chiark / gitweb /
~ianmdlvl / elogind.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
kdbus: when uploading bus name policy, resolve users/groups out-of-process
[elogind.git] / src / core / socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4   This file is part of systemd.
5
6   Copyright 2010 Lennart Poettering
7
8   systemd is free software; you can redistribute it and/or modify it
9   under the terms of the GNU Lesser General Public License as published by
10   the Free Software Foundation; either version 2.1 of the License, or
11   (at your option) any later version.
12
13   systemd is distributed in the hope that it will be useful, but
14   WITHOUT ANY WARRANTY; without even the implied warranty of
15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16   Lesser General Public License for more details.
17
18   You should have received a copy of the GNU Lesser General Public License
19   along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/types.h>
23 #include <sys/stat.h>
24 #include <unistd.h>
25 #include <errno.h>
26 #include <fcntl.h>
27 #include <sys/epoll.h>
28 #include <signal.h>
29 #include <arpa/inet.h>
30 #include <netinet/tcp.h>
31 #include <mqueue.h>
32 #include <sys/xattr.h>
33
34 #include "sd-event.h"
35 #include "log.h"
36 #include "load-dropin.h"
37 #include "load-fragment.h"
38 #include "strv.h"
39 #include "mkdir.h"
40 #include "path-util.h"
41 #include "unit-name.h"
42 #include "unit-printf.h"
43 #include "missing.h"
44 #include "special.h"
45 #include "label.h"
46 #include "exit-status.h"
47 #include "def.h"
48 #include "smack-util.h"
49 #include "bus-util.h"
50 #include "bus-error.h"
51 #include "dbus-socket.h"
52 #include "unit.h"
53 #include "socket.h"
54
55 static const UnitActiveState state_translation_table[_SOCKET_STATE_MAX] = {
56         [SOCKET_DEAD] = UNIT_INACTIVE,
57         [SOCKET_START_PRE] = UNIT_ACTIVATING,
58         [SOCKET_START_CHOWN] = UNIT_ACTIVATING,
59         [SOCKET_START_POST] = UNIT_ACTIVATING,
60         [SOCKET_LISTENING] = UNIT_ACTIVE,
61         [SOCKET_RUNNING] = UNIT_ACTIVE,
62         [SOCKET_STOP_PRE] = UNIT_DEACTIVATING,
63         [SOCKET_STOP_PRE_SIGTERM] = UNIT_DEACTIVATING,
64         [SOCKET_STOP_PRE_SIGKILL] = UNIT_DEACTIVATING,
65         [SOCKET_STOP_POST] = UNIT_DEACTIVATING,
66         [SOCKET_FINAL_SIGTERM] = UNIT_DEACTIVATING,
67         [SOCKET_FINAL_SIGKILL] = UNIT_DEACTIVATING,
68         [SOCKET_FAILED] = UNIT_FAILED
69 };
70
71 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata);
72 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata);
73
74 static void socket_init(Unit *u) {
75         Socket *s = SOCKET(u);
76
77         assert(u);
78         assert(u->load_state == UNIT_STUB);
79
80         s->backlog = SOMAXCONN;
81         s->timeout_usec = u->manager->default_timeout_start_usec;
82         s->directory_mode = 0755;
83         s->socket_mode = 0666;
84
85         s->max_connections = 64;
86
87         s->priority = -1;
88         s->ip_tos = -1;
89         s->ip_ttl = -1;
90         s->mark = -1;
91
92         s->exec_context.std_output = u->manager->default_std_output;
93         s->exec_context.std_error = u->manager->default_std_error;
94
95         s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
96 }
97
98 static void socket_unwatch_control_pid(Socket *s) {
99         assert(s);
100
101         if (s->control_pid <= 0)
102                 return;
103
104         unit_unwatch_pid(UNIT(s), s->control_pid);
105         s->control_pid = 0;
106 }
107
108 void socket_free_ports(Socket *s) {
109         SocketPort *p;
110
111         assert(s);
112
113         while ((p = s->ports)) {
114                 LIST_REMOVE(port, s->ports, p);
115
116                 sd_event_source_unref(p->event_source);
117
118                 safe_close(p->fd);
119                 free(p->path);
120                 free(p);
121         }
122 }
123
124 static void socket_done(Unit *u) {
125         Socket *s = SOCKET(u);
126
127         assert(s);
128
129         socket_free_ports(s);
130
131         s->exec_runtime = exec_runtime_unref(s->exec_runtime);
132         exec_command_free_array(s->exec_command, _SOCKET_EXEC_COMMAND_MAX);
133         s->control_command = NULL;
134
135         socket_unwatch_control_pid(s);
136
137         unit_ref_unset(&s->service);
138
139         free(s->tcp_congestion);
140         s->tcp_congestion = NULL;
141
142         free(s->bind_to_device);
143         s->bind_to_device = NULL;
144
145         free(s->smack);
146         free(s->smack_ip_in);
147         free(s->smack_ip_out);
148
149         strv_free(s->symlinks);
150
151         free(s->user);
152         free(s->group);
153
154         s->timer_event_source = sd_event_source_unref(s->timer_event_source);
155 }
156
157 static int socket_arm_timer(Socket *s) {
158         int r;
159
160         assert(s);
161
162         if (s->timeout_usec <= 0) {
163                 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
164                 return 0;
165         }
166
167         if (s->timer_event_source) {
168                 r = sd_event_source_set_time(s->timer_event_source, now(CLOCK_MONOTONIC) + s->timeout_usec);
169                 if (r < 0)
170                         return r;
171
172                 return sd_event_source_set_enabled(s->timer_event_source, SD_EVENT_ONESHOT);
173         }
174
175         return sd_event_add_time(
176                         UNIT(s)->manager->event,
177                         &s->timer_event_source,
178                         CLOCK_MONOTONIC,
179                         now(CLOCK_MONOTONIC) + s->timeout_usec, 0,
180                         socket_dispatch_timer, s);
181 }
182
183 static int socket_instantiate_service(Socket *s) {
184         _cleanup_free_ char *prefix = NULL;
185         _cleanup_free_ char *name = NULL;
186         int r;
187         Unit *u;
188
189         assert(s);
190
191         /* This fills in s->service if it isn't filled in yet. For
192          * Accept=yes sockets we create the next connection service
193          * here. For Accept=no this is mostly a NOP since the service
194          * is figured out at load time anyway. */
195
196         if (UNIT_DEREF(s->service))
197                 return 0;
198
199         assert(s->accept);
200
201         prefix = unit_name_to_prefix(UNIT(s)->id);
202         if (!prefix)
203                 return -ENOMEM;
204
205         if (asprintf(&name, "%s@%u.service", prefix, s->n_accepted) < 0)
206                 return -ENOMEM;
207
208         r = manager_load_unit(UNIT(s)->manager, name, NULL, NULL, &u);
209         if (r < 0)
210                 return r;
211
212 #ifdef HAVE_SYSV_COMPAT
213         if (SERVICE(u)->is_sysv) {
214                 log_error("Using SysV services for socket activation is not supported. Refusing.");
215                 return -ENOENT;
216         }
217 #endif
218
219         u->no_gc = true;
220         unit_ref_set(&s->service, u);
221
222         return unit_add_two_dependencies(UNIT(s), UNIT_BEFORE, UNIT_TRIGGERS, u, false);
223 }
224
225 static bool have_non_accept_socket(Socket *s) {
226         SocketPort *p;
227
228         assert(s);
229
230         if (!s->accept)
231                 return true;
232
233         LIST_FOREACH(port, p, s->ports) {
234
235                 if (p->type != SOCKET_SOCKET)
236                         return true;
237
238                 if (!socket_address_can_accept(&p->address))
239                         return true;
240         }
241
242         return false;
243 }
244
245 static int socket_add_mount_links(Socket *s) {
246         SocketPort *p;
247         int r;
248
249         assert(s);
250
251         LIST_FOREACH(port, p, s->ports) {
252                 const char *path = NULL;
253
254                 if (p->type == SOCKET_SOCKET)
255                         path = socket_address_get_path(&p->address);
256                 else if (p->type == SOCKET_FIFO || p->type == SOCKET_SPECIAL)
257                         path = p->path;
258
259                 if (!path)
260                         continue;
261
262                 r = unit_require_mounts_for(UNIT(s), path);
263                 if (r < 0)
264                         return r;
265         }
266
267         return 0;
268 }
269
270 static int socket_add_device_link(Socket *s) {
271         char *t;
272
273         assert(s);
274
275         if (!s->bind_to_device || streq(s->bind_to_device, "lo"))
276                 return 0;
277
278         t = strappenda("/sys/subsystem/net/devices/", s->bind_to_device);
279         return unit_add_node_link(UNIT(s), t, false);
280 }
281
282 static int socket_add_default_dependencies(Socket *s) {
283         int r;
284         assert(s);
285
286         r = unit_add_dependency_by_name(UNIT(s), UNIT_BEFORE, SPECIAL_SOCKETS_TARGET, NULL, true);
287         if (r < 0)
288                 return r;
289
290         if (UNIT(s)->manager->running_as == SYSTEMD_SYSTEM) {
291                 r = unit_add_two_dependencies_by_name(UNIT(s), UNIT_AFTER, UNIT_REQUIRES, SPECIAL_SYSINIT_TARGET, NULL, true);
292                 if (r < 0)
293                         return r;
294         }
295
296         return unit_add_two_dependencies_by_name(UNIT(s), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_SHUTDOWN_TARGET, NULL, true);
297 }
298
299 _pure_ static bool socket_has_exec(Socket *s) {
300         unsigned i;
301         assert(s);
302
303         for (i = 0; i < _SOCKET_EXEC_COMMAND_MAX; i++)
304                 if (s->exec_command[i])
305                         return true;
306
307         return false;
308 }
309
310 static int socket_add_extras(Socket *s) {
311         Unit *u = UNIT(s);
312         int r;
313
314         assert(s);
315
316         if (have_non_accept_socket(s)) {
317
318                 if (!UNIT_DEREF(s->service)) {
319                         Unit *x;
320
321                         r = unit_load_related_unit(u, ".service", &x);
322                         if (r < 0)
323                                 return r;
324
325                         unit_ref_set(&s->service, x);
326                 }
327
328                 r = unit_add_two_dependencies(u, UNIT_BEFORE, UNIT_TRIGGERS, UNIT_DEREF(s->service), true);
329                 if (r < 0)
330                         return r;
331         }
332
333         r = socket_add_mount_links(s);
334         if (r < 0)
335                 return r;
336
337         r = socket_add_device_link(s);
338         if (r < 0)
339                 return r;
340
341         r = unit_patch_contexts(u);
342         if (r < 0)
343                 return r;
344
345         if (socket_has_exec(s)) {
346                 r = unit_add_exec_dependencies(u, &s->exec_context);
347                 if (r < 0)
348                         return r;
349
350                 r = unit_add_default_slice(u, &s->cgroup_context);
351                 if (r < 0)
352                         return r;
353         }
354
355         if (u->default_dependencies) {
356                 r = socket_add_default_dependencies(s);
357                 if (r < 0)
358                         return r;
359         }
360
361         return 0;
362 }
363
364 static const char *socket_find_symlink_target(Socket *s) {
365         const char *found = NULL;
366         SocketPort *p;
367
368         LIST_FOREACH(port, p, s->ports) {
369                 const char *f = NULL;
370
371                 switch (p->type) {
372
373                 case SOCKET_FIFO:
374                         f = p->path;
375                         break;
376
377                 case SOCKET_SOCKET:
378                         if (p->address.sockaddr.un.sun_path[0] != 0)
379                                 f = p->address.sockaddr.un.sun_path;
380                         break;
381
382                 default:
383                         break;
384                 }
385
386                 if (f) {
387                         if (found)
388                                 return NULL;
389
390                         found = f;
391                 }
392         }
393
394         return found;
395 }
396
397 static int socket_verify(Socket *s) {
398         assert(s);
399
400         if (UNIT(s)->load_state != UNIT_LOADED)
