]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #1653 from keszybz/lz4-compress-time
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <arpa/inet.h>
23 #include <errno.h>
24 #include <fcntl.h>
25 #include <mqueue.h>
26 #include <netinet/tcp.h>
27 #include <signal.h>
28 #include <sys/epoll.h>
29 #include <sys/stat.h>
30 #include <unistd.h>
31
32 #include "sd-event.h"
33
34 #include "bus-error.h"
35 #include "bus-util.h"
36 #include "copy.h"
37 #include "dbus-socket.h"
38 #include "def.h"
39 #include "exit-status.h"
40 #include "formats-util.h"
41 #include "label.h"
42 #include "log.h"
43 #include "missing.h"
44 #include "mkdir.h"
45 #include "path-util.h"
46 #include "selinux-util.h"
47 #include "signal-util.h"
48 #include "smack-util.h"
49 #include "socket.h"
50 #include "special.h"
51 #include "strv.h"
52 #include "unit-name.h"
53 #include "unit-printf.h"
54 #include "unit.h"
55
56 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
57 [SOCKET_DEAD] = UNIT_INACTIVE,
58 [SOCKET_START_PRE] = UNIT_ACTIVATING,
59 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
60 [SOCKET_START_POST] = UNIT_ACTIVATING,
61 [SOCKET_LISTENING] = UNIT_ACTIVE,
62 [SOCKET_RUNNING] = UNIT_ACTIVE,
63 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
66 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
67 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
68 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
69 [SOCKET_FAILED] = UNIT_FAILED
70 };
71
72 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
73 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
74
75 static void socket_init(Unit *u) {
76 Socket *s = SOCKET(u);
77
78 assert(u);
79 assert(u->load_state == UNIT_STUB);
80
81 s->backlog = SOMAXCONN;
82 s->timeout_usec = u->manager->default_timeout_start_usec;
83 s->directory_mode = 0755;
84 s->socket_mode = 0666;
85
86 s->max_connections = 64;
87
88 s->priority = -1;
89 s->ip_tos = -1;
90 s->ip_ttl = -1;
91 s->mark = -1;
92
93 s->exec_context.std_output = u->manager->default_std_output;
94 s->exec_context.std_error = u->manager->default_std_error;
95
96 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
97 }
98
99 static void socket_unwatch_control_pid(Socket *s) {
100 assert(s);
101
102 if (s->control_pid <= 0)
103 return;
104
105 unit_unwatch_pid(UNIT(s), s->control_pid);
106 s->control_pid = 0;
107 }
108
109 static void socket_cleanup_fd_list(SocketPort *p) {
110 int k = p->n_auxiliary_fds;
111
112 while (k--)
113 safe_close(p->auxiliary_fds[k]);
114
115 p->auxiliary_fds = mfree(p->auxiliary_fds);
116 p->n_auxiliary_fds = 0;
117 }
118
119 void socket_free_ports(Socket *s) {
120 SocketPort *p;
121
122 assert(s);
123
124 while ((p = s->ports)) {
125 LIST_REMOVE(port, s->ports, p);
126
127 sd_event_source_unref(p->event_source);
128
129 socket_cleanup_fd_list(p);
130 safe_close(p->fd);
131 free(p->path);
132 free(p);
133 }
134 }
135
136 static void socket_done(Unit *u) {
137 Socket *s = SOCKET(u);
138
139 assert(s);
140
141 socket_free_ports(s);
142
143 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
144 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
145 s->control_command = NULL;
146
147 socket_unwatch_control_pid(s);
148
149 unit_ref_unset(&s->service);
150
151 s->tcp_congestion = mfree(s->tcp_congestion);
152 s->bind_to_device = mfree(s->bind_to_device);
153
154 free(s->smack);
155 free(s->smack_ip_in);
156 free(s->smack_ip_out);
157
158 strv_free(s->symlinks);
159
160 free(s->user);
161 free(s->group);
162
163 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
164 }
165
166 static int socket_arm_timer(Socket *s) {
167 int r;
168
169 assert(s);
170
171 if (s->timeout_usec <= 0) {
172 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
173 return 0;
174 }
175
176 if (s->timer_event_source) {
177 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
178 if (r < 0)
179 return r;
180
181 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
182 }
183
184 r = sd_event_add_time(
185 UNIT(s)->manager->event,
186 &s->timer_event_source,
187 CLOCK_MONOTONIC,
188 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
189 socket_dispatch_timer, s);
190 if (r < 0)
191 return r;
192
193 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
194
195 return 0;
196 }
197
198 int socket_instantiate_service(Socket *s) {
199 _cleanup_free_ char *prefix = NULL, *name = NULL;
200 int r;
201 Unit *u;
202
203 assert(s);
204
205 /* This fills in s->service if it isn't filled in yet. For
206 * Accept=yes sockets we create the next connection service
207 * here. For Accept=no this is mostly a NOP since the service
208 * is figured out at load time anyway. */
209
210 if (UNIT_DEREF(s->service))
211 return 0;
212
213 if (!s->accept)
214 return 0;
215
216 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
217 if (r < 0)
218 return r;
219
220 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
221 return -ENOMEM;
222
223 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
224 if (r < 0)
225 return r;
226
227 u->no_gc = true;
228 unit_ref_set(&s->service, u);
229
230 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
231 }
232
233 static bool have_non_accept_socket(Socket *s) {
234 SocketPort *p;
235
236 assert(s);
237
238 if (!s->accept)
239 return true;
240
241 LIST_FOREACH(port, p, s->ports) {
242
243 if (p->type != SOCKET_SOCKET)
244 return true;
245
246 if (!socket_address_can_accept(&p->address))
247 return true;
248 }
249
250 return false;
251 }
252
253 static int socket_add_mount_links(Socket *s) {
254 SocketPort *p;
255 int r;
256
257 assert(s);
258
259 LIST_FOREACH(port, p, s->ports) {
260 const char *path = NULL;
261
262 if (p->type == SOCKET_SOCKET)
263 path = socket_address_get_path(&p->address);
264 else if (IN_SET(p->type, SOCKET_FIFO, SOCKET_SPECIAL, SOCKET_USB_FUNCTION))
265 path = p->path;
266
267 if (!path)
268 continue;
269
270 r = unit_require_mounts_for(UNIT(s), path);
271 if (r < 0)
272 return r;
273 }
274
275 return 0;
276 }
277
278 static int socket_add_device_link(Socket *s) {
279 char *t;
280
281 assert(s);
282
283 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
284 return 0;
285
286 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
287 return unit_add_node_link(UNIT(s), t, false);
288 }
289
290 static int socket_add_default_dependencies(Socket *s) {
291 int r;
292 assert(s);
293
294 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
295 if (r < 0)
296 return r;
297
298 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
299 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
300 if (r < 0)
301 return r;
302 }
303
304 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
305 }
306
307 _pure_ static bool socket_has_exec(Socket *s) {
308 unsigned i;
309 assert(s);
310
311 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
312 if (s->exec_command[i])
313 return true;
314
315 return false;
316 }
317
318 static int socket_add_extras(Socket *s) {
319 Unit *u = UNIT(s);
320 int r;
321
322 assert(s);
323
324 if (have_non_accept_socket(s)) {
325
326 if (!UNIT_DEREF(s->service)) {
327 Unit *x;
328
329 r = unit_load_related_unit(u, ".service", &x);
330 if (r < 0)
331 return r;
332
333 unit_ref_set(&s->service, x);
334 }
335
336 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
337 if (r < 0)
338 return r;
339 }
340
341 r = socket_add_mount_links(s);
342 if (r < 0)
343 return r;
344
345 r = socket_add_device_link(s);
346 if (r < 0)
347 return r;
348
349 r = unit_patch_contexts(u);
350 if (r < 0)
351 return r;
352
353 if (socket_has_exec(s)) {
354 r = unit_add_exec_dependencies(u, &s->exec_context);
355 if (r < 0)
356 return r;
357
358 r = unit_set_default_slice(u);
359 if (r < 0)
360 return r;
361 }
362
363 if (u->default_dependencies) {
364 r = socket_add_default_dependencies(s);
365 if (r < 0)
366 return r;
367 }
368
369 return 0;
370 }
371
372 static const char *socket_find_symlink_target(Socket *s) {
373 const char *found = NULL;
374 SocketPort *p;
375
376 LIST_FOREACH(port, p, s->ports) {
377 const char *f = NULL;
378
379 switch (p->type) {
380
381 case SOCKET_FIFO:
382 f = p->path;
383 break;
384
385 case SOCKET_SOCKET:
386 if (p->address.sockaddr.un.sun_path[0] != 0)
387 f = p->address.sockaddr.un.sun_path;
388 break;
389
390 default:
391 break;
392 }
393
394 if (f) {
395 if (found)
396 return NULL;
397
398 found = f;
399 }
400 }
401
402 return found;
403 }
404
405 static int socket_verify(Socket *s) {
406 assert(s);
407
408 if (UNIT(s)->load_state != UNIT_LOADED)
409 return 0;
410
411 if (!s->ports) {
412 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
413 return -EINVAL;
414 }
415
416 if (s->accept && have_non_accept_socket(s)) {
417 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
418 return -EINVAL;
419 }
420
421 if (s->accept && s->max_connections <= 0) {
422 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
423 return -EINVAL;
424 }
425
426 if (s->accept && UNIT_DEREF(s->service)) {
