 socket_set_state(s, s->deserialized_state);
1498 return 0;
1499 }
1500
1501 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1502 _cleanup_free_ char **argv = NULL;
1503 pid_t pid;
1504 int r;
1505 ExecParameters exec_params = {
1506 .apply_permissions = true,
1507 .apply_chroot = true,
1508 .apply_tty_stdin = true,
1509 .bus_endpoint_fd = -1,
1510 .stdin_fd = -1,
1511 .stdout_fd = -1,
1512 .stderr_fd = -1,
1513 };
1514
1515 assert(s);
1516 assert(c);
1517 assert(_pid);
1518
1519 (void) unit_realize_cgroup(UNIT(s));
1520 if (s->reset_cpu_usage) {
1521 (void) unit_reset_cpu_usage(UNIT(s));
1522 s->reset_cpu_usage = false;
1523 }
1524
1525 r = unit_setup_exec_runtime(UNIT(s));
1526 if (r < 0)
1527 goto fail;
1528
1529 r = socket_arm_timer(s);
1530 if (r < 0)
1531 goto fail;
1532
1533 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1534 if (r < 0)
1535 goto fail;
1536
1537 exec_params.argv = argv;
1538 exec_params.environment = UNIT(s)->manager->environment;
1539 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1540 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1541 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1542 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1543 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1544
1545 r = exec_spawn(UNIT(s),
1546 c,
1547 &s->exec_context,
1548 &exec_params,
1549 s->exec_runtime,
1550 &pid);
1551 if (r < 0)
1552 goto fail;
1553
1554 r = unit_watch_pid(UNIT(s), pid);
1555 if (r < 0)
1556 /* FIXME: we need to do something here */
1557 goto fail;
1558
1559 *_pid = pid;
1560 return 0;
1561
1562 fail:
1563 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1564 return r;
1565 }
1566
1567 static int socket_chown(Socket *s, pid_t *_pid) {
1568 pid_t pid;
1569 int r;
1570
1571 r = socket_arm_timer(s);
1572 if (r < 0)
1573 goto fail;
1574
1575 /* We have to resolve the user names out-of-process, hence
1576 * let's fork here. It's messy, but well, what can we do? */
1577
1578 pid = fork();
1579 if (pid < 0)
1580 return -errno;
1581
1582 if (pid == 0) {
1583 SocketPort *p;
1584 uid_t uid = UID_INVALID;
1585 gid_t gid = GID_INVALID;
1586 int ret;
1587
1588 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1589 (void) ignore_signals(SIGPIPE, -1);
1590 log_forget_fds();
1591
1592 if (!isempty(s->user)) {
1593 const char *user = s->user;
1594
1595 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1596 if (r < 0) {
1597 ret = EXIT_USER;
1598 goto fail_child;
1599 }
1600 }
1601
1602 if (!isempty(s->group)) {
1603 const char *group = s->group;
1604
1605 r = get_group_creds(&group, &gid);
1606 if (r < 0) {
1607 ret = EXIT_GROUP;
1608 goto fail_child;
1609 }
1610 }
1611
1612 LIST_FOREACH(port, p, s->ports) {
1613 const char *path = NULL;
1614
1615 if (p->type == SOCKET_SOCKET)
1616 path = socket_address_get_path(&p->address);
1617 else if (p->type == SOCKET_FIFO)
1618 path = p->path;
1619
1620 if (!path)
1621 continue;
1622
1623 if (chown(path, uid, gid) < 0) {
1624 r = -errno;
1625 ret = EXIT_CHOWN;
1626 goto fail_child;
1627 }
1628 }
1629
1630 _exit(0);
1631
1632 fail_child:
1633 log_open();
1634 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1635
1636 _exit(ret);
1637 }
1638
1639 r = unit_watch_pid(UNIT(s), pid);
1640 if (r < 0)
1641 goto fail;
1642
1643 *_pid = pid;
1644 return 0;
1645
1646 fail:
1647 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1648 return r;
1649 }
1650
1651 static void socket_enter_dead(Socket *s, SocketResult f) {
1652 assert(s);
1653
1654 if (f != SOCKET_SUCCESS)
1655 s->result = f;
1656
1657 exec_runtime_destroy(s->exec_runtime);
1658 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1659
1660 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1661
1662 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1663 }
1664
1665 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1666
1667 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1668 int r;
1669 assert(s);
1670
1671 if (f != SOCKET_SUCCESS)
1672 s->result = f;
1673
1674 socket_unwatch_control_pid(s);
1675 s->control_command_id = SOCKET_EXEC_STOP_POST;
1676 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1677
1678 if (s->control_command) {
