]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
util-lib: split our string related calls from util.[ch] into its own file string...
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <arpa/inet.h>
23 #include <errno.h>
24 #include <fcntl.h>
25 #include <mqueue.h>
26 #include <netinet/tcp.h>
27 #include <signal.h>
28 #include <sys/epoll.h>
29 #include <sys/stat.h>
30 #include <unistd.h>
31
32 #include "sd-event.h"
33
34 #include "bus-error.h"
35 #include "bus-util.h"
36 #include "copy.h"
37 #include "dbus-socket.h"
38 #include "def.h"
39 #include "exit-status.h"
40 #include "formats-util.h"
41 #include "label.h"
42 #include "log.h"
43 #include "missing.h"
44 #include "mkdir.h"
45 #include "path-util.h"
46 #include "selinux-util.h"
47 #include "signal-util.h"
48 #include "smack-util.h"
49 #include "socket.h"
50 #include "special.h"
51 #include "string-util.h"
52 #include "strv.h"
53 #include "unit-name.h"
54 #include "unit-printf.h"
55 #include "unit.h"
56
57 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
58 [SOCKET_DEAD] = UNIT_INACTIVE,
59 [SOCKET_START_PRE] = UNIT_ACTIVATING,
60 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
61 [SOCKET_START_POST] = UNIT_ACTIVATING,
62 [SOCKET_LISTENING] = UNIT_ACTIVE,
63 [SOCKET_RUNNING] = UNIT_ACTIVE,
64 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
66 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
67 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
68 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
69 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
70 [SOCKET_FAILED] = UNIT_FAILED
71 };
72
73 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
74 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
75
76 static void socket_init(Unit *u) {
77 Socket *s = SOCKET(u);
78
79 assert(u);
80 assert(u->load_state == UNIT_STUB);
81
82 s->backlog = SOMAXCONN;
83 s->timeout_usec = u->manager->default_timeout_start_usec;
84 s->directory_mode = 0755;
85 s->socket_mode = 0666;
86
87 s->max_connections = 64;
88
89 s->priority = -1;
90 s->ip_tos = -1;
91 s->ip_ttl = -1;
92 s->mark = -1;
93
94 s->exec_context.std_output = u->manager->default_std_output;
95 s->exec_context.std_error = u->manager->default_std_error;
96
97 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
98 }
99
100 static void socket_unwatch_control_pid(Socket *s) {
101 assert(s);
102
103 if (s->control_pid <= 0)
104 return;
105
106 unit_unwatch_pid(UNIT(s), s->control_pid);
107 s->control_pid = 0;
108 }
109
110 static void socket_cleanup_fd_list(SocketPort *p) {
111 int k = p->n_auxiliary_fds;
112
113 while (k--)
114 safe_close(p->auxiliary_fds[k]);
115
116 p->auxiliary_fds = mfree(p->auxiliary_fds);
117 p->n_auxiliary_fds = 0;
118 }
119
120 void socket_free_ports(Socket *s) {
121 SocketPort *p;
122
123 assert(s);
124
125 while ((p = s->ports)) {
126 LIST_REMOVE(port, s->ports, p);
127
128 sd_event_source_unref(p->event_source);
129
130 socket_cleanup_fd_list(p);
131 safe_close(p->fd);
132 free(p->path);
133 free(p);
134 }
135 }
136
137 static void socket_done(Unit *u) {
138 Socket *s = SOCKET(u);
139
140 assert(s);
141
142 socket_free_ports(s);
143
144 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
145 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
146 s->control_command = NULL;
147
148 socket_unwatch_control_pid(s);
149
150 unit_ref_unset(&s->service);
151
152 s->tcp_congestion = mfree(s->tcp_congestion);
153 s->bind_to_device = mfree(s->bind_to_device);
154
155 free(s->smack);
156 free(s->smack_ip_in);
157 free(s->smack_ip_out);
158
159 strv_free(s->symlinks);
160
161 free(s->user);
162 free(s->group);
163
164 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
165 }
166
167 static int socket_arm_timer(Socket *s) {
168 int r;
169
170 assert(s);
171
172 if (s->timeout_usec <= 0) {
173 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
174 return 0;
175 }
176
177 if (s->timer_event_source) {
178 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
179 if (r < 0)
180 return r;
181
182 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
183 }
184
185 r = sd_event_add_time(
186 UNIT(s)->manager->event,
187 &s->timer_event_source,
188 CLOCK_MONOTONIC,
189 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
190 socket_dispatch_timer, s);
191 if (r < 0)
192 return r;
193
194 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
195
196 return 0;
197 }
198
199 int socket_instantiate_service(Socket *s) {
200 _cleanup_free_ char *prefix = NULL, *name = NULL;
201 int r;
202 Unit *u;
203
204 assert(s);
205
206 /* This fills in s->service if it isn't filled in yet. For
207 * Accept=yes sockets we create the next connection service
208 * here. For Accept=no this is mostly a NOP since the service
209 * is figured out at load time anyway. */
210
211 if (UNIT_DEREF(s->service))
212 return 0;
213
214 if (!s->accept)
215 return 0;
216
217 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
218 if (r < 0)
219 return r;
220
221 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
222 return -ENOMEM;
223
224 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
225 if (r < 0)
226 return r;
227
228 u->no_gc = true;
229 unit_ref_set(&s->service, u);
230
231 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
232 }
233
234 static bool have_non_accept_socket(Socket *s) {
235 SocketPort *p;
236
237 assert(s);
238
239 if (!s->accept)
240 return true;
241
242 LIST_FOREACH(port, p, s->ports) {
243
244 if (p->type != SOCKET_SOCKET)
245 return true;
246
247 if (!socket_address_can_accept(&p->address))
248 return true;
249 }
250
251 return false;
252 }
253
254 static int socket_add_mount_links(Socket *s) {
255 SocketPort *p;
256 int r;
257
258 assert(s);
259
260 LIST_FOREACH(port, p, s->ports) {
261 const char *path = NULL;
262
263 if (p->type == SOCKET_SOCKET)
264 path = socket_address_get_path(&p->address);
265 else if (IN_SET(p->type, SOCKET_FIFO, SOCKET_SPECIAL, SOCKET_USB_FUNCTION))
266 path = p->path;
267
268 if (!path)
269 continue;
270
271 r = unit_require_mounts_for(UNIT(s), path);
272 if (r < 0)
273 return r;
274 }
275
276 return 0;
277 }
278
279 static int socket_add_device_link(Socket *s) {
280 char *t;
281
282 assert(s);
283
284 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
285 return 0;
286
287 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
288 return unit_add_node_link(UNIT(s), t, false);
289 }
290
291 static int socket_add_default_dependencies(Socket *s) {
292 int r;
293 assert(s);
294
295 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
296 if (r < 0)
297 return r;
298
299 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
300 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
301 if (r < 0)
302 return r;
303 }
304
305 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
306 }
307
308 _pure_ static bool socket_has_exec(Socket *s) {
309 unsigned i;
310 assert(s);
311
312 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
313 if (s->exec_command[i])
314 return true;
315
316 return false;
317 }
318
319 static int socket_add_extras(Socket *s) {
320 Unit *u = UNIT(s);
321 int r;
322
323 assert(s);
324
325 if (have_non_accept_socket(s)) {
326
327 if (!UNIT_DEREF(s->service)) {
328 Unit *x;
329
330 r = unit_load_related_unit(u, ".service", &x);
331 if (r < 0)
332 return r;
333
334 unit_ref_set(&s->service, x);
335 }
336
337 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
338 if (r < 0)
339 return r;
340 }
341
342 r = socket_add_mount_links(s);
343 if (r < 0)
344 return r;
345
346 r = socket_add_device_link(s);
347 if (r < 0)
348 return r;
349
350 r = unit_patch_contexts(u);
351 if (r < 0)
352 return r;
353
354 if (socket_has_exec(s)) {
355 r = unit_add_exec_dependencies(u, &s->exec_context);
356 if (r < 0)
357 return r;
358
359 r = unit_set_default_slice(u);
360 if (r < 0)
361 return r;
362 }
363
364 if (u->default_dependencies) {
365 r = socket_add_default_dependencies(s);
366 if (r < 0)
367 return r;
368 }
369
370 return 0;
371 }
372
373 static const char *socket_find_symlink_target(Socket *s) {
374 const char *found = NULL;
375 SocketPort *p;
376
377 LIST_FOREACH(port, p, s->ports) {
378 const char *f = NULL;
379
380 switch (p->type) {
381
382 case SOCKET_FIFO:
383 f = p->path;
384 break;
385
386 case SOCKET_SOCKET:
387 if (p->address.sockaddr.un.sun_path[0] != 0)
388 f = p->address.sockaddr.un.sun_path;
389 break;
390
391 default:
392 break;
393 }
394
395 if (f) {
396 if (found)
397 return NULL;
398
399 found = f;
400 }
401 }
402