401                 return 0;
402
403         if (!s->ports) {
404                 log_error_unit(UNIT(s)->id, "%s lacks Listen setting. Refusing.", UNIT(s)->id);
405                 return -EINVAL;
406         }
407
408         if (s->accept && have_non_accept_socket(s)) {
409                 log_error_unit(UNIT(s)->id, "%s configured for accepting sockets, but sockets are non-accepting. Refusing.",
410                                UNIT(s)->id);
411                 return -EINVAL;
412         }
413
414         if (s->accept && s->max_connections <= 0) {
415                 log_error_unit(UNIT(s)->id, "%s's MaxConnection setting too small. Refusing.", UNIT(s)->id);
416                 return -EINVAL;
417         }
418
419         if (s->accept && UNIT_DEREF(s->service)) {
420                 log_error_unit(UNIT(s)->id, "Explicit service configuration for accepting sockets not supported on %s. Refusing.", UNIT(s)->id);
421                 return -EINVAL;
422         }
423
424         if (s->exec_context.pam_name && s->kill_context.kill_mode != KILL_CONTROL_GROUP) {
425                 log_error_unit(UNIT(s)->id, "%s has PAM enabled. Kill mode must be set to 'control-group'. Refusing.", UNIT(s)->id);
426                 return -EINVAL;
427         }
428
429         if (!strv_isempty(s->symlinks) && !socket_find_symlink_target(s)) {
430                 log_error_unit(UNIT(s)->id, "%s has symlinks set but none or more than one node in the file system. Refusing.", UNIT(s)->id);
431                 return -EINVAL;
432         }
433
434         return 0;
435 }
436
437 static int socket_load(Unit *u) {
438         Socket *s = SOCKET(u);
439         int r;
440
441         assert(u);
442         assert(u->load_state == UNIT_STUB);
443
444         r = unit_load_fragment_and_dropin(u);
445         if (r < 0)
446                 return r;
447
448         if (u->load_state == UNIT_LOADED) {
449                 /* This is a new unit? Then let's add in some extras */
450                 r = socket_add_extras(s);
451                 if (r < 0)
452                         return r;
453         }
454
455         return socket_verify(s);
456 }
457
458 _const_ static const char* listen_lookup(int family, int type) {
459
460         if (family == AF_NETLINK)
461                 return "ListenNetlink";
462
463         if (type == SOCK_STREAM)
464                 return "ListenStream";
465         else if (type == SOCK_DGRAM)
466                 return "ListenDatagram";
467         else if (type == SOCK_SEQPACKET)
468                 return "ListenSequentialPacket";
469
470         assert_not_reached("Unknown socket type");
471         return NULL;
472 }
473
474 static void socket_dump(Unit *u, FILE *f, const char *prefix) {
475         SocketExecCommand c;
476         Socket *s = SOCKET(u);
477         SocketPort *p;
478         const char *prefix2;
479
480         assert(s);
481         assert(f);
482
483         prefix2 = strappenda(prefix, "\t");
484
485         fprintf(f,
486                 "%sSocket State: %s\n"
487                 "%sResult: %s\n"
488                 "%sBindIPv6Only: %s\n"
489                 "%sBacklog: %u\n"
490                 "%sSocketMode: %04o\n"
491                 "%sDirectoryMode: %04o\n"
492                 "%sKeepAlive: %s\n"
493                 "%sFreeBind: %s\n"
494                 "%sTransparent: %s\n"
495                 "%sBroadcast: %s\n"
496                 "%sPassCredentials: %s\n"
497                 "%sPassSecurity: %s\n"
498                 "%sTCPCongestion: %s\n"
499                 "%sRemoveOnStop: %s\n",
500                 prefix, socket_state_to_string(s->state),
501                 prefix, socket_result_to_string(s->result),
502                 prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only),
503                 prefix, s->backlog,
504                 prefix, s->socket_mode,
505                 prefix, s->directory_mode,
506                 prefix, yes_no(s->keep_alive),
507                 prefix, yes_no(s->free_bind),
508                 prefix, yes_no(s->transparent),
509                 prefix, yes_no(s->broadcast),
510                 prefix, yes_no(s->pass_cred),
511                 prefix, yes_no(s->pass_sec),
512                 prefix, strna(s->tcp_congestion),
513                 prefix, yes_no(s->remove_on_stop));
514
515         if (s->control_pid > 0)
516                 fprintf(f,
517                         "%sControl PID: "PID_FMT"\n",
518                         prefix, s->control_pid);
519
520         if (s->bind_to_device)
521                 fprintf(f,
522                         "%sBindToDevice: %s\n",
523                         prefix, s->bind_to_device);
524
525         if (s->accept)
526                 fprintf(f,
527                         "%sAccepted: %u\n"
528                         "%sNConnections: %u\n"
529                         "%sMaxConnections: %u\n",
530                         prefix, s->n_accepted,
531                         prefix, s->n_connections,
532                         prefix, s->max_connections);
533
534         if (s->priority >= 0)
535                 fprintf(f,
536                         "%sPriority: %i\n",
537                         prefix, s->priority);
538
539         if (s->receive_buffer > 0)
540                 fprintf(f,
541                         "%sReceiveBuffer: %zu\n",
542                         prefix, s->receive_buffer);
543
544         if (s->send_buffer > 0)
545                 fprintf(f,
546                         "%sSendBuffer: %zu\n",
547                         prefix, s->send_buffer);
548
549         if (s->ip_tos >= 0)
550                 fprintf(f,
551                         "%sIPTOS: %i\n",
552                         prefix, s->ip_tos);
553
554         if (s->ip_ttl >= 0)
555                 fprintf(f,
556                         "%sIPTTL: %i\n",
557                         prefix, s->ip_ttl);
558
559         if (s->pipe_size > 0)
560                 fprintf(f,
561                         "%sPipeSize: %zu\n",
562                         prefix, s->pipe_size);
563
564         if (s->mark >= 0)
565                 fprintf(f,
566                         "%sMark: %i\n",
567                         prefix, s->mark);
568
569         if (s->mq_maxmsg > 0)
570                 fprintf(f,
571                         "%sMessageQueueMaxMessages: %li\n",
572                         prefix, s->mq_maxmsg);
573
574         if (s->mq_msgsize > 0)
575                 fprintf(f,
576                         "%sMessageQueueMessageSize: %li\n",
577                         prefix, s->mq_msgsize);
578
579         if (s->reuse_port)
580                 fprintf(f,
581                         "%sReusePort: %s\n",
582                          prefix, yes_no(s->reuse_port));
583
584         if (s->smack)
585                 fprintf(f,
586                         "%sSmackLabel: %s\n",
587                         prefix, s->smack);
588
589         if (s->smack_ip_in)
590                 fprintf(f,
591                         "%sSmackLabelIPIn: %s\n",
592                         prefix, s->smack_ip_in);
593
594         if (s->smack_ip_out)
595                 fprintf(f,
596                         "%sSmackLabelIPOut: %s\n",
597                         prefix, s->smack_ip_out);
598
599         if (!isempty(s->user) || !isempty(s->group))
600                 fprintf(f,
601                         "%sOwnerUser: %s\n"
602                         "%sOwnerGroup: %s\n",
603                         prefix, strna(s->user),
604                         prefix, strna(s->group));
605
606         LIST_FOREACH(port, p, s->ports) {
607
608                 if (p->type == SOCKET_SOCKET) {
609                         const char *t;
610                         int r;
611                         char *k = NULL;
612
613                         if ((r = socket_address_print(&p->address, &k)) < 0)
614                                 t = strerror(-r);
615                         else
616                                 t = k;
617
618                         fprintf(f, "%s%s: %s\n", prefix, listen_lookup(socket_address_family(&p->address), p->address.type), t);
619                         free(k);
620                 } else if (p->type == SOCKET_SPECIAL)
621                         fprintf(f, "%sListenSpecial: %s\n", prefix, p->path);
622                 else if (p->type == SOCKET_MQUEUE)
623                         fprintf(f, "%sListenMessageQueue: %s\n", prefix, p->path);
624                 else
625                         fprintf(f, "%sListenFIFO: %s\n", prefix, p->path);
626         }
627
628         exec_context_dump(&s->exec_context, f, prefix);
629         kill_context_dump(&s->kill_context, f, prefix);
630
631         for (c = 0; c < _SOCKET_EXEC_COMMAND_MAX; c++) {
632                 if (!s->exec_command[c])
633                         continue;
634
635                 fprintf(f, "%s-> %s:\n",
636                         prefix, socket_exec_command_to_string(c));
637
638                 exec_command_dump_list(s->exec_command[c], f, prefix2);
639         }
640 }
641
642 static int instance_from_socket(int fd, unsigned nr, char **instance) {
643         socklen_t l;
644         char *r;
645         union sockaddr_union local, remote;
646
647         assert(fd >= 0);
648         assert(instance);
649
650         l = sizeof(local);
651         if (getsockname(fd, &local.sa, &l) < 0)
652                 return -errno;
653
654         l = sizeof(remote);
655         if (getpeername(fd, &remote.sa, &l) < 0)
656                 return -errno;
657
658         switch (local.sa.sa_family) {
659
660         case AF_INET: {
661                 uint32_t
662                         a = ntohl(local.in.sin_addr.s_addr),
663                         b = ntohl(remote.in.sin_addr.s_addr);
664
665                 if (asprintf(&r,
666                              "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
667                              nr,
668                              a >> 24, (a >> 16) & 0xFF, (a >> 8) & 0xFF, a & 0xFF,
669                              ntohs(local.in.sin_port),
670                              b >> 24, (b >> 16) & 0xFF, (b >> 8) & 0xFF, b & 0xFF,
671                              ntohs(remote.in.sin_port)) < 0)
672                         return -ENOMEM;
673
674                 break;
675         }
676
677         case AF_INET6: {
678                 static const unsigned char ipv4_prefix[] = {
679                         0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF
680                 };
681
682                 if (memcmp(&local.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0 &&
683                     memcmp(&remote.in6.sin6_addr, ipv4_prefix, sizeof(ipv4_prefix)) == 0) {
684                         const uint8_t
685                                 *a = local.in6.sin6_addr.s6_addr+12,
686                                 *b = remote.in6.sin6_addr.s6_addr+12;
687
688                         if (asprintf(&r,
689                                      "%u-%u.%u.%u.%u:%u-%u.%u.%u.%u:%u",
690                                      nr,
691                                      a[0], a[1], a[2], a[3],
692                                      ntohs(local.in6.sin6_port),
693                                      b[0], b[1], b[2], b[3],
694                                      ntohs(remote.in6.sin6_port)) < 0)
695                                 return -ENOMEM;
696                 } else {
697                         char a[INET6_ADDRSTRLEN], b[INET6_ADDRSTRLEN];
698
699                         if (asprintf(&r,
700                                      "%u-%s:%u-%s:%u",
701                                      nr,
702                                      inet_ntop(AF_INET6, &local.in6.sin6_addr, a, sizeof(a)),
703                                      ntohs(local.in6.sin6_port),
704                                      inet_ntop(AF_INET6, &remote.in6.sin6_addr, b, sizeof(b)),
705                                      ntohs(remote.in6.sin6_port)) < 0)
706                                 return -ENOMEM;
707                 }
708
709                 break;
710         }
711
712         case AF_UNIX: {
713                 struct ucred ucred;
714                 int k;
