]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/libsystemd/sd-bus/bus-socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
include <poll.h> instead of <sys/poll.h>
[thirdparty/systemd.git] / src / libsystemd / sd-bus / bus-socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2013 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <endian.h>
23 #include <assert.h>
24 #include <stdlib.h>
25 #include <unistd.h>
26 #include <poll.h>
27 #include <byteswap.h>
28
29 #include "util.h"
30 #include "macro.h"
31 #include "missing.h"
32 #include "strv.h"
33 #include "utf8.h"
34 #include "sd-daemon.h"
35
36 #include "sd-bus.h"
37 #include "bus-socket.h"
38 #include "bus-internal.h"
39 #include "bus-message.h"
40
41 #define SNDBUF_SIZE (8*1024*1024)
42
43 static void iovec_advance(struct iovec iov[], unsigned *idx, size_t size) {
44
45 while (size > 0) {
46 struct iovec *i = iov + *idx;
47
48 if (i->iov_len > size) {
49 i->iov_base = (uint8_t*) i->iov_base + size;
50 i->iov_len -= size;
51 return;
52 }
53
54 size -= i->iov_len;
55
56 i->iov_base = NULL;
57 i->iov_len = 0;
58
59 (*idx) ++;
60 }
61 }
62
63 static int append_iovec(sd_bus_message *m, const void *p, size_t sz) {
64 assert(m);
65 assert(p);
66 assert(sz > 0);
67
68 m->iovec[m->n_iovec].iov_base = (void*) p;
69 m->iovec[m->n_iovec].iov_len = sz;
70 m->n_iovec++;
71
72 return 0;
73 }
74
75 static int bus_message_setup_iovec(sd_bus_message *m) {
76 struct bus_body_part *part;
77 unsigned n, i;
78 int r;
79
80 assert(m);
81 assert(m->sealed);
82
83 if (m->n_iovec > 0)
84 return 0;
85
86 assert(!m->iovec);
87
88 n = 1 + m->n_body_parts;
89 if (n < ELEMENTSOF(m->iovec_fixed))
90 m->iovec = m->iovec_fixed;
91 else {
92 m->iovec = new(struct iovec, n);
93 if (!m->iovec) {
94 r = -ENOMEM;
95 goto fail;
96 }
97 }
98
99 r = append_iovec(m, m->header, BUS_MESSAGE_BODY_BEGIN(m));
100 if (r < 0)
101 goto fail;
102
103 MESSAGE_FOREACH_PART(part, i, m) {
104 r = bus_body_part_map(part);
105 if (r < 0)
106 goto fail;
107
108 r = append_iovec(m, part->data, part->size);
109 if (r < 0)
110 goto fail;
111 }
112
113 assert(n == m->n_iovec);
114
115 return 0;
116
117 fail:
118 m->poisoned = true;
119 return r;
120 }
121
122 bool bus_socket_auth_needs_write(sd_bus *b) {
123
124 unsigned i;
125
126 if (b->auth_index >= ELEMENTSOF(b->auth_iovec))
127 return false;
128
129 for (i = b->auth_index; i < ELEMENTSOF(b->auth_iovec); i++) {
130 struct iovec *j = b->auth_iovec + i;
131
132 if (j->iov_len > 0)
133 return true;
134 }
135
136 return false;
137 }
138
139 static int bus_socket_write_auth(sd_bus *b) {
140 ssize_t k;
141
142 assert(b);
143 assert(b->state == BUS_AUTHENTICATING);
144
145 if (!bus_socket_auth_needs_write(b))
146 return 0;
147
148 if (b->prefer_writev)
149 k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
150 else {
151 struct msghdr mh;
152 zero(mh);
153
154 mh.msg_iov = b->auth_iovec + b->auth_index;
155 mh.msg_iovlen = ELEMENTSOF(b->auth_iovec) - b->auth_index;
156
157 k = sendmsg(b->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
158 if (k < 0 && errno == ENOTSOCK) {
159 b->prefer_writev = true;
160 k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
161 }
162 }
163
164 if (k < 0)
