]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #954 from poettering/nss-myhostname-loopback
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/stat.h>
23 #include <unistd.h>
24 #include <errno.h>
25 #include <fcntl.h>
26 #include <sys/epoll.h>
27 #include <signal.h>
28 #include <arpa/inet.h>
29 #include <netinet/tcp.h>
30 #include <mqueue.h>
31
32 #include "sd-event.h"
33 #include "log.h"
34 #include "strv.h"
35 #include "mkdir.h"
36 #include "path-util.h"
37 #include "unit-name.h"
38 #include "unit-printf.h"
39 #include "missing.h"
40 #include "special.h"
41 #include "label.h"
42 #include "exit-status.h"
43 #include "def.h"
44 #include "smack-util.h"
45 #include "bus-util.h"
46 #include "selinux-util.h"
47 #include "dbus-socket.h"
48 #include "unit.h"
49 #include "formats-util.h"
50 #include "signal-util.h"
51 #include "socket.h"
52
53 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
54 [SOCKET_DEAD] = UNIT_INACTIVE,
55 [SOCKET_START_PRE] = UNIT_ACTIVATING,
56 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
57 [SOCKET_START_POST] = UNIT_ACTIVATING,
58 [SOCKET_LISTENING] = UNIT_ACTIVE,
59 [SOCKET_RUNNING] = UNIT_ACTIVE,
60 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
61 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
62 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
64 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
65 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
66 [SOCKET_FAILED] = UNIT_FAILED
67 };
68
69 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
70 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
71
72 static void socket_init(Unit *u) {
73 Socket *s = SOCKET(u);
74
75 assert(u);
76 assert(u->load_state == UNIT_STUB);
77
78 s->backlog = SOMAXCONN;
79 s->timeout_usec = u->manager->default_timeout_start_usec;
80 s->directory_mode = 0755;
81 s->socket_mode = 0666;
82
83 s->max_connections = 64;
84
85 s->priority = -1;
86 s->ip_tos = -1;
87 s->ip_ttl = -1;
88 s->mark = -1;
89
90 s->exec_context.std_output = u->manager->default_std_output;
91 s->exec_context.std_error = u->manager->default_std_error;
92
93 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
94 }
95
96 static void socket_unwatch_control_pid(Socket *s) {
97 assert(s);
98
99 if (s->control_pid <= 0)
100 return;
101
102 unit_unwatch_pid(UNIT(s), s->control_pid);
103 s->control_pid = 0;
104 }
105
106 void socket_free_ports(Socket *s) {
107 SocketPort *p;
108
109 assert(s);
110
111 while ((p = s->ports)) {
112 LIST_REMOVE(port, s->ports, p);
113
114 sd_event_source_unref(p->event_source);
115
116 safe_close(p->fd);
117 free(p->path);
118 free(p);
119 }
120 }
121
122 static void socket_done(Unit *u) {
123 Socket *s = SOCKET(u);
124
125 assert(s);
126
127 socket_free_ports(s);
128
129 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
130 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
131 s->control_command = NULL;
132
133 socket_unwatch_control_pid(s);
134
135 unit_ref_unset(&s->service);
136
137 free(s->tcp_congestion);
138 s->tcp_congestion = NULL;
139
140 free(s->bind_to_device);
141 s->bind_to_device = NULL;
142
143 free(s->smack);
144 free(s->smack_ip_in);
145 free(s->smack_ip_out);
146
147 strv_free(s->symlinks);
148
149 free(s->user);
150 free(s->group);
151
152 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
153 }
154
155 static int socket_arm_timer(Socket *s) {
156 int r;
157
158 assert(s);
159
160 if (s->timeout_usec <= 0) {
161 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
162 return 0;
163 }
164
165 if (s->timer_event_source) {
166 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
167 if (r < 0)
168 return r;
169
170 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
171 }
172
173 r = sd_event_add_time(
174 UNIT(s)->manager->event,
175 &s->timer_event_source,
176 CLOCK_MONOTONIC,
177 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
178 socket_dispatch_timer, s);
179 if (r < 0)
180 return r;
181
182 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
183
184 return 0;
185 }
186
187 int socket_instantiate_service(Socket *s) {
188 _cleanup_free_ char *prefix = NULL, *name = NULL;
189 int r;
190 Unit *u;
191
192 assert(s);
193
194 /* This fills in s->service if it isn't filled in yet. For
195 * Accept=yes sockets we create the next connection service
196 * here. For Accept=no this is mostly a NOP since the service
197 * is figured out at load time anyway. */
198
199 if (UNIT_DEREF(s->service))
200 return 0;
201
202 if (!s->accept)
203 return 0;
204
205 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
206 if (r < 0)
207 return r;
208
209 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
210 return -ENOMEM;
211
212 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
213 if (r < 0)
214 return r;
215
216 u->no_gc = true;
217 unit_ref_set(&s->service, u);
218
219 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
220 }
221
222 static bool have_non_accept_socket(Socket *s) {
223 SocketPort *p;
224
225 assert(s);
226
227 if (!s->accept)
228 return true;
229
230 LIST_FOREACH(port, p, s->ports) {
231
232 if (p->type != SOCKET_SOCKET)
233 return true;
234
235 if (!socket_address_can_accept(&p->address))
236 return true;
237 }
238
239 return false;
240 }
241
242 static int socket_add_mount_links(Socket *s) {
243 SocketPort *p;
244 int r;
245
246 assert(s);
247
248 LIST_FOREACH(port, p, s->ports) {
249 const char *path = NULL;
250
251 if (p->type == SOCKET_SOCKET)
252 path = socket_address_get_path(&p->address);
253 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
254 path = p->path;
255
256 if (!path)
257 continue;
258
259 r = unit_require_mounts_for(UNIT(s), path);
260 if (r < 0)
261 return r;
262 }
263
264 return 0;
265 }
266
267 static int socket_add_device_link(Socket *s) {
268 char *t;
269
270 assert(s);
271
272 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
273 return 0;
274
275 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
276 return unit_add_node_link(UNIT(s), t, false);
277 }
278
279 static int socket_add_default_dependencies(Socket *s) {
280 int r;
281 assert(s);
282
283 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
284 if (r < 0)
285 return r;
286
287 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
288 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
289 if (r < 0)
290 return r;
291 }
292
293 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
294 }
295
296 _pure_ static bool socket_has_exec(Socket *s) {
297 unsigned i;
298 assert(s);
299
300 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
301 if (s->exec_command[i])
302 return true;
303
304 return false;
305 }
306
307 static int socket_add_extras(Socket *s) {
308 Unit *u = UNIT(s);
309 int r;
310
311 assert(s);
312
313 if (have_non_accept_socket(s)) {
314
315 if (!UNIT_DEREF(s->service)) {
316 Unit *x;
317
318 r = unit_load_related_unit(u, ".service", &x);
319 if (r < 0)
320 return r;
321
322 unit_ref_set(&s->service, x);
323 }
324
325 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
326 if (r < 0)
327 return r;
328 }
329
330 r = socket_add_mount_links(s);
331 if (r < 0)
332 return r;
333
334 r = socket_add_device_link(s);
335 if (r < 0)
336 return r;
337
338 r = unit_patch_contexts(u);
339 if (r < 0)
340 return r;
341
342 if (socket_has_exec(s)) {
343 r = unit_add_exec_dependencies(u, &s->exec_context);
344 if (r < 0)
345 return r;
346
347 r = unit_add_default_slice(u, &s->cgroup_context);
348 if (r < 0)
349 return r;
350 }
351
352 if (u->default_dependencies) {
353 r = socket_add_default_dependencies(s);
354 if (r < 0)
355 return r;
356 }
357
358 return 0;
359 }
360
361 static const char *socket_find_symlink_target(Socket *s) {
362 const char *found = NULL;
363 SocketPort *p;
364
365 LIST_FOREACH(port, p, s->ports) {
366 const char *f = NULL;
367
368 switch (p->type) {
369
370 case SOCKET_FIFO:
371 f = p->path;
372 break;
373
374 case SOCKET_SOCKET:
375 if (p->address.sockaddr.un.sun_path[0] != 0)
376 f = p->address.sockaddr.un.sun_path;
377 break;
378
379 default:
380 break;
381 }
382
383 if (f) {
384 if (found)
385 return NULL;
386
387 found = f;
388 }
389 }
390
391 return found;
392 }
393
394 static int socket_verify(Socket *s) {
395 assert(s);
396
397 if (UNIT(s)->load_state != UNIT_LOADED)
398 return 0;
399
400 if (!s->ports) {
401 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
402 return -EINVAL;
403 }
