]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
core: always initialize ExecParamters.bus_endpoint_fd to -1
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/stat.h>
23 #include <unistd.h>
24 #include <errno.h>
25 #include <fcntl.h>
26 #include <sys/epoll.h>
27 #include <signal.h>
28 #include <arpa/inet.h>
29 #include <netinet/tcp.h>
30 #include <mqueue.h>
31
32 #include "sd-event.h"
33 #include "log.h"
34 #include "strv.h"
35 #include "mkdir.h"
36 #include "path-util.h"
37 #include "unit-name.h"
38 #include "unit-printf.h"
39 #include "missing.h"
40 #include "special.h"
41 #include "label.h"
42 #include "exit-status.h"
43 #include "def.h"
44 #include "smack-util.h"
45 #include "bus-util.h"
46 #include "bus-error.h"
47 #include "selinux-util.h"
48 #include "dbus-socket.h"
49 #include "unit.h"
50 #include "socket.h"
51 #include "formats-util.h"
52
53 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
54 [SOCKET_DEAD] = UNIT_INACTIVE,
55 [SOCKET_START_PRE] = UNIT_ACTIVATING,
56 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
57 [SOCKET_START_POST] = UNIT_ACTIVATING,
58 [SOCKET_LISTENING] = UNIT_ACTIVE,
59 [SOCKET_RUNNING] = UNIT_ACTIVE,
60 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
61 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
62 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
64 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
65 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
66 [SOCKET_FAILED] = UNIT_FAILED
67 };
68
69 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
70 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
71
72 static void socket_init(Unit *u) {
73 Socket *s = SOCKET(u);
74
75 assert(u);
76 assert(u->load_state == UNIT_STUB);
77
78 s->backlog = SOMAXCONN;
79 s->timeout_usec = u->manager->default_timeout_start_usec;
80 s->directory_mode = 0755;
81 s->socket_mode = 0666;
82
83 s->max_connections = 64;
84
85 s->priority = -1;
86 s->ip_tos = -1;
87 s->ip_ttl = -1;
88 s->mark = -1;
89
90 s->exec_context.std_output = u->manager->default_std_output;
91 s->exec_context.std_error = u->manager->default_std_error;
92
93 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
94 }
95
96 static void socket_unwatch_control_pid(Socket *s) {
97 assert(s);
98
99 if (s->control_pid <= 0)
100 return;
101
102 unit_unwatch_pid(UNIT(s), s->control_pid);
103 s->control_pid = 0;
104 }
105
106 void socket_free_ports(Socket *s) {
107 SocketPort *p;
108
109 assert(s);
110
111 while ((p = s->ports)) {
112 LIST_REMOVE(port, s->ports, p);
113
114 sd_event_source_unref(p->event_source);
115
116 safe_close(p->fd);
117 free(p->path);
118 free(p);
119 }
120 }
121
122 static void socket_done(Unit *u) {
123 Socket *s = SOCKET(u);
124
125 assert(s);
126
127 socket_free_ports(s);
128
129 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
130 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
131 s->control_command = NULL;
132
133 socket_unwatch_control_pid(s);
134
135 unit_ref_unset(&s->service);
136
137 free(s->tcp_congestion);
138 s->tcp_congestion = NULL;
139
140 free(s->bind_to_device);
141 s->bind_to_device = NULL;
142
143 free(s->smack);
144 free(s->smack_ip_in);
145 free(s->smack_ip_out);
146
147 strv_free(s->symlinks);
148
149 free(s->user);
150 free(s->group);
151
152 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
153 }
154
155 static int socket_arm_timer(Socket *s) {
156 int r;
157
158 assert(s);
159
160 if (s->timeout_usec <= 0) {
161 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
162 return 0;
163 }
164
165 if (s->timer_event_source) {
166 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
167 if (r < 0)
168 return r;
169
170 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
171 }
172
173 r = sd_event_add_time(
174 UNIT(s)->manager->event,
175 &s->timer_event_source,
176 CLOCK_MONOTONIC,
177 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
178 socket_dispatch_timer, s);
179 if (r < 0)
180 return r;
181
182 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
183
184 return 0;
185 }
186
187 int socket_instantiate_service(Socket *s) {
188 _cleanup_free_ char *prefix = NULL, *name = NULL;
189 int r;
190 Unit *u;
191
192 assert(s);
193
194 /* This fills in s->service if it isn't filled in yet. For
195 * Accept=yes sockets we create the next connection service
196 * here. For Accept=no this is mostly a NOP since the service
197 * is figured out at load time anyway. */
198
199 if (UNIT_DEREF(s->service))
200 return 0;
201
202 if (!s->accept)
203 return 0;
204
205 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
206 if (r < 0)
207 return r;
208
209 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
210 return -ENOMEM;
211
212 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
213 if (r < 0)
214 return r;
215
216 u->no_gc = true;
217 unit_ref_set(&s->service, u);
218
219 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
220 }
221
222 static bool have_non_accept_socket(Socket *s) {
223 SocketPort *p;
224
225 assert(s);
226
227 if (!s->accept)
228 return true;
229
230 LIST_FOREACH(port, p, s->ports) {
231
232 if (p->type != SOCKET_SOCKET)
233 return true;
234
235 if (!socket_address_can_accept(&p->address))
236 return true;
237 }
238
239 return false;
240 }
241
242 static int socket_add_mount_links(Socket *s) {
243 SocketPort *p;
244 int r;
245
246 assert(s);
247
248 LIST_FOREACH(port, p, s->ports) {
249 const char *path = NULL;
250
251 if (p->type == SOCKET_SOCKET)
252 path = socket_address_get_path(&p->address);
253 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
254 path = p->path;
255
256 if (!path)
257 continue;
258
259 r = unit_require_mounts_for(UNIT(s), path);
260 if (r < 0)
261 return r;
262 }
263
264 return 0;
265 }
266
267 static int socket_add_device_link(Socket *s) {
268 char *t;
269
270 assert(s);
271
272 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
273 return 0;
274
275 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
276 return unit_add_node_link(UNIT(s), t, false);
277 }
278
279 static int socket_add_default_dependencies(Socket *s) {
280 int r;
281 assert(s);
282
283 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
284 if (r < 0)
285 return r;
286
287 if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
288 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
289 if (r < 0)
290 return r;
291 }
292
293 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
294 }
295
296 _pure_ static bool socket_has_exec(Socket *s) {
297 unsigned i;
298 assert(s);
299
300 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
301 if (s->exec_command[i])
302 return true;
303
304 return false;
305 }
306
307 static int socket_add_extras(Socket *s) {
308 Unit *u = UNIT(s);
309 int r;
310
311 assert(s);
312
313 if (have_non_accept_socket(s)) {
314
315 if (!UNIT_DEREF(s->service)) {
316 Unit *x;
317
318 r = unit_load_related_unit(u, ".service", &x);
319 if (r < 0)
320 return r;
321
322 unit_ref_set(&s->service, x);
323 }
324
325 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
326 if (r < 0)
327 return r;
328 }
329
330 r = socket_add_mount_links(s);
331 if (r < 0)
332 return r;
333
334 r = socket_add_device_link(s);
335 if (r < 0)
336 return r;
337
338 r = unit_patch_contexts(u);
339 if (r < 0)
340 return r;
341
342 if (socket_has_exec(s)) {
343 r = unit_add_exec_dependencies(u, &s->exec_context);
344 if (r < 0)
345 return r;
346
347 r = unit_add_default_slice(u, &s->cgroup_context);
348 if (r < 0)
349 return r;
350 }
351
352 if (u->default_dependencies) {
353 r = socket_add_default_dependencies(s);
354 if (r < 0)
355 return r;
356 }
357
358 return 0;
359 }
360
361 static const char *socket_find_symlink_target(Socket *s) {
362 const char *found = NULL;
363 SocketPort *p;
364
365 LIST_FOREACH(port, p, s->ports) {
366 const char *f = NULL;
367
368 switch (p->type) {
369
370 case SOCKET_FIFO:
371 f = p->path;
372 break;
373
374 case SOCKET_SOCKET:
375 if (p->address.sockaddr.un.sun_path[0] != 0)
376 f = p->address.sockaddr.un.sun_path;
377 break;
378
379 default:
380 break;
381 }
382
383 if (f) {
384 if (found)
385 return NULL;
386
387 found = f;
388 }
389 }
390
391 return found;
392 }
393
394 static int socket_verify(Socket *s) {
395 assert(s);
396
397 if (UNIT(s)->load_state != UNIT_LOADED)
398 return 0;
399
400 if (!s->ports) {
401 log_unit_error(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
402 return -EINVAL;
403 }
404
405 if (s->accept && have_non_accept_socket(s)) {
406 log_unit_error(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
407 UNIT(s)->id);
