]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
core: add support for naming file descriptors passed using socket activation
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <arpa/inet.h>
23 #include <errno.h>
24 #include <fcntl.h>
25 #include <mqueue.h>
26 #include <netinet/tcp.h>
27 #include <signal.h>
28 #include <sys/epoll.h>
29 #include <sys/stat.h>
30 #include <unistd.h>
31
32 #include "sd-event.h"
33
34 #include "bus-error.h"
35 #include "bus-util.h"
36 #include "copy.h"
37 #include "dbus-socket.h"
38 #include "def.h"
39 #include "exit-status.h"
40 #include "formats-util.h"
41 #include "label.h"
42 #include "log.h"
43 #include "missing.h"
44 #include "mkdir.h"
45 #include "path-util.h"
46 #include "selinux-util.h"
47 #include "signal-util.h"
48 #include "smack-util.h"
49 #include "socket.h"
50 #include "special.h"
51 #include "strv.h"
52 #include "unit-name.h"
53 #include "unit-printf.h"
54 #include "unit.h"
55
56 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
57 [SOCKET_DEAD] = UNIT_INACTIVE,
58 [SOCKET_START_PRE] = UNIT_ACTIVATING,
59 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
60 [SOCKET_START_POST] = UNIT_ACTIVATING,
61 [SOCKET_LISTENING] = UNIT_ACTIVE,
62 [SOCKET_RUNNING] = UNIT_ACTIVE,
63 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
66 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
67 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
68 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
69 [SOCKET_FAILED] = UNIT_FAILED
70 };
71
72 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
73 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
74
75 static void socket_init(Unit *u) {
76 Socket *s = SOCKET(u);
77
78 assert(u);
79 assert(u->load_state == UNIT_STUB);
80
81 s->backlog = SOMAXCONN;
82 s->timeout_usec = u->manager->default_timeout_start_usec;
83 s->directory_mode = 0755;
84 s->socket_mode = 0666;
85
86 s->max_connections = 64;
87
88 s->priority = -1;
89 s->ip_tos = -1;
90 s->ip_ttl = -1;
91 s->mark = -1;
92
93 s->exec_context.std_output = u->manager->default_std_output;
94 s->exec_context.std_error = u->manager->default_std_error;
95
96 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
97 }
98
99 static void socket_unwatch_control_pid(Socket *s) {
100 assert(s);
101
102 if (s->control_pid <= 0)
103 return;
104
105 unit_unwatch_pid(UNIT(s), s->control_pid);
106 s->control_pid = 0;
107 }
108
109 static void socket_cleanup_fd_list(SocketPort *p) {
110 int k = p->n_auxiliary_fds;
111
112 while (k--)
113 safe_close(p->auxiliary_fds[k]);
114
115 p->auxiliary_fds = mfree(p->auxiliary_fds);
116 p->n_auxiliary_fds = 0;
117 }
118
119 void socket_free_ports(Socket *s) {
120 SocketPort *p;
121
122 assert(s);
123
124 while ((p = s->ports)) {
125 LIST_REMOVE(port, s->ports, p);
126
127 sd_event_source_unref(p->event_source);
128
129 socket_cleanup_fd_list(p);
130 safe_close(p->fd);
131 free(p->path);
132 free(p);
133 }
134 }
135
136 static void socket_done(Unit *u) {
137 Socket *s = SOCKET(u);
138
139 assert(s);
140
141 socket_free_ports(s);
142
143 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
144 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
145 s->control_command = NULL;
146
147 socket_unwatch_control_pid(s);
148
149 unit_ref_unset(&s->service);
150
151 s->tcp_congestion = mfree(s->tcp_congestion);
152 s->bind_to_device = mfree(s->bind_to_device);
153
154 free(s->smack);
155 free(s->smack_ip_in);
156 free(s->smack_ip_out);
157
158 strv_free(s->symlinks);
159
160 free(s->user);
161 free(s->group);
162
163 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
164 }
165
166 static int socket_arm_timer(Socket *s) {
167 int r;
168
169 assert(s);
170
171 if (s->timeout_usec <= 0) {
172 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
173 return 0;
174 }
175
176 if (s->timer_event_source) {
177 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
178 if (r < 0)
179 return r;
180
181 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
182 }
183
184 r = sd_event_add_time(
185 UNIT(s)->manager->event,
186 &s->timer_event_source,
187 CLOCK_MONOTONIC,
188 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
189 socket_dispatch_timer, s);
190 if (r < 0)
191 return r;
192
193 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
194
195 return 0;
196 }
197
198 int socket_instantiate_service(Socket *s) {
199 _cleanup_free_ char *prefix = NULL, *name = NULL;
200 int r;
201 Unit *u;
202
203 assert(s);
204
205 /* This fills in s->service if it isn't filled in yet. For
206 * Accept=yes sockets we create the next connection service
207 * here. For Accept=no this is mostly a NOP since the service
208 * is figured out at load time anyway. */
209
210 if (UNIT_DEREF(s->service))
211 return 0;
212
213 if (!s->accept)
214 return 0;
215
216 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
217 if (r < 0)
218 return r;
219
220 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
221 return -ENOMEM;
222
223 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
224 if (r < 0)
225 return r;
226
227 u->no_gc = true;
228 unit_ref_set(&s->service, u);
229
230 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
231 }
232
233 static bool have_non_accept_socket(Socket *s) {
234 SocketPort *p;
235
236 assert(s);
237
238 if (!s->accept)
239 return true;
240
241 LIST_FOREACH(port, p, s->ports) {
242
243 if (p->type != SOCKET_SOCKET)
244 return true;
245
246 if (!socket_address_can_accept(&p->address))
247 return true;
248 }
249
250 return false;
251 }
252
253 static int socket_add_mount_links(Socket *s) {
254 SocketPort *p;
255 int r;
256
257 assert(s);
258
259 LIST_FOREACH(port, p, s->ports) {
260 const char *path = NULL;
261
262 if (p->type == SOCKET_SOCKET)
263 path = socket_address_get_path(&p->address);
264 else if (IN_SET(p->type, SOCKET_FIFO, SOCKET_SPECIAL, SOCKET_USB_FUNCTION))
265 path = p->path;
266
267 if (!path)
268 continue;
269
270 r = unit_require_mounts_for(UNIT(s), path);
271 if (r < 0)
272 return r;
273 }
274
275 return 0;
276 }
277
278 static int socket_add_device_link(Socket *s) {
279 char *t;
280
281 assert(s);
282
283 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
284 return 0;
285
286 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
287 return unit_add_node_link(UNIT(s), t, false);
288 }
289
290 static int socket_add_default_dependencies(Socket *s) {
291 int r;
292 assert(s);
293
294 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
295 if (r < 0)
296 return r;
297
298 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
299 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
300 if (r < 0)
301 return r;
302 }
303
304 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
305 }
306
307 _pure_ static bool socket_has_exec(Socket *s) {
308 unsigned i;
309 assert(s);
310
311 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
312 if (s->exec_command[i])
313 return true;
314
315 return false;
316 }
317
318 static int socket_add_extras(Socket *s) {
319 Unit *u = UNIT(s);
320 int r;
321
322 assert(s);
323
324 if (have_non_accept_socket(s)) {
325
326 if (!UNIT_DEREF(s->service)) {
327 Unit *x;
328
329 r = unit_load_related_unit(u, ".service", &x);
330 if (r < 0)
331 return r;
332
333 unit_ref_set(&s->service, x);
334 }
335
336 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
337 if (r < 0)
338 return r;
339 }
340
341 r = socket_add_mount_links(s);
342 if (r < 0)
343 return r;
344
345 r = socket_add_device_link(s);
346 if (r < 0)
347 return r;
348
349 r = unit_patch_contexts(u);
350 if (r < 0)
351 return r;
352
353 if (socket_has_exec(s)) {
354 r = unit_add_exec_dependencies(u, &s->exec_context);
355 if (r < 0)
356 return r;
357
358 r = unit_set_default_slice(u);
359 if (r < 0)
360 return r;
361 }
362
363 if (u->default_dependencies) {
364 r = socket_add_default_dependencies(s);
365 if (r < 0)
366 return r;
367 }
368
369 return 0;
370 }
371
372 static const char *socket_find_symlink_target(Socket *s) {
373 const char *found = NULL;
374 SocketPort *p;
375
376 LIST_FOREACH(port, p, s->ports) {
377 const char *f = NULL;
378
379 switch (p->type) {
380
381 case SOCKET_FIFO:
382 f = p->path;
383 break;
384
385 case SOCKET_SOCKET:
386 if (p->address.sockaddr.un.sun_path[0] != 0)
387 f = p->address.sockaddr.un.sun_path;
388 break;
389
390 default:
391 break;
392 }
393
394 if (f) {
395 if (found)
396 return NULL;
397
398 found = f;
399 }
400 }
401
402 return found;
403 }
404
405 static int socket_verify(Socket *s) {
406 assert(s);
407
408 if (UNIT(s)->load_state != UNIT_LOADED)
409 return 0;
410
411 if (!s->ports) {
412 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
413 return -EINVAL;
414 }
415
416 if (s->accept && have_non_accept_socket(s)) {
417 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
418 return -EINVAL;
419 }
420
421 if (s->accept && s->max_connections <= 0) {
422 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
423 return -EINVAL;
424 }
425
