chiark / gitweb /
~ianmdlvl / elogind.git / blob
? search:


bbfc842c70370811143edb9afa32914a4f513dc0
[elogind.git] / src / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4   This file is part of systemd.
5
6   Copyright 2010 Lennart Poettering
7
8   systemd is free software; you can redistribute it and/or modify it
9   under the terms of the GNU General Public License as published by
10   the Free Software Foundation; either version 2 of the License, or
11   (at your option) any later version.
12
13   systemd is distributed in the hope that it will be useful, but
14   WITHOUT ANY WARRANTY; without even the implied warranty of
15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16   General Public License for more details.
17
18   You should have received a copy of the GNU General Public License
19   along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/types.h>
23 #include <sys/stat.h>
24 #include <unistd.h>
25 #include <errno.h>
26 #include <fcntl.h>
27 #include <sys/epoll.h>
28 #include <signal.h>
29 #include <arpa/inet.h>
30 #include <mqueue.h>
31
32 #include "unit.h"
33 #include "socket.h"
34 #include "netinet/tcp.h"
35 #include "log.h"
36 #include "load-dropin.h"
37 #include "load-fragment.h"
38 #include "strv.h"
39 #include "unit-name.h"
40 #include "dbus-socket.h"
41 #include "missing.h"
42 #include "special.h"
43 #include "bus-errors.h"
44 #include "label.h"
45 #include "exit-status.h"
46 #include "def.h"
47
48 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
49         [SOCKET_DEAD] = UNIT_INACTIVE,
50         [SOCKET_START_PRE] = UNIT_ACTIVATING,
51         [SOCKET_START_POST] = UNIT_ACTIVATING,
52         [SOCKET_LISTENING] = UNIT_ACTIVE,
53         [SOCKET_RUNNING] = UNIT_ACTIVE,
54         [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
55         [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
56         [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
57         [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
58         [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
59         [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
60         [SOCKET_FAILED] = UNIT_FAILED
61 };
62
63 static void socket_init(Unit *u) {
64         Socket *s = SOCKET(u);
65
66         assert(u);
67         assert(u->meta.load_state == UNIT_STUB);
68
69         s->backlog = SOMAXCONN;
70         s->timeout_usec = DEFAULT_TIMEOUT_USEC;
71         s->directory_mode = 0755;
72         s->socket_mode = 0666;
73
74         s->max_connections = 64;
75
76         s->priority = -1;
77         s->ip_tos = -1;
78         s->ip_ttl = -1;
79         s->mark = -1;
80
81         exec_context_init(&s->exec_context);
82         s->exec_context.std_output = u->meta.manager->default_std_output;
83         s->exec_context.std_error = u->meta.manager->default_std_error;
84
85         s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
86 }
87
88 static void socket_unwatch_control_pid(Socket *s) {
89         assert(s);
90
91         if (s->control_pid <= 0)
92                 return;
93
94         unit_unwatch_pid(UNIT(s), s->control_pid);
95         s->control_pid = 0;
96 }
97
98 static void socket_done(Unit *u) {
99         Socket *s = SOCKET(u);
100         SocketPort *p;
101         Meta *i;
102
103         assert(s);
104
105         while ((p = s->ports)) {
106                 LIST_REMOVE(SocketPort, port, s->ports, p);
107
108                 if (p->fd >= 0) {
109                         unit_unwatch_fd(UNIT(s), &p->fd_watch);
110                         close_nointr_nofail(p->fd);
111                 }
112
113                 free(p->path);
114                 free(p);
115         }
116
117         exec_context_done(&s->exec_context);
118         exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
119         s->control_command = NULL;
120
121         socket_unwatch_control_pid(s);
122
123         s->service = NULL;
124
125         free(s->tcp_congestion);
126         s->tcp_congestion = NULL;
127
128         free(s->bind_to_device);
129         s->bind_to_device = NULL;
130
131         unit_unwatch_timer(u, &s->timer_watch);
132
133         /* Make sure no service instance refers to us anymore. */
134         LIST_FOREACH(units_by_type, i, u->meta.manager->units_by_type[UNIT_SERVICE]) {
135                 Service *service = (Service *) i;
136
137                 if (service->accept_socket == s)
138                         service->accept_socket = NULL;
139
140                 set_remove(service->configured_sockets, s);
141         }
142 }
143
144 static int socket_instantiate_service(Socket *s) {
145         char *prefix, *name;
146         int r;
147         Unit *u;
148
149         assert(s);
150
151         /* This fills in s->service if it isn't filled in yet. For
152          * Accept=yes sockets we create the next connection service
153          * here. For Accept=no this is mostly a NOP since the service
154          * is figured out at load time anyway. */
155
156         if (s->service)
157                 return 0;
158
159         assert(s->accept);
160
161         if (!(prefix = unit_name_to_prefix(s->meta.id)))
162                 return -ENOMEM;
163
164         r = asprintf(&name, "%s@%u.service", prefix, s->n_accepted);
165         free(prefix);
166
167         if (r < 0)
168                 return -ENOMEM;
169
170         r = manager_load_unit(s->meta.manager, name, NULL, NULL, &u);
171         free(name);
172
173         if (r < 0)
174                 return r;
175
176 #ifdef HAVE_SYSV_COMPAT
177         if (SERVICE(u)->sysv_path) {
178                 log_error("Using SysV services for socket activation is not supported. Refusing.");
179                 return -ENOENT;
180         }
181 #endif
182
183         u->meta.no_gc = true;
184         s->service = SERVICE(u);
185         return 0;
186 }
187
188 static bool have_non_accept_socket(Socket *s) {
189         SocketPort *p;
190
191         assert(s);
192
193         if (!s->accept)
194                 return true;
195
196         LIST_FOREACH(port, p, s->ports) {
197
198                 if (p->type != SOCKET_SOCKET)
199                         return true;
200
201                 if (!socket_address_can_accept(&p->address))
202                         return true;
203         }
204
205         return false;
206 }
207
208 static int socket_verify(Socket *s) {
209         assert(s);
210
211         if (s->meta.load_state != UNIT_LOADED)
212                 return 0;
213
214         if (!s->ports) {
215                 log_error("%s lacks Listen setting. Refusing.", s->meta.id);
216                 return -EINVAL;
217         }
218
219         if (s->accept && have_non_accept_socket(s)) {
220                 log_error("%s configured for accepting sockets, but sockets are non-accepting. Refusing.", s->meta.id);
221                 return -EINVAL;
222         }
223
224         if (s->accept && s->max_connections <= 0) {
225                 log_error("%s's MaxConnection setting too small. Refusing.", s->meta.id);
226                 return -EINVAL;
227         }
228
229         if (s->accept && s->service) {
230                 log_error("Explicit service configuration for accepting sockets not supported on %s. Refusing.", s->meta.id);
231                 return -EINVAL;
232         }
233
234         if (s->exec_context.pam_name && s->exec_context.kill_mode != KILL_CONTROL_GROUP) {
235                 log_error("%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", s->meta.id);
236                 return -EINVAL;
237         }
238
239         return 0;
240 }
241
242 static bool socket_needs_mount(Socket *s, const char *prefix) {
243         SocketPort *p;
244
245         assert(s);
246
247         LIST_FOREACH(port, p, s->ports) {
248
249                 if (p->type == SOCKET_SOCKET) {
250                         if (socket_address_needs_mount(&p->address, prefix))
251                                 return true;
252                 } else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL) {
253                         if (path_startswith(p->path, prefix))
254                                 return true;
255                 }
256         }
257
258         return false;
259 }
260
261 int socket_add_one_mount_link(Socket *s, Mount *m) {
262         int r;
263
264         assert(s);
265         assert(m);
266
267         if (s->meta.load_state != UNIT_LOADED ||
268             m->meta.load_state != UNIT_LOADED)
269                 return 0;
270
271         if (!socket_needs_mount(s, m->where))
272                 return 0;
273
274         if ((r = unit_add_two_dependencies(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, UNIT(m), true)) < 0)
275                 return r;
276
277         return 0;
278 }
279
280 static int socket_add_mount_links(Socket *s) {
281         Meta *other;
282         int r;
283
284         assert(s);
285
286         LIST_FOREACH(units_by_type, other, s->meta.manager->units_by_type[UNIT_MOUNT])
287                 if ((r = socket_add_one_mount_link(s, (Mount*) other)) < 0)
288                         return r;
289
290         return 0;
291 }
292
293 static int socket_add_device_link(Socket *s) {
294         char *t;
295         int r;
296
297         assert(s);
298
299         if (!s->bind_to_device)
300                 return 0;
301
302         if (asprintf(&t, "/sys/subsystem/net/devices/%s", s->bind_to_device) < 0)
303                 return -ENOMEM;
304
