chiark / gitweb /
~ianmdlvl / elogind.git / blob
? search:


e834b045a005875df9ce2cc95f81ec51de044810
[elogind.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4   This file is part of systemd.
5
6   Copyright 2010 Lennart Poettering
7
8   systemd is free software; you can redistribute it and/or modify it
9   under the terms of the GNU Lesser General Public License as published by
10   the Free Software Foundation; either version 2.1 of the License, or
11   (at your option) any later version.
12
13   systemd is distributed in the hope that it will be useful, but
14   WITHOUT ANY WARRANTY; without even the implied warranty of
15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16   Lesser General Public License for more details.
17
18   You should have received a copy of the GNU Lesser General Public License
19   along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/types.h>
23 #include <sys/stat.h>
24 #include <unistd.h>
25 #include <errno.h>
26 #include <fcntl.h>
27 #include <sys/epoll.h>
28 #include <signal.h>
29 #include <arpa/inet.h>
30 #include <netinet/tcp.h>
31 #include <mqueue.h>
32 #include <sys/xattr.h>
33
34 #include "sd-event.h"
35 #include "log.h"
36 #include "load-dropin.h"
37 #include "load-fragment.h"
38 #include "strv.h"
39 #include "mkdir.h"
40 #include "path-util.h"
41 #include "unit-name.h"
42 #include "unit-printf.h"
43 #include "missing.h"
44 #include "special.h"
45 #include "label.h"
46 #include "exit-status.h"
47 #include "def.h"
48 #include "smack-util.h"
49 #include "bus-util.h"
50 #include "bus-error.h"
51 #include "dbus-socket.h"
52 #include "unit.h"
53 #include "socket.h"
54
55 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
56         [SOCKET_DEAD] = UNIT_INACTIVE,
57         [SOCKET_START_PRE] = UNIT_ACTIVATING,
58         [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
59         [SOCKET_START_POST] = UNIT_ACTIVATING,
60         [SOCKET_LISTENING] = UNIT_ACTIVE,
61         [SOCKET_RUNNING] = UNIT_ACTIVE,
62         [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
63         [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
64         [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
65         [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
66         [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
67         [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
68         [SOCKET_FAILED] = UNIT_FAILED
69 };
70
71 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
72 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
73
74 static void socket_init(Unit *u) {
75         Socket *s = SOCKET(u);
76
77         assert(u);
78         assert(u->load_state == UNIT_STUB);
79
80         s->backlog = SOMAXCONN;
81         s->timeout_usec = u->manager->default_timeout_start_usec;
82         s->directory_mode = 0755;
83         s->socket_mode = 0666;
84
85         s->max_connections = 64;
86
87         s->priority = -1;
88         s->ip_tos = -1;
89         s->ip_ttl = -1;
90         s->mark = -1;
91
92         s->exec_context.std_output = u->manager->default_std_output;
93         s->exec_context.std_error = u->manager->default_std_error;
94
95         s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
96 }
97
98 static void socket_unwatch_control_pid(Socket *s) {
99         assert(s);
100
101         if (s->control_pid <= 0)
102                 return;
103
104         unit_unwatch_pid(UNIT(s), s->control_pid);
105         s->control_pid = 0;
106 }
107
108 void socket_free_ports(Socket *s) {
109         SocketPort *p;
110
111         assert(s);
112
113         while ((p = s->ports)) {
114                 LIST_REMOVE(port, s->ports, p);
115
116                 sd_event_source_unref(p->event_source);
117
118                 safe_close(p->fd);
119                 free(p->path);
120                 free(p);
121         }
122 }
123
124 static void socket_done(Unit *u) {
125         Socket *s = SOCKET(u);
126
127         assert(s);
128
129         socket_free_ports(s);
130
131         s->exec_runtime = exec_runtime_unref(s->exec_runtime);
132         exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
133         s->control_command = NULL;
134
135         socket_unwatch_control_pid(s);
136
137         unit_ref_unset(&s->service);
138
139         free(s->tcp_congestion);
140         s->tcp_congestion = NULL;
141
142         free(s->bind_to_device);
143         s->bind_to_device = NULL;
144
145         free(s->smack);
146         free(s->smack_ip_in);
147         free(s->smack_ip_out);
148
149         strv_free(s->symlinks);
150
151         free(s->user);
152         free(s->group);
153
154         s->timer_event_source = sd_event_source_unref(s->timer_event_source);
155 }
156
157 static int socket_arm_timer(Socket *s) {
158         int r;
159
160         assert(s);
161
162         if (s->timeout_usec <= 0) {
163                 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
164                 return 0;
165         }
166
167         if (s->timer_event_source) {
168                 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
169                 if (r < 0)
170                         return r;
171
172                 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
173         }
174
175         return sd_event_add_time(
176                         UNIT(s)->manager->event,
177                         &s->timer_event_source,
178                         CLOCK_MONOTONIC,
179                         now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
180                         socket_dispatch_timer, s);
181 }
182
183 static int socket_instantiate_service(Socket *s) {
184         _cleanup_free_ char *prefix = NULL;
185         _cleanup_free_ char *name = NULL;
186         int r;
187         Unit *u;
188
189         assert(s);
190
191         /* This fills in s->service if it isn't filled in yet. For
192          * Accept=yes sockets we create the next connection service
193          * here. For Accept=no this is mostly a NOP since the service
194          * is figured out at load time anyway. */
195
196         if (UNIT_DEREF(s->service))
197                 return 0;
198
199         assert(s->accept);
200
201         prefix = unit_name_to_prefix(UNIT(s)->id);
202         if (!prefix)
203                 return -ENOMEM;
204
205         if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
206                 return -ENOMEM;
207
208         r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
209         if (r < 0)
210                 return r;
211
212 #ifdef HAVE_SYSV_COMPAT
213         if (SERVICE(u)->is_sysv) {
214                 log_error("Using SysV services for socket activation is not supported. Refusing.");
215                 return -ENOENT;
216         }
217 #endif
218
219         u->no_gc = true;
220         unit_ref_set(&s->service, u);
221
222         return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
223 }
224
225 static bool have_non_accept_socket(Socket *s) {
226         SocketPort *p;
227
228         assert(s);
229
230         if (!s->accept)
231                 return true;
232
233         LIST_FOREACH(port, p, s->ports) {
234
235                 if (p->type != SOCKET_SOCKET)
236                         return true;
237
238                 if (!socket_address_can_accept(&p->address))
239                         return true;
240         }
241
242         return false;
243 }
244
245 static int socket_add_mount_links(Socket *s) {
246         SocketPort *p;
247         int r;
248
249         assert(s);
250
251         LIST_FOREACH(port, p, s->ports) {
252                 const char *path = NULL;
253
254                 if (p->type == SOCKET_SOCKET)
255                         path = socket_address_get_path(&p->address);
256                 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
257                         path = p->path;
258
259                 if (!path)
260                         continue;
261
262                 r = unit_require_mounts_for(UNIT(s), path);
263                 if (r < 0)
264                         return r;
265         }
266
267         return 0;
268 }
269
270 static int socket_add_device_link(Socket *s) {
271         char *t;
272
273         assert(s);
274
275         if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
276                 return 0;
277
278         t = strappenda("/sys/subsystem/net/devices/", s->bind_to_device);
279         return unit_add_node_link(UNIT(s), t, false);
280 }
281
282 static int socket_add_default_dependencies(Socket *s) {
283         int r;
284         assert(s);
285
286         r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
287         if (r < 0)
288                 return r;
289
290         if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
291                 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
292                 if (r < 0)
293                         return r;
294         }
295
296         return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
297 }
298
299 _pure_ static bool socket_has_exec(Socket *s) {
300         unsigned i;
301         assert(s);
302
303         for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
304                 if (s->exec_command[i])
305                         return true;
306
307         return false;
308 }
309
310 static int socket_add_extras(Socket *s) {
311         Unit *u = UNIT(s);
312         int r;
313
314         assert(s);
315
316         if (have_non_accept_socket(s)) {
317
318                 if (!UNIT_DEREF(s->service)) {
319                         Unit *x;
320
321                         r = unit_load_related_unit(u, ".service", &x);
322                         if (r < 0)
323                                 return r;
324
325                         unit_ref_set(&s->service, x);
326                 }
327
328                 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
329                 if (r < 0)
330                         return r;
331         }
332
333         r = socket_add_mount_links(s);
334         if (r < 0)
335                 return r;
336
337         r = socket_add_device_link(s);
338         if (r < 0)
339                 return r;
340
341         r = unit_patch_contexts(u);
342         if (r < 0)
343                 return r;
344
345         if (socket_has_exec(s)) {
346                 r = unit_add_exec_dependencies(u, &s->exec_context);
347                 if (r < 0)
348                         return r;
349
350                 r = unit_add_default_slice(u, &s->cgroup_context);
351                 if (r < 0)
352                         return r;
353         }
354
355         if (u->default_dependencies) {
356                 r = socket_add_default_dependencies(s);
357                 if (r < 0)
358                         return r;
359         }
360
361         return 0;
362 }
363
364 static const char *socket_find_symlink_target(Socket *s) {
365         const char *found = NULL;
366         SocketPort *p;
367
368         LIST_FOREACH(port, p, s->ports) {
369                 const char *f = NULL;
370
371                 switch (p->type) {
372
373                 case SOCKET_FIFO:
374                         f = p->path;
375                         break;
376
377                 case SOCKET_SOCKET:
378                         if (p->address.sockaddr.un.sun_path[0] != 0)
379                                 f = p->address.sockaddr.un.sun_path;
380                         break;
381
382                 default:
383                         break;
384                 }
385
386                 if (f) {
387                         if (found)
388                                 return NULL;
389
390                         found = f;
391                 }
392         }
393
394         return found;
395 }
396
397 static int socket_verify(Socket *s) {
398         assert(s);
399
400         if (UNIT(s)->load_state != UNIT_LOADED)
