]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
util: split out signal-util.[ch] from util.[ch]
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/stat.h>
23 #include <unistd.h>
24 #include <errno.h>
25 #include <fcntl.h>
26 #include <sys/epoll.h>
27 #include <signal.h>
28 #include <arpa/inet.h>
29 #include <netinet/tcp.h>
30 #include <mqueue.h>
31
32 #include "sd-event.h"
33 #include "log.h"
34 #include "strv.h"
35 #include "mkdir.h"
36 #include "path-util.h"
37 #include "unit-name.h"
38 #include "unit-printf.h"
39 #include "missing.h"
40 #include "special.h"
41 #include "label.h"
42 #include "exit-status.h"
43 #include "def.h"
44 #include "smack-util.h"
45 #include "bus-util.h"
46 #include "bus-error.h"
47 #include "selinux-util.h"
48 #include "dbus-socket.h"
49 #include "unit.h"
50 #include "formats-util.h"
51 #include "signal-util.h"
52 #include "socket.h"
53
54 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
55 [SOCKET_DEAD] = UNIT_INACTIVE,
56 [SOCKET_START_PRE] = UNIT_ACTIVATING,
57 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
58 [SOCKET_START_POST] = UNIT_ACTIVATING,
59 [SOCKET_LISTENING] = UNIT_ACTIVE,
60 [SOCKET_RUNNING] = UNIT_ACTIVE,
61 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
62 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
65 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
66 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
67 [SOCKET_FAILED] = UNIT_FAILED
68 };
69
70 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
71 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
72
73 static void socket_init(Unit *u) {
74 Socket *s = SOCKET(u);
75
76 assert(u);
77 assert(u->load_state == UNIT_STUB);
78
79 s->backlog = SOMAXCONN;
80 s->timeout_usec = u->manager->default_timeout_start_usec;
81 s->directory_mode = 0755;
82 s->socket_mode = 0666;
83
84 s->max_connections = 64;
85
86 s->priority = -1;
87 s->ip_tos = -1;
88 s->ip_ttl = -1;
89 s->mark = -1;
90
91 s->exec_context.std_output = u->manager->default_std_output;
92 s->exec_context.std_error = u->manager->default_std_error;
93
94 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
95 }
96
97 static void socket_unwatch_control_pid(Socket *s) {
98 assert(s);
99
100 if (s->control_pid <= 0)
101 return;
102
103 unit_unwatch_pid(UNIT(s), s->control_pid);
104 s->control_pid = 0;
105 }
106
107 void socket_free_ports(Socket *s) {
108 SocketPort *p;
109
110 assert(s);
111
112 while ((p = s->ports)) {
113 LIST_REMOVE(port, s->ports, p);
114
115 sd_event_source_unref(p->event_source);
116
117 safe_close(p->fd);
118 free(p->path);
119 free(p);
120 }
121 }
122
123 static void socket_done(Unit *u) {
124 Socket *s = SOCKET(u);
125
126 assert(s);
127
128 socket_free_ports(s);
129
130 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
131 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
132 s->control_command = NULL;
133
134 socket_unwatch_control_pid(s);
135
136 unit_ref_unset(&s->service);
137
138 free(s->tcp_congestion);
139 s->tcp_congestion = NULL;
140
141 free(s->bind_to_device);
142 s->bind_to_device = NULL;
143
144 free(s->smack);
145 free(s->smack_ip_in);
146 free(s->smack_ip_out);
147
148 strv_free(s->symlinks);
149
150 free(s->user);
151 free(s->group);
152
153 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
154 }
155
156 static int socket_arm_timer(Socket *s) {
157 int r;
158
159 assert(s);
160
161 if (s->timeout_usec <= 0) {
162 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
163 return 0;
164 }
165
166 if (s->timer_event_source) {
167 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
168 if (r < 0)
169 return r;
170
171 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
172 }
173
174 r = sd_event_add_time(
175 UNIT(s)->manager->event,
176 &s->timer_event_source,
177 CLOCK_MONOTONIC,
178 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
179 socket_dispatch_timer, s);
180 if (r < 0)
181 return r;
182
183 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
184
185 return 0;
186 }
187
188 int socket_instantiate_service(Socket *s) {
189 _cleanup_free_ char *prefix = NULL, *name = NULL;
190 int r;
191 Unit *u;
192
193 assert(s);
194
195 /* This fills in s->service if it isn't filled in yet. For
196 * Accept=yes sockets we create the next connection service
197 * here. For Accept=no this is mostly a NOP since the service
198 * is figured out at load time anyway. */
199
200 if (UNIT_DEREF(s->service))
201 return 0;
202
203 if (!s->accept)
204 return 0;
205
206 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
207 if (r < 0)
208 return r;
209
210 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
211 return -ENOMEM;
212
213 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
214 if (r < 0)
215 return r;
216
217 u->no_gc = true;
218 unit_ref_set(&s->service, u);
219
220 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
221 }
222
223 static bool have_non_accept_socket(Socket *s) {
224 SocketPort *p;
225
226 assert(s);
227
228 if (!s->accept)
229 return true;
230
231 LIST_FOREACH(port, p, s->ports) {
232
233 if (p->type != SOCKET_SOCKET)
234 return true;
235
236 if (!socket_address_can_accept(&p->address))
237 return true;
238 }
239
240 return false;
241 }
242
243 static int socket_add_mount_links(Socket *s) {
244 SocketPort *p;
245 int r;
246
247 assert(s);
248
249 LIST_FOREACH(port, p, s->ports) {
250 const char *path = NULL;
251
252 if (p->type == SOCKET_SOCKET)
253 path = socket_address_get_path(&p->address);
254 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
255 path = p->path;
256
257 if (!path)
258 continue;
259
260 r = unit_require_mounts_for(UNIT(s), path);
261 if (r < 0)
262 return r;
263 }
264
265 return 0;
266 }
267
268 static int socket_add_device_link(Socket *s) {
269 char *t;
270
271 assert(s);
272
273 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
274 return 0;
275
276 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
277 return unit_add_node_link(UNIT(s), t, false);
278 }
279
280 static int socket_add_default_dependencies(Socket *s) {
281 int r;
282 assert(s);
283
284 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
285 if (r < 0)
286 return r;
287
288 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
289 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
290 if (r < 0)
291 return r;
292 }
293
294 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
295 }
296
297 _pure_ static bool socket_has_exec(Socket *s) {
298 unsigned i;
299 assert(s);
300
301 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
302 if (s->exec_command[i])
303 return true;
304
305 return false;
306 }
307
308 static int socket_add_extras(Socket *s) {
309 Unit *u = UNIT(s);
310 int r;
311
312 assert(s);
313
314 if (have_non_accept_socket(s)) {
315
316 if (!UNIT_DEREF(s->service)) {
317 Unit *x;
318
319 r = unit_load_related_unit(u, ".service", &x);
320 if (r < 0)
321 return r;
322
323 unit_ref_set(&s->service, x);
324 }
325
326 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
327 if (r < 0)
328 return r;
329 }
330
331 r = socket_add_mount_links(s);
332 if (r < 0)
333 return r;
334
335 r = socket_add_device_link(s);
336 if (r < 0)
337 return r;
338
339 r = unit_patch_contexts(u);
340 if (r < 0)
341 return r;
342
343 if (socket_has_exec(s)) {
344 r = unit_add_exec_dependencies(u, &s->exec_context);
345 if (r < 0)
346 return r;
347
348 r = unit_add_default_slice(u, &s->cgroup_context);
349 if (r < 0)
350 return r;
351 }
352
353 if (u->default_dependencies) {
354 r = socket_add_default_dependencies(s);
355 if (r < 0)
356 return r;
357 }
358
359 return 0;
360 }
361
362 static const char *socket_find_symlink_target(Socket *s) {
363 const char *found = NULL;
364 SocketPort *p;
365
366 LIST_FOREACH(port, p, s->ports) {
367 const char *f = NULL;
368
369 switch (p->type) {
370
371 case SOCKET_FIFO:
372 f = p->path;
373 break;
374
375 case SOCKET_SOCKET:
376 if (p->address.sockaddr.un.sun_path[0] != 0)
377 f = p->address.sockaddr.un.sun_path;
378 break;
379
380 default:
381 break;
382 }
383
384 if (f) {
385 if (found)
386 return NULL;
387
388 found = f;
389 }
390 }
391
392 return found;
393 }
394
395 static int socket_verify(Socket *s) {
396 assert(s);
397
398 if (UNIT(s)->load_state != UNIT_LOADED)
399 return 0;
400
401 if (!s->ports) {
402 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
403 return -EINVAL;
404 }
405
406 if (s->accept && have_non_accept_socket(s)) {