408 return -EINVAL;
409 }
410
411 if (s->accept && s->max_connections <= 0) {
412 log_unit_error(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
413 return -EINVAL;
414 }
415
416 if (s->accept && UNIT_DEREF(s->service)) {
417 log_unit_error(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
418 return -EINVAL;
419 }
420
421 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
422 log_unit_error(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
423 return -EINVAL;
424 }
425
426 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
427 log_unit_error(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
428 return -EINVAL;
429 }
430
431 return 0;
432 }
433
434 static int socket_load(Unit *u) {
435 Socket *s = SOCKET(u);
436 int r;
437
438 assert(u);
439 assert(u->load_state == UNIT_STUB);
440
441 r = unit_load_fragment_and_dropin(u);
442 if (r < 0)
443 return r;
444
445 if (u->load_state == UNIT_LOADED) {
446 /* This is a new unit? Then let's add in some extras */
447 r = socket_add_extras(s);
448 if (r < 0)
449 return r;
450 }
451
452 return socket_verify(s);
453 }
454
455 _const_ static const char* listen_lookup(int family, int type) {
456
457 if (family == AF_NETLINK)
458 return "ListenNetlink";
459
460 if (type == SOCK_STREAM)
461 return "ListenStream";
462 else if (type == SOCK_DGRAM)
463 return "ListenDatagram";
464 else if (type == SOCK_SEQPACKET)
465 return "ListenSequentialPacket";
466
467 assert_not_reached("Unknown socket type");
468 return NULL;
469 }
470
471 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
472 char time_string[FORMAT_TIMESPAN_MAX];
473 SocketExecCommand c;
474 Socket *s = SOCKET(u);
475 SocketPort *p;
476 const char *prefix2;
477
478 assert(s);
479 assert(f);
480
481 prefix = strempty(prefix);
482 prefix2 = strjoina(prefix, "\t");
483
484 fprintf(f,
485 "%sSocket State: %s\n"
486 "%sResult: %s\n"
487 "%sBindIPv6Only: %s\n"
488 "%sBacklog: %u\n"
489 "%sSocketMode: %04o\n"
490 "%sDirectoryMode: %04o\n"
491 "%sKeepAlive: %s\n"
492 "%sNoDelay: %s\n"
493 "%sFreeBind: %s\n"
494 "%sTransparent: %s\n"
495 "%sBroadcast: %s\n"
496 "%sPassCredentials: %s\n"
497 "%sPassSecurity: %s\n"
498 "%sTCPCongestion: %s\n"
499 "%sRemoveOnStop: %s\n"
500 "%sSELinuxContextFromNet: %s\n",
501 prefix, socket_state_to_string(s->state),
502 prefix, socket_result_to_string(s->result),
503 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
504 prefix, s->backlog,
505 prefix, s->socket_mode,
506 prefix, s->directory_mode,
507 prefix, yes_no(s->keep_alive),
508 prefix, yes_no(s->no_delay),
509 prefix, yes_no(s->free_bind),
510 prefix, yes_no(s->transparent),
511 prefix, yes_no(s->broadcast),
512 prefix, yes_no(s->pass_cred),
513 prefix, yes_no(s->pass_sec),
514 prefix, strna(s->tcp_congestion),
515 prefix, yes_no(s->remove_on_stop),
516 prefix, yes_no(s->selinux_context_from_net));
517
518 if (s->control_pid > 0)
519 fprintf(f,
520 "%sControl PID: "PID_FMT"\n",
521 prefix, s->control_pid);
522
523 if (s->bind_to_device)
524 fprintf(f,
525 "%sBindToDevice: %s\n",
526 prefix, s->bind_to_device);
527
528 if (s->accept)
529 fprintf(f,
530 "%sAccepted: %u\n"
531 "%sNConnections: %u\n"
532 "%sMaxConnections: %u\n",
533 prefix, s->n_accepted,
534 prefix, s->n_connections,
535 prefix, s->max_connections);
536
537 if (s->priority >= 0)
538 fprintf(f,
539 "%sPriority: %i\n",
540 prefix, s->priority);
541
542 if (s->receive_buffer > 0)
543 fprintf(f,
544 "%sReceiveBuffer: %zu\n",
545 prefix, s->receive_buffer);
546
547 if (s->send_buffer > 0)
548 fprintf(f,
549 "%sSendBuffer: %zu\n",
550 prefix, s->send_buffer);
551
552 if (s->ip_tos >= 0)
553 fprintf(f,
554 "%sIPTOS: %i\n",
555 prefix, s->ip_tos);
556
557 if (s->ip_ttl >= 0)
558 fprintf(f,
559 "%sIPTTL: %i\n",
560 prefix, s->ip_ttl);
561
562 if (s->pipe_size > 0)
563 fprintf(f,
564 "%sPipeSize: %zu\n",
565 prefix, s->pipe_size);
566
567 if (s->mark >= 0)
568 fprintf(f,
569 "%sMark: %i\n",
570 prefix, s->mark);
571
572 if (s->mq_maxmsg > 0)
573 fprintf(f,
574 "%sMessageQueueMaxMessages: %li\n",
575 prefix, s->mq_maxmsg);
576
577 if (s->mq_msgsize > 0)
578 fprintf(f,
579 "%sMessageQueueMessageSize: %li\n",
580 prefix, s->mq_msgsize);
581
582 if (s->reuse_port)
583 fprintf(f,
584 "%sReusePort: %s\n",
585 prefix, yes_no(s->reuse_port));
586
587 if (s->smack)
588 fprintf(f,
589 "%sSmackLabel: %s\n",
590 prefix, s->smack);
591
592 if (s->smack_ip_in)
593 fprintf(f,
594 "%sSmackLabelIPIn: %s\n",
595 prefix, s->smack_ip_in);
596
597 if (s->smack_ip_out)
598 fprintf(f,
599 "%sSmackLabelIPOut: %s\n",
600 prefix, s->smack_ip_out);
601
602 if (!isempty(s->user) || !isempty(s->group))
603 fprintf(f,
604 "%sOwnerUser: %s\n"
605 "%sOwnerGroup: %s\n",
606 prefix, strna(s->user),
607 prefix, strna(s->group));
608
609 if (s->keep_alive_time > 0)
610 fprintf(f,
611 "%sKeepAliveTimeSec: %s\n",
612 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
613
614 if (s->keep_alive_interval)
615 fprintf(f,
616 "%sKeepAliveIntervalSec: %s\n",
617 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
618
619 if (s->keep_alive_cnt)
620 fprintf(f,
621 "%sKeepAliveProbes: %u\n",
622 prefix, s->keep_alive_cnt);
623
624 if (s->defer_accept)
625 fprintf(f,
626 "%sDeferAcceptSec: %s\n",
627 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
628
629 LIST_FOREACH(port, p, s->ports) {
630
631 if (p->type == SOCKET_SOCKET) {
632 const char *t;
633 int r;
634 char *k = NULL;
635
636 if ((r = socket_address_print(&p->address, &k)) < 0)
637 t = strerror(-r);
638 else
639 t = k;
640
641 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
642 free(k);
643 } else if (p->type == SOCKET_SPECIAL)
644 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
645 else if (p->type == SOCKET_MQUEUE)
646 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
647 else
648 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
649 }
650
651 exec_context_dump(&s->exec_context, f, prefix);
652 kill_context_dump(&s->kill_context, f, prefix);
653
654 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
655 if (!s->exec_command[c])
656 continue;
657
658 fprintf(f, "%s-> %s:\n",
659 prefix, socket_exec_command_to_string(c));
660
661 exec_command_dump_list(s->exec_command[c], f, prefix2);
662 }
663 }
664
665 static int instance_from_socket(int fd, unsigned nr, char **instance) {
666 socklen_t l;
667 char *r;
668 union sockaddr_union local, remote;
669
670 assert(fd >= 0);
671 assert(instance);
672
673 l = sizeof(local);
674 if (getsockname(fd, &local.sa, &l) < 0)
675 return -errno;
676
677 l = sizeof(remote);
678 if (getpeername(fd, &remote.sa, &l) < 0)
679 return -errno;
680
681 switch (local.sa.sa_family) {
682
683 case AF_INET: {
684 uint32_t
685 a = ntohl(local.in.sin_addr.s_addr),
686 b = ntohl(remote.in.sin_addr.s_addr);
687
688 if (asprintf(&r,
689 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
690 nr,
691 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
692 ntohs(local.in.sin_port),
693 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
694 ntohs(remote.in.sin_port)) < 0)
695 return -ENOMEM;
696
697 break;
698 }
699
700 case AF_INET6: {
701 static const unsigned char ipv4_prefix[] = {
702 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
703 };
704
705 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
706 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
707 const uint8_t
708 *a = local.in6.sin6_addr.s6_addr+12,
709 *b = remote.in6.sin6_addr.s6_addr+12;
710
711 if (asprintf(&r,
712 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
713 nr,
714 a[0], a[1], a[2], a[3],
715 ntohs(local.in6.sin6_port),
716 b[0], b[1], b[2], b[3],
717 ntohs(remote.in6.sin6_port)) < 0)
718 return -ENOMEM;
719 } else {
720 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
721
722 if (asprintf(&r,
723 "%u-%s:%u-%s:%u",
724 nr,
725 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
726 ntohs(local.in6.sin6_port),
727 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
728 ntohs(remote.in6.sin6_port)) < 0)
729 return -ENOMEM;
730 }
731
732 break;
733 }
734
735 case AF_UNIX: {
736 struct ucred ucred;
737 int k;
738
739 k = getpeercred(fd, &ucred);
740 if (k >= 0) {
741 if (asprintf(&r,
742 "%u-"PID_FMT"-"UID_FMT,
743 nr, ucred.pid, ucred.uid) < 0)
744 return -ENOMEM;
745 } else if (k == -ENODATA) {
746 /* This handles the case where somebody is
747 * connecting from another pid/uid namespace
748 * (e.g. from outside of our container). */
749 if (asprintf(&r,
750 "%u-unknown",
751 nr) < 0)
752 return -ENOMEM;
753 } else
754 return k;
755
756 break;
757 }
758
759 default:
760 assert_not_reached("Unhandled socket type.");
761 }
762
763 *instance = r;
764 return 0;
765 }
766
767 static void socket_close_fds(Socket *s) {
768 SocketPort *p;
769 char **i;
770
771 assert(s);
772
773 LIST_FOREACH(port, p, s->ports) {
774
775 p->event_source = sd_event_source_unref(p->event_source);
776
777 if (p->fd < 0)
778 continue;
779
780 p->fd = safe_close(p->fd);
781
782 /* One little note: we should normally not delete any
783 * sockets in the file system here! After all some
784 * other process we spawned might still have a
785 * reference of this fd and wants to continue to use
786 * it. Therefore we delete sockets in the file system
787 * before we create a new one, not after we stopped
788 * using one! */
789
790 if (s->remove_on_stop) {
791 switch (p->type) {
792
793 case SOCKET_FIFO:
794 unlink(p->path);
795 break;
796
797 case SOCKET_MQUEUE:
798 mq_unlink(p->path);
799 break;
800
801 case SOCKET_SOCKET:
802 socket_address_unlink(&p->address);
803 break;
804
805 default:
806 break;
807 }
808 }
809 }
810
811 if (s->remove_on_stop)
812 STRV_FOREACH(i, s->symlinks)
813 unlink(*i);
814 }
815
816 static void socket_apply_socket_options(Socket *s, int fd) {
817 int r;
818
819 assert(s);
820 assert(fd >= 0);
821
822 if (s->keep_alive) {
823 int b = s->keep_alive;
824 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
825 log_unit_warning(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
826 }
827
828 if (s->keep_alive_time) {
829 int value = s->keep_alive_time / USEC_PER_SEC;
830 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
831 log_unit_warning(UNIT(s)->id, "TCP_KEEPIDLE failed: %m");
832 }
833
834 if (s->keep_alive_interval) {
835 int value = s->keep_alive_interval / USEC_PER_SEC;
836 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
837 log_unit_warning(UNIT(s)->id, "TCP_KEEPINTVL failed: %m");
838 }
839
840 if (s->keep_alive_cnt) {
841 int value = s->keep_alive_cnt;
842 if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
843 log_unit_warning(UNIT(s)->id, "TCP_KEEPCNT failed: %m");
844 }
845
846 if (s->defer_accept) {
847 int value = s->defer_accept / USEC_PER_SEC;
848 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
849 log_unit_warning(UNIT(s)->id, "TCP_DEFER_ACCEPT failed: %m");
850 }
851
852 if (s->no_delay) {
853 int b = s->no_delay;
854 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
855 log_unit_warning(UNIT(s)->id, "TCP_NODELAY failed: %m");
856 }
857
858 if (s->broadcast) {
859 int one = 1;
860 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
861 log_unit_warning(UNIT(s)->id, "SO_BROADCAST failed: %m");
862 }
863
864 if (s->pass_cred) {
865 int one = 1;
866 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
867 log_unit_warning(UNIT(s)->id, "SO_PASSCRED failed: %m");
868 }
869
870 if (s->pass_sec) {
871 int one = 1;
872 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
873 log_unit_warning(UNIT(s)->id, "SO_PASSSEC failed: %m");
874 }
875
876 if (s->priority >= 0)
877 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
878 log_unit_warning(UNIT(s)->id, "SO_PRIORITY failed: %m");
879
880 if (s->receive_buffer > 0) {
881 int value = (int) s->receive_buffer;
882
883 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
884
885 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
886 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
887 log_unit_warning(UNIT(s)->id, "SO_RCVBUF failed: %m");
888 }
889
890 if (s->send_buffer > 0) {
891 int value = (int) s->send_buffer;
892 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
893 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
894 log_unit_warning(UNIT(s)->id, "SO_SNDBUF failed: %m");
895 }
896
897 if (s->mark >= 0)
898 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
899 log_unit_warning(UNIT(s)->id, "SO_MARK failed: %m");
900
901 if (s->ip_tos >= 0)
902 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
903 log_unit_warning(UNIT(s)->id, "IP_TOS failed: %m");
904
905 if (s->ip_ttl >= 0) {
906 int x;
907
908 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
909
910 if (socket_ipv6_is_supported())
911 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
912 else {
913 x = -1;
914 errno = EAFNOSUPPORT;
915 }
916
917 if (r < 0 && x < 0)
918 log_unit_warning(UNIT(s)->id,
919 "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
920 }
921
922 if (s->tcp_congestion)
923 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
924 log_unit_warning(UNIT(s)->id, "TCP_CONGESTION failed: %m");
925
926 if (s->reuse_port) {
927 int b = s->reuse_port;
928 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
929 log_unit_warning(UNIT(s)->id, "SO_REUSEPORT failed: %m");
930 }
931
932 if (s->smack_ip_in) {
933 r = mac_smack_apply_ip_in_fd(fd, s->smack_ip_in);
934 if (r < 0)
935 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_ip_in_fd: %m");
936 }
937
938 if (s->smack_ip_out) {
939 r = mac_smack_apply_ip_out_fd(fd, s->smack_ip_out);
940 if (r < 0)
941 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_ip_out_fd: %m");
942 }
943 }
944
945 static void socket_apply_fifo_options(Socket *s, int fd) {
946 int r;
947
948 assert(s);
949 assert(fd >= 0);
950
951 if (s->pipe_size > 0)
952 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
953 log_unit_warning(UNIT(s)->id, "F_SETPIPE_SZ: %m");
954
955 if (s->smack) {
956 r = mac_smack_apply_fd(fd, s->smack);
957 if (r < 0)
958 log_unit_error_errno(UNIT(s)->id, r, "mac_smack_apply_fd: %m");
959 }
960 }
961
962 static int fifo_address_create(
963 const char *path,
964 mode_t directory_mode,
965 mode_t socket_mode,
966 int *_fd) {
967
968 int fd = -1, r = 0;
969 struct stat st;
970 mode_t old_mask;
971
972 assert(path);
973 assert(_fd);
974
975 mkdir_parents_label(path, directory_mode);
976
977 r = mac_selinux_create_file_prepare(path, S_IFIFO);
978 if (r < 0)
979 goto fail;
980
981 /* Enforce the right access mode for the fifo */
982 old_mask = umask(~ socket_mode);
983
984 /* Include the original umask in our mask */
985 umask(~socket_mode | old_mask);
986
987 r = mkfifo(path, socket_mode);
988 umask(old_mask);
989
990 if (r < 0 && errno != EEXIST) {
991 r = -errno;
992 goto fail;
993 }
994
995 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
996 r = -errno;
997 goto fail;
998 }
999
1000 mac_selinux_create_file_clear();
1001
1002 if (fstat(fd, &st) < 0) {
1003 r = -errno;
1004 goto fail;
1005 }
1006
1007 if (!S_ISFIFO(st.st_mode) ||
1008 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1009 st.st_uid != getuid() ||
1010 st.st_gid != getgid()) {
1011
1012 r = -EEXIST;
1013 goto fail;
1014 }
1015
1016 *_fd = fd;
1017 return 0;
1018
1019 fail:
1020 mac_selinux_create_file_clear();
1021 safe_close(fd);
1022
1023 return r;
1024 }
1025
1026 static int special_address_create(
1027 const char *path,
1028 int *_fd) {
1029
1030 int fd = -1, r = 0;
1031 struct stat st;
1032
1033 assert(path);
1034 assert(_fd);
1035
1036 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1037 if (fd < 0) {
1038 r = -errno;
1039 goto fail;
1040 }
1041
1042 if (fstat(fd, &st) < 0) {
1043 r = -errno;
1044 goto fail;
1045 }
1046
1047 /* Check whether this is a /proc, /sys or /dev file or char device */
1048 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1049 r = -EEXIST;
1050 goto fail;
1051 }
1052
1053 *_fd = fd;
1054 return 0;
1055
1056 fail:
1057 safe_close(fd);
1058
1059 return r;
1060 }
1061
1062 static int mq_address_create(
1063 const char *path,
1064 mode_t mq_mode,
1065 long maxmsg,
1066 long msgsize,
1067 int *_fd) {
1068
1069 int fd = -1, r = 0;
1070 struct stat st;
1071 mode_t old_mask;
1072 struct mq_attr _attr, *attr = NULL;
1073
1074 assert(path);
1075 assert(_fd);
1076
1077 if (maxmsg > 0 && msgsize > 0) {
1078 zero(_attr);
1079 _attr.mq_flags = O_NONBLOCK;
1080 _attr.mq_maxmsg = maxmsg;
1081 _attr.mq_msgsize = msgsize;
1082 attr = &_attr;
1083 }
1084
1085 /* Enforce the right access mode for the mq */
1086 old_mask = umask(~ mq_mode);
1087
1088 /* Include the original umask in our mask */
1089 umask(~mq_mode | old_mask);
1090 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1091 umask(old_mask);
1092
1093 if (fd < 0) {
1094 r = -errno;
1095 goto fail;
1096 }
1097
1098 if (fstat(fd, &st) < 0) {
1099 r = -errno;
1100 goto fail;
1101 }
1102
1103 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1104 st.st_uid != getuid() ||
1105 st.st_gid != getgid()) {
1106
1107 r = -EEXIST;
1108 goto fail;
1109 }
1110
1111 *_fd = fd;
1112 return 0;
1113
1114 fail:
1115 safe_close(fd);
1116 return r;
1117 }
1118
1119 static int socket_symlink(Socket *s) {
