]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
socket: rename ffs_xyz to usbffs_xyz
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <arpa/inet.h>
23 #include <errno.h>
24 #include <fcntl.h>
25 #include <mqueue.h>
26 #include <netinet/tcp.h>
27 #include <signal.h>
28 #include <sys/epoll.h>
29 #include <sys/stat.h>
30 #include <unistd.h>
31
32 #include "sd-event.h"
33
34 #include "bus-error.h"
35 #include "bus-util.h"
36 #include "copy.h"
37 #include "dbus-socket.h"
38 #include "def.h"
39 #include "exit-status.h"
40 #include "formats-util.h"
41 #include "label.h"
42 #include "log.h"
43 #include "missing.h"
44 #include "mkdir.h"
45 #include "path-util.h"
46 #include "selinux-util.h"
47 #include "signal-util.h"
48 #include "smack-util.h"
49 #include "socket.h"
50 #include "special.h"
51 #include "strv.h"
52 #include "unit-name.h"
53 #include "unit-printf.h"
54 #include "unit.h"
55
56 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
57 [SOCKET_DEAD] = UNIT_INACTIVE,
58 [SOCKET_START_PRE] = UNIT_ACTIVATING,
59 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
60 [SOCKET_START_POST] = UNIT_ACTIVATING,
61 [SOCKET_LISTENING] = UNIT_ACTIVE,
62 [SOCKET_RUNNING] = UNIT_ACTIVE,
63 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
66 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
67 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
68 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
69 [SOCKET_FAILED] = UNIT_FAILED
70 };
71
72 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
73 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
74
75 static void socket_init(Unit *u) {
76 Socket *s = SOCKET(u);
77
78 assert(u);
79 assert(u->load_state == UNIT_STUB);
80
81 s->backlog = SOMAXCONN;
82 s->timeout_usec = u->manager->default_timeout_start_usec;
83 s->directory_mode = 0755;
84 s->socket_mode = 0666;
85
86 s->max_connections = 64;
87
88 s->priority = -1;
89 s->ip_tos = -1;
90 s->ip_ttl = -1;
91 s->mark = -1;
92
93 s->exec_context.std_output = u->manager->default_std_output;
94 s->exec_context.std_error = u->manager->default_std_error;
95
96 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
97 }
98
99 static void socket_unwatch_control_pid(Socket *s) {
100 assert(s);
101
102 if (s->control_pid <= 0)
103 return;
104
105 unit_unwatch_pid(UNIT(s), s->control_pid);
106 s->control_pid = 0;
107 }
108
109 static void socket_cleanup_fd_list(SocketPort *p) {
110 int k = p->n_auxiliary_fds;
111
112 while (k--)
113 safe_close(p->auxiliary_fds[k]);
114
115 p->auxiliary_fds = mfree(p->auxiliary_fds);
116 p->n_auxiliary_fds = 0;
117 }
118
119 void socket_free_ports(Socket *s) {
120 SocketPort *p;
121
122 assert(s);
123
124 while ((p = s->ports)) {
125 LIST_REMOVE(port, s->ports, p);
126
127 sd_event_source_unref(p->event_source);
128
129 socket_cleanup_fd_list(p);
130 safe_close(p->fd);
131 free(p->path);
132 free(p);
133 }
134 }
135
136 static void socket_done(Unit *u) {
137 Socket *s = SOCKET(u);
138
139 assert(s);
140
141 socket_free_ports(s);
142
143 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
144 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
145 s->control_command = NULL;
146
147 socket_unwatch_control_pid(s);
148
149 unit_ref_unset(&s->service);
150
151 s->tcp_congestion = mfree(s->tcp_congestion);
152 s->bind_to_device = mfree(s->bind_to_device);
153
154 free(s->smack);
155 free(s->smack_ip_in);
156 free(s->smack_ip_out);
157
158 strv_free(s->symlinks);
159
160 free(s->user);
161 free(s->group);
162
163 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
164 }
165
166 static int socket_arm_timer(Socket *s) {
167 int r;
168
169 assert(s);
170
171 if (s->timeout_usec <= 0) {
172 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
173 return 0;
174 }
175
176 if (s->timer_event_source) {
177 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
178 if (r < 0)
179 return r;
180
181 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
182 }
183
184 r = sd_event_add_time(
185 UNIT(s)->manager->event,
186 &s->timer_event_source,
187 CLOCK_MONOTONIC,
188 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
189 socket_dispatch_timer, s);
190 if (r < 0)
191 return r;
192
193 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
194
195 return 0;
196 }
197
198 int socket_instantiate_service(Socket *s) {
199 _cleanup_free_ char *prefix = NULL, *name = NULL;
200 int r;
201 Unit *u;
202
203 assert(s);
204
205 /* This fills in s->service if it isn't filled in yet. For
206 * Accept=yes sockets we create the next connection service
207 * here. For Accept=no this is mostly a NOP since the service
208 * is figured out at load time anyway. */
209
210 if (UNIT_DEREF(s->service))
211 return 0;
212
213 if (!s->accept)
214 return 0;
215
216 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
217 if (r < 0)
218 return r;
219
220 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
221 return -ENOMEM;
222
223 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
224 if (r < 0)
225 return r;
226
227 u->no_gc = true;
228 unit_ref_set(&s->service, u);
229
230 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
231 }
232
233 static bool have_non_accept_socket(Socket *s) {
234 SocketPort *p;
235
236 assert(s);
237
238 if (!s->accept)
239 return true;
240
241 LIST_FOREACH(port, p, s->ports) {
242
243 if (p->type != SOCKET_SOCKET)
244 return true;
245
246 if (!socket_address_can_accept(&p->address))
247 return true;
248 }
249
250 return false;
251 }
252
253 static int socket_add_mount_links(Socket *s) {
254 SocketPort *p;
255 int r;
256
257 assert(s);
258
259 LIST_FOREACH(port, p, s->ports) {
260 const char *path = NULL;
261
262 if (p->type == SOCKET_SOCKET)
263 path = socket_address_get_path(&p->address);
264 else if (IN_SET(p->type, SOCKET_FIFO, SOCKET_SPECIAL, SOCKET_USB_FUNCTION))
265 path = p->path;
266
267 if (!path)
268 continue;
269
270 r = unit_require_mounts_for(UNIT(s), path);
271 if (r < 0)
272 return r;
273 }
274
275 return 0;
276 }
277
278 static int socket_add_device_link(Socket *s) {
279 char *t;
280
281 assert(s);
282
283 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
284 return 0;
285
286 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
287 return unit_add_node_link(UNIT(s), t, false);
288 }
289
290 static int socket_add_default_dependencies(Socket *s) {
291 int r;
292 assert(s);
293
294 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
295 if (r < 0)
296 return r;
297
298 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
299 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
300 if (r < 0)
301 return r;
302 }
303
304 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
305 }
306
307 _pure_ static bool socket_has_exec(Socket *s) {
308 unsigned i;
309 assert(s);
310
311 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
312 if (s->exec_command[i])
313 return true;
314
315 return false;
316 }
317
318 static int socket_add_extras(Socket *s) {
319 Unit *u = UNIT(s);
320 int r;
321
322 assert(s);
323
324 if (have_non_accept_socket(s)) {
325
326 if (!UNIT_DEREF(s->service)) {
327 Unit *x;
328
329 r = unit_load_related_unit(u, ".service", &x);
330 if (r < 0)
331 return r;
332
333 unit_ref_set(&s->service, x);
334 }
335
336 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
337 if (r < 0)
338 return r;
339 }
340
341 r = socket_add_mount_links(s);
342 if (r < 0)
343 return r;
344
345 r = socket_add_device_link(s);
346 if (r < 0)
347 return r;
348
349 r = unit_patch_contexts(u);
350 if (r < 0)
351 return r;
352
353 if (socket_has_exec(s)) {
354 r = unit_add_exec_dependencies(u, &s->exec_context);
355 if (r < 0)
356 return r;
357
358 r = unit_set_default_slice(u);
359 if (r < 0)
360 return r;
361 }
362
363 if (u->default_dependencies) {
364 r = socket_add_default_dependencies(s);
365 if (r < 0)
366 return r;
367 }
368
369 return 0;
370 }
371
372 static const char *socket_find_symlink_target(Socket *s) {
373 const char *found = NULL;
374 SocketPort *p;
375
376 LIST_FOREACH(port, p, s->ports) {
377 const char *f = NULL;
378
379 switch (p->type) {
380
381 case SOCKET_FIFO:
382 f = p->path;
383 break;
384
385 case SOCKET_SOCKET:
386 if (p->address.sockaddr.un.sun_path[0] != 0)
387 f = p->address.sockaddr.un.sun_path;
388 break;
389
390 default:
391 break;
392 }
393
394 if (f) {
395 if (found)
396 return NULL;
397
398 found = f;
399 }
400 }
401
402 return found;
403 }
404
405 static int socket_verify(Socket *s) {
406 assert(s);
407
408 if (UNIT(s)->load_state != UNIT_LOADED)
409 return 0;
410
411 if (!s->ports) {
412 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
413 return -EINVAL;
414 }
415
416 if (s->accept && have_non_accept_socket(s)) {
417 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
418 return -EINVAL;
419 }
420
421 if (s->accept && s->max_connections <= 0) {
422 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
423 return -EINVAL;
424 }
425
