]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
selinux: add _cleanup_ concepts to SELinux label allocation
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <arpa/inet.h>
23 #include <errno.h>
24 #include <fcntl.h>
25 #include <mqueue.h>
26 #include <netinet/tcp.h>
27 #include <signal.h>
28 #include <sys/epoll.h>
29 #include <sys/stat.h>
30 #include <unistd.h>
31
32 #include "sd-event.h"
33
34 #include "bus-error.h"
35 #include "bus-util.h"
36 #include "copy.h"
37 #include "dbus-socket.h"
38 #include "def.h"
39 #include "exit-status.h"
40 #include "formats-util.h"
41 #include "label.h"
42 #include "log.h"
43 #include "missing.h"
44 #include "mkdir.h"
45 #include "path-util.h"
46 #include "selinux-util.h"
47 #include "signal-util.h"
48 #include "smack-util.h"
49 #include "socket.h"
50 #include "special.h"
51 #include "strv.h"
52 #include "unit-name.h"
53 #include "unit-printf.h"
54 #include "unit.h"
55
56 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
57 [SOCKET_DEAD] = UNIT_INACTIVE,
58 [SOCKET_START_PRE] = UNIT_ACTIVATING,
59 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
60 [SOCKET_START_POST] = UNIT_ACTIVATING,
61 [SOCKET_LISTENING] = UNIT_ACTIVE,
62 [SOCKET_RUNNING] = UNIT_ACTIVE,
63 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
66 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
67 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
68 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
69 [SOCKET_FAILED] = UNIT_FAILED
70 };
71
72 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
73 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
74
75 static void socket_init(Unit *u) {
76 Socket *s = SOCKET(u);
77
78 assert(u);
79 assert(u->load_state == UNIT_STUB);
80
81 s->backlog = SOMAXCONN;
82 s->timeout_usec = u->manager->default_timeout_start_usec;
83 s->directory_mode = 0755;
84 s->socket_mode = 0666;
85
86 s->max_connections = 64;
87
88 s->priority = -1;
89 s->ip_tos = -1;
90 s->ip_ttl = -1;
91 s->mark = -1;
92
93 s->exec_context.std_output = u->manager->default_std_output;
94 s->exec_context.std_error = u->manager->default_std_error;
95
96 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
97 }
98
99 static void socket_unwatch_control_pid(Socket *s) {
100 assert(s);
101
102 if (s->control_pid <= 0)
103 return;
104
105 unit_unwatch_pid(UNIT(s), s->control_pid);
106 s->control_pid = 0;
107 }
108
109 static void socket_cleanup_fd_list(SocketPort *p) {
110 int k = p->n_auxiliary_fds;
111
112 while (k--)
113 safe_close(p->auxiliary_fds[k]);
114
115 p->auxiliary_fds = mfree(p->auxiliary_fds);
116 p->n_auxiliary_fds = 0;
117 }
118
119 void socket_free_ports(Socket *s) {
120 SocketPort *p;
121
122 assert(s);
123
124 while ((p = s->ports)) {
125 LIST_REMOVE(port, s->ports, p);
126
127 sd_event_source_unref(p->event_source);
128
129 socket_cleanup_fd_list(p);
130 safe_close(p->fd);
131 free(p->path);
132 free(p);
133 }
134 }
135
136 static void socket_done(Unit *u) {
137 Socket *s = SOCKET(u);
138
139 assert(s);
140
141 socket_free_ports(s);
142
143 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
144 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
145 s->control_command = NULL;
146
147 socket_unwatch_control_pid(s);
148
149 unit_ref_unset(&s->service);
150
151 s->tcp_congestion = mfree(s->tcp_congestion);
152 s->bind_to_device = mfree(s->bind_to_device);
153
154 free(s->smack);
155 free(s->smack_ip_in);
156 free(s->smack_ip_out);
157
158 strv_free(s->symlinks);
159
160 free(s->user);
161 free(s->group);
162
163 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
164 }
165
166 static int socket_arm_timer(Socket *s) {
167 int r;
168
169 assert(s);
170
171 if (s->timeout_usec <= 0) {
172 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
173 return 0;
174 }
175
176 if (s->timer_event_source) {
177 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
178 if (r < 0)
179 return r;
180
181 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
182 }
183
184 r = sd_event_add_time(
185 UNIT(s)->manager->event,
186 &s->timer_event_source,
187 CLOCK_MONOTONIC,
188 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
189 socket_dispatch_timer, s);
190 if (r < 0)
191 return r;
192
193 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
194
195 return 0;
196 }
197
198 int socket_instantiate_service(Socket *s) {
199 _cleanup_free_ char *prefix = NULL, *name = NULL;
200 int r;
201 Unit *u;
202
203 assert(s);
204
205 /* This fills in s->service if it isn't filled in yet. For
206 * Accept=yes sockets we create the next connection service
207 * here. For Accept=no this is mostly a NOP since the service
208 * is figured out at load time anyway. */
209
210 if (UNIT_DEREF(s->service))
211 return 0;
212
213 if (!s->accept)
214 return 0;
215
216 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
217 if (r < 0)
218 return r;
219
220 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
221 return -ENOMEM;
222
223 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
224 if (r < 0)
225 return r;
226
227 u->no_gc = true;
228 unit_ref_set(&s->service, u);
229
230 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
231 }
232
233 static bool have_non_accept_socket(Socket *s) {
234 SocketPort *p;
235
236 assert(s);
237
238 if (!s->accept)
239 return true;
240
241 LIST_FOREACH(port, p, s->ports) {
242
243 if (p->type != SOCKET_SOCKET)
244 return true;
245
246 if (!socket_address_can_accept(&p->address))
247 return true;
248 }
249
250 return false;
251 }
252
253 static int socket_add_mount_links(Socket *s) {
254 SocketPort *p;
255 int r;
256
257 assert(s);
258
259 LIST_FOREACH(port, p, s->ports) {
260 const char *path = NULL;
261
262 if (p->type == SOCKET_SOCKET)
263 path = socket_address_get_path(&p->address);
264 else if (IN_SET(p->type, SOCKET_FIFO, SOCKET_SPECIAL, SOCKET_USB_FUNCTION))
265 path = p->path;
266
267 if (!path)
268 continue;
269
270 r = unit_require_mounts_for(UNIT(s), path);
271 if (r < 0)
272 return r;
273 }
274
275 return 0;
276 }
277
278 static int socket_add_device_link(Socket *s) {
279 char *t;
280
281 assert(s);
282
283 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
284 return 0;
285
286 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
287 return unit_add_node_link(UNIT(s), t, false);
288 }
289
290 static int socket_add_default_dependencies(Socket *s) {
291 int r;
292 assert(s);
293
294 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
295 if (r < 0)
296 return r;
297
298 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
299 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
300 if (r < 0)
301 return r;
302 }
303
304 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
305 }
306
307 _pure_ static bool socket_has_exec(Socket *s) {
308 unsigned i;
309 assert(s);
310
311 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
312 if (s->exec_command[i])
313 return true;
314
315 return false;
316 }
317
318 static int socket_add_extras(Socket *s) {
319 Unit *u = UNIT(s);
320 int r;
321
322 assert(s);
323
324 if (have_non_accept_socket(s)) {
325
326 if (!UNIT_DEREF(s->service)) {
327 Unit *x;
328
329 r = unit_load_related_unit(u, ".service", &x);
330 if (r < 0)
331 return r;
332
333 unit_ref_set(&s->service, x);
334 }
335
336 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
337 if (r < 0)
338 return r;
339 }
340
341 r = socket_add_mount_links(s);
342 if (r < 0)
343 return r;
344
345 r = socket_add_device_link(s);
346 if (r < 0)
347 return r;
348
349 r = unit_patch_contexts(u);
350 if (r < 0)
351 return r;
352
353 if (socket_has_exec(s)) {
354 r = unit_add_exec_dependencies(u, &s->exec_context);
355 if (r < 0)
356 return r;
357
358 r = unit_set_default_slice(u);
359 if (r < 0)
360 return r;
361 }
362
363 if (u->default_dependencies) {
364 r = socket_add_default_dependencies(s);
365 if (r < 0)
366 return r;
367 }
368
369 return 0;
370 }
371
372 static const char *socket_find_symlink_target(Socket *s) {
373 const char *found = NULL;
374 SocketPort *p;
375
376 LIST_FOREACH(port, p, s->ports) {
377 const char *f = NULL;
378
379 switch (p->type) {
380
381 case SOCKET_FIFO:
382 f = p->path;
383 break;
384
385 case SOCKET_SOCKET:
386 if (p->address.sockaddr.un.sun_path[0] != 0)
387 f = p->address.sockaddr.un.sun_path;
388 break;
389
390 default:
391 break;
392 }
393
394 if (f) {
395 if (found)
396 return NULL;
397
398 found = f;
399 }
400 }
401
402 return found;
403 }
404
405 static int socket_verify(Socket *s) {
406 assert(s);
407
408 if (UNIT(s)->load_state != UNIT_LOADED)
409 return 0;
410
411 if (!s->ports) {
412 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
413 return -EINVAL;
414 }
415
416 if (s->accept && have_non_accept_socket(s)) {
417 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
418 return -EINVAL;
419 }
420
421 if (s->accept && s->max_connections <= 0) {
422 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
423 return -EINVAL;