407 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
408 return -EINVAL;
409 }
410
411 if (s->accept && s->max_connections <= 0) {
412 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
413 return -EINVAL;
414 }
415
416 if (s->accept && UNIT_DEREF(s->service)) {
417 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
418 return -EINVAL;
419 }
420
421 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
422 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
423 return -EINVAL;
424 }
425
426 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
427 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
428 return -EINVAL;
429 }
430
431 return 0;
432 }
433
434 static int socket_load(Unit *u) {
435 Socket *s = SOCKET(u);
436 int r;
437
438 assert(u);
439 assert(u->load_state == UNIT_STUB);
440
441 r = unit_load_fragment_and_dropin(u);
442 if (r < 0)
443 return r;
444
445 if (u->load_state == UNIT_LOADED) {
446 /* This is a new unit? Then let's add in some extras */
447 r = socket_add_extras(s);
448 if (r < 0)
449 return r;
450 }
451
452 return socket_verify(s);
453 }
454
455 _const_ static const char* listen_lookup(int family, int type) {
456
457 if (family == AF_NETLINK)
458 return "ListenNetlink";
459
460 if (type == SOCK_STREAM)
461 return "ListenStream";
462 else if (type == SOCK_DGRAM)
463 return "ListenDatagram";
464 else if (type == SOCK_SEQPACKET)
465 return "ListenSequentialPacket";
466
467 assert_not_reached("Unknown socket type");
468 return NULL;
469 }
470
471 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
472 char time_string[FORMAT_TIMESPAN_MAX];
473 SocketExecCommand c;
474 Socket *s = SOCKET(u);
475 SocketPort *p;
476 const char *prefix2;
477
478 assert(s);
479 assert(f);
480
481 prefix = strempty(prefix);
482 prefix2 = strjoina(prefix, "\t");
483
484 fprintf(f,
485 "%sSocket State: %s\n"
486 "%sResult: %s\n"
487 "%sBindIPv6Only: %s\n"
488 "%sBacklog: %u\n"
489 "%sSocketMode: %04o\n"
490 "%sDirectoryMode: %04o\n"
491 "%sKeepAlive: %s\n"
492 "%sNoDelay: %s\n"
493 "%sFreeBind: %s\n"
494 "%sTransparent: %s\n"
495 "%sBroadcast: %s\n"
496 "%sPassCredentials: %s\n"
497 "%sPassSecurity: %s\n"
498 "%sTCPCongestion: %s\n"
499 "%sRemoveOnStop: %s\n"
500 "%sSELinuxContextFromNet: %s\n",
501 prefix, socket_state_to_string(s->state),
502 prefix, socket_result_to_string(s->result),
503 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
504 prefix, s->backlog,
505 prefix, s->socket_mode,
506 prefix, s->directory_mode,
507 prefix, yes_no(s->keep_alive),
508 prefix, yes_no(s->no_delay),
509 prefix, yes_no(s->free_bind),
510 prefix, yes_no(s->transparent),
511 prefix, yes_no(s->broadcast),
512 prefix, yes_no(s->pass_cred),
513 prefix, yes_no(s->pass_sec),
514 prefix, strna(s->tcp_congestion),
515 prefix, yes_no(s->remove_on_stop),
516 prefix, yes_no(s->selinux_context_from_net));
517
518 if (s->control_pid > 0)
519 fprintf(f,
520 "%sControl PID: "PID_FMT"\n",
521 prefix, s->control_pid);
522
523 if (s->bind_to_device)
524 fprintf(f,
525 "%sBindToDevice: %s\n",
526 prefix, s->bind_to_device);
527
528 if (s->accept)
529 fprintf(f,
530 "%sAccepted: %u\n"
531 "%sNConnections: %u\n"
532 "%sMaxConnections: %u\n",
533 prefix, s->n_accepted,
534 prefix, s->n_connections,
535 prefix, s->max_connections);
536
537 if (s->priority >= 0)
538 fprintf(f,
539 "%sPriority: %i\n",
540 prefix, s->priority);
541
542 if (s->receive_buffer > 0)
543 fprintf(f,
544 "%sReceiveBuffer: %zu\n",
545 prefix, s->receive_buffer);
546
547 if (s->send_buffer > 0)
548 fprintf(f,
549 "%sSendBuffer: %zu\n",
550 prefix, s->send_buffer);
551
552 if (s->ip_tos >= 0)
553 fprintf(f,
554 "%sIPTOS: %i\n",
555 prefix, s->ip_tos);
556
557 if (s->ip_ttl >= 0)
558 fprintf(f,
559 "%sIPTTL: %i\n",
560 prefix, s->ip_ttl);
561
562 if (s->pipe_size > 0)
563 fprintf(f,
564 "%sPipeSize: %zu\n",
565 prefix, s->pipe_size);
566
567 if (s->mark >= 0)
568 fprintf(f,
569 "%sMark: %i\n",
570 prefix, s->mark);
571
572 if (s->mq_maxmsg > 0)
573 fprintf(f,
574 "%sMessageQueueMaxMessages: %li\n",
575 prefix, s->mq_maxmsg);
576
577 if (s->mq_msgsize > 0)
578 fprintf(f,
579 "%sMessageQueueMessageSize: %li\n",
580 prefix, s->mq_msgsize);
581
582 if (s->reuse_port)
583 fprintf(f,
584 "%sReusePort: %s\n",
585 prefix, yes_no(s->reuse_port));
586
587 if (s->smack)
588 fprintf(f,
589 "%sSmackLabel: %s\n",
590 prefix, s->smack);
591
592 if (s->smack_ip_in)
593 fprintf(f,
594 "%sSmackLabelIPIn: %s\n",
595 prefix, s->smack_ip_in);
596
597 if (s->smack_ip_out)
598 fprintf(f,
599 "%sSmackLabelIPOut: %s\n",
600 prefix, s->smack_ip_out);
601
602 if (!isempty(s->user) || !isempty(s->group))
603 fprintf(f,
604 "%sOwnerUser: %s\n"
605 "%sOwnerGroup: %s\n",
606 prefix, strna(s->user),
607 prefix, strna(s->group));
608
609 if (s->keep_alive_time > 0)
610 fprintf(f,
611 "%sKeepAliveTimeSec: %s\n",
612 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
613
614 if (s->keep_alive_interval)
615 fprintf(f,
616 "%sKeepAliveIntervalSec: %s\n",
617 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
618
619 if (s->keep_alive_cnt)
620 fprintf(f,
621 "%sKeepAliveProbes: %u\n",
622 prefix, s->keep_alive_cnt);
623
624 if (s->defer_accept)
625 fprintf(f,
626 "%sDeferAcceptSec: %s\n",
627 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
628
629 LIST_FOREACH(port, p, s->ports) {
630
631 if (p->type == SOCKET_SOCKET) {
632 const char *t;
633 int r;
634 char *k = NULL;
635
636 if ((r = socket_address_print(&p->address, &k)) < 0)
637 t = strerror(-r);
638 else
639 t = k;
640
641 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
642 free(k);
643 } else if (p->type == SOCKET_SPECIAL)
644 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
645 else if (p->type == SOCKET_MQUEUE)
646 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
647 else
648 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
649 }
650
651 exec_context_dump(&s->exec_context, f, prefix);
652 kill_context_dump(&s->kill_context, f, prefix);
653
654 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
655 if (!s->exec_command[c])
656 continue;
657
658 fprintf(f, "%s-> %s:\n",
659 prefix, socket_exec_command_to_string(c));
660
661 exec_command_dump_list(s->exec_command[c], f, prefix2);
662 }
663 }
664
665 static int instance_from_socket(int fd, unsigned nr, char **instance) {
666 socklen_t l;
667 char *r;
668 union sockaddr_union local, remote;
669
670 assert(fd >= 0);
671 assert(instance);
672
673 l = sizeof(local);
674 if (getsockname(fd, &local.sa, &l) < 0)
675 return -errno;
676
677 l = sizeof(remote);
678 if (getpeername(fd, &remote.sa, &l) < 0)
679 return -errno;
680
681 switch (local.sa.sa_family) {
682
683 case AF_INET: {
684 uint32_t
685 a = ntohl(local.in.sin_addr.s_addr),
686 b = ntohl(remote.in.sin_addr.s_addr);
687
688 if (asprintf(&r,
689 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
690 nr,
691 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
692 ntohs(local.in.sin_port),
693 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
694 ntohs(remote.in.sin_port)) < 0)
695 return -ENOMEM;
696
697 break;
698 }
699
700 case AF_INET6: {
701 static const unsigned char ipv4_prefix[] = {
702 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
703 };
704
705 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
706 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
707 const uint8_t
708 *a = local.in6.sin6_addr.s6_addr+12,
709 *b = remote.in6.sin6_addr.s6_addr+12;
710
711 if (asprintf(&r,
712 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
713 nr,
714 a[0], a[1], a[2], a[3],
715 ntohs(local.in6.sin6_port),
716 b[0], b[1], b[2], b[3],
717 ntohs(remote.in6.sin6_port)) < 0)
718 return -ENOMEM;
719 } else {
720 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
721
722 if (asprintf(&r,
723 "%u-%s:%u-%s:%u",
724 nr,
725 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
726 ntohs(local.in6.sin6_port),
727 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
728 ntohs(remote.in6.sin6_port)) < 0)
729 return -ENOMEM;
730 }
731
732 break;
733 }
734
735 case AF_UNIX: {
736 struct ucred ucred;
737 int k;
738
739 k = getpeercred(fd, &ucred);
740 if (k >= 0) {
741 if (asprintf(&r,
742 "%u-"PID_FMT"-"UID_FMT,
743 nr, ucred.pid, ucred.uid) < 0)
744 return -ENOMEM;
745 } else if (k == -ENODATA) {
746 /* This handles the case where somebody is
747 * connecting from another pid/uid namespace
748 * (e.g. from outside of our container). */