305         r = unit_add_node_link(UNIT(s), t, false);
306         free(t);
307
308         return r;
309 }
310
311 static int socket_add_default_dependencies(Socket *s) {
312         int r;
313         assert(s);
314
315         if (s->meta.manager->running_as == MANAGER_SYSTEM) {
316                 if ((r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true)) < 0)
317                         return r;
318
319                 if ((r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true)) < 0)
320                         return r;
321         }
322
323         return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
324 }
325
326 static int socket_load(Unit *u) {
327         Socket *s = SOCKET(u);
328         int r;
329
330         assert(u);
331         assert(u->meta.load_state == UNIT_STUB);
332
333         if ((r = unit_load_fragment_and_dropin(u)) < 0)
334                 return r;
335
336         /* This is a new unit? Then let's add in some extras */
337         if (u->meta.load_state == UNIT_LOADED) {
338
339                 if (have_non_accept_socket(s)) {
340
341                         if (!s->service)
342                                 if ((r = unit_load_related_unit(u, ".service", (Unit**) &s->service)) < 0)
343                                         return r;
344
345                         if ((r = unit_add_dependency(u, UNIT_BEFORE, UNIT(s->service), true)) < 0)
346                                 return r;
347                 }
348
349                 if ((r = socket_add_mount_links(s)) < 0)
350                         return r;
351
352                 if ((r = socket_add_device_link(s)) < 0)
353                         return r;
354
355                 if ((r = unit_add_exec_dependencies(u, &s->exec_context)) < 0)
356                         return r;
357
358                 if ((r = unit_add_default_cgroups(u)) < 0)
359                         return r;
360
361                 if (s->meta.default_dependencies)
362                         if ((r = socket_add_default_dependencies(s)) < 0)
363                                 return r;
364         }
365
366         return socket_verify(s);
367 }
368
369 static const char* listen_lookup(int family, int type) {
370
371         if (family == AF_NETLINK)
372                 return "ListenNetlink";
373
374         if (type == SOCK_STREAM)
375                 return "ListenStream";
376         else if (type == SOCK_DGRAM)
377                 return "ListenDatagram";
378         else if (type == SOCK_SEQPACKET)
379                 return "ListenSequentialPacket";
380
381         assert_not_reached("Unknown socket type");
382         return NULL;
383 }
384
385 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
386
387         SocketExecCommand c;
388         Socket *s = SOCKET(u);
389         SocketPort *p;
390         const char *prefix2;
391         char *p2;
392
393         assert(s);
394         assert(f);
395
396         p2 = strappend(prefix, "\t");
397         prefix2 = p2 ? p2 : prefix;
398
399         fprintf(f,
400                 "%sSocket State: %s\n"
401                 "%sBindIPv6Only: %s\n"
402                 "%sBacklog: %u\n"
403                 "%sSocketMode: %04o\n"
404                 "%sDirectoryMode: %04o\n"
405                 "%sKeepAlive: %s\n"
406                 "%sFreeBind: %s\n"
407                 "%sTransparent: %s\n"
408                 "%sBroadcast: %s\n"
409                 "%sPassCrededentials: %s\n"
410                 "%sTCPCongestion: %s\n",
411                 prefix, socket_state_to_string(s->state),
412                 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
413                 prefix, s->backlog,
414                 prefix, s->socket_mode,
415                 prefix, s->directory_mode,
416                 prefix, yes_no(s->keep_alive),
417                 prefix, yes_no(s->free_bind),
418                 prefix, yes_no(s->transparent),
419                 prefix, yes_no(s->broadcast),
420                 prefix, yes_no(s->pass_cred),
421                 prefix, strna(s->tcp_congestion));
422
423         if (s->control_pid > 0)
424                 fprintf(f,
425                         "%sControl PID: %lu\n",
426                         prefix, (unsigned long) s->control_pid);
427
428         if (s->bind_to_device)
429                 fprintf(f,
430                         "%sBindToDevice: %s\n",
431                         prefix, s->bind_to_device);
432
433         if (s->accept)
434                 fprintf(f,
435                         "%sAccepted: %u\n"
436                         "%sNConnections: %u\n"
437                         "%sMaxConnections: %u\n",
438                         prefix, s->n_accepted,
439                         prefix, s->n_connections,
440                         prefix, s->max_connections);
441
442         if (s->priority >= 0)
443                 fprintf(f,
444                         "%sPriority: %i\n",
445                         prefix, s->priority);
446
447         if (s->receive_buffer > 0)
448                 fprintf(f,
449                         "%sReceiveBuffer: %zu\n",
450                         prefix, s->receive_buffer);
451
452         if (s->send_buffer > 0)
453                 fprintf(f,
454                         "%sSendBuffer: %zu\n",
455                         prefix, s->send_buffer);
456
457         if (s->ip_tos >= 0)
458                 fprintf(f,
459                         "%sIPTOS: %i\n",
460                         prefix, s->ip_tos);
461
462         if (s->ip_ttl >= 0)
463                 fprintf(f,
464                         "%sIPTTL: %i\n",
465                         prefix, s->ip_ttl);
466
467         if (s->pipe_size > 0)
468                 fprintf(f,
469                         "%sPipeSize: %zu\n",
470                         prefix, s->pipe_size);
471
472         if (s->mark >= 0)
473                 fprintf(f,
474                         "%sMark: %i\n",
475                         prefix, s->mark);
476
477         if (s->mq_maxmsg > 0)
478                 fprintf(f,
479                         "%sMessageQueueMaxMessages: %li\n",
480                         prefix, s->mq_maxmsg);
481
482         if (s->mq_msgsize > 0)
483                 fprintf(f,
484                         "%sMessageQueueMessageSize: %li\n",
485                         prefix, s->mq_msgsize);
486
487         LIST_FOREACH(port, p, s->ports) {
488
489                 if (p->type == SOCKET_SOCKET) {
490                         const char *t;
491                         int r;
492                         char *k = NULL;
493
494                         if ((r = socket_address_print(&p->address, &k)) < 0)
495                                 t = strerror(-r);
496                         else
497                                 t = k;
498
499                         fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
500                         free(k);
501                 } else if (p->type == SOCKET_SPECIAL)
502                         fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
503                 else if (p->type == SOCKET_MQUEUE)
504                         fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
505                 else
506                         fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
507         }
508
509         exec_context_dump(&s->exec_context, f, prefix);
510
511         for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
512                 if (!s->exec_command[c])
513                         continue;
514
515                 fprintf(f, "%s-> %s:\n",
516                         prefix, socket_exec_command_to_string(c));
517
518                 exec_command_dump_list(s->exec_command[c], f, prefix2);
519         }
520
521         free(p2);
522 }
523
524 static int instance_from_socket(int fd, unsigned nr, char **instance) {
525         socklen_t l;
526         char *r;
527         union {
528                 struct sockaddr sa;
529                 struct sockaddr_un un;
530                 struct sockaddr_in in;
531                 struct sockaddr_in6 in6;
532                 struct sockaddr_storage storage;
533         } local, remote;
534
535         assert(fd >= 0);
536         assert(instance);
537
538         l = sizeof(local);
539         if (getsockname(fd, &local.sa, &l) < 0)
540                 return -errno;
541
542         l = sizeof(remote);
543         if (getpeername(fd, &remote.sa, &l) < 0)
544                 return -errno;
545
546         switch (local.sa.sa_family) {
547
548         case AF_INET: {
549                 uint32_t
550                         a = ntohl(local.in.sin_addr.s_addr),
551                         b = ntohl(remote.in.sin_addr.s_addr);
552
553                 if (asprintf(&r,
554                              "%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
555                              a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
556                              ntohs(local.in.sin_port),
557                              b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
558                              ntohs(remote.in.sin_port)) < 0)
559                         return -ENOMEM;
560
561                 break;
562         }
563
564         case AF_INET6: {
565                 static const char ipv4_prefix[] = {
566                         0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
567                 };
568
