]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #1426 from poettering/log-syntax
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <arpa/inet.h>
23 #include <errno.h>
24 #include <fcntl.h>
25 #include <mqueue.h>
26 #include <netinet/tcp.h>
27 #include <signal.h>
28 #include <sys/epoll.h>
29 #include <sys/stat.h>
30 #include <unistd.h>
31
32 #include "sd-event.h"
33
34 #include "bus-error.h"
35 #include "bus-util.h"
36 #include "copy.h"
37 #include "dbus-socket.h"
38 #include "def.h"
39 #include "exit-status.h"
40 #include "formats-util.h"
41 #include "label.h"
42 #include "log.h"
43 #include "missing.h"
44 #include "mkdir.h"
45 #include "path-util.h"
46 #include "selinux-util.h"
47 #include "signal-util.h"
48 #include "smack-util.h"
49 #include "socket.h"
50 #include "special.h"
51 #include "strv.h"
52 #include "unit-name.h"
53 #include "unit-printf.h"
54 #include "unit.h"
55
56 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
57 [SOCKET_DEAD] = UNIT_INACTIVE,
58 [SOCKET_START_PRE] = UNIT_ACTIVATING,
59 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
60 [SOCKET_START_POST] = UNIT_ACTIVATING,
61 [SOCKET_LISTENING] = UNIT_ACTIVE,
62 [SOCKET_RUNNING] = UNIT_ACTIVE,
63 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
66 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
67 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
68 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
69 [SOCKET_FAILED] = UNIT_FAILED
70 };
71
72 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
73 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
74
75 static void socket_init(Unit *u) {
76 Socket *s = SOCKET(u);
77
78 assert(u);
79 assert(u->load_state == UNIT_STUB);
80
81 s->backlog = SOMAXCONN;
82 s->timeout_usec = u->manager->default_timeout_start_usec;
83 s->directory_mode = 0755;
84 s->socket_mode = 0666;
85
86 s->max_connections = 64;
87
88 s->priority = -1;
89 s->ip_tos = -1;
90 s->ip_ttl = -1;
91 s->mark = -1;
92
93 s->exec_context.std_output = u->manager->default_std_output;
94 s->exec_context.std_error = u->manager->default_std_error;
95
96 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
97 }
98
99 static void socket_unwatch_control_pid(Socket *s) {
100 assert(s);
101
102 if (s->control_pid <= 0)
103 return;
104
105 unit_unwatch_pid(UNIT(s), s->control_pid);
106 s->control_pid = 0;
107 }
108
109 static void socket_cleanup_fd_list(SocketPort *p) {
110 int k = p->n_auxiliary_fds;
111
112 while (k--)
113 safe_close(p->auxiliary_fds[k]);
114
115 p->auxiliary_fds = mfree(p->auxiliary_fds);
116 p->n_auxiliary_fds = 0;
117 }
118
119 void socket_free_ports(Socket *s) {
120 SocketPort *p;
121
122 assert(s);
123
124 while ((p = s->ports)) {
125 LIST_REMOVE(port, s->ports, p);
126
127 sd_event_source_unref(p->event_source);
128
129 socket_cleanup_fd_list(p);
130 safe_close(p->fd);
131 free(p->path);
132 free(p);
133 }
134 }
135
136 static void socket_done(Unit *u) {
137 Socket *s = SOCKET(u);
138
139 assert(s);
140
141 socket_free_ports(s);
142
143 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
144 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
145 s->control_command = NULL;
146
147 socket_unwatch_control_pid(s);
148
149 unit_ref_unset(&s->service);
150
151 s->tcp_congestion = mfree(s->tcp_congestion);
152 s->bind_to_device = mfree(s->bind_to_device);
153
154 free(s->smack);
155 free(s->smack_ip_in);
156 free(s->smack_ip_out);
157
158 strv_free(s->symlinks);
159
160 free(s->user);
161 free(s->group);
162
163 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
164 }
165
166 static int socket_arm_timer(Socket *s) {
167 int r;
168
169 assert(s);
170
171 if (s->timeout_usec <= 0) {
172 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
173 return 0;
174 }
175
176 if (s->timer_event_source) {
177 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
178 if (r < 0)
179 return r;
180
181 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
182 }
183
184 r = sd_event_add_time(
185 UNIT(s)->manager->event,
186 &s->timer_event_source,
187 CLOCK_MONOTONIC,
188 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
189 socket_dispatch_timer, s);
190 if (r < 0)
191 return r;
192
193 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
194
195 return 0;
196 }
197
198 int socket_instantiate_service(Socket *s) {
199 _cleanup_free_ char *prefix = NULL, *name = NULL;
200 int r;
201 Unit *u;
202
203 assert(s);
204
205 /* This fills in s->service if it isn't filled in yet. For
206 * Accept=yes sockets we create the next connection service
207 * here. For Accept=no this is mostly a NOP since the service
208 * is figured out at load time anyway. */
209
210 if (UNIT_DEREF(s->service))
211 return 0;
212
213 if (!s->accept)
214 return 0;
215
216 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
217 if (r < 0)
218 return r;
219
220 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
221 return -ENOMEM;
222
223 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
224 if (r < 0)
225 return r;
226
227 u->no_gc = true;
228 unit_ref_set(&s->service, u);
229
230 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
231 }
232
233 static bool have_non_accept_socket(Socket *s) {
234 SocketPort *p;
235
236 assert(s);
237
238 if (!s->accept)
239 return true;
240
241 LIST_FOREACH(port, p, s->ports) {
242
243 if (p->type != SOCKET_SOCKET)
244 return true;
245
246 if (!socket_address_can_accept(&p->address))
247 return true;
248 }
249
250 return false;
251 }
252
253 static int socket_add_mount_links(Socket *s) {
254 SocketPort *p;
255 int r;
256
257 assert(s);
258
259 LIST_FOREACH(port, p, s->ports) {
260 const char *path = NULL;
261
262 if (p->type == SOCKET_SOCKET)
263 path = socket_address_get_path(&p->address);
264 else if (IN_SET(p->type, SOCKET_FIFO, SOCKET_SPECIAL, SOCKET_USB_FUNCTION))
265 path = p->path;
266
267 if (!path)
268 continue;
269
270 r = unit_require_mounts_for(UNIT(s), path);
271 if (r < 0)
272 return r;
273 }
274
275 return 0;
276 }
277
278 static int socket_add_device_link(Socket *s) {
279 char *t;
280
281 assert(s);
282
283 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
284 return 0;
285
286 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
287 return unit_add_node_link(UNIT(s), t, false);
288 }
289
290 static int socket_add_default_dependencies(Socket *s) {
291 int r;
292 assert(s);
293
294 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
295 if (r < 0)
296 return r;
297
298 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
299 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
300 if (r < 0)
301 return r;
302 }
303
304 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
305 }
306
307 _pure_ static bool socket_has_exec(Socket *s) {
308 unsigned i;
309 assert(s);
310
311 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
312 if (s->exec_command[i])
313 return true;
314
315 return false;
316 }
317
318 static int socket_add_extras(Socket *s) {
319 Unit *u = UNIT(s);
320 int r;
321
322 assert(s);
323
324 if (have_non_accept_socket(s)) {
325
326 if (!UNIT_DEREF(s->service)) {
327 Unit *x;
328
329 r = unit_load_related_unit(u, ".service", &x);
330 if (r < 0)
331 return r;
332
333 unit_ref_set(&s->service, x);
334 }
335
336 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
337 if (r < 0)
338 return r;
339 }
340
341 r = socket_add_mount_links(s);
342 if (r < 0)
343 return r;
344
345 r = socket_add_device_link(s);
346 if (r < 0)
347 return r;
348
349 r = unit_patch_contexts(u);
350 if (r < 0)
351 return r;
352
353 if (socket_has_exec(s)) {
354 r = unit_add_exec_dependencies(u, &s->exec_context);
355 if (r < 0)
356 return r;
357
358 r = unit_set_default_slice(u);
359 if (r < 0)
360 return r;
361 }
362
363 if (u->default_dependencies) {
364 r = socket_add_default_dependencies(s);
365 if (r < 0)
366 return r;
367 }
368
369 return 0;
370 }
371
372 static const char *socket_find_symlink_target(Socket *s) {
373 const char *found = NULL;
374 SocketPort *p;
375
376 LIST_FOREACH(port, p, s->ports) {
377 const char *f = NULL;
378
379 switch (p->type) {
380
381 case SOCKET_FIFO:
382 f = p->path;
383 break;
384
385 case SOCKET_SOCKET:
386 if (p->address.sockaddr.un.sun_path[0] != 0)
387 f = p->address.sockaddr.un.sun_path;
388 break;
389
390 default:
391 break;
392 }
393
394 if (f) {
395 if (found)
396 return NULL;
397
398 found = f;
399 }
400 }
401
402 return found;
403 }
404
405 static int socket_verify(Socket *s) {
406 assert(s);
407
408 if (UNIT(s)->load_state != UNIT_LOADED)
409 return 0;
410
411 if (!s->ports) {
412 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
413 return -EINVAL;
414 }
415
416 if (s->accept && have_non_accept_socket(s)) {
417 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
418 return -EINVAL;
419 }
420
421 if (s->accept && s->max_connections <= 0) {
422 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
423 return -EINVAL;
424 }
425