1679 r = socket_spawn(s, s->control_command, &s->control_pid);
1680 if (r < 0)
1681 goto fail;
1682
1683 socket_set_state(s, SOCKET_STOP_POST);
1684 } else
1685 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1686
1687 return;
1688
1689 fail:
1690 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
1691 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1692 }
1693
1694 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1695 int r;
1696
1697 assert(s);
1698
1699 if (f != SOCKET_SUCCESS)
1700 s->result = f;
1701
1702 r = unit_kill_context(
1703 UNIT(s),
1704 &s->kill_context,
1705 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1706 KILL_KILL : KILL_TERMINATE,
1707 -1,
1708 s->control_pid,
1709 false);
1710 if (r < 0)
1711 goto fail;
1712
1713 if (r > 0) {
1714 r = socket_arm_timer(s);
1715 if (r < 0)
1716 goto fail;
1717
1718 socket_set_state(s, state);
1719 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1720 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1721 else if (state == SOCKET_STOP_PRE_SIGKILL)
1722 socket_enter_stop_post(s, SOCKET_SUCCESS);
1723 else if (state == SOCKET_FINAL_SIGTERM)
1724 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1725 else
1726 socket_enter_dead(s, SOCKET_SUCCESS);
1727
1728 return;
1729
1730 fail:
1731 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
1732
1733 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1734 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1735 else
1736 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1737 }
1738
1739 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1740 int r;
1741 assert(s);
1742
1743 if (f != SOCKET_SUCCESS)
1744 s->result = f;
1745
1746 socket_unwatch_control_pid(s);
1747 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1748 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1749
1750 if (s->control_command) {
1751 r = socket_spawn(s, s->control_command, &s->control_pid);
1752 if (r < 0)
1753 goto fail;
1754
1755 socket_set_state(s, SOCKET_STOP_PRE);
1756 } else
1757 socket_enter_stop_post(s, SOCKET_SUCCESS);
1758
1759 return;
1760
1761 fail:
1762 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
1763 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1764 }
1765
1766 static void socket_enter_listening(Socket *s) {
1767 int r;
1768 assert(s);
1769
1770 r = socket_watch_fds(s);
1771 if (r < 0) {
1772 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1773 goto fail;
1774 }
1775
1776 socket_set_state(s, SOCKET_LISTENING);
1777 return;
1778
1779 fail:
1780 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1781 }
1782
1783 static void socket_enter_start_post(Socket *s) {
1784 int r;
1785 assert(s);
1786
1787 socket_unwatch_control_pid(s);
1788 s->control_command_id = SOCKET_EXEC_START_POST;
1789 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1790
1791 if (s->control_command) {
1792 r = socket_spawn(s, s->control_command, &s->control_pid);
1793 if (r < 0) {
1794 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
1795 goto fail;
1796 }
1797
1798 socket_set_state(s, SOCKET_START_POST);
1799 } else
1800 socket_enter_listening(s);
1801
1802 return;
1803
1804 fail:
1805 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1806 }
1807
1808 static void socket_enter_start_chown(Socket *s) {
1809 int r;
1810
1811 assert(s);
1812
1813 r = socket_open_fds(s);
1814 if (r < 0) {
1815 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1816 goto fail;
1817 }
1818
1819 if (!isempty(s->user) || !isempty(s->group)) {
1820
1821 socket_unwatch_control_pid(s);
1822 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1823 s->control_command = NULL;
1824
1825 r = socket_chown(s, &s->control_pid);
1826 if (r < 0) {
1827 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
1828 goto fail;
1829 }
1830
1831 socket_set_state(s, SOCKET_START_CHOWN);
1832 } else
1833 socket_enter_start_post(s);
1834
1835 return;
1836
1837 fail:
1838 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1839 }
1840
1841 static void socket_enter_start_pre(Socket *s) {
1842 int r;
1843 assert(s);
1844
1845 socket_unwatch_control_pid(s);
1846 s->control_command_id = SOCKET_EXEC_START_PRE;
1847 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1848