401                 return 0;
402
403         if (!s->ports) {
404                 log_error_unit(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
405                 return -EINVAL;
406         }
407
408         if (s->accept && have_non_accept_socket(s)) {
409                 log_error_unit(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
410                                UNIT(s)->id);
411                 return -EINVAL;
412         }
413
414         if (s->accept && s->max_connections <= 0) {
415                 log_error_unit(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
416                 return -EINVAL;
417         }
418
419         if (s->accept && UNIT_DEREF(s->service)) {
420                 log_error_unit(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
421                 return -EINVAL;
422         }
423
424         if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
425                 log_error_unit(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
426                 return -EINVAL;
427         }
428
429         if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
430                 log_error_unit(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
431                 return -EINVAL;
432         }
433
434         return 0;
435 }
436
437 static int socket_load(Unit *u) {
438         Socket *s = SOCKET(u);
439         int r;
440
441         assert(u);
442         assert(u->load_state == UNIT_STUB);
443
444         r = unit_load_fragment_and_dropin(u);
445         if (r < 0)
446                 return r;
447
448         if (u->load_state == UNIT_LOADED) {
449                 /* This is a new unit? Then let's add in some extras */
450                 r = socket_add_extras(s);
451                 if (r < 0)
452                         return r;
453         }
454
455         return socket_verify(s);
456 }
457
458 _const_ static const char* listen_lookup(int family, int type) {
459
460         if (family == AF_NETLINK)
461                 return "ListenNetlink";
462
463         if (type == SOCK_STREAM)
464                 return "ListenStream";
465         else if (type == SOCK_DGRAM)
466                 return "ListenDatagram";
467         else if (type == SOCK_SEQPACKET)
468                 return "ListenSequentialPacket";
469
470         assert_not_reached("Unknown socket type");
471         return NULL;
472 }
473
474 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
475         SocketExecCommand c;
476         Socket *s = SOCKET(u);
477         SocketPort *p;
478         const char *prefix2;
479
480         assert(s);
481         assert(f);
482
483         prefix2 = strappenda(prefix, "\t");
484
485         fprintf(f,
486                 "%sSocket State: %s\n"
487                 "%sResult: %s\n"
488                 "%sBindIPv6Only: %s\n"
489                 "%sBacklog: %u\n"
490                 "%sSocketMode: %04o\n"
491                 "%sDirectoryMode: %04o\n"
492                 "%sKeepAlive: %s\n"
493                 "%sFreeBind: %s\n"
494                 "%sTransparent: %s\n"
495                 "%sBroadcast: %s\n"
496                 "%sPassCredentials: %s\n"
497                 "%sPassSecurity: %s\n"
498                 "%sTCPCongestion: %s\n"
499                 "%sRemoveOnStop: %s\n",
500                 prefix, socket_state_to_string(s->state),
501                 prefix, socket_result_to_string(s->result),
502                 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
503                 prefix, s->backlog,
504                 prefix, s->socket_mode,
505                 prefix, s->directory_mode,
506                 prefix, yes_no(s->keep_alive),
507                 prefix, yes_no(s->free_bind),
508                 prefix, yes_no(s->transparent),
509                 prefix, yes_no(s->broadcast),
510                 prefix, yes_no(s->pass_cred),
511                 prefix, yes_no(s->pass_sec),
512                 prefix, strna(s->tcp_congestion),
513                 prefix, yes_no(s->remove_on_stop));
514
515         if (s->control_pid > 0)
516                 fprintf(f,
517                         "%sControl PID: "PID_FMT"\n",
518                         prefix, s->control_pid);
519
520         if (s->bind_to_device)
521                 fprintf(f,
522                         "%sBindToDevice: %s\n",
523                         prefix, s->bind_to_device);
524
525         if (s->accept)
526                 fprintf(f,
527                         "%sAccepted: %u\n"
528                         "%sNConnections: %u\n"
529                         "%sMaxConnections: %u\n",
530                         prefix, s->n_accepted,
531                         prefix, s->n_connections,
532                         prefix, s->max_connections);
533
534         if (s->priority >= 0)
535                 fprintf(f,
536                         "%sPriority: %i\n",
537                         prefix, s->priority);
538
539         if (s->receive_buffer > 0)
540                 fprintf(f,
541                         "%sReceiveBuffer: %zu\n",
542                         prefix, s->receive_buffer);
543
544         if (s->send_buffer > 0)
545                 fprintf(f,
546                         "%sSendBuffer: %zu\n",
547                         prefix, s->send_buffer);
548
549         if (s->ip_tos >= 0)
550                 fprintf(f,
551                         "%sIPTOS: %i\n",
552                         prefix, s->ip_tos);
553
554         if (s->ip_ttl >= 0)
555                 fprintf(f,
556                         "%sIPTTL: %i\n",
557                         prefix, s->ip_ttl);
558
559         if (s->pipe_size > 0)
560                 fprintf(f,
561                         "%sPipeSize: %zu\n",
562                         prefix, s->pipe_size);
563
564         if (s->mark >= 0)
565                 fprintf(f,
566                         "%sMark: %i\n",
567                         prefix, s->mark);
568
569         if (s->mq_maxmsg > 0)
570                 fprintf(f,
571                         "%sMessageQueueMaxMessages: %li\n",
572                         prefix, s->mq_maxmsg);
573
574         if (s->mq_msgsize > 0)
575                 fprintf(f,
576                         "%sMessageQueueMessageSize: %li\n",
577                         prefix, s->mq_msgsize);
578
579         if (s->reuse_port)
580                 fprintf(f,
581                         "%sReusePort: %s\n",
582                          prefix, yes_no(s->reuse_port));
583
584         if (s->smack)
585                 fprintf(f,
586                         "%sSmackLabel: %s\n",
587                         prefix, s->smack);
588
589         if (s->smack_ip_in)
590                 fprintf(f,
591                         "%sSmackLabelIPIn: %s\n",
592                         prefix, s->smack_ip_in);
593
594         if (s->smack_ip_out)
595                 fprintf(f,
596                         "%sSmackLabelIPOut: %s\n",
597                         prefix, s->smack_ip_out);
598
599         if (!isempty(s->user) || !isempty(s->group))
600                 fprintf(f,
601                         "%sOwnerUser: %s\n"
602                         "%sOwnerGroup: %s\n",
603                         prefix, strna(s->user),
604                         prefix, strna(s->group));
605
606         LIST_FOREACH(port, p, s->ports) {
607
608                 if (p->type == SOCKET_SOCKET) {
609                         const char *t;
610                         int r;
611                         char *k = NULL;
612
613                         if ((r = socket_address_print(&p->address, &k)) < 0)
614                                 t = strerror(-r);
615                         else
616                                 t = k;
617
618                         fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
619                         free(k);
620                 } else if (p->type == SOCKET_SPECIAL)
621                         fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
622                 else if (p->type == SOCKET_MQUEUE)
623                         fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
624                 else
625                         fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
626         }
627
628         exec_context_dump(&s->exec_context, f, prefix);
629         kill_context_dump(&s->kill_context, f, prefix);
630
631         for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
632                 if (!s->exec_command[c])
633                         continue;
634
635                 fprintf(f, "%s-> %s:\n",
636                         prefix, socket_exec_command_to_string(c));
637
638                 exec_command_dump_list(s->exec_command[c], f, prefix2);
639         }
640 }
641
642 static int instance_from_socket(int fd, unsigned nr, char **instance) {
643         socklen_t l;
644         char *r;
645         union sockaddr_union local, remote;
646
647         assert(fd >= 0);
648         assert(instance);
649
650         l = sizeof(local);
651         if (getsockname(fd, &local.sa, &l) < 0)
652                 return -errno;
653
654         l = sizeof(remote);
655         if (getpeername(fd, &remote.sa, &l) < 0)
656                 return -errno;
657
658         switch (local.sa.sa_family) {
659
660         case AF_INET: {
661                 uint32_t
662                         a = ntohl(local.in.sin_addr.s_addr),
663                         b = ntohl(remote.in.sin_addr.s_addr);
664
665                 if (asprintf(&r,
666                              "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
667                              nr,
668                              a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
669                              ntohs(local.in.sin_port),
670                              b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
671                              ntohs(remote.in.sin_port)) < 0)
672                         return -ENOMEM;
673
674                 break;
675         }
676
677         case AF_INET6: {
678                 static const unsigned char ipv4_prefix[] = {
679                         0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
680                 };
681
682                 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
683                     memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
684                         const uint8_t
685                                 *a = local.in6.sin6_addr.s6_addr+12,
686                                 *b = remote.in6.sin6_addr.s6_addr+12;
687
688                         if (asprintf(&r,
689                                      "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
690                                      nr,
691                                      a[0], a[1], a[2], a[3],
692                                      ntohs(local.in6.sin6_port),
693                                      b[0], b[1], b[2], b[3],
694                                      ntohs(remote.in6.sin6_port)) < 0)
695                                 return -ENOMEM;
696                 } else {
697                         char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
698
699                         if (asprintf(&r,
700                                      "%u-%s:%u-%s:%u",
701                                      nr,
702                                      inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
703                                      ntohs(local.in6.sin6_port),
704                                      inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
705                                      ntohs(remote.in6.sin6_port)) < 0)
706                                 return -ENOMEM;
707                 }
708
709                 break;
710         }
711
712         case AF_UNIX: {
713                 struct ucred ucred;
714                 int k;
715
716                 k = getpeercred(fd, &ucred);
