chiark / gitweb /
~ianmdlvl / elogind.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Revert "socket: add support for TCP fast Open"
[elogind.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4   This file is part of systemd.
5
6   Copyright 2010 Lennart Poettering
7
8   systemd is free software; you can redistribute it and/or modify it
9   under the terms of the GNU Lesser General Public License as published by
10   the Free Software Foundation; either version 2.1 of the License, or
11   (at your option) any later version.
12
13   systemd is distributed in the hope that it will be useful, but
14   WITHOUT ANY WARRANTY; without even the implied warranty of
15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16   Lesser General Public License for more details.
17
18   You should have received a copy of the GNU Lesser General Public License
19   along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/types.h>
23 #include <sys/stat.h>
24 #include <unistd.h>
25 #include <errno.h>
26 #include <fcntl.h>
27 #include <sys/epoll.h>
28 #include <signal.h>
29 #include <arpa/inet.h>
30 #include <netinet/tcp.h>
31 #include <mqueue.h>
32 #include <sys/xattr.h>
33
34 #include "sd-event.h"
35 #include "log.h"
36 #include "load-dropin.h"
37 #include "load-fragment.h"
38 #include "strv.h"
39 #include "mkdir.h"
40 #include "path-util.h"
41 #include "unit-name.h"
42 #include "unit-printf.h"
43 #include "missing.h"
44 #include "special.h"
45 #include "label.h"
46 #include "exit-status.h"
47 #include "def.h"
48 #include "smack-util.h"
49 #include "bus-util.h"
50 #include "bus-error.h"
51 #include "dbus-socket.h"
52 #include "unit.h"
53 #include "socket.h"
54
55 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
56         [SOCKET_DEAD] = UNIT_INACTIVE,
57         [SOCKET_START_PRE] = UNIT_ACTIVATING,
58         [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
59         [SOCKET_START_POST] = UNIT_ACTIVATING,
60         [SOCKET_LISTENING] = UNIT_ACTIVE,
61         [SOCKET_RUNNING] = UNIT_ACTIVE,
62         [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
63         [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
64         [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
65         [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
66         [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
67         [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
68         [SOCKET_FAILED] = UNIT_FAILED
69 };
70
71 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
72 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
73
74 static void socket_init(Unit *u) {
75         Socket *s = SOCKET(u);
76
77         assert(u);
78         assert(u->load_state == UNIT_STUB);
79
80         s->backlog = SOMAXCONN;
81         s->timeout_usec = u->manager->default_timeout_start_usec;
82         s->directory_mode = 0755;
83         s->socket_mode = 0666;
84
85         s->max_connections = 64;
86
87         s->priority = -1;
88         s->ip_tos = -1;
89         s->ip_ttl = -1;
90         s->mark = -1;
91
92         s->exec_context.std_output = u->manager->default_std_output;
93         s->exec_context.std_error = u->manager->default_std_error;
94
95         s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
96 }
97
98 static void socket_unwatch_control_pid(Socket *s) {
99         assert(s);
100
101         if (s->control_pid <= 0)
102                 return;
103
104         unit_unwatch_pid(UNIT(s), s->control_pid);
105         s->control_pid = 0;
106 }
107
108 void socket_free_ports(Socket *s) {
109         SocketPort *p;
110
111         assert(s);
112
113         while ((p = s->ports)) {
114                 LIST_REMOVE(port, s->ports, p);
115
116                 sd_event_source_unref(p->event_source);
117
118                 safe_close(p->fd);
119                 free(p->path);
120                 free(p);
121         }
122 }
123
124 static void socket_done(Unit *u) {
125         Socket *s = SOCKET(u);
126
127         assert(s);
128
129         socket_free_ports(s);
130
131         s->exec_runtime = exec_runtime_unref(s->exec_runtime);
132         exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
133         s->control_command = NULL;
134
135         socket_unwatch_control_pid(s);
136
137         unit_ref_unset(&s->service);
138
139         free(s->tcp_congestion);
140         s->tcp_congestion = NULL;
141
142         free(s->bind_to_device);
143         s->bind_to_device = NULL;
144
145         free(s->smack);
146         free(s->smack_ip_in);
147         free(s->smack_ip_out);
148
149         strv_free(s->symlinks);
150
151         free(s->user);
152         free(s->group);
153
154         s->timer_event_source = sd_event_source_unref(s->timer_event_source);
155 }
156
157 static int socket_arm_timer(Socket *s) {
158         int r;
159
160         assert(s);
161
162         if (s->timeout_usec <= 0) {
163                 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
164                 return 0;
165         }
166
167         if (s->timer_event_source) {
168                 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
169                 if (r < 0)
170                         return r;
171
172                 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
173         }
174
175         return sd_event_add_time(
176                         UNIT(s)->manager->event,
177                         &s->timer_event_source,
178                         CLOCK_MONOTONIC,
179                         now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
180                         socket_dispatch_timer, s);
181 }
182
183 int socket_instantiate_service(Socket *s) {
184         _cleanup_free_ char *prefix = NULL, *name = NULL;
185         int r;
186         Unit *u;
187
188         assert(s);
189
190         /* This fills in s->service if it isn't filled in yet. For
191          * Accept=yes sockets we create the next connection service
192          * here. For Accept=no this is mostly a NOP since the service
193          * is figured out at load time anyway. */
194
195         if (UNIT_DEREF(s->service) || !s->accept)
196                 return 0;
197
198         prefix = unit_name_to_prefix(UNIT(s)->id);
199         if (!prefix)
200                 return -ENOMEM;
201
202         if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
203                 return -ENOMEM;
204
205         r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
206         if (r < 0)
207                 return r;
208
209         u->no_gc = true;
210         unit_ref_set(&s->service, u);
211
212         return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
213 }
214
215 static bool have_non_accept_socket(Socket *s) {
216         SocketPort *p;
217
218         assert(s);
219
220         if (!s->accept)
221                 return true;
222
223         LIST_FOREACH(port, p, s->ports) {
224
225                 if (p->type != SOCKET_SOCKET)
226                         return true;
227
228                 if (!socket_address_can_accept(&p->address))
229                         return true;
230         }
231
232         return false;
233 }
234
235 static int socket_add_mount_links(Socket *s) {
236         SocketPort *p;
237         int r;
238
239         assert(s);
240
241         LIST_FOREACH(port, p, s->ports) {
242                 const char *path = NULL;
243
244                 if (p->type == SOCKET_SOCKET)
245                         path = socket_address_get_path(&p->address);
246                 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
247                         path = p->path;
248
249                 if (!path)
250                         continue;
251
252                 r = unit_require_mounts_for(UNIT(s), path);
253                 if (r < 0)
254                         return r;
255         }
256
257         return 0;
258 }
259
260 static int socket_add_device_link(Socket *s) {
261         char *t;
262
263         assert(s);
264
265         if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
266                 return 0;
267
268         t = strappenda("/sys/subsystem/net/devices/", s->bind_to_device);
269         return unit_add_node_link(UNIT(s), t, false);
270 }
271
272 static int socket_add_default_dependencies(Socket *s) {
273         int r;
274         assert(s);
275
276         r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
277         if (r < 0)
278                 return r;
279
280         if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
281                 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
282                 if (r < 0)
283                         return r;
284         }
285
286         return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
287 }
288
289 _pure_ static bool socket_has_exec(Socket *s) {
290         unsigned i;
291         assert(s);
292
293         for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
294                 if (s->exec_command[i])
295                         return true;
296
297         return false;
298 }
299
300 static int socket_add_extras(Socket *s) {
301         Unit *u = UNIT(s);
302         int r;
303
304         assert(s);
305
306         if (have_non_accept_socket(s)) {
307
308                 if (!UNIT_DEREF(s->service)) {
309                         Unit *x;
310
311                         r = unit_load_related_unit(u, ".service", &x);
312                         if (r < 0)
313                                 return r;
314
315                         unit_ref_set(&s->service, x);
316                 }
317
318                 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
319                 if (r < 0)
320                         return r;
321         }
322
323         r = socket_add_mount_links(s);
324         if (r < 0)
325                 return r;
326
327         r = socket_add_device_link(s);
328         if (r < 0)
329                 return r;
330
331         r = unit_patch_contexts(u);
332         if (r < 0)
333                 return r;
334
335         if (socket_has_exec(s)) {
336                 r = unit_add_exec_dependencies(u, &s->exec_context);
337                 if (r < 0)
338                         return r;
339
340                 r = unit_add_default_slice(u, &s->cgroup_context);
341                 if (r < 0)
342                         return r;
343         }
344
345         if (u->default_dependencies) {
346                 r = socket_add_default_dependencies(s);
347                 if (r < 0)
348                         return r;
349         }
350
351         return 0;
352 }
353
354 static const char *socket_find_symlink_target(Socket *s) {
355         const char *found = NULL;
356         SocketPort *p;
357
358         LIST_FOREACH(port, p, s->ports) {
359                 const char *f = NULL;
360
361                 switch (p->type) {
362
363                 case SOCKET_FIFO:
364                         f = p->path;
365                         break;
366
367                 case SOCKET_SOCKET:
368                         if (p->address.sockaddr.un.sun_path[0] != 0)
369                                 f = p->address.sockaddr.un.sun_path;
370                         break;
371
372                 default:
373                         break;
374                 }
375
376                 if (f) {
377                         if (found)
378                                 return NULL;
379
380                         found = f;
381                 }
382         }
383
384         return found;
385 }
386
387 static int socket_verify(Socket *s) {
388         assert(s);
389
390         if (UNIT(s)->load_state != UNIT_LOADED)
391                 return 0;
392
393         if (!s->ports) {
394                 log_error_unit(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
395                 return -EINVAL;
396         }
397
398         if (s->accept && have_non_accept_socket(s)) {