404
405 if (s->accept && have_non_accept_socket(s)) {
406 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
407 return -EINVAL;
408 }
409
410 if (s->accept && s->max_connections <= 0) {
411 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
412 return -EINVAL;
413 }
414
415 if (s->accept && UNIT_DEREF(s->service)) {
416 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
417 return -EINVAL;
418 }
419
420 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
421 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
422 return -EINVAL;
423 }
424
425 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
426 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
427 return -EINVAL;
428 }
429
430 return 0;
431 }
432
433 static int socket_load(Unit *u) {
434 Socket *s = SOCKET(u);
435 int r;
436
437 assert(u);
438 assert(u->load_state == UNIT_STUB);
439
440 r = unit_load_fragment_and_dropin(u);
441 if (r < 0)
442 return r;
443
444 if (u->load_state == UNIT_LOADED) {
445 /* This is a new unit? Then let's add in some extras */
446 r = socket_add_extras(s);
447 if (r < 0)
448 return r;
449 }
450
451 return socket_verify(s);
452 }
453
454 _const_ static const char* listen_lookup(int family, int type) {
455
456 if (family == AF_NETLINK)
457 return "ListenNetlink";
458
459 if (type == SOCK_STREAM)
460 return "ListenStream";
461 else if (type == SOCK_DGRAM)
462 return "ListenDatagram";
463 else if (type == SOCK_SEQPACKET)
464 return "ListenSequentialPacket";
465
466 assert_not_reached("Unknown socket type");
467 return NULL;
468 }
469
470 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
471 char time_string[FORMAT_TIMESPAN_MAX];
472 SocketExecCommand c;
473 Socket *s = SOCKET(u);
474 SocketPort *p;
475 const char *prefix2;
476
477 assert(s);
478 assert(f);
479
480 prefix = strempty(prefix);
481 prefix2 = strjoina(prefix, "\t");
482
483 fprintf(f,
484 "%sSocket State: %s\n"
485 "%sResult: %s\n"
486 "%sBindIPv6Only: %s\n"
487 "%sBacklog: %u\n"
488 "%sSocketMode: %04o\n"
489 "%sDirectoryMode: %04o\n"
490 "%sKeepAlive: %s\n"
491 "%sNoDelay: %s\n"
492 "%sFreeBind: %s\n"
493 "%sTransparent: %s\n"
494 "%sBroadcast: %s\n"
495 "%sPassCredentials: %s\n"
496 "%sPassSecurity: %s\n"
497 "%sTCPCongestion: %s\n"
498 "%sRemoveOnStop: %s\n"
499 "%sSELinuxContextFromNet: %s\n",
500 prefix, socket_state_to_string(s->state),
501 prefix, socket_result_to_string(s->result),
502 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
503 prefix, s->backlog,
504 prefix, s->socket_mode,
505 prefix, s->directory_mode,
506 prefix, yes_no(s->keep_alive),
507 prefix, yes_no(s->no_delay),
508 prefix, yes_no(s->free_bind),
509 prefix, yes_no(s->transparent),
510 prefix, yes_no(s->broadcast),
511 prefix, yes_no(s->pass_cred),
512 prefix, yes_no(s->pass_sec),
513 prefix, strna(s->tcp_congestion),
514 prefix, yes_no(s->remove_on_stop),
515 prefix, yes_no(s->selinux_context_from_net));
516
517 if (s->control_pid > 0)
518 fprintf(f,
519 "%sControl PID: "PID_FMT"\n",
520 prefix, s->control_pid);
521
522 if (s->bind_to_device)
523 fprintf(f,
524 "%sBindToDevice: %s\n",
525 prefix, s->bind_to_device);
526
527 if (s->accept)
528 fprintf(f,
529 "%sAccepted: %u\n"
530 "%sNConnections: %u\n"
531 "%sMaxConnections: %u\n",
532 prefix, s->n_accepted,
533 prefix, s->n_connections,
534 prefix, s->max_connections);
535
536 if (s->priority >= 0)
537 fprintf(f,
538 "%sPriority: %i\n",
539 prefix, s->priority);
540
541 if (s->receive_buffer > 0)
542 fprintf(f,
543 "%sReceiveBuffer: %zu\n",
544 prefix, s->receive_buffer);
545
546 if (s->send_buffer > 0)
547 fprintf(f,
548 "%sSendBuffer: %zu\n",
549 prefix, s->send_buffer);
550
551 if (s->ip_tos >= 0)
552 fprintf(f,
553 "%sIPTOS: %i\n",
554 prefix, s->ip_tos);
555
556 if (s->ip_ttl >= 0)
557 fprintf(f,
558 "%sIPTTL: %i\n",
559 prefix, s->ip_ttl);
560
561 if (s->pipe_size > 0)
562 fprintf(f,
563 "%sPipeSize: %zu\n",
564 prefix, s->pipe_size);
565
566 if (s->mark >= 0)
567 fprintf(f,
568 "%sMark: %i\n",
569 prefix, s->mark);
570
571 if (s->mq_maxmsg > 0)
572 fprintf(f,
573 "%sMessageQueueMaxMessages: %li\n",
574 prefix, s->mq_maxmsg);
575
576 if (s->mq_msgsize > 0)
577 fprintf(f,
578 "%sMessageQueueMessageSize: %li\n",
579 prefix, s->mq_msgsize);
580
581 if (s->reuse_port)
582 fprintf(f,
583 "%sReusePort: %s\n",
584 prefix, yes_no(s->reuse_port));
585
586 if (s->smack)
587 fprintf(f,
588 "%sSmackLabel: %s\n",
589 prefix, s->smack);
590
591 if (s->smack_ip_in)
592 fprintf(f,
593 "%sSmackLabelIPIn: %s\n",
594 prefix, s->smack_ip_in);
595
596 if (s->smack_ip_out)
597 fprintf(f,
598 "%sSmackLabelIPOut: %s\n",
599 prefix, s->smack_ip_out);
600
601 if (!isempty(s->user) || !isempty(s->group))
602 fprintf(f,
603 "%sOwnerUser: %s\n"
604 "%sOwnerGroup: %s\n",
605 prefix, strna(s->user),
606 prefix, strna(s->group));
607
608 if (s->keep_alive_time > 0)
609 fprintf(f,
610 "%sKeepAliveTimeSec: %s\n",
611 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
612
613 if (s->keep_alive_interval)
614 fprintf(f,
615 "%sKeepAliveIntervalSec: %s\n",
616 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
617
618 if (s->keep_alive_cnt)
619 fprintf(f,
620 "%sKeepAliveProbes: %u\n",
621 prefix, s->keep_alive_cnt);
622
623 if (s->defer_accept)
624 fprintf(f,
625 "%sDeferAcceptSec: %s\n",
626 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
627
628 LIST_FOREACH(port, p, s->ports) {
629
630 if (p->type == SOCKET_SOCKET) {
631 const char *t;
632 int r;
633 char *k = NULL;
634
635 if ((r = socket_address_print(&p->address, &k)) < 0)
636 t = strerror(-r);
637 else
638 t = k;
639
640 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
641 free(k);
642 } else if (p->type == SOCKET_SPECIAL)
643 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
644 else if (p->type == SOCKET_MQUEUE)
645 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
646 else
647 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
648 }
649
650 exec_context_dump(&s->exec_context, f, prefix);
651 kill_context_dump(&s->kill_context, f, prefix);
652
653 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
654 if (!s->exec_command[c])
655 continue;
656
657 fprintf(f, "%s-> %s:\n",
658 prefix, socket_exec_command_to_string(c));
659
660 exec_command_dump_list(s->exec_command[c], f, prefix2);
661 }
662 }
663
664 static int instance_from_socket(int fd, unsigned nr, char **instance) {
665 socklen_t l;
666 char *r;
667 union sockaddr_union local, remote;
668
669 assert(fd >= 0);
670 assert(instance);
671
672 l = sizeof(local);
673 if (getsockname(fd, &local.sa, &l) < 0)
674 return -errno;
675
676 l = sizeof(remote);
677 if (getpeername(fd, &remote.sa, &l) < 0)
678 return -errno;
679
680 switch (local.sa.sa_family) {
681
682 case AF_INET: {
683 uint32_t
684 a = ntohl(local.in.sin_addr.s_addr),
685 b = ntohl(remote.in.sin_addr.s_addr);
686
687 if (asprintf(&r,
688 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
689 nr,
690 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
691 ntohs(local.in.sin_port),
692 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
693 ntohs(remote.in.sin_port)) < 0)
694 return -ENOMEM;
695
696 break;
697 }
698
699 case AF_INET6: {
700 static const unsigned char ipv4_prefix[] = {
701 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
702 };
703
704 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
705 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
706 const uint8_t
707 *a = local.in6.sin6_addr.s6_addr+12,
708 *b = remote.in6.sin6_addr.s6_addr+12;
709
710 if (asprintf(&r,
711 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
712 nr,
713 a[0], a[1], a[2], a[3],
714 ntohs(local.in6.sin6_port),
715 b[0], b[1], b[2], b[3],
716 ntohs(remote.in6.sin6_port)) < 0)
717 return -ENOMEM;
718 } else {
719 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
720
721 if (asprintf(&r,
722 "%u-%s:%u-%s:%u",
723 nr,
724 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
725 ntohs(local.in6.sin6_port),
726 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
727 ntohs(remote.in6.sin6_port)) < 0)
728 return -ENOMEM;
729 }
730
731 break;
732 }
733
734 case AF_UNIX: {
735 struct ucred ucred;
736 int k;
737
738 k = getpeercred(fd, &ucred);
739 if (k >= 0) {
740 if (asprintf(&r,
741 "%u-"PID_FMT"-"UID_FMT,
742 nr, ucred.pid, ucred.uid) < 0)
743 return -ENOMEM;
744 } else if (k == -ENODATA) {
745 /* This handles the case where somebody is