1849 if (s->control_command) {
1850 r = socket_spawn(s, s->control_command, &s->control_pid);
1851 if (r < 0) {
1852 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
1853 goto fail;
1854 }
1855
1856 socket_set_state(s, SOCKET_START_PRE);
1857 } else
1858 socket_enter_start_chown(s);
1859
1860 return;
1861
1862 fail:
1863 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1864 }
1865
1866 static void socket_enter_running(Socket *s, int cfd) {
1867 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1868 int r;
1869
1870 assert(s);
1871
1872 /* We don't take connections anymore if we are supposed to
1873 * shut down anyway */
1874 if (unit_stop_pending(UNIT(s))) {
1875
1876 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
1877
1878 if (cfd >= 0)
1879 safe_close(cfd);
1880 else {
1881 /* Flush all sockets by closing and reopening them */
1882 socket_close_fds(s);
1883
1884 r = socket_open_fds(s);
1885 if (r < 0) {
1886 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1887 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1888 return;
1889 }
1890
1891 r = socket_watch_fds(s);
1892 if (r < 0) {
1893 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1894 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1895 }
1896 }
1897
1898 return;
1899 }
1900
1901 if (cfd < 0) {
1902 Iterator i;
1903 Unit *other;
1904 bool pending = false;
1905
1906 /* If there's already a start pending don't bother to
1907 * do anything */
1908 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1909 if (unit_active_or_pending(other)) {
1910 pending = true;
1911 break;
1912 }
1913
1914 if (!pending) {
1915 if (!UNIT_ISSET(s->service)) {
1916 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
1917 r = -ENOENT;
1918 goto fail;
1919 }
1920
1921 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1922 if (r < 0)
1923 goto fail;
1924 }
1925
1926 socket_set_state(s, SOCKET_RUNNING);
1927 } else {
1928 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1929 Service *service;
1930
1931 if (s->n_connections >= s->max_connections) {
1932 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
1933 safe_close(cfd);
1934 return;
1935 }
1936
1937 r = socket_instantiate_service(s);
1938 if (r < 0)
1939 goto fail;
1940
1941 r = instance_from_socket(cfd, s->n_accepted, &instance);
1942 if (r < 0) {
1943 if (r != -ENOTCONN)
1944 goto fail;
1945
1946 /* ENOTCONN is legitimate if TCP RST was received.
1947 * This connection is over, but the socket unit lives on. */
1948 safe_close(cfd);
1949 return;
1950 }
1951
1952 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1953 if (r < 0)
1954 goto fail;
1955
1956 r = unit_name_build(prefix, instance, ".service", &name);
1957 if (r < 0)
1958 goto fail;
1959
1960 r = unit_add_name(UNIT_DEREF(s->service), name);
1961 if (r < 0)
1962 goto fail;
1963
1964 service = SERVICE(UNIT_DEREF(s->service));
1965 unit_ref_unset(&s->service);
1966 s->n_accepted ++;
1967
1968 UNIT(service)->no_gc = false;
1969
1970 unit_choose_id(UNIT(service), name);
1971
1972 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1973 if (r < 0)
1974 goto fail;
1975
1976 cfd = -1;
1977 s->n_connections ++;
1978
1979 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1980 if (r < 0)
1981 goto fail;
1982
1983 /* Notify clients about changed counters */
1984 unit_add_to_dbus_queue(UNIT(s));
1985 }
1986
1987 return;
1988
1989 fail:
1990 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1991 cfd >= 0 ? "template" : "non-template",
1992 bus_error_message(&error, r));
1993
1994 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1995 safe_close(cfd);
1996 }
1997
1998 static void socket_run_next(Socket *s) {
1999 int r;
2000
2001 assert(s);
2002 assert(s->control_command);
2003 assert(s->control_command->command_next);
2004
2005 socket_unwatch_control_pid(s);
2006
2007 s->control_command = s->control_command->command_next;
2008
2009 r = socket_spawn(s, s->control_command, &s->control_pid);
2010 if (r < 0)
2011 goto fail;
2012
2013 return;
2014
2015 fail:
2016 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
2017
2018 if (s->state == SOCKET_START_POST)