399                 log_error_unit(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
400                                UNIT(s)->id);
401                 return -EINVAL;
402         }
403
404         if (s->accept && s->max_connections <= 0) {
405                 log_error_unit(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
406                 return -EINVAL;
407         }
408
409         if (s->accept && UNIT_DEREF(s->service)) {
410                 log_error_unit(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
411                 return -EINVAL;
412         }
413
414         if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
415                 log_error_unit(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
416                 return -EINVAL;
417         }
418
419         if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
420                 log_error_unit(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
421                 return -EINVAL;
422         }
423
424         return 0;
425 }
426
427 static int socket_load(Unit *u) {
428         Socket *s = SOCKET(u);
429         int r;
430
431         assert(u);
432         assert(u->load_state == UNIT_STUB);
433
434         r = unit_load_fragment_and_dropin(u);
435         if (r < 0)
436                 return r;
437
438         if (u->load_state == UNIT_LOADED) {
439                 /* This is a new unit? Then let's add in some extras */
440                 r = socket_add_extras(s);
441                 if (r < 0)
442                         return r;
443         }
444
445         return socket_verify(s);
446 }
447
448 _const_ static const char* listen_lookup(int family, int type) {
449
450         if (family == AF_NETLINK)
451                 return "ListenNetlink";
452
453         if (type == SOCK_STREAM)
454                 return "ListenStream";
455         else if (type == SOCK_DGRAM)
456                 return "ListenDatagram";
457         else if (type == SOCK_SEQPACKET)
458                 return "ListenSequentialPacket";
459
460         assert_not_reached("Unknown socket type");
461         return NULL;
462 }
463
464 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
465         SocketExecCommand c;
466         Socket *s = SOCKET(u);
467         SocketPort *p;
468         const char *prefix2;
469
470         assert(s);
471         assert(f);
472
473         prefix2 = strappenda(prefix, "\t");
474
475         fprintf(f,
476                 "%sSocket State: %s\n"
477                 "%sResult: %s\n"
478                 "%sBindIPv6Only: %s\n"
479                 "%sBacklog: %u\n"
480                 "%sSocketMode: %04o\n"
481                 "%sDirectoryMode: %04o\n"
482                 "%sKeepAlive: %s\n"
483                 "%sNoDelay: %s\n"
484                 "%sFreeBind: %s\n"
485                 "%sTransparent: %s\n"
486                 "%sBroadcast: %s\n"
487                 "%sPassCredentials: %s\n"
488                 "%sPassSecurity: %s\n"
489                 "%sTCPCongestion: %s\n"
490                 "%sRemoveOnStop: %s\n",
491                 prefix, socket_state_to_string(s->state),
492                 prefix, socket_result_to_string(s->result),
493                 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
494                 prefix, s->backlog,
495                 prefix, s->socket_mode,
496                 prefix, s->directory_mode,
497                 prefix, yes_no(s->keep_alive),
498                 prefix, yes_no(s->no_delay),
499                 prefix, yes_no(s->free_bind),
500                 prefix, yes_no(s->transparent),
501                 prefix, yes_no(s->broadcast),
502                 prefix, yes_no(s->pass_cred),
503                 prefix, yes_no(s->pass_sec),
504                 prefix, strna(s->tcp_congestion),
505                 prefix, yes_no(s->remove_on_stop));
506
507         if (s->control_pid > 0)
508                 fprintf(f,
509                         "%sControl PID: "PID_FMT"\n",
510                         prefix, s->control_pid);
511
512         if (s->bind_to_device)
513                 fprintf(f,
514                         "%sBindToDevice: %s\n",
515                         prefix, s->bind_to_device);
516
517         if (s->accept)
518                 fprintf(f,
519                         "%sAccepted: %u\n"
520                         "%sNConnections: %u\n"
521                         "%sMaxConnections: %u\n",
522                         prefix, s->n_accepted,
523                         prefix, s->n_connections,
524                         prefix, s->max_connections);
525
526         if (s->priority >= 0)
527                 fprintf(f,
528                         "%sPriority: %i\n",
529                         prefix, s->priority);
530
531         if (s->receive_buffer > 0)
532                 fprintf(f,
533                         "%sReceiveBuffer: %zu\n",
534                         prefix, s->receive_buffer);
535
536         if (s->send_buffer > 0)
537                 fprintf(f,
538                         "%sSendBuffer: %zu\n",
539                         prefix, s->send_buffer);
540
541         if (s->ip_tos >= 0)
542                 fprintf(f,
543                         "%sIPTOS: %i\n",
544                         prefix, s->ip_tos);
545
546         if (s->ip_ttl >= 0)
547                 fprintf(f,
548                         "%sIPTTL: %i\n",
549                         prefix, s->ip_ttl);
550
551         if (s->pipe_size > 0)
552                 fprintf(f,
553                         "%sPipeSize: %zu\n",
554                         prefix, s->pipe_size);
555
556         if (s->mark >= 0)
557                 fprintf(f,
558                         "%sMark: %i\n",
559                         prefix, s->mark);
560
561         if (s->mq_maxmsg > 0)
562                 fprintf(f,
563                         "%sMessageQueueMaxMessages: %li\n",
564                         prefix, s->mq_maxmsg);
565
566         if (s->mq_msgsize > 0)
567                 fprintf(f,
568                         "%sMessageQueueMessageSize: %li\n",
569                         prefix, s->mq_msgsize);
570
571         if (s->reuse_port)
572                 fprintf(f,
573                         "%sReusePort: %s\n",
574                          prefix, yes_no(s->reuse_port));
575
576         if (s->smack)
577                 fprintf(f,
578                         "%sSmackLabel: %s\n",
579                         prefix, s->smack);
580
581         if (s->smack_ip_in)
582                 fprintf(f,
583                         "%sSmackLabelIPIn: %s\n",
584                         prefix, s->smack_ip_in);
585
586         if (s->smack_ip_out)
587                 fprintf(f,
588                         "%sSmackLabelIPOut: %s\n",
589                         prefix, s->smack_ip_out);
590
591         if (!isempty(s->user) || !isempty(s->group))
592                 fprintf(f,
593                         "%sOwnerUser: %s\n"
594                         "%sOwnerGroup: %s\n",
595                         prefix, strna(s->user),
596                         prefix, strna(s->group));
597
598         LIST_FOREACH(port, p, s->ports) {
599
600                 if (p->type == SOCKET_SOCKET) {
601                         const char *t;
602                         int r;
603                         char *k = NULL;
604
605                         if ((r = socket_address_print(&p->address, &k)) < 0)
606                                 t = strerror(-r);
607                         else
608                                 t = k;
609
610                         fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
611                         free(k);
612                 } else if (p->type == SOCKET_SPECIAL)
613                         fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
614                 else if (p->type == SOCKET_MQUEUE)
615                         fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
616                 else
617                         fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
618         }
619
620         exec_context_dump(&s->exec_context, f, prefix);
621         kill_context_dump(&s->kill_context, f, prefix);
622
623         for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
624                 if (!s->exec_command[c])
625                         continue;
626
627                 fprintf(f, "%s-> %s:\n",
628                         prefix, socket_exec_command_to_string(c));
629
630                 exec_command_dump_list(s->exec_command[c], f, prefix2);
631         }
632 }
633
634 static int instance_from_socket(int fd, unsigned nr, char **instance) {
635         socklen_t l;
636         char *r;
637         union sockaddr_union local, remote;
638
639         assert(fd >= 0);
640         assert(instance);
641
642         l = sizeof(local);
643         if (getsockname(fd, &local.sa, &l) < 0)
644                 return -errno;
645
646         l = sizeof(remote);
647         if (getpeername(fd, &remote.sa, &l) < 0)
648                 return -errno;
649
650         switch (local.sa.sa_family) {
651
652         case AF_INET: {
653                 uint32_t
654                         a = ntohl(local.in.sin_addr.s_addr),
655                         b = ntohl(remote.in.sin_addr.s_addr);
656
657                 if (asprintf(&r,
658                              "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
659                              nr,
660                              a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
661                              ntohs(local.in.sin_port),
662                              b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
663                              ntohs(remote.in.sin_port)) < 0)
664                         return -ENOMEM;
665
666                 break;
667         }
668
669         case AF_INET6: {
670                 static const unsigned char ipv4_prefix[] = {
671                         0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
672                 };
673
674                 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
675                     memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
676                         const uint8_t
677                                 *a = local.in6.sin6_addr.s6_addr+12,
678                                 *b = remote.in6.sin6_addr.s6_addr+12;
679
680                         if (asprintf(&r,
681                                      "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
682                                      nr,
683                                      a[0], a[1], a[2], a[3],
684                                      ntohs(local.in6.sin6_port),
685                                      b[0], b[1], b[2], b[3],
686                                      ntohs(remote.in6.sin6_port)) < 0)
687                                 return -ENOMEM;
688                 } else {
689                         char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
690
691                         if (asprintf(&r,
692                                      "%u-%s:%u-%s:%u",
693                                      nr,
694                                      inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
695                                      ntohs(local.in6.sin6_port),
696                                      inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
697                                      ntohs(remote.in6.sin6_port)) < 0)
698                                 return -ENOMEM;
699                 }
700
701                 break;
702         }
703
704         case AF_UNIX: {
705                 struct ucred ucred;
706                 int k;
707
708                 k = getpeercred(fd, &ucred);
709                 if (k >= 0) {
710                         if (asprintf(&r,
711                                      "%u-"PID_FMT"-"UID_FMT,
712                                      nr, ucred.pid, ucred.uid) < 0)