426 if (s->accept && UNIT_DEREF(s->service)) {
427 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
428 return -EINVAL;
429 }
430
431 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
432 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
433 return -EINVAL;
434 }
435
436 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
437 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
438 return -EINVAL;
439 }
440
441 return 0;
442 }
443
444 static int socket_load(Unit *u) {
445 Socket *s = SOCKET(u);
446 int r;
447
448 assert(u);
449 assert(u->load_state == UNIT_STUB);
450
451 r = unit_load_fragment_and_dropin(u);
452 if (r < 0)
453 return r;
454
455 if (u->load_state == UNIT_LOADED) {
456 /* This is a new unit? Then let's add in some extras */
457 r = socket_add_extras(s);
458 if (r < 0)
459 return r;
460 }
461
462 return socket_verify(s);
463 }
464
465 _const_ static const char* listen_lookup(int family, int type) {
466
467 if (family == AF_NETLINK)
468 return "ListenNetlink";
469
470 if (type == SOCK_STREAM)
471 return "ListenStream";
472 else if (type == SOCK_DGRAM)
473 return "ListenDatagram";
474 else if (type == SOCK_SEQPACKET)
475 return "ListenSequentialPacket";
476
477 assert_not_reached("Unknown socket type");
478 return NULL;
479 }
480
481 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
482 char time_string[FORMAT_TIMESPAN_MAX];
483 SocketExecCommand c;
484 Socket *s = SOCKET(u);
485 SocketPort *p;
486 const char *prefix2;
487
488 assert(s);
489 assert(f);
490
491 prefix = strempty(prefix);
492 prefix2 = strjoina(prefix, "\t");
493
494 fprintf(f,
495 "%sSocket State: %s\n"
496 "%sResult: %s\n"
497 "%sBindIPv6Only: %s\n"
498 "%sBacklog: %u\n"
499 "%sSocketMode: %04o\n"
500 "%sDirectoryMode: %04o\n"
501 "%sKeepAlive: %s\n"
502 "%sNoDelay: %s\n"
503 "%sFreeBind: %s\n"
504 "%sTransparent: %s\n"
505 "%sBroadcast: %s\n"
506 "%sPassCredentials: %s\n"
507 "%sPassSecurity: %s\n"
508 "%sTCPCongestion: %s\n"
509 "%sRemoveOnStop: %s\n"
510 "%sSELinuxContextFromNet: %s\n",
511 prefix, socket_state_to_string(s->state),
512 prefix, socket_result_to_string(s->result),
513 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
514 prefix, s->backlog,
515 prefix, s->socket_mode,
516 prefix, s->directory_mode,
517 prefix, yes_no(s->keep_alive),
518 prefix, yes_no(s->no_delay),
519 prefix, yes_no(s->free_bind),
520 prefix, yes_no(s->transparent),
521 prefix, yes_no(s->broadcast),
522 prefix, yes_no(s->pass_cred),
523 prefix, yes_no(s->pass_sec),
524 prefix, strna(s->tcp_congestion),
525 prefix, yes_no(s->remove_on_stop),
526 prefix, yes_no(s->selinux_context_from_net));
527
528 if (s->control_pid > 0)
529 fprintf(f,
530 "%sControl PID: "PID_FMT"\n",
531 prefix, s->control_pid);
532
533 if (s->bind_to_device)
534 fprintf(f,
535 "%sBindToDevice: %s\n",
536 prefix, s->bind_to_device);
537
538 if (s->accept)
539 fprintf(f,
540 "%sAccepted: %u\n"
541 "%sNConnections: %u\n"
542 "%sMaxConnections: %u\n",
543 prefix, s->n_accepted,
544 prefix, s->n_connections,
545 prefix, s->max_connections);
546
547 if (s->priority >= 0)
548 fprintf(f,
549 "%sPriority: %i\n",
550 prefix, s->priority);
551
552 if (s->receive_buffer > 0)
553 fprintf(f,
554 "%sReceiveBuffer: %zu\n",
555 prefix, s->receive_buffer);
556
557 if (s->send_buffer > 0)
558 fprintf(f,
559 "%sSendBuffer: %zu\n",
560 prefix, s->send_buffer);
561
562 if (s->ip_tos >= 0)
563 fprintf(f,
564 "%sIPTOS: %i\n",
565 prefix, s->ip_tos);
566
567 if (s->ip_ttl >= 0)
568 fprintf(f,
569 "%sIPTTL: %i\n",
570 prefix, s->ip_ttl);
571
572 if (s->pipe_size > 0)
573 fprintf(f,
574 "%sPipeSize: %zu\n",
575 prefix, s->pipe_size);
576
577 if (s->mark >= 0)
578 fprintf(f,
579 "%sMark: %i\n",
580 prefix, s->mark);
581
582 if (s->mq_maxmsg > 0)
583 fprintf(f,
584 "%sMessageQueueMaxMessages: %li\n",
585 prefix, s->mq_maxmsg);
586
587 if (s->mq_msgsize > 0)
588 fprintf(f,
589 "%sMessageQueueMessageSize: %li\n",
590 prefix, s->mq_msgsize);
591
592 if (s->reuse_port)
593 fprintf(f,
594 "%sReusePort: %s\n",
595 prefix, yes_no(s->reuse_port));
596
597 if (s->smack)
598 fprintf(f,
599 "%sSmackLabel: %s\n",
600 prefix, s->smack);
601
602 if (s->smack_ip_in)
603 fprintf(f,
604 "%sSmackLabelIPIn: %s\n",
605 prefix, s->smack_ip_in);
606
607 if (s->smack_ip_out)
608 fprintf(f,
609 "%sSmackLabelIPOut: %s\n",
610 prefix, s->smack_ip_out);
611
612 if (!isempty(s->user) || !isempty(s->group))
613 fprintf(f,
614 "%sOwnerUser: %s\n"
615 "%sOwnerGroup: %s\n",
616 prefix, strna(s->user),
617 prefix, strna(s->group));
618
619 if (s->keep_alive_time > 0)
620 fprintf(f,
621 "%sKeepAliveTimeSec: %s\n",
622 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
623
624 if (s->keep_alive_interval)
625 fprintf(f,
626 "%sKeepAliveIntervalSec: %s\n",
627 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
628
629 if (s->keep_alive_cnt)
630 fprintf(f,
631 "%sKeepAliveProbes: %u\n",
632 prefix, s->keep_alive_cnt);
633
634 if (s->defer_accept)
635 fprintf(f,
636 "%sDeferAcceptSec: %s\n",
637 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
638
639 LIST_FOREACH(port, p, s->ports) {
640
641 if (p->type == SOCKET_SOCKET) {
642 const char *t;
643 int r;
644 char *k = NULL;
645
646 if ((r = socket_address_print(&p->address, &k)) < 0)
647 t = strerror(-r);
648 else
649 t = k;
650
651 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
652 free(k);
653 } else if (p->type == SOCKET_SPECIAL)
654 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
655 else if (p->type == SOCKET_USB_FUNCTION)
656 fprintf(f, "%sListenUSBFunction: %s\n", prefix, p->path);
657 else if (p->type == SOCKET_MQUEUE)
658 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
659 else
660 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
661 }
662
663 exec_context_dump(&s->exec_context, f, prefix);
664 kill_context_dump(&s->kill_context, f, prefix);
665
666 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
667 if (!s->exec_command[c])
668 continue;
669
670 fprintf(f, "%s-> %s:\n",
671 prefix, socket_exec_command_to_string(c));
672
673 exec_command_dump_list(s->exec_command[c], f, prefix2);
674 }
675 }
676
677 static int instance_from_socket(int fd, unsigned nr, char **instance) {
678 socklen_t l;
679 char *r;
680 union sockaddr_union local, remote;
681
682 assert(fd >= 0);
683 assert(instance);
684
685 l = sizeof(local);
686 if (getsockname(fd, &local.sa, &l) < 0)
687 return -errno;
688
689 l = sizeof(remote);
690 if (getpeername(fd, &remote.sa, &l) < 0)
691 return -errno;
692
693 switch (local.sa.sa_family) {
694
695 case AF_INET: {
696 uint32_t
697 a = ntohl(local.in.sin_addr.s_addr),
698 b = ntohl(remote.in.sin_addr.s_addr);
699
700 if (asprintf(&r,
701 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
702 nr,
703 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
704 ntohs(local.in.sin_port),
705 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
706 ntohs(remote.in.sin_port)) < 0)
707 return -ENOMEM;
708
709 break;
710 }
711
712 case AF_INET6: {
713 static const unsigned char ipv4_prefix[] = {
714 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
715 };
716
717 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
718 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
719 const uint8_t
720 *a = local.in6.sin6_addr.s6_addr+12,
721 *b = remote.in6.sin6_addr.s6_addr+12;
722
723 if (asprintf(&r,
724 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
725 nr,
726 a[0], a[1], a[2], a[3],
727 ntohs(local.in6.sin6_port),
728 b[0], b[1], b[2], b[3],
729 ntohs(remote.in6.sin6_port)) < 0)
730 return -ENOMEM;
731 } else {
732 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
733
734 if (asprintf(&r,
735 "%u-%s:%u-%s:%u",
736 nr,
737 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
738 ntohs(local.in6.sin6_port),
739 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
740 ntohs(remote.in6.sin6_port)) < 0)
741 return -ENOMEM;
742 }
743
744 break;
745 }
746
747 case AF_UNIX: {
748 struct ucred ucred;
749 int k;
750
751 k = getpeercred(fd, &ucred);
752 if (k >= 0) {
753 if (asprintf(&r,
754 "%u-"PID_FMT"-"UID_FMT,
755 nr, ucred.pid, ucred.uid) < 0)
756 return -ENOMEM;
757 } else if (k == -ENODATA) {
758 /* This handles the case where somebody is
759 * connecting from another pid/uid namespace
760 * (e.g. from outside of our container). */
761 if (asprintf(&r,
762 "%u-unknown",
763 nr) < 0)
764 return -ENOMEM;
765 } else
766 return k;
767
768 break;
769 }
770
771 default:
772 assert_not_reached("Unhandled socket type.");
773 }
774
775 *instance = r;
776 return 0;
777 }
778
779 static void socket_close_fds(Socket *s) {
780 SocketPort *p;
781 char **i;
782
783 assert(s);
784
785 LIST_FOREACH(port, p, s->ports) {
786
787 p->event_source = sd_event_source_unref(p->event_source);
788
789 if (p->fd < 0)
790 continue;
791
792 p->fd = safe_close(p->fd);
793 socket_cleanup_fd_list(p);
794
795 /* One little note: we should normally not delete any