427 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
428 return -EINVAL;
429 }
430
431 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
432 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
433 return -EINVAL;
434 }
435
436 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
437 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
438 return -EINVAL;
439 }
440
441 return 0;
442 }
443
444 static int socket_load(Unit *u) {
445 Socket *s = SOCKET(u);
446 int r;
447
448 assert(u);
449 assert(u->load_state == UNIT_STUB);
450
451 r = unit_load_fragment_and_dropin(u);
452 if (r < 0)
453 return r;
454
455 if (u->load_state == UNIT_LOADED) {
456 /* This is a new unit? Then let's add in some extras */
457 r = socket_add_extras(s);
458 if (r < 0)
459 return r;
460 }
461
462 return socket_verify(s);
463 }
464
465 _const_ static const char* listen_lookup(int family, int type) {
466
467 if (family == AF_NETLINK)
468 return "ListenNetlink";
469
470 if (type == SOCK_STREAM)
471 return "ListenStream";
472 else if (type == SOCK_DGRAM)
473 return "ListenDatagram";
474 else if (type == SOCK_SEQPACKET)
475 return "ListenSequentialPacket";
476
477 assert_not_reached("Unknown socket type");
478 return NULL;
479 }
480
481 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
482 char time_string[FORMAT_TIMESPAN_MAX];
483 SocketExecCommand c;
484 Socket *s = SOCKET(u);
485 SocketPort *p;
486 const char *prefix2;
487
488 assert(s);
489 assert(f);
490
491 prefix = strempty(prefix);
492 prefix2 = strjoina(prefix, "\t");
493
494 fprintf(f,
495 "%sSocket State: %s\n"
496 "%sResult: %s\n"
497 "%sBindIPv6Only: %s\n"
498 "%sBacklog: %u\n"
499 "%sSocketMode: %04o\n"
500 "%sDirectoryMode: %04o\n"
501 "%sKeepAlive: %s\n"
502 "%sNoDelay: %s\n"
503 "%sFreeBind: %s\n"
504 "%sTransparent: %s\n"
505 "%sBroadcast: %s\n"
506 "%sPassCredentials: %s\n"
507 "%sPassSecurity: %s\n"
508 "%sTCPCongestion: %s\n"
509 "%sRemoveOnStop: %s\n"
510 "%sWritable: %s\n"
511 "%sFDName: %s\n"
512 "%sSELinuxContextFromNet: %s\n",
513 prefix, socket_state_to_string(s->state),
514 prefix, socket_result_to_string(s->result),
515 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
516 prefix, s->backlog,
517 prefix, s->socket_mode,
518 prefix, s->directory_mode,
519 prefix, yes_no(s->keep_alive),
520 prefix, yes_no(s->no_delay),
521 prefix, yes_no(s->free_bind),
522 prefix, yes_no(s->transparent),
523 prefix, yes_no(s->broadcast),
524 prefix, yes_no(s->pass_cred),
525 prefix, yes_no(s->pass_sec),
526 prefix, strna(s->tcp_congestion),
527 prefix, yes_no(s->remove_on_stop),
528 prefix, yes_no(s->writable),
529 prefix, socket_fdname(s),
530 prefix, yes_no(s->selinux_context_from_net));
531
532 if (s->control_pid > 0)
533 fprintf(f,
534 "%sControl PID: "PID_FMT"\n",
535 prefix, s->control_pid);
536
537 if (s->bind_to_device)
538 fprintf(f,
539 "%sBindToDevice: %s\n",
540 prefix, s->bind_to_device);
541
542 if (s->accept)
543 fprintf(f,
544 "%sAccepted: %u\n"
545 "%sNConnections: %u\n"
546 "%sMaxConnections: %u\n",
547 prefix, s->n_accepted,
548 prefix, s->n_connections,
549 prefix, s->max_connections);
550
551 if (s->priority >= 0)
552 fprintf(f,
553 "%sPriority: %i\n",
554 prefix, s->priority);
555
556 if (s->receive_buffer > 0)
557 fprintf(f,
558 "%sReceiveBuffer: %zu\n",
559 prefix, s->receive_buffer);
560
561 if (s->send_buffer > 0)
562 fprintf(f,
563 "%sSendBuffer: %zu\n",
564 prefix, s->send_buffer);
565
566 if (s->ip_tos >= 0)
567 fprintf(f,
568 "%sIPTOS: %i\n",
569 prefix, s->ip_tos);
570
571 if (s->ip_ttl >= 0)
572 fprintf(f,
573 "%sIPTTL: %i\n",
574 prefix, s->ip_ttl);
575
576 if (s->pipe_size > 0)
577 fprintf(f,
578 "%sPipeSize: %zu\n",
579 prefix, s->pipe_size);
580
581 if (s->mark >= 0)
582 fprintf(f,
583 "%sMark: %i\n",
584 prefix, s->mark);
585
586 if (s->mq_maxmsg > 0)
587 fprintf(f,
588 "%sMessageQueueMaxMessages: %li\n",
589 prefix, s->mq_maxmsg);
590
591 if (s->mq_msgsize > 0)
592 fprintf(f,
593 "%sMessageQueueMessageSize: %li\n",
594 prefix, s->mq_msgsize);
595
596 if (s->reuse_port)
597 fprintf(f,
598 "%sReusePort: %s\n",
599 prefix, yes_no(s->reuse_port));
600
601 if (s->smack)
602 fprintf(f,
603 "%sSmackLabel: %s\n",
604 prefix, s->smack);
605
606 if (s->smack_ip_in)
607 fprintf(f,
608 "%sSmackLabelIPIn: %s\n",
609 prefix, s->smack_ip_in);
610
611 if (s->smack_ip_out)
612 fprintf(f,
613 "%sSmackLabelIPOut: %s\n",
614 prefix, s->smack_ip_out);
615
616 if (!isempty(s->user) || !isempty(s->group))
617 fprintf(f,
618 "%sOwnerUser: %s\n"
619 "%sOwnerGroup: %s\n",
620 prefix, strna(s->user),
621 prefix, strna(s->group));
622
623 if (s->keep_alive_time > 0)
624 fprintf(f,
625 "%sKeepAliveTimeSec: %s\n",
626 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
627
628 if (s->keep_alive_interval)
629 fprintf(f,
630 "%sKeepAliveIntervalSec: %s\n",
631 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
632
633 if (s->keep_alive_cnt)
634 fprintf(f,
635 "%sKeepAliveProbes: %u\n",
636 prefix, s->keep_alive_cnt);
637
638 if (s->defer_accept)
639 fprintf(f,
640 "%sDeferAcceptSec: %s\n",
641 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
642
643 LIST_FOREACH(port, p, s->ports) {
644
645 if (p->type == SOCKET_SOCKET) {
646 const char *t;
647 int r;
648 char *k = NULL;
649
650 r = socket_address_print(&p->address, &k);
651 if (r < 0)
652 t = strerror(-r);
653 else
654 t = k;
655
656 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
657 free(k);
658 } else if (p->type == SOCKET_SPECIAL)
659 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
660 else if (p->type == SOCKET_USB_FUNCTION)
661 fprintf(f, "%sListenUSBFunction: %s\n", prefix, p->path);
662 else if (p->type == SOCKET_MQUEUE)
663 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
664 else
665 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
666 }
667
668 exec_context_dump(&s->exec_context, f, prefix);
669 kill_context_dump(&s->kill_context, f, prefix);
670
671 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
672 if (!s->exec_command[c])
673 continue;
674
675 fprintf(f, "%s-> %s:\n",
676 prefix, socket_exec_command_to_string(c));
677
678 exec_command_dump_list(s->exec_command[c], f, prefix2);
679 }
680 }
681
682 static int instance_from_socket(int fd, unsigned nr, char **instance) {
683 socklen_t l;
684 char *r;
685 union sockaddr_union local, remote;
686
687 assert(fd >= 0);
688 assert(instance);
689
690 l = sizeof(local);
691 if (getsockname(fd, &local.sa, &l) < 0)
692 return -errno;
693
694 l = sizeof(remote);
695 if (getpeername(fd, &remote.sa, &l) < 0)
696 return -errno;
697
698 switch (local.sa.sa_family) {
699
700 case AF_INET: {
701 uint32_t
702 a = ntohl(local.in.sin_addr.s_addr),
703 b = ntohl(remote.in.sin_addr.s_addr);
704
705 if (asprintf(&r,
706 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
707 nr,
708 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
709 ntohs(local.in.sin_port),
710 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
711 ntohs(remote.in.sin_port)) < 0)
712 return -ENOMEM;
713
714 break;
715 }
716
717 case AF_INET6: {
718 static const unsigned char ipv4_prefix[] = {
719 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
720 };
721
722 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
723 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
724 const uint8_t
725 *a = local.in6.sin6_addr.s6_addr+12,
726 *b = remote.in6.sin6_addr.s6_addr+12;
727
728 if (asprintf(&r,
729 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
730 nr,
731 a[0], a[1], a[2], a[3],
732 ntohs(local.in6.sin6_port),
733 b[0], b[1], b[2], b[3],
734 ntohs(remote.in6.sin6_port)) < 0)
735 return -ENOMEM;
736 } else {
737 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
738
739 if (asprintf(&r,
740 "%u-%s:%u-%s:%u",
741 nr,
742 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
743 ntohs(local.in6.sin6_port),
744 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
745 ntohs(remote.in6.sin6_port)) < 0)
746 return -ENOMEM;
747 }
748
749 break;
750 }
751
752 case AF_UNIX: {
753 struct ucred ucred;
754 int k;
755
756 k = getpeercred(fd, &ucred);
757 if (k >= 0) {
758 if (asprintf(&r,
759 "%u-"PID_FMT"-"UID_FMT,
760 nr, ucred.pid, ucred.uid) < 0)
761 return -ENOMEM;
762 } else if (k == -ENODATA) {
763 /* This handles the case where somebody is
764 * connecting from another pid/uid namespace
765 * (e.g. from outside of our container). */
766 if (asprintf(&r,
767 "%u-unknown",
768 nr) < 0)
769 return -ENOMEM;
770 } else
771 return k;
772
773 break;
774 }
775
776 default:
777 assert_not_reached("Unhandled socket type.");
778 }
779
780 *instance = r;
781 return 0;
782 }
783
784 static void socket_close_fds(Socket *s) {
785 SocketPort *p;
786 char **i;
787
788 assert(s);
789
790 LIST_FOREACH(port, p, s->ports) {
791
792 p->event_source = sd_event_source_unref(p->event_source);
793
794 if (p->fd < 0)
795 continue;
796
797 p->fd = safe_close(p->fd);
798 socket_cleanup_fd_list(p);
799
800 /* One little note: we should normally not delete any
