]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tty-ask-password: Split out password sending
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <arpa/inet.h>
23 #include <errno.h>
24 #include <fcntl.h>
25 #include <mqueue.h>
26 #include <netinet/tcp.h>
27 #include <signal.h>
28 #include <sys/epoll.h>
29 #include <sys/stat.h>
30 #include <unistd.h>
31 #include <linux/sctp.h>
32
33 #include "sd-event.h"
34 #include "alloc-util.h"
35 #include "bus-error.h"
36 #include "bus-util.h"
37 #include "copy.h"
38 #include "dbus-socket.h"
39 #include "def.h"
40 #include "exit-status.h"
41 #include "fd-util.h"
42 #include "formats-util.h"
43 #include "label.h"
44 #include "log.h"
45 #include "missing.h"
46 #include "mkdir.h"
47 #include "parse-util.h"
48 #include "path-util.h"
49 #include "process-util.h"
50 #include "selinux-util.h"
51 #include "signal-util.h"
52 #include "smack-util.h"
53 #include "socket.h"
54 #include "special.h"
55 #include "string-table.h"
56 #include "string-util.h"
57 #include "strv.h"
58 #include "unit-name.h"
59 #include "unit-printf.h"
60 #include "unit.h"
61 #include "user-util.h"
62
63 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
64 [SOCKET_DEAD] = UNIT_INACTIVE,
65 [SOCKET_START_PRE] = UNIT_ACTIVATING,
66 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
67 [SOCKET_START_POST] = UNIT_ACTIVATING,
68 [SOCKET_LISTENING] = UNIT_ACTIVE,
69 [SOCKET_RUNNING] = UNIT_ACTIVE,
70 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
71 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
72 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
73 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
74 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
75 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
76 [SOCKET_FAILED] = UNIT_FAILED
77 };
78
79 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
80 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
81
82 static void socket_init(Unit *u) {
83 Socket *s = SOCKET(u);
84
85 assert(u);
86 assert(u->load_state == UNIT_STUB);
87
88 s->backlog = SOMAXCONN;
89 s->timeout_usec = u->manager->default_timeout_start_usec;
90 s->directory_mode = 0755;
91 s->socket_mode = 0666;
92
93 s->max_connections = 64;
94
95 s->priority = -1;
96 s->ip_tos = -1;
97 s->ip_ttl = -1;
98 s->mark = -1;
99
100 s->exec_context.std_output = u->manager->default_std_output;
101 s->exec_context.std_error = u->manager->default_std_error;
102
103 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
104 }
105
106 static void socket_unwatch_control_pid(Socket *s) {
107 assert(s);
108
109 if (s->control_pid <= 0)
110 return;
111
112 unit_unwatch_pid(UNIT(s), s->control_pid);
113 s->control_pid = 0;
114 }
115
116 static void socket_cleanup_fd_list(SocketPort *p) {
117 assert(p);
118
119 close_many(p->auxiliary_fds, p->n_auxiliary_fds);
120 p->auxiliary_fds = mfree(p->auxiliary_fds);
121 p->n_auxiliary_fds = 0;
122 }
123
124 void socket_free_ports(Socket *s) {
125 SocketPort *p;
126
127 assert(s);
128
129 while ((p = s->ports)) {
130 LIST_REMOVE(port, s->ports, p);
131
132 sd_event_source_unref(p->event_source);
133
134 socket_cleanup_fd_list(p);
135 safe_close(p->fd);
136 free(p->path);
137 free(p);
138 }
139 }
140
141 static void socket_done(Unit *u) {
142 Socket *s = SOCKET(u);
143
144 assert(s);
145
146 socket_free_ports(s);
147
148 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
149 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
150 s->control_command = NULL;
151
152 socket_unwatch_control_pid(s);
153
154 unit_ref_unset(&s->service);
155
156 s->tcp_congestion = mfree(s->tcp_congestion);
157 s->bind_to_device = mfree(s->bind_to_device);
158
159 s->smack = mfree(s->smack);
160 s->smack_ip_in = mfree(s->smack_ip_in);
161 s->smack_ip_out = mfree(s->smack_ip_out);
162
163 strv_free(s->symlinks);
164
165 s->user = mfree(s->user);
166 s->group = mfree(s->group);
167
168 s->fdname = mfree(s->fdname);
169
170 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
171 }
172
173 static int socket_arm_timer(Socket *s, usec_t usec) {
174 int r;
175
176 assert(s);
177
178 if (s->timer_event_source) {
179 r = sd_event_source_set_time(s->timer_event_source, usec);
180 if (r < 0)
181 return r;
182
183 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
184 }
185
186 if (usec == USEC_INFINITY)
187 return 0;
188
189 r = sd_event_add_time(
190 UNIT(s)->manager->event,
191 &s->timer_event_source,
192 CLOCK_MONOTONIC,
193 usec, 0,
194 socket_dispatch_timer, s);
195 if (r < 0)
196 return r;
197
198 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
199
200 return 0;
201 }
202
203 int socket_instantiate_service(Socket *s) {
204 _cleanup_free_ char *prefix = NULL, *name = NULL;
205 int r;
206 Unit *u;
207
208 assert(s);
209
210 /* This fills in s->service if it isn't filled in yet. For
211 * Accept=yes sockets we create the next connection service
212 * here. For Accept=no this is mostly a NOP since the service
213 * is figured out at load time anyway. */
214
215 if (UNIT_DEREF(s->service))
216 return 0;
217
218 if (!s->accept)
219 return 0;
220
221 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
222 if (r < 0)
223 return r;
224
225 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
226 return -ENOMEM;
227
228 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
229 if (r < 0)
230 return r;
231
232 u->no_gc = true;
233 unit_ref_set(&s->service, u);
234
235 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
236 }
237
238 static bool have_non_accept_socket(Socket *s) {
239 SocketPort *p;
240
241 assert(s);
242
243 if (!s->accept)
244 return true;
245
246 LIST_FOREACH(port, p, s->ports) {
247
248 if (p->type != SOCKET_SOCKET)
249 return true;
250
251 if (!socket_address_can_accept(&p->address))
252 return true;
253 }
254
255 return false;
256 }
257
258 static int socket_add_mount_links(Socket *s) {
259 SocketPort *p;
260 int r;
261
262 assert(s);
263
264 LIST_FOREACH(port, p, s->ports) {
265 const char *path = NULL;
266
267 if (p->type == SOCKET_SOCKET)
268 path = socket_address_get_path(&p->address);
269 else if (IN_SET(p->type, SOCKET_FIFO, SOCKET_SPECIAL, SOCKET_USB_FUNCTION))
270 path = p->path;
271
272 if (!path)
273 continue;
274
275 r = unit_require_mounts_for(UNIT(s), path);
276 if (r < 0)
277 return r;
278 }
279
280 return 0;
281 }
282
283 static int socket_add_device_link(Socket *s) {
284 char *t;
285
286 assert(s);
287
288 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
289 return 0;
290
291 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
292 return unit_add_node_link(UNIT(s), t, false, UNIT_BINDS_TO);
293 }
294
295 static int socket_add_default_dependencies(Socket *s) {
296 int r;
297 assert(s);
298
299 if (!UNIT(s)->default_dependencies)
300 return 0;
301
302 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
303 if (r < 0)
304 return r;
305
306 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
307 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
308 if (r < 0)
309 return r;
310 }
311
312 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
313 }
314
315 _pure_ static bool socket_has_exec(Socket *s) {
316 unsigned i;
317 assert(s);
318
319 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
320 if (s->exec_command[i])
321 return true;
322
323 return false;
324 }
325
326 static int socket_add_extras(Socket *s) {
327 Unit *u = UNIT(s);
328 int r;
329
330 assert(s);
331
332 if (have_non_accept_socket(s)) {
333
334 if (!UNIT_DEREF(s->service)) {
335 Unit *x;
336
337 r = unit_load_related_unit(u, ".service", &x);
338 if (r < 0)
339 return r;
340
341 unit_ref_set(&s->service, x);
342 }
343
344 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
345 if (r < 0)
346 return r;
347 }
348
349 r = socket_add_mount_links(s);
350 if (r < 0)
351 return r;
352
353 r = socket_add_device_link(s);
354 if (r < 0)
355 return r;
356
357 r = unit_patch_contexts(u);
358 if (r < 0)
359 return r;
360
361 if (socket_has_exec(s)) {
362 r = unit_add_exec_dependencies(u, &s->exec_context);
363 if (r < 0)
364 return r;
365
366 r = unit_set_default_slice(u);
367 if (r < 0)
368 return r;
369 }
370
371 r = socket_add_default_dependencies(s);
372 if (r < 0)
373 return r;
374
375 return 0;
376 }
377
378 static const char *socket_find_symlink_target(Socket *s) {
379 const char *found = NULL;
380 SocketPort *p;
381
382 LIST_FOREACH(port, p, s->ports) {
383 const char *f = NULL;
384
385 switch (p->type) {
386
387 case SOCKET_FIFO:
388 f = p->path;
389 break;
390
391 case SOCKET_SOCKET:
392 if (p->address.sockaddr.un.sun_path[0] != 0)
393 f = p->address.sockaddr.un.sun_path;
394 break;
395
396 default:
397 break;
398 }
399
400 if (f) {
401 if (found)
402 return NULL;
403
404 found = f;
405 }
406 }
407
408 return found;
409 }
410
411 static int socket_verify(Socket *s) {
412 assert(s);
413
414 if (UNIT(s)->load_state != UNIT_LOADED)
415 return 0;
416
417 if (!s->ports) {
418 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
419 return -EINVAL;
420 }
421
422 if (s->accept && have_non_accept_socket(s)) {
423 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
424 return -EINVAL;
425 }
426
427 if (s->accept && s->max_connections <= 0) {
428 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
429 return -EINVAL;
430 }
431
432 if (s->accept && UNIT_DEREF(s->service)) {
433 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
434 return -EINVAL;
435 }
436
437 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
438 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
439 return -EINVAL;
440 }
441
442 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
443 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
444 return -EINVAL;
445 }
446
447 return 0;
448 }
449
450 static int socket_load(Unit *u) {
451 Socket *s = SOCKET(u);
452 int r;
453
454 assert(u);
455 assert(u->load_state == UNIT_STUB);
456
457 r = unit_load_fragment_and_dropin(u);
458 if (r < 0)
459 return r;
460
461 if (u->load_state == UNIT_LOADED) {
462 /* This is a new unit? Then let's add in some extras */
463 r = socket_add_extras(s);
464 if (r < 0)
465 return r;
466 }
467
468 return socket_verify(s);
469 }
470
471 _const_ static const char* listen_lookup(int family, int type) {
472
473 if (family == AF_NETLINK)
474 return "ListenNetlink";
475
476 if (type == SOCK_STREAM)
477 return "ListenStream";
478 else if (type == SOCK_DGRAM)
479 return "ListenDatagram";
480 else if (type == SOCK_SEQPACKET)
481 return "ListenSequentialPacket";
482
483 assert_not_reached("Unknown socket type");
484 return NULL;
485 }
486
487 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
488 char time_string[FORMAT_TIMESPAN_MAX];
489 SocketExecCommand c;
490 Socket *s = SOCKET(u);
491 SocketPort *p;
492 const char *prefix2;
493
494 assert(s);
495 assert(f);
496
497 prefix = strempty(prefix);
498 prefix2 = strjoina(prefix, "\t");
499
500 fprintf(f,
501 "%sSocket State: %s\n"
502 "%sResult: %s\n"
503 "%sBindIPv6Only: %s\n"
504 "%sBacklog: %u\n"
505 "%sSocketMode: %04o\n"
506 "%sDirectoryMode: %04o\n"
507 "%sKeepAlive: %s\n"
508 "%sNoDelay: %s\n"
509 "%sFreeBind: %s\n"
510 "%sTransparent: %s\n"
511 "%sBroadcast: %s\n"
512 "%sPassCredentials: %s\n"
513 "%sPassSecurity: %s\n"
514 "%sTCPCongestion: %s\n"
515 "%sRemoveOnStop: %s\n"
516 "%sWritable: %s\n"
517 "%sFDName: %s\n"
518 "%sSELinuxContextFromNet: %s\n",
519 prefix, socket_state_to_string(s->state),
520 prefix, socket_result_to_string(s->result),
521 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
522 prefix, s->backlog,
523 prefix, s->socket_mode,
524 prefix, s->directory_mode,
525 prefix, yes_no(s->keep_alive),
526 prefix, yes_no(s->no_delay),
527 prefix, yes_no(s->free_bind),
528 prefix, yes_no(s->transparent),
529 prefix, yes_no(s->broadcast),
530 prefix, yes_no(s->pass_cred),
531 prefix, yes_no(s->pass_sec),
532 prefix, strna(s->tcp_congestion),
533 prefix, yes_no(s->remove_on_stop),
534 prefix, yes_no(s->writable),
535 prefix, socket_fdname(s),
536 prefix, yes_no(s->selinux_context_from_net));
537
538 if (s->control_pid > 0)
539 fprintf(f,
540 "%sControl PID: "PID_FMT"\n",
541 prefix, s->control_pid);
542
543 if (s->bind_to_device)
544 fprintf(f,
545 "%sBindToDevice: %s\n",
546 prefix, s->bind_to_device);
547
548 if (s->accept)
549 fprintf(f,
550 "%sAccepted: %u\n"
551 "%sNConnections: %u\n"
552 "%sMaxConnections: %u\n",
553 prefix, s->n_accepted,
554 prefix, s->n_connections,
555 prefix, s->max_connections);
556
557 if (s->priority >= 0)
558 fprintf(f,
559 "%sPriority: %i\n",
560 prefix, s->priority);
561
562 if (s->receive_buffer > 0)
563 fprintf(f,
564 "%sReceiveBuffer: %zu\n",
565 prefix, s->receive_buffer);
566
567 if (s->send_buffer > 0)
568 fprintf(f,
569 "%sSendBuffer: %zu\n",
570 prefix, s->send_buffer);
571
572 if (s->ip_tos >= 0)
573 fprintf(f,
574 "%sIPTOS: %i\n",
575 prefix, s->ip_tos);
576
577 if (s->ip_ttl >= 0)
578 fprintf(f,
579 "%sIPTTL: %i\n",
580 prefix, s->ip_ttl);
581
582 if (s->pipe_size > 0)
583 fprintf(f,
584 "%sPipeSize: %zu\n",
585 prefix, s->pipe_size);
586
587 if (s->mark >= 0)
588 fprintf(f,
589 "%sMark: %i\n",
590 prefix, s->mark);
591
592 if (s->mq_maxmsg > 0)
593 fprintf(f,
594 "%sMessageQueueMaxMessages: %li\n",
595 prefix, s->mq_maxmsg);
596
597 if (s->mq_msgsize > 0)
598 fprintf(f,
599 "%sMessageQueueMessageSize: %li\n",
600 prefix, s->mq_msgsize);
601
602 if (s->reuse_port)
603 fprintf(f,
604 "%sReusePort: %s\n",
605 prefix, yes_no(s->reuse_port));
606
607 if (s->smack)
608 fprintf(f,
609 "%sSmackLabel: %s\n",
610 prefix, s->smack);
611
612 if (s->smack_ip_in)
613 fprintf(f,
614 "%sSmackLabelIPIn: %s\n",
615 prefix, s->smack_ip_in);
616
617 if (s->smack_ip_out)
618 fprintf(f,
619 "%sSmackLabelIPOut: %s\n",
620 prefix, s->smack_ip_out);
621
622 if (!isempty(s->user) || !isempty(s->group))
623 fprintf(f,
624 "%sOwnerUser: %s\n"
625 "%sOwnerGroup: %s\n",
626 prefix, strna(s->user),
627 prefix, strna(s->group));
628
629 if (s->keep_alive_time > 0)
630 fprintf(f,
631 "%sKeepAliveTimeSec: %s\n",
632 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
633
634 if (s->keep_alive_interval)
635 fprintf(f,
636 "%sKeepAliveIntervalSec: %s\n",
637 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
638
639 if (s->keep_alive_cnt)
640 fprintf(f,
641 "%sKeepAliveProbes: %u\n",
642 prefix, s->keep_alive_cnt);
643
644 if (s->defer_accept)
645 fprintf(f,
646 "%sDeferAcceptSec: %s\n",
647 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
648
649 LIST_FOREACH(port, p, s->ports) {
650
651 if (p->type == SOCKET_SOCKET) {
652 const char *t;
653 int r;
654 char *k = NULL;
655
656 r = socket_address_print(&p->address, &k);
657 if (r < 0)
658 t = strerror(-r);
659 else
660 t = k;
661
662 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
663 free(k);
664 } else if (p->type == SOCKET_SPECIAL)
665 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
666 else if (p->type == SOCKET_USB_FUNCTION)
667 fprintf(f, "%sListenUSBFunction: %s\n", prefix, p->path);
668 else if (p->type == SOCKET_MQUEUE)
669 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
670 else
671 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
672 }
673
674 exec_context_dump(&s->exec_context, f, prefix);
675 kill_context_dump(&s->kill_context, f, prefix);
676
677 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
678 if (!s->exec_command[c])
679 continue;
680
681 fprintf(f, "%s-> %s:\n",
682 prefix, socket_exec_command_to_string(c));
683
684 exec_command_dump_list(s->exec_command[c], f, prefix2);
685 }
686 }
687
688 static int instance_from_socket(int fd, unsigned nr, char **instance) {
689 socklen_t l;
690 char *r;
691 union sockaddr_union local, remote;
692
693 assert(fd >= 0);
694 assert(instance);
695
696 l = sizeof(local);
697 if (getsockname(fd, &local.sa, &l) < 0)
698 return -errno;
699
700 l = sizeof(remote);
701 if (getpeername(fd, &remote.sa, &l) < 0)
702 return -errno;
703
704 switch (local.sa.sa_family) {
705
706 case AF_INET: {
707 uint32_t
708 a = ntohl(local.in.sin_addr.s_addr),
709 b = ntohl(remote.in.sin_addr.s_addr);
710
711 if (asprintf(&r,
712 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
713 nr,
714 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
715 ntohs(local.in.sin_port),
716 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
717 ntohs(remote.in.sin_port)) < 0)
718 return -ENOMEM;
719
720 break;
721 }
722
723 case AF_INET6: {
724 static const unsigned char ipv4_prefix[] = {
725 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
726 };
727
728 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
729 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
730 const uint8_t
731 *a = local.in6.sin6_addr.s6_addr+12,
732 *b = remote.in6.sin6_addr.s6_addr+12;
733
734 if (asprintf(&r,
735 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
736 nr,
737 a[0], a[1], a[2], a[3],
738 ntohs(local.in6.sin6_port),
739 b[0], b[1], b[2], b[3],
740 ntohs(remote.in6.sin6_port)) < 0)
741 return -ENOMEM;
742 } else {
743 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
744
745 if (asprintf(&r,
746 "%u-%s:%u-%s:%u",
747 nr,
748 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
749 ntohs(local.in6.sin6_port),
750 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
751 ntohs(remote.in6.sin6_port)) < 0)
752 return -ENOMEM;