569                 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
570                     memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
571                         const uint8_t
572                                 *a = local.in6.sin6_addr.s6_addr+12,
573                                 *b = remote.in6.sin6_addr.s6_addr+12;
574
575                         if (asprintf(&r,
576                                      "%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
577                                      a[0], a[1], a[2], a[3],
578                                      ntohs(local.in6.sin6_port),
579                                      b[0], b[1], b[2], b[3],
580                                      ntohs(remote.in6.sin6_port)) < 0)
581                                 return -ENOMEM;
582                 } else {
583                         char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
584
585                         if (asprintf(&r,
586                                      "%s:%u-%s:%u",
587                                      inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
588                                      ntohs(local.in6.sin6_port),
589                                      inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
590                                      ntohs(remote.in6.sin6_port)) < 0)
591                                 return -ENOMEM;
592                 }
593
594                 break;
595         }
596
597         case AF_UNIX: {
598                 struct ucred ucred;
599
600                 l = sizeof(ucred);
601                 if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &l) < 0)
602                         return -errno;
603
604                 if (asprintf(&r,
605                              "%u-%lu-%lu",
606                              nr,
607                              (unsigned long) ucred.pid,
608                              (unsigned long) ucred.uid) < 0)
609                         return -ENOMEM;
610
611                 break;
612         }
613
614         default:
615                 assert_not_reached("Unhandled socket type.");
616         }
617
618         *instance = r;
619         return 0;
620 }
621
622 static void socket_close_fds(Socket *s) {
623         SocketPort *p;
624
625         assert(s);
626
627         LIST_FOREACH(port, p, s->ports) {
628                 if (p->fd < 0)
629                         continue;
630
631                 unit_unwatch_fd(UNIT(s), &p->fd_watch);
632                 close_nointr_nofail(p->fd);
633
634                 /* One little note: we should never delete any sockets
635                  * in the file system here! After all some other
636                  * process we spawned might still have a reference of
637                  * this fd and wants to continue to use it. Therefore
638                  * we delete sockets in the file system before we
639                  * create a new one, not after we stopped using
640                  * one! */
641
642                 p->fd = -1;
643         }
644 }
645
646 static void socket_apply_socket_options(Socket *s, int fd) {
647         assert(s);
648         assert(fd >= 0);
649
650         if (s->keep_alive) {
651                 int b = s->keep_alive;
652                 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
653                         log_warning("SO_KEEPALIVE failed: %m");
654         }
655
656         if (s->broadcast) {
657                 int one = 1;
658                 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
659                         log_warning("SO_BROADCAST failed: %m");
660         }
661
662         if (s->pass_cred) {
663                 int one = 1;
664                 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
665                         log_warning("SO_PASSCRED failed: %m");
666         }
667
668         if (s->priority >= 0)
669                 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
670                         log_warning("SO_PRIORITY failed: %m");
671
672         if (s->receive_buffer > 0) {
673                 int value = (int) s->receive_buffer;
674                 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
675                         log_warning("SO_RCVBUFFORCE failed: %m");
676         }
677
678         if (s->send_buffer > 0) {
679                 int value = (int) s->send_buffer;
680                 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
681                         log_warning("SO_SNDBUFFORCE failed: %m");
682         }
683
684         if (s->mark >= 0)
685                 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
686                         log_warning("SO_MARK failed: %m");
687
688         if (s->ip_tos >= 0)
689                 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
690                         log_warning("IP_TOS failed: %m");
691
692         if (s->ip_ttl >= 0) {
693                 int r, x;
694
695                 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
696
697                 if (socket_ipv6_is_supported())
698                         x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
699                 else {
700                         x = -1;
701                         errno = EAFNOSUPPORT;
702                 }
703
704                 if (r < 0 && x < 0)
705                         log_warning("IP_TTL/IPV6_UNICAST_HOPS failed: %m");
706         }
707
708         if (s->tcp_congestion)
709                 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
710                         log_warning("TCP_CONGESTION failed: %m");
711 }
712
713 static void socket_apply_fifo_options(Socket *s, int fd) {
714         assert(s);
715         assert(fd >= 0);
716
717         if (s->pipe_size > 0)
718                 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
719                         log_warning("F_SETPIPE_SZ: %m");
720 }
721
722 static int fifo_address_create(
723                 const char *path,
724                 mode_t directory_mode,
725                 mode_t socket_mode,
726                 int *_fd) {
727
728         int fd = -1, r = 0;
729         struct stat st;
730         mode_t old_mask;
731
732         assert(path);
733         assert(_fd);
734
735         mkdir_parents(path, directory_mode);
736
737         if ((r = label_fifofile_set(path)) < 0)
738                 goto fail;
739
740         /* Enforce the right access mode for the fifo */
741         old_mask = umask(~ socket_mode);
742
743         /* Include the original umask in our mask */
744         umask(~socket_mode | old_mask);
745
746         r = mkfifo(path, socket_mode);
747         umask(old_mask);
748
749         if (r < 0 && errno != EEXIST) {
750                 r = -errno;
751                 goto fail;
752         }
753
754         if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
755                 r = -errno;
756                 goto fail;
757         }
758
759         label_file_clear();
760
761         if (fstat(fd, &st) < 0) {
762                 r = -errno;
763                 goto fail;
764         }
765
766         if (!S_ISFIFO(st.st_mode) ||
767             (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
768             st.st_uid != getuid() ||
769             st.st_gid != getgid()) {
770
771                 r = -EEXIST;
772                 goto fail;
773         }
774
775         *_fd = fd;
776         return 0;
777
778 fail:
779         label_file_clear();
780
781         if (fd >= 0)
782                 close_nointr_nofail(fd);
783
784         return r;
785 }
786
787 static int special_address_create(
788                 const char *path,
789                 int *_fd) {
790
791         int fd = -1, r = 0;
792         struct stat st;
793
794         assert(path);
795         assert(_fd);
796
797         if ((fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
798                 r = -errno;
799                 goto fail;
800         }
801
802         if (fstat(fd, &st) < 0) {
803                 r = -errno;
804                 goto fail;
805         }
806
807         /* Check whether this is a /proc, /sys or /dev file or char device */
808         if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
809                 r = -EEXIST;
810                 goto fail;
811         }
812
813         *_fd = fd;
814         return 0;
815
816 fail:
817         if (fd >= 0)
818                 close_nointr_nofail(fd);
819
820         return r;
821 }
822
823 static int mq_address_create(
824                 const char *path,
825                 mode_t mq_mode,
826                 long maxmsg,
827                 long msgsize,
828                 int *_fd) {
829
830         int fd = -1, r = 0;
831         struct stat st;
832         mode_t old_mask;
833         struct mq_attr _attr, *attr = NULL;
834
835         assert(path);
836         assert(_fd);
837
838         if (maxmsg > 0 && msgsize > 0) {
839                 zero(_attr);
840                 _attr.mq_flags = O_NONBLOCK;
841                 _attr.mq_maxmsg = maxmsg;
842                 _attr.mq_msgsize = msgsize;
843                 attr = &_attr;
844         }
845
846         /* Enforce the right access mode for the mq */
847         old_mask = umask(~ mq_mode);
848
849         /* Include the original umask in our mask */
850         umask(~mq_mode | old_mask);
851
852         fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
