#include "fd-util.h"
#include "fs-util.h"
#include "log.h"
-#include "mkdir.h"
+#include "mkdir-label.h"
#include "process-util.h"
#include "selinux-access.h"
#include "serialize.h"
#include "string-util.h"
#include "strv.h"
#include "strxcpyx.h"
+#include "umask-util.h"
#include "user-util.h"
#define CONNECTIONS_MAX 4096
static int signal_agent_released(sd_bus_message *message, void *userdata, sd_bus_error *error) {
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
- Manager *m = userdata;
+ Manager *m = ASSERT_PTR(userdata);
const char *cgroup;
uid_t sender_uid;
int r;
assert(message);
- assert(m);
/* only accept org.freedesktop.systemd1.Agent from UID=0 */
r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID, &creds);
}
static int signal_disconnected(sd_bus_message *message, void *userdata, sd_bus_error *error) {
- Manager *m = userdata;
+ Manager *m = ASSERT_PTR(userdata);
sd_bus *bus;
assert(message);
- assert(m);
assert_se(bus = sd_bus_message_get_bus(message));
if (bus == m->api_bus)
static int signal_activation_request(sd_bus_message *message, void *userdata, sd_bus_error *ret_error) {
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
- Manager *m = userdata;
+ Manager *m = ASSERT_PTR(userdata);
const char *name;
Unit *u;
int r;
assert(message);
- assert(m);
r = sd_bus_message_read(message, "s", &name);
if (r < 0) {
return 0;
}
- if (manager_unit_inactive_or_pending(m, SPECIAL_DBUS_SERVICE) ||
- manager_unit_inactive_or_pending(m, SPECIAL_DBUS_SOCKET)) {
+ if (manager_unit_inactive_or_pending(m, SPECIAL_DBUS_SOCKET) ||
+ manager_unit_inactive_or_pending(m, SPECIAL_DBUS_SERVICE)) {
r = sd_bus_error_set(&error, BUS_ERROR_SHUTTING_DOWN, "Refusing activation, D-Bus is shutting down.");
goto failed;
}
}
static int bus_unit_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
- Manager *m = userdata;
+ Manager *m = ASSERT_PTR(userdata);
assert(bus);
assert(path);
assert(interface);
assert(found);
- assert(m);
return find_unit(m, bus, path, (Unit**) found, error);
}
static int bus_unit_interface_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
- Manager *m = userdata;
+ Manager *m = ASSERT_PTR(userdata);
Unit *u;
int r;
assert(path);
assert(interface);
assert(found);
- assert(m);
r = find_unit(m, bus, path, &u, error);
if (r <= 0)
}
static int bus_unit_cgroup_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
- Manager *m = userdata;
+ Manager *m = ASSERT_PTR(userdata);
Unit *u;
int r;
assert(path);
assert(interface);
assert(found);
- assert(m);
r = find_unit(m, bus, path, &u, error);
if (r <= 0)
}
static int bus_cgroup_context_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
- Manager *m = userdata;
+ Manager *m = ASSERT_PTR(userdata);
CGroupContext *c;
Unit *u;
int r;
assert(path);
assert(interface);
assert(found);
- assert(m);
r = find_unit(m, bus, path, &u, error);
if (r <= 0)
}
static int bus_exec_context_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
- Manager *m = userdata;
+ Manager *m = ASSERT_PTR(userdata);
ExecContext *c;
Unit *u;
int r;
assert(path);
assert(interface);
assert(found);
- assert(m);
r = find_unit(m, bus, path, &u, error);
if (r <= 0)
}
static int bus_kill_context_find(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
- Manager *m = userdata;
+ Manager *m = ASSERT_PTR(userdata);
KillContext *c;
Unit *u;
int r;
assert(path);
assert(interface);
assert(found);
- assert(m);
r = find_unit(m, bus, path, &u, error);
if (r <= 0)
static int bus_on_connection(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
_cleanup_(sd_bus_close_unrefp) sd_bus *bus = NULL;
- _cleanup_close_ int nfd = -1;
- Manager *m = userdata;
+ _cleanup_close_ int nfd = -EBADF;
+ Manager *m = ASSERT_PTR(userdata);
sd_id128_t id;
int r;
assert(s);
- assert(m);
nfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK|SOCK_CLOEXEC);
if (nfd < 0) {
return 0;
}
- nfd = -1;
+ TAKE_FD(nfd);
r = bus_check_peercred(bus);
if (r < 0) {
r = sd_bus_negotiate_creds(bus, 1,
SD_BUS_CREDS_PID|SD_BUS_CREDS_UID|
SD_BUS_CREDS_EUID|SD_BUS_CREDS_EFFECTIVE_CAPS|
- SD_BUS_CREDS_SELINUX_CONTEXT);
+ SD_BUS_CREDS_SELINUX_CONTEXT|
+ SD_BUS_CREDS_COMM|SD_BUS_CREDS_DESCRIPTION);
if (r < 0) {
log_warning_errno(r, "Failed to enable credentials for new connection: %m");
return 0;
return 0;
}
+ if (DEBUG_LOGGING) {
+ _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *c = NULL;
+ const char *comm = NULL, *description = NULL;
+ pid_t pid = 0;
+
+ r = sd_bus_get_owner_creds(bus, SD_BUS_CREDS_PID|SD_BUS_CREDS_COMM|SD_BUS_CREDS_DESCRIPTION, &c);
+ if (r < 0)
+ log_warning_errno(r, "Failed to get peer creds, ignoring: %m");
+ else {
+ (void) sd_bus_creds_get_pid(c, &pid);