1120 const char *p;
1121 char **i;
1122
1123 assert(s);
1124
1125 p = socket_find_symlink_target(s);
1126 if (!p)
1127 return 0;
1128
1129 STRV_FOREACH(i, s->symlinks)
1130 symlink_label(p, *i);
1131
1132 return 0;
1133 }
1134
1135 static int socket_open_fds(Socket *s) {
1136 SocketPort *p;
1137 int r;
1138 char *label = NULL;
1139 bool know_label = false;
1140
1141 assert(s);
1142
1143 LIST_FOREACH(port, p, s->ports) {
1144
1145 if (p->fd >= 0)
1146 continue;
1147
1148 if (p->type == SOCKET_SOCKET) {
1149
1150 if (!know_label) {
1151 /* Figure out label, if we don't it know
1152 * yet. We do it once, for the first
1153 * socket where we need this and
1154 * remember it for the rest. */
1155
1156 if (s->selinux_context_from_net) {
1157 /* Get it from the network label */
1158
1159 r = mac_selinux_get_our_label(&label);
1160 if (r < 0 && r != -EOPNOTSUPP)
1161 goto rollback;
1162
1163 } else {
1164 /* Get it from the executable we are about to start */
1165
1166 r = socket_instantiate_service(s);
1167 if (r < 0)
1168 goto rollback;
1169
1170 if (UNIT_ISSET(s->service) &&
1171 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1172 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1173 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1174 goto rollback;
1175 }
1176 }
1177
1178 know_label = true;
1179 }
1180
1181 r = socket_address_listen(
1182 &p->address,
1183 SOCK_CLOEXEC|SOCK_NONBLOCK,
1184 s->backlog,
1185 s->bind_ipv6_only,
1186 s->bind_to_device,
1187 s->free_bind,
1188 s->transparent,
1189 s->directory_mode,
1190 s->socket_mode,
1191 label);
1192 if (r < 0)
1193 goto rollback;
1194
1195 p->fd = r;
1196 socket_apply_socket_options(s, p->fd);
1197 socket_symlink(s);
1198
1199 } else if (p->type == SOCKET_SPECIAL) {
1200
1201 r = special_address_create(
1202 p->path,
1203 &p->fd);
1204 if (r < 0)
1205 goto rollback;
1206
1207 } else if (p->type == SOCKET_FIFO) {
1208
1209 r = fifo_address_create(
1210 p->path,
1211 s->directory_mode,
1212 s->socket_mode,
1213 &p->fd);
1214 if (r < 0)
1215 goto rollback;
1216
1217 socket_apply_fifo_options(s, p->fd);
1218 socket_symlink(s);
1219
1220 } else if (p->type == SOCKET_MQUEUE) {
1221
1222 r = mq_address_create(
1223 p->path,
1224 s->socket_mode,
1225 s->mq_maxmsg,
1226 s->mq_msgsize,
1227 &p->fd);
1228 if (r < 0)
1229 goto rollback;
1230 } else
1231 assert_not_reached("Unknown port type");
1232 }
1233
1234 mac_selinux_free(label);
1235 return 0;
1236
1237 rollback:
1238 socket_close_fds(s);
1239 mac_selinux_free(label);
1240
1241 return r;
1242 }
1243
1244 static void socket_unwatch_fds(Socket *s) {
1245 SocketPort *p;
1246 int r;
1247
1248 assert(s);
1249
1250 LIST_FOREACH(port, p, s->ports) {
1251 if (p->fd < 0)
1252 continue;
1253
1254 if (!p->event_source)
1255 continue;
1256
1257 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1258 if (r < 0)
1259 log_unit_debug(UNIT(s)->id, "Failed to disable event source.");
1260 }
1261 }
1262
1263 static int socket_watch_fds(Socket *s) {
1264 SocketPort *p;
1265 int r;
1266
1267 assert(s);
1268
1269 LIST_FOREACH(port, p, s->ports) {
1270 if (p->fd < 0)
1271 continue;
1272
1273 if (p->event_source)
1274 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1275 else
1276 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1277
1278 if (r < 0) {
1279 log_unit_warning_errno(UNIT(s)->id, r, "Failed to watch listening fds: %m");
1280 goto fail;
1281 }
1282
1283 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1284 }
1285
1286 return 0;
1287
1288 fail:
1289 socket_unwatch_fds(s);
1290 return r;
1291 }
1292
1293 static void socket_set_state(Socket *s, SocketState state) {
1294 SocketState old_state;
1295 assert(s);
1296
1297 old_state = s->state;
1298 s->state = state;
1299
1300 if (!IN_SET(state,
1301 SOCKET_START_PRE,
1302 SOCKET_START_CHOWN,
1303 SOCKET_START_POST,
1304 SOCKET_STOP_PRE,
1305 SOCKET_STOP_PRE_SIGTERM,
1306 SOCKET_STOP_PRE_SIGKILL,
1307 SOCKET_STOP_POST,
1308 SOCKET_FINAL_SIGTERM,
1309 SOCKET_FINAL_SIGKILL)) {
1310
1311 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1312 socket_unwatch_control_pid(s);
1313 s->control_command = NULL;
1314 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1315 }
1316
1317 if (state != SOCKET_LISTENING)
1318 socket_unwatch_fds(s);
1319
1320 if (!IN_SET(state,
1321 SOCKET_START_CHOWN,
1322 SOCKET_START_POST,
1323 SOCKET_LISTENING,
1324 SOCKET_RUNNING,
1325 SOCKET_STOP_PRE,
1326 SOCKET_STOP_PRE_SIGTERM,
1327 SOCKET_STOP_PRE_SIGKILL))
1328 socket_close_fds(s);
1329
1330 if (state != old_state)
1331 log_unit_debug(UNIT(s)->id, "%s changed %s -> %s",
1332 UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
1333
1334 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1335 }
1336
1337 static int socket_coldplug(Unit *u) {
1338 Socket *s = SOCKET(u);
1339 int r;
1340
1341 assert(s);
1342 assert(s->state == SOCKET_DEAD);
1343
1344 if (s->deserialized_state == s->state)
1345 return 0;
1346
1347 if (IN_SET(s->deserialized_state,
1348 SOCKET_START_PRE,
1349 SOCKET_START_CHOWN,
1350 SOCKET_START_POST,
1351 SOCKET_STOP_PRE,
1352 SOCKET_STOP_PRE_SIGTERM,
1353 SOCKET_STOP_PRE_SIGKILL,
1354 SOCKET_STOP_POST,
1355 SOCKET_FINAL_SIGTERM,
1356 SOCKET_FINAL_SIGKILL)) {
1357
1358 if (s->control_pid <= 0)
1359 return -EBADMSG;
1360
1361 r = unit_watch_pid(UNIT(s), s->control_pid);
1362 if (r < 0)
1363 return r;
1364
1365 r = socket_arm_timer(s);
1366 if (r < 0)
1367 return r;
1368 }
1369
1370 if (IN_SET(s->deserialized_state,
1371 SOCKET_START_CHOWN,
1372 SOCKET_START_POST,
1373 SOCKET_LISTENING,
1374 SOCKET_RUNNING,
1375 SOCKET_STOP_PRE,
1376 SOCKET_STOP_PRE_SIGTERM,
1377 SOCKET_STOP_PRE_SIGKILL)) {
1378 r = socket_open_fds(s);
1379 if (r < 0)
1380 return r;
1381 }
1382
1383 if (s->deserialized_state == SOCKET_LISTENING) {
1384 r = socket_watch_fds(s);
1385 if (r < 0)
1386 return r;
1387 }
1388
1389 socket_set_state(s, s->deserialized_state);
1390 return 0;
1391 }
1392
1393 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1394 _cleanup_free_ char **argv = NULL;
1395 pid_t pid;
1396 int r;
1397 ExecParameters exec_params = {
1398 .apply_permissions = true,
1399 .apply_chroot = true,
1400 .apply_tty_stdin = true,
1401 .bus_endpoint_fd = -1,
1402 };
1403
1404 assert(s);
1405 assert(c);
1406 assert(_pid);
1407
1408 (void) unit_realize_cgroup(UNIT(s));
1409 if (s->reset_cpu_usage) {
1410 (void) unit_reset_cpu_usage(UNIT(s));
1411 s->reset_cpu_usage = false;
1412 }
1413
1414 r = unit_setup_exec_runtime(UNIT(s));
1415 if (r < 0)
1416 goto fail;
1417
1418 r = socket_arm_timer(s);
1419 if (r < 0)
1420 goto fail;
1421
1422 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1423 if (r < 0)
1424 goto fail;
1425
1426 exec_params.argv = argv;
1427 exec_params.environment = UNIT(s)->manager->environment;
1428 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1429 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1430 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1431 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1432 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1433 exec_params.unit_id = UNIT(s)->id;
1434
1435 r = exec_spawn(c,
1436 &s->exec_context,
1437 &exec_params,
1438 s->exec_runtime,
1439 &pid);
1440 if (r < 0)
1441 goto fail;
1442
1443 r = unit_watch_pid(UNIT(s), pid);
1444 if (r < 0)
1445 /* FIXME: we need to do something here */
1446 goto fail;
1447
1448 *_pid = pid;
1449 return 0;
1450
1451 fail:
1452 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1453 return r;
1454 }
1455
1456 static int socket_chown(Socket *s, pid_t *_pid) {
1457 pid_t pid;
1458 int r;
1459
1460 r = socket_arm_timer(s);
1461 if (r < 0)
1462 goto fail;
1463
1464 /* We have to resolve the user names out-of-process, hence
1465 * let's fork here. It's messy, but well, what can we do? */
1466
1467 pid = fork();
1468 if (pid < 0)
1469 return -errno;
1470
1471 if (pid == 0) {
1472 SocketPort *p;
1473 uid_t uid = UID_INVALID;
1474 gid_t gid = GID_INVALID;
1475 int ret;
1476
1477 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1478 ignore_signals(SIGPIPE, -1);
1479 log_forget_fds();
1480
1481 if (!isempty(s->user)) {
1482 const char *user = s->user;
1483
1484 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1485 if (r < 0) {
1486 ret = EXIT_USER;
1487 goto fail_child;
1488 }
1489 }
1490
1491 if (!isempty(s->group)) {
1492 const char *group = s->group;
1493
1494 r = get_group_creds(&group, &gid);
1495 if (r < 0) {
1496 ret = EXIT_GROUP;
1497 goto fail_child;
1498 }
1499 }
1500
1501 LIST_FOREACH(port, p, s->ports) {
1502 const char *path = NULL;