717                 if (k >= 0) {
718                         if (asprintf(&r,
719                                      "%u-"PID_FMT"-"UID_FMT,
720                                      nr, ucred.pid, ucred.uid) < 0)
721                                 return -ENOMEM;
722                 } else if (k == -ENODATA) {
723                         /* This handles the case where somebody is
724                          * connecting from another pid/uid namespace
725                          * (e.g. from outside of our container). */
726                         if (asprintf(&r,
727                                      "%u-unknown",
728                                      nr) < 0)
729                                 return -ENOMEM;
730                 } else
731                         return k;
732
733                 break;
734         }
735
736         default:
737                 assert_not_reached("Unhandled socket type.");
738         }
739
740         *instance = r;
741         return 0;
742 }
743
744 static void socket_close_fds(Socket *s) {
745         SocketPort *p;
746         char **i;
747
748         assert(s);
749
750         LIST_FOREACH(port, p, s->ports) {
751
752                 p->event_source = sd_event_source_unref(p->event_source);
753
754                 if (p->fd < 0)
755                         continue;
756
757                 p->fd = safe_close(p->fd);
758
759                 /* One little note: we should normally not delete any
760                  * sockets in the file system here! After all some
761                  * other process we spawned might still have a
762                  * reference of this fd and wants to continue to use
763                  * it. Therefore we delete sockets in the file system
764                  * before we create a new one, not after we stopped
765                  * using one! */
766
767                 if (s->remove_on_stop) {
768                         switch (p->type) {
769
770                         case SOCKET_FIFO:
771                                 unlink(p->path);
772                                 break;
773
774                         case SOCKET_MQUEUE:
775                                 mq_unlink(p->path);
776                                 break;
777
778                         case SOCKET_SOCKET:
779                                 socket_address_unlink(&p->address);
780                                 break;
781
782                         default:
783                                 break;
784                         }
785                 }
786         }
787
788         if (s->remove_on_stop)
789                 STRV_FOREACH(i, s->symlinks)
790                         unlink(*i);
791 }
792
793 static void socket_apply_socket_options(Socket *s, int fd) {
794         assert(s);
795         assert(fd >= 0);
796
797         if (s->keep_alive) {
798                 int b = s->keep_alive;
799                 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
800                         log_warning_unit(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
801         }
802
803         if (s->broadcast) {
804                 int one = 1;
805                 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
806                         log_warning_unit(UNIT(s)->id, "SO_BROADCAST failed: %m");
807         }
808
809         if (s->pass_cred) {
810                 int one = 1;
811                 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
812                         log_warning_unit(UNIT(s)->id, "SO_PASSCRED failed: %m");
813         }
814
815         if (s->pass_sec) {
816                 int one = 1;
817                 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
818                         log_warning_unit(UNIT(s)->id, "SO_PASSSEC failed: %m");
819         }
820
821         if (s->priority >= 0)
822                 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
823                         log_warning_unit(UNIT(s)->id, "SO_PRIORITY failed: %m");
824
825         if (s->receive_buffer > 0) {
826                 int value = (int) s->receive_buffer;
827
828                 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
829
830                 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
831                         if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
832                                 log_warning_unit(UNIT(s)->id, "SO_RCVBUF failed: %m");
833         }
834
835         if (s->send_buffer > 0) {
836                 int value = (int) s->send_buffer;
837                 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
838                         if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
839                                 log_warning_unit(UNIT(s)->id, "SO_SNDBUF failed: %m");
840         }
841
842         if (s->mark >= 0)
843                 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
844                         log_warning_unit(UNIT(s)->id, "SO_MARK failed: %m");
845
846         if (s->ip_tos >= 0)
847                 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
848                         log_warning_unit(UNIT(s)->id, "IP_TOS failed: %m");
849
850         if (s->ip_ttl >= 0) {
851                 int r, x;
852
853                 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
854
855                 if (socket_ipv6_is_supported())
856                         x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
857                 else {
858                         x = -1;
859                         errno = EAFNOSUPPORT;
860                 }
861
862                 if (r < 0 && x < 0)
863                         log_warning_unit(UNIT(s)->id,
864                                          "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
865         }
866
867         if (s->tcp_congestion)
868                 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
869                         log_warning_unit(UNIT(s)->id, "TCP_CONGESTION failed: %m");
870
871         if (s->reuse_port) {
872                 int b = s->reuse_port;
873                 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
874                         log_warning_unit(UNIT(s)->id, "SO_REUSEPORT failed: %m");
875         }
876
877         if (s->smack_ip_in)
878                 if (smack_label_ip_in_fd(fd, s->smack_ip_in) < 0)
879                         log_error_unit(UNIT(s)->id, "smack_label_ip_in_fd: %m");
880
881         if (s->smack_ip_out)
882                 if (smack_label_ip_out_fd(fd, s->smack_ip_out) < 0)
883                         log_error_unit(UNIT(s)->id, "smack_label_ip_out_fd: %m");
884 }
885
886 static void socket_apply_fifo_options(Socket *s, int fd) {
887         assert(s);
888         assert(fd >= 0);
889
890         if (s->pipe_size > 0)
891                 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
892                         log_warning_unit(UNIT(s)->id,
893                                          "F_SETPIPE_SZ: %m");
894
895         if (s->smack)
896                 if (smack_label_fd(fd, s->smack) < 0)
897                         log_error_unit(UNIT(s)->id, "smack_label_fd: %m");
898 }
899
900 static int fifo_address_create(
901                 const char *path,
902                 mode_t directory_mode,
903                 mode_t socket_mode,
904                 int *_fd) {
905
906         int fd = -1, r = 0;
907         struct stat st;
908         mode_t old_mask;
909
910         assert(path);
911         assert(_fd);
912
913         mkdir_parents_label(path, directory_mode);
914
915         r = label_context_set(path, S_IFIFO);
916         if (r < 0)
917                 goto fail;
918
919         /* Enforce the right access mode for the fifo */
920         old_mask = umask(~ socket_mode);
921
922         /* Include the original umask in our mask */
923         umask(~socket_mode | old_mask);
924
925         r = mkfifo(path, socket_mode);
926         umask(old_mask);
927
928         if (r < 0 && errno != EEXIST) {
929                 r = -errno;
930                 goto fail;
931         }
932
933         if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
934                 r = -errno;
935                 goto fail;
936         }
937
938         label_context_clear();
939
940         if (fstat(fd, &st) < 0) {
941                 r = -errno;
942                 goto fail;
943         }
944
945         if (!S_ISFIFO(st.st_mode) ||
946             (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
947             st.st_uid != getuid() ||
948             st.st_gid != getgid()) {
949
950                 r = -EEXIST;
951                 goto fail;
952         }
953
954         *_fd = fd;
955         return 0;
956
957 fail:
958         label_context_clear();
959         safe_close(fd);
960
961         return r;
962 }
963
964 static int special_address_create(
965                 const char *path,
966                 int *_fd) {
967
968         int fd = -1, r = 0;
969         struct stat st;
970
971         assert(path);
972         assert(_fd);
973
974         fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
975         if (fd < 0) {
976                 r = -errno;
977                 goto fail;
978         }
979
980         if (fstat(fd, &st) < 0) {
981                 r = -errno;
982                 goto fail;
983         }
984
985         /* Check whether this is a /proc, /sys or /dev file or char device */
986         if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
987                 r = -EEXIST;
988                 goto fail;
989         }
990
991         *_fd = fd;
992         return 0;
993
994 fail:
995         safe_close(fd);
996
997         return r;
998 }
999
1000 static int mq_address_create(
1001                 const char *path,
1002                 mode_t mq_mode,
1003                 long maxmsg,
1004                 long msgsize,
1005                 int *_fd) {
1006
1007         int fd = -1, r = 0;
1008         struct stat st;
1009         mode_t old_mask;
1010         struct mq_attr _attr, *attr = NULL;
1011
1012         assert(path);
1013         assert(_fd);
1014
1015         if (maxmsg > 0 && msgsize > 0) {
1016                 zero(_attr);
1017                 _attr.mq_flags = O_NONBLOCK;
1018                 _attr.mq_maxmsg = maxmsg;
1019                 _attr.mq_msgsize = msgsize;
1020                 attr = &_attr;
1021         }
1022
1023         /* Enforce the right access mode for the mq */
1024         old_mask = umask(~ mq_mode);
1025
1026         /* Include the original umask in our mask */
1027         umask(~mq_mode | old_mask);
1028         fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1029         umask(old_mask);
1030
1031         if (fd < 0) {
1032                 r = -errno;
1033                 goto fail;
1034         }
1035
1036         if (fstat(fd, &st) < 0) {
1037                 r = -errno;
1038                 goto fail;
1039         }
1040
1041         if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1042             st.st_uid != getuid() ||
1043             st.st_gid != getgid()) {
1044
1045                 r = -EEXIST;
1046                 goto fail;
1047         }
1048
1049         *_fd = fd;
1050         return 0;
1051
1052 fail:
1053         safe_close(fd);
1054         return r;
1055 }
1056
1057 static int socket_symlink(Socket *s) {
1058         const char *p;
1059         char **i;
1060
1061         assert(s);
1062
1063         p = socket_find_symlink_target(s);
1064         if (!p)
1065                 return 0;
1066
1067         STRV_FOREACH(i, s->symlinks)
1068                 symlink(p, *i);
1069
1070         return 0;
1071 }
1072
1073 static int socket_open_fds(Socket *s) {
1074         SocketPort *p;
1075         int r;
1076         char *label = NULL;
1077         bool know_label = false;
1078
1079         assert(s);
1080