165 return errno == EAGAIN ? 0 : -errno;
166
167 iovec_advance(b->auth_iovec, &b->auth_index, (size_t) k);
168 return 1;
169 }
170
171 static int bus_socket_auth_verify_client(sd_bus *b) {
172 char *e, *f, *start;
173 sd_id128_t peer;
174 unsigned i;
175 int r;
176
177 assert(b);
178
179 /* We expect two response lines: "OK" and possibly
180 * "AGREE_UNIX_FD" */
181
182 e = memmem(b->rbuffer, b->rbuffer_size, "\r\n", 2);
183 if (!e)
184 return 0;
185
186 if (b->hello_flags & KDBUS_HELLO_ACCEPT_FD) {
187 f = memmem(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2);
188 if (!f)
189 return 0;
190
191 start = f + 2;
192 } else {
193 f = NULL;
194 start = e + 2;
195 }
196
197 /* Nice! We got all the lines we need. First check the OK
198 * line */
199
200 if (e - (char*) b->rbuffer != 3 + 32)
201 return -EPERM;
202
203 if (memcmp(b->rbuffer, "OK ", 3))
204 return -EPERM;
205
206 b->auth = b->anonymous_auth ? BUS_AUTH_ANONYMOUS : BUS_AUTH_EXTERNAL;
207
208 for (i = 0; i < 32; i += 2) {
209 int x, y;
210
211 x = unhexchar(((char*) b->rbuffer)[3 + i]);
212 y = unhexchar(((char*) b->rbuffer)[3 + i + 1]);
213
214 if (x < 0 || y < 0)
215 return -EINVAL;
216
217 peer.bytes[i/2] = ((uint8_t) x << 4 | (uint8_t) y);
218 }
219
220 if (!sd_id128_equal(b->server_id, SD_ID128_NULL) &&
221 !sd_id128_equal(b->server_id, peer))
222 return -EPERM;
223
224 b->server_id = peer;
225
226 /* And possibly check the second line, too */
227
228 if (f)
229 b->can_fds =
230 (f - e == strlen("\r\nAGREE_UNIX_FD")) &&
231 memcmp(e + 2, "AGREE_UNIX_FD", strlen("AGREE_UNIX_FD")) == 0;
232
233 b->rbuffer_size -= (start - (char*) b->rbuffer);
234 memmove(b->rbuffer, start, b->rbuffer_size);
235
236 r = bus_start_running(b);
237 if (r < 0)
238 return r;
239
240 return 1;
241 }
242
243 static bool line_equals(const char *s, size_t m, const char *line) {
244 size_t l;
245
246 l = strlen(line);
247 if (l != m)
248 return false;
249
250 return memcmp(s, line, l) == 0;
251 }
252
253 static bool line_begins(const char *s, size_t m, const char *word) {
254 size_t l;
255
256 l = strlen(word);
257 if (m < l)
258 return false;
259
260 if (memcmp(s, word, l) != 0)
261 return false;
262
263 return m == l || (m > l && s[l] == ' ');
264 }
265
266 static int verify_anonymous_token(sd_bus *b, const char *p, size_t l) {
267 _cleanup_free_ char *token = NULL;
268
269 if (!b->anonymous_auth)
270 return 0;
271
272 if (l <= 0)
273 return 1;
274
275 assert(p[0] == ' ');
276 p++; l--;
277
278 if (l % 2 != 0)
279 return 0;
280 token = unhexmem(p, l);
281 if (!token)
282 return -ENOMEM;
283
284 if (memchr(token, 0, l/2))
285 return 0;
286
287 return !!utf8_is_valid(token);
288 }
289
290 static int verify_external_token(sd_bus *b, const char *p, size_t l) {
291 _cleanup_free_ char *token = NULL;
292 uid_t u;
293 int r;
294
295 /* We don't do any real authentication here. Instead, we if
296 * the owner of this bus wanted authentication he should have
297 * checked SO_PEERCRED before even creating the bus object. */
298
299 if (!b->anonymous_auth && !b->ucred_valid)
300 return 0;
301
302 if (l <= 0)
303 return 1;
304
305 assert(p[0] == ' ');
306 p++; l--;
307
308 if (l % 2 != 0)
309 return 0;
310
311 token = unhexmem(p, l);
312 if (!token)
313 return -ENOMEM;