1503
1504 if (p->type == SOCKET_SOCKET)
1505 path = socket_address_get_path(&p->address);
1506 else if (p->type == SOCKET_FIFO)
1507 path = p->path;
1508
1509 if (!path)
1510 continue;
1511
1512 if (chown(path, uid, gid) < 0) {
1513 r = -errno;
1514 ret = EXIT_CHOWN;
1515 goto fail_child;
1516 }
1517 }
1518
1519 _exit(0);
1520
1521 fail_child:
1522 log_open();
1523 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1524
1525 _exit(ret);
1526 }
1527
1528 r = unit_watch_pid(UNIT(s), pid);
1529 if (r < 0)
1530 goto fail;
1531
1532 *_pid = pid;
1533 return 0;
1534
1535 fail:
1536 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1537 return r;
1538 }
1539
1540 static void socket_enter_dead(Socket *s, SocketResult f) {
1541 assert(s);
1542
1543 if (f != SOCKET_SUCCESS)
1544 s->result = f;
1545
1546 exec_runtime_destroy(s->exec_runtime);
1547 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1548
1549 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1550
1551 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1552 }
1553
1554 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1555
1556 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1557 int r;
1558 assert(s);
1559
1560 if (f != SOCKET_SUCCESS)
1561 s->result = f;
1562
1563 socket_unwatch_control_pid(s);
1564 s->control_command_id = SOCKET_EXEC_STOP_POST;
1565 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1566
1567 if (s->control_command) {
1568 r = socket_spawn(s, s->control_command, &s->control_pid);
1569 if (r < 0)
1570 goto fail;
1571
1572 socket_set_state(s, SOCKET_STOP_POST);
1573 } else
1574 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1575
1576 return;
1577
1578 fail:
1579 log_unit_warning(UNIT(s)->id,
1580 "%s failed to run 'stop-post' task: %s",
1581 UNIT(s)->id, strerror(-r));
1582 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1583 }
1584
1585 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1586 int r;
1587
1588 assert(s);
1589
1590 if (f != SOCKET_SUCCESS)
1591 s->result = f;
1592
1593 r = unit_kill_context(
1594 UNIT(s),
1595 &s->kill_context,
1596 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1597 KILL_KILL : KILL_TERMINATE,
1598 -1,
1599 s->control_pid,
1600 false);
1601 if (r < 0)
1602 goto fail;
1603
1604 if (r > 0) {
1605 r = socket_arm_timer(s);
1606 if (r < 0)
1607 goto fail;
1608
1609 socket_set_state(s, state);
1610 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1611 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1612 else if (state == SOCKET_STOP_PRE_SIGKILL)
1613 socket_enter_stop_post(s, SOCKET_SUCCESS);
1614 else if (state == SOCKET_FINAL_SIGTERM)
1615 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1616 else
1617 socket_enter_dead(s, SOCKET_SUCCESS);
1618
1619 return;
1620
1621 fail:
1622 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to kill processes: %m", UNIT(s)->id);
1623
1624 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1625 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1626 else
1627 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1628 }
1629
1630 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1631 int r;
1632 assert(s);
1633
1634 if (f != SOCKET_SUCCESS)
1635 s->result = f;
1636
1637 socket_unwatch_control_pid(s);
1638 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1639 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1640
1641 if (s->control_command) {
1642 r = socket_spawn(s, s->control_command, &s->control_pid);
1643 if (r < 0)
1644 goto fail;
1645
1646 socket_set_state(s, SOCKET_STOP_PRE);
1647 } else
1648 socket_enter_stop_post(s, SOCKET_SUCCESS);
1649
1650 return;
1651
1652 fail:
1653 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'stop-pre' task: %m", UNIT(s)->id);
1654 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1655 }
1656
1657 static void socket_enter_listening(Socket *s) {
1658 int r;
1659 assert(s);
1660
1661 r = socket_watch_fds(s);
1662 if (r < 0) {
1663 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to watch sockets: %m", UNIT(s)->id);
1664 goto fail;
1665 }
1666
1667 socket_set_state(s, SOCKET_LISTENING);
1668 return;
1669
1670 fail:
1671 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1672 }
1673
1674 static void socket_enter_start_post(Socket *s) {
1675 int r;
1676 assert(s);
1677
1678 socket_unwatch_control_pid(s);
1679 s->control_command_id = SOCKET_EXEC_START_POST;
1680 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1681
1682 if (s->control_command) {
1683 r = socket_spawn(s, s->control_command, &s->control_pid);
1684 if (r < 0) {
1685 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'start-post' task: %m", UNIT(s)->id);
1686 goto fail;
1687 }
1688
1689 socket_set_state(s, SOCKET_START_POST);
1690 } else
1691 socket_enter_listening(s);
1692
1693 return;
1694
1695 fail:
1696 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1697 }
1698
1699 static void socket_enter_start_chown(Socket *s) {
1700 int r;
1701
1702 assert(s);
1703
1704 r = socket_open_fds(s);
1705 if (r < 0) {
1706 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to listen on sockets: %m", UNIT(s)->id);
1707 goto fail;
1708 }
1709
1710 if (!isempty(s->user) || !isempty(s->group)) {
1711
1712 socket_unwatch_control_pid(s);
1713 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1714 s->control_command = NULL;
1715
1716 r = socket_chown(s, &s->control_pid);
1717 if (r < 0) {
1718 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to fork 'start-chown' task: %m", UNIT(s)->id);
1719 goto fail;
1720 }
1721
1722 socket_set_state(s, SOCKET_START_CHOWN);
1723 } else
1724 socket_enter_start_post(s);
1725
1726 return;
1727
1728 fail:
1729 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1730 }
1731
1732 static void socket_enter_start_pre(Socket *s) {
1733 int r;
1734 assert(s);
1735
1736 socket_unwatch_control_pid(s);
1737 s->control_command_id = SOCKET_EXEC_START_PRE;
1738 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1739
1740 if (s->control_command) {
1741 r = socket_spawn(s, s->control_command, &s->control_pid);
1742 if (r < 0) {
1743 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run 'start-pre' task: %m", UNIT(s)->id);
1744 goto fail;
1745 }
1746
1747 socket_set_state(s, SOCKET_START_PRE);
1748 } else
1749 socket_enter_start_chown(s);
1750
1751 return;
1752
1753 fail:
1754 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1755 }
1756
1757 static void socket_enter_running(Socket *s, int cfd) {
1758 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1759 int r;
1760
1761 assert(s);
1762
1763 /* We don't take connections anymore if we are supposed to
1764 * shut down anyway */
1765 if (unit_stop_pending(UNIT(s))) {
1766
1767 log_unit_debug(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
1768
1769 if (cfd >= 0)
1770 safe_close(cfd);
1771 else {
1772 /* Flush all sockets by closing and reopening them */
1773 socket_close_fds(s);
1774
1775 r = socket_open_fds(s);
1776 if (r < 0) {
1777 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to listen on sockets: %m", UNIT(s)->id);
1778 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1779 return;
1780 }
1781
1782 r = socket_watch_fds(s);
1783 if (r < 0) {
1784 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to watch sockets: %m", UNIT(s)->id);
1785 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1786 }
1787 }
1788
1789 return;
1790 }
1791
1792 if (cfd < 0) {
1793 Iterator i;
1794 Unit *other;
1795 bool pending = false;
1796
1797 /* If there's already a start pending don't bother to
1798 * do anything */
1799 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1800 if (unit_active_or_pending(other)) {
1801 pending = true;
1802 break;
1803 }
1804
1805 if (!pending) {
1806 if (!UNIT_ISSET(s->service)) {
1807 log_unit_error(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
1808 r = -ENOENT;
1809 goto fail;
1810 }
1811
1812 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1813 if (r < 0)
1814 goto fail;
1815 }
1816
1817 socket_set_state(s, SOCKET_RUNNING);
1818 } else {
1819 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1820 Service *service;
1821
1822 if (s->n_connections >= s->max_connections) {
1823 log_unit_warning(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
1824 safe_close(cfd);
1825 return;
1826 }
1827
1828 r = socket_instantiate_service(s);
1829 if (r < 0)
1830 goto fail;
1831
1832 r = instance_from_socket(cfd, s->n_accepted, &instance);
1833 if (r < 0) {
1834 if (r != -ENOTCONN)
1835 goto fail;
1836
1837 /* ENOTCONN is legitimate if TCP RST was received.
