]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/core/socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #1335 from poettering/some-fixes
[thirdparty/systemd.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/stat.h>
23 #include <unistd.h>
24 #include <errno.h>
25 #include <fcntl.h>
26 #include <sys/epoll.h>
27 #include <signal.h>
28 #include <arpa/inet.h>
29 #include <netinet/tcp.h>
30 #include <mqueue.h>
31
32 #include "sd-event.h"
33 #include "log.h"
34 #include "strv.h"
35 #include "mkdir.h"
36 #include "path-util.h"
37 #include "unit-name.h"
38 #include "unit-printf.h"
39 #include "missing.h"
40 #include "special.h"
41 #include "label.h"
42 #include "exit-status.h"
43 #include "def.h"
44 #include "smack-util.h"
45 #include "bus-util.h"
46 #include "bus-error.h"
47 #include "selinux-util.h"
48 #include "dbus-socket.h"
49 #include "unit.h"
50 #include "formats-util.h"
51 #include "signal-util.h"
52 #include "socket.h"
53 #include "copy.h"
54
55 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
56 [SOCKET_DEAD] = UNIT_INACTIVE,
57 [SOCKET_START_PRE] = UNIT_ACTIVATING,
58 [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
59 [SOCKET_START_POST] = UNIT_ACTIVATING,
60 [SOCKET_LISTENING] = UNIT_ACTIVE,
61 [SOCKET_RUNNING] = UNIT_ACTIVE,
62 [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
63 [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
64 [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
65 [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
66 [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
67 [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
68 [SOCKET_FAILED] = UNIT_FAILED
69 };
70
71 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
72 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
73
74 static void socket_init(Unit *u) {
75 Socket *s = SOCKET(u);
76
77 assert(u);
78 assert(u->load_state == UNIT_STUB);
79
80 s->backlog = SOMAXCONN;
81 s->timeout_usec = u->manager->default_timeout_start_usec;
82 s->directory_mode = 0755;
83 s->socket_mode = 0666;
84
85 s->max_connections = 64;
86
87 s->priority = -1;
88 s->ip_tos = -1;
89 s->ip_ttl = -1;
90 s->mark = -1;
91
92 s->exec_context.std_output = u->manager->default_std_output;
93 s->exec_context.std_error = u->manager->default_std_error;
94
95 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
96 }
97
98 static void socket_unwatch_control_pid(Socket *s) {
99 assert(s);
100
101 if (s->control_pid <= 0)
102 return;
103
104 unit_unwatch_pid(UNIT(s), s->control_pid);
105 s->control_pid = 0;
106 }
107
108 static void socket_cleanup_fd_list(SocketPort *p) {
109 int k = p->n_auxiliary_fds;
110
111 while (k--)
112 safe_close(p->auxiliary_fds[k]);
113
114 p->auxiliary_fds = mfree(p->auxiliary_fds);
115 p->n_auxiliary_fds = 0;
116 }
117
118 void socket_free_ports(Socket *s) {
119 SocketPort *p;
120
121 assert(s);
122
123 while ((p = s->ports)) {
124 LIST_REMOVE(port, s->ports, p);
125
126 sd_event_source_unref(p->event_source);
127
128 socket_cleanup_fd_list(p);
129 safe_close(p->fd);
130 free(p->path);
131 free(p);
132 }
133 }
134
135 static void socket_done(Unit *u) {
136 Socket *s = SOCKET(u);
137
138 assert(s);
139
140 socket_free_ports(s);
141
142 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
143 exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
144 s->control_command = NULL;
145
146 socket_unwatch_control_pid(s);
147
148 unit_ref_unset(&s->service);
149
150 s->tcp_congestion = mfree(s->tcp_congestion);
151 s->bind_to_device = mfree(s->bind_to_device);
152
153 free(s->smack);
154 free(s->smack_ip_in);
155 free(s->smack_ip_out);
156
157 strv_free(s->symlinks);
158
159 free(s->user);
160 free(s->group);
161
162 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
163 }
164
165 static int socket_arm_timer(Socket *s) {
166 int r;
167
168 assert(s);
169
170 if (s->timeout_usec <= 0) {
171 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
172 return 0;
173 }
174
175 if (s->timer_event_source) {
176 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
177 if (r < 0)
178 return r;
179
180 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
181 }
182
183 r = sd_event_add_time(
184 UNIT(s)->manager->event,
185 &s->timer_event_source,
186 CLOCK_MONOTONIC,
187 now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
188 socket_dispatch_timer, s);
189 if (r < 0)
190 return r;
191
192 (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
193
194 return 0;
195 }
196
197 int socket_instantiate_service(Socket *s) {
198 _cleanup_free_ char *prefix = NULL, *name = NULL;
199 int r;
200 Unit *u;
201
202 assert(s);
203
204 /* This fills in s->service if it isn't filled in yet. For
205 * Accept=yes sockets we create the next connection service
206 * here. For Accept=no this is mostly a NOP since the service
207 * is figured out at load time anyway. */
208
209 if (UNIT_DEREF(s->service))
210 return 0;
211
212 if (!s->accept)
213 return 0;
214
215 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
216 if (r < 0)
217 return r;
218
219 if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
220 return -ENOMEM;
221
222 r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
223 if (r < 0)
224 return r;
225
226 u->no_gc = true;
227 unit_ref_set(&s->service, u);
228
229 return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
230 }
231
232 static bool have_non_accept_socket(Socket *s) {
233 SocketPort *p;
234
235 assert(s);
236
237 if (!s->accept)
238 return true;
239
240 LIST_FOREACH(port, p, s->ports) {
241
242 if (p->type != SOCKET_SOCKET)
243 return true;
244
245 if (!socket_address_can_accept(&p->address))
246 return true;
247 }
248
249 return false;
250 }
251
252 static int socket_add_mount_links(Socket *s) {
253 SocketPort *p;
254 int r;
255
256 assert(s);
257
258 LIST_FOREACH(port, p, s->ports) {
259 const char *path = NULL;
260
261 if (p->type == SOCKET_SOCKET)
262 path = socket_address_get_path(&p->address);
263 else if (IN_SET(p->type, SOCKET_FIFO, SOCKET_SPECIAL, SOCKET_USB_FUNCTION))
264 path = p->path;
265
266 if (!path)
267 continue;
268
269 r = unit_require_mounts_for(UNIT(s), path);
270 if (r < 0)
271 return r;
272 }
273
274 return 0;
275 }
276
277 static int socket_add_device_link(Socket *s) {
278 char *t;
279
280 assert(s);
281
282 if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
283 return 0;
284
285 t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
286 return unit_add_node_link(UNIT(s), t, false);
287 }
288
289 static int socket_add_default_dependencies(Socket *s) {
290 int r;
291 assert(s);
292
293 r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
294 if (r < 0)
295 return r;
296
297 if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
298 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
299 if (r < 0)
300 return r;
301 }
302
303 return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
304 }
305
306 _pure_ static bool socket_has_exec(Socket *s) {
307 unsigned i;
308 assert(s);
309
310 for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
311 if (s->exec_command[i])
312 return true;
313
314 return false;
315 }
316
317 static int socket_add_extras(Socket *s) {
318 Unit *u = UNIT(s);
319 int r;
320
321 assert(s);
322
323 if (have_non_accept_socket(s)) {
324
325 if (!UNIT_DEREF(s->service)) {
326 Unit *x;
327
328 r = unit_load_related_unit(u, ".service", &x);
329 if (r < 0)
330 return r;
331
332 unit_ref_set(&s->service, x);
333 }
334
335 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
336 if (r < 0)
337 return r;
338 }
339
340 r = socket_add_mount_links(s);
341 if (r < 0)
342 return r;
343
344 r = socket_add_device_link(s);
345 if (r < 0)
346 return r;
347
348 r = unit_patch_contexts(u);
349 if (r < 0)
350 return r;
351
352 if (socket_has_exec(s)) {
353 r = unit_add_exec_dependencies(u, &s->exec_context);
354 if (r < 0)
355 return r;
356
357 r = unit_set_default_slice(u);
358 if (r < 0)
359 return r;
360 }
361
362 if (u->default_dependencies) {
363 r = socket_add_default_dependencies(s);
364 if (r < 0)
365 return r;
366 }
367
368 return 0;
369 }
370
371 static const char *socket_find_symlink_target(Socket *s) {
372 const char *found = NULL;
373 SocketPort *p;
374
375 LIST_FOREACH(port, p, s->ports) {
376 const char *f = NULL;
377
378 switch (p->type) {
379
380 case SOCKET_FIFO:
381 f = p->path;
382 break;
383
384 case SOCKET_SOCKET:
385 if (p->address.sockaddr.un.sun_path[0] != 0)
386 f = p->address.sockaddr.un.sun_path;
387 break;
388
389 default:
390 break;
391 }
392
393 if (f) {
394 if (found)
395 return NULL;
396
397 found = f;
398 }
399 }
400
401 return found;
402 }
403
404 static int socket_verify(Socket *s) {
405 assert(s);
406
407 if (UNIT(s)->load_state != UNIT_LOADED)
408 return 0;
409
410 if (!s->ports) {
411 log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
412 return -EINVAL;
413 }
414
415 if (s->accept && have_non_accept_socket(s)) {
416 log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
417 return -EINVAL;
418 }
419
420 if (s->accept && s->max_connections <= 0) {