2019 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2020 else if (s->state == SOCKET_STOP_POST)
2021 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
2022 else
2023 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
2024 }
2025
2026 static int socket_start(Unit *u) {
2027 Socket *s = SOCKET(u);
2028
2029 assert(s);
2030
2031 /* We cannot fulfill this request right now, try again later
2032 * please! */
2033 if (IN_SET(s->state,
2034 SOCKET_STOP_PRE,
2035 SOCKET_STOP_PRE_SIGKILL,
2036 SOCKET_STOP_PRE_SIGTERM,
2037 SOCKET_STOP_POST,
2038 SOCKET_FINAL_SIGTERM,
2039 SOCKET_FINAL_SIGKILL))
2040 return -EAGAIN;
2041
2042 /* Already on it! */
2043 if (IN_SET(s->state,
2044 SOCKET_START_PRE,
2045 SOCKET_START_CHOWN,
2046 SOCKET_START_POST))
2047 return 0;
2048
2049 /* Cannot run this without the service being around */
2050 if (UNIT_ISSET(s->service)) {
2051 Service *service;
2052
2053 service = SERVICE(UNIT_DEREF(s->service));
2054
2055 if (UNIT(service)->load_state != UNIT_LOADED) {
2056 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
2057 return -ENOENT;
2058 }
2059
2060 /* If the service is already active we cannot start the
2061 * socket */
2062 if (service->state != SERVICE_DEAD &&
2063 service->state != SERVICE_FAILED &&
2064 service->state != SERVICE_AUTO_RESTART) {
2065 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
2066 return -EBUSY;
2067 }
2068 }
2069
2070 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
2071
2072 s->result = SOCKET_SUCCESS;
2073 s->reset_cpu_usage = true;
2074
2075 socket_enter_start_pre(s);
2076
2077 return 1;
2078 }
2079
2080 static int socket_stop(Unit *u) {
2081 Socket *s = SOCKET(u);
2082
2083 assert(s);
2084
2085 /* Already on it */
2086 if (IN_SET(s->state,
2087 SOCKET_STOP_PRE,
2088 SOCKET_STOP_PRE_SIGTERM,
2089 SOCKET_STOP_PRE_SIGKILL,
2090 SOCKET_STOP_POST,
2091 SOCKET_FINAL_SIGTERM,
2092 SOCKET_FINAL_SIGKILL))
2093 return 0;
2094
2095 /* If there's already something running we go directly into
2096 * kill mode. */
2097 if (IN_SET(s->state,
2098 SOCKET_START_PRE,
2099 SOCKET_START_CHOWN,
2100 SOCKET_START_POST)) {
2101 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
2102 return -EAGAIN;
2103 }
2104
2105 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
2106
2107 socket_enter_stop_pre(s, SOCKET_SUCCESS);
2108 return 1;
2109 }
2110
2111 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2112 Socket *s = SOCKET(u);
2113 SocketPort *p;
2114 int r;
2115
2116 assert(u);
2117 assert(f);
2118 assert(fds);
2119
2120 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2121 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2122 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2123
2124 if (s->control_pid > 0)
2125 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2126
2127 if (s->control_command_id >= 0)
2128 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2129
2130 LIST_FOREACH(port, p, s->ports) {
2131 int copy;
2132
2133 if (p->fd < 0)
2134 continue;
2135
2136 copy = fdset_put_dup(fds, p->fd);
2137 if (copy < 0)
2138 return copy;
2139
2140 if (p->type == SOCKET_SOCKET) {
2141 _cleanup_free_ char *t = NULL;
2142
2143 r = socket_address_print(&p->address, &t);
2144 if (r < 0)
2145 return r;
2146
2147 if (socket_address_family(&p->address) == AF_NETLINK)
2148 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2149 else
2150 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2151
2152 } else if (p->type == SOCKET_SPECIAL)
2153 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2154 else if (p->type == SOCKET_MQUEUE)
2155 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2156 else if (p->type == SOCKET_USB_FUNCTION)
2157 unit_serialize_item_format(u, f, "ffs", "%i %s", copy, p->path);
2158 else {
2159 assert(p->type == SOCKET_FIFO);
2160 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2161 }
2162 }
2163
2164 return 0;
2165 }
2166
2167 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2168 Socket *s = SOCKET(u);
2169
2170 assert(u);
2171 assert(key);
2172 assert(value);
2173
2174 if (streq(key, "state")) {
2175 SocketState state;
2176
2177 state = socket_state_from_string(value);
2178 if (state < 0)
2179 log_unit_debug(u, "Failed to parse state value: %s", value);