403 return found;
404 }
405
406 static int socket_verify(Socket *s) {
407 assert(s);
408
409 if (UNIT(s)->load_state != UNIT_LOADED)
410 return 0;
411
412 if (!s->ports) {
413 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
414 return -EINVAL;
415 }
416
417 if (s->accept && have_non_accept_socket(s)) {
418 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
419 return -EINVAL;
420 }
421
422 if (s->accept && s->max_connections <= 0) {
423 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
424 return -EINVAL;
425 }
426
427 if (s->accept && UNIT_DEREF(s->service)) {
428 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
429 return -EINVAL;
430 }
431
432 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
433 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
434 return -EINVAL;
435 }
436
437 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
438 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
439 return -EINVAL;
440 }
441
442 return 0;
443 }
444
445 static int socket_load(Unit *u) {
446 Socket *s = SOCKET(u);
447 int r;
448
449 assert(u);
450 assert(u->load_state == UNIT_STUB);
451
452 r = unit_load_fragment_and_dropin(u);
453 if (r < 0)
454 return r;
455
456 if (u->load_state == UNIT_LOADED) {
457 /* This is a new unit? Then let's add in some extras */
458 r = socket_add_extras(s);
459 if (r < 0)
460 return r;
461 }
462
463 return socket_verify(s);
464 }
465
466 _const_ static const char* listen_lookup(int family, int type) {
467
468 if (family == AF_NETLINK)
469 return "ListenNetlink";
470
471 if (type == SOCK_STREAM)
472 return "ListenStream";
473 else if (type == SOCK_DGRAM)
474 return "ListenDatagram";
475 else if (type == SOCK_SEQPACKET)
476 return "ListenSequentialPacket";
477
478 assert_not_reached("Unknown socket type");
479 return NULL;
480 }
481
482 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
483 char time_string[FORMAT_TIMESPAN_MAX];
484 SocketExecCommand c;
485 Socket *s = SOCKET(u);
486 SocketPort *p;
487 const char *prefix2;
488
489 assert(s);
490 assert(f);
491
492 prefix = strempty(prefix);
493 prefix2 = strjoina(prefix, "\t");
494
495 fprintf(f,
496 "%sSocket State: %s\n"
497 "%sResult: %s\n"
498 "%sBindIPv6Only: %s\n"
499 "%sBacklog: %u\n"
500 "%sSocketMode: %04o\n"
501 "%sDirectoryMode: %04o\n"
502 "%sKeepAlive: %s\n"
503 "%sNoDelay: %s\n"
504 "%sFreeBind: %s\n"
505 "%sTransparent: %s\n"
506 "%sBroadcast: %s\n"
507 "%sPassCredentials: %s\n"
508 "%sPassSecurity: %s\n"
509 "%sTCPCongestion: %s\n"
510 "%sRemoveOnStop: %s\n"
511 "%sWritable: %s\n"
512 "%sFDName: %s\n"
513 "%sSELinuxContextFromNet: %s\n",
514 prefix, socket_state_to_string(s->state),
515 prefix, socket_result_to_string(s->result),
516 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
517 prefix, s->backlog,
518 prefix, s->socket_mode,
519 prefix, s->directory_mode,
520 prefix, yes_no(s->keep_alive),
521 prefix, yes_no(s->no_delay),
522 prefix, yes_no(s->free_bind),
523 prefix, yes_no(s->transparent),
524 prefix, yes_no(s->broadcast),
525 prefix, yes_no(s->pass_cred),
526 prefix, yes_no(s->pass_sec),
527 prefix, strna(s->tcp_congestion),
528 prefix, yes_no(s->remove_on_stop),
529 prefix, yes_no(s->writable),
530 prefix, socket_fdname(s),
531 prefix, yes_no(s->selinux_context_from_net));
532
533 if (s->control_pid > 0)
534 fprintf(f,
535 "%sControl PID: "PID_FMT"\n",
536 prefix, s->control_pid);
537
538 if (s->bind_to_device)
539 fprintf(f,
540 "%sBindToDevice: %s\n",
541 prefix, s->bind_to_device);
542
543 if (s->accept)
544 fprintf(f,
545 "%sAccepted: %u\n"
546 "%sNConnections: %u\n"
547 "%sMaxConnections: %u\n",
548 prefix, s->n_accepted,
549 prefix, s->n_connections,
550 prefix, s->max_connections);
551
552 if (s->priority >= 0)
553 fprintf(f,
554 "%sPriority: %i\n",
555 prefix, s->priority);
556
557 if (s->receive_buffer > 0)
558 fprintf(f,
559 "%sReceiveBuffer: %zu\n",
560 prefix, s->receive_buffer);
561
562 if (s->send_buffer > 0)
563 fprintf(f,
564 "%sSendBuffer: %zu\n",
565 prefix, s->send_buffer);
566
567 if (s->ip_tos >= 0)
568 fprintf(f,
569 "%sIPTOS: %i\n",
570 prefix, s->ip_tos);
571
572 if (s->ip_ttl >= 0)
573 fprintf(f,
574 "%sIPTTL: %i\n",
575 prefix, s->ip_ttl);
576
577 if (s->pipe_size > 0)
578 fprintf(f,
579 "%sPipeSize: %zu\n",
580 prefix, s->pipe_size);
581
582 if (s->mark >= 0)
583 fprintf(f,
584 "%sMark: %i\n",
585 prefix, s->mark);
586
587 if (s->mq_maxmsg > 0)
588 fprintf(f,
589 "%sMessageQueueMaxMessages: %li\n",
590 prefix, s->mq_maxmsg);
591
592 if (s->mq_msgsize > 0)
593 fprintf(f,
594 "%sMessageQueueMessageSize: %li\n",
595 prefix, s->mq_msgsize);
596
597 if (s->reuse_port)
598 fprintf(f,
599 "%sReusePort: %s\n",
600 prefix, yes_no(s->reuse_port));
601
602 if (s->smack)
603 fprintf(f,
604 "%sSmackLabel: %s\n",
605 prefix, s->smack);
606
607 if (s->smack_ip_in)
608 fprintf(f,
609 "%sSmackLabelIPIn: %s\n",
610 prefix, s->smack_ip_in);
611
612 if (s->smack_ip_out)
613 fprintf(f,
614 "%sSmackLabelIPOut: %s\n",
615 prefix, s->smack_ip_out);
616
617 if (!isempty(s->user) || !isempty(s->group))
618 fprintf(f,
619 "%sOwnerUser: %s\n"
620 "%sOwnerGroup: %s\n",
621 prefix, strna(s->user),
622 prefix, strna(s->group));
623
624 if (s->keep_alive_time > 0)
625 fprintf(f,
626 "%sKeepAliveTimeSec: %s\n",
627 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
628
629 if (s->keep_alive_interval)
630 fprintf(f,
631 "%sKeepAliveIntervalSec: %s\n",
632 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
633
634 if (s->keep_alive_cnt)
635 fprintf(f,
636 "%sKeepAliveProbes: %u\n",
637 prefix, s->keep_alive_cnt);
638
639 if (s->defer_accept)
640 fprintf(f,
641 "%sDeferAcceptSec: %s\n",
642 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
643
644 LIST_FOREACH(port, p, s->ports) {
645
646 if (p->type == SOCKET_SOCKET) {
647 const char *t;
648 int r;
649 char *k = NULL;
650
651 r = socket_address_print(&p->address, &k);
652 if (r < 0)
653 t = strerror(-r);
654 else
655 t = k;
656
657 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
658 free(k);
659 } else if (p->type == SOCKET_SPECIAL)
660 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
661 else if (p->type == SOCKET_USB_FUNCTION)
662 fprintf(f, "%sListenUSBFunction: %s\n", prefix, p->path);
663 else if (p->type == SOCKET_MQUEUE)
664 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
665 else
666 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
667 }
668
669 exec_context_dump(&s->exec_context, f, prefix);
670 kill_context_dump(&s->kill_context, f, prefix);
671
672 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
673 if (!s->exec_command[c])
674 continue;
675
676 fprintf(f, "%s-> %s:\n",
677 prefix, socket_exec_command_to_string(c));
678
679 exec_command_dump_list(s->exec_command[c], f, prefix2);
680 }
681 }
682
683 static int instance_from_socket(int fd, unsigned nr, char **instance) {
684 socklen_t l;
685 char *r;
686 union sockaddr_union local, remote;
687
688 assert(fd >= 0);
689 assert(instance);
690
691 l = sizeof(local);
692 if (getsockname(fd, &local.sa, &l) < 0)
693 return -errno;
694
695 l = sizeof(remote);
696 if (getpeername(fd, &remote.sa, &l) < 0)
697 return -errno;
698
699 switch (local.sa.sa_family) {
700
701 case AF_INET: {
702 uint32_t
703 a = ntohl(local.in.sin_addr.s_addr),
704 b = ntohl(remote.in.sin_addr.s_addr);
705
706 if (asprintf(&r,
707 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
708 nr,
709 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
710 ntohs(local.in.sin_port),
711 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
712 ntohs(remote.in.sin_port)) < 0)
713 return -ENOMEM;
714
715 break;
716 }
717
718 case AF_INET6: {
719 static const unsigned char ipv4_prefix[] = {
720 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
721 };
722
723 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
724 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
725 const uint8_t
726 *a = local.in6.sin6_addr.s6_addr+12,
727 *b = remote.in6.sin6_addr.s6_addr+12;
728
729 if (asprintf(&r,
730 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
731 nr,
732 a[0], a[1], a[2], a[3],
733 ntohs(local.in6.sin6_port),
734 b[0], b[1], b[2], b[3],
735 ntohs(remote.in6.sin6_port)) < 0)
736 return -ENOMEM;
737 } else {
738 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
739
740 if (asprintf(&r,
741 "%u-%s:%u-%s:%u",
742 nr,
743 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
744 ntohs(local.in6.sin6_port),
745 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
746 ntohs(remote.in6.sin6_port)) < 0)
