Line data Source code
1 : /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2 :
3 : /***
4 : This file is part of systemd.
5 :
6 : Copyright 2010 Lennart Poettering
7 :
8 : systemd is free software; you can redistribute it and/or modify it
9 : under the terms of the GNU Lesser General Public License as published by
10 : the Free Software Foundation; either version 2.1 of the License, or
11 : (at your option) any later version.
12 :
13 : systemd is distributed in the hope that it will be useful, but
14 : WITHOUT ANY WARRANTY; without even the implied warranty of
15 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 : Lesser General Public License for more details.
17 :
18 : You should have received a copy of the GNU Lesser General Public License
19 : along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 : ***/
21 :
22 : #include <sys/stat.h>
23 : #include <unistd.h>
24 : #include <errno.h>
25 : #include <fcntl.h>
26 : #include <sys/epoll.h>
27 : #include <signal.h>
28 : #include <arpa/inet.h>
29 : #include <netinet/tcp.h>
30 : #include <mqueue.h>
31 :
32 : #include "sd-event.h"
33 : #include "log.h"
34 : #include "strv.h"
35 : #include "mkdir.h"
36 : #include "path-util.h"
37 : #include "unit-name.h"
38 : #include "unit-printf.h"
39 : #include "missing.h"
40 : #include "special.h"
41 : #include "label.h"
42 : #include "exit-status.h"
43 : #include "def.h"
44 : #include "smack-util.h"
45 : #include "bus-util.h"
46 : #include "bus-error.h"
47 : #include "selinux-util.h"
48 : #include "dbus-socket.h"
49 : #include "unit.h"
50 : #include "formats-util.h"
51 : #include "signal-util.h"
52 : #include "socket.h"
53 :
54 : static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
55 : [SOCKET_DEAD] = UNIT_INACTIVE,
56 : [SOCKET_START_PRE] = UNIT_ACTIVATING,
57 : [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
58 : [SOCKET_START_POST] = UNIT_ACTIVATING,
59 : [SOCKET_LISTENING] = UNIT_ACTIVE,
60 : [SOCKET_RUNNING] = UNIT_ACTIVE,
61 : [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
62 : [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
63 : [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
64 : [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
65 : [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
66 : [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
67 : [SOCKET_FAILED] = UNIT_FAILED
68 : };
69 :
70 : static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
71 : static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
72 :
73 0 : static void socket_init(Unit *u) {
74 0 : Socket *s = SOCKET(u);
75 :
76 0 : assert(u);
77 0 : assert(u->load_state == UNIT_STUB);
78 :
79 0 : s->backlog = SOMAXCONN;
80 0 : s->timeout_usec = u->manager->default_timeout_start_usec;
81 0 : s->directory_mode = 0755;
82 0 : s->socket_mode = 0666;
83 :
84 0 : s->max_connections = 64;
85 :
86 0 : s->priority = -1;
87 0 : s->ip_tos = -1;
88 0 : s->ip_ttl = -1;
89 0 : s->mark = -1;
90 :
91 0 : s->exec_context.std_output = u->manager->default_std_output;
92 0 : s->exec_context.std_error = u->manager->default_std_error;
93 :
94 0 : s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
95 0 : }
96 :
97 0 : static void socket_unwatch_control_pid(Socket *s) {
98 0 : assert(s);
99 :
100 0 : if (s->control_pid <= 0)
101 0 : return;
102 :
103 0 : unit_unwatch_pid(UNIT(s), s->control_pid);
104 0 : s->control_pid = 0;
105 : }
106 :
107 0 : void socket_free_ports(Socket *s) {
108 : SocketPort *p;
109 :
110 0 : assert(s);
111 :
112 0 : while ((p = s->ports)) {
113 0 : LIST_REMOVE(port, s->ports, p);
114 :
115 0 : sd_event_source_unref(p->event_source);
116 :
117 0 : safe_close(p->fd);
118 0 : free(p->path);
119 0 : free(p);
120 : }
121 0 : }
122 :
123 0 : static void socket_done(Unit *u) {
124 0 : Socket *s = SOCKET(u);
125 :
126 0 : assert(s);
127 :
128 0 : socket_free_ports(s);
129 :
130 0 : s->exec_runtime = exec_runtime_unref(s->exec_runtime);
131 0 : exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
132 0 : s->control_command = NULL;
133 :
134 0 : socket_unwatch_control_pid(s);
135 :
136 0 : unit_ref_unset(&s->service);
137 :
138 0 : free(s->tcp_congestion);
139 0 : s->tcp_congestion = NULL;
140 :
141 0 : free(s->bind_to_device);
142 0 : s->bind_to_device = NULL;
143 :
144 0 : free(s->smack);
145 0 : free(s->smack_ip_in);
146 0 : free(s->smack_ip_out);
147 :
148 0 : strv_free(s->symlinks);
149 :
150 0 : free(s->user);
151 0 : free(s->group);
152 :
153 0 : s->timer_event_source = sd_event_source_unref(s->timer_event_source);
154 0 : }
155 :
156 0 : static int socket_arm_timer(Socket *s) {
157 : int r;
158 :
159 0 : assert(s);
160 :
161 0 : if (s->timeout_usec <= 0) {
162 0 : s->timer_event_source = sd_event_source_unref(s->timer_event_source);
163 0 : return 0;
164 : }
165 :
166 0 : if (s->timer_event_source) {
167 0 : r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
168 0 : if (r < 0)
169 0 : return r;
170 :
171 0 : return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
172 : }
173 :
174 0 : r = sd_event_add_time(
175 0 : UNIT(s)->manager->event,
176 : &s->timer_event_source,
177 : CLOCK_MONOTONIC,
178 0 : now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
179 : socket_dispatch_timer, s);
180 0 : if (r < 0)
181 0 : return r;
182 :
183 0 : (void) sd_event_source_set_description(s->timer_event_source, "socket-timer");
184 :
185 0 : return 0;
186 : }
187 :
188 0 : int socket_instantiate_service(Socket *s) {
189 0 : _cleanup_free_ char *prefix = NULL, *name = NULL;
190 : int r;
191 : Unit *u;
192 :
193 0 : assert(s);
194 :
195 : /* This fills in s->service if it isn't filled in yet. For
196 : * Accept=yes sockets we create the next connection service
197 : * here. For Accept=no this is mostly a NOP since the service
198 : * is figured out at load time anyway. */
199 :
200 0 : if (UNIT_DEREF(s->service))
201 0 : return 0;
202 :
203 0 : if (!s->accept)
204 0 : return 0;
205 :
206 0 : r = unit_name_to_prefix(UNIT(s)->id, &prefix);
207 0 : if (r < 0)
208 0 : return r;
209 :
210 0 : if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
211 0 : return -ENOMEM;
212 :
213 0 : r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
214 0 : if (r < 0)
215 0 : return r;
216 :
217 0 : u->no_gc = true;
218 0 : unit_ref_set(&s->service, u);
219 :
220 0 : return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
221 : }
222 :
223 0 : static bool have_non_accept_socket(Socket *s) {
224 : SocketPort *p;
225 :
226 0 : assert(s);
227 :
228 0 : if (!s->accept)
229 0 : return true;
230 :
231 0 : LIST_FOREACH(port, p, s->ports) {
232 :
233 0 : if (p->type != SOCKET_SOCKET)
234 0 : return true;
235 :
236 0 : if (!socket_address_can_accept(&p->address))
237 0 : return true;
238 : }
239 :
240 0 : return false;
241 : }
242 :
243 0 : static int socket_add_mount_links(Socket *s) {
244 : SocketPort *p;
245 : int r;
246 :
247 0 : assert(s);
248 :
249 0 : LIST_FOREACH(port, p, s->ports) {
250 0 : const char *path = NULL;
251 :
252 0 : if (p->type == SOCKET_SOCKET)
253 0 : path = socket_address_get_path(&p->address);
254 0 : else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
255 0 : path = p->path;
256 :
257 0 : if (!path)
258 0 : continue;
259 :
260 0 : r = unit_require_mounts_for(UNIT(s), path);
261 0 : if (r < 0)
262 0 : return r;
263 : }
264 :
265 0 : return 0;
266 : }
267 :
268 0 : static int socket_add_device_link(Socket *s) {
269 : char *t;
270 :
271 0 : assert(s);
272 :
273 0 : if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
274 0 : return 0;
275 :
276 0 : t = strjoina("/sys/subsystem/net/devices/", s->bind_to_device);
277 0 : return unit_add_node_link(UNIT(s), t, false);
278 : }
279 :
280 0 : static int socket_add_default_dependencies(Socket *s) {
281 : int r;
282 0 : assert(s);
283 :
284 0 : r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
285 0 : if (r < 0)
286 0 : return r;
287 :
288 0 : if (UNIT(s)->manager->running_as == MANAGER_SYSTEM) {
289 0 : r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
290 0 : if (r < 0)
291 0 : return r;
292 : }
293 :
294 0 : return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
295 : }
296 :
297 0 : _pure_ static bool socket_has_exec(Socket *s) {
298 : unsigned i;
299 0 : assert(s);
300 :
301 0 : for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
302 0 : if (s->exec_command[i])
303 0 : return true;
304 :
305 0 : return false;
306 : }
307 :
308 0 : static int socket_add_extras(Socket *s) {
309 0 : Unit *u = UNIT(s);
310 : int r;
311 :
312 0 : assert(s);
313 :
314 0 : if (have_non_accept_socket(s)) {
315 :
316 0 : if (!UNIT_DEREF(s->service)) {
317 : Unit *x;
318 :
319 0 : r = unit_load_related_unit(u, ".service", &x);
320 0 : if (r < 0)
321 0 : return r;
322 :
323 0 : unit_ref_set(&s->service, x);
324 : }
325 :
326 0 : r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
327 0 : if (r < 0)
328 0 : return r;
329 : }
330 :
331 0 : r = socket_add_mount_links(s);
332 0 : if (r < 0)
333 0 : return r;
334 :
335 0 : r = socket_add_device_link(s);
336 0 : if (r < 0)
337 0 : return r;
338 :
339 0 : r = unit_patch_contexts(u);
340 0 : if (r < 0)
341 0 : return r;
342 :
343 0 : if (socket_has_exec(s)) {
344 0 : r = unit_add_exec_dependencies(u, &s->exec_context);
345 0 : if (r < 0)
346 0 : return r;
347 :
348 0 : r = unit_add_default_slice(u, &s->cgroup_context);
349 0 : if (r < 0)
350 0 : return r;
351 : }
352 :
353 0 : if (u->default_dependencies) {
354 0 : r = socket_add_default_dependencies(s);
355 0 : if (r < 0)
356 0 : return r;
357 : }
358 :
359 0 : return 0;
360 : }
361 :
362 0 : static const char *socket_find_symlink_target(Socket *s) {
363 0 : const char *found = NULL;
364 : SocketPort *p;
365 :
366 0 : LIST_FOREACH(port, p, s->ports) {
367 0 : const char *f = NULL;
368 :
369 0 : switch (p->type) {
370 :
371 : case SOCKET_FIFO:
372 0 : f = p->path;
373 0 : break;
374 :
375 : case SOCKET_SOCKET:
376 0 : if (p->address.sockaddr.un.sun_path[0] != 0)