2180 else
2181 s->deserialized_state = state;
2182 } else if (streq(key, "result")) {
2183 SocketResult f;
2184
2185 f = socket_result_from_string(value);
2186 if (f < 0)
2187 log_unit_debug(u, "Failed to parse result value: %s", value);
2188 else if (f != SOCKET_SUCCESS)
2189 s->result = f;
2190
2191 } else if (streq(key, "n-accepted")) {
2192 unsigned k;
2193
2194 if (safe_atou(value, &k) < 0)
2195 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
2196 else
2197 s->n_accepted += k;
2198 } else if (streq(key, "control-pid")) {
2199 pid_t pid;
2200
2201 if (parse_pid(value, &pid) < 0)
2202 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
2203 else
2204 s->control_pid = pid;
2205 } else if (streq(key, "control-command")) {
2206 SocketExecCommand id;
2207
2208 id = socket_exec_command_from_string(value);
2209 if (id < 0)
2210 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
2211 else {
2212 s->control_command_id = id;
2213 s->control_command = s->exec_command[id];
2214 }
2215 } else if (streq(key, "fifo")) {
2216 int fd, skip = 0;
2217 SocketPort *p;
2218
2219 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2220 log_unit_debug(u, "Failed to parse fifo value: %s", value);
2221 else {
2222
2223 LIST_FOREACH(port, p, s->ports)
2224 if (p->type == SOCKET_FIFO &&
2225 path_equal_or_files_same(p->path, value+skip))
2226 break;
2227
2228 if (p) {
2229 safe_close(p->fd);
2230 p->fd = fdset_remove(fds, fd);
2231 }
2232 }
2233
2234 } else if (streq(key, "special")) {
2235 int fd, skip = 0;
2236 SocketPort *p;
2237
2238 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2239 log_unit_debug(u, "Failed to parse special value: %s", value);
2240 else {
2241
2242 LIST_FOREACH(port, p, s->ports)
2243 if (p->type == SOCKET_SPECIAL &&
2244 path_equal_or_files_same(p->path, value+skip))
2245 break;
2246
2247 if (p) {
2248 safe_close(p->fd);
2249 p->fd = fdset_remove(fds, fd);
2250 }
2251 }
2252
2253 } else if (streq(key, "mqueue")) {
2254 int fd, skip = 0;
2255 SocketPort *p;
2256
2257 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2258 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
2259 else {
2260
2261 LIST_FOREACH(port, p, s->ports)
2262 if (p->type == SOCKET_MQUEUE &&
2263 streq(p->path, value+skip))
2264 break;
2265
2266 if (p) {
2267 safe_close(p->fd);
2268 p->fd = fdset_remove(fds, fd);
2269 }
2270 }
2271
2272 } else if (streq(key, "socket")) {
2273 int fd, type, skip = 0;
2274 SocketPort *p;
2275
2276 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2277 log_unit_debug(u, "Failed to parse socket value: %s", value);
2278 else {
2279
2280 LIST_FOREACH(port, p, s->ports)
2281 if (socket_address_is(&p->address, value+skip, type))
2282 break;
2283
2284 if (p) {
2285 safe_close(p->fd);
2286 p->fd = fdset_remove(fds, fd);
2287 }
2288 }
2289
2290 } else if (streq(key, "netlink")) {
2291 int fd, skip = 0;
2292 SocketPort *p;
2293
2294 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2295 log_unit_debug(u, "Failed to parse socket value: %s", value);
2296 else {
2297
2298 LIST_FOREACH(port, p, s->ports)
2299 if (socket_address_is_netlink(&p->address, value+skip))
2300 break;
2301
2302 if (p) {
2303 safe_close(p->fd);
2304 p->fd = fdset_remove(fds, fd);
2305 }
2306 }
2307
2308 } else if (streq(key, "ffs")) {
2309 int fd, skip = 0;
2310 SocketPort *p;
2311
2312 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2313 log_unit_debug(u, "Failed to parse ffs value: %s", value);
2314 else {
2315
2316 LIST_FOREACH(port, p, s->ports)
2317 if (p->type == SOCKET_USB_FUNCTION &&
2318 path_equal_or_files_same(p->path, value+skip))
2319 break;
2320
2321 if (p) {
2322 safe_close(p->fd);
2323 p->fd = fdset_remove(fds, fd);
2324 }
2325 }
2326
2327 } else
2328 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
2329
2330 return 0;
2331 }
2332
2333 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2334 Socket *s = SOCKET(u);
2335 SocketPort *p;
2336
2337 assert(u);
2338
2339 LIST_FOREACH(port, p, s->ports) {
2340 Iterator i;
2341 int fd;
2342
2343 if (p->type != SOCKET_SOCKET)
2344 continue;
2345
2346 if (p->fd >= 0)
2347 continue;
2348
2349 FDSET_FOREACH(fd, fds, i) {
2350 if (socket_address_matches_fd(&p->address, fd)) {