314
315 if (memchr(token, 0, l/2))
316 return 0;
317
318 r = parse_uid(token, &u);
319 if (r < 0)
320 return 0;
321
322 /* We ignore the passed value if anonymous authentication is
323 * on anyway. */
324 if (!b->anonymous_auth && u != b->ucred.uid)
325 return 0;
326
327 return 1;
328 }
329
330 static int bus_socket_auth_write(sd_bus *b, const char *t) {
331 char *p;
332 size_t l;
333
334 assert(b);
335 assert(t);
336
337 /* We only make use of the first iovec */
338 assert(b->auth_index == 0 || b->auth_index == 1);
339
340 l = strlen(t);
341 p = malloc(b->auth_iovec[0].iov_len + l);
342 if (!p)
343 return -ENOMEM;
344
345 memcpy(p, b->auth_iovec[0].iov_base, b->auth_iovec[0].iov_len);
346 memcpy(p + b->auth_iovec[0].iov_len, t, l);
347
348 b->auth_iovec[0].iov_base = p;
349 b->auth_iovec[0].iov_len += l;
350
351 free(b->auth_buffer);
352 b->auth_buffer = p;
353 b->auth_index = 0;
354 return 0;
355 }
356
357 static int bus_socket_auth_write_ok(sd_bus *b) {
358 char t[3 + 32 + 2 + 1];
359
360 assert(b);
361
362 xsprintf(t, "OK " SD_ID128_FORMAT_STR "\r\n", SD_ID128_FORMAT_VAL(b->server_id));
363
364 return bus_socket_auth_write(b, t);
365 }
366
367 static int bus_socket_auth_verify_server(sd_bus *b) {
368 char *e;
369 const char *line;
370 size_t l;
371 bool processed = false;
372 int r;
373
374 assert(b);
375
376 if (b->rbuffer_size < 1)
377 return 0;
378
379 /* First char must be a NUL byte */
380 if (*(char*) b->rbuffer != 0)
381 return -EIO;
382
383 if (b->rbuffer_size < 3)
384 return 0;
385
386 /* Begin with the first line */
387 if (b->auth_rbegin <= 0)
388 b->auth_rbegin = 1;
389
390 for (;;) {
391 /* Check if line is complete */
392 line = (char*) b->rbuffer + b->auth_rbegin;
393 e = memmem(line, b->rbuffer_size - b->auth_rbegin, "\r\n", 2);
394 if (!e)
395 return processed;
396
397 l = e - line;
398
399 if (line_begins(line, l, "AUTH ANONYMOUS")) {
400
401 r = verify_anonymous_token(b, line + 14, l - 14);
402 if (r < 0)
403 return r;
404 if (r == 0)
405 r = bus_socket_auth_write(b, "REJECTED\r\n");
406 else {
407 b->auth = BUS_AUTH_ANONYMOUS;
408 r = bus_socket_auth_write_ok(b);
409 }
410
411 } else if (line_begins(line, l, "AUTH EXTERNAL")) {
412
413 r = verify_external_token(b, line + 13, l - 13);
414 if (r < 0)
415 return r;
416 if (r == 0)
417 r = bus_socket_auth_write(b, "REJECTED\r\n");
418 else {
419 b->auth = BUS_AUTH_EXTERNAL;
420 r = bus_socket_auth_write_ok(b);
421 }
422
423 } else if (line_begins(line, l, "AUTH"))
424 r = bus_socket_auth_write(b, "REJECTED EXTERNAL ANONYMOUS\r\n");
425 else if (line_equals(line, l, "CANCEL") ||
426 line_begins(line, l, "ERROR")) {
427
428 b->auth = _BUS_AUTH_INVALID;
429 r = bus_socket_auth_write(b, "REJECTED\r\n");
430
431 } else if (line_equals(line, l, "BEGIN")) {
432
433 if (b->auth == _BUS_AUTH_INVALID)
434 r = bus_socket_auth_write(b, "ERROR\r\n");
435 else {
436 /* We can't leave from the auth phase
437 * before we haven't written
438 * everything queued, so let's check
439 * that */
440
441 if (bus_socket_auth_needs_write(b))
442 return 1;
443
444 b->rbuffer_size -= (e + 2 - (char*) b->rbuffer);
445 memmove(b->rbuffer, e + 2, b->rbuffer_size);
446 return bus_start_running(b);
447 }
448