377 0 : f = p->address.sockaddr.un.sun_path;
378 0 : break;
379 :
380 : default:
381 0 : break;
382 : }
383 :
384 0 : if (f) {
385 0 : if (found)
386 0 : return NULL;
387 :
388 0 : found = f;
389 : }
390 : }
391 :
392 0 : return found;
393 : }
394 :
395 0 : static int socket_verify(Socket *s) {
396 0 : assert(s);
397 :
398 0 : if (UNIT(s)->load_state != UNIT_LOADED)
399 0 : return 0;
400 :
401 0 : if (!s->ports) {
402 0 : log_unit_error(UNIT(s), "Unit lacks Listen setting. Refusing.");
403 0 : return -EINVAL;
404 : }
405 :
406 0 : if (s->accept && have_non_accept_socket(s)) {
407 0 : log_unit_error(UNIT(s), "Unit configured for accepting sockets, but sockets are non-accepting. Refusing.");
408 0 : return -EINVAL;
409 : }
410 :
411 0 : if (s->accept && s->max_connections <= 0) {
412 0 : log_unit_error(UNIT(s), "MaxConnection= setting too small. Refusing.");
413 0 : return -EINVAL;
414 : }
415 :
416 0 : if (s->accept && UNIT_DEREF(s->service)) {
417 0 : log_unit_error(UNIT(s), "Explicit service configuration for accepting socket units not supported. Refusing.");
418 0 : return -EINVAL;
419 : }
420 :
421 0 : if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
422 0 : log_unit_error(UNIT(s), "Unit has PAM enabled. Kill mode must be set to 'control-group'. Refusing.");
423 0 : return -EINVAL;
424 : }
425 :
426 0 : if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
427 0 : log_unit_error(UNIT(s), "Unit has symlinks set but none or more than one node in the file system. Refusing.");
428 0 : return -EINVAL;
429 : }
430 :
431 0 : return 0;
432 : }
433 :
434 0 : static int socket_load(Unit *u) {
435 0 : Socket *s = SOCKET(u);
436 : int r;
437 :
438 0 : assert(u);
439 0 : assert(u->load_state == UNIT_STUB);
440 :
441 0 : r = unit_load_fragment_and_dropin(u);
442 0 : if (r < 0)
443 0 : return r;
444 :
445 0 : if (u->load_state == UNIT_LOADED) {
446 : /* This is a new unit? Then let's add in some extras */
447 0 : r = socket_add_extras(s);
448 0 : if (r < 0)
449 0 : return r;
450 : }
451 :
452 0 : return socket_verify(s);
453 : }
454 :
455 0 : _const_ static const char* listen_lookup(int family, int type) {
456 :
457 0 : if (family == AF_NETLINK)
458 0 : return "ListenNetlink";
459 :
460 0 : if (type == SOCK_STREAM)
461 0 : return "ListenStream";
462 0 : else if (type == SOCK_DGRAM)
463 0 : return "ListenDatagram";
464 0 : else if (type == SOCK_SEQPACKET)
465 0 : return "ListenSequentialPacket";
466 :
467 0 : assert_not_reached("Unknown socket type");
468 : return NULL;
469 : }
470 :
471 0 : static void socket_dump(Unit *u, FILE *f, const char *prefix) {
472 : char time_string[FORMAT_TIMESPAN_MAX];
473 : SocketExecCommand c;
474 0 : Socket *s = SOCKET(u);
475 : SocketPort *p;
476 : const char *prefix2;
477 :
478 0 : assert(s);
479 0 : assert(f);
480 :
481 0 : prefix = strempty(prefix);
482 0 : prefix2 = strjoina(prefix, "\t");
483 :
484 0 : fprintf(f,
485 : "%sSocket State: %s\n"
486 : "%sResult: %s\n"
487 : "%sBindIPv6Only: %s\n"
488 : "%sBacklog: %u\n"
489 : "%sSocketMode: %04o\n"
490 : "%sDirectoryMode: %04o\n"
491 : "%sKeepAlive: %s\n"
492 : "%sNoDelay: %s\n"
493 : "%sFreeBind: %s\n"
494 : "%sTransparent: %s\n"
495 : "%sBroadcast: %s\n"
496 : "%sPassCredentials: %s\n"
497 : "%sPassSecurity: %s\n"
498 : "%sTCPCongestion: %s\n"
499 : "%sRemoveOnStop: %s\n"
500 : "%sSELinuxContextFromNet: %s\n",
501 : prefix, socket_state_to_string(s->state),
502 : prefix, socket_result_to_string(s->result),
503 : prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
504 : prefix, s->backlog,
505 : prefix, s->socket_mode,
506 : prefix, s->directory_mode,
507 0 : prefix, yes_no(s->keep_alive),
508 0 : prefix, yes_no(s->no_delay),
509 0 : prefix, yes_no(s->free_bind),
510 0 : prefix, yes_no(s->transparent),
511 0 : prefix, yes_no(s->broadcast),
512 0 : prefix, yes_no(s->pass_cred),
513 0 : prefix, yes_no(s->pass_sec),
514 0 : prefix, strna(s->tcp_congestion),
515 0 : prefix, yes_no(s->remove_on_stop),
516 0 : prefix, yes_no(s->selinux_context_from_net));
517 :
518 0 : if (s->control_pid > 0)
519 0 : fprintf(f,
520 : "%sControl PID: "PID_FMT"\n",
521 : prefix, s->control_pid);
522 :
523 0 : if (s->bind_to_device)
524 0 : fprintf(f,
525 : "%sBindToDevice: %s\n",
526 : prefix, s->bind_to_device);
527 :
528 0 : if (s->accept)
529 0 : fprintf(f,
530 : "%sAccepted: %u\n"
531 : "%sNConnections: %u\n"
532 : "%sMaxConnections: %u\n",
533 : prefix, s->n_accepted,
534 : prefix, s->n_connections,
535 : prefix, s->max_connections);
536 :
537 0 : if (s->priority >= 0)
538 0 : fprintf(f,
539 : "%sPriority: %i\n",
540 : prefix, s->priority);
541 :
542 0 : if (s->receive_buffer > 0)
543 0 : fprintf(f,
544 : "%sReceiveBuffer: %zu\n",
545 : prefix, s->receive_buffer);
546 :
547 0 : if (s->send_buffer > 0)
548 0 : fprintf(f,
549 : "%sSendBuffer: %zu\n",
550 : prefix, s->send_buffer);
551 :
552 0 : if (s->ip_tos >= 0)
553 0 : fprintf(f,
554 : "%sIPTOS: %i\n",
555 : prefix, s->ip_tos);
556 :
557 0 : if (s->ip_ttl >= 0)
558 0 : fprintf(f,
559 : "%sIPTTL: %i\n",
560 : prefix, s->ip_ttl);
561 :
562 0 : if (s->pipe_size > 0)
563 0 : fprintf(f,
564 : "%sPipeSize: %zu\n",
565 : prefix, s->pipe_size);
566 :
567 0 : if (s->mark >= 0)
568 0 : fprintf(f,
569 : "%sMark: %i\n",
570 : prefix, s->mark);
571 :
572 0 : if (s->mq_maxmsg > 0)
573 0 : fprintf(f,
574 : "%sMessageQueueMaxMessages: %li\n",
575 : prefix, s->mq_maxmsg);
576 :
577 0 : if (s->mq_msgsize > 0)
578 0 : fprintf(f,
579 : "%sMessageQueueMessageSize: %li\n",
580 : prefix, s->mq_msgsize);
581 :
582 0 : if (s->reuse_port)
583 0 : fprintf(f,
584 : "%sReusePort: %s\n",
585 0 : prefix, yes_no(s->reuse_port));
586 :
587 0 : if (s->smack)
588 0 : fprintf(f,
589 : "%sSmackLabel: %s\n",
590 : prefix, s->smack);
591 :
592 0 : if (s->smack_ip_in)
593 0 : fprintf(f,
594 : "%sSmackLabelIPIn: %s\n",
595 : prefix, s->smack_ip_in);
596 :
597 0 : if (s->smack_ip_out)
598 0 : fprintf(f,
599 : "%sSmackLabelIPOut: %s\n",
600 : prefix, s->smack_ip_out);
601 :
602 0 : if (!isempty(s->user) || !isempty(s->group))
603 0 : fprintf(f,
604 : "%sOwnerUser: %s\n"
605 : "%sOwnerGroup: %s\n",
606 0 : prefix, strna(s->user),
607 0 : prefix, strna(s->group));
608 :
609 0 : if (s->keep_alive_time > 0)
610 0 : fprintf(f,
611 : "%sKeepAliveTimeSec: %s\n",
612 : prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_time, USEC_PER_SEC));
613 :
614 0 : if (s->keep_alive_interval)
615 0 : fprintf(f,
616 : "%sKeepAliveIntervalSec: %s\n",
617 : prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->keep_alive_interval, USEC_PER_SEC));
618 :
619 0 : if (s->keep_alive_cnt)
620 0 : fprintf(f,
621 : "%sKeepAliveProbes: %u\n",
622 : prefix, s->keep_alive_cnt);
623 :
624 0 : if (s->defer_accept)
625 0 : fprintf(f,
626 : "%sDeferAcceptSec: %s\n",
627 : prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->defer_accept, USEC_PER_SEC));
628 :
629 0 : LIST_FOREACH(port, p, s->ports) {
630 :
631 0 : if (p->type == SOCKET_SOCKET) {
632 : const char *t;
633 : int r;
634 0 : char *k = NULL;
635 :
636 0 : if ((r = socket_address_print(&p->address, &k)) < 0)
637 0 : t = strerror(-r);
638 : else
639 0 : t = k;
640 :
641 0 : fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
642 0 : free(k);
643 0 : } else if (p->type == SOCKET_SPECIAL)
644 0 : fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
645 0 : else if (p->type == SOCKET_MQUEUE)
646 0 : fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
647 : else
648 0 : fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
649 : }
650 :
651 0 : exec_context_dump(&s->exec_context, f, prefix);
652 0 : kill_context_dump(&s->kill_context, f, prefix);
653 :
654 0 : for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
655 0 : if (!s->exec_command[c])
656 0 : continue;
657 :
658 0 : fprintf(f, "%s-> %s:\n",
659 : prefix, socket_exec_command_to_string(c));
660 :
661 0 : exec_command_dump_list(s->exec_command[c], f, prefix2);
662 : }
663 0 : }
664 :
665 0 : static int instance_from_socket(int fd, unsigned nr, char **instance) {
666 : socklen_t l;
667 : char *r;
668 : union sockaddr_union local, remote;
669 :
670 0 : assert(fd >= 0);
671 0 : assert(instance);
672 :
673 0 : l = sizeof(local);
674 0 : if (getsockname(fd, &local.sa, &l) < 0)
675 0 : return -errno;
676 :
677 0 : l = sizeof(remote);
678 0 : if (getpeername(fd, &remote.sa, &l) < 0)
679 0 : return -errno;
680 :
681 0 : switch (local.sa.sa_family) {
682 :
683 : case AF_INET: {
684 : uint32_t
685 0 : a = ntohl(local.in.sin_addr.s_addr),
686 0 : b = ntohl(remote.in.sin_addr.s_addr);
687 :
688 0 : if (asprintf(&r,
689 : "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
690 : nr,
691 0 : a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
692 0 : ntohs(local.in.sin_port),
693 0 : b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
694 0 : ntohs(remote.in.sin_port)) < 0)
695 0 : return -ENOMEM;
696 :
697 0 : break;
698 : }
699 :
700 : case AF_INET6: {
701 : static const unsigned char ipv4_prefix[] = {
702 : 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
703 : };
704 :
705 0 : if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
706 0 : memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
707 : const uint8_t
708 0 : *a = local.in6.sin6_addr.s6_addr+12,
709 0 : *b = remote.in6.sin6_addr.s6_addr+12;
710 :
711 0 : if (asprintf(&r,
712 : "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
713 : nr,
714 0 : a[0], a[1], a[2], a[3],
715 0 : ntohs(local.in6.sin6_port),
716 0 : b[0], b[1], b[2], b[3],
717 0 : ntohs(remote.in6.sin6_port)) < 0)
718 0 : return -ENOMEM;
719 : } else {
720 : char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
721 :
722 0 : if (asprintf(&r,
723 : "%u-%s:%u-%s:%u",
724 : nr,
725 : inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
726 0 : ntohs(local.in6.sin6_port),
727 : inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
728 0 : ntohs(remote.in6.sin6_port)) < 0)
729 0 : return -ENOMEM;
