]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tree-wide: use coccinelle to patch a lot of code to use mfree()
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/stat.h>
23 #include <unistd.h>
24 #include <errno.h>
25 #include <fcntl.h>
26 #include <sys/epoll.h>
27 #include <signal.h>
28 #include <arpa/inet.h>
29 #include <netinet/tcp.h>
30 #include <mqueue.h>
31
32 #include "sd-event.h"
33 #include "log.h"
34 #include "strv.h"
35 #include "mkdir.h"
36 #include "path-util.h"
37 #include "unit-name.h"
38 #include "unit-printf.h"
39 #include "missing.h"
40 #include "special.h"
41 #include "label.h"
42 #include "exit-status.h"
43 #include "def.h"
44 #include "smack-util.h"
45 #include "bus-util.h"
46 #include "bus-error.h"
47 #include "selinux-util.h"
48 #include "dbus-socket.h"
49 #include "unit.h"
50 #include "formats-util.h"
51 #include "signal-util.h"
52 #include "socket.h"
53
54 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
55 [SOCKET_DEAD] = UNIT_INACTIVE,
56 [SOCKET_START_PRE] = UNIT_ACTIVATING,
57 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
58 [SOCKET_START_POST] = UNIT_ACTIVATING,
59 [SOCKET_LISTENING] = UNIT_ACTIVE,
60 [SOCKET_RUNNING] = UNIT_ACTIVE,
61 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
62 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
65 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
66 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
67 [SOCKET_FAILED] = UNIT_FAILED
68 };
69
70 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
71 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
72
73 static void socket_init(Unit *u) {
74 Socket *s = SOCKET(u);
75
76 assert(u);
77 assert(u->load_state == UNIT_STUB);
78
79 s->backlog = SOMAXCONN;
80 s->timeout_usec = u->manager->default_timeout_start_usec;
81 s->directory_mode = 0755;
82 s->socket_mode = 0666;
83
84 s->max_connections = 64;
85
86 s->priority = -1;
87 s->ip_tos = -1;
88 s->ip_ttl = -1;
89 s->mark = -1;
90
91 s->exec_context.std_output = u->manager->default_std_output;
92 s->exec_context.std_error = u->manager->default_std_error;
93
94 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
95 }
96
97 static void socket_unwatch_control_pid(Socket *s) {
98 assert(s);
99
100 if (s->control_pid <= 0)
101 return;
102
103 unit_unwatch_pid(UNIT(s), s->control_pid);
104 s->control_pid = 0;
105 }
106
107 void socket_free_ports(Socket *s) {
108 SocketPort *p;
109
110 assert(s);
111
112 while ((p = s->ports)) {
113 LIST_REMOVE(port, s->ports, p);
114
115 sd_event_source_unref(p->event_source);
116
117 safe_close(p->fd);
118 free(p->path);
119 free(p);
120 }
121 }
122
123 static void socket_done(Unit *u) {
124 Socket *s = SOCKET(u);
125
126 assert(s);
127
128 socket_free_ports(s);
129
130 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
131 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
132 s->control_command = NULL;
133
134 socket_unwatch_control_pid(s);
135
136 unit_ref_unset(&s->service);
137
138 s->tcp_congestion = mfree(s->tcp_congestion);
139 s->bind_to_device = mfree(s->bind_to_device);
140
141 free(s->smack);
142 free(s->smack_ip_in);
143 free(s->smack_ip_out);
144
145 strv_free(s->symlinks);
146
147 free(s->user);
148 free(s->group);
149
150 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
151 }
152
153 static int socket_arm_timer(Socket *s) {
154 int r;
155
156 assert(s);
157
158 if (s->timeout_usec <= 0) {
159 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
160 return 0;
161 }
162
163 if (s->timer_event_source) {
164 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
165 if (r < 0)
166 return r;
167
168 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
169 }
170
171 r = sd_event_add_time(
172 UNIT(s)->manager->event,
173 &s->timer_event_source,
174 CLOCK_MONOTONIC,
175 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
176 socket_dispatch_timer, s);
177 if (r < 0)
178 return r;
179
180 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
181
182 return 0;
183 }
184
185 int socket_instantiate_service(Socket *s) {
186 _cleanup_free_ char *prefix = NULL, *name = NULL;
187 int r;
188 Unit *u;
189
190 assert(s);
191
192 /* This fills in s->service if it isn't filled in yet. For
193 * Accept=yes sockets we create the next connection service
194 * here. For Accept=no this is mostly a NOP since the service
195 * is figured out at load time anyway. */
196
197 if (UNIT_DEREF(s->service))
198 return 0;
199
200 if (!s->accept)
201 return 0;
202
203 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
204 if (r < 0)
205 return r;
206
207 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
208 return -ENOMEM;
209
210 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
211 if (r < 0)
212 return r;
213
214 u->no_gc = true;
215 unit_ref_set(&s->service, u);
216
217 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
218 }
219
220 static bool have_non_accept_socket(Socket *s) {
221 SocketPort *p;
222
223 assert(s);
224
225 if (!s->accept)
226 return true;
227
228 LIST_FOREACH(port, p, s->ports) {
229
230 if (p->type != SOCKET_SOCKET)
231 return true;
232
233 if (!socket_address_can_accept(&p->address))
234 return true;
235 }
236
237 return false;
238 }
239
240 static int socket_add_mount_links(Socket *s) {
241 SocketPort *p;
242 int r;
243
244 assert(s);
245
246 LIST_FOREACH(port, p, s->ports) {
247 const char *path = NULL;
248
249 if (p->type == SOCKET_SOCKET)
250 path = socket_address_get_path(&p->address);
251 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
252 path = p->path;
253
254 if (!path)
255 continue;
256
257 r = unit_require_mounts_for(UNIT(s), path);
258 if (r < 0)
259 return r;
260 }
261
262 return 0;
263 }
264
265 static int socket_add_device_link(Socket *s) {
266 char *t;
267
268 assert(s);
269
270 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
271 return 0;
272
273 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
274 return unit_add_node_link(UNIT(s), t, false);
275 }
276
277 static int socket_add_default_dependencies(Socket *s) {
278 int r;
279 assert(s);
280
281 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
282 if (r < 0)
283 return r;
284
285 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
286 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
287 if (r < 0)
288 return r;
289 }
290
291 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
292 }
293
294 _pure_ static bool socket_has_exec(Socket *s) {
295 unsigned i;
296 assert(s);
297
298 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
299 if (s->exec_command[i])
300 return true;
301
302 return false;
303 }
304
305 static int socket_add_extras(Socket *s) {
306 Unit *u = UNIT(s);
307 int r;
308
309 assert(s);
310
311 if (have_non_accept_socket(s)) {
312
313 if (!UNIT_DEREF(s->service)) {
314 Unit *x;
315
316 r = unit_load_related_unit(u, ".service", &x);
317 if (r < 0)
318 return r;
319
320 unit_ref_set(&s->service, x);
321 }
322
323 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
324 if (r < 0)
325 return r;
326 }
327
328 r = socket_add_mount_links(s);
329 if (r < 0)
330 return r;
331
332 r = socket_add_device_link(s);
333 if (r < 0)
334 return r;
335
336 r = unit_patch_contexts(u);
337 if (r < 0)
338 return r;
339
340 if (socket_has_exec(s)) {
341 r = unit_add_exec_dependencies(u, &s->exec_context);
342 if (r < 0)
343 return r;
344
345 r = unit_set_default_slice(u);
346 if (r < 0)
347 return r;
348 }
349
350 if (u->default_dependencies) {
351 r = socket_add_default_dependencies(s);
352 if (r < 0)
353 return r;
354 }
355
356 return 0;
357 }
358
359 static const char *socket_find_symlink_target(Socket *s) {
360 const char *found = NULL;
361 SocketPort *p;
362
363 LIST_FOREACH(port, p, s->ports) {
364 const char *f = NULL;
365
366 switch (p->type) {
367
368 case SOCKET_FIFO:
369 f = p->path;
370 break;
371
372 case SOCKET_SOCKET:
373 if (p->address.sockaddr.un.sun_path[0] != 0)
374 f = p->address.sockaddr.un.sun_path;
375 break;
376
377 default:
378 break;
379 }
380
381 if (f) {
382 if (found)
383 return NULL;
384
385 found = f;
386 }
387 }
388
389 return found;
390 }
391
392 static int socket_verify(Socket *s) {
393 assert(s);
394
395 if (UNIT(s)->load_state != UNIT_LOADED)
396 return 0;
397
398 if (!s->ports) {
399 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
400 return -EINVAL;
401 }
402
403 if (s->accept && have_non_accept_socket(s)) {