424 }
425
426 if (s->accept && UNIT_DEREF(s->service)) {
427 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
428 return -EINVAL;
429 }
430
431 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
432 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
433 return -EINVAL;
434 }
435
436 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
437 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
438 return -EINVAL;
439 }
440
441 return 0;
442 }
443
444 static int socket_load(Unit *u) {
445 Socket *s = SOCKET(u);
446 int r;
447
448 assert(u);
449 assert(u->load_state == UNIT_STUB);
450
451 r = unit_load_fragment_and_dropin(u);
452 if (r < 0)
453 return r;
454
455 if (u->load_state == UNIT_LOADED) {
456 /* This is a new unit? Then let's add in some extras */
457 r = socket_add_extras(s);
458 if (r < 0)
459 return r;
460 }
461
462 return socket_verify(s);
463 }
464
465 _const_ static const char* listen_lookup(int family, int type) {
466
467 if (family == AF_NETLINK)
468 return "ListenNetlink";
469
470 if (type == SOCK_STREAM)
471 return "ListenStream";
472 else if (type == SOCK_DGRAM)
473 return "ListenDatagram";
474 else if (type == SOCK_SEQPACKET)
475 return "ListenSequentialPacket";
476
477 assert_not_reached("Unknown socket type");
478 return NULL;
479 }
480
481 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
482 char time_string[FORMAT_TIMESPAN_MAX];
483 SocketExecCommand c;
484 Socket *s = SOCKET(u);
485 SocketPort *p;
486 const char *prefix2;
487
488 assert(s);
489 assert(f);
490
491 prefix = strempty(prefix);
492 prefix2 = strjoina(prefix, "\t");
493
494 fprintf(f,
495 "%sSocket State: %s\n"
496 "%sResult: %s\n"
497 "%sBindIPv6Only: %s\n"
498 "%sBacklog: %u\n"
499 "%sSocketMode: %04o\n"
500 "%sDirectoryMode: %04o\n"
501 "%sKeepAlive: %s\n"
502 "%sNoDelay: %s\n"
503 "%sFreeBind: %s\n"
504 "%sTransparent: %s\n"
505 "%sBroadcast: %s\n"
506 "%sPassCredentials: %s\n"
507 "%sPassSecurity: %s\n"
508 "%sTCPCongestion: %s\n"
509 "%sRemoveOnStop: %s\n"
510 "%sSELinuxContextFromNet: %s\n",
511 prefix, socket_state_to_string(s->state),
512 prefix, socket_result_to_string(s->result),
513 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
514 prefix, s->backlog,
515 prefix, s->socket_mode,
516 prefix, s->directory_mode,
517 prefix, yes_no(s->keep_alive),
518 prefix, yes_no(s->no_delay),
519 prefix, yes_no(s->free_bind),
520 prefix, yes_no(s->transparent),
521 prefix, yes_no(s->broadcast),
522 prefix, yes_no(s->pass_cred),
523 prefix, yes_no(s->pass_sec),
524 prefix, strna(s->tcp_congestion),
525 prefix, yes_no(s->remove_on_stop),
526 prefix, yes_no(s->selinux_context_from_net));
527
528 if (s->control_pid > 0)
529 fprintf(f,
530 "%sControl PID: "PID_FMT"\n",
531 prefix, s->control_pid);
532
533 if (s->bind_to_device)
534 fprintf(f,
535 "%sBindToDevice: %s\n",
536 prefix, s->bind_to_device);
537
538 if (s->accept)
539 fprintf(f,
540 "%sAccepted: %u\n"
541 "%sNConnections: %u\n"
542 "%sMaxConnections: %u\n",
543 prefix, s->n_accepted,
544 prefix, s->n_connections,
545 prefix, s->max_connections);
546
547 if (s->priority >= 0)
548 fprintf(f,
549 "%sPriority: %i\n",
550 prefix, s->priority);
551
552 if (s->receive_buffer > 0)
553 fprintf(f,
554 "%sReceiveBuffer: %zu\n",
555 prefix, s->receive_buffer);
556
557 if (s->send_buffer > 0)
558 fprintf(f,
559 "%sSendBuffer: %zu\n",
560 prefix, s->send_buffer);
561
562 if (s->ip_tos >= 0)
563 fprintf(f,
564 "%sIPTOS: %i\n",
565 prefix, s->ip_tos);
566
567 if (s->ip_ttl >= 0)
568 fprintf(f,
569 "%sIPTTL: %i\n",
570 prefix, s->ip_ttl);
571
572 if (s->pipe_size > 0)
573 fprintf(f,
574 "%sPipeSize: %zu\n",
575 prefix, s->pipe_size);
576
577 if (s->mark >= 0)
578 fprintf(f,
579 "%sMark: %i\n",
580 prefix, s->mark);
581
582 if (s->mq_maxmsg > 0)
583 fprintf(f,
584 "%sMessageQueueMaxMessages: %li\n",
585 prefix, s->mq_maxmsg);
586
587 if (s->mq_msgsize > 0)
588 fprintf(f,
589 "%sMessageQueueMessageSize: %li\n",
590 prefix, s->mq_msgsize);
591
592 if (s->reuse_port)
593 fprintf(f,
594 "%sReusePort: %s\n",
595 prefix, yes_no(s->reuse_port));
596
597 if (s->smack)
598 fprintf(f,
599 "%sSmackLabel: %s\n",
600 prefix, s->smack);
601
602 if (s->smack_ip_in)
603 fprintf(f,
604 "%sSmackLabelIPIn: %s\n",
605 prefix, s->smack_ip_in);
606
607 if (s->smack_ip_out)
608 fprintf(f,
609 "%sSmackLabelIPOut: %s\n",
610 prefix, s->smack_ip_out);
611
612 if (!isempty(s->user) || !isempty(s->group))
613 fprintf(f,
614 "%sOwnerUser: %s\n"
615 "%sOwnerGroup: %s\n",
616 prefix, strna(s->user),
617 prefix, strna(s->group));
618
619 if (s->keep_alive_time > 0)
620 fprintf(f,
621 "%sKeepAliveTimeSec: %s\n",
622 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
623
624 if (s->keep_alive_interval)
625 fprintf(f,
626 "%sKeepAliveIntervalSec: %s\n",
627 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
628
629 if (s->keep_alive_cnt)
630 fprintf(f,
631 "%sKeepAliveProbes: %u\n",
632 prefix, s->keep_alive_cnt);
633
634 if (s->defer_accept)
635 fprintf(f,
636 "%sDeferAcceptSec: %s\n",
637 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
638
639 LIST_FOREACH(port, p, s->ports) {
640
641 if (p->type == SOCKET_SOCKET) {
642 const char *t;
643 int r;
644 char *k = NULL;
645
646 if ((r = socket_address_print(&p->address, &k)) < 0)
647 t = strerror(-r);
648 else
649 t = k;
650
651 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
652 free(k);
653 } else if (p->type == SOCKET_SPECIAL)
654 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
655 else if (p->type == SOCKET_USB_FUNCTION)
656 fprintf(f, "%sListenUSBFunction: %s\n", prefix, p->path);
657 else if (p->type == SOCKET_MQUEUE)
658 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
659 else
660 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
661 }
662
663 exec_context_dump(&s->exec_context, f, prefix);
664 kill_context_dump(&s->kill_context, f, prefix);
665
666 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
667 if (!s->exec_command[c])
668 continue;
669
670 fprintf(f, "%s-> %s:\n",
671 prefix, socket_exec_command_to_string(c));
672
673 exec_command_dump_list(s->exec_command[c], f, prefix2);
674 }
675 }
676
677 static int instance_from_socket(int fd, unsigned nr, char **instance) {
678 socklen_t l;
679 char *r;
680 union sockaddr_union local, remote;
681
682 assert(fd >= 0);
683 assert(instance);
684
685 l = sizeof(local);
686 if (getsockname(fd, &local.sa, &l) < 0)
687 return -errno;
688
689 l = sizeof(remote);
690 if (getpeername(fd, &remote.sa, &l) < 0)
691 return -errno;
692
693 switch (local.sa.sa_family) {
694
695 case AF_INET: {
696 uint32_t
697 a = ntohl(local.in.sin_addr.s_addr),
698 b = ntohl(remote.in.sin_addr.s_addr);
699
700 if (asprintf(&r,
701 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
702 nr,
703 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
704 ntohs(local.in.sin_port),
705 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
706 ntohs(remote.in.sin_port)) < 0)
707 return -ENOMEM;
708
709 break;
710 }
711
712 case AF_INET6: {
713 static const unsigned char ipv4_prefix[] = {
714 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
715 };
716
717 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
718 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
719 const uint8_t
720 *a = local.in6.sin6_addr.s6_addr+12,
721 *b = remote.in6.sin6_addr.s6_addr+12;
722
723 if (asprintf(&r,
724 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
725 nr,
726 a[0], a[1], a[2], a[3],
727 ntohs(local.in6.sin6_port),
728 b[0], b[1], b[2], b[3],
729 ntohs(remote.in6.sin6_port)) < 0)
730 return -ENOMEM;
731 } else {
732 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
733
734 if (asprintf(&r,
735 "%u-%s:%u-%s:%u",
736 nr,
737 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
738 ntohs(local.in6.sin6_port),
739 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
740 ntohs(remote.in6.sin6_port)) < 0)
741 return -ENOMEM;
742 }
743
744 break;
745 }
746
747 case AF_UNIX: {
748 struct ucred ucred;
749 int k;
750
751 k = getpeercred(fd, &ucred);
752 if (k >= 0) {
753 if (asprintf(&r,
754 "%u-"PID_FMT"-"UID_FMT,
755 nr, ucred.pid, ucred.uid) < 0)
756 return -ENOMEM;
757 } else if (k == -ENODATA) {
758 /* This handles the case where somebody is
759 * connecting from another pid/uid namespace
760 * (e.g. from outside of our container). */
761 if (asprintf(&r,
762 "%u-unknown",
763 nr) < 0)
764 return -ENOMEM;
765 } else
766 return k;
767
768 break;
769 }
770
771 default:
772 assert_not_reached("Unhandled socket type.");
773 }
774
775 *instance = r;
776 return 0;
777 }
778
779 static void socket_close_fds(Socket *s) {
780 SocketPort *p;
781 char **i;
782
783 assert(s);
784
785 LIST_FOREACH(port, p, s->ports) {
786
787 p->event_source = sd_event_source_unref(p->event_source);
788
789 if (p->fd < 0)
790 continue;
791
792 p->fd = safe_close(p->fd);
793 socket_cleanup_fd_list(p);
794
795 /* One little note: we should normally not delete any