730 : }
731 :
732 0 : break;
733 : }
734 :
735 : case AF_UNIX: {
736 : struct ucred ucred;
737 : int k;
738 :
739 0 : k = getpeercred(fd, &ucred);
740 0 : if (k >= 0) {
741 0 : if (asprintf(&r,
742 : "%u-"PID_FMT"-"UID_FMT,
743 : nr, ucred.pid, ucred.uid) < 0)
744 0 : return -ENOMEM;
745 0 : } else if (k == -ENODATA) {
746 : /* This handles the case where somebody is
747 : * connecting from another pid/uid namespace
748 : * (e.g. from outside of our container). */
749 0 : if (asprintf(&r,
750 : "%u-unknown",
751 : nr) < 0)
752 0 : return -ENOMEM;
753 : } else
754 0 : return k;
755 :
756 0 : break;
757 : }
758 :
759 : default:
760 0 : assert_not_reached("Unhandled socket type.");
761 : }
762 :
763 0 : *instance = r;
764 0 : return 0;
765 : }
766 :
767 0 : static void socket_close_fds(Socket *s) {
768 : SocketPort *p;
769 : char **i;
770 :
771 0 : assert(s);
772 :
773 0 : LIST_FOREACH(port, p, s->ports) {
774 :
775 0 : p->event_source = sd_event_source_unref(p->event_source);
776 :
777 0 : if (p->fd < 0)
778 0 : continue;
779 :
780 0 : p->fd = safe_close(p->fd);
781 :
782 : /* One little note: we should normally not delete any
783 : * sockets in the file system here! After all some
784 : * other process we spawned might still have a
785 : * reference of this fd and wants to continue to use
786 : * it. Therefore we delete sockets in the file system
787 : * before we create a new one, not after we stopped
788 : * using one! */
789 :
790 0 : if (s->remove_on_stop) {
791 0 : switch (p->type) {
792 :
793 : case SOCKET_FIFO:
794 0 : unlink(p->path);
795 0 : break;
796 :
797 : case SOCKET_MQUEUE:
798 0 : mq_unlink(p->path);
799 0 : break;
800 :
801 : case SOCKET_SOCKET:
802 0 : socket_address_unlink(&p->address);
803 0 : break;
804 :
805 : default:
806 0 : break;
807 : }
808 : }
809 : }
810 :
811 0 : if (s->remove_on_stop)
812 0 : STRV_FOREACH(i, s->symlinks)
813 0 : unlink(*i);
814 0 : }
815 :
816 0 : static void socket_apply_socket_options(Socket *s, int fd) {
817 : int r;
818 :
819 0 : assert(s);
820 0 : assert(fd >= 0);
821 :
822 0 : if (s->keep_alive) {
823 0 : int b = s->keep_alive;
824 0 : if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
825 0 : log_unit_warning_errno(UNIT(s), errno, "SO_KEEPALIVE failed: %m");
826 : }
827 :
828 0 : if (s->keep_alive_time) {
829 0 : int value = s->keep_alive_time / USEC_PER_SEC;
830 0 : if (setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &value, sizeof(value)) < 0)
831 0 : log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPIDLE failed: %m");
832 : }
833 :
834 0 : if (s->keep_alive_interval) {
835 0 : int value = s->keep_alive_interval / USEC_PER_SEC;
836 0 : if (setsockopt(fd, SOL_TCP, TCP_KEEPINTVL, &value, sizeof(value)) < 0)
837 0 : log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPINTVL failed: %m");
838 : }
839 :
840 0 : if (s->keep_alive_cnt) {
841 0 : int value = s->keep_alive_cnt;
842 0 : if (setsockopt(fd, SOL_SOCKET, TCP_KEEPCNT, &value, sizeof(value)) < 0)
843 0 : log_unit_warning_errno(UNIT(s), errno, "TCP_KEEPCNT failed: %m");
844 : }
845 :
846 0 : if (s->defer_accept) {
847 0 : int value = s->defer_accept / USEC_PER_SEC;
848 0 : if (setsockopt(fd, SOL_TCP, TCP_DEFER_ACCEPT, &value, sizeof(value)) < 0)
849 0 : log_unit_warning_errno(UNIT(s), errno, "TCP_DEFER_ACCEPT failed: %m");
850 : }
851 :
852 0 : if (s->no_delay) {
853 0 : int b = s->no_delay;
854 0 : if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
855 0 : log_unit_warning_errno(UNIT(s), errno, "TCP_NODELAY failed: %m");
856 : }
857 :
858 0 : if (s->broadcast) {
859 0 : int one = 1;
860 0 : if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
861 0 : log_unit_warning_errno(UNIT(s), errno, "SO_BROADCAST failed: %m");
862 : }
863 :
864 0 : if (s->pass_cred) {
865 0 : int one = 1;
866 0 : if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
867 0 : log_unit_warning_errno(UNIT(s), errno, "SO_PASSCRED failed: %m");
868 : }
869 :
870 0 : if (s->pass_sec) {
871 0 : int one = 1;
872 0 : if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
873 0 : log_unit_warning_errno(UNIT(s), errno, "SO_PASSSEC failed: %m");
874 : }
875 :
876 0 : if (s->priority >= 0)
877 0 : if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
878 0 : log_unit_warning_errno(UNIT(s), errno, "SO_PRIORITY failed: %m");
879 :
880 0 : if (s->receive_buffer > 0) {
881 0 : int value = (int) s->receive_buffer;
882 :
883 : /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
884 :
885 0 : if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
886 0 : if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
887 0 : log_unit_warning_errno(UNIT(s), errno, "SO_RCVBUF failed: %m");
888 : }
889 :
890 0 : if (s->send_buffer > 0) {
891 0 : int value = (int) s->send_buffer;
892 0 : if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
893 0 : if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
894 0 : log_unit_warning_errno(UNIT(s), errno, "SO_SNDBUF failed: %m");
895 : }
896 :
897 0 : if (s->mark >= 0)
898 0 : if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
899 0 : log_unit_warning_errno(UNIT(s), errno, "SO_MARK failed: %m");
900 :
901 0 : if (s->ip_tos >= 0)
902 0 : if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
903 0 : log_unit_warning_errno(UNIT(s), errno, "IP_TOS failed: %m");
904 :
905 0 : if (s->ip_ttl >= 0) {
906 : int x;
907 :
908 0 : r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
909 :
910 0 : if (socket_ipv6_is_supported())
911 0 : x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
912 : else {
913 0 : x = -1;
914 0 : errno = EAFNOSUPPORT;
915 : }
916 :
917 0 : if (r < 0 && x < 0)
918 0 : log_unit_warning_errno(UNIT(s), errno, "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
919 : }
920 :
921 0 : if (s->tcp_congestion)
922 0 : if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
923 0 : log_unit_warning_errno(UNIT(s), errno, "TCP_CONGESTION failed: %m");
924 :
925 0 : if (s->smack_ip_in) {
926 0 : r = mac_smack_apply_ip_in_fd(fd, s->smack_ip_in);
927 0 : if (r < 0)
928 0 : log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_in_fd: %m");
929 : }
930 :
931 0 : if (s->smack_ip_out) {
932 0 : r = mac_smack_apply_ip_out_fd(fd, s->smack_ip_out);
933 0 : if (r < 0)
934 0 : log_unit_error_errno(UNIT(s), r, "mac_smack_apply_ip_out_fd: %m");
935 : }
936 0 : }
937 :
938 0 : static void socket_apply_fifo_options(Socket *s, int fd) {
939 : int r;
940 :
941 0 : assert(s);
942 0 : assert(fd >= 0);
943 :
944 0 : if (s->pipe_size > 0)
945 0 : if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
946 0 : log_unit_warning_errno(UNIT(s), errno, "F_SETPIPE_SZ: %m");
947 :
948 0 : if (s->smack) {
949 0 : r = mac_smack_apply_fd(fd, s->smack);
950 0 : if (r < 0)
951 0 : log_unit_error_errno(UNIT(s), r, "mac_smack_apply_fd: %m");
952 : }
953 0 : }
954 :
955 0 : static int fifo_address_create(
956 : const char *path,
957 : mode_t directory_mode,
958 : mode_t socket_mode,
959 : int *_fd) {
960 :
961 0 : int fd = -1, r = 0;
962 : struct stat st;
963 : mode_t old_mask;
964 :
965 0 : assert(path);
966 0 : assert(_fd);
967 :
968 0 : mkdir_parents_label(path, directory_mode);
969 :
970 0 : r = mac_selinux_create_file_prepare(path, S_IFIFO);
971 0 : if (r < 0)
972 0 : goto fail;
973 :
974 : /* Enforce the right access mode for the fifo */
975 0 : old_mask = umask(~ socket_mode);
976 :
977 : /* Include the original umask in our mask */
978 0 : umask(~socket_mode | old_mask);
979 :
980 0 : r = mkfifo(path, socket_mode);
981 0 : umask(old_mask);
982 :
983 0 : if (r < 0 && errno != EEXIST) {
984 0 : r = -errno;
985 0 : goto fail;
986 : }
987 :
988 0 : if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
989 0 : r = -errno;
990 0 : goto fail;
991 : }
992 :
993 0 : mac_selinux_create_file_clear();
994 :
995 0 : if (fstat(fd, &st) < 0) {
996 0 : r = -errno;
997 0 : goto fail;
998 : }
999 :
1000 0 : if (!S_ISFIFO(st.st_mode) ||
1001 0 : (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
1002 0 : st.st_uid != getuid() ||
1003 0 : st.st_gid != getgid()) {
1004 :
1005 0 : r = -EEXIST;
1006 0 : goto fail;
1007 : }
1008 :
1009 0 : *_fd = fd;
1010 0 : return 0;
1011 :
1012 : fail:
1013 0 : mac_selinux_create_file_clear();
1014 0 : safe_close(fd);
1015 :
1016 0 : return r;
1017 : }
1018 :
1019 0 : static int special_address_create(
1020 : const char *path,
1021 : int *_fd) {
1022 :
1023 0 : int fd = -1, r = 0;
1024 : struct stat st;
1025 :
1026 0 : assert(path);
1027 0 : assert(_fd);
1028 :
1029 0 : fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
1030 0 : if (fd < 0) {
1031 0 : r = -errno;
1032 0 : goto fail;
1033 : }
1034 :
1035 0 : if (fstat(fd, &st) < 0) {
1036 0 : r = -errno;
1037 0 : goto fail;
1038 : }
1039 :
1040 : /* Check whether this is a /proc, /sys or /dev file or char device */
1041 0 : if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
1042 0 : r = -EEXIST;
1043 0 : goto fail;
1044 : }
1045 :
1046 0 : *_fd = fd;
1047 0 : return 0;
1048 :
1049 : fail:
1050 0 : safe_close(fd);
1051 :
1052 0 : return r;
1053 : }
1054 :
1055 0 : static int mq_address_create(
1056 : const char *path,
1057 : mode_t mq_mode,
1058 : long maxmsg,
1059 : long msgsize,
1060 : int *_fd) {
1061 :
1062 0 : int fd = -1, r = 0;
1063 : struct stat st;
1064 : mode_t old_mask;
1065 0 : struct mq_attr _attr, *attr = NULL;
1066 :
1067 0 : assert(path);
1068 0 : assert(_fd);
1069 :
1070 0 : if (maxmsg > 0 && msgsize > 0) {
1071 0 : zero(_attr);
1072 0 : _attr.mq_flags = O_NONBLOCK;
1073 0 : _attr.mq_maxmsg = maxmsg;
1074 0 : _attr.mq_msgsize = msgsize;
1075 0 : attr = &_attr;
1076 : }
1077 :
1078 : /* Enforce the right access mode for the mq */
1079 0 : old_mask = umask(~ mq_mode);
1080 :
1081 : /* Include the original umask in our mask */
1082 0 : umask(~mq_mode | old_mask);
1083 0 : fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1084 0 : umask(old_mask);
1085 :
1086 0 : if (fd < 0) {
1087 0 : r = -errno;