796 * sockets in the file system here! After all some
797 * other process we spawned might still have a
798 * reference of this fd and wants to continue to use
799 * it. Therefore we delete sockets in the file system
800 * before we create a new one, not after we stopped
801 * using one! */
802
803 if (s->remove_on_stop) {
804 switch (p->type) {
805
806 case SOCKET_FIFO:
807 unlink(p->path);
808 break;
809
810 case SOCKET_MQUEUE:
811 mq_unlink(p->path);
812 break;
813
814 case SOCKET_SOCKET:
815 socket_address_unlink(&p->address);
816 break;
817
818 default:
819 break;
820 }
821 }
822 }
823
824 if (s->remove_on_stop)
825 STRV_FOREACH(i, s->symlinks)
826 unlink(*i);
827 }
828
829 static void socket_apply_socket_options(Socket *s, int fd) {
830 int r;
831
832 assert(s);
833 assert(fd >= 0);
834
835 if (s->keep_alive) {
836 int b = s->keep_alive;
837 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
838 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
839 }
840
841 if (s->keep_alive_time) {
842 int value = s->keep_alive_time / USEC_PER_SEC;
843 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
844 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
845 }
846
847 if (s->keep_alive_interval) {
848 int value = s->keep_alive_interval / USEC_PER_SEC;
849 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
850 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
851 }
852
853 if (s->keep_alive_cnt) {
854 int value = s->keep_alive_cnt;
855 if (setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &value, sizeof(value)) < 0)
856 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
857 }
858
859 if (s->defer_accept) {
860 int value = s->defer_accept / USEC_PER_SEC;
861 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
862 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
863 }
864
865 if (s->no_delay) {
866 int b = s->no_delay;
867 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
868 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
869 }
870
871 if (s->broadcast) {
872 int one = 1;
873 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
874 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
875 }
876
877 if (s->pass_cred) {
878 int one = 1;
879 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
880 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
881 }
882
883 if (s->pass_sec) {
884 int one = 1;
885 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
886 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
887 }
888
889 if (s->priority >= 0)
890 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
891 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
892
893 if (s->receive_buffer > 0) {
894 int value = (int) s->receive_buffer;
895
896 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
897
898 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
899 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
900 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
901 }
902
903 if (s->send_buffer > 0) {
904 int value = (int) s->send_buffer;
905 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
906 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
907 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
908 }
909
910 if (s->mark >= 0)
911 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
912 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
913
914 if (s->ip_tos >= 0)
915 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
916 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
917
918 if (s->ip_ttl >= 0) {
919 int x;
920
921 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
922
923 if (socket_ipv6_is_supported())
924 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
925 else {
926 x = -1;
927 errno = EAFNOSUPPORT;
928 }
929
930 if (r < 0 && x < 0)
931 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
932 }
933
934 if (s->tcp_congestion)
935 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
936 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
937
938 if (s->smack_ip_in) {
939 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
940 if (r < 0)
941 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
942 }
943
944 if (s->smack_ip_out) {
945 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
946 if (r < 0)
947 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
948 }
949 }
950
951 static void socket_apply_fifo_options(Socket *s, int fd) {
952 int r;
953
954 assert(s);
955 assert(fd >= 0);
956
957 if (s->pipe_size > 0)
958 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
959 log_unit_warning_errno(UNIT(s), errno, "Setting pipe size failed, ignoring: %m");
960
961 if (s->smack) {
962 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
963 if (r < 0)
964 log_unit_error_errno(UNIT(s), r, "SMACK relabelling failed, ignoring: %m");
965 }
966 }
967
968 static int fifo_address_create(
969 const char *path,
970 mode_t directory_mode,
971 mode_t socket_mode) {
972
973 _cleanup_close_ int fd = -1;
974 mode_t old_mask;
975 struct stat st;
976 int r;
977
978 assert(path);
979
980 mkdir_parents_label(path, directory_mode);
981
982 r = mac_selinux_create_file_prepare(path, S_IFIFO);
983 if (r < 0)
984 return r;
985
986 /* Enforce the right access mode for the fifo */
987 old_mask = umask(~ socket_mode);
988
989 /* Include the original umask in our mask */
990 (void) umask(~socket_mode | old_mask);
991
992 r = mkfifo(path, socket_mode);
993 (void) umask(old_mask);
994
995 if (r < 0 && errno != EEXIST) {
996 r = -errno;
997 goto fail;
998 }
999
1000 fd = open(path, O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
1001 if (fd < 0) {
1002 r = -errno;
1003 goto fail;
1004 }
1005
1006 mac_selinux_create_file_clear();
1007
1008 if (fstat(fd, &st) < 0) {
1009 r = -errno;
1010 goto fail;
1011 }
1012
1013 if (!S_ISFIFO(st.st_mode) ||
1014 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1015 st.st_uid != getuid() ||
1016 st.st_gid != getgid()) {
1017 r = -EEXIST;
1018 goto fail;
1019 }
1020
1021 r = fd;
1022 fd = -1;
1023
1024 return r;
1025
1026 fail:
1027 mac_selinux_create_file_clear();
1028 safe_close(fd);
1029
1030 return r;
1031 }
1032
1033 static int special_address_create(const char *path) {
1034 _cleanup_close_ int fd = -1;
1035 struct stat st;
1036 int r;
1037
1038 assert(path);
1039
1040 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1041 if (fd < 0)
1042 return -errno;
1043
1044 if (fstat(fd, &st) < 0)
1045 return -errno;
1046
1047 /* Check whether this is a /proc, /sys or /dev file or char device */
1048 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode))
1049 return -EEXIST;
1050
1051 r = fd;
1052 fd = -1;
1053
1054 return r;
1055 }
1056
1057 static int usbffs_address_create(const char *path) {
1058 _cleanup_close_ int fd = -1;
1059 struct stat st;
1060 int r;
1061
1062 assert(path);
1063
1064 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1065 if (fd < 0)
1066 return -errno;
1067
1068 if (fstat(fd, &st) < 0)
1069 return -errno;
1070
1071 /* Check whether this is a regular file (ffs endpoint)*/
1072 if (!S_ISREG(st.st_mode))
1073 return -EEXIST;
1074
1075 r = fd;
1076 fd = -1;
1077
1078 return r;
1079 }
1080
1081 static int mq_address_create(
1082 const char *path,
1083 mode_t mq_mode,
1084 long maxmsg,
1085 long msgsize) {
1086
1087 _cleanup_close_ int fd = -1;
1088 struct stat st;
1089 mode_t old_mask;
1090 struct mq_attr _attr, *attr = NULL;
1091 int r;
1092
1093 assert(path);
1094
1095 if (maxmsg > 0 && msgsize > 0) {
1096 _attr = (struct mq_attr) {
1097 .mq_flags = O_NONBLOCK,
1098 .mq_maxmsg = maxmsg,
1099 .mq_msgsize = msgsize,
1100 };
1101 attr = &_attr;
1102 }
1103
1104 /* Enforce the right access mode for the mq */
1105 old_mask = umask(~ mq_mode);
1106
1107 /* Include the original umask in our mask */
1108 (void) umask(~mq_mode | old_mask);
1109 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1110 (void) umask(old_mask);
1111
1112 if (fd < 0)
1113 return -errno;
1114
1115 if (fstat(fd, &st) < 0)
1116 return -errno;
1117
1118 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1119 st.st_uid != getuid() ||
1120 st.st_gid != getgid())
1121 return -EEXIST;
1122
1123 r = fd;
1124 fd = -1;
1125
1126 return r;
1127 }
1128
1129 static int socket_symlink(Socket *s) {
1130 const char *p;
1131 char **i;
1132
1133 assert(s);
1134
1135 p = socket_find_symlink_target(s);
1136 if (!p)
1137 return 0;
1138
1139 STRV_FOREACH(i, s->symlinks)
1140 symlink_label(p, *i);
1141
1142 return 0;
1143 }
1144
1145 static int usbffs_write_descs(int fd, Service *s) {
1146 int r;
1147
1148 if (!s->usb_function_descriptors || !s->usb_function_strings)
1149 return -EINVAL;
1150
1151 r = copy_file_fd(s->usb_function_descriptors, fd, false);
1152 if (r < 0)
1153 return r;
1154
1155 return copy_file_fd(s->usb_function_strings, fd, false);
1156 }
1157
1158 static int usbffs_select_ep(const struct dirent *d) {
1159 return d->d_name[0] != '.' && !streq(d->d_name, "ep0");