426 if (s->accept && UNIT_DEREF(s->service)) {
427 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
428 return -EINVAL;
429 }
430
431 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
432 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
433 return -EINVAL;
434 }
435
436 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
437 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
438 return -EINVAL;
439 }
440
441 return 0;
442 }
443
444 static int socket_load(Unit *u) {
445 Socket *s = SOCKET(u);
446 int r;
447
448 assert(u);
449 assert(u->load_state == UNIT_STUB);
450
451 r = unit_load_fragment_and_dropin(u);
452 if (r < 0)
453 return r;
454
455 if (u->load_state == UNIT_LOADED) {
456 /* This is a new unit? Then let's add in some extras */
457 r = socket_add_extras(s);
458 if (r < 0)
459 return r;
460 }
461
462 return socket_verify(s);
463 }
464
465 _const_ static const char* listen_lookup(int family, int type) {
466
467 if (family == AF_NETLINK)
468 return "ListenNetlink";
469
470 if (type == SOCK_STREAM)
471 return "ListenStream";
472 else if (type == SOCK_DGRAM)
473 return "ListenDatagram";
474 else if (type == SOCK_SEQPACKET)
475 return "ListenSequentialPacket";
476
477 assert_not_reached("Unknown socket type");
478 return NULL;
479 }
480
481 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
482 char time_string[FORMAT_TIMESPAN_MAX];
483 SocketExecCommand c;
484 Socket *s = SOCKET(u);
485 SocketPort *p;
486 const char *prefix2;
487
488 assert(s);
489 assert(f);
490
491 prefix = strempty(prefix);
492 prefix2 = strjoina(prefix, "\t");
493
494 fprintf(f,
495 "%sSocket State: %s\n"
496 "%sResult: %s\n"
497 "%sBindIPv6Only: %s\n"
498 "%sBacklog: %u\n"
499 "%sSocketMode: %04o\n"
500 "%sDirectoryMode: %04o\n"
501 "%sKeepAlive: %s\n"
502 "%sNoDelay: %s\n"
503 "%sFreeBind: %s\n"
504 "%sTransparent: %s\n"
505 "%sBroadcast: %s\n"
506 "%sPassCredentials: %s\n"
507 "%sPassSecurity: %s\n"
508 "%sTCPCongestion: %s\n"
509 "%sRemoveOnStop: %s\n"
510 "%sWritable: %s\n"
511 "%sFDName: %s\n"
512 "%sSELinuxContextFromNet: %s\n",
513 prefix, socket_state_to_string(s->state),
514 prefix, socket_result_to_string(s->result),
515 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
516 prefix, s->backlog,
517 prefix, s->socket_mode,
518 prefix, s->directory_mode,
519 prefix, yes_no(s->keep_alive),
520 prefix, yes_no(s->no_delay),
521 prefix, yes_no(s->free_bind),
522 prefix, yes_no(s->transparent),
523 prefix, yes_no(s->broadcast),
524 prefix, yes_no(s->pass_cred),
525 prefix, yes_no(s->pass_sec),
526 prefix, strna(s->tcp_congestion),
527 prefix, yes_no(s->remove_on_stop),
528 prefix, yes_no(s->writable),
529 prefix, socket_fdname(s),
530 prefix, yes_no(s->selinux_context_from_net));
531
532 if (s->control_pid > 0)
533 fprintf(f,
534 "%sControl PID: "PID_FMT"\n",
535 prefix, s->control_pid);
536
537 if (s->bind_to_device)
538 fprintf(f,
539 "%sBindToDevice: %s\n",
540 prefix, s->bind_to_device);
541
542 if (s->accept)
543 fprintf(f,
544 "%sAccepted: %u\n"
545 "%sNConnections: %u\n"
546 "%sMaxConnections: %u\n",
547 prefix, s->n_accepted,
548 prefix, s->n_connections,
549 prefix, s->max_connections);
550
551 if (s->priority >= 0)
552 fprintf(f,
553 "%sPriority: %i\n",
554 prefix, s->priority);
555
556 if (s->receive_buffer > 0)
557 fprintf(f,
558 "%sReceiveBuffer: %zu\n",
559 prefix, s->receive_buffer);
560
561 if (s->send_buffer > 0)
562 fprintf(f,
563 "%sSendBuffer: %zu\n",
564 prefix, s->send_buffer);
565
566 if (s->ip_tos >= 0)
567 fprintf(f,
568 "%sIPTOS: %i\n",
569 prefix, s->ip_tos);
570
571 if (s->ip_ttl >= 0)
572 fprintf(f,
573 "%sIPTTL: %i\n",
574 prefix, s->ip_ttl);
575
576 if (s->pipe_size > 0)
577 fprintf(f,
578 "%sPipeSize: %zu\n",
579 prefix, s->pipe_size);
580
581 if (s->mark >= 0)
582 fprintf(f,
583 "%sMark: %i\n",
584 prefix, s->mark);
585
586 if (s->mq_maxmsg > 0)
587 fprintf(f,
588 "%sMessageQueueMaxMessages: %li\n",
589 prefix, s->mq_maxmsg);
590
591 if (s->mq_msgsize > 0)
592 fprintf(f,
593 "%sMessageQueueMessageSize: %li\n",
594 prefix, s->mq_msgsize);
595
596 if (s->reuse_port)
597 fprintf(f,
598 "%sReusePort: %s\n",
599 prefix, yes_no(s->reuse_port));
600
601 if (s->smack)
602 fprintf(f,
603 "%sSmackLabel: %s\n",
604 prefix, s->smack);
605
606 if (s->smack_ip_in)
607 fprintf(f,
608 "%sSmackLabelIPIn: %s\n",
609 prefix, s->smack_ip_in);
610
611 if (s->smack_ip_out)
612 fprintf(f,
613 "%sSmackLabelIPOut: %s\n",
614 prefix, s->smack_ip_out);
615
616 if (!isempty(s->user) || !isempty(s->group))
617 fprintf(f,
618 "%sOwnerUser: %s\n"
619 "%sOwnerGroup: %s\n",
620 prefix, strna(s->user),
621 prefix, strna(s->group));
622
623 if (s->keep_alive_time > 0)
624 fprintf(f,
625 "%sKeepAliveTimeSec: %s\n",
626 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
627
628 if (s->keep_alive_interval)
629 fprintf(f,
630 "%sKeepAliveIntervalSec: %s\n",
631 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
632
633 if (s->keep_alive_cnt)
634 fprintf(f,
635 "%sKeepAliveProbes: %u\n",
636 prefix, s->keep_alive_cnt);
637
638 if (s->defer_accept)
639 fprintf(f,
640 "%sDeferAcceptSec: %s\n",
641 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
642
643 LIST_FOREACH(port, p, s->ports) {
644
645 if (p->type == SOCKET_SOCKET) {
646 const char *t;
647 int r;
648 char *k = NULL;
649
650 r = socket_address_print(&p->address, &k);
651 if (r < 0)
652 t = strerror(-r);
653 else
654 t = k;
655
656 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
657 free(k);
658 } else if (p->type == SOCKET_SPECIAL)
659 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
660 else if (p->type == SOCKET_USB_FUNCTION)
661 fprintf(f, "%sListenUSBFunction: %s\n", prefix, p->path);
662 else if (p->type == SOCKET_MQUEUE)
663 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
664 else
665 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
666 }
667
668 exec_context_dump(&s->exec_context, f, prefix);
669 kill_context_dump(&s->kill_context, f, prefix);
670
671 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
672 if (!s->exec_command[c])
673 continue;
674
675 fprintf(f, "%s-> %s:\n",
676 prefix, socket_exec_command_to_string(c));
677
678 exec_command_dump_list(s->exec_command[c], f, prefix2);
679 }
680 }
681
682 static int instance_from_socket(int fd, unsigned nr, char **instance) {
683 socklen_t l;
684 char *r;
685 union sockaddr_union local, remote;
686
687 assert(fd >= 0);
688 assert(instance);
689
690 l = sizeof(local);
691 if (getsockname(fd, &local.sa, &l) < 0)
692 return -errno;
693
694 l = sizeof(remote);
695 if (getpeername(fd, &remote.sa, &l) < 0)
696 return -errno;
697
698 switch (local.sa.sa_family) {
699
700 case AF_INET: {
701 uint32_t
702 a = ntohl(local.in.sin_addr.s_addr),
703 b = ntohl(remote.in.sin_addr.s_addr);
704
705 if (asprintf(&r,
706 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
707 nr,
708 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
709 ntohs(local.in.sin_port),
710 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
711 ntohs(remote.in.sin_port)) < 0)
712 return -ENOMEM;
713
714 break;
715 }
716
717 case AF_INET6: {
718 static const unsigned char ipv4_prefix[] = {
719 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
720 };
721
722 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
723 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
724 const uint8_t
725 *a = local.in6.sin6_addr.s6_addr+12,
726 *b = remote.in6.sin6_addr.s6_addr+12;
727
728 if (asprintf(&r,
729 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
730 nr,
731 a[0], a[1], a[2], a[3],
732 ntohs(local.in6.sin6_port),
733 b[0], b[1], b[2], b[3],
734 ntohs(remote.in6.sin6_port)) < 0)
735 return -ENOMEM;
736 } else {
737 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
738
739 if (asprintf(&r,
740 "%u-%s:%u-%s:%u",
741 nr,
742 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
743 ntohs(local.in6.sin6_port),
744 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
745 ntohs(remote.in6.sin6_port)) < 0)
746 return -ENOMEM;
747 }
748
749 break;
750 }
751
752 case AF_UNIX: {
753 struct ucred ucred;
754 int k;
755
756 k = getpeercred(fd, &ucred);
757 if (k >= 0) {
758 if (asprintf(&r,
759 "%u-"PID_FMT"-"UID_FMT,
760 nr, ucred.pid, ucred.uid) < 0)
761 return -ENOMEM;
762 } else if (k == -ENODATA) {
763 /* This handles the case where somebody is
764 * connecting from another pid/uid namespace
765 * (e.g. from outside of our container). */
766 if (asprintf(&r,
767 "%u-unknown",
768 nr) < 0)
769 return -ENOMEM;
770 } else
771 return k;
772
773 break;
774 }
775
776 default:
777 assert_not_reached("Unhandled socket type.");
778 }
779
780 *instance = r;
781 return 0;
782 }
783
784 static void socket_close_fds(Socket *s) {
785 SocketPort *p;
786 char **i;
787
788 assert(s);
789
790 LIST_FOREACH(port, p, s->ports) {
791
792 p->event_source = sd_event_source_unref(p->event_source);
793
794 if (p->fd < 0)
795 continue;
796
797 p->fd = safe_close(p->fd);
798 socket_cleanup_fd_list(p);