449 } else if (line_begins(line, l, "DATA")) {
450
451 if (b->auth == _BUS_AUTH_INVALID)
452 r = bus_socket_auth_write(b, "ERROR\r\n");
453 else {
454 if (b->auth == BUS_AUTH_ANONYMOUS)
455 r = verify_anonymous_token(b, line + 4, l - 4);
456 else
457 r = verify_external_token(b, line + 4, l - 4);
458
459 if (r < 0)
460 return r;
461 if (r == 0) {
462 b->auth = _BUS_AUTH_INVALID;
463 r = bus_socket_auth_write(b, "REJECTED\r\n");
464 } else
465 r = bus_socket_auth_write_ok(b);
466 }
467 } else if (line_equals(line, l, "NEGOTIATE_UNIX_FD")) {
468 if (b->auth == _BUS_AUTH_INVALID || !(b->hello_flags & KDBUS_HELLO_ACCEPT_FD))
469 r = bus_socket_auth_write(b, "ERROR\r\n");
470 else {
471 b->can_fds = true;
472 r = bus_socket_auth_write(b, "AGREE_UNIX_FD\r\n");
473 }
474 } else
475 r = bus_socket_auth_write(b, "ERROR\r\n");
476
477 if (r < 0)
478 return r;
479
480 b->auth_rbegin = e + 2 - (char*) b->rbuffer;
481
482 processed = true;
483 }
484 }
485
486 static int bus_socket_auth_verify(sd_bus *b) {
487 assert(b);
488
489 if (b->is_server)
490 return bus_socket_auth_verify_server(b);
491 else
492 return bus_socket_auth_verify_client(b);
493 }
494
495 static int bus_socket_read_auth(sd_bus *b) {
496 struct msghdr mh;
497 struct iovec iov;
498 size_t n;
499 ssize_t k;
500 int r;
501 void *p;
502 union {
503 struct cmsghdr cmsghdr;
504 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX) +
505 CMSG_SPACE(sizeof(struct ucred)) +
506 CMSG_SPACE(NAME_MAX)]; /*selinux label */
507 } control;
508 struct cmsghdr *cmsg;
509 bool handle_cmsg = false;
510
511 assert(b);
512 assert(b->state == BUS_AUTHENTICATING);
513
514 r = bus_socket_auth_verify(b);
515 if (r != 0)
516 return r;
517
518 n = MAX(256u, b->rbuffer_size * 2);
519
520 if (n > BUS_AUTH_SIZE_MAX)
521 n = BUS_AUTH_SIZE_MAX;
522
523 if (b->rbuffer_size >= n)
524 return -ENOBUFS;
525
526 p = realloc(b->rbuffer, n);
527 if (!p)
528 return -ENOMEM;
529
530 b->rbuffer = p;
531
532 zero(iov);
533 iov.iov_base = (uint8_t*) b->rbuffer + b->rbuffer_size;
534 iov.iov_len = n - b->rbuffer_size;
535
536 if (b->prefer_readv)
537 k = readv(b->input_fd, &iov, 1);
538 else {
539 zero(mh);
540 mh.msg_iov = &iov;
541 mh.msg_iovlen = 1;
542 mh.msg_control = &control;
543 mh.msg_controllen = sizeof(control);
544
545 k = recvmsg(b->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
546 if (k < 0 && errno == ENOTSOCK) {
547 b->prefer_readv = true;
548 k = readv(b->input_fd, &iov, 1);
549 } else
550 handle_cmsg = true;
551 }
552 if (k < 0)
553 return errno == EAGAIN ? 0 : -errno;
554 if (k == 0)
555 return -ECONNRESET;
556
557 b->rbuffer_size += k;
558
559 if (handle_cmsg) {
560 for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) {
561 if (cmsg->cmsg_level == SOL_SOCKET &&
562 cmsg->cmsg_type == SCM_RIGHTS) {
563 int j;
564
565 /* Whut? We received fds during the auth
566 * protocol? Somebody is playing games with
567 * us. Close them all, and fail */
568 j = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
569 close_many((int*) CMSG_DATA(cmsg), j);
570 return -EIO;
571
572 } else if (cmsg->cmsg_level == SOL_SOCKET &&
573 cmsg->cmsg_type == SCM_CREDENTIALS &&
574 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
575
576 /* Ignore bogus data, which we might