801 * sockets in the file system here! After all some
802 * other process we spawned might still have a
803 * reference of this fd and wants to continue to use
804 * it. Therefore we delete sockets in the file system
805 * before we create a new one, not after we stopped
806 * using one! */
807
808 if (s->remove_on_stop) {
809 switch (p->type) {
810
811 case SOCKET_FIFO:
812 unlink(p->path);
813 break;
814
815 case SOCKET_MQUEUE:
816 mq_unlink(p->path);
817 break;
818
819 case SOCKET_SOCKET:
820 socket_address_unlink(&p->address);
821 break;
822
823 default:
824 break;
825 }
826 }
827 }
828
829 if (s->remove_on_stop)
830 STRV_FOREACH(i, s->symlinks)
831 unlink(*i);
832 }
833
834 static void socket_apply_socket_options(Socket *s, int fd) {
835 int r;
836
837 assert(s);
838 assert(fd >= 0);
839
840 if (s->keep_alive) {
841 int b = s->keep_alive;
842 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
843 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
844 }
845
846 if (s->keep_alive_time) {
847 int value = s->keep_alive_time / USEC_PER_SEC;
848 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
849 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
850 }
851
852 if (s->keep_alive_interval) {
853 int value = s->keep_alive_interval / USEC_PER_SEC;
854 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
855 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
856 }
857
858 if (s->keep_alive_cnt) {
859 int value = s->keep_alive_cnt;
860 if (setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &value, sizeof(value)) < 0)
861 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
862 }
863
864 if (s->defer_accept) {
865 int value = s->defer_accept / USEC_PER_SEC;
866 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
867 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
868 }
869
870 if (s->no_delay) {
871 int b = s->no_delay;
872 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
873 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
874 }
875
876 if (s->broadcast) {
877 int one = 1;
878 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
879 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
880 }
881
882 if (s->pass_cred) {
883 int one = 1;
884 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
885 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
886 }
887
888 if (s->pass_sec) {
889 int one = 1;
890 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
891 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
892 }
893
894 if (s->priority >= 0)
895 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
896 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
897
898 if (s->receive_buffer > 0) {
899 int value = (int) s->receive_buffer;
900
901 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
902
903 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
904 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
905 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
906 }
907
908 if (s->send_buffer > 0) {
909 int value = (int) s->send_buffer;
910 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
911 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
912 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
913 }
914
915 if (s->mark >= 0)
916 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
917 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
918
919 if (s->ip_tos >= 0)
920 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
921 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
922
923 if (s->ip_ttl >= 0) {
924 int x;
925
926 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
927
928 if (socket_ipv6_is_supported())
929 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
930 else {
931 x = -1;
932 errno = EAFNOSUPPORT;
933 }
934
935 if (r < 0 && x < 0)
936 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
937 }
938
939 if (s->tcp_congestion)
940 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
941 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
942
943 if (s->smack_ip_in) {
944 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
945 if (r < 0)
946 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
947 }
948
949 if (s->smack_ip_out) {
950 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
951 if (r < 0)
952 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
953 }
954 }
955
956 static void socket_apply_fifo_options(Socket *s, int fd) {
957 int r;
958
959 assert(s);
960 assert(fd >= 0);
961
962 if (s->pipe_size > 0)
963 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
964 log_unit_warning_errno(UNIT(s), errno, "Setting pipe size failed, ignoring: %m");
965
966 if (s->smack) {
967 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
968 if (r < 0)
969 log_unit_error_errno(UNIT(s), r, "SMACK relabelling failed, ignoring: %m");
970 }
971 }
972
973 static int fifo_address_create(
974 const char *path,
975 mode_t directory_mode,
976 mode_t socket_mode) {
977
978 _cleanup_close_ int fd = -1;
979 mode_t old_mask;
980 struct stat st;
981 int r;
982
983 assert(path);
984
985 mkdir_parents_label(path, directory_mode);
986
987 r = mac_selinux_create_file_prepare(path, S_IFIFO);
988 if (r < 0)
989 return r;
990
991 /* Enforce the right access mode for the fifo */
992 old_mask = umask(~ socket_mode);
993
994 /* Include the original umask in our mask */
995 (void) umask(~socket_mode | old_mask);
996
997 r = mkfifo(path, socket_mode);
998 (void) umask(old_mask);
999
1000 if (r < 0 && errno != EEXIST) {
1001 r = -errno;
1002 goto fail;
1003 }
1004
1005 fd = open(path, O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
1006 if (fd < 0) {
1007 r = -errno;
1008 goto fail;
1009 }
1010
1011 mac_selinux_create_file_clear();
1012
1013 if (fstat(fd, &st) < 0) {
1014 r = -errno;
1015 goto fail;
1016 }
1017
1018 if (!S_ISFIFO(st.st_mode) ||
1019 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1020 st.st_uid != getuid() ||
1021 st.st_gid != getgid()) {
1022 r = -EEXIST;
1023 goto fail;
1024 }
1025
1026 r = fd;
1027 fd = -1;
1028
1029 return r;
1030
1031 fail:
1032 mac_selinux_create_file_clear();
1033 return r;
1034 }
1035
1036 static int special_address_create(const char *path, bool writable) {
1037 _cleanup_close_ int fd = -1;
1038 struct stat st;
1039 int r;
1040
1041 assert(path);
1042
1043 fd = open(path, (writable ? O_RDWR : O_RDONLY)|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1044 if (fd < 0)
1045 return -errno;
1046
1047 if (fstat(fd, &st) < 0)
1048 return -errno;
1049
1050 /* Check whether this is a /proc, /sys or /dev file or char device */
1051 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode))
1052 return -EEXIST;
1053
1054 r = fd;
1055 fd = -1;
1056
1057 return r;
1058 }
1059
1060 static int usbffs_address_create(const char *path) {
1061 _cleanup_close_ int fd = -1;
1062 struct stat st;
1063 int r;
1064
1065 assert(path);
1066
1067 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1068 if (fd < 0)
1069 return -errno;
1070
1071 if (fstat(fd, &st) < 0)
1072 return -errno;
1073
1074 /* Check whether this is a regular file (ffs endpoint)*/
1075 if (!S_ISREG(st.st_mode))
1076 return -EEXIST;
1077
1078 r = fd;
1079 fd = -1;
1080
1081 return r;
1082 }
1083
1084 static int mq_address_create(
1085 const char *path,
1086 mode_t mq_mode,
1087 long maxmsg,
1088 long msgsize) {
1089
1090 _cleanup_close_ int fd = -1;
1091 struct stat st;
1092 mode_t old_mask;
1093 struct mq_attr _attr, *attr = NULL;
1094 int r;
1095
1096 assert(path);
1097
1098 if (maxmsg > 0 && msgsize > 0) {
1099 _attr = (struct mq_attr) {
1100 .mq_flags = O_NONBLOCK,
1101 .mq_maxmsg = maxmsg,
1102 .mq_msgsize = msgsize,
1103 };
1104 attr = &_attr;
1105 }
1106
1107 /* Enforce the right access mode for the mq */
1108 old_mask = umask(~ mq_mode);
1109
1110 /* Include the original umask in our mask */
1111 (void) umask(~mq_mode | old_mask);
1112 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1113 (void) umask(old_mask);
1114
1115 if (fd < 0)
1116 return -errno;
1117
1118 if (fstat(fd, &st) < 0)
1119 return -errno;
1120
1121 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1122 st.st_uid != getuid() ||
1123 st.st_gid != getgid())
1124 return -EEXIST;
1125
1126 r = fd;
1127 fd = -1;
1128
1129 return r;
1130 }
1131
1132 static int socket_symlink(Socket *s) {
1133 const char *p;
1134 char **i;
1135
1136 assert(s);
1137
1138 p = socket_find_symlink_target(s);
1139 if (!p)
1140 return 0;
1141
1142 STRV_FOREACH(i, s->symlinks)
1143 symlink_label(p, *i);
1144
1145 return 0;
1146 }
1147
1148 static int usbffs_write_descs(int fd, Service *s) {
1149 int r;
1150
1151 if (!s->usb_function_descriptors || !s->usb_function_strings)
1152 return -EINVAL;
1153
1154 r = copy_file_fd(s->usb_function_descriptors, fd, false);
1155 if (r < 0)
1156 return r;
1157
1158 return copy_file_fd(s->usb_function_strings, fd, false);
1159 }
1160
1161 static int usbffs_select_ep(const struct dirent *d) {