746 * connecting from another pid/uid namespace
747 * (e.g. from outside of our container). */
748 if (asprintf(&r,
749 "%u-unknown",
750 nr) < 0)
751 return -ENOMEM;
752 } else
753 return k;
754
755 break;
756 }
757
758 default:
759 assert_not_reached("Unhandled socket type.");
760 }
761
762 *instance = r;
763 return 0;
764 }
765
766 static void socket_close_fds(Socket *s) {
767 SocketPort *p;
768 char **i;
769
770 assert(s);
771
772 LIST_FOREACH(port, p, s->ports) {
773
774 p->event_source = sd_event_source_unref(p->event_source);
775
776 if (p->fd < 0)
777 continue;
778
779 p->fd = safe_close(p->fd);
780
781 /* One little note: we should normally not delete any
782 * sockets in the file system here! After all some
783 * other process we spawned might still have a
784 * reference of this fd and wants to continue to use
785 * it. Therefore we delete sockets in the file system
786 * before we create a new one, not after we stopped
787 * using one! */
788
789 if (s->remove_on_stop) {
790 switch (p->type) {
791
792 case SOCKET_FIFO:
793 unlink(p->path);
794 break;
795
796 case SOCKET_MQUEUE:
797 mq_unlink(p->path);
798 break;
799
800 case SOCKET_SOCKET:
801 socket_address_unlink(&p->address);
802 break;
803
804 default:
805 break;
806 }
807 }
808 }
809
810 if (s->remove_on_stop)
811 STRV_FOREACH(i, s->symlinks)
812 unlink(*i);
813 }
814
815 static void socket_apply_socket_options(Socket *s, int fd) {
816 int r;
817
818 assert(s);
819 assert(fd >= 0);
820
821 if (s->keep_alive) {
822 int b = s->keep_alive;
823 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
824 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
825 }
826
827 if (s->keep_alive_time) {
828 int value = s->keep_alive_time / USEC_PER_SEC;
829 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
830 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
831 }
832
833 if (s->keep_alive_interval) {
834 int value = s->keep_alive_interval / USEC_PER_SEC;
835 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
836 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
837 }
838
839 if (s->keep_alive_cnt) {
840 int value = s->keep_alive_cnt;
841 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
842 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
843 }
844
845 if (s->defer_accept) {
846 int value = s->defer_accept / USEC_PER_SEC;
847 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
848 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
849 }
850
851 if (s->no_delay) {
852 int b = s->no_delay;
853 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
854 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
855 }
856
857 if (s->broadcast) {
858 int one = 1;
859 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
860 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
861 }
862
863 if (s->pass_cred) {
864 int one = 1;
865 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
866 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
867 }
868
869 if (s->pass_sec) {
870 int one = 1;
871 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
872 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
873 }
874
875 if (s->priority >= 0)
876 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
877 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
878
879 if (s->receive_buffer > 0) {
880 int value = (int) s->receive_buffer;
881
882 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
883
884 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
885 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
886 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
887 }
888
889 if (s->send_buffer > 0) {
890 int value = (int) s->send_buffer;
891 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
892 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
893 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
894 }
895
896 if (s->mark >= 0)
897 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
898 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
899
900 if (s->ip_tos >= 0)
901 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
902 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
903
904 if (s->ip_ttl >= 0) {
905 int x;
906
907 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
908
909 if (socket_ipv6_is_supported())
910 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
911 else {
912 x = -1;
913 errno = EAFNOSUPPORT;
914 }
915
916 if (r < 0 && x < 0)
917 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
918 }
919
920 if (s->tcp_congestion)
921 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
922 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
923
924 if (s->smack_ip_in) {
925 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
926 if (r < 0)
927 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
928 }
929
930 if (s->smack_ip_out) {
931 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
932 if (r < 0)
933 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
934 }
935 }
936
937 static void socket_apply_fifo_options(Socket *s, int fd) {
938 int r;
939
940 assert(s);
941 assert(fd >= 0);
942
943 if (s->pipe_size > 0)
944 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
945 log_unit_warning_errno(UNIT(s), errno, "F_SETPIPE_SZ: %m");
946
947 if (s->smack) {
948 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
949 if (r < 0)
950 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_fd: %m");
951 }
952 }
953
954 static int fifo_address_create(
955 const char *path,
956 mode_t directory_mode,
957 mode_t socket_mode,
958 int *_fd) {
959
960 int fd = -1, r = 0;
961 struct stat st;
962 mode_t old_mask;
963
964 assert(path);
965 assert(_fd);
966
967 mkdir_parents_label(path, directory_mode);
968
969 r = mac_selinux_create_file_prepare(path, S_IFIFO);
970 if (r < 0)
971 goto fail;
972
973 /* Enforce the right access mode for the fifo */
974 old_mask = umask(~ socket_mode);
975
976 /* Include the original umask in our mask */
977 umask(~socket_mode | old_mask);
978
979 r = mkfifo(path, socket_mode);
980 umask(old_mask);
981
982 if (r < 0 && errno != EEXIST) {
983 r = -errno;
984 goto fail;
985 }
986
987 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
988 r = -errno;
989 goto fail;
990 }
991
992 mac_selinux_create_file_clear();
993
994 if (fstat(fd, &st) < 0) {
995 r = -errno;
996 goto fail;
997 }
998
999 if (!S_ISFIFO(st.st_mode) ||
1000 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1001 st.st_uid != getuid() ||
1002 st.st_gid != getgid()) {
1003
1004 r = -EEXIST;
1005 goto fail;
1006 }
1007
1008 *_fd = fd;
1009 return 0;
1010
1011 fail:
1012 mac_selinux_create_file_clear();
1013 safe_close(fd);
1014
1015 return r;
1016 }
1017
1018 static int special_address_create(
1019 const char *path,
1020 int *_fd) {
1021
1022 int fd = -1, r = 0;
1023 struct stat st;
1024
1025 assert(path);
1026 assert(_fd);
1027
1028 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1029 if (fd < 0) {
1030 r = -errno;
1031 goto fail;
1032 }
1033
1034 if (fstat(fd, &st) < 0) {
1035 r = -errno;
1036 goto fail;
1037 }
1038
1039 /* Check whether this is a /proc, /sys or /dev file or char device */
1040 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1041 r = -EEXIST;
1042 goto fail;
1043 }
1044
1045 *_fd = fd;
1046 return 0;
1047
1048 fail:
1049 safe_close(fd);
1050
1051 return r;
1052 }
1053
1054 static int mq_address_create(
1055 const char *path,
1056 mode_t mq_mode,
1057 long maxmsg,
1058 long msgsize,
1059 int *_fd) {
1060
1061 int fd = -1, r = 0;
1062 struct stat st;
1063 mode_t old_mask;
1064 struct mq_attr _attr, *attr = NULL;
1065
1066 assert(path);
1067 assert(_fd);
1068
1069 if (maxmsg > 0 && msgsize > 0) {
1070 zero(_attr);
1071 _attr.mq_flags = O_NONBLOCK;
1072 _attr.mq_maxmsg = maxmsg;
1073 _attr.mq_msgsize = msgsize;
1074 attr = &_attr;
1075 }
1076
1077 /* Enforce the right access mode for the mq */
1078 old_mask = umask(~ mq_mode);
1079
1080 /* Include the original umask in our mask */
1081 umask(~mq_mode | old_mask);
1082 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1083 umask(old_mask);
1084
1085 if (fd < 0) {
1086 r = -errno;
1087 goto fail;
1088 }
1089
1090 if (fstat(fd, &st) < 0) {
1091 r = -errno;
1092 goto fail;
1093 }
1094
1095 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1096 st.st_uid != getuid() ||
1097 st.st_gid != getgid()) {
1098
1099 r = -EEXIST;
1100 goto fail;