796 * sockets in the file system here! After all some
797 * other process we spawned might still have a
798 * reference of this fd and wants to continue to use
799 * it. Therefore we delete sockets in the file system
800 * before we create a new one, not after we stopped
801 * using one! */
802
803 if (s->remove_on_stop) {
804 switch (p->type) {
805
806 case SOCKET_FIFO:
807 unlink(p->path);
808 break;
809
810 case SOCKET_MQUEUE:
811 mq_unlink(p->path);
812 break;
813
814 case SOCKET_SOCKET:
815 socket_address_unlink(&p->address);
816 break;
817
818 default:
819 break;
820 }
821 }
822 }
823
824 if (s->remove_on_stop)
825 STRV_FOREACH(i, s->symlinks)
826 unlink(*i);
827 }
828
829 static void socket_apply_socket_options(Socket *s, int fd) {
830 int r;
831
832 assert(s);
833 assert(fd >= 0);
834
835 if (s->keep_alive) {
836 int b = s->keep_alive;
837 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
838 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
839 }
840
841 if (s->keep_alive_time) {
842 int value = s->keep_alive_time / USEC_PER_SEC;
843 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
844 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
845 }
846
847 if (s->keep_alive_interval) {
848 int value = s->keep_alive_interval / USEC_PER_SEC;
849 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
850 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
851 }
852
853 if (s->keep_alive_cnt) {
854 int value = s->keep_alive_cnt;
855 if (setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &value, sizeof(value)) < 0)
856 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
857 }
858
859 if (s->defer_accept) {
860 int value = s->defer_accept / USEC_PER_SEC;
861 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
862 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
863 }
864
865 if (s->no_delay) {
866 int b = s->no_delay;
867 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
868 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
869 }
870
871 if (s->broadcast) {
872 int one = 1;
873 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
874 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
875 }
876
877 if (s->pass_cred) {
878 int one = 1;
879 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
880 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
881 }
882
883 if (s->pass_sec) {
884 int one = 1;
885 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
886 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
887 }
888
889 if (s->priority >= 0)
890 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
891 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
892
893 if (s->receive_buffer > 0) {
894 int value = (int) s->receive_buffer;
895
896 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
897
898 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
899 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
900 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
901 }
902
903 if (s->send_buffer > 0) {
904 int value = (int) s->send_buffer;
905 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
906 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
907 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
908 }
909
910 if (s->mark >= 0)
911 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
912 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
913
914 if (s->ip_tos >= 0)
915 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
916 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
917
918 if (s->ip_ttl >= 0) {
919 int x;
920
921 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
922
923 if (socket_ipv6_is_supported())
924 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
925 else {
926 x = -1;
927 errno = EAFNOSUPPORT;
928 }
929
930 if (r < 0 && x < 0)
931 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
932 }
933
934 if (s->tcp_congestion)
935 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
936 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
937
938 if (s->smack_ip_in) {
939 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
940 if (r < 0)
941 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
942 }
943
944 if (s->smack_ip_out) {
945 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
946 if (r < 0)
947 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
948 }
949 }
950
951 static void socket_apply_fifo_options(Socket *s, int fd) {
952 int r;
953
954 assert(s);
955 assert(fd >= 0);
956
957 if (s->pipe_size > 0)
958 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
959 log_unit_warning_errno(UNIT(s), errno, "Setting pipe size failed, ignoring: %m");
960
961 if (s->smack) {
962 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
963 if (r < 0)
964 log_unit_error_errno(UNIT(s), r, "SMACK relabelling failed, ignoring: %m");
965 }
966 }
967
968 static int fifo_address_create(
969 const char *path,
970 mode_t directory_mode,
971 mode_t socket_mode) {
972
973 _cleanup_close_ int fd = -1;
974 mode_t old_mask;
975 struct stat st;
976 int r;
977
978 assert(path);
979
980 mkdir_parents_label(path, directory_mode);
981
982 r = mac_selinux_create_file_prepare(path, S_IFIFO);
983 if (r < 0)
984 return r;
985
986 /* Enforce the right access mode for the fifo */
987 old_mask = umask(~ socket_mode);
988
989 /* Include the original umask in our mask */
990 (void) umask(~socket_mode | old_mask);
991
992 r = mkfifo(path, socket_mode);
993 (void) umask(old_mask);
994
995 if (r < 0 && errno != EEXIST) {
996 r = -errno;
997 goto fail;
998 }
999
1000 fd = open(path, O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
1001 if (fd < 0) {
1002 r = -errno;
1003 goto fail;
1004 }
1005
1006 mac_selinux_create_file_clear();
1007
1008 if (fstat(fd, &st) < 0) {
1009 r = -errno;
1010 goto fail;
1011 }
1012
1013 if (!S_ISFIFO(st.st_mode) ||
1014 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1015 st.st_uid != getuid() ||
1016 st.st_gid != getgid()) {
1017 r = -EEXIST;
1018 goto fail;
1019 }
1020
1021 r = fd;
1022 fd = -1;
1023
1024 return r;
1025
1026 fail:
1027 mac_selinux_create_file_clear();
1028 safe_close(fd);
1029
1030 return r;
1031 }
1032
1033 static int special_address_create(const char *path) {
1034 _cleanup_close_ int fd = -1;
1035 struct stat st;
1036 int r;
1037
1038 assert(path);
1039
1040 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1041 if (fd < 0)
1042 return -errno;
1043
1044 if (fstat(fd, &st) < 0)
1045 return -errno;
1046
1047 /* Check whether this is a /proc, /sys or /dev file or char device */
1048 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode))
1049 return -EEXIST;
1050
1051 r = fd;
1052 fd = -1;
1053
1054 return r;
1055 }
1056
1057 static int ffs_address_create(const char *path) {
1058 _cleanup_close_ int fd = -1;
1059 struct stat st;
1060 int r;
1061
1062 assert(path);
1063
1064 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1065 if (fd < 0)
1066 return -errno;
1067
1068 if (fstat(fd, &st) < 0)
1069 return -errno;
1070
1071 /* Check whether this is a regular file (ffs endpoint)*/
1072 if (!S_ISREG(st.st_mode))
1073 return -EEXIST;
1074
1075 r = fd;
1076 fd = -1;
1077
1078 return r;
1079 }
1080
1081 static int mq_address_create(
1082 const char *path,
1083 mode_t mq_mode,
1084 long maxmsg,
1085 long msgsize) {
1086
1087 _cleanup_close_ int fd = -1;
1088 struct stat st;
1089 mode_t old_mask;
1090 struct mq_attr _attr, *attr = NULL;
1091 int r;
1092
1093 assert(path);
1094
1095 if (maxmsg > 0 && msgsize > 0) {
1096 _attr = (struct mq_attr) {
1097 .mq_flags = O_NONBLOCK,
1098 .mq_maxmsg = maxmsg,
1099 .mq_msgsize = msgsize,
1100 };
1101 attr = &_attr;
1102 }
1103
1104 /* Enforce the right access mode for the mq */
1105 old_mask = umask(~ mq_mode);
1106
1107 /* Include the original umask in our mask */
1108 (void) umask(~mq_mode | old_mask);
1109 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1110 (void) umask(old_mask);
1111
1112 if (fd < 0)
1113 return -errno;
1114
1115 if (fstat(fd, &st) < 0)
1116 return -errno;
1117
1118 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1119 st.st_uid != getuid() ||
1120 st.st_gid != getgid())
1121 return -EEXIST;
1122
1123 r = fd;
1124 fd = -1;
1125
1126 return r;
1127 }
1128
1129 static int socket_symlink(Socket *s) {
1130 const char *p;
1131 char **i;
1132
1133 assert(s);
1134
1135 p = socket_find_symlink_target(s);
1136 if (!p)
1137 return 0;
1138
1139 STRV_FOREACH(i, s->symlinks)
1140 symlink_label(p, *i);
1141
1142 return 0;
1143 }
1144
1145 static int ffs_write_descs(int fd, Service *s) {
1146 int r;
1147
1148 if (!s->usb_function_descriptors || !s->usb_function_strings)
1149 return -EINVAL;
1150
1151 r = copy_file_fd(s->usb_function_descriptors, fd, false);
1152 if (r < 0)
1153 return r;
1154
1155 return copy_file_fd(s->usb_function_strings, fd, false);
1156 }
1157
1158 static int select_ep(const struct dirent *d) {
