]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Revert "sd-bus: do not connect to dbus-1 socket when kdbus is available"
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/stat.h>
23 #include <unistd.h>
24 #include <errno.h>
25 #include <fcntl.h>
26 #include <sys/epoll.h>
27 #include <signal.h>
28 #include <arpa/inet.h>
29 #include <netinet/tcp.h>
30 #include <mqueue.h>
31
32 #include "sd-event.h"
33 #include "log.h"
34 #include "strv.h"
35 #include "mkdir.h"
36 #include "path-util.h"
37 #include "unit-name.h"
38 #include "unit-printf.h"
39 #include "missing.h"
40 #include "special.h"
41 #include "label.h"
42 #include "exit-status.h"
43 #include "def.h"
44 #include "smack-util.h"
45 #include "bus-util.h"
46 #include "bus-error.h"
47 #include "selinux-util.h"
48 #include "dbus-socket.h"
49 #include "unit.h"
50 #include "formats-util.h"
51 #include "signal-util.h"
52 #include "socket.h"
53
54 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
55 [SOCKET_DEAD] = UNIT_INACTIVE,
56 [SOCKET_START_PRE] = UNIT_ACTIVATING,
57 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
58 [SOCKET_START_POST] = UNIT_ACTIVATING,
59 [SOCKET_LISTENING] = UNIT_ACTIVE,
60 [SOCKET_RUNNING] = UNIT_ACTIVE,
61 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
62 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
65 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
66 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
67 [SOCKET_FAILED] = UNIT_FAILED
68 };
69
70 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
71 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
72
73 static void socket_init(Unit *u) {
74 Socket *s = SOCKET(u);
75
76 assert(u);
77 assert(u->load_state == UNIT_STUB);
78
79 s->backlog = SOMAXCONN;
80 s->timeout_usec = u->manager->default_timeout_start_usec;
81 s->directory_mode = 0755;
82 s->socket_mode = 0666;
83
84 s->max_connections = 64;
85
86 s->priority = -1;
87 s->ip_tos = -1;
88 s->ip_ttl = -1;
89 s->mark = -1;
90
91 s->exec_context.std_output = u->manager->default_std_output;
92 s->exec_context.std_error = u->manager->default_std_error;
93
94 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
95 }
96
97 static void socket_unwatch_control_pid(Socket *s) {
98 assert(s);
99
100 if (s->control_pid <= 0)
101 return;
102
103 unit_unwatch_pid(UNIT(s), s->control_pid);
104 s->control_pid = 0;
105 }
106
107 void socket_free_ports(Socket *s) {
108 SocketPort *p;
109
110 assert(s);
111
112 while ((p = s->ports)) {
113 LIST_REMOVE(port, s->ports, p);
114
115 sd_event_source_unref(p->event_source);
116
117 safe_close(p->fd);
118 free(p->path);
119 free(p);
120 }
121 }
122
123 static void socket_done(Unit *u) {
124 Socket *s = SOCKET(u);
125
126 assert(s);
127
128 socket_free_ports(s);
129
130 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
131 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
132 s->control_command = NULL;
133
134 socket_unwatch_control_pid(s);
135
136 unit_ref_unset(&s->service);
137
138 free(s->tcp_congestion);
139 s->tcp_congestion = NULL;
140
141 free(s->bind_to_device);
142 s->bind_to_device = NULL;
143
144 free(s->smack);
145 free(s->smack_ip_in);
146 free(s->smack_ip_out);
147
148 strv_free(s->symlinks);
149
150 free(s->user);
151 free(s->group);
152
153 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
154 }
155
156 static int socket_arm_timer(Socket *s) {
157 int r;
158
159 assert(s);
160
161 if (s->timeout_usec <= 0) {
162 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
163 return 0;
164 }
165
166 if (s->timer_event_source) {
167 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
168 if (r < 0)
169 return r;
170
171 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
172 }
173
174 r = sd_event_add_time(
175 UNIT(s)->manager->event,
176 &s->timer_event_source,
177 CLOCK_MONOTONIC,
178 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
179 socket_dispatch_timer, s);
180 if (r < 0)
181 return r;
182
183 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
184
185 return 0;
186 }
187
188 int socket_instantiate_service(Socket *s) {
189 _cleanup_free_ char *prefix = NULL, *name = NULL;
190 int r;
191 Unit *u;
192
193 assert(s);
194
195 /* This fills in s->service if it isn't filled in yet. For
196 * Accept=yes sockets we create the next connection service
197 * here. For Accept=no this is mostly a NOP since the service
198 * is figured out at load time anyway. */
199
200 if (UNIT_DEREF(s->service))
201 return 0;
202
203 if (!s->accept)
204 return 0;
205
206 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
207 if (r < 0)
208 return r;
209
210 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
211 return -ENOMEM;
212
213 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
214 if (r < 0)
215 return r;
216
217 u->no_gc = true;
218 unit_ref_set(&s->service, u);
219
220 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
221 }
222
223 static bool have_non_accept_socket(Socket *s) {
224 SocketPort *p;
225
226 assert(s);
227
228 if (!s->accept)
229 return true;
230
231 LIST_FOREACH(port, p, s->ports) {
232
233 if (p->type != SOCKET_SOCKET)
234 return true;
235
236 if (!socket_address_can_accept(&p->address))
237 return true;
238 }
239
240 return false;
241 }
242
243 static int socket_add_mount_links(Socket *s) {
244 SocketPort *p;
245 int r;
246
247 assert(s);
248
249 LIST_FOREACH(port, p, s->ports) {
250 const char *path = NULL;
251
252 if (p->type == SOCKET_SOCKET)
253 path = socket_address_get_path(&p->address);
254 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
255 path = p->path;
256
257 if (!path)
258 continue;
259
260 r = unit_require_mounts_for(UNIT(s), path);
261 if (r < 0)
262 return r;
263 }
264
265 return 0;
266 }
267
268 static int socket_add_device_link(Socket *s) {
269 char *t;
270
271 assert(s);
272
273 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
274 return 0;
275
276 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
277 return unit_add_node_link(UNIT(s), t, false);
278 }
279
280 static int socket_add_default_dependencies(Socket *s) {
281 int r;
282 assert(s);
283
284 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
285 if (r < 0)
286 return r;
287
288 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
289 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
290 if (r < 0)
291 return r;
292 }
293
294 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
295 }
296
297 _pure_ static bool socket_has_exec(Socket *s) {
298 unsigned i;
299 assert(s);
300
301 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
302 if (s->exec_command[i])
303 return true;
304
305 return false;
306 }
307
308 static int socket_add_extras(Socket *s) {
309 Unit *u = UNIT(s);
310 int r;
311
312 assert(s);
313
314 if (have_non_accept_socket(s)) {
315
316 if (!UNIT_DEREF(s->service)) {
317 Unit *x;
318
319 r = unit_load_related_unit(u, ".service", &x);
320 if (r < 0)
321 return r;
322
323 unit_ref_set(&s->service, x);
324 }
325
326 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
327 if (r < 0)
328 return r;
329 }
330
331 r = socket_add_mount_links(s);
332 if (r < 0)
333 return r;
334
335 r = socket_add_device_link(s);
336 if (r < 0)
337 return r;
338
339 r = unit_patch_contexts(u);
340 if (r < 0)
341 return r;
342
343 if (socket_has_exec(s)) {
344 r = unit_add_exec_dependencies(u, &s->exec_context);
345 if (r < 0)
346 return r;
347
348 r = unit_add_default_slice(u, &s->cgroup_context);
349 if (r < 0)
350 return r;
351 }
352
353 if (u->default_dependencies) {
354 r = socket_add_default_dependencies(s);
355 if (r < 0)
356 return r;
357 }
358
359 return 0;
360 }
361
362 static const char *socket_find_symlink_target(Socket *s) {
363 const char *found = NULL;
364 SocketPort *p;
365
366 LIST_FOREACH(port, p, s->ports) {
367 const char *f = NULL;
368
369 switch (p->type) {
370
371 case SOCKET_FIFO:
372 f = p->path;
373 break;
374
375 case SOCKET_SOCKET:
376 if (p->address.sockaddr.un.sun_path[0] != 0)
377 f = p->address.sockaddr.un.sun_path;
378 break;
379
380 default:
381 break;
382 }
383
384 if (f) {
385 if (found)
386 return NULL;
387
388 found = f;
389 }
390 }
391
392 return found;
393 }
394
395 static int socket_verify(Socket *s) {
396 assert(s);
397
398 if (UNIT(s)->load_state != UNIT_LOADED)
399 return 0;
400
401 if (!s->ports) {
402 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
403 return -EINVAL;
404 }