+ (void) sd_bus_creds_get_comm(c, &comm);
+ (void) sd_bus_creds_get_description(c, &description);
+ }
+
+ log_debug("Accepting direct incoming connection from " PID_FMT " (%s) [%s]", pid, strna(comm), strna(description));
+ }
+
r = sd_bus_attach_event(bus, m->event, SD_EVENT_PRIORITY_NORMAL);
if (r < 0) {
log_warning_errno(r, "Failed to attach new connection bus to event loop: %m");
return 0;
}
+ r = bus_register_malloc_status(bus, "org.freedesktop.systemd1");
+ if (r < 0)
+ log_warning_errno(r, "Failed to register MemoryAllocation1, ignoring: %m");
+
r = set_ensure_put(&m->private_buses, NULL, bus);
if (r == -ENOMEM) {
log_oom();
if (r < 0)
return log_error_errno(r, "Failed to request name: %m");
+ r = bus_register_malloc_status(bus, "org.freedesktop.systemd1");
+ if (r < 0)
+ log_warning_errno(r, "Failed to register MemoryAllocation1, ignoring: %m");
+
log_debug("Successfully connected to API bus.");
return 0;
}
int bus_init_private(Manager *m) {
- _cleanup_close_ int fd = -1;
+ _cleanup_close_ int fd = -EBADF;
union sockaddr_union sa;
socklen_t sa_len;
sd_event_source *s;
r = sockaddr_un_set_path(&sa.un, "/run/systemd/private");
} else {
- const char *e, *joined;
+ _cleanup_free_ char *joined = NULL;
+ const char *e;
e = secure_getenv("XDG_RUNTIME_DIR");
if (!e)
return log_error_errno(SYNTHETIC_ERRNO(EHOSTDOWN),
"XDG_RUNTIME_DIR is not set, refusing.");
- joined = strjoina(e, "/systemd/private");
+ joined = path_join(e, "/systemd/private");
+ if (!joined)
+ return log_oom();
+
r = sockaddr_un_set_path(&sa.un, joined);
}
if (r < 0)
if (fd < 0)
return log_error_errno(errno, "Failed to allocate private socket: %m");
- r = bind(fd, &sa.sa, sa_len);
+ WITH_UMASK(0077)
+ r = bind(fd, &sa.sa, sa_len);
if (r < 0)
return log_error_errno(errno, "Failed to bind private socket: %m");
- r = listen(fd, SOMAXCONN);
+ r = listen(fd, SOMAXCONN_DELUXE);
if (r < 0)
return log_error_errno(errno, "Failed to make private socket listening: %m");
u->bus_track = sd_bus_track_unref(u->bus_track);
/* Get rid of pending freezer messages on this bus */
- if (u->pending_freezer_message && sd_bus_message_get_bus(u->pending_freezer_message) == *bus)
- u->pending_freezer_message = sd_bus_message_unref(u->pending_freezer_message);
+ if (u->pending_freezer_invocation && sd_bus_message_get_bus(u->pending_freezer_invocation) == *bus)
+ u->pending_freezer_invocation = sd_bus_message_unref(u->pending_freezer_invocation);
}
/* Get rid of queued message on this bus */
m->private_buses = set_free(m->private_buses);
- m->private_listen_event_source = sd_event_source_unref(m->private_listen_event_source);
+ m->private_listen_event_source = sd_event_source_disable_unref(m->private_listen_event_source);
m->private_listen_fd = safe_close(m->private_listen_fd);
}
}
int bus_verify_manage_units_async(Manager *m, sd_bus_message *call, sd_bus_error *error) {
- return bus_verify_polkit_async(call, CAP_SYS_ADMIN, "org.freedesktop.systemd1.manage-units", NULL, false, UID_INVALID, &m->polkit_registry, error);
+ return bus_verify_polkit_async(
+ call,
+ "org.freedesktop.systemd1.manage-units",
+ /* details= */ NULL,
+ &m->polkit_registry,
+ error);
}
int bus_verify_manage_unit_files_async(Manager *m, sd_bus_message *call, sd_bus_error *error) {
- return bus_verify_polkit_async(call, CAP_SYS_ADMIN, "org.freedesktop.systemd1.manage-unit-files", NULL, false, UID_INVALID, &m->polkit_registry, error);
+ return bus_verify_polkit_async(
+ call,
+ "org.freedesktop.systemd1.manage-unit-files",
+ /* details= */ NULL,
+ &m->polkit_registry,
+ error);
}
int bus_verify_reload_daemon_async(Manager *m, sd_bus_message *call, sd_bus_error *error) {
- return bus_verify_polkit_async(call, CAP_SYS_ADMIN, "org.freedesktop.systemd1.reload-daemon", NULL, false, UID_INVALID, &m->polkit_registry, error);
+ return bus_verify_polkit_async(
+ call,
+ "org.freedesktop.systemd1.reload-daemon",
+ /* details= */ NULL,
+ &m->polkit_registry, error);
}
int bus_verify_set_environment_async(Manager *m, sd_bus_message *call, sd_bus_error *error) {
- return bus_verify_polkit_async(call, CAP_SYS_ADMIN, "org.freedesktop.systemd1.set-environment", NULL, false, UID_INVALID, &m->polkit_registry, error);
+ return bus_verify_polkit_async(
+ call,
+ "org.freedesktop.systemd1.set-environment",
+ /* details= */ NULL,
+ &m->polkit_registry,
+ error);
+}
+int bus_verify_bypass_dump_ratelimit_async(Manager *m, sd_bus_message *call, sd_bus_error *error) {
+ return bus_verify_polkit_async(
+ call,
+ "org.freedesktop.systemd1.bypass-dump-ratelimit",
+ /* details= */ NULL,
+ &m->polkit_registry,
+ error);
}
uint64_t manager_bus_n_queued_write(Manager *m) {