2351 p->fd = fdset_remove(fds, fd);
2352 s->deserialized_state = SOCKET_LISTENING;
2353 break;
2354 }
2355 }
2356 }
2357
2358 return 0;
2359 }
2360
2361 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2362 assert(u);
2363
2364 return state_translation_table[SOCKET(u)->state];
2365 }
2366
2367 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2368 assert(u);
2369
2370 return socket_state_to_string(SOCKET(u)->state);
2371 }
2372
2373 const char* socket_port_type_to_string(SocketPort *p) {
2374
2375 assert(p);
2376
2377 switch (p->type) {
2378
2379 case SOCKET_SOCKET:
2380
2381 switch (p->address.type) {
2382
2383 case SOCK_STREAM:
2384 return "Stream";
2385
2386 case SOCK_DGRAM:
2387 return "Datagram";
2388
2389 case SOCK_SEQPACKET:
2390 return "SequentialPacket";
2391
2392 case SOCK_RAW:
2393 if (socket_address_family(&p->address) == AF_NETLINK)
2394 return "Netlink";
2395
2396 default:
2397 return NULL;
2398 }
2399
2400 case SOCKET_SPECIAL:
2401 return "Special";
2402
2403 case SOCKET_MQUEUE:
2404 return "MessageQueue";
2405
2406 case SOCKET_FIFO:
2407 return "FIFO";
2408
2409 case SOCKET_USB_FUNCTION:
2410 return "USBFunction";
2411
2412 default:
2413 return NULL;
2414 }
2415 }
2416
2417 _pure_ static bool socket_check_gc(Unit *u) {
2418 Socket *s = SOCKET(u);
2419
2420 assert(u);
2421
2422 return s->n_connections > 0;
2423 }
2424
2425 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2426 SocketPort *p = userdata;
2427 int cfd = -1;
2428
2429 assert(p);
2430 assert(fd >= 0);
2431
2432 if (p->socket->state != SOCKET_LISTENING)
2433 return 0;
2434
2435 log_unit_debug(UNIT(p->socket), "Incoming traffic");
2436
2437 if (revents != EPOLLIN) {
2438
2439 if (revents & EPOLLHUP)
2440 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2441 else
2442 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
2443 goto fail;
2444 }
2445
2446 if (p->socket->accept &&
2447 p->type == SOCKET_SOCKET &&
2448 socket_address_can_accept(&p->address)) {
2449
2450 for (;;) {
2451
2452 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2453 if (cfd < 0) {
2454
2455 if (errno == EINTR)
2456 continue;
2457
2458 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
2459 goto fail;
2460 }
2461
2462 break;
2463 }
2464
2465 socket_apply_socket_options(p->socket, cfd);
2466 }
2467
2468 socket_enter_running(p->socket, cfd);
2469 return 0;
2470
2471 fail:
2472 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2473 return 0;
2474 }
2475
2476 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2477 Socket *s = SOCKET(u);
2478 SocketResult f;
2479
2480 assert(s);
2481 assert(pid >= 0);
2482
2483 if (pid != s->control_pid)
2484 return;
2485
2486 s->control_pid = 0;
2487
2488 if (is_clean_exit(code, status, NULL))
2489 f = SOCKET_SUCCESS;
2490 else if (code == CLD_EXITED)
2491 f = SOCKET_FAILURE_EXIT_CODE;
2492 else if (code == CLD_KILLED)
2493 f = SOCKET_FAILURE_SIGNAL;
2494 else if (code == CLD_DUMPED)
2495 f = SOCKET_FAILURE_CORE_DUMP;
2496 else
2497 assert_not_reached("Unknown sigchld code");
2498
2499 if (s->control_command) {
2500 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2501
2502 if (s->control_command->ignore)
2503 f = SOCKET_SUCCESS;
2504 }
2505
2506 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2507 "Control process exited, code=%s status=%i",
2508 sigchld_code_to_string(code), status);
2509
2510 if (f != SOCKET_SUCCESS)
2511 s->result = f;
2512
2513 if (s->control_command &&
2514 s->control_command->command_next &&
2515 f == SOCKET_SUCCESS) {
2516
2517 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
2518 socket_run_next(s);
2519 } else {
2520 s->control_command = NULL;
2521 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2522
2523 /* No further commands for this step, so let's figure
2524 * out what to do next */
2525
2526 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
2527
2528 switch (s->state) {
2529
2530 case SOCKET_START_PRE:
2531 if (f == SOCKET_SUCCESS)
2532 socket_enter_start_chown(s);
2533 else
2534 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2535 break;
2536
2537 case SOCKET_START_CHOWN:
2538 if (f == SOCKET_SUCCESS)
2539 socket_enter_start_post(s);
2540 else