713                                 return -ENOMEM;
714                 } else if (k == -ENODATA) {
715                         /* This handles the case where somebody is
716                          * connecting from another pid/uid namespace
717                          * (e.g. from outside of our container). */
718                         if (asprintf(&r,
719                                      "%u-unknown",
720                                      nr) < 0)
721                                 return -ENOMEM;
722                 } else
723                         return k;
724
725                 break;
726         }
727
728         default:
729                 assert_not_reached("Unhandled socket type.");
730         }
731
732         *instance = r;
733         return 0;
734 }
735
736 static void socket_close_fds(Socket *s) {
737         SocketPort *p;
738         char **i;
739
740         assert(s);
741
742         LIST_FOREACH(port, p, s->ports) {
743
744                 p->event_source = sd_event_source_unref(p->event_source);
745
746                 if (p->fd < 0)
747                         continue;
748
749                 p->fd = safe_close(p->fd);
750
751                 /* One little note: we should normally not delete any
752                  * sockets in the file system here! After all some
753                  * other process we spawned might still have a
754                  * reference of this fd and wants to continue to use
755                  * it. Therefore we delete sockets in the file system
756                  * before we create a new one, not after we stopped
757                  * using one! */
758
759                 if (s->remove_on_stop) {
760                         switch (p->type) {
761
762                         case SOCKET_FIFO:
763                                 unlink(p->path);
764                                 break;
765
766                         case SOCKET_MQUEUE:
767                                 mq_unlink(p->path);
768                                 break;
769
770                         case SOCKET_SOCKET:
771                                 socket_address_unlink(&p->address);
772                                 break;
773
774                         default:
775                                 break;
776                         }
777                 }
778         }
779
780         if (s->remove_on_stop)
781                 STRV_FOREACH(i, s->symlinks)
782                         unlink(*i);
783 }
784
785 static void socket_apply_socket_options(Socket *s, int fd) {
786         assert(s);
787         assert(fd >= 0);
788
789         if (s->keep_alive) {
790                 int b = s->keep_alive;
791                 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
792                         log_warning_unit(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
793         }
794
795         if (s->no_delay) {
796                 int b = s->no_delay;
797                 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
798                         log_warning_unit(UNIT(s)->id, "TCP_NODELAY failed: %m");
799         }
800
801         if (s->broadcast) {
802                 int one = 1;
803                 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
804                         log_warning_unit(UNIT(s)->id, "SO_BROADCAST failed: %m");
805         }
806
807         if (s->pass_cred) {
808                 int one = 1;
809                 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
810                         log_warning_unit(UNIT(s)->id, "SO_PASSCRED failed: %m");
811         }
812
813         if (s->pass_sec) {
814                 int one = 1;
815                 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
816                         log_warning_unit(UNIT(s)->id, "SO_PASSSEC failed: %m");
817         }
818
819         if (s->priority >= 0)
820                 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
821                         log_warning_unit(UNIT(s)->id, "SO_PRIORITY failed: %m");
822
823         if (s->receive_buffer > 0) {
824                 int value = (int) s->receive_buffer;
825
826                 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
827
828                 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
829                         if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
830                                 log_warning_unit(UNIT(s)->id, "SO_RCVBUF failed: %m");
831         }
832
833         if (s->send_buffer > 0) {
834                 int value = (int) s->send_buffer;
835                 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
836                         if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
837                                 log_warning_unit(UNIT(s)->id, "SO_SNDBUF failed: %m");
838         }
839
840         if (s->mark >= 0)
841                 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
842                         log_warning_unit(UNIT(s)->id, "SO_MARK failed: %m");
843
844         if (s->ip_tos >= 0)
845                 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
846                         log_warning_unit(UNIT(s)->id, "IP_TOS failed: %m");
847
848         if (s->ip_ttl >= 0) {
849                 int r, x;
850
851                 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
852
853                 if (socket_ipv6_is_supported())
854                         x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
855                 else {
856                         x = -1;
857                         errno = EAFNOSUPPORT;
858                 }
859
860                 if (r < 0 && x < 0)
861                         log_warning_unit(UNIT(s)->id,
862                                          "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
863         }
864
865         if (s->tcp_congestion)
866                 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
867                         log_warning_unit(UNIT(s)->id, "TCP_CONGESTION failed: %m");
868
869         if (s->reuse_port) {
870                 int b = s->reuse_port;
871                 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
872                         log_warning_unit(UNIT(s)->id, "SO_REUSEPORT failed: %m");
873         }
874
875         if (s->smack_ip_in)
876                 if (smack_label_ip_in_fd(fd, s->smack_ip_in) < 0)
877                         log_error_unit(UNIT(s)->id, "smack_label_ip_in_fd: %m");
878
879         if (s->smack_ip_out)
880                 if (smack_label_ip_out_fd(fd, s->smack_ip_out) < 0)
881                         log_error_unit(UNIT(s)->id, "smack_label_ip_out_fd: %m");
882 }
883
884 static void socket_apply_fifo_options(Socket *s, int fd) {
885         assert(s);
886         assert(fd >= 0);
887
888         if (s->pipe_size > 0)
889                 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
890                         log_warning_unit(UNIT(s)->id,
891                                          "F_SETPIPE_SZ: %m");
892
893         if (s->smack)
894                 if (smack_label_fd(fd, s->smack) < 0)
895                         log_error_unit(UNIT(s)->id, "smack_label_fd: %m");
896 }
897
898 static int fifo_address_create(
899                 const char *path,
900                 mode_t directory_mode,
901                 mode_t socket_mode,
902                 int *_fd) {
903
904         int fd = -1, r = 0;
905         struct stat st;
906         mode_t old_mask;
907
908         assert(path);
909         assert(_fd);
910
911         mkdir_parents_label(path, directory_mode);
912
913         r = label_context_set(path, S_IFIFO);
914         if (r < 0)
915                 goto fail;
916
917         /* Enforce the right access mode for the fifo */
918         old_mask = umask(~ socket_mode);
919
920         /* Include the original umask in our mask */
921         umask(~socket_mode | old_mask);
922
923         r = mkfifo(path, socket_mode);
924         umask(old_mask);
925
926         if (r < 0 && errno != EEXIST) {
927                 r = -errno;
928                 goto fail;
929         }
930
931         if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
932                 r = -errno;
933                 goto fail;
934         }
935
936         label_context_clear();
937
938         if (fstat(fd, &st) < 0) {
939                 r = -errno;
940                 goto fail;
941         }
942
943         if (!S_ISFIFO(st.st_mode) ||
944             (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
945             st.st_uid != getuid() ||
946             st.st_gid != getgid()) {
947
948                 r = -EEXIST;
949                 goto fail;
950         }
951
952         *_fd = fd;
953         return 0;
954
955 fail:
956         label_context_clear();
957         safe_close(fd);
958
959         return r;
960 }
961
962 static int special_address_create(
963                 const char *path,
964                 int *_fd) {
965
966         int fd = -1, r = 0;
967         struct stat st;
968
969         assert(path);
970         assert(_fd);
971
972         fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
973         if (fd < 0) {
974                 r = -errno;
975                 goto fail;
976         }
977
978         if (fstat(fd, &st) < 0) {
979                 r = -errno;
980                 goto fail;
981         }
982
983         /* Check whether this is a /proc, /sys or /dev file or char device */
984         if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
985                 r = -EEXIST;
986                 goto fail;
987         }
988
989         *_fd = fd;
990         return 0;
991
992 fail:
993         safe_close(fd);
994
995         return r;
996 }
997
998 static int mq_address_create(
999                 const char *path,
1000                 mode_t mq_mode,
1001                 long maxmsg,
1002                 long msgsize,
1003                 int *_fd) {
1004
1005         int fd = -1, r = 0;
1006         struct stat st;
1007         mode_t old_mask;
1008         struct mq_attr _attr, *attr = NULL;
1009
1010         assert(path);
1011         assert(_fd);
1012
1013         if (maxmsg > 0 && msgsize > 0) {
1014                 zero(_attr);
1015                 _attr.mq_flags = O_NONBLOCK;
1016                 _attr.mq_maxmsg = maxmsg;
1017                 _attr.mq_msgsize = msgsize;
1018                 attr = &_attr;
1019         }
1020
1021         /* Enforce the right access mode for the mq */
1022         old_mask = umask(~ mq_mode);
1023
1024         /* Include the original umask in our mask */
1025         umask(~mq_mode | old_mask);
1026         fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1027         umask(old_mask);
1028
1029         if (fd < 0) {
1030                 r = -errno;
1031                 goto fail;
1032         }
1033
1034         if (fstat(fd, &st) < 0) {
1035                 r = -errno;
1036                 goto fail;
1037         }
1038
1039         if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1040             st.st_uid != getuid() ||
1041             st.st_gid != getgid()) {
1042
1043                 r = -EEXIST;
1044                 goto fail;
1045         }
1046
1047         *_fd = fd;
1048         return 0;
1049
1050 fail:
1051         safe_close(fd);
1052         return r;
1053 }
1054
1055 static int socket_symlink(Socket *s) {
1056         const char *p;
1057         char **i;
1058
1059         assert(s);
1060
1061         p = socket_find_symlink_target(s);
1062         if (!p)
1063                 return 0;
1064
1065         STRV_FOREACH(i, s->symlinks)
1066                 symlink(p, *i);
1067
1068         return 0;
1069 }
1070
1071 static int socket_open_fds(Socket *s) {
1072         SocketPort *p;
1073         int r;
1074         char *label = NULL;
1075         bool know_label = false;
1076
1077         assert(s);
1078
1079         LIST_FOREACH(port, p, s->ports) {