749 if (asprintf(&r,
750 "%u-unknown",
751 nr) < 0)
752 return -ENOMEM;
753 } else
754 return k;
755
756 break;
757 }
758
759 default:
760 assert_not_reached("Unhandled socket type.");
761 }
762
763 *instance = r;
764 return 0;
765 }
766
767 static void socket_close_fds(Socket *s) {
768 SocketPort *p;
769 char **i;
770
771 assert(s);
772
773 LIST_FOREACH(port, p, s->ports) {
774
775 p->event_source = sd_event_source_unref(p->event_source);
776
777 if (p->fd < 0)
778 continue;
779
780 p->fd = safe_close(p->fd);
781
782 /* One little note: we should normally not delete any
783 * sockets in the file system here! After all some
784 * other process we spawned might still have a
785 * reference of this fd and wants to continue to use
786 * it. Therefore we delete sockets in the file system
787 * before we create a new one, not after we stopped
788 * using one! */
789
790 if (s->remove_on_stop) {
791 switch (p->type) {
792
793 case SOCKET_FIFO:
794 unlink(p->path);
795 break;
796
797 case SOCKET_MQUEUE:
798 mq_unlink(p->path);
799 break;
800
801 case SOCKET_SOCKET:
802 socket_address_unlink(&p->address);
803 break;
804
805 default:
806 break;
807 }
808 }
809 }
810
811 if (s->remove_on_stop)
812 STRV_FOREACH(i, s->symlinks)
813 unlink(*i);
814 }
815
816 static void socket_apply_socket_options(Socket *s, int fd) {
817 int r;
818
819 assert(s);
820 assert(fd >= 0);
821
822 if (s->keep_alive) {
823 int b = s->keep_alive;
824 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
825 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
826 }
827
828 if (s->keep_alive_time) {
829 int value = s->keep_alive_time / USEC_PER_SEC;
830 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
831 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
832 }
833
834 if (s->keep_alive_interval) {
835 int value = s->keep_alive_interval / USEC_PER_SEC;
836 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
837 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
838 }
839
840 if (s->keep_alive_cnt) {
841 int value = s->keep_alive_cnt;
842 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
843 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
844 }
845
846 if (s->defer_accept) {
847 int value = s->defer_accept / USEC_PER_SEC;
848 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
849 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
850 }
851
852 if (s->no_delay) {
853 int b = s->no_delay;
854 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
855 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
856 }
857
858 if (s->broadcast) {
859 int one = 1;
860 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
861 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
862 }
863
864 if (s->pass_cred) {
865 int one = 1;
866 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
867 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
868 }
869
870 if (s->pass_sec) {
871 int one = 1;
872 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
873 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
874 }
875
876 if (s->priority >= 0)
877 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
878 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
879
880 if (s->receive_buffer > 0) {
881 int value = (int) s->receive_buffer;
882
883 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
884
885 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
886 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
887 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
888 }
889
890 if (s->send_buffer > 0) {
891 int value = (int) s->send_buffer;
892 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
893 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
894 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
895 }
896
897 if (s->mark >= 0)
898 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
899 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
900
901 if (s->ip_tos >= 0)
902 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
903 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
904
905 if (s->ip_ttl >= 0) {
906 int x;
907
908 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
909
910 if (socket_ipv6_is_supported())
911 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
912 else {
913 x = -1;
914 errno = EAFNOSUPPORT;
915 }
916
917 if (r < 0 && x < 0)
918 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
919 }
920
921 if (s->tcp_congestion)
922 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
923 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
924
925 if (s->reuse_port) {
926 int b = s->reuse_port;
927 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
928 log_unit_warning_errno(UNIT(s), errno, "SO_REUSEPORT failed: %m");
929 }
930
931 if (s->smack_ip_in) {
932 r = mac_smack_apply_ip_in_fd(fd, s->smack_ip_in);
933 if (r < 0)
934 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
935 }
936
937 if (s->smack_ip_out) {
938 r = mac_smack_apply_ip_out_fd(fd, s->smack_ip_out);
939 if (r < 0)
940 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
941 }
942 }
943
944 static void socket_apply_fifo_options(Socket *s, int fd) {
945 int r;
946
947 assert(s);
948 assert(fd >= 0);
949
950 if (s->pipe_size > 0)
951 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
952 log_unit_warning_errno(UNIT(s), errno, "F_SETPIPE_SZ: %m");
953
954 if (s->smack) {
955 r = mac_smack_apply_fd(fd, s->smack);
956 if (r < 0)
957 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_fd: %m");
958 }
959 }
960
961 static int fifo_address_create(
962 const char *path,
963 mode_t directory_mode,
964 mode_t socket_mode,
965 int *_fd) {
966
967 int fd = -1, r = 0;
968 struct stat st;
969 mode_t old_mask;
970
971 assert(path);
972 assert(_fd);
973
974 mkdir_parents_label(path, directory_mode);
975
976 r = mac_selinux_create_file_prepare(path, S_IFIFO);
977 if (r < 0)
978 goto fail;
979
980 /* Enforce the right access mode for the fifo */
981 old_mask = umask(~ socket_mode);
982
983 /* Include the original umask in our mask */
984 umask(~socket_mode | old_mask);
985
986 r = mkfifo(path, socket_mode);
987 umask(old_mask);
988
989 if (r < 0 && errno != EEXIST) {
990 r = -errno;
991 goto fail;
992 }
993
994 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
995 r = -errno;
996 goto fail;
997 }
998
999 mac_selinux_create_file_clear();
1000
1001 if (fstat(fd, &st) < 0) {
1002 r = -errno;
1003 goto fail;
1004 }
1005
1006 if (!S_ISFIFO(st.st_mode) ||
1007 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1008 st.st_uid != getuid() ||
1009 st.st_gid != getgid()) {
1010
1011 r = -EEXIST;
1012 goto fail;
1013 }
1014
1015 *_fd = fd;
1016 return 0;
1017
1018 fail:
1019 mac_selinux_create_file_clear();
1020 safe_close(fd);
1021
1022 return r;
1023 }
1024
1025 static int special_address_create(
1026 const char *path,
1027 int *_fd) {
1028
1029 int fd = -1, r = 0;
1030 struct stat st;
1031
1032 assert(path);
1033 assert(_fd);
1034
1035 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1036 if (fd < 0) {
1037 r = -errno;
1038 goto fail;
1039 }
1040
1041 if (fstat(fd, &st) < 0) {
1042 r = -errno;
1043 goto fail;
1044 }
1045
1046 /* Check whether this is a /proc, /sys or /dev file or char device */
1047 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1048 r = -EEXIST;
1049 goto fail;
1050 }
1051
1052 *_fd = fd;
1053 return 0;
1054
1055 fail:
1056 safe_close(fd);
1057
1058 return r;
1059 }
1060
1061 static int mq_address_create(
1062 const char *path,
1063 mode_t mq_mode,
1064 long maxmsg,
1065 long msgsize,
1066 int *_fd) {
1067
1068 int fd = -1, r = 0;
1069 struct stat st;
1070 mode_t old_mask;
1071 struct mq_attr _attr, *attr = NULL;
1072
1073 assert(path);
1074 assert(_fd);
1075
1076 if (maxmsg > 0 && msgsize > 0) {
1077 zero(_attr);
1078 _attr.mq_flags = O_NONBLOCK;
1079 _attr.mq_maxmsg = maxmsg;
1080 _attr.mq_msgsize = msgsize;
1081 attr = &_attr;
1082 }
1083
1084 /* Enforce the right access mode for the mq */
1085 old_mask = umask(~ mq_mode);
1086
1087 /* Include the original umask in our mask */
1088 umask(~mq_mode | old_mask);
1089 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1090 umask(old_mask);
1091
1092 if (fd < 0) {
1093 r = -errno;
1094 goto fail;
1095 }
1096
1097 if (fstat(fd, &st) < 0) {
1098 r = -errno;
1099 goto fail;
1100 }
1101
1102 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1103 st.st_uid != getuid() ||