426 if (s->accept && UNIT_DEREF(s->service)) {
427 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
428 return -EINVAL;
429 }
430
431 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
432 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
433 return -EINVAL;
434 }
435
436 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
437 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
438 return -EINVAL;
439 }
440
441 return 0;
442 }
443
444 static int socket_load(Unit *u) {
445 Socket *s = SOCKET(u);
446 int r;
447
448 assert(u);
449 assert(u->load_state == UNIT_STUB);
450
451 r = unit_load_fragment_and_dropin(u);
452 if (r < 0)
453 return r;
454
455 if (u->load_state == UNIT_LOADED) {
456 /* This is a new unit? Then let's add in some extras */
457 r = socket_add_extras(s);
458 if (r < 0)
459 return r;
460 }
461
462 return socket_verify(s);
463 }
464
465 _const_ static const char* listen_lookup(int family, int type) {
466
467 if (family == AF_NETLINK)
468 return "ListenNetlink";
469
470 if (type == SOCK_STREAM)
471 return "ListenStream";
472 else if (type == SOCK_DGRAM)
473 return "ListenDatagram";
474 else if (type == SOCK_SEQPACKET)
475 return "ListenSequentialPacket";
476
477 assert_not_reached("Unknown socket type");
478 return NULL;
479 }
480
481 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
482 char time_string[FORMAT_TIMESPAN_MAX];
483 SocketExecCommand c;
484 Socket *s = SOCKET(u);
485 SocketPort *p;
486 const char *prefix2;
487
488 assert(s);
489 assert(f);
490
491 prefix = strempty(prefix);
492 prefix2 = strjoina(prefix, "\t");
493
494 fprintf(f,
495 "%sSocket State: %s\n"
496 "%sResult: %s\n"
497 "%sBindIPv6Only: %s\n"
498 "%sBacklog: %u\n"
499 "%sSocketMode: %04o\n"
500 "%sDirectoryMode: %04o\n"
501 "%sKeepAlive: %s\n"
502 "%sNoDelay: %s\n"
503 "%sFreeBind: %s\n"
504 "%sTransparent: %s\n"
505 "%sBroadcast: %s\n"
506 "%sPassCredentials: %s\n"
507 "%sPassSecurity: %s\n"
508 "%sTCPCongestion: %s\n"
509 "%sRemoveOnStop: %s\n"
510 "%sSELinuxContextFromNet: %s\n",
511 prefix, socket_state_to_string(s->state),
512 prefix, socket_result_to_string(s->result),
513 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
514 prefix, s->backlog,
515 prefix, s->socket_mode,
516 prefix, s->directory_mode,
517 prefix, yes_no(s->keep_alive),
518 prefix, yes_no(s->no_delay),
519 prefix, yes_no(s->free_bind),
520 prefix, yes_no(s->transparent),
521 prefix, yes_no(s->broadcast),
522 prefix, yes_no(s->pass_cred),
523 prefix, yes_no(s->pass_sec),
524 prefix, strna(s->tcp_congestion),
525 prefix, yes_no(s->remove_on_stop),
526 prefix, yes_no(s->selinux_context_from_net));
527
528 if (s->control_pid > 0)
529 fprintf(f,
530 "%sControl PID: "PID_FMT"\n",
531 prefix, s->control_pid);
532
533 if (s->bind_to_device)
534 fprintf(f,
535 "%sBindToDevice: %s\n",
536 prefix, s->bind_to_device);
537
538 if (s->accept)
539 fprintf(f,
540 "%sAccepted: %u\n"
541 "%sNConnections: %u\n"
542 "%sMaxConnections: %u\n",
543 prefix, s->n_accepted,
544 prefix, s->n_connections,
545 prefix, s->max_connections);
546
547 if (s->priority >= 0)
548 fprintf(f,
549 "%sPriority: %i\n",
550 prefix, s->priority);
551
552 if (s->receive_buffer > 0)
553 fprintf(f,
554 "%sReceiveBuffer: %zu\n",
555 prefix, s->receive_buffer);
556
557 if (s->send_buffer > 0)
558 fprintf(f,
559 "%sSendBuffer: %zu\n",
560 prefix, s->send_buffer);
561
562 if (s->ip_tos >= 0)
563 fprintf(f,
564 "%sIPTOS: %i\n",
565 prefix, s->ip_tos);
566
567 if (s->ip_ttl >= 0)
568 fprintf(f,
569 "%sIPTTL: %i\n",
570 prefix, s->ip_ttl);
571
572 if (s->pipe_size > 0)
573 fprintf(f,
574 "%sPipeSize: %zu\n",
575 prefix, s->pipe_size);
576
577 if (s->mark >= 0)
578 fprintf(f,
579 "%sMark: %i\n",
580 prefix, s->mark);
581
582 if (s->mq_maxmsg > 0)
583 fprintf(f,
584 "%sMessageQueueMaxMessages: %li\n",
585 prefix, s->mq_maxmsg);
586
587 if (s->mq_msgsize > 0)
588 fprintf(f,
589 "%sMessageQueueMessageSize: %li\n",
590 prefix, s->mq_msgsize);
591
592 if (s->reuse_port)
593 fprintf(f,
594 "%sReusePort: %s\n",
595 prefix, yes_no(s->reuse_port));
596
597 if (s->smack)
598 fprintf(f,
599 "%sSmackLabel: %s\n",
600 prefix, s->smack);
601
602 if (s->smack_ip_in)
603 fprintf(f,
604 "%sSmackLabelIPIn: %s\n",
605 prefix, s->smack_ip_in);
606
607 if (s->smack_ip_out)
608 fprintf(f,
609 "%sSmackLabelIPOut: %s\n",
610 prefix, s->smack_ip_out);
611
612 if (!isempty(s->user) || !isempty(s->group))
613 fprintf(f,
614 "%sOwnerUser: %s\n"
615 "%sOwnerGroup: %s\n",
616 prefix, strna(s->user),
617 prefix, strna(s->group));
618
619 if (s->keep_alive_time > 0)
620 fprintf(f,
621 "%sKeepAliveTimeSec: %s\n",
622 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
623
624 if (s->keep_alive_interval)
625 fprintf(f,
626 "%sKeepAliveIntervalSec: %s\n",
627 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
628
629 if (s->keep_alive_cnt)
630 fprintf(f,
631 "%sKeepAliveProbes: %u\n",
632 prefix, s->keep_alive_cnt);
633
634 if (s->defer_accept)
635 fprintf(f,
636 "%sDeferAcceptSec: %s\n",
637 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
638
639 LIST_FOREACH(port, p, s->ports) {
640
641 if (p->type == SOCKET_SOCKET) {
642 const char *t;
643 int r;
644 char *k = NULL;
645
646 r = socket_address_print(&p->address, &k);
647 if (r < 0)
648 t = strerror(-r);
649 else
650 t = k;
651
652 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
653 free(k);
654 } else if (p->type == SOCKET_SPECIAL)
655 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
656 else if (p->type == SOCKET_USB_FUNCTION)
657 fprintf(f, "%sListenUSBFunction: %s\n", prefix, p->path);
658 else if (p->type == SOCKET_MQUEUE)
659 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
660 else
661 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
662 }
663
664 exec_context_dump(&s->exec_context, f, prefix);
665 kill_context_dump(&s->kill_context, f, prefix);
666
667 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
668 if (!s->exec_command[c])
669 continue;
670
671 fprintf(f, "%s-> %s:\n",
672 prefix, socket_exec_command_to_string(c));
673
674 exec_command_dump_list(s->exec_command[c], f, prefix2);
675 }
676 }
677
678 static int instance_from_socket(int fd, unsigned nr, char **instance) {
679 socklen_t l;
680 char *r;
681 union sockaddr_union local, remote;
682
683 assert(fd >= 0);
684 assert(instance);
685
686 l = sizeof(local);
687 if (getsockname(fd, &local.sa, &l) < 0)
688 return -errno;
689
690 l = sizeof(remote);
691 if (getpeername(fd, &remote.sa, &l) < 0)
692 return -errno;
693
694 switch (local.sa.sa_family) {
695
696 case AF_INET: {
697 uint32_t
698 a = ntohl(local.in.sin_addr.s_addr),
699 b = ntohl(remote.in.sin_addr.s_addr);
700
701 if (asprintf(&r,
702 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
703 nr,
704 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
705 ntohs(local.in.sin_port),
706 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
707 ntohs(remote.in.sin_port)) < 0)
708 return -ENOMEM;
709
710 break;
711 }
712
713 case AF_INET6: {
714 static const unsigned char ipv4_prefix[] = {
715 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
716 };
717
718 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
719 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
720 const uint8_t
721 *a = local.in6.sin6_addr.s6_addr+12,
722 *b = remote.in6.sin6_addr.s6_addr+12;
723
724 if (asprintf(&r,
725 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
726 nr,
727 a[0], a[1], a[2], a[3],
728 ntohs(local.in6.sin6_port),
729 b[0], b[1], b[2], b[3],
730 ntohs(remote.in6.sin6_port)) < 0)
731 return -ENOMEM;
732 } else {
733 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
734
735 if (asprintf(&r,
736 "%u-%s:%u-%s:%u",
737 nr,
738 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
739 ntohs(local.in6.sin6_port),
740 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
741 ntohs(remote.in6.sin6_port)) < 0)
742 return -ENOMEM;
743 }
744
745 break;
746 }
747
748 case AF_UNIX: {
749 struct ucred ucred;
750 int k;
751
752 k = getpeercred(fd, &ucred);
753 if (k >= 0) {
754 if (asprintf(&r,
755 "%u-"PID_FMT"-"UID_FMT,
756 nr, ucred.pid, ucred.uid) < 0)
757 return -ENOMEM;
758 } else if (k == -ENODATA) {
759 /* This handles the case where somebody is
760 * connecting from another pid/uid namespace
761 * (e.g. from outside of our container). */
762 if (asprintf(&r,
763 "%u-unknown",
764 nr) < 0)
765 return -ENOMEM;
766 } else
767 return k;
768
769 break;
770 }
771
772 default:
773 assert_not_reached("Unhandled socket type.");
774 }
775
776 *instance = r;
777 return 0;
778 }
779
780 static void socket_close_fds(Socket *s) {
781 SocketPort *p;
782 char **i;
783
784 assert(s);
785
786 LIST_FOREACH(port, p, s->ports) {
787
788 p->event_source = sd_event_source_unref(p->event_source);
789
790 if (p->fd < 0)
791 continue;
792
793 p->fd = safe_close(p->fd);
794 socket_cleanup_fd_list(p);
795
796 /* One little note: we should normally not delete any
