]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #4861 from keszybz/dissect-tweaks
[thirdparty/systemd.git] / src / core / socket.c
1 /***
2 This file is part of systemd.
3
4 Copyright 2010 Lennart Poettering
5
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
10
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
18 ***/
19
20 #include <arpa/inet.h>
21 #include <errno.h>
22 #include <fcntl.h>
23 #include <mqueue.h>
24 #include <netinet/tcp.h>
25 #include <signal.h>
26 #include <sys/epoll.h>
27 #include <sys/stat.h>
28 #include <unistd.h>
29 #include <linux/sctp.h>
30
31 #include "alloc-util.h"
32 #include "bus-error.h"
33 #include "bus-util.h"
34 #include "copy.h"
35 #include "dbus-socket.h"
36 #include "def.h"
37 #include "exit-status.h"
38 #include "fd-util.h"
39 #include "format-util.h"
40 #include "io-util.h"
41 #include "label.h"
42 #include "log.h"
43 #include "missing.h"
44 #include "mkdir.h"
45 #include "parse-util.h"
46 #include "path-util.h"
47 #include "process-util.h"
48 #include "selinux-util.h"
49 #include "signal-util.h"
50 #include "smack-util.h"
51 #include "socket.h"
52 #include "special.h"
53 #include "string-table.h"
54 #include "string-util.h"
55 #include "strv.h"
56 #include "unit-name.h"
57 #include "unit.h"
58 #include "user-util.h"
59 #include "in-addr-util.h"
60
61 struct SocketPeer {
62 unsigned n_ref;
63
64 Socket *socket;
65 union sockaddr_union peer;
66 };
67
68 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
69 [SOCKET_DEAD] = UNIT_INACTIVE,
70 [SOCKET_START_PRE] = UNIT_ACTIVATING,
71 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
72 [SOCKET_START_POST] = UNIT_ACTIVATING,
73 [SOCKET_LISTENING] = UNIT_ACTIVE,
74 [SOCKET_RUNNING] = UNIT_ACTIVE,
75 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
76 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
77 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
78 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
79 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
80 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
81 [SOCKET_FAILED] = UNIT_FAILED
82 };
83
84 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
85 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
86
87 static void socket_init(Unit *u) {
88 Socket *s = SOCKET(u);
89
90 assert(u);
91 assert(u->load_state == UNIT_STUB);
92
93 s->backlog = SOMAXCONN;
94 s->timeout_usec = u->manager->default_timeout_start_usec;
95 s->directory_mode = 0755;
96 s->socket_mode = 0666;
97
98 s->max_connections = 64;
99
100 s->priority = -1;
101 s->ip_tos = -1;
102 s->ip_ttl = -1;
103 s->mark = -1;
104
105 s->exec_context.std_output = u->manager->default_std_output;
106 s->exec_context.std_error = u->manager->default_std_error;
107
108 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
109
110 s->trigger_limit.interval = USEC_INFINITY;
111 s->trigger_limit.burst = (unsigned) -1;
112 }
113
114 static void socket_unwatch_control_pid(Socket *s) {
115 assert(s);
116
117 if (s->control_pid <= 0)
118 return;
119
120 unit_unwatch_pid(UNIT(s), s->control_pid);
121 s->control_pid = 0;
122 }
123
124 static void socket_cleanup_fd_list(SocketPort *p) {
125 assert(p);
126
127 close_many(p->auxiliary_fds, p->n_auxiliary_fds);
128 p->auxiliary_fds = mfree(p->auxiliary_fds);
129 p->n_auxiliary_fds = 0;
130 }
131
132 void socket_free_ports(Socket *s) {
133 SocketPort *p;
134
135 assert(s);
136
137 while ((p = s->ports)) {
138 LIST_REMOVE(port, s->ports, p);
139
140 sd_event_source_unref(p->event_source);
141
142 socket_cleanup_fd_list(p);
143 safe_close(p->fd);
144 free(p->path);
145 free(p);
146 }
147 }
148
149 static void socket_done(Unit *u) {
150 Socket *s = SOCKET(u);
151 SocketPeer *p;
152
153 assert(s);
154
155 socket_free_ports(s);
156
157 while ((p = set_steal_first(s->peers_by_address)))
158 p->socket = NULL;
159
160 s->peers_by_address = set_free(s->peers_by_address);
161
162 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
163 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
164 s->control_command = NULL;
165
166 dynamic_creds_unref(&s->dynamic_creds);
167
168 socket_unwatch_control_pid(s);
169
170 unit_ref_unset(&s->service);
171
172 s->tcp_congestion = mfree(s->tcp_congestion);
173 s->bind_to_device = mfree(s->bind_to_device);
174
175 s->smack = mfree(s->smack);
176 s->smack_ip_in = mfree(s->smack_ip_in);
177 s->smack_ip_out = mfree(s->smack_ip_out);
178
179 strv_free(s->symlinks);
180
181 s->user = mfree(s->user);
182 s->group = mfree(s->group);
183
184 s->fdname = mfree(s->fdname);
185
186 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
187 }
188
189 static int socket_arm_timer(Socket *s, usec_t usec) {
190 int r;
191
192 assert(s);
193
194 if (s->timer_event_source) {
195 r = sd_event_source_set_time(s->timer_event_source, usec);
196 if (r < 0)
197 return r;
198
199 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
200 }
201
202 if (usec == USEC_INFINITY)
203 return 0;
204
205 r = sd_event_add_time(
206 UNIT(s)->manager->event,
207 &s->timer_event_source,
208 CLOCK_MONOTONIC,
209 usec, 0,
210 socket_dispatch_timer, s);
211 if (r < 0)
212 return r;
213
214 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
215
216 return 0;
217 }
218
219 int socket_instantiate_service(Socket *s) {
220 _cleanup_free_ char *prefix = NULL, *name = NULL;
221 int r;
222 Unit *u;
223
224 assert(s);
225
226 /* This fills in s->service if it isn't filled in yet. For
227 * Accept=yes sockets we create the next connection service
228 * here. For Accept=no this is mostly a NOP since the service
229 * is figured out at load time anyway. */
230
231 if (UNIT_DEREF(s->service))
232 return 0;
233
234 if (!s->accept)
235 return 0;
236
237 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
238 if (r < 0)
239 return r;
240
241 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
242 return -ENOMEM;
243
244 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
245 if (r < 0)
246 return r;
247
248 unit_ref_set(&s->service, u);
249
250 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
251 }
252
253 static bool have_non_accept_socket(Socket *s) {
254 SocketPort *p;
255
256 assert(s);
257
258 if (!s->accept)
259 return true;
260
261 LIST_FOREACH(port, p, s->ports) {
262
263 if (p->type != SOCKET_SOCKET)
264 return true;
265
266 if (!socket_address_can_accept(&p->address))
267 return true;
268 }
269
270 return false;
271 }
272
273 static int socket_add_mount_links(Socket *s) {
274 SocketPort *p;
275 int r;
276
277 assert(s);
278
279 LIST_FOREACH(port, p, s->ports) {
280 const char *path = NULL;
281
282 if (p->type == SOCKET_SOCKET)
283 path = socket_address_get_path(&p->address);
284 else if (IN_SET(p->type, SOCKET_FIFO, SOCKET_SPECIAL, SOCKET_USB_FUNCTION))
285 path = p->path;
286
287 if (!path)
288 continue;
289
290 r = unit_require_mounts_for(UNIT(s), path);
291 if (r < 0)
292 return r;
293 }
294
295 return 0;
296 }
297
298 static int socket_add_device_link(Socket *s) {
299 char *t;
300
301 assert(s);
302
303 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
304 return 0;
305
306 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
307 return unit_add_node_link(UNIT(s), t, false, UNIT_BINDS_TO);
308 }
309
310 static int socket_add_default_dependencies(Socket *s) {
311 int r;
312 assert(s);
313
314 if (!UNIT(s)->default_dependencies)
315 return 0;
316
317 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
318 if (r < 0)
319 return r;
320
321 if (MANAGER_IS_SYSTEM(UNIT(s)->manager)) {
322 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
323 if (r < 0)
324 return r;
325 }
326
327 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
328 }
329
330 _pure_ static bool socket_has_exec(Socket *s) {
331 unsigned i;
332 assert(s);
333
334 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
335 if (s->exec_command[i])
336 return true;
337
338 return false;
339 }
340
341 static int socket_add_extras(Socket *s) {
342 Unit *u = UNIT(s);
343 int r;
344
345 assert(s);
346
347 /* Pick defaults for the trigger limit, if nothing was explicitly configured. We pick a relatively high limit
348 * in Accept=yes mode, and a lower limit for Accept=no. Reason: in Accept=yes mode we are invoking accept()
349 * ourselves before the trigger limit can hit, thus incoming connections are taken off the socket queue quickly
350 * and reliably. This is different for Accept=no, where the spawned service has to take the incoming traffic
351 * off the queues, which it might not necessarily do. Moreover, while Accept=no services are supposed to
352 * process whatever is queued in one go, and thus should normally never have to be started frequently. This is
353 * different for Accept=yes where each connection is processed by a new service instance, and thus frequent
354 * service starts are typical. */
355
356 if (s->trigger_limit.interval == USEC_INFINITY)
357 s->trigger_limit.interval = 2 * USEC_PER_SEC;
358
359 if (s->trigger_limit.burst == (unsigned) -1) {
360 if (s->accept)
361 s->trigger_limit.burst = 200;
362 else
363 s->trigger_limit.burst = 20;
364 }
365
366 if (have_non_accept_socket(s)) {
367
368 if (!UNIT_DEREF(s->service)) {
369 Unit *x;
370
371 r = unit_load_related_unit(u, ".service", &x);
372 if (r < 0)
373 return r;
374
375 unit_ref_set(&s->service, x);
376 }
377
378 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
379 if (r < 0)
380 return r;
381 }
382
383 r = socket_add_mount_links(s);
384 if (r < 0)
385 return r;
386
387 r = socket_add_device_link(s);
388 if (r < 0)
389 return r;
390
391 r = unit_patch_contexts(u);
392 if (r < 0)
393 return r;
394
395 if (socket_has_exec(s)) {
396 r = unit_add_exec_dependencies(u, &s->exec_context);
397 if (r < 0)