1088 0 : goto fail;
1089 : }
1090 :
1091 0 : if (fstat(fd, &st) < 0) {
1092 0 : r = -errno;
1093 0 : goto fail;
1094 : }
1095 :
1096 0 : if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1097 0 : st.st_uid != getuid() ||
1098 0 : st.st_gid != getgid()) {
1099 :
1100 0 : r = -EEXIST;
1101 0 : goto fail;
1102 : }
1103 :
1104 0 : *_fd = fd;
1105 0 : return 0;
1106 :
1107 : fail:
1108 0 : safe_close(fd);
1109 0 : return r;
1110 : }
1111 :
1112 0 : static int socket_symlink(Socket *s) {
1113 : const char *p;
1114 : char **i;
1115 :
1116 0 : assert(s);
1117 :
1118 0 : p = socket_find_symlink_target(s);
1119 0 : if (!p)
1120 0 : return 0;
1121 :
1122 0 : STRV_FOREACH(i, s->symlinks)
1123 0 : symlink_label(p, *i);
1124 :
1125 0 : return 0;
1126 : }
1127 :
1128 0 : static int socket_open_fds(Socket *s) {
1129 : SocketPort *p;
1130 : int r;
1131 0 : char *label = NULL;
1132 0 : bool know_label = false;
1133 :
1134 0 : assert(s);
1135 :
1136 0 : LIST_FOREACH(port, p, s->ports) {
1137 :
1138 0 : if (p->fd >= 0)
1139 0 : continue;
1140 :
1141 0 : if (p->type == SOCKET_SOCKET) {
1142 :
1143 0 : if (!know_label) {
1144 : /* Figure out label, if we don't it know
1145 : * yet. We do it once, for the first
1146 : * socket where we need this and
1147 : * remember it for the rest. */
1148 :
1149 0 : if (s->selinux_context_from_net) {
1150 : /* Get it from the network label */
1151 :
1152 0 : r = mac_selinux_get_our_label(&label);
1153 0 : if (r < 0 && r != -EOPNOTSUPP)
1154 0 : goto rollback;
1155 :
1156 : } else {
1157 : /* Get it from the executable we are about to start */
1158 :
1159 0 : r = socket_instantiate_service(s);
1160 0 : if (r < 0)
1161 0 : goto rollback;
1162 :
1163 0 : if (UNIT_ISSET(s->service) &&
1164 0 : SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1165 0 : r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1166 0 : if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
1167 0 : goto rollback;
1168 : }
1169 : }
1170 :
1171 0 : know_label = true;
1172 : }
1173 :
1174 0 : r = socket_address_listen(
1175 0 : &p->address,
1176 : SOCK_CLOEXEC|SOCK_NONBLOCK,
1177 0 : s->backlog,
1178 : s->bind_ipv6_only,
1179 0 : s->bind_to_device,
1180 0 : s->reuse_port,
1181 0 : s->free_bind,
1182 0 : s->transparent,
1183 : s->directory_mode,
1184 : s->socket_mode,
1185 : label);
1186 0 : if (r < 0)
1187 0 : goto rollback;
1188 :
1189 0 : p->fd = r;
1190 0 : socket_apply_socket_options(s, p->fd);
1191 0 : socket_symlink(s);
1192 :
1193 0 : } else if (p->type == SOCKET_SPECIAL) {
1194 :
1195 0 : r = special_address_create(
1196 0 : p->path,
1197 : &p->fd);
1198 0 : if (r < 0)
1199 0 : goto rollback;
1200 :
1201 0 : } else if (p->type == SOCKET_FIFO) {
1202 :
1203 0 : r = fifo_address_create(
1204 0 : p->path,
1205 : s->directory_mode,
1206 : s->socket_mode,
1207 : &p->fd);
1208 0 : if (r < 0)
1209 0 : goto rollback;
1210 :
1211 0 : socket_apply_fifo_options(s, p->fd);
1212 0 : socket_symlink(s);
1213 :
1214 0 : } else if (p->type == SOCKET_MQUEUE) {
1215 :
1216 0 : r = mq_address_create(
1217 0 : p->path,
1218 : s->socket_mode,
1219 : s->mq_maxmsg,
1220 : s->mq_msgsize,
1221 : &p->fd);
1222 0 : if (r < 0)
1223 0 : goto rollback;
1224 : } else
1225 0 : assert_not_reached("Unknown port type");
1226 : }
1227 :
1228 0 : mac_selinux_free(label);
1229 0 : return 0;
1230 :
1231 : rollback:
1232 0 : socket_close_fds(s);
1233 0 : mac_selinux_free(label);
1234 :
1235 0 : return r;
1236 : }
1237 :
1238 0 : static void socket_unwatch_fds(Socket *s) {
1239 : SocketPort *p;
1240 : int r;
1241 :
1242 0 : assert(s);
1243 :
1244 0 : LIST_FOREACH(port, p, s->ports) {
1245 0 : if (p->fd < 0)
1246 0 : continue;
1247 :
1248 0 : if (!p->event_source)
1249 0 : continue;
1250 :
1251 0 : r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1252 0 : if (r < 0)
1253 0 : log_unit_debug_errno(UNIT(s), r, "Failed to disable event source: %m");
1254 : }
1255 0 : }
1256 :
1257 0 : static int socket_watch_fds(Socket *s) {
1258 : SocketPort *p;
1259 : int r;
1260 :
1261 0 : assert(s);
1262 :
1263 0 : LIST_FOREACH(port, p, s->ports) {
1264 0 : if (p->fd < 0)
1265 0 : continue;
1266 :
1267 0 : if (p->event_source) {
1268 0 : r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1269 0 : if (r < 0)
1270 0 : goto fail;
1271 : } else {
1272 0 : r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1273 0 : if (r < 0)
1274 0 : goto fail;
1275 :
1276 0 : (void) sd_event_source_set_description(p->event_source, "socket-port-io");
1277 : }
1278 : }
1279 :
1280 0 : return 0;
1281 :
1282 : fail:
1283 0 : log_unit_warning_errno(UNIT(s), r, "Failed to watch listening fds: %m");
1284 0 : socket_unwatch_fds(s);
1285 0 : return r;
1286 : }
1287 :
1288 0 : static void socket_set_state(Socket *s, SocketState state) {
1289 : SocketState old_state;
1290 0 : assert(s);
1291 :
1292 0 : old_state = s->state;
1293 0 : s->state = state;
1294 :
1295 0 : if (!IN_SET(state,
1296 : SOCKET_START_PRE,
1297 : SOCKET_START_CHOWN,
1298 : SOCKET_START_POST,
1299 : SOCKET_STOP_PRE,
1300 : SOCKET_STOP_PRE_SIGTERM,
1301 : SOCKET_STOP_PRE_SIGKILL,
1302 : SOCKET_STOP_POST,
1303 : SOCKET_FINAL_SIGTERM,
1304 : SOCKET_FINAL_SIGKILL)) {
1305 :
1306 0 : s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1307 0 : socket_unwatch_control_pid(s);
1308 0 : s->control_command = NULL;
1309 0 : s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1310 : }
1311 :
1312 0 : if (state != SOCKET_LISTENING)
1313 0 : socket_unwatch_fds(s);
1314 :
1315 0 : if (!IN_SET(state,
1316 : SOCKET_START_CHOWN,
1317 : SOCKET_START_POST,
1318 : SOCKET_LISTENING,
1319 : SOCKET_RUNNING,
1320 : SOCKET_STOP_PRE,
1321 : SOCKET_STOP_PRE_SIGTERM,
1322 : SOCKET_STOP_PRE_SIGKILL))
1323 0 : socket_close_fds(s);
1324 :
1325 0 : if (state != old_state)
1326 0 : log_unit_debug(UNIT(s), "Changed %s -> %s", socket_state_to_string(old_state), socket_state_to_string(state));
1327 :
1328 0 : unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1329 0 : }
1330 :
1331 0 : static int socket_coldplug(Unit *u) {
1332 0 : Socket *s = SOCKET(u);
1333 : int r;
1334 :
1335 0 : assert(s);
1336 0 : assert(s->state == SOCKET_DEAD);
1337 :
1338 0 : if (s->deserialized_state == s->state)
1339 0 : return 0;
1340 :
1341 0 : if (IN_SET(s->deserialized_state,
1342 : SOCKET_START_PRE,
1343 : SOCKET_START_CHOWN,
1344 : SOCKET_START_POST,
1345 : SOCKET_STOP_PRE,
1346 : SOCKET_STOP_PRE_SIGTERM,
1347 : SOCKET_STOP_PRE_SIGKILL,
1348 : SOCKET_STOP_POST,
1349 : SOCKET_FINAL_SIGTERM,
1350 : SOCKET_FINAL_SIGKILL)) {
1351 :
1352 0 : if (s->control_pid <= 0)
1353 0 : return -EBADMSG;
1354 :
1355 0 : r = unit_watch_pid(UNIT(s), s->control_pid);
1356 0 : if (r < 0)
1357 0 : return r;
1358 :
1359 0 : r = socket_arm_timer(s);
1360 0 : if (r < 0)
1361 0 : return r;
1362 : }
1363 :
1364 0 : if (IN_SET(s->deserialized_state,
1365 : SOCKET_START_CHOWN,
1366 : SOCKET_START_POST,
1367 : SOCKET_LISTENING,
1368 : SOCKET_RUNNING,
1369 : SOCKET_STOP_PRE,
1370 : SOCKET_STOP_PRE_SIGTERM,
1371 : SOCKET_STOP_PRE_SIGKILL)) {
1372 0 : r = socket_open_fds(s);
1373 0 : if (r < 0)
1374 0 : return r;
1375 : }
1376 :
1377 0 : if (s->deserialized_state == SOCKET_LISTENING) {
1378 0 : r = socket_watch_fds(s);
1379 0 : if (r < 0)
1380 0 : return r;
1381 : }
1382 :
1383 0 : socket_set_state(s, s->deserialized_state);
1384 0 : return 0;
1385 : }
1386 :
1387 0 : static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1388 0 : _cleanup_free_ char **argv = NULL;
1389 : pid_t pid;
1390 : int r;
1391 0 : ExecParameters exec_params = {
1392 : .apply_permissions = true,
1393 : .apply_chroot = true,
1394 : .apply_tty_stdin = true,
1395 : .bus_endpoint_fd = -1,
1396 : };
1397 :
1398 0 : assert(s);
1399 0 : assert(c);
1400 0 : assert(_pid);
1401 :
1402 0 : (void) unit_realize_cgroup(UNIT(s));
1403 0 : if (s->reset_cpu_usage) {
1404 0 : (void) unit_reset_cpu_usage(UNIT(s));
1405 0 : s->reset_cpu_usage = false;
1406 : }
1407 :
1408 0 : r = unit_setup_exec_runtime(UNIT(s));
1409 0 : if (r < 0)
1410 0 : goto fail;
1411 :
1412 0 : r = socket_arm_timer(s);
1413 0 : if (r < 0)
1414 0 : goto fail;
1415 :
1416 0 : r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1417 0 : if (r < 0)
1418 0 : goto fail;
1419 :
1420 0 : exec_params.argv = argv;
1421 0 : exec_params.environment = UNIT(s)->manager->environment;
1422 0 : exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
1423 0 : exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
1424 0 : exec_params.cgroup_path = UNIT(s)->cgroup_path;
1425 0 : exec_params.cgroup_delegate = s->cgroup_context.delegate;
1426 0 : exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
1427 :
1428 0 : r = exec_spawn(UNIT(s),
1429 : c,
1430 0 : &s->exec_context,
1431 : &exec_params,
1432 : s->exec_runtime,
1433 : &pid);
1434 0 : if (r < 0)
1435 0 : goto fail;
1436 :
1437 0 : r = unit_watch_pid(UNIT(s), pid);
1438 0 : if (r < 0)
1439 : /* FIXME: we need to do something here */
1440 0 : goto fail;
1441 :
1442 0 : *_pid = pid;
1443 0 : return 0;
1444 :
1445 : fail:
1446 0 : s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1447 0 : return r;
1448 : }
1449 :
1450 0 : static int socket_chown(Socket *s, pid_t *_pid) {
1451 : pid_t pid;
1452 : int r;
1453 :
1454 0 : r = socket_arm_timer(s);
1455 0 : if (r < 0)
1456 0 : goto fail;
1457 :
1458 : /* We have to resolve the user names out-of-process, hence
1459 : * let's fork here. It's messy, but well, what can we do? */
1460 :
1461 0 : pid = fork();
1462 0 : if (pid < 0)
1463 0 : return -errno;
1464 :
1465 0 : if (pid == 0) {
1466 : SocketPort *p;
1467 0 : uid_t uid = UID_INVALID;
1468 0 : gid_t gid = GID_INVALID;
1469 : int ret;
1470 :
1471 0 : (void) default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1472 0 : (void) ignore_signals(SIGPIPE, -1);
1473 0 : log_forget_fds();
1474 :
1475 0 : if (!isempty(s->user)) {
1476 0 : const char *user = s->user;
1477 :
1478 0 : r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1479 0 : if (r < 0) {