753 }
754
755 break;
756 }
757
758 case AF_UNIX: {
759 struct ucred ucred;
760 int k;
761
762 k = getpeercred(fd, &ucred);
763 if (k >= 0) {
764 if (asprintf(&r,
765 "%u-"PID_FMT"-"UID_FMT,
766 nr, ucred.pid, ucred.uid) < 0)
767 return -ENOMEM;
768 } else if (k == -ENODATA) {
769 /* This handles the case where somebody is
770 * connecting from another pid/uid namespace
771 * (e.g. from outside of our container). */
772 if (asprintf(&r,
773 "%u-unknown",
774 nr) < 0)
775 return -ENOMEM;
776 } else
777 return k;
778
779 break;
780 }
781
782 default:
783 assert_not_reached("Unhandled socket type.");
784 }
785
786 *instance = r;
787 return 0;
788 }
789
790 static void socket_close_fds(Socket *s) {
791 SocketPort *p;
792 char **i;
793
794 assert(s);
795
796 LIST_FOREACH(port, p, s->ports) {
797
798 p->event_source = sd_event_source_unref(p->event_source);
799
800 if (p->fd < 0)
801 continue;
802
803 p->fd = safe_close(p->fd);
804 socket_cleanup_fd_list(p);
805
806 /* One little note: we should normally not delete any
807 * sockets in the file system here! After all some
808 * other process we spawned might still have a
809 * reference of this fd and wants to continue to use
810 * it. Therefore we delete sockets in the file system
811 * before we create a new one, not after we stopped
812 * using one! */
813
814 if (s->remove_on_stop) {
815 switch (p->type) {
816
817 case SOCKET_FIFO:
818 unlink(p->path);
819 break;
820
821 case SOCKET_MQUEUE:
822 mq_unlink(p->path);
823 break;
824
825 case SOCKET_SOCKET:
826 socket_address_unlink(&p->address);
827 break;
828
829 default:
830 break;
831 }
832 }
833 }
834
835 if (s->remove_on_stop)
836 STRV_FOREACH(i, s->symlinks)
837 unlink(*i);
838 }
839
840 static void socket_apply_socket_options(Socket *s, int fd) {
841 int r;
842
843 assert(s);
844 assert(fd >= 0);
845
846 if (s->keep_alive) {
847 int b = s->keep_alive;
848 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
849 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
850 }
851
852 if (s->keep_alive_time) {
853 int value = s->keep_alive_time / USEC_PER_SEC;
854 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
855 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
856 }
857
858 if (s->keep_alive_interval) {
859 int value = s->keep_alive_interval / USEC_PER_SEC;
860 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
861 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
862 }
863
864 if (s->keep_alive_cnt) {
865 int value = s->keep_alive_cnt;
866 if (setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &value, sizeof(value)) < 0)
867 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
868 }
869
870 if (s->defer_accept) {
871 int value = s->defer_accept / USEC_PER_SEC;
872 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
873 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
874 }
875
876 if (s->no_delay) {
877 int b = s->no_delay;
878
879 if (s->socket_protocol == IPPROTO_SCTP) {
880 if (setsockopt(fd, SOL_SCTP, SCTP_NODELAY, &b, sizeof(b)) < 0)
881 log_unit_warning_errno(UNIT(s), errno, "SCTP_NODELAY failed: %m");
882 } else {
883 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
884 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
885 }
886 }
887
888 if (s->broadcast) {
889 int one = 1;
890 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
891 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
892 }
893
894 if (s->pass_cred) {
895 int one = 1;
896 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
897 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
898 }
899
900 if (s->pass_sec) {
901 int one = 1;
902 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
903 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
904 }
905
906 if (s->priority >= 0)
907 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
908 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
909
910 if (s->receive_buffer > 0) {
911 int value = (int) s->receive_buffer;
912
913 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
914
915 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
916 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
917 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
918 }
919
920 if (s->send_buffer > 0) {
921 int value = (int) s->send_buffer;
922 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
923 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
924 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
925 }
926
927 if (s->mark >= 0)
928 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
929 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
930
931 if (s->ip_tos >= 0)
932 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
933 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
934
935 if (s->ip_ttl >= 0) {
936 int x;
937
938 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
939
940 if (socket_ipv6_is_supported())
941 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
942 else {
943 x = -1;
944 errno = EAFNOSUPPORT;
945 }
946
947 if (r < 0 && x < 0)
948 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
949 }
950
951 if (s->tcp_congestion)
952 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
953 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
954
955 if (s->smack_ip_in) {
956 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
957 if (r < 0)
958 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
959 }
960
961 if (s->smack_ip_out) {
962 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
963 if (r < 0)
964 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
965 }
966 }
967
968 static void socket_apply_fifo_options(Socket *s, int fd) {
969 int r;
970
971 assert(s);
972 assert(fd >= 0);
973
974 if (s->pipe_size > 0)
975 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
976 log_unit_warning_errno(UNIT(s), errno, "Setting pipe size failed, ignoring: %m");
977
978 if (s->smack) {
979 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
980 if (r < 0)
981 log_unit_error_errno(UNIT(s), r, "SMACK relabelling failed, ignoring: %m");
982 }
983 }
984
985 static int fifo_address_create(
986 const char *path,
987 mode_t directory_mode,
988 mode_t socket_mode) {
989
990 _cleanup_close_ int fd = -1;
991 mode_t old_mask;
992 struct stat st;
993 int r;
994
995 assert(path);
996
997 mkdir_parents_label(path, directory_mode);
998
999 r = mac_selinux_create_file_prepare(path, S_IFIFO);
1000 if (r < 0)
1001 return r;
1002
1003 /* Enforce the right access mode for the fifo */
1004 old_mask = umask(~ socket_mode);
1005
1006 /* Include the original umask in our mask */
1007 (void) umask(~socket_mode | old_mask);
1008
1009 r = mkfifo(path, socket_mode);
1010 (void) umask(old_mask);
1011
1012 if (r < 0 && errno != EEXIST) {
1013 r = -errno;
1014 goto fail;
1015 }
1016
1017 fd = open(path, O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
1018 if (fd < 0) {
1019 r = -errno;
1020 goto fail;
1021 }
1022
1023 mac_selinux_create_file_clear();
1024
1025 if (fstat(fd, &st) < 0) {
1026 r = -errno;
1027 goto fail;
1028 }
1029
1030 if (!S_ISFIFO(st.st_mode) ||
1031 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1032 st.st_uid != getuid() ||
1033 st.st_gid != getgid()) {
1034 r = -EEXIST;
1035 goto fail;
1036 }
1037
1038 r = fd;
1039 fd = -1;
1040
1041 return r;
1042
1043 fail:
1044 mac_selinux_create_file_clear();
1045 return r;
1046 }
1047
1048 static int special_address_create(const char *path, bool writable) {
1049 _cleanup_close_ int fd = -1;
1050 struct stat st;
1051 int r;
1052
1053 assert(path);
1054
1055 fd = open(path, (writable ? O_RDWR : O_RDONLY)|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1056 if (fd < 0)
1057 return -errno;
1058
1059 if (fstat(fd, &st) < 0)
1060 return -errno;
1061
1062 /* Check whether this is a /proc, /sys or /dev file or char device */
1063 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode))
1064 return -EEXIST;
1065
1066 r = fd;
1067 fd = -1;
1068
1069 return r;
1070 }
1071
1072 static int usbffs_address_create(const char *path) {
1073 _cleanup_close_ int fd = -1;
1074 struct stat st;
1075 int r;
1076
1077 assert(path);
1078
1079 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1080 if (fd < 0)
1081 return -errno;
1082
1083 if (fstat(fd, &st) < 0)
1084 return -errno;
1085
1086 /* Check whether this is a regular file (ffs endpoint)*/
1087 if (!S_ISREG(st.st_mode))
1088 return -EEXIST;
1089
1090 r = fd;
1091 fd = -1;
1092
1093 return r;
1094 }
1095
1096 static int mq_address_create(
1097 const char *path,
1098 mode_t mq_mode,
1099 long maxmsg,
1100 long msgsize) {
1101
1102 _cleanup_close_ int fd = -1;
1103 struct stat st;