405
406 if (s->accept && have_non_accept_socket(s)) {
407 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
408 return -EINVAL;
409 }
410
411 if (s->accept && s->max_connections <= 0) {
412 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
413 return -EINVAL;
414 }
415
416 if (s->accept && UNIT_DEREF(s->service)) {
417 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
418 return -EINVAL;
419 }
420
421 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
422 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
423 return -EINVAL;
424 }
425
426 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
427 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
428 return -EINVAL;
429 }
430
431 return 0;
432 }
433
434 static int socket_load(Unit *u) {
435 Socket *s = SOCKET(u);
436 int r;
437
438 assert(u);
439 assert(u->load_state == UNIT_STUB);
440
441 r = unit_load_fragment_and_dropin(u);
442 if (r < 0)
443 return r;
444
445 if (u->load_state == UNIT_LOADED) {
446 /* This is a new unit? Then let's add in some extras */
447 r = socket_add_extras(s);
448 if (r < 0)
449 return r;
450 }
451
452 return socket_verify(s);
453 }
454
455 _const_ static const char* listen_lookup(int family, int type) {
456
457 if (family == AF_NETLINK)
458 return "ListenNetlink";
459
460 if (type == SOCK_STREAM)
461 return "ListenStream";
462 else if (type == SOCK_DGRAM)
463 return "ListenDatagram";
464 else if (type == SOCK_SEQPACKET)
465 return "ListenSequentialPacket";
466
467 assert_not_reached("Unknown socket type");
468 return NULL;
469 }
470
471 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
472 char time_string[FORMAT_TIMESPAN_MAX];
473 SocketExecCommand c;
474 Socket *s = SOCKET(u);
475 SocketPort *p;
476 const char *prefix2;
477
478 assert(s);
479 assert(f);
480
481 prefix = strempty(prefix);
482 prefix2 = strjoina(prefix, "\t");
483
484 fprintf(f,
485 "%sSocket State: %s\n"
486 "%sResult: %s\n"
487 "%sBindIPv6Only: %s\n"
488 "%sBacklog: %u\n"
489 "%sSocketMode: %04o\n"
490 "%sDirectoryMode: %04o\n"
491 "%sKeepAlive: %s\n"
492 "%sNoDelay: %s\n"
493 "%sFreeBind: %s\n"
494 "%sTransparent: %s\n"
495 "%sBroadcast: %s\n"
496 "%sPassCredentials: %s\n"
497 "%sPassSecurity: %s\n"
498 "%sTCPCongestion: %s\n"
499 "%sRemoveOnStop: %s\n"
500 "%sSELinuxContextFromNet: %s\n",
501 prefix, socket_state_to_string(s->state),
502 prefix, socket_result_to_string(s->result),
503 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
504 prefix, s->backlog,
505 prefix, s->socket_mode,
506 prefix, s->directory_mode,
507 prefix, yes_no(s->keep_alive),
508 prefix, yes_no(s->no_delay),
509 prefix, yes_no(s->free_bind),
510 prefix, yes_no(s->transparent),
511 prefix, yes_no(s->broadcast),
512 prefix, yes_no(s->pass_cred),
513 prefix, yes_no(s->pass_sec),
514 prefix, strna(s->tcp_congestion),
515 prefix, yes_no(s->remove_on_stop),
516 prefix, yes_no(s->selinux_context_from_net));
517
518 if (s->control_pid > 0)
519 fprintf(f,
520 "%sControl PID: "PID_FMT"\n",
521 prefix, s->control_pid);
522
523 if (s->bind_to_device)
524 fprintf(f,
525 "%sBindToDevice: %s\n",
526 prefix, s->bind_to_device);
527
528 if (s->accept)
529 fprintf(f,
530 "%sAccepted: %u\n"
531 "%sNConnections: %u\n"
532 "%sMaxConnections: %u\n",
533 prefix, s->n_accepted,
534 prefix, s->n_connections,
535 prefix, s->max_connections);
536
537 if (s->priority >= 0)
538 fprintf(f,
539 "%sPriority: %i\n",
540 prefix, s->priority);
541
542 if (s->receive_buffer > 0)
543 fprintf(f,
544 "%sReceiveBuffer: %zu\n",
545 prefix, s->receive_buffer);
546
547 if (s->send_buffer > 0)
548 fprintf(f,
549 "%sSendBuffer: %zu\n",
550 prefix, s->send_buffer);
551
552 if (s->ip_tos >= 0)
553 fprintf(f,
554 "%sIPTOS: %i\n",
555 prefix, s->ip_tos);
556
557 if (s->ip_ttl >= 0)
558 fprintf(f,
559 "%sIPTTL: %i\n",
560 prefix, s->ip_ttl);
561
562 if (s->pipe_size > 0)
563 fprintf(f,
564 "%sPipeSize: %zu\n",
565 prefix, s->pipe_size);
566
567 if (s->mark >= 0)
568 fprintf(f,
569 "%sMark: %i\n",
570 prefix, s->mark);
571
572 if (s->mq_maxmsg > 0)
573 fprintf(f,
574 "%sMessageQueueMaxMessages: %li\n",
575 prefix, s->mq_maxmsg);
576
577 if (s->mq_msgsize > 0)
578 fprintf(f,
579 "%sMessageQueueMessageSize: %li\n",
580 prefix, s->mq_msgsize);
581
582 if (s->reuse_port)
583 fprintf(f,
584 "%sReusePort: %s\n",
585 prefix, yes_no(s->reuse_port));
586
587 if (s->smack)
588 fprintf(f,
589 "%sSmackLabel: %s\n",
590 prefix, s->smack);
591
592 if (s->smack_ip_in)
593 fprintf(f,
594 "%sSmackLabelIPIn: %s\n",
595 prefix, s->smack_ip_in);
596
597 if (s->smack_ip_out)
598 fprintf(f,
599 "%sSmackLabelIPOut: %s\n",
600 prefix, s->smack_ip_out);
601
602 if (!isempty(s->user) || !isempty(s->group))
603 fprintf(f,
604 "%sOwnerUser: %s\n"
605 "%sOwnerGroup: %s\n",
606 prefix, strna(s->user),
607 prefix, strna(s->group));
608
609 if (s->keep_alive_time > 0)
610 fprintf(f,
611 "%sKeepAliveTimeSec: %s\n",
612 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
613
614 if (s->keep_alive_interval)
615 fprintf(f,
616 "%sKeepAliveIntervalSec: %s\n",
617 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
618
619 if (s->keep_alive_cnt)
620 fprintf(f,
621 "%sKeepAliveProbes: %u\n",
622 prefix, s->keep_alive_cnt);
623
624 if (s->defer_accept)
625 fprintf(f,
626 "%sDeferAcceptSec: %s\n",
627 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
628
629 LIST_FOREACH(port, p, s->ports) {
630
631 if (p->type == SOCKET_SOCKET) {
632 const char *t;
633 int r;
634 char *k = NULL;
635
636 if ((r = socket_address_print(&p->address, &k)) < 0)
637 t = strerror(-r);
638 else
639 t = k;
640
641 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
642 free(k);
643 } else if (p->type == SOCKET_SPECIAL)
644 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
645 else if (p->type == SOCKET_MQUEUE)
646 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
647 else
648 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
649 }
650
651 exec_context_dump(&s->exec_context, f, prefix);
652 kill_context_dump(&s->kill_context, f, prefix);
653
654 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
655 if (!s->exec_command[c])
656 continue;
657
658 fprintf(f, "%s-> %s:\n",
659 prefix, socket_exec_command_to_string(c));
660
661 exec_command_dump_list(s->exec_command[c], f, prefix2);
662 }
663 }
664
665 static int instance_from_socket(int fd, unsigned nr, char **instance) {
666 socklen_t l;
667 char *r;
668 union sockaddr_union local, remote;
669
670 assert(fd >= 0);
671 assert(instance);
672
673 l = sizeof(local);
674 if (getsockname(fd, &local.sa, &l) < 0)
675 return -errno;
676
677 l = sizeof(remote);
678 if (getpeername(fd, &remote.sa, &l) < 0)
679 return -errno;
680
681 switch (local.sa.sa_family) {
682
683 case AF_INET: {
684 uint32_t
685 a = ntohl(local.in.sin_addr.s_addr),
686 b = ntohl(remote.in.sin_addr.s_addr);
687
688 if (asprintf(&r,
689 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
690 nr,
691 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
692 ntohs(local.in.sin_port),
693 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
694 ntohs(remote.in.sin_port)) < 0)
695 return -ENOMEM;
696
697 break;
698 }
699
700 case AF_INET6: {
701 static const unsigned char ipv4_prefix[] = {
702 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
703 };
704
705 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
706 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
707 const uint8_t
708 *a = local.in6.sin6_addr.s6_addr+12,
709 *b = remote.in6.sin6_addr.s6_addr+12;
710
711 if (asprintf(&r,
712 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
713 nr,
714 a[0], a[1], a[2], a[3],
715 ntohs(local.in6.sin6_port),
716 b[0], b[1], b[2], b[3],
717 ntohs(remote.in6.sin6_port)) < 0)
718 return -ENOMEM;
719 } else {
720 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
721
722 if (asprintf(&r,
723 "%u-%s:%u-%s:%u",
724 nr,
725 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
726 ntohs(local.in6.sin6_port),
727 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
728 ntohs(remote.in6.sin6_port)) < 0)
729 return -ENOMEM;
730 }
731
732 break;
733 }
734
735 case AF_UNIX: {
736 struct ucred ucred;
737 int k;
738
739 k = getpeercred(fd, &ucred);
740 if (k >= 0) {
741 if (asprintf(&r,
742 "%u-"PID_FMT"-"UID_FMT,
743 nr, ucred.pid, ucred.uid) < 0)
744 return -ENOMEM;
745 } else if (k == -ENODATA) {
746 /* This handles the case where somebody is