1480 0 : ret = EXIT_USER;
1481 0 : goto fail_child;
1482 : }
1483 : }
1484 :
1485 0 : if (!isempty(s->group)) {
1486 0 : const char *group = s->group;
1487 :
1488 0 : r = get_group_creds(&group, &gid);
1489 0 : if (r < 0) {
1490 0 : ret = EXIT_GROUP;
1491 0 : goto fail_child;
1492 : }
1493 : }
1494 :
1495 0 : LIST_FOREACH(port, p, s->ports) {
1496 0 : const char *path = NULL;
1497 :
1498 0 : if (p->type == SOCKET_SOCKET)
1499 0 : path = socket_address_get_path(&p->address);
1500 0 : else if (p->type == SOCKET_FIFO)
1501 0 : path = p->path;
1502 :
1503 0 : if (!path)
1504 0 : continue;
1505 :
1506 0 : if (chown(path, uid, gid) < 0) {
1507 0 : r = -errno;
1508 0 : ret = EXIT_CHOWN;
1509 0 : goto fail_child;
1510 : }
1511 : }
1512 :
1513 0 : _exit(0);
1514 :
1515 : fail_child:
1516 0 : log_open();
1517 0 : log_error_errno(r, "Failed to chown socket at step %s: %m", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD));
1518 :
1519 0 : _exit(ret);
1520 : }
1521 :
1522 0 : r = unit_watch_pid(UNIT(s), pid);
1523 0 : if (r < 0)
1524 0 : goto fail;
1525 :
1526 0 : *_pid = pid;
1527 0 : return 0;
1528 :
1529 : fail:
1530 0 : s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1531 0 : return r;
1532 : }
1533 :
1534 0 : static void socket_enter_dead(Socket *s, SocketResult f) {
1535 0 : assert(s);
1536 :
1537 0 : if (f != SOCKET_SUCCESS)
1538 0 : s->result = f;
1539 :
1540 0 : exec_runtime_destroy(s->exec_runtime);
1541 0 : s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1542 :
1543 0 : exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1544 :
1545 0 : socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1546 0 : }
1547 :
1548 : static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1549 :
1550 0 : static void socket_enter_stop_post(Socket *s, SocketResult f) {
1551 : int r;
1552 0 : assert(s);
1553 :
1554 0 : if (f != SOCKET_SUCCESS)
1555 0 : s->result = f;
1556 :
1557 0 : socket_unwatch_control_pid(s);
1558 0 : s->control_command_id = SOCKET_EXEC_STOP_POST;
1559 0 : s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1560 :
1561 0 : if (s->control_command) {
1562 0 : r = socket_spawn(s, s->control_command, &s->control_pid);
1563 0 : if (r < 0)
1564 0 : goto fail;
1565 :
1566 0 : socket_set_state(s, SOCKET_STOP_POST);
1567 : } else
1568 0 : socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1569 :
1570 0 : return;
1571 :
1572 : fail:
1573 0 : log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-post' task: %m");
1574 0 : socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1575 : }
1576 :
1577 0 : static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1578 : int r;
1579 :
1580 0 : assert(s);
1581 :
1582 0 : if (f != SOCKET_SUCCESS)
1583 0 : s->result = f;
1584 :
1585 0 : r = unit_kill_context(
1586 : UNIT(s),
1587 : &s->kill_context,
1588 : (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
1589 0 : KILL_KILL : KILL_TERMINATE,
1590 : -1,
1591 : s->control_pid,
1592 : false);
1593 0 : if (r < 0)
1594 0 : goto fail;
1595 :
1596 0 : if (r > 0) {
1597 0 : r = socket_arm_timer(s);
1598 0 : if (r < 0)
1599 0 : goto fail;
1600 :
1601 0 : socket_set_state(s, state);
1602 0 : } else if (state == SOCKET_STOP_PRE_SIGTERM)
1603 0 : socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1604 0 : else if (state == SOCKET_STOP_PRE_SIGKILL)
1605 0 : socket_enter_stop_post(s, SOCKET_SUCCESS);
1606 0 : else if (state == SOCKET_FINAL_SIGTERM)
1607 0 : socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1608 : else
1609 0 : socket_enter_dead(s, SOCKET_SUCCESS);
1610 :
1611 0 : return;
1612 :
1613 : fail:
1614 0 : log_unit_warning_errno(UNIT(s), r, "Failed to kill processes: %m");
1615 :
1616 0 : if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1617 0 : socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1618 : else
1619 0 : socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1620 : }
1621 :
1622 0 : static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1623 : int r;
1624 0 : assert(s);
1625 :
1626 0 : if (f != SOCKET_SUCCESS)
1627 0 : s->result = f;
1628 :
1629 0 : socket_unwatch_control_pid(s);
1630 0 : s->control_command_id = SOCKET_EXEC_STOP_PRE;
1631 0 : s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1632 :
1633 0 : if (s->control_command) {
1634 0 : r = socket_spawn(s, s->control_command, &s->control_pid);
1635 0 : if (r < 0)
1636 0 : goto fail;
1637 :
1638 0 : socket_set_state(s, SOCKET_STOP_PRE);
1639 : } else
1640 0 : socket_enter_stop_post(s, SOCKET_SUCCESS);
1641 :
1642 0 : return;
1643 :
1644 : fail:
1645 0 : log_unit_warning_errno(UNIT(s), r, "Failed to run 'stop-pre' task: %m");
1646 0 : socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1647 : }
1648 :
1649 0 : static void socket_enter_listening(Socket *s) {
1650 : int r;
1651 0 : assert(s);
1652 :
1653 0 : r = socket_watch_fds(s);
1654 0 : if (r < 0) {
1655 0 : log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1656 0 : goto fail;
1657 : }
1658 :
1659 0 : socket_set_state(s, SOCKET_LISTENING);
1660 0 : return;
1661 :
1662 : fail:
1663 0 : socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1664 : }
1665 :
1666 0 : static void socket_enter_start_post(Socket *s) {
1667 : int r;
1668 0 : assert(s);
1669 :
1670 0 : socket_unwatch_control_pid(s);
1671 0 : s->control_command_id = SOCKET_EXEC_START_POST;
1672 0 : s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1673 :
1674 0 : if (s->control_command) {
1675 0 : r = socket_spawn(s, s->control_command, &s->control_pid);
1676 0 : if (r < 0) {
1677 0 : log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-post' task: %m");
1678 0 : goto fail;
1679 : }
1680 :
1681 0 : socket_set_state(s, SOCKET_START_POST);
1682 : } else
1683 0 : socket_enter_listening(s);
1684 :
1685 0 : return;
1686 :
1687 : fail:
1688 0 : socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1689 : }
1690 :
1691 0 : static void socket_enter_start_chown(Socket *s) {
1692 : int r;
1693 :
1694 0 : assert(s);
1695 :
1696 0 : r = socket_open_fds(s);
1697 0 : if (r < 0) {
1698 0 : log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1699 0 : goto fail;
1700 : }
1701 :
1702 0 : if (!isempty(s->user) || !isempty(s->group)) {
1703 :
1704 0 : socket_unwatch_control_pid(s);
1705 0 : s->control_command_id = SOCKET_EXEC_START_CHOWN;
1706 0 : s->control_command = NULL;
1707 :
1708 0 : r = socket_chown(s, &s->control_pid);
1709 0 : if (r < 0) {
1710 0 : log_unit_warning_errno(UNIT(s), r, "Failed to fork 'start-chown' task: %m");
1711 0 : goto fail;
1712 : }
1713 :
1714 0 : socket_set_state(s, SOCKET_START_CHOWN);
1715 : } else
1716 0 : socket_enter_start_post(s);
1717 :
1718 0 : return;
1719 :
1720 : fail:
1721 0 : socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1722 : }
1723 :
1724 0 : static void socket_enter_start_pre(Socket *s) {
1725 : int r;
1726 0 : assert(s);
1727 :
1728 0 : socket_unwatch_control_pid(s);
1729 0 : s->control_command_id = SOCKET_EXEC_START_PRE;
1730 0 : s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1731 :
1732 0 : if (s->control_command) {
1733 0 : r = socket_spawn(s, s->control_command, &s->control_pid);
1734 0 : if (r < 0) {
1735 0 : log_unit_warning_errno(UNIT(s), r, "Failed to run 'start-pre' task: %m");
1736 0 : goto fail;
1737 : }
1738 :
1739 0 : socket_set_state(s, SOCKET_START_PRE);
1740 : } else
1741 0 : socket_enter_start_chown(s);
1742 :
1743 0 : return;
1744 :
1745 : fail:
1746 0 : socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1747 : }
1748 :
1749 0 : static void socket_enter_running(Socket *s, int cfd) {
1750 0 : _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1751 : int r;
1752 :
1753 0 : assert(s);
1754 :
1755 : /* We don't take connections anymore if we are supposed to
1756 : * shut down anyway */
1757 0 : if (unit_stop_pending(UNIT(s))) {
1758 :
1759 0 : log_unit_debug(UNIT(s), "Suppressing connection request since unit stop is scheduled.");
1760 :
1761 0 : if (cfd >= 0)
1762 0 : safe_close(cfd);
1763 : else {
1764 : /* Flush all sockets by closing and reopening them */
1765 0 : socket_close_fds(s);
1766 :
1767 0 : r = socket_open_fds(s);
1768 0 : if (r < 0) {
1769 0 : log_unit_warning_errno(UNIT(s), r, "Failed to listen on sockets: %m");
1770 0 : socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1771 0 : return;
1772 : }
1773 :
1774 0 : r = socket_watch_fds(s);
1775 0 : if (r < 0) {
1776 0 : log_unit_warning_errno(UNIT(s), r, "Failed to watch sockets: %m");
1777 0 : socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1778 : }
1779 : }
1780 :
1781 0 : return;
1782 : }
1783 :
1784 0 : if (cfd < 0) {
1785 : Iterator i;
1786 : Unit *other;
1787 0 : bool pending = false;
1788 :
1789 : /* If there's already a start pending don't bother to
1790 : * do anything */
1791 0 : SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1792 0 : if (unit_active_or_pending(other)) {
1793 0 : pending = true;
1794 0 : break;
1795 : }
1796 :
1797 0 : if (!pending) {
1798 0 : if (!UNIT_ISSET(s->service)) {
1799 0 : log_unit_error(UNIT(s), "Service to activate vanished, refusing activation.");
1800 0 : r = -ENOENT;
1801 0 : goto fail;
1802 : }
1803 :
1804 0 : r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1805 0 : if (r < 0)
1806 0 : goto fail;
1807 : }
1808 :
1809 0 : socket_set_state(s, SOCKET_RUNNING);
1810 : } else {
1811 0 : _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1812 : Service *service;
1813 :
1814 0 : if (s->n_connections >= s->max_connections) {
1815 0 : log_unit_warning(UNIT(s), "Too many incoming connections (%u)", s->n_connections);
1816 0 : safe_close(cfd);
1817 0 : return;
1818 : }
1819 :
1820 0 : r = socket_instantiate_service(s);
1821 0 : if (r < 0)
1822 0 : goto fail;
1823 :
1824 0 : r = instance_from_socket(cfd, s->n_accepted, &instance);
1825 0 : if (r < 0) {
1826 0 : if (r != -ENOTCONN)
1827 0 : goto fail;
1828 :
1829 : /* ENOTCONN is legitimate if TCP RST was received.