797 * sockets in the file system here! After all some
798 * other process we spawned might still have a
799 * reference of this fd and wants to continue to use
800 * it. Therefore we delete sockets in the file system
801 * before we create a new one, not after we stopped
802 * using one! */
803
804 if (s->remove_on_stop) {
805 switch (p->type) {
806
807 case SOCKET_FIFO:
808 unlink(p->path);
809 break;
810
811 case SOCKET_MQUEUE:
812 mq_unlink(p->path);
813 break;
814
815 case SOCKET_SOCKET:
816 socket_address_unlink(&p->address);
817 break;
818
819 default:
820 break;
821 }
822 }
823 }
824
825 if (s->remove_on_stop)
826 STRV_FOREACH(i, s->symlinks)
827 unlink(*i);
828 }
829
830 static void socket_apply_socket_options(Socket *s, int fd) {
831 int r;
832
833 assert(s);
834 assert(fd >= 0);
835
836 if (s->keep_alive) {
837 int b = s->keep_alive;
838 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
839 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
840 }
841
842 if (s->keep_alive_time) {
843 int value = s->keep_alive_time / USEC_PER_SEC;
844 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
845 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
846 }
847
848 if (s->keep_alive_interval) {
849 int value = s->keep_alive_interval / USEC_PER_SEC;
850 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
851 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
852 }
853
854 if (s->keep_alive_cnt) {
855 int value = s->keep_alive_cnt;
856 if (setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &value, sizeof(value)) < 0)
857 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
858 }
859
860 if (s->defer_accept) {
861 int value = s->defer_accept / USEC_PER_SEC;
862 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
863 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
864 }
865
866 if (s->no_delay) {
867 int b = s->no_delay;
868 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
869 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
870 }
871
872 if (s->broadcast) {
873 int one = 1;
874 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
875 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
876 }
877
878 if (s->pass_cred) {
879 int one = 1;
880 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
881 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
882 }
883
884 if (s->pass_sec) {
885 int one = 1;
886 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
887 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
888 }
889
890 if (s->priority >= 0)
891 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
892 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
893
894 if (s->receive_buffer > 0) {
895 int value = (int) s->receive_buffer;
896
897 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
898
899 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
900 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
901 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
902 }
903
904 if (s->send_buffer > 0) {
905 int value = (int) s->send_buffer;
906 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
907 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
908 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
909 }
910
911 if (s->mark >= 0)
912 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
913 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
914
915 if (s->ip_tos >= 0)
916 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
917 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
918
919 if (s->ip_ttl >= 0) {
920 int x;
921
922 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
923
924 if (socket_ipv6_is_supported())
925 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
926 else {
927 x = -1;
928 errno = EAFNOSUPPORT;
929 }
930
931 if (r < 0 && x < 0)
932 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
933 }
934
935 if (s->tcp_congestion)
936 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
937 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
938
939 if (s->smack_ip_in) {
940 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
941 if (r < 0)
942 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
943 }
944
945 if (s->smack_ip_out) {
946 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
947 if (r < 0)
948 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
949 }
950 }
951
952 static void socket_apply_fifo_options(Socket *s, int fd) {
953 int r;
954
955 assert(s);
956 assert(fd >= 0);
957
958 if (s->pipe_size > 0)
959 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
960 log_unit_warning_errno(UNIT(s), errno, "Setting pipe size failed, ignoring: %m");
961
962 if (s->smack) {
963 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
964 if (r < 0)
965 log_unit_error_errno(UNIT(s), r, "SMACK relabelling failed, ignoring: %m");
966 }
967 }
968
969 static int fifo_address_create(
970 const char *path,
971 mode_t directory_mode,
972 mode_t socket_mode) {
973
974 _cleanup_close_ int fd = -1;
975 mode_t old_mask;
976 struct stat st;
977 int r;
978
979 assert(path);
980
981 mkdir_parents_label(path, directory_mode);
982
983 r = mac_selinux_create_file_prepare(path, S_IFIFO);
984 if (r < 0)
985 return r;
986
987 /* Enforce the right access mode for the fifo */
988 old_mask = umask(~ socket_mode);
989
990 /* Include the original umask in our mask */
991 (void) umask(~socket_mode | old_mask);
992
993 r = mkfifo(path, socket_mode);
994 (void) umask(old_mask);
995
996 if (r < 0 && errno != EEXIST) {
997 r = -errno;
998 goto fail;
999 }
1000
1001 fd = open(path, O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
1002 if (fd < 0) {
1003 r = -errno;
1004 goto fail;
1005 }
1006
1007 mac_selinux_create_file_clear();
1008
1009 if (fstat(fd, &st) < 0) {
1010 r = -errno;
1011 goto fail;
1012 }
1013
1014 if (!S_ISFIFO(st.st_mode) ||
1015 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1016 st.st_uid != getuid() ||
1017 st.st_gid != getgid()) {
1018 r = -EEXIST;
1019 goto fail;
1020 }
1021
1022 r = fd;
1023 fd = -1;
1024
1025 return r;
1026
1027 fail:
1028 mac_selinux_create_file_clear();
1029 safe_close(fd);
1030
1031 return r;
1032 }
1033
1034 static int special_address_create(const char *path) {
1035 _cleanup_close_ int fd = -1;
1036 struct stat st;
1037 int r;
1038
1039 assert(path);
1040
1041 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1042 if (fd < 0)
1043 return -errno;
1044
1045 if (fstat(fd, &st) < 0)
1046 return -errno;
1047
1048 /* Check whether this is a /proc, /sys or /dev file or char device */
1049 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode))
1050 return -EEXIST;
1051
1052 r = fd;
1053 fd = -1;
1054
1055 return r;
1056 }
1057
1058 static int usbffs_address_create(const char *path) {
1059 _cleanup_close_ int fd = -1;
1060 struct stat st;
1061 int r;
1062
1063 assert(path);
1064
1065 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1066 if (fd < 0)
1067 return -errno;
1068
1069 if (fstat(fd, &st) < 0)
1070 return -errno;
1071
1072 /* Check whether this is a regular file (ffs endpoint)*/
1073 if (!S_ISREG(st.st_mode))
1074 return -EEXIST;
1075
1076 r = fd;
1077 fd = -1;
1078
1079 return r;
1080 }
1081
1082 static int mq_address_create(
1083 const char *path,
1084 mode_t mq_mode,
1085 long maxmsg,
1086 long msgsize) {
1087
1088 _cleanup_close_ int fd = -1;
1089 struct stat st;
1090 mode_t old_mask;
1091 struct mq_attr _attr, *attr = NULL;
1092 int r;
1093
1094 assert(path);
1095
1096 if (maxmsg > 0 && msgsize > 0) {
1097 _attr = (struct mq_attr) {
1098 .mq_flags = O_NONBLOCK,
1099 .mq_maxmsg = maxmsg,
1100 .mq_msgsize = msgsize,
1101 };
1102 attr = &_attr;
1103 }
1104
1105 /* Enforce the right access mode for the mq */
1106 old_mask = umask(~ mq_mode);
1107
1108 /* Include the original umask in our mask */
1109 (void) umask(~mq_mode | old_mask);
1110 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1111 (void) umask(old_mask);
1112
1113 if (fd < 0)
1114 return -errno;
1115
1116 if (fstat(fd, &st) < 0)
1117 return -errno;
1118
1119 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1120 st.st_uid != getuid() ||
1121 st.st_gid != getgid())
1122 return -EEXIST;
1123
1124 r = fd;
1125 fd = -1;
1126
1127 return r;
1128 }
1129
1130 static int socket_symlink(Socket *s) {
1131 const char *p;
1132 char **i;
1133
1134 assert(s);
1135
1136 p = socket_find_symlink_target(s);
1137 if (!p)
1138 return 0;
1139
1140 STRV_FOREACH(i, s->symlinks)
1141 symlink_label(p, *i);
1142
1143 return 0;
1144 }
1145
1146 static int usbffs_write_descs(int fd, Service *s) {
1147 int r;
1148
1149 if (!s->usb_function_descriptors || !s->usb_function_strings)
1150 return -EINVAL;
1151
1152 r = copy_file_fd(s->usb_function_descriptors, fd, false);
1153 if (r < 0)
1154 return r;
1155
1156 return copy_file_fd(s->usb_function_strings, fd, false);
1157 }
1158
1159 static int usbffs_select_ep(const struct dirent *d) {
1160 return d->d_name[0] != '.' && !streq(d->d_name, "ep0");
