chiark / gitweb /
~ianmdlvl / elogind.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
socket: add support for TCP fast Open
[elogind.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4   This file is part of systemd.
5
6   Copyright 2010 Lennart Poettering
7
8   systemd is free software; you can redistribute it and/or modify it
9   under the terms of the GNU Lesser General Public License as published by
10   the Free Software Foundation; either version 2.1 of the License, or
11   (at your option) any later version.
12
13   systemd is distributed in the hope that it will be useful, but
14   WITHOUT ANY WARRANTY; without even the implied warranty of
15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16   Lesser General Public License for more details.
17
18   You should have received a copy of the GNU Lesser General Public License
19   along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/types.h>
23 #include <sys/stat.h>
24 #include <unistd.h>
25 #include <errno.h>
26 #include <fcntl.h>
27 #include <sys/epoll.h>
28 #include <signal.h>
29 #include <arpa/inet.h>
30 #include <netinet/tcp.h>
31 #include <mqueue.h>
32 #include <sys/xattr.h>
33
34 #include "sd-event.h"
35 #include "log.h"
36 #include "load-dropin.h"
37 #include "load-fragment.h"
38 #include "strv.h"
39 #include "mkdir.h"
40 #include "path-util.h"
41 #include "unit-name.h"
42 #include "unit-printf.h"
43 #include "missing.h"
44 #include "special.h"
45 #include "label.h"
46 #include "exit-status.h"
47 #include "def.h"
48 #include "smack-util.h"
49 #include "bus-util.h"
50 #include "bus-error.h"
51 #include "dbus-socket.h"
52 #include "unit.h"
53 #include "socket.h"
54
55 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
56         [SOCKET_DEAD] = UNIT_INACTIVE,
57         [SOCKET_START_PRE] = UNIT_ACTIVATING,
58         [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
59         [SOCKET_START_POST] = UNIT_ACTIVATING,
60         [SOCKET_LISTENING] = UNIT_ACTIVE,
61         [SOCKET_RUNNING] = UNIT_ACTIVE,
62         [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
63         [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
64         [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
65         [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
66         [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
67         [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
68         [SOCKET_FAILED] = UNIT_FAILED
69 };
70
71 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
72 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
73
74 static void socket_init(Unit *u) {
75         Socket *s = SOCKET(u);
76
77         assert(u);
78         assert(u->load_state == UNIT_STUB);
79
80         s->backlog = SOMAXCONN;
81         s->timeout_usec = u->manager->default_timeout_start_usec;
82         s->directory_mode = 0755;
83         s->socket_mode = 0666;
84
85         s->max_connections = 64;
86
87         s->priority = -1;
88         s->ip_tos = -1;
89         s->ip_ttl = -1;
90         s->mark = -1;
91
92         s->exec_context.std_output = u->manager->default_std_output;
93         s->exec_context.std_error = u->manager->default_std_error;
94
95         s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
96 }
97
98 static void socket_unwatch_control_pid(Socket *s) {
99         assert(s);
100
101         if (s->control_pid <= 0)
102                 return;
103
104         unit_unwatch_pid(UNIT(s), s->control_pid);
105         s->control_pid = 0;
106 }
107
108 void socket_free_ports(Socket *s) {
109         SocketPort *p;
110
111         assert(s);
112
113         while ((p = s->ports)) {
114                 LIST_REMOVE(port, s->ports, p);
115
116                 sd_event_source_unref(p->event_source);
117
118                 safe_close(p->fd);
119                 free(p->path);
120                 free(p);
121         }
122 }
123
124 static void socket_done(Unit *u) {
125         Socket *s = SOCKET(u);
126
127         assert(s);
128
129         socket_free_ports(s);
130
131         s->exec_runtime = exec_runtime_unref(s->exec_runtime);
132         exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
133         s->control_command = NULL;
134
135         socket_unwatch_control_pid(s);
136
137         unit_ref_unset(&s->service);
138
139         free(s->tcp_congestion);
140         s->tcp_congestion = NULL;
141
142         free(s->bind_to_device);
143         s->bind_to_device = NULL;
144
145         free(s->smack);
146         free(s->smack_ip_in);
147         free(s->smack_ip_out);
148
149         strv_free(s->symlinks);
150
151         free(s->user);
152         free(s->group);
153
154         s->timer_event_source = sd_event_source_unref(s->timer_event_source);
155 }
156
157 static int socket_arm_timer(Socket *s) {
158         int r;
159
160         assert(s);
161
162         if (s->timeout_usec <= 0) {
163                 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
164                 return 0;
165         }
166
167         if (s->timer_event_source) {
168                 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
169                 if (r < 0)
170                         return r;
171
172                 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
173         }
174
175         return sd_event_add_time(
176                         UNIT(s)->manager->event,
177                         &s->timer_event_source,
178                         CLOCK_MONOTONIC,
179                         now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
180                         socket_dispatch_timer, s);
181 }
182
183 int socket_instantiate_service(Socket *s) {
184         _cleanup_free_ char *prefix = NULL, *name = NULL;
185         int r;
186         Unit *u;
187
188         assert(s);
189
190         /* This fills in s->service if it isn't filled in yet. For
191          * Accept=yes sockets we create the next connection service
192          * here. For Accept=no this is mostly a NOP since the service
193          * is figured out at load time anyway. */
194
195         if (UNIT_DEREF(s->service) || !s->accept)
196                 return 0;
197
198         prefix = unit_name_to_prefix(UNIT(s)->id);
199         if (!prefix)
200                 return -ENOMEM;
201
202         if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
203                 return -ENOMEM;
204
205         r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
206         if (r < 0)
207                 return r;
208
209         u->no_gc = true;
210         unit_ref_set(&s->service, u);
211
212         return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
213 }
214
215 static bool have_non_accept_socket(Socket *s) {
216         SocketPort *p;
217
218         assert(s);
219
220         if (!s->accept)
221                 return true;
222
223         LIST_FOREACH(port, p, s->ports) {
224
225                 if (p->type != SOCKET_SOCKET)
226                         return true;
227
228                 if (!socket_address_can_accept(&p->address))
229                         return true;
230         }
231
232         return false;
233 }
234
235 static int socket_add_mount_links(Socket *s) {
236         SocketPort *p;
237         int r;
238
239         assert(s);
240
241         LIST_FOREACH(port, p, s->ports) {
242                 const char *path = NULL;
243
244                 if (p->type == SOCKET_SOCKET)
245                         path = socket_address_get_path(&p->address);
246                 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
247                         path = p->path;
248
249                 if (!path)
250                         continue;
251
252                 r = unit_require_mounts_for(UNIT(s), path);
253                 if (r < 0)
254                         return r;
255         }
256
257         return 0;
258 }
259
260 static int socket_add_device_link(Socket *s) {
261         char *t;
262
263         assert(s);
264
265         if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
266                 return 0;
267
268         t = strappenda("/sys/subsystem/net/devices/", s->bind_to_device);
269         return unit_add_node_link(UNIT(s), t, false);
270 }
271
272 static int socket_add_default_dependencies(Socket *s) {
273         int r;
274         assert(s);
275
276         r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
277         if (r < 0)
278                 return r;
279
280         if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
281                 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
282                 if (r < 0)
283                         return r;
284         }
285
286         return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
287 }
288
289 _pure_ static bool socket_has_exec(Socket *s) {
290         unsigned i;
291         assert(s);
292
293         for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
294                 if (s->exec_command[i])
295                         return true;
296
297         return false;
298 }
299
300 static int socket_add_extras(Socket *s) {
301         Unit *u = UNIT(s);
302         int r;
303
304         assert(s);
305
306         if (have_non_accept_socket(s)) {
307
308                 if (!UNIT_DEREF(s->service)) {
309                         Unit *x;
310
311                         r = unit_load_related_unit(u, ".service", &x);
312                         if (r < 0)
313                                 return r;
314
315                         unit_ref_set(&s->service, x);
316                 }
317
318                 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
319                 if (r < 0)
320                         return r;
321         }
322
323         r = socket_add_mount_links(s);
324         if (r < 0)
325                 return r;
326
327         r = socket_add_device_link(s);
328         if (r < 0)
329                 return r;
330
331         r = unit_patch_contexts(u);
332         if (r < 0)
333                 return r;
334
335         if (socket_has_exec(s)) {
336                 r = unit_add_exec_dependencies(u, &s->exec_context);
337                 if (r < 0)
338                         return r;
339
340                 r = unit_add_default_slice(u, &s->cgroup_context);
341                 if (r < 0)
342                         return r;
343         }
344
345         if (u->default_dependencies) {
346                 r = socket_add_default_dependencies(s);
347                 if (r < 0)
348                         return r;
349         }
350
351         return 0;
352 }
353
354 static const char *socket_find_symlink_target(Socket *s) {
355         const char *found = NULL;
356         SocketPort *p;
357
358         LIST_FOREACH(port, p, s->ports) {
359                 const char *f = NULL;
360
361                 switch (p->type) {
362
363                 case SOCKET_FIFO:
364                         f = p->path;
365                         break;
366
367                 case SOCKET_SOCKET:
368                         if (p->address.sockaddr.un.sun_path[0] != 0)
369                                 f = p->address.sockaddr.un.sun_path;
370                         break;
371
372                 default:
373                         break;
374                 }
375
376                 if (f) {
377                         if (found)
378                                 return NULL;
379
380                         found = f;
381                 }
382         }
383
384         return found;
385 }
386
387 static int socket_verify(Socket *s) {
388         assert(s);
389
390         if (UNIT(s)->load_state != UNIT_LOADED)
391                 return 0;
392
393         if (!s->ports) {
394                 log_error_unit(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
395                 return -EINVAL;
396         }
397
398         if (s->accept && have_non_accept_socket(s)) {
399                 log_error_unit(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
400                                UNIT(s)->id);