715
716                 k = getpeercred(fd, &ucred);
717                 if (k >= 0) {
718                         if (asprintf(&r,
719                                      "%u-"PID_FMT"-"UID_FMT,
720                                      nr, ucred.pid, ucred.uid) < 0)
721                                 return -ENOMEM;
722                 } else if (k == -ENODATA) {
723                         /* This handles the case where somebody is
724                          * connecting from another pid/uid namespace
725                          * (e.g. from outside of our container). */
726                         if (asprintf(&r,
727                                      "%u-unknown",
728                                      nr) < 0)
729                                 return -ENOMEM;
730                 } else
731                         return k;
732
733                 break;
734         }
735
736         default:
737                 assert_not_reached("Unhandled socket type.");
738         }
739
740         *instance = r;
741         return 0;
742 }
743
744 static void socket_close_fds(Socket *s) {
745         SocketPort *p;
746         char **i;
747
748         assert(s);
749
750         LIST_FOREACH(port, p, s->ports) {
751
752                 p->event_source = sd_event_source_unref(p->event_source);
753
754                 if (p->fd < 0)
755                         continue;
756
757                 p->fd = safe_close(p->fd);
758
759                 /* One little note: we should normally not delete any
760                  * sockets in the file system here! After all some
761                  * other process we spawned might still have a
762                  * reference of this fd and wants to continue to use
763                  * it. Therefore we delete sockets in the file system
764                  * before we create a new one, not after we stopped
765                  * using one! */
766
767                 if (s->remove_on_stop) {
768                         switch (p->type) {
769
770                         case SOCKET_FIFO:
771                                 unlink(p->path);
772                                 break;
773
774                         case SOCKET_MQUEUE:
775                                 mq_unlink(p->path);
776                                 break;
777
778                         case SOCKET_SOCKET:
779                                 socket_address_unlink(&p->address);
780                                 break;
781
782                         default:
783                                 break;
784                         }
785                 }
786         }
787
788         if (s->remove_on_stop)
789                 STRV_FOREACH(i, s->symlinks)
790                         unlink(*i);
791 }
792
793 static void socket_apply_socket_options(Socket *s, int fd) {
794         assert(s);
795         assert(fd >= 0);
796
797         if (s->keep_alive) {
798                 int b = s->keep_alive;
799                 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &b, sizeof(b)) < 0)
800                         log_warning_unit(UNIT(s)->id, "SO_KEEPALIVE failed: %m");
801         }
802
803         if (s->broadcast) {
804                 int one = 1;
805                 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) < 0)
806                         log_warning_unit(UNIT(s)->id, "SO_BROADCAST failed: %m");
807         }
808
809         if (s->pass_cred) {
810                 int one = 1;
811                 if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one)) < 0)
812                         log_warning_unit(UNIT(s)->id, "SO_PASSCRED failed: %m");
813         }
814
815         if (s->pass_sec) {
816                 int one = 1;
817                 if (setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one)) < 0)
818                         log_warning_unit(UNIT(s)->id, "SO_PASSSEC failed: %m");
819         }
820
821         if (s->priority >= 0)
822                 if (setsockopt(fd, SOL_SOCKET, SO_PRIORITY, &s->priority, sizeof(s->priority)) < 0)
823                         log_warning_unit(UNIT(s)->id, "SO_PRIORITY failed: %m");
824
825         if (s->receive_buffer > 0) {
826                 int value = (int) s->receive_buffer;
827
828                 /* We first try with SO_RCVBUFFORCE, in case we have the perms for that */
829
830                 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0)
831                         if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0)
832                                 log_warning_unit(UNIT(s)->id, "SO_RCVBUF failed: %m");
833         }
834
835         if (s->send_buffer > 0) {
836                 int value = (int) s->send_buffer;
837                 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0)
838                         if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0)
839                                 log_warning_unit(UNIT(s)->id, "SO_SNDBUF failed: %m");
840         }
841
842         if (s->mark >= 0)
843                 if (setsockopt(fd, SOL_SOCKET, SO_MARK, &s->mark, sizeof(s->mark)) < 0)
844                         log_warning_unit(UNIT(s)->id, "SO_MARK failed: %m");
845
846         if (s->ip_tos >= 0)
847                 if (setsockopt(fd, IPPROTO_IP, IP_TOS, &s->ip_tos, sizeof(s->ip_tos)) < 0)
848                         log_warning_unit(UNIT(s)->id, "IP_TOS failed: %m");
849
850         if (s->ip_ttl >= 0) {
851                 int r, x;
852
853                 r = setsockopt(fd, IPPROTO_IP, IP_TTL, &s->ip_ttl, sizeof(s->ip_ttl));
854
855                 if (socket_ipv6_is_supported())
856                         x = setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &s->ip_ttl, sizeof(s->ip_ttl));
857                 else {
858                         x = -1;
859                         errno = EAFNOSUPPORT;
860                 }
861
862                 if (r < 0 && x < 0)
863                         log_warning_unit(UNIT(s)->id,
864                                          "IP_TTL/IPV6_UNICAST_HOPS failed: %m");
865         }
866
867         if (s->tcp_congestion)
868                 if (setsockopt(fd, SOL_TCP, TCP_CONGESTION, s->tcp_congestion, strlen(s->tcp_congestion)+1) < 0)
869                         log_warning_unit(UNIT(s)->id, "TCP_CONGESTION failed: %m");
870
871         if (s->reuse_port) {
872                 int b = s->reuse_port;
873                 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &b, sizeof(b)) < 0)
874                         log_warning_unit(UNIT(s)->id, "SO_REUSEPORT failed: %m");
875         }
876
877         if (s->smack_ip_in)
878                 if (smack_label_ip_in_fd(fd, s->smack_ip_in) < 0)
879                         log_error_unit(UNIT(s)->id, "smack_label_ip_in_fd: %m");
880
881         if (s->smack_ip_out)
882                 if (smack_label_ip_out_fd(fd, s->smack_ip_out) < 0)
883                         log_error_unit(UNIT(s)->id, "smack_label_ip_out_fd: %m");
884 }
885
886 static void socket_apply_fifo_options(Socket *s, int fd) {
887         assert(s);
888         assert(fd >= 0);
889
890         if (s->pipe_size > 0)
891                 if (fcntl(fd, F_SETPIPE_SZ, s->pipe_size) < 0)
892                         log_warning_unit(UNIT(s)->id,
893                                          "F_SETPIPE_SZ: %m");
894
895         if (s->smack)
896                 if (smack_label_fd(fd, s->smack) < 0)
897                         log_error_unit(UNIT(s)->id, "smack_label_fd: %m");
898 }
899
900 static int fifo_address_create(
901                 const char *path,
902                 mode_t directory_mode,
903                 mode_t socket_mode,
904                 int *_fd) {
905
906         int fd = -1, r = 0;
907         struct stat st;
908         mode_t old_mask;
909
910         assert(path);
911         assert(_fd);
912
913         mkdir_parents_label(path, directory_mode);
914
915         r = label_context_set(path, S_IFIFO);
916         if (r < 0)
917                 goto fail;
918
919         /* Enforce the right access mode for the fifo */
920         old_mask = umask(~ socket_mode);
921
922         /* Include the original umask in our mask */
923         umask(~socket_mode | old_mask);
924
925         r = mkfifo(path, socket_mode);
926         umask(old_mask);
927
928         if (r < 0 && errno != EEXIST) {
929                 r = -errno;
930                 goto fail;
931         }
932
933         if ((fd = open(path, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW)) < 0) {
934                 r = -errno;
935                 goto fail;
936         }
937
938         label_context_clear();
939
940         if (fstat(fd, &st) < 0) {
941                 r = -errno;
942                 goto fail;
943         }
944
945         if (!S_ISFIFO(st.st_mode) ||
946             (st.st_mode & 0777) != (socket_mode & ~old_mask) ||
947             st.st_uid != getuid() ||
948             st.st_gid != getgid()) {
949
950                 r = -EEXIST;
951                 goto fail;
952         }
953
954         *_fd = fd;
955         return 0;
956
957 fail:
958         label_context_clear();
959         safe_close(fd);
960
961         return r;
962 }
963
964 static int special_address_create(
965                 const char *path,
966                 int *_fd) {
967
968         int fd = -1, r = 0;
969         struct stat st;
970
971         assert(path);
972         assert(_fd);
973
974         fd = open(path, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW);
975         if (fd < 0) {
976                 r = -errno;
977                 goto fail;
978         }
979
980         if (fstat(fd, &st) < 0) {
981                 r = -errno;
982                 goto fail;
983         }
984
985         /* Check whether this is a /proc, /sys or /dev file or char device */
986         if (!S_ISREG(st.st_mode) && !S_ISCHR(st.st_mode)) {
987                 r = -EEXIST;
988                 goto fail;
989         }
990
991         *_fd = fd;
992         return 0;
993
994 fail:
995         safe_close(fd);
996
997         return r;
998 }
999
1000 static int mq_address_create(
1001                 const char *path,
1002                 mode_t mq_mode,
1003                 long maxmsg,
1004                 long msgsize,
1005                 int *_fd) {
1006
1007         int fd = -1, r = 0;
1008         struct stat st;
1009         mode_t old_mask;
1010         struct mq_attr _attr, *attr = NULL;
1011
1012         assert(path);
1013         assert(_fd);
1014
1015         if (maxmsg > 0 && msgsize > 0) {
1016                 zero(_attr);
1017                 _attr.mq_flags = O_NONBLOCK;
1018                 _attr.mq_maxmsg = maxmsg;
1019                 _attr.mq_msgsize = msgsize;
1020                 attr = &_attr;
1021         }
1022
1023         /* Enforce the right access mode for the mq */
1024         old_mask = umask(~ mq_mode);
1025
1026         /* Include the original umask in our mask */
1027         umask(~mq_mode | old_mask);
1028         fd = mq_open(path, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_CREAT, mq_mode, attr);
1029         umask(old_mask);
1030
1031         if (fd < 0) {
1032                 r = -errno;
1033                 goto fail;
1034         }
1035
1036         if (fstat(fd, &st) < 0) {
1037                 r = -errno;
1038                 goto fail;
1039         }
1040
1041         if ((st.st_mode & 0777) != (mq_mode & ~old_mask) ||
1042             st.st_uid != getuid() ||
1043             st.st_gid != getgid()) {
1044
1045                 r = -EEXIST;
1046                 goto fail;
1047         }
1048
1049         *_fd = fd;
1050         return 0;
1051
1052 fail:
1053         safe_close(fd);
1054         return r;
1055 }
1056
1057 static int socket_symlink(Socket *s) {
1058         const char *p;
1059         char **i;
1060
1061         assert(s);
1062
1063         p = socket_find_symlink_target(s);
1064         if (!p)
1065                 return 0;
1066
1067         STRV_FOREACH(i, s->symlinks)
1068                 symlink(p, *i);
1069
1070         return 0;
1071 }
1072
1073 static int socket_open_fds(Socket *s) {
1074         SocketPort *p;
1075         int r;
1076         char *label = NULL;
1077         bool know_label = false;
1078
1079         assert(s);