1104 st.st_gid != getgid()) {
1105
1106 r = -EEXIST;
1107 goto fail;
1108 }
1109
1110 *_fd = fd;
1111 return 0;
1112
1113 fail:
1114 safe_close(fd);
1115 return r;
1116 }
1117
1118 static int socket_symlink(Socket *s) {
1119 const char *p;
1120 char **i;
1121
1122 assert(s);
1123
1124 p = socket_find_symlink_target(s);
1125 if (!p)
1126 return 0;
1127
1128 STRV_FOREACH(i, s->symlinks)
1129 symlink_label(p, *i);
1130
1131 return 0;
1132 }
1133
1134 static int socket_open_fds(Socket *s) {
1135 SocketPort *p;
1136 int r;
1137 char *label = NULL;
1138 bool know_label = false;
1139
1140 assert(s);
1141
1142 LIST_FOREACH(port, p, s->ports) {
1143
1144 if (p->fd >= 0)
1145 continue;
1146
1147 if (p->type == SOCKET_SOCKET) {
1148
1149 if (!know_label) {
1150 /* Figure out label, if we don't it know
1151 * yet. We do it once, for the first
1152 * socket where we need this and
1153 * remember it for the rest. */
1154
1155 if (s->selinux_context_from_net) {
1156 /* Get it from the network label */
1157
1158 r = mac_selinux_get_our_label(&label);
1159 if (r < 0 && r != -EOPNOTSUPP)
1160 goto rollback;
1161
1162 } else {
1163 /* Get it from the executable we are about to start */
1164
1165 r = socket_instantiate_service(s);
1166 if (r < 0)
1167 goto rollback;
1168
1169 if (UNIT_ISSET(s->service) &&
1170 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1171 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1172 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1173 goto rollback;
1174 }
1175 }
1176
1177 know_label = true;
1178 }
1179
1180 r = socket_address_listen(
1181 &p->address,
1182 SOCK_CLOEXEC|SOCK_NONBLOCK,
1183 s->backlog,
1184 s->bind_ipv6_only,
1185 s->bind_to_device,
1186 s->free_bind,
1187 s->transparent,
1188 s->directory_mode,
1189 s->socket_mode,
1190 label);
1191 if (r < 0)
1192 goto rollback;
1193
1194 p->fd = r;
1195 socket_apply_socket_options(s, p->fd);
1196 socket_symlink(s);
1197
1198 } else if (p->type == SOCKET_SPECIAL) {
1199
1200 r = special_address_create(
1201 p->path,
1202 &p->fd);
1203 if (r < 0)
1204 goto rollback;
1205
1206 } else if (p->type == SOCKET_FIFO) {
1207
1208 r = fifo_address_create(
1209 p->path,
1210 s->directory_mode,
1211 s->socket_mode,
1212 &p->fd);
1213 if (r < 0)
1214 goto rollback;
1215
1216 socket_apply_fifo_options(s, p->fd);
1217 socket_symlink(s);
1218
1219 } else if (p->type == SOCKET_MQUEUE) {
1220
1221 r = mq_address_create(
1222 p->path,
1223 s->socket_mode,
1224 s->mq_maxmsg,
1225 s->mq_msgsize,
1226 &p->fd);
1227 if (r < 0)
1228 goto rollback;
1229 } else
1230 assert_not_reached("Unknown port type");
1231 }
1232
1233 mac_selinux_free(label);
1234 return 0;
1235
1236 rollback:
1237 socket_close_fds(s);
1238 mac_selinux_free(label);
1239
1240 return r;
1241 }
1242
1243 static void socket_unwatch_fds(Socket *s) {
1244 SocketPort *p;
1245 int r;
1246
1247 assert(s);
1248
1249 LIST_FOREACH(port, p, s->ports) {
1250 if (p->fd < 0)
1251 continue;
1252
1253 if (!p->event_source)
1254 continue;
1255
1256 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1257 if (r < 0)
1258 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
1259 }
1260 }
1261
1262 static int socket_watch_fds(Socket *s) {
1263 SocketPort *p;
1264 int r;
1265
1266 assert(s);
1267
1268 LIST_FOREACH(port, p, s->ports) {
1269 if (p->fd < 0)
1270 continue;
1271
1272 if (p->event_source) {
1273 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1274 if (r < 0)
1275 goto fail;
1276 } else {
1277 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1278 if (r < 0)
1279 goto fail;
1280
1281 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1282 }
1283 }
1284
1285 return 0;
1286
1287 fail:
1288 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
1289 socket_unwatch_fds(s);
1290 return r;
1291 }
1292
1293 static void socket_set_state(Socket *s, SocketState state) {
1294 SocketState old_state;
1295 assert(s);
1296
1297 old_state = s->state;
1298 s->state = state;
1299
1300 if (!IN_SET(state,
1301 SOCKET_START_PRE,
1302 SOCKET_START_CHOWN,
1303 SOCKET_START_POST,
1304 SOCKET_STOP_PRE,
1305 SOCKET_STOP_PRE_SIGTERM,
1306 SOCKET_STOP_PRE_SIGKILL,
1307 SOCKET_STOP_POST,
1308 SOCKET_FINAL_SIGTERM,
1309 SOCKET_FINAL_SIGKILL)) {
1310
1311 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1312 socket_unwatch_control_pid(s);
1313 s->control_command = NULL;
1314 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1315 }
1316
1317 if (state != SOCKET_LISTENING)
1318 socket_unwatch_fds(s);
1319
1320 if (!IN_SET(state,
1321 SOCKET_START_CHOWN,
1322 SOCKET_START_POST,
1323 SOCKET_LISTENING,
1324 SOCKET_RUNNING,
1325 SOCKET_STOP_PRE,
1326 SOCKET_STOP_PRE_SIGTERM,
1327 SOCKET_STOP_PRE_SIGKILL))
1328 socket_close_fds(s);
1329
1330 if (state != old_state)
1331 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
1332
1333 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1334 }
1335
1336 static int socket_coldplug(Unit *u) {
1337 Socket *s = SOCKET(u);
1338 int r;
1339
1340 assert(s);
1341 assert(s->state == SOCKET_DEAD);
1342
1343 if (s->deserialized_state == s->state)
1344 return 0;
1345
1346 if (IN_SET(s->deserialized_state,
1347 SOCKET_START_PRE,
1348 SOCKET_START_CHOWN,
1349 SOCKET_START_POST,
1350 SOCKET_STOP_PRE,
1351 SOCKET_STOP_PRE_SIGTERM,
1352 SOCKET_STOP_PRE_SIGKILL,
1353 SOCKET_STOP_POST,
1354 SOCKET_FINAL_SIGTERM,
1355 SOCKET_FINAL_SIGKILL)) {
1356
1357 if (s->control_pid <= 0)
1358 return -EBADMSG;
1359
1360 r = unit_watch_pid(UNIT(s), s->control_pid);
1361 if (r < 0)
1362 return r;
1363
1364 r = socket_arm_timer(s);
1365 if (r < 0)
1366 return r;
1367 }
1368
1369 if (IN_SET(s->deserialized_state,
1370 SOCKET_START_CHOWN,
1371 SOCKET_START_POST,
1372 SOCKET_LISTENING,
1373 SOCKET_RUNNING,
1374 SOCKET_STOP_PRE,
1375 SOCKET_STOP_PRE_SIGTERM,
1376 SOCKET_STOP_PRE_SIGKILL)) {
1377 r = socket_open_fds(s);
1378 if (r < 0)
1379 return r;
1380 }
1381
1382 if (s->deserialized_state == SOCKET_LISTENING) {
1383 r = socket_watch_fds(s);
1384 if (r < 0)
1385 return r;
1386 }
1387
1388 socket_set_state(s, s->deserialized_state);
1389 return 0;
1390 }
1391
1392 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1393 _cleanup_free_ char **argv = NULL;
1394 pid_t pid;
1395 int r;
1396 ExecParameters exec_params = {
1397 .apply_permissions = true,
1398 .apply_chroot = true,
1399 .apply_tty_stdin = true,
1400 .bus_endpoint_fd = -1,
1401 };
1402
1403 assert(s);
1404 assert(c);
1405 assert(_pid);
1406
1407 (void) unit_realize_cgroup(UNIT(s));
1408 if (s->reset_cpu_usage) {
1409 (void) unit_reset_cpu_usage(UNIT(s));
1410 s->reset_cpu_usage = false;
1411 }
1412
1413 r = unit_setup_exec_runtime(UNIT(s));
1414 if (r < 0)
1415 goto fail;
1416
1417 r = socket_arm_timer(s);
1418 if (r < 0)
1419 goto fail;
1420
1421 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1422 if (r < 0)
1423 goto fail;
1424
1425 exec_params.argv = argv;
1426 exec_params.environment = UNIT(s)->manager->environment;
1427 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1428 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1429 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1430 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1431 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1432
1433 r = exec_spawn(UNIT(s),
1434 c,
1435 &s->exec_context,
1436 &exec_params,
1437 s->exec_runtime,
1438 &pid);
1439 if (r < 0)
1440 goto fail;
1441
1442 r = unit_watch_pid(UNIT(s), pid);
1443 if (r < 0)
1444 /* FIXME: we need to do something here */
1445 goto fail;
1446
1447 *_pid = pid;
1448 return 0;
1449
1450 fail:
1451 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1452 return r;
1453 }
1454
1455 static int socket_chown(Socket *s, pid_t *_pid) {
1456 pid_t pid;
1457 int r;
1458
1459 r = socket_arm_timer(s);
1460 if (r < 0)
1461 goto fail;
1462
1463 /* We have to resolve the user names out-of-process, hence
1464 * let's fork here. It's messy, but well, what can we do? */
1465
1466 pid = fork();
1467 if (pid < 0)
1468 return -errno;
1469
1470 if (pid == 0) {
1471 SocketPort *p;
1472 uid_t uid = UID_INVALID;
1473 gid_t gid = GID_INVALID;
1474 int ret;
1475
1476 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1477 ignore_signals(SIGPIPE, -1);
1478 log_forget_fds();
1479
1480 if (!isempty(s->user)) {
1481 const char *user = s->user;
1482
1483 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1484 if (r < 0) {
1485 ret = EXIT_USER;