401                 return -EINVAL;
402         }
403
404         if (s->accept && s->max_connections <= 0) {
405                 log_error_unit(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
406                 return -EINVAL;
407         }
408
409         if (s->accept && UNIT_DEREF(s->service)) {
410                 log_error_unit(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
411                 return -EINVAL;
412         }
413
414         if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
415                 log_error_unit(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
416                 return -EINVAL;
417         }
418
419         if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
420                 log_error_unit(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
421                 return -EINVAL;
422         }
423
424         return 0;
425 }
426
427 static int socket_load(Unit *u) {
428         Socket *s = SOCKET(u);
429         int r;
430
431         assert(u);
432         assert(u->load_state == UNIT_STUB);
433
434         r = unit_load_fragment_and_dropin(u);
435         if (r < 0)
436                 return r;
437
438         if (u->load_state == UNIT_LOADED) {
439                 /* This is a new unit? Then let's add in some extras */
440                 r = socket_add_extras(s);
441                 if (r < 0)
442                         return r;
443         }
444
445         return socket_verify(s);
446 }
447
448 _const_ static const char* listen_lookup(int family, int type) {
449
450         if (family == AF_NETLINK)
451                 return "ListenNetlink";
452
453         if (type == SOCK_STREAM)
454                 return "ListenStream";
455         else if (type == SOCK_DGRAM)
456                 return "ListenDatagram";
457         else if (type == SOCK_SEQPACKET)
458                 return "ListenSequentialPacket";
459
460         assert_not_reached("Unknown socket type");
461         return NULL;
462 }
463
464 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
465         SocketExecCommand c;
466         Socket *s = SOCKET(u);
467         SocketPort *p;
468         const char *prefix2;
469
470         assert(s);
471         assert(f);
472
473         prefix2 = strappenda(prefix, "\t");
474
475         fprintf(f,
476                 "%sSocket State: %s\n"
477                 "%sResult: %s\n"
478                 "%sBindIPv6Only: %s\n"
479                 "%sBacklog: %u\n"
480                 "%sSocketMode: %04o\n"
481                 "%sDirectoryMode: %04o\n"
482                 "%sKeepAlive: %s\n"
483                 "%sNoDelay: %s\n"
484                 "%sFastOpen: %s\n"
485                 "%sFreeBind: %s\n"
486                 "%sTransparent: %s\n"
487                 "%sBroadcast: %s\n"
488                 "%sPassCredentials: %s\n"
489                 "%sPassSecurity: %s\n"
490                 "%sTCPCongestion: %s\n"
491                 "%sRemoveOnStop: %s\n",
492                 prefix, socket_state_to_string(s->state),
493                 prefix, socket_result_to_string(s->result),
494                 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
495                 prefix, s->backlog,
496                 prefix, s->socket_mode,
497                 prefix, s->directory_mode,
498                 prefix, yes_no(s->keep_alive),
499                 prefix, yes_no(s->no_delay),
500                 prefix, yes_no(s->fast_open),
501                 prefix, yes_no(s->free_bind),
502                 prefix, yes_no(s->transparent),
503                 prefix, yes_no(s->broadcast),
504                 prefix, yes_no(s->pass_cred),
505                 prefix, yes_no(s->pass_sec),
506                 prefix, strna(s->tcp_congestion),
507                 prefix, yes_no(s->remove_on_stop));
508
509         if (s->control_pid > 0)
510                 fprintf(f,
511                         "%sControl PID: "PID_FMT"\n",
512                         prefix, s->control_pid);
513
514         if (s->bind_to_device)
515                 fprintf(f,
516                         "%sBindToDevice: %s\n",
517                         prefix, s->bind_to_device);
518
519         if (s->accept)
520                 fprintf(f,
521                         "%sAccepted: %u\n"
522                         "%sNConnections: %u\n"
523                         "%sMaxConnections: %u\n",
524                         prefix, s->n_accepted,
525                         prefix, s->n_connections,
526                         prefix, s->max_connections);
527
528         if (s->priority >= 0)
529                 fprintf(f,
530                         "%sPriority: %i\n",
531                         prefix, s->priority);
532
533         if (s->receive_buffer > 0)
534                 fprintf(f,
535                         "%sReceiveBuffer: %zu\n",
536                         prefix, s->receive_buffer);
537
538         if (s->send_buffer > 0)
539                 fprintf(f,
540                         "%sSendBuffer: %zu\n",
541                         prefix, s->send_buffer);
542
543         if (s->ip_tos >= 0)
544                 fprintf(f,
545                         "%sIPTOS: %i\n",
546                         prefix, s->ip_tos);
547
548         if (s->ip_ttl >= 0)
549                 fprintf(f,
550                         "%sIPTTL: %i\n",
551                         prefix, s->ip_ttl);
552
553         if (s->pipe_size > 0)
554                 fprintf(f,
555                         "%sPipeSize: %zu\n",
556                         prefix, s->pipe_size);
557
558         if (s->mark >= 0)
559                 fprintf(f,
560                         "%sMark: %i\n",
561                         prefix, s->mark);
562
563         if (s->mq_maxmsg > 0)
564                 fprintf(f,
565                         "%sMessageQueueMaxMessages: %li\n",
566                         prefix, s->mq_maxmsg);
567
568         if (s->mq_msgsize > 0)
569                 fprintf(f,
570                         "%sMessageQueueMessageSize: %li\n",
571                         prefix, s->mq_msgsize);
572
573         if (s->reuse_port)
574                 fprintf(f,
575                         "%sReusePort: %s\n",
576                          prefix, yes_no(s->reuse_port));
577
578         if (s->smack)
579                 fprintf(f,
580                         "%sSmackLabel: %s\n",
581                         prefix, s->smack);
582
583         if (s->smack_ip_in)
584                 fprintf(f,
585                         "%sSmackLabelIPIn: %s\n",
586                         prefix, s->smack_ip_in);
587
588         if (s->smack_ip_out)
589                 fprintf(f,
590                         "%sSmackLabelIPOut: %s\n",
591                         prefix, s->smack_ip_out);
592
593         if (!isempty(s->user) || !isempty(s->group))
594                 fprintf(f,
595                         "%sOwnerUser: %s\n"
596                         "%sOwnerGroup: %s\n",
597                         prefix, strna(s->user),
598                         prefix, strna(s->group));
599
600         LIST_FOREACH(port, p, s->ports) {
601
602                 if (p->type == SOCKET_SOCKET) {
603                         const char *t;
604                         int r;
605                         char *k = NULL;
606
607                         if ((r = socket_address_print(&p->address, &k)) < 0)
608                                 t = strerror(-r);
609                         else
610                                 t = k;
611
612                         fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
613                         free(k);
614                 } else if (p->type == SOCKET_SPECIAL)
615                         fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
616                 else if (p->type == SOCKET_MQUEUE)
617                         fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
618                 else
619                         fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
620         }
621
622         exec_context_dump(&s->exec_context, f, prefix);
623         kill_context_dump(&s->kill_context, f, prefix);
624
625         for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
626                 if (!s->exec_command[c])
627                         continue;
628
629                 fprintf(f, "%s-> %s:\n",
630                         prefix, socket_exec_command_to_string(c));
631
632                 exec_command_dump_list(s->exec_command[c], f, prefix2);
633         }
634 }
635
636 static int instance_from_socket(int fd, unsigned nr, char **instance) {
637         socklen_t l;
638         char *r;
639         union sockaddr_union local, remote;
640
641         assert(fd >= 0);
642         assert(instance);
643
644         l = sizeof(local);
645         if (getsockname(fd, &local.sa, &l) < 0)
646                 return -errno;
647
648         l = sizeof(remote);
649         if (getpeername(fd, &remote.sa, &l) < 0)
650                 return -errno;
651
652         switch (local.sa.sa_family) {
653
654         case AF_INET: {
655                 uint32_t
656                         a = ntohl(local.in.sin_addr.s_addr),
657                         b = ntohl(remote.in.sin_addr.s_addr);
658
659                 if (asprintf(&r,
660                              "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
661                              nr,
662                              a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
663                              ntohs(local.in.sin_port),
664                              b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
665                              ntohs(remote.in.sin_port)) < 0)
666                         return -ENOMEM;
667
668                 break;
669         }
670
671         case AF_INET6: {
672                 static const unsigned char ipv4_prefix[] = {
673                         0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
674                 };
675
676                 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
677                     memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
678                         const uint8_t
679                                 *a = local.in6.sin6_addr.s6_addr+12,
680                                 *b = remote.in6.sin6_addr.s6_addr+12;
681
682                         if (asprintf(&r,
683                                      "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
684                                      nr,
685                                      a[0], a[1], a[2], a[3],
686                                      ntohs(local.in6.sin6_port),
687                                      b[0], b[1], b[2], b[3],
688                                      ntohs(remote.in6.sin6_port)) < 0)
689                                 return -ENOMEM;
690                 } else {
691                         char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
692
693                         if (asprintf(&r,
694                                      "%u-%s:%u-%s:%u",
695                                      nr,
696                                      inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
697                                      ntohs(local.in6.sin6_port),
698                                      inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
699                                      ntohs(remote.in6.sin6_port)) < 0)
700                                 return -ENOMEM;
701                 }
702
703                 break;
704         }
705
706         case AF_UNIX: {
707                 struct ucred ucred;
708                 int k;
709
710                 k = getpeercred(fd, &ucred);
711                 if (k >= 0) {
712                         if (asprintf(&r,
713                                      "%u-"PID_FMT"-"UID_FMT,
714                                      nr, ucred.pid, ucred.uid) < 0)
715                                 return -ENOMEM;