747 * connecting from another pid/uid namespace
748 * (e.g. from outside of our container). */
749 if (asprintf(&r,
750 "%u-unknown",
751 nr) < 0)
752 return -ENOMEM;
753 } else
754 return k;
755
756 break;
757 }
758
759 default:
760 assert_not_reached("Unhandled socket type.");
761 }
762
763 *instance = r;
764 return 0;
765 }
766
767 static void socket_close_fds(Socket *s) {
768 SocketPort *p;
769 char **i;
770
771 assert(s);
772
773 LIST_FOREACH(port, p, s->ports) {
774
775 p->event_source = sd_event_source_unref(p->event_source);
776
777 if (p->fd < 0)
778 continue;
779
780 p->fd = safe_close(p->fd);
781
782 /* One little note: we should normally not delete any
783 * sockets in the file system here! After all some
784 * other process we spawned might still have a
785 * reference of this fd and wants to continue to use
786 * it. Therefore we delete sockets in the file system
787 * before we create a new one, not after we stopped
788 * using one! */
789
790 if (s->remove_on_stop) {
791 switch (p->type) {
792
793 case SOCKET_FIFO:
794 unlink(p->path);
795 break;
796
797 case SOCKET_MQUEUE:
798 mq_unlink(p->path);
799 break;
800
801 case SOCKET_SOCKET:
802 socket_address_unlink(&p->address);
803 break;
804
805 default:
806 break;
807 }
808 }
809 }
810
811 if (s->remove_on_stop)
812 STRV_FOREACH(i, s->symlinks)
813 unlink(*i);
814 }
815
816 static void socket_apply_socket_options(Socket *s, int fd) {
817 int r;
818
819 assert(s);
820 assert(fd >= 0);
821
822 if (s->keep_alive) {
823 int b = s->keep_alive;
824 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
825 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
826 }
827
828 if (s->keep_alive_time) {
829 int value = s->keep_alive_time / USEC_PER_SEC;
830 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
831 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
832 }
833
834 if (s->keep_alive_interval) {
835 int value = s->keep_alive_interval / USEC_PER_SEC;
836 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
837 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
838 }
839
840 if (s->keep_alive_cnt) {
841 int value = s->keep_alive_cnt;
842 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
843 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
844 }
845
846 if (s->defer_accept) {
847 int value = s->defer_accept / USEC_PER_SEC;
848 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
849 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
850 }
851
852 if (s->no_delay) {
853 int b = s->no_delay;
854 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
855 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
856 }
857
858 if (s->broadcast) {
859 int one = 1;
860 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
861 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
862 }
863
864 if (s->pass_cred) {
865 int one = 1;
866 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
867 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
868 }
869
870 if (s->pass_sec) {
871 int one = 1;
872 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
873 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
874 }
875
876 if (s->priority >= 0)
877 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
878 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
879
880 if (s->receive_buffer > 0) {
881 int value = (int) s->receive_buffer;
882
883 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
884
885 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
886 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
887 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
888 }
889
890 if (s->send_buffer > 0) {
891 int value = (int) s->send_buffer;
892 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
893 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
894 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
895 }
896
897 if (s->mark >= 0)
898 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
899 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
900
901 if (s->ip_tos >= 0)
902 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
903 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
904
905 if (s->ip_ttl >= 0) {
906 int x;
907
908 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
909
910 if (socket_ipv6_is_supported())
911 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
912 else {
913 x = -1;
914 errno = EAFNOSUPPORT;
915 }
916
917 if (r < 0 && x < 0)
918 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
919 }
920
921 if (s->tcp_congestion)
922 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
923 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
924
925 if (s->smack_ip_in) {
926 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
927 if (r < 0)
928 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
929 }
930
931 if (s->smack_ip_out) {
932 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
933 if (r < 0)
934 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
935 }
936 }
937
938 static void socket_apply_fifo_options(Socket *s, int fd) {
939 int r;
940
941 assert(s);
942 assert(fd >= 0);
943
944 if (s->pipe_size > 0)
945 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
946 log_unit_warning_errno(UNIT(s), errno, "F_SETPIPE_SZ: %m");
947
948 if (s->smack) {
949 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
950 if (r < 0)
951 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_fd: %m");
952 }
953 }
954
955 static int fifo_address_create(
956 const char *path,
957 mode_t directory_mode,
958 mode_t socket_mode,
959 int *_fd) {
960
961 int fd = -1, r = 0;
962 struct stat st;
963 mode_t old_mask;
964
965 assert(path);
966 assert(_fd);
967
968 mkdir_parents_label(path, directory_mode);
969
970 r = mac_selinux_create_file_prepare(path, S_IFIFO);
971 if (r < 0)
972 goto fail;
973
974 /* Enforce the right access mode for the fifo */
975 old_mask = umask(~ socket_mode);
976
977 /* Include the original umask in our mask */
978 umask(~socket_mode | old_mask);
979
980 r = mkfifo(path, socket_mode);
981 umask(old_mask);
982
983 if (r < 0 && errno != EEXIST) {
984 r = -errno;
985 goto fail;
986 }
987
988 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
989 r = -errno;
990 goto fail;
991 }
992
993 mac_selinux_create_file_clear();
994
995 if (fstat(fd, &st) < 0) {
996 r = -errno;
997 goto fail;
998 }
999
1000 if (!S_ISFIFO(st.st_mode) ||
1001 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1002 st.st_uid != getuid() ||
1003 st.st_gid != getgid()) {
1004
1005 r = -EEXIST;
1006 goto fail;
1007 }
1008
1009 *_fd = fd;
1010 return 0;
1011
1012 fail:
1013 mac_selinux_create_file_clear();
1014 safe_close(fd);
1015
1016 return r;
1017 }
1018
1019 static int special_address_create(
1020 const char *path,
1021 int *_fd) {
1022
1023 int fd = -1, r = 0;
1024 struct stat st;
1025
1026 assert(path);
1027 assert(_fd);
1028
1029 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1030 if (fd < 0) {
1031 r = -errno;
1032 goto fail;
1033 }
1034
1035 if (fstat(fd, &st) < 0) {
1036 r = -errno;
1037 goto fail;
1038 }
1039
1040 /* Check whether this is a /proc, /sys or /dev file or char device */
1041 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1042 r = -EEXIST;
1043 goto fail;
1044 }
1045
1046 *_fd = fd;
1047 return 0;
1048
1049 fail:
1050 safe_close(fd);
1051
1052 return r;
1053 }
1054
1055 static int mq_address_create(
1056 const char *path,
1057 mode_t mq_mode,
1058 long maxmsg,
1059 long msgsize,
1060 int *_fd) {
1061
1062 int fd = -1, r = 0;
1063 struct stat st;
1064 mode_t old_mask;
1065 struct mq_attr _attr, *attr = NULL;
1066
1067 assert(path);
1068 assert(_fd);
1069
1070 if (maxmsg > 0 && msgsize > 0) {
1071 zero(_attr);
1072 _attr.mq_flags = O_NONBLOCK;
1073 _attr.mq_maxmsg = maxmsg;
1074 _attr.mq_msgsize = msgsize;
1075 attr = &_attr;
1076 }
1077
1078 /* Enforce the right access mode for the mq */
1079 old_mask = umask(~ mq_mode);
1080
1081 /* Include the original umask in our mask */
1082 umask(~mq_mode | old_mask);
1083 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1084 umask(old_mask);
1085
1086 if (fd < 0) {
1087 r = -errno;
1088 goto fail;
1089 }
1090
1091 if (fstat(fd, &st) < 0) {
1092 r = -errno;
1093 goto fail;
1094 }
1095
1096 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1097 st.st_uid != getuid() ||
1098 st.st_gid != getgid()) {
1099
1100 r = -EEXIST;
1101 goto fail;