404 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
405 return -EINVAL;
406 }
407
408 if (s->accept && s->max_connections <= 0) {
409 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
410 return -EINVAL;
411 }
412
413 if (s->accept && UNIT_DEREF(s->service)) {
414 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
415 return -EINVAL;
416 }
417
418 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
419 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
420 return -EINVAL;
421 }
422
423 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
424 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
425 return -EINVAL;
426 }
427
428 return 0;
429 }
430
431 static int socket_load(Unit *u) {
432 Socket *s = SOCKET(u);
433 int r;
434
435 assert(u);
436 assert(u->load_state == UNIT_STUB);
437
438 r = unit_load_fragment_and_dropin(u);
439 if (r < 0)
440 return r;
441
442 if (u->load_state == UNIT_LOADED) {
443 /* This is a new unit? Then let's add in some extras */
444 r = socket_add_extras(s);
445 if (r < 0)
446 return r;
447 }
448
449 return socket_verify(s);
450 }
451
452 _const_ static const char* listen_lookup(int family, int type) {
453
454 if (family == AF_NETLINK)
455 return "ListenNetlink";
456
457 if (type == SOCK_STREAM)
458 return "ListenStream";
459 else if (type == SOCK_DGRAM)
460 return "ListenDatagram";
461 else if (type == SOCK_SEQPACKET)
462 return "ListenSequentialPacket";
463
464 assert_not_reached("Unknown socket type");
465 return NULL;
466 }
467
468 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
469 char time_string[FORMAT_TIMESPAN_MAX];
470 SocketExecCommand c;
471 Socket *s = SOCKET(u);
472 SocketPort *p;
473 const char *prefix2;
474
475 assert(s);
476 assert(f);
477
478 prefix = strempty(prefix);
479 prefix2 = strjoina(prefix, "\t");
480
481 fprintf(f,
482 "%sSocket State: %s\n"
483 "%sResult: %s\n"
484 "%sBindIPv6Only: %s\n"
485 "%sBacklog: %u\n"
486 "%sSocketMode: %04o\n"
487 "%sDirectoryMode: %04o\n"
488 "%sKeepAlive: %s\n"
489 "%sNoDelay: %s\n"
490 "%sFreeBind: %s\n"
491 "%sTransparent: %s\n"
492 "%sBroadcast: %s\n"
493 "%sPassCredentials: %s\n"
494 "%sPassSecurity: %s\n"
495 "%sTCPCongestion: %s\n"
496 "%sRemoveOnStop: %s\n"
497 "%sSELinuxContextFromNet: %s\n",
498 prefix, socket_state_to_string(s->state),
499 prefix, socket_result_to_string(s->result),
500 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
501 prefix, s->backlog,
502 prefix, s->socket_mode,
503 prefix, s->directory_mode,
504 prefix, yes_no(s->keep_alive),
505 prefix, yes_no(s->no_delay),
506 prefix, yes_no(s->free_bind),
507 prefix, yes_no(s->transparent),
508 prefix, yes_no(s->broadcast),
509 prefix, yes_no(s->pass_cred),
510 prefix, yes_no(s->pass_sec),
511 prefix, strna(s->tcp_congestion),
512 prefix, yes_no(s->remove_on_stop),
513 prefix, yes_no(s->selinux_context_from_net));
514
515 if (s->control_pid > 0)
516 fprintf(f,
517 "%sControl PID: "PID_FMT"\n",
518 prefix, s->control_pid);
519
520 if (s->bind_to_device)
521 fprintf(f,
522 "%sBindToDevice: %s\n",
523 prefix, s->bind_to_device);
524
525 if (s->accept)
526 fprintf(f,
527 "%sAccepted: %u\n"
528 "%sNConnections: %u\n"
529 "%sMaxConnections: %u\n",
530 prefix, s->n_accepted,
531 prefix, s->n_connections,
532 prefix, s->max_connections);
533
534 if (s->priority >= 0)
535 fprintf(f,
536 "%sPriority: %i\n",
537 prefix, s->priority);
538
539 if (s->receive_buffer > 0)
540 fprintf(f,
541 "%sReceiveBuffer: %zu\n",
542 prefix, s->receive_buffer);
543
544 if (s->send_buffer > 0)
545 fprintf(f,
546 "%sSendBuffer: %zu\n",
547 prefix, s->send_buffer);
548
549 if (s->ip_tos >= 0)
550 fprintf(f,
551 "%sIPTOS: %i\n",
552 prefix, s->ip_tos);
553
554 if (s->ip_ttl >= 0)
555 fprintf(f,
556 "%sIPTTL: %i\n",
557 prefix, s->ip_ttl);
558
559 if (s->pipe_size > 0)
560 fprintf(f,
561 "%sPipeSize: %zu\n",
562 prefix, s->pipe_size);
563
564 if (s->mark >= 0)
565 fprintf(f,
566 "%sMark: %i\n",
567 prefix, s->mark);
568
569 if (s->mq_maxmsg > 0)
570 fprintf(f,
571 "%sMessageQueueMaxMessages: %li\n",
572 prefix, s->mq_maxmsg);
573
574 if (s->mq_msgsize > 0)
575 fprintf(f,
576 "%sMessageQueueMessageSize: %li\n",
577 prefix, s->mq_msgsize);
578
579 if (s->reuse_port)
580 fprintf(f,
581 "%sReusePort: %s\n",
582 prefix, yes_no(s->reuse_port));
583
584 if (s->smack)
585 fprintf(f,
586 "%sSmackLabel: %s\n",
587 prefix, s->smack);
588
589 if (s->smack_ip_in)
590 fprintf(f,
591 "%sSmackLabelIPIn: %s\n",
592 prefix, s->smack_ip_in);
593
594 if (s->smack_ip_out)
595 fprintf(f,
596 "%sSmackLabelIPOut: %s\n",
597 prefix, s->smack_ip_out);
598
599 if (!isempty(s->user) || !isempty(s->group))
600 fprintf(f,
601 "%sOwnerUser: %s\n"
602 "%sOwnerGroup: %s\n",
603 prefix, strna(s->user),
604 prefix, strna(s->group));
605
606 if (s->keep_alive_time > 0)
607 fprintf(f,
608 "%sKeepAliveTimeSec: %s\n",
609 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
610
611 if (s->keep_alive_interval)
612 fprintf(f,
613 "%sKeepAliveIntervalSec: %s\n",
614 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
615
616 if (s->keep_alive_cnt)
617 fprintf(f,
618 "%sKeepAliveProbes: %u\n",
619 prefix, s->keep_alive_cnt);
620
621 if (s->defer_accept)
622 fprintf(f,
623 "%sDeferAcceptSec: %s\n",
624 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
625
626 LIST_FOREACH(port, p, s->ports) {
627
628 if (p->type == SOCKET_SOCKET) {
629 const char *t;
630 int r;
631 char *k = NULL;
632
633 if ((r = socket_address_print(&p->address, &k)) < 0)
634 t = strerror(-r);
635 else
636 t = k;
637
638 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
639 free(k);
640 } else if (p->type == SOCKET_SPECIAL)
641 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
642 else if (p->type == SOCKET_MQUEUE)
643 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
644 else
645 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
646 }
647
648 exec_context_dump(&s->exec_context, f, prefix);
649 kill_context_dump(&s->kill_context, f, prefix);
650
651 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
652 if (!s->exec_command[c])
653 continue;
654
655 fprintf(f, "%s-> %s:\n",
656 prefix, socket_exec_command_to_string(c));
657
658 exec_command_dump_list(s->exec_command[c], f, prefix2);
659 }
660 }
661
662 static int instance_from_socket(int fd, unsigned nr, char **instance) {
663 socklen_t l;
664 char *r;
665 union sockaddr_union local, remote;
666
667 assert(fd >= 0);
668 assert(instance);
669
670 l = sizeof(local);
671 if (getsockname(fd, &local.sa, &l) < 0)
672 return -errno;
673
674 l = sizeof(remote);
675 if (getpeername(fd, &remote.sa, &l) < 0)
676 return -errno;
677
678 switch (local.sa.sa_family) {
679
680 case AF_INET: {
681 uint32_t
682 a = ntohl(local.in.sin_addr.s_addr),
683 b = ntohl(remote.in.sin_addr.s_addr);
684
685 if (asprintf(&r,
686 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
687 nr,
688 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
689 ntohs(local.in.sin_port),
690 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
691 ntohs(remote.in.sin_port)) < 0)
692 return -ENOMEM;
693
694 break;
695 }
696
697 case AF_INET6: {
698 static const unsigned char ipv4_prefix[] = {
699 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
700 };
701
702 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
703 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
704 const uint8_t
705 *a = local.in6.sin6_addr.s6_addr+12,
706 *b = remote.in6.sin6_addr.s6_addr+12;
707
708 if (asprintf(&r,
709 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
710 nr,
711 a[0], a[1], a[2], a[3],
712 ntohs(local.in6.sin6_port),
713 b[0], b[1], b[2], b[3],
714 ntohs(remote.in6.sin6_port)) < 0)
715 return -ENOMEM;
716 } else {
717 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
718
719 if (asprintf(&r,
720 "%u-%s:%u-%s:%u",
721 nr,
722 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
723 ntohs(local.in6.sin6_port),
724 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
725 ntohs(remote.in6.sin6_port)) < 0)
726 return -ENOMEM;
727 }
728
729 break;
730 }
731
732 case AF_UNIX: {
733 struct ucred ucred;
734 int k;
735
736 k = getpeercred(fd, &ucred);
737 if (k >= 0) {
738 if (asprintf(&r,
739 "%u-"PID_FMT"-"UID_FMT,
740 nr, ucred.pid, ucred.uid) < 0)
741 return -ENOMEM;
742 } else if (k == -ENODATA) {
743 /* This handles the case where somebody is
744 * connecting from another pid/uid namespace