853         umask(old_mask);
854
855         if (fd < 0) {
856                 r = -errno;
857                 goto fail;
858         }
859
860         if (fstat(fd, &st) < 0) {
861                 r = -errno;
862                 goto fail;
863         }
864
865         if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
866             st.st_uid != getuid() ||
867             st.st_gid != getgid()) {
868
869                 r = -EEXIST;
870                 goto fail;
871         }
872
873         *_fd = fd;
874         return 0;
875
876 fail:
877         if (fd >= 0)
878                 close_nointr_nofail(fd);
879
880         return r;
881 }
882
883 static int socket_open_fds(Socket *s) {
884         SocketPort *p;
885         int r;
886         char *label = NULL;
887         bool know_label = false;
888
889         assert(s);
890
891         LIST_FOREACH(port, p, s->ports) {
892
893                 if (p->fd >= 0)
894                         continue;
895
896                 if (p->type == SOCKET_SOCKET) {
897
898                         if (!know_label) {
899
900                                 if ((r = socket_instantiate_service(s)) < 0)
901                                         return r;
902
903                                 if (s->service && s->service->exec_command[SERVICE_EXEC_START]) {
904                                         r = label_get_create_label_from_exe(s->service->exec_command[SERVICE_EXEC_START]->path, &label);
905
906                                         if (r < 0) {
907                                                 if (r != -EPERM)
908                                                         return r;
909                                         }
910                                 }
911
912                                 know_label = true;
913                         }
914
915                         if ((r = socket_address_listen(
916                                              &p->address,
917                                              s->backlog,
918                                              s->bind_ipv6_only,
919                                              s->bind_to_device,
920                                              s->free_bind,
921                                              s->transparent,
922                                              s->directory_mode,
923                                              s->socket_mode,
924                                              label,
925                                              &p->fd)) < 0)
926                                 goto rollback;
927
928                         socket_apply_socket_options(s, p->fd);
929
930                 } else  if (p->type == SOCKET_SPECIAL) {
931
932                         if ((r = special_address_create(
933                                              p->path,
934                                              &p->fd)) < 0)
935                                 goto rollback;
936
937                 } else  if (p->type == SOCKET_FIFO) {
938
939                         if ((r = fifo_address_create(
940                                              p->path,
941                                              s->directory_mode,
942                                              s->socket_mode,
943                                              &p->fd)) < 0)
944                                 goto rollback;
945
946                         socket_apply_fifo_options(s, p->fd);
947                 } else if (p->type == SOCKET_MQUEUE) {
948
949                         if ((r = mq_address_create(
950                                              p->path,
951                                              s->socket_mode,
952                                              s->mq_maxmsg,
953                                              s->mq_msgsize,
954                                              &p->fd)) < 0)
955                                 goto rollback;
956                 } else
957                         assert_not_reached("Unknown port type");
958         }
959
960         label_free(label);
961         return 0;
962
963 rollback:
964         socket_close_fds(s);
965         label_free(label);
966         return r;
967 }
968
969 static void socket_unwatch_fds(Socket *s) {
970         SocketPort *p;
971
972         assert(s);
973
974         LIST_FOREACH(port, p, s->ports) {
975                 if (p->fd < 0)
976                         continue;
977
978                 unit_unwatch_fd(UNIT(s), &p->fd_watch);
979         }
980 }
981
982 static int socket_watch_fds(Socket *s) {
983         SocketPort *p;
984         int r;
985
986         assert(s);
987
988         LIST_FOREACH(port, p, s->ports) {
989                 if (p->fd < 0)
990                         continue;
991
992                 p->fd_watch.socket_accept =
993                         s->accept &&
994                         p->type == SOCKET_SOCKET &&
995                         socket_address_can_accept(&p->address);
996
997                 if ((r = unit_watch_fd(UNIT(s), p->fd, EPOLLIN, &p->fd_watch)) < 0)
998                         goto fail;
999         }
1000
1001         return 0;
1002
1003 fail:
1004         socket_unwatch_fds(s);
1005         return r;
1006 }
1007
1008 static void socket_set_state(Socket *s, SocketState state) {
1009         SocketState old_state;
1010         assert(s);
1011
1012         old_state = s->state;
1013         s->state = state;
1014
1015         if (state != SOCKET_START_PRE &&
1016             state != SOCKET_START_POST &&
1017             state != SOCKET_STOP_PRE &&
1018             state != SOCKET_STOP_PRE_SIGTERM &&
1019             state != SOCKET_STOP_PRE_SIGKILL &&
1020             state != SOCKET_STOP_POST &&
1021             state != SOCKET_FINAL_SIGTERM &&
1022             state != SOCKET_FINAL_SIGKILL) {
1023                 unit_unwatch_timer(UNIT(s), &s->timer_watch);
1024                 socket_unwatch_control_pid(s);
1025                 s->control_command = NULL;
1026                 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1027         }
1028
1029         if (state != SOCKET_LISTENING)
1030                 socket_unwatch_fds(s);
1031
1032         if (state != SOCKET_START_POST &&
1033             state != SOCKET_LISTENING &&
1034             state != SOCKET_RUNNING &&
1035             state != SOCKET_STOP_PRE &&
1036             state != SOCKET_STOP_PRE_SIGTERM &&
1037             state != SOCKET_STOP_PRE_SIGKILL)
1038                 socket_close_fds(s);
1039
1040         if (state != old_state)
1041                 log_debug("%s changed %s -> %s",
1042                           s->meta.id,
1043                           socket_state_to_string(old_state),
1044                           socket_state_to_string(state));
1045
1046         unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1047 }
1048
1049 static int socket_coldplug(Unit *u) {
1050         Socket *s = SOCKET(u);
1051         int r;
1052
1053         assert(s);
1054         assert(s->state == SOCKET_DEAD);
1055
1056         if (s->deserialized_state != s->state) {
1057
1058                 if (s->deserialized_state == SOCKET_START_PRE ||
1059                     s->deserialized_state == SOCKET_START_POST ||
1060                     s->deserialized_state == SOCKET_STOP_PRE ||
1061                     s->deserialized_state == SOCKET_STOP_PRE_SIGTERM ||
1062                     s->deserialized_state == SOCKET_STOP_PRE_SIGKILL ||
1063                     s->deserialized_state == SOCKET_STOP_POST ||
1064                     s->deserialized_state == SOCKET_FINAL_SIGTERM ||
1065                     s->deserialized_state == SOCKET_FINAL_SIGKILL) {
1066
1067                         if (s->control_pid <= 0)
1068                                 return -EBADMSG;
1069
1070                         if ((r = unit_watch_pid(UNIT(s), s->control_pid)) < 0)
1071                                 return r;
1072
1073                         if ((r = unit_watch_timer(UNIT(s), s->timeout_usec, &s->timer_watch)) < 0)
1074                                 return r;
1075                 }
1076
1077                 if (s->deserialized_state == SOCKET_START_POST ||
1078                     s->deserialized_state == SOCKET_LISTENING ||
1079                     s->deserialized_state == SOCKET_RUNNING ||
1080                     s->deserialized_state == SOCKET_STOP_PRE ||
1081                     s->deserialized_state == SOCKET_STOP_PRE_SIGTERM ||
1082                     s->deserialized_state == SOCKET_STOP_PRE_SIGKILL)
1083                         if ((r = socket_open_fds(s)) < 0)
1084                                 return r;
1085
1086                 if (s->deserialized_state == SOCKET_LISTENING)
1087                         if ((r = socket_watch_fds(s)) < 0)
1088                                 return r;
1089
1090                 socket_set_state(s, s->deserialized_state);
1091         }
1092
1093         return 0;
1094 }
1095
1096 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1097         pid_t pid;
1098         int r;
1099         char **argv;
1100
1101         assert(s);
1102         assert(c);
1103         assert(_pid);
1104
1105         if ((r = unit_watch_timer(UNIT(s), s->timeout_usec, &s->timer_watch)) < 0)
1106                 goto fail;
1107
1108         if (!(argv = unit_full_printf_strv(UNIT(s), c->argv))) {
1109                 r = -ENOMEM;
1110                 goto fail;
1111         }