1162 return d->d_name[0] != '.' && !streq(d->d_name, "ep0");
1163 }
1164
1165 static int usbffs_dispatch_eps(SocketPort *p) {
1166 _cleanup_free_ struct dirent **ent = NULL;
1167 _cleanup_free_ char *path = NULL;
1168 int r, i, n, k;
1169
1170 r = path_get_parent(p->path, &path);
1171 if (r < 0)
1172 return r;
1173
1174 r = scandir(path, &ent, usbffs_select_ep, alphasort);
1175 if (r < 0)
1176 return -errno;
1177
1178 n = r;
1179 p->auxiliary_fds = new(int, n);
1180 if (!p->auxiliary_fds)
1181 return -ENOMEM;
1182
1183 p->n_auxiliary_fds = n;
1184
1185 k = 0;
1186 for (i = 0; i < n; ++i) {
1187 _cleanup_free_ char *ep = NULL;
1188
1189 ep = path_make_absolute(ent[i]->d_name, path);
1190 if (!ep)
1191 return -ENOMEM;
1192
1193 path_kill_slashes(ep);
1194
1195 r = usbffs_address_create(ep);
1196 if (r < 0)
1197 goto fail;
1198
1199 p->auxiliary_fds[k] = r;
1200
1201 ++k;
1202 free(ent[i]);
1203 }
1204
1205 return r;
1206
1207 fail:
1208 close_many(p->auxiliary_fds, k);
1209 p->auxiliary_fds = mfree(p->auxiliary_fds);
1210 p->n_auxiliary_fds = 0;
1211
1212 return r;
1213 }
1214
1215 static int socket_open_fds(Socket *s) {
1216 _cleanup_(mac_selinux_freep) char *label = NULL;
1217 bool know_label = false;
1218 SocketPort *p;
1219 int r;
1220
1221 assert(s);
1222
1223 LIST_FOREACH(port, p, s->ports) {
1224
1225 if (p->fd >= 0)
1226 continue;
1227
1228 switch (p->type) {
1229
1230 case SOCKET_SOCKET:
1231
1232 if (!know_label) {
1233 /* Figure out label, if we don't it know
1234 * yet. We do it once, for the first
1235 * socket where we need this and
1236 * remember it for the rest. */
1237
1238 if (s->selinux_context_from_net) {
1239 /* Get it from the network label */
1240
1241 r = mac_selinux_get_our_label(&label);
1242 if (r < 0 && r != -EOPNOTSUPP)
1243 goto rollback;
1244
1245 } else {
1246 /* Get it from the executable we are about to start */
1247
1248 r = socket_instantiate_service(s);
1249 if (r < 0)
1250 goto rollback;
1251
1252 if (UNIT_ISSET(s->service) &&
1253 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1254 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1255 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1256 goto rollback;
1257 }
1258 }
1259
1260 know_label = true;
1261 }
1262
1263 r = socket_address_listen(
1264 &p->address,
1265 SOCK_CLOEXEC|SOCK_NONBLOCK,
1266 s->backlog,
1267 s->bind_ipv6_only,
1268 s->bind_to_device,
1269 s->reuse_port,
1270 s->free_bind,
1271 s->transparent,
1272 s->directory_mode,
1273 s->socket_mode,
1274 label);
1275 if (r < 0)
1276 goto rollback;
1277
1278 p->fd = r;
1279 socket_apply_socket_options(s, p->fd);
1280 socket_symlink(s);
1281 break;
1282
1283 case SOCKET_SPECIAL:
1284
1285 p->fd = special_address_create(p->path, s->writable);
1286 if (p->fd < 0) {
1287 r = p->fd;
1288 goto rollback;
1289 }
1290 break;
1291
1292 case SOCKET_FIFO:
1293
1294 p->fd = fifo_address_create(
1295 p->path,
1296 s->directory_mode,
1297 s->socket_mode);
1298 if (p->fd < 0) {
1299 r = p->fd;
1300 goto rollback;
1301 }
1302
1303 socket_apply_fifo_options(s, p->fd);
1304 socket_symlink(s);
1305 break;
1306
1307 case SOCKET_MQUEUE:
1308
1309 p->fd = mq_address_create(
1310 p->path,
1311 s->socket_mode,
1312 s->mq_maxmsg,
1313 s->mq_msgsize);
1314 if (p->fd < 0) {
1315 r = p->fd;
1316 goto rollback;
1317 }
1318 break;
1319
1320 case SOCKET_USB_FUNCTION:
1321
1322 p->fd = usbffs_address_create(p->path);
1323 if (p->fd < 0) {
1324 r = p->fd;
1325 goto rollback;
1326 }
1327
1328 r = usbffs_write_descs(p->fd, SERVICE(UNIT_DEREF(s->service)));
1329 if (r < 0)
1330 goto rollback;
1331
1332 r = usbffs_dispatch_eps(p);
1333 if (r < 0)
1334 goto rollback;
1335
1336 break;
1337
1338 default:
1339 assert_not_reached("Unknown port type");
1340 }
1341 }
1342
1343 return 0;
1344
1345 rollback:
1346 socket_close_fds(s);
1347 return r;
1348 }
1349
1350 static void socket_unwatch_fds(Socket *s) {
1351 SocketPort *p;
1352 int r;
1353
1354 assert(s);
1355
1356 LIST_FOREACH(port, p, s->ports) {
1357 if (p->fd < 0)
1358 continue;
1359
1360 if (!p->event_source)
1361 continue;
1362
1363 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1364 if (r < 0)
1365 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
1366 }
1367 }
1368
1369 static int socket_watch_fds(Socket *s) {
1370 SocketPort *p;
1371 int r;
1372
1373 assert(s);
1374
1375 LIST_FOREACH(port, p, s->ports) {
1376 if (p->fd < 0)
1377 continue;
1378
1379 if (p->event_source) {
1380 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1381 if (r < 0)
1382 goto fail;
1383 } else {
1384 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1385 if (r < 0)
1386 goto fail;
1387
1388 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1389 }
1390 }
1391
1392 return 0;
1393
1394 fail:
1395 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
1396 socket_unwatch_fds(s);
1397 return r;
1398 }
1399
1400 static void socket_set_state(Socket *s, SocketState state) {
1401 SocketState old_state;
1402 assert(s);
1403
1404 old_state = s->state;
1405 s->state = state;
1406
1407 if (!IN_SET(state,
1408 SOCKET_START_PRE,
1409 SOCKET_START_CHOWN,
1410 SOCKET_START_POST,
1411 SOCKET_STOP_PRE,
1412 SOCKET_STOP_PRE_SIGTERM,
1413 SOCKET_STOP_PRE_SIGKILL,
1414 SOCKET_STOP_POST,
1415 SOCKET_FINAL_SIGTERM,
1416 SOCKET_FINAL_SIGKILL)) {
1417
1418 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1419 socket_unwatch_control_pid(s);
1420 s->control_command = NULL;
1421 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1422 }
1423
1424 if (state != SOCKET_LISTENING)
1425 socket_unwatch_fds(s);
1426
1427 if (!IN_SET(state,
1428 SOCKET_START_CHOWN,
1429 SOCKET_START_POST,
1430 SOCKET_LISTENING,
1431 SOCKET_RUNNING,
1432 SOCKET_STOP_PRE,
1433 SOCKET_STOP_PRE_SIGTERM,
1434 SOCKET_STOP_PRE_SIGKILL))
1435 socket_close_fds(s);
1436
1437 if (state != old_state)
1438 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
1439
1440 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1441 }
1442
1443 static int socket_coldplug(Unit *u) {
1444 Socket *s = SOCKET(u);
1445 int r;
1446
1447 assert(s);
1448 assert(s->state == SOCKET_DEAD);
1449
1450 if (s->deserialized_state == s->state)
1451 return 0;
1452
1453 if (IN_SET(s->deserialized_state,
1454 SOCKET_START_PRE,
1455 SOCKET_START_CHOWN,
1456 SOCKET_START_POST,
1457 SOCKET_STOP_PRE,
1458 SOCKET_STOP_PRE_SIGTERM,
1459 SOCKET_STOP_PRE_SIGKILL,
1460 SOCKET_STOP_POST,
1461 SOCKET_FINAL_SIGTERM,
1462 SOCKET_FINAL_SIGKILL)) {
1463
1464 if (s->control_pid <= 0)
1465 return -EBADMSG;
1466
1467 r = unit_watch_pid(UNIT(s), s->control_pid);
1468 if (r < 0)
1469 return r;
1470
1471 r = socket_arm_timer(s);
1472 if (r < 0)
1473 return r;
1474 }
1475
1476 if (IN_SET(s->deserialized_state,
1477 SOCKET_START_CHOWN,
1478 SOCKET_START_POST,
1479 SOCKET_LISTENING,
1480 SOCKET_RUNNING,
1481 SOCKET_STOP_PRE,
1482 SOCKET_STOP_PRE_SIGTERM,
1483 SOCKET_STOP_PRE_SIGKILL)) {
1484 r = socket_open_fds(s);
1485 if (r < 0)
1486 return r;
1487 }
1488
1489 if (s->deserialized_state == SOCKET_LISTENING) {
1490 r = socket_watch_fds(s);
1491 if (r < 0)
1492 return r;
1493 }
1494
1495 socket_set_state(s, s->deserialized_state);
1496 return 0;
1497 }
1498
1499 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1500 _cleanup_free_ char **argv = NULL;
1501 pid_t pid;
1502 int r;
1503 ExecParameters exec_params = {
1504 .apply_permissions = true,
1505 .apply_chroot = true,
1506 .apply_tty_stdin = true,
1507 .bus_endpoint_fd = -1,
1508 .stdin_fd = -1,
1509 .stdout_fd = -1,
1510 .stderr_fd = -1,
1511 };
1512
1513 assert(s);
1514 assert(c);
1515 assert(_pid);
1516
1517 (void) unit_realize_cgroup(UNIT(s));
1518 if (s->reset_cpu_usage) {
1519 (void) unit_reset_cpu_usage(UNIT(s));
1520 s->reset_cpu_usage = false;
1521 }
1522
1523 r = unit_setup_exec_runtime(UNIT(s));
1524 if (r < 0)
1525 goto fail;
1526
1527 r = socket_arm_timer(s);
1528 if (r < 0)
1529 goto fail;
1530
1531 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1532 if (r < 0)
1533 goto fail;
1534
1535 exec_params.argv = argv;
1536 exec_params.environment = UNIT(s)->manager->environment;
1537 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1538 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1539 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1540 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1541 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1542
1543 r = exec_spawn(UNIT(s),
1544 c,
1545 &s->exec_context,
1546 &exec_params,
1547 s->exec_runtime,
1548 &pid);
1549 if (r < 0)
1550 goto fail;
1551
1552 r = unit_watch_pid(UNIT(s), pid);
1553 if (r < 0)
1554 /* FIXME: we need to do something here */
1555 goto fail;
1556
1557 *_pid = pid;
1558 return 0;
1559
1560 fail:
1561 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1562 return r;
1563 }
1564
1565 static int socket_chown(Socket *s, pid_t *_pid) {
1566 pid_t pid;
1567 int r;
1568
1569 r = socket_arm_timer(s);
1570 if (r < 0)
1571 goto fail;
1572
1573 /* We have to resolve the user names out-of-process, hence