1161 }
1162
1163 static int usbffs_dispatch_eps(SocketPort *p) {
1164 _cleanup_free_ struct dirent **ent = NULL;
1165 _cleanup_free_ char *path = NULL;
1166 int r, i, n, k;
1167
1168 r = path_get_parent(p->path, &path);
1169 if (r < 0)
1170 return r;
1171
1172 r = scandir(path, &ent, usbffs_select_ep, alphasort);
1173 if (r < 0)
1174 return -errno;
1175
1176 n = r;
1177 p->auxiliary_fds = new(int, n);
1178 if (!p->auxiliary_fds)
1179 return -ENOMEM;
1180
1181 p->n_auxiliary_fds = n;
1182
1183 k = 0;
1184 for (i = 0; i < n; ++i) {
1185 _cleanup_free_ char *ep = NULL;
1186
1187 ep = path_make_absolute(ent[i]->d_name, path);
1188 if (!ep)
1189 return -ENOMEM;
1190
1191 path_kill_slashes(ep);
1192
1193 r = usbffs_address_create(ep);
1194 if (r < 0)
1195 goto fail;
1196
1197 p->auxiliary_fds[k] = r;
1198
1199 ++k;
1200 free(ent[i]);
1201 }
1202
1203 return r;
1204
1205 fail:
1206 close_many(p->auxiliary_fds, k);
1207 p->auxiliary_fds = mfree(p->auxiliary_fds);
1208 p->n_auxiliary_fds = 0;
1209
1210 return r;
1211 }
1212
1213 static int socket_open_fds(Socket *s) {
1214 _cleanup_(mac_selinux_freep) char *label = NULL;
1215 bool know_label = false;
1216 SocketPort *p;
1217 int r;
1218
1219 assert(s);
1220
1221 LIST_FOREACH(port, p, s->ports) {
1222
1223 if (p->fd >= 0)
1224 continue;
1225
1226 switch (p->type) {
1227
1228 case SOCKET_SOCKET:
1229
1230 if (!know_label) {
1231 /* Figure out label, if we don't it know
1232 * yet. We do it once, for the first
1233 * socket where we need this and
1234 * remember it for the rest. */
1235
1236 if (s->selinux_context_from_net) {
1237 /* Get it from the network label */
1238
1239 r = mac_selinux_get_our_label(&label);
1240 if (r < 0 && r != -EOPNOTSUPP)
1241 goto rollback;
1242
1243 } else {
1244 /* Get it from the executable we are about to start */
1245
1246 r = socket_instantiate_service(s);
1247 if (r < 0)
1248 goto rollback;
1249
1250 if (UNIT_ISSET(s->service) &&
1251 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1252 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1253 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1254 goto rollback;
1255 }
1256 }
1257
1258 know_label = true;
1259 }
1260
1261 r = socket_address_listen(
1262 &p->address,
1263 SOCK_CLOEXEC|SOCK_NONBLOCK,
1264 s->backlog,
1265 s->bind_ipv6_only,
1266 s->bind_to_device,
1267 s->reuse_port,
1268 s->free_bind,
1269 s->transparent,
1270 s->directory_mode,
1271 s->socket_mode,
1272 label);
1273 if (r < 0)
1274 goto rollback;
1275
1276 p->fd = r;
1277 socket_apply_socket_options(s, p->fd);
1278 socket_symlink(s);
1279 break;
1280
1281 case SOCKET_SPECIAL:
1282
1283 p->fd = special_address_create(p->path);
1284 if (p->fd < 0) {
1285 r = p->fd;
1286 goto rollback;
1287 }
1288 break;
1289
1290 case SOCKET_FIFO:
1291
1292 p->fd = fifo_address_create(
1293 p->path,
1294 s->directory_mode,
1295 s->socket_mode);
1296 if (p->fd < 0) {
1297 r = p->fd;
1298 goto rollback;
1299 }
1300
1301 socket_apply_fifo_options(s, p->fd);
1302 socket_symlink(s);
1303 break;
1304
1305 case SOCKET_MQUEUE:
1306
1307 p->fd = mq_address_create(
1308 p->path,
1309 s->socket_mode,
1310 s->mq_maxmsg,
1311 s->mq_msgsize);
1312 if (p->fd < 0) {
1313 r = p->fd;
1314 goto rollback;
1315 }
1316 break;
1317
1318 case SOCKET_USB_FUNCTION:
1319
1320 p->fd = usbffs_address_create(p->path);
1321 if (p->fd < 0) {
1322 r = p->fd;
1323 goto rollback;
1324 }
1325
1326 r = usbffs_write_descs(p->fd, SERVICE(UNIT_DEREF(s->service)));
1327 if (r < 0)
1328 goto rollback;
1329
1330 r = usbffs_dispatch_eps(p);
1331 if (r < 0)
1332 goto rollback;
1333
1334 break;
1335
1336 default:
1337 assert_not_reached("Unknown port type");
1338 }
1339 }
1340
1341 return 0;
1342
1343 rollback:
1344 socket_close_fds(s);
1345 return r;
1346 }
1347
1348 static void socket_unwatch_fds(Socket *s) {
1349 SocketPort *p;
1350 int r;
1351
1352 assert(s);
1353
1354 LIST_FOREACH(port, p, s->ports) {
1355 if (p->fd < 0)
1356 continue;
1357
1358 if (!p->event_source)
1359 continue;
1360
1361 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1362 if (r < 0)
1363 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
1364 }
1365 }
1366
1367 static int socket_watch_fds(Socket *s) {
1368 SocketPort *p;
1369 int r;
1370
1371 assert(s);
1372
1373 LIST_FOREACH(port, p, s->ports) {
1374 if (p->fd < 0)
1375 continue;
1376
1377 if (p->event_source) {
1378 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1379 if (r < 0)
1380 goto fail;
1381 } else {
1382 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1383 if (r < 0)
1384 goto fail;
1385
1386 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1387 }
1388 }
1389
1390 return 0;
1391
1392 fail:
1393 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
1394 socket_unwatch_fds(s);
1395 return r;
1396 }
1397
1398 static void socket_set_state(Socket *s, SocketState state) {
1399 SocketState old_state;
1400 assert(s);
1401
1402 old_state = s->state;
1403 s->state = state;
1404
1405 if (!IN_SET(state,
1406 SOCKET_START_PRE,
1407 SOCKET_START_CHOWN,
1408 SOCKET_START_POST,
1409 SOCKET_STOP_PRE,
1410 SOCKET_STOP_PRE_SIGTERM,
1411 SOCKET_STOP_PRE_SIGKILL,
1412 SOCKET_STOP_POST,
1413 SOCKET_FINAL_SIGTERM,
1414 SOCKET_FINAL_SIGKILL)) {
1415
1416 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1417 socket_unwatch_control_pid(s);
1418 s->control_command = NULL;
1419 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1420 }
1421
1422 if (state != SOCKET_LISTENING)
1423 socket_unwatch_fds(s);
1424
1425 if (!IN_SET(state,
1426 SOCKET_START_CHOWN,
1427 SOCKET_START_POST,
1428 SOCKET_LISTENING,
1429 SOCKET_RUNNING,
1430 SOCKET_STOP_PRE,
1431 SOCKET_STOP_PRE_SIGTERM,
1432 SOCKET_STOP_PRE_SIGKILL))
1433 socket_close_fds(s);
1434
1435 if (state != old_state)
1436 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
1437
1438 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1439 }
1440
1441 static int socket_coldplug(Unit *u) {
1442 Socket *s = SOCKET(u);
1443 int r;
1444
1445 assert(s);
1446 assert(s->state == SOCKET_DEAD);
1447
1448 if (s->deserialized_state == s->state)
1449 return 0;
1450
1451 if (IN_SET(s->deserialized_state,
1452 SOCKET_START_PRE,
1453 SOCKET_START_CHOWN,
1454 SOCKET_START_POST,
1455 SOCKET_STOP_PRE,
1456 SOCKET_STOP_PRE_SIGTERM,
1457 SOCKET_STOP_PRE_SIGKILL,
1458 SOCKET_STOP_POST,
1459 SOCKET_FINAL_SIGTERM,
1460 SOCKET_FINAL_SIGKILL)) {
1461
1462 if (s->control_pid <= 0)
1463 return -EBADMSG;
1464
1465 r = unit_watch_pid(UNIT(s), s->control_pid);
1466 if (r < 0)
1467 return r;
1468
1469 r = socket_arm_timer(s);
1470 if (r < 0)
1471 return r;
1472 }
1473
1474 if (IN_SET(s->deserialized_state,
1475 SOCKET_START_CHOWN,
1476 SOCKET_START_POST,
1477 SOCKET_LISTENING,
1478 SOCKET_RUNNING,
1479 SOCKET_STOP_PRE,
1480 SOCKET_STOP_PRE_SIGTERM,
1481 SOCKET_STOP_PRE_SIGKILL)) {
1482 r = socket_open_fds(s);
1483 if (r < 0)
1484 return r;
1485 }
1486
1487 if (s->deserialized_state == SOCKET_LISTENING) {
1488 r = socket_watch_fds(s);
1489 if (r < 0)
1490 return r;
1491 }
1492
1493 socket_set_state(s, s->deserialized_state);
1494 return 0;
1495 }
1496
1497 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1498 _cleanup_free_ char **argv = NULL;
1499 pid_t pid;
1500 int r;
1501 ExecParameters exec_params = {
1502 .apply_permissions = true,
1503 .apply_chroot = true,
1504 .apply_tty_stdin = true,
1505 .bus_endpoint_fd = -1,
1506 };
1507
1508 assert(s);
1509 assert(c);
1510 assert(_pid);
1511
1512 (void) unit_realize_cgroup(UNIT(s));
1513 if (s->reset_cpu_usage) {
1514 (void) unit_reset_cpu_usage(UNIT(s));
1515 s->reset_cpu_usage = false;
1516 }
1517
1518 r = unit_setup_exec_runtime(UNIT(s));
1519 if (r < 0)
1520 goto fail;
1521
1522 r = socket_arm_timer(s);
1523 if (r < 0)
1524 goto fail;
1525
1526 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1527 if (r < 0)
1528 goto fail;
1529
1530 exec_params.argv = argv;
1531 exec_params.environment = UNIT(s)->manager->environment;
1532 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1533 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1534 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1535 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1536 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1537
1538 r = exec_spawn(UNIT(s),
1539 c,
1540 &s->exec_context,
1541 &exec_params,
1542 s->exec_runtime,
1543 &pid);
1544 if (r < 0)
1545 goto fail;
1546
1547 r = unit_watch_pid(UNIT(s), pid);
1548 if (r < 0)
1549 /* FIXME: we need to do something here */
1550 goto fail;
1551
1552 *_pid = pid;
1553 return 0;
1554
1555 fail:
1556 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1557 return r;
1558 }
1559
1560 static int socket_chown(Socket *s, pid_t *_pid) {
1561 pid_t pid;
1562 int r;
1563
1564 r = socket_arm_timer(s);
1565 if (r < 0)
1566 goto fail;
1567
1568 /* We have to resolve the user names out-of-process, hence
1569 * let's fork here. It's messy, but well, what can we do? */