1101 }
1102
1103 *_fd = fd;
1104 return 0;
1105
1106 fail:
1107 safe_close(fd);
1108 return r;
1109 }
1110
1111 static int socket_symlink(Socket *s) {
1112 const char *p;
1113 char **i;
1114
1115 assert(s);
1116
1117 p = socket_find_symlink_target(s);
1118 if (!p)
1119 return 0;
1120
1121 STRV_FOREACH(i, s->symlinks)
1122 symlink_label(p, *i);
1123
1124 return 0;
1125 }
1126
1127 static int socket_open_fds(Socket *s) {
1128 SocketPort *p;
1129 int r;
1130 char *label = NULL;
1131 bool know_label = false;
1132
1133 assert(s);
1134
1135 LIST_FOREACH(port, p, s->ports) {
1136
1137 if (p->fd >= 0)
1138 continue;
1139
1140 if (p->type == SOCKET_SOCKET) {
1141
1142 if (!know_label) {
1143 /* Figure out label, if we don't it know
1144 * yet. We do it once, for the first
1145 * socket where we need this and
1146 * remember it for the rest. */
1147
1148 if (s->selinux_context_from_net) {
1149 /* Get it from the network label */
1150
1151 r = mac_selinux_get_our_label(&label);
1152 if (r < 0 && r != -EOPNOTSUPP)
1153 goto rollback;
1154
1155 } else {
1156 /* Get it from the executable we are about to start */
1157
1158 r = socket_instantiate_service(s);
1159 if (r < 0)
1160 goto rollback;
1161
1162 if (UNIT_ISSET(s->service) &&
1163 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1164 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1165 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1166 goto rollback;
1167 }
1168 }
1169
1170 know_label = true;
1171 }
1172
1173 r = socket_address_listen(
1174 &p->address,
1175 SOCK_CLOEXEC|SOCK_NONBLOCK,
1176 s->backlog,
1177 s->bind_ipv6_only,
1178 s->bind_to_device,
1179 s->reuse_port,
1180 s->free_bind,
1181 s->transparent,
1182 s->directory_mode,
1183 s->socket_mode,
1184 label);
1185 if (r < 0)
1186 goto rollback;
1187
1188 p->fd = r;
1189 socket_apply_socket_options(s, p->fd);
1190 socket_symlink(s);
1191
1192 } else if (p->type == SOCKET_SPECIAL) {
1193
1194 r = special_address_create(
1195 p->path,
1196 &p->fd);
1197 if (r < 0)
1198 goto rollback;
1199
1200 } else if (p->type == SOCKET_FIFO) {
1201
1202 r = fifo_address_create(
1203 p->path,
1204 s->directory_mode,
1205 s->socket_mode,
1206 &p->fd);
1207 if (r < 0)
1208 goto rollback;
1209
1210 socket_apply_fifo_options(s, p->fd);
1211 socket_symlink(s);
1212
1213 } else if (p->type == SOCKET_MQUEUE) {
1214
1215 r = mq_address_create(
1216 p->path,
1217 s->socket_mode,
1218 s->mq_maxmsg,
1219 s->mq_msgsize,
1220 &p->fd);
1221 if (r < 0)
1222 goto rollback;
1223 } else
1224 assert_not_reached("Unknown port type");
1225 }
1226
1227 mac_selinux_free(label);
1228 return 0;
1229
1230 rollback:
1231 socket_close_fds(s);
1232 mac_selinux_free(label);
1233
1234 return r;
1235 }
1236
1237 static void socket_unwatch_fds(Socket *s) {
1238 SocketPort *p;
1239 int r;
1240
1241 assert(s);
1242
1243 LIST_FOREACH(port, p, s->ports) {
1244 if (p->fd < 0)
1245 continue;
1246
1247 if (!p->event_source)
1248 continue;
1249
1250 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1251 if (r < 0)
1252 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
1253 }
1254 }
1255
1256 static int socket_watch_fds(Socket *s) {
1257 SocketPort *p;
1258 int r;
1259
1260 assert(s);
1261
1262 LIST_FOREACH(port, p, s->ports) {
1263 if (p->fd < 0)
1264 continue;
1265
1266 if (p->event_source) {
1267 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1268 if (r < 0)
1269 goto fail;
1270 } else {
1271 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1272 if (r < 0)
1273 goto fail;
1274
1275 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1276 }
1277 }
1278
1279 return 0;
1280
1281 fail:
1282 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
1283 socket_unwatch_fds(s);
1284 return r;
1285 }
1286
1287 static void socket_set_state(Socket *s, SocketState state) {
1288 SocketState old_state;
1289 assert(s);
1290
1291 old_state = s->state;
1292 s->state = state;
1293
1294 if (!IN_SET(state,
1295 SOCKET_START_PRE,
1296 SOCKET_START_CHOWN,
1297 SOCKET_START_POST,
1298 SOCKET_STOP_PRE,
1299 SOCKET_STOP_PRE_SIGTERM,
1300 SOCKET_STOP_PRE_SIGKILL,
1301 SOCKET_STOP_POST,
1302 SOCKET_FINAL_SIGTERM,
1303 SOCKET_FINAL_SIGKILL)) {
1304
1305 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1306 socket_unwatch_control_pid(s);
1307 s->control_command = NULL;
1308 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1309 }
1310
1311 if (state != SOCKET_LISTENING)
1312 socket_unwatch_fds(s);
1313
1314 if (!IN_SET(state,
1315 SOCKET_START_CHOWN,
1316 SOCKET_START_POST,
1317 SOCKET_LISTENING,
1318 SOCKET_RUNNING,
1319 SOCKET_STOP_PRE,
1320 SOCKET_STOP_PRE_SIGTERM,
1321 SOCKET_STOP_PRE_SIGKILL))
1322 socket_close_fds(s);
1323
1324 if (state != old_state)
1325 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
1326
1327 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1328 }
1329
1330 static int socket_coldplug(Unit *u) {
1331 Socket *s = SOCKET(u);
1332 int r;
1333
1334 assert(s);
1335 assert(s->state == SOCKET_DEAD);
1336
1337 if (s->deserialized_state == s->state)
1338 return 0;
1339
1340 if (IN_SET(s->deserialized_state,
1341 SOCKET_START_PRE,
1342 SOCKET_START_CHOWN,
1343 SOCKET_START_POST,
1344 SOCKET_STOP_PRE,
1345 SOCKET_STOP_PRE_SIGTERM,
1346 SOCKET_STOP_PRE_SIGKILL,
1347 SOCKET_STOP_POST,
1348 SOCKET_FINAL_SIGTERM,
1349 SOCKET_FINAL_SIGKILL)) {
1350
1351 if (s->control_pid <= 0)
1352 return -EBADMSG;
1353
1354 r = unit_watch_pid(UNIT(s), s->control_pid);
1355 if (r < 0)
1356 return r;
1357
1358 r = socket_arm_timer(s);
1359 if (r < 0)
1360 return r;
1361 }
1362
1363 if (IN_SET(s->deserialized_state,
1364 SOCKET_START_CHOWN,
1365 SOCKET_START_POST,
1366 SOCKET_LISTENING,
1367 SOCKET_RUNNING,
1368 SOCKET_STOP_PRE,
1369 SOCKET_STOP_PRE_SIGTERM,
1370 SOCKET_STOP_PRE_SIGKILL)) {
1371 r = socket_open_fds(s);
1372 if (r < 0)
1373 return r;
1374 }
1375
1376 if (s->deserialized_state == SOCKET_LISTENING) {
1377 r = socket_watch_fds(s);
1378 if (r < 0)
1379 return r;
1380 }
1381
1382 socket_set_state(s, s->deserialized_state);
1383 return 0;
1384 }
1385
1386 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1387 _cleanup_free_ char **argv = NULL;
1388 pid_t pid;
1389 int r;
1390 ExecParameters exec_params = {
1391 .apply_permissions = true,
1392 .apply_chroot = true,
1393 .apply_tty_stdin = true,
1394 .bus_endpoint_fd = -1,
1395 };
1396
1397 assert(s);
1398 assert(c);
1399 assert(_pid);
1400
1401 (void) unit_realize_cgroup(UNIT(s));
1402 if (s->reset_cpu_usage) {
1403 (void) unit_reset_cpu_usage(UNIT(s));
1404 s->reset_cpu_usage = false;
1405 }
1406
1407 r = unit_setup_exec_runtime(UNIT(s));
1408 if (r < 0)
1409 goto fail;
1410
1411 r = socket_arm_timer(s);
1412 if (r < 0)
1413 goto fail;
1414
1415 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1416 if (r < 0)
1417 goto fail;
1418
1419 exec_params.argv = argv;
1420 exec_params.environment = UNIT(s)->manager->environment;
1421 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1422 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1423 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1424 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1425 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1426
1427 r = exec_spawn(UNIT(s),
1428 c,
1429 &s->exec_context,
1430 &exec_params,
1431 s->exec_runtime,
1432 &pid);
1433 if (r < 0)
1434 goto fail;
1435
1436 r = unit_watch_pid(UNIT(s), pid);
1437 if (r < 0)
1438 /* FIXME: we need to do something here */
1439 goto fail;
1440
1441 *_pid = pid;
1442 return 0;
1443
1444 fail:
1445 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1446 return r;
1447 }
1448
1449 static int socket_chown(Socket *s, pid_t *_pid) {
1450 pid_t pid;
1451 int r;
1452
1453 r = socket_arm_timer(s);
1454 if (r < 0)
1455 goto fail;
1456
1457 /* We have to resolve the user names out-of-process, hence
1458 * let's fork here. It's messy, but well, what can we do? */
1459
1460 pid = fork();
1461 if (pid < 0)
1462 return -errno;
1463
1464 if (pid == 0) {
1465 SocketPort *p;
1466 uid_t uid = UID_INVALID;
1467 gid_t gid = GID_INVALID;
1468 int ret;
1469
1470 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1471 (void) ignore_signals(SIGPIPE, -1);
1472 log_forget_fds();
1473
1474 if (!isempty(s->user)) {
1475 const char *user = s->user;
1476
1477 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1478 if (r < 0) {
1479 ret = EXIT_USER;
1480 goto fail_child;