421 log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
422 return -EINVAL;
423 }
424
425 if (s->accept && UNIT_DEREF(s->service)) {
426 log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
427 return -EINVAL;
428 }
429
430 if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
431 log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
432 return -EINVAL;
433 }
434
435 if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
436 log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
437 return -EINVAL;
438 }
439
440 return 0;
441 }
442
443 static int socket_load(Unit *u) {
444 Socket *s = SOCKET(u);
445 int r;
446
447 assert(u);
448 assert(u->load_state == UNIT_STUB);
449
450 r = unit_load_fragment_and_dropin(u);
451 if (r < 0)
452 return r;
453
454 if (u->load_state == UNIT_LOADED) {
455 /* This is a new unit? Then let's add in some extras */
456 r = socket_add_extras(s);
457 if (r < 0)
458 return r;
459 }
460
461 return socket_verify(s);
462 }
463
464 _const_ static const char* listen_lookup(int family, int type) {
465
466 if (family == AF_NETLINK)
467 return "ListenNetlink";
468
469 if (type == SOCK_STREAM)
470 return "ListenStream";
471 else if (type == SOCK_DGRAM)
472 return "ListenDatagram";
473 else if (type == SOCK_SEQPACKET)
474 return "ListenSequentialPacket";
475
476 assert_not_reached("Unknown socket type");
477 return NULL;
478 }
479
480 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
481 char time_string[FORMAT_TIMESPAN_MAX];
482 SocketExecCommand c;
483 Socket *s = SOCKET(u);
484 SocketPort *p;
485 const char *prefix2;
486
487 assert(s);
488 assert(f);
489
490 prefix = strempty(prefix);
491 prefix2 = strjoina(prefix, "\t");
492
493 fprintf(f,
494 "%sSocket State: %s\n"
495 "%sResult: %s\n"
496 "%sBindIPv6Only: %s\n"
497 "%sBacklog: %u\n"
498 "%sSocketMode: %04o\n"
499 "%sDirectoryMode: %04o\n"
500 "%sKeepAlive: %s\n"
501 "%sNoDelay: %s\n"
502 "%sFreeBind: %s\n"
503 "%sTransparent: %s\n"
504 "%sBroadcast: %s\n"
505 "%sPassCredentials: %s\n"
506 "%sPassSecurity: %s\n"
507 "%sTCPCongestion: %s\n"
508 "%sRemoveOnStop: %s\n"
509 "%sSELinuxContextFromNet: %s\n",
510 prefix, socket_state_to_string(s->state),
511 prefix, socket_result_to_string(s->result),
512 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
513 prefix, s->backlog,
514 prefix, s->socket_mode,
515 prefix, s->directory_mode,
516 prefix, yes_no(s->keep_alive),
517 prefix, yes_no(s->no_delay),
518 prefix, yes_no(s->free_bind),
519 prefix, yes_no(s->transparent),
520 prefix, yes_no(s->broadcast),
521 prefix, yes_no(s->pass_cred),
522 prefix, yes_no(s->pass_sec),
523 prefix, strna(s->tcp_congestion),
524 prefix, yes_no(s->remove_on_stop),
525 prefix, yes_no(s->selinux_context_from_net));
526
527 if (s->control_pid > 0)
528 fprintf(f,
529 "%sControl PID: "PID_FMT"\n",
530 prefix, s->control_pid);
531
532 if (s->bind_to_device)
533 fprintf(f,
534 "%sBindToDevice: %s\n",
535 prefix, s->bind_to_device);
536
537 if (s->accept)
538 fprintf(f,
539 "%sAccepted: %u\n"
540 "%sNConnections: %u\n"
541 "%sMaxConnections: %u\n",
542 prefix, s->n_accepted,
543 prefix, s->n_connections,
544 prefix, s->max_connections);
545
546 if (s->priority >= 0)
547 fprintf(f,
548 "%sPriority: %i\n",
549 prefix, s->priority);
550
551 if (s->receive_buffer > 0)
552 fprintf(f,
553 "%sReceiveBuffer: %zu\n",
554 prefix, s->receive_buffer);
555
556 if (s->send_buffer > 0)
557 fprintf(f,
558 "%sSendBuffer: %zu\n",
559 prefix, s->send_buffer);
560
561 if (s->ip_tos >= 0)
562 fprintf(f,
563 "%sIPTOS: %i\n",
564 prefix, s->ip_tos);
565
566 if (s->ip_ttl >= 0)
567 fprintf(f,
568 "%sIPTTL: %i\n",
569 prefix, s->ip_ttl);
570
571 if (s->pipe_size > 0)
572 fprintf(f,
573 "%sPipeSize: %zu\n",
574 prefix, s->pipe_size);
575
576 if (s->mark >= 0)
577 fprintf(f,
578 "%sMark: %i\n",
579 prefix, s->mark);
580
581 if (s->mq_maxmsg > 0)
582 fprintf(f,
583 "%sMessageQueueMaxMessages: %li\n",
584 prefix, s->mq_maxmsg);
585
586 if (s->mq_msgsize > 0)
587 fprintf(f,
588 "%sMessageQueueMessageSize: %li\n",
589 prefix, s->mq_msgsize);
590
591 if (s->reuse_port)
592 fprintf(f,
593 "%sReusePort: %s\n",
594 prefix, yes_no(s->reuse_port));
595
596 if (s->smack)
597 fprintf(f,
598 "%sSmackLabel: %s\n",
599 prefix, s->smack);
600
601 if (s->smack_ip_in)
602 fprintf(f,
603 "%sSmackLabelIPIn: %s\n",
604 prefix, s->smack_ip_in);
605
606 if (s->smack_ip_out)
607 fprintf(f,
608 "%sSmackLabelIPOut: %s\n",
609 prefix, s->smack_ip_out);
610
611 if (!isempty(s->user) || !isempty(s->group))
612 fprintf(f,
613 "%sOwnerUser: %s\n"
614 "%sOwnerGroup: %s\n",
615 prefix, strna(s->user),
616 prefix, strna(s->group));
617
618 if (s->keep_alive_time > 0)
619 fprintf(f,
620 "%sKeepAliveTimeSec: %s\n",
621 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
622
623 if (s->keep_alive_interval)
624 fprintf(f,
625 "%sKeepAliveIntervalSec: %s\n",
626 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
627
628 if (s->keep_alive_cnt)
629 fprintf(f,
630 "%sKeepAliveProbes: %u\n",
631 prefix, s->keep_alive_cnt);
632
633 if (s->defer_accept)
634 fprintf(f,
635 "%sDeferAcceptSec: %s\n",
636 prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
637
638 LIST_FOREACH(port, p, s->ports) {
639
640 if (p->type == SOCKET_SOCKET) {
641 const char *t;
642 int r;
643 char *k = NULL;
644
645 if ((r = socket_address_print(&p->address, &k)) < 0)
646 t = strerror(-r);
647 else
648 t = k;
649
650 fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
651 free(k);
652 } else if (p->type == SOCKET_SPECIAL)
653 fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
654 else if (p->type == SOCKET_USB_FUNCTION)
655 fprintf(f, "%sListenUSBFunction: %s\n", prefix, p->path);
656 else if (p->type == SOCKET_MQUEUE)
657 fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
658 else
659 fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
660 }
661
662 exec_context_dump(&s->exec_context, f, prefix);
663 kill_context_dump(&s->kill_context, f, prefix);
664
665 for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
666 if (!s->exec_command[c])
667 continue;
668
669 fprintf(f, "%s-> %s:\n",
670 prefix, socket_exec_command_to_string(c));
671
672 exec_command_dump_list(s->exec_command[c], f, prefix2);
673 }
674 }
675
676 static int instance_from_socket(int fd, unsigned nr, char **instance) {
677 socklen_t l;
678 char *r;
679 union sockaddr_union local, remote;
680
681 assert(fd >= 0);
682 assert(instance);
683
684 l = sizeof(local);
685 if (getsockname(fd, &local.sa, &l) < 0)
686 return -errno;
687
688 l = sizeof(remote);
689 if (getpeername(fd, &remote.sa, &l) < 0)
690 return -errno;
691
692 switch (local.sa.sa_family) {
693
694 case AF_INET: {
695 uint32_t
696 a = ntohl(local.in.sin_addr.s_addr),
697 b = ntohl(remote.in.sin_addr.s_addr);
698
699 if (asprintf(&r,
700 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
701 nr,
702 a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
703 ntohs(local.in.sin_port),
704 b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
705 ntohs(remote.in.sin_port)) < 0)
706 return -ENOMEM;
707
708 break;
709 }
710
711 case AF_INET6: {
712 static const unsigned char ipv4_prefix[] = {
713 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
714 };
715
716 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
717 memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
718 const uint8_t
719 *a = local.in6.sin6_addr.s6_addr+12,
720 *b = remote.in6.sin6_addr.s6_addr+12;
721
722 if (asprintf(&r,
723 "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
724 nr,
725 a[0], a[1], a[2], a[3],
726 ntohs(local.in6.sin6_port),
727 b[0], b[1], b[2], b[3],
728 ntohs(remote.in6.sin6_port)) < 0)
729 return -ENOMEM;
730 } else {
731 char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
732
733 if (asprintf(&r,
734 "%u-%s:%u-%s:%u",
735 nr,
736 inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
737 ntohs(local.in6.sin6_port),
738 inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
739 ntohs(remote.in6.sin6_port)) < 0)
740 return -ENOMEM;
741 }
742
743 break;
744 }
745
746 case AF_UNIX: {
747 struct ucred ucred;
748 int k;
749
750 k = getpeercred(fd, &ucred);
751 if (k >= 0) {
752 if (asprintf(&r,
753 "%u-"PID_FMT"-"UID_FMT,
754 nr, ucred.pid, ucred.uid) < 0)
755 return -ENOMEM;
756 } else if (k == -ENODATA) {
757 /* This handles the case where somebody is
758 * connecting from another pid/uid namespace
759 * (e.g. from outside of our container). */
760 if (asprintf(&r,
761 "%u-unknown",
762 nr) < 0)
763 return -ENOMEM;
764 } else
765 return k;
766
767 break;
768 }
769
770 default:
771 assert_not_reached("Unhandled socket type.");
772 }
773
774 *instance = r;
775 return 0;
776 }
777
778 static void socket_close_fds(Socket *s) {
779 SocketPort *p;
780 char **i;
781
782 assert(s);
783
784 LIST_FOREACH(port, p, s->ports) {
785
786 p->event_source = sd_event_source_unref(p->event_source);
787
788 if (p->fd < 0)
789 continue;
790
791 p->fd = safe_close(p->fd);
792 socket_cleanup_fd_list(p);
793