577 * get on socketpair() sockets */
578 if (((struct ucred*) CMSG_DATA(cmsg))->pid != 0) {
579 memcpy(&b->ucred, CMSG_DATA(cmsg), sizeof(struct ucred));
580 b->ucred_valid = true;
581 }
582
583 } else if (cmsg->cmsg_level == SOL_SOCKET &&
584 cmsg->cmsg_type == SCM_SECURITY) {
585
586 size_t l;
587
588 l = cmsg->cmsg_len - CMSG_LEN(0);
589 if (l > 0) {
590 memcpy(&b->label, CMSG_DATA(cmsg), l);
591 b->label[l] = 0;
592 }
593 }
594 }
595 }
596
597 r = bus_socket_auth_verify(b);
598 if (r != 0)
599 return r;
600
601 return 1;
602 }
603
604 void bus_socket_setup(sd_bus *b) {
605 int enable;
606
607 assert(b);
608
609 /* Enable SO_PASSCRED + SO_PASSEC. We try this on any
610 * socket, just in case. */
611 enable = !b->bus_client;
612 (void)setsockopt(b->input_fd, SOL_SOCKET, SO_PASSCRED, &enable, sizeof(enable));
613
614 enable = !b->bus_client && (b->attach_flags & KDBUS_ATTACH_SECLABEL);
615 (void)setsockopt(b->input_fd, SOL_SOCKET, SO_PASSSEC, &enable, sizeof(enable));
616
617 /* Increase the buffers to 8 MB */
618 fd_inc_rcvbuf(b->input_fd, SNDBUF_SIZE);
619 fd_inc_sndbuf(b->output_fd, SNDBUF_SIZE);
620
621 b->is_kernel = false;
622 b->message_version = 1;
623 b->message_endian = 0;
624 }
625
626 static void bus_get_peercred(sd_bus *b) {
627 assert(b);
628
629 /* Get the peer for socketpair() sockets */
630 b->ucred_valid = getpeercred(b->input_fd, &b->ucred) >= 0;
631 }
632
633 static int bus_socket_start_auth_client(sd_bus *b) {
634 size_t l;
635 const char *auth_suffix, *auth_prefix;
636
637 assert(b);
638
639 if (b->anonymous_auth) {
640 auth_prefix = "\0AUTH ANONYMOUS ";
641
642 /* For ANONYMOUS auth we send some arbitrary "trace" string */
643 l = 9;
644 b->auth_buffer = hexmem("anonymous", l);
645 } else {
646 char text[DECIMAL_STR_MAX(uid_t) + 1];
647
648 auth_prefix = "\0AUTH EXTERNAL ";
649
650 xsprintf(text, UID_FMT, geteuid());
651
652 l = strlen(text);
653 b->auth_buffer = hexmem(text, l);
654 }
655
656 if (!b->auth_buffer)
657 return -ENOMEM;
658
659 if (b->hello_flags & KDBUS_HELLO_ACCEPT_FD)
660 auth_suffix = "\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n";
661 else
662 auth_suffix = "\r\nBEGIN\r\n";
663
664 b->auth_iovec[0].iov_base = (void*) auth_prefix;
665 b->auth_iovec[0].iov_len = 1 + strlen(auth_prefix + 1);
666 b->auth_iovec[1].iov_base = (void*) b->auth_buffer;
667 b->auth_iovec[1].iov_len = l * 2;
668 b->auth_iovec[2].iov_base = (void*) auth_suffix;
669 b->auth_iovec[2].iov_len = strlen(auth_suffix);
670
671 return bus_socket_write_auth(b);
672 }
673
674 int bus_socket_start_auth(sd_bus *b) {
675 assert(b);
676
677 bus_get_peercred(b);
678
679 b->state = BUS_AUTHENTICATING;
680 b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_DEFAULT_TIMEOUT;
681
682 if (sd_is_socket(b->input_fd, AF_UNIX, 0, 0) <= 0)
683 b->hello_flags &= ~KDBUS_HELLO_ACCEPT_FD;
684
685 if (b->output_fd != b->input_fd)
686 if (sd_is_socket(b->output_fd, AF_UNIX, 0, 0) <= 0)
687 b->hello_flags &= ~KDBUS_HELLO_ACCEPT_FD;
688
689 if (b->is_server)
690 return bus_socket_read_auth(b);
691 else
692 return bus_socket_start_auth_client(b);
693 }
694
695 int bus_socket_connect(sd_bus *b) {
696 int r;
697
698 assert(b);
699 assert(b->input_fd < 0);