1102 }
1103
1104 *_fd = fd;
1105 return 0;
1106
1107 fail:
1108 safe_close(fd);
1109 return r;
1110 }
1111
1112 static int socket_symlink(Socket *s) {
1113 const char *p;
1114 char **i;
1115
1116 assert(s);
1117
1118 p = socket_find_symlink_target(s);
1119 if (!p)
1120 return 0;
1121
1122 STRV_FOREACH(i, s->symlinks)
1123 symlink_label(p, *i);
1124
1125 return 0;
1126 }
1127
1128 static int socket_open_fds(Socket *s) {
1129 SocketPort *p;
1130 int r;
1131 char *label = NULL;
1132 bool know_label = false;
1133
1134 assert(s);
1135
1136 LIST_FOREACH(port, p, s->ports) {
1137
1138 if (p->fd >= 0)
1139 continue;
1140
1141 if (p->type == SOCKET_SOCKET) {
1142
1143 if (!know_label) {
1144 /* Figure out label, if we don't it know
1145 * yet. We do it once, for the first
1146 * socket where we need this and
1147 * remember it for the rest. */
1148
1149 if (s->selinux_context_from_net) {
1150 /* Get it from the network label */
1151
1152 r = mac_selinux_get_our_label(&label);
1153 if (r < 0 && r != -EOPNOTSUPP)
1154 goto rollback;
1155
1156 } else {
1157 /* Get it from the executable we are about to start */
1158
1159 r = socket_instantiate_service(s);
1160 if (r < 0)
1161 goto rollback;
1162
1163 if (UNIT_ISSET(s->service) &&
1164 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1165 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1166 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1167 goto rollback;
1168 }
1169 }
1170
1171 know_label = true;
1172 }
1173
1174 r = socket_address_listen(
1175 &p->address,
1176 SOCK_CLOEXEC|SOCK_NONBLOCK,
1177 s->backlog,
1178 s->bind_ipv6_only,
1179 s->bind_to_device,
1180 s->reuse_port,
1181 s->free_bind,
1182 s->transparent,
1183 s->directory_mode,
1184 s->socket_mode,
1185 label);
1186 if (r < 0)
1187 goto rollback;
1188
1189 p->fd = r;
1190 socket_apply_socket_options(s, p->fd);
1191 socket_symlink(s);
1192
1193 } else if (p->type == SOCKET_SPECIAL) {
1194
1195 r = special_address_create(
1196 p->path,
1197 &p->fd);
1198 if (r < 0)
1199 goto rollback;
1200
1201 } else if (p->type == SOCKET_FIFO) {
1202
1203 r = fifo_address_create(
1204 p->path,
1205 s->directory_mode,
1206 s->socket_mode,
1207 &p->fd);
1208 if (r < 0)
1209 goto rollback;
1210
1211 socket_apply_fifo_options(s, p->fd);
1212 socket_symlink(s);
1213
1214 } else if (p->type == SOCKET_MQUEUE) {
1215
1216 r = mq_address_create(
1217 p->path,
1218 s->socket_mode,
1219 s->mq_maxmsg,
1220 s->mq_msgsize,
1221 &p->fd);
1222 if (r < 0)
1223 goto rollback;
1224 } else
1225 assert_not_reached("Unknown port type");
1226 }
1227
1228 mac_selinux_free(label);
1229 return 0;
1230
1231 rollback:
1232 socket_close_fds(s);
1233 mac_selinux_free(label);
1234
1235 return r;
1236 }
1237
1238 static void socket_unwatch_fds(Socket *s) {
1239 SocketPort *p;
1240 int r;
1241
1242 assert(s);
1243
1244 LIST_FOREACH(port, p, s->ports) {
1245 if (p->fd < 0)
1246 continue;
1247
1248 if (!p->event_source)
1249 continue;
1250
1251 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1252 if (r < 0)
1253 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
1254 }
1255 }
1256
1257 static int socket_watch_fds(Socket *s) {
1258 SocketPort *p;
1259 int r;
1260
1261 assert(s);
1262
1263 LIST_FOREACH(port, p, s->ports) {
1264 if (p->fd < 0)
1265 continue;
1266
1267 if (p->event_source) {
1268 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1269 if (r < 0)
1270 goto fail;
1271 } else {
1272 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1273 if (r < 0)
1274 goto fail;
1275
1276 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1277 }
1278 }
1279
1280 return 0;
1281
1282 fail:
1283 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
1284 socket_unwatch_fds(s);
1285 return r;
1286 }
1287
1288 static void socket_set_state(Socket *s, SocketState state) {
1289 SocketState old_state;
1290 assert(s);
1291
1292 old_state = s->state;
1293 s->state = state;
1294
1295 if (!IN_SET(state,
1296 SOCKET_START_PRE,
1297 SOCKET_START_CHOWN,
1298 SOCKET_START_POST,
1299 SOCKET_STOP_PRE,
1300 SOCKET_STOP_PRE_SIGTERM,
1301 SOCKET_STOP_PRE_SIGKILL,
1302 SOCKET_STOP_POST,
1303 SOCKET_FINAL_SIGTERM,
1304 SOCKET_FINAL_SIGKILL)) {
1305
1306 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1307 socket_unwatch_control_pid(s);
1308 s->control_command = NULL;
1309 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1310 }
1311
1312 if (state != SOCKET_LISTENING)
1313 socket_unwatch_fds(s);
1314
1315 if (!IN_SET(state,
1316 SOCKET_START_CHOWN,
1317 SOCKET_START_POST,
1318 SOCKET_LISTENING,
1319 SOCKET_RUNNING,
1320 SOCKET_STOP_PRE,
1321 SOCKET_STOP_PRE_SIGTERM,
1322 SOCKET_STOP_PRE_SIGKILL))
1323 socket_close_fds(s);
1324
1325 if (state != old_state)
1326 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
1327
1328 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1329 }
1330
1331 static int socket_coldplug(Unit *u) {
1332 Socket *s = SOCKET(u);
1333 int r;
1334
1335 assert(s);
1336 assert(s->state == SOCKET_DEAD);
1337
1338 if (s->deserialized_state == s->state)
1339 return 0;
1340
1341 if (IN_SET(s->deserialized_state,
1342 SOCKET_START_PRE,
1343 SOCKET_START_CHOWN,
1344 SOCKET_START_POST,
1345 SOCKET_STOP_PRE,
1346 SOCKET_STOP_PRE_SIGTERM,
1347 SOCKET_STOP_PRE_SIGKILL,
1348 SOCKET_STOP_POST,
1349 SOCKET_FINAL_SIGTERM,
1350 SOCKET_FINAL_SIGKILL)) {
1351
1352 if (s->control_pid <= 0)
1353 return -EBADMSG;
1354
1355 r = unit_watch_pid(UNIT(s), s->control_pid);
1356 if (r < 0)
1357 return r;
1358
1359 r = socket_arm_timer(s);
1360 if (r < 0)
1361 return r;
1362 }
1363
1364 if (IN_SET(s->deserialized_state,
1365 SOCKET_START_CHOWN,
1366 SOCKET_START_POST,
1367 SOCKET_LISTENING,
1368 SOCKET_RUNNING,
1369 SOCKET_STOP_PRE,
1370 SOCKET_STOP_PRE_SIGTERM,
1371 SOCKET_STOP_PRE_SIGKILL)) {
1372 r = socket_open_fds(s);
1373 if (r < 0)
1374 return r;
1375 }
1376
1377 if (s->deserialized_state == SOCKET_LISTENING) {
1378 r = socket_watch_fds(s);
1379 if (r < 0)
1380 return r;
1381 }
1382
1383 socket_set_state(s, s->deserialized_state);
1384 return 0;
1385 }
1386
1387 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1388 _cleanup_free_ char **argv = NULL;
1389 pid_t pid;
1390 int r;
1391 ExecParameters exec_params = {
1392 .apply_permissions = true,
1393 .apply_chroot = true,
1394 .apply_tty_stdin = true,
1395 .bus_endpoint_fd = -1,
1396 };
1397
1398 assert(s);
1399 assert(c);
1400 assert(_pid);
1401
1402 (void) unit_realize_cgroup(UNIT(s));
1403 if (s->reset_cpu_usage) {
1404 (void) unit_reset_cpu_usage(UNIT(s));
1405 s->reset_cpu_usage = false;
1406 }
1407
1408 r = unit_setup_exec_runtime(UNIT(s));
1409 if (r < 0)
1410 goto fail;
1411
1412 r = socket_arm_timer(s);
1413 if (r < 0)
1414 goto fail;
1415
1416 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1417 if (r < 0)
1418 goto fail;
1419
1420 exec_params.argv = argv;
1421 exec_params.environment = UNIT(s)->manager->environment;
1422 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1423 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1424 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1425 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1426 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1427
1428 r = exec_spawn(UNIT(s),
1429 c,
1430 &s->exec_context,
1431 &exec_params,
1432 s->exec_runtime,
1433 &pid);
1434 if (r < 0)
1435 goto fail;
1436
1437 r = unit_watch_pid(UNIT(s), pid);
1438 if (r < 0)
1439 /* FIXME: we need to do something here */
1440 goto fail;
1441
1442 *_pid = pid;
1443 return 0;
1444
1445 fail:
1446 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1447 return r;
1448 }
1449
1450 static int socket_chown(Socket *s, pid_t *_pid) {
1451 pid_t pid;
1452 int r;
1453
1454 r = socket_arm_timer(s);
1455 if (r < 0)
1456 goto fail;
1457
1458 /* We have to resolve the user names out-of-process, hence
1459 * let's fork here. It's messy, but well, what can we do? */
1460
1461 pid = fork();
1462 if (pid < 0)
1463 return -errno;
1464
1465 if (pid == 0) {
1466 SocketPort *p;
1467 uid_t uid = UID_INVALID;
1468 gid_t gid = GID_INVALID;
1469 int ret;
1470
1471 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1472 (void) ignore_signals(SIGPIPE, -1);
1473 log_forget_fds();
1474
1475 if (!isempty(s->user)) {
1476 const char *user = s->user;
1477
1478 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1479 if (r < 0) {
1480 ret = EXIT_USER;
1481 goto fail_child;