1570
1571 pid = fork();
1572 if (pid < 0)
1573 return -errno;
1574
1575 if (pid == 0) {
1576 SocketPort *p;
1577 uid_t uid = UID_INVALID;
1578 gid_t gid = GID_INVALID;
1579 int ret;
1580
1581 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1582 (void) ignore_signals(SIGPIPE, -1);
1583 log_forget_fds();
1584
1585 if (!isempty(s->user)) {
1586 const char *user = s->user;
1587
1588 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1589 if (r < 0) {
1590 ret = EXIT_USER;
1591 goto fail_child;
1592 }
1593 }
1594
1595 if (!isempty(s->group)) {
1596 const char *group = s->group;
1597
1598 r = get_group_creds(&group, &gid);
1599 if (r < 0) {
1600 ret = EXIT_GROUP;
1601 goto fail_child;
1602 }
1603 }
1604
1605 LIST_FOREACH(port, p, s->ports) {
1606 const char *path = NULL;
1607
1608 if (p->type == SOCKET_SOCKET)
1609 path = socket_address_get_path(&p->address);
1610 else if (p->type == SOCKET_FIFO)
1611 path = p->path;
1612
1613 if (!path)
1614 continue;
1615
1616 if (chown(path, uid, gid) < 0) {
1617 r = -errno;
1618 ret = EXIT_CHOWN;
1619 goto fail_child;
1620 }
1621 }
1622
1623 _exit(0);
1624
1625 fail_child:
1626 log_open();
1627 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1628
1629 _exit(ret);
1630 }
1631
1632 r = unit_watch_pid(UNIT(s), pid);
1633 if (r < 0)
1634 goto fail;
1635
1636 *_pid = pid;
1637 return 0;
1638
1639 fail:
1640 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1641 return r;
1642 }
1643
1644 static void socket_enter_dead(Socket *s, SocketResult f) {
1645 assert(s);
1646
1647 if (f != SOCKET_SUCCESS)
1648 s->result = f;
1649
1650 exec_runtime_destroy(s->exec_runtime);
1651 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1652
1653 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1654
1655 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1656 }
1657
1658 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1659
1660 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1661 int r;
1662 assert(s);
1663
1664 if (f != SOCKET_SUCCESS)
1665 s->result = f;
1666
1667 socket_unwatch_control_pid(s);
1668 s->control_command_id = SOCKET_EXEC_STOP_POST;
1669 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1670
1671 if (s->control_command) {
1672 r = socket_spawn(s, s->control_command, &s->control_pid);
1673 if (r < 0)
1674 goto fail;
1675
1676 socket_set_state(s, SOCKET_STOP_POST);
1677 } else
1678 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1679
1680 return;
1681
1682 fail:
1683 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
1684 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1685 }
1686
1687 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1688 int r;
1689
1690 assert(s);
1691
1692 if (f != SOCKET_SUCCESS)
1693 s->result = f;
1694
1695 r = unit_kill_context(
1696 UNIT(s),
1697 &s->kill_context,
1698 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1699 KILL_KILL : KILL_TERMINATE,
1700 -1,
1701 s->control_pid,
1702 false);
1703 if (r < 0)
1704 goto fail;
1705
1706 if (r > 0) {
1707 r = socket_arm_timer(s);
1708 if (r < 0)
1709 goto fail;
1710
1711 socket_set_state(s, state);
1712 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1713 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1714 else if (state == SOCKET_STOP_PRE_SIGKILL)
1715 socket_enter_stop_post(s, SOCKET_SUCCESS);
1716 else if (state == SOCKET_FINAL_SIGTERM)
1717 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1718 else
1719 socket_enter_dead(s, SOCKET_SUCCESS);
1720
1721 return;
1722
1723 fail:
1724 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
1725
1726 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1727 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1728 else
1729 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1730 }
1731
1732 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1733 int r;
1734 assert(s);
1735
1736 if (f != SOCKET_SUCCESS)
1737 s->result = f;
1738
1739 socket_unwatch_control_pid(s);
1740 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1741 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1742
1743 if (s->control_command) {
1744 r = socket_spawn(s, s->control_command, &s->control_pid);
1745 if (r < 0)
1746 goto fail;
1747
1748 socket_set_state(s, SOCKET_STOP_PRE);
1749 } else
1750 socket_enter_stop_post(s, SOCKET_SUCCESS);
1751
1752 return;
1753
1754 fail:
1755 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
1756 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1757 }
1758
1759 static void socket_enter_listening(Socket *s) {
1760 int r;
1761 assert(s);
1762
1763 r = socket_watch_fds(s);
1764 if (r < 0) {
1765 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1766 goto fail;
1767 }
1768
1769 socket_set_state(s, SOCKET_LISTENING);
1770 return;
1771
1772 fail:
1773 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1774 }
1775
1776 static void socket_enter_start_post(Socket *s) {
1777 int r;
1778 assert(s);
1779
1780 socket_unwatch_control_pid(s);
1781 s->control_command_id = SOCKET_EXEC_START_POST;
1782 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1783
1784 if (s->control_command) {
1785 r = socket_spawn(s, s->control_command, &s->control_pid);
1786 if (r < 0) {
1787 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
1788 goto fail;
1789 }
1790
1791 socket_set_state(s, SOCKET_START_POST);
1792 } else
1793 socket_enter_listening(s);
1794
1795 return;
1796
1797 fail:
1798 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1799 }
1800
1801 static void socket_enter_start_chown(Socket *s) {
1802 int r;
1803
1804 assert(s);
1805
1806 r = socket_open_fds(s);
1807 if (r < 0) {
1808 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1809 goto fail;
1810 }
1811
1812 if (!isempty(s->user) || !isempty(s->group)) {
1813
1814 socket_unwatch_control_pid(s);
1815 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1816 s->control_command = NULL;
1817
1818 r = socket_chown(s, &s->control_pid);
1819 if (r < 0) {
1820 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
1821 goto fail;
1822 }
1823
1824 socket_set_state(s, SOCKET_START_CHOWN);
1825 } else
1826 socket_enter_start_post(s);
1827
1828 return;
1829
1830 fail:
1831 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1832 }
1833
1834 static void socket_enter_start_pre(Socket *s) {
1835 int r;
1836 assert(s);
1837
1838 socket_unwatch_control_pid(s);
1839 s->control_command_id = SOCKET_EXEC_START_PRE;
1840 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1841
1842 if (s->control_command) {
1843 r = socket_spawn(s, s->control_command, &s->control_pid);
1844 if (r < 0) {
1845 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
1846 goto fail;
1847 }
1848
1849 socket_set_state(s, SOCKET_START_PRE);
1850 } else
1851 socket_enter_start_chown(s);
1852
1853 return;
1854
1855 fail:
1856 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1857 }
1858
1859 static void socket_enter_running(Socket *s, int cfd) {
1860 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1861 int r;
1862
1863 assert(s);
1864
1865 /* We don't take connections anymore if we are supposed to
1866 * shut down anyway */
1867 if (unit_stop_pending(UNIT(s))) {
1868
1869 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
1870
1871 if (cfd >= 0)
1872 safe_close(cfd);
1873 else {
1874 /* Flush all sockets by closing and reopening them */
1875 socket_close_fds(s);
1876
1877 r = socket_open_fds(s);
1878 if (r < 0) {
1879 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1880 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1881 return;
1882 }
1883
1884 r = socket_watch_fds(s);
1885 if (r < 0) {
1886 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1887 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1888 }
1889 }
1890
1891 return;
1892 }
1893
1894 if (cfd < 0) {
1895 Iterator i;
1896 Unit *other;
1897 bool pending = false;
1898
1899 /* If there's already a start pending don't bother to
1900 * do anything */
1901 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1902 if (unit_active_or_pending(other)) {
1903 pending = true;
1904 break;
1905 }
1906
1907 if (!pending) {
1908 if (!UNIT_ISSET(s->service)) {
1909 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
1910 r = -ENOENT;
1911 goto fail;
1912 }
1913
1914 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1915 if (r < 0)
1916 goto fail;
1917 }
1918
1919 socket_set_state(s, SOCKET_RUNNING);
1920 } else {
1921 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1922 Service *service;
1923
1924 if (s->n_connections >= s->max_connections) {
1925 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
1926 safe_close(cfd);
1927 return;
1928 }
1929
1930 r = socket_instantiate_service(s);
1931 if (r < 0)
1932 goto fail;
1933
1934 r = instance_from_socket(cfd, s->n_accepted, &instance);
1935 if (r < 0) {
1936 if (r != -ENOTCONN)
1937 goto fail;
1938
1939 /* ENOTCONN is legitimate if TCP RST was received.