1080
1081         LIST_FOREACH(port, p, s->ports) {
1082
1083                 if (p->fd >= 0)
1084                         continue;
1085
1086                 if (p->type == SOCKET_SOCKET) {
1087
1088                         if (!know_label) {
1089
1090                                 r = socket_instantiate_service(s);
1091                                 if (r < 0)
1092                                         return r;
1093
1094                                 if (UNIT_ISSET(s->service) &&
1095                                     SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
1096                                         r = label_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
1097                                         if (r < 0 && r != -EPERM)
1098                                                 return r;
1099                                 }
1100
1101                                 know_label = true;
1102                         }
1103
1104                         r = socket_address_listen(
1105                                         &p->address,
1106                                         SOCK_CLOEXEC|SOCK_NONBLOCK,
1107                                         s->backlog,
1108                                         s->bind_ipv6_only,
1109                                         s->bind_to_device,
1110                                         s->free_bind,
1111                                         s->transparent,
1112                                         s->directory_mode,
1113                                         s->socket_mode,
1114                                         label);
1115                         if (r < 0)
1116                                 goto rollback;
1117
1118                         p->fd = r;
1119                         socket_apply_socket_options(s, p->fd);
1120                         socket_symlink(s);
1121
1122                 } else  if (p->type == SOCKET_SPECIAL) {
1123
1124                         r = special_address_create(
1125                                         p->path,
1126                                         &p->fd);
1127                         if (r < 0)
1128                                 goto rollback;
1129
1130                 } else  if (p->type == SOCKET_FIFO) {
1131
1132                         r = fifo_address_create(
1133                                         p->path,
1134                                         s->directory_mode,
1135                                         s->socket_mode,
1136                                         &p->fd);
1137                         if (r < 0)
1138                                 goto rollback;
1139
1140                         socket_apply_fifo_options(s, p->fd);
1141                         socket_symlink(s);
1142
1143                 } else if (p->type == SOCKET_MQUEUE) {
1144
1145                         r = mq_address_create(
1146                                         p->path,
1147                                         s->socket_mode,
1148                                         s->mq_maxmsg,
1149                                         s->mq_msgsize,
1150                                         &p->fd);
1151                         if (r < 0)
1152                                 goto rollback;
1153                 } else
1154                         assert_not_reached("Unknown port type");
1155         }
1156
1157         label_free(label);
1158         return 0;
1159
1160 rollback:
1161         socket_close_fds(s);
1162         label_free(label);
1163         return r;
1164 }
1165
1166 static void socket_unwatch_fds(Socket *s) {
1167         SocketPort *p;
1168         int r;
1169
1170         assert(s);
1171
1172         LIST_FOREACH(port, p, s->ports) {
1173                 if (p->fd < 0)
1174                         continue;
1175
1176                 if (!p->event_source)
1177                         continue;
1178
1179                 r = sd_event_source_set_enabled(p->event_source, SD_EVENT_OFF);
1180                 if (r < 0)
1181                         log_debug_unit(UNIT(s)->id, "Failed to disable event source.");
1182         }
1183 }
1184
1185 static int socket_watch_fds(Socket *s) {
1186         SocketPort *p;
1187         int r;
1188
1189         assert(s);
1190
1191         LIST_FOREACH(port, p, s->ports) {
1192                 if (p->fd < 0)
1193                         continue;
1194
1195                 if (p->event_source)
1196                         r = sd_event_source_set_enabled(p->event_source, SD_EVENT_ON);
1197                 else
1198                         r = sd_event_add_io(UNIT(s)->manager->event, &p->event_source, p->fd, EPOLLIN, socket_dispatch_io, p);
1199
1200                 if (r < 0) {
1201                         log_warning_unit(UNIT(s)->id, "Failed to watch listening fds: %s", strerror(-r));
1202                         goto fail;
1203                 }
1204         }
1205
1206         return 0;
1207
1208 fail:
1209         socket_unwatch_fds(s);
1210         return r;
1211 }
1212
1213 static void socket_set_state(Socket *s, SocketState state) {
1214         SocketState old_state;
1215         assert(s);
1216
1217         old_state = s->state;
1218         s->state = state;
1219
1220         if (!IN_SET(state,
1221                     SOCKET_START_PRE,
1222                     SOCKET_START_CHOWN,
1223                     SOCKET_START_POST,
1224                     SOCKET_STOP_PRE,
1225                     SOCKET_STOP_PRE_SIGTERM,
1226                     SOCKET_STOP_PRE_SIGKILL,
1227                     SOCKET_STOP_POST,
1228                     SOCKET_FINAL_SIGTERM,
1229                     SOCKET_FINAL_SIGKILL)) {
1230
1231                 s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1232                 socket_unwatch_control_pid(s);
1233                 s->control_command = NULL;
1234                 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
1235         }
1236
1237         if (state != SOCKET_LISTENING)
1238                 socket_unwatch_fds(s);
1239
1240         if (!IN_SET(state,
1241                     SOCKET_START_CHOWN,
1242                     SOCKET_START_POST,
1243                     SOCKET_LISTENING,
1244                     SOCKET_RUNNING,
1245                     SOCKET_STOP_PRE,
1246                     SOCKET_STOP_PRE_SIGTERM,
1247                     SOCKET_STOP_PRE_SIGKILL))
1248                 socket_close_fds(s);
1249
1250         if (state != old_state)
1251                 log_debug_unit(UNIT(s)->id, "%s changed %s -> %s",
1252                                UNIT(s)->id, socket_state_to_string(old_state), socket_state_to_string(state));
1253
1254         unit_notify(UNIT(s), state_translation_table[old_state], state_translation_table[state], true);
1255 }
1256
1257 static int socket_coldplug(Unit *u) {
1258         Socket *s = SOCKET(u);
1259         int r;
1260
1261         assert(s);
1262         assert(s->state == SOCKET_DEAD);
1263
1264         if (s->deserialized_state == s->state)
1265                 return 0;
1266
1267         if (IN_SET(s->deserialized_state,
1268                    SOCKET_START_PRE,
1269                    SOCKET_START_CHOWN,
1270                    SOCKET_START_POST,
1271                    SOCKET_STOP_PRE,
1272                    SOCKET_STOP_PRE_SIGTERM,
1273                    SOCKET_STOP_PRE_SIGKILL,
1274                    SOCKET_STOP_POST,
1275                    SOCKET_FINAL_SIGTERM,
1276                    SOCKET_FINAL_SIGKILL)) {
1277
1278                 if (s->control_pid <= 0)
1279                         return -EBADMSG;
1280
1281                 r = unit_watch_pid(UNIT(s), s->control_pid);
1282                 if (r < 0)
1283                         return r;
1284
1285                 r = socket_arm_timer(s);
1286                 if (r < 0)
1287                         return r;
1288         }
1289
1290         if (IN_SET(s->deserialized_state,
1291                    SOCKET_START_CHOWN,
1292                    SOCKET_START_POST,
1293                    SOCKET_LISTENING,
1294                    SOCKET_RUNNING,
1295                    SOCKET_STOP_PRE,
1296                    SOCKET_STOP_PRE_SIGTERM,
1297                    SOCKET_STOP_PRE_SIGKILL)) {
1298                 r = socket_open_fds(s);
1299                 if (r < 0)
1300                         return r;
1301         }
1302
1303         if (s->deserialized_state == SOCKET_LISTENING) {
1304                 r = socket_watch_fds(s);
1305                 if (r < 0)
1306                         return r;
1307         }
1308
1309         socket_set_state(s, s->deserialized_state);
1310         return 0;
1311 }
1312
1313 static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
1314         _cleanup_free_ char **argv = NULL;
1315         pid_t pid;
1316         int r;
1317
1318         assert(s);
1319         assert(c);
1320         assert(_pid);
1321
1322         unit_realize_cgroup(UNIT(s));
1323
1324         r = unit_setup_exec_runtime(UNIT(s));
1325         if (r < 0)
1326                 goto fail;
1327
1328         r = socket_arm_timer(s);
1329         if (r < 0)
1330                 goto fail;
1331
1332         r = unit_full_printf_strv(UNIT(s), c->argv, &argv);
1333         if (r < 0)
1334                 goto fail;
1335
1336         r = exec_spawn(c,
1337                        argv,
1338                        &s->exec_context,
1339                        NULL, 0,
1340                        UNIT(s)->manager->environment,
1341                        true,
1342                        true,
1343                        true,
1344                        UNIT(s)->manager->confirm_spawn,
1345                        UNIT(s)->manager->cgroup_supported,
1346                        UNIT(s)->cgroup_path,
1347                        manager_get_runtime_prefix(UNIT(s)->manager),
1348                        UNIT(s)->id,
1349                        0,
1350                        NULL,
1351                        s->exec_runtime,
1352                        &pid);
1353
1354         r = unit_watch_pid(UNIT(s), pid);
1355         if (r < 0)
1356                 /* FIXME: we need to do something here */
1357                 goto fail;
1358
1359         *_pid = pid;
1360         return 0;
1361
1362 fail:
1363         s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1364         return r;
1365 }
1366
1367 static int socket_chown(Socket *s, pid_t *_pid) {
1368         pid_t pid;
1369         int r;
1370
1371         r = socket_arm_timer(s);
1372         if (r < 0)
1373                 goto fail;
1374
1375         /* We have to resolve the user names out-of-process, hence
1376          * let's fork here. It's messy, but well, what can we do? */
1377
1378         pid = fork();
1379         if (pid < 0)
1380                 return -errno;
1381
1382         if (pid == 0) {
1383                 SocketPort *p;
1384                 uid_t uid = (uid_t) -1;
1385                 gid_t gid = (gid_t) -1;
1386                 int ret;
1387
1388                 default_signals(SIGNALS_CRASH_HANDLER, SIGNALS_IGNORE, -1);
1389                 ignore_signals(SIGPIPE, -1);
1390                 log_forget_fds();
1391
1392                 if (!isempty(s->user)) {
1393                         const char *user = s->user;
1394
1395                         r = get_user_creds(&user, &uid, &gid, NULL, NULL);
1396                         if (r < 0) {
1397                                 ret = EXIT_USER;
1398                                 goto fail_child;
1399                         }
1400                 }
1401
1402                 if (!isempty(s->group)) {
1403                         const char *group = s->group;
1404
1405                         r = get_group_creds(&group, &gid);
1406                         if (r < 0) {
1407                                 ret = EXIT_GROUP;
1408                                 goto fail_child;
1409                         }
1410                 }
1411
1412                 LIST_FOREACH(port, p, s->ports) {
1413                         const char *path;
1414
1415                         if (p->type == SOCKET_SOCKET)
1416                                 path = socket_address_get_path(&p->address);