1482 }
1483 }
1484
1485 if (!isempty(s->group)) {
1486 const char *group = s->group;
1487
1488 r = get_group_creds(&group, &gid);
1489 if (r < 0) {
1490 ret = EXIT_GROUP;
1491 goto fail_child;
1492 }
1493 }
1494
1495 LIST_FOREACH(port, p, s->ports) {
1496 const char *path = NULL;
1497
1498 if (p->type == SOCKET_SOCKET)
1499 path = socket_address_get_path(&p->address);
1500 else if (p->type == SOCKET_FIFO)
1501 path = p->path;
1502
1503 if (!path)
1504 continue;
1505
1506 if (chown(path, uid, gid) < 0) {
1507 r = -errno;
1508 ret = EXIT_CHOWN;
1509 goto fail_child;
1510 }
1511 }
1512
1513 _exit(0);
1514
1515 fail_child:
1516 log_open();
1517 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1518
1519 _exit(ret);
1520 }
1521
1522 r = unit_watch_pid(UNIT(s), pid);
1523 if (r < 0)
1524 goto fail;
1525
1526 *_pid = pid;
1527 return 0;
1528
1529 fail:
1530 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1531 return r;
1532 }
1533
1534 static void socket_enter_dead(Socket *s, SocketResult f) {
1535 assert(s);
1536
1537 if (f != SOCKET_SUCCESS)
1538 s->result = f;
1539
1540 exec_runtime_destroy(s->exec_runtime);
1541 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1542
1543 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1544
1545 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1546 }
1547
1548 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1549
1550 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1551 int r;
1552 assert(s);
1553
1554 if (f != SOCKET_SUCCESS)
1555 s->result = f;
1556
1557 socket_unwatch_control_pid(s);
1558 s->control_command_id = SOCKET_EXEC_STOP_POST;
1559 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1560
1561 if (s->control_command) {
1562 r = socket_spawn(s, s->control_command, &s->control_pid);
1563 if (r < 0)
1564 goto fail;
1565
1566 socket_set_state(s, SOCKET_STOP_POST);
1567 } else
1568 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1569
1570 return;
1571
1572 fail:
1573 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
1574 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1575 }
1576
1577 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1578 int r;
1579
1580 assert(s);
1581
1582 if (f != SOCKET_SUCCESS)
1583 s->result = f;
1584
1585 r = unit_kill_context(
1586 UNIT(s),
1587 &s->kill_context,
1588 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1589 KILL_KILL : KILL_TERMINATE,
1590 -1,
1591 s->control_pid,
1592 false);
1593 if (r < 0)
1594 goto fail;
1595
1596 if (r > 0) {
1597 r = socket_arm_timer(s);
1598 if (r < 0)
1599 goto fail;
1600
1601 socket_set_state(s, state);
1602 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1603 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1604 else if (state == SOCKET_STOP_PRE_SIGKILL)
1605 socket_enter_stop_post(s, SOCKET_SUCCESS);
1606 else if (state == SOCKET_FINAL_SIGTERM)
1607 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1608 else
1609 socket_enter_dead(s, SOCKET_SUCCESS);
1610
1611 return;
1612
1613 fail:
1614 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
1615
1616 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1617 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1618 else
1619 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1620 }
1621
1622 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1623 int r;
1624 assert(s);
1625
1626 if (f != SOCKET_SUCCESS)
1627 s->result = f;
1628
1629 socket_unwatch_control_pid(s);
1630 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1631 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1632
1633 if (s->control_command) {
1634 r = socket_spawn(s, s->control_command, &s->control_pid);
1635 if (r < 0)
1636 goto fail;
1637
1638 socket_set_state(s, SOCKET_STOP_PRE);
1639 } else
1640 socket_enter_stop_post(s, SOCKET_SUCCESS);
1641
1642 return;
1643
1644 fail:
1645 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
1646 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1647 }
1648
1649 static void socket_enter_listening(Socket *s) {
1650 int r;
1651 assert(s);
1652
1653 r = socket_watch_fds(s);
1654 if (r < 0) {
1655 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1656 goto fail;
1657 }
1658
1659 socket_set_state(s, SOCKET_LISTENING);
1660 return;
1661
1662 fail:
1663 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1664 }
1665
1666 static void socket_enter_start_post(Socket *s) {
1667 int r;
1668 assert(s);
1669
1670 socket_unwatch_control_pid(s);
1671 s->control_command_id = SOCKET_EXEC_START_POST;
1672 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1673
1674 if (s->control_command) {
1675 r = socket_spawn(s, s->control_command, &s->control_pid);
1676 if (r < 0) {
1677 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
1678 goto fail;
1679 }
1680
1681 socket_set_state(s, SOCKET_START_POST);
1682 } else
1683 socket_enter_listening(s);
1684
1685 return;
1686
1687 fail:
1688 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1689 }
1690
1691 static void socket_enter_start_chown(Socket *s) {
1692 int r;
1693
1694 assert(s);
1695
1696 r = socket_open_fds(s);
1697 if (r < 0) {
1698 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1699 goto fail;
1700 }
1701
1702 if (!isempty(s->user) || !isempty(s->group)) {
1703
1704 socket_unwatch_control_pid(s);
1705 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1706 s->control_command = NULL;
1707
1708 r = socket_chown(s, &s->control_pid);
1709 if (r < 0) {
1710 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
1711 goto fail;
1712 }
1713
1714 socket_set_state(s, SOCKET_START_CHOWN);
1715 } else
1716 socket_enter_start_post(s);
1717
1718 return;
1719
1720 fail:
1721 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1722 }
1723
1724 static void socket_enter_start_pre(Socket *s) {
1725 int r;
1726 assert(s);
1727
1728 socket_unwatch_control_pid(s);
1729 s->control_command_id = SOCKET_EXEC_START_PRE;
1730 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1731
1732 if (s->control_command) {
1733 r = socket_spawn(s, s->control_command, &s->control_pid);
1734 if (r < 0) {
1735 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
1736 goto fail;
1737 }
1738
1739 socket_set_state(s, SOCKET_START_PRE);
1740 } else
1741 socket_enter_start_chown(s);
1742
1743 return;
1744
1745 fail:
1746 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1747 }
1748
1749 static void socket_enter_running(Socket *s, int cfd) {
1750 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1751 int r;
1752
1753 assert(s);
1754
1755 /* We don't take connections anymore if we are supposed to
1756 * shut down anyway */
1757 if (unit_stop_pending(UNIT(s))) {
1758
1759 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
1760
1761 if (cfd >= 0)
1762 safe_close(cfd);
1763 else {
1764 /* Flush all sockets by closing and reopening them */
1765 socket_close_fds(s);
1766
1767 r = socket_open_fds(s);
1768 if (r < 0) {
1769 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1770 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1771 return;
1772 }
1773
1774 r = socket_watch_fds(s);
1775 if (r < 0) {
1776 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1777 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1778 }
1779 }
1780
1781 return;
1782 }
1783
1784 if (cfd < 0) {
1785 Iterator i;
1786 Unit *other;
1787 bool pending = false;
1788
1789 /* If there's already a start pending don't bother to
1790 * do anything */
1791 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1792 if (unit_active_or_pending(other)) {
1793 pending = true;
1794 break;
1795 }
1796
1797 if (!pending) {
1798 if (!UNIT_ISSET(s->service)) {
1799 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
1800 r = -ENOENT;
1801 goto fail;
1802 }
1803
1804 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1805 if (r < 0)
1806 goto fail;
1807 }
1808
1809 socket_set_state(s, SOCKET_RUNNING);
1810 } else {
1811 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1812 Service *service;
1813
1814 if (s->n_connections >= s->max_connections) {
1815 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
1816 safe_close(cfd);
1817 return;
1818 }
1819
1820 r = socket_instantiate_service(s);
1821 if (r < 0)
1822 goto fail;
1823
1824 r = instance_from_socket(cfd, s->n_accepted, &instance);
1825 if (r < 0) {
1826 if (r != -ENOTCONN)
1827 goto fail;
1828
1829 /* ENOTCONN is legitimate if TCP RST was received.