1080
1081                 if (p->fd >= 0)
1082                         continue;
1083
1084                 if (p->type == SOCKET_SOCKET) {
1085
1086                         if (!know_label) {
1087
1088                                 r = socket_instantiate_service(s);
1089                                 if (r < 0)
1090                                         return r;
1091
1092                                 if (UNIT_ISSET(s->service) &&
1093                                     SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1094                                         r = label_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1095                                         if (r < 0 && r != -EPERM)
1096                                                 return r;
1097                                 }
1098
1099                                 know_label = true;
1100                         }
1101
1102                         r = socket_address_listen(
1103                                         &p->address,
1104                                         SOCK_CLOEXEC|SOCK_NONBLOCK,
1105                                         s->backlog,
1106                                         s->bind_ipv6_only,
1107                                         s->bind_to_device,
1108                                         s->free_bind,
1109                                         s->transparent,
1110                                         s->directory_mode,
1111                                         s->socket_mode,
1112                                         label);
1113                         if (r < 0)
1114                                 goto rollback;
1115
1116                         p->fd = r;
1117                         socket_apply_socket_options(s, p->fd);
1118                         socket_symlink(s);
1119
1120                 } else  if (p->type == SOCKET_SPECIAL) {
1121
1122                         r = special_address_create(
1123                                         p->path,
1124                                         &p->fd);
1125                         if (r < 0)
1126                                 goto rollback;
1127
1128                 } else  if (p->type == SOCKET_FIFO) {
1129
1130                         r = fifo_address_create(
1131                                         p->path,
1132                                         s->directory_mode,
1133                                         s->socket_mode,
1134                                         &p->fd);
1135                         if (r < 0)
1136                                 goto rollback;
1137
1138                         socket_apply_fifo_options(s, p->fd);
1139                         socket_symlink(s);
1140
1141                 } else if (p->type == SOCKET_MQUEUE) {
1142
1143                         r = mq_address_create(
1144                                         p->path,
1145                                         s->socket_mode,
1146                                         s->mq_maxmsg,
1147                                         s->mq_msgsize,
1148                                         &p->fd);
1149                         if (r < 0)
1150                                 goto rollback;
1151                 } else
1152                         assert_not_reached("Unknown port type");
1153         }
1154
1155         label_free(label);
1156         return 0;
1157
1158 rollback:
1159         socket_close_fds(s);
1160         label_free(label);
1161         return r;
1162 }
1163
1164 static void socket_unwatch_fds(Socket *s) {
1165         SocketPort *p;
1166         int r;
1167
1168         assert(s);
1169
1170         LIST_FOREACH(port, p, s->ports) {
1171                 if (p->fd < 0)
1172                         continue;
1173
1174                 if (!p->event_source)
1175                         continue;
1176
1177                 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1178                 if (r < 0)
1179                         log_debug_unit(UNIT(s)->id, "Failed to disable event source.");
1180         }
1181 }
1182
1183 static int socket_watch_fds(Socket *s) {
1184         SocketPort *p;
1185         int r;
1186
1187         assert(s);
1188
1189         LIST_FOREACH(port, p, s->ports) {
1190                 if (p->fd < 0)
1191                         continue;
1192
1193                 if (p->event_source)
1194                         r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1195                 else
1196                         r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1197
1198                 if (r < 0) {
1199                         log_warning_unit(UNIT(s)->id, "Failed to watch listening fds: %s", strerror(-r));
1200                         goto fail;
1201                 }
1202         }
1203
1204         return 0;
1205
1206 fail:
1207         socket_unwatch_fds(s);
1208         return r;
1209 }
1210
1211 static void socket_set_state(Socket *s, SocketState state) {
1212         SocketState old_state;
1213         assert(s);
1214
1215         old_state = s->state;
1216         s->state = state;
1217
1218         if (!IN_SET(state,
1219                     SOCKET_START_PRE,
1220                     SOCKET_START_CHOWN,
1221                     SOCKET_START_POST,
1222                     SOCKET_STOP_PRE,
1223                     SOCKET_STOP_PRE_SIGTERM,
1224                     SOCKET_STOP_PRE_SIGKILL,
1225                     SOCKET_STOP_POST,
1226                     SOCKET_FINAL_SIGTERM,
1227                     SOCKET_FINAL_SIGKILL)) {
1228
1229                 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1230                 socket_unwatch_control_pid(s);
1231                 s->control_command = NULL;
1232                 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1233         }
1234
1235         if (state != SOCKET_LISTENING)
1236                 socket_unwatch_fds(s);
1237
1238         if (!IN_SET(state,
1239                     SOCKET_START_CHOWN,
1240                     SOCKET_START_POST,
1241                     SOCKET_LISTENING,
1242                     SOCKET_RUNNING,
1243                     SOCKET_STOP_PRE,
1244                     SOCKET_STOP_PRE_SIGTERM,
1245                     SOCKET_STOP_PRE_SIGKILL))
1246                 socket_close_fds(s);
1247
1248         if (state != old_state)
1249                 log_debug_unit(UNIT(s)->id, "%s changed %s -> %s",
1250                                UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
1251
1252         unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1253 }
1254
1255 static int socket_coldplug(Unit *u) {
1256         Socket *s = SOCKET(u);
1257         int r;
1258
1259         assert(s);
1260         assert(s->state == SOCKET_DEAD);
1261
1262         if (s->deserialized_state == s->state)
1263                 return 0;
1264
1265         if (IN_SET(s->deserialized_state,
1266                    SOCKET_START_PRE,
1267                    SOCKET_START_CHOWN,
1268                    SOCKET_START_POST,
1269                    SOCKET_STOP_PRE,
1270                    SOCKET_STOP_PRE_SIGTERM,
1271                    SOCKET_STOP_PRE_SIGKILL,
1272                    SOCKET_STOP_POST,
1273                    SOCKET_FINAL_SIGTERM,
1274                    SOCKET_FINAL_SIGKILL)) {
1275
1276                 if (s->control_pid <= 0)
1277                         return -EBADMSG;
1278
1279                 r = unit_watch_pid(UNIT(s), s->control_pid);
1280                 if (r < 0)
1281                         return r;
1282
1283                 r = socket_arm_timer(s);
1284                 if (r < 0)
1285                         return r;
1286         }
1287
1288         if (IN_SET(s->deserialized_state,
1289                    SOCKET_START_CHOWN,
1290                    SOCKET_START_POST,
1291                    SOCKET_LISTENING,
1292                    SOCKET_RUNNING,
1293                    SOCKET_STOP_PRE,
1294                    SOCKET_STOP_PRE_SIGTERM,
1295                    SOCKET_STOP_PRE_SIGKILL)) {
1296                 r = socket_open_fds(s);
1297                 if (r < 0)
1298                         return r;
1299         }
1300
1301         if (s->deserialized_state == SOCKET_LISTENING) {
1302                 r = socket_watch_fds(s);
1303                 if (r < 0)
1304                         return r;
1305         }
1306
1307         socket_set_state(s, s->deserialized_state);
1308         return 0;
1309 }
1310
1311 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1312         _cleanup_free_ char **argv = NULL;
1313         pid_t pid;
1314         int r;
1315
1316         assert(s);
1317         assert(c);
1318         assert(_pid);
1319
1320         unit_realize_cgroup(UNIT(s));
1321
1322         r = unit_setup_exec_runtime(UNIT(s));
1323         if (r < 0)
1324                 goto fail;
1325
1326         r = socket_arm_timer(s);
1327         if (r < 0)
1328                 goto fail;
1329
1330         r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1331         if (r < 0)
1332                 goto fail;
1333
1334         r = exec_spawn(c,
1335                        argv,
1336                        &s->exec_context,
1337                        NULL, 0,
1338                        UNIT(s)->manager->environment,
1339                        true,
1340                        true,
1341                        true,
1342                        UNIT(s)->manager->confirm_spawn,
1343                        UNIT(s)->manager->cgroup_supported,
1344                        UNIT(s)->cgroup_path,
1345                        manager_get_runtime_prefix(UNIT(s)->manager),
1346                        UNIT(s)->id,
1347                        0,
1348                        NULL,
1349                        s->exec_runtime,
1350                        &pid);
1351         if (r < 0)
1352                 goto fail;
1353
1354         r = unit_watch_pid(UNIT(s), pid);
1355         if (r < 0)
1356                 /* FIXME: we need to do something here */
1357                 goto fail;
1358
1359         *_pid = pid;
1360         return 0;
1361
1362 fail:
1363         s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1364         return r;
1365 }
1366
1367 static int socket_chown(Socket *s, pid_t *_pid) {
1368         pid_t pid;
1369         int r;
1370
1371         r = socket_arm_timer(s);
1372         if (r < 0)
1373                 goto fail;
1374
1375         /* We have to resolve the user names out-of-process, hence
1376          * let's fork here. It's messy, but well, what can we do? */
1377
1378         pid = fork();
1379         if (pid < 0)
1380                 return -errno;
1381
1382         if (pid == 0) {
1383                 SocketPort *p;
1384                 uid_t uid = (uid_t) -1;
1385                 gid_t gid = (gid_t) -1;
1386                 int ret;
1387
1388                 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1389                 ignore_signals(SIGPIPE, -1);
1390                 log_forget_fds();
1391
1392                 if (!isempty(s->user)) {
1393                         const char *user = s->user;
1394
1395                         r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1396                         if (r < 0) {
1397                                 ret = EXIT_USER;
1398                                 goto fail_child;
1399                         }
1400                 }
1401
1402                 if (!isempty(s->group)) {
1403                         const char *group = s->group;
1404
1405                         r = get_group_creds(&group, &gid);
1406                         if (r < 0) {
1407                                 ret = EXIT_GROUP;
1408                                 goto fail_child;
1409                         }
1410                 }
1411
1412                 LIST_FOREACH(port, p, s->ports) {
1413                         const char *path = NULL;