1940 * This connection is over, but the socket unit lives on. */
1941 safe_close(cfd);
1942 return;
1943 }
1944
1945 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1946 if (r < 0)
1947 goto fail;
1948
1949 r = unit_name_build(prefix, instance, ".service", &name);
1950 if (r < 0)
1951 goto fail;
1952
1953 r = unit_add_name(UNIT_DEREF(s->service), name);
1954 if (r < 0)
1955 goto fail;
1956
1957 service = SERVICE(UNIT_DEREF(s->service));
1958 unit_ref_unset(&s->service);
1959 s->n_accepted ++;
1960
1961 UNIT(service)->no_gc = false;
1962
1963 unit_choose_id(UNIT(service), name);
1964
1965 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1966 if (r < 0)
1967 goto fail;
1968
1969 cfd = -1;
1970 s->n_connections ++;
1971
1972 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1973 if (r < 0)
1974 goto fail;
1975
1976 /* Notify clients about changed counters */
1977 unit_add_to_dbus_queue(UNIT(s));
1978 }
1979
1980 return;
1981
1982 fail:
1983 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1984 cfd >= 0 ? "template" : "non-template",
1985 bus_error_message(&error, r));
1986
1987 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1988 safe_close(cfd);
1989 }
1990
1991 static void socket_run_next(Socket *s) {
1992 int r;
1993
1994 assert(s);
1995 assert(s->control_command);
1996 assert(s->control_command->command_next);
1997
1998 socket_unwatch_control_pid(s);
1999
2000 s->control_command = s->control_command->command_next;
2001
2002 r = socket_spawn(s, s->control_command, &s->control_pid);
2003 if (r < 0)
2004 goto fail;
2005
2006 return;
2007
2008 fail:
2009 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
2010
2011 if (s->state == SOCKET_START_POST)
2012 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2013 else if (s->state == SOCKET_STOP_POST)
2014 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
2015 else
2016 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
2017 }
2018
2019 static int socket_start(Unit *u) {
2020 Socket *s = SOCKET(u);
2021
2022 assert(s);
2023
2024 /* We cannot fulfill this request right now, try again later
2025 * please! */
2026 if (IN_SET(s->state,
2027 SOCKET_STOP_PRE,
2028 SOCKET_STOP_PRE_SIGKILL,
2029 SOCKET_STOP_PRE_SIGTERM,
2030 SOCKET_STOP_POST,
2031 SOCKET_FINAL_SIGTERM,
2032 SOCKET_FINAL_SIGKILL))
2033 return -EAGAIN;
2034
2035 /* Already on it! */
2036 if (IN_SET(s->state,
2037 SOCKET_START_PRE,
2038 SOCKET_START_CHOWN,
2039 SOCKET_START_POST))
2040 return 0;
2041
2042 /* Cannot run this without the service being around */
2043 if (UNIT_ISSET(s->service)) {
2044 Service *service;
2045
2046 service = SERVICE(UNIT_DEREF(s->service));
2047
2048 if (UNIT(service)->load_state != UNIT_LOADED) {
2049 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
2050 return -ENOENT;
2051 }
2052
2053 /* If the service is already active we cannot start the
2054 * socket */
2055 if (service->state != SERVICE_DEAD &&
2056 service->state != SERVICE_FAILED &&
2057 service->state != SERVICE_AUTO_RESTART) {
2058 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
2059 return -EBUSY;
2060 }
2061 }
2062
2063 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
2064
2065 s->result = SOCKET_SUCCESS;
2066 s->reset_cpu_usage = true;
2067
2068 socket_enter_start_pre(s);
2069
2070 return 1;
2071 }
2072
2073 static int socket_stop(Unit *u) {
2074 Socket *s = SOCKET(u);
2075
2076 assert(s);
2077
2078 /* Already on it */
2079 if (IN_SET(s->state,
2080 SOCKET_STOP_PRE,
2081 SOCKET_STOP_PRE_SIGTERM,
2082 SOCKET_STOP_PRE_SIGKILL,
2083 SOCKET_STOP_POST,
2084 SOCKET_FINAL_SIGTERM,
2085 SOCKET_FINAL_SIGKILL))
2086 return 0;
2087
2088 /* If there's already something running we go directly into
2089 * kill mode. */
2090 if (IN_SET(s->state,
2091 SOCKET_START_PRE,
2092 SOCKET_START_CHOWN,
2093 SOCKET_START_POST)) {
2094 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
2095 return -EAGAIN;
2096 }
2097
2098 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
2099
2100 socket_enter_stop_pre(s, SOCKET_SUCCESS);
2101 return 1;
2102 }
2103
2104 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2105 Socket *s = SOCKET(u);
2106 SocketPort *p;
2107 int r;
2108
2109 assert(u);
2110 assert(f);
2111 assert(fds);
2112
2113 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2114 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2115 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2116
2117 if (s->control_pid > 0)
2118 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2119
2120 if (s->control_command_id >= 0)
2121 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2122
2123 LIST_FOREACH(port, p, s->ports) {
2124 int copy;
2125
2126 if (p->fd < 0)
2127 continue;
2128
2129 copy = fdset_put_dup(fds, p->fd);
2130 if (copy < 0)
2131 return copy;
2132
2133 if (p->type == SOCKET_SOCKET) {
2134 _cleanup_free_ char *t = NULL;
2135
2136 r = socket_address_print(&p->address, &t);
2137 if (r < 0)
2138 return r;
2139
2140 if (socket_address_family(&p->address) == AF_NETLINK)
2141 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2142 else
2143 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2144
2145 } else if (p->type == SOCKET_SPECIAL)
2146 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2147 else if (p->type == SOCKET_MQUEUE)
2148 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2149 else if (p->type == SOCKET_USB_FUNCTION)
2150 unit_serialize_item_format(u, f, "ffs", "%i %s", copy, p->path);
2151 else {
2152 assert(p->type == SOCKET_FIFO);
2153 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2154 }
2155 }
2156
2157 return 0;
2158 }
2159
2160 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2161 Socket *s = SOCKET(u);
2162
2163 assert(u);
2164 assert(key);
2165 assert(value);
2166
2167 if (streq(key, "state")) {
2168 SocketState state;
2169
2170 state = socket_state_from_string(value);
2171 if (state < 0)
2172 log_unit_debug(u, "Failed to parse state value: %s", value);
2173 else
2174 s->deserialized_state = state;
2175 } else if (streq(key, "result")) {
2176 SocketResult f;
2177
2178 f = socket_result_from_string(value);
2179 if (f < 0)
2180 log_unit_debug(u, "Failed to parse result value: %s", value);
2181 else if (f != SOCKET_SUCCESS)
2182 s->result = f;
2183
2184 } else if (streq(key, "n-accepted")) {
2185 unsigned k;
2186
2187 if (safe_atou(value, &k) < 0)
2188 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
2189 else
2190 s->n_accepted += k;
2191 } else if (streq(key, "control-pid")) {
2192 pid_t pid;
2193
2194 if (parse_pid(value, &pid) < 0)
2195 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
2196 else
2197 s->control_pid = pid;
2198 } else if (streq(key, "control-command")) {
2199 SocketExecCommand id;
2200
2201 id = socket_exec_command_from_string(value);
2202 if (id < 0)
2203 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
2204 else {
2205 s->control_command_id = id;
2206 s->control_command = s->exec_command[id];
2207 }
2208 } else if (streq(key, "fifo")) {
2209 int fd, skip = 0;
2210 SocketPort *p;
2211
2212 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2213 log_unit_debug(u, "Failed to parse fifo value: %s", value);
2214 else {
2215
2216 LIST_FOREACH(port, p, s->ports)
2217 if (p->type == SOCKET_FIFO &&
2218 path_equal_or_files_same(p->path, value+skip))
2219 break;
2220
2221 if (p) {
2222 safe_close(p->fd);
2223 p->fd = fdset_remove(fds, fd);
2224 }
2225 }
2226
2227 } else if (streq(key, "special")) {
2228 int fd, skip = 0;
2229 SocketPort *p;
2230
2231 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2232 log_unit_debug(u, "Failed to parse special value: %s", value);
2233 else {
2234