747 return -ENOMEM;
748 }
749
750 break;
751 }
752
753 case AF_UNIX: {
754 struct ucred ucred;
755 int k;
756
757 k = getpeercred(fd, &ucred);
758 if (k >= 0) {
759 if (asprintf(&r,
760 "%u-"PID_FMT"-"UID_FMT,
761 nr, ucred.pid, ucred.uid) < 0)
762 return -ENOMEM;
763 } else if (k == -ENODATA) {
764 /* This handles the case where somebody is
765 * connecting from another pid/uid namespace
766 * (e.g. from outside of our container). */
767 if (asprintf(&r,
768 "%u-unknown",
769 nr) < 0)
770 return -ENOMEM;
771 } else
772 return k;
773
774 break;
775 }
776
777 default:
778 assert_not_reached("Unhandled socket type.");
779 }
780
781 *instance = r;
782 return 0;
783 }
784
785 static void socket_close_fds(Socket *s) {
786 SocketPort *p;
787 char **i;
788
789 assert(s);
790
791 LIST_FOREACH(port, p, s->ports) {
792
793 p->event_source = sd_event_source_unref(p->event_source);
794
795 if (p->fd < 0)
796 continue;
797
798 p->fd = safe_close(p->fd);
799 socket_cleanup_fd_list(p);
800
801 /* One little note: we should normally not delete any
802 * sockets in the file system here! After all some
803 * other process we spawned might still have a
804 * reference of this fd and wants to continue to use
805 * it. Therefore we delete sockets in the file system
806 * before we create a new one, not after we stopped
807 * using one! */
808
809 if (s->remove_on_stop) {
810 switch (p->type) {
811
812 case SOCKET_FIFO:
813 unlink(p->path);
814 break;
815
816 case SOCKET_MQUEUE:
817 mq_unlink(p->path);
818 break;
819
820 case SOCKET_SOCKET:
821 socket_address_unlink(&p->address);
822 break;
823
824 default:
825 break;
826 }
827 }
828 }
829
830 if (s->remove_on_stop)
831 STRV_FOREACH(i, s->symlinks)
832 unlink(*i);
833 }
834
835 static void socket_apply_socket_options(Socket *s, int fd) {
836 int r;
837
838 assert(s);
839 assert(fd >= 0);
840
841 if (s->keep_alive) {
842 int b = s->keep_alive;
843 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
844 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
845 }
846
847 if (s->keep_alive_time) {
848 int value = s->keep_alive_time / USEC_PER_SEC;
849 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
850 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
851 }
852
853 if (s->keep_alive_interval) {
854 int value = s->keep_alive_interval / USEC_PER_SEC;
855 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
856 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
857 }
858
859 if (s->keep_alive_cnt) {
860 int value = s->keep_alive_cnt;
861 if (setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &value, sizeof(value)) < 0)
862 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
863 }
864
865 if (s->defer_accept) {
866 int value = s->defer_accept / USEC_PER_SEC;
867 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
868 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
869 }
870
871 if (s->no_delay) {
872 int b = s->no_delay;
873 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
874 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
875 }
876
877 if (s->broadcast) {
878 int one = 1;
879 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
880 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
881 }
882
883 if (s->pass_cred) {
884 int one = 1;
885 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
886 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
887 }
888
889 if (s->pass_sec) {
890 int one = 1;
891 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
892 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
893 }
894
895 if (s->priority >= 0)
896 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
897 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
898
899 if (s->receive_buffer > 0) {
900 int value = (int) s->receive_buffer;
901
902 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
903
904 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
905 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
906 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
907 }
908
909 if (s->send_buffer > 0) {
910 int value = (int) s->send_buffer;
911 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
912 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
913 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
914 }
915
916 if (s->mark >= 0)
917 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
918 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
919
920 if (s->ip_tos >= 0)
921 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
922 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
923
924 if (s->ip_ttl >= 0) {
925 int x;
926
927 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
928
929 if (socket_ipv6_is_supported())
930 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
931 else {
932 x = -1;
933 errno = EAFNOSUPPORT;
934 }
935
936 if (r < 0 && x < 0)
937 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
938 }
939
940 if (s->tcp_congestion)
941 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
942 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
943
944 if (s->smack_ip_in) {
945 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
946 if (r < 0)
947 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
948 }
949
950 if (s->smack_ip_out) {
951 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
952 if (r < 0)
953 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
954 }
955 }
956
957 static void socket_apply_fifo_options(Socket *s, int fd) {
958 int r;
959
960 assert(s);
961 assert(fd >= 0);
962
963 if (s->pipe_size > 0)
964 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
965 log_unit_warning_errno(UNIT(s), errno, "Setting pipe size failed, ignoring: %m");
966
967 if (s->smack) {
968 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
969 if (r < 0)
970 log_unit_error_errno(UNIT(s), r, "SMACK relabelling failed, ignoring: %m");
971 }
972 }
973
974 static int fifo_address_create(
975 const char *path,
976 mode_t directory_mode,
977 mode_t socket_mode) {
978
979 _cleanup_close_ int fd = -1;
980 mode_t old_mask;
981 struct stat st;
982 int r;
983
984 assert(path);
985
986 mkdir_parents_label(path, directory_mode);
987
988 r = mac_selinux_create_file_prepare(path, S_IFIFO);
989 if (r < 0)
990 return r;
991
992 /* Enforce the right access mode for the fifo */
993 old_mask = umask(~ socket_mode);
994
995 /* Include the original umask in our mask */
996 (void) umask(~socket_mode | old_mask);
997
998 r = mkfifo(path, socket_mode);
999 (void) umask(old_mask);
1000
1001 if (r < 0 && errno != EEXIST) {
1002 r = -errno;
1003 goto fail;
1004 }
1005
1006 fd = open(path, O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
1007 if (fd < 0) {
1008 r = -errno;
1009 goto fail;
1010 }
1011
1012 mac_selinux_create_file_clear();
1013
1014 if (fstat(fd, &st) < 0) {
1015 r = -errno;
1016 goto fail;
1017 }
1018
1019 if (!S_ISFIFO(st.st_mode) ||
1020 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1021 st.st_uid != getuid() ||
1022 st.st_gid != getgid()) {
1023 r = -EEXIST;
1024 goto fail;
1025 }
1026
1027 r = fd;
1028 fd = -1;
1029
1030 return r;
1031
1032 fail:
1033 mac_selinux_create_file_clear();
1034 return r;
1035 }
1036
1037 static int special_address_create(const char *path, bool writable) {
1038 _cleanup_close_ int fd = -1;
1039 struct stat st;
1040 int r;
1041
1042 assert(path);
1043
1044 fd = open(path, (writable ? O_RDWR : O_RDONLY)|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1045 if (fd < 0)
1046 return -errno;
1047
1048 if (fstat(fd, &st) < 0)
1049 return -errno;
1050
1051 /* Check whether this is a /proc, /sys or /dev file or char device */
1052 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode))
1053 return -EEXIST;
1054
1055 r = fd;
1056 fd = -1;
1057
1058 return r;
1059 }
1060
1061 static int usbffs_address_create(const char *path) {
1062 _cleanup_close_ int fd = -1;
1063 struct stat st;
1064 int r;
1065
1066 assert(path);
1067
1068 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1069 if (fd < 0)
1070 return -errno;
1071
1072 if (fstat(fd, &st) < 0)
1073 return -errno;
1074
1075 /* Check whether this is a regular file (ffs endpoint)*/
1076 if (!S_ISREG(st.st_mode))
1077 return -EEXIST;
1078
1079 r = fd;
1080 fd = -1;
1081
1082 return r;
1083 }
1084
1085 static int mq_address_create(
1086 const char *path,
1087 mode_t mq_mode,
1088 long maxmsg,
1089 long msgsize) {
1090
1091 _cleanup_close_ int fd = -1;
1092 struct stat st;
1093 mode_t old_mask;
1094 struct mq_attr _attr, *attr = NULL;
1095 int r;