1104 mode_t old_mask;
1105 struct mq_attr _attr, *attr = NULL;
1106 int r;
1107
1108 assert(path);
1109
1110 if (maxmsg > 0 && msgsize > 0) {
1111 _attr = (struct mq_attr) {
1112 .mq_flags = O_NONBLOCK,
1113 .mq_maxmsg = maxmsg,
1114 .mq_msgsize = msgsize,
1115 };
1116 attr = &_attr;
1117 }
1118
1119 /* Enforce the right access mode for the mq */
1120 old_mask = umask(~ mq_mode);
1121
1122 /* Include the original umask in our mask */
1123 (void) umask(~mq_mode | old_mask);
1124 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1125 (void) umask(old_mask);
1126
1127 if (fd < 0)
1128 return -errno;
1129
1130 if (fstat(fd, &st) < 0)
1131 return -errno;
1132
1133 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1134 st.st_uid != getuid() ||
1135 st.st_gid != getgid())
1136 return -EEXIST;
1137
1138 r = fd;
1139 fd = -1;
1140
1141 return r;
1142 }
1143
1144 static int socket_symlink(Socket *s) {
1145 const char *p;
1146 char **i;
1147
1148 assert(s);
1149
1150 p = socket_find_symlink_target(s);
1151 if (!p)
1152 return 0;
1153
1154 STRV_FOREACH(i, s->symlinks)
1155 symlink_label(p, *i);
1156
1157 return 0;
1158 }
1159
1160 static int usbffs_write_descs(int fd, Service *s) {
1161 int r;
1162
1163 if (!s->usb_function_descriptors || !s->usb_function_strings)
1164 return -EINVAL;
1165
1166 r = copy_file_fd(s->usb_function_descriptors, fd, false);
1167 if (r < 0)
1168 return r;
1169
1170 return copy_file_fd(s->usb_function_strings, fd, false);
1171 }
1172
1173 static int usbffs_select_ep(const struct dirent *d) {
1174 return d->d_name[0] != '.' && !streq(d->d_name, "ep0");
1175 }
1176
1177 static int usbffs_dispatch_eps(SocketPort *p) {
1178 _cleanup_free_ struct dirent **ent = NULL;
1179 _cleanup_free_ char *path = NULL;
1180 int r, i, n, k;
1181
1182 path = dirname_malloc(p->path);
1183 if (!path)
1184 return -ENOMEM;
1185
1186 r = scandir(path, &ent, usbffs_select_ep, alphasort);
1187 if (r < 0)
1188 return -errno;
1189
1190 n = r;
1191 p->auxiliary_fds = new(int, n);
1192 if (!p->auxiliary_fds)
1193 return -ENOMEM;
1194
1195 p->n_auxiliary_fds = n;
1196
1197 k = 0;
1198 for (i = 0; i < n; ++i) {
1199 _cleanup_free_ char *ep = NULL;
1200
1201 ep = path_make_absolute(ent[i]->d_name, path);
1202 if (!ep)
1203 return -ENOMEM;
1204
1205 path_kill_slashes(ep);
1206
1207 r = usbffs_address_create(ep);
1208 if (r < 0)
1209 goto fail;
1210
1211 p->auxiliary_fds[k] = r;
1212
1213 ++k;
1214 free(ent[i]);
1215 }
1216
1217 return r;
1218
1219 fail:
1220 close_many(p->auxiliary_fds, k);
1221 p->auxiliary_fds = mfree(p->auxiliary_fds);
1222 p->n_auxiliary_fds = 0;
1223
1224 return r;
1225 }
1226
1227 static int socket_open_fds(Socket *s) {
1228 _cleanup_(mac_selinux_freep) char *label = NULL;
1229 bool know_label = false;
1230 SocketPort *p;
1231 int r;
1232
1233 assert(s);
1234
1235 LIST_FOREACH(port, p, s->ports) {
1236
1237 if (p->fd >= 0)
1238 continue;
1239
1240 switch (p->type) {
1241
1242 case SOCKET_SOCKET:
1243
1244 if (!know_label) {
1245 /* Figure out label, if we don't it know
1246 * yet. We do it once, for the first
1247 * socket where we need this and
1248 * remember it for the rest. */
1249
1250 if (s->selinux_context_from_net) {
1251 /* Get it from the network label */
1252
1253 r = mac_selinux_get_our_label(&label);
1254 if (r < 0 && r != -EOPNOTSUPP)
1255 goto rollback;
1256
1257 } else {
1258 /* Get it from the executable we are about to start */
1259
1260 r = socket_instantiate_service(s);
1261 if (r < 0)
1262 goto rollback;
1263
1264 if (UNIT_ISSET(s->service) &&
1265 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1266 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1267 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1268 goto rollback;
1269 }
1270 }
1271
1272 know_label = true;
1273 }
1274
1275 /* Apply the socket protocol */
1276 switch(p->address.type) {
1277 case SOCK_STREAM:
1278 case SOCK_SEQPACKET:
1279 if (p->socket->socket_protocol == IPPROTO_SCTP)
1280 p->address.protocol = p->socket->socket_protocol;
1281 break;
1282 case SOCK_DGRAM:
1283 if (p->socket->socket_protocol == IPPROTO_UDPLITE)
1284 p->address.protocol = p->socket->socket_protocol;
1285 break;
1286 }
1287
1288 r = socket_address_listen(
1289 &p->address,
1290 SOCK_CLOEXEC|SOCK_NONBLOCK,
1291 s->backlog,
1292 s->bind_ipv6_only,
1293 s->bind_to_device,
1294 s->reuse_port,
1295 s->free_bind,
1296 s->transparent,
1297 s->directory_mode,
1298 s->socket_mode,
1299 label);
1300 if (r < 0)
1301 goto rollback;
1302
1303 p->fd = r;
1304 socket_apply_socket_options(s, p->fd);
1305 socket_symlink(s);
1306 break;
1307
1308 case SOCKET_SPECIAL:
1309
1310 p->fd = special_address_create(p->path, s->writable);
1311 if (p->fd < 0) {
1312 r = p->fd;
1313 goto rollback;
1314 }
1315 break;
1316
1317 case SOCKET_FIFO:
1318
1319 p->fd = fifo_address_create(
1320 p->path,
1321 s->directory_mode,
1322 s->socket_mode);
1323 if (p->fd < 0) {
1324 r = p->fd;
1325 goto rollback;
1326 }
1327
1328 socket_apply_fifo_options(s, p->fd);
1329 socket_symlink(s);
1330 break;
1331
1332 case SOCKET_MQUEUE:
1333
1334 p->fd = mq_address_create(
1335 p->path,
1336 s->socket_mode,
1337 s->mq_maxmsg,
1338 s->mq_msgsize);
1339 if (p->fd < 0) {
1340 r = p->fd;
1341 goto rollback;
1342 }
1343 break;
1344
1345 case SOCKET_USB_FUNCTION:
1346
1347 p->fd = usbffs_address_create(p->path);
1348 if (p->fd < 0) {
1349 r = p->fd;
1350 goto rollback;
1351 }
1352
1353 r = usbffs_write_descs(p->fd, SERVICE(UNIT_DEREF(s->service)));
1354 if (r < 0)
1355 goto rollback;
1356
1357 r = usbffs_dispatch_eps(p);
1358 if (r < 0)
1359 goto rollback;
1360
1361 break;
1362
1363 default:
1364 assert_not_reached("Unknown port type");
1365 }
1366 }
1367
1368 return 0;
1369
1370 rollback:
1371 socket_close_fds(s);
1372 return r;
1373 }
1374
1375 static void socket_unwatch_fds(Socket *s) {
1376 SocketPort *p;
1377 int r;
1378
1379 assert(s);
1380
1381 LIST_FOREACH(port, p, s->ports) {
1382 if (p->fd < 0)
1383 continue;
1384
1385 if (!p->event_source)
1386 continue;
1387
1388 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1389 if (r < 0)
1390 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
1391 }
1392 }
1393
1394 static int socket_watch_fds(Socket *s) {
1395 SocketPort *p;
1396 int r;
1397
1398 assert(s);
1399
1400 LIST_FOREACH(port, p, s->ports) {
1401 if (p->fd < 0)
1402 continue;
1403
1404 if (p->event_source) {
1405 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1406 if (r < 0)
1407 goto fail;
1408 } else {
1409 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1410 if (r < 0)
1411 goto fail;
1412
1413 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1414 }
1415 }
1416
1417 return 0;
1418
1419 fail:
1420 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
1421 socket_unwatch_fds(s);
1422 return r;
1423 }
1424
1425 static void socket_set_state(Socket *s, SocketState state) {
1426 SocketState old_state;
1427 assert(s);
1428
1429 old_state = s->state;
1430 s->state = state;
1431
1432 if (!IN_SET(state,
1433 SOCKET_START_PRE,
1434 SOCKET_START_CHOWN,
1435 SOCKET_START_POST,
1436 SOCKET_STOP_PRE,
1437 SOCKET_STOP_PRE_SIGTERM,
1438 SOCKET_STOP_PRE_SIGKILL,
1439 SOCKET_STOP_POST,
1440 SOCKET_FINAL_SIGTERM,
1441 SOCKET_FINAL_SIGKILL)) {
1442
1443 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1444 socket_unwatch_control_pid(s);
1445 s->control_command = NULL;
1446 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1447 }
1448
1449 if (state != SOCKET_LISTENING)
1450 socket_unwatch_fds(s);
1451
1452 if (!IN_SET(state,
1453 SOCKET_START_CHOWN,
1454 SOCKET_START_POST,
1455 SOCKET_LISTENING,
1456 SOCKET_RUNNING,
1457 SOCKET_STOP_PRE,
1458 SOCKET_STOP_PRE_SIGTERM,
1459 SOCKET_STOP_PRE_SIGKILL))
1460 socket_close_fds(s);
1461
1462 if (state != old_state)
1463 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
1464
1465 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1466 }
1467
1468 static int socket_coldplug(Unit *u) {
1469 Socket *s = SOCKET(u);
1470 int r;
1471
1472 assert(s);
1473 assert(s->state == SOCKET_DEAD);
1474
1475 if (s->deserialized_state == s->state)
1476 return 0;
1477
1478 if (s->control_pid > 0 &&
1479 pid_is_unwaited(s->control_pid) &&
1480 IN_SET(s->deserialized_state,
1481 SOCKET_START_PRE,
1482 SOCKET_START_CHOWN,
1483 SOCKET_START_POST,
1484 SOCKET_STOP_PRE,
1485 SOCKET_STOP_PRE_SIGTERM,
1486 SOCKET_STOP_PRE_SIGKILL,
1487 SOCKET_STOP_POST,
1488 SOCKET_FINAL_SIGTERM,
1489 SOCKET_FINAL_SIGKILL)) {
1490
1491 r = unit_watch_pid(UNIT(s), s->control_pid);
1492 if (r < 0)
1493 return r;
1494
1495 r = socket_arm_timer(s, usec_add(u->state_change_timestamp.monotonic, s->timeout_usec));