1160 }
1161
1162 static int usbffs_dispatch_eps(SocketPort *p) {
1163 _cleanup_free_ struct dirent **ent = NULL;
1164 _cleanup_free_ char *path = NULL;
1165 int r, i, n, k;
1166
1167 r = path_get_parent(p->path, &path);
1168 if (r < 0)
1169 return r;
1170
1171 r = scandir(path, &ent, usbffs_select_ep, alphasort);
1172 if (r < 0)
1173 return -errno;
1174
1175 n = r;
1176 p->auxiliary_fds = new(int, n);
1177 if (!p->auxiliary_fds)
1178 return -ENOMEM;
1179
1180 p->n_auxiliary_fds = n;
1181
1182 k = 0;
1183 for (i = 0; i < n; ++i) {
1184 _cleanup_free_ char *ep = NULL;
1185
1186 ep = path_make_absolute(ent[i]->d_name, path);
1187 if (!ep)
1188 return -ENOMEM;
1189
1190 path_kill_slashes(ep);
1191
1192 r = usbffs_address_create(ep);
1193 if (r < 0)
1194 goto fail;
1195
1196 p->auxiliary_fds[k] = r;
1197
1198 ++k;
1199 free(ent[i]);
1200 }
1201
1202 return r;
1203
1204 fail:
1205 close_many(p->auxiliary_fds, k);
1206 p->auxiliary_fds = mfree(p->auxiliary_fds);
1207 p->n_auxiliary_fds = 0;
1208
1209 return r;
1210 }
1211
1212 static int socket_open_fds(Socket *s) {
1213 _cleanup_(mac_selinux_freep) char *label = NULL;
1214 bool know_label = false;
1215 SocketPort *p;
1216 int r;
1217
1218 assert(s);
1219
1220 LIST_FOREACH(port, p, s->ports) {
1221
1222 if (p->fd >= 0)
1223 continue;
1224
1225 switch (p->type) {
1226
1227 case SOCKET_SOCKET:
1228
1229 if (!know_label) {
1230 /* Figure out label, if we don't it know
1231 * yet. We do it once, for the first
1232 * socket where we need this and
1233 * remember it for the rest. */
1234
1235 if (s->selinux_context_from_net) {
1236 /* Get it from the network label */
1237
1238 r = mac_selinux_get_our_label(&label);
1239 if (r < 0 && r != -EOPNOTSUPP)
1240 goto rollback;
1241
1242 } else {
1243 /* Get it from the executable we are about to start */
1244
1245 r = socket_instantiate_service(s);
1246 if (r < 0)
1247 goto rollback;
1248
1249 if (UNIT_ISSET(s->service) &&
1250 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1251 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1252 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1253 goto rollback;
1254 }
1255 }
1256
1257 know_label = true;
1258 }
1259
1260 r = socket_address_listen(
1261 &p->address,
1262 SOCK_CLOEXEC|SOCK_NONBLOCK,
1263 s->backlog,
1264 s->bind_ipv6_only,
1265 s->bind_to_device,
1266 s->reuse_port,
1267 s->free_bind,
1268 s->transparent,
1269 s->directory_mode,
1270 s->socket_mode,
1271 label);
1272 if (r < 0)
1273 goto rollback;
1274
1275 p->fd = r;
1276 socket_apply_socket_options(s, p->fd);
1277 socket_symlink(s);
1278 break;
1279
1280 case SOCKET_SPECIAL:
1281
1282 p->fd = special_address_create(p->path);
1283 if (p->fd < 0) {
1284 r = p->fd;
1285 goto rollback;
1286 }
1287 break;
1288
1289 case SOCKET_FIFO:
1290
1291 p->fd = fifo_address_create(
1292 p->path,
1293 s->directory_mode,
1294 s->socket_mode);
1295 if (p->fd < 0) {
1296 r = p->fd;
1297 goto rollback;
1298 }
1299
1300 socket_apply_fifo_options(s, p->fd);
1301 socket_symlink(s);
1302 break;
1303
1304 case SOCKET_MQUEUE:
1305
1306 p->fd = mq_address_create(
1307 p->path,
1308 s->socket_mode,
1309 s->mq_maxmsg,
1310 s->mq_msgsize);
1311 if (p->fd < 0) {
1312 r = p->fd;
1313 goto rollback;
1314 }
1315 break;
1316
1317 case SOCKET_USB_FUNCTION:
1318
1319 p->fd = usbffs_address_create(p->path);
1320 if (p->fd < 0) {
1321 r = p->fd;
1322 goto rollback;
1323 }
1324
1325 r = usbffs_write_descs(p->fd, SERVICE(UNIT_DEREF(s->service)));
1326 if (r < 0)
1327 goto rollback;
1328
1329 r = usbffs_dispatch_eps(p);
1330 if (r < 0)
1331 goto rollback;
1332
1333 break;
1334
1335 default:
1336 assert_not_reached("Unknown port type");
1337 }
1338 }
1339
1340 return 0;
1341
1342 rollback:
1343 socket_close_fds(s);
1344 return r;
1345 }
1346
1347 static void socket_unwatch_fds(Socket *s) {
1348 SocketPort *p;
1349 int r;
1350
1351 assert(s);
1352
1353 LIST_FOREACH(port, p, s->ports) {
1354 if (p->fd < 0)
1355 continue;
1356
1357 if (!p->event_source)
1358 continue;
1359
1360 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1361 if (r < 0)
1362 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
1363 }
1364 }
1365
1366 static int socket_watch_fds(Socket *s) {
1367 SocketPort *p;
1368 int r;
1369
1370 assert(s);
1371
1372 LIST_FOREACH(port, p, s->ports) {
1373 if (p->fd < 0)
1374 continue;
1375
1376 if (p->event_source) {
1377 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1378 if (r < 0)
1379 goto fail;
1380 } else {
1381 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1382 if (r < 0)
1383 goto fail;
1384
1385 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1386 }
1387 }
1388
1389 return 0;
1390
1391 fail:
1392 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
1393 socket_unwatch_fds(s);
1394 return r;
1395 }
1396
1397 static void socket_set_state(Socket *s, SocketState state) {
1398 SocketState old_state;
1399 assert(s);
1400
1401 old_state = s->state;
1402 s->state = state;
1403
1404 if (!IN_SET(state,
1405 SOCKET_START_PRE,
1406 SOCKET_START_CHOWN,
1407 SOCKET_START_POST,
1408 SOCKET_STOP_PRE,
1409 SOCKET_STOP_PRE_SIGTERM,
1410 SOCKET_STOP_PRE_SIGKILL,
1411 SOCKET_STOP_POST,
1412 SOCKET_FINAL_SIGTERM,
1413 SOCKET_FINAL_SIGKILL)) {
1414
1415 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1416 socket_unwatch_control_pid(s);
1417 s->control_command = NULL;
1418 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1419 }
1420
1421 if (state != SOCKET_LISTENING)
1422 socket_unwatch_fds(s);
1423
1424 if (!IN_SET(state,
1425 SOCKET_START_CHOWN,
1426 SOCKET_START_POST,
1427 SOCKET_LISTENING,
1428 SOCKET_RUNNING,
1429 SOCKET_STOP_PRE,
1430 SOCKET_STOP_PRE_SIGTERM,
1431 SOCKET_STOP_PRE_SIGKILL))
1432 socket_close_fds(s);
1433
1434 if (state != old_state)
1435 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
1436
1437 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1438 }
1439
1440 static int socket_coldplug(Unit *u) {
1441 Socket *s = SOCKET(u);
1442 int r;
1443
1444 assert(s);
1445 assert(s->state == SOCKET_DEAD);
1446
1447 if (s->deserialized_state == s->state)
1448 return 0;
1449
1450 if (IN_SET(s->deserialized_state,
1451 SOCKET_START_PRE,
1452 SOCKET_START_CHOWN,
1453 SOCKET_START_POST,
1454 SOCKET_STOP_PRE,
1455 SOCKET_STOP_PRE_SIGTERM,
1456 SOCKET_STOP_PRE_SIGKILL,
1457 SOCKET_STOP_POST,
1458 SOCKET_FINAL_SIGTERM,
1459 SOCKET_FINAL_SIGKILL)) {
1460
1461 if (s->control_pid <= 0)
1462 return -EBADMSG;
1463
1464 r = unit_watch_pid(UNIT(s), s->control_pid);
1465 if (r < 0)
1466 return r;
1467
1468 r = socket_arm_timer(s);
1469 if (r < 0)
1470 return r;
1471 }
1472
1473 if (IN_SET(s->deserialized_state,
1474 SOCKET_START_CHOWN,
1475 SOCKET_START_POST,
1476 SOCKET_LISTENING,
1477 SOCKET_RUNNING,
1478 SOCKET_STOP_PRE,
1479 SOCKET_STOP_PRE_SIGTERM,
1480 SOCKET_STOP_PRE_SIGKILL)) {
1481 r = socket_open_fds(s);
1482 if (r < 0)
1483 return r;
1484 }
1485
1486 if (s->deserialized_state == SOCKET_LISTENING) {
1487 r = socket_watch_fds(s);
1488 if (r < 0)
1489 return r;
1490 }
1491
1492 socket_set_state(s, s->deserialized_state);
1493 return 0;
1494 }
1495
1496 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1497 _cleanup_free_ char **argv = NULL;
1498 pid_t pid;
1499 int r;
1500 ExecParameters exec_params = {
1501 .apply_permissions = true,
1502 .apply_chroot = true,
1503 .apply_tty_stdin = true,
1504 .bus_endpoint_fd = -1,
1505 };
1506
1507 assert(s);
1508 assert(c);
1509 assert(_pid);
1510
1511 (void) unit_realize_cgroup(UNIT(s));
1512 if (s->reset_cpu_usage) {
1513 (void) unit_reset_cpu_usage(UNIT(s));
1514 s->reset_cpu_usage = false;
1515 }
1516
1517 r = unit_setup_exec_runtime(UNIT(s));
1518 if (r < 0)
1519 goto fail;
1520
1521 r = socket_arm_timer(s);
1522 if (r < 0)
1523 goto fail;
1524
1525 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1526 if (r < 0)
1527 goto fail;
1528
1529 exec_params.argv = argv;
1530 exec_params.environment = UNIT(s)->manager->environment;
1531 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1532 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1533 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1534 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1535 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1536
1537 r = exec_spawn(UNIT(s),
1538 c,
1539 &s->exec_context,
1540 &exec_params,
1541 s->exec_runtime,
1542 &pid);
1543 if (r < 0)
1544 goto fail;
1545
1546 r = unit_watch_pid(UNIT(s), pid);
1547 if (r < 0)
1548 /* FIXME: we need to do something here */
1549 goto fail;
1550
1551 *_pid = pid;
1552 return 0;
1553
1554 fail:
1555 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1556 return r;
1557 }
1558
1559 static int socket_chown(Socket *s, pid_t *_pid) {
1560 pid_t pid;
1561 int r;
1562
1563 r = socket_arm_timer(s);
1564 if (r < 0)
1565 goto fail;
1566
1567 /* We have to resolve the user names out-of-process, hence
1568 * let's fork here. It's messy, but well, what can we do? */