794 /* One little note: we should normally not delete any
795 * sockets in the file system here! After all some
796 * other process we spawned might still have a
797 * reference of this fd and wants to continue to use
798 * it. Therefore we delete sockets in the file system
799 * before we create a new one, not after we stopped
800 * using one! */
801
802 if (s->remove_on_stop) {
803 switch (p->type) {
804
805 case SOCKET_FIFO:
806 unlink(p->path);
807 break;
808
809 case SOCKET_MQUEUE:
810 mq_unlink(p->path);
811 break;
812
813 case SOCKET_SOCKET:
814 socket_address_unlink(&p->address);
815 break;
816
817 default:
818 break;
819 }
820 }
821 }
822
823 if (s->remove_on_stop)
824 STRV_FOREACH(i, s->symlinks)
825 unlink(*i);
826 }
827
828 static void socket_apply_socket_options(Socket *s, int fd) {
829 int r;
830
831 assert(s);
832 assert(fd >= 0);
833
834 if (s->keep_alive) {
835 int b = s->keep_alive;
836 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
837 log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
838 }
839
840 if (s->keep_alive_time) {
841 int value = s->keep_alive_time / USEC_PER_SEC;
842 if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
843 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
844 }
845
846 if (s->keep_alive_interval) {
847 int value = s->keep_alive_interval / USEC_PER_SEC;
848 if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
849 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
850 }
851
852 if (s->keep_alive_cnt) {
853 int value = s->keep_alive_cnt;
854 if (setsockopt(fd, SOL_TCP, TCP_KEEPCNT, &value, sizeof(value)) < 0)
855 log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
856 }
857
858 if (s->defer_accept) {
859 int value = s->defer_accept / USEC_PER_SEC;
860 if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
861 log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
862 }
863
864 if (s->no_delay) {
865 int b = s->no_delay;
866 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
867 log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
868 }
869
870 if (s->broadcast) {
871 int one = 1;
872 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
873 log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
874 }
875
876 if (s->pass_cred) {
877 int one = 1;
878 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
879 log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
880 }
881
882 if (s->pass_sec) {
883 int one = 1;
884 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
885 log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
886 }
887
888 if (s->priority >= 0)
889 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
890 log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
891
892 if (s->receive_buffer > 0) {
893 int value = (int) s->receive_buffer;
894
895 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
896
897 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
898 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
899 log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
900 }
901
902 if (s->send_buffer > 0) {
903 int value = (int) s->send_buffer;
904 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
905 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
906 log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
907 }
908
909 if (s->mark >= 0)
910 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
911 log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
912
913 if (s->ip_tos >= 0)
914 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
915 log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
916
917 if (s->ip_ttl >= 0) {
918 int x;
919
920 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
921
922 if (socket_ipv6_is_supported())
923 x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
924 else {
925 x = -1;
926 errno = EAFNOSUPPORT;
927 }
928
929 if (r < 0 && x < 0)
930 log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
931 }
932
933 if (s->tcp_congestion)
934 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
935 log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
936
937 if (s->smack_ip_in) {
938 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPIN, s->smack_ip_in);
939 if (r < 0)
940 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
941 }
942
943 if (s->smack_ip_out) {
944 r = mac_smack_apply_fd(fd, SMACK_ATTR_IPOUT, s->smack_ip_out);
945 if (r < 0)
946 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
947 }
948 }
949
950 static void socket_apply_fifo_options(Socket *s, int fd) {
951 int r;
952
953 assert(s);
954 assert(fd >= 0);
955
956 if (s->pipe_size > 0)
957 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
958 log_unit_warning_errno(UNIT(s), errno, "F_SETPIPE_SZ: %m");
959
960 if (s->smack) {
961 r = mac_smack_apply_fd(fd, SMACK_ATTR_ACCESS, s->smack);
962 if (r < 0)
963 log_unit_error_errno(UNIT(s), r, "mac_smack_apply_fd: %m");
964 }
965 }
966
967 static int fifo_address_create(
968 const char *path,
969 mode_t directory_mode,
970 mode_t socket_mode,
971 int *_fd) {
972
973 int fd = -1, r = 0;
974 struct stat st;
975 mode_t old_mask;
976
977 assert(path);
978 assert(_fd);
979
980 mkdir_parents_label(path, directory_mode);
981
982 r = mac_selinux_create_file_prepare(path, S_IFIFO);
983 if (r < 0)
984 goto fail;
985
986 /* Enforce the right access mode for the fifo */
987 old_mask = umask(~ socket_mode);
988
989 /* Include the original umask in our mask */
990 umask(~socket_mode | old_mask);
991
992 r = mkfifo(path, socket_mode);
993 umask(old_mask);
994
995 if (r < 0 && errno != EEXIST) {
996 r = -errno;
997 goto fail;
998 }
999
1000 fd = open(path,
1001 O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
1002 if (fd < 0) {
1003 r = -errno;
1004 goto fail;
1005 }
1006
1007 mac_selinux_create_file_clear();
1008
1009 if (fstat(fd, &st) < 0) {
1010 r = -errno;
1011 goto fail;
1012 }
1013
1014 if (!S_ISFIFO(st.st_mode) ||
1015 (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1016 st.st_uid != getuid() ||
1017 st.st_gid != getgid()) {
1018
1019 r = -EEXIST;
1020 goto fail;
1021 }
1022
1023 *_fd = fd;
1024 return 0;
1025
1026 fail:
1027 mac_selinux_create_file_clear();
1028 safe_close(fd);
1029
1030 return r;
1031 }
1032
1033 static int special_address_create(
1034 const char *path,
1035 int *_fd) {
1036
1037 int fd = -1, r = 0;
1038 struct stat st;
1039
1040 assert(path);
1041 assert(_fd);
1042
1043 fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1044 if (fd < 0) {
1045 r = -errno;
1046 goto fail;
1047 }
1048
1049 if (fstat(fd, &st) < 0) {
1050 r = -errno;
1051 goto fail;
1052 }
1053
1054 /* Check whether this is a /proc, /sys or /dev file or char device */
1055 if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1056 r = -EEXIST;
1057 goto fail;
1058 }
1059
1060 *_fd = fd;
1061 return 0;
1062
1063 fail:
1064 safe_close(fd);
1065
1066 return r;
1067 }
1068
1069 static int ffs_address_create(
1070 const char *path,
1071 int *_fd) {
1072
1073 _cleanup_close_ int fd = -1;
1074 struct stat st;
1075
1076 assert(path);
1077 assert(_fd);
1078
1079 fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1080 if (fd < 0)
1081 return -errno;
1082
1083 if (fstat(fd, &st) < 0)
1084 return -errno;
1085
1086 /* Check whether this is a regular file (ffs endpoint)*/
1087 if (!S_ISREG(st.st_mode))
1088 return -EEXIST;
1089
1090 *_fd = fd;
1091 fd = -1;
1092
1093 return 0;
1094 }
1095
1096 static int mq_address_create(
1097 const char *path,
1098 mode_t mq_mode,
1099 long maxmsg,
1100 long msgsize,
1101 int *_fd) {
1102
1103 int fd = -1, r = 0;
1104 struct stat st;
1105 mode_t old_mask;
1106 struct mq_attr _attr, *attr = NULL;
1107
1108 assert(path);
1109 assert(_fd);
1110
1111 if (maxmsg > 0 && msgsize > 0) {
1112 zero(_attr);
1113 _attr.mq_flags = O_NONBLOCK;
1114 _attr.mq_maxmsg = maxmsg;
1115 _attr.mq_msgsize = msgsize;
1116 attr = &_attr;
1117 }
1118
1119 /* Enforce the right access mode for the mq */
1120 old_mask = umask(~ mq_mode);
1121
1122 /* Include the original umask in our mask */
1123 umask(~mq_mode | old_mask);
1124 fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1125 umask(old_mask);
1126
1127 if (fd < 0) {
1128 r = -errno;
1129 goto fail;
1130 }
1131
1132 if (fstat(fd, &st) < 0) {
1133 r = -errno;
1134 goto fail;
1135 }
1136
1137 if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1138 st.st_uid != getuid() ||
1139 st.st_gid != getgid()) {
1140
1141 r = -EEXIST;
1142 goto fail;
1143 }
1144
1145 *_fd = fd;
1146 return 0;
1147
1148 fail:
1149 safe_close(fd);
1150 return r;
1151 }
1152
1153 static int socket_symlink(Socket *s) {
1154 const char *p;
1155 char **i;
1156
1157 assert(s);
1158
1159 p = socket_find_symlink_target(s);
1160 if (!p)
1161 return 0;
1162
1163 STRV_FOREACH(i, s->symlinks)
1164 symlink_label(p, *i);
1165
1166 return 0;
1167 }
1168
1169 static int ffs_write_descs(int fd, Unit *u) {
1170 Service *s = SERVICE(u);
1171 int r;
1172
1173 if (!s->usb_function_descriptors || !s->usb_function_strings)
1174 return -EINVAL;
1175