716                 } else if (k == -ENODATA) {
717                         /* This handles the case where somebody is
718                          * connecting from another pid/uid namespace
719                          * (e.g. from outside of our container). */
720                         if (asprintf(&r,
721                                      "%u-unknown",
722                                      nr) < 0)
723                                 return -ENOMEM;
724                 } else
725                         return k;
726
727                 break;
728         }
729
730         default:
731                 assert_not_reached("Unhandled socket type.");
732         }
733
734         *instance = r;
735         return 0;
736 }
737
738 static void socket_close_fds(Socket *s) {
739         SocketPort *p;
740         char **i;
741
742         assert(s);
743
744         LIST_FOREACH(port, p, s->ports) {
745
746                 p->event_source = sd_event_source_unref(p->event_source);
747
748                 if (p->fd < 0)
749                         continue;
750
751                 p->fd = safe_close(p->fd);
752
753                 /* One little note: we should normally not delete any
754                  * sockets in the file system here! After all some
755                  * other process we spawned might still have a
756                  * reference of this fd and wants to continue to use
757                  * it. Therefore we delete sockets in the file system
758                  * before we create a new one, not after we stopped
759                  * using one! */
760
761                 if (s->remove_on_stop) {
762                         switch (p->type) {
763
764                         case SOCKET_FIFO:
765                                 unlink(p->path);
766                                 break;
767
768                         case SOCKET_MQUEUE:
769                                 mq_unlink(p->path);
770                                 break;
771
772                         case SOCKET_SOCKET:
773                                 socket_address_unlink(&p->address);
774                                 break;
775
776                         default:
777                                 break;
778                         }
779                 }
780         }
781
782         if (s->remove_on_stop)
783                 STRV_FOREACH(i, s->symlinks)
784                         unlink(*i);
785 }
786
787 static void socket_apply_socket_options(Socket *s, int fd) {
788         assert(s);
789         assert(fd >= 0);
790
791         if (s->keep_alive) {
792                 int b = s->keep_alive;
793                 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
794                         log_warning_unit(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
795         }
796
797         if (s->no_delay) {
798                 int b = s->no_delay;
799                 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &b, sizeof(b)) < 0)
800                         log_warning_unit(UNIT(s)->id, "TCP_NODELAY failed: %m");
801         }
802
803         if (s->fast_open) {
804                 int b = s->fast_open;
805                 if (setsockopt(fd, SOL_TCP, TCP_FASTOPEN, &b, sizeof(b)) < 0)
806                         log_warning_unit(UNIT(s)->id, "TCP_FASTOPEN failed: %m");
807         }
808
809         if (s->broadcast) {
810                 int one = 1;
811                 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
812                         log_warning_unit(UNIT(s)->id, "SO_BROADCAST failed: %m");
813         }
814
815         if (s->pass_cred) {
816                 int one = 1;
817                 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
818                         log_warning_unit(UNIT(s)->id, "SO_PASSCRED failed: %m");
819         }
820
821         if (s->pass_sec) {
822                 int one = 1;
823                 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
824                         log_warning_unit(UNIT(s)->id, "SO_PASSSEC failed: %m");
825         }
826
827         if (s->priority >= 0)
828                 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
829                         log_warning_unit(UNIT(s)->id, "SO_PRIORITY failed: %m");
830
831         if (s->receive_buffer > 0) {
832                 int value = (int) s->receive_buffer;
833
834                 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
835
836                 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
837                         if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
838                                 log_warning_unit(UNIT(s)->id, "SO_RCVBUF failed: %m");
839         }
840
841         if (s->send_buffer > 0) {
842                 int value = (int) s->send_buffer;
843                 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
844                         if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
845                                 log_warning_unit(UNIT(s)->id, "SO_SNDBUF failed: %m");
846         }
847
848         if (s->mark >= 0)
849                 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
850                         log_warning_unit(UNIT(s)->id, "SO_MARK failed: %m");
851
852         if (s->ip_tos >= 0)
853                 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
854                         log_warning_unit(UNIT(s)->id, "IP_TOS failed: %m");
855
856         if (s->ip_ttl >= 0) {
857                 int r, x;
858
859                 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
860
861                 if (socket_ipv6_is_supported())
862                         x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
863                 else {
864                         x = -1;
865                         errno = EAFNOSUPPORT;
866                 }
867
868                 if (r < 0 && x < 0)
869                         log_warning_unit(UNIT(s)->id,
870                                          "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
871         }
872
873         if (s->tcp_congestion)
874                 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
875                         log_warning_unit(UNIT(s)->id, "TCP_CONGESTION failed: %m");
876
877         if (s->reuse_port) {
878                 int b = s->reuse_port;
879                 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
880                         log_warning_unit(UNIT(s)->id, "SO_REUSEPORT failed: %m");
881         }
882
883         if (s->smack_ip_in)
884                 if (smack_label_ip_in_fd(fd, s->smack_ip_in) < 0)
885                         log_error_unit(UNIT(s)->id, "smack_label_ip_in_fd: %m");
886
887         if (s->smack_ip_out)
888                 if (smack_label_ip_out_fd(fd, s->smack_ip_out) < 0)
889                         log_error_unit(UNIT(s)->id, "smack_label_ip_out_fd: %m");
890 }
891
892 static void socket_apply_fifo_options(Socket *s, int fd) {
893         assert(s);
894         assert(fd >= 0);
895
896         if (s->pipe_size > 0)
897                 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
898                         log_warning_unit(UNIT(s)->id,
899                                          "F_SETPIPE_SZ: %m");
900
901         if (s->smack)
902                 if (smack_label_fd(fd, s->smack) < 0)
903                         log_error_unit(UNIT(s)->id, "smack_label_fd: %m");
904 }
905
906 static int fifo_address_create(
907                 const char *path,
908                 mode_t directory_mode,
909                 mode_t socket_mode,
910                 int *_fd) {
911
912         int fd = -1, r = 0;
913         struct stat st;
914         mode_t old_mask;
915
916         assert(path);
917         assert(_fd);
918
919         mkdir_parents_label(path, directory_mode);
920
921         r = label_context_set(path, S_IFIFO);
922         if (r < 0)
923                 goto fail;
924
925         /* Enforce the right access mode for the fifo */
926         old_mask = umask(~ socket_mode);
927
928         /* Include the original umask in our mask */
929         umask(~socket_mode | old_mask);
930
931         r = mkfifo(path, socket_mode);
932         umask(old_mask);
933
934         if (r < 0 && errno != EEXIST) {
935                 r = -errno;
936                 goto fail;
937         }
938
939         if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
940                 r = -errno;
941                 goto fail;
942         }
943
944         label_context_clear();
945
946         if (fstat(fd, &st) < 0) {
947                 r = -errno;
948                 goto fail;
949         }
950
951         if (!S_ISFIFO(st.st_mode) ||
952             (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
953             st.st_uid != getuid() ||
954             st.st_gid != getgid()) {
955
956                 r = -EEXIST;
957                 goto fail;
958         }
959
960         *_fd = fd;
961         return 0;
962
963 fail:
964         label_context_clear();
965         safe_close(fd);
966
967         return r;
968 }
969
970 static int special_address_create(
971                 const char *path,
972                 int *_fd) {
973
974         int fd = -1, r = 0;
975         struct stat st;
976
977         assert(path);
978         assert(_fd);
979
980         fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
981         if (fd < 0) {
982                 r = -errno;
983                 goto fail;
984         }
985
986         if (fstat(fd, &st) < 0) {
987                 r = -errno;
988                 goto fail;
989         }
990
991         /* Check whether this is a /proc, /sys or /dev file or char device */
992         if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
993                 r = -EEXIST;
994                 goto fail;
995         }
996
997         *_fd = fd;
998         return 0;
999
1000 fail:
1001         safe_close(fd);
1002
1003         return r;
1004 }
1005
1006 static int mq_address_create(
1007                 const char *path,
1008                 mode_t mq_mode,
1009                 long maxmsg,
1010                 long msgsize,
1011                 int *_fd) {
1012
1013         int fd = -1, r = 0;
1014         struct stat st;
1015         mode_t old_mask;
1016         struct mq_attr _attr, *attr = NULL;
1017
1018         assert(path);
1019         assert(_fd);
1020
1021         if (maxmsg > 0 && msgsize > 0) {
1022                 zero(_attr);
1023                 _attr.mq_flags = O_NONBLOCK;
1024                 _attr.mq_maxmsg = maxmsg;
1025                 _attr.mq_msgsize = msgsize;
1026                 attr = &_attr;
1027         }
1028
1029         /* Enforce the right access mode for the mq */
1030         old_mask = umask(~ mq_mode);
1031
1032         /* Include the original umask in our mask */
1033         umask(~mq_mode | old_mask);
1034         fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1035         umask(old_mask);
1036
1037         if (fd < 0) {
1038                 r = -errno;
1039                 goto fail;
1040         }
1041
1042         if (fstat(fd, &st) < 0) {
1043                 r = -errno;
1044                 goto fail;
1045         }
1046
1047         if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1048             st.st_uid != getuid() ||
1049             st.st_gid != getgid()) {
1050
1051                 r = -EEXIST;
1052                 goto fail;
1053         }
1054
1055         *_fd = fd;
1056         return 0;
1057
1058 fail:
1059         safe_close(fd);
1060         return r;
1061 }
1062
1063 static int socket_symlink(Socket *s) {
1064         const char *p;
1065         char **i;
1066
1067         assert(s);
1068
1069         p = socket_find_symlink_target(s);
1070         if (!p)
1071                 return 0;
1072
1073         STRV_FOREACH(i, s->symlinks)
1074                 symlink(p, *i);
1075
1076         return 0;
1077 }
1078
1079 static int socket_open_fds(Socket *s) {
1080         SocketPort *p;