1574 * let's fork here. It's messy, but well, what can we do? */
1575
1576 pid = fork();
1577 if (pid < 0)
1578 return -errno;
1579
1580 if (pid == 0) {
1581 SocketPort *p;
1582 uid_t uid = UID_INVALID;
1583 gid_t gid = GID_INVALID;
1584 int ret;
1585
1586 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1587 (void) ignore_signals(SIGPIPE, -1);
1588 log_forget_fds();
1589
1590 if (!isempty(s->user)) {
1591 const char *user = s->user;
1592
1593 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1594 if (r < 0) {
1595 ret = EXIT_USER;
1596 goto fail_child;
1597 }
1598 }
1599
1600 if (!isempty(s->group)) {
1601 const char *group = s->group;
1602
1603 r = get_group_creds(&group, &gid);
1604 if (r < 0) {
1605 ret = EXIT_GROUP;
1606 goto fail_child;
1607 }
1608 }
1609
1610 LIST_FOREACH(port, p, s->ports) {
1611 const char *path = NULL;
1612
1613 if (p->type == SOCKET_SOCKET)
1614 path = socket_address_get_path(&p->address);
1615 else if (p->type == SOCKET_FIFO)
1616 path = p->path;
1617
1618 if (!path)
1619 continue;
1620
1621 if (chown(path, uid, gid) < 0) {
1622 r = -errno;
1623 ret = EXIT_CHOWN;
1624 goto fail_child;
1625 }
1626 }
1627
1628 _exit(0);
1629
1630 fail_child:
1631 log_open();
1632 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1633
1634 _exit(ret);
1635 }
1636
1637 r = unit_watch_pid(UNIT(s), pid);
1638 if (r < 0)
1639 goto fail;
1640
1641 *_pid = pid;
1642 return 0;
1643
1644 fail:
1645 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1646 return r;
1647 }
1648
1649 static void socket_enter_dead(Socket *s, SocketResult f) {
1650 assert(s);
1651
1652 if (f != SOCKET_SUCCESS)
1653 s->result = f;
1654
1655 exec_runtime_destroy(s->exec_runtime);
1656 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1657
1658 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1659
1660 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1661 }
1662
1663 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1664
1665 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1666 int r;
1667 assert(s);
1668
1669 if (f != SOCKET_SUCCESS)
1670 s->result = f;
1671
1672 socket_unwatch_control_pid(s);
1673 s->control_command_id = SOCKET_EXEC_STOP_POST;
1674 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1675
1676 if (s->control_command) {
1677 r = socket_spawn(s, s->control_command, &s->control_pid);
1678 if (r < 0)
1679 goto fail;
1680
1681 socket_set_state(s, SOCKET_STOP_POST);
1682 } else
1683 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1684
1685 return;
1686
1687 fail:
1688 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
1689 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1690 }
1691
1692 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1693 int r;
1694
1695 assert(s);
1696
1697 if (f != SOCKET_SUCCESS)
1698 s->result = f;
1699
1700 r = unit_kill_context(
1701 UNIT(s),
1702 &s->kill_context,
1703 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1704 KILL_KILL : KILL_TERMINATE,
1705 -1,
1706 s->control_pid,
1707 false);
1708 if (r < 0)
1709 goto fail;
1710
1711 if (r > 0) {
1712 r = socket_arm_timer(s);
1713 if (r < 0)
1714 goto fail;
1715
1716 socket_set_state(s, state);
1717 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1718 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1719 else if (state == SOCKET_STOP_PRE_SIGKILL)
1720 socket_enter_stop_post(s, SOCKET_SUCCESS);
1721 else if (state == SOCKET_FINAL_SIGTERM)
1722 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1723 else
1724 socket_enter_dead(s, SOCKET_SUCCESS);
1725
1726 return;
1727
1728 fail:
1729 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
1730
1731 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1732 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1733 else
1734 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1735 }
1736
1737 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1738 int r;
1739 assert(s);
1740
1741 if (f != SOCKET_SUCCESS)
1742 s->result = f;
1743
1744 socket_unwatch_control_pid(s);
1745 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1746 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1747
1748 if (s->control_command) {
1749 r = socket_spawn(s, s->control_command, &s->control_pid);
1750 if (r < 0)
1751 goto fail;
1752
1753 socket_set_state(s, SOCKET_STOP_PRE);
1754 } else
1755 socket_enter_stop_post(s, SOCKET_SUCCESS);
1756
1757 return;
1758
1759 fail:
1760 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
1761 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1762 }
1763
1764 static void socket_enter_listening(Socket *s) {
1765 int r;
1766 assert(s);
1767
1768 r = socket_watch_fds(s);
1769 if (r < 0) {
1770 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1771 goto fail;
1772 }
1773
1774 socket_set_state(s, SOCKET_LISTENING);
1775 return;
1776
1777 fail:
1778 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1779 }
1780
1781 static void socket_enter_start_post(Socket *s) {
1782 int r;
1783 assert(s);
1784
1785 socket_unwatch_control_pid(s);
1786 s->control_command_id = SOCKET_EXEC_START_POST;
1787 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1788
1789 if (s->control_command) {
1790 r = socket_spawn(s, s->control_command, &s->control_pid);
1791 if (r < 0) {
1792 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
1793 goto fail;
1794 }
1795
1796 socket_set_state(s, SOCKET_START_POST);
1797 } else
1798 socket_enter_listening(s);
1799
1800 return;
1801
1802 fail:
1803 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1804 }
1805
1806 static void socket_enter_start_chown(Socket *s) {
1807 int r;
1808
1809 assert(s);
1810
1811 r = socket_open_fds(s);
1812 if (r < 0) {
1813 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1814 goto fail;
1815 }
1816
1817 if (!isempty(s->user) || !isempty(s->group)) {
1818
1819 socket_unwatch_control_pid(s);
1820 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1821 s->control_command = NULL;
1822
1823 r = socket_chown(s, &s->control_pid);
1824 if (r < 0) {
1825 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
1826 goto fail;
1827 }
1828
1829 socket_set_state(s, SOCKET_START_CHOWN);
1830 } else
1831 socket_enter_start_post(s);
1832
1833 return;
1834
1835 fail:
1836 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1837 }
1838
1839 static void socket_enter_start_pre(Socket *s) {
1840 int r;
1841 assert(s);
1842
1843 socket_unwatch_control_pid(s);
1844 s->control_command_id = SOCKET_EXEC_START_PRE;
1845 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1846
1847 if (s->control_command) {
1848 r = socket_spawn(s, s->control_command, &s->control_pid);
1849 if (r < 0) {
1850 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
1851 goto fail;
1852 }
1853
1854 socket_set_state(s, SOCKET_START_PRE);
1855 } else
1856 socket_enter_start_chown(s);
1857
1858 return;
1859
1860 fail:
1861 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1862 }
1863
1864 static void socket_enter_running(Socket *s, int cfd) {
1865 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1866 int r;
1867
1868 assert(s);
1869
1870 /* We don't take connections anymore if we are supposed to
1871 * shut down anyway */
1872 if (unit_stop_pending(UNIT(s))) {
1873
1874 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
1875
1876 if (cfd >= 0)
1877 safe_close(cfd);
1878 else {
1879 /* Flush all sockets by closing and reopening them */
1880 socket_close_fds(s);
1881
1882 r = socket_open_fds(s);
1883 if (r < 0) {
1884 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1885 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1886 return;
1887 }
1888
1889 r = socket_watch_fds(s);
1890 if (r < 0) {
1891 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1892 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1893 }
1894 }
1895
1896 return;
1897 }
1898
1899 if (cfd < 0) {
1900 Iterator i;
1901 Unit *other;
1902 bool pending = false;
1903
1904 /* If there's already a start pending don't bother to
1905 * do anything */
1906 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1907 if (unit_active_or_pending(other)) {
1908 pending = true;
1909 break;
1910 }
1911
1912 if (!pending) {
1913 if (!UNIT_ISSET(s->service)) {
1914 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
1915 r = -ENOENT;
1916 goto fail;
1917 }
1918
1919 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1920 if (r < 0)
1921 goto fail;
1922 }
1923
1924 socket_set_state(s, SOCKET_RUNNING);
1925 } else {
1926 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1927 Service *service;
1928
1929 if (s->n_connections >= s->max_connections) {
1930 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
1931 safe_close(cfd);
1932 return;
1933 }
1934
1935 r = socket_instantiate_service(s);
1936 if (r < 0)
1937 goto fail;
1938
1939 r = instance_from_socket(cfd, s->n_accepted, &instance);
1940 if (r < 0) {
1941 if (r != -ENOTCONN)
1942 goto fail;
1943
1944 /* ENOTCONN is legitimate if TCP RST was received.