1496 if (r < 0)
1497 return r;
1498 }
1499
1500 if (IN_SET(s->deserialized_state,
1501 SOCKET_START_CHOWN,
1502 SOCKET_START_POST,
1503 SOCKET_LISTENING,
1504 SOCKET_RUNNING,
1505 SOCKET_STOP_PRE,
1506 SOCKET_STOP_PRE_SIGTERM,
1507 SOCKET_STOP_PRE_SIGKILL)) {
1508
1509 r = socket_open_fds(s);
1510 if (r < 0)
1511 return r;
1512 }
1513
1514 if (s->deserialized_state == SOCKET_LISTENING) {
1515 r = socket_watch_fds(s);
1516 if (r < 0)
1517 return r;
1518 }
1519
1520 socket_set_state(s, s->deserialized_state);
1521 return 0;
1522 }
1523
1524 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1525 _cleanup_free_ char **argv = NULL;
1526 pid_t pid;
1527 int r;
1528 ExecParameters exec_params = {
1529 .apply_permissions = true,
1530 .apply_chroot = true,
1531 .apply_tty_stdin = true,
1532 .bus_endpoint_fd = -1,
1533 .stdin_fd = -1,
1534 .stdout_fd = -1,
1535 .stderr_fd = -1,
1536 };
1537
1538 assert(s);
1539 assert(c);
1540 assert(_pid);
1541
1542 (void) unit_realize_cgroup(UNIT(s));
1543 if (s->reset_cpu_usage) {
1544 (void) unit_reset_cpu_usage(UNIT(s));
1545 s->reset_cpu_usage = false;
1546 }
1547
1548 r = unit_setup_exec_runtime(UNIT(s));
1549 if (r < 0)
1550 return r;
1551
1552 r = socket_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->timeout_usec));
1553 if (r < 0)
1554 return r;
1555
1556 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1557 if (r < 0)
1558 return r;
1559
1560 exec_params.argv = argv;
1561 exec_params.environment = UNIT(s)->manager->environment;
1562 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1563 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1564 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1565 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1566 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1567
1568 r = exec_spawn(UNIT(s),
1569 c,
1570 &s->exec_context,
1571 &exec_params,
1572 s->exec_runtime,
1573 &pid);
1574 if (r < 0)
1575 return r;
1576
1577 r = unit_watch_pid(UNIT(s), pid);
1578 if (r < 0)
1579 /* FIXME: we need to do something here */
1580 return r;
1581
1582 *_pid = pid;
1583 return 0;
1584 }
1585
1586 static int socket_chown(Socket *s, pid_t *_pid) {
1587 pid_t pid;
1588 int r;
1589
1590 r = socket_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->timeout_usec));
1591 if (r < 0)
1592 goto fail;
1593
1594 /* We have to resolve the user names out-of-process, hence
1595 * let's fork here. It's messy, but well, what can we do? */
1596
1597 pid = fork();
1598 if (pid < 0)
1599 return -errno;
1600
1601 if (pid == 0) {
1602 SocketPort *p;
1603 uid_t uid = UID_INVALID;
1604 gid_t gid = GID_INVALID;
1605 int ret;
1606
1607 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1608 (void) ignore_signals(SIGPIPE, -1);
1609 log_forget_fds();
1610
1611 if (!isempty(s->user)) {
1612 const char *user = s->user;
1613
1614 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1615 if (r < 0) {
1616 ret = EXIT_USER;
1617 goto fail_child;
1618 }
1619 }
1620
1621 if (!isempty(s->group)) {
1622 const char *group = s->group;
1623
1624 r = get_group_creds(&group, &gid);
1625 if (r < 0) {
1626 ret = EXIT_GROUP;
1627 goto fail_child;
1628 }
1629 }
1630
1631 LIST_FOREACH(port, p, s->ports) {
1632 const char *path = NULL;
1633
1634 if (p->type == SOCKET_SOCKET)
1635 path = socket_address_get_path(&p->address);
1636 else if (p->type == SOCKET_FIFO)
1637 path = p->path;
1638
1639 if (!path)
1640 continue;
1641
1642 if (chown(path, uid, gid) < 0) {
1643 r = -errno;
1644 ret = EXIT_CHOWN;
1645 goto fail_child;
1646 }
1647 }
1648
1649 _exit(0);
1650
1651 fail_child:
1652 log_open();
1653 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1654
1655 _exit(ret);
1656 }
1657
1658 r = unit_watch_pid(UNIT(s), pid);
1659 if (r < 0)
1660 goto fail;
1661
1662 *_pid = pid;
1663 return 0;
1664
1665 fail:
1666 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1667 return r;
1668 }
1669
1670 static void socket_enter_dead(Socket *s, SocketResult f) {
1671 assert(s);
1672
1673 if (f != SOCKET_SUCCESS)
1674 s->result = f;
1675
1676 exec_runtime_destroy(s->exec_runtime);
1677 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1678
1679 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1680
1681 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1682 }
1683
1684 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1685
1686 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1687 int r;
1688 assert(s);
1689
1690 if (f != SOCKET_SUCCESS)
1691 s->result = f;
1692
1693 socket_unwatch_control_pid(s);
1694 s->control_command_id = SOCKET_EXEC_STOP_POST;
1695 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1696
1697 if (s->control_command) {
1698 r = socket_spawn(s, s->control_command, &s->control_pid);
1699 if (r < 0)
1700 goto fail;
1701
1702 socket_set_state(s, SOCKET_STOP_POST);
1703 } else
1704 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1705
1706 return;
1707
1708 fail:
1709 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
1710 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1711 }
1712
1713 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1714 int r;
1715
1716 assert(s);
1717
1718 if (f != SOCKET_SUCCESS)
1719 s->result = f;
1720
1721 r = unit_kill_context(
1722 UNIT(s),
1723 &s->kill_context,
1724 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1725 KILL_KILL : KILL_TERMINATE,
1726 -1,
1727 s->control_pid,
1728 false);
1729 if (r < 0)
1730 goto fail;
1731
1732 if (r > 0) {
1733 r = socket_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->timeout_usec));
1734 if (r < 0)
1735 goto fail;
1736
1737 socket_set_state(s, state);
1738 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1739 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1740 else if (state == SOCKET_STOP_PRE_SIGKILL)
1741 socket_enter_stop_post(s, SOCKET_SUCCESS);
1742 else if (state == SOCKET_FINAL_SIGTERM)
1743 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1744 else
1745 socket_enter_dead(s, SOCKET_SUCCESS);
1746
1747 return;
1748
1749 fail:
1750 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
1751
1752 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1753 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1754 else
1755 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1756 }
1757
1758 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1759 int r;
1760 assert(s);
1761
1762 if (f != SOCKET_SUCCESS)
1763 s->result = f;
1764
1765 socket_unwatch_control_pid(s);
1766 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1767 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1768
1769 if (s->control_command) {
1770 r = socket_spawn(s, s->control_command, &s->control_pid);
1771 if (r < 0)
1772 goto fail;
1773
1774 socket_set_state(s, SOCKET_STOP_PRE);
1775 } else
1776 socket_enter_stop_post(s, SOCKET_SUCCESS);
1777
1778 return;
1779
1780 fail:
1781 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
1782 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1783 }
1784
1785 static void socket_enter_listening(Socket *s) {
1786 int r;
1787 assert(s);
1788
1789 r = socket_watch_fds(s);
1790 if (r < 0) {
1791 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1792 goto fail;
1793 }
1794
1795 socket_set_state(s, SOCKET_LISTENING);
1796 return;
1797
1798 fail:
1799 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1800 }
1801
1802 static void socket_enter_start_post(Socket *s) {
1803 int r;
1804 assert(s);
1805
1806 socket_unwatch_control_pid(s);
1807 s->control_command_id = SOCKET_EXEC_START_POST;
1808 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1809
1810 if (s->control_command) {
1811 r = socket_spawn(s, s->control_command, &s->control_pid);
1812 if (r < 0) {
1813 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
1814 goto fail;
1815 }
1816
1817 socket_set_state(s, SOCKET_START_POST);
1818 } else
1819 socket_enter_listening(s);
1820
1821 return;
1822
1823 fail:
1824 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1825 }
1826
1827 static void socket_enter_start_chown(Socket *s) {
1828 int r;
1829
1830 assert(s);
1831
1832 r = socket_open_fds(s);
1833 if (r < 0) {
1834 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1835 goto fail;
1836 }
1837
1838 if (!isempty(s->user) || !isempty(s->group)) {
1839
1840 socket_unwatch_control_pid(s);
1841 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1842 s->control_command = NULL;
1843
1844 r = socket_chown(s, &s->control_pid);
1845 if (r < 0) {
1846 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
1847 goto fail;
1848 }
1849
1850 socket_set_state(s, SOCKET_START_CHOWN);
1851 } else
1852 socket_enter_start_post(s);
1853