1081         int r;
1082         char *label = NULL;
1083         bool know_label = false;
1084
1085         assert(s);
1086
1087         LIST_FOREACH(port, p, s->ports) {
1088
1089                 if (p->fd >= 0)
1090                         continue;
1091
1092                 if (p->type == SOCKET_SOCKET) {
1093
1094                         if (!know_label) {
1095
1096                                 r = socket_instantiate_service(s);
1097                                 if (r < 0)
1098                                         return r;
1099
1100                                 if (UNIT_ISSET(s->service) &&
1101                                     SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1102                                         r = label_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1103                                         if (r < 0 && r != -EPERM)
1104                                                 return r;
1105                                 }
1106
1107                                 know_label = true;
1108                         }
1109
1110                         r = socket_address_listen(
1111                                         &p->address,
1112                                         SOCK_CLOEXEC|SOCK_NONBLOCK,
1113                                         s->backlog,
1114                                         s->bind_ipv6_only,
1115                                         s->bind_to_device,
1116                                         s->free_bind,
1117                                         s->transparent,
1118                                         s->directory_mode,
1119                                         s->socket_mode,
1120                                         label);
1121                         if (r < 0)
1122                                 goto rollback;
1123
1124                         p->fd = r;
1125                         socket_apply_socket_options(s, p->fd);
1126                         socket_symlink(s);
1127
1128                 } else  if (p->type == SOCKET_SPECIAL) {
1129
1130                         r = special_address_create(
1131                                         p->path,
1132                                         &p->fd);
1133                         if (r < 0)
1134                                 goto rollback;
1135
1136                 } else  if (p->type == SOCKET_FIFO) {
1137
1138                         r = fifo_address_create(
1139                                         p->path,
1140                                         s->directory_mode,
1141                                         s->socket_mode,
1142                                         &p->fd);
1143                         if (r < 0)
1144                                 goto rollback;
1145
1146                         socket_apply_fifo_options(s, p->fd);
1147                         socket_symlink(s);
1148
1149                 } else if (p->type == SOCKET_MQUEUE) {
1150
1151                         r = mq_address_create(
1152                                         p->path,
1153                                         s->socket_mode,
1154                                         s->mq_maxmsg,
1155                                         s->mq_msgsize,
1156                                         &p->fd);
1157                         if (r < 0)
1158                                 goto rollback;
1159                 } else
1160                         assert_not_reached("Unknown port type");
1161         }
1162
1163         label_free(label);
1164         return 0;
1165
1166 rollback:
1167         socket_close_fds(s);
1168         label_free(label);
1169         return r;
1170 }
1171
1172 static void socket_unwatch_fds(Socket *s) {
1173         SocketPort *p;
1174         int r;
1175
1176         assert(s);
1177
1178         LIST_FOREACH(port, p, s->ports) {
1179                 if (p->fd < 0)
1180                         continue;
1181
1182                 if (!p->event_source)
1183                         continue;
1184
1185                 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1186                 if (r < 0)
1187                         log_debug_unit(UNIT(s)->id, "Failed to disable event source.");
1188         }
1189 }
1190
1191 static int socket_watch_fds(Socket *s) {
1192         SocketPort *p;
1193         int r;
1194
1195         assert(s);
1196
1197         LIST_FOREACH(port, p, s->ports) {
1198                 if (p->fd < 0)
1199                         continue;
1200
1201                 if (p->event_source)
1202                         r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1203                 else
1204                         r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1205
1206                 if (r < 0) {
1207                         log_warning_unit(UNIT(s)->id, "Failed to watch listening fds: %s", strerror(-r));
1208                         goto fail;
1209                 }
1210         }
1211
1212         return 0;
1213
1214 fail:
1215         socket_unwatch_fds(s);
1216         return r;
1217 }
1218
1219 static void socket_set_state(Socket *s, SocketState state) {
1220         SocketState old_state;
1221         assert(s);
1222
1223         old_state = s->state;
1224         s->state = state;
1225
1226         if (!IN_SET(state,
1227                     SOCKET_START_PRE,
1228                     SOCKET_START_CHOWN,
1229                     SOCKET_START_POST,
1230                     SOCKET_STOP_PRE,
1231                     SOCKET_STOP_PRE_SIGTERM,
1232                     SOCKET_STOP_PRE_SIGKILL,
1233                     SOCKET_STOP_POST,
1234                     SOCKET_FINAL_SIGTERM,
1235                     SOCKET_FINAL_SIGKILL)) {
1236
1237                 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1238                 socket_unwatch_control_pid(s);
1239                 s->control_command = NULL;
1240                 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1241         }
1242
1243         if (state != SOCKET_LISTENING)
1244                 socket_unwatch_fds(s);
1245
1246         if (!IN_SET(state,
1247                     SOCKET_START_CHOWN,
1248                     SOCKET_START_POST,
1249                     SOCKET_LISTENING,
1250                     SOCKET_RUNNING,
1251                     SOCKET_STOP_PRE,
1252                     SOCKET_STOP_PRE_SIGTERM,
1253                     SOCKET_STOP_PRE_SIGKILL))
1254                 socket_close_fds(s);
1255
1256         if (state != old_state)
1257                 log_debug_unit(UNIT(s)->id, "%s changed %s -> %s",
1258                                UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
1259
1260         unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1261 }
1262
1263 static int socket_coldplug(Unit *u) {
1264         Socket *s = SOCKET(u);
1265         int r;
1266
1267         assert(s);
1268         assert(s->state == SOCKET_DEAD);
1269
1270         if (s->deserialized_state == s->state)
1271                 return 0;
1272
1273         if (IN_SET(s->deserialized_state,
1274                    SOCKET_START_PRE,
1275                    SOCKET_START_CHOWN,
1276                    SOCKET_START_POST,
1277                    SOCKET_STOP_PRE,
1278                    SOCKET_STOP_PRE_SIGTERM,
1279                    SOCKET_STOP_PRE_SIGKILL,
1280                    SOCKET_STOP_POST,
1281                    SOCKET_FINAL_SIGTERM,
1282                    SOCKET_FINAL_SIGKILL)) {
1283
1284                 if (s->control_pid <= 0)
1285                         return -EBADMSG;
1286
1287                 r = unit_watch_pid(UNIT(s), s->control_pid);
1288                 if (r < 0)
1289                         return r;
1290
1291                 r = socket_arm_timer(s);
1292                 if (r < 0)
1293                         return r;
1294         }
1295
1296         if (IN_SET(s->deserialized_state,
1297                    SOCKET_START_CHOWN,
1298                    SOCKET_START_POST,
1299                    SOCKET_LISTENING,
1300                    SOCKET_RUNNING,
1301                    SOCKET_STOP_PRE,
1302                    SOCKET_STOP_PRE_SIGTERM,
1303                    SOCKET_STOP_PRE_SIGKILL)) {
1304                 r = socket_open_fds(s);
1305                 if (r < 0)
1306                         return r;
1307         }
1308
1309         if (s->deserialized_state == SOCKET_LISTENING) {
1310                 r = socket_watch_fds(s);
1311                 if (r < 0)
1312                         return r;
1313         }
1314
1315         socket_set_state(s, s->deserialized_state);
1316         return 0;
1317 }
1318
1319 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1320         _cleanup_free_ char **argv = NULL;
1321         pid_t pid;
1322         int r;
1323
1324         assert(s);
1325         assert(c);
1326         assert(_pid);
1327
1328         unit_realize_cgroup(UNIT(s));
1329
1330         r = unit_setup_exec_runtime(UNIT(s));
1331         if (r < 0)
1332                 goto fail;
1333
1334         r = socket_arm_timer(s);
1335         if (r < 0)
1336                 goto fail;
1337
1338         r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1339         if (r < 0)
1340                 goto fail;
1341
1342         r = exec_spawn(c,
1343                        argv,
1344                        &s->exec_context,
1345                        NULL, 0,
1346                        UNIT(s)->manager->environment,
1347                        true,
1348                        true,
1349                        true,
1350                        UNIT(s)->manager->confirm_spawn,
1351                        UNIT(s)->manager->cgroup_supported,
1352                        UNIT(s)->cgroup_path,
1353                        manager_get_runtime_prefix(UNIT(s)->manager),
1354                        UNIT(s)->id,
1355                        0,
1356                        NULL,
1357                        s->exec_runtime,
1358                        &pid);
1359         if (r < 0)
1360                 goto fail;
1361
1362         r = unit_watch_pid(UNIT(s), pid);
1363         if (r < 0)
1364                 /* FIXME: we need to do something here */
1365                 goto fail;
1366
1367         *_pid = pid;
1368         return 0;
1369
1370 fail:
1371         s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1372         return r;
1373 }
1374
1375 static int socket_chown(Socket *s, pid_t *_pid) {
1376         pid_t pid;
1377         int r;
1378
1379         r = socket_arm_timer(s);
1380         if (r < 0)
1381                 goto fail;
1382
1383         /* We have to resolve the user names out-of-process, hence
1384          * let's fork here. It's messy, but well, what can we do? */
1385
1386         pid = fork();
1387         if (pid < 0)
1388                 return -errno;
1389
1390         if (pid == 0) {
1391                 SocketPort *p;
1392                 uid_t uid = (uid_t) -1;
1393                 gid_t gid = (gid_t) -1;
1394                 int ret;
1395
1396                 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1397                 ignore_signals(SIGPIPE, -1);
1398                 log_forget_fds();
1399
1400                 if (!isempty(s->user)) {
1401                         const char *user = s->user;
1402
1403                         r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1404                         if (r < 0) {
1405                                 ret = EXIT_USER;
1406                                 goto fail_child;
1407                         }
1408                 }
1409
1410                 if (!isempty(s->group)) {
1411                         const char *group = s->group;
1412
1413                         r = get_group_creds(&group, &gid);
1414                         if (r < 0) {
1415                                 ret = EXIT_GROUP;
1416                                 goto fail_child;
1417                         }
1418                 }
1419
1420                 LIST_FOREACH(port, p, s->ports) {