799
800 /* One little note: we should normally not delete any
801 * sockets in the file system here! After all some
802 * other process we spawned might still have a
803 * reference of this fd and wants to continue to use
804 * it. Therefore we delete sockets in the file system
805 * before we create a new one, not after we stopped
806 * using one! */
807
808 if (s->remove_on_stop) {
809 switch (p->type) {
810
811 case SOCKET_FIFO:
812 unlink(p->path);
813 break;
814
815 case SOCKET_MQUEUE:
816 mq_unlink(p->path);
817 break;
818
819 case SOCKET_SOCKET:
820 socket_address_unlink(&p->address);
821 break;
822
823 default:
824 break;
825 }
826 }
827 }
828
829 if (s->remove_on_stop)
830 STRV_FOREACH(i, s->symlinks)
831 unlink(*i);
832 }
833
834 static void socket_apply_socket_options(Socket *s, int fd) {
835 int r;
836
837 assert(s);
838 assert(fd >= 0);
839
840 if (s->keep_alive) {
841 int b = s->keep_alive;
842 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
843 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
844 }
845
846 if (s->keep_alive_time) {
847 int value = s->keep_alive_time / USEC_PER_SEC;
848 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
849 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
850 }
851
852 if (s->keep_alive_interval) {
853 int value = s->keep_alive_interval / USEC_PER_SEC;
854 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
855 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
856 }
857
858 if (s->keep_alive_cnt) {
859 int value = s->keep_alive_cnt;
860 if (setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &value, sizeof(value)) < 0)
861 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
862 }
863
864 if (s->defer_accept) {
865 int value = s->defer_accept / USEC_PER_SEC;
866 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
867 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
868 }
869
870 if (s->no_delay) {
871 int b = s->no_delay;
872 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
873 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
874 }
875
876 if (s->broadcast) {
877 int one = 1;
878 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
879 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
880 }
881
882 if (s->pass_cred) {
883 int one = 1;
884 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
885 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
886 }
887
888 if (s->pass_sec) {
889 int one = 1;
890 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
891 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
892 }
893
894 if (s->priority >= 0)
895 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
896 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
897
898 if (s->receive_buffer > 0) {
899 int value = (int) s->receive_buffer;
900
901 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
902
903 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
904 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
905 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
906 }
907
908 if (s->send_buffer > 0) {
909 int value = (int) s->send_buffer;
910 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
911 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
912 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
913 }
914
915 if (s->mark >= 0)
916 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
917 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
918
919 if (s->ip_tos >= 0)
920 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
921 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
922
923 if (s->ip_ttl >= 0) {
924 int x;
925
926 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
927
928 if (socket_ipv6_is_supported())
929 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
930 else {
931 x = -1;
932 errno = EAFNOSUPPORT;
933 }
934
935 if (r < 0 && x < 0)
936 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
937 }
938
939 if (s->tcp_congestion)
940 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
941 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
942
943 if (s->smack_ip_in) {
944 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
945 if (r < 0)
946 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
947 }
948
949 if (s->smack_ip_out) {
950 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
951 if (r < 0)
952 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
953 }
954 }
955
956 static void socket_apply_fifo_options(Socket *s, int fd) {
957 int r;
958
959 assert(s);
960 assert(fd >= 0);
961
962 if (s->pipe_size > 0)
963 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
964 log_unit_warning_errno(UNIT(s), errno, "Setting pipe size failed, ignoring: %m");
965
966 if (s->smack) {
967 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
968 if (r < 0)
969 log_unit_error_errno(UNIT(s), r, "SMACK relabelling failed, ignoring: %m");
970 }
971 }
972
973 static int fifo_address_create(
974 const char *path,
975 mode_t directory_mode,
976 mode_t socket_mode) {
977
978 _cleanup_close_ int fd = -1;
979 mode_t old_mask;
980 struct stat st;
981 int r;
982
983 assert(path);
984
985 mkdir_parents_label(path, directory_mode);
986
987 r = mac_selinux_create_file_prepare(path, S_IFIFO);
988 if (r < 0)
989 return r;
990
991 /* Enforce the right access mode for the fifo */
992 old_mask = umask(~ socket_mode);
993
994 /* Include the original umask in our mask */
995 (void) umask(~socket_mode | old_mask);
996
997 r = mkfifo(path, socket_mode);
998 (void) umask(old_mask);
999
1000 if (r < 0 && errno != EEXIST) {
1001 r = -errno;
1002 goto fail;
1003 }
1004
1005 fd = open(path, O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
1006 if (fd < 0) {
1007 r = -errno;
1008 goto fail;
1009 }
1010
1011 mac_selinux_create_file_clear();
1012
1013 if (fstat(fd, &st) < 0) {
1014 r = -errno;
1015 goto fail;
1016 }
1017
1018 if (!S_ISFIFO(st.st_mode) ||
1019 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1020 st.st_uid != getuid() ||
1021 st.st_gid != getgid()) {
1022 r = -EEXIST;
1023 goto fail;
1024 }
1025
1026 r = fd;
1027 fd = -1;
1028
1029 return r;
1030
1031 fail:
1032 mac_selinux_create_file_clear();
1033 return r;
1034 }
1035
1036 static int special_address_create(const char *path, bool writable) {
1037 _cleanup_close_ int fd = -1;
1038 struct stat st;
1039 int r;
1040
1041 assert(path);
1042
1043 fd = open(path, (writable ? O_RDWR : O_RDONLY)|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1044 if (fd < 0)
1045 return -errno;
1046
1047 if (fstat(fd, &st) < 0)
1048 return -errno;
1049
1050 /* Check whether this is a /proc, /sys or /dev file or char device */
1051 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode))
1052 return -EEXIST;
1053
1054 r = fd;
1055 fd = -1;
1056
1057 return r;
1058 }
1059
1060 static int usbffs_address_create(const char *path) {
1061 _cleanup_close_ int fd = -1;
1062 struct stat st;
1063 int r;
1064
1065 assert(path);
1066
1067 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1068 if (fd < 0)
1069 return -errno;
1070
1071 if (fstat(fd, &st) < 0)
1072 return -errno;
1073
1074 /* Check whether this is a regular file (ffs endpoint)*/
1075 if (!S_ISREG(st.st_mode))
1076 return -EEXIST;
1077
1078 r = fd;
1079 fd = -1;
1080
1081 return r;
1082 }
1083
1084 static int mq_address_create(
1085 const char *path,
1086 mode_t mq_mode,
1087 long maxmsg,
1088 long msgsize) {
1089
1090 _cleanup_close_ int fd = -1;
1091 struct stat st;
1092 mode_t old_mask;
1093 struct mq_attr _attr, *attr = NULL;
1094 int r;
1095
1096 assert(path);
1097
1098 if (maxmsg > 0 && msgsize > 0) {
1099 _attr = (struct mq_attr) {
1100 .mq_flags = O_NONBLOCK,
1101 .mq_maxmsg = maxmsg,
1102 .mq_msgsize = msgsize,
1103 };
1104 attr = &_attr;
1105 }
1106
1107 /* Enforce the right access mode for the mq */
1108 old_mask = umask(~ mq_mode);
1109
1110 /* Include the original umask in our mask */
1111 (void) umask(~mq_mode | old_mask);
1112 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1113 (void) umask(old_mask);
1114
1115 if (fd < 0)
1116 return -errno;
1117
1118 if (fstat(fd, &st) < 0)
1119 return -errno;
1120
1121 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1122 st.st_uid != getuid() ||
1123 st.st_gid != getgid())
1124 return -EEXIST;
1125
1126 r = fd;
1127 fd = -1;
1128
1129 return r;
1130 }
1131
1132 static int socket_symlink(Socket *s) {
1133 const char *p;
1134 char **i;
1135
1136 assert(s);
1137
1138 p = socket_find_symlink_target(s);
1139 if (!p)
1140 return 0;
1141
1142 STRV_FOREACH(i, s->symlinks)
1143 symlink_label(p, *i);
1144
1145 return 0;
1146 }
1147
1148 static int usbffs_write_descs(int fd, Service *s) {
1149 int r;
1150
1151 if (!s->usb_function_descriptors || !s->usb_function_strings)
1152 return -EINVAL;
1153
1154 r = copy_file_fd(s->usb_function_descriptors, fd, false);
1155 if (r < 0)
1156 return r;
1157
1158 return copy_file_fd(s->usb_function_strings, fd, false);
1159 }
1160