1486 goto fail_child;
1487 }
1488 }
1489
1490 if (!isempty(s->group)) {
1491 const char *group = s->group;
1492
1493 r = get_group_creds(&group, &gid);
1494 if (r < 0) {
1495 ret = EXIT_GROUP;
1496 goto fail_child;
1497 }
1498 }
1499
1500 LIST_FOREACH(port, p, s->ports) {
1501 const char *path = NULL;
1502
1503 if (p->type == SOCKET_SOCKET)
1504 path = socket_address_get_path(&p->address);
1505 else if (p->type == SOCKET_FIFO)
1506 path = p->path;
1507
1508 if (!path)
1509 continue;
1510
1511 if (chown(path, uid, gid) < 0) {
1512 r = -errno;
1513 ret = EXIT_CHOWN;
1514 goto fail_child;
1515 }
1516 }
1517
1518 _exit(0);
1519
1520 fail_child:
1521 log_open();
1522 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1523
1524 _exit(ret);
1525 }
1526
1527 r = unit_watch_pid(UNIT(s), pid);
1528 if (r < 0)
1529 goto fail;
1530
1531 *_pid = pid;
1532 return 0;
1533
1534 fail:
1535 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1536 return r;
1537 }
1538
1539 static void socket_enter_dead(Socket *s, SocketResult f) {
1540 assert(s);
1541
1542 if (f != SOCKET_SUCCESS)
1543 s->result = f;
1544
1545 exec_runtime_destroy(s->exec_runtime);
1546 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1547
1548 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1549
1550 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1551 }
1552
1553 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1554
1555 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1556 int r;
1557 assert(s);
1558
1559 if (f != SOCKET_SUCCESS)
1560 s->result = f;
1561
1562 socket_unwatch_control_pid(s);
1563 s->control_command_id = SOCKET_EXEC_STOP_POST;
1564 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1565
1566 if (s->control_command) {
1567 r = socket_spawn(s, s->control_command, &s->control_pid);
1568 if (r < 0)
1569 goto fail;
1570
1571 socket_set_state(s, SOCKET_STOP_POST);
1572 } else
1573 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1574
1575 return;
1576
1577 fail:
1578 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
1579 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1580 }
1581
1582 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1583 int r;
1584
1585 assert(s);
1586
1587 if (f != SOCKET_SUCCESS)
1588 s->result = f;
1589
1590 r = unit_kill_context(
1591 UNIT(s),
1592 &s->kill_context,
1593 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1594 KILL_KILL : KILL_TERMINATE,
1595 -1,
1596 s->control_pid,
1597 false);
1598 if (r < 0)
1599 goto fail;
1600
1601 if (r > 0) {
1602 r = socket_arm_timer(s);
1603 if (r < 0)
1604 goto fail;
1605
1606 socket_set_state(s, state);
1607 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1608 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1609 else if (state == SOCKET_STOP_PRE_SIGKILL)
1610 socket_enter_stop_post(s, SOCKET_SUCCESS);
1611 else if (state == SOCKET_FINAL_SIGTERM)
1612 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1613 else
1614 socket_enter_dead(s, SOCKET_SUCCESS);
1615
1616 return;
1617
1618 fail:
1619 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
1620
1621 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1622 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1623 else
1624 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1625 }
1626
1627 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1628 int r;
1629 assert(s);
1630
1631 if (f != SOCKET_SUCCESS)
1632 s->result = f;
1633
1634 socket_unwatch_control_pid(s);
1635 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1636 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1637
1638 if (s->control_command) {
1639 r = socket_spawn(s, s->control_command, &s->control_pid);
1640 if (r < 0)
1641 goto fail;
1642
1643 socket_set_state(s, SOCKET_STOP_PRE);
1644 } else
1645 socket_enter_stop_post(s, SOCKET_SUCCESS);
1646
1647 return;
1648
1649 fail:
1650 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
1651 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1652 }
1653
1654 static void socket_enter_listening(Socket *s) {
1655 int r;
1656 assert(s);
1657
1658 r = socket_watch_fds(s);
1659 if (r < 0) {
1660 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1661 goto fail;
1662 }
1663
1664 socket_set_state(s, SOCKET_LISTENING);
1665 return;
1666
1667 fail:
1668 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1669 }
1670
1671 static void socket_enter_start_post(Socket *s) {
1672 int r;
1673 assert(s);
1674
1675 socket_unwatch_control_pid(s);
1676 s->control_command_id = SOCKET_EXEC_START_POST;
1677 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1678
1679 if (s->control_command) {
1680 r = socket_spawn(s, s->control_command, &s->control_pid);
1681 if (r < 0) {
1682 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
1683 goto fail;
1684 }
1685
1686 socket_set_state(s, SOCKET_START_POST);
1687 } else
1688 socket_enter_listening(s);
1689
1690 return;
1691
1692 fail:
1693 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1694 }
1695
1696 static void socket_enter_start_chown(Socket *s) {
1697 int r;
1698
1699 assert(s);
1700
1701 r = socket_open_fds(s);
1702 if (r < 0) {
1703 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1704 goto fail;
1705 }
1706
1707 if (!isempty(s->user) || !isempty(s->group)) {
1708
1709 socket_unwatch_control_pid(s);
1710 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1711 s->control_command = NULL;
1712
1713 r = socket_chown(s, &s->control_pid);
1714 if (r < 0) {
1715 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
1716 goto fail;
1717 }
1718
1719 socket_set_state(s, SOCKET_START_CHOWN);
1720 } else
1721 socket_enter_start_post(s);
1722
1723 return;
1724
1725 fail:
1726 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1727 }
1728
1729 static void socket_enter_start_pre(Socket *s) {
1730 int r;
1731 assert(s);
1732
1733 socket_unwatch_control_pid(s);
1734 s->control_command_id = SOCKET_EXEC_START_PRE;
1735 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1736
1737 if (s->control_command) {
1738 r = socket_spawn(s, s->control_command, &s->control_pid);
1739 if (r < 0) {
1740 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
1741 goto fail;
1742 }
1743
1744 socket_set_state(s, SOCKET_START_PRE);
1745 } else
1746 socket_enter_start_chown(s);
1747
1748 return;
1749
1750 fail:
1751 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1752 }
1753
1754 static void socket_enter_running(Socket *s, int cfd) {
1755 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1756 int r;
1757
1758 assert(s);
1759
1760 /* We don't take connections anymore if we are supposed to
1761 * shut down anyway */
1762 if (unit_stop_pending(UNIT(s))) {
1763
1764 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
1765
1766 if (cfd >= 0)
1767 safe_close(cfd);
1768 else {
1769 /* Flush all sockets by closing and reopening them */
1770 socket_close_fds(s);
1771
1772 r = socket_open_fds(s);
1773 if (r < 0) {
1774 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1775 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1776 return;
1777 }
1778
1779 r = socket_watch_fds(s);
1780 if (r < 0) {
1781 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1782 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1783 }
1784 }
1785
1786 return;
1787 }
1788
1789 if (cfd < 0) {
1790 Iterator i;
1791 Unit *other;
1792 bool pending = false;
1793
1794 /* If there's already a start pending don't bother to
1795 * do anything */
1796 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1797 if (unit_active_or_pending(other)) {
1798 pending = true;
1799 break;
1800 }
1801
1802 if (!pending) {
1803 if (!UNIT_ISSET(s->service)) {
1804 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
1805 r = -ENOENT;
1806 goto fail;
1807 }
1808
1809 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1810 if (r < 0)
1811 goto fail;
1812 }
1813
1814 socket_set_state(s, SOCKET_RUNNING);
1815 } else {
1816 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1817 Service *service;
1818
1819 if (s->n_connections >= s->max_connections) {
1820 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
1821 safe_close(cfd);
1822 return;
1823 }
1824
1825 r = socket_instantiate_service(s);
1826 if (r < 0)
1827 goto fail;
1828
1829 r = instance_from_socket(cfd, s->n_accepted, &instance);
1830 if (r < 0) {
1831 if (r != -ENOTCONN)
1832 goto fail;
1833
1834 /* ENOTCONN is legitimate if TCP RST was received.