700 assert(b->output_fd < 0);
701 assert(b->sockaddr.sa.sa_family != AF_UNSPEC);
702
703 b->input_fd = socket(b->sockaddr.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
704 if (b->input_fd < 0)
705 return -errno;
706
707 b->output_fd = b->input_fd;
708
709 bus_socket_setup(b);
710
711 r = connect(b->input_fd, &b->sockaddr.sa, b->sockaddr_size);
712 if (r < 0) {
713 if (errno == EINPROGRESS)
714 return 1;
715
716 return -errno;
717 }
718
719 return bus_socket_start_auth(b);
720 }
721
722 int bus_socket_exec(sd_bus *b) {
723 int s[2], r;
724 pid_t pid;
725
726 assert(b);
727 assert(b->input_fd < 0);
728 assert(b->output_fd < 0);
729 assert(b->exec_path);
730
731 r = socketpair(AF_UNIX, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0, s);
732 if (r < 0)
733 return -errno;
734
735 pid = fork();
736 if (pid < 0) {
737 safe_close_pair(s);
738 return -errno;
739 }
740 if (pid == 0) {
741 /* Child */
742
743 reset_all_signal_handlers();
744
745 close_all_fds(s+1, 1);
746
747 assert_se(dup3(s[1], STDIN_FILENO, 0) == STDIN_FILENO);
748 assert_se(dup3(s[1], STDOUT_FILENO, 0) == STDOUT_FILENO);
749
750 if (s[1] != STDIN_FILENO && s[1] != STDOUT_FILENO)
751 safe_close(s[1]);
752
753 fd_cloexec(STDIN_FILENO, false);
754 fd_cloexec(STDOUT_FILENO, false);
755 fd_nonblock(STDIN_FILENO, false);
756 fd_nonblock(STDOUT_FILENO, false);
757
758 if (b->exec_argv)
759 execvp(b->exec_path, b->exec_argv);
760 else {
761 const char *argv[] = { b->exec_path, NULL };
762 execvp(b->exec_path, (char**) argv);
763 }
764
765 _exit(EXIT_FAILURE);
766 }
767
768 safe_close(s[1]);
769 b->output_fd = b->input_fd = s[0];
770
771 bus_socket_setup(b);
772
773 return bus_socket_start_auth(b);
774 }
775
776 int bus_socket_take_fd(sd_bus *b) {
777 assert(b);
778
779 bus_socket_setup(b);
780
781 return bus_socket_start_auth(b);
782 }
783
784 int bus_socket_write_message(sd_bus *bus, sd_bus_message *m, size_t *idx) {
785 struct iovec *iov;
786 ssize_t k;
787 size_t n;
788 unsigned j;
789 int r;
790
791 assert(bus);
792 assert(m);
793 assert(idx);
794 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
795
796 if (*idx >= BUS_MESSAGE_SIZE(m))
797 return 0;
798
799 r = bus_message_setup_iovec(m);
800 if (r < 0)
801 return r;
802
803 n = m->n_iovec * sizeof(struct iovec);
804 iov = alloca(n);
805 memcpy(iov, m->iovec, n);
806
807 j = 0;
808 iovec_advance(iov, &j, *idx);
809
810 if (bus->prefer_writev)
811 k = writev(bus->output_fd, iov, m->n_iovec);
812 else {
813 struct msghdr mh;
814 zero(mh);
815
816 if (m->n_fds > 0) {
817 struct cmsghdr *control;
818 control = alloca(CMSG_SPACE(sizeof(int) * m->n_fds));
819
820 mh.msg_control = control;
821 control->cmsg_level = SOL_SOCKET;
822 control->cmsg_type = SCM_RIGHTS;
823 mh.msg_controllen = control->cmsg_len = CMSG_LEN(sizeof(int) * m->n_fds);
824 memcpy(CMSG_DATA(control), m->fds, sizeof(int) * m->n_fds);
825 }
826
827 mh.msg_iov = iov;
828 mh.msg_iovlen = m->n_iovec;
829
830 k = sendmsg(bus->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
831 if (k < 0 && errno == ENOTSOCK) {
832 bus->prefer_writev = true;
833 k = writev(bus->output_fd, iov, m->n_iovec);
834 }
835 }
836
837 if (k < 0)
838 return errno == EAGAIN ? 0 : -errno;
839
840 *idx += (size_t) k;
841 return 1;