1176 r = copy_file_fd(s->usb_function_descriptors, fd, false);
1177 if (r < 0)
1178 return 0;
1179
1180 r = copy_file_fd(s->usb_function_strings, fd, false);
1181
1182 return r;
1183 }
1184
1185 static int select_ep(const struct dirent *d) {
1186 return d->d_name[0] != '.' && !streq(d->d_name, "ep0");
1187 }
1188
1189 static int ffs_dispatch_eps(SocketPort *p) {
1190 _cleanup_free_ struct dirent **ent = NULL;
1191 int r, i, n, k;
1192 _cleanup_free_ char *path = NULL;
1193
1194 r = path_get_parent(p->path, &path);
1195 if (r < 0)
1196 return r;
1197
1198 r = scandir(path, &ent, select_ep, alphasort);
1199 if (r < 0)
1200 return -errno;
1201
1202 n = r;
1203 p->auxiliary_fds = new(int, n);
1204 if (!p->auxiliary_fds)
1205 return -ENOMEM;
1206
1207 p->n_auxiliary_fds = n;
1208
1209 k = 0;
1210 for (i = 0; i < n; ++i) {
1211 _cleanup_free_ char *ep = NULL;
1212
1213 ep = path_make_absolute(ent[i]->d_name, path);
1214 if (!ep)
1215 return -ENOMEM;
1216
1217 path_kill_slashes(ep);
1218
1219 r = ffs_address_create(ep, &p->auxiliary_fds[k]);
1220 if (r < 0)
1221 goto fail;
1222
1223 ++k;
1224 free(ent[i]);
1225 }
1226
1227 return r;
1228
1229 fail:
1230 while (k)
1231 safe_close(p->auxiliary_fds[--k]);
1232
1233 p->auxiliary_fds = mfree(p->auxiliary_fds);
1234 p->n_auxiliary_fds = 0;
1235
1236 return r;
1237 }
1238
1239 static int socket_open_fds(Socket *s) {
1240 SocketPort *p;
1241 int r;
1242 char *label = NULL;
1243 bool know_label = false;
1244
1245 assert(s);
1246
1247 LIST_FOREACH(port, p, s->ports) {
1248
1249 if (p->fd >= 0)
1250 continue;
1251
1252 if (p->type == SOCKET_SOCKET) {
1253
1254 if (!know_label) {
1255 /* Figure out label, if we don't it know
1256 * yet. We do it once, for the first
1257 * socket where we need this and
1258 * remember it for the rest. */
1259
1260 if (s->selinux_context_from_net) {
1261 /* Get it from the network label */
1262
1263 r = mac_selinux_get_our_label(&label);
1264 if (r < 0 && r != -EOPNOTSUPP)
1265 goto rollback;
1266
1267 } else {
1268 /* Get it from the executable we are about to start */
1269
1270 r = socket_instantiate_service(s);
1271 if (r < 0)
1272 goto rollback;
1273
1274 if (UNIT_ISSET(s->service) &&
1275 SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1276 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1277 if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1278 goto rollback;
1279 }
1280 }
1281
1282 know_label = true;
1283 }
1284
1285 r = socket_address_listen(
1286 &p->address,
1287 SOCK_CLOEXEC|SOCK_NONBLOCK,
1288 s->backlog,
1289 s->bind_ipv6_only,
1290 s->bind_to_device,
1291 s->reuse_port,
1292 s->free_bind,
1293 s->transparent,
1294 s->directory_mode,
1295 s->socket_mode,
1296 label);
1297 if (r < 0)
1298 goto rollback;
1299
1300 p->fd = r;
1301 socket_apply_socket_options(s, p->fd);
1302 socket_symlink(s);
1303
1304 } else if (p->type == SOCKET_SPECIAL) {
1305
1306 r = special_address_create(
1307 p->path,
1308 &p->fd);
1309 if (r < 0)
1310 goto rollback;
1311
1312 } else if (p->type == SOCKET_FIFO) {
1313
1314 r = fifo_address_create(
1315 p->path,
1316 s->directory_mode,
1317 s->socket_mode,
1318 &p->fd);
1319 if (r < 0)
1320 goto rollback;
1321
1322 socket_apply_fifo_options(s, p->fd);
1323 socket_symlink(s);
1324
1325 } else if (p->type == SOCKET_MQUEUE) {
1326
1327 r = mq_address_create(
1328 p->path,
1329 s->socket_mode,
1330 s->mq_maxmsg,
1331 s->mq_msgsize,
1332 &p->fd);
1333 if (r < 0)
1334 goto rollback;
1335 } else if (p->type == SOCKET_USB_FUNCTION) {
1336
1337 r = ffs_address_create(
1338 p->path,
1339 &p->fd);
1340 if (r < 0)
1341 goto rollback;
1342
1343 r = ffs_write_descs(p->fd, s->service.unit);
1344 if (r < 0)
1345 goto rollback;
1346
1347 r = ffs_dispatch_eps(p);
1348 if (r < 0)
1349 goto rollback;
1350 } else
1351 assert_not_reached("Unknown port type");
1352 }
1353
1354 mac_selinux_free(label);
1355 return 0;
1356
1357 rollback:
1358 socket_close_fds(s);
1359 mac_selinux_free(label);
1360
1361 return r;
1362 }
1363
1364 static void socket_unwatch_fds(Socket *s) {
1365 SocketPort *p;
1366 int r;
1367
1368 assert(s);
1369
1370 LIST_FOREACH(port, p, s->ports) {
1371 if (p->fd < 0)
1372 continue;
1373
1374 if (!p->event_source)
1375 continue;
1376
1377 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1378 if (r < 0)
1379 log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
1380 }
1381 }
1382
1383 static int socket_watch_fds(Socket *s) {
1384 SocketPort *p;
1385 int r;
1386
1387 assert(s);
1388
1389 LIST_FOREACH(port, p, s->ports) {
1390 if (p->fd < 0)
1391 continue;
1392
1393 if (p->event_source) {
1394 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1395 if (r < 0)
1396 goto fail;
1397 } else {
1398 r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1399 if (r < 0)
1400 goto fail;
1401
1402 (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1403 }
1404 }
1405
1406 return 0;
1407
1408 fail:
1409 log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
1410 socket_unwatch_fds(s);
1411 return r;
1412 }
1413
1414 static void socket_set_state(Socket *s, SocketState state) {
1415 SocketState old_state;
1416 assert(s);
1417
1418 old_state = s->state;
1419 s->state = state;
1420
1421 if (!IN_SET(state,
1422 SOCKET_START_PRE,
1423 SOCKET_START_CHOWN,
1424 SOCKET_START_POST,
1425 SOCKET_STOP_PRE,
1426 SOCKET_STOP_PRE_SIGTERM,
1427 SOCKET_STOP_PRE_SIGKILL,
1428 SOCKET_STOP_POST,
1429 SOCKET_FINAL_SIGTERM,
1430 SOCKET_FINAL_SIGKILL)) {
1431
1432 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1433 socket_unwatch_control_pid(s);
1434 s->control_command = NULL;
1435 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1436 }
1437
1438 if (state != SOCKET_LISTENING)
1439 socket_unwatch_fds(s);
1440
1441 if (!IN_SET(state,
1442 SOCKET_START_CHOWN,
1443 SOCKET_START_POST,
1444 SOCKET_LISTENING,
1445 SOCKET_RUNNING,
1446 SOCKET_STOP_PRE,
1447 SOCKET_STOP_PRE_SIGTERM,
1448 SOCKET_STOP_PRE_SIGKILL))
1449 socket_close_fds(s);
1450
1451 if (state != old_state)
1452 log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
1453
1454 unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1455 }
1456
1457 static int socket_coldplug(Unit *u) {
1458 Socket *s = SOCKET(u);
1459 int r;
1460
1461 assert(s);
1462 assert(s->state == SOCKET_DEAD);
1463
1464 if (s->deserialized_state == s->state)
1465 return 0;
1466
1467 if (IN_SET(s->deserialized_state,
1468 SOCKET_START_PRE,
1469 SOCKET_START_CHOWN,
1470 SOCKET_START_POST,
1471 SOCKET_STOP_PRE,
1472 SOCKET_STOP_PRE_SIGTERM,
1473 SOCKET_STOP_PRE_SIGKILL,
1474 SOCKET_STOP_POST,
1475 SOCKET_FINAL_SIGTERM,
1476 SOCKET_FINAL_SIGKILL)) {
1477
1478 if (s->control_pid <= 0)
1479 return -EBADMSG;
1480
1481 r = unit_watch_pid(UNIT(s), s->control_pid);
1482 if (r < 0)
1483 return r;
1484
1485 r = socket_arm_timer(s);
1486 if (r < 0)
1487 return r;
1488 }
1489
1490 if (IN_SET(s->deserialized_state,
1491 SOCKET_START_CHOWN,
1492 SOCKET_START_POST,
1493 SOCKET_LISTENING,
1494 SOCKET_RUNNING,
1495 SOCKET_STOP_PRE,
1496 SOCKET_STOP_PRE_SIGTERM,
1497 SOCKET_STOP_PRE_SIGKILL)) {
1498 r = socket_open_fds(s);
1499 if (r < 0)
1500 return r;
1501 }
1502
1503 if (s->deserialized_state == SOCKET_LISTENING) {
1504 r = socket_watch_fds(s);
1505 if (r < 0)
1506 return r;
1507 }
1508
1509 socket_set_state(s, s->deserialized_state);
1510 return 0;
1511 }
1512
1513 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1514 _cleanup_free_ char **argv = NULL;
1515 pid_t pid;
1516 int r;
1517 ExecParameters exec_params = {
1518 .apply_permissions = true,
1519 .apply_chroot = true,
1520 .apply_tty_stdin = true,
1521 .bus_endpoint_fd = -1,
1522 };
1523
1524 assert(s);
1525 assert(c);
1526 assert(_pid);
1527
1528 (void) unit_realize_cgroup(UNIT(s));
1529 if (s->reset_cpu_usage) {
1530 (void) unit_reset_cpu_usage(UNIT(s));
1531 s->reset_cpu_usage = false;
1532 }
1533
1534 r = unit_setup_exec_runtime(UNIT(s));
1535 if (r < 0)
1536 goto fail;
1537
1538 r = socket_arm_timer(s);
1539 if (r < 0)
1540 goto fail;
1541
1542 r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1543 if (r < 0)
1544 goto fail;
1545
1546 exec_params.argv = argv;
1547 exec_params.environment = UNIT(s)->manager->environment;
1548 exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1549 exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1550 exec_params.cgroup_path = UNIT(s)->cgroup_path;
1551 exec_params.cgroup_delegate = s->cgroup_context.delegate;
1552 exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1553
1554 r = exec_spawn(UNIT(s),
1555 c,
1556 &s->exec_context,
1557 &exec_params,
1558 s->exec_runtime,
1559 &pid);
1560 if (r < 0)
1561 goto fail;
1562
1563 r = unit_watch_pid(UNIT(s), pid);
1564 if (r < 0)
1565 /* FIXME: we need to do something here */
1566 goto fail;
1567
1568 *_pid = pid;
1569 return 0;
1570
1571 fail:
1572 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1573 return r;
1574 }
1575
1576 static int socket_chown(Socket *s, pid_t *_pid) {
1577 pid_t pid;
1578 int r;
1579
1580 r = socket_arm_timer(s);
1581 if (r < 0)
1582 goto fail;
1583