1838 * This connection is over, but the socket unit lives on. */
1839 safe_close(cfd);
1840 return;
1841 }
1842
1843 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1844 if (r < 0)
1845 goto fail;
1846
1847 r = unit_name_build(prefix, instance, ".service", &name);
1848 if (r < 0)
1849 goto fail;
1850
1851 r = unit_add_name(UNIT_DEREF(s->service), name);
1852 if (r < 0)
1853 goto fail;
1854
1855 service = SERVICE(UNIT_DEREF(s->service));
1856 unit_ref_unset(&s->service);
1857 s->n_accepted ++;
1858
1859 UNIT(service)->no_gc = false;
1860
1861 unit_choose_id(UNIT(service), name);
1862
1863 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1864 if (r < 0)
1865 goto fail;
1866
1867 cfd = -1;
1868 s->n_connections ++;
1869
1870 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1871 if (r < 0)
1872 goto fail;
1873
1874 /* Notify clients about changed counters */
1875 unit_add_to_dbus_queue(UNIT(s));
1876 }
1877
1878 return;
1879
1880 fail:
1881 log_unit_warning(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1882 UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
1883 bus_error_message(&error, r));
1884
1885 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1886 safe_close(cfd);
1887 }
1888
1889 static void socket_run_next(Socket *s) {
1890 int r;
1891
1892 assert(s);
1893 assert(s->control_command);
1894 assert(s->control_command->command_next);
1895
1896 socket_unwatch_control_pid(s);
1897
1898 s->control_command = s->control_command->command_next;
1899
1900 r = socket_spawn(s, s->control_command, &s->control_pid);
1901 if (r < 0)
1902 goto fail;
1903
1904 return;
1905
1906 fail:
1907 log_unit_warning_errno(UNIT(s)->id, r, "%s failed to run next task: %m", UNIT(s)->id);
1908
1909 if (s->state == SOCKET_START_POST)
1910 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1911 else if (s->state == SOCKET_STOP_POST)
1912 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1913 else
1914 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1915 }
1916
1917 static int socket_start(Unit *u) {
1918 Socket *s = SOCKET(u);
1919
1920 assert(s);
1921
1922 /* We cannot fulfill this request right now, try again later
1923 * please! */
1924 if (IN_SET(s->state,
1925 SOCKET_STOP_PRE,
1926 SOCKET_STOP_PRE_SIGKILL,
1927 SOCKET_STOP_PRE_SIGTERM,
1928 SOCKET_STOP_POST,
1929 SOCKET_FINAL_SIGTERM,
1930 SOCKET_FINAL_SIGKILL))
1931 return -EAGAIN;
1932
1933 /* Already on it! */
1934 if (IN_SET(s->state,
1935 SOCKET_START_PRE,
1936 SOCKET_START_CHOWN,
1937 SOCKET_START_POST))
1938 return 0;
1939
1940 /* Cannot run this without the service being around */
1941 if (UNIT_ISSET(s->service)) {
1942 Service *service;
1943
1944 service = SERVICE(UNIT_DEREF(s->service));
1945
1946 if (UNIT(service)->load_state != UNIT_LOADED) {
1947 log_unit_error(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1948 return -ENOENT;
1949 }
1950
1951 /* If the service is already active we cannot start the
1952 * socket */
1953 if (service->state != SERVICE_DEAD &&
1954 service->state != SERVICE_FAILED &&
1955 service->state != SERVICE_AUTO_RESTART) {
1956 log_unit_error(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
1957 return -EBUSY;
1958 }
1959 }
1960
1961 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1962
1963 s->result = SOCKET_SUCCESS;
1964 s->reset_cpu_usage = true;
1965
1966 socket_enter_start_pre(s);
1967
1968 return 1;
1969 }
1970
1971 static int socket_stop(Unit *u) {
1972 Socket *s = SOCKET(u);
1973
1974 assert(s);
1975
1976 /* Already on it */
1977 if (IN_SET(s->state,
1978 SOCKET_STOP_PRE,
1979 SOCKET_STOP_PRE_SIGTERM,
1980 SOCKET_STOP_PRE_SIGKILL,
1981 SOCKET_STOP_POST,
1982 SOCKET_FINAL_SIGTERM,
1983 SOCKET_FINAL_SIGKILL))
1984 return 0;
1985
1986 /* If there's already something running we go directly into
1987 * kill mode. */
1988 if (IN_SET(s->state,
1989 SOCKET_START_PRE,
1990 SOCKET_START_CHOWN,
1991 SOCKET_START_POST)) {
1992 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1993 return -EAGAIN;
1994 }
1995
1996 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1997
1998 socket_enter_stop_pre(s, SOCKET_SUCCESS);
1999 return 1;
2000 }
2001
2002 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2003 Socket *s = SOCKET(u);
2004 SocketPort *p;
2005 int r;
2006
2007 assert(u);
2008 assert(f);
2009 assert(fds);
2010
2011 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2012 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2013 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2014
2015 if (s->control_pid > 0)
2016 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2017
2018 if (s->control_command_id >= 0)
2019 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2020
2021 LIST_FOREACH(port, p, s->ports) {
2022 int copy;
2023
2024 if (p->fd < 0)
2025 continue;
2026
2027 copy = fdset_put_dup(fds, p->fd);
2028 if (copy < 0)
2029 return copy;
2030
2031 if (p->type == SOCKET_SOCKET) {
2032 _cleanup_free_ char *t = NULL;
2033
2034 r = socket_address_print(&p->address, &t);
2035 if (r < 0)
2036 return r;
2037
2038 if (socket_address_family(&p->address) == AF_NETLINK)
2039 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2040 else
2041 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2042
2043 } else if (p->type == SOCKET_SPECIAL)
2044 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2045 else if (p->type == SOCKET_MQUEUE)
2046 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2047 else {
2048 assert(p->type == SOCKET_FIFO);
2049 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2050 }
2051 }
2052
2053 return 0;
2054 }
2055
2056 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2057 Socket *s = SOCKET(u);
2058
2059 assert(u);
2060 assert(key);
2061 assert(value);
2062
2063 if (streq(key, "state")) {
2064 SocketState state;
2065
2066 state = socket_state_from_string(value);
2067 if (state < 0)
2068 log_unit_debug(u->id, "Failed to parse state value %s", value);
2069 else
2070 s->deserialized_state = state;
2071 } else if (streq(key, "result")) {
2072 SocketResult f;
2073
2074 f = socket_result_from_string(value);
2075 if (f < 0)
2076 log_unit_debug(u->id, "Failed to parse result value %s", value);
2077 else if (f != SOCKET_SUCCESS)
2078 s->result = f;
2079
2080 } else if (streq(key, "n-accepted")) {
2081 unsigned k;
2082
2083 if (safe_atou(value, &k) < 0)
2084 log_unit_debug(u->id, "Failed to parse n-accepted value %s", value);
2085 else
2086 s->n_accepted += k;
2087 } else if (streq(key, "control-pid")) {
2088 pid_t pid;
2089
2090 if (parse_pid(value, &pid) < 0)
2091 log_unit_debug(u->id, "Failed to parse control-pid value %s", value);
2092 else
2093 s->control_pid = pid;
2094 } else if (streq(key, "control-command")) {
2095 SocketExecCommand id;
2096
2097 id = socket_exec_command_from_string(value);
2098 if (id < 0)
2099 log_unit_debug(u->id, "Failed to parse exec-command value %s", value);
2100 else {
2101 s->control_command_id = id;
2102 s->control_command = s->exec_command[id];
2103 }
2104 } else if (streq(key, "fifo")) {
2105 int fd, skip = 0;
2106 SocketPort *p;
2107
2108 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2109 log_unit_debug(u->id, "Failed to parse fifo value %s", value);
2110 else {
2111
2112 LIST_FOREACH(port, p, s->ports)
2113 if (p->type == SOCKET_FIFO &&
2114 path_equal_or_files_same(p->path, value+skip))
2115 break;
2116
2117 if (p) {
2118 safe_close(p->fd);
2119 p->fd = fdset_remove(fds, fd);
2120 }
2121 }
2122
2123 } else if (streq(key, "special")) {
2124 int fd, skip = 0;
2125 SocketPort *p;
2126
2127 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2128 log_unit_debug(u->id, "Failed to parse special value %s", value);
2129 else {
2130
2131 LIST_FOREACH(port, p, s->ports)
2132 if (p->type == SOCKET_SPECIAL &&
2133 path_equal_or_files_same(p->path, value+skip))
2134 break;
2135
2136 if (p) {
2137 safe_close(p->fd);