2235 LIST_FOREACH(port, p, s->ports)
2236 if (p->type == SOCKET_SPECIAL &&
2237 path_equal_or_files_same(p->path, value+skip))
2238 break;
2239
2240 if (p) {
2241 safe_close(p->fd);
2242 p->fd = fdset_remove(fds, fd);
2243 }
2244 }
2245
2246 } else if (streq(key, "mqueue")) {
2247 int fd, skip = 0;
2248 SocketPort *p;
2249
2250 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2251 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
2252 else {
2253
2254 LIST_FOREACH(port, p, s->ports)
2255 if (p->type == SOCKET_MQUEUE &&
2256 streq(p->path, value+skip))
2257 break;
2258
2259 if (p) {
2260 safe_close(p->fd);
2261 p->fd = fdset_remove(fds, fd);
2262 }
2263 }
2264
2265 } else if (streq(key, "socket")) {
2266 int fd, type, skip = 0;
2267 SocketPort *p;
2268
2269 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2270 log_unit_debug(u, "Failed to parse socket value: %s", value);
2271 else {
2272
2273 LIST_FOREACH(port, p, s->ports)
2274 if (socket_address_is(&p->address, value+skip, type))
2275 break;
2276
2277 if (p) {
2278 safe_close(p->fd);
2279 p->fd = fdset_remove(fds, fd);
2280 }
2281 }
2282
2283 } else if (streq(key, "netlink")) {
2284 int fd, skip = 0;
2285 SocketPort *p;
2286
2287 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2288 log_unit_debug(u, "Failed to parse socket value: %s", value);
2289 else {
2290
2291 LIST_FOREACH(port, p, s->ports)
2292 if (socket_address_is_netlink(&p->address, value+skip))
2293 break;
2294
2295 if (p) {
2296 safe_close(p->fd);
2297 p->fd = fdset_remove(fds, fd);
2298 }
2299 }
2300
2301 } else if (streq(key, "ffs")) {
2302 int fd, skip = 0;
2303 SocketPort *p;
2304
2305 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2306 log_unit_debug(u, "Failed to parse ffs value: %s", value);
2307 else {
2308
2309 LIST_FOREACH(port, p, s->ports)
2310 if (p->type == SOCKET_USB_FUNCTION &&
2311 path_equal_or_files_same(p->path, value+skip))
2312 break;
2313
2314 if (p) {
2315 safe_close(p->fd);
2316 p->fd = fdset_remove(fds, fd);
2317 }
2318 }
2319
2320 } else
2321 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
2322
2323 return 0;
2324 }
2325
2326 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2327 Socket *s = SOCKET(u);
2328 SocketPort *p;
2329
2330 assert(u);
2331
2332 LIST_FOREACH(port, p, s->ports) {
2333 Iterator i;
2334 int fd;
2335
2336 if (p->type != SOCKET_SOCKET)
2337 continue;
2338
2339 if (p->fd >= 0)
2340 continue;
2341
2342 FDSET_FOREACH(fd, fds, i) {
2343 if (socket_address_matches_fd(&p->address, fd)) {
2344 p->fd = fdset_remove(fds, fd);
2345 s->deserialized_state = SOCKET_LISTENING;
2346 break;
2347 }
2348 }
2349 }
2350
2351 return 0;
2352 }
2353
2354 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2355 assert(u);
2356
2357 return state_translation_table[SOCKET(u)->state];
2358 }
2359
2360 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2361 assert(u);
2362
2363 return socket_state_to_string(SOCKET(u)->state);
2364 }
2365
2366 const char* socket_port_type_to_string(SocketPort *p) {
2367
2368 assert(p);
2369
2370 switch (p->type) {
2371
2372 case SOCKET_SOCKET:
2373
2374 switch (p->address.type) {
2375
2376 case SOCK_STREAM:
2377 return "Stream";
2378
2379 case SOCK_DGRAM:
2380 return "Datagram";
2381
2382 case SOCK_SEQPACKET:
2383 return "SequentialPacket";
2384
2385 case SOCK_RAW:
2386 if (socket_address_family(&p->address) == AF_NETLINK)
2387 return "Netlink";
2388
2389 default:
2390 return NULL;
2391 }
2392
2393 case SOCKET_SPECIAL:
2394 return "Special";
2395
2396 case SOCKET_MQUEUE:
2397 return "MessageQueue";
2398
2399 case SOCKET_FIFO:
2400 return "FIFO";
2401
2402 case SOCKET_USB_FUNCTION:
2403 return "USBFunction";
2404
2405 default:
2406 return NULL;
2407 }
2408 }
2409
2410 _pure_ static bool socket_check_gc(Unit *u) {
2411 Socket *s = SOCKET(u);
2412
2413 assert(u);
2414
2415 return s->n_connections > 0;
2416 }
2417
2418 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2419 SocketPort *p = userdata;
2420 int cfd = -1;
2421
2422 assert(p);
2423 assert(fd >= 0);
2424
2425 if (p->socket->state != SOCKET_LISTENING)
2426 return 0;
2427
2428 log_unit_debug(UNIT(p->socket), "Incoming traffic");
2429
2430 if (revents != EPOLLIN) {
2431
2432 if (revents & EPOLLHUP)
2433 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2434 else
2435 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
2436 goto fail;
2437 }
2438
2439 if (p->socket->accept &&
2440 p->type == SOCKET_SOCKET &&
2441 socket_address_can_accept(&p->address)) {
2442
2443 for (;;) {
2444
2445 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2446 if (cfd < 0) {
2447
2448 if (errno == EINTR)
2449 continue;
2450
2451 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
2452 goto fail;
2453 }
2454
2455 break;
2456 }
2457
2458 socket_apply_socket_options(p->socket, cfd);
2459 }
2460
2461 socket_enter_running(p->socket, cfd);
2462 return 0;
2463
2464 fail:
2465 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2466 return 0;
2467 }
2468
2469 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2470 Socket *s = SOCKET(u);
2471 SocketResult f;
2472
2473 assert(s);
2474 assert(pid >= 0);
2475
2476 if (pid != s->control_pid)
2477 return;
2478
2479 s->control_pid = 0;
2480
2481 if (is_clean_exit(code, status, NULL))
2482 f = SOCKET_SUCCESS;
2483 else if (code == CLD_EXITED)
2484 f = SOCKET_FAILURE_EXIT_CODE;
2485 else if (code == CLD_KILLED)
2486 f = SOCKET_FAILURE_SIGNAL;
2487 else if (code == CLD_DUMPED)
2488 f = SOCKET_FAILURE_CORE_DUMP;
2489 else
2490 assert_not_reached("Unknown sigchld code");
2491
2492 if (s->control_command) {
2493 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2494
2495 if (s->control_command->ignore)
2496 f = SOCKET_SUCCESS;
2497 }
2498
2499 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2500 "Control process exited, code=%s status=%i",
2501 sigchld_code_to_string(code), status);
2502
2503 if (f != SOCKET_SUCCESS)
2504 s->result = f;
2505
2506 if (s->control_command &&
2507 s->control_command->command_next &&
2508 f == SOCKET_SUCCESS) {
2509
2510 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
2511 socket_run_next(s);
2512 } else {
2513 s->control_command = NULL;
2514 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2515
2516 /* No further commands for this step, so let's figure
2517 * out what to do next */
2518
2519 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
2520
2521 switch (s->state) {
2522
2523 case SOCKET_START_PRE:
2524 if (f == SOCKET_SUCCESS)
2525 socket_enter_start_chown(s);
2526 else
2527 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2528 break;
2529
2530 case SOCKET_START_CHOWN:
2531 if (f == SOCKET_SUCCESS)
2532 socket_enter_start_post(s);
2533 else
2534 socket_enter_stop_pre(s, f);
2535 break;
2536
2537 case SOCKET_START_POST:
2538 if (f == SOCKET_SUCCESS)
2539 socket_enter_listening(s);
2540 else
2541 socket_enter_stop_pre(s, f);
2542 break;
2543
2544 case SOCKET_STOP_PRE:
2545 case SOCKET_STOP_PRE_SIGTERM:
2546 case SOCKET_STOP_PRE_SIGKILL:
2547 socket_enter_stop_post(s, f);
2548 break;
2549
2550 case SOCKET_STOP_POST:
2551 case SOCKET_FINAL_SIGTERM:
2552 case SOCKET_FINAL_SIGKILL:
2553 socket_enter_dead(s, f);
2554 break;
2555
2556 default:
2557 assert_not_reached("Uh, control process died at wrong time.");
2558 }
2559 }
2560
2561 /* Notify clients about changed exit status */
2562 unit_add_to_dbus_queue(u);
2563 }
2564
2565 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2566 Socket *s = SOCKET(userdata);
2567
2568 assert(s);
2569 assert(s->timer_event_source == source);
2570
2571 switch (s->state) {
2572
2573 case SOCKET_START_PRE:
2574 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