1096
1097 assert(path);
1098
1099 if (maxmsg > 0 && msgsize > 0) {
1100 _attr = (struct mq_attr) {
1101 .mq_flags = O_NONBLOCK,
1102 .mq_maxmsg = maxmsg,
1103 .mq_msgsize = msgsize,
1104 };
1105 attr = &_attr;
1106 }
1107
1108 /* Enforce the right access mode for the mq */
1109 old_mask = umask(~ mq_mode);
1110
1111 /* Include the original umask in our mask */
1112 (void) umask(~mq_mode | old_mask);
1113 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1114 (void) umask(old_mask);
1115
1116 if (fd < 0)
1117 return -errno;
1118
1119 if (fstat(fd, &st) < 0)
1120 return -errno;
1121
1122 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1123 st.st_uid != getuid() ||
1124 st.st_gid != getgid())
1125 return -EEXIST;
1126
1127 r = fd;
1128 fd = -1;
1129
1130 return r;
1131 }
1132
1133 static int socket_symlink(Socket *s) {
1134 const char *p;
1135 char **i;
1136
1137 assert(s);
1138
1139 p = socket_find_symlink_target(s);
1140 if (!p)
1141 return 0;
1142
1143 STRV_FOREACH(i, s->symlinks)
1144 symlink_label(p, *i);
1145
1146 return 0;
1147 }
1148
1149 static int usbffs_write_descs(int fd, Service *s) {
1150 int r;
1151
1152 if (!s->usb_function_descriptors || !s->usb_function_strings)
1153 return -EINVAL;
1154
1155 r = copy_file_fd(s->usb_function_descriptors, fd, false);
1156 if (r < 0)
1157 return r;
1158
1159 return copy_file_fd(s->usb_function_strings, fd, false);
1160 }
1161
1162 static int usbffs_select_ep(const struct dirent *d) {
1163 return d->d_name[0] != '.' && !streq(d->d_name, "ep0");
1164 }
1165
1166 static int usbffs_dispatch_eps(SocketPort *p) {
1167 _cleanup_free_ struct dirent **ent = NULL;
1168 _cleanup_free_ char *path = NULL;
1169 int r, i, n, k;
1170
1171 r = path_get_parent(p->path, &path);
1172 if (r < 0)
1173 return r;
1174
1175 r = scandir(path, &ent, usbffs_select_ep, alphasort);
1176 if (r < 0)
1177 return -errno;
1178
1179 n = r;
1180 p->auxiliary_fds = new(int, n);
1181 if (!p->auxiliary_fds)
1182 return -ENOMEM;
1183
1184 p->n_auxiliary_fds = n;
1185
1186 k = 0;
1187 for (i = 0; i < n; ++i) {
1188 _cleanup_free_ char *ep = NULL;
1189
1190 ep = path_make_absolute(ent[i]->d_name, path);
1191 if (!ep)
1192 return -ENOMEM;
1193
1194 path_kill_slashes(ep);
1195
1196 r = usbffs_address_create(ep);
1197 if (r < 0)
1198 goto fail;
1199
1200 p->auxiliary_fds[k] = r;
1201
1202 ++k;
1203 free(ent[i]);
1204 }
1205
1206 return r;
1207
1208 fail:
1209 close_many(p->auxiliary_fds, k);
1210 p->auxiliary_fds = mfree(p->auxiliary_fds);
1211 p->n_auxiliary_fds = 0;
1212
1213 return r;
1214 }
1215
1216 static int socket_open_fds(Socket *s) {
1217 _cleanup_(mac_selinux_freep) char *label = NULL;
1218 bool know_label = false;
1219 SocketPort *p;
1220 int r;
1221
1222 assert(s);
1223
1224 LIST_FOREACH(port, p, s->ports) {
1225
1226 if (p->fd >= 0)
1227 continue;
1228
1229 switch (p->type) {
1230
1231 case SOCKET_SOCKET:
1232
1233 if (!know_label) {
1234 /* Figure out label, if we don't it know
1235 * yet. We do it once, for the first
1236 * socket where we need this and
1237 * remember it for the rest. */
1238
1239 if (s->selinux_context_from_net) {
1240 /* Get it from the network label */
1241
1242 r = mac_selinux_get_our_label(&label);
1243 if (r < 0 && r != -EOPNOTSUPP)
1244 goto rollback;
1245
1246 } else {
1247 /* Get it from the executable we are about to start */
1248
1249 r = socket_instantiate_service(s);
1250 if (r < 0)
1251 goto rollback;
1252
1253 if (UNIT_ISSET(s->service) &&
1254 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1255 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1256 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1257 goto rollback;
1258 }
1259 }
1260
1261 know_label = true;
1262 }
1263
1264 r = socket_address_listen(
1265 &p->address,
1266 SOCK_CLOEXEC|SOCK_NONBLOCK,
1267 s->backlog,
1268 s->bind_ipv6_only,
1269 s->bind_to_device,
1270 s->reuse_port,
1271 s->free_bind,
1272 s->transparent,
1273 s->directory_mode,
1274 s->socket_mode,
1275 label);
1276 if (r < 0)
1277 goto rollback;
1278
1279 p->fd = r;
1280 socket_apply_socket_options(s, p->fd);
1281 socket_symlink(s);
1282 break;
1283
1284 case SOCKET_SPECIAL:
1285
1286 p->fd = special_address_create(p->path, s->writable);
1287 if (p->fd < 0) {
1288 r = p->fd;
1289 goto rollback;
1290 }
1291 break;
1292
1293 case SOCKET_FIFO:
1294
1295 p->fd = fifo_address_create(
1296 p->path,
1297 s->directory_mode,
1298 s->socket_mode);
1299 if (p->fd < 0) {
1300 r = p->fd;
1301 goto rollback;
1302 }
1303
1304 socket_apply_fifo_options(s, p->fd);
1305 socket_symlink(s);
1306 break;
1307
1308 case SOCKET_MQUEUE:
1309
1310 p->fd = mq_address_create(
1311 p->path,
1312 s->socket_mode,
1313 s->mq_maxmsg,
1314 s->mq_msgsize);
1315 if (p->fd < 0) {
1316 r = p->fd;
1317 goto rollback;
1318 }
1319 break;
1320
1321 case SOCKET_USB_FUNCTION:
1322
1323 p->fd = usbffs_address_create(p->path);
1324 if (p->fd < 0) {
1325 r = p->fd;
1326 goto rollback;
1327 }
1328
1329 r = usbffs_write_descs(p->fd, SERVICE(UNIT_DEREF(s->service)));
1330 if (r < 0)
1331 goto rollback;
1332
1333 r = usbffs_dispatch_eps(p);
1334 if (r < 0)
1335 goto rollback;
1336
1337 break;
1338
1339 default:
1340 assert_not_reached("Unknown port type");
1341 }
1342 }
1343
1344 return 0;
1345
1346 rollback:
1347 socket_close_fds(s);
1348 return r;
1349 }
1350
1351 static void socket_unwatch_fds(Socket *s) {
1352 SocketPort *p;
1353 int r;
1354
1355 assert(s);
1356
1357 LIST_FOREACH(port, p, s->ports) {
1358 if (p->fd < 0)
1359 continue;
1360
1361 if (!p->event_source)
1362 continue;
1363
1364 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1365 if (r < 0)
1366 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
1367 }
1368 }
1369
1370 static int socket_watch_fds(Socket *s) {
1371 SocketPort *p;
1372 int r;
1373
1374 assert(s);
1375
1376 LIST_FOREACH(port, p, s->ports) {
1377 if (p->fd < 0)
1378 continue;
1379
1380 if (p->event_source) {
1381 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1382 if (r < 0)
1383 goto fail;
1384 } else {
1385 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1386 if (r < 0)
1387 goto fail;
1388
1389 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1390 }
1391 }
1392
1393 return 0;
1394
1395 fail:
1396 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
1397 socket_unwatch_fds(s);
1398 return r;
1399 }
1400
1401 static void socket_set_state(Socket *s, SocketState state) {
1402 SocketState old_state;
1403 assert(s);
1404
1405 old_state = s->state;
1406 s->state = state;
1407
1408 if (!IN_SET(state,
1409 SOCKET_START_PRE,
1410 SOCKET_START_CHOWN,
1411 SOCKET_START_POST,
1412 SOCKET_STOP_PRE,
1413 SOCKET_STOP_PRE_SIGTERM,
1414 SOCKET_STOP_PRE_SIGKILL,
1415 SOCKET_STOP_POST,
1416 SOCKET_FINAL_SIGTERM,
1417 SOCKET_FINAL_SIGKILL)) {
1418
1419 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1420 socket_unwatch_control_pid(s);
1421 s->control_command = NULL;
1422 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1423 }
1424
1425 if (state != SOCKET_LISTENING)
1426 socket_unwatch_fds(s);
1427
1428 if (!IN_SET(state,
1429 SOCKET_START_CHOWN,
1430 SOCKET_START_POST,
1431 SOCKET_LISTENING,
1432 SOCKET_RUNNING,
1433 SOCKET_STOP_PRE,
1434 SOCKET_STOP_PRE_SIGTERM,
1435 SOCKET_STOP_PRE_SIGKILL))
1436 socket_close_fds(s);
1437
1438 if (state != old_state)
1439 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
1440
1441 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1442 }
1443
1444 static int socket_coldplug(Unit *u) {
1445 Socket *s = SOCKET(u);
1446 int r;
1447
1448 assert(s);
1449 assert(s->state == SOCKET_DEAD);
1450
1451 if (s->deserialized_state == s->state)
1452 return 0;
1453
1454 if (IN_SET(s->deserialized_state,
1455 SOCKET_START_PRE,
1456 SOCKET_START_CHOWN,
1457 SOCKET_START_POST,
1458 SOCKET_STOP_PRE,
1459 SOCKET_STOP_PRE_SIGTERM,
1460 SOCKET_STOP_PRE_SIGKILL,
1461 SOCKET_STOP_POST,
1462 SOCKET_FINAL_SIGTERM,
1463 SOCKET_FINAL_SIGKILL)) {
1464
1465 if (s->control_pid <= 0)
1466 return -EBADMSG;
1467
1468 r = unit_watch_pid(UNIT(s), s->control_pid);
1469 if (r < 0)
1470 return r;
1471
1472 r = socket_arm_timer(s);
1473 if (r < 0)
1474 return r;
1475 }
1476
1477 if (IN_SET(s->deserialized_state,
1478 SOCKET_START_CHOWN,
1479 SOCKET_START_POST,
1480 SOCKET_LISTENING,
1481 SOCKET_RUNNING,
1482 SOCKET_STOP_PRE,
1483 SOCKET_STOP_PRE_SIGTERM,
1484 SOCKET_STOP_PRE_SIGKILL)) {
1485 r = socket_open_fds(s);
1486 if (r < 0)
1487 return r;
1488 }
1489
1490 if (s->deserialized_state == SOCKET_LISTENING) {
1491 r = socket_watch_fds(s);