1481 }
1482 }
1483
1484 if (!isempty(s->group)) {
1485 const char *group = s->group;
1486
1487 r = get_group_creds(&group, &gid);
1488 if (r < 0) {
1489 ret = EXIT_GROUP;
1490 goto fail_child;
1491 }
1492 }
1493
1494 LIST_FOREACH(port, p, s->ports) {
1495 const char *path = NULL;
1496
1497 if (p->type == SOCKET_SOCKET)
1498 path = socket_address_get_path(&p->address);
1499 else if (p->type == SOCKET_FIFO)
1500 path = p->path;
1501
1502 if (!path)
1503 continue;
1504
1505 if (chown(path, uid, gid) < 0) {
1506 r = -errno;
1507 ret = EXIT_CHOWN;
1508 goto fail_child;
1509 }
1510 }
1511
1512 _exit(0);
1513
1514 fail_child:
1515 log_open();
1516 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1517
1518 _exit(ret);
1519 }
1520
1521 r = unit_watch_pid(UNIT(s), pid);
1522 if (r < 0)
1523 goto fail;
1524
1525 *_pid = pid;
1526 return 0;
1527
1528 fail:
1529 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1530 return r;
1531 }
1532
1533 static void socket_enter_dead(Socket *s, SocketResult f) {
1534 assert(s);
1535
1536 if (f != SOCKET_SUCCESS)
1537 s->result = f;
1538
1539 exec_runtime_destroy(s->exec_runtime);
1540 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1541
1542 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1543
1544 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1545 }
1546
1547 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1548
1549 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1550 int r;
1551 assert(s);
1552
1553 if (f != SOCKET_SUCCESS)
1554 s->result = f;
1555
1556 socket_unwatch_control_pid(s);
1557 s->control_command_id = SOCKET_EXEC_STOP_POST;
1558 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1559
1560 if (s->control_command) {
1561 r = socket_spawn(s, s->control_command, &s->control_pid);
1562 if (r < 0)
1563 goto fail;
1564
1565 socket_set_state(s, SOCKET_STOP_POST);
1566 } else
1567 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1568
1569 return;
1570
1571 fail:
1572 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
1573 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1574 }
1575
1576 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1577 int r;
1578
1579 assert(s);
1580
1581 if (f != SOCKET_SUCCESS)
1582 s->result = f;
1583
1584 r = unit_kill_context(
1585 UNIT(s),
1586 &s->kill_context,
1587 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1588 KILL_KILL : KILL_TERMINATE,
1589 -1,
1590 s->control_pid,
1591 false);
1592 if (r < 0)
1593 goto fail;
1594
1595 if (r > 0) {
1596 r = socket_arm_timer(s);
1597 if (r < 0)
1598 goto fail;
1599
1600 socket_set_state(s, state);
1601 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1602 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1603 else if (state == SOCKET_STOP_PRE_SIGKILL)
1604 socket_enter_stop_post(s, SOCKET_SUCCESS);
1605 else if (state == SOCKET_FINAL_SIGTERM)
1606 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1607 else
1608 socket_enter_dead(s, SOCKET_SUCCESS);
1609
1610 return;
1611
1612 fail:
1613 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
1614
1615 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1616 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1617 else
1618 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1619 }
1620
1621 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1622 int r;
1623 assert(s);
1624
1625 if (f != SOCKET_SUCCESS)
1626 s->result = f;
1627
1628 socket_unwatch_control_pid(s);
1629 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1630 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1631
1632 if (s->control_command) {
1633 r = socket_spawn(s, s->control_command, &s->control_pid);
1634 if (r < 0)
1635 goto fail;
1636
1637 socket_set_state(s, SOCKET_STOP_PRE);
1638 } else
1639 socket_enter_stop_post(s, SOCKET_SUCCESS);
1640
1641 return;
1642
1643 fail:
1644 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
1645 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1646 }
1647
1648 static void socket_enter_listening(Socket *s) {
1649 int r;
1650 assert(s);
1651
1652 r = socket_watch_fds(s);
1653 if (r < 0) {
1654 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1655 goto fail;
1656 }
1657
1658 socket_set_state(s, SOCKET_LISTENING);
1659 return;
1660
1661 fail:
1662 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1663 }
1664
1665 static void socket_enter_start_post(Socket *s) {
1666 int r;
1667 assert(s);
1668
1669 socket_unwatch_control_pid(s);
1670 s->control_command_id = SOCKET_EXEC_START_POST;
1671 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1672
1673 if (s->control_command) {
1674 r = socket_spawn(s, s->control_command, &s->control_pid);
1675 if (r < 0) {
1676 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
1677 goto fail;
1678 }
1679
1680 socket_set_state(s, SOCKET_START_POST);
1681 } else
1682 socket_enter_listening(s);
1683
1684 return;
1685
1686 fail:
1687 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1688 }
1689
1690 static void socket_enter_start_chown(Socket *s) {
1691 int r;
1692
1693 assert(s);
1694
1695 r = socket_open_fds(s);
1696 if (r < 0) {
1697 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1698 goto fail;
1699 }
1700
1701 if (!isempty(s->user) || !isempty(s->group)) {
1702
1703 socket_unwatch_control_pid(s);
1704 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1705 s->control_command = NULL;
1706
1707 r = socket_chown(s, &s->control_pid);
1708 if (r < 0) {
1709 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
1710 goto fail;
1711 }
1712
1713 socket_set_state(s, SOCKET_START_CHOWN);
1714 } else
1715 socket_enter_start_post(s);
1716
1717 return;
1718
1719 fail:
1720 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1721 }
1722
1723 static void socket_enter_start_pre(Socket *s) {
1724 int r;
1725 assert(s);
1726
1727 socket_unwatch_control_pid(s);
1728 s->control_command_id = SOCKET_EXEC_START_PRE;
1729 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1730
1731 if (s->control_command) {
1732 r = socket_spawn(s, s->control_command, &s->control_pid);
1733 if (r < 0) {
1734 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
1735 goto fail;
1736 }
1737
1738 socket_set_state(s, SOCKET_START_PRE);
1739 } else
1740 socket_enter_start_chown(s);
1741
1742 return;
1743
1744 fail:
1745 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1746 }
1747
1748 static void socket_enter_running(Socket *s, int cfd) {
1749 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1750 int r;
1751
1752 assert(s);
1753
1754 /* We don't take connections anymore if we are supposed to
1755 * shut down anyway */
1756 if (unit_stop_pending(UNIT(s))) {
1757
1758 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
1759
1760 if (cfd >= 0)
1761 safe_close(cfd);
1762 else {
1763 /* Flush all sockets by closing and reopening them */
1764 socket_close_fds(s);
1765
1766 r = socket_open_fds(s);
1767 if (r < 0) {
1768 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1769 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1770 return;
1771 }
1772
1773 r = socket_watch_fds(s);
1774 if (r < 0) {
1775 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1776 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1777 }
1778 }
1779
1780 return;
1781 }
1782
1783 if (cfd < 0) {
1784 Iterator i;
1785 Unit *other;
1786 bool pending = false;
1787
1788 /* If there's already a start pending don't bother to
1789 * do anything */
1790 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1791 if (unit_active_or_pending(other)) {
1792 pending = true;
1793 break;
1794 }
1795
1796 if (!pending) {
1797 if (!UNIT_ISSET(s->service)) {
1798 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
1799 r = -ENOENT;
1800 goto fail;
1801 }
1802
1803 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1804 if (r < 0)
1805 goto fail;
1806 }
1807
1808 socket_set_state(s, SOCKET_RUNNING);
1809 } else {
1810 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1811 Service *service;
1812
1813 if (s->n_connections >= s->max_connections) {
1814 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
1815 safe_close(cfd);
1816 return;
1817 }
1818
1819 r = socket_instantiate_service(s);
1820 if (r < 0)
1821 goto fail;
1822
1823 r = instance_from_socket(cfd, s->n_accepted, &instance);
1824 if (r < 0) {
1825 if (r != -ENOTCONN)
1826 goto fail;
1827
1828 /* ENOTCONN is legitimate if TCP RST was received.