1159 return d->d_name[0] != '.' && !streq(d->d_name, "ep0");
1160 }
1161
1162 static int ffs_dispatch_eps(SocketPort *p) {
1163 _cleanup_free_ struct dirent **ent = NULL;
1164 int r, i, n, k;
1165 _cleanup_free_ char *path = NULL;
1166
1167 r = path_get_parent(p->path, &path);
1168 if (r < 0)
1169 return r;
1170
1171 r = scandir(path, &ent, select_ep, alphasort);
1172 if (r < 0)
1173 return -errno;
1174
1175 n = r;
1176 p->auxiliary_fds = new(int, n);
1177 if (!p->auxiliary_fds)
1178 return -ENOMEM;
1179
1180 p->n_auxiliary_fds = n;
1181
1182 k = 0;
1183 for (i = 0; i < n; ++i) {
1184 _cleanup_free_ char *ep = NULL;
1185
1186 ep = path_make_absolute(ent[i]->d_name, path);
1187 if (!ep)
1188 return -ENOMEM;
1189
1190 path_kill_slashes(ep);
1191
1192 r = ffs_address_create(ep);
1193 if (r < 0)
1194 goto fail;
1195
1196 p->auxiliary_fds[k] = r;
1197
1198 ++k;
1199 free(ent[i]);
1200 }
1201
1202 return r;
1203
1204 fail:
1205 close_many(p->auxiliary_fds, k);
1206 p->auxiliary_fds = mfree(p->auxiliary_fds);
1207 p->n_auxiliary_fds = 0;
1208
1209 return r;
1210 }
1211
1212 static int socket_open_fds(Socket *s) {
1213 _cleanup_(mac_selinux_freep) char *label = NULL;
1214 bool know_label = false;
1215 SocketPort *p;
1216 int r;
1217
1218 assert(s);
1219
1220 LIST_FOREACH(port, p, s->ports) {
1221
1222 if (p->fd >= 0)
1223 continue;
1224
1225 if (p->type == SOCKET_SOCKET) {
1226
1227 if (!know_label) {
1228 /* Figure out label, if we don't it know
1229 * yet. We do it once, for the first
1230 * socket where we need this and
1231 * remember it for the rest. */
1232
1233 if (s->selinux_context_from_net) {
1234 /* Get it from the network label */
1235
1236 r = mac_selinux_get_our_label(&label);
1237 if (r < 0 && r != -EOPNOTSUPP)
1238 goto rollback;
1239
1240 } else {
1241 /* Get it from the executable we are about to start */
1242
1243 r = socket_instantiate_service(s);
1244 if (r < 0)
1245 goto rollback;
1246
1247 if (UNIT_ISSET(s->service) &&
1248 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1249 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1250 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1251 goto rollback;
1252 }
1253 }
1254
1255 know_label = true;
1256 }
1257
1258 r = socket_address_listen(
1259 &p->address,
1260 SOCK_CLOEXEC|SOCK_NONBLOCK,
1261 s->backlog,
1262 s->bind_ipv6_only,
1263 s->bind_to_device,
1264 s->reuse_port,
1265 s->free_bind,
1266 s->transparent,
1267 s->directory_mode,
1268 s->socket_mode,
1269 label);
1270 if (r < 0)
1271 goto rollback;
1272
1273 p->fd = r;
1274 socket_apply_socket_options(s, p->fd);
1275 socket_symlink(s);
1276
1277 } else if (p->type == SOCKET_SPECIAL) {
1278
1279 p->fd = special_address_create(p->path);
1280 if (p->fd < 0) {
1281 r = p->fd;
1282 goto rollback;
1283 }
1284
1285 } else if (p->type == SOCKET_FIFO) {
1286
1287 p->fd = fifo_address_create(
1288 p->path,
1289 s->directory_mode,
1290 s->socket_mode);
1291 if (p->fd < 0) {
1292 r = p->fd;
1293 goto rollback;
1294 }
1295
1296 socket_apply_fifo_options(s, p->fd);
1297 socket_symlink(s);
1298
1299 } else if (p->type == SOCKET_MQUEUE) {
1300
1301 p->fd = mq_address_create(
1302 p->path,
1303 s->socket_mode,
1304 s->mq_maxmsg,
1305 s->mq_msgsize);
1306 if (p->fd < 0) {
1307 r = p->fd;
1308 goto rollback;
1309 }
1310
1311 } else if (p->type == SOCKET_USB_FUNCTION) {
1312
1313 p->fd = ffs_address_create(p->path);
1314 if (p->fd < 0) {
1315 r = p->fd;
1316 goto rollback;
1317 }
1318
1319 r = ffs_write_descs(p->fd, SERVICE(UNIT_DEREF(s->service)));
1320 if (r < 0)
1321 goto rollback;
1322
1323 r = ffs_dispatch_eps(p);
1324 if (r < 0)
1325 goto rollback;
1326 } else
1327 assert_not_reached("Unknown port type");
1328 }
1329
1330 return 0;
1331
1332 rollback:
1333 socket_close_fds(s);
1334 return r;
1335 }
1336
1337 static void socket_unwatch_fds(Socket *s) {
1338 SocketPort *p;
1339 int r;
1340
1341 assert(s);
1342
1343 LIST_FOREACH(port, p, s->ports) {
1344 if (p->fd < 0)
1345 continue;
1346
1347 if (!p->event_source)
1348 continue;
1349
1350 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1351 if (r < 0)
1352 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
1353 }
1354 }
1355
1356 static int socket_watch_fds(Socket *s) {
1357 SocketPort *p;
1358 int r;
1359
1360 assert(s);
1361
1362 LIST_FOREACH(port, p, s->ports) {
1363 if (p->fd < 0)
1364 continue;
1365
1366 if (p->event_source) {
1367 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1368 if (r < 0)
1369 goto fail;
1370 } else {
1371 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1372 if (r < 0)
1373 goto fail;
1374
1375 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1376 }
1377 }
1378
1379 return 0;
1380
1381 fail:
1382 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
1383 socket_unwatch_fds(s);
1384 return r;
1385 }
1386
1387 static void socket_set_state(Socket *s, SocketState state) {
1388 SocketState old_state;
1389 assert(s);
1390
1391 old_state = s->state;
1392 s->state = state;
1393
1394 if (!IN_SET(state,
1395 SOCKET_START_PRE,
1396 SOCKET_START_CHOWN,
1397 SOCKET_START_POST,
1398 SOCKET_STOP_PRE,
1399 SOCKET_STOP_PRE_SIGTERM,
1400 SOCKET_STOP_PRE_SIGKILL,
1401 SOCKET_STOP_POST,
1402 SOCKET_FINAL_SIGTERM,
1403 SOCKET_FINAL_SIGKILL)) {
1404
1405 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1406 socket_unwatch_control_pid(s);
1407 s->control_command = NULL;
1408 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1409 }
1410
1411 if (state != SOCKET_LISTENING)
1412 socket_unwatch_fds(s);
1413
1414 if (!IN_SET(state,
1415 SOCKET_START_CHOWN,
1416 SOCKET_START_POST,
1417 SOCKET_LISTENING,
1418 SOCKET_RUNNING,
1419 SOCKET_STOP_PRE,
1420 SOCKET_STOP_PRE_SIGTERM,
1421 SOCKET_STOP_PRE_SIGKILL))
1422 socket_close_fds(s);
1423
1424 if (state != old_state)
1425 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
1426
1427 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1428 }
1429
1430 static int socket_coldplug(Unit *u) {
1431 Socket *s = SOCKET(u);
1432 int r;
1433
1434 assert(s);
1435 assert(s->state == SOCKET_DEAD);
1436
1437 if (s->deserialized_state == s->state)
1438 return 0;
1439
1440 if (IN_SET(s->deserialized_state,
1441 SOCKET_START_PRE,
1442 SOCKET_START_CHOWN,
1443 SOCKET_START_POST,
1444 SOCKET_STOP_PRE,
1445 SOCKET_STOP_PRE_SIGTERM,
1446 SOCKET_STOP_PRE_SIGKILL,
1447 SOCKET_STOP_POST,
1448 SOCKET_FINAL_SIGTERM,
1449 SOCKET_FINAL_SIGKILL)) {
1450
1451 if (s->control_pid <= 0)
1452 return -EBADMSG;
1453
1454 r = unit_watch_pid(UNIT(s), s->control_pid);
1455 if (r < 0)
1456 return r;
1457
1458 r = socket_arm_timer(s);
1459 if (r < 0)
1460 return r;
1461 }
1462
1463 if (IN_SET(s->deserialized_state,
1464 SOCKET_START_CHOWN,
1465 SOCKET_START_POST,
1466 SOCKET_LISTENING,
1467 SOCKET_RUNNING,
1468 SOCKET_STOP_PRE,
1469 SOCKET_STOP_PRE_SIGTERM,
1470 SOCKET_STOP_PRE_SIGKILL)) {
1471 r = socket_open_fds(s);
1472 if (r < 0)
1473 return r;
1474 }
1475
1476 if (s->deserialized_state == SOCKET_LISTENING) {
1477 r = socket_watch_fds(s);
1478 if (r < 0)
1479 return r;
1480 }
1481
1482 socket_set_state(s, s->deserialized_state);
1483 return 0;
1484 }
1485
1486 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1487 _cleanup_free_ char **argv = NULL;
1488 pid_t pid;
1489 int r;
1490 ExecParameters exec_params = {
1491 .apply_permissions = true,
1492 .apply_chroot = true,
1493 .apply_tty_stdin = true,
1494 .bus_endpoint_fd = -1,
1495 };
1496
1497 assert(s);
1498 assert(c);
1499 assert(_pid);
1500
1501 (void) unit_realize_cgroup(UNIT(s));
1502 if (s->reset_cpu_usage) {
1503 (void) unit_reset_cpu_usage(UNIT(s));
1504 s->reset_cpu_usage = false;
1505 }
1506
1507 r = unit_setup_exec_runtime(UNIT(s));
1508 if (r < 0)
1509 goto fail;
1510
1511 r = socket_arm_timer(s);
1512 if (r < 0)
1513 goto fail;
1514
1515 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1516 if (r < 0)
1517 goto fail;
1518
1519 exec_params.argv = argv;
1520 exec_params.environment = UNIT(s)->manager->environment;
1521 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1522 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1523 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1524 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1525 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1526
1527 r = exec_spawn(UNIT(s),
1528 c,
1529 &s->exec_context,
1530 &exec_params,
1531 s->exec_runtime,
1532 &pid);
1533 if (r < 0)
1534 goto fail;
1535
1536 r = unit_watch_pid(UNIT(s), pid);
1537 if (r < 0)
1538 /* FIXME: we need to do something here */
1539 goto fail;
1540
1541 *_pid = pid;
1542 return 0;
1543
1544 fail:
1545 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1546 return r;
1547 }
1548
1549 static int socket_chown(Socket *s, pid_t *_pid) {
1550 pid_t pid;
1551 int r;
1552
1553 r = socket_arm_timer(s);
1554 if (r < 0)
1555 goto fail;
1556
1557 /* We have to resolve the user names out-of-process, hence
1558 * let's fork here. It's messy, but well, what can we do? */
