]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
core: rework unit name validation and manipulation logic
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/stat.h>
23 #include <unistd.h>
24 #include <errno.h>
25 #include <fcntl.h>
26 #include <sys/epoll.h>
27 #include <signal.h>
28 #include <arpa/inet.h>
29 #include <netinet/tcp.h>
30 #include <mqueue.h>
31
32 #include "sd-event.h"
33 #include "log.h"
34 #include "strv.h"
35 #include "mkdir.h"
36 #include "path-util.h"
37 #include "unit-name.h"
38 #include "unit-printf.h"
39 #include "missing.h"
40 #include "special.h"
41 #include "label.h"
42 #include "exit-status.h"
43 #include "def.h"
44 #include "smack-util.h"
45 #include "bus-util.h"
46 #include "bus-error.h"
47 #include "selinux-util.h"
48 #include "dbus-socket.h"
49 #include "unit.h"
50 #include "socket.h"
51 #include "formats-util.h"
52
53 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
54 [SOCKET_DEAD] = UNIT_INACTIVE,
55 [SOCKET_START_PRE] = UNIT_ACTIVATING,
56 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
57 [SOCKET_START_POST] = UNIT_ACTIVATING,
58 [SOCKET_LISTENING] = UNIT_ACTIVE,
59 [SOCKET_RUNNING] = UNIT_ACTIVE,
60 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
61 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
62 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
64 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
65 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
66 [SOCKET_FAILED] = UNIT_FAILED
67 };
68
69 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
70 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
71
72 static void socket_init(Unit *u) {
73 Socket *s = SOCKET(u);
74
75 assert(u);
76 assert(u->load_state == UNIT_STUB);
77
78 s->backlog = SOMAXCONN;
79 s->timeout_usec = u->manager->default_timeout_start_usec;
80 s->directory_mode = 0755;
81 s->socket_mode = 0666;
82
83 s->max_connections = 64;
84
85 s->priority = -1;
86 s->ip_tos = -1;
87 s->ip_ttl = -1;
88 s->mark = -1;
89
90 s->exec_context.std_output = u->manager->default_std_output;
91 s->exec_context.std_error = u->manager->default_std_error;
92
93 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
94 }
95
96 static void socket_unwatch_control_pid(Socket *s) {
97 assert(s);
98
99 if (s->control_pid <= 0)
100 return;
101
102 unit_unwatch_pid(UNIT(s), s->control_pid);
103 s->control_pid = 0;
104 }
105
106 void socket_free_ports(Socket *s) {
107 SocketPort *p;
108
109 assert(s);
110
111 while ((p = s->ports)) {
112 LIST_REMOVE(port, s->ports, p);
113
114 sd_event_source_unref(p->event_source);
115
116 safe_close(p->fd);
117 free(p->path);
118 free(p);
119 }
120 }
121
122 static void socket_done(Unit *u) {
123 Socket *s = SOCKET(u);
124
125 assert(s);
126
127 socket_free_ports(s);
128
129 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
130 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
131 s->control_command = NULL;
132
133 socket_unwatch_control_pid(s);
134
135 unit_ref_unset(&s->service);
136
137 free(s->tcp_congestion);
138 s->tcp_congestion = NULL;
139
140 free(s->bind_to_device);
141 s->bind_to_device = NULL;
142
143 free(s->smack);
144 free(s->smack_ip_in);
145 free(s->smack_ip_out);
146
147 strv_free(s->symlinks);
148
149 free(s->user);
150 free(s->group);
151
152 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
153 }
154
155 static int socket_arm_timer(Socket *s) {
156 int r;
157
158 assert(s);
159
160 if (s->timeout_usec <= 0) {
161 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
162 return 0;
163 }
164
165 if (s->timer_event_source) {
166 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
167 if (r < 0)
168 return r;
169
170 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
171 }
172
173 r = sd_event_add_time(
174 UNIT(s)->manager->event,
175 &s->timer_event_source,
176 CLOCK_MONOTONIC,
177 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
178 socket_dispatch_timer, s);
179 if (r < 0)
180 return r;
181
182 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
183
184 return 0;
185 }
186
187 int socket_instantiate_service(Socket *s) {
188 _cleanup_free_ char *prefix = NULL, *name = NULL;
189 int r;
190 Unit *u;
191
192 assert(s);
193
194 /* This fills in s->service if it isn't filled in yet. For
195 * Accept=yes sockets we create the next connection service
196 * here. For Accept=no this is mostly a NOP since the service
197 * is figured out at load time anyway. */
198
199 if (UNIT_DEREF(s->service))
200 return 0;
201
202 if (!s->accept)
203 return 0;
204
205 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
206 if (r < 0)
207 return r;
208
209 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
210 return -ENOMEM;
211
212 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
213 if (r < 0)
214 return r;
215
216 u->no_gc = true;
217 unit_ref_set(&s->service, u);
218
219 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
220 }
221
222 static bool have_non_accept_socket(Socket *s) {
223 SocketPort *p;
224
225 assert(s);
226
227 if (!s->accept)
228 return true;
229
230 LIST_FOREACH(port, p, s->ports) {
231
232 if (p->type != SOCKET_SOCKET)
233 return true;
234
235 if (!socket_address_can_accept(&p->address))
236 return true;
237 }
238
239 return false;
240 }
241
242 static int socket_add_mount_links(Socket *s) {
243 SocketPort *p;
244 int r;
245
246 assert(s);
247
248 LIST_FOREACH(port, p, s->ports) {
249 const char *path = NULL;
250
251 if (p->type == SOCKET_SOCKET)
252 path = socket_address_get_path(&p->address);
253 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
254 path = p->path;
255
256 if (!path)
257 continue;
258
259 r = unit_require_mounts_for(UNIT(s), path);
260 if (r < 0)
261 return r;
262 }
263
264 return 0;
265 }
266
267 static int socket_add_device_link(Socket *s) {
268 char *t;
269
270 assert(s);
271
272 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
273 return 0;
274
275 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
276 return unit_add_node_link(UNIT(s), t, false);
277 }
278
279 static int socket_add_default_dependencies(Socket *s) {
280 int r;
281 assert(s);
282
283 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
284 if (r < 0)
285 return r;
286
287 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
288 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
289 if (r < 0)
290 return r;
291 }
292
293 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
294 }
295
296 _pure_ static bool socket_has_exec(Socket *s) {
297 unsigned i;
298 assert(s);
299
300 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
301 if (s->exec_command[i])
302 return true;
303
304 return false;
305 }
306
307 static int socket_add_extras(Socket *s) {
308 Unit *u = UNIT(s);
309 int r;
310
311 assert(s);
312
313 if (have_non_accept_socket(s)) {
314
315 if (!UNIT_DEREF(s->service)) {
316 Unit *x;
317
318 r = unit_load_related_unit(u, ".service", &x);
319 if (r < 0)
320 return r;
321
322 unit_ref_set(&s->service, x);
323 }
324
325 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
326 if (r < 0)
327 return r;
328 }
329
330 r = socket_add_mount_links(s);
331 if (r < 0)
332 return r;
333
334 r = socket_add_device_link(s);
335 if (r < 0)
336 return r;
337
338 r = unit_patch_contexts(u);
339 if (r < 0)
340 return r;
341
342 if (socket_has_exec(s)) {
343 r = unit_add_exec_dependencies(u, &s->exec_context);
344 if (r < 0)
345 return r;
346
347 r = unit_add_default_slice(u, &s->cgroup_context);
348 if (r < 0)
349 return r;
350 }
351
352 if (u->default_dependencies) {
353 r = socket_add_default_dependencies(s);
354 if (r < 0)
355 return r;
356 }
357
358 return 0;
359 }
360
361 static const char *socket_find_symlink_target(Socket *s) {
362 const char *found = NULL;
363 SocketPort *p;
364
365 LIST_FOREACH(port, p, s->ports) {
366 const char *f = NULL;
367
368 switch (p->type) {
369
370 case SOCKET_FIFO:
371 f = p->path;
372 break;
373
374 case SOCKET_SOCKET:
375 if (p->address.sockaddr.un.sun_path[0] != 0)
376 f = p->address.sockaddr.un.sun_path;
377 break;
378
379 default:
380 break;
381 }
382
383 if (f) {
384 if (found)
385 return NULL;
386
387 found = f;
388 }
389 }
390
391 return found;
392 }
393
394 static int socket_verify(Socket *s) {
395 assert(s);
396
397 if (UNIT(s)->load_state != UNIT_LOADED)
398 return 0;
399
400 if (!s->ports) {
401 log_unit_error(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
402 return -EINVAL;
403 }
404
405 if (s->accept && have_non_accept_socket(s)) {
406 log_unit_error(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
407 UNIT(s)->id);