1830 : * This connection is over, but the socket unit lives on. */
1831 0 : safe_close(cfd);
1832 0 : return;
1833 : }
1834 :
1835 0 : r = unit_name_to_prefix(UNIT(s)->id, &prefix);
1836 0 : if (r < 0)
1837 0 : goto fail;
1838 :
1839 0 : r = unit_name_build(prefix, instance, ".service", &name);
1840 0 : if (r < 0)
1841 0 : goto fail;
1842 :
1843 0 : r = unit_add_name(UNIT_DEREF(s->service), name);
1844 0 : if (r < 0)
1845 0 : goto fail;
1846 :
1847 0 : service = SERVICE(UNIT_DEREF(s->service));
1848 0 : unit_ref_unset(&s->service);
1849 0 : s->n_accepted ++;
1850 :
1851 0 : UNIT(service)->no_gc = false;
1852 :
1853 0 : unit_choose_id(UNIT(service), name);
1854 :
1855 0 : r = service_set_socket_fd(service, cfd, s, s->selinux_context_from_net);
1856 0 : if (r < 0)
1857 0 : goto fail;
1858 :
1859 0 : cfd = -1;
1860 0 : s->n_connections ++;
1861 :
1862 0 : r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1863 0 : if (r < 0)
1864 0 : goto fail;
1865 :
1866 : /* Notify clients about changed counters */
1867 0 : unit_add_to_dbus_queue(UNIT(s));
1868 : }
1869 :
1870 0 : return;
1871 :
1872 : fail:
1873 0 : log_unit_warning(UNIT(s), "Failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1874 : cfd >= 0 ? "template" : "non-template",
1875 : bus_error_message(&error, r));
1876 :
1877 0 : socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1878 0 : safe_close(cfd);
1879 : }
1880 :
1881 0 : static void socket_run_next(Socket *s) {
1882 : int r;
1883 :
1884 0 : assert(s);
1885 0 : assert(s->control_command);
1886 0 : assert(s->control_command->command_next);
1887 :
1888 0 : socket_unwatch_control_pid(s);
1889 :
1890 0 : s->control_command = s->control_command->command_next;
1891 :
1892 0 : r = socket_spawn(s, s->control_command, &s->control_pid);
1893 0 : if (r < 0)
1894 0 : goto fail;
1895 :
1896 0 : return;
1897 :
1898 : fail:
1899 0 : log_unit_warning_errno(UNIT(s), r, "Failed to run next task: %m");
1900 :
1901 0 : if (s->state == SOCKET_START_POST)
1902 0 : socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1903 0 : else if (s->state == SOCKET_STOP_POST)
1904 0 : socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1905 : else
1906 0 : socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1907 : }
1908 :
1909 0 : static int socket_start(Unit *u) {
1910 0 : Socket *s = SOCKET(u);
1911 :
1912 0 : assert(s);
1913 :
1914 : /* We cannot fulfill this request right now, try again later
1915 : * please! */
1916 0 : if (IN_SET(s->state,
1917 : SOCKET_STOP_PRE,
1918 : SOCKET_STOP_PRE_SIGKILL,
1919 : SOCKET_STOP_PRE_SIGTERM,
1920 : SOCKET_STOP_POST,
1921 : SOCKET_FINAL_SIGTERM,
1922 : SOCKET_FINAL_SIGKILL))
1923 0 : return -EAGAIN;
1924 :
1925 : /* Already on it! */
1926 0 : if (IN_SET(s->state,
1927 : SOCKET_START_PRE,
1928 : SOCKET_START_CHOWN,
1929 : SOCKET_START_POST))
1930 0 : return 0;
1931 :
1932 : /* Cannot run this without the service being around */
1933 0 : if (UNIT_ISSET(s->service)) {
1934 : Service *service;
1935 :
1936 0 : service = SERVICE(UNIT_DEREF(s->service));
1937 :
1938 0 : if (UNIT(service)->load_state != UNIT_LOADED) {
1939 0 : log_unit_error(u, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1940 0 : return -ENOENT;
1941 : }
1942 :
1943 : /* If the service is already active we cannot start the
1944 : * socket */
1945 0 : if (service->state != SERVICE_DEAD &&
1946 0 : service->state != SERVICE_FAILED &&
1947 0 : service->state != SERVICE_AUTO_RESTART) {
1948 0 : log_unit_error(u, "Socket service %s already active, refusing.", UNIT(service)->id);
1949 0 : return -EBUSY;
1950 : }
1951 : }
1952 :
1953 0 : assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1954 :
1955 0 : s->result = SOCKET_SUCCESS;
1956 0 : s->reset_cpu_usage = true;
1957 :
1958 0 : socket_enter_start_pre(s);
1959 :
1960 0 : return 1;
1961 : }
1962 :
1963 0 : static int socket_stop(Unit *u) {
1964 0 : Socket *s = SOCKET(u);
1965 :
1966 0 : assert(s);
1967 :
1968 : /* Already on it */
1969 0 : if (IN_SET(s->state,
1970 : SOCKET_STOP_PRE,
1971 : SOCKET_STOP_PRE_SIGTERM,
1972 : SOCKET_STOP_PRE_SIGKILL,
1973 : SOCKET_STOP_POST,
1974 : SOCKET_FINAL_SIGTERM,
1975 : SOCKET_FINAL_SIGKILL))
1976 0 : return 0;
1977 :
1978 : /* If there's already something running we go directly into
1979 : * kill mode. */
1980 0 : if (IN_SET(s->state,
1981 : SOCKET_START_PRE,
1982 : SOCKET_START_CHOWN,
1983 : SOCKET_START_POST)) {
1984 0 : socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1985 0 : return -EAGAIN;
1986 : }
1987 :
1988 0 : assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1989 :
1990 0 : socket_enter_stop_pre(s, SOCKET_SUCCESS);
1991 0 : return 1;
1992 : }
1993 :
1994 0 : static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1995 0 : Socket *s = SOCKET(u);
1996 : SocketPort *p;
1997 : int r;
1998 :
1999 0 : assert(u);
2000 0 : assert(f);
2001 0 : assert(fds);
2002 :
2003 0 : unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
2004 0 : unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
2005 0 : unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
2006 :
2007 0 : if (s->control_pid > 0)
2008 0 : unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
2009 :
2010 0 : if (s->control_command_id >= 0)
2011 0 : unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
2012 :
2013 0 : LIST_FOREACH(port, p, s->ports) {
2014 : int copy;
2015 :
2016 0 : if (p->fd < 0)
2017 0 : continue;
2018 :
2019 0 : copy = fdset_put_dup(fds, p->fd);
2020 0 : if (copy < 0)
2021 0 : return copy;
2022 :
2023 0 : if (p->type == SOCKET_SOCKET) {
2024 0 : _cleanup_free_ char *t = NULL;
2025 :
2026 0 : r = socket_address_print(&p->address, &t);
2027 0 : if (r < 0)
2028 0 : return r;
2029 :
2030 0 : if (socket_address_family(&p->address) == AF_NETLINK)
2031 0 : unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
2032 : else
2033 0 : unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
2034 :
2035 0 : } else if (p->type == SOCKET_SPECIAL)
2036 0 : unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
2037 0 : else if (p->type == SOCKET_MQUEUE)
2038 0 : unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
2039 : else {
2040 0 : assert(p->type == SOCKET_FIFO);
2041 0 : unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
2042 : }
2043 : }
2044 :
2045 0 : return 0;
2046 : }
2047 :
2048 0 : static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
2049 0 : Socket *s = SOCKET(u);
2050 :
2051 0 : assert(u);
2052 0 : assert(key);
2053 0 : assert(value);
2054 :
2055 0 : if (streq(key, "state")) {
2056 : SocketState state;
2057 :
2058 0 : state = socket_state_from_string(value);
2059 0 : if (state < 0)
2060 0 : log_unit_debug(u, "Failed to parse state value: %s", value);
2061 : else
2062 0 : s->deserialized_state = state;
2063 0 : } else if (streq(key, "result")) {
2064 : SocketResult f;
2065 :
2066 0 : f = socket_result_from_string(value);
2067 0 : if (f < 0)
2068 0 : log_unit_debug(u, "Failed to parse result value: %s", value);
2069 0 : else if (f != SOCKET_SUCCESS)
2070 0 : s->result = f;
2071 :
2072 0 : } else if (streq(key, "n-accepted")) {
2073 : unsigned k;
2074 :
2075 0 : if (safe_atou(value, &k) < 0)
2076 0 : log_unit_debug(u, "Failed to parse n-accepted value: %s", value);
2077 : else
2078 0 : s->n_accepted += k;
2079 0 : } else if (streq(key, "control-pid")) {
2080 : pid_t pid;
2081 :
2082 0 : if (parse_pid(value, &pid) < 0)
2083 0 : log_unit_debug(u, "Failed to parse control-pid value: %s", value);
2084 : else
2085 0 : s->control_pid = pid;
2086 0 : } else if (streq(key, "control-command")) {
2087 : SocketExecCommand id;
2088 :
2089 0 : id = socket_exec_command_from_string(value);
2090 0 : if (id < 0)
2091 0 : log_unit_debug(u, "Failed to parse exec-command value: %s", value);
2092 : else {
2093 0 : s->control_command_id = id;
2094 0 : s->control_command = s->exec_command[id];
2095 : }
2096 0 : } else if (streq(key, "fifo")) {
2097 0 : int fd, skip = 0;
2098 : SocketPort *p;
2099 :
2100 0 : if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2101 0 : log_unit_debug(u, "Failed to parse fifo value: %s", value);
2102 : else {
2103 :
2104 0 : LIST_FOREACH(port, p, s->ports)
2105 0 : if (p->type == SOCKET_FIFO &&
2106 0 : path_equal_or_files_same(p->path, value+skip))
2107 0 : break;
2108 :
2109 0 : if (p) {
2110 0 : safe_close(p->fd);
2111 0 : p->fd = fdset_remove(fds, fd);
2112 : }
2113 : }
2114 :
2115 0 : } else if (streq(key, "special")) {
2116 0 : int fd, skip = 0;
2117 : SocketPort *p;
2118 :
2119 0 : if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2120 0 : log_unit_debug(u, "Failed to parse special value: %s", value);
2121 : else {
2122 :
2123 0 : LIST_FOREACH(port, p, s->ports)
2124 0 : if (p->type == SOCKET_SPECIAL &&
2125 0 : path_equal_or_files_same(p->path, value+skip))