1830 * This connection is over, but the socket unit lives on. */
1831 safe_close(cfd);
1832 return;
1833 }
1834
1835 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1836 if (r < 0)
1837 goto fail;
1838
1839 r = unit_name_build(prefix, instance, ".service", &name);
1840 if (r < 0)
1841 goto fail;
1842
1843 r = unit_add_name(UNIT_DEREF(s->service), name);
1844 if (r < 0)
1845 goto fail;
1846
1847 service = SERVICE(UNIT_DEREF(s->service));
1848 unit_ref_unset(&s->service);
1849 s->n_accepted ++;
1850
1851 UNIT(service)->no_gc = false;
1852
1853 unit_choose_id(UNIT(service), name);
1854
1855 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1856 if (r < 0)
1857 goto fail;
1858
1859 cfd = -1;
1860 s->n_connections ++;
1861
1862 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1863 if (r < 0)
1864 goto fail;
1865
1866 /* Notify clients about changed counters */
1867 unit_add_to_dbus_queue(UNIT(s));
1868 }
1869
1870 return;
1871
1872 fail:
1873 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1874 cfd >= 0 ? "template" : "non-template",
1875 bus_error_message(&error, r));
1876
1877 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1878 safe_close(cfd);
1879 }
1880
1881 static void socket_run_next(Socket *s) {
1882 int r;
1883
1884 assert(s);
1885 assert(s->control_command);
1886 assert(s->control_command->command_next);
1887
1888 socket_unwatch_control_pid(s);
1889
1890 s->control_command = s->control_command->command_next;
1891
1892 r = socket_spawn(s, s->control_command, &s->control_pid);
1893 if (r < 0)
1894 goto fail;
1895
1896 return;
1897
1898 fail:
1899 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
1900
1901 if (s->state == SOCKET_START_POST)
1902 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1903 else if (s->state == SOCKET_STOP_POST)
1904 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1905 else
1906 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1907 }
1908
1909 static int socket_start(Unit *u) {
1910 Socket *s = SOCKET(u);
1911
1912 assert(s);
1913
1914 /* We cannot fulfill this request right now, try again later
1915 * please! */
1916 if (IN_SET(s->state,
1917 SOCKET_STOP_PRE,
1918 SOCKET_STOP_PRE_SIGKILL,
1919 SOCKET_STOP_PRE_SIGTERM,
1920 SOCKET_STOP_POST,
1921 SOCKET_FINAL_SIGTERM,
1922 SOCKET_FINAL_SIGKILL))
1923 return -EAGAIN;
1924
1925 /* Already on it! */
1926 if (IN_SET(s->state,
1927 SOCKET_START_PRE,
1928 SOCKET_START_CHOWN,
1929 SOCKET_START_POST))
1930 return 0;
1931
1932 /* Cannot run this without the service being around */
1933 if (UNIT_ISSET(s->service)) {
1934 Service *service;
1935
1936 service = SERVICE(UNIT_DEREF(s->service));
1937
1938 if (UNIT(service)->load_state != UNIT_LOADED) {
1939 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1940 return -ENOENT;
1941 }
1942
1943 /* If the service is already active we cannot start the
1944 * socket */
1945 if (service->state != SERVICE_DEAD &&
1946 service->state != SERVICE_FAILED &&
1947 service->state != SERVICE_AUTO_RESTART) {
1948 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
1949 return -EBUSY;
1950 }
1951 }
1952
1953 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1954
1955 s->result = SOCKET_SUCCESS;
1956 s->reset_cpu_usage = true;
1957
1958 socket_enter_start_pre(s);
1959
1960 return 1;
1961 }
1962
1963 static int socket_stop(Unit *u) {
1964 Socket *s = SOCKET(u);
1965
1966 assert(s);
1967
1968 /* Already on it */
1969 if (IN_SET(s->state,
1970 SOCKET_STOP_PRE,
1971 SOCKET_STOP_PRE_SIGTERM,
1972 SOCKET_STOP_PRE_SIGKILL,
1973 SOCKET_STOP_POST,
1974 SOCKET_FINAL_SIGTERM,
1975 SOCKET_FINAL_SIGKILL))
1976 return 0;
1977
1978 /* If there's already something running we go directly into
1979 * kill mode. */
1980 if (IN_SET(s->state,
1981 SOCKET_START_PRE,
1982 SOCKET_START_CHOWN,
1983 SOCKET_START_POST)) {
1984 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1985 return -EAGAIN;
1986 }
1987
1988 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1989
1990 socket_enter_stop_pre(s, SOCKET_SUCCESS);
1991 return 1;
1992 }
1993
1994 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1995 Socket *s = SOCKET(u);
1996 SocketPort *p;
1997 int r;
1998
1999 assert(u);
2000 assert(f);
2001 assert(fds);
2002
2003 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2004 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2005 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2006
2007 if (s->control_pid > 0)
2008 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2009
2010 if (s->control_command_id >= 0)
2011 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2012
2013 LIST_FOREACH(port, p, s->ports) {
2014 int copy;
2015
2016 if (p->fd < 0)
2017 continue;
2018
2019 copy = fdset_put_dup(fds, p->fd);
2020 if (copy < 0)
2021 return copy;
2022
2023 if (p->type == SOCKET_SOCKET) {
2024 _cleanup_free_ char *t = NULL;
2025
2026 r = socket_address_print(&p->address, &t);
2027 if (r < 0)
2028 return r;
2029
2030 if (socket_address_family(&p->address) == AF_NETLINK)
2031 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2032 else
2033 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2034
2035 } else if (p->type == SOCKET_SPECIAL)
2036 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2037 else if (p->type == SOCKET_MQUEUE)
2038 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2039 else {
2040 assert(p->type == SOCKET_FIFO);
2041 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2042 }
2043 }
2044
2045 return 0;
2046 }
2047
2048 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2049 Socket *s = SOCKET(u);
2050
2051 assert(u);
2052 assert(key);
2053 assert(value);
2054
2055 if (streq(key, "state")) {
2056 SocketState state;
2057
2058 state = socket_state_from_string(value);
2059 if (state < 0)
2060 log_unit_debug(u, "Failed to parse state value: %s", value);
2061 else
2062 s->deserialized_state = state;
2063 } else if (streq(key, "result")) {
2064 SocketResult f;
2065
2066 f = socket_result_from_string(value);
2067 if (f < 0)
2068 log_unit_debug(u, "Failed to parse result value: %s", value);
2069 else if (f != SOCKET_SUCCESS)
2070 s->result = f;
2071
2072 } else if (streq(key, "n-accepted")) {
2073 unsigned k;
2074
2075 if (safe_atou(value, &k) < 0)
2076 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
2077 else
2078 s->n_accepted += k;
2079 } else if (streq(key, "control-pid")) {
2080 pid_t pid;
2081
2082 if (parse_pid(value, &pid) < 0)
2083 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
2084 else
2085 s->control_pid = pid;
2086 } else if (streq(key, "control-command")) {
2087 SocketExecCommand id;
2088
2089 id = socket_exec_command_from_string(value);
2090 if (id < 0)
2091 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
2092 else {
2093 s->control_command_id = id;
2094 s->control_command = s->exec_command[id];
2095 }
2096 } else if (streq(key, "fifo")) {
2097 int fd, skip = 0;
2098 SocketPort *p;
2099
2100 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2101 log_unit_debug(u, "Failed to parse fifo value: %s", value);
2102 else {
2103
2104 LIST_FOREACH(port, p, s->ports)
2105 if (p->type == SOCKET_FIFO &&
2106 path_equal_or_files_same(p->path, value+skip))
2107 break;
2108
2109 if (p) {
2110 safe_close(p->fd);
2111 p->fd = fdset_remove(fds, fd);
2112 }
2113 }
2114
2115 } else if (streq(key, "special")) {
2116 int fd, skip = 0;
2117 SocketPort *p;
2118
2119 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2120 log_unit_debug(u, "Failed to parse special value: %s", value);
2121 else {
2122
2123 LIST_FOREACH(port, p, s->ports)
2124 if (p->type == SOCKET_SPECIAL &&
2125 path_equal_or_files_same(p->path, value+skip))