1112
1113         r = exec_spawn(c,
1114                        argv,
1115                        &s->exec_context,
1116                        NULL, 0,
1117                        s->meta.manager->environment,
1118                        true,
1119                        true,
1120                        true,
1121                        s->meta.manager->confirm_spawn,
1122                        s->meta.cgroup_bondings,
1123                        s->meta.cgroup_attributes,
1124                        &pid);
1125
1126         strv_free(argv);
1127         if (r < 0)
1128                 goto fail;
1129
1130         if ((r = unit_watch_pid(UNIT(s), pid)) < 0)
1131                 /* FIXME: we need to do something here */
1132                 goto fail;
1133
1134         *_pid = pid;
1135
1136         return 0;
1137
1138 fail:
1139         unit_unwatch_timer(UNIT(s), &s->timer_watch);
1140
1141         return r;
1142 }
1143
1144 static void socket_enter_dead(Socket *s, bool success) {
1145         assert(s);
1146
1147         if (!success)
1148                 s->failure = true;
1149
1150         socket_set_state(s, s->failure ? SOCKET_FAILED : SOCKET_DEAD);
1151 }
1152
1153 static void socket_enter_signal(Socket *s, SocketState state, bool success);
1154
1155 static void socket_enter_stop_post(Socket *s, bool success) {
1156         int r;
1157         assert(s);
1158
1159         if (!success)
1160                 s->failure = true;
1161
1162         socket_unwatch_control_pid(s);
1163
1164         s->control_command_id = SOCKET_EXEC_STOP_POST;
1165
1166         if ((s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST])) {
1167                 if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0)
1168                         goto fail;
1169
1170                 socket_set_state(s, SOCKET_STOP_POST);
1171         } else
1172                 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, true);
1173
1174         return;
1175
1176 fail:
1177         log_warning("%s failed to run 'stop-post' task: %s", s->meta.id, strerror(-r));
1178         socket_enter_signal(s, SOCKET_FINAL_SIGTERM, false);
1179 }
1180
1181 static void socket_enter_signal(Socket *s, SocketState state, bool success) {
1182         int r;
1183         Set *pid_set = NULL;
1184         bool wait_for_exit = false;
1185
1186         assert(s);
1187
1188         if (!success)
1189                 s->failure = true;
1190
1191         if (s->exec_context.kill_mode != KILL_NONE) {
1192                 int sig = (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_FINAL_SIGTERM) ? s->exec_context.kill_signal : SIGKILL;
1193
1194                 if (s->control_pid > 0) {
1195                         if (kill_and_sigcont(s->control_pid, sig) < 0 && errno != ESRCH)
1196
1197                                 log_warning("Failed to kill control process %li: %m", (long) s->control_pid);
1198                         else
1199                                 wait_for_exit = true;
1200                 }
1201
1202                 if (s->exec_context.kill_mode == KILL_CONTROL_GROUP) {
1203
1204                         if (!(pid_set = set_new(trivial_hash_func, trivial_compare_func))) {
1205                                 r = -ENOMEM;
1206                                 goto fail;
1207                         }
1208
1209                         /* Exclude the control pid from being killed via the cgroup */
1210                         if (s->control_pid > 0)
1211                                 if ((r = set_put(pid_set, LONG_TO_PTR(s->control_pid))) < 0)
1212                                         goto fail;
1213
1214                         if ((r = cgroup_bonding_kill_list(s->meta.cgroup_bondings, sig, true, pid_set)) < 0) {
1215                                 if (r != -EAGAIN && r != -ESRCH && r != -ENOENT)
1216                                         log_warning("Failed to kill control group: %s", strerror(-r));
1217                         } else if (r > 0)
1218                                 wait_for_exit = true;
1219
1220                         set_free(pid_set);
1221                         pid_set = NULL;
1222                 }
1223         }
1224
1225         if (wait_for_exit) {
1226                 if ((r = unit_watch_timer(UNIT(s), s->timeout_usec, &s->timer_watch)) < 0)
1227                         goto fail;
1228
1229                 socket_set_state(s, state);
1230         } else if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1231                 socket_enter_stop_post(s, true);
1232         else
1233                 socket_enter_dead(s, true);
1234
1235         return;
1236
1237 fail:
1238         log_warning("%s failed to kill processes: %s", s->meta.id, strerror(-r));
1239
1240         if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1241                 socket_enter_stop_post(s, false);
1242         else
1243                 socket_enter_dead(s, false);
1244
1245         if (pid_set)
1246                 set_free(pid_set);
1247 }
1248
1249 static void socket_enter_stop_pre(Socket *s, bool success) {
1250         int r;
1251         assert(s);
1252
1253         if (!success)
1254                 s->failure = true;
1255
1256         socket_unwatch_control_pid(s);
1257
1258         s->control_command_id = SOCKET_EXEC_STOP_PRE;
1259
1260         if ((s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE])) {
1261                 if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0)
1262                         goto fail;
1263
1264                 socket_set_state(s, SOCKET_STOP_PRE);
1265         } else
1266                 socket_enter_stop_post(s, true);
1267
1268         return;
1269
1270 fail:
1271         log_warning("%s failed to run 'stop-pre' task: %s", s->meta.id, strerror(-r));
1272         socket_enter_stop_post(s, false);
1273 }
1274
1275 static void socket_enter_listening(Socket *s) {
1276         int r;
1277         assert(s);
1278
1279         if ((r = socket_watch_fds(s)) < 0) {
1280                 log_warning("%s failed to watch sockets: %s", s->meta.id, strerror(-r));
1281                 goto fail;
1282         }
1283
1284         socket_set_state(s, SOCKET_LISTENING);
1285         return;
1286
1287 fail:
1288         socket_enter_stop_pre(s, false);
1289 }
1290
1291 static void socket_enter_start_post(Socket *s) {
1292         int r;
1293         assert(s);
1294
1295         if ((r = socket_open_fds(s)) < 0) {
1296                 log_warning("%s failed to listen on sockets: %s", s->meta.id, strerror(-r));
1297                 goto fail;
1298         }
1299
1300         socket_unwatch_control_pid(s);
1301
1302         s->control_command_id = SOCKET_EXEC_START_POST;
1303
1304         if ((s->control_command = s->exec_command[SOCKET_EXEC_START_POST])) {
1305                 if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0) {
1306                         log_warning("%s failed to run 'start-post' task: %s", s->meta.id, strerror(-r));
1307                         goto fail;
1308                 }
1309
1310                 socket_set_state(s, SOCKET_START_POST);
1311         } else
1312                 socket_enter_listening(s);
1313
1314         return;
1315
1316 fail:
1317         socket_enter_stop_pre(s, false);
1318 }
1319
1320 static void socket_enter_start_pre(Socket *s) {
1321         int r;
1322         assert(s);
1323
1324         socket_unwatch_control_pid(s);
1325
1326         s->control_command_id = SOCKET_EXEC_START_PRE;
1327
1328         if ((s->control_command = s->exec_command[SOCKET_EXEC_START_PRE])) {
1329                 if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0)
1330                         goto fail;
1331
1332                 socket_set_state(s, SOCKET_START_PRE);
1333         } else
1334                 socket_enter_start_post(s);
1335
1336         return;
1337
1338 fail:
1339         log_warning("%s failed to run 'start-pre' task: %s", s->meta.id, strerror(-r));
1340         socket_enter_dead(s, false);
1341 }
1342
1343 static void socket_enter_running(Socket *s, int cfd) {
1344         int r;
1345         DBusError error;
1346
1347         assert(s);
1348         dbus_error_init(&error);
1349
1350         /* We don't take connections anymore if we are supposed to
1351          * shut down anyway */
1352         if (unit_pending_inactive(UNIT(s))) {
1353                 log_debug("Suppressing connection request on %s since unit stop is scheduled.", s->meta.id);
1354
1355                 if (cfd >= 0)
1356                         close_nointr_nofail(cfd);
1357                 else  {
1358                         /* Flush all sockets by closing and reopening them */
1359                         socket_close_fds(s);
1360
1361                         if ((r = socket_watch_fds(s)) < 0) {
1362                                 log_warning("%s failed to watch sockets: %s", s->meta.id, strerror(-r));
1363                                 socket_enter_stop_pre(s, false);
1364                         }
1365                 }
1366
1367                 return;
1368         }
1369
1370         if (cfd < 0) {
1371                 bool pending = false;
1372                 Meta *i;
1373
1374                 /* If there's already a start pending don't bother to
1375                  * do anything */
1376                 LIST_FOREACH(units_by_type, i, s->meta.manager->units_by_type[UNIT_SERVICE]) {
1377                         Service *service = (Service *) i;