745 * (e.g. from outside of our container). */
746 if (asprintf(&r,
747 "%u-unknown",
748 nr) < 0)
749 return -ENOMEM;
750 } else
751 return k;
752
753 break;
754 }
755
756 default:
757 assert_not_reached("Unhandled socket type.");
758 }
759
760 *instance = r;
761 return 0;
762 }
763
764 static void socket_close_fds(Socket *s) {
765 SocketPort *p;
766 char **i;
767
768 assert(s);
769
770 LIST_FOREACH(port, p, s->ports) {
771
772 p->event_source = sd_event_source_unref(p->event_source);
773
774 if (p->fd < 0)
775 continue;
776
777 p->fd = safe_close(p->fd);
778
779 /* One little note: we should normally not delete any
780 * sockets in the file system here! After all some
781 * other process we spawned might still have a
782 * reference of this fd and wants to continue to use
783 * it. Therefore we delete sockets in the file system
784 * before we create a new one, not after we stopped
785 * using one! */
786
787 if (s->remove_on_stop) {
788 switch (p->type) {
789
790 case SOCKET_FIFO:
791 unlink(p->path);
792 break;
793
794 case SOCKET_MQUEUE:
795 mq_unlink(p->path);
796 break;
797
798 case SOCKET_SOCKET:
799 socket_address_unlink(&p->address);
800 break;
801
802 default:
803 break;
804 }
805 }
806 }
807
808 if (s->remove_on_stop)
809 STRV_FOREACH(i, s->symlinks)
810 unlink(*i);
811 }
812
813 static void socket_apply_socket_options(Socket *s, int fd) {
814 int r;
815
816 assert(s);
817 assert(fd >= 0);
818
819 if (s->keep_alive) {
820 int b = s->keep_alive;
821 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
822 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
823 }
824
825 if (s->keep_alive_time) {
826 int value = s->keep_alive_time / USEC_PER_SEC;
827 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
828 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
829 }
830
831 if (s->keep_alive_interval) {
832 int value = s->keep_alive_interval / USEC_PER_SEC;
833 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
834 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
835 }
836
837 if (s->keep_alive_cnt) {
838 int value = s->keep_alive_cnt;
839 if (setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &value, sizeof(value)) < 0)
840 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
841 }
842
843 if (s->defer_accept) {
844 int value = s->defer_accept / USEC_PER_SEC;
845 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
846 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
847 }
848
849 if (s->no_delay) {
850 int b = s->no_delay;
851 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
852 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
853 }
854
855 if (s->broadcast) {
856 int one = 1;
857 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
858 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
859 }
860
861 if (s->pass_cred) {
862 int one = 1;
863 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
864 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
865 }
866
867 if (s->pass_sec) {
868 int one = 1;
869 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
870 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
871 }
872
873 if (s->priority >= 0)
874 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
875 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
876
877 if (s->receive_buffer > 0) {
878 int value = (int) s->receive_buffer;
879
880 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
881
882 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
883 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
884 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
885 }
886
887 if (s->send_buffer > 0) {
888 int value = (int) s->send_buffer;
889 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
890 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
891 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
892 }
893
894 if (s->mark >= 0)
895 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
896 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
897
898 if (s->ip_tos >= 0)
899 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
900 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
901
902 if (s->ip_ttl >= 0) {
903 int x;
904
905 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
906
907 if (socket_ipv6_is_supported())
908 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
909 else {
910 x = -1;
911 errno = EAFNOSUPPORT;
912 }
913
914 if (r < 0 && x < 0)
915 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
916 }
917
918 if (s->tcp_congestion)
919 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
920 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
921
922 if (s->smack_ip_in) {
923 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
924 if (r < 0)
925 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
926 }
927
928 if (s->smack_ip_out) {
929 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
930 if (r < 0)
931 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
932 }
933 }
934
935 static void socket_apply_fifo_options(Socket *s, int fd) {
936 int r;
937
938 assert(s);
939 assert(fd >= 0);
940
941 if (s->pipe_size > 0)
942 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
943 log_unit_warning_errno(UNIT(s), errno, "F_SETPIPE_SZ: %m");
944
945 if (s->smack) {
946 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
947 if (r < 0)
948 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_fd: %m");
949 }
950 }
951
952 static int fifo_address_create(
953 const char *path,
954 mode_t directory_mode,
955 mode_t socket_mode,
956 int *_fd) {
957
958 int fd = -1, r = 0;
959 struct stat st;
960 mode_t old_mask;
961
962 assert(path);
963 assert(_fd);
964
965 mkdir_parents_label(path, directory_mode);
966
967 r = mac_selinux_create_file_prepare(path, S_IFIFO);
968 if (r < 0)
969 goto fail;
970
971 /* Enforce the right access mode for the fifo */
972 old_mask = umask(~ socket_mode);
973
974 /* Include the original umask in our mask */
975 umask(~socket_mode | old_mask);
976
977 r = mkfifo(path, socket_mode);
978 umask(old_mask);
979
980 if (r < 0 && errno != EEXIST) {
981 r = -errno;
982 goto fail;
983 }
984
985 if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
986 r = -errno;
987 goto fail;
988 }
989
990 mac_selinux_create_file_clear();
991
992 if (fstat(fd, &st) < 0) {
993 r = -errno;
994 goto fail;
995 }
996
997 if (!S_ISFIFO(st.st_mode) ||
998 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
999 st.st_uid != getuid() ||
1000 st.st_gid != getgid()) {
1001
1002 r = -EEXIST;
1003 goto fail;
1004 }
1005
1006 *_fd = fd;
1007 return 0;
1008
1009 fail:
1010 mac_selinux_create_file_clear();
1011 safe_close(fd);
1012
1013 return r;
1014 }
1015
1016 static int special_address_create(
1017 const char *path,
1018 int *_fd) {
1019
1020 int fd = -1, r = 0;
1021 struct stat st;
1022
1023 assert(path);
1024 assert(_fd);
1025
1026 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1027 if (fd < 0) {
1028 r = -errno;
1029 goto fail;
1030 }
1031
1032 if (fstat(fd, &st) < 0) {
1033 r = -errno;
1034 goto fail;
1035 }
1036
1037 /* Check whether this is a /proc, /sys or /dev file or char device */
1038 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1039 r = -EEXIST;
1040 goto fail;
1041 }
1042
1043 *_fd = fd;
1044 return 0;
1045
1046 fail:
1047 safe_close(fd);
1048
1049 return r;
1050 }
1051
1052 static int mq_address_create(
1053 const char *path,
1054 mode_t mq_mode,
1055 long maxmsg,
1056 long msgsize,
1057 int *_fd) {
1058
1059 int fd = -1, r = 0;
1060 struct stat st;
1061 mode_t old_mask;
1062 struct mq_attr _attr, *attr = NULL;
1063
1064 assert(path);
1065 assert(_fd);
1066
1067 if (maxmsg > 0 && msgsize > 0) {
1068 zero(_attr);
1069 _attr.mq_flags = O_NONBLOCK;
1070 _attr.mq_maxmsg = maxmsg;
1071 _attr.mq_msgsize = msgsize;
1072 attr = &_attr;
1073 }
1074
1075 /* Enforce the right access mode for the mq */
1076 old_mask = umask(~ mq_mode);
1077
1078 /* Include the original umask in our mask */
1079 umask(~mq_mode | old_mask);
1080 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1081 umask(old_mask);
1082
1083 if (fd < 0) {
1084 r = -errno;
1085 goto fail;
1086 }
1087
1088 if (fstat(fd, &st) < 0) {
1089 r = -errno;
1090 goto fail;
1091 }
1092
1093 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1094 st.st_uid != getuid() ||
1095 st.st_gid != getgid()) {
1096
1097 r = -EEXIST;
1098 goto fail;