2541 socket_enter_stop_pre(s, f);
2542 break;
2543
2544 case SOCKET_START_POST:
2545 if (f == SOCKET_SUCCESS)
2546 socket_enter_listening(s);
2547 else
2548 socket_enter_stop_pre(s, f);
2549 break;
2550
2551 case SOCKET_STOP_PRE:
2552 case SOCKET_STOP_PRE_SIGTERM:
2553 case SOCKET_STOP_PRE_SIGKILL:
2554 socket_enter_stop_post(s, f);
2555 break;
2556
2557 case SOCKET_STOP_POST:
2558 case SOCKET_FINAL_SIGTERM:
2559 case SOCKET_FINAL_SIGKILL:
2560 socket_enter_dead(s, f);
2561 break;
2562
2563 default:
2564 assert_not_reached("Uh, control process died at wrong time.");
2565 }
2566 }
2567
2568 /* Notify clients about changed exit status */
2569 unit_add_to_dbus_queue(u);
2570 }
2571
2572 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2573 Socket *s = SOCKET(userdata);
2574
2575 assert(s);
2576 assert(s->timer_event_source == source);
2577
2578 switch (s->state) {
2579
2580 case SOCKET_START_PRE:
2581 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
2582 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2583 break;
2584
2585 case SOCKET_START_CHOWN:
2586 case SOCKET_START_POST:
2587 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
2588 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2589 break;
2590
2591 case SOCKET_STOP_PRE:
2592 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
2593 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2594 break;
2595
2596 case SOCKET_STOP_PRE_SIGTERM:
2597 if (s->kill_context.send_sigkill) {
2598 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
2599 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2600 } else {
2601 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2602 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2603 }
2604 break;
2605
2606 case SOCKET_STOP_PRE_SIGKILL:
2607 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
2608 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2609 break;
2610
2611 case SOCKET_STOP_POST:
2612 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
2613 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2614 break;
2615
2616 case SOCKET_FINAL_SIGTERM:
2617 if (s->kill_context.send_sigkill) {
2618 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
2619 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2620 } else {
2621 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2622 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2623 }
2624 break;
2625
2626 case SOCKET_FINAL_SIGKILL:
2627 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
2628 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2629 break;
2630
2631 default:
2632 assert_not_reached("Timeout at wrong time.");
2633 }
2634
2635 return 0;
2636 }
2637
2638 int socket_collect_fds(Socket *s, int **fds) {
2639 int *rfds, k = 0, n = 0;
2640 SocketPort *p;
2641
2642 assert(s);
2643 assert(fds);
2644
2645 /* Called from the service code for requesting our fds */
2646
2647 LIST_FOREACH(port, p, s->ports) {
2648 if (p->fd >= 0)
2649 n++;
2650 n += p->n_auxiliary_fds;
2651 }
2652
2653 if (n <= 0) {
2654 *fds = NULL;
2655 return 0;
2656 }
2657
2658 rfds = new(int, n);
2659 if (!rfds)
2660 return -ENOMEM;
2661
2662 LIST_FOREACH(port, p, s->ports) {
2663 int i;
2664
2665 if (p->fd >= 0)
2666 rfds[k++] = p->fd;
2667 for (i = 0; i < p->n_auxiliary_fds; ++i)
2668 rfds[k++] = p->auxiliary_fds[i];
2669 }
2670
2671 assert(k == n);
2672
2673 *fds = rfds;
2674 return n;
2675 }
2676
2677 static void socket_reset_failed(Unit *u) {
2678 Socket *s = SOCKET(u);
2679
2680 assert(s);
2681
2682 if (s->state == SOCKET_FAILED)
2683 socket_set_state(s, SOCKET_DEAD);
2684
2685 s->result = SOCKET_SUCCESS;
2686 }
2687
2688 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2689 assert(s);
2690
2691 /* The service is dead. Dang!
2692 *
2693 * This is strictly for one-instance-for-all-connections
2694 * services. */
2695
2696 if (s->state == SOCKET_RUNNING) {
2697 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
2698 if (failed_permanent)
2699 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2700 else
2701 socket_enter_listening(s);
2702 }
2703 }
2704
2705 void socket_connection_unref(Socket *s) {
2706 assert(s);
2707
2708 /* The service is dead. Yay!