398 return r;
399
400 r = unit_set_default_slice(u);
401 if (r < 0)
402 return r;
403 }
404
405 r = socket_add_default_dependencies(s);
406 if (r < 0)
407 return r;
408
409 return 0;
410 }
411
412 static const char *socket_find_symlink_target(Socket *s) {
413 const char *found = NULL;
414 SocketPort *p;
415
416 LIST_FOREACH(port, p, s->ports) {
417 const char *f = NULL;
418
419 switch (p->type) {
420
421 case SOCKET_FIFO:
422 f = p->path;
423 break;
424
425 case SOCKET_SOCKET:
426 if (p->address.sockaddr.un.sun_path[0] != 0)
427 f = p->address.sockaddr.un.sun_path;
428 break;
429
430 default:
431 break;
432 }
433
434 if (f) {
435 if (found)
436 return NULL;
437
438 found = f;
439 }
440 }
441
442 return found;
443 }
444
445 static int socket_verify(Socket *s) {
446 assert(s);
447
448 if (UNIT(s)->load_state != UNIT_LOADED)
449 return 0;
450
451 if (!s->ports) {
452 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
453 return -EINVAL;
454 }
455
456 if (s->accept && have_non_accept_socket(s)) {
457 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
458 return -EINVAL;
459 }
460
461 if (s->accept && s->max_connections <= 0) {
462 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
463 return -EINVAL;
464 }
465
466 if (s->accept && UNIT_DEREF(s->service)) {
467 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
468 return -EINVAL;
469 }
470
471 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
472 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
473 return -EINVAL;
474 }
475
476 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
477 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
478 return -EINVAL;
479 }
480
481 return 0;
482 }
483
484 static void peer_address_hash_func(const void *p, struct siphash *state) {
485 const SocketPeer *s = p;
486
487 assert(s);
488 assert(IN_SET(s->peer.sa.sa_family, AF_INET, AF_INET6));
489
490 if (s->peer.sa.sa_family == AF_INET)
491 siphash24_compress(&s->peer.in.sin_addr, sizeof(s->peer.in.sin_addr), state);
492 else
493 siphash24_compress(&s->peer.in6.sin6_addr, sizeof(s->peer.in6.sin6_addr), state);
494 }
495
496 static int peer_address_compare_func(const void *a, const void *b) {
497 const SocketPeer *x = a, *y = b;
498
499 if (x->peer.sa.sa_family < y->peer.sa.sa_family)
500 return -1;
501 if (x->peer.sa.sa_family > y->peer.sa.sa_family)
502 return 1;
503
504 switch(x->peer.sa.sa_family) {
505 case AF_INET:
506 return memcmp(&x->peer.in.sin_addr, &y->peer.in.sin_addr, sizeof(x->peer.in.sin_addr));
507 case AF_INET6:
508 return memcmp(&x->peer.in6.sin6_addr, &y->peer.in6.sin6_addr, sizeof(x->peer.in6.sin6_addr));
509 }
510 assert_not_reached("Black sheep in the family!");
511 }
512
513 const struct hash_ops peer_address_hash_ops = {
514 .hash = peer_address_hash_func,
515 .compare = peer_address_compare_func
516 };
517
518 static int socket_load(Unit *u) {
519 Socket *s = SOCKET(u);
520 int r;
521
522 assert(u);
523 assert(u->load_state == UNIT_STUB);
524
525 r = set_ensure_allocated(&s->peers_by_address, &peer_address_hash_ops);
526 if (r < 0)
527 return r;
528
529 r = unit_load_fragment_and_dropin(u);
530 if (r < 0)
531 return r;
532
533 if (u->load_state == UNIT_LOADED) {
534 /* This is a new unit? Then let's add in some extras */
535 r = socket_add_extras(s);
536 if (r < 0)
537 return r;
538 }
539
540 return socket_verify(s);
541 }
542
543 static SocketPeer *socket_peer_new(void) {
544 SocketPeer *p;
545
546 p = new0(SocketPeer, 1);
547 if (!p)
548 return NULL;
549
550 p->n_ref = 1;
551
552 return p;
553 }
554
555 SocketPeer *socket_peer_ref(SocketPeer *p) {
556 if (!p)
557 return NULL;
558
559 assert(p->n_ref > 0);
560 p->n_ref++;
561
562 return p;
563 }
564
565 SocketPeer *socket_peer_unref(SocketPeer *p) {
566 if (!p)
567 return NULL;
568
569 assert(p->n_ref > 0);
570
571 p->n_ref--;
572
573 if (p->n_ref > 0)
574 return NULL;
575
576 if (p->socket)
577 set_remove(p->socket->peers_by_address, p);
578
579 return mfree(p);
580 }
581
582 int socket_acquire_peer(Socket *s, int fd, SocketPeer **p) {
583 _cleanup_(socket_peer_unrefp) SocketPeer *remote = NULL;
584 SocketPeer sa = {}, *i;
585 socklen_t salen = sizeof(sa.peer);
586 int r;
587
588 assert(fd >= 0);
589 assert(s);
590
591 r = getpeername(fd, &sa.peer.sa, &salen);
592 if (r < 0)
593 return log_error_errno(errno, "getpeername failed: %m");
594
595 if (!IN_SET(sa.peer.sa.sa_family, AF_INET, AF_INET6)) {
596 *p = NULL;
597 return 0;
598 }
599
600 i = set_get(s->peers_by_address, &sa);
601 if (i) {
602 *p = socket_peer_ref(i);
603 return 1;
604 }
605
606 remote = socket_peer_new();
607 if (!remote)
608 return log_oom();
609
610 remote->peer = sa.peer;
611
612 r = set_put(s->peers_by_address, remote);
613 if (r < 0)
614 return r;
615
616 remote->socket = s;
617
618 *p = remote;
619 remote = NULL;
620
621 return 1;
622 }
623
624 _const_ static const char* listen_lookup(int family, int type) {
625
626 if (family == AF_NETLINK)
627 return "ListenNetlink";
628
629 if (type == SOCK_STREAM)
630 return "ListenStream";
631 else if (type == SOCK_DGRAM)
632 return "ListenDatagram";
633 else if (type == SOCK_SEQPACKET)
634 return "ListenSequentialPacket";
635
636 assert_not_reached("Unknown socket type");
637 return NULL;
638 }
639
640 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
641 char time_string[FORMAT_TIMESPAN_MAX];
642 SocketExecCommand c;
643 Socket *s = SOCKET(u);
644 SocketPort *p;
645 const char *prefix2;
646
647 assert(s);
648 assert(f);
649
650 prefix = strempty(prefix);
651 prefix2 = strjoina(prefix, "\t");
652
653 fprintf(f,
654 "%sSocket State: %s\n"
655 "%sResult: %s\n"
656 "%sBindIPv6Only: %s\n"
657 "%sBacklog: %u\n"
658 "%sSocketMode: %04o\n"
659 "%sDirectoryMode: %04o\n"
660 "%sKeepAlive: %s\n"
661 "%sNoDelay: %s\n"
662 "%sFreeBind: %s\n"
663 "%sTransparent: %s\n"
664 "%sBroadcast: %s\n"
665 "%sPassCredentials: %s\n"
666 "%sPassSecurity: %s\n"
667 "%sTCPCongestion: %s\n"
668 "%sRemoveOnStop: %s\n"
669 "%sWritable: %s\n"
670 "%sFDName: %s\n"
671 "%sSELinuxContextFromNet: %s\n",
672 prefix, socket_state_to_string(s->state),
673 prefix, socket_result_to_string(s->result),
674 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
675 prefix, s->backlog,
676 prefix, s->socket_mode,
677 prefix, s->directory_mode,
678 prefix, yes_no(s->keep_alive),
679 prefix, yes_no(s->no_delay),
680 prefix, yes_no(s->free_bind),
681 prefix, yes_no(s->transparent),
682 prefix, yes_no(s->broadcast),
683 prefix, yes_no(s->pass_cred),
684 prefix, yes_no(s->pass_sec),
685 prefix, strna(s->tcp_congestion),
686 prefix, yes_no(s->remove_on_stop),
687 prefix, yes_no(s->writable),
688 prefix, socket_fdname(s),
689 prefix, yes_no(s->selinux_context_from_net));
690
691 if (s->control_pid > 0)
692 fprintf(f,
693 "%sControl PID: "PID_FMT"\n",
694 prefix, s->control_pid);
695
696 if (s->bind_to_device)
697 fprintf(f,
698 "%sBindToDevice: %s\n",
699 prefix, s->bind_to_device);
700
701 if (s->accept)
702 fprintf(f,
703 "%sAccepted: %u\n"
704 "%sNConnections: %u\n"
705 "%sMaxConnections: %u\n",
706 prefix, s->n_accepted,
707 prefix, s->n_connections,
708 prefix, s->max_connections);
709
710 if (s->priority >= 0)
711 fprintf(f,
712 "%sPriority: %i\n",
713 prefix, s->priority);
714
715 if (s->receive_buffer > 0)
716 fprintf(f,
717 "%sReceiveBuffer: %zu\n",
718 prefix, s->receive_buffer);
719
720 if (s->send_buffer > 0)
721 fprintf(f,
722 "%sSendBuffer: %zu\n",
723 prefix, s->send_buffer);
724
725 if (s->ip_tos >= 0)
726 fprintf(f,
727 "%sIPTOS: %i\n",
728 prefix, s->ip_tos);
729
730 if (s->ip_ttl >= 0)
731 fprintf(f,
732 "%sIPTTL: %i\n",
733 prefix, s->ip_ttl);
734
735 if (s->pipe_size > 0)
736 fprintf(f,
737 "%sPipeSize: %zu\n",
738 prefix, s->pipe_size);
739
740 if (s->mark >= 0)
741 fprintf(f,
742 "%sMark: %i\n",
743 prefix, s->mark);
744
745 if (s->mq_maxmsg > 0)
746 fprintf(f,
747 "%sMessageQueueMaxMessages: %li\n",
748 prefix, s->mq_maxmsg);
749
750 if (s->mq_msgsize > 0)
751 fprintf(f,
752 "%sMessageQueueMessageSize: %li\n",
753 prefix, s->mq_msgsize);
754
755 if (s->reuse_port)
756 fprintf(f,
757 "%sReusePort: %s\n",
758 prefix, yes_no(s->reuse_port));
759
760 if (s->smack)
761 fprintf(f,
762 "%sSmackLabel: %s\n",
763 prefix, s->smack);
764
765 if (s->smack_ip_in)
766 fprintf(f,
767 "%sSmackLabelIPIn: %s\n",
768 prefix, s->smack_ip_in);
769
770 if (s->smack_ip_out)
771 fprintf(f,
772 "%sSmackLabelIPOut: %s\n",
773 prefix, s->smack_ip_out);
774
775 if (!isempty(s->user) || !isempty(s->group))
776 fprintf(f,
777 "%sSocketUser: %s\n"
778 "%sSocketGroup: %s\n",
779 prefix, strna(s->user),
780 prefix, strna(s->group));
781
782 if (s->keep_alive_time > 0)
783 fprintf(f,
784 "%sKeepAliveTimeSec: %s\n",
785 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
786
787 if (s->keep_alive_interval)
788 fprintf(f,
789 "%sKeepAliveIntervalSec: %s\n",
790 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
791
792 if (s->keep_alive_cnt)
793 fprintf(f,
794 "%sKeepAliveProbes: %u\n",
795 prefix, s->keep_alive_cnt);
796
797 if (s->defer_accept)
798 fprintf(f,
799 "%sDeferAcceptSec: %s\n",
800 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
801
802 LIST_FOREACH(port, p, s->ports) {
803
804 if (p->type == SOCKET_SOCKET) {
805 const char *t;
806 int r;
807 char *k = NULL;
808
809 r = socket_address_print(&p->address, &k);
810 if (r < 0)
811 t = strerror(-r);
812 else
813 t = k;
814
815 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
816 free(k);
817 } else if (p->type == SOCKET_SPECIAL)
818 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
819 else if (p->type == SOCKET_USB_FUNCTION)
820 fprintf(f, "%sListenUSBFunction: %s\n", prefix, p->path);
821 else if (p->type == SOCKET_MQUEUE)