2126 0 : break;
2127 :
2128 0 : if (p) {
2129 0 : safe_close(p->fd);
2130 0 : p->fd = fdset_remove(fds, fd);
2131 : }
2132 : }
2133 :
2134 0 : } else if (streq(key, "mqueue")) {
2135 0 : int fd, skip = 0;
2136 : SocketPort *p;
2137 :
2138 0 : if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2139 0 : log_unit_debug(u, "Failed to parse mqueue value: %s", value);
2140 : else {
2141 :
2142 0 : LIST_FOREACH(port, p, s->ports)
2143 0 : if (p->type == SOCKET_MQUEUE &&
2144 0 : streq(p->path, value+skip))
2145 0 : break;
2146 :
2147 0 : if (p) {
2148 0 : safe_close(p->fd);
2149 0 : p->fd = fdset_remove(fds, fd);
2150 : }
2151 : }
2152 :
2153 0 : } else if (streq(key, "socket")) {
2154 0 : int fd, type, skip = 0;
2155 : SocketPort *p;
2156 :
2157 0 : if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2158 0 : log_unit_debug(u, "Failed to parse socket value: %s", value);
2159 : else {
2160 :
2161 0 : LIST_FOREACH(port, p, s->ports)
2162 0 : if (socket_address_is(&p->address, value+skip, type))
2163 0 : break;
2164 :
2165 0 : if (p) {
2166 0 : safe_close(p->fd);
2167 0 : p->fd = fdset_remove(fds, fd);
2168 : }
2169 : }
2170 :
2171 0 : } else if (streq(key, "netlink")) {
2172 0 : int fd, skip = 0;
2173 : SocketPort *p;
2174 :
2175 0 : if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2176 0 : log_unit_debug(u, "Failed to parse socket value: %s", value);
2177 : else {
2178 :
2179 0 : LIST_FOREACH(port, p, s->ports)
2180 0 : if (socket_address_is_netlink(&p->address, value+skip))
2181 0 : break;
2182 :
2183 0 : if (p) {
2184 0 : safe_close(p->fd);
2185 0 : p->fd = fdset_remove(fds, fd);
2186 : }
2187 : }
2188 : } else
2189 0 : log_unit_debug(UNIT(s), "Unknown serialization key: %s", key);
2190 :
2191 0 : return 0;
2192 : }
2193 :
2194 0 : static int socket_distribute_fds(Unit *u, FDSet *fds) {
2195 0 : Socket *s = SOCKET(u);
2196 : SocketPort *p;
2197 :
2198 0 : assert(u);
2199 :
2200 0 : LIST_FOREACH(port, p, s->ports) {
2201 : Iterator i;
2202 : int fd;
2203 :
2204 0 : if (p->type != SOCKET_SOCKET)
2205 0 : continue;
2206 :
2207 0 : if (p->fd >= 0)
2208 0 : continue;
2209 :
2210 0 : FDSET_FOREACH(fd, fds, i) {
2211 0 : if (socket_address_matches_fd(&p->address, fd)) {
2212 0 : p->fd = fdset_remove(fds, fd);
2213 0 : s->deserialized_state = SOCKET_LISTENING;
2214 0 : break;
2215 : }
2216 : }
2217 : }
2218 :
2219 0 : return 0;
2220 : }
2221 :
2222 0 : _pure_ static UnitActiveState socket_active_state(Unit *u) {
2223 0 : assert(u);
2224 :
2225 0 : return state_translation_table[SOCKET(u)->state];
2226 : }
2227 :
2228 0 : _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2229 0 : assert(u);
2230 :
2231 0 : return socket_state_to_string(SOCKET(u)->state);
2232 : }
2233 :
2234 0 : const char* socket_port_type_to_string(SocketPort *p) {
2235 :
2236 0 : assert(p);
2237 :
2238 0 : switch (p->type) {
2239 :
2240 : case SOCKET_SOCKET:
2241 :
2242 0 : switch (p->address.type) {
2243 :
2244 : case SOCK_STREAM:
2245 0 : return "Stream";
2246 :
2247 : case SOCK_DGRAM:
2248 0 : return "Datagram";
2249 :
2250 : case SOCK_SEQPACKET:
2251 0 : return "SequentialPacket";
2252 :
2253 : case SOCK_RAW:
2254 0 : if (socket_address_family(&p->address) == AF_NETLINK)
2255 0 : return "Netlink";
2256 :
2257 : default:
2258 0 : return NULL;
2259 : }
2260 :
2261 : case SOCKET_SPECIAL:
2262 0 : return "Special";
2263 :
2264 : case SOCKET_MQUEUE:
2265 0 : return "MessageQueue";
2266 :
2267 : case SOCKET_FIFO:
2268 0 : return "FIFO";
2269 :
2270 : default:
2271 0 : return NULL;
2272 : }
2273 : }
2274 :
2275 0 : _pure_ static bool socket_check_gc(Unit *u) {
2276 0 : Socket *s = SOCKET(u);
2277 :
2278 0 : assert(u);
2279 :
2280 0 : return s->n_connections > 0;
2281 : }
2282 :
2283 0 : static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2284 0 : SocketPort *p = userdata;
2285 0 : int cfd = -1;
2286 :
2287 0 : assert(p);
2288 0 : assert(fd >= 0);
2289 :
2290 0 : if (p->socket->state != SOCKET_LISTENING)
2291 0 : return 0;
2292 :
2293 0 : log_unit_debug(UNIT(p->socket), "Incoming traffic");
2294 :
2295 0 : if (revents != EPOLLIN) {
2296 :
2297 0 : if (revents & EPOLLHUP)
2298 0 : log_unit_error(UNIT(p->socket), "Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.");
2299 : else
2300 0 : log_unit_error(UNIT(p->socket), "Got unexpected poll event (0x%x) on socket.", revents);
2301 :
2302 0 : goto fail;
2303 : }
2304 :
2305 0 : if (p->socket->accept &&
2306 0 : p->type == SOCKET_SOCKET &&
2307 0 : socket_address_can_accept(&p->address)) {
2308 :
2309 : for (;;) {
2310 :
2311 0 : cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2312 0 : if (cfd < 0) {
2313 :
2314 0 : if (errno == EINTR)
2315 0 : continue;
2316 :
2317 0 : log_unit_error_errno(UNIT(p->socket), errno, "Failed to accept socket: %m");
2318 0 : goto fail;
2319 : }
2320 :
2321 0 : break;
2322 0 : }
2323 :
2324 0 : socket_apply_socket_options(p->socket, cfd);
2325 : }
2326 :
2327 0 : socket_enter_running(p->socket, cfd);
2328 0 : return 0;
2329 :
2330 : fail:
2331 0 : socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2332 0 : return 0;
2333 : }
2334 :
2335 0 : static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2336 0 : Socket *s = SOCKET(u);
2337 : SocketResult f;
2338 :
2339 0 : assert(s);
2340 0 : assert(pid >= 0);
2341 :
2342 0 : if (pid != s->control_pid)
2343 0 : return;
2344 :
2345 0 : s->control_pid = 0;
2346 :
2347 0 : if (is_clean_exit(code, status, NULL))
2348 0 : f = SOCKET_SUCCESS;
2349 0 : else if (code == CLD_EXITED)
2350 0 : f = SOCKET_FAILURE_EXIT_CODE;
2351 0 : else if (code == CLD_KILLED)
2352 0 : f = SOCKET_FAILURE_SIGNAL;
2353 0 : else if (code == CLD_DUMPED)
2354 0 : f = SOCKET_FAILURE_CORE_DUMP;
2355 : else
2356 0 : assert_not_reached("Unknown sigchld code");
2357 :
2358 0 : if (s->control_command) {
2359 0 : exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2360 :
2361 0 : if (s->control_command->ignore)
2362 0 : f = SOCKET_SUCCESS;
2363 : }
2364 :
2365 0 : log_unit_full(u, f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE, 0,
2366 : "Control process exited, code=%s status=%i",
2367 : sigchld_code_to_string(code), status);
2368 :
2369 0 : if (f != SOCKET_SUCCESS)
2370 0 : s->result = f;
2371 :
2372 0 : if (s->control_command &&
2373 0 : s->control_command->command_next &&
2374 : f == SOCKET_SUCCESS) {
2375 :
2376 0 : log_unit_debug(u, "Running next command for state %s", socket_state_to_string(s->state));
2377 0 : socket_run_next(s);
2378 : } else {
2379 0 : s->control_command = NULL;
2380 0 : s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2381 :
2382 : /* No further commands for this step, so let's figure
2383 : * out what to do next */
2384 :
2385 0 : log_unit_debug(u, "Got final SIGCHLD for state %s", socket_state_to_string(s->state));
2386 :
2387 0 : switch (s->state) {
2388 :
2389 : case SOCKET_START_PRE:
2390 0 : if (f == SOCKET_SUCCESS)
2391 0 : socket_enter_start_chown(s);
2392 : else
2393 0 : socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2394 0 : break;
2395 :
2396 : case SOCKET_START_CHOWN:
2397 0 : if (f == SOCKET_SUCCESS)
2398 0 : socket_enter_start_post(s);
2399 : else
2400 0 : socket_enter_stop_pre(s, f);
2401 0 : break;
2402 :
2403 : case SOCKET_START_POST:
2404 0 : if (f == SOCKET_SUCCESS)
2405 0 : socket_enter_listening(s);
2406 : else
2407 0 : socket_enter_stop_pre(s, f);
2408 0 : break;
2409 :
2410 : case SOCKET_STOP_PRE:
2411 : case SOCKET_STOP_PRE_SIGTERM:
2412 : case SOCKET_STOP_PRE_SIGKILL:
2413 0 : socket_enter_stop_post(s, f);
2414 0 : break;
2415 :
2416 : case SOCKET_STOP_POST:
2417 : case SOCKET_FINAL_SIGTERM:
2418 : case SOCKET_FINAL_SIGKILL:
2419 0 : socket_enter_dead(s, f);
2420 0 : break;
2421 :
2422 : default:
2423 0 : assert_not_reached("Uh, control process died at wrong time.");
2424 : }
2425 : }
2426 :
2427 : /* Notify clients about changed exit status */
2428 0 : unit_add_to_dbus_queue(u);
2429 : }
2430 :
2431 0 : static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2432 0 : Socket *s = SOCKET(userdata);
2433 :
2434 0 : assert(s);
2435 0 : assert(s->timer_event_source == source);
2436 :
2437 0 : switch (s->state) {
2438 :
2439 : case SOCKET_START_PRE:
2440 0 : log_unit_warning(UNIT(s), "Starting timed out. Terminating.");
2441 0 : socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2442 0 : break;
2443 :
2444 : case SOCKET_START_CHOWN:
2445 : case SOCKET_START_POST:
2446 0 : log_unit_warning(UNIT(s), "Starting timed out. Stopping.");
2447 0 : socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2448 0 : break;
2449 :
2450 : case SOCKET_STOP_PRE:
2451 0 : log_unit_warning(UNIT(s), "Stopping timed out. Terminating.");
2452 0 : socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2453 0 : break;
2454 :