1417                         else if (p->type == SOCKET_FIFO)
1418                                 path = p->path;
1419
1420                         if (!path)
1421                                 continue;
1422
1423                         if (chown(path, uid, gid) < 0) {
1424                                 r = -errno;
1425                                 ret = EXIT_CHOWN;
1426                                 goto fail_child;
1427                         }
1428                 }
1429
1430                 _exit(0);
1431
1432         fail_child:
1433                 log_open();
1434                 log_error("Failed to chown socket at step %s: %s", exit_status_to_string(ret, EXIT_STATUS_SYSTEMD), strerror(-r));
1435
1436                 _exit(ret);
1437         }
1438
1439         r = unit_watch_pid(UNIT(s), pid);
1440         if (r < 0)
1441                 goto fail;
1442
1443         *_pid = pid;
1444         return 0;
1445
1446 fail:
1447         s->timer_event_source = sd_event_source_unref(s->timer_event_source);
1448         return r;
1449 }
1450
1451 static void socket_enter_dead(Socket *s, SocketResult f) {
1452         assert(s);
1453
1454         if (f != SOCKET_SUCCESS)
1455                 s->result = f;
1456
1457         exec_runtime_destroy(s->exec_runtime);
1458         s->exec_runtime = exec_runtime_unref(s->exec_runtime);
1459
1460         exec_context_destroy_runtime_directory(&s->exec_context, manager_get_runtime_prefix(UNIT(s)->manager));
1461
1462         socket_set_state(s, s->result != SOCKET_SUCCESS ? SOCKET_FAILED : SOCKET_DEAD);
1463 }
1464
1465 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f);
1466
1467 static void socket_enter_stop_post(Socket *s, SocketResult f) {
1468         int r;
1469         assert(s);
1470
1471         if (f != SOCKET_SUCCESS)
1472                 s->result = f;
1473
1474         socket_unwatch_control_pid(s);
1475         s->control_command_id = SOCKET_EXEC_STOP_POST;
1476         s->control_command = s->exec_command[SOCKET_EXEC_STOP_POST];
1477
1478         if (s->control_command) {
1479                 r = socket_spawn(s, s->control_command, &s->control_pid);
1480                 if (r < 0)
1481                         goto fail;
1482
1483                 socket_set_state(s, SOCKET_STOP_POST);
1484         } else
1485                 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_SUCCESS);
1486
1487         return;
1488
1489 fail:
1490         log_warning_unit(UNIT(s)->id,
1491                          "%s failed to run 'stop-post' task: %s",
1492                          UNIT(s)->id, strerror(-r));
1493         socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1494 }
1495
1496 static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
1497         int r;
1498
1499         assert(s);
1500
1501         if (f != SOCKET_SUCCESS)
1502                 s->result = f;
1503
1504         r = unit_kill_context(
1505                         UNIT(s),
1506                         &s->kill_context,
1507                         state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM,
1508                         -1,
1509                         s->control_pid,
1510                         false);
1511         if (r < 0)
1512                 goto fail;
1513
1514         if (r > 0) {
1515                 r = socket_arm_timer(s);
1516                 if (r < 0)
1517                         goto fail;
1518
1519                 socket_set_state(s, state);
1520         } else if (state == SOCKET_STOP_PRE_SIGTERM)
1521                 socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_SUCCESS);
1522         else if (state == SOCKET_STOP_PRE_SIGKILL)
1523                 socket_enter_stop_post(s, SOCKET_SUCCESS);
1524         else if (state == SOCKET_FINAL_SIGTERM)
1525                 socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_SUCCESS);
1526         else
1527                 socket_enter_dead(s, SOCKET_SUCCESS);
1528
1529         return;
1530
1531 fail:
1532         log_warning_unit(UNIT(s)->id, "%s failed to kill processes: %s", UNIT(s)->id, strerror(-r));
1533
1534         if (state == SOCKET_STOP_PRE_SIGTERM || state == SOCKET_STOP_PRE_SIGKILL)
1535                 socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1536         else
1537                 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1538 }
1539
1540 static void socket_enter_stop_pre(Socket *s, SocketResult f) {
1541         int r;
1542         assert(s);
1543
1544         if (f != SOCKET_SUCCESS)
1545                 s->result = f;
1546
1547         socket_unwatch_control_pid(s);
1548         s->control_command_id = SOCKET_EXEC_STOP_PRE;
1549         s->control_command = s->exec_command[SOCKET_EXEC_STOP_PRE];
1550
1551         if (s->control_command) {
1552                 r = socket_spawn(s, s->control_command, &s->control_pid);
1553                 if (r < 0)
1554                         goto fail;
1555
1556                 socket_set_state(s, SOCKET_STOP_PRE);
1557         } else
1558                 socket_enter_stop_post(s, SOCKET_SUCCESS);
1559
1560         return;
1561
1562 fail:
1563         log_warning_unit(UNIT(s)->id, "%s failed to run 'stop-pre' task: %s", UNIT(s)->id, strerror(-r));
1564         socket_enter_stop_post(s, SOCKET_FAILURE_RESOURCES);
1565 }
1566
1567 static void socket_enter_listening(Socket *s) {
1568         int r;
1569         assert(s);
1570
1571         r = socket_watch_fds(s);
1572         if (r < 0) {
1573                 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1574                 goto fail;
1575         }
1576
1577         socket_set_state(s, SOCKET_LISTENING);
1578         return;
1579
1580 fail:
1581         socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1582 }
1583
1584 static void socket_enter_start_post(Socket *s) {
1585         int r;
1586         assert(s);
1587
1588         socket_unwatch_control_pid(s);
1589         s->control_command_id = SOCKET_EXEC_START_POST;
1590         s->control_command = s->exec_command[SOCKET_EXEC_START_POST];
1591
1592         if (s->control_command) {
1593                 r = socket_spawn(s, s->control_command, &s->control_pid);
1594                 if (r < 0) {
1595                         log_warning_unit(UNIT(s)->id, "%s failed to run 'start-post' task: %s", UNIT(s)->id, strerror(-r));
1596                         goto fail;
1597                 }
1598
1599                 socket_set_state(s, SOCKET_START_POST);
1600         } else
1601                 socket_enter_listening(s);
1602
1603         return;
1604
1605 fail:
1606         socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1607 }
1608
1609 static void socket_enter_start_chown(Socket *s) {
1610         int r;
1611
1612         assert(s);
1613
1614         r = socket_open_fds(s);
1615         if (r < 0) {
1616                 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1617                 goto fail;
1618         }
1619
1620         if (!isempty(s->user) || !isempty(s->group)) {
1621
1622                 socket_unwatch_control_pid(s);
1623                 s->control_command_id = SOCKET_EXEC_START_CHOWN;
1624                 s->control_command = NULL;
1625
1626                 r = socket_chown(s, &s->control_pid);
1627                 if (r < 0) {
1628                         log_warning_unit(UNIT(s)->id, "%s failed to fork 'start-chown' task: %s", UNIT(s)->id, strerror(-r));
1629                         goto fail;
1630                 }
1631
1632                 socket_set_state(s, SOCKET_START_CHOWN);
1633         } else
1634                 socket_enter_start_post(s);
1635
1636         return;
1637
1638 fail:
1639         socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1640 }
1641
1642 static void socket_enter_start_pre(Socket *s) {
1643         int r;
1644         assert(s);
1645
1646         socket_unwatch_control_pid(s);
1647         s->control_command_id = SOCKET_EXEC_START_PRE;
1648         s->control_command = s->exec_command[SOCKET_EXEC_START_PRE];
1649
1650         if (s->control_command) {
1651                 r = socket_spawn(s, s->control_command, &s->control_pid);
1652                 if (r < 0) {
1653                         log_warning_unit(UNIT(s)->id, "%s failed to run 'start-pre' task: %s", UNIT(s)->id, strerror(-r));
1654                         goto fail;
1655                 }
1656
1657                 socket_set_state(s, SOCKET_START_PRE);
1658         } else
1659                 socket_enter_start_chown(s);
1660
1661         return;
1662
1663 fail:
1664         socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1665 }
1666
1667 static void socket_enter_running(Socket *s, int cfd) {
1668         _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1669         int r;
1670
1671         assert(s);
1672
1673         /* We don't take connections anymore if we are supposed to
1674          * shut down anyway */
1675         if (unit_stop_pending(UNIT(s))) {
1676
1677                 log_debug_unit(UNIT(s)->id, "Suppressing connection request on %s since unit stop is scheduled.", UNIT(s)->id);
1678
1679                 if (cfd >= 0)
1680                         safe_close(cfd);
1681                 else  {
1682                         /* Flush all sockets by closing and reopening them */
1683                         socket_close_fds(s);
1684
1685                         r = socket_open_fds(s);
1686                         if (r < 0) {
1687                                 log_warning_unit(UNIT(s)->id, "%s failed to listen on sockets: %s", UNIT(s)->id, strerror(-r));
1688                                 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1689                                 return;
1690                         }
1691
1692                         r = socket_watch_fds(s);
1693                         if (r < 0) {
1694                                 log_warning_unit(UNIT(s)->id, "%s failed to watch sockets: %s", UNIT(s)->id, strerror(-r));
1695                                 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1696                         }
1697                 }
1698
1699                 return;
1700         }
1701
1702         if (cfd < 0) {
1703                 Iterator i;
1704                 Unit *other;
1705                 bool pending = false;
1706
1707                 /* If there's already a start pending don't bother to
1708                  * do anything */
1709                 SET_FOREACH(other, UNIT(s)->dependencies[UNIT_TRIGGERS], i)
1710                         if (unit_active_or_pending(other)) {
1711                                 pending = true;
1712                                 break;
1713                         }
1714
1715                 if (!pending) {
1716                         if (!UNIT_ISSET(s->service)) {
1717                                 log_error_unit(UNIT(s)->id, "%s: service to activate vanished, refusing activation.", UNIT(s)->id);
1718                                 r = -ENOENT;
1719                                 goto fail;
1720                         }
1721
1722                         r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT_DEREF(s->service), JOB_REPLACE, true, &error, NULL);
1723                         if (r < 0)
1724                                 goto fail;
1725                 }
1726
1727                 socket_set_state(s, SOCKET_RUNNING);
1728         } else {
1729                 _cleanup_free_ char *prefix = NULL, *instance = NULL, *name = NULL;
1730                 Service *service;
1731
1732                 if (s->n_connections >= s->max_connections) {
1733                         log_warning_unit(UNIT(s)->id, "%s: Too many incoming connections (%u)", UNIT(s)->id, s->n_connections);
1734                         safe_close(cfd);
1735                         return;
1736                 }
1737
1738                 r = socket_instantiate_service(s);
1739                 if (r < 0)
1740                         goto fail;
1741
1742                 r = instance_from_socket(cfd, s->n_accepted, &instance);
1743                 if (r < 0) {
1744                         if (r != -ENOTCONN)
1745                                 goto fail;
1746
1747                         /* ENOTCONN is legitimate if TCP RST was received.