408 return -EINVAL;
409 }
410
411 if (s->accept && s->max_connections <= 0) {
412 log_unit_error(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
413 return -EINVAL;
414 }
415
416 if (s->accept && UNIT_DEREF(s->service)) {
417 log_unit_error(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
418 return -EINVAL;
419 }
420
421 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
422 log_unit_error(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
423 return -EINVAL;
424 }
425
426 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
427 log_unit_error(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
428 return -EINVAL;
429 }
430
431 return 0;
432 }
433
434 static int socket_load(Unit *u) {
435 Socket *s = SOCKET(u);
436 int r;
437
438 assert(u);
439 assert(u->load_state == UNIT_STUB);
440
441 r = unit_load_fragment_and_dropin(u);
442 if (r < 0)
443 return r;
444
445 if (u->load_state == UNIT_LOADED) {
446 /* This is a new unit? Then let's add in some extras */
447 r = socket_add_extras(s);
448 if (r < 0)
449 return r;
450 }
451
452 return socket_verify(s);
453 }
454
455 _const_ static const char* listen_lookup(int family, int type) {
456
457 if (family == AF_NETLINK)
458 return "ListenNetlink";
459
460 if (type == SOCK_STREAM)
461 return "ListenStream";
462 else if (type == SOCK_DGRAM)
463 return "ListenDatagram";
464 else if (type == SOCK_SEQPACKET)
465 return "ListenSequentialPacket";
466
467 assert_not_reached("Unknown socket type");
468 return NULL;
469 }
470
471 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
472 char time_string[FORMAT_TIMESPAN_MAX];
473 SocketExecCommand c;
474 Socket *s = SOCKET(u);
475 SocketPort *p;
476 const char *prefix2;
477
478 assert(s);
479 assert(f);
480
481 prefix = strempty(prefix);
482 prefix2 = strjoina(prefix, "\t");
483
484 fprintf(f,
485 "%sSocket State: %s\n"
486 "%sResult: %s\n"
487 "%sBindIPv6Only: %s\n"
488 "%sBacklog: %u\n"
489 "%sSocketMode: %04o\n"
490 "%sDirectoryMode: %04o\n"
491 "%sKeepAlive: %s\n"
492 "%sNoDelay: %s\n"
493 "%sFreeBind: %s\n"
494 "%sTransparent: %s\n"
495 "%sBroadcast: %s\n"
496 "%sPassCredentials: %s\n"
497 "%sPassSecurity: %s\n"
498 "%sTCPCongestion: %s\n"
499 "%sRemoveOnStop: %s\n"
500 "%sSELinuxContextFromNet: %s\n",
501 prefix, socket_state_to_string(s->state),
502 prefix, socket_result_to_string(s->result),
503 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
504 prefix, s->backlog,
505 prefix, s->socket_mode,
506 prefix, s->directory_mode,
507 prefix, yes_no(s->keep_alive),
508 prefix, yes_no(s->no_delay),
509 prefix, yes_no(s->free_bind),
510 prefix, yes_no(s->transparent),
511 prefix, yes_no(s->broadcast),
512 prefix, yes_no(s->pass_cred),
513 prefix, yes_no(s->pass_sec),
514 prefix, strna(s->tcp_congestion),
515 prefix, yes_no(s->remove_on_stop),
516 prefix, yes_no(s->selinux_context_from_net));
517
518 if (s->control_pid > 0)
519 fprintf(f,
520 "%sControl PID: "PID_FMT"\n",
521 prefix, s->control_pid);
522
523 if (s->bind_to_device)
524 fprintf(f,
525 "%sBindToDevice: %s\n",
526 prefix, s->bind_to_device);
527
528 if (s->accept)
529 fprintf(f,
530 "%sAccepted: %u\n"
531 "%sNConnections: %u\n"
532 "%sMaxConnections: %u\n",
533 prefix, s->n_accepted,
534 prefix, s->n_connections,
535 prefix, s->max_connections);
536
537 if (s->priority >= 0)
538 fprintf(f,
539 "%sPriority: %i\n",
540 prefix, s->priority);
541
542 if (s->receive_buffer > 0)
543 fprintf(f,
544 "%sReceiveBuffer: %zu\n",
545 prefix, s->receive_buffer);
546
547 if (s->send_buffer > 0)
548 fprintf(f,
549 "%sSendBuffer: %zu\n",
550 prefix, s->send_buffer);
551
552 if (s->ip_tos >= 0)
553 fprintf(f,
554 "%sIPTOS: %i\n",
555 prefix, s->ip_tos);
556
557 if (s->ip_ttl >= 0)
558 fprintf(f,
559 "%sIPTTL: %i\n",
560 prefix, s->ip_ttl);
561
562 if (s->pipe_size > 0)
563 fprintf(f,
564 "%sPipeSize: %zu\n",
565 prefix, s->pipe_size);
566
567 if (s->mark >= 0)
568 fprintf(f,
569 "%sMark: %i\n",
570 prefix, s->mark);
571
572 if (s->mq_maxmsg > 0)
573 fprintf(f,
574 "%sMessageQueueMaxMessages: %li\n",
575 prefix, s->mq_maxmsg);
576
577 if (s->mq_msgsize > 0)
578 fprintf(f,
579 "%sMessageQueueMessageSize: %li\n",
580 prefix, s->mq_msgsize);
581
582 if (s->reuse_port)
583 fprintf(f,
584 "%sReusePort: %s\n",
585 prefix, yes_no(s->reuse_port));
586
587 if (s->smack)
588 fprintf(f,
589 "%sSmackLabel: %s\n",
590 prefix, s->smack);
591
592 if (s->smack_ip_in)
593 fprintf(f,
594 "%sSmackLabelIPIn: %s\n",
595 prefix, s->smack_ip_in);
596
597 if (s->smack_ip_out)
598 fprintf(f,
599 "%sSmackLabelIPOut: %s\n",
600 prefix, s->smack_ip_out);
601
602 if (!isempty(s->user) || !isempty(s->group))
603 fprintf(f,
604 "%sOwnerUser: %s\n"
605 "%sOwnerGroup: %s\n",
606 prefix, strna(s->user),
607 prefix, strna(s->group));
608
609 if (s->keep_alive_time > 0)
610 fprintf(f,
611 "%sKeepAliveTimeSec: %s\n",
612 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
613
614 if (s->keep_alive_interval)
615 fprintf(f,
616 "%sKeepAliveIntervalSec: %s\n",
617 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
618
619 if (s->keep_alive_cnt)
620 fprintf(f,
621 "%sKeepAliveProbes: %u\n",
622 prefix, s->keep_alive_cnt);
623
624 if (s->defer_accept)
625 fprintf(f,
626 "%sDeferAcceptSec: %s\n",
627 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
628
629 LIST_FOREACH(port, p, s->ports) {
630
631 if (p->type == SOCKET_SOCKET) {
632 const char *t;
633 int r;
634 char *k = NULL;
635
636 if ((r = socket_address_print(&p->address, &k)) < 0)
637 t = strerror(-r);
638 else
639 t = k;
640
641 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
642 free(k);
643 } else if (p->type == SOCKET_SPECIAL)
644 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
645 else if (p->type == SOCKET_MQUEUE)
646 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
647 else
648 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
649 }
650
651 exec_context_dump(&s->exec_context, f, prefix);
652 kill_context_dump(&s->kill_context, f, prefix);
653
654 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
655 if (!s->exec_command[c])
656 continue;
657
658 fprintf(f, "%s-> %s:\n",
659 prefix, socket_exec_command_to_string(c));
660
661 exec_command_dump_list(s->exec_command[c], f, prefix2);
662 }
663 }
664
665 static int instance_from_socket(int fd, unsigned nr, char **instance) {
666 socklen_t l;
667 char *r;
668 union sockaddr_union local, remote;
669
670 assert(fd >= 0);
671 assert(instance);
672
673 l = sizeof(local);
674 if (getsockname(fd, &local.sa, &l) < 0)
675 return -errno;
676
677 l = sizeof(remote);
678 if (getpeername(fd, &remote.sa, &l) < 0)
679 return -errno;
680
681 switch (local.sa.sa_family) {
682
683 case AF_INET: {
684 uint32_t
685 a = ntohl(local.in.sin_addr.s_addr),
686 b = ntohl(remote.in.sin_addr.s_addr);
687
688 if (asprintf(&r,
689 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
690 nr,
691 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
692 ntohs(local.in.sin_port),
693 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
694 ntohs(remote.in.sin_port)) < 0)
695 return -ENOMEM;
696
697 break;
698 }
699
700 case AF_INET6: {
701 static const unsigned char ipv4_prefix[] = {
702 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
703 };
704
705 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
706 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
707 const uint8_t
708 *a = local.in6.sin6_addr.s6_addr+12,
709 *b = remote.in6.sin6_addr.s6_addr+12;
710
711 if (asprintf(&r,
712 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
713 nr,
714 a[0], a[1], a[2], a[3],
715 ntohs(local.in6.sin6_port),
716 b[0], b[1], b[2], b[3],
717 ntohs(remote.in6.sin6_port)) < 0)
718 return -ENOMEM;
719 } else {
720 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
721
722 if (asprintf(&r,
723 "%u-%s:%u-%s:%u",
724 nr,
725 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
726 ntohs(local.in6.sin6_port),
727 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
728 ntohs(remote.in6.sin6_port)) < 0)
729 return -ENOMEM;
730 }
731
732 break;
733 }
734
735 case AF_UNIX: {
736 struct ucred ucred;
737 int k;
738
739 k = getpeercred(fd, &ucred);
740 if (k >= 0) {
741 if (asprintf(&r,
742 "%u-"PID_FMT"-"UID_FMT,
743 nr, ucred.pid, ucred.uid) < 0)
744 return -ENOMEM;
745 } else if (k == -ENODATA) {
746 /* This handles the case where somebody is
747 * connecting from another pid/uid namespace
748 * (e.g. from outside of our container). */
749 if (asprintf(&r,
750 "%u-unknown",
751 nr) < 0)
752 return -ENOMEM;
753 } else
754 return k;
755
756 break;
757 }
758
759 default:
760 assert_not_reached("Unhandled socket type.");
761 }
762
763 *instance = r;
764 return 0;
765 }
766
767 static void socket_close_fds(Socket *s) {
768 SocketPort *p;
769 char **i;
770
771 assert(s);
772
773 LIST_FOREACH(port, p, s->ports) {
774
775 p->event_source = sd_event_source_unref(p->event_source);
776
777 if (p->fd < 0)
778 continue;
779
780 p->fd = safe_close(p->fd);
781
782 /* One little note: we should normally not delete any
783 * sockets in the file system here! After all some
784 * other process we spawned might still have a
785 * reference of this fd and wants to continue to use
786 * it. Therefore we delete sockets in the file system
787 * before we create a new one, not after we stopped
788 * using one! */
789
790 if (s->remove_on_stop) {
791 switch (p->type) {
792
793 case SOCKET_FIFO:
794 unlink(p->path);
795 break;
796
797 case SOCKET_MQUEUE:
798 mq_unlink(p->path);
799 break;
800
801 case SOCKET_SOCKET:
802 socket_address_unlink(&p->address);
803 break;
804
805 default:
806 break;
807 }
808 }
809 }
810
811 if (s->remove_on_stop)
812 STRV_FOREACH(i, s->symlinks)
813 unlink(*i);
814 }
815
816 static void socket_apply_socket_options(Socket *s, int fd) {
817 int r;
818
819 assert(s);
820 assert(fd >= 0);
821
822 if (s->keep_alive) {
823 int b = s->keep_alive;
824 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
825 log_unit_warning(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
826 }
827
828 if (s->keep_alive_time) {
829 int value = s->keep_alive_time / USEC_PER_SEC;
830 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
831 log_unit_warning(UNIT(s)->id, "TCP_KEEPIDLE failed: %m");
832 }
833
834 if (s->keep_alive_interval) {
835 int value = s->keep_alive_interval / USEC_PER_SEC;
836 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
837 log_unit_warning(UNIT(s)->id, "TCP_KEEPINTVL failed: %m");
838 }
839
840 if (s->keep_alive_cnt) {
841 int value = s->keep_alive_cnt;
842 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
843 log_unit_warning(UNIT(s)->id, "TCP_KEEPCNT failed: %m");
844 }
845
846 if (s->defer_accept) {
847 int value = s->defer_accept / USEC_PER_SEC;
848 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
849 log_unit_warning(UNIT(s)->id, "TCP_DEFER_ACCEPT failed: %m");
850 }
851
852 if (s->no_delay) {
853 int b = s->no_delay;
854 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
855 log_unit_warning(UNIT(s)->id, "TCP_NODELAY failed: %m");
856 }
857
858 if (s->broadcast) {
859 int one = 1;
860 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
861 log_unit_warning(UNIT(s)->id, "SO_BROADCAST failed: %m");
862 }
863
864 if (s->pass_cred) {
865 int one = 1;
866 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
867 log_unit_warning(UNIT(s)->id, "SO_PASSCRED failed: %m");
868 }
869
870 if (s->pass_sec) {
871 int one = 1;
872 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
873 log_unit_warning(UNIT(s)->id, "SO_PASSSEC failed: %m");
874 }
875
876 if (s->priority >= 0)
877 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
878 log_unit_warning(UNIT(s)->id, "SO_PRIORITY failed: %m");
879
880 if (s->receive_buffer > 0) {
881 int value = (int) s->receive_buffer;
882
883 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
884
885 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
886 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
887 log_unit_warning(UNIT(s)->id, "SO_RCVBUF failed: %m");
888 }
889
890 if (s->send_buffer > 0) {
891 int value = (int) s->send_buffer;
892 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
893 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
894 log_unit_warning(UNIT(s)->id, "SO_SNDBUF failed: %m");
895 }
896
897 if (s->mark >= 0)
898 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
899 log_unit_warning(UNIT(s)->id, "SO_MARK failed: %m");
900
901 if (s->ip_tos >= 0)
902 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
903 log_unit_warning(UNIT(s)->id, "IP_TOS failed: %m");
904
905 if (s->ip_ttl >= 0) {
906 int x;
907
908 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
909
910 if (socket_ipv6_is_supported())
911 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
912 else {
913 x = -1;
914 errno = EAFNOSUPPORT;
915 }
916
917 if (r < 0 && x < 0)
918 log_unit_warning(UNIT(s)->id,
919 "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
920 }
921
922 if (s->tcp_congestion)
923 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
924 log_unit_warning(UNIT(s)->id, "TCP_CONGESTION failed: %m");
925
926 if (s->reuse_port) {
927 int b = s->reuse_port;
928 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
929 log_unit_warning(UNIT(s)->id, "SO_REUSEPORT failed: %m");
930 }
931
932 if (s->smack_ip_in) {
933 r = mac_smack_apply_ip_in_fd(fd, s->smack_ip_in);
934 if (r < 0)
935 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_ip_in_fd: %m");
936 }
937
938 if (s->smack_ip_out) {
939 r = mac_smack_apply_ip_out_fd(fd, s->smack_ip_out);
940 if (r < 0)
941 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_ip_out_fd: %m");
942 }
943 }
944
945 static void socket_apply_fifo_options(Socket *s, int fd) {
946 int r;
947
948 assert(s);
949 assert(fd >= 0);
950
951 if (s->pipe_size > 0)
952 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
953 log_unit_warning(UNIT(s)->id, "F_SETPIPE_SZ: %m");
954
955 if (s->smack) {
956 r = mac_smack_apply_fd(fd, s->smack);
957 if (r < 0)
958 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_fd: %m");
959 }
960 }
961
962 static int fifo_address_create(
963 const char *path,
964 mode_t directory_mode,
965 mode_t socket_mode,
966 int *_fd) {
967
968 int fd = -1, r = 0;
969 struct stat st;
970 mode_t old_mask;
971
972 assert(path);
973 assert(_fd);
974
975 mkdir_parents_label(path, directory_mode);
976
977 r = mac_selinux_create_file_prepare(path, S_IFIFO);
978 if (r < 0)
979 goto fail;
980
981 /* Enforce the right access mode for the fifo */
982 old_mask = umask(~ socket_mode);
983
984 /* Include the original umask in our mask */
985 umask(~socket_mode | old_mask);
986
987 r = mkfifo(path, socket_mode);
988 umask(old_mask);
989
990 if (r < 0 && errno != EEXIST) {
991 r = -errno;
992 goto fail;
993 }
994
995 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
996 r = -errno;
997 goto fail;
998 }
999
1000 mac_selinux_create_file_clear();
1001
1002 if (fstat(fd, &st) < 0) {
1003 r = -errno;
1004 goto fail;
1005 }
1006
1007 if (!S_ISFIFO(st.st_mode) ||
1008 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1009 st.st_uid != getuid() ||
1010 st.st_gid != getgid()) {
1011
1012 r = -EEXIST;
1013 goto fail;
1014 }
1015
1016 *_fd = fd;
1017 return 0;
1018
1019 fail:
1020 mac_selinux_create_file_clear();
1021 safe_close(fd);
1022
1023 return r;
1024 }
1025
1026 static int special_address_create(
1027 const char *path,
1028 int *_fd) {
1029
1030 int fd = -1, r = 0;
1031 struct stat st;
1032
1033 assert(path);
1034 assert(_fd);
1035
1036 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1037 if (fd < 0) {
1038 r = -errno;
1039 goto fail;
1040 }
1041
1042 if (fstat(fd, &st) < 0) {
1043 r = -errno;
1044 goto fail;
1045 }
1046
1047 /* Check whether this is a /proc, /sys or /dev file or char device */
1048 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1049 r = -EEXIST;
1050 goto fail;
1051 }
1052
1053 *_fd = fd;
1054 return 0;
1055
1056 fail:
1057 safe_close(fd);
1058
1059 return r;
1060 }
1061
1062 static int mq_address_create(
1063 const char *path,
1064 mode_t mq_mode,
1065 long maxmsg,
1066 long msgsize,
1067 int *_fd) {
1068
1069 int fd = -1, r = 0;
1070 struct stat st;
1071 mode_t old_mask;
1072 struct mq_attr _attr, *attr = NULL;
1073
1074 assert(path);
1075 assert(_fd);
1076
1077 if (maxmsg > 0 && msgsize > 0) {
1078 zero(_attr);
1079 _attr.mq_flags = O_NONBLOCK;
1080 _attr.mq_maxmsg = maxmsg;
1081 _attr.mq_msgsize = msgsize;
1082 attr = &_attr;
1083 }
1084
1085 /* Enforce the right access mode for the mq */
1086 old_mask = umask(~ mq_mode);
1087
1088 /* Include the original umask in our mask */
1089 umask(~mq_mode | old_mask);
1090 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1091 umask(old_mask);
1092
1093 if (fd < 0) {
1094 r = -errno;
1095 goto fail;
1096 }
1097
1098 if (fstat(fd, &st) < 0) {
1099 r = -errno;
1100 goto fail;
1101 }
1102
1103 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1104 st.st_uid != getuid() ||
1105 st.st_gid != getgid()) {
1106
1107 r = -EEXIST;
1108 goto fail;
1109 }
1110
1111 *_fd = fd;
1112 return 0;
1113
1114 fail:
1115 safe_close(fd);
1116 return r;
1117 }
1118