2455 : case SOCKET_STOP_PRE_SIGTERM:
2456 0 : if (s->kill_context.send_sigkill) {
2457 0 : log_unit_warning(UNIT(s), "Stopping timed out. Killing.");
2458 0 : socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2459 : } else {
2460 0 : log_unit_warning(UNIT(s), "Stopping timed out. Skipping SIGKILL. Ignoring.");
2461 0 : socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2462 : }
2463 0 : break;
2464 :
2465 : case SOCKET_STOP_PRE_SIGKILL:
2466 0 : log_unit_warning(UNIT(s), "Processes still around after SIGKILL. Ignoring.");
2467 0 : socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2468 0 : break;
2469 :
2470 : case SOCKET_STOP_POST:
2471 0 : log_unit_warning(UNIT(s), "Stopping timed out (2). Terminating.");
2472 0 : socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2473 0 : break;
2474 :
2475 : case SOCKET_FINAL_SIGTERM:
2476 0 : if (s->kill_context.send_sigkill) {
2477 0 : log_unit_warning(UNIT(s), "Stopping timed out (2). Killing.");
2478 0 : socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2479 : } else {
2480 0 : log_unit_warning(UNIT(s), "Stopping timed out (2). Skipping SIGKILL. Ignoring.");
2481 0 : socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2482 : }
2483 0 : break;
2484 :
2485 : case SOCKET_FINAL_SIGKILL:
2486 0 : log_unit_warning(UNIT(s), "Still around after SIGKILL (2). Entering failed mode.");
2487 0 : socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2488 0 : break;
2489 :
2490 : default:
2491 0 : assert_not_reached("Timeout at wrong time.");
2492 : }
2493 :
2494 0 : return 0;
2495 : }
2496 :
2497 0 : int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2498 : int *rfds;
2499 : unsigned rn_fds, k;
2500 : SocketPort *p;
2501 :
2502 0 : assert(s);
2503 0 : assert(fds);
2504 0 : assert(n_fds);
2505 :
2506 : /* Called from the service code for requesting our fds */
2507 :
2508 0 : rn_fds = 0;
2509 0 : LIST_FOREACH(port, p, s->ports)
2510 0 : if (p->fd >= 0)
2511 0 : rn_fds++;
2512 :
2513 0 : if (rn_fds <= 0) {
2514 0 : *fds = NULL;
2515 0 : *n_fds = 0;
2516 0 : return 0;
2517 : }
2518 :
2519 0 : rfds = new(int, rn_fds);
2520 0 : if (!rfds)
2521 0 : return -ENOMEM;
2522 :
2523 0 : k = 0;
2524 0 : LIST_FOREACH(port, p, s->ports)
2525 0 : if (p->fd >= 0)
2526 0 : rfds[k++] = p->fd;
2527 :
2528 0 : assert(k == rn_fds);
2529 :
2530 0 : *fds = rfds;
2531 0 : *n_fds = rn_fds;
2532 :
2533 0 : return 0;
2534 : }
2535 :
2536 0 : static void socket_reset_failed(Unit *u) {
2537 0 : Socket *s = SOCKET(u);
2538 :
2539 0 : assert(s);
2540 :
2541 0 : if (s->state == SOCKET_FAILED)
2542 0 : socket_set_state(s, SOCKET_DEAD);
2543 :
2544 0 : s->result = SOCKET_SUCCESS;
2545 0 : }
2546 :
2547 0 : static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2548 0 : assert(s);
2549 :
2550 : /* The service is dead. Dang!
2551 : *
2552 : * This is strictly for one-instance-for-all-connections
2553 : * services. */
2554 :
2555 0 : if (s->state == SOCKET_RUNNING) {
2556 0 : log_unit_debug(UNIT(s), "Got notified about service death (failed permanently: %s)", yes_no(failed_permanent));
2557 0 : if (failed_permanent)
2558 0 : socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2559 : else
2560 0 : socket_enter_listening(s);
2561 : }
2562 0 : }
2563 :
2564 0 : void socket_connection_unref(Socket *s) {
2565 0 : assert(s);
2566 :
2567 : /* The service is dead. Yay!
2568 : *
2569 : * This is strictly for one-instance-per-connection
2570 : * services. */
2571 :
2572 0 : assert(s->n_connections > 0);
2573 0 : s->n_connections--;
2574 :
2575 0 : log_unit_debug(UNIT(s), "One connection closed, %u left.", s->n_connections);
2576 0 : }
2577 :
2578 0 : static void socket_trigger_notify(Unit *u, Unit *other) {
2579 0 : Socket *s = SOCKET(u);
2580 : Service *se;
2581 :
2582 0 : assert(u);
2583 0 : assert(other);
2584 :
2585 : /* Don't propagate state changes from the service if we are
2586 : already down or accepting connections */
2587 0 : if ((s->state != SOCKET_RUNNING &&
2588 0 : s->state != SOCKET_LISTENING) ||
2589 0 : s->accept)
2590 0 : return;
2591 :
2592 0 : if (other->load_state != UNIT_LOADED ||
2593 0 : other->type != UNIT_SERVICE)
2594 0 : return;
2595 :
2596 0 : se = SERVICE(other);
2597 :
2598 0 : if (se->state == SERVICE_FAILED)
2599 0 : socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2600 :
2601 0 : if (se->state == SERVICE_DEAD ||
2602 0 : se->state == SERVICE_FINAL_SIGTERM ||
2603 0 : se->state == SERVICE_FINAL_SIGKILL ||
2604 0 : se->state == SERVICE_AUTO_RESTART)
2605 0 : socket_notify_service_dead(s, false);
2606 :
2607 0 : if (se->state == SERVICE_RUNNING)
2608 0 : socket_set_state(s, SOCKET_RUNNING);
2609 : }
2610 :
2611 0 : static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2612 0 : return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2613 : }
2614 :
2615 0 : static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2616 0 : Socket *s = SOCKET(u);
2617 : int r;
2618 :
2619 0 : if (!s->timer_event_source)
2620 0 : return 0;
2621 :
2622 0 : r = sd_event_source_get_time(s->timer_event_source, timeout);
2623 0 : if (r < 0)
2624 0 : return r;
2625 :
2626 0 : return 1;
2627 : }
2628 :
2629 : static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2630 : [SOCKET_DEAD] = "dead",
2631 : [SOCKET_START_PRE] = "start-pre",
2632 : [SOCKET_START_CHOWN] = "start-chown",
2633 : [SOCKET_START_POST] = "start-post",
2634 : [SOCKET_LISTENING] = "listening",
2635 : [SOCKET_RUNNING] = "running",
2636 : [SOCKET_STOP_PRE] = "stop-pre",
2637 : [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2638 : [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2639 : [SOCKET_STOP_POST] = "stop-post",
2640 : [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2641 : [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2642 : [SOCKET_FAILED] = "failed"
2643 : };
2644 :
2645 30 : DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2646 :
2647 : static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2648 : [SOCKET_EXEC_START_PRE] = "StartPre",
2649 : [SOCKET_EXEC_START_CHOWN] = "StartChown",
2650 : [SOCKET_EXEC_START_POST] = "StartPost",
2651 : [SOCKET_EXEC_STOP_PRE] = "StopPre",
2652 : [SOCKET_EXEC_STOP_POST] = "StopPost"
2653 : };
2654 :
2655 14 : DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2656 :
2657 : static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2658 : [SOCKET_SUCCESS] = "success",
2659 : [SOCKET_FAILURE_RESOURCES] = "resources",
2660 : [SOCKET_FAILURE_TIMEOUT] = "timeout",
2661 : [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2662 : [SOCKET_FAILURE_SIGNAL] = "signal",
2663 : [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2664 : [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2665 : };
2666 :
2667 18 : DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2668 :
2669 : const UnitVTable socket_vtable = {
2670 : .object_size = sizeof(Socket),
2671 : .exec_context_offset = offsetof(Socket, exec_context),
2672 : .cgroup_context_offset = offsetof(Socket, cgroup_context),
2673 : .kill_context_offset = offsetof(Socket, kill_context),
2674 : .exec_runtime_offset = offsetof(Socket, exec_runtime),
2675 :
2676 : .sections =
2677 : "Unit\0"
2678 : "Socket\0"
2679 : "Install\0",
2680 : .private_section = "Socket",
2681 :
2682 : .init = socket_init,
2683 : .done = socket_done,
2684 : .load = socket_load,
2685 :
2686 : .coldplug = socket_coldplug,
2687 :
2688 : .dump = socket_dump,
2689 :
2690 : .start = socket_start,
2691 : .stop = socket_stop,
2692 :
2693 : .kill = socket_kill,
2694 :
2695 : .get_timeout = socket_get_timeout,
2696 :
2697 : .serialize = socket_serialize,
2698 : .deserialize_item = socket_deserialize_item,
2699 : .distribute_fds = socket_distribute_fds,
2700 :
2701 : .active_state = socket_active_state,
2702 : .sub_state_to_string = socket_sub_state_to_string,
2703 :
2704 : .check_gc = socket_check_gc,
2705 :
2706 : .sigchld_event = socket_sigchld_event,
2707 :
2708 : .trigger_notify = socket_trigger_notify,
2709 :
2710 : .reset_failed = socket_reset_failed,
2711 :
2712 : .bus_interface = "org.freedesktop.systemd1.Socket",
2713 : .bus_vtable = bus_socket_vtable,
2714 : .bus_set_property = bus_socket_set_property,
2715 : .bus_commit_properties = bus_socket_commit_properties,
2716 :
2717 : .status_message_formats = {
2718 : /*.starting_stopping = {
2719 : [0] = "Starting socket %s...",
2720 : [1] = "Stopping socket %s...",
2721 : },*/
2722 : .finished_start_job = {
2723 : [JOB_DONE] = "Listening on %s.",
2724 : [JOB_FAILED] = "Failed to listen on %s.",
2725 : [JOB_TIMEOUT] = "Timed out starting %s.",
2726 : },
2727 : .finished_stop_job = {
2728 : [JOB_DONE] = "Closed %s.",
2729 : [JOB_FAILED] = "Failed stopping %s.",
2730 : [JOB_TIMEOUT] = "Timed out stopping %s.",
2731 : },
2732 : },
2733 : };
|