822 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
823 else
824 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
825 }
826
827 fprintf(f,
828 "%sTriggerLimitIntervalSec: %s\n"
829 "%sTriggerLimitBurst: %u\n",
830 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->trigger_limit.interval, USEC_PER_SEC),
831 prefix, s->trigger_limit.burst);
832
833 exec_context_dump(&s->exec_context, f, prefix);
834 kill_context_dump(&s->kill_context, f, prefix);
835
836 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
837 if (!s->exec_command[c])
838 continue;
839
840 fprintf(f, "%s-> %s:\n",
841 prefix, socket_exec_command_to_string(c));
842
843 exec_command_dump_list(s->exec_command[c], f, prefix2);
844 }
845 }
846
847 static int instance_from_socket(int fd, unsigned nr, char **instance) {
848 socklen_t l;
849 char *r;
850 union sockaddr_union local, remote;
851
852 assert(fd >= 0);
853 assert(instance);
854
855 l = sizeof(local);
856 if (getsockname(fd, &local.sa, &l) < 0)
857 return -errno;
858
859 l = sizeof(remote);
860 if (getpeername(fd, &remote.sa, &l) < 0)
861 return -errno;
862
863 switch (local.sa.sa_family) {
864
865 case AF_INET: {
866 uint32_t
867 a = be32toh(local.in.sin_addr.s_addr),
868 b = be32toh(remote.in.sin_addr.s_addr);
869
870 if (asprintf(&r,
871 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
872 nr,
873 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
874 be16toh(local.in.sin_port),
875 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
876 be16toh(remote.in.sin_port)) < 0)
877 return -ENOMEM;
878
879 break;
880 }
881
882 case AF_INET6: {
883 static const unsigned char ipv4_prefix[] = {
884 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
885 };
886
887 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
888 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
889 const uint8_t
890 *a = local.in6.sin6_addr.s6_addr+12,
891 *b = remote.in6.sin6_addr.s6_addr+12;
892
893 if (asprintf(&r,
894 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
895 nr,
896 a[0], a[1], a[2], a[3],
897 be16toh(local.in6.sin6_port),
898 b[0], b[1], b[2], b[3],
899 be16toh(remote.in6.sin6_port)) < 0)
900 return -ENOMEM;
901 } else {
902 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
903
904 if (asprintf(&r,
905 "%u-%s:%u-%s:%u",
906 nr,
907 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
908 be16toh(local.in6.sin6_port),
909 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
910 be16toh(remote.in6.sin6_port)) < 0)
911 return -ENOMEM;
912 }
913
914 break;
915 }
916
917 case AF_UNIX: {
918 struct ucred ucred;
919 int k;
920
921 k = getpeercred(fd, &ucred);
922 if (k >= 0) {
923 if (asprintf(&r,
924 "%u-"PID_FMT"-"UID_FMT,
925 nr, ucred.pid, ucred.uid) < 0)
926 return -ENOMEM;
927 } else if (k == -ENODATA) {
928 /* This handles the case where somebody is
929 * connecting from another pid/uid namespace
930 * (e.g. from outside of our container). */
931 if (asprintf(&r,
932 "%u-unknown",
933 nr) < 0)
934 return -ENOMEM;
935 } else
936 return k;
937
938 break;
939 }
940
941 default:
942 assert_not_reached("Unhandled socket type.");
943 }
944
945 *instance = r;
946 return 0;
947 }
948
949 static void socket_close_fds(Socket *s) {
950 SocketPort *p;
951 char **i;
952
953 assert(s);
954
955 LIST_FOREACH(port, p, s->ports) {
956 bool was_open;
957
958 was_open = p->fd >= 0;
959
960 p->event_source = sd_event_source_unref(p->event_source);
961 p->fd = safe_close(p->fd);
962 socket_cleanup_fd_list(p);
963
964 /* One little note: we should normally not delete any sockets in the file system here! After all some
965 * other process we spawned might still have a reference of this fd and wants to continue to use
966 * it. Therefore we normally delete sockets in the file system before we create a new one, not after we
967 * stopped using one! That all said, if the user explicitly requested this, we'll delete them here
968 * anyway, but only then. */
969
970 if (!was_open || !s->remove_on_stop)
971 continue;
972
973 switch (p->type) {
974
975 case SOCKET_FIFO:
976 (void) unlink(p->path);
977 break;
978
979 case SOCKET_MQUEUE:
980 (void) mq_unlink(p->path);
981 break;
982
983 case SOCKET_SOCKET:
984 (void) socket_address_unlink(&p->address);
985 break;
986
987 default:
988 break;
989 }
990 }
991
992 if (s->remove_on_stop)
993 STRV_FOREACH(i, s->symlinks)
994 (void) unlink(*i);
995 }
996
997 static void socket_apply_socket_options(Socket *s, int fd) {
998 int r;
999
1000 assert(s);
1001 assert(fd >= 0);
1002
1003 if (s->keep_alive) {
1004 int b = s->keep_alive;
1005 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
1006 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
1007 }
1008
1009 if (s->keep_alive_time) {
1010 int value = s->keep_alive_time / USEC_PER_SEC;
1011 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
1012 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
1013 }
1014
1015 if (s->keep_alive_interval) {
1016 int value = s->keep_alive_interval / USEC_PER_SEC;
1017 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
1018 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
1019 }
1020
1021 if (s->keep_alive_cnt) {
1022 int value = s->keep_alive_cnt;
1023 if (setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &value, sizeof(value)) < 0)
1024 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
1025 }
1026
1027 if (s->defer_accept) {
1028 int value = s->defer_accept / USEC_PER_SEC;
1029 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
1030 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
1031 }
1032
1033 if (s->no_delay) {
1034 int b = s->no_delay;
1035
1036 if (s->socket_protocol == IPPROTO_SCTP) {
1037 if (setsockopt(fd, SOL_SCTP, SCTP_NODELAY, &b, sizeof(b)) < 0)
1038 log_unit_warning_errno(UNIT(s), errno, "SCTP_NODELAY failed: %m");
1039 } else {
1040 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
1041 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
1042 }
1043 }
1044
1045 if (s->broadcast) {
1046 int one = 1;
1047 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
1048 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
1049 }
1050
1051 if (s->pass_cred) {
1052 int one = 1;
1053 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
1054 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
1055 }
1056
1057 if (s->pass_sec) {
1058 int one = 1;
1059 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
1060 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
1061 }
1062
1063 if (s->priority >= 0)
1064 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
1065 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
1066
1067 if (s->receive_buffer > 0) {
1068 int value = (int) s->receive_buffer;
1069
1070 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
1071
1072 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
1073 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
1074 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
1075 }
1076
1077 if (s->send_buffer > 0) {
1078 int value = (int) s->send_buffer;
1079 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
1080 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
1081 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
1082 }
1083
1084 if (s->mark >= 0)
1085 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
1086 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
1087
1088 if (s->ip_tos >= 0)
1089 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
1090 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
1091
1092 if (s->ip_ttl >= 0) {
1093 int x;
1094
1095 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
1096
1097 if (socket_ipv6_is_supported())
1098 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
1099 else {
1100 x = -1;
1101 errno = EAFNOSUPPORT;
1102 }
1103
1104 if (r < 0 && x < 0)
1105 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
1106 }
1107
1108 if (s->tcp_congestion)
1109 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
1110 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
1111
1112 if (s->smack_ip_in) {
1113 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
1114 if (r < 0)
1115 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
1116 }
1117
1118 if (s->smack_ip_out) {
1119 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
1120 if (r < 0)
1121 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
1122 }
1123 }
1124
1125 static void socket_apply_fifo_options(Socket *s, int fd) {
1126 int r;
1127
1128 assert(s);
1129 assert(fd >= 0);
1130
1131 if (s->pipe_size > 0)
1132 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
1133 log_unit_warning_errno(UNIT(s), errno, "Setting pipe size failed, ignoring: %m");
1134
1135 if (s->smack) {
1136 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
1137 if (r < 0)
1138 log_unit_error_errno(UNIT(s), r, "SMACK relabelling failed, ignoring: %m");
1139 }
1140 }
1141
1142 static int fifo_address_create(
1143 const char *path,
1144 mode_t directory_mode,
1145 mode_t socket_mode) {
1146
1147 _cleanup_close_ int fd = -1;
1148 mode_t old_mask;
1149 struct stat st;
1150 int r;
1151
1152 assert(path);
1153
1154 mkdir_parents_label(path, directory_mode);
1155
1156 r = mac_selinux_create_file_prepare(path, S_IFIFO);
1157 if (r < 0)
1158 return r;
1159
1160 /* Enforce the right access mode for the fifo */
1161 old_mask = umask(~ socket_mode);
1162
1163 /* Include the original umask in our mask */
1164 (void) umask(~socket_mode | old_mask);
1165
1166 r = mkfifo(path, socket_mode);
1167 (void) umask(old_mask);
1168
1169 if (r < 0 && errno != EEXIST) {
1170 r = -errno;
1171 goto fail;
1172 }
1173
1174 fd = open(path, O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