1161 static int usbffs_select_ep(const struct dirent *d) {
1162 return d->d_name[0] != '.' && !streq(d->d_name, "ep0");
1163 }
1164
1165 static int usbffs_dispatch_eps(SocketPort *p) {
1166 _cleanup_free_ struct dirent **ent = NULL;
1167 _cleanup_free_ char *path = NULL;
1168 int r, i, n, k;
1169
1170 r = path_get_parent(p->path, &path);
1171 if (r < 0)
1172 return r;
1173
1174 r = scandir(path, &ent, usbffs_select_ep, alphasort);
1175 if (r < 0)
1176 return -errno;
1177
1178 n = r;
1179 p->auxiliary_fds = new(int, n);
1180 if (!p->auxiliary_fds)
1181 return -ENOMEM;
1182
1183 p->n_auxiliary_fds = n;
1184
1185 k = 0;
1186 for (i = 0; i < n; ++i) {
1187 _cleanup_free_ char *ep = NULL;
1188
1189 ep = path_make_absolute(ent[i]->d_name, path);
1190 if (!ep)
1191 return -ENOMEM;
1192
1193 path_kill_slashes(ep);
1194
1195 r = usbffs_address_create(ep);
1196 if (r < 0)
1197 goto fail;
1198
1199 p->auxiliary_fds[k] = r;
1200
1201 ++k;
1202 free(ent[i]);
1203 }
1204
1205 return r;
1206
1207 fail:
1208 close_many(p->auxiliary_fds, k);
1209 p->auxiliary_fds = mfree(p->auxiliary_fds);
1210 p->n_auxiliary_fds = 0;
1211
1212 return r;
1213 }
1214
1215 static int socket_open_fds(Socket *s) {
1216 _cleanup_(mac_selinux_freep) char *label = NULL;
1217 bool know_label = false;
1218 SocketPort *p;
1219 int r;
1220
1221 assert(s);
1222
1223 LIST_FOREACH(port, p, s->ports) {
1224
1225 if (p->fd >= 0)
1226 continue;
1227
1228 switch (p->type) {
1229
1230 case SOCKET_SOCKET:
1231
1232 if (!know_label) {
1233 /* Figure out label, if we don't it know
1234 * yet. We do it once, for the first
1235 * socket where we need this and
1236 * remember it for the rest. */
1237
1238 if (s->selinux_context_from_net) {
1239 /* Get it from the network label */
1240
1241 r = mac_selinux_get_our_label(&label);
1242 if (r < 0 && r != -EOPNOTSUPP)
1243 goto rollback;
1244
1245 } else {
1246 /* Get it from the executable we are about to start */
1247
1248 r = socket_instantiate_service(s);
1249 if (r < 0)
1250 goto rollback;
1251
1252 if (UNIT_ISSET(s->service) &&
1253 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1254 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1255 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1256 goto rollback;
1257 }
1258 }
1259
1260 know_label = true;
1261 }
1262
1263 r = socket_address_listen(
1264 &p->address,
1265 SOCK_CLOEXEC|SOCK_NONBLOCK,
1266 s->backlog,
1267 s->bind_ipv6_only,
1268 s->bind_to_device,
1269 s->reuse_port,
1270 s->free_bind,
1271 s->transparent,
1272 s->directory_mode,
1273 s->socket_mode,
1274 label);
1275 if (r < 0)
1276 goto rollback;
1277
1278 p->fd = r;
1279 socket_apply_socket_options(s, p->fd);
1280 socket_symlink(s);
1281 break;
1282
1283 case SOCKET_SPECIAL:
1284
1285 p->fd = special_address_create(p->path, s->writable);
1286 if (p->fd < 0) {
1287 r = p->fd;
1288 goto rollback;
1289 }
1290 break;
1291
1292 case SOCKET_FIFO:
1293
1294 p->fd = fifo_address_create(
1295 p->path,
1296 s->directory_mode,
1297 s->socket_mode);
1298 if (p->fd < 0) {
1299 r = p->fd;
1300 goto rollback;
1301 }
1302
1303 socket_apply_fifo_options(s, p->fd);
1304 socket_symlink(s);
1305 break;
1306
1307 case SOCKET_MQUEUE:
1308
1309 p->fd = mq_address_create(
1310 p->path,
1311 s->socket_mode,
1312 s->mq_maxmsg,
1313 s->mq_msgsize);
1314 if (p->fd < 0) {
1315 r = p->fd;
1316 goto rollback;
1317 }
1318 break;
1319
1320 case SOCKET_USB_FUNCTION:
1321
1322 p->fd = usbffs_address_create(p->path);
1323 if (p->fd < 0) {
1324 r = p->fd;
1325 goto rollback;
1326 }
1327
1328 r = usbffs_write_descs(p->fd, SERVICE(UNIT_DEREF(s->service)));
1329 if (r < 0)
1330 goto rollback;
1331
1332 r = usbffs_dispatch_eps(p);
1333 if (r < 0)
1334 goto rollback;
1335
1336 break;
1337
1338 default:
1339 assert_not_reached("Unknown port type");
1340 }
1341 }
1342
1343 return 0;
1344
1345 rollback:
1346 socket_close_fds(s);
1347 return r;
1348 }
1349
1350 static void socket_unwatch_fds(Socket *s) {
1351 SocketPort *p;
1352 int r;
1353
1354 assert(s);
1355
1356 LIST_FOREACH(port, p, s->ports) {
1357 if (p->fd < 0)
1358 continue;
1359
1360 if (!p->event_source)
1361 continue;
1362
1363 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1364 if (r < 0)
1365 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
1366 }
1367 }
1368
1369 static int socket_watch_fds(Socket *s) {
1370 SocketPort *p;
1371 int r;
1372
1373 assert(s);
1374
1375 LIST_FOREACH(port, p, s->ports) {
1376 if (p->fd < 0)
1377 continue;
1378
1379 if (p->event_source) {
1380 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1381 if (r < 0)
1382 goto fail;
1383 } else {
1384 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1385 if (r < 0)
1386 goto fail;
1387
1388 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1389 }
1390 }
1391
1392 return 0;
1393
1394 fail:
1395 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
1396 socket_unwatch_fds(s);
1397 return r;
1398 }
1399
1400 static void socket_set_state(Socket *s, SocketState state) {
1401 SocketState old_state;
1402 assert(s);
1403
1404 old_state = s->state;
1405 s->state = state;
1406
1407 if (!IN_SET(state,
1408 SOCKET_START_PRE,
1409 SOCKET_START_CHOWN,
1410 SOCKET_START_POST,
1411 SOCKET_STOP_PRE,
1412 SOCKET_STOP_PRE_SIGTERM,
1413 SOCKET_STOP_PRE_SIGKILL,
1414 SOCKET_STOP_POST,
1415 SOCKET_FINAL_SIGTERM,
1416 SOCKET_FINAL_SIGKILL)) {
1417
1418 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1419 socket_unwatch_control_pid(s);
1420 s->control_command = NULL;
1421 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1422 }
1423
1424 if (state != SOCKET_LISTENING)
1425 socket_unwatch_fds(s);
1426
1427 if (!IN_SET(state,
1428 SOCKET_START_CHOWN,
1429 SOCKET_START_POST,
1430 SOCKET_LISTENING,
1431 SOCKET_RUNNING,
1432 SOCKET_STOP_PRE,
1433 SOCKET_STOP_PRE_SIGTERM,
1434 SOCKET_STOP_PRE_SIGKILL))
1435 socket_close_fds(s);
1436
1437 if (state != old_state)
1438 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
1439
1440 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1441 }
1442
1443 static int socket_coldplug(Unit *u) {
1444 Socket *s = SOCKET(u);
1445 int r;
1446
1447 assert(s);
1448 assert(s->state == SOCKET_DEAD);
1449
1450 if (s->deserialized_state == s->state)
1451 return 0;
1452
1453 if (IN_SET(s->deserialized_state,
1454 SOCKET_START_PRE,
1455 SOCKET_START_CHOWN,
1456 SOCKET_START_POST,
1457 SOCKET_STOP_PRE,
1458 SOCKET_STOP_PRE_SIGTERM,
1459 SOCKET_STOP_PRE_SIGKILL,
1460 SOCKET_STOP_POST,
1461 SOCKET_FINAL_SIGTERM,
1462 SOCKET_FINAL_SIGKILL)) {
1463
1464 if (s->control_pid <= 0)
1465 return -EBADMSG;
1466
1467 r = unit_watch_pid(UNIT(s), s->control_pid);
1468 if (r < 0)
1469 return r;
1470
1471 r = socket_arm_timer(s);
1472 if (r < 0)
1473 return r;
1474 }
1475
1476 if (IN_SET(s->deserialized_state,
1477 SOCKET_START_CHOWN,
1478 SOCKET_START_POST,
1479 SOCKET_LISTENING,
1480 SOCKET_RUNNING,
1481 SOCKET_STOP_PRE,
1482 SOCKET_STOP_PRE_SIGTERM,
1483 SOCKET_STOP_PRE_SIGKILL)) {
1484 r = socket_open_fds(s);
1485 if (r < 0)
1486 return r;
1487 }
1488
1489 if (s->deserialized_state == SOCKET_LISTENING) {
1490 r = socket_watch_fds(s);
1491 if (r < 0)
1492 return r;
1493 }
1494
1495 socket_set_state(s, s->deserialized_state);
1496 return 0;
1497 }
1498
1499 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1500 _cleanup_free_ char **argv = NULL;
1501 pid_t pid;
1502 int r;
1503 ExecParameters exec_params = {
1504 .apply_permissions = true,
1505 .apply_chroot = true,
1506 .apply_tty_stdin = true,
1507 .bus_endpoint_fd = -1,
1508 };
1509
1510 assert(s);
1511 assert(c);
1512 assert(_pid);
1513
1514 (void) unit_realize_cgroup(UNIT(s));
1515 if (s->reset_cpu_usage) {
1516 (void) unit_reset_cpu_usage(UNIT(s));
1517 s->reset_cpu_usage = false;
1518 }
1519
1520 r = unit_setup_exec_runtime(UNIT(s));
1521 if (r < 0)
1522 goto fail;
1523
1524 r = socket_arm_timer(s);
1525 if (r < 0)
1526 goto fail;
1527
1528 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1529 if (r < 0)
1530 goto fail;
1531
1532 exec_params.argv = argv;
1533 exec_params.environment = UNIT(s)->manager->environment;
1534 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1535 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1536 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1537 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1538 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1539
1540 r = exec_spawn(UNIT(s),
1541 c,
1542 &s->exec_context,
1543 &exec_params,
1544 s->exec_runtime,
1545 &pid);
1546 if (r < 0)
1547 goto fail;
1548
1549 r = unit_watch_pid(UNIT(s), pid);
1550 if (r < 0)
1551 /* FIXME: we need to do something here */
1552 goto fail;
1553
1554 *_pid = pid;
1555 return 0;
1556
1557 fail:
1558 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1559 return r;
1560 }
1561
1562 static int socket_chown(Socket *s, pid_t *_pid) {
1563 pid_t pid;
1564 int r;
1565
1566 r = socket_arm_timer(s);
1567 if (r < 0)
1568 goto fail;
1569
1570 /* We have to resolve the user names out-of-process, hence