2575 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2576 break;
2577
2578 case SOCKET_START_CHOWN:
2579 case SOCKET_START_POST:
2580 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
2581 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2582 break;
2583
2584 case SOCKET_STOP_PRE:
2585 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
2586 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2587 break;
2588
2589 case SOCKET_STOP_PRE_SIGTERM:
2590 if (s->kill_context.send_sigkill) {
2591 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
2592 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2593 } else {
2594 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2595 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2596 }
2597 break;
2598
2599 case SOCKET_STOP_PRE_SIGKILL:
2600 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
2601 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2602 break;
2603
2604 case SOCKET_STOP_POST:
2605 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
2606 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2607 break;
2608
2609 case SOCKET_FINAL_SIGTERM:
2610 if (s->kill_context.send_sigkill) {
2611 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
2612 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2613 } else {
2614 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2615 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2616 }
2617 break;
2618
2619 case SOCKET_FINAL_SIGKILL:
2620 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
2621 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2622 break;
2623
2624 default:
2625 assert_not_reached("Timeout at wrong time.");
2626 }
2627
2628 return 0;
2629 }
2630
2631 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2632 int *rfds;
2633 unsigned rn_fds, k;
2634 int i;
2635 SocketPort *p;
2636
2637 assert(s);
2638 assert(fds);
2639 assert(n_fds);
2640
2641 /* Called from the service code for requesting our fds */
2642
2643 rn_fds = 0;
2644 LIST_FOREACH(port, p, s->ports) {
2645 if (p->fd >= 0)
2646 rn_fds++;
2647 rn_fds += p->n_auxiliary_fds;
2648 }
2649
2650 if (rn_fds <= 0) {
2651 *fds = NULL;
2652 *n_fds = 0;
2653 return 0;
2654 }
2655
2656 rfds = new(int, rn_fds);
2657 if (!rfds)
2658 return -ENOMEM;
2659
2660 k = 0;
2661 LIST_FOREACH(port, p, s->ports) {
2662 if (p->fd >= 0)
2663 rfds[k++] = p->fd;
2664 for (i = 0; i < p->n_auxiliary_fds; ++i)
2665 rfds[k++] = p->auxiliary_fds[i];
2666 }
2667
2668 assert(k == rn_fds);
2669
2670 *fds = rfds;
2671 *n_fds = rn_fds;
2672
2673 return 0;
2674 }
2675
2676 static void socket_reset_failed(Unit *u) {
2677 Socket *s = SOCKET(u);
2678
2679 assert(s);
2680
2681 if (s->state == SOCKET_FAILED)
2682 socket_set_state(s, SOCKET_DEAD);
2683
2684 s->result = SOCKET_SUCCESS;
2685 }
2686
2687 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2688 assert(s);
2689
2690 /* The service is dead. Dang!
2691 *
2692 * This is strictly for one-instance-for-all-connections
2693 * services. */
2694
2695 if (s->state == SOCKET_RUNNING) {
2696 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
2697 if (failed_permanent)
2698 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2699 else
2700 socket_enter_listening(s);
2701 }
2702 }
2703
2704 void socket_connection_unref(Socket *s) {
2705 assert(s);
2706
2707 /* The service is dead. Yay!
2708 *
2709 * This is strictly for one-instance-per-connection
2710 * services. */
2711
2712 assert(s->n_connections > 0);
2713 s->n_connections--;
2714
2715 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
2716 }
2717
2718 static void socket_trigger_notify(Unit *u, Unit *other) {
2719 Socket *s = SOCKET(u);
2720 Service *se;
2721
2722 assert(u);
2723 assert(other);
2724
2725 /* Don't propagate state changes from the service if we are
2726 already down or accepting connections */
2727 if ((s->state != SOCKET_RUNNING &&
2728 s->state != SOCKET_LISTENING) ||
2729 s->accept)
2730 return;
2731
2732 if (other->load_state != UNIT_LOADED ||
2733 other->type != UNIT_SERVICE)
2734 return;
2735
2736 se = SERVICE(other);
2737
2738 if (se->state == SERVICE_FAILED)
2739 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2740
2741 if (se->state == SERVICE_DEAD ||
2742 se->state == SERVICE_FINAL_SIGTERM ||
2743 se->state == SERVICE_FINAL_SIGKILL ||
2744 se->state == SERVICE_AUTO_RESTART)
2745 socket_notify_service_dead(s, false);
2746
2747 if (se->state == SERVICE_RUNNING)
2748 socket_set_state(s, SOCKET_RUNNING);
2749 }
2750
2751 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2752 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2753 }
2754
2755 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2756 Socket *s = SOCKET(u);
2757 int r;
2758
2759 if (!s->timer_event_source)
2760 return 0;
2761
2762 r = sd_event_source_get_time(s->timer_event_source, timeout);
2763 if (r < 0)
2764 return r;
2765
2766 return 1;
2767 }
2768
2769 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2770 [SOCKET_EXEC_START_PRE] = "StartPre",
2771 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2772 [SOCKET_EXEC_START_POST] = "StartPost",
2773 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2774 [SOCKET_EXEC_STOP_POST] = "StopPost"
2775 };
2776
2777 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2778
2779 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2780 [SOCKET_SUCCESS] = "success",
2781 [SOCKET_FAILURE_RESOURCES] = "resources",
2782 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2783 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2784 [SOCKET_FAILURE_SIGNAL] = "signal",
2785 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2786 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2787 };
2788
2789 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2790
2791 const UnitVTable socket_vtable = {
2792 .object_size = sizeof(Socket),
2793 .exec_context_offset = offsetof(Socket, exec_context),
2794 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2795 .kill_context_offset = offsetof(Socket, kill_context),
2796 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2797
2798 .sections =
2799 "Unit\0"
2800 "Socket\0"
2801 "Install\0",
2802 .private_section = "Socket",
2803
2804 .init = socket_init,
2805 .done = socket_done,
2806 .load = socket_load,
2807
2808 .coldplug = socket_coldplug,
2809
2810 .dump = socket_dump,
2811
2812 .start = socket_start,
2813 .stop = socket_stop,
2814
2815 .kill = socket_kill,
2816
2817 .get_timeout = socket_get_timeout,
2818
2819 .serialize = socket_serialize,
2820 .deserialize_item = socket_deserialize_item,
2821 .distribute_fds = socket_distribute_fds,
2822
2823 .active_state = socket_active_state,
2824 .sub_state_to_string = socket_sub_state_to_string,
2825
2826 .check_gc = socket_check_gc,
2827
2828 .sigchld_event = socket_sigchld_event,
2829
2830 .trigger_notify = socket_trigger_notify,
2831
2832 .reset_failed = socket_reset_failed,
2833
2834 .bus_vtable = bus_socket_vtable,
2835 .bus_set_property = bus_socket_set_property,
2836 .bus_commit_properties = bus_socket_commit_properties,
2837
2838 .status_message_formats = {
2839 /*.starting_stopping = {
2840 [0] = "Starting socket %s...",
2841 [1] = "Stopping socket %s...",
2842 },*/
2843 .finished_start_job = {
2844 [JOB_DONE] = "Listening on %s.",
2845 [JOB_FAILED] = "Failed to listen on %s.",
2846 [JOB_TIMEOUT] = "Timed out starting %s.",
2847 },
2848 .finished_stop_job = {
2849 [JOB_DONE] = "Closed %s.",
2850 [JOB_FAILED] = "Failed stopping %s.",
2851 [JOB_TIMEOUT] = "Timed out stopping %s.",
2852 },
2853 },
2854 };
Unnamed repository; edit this file 'description' to name the repository.