1748                          * This connection is over, but the socket unit lives on. */
1749                         safe_close(cfd);
1750                         return;
1751                 }
1752
1753                 prefix = unit_name_to_prefix(UNIT(s)->id);
1754                 if (!prefix) {
1755                         r = -ENOMEM;
1756                         goto fail;
1757                 }
1758
1759                 name = unit_name_build(prefix, instance, ".service");
1760                 if (!name) {
1761                         r = -ENOMEM;
1762                         goto fail;
1763                 }
1764
1765                 r = unit_add_name(UNIT_DEREF(s->service), name);
1766                 if (r < 0)
1767                         goto fail;
1768
1769                 service = SERVICE(UNIT_DEREF(s->service));
1770                 unit_ref_unset(&s->service);
1771                 s->n_accepted ++;
1772
1773                 UNIT(service)->no_gc = false;
1774
1775                 unit_choose_id(UNIT(service), name);
1776
1777                 r = service_set_socket_fd(service, cfd, s);
1778                 if (r < 0)
1779                         goto fail;
1780
1781                 cfd = -1;
1782                 s->n_connections ++;
1783
1784                 r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL);
1785                 if (r < 0)
1786                         goto fail;
1787
1788                 /* Notify clients about changed counters */
1789                 unit_add_to_dbus_queue(UNIT(s));
1790         }
1791
1792         return;
1793
1794 fail:
1795         log_warning_unit(UNIT(s)->id, "%s failed to queue service startup job (Maybe the service file is missing or not a %s unit?): %s",
1796                          UNIT(s)->id, cfd >= 0 ? "template" : "non-template",
1797                          bus_error_message(&error, r));
1798
1799         socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1800         safe_close(cfd);
1801 }
1802
1803 static void socket_run_next(Socket *s) {
1804         int r;
1805
1806         assert(s);
1807         assert(s->control_command);
1808         assert(s->control_command->command_next);
1809
1810         socket_unwatch_control_pid(s);
1811
1812         s->control_command = s->control_command->command_next;
1813
1814         r = socket_spawn(s, s->control_command, &s->control_pid);
1815         if (r < 0)
1816                 goto fail;
1817
1818         return;
1819
1820 fail:
1821         log_warning_unit(UNIT(s)->id, "%s failed to run next task: %s", UNIT(s)->id, strerror(-r));
1822
1823         if (s->state == SOCKET_START_POST)
1824                 socket_enter_stop_pre(s, SOCKET_FAILURE_RESOURCES);
1825         else if (s->state == SOCKET_STOP_POST)
1826                 socket_enter_dead(s, SOCKET_FAILURE_RESOURCES);
1827         else
1828                 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_RESOURCES);
1829 }
1830
1831 static int socket_start(Unit *u) {
1832         Socket *s = SOCKET(u);
1833
1834         assert(s);
1835
1836         /* We cannot fulfill this request right now, try again later
1837          * please! */
1838         if (IN_SET(s->state,
1839                    SOCKET_STOP_PRE,
1840                    SOCKET_STOP_PRE_SIGKILL,
1841                    SOCKET_STOP_PRE_SIGTERM,
1842                    SOCKET_STOP_POST,
1843                    SOCKET_FINAL_SIGTERM,
1844                    SOCKET_FINAL_SIGKILL))
1845                 return -EAGAIN;
1846
1847         /* Already on it! */
1848         if (IN_SET(s->state,
1849                    SOCKET_START_PRE,
1850                    SOCKET_START_CHOWN,
1851                    SOCKET_START_POST))
1852                 return 0;
1853
1854         /* Cannot run this without the service being around */
1855         if (UNIT_ISSET(s->service)) {
1856                 Service *service;
1857
1858                 service = SERVICE(UNIT_DEREF(s->service));
1859
1860                 if (UNIT(service)->load_state != UNIT_LOADED) {
1861                         log_error_unit(u->id, "Socket service %s not loaded, refusing.", UNIT(service)->id);
1862                         return -ENOENT;
1863                 }
1864
1865                 /* If the service is already active we cannot start the
1866                  * socket */
1867                 if (service->state != SERVICE_DEAD &&
1868                     service->state != SERVICE_FAILED &&
1869                     service->state != SERVICE_AUTO_RESTART) {
1870                         log_error_unit(u->id, "Socket service %s already active, refusing.", UNIT(service)->id);
1871                         return -EBUSY;
1872                 }
1873
1874 #ifdef HAVE_SYSV_COMPAT
1875                 if (service->is_sysv) {
1876                         log_error_unit(u->id, "Using SysV services for socket activation is not supported. Refusing.");
1877                         return -ENOENT;
1878                 }
1879 #endif
1880         }
1881
1882         assert(s->state == SOCKET_DEAD || s->state == SOCKET_FAILED);
1883
1884         s->result = SOCKET_SUCCESS;
1885         socket_enter_start_pre(s);
1886
1887         return 0;
1888 }
1889
1890 static int socket_stop(Unit *u) {
1891         Socket *s = SOCKET(u);
1892
1893         assert(s);
1894
1895         /* Already on it */
1896         if (IN_SET(s->state,
1897                    SOCKET_STOP_PRE,
1898                    SOCKET_STOP_PRE_SIGTERM,
1899                    SOCKET_STOP_PRE_SIGKILL,
1900                    SOCKET_STOP_POST,
1901                    SOCKET_FINAL_SIGTERM,
1902                    SOCKET_FINAL_SIGKILL))
1903                 return 0;
1904
1905         /* If there's already something running we go directly into
1906          * kill mode. */
1907         if (IN_SET(s->state,
1908                    SOCKET_START_PRE,
1909                    SOCKET_START_CHOWN,
1910                    SOCKET_START_POST)) {
1911                 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_SUCCESS);
1912                 return -EAGAIN;
1913         }
1914
1915         assert(s->state == SOCKET_LISTENING || s->state == SOCKET_RUNNING);
1916
1917         socket_enter_stop_pre(s, SOCKET_SUCCESS);
1918         return 0;
1919 }
1920
1921 static int socket_serialize(Unit *u, FILE *f, FDSet *fds) {
1922         Socket *s = SOCKET(u);
1923         SocketPort *p;
1924         int r;
1925
1926         assert(u);
1927         assert(f);
1928         assert(fds);
1929
1930         unit_serialize_item(u, f, "state", socket_state_to_string(s->state));
1931         unit_serialize_item(u, f, "result", socket_result_to_string(s->result));
1932         unit_serialize_item_format(u, f, "n-accepted", "%u", s->n_accepted);
1933
1934         if (s->control_pid > 0)
1935                 unit_serialize_item_format(u, f, "control-pid", PID_FMT, s->control_pid);
1936
1937         if (s->control_command_id >= 0)
1938                 unit_serialize_item(u, f, "control-command", socket_exec_command_to_string(s->control_command_id));
1939
1940         LIST_FOREACH(port, p, s->ports) {
1941                 int copy;
1942
1943                 if (p->fd < 0)
1944                         continue;
1945
1946                 copy = fdset_put_dup(fds, p->fd);
1947                 if (copy < 0)
1948                         return copy;
1949
1950                 if (p->type == SOCKET_SOCKET) {
1951                         _cleanup_free_ char *t = NULL;
1952
1953                         r = socket_address_print(&p->address, &t);
1954                         if (r < 0)
1955                                 return r;
1956
1957                         if (socket_address_family(&p->address) == AF_NETLINK)
1958                                 unit_serialize_item_format(u, f, "netlink", "%i %s", copy, t);
1959                         else
1960                                 unit_serialize_item_format(u, f, "socket", "%i %i %s", copy, p->address.type, t);
1961
1962                 } else if (p->type == SOCKET_SPECIAL)
1963                         unit_serialize_item_format(u, f, "special", "%i %s", copy, p->path);
1964                 else if (p->type == SOCKET_MQUEUE)
1965                         unit_serialize_item_format(u, f, "mqueue", "%i %s", copy, p->path);
1966                 else {
1967                         assert(p->type == SOCKET_FIFO);
1968                         unit_serialize_item_format(u, f, "fifo", "%i %s", copy, p->path);
1969                 }
1970         }
1971
1972         return 0;
1973 }
1974
1975 static int socket_deserialize_item(Unit *u, const char *key, const char *value, FDSet *fds) {
1976         Socket *s = SOCKET(u);
1977
1978         assert(u);
1979         assert(key);
1980         assert(value);
1981
1982         if (streq(key, "state")) {
1983                 SocketState state;
1984
1985                 state = socket_state_from_string(value);
1986                 if (state < 0)
1987                         log_debug_unit(u->id, "Failed to parse state value %s", value);
1988                 else
1989                         s->deserialized_state = state;
1990         } else if (streq(key, "result")) {
1991                 SocketResult f;
1992
1993                 f = socket_result_from_string(value);
1994                 if (f < 0)
1995                         log_debug_unit(u->id, "Failed to parse result value %s", value);
1996                 else if (f != SOCKET_SUCCESS)
1997                         s->result = f;
1998
1999         } else if (streq(key, "n-accepted")) {
2000                 unsigned k;
2001
2002                 if (safe_atou(value, &k) < 0)
2003                         log_debug_unit(u->id, "Failed to parse n-accepted value %s", value);
2004                 else
2005                         s->n_accepted += k;
2006         } else if (streq(key, "control-pid")) {
2007                 pid_t pid;
2008
2009                 if (parse_pid(value, &pid) < 0)
2010                         log_debug_unit(u->id, "Failed to parse control-pid value %s", value);
2011                 else
2012                         s->control_pid = pid;
2013         } else if (streq(key, "control-command")) {
2014                 SocketExecCommand id;
2015
2016                 id = socket_exec_command_from_string(value);
2017                 if (id < 0)
2018                         log_debug_unit(u->id, "Failed to parse exec-command value %s", value);
2019                 else {
2020                         s->control_command_id = id;
2021                         s->control_command = s->exec_command[id];
2022                 }
2023         } else if (streq(key, "fifo")) {
2024                 int fd, skip = 0;
2025                 SocketPort *p;
2026
2027                 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2028                         log_debug_unit(u->id, "Failed to parse fifo value %s", value);
2029                 else {
2030
2031                         LIST_FOREACH(port, p, s->ports)
2032                                 if (p->type == SOCKET_FIFO &&
2033                                     streq_ptr(p->path, value+skip))
2034                                         break;
2035
2036                         if (p) {
2037                                 safe_close(p->fd);
2038                                 p->fd = fdset_remove(fds, fd);
2039                         }
2040                 }
2041
2042         } else if (streq(key, "special")) {
2043                 int fd, skip = 0;
2044                 SocketPort *p;
2045
2046                 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2047                         log_debug_unit(u->id, "Failed to parse special value %s", value);
2048                 else {
2049
2050                         LIST_FOREACH(port, p, s->ports)
2051                                 if (p->type == SOCKET_SPECIAL &&
2052                                     streq_ptr(p->path, value+skip))
2053                                         break;
2054
2055                         if (p) {
2056                                 safe_close(p->fd);
2057                                 p->fd = fdset_remove(fds, fd);
2058                         }
2059                 }
2060
2061         } else if (streq(key, "mqueue")) {
2062                 int fd, skip = 0;
2063                 SocketPort *p;
2064
2065                 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2066                         log_debug_unit(u->id, "Failed to parse mqueue value %s", value);
2067                 else {
2068
2069                         LIST_FOREACH(port, p, s->ports)
2070                                 if (p->type == SOCKET_MQUEUE &&
2071                                     streq_ptr(p->path, value+skip))
2072                                         break;
2073
2074                         if (p) {
2075                                 safe_close(p->fd);
2076                                 p->fd = fdset_remove(fds, fd);
2077                         }
2078                 }
2079
2080         } else if (streq(key, "socket")) {
2081                 int fd, type, skip = 0;
2082                 SocketPort *p;
2083
2084                 if (sscanf(value, "%i %i %n", &fd, &type, &skip) < 2 || fd < 0 || type < 0 || !fdset_contains(fds, fd))
2085                         log_debug_unit(u->id, "Failed to parse socket value %s", value);
2086                 else {
2087
2088                         LIST_FOREACH(port, p, s->ports)
2089                                 if (socket_address_is(&p->address, value+skip, type))
2090                                         break;
2091
2092                         if (p) {
2093                                 safe_close(p->fd);
2094                                 p->fd = fdset_remove(fds, fd);
2095                         }
2096                 }
2097
2098         } else if (streq(key, "netlink")) {
2099                 int fd, skip = 0;
2100                 SocketPort *p;