1378
1379                         if (!set_get(service->configured_sockets, s))
1380                                 continue;
1381
1382                         if (!unit_pending_active(UNIT(service)))
1383                                 continue;
1384
1385                         pending = true;
1386                         break;
1387                 }
1388
1389                 if (!pending)
1390                         if ((r = manager_add_job(s->meta.manager, JOB_START, UNIT(s->service), JOB_REPLACE, true, &error, NULL)) < 0)
1391                                 goto fail;
1392
1393                 socket_set_state(s, SOCKET_RUNNING);
1394         } else {
1395                 char *prefix, *instance = NULL, *name;
1396                 Service *service;
1397
1398                 if (s->n_connections >= s->max_connections) {
1399                         log_warning("Too many incoming connections (%u)", s->n_connections);
1400                         close_nointr_nofail(cfd);
1401                         return;
1402                 }
1403
1404                 if ((r = socket_instantiate_service(s)) < 0)
1405                         goto fail;
1406
1407                 if ((r = instance_from_socket(cfd, s->n_accepted, &instance)) < 0)
1408                         goto fail;
1409
1410                 if (!(prefix = unit_name_to_prefix(s->meta.id))) {
1411                         free(instance);
1412                         r = -ENOMEM;
1413                         goto fail;
1414                 }
1415
1416                 name = unit_name_build(prefix, instance, ".service");
1417                 free(prefix);
1418                 free(instance);
1419
1420                 if (!name) {
1421                         r = -ENOMEM;
1422                         goto fail;
1423                 }
1424
1425                 if ((r = unit_add_name(UNIT(s->service), name)) < 0) {
1426                         free(name);
1427                         goto fail;
1428                 }
1429
1430                 service = s->service;
1431                 s->service = NULL;
1432                 s->n_accepted ++;
1433
1434                 service->meta.no_gc = false;
1435
1436                 unit_choose_id(UNIT(service), name);
1437                 free(name);
1438
1439                 if ((r = service_set_socket_fd(service, cfd, s)) < 0)
1440                         goto fail;
1441
1442                 cfd = -1;
1443                 s->n_connections ++;
1444
1445                 if ((r = manager_add_job(s->meta.manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL)) < 0)
1446                         goto fail;
1447
1448                 /* Notify clients about changed counters */
1449                 unit_add_to_dbus_queue(UNIT(s));
1450         }
1451
1452         return;
1453
1454 fail:
1455         log_warning("%s failed to queue socket startup job: %s", s->meta.id, bus_error(&error, r));
1456         socket_enter_stop_pre(s, false);
1457
1458         if (cfd >= 0)
1459                 close_nointr_nofail(cfd);
1460
1461         dbus_error_free(&error);
1462 }
1463
1464 static void socket_run_next(Socket *s, bool success) {
1465         int r;
1466
1467         assert(s);
1468         assert(s->control_command);
1469         assert(s->control_command->command_next);
1470
1471         if (!success)
1472                 s->failure = true;
1473
1474         socket_unwatch_control_pid(s);
1475
1476         s->control_command = s->control_command->command_next;
1477
1478         if ((r = socket_spawn(s, s->control_command, &s->control_pid)) < 0)
1479                 goto fail;
1480
1481         return;
1482
1483 fail:
1484         log_warning("%s failed to run next task: %s", s->meta.id, strerror(-r));
1485
1486         if (s->state == SOCKET_START_POST)
1487                 socket_enter_stop_pre(s, false);
1488         else if (s->state == SOCKET_STOP_POST)
1489                 socket_enter_dead(s, false);
1490         else
1491                 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, false);
1492 }
1493
1494 static int socket_start(Unit *u) {
1495         Socket *s = SOCKET(u);
1496
1497         assert(s);
1498
1499         /* We cannot fulfill this request right now, try again later
1500          * please! */
1501         if (s->state == SOCKET_STOP_PRE ||
1502             s->state == SOCKET_STOP_PRE_SIGKILL ||
1503             s->state == SOCKET_STOP_PRE_SIGTERM ||
1504             s->state == SOCKET_STOP_POST ||
1505             s->state == SOCKET_FINAL_SIGTERM ||
1506             s->state == SOCKET_FINAL_SIGKILL)
1507                 return -EAGAIN;
1508
1509         if (s->state == SOCKET_START_PRE ||
1510             s->state == SOCKET_START_POST)
1511                 return 0;
1512
1513         /* Cannot run this without the service being around */
1514         if (s->service) {
1515                 if (s->service->meta.load_state != UNIT_LOADED) {
1516                         log_error("Socket service %s not loaded, refusing.", s->service->meta.id);
1517                         return -ENOENT;
1518                 }
1519
1520                 /* If the service is already active we cannot start the
1521                  * socket */
1522                 if (s->service->state != SERVICE_DEAD &&
1523                     s->service->state != SERVICE_FAILED &&
1524                     s->service->state != SERVICE_AUTO_RESTART) {
1525                         log_error("Socket service %s already active, refusing.", s->service->meta.id);
1526                         return -EBUSY;
1527                 }
1528
1529 #ifdef HAVE_SYSV_COMPAT
1530                 if (s->service->sysv_path) {
1531                         log_error("Using SysV services for socket activation is not supported. Refusing.");
1532                         return -ENOENT;
1533                 }
1534 #endif
1535         }
1536
1537         assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1538
1539         s->failure = false;
1540         socket_enter_start_pre(s);
1541         return 0;
1542 }
1543
1544 static int socket_stop(Unit *u) {
1545         Socket *s = SOCKET(u);
1546
1547         assert(s);
1548
1549         /* Already on it */
1550         if (s->state == SOCKET_STOP_PRE ||
1551             s->state == SOCKET_STOP_PRE_SIGTERM ||
1552             s->state == SOCKET_STOP_PRE_SIGKILL ||
1553             s->state == SOCKET_STOP_POST ||
1554             s->state == SOCKET_FINAL_SIGTERM ||
1555             s->state == SOCKET_FINAL_SIGKILL)
1556                 return 0;
1557
1558         /* If there's already something running we go directly into
1559          * kill mode. */
1560         if (s->state == SOCKET_START_PRE ||
1561             s->state == SOCKET_START_POST) {
1562                 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, true);
1563                 return -EAGAIN;
1564         }
1565
1566         assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1567
1568         socket_enter_stop_pre(s, true);
1569         return 0;
1570 }
1571
1572 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1573         Socket *s = SOCKET(u);
1574         SocketPort *p;
1575         int r;
1576
1577         assert(u);
1578         assert(f);
1579         assert(fds);
1580
1581         unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
1582         unit_serialize_item(u, f, "failure", yes_no(s->failure));
1583         unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
1584
1585         if (s->control_pid > 0)
1586                 unit_serialize_item_format(u, f, "control-pid", "%lu", (unsigned long) s->control_pid);
1587
1588         if (s->control_command_id >= 0)
1589                 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
1590
1591         LIST_FOREACH(port, p, s->ports) {
1592                 int copy;
1593
1594                 if (p->fd < 0)
1595                         continue;
1596
1597                 if ((copy = fdset_put_dup(fds, p->fd)) < 0)
1598                         return copy;
1599
1600                 if (p->type == SOCKET_SOCKET) {
1601                         char *t;
1602
1603                         if ((r = socket_address_print(&p->address, &t)) < 0)
1604                                 return r;
1605
1606                         if (socket_address_family(&p->address) == AF_NETLINK)
1607                                 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
1608                         else
1609                                 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
1610                         free(t);
1611                 } else if (p->type == SOCKET_SPECIAL)
1612                         unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
1613                 else {
1614                         assert(p->type == SOCKET_FIFO);
1615                         unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
1616                 }
1617         }
1618
1619         return 0;
1620 }
1621
1622 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
1623         Socket *s = SOCKET(u);
1624
1625         assert(u);
1626         assert(key);
1627         assert(value);
1628         assert(fds);
1629
1630         if (streq(key, "state")) {
1631                 SocketState state;
1632
1633                 if ((state = socket_state_from_string(value)) < 0)
1634                         log_debug("Failed to parse state value %s", value);