1569
1570 pid = fork();
1571 if (pid < 0)
1572 return -errno;
1573
1574 if (pid == 0) {
1575 SocketPort *p;
1576 uid_t uid = UID_INVALID;
1577 gid_t gid = GID_INVALID;
1578 int ret;
1579
1580 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1581 (void) ignore_signals(SIGPIPE, -1);
1582 log_forget_fds();
1583
1584 if (!isempty(s->user)) {
1585 const char *user = s->user;
1586
1587 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1588 if (r < 0) {
1589 ret = EXIT_USER;
1590 goto fail_child;
1591 }
1592 }
1593
1594 if (!isempty(s->group)) {
1595 const char *group = s->group;
1596
1597 r = get_group_creds(&group, &gid);
1598 if (r < 0) {
1599 ret = EXIT_GROUP;
1600 goto fail_child;
1601 }
1602 }
1603
1604 LIST_FOREACH(port, p, s->ports) {
1605 const char *path = NULL;
1606
1607 if (p->type == SOCKET_SOCKET)
1608 path = socket_address_get_path(&p->address);
1609 else if (p->type == SOCKET_FIFO)
1610 path = p->path;
1611
1612 if (!path)
1613 continue;
1614
1615 if (chown(path, uid, gid) < 0) {
1616 r = -errno;
1617 ret = EXIT_CHOWN;
1618 goto fail_child;
1619 }
1620 }
1621
1622 _exit(0);
1623
1624 fail_child:
1625 log_open();
1626 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1627
1628 _exit(ret);
1629 }
1630
1631 r = unit_watch_pid(UNIT(s), pid);
1632 if (r < 0)
1633 goto fail;
1634
1635 *_pid = pid;
1636 return 0;
1637
1638 fail:
1639 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1640 return r;
1641 }
1642
1643 static void socket_enter_dead(Socket *s, SocketResult f) {
1644 assert(s);
1645
1646 if (f != SOCKET_SUCCESS)
1647 s->result = f;
1648
1649 exec_runtime_destroy(s->exec_runtime);
1650 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1651
1652 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1653
1654 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1655 }
1656
1657 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1658
1659 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1660 int r;
1661 assert(s);
1662
1663 if (f != SOCKET_SUCCESS)
1664 s->result = f;
1665
1666 socket_unwatch_control_pid(s);
1667 s->control_command_id = SOCKET_EXEC_STOP_POST;
1668 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1669
1670 if (s->control_command) {
1671 r = socket_spawn(s, s->control_command, &s->control_pid);
1672 if (r < 0)
1673 goto fail;
1674
1675 socket_set_state(s, SOCKET_STOP_POST);
1676 } else
1677 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1678
1679 return;
1680
1681 fail:
1682 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
1683 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1684 }
1685
1686 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1687 int r;
1688
1689 assert(s);
1690
1691 if (f != SOCKET_SUCCESS)
1692 s->result = f;
1693
1694 r = unit_kill_context(
1695 UNIT(s),
1696 &s->kill_context,
1697 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1698 KILL_KILL : KILL_TERMINATE,
1699 -1,
1700 s->control_pid,
1701 false);
1702 if (r < 0)
1703 goto fail;
1704
1705 if (r > 0) {
1706 r = socket_arm_timer(s);
1707 if (r < 0)
1708 goto fail;
1709
1710 socket_set_state(s, state);
1711 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1712 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1713 else if (state == SOCKET_STOP_PRE_SIGKILL)
1714 socket_enter_stop_post(s, SOCKET_SUCCESS);
1715 else if (state == SOCKET_FINAL_SIGTERM)
1716 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1717 else
1718 socket_enter_dead(s, SOCKET_SUCCESS);
1719
1720 return;
1721
1722 fail:
1723 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
1724
1725 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1726 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1727 else
1728 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1729 }
1730
1731 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1732 int r;
1733 assert(s);
1734
1735 if (f != SOCKET_SUCCESS)
1736 s->result = f;
1737
1738 socket_unwatch_control_pid(s);
1739 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1740 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1741
1742 if (s->control_command) {
1743 r = socket_spawn(s, s->control_command, &s->control_pid);
1744 if (r < 0)
1745 goto fail;
1746
1747 socket_set_state(s, SOCKET_STOP_PRE);
1748 } else
1749 socket_enter_stop_post(s, SOCKET_SUCCESS);
1750
1751 return;
1752
1753 fail:
1754 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
1755 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1756 }
1757
1758 static void socket_enter_listening(Socket *s) {
1759 int r;
1760 assert(s);
1761
1762 r = socket_watch_fds(s);
1763 if (r < 0) {
1764 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1765 goto fail;
1766 }
1767
1768 socket_set_state(s, SOCKET_LISTENING);
1769 return;
1770
1771 fail:
1772 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1773 }
1774
1775 static void socket_enter_start_post(Socket *s) {
1776 int r;
1777 assert(s);
1778
1779 socket_unwatch_control_pid(s);
1780 s->control_command_id = SOCKET_EXEC_START_POST;
1781 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1782
1783 if (s->control_command) {
1784 r = socket_spawn(s, s->control_command, &s->control_pid);
1785 if (r < 0) {
1786 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
1787 goto fail;
1788 }
1789
1790 socket_set_state(s, SOCKET_START_POST);
1791 } else
1792 socket_enter_listening(s);
1793
1794 return;
1795
1796 fail:
1797 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1798 }
1799
1800 static void socket_enter_start_chown(Socket *s) {
1801 int r;
1802
1803 assert(s);
1804
1805 r = socket_open_fds(s);
1806 if (r < 0) {
1807 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1808 goto fail;
1809 }
1810
1811 if (!isempty(s->user) || !isempty(s->group)) {
1812
1813 socket_unwatch_control_pid(s);
1814 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1815 s->control_command = NULL;
1816
1817 r = socket_chown(s, &s->control_pid);
1818 if (r < 0) {
1819 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
1820 goto fail;
1821 }
1822
1823 socket_set_state(s, SOCKET_START_CHOWN);
1824 } else
1825 socket_enter_start_post(s);
1826
1827 return;
1828
1829 fail:
1830 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1831 }
1832
1833 static void socket_enter_start_pre(Socket *s) {
1834 int r;
1835 assert(s);
1836
1837 socket_unwatch_control_pid(s);
1838 s->control_command_id = SOCKET_EXEC_START_PRE;
1839 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1840
1841 if (s->control_command) {
1842 r = socket_spawn(s, s->control_command, &s->control_pid);
1843 if (r < 0) {
1844 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
1845 goto fail;
1846 }
1847
1848 socket_set_state(s, SOCKET_START_PRE);
1849 } else
1850 socket_enter_start_chown(s);
1851
1852 return;
1853
1854 fail:
1855 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1856 }
1857
1858 static void socket_enter_running(Socket *s, int cfd) {
1859 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1860 int r;
1861
1862 assert(s);
1863
1864 /* We don't take connections anymore if we are supposed to
1865 * shut down anyway */
1866 if (unit_stop_pending(UNIT(s))) {
1867
1868 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
1869
1870 if (cfd >= 0)
1871 safe_close(cfd);
1872 else {
1873 /* Flush all sockets by closing and reopening them */
1874 socket_close_fds(s);
1875
1876 r = socket_open_fds(s);
1877 if (r < 0) {
1878 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1879 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1880 return;
1881 }
1882
1883 r = socket_watch_fds(s);
1884 if (r < 0) {
1885 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1886 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1887 }
1888 }
1889
1890 return;
1891 }
1892
1893 if (cfd < 0) {
1894 Iterator i;
1895 Unit *other;
1896 bool pending = false;
1897
1898 /* If there's already a start pending don't bother to
1899 * do anything */
1900 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1901 if (unit_active_or_pending(other)) {
1902 pending = true;
1903 break;
1904 }
1905
1906 if (!pending) {
1907 if (!UNIT_ISSET(s->service)) {
1908 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
1909 r = -ENOENT;
1910 goto fail;
1911 }
1912
1913 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1914 if (r < 0)
1915 goto fail;
1916 }
1917
1918 socket_set_state(s, SOCKET_RUNNING);
1919 } else {
1920 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1921 Service *service;
1922
1923 if (s->n_connections >= s->max_connections) {
1924 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
1925 safe_close(cfd);
1926 return;
1927 }
1928
1929 r = socket_instantiate_service(s);
1930 if (r < 0)
1931 goto fail;
1932
1933 r = instance_from_socket(cfd, s->n_accepted, &instance);
1934 if (r < 0) {
1935 if (r != -ENOTCONN)
1936 goto fail;
1937
1938 /* ENOTCONN is legitimate if TCP RST was received.