1081         LIST_FOREACH(port, p, s->ports) {
1082
1083                 if (p->fd >= 0)
1084                         continue;
1085
1086                 if (p->type == SOCKET_SOCKET) {
1087
1088                         if (!know_label) {
1089
1090                                 r = socket_instantiate_service(s);
1091                                 if (r < 0)
1092                                         return r;
1093
1094                                 if (UNIT_ISSET(s->service) &&
1095                                     SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1096                                         r = label_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1097                                         if (r < 0 && r != -EPERM)
1098                                                 return r;
1099                                 }
1100
1101                                 know_label = true;
1102                         }
1103
1104                         r = socket_address_listen(
1105                                         &p->address,
1106                                         SOCK_CLOEXEC|SOCK_NONBLOCK,
1107                                         s->backlog,
1108                                         s->bind_ipv6_only,
1109                                         s->bind_to_device,
1110                                         s->free_bind,
1111                                         s->transparent,
1112                                         s->directory_mode,
1113                                         s->socket_mode,
1114                                         label);
1115                         if (r < 0)
1116                                 goto rollback;
1117
1118                         p->fd = r;
1119                         socket_apply_socket_options(s, p->fd);
1120                         socket_symlink(s);
1121
1122                 } else  if (p->type == SOCKET_SPECIAL) {
1123
1124                         r = special_address_create(
1125                                         p->path,
1126                                         &p->fd);
1127                         if (r < 0)
1128                                 goto rollback;
1129
1130                 } else  if (p->type == SOCKET_FIFO) {
1131
1132                         r = fifo_address_create(
1133                                         p->path,
1134                                         s->directory_mode,
1135                                         s->socket_mode,
1136                                         &p->fd);
1137                         if (r < 0)
1138                                 goto rollback;
1139
1140                         socket_apply_fifo_options(s, p->fd);
1141                         socket_symlink(s);
1142
1143                 } else if (p->type == SOCKET_MQUEUE) {
1144
1145                         r = mq_address_create(
1146                                         p->path,
1147                                         s->socket_mode,
1148                                         s->mq_maxmsg,
1149                                         s->mq_msgsize,
1150                                         &p->fd);
1151                         if (r < 0)
1152                                 goto rollback;
1153                 } else
1154                         assert_not_reached("Unknown port type");
1155         }
1156
1157         label_free(label);
1158         return 0;
1159
1160 rollback:
1161         socket_close_fds(s);
1162         label_free(label);
1163         return r;
1164 }
1165
1166 static void socket_unwatch_fds(Socket *s) {
1167         SocketPort *p;
1168         int r;
1169
1170         assert(s);
1171
1172         LIST_FOREACH(port, p, s->ports) {
1173                 if (p->fd < 0)
1174                         continue;
1175
1176                 if (p->event_source) {
1177                         r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1178                         if (r < 0)
1179                                 log_debug_unit(UNIT(s)->id, "Failed to disable event source.");
1180                 }
1181         }
1182 }
1183
1184 static int socket_watch_fds(Socket *s) {
1185         SocketPort *p;
1186         int r;
1187
1188         assert(s);
1189
1190         LIST_FOREACH(port, p, s->ports) {
1191                 if (p->fd < 0)
1192                         continue;
1193
1194                 if (p->event_source)
1195                         r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1196                 else
1197                         r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1198
1199                 if (r < 0) {
1200                         log_warning_unit(UNIT(s)->id, "Failed to watch listening fds: %s", strerror(-r));
1201                         goto fail;
1202                 }
1203         }
1204
1205         return 0;
1206
1207 fail:
1208         socket_unwatch_fds(s);
1209         return r;
1210 }
1211
1212 static void socket_set_state(Socket *s, SocketState state) {
1213         SocketState old_state;
1214         assert(s);
1215
1216         old_state = s->state;
1217         s->state = state;
1218
1219         if (!IN_SET(state,
1220                     SOCKET_START_PRE,
1221                     SOCKET_START_CHOWN,
1222                     SOCKET_START_POST,
1223                     SOCKET_STOP_PRE,
1224                     SOCKET_STOP_PRE_SIGTERM,
1225                     SOCKET_STOP_PRE_SIGKILL,
1226                     SOCKET_STOP_POST,
1227                     SOCKET_FINAL_SIGTERM,
1228                     SOCKET_FINAL_SIGKILL)) {
1229
1230                 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1231                 socket_unwatch_control_pid(s);
1232                 s->control_command = NULL;
1233                 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1234         }
1235
1236         if (state != SOCKET_LISTENING)
1237                 socket_unwatch_fds(s);
1238
1239         if (!IN_SET(state,
1240                     SOCKET_START_CHOWN,
1241                     SOCKET_START_POST,
1242                     SOCKET_LISTENING,
1243                     SOCKET_RUNNING,
1244                     SOCKET_STOP_PRE,
1245                     SOCKET_STOP_PRE_SIGTERM,
1246                     SOCKET_STOP_PRE_SIGKILL))
1247                 socket_close_fds(s);
1248
1249         if (state != old_state)
1250                 log_debug_unit(UNIT(s)->id, "%s changed %s -> %s",
1251                                UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
1252
1253         unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1254 }
1255
1256 static int socket_coldplug(Unit *u) {
1257         Socket *s = SOCKET(u);
1258         int r;
1259
1260         assert(s);
1261         assert(s->state == SOCKET_DEAD);
1262
1263         if (s->deserialized_state == s->state)
1264                 return 0;
1265
1266         if (IN_SET(s->deserialized_state,
1267                    SOCKET_START_PRE,
1268                    SOCKET_START_CHOWN,
1269                    SOCKET_START_POST,
1270                    SOCKET_STOP_PRE,
1271                    SOCKET_STOP_PRE_SIGTERM,
1272                    SOCKET_STOP_PRE_SIGKILL,
1273                    SOCKET_STOP_POST,
1274                    SOCKET_FINAL_SIGTERM,
1275                    SOCKET_FINAL_SIGKILL)) {
1276
1277                 if (s->control_pid <= 0)
1278                         return -EBADMSG;
1279
1280                 r = unit_watch_pid(UNIT(s), s->control_pid);
1281                 if (r < 0)
1282                         return r;
1283
1284                 r = socket_arm_timer(s);
1285                 if (r < 0)
1286                         return r;
1287         }
1288
1289         if (IN_SET(s->deserialized_state,
1290                    SOCKET_START_CHOWN,
1291                    SOCKET_START_POST,
1292                    SOCKET_LISTENING,
1293                    SOCKET_RUNNING,
1294                    SOCKET_STOP_PRE,
1295                    SOCKET_STOP_PRE_SIGTERM,
1296                    SOCKET_STOP_PRE_SIGKILL)) {
1297                 r = socket_open_fds(s);
1298                 if (r < 0)
1299                         return r;
1300         }
1301
1302         if (s->deserialized_state == SOCKET_LISTENING) {
1303                 r = socket_watch_fds(s);
1304                 if (r < 0)
1305                         return r;
1306         }
1307
1308         socket_set_state(s, s->deserialized_state);
1309         return 0;
1310 }
1311
1312 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1313         _cleanup_free_ char **argv = NULL;
1314         pid_t pid;
1315         int r;
1316
1317         assert(s);
1318         assert(c);
1319         assert(_pid);
1320
1321         unit_realize_cgroup(UNIT(s));
1322
1323         r = unit_setup_exec_runtime(UNIT(s));
1324         if (r < 0)
1325                 goto fail;
1326
1327         r = socket_arm_timer(s);
1328         if (r < 0)
1329                 goto fail;
1330
1331         r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1332         if (r < 0)
1333                 goto fail;
1334
1335         r = exec_spawn(c,
1336                        argv,
1337                        &s->exec_context,
1338                        NULL, 0,
1339                        UNIT(s)->manager->environment,
1340                        true,
1341                        true,
1342                        true,
1343                        UNIT(s)->manager->confirm_spawn,
1344                        UNIT(s)->manager->cgroup_supported,
1345                        UNIT(s)->cgroup_path,
1346                        manager_get_runtime_prefix(UNIT(s)->manager),
1347                        UNIT(s)->id,
1348                        0,
1349                        NULL,
1350                        s->exec_runtime,
1351                        &pid);
1352
1353         r = unit_watch_pid(UNIT(s), pid);
1354         if (r < 0)
1355                 /* FIXME: we need to do something here */
1356                 goto fail;
1357
1358         *_pid = pid;
1359         return 0;
1360
1361 fail:
1362         s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1363         return r;
1364 }
1365
1366 static int socket_chown(Socket *s, pid_t *_pid) {
1367         pid_t pid;
1368         int r;
1369
1370         r = socket_arm_timer(s);
1371         if (r < 0)
1372                 goto fail;
1373
1374         /* We have to resolve the user names out-of-process, hence
1375          * let's fork here. It's messy, but well, what can we do? */
1376
1377         pid = fork();
1378         if (pid < 0)
1379                 return -errno;
1380
1381         if (pid == 0) {
1382                 SocketPort *p;
1383                 uid_t uid = (uid_t) -1;
1384                 gid_t gid = (gid_t) -1;
1385                 int ret;
1386
1387                 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1388                 ignore_signals(SIGPIPE, -1);
1389                 log_forget_fds();
1390
1391                 if (!isempty(s->user)) {
1392                         const char *user = s->user;
1393
1394                         r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1395                         if (r < 0) {
1396                                 ret = EXIT_USER;
1397                                 goto fail_child;
1398                         }
1399                 }
1400
1401                 if (!isempty(s->group)) {
1402                         const char *group = s->group;
1403
1404                         r = get_group_creds(&group, &gid);
1405                         if (r < 0) {
1406                                 ret = EXIT_GROUP;
1407                                 goto fail_child;
1408                         }
1409                 }
1410
1411                 LIST_FOREACH(port, p, s->ports) {
1412                         const char *path;
1413