1175 if (fd < 0) {
1176 r = -errno;
1177 goto fail;
1178 }
1179
1180 mac_selinux_create_file_clear();
1181
1182 if (fstat(fd, &st) < 0) {
1183 r = -errno;
1184 goto fail;
1185 }
1186
1187 if (!S_ISFIFO(st.st_mode) ||
1188 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1189 st.st_uid != getuid() ||
1190 st.st_gid != getgid()) {
1191 r = -EEXIST;
1192 goto fail;
1193 }
1194
1195 r = fd;
1196 fd = -1;
1197
1198 return r;
1199
1200 fail:
1201 mac_selinux_create_file_clear();
1202 return r;
1203 }
1204
1205 static int special_address_create(const char *path, bool writable) {
1206 _cleanup_close_ int fd = -1;
1207 struct stat st;
1208 int r;
1209
1210 assert(path);
1211
1212 fd = open(path, (writable ? O_RDWR : O_RDONLY)|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1213 if (fd < 0)
1214 return -errno;
1215
1216 if (fstat(fd, &st) < 0)
1217 return -errno;
1218
1219 /* Check whether this is a /proc, /sys or /dev file or char device */
1220 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode))
1221 return -EEXIST;
1222
1223 r = fd;
1224 fd = -1;
1225
1226 return r;
1227 }
1228
1229 static int usbffs_address_create(const char *path) {
1230 _cleanup_close_ int fd = -1;
1231 struct stat st;
1232 int r;
1233
1234 assert(path);
1235
1236 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1237 if (fd < 0)
1238 return -errno;
1239
1240 if (fstat(fd, &st) < 0)
1241 return -errno;
1242
1243 /* Check whether this is a regular file (ffs endpoint)*/
1244 if (!S_ISREG(st.st_mode))
1245 return -EEXIST;
1246
1247 r = fd;
1248 fd = -1;
1249
1250 return r;
1251 }
1252
1253 static int mq_address_create(
1254 const char *path,
1255 mode_t mq_mode,
1256 long maxmsg,
1257 long msgsize) {
1258
1259 _cleanup_close_ int fd = -1;
1260 struct stat st;
1261 mode_t old_mask;
1262 struct mq_attr _attr, *attr = NULL;
1263 int r;
1264
1265 assert(path);
1266
1267 if (maxmsg > 0 && msgsize > 0) {
1268 _attr = (struct mq_attr) {
1269 .mq_flags = O_NONBLOCK,
1270 .mq_maxmsg = maxmsg,
1271 .mq_msgsize = msgsize,
1272 };
1273 attr = &_attr;
1274 }
1275
1276 /* Enforce the right access mode for the mq */
1277 old_mask = umask(~ mq_mode);
1278
1279 /* Include the original umask in our mask */
1280 (void) umask(~mq_mode | old_mask);
1281 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1282 (void) umask(old_mask);
1283
1284 if (fd < 0)
1285 return -errno;
1286
1287 if (fstat(fd, &st) < 0)
1288 return -errno;
1289
1290 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1291 st.st_uid != getuid() ||
1292 st.st_gid != getgid())
1293 return -EEXIST;
1294
1295 r = fd;
1296 fd = -1;
1297
1298 return r;
1299 }
1300
1301 static int socket_symlink(Socket *s) {
1302 const char *p;
1303 char **i;
1304
1305 assert(s);
1306
1307 p = socket_find_symlink_target(s);
1308 if (!p)
1309 return 0;
1310
1311 STRV_FOREACH(i, s->symlinks)
1312 symlink_label(p, *i);
1313
1314 return 0;
1315 }
1316
1317 static int usbffs_write_descs(int fd, Service *s) {
1318 int r;
1319
1320 if (!s->usb_function_descriptors || !s->usb_function_strings)
1321 return -EINVAL;
1322
1323 r = copy_file_fd(s->usb_function_descriptors, fd, false);
1324 if (r < 0)
1325 return r;
1326
1327 return copy_file_fd(s->usb_function_strings, fd, false);
1328 }
1329
1330 static int usbffs_select_ep(const struct dirent *d) {
1331 return d->d_name[0] != '.' && !streq(d->d_name, "ep0");
1332 }
1333
1334 static int usbffs_dispatch_eps(SocketPort *p) {
1335 _cleanup_free_ struct dirent **ent = NULL;
1336 int r, i, n, k;
1337
1338 r = scandir(p->path, &ent, usbffs_select_ep, alphasort);
1339 if (r < 0)
1340 return -errno;
1341
1342 n = r;
1343 p->auxiliary_fds = new(int, n);
1344 if (!p->auxiliary_fds)
1345 return -ENOMEM;
1346
1347 p->n_auxiliary_fds = n;
1348
1349 k = 0;
1350 for (i = 0; i < n; ++i) {
1351 _cleanup_free_ char *ep = NULL;
1352
1353 ep = path_make_absolute(ent[i]->d_name, p->path);
1354 if (!ep)
1355 return -ENOMEM;
1356
1357 path_kill_slashes(ep);
1358
1359 r = usbffs_address_create(ep);
1360 if (r < 0)
1361 goto fail;
1362
1363 p->auxiliary_fds[k] = r;
1364
1365 ++k;
1366 free(ent[i]);
1367 }
1368
1369 return r;
1370
1371 fail:
1372 close_many(p->auxiliary_fds, k);
1373 p->auxiliary_fds = mfree(p->auxiliary_fds);
1374 p->n_auxiliary_fds = 0;
1375
1376 return r;
1377 }
1378
1379 static int socket_determine_selinux_label(Socket *s, char **ret) {
1380 ExecCommand *c;
1381 int r;
1382
1383 assert(s);
1384 assert(ret);
1385
1386 if (s->selinux_context_from_net) {
1387 /* If this is requested, get label from the network label */
1388
1389 r = mac_selinux_get_our_label(ret);
1390 if (r == -EOPNOTSUPP)
1391 goto no_label;
1392
1393 } else {
1394 /* Otherwise, get it from the executable we are about to start */
1395 r = socket_instantiate_service(s);
1396 if (r < 0)
1397 return r;
1398
1399 if (!UNIT_ISSET(s->service))
1400 goto no_label;
1401
1402 c = SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START];
1403 if (!c)
1404 goto no_label;
1405
1406 r = mac_selinux_get_create_label_from_exe(c->path, ret);
1407 if (r == -EPERM || r == -EOPNOTSUPP)
1408 goto no_label;
1409 }
1410
1411 return r;
1412
1413 no_label:
1414 *ret = NULL;
1415 return 0;
1416 }
1417
1418 static int socket_open_fds(Socket *s) {
1419 _cleanup_(mac_selinux_freep) char *label = NULL;
1420 bool know_label = false;
1421 SocketPort *p;
1422 int r;
1423
1424 assert(s);
1425
1426 LIST_FOREACH(port, p, s->ports) {
1427
1428 if (p->fd >= 0)
1429 continue;
1430
1431 switch (p->type) {
1432
1433 case SOCKET_SOCKET:
1434
1435 if (!know_label) {
1436 /* Figure out label, if we don't it know yet. We do it once, for the first socket where
1437 * we need this and remember it for the rest. */
1438
1439 r = socket_determine_selinux_label(s, &label);
1440 if (r < 0)
1441 goto rollback;
1442
1443 know_label = true;
1444 }
1445
1446 /* Apply the socket protocol */
1447 switch (p->address.type) {
1448
1449 case SOCK_STREAM:
1450 case SOCK_SEQPACKET:
1451 if (s->socket_protocol == IPPROTO_SCTP)
1452 p->address.protocol = s->socket_protocol;
1453 break;
1454
1455 case SOCK_DGRAM:
1456 if (s->socket_protocol == IPPROTO_UDPLITE)
1457 p->address.protocol = s->socket_protocol;
1458 break;
1459 }
1460
1461 r = socket_address_listen(
1462 &p->address,
1463 SOCK_CLOEXEC|SOCK_NONBLOCK,
1464 s->backlog,
1465 s->bind_ipv6_only,
1466 s->bind_to_device,
1467 s->reuse_port,
1468 s->free_bind,
1469 s->transparent,
1470 s->directory_mode,
1471 s->socket_mode,
1472 label);
1473 if (r < 0)
1474 goto rollback;
1475
1476 p->fd = r;
1477 socket_apply_socket_options(s, p->fd);
1478 socket_symlink(s);
1479 break;
1480
1481 case SOCKET_SPECIAL:
1482
1483 p->fd = special_address_create(p->path, s->writable);
1484 if (p->fd < 0) {
1485 r = p->fd;
1486 goto rollback;
1487 }
1488 break;
1489
1490 case SOCKET_FIFO:
1491
1492 p->fd = fifo_address_create(
1493 p->path,
1494 s->directory_mode,
1495 s->socket_mode);
1496 if (p->fd < 0) {
1497 r = p->fd;
1498 goto rollback;
1499 }
1500
1501 socket_apply_fifo_options(s, p->fd);
1502 socket_symlink(s);
1503 break;
1504
1505 case SOCKET_MQUEUE:
1506
1507 p->fd = mq_address_create(
1508 p->path,
1509 s->socket_mode,
1510 s->mq_maxmsg,
1511 s->mq_msgsize);
1512 if (p->fd < 0) {
1513 r = p->fd;
1514 goto rollback;
1515 }
1516 break;
1517
1518 case SOCKET_USB_FUNCTION: {
1519 _cleanup_free_ char *ep = NULL;
1520
1521 ep = path_make_absolute("ep0", p->path);
1522
1523 p->fd = usbffs_address_create(ep);
1524 if (p->fd < 0) {
1525 r = p->fd;
1526 goto rollback;
1527 }
1528
1529 r = usbffs_write_descs(p->fd, SERVICE(UNIT_DEREF(s->service)));
1530 if (r < 0)
1531 goto rollback;
1532
1533 r = usbffs_dispatch_eps(p);
1534 if (r < 0)
1535 goto rollback;
1536
1537 break;
1538 }
1539 default:
1540 assert_not_reached("Unknown port type");
1541 }
1542 }
1543
1544 return 0;
1545
1546 rollback:
1547 socket_close_fds(s);
1548 return r;
1549 }
1550
1551 static void socket_unwatch_fds(Socket *s) {
1552 SocketPort *p;
1553 int r;
1554
1555 assert(s);
1556
1557 LIST_FOREACH(port, p, s->ports) {
1558 if (p->fd < 0)
1559 continue;
1560
1561 if (!p->event_source)
1562 continue;
1563
1564 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1565 if (r < 0)
1566 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
1567 }
1568 }
1569
1570 static int socket_watch_fds(Socket *s) {
1571 SocketPort *p;
1572 int r;
1573
1574 assert(s);
1575
1576 LIST_FOREACH(port, p, s->ports) {
1577 if (p->fd < 0)
1578 continue;
1579
1580 if (p->event_source) {
1581 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1582 if (r < 0)
1583 goto fail;
1584 } else {
1585 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1586 if (r < 0)
1587 goto fail;
1588
1589 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1590 }
1591 }
1592
1593 return 0;
1594
1595 fail:
1596 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
1597 socket_unwatch_fds(s);
1598 return r;
1599 }
1600
1601 enum {
1602 SOCKET_OPEN_NONE,
1603 SOCKET_OPEN_SOME,
1604 SOCKET_OPEN_ALL,
1605 };
1606
1607 static int socket_check_open(Socket *s) {
1608 bool have_open = false, have_closed = false;
1609 SocketPort *p;
1610
1611 assert(s);
1612
1613 LIST_FOREACH(port, p, s->ports) {
1614 if (p->fd < 0)
1615 have_closed = true;
1616 else
1617 have_open = true;
1618
1619 if (have_open && have_closed)
1620 return SOCKET_OPEN_SOME;
1621 }
1622
1623 if (have_open)
1624 return SOCKET_OPEN_ALL;
1625
1626 return SOCKET_OPEN_NONE;
1627 }
1628
1629 static void socket_set_state(Socket *s, SocketState state) {
1630 SocketState old_state;
1631 assert(s);
1632
1633 old_state = s->state;
1634 s->state = state;
1635
1636 if (!IN_SET(state,
1637 SOCKET_START_PRE,
1638 SOCKET_START_CHOWN,
1639 SOCKET_START_POST,