1829 * This connection is over, but the socket unit lives on. */
1830 safe_close(cfd);
1831 return;
1832 }
1833
1834 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1835 if (r < 0)
1836 goto fail;
1837
1838 r = unit_name_build(prefix, instance, ".service", &name);
1839 if (r < 0)
1840 goto fail;
1841
1842 r = unit_add_name(UNIT_DEREF(s->service), name);
1843 if (r < 0)
1844 goto fail;
1845
1846 service = SERVICE(UNIT_DEREF(s->service));
1847 unit_ref_unset(&s->service);
1848 s->n_accepted ++;
1849
1850 UNIT(service)->no_gc = false;
1851
1852 unit_choose_id(UNIT(service), name);
1853
1854 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1855 if (r < 0)
1856 goto fail;
1857
1858 cfd = -1;
1859 s->n_connections ++;
1860
1861 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1862 if (r < 0)
1863 goto fail;
1864
1865 /* Notify clients about changed counters */
1866 unit_add_to_dbus_queue(UNIT(s));
1867 }
1868
1869 return;
1870
1871 fail:
1872 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1873 cfd >= 0 ? "template" : "non-template",
1874 bus_error_message(&error, r));
1875
1876 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1877 safe_close(cfd);
1878 }
1879
1880 static void socket_run_next(Socket *s) {
1881 int r;
1882
1883 assert(s);
1884 assert(s->control_command);
1885 assert(s->control_command->command_next);
1886
1887 socket_unwatch_control_pid(s);
1888
1889 s->control_command = s->control_command->command_next;
1890
1891 r = socket_spawn(s, s->control_command, &s->control_pid);
1892 if (r < 0)
1893 goto fail;
1894
1895 return;
1896
1897 fail:
1898 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
1899
1900 if (s->state == SOCKET_START_POST)
1901 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1902 else if (s->state == SOCKET_STOP_POST)
1903 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1904 else
1905 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1906 }
1907
1908 static int socket_start(Unit *u) {
1909 Socket *s = SOCKET(u);
1910
1911 assert(s);
1912
1913 /* We cannot fulfill this request right now, try again later
1914 * please! */
1915 if (IN_SET(s->state,
1916 SOCKET_STOP_PRE,
1917 SOCKET_STOP_PRE_SIGKILL,
1918 SOCKET_STOP_PRE_SIGTERM,
1919 SOCKET_STOP_POST,
1920 SOCKET_FINAL_SIGTERM,
1921 SOCKET_FINAL_SIGKILL))
1922 return -EAGAIN;
1923
1924 /* Already on it! */
1925 if (IN_SET(s->state,
1926 SOCKET_START_PRE,
1927 SOCKET_START_CHOWN,
1928 SOCKET_START_POST))
1929 return 0;
1930
1931 /* Cannot run this without the service being around */
1932 if (UNIT_ISSET(s->service)) {
1933 Service *service;
1934
1935 service = SERVICE(UNIT_DEREF(s->service));
1936
1937 if (UNIT(service)->load_state != UNIT_LOADED) {
1938 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1939 return -ENOENT;
1940 }
1941
1942 /* If the service is already active we cannot start the
1943 * socket */
1944 if (service->state != SERVICE_DEAD &&
1945 service->state != SERVICE_FAILED &&
1946 service->state != SERVICE_AUTO_RESTART) {
1947 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
1948 return -EBUSY;
1949 }
1950 }
1951
1952 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1953
1954 s->result = SOCKET_SUCCESS;
1955 s->reset_cpu_usage = true;
1956
1957 socket_enter_start_pre(s);
1958
1959 return 1;
1960 }
1961
1962 static int socket_stop(Unit *u) {
1963 Socket *s = SOCKET(u);
1964
1965 assert(s);
1966
1967 /* Already on it */
1968 if (IN_SET(s->state,
1969 SOCKET_STOP_PRE,
1970 SOCKET_STOP_PRE_SIGTERM,
1971 SOCKET_STOP_PRE_SIGKILL,
1972 SOCKET_STOP_POST,
1973 SOCKET_FINAL_SIGTERM,
1974 SOCKET_FINAL_SIGKILL))
1975 return 0;
1976
1977 /* If there's already something running we go directly into
1978 * kill mode. */
1979 if (IN_SET(s->state,
1980 SOCKET_START_PRE,
1981 SOCKET_START_CHOWN,
1982 SOCKET_START_POST)) {
1983 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1984 return -EAGAIN;
1985 }
1986
1987 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1988
1989 socket_enter_stop_pre(s, SOCKET_SUCCESS);
1990 return 1;
1991 }
1992
1993 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1994 Socket *s = SOCKET(u);
1995 SocketPort *p;
1996 int r;
1997
1998 assert(u);
1999 assert(f);
2000 assert(fds);
2001
2002 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2003 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2004 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2005
2006 if (s->control_pid > 0)
2007 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2008
2009 if (s->control_command_id >= 0)
2010 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2011
2012 LIST_FOREACH(port, p, s->ports) {
2013 int copy;
2014
2015 if (p->fd < 0)
2016 continue;
2017
2018 copy = fdset_put_dup(fds, p->fd);
2019 if (copy < 0)
2020 return copy;
2021
2022 if (p->type == SOCKET_SOCKET) {
2023 _cleanup_free_ char *t = NULL;
2024
2025 r = socket_address_print(&p->address, &t);
2026 if (r < 0)
2027 return r;
2028
2029 if (socket_address_family(&p->address) == AF_NETLINK)
2030 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2031 else
2032 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2033
2034 } else if (p->type == SOCKET_SPECIAL)
2035 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2036 else if (p->type == SOCKET_MQUEUE)
2037 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2038 else {
2039 assert(p->type == SOCKET_FIFO);
2040 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2041 }
2042 }
2043
2044 return 0;
2045 }
2046
2047 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2048 Socket *s = SOCKET(u);
2049
2050 assert(u);
2051 assert(key);
2052 assert(value);
2053
2054 if (streq(key, "state")) {
2055 SocketState state;
2056
2057 state = socket_state_from_string(value);
2058 if (state < 0)
2059 log_unit_debug(u, "Failed to parse state value: %s", value);
2060 else
2061 s->deserialized_state = state;
2062 } else if (streq(key, "result")) {
2063 SocketResult f;
2064
2065 f = socket_result_from_string(value);
2066 if (f < 0)
2067 log_unit_debug(u, "Failed to parse result value: %s", value);
2068 else if (f != SOCKET_SUCCESS)
2069 s->result = f;
2070
2071 } else if (streq(key, "n-accepted")) {
2072 unsigned k;
2073
2074 if (safe_atou(value, &k) < 0)
2075 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
2076 else
2077 s->n_accepted += k;
2078 } else if (streq(key, "control-pid")) {
2079 pid_t pid;
2080
2081 if (parse_pid(value, &pid) < 0)
2082 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
2083 else
2084 s->control_pid = pid;
2085 } else if (streq(key, "control-command")) {
2086 SocketExecCommand id;
2087
2088 id = socket_exec_command_from_string(value);
2089 if (id < 0)
2090 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
2091 else {
2092 s->control_command_id = id;
2093 s->control_command = s->exec_command[id];
2094 }
2095 } else if (streq(key, "fifo")) {
2096 int fd, skip = 0;
2097 SocketPort *p;
2098
2099 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2100 log_unit_debug(u, "Failed to parse fifo value: %s", value);
2101 else {
2102
2103 LIST_FOREACH(port, p, s->ports)
2104 if (p->type == SOCKET_FIFO &&
2105 path_equal_or_files_same(p->path, value+skip))
2106 break;
2107
2108 if (p) {
2109 safe_close(p->fd);
2110 p->fd = fdset_remove(fds, fd);
2111 }
2112 }
2113
2114 } else if (streq(key, "special")) {
2115 int fd, skip = 0;
2116 SocketPort *p;
2117
2118 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2119 log_unit_debug(u, "Failed to parse special value: %s", value);
2120 else {
2121
2122 LIST_FOREACH(port, p, s->ports)
2123 if (p->type == SOCKET_SPECIAL &&
2124 path_equal_or_files_same(p->path, value+skip))