2709 *
2710 * This is strictly for one-instance-per-connection
2711 * services. */
2712
2713 assert(s->n_connections > 0);
2714 s->n_connections--;
2715
2716 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
2717 }
2718
2719 static void socket_trigger_notify(Unit *u, Unit *other) {
2720 Socket *s = SOCKET(u);
2721 Service *se;
2722
2723 assert(u);
2724 assert(other);
2725
2726 /* Don't propagate state changes from the service if we are
2727 already down or accepting connections */
2728 if ((s->state != SOCKET_RUNNING &&
2729 s->state != SOCKET_LISTENING) ||
2730 s->accept)
2731 return;
2732
2733 if (other->load_state != UNIT_LOADED ||
2734 other->type != UNIT_SERVICE)
2735 return;
2736
2737 se = SERVICE(other);
2738
2739 if (se->state == SERVICE_FAILED)
2740 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2741
2742 if (se->state == SERVICE_DEAD ||
2743 se->state == SERVICE_FINAL_SIGTERM ||
2744 se->state == SERVICE_FINAL_SIGKILL ||
2745 se->state == SERVICE_AUTO_RESTART)
2746 socket_notify_service_dead(s, false);
2747
2748 if (se->state == SERVICE_RUNNING)
2749 socket_set_state(s, SOCKET_RUNNING);
2750 }
2751
2752 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2753 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2754 }
2755
2756 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2757 Socket *s = SOCKET(u);
2758 int r;
2759
2760 if (!s->timer_event_source)
2761 return 0;
2762
2763 r = sd_event_source_get_time(s->timer_event_source, timeout);
2764 if (r < 0)
2765 return r;
2766
2767 return 1;
2768 }
2769
2770 char *socket_fdname(Socket *s) {
2771 assert(s);
2772
2773 /* Returns the name to use for $LISTEN_NAMES. If the user
2774 * didn't specify anything specifically, use the socket unit's
2775 * name as fallback. */
2776
2777 if (s->fdname)
2778 return s->fdname;
2779
2780 return UNIT(s)->id;
2781 }
2782
2783 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2784 [SOCKET_EXEC_START_PRE] = "StartPre",
2785 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2786 [SOCKET_EXEC_START_POST] = "StartPost",
2787 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2788 [SOCKET_EXEC_STOP_POST] = "StopPost"
2789 };
2790
2791 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2792
2793 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2794 [SOCKET_SUCCESS] = "success",
2795 [SOCKET_FAILURE_RESOURCES] = "resources",
2796 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2797 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2798 [SOCKET_FAILURE_SIGNAL] = "signal",
2799 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2800 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2801 };
2802
2803 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2804
2805 const UnitVTable socket_vtable = {
2806 .object_size = sizeof(Socket),
2807 .exec_context_offset = offsetof(Socket, exec_context),
2808 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2809 .kill_context_offset = offsetof(Socket, kill_context),
2810 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2811
2812 .sections =
2813 "Unit\0"
2814 "Socket\0"
2815 "Install\0",
2816 .private_section = "Socket",
2817
2818 .init = socket_init,
2819 .done = socket_done,
2820 .load = socket_load,
2821
2822 .coldplug = socket_coldplug,
2823
2824 .dump = socket_dump,
2825
2826 .start = socket_start,
2827 .stop = socket_stop,
2828
2829 .kill = socket_kill,
2830
2831 .get_timeout = socket_get_timeout,
2832
2833 .serialize = socket_serialize,
2834 .deserialize_item = socket_deserialize_item,
2835 .distribute_fds = socket_distribute_fds,
2836
2837 .active_state = socket_active_state,
2838 .sub_state_to_string = socket_sub_state_to_string,
2839
2840 .check_gc = socket_check_gc,
2841
2842 .sigchld_event = socket_sigchld_event,
2843
2844 .trigger_notify = socket_trigger_notify,
2845
2846 .reset_failed = socket_reset_failed,
2847
2848 .bus_vtable = bus_socket_vtable,
2849 .bus_set_property = bus_socket_set_property,
2850 .bus_commit_properties = bus_socket_commit_properties,
2851
2852 .status_message_formats = {
2853 /*.starting_stopping = {
2854 [0] = "Starting socket %s...",
2855 [1] = "Stopping socket %s...",
2856 },*/
2857 .finished_start_job = {
2858 [JOB_DONE] = "Listening on %s.",
2859 [JOB_FAILED] = "Failed to listen on %s.",
2860 [JOB_TIMEOUT] = "Timed out starting %s.",
2861 },
2862 .finished_stop_job = {
2863 [JOB_DONE] = "Closed %s.",
2864 [JOB_FAILED] = "Failed stopping %s.",
2865 [JOB_TIMEOUT] = "Timed out stopping %s.",
2866 },
2867 },
2868 };
Unnamed repository; edit this file 'description' to name the repository.