2101
2102                 if (sscanf(value, "%i %n", &fd, &skip) < 1 || fd < 0 || !fdset_contains(fds, fd))
2103                         log_debug_unit(u->id, "Failed to parse socket value %s", value);
2104                 else {
2105
2106                         LIST_FOREACH(port, p, s->ports)
2107                                 if (socket_address_is_netlink(&p->address, value+skip))
2108                                         break;
2109
2110                         if (p) {
2111                                 safe_close(p->fd);
2112                                 p->fd = fdset_remove(fds, fd);
2113                         }
2114                 }
2115         } else
2116                 log_debug_unit(UNIT(s)->id, "Unknown serialization key '%s'", key);
2117
2118         return 0;
2119 }
2120
2121 static int socket_distribute_fds(Unit *u, FDSet *fds) {
2122         Socket *s = SOCKET(u);
2123         SocketPort *p;
2124
2125         assert(u);
2126
2127         LIST_FOREACH(port, p, s->ports) {
2128                 Iterator i;
2129                 int fd;
2130
2131                 if (p->type != SOCKET_SOCKET)
2132                         continue;
2133
2134                 if (p->fd >= 0)
2135                         continue;
2136
2137                 FDSET_FOREACH(fd, fds, i) {
2138                         if (socket_address_matches_fd(&p->address, fd)) {
2139                                 p->fd = fdset_remove(fds, fd);
2140                                 s->deserialized_state = SOCKET_LISTENING;
2141                                 break;
2142                         }
2143                 }
2144         }
2145
2146         return 0;
2147 }
2148
2149 _pure_ static UnitActiveState socket_active_state(Unit *u) {
2150         assert(u);
2151
2152         return state_translation_table[SOCKET(u)->state];
2153 }
2154
2155 _pure_ static const char *socket_sub_state_to_string(Unit *u) {
2156         assert(u);
2157
2158         return socket_state_to_string(SOCKET(u)->state);
2159 }
2160
2161 const char* socket_port_type_to_string(SocketPort *p) {
2162
2163         assert(p);
2164
2165         switch (p->type) {
2166
2167         case SOCKET_SOCKET:
2168
2169                 switch (p->address.type) {
2170
2171                 case SOCK_STREAM:
2172                         return "Stream";
2173
2174                 case SOCK_DGRAM:
2175                         return "Datagram";
2176
2177                 case SOCK_SEQPACKET:
2178                         return "SequentialPacket";
2179
2180                 case SOCK_RAW:
2181                         if (socket_address_family(&p->address) == AF_NETLINK)
2182                                 return "Netlink";
2183
2184                 default:
2185                         return NULL;
2186                 }
2187
2188         case SOCKET_SPECIAL:
2189                 return "Special";
2190
2191         case SOCKET_MQUEUE:
2192                 return "MessageQueue";
2193
2194         case SOCKET_FIFO:
2195                 return "FIFO";
2196
2197         default:
2198                 return NULL;
2199         }
2200 }
2201
2202 _pure_ static bool socket_check_gc(Unit *u) {
2203         Socket *s = SOCKET(u);
2204
2205         assert(u);
2206
2207         return s->n_connections > 0;
2208 }
2209
2210 static int socket_dispatch_io(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
2211         SocketPort *p = userdata;
2212         int cfd = -1;
2213
2214         assert(p);
2215         assert(fd >= 0);
2216
2217         if (p->socket->state != SOCKET_LISTENING)
2218                 return 0;
2219
2220         log_debug_unit(UNIT(p->socket)->id, "Incoming traffic on %s", UNIT(p->socket)->id);
2221
2222         if (revents != EPOLLIN) {
2223
2224                 if (revents & EPOLLHUP)
2225                         log_error_unit(UNIT(p->socket)->id, "%s: Got POLLHUP on a listening socket. The service probably invoked shutdown() on it, and should better not do that.",
2226                                        UNIT(p->socket)->id);
2227                 else
2228                         log_error_unit(UNIT(p->socket)->id, "%s: Got unexpected poll event (0x%x) on socket.",
2229                                        UNIT(p->socket)->id, revents);
2230
2231                 goto fail;
2232         }
2233
2234         if (p->socket->accept &&
2235             p->type == SOCKET_SOCKET &&
2236             socket_address_can_accept(&p->address)) {
2237
2238                 for (;;) {
2239
2240                         cfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK);
2241                         if (cfd < 0) {
2242
2243                                 if (errno == EINTR)
2244                                         continue;
2245
2246                                 log_error_unit(UNIT(p->socket)->id,
2247                                                "Failed to accept socket: %m");
2248                                 goto fail;
2249                         }
2250
2251                         break;
2252                 }
2253
2254                 socket_apply_socket_options(p->socket, cfd);
2255         }
2256
2257         socket_enter_running(p->socket, cfd);
2258         return 0;
2259
2260 fail:
2261         socket_enter_stop_pre(p->socket, SOCKET_FAILURE_RESOURCES);
2262         return 0;
2263 }
2264
2265 static void socket_sigchld_event(Unit *u, pid_t pid, int code, int status) {
2266         Socket *s = SOCKET(u);
2267         SocketResult f;
2268
2269         assert(s);
2270         assert(pid >= 0);
2271
2272         if (pid != s->control_pid)
2273                 return;
2274
2275         s->control_pid = 0;
2276
2277         if (is_clean_exit(code, status, NULL))
2278                 f = SOCKET_SUCCESS;
2279         else if (code == CLD_EXITED)
2280                 f = SOCKET_FAILURE_EXIT_CODE;
2281         else if (code == CLD_KILLED)
2282                 f = SOCKET_FAILURE_SIGNAL;
2283         else if (code == CLD_DUMPED)
2284                 f = SOCKET_FAILURE_CORE_DUMP;
2285         else
2286                 assert_not_reached("Unknown sigchld code");
2287
2288         if (s->control_command) {
2289                 exec_status_exit(&s->control_command->exec_status, &s->exec_context, pid, code, status);
2290
2291                 if (s->control_command->ignore)
2292                         f = SOCKET_SUCCESS;
2293         }
2294
2295         log_full_unit(f == SOCKET_SUCCESS ? LOG_DEBUG : LOG_NOTICE,
2296                       u->id,
2297                       "%s control process exited, code=%s status=%i",
2298                       u->id, sigchld_code_to_string(code), status);
2299
2300         if (f != SOCKET_SUCCESS)
2301                 s->result = f;
2302
2303         if (s->control_command &&
2304             s->control_command->command_next &&
2305             f == SOCKET_SUCCESS) {
2306
2307                 log_debug_unit(u->id,
2308                                "%s running next command for state %s",
2309                                u->id, socket_state_to_string(s->state));
2310                 socket_run_next(s);
2311         } else {
2312                 s->control_command = NULL;
2313                 s->control_command_id = _SOCKET_EXEC_COMMAND_INVALID;
2314
2315                 /* No further commands for this step, so let's figure
2316                  * out what to do next */
2317
2318                 log_debug_unit(u->id,
2319                                "%s got final SIGCHLD for state %s",
2320                                u->id, socket_state_to_string(s->state));
2321
2322                 switch (s->state) {
2323
2324                 case SOCKET_START_PRE:
2325                         if (f == SOCKET_SUCCESS)
2326                                 socket_enter_start_chown(s);
2327                         else
2328                                 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, f);
2329                         break;
2330
2331                 case SOCKET_START_CHOWN:
2332                         if (f == SOCKET_SUCCESS)
2333                                 socket_enter_start_post(s);
2334                         else
2335                                 socket_enter_stop_pre(s, f);
2336                         break;
2337
2338                 case SOCKET_START_POST:
2339                         if (f == SOCKET_SUCCESS)
2340                                 socket_enter_listening(s);
2341                         else
2342                                 socket_enter_stop_pre(s, f);
2343                         break;
2344
2345                 case SOCKET_STOP_PRE:
2346                 case SOCKET_STOP_PRE_SIGTERM:
2347                 case SOCKET_STOP_PRE_SIGKILL:
2348                         socket_enter_stop_post(s, f);
2349                         break;
2350
2351                 case SOCKET_STOP_POST:
2352                 case SOCKET_FINAL_SIGTERM:
2353                 case SOCKET_FINAL_SIGKILL:
2354                         socket_enter_dead(s, f);
2355                         break;
2356
2357                 default:
2358                         assert_not_reached("Uh, control process died at wrong time.");
2359                 }
2360         }
2361
2362         /* Notify clients about changed exit status */
2363         unit_add_to_dbus_queue(u);
2364 }
2365
2366 static int socket_dispatch_timer(sd_event_source *source, usec_t usec, void *userdata) {
2367         Socket *s = SOCKET(userdata);
2368
2369         assert(s);
2370         assert(s->timer_event_source == source);
2371
2372         switch (s->state) {
2373
2374         case SOCKET_START_PRE:
2375                 log_warning_unit(UNIT(s)->id, "%s starting timed out. Terminating.", UNIT(s)->id);
2376                 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2377                 break;
2378
2379         case SOCKET_START_CHOWN:
2380         case SOCKET_START_POST:
2381                 log_warning_unit(UNIT(s)->id, "%s starting timed out. Stopping.", UNIT(s)->id);
2382                 socket_enter_stop_pre(s, SOCKET_FAILURE_TIMEOUT);
2383                 break;
2384
2385         case SOCKET_STOP_PRE:
2386                 log_warning_unit(UNIT(s)->id, "%s stopping timed out. Terminating.", UNIT(s)->id);
2387                 socket_enter_signal(s, SOCKET_STOP_PRE_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2388                 break;
2389
2390         case SOCKET_STOP_PRE_SIGTERM:
2391                 if (s->kill_context.send_sigkill) {
2392                         log_warning_unit(UNIT(s)->id, "%s stopping timed out. Killing.", UNIT(s)->id);
2393                         socket_enter_signal(s, SOCKET_STOP_PRE_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2394                 } else {
2395                         log_warning_unit(UNIT(s)->id, "%s stopping timed out. Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2396                         socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2397                 }
2398                 break;
2399
2400         case SOCKET_STOP_PRE_SIGKILL:
2401                 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL. Ignoring.", UNIT(s)->id);
2402                 socket_enter_stop_post(s, SOCKET_FAILURE_TIMEOUT);
2403                 break;
2404
2405         case SOCKET_STOP_POST:
2406                 log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Terminating.", UNIT(s)->id);
2407                 socket_enter_signal(s, SOCKET_FINAL_SIGTERM, SOCKET_FAILURE_TIMEOUT);
2408                 break;
2409
2410         case SOCKET_FINAL_SIGTERM:
2411                 if (s->kill_context.send_sigkill) {
2412                         log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Killing.", UNIT(s)->id);
2413                         socket_enter_signal(s, SOCKET_FINAL_SIGKILL, SOCKET_FAILURE_TIMEOUT);
2414                 } else {
2415                         log_warning_unit(UNIT(s)->id, "%s stopping timed out (2). Skipping SIGKILL. Ignoring.", UNIT(s)->id);
2416                         socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2417                 }
2418                 break;
2419
2420         case SOCKET_FINAL_SIGKILL:
2421                 log_warning_unit(UNIT(s)->id, "%s still around after SIGKILL (2). Entering failed mode.", UNIT(s)->id);
2422                 socket_enter_dead(s, SOCKET_FAILURE_TIMEOUT);
2423                 break;
2424
2425         default:
2426                 assert_not_reached("Timeout at wrong time.");
2427         }
2428
2429         return 0;
2430 }
2431
2432 int socket_collect_fds(Socket *s, int **fds, unsigned *n_fds) {
2433         int *rfds;
2434         unsigned rn_fds, k;
2435         SocketPort *p;
2436
2437         assert(s);
2438         assert(fds);
2439         assert(n_fds);
2440
2441         /* Called from the service code for requesting our fds */
2442
2443         rn_fds = 0;
2444         LIST_FOREACH(port, p, s->ports)
2445                 if (p->fd >= 0)
2446                         rn_fds++;
2447
2448         if (rn_fds <= 0) {
2449                 *fds = NULL;
2450                 *n_fds = 0;
2451                 return 0;
2452         }
2453
2454         if (!(rfds = new(int, rn_fds)))
2455                 return -ENOMEM;
2456
2457         k = 0;
2458         LIST_FOREACH(port, p, s->ports)
2459                 if (p->fd >= 0)
2460                         rfds[k++] = p->fd;
2461
2462         assert(k == rn_fds);
2463
2464         *fds = rfds;
2465         *n_fds = rn_fds;
2466
2467         return 0;
2468 }
2469
2470 static void socket_reset_failed(Unit *u) {
2471         Socket *s = SOCKET(u);
2472
2473         assert(s);
2474
2475         if (s->state == SOCKET_FAILED)
2476                 socket_set_state(s, SOCKET_DEAD);
2477
2478         s->result = SOCKET_SUCCESS;
2479 }
2480
2481 static void socket_notify_service_dead(Socket *s, bool failed_permanent) {
2482         assert(s);
2483
2484         /* The service is dead. Dang!