1414                         if (p->type == SOCKET_SOCKET)
1415                                 path = socket_address_get_path(&p->address);
1416                         else if (p->type == SOCKET_FIFO)
1417                                 path = p->path;
1418
1419                         if (!path)
1420                                 continue;
1421
1422                         if (chown(path, uid, gid) < 0) {
1423                                 r = -errno;
1424                                 ret = EXIT_CHOWN;
1425                                 goto fail_child;
1426                         }
1427                 }
1428
1429                 _exit(0);
1430
1431         fail_child:
1432                 log_open();
1433                 log_error("Failed to chown socket at step %s: %s", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD), strerror(-r));
1434
1435                 _exit(ret);
1436         }
1437
1438         r = unit_watch_pid(UNIT(s), pid);
1439         if (r < 0)
1440                 goto fail;
1441
1442         *_pid = pid;
1443         return 0;
1444
1445 fail:
1446         s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1447         return r;
1448 }
1449
1450 static void socket_enter_dead(Socket *s, SocketResult f) {
1451         assert(s);
1452
1453         if (f != SOCKET_SUCCESS)
1454                 s->result = f;
1455
1456         exec_runtime_destroy(s->exec_runtime);
1457         s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1458
1459         exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1460
1461         socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1462 }
1463
1464 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1465
1466 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1467         int r;
1468         assert(s);
1469
1470         if (f != SOCKET_SUCCESS)
1471                 s->result = f;
1472
1473         socket_unwatch_control_pid(s);
1474         s->control_command_id = SOCKET_EXEC_STOP_POST;
1475         s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1476
1477         if (s->control_command) {
1478                 r = socket_spawn(s, s->control_command, &s->control_pid);
1479                 if (r < 0)
1480                         goto fail;
1481
1482                 socket_set_state(s, SOCKET_STOP_POST);
1483         } else
1484                 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1485
1486         return;
1487
1488 fail:
1489         log_warning_unit(UNIT(s)->id,
1490                          "%s failed to run 'stop-post' task: %s",
1491                          UNIT(s)->id, strerror(-r));
1492         socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1493 }
1494
1495 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1496         int r;
1497
1498         assert(s);
1499
1500         if (f != SOCKET_SUCCESS)
1501                 s->result = f;
1502
1503         r = unit_kill_context(
1504                         UNIT(s),
1505                         &s->kill_context,
1506                         state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM,
1507                         -1,
1508                         s->control_pid,
1509                         false);
1510         if (r < 0)
1511                 goto fail;
1512
1513         if (r > 0) {
1514                 r = socket_arm_timer(s);
1515                 if (r < 0)
1516                         goto fail;
1517
1518                 socket_set_state(s, state);
1519         } else if (state == SOCKET_STOP_PRE_SIGTERM)
1520                 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1521         else if (state == SOCKET_STOP_PRE_SIGKILL)
1522                 socket_enter_stop_post(s, SOCKET_SUCCESS);
1523         else if (state == SOCKET_FINAL_SIGTERM)
1524                 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1525         else
1526                 socket_enter_dead(s, SOCKET_SUCCESS);
1527
1528         return;
1529
1530 fail:
1531         log_warning_unit(UNIT(s)->id, "%s failed to kill processes: %s", UNIT(s)->id, strerror(-r));
1532
1533         if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1534                 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1535         else
1536                 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1537 }
1538
1539 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1540         int r;
1541         assert(s);
1542
1543         if (f != SOCKET_SUCCESS)
1544                 s->result = f;
1545
1546         socket_unwatch_control_pid(s);
1547         s->control_command_id = SOCKET_EXEC_STOP_PRE;
1548         s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1549
1550         if (s->control_command) {
1551                 r = socket_spawn(s, s->control_command, &s->control_pid);
1552                 if (r < 0)
1553                         goto fail;
1554
1555                 socket_set_state(s, SOCKET_STOP_PRE);
1556         } else
1557                 socket_enter_stop_post(s, SOCKET_SUCCESS);
1558
1559         return;
1560
1561 fail:
1562         log_warning_unit(UNIT(s)->id, "%s failed to run 'stop-pre' task: %s", UNIT(s)->id, strerror(-r));
1563         socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1564 }
1565
1566 static void socket_enter_listening(Socket *s) {
1567         int r;
1568         assert(s);
1569
1570         r = socket_watch_fds(s);
1571         if (r < 0) {
1572                 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1573                 goto fail;
1574         }
1575
1576         socket_set_state(s, SOCKET_LISTENING);
1577         return;
1578
1579 fail:
1580         socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1581 }
1582
1583 static void socket_enter_start_post(Socket *s) {
1584         int r;
1585         assert(s);
1586
1587         socket_unwatch_control_pid(s);
1588         s->control_command_id = SOCKET_EXEC_START_POST;
1589         s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1590
1591         if (s->control_command) {
1592                 r = socket_spawn(s, s->control_command, &s->control_pid);
1593                 if (r < 0) {
1594                         log_warning_unit(UNIT(s)->id, "%s failed to run 'start-post' task: %s", UNIT(s)->id, strerror(-r));
1595                         goto fail;
1596                 }
1597
1598                 socket_set_state(s, SOCKET_START_POST);
1599         } else
1600                 socket_enter_listening(s);
1601
1602         return;
1603
1604 fail:
1605         socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1606 }
1607
1608 static void socket_enter_start_chown(Socket *s) {
1609         int r;
1610
1611         assert(s);
1612
1613         r = socket_open_fds(s);
1614         if (r < 0) {
1615                 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1616                 goto fail;
1617         }
1618
1619         if (!isempty(s->user) || !isempty(s->group)) {
1620
1621                 socket_unwatch_control_pid(s);
1622                 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1623                 s->control_command = NULL;
1624
1625                 r = socket_chown(s, &s->control_pid);
1626                 if (r < 0) {
1627                         log_warning_unit(UNIT(s)->id, "%s failed to fork 'start-chown' task: %s", UNIT(s)->id, strerror(-r));
1628                         goto fail;
1629                 }
1630
1631                 socket_set_state(s, SOCKET_START_CHOWN);
1632         } else
1633                 socket_enter_start_post(s);
1634
1635         return;
1636
1637 fail:
1638         socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1639 }
1640
1641 static void socket_enter_start_pre(Socket *s) {
1642         int r;
1643         assert(s);
1644
1645         socket_unwatch_control_pid(s);
1646         s->control_command_id = SOCKET_EXEC_START_PRE;
1647         s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1648
1649         if (s->control_command) {
1650                 r = socket_spawn(s, s->control_command, &s->control_pid);
1651                 if (r < 0) {
1652                         log_warning_unit(UNIT(s)->id, "%s failed to run 'start-pre' task: %s", UNIT(s)->id, strerror(-r));
1653                         goto fail;
1654                 }
1655
1656                 socket_set_state(s, SOCKET_START_PRE);
1657         } else
1658                 socket_enter_start_chown(s);
1659
1660         return;
1661
1662 fail:
1663         socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1664 }
1665
1666 static void socket_enter_running(Socket *s, int cfd) {
1667         _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1668         int r;
1669
1670         assert(s);
1671
1672         /* We don't take connections anymore if we are supposed to
1673          * shut down anyway */
1674         if (unit_stop_pending(UNIT(s))) {
1675
1676                 log_debug_unit(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
1677
1678                 if (cfd >= 0)
1679                         safe_close(cfd);
1680                 else  {
1681                         /* Flush all sockets by closing and reopening them */
1682                         socket_close_fds(s);
1683
1684                         r = socket_open_fds(s);
1685                         if (r < 0) {
1686                                 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1687                                 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1688                                 return;
1689                         }
1690
1691                         r = socket_watch_fds(s);
1692                         if (r < 0) {
1693                                 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1694                                 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1695                         }
1696                 }
1697
1698                 return;
1699         }
1700
1701         if (cfd < 0) {
1702                 Iterator i;
1703                 Unit *other;
1704                 bool pending = false;
1705
1706                 /* If there's already a start pending don't bother to
1707                  * do anything */
1708                 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1709                         if (unit_active_or_pending(other)) {
1710                                 pending = true;
1711                                 break;
1712                         }
1713
1714                 if (!pending) {
1715                         if (!UNIT_ISSET(s->service)) {
1716                                 log_error_unit(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
1717                                 r = -ENOENT;
1718                                 goto fail;
1719                         }
1720
1721                         r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1722                         if (r < 0)
1723                                 goto fail;
1724                 }
1725
1726                 socket_set_state(s, SOCKET_RUNNING);
1727         } else {
1728                 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1729                 Service *service;
1730
1731                 if (s->n_connections >= s->max_connections) {
1732                         log_warning_unit(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
1733                         safe_close(cfd);
1734                         return;
1735                 }
1736
1737                 r = socket_instantiate_service(s);
1738                 if (r < 0)
1739                         goto fail;
1740
1741                 r = instance_from_socket(cfd, s->n_accepted, &instance);
1742                 if (r < 0) {
1743                         if (r != -ENOTCONN)
1744                                 goto fail;
1745
1746                         /* ENOTCONN is legitimate if TCP RST was received.