2125 break;
2126
2127 if (p) {
2128 safe_close(p->fd);
2129 p->fd = fdset_remove(fds, fd);
2130 }
2131 }
2132
2133 } else if (streq(key, "mqueue")) {
2134 int fd, skip = 0;
2135 SocketPort *p;
2136
2137 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2138 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
2139 else {
2140
2141 LIST_FOREACH(port, p, s->ports)
2142 if (p->type == SOCKET_MQUEUE &&
2143 streq(p->path, value+skip))
2144 break;
2145
2146 if (p) {
2147 safe_close(p->fd);
2148 p->fd = fdset_remove(fds, fd);
2149 }
2150 }
2151
2152 } else if (streq(key, "socket")) {
2153 int fd, type, skip = 0;
2154 SocketPort *p;
2155
2156 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2157 log_unit_debug(u, "Failed to parse socket value: %s", value);
2158 else {
2159
2160 LIST_FOREACH(port, p, s->ports)
2161 if (socket_address_is(&p->address, value+skip, type))
2162 break;
2163
2164 if (p) {
2165 safe_close(p->fd);
2166 p->fd = fdset_remove(fds, fd);
2167 }
2168 }
2169
2170 } else if (streq(key, "netlink")) {
2171 int fd, skip = 0;
2172 SocketPort *p;
2173
2174 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2175 log_unit_debug(u, "Failed to parse socket value: %s", value);
2176 else {
2177
2178 LIST_FOREACH(port, p, s->ports)
2179 if (socket_address_is_netlink(&p->address, value+skip))
2180 break;
2181
2182 if (p) {
2183 safe_close(p->fd);
2184 p->fd = fdset_remove(fds, fd);
2185 }
2186 }
2187 } else
2188 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
2189
2190 return 0;
2191 }
2192
2193 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2194 Socket *s = SOCKET(u);
2195 SocketPort *p;
2196
2197 assert(u);
2198
2199 LIST_FOREACH(port, p, s->ports) {
2200 Iterator i;
2201 int fd;
2202
2203 if (p->type != SOCKET_SOCKET)
2204 continue;
2205
2206 if (p->fd >= 0)
2207 continue;
2208
2209 FDSET_FOREACH(fd, fds, i) {
2210 if (socket_address_matches_fd(&p->address, fd)) {
2211 p->fd = fdset_remove(fds, fd);
2212 s->deserialized_state = SOCKET_LISTENING;
2213 break;
2214 }
2215 }
2216 }
2217
2218 return 0;
2219 }
2220
2221 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2222 assert(u);
2223
2224 return state_translation_table[SOCKET(u)->state];
2225 }
2226
2227 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2228 assert(u);
2229
2230 return socket_state_to_string(SOCKET(u)->state);
2231 }
2232
2233 const char* socket_port_type_to_string(SocketPort *p) {
2234
2235 assert(p);
2236
2237 switch (p->type) {
2238
2239 case SOCKET_SOCKET:
2240
2241 switch (p->address.type) {
2242
2243 case SOCK_STREAM:
2244 return "Stream";
2245
2246 case SOCK_DGRAM:
2247 return "Datagram";
2248
2249 case SOCK_SEQPACKET:
2250 return "SequentialPacket";
2251
2252 case SOCK_RAW:
2253 if (socket_address_family(&p->address) == AF_NETLINK)
2254 return "Netlink";
2255
2256 default:
2257 return NULL;
2258 }
2259
2260 case SOCKET_SPECIAL:
2261 return "Special";
2262
2263 case SOCKET_MQUEUE:
2264 return "MessageQueue";
2265
2266 case SOCKET_FIFO:
2267 return "FIFO";
2268
2269 default:
2270 return NULL;
2271 }
2272 }
2273
2274 _pure_ static bool socket_check_gc(Unit *u) {
2275 Socket *s = SOCKET(u);
2276
2277 assert(u);
2278
2279 return s->n_connections > 0;
2280 }
2281
2282 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2283 SocketPort *p = userdata;
2284 int cfd = -1;
2285
2286 assert(p);
2287 assert(fd >= 0);
2288
2289 if (p->socket->state != SOCKET_LISTENING)
2290 return 0;
2291
2292 log_unit_debug(UNIT(p->socket), "Incoming traffic");
2293
2294 if (revents != EPOLLIN) {
2295
2296 if (revents & EPOLLHUP)
2297 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2298 else
2299 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
2300
2301 goto fail;
2302 }
2303
2304 if (p->socket->accept &&
2305 p->type == SOCKET_SOCKET &&
2306 socket_address_can_accept(&p->address)) {
2307
2308 for (;;) {
2309
2310 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2311 if (cfd < 0) {
2312
2313 if (errno == EINTR)
2314 continue;
2315
2316 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
2317 goto fail;
2318 }
2319
2320 break;
2321 }
2322
2323 socket_apply_socket_options(p->socket, cfd);
2324 }
2325
2326 socket_enter_running(p->socket, cfd);
2327 return 0;
2328
2329 fail:
2330 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2331 return 0;
2332 }
2333
2334 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2335 Socket *s = SOCKET(u);
2336 SocketResult f;
2337
2338 assert(s);
2339 assert(pid >= 0);
2340
2341 if (pid != s->control_pid)
2342 return;
2343
2344 s->control_pid = 0;
2345
2346 if (is_clean_exit(code, status, NULL))
2347 f = SOCKET_SUCCESS;
2348 else if (code == CLD_EXITED)
2349 f = SOCKET_FAILURE_EXIT_CODE;
2350 else if (code == CLD_KILLED)
2351 f = SOCKET_FAILURE_SIGNAL;
2352 else if (code == CLD_DUMPED)
2353 f = SOCKET_FAILURE_CORE_DUMP;
2354 else
2355 assert_not_reached("Unknown sigchld code");
2356
2357 if (s->control_command) {
2358 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2359
2360 if (s->control_command->ignore)
2361 f = SOCKET_SUCCESS;
2362 }
2363
2364 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2365 "Control process exited, code=%s status=%i",
2366 sigchld_code_to_string(code), status);
2367
2368 if (f != SOCKET_SUCCESS)
2369 s->result = f;
2370
2371 if (s->control_command &&
2372 s->control_command->command_next &&
2373 f == SOCKET_SUCCESS) {
2374
2375 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
2376 socket_run_next(s);
2377 } else {
2378 s->control_command = NULL;
2379 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2380
2381 /* No further commands for this step, so let's figure
2382 * out what to do next */
2383
2384 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
2385
2386 switch (s->state) {
2387
2388 case SOCKET_START_PRE:
2389 if (f == SOCKET_SUCCESS)
2390 socket_enter_start_chown(s);
2391 else
2392 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2393 break;
2394
2395 case SOCKET_START_CHOWN:
2396 if (f == SOCKET_SUCCESS)
2397 socket_enter_start_post(s);
2398 else
2399 socket_enter_stop_pre(s, f);
2400 break;
2401
2402 case SOCKET_START_POST:
2403 if (f == SOCKET_SUCCESS)
2404 socket_enter_listening(s);
2405 else
2406 socket_enter_stop_pre(s, f);
2407 break;
2408
2409 case SOCKET_STOP_PRE:
2410 case SOCKET_STOP_PRE_SIGTERM:
2411 case SOCKET_STOP_PRE_SIGKILL:
2412 socket_enter_stop_post(s, f);
2413 break;
2414
2415 case SOCKET_STOP_POST:
2416 case SOCKET_FINAL_SIGTERM:
2417 case SOCKET_FINAL_SIGKILL:
2418 socket_enter_dead(s, f);
2419 break;
2420
2421 default:
2422 assert_not_reached("Uh, control process died at wrong time.");
2423 }
2424 }
2425
2426 /* Notify clients about changed exit status */
2427 unit_add_to_dbus_queue(u);
2428 }
2429
2430 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2431 Socket *s = SOCKET(userdata);
2432
2433 assert(s);
2434 assert(s->timer_event_source == source);
2435
2436 switch (s->state) {
2437
2438 case SOCKET_START_PRE:
2439 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
2440 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2441 break;
2442
2443 case SOCKET_START_CHOWN:
2444 case SOCKET_START_POST:
2445 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
2446 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2447 break;
2448
2449 case SOCKET_STOP_PRE:
2450 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
2451 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2452 break;
2453
2454 case SOCKET_STOP_PRE_SIGTERM:
2455 if (s->kill_context.send_sigkill) {
2456 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
2457 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2458 } else {