1492 if (r < 0)
1493 return r;
1494 }
1495
1496 socket_set_state(s, s->deserialized_state);
1497 return 0;
1498 }
1499
1500 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1501 _cleanup_free_ char **argv = NULL;
1502 pid_t pid;
1503 int r;
1504 ExecParameters exec_params = {
1505 .apply_permissions = true,
1506 .apply_chroot = true,
1507 .apply_tty_stdin = true,
1508 .bus_endpoint_fd = -1,
1509 .stdin_fd = -1,
1510 .stdout_fd = -1,
1511 .stderr_fd = -1,
1512 };
1513
1514 assert(s);
1515 assert(c);
1516 assert(_pid);
1517
1518 (void) unit_realize_cgroup(UNIT(s));
1519 if (s->reset_cpu_usage) {
1520 (void) unit_reset_cpu_usage(UNIT(s));
1521 s->reset_cpu_usage = false;
1522 }
1523
1524 r = unit_setup_exec_runtime(UNIT(s));
1525 if (r < 0)
1526 goto fail;
1527
1528 r = socket_arm_timer(s);
1529 if (r < 0)
1530 goto fail;
1531
1532 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1533 if (r < 0)
1534 goto fail;
1535
1536 exec_params.argv = argv;
1537 exec_params.environment = UNIT(s)->manager->environment;
1538 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1539 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1540 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1541 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1542 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1543
1544 r = exec_spawn(UNIT(s),
1545 c,
1546 &s->exec_context,
1547 &exec_params,
1548 s->exec_runtime,
1549 &pid);
1550 if (r < 0)
1551 goto fail;
1552
1553 r = unit_watch_pid(UNIT(s), pid);
1554 if (r < 0)
1555 /* FIXME: we need to do something here */
1556 goto fail;
1557
1558 *_pid = pid;
1559 return 0;
1560
1561 fail:
1562 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1563 return r;
1564 }
1565
1566 static int socket_chown(Socket *s, pid_t *_pid) {
1567 pid_t pid;
1568 int r;
1569
1570 r = socket_arm_timer(s);
1571 if (r < 0)
1572 goto fail;
1573
1574 /* We have to resolve the user names out-of-process, hence
1575 * let's fork here. It's messy, but well, what can we do? */
1576
1577 pid = fork();
1578 if (pid < 0)
1579 return -errno;
1580
1581 if (pid == 0) {
1582 SocketPort *p;
1583 uid_t uid = UID_INVALID;
1584 gid_t gid = GID_INVALID;
1585 int ret;
1586
1587 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1588 (void) ignore_signals(SIGPIPE, -1);
1589 log_forget_fds();
1590
1591 if (!isempty(s->user)) {
1592 const char *user = s->user;
1593
1594 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1595 if (r < 0) {
1596 ret = EXIT_USER;
1597 goto fail_child;
1598 }
1599 }
1600
1601 if (!isempty(s->group)) {
1602 const char *group = s->group;
1603
1604 r = get_group_creds(&group, &gid);
1605 if (r < 0) {
1606 ret = EXIT_GROUP;
1607 goto fail_child;
1608 }
1609 }
1610
1611 LIST_FOREACH(port, p, s->ports) {
1612 const char *path = NULL;
1613
1614 if (p->type == SOCKET_SOCKET)
1615 path = socket_address_get_path(&p->address);
1616 else if (p->type == SOCKET_FIFO)
1617 path = p->path;
1618
1619 if (!path)
1620 continue;
1621
1622 if (chown(path, uid, gid) < 0) {
1623 r = -errno;
1624 ret = EXIT_CHOWN;
1625 goto fail_child;
1626 }
1627 }
1628
1629 _exit(0);
1630
1631 fail_child:
1632 log_open();
1633 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1634
1635 _exit(ret);
1636 }
1637
1638 r = unit_watch_pid(UNIT(s), pid);
1639 if (r < 0)
1640 goto fail;
1641
1642 *_pid = pid;
1643 return 0;
1644
1645 fail:
1646 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1647 return r;
1648 }
1649
1650 static void socket_enter_dead(Socket *s, SocketResult f) {
1651 assert(s);
1652
1653 if (f != SOCKET_SUCCESS)
1654 s->result = f;
1655
1656 exec_runtime_destroy(s->exec_runtime);
1657 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1658
1659 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1660
1661 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1662 }
1663
1664 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1665
1666 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1667 int r;
1668 assert(s);
1669
1670 if (f != SOCKET_SUCCESS)
1671 s->result = f;
1672
1673 socket_unwatch_control_pid(s);
1674 s->control_command_id = SOCKET_EXEC_STOP_POST;
1675 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1676
1677 if (s->control_command) {
1678 r = socket_spawn(s, s->control_command, &s->control_pid);
1679 if (r < 0)
1680 goto fail;
1681
1682 socket_set_state(s, SOCKET_STOP_POST);
1683 } else
1684 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1685
1686 return;
1687
1688 fail:
1689 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
1690 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1691 }
1692
1693 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1694 int r;
1695
1696 assert(s);
1697
1698 if (f != SOCKET_SUCCESS)
1699 s->result = f;
1700
1701 r = unit_kill_context(
1702 UNIT(s),
1703 &s->kill_context,
1704 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1705 KILL_KILL : KILL_TERMINATE,
1706 -1,
1707 s->control_pid,
1708 false);
1709 if (r < 0)
1710 goto fail;
1711
1712 if (r > 0) {
1713 r = socket_arm_timer(s);
1714 if (r < 0)
1715 goto fail;
1716
1717 socket_set_state(s, state);
1718 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1719 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1720 else if (state == SOCKET_STOP_PRE_SIGKILL)
1721 socket_enter_stop_post(s, SOCKET_SUCCESS);
1722 else if (state == SOCKET_FINAL_SIGTERM)
1723 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1724 else
1725 socket_enter_dead(s, SOCKET_SUCCESS);
1726
1727 return;
1728
1729 fail:
1730 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
1731
1732 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1733 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1734 else
1735 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1736 }
1737
1738 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1739 int r;
1740 assert(s);
1741
1742 if (f != SOCKET_SUCCESS)
1743 s->result = f;
1744
1745 socket_unwatch_control_pid(s);
1746 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1747 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1748
1749 if (s->control_command) {
1750 r = socket_spawn(s, s->control_command, &s->control_pid);
1751 if (r < 0)
1752 goto fail;
1753
1754 socket_set_state(s, SOCKET_STOP_PRE);
1755 } else
1756 socket_enter_stop_post(s, SOCKET_SUCCESS);
1757
1758 return;
1759
1760 fail:
1761 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
1762 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1763 }
1764
1765 static void socket_enter_listening(Socket *s) {
1766 int r;
1767 assert(s);
1768
1769 r = socket_watch_fds(s);
1770 if (r < 0) {
1771 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1772 goto fail;
1773 }
1774
1775 socket_set_state(s, SOCKET_LISTENING);
1776 return;
1777
1778 fail:
1779 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1780 }
1781
1782 static void socket_enter_start_post(Socket *s) {
1783 int r;
1784 assert(s);
1785
1786 socket_unwatch_control_pid(s);
1787 s->control_command_id = SOCKET_EXEC_START_POST;
1788 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1789
1790 if (s->control_command) {
1791 r = socket_spawn(s, s->control_command, &s->control_pid);
1792 if (r < 0) {
1793 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
1794 goto fail;
1795 }
1796
1797 socket_set_state(s, SOCKET_START_POST);
1798 } else
1799 socket_enter_listening(s);
1800
1801 return;
1802
1803 fail:
1804 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1805 }
1806
1807 static void socket_enter_start_chown(Socket *s) {
1808 int r;
1809
1810 assert(s);
1811
1812 r = socket_open_fds(s);
1813 if (r < 0) {
1814 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1815 goto fail;
1816 }
1817
1818 if (!isempty(s->user) || !isempty(s->group)) {
1819
1820 socket_unwatch_control_pid(s);
1821 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1822 s->control_command = NULL;
1823
1824 r = socket_chown(s, &s->control_pid);
1825 if (r < 0) {
1826 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
1827 goto fail;
1828 }
1829
1830 socket_set_state(s, SOCKET_START_CHOWN);
1831 } else
1832 socket_enter_start_post(s);
1833
1834 return;
1835
1836 fail:
1837 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1838 }
1839
1840 static void socket_enter_start_pre(Socket *s) {
1841 int r;
1842 assert(s);
1843
1844 socket_unwatch_control_pid(s);
1845 s->control_command_id = SOCKET_EXEC_START_PRE;
1846 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1847
1848 if (s->control_command) {