1421                         const char *path = NULL;
1422
1423                         if (p->type == SOCKET_SOCKET)
1424                                 path = socket_address_get_path(&p->address);
1425                         else if (p->type == SOCKET_FIFO)
1426                                 path = p->path;
1427
1428                         if (!path)
1429                                 continue;
1430
1431                         if (chown(path, uid, gid) < 0) {
1432                                 r = -errno;
1433                                 ret = EXIT_CHOWN;
1434                                 goto fail_child;
1435                         }
1436                 }
1437
1438                 _exit(0);
1439
1440         fail_child:
1441                 log_open();
1442                 log_error("Failed to chown socket at step %s: %s", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD), strerror(-r));
1443
1444                 _exit(ret);
1445         }
1446
1447         r = unit_watch_pid(UNIT(s), pid);
1448         if (r < 0)
1449                 goto fail;
1450
1451         *_pid = pid;
1452         return 0;
1453
1454 fail:
1455         s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1456         return r;
1457 }
1458
1459 static void socket_enter_dead(Socket *s, SocketResult f) {
1460         assert(s);
1461
1462         if (f != SOCKET_SUCCESS)
1463                 s->result = f;
1464
1465         exec_runtime_destroy(s->exec_runtime);
1466         s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1467
1468         exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1469
1470         socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1471 }
1472
1473 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1474
1475 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1476         int r;
1477         assert(s);
1478
1479         if (f != SOCKET_SUCCESS)
1480                 s->result = f;
1481
1482         socket_unwatch_control_pid(s);
1483         s->control_command_id = SOCKET_EXEC_STOP_POST;
1484         s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1485
1486         if (s->control_command) {
1487                 r = socket_spawn(s, s->control_command, &s->control_pid);
1488                 if (r < 0)
1489                         goto fail;
1490
1491                 socket_set_state(s, SOCKET_STOP_POST);
1492         } else
1493                 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1494
1495         return;
1496
1497 fail:
1498         log_warning_unit(UNIT(s)->id,
1499                          "%s failed to run 'stop-post' task: %s",
1500                          UNIT(s)->id, strerror(-r));
1501         socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1502 }
1503
1504 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1505         int r;
1506
1507         assert(s);
1508
1509         if (f != SOCKET_SUCCESS)
1510                 s->result = f;
1511
1512         r = unit_kill_context(
1513                         UNIT(s),
1514                         &s->kill_context,
1515                         state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM,
1516                         -1,
1517                         s->control_pid,
1518                         false);
1519         if (r < 0)
1520                 goto fail;
1521
1522         if (r > 0) {
1523                 r = socket_arm_timer(s);
1524                 if (r < 0)
1525                         goto fail;
1526
1527                 socket_set_state(s, state);
1528         } else if (state == SOCKET_STOP_PRE_SIGTERM)
1529                 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1530         else if (state == SOCKET_STOP_PRE_SIGKILL)
1531                 socket_enter_stop_post(s, SOCKET_SUCCESS);
1532         else if (state == SOCKET_FINAL_SIGTERM)
1533                 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1534         else
1535                 socket_enter_dead(s, SOCKET_SUCCESS);
1536
1537         return;
1538
1539 fail:
1540         log_warning_unit(UNIT(s)->id, "%s failed to kill processes: %s", UNIT(s)->id, strerror(-r));
1541
1542         if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1543                 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1544         else
1545                 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1546 }
1547
1548 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1549         int r;
1550         assert(s);
1551
1552         if (f != SOCKET_SUCCESS)
1553                 s->result = f;
1554
1555         socket_unwatch_control_pid(s);
1556         s->control_command_id = SOCKET_EXEC_STOP_PRE;
1557         s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1558
1559         if (s->control_command) {
1560                 r = socket_spawn(s, s->control_command, &s->control_pid);
1561                 if (r < 0)
1562                         goto fail;
1563
1564                 socket_set_state(s, SOCKET_STOP_PRE);
1565         } else
1566                 socket_enter_stop_post(s, SOCKET_SUCCESS);
1567
1568         return;
1569
1570 fail:
1571         log_warning_unit(UNIT(s)->id, "%s failed to run 'stop-pre' task: %s", UNIT(s)->id, strerror(-r));
1572         socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1573 }
1574
1575 static void socket_enter_listening(Socket *s) {
1576         int r;
1577         assert(s);
1578
1579         r = socket_watch_fds(s);
1580         if (r < 0) {
1581                 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1582                 goto fail;
1583         }
1584
1585         socket_set_state(s, SOCKET_LISTENING);
1586         return;
1587
1588 fail:
1589         socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1590 }
1591
1592 static void socket_enter_start_post(Socket *s) {
1593         int r;
1594         assert(s);
1595
1596         socket_unwatch_control_pid(s);
1597         s->control_command_id = SOCKET_EXEC_START_POST;
1598         s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1599
1600         if (s->control_command) {
1601                 r = socket_spawn(s, s->control_command, &s->control_pid);
1602                 if (r < 0) {
1603                         log_warning_unit(UNIT(s)->id, "%s failed to run 'start-post' task: %s", UNIT(s)->id, strerror(-r));
1604                         goto fail;
1605                 }
1606
1607                 socket_set_state(s, SOCKET_START_POST);
1608         } else
1609                 socket_enter_listening(s);
1610
1611         return;
1612
1613 fail:
1614         socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1615 }
1616
1617 static void socket_enter_start_chown(Socket *s) {
1618         int r;
1619
1620         assert(s);
1621
1622         r = socket_open_fds(s);
1623         if (r < 0) {
1624                 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1625                 goto fail;
1626         }
1627
1628         if (!isempty(s->user) || !isempty(s->group)) {
1629
1630                 socket_unwatch_control_pid(s);
1631                 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1632                 s->control_command = NULL;
1633
1634                 r = socket_chown(s, &s->control_pid);
1635                 if (r < 0) {
1636                         log_warning_unit(UNIT(s)->id, "%s failed to fork 'start-chown' task: %s", UNIT(s)->id, strerror(-r));
1637                         goto fail;
1638                 }
1639
1640                 socket_set_state(s, SOCKET_START_CHOWN);
1641         } else
1642                 socket_enter_start_post(s);
1643
1644         return;
1645
1646 fail:
1647         socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1648 }
1649
1650 static void socket_enter_start_pre(Socket *s) {
1651         int r;
1652         assert(s);
1653
1654         socket_unwatch_control_pid(s);
1655         s->control_command_id = SOCKET_EXEC_START_PRE;
1656         s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1657
1658         if (s->control_command) {
1659                 r = socket_spawn(s, s->control_command, &s->control_pid);
1660                 if (r < 0) {
1661                         log_warning_unit(UNIT(s)->id, "%s failed to run 'start-pre' task: %s", UNIT(s)->id, strerror(-r));
1662                         goto fail;
1663                 }
1664
1665                 socket_set_state(s, SOCKET_START_PRE);
1666         } else
1667                 socket_enter_start_chown(s);
1668
1669         return;
1670
1671 fail:
1672         socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1673 }
1674
1675 static void socket_enter_running(Socket *s, int cfd) {
1676         _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1677         int r;
1678
1679         assert(s);
1680
1681         /* We don't take connections anymore if we are supposed to
1682          * shut down anyway */
1683         if (unit_stop_pending(UNIT(s))) {
1684
1685                 log_debug_unit(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
1686
1687                 if (cfd >= 0)
1688                         safe_close(cfd);
1689                 else  {
1690                         /* Flush all sockets by closing and reopening them */
1691                         socket_close_fds(s);
1692
1693                         r = socket_open_fds(s);
1694                         if (r < 0) {
1695                                 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1696                                 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1697                                 return;
1698                         }
1699
1700                         r = socket_watch_fds(s);
1701                         if (r < 0) {
1702                                 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1703                                 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1704                         }
1705                 }
1706
1707                 return;
1708         }
1709
1710         if (cfd < 0) {
1711                 Iterator i;
1712                 Unit *other;
1713                 bool pending = false;
1714
1715                 /* If there's already a start pending don't bother to
1716                  * do anything */
1717                 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1718                         if (unit_active_or_pending(other)) {
1719                                 pending = true;
1720                                 break;
1721                         }
1722
1723                 if (!pending) {
1724                         if (!UNIT_ISSET(s->service)) {
1725                                 log_error_unit(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
1726                                 r = -ENOENT;
1727                                 goto fail;
1728                         }
1729
1730                         r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1731                         if (r < 0)
1732                                 goto fail;
1733                 }
1734
1735                 socket_set_state(s, SOCKET_RUNNING);
1736         } else {
1737                 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1738                 Service *service;
1739
1740                 if (s->n_connections >= s->max_connections) {
1741                         log_warning_unit(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
1742                         safe_close(cfd);
1743                         return;
1744                 }
1745
1746                 r = socket_instantiate_service(s);
1747                 if (r < 0)
1748                         goto fail;
1749
1750                 r = instance_from_socket(cfd, s->n_accepted, &instance);
1751                 if (r < 0) {
1752                         if (r != -ENOTCONN)
1753                                 goto fail;
1754
1755                         /* ENOTCONN is legitimate if TCP RST was received.