1099 }
1100
1101 *_fd = fd;
1102 return 0;
1103
1104 fail:
1105 safe_close(fd);
1106 return r;
1107 }
1108
1109 static int socket_symlink(Socket *s) {
1110 const char *p;
1111 char **i;
1112
1113 assert(s);
1114
1115 p = socket_find_symlink_target(s);
1116 if (!p)
1117 return 0;
1118
1119 STRV_FOREACH(i, s->symlinks)
1120 symlink_label(p, *i);
1121
1122 return 0;
1123 }
1124
1125 static int socket_open_fds(Socket *s) {
1126 SocketPort *p;
1127 int r;
1128 char *label = NULL;
1129 bool know_label = false;
1130
1131 assert(s);
1132
1133 LIST_FOREACH(port, p, s->ports) {
1134
1135 if (p->fd >= 0)
1136 continue;
1137
1138 if (p->type == SOCKET_SOCKET) {
1139
1140 if (!know_label) {
1141 /* Figure out label, if we don't it know
1142 * yet. We do it once, for the first
1143 * socket where we need this and
1144 * remember it for the rest. */
1145
1146 if (s->selinux_context_from_net) {
1147 /* Get it from the network label */
1148
1149 r = mac_selinux_get_our_label(&label);
1150 if (r < 0 && r != -EOPNOTSUPP)
1151 goto rollback;
1152
1153 } else {
1154 /* Get it from the executable we are about to start */
1155
1156 r = socket_instantiate_service(s);
1157 if (r < 0)
1158 goto rollback;
1159
1160 if (UNIT_ISSET(s->service) &&
1161 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1162 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1163 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1164 goto rollback;
1165 }
1166 }
1167
1168 know_label = true;
1169 }
1170
1171 r = socket_address_listen(
1172 &p->address,
1173 SOCK_CLOEXEC|SOCK_NONBLOCK,
1174 s->backlog,
1175 s->bind_ipv6_only,
1176 s->bind_to_device,
1177 s->reuse_port,
1178 s->free_bind,
1179 s->transparent,
1180 s->directory_mode,
1181 s->socket_mode,
1182 label);
1183 if (r < 0)
1184 goto rollback;
1185
1186 p->fd = r;
1187 socket_apply_socket_options(s, p->fd);
1188 socket_symlink(s);
1189
1190 } else if (p->type == SOCKET_SPECIAL) {
1191
1192 r = special_address_create(
1193 p->path,
1194 &p->fd);
1195 if (r < 0)
1196 goto rollback;
1197
1198 } else if (p->type == SOCKET_FIFO) {
1199
1200 r = fifo_address_create(
1201 p->path,
1202 s->directory_mode,
1203 s->socket_mode,
1204 &p->fd);
1205 if (r < 0)
1206 goto rollback;
1207
1208 socket_apply_fifo_options(s, p->fd);
1209 socket_symlink(s);
1210
1211 } else if (p->type == SOCKET_MQUEUE) {
1212
1213 r = mq_address_create(
1214 p->path,
1215 s->socket_mode,
1216 s->mq_maxmsg,
1217 s->mq_msgsize,
1218 &p->fd);
1219 if (r < 0)
1220 goto rollback;
1221 } else
1222 assert_not_reached("Unknown port type");
1223 }
1224
1225 mac_selinux_free(label);
1226 return 0;
1227
1228 rollback:
1229 socket_close_fds(s);
1230 mac_selinux_free(label);
1231
1232 return r;
1233 }
1234
1235 static void socket_unwatch_fds(Socket *s) {
1236 SocketPort *p;
1237 int r;
1238
1239 assert(s);
1240
1241 LIST_FOREACH(port, p, s->ports) {
1242 if (p->fd < 0)
1243 continue;
1244
1245 if (!p->event_source)
1246 continue;
1247
1248 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1249 if (r < 0)
1250 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
1251 }
1252 }
1253
1254 static int socket_watch_fds(Socket *s) {
1255 SocketPort *p;
1256 int r;
1257
1258 assert(s);
1259
1260 LIST_FOREACH(port, p, s->ports) {
1261 if (p->fd < 0)
1262 continue;
1263
1264 if (p->event_source) {
1265 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1266 if (r < 0)
1267 goto fail;
1268 } else {
1269 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1270 if (r < 0)
1271 goto fail;
1272
1273 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1274 }
1275 }
1276
1277 return 0;
1278
1279 fail:
1280 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
1281 socket_unwatch_fds(s);
1282 return r;
1283 }
1284
1285 static void socket_set_state(Socket *s, SocketState state) {
1286 SocketState old_state;
1287 assert(s);
1288
1289 old_state = s->state;
1290 s->state = state;
1291
1292 if (!IN_SET(state,
1293 SOCKET_START_PRE,
1294 SOCKET_START_CHOWN,
1295 SOCKET_START_POST,
1296 SOCKET_STOP_PRE,
1297 SOCKET_STOP_PRE_SIGTERM,
1298 SOCKET_STOP_PRE_SIGKILL,
1299 SOCKET_STOP_POST,
1300 SOCKET_FINAL_SIGTERM,
1301 SOCKET_FINAL_SIGKILL)) {
1302
1303 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1304 socket_unwatch_control_pid(s);
1305 s->control_command = NULL;
1306 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1307 }
1308
1309 if (state != SOCKET_LISTENING)
1310 socket_unwatch_fds(s);
1311
1312 if (!IN_SET(state,
1313 SOCKET_START_CHOWN,
1314 SOCKET_START_POST,
1315 SOCKET_LISTENING,
1316 SOCKET_RUNNING,
1317 SOCKET_STOP_PRE,
1318 SOCKET_STOP_PRE_SIGTERM,
1319 SOCKET_STOP_PRE_SIGKILL))
1320 socket_close_fds(s);
1321
1322 if (state != old_state)
1323 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
1324
1325 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1326 }
1327
1328 static int socket_coldplug(Unit *u) {
1329 Socket *s = SOCKET(u);
1330 int r;
1331
1332 assert(s);
1333 assert(s->state == SOCKET_DEAD);
1334
1335 if (s->deserialized_state == s->state)
1336 return 0;
1337
1338 if (IN_SET(s->deserialized_state,
1339 SOCKET_START_PRE,
1340 SOCKET_START_CHOWN,
1341 SOCKET_START_POST,
1342 SOCKET_STOP_PRE,
1343 SOCKET_STOP_PRE_SIGTERM,
1344 SOCKET_STOP_PRE_SIGKILL,
1345 SOCKET_STOP_POST,
1346 SOCKET_FINAL_SIGTERM,
1347 SOCKET_FINAL_SIGKILL)) {
1348
1349 if (s->control_pid <= 0)
1350 return -EBADMSG;
1351
1352 r = unit_watch_pid(UNIT(s), s->control_pid);
1353 if (r < 0)
1354 return r;
1355
1356 r = socket_arm_timer(s);
1357 if (r < 0)
1358 return r;
1359 }
1360
1361 if (IN_SET(s->deserialized_state,
1362 SOCKET_START_CHOWN,
1363 SOCKET_START_POST,
1364 SOCKET_LISTENING,
1365 SOCKET_RUNNING,
1366 SOCKET_STOP_PRE,
1367 SOCKET_STOP_PRE_SIGTERM,
1368 SOCKET_STOP_PRE_SIGKILL)) {
1369 r = socket_open_fds(s);
1370 if (r < 0)
1371 return r;
1372 }
1373
1374 if (s->deserialized_state == SOCKET_LISTENING) {
1375 r = socket_watch_fds(s);
1376 if (r < 0)
1377 return r;
1378 }
1379
1380 socket_set_state(s, s->deserialized_state);
1381 return 0;
1382 }
1383
1384 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1385 _cleanup_free_ char **argv = NULL;
1386 pid_t pid;
1387 int r;
1388 ExecParameters exec_params = {
1389 .apply_permissions = true,
1390 .apply_chroot = true,
1391 .apply_tty_stdin = true,
1392 .bus_endpoint_fd = -1,
1393 };
1394
1395 assert(s);
1396 assert(c);
1397 assert(_pid);
1398
1399 (void) unit_realize_cgroup(UNIT(s));
1400 if (s->reset_cpu_usage) {
1401 (void) unit_reset_cpu_usage(UNIT(s));
1402 s->reset_cpu_usage = false;
1403 }
1404
1405 r = unit_setup_exec_runtime(UNIT(s));
1406 if (r < 0)
1407 goto fail;
1408
1409 r = socket_arm_timer(s);
1410 if (r < 0)
1411 goto fail;
1412
1413 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1414 if (r < 0)
1415 goto fail;
1416
1417 exec_params.argv = argv;
1418 exec_params.environment = UNIT(s)->manager->environment;
1419 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1420 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1421 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1422 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1423 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1424
1425 r = exec_spawn(UNIT(s),
1426 c,
1427 &s->exec_context,
1428 &exec_params,
1429 s->exec_runtime,
1430 &pid);
1431 if (r < 0)
1432 goto fail;
1433
1434 r = unit_watch_pid(UNIT(s), pid);
1435 if (r < 0)
1436 /* FIXME: we need to do something here */
1437 goto fail;
1438
1439 *_pid = pid;
1440 return 0;
1441
1442 fail:
1443 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1444 return r;
1445 }
1446
1447 static int socket_chown(Socket *s, pid_t *_pid) {
1448 pid_t pid;
1449 int r;
1450
1451 r = socket_arm_timer(s);
1452 if (r < 0)
1453 goto fail;
1454
1455 /* We have to resolve the user names out-of-process, hence
1456 * let's fork here. It's messy, but well, what can we do? */
1457
1458 pid = fork();
1459 if (pid < 0)
1460 return -errno;
1461
1462 if (pid == 0) {
1463 SocketPort *p;
1464 uid_t uid = UID_INVALID;
1465 gid_t gid = GID_INVALID;
1466 int ret;
1467
1468 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1469 (void) ignore_signals(SIGPIPE, -1);
1470 log_forget_fds();
1471
1472 if (!isempty(s->user)) {
1473 const char *user = s->user;
1474
1475 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1476 if (r < 0) {
1477 ret = EXIT_USER;
1478 goto fail_child;
1479 }