1571 * let's fork here. It's messy, but well, what can we do? */
1572
1573 pid = fork();
1574 if (pid < 0)
1575 return -errno;
1576
1577 if (pid == 0) {
1578 SocketPort *p;
1579 uid_t uid = UID_INVALID;
1580 gid_t gid = GID_INVALID;
1581 int ret;
1582
1583 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1584 (void) ignore_signals(SIGPIPE, -1);
1585 log_forget_fds();
1586
1587 if (!isempty(s->user)) {
1588 const char *user = s->user;
1589
1590 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1591 if (r < 0) {
1592 ret = EXIT_USER;
1593 goto fail_child;
1594 }
1595 }
1596
1597 if (!isempty(s->group)) {
1598 const char *group = s->group;
1599
1600 r = get_group_creds(&group, &gid);
1601 if (r < 0) {
1602 ret = EXIT_GROUP;
1603 goto fail_child;
1604 }
1605 }
1606
1607 LIST_FOREACH(port, p, s->ports) {
1608 const char *path = NULL;
1609
1610 if (p->type == SOCKET_SOCKET)
1611 path = socket_address_get_path(&p->address);
1612 else if (p->type == SOCKET_FIFO)
1613 path = p->path;
1614
1615 if (!path)
1616 continue;
1617
1618 if (chown(path, uid, gid) < 0) {
1619 r = -errno;
1620 ret = EXIT_CHOWN;
1621 goto fail_child;
1622 }
1623 }
1624
1625 _exit(0);
1626
1627 fail_child:
1628 log_open();
1629 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1630
1631 _exit(ret);
1632 }
1633
1634 r = unit_watch_pid(UNIT(s), pid);
1635 if (r < 0)
1636 goto fail;
1637
1638 *_pid = pid;
1639 return 0;
1640
1641 fail:
1642 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1643 return r;
1644 }
1645
1646 static void socket_enter_dead(Socket *s, SocketResult f) {
1647 assert(s);
1648
1649 if (f != SOCKET_SUCCESS)
1650 s->result = f;
1651
1652 exec_runtime_destroy(s->exec_runtime);
1653 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1654
1655 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1656
1657 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1658 }
1659
1660 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1661
1662 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1663 int r;
1664 assert(s);
1665
1666 if (f != SOCKET_SUCCESS)
1667 s->result = f;
1668
1669 socket_unwatch_control_pid(s);
1670 s->control_command_id = SOCKET_EXEC_STOP_POST;
1671 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1672
1673 if (s->control_command) {
1674 r = socket_spawn(s, s->control_command, &s->control_pid);
1675 if (r < 0)
1676 goto fail;
1677
1678 socket_set_state(s, SOCKET_STOP_POST);
1679 } else
1680 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1681
1682 return;
1683
1684 fail:
1685 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
1686 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1687 }
1688
1689 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1690 int r;
1691
1692 assert(s);
1693
1694 if (f != SOCKET_SUCCESS)
1695 s->result = f;
1696
1697 r = unit_kill_context(
1698 UNIT(s),
1699 &s->kill_context,
1700 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1701 KILL_KILL : KILL_TERMINATE,
1702 -1,
1703 s->control_pid,
1704 false);
1705 if (r < 0)
1706 goto fail;
1707
1708 if (r > 0) {
1709 r = socket_arm_timer(s);
1710 if (r < 0)
1711 goto fail;
1712
1713 socket_set_state(s, state);
1714 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1715 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1716 else if (state == SOCKET_STOP_PRE_SIGKILL)
1717 socket_enter_stop_post(s, SOCKET_SUCCESS);
1718 else if (state == SOCKET_FINAL_SIGTERM)
1719 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1720 else
1721 socket_enter_dead(s, SOCKET_SUCCESS);
1722
1723 return;
1724
1725 fail:
1726 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
1727
1728 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1729 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1730 else
1731 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1732 }
1733
1734 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1735 int r;
1736 assert(s);
1737
1738 if (f != SOCKET_SUCCESS)
1739 s->result = f;
1740
1741 socket_unwatch_control_pid(s);
1742 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1743 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1744
1745 if (s->control_command) {
1746 r = socket_spawn(s, s->control_command, &s->control_pid);
1747 if (r < 0)
1748 goto fail;
1749
1750 socket_set_state(s, SOCKET_STOP_PRE);
1751 } else
1752 socket_enter_stop_post(s, SOCKET_SUCCESS);
1753
1754 return;
1755
1756 fail:
1757 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
1758 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1759 }
1760
1761 static void socket_enter_listening(Socket *s) {
1762 int r;
1763 assert(s);
1764
1765 r = socket_watch_fds(s);
1766 if (r < 0) {
1767 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1768 goto fail;
1769 }
1770
1771 socket_set_state(s, SOCKET_LISTENING);
1772 return;
1773
1774 fail:
1775 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1776 }
1777
1778 static void socket_enter_start_post(Socket *s) {
1779 int r;
1780 assert(s);
1781
1782 socket_unwatch_control_pid(s);
1783 s->control_command_id = SOCKET_EXEC_START_POST;
1784 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1785
1786 if (s->control_command) {
1787 r = socket_spawn(s, s->control_command, &s->control_pid);
1788 if (r < 0) {
1789 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
1790 goto fail;
1791 }
1792
1793 socket_set_state(s, SOCKET_START_POST);
1794 } else
1795 socket_enter_listening(s);
1796
1797 return;
1798
1799 fail:
1800 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1801 }
1802
1803 static void socket_enter_start_chown(Socket *s) {
1804 int r;
1805
1806 assert(s);
1807
1808 r = socket_open_fds(s);
1809 if (r < 0) {
1810 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1811 goto fail;
1812 }
1813
1814 if (!isempty(s->user) || !isempty(s->group)) {
1815
1816 socket_unwatch_control_pid(s);
1817 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1818 s->control_command = NULL;
1819
1820 r = socket_chown(s, &s->control_pid);
1821 if (r < 0) {
1822 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
1823 goto fail;
1824 }
1825
1826 socket_set_state(s, SOCKET_START_CHOWN);
1827 } else
1828 socket_enter_start_post(s);
1829
1830 return;
1831
1832 fail:
1833 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1834 }
1835
1836 static void socket_enter_start_pre(Socket *s) {
1837 int r;
1838 assert(s);
1839
1840 socket_unwatch_control_pid(s);
1841 s->control_command_id = SOCKET_EXEC_START_PRE;
1842 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1843
1844 if (s->control_command) {
1845 r = socket_spawn(s, s->control_command, &s->control_pid);
1846 if (r < 0) {
1847 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
1848 goto fail;
1849 }
1850
1851 socket_set_state(s, SOCKET_START_PRE);
1852 } else
1853 socket_enter_start_chown(s);
1854
1855 return;
1856
1857 fail:
1858 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1859 }
1860
1861 static void socket_enter_running(Socket *s, int cfd) {
1862 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1863 int r;
1864
1865 assert(s);
1866
1867 /* We don't take connections anymore if we are supposed to
1868 * shut down anyway */
1869 if (unit_stop_pending(UNIT(s))) {
1870
1871 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
1872
1873 if (cfd >= 0)
1874 safe_close(cfd);
1875 else {
1876 /* Flush all sockets by closing and reopening them */
1877 socket_close_fds(s);
1878
1879 r = socket_open_fds(s);
1880 if (r < 0) {
1881 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1882 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1883 return;
1884 }
1885
1886 r = socket_watch_fds(s);
1887 if (r < 0) {
1888 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1889 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1890 }
1891 }
1892
1893 return;
1894 }
1895
1896 if (cfd < 0) {
1897 Iterator i;
1898 Unit *other;
1899 bool pending = false;
1900
1901 /* If there's already a start pending don't bother to
1902 * do anything */
1903 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1904 if (unit_active_or_pending(other)) {
1905 pending = true;
1906 break;
1907 }
1908
1909 if (!pending) {
1910 if (!UNIT_ISSET(s->service)) {
1911 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
1912 r = -ENOENT;
1913 goto fail;
1914 }
1915
1916 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1917 if (r < 0)
1918 goto fail;
1919 }
1920
1921 socket_set_state(s, SOCKET_RUNNING);
1922 } else {
1923 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1924 Service *service;
1925
1926 if (s->n_connections >= s->max_connections) {
1927 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
1928 safe_close(cfd);
1929 return;
1930 }
1931
1932 r = socket_instantiate_service(s);
1933 if (r < 0)
1934 goto fail;
1935
1936 r = instance_from_socket(cfd, s->n_accepted, &instance);
1937 if (r < 0) {
1938 if (r != -ENOTCONN)
1939 goto fail;
1940
1941 /* ENOTCONN is legitimate if TCP RST was received.