2459 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2460 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2461 }
2462 break;
2463
2464 case SOCKET_STOP_PRE_SIGKILL:
2465 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
2466 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2467 break;
2468
2469 case SOCKET_STOP_POST:
2470 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
2471 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2472 break;
2473
2474 case SOCKET_FINAL_SIGTERM:
2475 if (s->kill_context.send_sigkill) {
2476 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
2477 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2478 } else {
2479 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2480 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2481 }
2482 break;
2483
2484 case SOCKET_FINAL_SIGKILL:
2485 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
2486 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2487 break;
2488
2489 default:
2490 assert_not_reached("Timeout at wrong time.");
2491 }
2492
2493 return 0;
2494 }
2495
2496 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2497 int *rfds;
2498 unsigned rn_fds, k;
2499 SocketPort *p;
2500
2501 assert(s);
2502 assert(fds);
2503 assert(n_fds);
2504
2505 /* Called from the service code for requesting our fds */
2506
2507 rn_fds = 0;
2508 LIST_FOREACH(port, p, s->ports)
2509 if (p->fd >= 0)
2510 rn_fds++;
2511
2512 if (rn_fds <= 0) {
2513 *fds = NULL;
2514 *n_fds = 0;
2515 return 0;
2516 }
2517
2518 rfds = new(int, rn_fds);
2519 if (!rfds)
2520 return -ENOMEM;
2521
2522 k = 0;
2523 LIST_FOREACH(port, p, s->ports)
2524 if (p->fd >= 0)
2525 rfds[k++] = p->fd;
2526
2527 assert(k == rn_fds);
2528
2529 *fds = rfds;
2530 *n_fds = rn_fds;
2531
2532 return 0;
2533 }
2534
2535 static void socket_reset_failed(Unit *u) {
2536 Socket *s = SOCKET(u);
2537
2538 assert(s);
2539
2540 if (s->state == SOCKET_FAILED)
2541 socket_set_state(s, SOCKET_DEAD);
2542
2543 s->result = SOCKET_SUCCESS;
2544 }
2545
2546 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2547 assert(s);
2548
2549 /* The service is dead. Dang!
2550 *
2551 * This is strictly for one-instance-for-all-connections
2552 * services. */
2553
2554 if (s->state == SOCKET_RUNNING) {
2555 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
2556 if (failed_permanent)
2557 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2558 else
2559 socket_enter_listening(s);
2560 }
2561 }
2562
2563 void socket_connection_unref(Socket *s) {
2564 assert(s);
2565
2566 /* The service is dead. Yay!
2567 *
2568 * This is strictly for one-instance-per-connection
2569 * services. */
2570
2571 assert(s->n_connections > 0);
2572 s->n_connections--;
2573
2574 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
2575 }
2576
2577 static void socket_trigger_notify(Unit *u, Unit *other) {
2578 Socket *s = SOCKET(u);
2579 Service *se;
2580
2581 assert(u);
2582 assert(other);
2583
2584 /* Don't propagate state changes from the service if we are
2585 already down or accepting connections */
2586 if ((s->state != SOCKET_RUNNING &&
2587 s->state != SOCKET_LISTENING) ||
2588 s->accept)
2589 return;
2590
2591 if (other->load_state != UNIT_LOADED ||
2592 other->type != UNIT_SERVICE)
2593 return;
2594
2595 se = SERVICE(other);
2596
2597 if (se->state == SERVICE_FAILED)
2598 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2599
2600 if (se->state == SERVICE_DEAD ||
2601 se->state == SERVICE_FINAL_SIGTERM ||
2602 se->state == SERVICE_FINAL_SIGKILL ||
2603 se->state == SERVICE_AUTO_RESTART)
2604 socket_notify_service_dead(s, false);
2605
2606 if (se->state == SERVICE_RUNNING)
2607 socket_set_state(s, SOCKET_RUNNING);
2608 }
2609
2610 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2611 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2612 }
2613
2614 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2615 Socket *s = SOCKET(u);
2616 int r;
2617
2618 if (!s->timer_event_source)
2619 return 0;
2620
2621 r = sd_event_source_get_time(s->timer_event_source, timeout);
2622 if (r < 0)
2623 return r;
2624
2625 return 1;
2626 }
2627
2628 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2629 [SOCKET_DEAD] = "dead",
2630 [SOCKET_START_PRE] = "start-pre",
2631 [SOCKET_START_CHOWN] = "start-chown",
2632 [SOCKET_START_POST] = "start-post",
2633 [SOCKET_LISTENING] = "listening",
2634 [SOCKET_RUNNING] = "running",
2635 [SOCKET_STOP_PRE] = "stop-pre",
2636 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2637 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2638 [SOCKET_STOP_POST] = "stop-post",
2639 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2640 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2641 [SOCKET_FAILED] = "failed"
2642 };
2643
2644 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2645
2646 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2647 [SOCKET_EXEC_START_PRE] = "StartPre",
2648 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2649 [SOCKET_EXEC_START_POST] = "StartPost",
2650 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2651 [SOCKET_EXEC_STOP_POST] = "StopPost"
2652 };
2653
2654 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2655
2656 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2657 [SOCKET_SUCCESS] = "success",
2658 [SOCKET_FAILURE_RESOURCES] = "resources",
2659 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2660 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2661 [SOCKET_FAILURE_SIGNAL] = "signal",
2662 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2663 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2664 };
2665
2666 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2667
2668 const UnitVTable socket_vtable = {
2669 .object_size = sizeof(Socket),
2670 .exec_context_offset = offsetof(Socket, exec_context),
2671 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2672 .kill_context_offset = offsetof(Socket, kill_context),
2673 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2674
2675 .sections =
2676 "Unit\0"
2677 "Socket\0"
2678 "Install\0",
2679 .private_section = "Socket",
2680
2681 .init = socket_init,
2682 .done = socket_done,
2683 .load = socket_load,
2684
2685 .coldplug = socket_coldplug,
2686
2687 .dump = socket_dump,
2688
2689 .start = socket_start,
2690 .stop = socket_stop,
2691
2692 .kill = socket_kill,
2693
2694 .get_timeout = socket_get_timeout,
2695
2696 .serialize = socket_serialize,
2697 .deserialize_item = socket_deserialize_item,
2698 .distribute_fds = socket_distribute_fds,
2699
2700 .active_state = socket_active_state,
2701 .sub_state_to_string = socket_sub_state_to_string,
2702
2703 .check_gc = socket_check_gc,
2704
2705 .sigchld_event = socket_sigchld_event,
2706
2707 .trigger_notify = socket_trigger_notify,
2708
2709 .reset_failed = socket_reset_failed,
2710
2711 .bus_interface = "org.freedesktop.systemd1.Socket",
2712 .bus_vtable = bus_socket_vtable,
2713 .bus_set_property = bus_socket_set_property,
2714 .bus_commit_properties = bus_socket_commit_properties,
2715
2716 .status_message_formats = {
2717 /*.starting_stopping = {
2718 [0] = "Starting socket %s...",
2719 [1] = "Stopping socket %s...",
2720 },*/
2721 .finished_start_job = {
2722 [JOB_DONE] = "Listening on %s.",
2723 [JOB_FAILED] = "Failed to listen on %s.",
2724 [JOB_TIMEOUT] = "Timed out starting %s.",
2725 },
2726 .finished_stop_job = {
2727 [JOB_DONE] = "Closed %s.",
2728 [JOB_FAILED] = "Failed stopping %s.",
2729 [JOB_TIMEOUT] = "Timed out stopping %s.",
2730 },
2731 },
2732 };
Unnamed repository; edit this file 'description' to name the repository.