1480 }
1481
1482 if (!isempty(s->group)) {
1483 const char *group = s->group;
1484
1485 r = get_group_creds(&group, &gid);
1486 if (r < 0) {
1487 ret = EXIT_GROUP;
1488 goto fail_child;
1489 }
1490 }
1491
1492 LIST_FOREACH(port, p, s->ports) {
1493 const char *path = NULL;
1494
1495 if (p->type == SOCKET_SOCKET)
1496 path = socket_address_get_path(&p->address);
1497 else if (p->type == SOCKET_FIFO)
1498 path = p->path;
1499
1500 if (!path)
1501 continue;
1502
1503 if (chown(path, uid, gid) < 0) {
1504 r = -errno;
1505 ret = EXIT_CHOWN;
1506 goto fail_child;
1507 }
1508 }
1509
1510 _exit(0);
1511
1512 fail_child:
1513 log_open();
1514 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1515
1516 _exit(ret);
1517 }
1518
1519 r = unit_watch_pid(UNIT(s), pid);
1520 if (r < 0)
1521 goto fail;
1522
1523 *_pid = pid;
1524 return 0;
1525
1526 fail:
1527 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1528 return r;
1529 }
1530
1531 static void socket_enter_dead(Socket *s, SocketResult f) {
1532 assert(s);
1533
1534 if (f != SOCKET_SUCCESS)
1535 s->result = f;
1536
1537 exec_runtime_destroy(s->exec_runtime);
1538 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1539
1540 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1541
1542 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1543 }
1544
1545 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1546
1547 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1548 int r;
1549 assert(s);
1550
1551 if (f != SOCKET_SUCCESS)
1552 s->result = f;
1553
1554 socket_unwatch_control_pid(s);
1555 s->control_command_id = SOCKET_EXEC_STOP_POST;
1556 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1557
1558 if (s->control_command) {
1559 r = socket_spawn(s, s->control_command, &s->control_pid);
1560 if (r < 0)
1561 goto fail;
1562
1563 socket_set_state(s, SOCKET_STOP_POST);
1564 } else
1565 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1566
1567 return;
1568
1569 fail:
1570 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
1571 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1572 }
1573
1574 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1575 int r;
1576
1577 assert(s);
1578
1579 if (f != SOCKET_SUCCESS)
1580 s->result = f;
1581
1582 r = unit_kill_context(
1583 UNIT(s),
1584 &s->kill_context,
1585 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1586 KILL_KILL : KILL_TERMINATE,
1587 -1,
1588 s->control_pid,
1589 false);
1590 if (r < 0)
1591 goto fail;
1592
1593 if (r > 0) {
1594 r = socket_arm_timer(s);
1595 if (r < 0)
1596 goto fail;
1597
1598 socket_set_state(s, state);
1599 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1600 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1601 else if (state == SOCKET_STOP_PRE_SIGKILL)
1602 socket_enter_stop_post(s, SOCKET_SUCCESS);
1603 else if (state == SOCKET_FINAL_SIGTERM)
1604 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1605 else
1606 socket_enter_dead(s, SOCKET_SUCCESS);
1607
1608 return;
1609
1610 fail:
1611 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
1612
1613 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1614 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1615 else
1616 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1617 }
1618
1619 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1620 int r;
1621 assert(s);
1622
1623 if (f != SOCKET_SUCCESS)
1624 s->result = f;
1625
1626 socket_unwatch_control_pid(s);
1627 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1628 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1629
1630 if (s->control_command) {
1631 r = socket_spawn(s, s->control_command, &s->control_pid);
1632 if (r < 0)
1633 goto fail;
1634
1635 socket_set_state(s, SOCKET_STOP_PRE);
1636 } else
1637 socket_enter_stop_post(s, SOCKET_SUCCESS);
1638
1639 return;
1640
1641 fail:
1642 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
1643 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1644 }
1645
1646 static void socket_enter_listening(Socket *s) {
1647 int r;
1648 assert(s);
1649
1650 r = socket_watch_fds(s);
1651 if (r < 0) {
1652 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1653 goto fail;
1654 }
1655
1656 socket_set_state(s, SOCKET_LISTENING);
1657 return;
1658
1659 fail:
1660 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1661 }
1662
1663 static void socket_enter_start_post(Socket *s) {
1664 int r;
1665 assert(s);
1666
1667 socket_unwatch_control_pid(s);
1668 s->control_command_id = SOCKET_EXEC_START_POST;
1669 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1670
1671 if (s->control_command) {
1672 r = socket_spawn(s, s->control_command, &s->control_pid);
1673 if (r < 0) {
1674 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
1675 goto fail;
1676 }
1677
1678 socket_set_state(s, SOCKET_START_POST);
1679 } else
1680 socket_enter_listening(s);
1681
1682 return;
1683
1684 fail:
1685 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1686 }
1687
1688 static void socket_enter_start_chown(Socket *s) {
1689 int r;
1690
1691 assert(s);
1692
1693 r = socket_open_fds(s);
1694 if (r < 0) {
1695 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1696 goto fail;
1697 }
1698
1699 if (!isempty(s->user) || !isempty(s->group)) {
1700
1701 socket_unwatch_control_pid(s);
1702 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1703 s->control_command = NULL;
1704
1705 r = socket_chown(s, &s->control_pid);
1706 if (r < 0) {
1707 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
1708 goto fail;
1709 }
1710
1711 socket_set_state(s, SOCKET_START_CHOWN);
1712 } else
1713 socket_enter_start_post(s);
1714
1715 return;
1716
1717 fail:
1718 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1719 }
1720
1721 static void socket_enter_start_pre(Socket *s) {
1722 int r;
1723 assert(s);
1724
1725 socket_unwatch_control_pid(s);
1726 s->control_command_id = SOCKET_EXEC_START_PRE;
1727 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1728
1729 if (s->control_command) {
1730 r = socket_spawn(s, s->control_command, &s->control_pid);
1731 if (r < 0) {
1732 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
1733 goto fail;
1734 }
1735
1736 socket_set_state(s, SOCKET_START_PRE);
1737 } else
1738 socket_enter_start_chown(s);
1739
1740 return;
1741
1742 fail:
1743 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1744 }
1745
1746 static void socket_enter_running(Socket *s, int cfd) {
1747 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1748 int r;
1749
1750 assert(s);
1751
1752 /* We don't take connections anymore if we are supposed to
1753 * shut down anyway */
1754 if (unit_stop_pending(UNIT(s))) {
1755
1756 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
1757
1758 if (cfd >= 0)
1759 safe_close(cfd);
1760 else {
1761 /* Flush all sockets by closing and reopening them */
1762 socket_close_fds(s);
1763
1764 r = socket_open_fds(s);
1765 if (r < 0) {
1766 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1767 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1768 return;
1769 }
1770
1771 r = socket_watch_fds(s);
1772 if (r < 0) {
1773 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1774 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1775 }
1776 }
1777
1778 return;
1779 }
1780
1781 if (cfd < 0) {
1782 Iterator i;
1783 Unit *other;
1784 bool pending = false;
1785
1786 /* If there's already a start pending don't bother to
1787 * do anything */
1788 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1789 if (unit_active_or_pending(other)) {
1790 pending = true;
1791 break;
1792 }
1793
1794 if (!pending) {
1795 if (!UNIT_ISSET(s->service)) {
1796 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
1797 r = -ENOENT;
1798 goto fail;
1799 }
1800
1801 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1802 if (r < 0)
1803 goto fail;
1804 }
1805
1806 socket_set_state(s, SOCKET_RUNNING);
1807 } else {
1808 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1809 Service *service;
1810
1811 if (s->n_connections >= s->max_connections) {
1812 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
1813 safe_close(cfd);
1814 return;
1815 }
1816
1817 r = socket_instantiate_service(s);
1818 if (r < 0)
1819 goto fail;
1820
1821 r = instance_from_socket(cfd, s->n_accepted, &instance);
1822 if (r < 0) {
1823 if (r != -ENOTCONN)
1824 goto fail;
1825
1826 /* ENOTCONN is legitimate if TCP RST was received.