1756                          * This connection is over, but the socket unit lives on. */
1757                         safe_close(cfd);
1758                         return;
1759                 }
1760
1761                 prefix = unit_name_to_prefix(UNIT(s)->id);
1762                 if (!prefix) {
1763                         r = -ENOMEM;
1764                         goto fail;
1765                 }
1766
1767                 name = unit_name_build(prefix, instance, ".service");
1768                 if (!name) {
1769                         r = -ENOMEM;
1770                         goto fail;
1771                 }
1772
1773                 r = unit_add_name(UNIT_DEREF(s->service), name);
1774                 if (r < 0)
1775                         goto fail;
1776
1777                 service = SERVICE(UNIT_DEREF(s->service));
1778                 unit_ref_unset(&s->service);
1779                 s->n_accepted ++;
1780
1781                 UNIT(service)->no_gc = false;
1782
1783                 unit_choose_id(UNIT(service), name);
1784
1785                 r = service_set_socket_fd(service, cfd, s);
1786                 if (r < 0)
1787                         goto fail;
1788
1789                 cfd = -1;
1790                 s->n_connections ++;
1791
1792                 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1793                 if (r < 0)
1794                         goto fail;
1795
1796                 /* Notify clients about changed counters */
1797                 unit_add_to_dbus_queue(UNIT(s));
1798         }
1799
1800         return;
1801
1802 fail:
1803         log_warning_unit(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1804                          UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
1805                          bus_error_message(&error, r));
1806
1807         socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1808         safe_close(cfd);
1809 }
1810
1811 static void socket_run_next(Socket *s) {
1812         int r;
1813
1814         assert(s);
1815         assert(s->control_command);
1816         assert(s->control_command->command_next);
1817
1818         socket_unwatch_control_pid(s);
1819
1820         s->control_command = s->control_command->command_next;
1821
1822         r = socket_spawn(s, s->control_command, &s->control_pid);
1823         if (r < 0)
1824                 goto fail;
1825
1826         return;
1827
1828 fail:
1829         log_warning_unit(UNIT(s)->id, "%s failed to run next task: %s", UNIT(s)->id, strerror(-r));
1830
1831         if (s->state == SOCKET_START_POST)
1832                 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1833         else if (s->state == SOCKET_STOP_POST)
1834                 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1835         else
1836                 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1837 }
1838
1839 static int socket_start(Unit *u) {
1840         Socket *s = SOCKET(u);
1841
1842         assert(s);
1843
1844         /* We cannot fulfill this request right now, try again later
1845          * please! */
1846         if (IN_SET(s->state,
1847                    SOCKET_STOP_PRE,
1848                    SOCKET_STOP_PRE_SIGKILL,
1849                    SOCKET_STOP_PRE_SIGTERM,
1850                    SOCKET_STOP_POST,
1851                    SOCKET_FINAL_SIGTERM,
1852                    SOCKET_FINAL_SIGKILL))
1853                 return -EAGAIN;
1854
1855         /* Already on it! */
1856         if (IN_SET(s->state,
1857                    SOCKET_START_PRE,
1858                    SOCKET_START_CHOWN,
1859                    SOCKET_START_POST))
1860                 return 0;
1861
1862         /* Cannot run this without the service being around */
1863         if (UNIT_ISSET(s->service)) {
1864                 Service *service;
1865
1866                 service = SERVICE(UNIT_DEREF(s->service));
1867
1868                 if (UNIT(service)->load_state != UNIT_LOADED) {
1869                         log_error_unit(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1870                         return -ENOENT;
1871                 }
1872
1873                 /* If the service is already active we cannot start the
1874                  * socket */
1875                 if (service->state != SERVICE_DEAD &&
1876                     service->state != SERVICE_FAILED &&
1877                     service->state != SERVICE_AUTO_RESTART) {
1878                         log_error_unit(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
1879                         return -EBUSY;
1880                 }
1881         }
1882
1883         assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1884
1885         s->result = SOCKET_SUCCESS;
1886         socket_enter_start_pre(s);
1887
1888         return 0;
1889 }
1890
1891 static int socket_stop(Unit *u) {
1892         Socket *s = SOCKET(u);
1893
1894         assert(s);
1895
1896         /* Already on it */
1897         if (IN_SET(s->state,
1898                    SOCKET_STOP_PRE,
1899                    SOCKET_STOP_PRE_SIGTERM,
1900                    SOCKET_STOP_PRE_SIGKILL,
1901                    SOCKET_STOP_POST,
1902                    SOCKET_FINAL_SIGTERM,
1903                    SOCKET_FINAL_SIGKILL))
1904                 return 0;
1905
1906         /* If there's already something running we go directly into
1907          * kill mode. */
1908         if (IN_SET(s->state,
1909                    SOCKET_START_PRE,
1910                    SOCKET_START_CHOWN,
1911                    SOCKET_START_POST)) {
1912                 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1913                 return -EAGAIN;
1914         }
1915
1916         assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1917
1918         socket_enter_stop_pre(s, SOCKET_SUCCESS);
1919         return 0;
1920 }
1921
1922 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1923         Socket *s = SOCKET(u);
1924         SocketPort *p;
1925         int r;
1926
1927         assert(u);
1928         assert(f);
1929         assert(fds);
1930
1931         unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
1932         unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
1933         unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
1934
1935         if (s->control_pid > 0)
1936                 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
1937
1938         if (s->control_command_id >= 0)
1939                 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
1940
1941         LIST_FOREACH(port, p, s->ports) {
1942                 int copy;
1943
1944                 if (p->fd < 0)
1945                         continue;
1946
1947                 copy = fdset_put_dup(fds, p->fd);
1948                 if (copy < 0)
1949                         return copy;
1950
1951                 if (p->type == SOCKET_SOCKET) {
1952                         _cleanup_free_ char *t = NULL;
1953
1954                         r = socket_address_print(&p->address, &t);
1955                         if (r < 0)
1956                                 return r;
1957
1958                         if (socket_address_family(&p->address) == AF_NETLINK)
1959                                 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
1960                         else
1961                                 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
1962
1963                 } else if (p->type == SOCKET_SPECIAL)
1964                         unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
1965                 else if (p->type == SOCKET_MQUEUE)
1966                         unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
1967                 else {
1968                         assert(p->type == SOCKET_FIFO);
1969                         unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
1970                 }
1971         }
1972
1973         return 0;
1974 }
1975
1976 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
1977         Socket *s = SOCKET(u);
1978
1979         assert(u);
1980         assert(key);
1981         assert(value);
1982
1983         if (streq(key, "state")) {
1984                 SocketState state;
1985
1986                 state = socket_state_from_string(value);
1987                 if (state < 0)
1988                         log_debug_unit(u->id, "Failed to parse state value %s", value);
1989                 else
1990                         s->deserialized_state = state;
1991         } else if (streq(key, "result")) {
1992                 SocketResult f;
1993
1994                 f = socket_result_from_string(value);
1995                 if (f < 0)
1996                         log_debug_unit(u->id, "Failed to parse result value %s", value);
1997                 else if (f != SOCKET_SUCCESS)
1998                         s->result = f;
1999
2000         } else if (streq(key, "n-accepted")) {
2001                 unsigned k;
2002
2003                 if (safe_atou(value, &k) < 0)
2004                         log_debug_unit(u->id, "Failed to parse n-accepted value %s", value);
2005                 else
2006                         s->n_accepted += k;
2007         } else if (streq(key, "control-pid")) {
2008                 pid_t pid;
2009
2010                 if (parse_pid(value, &pid) < 0)
2011                         log_debug_unit(u->id, "Failed to parse control-pid value %s", value);
2012                 else
2013                         s->control_pid = pid;
2014         } else if (streq(key, "control-command")) {
2015                 SocketExecCommand id;
2016
2017                 id = socket_exec_command_from_string(value);
2018                 if (id < 0)
2019                         log_debug_unit(u->id, "Failed to parse exec-command value %s", value);
2020                 else {
2021                         s->control_command_id = id;
2022                         s->control_command = s->exec_command[id];
2023                 }
2024         } else if (streq(key, "fifo")) {
2025                 int fd, skip = 0;
2026                 SocketPort *p;
2027
2028                 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2029                         log_debug_unit(u->id, "Failed to parse fifo value %s", value);
2030                 else {
2031
2032                         LIST_FOREACH(port, p, s->ports)
2033                                 if (p->type == SOCKET_FIFO &&
2034                                     streq_ptr(p->path, value+skip))
2035                                         break;
2036
2037                         if (p) {
2038                                 safe_close(p->fd);
2039                                 p->fd = fdset_remove(fds, fd);
2040                         }
2041                 }
2042
2043         } else if (streq(key, "special")) {
2044                 int fd, skip = 0;
2045                 SocketPort *p;
2046
2047                 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2048                         log_debug_unit(u->id, "Failed to parse special value %s", value);
2049                 else {
2050
2051                         LIST_FOREACH(port, p, s->ports)
2052                                 if (p->type == SOCKET_SPECIAL &&