2485          *
2486          * This is strictly for one-instance-for-all-connections
2487          * services. */
2488
2489         if (s->state == SOCKET_RUNNING) {
2490                 log_debug_unit(UNIT(s)->id, "%s got notified about service death (failed permanently: %s)", UNIT(s)->id, yes_no(failed_permanent));
2491                 if (failed_permanent)
2492                         socket_enter_stop_pre(s, SOCKET_FAILURE_SERVICE_FAILED_PERMANENT);
2493                 else
2494                         socket_enter_listening(s);
2495         }
2496 }
2497
2498 void socket_connection_unref(Socket *s) {
2499         assert(s);
2500
2501         /* The service is dead. Yay!
2502          *
2503          * This is strictly for one-instance-per-connection
2504          * services. */
2505
2506         assert(s->n_connections > 0);
2507         s->n_connections--;
2508
2509         log_debug_unit(UNIT(s)->id, "%s: One connection closed, %u left.", UNIT(s)->id, s->n_connections);
2510 }
2511
2512 static void socket_trigger_notify(Unit *u, Unit *other) {
2513         Socket *s = SOCKET(u);
2514         Service *se;
2515
2516         assert(u);
2517         assert(other);
2518
2519         /* Don't propagate state changes from the service if we are
2520            already down or accepting connections */
2521         if ((s->state !=  SOCKET_RUNNING &&
2522             s->state != SOCKET_LISTENING) ||
2523             s->accept)
2524                 return;
2525
2526         if (other->load_state != UNIT_LOADED ||
2527             other->type != UNIT_SERVICE)
2528                 return;
2529
2530         se = SERVICE(other);
2531
2532         if (se->state == SERVICE_FAILED)
2533                 socket_notify_service_dead(s, se->result == SERVICE_FAILURE_START_LIMIT);
2534
2535         if (se->state == SERVICE_DEAD ||
2536             se->state == SERVICE_STOP ||
2537             se->state == SERVICE_STOP_SIGTERM ||
2538             se->state == SERVICE_STOP_SIGKILL ||
2539             se->state == SERVICE_STOP_POST ||
2540             se->state == SERVICE_FINAL_SIGTERM ||
2541             se->state == SERVICE_FINAL_SIGKILL ||
2542             se->state == SERVICE_AUTO_RESTART)
2543                 socket_notify_service_dead(s, false);
2544
2545         if (se->state == SERVICE_RUNNING)
2546                 socket_set_state(s, SOCKET_RUNNING);
2547 }
2548
2549 static int socket_kill(Unit *u, KillWho who, int signo, sd_bus_error *error) {
2550         return unit_kill_common(u, who, signo, -1, SOCKET(u)->control_pid, error);
2551 }
2552
2553 static int socket_get_timeout(Unit *u, uint64_t *timeout) {
2554         Socket *s = SOCKET(u);
2555         int r;
2556
2557         if (!s->timer_event_source)
2558                 return 0;
2559
2560         r = sd_event_source_get_time(s->timer_event_source, timeout);
2561         if (r < 0)
2562                 return r;
2563
2564         return 1;
2565 }
2566
2567 static const char* const socket_state_table[_SOCKET_STATE_MAX] = {
2568         [SOCKET_DEAD] = "dead",
2569         [SOCKET_START_PRE] = "start-pre",
2570         [SOCKET_START_CHOWN] = "start-chown",
2571         [SOCKET_START_POST] = "start-post",
2572         [SOCKET_LISTENING] = "listening",
2573         [SOCKET_RUNNING] = "running",
2574         [SOCKET_STOP_PRE] = "stop-pre",
2575         [SOCKET_STOP_PRE_SIGTERM] = "stop-pre-sigterm",
2576         [SOCKET_STOP_PRE_SIGKILL] = "stop-pre-sigkill",
2577         [SOCKET_STOP_POST] = "stop-post",
2578         [SOCKET_FINAL_SIGTERM] = "final-sigterm",
2579         [SOCKET_FINAL_SIGKILL] = "final-sigkill",
2580         [SOCKET_FAILED] = "failed"
2581 };
2582
2583 DEFINE_STRING_TABLE_LOOKUP(socket_state, SocketState);
2584
2585 static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
2586         [SOCKET_EXEC_START_PRE] = "StartPre",
2587         [SOCKET_EXEC_START_CHOWN] = "StartChown",
2588         [SOCKET_EXEC_START_POST] = "StartPost",
2589         [SOCKET_EXEC_STOP_PRE] = "StopPre",
2590         [SOCKET_EXEC_STOP_POST] = "StopPost"
2591 };
2592
2593 DEFINE_STRING_TABLE_LOOKUP(socket_exec_command, SocketExecCommand);
2594
2595 static const char* const socket_result_table[_SOCKET_RESULT_MAX] = {
2596         [SOCKET_SUCCESS] = "success",
2597         [SOCKET_FAILURE_RESOURCES] = "resources",
2598         [SOCKET_FAILURE_TIMEOUT] = "timeout",
2599         [SOCKET_FAILURE_EXIT_CODE] = "exit-code",
2600         [SOCKET_FAILURE_SIGNAL] = "signal",
2601         [SOCKET_FAILURE_CORE_DUMP] = "core-dump",
2602         [SOCKET_FAILURE_SERVICE_FAILED_PERMANENT] = "service-failed-permanent"
2603 };
2604
2605 DEFINE_STRING_TABLE_LOOKUP(socket_result, SocketResult);
2606
2607 const UnitVTable socket_vtable = {
2608         .object_size = sizeof(Socket),
2609         .exec_context_offset = offsetof(Socket, exec_context),
2610         .cgroup_context_offset = offsetof(Socket, cgroup_context),
2611         .kill_context_offset = offsetof(Socket, kill_context),
2612         .exec_runtime_offset = offsetof(Socket, exec_runtime),
2613
2614         .sections =
2615                 "Unit\0"
2616                 "Socket\0"
2617                 "Install\0",
2618         .private_section = "Socket",
2619
2620         .init = socket_init,
2621         .done = socket_done,
2622         .load = socket_load,
2623
2624         .coldplug = socket_coldplug,
2625
2626         .dump = socket_dump,
2627
2628         .start = socket_start,
2629         .stop = socket_stop,
2630
2631         .kill = socket_kill,
2632
2633         .get_timeout = socket_get_timeout,
2634
2635         .serialize = socket_serialize,
2636         .deserialize_item = socket_deserialize_item,
2637         .distribute_fds = socket_distribute_fds,
2638
2639         .active_state = socket_active_state,
2640         .sub_state_to_string = socket_sub_state_to_string,
2641
2642         .check_gc = socket_check_gc,
2643
2644         .sigchld_event = socket_sigchld_event,
2645
2646         .trigger_notify = socket_trigger_notify,
2647
2648         .reset_failed = socket_reset_failed,
2649
2650         .bus_interface = "org.freedesktop.systemd1.Socket",
2651         .bus_vtable = bus_socket_vtable,
2652         .bus_set_property = bus_socket_set_property,
2653         .bus_commit_properties = bus_socket_commit_properties,
2654
2655         .status_message_formats = {
2656                 /*.starting_stopping = {
2657                         [0] = "Starting socket %s...",
2658                         [1] = "Stopping socket %s...",
2659                 },*/
2660                 .finished_start_job = {
2661                         [JOB_DONE]       = "Listening on %s.",
2662                         [JOB_FAILED]     = "Failed to listen on %s.",
2663                         [JOB_DEPENDENCY] = "Dependency failed for %s.",
2664                         [JOB_TIMEOUT]    = "Timed out starting %s.",
2665                 },
2666                 .finished_stop_job = {
2667                         [JOB_DONE]       = "Closed %s.",
2668                         [JOB_FAILED]     = "Failed stopping %s.",
2669                         [JOB_TIMEOUT]    = "Timed out stopping %s.",
2670                 },
2671         },
2672 };
Unnamed repository; edit this file 'description' to name the repository.