2138 p->fd = fdset_remove(fds, fd);
2139 }
2140 }
2141
2142 } else if (streq(key, "mqueue")) {
2143 int fd, skip = 0;
2144 SocketPort *p;
2145
2146 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2147 log_unit_debug(u->id, "Failed to parse mqueue value %s", value);
2148 else {
2149
2150 LIST_FOREACH(port, p, s->ports)
2151 if (p->type == SOCKET_MQUEUE &&
2152 streq(p->path, value+skip))
2153 break;
2154
2155 if (p) {
2156 safe_close(p->fd);
2157 p->fd = fdset_remove(fds, fd);
2158 }
2159 }
2160
2161 } else if (streq(key, "socket")) {
2162 int fd, type, skip = 0;
2163 SocketPort *p;
2164
2165 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2166 log_unit_debug(u->id, "Failed to parse socket value %s", value);
2167 else {
2168
2169 LIST_FOREACH(port, p, s->ports)
2170 if (socket_address_is(&p->address, value+skip, type))
2171 break;
2172
2173 if (p) {
2174 safe_close(p->fd);
2175 p->fd = fdset_remove(fds, fd);
2176 }
2177 }
2178
2179 } else if (streq(key, "netlink")) {
2180 int fd, skip = 0;
2181 SocketPort *p;
2182
2183 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2184 log_unit_debug(u->id, "Failed to parse socket value %s", value);
2185 else {
2186
2187 LIST_FOREACH(port, p, s->ports)
2188 if (socket_address_is_netlink(&p->address, value+skip))
2189 break;
2190
2191 if (p) {
2192 safe_close(p->fd);
2193 p->fd = fdset_remove(fds, fd);
2194 }
2195 }
2196 } else
2197 log_unit_debug(UNIT(s)->id, "Unknown serialization key '%s'", key);
2198
2199 return 0;
2200 }
2201
2202 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2203 Socket *s = SOCKET(u);
2204 SocketPort *p;
2205
2206 assert(u);
2207
2208 LIST_FOREACH(port, p, s->ports) {
2209 Iterator i;
2210 int fd;
2211
2212 if (p->type != SOCKET_SOCKET)
2213 continue;
2214
2215 if (p->fd >= 0)
2216 continue;
2217
2218 FDSET_FOREACH(fd, fds, i) {
2219 if (socket_address_matches_fd(&p->address, fd)) {
2220 p->fd = fdset_remove(fds, fd);
2221 s->deserialized_state = SOCKET_LISTENING;
2222 break;
2223 }
2224 }
2225 }
2226
2227 return 0;
2228 }
2229
2230 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2231 assert(u);
2232
2233 return state_translation_table[SOCKET(u)->state];
2234 }
2235
2236 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2237 assert(u);
2238
2239 return socket_state_to_string(SOCKET(u)->state);
2240 }
2241
2242 const char* socket_port_type_to_string(SocketPort *p) {
2243
2244 assert(p);
2245
2246 switch (p->type) {
2247
2248 case SOCKET_SOCKET:
2249
2250 switch (p->address.type) {
2251
2252 case SOCK_STREAM:
2253 return "Stream";
2254
2255 case SOCK_DGRAM:
2256 return "Datagram";
2257
2258 case SOCK_SEQPACKET:
2259 return "SequentialPacket";
2260
2261 case SOCK_RAW:
2262 if (socket_address_family(&p->address) == AF_NETLINK)
2263 return "Netlink";
2264
2265 default:
2266 return NULL;
2267 }
2268
2269 case SOCKET_SPECIAL:
2270 return "Special";
2271
2272 case SOCKET_MQUEUE:
2273 return "MessageQueue";
2274
2275 case SOCKET_FIFO:
2276 return "FIFO";
2277
2278 default:
2279 return NULL;
2280 }
2281 }
2282
2283 _pure_ static bool socket_check_gc(Unit *u) {
2284 Socket *s = SOCKET(u);
2285
2286 assert(u);
2287
2288 return s->n_connections > 0;
2289 }
2290
2291 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2292 SocketPort *p = userdata;
2293 int cfd = -1;
2294
2295 assert(p);
2296 assert(fd >= 0);
2297
2298 if (p->socket->state != SOCKET_LISTENING)
2299 return 0;
2300
2301 log_unit_debug(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
2302
2303 if (revents != EPOLLIN) {
2304
2305 if (revents & EPOLLHUP)
2306 log_unit_error(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
2307 UNIT(p->socket)->id);
2308 else
2309 log_unit_error(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
2310 UNIT(p->socket)->id, revents);
2311
2312 goto fail;
2313 }
2314
2315 if (p->socket->accept &&
2316 p->type == SOCKET_SOCKET &&
2317 socket_address_can_accept(&p->address)) {
2318
2319 for (;;) {
2320
2321 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2322 if (cfd < 0) {
2323
2324 if (errno == EINTR)
2325 continue;
2326
2327 log_unit_error(UNIT(p->socket)->id, "Failed to accept socket: %m");
2328 goto fail;
2329 }
2330
2331 break;
2332 }
2333
2334 socket_apply_socket_options(p->socket, cfd);
2335 }
2336
2337 socket_enter_running(p->socket, cfd);
2338 return 0;
2339
2340 fail:
2341 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2342 return 0;
2343 }
2344
2345 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2346 Socket *s = SOCKET(u);
2347 SocketResult f;
2348
2349 assert(s);
2350 assert(pid >= 0);
2351
2352 if (pid != s->control_pid)
2353 return;
2354
2355 s->control_pid = 0;
2356
2357 if (is_clean_exit(code, status, NULL))
2358 f = SOCKET_SUCCESS;
2359 else if (code == CLD_EXITED)
2360 f = SOCKET_FAILURE_EXIT_CODE;
2361 else if (code == CLD_KILLED)
2362 f = SOCKET_FAILURE_SIGNAL;
2363 else if (code == CLD_DUMPED)
2364 f = SOCKET_FAILURE_CORE_DUMP;
2365 else
2366 assert_not_reached("Unknown sigchld code");
2367
2368 if (s->control_command) {
2369 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2370
2371 if (s->control_command->ignore)
2372 f = SOCKET_SUCCESS;
2373 }
2374
2375 log_unit_full(u->id,
2376 f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
2377 "%s control process exited, code=%s status=%i",
2378 u->id, sigchld_code_to_string(code), status);
2379
2380 if (f != SOCKET_SUCCESS)
2381 s->result = f;
2382
2383 if (s->control_command &&
2384 s->control_command->command_next &&
2385 f == SOCKET_SUCCESS) {
2386
2387 log_unit_debug(u->id,
2388 "%s running next command for state %s",
2389 u->id, socket_state_to_string(s->state));
2390 socket_run_next(s);
2391 } else {
2392 s->control_command = NULL;
2393 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2394
2395 /* No further commands for this step, so let's figure
2396 * out what to do next */
2397
2398 log_unit_debug(u->id,
2399 "%s got final SIGCHLD for state %s",
2400 u->id, socket_state_to_string(s->state));
2401
2402 switch (s->state) {
2403
2404 case SOCKET_START_PRE:
2405 if (f == SOCKET_SUCCESS)
2406 socket_enter_start_chown(s);
2407 else
2408 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2409 break;
2410
2411 case SOCKET_START_CHOWN:
2412 if (f == SOCKET_SUCCESS)
2413 socket_enter_start_post(s);
2414 else
2415 socket_enter_stop_pre(s, f);
2416 break;
2417
2418 case SOCKET_START_POST:
2419 if (f == SOCKET_SUCCESS)
2420 socket_enter_listening(s);
2421 else
2422 socket_enter_stop_pre(s, f);
2423 break;
2424
2425 case SOCKET_STOP_PRE:
2426 case SOCKET_STOP_PRE_SIGTERM:
2427 case SOCKET_STOP_PRE_SIGKILL:
2428 socket_enter_stop_post(s, f);
2429 break;
2430
2431 case SOCKET_STOP_POST:
2432 case SOCKET_FINAL_SIGTERM:
2433 case SOCKET_FINAL_SIGKILL:
2434 socket_enter_dead(s, f);
2435 break;
2436
2437 default:
2438 assert_not_reached("Uh, control process died at wrong time.");
2439 }
2440 }
2441
2442 /* Notify clients about changed exit status */
2443 unit_add_to_dbus_queue(u);
2444 }
2445
2446 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2447 Socket *s = SOCKET(userdata);
2448
2449 assert(s);
2450 assert(s->timer_event_source == source);
2451
2452 switch (s->state) {
2453
2454 case SOCKET_START_PRE:
2455 log_unit_warning(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
2456 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2457 break;
2458
2459 case SOCKET_START_CHOWN:
2460 case SOCKET_START_POST:
2461 log_unit_warning(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
2462 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2463 break;
2464
2465 case SOCKET_STOP_PRE:
2466 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
2467 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2468 break;
2469
2470 case SOCKET_STOP_PRE_SIGTERM:
2471 if (s->kill_context.send_sigkill) {
2472 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