1414
1415                         if (p->type == SOCKET_SOCKET)
1416                                 path = socket_address_get_path(&p->address);
1417                         else if (p->type == SOCKET_FIFO)
1418                                 path = p->path;
1419
1420                         if (!path)
1421                                 continue;
1422
1423                         if (chown(path, uid, gid) < 0) {
1424                                 r = -errno;
1425                                 ret = EXIT_CHOWN;
1426                                 goto fail_child;
1427                         }
1428                 }
1429
1430                 _exit(0);
1431
1432         fail_child:
1433                 log_open();
1434                 log_error("Failed to chown socket at step %s: %s", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD), strerror(-r));
1435
1436                 _exit(ret);
1437         }
1438
1439         r = unit_watch_pid(UNIT(s), pid);
1440         if (r < 0)
1441                 goto fail;
1442
1443         *_pid = pid;
1444         return 0;
1445
1446 fail:
1447         s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1448         return r;
1449 }
1450
1451 static void socket_enter_dead(Socket *s, SocketResult f) {
1452         assert(s);
1453
1454         if (f != SOCKET_SUCCESS)
1455                 s->result = f;
1456
1457         exec_runtime_destroy(s->exec_runtime);
1458         s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1459
1460         exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1461
1462         socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1463 }
1464
1465 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1466
1467 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1468         int r;
1469         assert(s);
1470
1471         if (f != SOCKET_SUCCESS)
1472                 s->result = f;
1473
1474         socket_unwatch_control_pid(s);
1475         s->control_command_id = SOCKET_EXEC_STOP_POST;
1476         s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1477
1478         if (s->control_command) {
1479                 r = socket_spawn(s, s->control_command, &s->control_pid);
1480                 if (r < 0)
1481                         goto fail;
1482
1483                 socket_set_state(s, SOCKET_STOP_POST);
1484         } else
1485                 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1486
1487         return;
1488
1489 fail:
1490         log_warning_unit(UNIT(s)->id,
1491                          "%s failed to run 'stop-post' task: %s",
1492                          UNIT(s)->id, strerror(-r));
1493         socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1494 }
1495
1496 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1497         int r;
1498
1499         assert(s);
1500
1501         if (f != SOCKET_SUCCESS)
1502                 s->result = f;
1503
1504         r = unit_kill_context(
1505                         UNIT(s),
1506                         &s->kill_context,
1507                         state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM,
1508                         -1,
1509                         s->control_pid,
1510                         false);
1511         if (r < 0)
1512                 goto fail;
1513
1514         if (r > 0) {
1515                 r = socket_arm_timer(s);
1516                 if (r < 0)
1517                         goto fail;
1518
1519                 socket_set_state(s, state);
1520         } else if (state == SOCKET_STOP_PRE_SIGTERM)
1521                 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1522         else if (state == SOCKET_STOP_PRE_SIGKILL)
1523                 socket_enter_stop_post(s, SOCKET_SUCCESS);
1524         else if (state == SOCKET_FINAL_SIGTERM)
1525                 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1526         else
1527                 socket_enter_dead(s, SOCKET_SUCCESS);
1528
1529         return;
1530
1531 fail:
1532         log_warning_unit(UNIT(s)->id, "%s failed to kill processes: %s", UNIT(s)->id, strerror(-r));
1533
1534         if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1535                 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1536         else
1537                 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1538 }
1539
1540 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1541         int r;
1542         assert(s);
1543
1544         if (f != SOCKET_SUCCESS)
1545                 s->result = f;
1546
1547         socket_unwatch_control_pid(s);
1548         s->control_command_id = SOCKET_EXEC_STOP_PRE;
1549         s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1550
1551         if (s->control_command) {
1552                 r = socket_spawn(s, s->control_command, &s->control_pid);
1553                 if (r < 0)
1554                         goto fail;
1555
1556                 socket_set_state(s, SOCKET_STOP_PRE);
1557         } else
1558                 socket_enter_stop_post(s, SOCKET_SUCCESS);
1559
1560         return;
1561
1562 fail:
1563         log_warning_unit(UNIT(s)->id, "%s failed to run 'stop-pre' task: %s", UNIT(s)->id, strerror(-r));
1564         socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1565 }
1566
1567 static void socket_enter_listening(Socket *s) {
1568         int r;
1569         assert(s);
1570
1571         r = socket_watch_fds(s);
1572         if (r < 0) {
1573                 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1574                 goto fail;
1575         }
1576
1577         socket_set_state(s, SOCKET_LISTENING);
1578         return;
1579
1580 fail:
1581         socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1582 }
1583
1584 static void socket_enter_start_post(Socket *s) {
1585         int r;
1586         assert(s);
1587
1588         socket_unwatch_control_pid(s);
1589         s->control_command_id = SOCKET_EXEC_START_POST;
1590         s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1591
1592         if (s->control_command) {
1593                 r = socket_spawn(s, s->control_command, &s->control_pid);
1594                 if (r < 0) {
1595                         log_warning_unit(UNIT(s)->id, "%s failed to run 'start-post' task: %s", UNIT(s)->id, strerror(-r));
1596                         goto fail;
1597                 }
1598
1599                 socket_set_state(s, SOCKET_START_POST);
1600         } else
1601                 socket_enter_listening(s);
1602
1603         return;
1604
1605 fail:
1606         socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1607 }
1608
1609 static void socket_enter_start_chown(Socket *s) {
1610         int r;
1611
1612         assert(s);
1613
1614         r = socket_open_fds(s);
1615         if (r < 0) {
1616                 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1617                 goto fail;
1618         }
1619
1620         if (!isempty(s->user) || !isempty(s->group)) {
1621
1622                 socket_unwatch_control_pid(s);
1623                 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1624                 s->control_command = NULL;
1625
1626                 r = socket_chown(s, &s->control_pid);
1627                 if (r < 0) {
1628                         log_warning_unit(UNIT(s)->id, "%s failed to fork 'start-chown' task: %s", UNIT(s)->id, strerror(-r));
1629                         goto fail;
1630                 }
1631
1632                 socket_set_state(s, SOCKET_START_CHOWN);
1633         } else
1634                 socket_enter_start_post(s);
1635
1636         return;
1637
1638 fail:
1639         socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1640 }
1641
1642 static void socket_enter_start_pre(Socket *s) {
1643         int r;
1644         assert(s);
1645
1646         socket_unwatch_control_pid(s);
1647         s->control_command_id = SOCKET_EXEC_START_PRE;
1648         s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1649
1650         if (s->control_command) {
1651                 r = socket_spawn(s, s->control_command, &s->control_pid);
1652                 if (r < 0) {
1653                         log_warning_unit(UNIT(s)->id, "%s failed to run 'start-pre' task: %s", UNIT(s)->id, strerror(-r));
1654                         goto fail;
1655                 }
1656
1657                 socket_set_state(s, SOCKET_START_PRE);
1658         } else
1659                 socket_enter_start_chown(s);
1660
1661         return;
1662
1663 fail:
1664         socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1665 }
1666
1667 static void socket_enter_running(Socket *s, int cfd) {
1668         _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1669         int r;
1670
1671         assert(s);
1672
1673         /* We don't take connections anymore if we are supposed to
1674          * shut down anyway */
1675         if (unit_stop_pending(UNIT(s))) {
1676
1677                 log_debug_unit(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
1678
1679                 if (cfd >= 0)
1680                         safe_close(cfd);
1681                 else  {
1682                         /* Flush all sockets by closing and reopening them */
1683                         socket_close_fds(s);
1684
1685                         r = socket_open_fds(s);
1686                         if (r < 0) {
1687                                 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1688                                 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1689                                 return;
1690                         }
1691
1692                         r = socket_watch_fds(s);
1693                         if (r < 0) {
1694                                 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1695                                 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1696                         }
1697                 }
1698
1699                 return;
1700         }
1701
1702         if (cfd < 0) {
1703                 Iterator i;
1704                 Unit *other;
1705                 bool pending = false;
1706
1707                 /* If there's already a start pending don't bother to
1708                  * do anything */
1709                 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1710                         if (unit_active_or_pending(other)) {
1711                                 pending = true;
1712                                 break;
1713                         }
1714
1715                 if (!pending) {
1716                         if (!UNIT_ISSET(s->service)) {
1717                                 log_error_unit(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
1718                                 r = -ENOENT;
1719                                 goto fail;
1720                         }
1721
1722                         r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1723                         if (r < 0)
1724                                 goto fail;
1725                 }
1726
1727                 socket_set_state(s, SOCKET_RUNNING);
1728         } else {
1729                 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1730                 Service *service;
1731
1732                 if (s->n_connections >= s->max_connections) {
1733                         log_warning_unit(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
1734                         safe_close(cfd);
1735                         return;
1736                 }
1737
1738                 r = socket_instantiate_service(s);
1739                 if (r < 0)
1740                         goto fail;
1741
1742                 r = instance_from_socket(cfd, s->n_accepted, &instance);
1743                 if (r < 0) {
1744                         if (r != -ENOTCONN)
1745                                 goto fail;
1746
1747                         /* ENOTCONN is legitimate if TCP RST was received.