1640 SOCKET_STOP_PRE,
1641 SOCKET_STOP_PRE_SIGTERM,
1642 SOCKET_STOP_PRE_SIGKILL,
1643 SOCKET_STOP_POST,
1644 SOCKET_FINAL_SIGTERM,
1645 SOCKET_FINAL_SIGKILL)) {
1646
1647 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1648 socket_unwatch_control_pid(s);
1649 s->control_command = NULL;
1650 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1651 }
1652
1653 if (state != SOCKET_LISTENING)
1654 socket_unwatch_fds(s);
1655
1656 if (!IN_SET(state,
1657 SOCKET_START_CHOWN,
1658 SOCKET_START_POST,
1659 SOCKET_LISTENING,
1660 SOCKET_RUNNING,
1661 SOCKET_STOP_PRE,
1662 SOCKET_STOP_PRE_SIGTERM,
1663 SOCKET_STOP_PRE_SIGKILL))
1664 socket_close_fds(s);
1665
1666 if (state != old_state)
1667 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
1668
1669 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1670 }
1671
1672 static int socket_coldplug(Unit *u) {
1673 Socket *s = SOCKET(u);
1674 int r;
1675
1676 assert(s);
1677 assert(s->state == SOCKET_DEAD);
1678
1679 if (s->deserialized_state == s->state)
1680 return 0;
1681
1682 if (s->control_pid > 0 &&
1683 pid_is_unwaited(s->control_pid) &&
1684 IN_SET(s->deserialized_state,
1685 SOCKET_START_PRE,
1686 SOCKET_START_CHOWN,
1687 SOCKET_START_POST,
1688 SOCKET_STOP_PRE,
1689 SOCKET_STOP_PRE_SIGTERM,
1690 SOCKET_STOP_PRE_SIGKILL,
1691 SOCKET_STOP_POST,
1692 SOCKET_FINAL_SIGTERM,
1693 SOCKET_FINAL_SIGKILL)) {
1694
1695 r = unit_watch_pid(UNIT(s), s->control_pid);
1696 if (r < 0)
1697 return r;
1698
1699 r = socket_arm_timer(s, usec_add(u->state_change_timestamp.monotonic, s->timeout_usec));
1700 if (r < 0)
1701 return r;
1702 }
1703
1704 if (IN_SET(s->deserialized_state,
1705 SOCKET_START_CHOWN,
1706 SOCKET_START_POST,
1707 SOCKET_LISTENING,
1708 SOCKET_RUNNING)) {
1709
1710 /* Originally, we used to simply reopen all sockets here that we didn't have file descriptors
1711 * for. However, this is problematic, as we won't traverse throught the SOCKET_START_CHOWN state for
1712 * them, and thus the UID/GID wouldn't be right. Hence, instead simply check if we have all fds open,
1713 * and if there's a mismatch, warn loudly. */
1714
1715 r = socket_check_open(s);
1716 if (r == SOCKET_OPEN_NONE)
1717 log_unit_warning(UNIT(s),
1718 "Socket unit configuration has changed while unit has been running, "
1719 "no open socket file descriptor left. "
1720 "The socket unit is not functional until restarted.");
1721 else if (r == SOCKET_OPEN_SOME)
1722 log_unit_warning(UNIT(s),
1723 "Socket unit configuration has changed while unit has been running, "
1724 "and some socket file descriptors have not been opened yet. "
1725 "The socket unit is not fully functional until restarted.");
1726 }
1727
1728 if (s->deserialized_state == SOCKET_LISTENING) {
1729 r = socket_watch_fds(s);
1730 if (r < 0)
1731 return r;
1732 }
1733
1734 if (!IN_SET(s->deserialized_state, SOCKET_DEAD, SOCKET_FAILED))
1735 (void) unit_setup_dynamic_creds(u);
1736
1737 socket_set_state(s, s->deserialized_state);
1738 return 0;
1739 }
1740
1741 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1742 pid_t pid;
1743 int r;
1744 ExecParameters exec_params = {
1745 .flags = EXEC_APPLY_PERMISSIONS|EXEC_APPLY_CHROOT|EXEC_APPLY_TTY_STDIN,
1746 .stdin_fd = -1,
1747 .stdout_fd = -1,
1748 .stderr_fd = -1,
1749 };
1750
1751 assert(s);
1752 assert(c);
1753 assert(_pid);
1754
1755 (void) unit_realize_cgroup(UNIT(s));
1756 if (s->reset_cpu_usage) {
1757 (void) unit_reset_cpu_usage(UNIT(s));
1758 s->reset_cpu_usage = false;
1759 }
1760
1761 r = unit_setup_exec_runtime(UNIT(s));
1762 if (r < 0)
1763 return r;
1764
1765 r = unit_setup_dynamic_creds(UNIT(s));
1766 if (r < 0)
1767 return r;
1768
1769 r = socket_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->timeout_usec));
1770 if (r < 0)
1771 return r;
1772
1773 exec_params.argv = c->argv;
1774 exec_params.environment = UNIT(s)->manager->environment;
1775 exec_params.confirm_spawn = manager_get_confirm_spawn(UNIT(s)->manager);
1776 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1777 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1778 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1779 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1780
1781 r = exec_spawn(UNIT(s),
1782 c,
1783 &s->exec_context,
1784 &exec_params,
1785 s->exec_runtime,
1786 &s->dynamic_creds,
1787 &pid);
1788 if (r < 0)
1789 return r;
1790
1791 r = unit_watch_pid(UNIT(s), pid);
1792 if (r < 0)
1793 /* FIXME: we need to do something here */
1794 return r;
1795
1796 *_pid = pid;
1797 return 0;
1798 }
1799
1800 static int socket_chown(Socket *s, pid_t *_pid) {
1801 pid_t pid;
1802 int r;
1803
1804 r = socket_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->timeout_usec));
1805 if (r < 0)
1806 goto fail;
1807
1808 /* We have to resolve the user names out-of-process, hence
1809 * let's fork here. It's messy, but well, what can we do? */
1810
1811 pid = fork();
1812 if (pid < 0)
1813 return -errno;
1814
1815 if (pid == 0) {
1816 SocketPort *p;
1817 uid_t uid = UID_INVALID;
1818 gid_t gid = GID_INVALID;
1819 int ret;
1820
1821 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1822 (void) ignore_signals(SIGPIPE, -1);
1823 log_forget_fds();
1824
1825 if (!isempty(s->user)) {
1826 const char *user = s->user;
1827
1828 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1829 if (r < 0) {
1830 ret = EXIT_USER;
1831 goto fail_child;
1832 }
1833 }
1834
1835 if (!isempty(s->group)) {
1836 const char *group = s->group;
1837
1838 r = get_group_creds(&group, &gid);
1839 if (r < 0) {
1840 ret = EXIT_GROUP;
1841 goto fail_child;
1842 }
1843 }
1844
1845 LIST_FOREACH(port, p, s->ports) {
1846 const char *path = NULL;
1847
1848 if (p->type == SOCKET_SOCKET)
1849 path = socket_address_get_path(&p->address);
1850 else if (p->type == SOCKET_FIFO)
1851 path = p->path;
1852
1853 if (!path)
1854 continue;
1855
1856 if (chown(path, uid, gid) < 0) {
1857 r = -errno;
1858 ret = EXIT_CHOWN;
1859 goto fail_child;
1860 }
1861 }
1862
1863 _exit(0);
1864
1865 fail_child:
1866 log_open();
1867 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1868
1869 _exit(ret);
1870 }
1871
1872 r = unit_watch_pid(UNIT(s), pid);
1873 if (r < 0)
1874 goto fail;
1875
1876 *_pid = pid;
1877 return 0;
1878
1879 fail:
1880 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1881 return r;
1882 }
1883
1884 static void socket_enter_dead(Socket *s, SocketResult f) {
1885 assert(s);
1886
1887 if (s->result == SOCKET_SUCCESS)
1888 s->result = f;
1889
1890 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1891
1892 exec_runtime_destroy(s->exec_runtime);
1893 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1894
1895 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1896
1897 unit_unref_uid_gid(UNIT(s), true);
1898
1899 dynamic_creds_destroy(&s->dynamic_creds);
1900 }
1901
1902 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1903
1904 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1905 int r;
1906 assert(s);
1907
1908 if (s->result == SOCKET_SUCCESS)
1909 s->result = f;
1910
1911 socket_unwatch_control_pid(s);
1912 s->control_command_id = SOCKET_EXEC_STOP_POST;
1913 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1914
1915 if (s->control_command) {
1916 r = socket_spawn(s, s->control_command, &s->control_pid);
1917 if (r < 0)
1918 goto fail;
1919
1920 socket_set_state(s, SOCKET_STOP_POST);
1921 } else
1922 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1923
1924 return;
1925
1926 fail:
1927 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
1928 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1929 }
1930
1931 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1932 int r;
1933
1934 assert(s);
1935
1936 if (s->result == SOCKET_SUCCESS)
1937 s->result = f;
1938
1939 r = unit_kill_context(
1940 UNIT(s),
1941 &s->kill_context,
1942 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1943 KILL_KILL : KILL_TERMINATE,
1944 -1,
1945 s->control_pid,
1946 false);
1947 if (r < 0)
1948 goto fail;
1949
1950 if (r > 0) {
1951 r = socket_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->timeout_usec));
1952 if (r < 0)
1953 goto fail;
1954
1955 socket_set_state(s, state);
1956 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1957 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1958 else if (state == SOCKET_STOP_PRE_SIGKILL)
1959 socket_enter_stop_post(s, SOCKET_SUCCESS);
1960 else if (state == SOCKET_FINAL_SIGTERM)
1961 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1962 else
1963 socket_enter_dead(s, SOCKET_SUCCESS);
1964
1965 return;
1966
1967 fail:
1968 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
1969
1970 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1971 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1972 else
1973 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1974 }
1975
1976 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1977 int r;
1978 assert(s);
1979
1980 if (s->result == SOCKET_SUCCESS)
1981 s->result = f;
1982
1983 socket_unwatch_control_pid(s);
1984 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1985 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1986
1987 if (s->control_command) {
1988 r = socket_spawn(s, s->control_command, &s->control_pid);
1989 if (r < 0)
1990 goto fail;
1991
1992 socket_set_state(s, SOCKET_STOP_PRE);
1993 } else
1994 socket_enter_stop_post(s, SOCKET_SUCCESS);
1995
1996 return;
1997
1998 fail:
1999 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
2000 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
2001 }
2002
2003 static void socket_enter_listening(Socket *s) {
2004 int r;
2005 assert(s);
2006
2007 r = socket_watch_fds(s);
2008 if (r < 0) {
2009 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