1827 * This connection is over, but the socket unit lives on. */
1828 safe_close(cfd);
1829 return;
1830 }
1831
1832 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1833 if (r < 0)
1834 goto fail;
1835
1836 r = unit_name_build(prefix, instance, ".service", &name);
1837 if (r < 0)
1838 goto fail;
1839
1840 r = unit_add_name(UNIT_DEREF(s->service), name);
1841 if (r < 0)
1842 goto fail;
1843
1844 service = SERVICE(UNIT_DEREF(s->service));
1845 unit_ref_unset(&s->service);
1846 s->n_accepted ++;
1847
1848 UNIT(service)->no_gc = false;
1849
1850 unit_choose_id(UNIT(service), name);
1851
1852 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1853 if (r < 0)
1854 goto fail;
1855
1856 cfd = -1;
1857 s->n_connections ++;
1858
1859 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1860 if (r < 0)
1861 goto fail;
1862
1863 /* Notify clients about changed counters */
1864 unit_add_to_dbus_queue(UNIT(s));
1865 }
1866
1867 return;
1868
1869 fail:
1870 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1871 cfd >= 0 ? "template" : "non-template",
1872 bus_error_message(&error, r));
1873
1874 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1875 safe_close(cfd);
1876 }
1877
1878 static void socket_run_next(Socket *s) {
1879 int r;
1880
1881 assert(s);
1882 assert(s->control_command);
1883 assert(s->control_command->command_next);
1884
1885 socket_unwatch_control_pid(s);
1886
1887 s->control_command = s->control_command->command_next;
1888
1889 r = socket_spawn(s, s->control_command, &s->control_pid);
1890 if (r < 0)
1891 goto fail;
1892
1893 return;
1894
1895 fail:
1896 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
1897
1898 if (s->state == SOCKET_START_POST)
1899 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1900 else if (s->state == SOCKET_STOP_POST)
1901 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1902 else
1903 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1904 }
1905
1906 static int socket_start(Unit *u) {
1907 Socket *s = SOCKET(u);
1908
1909 assert(s);
1910
1911 /* We cannot fulfill this request right now, try again later
1912 * please! */
1913 if (IN_SET(s->state,
1914 SOCKET_STOP_PRE,
1915 SOCKET_STOP_PRE_SIGKILL,
1916 SOCKET_STOP_PRE_SIGTERM,
1917 SOCKET_STOP_POST,
1918 SOCKET_FINAL_SIGTERM,
1919 SOCKET_FINAL_SIGKILL))
1920 return -EAGAIN;
1921
1922 /* Already on it! */
1923 if (IN_SET(s->state,
1924 SOCKET_START_PRE,
1925 SOCKET_START_CHOWN,
1926 SOCKET_START_POST))
1927 return 0;
1928
1929 /* Cannot run this without the service being around */
1930 if (UNIT_ISSET(s->service)) {
1931 Service *service;
1932
1933 service = SERVICE(UNIT_DEREF(s->service));
1934
1935 if (UNIT(service)->load_state != UNIT_LOADED) {
1936 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1937 return -ENOENT;
1938 }
1939
1940 /* If the service is already active we cannot start the
1941 * socket */
1942 if (service->state != SERVICE_DEAD &&
1943 service->state != SERVICE_FAILED &&
1944 service->state != SERVICE_AUTO_RESTART) {
1945 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
1946 return -EBUSY;
1947 }
1948 }
1949
1950 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1951
1952 s->result = SOCKET_SUCCESS;
1953 s->reset_cpu_usage = true;
1954
1955 socket_enter_start_pre(s);
1956
1957 return 1;
1958 }
1959
1960 static int socket_stop(Unit *u) {
1961 Socket *s = SOCKET(u);
1962
1963 assert(s);
1964
1965 /* Already on it */
1966 if (IN_SET(s->state,
1967 SOCKET_STOP_PRE,
1968 SOCKET_STOP_PRE_SIGTERM,
1969 SOCKET_STOP_PRE_SIGKILL,
1970 SOCKET_STOP_POST,
1971 SOCKET_FINAL_SIGTERM,
1972 SOCKET_FINAL_SIGKILL))
1973 return 0;
1974
1975 /* If there's already something running we go directly into
1976 * kill mode. */
1977 if (IN_SET(s->state,
1978 SOCKET_START_PRE,
1979 SOCKET_START_CHOWN,
1980 SOCKET_START_POST)) {
1981 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1982 return -EAGAIN;
1983 }
1984
1985 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1986
1987 socket_enter_stop_pre(s, SOCKET_SUCCESS);
1988 return 1;
1989 }
1990
1991 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1992 Socket *s = SOCKET(u);
1993 SocketPort *p;
1994 int r;
1995
1996 assert(u);
1997 assert(f);
1998 assert(fds);
1999
2000 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2001 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2002 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2003
2004 if (s->control_pid > 0)
2005 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2006
2007 if (s->control_command_id >= 0)
2008 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2009
2010 LIST_FOREACH(port, p, s->ports) {
2011 int copy;
2012
2013 if (p->fd < 0)
2014 continue;
2015
2016 copy = fdset_put_dup(fds, p->fd);
2017 if (copy < 0)
2018 return copy;
2019
2020 if (p->type == SOCKET_SOCKET) {
2021 _cleanup_free_ char *t = NULL;
2022
2023 r = socket_address_print(&p->address, &t);
2024 if (r < 0)
2025 return r;
2026
2027 if (socket_address_family(&p->address) == AF_NETLINK)
2028 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2029 else
2030 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2031
2032 } else if (p->type == SOCKET_SPECIAL)
2033 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2034 else if (p->type == SOCKET_MQUEUE)
2035 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2036 else {
2037 assert(p->type == SOCKET_FIFO);
2038 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2039 }
2040 }
2041
2042 return 0;
2043 }
2044
2045 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2046 Socket *s = SOCKET(u);
2047
2048 assert(u);
2049 assert(key);
2050 assert(value);
2051
2052 if (streq(key, "state")) {
2053 SocketState state;
2054
2055 state = socket_state_from_string(value);
2056 if (state < 0)
2057 log_unit_debug(u, "Failed to parse state value: %s", value);
2058 else
2059 s->deserialized_state = state;
2060 } else if (streq(key, "result")) {
2061 SocketResult f;
2062
2063 f = socket_result_from_string(value);
2064 if (f < 0)
2065 log_unit_debug(u, "Failed to parse result value: %s", value);
2066 else if (f != SOCKET_SUCCESS)
2067 s->result = f;
2068
2069 } else if (streq(key, "n-accepted")) {
2070 unsigned k;
2071
2072 if (safe_atou(value, &k) < 0)
2073 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
2074 else
2075 s->n_accepted += k;
2076 } else if (streq(key, "control-pid")) {
2077 pid_t pid;
2078
2079 if (parse_pid(value, &pid) < 0)
2080 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
2081 else
2082 s->control_pid = pid;
2083 } else if (streq(key, "control-command")) {
2084 SocketExecCommand id;
2085
2086 id = socket_exec_command_from_string(value);
2087 if (id < 0)
2088 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
2089 else {
2090 s->control_command_id = id;
2091 s->control_command = s->exec_command[id];
2092 }
2093 } else if (streq(key, "fifo")) {
2094 int fd, skip = 0;
2095 SocketPort *p;
2096
2097 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2098 log_unit_debug(u, "Failed to parse fifo value: %s", value);
2099 else {
2100
2101 LIST_FOREACH(port, p, s->ports)
2102 if (p->type == SOCKET_FIFO &&
2103 path_equal_or_files_same(p->path, value+skip))
2104 break;
2105
2106 if (p) {
2107 safe_close(p->fd);
2108 p->fd = fdset_remove(fds, fd);
2109 }
2110 }
2111
2112 } else if (streq(key, "special")) {
2113 int fd, skip = 0;
2114 SocketPort *p;
2115
2116 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2117 log_unit_debug(u, "Failed to parse special value: %s", value);
2118 else {
2119
2120 LIST_FOREACH(port, p, s->ports)
2121 if (p->type == SOCKET_SPECIAL &&
2122 path_equal_or_files_same(p->path, value+skip))