2126 break;
2127
2128 if (p) {
2129 safe_close(p->fd);
2130 p->fd = fdset_remove(fds, fd);
2131 }
2132 }
2133
2134 } else if (streq(key, "mqueue")) {
2135 int fd, skip = 0;
2136 SocketPort *p;
2137
2138 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2139 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
2140 else {
2141
2142 LIST_FOREACH(port, p, s->ports)
2143 if (p->type == SOCKET_MQUEUE &&
2144 streq(p->path, value+skip))
2145 break;
2146
2147 if (p) {
2148 safe_close(p->fd);
2149 p->fd = fdset_remove(fds, fd);
2150 }
2151 }
2152
2153 } else if (streq(key, "socket")) {
2154 int fd, type, skip = 0;
2155 SocketPort *p;
2156
2157 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2158 log_unit_debug(u, "Failed to parse socket value: %s", value);
2159 else {
2160
2161 LIST_FOREACH(port, p, s->ports)
2162 if (socket_address_is(&p->address, value+skip, type))
2163 break;
2164
2165 if (p) {
2166 safe_close(p->fd);
2167 p->fd = fdset_remove(fds, fd);
2168 }
2169 }
2170
2171 } else if (streq(key, "netlink")) {
2172 int fd, skip = 0;
2173 SocketPort *p;
2174
2175 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2176 log_unit_debug(u, "Failed to parse socket value: %s", value);
2177 else {
2178
2179 LIST_FOREACH(port, p, s->ports)
2180 if (socket_address_is_netlink(&p->address, value+skip))
2181 break;
2182
2183 if (p) {
2184 safe_close(p->fd);
2185 p->fd = fdset_remove(fds, fd);
2186 }
2187 }
2188 } else
2189 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
2190
2191 return 0;
2192 }
2193
2194 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2195 Socket *s = SOCKET(u);
2196 SocketPort *p;
2197
2198 assert(u);
2199
2200 LIST_FOREACH(port, p, s->ports) {
2201 Iterator i;
2202 int fd;
2203
2204 if (p->type != SOCKET_SOCKET)
2205 continue;
2206
2207 if (p->fd >= 0)
2208 continue;
2209
2210 FDSET_FOREACH(fd, fds, i) {
2211 if (socket_address_matches_fd(&p->address, fd)) {
2212 p->fd = fdset_remove(fds, fd);
2213 s->deserialized_state = SOCKET_LISTENING;
2214 break;
2215 }
2216 }
2217 }
2218
2219 return 0;
2220 }
2221
2222 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2223 assert(u);
2224
2225 return state_translation_table[SOCKET(u)->state];
2226 }
2227
2228 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2229 assert(u);
2230
2231 return socket_state_to_string(SOCKET(u)->state);
2232 }
2233
2234 const char* socket_port_type_to_string(SocketPort *p) {
2235
2236 assert(p);
2237
2238 switch (p->type) {
2239
2240 case SOCKET_SOCKET:
2241
2242 switch (p->address.type) {
2243
2244 case SOCK_STREAM:
2245 return "Stream";
2246
2247 case SOCK_DGRAM:
2248 return "Datagram";
2249
2250 case SOCK_SEQPACKET:
2251 return "SequentialPacket";
2252
2253 case SOCK_RAW:
2254 if (socket_address_family(&p->address) == AF_NETLINK)
2255 return "Netlink";
2256
2257 default:
2258 return NULL;
2259 }
2260
2261 case SOCKET_SPECIAL:
2262 return "Special";
2263
2264 case SOCKET_MQUEUE:
2265 return "MessageQueue";
2266
2267 case SOCKET_FIFO:
2268 return "FIFO";
2269
2270 default:
2271 return NULL;
2272 }
2273 }
2274
2275 _pure_ static bool socket_check_gc(Unit *u) {
2276 Socket *s = SOCKET(u);
2277
2278 assert(u);
2279
2280 return s->n_connections > 0;
2281 }
2282
2283 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2284 SocketPort *p = userdata;
2285 int cfd = -1;
2286
2287 assert(p);
2288 assert(fd >= 0);
2289
2290 if (p->socket->state != SOCKET_LISTENING)
2291 return 0;
2292
2293 log_unit_debug(UNIT(p->socket), "Incoming traffic");
2294
2295 if (revents != EPOLLIN) {
2296
2297 if (revents & EPOLLHUP)
2298 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2299 else
2300 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
2301
2302 goto fail;
2303 }
2304
2305 if (p->socket->accept &&
2306 p->type == SOCKET_SOCKET &&
2307 socket_address_can_accept(&p->address)) {
2308
2309 for (;;) {
2310
2311 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2312 if (cfd < 0) {
2313
2314 if (errno == EINTR)
2315 continue;
2316
2317 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
2318 goto fail;
2319 }
2320
2321 break;
2322 }
2323
2324 socket_apply_socket_options(p->socket, cfd);
2325 }
2326
2327 socket_enter_running(p->socket, cfd);
2328 return 0;
2329
2330 fail:
2331 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2332 return 0;
2333 }
2334
2335 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2336 Socket *s = SOCKET(u);
2337 SocketResult f;
2338
2339 assert(s);
2340 assert(pid >= 0);
2341
2342 if (pid != s->control_pid)
2343 return;
2344
2345 s->control_pid = 0;
2346
2347 if (is_clean_exit(code, status, NULL))
2348 f = SOCKET_SUCCESS;
2349 else if (code == CLD_EXITED)
2350 f = SOCKET_FAILURE_EXIT_CODE;
2351 else if (code == CLD_KILLED)
2352 f = SOCKET_FAILURE_SIGNAL;
2353 else if (code == CLD_DUMPED)
2354 f = SOCKET_FAILURE_CORE_DUMP;
2355 else
2356 assert_not_reached("Unknown sigchld code");
2357
2358 if (s->control_command) {
2359 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2360
2361 if (s->control_command->ignore)
2362 f = SOCKET_SUCCESS;
2363 }
2364
2365 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2366 "Control process exited, code=%s status=%i",
2367 sigchld_code_to_string(code), status);
2368
2369 if (f != SOCKET_SUCCESS)
2370 s->result = f;
2371
2372 if (s->control_command &&
2373 s->control_command->command_next &&
2374 f == SOCKET_SUCCESS) {
2375
2376 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
2377 socket_run_next(s);
2378 } else {
2379 s->control_command = NULL;
2380 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2381
2382 /* No further commands for this step, so let's figure
2383 * out what to do next */
2384
2385 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
2386
2387 switch (s->state) {
2388
2389 case SOCKET_START_PRE:
2390 if (f == SOCKET_SUCCESS)
2391 socket_enter_start_chown(s);
2392 else
2393 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2394 break;
2395
2396 case SOCKET_START_CHOWN:
2397 if (f == SOCKET_SUCCESS)
2398 socket_enter_start_post(s);
2399 else
2400 socket_enter_stop_pre(s, f);
2401 break;
2402
2403 case SOCKET_START_POST:
2404 if (f == SOCKET_SUCCESS)
2405 socket_enter_listening(s);
2406 else
2407 socket_enter_stop_pre(s, f);
2408 break;
2409
2410 case SOCKET_STOP_PRE:
2411 case SOCKET_STOP_PRE_SIGTERM:
2412 case SOCKET_STOP_PRE_SIGKILL:
2413 socket_enter_stop_post(s, f);
2414 break;
2415
2416 case SOCKET_STOP_POST:
2417 case SOCKET_FINAL_SIGTERM:
2418 case SOCKET_FINAL_SIGKILL:
2419 socket_enter_dead(s, f);
2420 break;
2421
2422 default:
2423 assert_not_reached("Uh, control process died at wrong time.");
2424 }
2425 }
2426
2427 /* Notify clients about changed exit status */
2428 unit_add_to_dbus_queue(u);
2429 }
2430
2431 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2432 Socket *s = SOCKET(userdata);
2433
2434 assert(s);
2435 assert(s->timer_event_source == source);
2436
2437 switch (s->state) {
2438
2439 case SOCKET_START_PRE:
2440 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
2441 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2442 break;
2443
2444 case SOCKET_START_CHOWN:
2445 case SOCKET_START_POST:
2446 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
2447 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2448 break;
2449
2450 case SOCKET_STOP_PRE:
2451 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
2452 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2453 break;
2454
2455 case SOCKET_STOP_PRE_SIGTERM:
2456 if (s->kill_context.send_sigkill) {
2457 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
2458 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2459 } else {