1584 /* We have to resolve the user names out-of-process, hence
1585 * let's fork here. It's messy, but well, what can we do? */
1586
1587 pid = fork();
1588 if (pid < 0)
1589 return -errno;
1590
1591 if (pid == 0) {
1592 SocketPort *p;
1593 uid_t uid = UID_INVALID;
1594 gid_t gid = GID_INVALID;
1595 int ret;
1596
1597 (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1598 (void) ignore_signals(SIGPIPE, -1);
1599 log_forget_fds();
1600
1601 if (!isempty(s->user)) {
1602 const char *user = s->user;
1603
1604 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1605 if (r < 0) {
1606 ret = EXIT_USER;
1607 goto fail_child;
1608 }
1609 }
1610
1611 if (!isempty(s->group)) {
1612 const char *group = s->group;
1613
1614 r = get_group_creds(&group, &gid);
1615 if (r < 0) {
1616 ret = EXIT_GROUP;
1617 goto fail_child;
1618 }
1619 }
1620
1621 LIST_FOREACH(port, p, s->ports) {
1622 const char *path = NULL;
1623
1624 if (p->type == SOCKET_SOCKET)
1625 path = socket_address_get_path(&p->address);
1626 else if (p->type == SOCKET_FIFO)
1627 path = p->path;
1628
1629 if (!path)
1630 continue;
1631
1632 if (chown(path, uid, gid) < 0) {
1633 r = -errno;
1634 ret = EXIT_CHOWN;
1635 goto fail_child;
1636 }
1637 }
1638
1639 _exit(0);
1640
1641 fail_child:
1642 log_open();
1643 log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1644
1645 _exit(ret);
1646 }
1647
1648 r = unit_watch_pid(UNIT(s), pid);
1649 if (r < 0)
1650 goto fail;
1651
1652 *_pid = pid;
1653 return 0;
1654
1655 fail:
1656 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1657 return r;
1658 }
1659
1660 static void socket_enter_dead(Socket *s, SocketResult f) {
1661 assert(s);
1662
1663 if (f != SOCKET_SUCCESS)
1664 s->result = f;
1665
1666 exec_runtime_destroy(s->exec_runtime);
1667 s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1668
1669 exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1670
1671 socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1672 }
1673
1674 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1675
1676 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1677 int r;
1678 assert(s);
1679
1680 if (f != SOCKET_SUCCESS)
1681 s->result = f;
1682
1683 socket_unwatch_control_pid(s);
1684 s->control_command_id = SOCKET_EXEC_STOP_POST;
1685 s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1686
1687 if (s->control_command) {
1688 r = socket_spawn(s, s->control_command, &s->control_pid);
1689 if (r < 0)
1690 goto fail;
1691
1692 socket_set_state(s, SOCKET_STOP_POST);
1693 } else
1694 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1695
1696 return;
1697
1698 fail:
1699 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
1700 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1701 }
1702
1703 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1704 int r;
1705
1706 assert(s);
1707
1708 if (f != SOCKET_SUCCESS)
1709 s->result = f;
1710
1711 r = unit_kill_context(
1712 UNIT(s),
1713 &s->kill_context,
1714 (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1715 KILL_KILL : KILL_TERMINATE,
1716 -1,
1717 s->control_pid,
1718 false);
1719 if (r < 0)
1720 goto fail;
1721
1722 if (r > 0) {
1723 r = socket_arm_timer(s);
1724 if (r < 0)
1725 goto fail;
1726
1727 socket_set_state(s, state);
1728 } else if (state == SOCKET_STOP_PRE_SIGTERM)
1729 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1730 else if (state == SOCKET_STOP_PRE_SIGKILL)
1731 socket_enter_stop_post(s, SOCKET_SUCCESS);
1732 else if (state == SOCKET_FINAL_SIGTERM)
1733 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1734 else
1735 socket_enter_dead(s, SOCKET_SUCCESS);
1736
1737 return;
1738
1739 fail:
1740 log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
1741
1742 if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1743 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1744 else
1745 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1746 }
1747
1748 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1749 int r;
1750 assert(s);
1751
1752 if (f != SOCKET_SUCCESS)
1753 s->result = f;
1754
1755 socket_unwatch_control_pid(s);
1756 s->control_command_id = SOCKET_EXEC_STOP_PRE;
1757 s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1758
1759 if (s->control_command) {
1760 r = socket_spawn(s, s->control_command, &s->control_pid);
1761 if (r < 0)
1762 goto fail;
1763
1764 socket_set_state(s, SOCKET_STOP_PRE);
1765 } else
1766 socket_enter_stop_post(s, SOCKET_SUCCESS);
1767
1768 return;
1769
1770 fail:
1771 log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
1772 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1773 }
1774
1775 static void socket_enter_listening(Socket *s) {
1776 int r;
1777 assert(s);
1778
1779 r = socket_watch_fds(s);
1780 if (r < 0) {
1781 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1782 goto fail;
1783 }
1784
1785 socket_set_state(s, SOCKET_LISTENING);
1786 return;
1787
1788 fail:
1789 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1790 }
1791
1792 static void socket_enter_start_post(Socket *s) {
1793 int r;
1794 assert(s);
1795
1796 socket_unwatch_control_pid(s);
1797 s->control_command_id = SOCKET_EXEC_START_POST;
1798 s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1799
1800 if (s->control_command) {
1801 r = socket_spawn(s, s->control_command, &s->control_pid);
1802 if (r < 0) {
1803 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
1804 goto fail;
1805 }
1806
1807 socket_set_state(s, SOCKET_START_POST);
1808 } else
1809 socket_enter_listening(s);
1810
1811 return;
1812
1813 fail:
1814 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1815 }
1816
1817 static void socket_enter_start_chown(Socket *s) {
1818 int r;
1819
1820 assert(s);
1821
1822 r = socket_open_fds(s);
1823 if (r < 0) {
1824 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1825 goto fail;
1826 }
1827
1828 if (!isempty(s->user) || !isempty(s->group)) {
1829
1830 socket_unwatch_control_pid(s);
1831 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1832 s->control_command = NULL;
1833
1834 r = socket_chown(s, &s->control_pid);
1835 if (r < 0) {
1836 log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
1837 goto fail;
1838 }
1839
1840 socket_set_state(s, SOCKET_START_CHOWN);
1841 } else
1842 socket_enter_start_post(s);
1843
1844 return;
1845
1846 fail:
1847 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1848 }
1849
1850 static void socket_enter_start_pre(Socket *s) {
1851 int r;
1852 assert(s);
1853
1854 socket_unwatch_control_pid(s);
1855 s->control_command_id = SOCKET_EXEC_START_PRE;
1856 s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1857
1858 if (s->control_command) {
1859 r = socket_spawn(s, s->control_command, &s->control_pid);
1860 if (r < 0) {
1861 log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
1862 goto fail;
1863 }
1864
1865 socket_set_state(s, SOCKET_START_PRE);
1866 } else
1867 socket_enter_start_chown(s);
1868
1869 return;
1870
1871 fail:
1872 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1873 }
1874
1875 static void socket_enter_running(Socket *s, int cfd) {
1876 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1877 int r;
1878
1879 assert(s);
1880
1881 /* We don't take connections anymore if we are supposed to
1882 * shut down anyway */
1883 if (unit_stop_pending(UNIT(s))) {
1884
1885 log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
1886
1887 if (cfd >= 0)
1888 safe_close(cfd);
1889 else {
1890 /* Flush all sockets by closing and reopening them */
1891 socket_close_fds(s);
1892
1893 r = socket_open_fds(s);
1894 if (r < 0) {
1895 log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1896 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1897 return;
1898 }
1899
1900 r = socket_watch_fds(s);
1901 if (r < 0) {
1902 log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1903 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1904 }
1905 }
1906
1907 return;
1908 }
1909
1910 if (cfd < 0) {
1911 Iterator i;
1912 Unit *other;
1913 bool pending = false;
1914
1915 /* If there's already a start pending don't bother to
1916 * do anything */
1917 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1918 if (unit_active_or_pending(other)) {
1919 pending = true;
1920 break;
1921 }
1922
1923 if (!pending) {
1924 if (!UNIT_ISSET(s->service)) {
1925 log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
1926 r = -ENOENT;
1927 goto fail;
1928 }
1929
1930 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1931 if (r < 0)
1932 goto fail;
1933 }
1934
1935 socket_set_state(s, SOCKET_RUNNING);
1936 } else {
1937 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1938 Service *service;
1939
1940 if (s->n_connections >= s->max_connections) {
1941 log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
1942 safe_close(cfd);
1943 return;
1944 }
1945
1946 r = socket_instantiate_service(s);
1947 if (r < 0)
1948 goto fail;
1949
1950 r = instance_from_socket(cfd, s->n_accepted, &instance);
1951 if (r < 0) {
1952 if (r != -ENOTCONN)
1953 goto fail;
1954
1955 /* ENOTCONN is legitimate if TCP RST was received.