842 }
843
844 static int bus_socket_read_message_need(sd_bus *bus, size_t *need) {
845 uint32_t a, b;
846 uint8_t e;
847 uint64_t sum;
848
849 assert(bus);
850 assert(need);
851 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
852
853 if (bus->rbuffer_size < sizeof(struct bus_header)) {
854 *need = sizeof(struct bus_header) + 8;
855
856 /* Minimum message size:
857 *
858 * Header +
859 *
860 * Method Call: +2 string headers
861 * Signal: +3 string headers
862 * Method Error: +1 string headers
863 * +1 uint32 headers
864 * Method Reply: +1 uint32 headers
865 *
866 * A string header is at least 9 bytes
867 * A uint32 header is at least 8 bytes
868 *
869 * Hence the minimum message size of a valid message
870 * is header + 8 bytes */
871
872 return 0;
873 }
874
875 a = ((const uint32_t*) bus->rbuffer)[1];
876 b = ((const uint32_t*) bus->rbuffer)[3];
877
878 e = ((const uint8_t*) bus->rbuffer)[0];
879 if (e == BUS_LITTLE_ENDIAN) {
880 a = le32toh(a);
881 b = le32toh(b);
882 } else if (e == BUS_BIG_ENDIAN) {
883 a = be32toh(a);
884 b = be32toh(b);
885 } else
886 return -EBADMSG;
887
888 sum = (uint64_t) sizeof(struct bus_header) + (uint64_t) ALIGN_TO(b, 8) + (uint64_t) a;
889 if (sum >= BUS_MESSAGE_SIZE_MAX)
890 return -ENOBUFS;
891
892 *need = (size_t) sum;
893 return 0;
894 }
895
896 static int bus_socket_make_message(sd_bus *bus, size_t size) {
897 sd_bus_message *t;
898 void *b;
899 int r;
900
901 assert(bus);
902 assert(bus->rbuffer_size >= size);
903 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
904
905 r = bus_rqueue_make_room(bus);
906 if (r < 0)
907 return r;
908
909 if (bus->rbuffer_size > size) {
910 b = memdup((const uint8_t*) bus->rbuffer + size,
911 bus->rbuffer_size - size);
912 if (!b)
913 return -ENOMEM;
914 } else
915 b = NULL;
916
917 r = bus_message_from_malloc(bus,
918 bus->rbuffer, size,
919 bus->fds, bus->n_fds,
920 !bus->bus_client && bus->ucred_valid ? &bus->ucred : NULL,
921 !bus->bus_client && bus->label[0] ? bus->label : NULL,
922 &t);
923 if (r < 0) {
924 free(b);
925 return r;
926 }
927
928 bus->rbuffer = b;
929 bus->rbuffer_size -= size;
930
931 bus->fds = NULL;
932 bus->n_fds = 0;
933
934 bus->rqueue[bus->rqueue_size++] = t;
935
936 return 1;
937 }
938
939 int bus_socket_read_message(sd_bus *bus) {
940 struct msghdr mh;
941 struct iovec iov;
942 ssize_t k;
943 size_t need;
944 int r;
945 void *b;
946 union {
947 struct cmsghdr cmsghdr;
948 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX) +
949 CMSG_SPACE(sizeof(struct ucred)) +
950 CMSG_SPACE(NAME_MAX)]; /*selinux label */
951 } control;
952 struct cmsghdr *cmsg;
953 bool handle_cmsg = false;
954
955 assert(bus);
956 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
957
958 r = bus_socket_read_message_need(bus, &need);
959 if (r < 0)
960 return r;
961
962 if (bus->rbuffer_size >= need)
963 return bus_socket_make_message(bus, need);
964
965 b = realloc(bus->rbuffer, need);
966 if (!b)
967 return -ENOMEM;
968
969 bus->rbuffer = b;
970
971 zero(iov);
972 iov.iov_base = (uint8_t*) bus->rbuffer + bus->rbuffer_size;
973 iov.iov_len = need - bus->rbuffer_size;
974
975 if (bus->prefer_readv)
976 k = readv(bus->input_fd, &iov, 1);
977 else {
978 zero(mh);
979 mh.msg_iov = &iov;