1119 static int socket_symlink(Socket *s) {
1120 const char *p;
1121 char **i;
1122
1123 assert(s);
1124
1125 p = socket_find_symlink_target(s);
1126 if (!p)
1127 return 0;
1128
1129 STRV_FOREACH(i, s->symlinks)
1130 symlink_label(p, *i);
1131
1132 return 0;
1133 }
1134
1135 static int socket_open_fds(Socket *s) {
1136 SocketPort *p;
1137 int r;
1138 char *label = NULL;
1139 bool know_label = false;
1140
1141 assert(s);
1142
1143 LIST_FOREACH(port, p, s->ports) {
1144
1145 if (p->fd >= 0)
1146 continue;
1147
1148 if (p->type == SOCKET_SOCKET) {
1149
1150 if (!know_label) {
1151 /* Figure out label, if we don't it know
1152 * yet. We do it once, for the first
1153 * socket where we need this and
1154 * remember it for the rest. */
1155
1156 if (s->selinux_context_from_net) {
1157 /* Get it from the network label */
1158
1159 r = mac_selinux_get_our_label(&label);
1160 if (r < 0 && r != -EOPNOTSUPP)
1161 goto rollback;
1162
1163 } else {
1164 /* Get it from the executable we are about to start */
1165
1166 r = socket_instantiate_service(s);
1167 if (r < 0)
1168 goto rollback;
1169
1170 if (UNIT_ISSET(s->service) &&
1171 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1172 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1173 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1174 goto rollback;
1175 }
1176 }
1177
1178 know_label = true;
1179 }
1180
1181 r = socket_address_listen(
1182 &p->address,
1183 SOCK_CLOEXEC|SOCK_NONBLOCK,
1184 s->backlog,
1185 s->bind_ipv6_only,
1186 s->bind_to_device,
1187 s->free_bind,
1188 s->transparent,
1189 s->directory_mode,
1190 s->socket_mode,
1191 label);
1192 if (r < 0)
1193 goto rollback;
1194
1195 p->fd = r;
1196 socket_apply_socket_options(s, p->fd);
1197 socket_symlink(s);
1198
1199 } else if (p->type == SOCKET_SPECIAL) {
1200
1201 r = special_address_create(
1202 p->path,
1203 &p->fd);
1204 if (r < 0)
1205 goto rollback;
1206
1207 } else if (p->type == SOCKET_FIFO) {
1208
1209 r = fifo_address_create(
1210 p->path,
1211 s->directory_mode,
1212 s->socket_mode,
1213 &p->fd);
1214 if (r < 0)
1215 goto rollback;
1216
1217 socket_apply_fifo_options(s, p->fd);
1218 socket_symlink(s);
1219
1220 } else if (p->type == SOCKET_MQUEUE) {
1221
1222 r = mq_address_create(
1223 p->path,
1224 s->socket_mode,
1225 s->mq_maxmsg,
1226 s->mq_msgsize,
1227 &p->fd);
1228 if (r < 0)
1229 goto rollback;
1230 } else
1231 assert_not_reached("Unknown port type");
1232 }
1233
1234 mac_selinux_free(label);
1235 return 0;
1236
1237 rollback:
1238 socket_close_fds(s);
1239 mac_selinux_free(label);
1240
1241 return r;
1242 }
1243
1244 static void socket_unwatch_fds(Socket *s) {
1245 SocketPort *p;
1246 int r;
1247
1248 assert(s);
1249
1250 LIST_FOREACH(port, p, s->ports) {
1251 if (p->fd < 0)
1252 continue;
1253
1254 if (!p->event_source)
1255 continue;
1256
1257 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1258 if (r < 0)
1259 log_unit_debug(UNIT(s)->id, "Failed to disable event source.");
1260 }
1261 }
1262
1263 static int socket_watch_fds(Socket *s) {
1264 SocketPort *p;
1265 int r;
1266
1267 assert(s);
1268
1269 LIST_FOREACH(port, p, s->ports) {
1270 if (p->fd < 0)
1271 continue;
1272
1273 if (p->event_source)
1274 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1275 else
1276 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1277
1278 if (r < 0) {
1279 log_unit_warning_errno(UNIT(s)->id, r, "Failed to watch listening fds: %m");
1280 goto fail;
1281 }
1282
1283 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1284 }
1285
1286 return 0;
1287
1288 fail:
1289 socket_unwatch_fds(s);
1290 return r;
1291 }
1292
1293 static void socket_set_state(Socket *s, SocketState state) {
1294 SocketState old_state;
1295 assert(s);
1296
1297 old_state = s->state;
1298 s->state = state;
1299
1300 if (!IN_SET(state,
1301 SOCKET_START_PRE,
1302 SOCKET_START_CHOWN,
1303 SOCKET_START_POST,
1304 SOCKET_STOP_PRE,
1305 SOCKET_STOP_PRE_SIGTERM,
1306 SOCKET_STOP_PRE_SIGKILL,
1307 SOCKET_STOP_POST,
1308 SOCKET_FINAL_SIGTERM,
1309 SOCKET_FINAL_SIGKILL)) {
1310
1311 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1312 socket_unwatch_control_pid(s);
1313 s->control_command = NULL;
1314 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1315 }
1316
1317 if (state != SOCKET_LISTENING)
1318 socket_unwatch_fds(s);
1319
1320 if (!IN_SET(state,
1321 SOCKET_START_CHOWN,
1322 SOCKET_START_POST,
1323 SOCKET_LISTENING,
1324 SOCKET_RUNNING,
1325 SOCKET_STOP_PRE,
1326 SOCKET_STOP_PRE_SIGTERM,
1327 SOCKET_STOP_PRE_SIGKILL))
1328 socket_close_fds(s);
1329
1330 if (state != old_state)
1331 log_unit_debug(UNIT(s)->id, "%s changed %s -> %s",
1332 UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
1333
1334 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1335 }
1336
1337 static int socket_coldplug(Unit *u) {
1338 Socket *s = SOCKET(u);
1339 int r;
1340
1341 assert(s);
1342 assert(s->state == SOCKET_DEAD);
1343
1344 if (s->deserialized_state == s->state)
1345 return 0;
1346
1347 if (IN_SET(s->deserialized_state,
1348 SOCKET_START_PRE,
1349 SOCKET_START_CHOWN,
1350 SOCKET_START_POST,
1351 SOCKET_STOP_PRE,
1352 SOCKET_STOP_PRE_SIGTERM,
1353 SOCKET_STOP_PRE_SIGKILL,
1354 SOCKET_STOP_POST,
1355 SOCKET_FINAL_SIGTERM,
1356 SOCKET_FINAL_SIGKILL)) {
1357
1358 if (s->control_pid <= 0)
1359 return -EBADMSG;
1360
1361 r = unit_watch_pid(UNIT(s), s->control_pid);
1362 if (r < 0)
1363 return r;
1364
1365 r = socket_arm_timer(s);
1366 if (r < 0)
1367 return r;
1368 }
1369
1370 if (IN_SET(s->deserialized_state,
1371 SOCKET_START_CHOWN,
1372 SOCKET_START_POST,
1373 SOCKET_LISTENING,
1374 SOCKET_RUNNING,
1375 SOCKET_STOP_PRE,
1376 SOCKET_STOP_PRE_SIGTERM,
1377 SOCKET_STOP_PRE_SIGKILL)) {
1378 r = socket_open_fds(s);
1379 if (r < 0)
1380 return r;
1381 }
1382
1383 if (s->deserialized_state == SOCKET_LISTENING) {
1384 r = socket_watch_fds(s);
1385 if (r < 0)
1386 return r;
1387 }
1388
1389 socket_set_state(s, s->deserialized_state);
1390 return 0;
1391 }
1392
1393 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1394 _cleanup_free_ char **argv = NULL;
1395 pid_t pid;
1396 int r;
1397 ExecParameters exec_params = {
1398 .apply_permissions = true,
1399 .apply_chroot = true,
1400 .apply_tty_stdin = true,
1401 };
1402
1403 assert(s);
1404 assert(c);
1405 assert(_pid);
1406
1407 (void) unit_realize_cgroup(UNIT(s));
1408 if (s->reset_cpu_usage) {
1409 (void) unit_reset_cpu_usage(UNIT(s));
1410 s->reset_cpu_usage = false;
1411 }
1412
1413 r = unit_setup_exec_runtime(UNIT(s));
1414 if (r < 0)
1415 goto fail;
1416
1417 r = socket_arm_timer(s);
1418 if (r < 0)
1419 goto fail;
1420
1421 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1422 if (r < 0)
1423 goto fail;
1424
1425 exec_params.argv = argv;
1426 exec_params.environment = UNIT(s)->manager->environment;
1427 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1428 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1429 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1430 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1431 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1432 exec_params.unit_id = UNIT(s)->id;
1433
1434 r = exec_spawn(c,
1435 &s->exec_context,
1436 &exec_params,
1437 s->exec_runtime,
1438 &pid);
1439 if (r < 0)
1440 goto fail;
1441
1442 r = unit_watch_pid(UNIT(s), pid);
1443 if (r < 0)
1444 /* FIXME: we need to do something here */
1445 goto fail;
1446
1447 *_pid = pid;
1448 return 0;
1449
1450 fail:
1451 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1452 return r;
1453 }
1454
1455 static int socket_chown(Socket *s, pid_t *_pid) {
1456 pid_t pid;
1457 int r;
1458
1459 r = socket_arm_timer(s);
1460 if (r < 0)
1461 goto fail;
1462
1463 /* We have to resolve the user names out-of-process, hence
1464 * let's fork here. It's messy, but well, what can we do? */
1465
1466 pid = fork();
1467 if (pid < 0)
1468 return -errno;
1469
1470 if (pid == 0) {
1471 SocketPort *p;
1472 uid_t uid = UID_INVALID;
1473 gid_t gid = GID_INVALID;
1474 int ret;
1475
1476 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1477 ignore_signals(SIGPIPE, -1);
1478 log_forget_fds();
1479
1480 if (!isempty(s->user)) {
1481 const char *user = s->user;
1482
1483 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1484 if (r < 0) {
1485 ret = EXIT_USER;
1486 goto fail_child;
1487 }
1488 }
1489
1490 if (!isempty(s->group)) {
1491 const char *group = s->group;
1492
1493 r = get_group_creds(&group, &gid);
1494 if (r < 0) {
1495 ret = EXIT_GROUP;
1496 goto fail_child;
1497 }
1498 }
1499
1500 LIST_FOREACH(port, p, s->ports) {
1501 const char *path = NULL;