1835 * This connection is over, but the socket unit lives on. */
1836 safe_close(cfd);
1837 return;
1838 }
1839
1840 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1841 if (r < 0)
1842 goto fail;
1843
1844 r = unit_name_build(prefix, instance, ".service", &name);
1845 if (r < 0)
1846 goto fail;
1847
1848 r = unit_add_name(UNIT_DEREF(s->service), name);
1849 if (r < 0)
1850 goto fail;
1851
1852 service = SERVICE(UNIT_DEREF(s->service));
1853 unit_ref_unset(&s->service);
1854 s->n_accepted ++;
1855
1856 UNIT(service)->no_gc = false;
1857
1858 unit_choose_id(UNIT(service), name);
1859
1860 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1861 if (r < 0)
1862 goto fail;
1863
1864 cfd = -1;
1865 s->n_connections ++;
1866
1867 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1868 if (r < 0)
1869 goto fail;
1870
1871 /* Notify clients about changed counters */
1872 unit_add_to_dbus_queue(UNIT(s));
1873 }
1874
1875 return;
1876
1877 fail:
1878 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1879 cfd >= 0 ? "template" : "non-template",
1880 bus_error_message(&error, r));
1881
1882 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1883 safe_close(cfd);
1884 }
1885
1886 static void socket_run_next(Socket *s) {
1887 int r;
1888
1889 assert(s);
1890 assert(s->control_command);
1891 assert(s->control_command->command_next);
1892
1893 socket_unwatch_control_pid(s);
1894
1895 s->control_command = s->control_command->command_next;
1896
1897 r = socket_spawn(s, s->control_command, &s->control_pid);
1898 if (r < 0)
1899 goto fail;
1900
1901 return;
1902
1903 fail:
1904 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
1905
1906 if (s->state == SOCKET_START_POST)
1907 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1908 else if (s->state == SOCKET_STOP_POST)
1909 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1910 else
1911 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1912 }
1913
1914 static int socket_start(Unit *u) {
1915 Socket *s = SOCKET(u);
1916
1917 assert(s);
1918
1919 /* We cannot fulfill this request right now, try again later
1920 * please! */
1921 if (IN_SET(s->state,
1922 SOCKET_STOP_PRE,
1923 SOCKET_STOP_PRE_SIGKILL,
1924 SOCKET_STOP_PRE_SIGTERM,
1925 SOCKET_STOP_POST,
1926 SOCKET_FINAL_SIGTERM,
1927 SOCKET_FINAL_SIGKILL))
1928 return -EAGAIN;
1929
1930 /* Already on it! */
1931 if (IN_SET(s->state,
1932 SOCKET_START_PRE,
1933 SOCKET_START_CHOWN,
1934 SOCKET_START_POST))
1935 return 0;
1936
1937 /* Cannot run this without the service being around */
1938 if (UNIT_ISSET(s->service)) {
1939 Service *service;
1940
1941 service = SERVICE(UNIT_DEREF(s->service));
1942
1943 if (UNIT(service)->load_state != UNIT_LOADED) {
1944 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1945 return -ENOENT;
1946 }
1947
1948 /* If the service is already active we cannot start the
1949 * socket */
1950 if (service->state != SERVICE_DEAD &&
1951 service->state != SERVICE_FAILED &&
1952 service->state != SERVICE_AUTO_RESTART) {
1953 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
1954 return -EBUSY;
1955 }
1956 }
1957
1958 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1959
1960 s->result = SOCKET_SUCCESS;
1961 s->reset_cpu_usage = true;
1962
1963 socket_enter_start_pre(s);
1964
1965 return 1;
1966 }
1967
1968 static int socket_stop(Unit *u) {
1969 Socket *s = SOCKET(u);
1970
1971 assert(s);
1972
1973 /* Already on it */
1974 if (IN_SET(s->state,
1975 SOCKET_STOP_PRE,
1976 SOCKET_STOP_PRE_SIGTERM,
1977 SOCKET_STOP_PRE_SIGKILL,
1978 SOCKET_STOP_POST,
1979 SOCKET_FINAL_SIGTERM,
1980 SOCKET_FINAL_SIGKILL))
1981 return 0;
1982
1983 /* If there's already something running we go directly into
1984 * kill mode. */
1985 if (IN_SET(s->state,
1986 SOCKET_START_PRE,
1987 SOCKET_START_CHOWN,
1988 SOCKET_START_POST)) {
1989 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1990 return -EAGAIN;
1991 }
1992
1993 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1994
1995 socket_enter_stop_pre(s, SOCKET_SUCCESS);
1996 return 1;
1997 }
1998
1999 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2000 Socket *s = SOCKET(u);
2001 SocketPort *p;
2002 int r;
2003
2004 assert(u);
2005 assert(f);
2006 assert(fds);
2007
2008 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2009 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2010 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2011
2012 if (s->control_pid > 0)
2013 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2014
2015 if (s->control_command_id >= 0)
2016 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2017
2018 LIST_FOREACH(port, p, s->ports) {
2019 int copy;
2020
2021 if (p->fd < 0)
2022 continue;
2023
2024 copy = fdset_put_dup(fds, p->fd);
2025 if (copy < 0)
2026 return copy;
2027
2028 if (p->type == SOCKET_SOCKET) {
2029 _cleanup_free_ char *t = NULL;
2030
2031 r = socket_address_print(&p->address, &t);
2032 if (r < 0)
2033 return r;
2034
2035 if (socket_address_family(&p->address) == AF_NETLINK)
2036 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2037 else
2038 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2039
2040 } else if (p->type == SOCKET_SPECIAL)
2041 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2042 else if (p->type == SOCKET_MQUEUE)
2043 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2044 else {
2045 assert(p->type == SOCKET_FIFO);
2046 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2047 }
2048 }
2049
2050 return 0;
2051 }
2052
2053 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2054 Socket *s = SOCKET(u);
2055
2056 assert(u);
2057 assert(key);
2058 assert(value);
2059
2060 if (streq(key, "state")) {
2061 SocketState state;
2062
2063 state = socket_state_from_string(value);
2064 if (state < 0)
2065 log_unit_debug(u, "Failed to parse state value: %s", value);
2066 else
2067 s->deserialized_state = state;
2068 } else if (streq(key, "result")) {
2069 SocketResult f;
2070
2071 f = socket_result_from_string(value);
2072 if (f < 0)
2073 log_unit_debug(u, "Failed to parse result value: %s", value);
2074 else if (f != SOCKET_SUCCESS)
2075 s->result = f;
2076
2077 } else if (streq(key, "n-accepted")) {
2078 unsigned k;
2079
2080 if (safe_atou(value, &k) < 0)
2081 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
2082 else
2083 s->n_accepted += k;
2084 } else if (streq(key, "control-pid")) {
2085 pid_t pid;
2086
2087 if (parse_pid(value, &pid) < 0)
2088 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
2089 else
2090 s->control_pid = pid;
2091 } else if (streq(key, "control-command")) {
2092 SocketExecCommand id;
2093
2094 id = socket_exec_command_from_string(value);
2095 if (id < 0)
2096 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
2097 else {
2098 s->control_command_id = id;
2099 s->control_command = s->exec_command[id];
2100 }
2101 } else if (streq(key, "fifo")) {
2102 int fd, skip = 0;
2103 SocketPort *p;
2104
2105 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2106 log_unit_debug(u, "Failed to parse fifo value: %s", value);
2107 else {
2108
2109 LIST_FOREACH(port, p, s->ports)
2110 if (p->type == SOCKET_FIFO &&
2111 path_equal_or_files_same(p->path, value+skip))
2112 break;
2113
2114 if (p) {
2115 safe_close(p->fd);
2116 p->fd = fdset_remove(fds, fd);
2117 }
2118 }
2119
2120 } else if (streq(key, "special")) {
2121 int fd, skip = 0;
2122 SocketPort *p;
2123
2124 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2125 log_unit_debug(u, "Failed to parse special value: %s", value);
2126 else {
2127
2128 LIST_FOREACH(port, p, s->ports)
2129 if (p->type == SOCKET_SPECIAL &&
2130 path_equal_or_files_same(p->path, value+skip))
2131 break;
2132