1945 * This connection is over, but the socket unit lives on. */
1946 safe_close(cfd);
1947 return;
1948 }
1949
1950 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1951 if (r < 0)
1952 goto fail;
1953
1954 r = unit_name_build(prefix, instance, ".service", &name);
1955 if (r < 0)
1956 goto fail;
1957
1958 r = unit_add_name(UNIT_DEREF(s->service), name);
1959 if (r < 0)
1960 goto fail;
1961
1962 service = SERVICE(UNIT_DEREF(s->service));
1963 unit_ref_unset(&s->service);
1964 s->n_accepted ++;
1965
1966 UNIT(service)->no_gc = false;
1967
1968 unit_choose_id(UNIT(service), name);
1969
1970 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1971 if (r < 0)
1972 goto fail;
1973
1974 cfd = -1;
1975 s->n_connections ++;
1976
1977 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1978 if (r < 0)
1979 goto fail;
1980
1981 /* Notify clients about changed counters */
1982 unit_add_to_dbus_queue(UNIT(s));
1983 }
1984
1985 return;
1986
1987 fail:
1988 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1989 cfd >= 0 ? "template" : "non-template",
1990 bus_error_message(&error, r));
1991
1992 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1993 safe_close(cfd);
1994 }
1995
1996 static void socket_run_next(Socket *s) {
1997 int r;
1998
1999 assert(s);
2000 assert(s->control_command);
2001 assert(s->control_command->command_next);
2002
2003 socket_unwatch_control_pid(s);
2004
2005 s->control_command = s->control_command->command_next;
2006
2007 r = socket_spawn(s, s->control_command, &s->control_pid);
2008 if (r < 0)
2009 goto fail;
2010
2011 return;
2012
2013 fail:
2014 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
2015
2016 if (s->state == SOCKET_START_POST)
2017 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2018 else if (s->state == SOCKET_STOP_POST)
2019 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
2020 else
2021 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
2022 }
2023
2024 static int socket_start(Unit *u) {
2025 Socket *s = SOCKET(u);
2026
2027 assert(s);
2028
2029 /* We cannot fulfill this request right now, try again later
2030 * please! */
2031 if (IN_SET(s->state,
2032 SOCKET_STOP_PRE,
2033 SOCKET_STOP_PRE_SIGKILL,
2034 SOCKET_STOP_PRE_SIGTERM,
2035 SOCKET_STOP_POST,
2036 SOCKET_FINAL_SIGTERM,
2037 SOCKET_FINAL_SIGKILL))
2038 return -EAGAIN;
2039
2040 /* Already on it! */
2041 if (IN_SET(s->state,
2042 SOCKET_START_PRE,
2043 SOCKET_START_CHOWN,
2044 SOCKET_START_POST))
2045 return 0;
2046
2047 /* Cannot run this without the service being around */
2048 if (UNIT_ISSET(s->service)) {
2049 Service *service;
2050
2051 service = SERVICE(UNIT_DEREF(s->service));
2052
2053 if (UNIT(service)->load_state != UNIT_LOADED) {
2054 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
2055 return -ENOENT;
2056 }
2057
2058 /* If the service is already active we cannot start the
2059 * socket */
2060 if (service->state != SERVICE_DEAD &&
2061 service->state != SERVICE_FAILED &&
2062 service->state != SERVICE_AUTO_RESTART) {
2063 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
2064 return -EBUSY;
2065 }
2066 }
2067
2068 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
2069
2070 s->result = SOCKET_SUCCESS;
2071 s->reset_cpu_usage = true;
2072
2073 socket_enter_start_pre(s);
2074
2075 return 1;
2076 }
2077
2078 static int socket_stop(Unit *u) {
2079 Socket *s = SOCKET(u);
2080
2081 assert(s);
2082
2083 /* Already on it */
2084 if (IN_SET(s->state,
2085 SOCKET_STOP_PRE,
2086 SOCKET_STOP_PRE_SIGTERM,
2087 SOCKET_STOP_PRE_SIGKILL,
2088 SOCKET_STOP_POST,
2089 SOCKET_FINAL_SIGTERM,
2090 SOCKET_FINAL_SIGKILL))
2091 return 0;
2092
2093 /* If there's already something running we go directly into
2094 * kill mode. */
2095 if (IN_SET(s->state,
2096 SOCKET_START_PRE,
2097 SOCKET_START_CHOWN,
2098 SOCKET_START_POST)) {
2099 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
2100 return -EAGAIN;
2101 }
2102
2103 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
2104
2105 socket_enter_stop_pre(s, SOCKET_SUCCESS);
2106 return 1;
2107 }
2108
2109 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2110 Socket *s = SOCKET(u);
2111 SocketPort *p;
2112 int r;
2113
2114 assert(u);
2115 assert(f);
2116 assert(fds);
2117
2118 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2119 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2120 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2121
2122 if (s->control_pid > 0)
2123 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2124
2125 if (s->control_command_id >= 0)
2126 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2127
2128 LIST_FOREACH(port, p, s->ports) {
2129 int copy;
2130
2131 if (p->fd < 0)
2132 continue;
2133
2134 copy = fdset_put_dup(fds, p->fd);
2135 if (copy < 0)
2136 return copy;
2137
2138 if (p->type == SOCKET_SOCKET) {
2139 _cleanup_free_ char *t = NULL;
2140
2141 r = socket_address_print(&p->address, &t);
2142 if (r < 0)
2143 return r;
2144
2145 if (socket_address_family(&p->address) == AF_NETLINK)
2146 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2147 else
2148 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2149
2150 } else if (p->type == SOCKET_SPECIAL)
2151 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2152 else if (p->type == SOCKET_MQUEUE)
2153 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2154 else if (p->type == SOCKET_USB_FUNCTION)
2155 unit_serialize_item_format(u, f, "ffs", "%i %s", copy, p->path);
2156 else {
2157 assert(p->type == SOCKET_FIFO);
2158 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2159 }
2160 }
2161
2162 return 0;
2163 }
2164
2165 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2166 Socket *s = SOCKET(u);
2167
2168 assert(u);
2169 assert(key);
2170 assert(value);
2171
2172 if (streq(key, "state")) {
2173 SocketState state;
2174
2175 state = socket_state_from_string(value);
2176 if (state < 0)
2177 log_unit_debug(u, "Failed to parse state value: %s", value);
2178 else
2179 s->deserialized_state = state;
2180 } else if (streq(key, "result")) {
2181 SocketResult f;
2182
2183 f = socket_result_from_string(value);
2184 if (f < 0)
2185 log_unit_debug(u, "Failed to parse result value: %s", value);
2186 else if (f != SOCKET_SUCCESS)
2187 s->result = f;
2188
2189 } else if (streq(key, "n-accepted")) {
2190 unsigned k;
2191
2192 if (safe_atou(value, &k) < 0)
2193 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
2194 else
2195 s->n_accepted += k;
2196 } else if (streq(key, "control-pid")) {
2197 pid_t pid;
2198
2199 if (parse_pid(value, &pid) < 0)
2200 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
2201 else
2202 s->control_pid = pid;
2203 } else if (streq(key, "control-command")) {
2204 SocketExecCommand id;
2205
2206 id = socket_exec_command_from_string(value);
2207 if (id < 0)
2208 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
2209 else {
2210 s->control_command_id = id;
2211 s->control_command = s->exec_command[id];
2212 }
2213 } else if (streq(key, "fifo")) {
2214 int fd, skip = 0;
2215 SocketPort *p;
2216
2217 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2218 log_unit_debug(u, "Failed to parse fifo value: %s", value);
2219 else {
2220
2221 LIST_FOREACH(port, p, s->ports)
2222 if (p->type == SOCKET_FIFO &&
2223 path_equal_or_files_same(p->path, value+skip))
2224 break;
2225
2226 if (p) {
2227 safe_close(p->fd);
2228 p->fd = fdset_remove(fds, fd);
2229 }
2230 }
2231
2232 } else if (streq(key, "special")) {
2233 int fd, skip = 0;
2234 SocketPort *p;
2235
2236 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2237 log_unit_debug(u, "Failed to parse special value: %s", value);
2238 else {
2239
2240 LIST_FOREACH(port, p, s->ports)
2241 if (p->type == SOCKET_SPECIAL &&