1956 * This connection is over, but the socket unit lives on. */
1957 safe_close(cfd);
1958 return;
1959 }
1960
1961 r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1962 if (r < 0)
1963 goto fail;
1964
1965 r = unit_name_build(prefix, instance, ".service", &name);
1966 if (r < 0)
1967 goto fail;
1968
1969 r = unit_add_name(UNIT_DEREF(s->service), name);
1970 if (r < 0)
1971 goto fail;
1972
1973 service = SERVICE(UNIT_DEREF(s->service));
1974 unit_ref_unset(&s->service);
1975 s->n_accepted ++;
1976
1977 UNIT(service)->no_gc = false;
1978
1979 unit_choose_id(UNIT(service), name);
1980
1981 r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1982 if (r < 0)
1983 goto fail;
1984
1985 cfd = -1;
1986 s->n_connections ++;
1987
1988 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1989 if (r < 0)
1990 goto fail;
1991
1992 /* Notify clients about changed counters */
1993 unit_add_to_dbus_queue(UNIT(s));
1994 }
1995
1996 return;
1997
1998 fail:
1999 log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
2000 cfd >= 0 ? "template" : "non-template",
2001 bus_error_message(&error, r));
2002
2003 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2004 safe_close(cfd);
2005 }
2006
2007 static void socket_run_next(Socket *s) {
2008 int r;
2009
2010 assert(s);
2011 assert(s->control_command);
2012 assert(s->control_command->command_next);
2013
2014 socket_unwatch_control_pid(s);
2015
2016 s->control_command = s->control_command->command_next;
2017
2018 r = socket_spawn(s, s->control_command, &s->control_pid);
2019 if (r < 0)
2020 goto fail;
2021
2022 return;
2023
2024 fail:
2025 log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
2026
2027 if (s->state == SOCKET_START_POST)
2028 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
2029 else if (s->state == SOCKET_STOP_POST)
2030 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
2031 else
2032 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
2033 }
2034
2035 static int socket_start(Unit *u) {
2036 Socket *s = SOCKET(u);
2037
2038 assert(s);
2039
2040 /* We cannot fulfill this request right now, try again later
2041 * please! */
2042 if (IN_SET(s->state,
2043 SOCKET_STOP_PRE,
2044 SOCKET_STOP_PRE_SIGKILL,
2045 SOCKET_STOP_PRE_SIGTERM,
2046 SOCKET_STOP_POST,
2047 SOCKET_FINAL_SIGTERM,
2048 SOCKET_FINAL_SIGKILL))
2049 return -EAGAIN;
2050
2051 /* Already on it! */
2052 if (IN_SET(s->state,
2053 SOCKET_START_PRE,
2054 SOCKET_START_CHOWN,
2055 SOCKET_START_POST))
2056 return 0;
2057
2058 /* Cannot run this without the service being around */
2059 if (UNIT_ISSET(s->service)) {
2060 Service *service;
2061
2062 service = SERVICE(UNIT_DEREF(s->service));
2063
2064 if (UNIT(service)->load_state != UNIT_LOADED) {
2065 log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
2066 return -ENOENT;
2067 }
2068
2069 /* If the service is already active we cannot start the
2070 * socket */
2071 if (service->state != SERVICE_DEAD &&
2072 service->state != SERVICE_FAILED &&
2073 service->state != SERVICE_AUTO_RESTART) {
2074 log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
2075 return -EBUSY;
2076 }
2077 }
2078
2079 assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
2080
2081 s->result = SOCKET_SUCCESS;
2082 s->reset_cpu_usage = true;
2083
2084 socket_enter_start_pre(s);
2085
2086 return 1;
2087 }
2088
2089 static int socket_stop(Unit *u) {
2090 Socket *s = SOCKET(u);
2091
2092 assert(s);
2093
2094 /* Already on it */
2095 if (IN_SET(s->state,
2096 SOCKET_STOP_PRE,
2097 SOCKET_STOP_PRE_SIGTERM,
2098 SOCKET_STOP_PRE_SIGKILL,
2099 SOCKET_STOP_POST,
2100 SOCKET_FINAL_SIGTERM,
2101 SOCKET_FINAL_SIGKILL))
2102 return 0;
2103
2104 /* If there's already something running we go directly into
2105 * kill mode. */
2106 if (IN_SET(s->state,
2107 SOCKET_START_PRE,
2108 SOCKET_START_CHOWN,
2109 SOCKET_START_POST)) {
2110 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
2111 return -EAGAIN;
2112 }
2113
2114 assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
2115
2116 socket_enter_stop_pre(s, SOCKET_SUCCESS);
2117 return 1;
2118 }
2119
2120 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
2121 Socket *s = SOCKET(u);
2122 SocketPort *p;
2123 int r;
2124
2125 assert(u);
2126 assert(f);
2127 assert(fds);
2128
2129 unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2130 unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2131 unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2132
2133 if (s->control_pid > 0)
2134 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2135
2136 if (s->control_command_id >= 0)
2137 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2138
2139 LIST_FOREACH(port, p, s->ports) {
2140 int copy;
2141
2142 if (p->fd < 0)
2143 continue;
2144
2145 copy = fdset_put_dup(fds, p->fd);
2146 if (copy < 0)
2147 return copy;
2148
2149 if (p->type == SOCKET_SOCKET) {
2150 _cleanup_free_ char *t = NULL;
2151
2152 r = socket_address_print(&p->address, &t);
2153 if (r < 0)
2154 return r;
2155
2156 if (socket_address_family(&p->address) == AF_NETLINK)
2157 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2158 else
2159 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2160
2161 } else if (p->type == SOCKET_SPECIAL)
2162 unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2163 else if (p->type == SOCKET_MQUEUE)
2164 unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2165 else if (p->type == SOCKET_USB_FUNCTION)
2166 unit_serialize_item_format(u, f, "ffs", "%i %s", copy, p->path);
2167 else {
2168 assert(p->type == SOCKET_FIFO);
2169 unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2170 }
2171 }
2172
2173 return 0;
2174 }
2175
2176 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2177 Socket *s = SOCKET(u);
2178
2179 assert(u);
2180 assert(key);
2181 assert(value);
2182
2183 if (streq(key, "state")) {
2184 SocketState state;
2185
2186 state = socket_state_from_string(value);
2187 if (state < 0)
2188 log_unit_debug(u, "Failed to parse state value: %s", value);
2189 else
2190 s->deserialized_state = state;
2191 } else if (streq(key, "result")) {
2192 SocketResult f;
2193
2194 f = socket_result_from_string(value);
2195 if (f < 0)
2196 log_unit_debug(u, "Failed to parse result value: %s", value);
2197 else if (f != SOCKET_SUCCESS)
2198 s->result = f;
2199
2200 } else if (streq(key, "n-accepted")) {
2201 unsigned k;
2202
2203 if (safe_atou(value, &k) < 0)
2204 log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
2205 else
2206 s->n_accepted += k;
2207 } else if (streq(key, "control-pid")) {
2208 pid_t pid;
2209
2210 if (parse_pid(value, &pid) < 0)
2211 log_unit_debug(u, "Failed to parse control-pid value: %s", value);
2212 else
2213 s->control_pid = pid;
2214 } else if (streq(key, "control-command")) {
2215 SocketExecCommand id;
2216
2217 id = socket_exec_command_from_string(value);
2218 if (id < 0)
2219 log_unit_debug(u, "Failed to parse exec-command value: %s", value);
2220 else {
2221 s->control_command_id = id;
2222 s->control_command = s->exec_command[id];
2223 }
2224 } else if (streq(key, "fifo")) {
2225 int fd, skip = 0;
2226 SocketPort *p;
2227
2228 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2229 log_unit_debug(u, "Failed to parse fifo value: %s", value);
2230 else {
2231
2232 LIST_FOREACH(port, p, s->ports)
2233 if (p->type == SOCKET_FIFO &&
2234 path_equal_or_files_same(p->path, value+skip))
2235 break;
2236
2237 if (p) {
2238 safe_close(p->fd);
2239 p->fd = fdset_remove(fds, fd);
2240 }
2241 }
2242
2243 } else if (streq(key, "special")) {
2244 int fd, skip = 0;
2245 SocketPort *p;
2246
2247 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2248 log_unit_debug(u, "Failed to parse special value: %s", value);
2249 else {
2250
2251 LIST_FOREACH(port, p, s->ports)
2252 if (p->type == SOCKET_SPECIAL &&
2253 path_equal_or_files_same(p->path, value+skip))
2254 break;
2255
2256 if (p) {
2257 safe_close(p->fd);
2258 p->fd = fdset_remove(fds, fd);