1635                 else
1636                         s->deserialized_state = state;
1637         } else if (streq(key, "failure")) {
1638                 int b;
1639
1640                 if ((b = parse_boolean(value)) < 0)
1641                         log_debug("Failed to parse failure value %s", value);
1642                 else
1643                         s->failure = b || s->failure;
1644
1645         } else if (streq(key, "n-accepted")) {
1646                 unsigned k;
1647
1648                 if (safe_atou(value, &k) < 0)
1649                         log_debug("Failed to parse n-accepted value %s", value);
1650                 else
1651                         s->n_accepted += k;
1652         } else if (streq(key, "control-pid")) {
1653                 pid_t pid;
1654
1655                 if (parse_pid(value, &pid) < 0)
1656                         log_debug("Failed to parse control-pid value %s", value);
1657                 else
1658                         s->control_pid = pid;
1659         } else if (streq(key, "control-command")) {
1660                 SocketExecCommand id;
1661
1662                 if ((id = socket_exec_command_from_string(value)) < 0)
1663                         log_debug("Failed to parse exec-command value %s", value);
1664                 else {
1665                         s->control_command_id = id;
1666                         s->control_command = s->exec_command[id];
1667                 }
1668         } else if (streq(key, "fifo")) {
1669                 int fd, skip = 0;
1670                 SocketPort *p;
1671
1672                 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
1673                         log_debug("Failed to parse fifo value %s", value);
1674                 else {
1675
1676                         LIST_FOREACH(port, p, s->ports)
1677                                 if (p->type == SOCKET_FIFO &&
1678                                     streq_ptr(p->path, value+skip))
1679                                         break;
1680
1681                         if (p) {
1682                                 if (p->fd >= 0)
1683                                         close_nointr_nofail(p->fd);
1684                                 p->fd = fdset_remove(fds, fd);
1685                         }
1686                 }
1687
1688         } else if (streq(key, "special")) {
1689                 int fd, skip = 0;
1690                 SocketPort *p;
1691
1692                 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
1693                         log_debug("Failed to parse special value %s", value);
1694                 else {
1695
1696                         LIST_FOREACH(port, p, s->ports)
1697                                 if (p->type == SOCKET_SPECIAL &&
1698                                     streq_ptr(p->path, value+skip))
1699                                         break;
1700
1701                         if (p) {
1702                                 if (p->fd >= 0)
1703                                         close_nointr_nofail(p->fd);
1704                                 p->fd = fdset_remove(fds, fd);
1705                         }
1706                 }
1707
1708         } else if (streq(key, "socket")) {
1709                 int fd, type, skip = 0;
1710                 SocketPort *p;
1711
1712                 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
1713                         log_debug("Failed to parse socket value %s", value);
1714                 else {
1715
1716                         LIST_FOREACH(port, p, s->ports)
1717                                 if (socket_address_is(&p->address, value+skip, type))
1718                                         break;
1719
1720                         if (p) {
1721                                 if (p->fd >= 0)
1722                                         close_nointr_nofail(p->fd);
1723                                 p->fd = fdset_remove(fds, fd);
1724                         }
1725                 }
1726
1727         } else if (streq(key, "netlink")) {
1728                 int fd, skip = 0;
1729                 SocketPort *p;
1730
1731                 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
1732                         log_debug("Failed to parse socket value %s", value);
1733                 else {
1734
1735                         LIST_FOREACH(port, p, s->ports)
1736                                 if (socket_address_is_netlink(&p->address, value+skip))
1737                                         break;
1738
1739                         if (p) {
1740                                 if (p->fd >= 0)
1741                                         close_nointr_nofail(p->fd);
1742                                 p->fd = fdset_remove(fds, fd);
1743                         }
1744                 }
1745
1746         } else
1747                 log_debug("Unknown serialization key '%s'", key);
1748
1749         return 0;
1750 }
1751
1752 static UnitActiveState socket_active_state(Unit *u) {
1753         assert(u);
1754
1755         return state_translation_table[SOCKET(u)->state];
1756 }
1757
1758 static const char *socket_sub_state_to_string(Unit *u) {
1759         assert(u);
1760
1761         return socket_state_to_string(SOCKET(u)->state);
1762 }
1763
1764 static bool socket_check_gc(Unit *u) {
1765         Socket *s = SOCKET(u);
1766
1767         assert(u);
1768
1769         return s->n_connections > 0;
1770 }
1771
1772 static void socket_fd_event(Unit *u, int fd, uint32_t events, Watch *w) {
1773         Socket *s = SOCKET(u);
1774         int cfd = -1;
1775
1776         assert(s);
1777         assert(fd >= 0);
1778
1779         if (s->state != SOCKET_LISTENING)
1780                 return;
1781
1782         log_debug("Incoming traffic on %s", u->meta.id);
1783
1784         if (events != EPOLLIN) {
1785
1786                 if (events & EPOLLHUP)
1787                         log_error("%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.", u->meta.id);
1788                 else
1789                         log_error("%s: Got unexpected poll event (0x%x) on socket.", u->meta.id, events);
1790
1791                 goto fail;
1792         }
1793
1794         if (w->socket_accept) {
1795                 for (;;) {
1796
1797                         if ((cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK)) < 0) {
1798
1799                                 if (errno == EINTR)
1800                                         continue;
1801
1802                                 log_error("Failed to accept socket: %m");
1803                                 goto fail;
1804                         }
1805
1806                         break;
1807                 }
1808
1809                 socket_apply_socket_options(s, cfd);
1810         }
1811
1812         socket_enter_running(s, cfd);
1813         return;
1814
1815 fail:
1816         socket_enter_stop_pre(s, false);
1817 }
1818
1819 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
1820         Socket *s = SOCKET(u);
1821         bool success;
1822
1823         assert(s);
1824         assert(pid >= 0);
1825
1826         if (pid != s->control_pid)
1827                 return;
1828
1829         s->control_pid = 0;
1830
1831         success = is_clean_exit(code, status);
1832
1833         if (s->control_command) {
1834                 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
1835
1836                 if (s->control_command->ignore)
1837                         success = true;
1838         }
1839
1840         log_full(success ? LOG_DEBUG : LOG_NOTICE,
1841                  "%s control process exited, code=%s status=%i", u->meta.id, sigchld_code_to_string(code), status);
1842         s->failure = s->failure || !success;
1843
1844         if (s->control_command && s->control_command->command_next && success) {
1845                 log_debug("%s running next command for state %s", u->meta.id, socket_state_to_string(s->state));
1846                 socket_run_next(s, success);
1847         } else {
1848                 s->control_command = NULL;
1849                 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1850
1851                 /* No further commands for this step, so let's figure
1852                  * out what to do next */
1853
1854                 log_debug("%s got final SIGCHLD for state %s", u->meta.id, socket_state_to_string(s->state));
1855
1856                 switch (s->state) {
1857
1858                 case SOCKET_START_PRE:
1859                         if (success)
1860                                 socket_enter_start_post(s);
1861                         else
1862                                 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, false);
1863                         break;
1864
1865                 case SOCKET_START_POST:
1866                         if (success)
1867                                 socket_enter_listening(s);
1868                         else
1869                                 socket_enter_stop_pre(s, false);
1870                         break;
1871
1872                 case SOCKET_STOP_PRE:
1873                 case SOCKET_STOP_PRE_SIGTERM:
1874                 case SOCKET_STOP_PRE_SIGKILL:
1875                         socket_enter_stop_post(s, success);
1876                         break;
1877
1878                 case SOCKET_STOP_POST:
1879                 case SOCKET_FINAL_SIGTERM:
1880                 case SOCKET_FINAL_SIGKILL:
1881                         socket_enter_dead(s, success);
1882                         break;
1883
1884                 default:
1885                         assert_not_reached("Uh, control process died at wrong time.");
1886                 }
1887         }
1888
1889         /* Notify clients about changed exit status */
1890         unit_add_to_dbus_queue(u);
1891 }
1892
1893 static void socket_timer_event(Unit *u, uint64_t elapsed, Watch *w) {
1894         Socket *s = SOCKET(u);
1895
1896         assert(s);
1897         assert(elapsed == 1);
1898         assert(w == &s->timer_watch);
1899
1900         switch (s->state) {
1901
1902         case SOCKET_START_PRE:
1903                 log_warning("%s starting timed out. Terminating.", u->meta.id);
1904                 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, false);
1905                 break;
1906
1907         case SOCKET_START_POST:
1908                 log_warning("%s starting timed out. Stopping.", u->meta.id);
1909                 socket_enter_stop_pre(s, false);
1910                 break;
1911
1912         case SOCKET_STOP_PRE:
1913                 log_warning("%s stopping timed out. Terminating.", u->meta.id);
1914                 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, false);
1915                 break;
1916
1917         case SOCKET_STOP_PRE_SIGTERM:
1918                 if (s->exec_context.send_sigkill) {
1919                         log_warning("%s stopping timed out. Killing.", u->meta.id);
1920                         socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, false);
1921                 } else {
1922                         log_warning("%s stopping timed out. Skipping SIGKILL. Ignoring.", u->meta.id);
1923                         socket_enter_stop_post(s, false);
1924                 }
1925                 break;
1926
1927         case SOCKET_STOP_PRE_SIGKILL:
1928                 log_warning("%s still around after SIGKILL. Ignoring.", u->meta.id);
1929                 socket_enter_stop_post(s, false);
1930                 break;
1931
1932         case SOCKET_STOP_POST:
1933                 log_warning("%s stopping timed out (2). Terminating.", u->meta.id);
1934                 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, false);
1935                 break;
1936
1937         case SOCKET_FINAL_SIGTERM:
1938                 if (s->exec_context.send_sigkill) {
1939                         log_warning("%s stopping timed out (2). Killing.", u->meta.id);
1940                         socket_enter_signal(s, SOCKET_FINAL_SIGKILL, false);
1941                 } else {
1942                         log_warning("%s stopping timed out (2). Skipping SIGKILL. Ignoring.", u->meta.id);
1943                         socket_enter_dead(s, false);
1944                 }
1945                 break;
1946
1947         case SOCKET_FINAL_SIGKILL:
1948                 log_warning("%s still around after SIGKILL (2). Entering failed mode.", u->meta.id);
1949                 socket_enter_dead(s, false);
1950                 break;
1951
1952         default:
1953                 assert_not_reached("Timeout at wrong time.");
1954         }
1955 }
1956
1957 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
1958         int *rfds;
1959         unsigned rn_fds, k;
1960         SocketPort *p;
1961
1962         assert(s);
1963         assert(fds);
1964         assert(n_fds);
1965
1966         /* Called from the service code for requesting our fds */
1967
1968         rn_fds = 0;
1969         LIST_FOREACH(port, p, s->ports)
1970                 if (p->fd >= 0)
1971                         rn_fds++;
1972
1973         if (rn_fds <= 0) {
1974                 *fds = NULL;
1975                 *n_fds = 0;
1976                 return 0;
1977         }
1978
1979         if (!(rfds = new(int, rn_fds)))
1980                 return -ENOMEM;
1981
1982         k = 0;
1983         LIST_FOREACH(port, p, s->ports)
1984                 if (p->fd >= 0)
1985                         rfds[k++] = p->fd;
1986
1987         assert(k == rn_fds);
1988
1989         *fds = rfds;
1990         *n_fds = rn_fds;
1991
1992         return 0;
1993 }
1994
1995 void socket_notify_service_dead(Socket *s) {
1996         assert(s);
1997
1998         /* The service is dead. Dang!
1999          *
2000          * This is strictly for one-instance-for-all-connections
2001          * services. */
2002
2003         if (s->state == SOCKET_RUNNING) {
2004                 log_debug("%s got notified about service death.", s->meta.id);
2005                 socket_enter_listening(s);
2006         }
2007 }
2008
2009 void socket_connection_unref(Socket *s) {
2010         assert(s);
2011
2012         /* The service is dead. Yay!
2013          *
2014          * This is strictly for one-instance-per-connection
2015          * services. */
2016
2017         assert(s->n_connections > 0);
2018         s->n_connections--;
2019
2020         log_debug("%s: One connection closed, %u left.", s->meta.id, s->n_connections);
2021 }
2022
2023 static void socket_reset_failed(Unit *u) {
2024         Socket *s = SOCKET(u);
2025
2026         assert(s);
2027
2028         if (s->state == SOCKET_FAILED)
2029                 socket_set_state(s, SOCKET_DEAD);
2030
2031         s->failure = false;
2032 }
2033
2034 static int socket_kill(Unit *u, KillWho who, KillMode mode, int signo, DBusError *error) {
2035         Socket *s = SOCKET(u);
2036         int r = 0;
2037         Set *pid_set = NULL;
2038
2039         assert(s);
2040
2041         if (who == KILL_MAIN) {
2042                 dbus_set_error(error, BUS_ERROR_NO_SUCH_PROCESS, "Socket units have no main processes");
2043                 return -ESRCH;
2044         }
2045
2046         if (s->control_pid <= 0 && who == KILL_CONTROL) {
2047                 dbus_set_error(error, BUS_ERROR_NO_SUCH_PROCESS, "No control process to kill");
2048                 return -ESRCH;
2049         }
2050
2051         if (who == KILL_CONTROL || who == KILL_ALL)
2052                 if (s->control_pid > 0)
2053                         if (kill(s->control_pid, signo) < 0)
2054                                 r = -errno;
2055
2056         if (who == KILL_ALL && mode == KILL_CONTROL_GROUP) {
2057                 int q;
2058
2059                 if (!(pid_set = set_new(trivial_hash_func, trivial_compare_func)))
2060                         return -ENOMEM;
2061
2062                 /* Exclude the control pid from being killed via the cgroup */
2063                 if (s->control_pid > 0)
2064                         if ((q = set_put(pid_set, LONG_TO_PTR(s->control_pid))) < 0) {
2065                                 r = q;
2066                                 goto finish;
2067                         }
2068
2069                 if ((q = cgroup_bonding_kill_list(s->meta.cgroup_bondings, signo, false, pid_set)) < 0)
2070                         if (q != -EAGAIN && q != -ESRCH && q != -ENOENT)
2071                                 r = q;
2072         }
2073
2074 finish:
2075         if (pid_set)
2076                 set_free(pid_set);
2077
2078         return r;
2079 }
2080
2081 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2082         [SOCKET_DEAD] = "dead",
2083         [SOCKET_START_PRE] = "start-pre",
2084         [SOCKET_START_POST] = "start-post",
2085         [SOCKET_LISTENING] = "listening",
2086         [SOCKET_RUNNING] = "running",
2087         [SOCKET_STOP_PRE] = "stop-pre",
2088         [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2089         [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2090         [SOCKET_STOP_POST] = "stop-post",
2091         [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2092         [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2093         [SOCKET_FAILED] = "failed"
2094 };
2095
2096 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2097
2098 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2099         [SOCKET_EXEC_START_PRE] = "StartPre",
2100         [SOCKET_EXEC_START_POST] = "StartPost",
2101         [SOCKET_EXEC_STOP_PRE] = "StopPre",
2102         [SOCKET_EXEC_STOP_POST] = "StopPost"
2103 };
2104
2105 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2106
2107 const UnitVTable socket_vtable = {
2108         .suffix = ".socket",
2109         .sections =
2110                 "Unit\0"
2111                 "Socket\0"
2112                 "Install\0",
2113
2114         .init = socket_init,
2115         .done = socket_done,
2116         .load = socket_load,
2117
2118         .kill = socket_kill,
2119
2120         .coldplug = socket_coldplug,
2121
2122         .dump = socket_dump,
2123
2124         .start = socket_start,
2125         .stop = socket_stop,
2126
2127         .serialize = socket_serialize,
2128         .deserialize_item = socket_deserialize_item,
2129
2130         .active_state = socket_active_state,
2131         .sub_state_to_string = socket_sub_state_to_string,
2132
2133         .check_gc = socket_check_gc,
2134
2135         .fd_event = socket_fd_event,
2136         .sigchld_event = socket_sigchld_event,
2137         .timer_event = socket_timer_event,
2138
2139         .reset_failed = socket_reset_failed,
2140
2141         .bus_interface = "org.freedesktop.systemd1.Socket",
2142         .bus_message_handler = bus_socket_message_handler,
2143         .bus_invalidating_properties =  bus_socket_invalidating_properties
2144 };
Unnamed repository; edit this file 'description' to name the repository.