1747                          * This connection is over, but the socket unit lives on. */
1748                         safe_close(cfd);
1749                         return;
1750                 }
1751
1752                 prefix = unit_name_to_prefix(UNIT(s)->id);
1753                 if (!prefix) {
1754                         r = -ENOMEM;
1755                         goto fail;
1756                 }
1757
1758                 name = unit_name_build(prefix, instance, ".service");
1759                 if (!name) {
1760                         r = -ENOMEM;
1761                         goto fail;
1762                 }
1763
1764                 r = unit_add_name(UNIT_DEREF(s->service), name);
1765                 if (r < 0)
1766                         goto fail;
1767
1768                 service = SERVICE(UNIT_DEREF(s->service));
1769                 unit_ref_unset(&s->service);
1770                 s->n_accepted ++;
1771
1772                 UNIT(service)->no_gc = false;
1773
1774                 unit_choose_id(UNIT(service), name);
1775
1776                 r = service_set_socket_fd(service, cfd, s);
1777                 if (r < 0)
1778                         goto fail;
1779
1780                 cfd = -1;
1781                 s->n_connections ++;
1782
1783                 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1784                 if (r < 0)
1785                         goto fail;
1786
1787                 /* Notify clients about changed counters */
1788                 unit_add_to_dbus_queue(UNIT(s));
1789         }
1790
1791         return;
1792
1793 fail:
1794         log_warning_unit(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1795                          UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
1796                          bus_error_message(&error, r));
1797
1798         socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1799         safe_close(cfd);
1800 }
1801
1802 static void socket_run_next(Socket *s) {
1803         int r;
1804
1805         assert(s);
1806         assert(s->control_command);
1807         assert(s->control_command->command_next);
1808
1809         socket_unwatch_control_pid(s);
1810
1811         s->control_command = s->control_command->command_next;
1812
1813         r = socket_spawn(s, s->control_command, &s->control_pid);
1814         if (r < 0)
1815                 goto fail;
1816
1817         return;
1818
1819 fail:
1820         log_warning_unit(UNIT(s)->id, "%s failed to run next task: %s", UNIT(s)->id, strerror(-r));
1821
1822         if (s->state == SOCKET_START_POST)
1823                 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1824         else if (s->state == SOCKET_STOP_POST)
1825                 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1826         else
1827                 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1828 }
1829
1830 static int socket_start(Unit *u) {
1831         Socket *s = SOCKET(u);
1832
1833         assert(s);
1834
1835         /* We cannot fulfill this request right now, try again later
1836          * please! */
1837         if (IN_SET(s->state,
1838                    SOCKET_STOP_PRE,
1839                    SOCKET_STOP_PRE_SIGKILL,
1840                    SOCKET_STOP_PRE_SIGTERM,
1841                    SOCKET_STOP_POST,
1842                    SOCKET_FINAL_SIGTERM,
1843                    SOCKET_FINAL_SIGKILL))
1844                 return -EAGAIN;
1845
1846         if (IN_SET(s->state,
1847                    SOCKET_START_PRE,
1848                    SOCKET_START_CHOWN,
1849                    SOCKET_START_POST))
1850                 return 0;
1851
1852         /* Cannot run this without the service being around */
1853         if (UNIT_ISSET(s->service)) {
1854                 Service *service;
1855
1856                 service = SERVICE(UNIT_DEREF(s->service));
1857
1858                 if (UNIT(service)->load_state != UNIT_LOADED) {
1859                         log_error_unit(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1860                         return -ENOENT;
1861                 }
1862
1863                 /* If the service is already active we cannot start the
1864                  * socket */
1865                 if (service->state != SERVICE_DEAD &&
1866                     service->state != SERVICE_FAILED &&
1867                     service->state != SERVICE_AUTO_RESTART) {
1868                         log_error_unit(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
1869                         return -EBUSY;
1870                 }
1871
1872 #ifdef HAVE_SYSV_COMPAT
1873                 if (service->is_sysv) {
1874                         log_error_unit(u->id,
1875                                        "Using SysV services for socket activation is not supported. Refusing.");
1876                         return -ENOENT;
1877                 }
1878 #endif
1879         }
1880
1881         assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1882
1883         s->result = SOCKET_SUCCESS;
1884         socket_enter_start_pre(s);
1885
1886         return 0;
1887 }
1888
1889 static int socket_stop(Unit *u) {
1890         Socket *s = SOCKET(u);
1891
1892         assert(s);
1893
1894         /* Already on it */
1895         if (IN_SET(s->state,
1896                    SOCKET_STOP_PRE,
1897                    SOCKET_STOP_PRE_SIGTERM,
1898                    SOCKET_STOP_PRE_SIGKILL,
1899                    SOCKET_STOP_POST,
1900                    SOCKET_FINAL_SIGTERM,
1901                    SOCKET_FINAL_SIGKILL))
1902                 return 0;
1903
1904         /* If there's already something running we go directly into
1905          * kill mode. */
1906         if (IN_SET(s->state,
1907                    SOCKET_START_PRE,
1908                    SOCKET_START_CHOWN,
1909                    SOCKET_START_POST)) {
1910                 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1911                 return -EAGAIN;
1912         }
1913
1914         assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1915
1916         socket_enter_stop_pre(s, SOCKET_SUCCESS);
1917         return 0;
1918 }
1919
1920 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1921         Socket *s = SOCKET(u);
1922         SocketPort *p;
1923         int r;
1924
1925         assert(u);
1926         assert(f);
1927         assert(fds);
1928
1929         unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
1930         unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
1931         unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
1932
1933         if (s->control_pid > 0)
1934                 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
1935
1936         if (s->control_command_id >= 0)
1937                 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
1938
1939         LIST_FOREACH(port, p, s->ports) {
1940                 int copy;
1941
1942                 if (p->fd < 0)
1943                         continue;
1944
1945                 copy = fdset_put_dup(fds, p->fd);
1946                 if (copy < 0)
1947                         return copy;
1948
1949                 if (p->type == SOCKET_SOCKET) {
1950                         _cleanup_free_ char *t = NULL;
1951
1952                         r = socket_address_print(&p->address, &t);
1953                         if (r < 0)
1954                                 return r;
1955
1956                         if (socket_address_family(&p->address) == AF_NETLINK)
1957                                 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
1958                         else
1959                                 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
1960
1961                 } else if (p->type == SOCKET_SPECIAL)
1962                         unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
1963                 else if (p->type == SOCKET_MQUEUE)
1964                         unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
1965                 else {
1966                         assert(p->type == SOCKET_FIFO);
1967                         unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
1968                 }
1969         }
1970
1971         return 0;
1972 }
1973
1974 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
1975         Socket *s = SOCKET(u);
1976
1977         assert(u);
1978         assert(key);
1979         assert(value);
1980
1981         if (streq(key, "state")) {
1982                 SocketState state;
1983
1984                 state = socket_state_from_string(value);
1985                 if (state < 0)
1986                         log_debug_unit(u->id, "Failed to parse state value %s", value);
1987                 else
1988                         s->deserialized_state = state;
1989         } else if (streq(key, "result")) {
1990                 SocketResult f;
1991
1992                 f = socket_result_from_string(value);
1993                 if (f < 0)
1994                         log_debug_unit(u->id, "Failed to parse result value %s", value);
1995                 else if (f != SOCKET_SUCCESS)
1996                         s->result = f;
1997
1998         } else if (streq(key, "n-accepted")) {
1999                 unsigned k;
2000
2001                 if (safe_atou(value, &k) < 0)
2002                         log_debug_unit(u->id, "Failed to parse n-accepted value %s", value);
2003                 else
2004                         s->n_accepted += k;
2005         } else if (streq(key, "control-pid")) {
2006                 pid_t pid;
2007
2008                 if (parse_pid(value, &pid) < 0)
2009                         log_debug_unit(u->id, "Failed to parse control-pid value %s", value);
2010                 else
2011                         s->control_pid = pid;
2012         } else if (streq(key, "control-command")) {
2013                 SocketExecCommand id;
2014
2015                 id = socket_exec_command_from_string(value);
2016                 if (id < 0)
2017                         log_debug_unit(u->id, "Failed to parse exec-command value %s", value);
2018                 else {
2019                         s->control_command_id = id;
2020                         s->control_command = s->exec_command[id];
2021                 }
2022         } else if (streq(key, "fifo")) {
2023                 int fd, skip = 0;
2024                 SocketPort *p;
2025
2026                 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2027                         log_debug_unit(u->id, "Failed to parse fifo value %s", value);
2028                 else {
2029
2030                         LIST_FOREACH(port, p, s->ports)
2031                                 if (p->type == SOCKET_FIFO &&
2032                                     streq_ptr(p->path, value+skip))
2033                                         break;
2034
2035                         if (p) {
2036                                 safe_close(p->fd);
2037                                 p->fd = fdset_remove(fds, fd);
2038                         }
2039                 }
2040
2041         } else if (streq(key, "special")) {
2042                 int fd, skip = 0;
2043                 SocketPort *p;
2044
2045                 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2046                         log_debug_unit(u->id, "Failed to parse special value %s", value);