1849 r = socket_spawn(s, s->control_command, &s->control_pid);
1850 if (r < 0) {
1851 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
1852 goto fail;
1853 }
1854
1855 socket_set_state(s, SOCKET_START_PRE);
1856 } else
1857 socket_enter_start_chown(s);
1858
1859 return;
1860
1861 fail:
1862 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1863 }
1864
1865 static void socket_enter_running(Socket *s, int cfd) {
1866 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1867 int r;
1868
1869 assert(s);
1870
1871 /* We don't take connections anymore if we are supposed to
1872 * shut down anyway */
1873 if (unit_stop_pending(UNIT(s))) {
1874
1875 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
1876
1877 if (cfd >= 0)
1878 safe_close(cfd);
1879 else {
1880 /* Flush all sockets by closing and reopening them */
1881 socket_close_fds(s);
1882
1883 r = socket_open_fds(s);
1884 if (r < 0) {
1885 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1886 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1887 return;
1888 }
1889
1890 r = socket_watch_fds(s);
1891 if (r < 0) {
1892 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1893 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1894 }
1895 }
1896
1897 return;
1898 }
1899
1900 if (cfd < 0) {
1901 Iterator i;
1902 Unit *other;
1903 bool pending = false;
1904
1905 /* If there's already a start pending don't bother to
1906 * do anything */
1907 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1908 if (unit_active_or_pending(other)) {
1909 pending = true;
1910 break;
1911 }
1912
1913 if (!pending) {
1914 if (!UNIT_ISSET(s->service)) {
1915 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
1916 r = -ENOENT;
1917 goto fail;
1918 }
1919
1920 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1921 if (r < 0)
1922 goto fail;
1923 }
1924
1925 socket_set_state(s, SOCKET_RUNNING);
1926 } else {
1927 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1928 Service *service;
1929
1930 if (s->n_connections >= s->max_connections) {
1931 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
1932 safe_close(cfd);
1933 return;
1934 }
1935
1936 r = socket_instantiate_service(s);
1937 if (r < 0)
1938 goto fail;
1939
1940 r = instance_from_socket(cfd, s->n_accepted, &instance);
1941 if (r < 0) {
1942 if (r != -ENOTCONN)
1943 goto fail;
1944
1945 /* ENOTCONN is legitimate if TCP RST was received.
1946 * This connection is over, but the socket unit lives on. */
1947 safe_close(cfd);
1948 return;
1949 }
1950
1951 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1952 if (r < 0)
1953 goto fail;
1954
1955 r = unit_name_build(prefix, instance, ".service", &name);
1956 if (r < 0)
1957 goto fail;
1958
1959 r = unit_add_name(UNIT_DEREF(s->service), name);
1960 if (r < 0)
1961 goto fail;
1962
1963 service = SERVICE(UNIT_DEREF(s->service));
1964 unit_ref_unset(&s->service);
1965 s->n_accepted ++;
1966
1967 UNIT(service)->no_gc = false;
1968
1969 unit_choose_id(UNIT(service), name);
1970
1971 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1972 if (r < 0)
1973 goto fail;
1974
1975 cfd = -1;
1976 s->n_connections ++;
1977
1978 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1979 if (r < 0)
1980 goto fail;
1981
1982 /* Notify clients about changed counters */
1983 unit_add_to_dbus_queue(UNIT(s));
1984 }
1985
1986 return;
1987
1988 fail:
1989 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1990 cfd >= 0 ? "template" : "non-template",
1991 bus_error_message(&error, r));
1992
1993 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1994 safe_close(cfd);
1995 }
1996
1997 static void socket_run_next(Socket *s) {
1998 int r;
1999
2000 assert(s);
2001 assert(s->control_command);
2002 assert(s->control_command->command_next);
2003
2004 socket_unwatch_control_pid(s);
2005
2006 s->control_command = s->control_command->command_next;
2007
2008 r = socket_spawn(s, s->control_command, &s->control_pid);
2009 if (r < 0)
2010 goto fail;
2011
2012 return;
2013
2014 fail:
2015 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
2016
2017 if (s->state == SOCKET_START_POST)
2018 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2019 else if (s->state == SOCKET_STOP_POST)
2020 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
2021 else
2022 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
2023 }
2024
2025 static int socket_start(Unit *u) {
2026 Socket *s = SOCKET(u);
2027
2028 assert(s);
2029
2030 /* We cannot fulfill this request right now, try again later
2031 * please! */
2032 if (IN_SET(s->state,
2033 SOCKET_STOP_PRE,
2034 SOCKET_STOP_PRE_SIGKILL,
2035 SOCKET_STOP_PRE_SIGTERM,
2036 SOCKET_STOP_POST,
2037 SOCKET_FINAL_SIGTERM,
2038 SOCKET_FINAL_SIGKILL))
2039 return -EAGAIN;
2040
2041 /* Already on it! */
2042 if (IN_SET(s->state,
2043 SOCKET_START_PRE,
2044 SOCKET_START_CHOWN,
2045 SOCKET_START_POST))
2046 return 0;
2047
2048 /* Cannot run this without the service being around */
2049 if (UNIT_ISSET(s->service)) {
2050 Service *service;
2051
2052 service = SERVICE(UNIT_DEREF(s->service));
2053
2054 if (UNIT(service)->load_state != UNIT_LOADED) {
2055 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
2056 return -ENOENT;
2057 }
2058
2059 /* If the service is already active we cannot start the
2060 * socket */
2061 if (service->state != SERVICE_DEAD &&
2062 service->state != SERVICE_FAILED &&
2063 service->state != SERVICE_AUTO_RESTART) {
2064 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
2065 return -EBUSY;
2066 }
2067 }
2068
2069 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
2070
2071 s->result = SOCKET_SUCCESS;
2072 s->reset_cpu_usage = true;
2073
2074 socket_enter_start_pre(s);
2075
2076 return 1;
2077 }
2078
2079 static int socket_stop(Unit *u) {
2080 Socket *s = SOCKET(u);
2081
2082 assert(s);
2083
2084 /* Already on it */
2085 if (IN_SET(s->state,
2086 SOCKET_STOP_PRE,
2087 SOCKET_STOP_PRE_SIGTERM,
2088 SOCKET_STOP_PRE_SIGKILL,
2089 SOCKET_STOP_POST,
2090 SOCKET_FINAL_SIGTERM,
2091 SOCKET_FINAL_SIGKILL))
2092 return 0;
2093
2094 /* If there's already something running we go directly into
2095 * kill mode. */
2096 if (IN_SET(s->state,
2097 SOCKET_START_PRE,
2098 SOCKET_START_CHOWN,
2099 SOCKET_START_POST)) {
2100 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
2101 return -EAGAIN;
2102 }
2103
2104 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
2105
2106 socket_enter_stop_pre(s, SOCKET_SUCCESS);
2107 return 1;
2108 }
2109
2110 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2111 Socket *s = SOCKET(u);
2112 SocketPort *p;
2113 int r;
2114
2115 assert(u);
2116 assert(f);
2117 assert(fds);
2118
2119 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2120 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2121 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2122
2123 if (s->control_pid > 0)
2124 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2125
2126 if (s->control_command_id >= 0)
2127 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2128
2129 LIST_FOREACH(port, p, s->ports) {
2130 int copy;
2131
2132 if (p->fd < 0)
2133 continue;
2134
2135 copy = fdset_put_dup(fds, p->fd);
2136 if (copy < 0)
2137 return copy;
2138
2139 if (p->type == SOCKET_SOCKET) {
2140 _cleanup_free_ char *t = NULL;
2141
2142 r = socket_address_print(&p->address, &t);
2143 if (r < 0)
2144 return r;
2145
2146 if (socket_address_family(&p->address) == AF_NETLINK)
2147 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2148 else
2149 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2150
2151 } else if (p->type == SOCKET_SPECIAL)
2152 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2153 else if (p->type == SOCKET_MQUEUE)
2154 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2155 else if (p->type == SOCKET_USB_FUNCTION)
2156 unit_serialize_item_format(u, f, "ffs", "%i %s", copy, p->path);
2157 else {
2158 assert(p->type == SOCKET_FIFO);
2159 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2160 }
2161 }
2162
2163 return 0;
2164 }
2165
2166 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2167 Socket *s = SOCKET(u);
2168
2169 assert(u);
2170 assert(key);
2171 assert(value);
2172
2173 if (streq(key, "state")) {
2174 SocketState state;
2175
2176 state = socket_state_from_string(value);
2177 if (state < 0)
2178 log_unit_debug(u, "Failed to parse state value: %s", value);
2179 else
2180 s->deserialized_state = state;
2181 } else if (streq(key, "result")) {
2182 SocketResult f;
2183
2184 f = socket_result_from_string(value);
2185 if (f < 0)