2053                                     streq_ptr(p->path, value+skip))
2054                                         break;
2055
2056                         if (p) {
2057                                 safe_close(p->fd);
2058                                 p->fd = fdset_remove(fds, fd);
2059                         }
2060                 }
2061
2062         } else if (streq(key, "mqueue")) {
2063                 int fd, skip = 0;
2064                 SocketPort *p;
2065
2066                 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2067                         log_debug_unit(u->id, "Failed to parse mqueue value %s", value);
2068                 else {
2069
2070                         LIST_FOREACH(port, p, s->ports)
2071                                 if (p->type == SOCKET_MQUEUE &&
2072                                     streq_ptr(p->path, value+skip))
2073                                         break;
2074
2075                         if (p) {
2076                                 safe_close(p->fd);
2077                                 p->fd = fdset_remove(fds, fd);
2078                         }
2079                 }
2080
2081         } else if (streq(key, "socket")) {
2082                 int fd, type, skip = 0;
2083                 SocketPort *p;
2084
2085                 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2086                         log_debug_unit(u->id, "Failed to parse socket value %s", value);
2087                 else {
2088
2089                         LIST_FOREACH(port, p, s->ports)
2090                                 if (socket_address_is(&p->address, value+skip, type))
2091                                         break;
2092
2093                         if (p) {
2094                                 safe_close(p->fd);
2095                                 p->fd = fdset_remove(fds, fd);
2096                         }
2097                 }
2098
2099         } else if (streq(key, "netlink")) {
2100                 int fd, skip = 0;
2101                 SocketPort *p;
2102
2103                 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2104                         log_debug_unit(u->id, "Failed to parse socket value %s", value);
2105                 else {
2106
2107                         LIST_FOREACH(port, p, s->ports)
2108                                 if (socket_address_is_netlink(&p->address, value+skip))
2109                                         break;
2110
2111                         if (p) {
2112                                 safe_close(p->fd);
2113                                 p->fd = fdset_remove(fds, fd);
2114                         }
2115                 }
2116         } else
2117                 log_debug_unit(UNIT(s)->id, "Unknown serialization key '%s'", key);
2118
2119         return 0;
2120 }
2121
2122 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2123         Socket *s = SOCKET(u);
2124         SocketPort *p;
2125
2126         assert(u);
2127
2128         LIST_FOREACH(port, p, s->ports) {
2129                 Iterator i;
2130                 int fd;
2131
2132                 if (p->type != SOCKET_SOCKET)
2133                         continue;
2134
2135                 if (p->fd >= 0)
2136                         continue;
2137
2138                 FDSET_FOREACH(fd, fds, i) {
2139                         if (socket_address_matches_fd(&p->address, fd)) {
2140                                 p->fd = fdset_remove(fds, fd);
2141                                 s->deserialized_state = SOCKET_LISTENING;
2142                                 break;
2143                         }
2144                 }
2145         }
2146
2147         return 0;
2148 }
2149
2150 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2151         assert(u);
2152
2153         return state_translation_table[SOCKET(u)->state];
2154 }
2155
2156 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2157         assert(u);
2158
2159         return socket_state_to_string(SOCKET(u)->state);
2160 }
2161
2162 const char* socket_port_type_to_string(SocketPort *p) {
2163
2164         assert(p);
2165
2166         switch (p->type) {
2167
2168         case SOCKET_SOCKET:
2169
2170                 switch (p->address.type) {
2171
2172                 case SOCK_STREAM:
2173                         return "Stream";
2174
2175                 case SOCK_DGRAM:
2176                         return "Datagram";
2177
2178                 case SOCK_SEQPACKET:
2179                         return "SequentialPacket";
2180
2181                 case SOCK_RAW:
2182                         if (socket_address_family(&p->address) == AF_NETLINK)
2183                                 return "Netlink";
2184
2185                 default:
2186                         return NULL;
2187                 }
2188
2189         case SOCKET_SPECIAL:
2190                 return "Special";
2191
2192         case SOCKET_MQUEUE:
2193                 return "MessageQueue";
2194
2195         case SOCKET_FIFO:
2196                 return "FIFO";
2197
2198         default:
2199                 return NULL;
2200         }
2201 }
2202
2203 _pure_ static bool socket_check_gc(Unit *u) {
2204         Socket *s = SOCKET(u);
2205
2206         assert(u);
2207
2208         return s->n_connections > 0;
2209 }
2210
2211 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2212         SocketPort *p = userdata;
2213         int cfd = -1;
2214
2215         assert(p);
2216         assert(fd >= 0);
2217
2218         if (p->socket->state != SOCKET_LISTENING)
2219                 return 0;
2220
2221         log_debug_unit(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
2222
2223         if (revents != EPOLLIN) {
2224
2225                 if (revents & EPOLLHUP)
2226                         log_error_unit(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
2227                                        UNIT(p->socket)->id);
2228                 else
2229                         log_error_unit(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
2230                                        UNIT(p->socket)->id, revents);
2231
2232                 goto fail;
2233         }
2234
2235         if (p->socket->accept &&
2236             p->type == SOCKET_SOCKET &&
2237             socket_address_can_accept(&p->address)) {
2238
2239                 for (;;) {
2240
2241                         cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2242                         if (cfd < 0) {
2243
2244                                 if (errno == EINTR)
2245                                         continue;
2246
2247                                 log_error_unit(UNIT(p->socket)->id,
2248                                                "Failed to accept socket: %m");
2249                                 goto fail;
2250                         }
2251
2252                         break;
2253                 }
2254
2255                 socket_apply_socket_options(p->socket, cfd);
2256         }
2257
2258         socket_enter_running(p->socket, cfd);
2259         return 0;
2260
2261 fail:
2262         socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2263         return 0;
2264 }
2265
2266 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2267         Socket *s = SOCKET(u);
2268         SocketResult f;
2269
2270         assert(s);
2271         assert(pid >= 0);
2272
2273         if (pid != s->control_pid)
2274                 return;
2275
2276         s->control_pid = 0;
2277
2278         if (is_clean_exit(code, status, NULL))
2279                 f = SOCKET_SUCCESS;
2280         else if (code == CLD_EXITED)
2281                 f = SOCKET_FAILURE_EXIT_CODE;
2282         else if (code == CLD_KILLED)
2283                 f = SOCKET_FAILURE_SIGNAL;
2284         else if (code == CLD_DUMPED)
2285                 f = SOCKET_FAILURE_CORE_DUMP;
2286         else
2287                 assert_not_reached("Unknown sigchld code");
2288
2289         if (s->control_command) {
2290                 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2291
2292                 if (s->control_command->ignore)
2293                         f = SOCKET_SUCCESS;
2294         }
2295
2296         log_full_unit(f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
2297                       u->id,
2298                       "%s control process exited, code=%s status=%i",
2299                       u->id, sigchld_code_to_string(code), status);
2300
2301         if (f != SOCKET_SUCCESS)
2302                 s->result = f;
2303
2304         if (s->control_command &&
2305             s->control_command->command_next &&
2306             f == SOCKET_SUCCESS) {
2307
2308                 log_debug_unit(u->id,
2309                                "%s running next command for state %s",
2310                                u->id, socket_state_to_string(s->state));
2311                 socket_run_next(s);
2312         } else {
2313                 s->control_command = NULL;
2314                 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2315
2316                 /* No further commands for this step, so let's figure
2317                  * out what to do next */
2318
2319                 log_debug_unit(u->id,
2320                                "%s got final SIGCHLD for state %s",
2321                                u->id, socket_state_to_string(s->state));
2322
2323                 switch (s->state) {
2324
2325                 case SOCKET_START_PRE:
2326                         if (f == SOCKET_SUCCESS)
2327                                 socket_enter_start_chown(s);
2328                         else
2329                                 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2330                         break;
2331
2332                 case SOCKET_START_CHOWN:
2333                         if (f == SOCKET_SUCCESS)
2334                                 socket_enter_start_post(s);
2335                         else
2336                                 socket_enter_stop_pre(s, f);
2337                         break;
2338
2339                 case SOCKET_START_POST:
2340                         if (f == SOCKET_SUCCESS)
2341                                 socket_enter_listening(s);
2342                         else
2343                                 socket_enter_stop_pre(s, f);
2344                         break;
2345
2346                 case SOCKET_STOP_PRE:
2347                 case SOCKET_STOP_PRE_SIGTERM:
2348                 case SOCKET_STOP_PRE_SIGKILL:
2349                         socket_enter_stop_post(s, f);
2350                         break;
2351
2352                 case SOCKET_STOP_POST:
2353                 case SOCKET_FINAL_SIGTERM:
2354                 case SOCKET_FINAL_SIGKILL:
2355                         socket_enter_dead(s, f);
2356                         break;
2357
2358                 default:
2359                         assert_not_reached("Uh, control process died at wrong time.");
2360                 }
2361         }
2362
2363         /* Notify clients about changed exit status */
2364         unit_add_to_dbus_queue(u);
2365 }
2366
2367 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2368         Socket *s = SOCKET(userdata);