2259 }
2260 }
2261
2262 } else if (streq(key, "mqueue")) {
2263 int fd, skip = 0;
2264 SocketPort *p;
2265
2266 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2267 log_unit_debug(u, "Failed to parse mqueue value: %s", value);
2268 else {
2269
2270 LIST_FOREACH(port, p, s->ports)
2271 if (p->type == SOCKET_MQUEUE &&
2272 streq(p->path, value+skip))
2273 break;
2274
2275 if (p) {
2276 safe_close(p->fd);
2277 p->fd = fdset_remove(fds, fd);
2278 }
2279 }
2280
2281 } else if (streq(key, "socket")) {
2282 int fd, type, skip = 0;
2283 SocketPort *p;
2284
2285 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2286 log_unit_debug(u, "Failed to parse socket value: %s", value);
2287 else {
2288
2289 LIST_FOREACH(port, p, s->ports)
2290 if (socket_address_is(&p->address, value+skip, type))
2291 break;
2292
2293 if (p) {
2294 safe_close(p->fd);
2295 p->fd = fdset_remove(fds, fd);
2296 }
2297 }
2298
2299 } else if (streq(key, "netlink")) {
2300 int fd, skip = 0;
2301 SocketPort *p;
2302
2303 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2304 log_unit_debug(u, "Failed to parse socket value: %s", value);
2305 else {
2306
2307 LIST_FOREACH(port, p, s->ports)
2308 if (socket_address_is_netlink(&p->address, value+skip))
2309 break;
2310
2311 if (p) {
2312 safe_close(p->fd);
2313 p->fd = fdset_remove(fds, fd);
2314 }
2315 }
2316
2317 } else if (streq(key, "ffs")) {
2318 int fd, skip = 0;
2319 SocketPort *p;
2320
2321 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2322 log_unit_debug(u, "Failed to parse ffs value: %s", value);
2323 else {
2324
2325 LIST_FOREACH(port, p, s->ports)
2326 if (p->type == SOCKET_USB_FUNCTION &&
2327 path_equal_or_files_same(p->path, value+skip))
2328 break;
2329
2330 if (p) {
2331 safe_close(p->fd);
2332 p->fd = fdset_remove(fds, fd);
2333 }
2334 }
2335
2336 } else
2337 log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
2338
2339 return 0;
2340 }
2341
2342 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2343 Socket *s = SOCKET(u);
2344 SocketPort *p;
2345
2346 assert(u);
2347
2348 LIST_FOREACH(port, p, s->ports) {
2349 Iterator i;
2350 int fd;
2351
2352 if (p->type != SOCKET_SOCKET)
2353 continue;
2354
2355 if (p->fd >= 0)
2356 continue;
2357
2358 FDSET_FOREACH(fd, fds, i) {
2359 if (socket_address_matches_fd(&p->address, fd)) {
2360 p->fd = fdset_remove(fds, fd);
2361 s->deserialized_state = SOCKET_LISTENING;
2362 break;
2363 }
2364 }
2365 }
2366
2367 return 0;
2368 }
2369
2370 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2371 assert(u);
2372
2373 return state_translation_table[SOCKET(u)->state];
2374 }
2375
2376 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2377 assert(u);
2378
2379 return socket_state_to_string(SOCKET(u)->state);
2380 }
2381
2382 const char* socket_port_type_to_string(SocketPort *p) {
2383
2384 assert(p);
2385
2386 switch (p->type) {
2387
2388 case SOCKET_SOCKET:
2389
2390 switch (p->address.type) {
2391
2392 case SOCK_STREAM:
2393 return "Stream";
2394
2395 case SOCK_DGRAM:
2396 return "Datagram";
2397
2398 case SOCK_SEQPACKET:
2399 return "SequentialPacket";
2400
2401 case SOCK_RAW:
2402 if (socket_address_family(&p->address) == AF_NETLINK)
2403 return "Netlink";
2404
2405 default:
2406 return NULL;
2407 }
2408
2409 case SOCKET_SPECIAL:
2410 return "Special";
2411
2412 case SOCKET_MQUEUE:
2413 return "MessageQueue";
2414
2415 case SOCKET_FIFO:
2416 return "FIFO";
2417
2418 case SOCKET_USB_FUNCTION:
2419 return "USBFunction";
2420
2421 default:
2422 return NULL;
2423 }
2424 }
2425
2426 _pure_ static bool socket_check_gc(Unit *u) {
2427 Socket *s = SOCKET(u);
2428
2429 assert(u);
2430
2431 return s->n_connections > 0;
2432 }
2433
2434 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2435 SocketPort *p = userdata;
2436 int cfd = -1;
2437
2438 assert(p);
2439 assert(fd >= 0);
2440
2441 if (p->socket->state != SOCKET_LISTENING)
2442 return 0;
2443
2444 log_unit_debug(UNIT(p->socket), "Incoming traffic");
2445
2446 if (revents != EPOLLIN) {
2447
2448 if (revents & EPOLLHUP)
2449 log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2450 else
2451 log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
2452 goto fail;
2453 }
2454
2455 if (p->socket->accept &&
2456 p->type == SOCKET_SOCKET &&
2457 socket_address_can_accept(&p->address)) {
2458
2459 for (;;) {
2460
2461 cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2462 if (cfd < 0) {
2463
2464 if (errno == EINTR)
2465 continue;
2466
2467 log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
2468 goto fail;
2469 }
2470
2471 break;
2472 }
2473
2474 socket_apply_socket_options(p->socket, cfd);
2475 }
2476
2477 socket_enter_running(p->socket, cfd);
2478 return 0;
2479
2480 fail:
2481 socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2482 return 0;
2483 }
2484
2485 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2486 Socket *s = SOCKET(u);
2487 SocketResult f;
2488
2489 assert(s);
2490 assert(pid >= 0);
2491
2492 if (pid != s->control_pid)
2493 return;
2494
2495 s->control_pid = 0;
2496
2497 if (is_clean_exit(code, status, NULL))
2498 f = SOCKET_SUCCESS;
2499 else if (code == CLD_EXITED)
2500 f = SOCKET_FAILURE_EXIT_CODE;
2501 else if (code == CLD_KILLED)
2502 f = SOCKET_FAILURE_SIGNAL;
2503 else if (code == CLD_DUMPED)
2504 f = SOCKET_FAILURE_CORE_DUMP;
2505 else
2506 assert_not_reached("Unknown sigchld code");
2507
2508 if (s->control_command) {
2509 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2510
2511 if (s->control_command->ignore)
2512 f = SOCKET_SUCCESS;
2513 }
2514
2515 log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2516 "Control process exited, code=%s status=%i",
2517 sigchld_code_to_string(code), status);
2518
2519 if (f != SOCKET_SUCCESS)
2520 s->result = f;
2521
2522 if (s->control_command &&
2523 s->control_command->command_next &&
2524 f == SOCKET_SUCCESS) {
2525
2526 log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
2527 socket_run_next(s);
2528 } else {
2529 s->control_command = NULL;
2530 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2531
2532 /* No further commands for this step, so let's figure
2533 * out what to do next */
2534
2535 log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
2536
2537 switch (s->state) {
2538
2539 case SOCKET_START_PRE:
2540 if (f == SOCKET_SUCCESS)
2541 socket_enter_start_chown(s);
2542 else
2543 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2544 break;
2545
2546 case SOCKET_START_CHOWN:
2547 if (f == SOCKET_SUCCESS)
2548 socket_enter_start_post(s);
2549 else
2550 socket_enter_stop_pre(s, f);
2551 break;
2552
2553 case SOCKET_START_POST:
2554 if (f == SOCKET_SUCCESS)
2555 socket_enter_listening(s);
2556 else
2557 socket_enter_stop_pre(s, f);
2558 break;
2559
2560 case SOCKET_STOP_PRE:
2561 case SOCKET_STOP_PRE_SIGTERM:
2562 case SOCKET_STOP_PRE_SIGKILL:
2563 socket_enter_stop_post(s, f);
2564 break;
2565
2566 case SOCKET_STOP_POST:
2567 case SOCKET_FINAL_SIGTERM:
2568 case SOCKET_FINAL_SIGKILL:
2569 socket_enter_dead(s, f);
2570 break;
2571
2572 default:
2573 assert_not_reached("Uh, control process died at wrong time.");
2574 }
2575 }
2576
2577 /* Notify clients about changed exit status */
2578 unit_add_to_dbus_queue(u);
2579 }
2580
2581 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2582 Socket *s = SOCKET(userdata);
2583
2584 assert(s);
2585 assert(s->timer_event_source == source);
2586
2587 switch (s->state) {
2588
2589 case SOCKET_START_PRE:
2590 log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
2591 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2592 break;
2593
2594 case SOCKET_START_CHOWN:
2595 case SOCKET_START_POST:
2596 log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
2597 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2598 break;
2599
2600 case SOCKET_STOP_PRE:
2601 log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
2602 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2603 break;