2242 path_equal_or_files_same(p->path, value+skip))
2243 break;
2244
2245 if (p) {
2246 safe_close(p->fd);
2247 p->fd = fdset_remove(fds, fd);
2248 }
2249 }
2250
2251 } else if (streq(key, "mqueue")) {
2252 int fd, skip = 0;
2253 SocketPort *p;
2254
2255 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2256 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
2257 else {
2258
2259 LIST_FOREACH(port, p, s->ports)
2260 if (p->type == SOCKET_MQUEUE &&
2261 streq(p->path, value+skip))
2262 break;
2263
2264 if (p) {
2265 safe_close(p->fd);
2266 p->fd = fdset_remove(fds, fd);
2267 }
2268 }
2269
2270 } else if (streq(key, "socket")) {
2271 int fd, type, skip = 0;
2272 SocketPort *p;
2273
2274 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2275 log_unit_debug(u, "Failed to parse socket value: %s", value);
2276 else {
2277
2278 LIST_FOREACH(port, p, s->ports)
2279 if (socket_address_is(&p->address, value+skip, type))
2280 break;
2281
2282 if (p) {
2283 safe_close(p->fd);
2284 p->fd = fdset_remove(fds, fd);
2285 }
2286 }
2287
2288 } else if (streq(key, "netlink")) {
2289 int fd, skip = 0;
2290 SocketPort *p;
2291
2292 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2293 log_unit_debug(u, "Failed to parse socket value: %s", value);
2294 else {
2295
2296 LIST_FOREACH(port, p, s->ports)
2297 if (socket_address_is_netlink(&p->address, value+skip))
2298 break;
2299
2300 if (p) {
2301 safe_close(p->fd);
2302 p->fd = fdset_remove(fds, fd);
2303 }
2304 }
2305
2306 } else if (streq(key, "ffs")) {
2307 int fd, skip = 0;
2308 SocketPort *p;
2309
2310 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2311 log_unit_debug(u, "Failed to parse ffs value: %s", value);
2312 else {
2313
2314 LIST_FOREACH(port, p, s->ports)
2315 if (p->type == SOCKET_USB_FUNCTION &&
2316 path_equal_or_files_same(p->path, value+skip))
2317 break;
2318
2319 if (p) {
2320 safe_close(p->fd);
2321 p->fd = fdset_remove(fds, fd);
2322 }
2323 }
2324
2325 } else
2326 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
2327
2328 return 0;
2329 }
2330
2331 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2332 Socket *s = SOCKET(u);
2333 SocketPort *p;
2334
2335 assert(u);
2336
2337 LIST_FOREACH(port, p, s->ports) {
2338 Iterator i;
2339 int fd;
2340
2341 if (p->type != SOCKET_SOCKET)
2342 continue;
2343
2344 if (p->fd >= 0)
2345 continue;
2346
2347 FDSET_FOREACH(fd, fds, i) {
2348 if (socket_address_matches_fd(&p->address, fd)) {
2349 p->fd = fdset_remove(fds, fd);
2350 s->deserialized_state = SOCKET_LISTENING;
2351 break;
2352 }
2353 }
2354 }
2355
2356 return 0;
2357 }
2358
2359 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2360 assert(u);
2361
2362 return state_translation_table[SOCKET(u)->state];
2363 }
2364
2365 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2366 assert(u);
2367
2368 return socket_state_to_string(SOCKET(u)->state);
2369 }
2370
2371 const char* socket_port_type_to_string(SocketPort *p) {
2372
2373 assert(p);
2374
2375 switch (p->type) {
2376
2377 case SOCKET_SOCKET:
2378
2379 switch (p->address.type) {
2380
2381 case SOCK_STREAM:
2382 return "Stream";
2383
2384 case SOCK_DGRAM:
2385 return "Datagram";
2386
2387 case SOCK_SEQPACKET:
2388 return "SequentialPacket";
2389
2390 case SOCK_RAW:
2391 if (socket_address_family(&p->address) == AF_NETLINK)
2392 return "Netlink";
2393
2394 default:
2395 return NULL;
2396 }
2397
2398 case SOCKET_SPECIAL:
2399 return "Special";
2400
2401 case SOCKET_MQUEUE:
2402 return "MessageQueue";
2403
2404 case SOCKET_FIFO:
2405 return "FIFO";
2406
2407 case SOCKET_USB_FUNCTION:
2408 return "USBFunction";
2409
2410 default:
2411 return NULL;
2412 }
2413 }
2414
2415 _pure_ static bool socket_check_gc(Unit *u) {
2416 Socket *s = SOCKET(u);
2417
2418 assert(u);
2419
2420 return s->n_connections > 0;
2421 }
2422
2423 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2424 SocketPort *p = userdata;
2425 int cfd = -1;
2426
2427 assert(p);
2428 assert(fd >= 0);
2429
2430 if (p->socket->state != SOCKET_LISTENING)
2431 return 0;
2432
2433 log_unit_debug(UNIT(p->socket), "Incoming traffic");
2434
2435 if (revents != EPOLLIN) {
2436
2437 if (revents & EPOLLHUP)
2438 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2439 else
2440 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
2441 goto fail;
2442 }
2443
2444 if (p->socket->accept &&
2445 p->type == SOCKET_SOCKET &&
2446 socket_address_can_accept(&p->address)) {
2447
2448 for (;;) {
2449
2450 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2451 if (cfd < 0) {
2452
2453 if (errno == EINTR)
2454 continue;
2455
2456 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
2457 goto fail;
2458 }
2459
2460 break;
2461 }
2462
2463 socket_apply_socket_options(p->socket, cfd);
2464 }
2465
2466 socket_enter_running(p->socket, cfd);
2467 return 0;
2468
2469 fail:
2470 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2471 return 0;
2472 }
2473
2474 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2475 Socket *s = SOCKET(u);
2476 SocketResult f;
2477
2478 assert(s);
2479 assert(pid >= 0);
2480
2481 if (pid != s->control_pid)
2482 return;
2483
2484 s->control_pid = 0;
2485
2486 if (is_clean_exit(code, status, NULL))
2487 f = SOCKET_SUCCESS;
2488 else if (code == CLD_EXITED)
2489 f = SOCKET_FAILURE_EXIT_CODE;
2490 else if (code == CLD_KILLED)
2491 f = SOCKET_FAILURE_SIGNAL;
2492 else if (code == CLD_DUMPED)
2493 f = SOCKET_FAILURE_CORE_DUMP;
2494 else
2495 assert_not_reached("Unknown sigchld code");
2496
2497 if (s->control_command) {
2498 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2499
2500 if (s->control_command->ignore)
2501 f = SOCKET_SUCCESS;
2502 }
2503
2504 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2505 "Control process exited, code=%s status=%i",
2506 sigchld_code_to_string(code), status);
2507
2508 if (f != SOCKET_SUCCESS)
2509 s->result = f;
2510
2511 if (s->control_command &&
2512 s->control_command->command_next &&
2513 f == SOCKET_SUCCESS) {
2514
2515 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
2516 socket_run_next(s);
2517 } else {
2518 s->control_command = NULL;
2519 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2520
2521 /* No further commands for this step, so let's figure
2522 * out what to do next */
2523
2524 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
2525
2526 switch (s->state) {
2527
2528 case SOCKET_START_PRE:
2529 if (f == SOCKET_SUCCESS)
2530 socket_enter_start_chown(s);
2531 else
2532 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2533 break;
2534
2535 case SOCKET_START_CHOWN:
2536 if (f == SOCKET_SUCCESS)
2537 socket_enter_start_post(s);
2538 else
2539 socket_enter_stop_pre(s, f);
2540 break;
2541
2542 case SOCKET_START_POST:
2543 if (f == SOCKET_SUCCESS)
2544 socket_enter_listening(s);
2545 else
2546 socket_enter_stop_pre(s, f);
2547 break;
2548
2549 case SOCKET_STOP_PRE:
2550 case SOCKET_STOP_PRE_SIGTERM:
2551 case SOCKET_STOP_PRE_SIGKILL:
2552 socket_enter_stop_post(s, f);
2553 break;
2554
2555 case SOCKET_STOP_POST:
2556 case SOCKET_FINAL_SIGTERM:
2557 case SOCKET_FINAL_SIGKILL:
2558 socket_enter_dead(s, f);
2559 break;
2560
2561 default:
2562 assert_not_reached("Uh, control process died at wrong time.");
2563 }
2564 }
2565
2566 /* Notify clients about changed exit status */
2567 unit_add_to_dbus_queue(u);
2568 }
2569
2570 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2571 Socket *s = SOCKET(userdata);
2572
2573 assert(s);
2574 assert(s->timer_event_source == source);
2575
2576 switch (s->state) {
2577
2578 case SOCKET_START_PRE:
2579 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
2580 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2581 break;
2582
2583 case SOCKET_START_CHOWN:
2584 case SOCKET_START_POST:
2585 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
2586 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2587 break;
2588
2589 case SOCKET_STOP_PRE:
2590 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
2591 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2592 break;
2593
2594 case SOCKET_STOP_PRE_SIGTERM:
2595 if (s->kill_context.send_sigkill) {
2596 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
2597 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2598 } else {
2599 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2600 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2601 }
2602 break;
2603
2604 case SOCKET_STOP_PRE_SIGKILL:
2605 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
2606 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2607 break;
2608
2609 case SOCKET_STOP_POST:
2610 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
2611 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2612 break;
2613
2614 case SOCKET_FINAL_SIGTERM:
2615 if (s->kill_context.send_sigkill) {
2616 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
2617 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2618 } else {
2619 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2620 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2621 }
2622 break;
2623
2624 case SOCKET_FINAL_SIGKILL:
2625 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
2626 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2627 break;
2628
2629 default:
2630 assert_not_reached("Timeout at wrong time.");
2631 }
2632
2633 return 0;
2634 }
2635
2636 int socket_collect_fds(Socket *s, int **fds) {
2637 int *rfds, k = 0, n = 0;
2638 SocketPort *p;
2639
2640 assert(s);
2641 assert(fds);
2642
2643 /* Called from the service code for requesting our fds */
2644
2645 LIST_FOREACH(port, p, s->ports) {
2646 if (p->fd >= 0)
2647 n++;
2648 n += p->n_auxiliary_fds;
2649 }
2650
2651 if (n <= 0) {
2652 *fds = NULL;
2653 return 0;
2654 }
2655
2656 rfds = new(int, n);
2657 if (!rfds)
2658 return -ENOMEM;
2659
2660 LIST_FOREACH(port, p, s->ports) {
2661 int i;
2662
2663 if (p->fd >= 0)
2664 rfds[k++] = p->fd;
2665 for (i = 0; i < p->n_auxiliary_fds; ++i)
2666 rfds[k++] = p->auxiliary_fds[i];
2667 }
2668
2669 assert(k == n);
2670
2671 *fds = rfds;
2672 return n;
2673 }
2674
2675 static void socket_reset_failed(Unit *u) {
2676 Socket *s = SOCKET(u);
2677
2678 assert(s);
2679
2680 if (s->state == SOCKET_FAILED)
2681 socket_set_state(s, SOCKET_DEAD);
2682
2683 s->result = SOCKET_SUCCESS;
2684 }
2685
2686 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2687 assert(s);
2688
2689 /* The service is dead. Dang!
2690 *
2691 * This is strictly for one-instance-for-all-connections
2692 * services. */
2693
2694 if (s->state == SOCKET_RUNNING) {
2695 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
2696 if (failed_permanent)
2697 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2698 else
2699 socket_enter_listening(s);
2700 }
2701 }
2702
2703 void socket_connection_unref(Socket *s) {
2704 assert(s);
2705
2706 /* The service is dead. Yay!
2707 *
2708 * This is strictly for one-instance-per-connection
2709 * services. */
2710
2711 assert(s->n_connections > 0);
2712 s->n_connections--;
2713
2714 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
2715 }
2716
2717 static void socket_trigger_notify(Unit *u, Unit *other) {
2718 Socket *s = SOCKET(u);
2719 Service *se;
2720
2721 assert(u);
2722 assert(other);
2723
2724 /* Don't propagate state changes from the service if we are
2725 already down or accepting connections */
2726 if ((s->state != SOCKET_RUNNING &&
2727 s->state != SOCKET_LISTENING) ||
2728 s->accept)
2729 return;
2730
2731 if (other->load_state != UNIT_LOADED ||
2732 other->type != UNIT_SERVICE)
2733 return;
2734
2735 se = SERVICE(other);
2736
2737 if (se->state == SERVICE_FAILED)
2738 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2739
2740 if (se->state == SERVICE_DEAD ||
2741 se->state == SERVICE_FINAL_SIGTERM ||
2742 se->state == SERVICE_FINAL_SIGKILL ||
2743 se->state == SERVICE_AUTO_RESTART)
2744 socket_notify_service_dead(s, false);
2745
2746 if (se->state == SERVICE_RUNNING)
2747 socket_set_state(s, SOCKET_RUNNING);
2748 }
2749
2750 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2751 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2752 }
2753
2754 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2755 Socket *s = SOCKET(u);
2756 int r;
2757
2758 if (!s->timer_event_source)
2759 return 0;
2760
2761 r = sd_event_source_get_time(s->timer_event_source, timeout);
2762 if (r < 0)
2763 return r;
2764
2765 return 1;
2766 }
2767
2768 char *socket_fdname(Socket *s) {
2769 assert(s);
2770
2771 /* Returns the name to use for $LISTEN_NAMES. If the user
2772 * didn't specify anything specifically, use the socket unit's
2773 * name as fallback. */
2774
2775 if (s->fdname)
2776 return s->fdname;
2777
2778 return UNIT(s)->id;
2779 }
2780
2781 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2782 [SOCKET_EXEC_START_PRE] = "StartPre",
2783 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2784 [SOCKET_EXEC_START_POST] = "StartPost",
2785 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2786 [SOCKET_EXEC_STOP_POST] = "StopPost"
2787 };
2788
2789 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2790
2791 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2792 [SOCKET_SUCCESS] = "success",
2793 [SOCKET_FAILURE_RESOURCES] = "resources",
2794 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2795 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2796 [SOCKET_FAILURE_SIGNAL] = "signal",
2797 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2798 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2799 };
2800
2801 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2802
2803 const UnitVTable socket_vtable = {
2804 .object_size = sizeof(Socket),
2805 .exec_context_offset = offsetof(Socket, exec_context),
2806 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2807 .kill_context_offset = offsetof(Socket, kill_context),
2808 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2809
2810 .sections =
2811 "Unit\0"
2812 "Socket\0"
2813 "Install\0",
2814 .private_section = "Socket",
2815
2816 .init = socket_init,
2817 .done = socket_done,
2818 .load = socket_load,
2819
2820 .coldplug = socket_coldplug,
2821
2822 .dump = socket_dump,
2823
2824 .start = socket_start,
2825 .stop = socket_stop,
2826
2827 .kill = socket_kill,
2828
2829 .get_timeout = socket_get_timeout,
2830
2831 .serialize = socket_serialize,
2832 .deserialize_item = socket_deserialize_item,
2833 .distribute_fds = socket_distribute_fds,
2834
2835 .active_state = socket_active_state,
2836 .sub_state_to_string = socket_sub_state_to_string,
2837
2838 .check_gc = socket_check_gc,
2839
2840 .sigchld_event = socket_sigchld_event,
2841
2842 .trigger_notify = socket_trigger_notify,
2843
2844 .reset_failed = socket_reset_failed,
2845
2846 .bus_vtable = bus_socket_vtable,
2847 .bus_set_property = bus_socket_set_property,
2848 .bus_commit_properties = bus_socket_commit_properties,
2849
2850 .status_message_formats = {
2851 /*.starting_stopping = {
2852 [0] = "Starting socket %s...",
2853 [1] = "Stopping socket %s...",
2854 },*/
2855 .finished_start_job = {
2856 [JOB_DONE] = "Listening on %s.",
2857 [JOB_FAILED] = "Failed to listen on %s.",
2858 [JOB_TIMEOUT] = "Timed out starting %s.",
2859 },
2860 .finished_stop_job = {
2861 [JOB_DONE] = "Closed %s.",
2862 [JOB_FAILED] = "Failed stopping %s.",
2863 [JOB_TIMEOUT] = "Timed out stopping %s.",
2864 },
2865 },
2866 };
Unnamed repository; edit this file 'description' to name the repository.