2369
2370         assert(s);
2371         assert(s->timer_event_source == source);
2372
2373         switch (s->state) {
2374
2375         case SOCKET_START_PRE:
2376                 log_warning_unit(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
2377                 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2378                 break;
2379
2380         case SOCKET_START_CHOWN:
2381         case SOCKET_START_POST:
2382                 log_warning_unit(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
2383                 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2384                 break;
2385
2386         case SOCKET_STOP_PRE:
2387                 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
2388                 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2389                 break;
2390
2391         case SOCKET_STOP_PRE_SIGTERM:
2392                 if (s->kill_context.send_sigkill) {
2393                         log_warning_unit(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
2394                         socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2395                 } else {
2396                         log_warning_unit(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2397                         socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2398                 }
2399                 break;
2400
2401         case SOCKET_STOP_PRE_SIGKILL:
2402                 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
2403                 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2404                 break;
2405
2406         case SOCKET_STOP_POST:
2407                 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
2408                 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2409                 break;
2410
2411         case SOCKET_FINAL_SIGTERM:
2412                 if (s->kill_context.send_sigkill) {
2413                         log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
2414                         socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2415                 } else {
2416                         log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2417                         socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2418                 }
2419                 break;
2420
2421         case SOCKET_FINAL_SIGKILL:
2422                 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
2423                 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2424                 break;
2425
2426         default:
2427                 assert_not_reached("Timeout at wrong time.");
2428         }
2429
2430         return 0;
2431 }
2432
2433 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2434         int *rfds;
2435         unsigned rn_fds, k;
2436         SocketPort *p;
2437
2438         assert(s);
2439         assert(fds);
2440         assert(n_fds);
2441
2442         /* Called from the service code for requesting our fds */
2443
2444         rn_fds = 0;
2445         LIST_FOREACH(port, p, s->ports)
2446                 if (p->fd >= 0)
2447                         rn_fds++;
2448
2449         if (rn_fds <= 0) {
2450                 *fds = NULL;
2451                 *n_fds = 0;
2452                 return 0;
2453         }
2454
2455         if (!(rfds = new(int, rn_fds)))
2456                 return -ENOMEM;
2457
2458         k = 0;
2459         LIST_FOREACH(port, p, s->ports)
2460                 if (p->fd >= 0)
2461                         rfds[k++] = p->fd;
2462
2463         assert(k == rn_fds);
2464
2465         *fds = rfds;
2466         *n_fds = rn_fds;
2467
2468         return 0;
2469 }
2470
2471 static void socket_reset_failed(Unit *u) {
2472         Socket *s = SOCKET(u);
2473
2474         assert(s);
2475
2476         if (s->state == SOCKET_FAILED)
2477                 socket_set_state(s, SOCKET_DEAD);
2478
2479         s->result = SOCKET_SUCCESS;
2480 }
2481
2482 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2483         assert(s);
2484
2485         /* The service is dead. Dang!
2486          *
2487          * This is strictly for one-instance-for-all-connections
2488          * services. */
2489
2490         if (s->state == SOCKET_RUNNING) {
2491                 log_debug_unit(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
2492                 if (failed_permanent)
2493                         socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2494                 else
2495                         socket_enter_listening(s);
2496         }
2497 }
2498
2499 void socket_connection_unref(Socket *s) {
2500         assert(s);
2501
2502         /* The service is dead. Yay!
2503          *
2504          * This is strictly for one-instance-per-connection
2505          * services. */
2506
2507         assert(s->n_connections > 0);
2508         s->n_connections--;
2509
2510         log_debug_unit(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
2511 }
2512
2513 static void socket_trigger_notify(Unit *u, Unit *other) {
2514         Socket *s = SOCKET(u);
2515         Service *se;
2516
2517         assert(u);
2518         assert(other);
2519
2520         /* Don't propagate state changes from the service if we are
2521            already down or accepting connections */
2522         if ((s->state !=  SOCKET_RUNNING &&
2523             s->state != SOCKET_LISTENING) ||
2524             s->accept)
2525                 return;
2526
2527         if (other->load_state != UNIT_LOADED ||
2528             other->type != UNIT_SERVICE)
2529                 return;
2530
2531         se = SERVICE(other);
2532
2533         if (se->state == SERVICE_FAILED)
2534                 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2535
2536         if (se->state == SERVICE_DEAD ||
2537             se->state == SERVICE_STOP ||
2538             se->state == SERVICE_STOP_SIGTERM ||
2539             se->state == SERVICE_STOP_SIGKILL ||
2540             se->state == SERVICE_STOP_POST ||
2541             se->state == SERVICE_FINAL_SIGTERM ||
2542             se->state == SERVICE_FINAL_SIGKILL ||
2543             se->state == SERVICE_AUTO_RESTART)
2544                 socket_notify_service_dead(s, false);
2545
2546         if (se->state == SERVICE_RUNNING)
2547                 socket_set_state(s, SOCKET_RUNNING);
2548 }
2549
2550 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2551         return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2552 }
2553
2554 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2555         Socket *s = SOCKET(u);
2556         int r;
2557
2558         if (!s->timer_event_source)
2559                 return 0;
2560
2561         r = sd_event_source_get_time(s->timer_event_source, timeout);
2562         if (r < 0)
2563                 return r;
2564
2565         return 1;
2566 }
2567
2568 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2569         [SOCKET_DEAD] = "dead",
2570         [SOCKET_START_PRE] = "start-pre",
2571         [SOCKET_START_CHOWN] = "start-chown",
2572         [SOCKET_START_POST] = "start-post",
2573         [SOCKET_LISTENING] = "listening",
2574         [SOCKET_RUNNING] = "running",
2575         [SOCKET_STOP_PRE] = "stop-pre",
2576         [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2577         [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2578         [SOCKET_STOP_POST] = "stop-post",
2579         [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2580         [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2581         [SOCKET_FAILED] = "failed"
2582 };
2583
2584 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2585
2586 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2587         [SOCKET_EXEC_START_PRE] = "StartPre",
2588         [SOCKET_EXEC_START_CHOWN] = "StartChown",
2589         [SOCKET_EXEC_START_POST] = "StartPost",
2590         [SOCKET_EXEC_STOP_PRE] = "StopPre",
2591         [SOCKET_EXEC_STOP_POST] = "StopPost"
2592 };
2593
2594 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2595
2596 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2597         [SOCKET_SUCCESS] = "success",
2598         [SOCKET_FAILURE_RESOURCES] = "resources",
2599         [SOCKET_FAILURE_TIMEOUT] = "timeout",
2600         [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2601         [SOCKET_FAILURE_SIGNAL] = "signal",
2602         [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2603         [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2604 };
2605
2606 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2607
2608 const UnitVTable socket_vtable = {
2609         .object_size = sizeof(Socket),
2610         .exec_context_offset = offsetof(Socket, exec_context),
2611         .cgroup_context_offset = offsetof(Socket, cgroup_context),
2612         .kill_context_offset = offsetof(Socket, kill_context),
2613         .exec_runtime_offset = offsetof(Socket, exec_runtime),
2614
2615         .sections =
2616                 "Unit\0"
2617                 "Socket\0"
2618                 "Install\0",
2619         .private_section = "Socket",
2620
2621         .init = socket_init,
2622         .done = socket_done,
2623         .load = socket_load,
2624
2625         .coldplug = socket_coldplug,
2626
2627         .dump = socket_dump,
2628
2629         .start = socket_start,
2630         .stop = socket_stop,
2631
2632         .kill = socket_kill,
2633
2634         .get_timeout = socket_get_timeout,
2635
2636         .serialize = socket_serialize,
2637         .deserialize_item = socket_deserialize_item,
2638         .distribute_fds = socket_distribute_fds,
2639
2640         .active_state = socket_active_state,
2641         .sub_state_to_string = socket_sub_state_to_string,
2642
2643         .check_gc = socket_check_gc,
2644
2645         .sigchld_event = socket_sigchld_event,
2646
2647         .trigger_notify = socket_trigger_notify,
2648
2649         .reset_failed = socket_reset_failed,
2650
2651         .bus_interface = "org.freedesktop.systemd1.Socket",
2652         .bus_vtable = bus_socket_vtable,
2653         .bus_set_property = bus_socket_set_property,
2654         .bus_commit_properties = bus_socket_commit_properties,
2655
2656         .status_message_formats = {
2657                 /*.starting_stopping = {
2658                         [0] = "Starting socket %s...",
2659                         [1] = "Stopping socket %s...",
2660                 },*/
2661                 .finished_start_job = {
2662                         [JOB_DONE]       = "Listening on %s.",
2663                         [JOB_FAILED]     = "Failed to listen on %s.",
2664                         [JOB_DEPENDENCY] = "Dependency failed for %s.",
2665                         [JOB_TIMEOUT]    = "Timed out starting %s.",
2666                 },
2667                 .finished_stop_job = {
2668                         [JOB_DONE]       = "Closed %s.",
2669                         [JOB_FAILED]     = "Failed stopping %s.",
2670                         [JOB_TIMEOUT]    = "Timed out stopping %s.",
2671                 },
2672         },
2673 };
Unnamed repository; edit this file 'description' to name the repository.