1748                          * This connection is over, but the socket unit lives on. */
1749                         safe_close(cfd);
1750                         return;
1751                 }
1752
1753                 prefix = unit_name_to_prefix(UNIT(s)->id);
1754                 if (!prefix) {
1755                         r = -ENOMEM;
1756                         goto fail;
1757                 }
1758
1759                 name = unit_name_build(prefix, instance, ".service");
1760                 if (!name) {
1761                         r = -ENOMEM;
1762                         goto fail;
1763                 }
1764
1765                 r = unit_add_name(UNIT_DEREF(s->service), name);
1766                 if (r < 0)
1767                         goto fail;
1768
1769                 service = SERVICE(UNIT_DEREF(s->service));
1770                 unit_ref_unset(&s->service);
1771                 s->n_accepted ++;
1772
1773                 UNIT(service)->no_gc = false;
1774
1775                 unit_choose_id(UNIT(service), name);
1776
1777                 r = service_set_socket_fd(service, cfd, s);
1778                 if (r < 0)
1779                         goto fail;
1780
1781                 cfd = -1;
1782                 s->n_connections ++;
1783
1784                 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1785                 if (r < 0)
1786                         goto fail;
1787
1788                 /* Notify clients about changed counters */
1789                 unit_add_to_dbus_queue(UNIT(s));
1790         }
1791
1792         return;
1793
1794 fail:
1795         log_warning_unit(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1796                          UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
1797                          bus_error_message(&error, r));
1798
1799         socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1800         safe_close(cfd);
1801 }
1802
1803 static void socket_run_next(Socket *s) {
1804         int r;
1805
1806         assert(s);
1807         assert(s->control_command);
1808         assert(s->control_command->command_next);
1809
1810         socket_unwatch_control_pid(s);
1811
1812         s->control_command = s->control_command->command_next;
1813
1814         r = socket_spawn(s, s->control_command, &s->control_pid);
1815         if (r < 0)
1816                 goto fail;
1817
1818         return;
1819
1820 fail:
1821         log_warning_unit(UNIT(s)->id, "%s failed to run next task: %s", UNIT(s)->id, strerror(-r));
1822
1823         if (s->state == SOCKET_START_POST)
1824                 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1825         else if (s->state == SOCKET_STOP_POST)
1826                 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1827         else
1828                 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1829 }
1830
1831 static int socket_start(Unit *u) {
1832         Socket *s = SOCKET(u);
1833
1834         assert(s);
1835
1836         /* We cannot fulfill this request right now, try again later
1837          * please! */
1838         if (IN_SET(s->state,
1839                    SOCKET_STOP_PRE,
1840                    SOCKET_STOP_PRE_SIGKILL,
1841                    SOCKET_STOP_PRE_SIGTERM,
1842                    SOCKET_STOP_POST,
1843                    SOCKET_FINAL_SIGTERM,
1844                    SOCKET_FINAL_SIGKILL))
1845                 return -EAGAIN;
1846
1847         /* Already on it! */
1848         if (IN_SET(s->state,
1849                    SOCKET_START_PRE,
1850                    SOCKET_START_CHOWN,
1851                    SOCKET_START_POST))
1852                 return 0;
1853
1854         /* Cannot run this without the service being around */
1855         if (UNIT_ISSET(s->service)) {
1856                 Service *service;
1857
1858                 service = SERVICE(UNIT_DEREF(s->service));
1859
1860                 if (UNIT(service)->load_state != UNIT_LOADED) {
1861                         log_error_unit(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1862                         return -ENOENT;
1863                 }
1864
1865                 /* If the service is already active we cannot start the
1866                  * socket */
1867                 if (service->state != SERVICE_DEAD &&
1868                     service->state != SERVICE_FAILED &&
1869                     service->state != SERVICE_AUTO_RESTART) {
1870                         log_error_unit(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
1871                         return -EBUSY;
1872                 }
1873         }
1874
1875         assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1876
1877         s->result = SOCKET_SUCCESS;
1878         socket_enter_start_pre(s);
1879
1880         return 0;
1881 }
1882
1883 static int socket_stop(Unit *u) {
1884         Socket *s = SOCKET(u);
1885
1886         assert(s);
1887
1888         /* Already on it */
1889         if (IN_SET(s->state,
1890                    SOCKET_STOP_PRE,
1891                    SOCKET_STOP_PRE_SIGTERM,
1892                    SOCKET_STOP_PRE_SIGKILL,
1893                    SOCKET_STOP_POST,
1894                    SOCKET_FINAL_SIGTERM,
1895                    SOCKET_FINAL_SIGKILL))
1896                 return 0;
1897
1898         /* If there's already something running we go directly into
1899          * kill mode. */
1900         if (IN_SET(s->state,
1901                    SOCKET_START_PRE,
1902                    SOCKET_START_CHOWN,
1903                    SOCKET_START_POST)) {
1904                 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1905                 return -EAGAIN;
1906         }
1907
1908         assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1909
1910         socket_enter_stop_pre(s, SOCKET_SUCCESS);
1911         return 0;
1912 }
1913
1914 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1915         Socket *s = SOCKET(u);
1916         SocketPort *p;
1917         int r;
1918
1919         assert(u);
1920         assert(f);
1921         assert(fds);
1922
1923         unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
1924         unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
1925         unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
1926
1927         if (s->control_pid > 0)
1928                 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
1929
1930         if (s->control_command_id >= 0)
1931                 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
1932
1933         LIST_FOREACH(port, p, s->ports) {
1934                 int copy;
1935
1936                 if (p->fd < 0)
1937                         continue;
1938
1939                 copy = fdset_put_dup(fds, p->fd);
1940                 if (copy < 0)
1941                         return copy;
1942
1943                 if (p->type == SOCKET_SOCKET) {
1944                         _cleanup_free_ char *t = NULL;
1945
1946                         r = socket_address_print(&p->address, &t);
1947                         if (r < 0)
1948                                 return r;
1949
1950                         if (socket_address_family(&p->address) == AF_NETLINK)
1951                                 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
1952                         else
1953                                 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
1954
1955                 } else if (p->type == SOCKET_SPECIAL)
1956                         unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
1957                 else if (p->type == SOCKET_MQUEUE)
1958                         unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
1959                 else {
1960                         assert(p->type == SOCKET_FIFO);
1961                         unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
1962                 }
1963         }
1964
1965         return 0;
1966 }
1967
1968 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
1969         Socket *s = SOCKET(u);
1970
1971         assert(u);
1972         assert(key);
1973         assert(value);
1974
1975         if (streq(key, "state")) {
1976                 SocketState state;
1977
1978                 state = socket_state_from_string(value);
1979                 if (state < 0)
1980                         log_debug_unit(u->id, "Failed to parse state value %s", value);
1981                 else
1982                         s->deserialized_state = state;
1983         } else if (streq(key, "result")) {
1984                 SocketResult f;
1985
1986                 f = socket_result_from_string(value);
1987                 if (f < 0)
1988                         log_debug_unit(u->id, "Failed to parse result value %s", value);
1989                 else if (f != SOCKET_SUCCESS)
1990                         s->result = f;
1991
1992         } else if (streq(key, "n-accepted")) {
1993                 unsigned k;
1994
1995                 if (safe_atou(value, &k) < 0)
1996                         log_debug_unit(u->id, "Failed to parse n-accepted value %s", value);
1997                 else
1998                         s->n_accepted += k;
1999         } else if (streq(key, "control-pid")) {
2000                 pid_t pid;
2001
2002                 if (parse_pid(value, &pid) < 0)
2003                         log_debug_unit(u->id, "Failed to parse control-pid value %s", value);
2004                 else
2005                         s->control_pid = pid;
2006         } else if (streq(key, "control-command")) {
2007                 SocketExecCommand id;
2008
2009                 id = socket_exec_command_from_string(value);
2010                 if (id < 0)
2011                         log_debug_unit(u->id, "Failed to parse exec-command value %s", value);
2012                 else {
2013                         s->control_command_id = id;
2014                         s->control_command = s->exec_command[id];
2015                 }
2016         } else if (streq(key, "fifo")) {
2017                 int fd, skip = 0;
2018                 SocketPort *p;
2019
2020                 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2021                         log_debug_unit(u->id, "Failed to parse fifo value %s", value);
2022                 else {
2023
2024                         LIST_FOREACH(port, p, s->ports)
2025                                 if (p->type == SOCKET_FIFO &&
2026                                     streq_ptr(p->path, value+skip))
2027                                         break;
2028
2029                         if (p) {
2030                                 safe_close(p->fd);
2031                                 p->fd = fdset_remove(fds, fd);
2032                         }
2033                 }
2034
2035         } else if (streq(key, "special")) {
2036                 int fd, skip = 0;
2037                 SocketPort *p;
2038
2039                 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2040                         log_debug_unit(u->id, "Failed to parse special value %s", value);
2041                 else {
2042
2043                         LIST_FOREACH(port, p, s->ports)
2044                                 if (p->type == SOCKET_SPECIAL &&