1942 * This connection is over, but the socket unit lives on. */
1943 safe_close(cfd);
1944 return;
1945 }
1946
1947 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1948 if (r < 0)
1949 goto fail;
1950
1951 r = unit_name_build(prefix, instance, ".service", &name);
1952 if (r < 0)
1953 goto fail;
1954
1955 r = unit_add_name(UNIT_DEREF(s->service), name);
1956 if (r < 0)
1957 goto fail;
1958
1959 service = SERVICE(UNIT_DEREF(s->service));
1960 unit_ref_unset(&s->service);
1961 s->n_accepted ++;
1962
1963 UNIT(service)->no_gc = false;
1964
1965 unit_choose_id(UNIT(service), name);
1966
1967 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1968 if (r < 0)
1969 goto fail;
1970
1971 cfd = -1;
1972 s->n_connections ++;
1973
1974 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1975 if (r < 0)
1976 goto fail;
1977
1978 /* Notify clients about changed counters */
1979 unit_add_to_dbus_queue(UNIT(s));
1980 }
1981
1982 return;
1983
1984 fail:
1985 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1986 cfd >= 0 ? "template" : "non-template",
1987 bus_error_message(&error, r));
1988
1989 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1990 safe_close(cfd);
1991 }
1992
1993 static void socket_run_next(Socket *s) {
1994 int r;
1995
1996 assert(s);
1997 assert(s->control_command);
1998 assert(s->control_command->command_next);
1999
2000 socket_unwatch_control_pid(s);
2001
2002 s->control_command = s->control_command->command_next;
2003
2004 r = socket_spawn(s, s->control_command, &s->control_pid);
2005 if (r < 0)
2006 goto fail;
2007
2008 return;
2009
2010 fail:
2011 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
2012
2013 if (s->state == SOCKET_START_POST)
2014 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2015 else if (s->state == SOCKET_STOP_POST)
2016 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
2017 else
2018 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
2019 }
2020
2021 static int socket_start(Unit *u) {
2022 Socket *s = SOCKET(u);
2023
2024 assert(s);
2025
2026 /* We cannot fulfill this request right now, try again later
2027 * please! */
2028 if (IN_SET(s->state,
2029 SOCKET_STOP_PRE,
2030 SOCKET_STOP_PRE_SIGKILL,
2031 SOCKET_STOP_PRE_SIGTERM,
2032 SOCKET_STOP_POST,
2033 SOCKET_FINAL_SIGTERM,
2034 SOCKET_FINAL_SIGKILL))
2035 return -EAGAIN;
2036
2037 /* Already on it! */
2038 if (IN_SET(s->state,
2039 SOCKET_START_PRE,
2040 SOCKET_START_CHOWN,
2041 SOCKET_START_POST))
2042 return 0;
2043
2044 /* Cannot run this without the service being around */
2045 if (UNIT_ISSET(s->service)) {
2046 Service *service;
2047
2048 service = SERVICE(UNIT_DEREF(s->service));
2049
2050 if (UNIT(service)->load_state != UNIT_LOADED) {
2051 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
2052 return -ENOENT;
2053 }
2054
2055 /* If the service is already active we cannot start the
2056 * socket */
2057 if (service->state != SERVICE_DEAD &&
2058 service->state != SERVICE_FAILED &&
2059 service->state != SERVICE_AUTO_RESTART) {
2060 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
2061 return -EBUSY;
2062 }
2063 }
2064
2065 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
2066
2067 s->result = SOCKET_SUCCESS;
2068 s->reset_cpu_usage = true;
2069
2070 socket_enter_start_pre(s);
2071
2072 return 1;
2073 }
2074
2075 static int socket_stop(Unit *u) {
2076 Socket *s = SOCKET(u);
2077
2078 assert(s);
2079
2080 /* Already on it */
2081 if (IN_SET(s->state,
2082 SOCKET_STOP_PRE,
2083 SOCKET_STOP_PRE_SIGTERM,
2084 SOCKET_STOP_PRE_SIGKILL,
2085 SOCKET_STOP_POST,
2086 SOCKET_FINAL_SIGTERM,
2087 SOCKET_FINAL_SIGKILL))
2088 return 0;
2089
2090 /* If there's already something running we go directly into
2091 * kill mode. */
2092 if (IN_SET(s->state,
2093 SOCKET_START_PRE,
2094 SOCKET_START_CHOWN,
2095 SOCKET_START_POST)) {
2096 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
2097 return -EAGAIN;
2098 }
2099
2100 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
2101
2102 socket_enter_stop_pre(s, SOCKET_SUCCESS);
2103 return 1;
2104 }
2105
2106 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2107 Socket *s = SOCKET(u);
2108 SocketPort *p;
2109 int r;
2110
2111 assert(u);
2112 assert(f);
2113 assert(fds);
2114
2115 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2116 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2117 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2118
2119 if (s->control_pid > 0)
2120 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2121
2122 if (s->control_command_id >= 0)
2123 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2124
2125 LIST_FOREACH(port, p, s->ports) {
2126 int copy;
2127
2128 if (p->fd < 0)
2129 continue;
2130
2131 copy = fdset_put_dup(fds, p->fd);
2132 if (copy < 0)
2133 return copy;
2134
2135 if (p->type == SOCKET_SOCKET) {
2136 _cleanup_free_ char *t = NULL;
2137
2138 r = socket_address_print(&p->address, &t);
2139 if (r < 0)
2140 return r;
2141
2142 if (socket_address_family(&p->address) == AF_NETLINK)
2143 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2144 else
2145 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2146
2147 } else if (p->type == SOCKET_SPECIAL)
2148 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2149 else if (p->type == SOCKET_MQUEUE)
2150 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2151 else if (p->type == SOCKET_USB_FUNCTION)
2152 unit_serialize_item_format(u, f, "ffs", "%i %s", copy, p->path);
2153 else {
2154 assert(p->type == SOCKET_FIFO);
2155 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2156 }
2157 }
2158
2159 return 0;
2160 }
2161
2162 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2163 Socket *s = SOCKET(u);
2164
2165 assert(u);
2166 assert(key);
2167 assert(value);
2168
2169 if (streq(key, "state")) {
2170 SocketState state;
2171
2172 state = socket_state_from_string(value);
2173 if (state < 0)
2174 log_unit_debug(u, "Failed to parse state value: %s", value);
2175 else
2176 s->deserialized_state = state;
2177 } else if (streq(key, "result")) {
2178 SocketResult f;
2179
2180 f = socket_result_from_string(value);
2181 if (f < 0)
2182 log_unit_debug(u, "Failed to parse result value: %s", value);
2183 else if (f != SOCKET_SUCCESS)
2184 s->result = f;
2185
2186 } else if (streq(key, "n-accepted")) {
2187 unsigned k;
2188
2189 if (safe_atou(value, &k) < 0)
2190 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
2191 else
2192 s->n_accepted += k;
2193 } else if (streq(key, "control-pid")) {
2194 pid_t pid;
2195
2196 if (parse_pid(value, &pid) < 0)
2197 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
2198 else
2199 s->control_pid = pid;
2200 } else if (streq(key, "control-command")) {
2201 SocketExecCommand id;
2202
2203 id = socket_exec_command_from_string(value);
2204 if (id < 0)
2205 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
2206 else {
2207 s->control_command_id = id;
2208 s->control_command = s->exec_command[id];
2209 }
2210 } else if (streq(key, "fifo")) {
2211 int fd, skip = 0;
2212 SocketPort *p;
2213
2214 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2215 log_unit_debug(u, "Failed to parse fifo value: %s", value);
2216 else {
2217
2218 LIST_FOREACH(port, p, s->ports)
2219 if (p->type == SOCKET_FIFO &&
2220 path_equal_or_files_same(p->path, value+skip))
2221 break;
2222
2223 if (p) {
2224 safe_close(p->fd);
2225 p->fd = fdset_remove(fds, fd);
2226 }
2227 }
2228
2229 } else if (streq(key, "special")) {
2230 int fd, skip = 0;
2231 SocketPort *p;
2232
2233 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2234 log_unit_debug(u, "Failed to parse special value: %s", value);
2235 else {
2236
2237 LIST_FOREACH(port, p, s->ports)
2238 if (p->type == SOCKET_SPECIAL &&