2133 if (p) {
2134 safe_close(p->fd);
2135 p->fd = fdset_remove(fds, fd);
2136 }
2137 }
2138
2139 } else if (streq(key, "mqueue")) {
2140 int fd, skip = 0;
2141 SocketPort *p;
2142
2143 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2144 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
2145 else {
2146
2147 LIST_FOREACH(port, p, s->ports)
2148 if (p->type == SOCKET_MQUEUE &&
2149 streq(p->path, value+skip))
2150 break;
2151
2152 if (p) {
2153 safe_close(p->fd);
2154 p->fd = fdset_remove(fds, fd);
2155 }
2156 }
2157
2158 } else if (streq(key, "socket")) {
2159 int fd, type, skip = 0;
2160 SocketPort *p;
2161
2162 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2163 log_unit_debug(u, "Failed to parse socket value: %s", value);
2164 else {
2165
2166 LIST_FOREACH(port, p, s->ports)
2167 if (socket_address_is(&p->address, value+skip, type))
2168 break;
2169
2170 if (p) {
2171 safe_close(p->fd);
2172 p->fd = fdset_remove(fds, fd);
2173 }
2174 }
2175
2176 } else if (streq(key, "netlink")) {
2177 int fd, skip = 0;
2178 SocketPort *p;
2179
2180 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2181 log_unit_debug(u, "Failed to parse socket value: %s", value);
2182 else {
2183
2184 LIST_FOREACH(port, p, s->ports)
2185 if (socket_address_is_netlink(&p->address, value+skip))
2186 break;
2187
2188 if (p) {
2189 safe_close(p->fd);
2190 p->fd = fdset_remove(fds, fd);
2191 }
2192 }
2193 } else
2194 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
2195
2196 return 0;
2197 }
2198
2199 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2200 Socket *s = SOCKET(u);
2201 SocketPort *p;
2202
2203 assert(u);
2204
2205 LIST_FOREACH(port, p, s->ports) {
2206 Iterator i;
2207 int fd;
2208
2209 if (p->type != SOCKET_SOCKET)
2210 continue;
2211
2212 if (p->fd >= 0)
2213 continue;
2214
2215 FDSET_FOREACH(fd, fds, i) {
2216 if (socket_address_matches_fd(&p->address, fd)) {
2217 p->fd = fdset_remove(fds, fd);
2218 s->deserialized_state = SOCKET_LISTENING;
2219 break;
2220 }
2221 }
2222 }
2223
2224 return 0;
2225 }
2226
2227 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2228 assert(u);
2229
2230 return state_translation_table[SOCKET(u)->state];
2231 }
2232
2233 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2234 assert(u);
2235
2236 return socket_state_to_string(SOCKET(u)->state);
2237 }
2238
2239 const char* socket_port_type_to_string(SocketPort *p) {
2240
2241 assert(p);
2242
2243 switch (p->type) {
2244
2245 case SOCKET_SOCKET:
2246
2247 switch (p->address.type) {
2248
2249 case SOCK_STREAM:
2250 return "Stream";
2251
2252 case SOCK_DGRAM:
2253 return "Datagram";
2254
2255 case SOCK_SEQPACKET:
2256 return "SequentialPacket";
2257
2258 case SOCK_RAW:
2259 if (socket_address_family(&p->address) == AF_NETLINK)
2260 return "Netlink";
2261
2262 default:
2263 return NULL;
2264 }
2265
2266 case SOCKET_SPECIAL:
2267 return "Special";
2268
2269 case SOCKET_MQUEUE:
2270 return "MessageQueue";
2271
2272 case SOCKET_FIFO:
2273 return "FIFO";
2274
2275 default:
2276 return NULL;
2277 }
2278 }
2279
2280 _pure_ static bool socket_check_gc(Unit *u) {
2281 Socket *s = SOCKET(u);
2282
2283 assert(u);
2284
2285 return s->n_connections > 0;
2286 }
2287
2288 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2289 SocketPort *p = userdata;
2290 int cfd = -1;
2291
2292 assert(p);
2293 assert(fd >= 0);
2294
2295 if (p->socket->state != SOCKET_LISTENING)
2296 return 0;
2297
2298 log_unit_debug(UNIT(p->socket), "Incoming traffic");
2299
2300 if (revents != EPOLLIN) {
2301
2302 if (revents & EPOLLHUP)
2303 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2304 else
2305 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
2306
2307 goto fail;
2308 }
2309
2310 if (p->socket->accept &&
2311 p->type == SOCKET_SOCKET &&
2312 socket_address_can_accept(&p->address)) {
2313
2314 for (;;) {
2315
2316 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2317 if (cfd < 0) {
2318
2319 if (errno == EINTR)
2320 continue;
2321
2322 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
2323 goto fail;
2324 }
2325
2326 break;
2327 }
2328
2329 socket_apply_socket_options(p->socket, cfd);
2330 }
2331
2332 socket_enter_running(p->socket, cfd);
2333 return 0;
2334
2335 fail:
2336 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2337 return 0;
2338 }
2339
2340 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2341 Socket *s = SOCKET(u);
2342 SocketResult f;
2343
2344 assert(s);
2345 assert(pid >= 0);
2346
2347 if (pid != s->control_pid)
2348 return;
2349
2350 s->control_pid = 0;
2351
2352 if (is_clean_exit(code, status, NULL))
2353 f = SOCKET_SUCCESS;
2354 else if (code == CLD_EXITED)
2355 f = SOCKET_FAILURE_EXIT_CODE;
2356 else if (code == CLD_KILLED)
2357 f = SOCKET_FAILURE_SIGNAL;
2358 else if (code == CLD_DUMPED)
2359 f = SOCKET_FAILURE_CORE_DUMP;
2360 else
2361 assert_not_reached("Unknown sigchld code");
2362
2363 if (s->control_command) {
2364 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2365
2366 if (s->control_command->ignore)
2367 f = SOCKET_SUCCESS;
2368 }
2369
2370 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2371 "Control process exited, code=%s status=%i",
2372 sigchld_code_to_string(code), status);
2373
2374 if (f != SOCKET_SUCCESS)
2375 s->result = f;
2376
2377 if (s->control_command &&
2378 s->control_command->command_next &&
2379 f == SOCKET_SUCCESS) {
2380
2381 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
2382 socket_run_next(s);
2383 } else {
2384 s->control_command = NULL;
2385 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2386
2387 /* No further commands for this step, so let's figure
2388 * out what to do next */
2389
2390 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
2391
2392 switch (s->state) {
2393
2394 case SOCKET_START_PRE:
2395 if (f == SOCKET_SUCCESS)
2396 socket_enter_start_chown(s);
2397 else
2398 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2399 break;
2400
2401 case SOCKET_START_CHOWN:
2402 if (f == SOCKET_SUCCESS)
2403 socket_enter_start_post(s);
2404 else
2405 socket_enter_stop_pre(s, f);
2406 break;
2407
2408 case SOCKET_START_POST:
2409 if (f == SOCKET_SUCCESS)
2410 socket_enter_listening(s);
2411 else
2412 socket_enter_stop_pre(s, f);
2413 break;
2414
2415 case SOCKET_STOP_PRE:
2416 case SOCKET_STOP_PRE_SIGTERM:
2417 case SOCKET_STOP_PRE_SIGKILL:
2418 socket_enter_stop_post(s, f);
2419 break;
2420
2421 case SOCKET_STOP_POST:
2422 case SOCKET_FINAL_SIGTERM:
2423 case SOCKET_FINAL_SIGKILL:
2424 socket_enter_dead(s, f);
2425 break;
2426
2427 default:
2428 assert_not_reached("Uh, control process died at wrong time.");
2429 }
2430 }
2431
2432 /* Notify clients about changed exit status */
2433 unit_add_to_dbus_queue(u);
2434 }
2435
2436 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2437 Socket *s = SOCKET(userdata);
2438
2439 assert(s);
2440 assert(s->timer_event_source == source);
2441
2442 switch (s->state) {
2443
2444 case SOCKET_START_PRE:
2445 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
2446 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2447 break;
2448
2449 case SOCKET_START_CHOWN:
2450 case SOCKET_START_POST:
2451 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
2452 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2453 break;
2454
2455 case SOCKET_STOP_PRE:
2456 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
2457 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2458 break;
2459
2460 case SOCKET_STOP_PRE_SIGTERM:
2461 if (s->kill_context.send_sigkill) {
2462 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
2463 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2464 } else {