1854 return;
1855
1856 fail:
1857 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1858 }
1859
1860 static void socket_enter_start_pre(Socket *s) {
1861 int r;
1862 assert(s);
1863
1864 socket_unwatch_control_pid(s);
1865 s->control_command_id = SOCKET_EXEC_START_PRE;
1866 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1867
1868 if (s->control_command) {
1869 r = socket_spawn(s, s->control_command, &s->control_pid);
1870 if (r < 0) {
1871 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
1872 goto fail;
1873 }
1874
1875 socket_set_state(s, SOCKET_START_PRE);
1876 } else
1877 socket_enter_start_chown(s);
1878
1879 return;
1880
1881 fail:
1882 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1883 }
1884
1885 static void socket_enter_running(Socket *s, int cfd) {
1886 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
1887 int r;
1888
1889 assert(s);
1890
1891 /* We don't take connections anymore if we are supposed to
1892 * shut down anyway */
1893 if (unit_stop_pending(UNIT(s))) {
1894
1895 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
1896
1897 if (cfd >= 0)
1898 safe_close(cfd);
1899 else {
1900 /* Flush all sockets by closing and reopening them */
1901 socket_close_fds(s);
1902
1903 r = socket_open_fds(s);
1904 if (r < 0) {
1905 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1906 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1907 return;
1908 }
1909
1910 r = socket_watch_fds(s);
1911 if (r < 0) {
1912 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1913 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1914 }
1915 }
1916
1917 return;
1918 }
1919
1920 if (cfd < 0) {
1921 Iterator i;
1922 Unit *other;
1923 bool pending = false;
1924
1925 /* If there's already a start pending don't bother to
1926 * do anything */
1927 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1928 if (unit_active_or_pending(other)) {
1929 pending = true;
1930 break;
1931 }
1932
1933 if (!pending) {
1934 if (!UNIT_ISSET(s->service)) {
1935 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
1936 r = -ENOENT;
1937 goto fail;
1938 }
1939
1940 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, &error, NULL);
1941 if (r < 0)
1942 goto fail;
1943 }
1944
1945 socket_set_state(s, SOCKET_RUNNING);
1946 } else {
1947 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1948 Service *service;
1949
1950 if (s->n_connections >= s->max_connections) {
1951 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
1952 safe_close(cfd);
1953 return;
1954 }
1955
1956 r = socket_instantiate_service(s);
1957 if (r < 0)
1958 goto fail;
1959
1960 r = instance_from_socket(cfd, s->n_accepted, &instance);
1961 if (r < 0) {
1962 if (r != -ENOTCONN)
1963 goto fail;
1964
1965 /* ENOTCONN is legitimate if TCP RST was received.
1966 * This connection is over, but the socket unit lives on. */
1967 safe_close(cfd);
1968 return;
1969 }
1970
1971 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1972 if (r < 0)
1973 goto fail;
1974
1975 r = unit_name_build(prefix, instance, ".service", &name);
1976 if (r < 0)
1977 goto fail;
1978
1979 r = unit_add_name(UNIT_DEREF(s->service), name);
1980 if (r < 0)
1981 goto fail;
1982
1983 service = SERVICE(UNIT_DEREF(s->service));
1984 unit_ref_unset(&s->service);
1985 s->n_accepted ++;
1986
1987 UNIT(service)->no_gc = false;
1988
1989 unit_choose_id(UNIT(service), name);
1990
1991 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1992 if (r < 0)
1993 goto fail;
1994
1995 cfd = -1;
1996 s->n_connections ++;
1997
1998 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, &error, NULL);
1999 if (r < 0)
2000 goto fail;
2001
2002 /* Notify clients about changed counters */
2003 unit_add_to_dbus_queue(UNIT(s));
2004 }
2005
2006 return;
2007
2008 fail:
2009 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
2010 cfd >= 0 ? "template" : "non-template",
2011 bus_error_message(&error, r));
2012
2013 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2014 safe_close(cfd);
2015 }
2016
2017 static void socket_run_next(Socket *s) {
2018 int r;
2019
2020 assert(s);
2021 assert(s->control_command);
2022 assert(s->control_command->command_next);
2023
2024 socket_unwatch_control_pid(s);
2025
2026 s->control_command = s->control_command->command_next;
2027
2028 r = socket_spawn(s, s->control_command, &s->control_pid);
2029 if (r < 0)
2030 goto fail;
2031
2032 return;
2033
2034 fail:
2035 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
2036
2037 if (s->state == SOCKET_START_POST)
2038 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2039 else if (s->state == SOCKET_STOP_POST)
2040 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
2041 else
2042 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
2043 }
2044
2045 static int socket_start(Unit *u) {
2046 Socket *s = SOCKET(u);
2047
2048 assert(s);
2049
2050 /* We cannot fulfill this request right now, try again later
2051 * please! */
2052 if (IN_SET(s->state,
2053 SOCKET_STOP_PRE,
2054 SOCKET_STOP_PRE_SIGKILL,
2055 SOCKET_STOP_PRE_SIGTERM,
2056 SOCKET_STOP_POST,
2057 SOCKET_FINAL_SIGTERM,
2058 SOCKET_FINAL_SIGKILL))
2059 return -EAGAIN;
2060
2061 /* Already on it! */
2062 if (IN_SET(s->state,
2063 SOCKET_START_PRE,
2064 SOCKET_START_CHOWN,
2065 SOCKET_START_POST))
2066 return 0;
2067
2068 /* Cannot run this without the service being around */
2069 if (UNIT_ISSET(s->service)) {
2070 Service *service;
2071
2072 service = SERVICE(UNIT_DEREF(s->service));
2073
2074 if (UNIT(service)->load_state != UNIT_LOADED) {
2075 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
2076 return -ENOENT;
2077 }
2078
2079 /* If the service is already active we cannot start the
2080 * socket */
2081 if (service->state != SERVICE_DEAD &&
2082 service->state != SERVICE_FAILED &&
2083 service->state != SERVICE_AUTO_RESTART) {
2084 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
2085 return -EBUSY;
2086 }
2087 }
2088
2089 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
2090
2091 s->result = SOCKET_SUCCESS;
2092 s->reset_cpu_usage = true;
2093
2094 socket_enter_start_pre(s);
2095
2096 return 1;
2097 }
2098
2099 static int socket_stop(Unit *u) {
2100 Socket *s = SOCKET(u);
2101
2102 assert(s);
2103
2104 /* Already on it */
2105 if (IN_SET(s->state,
2106 SOCKET_STOP_PRE,
2107 SOCKET_STOP_PRE_SIGTERM,
2108 SOCKET_STOP_PRE_SIGKILL,
2109 SOCKET_STOP_POST,
2110 SOCKET_FINAL_SIGTERM,
2111 SOCKET_FINAL_SIGKILL))
2112 return 0;
2113
2114 /* If there's already something running we go directly into
2115 * kill mode. */
2116 if (IN_SET(s->state,
2117 SOCKET_START_PRE,
2118 SOCKET_START_CHOWN,
2119 SOCKET_START_POST)) {
2120 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
2121 return -EAGAIN;
2122 }
2123
2124 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
2125
2126 socket_enter_stop_pre(s, SOCKET_SUCCESS);
2127 return 1;
2128 }
2129
2130 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2131 Socket *s = SOCKET(u);
2132 SocketPort *p;
2133 int r;
2134
2135 assert(u);
2136 assert(f);
2137 assert(fds);
2138
2139 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2140 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2141 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2142
2143 if (s->control_pid > 0)
2144 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2145
2146 if (s->control_command_id >= 0)
2147 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2148
2149 LIST_FOREACH(port, p, s->ports) {
2150 int copy;
2151
2152 if (p->fd < 0)
2153 continue;
2154
2155 copy = fdset_put_dup(fds, p->fd);
2156 if (copy < 0)
2157 return copy;
2158
2159 if (p->type == SOCKET_SOCKET) {
2160 _cleanup_free_ char *t = NULL;
2161
2162 r = socket_address_print(&p->address, &t);
2163 if (r < 0)
2164 return r;
2165
2166 if (socket_address_family(&p->address) == AF_NETLINK)
2167 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2168 else
2169 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2170
2171 } else if (p->type == SOCKET_SPECIAL)
2172 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2173 else if (p->type == SOCKET_MQUEUE)
2174 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2175 else if (p->type == SOCKET_USB_FUNCTION)
2176 unit_serialize_item_format(u, f, "ffs", "%i %s", copy, p->path);
2177 else {
2178 assert(p->type == SOCKET_FIFO);
2179 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2180 }
2181 }
2182
2183 return 0;
2184 }
2185
2186 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2187 Socket *s = SOCKET(u);
2188
2189 assert(u);
2190 assert(key);
2191 assert(value);
2192
2193 if (streq(key, "state")) {
2194 SocketState state;
2195
2196 state = socket_state_from_string(value);