1939 * This connection is over, but the socket unit lives on. */
1940 safe_close(cfd);
1941 return;
1942 }
1943
1944 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1945 if (r < 0)
1946 goto fail;
1947
1948 r = unit_name_build(prefix, instance, ".service", &name);
1949 if (r < 0)
1950 goto fail;
1951
1952 r = unit_add_name(UNIT_DEREF(s->service), name);
1953 if (r < 0)
1954 goto fail;
1955
1956 service = SERVICE(UNIT_DEREF(s->service));
1957 unit_ref_unset(&s->service);
1958 s->n_accepted ++;
1959
1960 UNIT(service)->no_gc = false;
1961
1962 unit_choose_id(UNIT(service), name);
1963
1964 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1965 if (r < 0)
1966 goto fail;
1967
1968 cfd = -1;
1969 s->n_connections ++;
1970
1971 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1972 if (r < 0)
1973 goto fail;
1974
1975 /* Notify clients about changed counters */
1976 unit_add_to_dbus_queue(UNIT(s));
1977 }
1978
1979 return;
1980
1981 fail:
1982 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1983 cfd >= 0 ? "template" : "non-template",
1984 bus_error_message(&error, r));
1985
1986 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1987 safe_close(cfd);
1988 }
1989
1990 static void socket_run_next(Socket *s) {
1991 int r;
1992
1993 assert(s);
1994 assert(s->control_command);
1995 assert(s->control_command->command_next);
1996
1997 socket_unwatch_control_pid(s);
1998
1999 s->control_command = s->control_command->command_next;
2000
2001 r = socket_spawn(s, s->control_command, &s->control_pid);
2002 if (r < 0)
2003 goto fail;
2004
2005 return;
2006
2007 fail:
2008 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
2009
2010 if (s->state == SOCKET_START_POST)
2011 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2012 else if (s->state == SOCKET_STOP_POST)
2013 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
2014 else
2015 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
2016 }
2017
2018 static int socket_start(Unit *u) {
2019 Socket *s = SOCKET(u);
2020
2021 assert(s);
2022
2023 /* We cannot fulfill this request right now, try again later
2024 * please! */
2025 if (IN_SET(s->state,
2026 SOCKET_STOP_PRE,
2027 SOCKET_STOP_PRE_SIGKILL,
2028 SOCKET_STOP_PRE_SIGTERM,
2029 SOCKET_STOP_POST,
2030 SOCKET_FINAL_SIGTERM,
2031 SOCKET_FINAL_SIGKILL))
2032 return -EAGAIN;
2033
2034 /* Already on it! */
2035 if (IN_SET(s->state,
2036 SOCKET_START_PRE,
2037 SOCKET_START_CHOWN,
2038 SOCKET_START_POST))
2039 return 0;
2040
2041 /* Cannot run this without the service being around */
2042 if (UNIT_ISSET(s->service)) {
2043 Service *service;
2044
2045 service = SERVICE(UNIT_DEREF(s->service));
2046
2047 if (UNIT(service)->load_state != UNIT_LOADED) {
2048 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
2049 return -ENOENT;
2050 }
2051
2052 /* If the service is already active we cannot start the
2053 * socket */
2054 if (service->state != SERVICE_DEAD &&
2055 service->state != SERVICE_FAILED &&
2056 service->state != SERVICE_AUTO_RESTART) {
2057 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
2058 return -EBUSY;
2059 }
2060 }
2061
2062 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
2063
2064 s->result = SOCKET_SUCCESS;
2065 s->reset_cpu_usage = true;
2066
2067 socket_enter_start_pre(s);
2068
2069 return 1;
2070 }
2071
2072 static int socket_stop(Unit *u) {
2073 Socket *s = SOCKET(u);
2074
2075 assert(s);
2076
2077 /* Already on it */
2078 if (IN_SET(s->state,
2079 SOCKET_STOP_PRE,
2080 SOCKET_STOP_PRE_SIGTERM,
2081 SOCKET_STOP_PRE_SIGKILL,
2082 SOCKET_STOP_POST,
2083 SOCKET_FINAL_SIGTERM,
2084 SOCKET_FINAL_SIGKILL))
2085 return 0;
2086
2087 /* If there's already something running we go directly into
2088 * kill mode. */
2089 if (IN_SET(s->state,
2090 SOCKET_START_PRE,
2091 SOCKET_START_CHOWN,
2092 SOCKET_START_POST)) {
2093 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
2094 return -EAGAIN;
2095 }
2096
2097 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
2098
2099 socket_enter_stop_pre(s, SOCKET_SUCCESS);
2100 return 1;
2101 }
2102
2103 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2104 Socket *s = SOCKET(u);
2105 SocketPort *p;
2106 int r;
2107
2108 assert(u);
2109 assert(f);
2110 assert(fds);
2111
2112 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2113 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2114 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2115
2116 if (s->control_pid > 0)
2117 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2118
2119 if (s->control_command_id >= 0)
2120 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2121
2122 LIST_FOREACH(port, p, s->ports) {
2123 int copy;
2124
2125 if (p->fd < 0)
2126 continue;
2127
2128 copy = fdset_put_dup(fds, p->fd);
2129 if (copy < 0)
2130 return copy;
2131
2132 if (p->type == SOCKET_SOCKET) {
2133 _cleanup_free_ char *t = NULL;
2134
2135 r = socket_address_print(&p->address, &t);
2136 if (r < 0)
2137 return r;
2138
2139 if (socket_address_family(&p->address) == AF_NETLINK)
2140 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2141 else
2142 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2143
2144 } else if (p->type == SOCKET_SPECIAL)
2145 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2146 else if (p->type == SOCKET_MQUEUE)
2147 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2148 else if (p->type == SOCKET_USB_FUNCTION)
2149 unit_serialize_item_format(u, f, "ffs", "%i %s", copy, p->path);
2150 else {
2151 assert(p->type == SOCKET_FIFO);
2152 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2153 }
2154 }
2155
2156 return 0;
2157 }
2158
2159 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2160 Socket *s = SOCKET(u);
2161
2162 assert(u);
2163 assert(key);
2164 assert(value);
2165
2166 if (streq(key, "state")) {
2167 SocketState state;
2168
2169 state = socket_state_from_string(value);
2170 if (state < 0)
2171 log_unit_debug(u, "Failed to parse state value: %s", value);
2172 else
2173 s->deserialized_state = state;
2174 } else if (streq(key, "result")) {
2175 SocketResult f;
2176
2177 f = socket_result_from_string(value);
2178 if (f < 0)
2179 log_unit_debug(u, "Failed to parse result value: %s", value);
2180 else if (f != SOCKET_SUCCESS)
2181 s->result = f;
2182
2183 } else if (streq(key, "n-accepted")) {
2184 unsigned k;
2185
2186 if (safe_atou(value, &k) < 0)
2187 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
2188 else
2189 s->n_accepted += k;
2190 } else if (streq(key, "control-pid")) {
2191 pid_t pid;
2192
2193 if (parse_pid(value, &pid) < 0)
2194 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
2195 else
2196 s->control_pid = pid;
2197 } else if (streq(key, "control-command")) {
2198 SocketExecCommand id;
2199
2200 id = socket_exec_command_from_string(value);
2201 if (id < 0)
2202 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
2203 else {
2204 s->control_command_id = id;
2205 s->control_command = s->exec_command[id];
2206 }
2207 } else if (streq(key, "fifo")) {
2208 int fd, skip = 0;
2209 SocketPort *p;
2210
2211 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2212 log_unit_debug(u, "Failed to parse fifo value: %s", value);
2213 else {
2214
2215 LIST_FOREACH(port, p, s->ports)
2216 if (p->type == SOCKET_FIFO &&
2217 path_equal_or_files_same(p->path, value+skip))
2218 break;
2219
2220 if (p) {
2221 safe_close(p->fd);
2222 p->fd = fdset_remove(fds, fd);
2223 }
2224 }
2225
2226 } else if (streq(key, "special")) {
2227 int fd, skip = 0;
2228 SocketPort *p;
2229
2230 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2231 log_unit_debug(u, "Failed to parse special value: %s", value);
2232 else {
2233
2234 LIST_FOREACH(port, p, s->ports)
2235 if (p->type == SOCKET_SPECIAL &&
2236 path_equal_or_files_same(p->path, value+skip))
2237 break;
2238
2239 if (p) {
2240 safe_close(p->fd);
2241 p->fd = fdset_remove(fds, fd);
2242 }
2243 }
2244