2460 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2461 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2462 }
2463 break;
2464
2465 case SOCKET_STOP_PRE_SIGKILL:
2466 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
2467 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2468 break;
2469
2470 case SOCKET_STOP_POST:
2471 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
2472 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2473 break;
2474
2475 case SOCKET_FINAL_SIGTERM:
2476 if (s->kill_context.send_sigkill) {
2477 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
2478 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2479 } else {
2480 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2481 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2482 }
2483 break;
2484
2485 case SOCKET_FINAL_SIGKILL:
2486 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
2487 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2488 break;
2489
2490 default:
2491 assert_not_reached("Timeout at wrong time.");
2492 }
2493
2494 return 0;
2495 }
2496
2497 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2498 int *rfds;
2499 unsigned rn_fds, k;
2500 SocketPort *p;
2501
2502 assert(s);
2503 assert(fds);
2504 assert(n_fds);
2505
2506 /* Called from the service code for requesting our fds */
2507
2508 rn_fds = 0;
2509 LIST_FOREACH(port, p, s->ports)
2510 if (p->fd >= 0)
2511 rn_fds++;
2512
2513 if (rn_fds <= 0) {
2514 *fds = NULL;
2515 *n_fds = 0;
2516 return 0;
2517 }
2518
2519 rfds = new(int, rn_fds);
2520 if (!rfds)
2521 return -ENOMEM;
2522
2523 k = 0;
2524 LIST_FOREACH(port, p, s->ports)
2525 if (p->fd >= 0)
2526 rfds[k++] = p->fd;
2527
2528 assert(k == rn_fds);
2529
2530 *fds = rfds;
2531 *n_fds = rn_fds;
2532
2533 return 0;
2534 }
2535
2536 static void socket_reset_failed(Unit *u) {
2537 Socket *s = SOCKET(u);
2538
2539 assert(s);
2540
2541 if (s->state == SOCKET_FAILED)
2542 socket_set_state(s, SOCKET_DEAD);
2543
2544 s->result = SOCKET_SUCCESS;
2545 }
2546
2547 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2548 assert(s);
2549
2550 /* The service is dead. Dang!
2551 *
2552 * This is strictly for one-instance-for-all-connections
2553 * services. */
2554
2555 if (s->state == SOCKET_RUNNING) {
2556 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
2557 if (failed_permanent)
2558 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2559 else
2560 socket_enter_listening(s);
2561 }
2562 }
2563
2564 void socket_connection_unref(Socket *s) {
2565 assert(s);
2566
2567 /* The service is dead. Yay!
2568 *
2569 * This is strictly for one-instance-per-connection
2570 * services. */
2571
2572 assert(s->n_connections > 0);
2573 s->n_connections--;
2574
2575 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
2576 }
2577
2578 static void socket_trigger_notify(Unit *u, Unit *other) {
2579 Socket *s = SOCKET(u);
2580 Service *se;
2581
2582 assert(u);
2583 assert(other);
2584
2585 /* Don't propagate state changes from the service if we are
2586 already down or accepting connections */
2587 if ((s->state != SOCKET_RUNNING &&
2588 s->state != SOCKET_LISTENING) ||
2589 s->accept)
2590 return;
2591
2592 if (other->load_state != UNIT_LOADED ||
2593 other->type != UNIT_SERVICE)
2594 return;
2595
2596 se = SERVICE(other);
2597
2598 if (se->state == SERVICE_FAILED)
2599 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2600
2601 if (se->state == SERVICE_DEAD ||
2602 se->state == SERVICE_FINAL_SIGTERM ||
2603 se->state == SERVICE_FINAL_SIGKILL ||
2604 se->state == SERVICE_AUTO_RESTART)
2605 socket_notify_service_dead(s, false);
2606
2607 if (se->state == SERVICE_RUNNING)
2608 socket_set_state(s, SOCKET_RUNNING);
2609 }
2610
2611 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2612 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2613 }
2614
2615 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2616 Socket *s = SOCKET(u);
2617 int r;
2618
2619 if (!s->timer_event_source)
2620 return 0;
2621
2622 r = sd_event_source_get_time(s->timer_event_source, timeout);
2623 if (r < 0)
2624 return r;
2625
2626 return 1;
2627 }
2628
2629 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2630 [SOCKET_DEAD] = "dead",
2631 [SOCKET_START_PRE] = "start-pre",
2632 [SOCKET_START_CHOWN] = "start-chown",
2633 [SOCKET_START_POST] = "start-post",
2634 [SOCKET_LISTENING] = "listening",
2635 [SOCKET_RUNNING] = "running",
2636 [SOCKET_STOP_PRE] = "stop-pre",
2637 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2638 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2639 [SOCKET_STOP_POST] = "stop-post",
2640 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2641 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2642 [SOCKET_FAILED] = "failed"
2643 };
2644
2645 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2646
2647 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2648 [SOCKET_EXEC_START_PRE] = "StartPre",
2649 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2650 [SOCKET_EXEC_START_POST] = "StartPost",
2651 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2652 [SOCKET_EXEC_STOP_POST] = "StopPost"
2653 };
2654
2655 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2656
2657 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2658 [SOCKET_SUCCESS] = "success",
2659 [SOCKET_FAILURE_RESOURCES] = "resources",
2660 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2661 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2662 [SOCKET_FAILURE_SIGNAL] = "signal",
2663 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2664 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2665 };
2666
2667 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2668
2669 const UnitVTable socket_vtable = {
2670 .object_size = sizeof(Socket),
2671 .exec_context_offset = offsetof(Socket, exec_context),
2672 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2673 .kill_context_offset = offsetof(Socket, kill_context),
2674 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2675
2676 .sections =
2677 "Unit\0"
2678 "Socket\0"
2679 "Install\0",
2680 .private_section = "Socket",
2681
2682 .init = socket_init,
2683 .done = socket_done,
2684 .load = socket_load,
2685
2686 .coldplug = socket_coldplug,
2687
2688 .dump = socket_dump,
2689
2690 .start = socket_start,
2691 .stop = socket_stop,
2692
2693 .kill = socket_kill,
2694
2695 .get_timeout = socket_get_timeout,
2696
2697 .serialize = socket_serialize,
2698 .deserialize_item = socket_deserialize_item,
2699 .distribute_fds = socket_distribute_fds,
2700
2701 .active_state = socket_active_state,
2702 .sub_state_to_string = socket_sub_state_to_string,
2703
2704 .check_gc = socket_check_gc,
2705
2706 .sigchld_event = socket_sigchld_event,
2707
2708 .trigger_notify = socket_trigger_notify,
2709
2710 .reset_failed = socket_reset_failed,
2711
2712 .bus_interface = "org.freedesktop.systemd1.Socket",
2713 .bus_vtable = bus_socket_vtable,
2714 .bus_set_property = bus_socket_set_property,
2715 .bus_commit_properties = bus_socket_commit_properties,
2716
2717 .status_message_formats = {
2718 /*.starting_stopping = {
2719 [0] = "Starting socket %s...",
2720 [1] = "Stopping socket %s...",
2721 },*/
2722 .finished_start_job = {
2723 [JOB_DONE] = "Listening on %s.",
2724 [JOB_FAILED] = "Failed to listen on %s.",
2725 [JOB_TIMEOUT] = "Timed out starting %s.",
2726 },
2727 .finished_stop_job = {
2728 [JOB_DONE] = "Closed %s.",
2729 [JOB_FAILED] = "Failed stopping %s.",
2730 [JOB_TIMEOUT] = "Timed out stopping %s.",
2731 },
2732 },
2733 };
Unnamed repository; edit this file 'description' to name the repository.