2197 if (state < 0)
2198 log_unit_debug(u, "Failed to parse state value: %s", value);
2199 else
2200 s->deserialized_state = state;
2201 } else if (streq(key, "result")) {
2202 SocketResult f;
2203
2204 f = socket_result_from_string(value);
2205 if (f < 0)
2206 log_unit_debug(u, "Failed to parse result value: %s", value);
2207 else if (f != SOCKET_SUCCESS)
2208 s->result = f;
2209
2210 } else if (streq(key, "n-accepted")) {
2211 unsigned k;
2212
2213 if (safe_atou(value, &k) < 0)
2214 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
2215 else
2216 s->n_accepted += k;
2217 } else if (streq(key, "control-pid")) {
2218 pid_t pid;
2219
2220 if (parse_pid(value, &pid) < 0)
2221 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
2222 else
2223 s->control_pid = pid;
2224 } else if (streq(key, "control-command")) {
2225 SocketExecCommand id;
2226
2227 id = socket_exec_command_from_string(value);
2228 if (id < 0)
2229 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
2230 else {
2231 s->control_command_id = id;
2232 s->control_command = s->exec_command[id];
2233 }
2234 } else if (streq(key, "fifo")) {
2235 int fd, skip = 0;
2236 SocketPort *p;
2237
2238 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2239 log_unit_debug(u, "Failed to parse fifo value: %s", value);
2240 else {
2241
2242 LIST_FOREACH(port, p, s->ports)
2243 if (p->type == SOCKET_FIFO &&
2244 path_equal_or_files_same(p->path, value+skip))
2245 break;
2246
2247 if (p) {
2248 safe_close(p->fd);
2249 p->fd = fdset_remove(fds, fd);
2250 }
2251 }
2252
2253 } else if (streq(key, "special")) {
2254 int fd, skip = 0;
2255 SocketPort *p;
2256
2257 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2258 log_unit_debug(u, "Failed to parse special value: %s", value);
2259 else {
2260
2261 LIST_FOREACH(port, p, s->ports)
2262 if (p->type == SOCKET_SPECIAL &&
2263 path_equal_or_files_same(p->path, value+skip))
2264 break;
2265
2266 if (p) {
2267 safe_close(p->fd);
2268 p->fd = fdset_remove(fds, fd);
2269 }
2270 }
2271
2272 } else if (streq(key, "mqueue")) {
2273 int fd, skip = 0;
2274 SocketPort *p;
2275
2276 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2277 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
2278 else {
2279
2280 LIST_FOREACH(port, p, s->ports)
2281 if (p->type == SOCKET_MQUEUE &&
2282 streq(p->path, value+skip))
2283 break;
2284
2285 if (p) {
2286 safe_close(p->fd);
2287 p->fd = fdset_remove(fds, fd);
2288 }
2289 }
2290
2291 } else if (streq(key, "socket")) {
2292 int fd, type, skip = 0;
2293 SocketPort *p;
2294
2295 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2296 log_unit_debug(u, "Failed to parse socket value: %s", value);
2297 else {
2298
2299 LIST_FOREACH(port, p, s->ports)
2300 if (socket_address_is(&p->address, value+skip, type))
2301 break;
2302
2303 if (p) {
2304 safe_close(p->fd);
2305 p->fd = fdset_remove(fds, fd);
2306 }
2307 }
2308
2309 } else if (streq(key, "netlink")) {
2310 int fd, skip = 0;
2311 SocketPort *p;
2312
2313 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2314 log_unit_debug(u, "Failed to parse socket value: %s", value);
2315 else {
2316
2317 LIST_FOREACH(port, p, s->ports)
2318 if (socket_address_is_netlink(&p->address, value+skip))
2319 break;
2320
2321 if (p) {
2322 safe_close(p->fd);
2323 p->fd = fdset_remove(fds, fd);
2324 }
2325 }
2326
2327 } else if (streq(key, "ffs")) {
2328 int fd, skip = 0;
2329 SocketPort *p;
2330
2331 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2332 log_unit_debug(u, "Failed to parse ffs value: %s", value);
2333 else {
2334
2335 LIST_FOREACH(port, p, s->ports)
2336 if (p->type == SOCKET_USB_FUNCTION &&
2337 path_equal_or_files_same(p->path, value+skip))
2338 break;
2339
2340 if (p) {
2341 safe_close(p->fd);
2342 p->fd = fdset_remove(fds, fd);
2343 }
2344 }
2345
2346 } else
2347 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
2348
2349 return 0;
2350 }
2351
2352 static void socket_distribute_fds(Unit *u, FDSet *fds) {
2353 Socket *s = SOCKET(u);
2354 SocketPort *p;
2355
2356 assert(u);
2357
2358 LIST_FOREACH(port, p, s->ports) {
2359 Iterator i;
2360 int fd;
2361
2362 if (p->type != SOCKET_SOCKET)
2363 continue;
2364
2365 if (p->fd >= 0)
2366 continue;
2367
2368 FDSET_FOREACH(fd, fds, i) {
2369 if (socket_address_matches_fd(&p->address, fd)) {
2370 p->fd = fdset_remove(fds, fd);
2371 s->deserialized_state = SOCKET_LISTENING;
2372 break;
2373 }
2374 }
2375 }
2376 }
2377
2378 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2379 assert(u);
2380
2381 return state_translation_table[SOCKET(u)->state];
2382 }
2383
2384 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2385 assert(u);
2386
2387 return socket_state_to_string(SOCKET(u)->state);
2388 }
2389
2390 const char* socket_port_type_to_string(SocketPort *p) {
2391
2392 assert(p);
2393
2394 switch (p->type) {
2395
2396 case SOCKET_SOCKET:
2397
2398 switch (p->address.type) {
2399
2400 case SOCK_STREAM:
2401 return "Stream";
2402
2403 case SOCK_DGRAM:
2404 return "Datagram";
2405
2406 case SOCK_SEQPACKET:
2407 return "SequentialPacket";
2408
2409 case SOCK_RAW:
2410 if (socket_address_family(&p->address) == AF_NETLINK)
2411 return "Netlink";
2412
2413 default:
2414 return NULL;
2415 }
2416
2417 case SOCKET_SPECIAL:
2418 return "Special";
2419
2420 case SOCKET_MQUEUE:
2421 return "MessageQueue";
2422
2423 case SOCKET_FIFO:
2424 return "FIFO";
2425
2426 case SOCKET_USB_FUNCTION:
2427 return "USBFunction";
2428
2429 default:
2430 return NULL;
2431 }
2432 }
2433
2434 _pure_ static bool socket_check_gc(Unit *u) {
2435 Socket *s = SOCKET(u);
2436
2437 assert(u);
2438
2439 return s->n_connections > 0;
2440 }
2441
2442 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2443 SocketPort *p = userdata;
2444 int cfd = -1;
2445
2446 assert(p);
2447 assert(fd >= 0);
2448
2449 if (p->socket->state != SOCKET_LISTENING)
2450 return 0;
2451
2452 log_unit_debug(UNIT(p->socket), "Incoming traffic");
2453
2454 if (revents != EPOLLIN) {
2455
2456 if (revents & EPOLLHUP)
2457 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2458 else
2459 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
2460 goto fail;
2461 }
2462
2463 if (p->socket->accept &&
2464 p->type == SOCKET_SOCKET &&
2465 socket_address_can_accept(&p->address)) {
2466
2467 for (;;) {
2468
2469 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2470 if (cfd < 0) {
2471
2472 if (errno == EINTR)
2473 continue;
2474
2475 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
2476 goto fail;
2477 }
2478
2479 break;
2480 }
2481
2482 socket_apply_socket_options(p->socket, cfd);
2483 }
2484
2485 socket_enter_running(p->socket, cfd);
2486 return 0;
2487
2488 fail:
2489 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2490 return 0;
2491 }
2492
2493 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2494 Socket *s = SOCKET(u);
2495 SocketResult f;
2496
2497 assert(s);
2498 assert(pid >= 0);
2499
2500 if (pid != s->control_pid)
2501 return;
2502
2503 s->control_pid = 0;
2504
2505 if (is_clean_exit(code, status, NULL))
2506 f = SOCKET_SUCCESS;
2507 else if (code == CLD_EXITED)
2508 f = SOCKET_FAILURE_EXIT_CODE;
2509 else if (code == CLD_KILLED)
2510 f = SOCKET_FAILURE_SIGNAL;
2511 else if (code == CLD_DUMPED)
2512 f = SOCKET_FAILURE_CORE_DUMP;
2513 else
2514 assert_not_reached("Unknown sigchld code");
2515
2516 if (s->control_command) {
2517 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2518
2519 if (s->control_command->ignore)
2520 f = SOCKET_SUCCESS;
2521 }
2522
2523 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2524 "Control process exited, code=%s status=%i",
2525 sigchld_code_to_string(code), status);
2526
2527 if (f != SOCKET_SUCCESS)
2528 s->result = f;
2529
2530 if (s->control_command &&
2531 s->control_command->command_next &&
2532 f == SOCKET_SUCCESS) {
2533
2534 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
2535 socket_run_next(s);
2536 } else {
2537 s->control_command = NULL;
2538 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2539
2540 /* No further commands for this step, so let's figure
2541 * out what to do next */
2542
2543 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
2544
2545 switch (s->state) {
2546
2547 case SOCKET_START_PRE:
2548 if (f == SOCKET_SUCCESS)
2549 socket_enter_start_chown(s);
2550 else
2551 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2552 break;
2553
2554 case SOCKET_START_CHOWN:
2555 if (f == SOCKET_SUCCESS)
2556 socket_enter_start_post(s);
2557 else
2558 socket_enter_stop_pre(s, f);
2559 break;
2560
2561 case SOCKET_START_POST:
2562 if (f == SOCKET_SUCCESS)
2563 socket_enter_listening(s);