1502
1503 if (p->type == SOCKET_SOCKET)
1504 path = socket_address_get_path(&p->address);
1505 else if (p->type == SOCKET_FIFO)
1506 path = p->path;
1507
1508 if (!path)
1509 continue;
1510
1511 if (chown(path, uid, gid) < 0) {
1512 r = -errno;
1513 ret = EXIT_CHOWN;
1514 goto fail_child;
1515 }
1516 }
1517
1518 _exit(0);
1519
1520 fail_child:
1521 log_open();
1522 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1523
1524 _exit(ret);
1525 }
1526
1527 r = unit_watch_pid(UNIT(s), pid);
1528 if (r < 0)
1529 goto fail;
1530
1531 *_pid = pid;
1532 return 0;
1533
1534 fail:
1535 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1536 return r;
1537 }
1538
1539 static void socket_enter_dead(Socket *s, SocketResult f) {
1540 assert(s);
1541
1542 if (f != SOCKET_SUCCESS)
1543 s->result = f;
1544
1545 exec_runtime_destroy(s->exec_runtime);
1546 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1547
1548 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1549
1550 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1551 }
1552
1553 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1554
1555 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1556 int r;
1557 assert(s);
1558
1559 if (f != SOCKET_SUCCESS)
1560 s->result = f;
1561
1562 socket_unwatch_control_pid(s);
1563 s->control_command_id = SOCKET_EXEC_STOP_POST;
1564 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1565
1566 if (s->control_command) {
1567 r = socket_spawn(s, s->control_command, &s->control_pid);
1568 if (r < 0)
1569 goto fail;
1570
1571 socket_set_state(s, SOCKET_STOP_POST);
1572 } else
1573 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1574
1575 return;
1576
1577 fail:
1578 log_unit_warning(UNIT(s)->id,
1579 "%s failed to run 'stop-post' task: %s",
1580 UNIT(s)->id, strerror(-r));
1581 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1582 }
1583
1584 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1585 int r;
1586
1587 assert(s);
1588
1589 if (f != SOCKET_SUCCESS)
1590 s->result = f;
1591
1592 r = unit_kill_context(
1593 UNIT(s),
1594 &s->kill_context,
1595 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1596 KILL_KILL : KILL_TERMINATE,
1597 -1,
1598 s->control_pid,
1599 false);
1600 if (r < 0)
1601 goto fail;
1602
1603 if (r > 0) {
1604 r = socket_arm_timer(s);
1605 if (r < 0)
1606 goto fail;
1607
1608 socket_set_state(s, state);
1609 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1610 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1611 else if (state == SOCKET_STOP_PRE_SIGKILL)
1612 socket_enter_stop_post(s, SOCKET_SUCCESS);
1613 else if (state == SOCKET_FINAL_SIGTERM)
1614 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1615 else
1616 socket_enter_dead(s, SOCKET_SUCCESS);
1617
1618 return;
1619
1620 fail:
1621 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to kill processes: %m", UNIT(s)->id);
1622
1623 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1624 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1625 else
1626 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1627 }
1628
1629 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1630 int r;
1631 assert(s);
1632
1633 if (f != SOCKET_SUCCESS)
1634 s->result = f;
1635
1636 socket_unwatch_control_pid(s);
1637 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1638 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1639
1640 if (s->control_command) {
1641 r = socket_spawn(s, s->control_command, &s->control_pid);
1642 if (r < 0)
1643 goto fail;
1644
1645 socket_set_state(s, SOCKET_STOP_PRE);
1646 } else
1647 socket_enter_stop_post(s, SOCKET_SUCCESS);
1648
1649 return;
1650
1651 fail:
1652 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'stop-pre' task: %m", UNIT(s)->id);
1653 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1654 }
1655
1656 static void socket_enter_listening(Socket *s) {
1657 int r;
1658 assert(s);
1659
1660 r = socket_watch_fds(s);
1661 if (r < 0) {
1662 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to watch sockets: %m", UNIT(s)->id);
1663 goto fail;
1664 }
1665
1666 socket_set_state(s, SOCKET_LISTENING);
1667 return;
1668
1669 fail:
1670 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1671 }
1672
1673 static void socket_enter_start_post(Socket *s) {
1674 int r;
1675 assert(s);
1676
1677 socket_unwatch_control_pid(s);
1678 s->control_command_id = SOCKET_EXEC_START_POST;
1679 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1680
1681 if (s->control_command) {
1682 r = socket_spawn(s, s->control_command, &s->control_pid);
1683 if (r < 0) {
1684 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'start-post' task: %m", UNIT(s)->id);
1685 goto fail;
1686 }
1687
1688 socket_set_state(s, SOCKET_START_POST);
1689 } else
1690 socket_enter_listening(s);
1691
1692 return;
1693
1694 fail:
1695 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1696 }
1697
1698 static void socket_enter_start_chown(Socket *s) {
1699 int r;
1700
1701 assert(s);
1702
1703 r = socket_open_fds(s);
1704 if (r < 0) {
1705 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to listen on sockets: %m", UNIT(s)->id);
1706 goto fail;
1707 }
1708
1709 if (!isempty(s->user) || !isempty(s->group)) {
1710
1711 socket_unwatch_control_pid(s);
1712 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1713 s->control_command = NULL;
1714
1715 r = socket_chown(s, &s->control_pid);
1716 if (r < 0) {
1717 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to fork 'start-chown' task: %m", UNIT(s)->id);
1718 goto fail;
1719 }
1720
1721 socket_set_state(s, SOCKET_START_CHOWN);
1722 } else
1723 socket_enter_start_post(s);
1724
1725 return;
1726
1727 fail:
1728 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1729 }
1730
1731 static void socket_enter_start_pre(Socket *s) {
1732 int r;
1733 assert(s);
1734
1735 socket_unwatch_control_pid(s);
1736 s->control_command_id = SOCKET_EXEC_START_PRE;
1737 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1738
1739 if (s->control_command) {
1740 r = socket_spawn(s, s->control_command, &s->control_pid);
1741 if (r < 0) {
1742 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'start-pre' task: %m", UNIT(s)->id);
1743 goto fail;
1744 }
1745
1746 socket_set_state(s, SOCKET_START_PRE);
1747 } else
1748 socket_enter_start_chown(s);
1749
1750 return;
1751
1752 fail:
1753 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1754 }
1755
1756 static void socket_enter_running(Socket *s, int cfd) {
1757 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1758 int r;
1759
1760 assert(s);
1761
1762 /* We don't take connections anymore if we are supposed to
1763 * shut down anyway */
1764 if (unit_stop_pending(UNIT(s))) {
1765
1766 log_unit_debug(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
1767
1768 if (cfd >= 0)
1769 safe_close(cfd);
1770 else {
1771 /* Flush all sockets by closing and reopening them */
1772 socket_close_fds(s);
1773
1774 r = socket_open_fds(s);
1775 if (r < 0) {
1776 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to listen on sockets: %m", UNIT(s)->id);
1777 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1778 return;
1779 }
1780
1781 r = socket_watch_fds(s);
1782 if (r < 0) {
1783 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to watch sockets: %m", UNIT(s)->id);
1784 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1785 }
1786 }
1787
1788 return;
1789 }
1790
1791 if (cfd < 0) {
1792 Iterator i;
1793 Unit *other;
1794 bool pending = false;
1795
1796 /* If there's already a start pending don't bother to
1797 * do anything */
1798 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1799 if (unit_active_or_pending(other)) {
1800 pending = true;
1801 break;
1802 }
1803
1804 if (!pending) {
1805 if (!UNIT_ISSET(s->service)) {
1806 log_unit_error(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
1807 r = -ENOENT;
1808 goto fail;
1809 }
1810
1811 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1812 if (r < 0)
1813 goto fail;
1814 }
1815
1816 socket_set_state(s, SOCKET_RUNNING);
1817 } else {
1818 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1819 Service *service;
1820
1821 if (s->n_connections >= s->max_connections) {
1822 log_unit_warning(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
1823 safe_close(cfd);
1824 return;
1825 }
1826
1827 r = socket_instantiate_service(s);
1828 if (r < 0)
1829 goto fail;
1830
1831 r = instance_from_socket(cfd, s->n_accepted, &instance);
1832 if (r < 0) {
1833 if (r != -ENOTCONN)
1834 goto fail;
1835
1836 /* ENOTCONN is legitimate if TCP RST was received.