2239 path_equal_or_files_same(p->path, value+skip))
2240 break;
2241
2242 if (p) {
2243 safe_close(p->fd);
2244 p->fd = fdset_remove(fds, fd);
2245 }
2246 }
2247
2248 } else if (streq(key, "mqueue")) {
2249 int fd, skip = 0;
2250 SocketPort *p;
2251
2252 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2253 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
2254 else {
2255
2256 LIST_FOREACH(port, p, s->ports)
2257 if (p->type == SOCKET_MQUEUE &&
2258 streq(p->path, value+skip))
2259 break;
2260
2261 if (p) {
2262 safe_close(p->fd);
2263 p->fd = fdset_remove(fds, fd);
2264 }
2265 }
2266
2267 } else if (streq(key, "socket")) {
2268 int fd, type, skip = 0;
2269 SocketPort *p;
2270
2271 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2272 log_unit_debug(u, "Failed to parse socket value: %s", value);
2273 else {
2274
2275 LIST_FOREACH(port, p, s->ports)
2276 if (socket_address_is(&p->address, value+skip, type))
2277 break;
2278
2279 if (p) {
2280 safe_close(p->fd);
2281 p->fd = fdset_remove(fds, fd);
2282 }
2283 }
2284
2285 } else if (streq(key, "netlink")) {
2286 int fd, skip = 0;
2287 SocketPort *p;
2288
2289 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2290 log_unit_debug(u, "Failed to parse socket value: %s", value);
2291 else {
2292
2293 LIST_FOREACH(port, p, s->ports)
2294 if (socket_address_is_netlink(&p->address, value+skip))
2295 break;
2296
2297 if (p) {
2298 safe_close(p->fd);
2299 p->fd = fdset_remove(fds, fd);
2300 }
2301 }
2302
2303 } else if (streq(key, "ffs")) {
2304 int fd, skip = 0;
2305 SocketPort *p;
2306
2307 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2308 log_unit_debug(u, "Failed to parse ffs value: %s", value);
2309 else {
2310
2311 LIST_FOREACH(port, p, s->ports)
2312 if (p->type == SOCKET_USB_FUNCTION &&
2313 path_equal_or_files_same(p->path, value+skip))
2314 break;
2315
2316 if (p) {
2317 safe_close(p->fd);
2318 p->fd = fdset_remove(fds, fd);
2319 }
2320 }
2321
2322 } else
2323 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
2324
2325 return 0;
2326 }
2327
2328 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2329 Socket *s = SOCKET(u);
2330 SocketPort *p;
2331
2332 assert(u);
2333
2334 LIST_FOREACH(port, p, s->ports) {
2335 Iterator i;
2336 int fd;
2337
2338 if (p->type != SOCKET_SOCKET)
2339 continue;
2340
2341 if (p->fd >= 0)
2342 continue;
2343
2344 FDSET_FOREACH(fd, fds, i) {
2345 if (socket_address_matches_fd(&p->address, fd)) {
2346 p->fd = fdset_remove(fds, fd);
2347 s->deserialized_state = SOCKET_LISTENING;
2348 break;
2349 }
2350 }
2351 }
2352
2353 return 0;
2354 }
2355
2356 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2357 assert(u);
2358
2359 return state_translation_table[SOCKET(u)->state];
2360 }
2361
2362 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2363 assert(u);
2364
2365 return socket_state_to_string(SOCKET(u)->state);
2366 }
2367
2368 const char* socket_port_type_to_string(SocketPort *p) {
2369
2370 assert(p);
2371
2372 switch (p->type) {
2373
2374 case SOCKET_SOCKET:
2375
2376 switch (p->address.type) {
2377
2378 case SOCK_STREAM:
2379 return "Stream";
2380
2381 case SOCK_DGRAM:
2382 return "Datagram";
2383
2384 case SOCK_SEQPACKET:
2385 return "SequentialPacket";
2386
2387 case SOCK_RAW:
2388 if (socket_address_family(&p->address) == AF_NETLINK)
2389 return "Netlink";
2390
2391 default:
2392 return NULL;
2393 }
2394
2395 case SOCKET_SPECIAL:
2396 return "Special";
2397
2398 case SOCKET_MQUEUE:
2399 return "MessageQueue";
2400
2401 case SOCKET_FIFO:
2402 return "FIFO";
2403
2404 case SOCKET_USB_FUNCTION:
2405 return "USBFunction";
2406
2407 default:
2408 return NULL;
2409 }
2410 }
2411
2412 _pure_ static bool socket_check_gc(Unit *u) {
2413 Socket *s = SOCKET(u);
2414
2415 assert(u);
2416
2417 return s->n_connections > 0;
2418 }
2419
2420 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2421 SocketPort *p = userdata;
2422 int cfd = -1;
2423
2424 assert(p);
2425 assert(fd >= 0);
2426
2427 if (p->socket->state != SOCKET_LISTENING)
2428 return 0;
2429
2430 log_unit_debug(UNIT(p->socket), "Incoming traffic");
2431
2432 if (revents != EPOLLIN) {
2433
2434 if (revents & EPOLLHUP)
2435 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2436 else
2437 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
2438 goto fail;
2439 }
2440
2441 if (p->socket->accept &&
2442 p->type == SOCKET_SOCKET &&
2443 socket_address_can_accept(&p->address)) {
2444
2445 for (;;) {
2446
2447 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2448 if (cfd < 0) {
2449
2450 if (errno == EINTR)
2451 continue;
2452
2453 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
2454 goto fail;
2455 }
2456
2457 break;
2458 }
2459
2460 socket_apply_socket_options(p->socket, cfd);
2461 }
2462
2463 socket_enter_running(p->socket, cfd);
2464 return 0;
2465
2466 fail:
2467 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2468 return 0;
2469 }
2470
2471 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2472 Socket *s = SOCKET(u);
2473 SocketResult f;
2474
2475 assert(s);
2476 assert(pid >= 0);
2477
2478 if (pid != s->control_pid)
2479 return;
2480
2481 s->control_pid = 0;
2482
2483 if (is_clean_exit(code, status, NULL))
2484 f = SOCKET_SUCCESS;
2485 else if (code == CLD_EXITED)
2486 f = SOCKET_FAILURE_EXIT_CODE;
2487 else if (code == CLD_KILLED)
2488 f = SOCKET_FAILURE_SIGNAL;
2489 else if (code == CLD_DUMPED)
2490 f = SOCKET_FAILURE_CORE_DUMP;
2491 else
2492 assert_not_reached("Unknown sigchld code");
2493
2494 if (s->control_command) {
2495 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2496
2497 if (s->control_command->ignore)
2498 f = SOCKET_SUCCESS;
2499 }
2500
2501 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2502 "Control process exited, code=%s status=%i",
2503 sigchld_code_to_string(code), status);
2504
2505 if (f != SOCKET_SUCCESS)
2506 s->result = f;
2507
2508 if (s->control_command &&
2509 s->control_command->command_next &&
2510 f == SOCKET_SUCCESS) {
2511
2512 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
2513 socket_run_next(s);
2514 } else {
2515 s->control_command = NULL;
2516 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2517
2518 /* No further commands for this step, so let's figure
2519 * out what to do next */
2520
2521 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
2522
2523 switch (s->state) {
2524
2525 case SOCKET_START_PRE:
2526 if (f == SOCKET_SUCCESS)
2527 socket_enter_start_chown(s);
2528 else
2529 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2530 break;
2531
2532 case SOCKET_START_CHOWN:
2533 if (f == SOCKET_SUCCESS)
2534 socket_enter_start_post(s);
2535 else
2536 socket_enter_stop_pre(s, f);
2537 break;
2538
2539 case SOCKET_START_POST:
2540 if (f == SOCKET_SUCCESS)
2541 socket_enter_listening(s);
2542 else
2543 socket_enter_stop_pre(s, f);
2544 break;
2545
2546 case SOCKET_STOP_PRE:
2547 case SOCKET_STOP_PRE_SIGTERM:
2548 case SOCKET_STOP_PRE_SIGKILL:
2549 socket_enter_stop_post(s, f);
2550 break;
2551
2552 case SOCKET_STOP_POST:
2553 case SOCKET_FINAL_SIGTERM:
2554 case SOCKET_FINAL_SIGKILL:
2555 socket_enter_dead(s, f);
2556 break;
2557
2558 default:
2559 assert_not_reached("Uh, control process died at wrong time.");
2560 }
2561 }
2562
2563 /* Notify clients about changed exit status */
2564 unit_add_to_dbus_queue(u);
2565 }
2566
2567 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2568 Socket *s = SOCKET(userdata);
2569
2570 assert(s);
2571 assert(s->timer_event_source == source);
2572
2573 switch (s->state) {
2574
2575 case SOCKET_START_PRE:
2576 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
2577 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2578 break;
2579
2580 case SOCKET_START_CHOWN:
2581 case SOCKET_START_POST:
2582 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
2583 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2584 break;
2585
2586 case SOCKET_STOP_PRE:
2587 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
2588 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2589 break;
2590
2591 case SOCKET_STOP_PRE_SIGTERM:
2592 if (s->kill_context.send_sigkill) {
2593 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
2594 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2595 } else {
2596 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2597 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2598 }
2599 break;
2600
2601 case SOCKET_STOP_PRE_SIGKILL:
2602 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
2603 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2604 break;
2605
2606 case SOCKET_STOP_POST:
2607 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
2608 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2609 break;
2610
2611 case SOCKET_FINAL_SIGTERM:
2612 if (s->kill_context.send_sigkill) {
2613 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
2614 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2615 } else {
2616 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2617 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2618 }
2619 break;
2620
2621 case SOCKET_FINAL_SIGKILL:
2622 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
2623 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2624 break;
2625
2626 default:
2627 assert_not_reached("Timeout at wrong time.");
2628 }
2629
2630 return 0;
2631 }
2632
2633 int socket_collect_fds(Socket *s, int **fds) {
2634 int *rfds, k = 0, n = 0;
2635 SocketPort *p;
2636
2637 assert(s);
2638 assert(fds);
2639
2640 /* Called from the service code for requesting our fds */
2641
2642 LIST_FOREACH(port, p, s->ports) {
2643 if (p->fd >= 0)
2644 n++;
2645 n += p->n_auxiliary_fds;
2646 }
2647
2648 if (n <= 0) {
2649 *fds = NULL;
2650 return 0;
2651 }
2652
2653 rfds = new(int, n);
2654 if (!rfds)
2655 return -ENOMEM;
2656
2657 LIST_FOREACH(port, p, s->ports) {
2658 int i;
2659
2660 if (p->fd >= 0)
2661 rfds[k++] = p->fd;
2662 for (i = 0; i < p->n_auxiliary_fds; ++i)
2663 rfds[k++] = p->auxiliary_fds[i];
2664 }
2665
2666 assert(k == n);
2667
2668 *fds = rfds;
2669 return n;
2670 }
2671
2672 static void socket_reset_failed(Unit *u) {
2673 Socket *s = SOCKET(u);
2674
2675 assert(s);
2676
2677 if (s->state == SOCKET_FAILED)
2678 socket_set_state(s, SOCKET_DEAD);
2679
2680 s->result = SOCKET_SUCCESS;
2681 }
2682
2683 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2684 assert(s);
2685
2686 /* The service is dead. Dang!
2687 *
2688 * This is strictly for one-instance-for-all-connections
2689 * services. */
2690
2691 if (s->state == SOCKET_RUNNING) {
2692 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
2693 if (failed_permanent)
2694 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2695 else
2696 socket_enter_listening(s);
2697 }
2698 }
2699
2700 void socket_connection_unref(Socket *s) {
2701 assert(s);
2702
2703 /* The service is dead. Yay!
2704 *
2705 * This is strictly for one-instance-per-connection
2706 * services. */
2707
2708 assert(s->n_connections > 0);
2709 s->n_connections--;
2710
2711 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
2712 }
2713
2714 static void socket_trigger_notify(Unit *u, Unit *other) {
2715 Socket *s = SOCKET(u);
2716 Service *se;
2717
2718 assert(u);
2719 assert(other);
2720
2721 /* Don't propagate state changes from the service if we are
2722 already down or accepting connections */
2723 if ((s->state != SOCKET_RUNNING &&
2724 s->state != SOCKET_LISTENING) ||
2725 s->accept)
2726 return;
2727
2728 if (other->load_state != UNIT_LOADED ||
2729 other->type != UNIT_SERVICE)
2730 return;
2731
2732 se = SERVICE(other);
2733
2734 if (se->state == SERVICE_FAILED)
2735 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2736
2737 if (se->state == SERVICE_DEAD ||
2738 se->state == SERVICE_FINAL_SIGTERM ||
2739 se->state == SERVICE_FINAL_SIGKILL ||
2740 se->state == SERVICE_AUTO_RESTART)
2741 socket_notify_service_dead(s, false);
2742
2743 if (se->state == SERVICE_RUNNING)
2744 socket_set_state(s, SOCKET_RUNNING);
2745 }
2746
2747 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2748 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2749 }
2750
2751 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2752 Socket *s = SOCKET(u);
2753 int r;
2754
2755 if (!s->timer_event_source)
2756 return 0;
2757
2758 r = sd_event_source_get_time(s->timer_event_source, timeout);
2759 if (r < 0)
2760 return r;
2761
2762 return 1;
2763 }
2764
2765 char *socket_fdname(Socket *s) {
2766 assert(s);
2767
2768 /* Returns the name to use for $LISTEN_NAMES. If the user
2769 * didn't specify anything specifically, use the socket unit's
2770 * name as fallback. */
2771
2772 if (s->fdname)
2773 return s->fdname;
2774
2775 return UNIT(s)->id;
2776 }
2777
2778 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2779 [SOCKET_EXEC_START_PRE] = "StartPre",
2780 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2781 [SOCKET_EXEC_START_POST] = "StartPost",
2782 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2783 [SOCKET_EXEC_STOP_POST] = "StopPost"
2784 };
2785
2786 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2787
2788 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2789 [SOCKET_SUCCESS] = "success",
2790 [SOCKET_FAILURE_RESOURCES] = "resources",
2791 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2792 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2793 [SOCKET_FAILURE_SIGNAL] = "signal",
2794 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2795 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2796 };
2797
2798 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2799
2800 const UnitVTable socket_vtable = {
2801 .object_size = sizeof(Socket),
2802 .exec_context_offset = offsetof(Socket, exec_context),
2803 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2804 .kill_context_offset = offsetof(Socket, kill_context),
2805 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2806
2807 .sections =
2808 "Unit\0"
2809 "Socket\0"
2810 "Install\0",
2811 .private_section = "Socket",
2812
2813 .init = socket_init,
2814 .done = socket_done,
2815 .load = socket_load,
2816
2817 .coldplug = socket_coldplug,
2818
2819 .dump = socket_dump,
2820
2821 .start = socket_start,
2822 .stop = socket_stop,
2823
2824 .kill = socket_kill,
2825
2826 .get_timeout = socket_get_timeout,
2827
2828 .serialize = socket_serialize,
2829 .deserialize_item = socket_deserialize_item,
2830 .distribute_fds = socket_distribute_fds,
2831
2832 .active_state = socket_active_state,
2833 .sub_state_to_string = socket_sub_state_to_string,
2834
2835 .check_gc = socket_check_gc,
2836
2837 .sigchld_event = socket_sigchld_event,
2838
2839 .trigger_notify = socket_trigger_notify,
2840
2841 .reset_failed = socket_reset_failed,
2842
2843 .bus_vtable = bus_socket_vtable,
2844 .bus_set_property = bus_socket_set_property,
2845 .bus_commit_properties = bus_socket_commit_properties,
2846
2847 .status_message_formats = {
2848 /*.starting_stopping = {
2849 [0] = "Starting socket %s...",
2850 [1] = "Stopping socket %s...",
2851 },*/
2852 .finished_start_job = {
2853 [JOB_DONE] = "Listening on %s.",
2854 [JOB_FAILED] = "Failed to listen on %s.",
2855 [JOB_TIMEOUT] = "Timed out starting %s.",
2856 },
2857 .finished_stop_job = {
2858 [JOB_DONE] = "Closed %s.",
2859 [JOB_FAILED] = "Failed stopping %s.",
2860 [JOB_TIMEOUT] = "Timed out stopping %s.",
2861 },
2862 },
2863 };
Unnamed repository; edit this file 'description' to name the repository.