980 mh.msg_iovlen = 1;
981 mh.msg_control = &control;
982 mh.msg_controllen = sizeof(control);
983
984 k = recvmsg(bus->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
985 if (k < 0 && errno == ENOTSOCK) {
986 bus->prefer_readv = true;
987 k = readv(bus->input_fd, &iov, 1);
988 } else
989 handle_cmsg = true;
990 }
991 if (k < 0)
992 return errno == EAGAIN ? 0 : -errno;
993 if (k == 0)
994 return -ECONNRESET;
995
996 bus->rbuffer_size += k;
997
998 if (handle_cmsg) {
999 for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) {
1000 if (cmsg->cmsg_level == SOL_SOCKET &&
1001 cmsg->cmsg_type == SCM_RIGHTS) {
1002 int n, *f;
1003
1004 n = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
1005
1006 if (!bus->can_fds) {
1007 /* Whut? We received fds but this
1008 * isn't actually enabled? Close them,
1009 * and fail */
1010
1011 close_many((int*) CMSG_DATA(cmsg), n);
1012 return -EIO;
1013 }
1014
1015 f = realloc(bus->fds, sizeof(int) + (bus->n_fds + n));
1016 if (!f) {
1017 close_many((int*) CMSG_DATA(cmsg), n);
1018 return -ENOMEM;
1019 }
1020
1021 memcpy(f + bus->n_fds, CMSG_DATA(cmsg), n * sizeof(int));
1022 bus->fds = f;
1023 bus->n_fds += n;
1024 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1025 cmsg->cmsg_type == SCM_CREDENTIALS &&
1026 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
1027
1028 /* Ignore bogus data, which we might
1029 * get on socketpair() sockets */
1030 if (((struct ucred*) CMSG_DATA(cmsg))->pid != 0) {
1031 memcpy(&bus->ucred, CMSG_DATA(cmsg), sizeof(struct ucred));
1032 bus->ucred_valid = true;
1033 }
1034
1035 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1036 cmsg->cmsg_type == SCM_SECURITY) {
1037
1038 size_t l;
1039 l = cmsg->cmsg_len - CMSG_LEN(0);
1040 if (l > 0) {
1041 memcpy(&bus->label, CMSG_DATA(cmsg), l);
1042 bus->label[l] = 0;
1043 }
1044 }
1045 }
1046 }
1047
1048 r = bus_socket_read_message_need(bus, &need);
1049 if (r < 0)
1050 return r;
1051
1052 if (bus->rbuffer_size >= need)
1053 return bus_socket_make_message(bus, need);
1054
1055 return 1;
1056 }
1057
1058 int bus_socket_process_opening(sd_bus *b) {
1059 int error = 0;
1060 socklen_t slen = sizeof(error);
1061 struct pollfd p = {
1062 .fd = b->output_fd,
1063 .events = POLLOUT,
1064 };
1065 int r;
1066
1067 assert(b->state == BUS_OPENING);
1068
1069 r = poll(&p, 1, 0);
1070 if (r < 0)
1071 return -errno;
1072
1073 if (!(p.revents & (POLLOUT|POLLERR|POLLHUP)))
1074 return 0;
1075
1076 r = getsockopt(b->output_fd, SOL_SOCKET, SO_ERROR, &error, &slen);
1077 if (r < 0)
1078 b->last_connect_error = errno;
1079 else if (error != 0)
1080 b->last_connect_error = error;
1081 else if (p.revents & (POLLERR|POLLHUP))
1082 b->last_connect_error = ECONNREFUSED;
1083 else
1084 return bus_socket_start_auth(b);
1085
1086 return bus_next_address(b);
1087 }
1088
1089 int bus_socket_process_authenticating(sd_bus *b) {
1090 int r;
1091
1092 assert(b);
1093 assert(b->state == BUS_AUTHENTICATING);
1094
1095 if (now(CLOCK_MONOTONIC) >= b->auth_timeout)
1096 return -ETIMEDOUT;
1097
1098 r = bus_socket_write_auth(b);
1099 if (r != 0)
1100 return r;
1101
1102 return bus_socket_read_auth(b);
1103 }
Unnamed repository; edit this file 'description' to name the repository.