1837 * This connection is over, but the socket unit lives on. */
1838 safe_close(cfd);
1839 return;
1840 }
1841
1842 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1843 if (r < 0)
1844 goto fail;
1845
1846 r = unit_name_build(prefix, instance, ".service", &name);
1847 if (r < 0)
1848 goto fail;
1849
1850 r = unit_add_name(UNIT_DEREF(s->service), name);
1851 if (r < 0)
1852 goto fail;
1853
1854 service = SERVICE(UNIT_DEREF(s->service));
1855 unit_ref_unset(&s->service);
1856 s->n_accepted ++;
1857
1858 UNIT(service)->no_gc = false;
1859
1860 unit_choose_id(UNIT(service), name);
1861
1862 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1863 if (r < 0)
1864 goto fail;
1865
1866 cfd = -1;
1867 s->n_connections ++;
1868
1869 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1870 if (r < 0)
1871 goto fail;
1872
1873 /* Notify clients about changed counters */
1874 unit_add_to_dbus_queue(UNIT(s));
1875 }
1876
1877 return;
1878
1879 fail:
1880 log_unit_warning(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1881 UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
1882 bus_error_message(&error, r));
1883
1884 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1885 safe_close(cfd);
1886 }
1887
1888 static void socket_run_next(Socket *s) {
1889 int r;
1890
1891 assert(s);
1892 assert(s->control_command);
1893 assert(s->control_command->command_next);
1894
1895 socket_unwatch_control_pid(s);
1896
1897 s->control_command = s->control_command->command_next;
1898
1899 r = socket_spawn(s, s->control_command, &s->control_pid);
1900 if (r < 0)
1901 goto fail;
1902
1903 return;
1904
1905 fail:
1906 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run next task: %m", UNIT(s)->id);
1907
1908 if (s->state == SOCKET_START_POST)
1909 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1910 else if (s->state == SOCKET_STOP_POST)
1911 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1912 else
1913 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1914 }
1915
1916 static int socket_start(Unit *u) {
1917 Socket *s = SOCKET(u);
1918
1919 assert(s);
1920
1921 /* We cannot fulfill this request right now, try again later
1922 * please! */
1923 if (IN_SET(s->state,
1924 SOCKET_STOP_PRE,
1925 SOCKET_STOP_PRE_SIGKILL,
1926 SOCKET_STOP_PRE_SIGTERM,
1927 SOCKET_STOP_POST,
1928 SOCKET_FINAL_SIGTERM,
1929 SOCKET_FINAL_SIGKILL))
1930 return -EAGAIN;
1931
1932 /* Already on it! */
1933 if (IN_SET(s->state,
1934 SOCKET_START_PRE,
1935 SOCKET_START_CHOWN,
1936 SOCKET_START_POST))
1937 return 0;
1938
1939 /* Cannot run this without the service being around */
1940 if (UNIT_ISSET(s->service)) {
1941 Service *service;
1942
1943 service = SERVICE(UNIT_DEREF(s->service));
1944
1945 if (UNIT(service)->load_state != UNIT_LOADED) {
1946 log_unit_error(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1947 return -ENOENT;
1948 }
1949
1950 /* If the service is already active we cannot start the
1951 * socket */
1952 if (service->state != SERVICE_DEAD &&
1953 service->state != SERVICE_FAILED &&
1954 service->state != SERVICE_AUTO_RESTART) {
1955 log_unit_error(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
1956 return -EBUSY;
1957 }
1958 }
1959
1960 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1961
1962 s->result = SOCKET_SUCCESS;
1963 s->reset_cpu_usage = true;
1964
1965 socket_enter_start_pre(s);
1966
1967 return 1;
1968 }
1969
1970 static int socket_stop(Unit *u) {
1971 Socket *s = SOCKET(u);
1972
1973 assert(s);
1974
1975 /* Already on it */
1976 if (IN_SET(s->state,
1977 SOCKET_STOP_PRE,
1978 SOCKET_STOP_PRE_SIGTERM,
1979 SOCKET_STOP_PRE_SIGKILL,
1980 SOCKET_STOP_POST,
1981 SOCKET_FINAL_SIGTERM,
1982 SOCKET_FINAL_SIGKILL))
1983 return 0;
1984
1985 /* If there's already something running we go directly into
1986 * kill mode. */
1987 if (IN_SET(s->state,
1988 SOCKET_START_PRE,
1989 SOCKET_START_CHOWN,
1990 SOCKET_START_POST)) {
1991 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1992 return -EAGAIN;
1993 }
1994
1995 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1996
1997 socket_enter_stop_pre(s, SOCKET_SUCCESS);
1998 return 1;
1999 }
2000
2001 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2002 Socket *s = SOCKET(u);
2003 SocketPort *p;
2004 int r;
2005
2006 assert(u);
2007 assert(f);
2008 assert(fds);
2009
2010 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2011 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2012 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2013
2014 if (s->control_pid > 0)
2015 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2016
2017 if (s->control_command_id >= 0)
2018 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2019
2020 LIST_FOREACH(port, p, s->ports) {
2021 int copy;
2022
2023 if (p->fd < 0)
2024 continue;
2025
2026 copy = fdset_put_dup(fds, p->fd);
2027 if (copy < 0)
2028 return copy;
2029
2030 if (p->type == SOCKET_SOCKET) {
2031 _cleanup_free_ char *t = NULL;
2032
2033 r = socket_address_print(&p->address, &t);
2034 if (r < 0)
2035 return r;
2036
2037 if (socket_address_family(&p->address) == AF_NETLINK)
2038 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2039 else
2040 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2041
2042 } else if (p->type == SOCKET_SPECIAL)
2043 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2044 else if (p->type == SOCKET_MQUEUE)
2045 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2046 else {
2047 assert(p->type == SOCKET_FIFO);
2048 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2049 }
2050 }
2051
2052 return 0;
2053 }
2054
2055 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2056 Socket *s = SOCKET(u);
2057
2058 assert(u);
2059 assert(key);
2060 assert(value);
2061
2062 if (streq(key, "state")) {
2063 SocketState state;
2064
2065 state = socket_state_from_string(value);
2066 if (state < 0)
2067 log_unit_debug(u->id, "Failed to parse state value %s", value);
2068 else
2069 s->deserialized_state = state;
2070 } else if (streq(key, "result")) {
2071 SocketResult f;
2072
2073 f = socket_result_from_string(value);
2074 if (f < 0)
2075 log_unit_debug(u->id, "Failed to parse result value %s", value);
2076 else if (f != SOCKET_SUCCESS)
2077 s->result = f;
2078
2079 } else if (streq(key, "n-accepted")) {
2080 unsigned k;
2081
2082 if (safe_atou(value, &k) < 0)
2083 log_unit_debug(u->id, "Failed to parse n-accepted value %s", value);
2084 else
2085 s->n_accepted += k;
2086 } else if (streq(key, "control-pid")) {
2087 pid_t pid;
2088
2089 if (parse_pid(value, &pid) < 0)
2090 log_unit_debug(u->id, "Failed to parse control-pid value %s", value);
2091 else
2092 s->control_pid = pid;
2093 } else if (streq(key, "control-command")) {
2094 SocketExecCommand id;
2095
2096 id = socket_exec_command_from_string(value);
2097 if (id < 0)
2098 log_unit_debug(u->id, "Failed to parse exec-command value %s", value);
2099 else {
2100 s->control_command_id = id;
2101 s->control_command = s->exec_command[id];
2102 }
2103 } else if (streq(key, "fifo")) {
2104 int fd, skip = 0;
2105 SocketPort *p;
2106
2107 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2108 log_unit_debug(u->id, "Failed to parse fifo value %s", value);
2109 else {
2110
2111 LIST_FOREACH(port, p, s->ports)
2112 if (p->type == SOCKET_FIFO &&
2113 path_equal_or_files_same(p->path, value+skip))
2114 break;
2115
2116 if (p) {
2117 safe_close(p->fd);
2118 p->fd = fdset_remove(fds, fd);
2119 }
2120 }
2121
2122 } else if (streq(key, "special")) {
2123 int fd, skip = 0;
2124 SocketPort *p;
2125
2126 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2127 log_unit_debug(u->id, "Failed to parse special value %s", value);
2128 else {
2129
2130 LIST_FOREACH(port, p, s->ports)
2131 if (p->type == SOCKET_SPECIAL &&
2132 path_equal_or_files_same(p->path, value+skip))
2133 break;
2134
2135 if (p) {
2136 safe_close(p->fd);