2010 goto fail;
2011 }
2012
2013 socket_set_state(s, SOCKET_LISTENING);
2014 return;
2015
2016 fail:
2017 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2018 }
2019
2020 static void socket_enter_start_post(Socket *s) {
2021 int r;
2022 assert(s);
2023
2024 socket_unwatch_control_pid(s);
2025 s->control_command_id = SOCKET_EXEC_START_POST;
2026 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
2027
2028 if (s->control_command) {
2029 r = socket_spawn(s, s->control_command, &s->control_pid);
2030 if (r < 0) {
2031 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
2032 goto fail;
2033 }
2034
2035 socket_set_state(s, SOCKET_START_POST);
2036 } else
2037 socket_enter_listening(s);
2038
2039 return;
2040
2041 fail:
2042 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2043 }
2044
2045 static void socket_enter_start_chown(Socket *s) {
2046 int r;
2047
2048 assert(s);
2049
2050 r = socket_open_fds(s);
2051 if (r < 0) {
2052 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
2053 goto fail;
2054 }
2055
2056 if (!isempty(s->user) || !isempty(s->group)) {
2057
2058 socket_unwatch_control_pid(s);
2059 s->control_command_id = SOCKET_EXEC_START_CHOWN;
2060 s->control_command = NULL;
2061
2062 r = socket_chown(s, &s->control_pid);
2063 if (r < 0) {
2064 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
2065 goto fail;
2066 }
2067
2068 socket_set_state(s, SOCKET_START_CHOWN);
2069 } else
2070 socket_enter_start_post(s);
2071
2072 return;
2073
2074 fail:
2075 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2076 }
2077
2078 static void socket_enter_start_pre(Socket *s) {
2079 int r;
2080 assert(s);
2081
2082 socket_unwatch_control_pid(s);
2083 s->control_command_id = SOCKET_EXEC_START_PRE;
2084 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
2085
2086 if (s->control_command) {
2087 r = socket_spawn(s, s->control_command, &s->control_pid);
2088 if (r < 0) {
2089 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
2090 goto fail;
2091 }
2092
2093 socket_set_state(s, SOCKET_START_PRE);
2094 } else
2095 socket_enter_start_chown(s);
2096
2097 return;
2098
2099 fail:
2100 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
2101 }
2102
2103 static void flush_ports(Socket *s) {
2104 SocketPort *p;
2105
2106 /* Flush all incoming traffic, regardless if actual bytes or new connections, so that this socket isn't busy
2107 * anymore */
2108
2109 LIST_FOREACH(port, p, s->ports) {
2110 if (p->fd < 0)
2111 continue;
2112
2113 (void) flush_accept(p->fd);
2114 (void) flush_fd(p->fd);
2115 }
2116 }
2117
2118 static void socket_enter_running(Socket *s, int cfd) {
2119 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
2120 int r;
2121
2122 /* Note that this call takes possession of the connection fd passed. It either has to assign it somewhere or
2123 * close it. */
2124
2125 assert(s);
2126
2127 /* We don't take connections anymore if we are supposed to shut down anyway */
2128 if (unit_stop_pending(UNIT(s))) {
2129
2130 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
2131
2132 if (cfd >= 0)
2133 cfd = safe_close(cfd);
2134 else
2135 flush_ports(s);
2136
2137 return;
2138 }
2139
2140 if (!ratelimit_test(&s->trigger_limit)) {
2141 safe_close(cfd);
2142 log_unit_warning(UNIT(s), "Trigger limit hit, refusing further activation.");
2143 socket_enter_stop_pre(s, SOCKET_FAILURE_TRIGGER_LIMIT_HIT);
2144 return;
2145 }
2146
2147 if (cfd < 0) {
2148 Iterator i;
2149 Unit *other;
2150 bool pending = false;
2151
2152 /* If there's already a start pending don't bother to
2153 * do anything */
2154 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
2155 if (unit_active_or_pending(other)) {
2156 pending = true;
2157 break;
2158 }
2159
2160 if (!pending) {
2161 if (!UNIT_ISSET(s->service)) {
2162 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
2163 r = -ENOENT;
2164 goto fail;
2165 }
2166
2167 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, &error, NULL);
2168 if (r < 0)
2169 goto fail;
2170 }
2171
2172 socket_set_state(s, SOCKET_RUNNING);
2173 } else {
2174 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
2175 _cleanup_(socket_peer_unrefp) SocketPeer *p = NULL;
2176 Service *service;
2177
2178 if (s->n_connections >= s->max_connections) {
2179 log_unit_warning(UNIT(s), "Too many incoming connections (%u), dropping connection.",
2180 s->n_connections);
2181 safe_close(cfd);
2182 return;
2183 }
2184
2185 if (s->max_connections_per_source > 0) {
2186 r = socket_acquire_peer(s, cfd, &p);
2187 if (r < 0) {
2188 safe_close(cfd);
2189 return;
2190 } else if (r > 0 && p->n_ref > s->max_connections_per_source) {
2191 _cleanup_free_ char *t = NULL;
2192
2193 sockaddr_pretty(&p->peer.sa, FAMILY_ADDRESS_SIZE(p->peer.sa.sa_family), true, false, &t);
2194
2195 log_unit_warning(UNIT(s),
2196 "Too many incoming connections (%u) from source %s, dropping connection.",
2197 p->n_ref, strnull(t));
2198 safe_close(cfd);
2199 return;
2200 }
2201 }
2202
2203 r = socket_instantiate_service(s);
2204 if (r < 0)
2205 goto fail;
2206
2207 r = instance_from_socket(cfd, s->n_accepted, &instance);
2208 if (r < 0) {
2209 if (r != -ENOTCONN)
2210 goto fail;
2211
2212 /* ENOTCONN is legitimate if TCP RST was received.
2213 * This connection is over, but the socket unit lives on. */
2214 log_unit_debug(UNIT(s), "Got ENOTCONN on incoming socket, assuming aborted connection attempt, ignoring.");
2215 safe_close(cfd);
2216 return;
2217 }
2218
2219 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
2220 if (r < 0)
2221 goto fail;
2222
2223 r = unit_name_build(prefix, instance, ".service", &name);
2224 if (r < 0)
2225 goto fail;
2226
2227 r = unit_add_name(UNIT_DEREF(s->service), name);
2228 if (r < 0)
2229 goto fail;
2230
2231 service = SERVICE(UNIT_DEREF(s->service));
2232 unit_ref_unset(&s->service);
2233
2234 s->n_accepted++;
2235 unit_choose_id(UNIT(service), name);
2236
2237 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
2238 if (r < 0)
2239 goto fail;
2240
2241 cfd = -1; /* We passed ownership of the fd to the service now. Forget it here. */
2242 s->n_connections++;
2243
2244 service->peer = p; /* Pass ownership of the peer reference */
2245 p = NULL;
2246
2247 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, &error, NULL);
2248 if (r < 0) {
2249 /* We failed to activate the new service, but it still exists. Let's make sure the service
2250 * closes and forgets the connection fd again, immediately. */
2251 service_close_socket_fd(service);
2252 goto fail;
2253 }
2254
2255 /* Notify clients about changed counters */
2256 unit_add_to_dbus_queue(UNIT(s));
2257 }
2258
2259 return;
2260
2261 fail:
2262 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
2263 cfd >= 0 ? "template" : "non-template",
2264 bus_error_message(&error, r));
2265
2266 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2267 safe_close(cfd);
2268 }
2269
2270 static void socket_run_next(Socket *s) {
2271 int r;
2272
2273 assert(s);
2274 assert(s->control_command);
2275 assert(s->control_command->command_next);
2276
2277 socket_unwatch_control_pid(s);
2278
2279 s->control_command = s->control_command->command_next;
2280
2281 r = socket_spawn(s, s->control_command, &s->control_pid);
2282 if (r < 0)
2283 goto fail;
2284
2285 return;
2286
2287 fail:
2288 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
2289
2290 if (s->state == SOCKET_START_POST)
2291 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2292 else if (s->state == SOCKET_STOP_POST)
2293 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
2294 else
2295 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
2296 }
2297
2298 static int socket_start(Unit *u) {
2299 Socket *s = SOCKET(u);
2300 int r;
2301
2302 assert(s);
2303
2304 /* We cannot fulfill this request right now, try again later
2305 * please! */
2306 if (IN_SET(s->state,
2307 SOCKET_STOP_PRE,
2308 SOCKET_STOP_PRE_SIGKILL,
2309 SOCKET_STOP_PRE_SIGTERM,
2310 SOCKET_STOP_POST,
2311 SOCKET_FINAL_SIGTERM,
2312 SOCKET_FINAL_SIGKILL))
2313 return -EAGAIN;
2314
2315 /* Already on it! */
2316 if (IN_SET(s->state,
2317 SOCKET_START_PRE,
2318 SOCKET_START_CHOWN,
2319 SOCKET_START_POST))
2320 return 0;
2321
2322 /* Cannot run this without the service being around */
2323 if (UNIT_ISSET(s->service)) {
2324 Service *service;
2325
2326 service = SERVICE(UNIT_DEREF(s->service));
2327
2328 if (UNIT(service)->load_state != UNIT_LOADED) {
2329 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
2330 return -ENOENT;
2331 }
2332
2333 /* If the service is already active we cannot start the
2334 * socket */
2335 if (service->state != SERVICE_DEAD &&
2336 service->state != SERVICE_FAILED &&
2337 service->state != SERVICE_AUTO_RESTART) {
2338 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
2339 return -EBUSY;
2340 }
2341 }
2342
2343 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
2344
2345 r = unit_start_limit_test(u);
2346 if (r < 0) {
2347 socket_enter_dead(s, SOCKET_FAILURE_START_LIMIT_HIT);
2348 return r;
2349 }
2350
2351 r = unit_acquire_invocation_id(u);
2352 if (r < 0)
2353 return r;
2354
2355 s->result = SOCKET_SUCCESS;
2356 s->reset_cpu_usage = true;
2357
2358 socket_enter_start_pre(s);
2359 return 1;
2360 }
2361
2362 static int socket_stop(Unit *u) {
2363 Socket *s = SOCKET(u);
2364
2365 assert(s);
2366
2367 /* Already on it */
2368 if (IN_SET(s->state,
2369 SOCKET_STOP_PRE,
2370 SOCKET_STOP_PRE_SIGTERM,
2371 SOCKET_STOP_PRE_SIGKILL,
2372 SOCKET_STOP_POST,
2373 SOCKET_FINAL_SIGTERM,
2374 SOCKET_FINAL_SIGKILL))
2375 return 0;
2376
2377 /* If there's already something running we go directly into
2378 * kill mode. */
2379 if (IN_SET(s->state,
2380 SOCKET_START_PRE,
2381 SOCKET_START_CHOWN,