2045                                     streq_ptr(p->path, value+skip))
2046                                         break;
2047
2048                         if (p) {
2049                                 safe_close(p->fd);
2050                                 p->fd = fdset_remove(fds, fd);
2051                         }
2052                 }
2053
2054         } else if (streq(key, "mqueue")) {
2055                 int fd, skip = 0;
2056                 SocketPort *p;
2057
2058                 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2059                         log_debug_unit(u->id, "Failed to parse mqueue value %s", value);
2060                 else {
2061
2062                         LIST_FOREACH(port, p, s->ports)
2063                                 if (p->type == SOCKET_MQUEUE &&
2064                                     streq_ptr(p->path, value+skip))
2065                                         break;
2066
2067                         if (p) {
2068                                 safe_close(p->fd);
2069                                 p->fd = fdset_remove(fds, fd);
2070                         }
2071                 }
2072
2073         } else if (streq(key, "socket")) {
2074                 int fd, type, skip = 0;
2075                 SocketPort *p;
2076
2077                 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2078                         log_debug_unit(u->id, "Failed to parse socket value %s", value);
2079                 else {
2080
2081                         LIST_FOREACH(port, p, s->ports)
2082                                 if (socket_address_is(&p->address, value+skip, type))
2083                                         break;
2084
2085                         if (p) {
2086                                 safe_close(p->fd);
2087                                 p->fd = fdset_remove(fds, fd);
2088                         }
2089                 }
2090
2091         } else if (streq(key, "netlink")) {
2092                 int fd, skip = 0;
2093                 SocketPort *p;
2094
2095                 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2096                         log_debug_unit(u->id, "Failed to parse socket value %s", value);
2097                 else {
2098
2099                         LIST_FOREACH(port, p, s->ports)
2100                                 if (socket_address_is_netlink(&p->address, value+skip))
2101                                         break;
2102
2103                         if (p) {
2104                                 safe_close(p->fd);
2105                                 p->fd = fdset_remove(fds, fd);
2106                         }
2107                 }
2108         } else
2109                 log_debug_unit(UNIT(s)->id, "Unknown serialization key '%s'", key);
2110
2111         return 0;
2112 }
2113
2114 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2115         Socket *s = SOCKET(u);
2116         SocketPort *p;
2117
2118         assert(u);
2119
2120         LIST_FOREACH(port, p, s->ports) {
2121                 Iterator i;
2122                 int fd;
2123
2124                 if (p->type != SOCKET_SOCKET)
2125                         continue;
2126
2127                 if (p->fd >= 0)
2128                         continue;
2129
2130                 FDSET_FOREACH(fd, fds, i) {
2131                         if (socket_address_matches_fd(&p->address, fd)) {
2132                                 p->fd = fdset_remove(fds, fd);
2133                                 s->deserialized_state = SOCKET_LISTENING;
2134                                 break;
2135                         }
2136                 }
2137         }
2138
2139         return 0;
2140 }
2141
2142 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2143         assert(u);
2144
2145         return state_translation_table[SOCKET(u)->state];
2146 }
2147
2148 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2149         assert(u);
2150
2151         return socket_state_to_string(SOCKET(u)->state);
2152 }
2153
2154 const char* socket_port_type_to_string(SocketPort *p) {
2155
2156         assert(p);
2157
2158         switch (p->type) {
2159
2160         case SOCKET_SOCKET:
2161
2162                 switch (p->address.type) {
2163
2164                 case SOCK_STREAM:
2165                         return "Stream";
2166
2167                 case SOCK_DGRAM:
2168                         return "Datagram";
2169
2170                 case SOCK_SEQPACKET:
2171                         return "SequentialPacket";
2172
2173                 case SOCK_RAW:
2174                         if (socket_address_family(&p->address) == AF_NETLINK)
2175                                 return "Netlink";
2176
2177                 default:
2178                         return NULL;
2179                 }
2180
2181         case SOCKET_SPECIAL:
2182                 return "Special";
2183
2184         case SOCKET_MQUEUE:
2185                 return "MessageQueue";
2186
2187         case SOCKET_FIFO:
2188                 return "FIFO";
2189
2190         default:
2191                 return NULL;
2192         }
2193 }
2194
2195 _pure_ static bool socket_check_gc(Unit *u) {
2196         Socket *s = SOCKET(u);
2197
2198         assert(u);
2199
2200         return s->n_connections > 0;
2201 }
2202
2203 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2204         SocketPort *p = userdata;
2205         int cfd = -1;
2206
2207         assert(p);
2208         assert(fd >= 0);
2209
2210         if (p->socket->state != SOCKET_LISTENING)
2211                 return 0;
2212
2213         log_debug_unit(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
2214
2215         if (revents != EPOLLIN) {
2216
2217                 if (revents & EPOLLHUP)
2218                         log_error_unit(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
2219                                        UNIT(p->socket)->id);
2220                 else
2221                         log_error_unit(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
2222                                        UNIT(p->socket)->id, revents);
2223
2224                 goto fail;
2225         }
2226
2227         if (p->socket->accept &&
2228             p->type == SOCKET_SOCKET &&
2229             socket_address_can_accept(&p->address)) {
2230
2231                 for (;;) {
2232
2233                         cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2234                         if (cfd < 0) {
2235
2236                                 if (errno == EINTR)
2237                                         continue;
2238
2239                                 log_error_unit(UNIT(p->socket)->id,
2240                                                "Failed to accept socket: %m");
2241                                 goto fail;
2242                         }
2243
2244                         break;
2245                 }
2246
2247                 socket_apply_socket_options(p->socket, cfd);
2248         }
2249
2250         socket_enter_running(p->socket, cfd);
2251         return 0;
2252
2253 fail:
2254         socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2255         return 0;
2256 }
2257
2258 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2259         Socket *s = SOCKET(u);
2260         SocketResult f;
2261
2262         assert(s);
2263         assert(pid >= 0);
2264
2265         if (pid != s->control_pid)
2266                 return;
2267
2268         s->control_pid = 0;
2269
2270         if (is_clean_exit(code, status, NULL))
2271                 f = SOCKET_SUCCESS;
2272         else if (code == CLD_EXITED)
2273                 f = SOCKET_FAILURE_EXIT_CODE;
2274         else if (code == CLD_KILLED)
2275                 f = SOCKET_FAILURE_SIGNAL;
2276         else if (code == CLD_DUMPED)
2277                 f = SOCKET_FAILURE_CORE_DUMP;
2278         else
2279                 assert_not_reached("Unknown sigchld code");
2280
2281         if (s->control_command) {
2282                 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2283
2284                 if (s->control_command->ignore)
2285                         f = SOCKET_SUCCESS;
2286         }
2287
2288         log_full_unit(f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
2289                       u->id,
2290                       "%s control process exited, code=%s status=%i",
2291                       u->id, sigchld_code_to_string(code), status);
2292
2293         if (f != SOCKET_SUCCESS)
2294                 s->result = f;
2295
2296         if (s->control_command &&
2297             s->control_command->command_next &&
2298             f == SOCKET_SUCCESS) {
2299
2300                 log_debug_unit(u->id,
2301                                "%s running next command for state %s",
2302                                u->id, socket_state_to_string(s->state));
2303                 socket_run_next(s);
2304         } else {
2305                 s->control_command = NULL;
2306                 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2307
2308                 /* No further commands for this step, so let's figure
2309                  * out what to do next */
2310
2311                 log_debug_unit(u->id,
2312                                "%s got final SIGCHLD for state %s",
2313                                u->id, socket_state_to_string(s->state));
2314
2315                 switch (s->state) {
2316
2317                 case SOCKET_START_PRE:
2318                         if (f == SOCKET_SUCCESS)
2319                                 socket_enter_start_chown(s);
2320                         else
2321                                 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2322                         break;
2323
2324                 case SOCKET_START_CHOWN:
2325                         if (f == SOCKET_SUCCESS)
2326                                 socket_enter_start_post(s);
2327                         else
2328                                 socket_enter_stop_pre(s, f);
2329                         break;
2330
2331                 case SOCKET_START_POST:
2332                         if (f == SOCKET_SUCCESS)
2333                                 socket_enter_listening(s);
2334                         else
2335                                 socket_enter_stop_pre(s, f);
2336                         break;
2337
2338                 case SOCKET_STOP_PRE:
2339                 case SOCKET_STOP_PRE_SIGTERM:
2340                 case SOCKET_STOP_PRE_SIGKILL:
2341                         socket_enter_stop_post(s, f);
2342                         break;
2343
2344                 case SOCKET_STOP_POST:
2345                 case SOCKET_FINAL_SIGTERM:
2346                 case SOCKET_FINAL_SIGKILL:
2347                         socket_enter_dead(s, f);
2348                         break;
2349
2350                 default:
2351                         assert_not_reached("Uh, control process died at wrong time.");
2352                 }
2353         }
2354
2355         /* Notify clients about changed exit status */
2356         unit_add_to_dbus_queue(u);
2357 }
2358
2359 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2360         Socket *s = SOCKET(userdata);