2137 p->fd = fdset_remove(fds, fd);
2138 }
2139 }
2140
2141 } else if (streq(key, "mqueue")) {
2142 int fd, skip = 0;
2143 SocketPort *p;
2144
2145 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2146 log_unit_debug(u->id, "Failed to parse mqueue value %s", value);
2147 else {
2148
2149 LIST_FOREACH(port, p, s->ports)
2150 if (p->type == SOCKET_MQUEUE &&
2151 streq(p->path, value+skip))
2152 break;
2153
2154 if (p) {
2155 safe_close(p->fd);
2156 p->fd = fdset_remove(fds, fd);
2157 }
2158 }
2159
2160 } else if (streq(key, "socket")) {
2161 int fd, type, skip = 0;
2162 SocketPort *p;
2163
2164 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2165 log_unit_debug(u->id, "Failed to parse socket value %s", value);
2166 else {
2167
2168 LIST_FOREACH(port, p, s->ports)
2169 if (socket_address_is(&p->address, value+skip, type))
2170 break;
2171
2172 if (p) {
2173 safe_close(p->fd);
2174 p->fd = fdset_remove(fds, fd);
2175 }
2176 }
2177
2178 } else if (streq(key, "netlink")) {
2179 int fd, skip = 0;
2180 SocketPort *p;
2181
2182 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2183 log_unit_debug(u->id, "Failed to parse socket value %s", value);
2184 else {
2185
2186 LIST_FOREACH(port, p, s->ports)
2187 if (socket_address_is_netlink(&p->address, value+skip))
2188 break;
2189
2190 if (p) {
2191 safe_close(p->fd);
2192 p->fd = fdset_remove(fds, fd);
2193 }
2194 }
2195 } else
2196 log_unit_debug(UNIT(s)->id, "Unknown serialization key '%s'", key);
2197
2198 return 0;
2199 }
2200
2201 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2202 Socket *s = SOCKET(u);
2203 SocketPort *p;
2204
2205 assert(u);
2206
2207 LIST_FOREACH(port, p, s->ports) {
2208 Iterator i;
2209 int fd;
2210
2211 if (p->type != SOCKET_SOCKET)
2212 continue;
2213
2214 if (p->fd >= 0)
2215 continue;
2216
2217 FDSET_FOREACH(fd, fds, i) {
2218 if (socket_address_matches_fd(&p->address, fd)) {
2219 p->fd = fdset_remove(fds, fd);
2220 s->deserialized_state = SOCKET_LISTENING;
2221 break;
2222 }
2223 }
2224 }
2225
2226 return 0;
2227 }
2228
2229 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2230 assert(u);
2231
2232 return state_translation_table[SOCKET(u)->state];
2233 }
2234
2235 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2236 assert(u);
2237
2238 return socket_state_to_string(SOCKET(u)->state);
2239 }
2240
2241 const char* socket_port_type_to_string(SocketPort *p) {
2242
2243 assert(p);
2244
2245 switch (p->type) {
2246
2247 case SOCKET_SOCKET:
2248
2249 switch (p->address.type) {
2250
2251 case SOCK_STREAM:
2252 return "Stream";
2253
2254 case SOCK_DGRAM:
2255 return "Datagram";
2256
2257 case SOCK_SEQPACKET:
2258 return "SequentialPacket";
2259
2260 case SOCK_RAW:
2261 if (socket_address_family(&p->address) == AF_NETLINK)
2262 return "Netlink";
2263
2264 default:
2265 return NULL;
2266 }
2267
2268 case SOCKET_SPECIAL:
2269 return "Special";
2270
2271 case SOCKET_MQUEUE:
2272 return "MessageQueue";
2273
2274 case SOCKET_FIFO:
2275 return "FIFO";
2276
2277 default:
2278 return NULL;
2279 }
2280 }
2281
2282 _pure_ static bool socket_check_gc(Unit *u) {
2283 Socket *s = SOCKET(u);
2284
2285 assert(u);
2286
2287 return s->n_connections > 0;
2288 }
2289
2290 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2291 SocketPort *p = userdata;
2292 int cfd = -1;
2293
2294 assert(p);
2295 assert(fd >= 0);
2296
2297 if (p->socket->state != SOCKET_LISTENING)
2298 return 0;
2299
2300 log_unit_debug(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
2301
2302 if (revents != EPOLLIN) {
2303
2304 if (revents & EPOLLHUP)
2305 log_unit_error(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
2306 UNIT(p->socket)->id);
2307 else
2308 log_unit_error(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
2309 UNIT(p->socket)->id, revents);
2310
2311 goto fail;
2312 }
2313
2314 if (p->socket->accept &&
2315 p->type == SOCKET_SOCKET &&
2316 socket_address_can_accept(&p->address)) {
2317
2318 for (;;) {
2319
2320 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2321 if (cfd < 0) {
2322
2323 if (errno == EINTR)
2324 continue;
2325
2326 log_unit_error(UNIT(p->socket)->id, "Failed to accept socket: %m");
2327 goto fail;
2328 }
2329
2330 break;
2331 }
2332
2333 socket_apply_socket_options(p->socket, cfd);
2334 }
2335
2336 socket_enter_running(p->socket, cfd);
2337 return 0;
2338
2339 fail:
2340 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2341 return 0;
2342 }
2343
2344 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2345 Socket *s = SOCKET(u);
2346 SocketResult f;
2347
2348 assert(s);
2349 assert(pid >= 0);
2350
2351 if (pid != s->control_pid)
2352 return;
2353
2354 s->control_pid = 0;
2355
2356 if (is_clean_exit(code, status, NULL))
2357 f = SOCKET_SUCCESS;
2358 else if (code == CLD_EXITED)
2359 f = SOCKET_FAILURE_EXIT_CODE;
2360 else if (code == CLD_KILLED)
2361 f = SOCKET_FAILURE_SIGNAL;
2362 else if (code == CLD_DUMPED)
2363 f = SOCKET_FAILURE_CORE_DUMP;
2364 else
2365 assert_not_reached("Unknown sigchld code");
2366
2367 if (s->control_command) {
2368 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2369
2370 if (s->control_command->ignore)
2371 f = SOCKET_SUCCESS;
2372 }
2373
2374 log_unit_full(u->id,
2375 f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
2376 "%s control process exited, code=%s status=%i",
2377 u->id, sigchld_code_to_string(code), status);
2378
2379 if (f != SOCKET_SUCCESS)
2380 s->result = f;
2381
2382 if (s->control_command &&
2383 s->control_command->command_next &&
2384 f == SOCKET_SUCCESS) {
2385
2386 log_unit_debug(u->id,
2387 "%s running next command for state %s",
2388 u->id, socket_state_to_string(s->state));
2389 socket_run_next(s);
2390 } else {
2391 s->control_command = NULL;
2392 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2393
2394 /* No further commands for this step, so let's figure
2395 * out what to do next */
2396
2397 log_unit_debug(u->id,
2398 "%s got final SIGCHLD for state %s",
2399 u->id, socket_state_to_string(s->state));
2400
2401 switch (s->state) {
2402
2403 case SOCKET_START_PRE:
2404 if (f == SOCKET_SUCCESS)
2405 socket_enter_start_chown(s);
2406 else
2407 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2408 break;
2409
2410 case SOCKET_START_CHOWN:
2411 if (f == SOCKET_SUCCESS)
2412 socket_enter_start_post(s);
2413 else
2414 socket_enter_stop_pre(s, f);
2415 break;
2416
2417 case SOCKET_START_POST:
2418 if (f == SOCKET_SUCCESS)
2419 socket_enter_listening(s);
2420 else
2421 socket_enter_stop_pre(s, f);
2422 break;
2423
2424 case SOCKET_STOP_PRE:
2425 case SOCKET_STOP_PRE_SIGTERM:
2426 case SOCKET_STOP_PRE_SIGKILL:
2427 socket_enter_stop_post(s, f);
2428 break;
2429
2430 case SOCKET_STOP_POST:
2431 case SOCKET_FINAL_SIGTERM:
2432 case SOCKET_FINAL_SIGKILL:
2433 socket_enter_dead(s, f);
2434 break;
2435
2436 default:
2437 assert_not_reached("Uh, control process died at wrong time.");
2438 }
2439 }
2440
2441 /* Notify clients about changed exit status */
2442 unit_add_to_dbus_queue(u);
2443 }
2444
2445 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2446 Socket *s = SOCKET(userdata);
2447
2448 assert(s);
2449 assert(s->timer_event_source == source);
2450
2451 switch (s->state) {
2452
2453 case SOCKET_START_PRE:
2454 log_unit_warning(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
2455 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2456 break;
2457
2458 case SOCKET_START_CHOWN:
2459 case SOCKET_START_POST:
2460 log_unit_warning(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
2461 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2462 break;
2463
2464 case SOCKET_STOP_PRE:
2465 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
2466 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2467 break;
2468
2469 case SOCKET_STOP_PRE_SIGTERM:
2470 if (s->kill_context.send_sigkill) {