1559
1560 pid = fork();
1561 if (pid < 0)
1562 return -errno;
1563
1564 if (pid == 0) {
1565 SocketPort *p;
1566 uid_t uid = UID_INVALID;
1567 gid_t gid = GID_INVALID;
1568 int ret;
1569
1570 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1571 (void) ignore_signals(SIGPIPE, -1);
1572 log_forget_fds();
1573
1574 if (!isempty(s->user)) {
1575 const char *user = s->user;
1576
1577 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1578 if (r < 0) {
1579 ret = EXIT_USER;
1580 goto fail_child;
1581 }
1582 }
1583
1584 if (!isempty(s->group)) {
1585 const char *group = s->group;
1586
1587 r = get_group_creds(&group, &gid);
1588 if (r < 0) {
1589 ret = EXIT_GROUP;
1590 goto fail_child;
1591 }
1592 }
1593
1594 LIST_FOREACH(port, p, s->ports) {
1595 const char *path = NULL;
1596
1597 if (p->type == SOCKET_SOCKET)
1598 path = socket_address_get_path(&p->address);
1599 else if (p->type == SOCKET_FIFO)
1600 path = p->path;
1601
1602 if (!path)
1603 continue;
1604
1605 if (chown(path, uid, gid) < 0) {
1606 r = -errno;
1607 ret = EXIT_CHOWN;
1608 goto fail_child;
1609 }
1610 }
1611
1612 _exit(0);
1613
1614 fail_child:
1615 log_open();
1616 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1617
1618 _exit(ret);
1619 }
1620
1621 r = unit_watch_pid(UNIT(s), pid);
1622 if (r < 0)
1623 goto fail;
1624
1625 *_pid = pid;
1626 return 0;
1627
1628 fail:
1629 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1630 return r;
1631 }
1632
1633 static void socket_enter_dead(Socket *s, SocketResult f) {
1634 assert(s);
1635
1636 if (f != SOCKET_SUCCESS)
1637 s->result = f;
1638
1639 exec_runtime_destroy(s->exec_runtime);
1640 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1641
1642 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1643
1644 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1645 }
1646
1647 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1648
1649 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1650 int r;
1651 assert(s);
1652
1653 if (f != SOCKET_SUCCESS)
1654 s->result = f;
1655
1656 socket_unwatch_control_pid(s);
1657 s->control_command_id = SOCKET_EXEC_STOP_POST;
1658 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1659
1660 if (s->control_command) {
1661 r = socket_spawn(s, s->control_command, &s->control_pid);
1662 if (r < 0)
1663 goto fail;
1664
1665 socket_set_state(s, SOCKET_STOP_POST);
1666 } else
1667 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1668
1669 return;
1670
1671 fail:
1672 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
1673 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1674 }
1675
1676 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1677 int r;
1678
1679 assert(s);
1680
1681 if (f != SOCKET_SUCCESS)
1682 s->result = f;
1683
1684 r = unit_kill_context(
1685 UNIT(s),
1686 &s->kill_context,
1687 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1688 KILL_KILL : KILL_TERMINATE,
1689 -1,
1690 s->control_pid,
1691 false);
1692 if (r < 0)
1693 goto fail;
1694
1695 if (r > 0) {
1696 r = socket_arm_timer(s);
1697 if (r < 0)
1698 goto fail;
1699
1700 socket_set_state(s, state);
1701 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1702 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1703 else if (state == SOCKET_STOP_PRE_SIGKILL)
1704 socket_enter_stop_post(s, SOCKET_SUCCESS);
1705 else if (state == SOCKET_FINAL_SIGTERM)
1706 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1707 else
1708 socket_enter_dead(s, SOCKET_SUCCESS);
1709
1710 return;
1711
1712 fail:
1713 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
1714
1715 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1716 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1717 else
1718 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1719 }
1720
1721 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1722 int r;
1723 assert(s);
1724
1725 if (f != SOCKET_SUCCESS)
1726 s->result = f;
1727
1728 socket_unwatch_control_pid(s);
1729 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1730 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1731
1732 if (s->control_command) {
1733 r = socket_spawn(s, s->control_command, &s->control_pid);
1734 if (r < 0)
1735 goto fail;
1736
1737 socket_set_state(s, SOCKET_STOP_PRE);
1738 } else
1739 socket_enter_stop_post(s, SOCKET_SUCCESS);
1740
1741 return;
1742
1743 fail:
1744 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
1745 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1746 }
1747
1748 static void socket_enter_listening(Socket *s) {
1749 int r;
1750 assert(s);
1751
1752 r = socket_watch_fds(s);
1753 if (r < 0) {
1754 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1755 goto fail;
1756 }
1757
1758 socket_set_state(s, SOCKET_LISTENING);
1759 return;
1760
1761 fail:
1762 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1763 }
1764
1765 static void socket_enter_start_post(Socket *s) {
1766 int r;
1767 assert(s);
1768
1769 socket_unwatch_control_pid(s);
1770 s->control_command_id = SOCKET_EXEC_START_POST;
1771 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1772
1773 if (s->control_command) {
1774 r = socket_spawn(s, s->control_command, &s->control_pid);
1775 if (r < 0) {
1776 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
1777 goto fail;
1778 }
1779
1780 socket_set_state(s, SOCKET_START_POST);
1781 } else
1782 socket_enter_listening(s);
1783
1784 return;
1785
1786 fail:
1787 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1788 }
1789
1790 static void socket_enter_start_chown(Socket *s) {
1791 int r;
1792
1793 assert(s);
1794
1795 r = socket_open_fds(s);
1796 if (r < 0) {
1797 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1798 goto fail;
1799 }
1800
1801 if (!isempty(s->user) || !isempty(s->group)) {
1802
1803 socket_unwatch_control_pid(s);
1804 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1805 s->control_command = NULL;
1806
1807 r = socket_chown(s, &s->control_pid);
1808 if (r < 0) {
1809 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
1810 goto fail;
1811 }
1812
1813 socket_set_state(s, SOCKET_START_CHOWN);
1814 } else
1815 socket_enter_start_post(s);
1816
1817 return;
1818
1819 fail:
1820 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1821 }
1822
1823 static void socket_enter_start_pre(Socket *s) {
1824 int r;
1825 assert(s);
1826
1827 socket_unwatch_control_pid(s);
1828 s->control_command_id = SOCKET_EXEC_START_PRE;
1829 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1830
1831 if (s->control_command) {
1832 r = socket_spawn(s, s->control_command, &s->control_pid);
1833 if (r < 0) {
1834 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
1835 goto fail;
1836 }
1837
1838 socket_set_state(s, SOCKET_START_PRE);
1839 } else
1840 socket_enter_start_chown(s);
1841
1842 return;
1843
1844 fail:
1845 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1846 }
1847
1848 static void socket_enter_running(Socket *s, int cfd) {
1849 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1850 int r;
1851
1852 assert(s);
1853
1854 /* We don't take connections anymore if we are supposed to
1855 * shut down anyway */
1856 if (unit_stop_pending(UNIT(s))) {
1857
1858 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
1859
1860 if (cfd >= 0)
1861 safe_close(cfd);
1862 else {
1863 /* Flush all sockets by closing and reopening them */
1864 socket_close_fds(s);
1865
1866 r = socket_open_fds(s);
1867 if (r < 0) {
1868 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1869 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1870 return;
1871 }
1872
1873 r = socket_watch_fds(s);
1874 if (r < 0) {
1875 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1876 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1877 }
1878 }
1879
1880 return;
1881 }
1882
1883 if (cfd < 0) {
1884 Iterator i;
1885 Unit *other;
1886 bool pending = false;
1887
1888 /* If there's already a start pending don't bother to
1889 * do anything */
1890 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1891 if (unit_active_or_pending(other)) {
1892 pending = true;
1893 break;
1894 }
1895
1896 if (!pending) {
1897 if (!UNIT_ISSET(s->service)) {
1898 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
1899 r = -ENOENT;
1900 goto fail;
1901 }
1902
1903 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1904 if (r < 0)
1905 goto fail;
1906 }
1907
1908 socket_set_state(s, SOCKET_RUNNING);
1909 } else {
1910 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1911 Service *service;
1912
1913 if (s->n_connections >= s->max_connections) {
1914 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
1915 safe_close(cfd);
1916 return;
1917 }
1918
1919 r = socket_instantiate_service(s);
1920 if (r < 0)
1921 goto fail;
1922
1923 r = instance_from_socket(cfd, s->n_accepted, &instance);
1924 if (r < 0) {
1925 if (r != -ENOTCONN)
1926 goto fail;
1927
1928 /* ENOTCONN is legitimate if TCP RST was received.