2361
2362         assert(s);
2363         assert(s->timer_event_source == source);
2364
2365         switch (s->state) {
2366
2367         case SOCKET_START_PRE:
2368                 log_warning_unit(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
2369                 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2370                 break;
2371
2372         case SOCKET_START_CHOWN:
2373         case SOCKET_START_POST:
2374                 log_warning_unit(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
2375                 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2376                 break;
2377
2378         case SOCKET_STOP_PRE:
2379                 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
2380                 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2381                 break;
2382
2383         case SOCKET_STOP_PRE_SIGTERM:
2384                 if (s->kill_context.send_sigkill) {
2385                         log_warning_unit(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
2386                         socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2387                 } else {
2388                         log_warning_unit(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2389                         socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2390                 }
2391                 break;
2392
2393         case SOCKET_STOP_PRE_SIGKILL:
2394                 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
2395                 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2396                 break;
2397
2398         case SOCKET_STOP_POST:
2399                 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
2400                 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2401                 break;
2402
2403         case SOCKET_FINAL_SIGTERM:
2404                 if (s->kill_context.send_sigkill) {
2405                         log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
2406                         socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2407                 } else {
2408                         log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2409                         socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2410                 }
2411                 break;
2412
2413         case SOCKET_FINAL_SIGKILL:
2414                 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
2415                 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2416                 break;
2417
2418         default:
2419                 assert_not_reached("Timeout at wrong time.");
2420         }
2421
2422         return 0;
2423 }
2424
2425 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2426         int *rfds;
2427         unsigned rn_fds, k;
2428         SocketPort *p;
2429
2430         assert(s);
2431         assert(fds);
2432         assert(n_fds);
2433
2434         /* Called from the service code for requesting our fds */
2435
2436         rn_fds = 0;
2437         LIST_FOREACH(port, p, s->ports)
2438                 if (p->fd >= 0)
2439                         rn_fds++;
2440
2441         if (rn_fds <= 0) {
2442                 *fds = NULL;
2443                 *n_fds = 0;
2444                 return 0;
2445         }
2446
2447         if (!(rfds = new(int, rn_fds)))
2448                 return -ENOMEM;
2449
2450         k = 0;
2451         LIST_FOREACH(port, p, s->ports)
2452                 if (p->fd >= 0)
2453                         rfds[k++] = p->fd;
2454
2455         assert(k == rn_fds);
2456
2457         *fds = rfds;
2458         *n_fds = rn_fds;
2459
2460         return 0;
2461 }
2462
2463 static void socket_reset_failed(Unit *u) {
2464         Socket *s = SOCKET(u);
2465
2466         assert(s);
2467
2468         if (s->state == SOCKET_FAILED)
2469                 socket_set_state(s, SOCKET_DEAD);
2470
2471         s->result = SOCKET_SUCCESS;
2472 }
2473
2474 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2475         assert(s);
2476
2477         /* The service is dead. Dang!
2478          *
2479          * This is strictly for one-instance-for-all-connections
2480          * services. */
2481
2482         if (s->state == SOCKET_RUNNING) {
2483                 log_debug_unit(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
2484                 if (failed_permanent)
2485                         socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2486                 else
2487                         socket_enter_listening(s);
2488         }
2489 }
2490
2491 void socket_connection_unref(Socket *s) {
2492         assert(s);
2493
2494         /* The service is dead. Yay!
2495          *
2496          * This is strictly for one-instance-per-connection
2497          * services. */
2498
2499         assert(s->n_connections > 0);
2500         s->n_connections--;
2501
2502         log_debug_unit(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
2503 }
2504
2505 static void socket_trigger_notify(Unit *u, Unit *other) {
2506         Socket *s = SOCKET(u);
2507         Service *se;
2508
2509         assert(u);
2510         assert(other);
2511
2512         /* Don't propagate state changes from the service if we are
2513            already down or accepting connections */
2514         if ((s->state !=  SOCKET_RUNNING &&
2515             s->state != SOCKET_LISTENING) ||
2516             s->accept)
2517                 return;
2518
2519         if (other->load_state != UNIT_LOADED ||
2520             other->type != UNIT_SERVICE)
2521                 return;
2522
2523         se = SERVICE(other);
2524
2525         if (se->state == SERVICE_FAILED)
2526                 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2527
2528         if (se->state == SERVICE_DEAD ||
2529             se->state == SERVICE_STOP ||
2530             se->state == SERVICE_STOP_SIGTERM ||
2531             se->state == SERVICE_STOP_SIGKILL ||
2532             se->state == SERVICE_STOP_POST ||
2533             se->state == SERVICE_FINAL_SIGTERM ||
2534             se->state == SERVICE_FINAL_SIGKILL ||
2535             se->state == SERVICE_AUTO_RESTART)
2536                 socket_notify_service_dead(s, false);
2537
2538         if (se->state == SERVICE_RUNNING)
2539                 socket_set_state(s, SOCKET_RUNNING);
2540 }
2541
2542 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2543         return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2544 }
2545
2546 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2547         Socket *s = SOCKET(u);
2548         int r;
2549
2550         if (!s->timer_event_source)
2551                 return 0;
2552
2553         r = sd_event_source_get_time(s->timer_event_source, timeout);
2554         if (r < 0)
2555                 return r;
2556
2557         return 1;
2558 }
2559
2560 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2561         [SOCKET_DEAD] = "dead",
2562         [SOCKET_START_PRE] = "start-pre",
2563         [SOCKET_START_CHOWN] = "start-chown",
2564         [SOCKET_START_POST] = "start-post",
2565         [SOCKET_LISTENING] = "listening",
2566         [SOCKET_RUNNING] = "running",
2567         [SOCKET_STOP_PRE] = "stop-pre",
2568         [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2569         [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2570         [SOCKET_STOP_POST] = "stop-post",
2571         [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2572         [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2573         [SOCKET_FAILED] = "failed"
2574 };
2575
2576 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2577
2578 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2579         [SOCKET_EXEC_START_PRE] = "StartPre",
2580         [SOCKET_EXEC_START_CHOWN] = "StartChown",
2581         [SOCKET_EXEC_START_POST] = "StartPost",
2582         [SOCKET_EXEC_STOP_PRE] = "StopPre",
2583         [SOCKET_EXEC_STOP_POST] = "StopPost"
2584 };
2585
2586 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2587
2588 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2589         [SOCKET_SUCCESS] = "success",
2590         [SOCKET_FAILURE_RESOURCES] = "resources",
2591         [SOCKET_FAILURE_TIMEOUT] = "timeout",
2592         [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2593         [SOCKET_FAILURE_SIGNAL] = "signal",
2594         [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2595         [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2596 };
2597
2598 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2599
2600 const UnitVTable socket_vtable = {
2601         .object_size = sizeof(Socket),
2602         .exec_context_offset = offsetof(Socket, exec_context),
2603         .cgroup_context_offset = offsetof(Socket, cgroup_context),
2604         .kill_context_offset = offsetof(Socket, kill_context),
2605         .exec_runtime_offset = offsetof(Socket, exec_runtime),
2606
2607         .sections =
2608                 "Unit\0"
2609                 "Socket\0"
2610                 "Install\0",
2611         .private_section = "Socket",
2612
2613         .init = socket_init,
2614         .done = socket_done,
2615         .load = socket_load,
2616
2617         .coldplug = socket_coldplug,
2618
2619         .dump = socket_dump,
2620
2621         .start = socket_start,
2622         .stop = socket_stop,
2623
2624         .kill = socket_kill,
2625
2626         .get_timeout = socket_get_timeout,
2627
2628         .serialize = socket_serialize,
2629         .deserialize_item = socket_deserialize_item,
2630         .distribute_fds = socket_distribute_fds,
2631
2632         .active_state = socket_active_state,
2633         .sub_state_to_string = socket_sub_state_to_string,
2634
2635         .check_gc = socket_check_gc,
2636
2637         .sigchld_event = socket_sigchld_event,
2638
2639         .trigger_notify = socket_trigger_notify,
2640
2641         .reset_failed = socket_reset_failed,
2642
2643         .bus_interface = "org.freedesktop.systemd1.Socket",
2644         .bus_vtable = bus_socket_vtable,
2645         .bus_set_property = bus_socket_set_property,
2646         .bus_commit_properties = bus_socket_commit_properties,
2647
2648         .status_message_formats = {
2649                 /*.starting_stopping = {
2650                         [0] = "Starting socket %s...",
2651                         [1] = "Stopping socket %s...",
2652                 },*/
2653                 .finished_start_job = {
2654                         [JOB_DONE]       = "Listening on %s.",
2655                         [JOB_FAILED]     = "Failed to listen on %s.",
2656                         [JOB_DEPENDENCY] = "Dependency failed for %s.",
2657                         [JOB_TIMEOUT]    = "Timed out starting %s.",
2658                 },
2659                 .finished_stop_job = {
2660                         [JOB_DONE]       = "Closed %s.",
2661                         [JOB_FAILED]     = "Failed stopping %s.",
2662                         [JOB_TIMEOUT]    = "Timed out stopping %s.",
2663                 },
2664         },
2665 };
Unnamed repository; edit this file 'description' to name the repository.