2473 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2474 } else {
2475 log_unit_warning(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2476 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2477 }
2478 break;
2479
2480 case SOCKET_STOP_PRE_SIGKILL:
2481 log_unit_warning(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
2482 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2483 break;
2484
2485 case SOCKET_STOP_POST:
2486 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
2487 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2488 break;
2489
2490 case SOCKET_FINAL_SIGTERM:
2491 if (s->kill_context.send_sigkill) {
2492 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
2493 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2494 } else {
2495 log_unit_warning(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2496 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2497 }
2498 break;
2499
2500 case SOCKET_FINAL_SIGKILL:
2501 log_unit_warning(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
2502 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2503 break;
2504
2505 default:
2506 assert_not_reached("Timeout at wrong time.");
2507 }
2508
2509 return 0;
2510 }
2511
2512 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2513 int *rfds;
2514 unsigned rn_fds, k;
2515 SocketPort *p;
2516
2517 assert(s);
2518 assert(fds);
2519 assert(n_fds);
2520
2521 /* Called from the service code for requesting our fds */
2522
2523 rn_fds = 0;
2524 LIST_FOREACH(port, p, s->ports)
2525 if (p->fd >= 0)
2526 rn_fds++;
2527
2528 if (rn_fds <= 0) {
2529 *fds = NULL;
2530 *n_fds = 0;
2531 return 0;
2532 }
2533
2534 rfds = new(int, rn_fds);
2535 if (!rfds)
2536 return -ENOMEM;
2537
2538 k = 0;
2539 LIST_FOREACH(port, p, s->ports)
2540 if (p->fd >= 0)
2541 rfds[k++] = p->fd;
2542
2543 assert(k == rn_fds);
2544
2545 *fds = rfds;
2546 *n_fds = rn_fds;
2547
2548 return 0;
2549 }
2550
2551 static void socket_reset_failed(Unit *u) {
2552 Socket *s = SOCKET(u);
2553
2554 assert(s);
2555
2556 if (s->state == SOCKET_FAILED)
2557 socket_set_state(s, SOCKET_DEAD);
2558
2559 s->result = SOCKET_SUCCESS;
2560 }
2561
2562 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2563 assert(s);
2564
2565 /* The service is dead. Dang!
2566 *
2567 * This is strictly for one-instance-for-all-connections
2568 * services. */
2569
2570 if (s->state == SOCKET_RUNNING) {
2571 log_unit_debug(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
2572 if (failed_permanent)
2573 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2574 else
2575 socket_enter_listening(s);
2576 }
2577 }
2578
2579 void socket_connection_unref(Socket *s) {
2580 assert(s);
2581
2582 /* The service is dead. Yay!
2583 *
2584 * This is strictly for one-instance-per-connection
2585 * services. */
2586
2587 assert(s->n_connections > 0);
2588 s->n_connections--;
2589
2590 log_unit_debug(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
2591 }
2592
2593 static void socket_trigger_notify(Unit *u, Unit *other) {
2594 Socket *s = SOCKET(u);
2595 Service *se;
2596
2597 assert(u);
2598 assert(other);
2599
2600 /* Don't propagate state changes from the service if we are
2601 already down or accepting connections */
2602 if ((s->state != SOCKET_RUNNING &&
2603 s->state != SOCKET_LISTENING) ||
2604 s->accept)
2605 return;
2606
2607 if (other->load_state != UNIT_LOADED ||
2608 other->type != UNIT_SERVICE)
2609 return;
2610
2611 se = SERVICE(other);
2612
2613 if (se->state == SERVICE_FAILED)
2614 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2615
2616 if (se->state == SERVICE_DEAD ||
2617 se->state == SERVICE_FINAL_SIGTERM ||
2618 se->state == SERVICE_FINAL_SIGKILL ||
2619 se->state == SERVICE_AUTO_RESTART)
2620 socket_notify_service_dead(s, false);
2621
2622 if (se->state == SERVICE_RUNNING)
2623 socket_set_state(s, SOCKET_RUNNING);
2624 }
2625
2626 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2627 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2628 }
2629
2630 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2631 Socket *s = SOCKET(u);
2632 int r;
2633
2634 if (!s->timer_event_source)
2635 return 0;
2636
2637 r = sd_event_source_get_time(s->timer_event_source, timeout);
2638 if (r < 0)
2639 return r;
2640
2641 return 1;
2642 }
2643
2644 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2645 [SOCKET_DEAD] = "dead",
2646 [SOCKET_START_PRE] = "start-pre",
2647 [SOCKET_START_CHOWN] = "start-chown",
2648 [SOCKET_START_POST] = "start-post",
2649 [SOCKET_LISTENING] = "listening",
2650 [SOCKET_RUNNING] = "running",
2651 [SOCKET_STOP_PRE] = "stop-pre",
2652 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2653 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2654 [SOCKET_STOP_POST] = "stop-post",
2655 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2656 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2657 [SOCKET_FAILED] = "failed"
2658 };
2659
2660 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2661
2662 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2663 [SOCKET_EXEC_START_PRE] = "StartPre",
2664 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2665 [SOCKET_EXEC_START_POST] = "StartPost",
2666 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2667 [SOCKET_EXEC_STOP_POST] = "StopPost"
2668 };
2669
2670 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2671
2672 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2673 [SOCKET_SUCCESS] = "success",
2674 [SOCKET_FAILURE_RESOURCES] = "resources",
2675 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2676 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2677 [SOCKET_FAILURE_SIGNAL] = "signal",
2678 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2679 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2680 };
2681
2682 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2683
2684 const UnitVTable socket_vtable = {
2685 .object_size = sizeof(Socket),
2686 .exec_context_offset = offsetof(Socket, exec_context),
2687 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2688 .kill_context_offset = offsetof(Socket, kill_context),
2689 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2690
2691 .sections =
2692 "Unit\0"
2693 "Socket\0"
2694 "Install\0",
2695 .private_section = "Socket",
2696
2697 .init = socket_init,
2698 .done = socket_done,
2699 .load = socket_load,
2700
2701 .coldplug = socket_coldplug,
2702
2703 .dump = socket_dump,
2704
2705 .start = socket_start,
2706 .stop = socket_stop,
2707
2708 .kill = socket_kill,
2709
2710 .get_timeout = socket_get_timeout,
2711
2712 .serialize = socket_serialize,
2713 .deserialize_item = socket_deserialize_item,
2714 .distribute_fds = socket_distribute_fds,
2715
2716 .active_state = socket_active_state,
2717 .sub_state_to_string = socket_sub_state_to_string,
2718
2719 .check_gc = socket_check_gc,
2720
2721 .sigchld_event = socket_sigchld_event,
2722
2723 .trigger_notify = socket_trigger_notify,
2724
2725 .reset_failed = socket_reset_failed,
2726
2727 .bus_interface = "org.freedesktop.systemd1.Socket",
2728 .bus_vtable = bus_socket_vtable,
2729 .bus_set_property = bus_socket_set_property,
2730 .bus_commit_properties = bus_socket_commit_properties,
2731
2732 .status_message_formats = {
2733 /*.starting_stopping = {
2734 [0] = "Starting socket %s...",
2735 [1] = "Stopping socket %s...",
2736 },*/
2737 .finished_start_job = {
2738 [JOB_DONE] = "Listening on %s.",
2739 [JOB_FAILED] = "Failed to listen on %s.",
2740 [JOB_DEPENDENCY] = "Dependency failed for %s.",
2741 [JOB_TIMEOUT] = "Timed out starting %s.",
2742 },
2743 .finished_stop_job = {
2744 [JOB_DONE] = "Closed %s.",
2745 [JOB_FAILED] = "Failed stopping %s.",
2746 [JOB_TIMEOUT] = "Timed out stopping %s.",
2747 },
2748 },
2749 };
Unnamed repository; edit this file 'description' to name the repository.