2465 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2466 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2467 }
2468 break;
2469
2470 case SOCKET_STOP_PRE_SIGKILL:
2471 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
2472 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2473 break;
2474
2475 case SOCKET_STOP_POST:
2476 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
2477 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2478 break;
2479
2480 case SOCKET_FINAL_SIGTERM:
2481 if (s->kill_context.send_sigkill) {
2482 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
2483 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2484 } else {
2485 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2486 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2487 }
2488 break;
2489
2490 case SOCKET_FINAL_SIGKILL:
2491 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
2492 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2493 break;
2494
2495 default:
2496 assert_not_reached("Timeout at wrong time.");
2497 }
2498
2499 return 0;
2500 }
2501
2502 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2503 int *rfds;
2504 unsigned rn_fds, k;
2505 SocketPort *p;
2506
2507 assert(s);
2508 assert(fds);
2509 assert(n_fds);
2510
2511 /* Called from the service code for requesting our fds */
2512
2513 rn_fds = 0;
2514 LIST_FOREACH(port, p, s->ports)
2515 if (p->fd >= 0)
2516 rn_fds++;
2517
2518 if (rn_fds <= 0) {
2519 *fds = NULL;
2520 *n_fds = 0;
2521 return 0;
2522 }
2523
2524 rfds = new(int, rn_fds);
2525 if (!rfds)
2526 return -ENOMEM;
2527
2528 k = 0;
2529 LIST_FOREACH(port, p, s->ports)
2530 if (p->fd >= 0)
2531 rfds[k++] = p->fd;
2532
2533 assert(k == rn_fds);
2534
2535 *fds = rfds;
2536 *n_fds = rn_fds;
2537
2538 return 0;
2539 }
2540
2541 static void socket_reset_failed(Unit *u) {
2542 Socket *s = SOCKET(u);
2543
2544 assert(s);
2545
2546 if (s->state == SOCKET_FAILED)
2547 socket_set_state(s, SOCKET_DEAD);
2548
2549 s->result = SOCKET_SUCCESS;
2550 }
2551
2552 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2553 assert(s);
2554
2555 /* The service is dead. Dang!
2556 *
2557 * This is strictly for one-instance-for-all-connections
2558 * services. */
2559
2560 if (s->state == SOCKET_RUNNING) {
2561 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
2562 if (failed_permanent)
2563 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2564 else
2565 socket_enter_listening(s);
2566 }
2567 }
2568
2569 void socket_connection_unref(Socket *s) {
2570 assert(s);
2571
2572 /* The service is dead. Yay!
2573 *
2574 * This is strictly for one-instance-per-connection
2575 * services. */
2576
2577 assert(s->n_connections > 0);
2578 s->n_connections--;
2579
2580 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
2581 }
2582
2583 static void socket_trigger_notify(Unit *u, Unit *other) {
2584 Socket *s = SOCKET(u);
2585 Service *se;
2586
2587 assert(u);
2588 assert(other);
2589
2590 /* Don't propagate state changes from the service if we are
2591 already down or accepting connections */
2592 if ((s->state != SOCKET_RUNNING &&
2593 s->state != SOCKET_LISTENING) ||
2594 s->accept)
2595 return;
2596
2597 if (other->load_state != UNIT_LOADED ||
2598 other->type != UNIT_SERVICE)
2599 return;
2600
2601 se = SERVICE(other);
2602
2603 if (se->state == SERVICE_FAILED)
2604 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2605
2606 if (se->state == SERVICE_DEAD ||
2607 se->state == SERVICE_FINAL_SIGTERM ||
2608 se->state == SERVICE_FINAL_SIGKILL ||
2609 se->state == SERVICE_AUTO_RESTART)
2610 socket_notify_service_dead(s, false);
2611
2612 if (se->state == SERVICE_RUNNING)
2613 socket_set_state(s, SOCKET_RUNNING);
2614 }
2615
2616 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2617 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2618 }
2619
2620 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2621 Socket *s = SOCKET(u);
2622 int r;
2623
2624 if (!s->timer_event_source)
2625 return 0;
2626
2627 r = sd_event_source_get_time(s->timer_event_source, timeout);
2628 if (r < 0)
2629 return r;
2630
2631 return 1;
2632 }
2633
2634 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2635 [SOCKET_DEAD] = "dead",
2636 [SOCKET_START_PRE] = "start-pre",
2637 [SOCKET_START_CHOWN] = "start-chown",
2638 [SOCKET_START_POST] = "start-post",
2639 [SOCKET_LISTENING] = "listening",
2640 [SOCKET_RUNNING] = "running",
2641 [SOCKET_STOP_PRE] = "stop-pre",
2642 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2643 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2644 [SOCKET_STOP_POST] = "stop-post",
2645 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2646 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2647 [SOCKET_FAILED] = "failed"
2648 };
2649
2650 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2651
2652 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2653 [SOCKET_EXEC_START_PRE] = "StartPre",
2654 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2655 [SOCKET_EXEC_START_POST] = "StartPost",
2656 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2657 [SOCKET_EXEC_STOP_POST] = "StopPost"
2658 };
2659
2660 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2661
2662 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2663 [SOCKET_SUCCESS] = "success",
2664 [SOCKET_FAILURE_RESOURCES] = "resources",
2665 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2666 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2667 [SOCKET_FAILURE_SIGNAL] = "signal",
2668 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2669 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2670 };
2671
2672 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2673
2674 const UnitVTable socket_vtable = {
2675 .object_size = sizeof(Socket),
2676 .exec_context_offset = offsetof(Socket, exec_context),
2677 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2678 .kill_context_offset = offsetof(Socket, kill_context),
2679 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2680
2681 .sections =
2682 "Unit\0"
2683 "Socket\0"
2684 "Install\0",
2685 .private_section = "Socket",
2686
2687 .init = socket_init,
2688 .done = socket_done,
2689 .load = socket_load,
2690
2691 .coldplug = socket_coldplug,
2692
2693 .dump = socket_dump,
2694
2695 .start = socket_start,
2696 .stop = socket_stop,
2697
2698 .kill = socket_kill,
2699
2700 .get_timeout = socket_get_timeout,
2701
2702 .serialize = socket_serialize,
2703 .deserialize_item = socket_deserialize_item,
2704 .distribute_fds = socket_distribute_fds,
2705
2706 .active_state = socket_active_state,
2707 .sub_state_to_string = socket_sub_state_to_string,
2708
2709 .check_gc = socket_check_gc,
2710
2711 .sigchld_event = socket_sigchld_event,
2712
2713 .trigger_notify = socket_trigger_notify,
2714
2715 .reset_failed = socket_reset_failed,
2716
2717 .bus_interface = "org.freedesktop.systemd1.Socket",
2718 .bus_vtable = bus_socket_vtable,
2719 .bus_set_property = bus_socket_set_property,
2720 .bus_commit_properties = bus_socket_commit_properties,
2721
2722 .status_message_formats = {
2723 /*.starting_stopping = {
2724 [0] = "Starting socket %s...",
2725 [1] = "Stopping socket %s...",
2726 },*/
2727 .finished_start_job = {
2728 [JOB_DONE] = "Listening on %s.",
2729 [JOB_FAILED] = "Failed to listen on %s.",
2730 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2731 [JOB_TIMEOUT] = "Timed out starting %s.",
2732 },
2733 .finished_stop_job = {
2734 [JOB_DONE] = "Closed %s.",
2735 [JOB_FAILED] = "Failed stopping %s.",
2736 [JOB_TIMEOUT] = "Timed out stopping %s.",
2737 },
2738 },
2739 };
Unnamed repository; edit this file 'description' to name the repository.