2471 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
2472 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2473 } else {
2474 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2475 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2476 }
2477 break;
2478
2479 case SOCKET_STOP_PRE_SIGKILL:
2480 log_unit_warning(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
2481 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2482 break;
2483
2484 case SOCKET_STOP_POST:
2485 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
2486 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2487 break;
2488
2489 case SOCKET_FINAL_SIGTERM:
2490 if (s->kill_context.send_sigkill) {
2491 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
2492 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2493 } else {
2494 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2495 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2496 }
2497 break;
2498
2499 case SOCKET_FINAL_SIGKILL:
2500 log_unit_warning(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
2501 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2502 break;
2503
2504 default:
2505 assert_not_reached("Timeout at wrong time.");
2506 }
2507
2508 return 0;
2509 }
2510
2511 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2512 int *rfds;
2513 unsigned rn_fds, k;
2514 SocketPort *p;
2515
2516 assert(s);
2517 assert(fds);
2518 assert(n_fds);
2519
2520 /* Called from the service code for requesting our fds */
2521
2522 rn_fds = 0;
2523 LIST_FOREACH(port, p, s->ports)
2524 if (p->fd >= 0)
2525 rn_fds++;
2526
2527 if (rn_fds <= 0) {
2528 *fds = NULL;
2529 *n_fds = 0;
2530 return 0;
2531 }
2532
2533 rfds = new(int, rn_fds);
2534 if (!rfds)
2535 return -ENOMEM;
2536
2537 k = 0;
2538 LIST_FOREACH(port, p, s->ports)
2539 if (p->fd >= 0)
2540 rfds[k++] = p->fd;
2541
2542 assert(k == rn_fds);
2543
2544 *fds = rfds;
2545 *n_fds = rn_fds;
2546
2547 return 0;
2548 }
2549
2550 static void socket_reset_failed(Unit *u) {
2551 Socket *s = SOCKET(u);
2552
2553 assert(s);
2554
2555 if (s->state == SOCKET_FAILED)
2556 socket_set_state(s, SOCKET_DEAD);
2557
2558 s->result = SOCKET_SUCCESS;
2559 }
2560
2561 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2562 assert(s);
2563
2564 /* The service is dead. Dang!
2565 *
2566 * This is strictly for one-instance-for-all-connections
2567 * services. */
2568
2569 if (s->state == SOCKET_RUNNING) {
2570 log_unit_debug(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
2571 if (failed_permanent)
2572 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2573 else
2574 socket_enter_listening(s);
2575 }
2576 }
2577
2578 void socket_connection_unref(Socket *s) {
2579 assert(s);
2580
2581 /* The service is dead. Yay!
2582 *
2583 * This is strictly for one-instance-per-connection
2584 * services. */
2585
2586 assert(s->n_connections > 0);
2587 s->n_connections--;
2588
2589 log_unit_debug(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
2590 }
2591
2592 static void socket_trigger_notify(Unit *u, Unit *other) {
2593 Socket *s = SOCKET(u);
2594 Service *se;
2595
2596 assert(u);
2597 assert(other);
2598
2599 /* Don't propagate state changes from the service if we are
2600 already down or accepting connections */
2601 if ((s->state != SOCKET_RUNNING &&
2602 s->state != SOCKET_LISTENING) ||
2603 s->accept)
2604 return;
2605
2606 if (other->load_state != UNIT_LOADED ||
2607 other->type != UNIT_SERVICE)
2608 return;
2609
2610 se = SERVICE(other);
2611
2612 if (se->state == SERVICE_FAILED)
2613 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2614
2615 if (se->state == SERVICE_DEAD ||
2616 se->state == SERVICE_FINAL_SIGTERM ||
2617 se->state == SERVICE_FINAL_SIGKILL ||
2618 se->state == SERVICE_AUTO_RESTART)
2619 socket_notify_service_dead(s, false);
2620
2621 if (se->state == SERVICE_RUNNING)
2622 socket_set_state(s, SOCKET_RUNNING);
2623 }
2624
2625 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2626 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2627 }
2628
2629 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2630 Socket *s = SOCKET(u);
2631 int r;
2632
2633 if (!s->timer_event_source)
2634 return 0;
2635
2636 r = sd_event_source_get_time(s->timer_event_source, timeout);
2637 if (r < 0)
2638 return r;
2639
2640 return 1;
2641 }
2642
2643 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2644 [SOCKET_DEAD] = "dead",
2645 [SOCKET_START_PRE] = "start-pre",
2646 [SOCKET_START_CHOWN] = "start-chown",
2647 [SOCKET_START_POST] = "start-post",
2648 [SOCKET_LISTENING] = "listening",
2649 [SOCKET_RUNNING] = "running",
2650 [SOCKET_STOP_PRE] = "stop-pre",
2651 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2652 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2653 [SOCKET_STOP_POST] = "stop-post",
2654 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2655 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2656 [SOCKET_FAILED] = "failed"
2657 };
2658
2659 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2660
2661 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2662 [SOCKET_EXEC_START_PRE] = "StartPre",
2663 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2664 [SOCKET_EXEC_START_POST] = "StartPost",
2665 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2666 [SOCKET_EXEC_STOP_POST] = "StopPost"
2667 };
2668
2669 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2670
2671 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2672 [SOCKET_SUCCESS] = "success",
2673 [SOCKET_FAILURE_RESOURCES] = "resources",
2674 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2675 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2676 [SOCKET_FAILURE_SIGNAL] = "signal",
2677 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2678 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2679 };
2680
2681 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2682
2683 const UnitVTable socket_vtable = {
2684 .object_size = sizeof(Socket),
2685 .exec_context_offset = offsetof(Socket, exec_context),
2686 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2687 .kill_context_offset = offsetof(Socket, kill_context),
2688 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2689
2690 .sections =
2691 "Unit\0"
2692 "Socket\0"
2693 "Install\0",
2694 .private_section = "Socket",
2695
2696 .init = socket_init,
2697 .done = socket_done,
2698 .load = socket_load,
2699
2700 .coldplug = socket_coldplug,
2701
2702 .dump = socket_dump,
2703
2704 .start = socket_start,
2705 .stop = socket_stop,
2706
2707 .kill = socket_kill,
2708
2709 .get_timeout = socket_get_timeout,
2710
2711 .serialize = socket_serialize,
2712 .deserialize_item = socket_deserialize_item,
2713 .distribute_fds = socket_distribute_fds,
2714
2715 .active_state = socket_active_state,
2716 .sub_state_to_string = socket_sub_state_to_string,
2717
2718 .check_gc = socket_check_gc,
2719
2720 .sigchld_event = socket_sigchld_event,
2721
2722 .trigger_notify = socket_trigger_notify,
2723
2724 .reset_failed = socket_reset_failed,
2725
2726 .bus_interface = "org.freedesktop.systemd1.Socket",
2727 .bus_vtable = bus_socket_vtable,
2728 .bus_set_property = bus_socket_set_property,
2729 .bus_commit_properties = bus_socket_commit_properties,
2730
2731 .status_message_formats = {
2732 /*.starting_stopping = {
2733 [0] = "Starting socket %s...",
2734 [1] = "Stopping socket %s...",
2735 },*/
2736 .finished_start_job = {
2737 [JOB_DONE] = "Listening on %s.",
2738 [JOB_FAILED] = "Failed to listen on %s.",
2739 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2740 [JOB_TIMEOUT] = "Timed out starting %s.",
2741 },
2742 .finished_stop_job = {
2743 [JOB_DONE] = "Closed %s.",
2744 [JOB_FAILED] = "Failed stopping %s.",
2745 [JOB_TIMEOUT] = "Timed out stopping %s.",
2746 },
2747 },
2748 };
Unnamed repository; edit this file 'description' to name the repository.