2186 log_unit_debug(u, "Failed to parse result value: %s", value);
2187 else if (f != SOCKET_SUCCESS)
2188 s->result = f;
2189
2190 } else if (streq(key, "n-accepted")) {
2191 unsigned k;
2192
2193 if (safe_atou(value, &k) < 0)
2194 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
2195 else
2196 s->n_accepted += k;
2197 } else if (streq(key, "control-pid")) {
2198 pid_t pid;
2199
2200 if (parse_pid(value, &pid) < 0)
2201 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
2202 else
2203 s->control_pid = pid;
2204 } else if (streq(key, "control-command")) {
2205 SocketExecCommand id;
2206
2207 id = socket_exec_command_from_string(value);
2208 if (id < 0)
2209 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
2210 else {
2211 s->control_command_id = id;
2212 s->control_command = s->exec_command[id];
2213 }
2214 } else if (streq(key, "fifo")) {
2215 int fd, skip = 0;
2216 SocketPort *p;
2217
2218 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2219 log_unit_debug(u, "Failed to parse fifo value: %s", value);
2220 else {
2221
2222 LIST_FOREACH(port, p, s->ports)
2223 if (p->type == SOCKET_FIFO &&
2224 path_equal_or_files_same(p->path, value+skip))
2225 break;
2226
2227 if (p) {
2228 safe_close(p->fd);
2229 p->fd = fdset_remove(fds, fd);
2230 }
2231 }
2232
2233 } else if (streq(key, "special")) {
2234 int fd, skip = 0;
2235 SocketPort *p;
2236
2237 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2238 log_unit_debug(u, "Failed to parse special value: %s", value);
2239 else {
2240
2241 LIST_FOREACH(port, p, s->ports)
2242 if (p->type == SOCKET_SPECIAL &&
2243 path_equal_or_files_same(p->path, value+skip))
2244 break;
2245
2246 if (p) {
2247 safe_close(p->fd);
2248 p->fd = fdset_remove(fds, fd);
2249 }
2250 }
2251
2252 } else if (streq(key, "mqueue")) {
2253 int fd, skip = 0;
2254 SocketPort *p;
2255
2256 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2257 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
2258 else {
2259
2260 LIST_FOREACH(port, p, s->ports)
2261 if (p->type == SOCKET_MQUEUE &&
2262 streq(p->path, value+skip))
2263 break;
2264
2265 if (p) {
2266 safe_close(p->fd);
2267 p->fd = fdset_remove(fds, fd);
2268 }
2269 }
2270
2271 } else if (streq(key, "socket")) {
2272 int fd, type, skip = 0;
2273 SocketPort *p;
2274
2275 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2276 log_unit_debug(u, "Failed to parse socket value: %s", value);
2277 else {
2278
2279 LIST_FOREACH(port, p, s->ports)
2280 if (socket_address_is(&p->address, value+skip, type))
2281 break;
2282
2283 if (p) {
2284 safe_close(p->fd);
2285 p->fd = fdset_remove(fds, fd);
2286 }
2287 }
2288
2289 } else if (streq(key, "netlink")) {
2290 int fd, skip = 0;
2291 SocketPort *p;
2292
2293 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2294 log_unit_debug(u, "Failed to parse socket value: %s", value);
2295 else {
2296
2297 LIST_FOREACH(port, p, s->ports)
2298 if (socket_address_is_netlink(&p->address, value+skip))
2299 break;
2300
2301 if (p) {
2302 safe_close(p->fd);
2303 p->fd = fdset_remove(fds, fd);
2304 }
2305 }
2306
2307 } else if (streq(key, "ffs")) {
2308 int fd, skip = 0;
2309 SocketPort *p;
2310
2311 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2312 log_unit_debug(u, "Failed to parse ffs value: %s", value);
2313 else {
2314
2315 LIST_FOREACH(port, p, s->ports)
2316 if (p->type == SOCKET_USB_FUNCTION &&
2317 path_equal_or_files_same(p->path, value+skip))
2318 break;
2319
2320 if (p) {
2321 safe_close(p->fd);
2322 p->fd = fdset_remove(fds, fd);
2323 }
2324 }
2325
2326 } else
2327 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
2328
2329 return 0;
2330 }
2331
2332 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2333 Socket *s = SOCKET(u);
2334 SocketPort *p;
2335
2336 assert(u);
2337
2338 LIST_FOREACH(port, p, s->ports) {
2339 Iterator i;
2340 int fd;
2341
2342 if (p->type != SOCKET_SOCKET)
2343 continue;
2344
2345 if (p->fd >= 0)
2346 continue;
2347
2348 FDSET_FOREACH(fd, fds, i) {
2349 if (socket_address_matches_fd(&p->address, fd)) {
2350 p->fd = fdset_remove(fds, fd);
2351 s->deserialized_state = SOCKET_LISTENING;
2352 break;
2353 }
2354 }
2355 }
2356
2357 return 0;
2358 }
2359
2360 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2361 assert(u);
2362
2363 return state_translation_table[SOCKET(u)->state];
2364 }
2365
2366 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2367 assert(u);
2368
2369 return socket_state_to_string(SOCKET(u)->state);
2370 }
2371
2372 const char* socket_port_type_to_string(SocketPort *p) {
2373
2374 assert(p);
2375
2376 switch (p->type) {
2377
2378 case SOCKET_SOCKET:
2379
2380 switch (p->address.type) {
2381
2382 case SOCK_STREAM:
2383 return "Stream";
2384
2385 case SOCK_DGRAM:
2386 return "Datagram";
2387
2388 case SOCK_SEQPACKET:
2389 return "SequentialPacket";
2390
2391 case SOCK_RAW:
2392 if (socket_address_family(&p->address) == AF_NETLINK)
2393 return "Netlink";
2394
2395 default:
2396 return NULL;
2397 }
2398
2399 case SOCKET_SPECIAL:
2400 return "Special";
2401
2402 case SOCKET_MQUEUE:
2403 return "MessageQueue";
2404
2405 case SOCKET_FIFO:
2406 return "FIFO";
2407
2408 case SOCKET_USB_FUNCTION:
2409 return "USBFunction";
2410
2411 default:
2412 return NULL;
2413 }
2414 }
2415
2416 _pure_ static bool socket_check_gc(Unit *u) {
2417 Socket *s = SOCKET(u);
2418
2419 assert(u);
2420
2421 return s->n_connections > 0;
2422 }
2423
2424 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2425 SocketPort *p = userdata;
2426 int cfd = -1;
2427
2428 assert(p);
2429 assert(fd >= 0);
2430
2431 if (p->socket->state != SOCKET_LISTENING)
2432 return 0;
2433
2434 log_unit_debug(UNIT(p->socket), "Incoming traffic");
2435
2436 if (revents != EPOLLIN) {
2437
2438 if (revents & EPOLLHUP)
2439 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2440 else
2441 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
2442 goto fail;
2443 }
2444
2445 if (p->socket->accept &&
2446 p->type == SOCKET_SOCKET &&
2447 socket_address_can_accept(&p->address)) {
2448
2449 for (;;) {
2450
2451 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2452 if (cfd < 0) {
2453
2454 if (errno == EINTR)
2455 continue;
2456
2457 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
2458 goto fail;
2459 }
2460
2461 break;
2462 }
2463
2464 socket_apply_socket_options(p->socket, cfd);
2465 }
2466
2467 socket_enter_running(p->socket, cfd);
2468 return 0;
2469
2470 fail:
2471 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2472 return 0;
2473 }
2474
2475 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2476 Socket *s = SOCKET(u);
2477 SocketResult f;
2478
2479 assert(s);
2480 assert(pid >= 0);
2481
2482 if (pid != s->control_pid)
2483 return;
2484
2485 s->control_pid = 0;
2486
2487 if (is_clean_exit(code, status, NULL))
2488 f = SOCKET_SUCCESS;
2489 else if (code == CLD_EXITED)
2490 f = SOCKET_FAILURE_EXIT_CODE;
2491 else if (code == CLD_KILLED)
2492 f = SOCKET_FAILURE_SIGNAL;
2493 else if (code == CLD_DUMPED)
2494 f = SOCKET_FAILURE_CORE_DUMP;
2495 else
2496 assert_not_reached("Unknown sigchld code");
2497
2498 if (s->control_command) {
2499 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2500
2501 if (s->control_command->ignore)
2502 f = SOCKET_SUCCESS;
2503 }
2504
2505 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2506 "Control process exited, code=%s status=%i",
2507 sigchld_code_to_string(code), status);
2508
2509 if (f != SOCKET_SUCCESS)
2510 s->result = f;
2511
2512 if (s->control_command &&
2513 s->control_command->command_next &&
2514 f == SOCKET_SUCCESS) {
2515
2516 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
2517 socket_run_next(s);
2518 } else {
2519 s->control_command = NULL;
2520 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2521
2522 /* No further commands for this step, so let's figure
2523 * out what to do next */
2524
2525 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
2526
2527 switch (s->state) {
2528
2529 case SOCKET_START_PRE:
2530 if (f == SOCKET_SUCCESS)
2531 socket_enter_start_chown(s);
2532 else
2533 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2534 break;
2535
2536 case SOCKET_START_CHOWN:
2537 if (f == SOCKET_SUCCESS)
2538 socket_enter_start_post(s);
2539 else
2540 socket_enter_stop_pre(s, f);
2541 break;
2542
2543 case SOCKET_START_POST:
2544 if (f == SOCKET_SUCCESS)
2545 socket_enter_listening(s);
2546 else
2547 socket_enter_stop_pre(s, f);
2548 break;
2549
2550 case SOCKET_STOP_PRE:
2551 case SOCKET_STOP_PRE_SIGTERM:
2552 case SOCKET_STOP_PRE_SIGKILL:
2553 socket_enter_stop_post(s, f);
2554 break;
2555
2556 case SOCKET_STOP_POST:
2557 case SOCKET_FINAL_SIGTERM:
2558 case SOCKET_FINAL_SIGKILL:
2559 socket_enter_dead(s, f);
2560 break;
2561
2562 default:
2563 assert_not_reached("Uh, control process died at wrong time.");
2564 }
2565 }
2566
2567 /* Notify clients about changed exit status */
2568 unit_add_to_dbus_queue(u);
2569 }
2570
2571 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2572 Socket *s = SOCKET(userdata);
2573
2574 assert(s);
2575 assert(s->timer_event_source == source);
2576
2577 switch (s->state) {
2578
2579 case SOCKET_START_PRE:
2580 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
2581 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2582 break;
2583
2584 case SOCKET_START_CHOWN:
2585 case SOCKET_START_POST:
2586 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
2587 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2588 break;
2589
2590 case SOCKET_STOP_PRE:
2591 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
2592 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2593 break;
2594
2595 case SOCKET_STOP_PRE_SIGTERM:
2596 if (s->kill_context.send_sigkill) {
2597 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
2598 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2599 } else {
2600 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2601 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2602 }
2603 break;
2604
2605 case SOCKET_STOP_PRE_SIGKILL:
2606 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
2607 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2608 break;
2609
2610 case SOCKET_STOP_POST:
2611 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
2612 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2613 break;
2614
2615 case SOCKET_FINAL_SIGTERM:
2616 if (s->kill_context.send_sigkill) {
2617 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
2618 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2619 } else {
2620 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2621 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2622 }
2623 break;
2624
2625 case SOCKET_FINAL_SIGKILL:
2626 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
2627 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2628 break;
2629
2630 default:
2631 assert_not_reached("Timeout at wrong time.");
2632 }
2633
2634 return 0;
2635 }
2636
2637 int socket_collect_fds(Socket *s, int **fds) {
2638 int *rfds, k = 0, n = 0;
2639 SocketPort *p;
2640
2641 assert(s);
2642 assert(fds);
2643
2644 /* Called from the service code for requesting our fds */
2645
2646 LIST_FOREACH(port, p, s->ports) {
2647 if (p->fd >= 0)
2648 n++;
2649 n += p->n_auxiliary_fds;
2650 }
2651
2652 if (n <= 0) {
2653 *fds = NULL;
2654 return 0;
2655 }
2656
2657 rfds = new(int, n);
2658 if (!rfds)
2659 return -ENOMEM;
2660
2661 LIST_FOREACH(port, p, s->ports) {
2662 int i;
2663
2664 if (p->fd >= 0)
2665 rfds[k++] = p->fd;
2666 for (i = 0; i < p->n_auxiliary_fds; ++i)
2667 rfds[k++] = p->auxiliary_fds[i];
2668 }
2669
2670 assert(k == n);
2671
2672 *fds = rfds;
2673 return n;
2674 }
2675
2676 static void socket_reset_failed(Unit *u) {
2677 Socket *s = SOCKET(u);
2678
2679 assert(s);
2680
2681 if (s->state == SOCKET_FAILED)
2682 socket_set_state(s, SOCKET_DEAD);
2683
2684 s->result = SOCKET_SUCCESS;
2685 }
2686
2687 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2688 assert(s);
2689
2690 /* The service is dead. Dang!
2691 *
2692 * This is strictly for one-instance-for-all-connections
2693 * services. */
2694
2695 if (s->state == SOCKET_RUNNING) {
2696 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
2697 if (failed_permanent)
2698 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2699 else
2700 socket_enter_listening(s);
2701 }
2702 }
2703
2704 void socket_connection_unref(Socket *s) {
2705 assert(s);
2706
2707 /* The service is dead. Yay!
2708 *
2709 * This is strictly for one-instance-per-connection
2710 * services. */
2711
2712 assert(s->n_connections > 0);
2713 s->n_connections--;
2714
2715 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
2716 }
2717
2718 static void socket_trigger_notify(Unit *u, Unit *other) {
2719 Socket *s = SOCKET(u);
2720 Service *se;
2721
2722 assert(u);
2723 assert(other);
2724
2725 /* Don't propagate state changes from the service if we are
2726 already down or accepting connections */
2727 if ((s->state != SOCKET_RUNNING &&
2728 s->state != SOCKET_LISTENING) ||
2729 s->accept)
2730 return;
2731
2732 if (other->load_state != UNIT_LOADED ||
2733 other->type != UNIT_SERVICE)
2734 return;
2735
2736 se = SERVICE(other);
2737
2738 if (se->state == SERVICE_FAILED)
2739 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2740
2741 if (se->state == SERVICE_DEAD ||
2742 se->state == SERVICE_FINAL_SIGTERM ||
2743 se->state == SERVICE_FINAL_SIGKILL ||
2744 se->state == SERVICE_AUTO_RESTART)
2745 socket_notify_service_dead(s, false);
2746
2747 if (se->state == SERVICE_RUNNING)
2748 socket_set_state(s, SOCKET_RUNNING);
2749 }
2750
2751 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2752 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2753 }
2754
2755 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2756 Socket *s = SOCKET(u);
2757 int r;
2758
2759 if (!s->timer_event_source)
2760 return 0;
2761
2762 r = sd_event_source_get_time(s->timer_event_source, timeout);
2763 if (r < 0)
2764 return r;
2765
2766 return 1;
2767 }
2768
2769 char *socket_fdname(Socket *s) {
2770 assert(s);
2771
2772 /* Returns the name to use for $LISTEN_NAMES. If the user
2773 * didn't specify anything specifically, use the socket unit's
2774 * name as fallback. */
2775
2776 if (s->fdname)
2777 return s->fdname;
2778
2779 return UNIT(s)->id;
2780 }
2781
2782 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2783 [SOCKET_EXEC_START_PRE] = "StartPre",
2784 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2785 [SOCKET_EXEC_START_POST] = "StartPost",
2786 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2787 [SOCKET_EXEC_STOP_POST] = "StopPost"
2788 };
2789
2790 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2791
2792 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2793 [SOCKET_SUCCESS] = "success",
2794 [SOCKET_FAILURE_RESOURCES] = "resources",
2795 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2796 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2797 [SOCKET_FAILURE_SIGNAL] = "signal",
2798 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2799 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2800 };
2801
2802 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2803
2804 const UnitVTable socket_vtable = {
2805 .object_size = sizeof(Socket),
2806 .exec_context_offset = offsetof(Socket, exec_context),
2807 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2808 .kill_context_offset = offsetof(Socket, kill_context),
2809 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2810
2811 .sections =
2812 "Unit\0"
2813 "Socket\0"
2814 "Install\0",
2815 .private_section = "Socket",
2816
2817 .init = socket_init,
2818 .done = socket_done,
2819 .load = socket_load,
2820
2821 .coldplug = socket_coldplug,
2822
2823 .dump = socket_dump,
2824
2825 .start = socket_start,
2826 .stop = socket_stop,
2827
2828 .kill = socket_kill,
2829
2830 .get_timeout = socket_get_timeout,
2831
2832 .serialize = socket_serialize,
2833 .deserialize_item = socket_deserialize_item,
2834 .distribute_fds = socket_distribute_fds,
2835
2836 .active_state = socket_active_state,
2837 .sub_state_to_string = socket_sub_state_to_string,
2838
2839 .check_gc = socket_check_gc,
2840
2841 .sigchld_event = socket_sigchld_event,
2842
2843 .trigger_notify = socket_trigger_notify,
2844
2845 .reset_failed = socket_reset_failed,
2846
2847 .bus_vtable = bus_socket_vtable,
2848 .bus_set_property = bus_socket_set_property,
2849 .bus_commit_properties = bus_socket_commit_properties,
2850
2851 .status_message_formats = {
2852 /*.starting_stopping = {
2853 [0] = "Starting socket %s...",
2854 [1] = "Stopping socket %s...",
2855 },*/
2856 .finished_start_job = {
2857 [JOB_DONE] = "Listening on %s.",
2858 [JOB_FAILED] = "Failed to listen on %s.",
2859 [JOB_TIMEOUT] = "Timed out starting %s.",
2860 },
2861 .finished_stop_job = {
2862 [JOB_DONE] = "Closed %s.",
2863 [JOB_FAILED] = "Failed stopping %s.",
2864 [JOB_TIMEOUT] = "Timed out stopping %s.",
2865 },
2866 },
2867 };
Unnamed repository; edit this file 'description' to name the repository.