2123 break;
2124
2125 if (p) {
2126 safe_close(p->fd);
2127 p->fd = fdset_remove(fds, fd);
2128 }
2129 }
2130
2131 } else if (streq(key, "mqueue")) {
2132 int fd, skip = 0;
2133 SocketPort *p;
2134
2135 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2136 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
2137 else {
2138
2139 LIST_FOREACH(port, p, s->ports)
2140 if (p->type == SOCKET_MQUEUE &&
2141 streq(p->path, value+skip))
2142 break;
2143
2144 if (p) {
2145 safe_close(p->fd);
2146 p->fd = fdset_remove(fds, fd);
2147 }
2148 }
2149
2150 } else if (streq(key, "socket")) {
2151 int fd, type, skip = 0;
2152 SocketPort *p;
2153
2154 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2155 log_unit_debug(u, "Failed to parse socket value: %s", value);
2156 else {
2157
2158 LIST_FOREACH(port, p, s->ports)
2159 if (socket_address_is(&p->address, value+skip, type))
2160 break;
2161
2162 if (p) {
2163 safe_close(p->fd);
2164 p->fd = fdset_remove(fds, fd);
2165 }
2166 }
2167
2168 } else if (streq(key, "netlink")) {
2169 int fd, skip = 0;
2170 SocketPort *p;
2171
2172 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2173 log_unit_debug(u, "Failed to parse socket value: %s", value);
2174 else {
2175
2176 LIST_FOREACH(port, p, s->ports)
2177 if (socket_address_is_netlink(&p->address, value+skip))
2178 break;
2179
2180 if (p) {
2181 safe_close(p->fd);
2182 p->fd = fdset_remove(fds, fd);
2183 }
2184 }
2185 } else
2186 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
2187
2188 return 0;
2189 }
2190
2191 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2192 Socket *s = SOCKET(u);
2193 SocketPort *p;
2194
2195 assert(u);
2196
2197 LIST_FOREACH(port, p, s->ports) {
2198 Iterator i;
2199 int fd;
2200
2201 if (p->type != SOCKET_SOCKET)
2202 continue;
2203
2204 if (p->fd >= 0)
2205 continue;
2206
2207 FDSET_FOREACH(fd, fds, i) {
2208 if (socket_address_matches_fd(&p->address, fd)) {
2209 p->fd = fdset_remove(fds, fd);
2210 s->deserialized_state = SOCKET_LISTENING;
2211 break;
2212 }
2213 }
2214 }
2215
2216 return 0;
2217 }
2218
2219 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2220 assert(u);
2221
2222 return state_translation_table[SOCKET(u)->state];
2223 }
2224
2225 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2226 assert(u);
2227
2228 return socket_state_to_string(SOCKET(u)->state);
2229 }
2230
2231 const char* socket_port_type_to_string(SocketPort *p) {
2232
2233 assert(p);
2234
2235 switch (p->type) {
2236
2237 case SOCKET_SOCKET:
2238
2239 switch (p->address.type) {
2240
2241 case SOCK_STREAM:
2242 return "Stream";
2243
2244 case SOCK_DGRAM:
2245 return "Datagram";
2246
2247 case SOCK_SEQPACKET:
2248 return "SequentialPacket";
2249
2250 case SOCK_RAW:
2251 if (socket_address_family(&p->address) == AF_NETLINK)
2252 return "Netlink";
2253
2254 default:
2255 return NULL;
2256 }
2257
2258 case SOCKET_SPECIAL:
2259 return "Special";
2260
2261 case SOCKET_MQUEUE:
2262 return "MessageQueue";
2263
2264 case SOCKET_FIFO:
2265 return "FIFO";
2266
2267 default:
2268 return NULL;
2269 }
2270 }
2271
2272 _pure_ static bool socket_check_gc(Unit *u) {
2273 Socket *s = SOCKET(u);
2274
2275 assert(u);
2276
2277 return s->n_connections > 0;
2278 }
2279
2280 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2281 SocketPort *p = userdata;
2282 int cfd = -1;
2283
2284 assert(p);
2285 assert(fd >= 0);
2286
2287 if (p->socket->state != SOCKET_LISTENING)
2288 return 0;
2289
2290 log_unit_debug(UNIT(p->socket), "Incoming traffic");
2291
2292 if (revents != EPOLLIN) {
2293
2294 if (revents & EPOLLHUP)
2295 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2296 else
2297 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
2298
2299 goto fail;
2300 }
2301
2302 if (p->socket->accept &&
2303 p->type == SOCKET_SOCKET &&
2304 socket_address_can_accept(&p->address)) {
2305
2306 for (;;) {
2307
2308 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2309 if (cfd < 0) {
2310
2311 if (errno == EINTR)
2312 continue;
2313
2314 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
2315 goto fail;
2316 }
2317
2318 break;
2319 }
2320
2321 socket_apply_socket_options(p->socket, cfd);
2322 }
2323
2324 socket_enter_running(p->socket, cfd);
2325 return 0;
2326
2327 fail:
2328 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2329 return 0;
2330 }
2331
2332 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2333 Socket *s = SOCKET(u);
2334 SocketResult f;
2335
2336 assert(s);
2337 assert(pid >= 0);
2338
2339 if (pid != s->control_pid)
2340 return;
2341
2342 s->control_pid = 0;
2343
2344 if (is_clean_exit(code, status, NULL))
2345 f = SOCKET_SUCCESS;
2346 else if (code == CLD_EXITED)
2347 f = SOCKET_FAILURE_EXIT_CODE;
2348 else if (code == CLD_KILLED)
2349 f = SOCKET_FAILURE_SIGNAL;
2350 else if (code == CLD_DUMPED)
2351 f = SOCKET_FAILURE_CORE_DUMP;
2352 else
2353 assert_not_reached("Unknown sigchld code");
2354
2355 if (s->control_command) {
2356 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2357
2358 if (s->control_command->ignore)
2359 f = SOCKET_SUCCESS;
2360 }
2361
2362 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2363 "Control process exited, code=%s status=%i",
2364 sigchld_code_to_string(code), status);
2365
2366 if (f != SOCKET_SUCCESS)
2367 s->result = f;
2368
2369 if (s->control_command &&
2370 s->control_command->command_next &&
2371 f == SOCKET_SUCCESS) {
2372
2373 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
2374 socket_run_next(s);
2375 } else {
2376 s->control_command = NULL;
2377 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2378
2379 /* No further commands for this step, so let's figure
2380 * out what to do next */
2381
2382 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
2383
2384 switch (s->state) {
2385
2386 case SOCKET_START_PRE:
2387 if (f == SOCKET_SUCCESS)
2388 socket_enter_start_chown(s);
2389 else
2390 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2391 break;
2392
2393 case SOCKET_START_CHOWN:
2394 if (f == SOCKET_SUCCESS)
2395 socket_enter_start_post(s);
2396 else
2397 socket_enter_stop_pre(s, f);
2398 break;
2399
2400 case SOCKET_START_POST:
2401 if (f == SOCKET_SUCCESS)
2402 socket_enter_listening(s);
2403 else
2404 socket_enter_stop_pre(s, f);
2405 break;
2406
2407 case SOCKET_STOP_PRE:
2408 case SOCKET_STOP_PRE_SIGTERM:
2409 case SOCKET_STOP_PRE_SIGKILL:
2410 socket_enter_stop_post(s, f);
2411 break;
2412
2413 case SOCKET_STOP_POST:
2414 case SOCKET_FINAL_SIGTERM:
2415 case SOCKET_FINAL_SIGKILL:
2416 socket_enter_dead(s, f);
2417 break;
2418
2419 default:
2420 assert_not_reached("Uh, control process died at wrong time.");
2421 }
2422 }
2423
2424 /* Notify clients about changed exit status */
2425 unit_add_to_dbus_queue(u);
2426 }
2427
2428 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2429 Socket *s = SOCKET(userdata);
2430
2431 assert(s);
2432 assert(s->timer_event_source == source);
2433
2434 switch (s->state) {
2435
2436 case SOCKET_START_PRE:
2437 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
2438 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2439 break;
2440
2441 case SOCKET_START_CHOWN:
2442 case SOCKET_START_POST:
2443 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
2444 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2445 break;
2446
2447 case SOCKET_STOP_PRE:
2448 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
2449 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2450 break;
2451
2452 case SOCKET_STOP_PRE_SIGTERM:
2453 if (s->kill_context.send_sigkill) {
2454 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