2245 } else if (streq(key, "mqueue")) {
2246 int fd, skip = 0;
2247 SocketPort *p;
2248
2249 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2250 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
2251 else {
2252
2253 LIST_FOREACH(port, p, s->ports)
2254 if (p->type == SOCKET_MQUEUE &&
2255 streq(p->path, value+skip))
2256 break;
2257
2258 if (p) {
2259 safe_close(p->fd);
2260 p->fd = fdset_remove(fds, fd);
2261 }
2262 }
2263
2264 } else if (streq(key, "socket")) {
2265 int fd, type, skip = 0;
2266 SocketPort *p;
2267
2268 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2269 log_unit_debug(u, "Failed to parse socket value: %s", value);
2270 else {
2271
2272 LIST_FOREACH(port, p, s->ports)
2273 if (socket_address_is(&p->address, value+skip, type))
2274 break;
2275
2276 if (p) {
2277 safe_close(p->fd);
2278 p->fd = fdset_remove(fds, fd);
2279 }
2280 }
2281
2282 } else if (streq(key, "netlink")) {
2283 int fd, skip = 0;
2284 SocketPort *p;
2285
2286 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2287 log_unit_debug(u, "Failed to parse socket value: %s", value);
2288 else {
2289
2290 LIST_FOREACH(port, p, s->ports)
2291 if (socket_address_is_netlink(&p->address, value+skip))
2292 break;
2293
2294 if (p) {
2295 safe_close(p->fd);
2296 p->fd = fdset_remove(fds, fd);
2297 }
2298 }
2299
2300 } else if (streq(key, "ffs")) {
2301 int fd, skip = 0;
2302 SocketPort *p;
2303
2304 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2305 log_unit_debug(u, "Failed to parse ffs value: %s", value);
2306 else {
2307
2308 LIST_FOREACH(port, p, s->ports)
2309 if (p->type == SOCKET_USB_FUNCTION &&
2310 path_equal_or_files_same(p->path, value+skip))
2311 break;
2312
2313 if (p) {
2314 safe_close(p->fd);
2315 p->fd = fdset_remove(fds, fd);
2316 }
2317 }
2318
2319 } else
2320 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
2321
2322 return 0;
2323 }
2324
2325 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2326 Socket *s = SOCKET(u);
2327 SocketPort *p;
2328
2329 assert(u);
2330
2331 LIST_FOREACH(port, p, s->ports) {
2332 Iterator i;
2333 int fd;
2334
2335 if (p->type != SOCKET_SOCKET)
2336 continue;
2337
2338 if (p->fd >= 0)
2339 continue;
2340
2341 FDSET_FOREACH(fd, fds, i) {
2342 if (socket_address_matches_fd(&p->address, fd)) {
2343 p->fd = fdset_remove(fds, fd);
2344 s->deserialized_state = SOCKET_LISTENING;
2345 break;
2346 }
2347 }
2348 }
2349
2350 return 0;
2351 }
2352
2353 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2354 assert(u);
2355
2356 return state_translation_table[SOCKET(u)->state];
2357 }
2358
2359 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2360 assert(u);
2361
2362 return socket_state_to_string(SOCKET(u)->state);
2363 }
2364
2365 const char* socket_port_type_to_string(SocketPort *p) {
2366
2367 assert(p);
2368
2369 switch (p->type) {
2370
2371 case SOCKET_SOCKET:
2372
2373 switch (p->address.type) {
2374
2375 case SOCK_STREAM:
2376 return "Stream";
2377
2378 case SOCK_DGRAM:
2379 return "Datagram";
2380
2381 case SOCK_SEQPACKET:
2382 return "SequentialPacket";
2383
2384 case SOCK_RAW:
2385 if (socket_address_family(&p->address) == AF_NETLINK)
2386 return "Netlink";
2387
2388 default:
2389 return NULL;
2390 }
2391
2392 case SOCKET_SPECIAL:
2393 return "Special";
2394
2395 case SOCKET_MQUEUE:
2396 return "MessageQueue";
2397
2398 case SOCKET_FIFO:
2399 return "FIFO";
2400
2401 case SOCKET_USB_FUNCTION:
2402 return "USBFunction";
2403
2404 default:
2405 return NULL;
2406 }
2407 }
2408
2409 _pure_ static bool socket_check_gc(Unit *u) {
2410 Socket *s = SOCKET(u);
2411
2412 assert(u);
2413
2414 return s->n_connections > 0;
2415 }
2416
2417 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2418 SocketPort *p = userdata;
2419 int cfd = -1;
2420
2421 assert(p);
2422 assert(fd >= 0);
2423
2424 if (p->socket->state != SOCKET_LISTENING)
2425 return 0;
2426
2427 log_unit_debug(UNIT(p->socket), "Incoming traffic");
2428
2429 if (revents != EPOLLIN) {
2430
2431 if (revents & EPOLLHUP)
2432 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2433 else
2434 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
2435 goto fail;
2436 }
2437
2438 if (p->socket->accept &&
2439 p->type == SOCKET_SOCKET &&
2440 socket_address_can_accept(&p->address)) {
2441
2442 for (;;) {
2443
2444 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2445 if (cfd < 0) {
2446
2447 if (errno == EINTR)
2448 continue;
2449
2450 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
2451 goto fail;
2452 }
2453
2454 break;
2455 }
2456
2457 socket_apply_socket_options(p->socket, cfd);
2458 }
2459
2460 socket_enter_running(p->socket, cfd);
2461 return 0;
2462
2463 fail:
2464 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2465 return 0;
2466 }
2467
2468 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2469 Socket *s = SOCKET(u);
2470 SocketResult f;
2471
2472 assert(s);
2473 assert(pid >= 0);
2474
2475 if (pid != s->control_pid)
2476 return;
2477
2478 s->control_pid = 0;
2479
2480 if (is_clean_exit(code, status, NULL))
2481 f = SOCKET_SUCCESS;
2482 else if (code == CLD_EXITED)
2483 f = SOCKET_FAILURE_EXIT_CODE;
2484 else if (code == CLD_KILLED)
2485 f = SOCKET_FAILURE_SIGNAL;
2486 else if (code == CLD_DUMPED)
2487 f = SOCKET_FAILURE_CORE_DUMP;
2488 else
2489 assert_not_reached("Unknown sigchld code");
2490
2491 if (s->control_command) {
2492 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2493
2494 if (s->control_command->ignore)
2495 f = SOCKET_SUCCESS;
2496 }
2497
2498 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2499 "Control process exited, code=%s status=%i",
2500 sigchld_code_to_string(code), status);
2501
2502 if (f != SOCKET_SUCCESS)
2503 s->result = f;
2504
2505 if (s->control_command &&
2506 s->control_command->command_next &&
2507 f == SOCKET_SUCCESS) {
2508
2509 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
2510 socket_run_next(s);
2511 } else {
2512 s->control_command = NULL;
2513 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2514
2515 /* No further commands for this step, so let's figure
2516 * out what to do next */
2517
2518 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
2519
2520 switch (s->state) {
2521
2522 case SOCKET_START_PRE:
2523 if (f == SOCKET_SUCCESS)
2524 socket_enter_start_chown(s);
2525 else
2526 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2527 break;
2528
2529 case SOCKET_START_CHOWN:
2530 if (f == SOCKET_SUCCESS)
2531 socket_enter_start_post(s);
2532 else
2533 socket_enter_stop_pre(s, f);
2534 break;
2535
2536 case SOCKET_START_POST:
2537 if (f == SOCKET_SUCCESS)
2538 socket_enter_listening(s);
2539 else
2540 socket_enter_stop_pre(s, f);
2541 break;
2542
2543 case SOCKET_STOP_PRE:
2544 case SOCKET_STOP_PRE_SIGTERM:
2545 case SOCKET_STOP_PRE_SIGKILL:
2546 socket_enter_stop_post(s, f);
2547 break;
2548
2549 case SOCKET_STOP_POST:
2550 case SOCKET_FINAL_SIGTERM:
2551 case SOCKET_FINAL_SIGKILL:
2552 socket_enter_dead(s, f);
2553 break;
2554
2555 default:
2556 assert_not_reached("Uh, control process died at wrong time.");
2557 }
2558 }
2559
2560 /* Notify clients about changed exit status */
2561 unit_add_to_dbus_queue(u);
2562 }
2563
2564 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2565 Socket *s = SOCKET(userdata);
2566
2567 assert(s);
2568 assert(s->timer_event_source == source);
2569
2570 switch (s->state) {
2571
2572 case SOCKET_START_PRE:
2573 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
2574 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2575 break;
2576
2577 case SOCKET_START_CHOWN:
2578 case SOCKET_START_POST:
2579 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
2580 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2581 break;
2582
2583 case SOCKET_STOP_PRE:
2584 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
2585 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2586 break;
2587
2588 case SOCKET_STOP_PRE_SIGTERM:
2589 if (s->kill_context.send_sigkill) {
2590 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
2591 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2592 } else {
2593 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2594 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2595 }
2596 break;
2597
2598 case SOCKET_STOP_PRE_SIGKILL:
2599 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
2600 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2601 break;
2602
2603 case SOCKET_STOP_POST:
2604 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
2605 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2606 break;
2607
2608 case SOCKET_FINAL_SIGTERM:
2609 if (s->kill_context.send_sigkill) {
2610 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
2611 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2612 } else {
2613 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2614 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2615 }
2616 break;
2617
2618 case SOCKET_FINAL_SIGKILL:
2619 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
2620 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2621 break;
2622
2623 default:
2624 assert_not_reached("Timeout at wrong time.");
2625 }
2626
2627 return 0;
2628 }
2629
2630 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2631 int *rfds;
2632 unsigned rn_fds, k;
2633 int i;
2634 SocketPort *p;
2635
2636 assert(s);
2637 assert(fds);
2638 assert(n_fds);
2639
2640 /* Called from the service code for requesting our fds */
2641
2642 rn_fds = 0;
2643 LIST_FOREACH(port, p, s->ports) {
2644 if (p->fd >= 0)
2645 rn_fds++;
2646 rn_fds += p->n_auxiliary_fds;
2647 }
2648
2649 if (rn_fds <= 0) {
2650 *fds = NULL;
2651 *n_fds = 0;
2652 return 0;
2653 }
2654
2655 rfds = new(int, rn_fds);
2656 if (!rfds)
2657 return -ENOMEM;
2658
2659 k = 0;
2660 LIST_FOREACH(port, p, s->ports) {
2661 if (p->fd >= 0)
2662 rfds[k++] = p->fd;
2663 for (i = 0; i < p->n_auxiliary_fds; ++i)
2664 rfds[k++] = p->auxiliary_fds[i];
2665 }
2666
2667 assert(k == rn_fds);
2668
2669 *fds = rfds;
2670 *n_fds = rn_fds;
2671
2672 return 0;
2673 }
2674
2675 static void socket_reset_failed(Unit *u) {
2676 Socket *s = SOCKET(u);
2677
2678 assert(s);
2679
2680 if (s->state == SOCKET_FAILED)
2681 socket_set_state(s, SOCKET_DEAD);
2682
2683 s->result = SOCKET_SUCCESS;
2684 }
2685
2686 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2687 assert(s);
2688
2689 /* The service is dead. Dang!
2690 *
2691 * This is strictly for one-instance-for-all-connections
2692 * services. */
2693
2694 if (s->state == SOCKET_RUNNING) {
2695 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
2696 if (failed_permanent)
2697 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2698 else
2699 socket_enter_listening(s);
2700 }
2701 }
2702
2703 void socket_connection_unref(Socket *s) {
2704 assert(s);
2705
2706 /* The service is dead. Yay!
2707 *
2708 * This is strictly for one-instance-per-connection
2709 * services. */
2710
2711 assert(s->n_connections > 0);
2712 s->n_connections--;
2713
2714 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
2715 }
2716
2717 static void socket_trigger_notify(Unit *u, Unit *other) {
2718 Socket *s = SOCKET(u);
2719 Service *se;
2720
2721 assert(u);
2722 assert(other);
2723
2724 /* Don't propagate state changes from the service if we are
2725 already down or accepting connections */
2726 if ((s->state != SOCKET_RUNNING &&
2727 s->state != SOCKET_LISTENING) ||
2728 s->accept)
2729 return;
2730
2731 if (other->load_state != UNIT_LOADED ||
2732 other->type != UNIT_SERVICE)
2733 return;
2734
2735 se = SERVICE(other);
2736
2737 if (se->state == SERVICE_FAILED)
2738 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2739
2740 if (se->state == SERVICE_DEAD ||
2741 se->state == SERVICE_FINAL_SIGTERM ||
2742 se->state == SERVICE_FINAL_SIGKILL ||
2743 se->state == SERVICE_AUTO_RESTART)
2744 socket_notify_service_dead(s, false);
2745
2746 if (se->state == SERVICE_RUNNING)
2747 socket_set_state(s, SOCKET_RUNNING);
2748 }
2749
2750 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2751 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2752 }
2753
2754 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2755 Socket *s = SOCKET(u);
2756 int r;
2757
2758 if (!s->timer_event_source)
2759 return 0;
2760
2761 r = sd_event_source_get_time(s->timer_event_source, timeout);
2762 if (r < 0)
2763 return r;
2764
2765 return 1;
2766 }
2767
2768 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2769 [SOCKET_DEAD] = "dead",
2770 [SOCKET_START_PRE] = "start-pre",
2771 [SOCKET_START_CHOWN] = "start-chown",
2772 [SOCKET_START_POST] = "start-post",
2773 [SOCKET_LISTENING] = "listening",
2774 [SOCKET_RUNNING] = "running",
2775 [SOCKET_STOP_PRE] = "stop-pre",
2776 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2777 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2778 [SOCKET_STOP_POST] = "stop-post",
2779 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2780 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2781 [SOCKET_FAILED] = "failed"
2782 };
2783
2784 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2785
2786 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2787 [SOCKET_EXEC_START_PRE] = "StartPre",
2788 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2789 [SOCKET_EXEC_START_POST] = "StartPost",
2790 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2791 [SOCKET_EXEC_STOP_POST] = "StopPost"
2792 };
2793
2794 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2795
2796 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2797 [SOCKET_SUCCESS] = "success",
2798 [SOCKET_FAILURE_RESOURCES] = "resources",
2799 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2800 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2801 [SOCKET_FAILURE_SIGNAL] = "signal",
2802 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2803 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2804 };
2805
2806 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2807
2808 const UnitVTable socket_vtable = {
2809 .object_size = sizeof(Socket),
2810 .exec_context_offset = offsetof(Socket, exec_context),
2811 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2812 .kill_context_offset = offsetof(Socket, kill_context),
2813 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2814
2815 .sections =
2816 "Unit\0"
2817 "Socket\0"
2818 "Install\0",
2819 .private_section = "Socket",
2820
2821 .init = socket_init,
2822 .done = socket_done,
2823 .load = socket_load,
2824
2825 .coldplug = socket_coldplug,
2826
2827 .dump = socket_dump,
2828
2829 .start = socket_start,
2830 .stop = socket_stop,
2831
2832 .kill = socket_kill,
2833
2834 .get_timeout = socket_get_timeout,
2835
2836 .serialize = socket_serialize,
2837 .deserialize_item = socket_deserialize_item,
2838 .distribute_fds = socket_distribute_fds,
2839
2840 .active_state = socket_active_state,
2841 .sub_state_to_string = socket_sub_state_to_string,
2842
2843 .check_gc = socket_check_gc,
2844
2845 .sigchld_event = socket_sigchld_event,
2846
2847 .trigger_notify = socket_trigger_notify,
2848
2849 .reset_failed = socket_reset_failed,
2850
2851 .bus_vtable = bus_socket_vtable,
2852 .bus_set_property = bus_socket_set_property,
2853 .bus_commit_properties = bus_socket_commit_properties,
2854
2855 .status_message_formats = {
2856 /*.starting_stopping = {
2857 [0] = "Starting socket %s...",
2858 [1] = "Stopping socket %s...",
2859 },*/
2860 .finished_start_job = {
2861 [JOB_DONE] = "Listening on %s.",
2862 [JOB_FAILED] = "Failed to listen on %s.",
2863 [JOB_TIMEOUT] = "Timed out starting %s.",
2864 },
2865 .finished_stop_job = {
2866 [JOB_DONE] = "Closed %s.",
2867 [JOB_FAILED] = "Failed stopping %s.",
2868 [JOB_TIMEOUT] = "Timed out stopping %s.",
2869 },
2870 },
2871 };
Unnamed repository; edit this file 'description' to name the repository.