2564 else
2565 socket_enter_stop_pre(s, f);
2566 break;
2567
2568 case SOCKET_STOP_PRE:
2569 case SOCKET_STOP_PRE_SIGTERM:
2570 case SOCKET_STOP_PRE_SIGKILL:
2571 socket_enter_stop_post(s, f);
2572 break;
2573
2574 case SOCKET_STOP_POST:
2575 case SOCKET_FINAL_SIGTERM:
2576 case SOCKET_FINAL_SIGKILL:
2577 socket_enter_dead(s, f);
2578 break;
2579
2580 default:
2581 assert_not_reached("Uh, control process died at wrong time.");
2582 }
2583 }
2584
2585 /* Notify clients about changed exit status */
2586 unit_add_to_dbus_queue(u);
2587 }
2588
2589 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2590 Socket *s = SOCKET(userdata);
2591
2592 assert(s);
2593 assert(s->timer_event_source == source);
2594
2595 switch (s->state) {
2596
2597 case SOCKET_START_PRE:
2598 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
2599 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2600 break;
2601
2602 case SOCKET_START_CHOWN:
2603 case SOCKET_START_POST:
2604 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
2605 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2606 break;
2607
2608 case SOCKET_STOP_PRE:
2609 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
2610 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2611 break;
2612
2613 case SOCKET_STOP_PRE_SIGTERM:
2614 if (s->kill_context.send_sigkill) {
2615 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
2616 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2617 } else {
2618 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2619 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2620 }
2621 break;
2622
2623 case SOCKET_STOP_PRE_SIGKILL:
2624 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
2625 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2626 break;
2627
2628 case SOCKET_STOP_POST:
2629 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
2630 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2631 break;
2632
2633 case SOCKET_FINAL_SIGTERM:
2634 if (s->kill_context.send_sigkill) {
2635 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
2636 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2637 } else {
2638 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2639 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2640 }
2641 break;
2642
2643 case SOCKET_FINAL_SIGKILL:
2644 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
2645 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2646 break;
2647
2648 default:
2649 assert_not_reached("Timeout at wrong time.");
2650 }
2651
2652 return 0;
2653 }
2654
2655 int socket_collect_fds(Socket *s, int **fds) {
2656 int *rfds, k = 0, n = 0;
2657 SocketPort *p;
2658
2659 assert(s);
2660 assert(fds);
2661
2662 /* Called from the service code for requesting our fds */
2663
2664 LIST_FOREACH(port, p, s->ports) {
2665 if (p->fd >= 0)
2666 n++;
2667 n += p->n_auxiliary_fds;
2668 }
2669
2670 if (n <= 0) {
2671 *fds = NULL;
2672 return 0;
2673 }
2674
2675 rfds = new(int, n);
2676 if (!rfds)
2677 return -ENOMEM;
2678
2679 LIST_FOREACH(port, p, s->ports) {
2680 int i;
2681
2682 if (p->fd >= 0)
2683 rfds[k++] = p->fd;
2684 for (i = 0; i < p->n_auxiliary_fds; ++i)
2685 rfds[k++] = p->auxiliary_fds[i];
2686 }
2687
2688 assert(k == n);
2689
2690 *fds = rfds;
2691 return n;
2692 }
2693
2694 static void socket_reset_failed(Unit *u) {
2695 Socket *s = SOCKET(u);
2696
2697 assert(s);
2698
2699 if (s->state == SOCKET_FAILED)
2700 socket_set_state(s, SOCKET_DEAD);
2701
2702 s->result = SOCKET_SUCCESS;
2703 }
2704
2705 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2706 assert(s);
2707
2708 /* The service is dead. Dang!
2709 *
2710 * This is strictly for one-instance-for-all-connections
2711 * services. */
2712
2713 if (s->state == SOCKET_RUNNING) {
2714 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
2715 if (failed_permanent)
2716 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2717 else
2718 socket_enter_listening(s);
2719 }
2720 }
2721
2722 void socket_connection_unref(Socket *s) {
2723 assert(s);
2724
2725 /* The service is dead. Yay!
2726 *
2727 * This is strictly for one-instance-per-connection
2728 * services. */
2729
2730 assert(s->n_connections > 0);
2731 s->n_connections--;
2732
2733 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
2734 }
2735
2736 static void socket_trigger_notify(Unit *u, Unit *other) {
2737 Socket *s = SOCKET(u);
2738 Service *se;
2739
2740 assert(u);
2741 assert(other);
2742
2743 /* Don't propagate state changes from the service if we are
2744 already down or accepting connections */
2745 if ((s->state != SOCKET_RUNNING &&
2746 s->state != SOCKET_LISTENING) ||
2747 s->accept)
2748 return;
2749
2750 if (other->load_state != UNIT_LOADED ||
2751 other->type != UNIT_SERVICE)
2752 return;
2753
2754 se = SERVICE(other);
2755
2756 if (se->state == SERVICE_FAILED)
2757 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2758
2759 if (se->state == SERVICE_DEAD ||
2760 se->state == SERVICE_FINAL_SIGTERM ||
2761 se->state == SERVICE_FINAL_SIGKILL ||
2762 se->state == SERVICE_AUTO_RESTART)
2763 socket_notify_service_dead(s, false);
2764
2765 if (se->state == SERVICE_RUNNING)
2766 socket_set_state(s, SOCKET_RUNNING);
2767 }
2768
2769 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2770 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2771 }
2772
2773 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2774 Socket *s = SOCKET(u);
2775 int r;
2776
2777 if (!s->timer_event_source)
2778 return 0;
2779
2780 r = sd_event_source_get_time(s->timer_event_source, timeout);
2781 if (r < 0)
2782 return r;
2783
2784 return 1;
2785 }
2786
2787 char *socket_fdname(Socket *s) {
2788 assert(s);
2789
2790 /* Returns the name to use for $LISTEN_NAMES. If the user
2791 * didn't specify anything specifically, use the socket unit's
2792 * name as fallback. */
2793
2794 if (s->fdname)
2795 return s->fdname;
2796
2797 return UNIT(s)->id;
2798 }
2799
2800 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2801 [SOCKET_EXEC_START_PRE] = "StartPre",
2802 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2803 [SOCKET_EXEC_START_POST] = "StartPost",
2804 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2805 [SOCKET_EXEC_STOP_POST] = "StopPost"
2806 };
2807
2808 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2809
2810 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2811 [SOCKET_SUCCESS] = "success",
2812 [SOCKET_FAILURE_RESOURCES] = "resources",
2813 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2814 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2815 [SOCKET_FAILURE_SIGNAL] = "signal",
2816 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2817 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2818 };
2819
2820 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2821
2822 const UnitVTable socket_vtable = {
2823 .object_size = sizeof(Socket),
2824 .exec_context_offset = offsetof(Socket, exec_context),
2825 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2826 .kill_context_offset = offsetof(Socket, kill_context),
2827 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2828
2829 .sections =
2830 "Unit\0"
2831 "Socket\0"
2832 "Install\0",
2833 .private_section = "Socket",
2834
2835 .init = socket_init,
2836 .done = socket_done,
2837 .load = socket_load,
2838
2839 .coldplug = socket_coldplug,
2840
2841 .dump = socket_dump,
2842
2843 .start = socket_start,
2844 .stop = socket_stop,
2845
2846 .kill = socket_kill,
2847
2848 .get_timeout = socket_get_timeout,
2849
2850 .serialize = socket_serialize,
2851 .deserialize_item = socket_deserialize_item,
2852 .distribute_fds = socket_distribute_fds,
2853
2854 .active_state = socket_active_state,
2855 .sub_state_to_string = socket_sub_state_to_string,
2856
2857 .check_gc = socket_check_gc,
2858
2859 .sigchld_event = socket_sigchld_event,
2860
2861 .trigger_notify = socket_trigger_notify,
2862
2863 .reset_failed = socket_reset_failed,
2864
2865 .bus_vtable = bus_socket_vtable,
2866 .bus_set_property = bus_socket_set_property,
2867 .bus_commit_properties = bus_socket_commit_properties,
2868
2869 .status_message_formats = {
2870 /*.starting_stopping = {
2871 [0] = "Starting socket %s...",
2872 [1] = "Stopping socket %s...",
2873 },*/
2874 .finished_start_job = {
2875 [JOB_DONE] = "Listening on %s.",
2876 [JOB_FAILED] = "Failed to listen on %s.",
2877 [JOB_TIMEOUT] = "Timed out starting %s.",
2878 },
2879 .finished_stop_job = {
2880 [JOB_DONE] = "Closed %s.",
2881 [JOB_FAILED] = "Failed stopping %s.",
2882 [JOB_TIMEOUT] = "Timed out stopping %s.",
2883 },
2884 },
2885 };
Unnamed repository; edit this file 'description' to name the repository.