2047                 else {
2048
2049                         LIST_FOREACH(port, p, s->ports)
2050                                 if (p->type == SOCKET_SPECIAL &&
2051                                     streq_ptr(p->path, value+skip))
2052                                         break;
2053
2054                         if (p) {
2055                                 safe_close(p->fd);
2056                                 p->fd = fdset_remove(fds, fd);
2057                         }
2058                 }
2059
2060         } else if (streq(key, "mqueue")) {
2061                 int fd, skip = 0;
2062                 SocketPort *p;
2063
2064                 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2065                         log_debug_unit(u->id, "Failed to parse mqueue value %s", value);
2066                 else {
2067
2068                         LIST_FOREACH(port, p, s->ports)
2069                                 if (p->type == SOCKET_MQUEUE &&
2070                                     streq_ptr(p->path, value+skip))
2071                                         break;
2072
2073                         if (p) {
2074                                 safe_close(p->fd);
2075                                 p->fd = fdset_remove(fds, fd);
2076                         }
2077                 }
2078
2079         } else if (streq(key, "socket")) {
2080                 int fd, type, skip = 0;
2081                 SocketPort *p;
2082
2083                 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2084                         log_debug_unit(u->id, "Failed to parse socket value %s", value);
2085                 else {
2086
2087                         LIST_FOREACH(port, p, s->ports)
2088                                 if (socket_address_is(&p->address, value+skip, type))
2089                                         break;
2090
2091                         if (p) {
2092                                 safe_close(p->fd);
2093                                 p->fd = fdset_remove(fds, fd);
2094                         }
2095                 }
2096
2097         } else if (streq(key, "netlink")) {
2098                 int fd, skip = 0;
2099                 SocketPort *p;
2100
2101                 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2102                         log_debug_unit(u->id, "Failed to parse socket value %s", value);
2103                 else {
2104
2105                         LIST_FOREACH(port, p, s->ports)
2106                                 if (socket_address_is_netlink(&p->address, value+skip))
2107                                         break;
2108
2109                         if (p) {
2110                                 safe_close(p->fd);
2111                                 p->fd = fdset_remove(fds, fd);
2112                         }
2113                 }
2114         } else
2115                 log_debug_unit(UNIT(s)->id, "Unknown serialization key '%s'", key);
2116
2117         return 0;
2118 }
2119
2120 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2121         Socket *s = SOCKET(u);
2122         SocketPort *p;
2123
2124         assert(u);
2125
2126         LIST_FOREACH(port, p, s->ports) {
2127                 Iterator i;
2128                 int fd;
2129
2130                 if (p->type != SOCKET_SOCKET)
2131                         continue;
2132
2133                 if (p->fd >= 0)
2134                         continue;
2135
2136                 FDSET_FOREACH(fd, fds, i) {
2137                         if (socket_address_matches_fd(&p->address, fd)) {
2138                                 p->fd = fdset_remove(fds, fd);
2139                                 s->deserialized_state = SOCKET_LISTENING;
2140                                 break;
2141                         }
2142                 }
2143         }
2144
2145         return 0;
2146 }
2147
2148 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2149         assert(u);
2150
2151         return state_translation_table[SOCKET(u)->state];
2152 }
2153
2154 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2155         assert(u);
2156
2157         return socket_state_to_string(SOCKET(u)->state);
2158 }
2159
2160 const char* socket_port_type_to_string(SocketPort *p) {
2161
2162         assert(p);
2163
2164         switch (p->type) {
2165
2166         case SOCKET_SOCKET:
2167
2168                 switch (p->address.type) {
2169
2170                 case SOCK_STREAM:
2171                         return "Stream";
2172
2173                 case SOCK_DGRAM:
2174                         return "Datagram";
2175
2176                 case SOCK_SEQPACKET:
2177                         return "SequentialPacket";
2178
2179                 case SOCK_RAW:
2180                         if (socket_address_family(&p->address) == AF_NETLINK)
2181                                 return "Netlink";
2182
2183                 default:
2184                         return NULL;
2185                 }
2186
2187         case SOCKET_SPECIAL:
2188                 return "Special";
2189
2190         case SOCKET_MQUEUE:
2191                 return "MessageQueue";
2192
2193         case SOCKET_FIFO:
2194                 return "FIFO";
2195
2196         default:
2197                 return NULL;
2198         }
2199 }
2200
2201 _pure_ static bool socket_check_gc(Unit *u) {
2202         Socket *s = SOCKET(u);
2203
2204         assert(u);
2205
2206         return s->n_connections > 0;
2207 }
2208
2209 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2210         SocketPort *p = userdata;
2211         int cfd = -1;
2212
2213         assert(p);
2214         assert(fd >= 0);
2215
2216         if (p->socket->state != SOCKET_LISTENING)
2217                 return 0;
2218
2219         log_debug_unit(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
2220
2221         if (revents != EPOLLIN) {
2222
2223                 if (revents & EPOLLHUP)
2224                         log_error_unit(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
2225                                        UNIT(p->socket)->id);
2226                 else
2227                         log_error_unit(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
2228                                        UNIT(p->socket)->id, revents);
2229
2230                 goto fail;
2231         }
2232
2233         if (p->socket->accept &&
2234             p->type == SOCKET_SOCKET &&
2235             socket_address_can_accept(&p->address)) {
2236
2237                 for (;;) {
2238
2239                         cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2240                         if (cfd < 0) {
2241
2242                                 if (errno == EINTR)
2243                                         continue;
2244
2245                                 log_error_unit(UNIT(p->socket)->id,
2246                                                "Failed to accept socket: %m");
2247                                 goto fail;
2248                         }
2249
2250                         break;
2251                 }
2252
2253                 socket_apply_socket_options(p->socket, cfd);
2254         }
2255
2256         socket_enter_running(p->socket, cfd);
2257         return 0;
2258
2259 fail:
2260         socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2261         return 0;
2262 }
2263
2264 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2265         Socket *s = SOCKET(u);
2266         SocketResult f;
2267
2268         assert(s);
2269         assert(pid >= 0);
2270
2271         if (pid != s->control_pid)
2272                 return;
2273
2274         s->control_pid = 0;
2275
2276         if (is_clean_exit(code, status, NULL))
2277                 f = SOCKET_SUCCESS;
2278         else if (code == CLD_EXITED)
2279                 f = SOCKET_FAILURE_EXIT_CODE;
2280         else if (code == CLD_KILLED)
2281                 f = SOCKET_FAILURE_SIGNAL;
2282         else if (code == CLD_DUMPED)
2283                 f = SOCKET_FAILURE_CORE_DUMP;
2284         else
2285                 assert_not_reached("Unknown code");
2286
2287         if (s->control_command) {
2288                 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2289
2290                 if (s->control_command->ignore)
2291                         f = SOCKET_SUCCESS;
2292         }
2293
2294         log_full_unit(f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
2295                       u->id,
2296                       "%s control process exited, code=%s status=%i",
2297                       u->id, sigchld_code_to_string(code), status);
2298
2299         if (f != SOCKET_SUCCESS)
2300                 s->result = f;
2301
2302         if (s->control_command &&
2303             s->control_command->command_next &&
2304             f == SOCKET_SUCCESS) {
2305
2306                 log_debug_unit(u->id,
2307                                "%s running next command for state %s",
2308                                u->id, socket_state_to_string(s->state));
2309                 socket_run_next(s);
2310         } else {
2311                 s->control_command = NULL;
2312                 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2313
2314                 /* No further commands for this step, so let's figure
2315                  * out what to do next */
2316
2317                 log_debug_unit(u->id,
2318                                "%s got final SIGCHLD for state %s",
2319                                u->id, socket_state_to_string(s->state));
2320
2321                 switch (s->state) {
2322
2323                 case SOCKET_START_PRE:
2324                         if (f == SOCKET_SUCCESS)
2325                                 socket_enter_start_chown(s);
2326                         else
2327                                 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2328                         break;
2329
2330                 case SOCKET_START_CHOWN:
2331                         if (f == SOCKET_SUCCESS)
2332                                 socket_enter_start_post(s);
2333                         else
2334                                 socket_enter_stop_pre(s, f);
2335                         break;
2336
2337                 case SOCKET_START_POST:
2338                         if (f == SOCKET_SUCCESS)
2339                                 socket_enter_listening(s);
2340                         else
2341                                 socket_enter_stop_pre(s, f);
2342                         break;
2343
2344                 case SOCKET_STOP_PRE:
2345                 case SOCKET_STOP_PRE_SIGTERM:
2346                 case SOCKET_STOP_PRE_SIGKILL:
2347                         socket_enter_stop_post(s, f);
2348                         break;
2349
2350                 case SOCKET_STOP_POST:
2351                 case SOCKET_FINAL_SIGTERM:
2352                 case SOCKET_FINAL_SIGKILL:
2353                         socket_enter_dead(s, f);
2354                         break;
2355
2356                 default:
2357                         assert_not_reached("Uh, control process died at wrong time.");
2358                 }
2359         }
2360
2361         /* Notify clients about changed exit status */
2362         unit_add_to_dbus_queue(u);
2363 }