2604
2605 case SOCKET_STOP_PRE_SIGTERM:
2606 if (s->kill_context.send_sigkill) {
2607 log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
2608 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2609 } else {
2610 log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2611 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2612 }
2613 break;
2614
2615 case SOCKET_STOP_PRE_SIGKILL:
2616 log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
2617 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2618 break;
2619
2620 case SOCKET_STOP_POST:
2621 log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
2622 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2623 break;
2624
2625 case SOCKET_FINAL_SIGTERM:
2626 if (s->kill_context.send_sigkill) {
2627 log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
2628 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2629 } else {
2630 log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2631 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2632 }
2633 break;
2634
2635 case SOCKET_FINAL_SIGKILL:
2636 log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
2637 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2638 break;
2639
2640 default:
2641 assert_not_reached("Timeout at wrong time.");
2642 }
2643
2644 return 0;
2645 }
2646
2647 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2648 int *rfds;
2649 unsigned rn_fds, k;
2650 int i;
2651 SocketPort *p;
2652
2653 assert(s);
2654 assert(fds);
2655 assert(n_fds);
2656
2657 /* Called from the service code for requesting our fds */
2658
2659 rn_fds = 0;
2660 LIST_FOREACH(port, p, s->ports) {
2661 if (p->fd >= 0)
2662 rn_fds++;
2663 rn_fds += p->n_auxiliary_fds;
2664 }
2665
2666 if (rn_fds <= 0) {
2667 *fds = NULL;
2668 *n_fds = 0;
2669 return 0;
2670 }
2671
2672 rfds = new(int, rn_fds);
2673 if (!rfds)
2674 return -ENOMEM;
2675
2676 k = 0;
2677 LIST_FOREACH(port, p, s->ports) {
2678 if (p->fd >= 0)
2679 rfds[k++] = p->fd;
2680 for (i = 0; i < p->n_auxiliary_fds; ++i)
2681 rfds[k++] = p->auxiliary_fds[i];
2682 }
2683
2684 assert(k == rn_fds);
2685
2686 *fds = rfds;
2687 *n_fds = rn_fds;
2688
2689 return 0;
2690 }
2691
2692 static void socket_reset_failed(Unit *u) {
2693 Socket *s = SOCKET(u);
2694
2695 assert(s);
2696
2697 if (s->state == SOCKET_FAILED)
2698 socket_set_state(s, SOCKET_DEAD);
2699
2700 s->result = SOCKET_SUCCESS;
2701 }
2702
2703 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2704 assert(s);
2705
2706 /* The service is dead. Dang!
2707 *
2708 * This is strictly for one-instance-for-all-connections
2709 * services. */
2710
2711 if (s->state == SOCKET_RUNNING) {
2712 log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
2713 if (failed_permanent)
2714 socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2715 else
2716 socket_enter_listening(s);
2717 }
2718 }
2719
2720 void socket_connection_unref(Socket *s) {
2721 assert(s);
2722
2723 /* The service is dead. Yay!
2724 *
2725 * This is strictly for one-instance-per-connection
2726 * services. */
2727
2728 assert(s->n_connections > 0);
2729 s->n_connections--;
2730
2731 log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
2732 }
2733
2734 static void socket_trigger_notify(Unit *u, Unit *other) {
2735 Socket *s = SOCKET(u);
2736 Service *se;
2737
2738 assert(u);
2739 assert(other);
2740
2741 /* Don't propagate state changes from the service if we are
2742 already down or accepting connections */
2743 if ((s->state != SOCKET_RUNNING &&
2744 s->state != SOCKET_LISTENING) ||
2745 s->accept)
2746 return;
2747
2748 if (other->load_state != UNIT_LOADED ||
2749 other->type != UNIT_SERVICE)
2750 return;
2751
2752 se = SERVICE(other);
2753
2754 if (se->state == SERVICE_FAILED)
2755 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2756
2757 if (se->state == SERVICE_DEAD ||
2758 se->state == SERVICE_FINAL_SIGTERM ||
2759 se->state == SERVICE_FINAL_SIGKILL ||
2760 se->state == SERVICE_AUTO_RESTART)
2761 socket_notify_service_dead(s, false);
2762
2763 if (se->state == SERVICE_RUNNING)
2764 socket_set_state(s, SOCKET_RUNNING);
2765 }
2766
2767 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2768 return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2769 }
2770
2771 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2772 Socket *s = SOCKET(u);
2773 int r;
2774
2775 if (!s->timer_event_source)
2776 return 0;
2777
2778 r = sd_event_source_get_time(s->timer_event_source, timeout);
2779 if (r < 0)
2780 return r;
2781
2782 return 1;
2783 }
2784
2785 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2786 [SOCKET_DEAD] = "dead",
2787 [SOCKET_START_PRE] = "start-pre",
2788 [SOCKET_START_CHOWN] = "start-chown",
2789 [SOCKET_START_POST] = "start-post",
2790 [SOCKET_LISTENING] = "listening",
2791 [SOCKET_RUNNING] = "running",
2792 [SOCKET_STOP_PRE] = "stop-pre",
2793 [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2794 [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2795 [SOCKET_STOP_POST] = "stop-post",
2796 [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2797 [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2798 [SOCKET_FAILED] = "failed"
2799 };
2800
2801 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2802
2803 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2804 [SOCKET_EXEC_START_PRE] = "StartPre",
2805 [SOCKET_EXEC_START_CHOWN] = "StartChown",
2806 [SOCKET_EXEC_START_POST] = "StartPost",
2807 [SOCKET_EXEC_STOP_PRE] = "StopPre",
2808 [SOCKET_EXEC_STOP_POST] = "StopPost"
2809 };
2810
2811 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2812
2813 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2814 [SOCKET_SUCCESS] = "success",
2815 [SOCKET_FAILURE_RESOURCES] = "resources",
2816 [SOCKET_FAILURE_TIMEOUT] = "timeout",
2817 [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2818 [SOCKET_FAILURE_SIGNAL] = "signal",
2819 [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2820 [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2821 };
2822
2823 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2824
2825 const UnitVTable socket_vtable = {
2826 .object_size = sizeof(Socket),
2827 .exec_context_offset = offsetof(Socket, exec_context),
2828 .cgroup_context_offset = offsetof(Socket, cgroup_context),
2829 .kill_context_offset = offsetof(Socket, kill_context),
2830 .exec_runtime_offset = offsetof(Socket, exec_runtime),
2831
2832 .sections =
2833 "Unit\0"
2834 "Socket\0"
2835 "Install\0",
2836 .private_section = "Socket",
2837
2838 .init = socket_init,
2839 .done = socket_done,
2840 .load = socket_load,
2841
2842 .coldplug = socket_coldplug,
2843
2844 .dump = socket_dump,
2845
2846 .start = socket_start,
2847 .stop = socket_stop,
2848
2849 .kill = socket_kill,
2850
2851 .get_timeout = socket_get_timeout,
2852
2853 .serialize = socket_serialize,
2854 .deserialize_item = socket_deserialize_item,
2855 .distribute_fds = socket_distribute_fds,
2856
2857 .active_state = socket_active_state,
2858 .sub_state_to_string = socket_sub_state_to_string,
2859
2860 .check_gc = socket_check_gc,
2861
2862 .sigchld_event = socket_sigchld_event,
2863
2864 .trigger_notify = socket_trigger_notify,
2865
2866 .reset_failed = socket_reset_failed,
2867
2868 .bus_vtable = bus_socket_vtable,
2869 .bus_set_property = bus_socket_set_property,
2870 .bus_commit_properties = bus_socket_commit_properties,
2871
2872 .status_message_formats = {
2873 /*.starting_stopping = {
2874 [0] = "Starting socket %s...",
2875 [1] = "Stopping socket %s...",
2876 },*/
2877 .finished_start_job = {
2878 [JOB_DONE] = "Listening on %s.",
2879 [JOB_FAILED] = "Failed to listen on %s.",
2880 [JOB_TIMEOUT] = "Timed out starting %s.",
2881 },
2882 .finished_stop_job = {
2883 [JOB_DONE] = "Closed %s.",
2884 [JOB_FAILED] = "Failed stopping %s.",
2885 [JOB_TIMEOUT] = "Timed out stopping %s.",
2886 },
2887 },
2888 };
Unnamed repository; edit this file 'description' to name the repository.