2382 SOCKET_START_POST)) {
2383 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
2384 return -EAGAIN;
2385 }
2386
2387 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
2388
2389 socket_enter_stop_pre(s, SOCKET_SUCCESS);
2390 return 1;
2391 }
2392
2393 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2394 Socket *s = SOCKET(u);
2395 SocketPort *p;
2396 int r;
2397
2398 assert(u);
2399 assert(f);
2400 assert(fds);
2401
2402 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2403 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2404 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2405
2406 if (s->control_pid > 0)
2407 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2408
2409 if (s->control_command_id >= 0)
2410 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2411
2412 LIST_FOREACH(port, p, s->ports) {
2413 int copy;
2414
2415 if (p->fd < 0)
2416 continue;
2417
2418 copy = fdset_put_dup(fds, p->fd);
2419 if (copy < 0)
2420 return copy;
2421
2422 if (p->type == SOCKET_SOCKET) {
2423 _cleanup_free_ char *t = NULL;
2424
2425 r = socket_address_print(&p->address, &t);
2426 if (r < 0)
2427 return r;
2428
2429 if (socket_address_family(&p->address) == AF_NETLINK)
2430 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2431 else
2432 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2433
2434 } else if (p->type == SOCKET_SPECIAL)
2435 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2436 else if (p->type == SOCKET_MQUEUE)
2437 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2438 else if (p->type == SOCKET_USB_FUNCTION)
2439 unit_serialize_item_format(u, f, "ffs", "%i %s", copy, p->path);
2440 else {
2441 assert(p->type == SOCKET_FIFO);
2442 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2443 }
2444 }
2445
2446 return 0;
2447 }
2448
2449 static void socket_port_take_fd(SocketPort *p, FDSet *fds, int fd) {
2450 safe_close(p->fd);
2451 p->fd = fdset_remove(fds, fd);
2452 }
2453
2454 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2455 Socket *s = SOCKET(u);
2456
2457 assert(u);
2458 assert(key);
2459 assert(value);
2460
2461 if (streq(key, "state")) {
2462 SocketState state;
2463
2464 state = socket_state_from_string(value);
2465 if (state < 0)
2466 log_unit_debug(u, "Failed to parse state value: %s", value);
2467 else
2468 s->deserialized_state = state;
2469 } else if (streq(key, "result")) {
2470 SocketResult f;
2471
2472 f = socket_result_from_string(value);
2473 if (f < 0)
2474 log_unit_debug(u, "Failed to parse result value: %s", value);
2475 else if (f != SOCKET_SUCCESS)
2476 s->result = f;
2477
2478 } else if (streq(key, "n-accepted")) {
2479 unsigned k;
2480
2481 if (safe_atou(value, &k) < 0)
2482 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
2483 else
2484 s->n_accepted += k;
2485 } else if (streq(key, "control-pid")) {
2486 pid_t pid;
2487
2488 if (parse_pid(value, &pid) < 0)
2489 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
2490 else
2491 s->control_pid = pid;
2492 } else if (streq(key, "control-command")) {
2493 SocketExecCommand id;
2494
2495 id = socket_exec_command_from_string(value);
2496 if (id < 0)
2497 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
2498 else {
2499 s->control_command_id = id;
2500 s->control_command = s->exec_command[id];
2501 }
2502 } else if (streq(key, "fifo")) {
2503 int fd, skip = 0;
2504 SocketPort *p;
2505
2506 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2507 log_unit_debug(u, "Failed to parse fifo value: %s", value);
2508 else
2509 LIST_FOREACH(port, p, s->ports)
2510 if (p->type == SOCKET_FIFO &&
2511 path_equal_or_files_same(p->path, value+skip)) {
2512 socket_port_take_fd(p, fds, fd);
2513 break;
2514 }
2515
2516 } else if (streq(key, "special")) {
2517 int fd, skip = 0;
2518 SocketPort *p;
2519
2520 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2521 log_unit_debug(u, "Failed to parse special value: %s", value);
2522 else
2523 LIST_FOREACH(port, p, s->ports)
2524 if (p->type == SOCKET_SPECIAL &&
2525 path_equal_or_files_same(p->path, value+skip)) {
2526 socket_port_take_fd(p, fds, fd);
2527 break;
2528 }
2529
2530 } else if (streq(key, "mqueue")) {
2531 int fd, skip = 0;
2532 SocketPort *p;
2533
2534 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2535 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
2536 else
2537 LIST_FOREACH(port, p, s->ports)
2538 if (p->type == SOCKET_MQUEUE &&
2539 streq(p->path, value+skip)) {
2540 socket_port_take_fd(p, fds, fd);
2541 break;
2542 }
2543
2544 } else if (streq(key, "socket")) {
2545 int fd, type, skip = 0;
2546 SocketPort *p;
2547
2548 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2549 log_unit_debug(u, "Failed to parse socket value: %s", value);
2550 else
2551 LIST_FOREACH(port, p, s->ports)
2552 if (socket_address_is(&p->address, value+skip, type)) {
2553 socket_port_take_fd(p, fds, fd);
2554 break;
2555 }
2556
2557 } else if (streq(key, "netlink")) {
2558 int fd, skip = 0;
2559 SocketPort *p;
2560
2561 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2562 log_unit_debug(u, "Failed to parse socket value: %s", value);
2563 else
2564 LIST_FOREACH(port, p, s->ports)
2565 if (socket_address_is_netlink(&p->address, value+skip)) {
2566 socket_port_take_fd(p, fds, fd);
2567 break;
2568 }
2569
2570 } else if (streq(key, "ffs")) {
2571 int fd, skip = 0;
2572 SocketPort *p;
2573
2574 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2575 log_unit_debug(u, "Failed to parse ffs value: %s", value);
2576 else
2577 LIST_FOREACH(port, p, s->ports)
2578 if (p->type == SOCKET_USB_FUNCTION &&
2579 path_equal_or_files_same(p->path, value+skip)) {
2580 socket_port_take_fd(p, fds, fd);
2581 break;
2582 }
2583
2584 } else
2585 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
2586
2587 return 0;
2588 }
2589
2590 static void socket_distribute_fds(Unit *u, FDSet *fds) {
2591 Socket *s = SOCKET(u);
2592 SocketPort *p;
2593
2594 assert(u);
2595
2596 LIST_FOREACH(port, p, s->ports) {
2597 Iterator i;
2598 int fd;
2599
2600 if (p->type != SOCKET_SOCKET)
2601 continue;
2602
2603 if (p->fd >= 0)
2604 continue;
2605
2606 FDSET_FOREACH(fd, fds, i) {
2607 if (socket_address_matches_fd(&p->address, fd)) {
2608 p->fd = fdset_remove(fds, fd);
2609 s->deserialized_state = SOCKET_LISTENING;
2610 break;
2611 }
2612 }
2613 }
2614 }
2615
2616 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2617 assert(u);
2618
2619 return state_translation_table[SOCKET(u)->state];
2620 }
2621
2622 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2623 assert(u);
2624
2625 return socket_state_to_string(SOCKET(u)->state);
2626 }
2627
2628 const char* socket_port_type_to_string(SocketPort *p) {
2629
2630 assert(p);
2631
2632 switch (p->type) {
2633
2634 case SOCKET_SOCKET:
2635
2636 switch (p->address.type) {
2637
2638 case SOCK_STREAM:
2639 return "Stream";
2640
2641 case SOCK_DGRAM:
2642 return "Datagram";
2643
2644 case SOCK_SEQPACKET:
2645 return "SequentialPacket";
2646
2647 case SOCK_RAW:
2648 if (socket_address_family(&p->address) == AF_NETLINK)
2649 return "Netlink";
2650
2651 default:
2652 return NULL;
2653 }
2654
2655 case SOCKET_SPECIAL:
2656 return "Special";
2657
2658 case SOCKET_MQUEUE:
2659 return "MessageQueue";
2660
2661 case SOCKET_FIFO:
2662 return "FIFO";
2663
2664 case SOCKET_USB_FUNCTION:
2665 return "USBFunction";
2666
2667 default:
2668 return NULL;
2669 }
2670 }
2671
2672 _pure_ static bool socket_check_gc(Unit *u) {
2673 Socket *s = SOCKET(u);
2674
2675 assert(u);
2676
2677 return s->n_connections > 0;
2678 }
2679
2680 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2681 SocketPort *p = userdata;
2682 int cfd = -1;
2683
2684 assert(p);
2685 assert(fd >= 0);
2686
2687 if (p->socket->state != SOCKET_LISTENING)
2688 return 0;
2689
2690 log_unit_debug(UNIT(p->socket), "Incoming traffic");
2691
2692 if (revents != EPOLLIN) {
2693
2694 if (revents & EPOLLHUP)
2695 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2696 else
2697 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
2698 goto fail;
2699 }
2700
2701 if (p->socket->accept &&
2702 p->type == SOCKET_SOCKET &&
2703 socket_address_can_accept(&p->address)) {
2704
2705 for (;;) {
2706
2707 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2708 if (cfd < 0) {
2709
2710 if (errno == EINTR)
2711 continue;
2712
2713 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
2714 goto fail;
2715 }
2716
2717 break;
2718 }
2719
2720 socket_apply_socket_options(p->socket, cfd);
2721 }
2722
2723 socket_enter_running(p->socket, cfd);
2724 return 0;
2725
2726 fail:
2727 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2728 return 0;
2729 }
2730
2731 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2732 Socket *s = SOCKET(u);
2733 SocketResult f;
2734
2735 assert(s);
2736 assert(pid >= 0);
2737
2738 if (pid != s->control_pid)
2739 return;
2740
2741 s->control_pid = 0;
2742
2743 if (is_clean_exit(code, status, EXIT_CLEAN_COMMAND, NULL))
2744 f = SOCKET_SUCCESS;
2745 else if (code == CLD_EXITED)
2746 f = SOCKET_FAILURE_EXIT_CODE;
2747 else if (code == CLD_KILLED)
2748 f = SOCKET_FAILURE_SIGNAL;
2749 else if (code == CLD_DUMPED)
2750 f = SOCKET_FAILURE_CORE_DUMP;
2751 else
2752 assert_not_reached("Unknown sigchld code");
2753
2754 if (s->control_command) {
2755 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2756
2757 if (s->control_command->ignore)
2758 f = SOCKET_SUCCESS;
2759 }
2760
2761 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2762 "Control process exited, code=%s status=%i",
2763 sigchld_code_to_string(code), status);
2764
2765 if (s->result == SOCKET_SUCCESS)
2766 s->result = f;
2767
2768 if (s->control_command &&
2769 s->control_command->command_next &&