2455 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2456 } else {
2457 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2458 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2459 }
2460 break;
2461
2462 case SOCKET_STOP_PRE_SIGKILL:
2463 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
2464 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2465 break;
2466
2467 case SOCKET_STOP_POST:
2468 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
2469 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2470 break;
2471
2472 case SOCKET_FINAL_SIGTERM:
2473 if (s->kill_context.send_sigkill) {
2474 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
2475 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2476 } else {
2477 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2478 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2479 }
2480 break;
2481
2482 case SOCKET_FINAL_SIGKILL:
2483 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
2484 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2485 break;
2486
2487 default:
2488 assert_not_reached("Timeout at wrong time.");
2489 }
2490
2491 return 0;
2492 }
2493
2494 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2495 int *rfds;
2496 unsigned rn_fds, k;
2497 SocketPort *p;
2498
2499 assert(s);
2500 assert(fds);
2501 assert(n_fds);
2502
2503 /* Called from the service code for requesting our fds */
2504
2505 rn_fds = 0;
2506 LIST_FOREACH(port, p, s->ports)
2507 if (p->fd >= 0)
2508 rn_fds++;
2509
2510 if (rn_fds <= 0) {
2511 *fds = NULL;
2512 *n_fds = 0;
2513 return 0;
2514 }
2515
2516 rfds = new(int, rn_fds);
2517 if (!rfds)
2518 return -ENOMEM;
2519
2520 k = 0;
2521 LIST_FOREACH(port, p, s->ports)
2522 if (p->fd >= 0)
2523 rfds[k++] = p->fd;
2524
2525 assert(k == rn_fds);
2526
2527 *fds = rfds;
2528 *n_fds = rn_fds;
2529
2530 return 0;
2531 }
2532
2533 static void socket_reset_failed(Unit *u) {
2534 Socket *s = SOCKET(u);
2535
2536 assert(s);
2537
2538 if (s->state == SOCKET_FAILED)
2539 socket_set_state(s, SOCKET_DEAD);
2540
2541 s->result = SOCKET_SUCCESS;
2542 }
2543
2544 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2545 assert(s);
2546
2547 /* The service is dead. Dang!
2548 *
2549 * This is strictly for one-instance-for-all-connections
2550 * services. */
2551
2552 if (s->state == SOCKET_RUNNING) {
2553 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
2554 if (failed_permanent)
2555 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2556 else
2557 socket_enter_listening(s);
2558 }
2559 }
2560
2561 void socket_connection_unref(Socket *s) {
2562 assert(s);
2563
2564 /* The service is dead. Yay!
2565 *
2566 * This is strictly for one-instance-per-connection
2567 * services. */
2568
2569 assert(s->n_connections > 0);
2570 s->n_connections--;
2571
2572 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
2573 }
2574
2575 static void socket_trigger_notify(Unit *u, Unit *other) {
2576 Socket *s = SOCKET(u);
2577 Service *se;
2578
2579 assert(u);
2580 assert(other);
2581
2582 /* Don't propagate state changes from the service if we are
2583 already down or accepting connections */
2584 if ((s->state != SOCKET_RUNNING &&
2585 s->state != SOCKET_LISTENING) ||
2586 s->accept)
2587 return;
2588
2589 if (other->load_state != UNIT_LOADED ||
2590 other->type != UNIT_SERVICE)
2591 return;
2592
2593 se = SERVICE(other);
2594
2595 if (se->state == SERVICE_FAILED)
2596 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2597
2598 if (se->state == SERVICE_DEAD ||
2599 se->state == SERVICE_FINAL_SIGTERM ||
2600 se->state == SERVICE_FINAL_SIGKILL ||
2601 se->state == SERVICE_AUTO_RESTART)
2602 socket_notify_service_dead(s, false);
2603
2604 if (se->state == SERVICE_RUNNING)
2605 socket_set_state(s, SOCKET_RUNNING);
2606 }
2607
2608 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2609 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2610 }
2611
2612 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2613 Socket *s = SOCKET(u);
2614 int r;
2615
2616 if (!s->timer_event_source)
2617 return 0;
2618
2619 r = sd_event_source_get_time(s->timer_event_source, timeout);
2620 if (r < 0)
2621 return r;
2622
2623 return 1;
2624 }
2625
2626 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2627 [SOCKET_DEAD] = "dead",
2628 [SOCKET_START_PRE] = "start-pre",
2629 [SOCKET_START_CHOWN] = "start-chown",
2630 [SOCKET_START_POST] = "start-post",
2631 [SOCKET_LISTENING] = "listening",
2632 [SOCKET_RUNNING] = "running",
2633 [SOCKET_STOP_PRE] = "stop-pre",
2634 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2635 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2636 [SOCKET_STOP_POST] = "stop-post",
2637 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2638 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2639 [SOCKET_FAILED] = "failed"
2640 };
2641
2642 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2643
2644 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2645 [SOCKET_EXEC_START_PRE] = "StartPre",
2646 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2647 [SOCKET_EXEC_START_POST] = "StartPost",
2648 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2649 [SOCKET_EXEC_STOP_POST] = "StopPost"
2650 };
2651
2652 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2653
2654 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2655 [SOCKET_SUCCESS] = "success",
2656 [SOCKET_FAILURE_RESOURCES] = "resources",
2657 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2658 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2659 [SOCKET_FAILURE_SIGNAL] = "signal",
2660 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2661 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2662 };
2663
2664 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2665
2666 const UnitVTable socket_vtable = {
2667 .object_size = sizeof(Socket),
2668 .exec_context_offset = offsetof(Socket, exec_context),
2669 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2670 .kill_context_offset = offsetof(Socket, kill_context),
2671 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2672
2673 .sections =
2674 "Unit\0"
2675 "Socket\0"
2676 "Install\0",
2677 .private_section = "Socket",
2678
2679 .init = socket_init,
2680 .done = socket_done,
2681 .load = socket_load,
2682
2683 .coldplug = socket_coldplug,
2684
2685 .dump = socket_dump,
2686
2687 .start = socket_start,
2688 .stop = socket_stop,
2689
2690 .kill = socket_kill,
2691
2692 .get_timeout = socket_get_timeout,
2693
2694 .serialize = socket_serialize,
2695 .deserialize_item = socket_deserialize_item,
2696 .distribute_fds = socket_distribute_fds,
2697
2698 .active_state = socket_active_state,
2699 .sub_state_to_string = socket_sub_state_to_string,
2700
2701 .check_gc = socket_check_gc,
2702
2703 .sigchld_event = socket_sigchld_event,
2704
2705 .trigger_notify = socket_trigger_notify,
2706
2707 .reset_failed = socket_reset_failed,
2708
2709 .bus_vtable = bus_socket_vtable,
2710 .bus_set_property = bus_socket_set_property,
2711 .bus_commit_properties = bus_socket_commit_properties,
2712
2713 .status_message_formats = {
2714 /*.starting_stopping = {
2715 [0] = "Starting socket %s...",
2716 [1] = "Stopping socket %s...",
2717 },*/
2718 .finished_start_job = {
2719 [JOB_DONE] = "Listening on %s.",
2720 [JOB_FAILED] = "Failed to listen on %s.",
2721 [JOB_TIMEOUT] = "Timed out starting %s.",
2722 },
2723 .finished_stop_job = {
2724 [JOB_DONE] = "Closed %s.",
2725 [JOB_FAILED] = "Failed stopping %s.",
2726 [JOB_TIMEOUT] = "Timed out stopping %s.",
2727 },
2728 },
2729 };
Unnamed repository; edit this file 'description' to name the repository.