1929 * This connection is over, but the socket unit lives on. */
1930 safe_close(cfd);
1931 return;
1932 }
1933
1934 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1935 if (r < 0)
1936 goto fail;
1937
1938 r = unit_name_build(prefix, instance, ".service", &name);
1939 if (r < 0)
1940 goto fail;
1941
1942 r = unit_add_name(UNIT_DEREF(s->service), name);
1943 if (r < 0)
1944 goto fail;
1945
1946 service = SERVICE(UNIT_DEREF(s->service));
1947 unit_ref_unset(&s->service);
1948 s->n_accepted ++;
1949
1950 UNIT(service)->no_gc = false;
1951
1952 unit_choose_id(UNIT(service), name);
1953
1954 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1955 if (r < 0)
1956 goto fail;
1957
1958 cfd = -1;
1959 s->n_connections ++;
1960
1961 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1962 if (r < 0)
1963 goto fail;
1964
1965 /* Notify clients about changed counters */
1966 unit_add_to_dbus_queue(UNIT(s));
1967 }
1968
1969 return;
1970
1971 fail:
1972 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1973 cfd >= 0 ? "template" : "non-template",
1974 bus_error_message(&error, r));
1975
1976 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1977 safe_close(cfd);
1978 }
1979
1980 static void socket_run_next(Socket *s) {
1981 int r;
1982
1983 assert(s);
1984 assert(s->control_command);
1985 assert(s->control_command->command_next);
1986
1987 socket_unwatch_control_pid(s);
1988
1989 s->control_command = s->control_command->command_next;
1990
1991 r = socket_spawn(s, s->control_command, &s->control_pid);
1992 if (r < 0)
1993 goto fail;
1994
1995 return;
1996
1997 fail:
1998 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
1999
2000 if (s->state == SOCKET_START_POST)
2001 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2002 else if (s->state == SOCKET_STOP_POST)
2003 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
2004 else
2005 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
2006 }
2007
2008 static int socket_start(Unit *u) {
2009 Socket *s = SOCKET(u);
2010
2011 assert(s);
2012
2013 /* We cannot fulfill this request right now, try again later
2014 * please! */
2015 if (IN_SET(s->state,
2016 SOCKET_STOP_PRE,
2017 SOCKET_STOP_PRE_SIGKILL,
2018 SOCKET_STOP_PRE_SIGTERM,
2019 SOCKET_STOP_POST,
2020 SOCKET_FINAL_SIGTERM,
2021 SOCKET_FINAL_SIGKILL))
2022 return -EAGAIN;
2023
2024 /* Already on it! */
2025 if (IN_SET(s->state,
2026 SOCKET_START_PRE,
2027 SOCKET_START_CHOWN,
2028 SOCKET_START_POST))
2029 return 0;
2030
2031 /* Cannot run this without the service being around */
2032 if (UNIT_ISSET(s->service)) {
2033 Service *service;
2034
2035 service = SERVICE(UNIT_DEREF(s->service));
2036
2037 if (UNIT(service)->load_state != UNIT_LOADED) {
2038 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
2039 return -ENOENT;
2040 }
2041
2042 /* If the service is already active we cannot start the
2043 * socket */
2044 if (service->state != SERVICE_DEAD &&
2045 service->state != SERVICE_FAILED &&
2046 service->state != SERVICE_AUTO_RESTART) {
2047 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
2048 return -EBUSY;
2049 }
2050 }
2051
2052 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
2053
2054 s->result = SOCKET_SUCCESS;
2055 s->reset_cpu_usage = true;
2056
2057 socket_enter_start_pre(s);
2058
2059 return 1;
2060 }
2061
2062 static int socket_stop(Unit *u) {
2063 Socket *s = SOCKET(u);
2064
2065 assert(s);
2066
2067 /* Already on it */
2068 if (IN_SET(s->state,
2069 SOCKET_STOP_PRE,
2070 SOCKET_STOP_PRE_SIGTERM,
2071 SOCKET_STOP_PRE_SIGKILL,
2072 SOCKET_STOP_POST,
2073 SOCKET_FINAL_SIGTERM,
2074 SOCKET_FINAL_SIGKILL))
2075 return 0;
2076
2077 /* If there's already something running we go directly into
2078 * kill mode. */
2079 if (IN_SET(s->state,
2080 SOCKET_START_PRE,
2081 SOCKET_START_CHOWN,
2082 SOCKET_START_POST)) {
2083 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
2084 return -EAGAIN;
2085 }
2086
2087 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
2088
2089 socket_enter_stop_pre(s, SOCKET_SUCCESS);
2090 return 1;
2091 }
2092
2093 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2094 Socket *s = SOCKET(u);
2095 SocketPort *p;
2096 int r;
2097
2098 assert(u);
2099 assert(f);
2100 assert(fds);
2101
2102 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2103 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2104 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2105
2106 if (s->control_pid > 0)
2107 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2108
2109 if (s->control_command_id >= 0)
2110 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2111
2112 LIST_FOREACH(port, p, s->ports) {
2113 int copy;
2114
2115 if (p->fd < 0)
2116 continue;
2117
2118 copy = fdset_put_dup(fds, p->fd);
2119 if (copy < 0)
2120 return copy;
2121
2122 if (p->type == SOCKET_SOCKET) {
2123 _cleanup_free_ char *t = NULL;
2124
2125 r = socket_address_print(&p->address, &t);
2126 if (r < 0)
2127 return r;
2128
2129 if (socket_address_family(&p->address) == AF_NETLINK)
2130 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2131 else
2132 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2133
2134 } else if (p->type == SOCKET_SPECIAL)
2135 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2136 else if (p->type == SOCKET_MQUEUE)
2137 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2138 else if (p->type == SOCKET_USB_FUNCTION)
2139 unit_serialize_item_format(u, f, "ffs", "%i %s", copy, p->path);
2140 else {
2141 assert(p->type == SOCKET_FIFO);
2142 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2143 }
2144 }
2145
2146 return 0;
2147 }
2148
2149 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2150 Socket *s = SOCKET(u);
2151
2152 assert(u);
2153 assert(key);
2154 assert(value);
2155
2156 if (streq(key, "state")) {
2157 SocketState state;
2158
2159 state = socket_state_from_string(value);
2160 if (state < 0)
2161 log_unit_debug(u, "Failed to parse state value: %s", value);
2162 else
2163 s->deserialized_state = state;
2164 } else if (streq(key, "result")) {
2165 SocketResult f;
2166
2167 f = socket_result_from_string(value);
2168 if (f < 0)
2169 log_unit_debug(u, "Failed to parse result value: %s", value);
2170 else if (f != SOCKET_SUCCESS)
2171 s->result = f;
2172
2173 } else if (streq(key, "n-accepted")) {
2174 unsigned k;
2175
2176 if (safe_atou(value, &k) < 0)
2177 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
2178 else
2179 s->n_accepted += k;
2180 } else if (streq(key, "control-pid")) {
2181 pid_t pid;
2182
2183 if (parse_pid(value, &pid) < 0)
2184 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
2185 else
2186 s->control_pid = pid;
2187 } else if (streq(key, "control-command")) {
2188 SocketExecCommand id;
2189
2190 id = socket_exec_command_from_string(value);
2191 if (id < 0)
2192 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
2193 else {
2194 s->control_command_id = id;
2195 s->control_command = s->exec_command[id];
2196 }
2197 } else if (streq(key, "fifo")) {
2198 int fd, skip = 0;
2199 SocketPort *p;
2200
2201 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2202 log_unit_debug(u, "Failed to parse fifo value: %s", value);
2203 else {
2204
2205 LIST_FOREACH(port, p, s->ports)
2206 if (p->type == SOCKET_FIFO &&
2207 path_equal_or_files_same(p->path, value+skip))
2208 break;
2209
2210 if (p) {
2211 safe_close(p->fd);
2212 p->fd = fdset_remove(fds, fd);
2213 }
2214 }
2215
2216 } else if (streq(key, "special")) {
2217 int fd, skip = 0;
2218 SocketPort *p;
2219
2220 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2221 log_unit_debug(u, "Failed to parse special value: %s", value);
2222 else {
2223
2224 LIST_FOREACH(port, p, s->ports)
2225 if (p->type == SOCKET_SPECIAL &&
2226 path_equal_or_files_same(p->path, value+skip))
2227 break;
2228
2229 if (p) {
2230 safe_close(p->fd);
2231 p->fd = fdset_remove(fds, fd);
2232 }
2233 }
2234