2364
2365 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2366         Socket *s = SOCKET(userdata);
2367
2368         assert(s);
2369         assert(s->timer_event_source == source);
2370
2371         switch (s->state) {
2372
2373         case SOCKET_START_PRE:
2374                 log_warning_unit(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
2375                 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2376                 break;
2377
2378         case SOCKET_START_CHOWN:
2379         case SOCKET_START_POST:
2380                 log_warning_unit(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
2381                 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2382                 break;
2383
2384         case SOCKET_STOP_PRE:
2385                 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
2386                 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2387                 break;
2388
2389         case SOCKET_STOP_PRE_SIGTERM:
2390                 if (s->kill_context.send_sigkill) {
2391                         log_warning_unit(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
2392                         socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2393                 } else {
2394                         log_warning_unit(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2395                         socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2396                 }
2397                 break;
2398
2399         case SOCKET_STOP_PRE_SIGKILL:
2400                 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
2401                 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2402                 break;
2403
2404         case SOCKET_STOP_POST:
2405                 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
2406                 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2407                 break;
2408
2409         case SOCKET_FINAL_SIGTERM:
2410                 if (s->kill_context.send_sigkill) {
2411                         log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
2412                         socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2413                 } else {
2414                         log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2415                         socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2416                 }
2417                 break;
2418
2419         case SOCKET_FINAL_SIGKILL:
2420                 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
2421                 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2422                 break;
2423
2424         default:
2425                 assert_not_reached("Timeout at wrong time.");
2426         }
2427
2428         return 0;
2429 }
2430
2431 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2432         int *rfds;
2433         unsigned rn_fds, k;
2434         SocketPort *p;
2435
2436         assert(s);
2437         assert(fds);
2438         assert(n_fds);
2439
2440         /* Called from the service code for requesting our fds */
2441
2442         rn_fds = 0;
2443         LIST_FOREACH(port, p, s->ports)
2444                 if (p->fd >= 0)
2445                         rn_fds++;
2446
2447         if (rn_fds <= 0) {
2448                 *fds = NULL;
2449                 *n_fds = 0;
2450                 return 0;
2451         }
2452
2453         if (!(rfds = new(int, rn_fds)))
2454                 return -ENOMEM;
2455
2456         k = 0;
2457         LIST_FOREACH(port, p, s->ports)
2458                 if (p->fd >= 0)
2459                         rfds[k++] = p->fd;
2460
2461         assert(k == rn_fds);
2462
2463         *fds = rfds;
2464         *n_fds = rn_fds;
2465
2466         return 0;
2467 }
2468
2469 static void socket_reset_failed(Unit *u) {
2470         Socket *s = SOCKET(u);
2471
2472         assert(s);
2473
2474         if (s->state == SOCKET_FAILED)
2475                 socket_set_state(s, SOCKET_DEAD);
2476
2477         s->result = SOCKET_SUCCESS;
2478 }
2479
2480 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2481         assert(s);
2482
2483         /* The service is dead. Dang!
2484          *
2485          * This is strictly for one-instance-for-all-connections
2486          * services. */
2487
2488         if (s->state == SOCKET_RUNNING) {
2489                 log_debug_unit(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
2490                 if (failed_permanent)
2491                         socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2492                 else
2493                         socket_enter_listening(s);
2494         }
2495 }
2496
2497 void socket_connection_unref(Socket *s) {
2498         assert(s);
2499
2500         /* The service is dead. Yay!
2501          *
2502          * This is strictly for one-instance-per-connection
2503          * services. */
2504
2505         assert(s->n_connections > 0);
2506         s->n_connections--;
2507
2508         log_debug_unit(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
2509 }
2510
2511 static void socket_trigger_notify(Unit *u, Unit *other) {
2512         Socket *s = SOCKET(u);
2513         Service *se;
2514
2515         assert(u);
2516         assert(other);
2517
2518         /* Don't propagate state changes from the service if we are
2519            already down or accepting connections */
2520         if ((s->state !=  SOCKET_RUNNING &&
2521             s->state != SOCKET_LISTENING) ||
2522             s->accept)
2523                 return;
2524
2525         if (other->load_state != UNIT_LOADED ||
2526             other->type != UNIT_SERVICE)
2527                 return;
2528
2529         se = SERVICE(other);
2530
2531         if (se->state == SERVICE_FAILED)
2532                 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2533
2534         if (se->state == SERVICE_DEAD ||
2535             se->state == SERVICE_STOP ||
2536             se->state == SERVICE_STOP_SIGTERM ||
2537             se->state == SERVICE_STOP_SIGKILL ||
2538             se->state == SERVICE_STOP_POST ||
2539             se->state == SERVICE_FINAL_SIGTERM ||
2540             se->state == SERVICE_FINAL_SIGKILL ||
2541             se->state == SERVICE_AUTO_RESTART)
2542                 socket_notify_service_dead(s, false);
2543
2544         if (se->state == SERVICE_RUNNING)
2545                 socket_set_state(s, SOCKET_RUNNING);
2546 }
2547
2548 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2549         return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2550 }
2551
2552 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2553         Socket *s = SOCKET(u);
2554         int r;
2555
2556         if (!s->timer_event_source)
2557                 return 0;
2558
2559         r = sd_event_source_get_time(s->timer_event_source, timeout);
2560         if (r < 0)
2561                 return r;
2562
2563         return 1;
2564 }
2565
2566 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2567         [SOCKET_DEAD] = "dead",
2568         [SOCKET_START_PRE] = "start-pre",
2569         [SOCKET_START_CHOWN] = "start-chown",
2570         [SOCKET_START_POST] = "start-post",
2571         [SOCKET_LISTENING] = "listening",
2572         [SOCKET_RUNNING] = "running",
2573         [SOCKET_STOP_PRE] = "stop-pre",
2574         [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2575         [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2576         [SOCKET_STOP_POST] = "stop-post",
2577         [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2578         [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2579         [SOCKET_FAILED] = "failed"
2580 };
2581
2582 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2583
2584 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2585         [SOCKET_EXEC_START_PRE] = "StartPre",
2586         [SOCKET_EXEC_START_CHOWN] = "StartChown",
2587         [SOCKET_EXEC_START_POST] = "StartPost",
2588         [SOCKET_EXEC_STOP_PRE] = "StopPre",
2589         [SOCKET_EXEC_STOP_POST] = "StopPost"
2590 };
2591
2592 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2593
2594 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2595         [SOCKET_SUCCESS] = "success",
2596         [SOCKET_FAILURE_RESOURCES] = "resources",
2597         [SOCKET_FAILURE_TIMEOUT] = "timeout",
2598         [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2599         [SOCKET_FAILURE_SIGNAL] = "signal",
2600         [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2601         [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2602 };
2603
2604 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2605
2606 const UnitVTable socket_vtable = {
2607         .object_size = sizeof(Socket),
2608         .exec_context_offset = offsetof(Socket, exec_context),
2609         .cgroup_context_offset = offsetof(Socket, cgroup_context),
2610         .kill_context_offset = offsetof(Socket, kill_context),
2611         .exec_runtime_offset = offsetof(Socket, exec_runtime),
2612
2613         .sections =
2614                 "Unit\0"
2615                 "Socket\0"
2616                 "Install\0",
2617         .private_section = "Socket",
2618
2619         .init = socket_init,
2620         .done = socket_done,
2621         .load = socket_load,
2622
2623         .coldplug = socket_coldplug,
2624
2625         .dump = socket_dump,
2626
2627         .start = socket_start,
2628         .stop = socket_stop,
2629
2630         .kill = socket_kill,
2631
2632         .get_timeout = socket_get_timeout,
2633
2634         .serialize = socket_serialize,
2635         .deserialize_item = socket_deserialize_item,
2636         .distribute_fds = socket_distribute_fds,
2637
2638         .active_state = socket_active_state,
2639         .sub_state_to_string = socket_sub_state_to_string,
2640
2641         .check_gc = socket_check_gc,
2642
2643         .sigchld_event = socket_sigchld_event,
2644
2645         .trigger_notify = socket_trigger_notify,
2646
2647         .reset_failed = socket_reset_failed,
2648
2649         .bus_interface = "org.freedesktop.systemd1.Socket",
2650         .bus_vtable = bus_socket_vtable,
2651         .bus_set_property = bus_socket_set_property,
2652         .bus_commit_properties = bus_socket_commit_properties,
2653
2654         .status_message_formats = {
2655                 /*.starting_stopping = {
2656                         [0] = "Starting socket %s...",
2657                         [1] = "Stopping socket %s...",
2658                 },*/
2659                 .finished_start_job = {
2660                         [JOB_DONE]       = "Listening on %s.",
2661                         [JOB_FAILED]     = "Failed to listen on %s.",
2662                         [JOB_DEPENDENCY] = "Dependency failed for %s.",
2663                         [JOB_TIMEOUT]    = "Timed out starting %s.",
2664                 },
2665                 .finished_stop_job = {
2666                         [JOB_DONE]       = "Closed %s.",
2667                         [JOB_FAILED]     = "Failed stopping %s.",
2668                         [JOB_TIMEOUT]    = "Timed out stopping %s.",
2669                 },
2670         },
2671 };
Unnamed repository; edit this file 'description' to name the repository.