2770 f == SOCKET_SUCCESS) {
2771
2772 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
2773 socket_run_next(s);
2774 } else {
2775 s->control_command = NULL;
2776 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2777
2778 /* No further commands for this step, so let's figure
2779 * out what to do next */
2780
2781 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
2782
2783 switch (s->state) {
2784
2785 case SOCKET_START_PRE:
2786 if (f == SOCKET_SUCCESS)
2787 socket_enter_start_chown(s);
2788 else
2789 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2790 break;
2791
2792 case SOCKET_START_CHOWN:
2793 if (f == SOCKET_SUCCESS)
2794 socket_enter_start_post(s);
2795 else
2796 socket_enter_stop_pre(s, f);
2797 break;
2798
2799 case SOCKET_START_POST:
2800 if (f == SOCKET_SUCCESS)
2801 socket_enter_listening(s);
2802 else
2803 socket_enter_stop_pre(s, f);
2804 break;
2805
2806 case SOCKET_STOP_PRE:
2807 case SOCKET_STOP_PRE_SIGTERM:
2808 case SOCKET_STOP_PRE_SIGKILL:
2809 socket_enter_stop_post(s, f);
2810 break;
2811
2812 case SOCKET_STOP_POST:
2813 case SOCKET_FINAL_SIGTERM:
2814 case SOCKET_FINAL_SIGKILL:
2815 socket_enter_dead(s, f);
2816 break;
2817
2818 default:
2819 assert_not_reached("Uh, control process died at wrong time.");
2820 }
2821 }
2822
2823 /* Notify clients about changed exit status */
2824 unit_add_to_dbus_queue(u);
2825 }
2826
2827 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2828 Socket *s = SOCKET(userdata);
2829
2830 assert(s);
2831 assert(s->timer_event_source == source);
2832
2833 switch (s->state) {
2834
2835 case SOCKET_START_PRE:
2836 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
2837 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2838 break;
2839
2840 case SOCKET_START_CHOWN:
2841 case SOCKET_START_POST:
2842 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
2843 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2844 break;
2845
2846 case SOCKET_STOP_PRE:
2847 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
2848 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2849 break;
2850
2851 case SOCKET_STOP_PRE_SIGTERM:
2852 if (s->kill_context.send_sigkill) {
2853 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
2854 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2855 } else {
2856 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2857 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2858 }
2859 break;
2860
2861 case SOCKET_STOP_PRE_SIGKILL:
2862 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
2863 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2864 break;
2865
2866 case SOCKET_STOP_POST:
2867 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
2868 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2869 break;
2870
2871 case SOCKET_FINAL_SIGTERM:
2872 if (s->kill_context.send_sigkill) {
2873 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
2874 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2875 } else {
2876 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2877 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2878 }
2879 break;
2880
2881 case SOCKET_FINAL_SIGKILL:
2882 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
2883 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2884 break;
2885
2886 default:
2887 assert_not_reached("Timeout at wrong time.");
2888 }
2889
2890 return 0;
2891 }
2892
2893 int socket_collect_fds(Socket *s, int **fds) {
2894 int *rfds, k = 0, n = 0;
2895 SocketPort *p;
2896
2897 assert(s);
2898 assert(fds);
2899
2900 /* Called from the service code for requesting our fds */
2901
2902 LIST_FOREACH(port, p, s->ports) {
2903 if (p->fd >= 0)
2904 n++;
2905 n += p->n_auxiliary_fds;
2906 }
2907
2908 if (n <= 0) {
2909 *fds = NULL;
2910 return 0;
2911 }
2912
2913 rfds = new(int, n);
2914 if (!rfds)
2915 return -ENOMEM;
2916
2917 LIST_FOREACH(port, p, s->ports) {
2918 int i;
2919
2920 if (p->fd >= 0)
2921 rfds[k++] = p->fd;
2922 for (i = 0; i < p->n_auxiliary_fds; ++i)
2923 rfds[k++] = p->auxiliary_fds[i];
2924 }
2925
2926 assert(k == n);
2927
2928 *fds = rfds;
2929 return n;
2930 }
2931
2932 static void socket_reset_failed(Unit *u) {
2933 Socket *s = SOCKET(u);
2934
2935 assert(s);
2936
2937 if (s->state == SOCKET_FAILED)
2938 socket_set_state(s, SOCKET_DEAD);
2939
2940 s->result = SOCKET_SUCCESS;
2941 }
2942
2943 void socket_connection_unref(Socket *s) {
2944 assert(s);
2945
2946 /* The service is dead. Yay!
2947 *
2948 * This is strictly for one-instance-per-connection
2949 * services. */
2950
2951 assert(s->n_connections > 0);
2952 s->n_connections--;
2953
2954 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
2955 }
2956
2957 static void socket_trigger_notify(Unit *u, Unit *other) {
2958 Socket *s = SOCKET(u);
2959
2960 assert(u);
2961 assert(other);
2962
2963 /* Filter out invocations with bogus state */
2964 if (other->load_state != UNIT_LOADED || other->type != UNIT_SERVICE)
2965 return;
2966
2967 /* Don't propagate state changes from the service if we are already down */
2968 if (!IN_SET(s->state, SOCKET_RUNNING, SOCKET_LISTENING))
2969 return;
2970
2971 /* We don't care for the service state if we are in Accept=yes mode */
2972 if (s->accept)
2973 return;
2974
2975 /* Propagate start limit hit state */
2976 if (other->start_limit_hit) {
2977 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_START_LIMIT_HIT);
2978 return;
2979 }
2980
2981 /* Don't propagate anything if there's still a job queued */
2982 if (other->job)
2983 return;
2984
2985 if (IN_SET(SERVICE(other)->state,
2986 SERVICE_DEAD, SERVICE_FAILED,
2987 SERVICE_FINAL_SIGTERM, SERVICE_FINAL_SIGKILL,
2988 SERVICE_AUTO_RESTART))
2989 socket_enter_listening(s);
2990
2991 if (SERVICE(other)->state == SERVICE_RUNNING)
2992 socket_set_state(s, SOCKET_RUNNING);
2993 }
2994
2995 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2996 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2997 }
2998
2999 static int socket_get_timeout(Unit *u, usec_t *timeout) {
3000 Socket *s = SOCKET(u);
3001 usec_t t;
3002 int r;
3003
3004 if (!s->timer_event_source)
3005 return 0;
3006
3007 r = sd_event_source_get_time(s->timer_event_source, &t);
3008 if (r < 0)
3009 return r;
3010 if (t == USEC_INFINITY)
3011 return 0;
3012
3013 *timeout = t;
3014 return 1;
3015 }
3016
3017 char *socket_fdname(Socket *s) {
3018 assert(s);
3019
3020 /* Returns the name to use for $LISTEN_NAMES. If the user
3021 * didn't specify anything specifically, use the socket unit's
3022 * name as fallback. */
3023
3024 if (s->fdname)
3025 return s->fdname;
3026
3027 return UNIT(s)->id;
3028 }
3029
3030 static int socket_control_pid(Unit *u) {
3031 Socket *s = SOCKET(u);
3032
3033 assert(s);
3034
3035 return s->control_pid;
3036 }
3037
3038 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
3039 [SOCKET_EXEC_START_PRE] = "StartPre",
3040 [SOCKET_EXEC_START_CHOWN] = "StartChown",
3041 [SOCKET_EXEC_START_POST] = "StartPost",
3042 [SOCKET_EXEC_STOP_PRE] = "StopPre",
3043 [SOCKET_EXEC_STOP_POST] = "StopPost"
3044 };
3045
3046 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
3047
3048 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
3049 [SOCKET_SUCCESS] = "success",
3050 [SOCKET_FAILURE_RESOURCES] = "resources",
3051 [SOCKET_FAILURE_TIMEOUT] = "timeout",
3052 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
3053 [SOCKET_FAILURE_SIGNAL] = "signal",
3054 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
3055 [SOCKET_FAILURE_START_LIMIT_HIT] = "start-limit-hit",
3056 [SOCKET_FAILURE_TRIGGER_LIMIT_HIT] = "trigger-limit-hit",
3057 [SOCKET_FAILURE_SERVICE_START_LIMIT_HIT] = "service-start-limit-hit"
3058 };
3059
3060 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
3061
3062 const UnitVTable socket_vtable = {
3063 .object_size = sizeof(Socket),
3064 .exec_context_offset = offsetof(Socket, exec_context),
3065 .cgroup_context_offset = offsetof(Socket, cgroup_context),
3066 .kill_context_offset = offsetof(Socket, kill_context),
3067 .exec_runtime_offset = offsetof(Socket, exec_runtime),
3068 .dynamic_creds_offset = offsetof(Socket, dynamic_creds),
3069
3070 .sections =
3071 "Unit\0"
3072 "Socket\0"
3073 "Install\0",
3074 .private_section = "Socket",
3075
3076 .init = socket_init,
3077 .done = socket_done,
3078 .load = socket_load,
3079
3080 .coldplug = socket_coldplug,
3081
3082 .dump = socket_dump,
3083
3084 .start = socket_start,
3085 .stop = socket_stop,
3086
3087 .kill = socket_kill,
3088
3089 .get_timeout = socket_get_timeout,
3090
3091 .serialize = socket_serialize,
3092 .deserialize_item = socket_deserialize_item,
3093 .distribute_fds = socket_distribute_fds,
3094
3095 .active_state = socket_active_state,
3096 .sub_state_to_string = socket_sub_state_to_string,
3097
3098 .check_gc = socket_check_gc,
3099
3100 .sigchld_event = socket_sigchld_event,
3101
3102 .trigger_notify = socket_trigger_notify,
3103
3104 .reset_failed = socket_reset_failed,
3105
3106 .control_pid = socket_control_pid,
3107
3108 .bus_vtable = bus_socket_vtable,
3109 .bus_set_property = bus_socket_set_property,
3110 .bus_commit_properties = bus_socket_commit_properties,
3111
3112 .status_message_formats = {
3113 /*.starting_stopping = {
3114 [0] = "Starting socket %s...",
3115 [1] = "Stopping socket %s...",
3116 },*/
3117 .finished_start_job = {
3118 [JOB_DONE] = "Listening on %s.",
3119 [JOB_FAILED] = "Failed to listen on %s.",
3120 [JOB_TIMEOUT] = "Timed out starting %s.",
3121 },
3122 .finished_stop_job = {
3123 [JOB_DONE] = "Closed %s.",
3124 [JOB_FAILED] = "Failed stopping %s.",
3125 [JOB_TIMEOUT] = "Timed out stopping %s.",
3126 },
3127 },
3128 };
Unnamed repository; edit this file 'description' to name the repository.