2235 } else if (streq(key, "mqueue")) {
2236 int fd, skip = 0;
2237 SocketPort *p;
2238
2239 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2240 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
2241 else {
2242
2243 LIST_FOREACH(port, p, s->ports)
2244 if (p->type == SOCKET_MQUEUE &&
2245 streq(p->path, value+skip))
2246 break;
2247
2248 if (p) {
2249 safe_close(p->fd);
2250 p->fd = fdset_remove(fds, fd);
2251 }
2252 }
2253
2254 } else if (streq(key, "socket")) {
2255 int fd, type, skip = 0;
2256 SocketPort *p;
2257
2258 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2259 log_unit_debug(u, "Failed to parse socket value: %s", value);
2260 else {
2261
2262 LIST_FOREACH(port, p, s->ports)
2263 if (socket_address_is(&p->address, value+skip, type))
2264 break;
2265
2266 if (p) {
2267 safe_close(p->fd);
2268 p->fd = fdset_remove(fds, fd);
2269 }
2270 }
2271
2272 } else if (streq(key, "netlink")) {
2273 int fd, skip = 0;
2274 SocketPort *p;
2275
2276 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2277 log_unit_debug(u, "Failed to parse socket value: %s", value);
2278 else {
2279
2280 LIST_FOREACH(port, p, s->ports)
2281 if (socket_address_is_netlink(&p->address, value+skip))
2282 break;
2283
2284 if (p) {
2285 safe_close(p->fd);
2286 p->fd = fdset_remove(fds, fd);
2287 }
2288 }
2289
2290 } else if (streq(key, "ffs")) {
2291 int fd, skip = 0;
2292 SocketPort *p;
2293
2294 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2295 log_unit_debug(u, "Failed to parse ffs value: %s", value);
2296 else {
2297
2298 LIST_FOREACH(port, p, s->ports)
2299 if (p->type == SOCKET_USB_FUNCTION &&
2300 path_equal_or_files_same(p->path, value+skip))
2301 break;
2302
2303 if (p) {
2304 safe_close(p->fd);
2305 p->fd = fdset_remove(fds, fd);
2306 }
2307 }
2308
2309 } else
2310 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
2311
2312 return 0;
2313 }
2314
2315 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2316 Socket *s = SOCKET(u);
2317 SocketPort *p;
2318
2319 assert(u);
2320
2321 LIST_FOREACH(port, p, s->ports) {
2322 Iterator i;
2323 int fd;
2324
2325 if (p->type != SOCKET_SOCKET)
2326 continue;
2327
2328 if (p->fd >= 0)
2329 continue;
2330
2331 FDSET_FOREACH(fd, fds, i) {
2332 if (socket_address_matches_fd(&p->address, fd)) {
2333 p->fd = fdset_remove(fds, fd);
2334 s->deserialized_state = SOCKET_LISTENING;
2335 break;
2336 }
2337 }
2338 }
2339
2340 return 0;
2341 }
2342
2343 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2344 assert(u);
2345
2346 return state_translation_table[SOCKET(u)->state];
2347 }
2348
2349 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2350 assert(u);
2351
2352 return socket_state_to_string(SOCKET(u)->state);
2353 }
2354
2355 const char* socket_port_type_to_string(SocketPort *p) {
2356
2357 assert(p);
2358
2359 switch (p->type) {
2360
2361 case SOCKET_SOCKET:
2362
2363 switch (p->address.type) {
2364
2365 case SOCK_STREAM:
2366 return "Stream";
2367
2368 case SOCK_DGRAM:
2369 return "Datagram";
2370
2371 case SOCK_SEQPACKET:
2372 return "SequentialPacket";
2373
2374 case SOCK_RAW:
2375 if (socket_address_family(&p->address) == AF_NETLINK)
2376 return "Netlink";
2377
2378 default:
2379 return NULL;
2380 }
2381
2382 case SOCKET_SPECIAL:
2383 return "Special";
2384
2385 case SOCKET_MQUEUE:
2386 return "MessageQueue";
2387
2388 case SOCKET_FIFO:
2389 return "FIFO";
2390
2391 case SOCKET_USB_FUNCTION:
2392 return "USBFunction";
2393
2394 default:
2395 return NULL;
2396 }
2397 }
2398
2399 _pure_ static bool socket_check_gc(Unit *u) {
2400 Socket *s = SOCKET(u);
2401
2402 assert(u);
2403
2404 return s->n_connections > 0;
2405 }
2406
2407 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2408 SocketPort *p = userdata;
2409 int cfd = -1;
2410
2411 assert(p);
2412 assert(fd >= 0);
2413
2414 if (p->socket->state != SOCKET_LISTENING)
2415 return 0;
2416
2417 log_unit_debug(UNIT(p->socket), "Incoming traffic");
2418
2419 if (revents != EPOLLIN) {
2420
2421 if (revents & EPOLLHUP)
2422 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2423 else
2424 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
2425 goto fail;
2426 }
2427
2428 if (p->socket->accept &&
2429 p->type == SOCKET_SOCKET &&
2430 socket_address_can_accept(&p->address)) {
2431
2432 for (;;) {
2433
2434 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2435 if (cfd < 0) {
2436
2437 if (errno == EINTR)
2438 continue;
2439
2440 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
2441 goto fail;
2442 }
2443
2444 break;
2445 }
2446
2447 socket_apply_socket_options(p->socket, cfd);
2448 }
2449
2450 socket_enter_running(p->socket, cfd);
2451 return 0;
2452
2453 fail:
2454 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2455 return 0;
2456 }
2457
2458 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2459 Socket *s = SOCKET(u);
2460 SocketResult f;
2461
2462 assert(s);
2463 assert(pid >= 0);
2464
2465 if (pid != s->control_pid)
2466 return;
2467
2468 s->control_pid = 0;
2469
2470 if (is_clean_exit(code, status, NULL))
2471 f = SOCKET_SUCCESS;
2472 else if (code == CLD_EXITED)
2473 f = SOCKET_FAILURE_EXIT_CODE;
2474 else if (code == CLD_KILLED)
2475 f = SOCKET_FAILURE_SIGNAL;
2476 else if (code == CLD_DUMPED)
2477 f = SOCKET_FAILURE_CORE_DUMP;
2478 else
2479 assert_not_reached("Unknown sigchld code");
2480
2481 if (s->control_command) {
2482 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2483
2484 if (s->control_command->ignore)
2485 f = SOCKET_SUCCESS;
2486 }
2487
2488 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2489 "Control process exited, code=%s status=%i",
2490 sigchld_code_to_string(code), status);
2491
2492 if (f != SOCKET_SUCCESS)
2493 s->result = f;
2494
2495 if (s->control_command &&
2496 s->control_command->command_next &&
2497 f == SOCKET_SUCCESS) {
2498
2499 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
2500 socket_run_next(s);
2501 } else {
2502 s->control_command = NULL;
2503 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2504
2505 /* No further commands for this step, so let's figure
2506 * out what to do next */
2507
2508 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
2509
2510 switch (s->state) {
2511
2512 case SOCKET_START_PRE:
2513 if (f == SOCKET_SUCCESS)
2514 socket_enter_start_chown(s);
2515 else
2516 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2517 break;
2518
2519 case SOCKET_START_CHOWN:
2520 if (f == SOCKET_SUCCESS)
2521 socket_enter_start_post(s);
2522 else
2523 socket_enter_stop_pre(s, f);
2524 break;
2525
2526 case SOCKET_START_POST:
2527 if (f == SOCKET_SUCCESS)
2528 socket_enter_listening(s);
2529 else
2530 socket_enter_stop_pre(s, f);
2531 break;
2532
2533 case SOCKET_STOP_PRE:
2534 case SOCKET_STOP_PRE_SIGTERM:
2535 case SOCKET_STOP_PRE_SIGKILL:
2536 socket_enter_stop_post(s, f);
2537 break;
2538
2539 case SOCKET_STOP_POST:
2540 case SOCKET_FINAL_SIGTERM:
2541 case SOCKET_FINAL_SIGKILL:
2542 socket_enter_dead(s, f);
2543 break;
2544
2545 default:
2546 assert_not_reached("Uh, control process died at wrong time.");
2547 }
2548 }
2549
2550 /* Notify clients about changed exit status */
2551 unit_add_to_dbus_queue(u);
2552 }
2553
2554 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2555 Socket *s = SOCKET(userdata);
2556
2557 assert(s);
2558 assert(s->timer_event_source == source);
2559
2560 switch (s->state) {
2561
2562 case SOCKET_START_PRE:
2563 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
2564 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2565 break;
2566
2567 case SOCKET_START_CHOWN:
2568 case SOCKET_START_POST:
2569 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
2570 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2571 break;
2572
2573 case SOCKET_STOP_PRE:
2574 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
2575 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2576 break;
2577
2578 case SOCKET_STOP_PRE_SIGTERM:
2579 if (s->kill_context.send_sigkill) {
2580 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
2581 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2582 } else {
2583 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2584 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2585 }
2586 break;
2587
2588 case SOCKET_STOP_PRE_SIGKILL:
2589 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
2590 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2591 break;
2592
2593 case SOCKET_STOP_POST:
2594 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
2595 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2596 break;
2597
2598 case SOCKET_FINAL_SIGTERM:
2599 if (s->kill_context.send_sigkill) {
2600 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
2601 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2602 } else {
2603 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2604 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2605 }
2606 break;
2607
2608 case SOCKET_FINAL_SIGKILL:
2609 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
2610 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2611 break;
2612
2613 default:
2614 assert_not_reached("Timeout at wrong time.");
2615 }
2616
2617 return 0;
2618 }
2619
2620 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2621 int *rfds;
2622 unsigned rn_fds, k;
2623 int i;
2624 SocketPort *p;
2625
2626 assert(s);
2627 assert(fds);
2628 assert(n_fds);
2629
2630 /* Called from the service code for requesting our fds */
2631
2632 rn_fds = 0;
2633 LIST_FOREACH(port, p, s->ports) {
2634 if (p->fd >= 0)
2635 rn_fds++;
2636 rn_fds += p->n_auxiliary_fds;
2637 }
2638
2639 if (rn_fds <= 0) {
2640 *fds = NULL;
2641 *n_fds = 0;
2642 return 0;
2643 }
2644
2645 rfds = new(int, rn_fds);
2646 if (!rfds)
2647 return -ENOMEM;
2648
2649 k = 0;
2650 LIST_FOREACH(port, p, s->ports) {
2651 if (p->fd >= 0)
2652 rfds[k++] = p->fd;
2653 for (i = 0; i < p->n_auxiliary_fds; ++i)
2654 rfds[k++] = p->auxiliary_fds[i];
2655 }
2656
2657 assert(k == rn_fds);
2658
2659 *fds = rfds;
2660 *n_fds = rn_fds;
2661
2662 return 0;
2663 }
2664
2665 static void socket_reset_failed(Unit *u) {
2666 Socket *s = SOCKET(u);
2667
2668 assert(s);
2669
2670 if (s->state == SOCKET_FAILED)
2671 socket_set_state(s, SOCKET_DEAD);
2672
2673 s->result = SOCKET_SUCCESS;
2674 }
2675
2676 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2677 assert(s);
2678
2679 /* The service is dead. Dang!
2680 *
2681 * This is strictly for one-instance-for-all-connections
2682 * services. */
2683
2684 if (s->state == SOCKET_RUNNING) {
2685 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
2686 if (failed_permanent)
2687 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2688 else
2689 socket_enter_listening(s);
2690 }
2691 }
2692
2693 void socket_connection_unref(Socket *s) {
2694 assert(s);
2695
2696 /* The service is dead. Yay!
2697 *
2698 * This is strictly for one-instance-per-connection
2699 * services. */
2700
2701 assert(s->n_connections > 0);
2702 s->n_connections--;
2703
2704 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
2705 }
2706
2707 static void socket_trigger_notify(Unit *u, Unit *other) {
2708 Socket *s = SOCKET(u);
2709 Service *se;
2710
2711 assert(u);
2712 assert(other);
2713
2714 /* Don't propagate state changes from the service if we are
2715 already down or accepting connections */
2716 if ((s->state != SOCKET_RUNNING &&
2717 s->state != SOCKET_LISTENING) ||
2718 s->accept)
2719 return;
2720
2721 if (other->load_state != UNIT_LOADED ||
2722 other->type != UNIT_SERVICE)
2723 return;
2724
2725 se = SERVICE(other);
2726
2727 if (se->state == SERVICE_FAILED)
2728 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2729
2730 if (se->state == SERVICE_DEAD ||
2731 se->state == SERVICE_FINAL_SIGTERM ||
2732 se->state == SERVICE_FINAL_SIGKILL ||
2733 se->state == SERVICE_AUTO_RESTART)
2734 socket_notify_service_dead(s, false);
2735
2736 if (se->state == SERVICE_RUNNING)
2737 socket_set_state(s, SOCKET_RUNNING);
2738 }
2739
2740 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2741 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2742 }
2743
2744 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2745 Socket *s = SOCKET(u);
2746 int r;
2747
2748 if (!s->timer_event_source)
2749 return 0;
2750
2751 r = sd_event_source_get_time(s->timer_event_source, timeout);
2752 if (r < 0)
2753 return r;
2754
2755 return 1;
2756 }
2757
2758 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2759 [SOCKET_DEAD] = "dead",
2760 [SOCKET_START_PRE] = "start-pre",
2761 [SOCKET_START_CHOWN] = "start-chown",
2762 [SOCKET_START_POST] = "start-post",
2763 [SOCKET_LISTENING] = "listening",
2764 [SOCKET_RUNNING] = "running",
2765 [SOCKET_STOP_PRE] = "stop-pre",
2766 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2767 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2768 [SOCKET_STOP_POST] = "stop-post",
2769 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2770 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2771 [SOCKET_FAILED] = "failed"
2772 };
2773
2774 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2775
2776 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2777 [SOCKET_EXEC_START_PRE] = "StartPre",
2778 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2779 [SOCKET_EXEC_START_POST] = "StartPost",
2780 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2781 [SOCKET_EXEC_STOP_POST] = "StopPost"
2782 };
2783
2784 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2785
2786 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2787 [SOCKET_SUCCESS] = "success",
2788 [SOCKET_FAILURE_RESOURCES] = "resources",
2789 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2790 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2791 [SOCKET_FAILURE_SIGNAL] = "signal",
2792 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2793 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2794 };
2795
2796 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2797
2798 const UnitVTable socket_vtable = {
2799 .object_size = sizeof(Socket),
2800 .exec_context_offset = offsetof(Socket, exec_context),
2801 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2802 .kill_context_offset = offsetof(Socket, kill_context),
2803 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2804
2805 .sections =
2806 "Unit\0"
2807 "Socket\0"
2808 "Install\0",
2809 .private_section = "Socket",
2810
2811 .init = socket_init,
2812 .done = socket_done,
2813 .load = socket_load,
2814
2815 .coldplug = socket_coldplug,
2816
2817 .dump = socket_dump,
2818
2819 .start = socket_start,
2820 .stop = socket_stop,
2821
2822 .kill = socket_kill,
2823
2824 .get_timeout = socket_get_timeout,
2825
2826 .serialize = socket_serialize,
2827 .deserialize_item = socket_deserialize_item,
2828 .distribute_fds = socket_distribute_fds,
2829
2830 .active_state = socket_active_state,
2831 .sub_state_to_string = socket_sub_state_to_string,
2832
2833 .check_gc = socket_check_gc,
2834
2835 .sigchld_event = socket_sigchld_event,
2836
2837 .trigger_notify = socket_trigger_notify,
2838
2839 .reset_failed = socket_reset_failed,
2840
2841 .bus_vtable = bus_socket_vtable,
2842 .bus_set_property = bus_socket_set_property,
2843 .bus_commit_properties = bus_socket_commit_properties,
2844
2845 .status_message_formats = {
2846 /*.starting_stopping = {
2847 [0] = "Starting socket %s...",
2848 [1] = "Stopping socket %s...",
2849 },*/
2850 .finished_start_job = {
2851 [JOB_DONE] = "Listening on %s.",
2852 [JOB_FAILED] = "Failed to listen on %s.",
2853 [JOB_TIMEOUT] = "Timed out starting %s.",
2854 },
2855 .finished_stop_job = {
2856 [JOB_DONE] = "Closed %s.",
2857 [JOB_FAILED] = "Failed stopping %s.",
2858 [JOB_TIMEOUT] = "Timed out stopping %s.",
2859 },
2860 },
2861 };
Unnamed repository; edit this file 'description' to name the repository.