]> git.ipfire.org Git - thirdparty/systemd.git/blame_incremental - src/libsystemd-bus/bus-socket.c
projects / thirdparty / systemd.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
timedatectl: work with old timedated
[thirdparty/systemd.git] / src / libsystemd-bus / bus-socket.c
... / ...
CommitLineData
1/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3/***
4 This file is part of systemd.
5
6 Copyright 2013 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20***/
21
22#include <endian.h>
23#include <assert.h>
24#include <stdlib.h>
25#include <unistd.h>
26#include <sys/poll.h>
27#include <byteswap.h>
28
29#include "util.h"
30#include "macro.h"
31#include "missing.h"
32#include "strv.h"
33#include "utf8.h"
34#include "sd-daemon.h"
35
36#include "sd-bus.h"
37#include "bus-socket.h"
38#include "bus-internal.h"
39#include "bus-message.h"
40
41static void iovec_advance(struct iovec iov[], unsigned *idx, size_t size) {
42
43 while (size > 0) {
44 struct iovec *i = iov + *idx;
45
46 if (i->iov_len > size) {
47 i->iov_base = (uint8_t*) i->iov_base + size;
48 i->iov_len -= size;
49 return;
50 }
51
52 size -= i->iov_len;
53
54 i->iov_base = NULL;
55 i->iov_len = 0;
56
57 (*idx) ++;
58 }
59}
60
61static int append_iovec(sd_bus_message *m, const void *p, size_t sz) {
62 assert(m);
63 assert(p);
64 assert(sz > 0);
65
66 m->iovec[m->n_iovec].iov_base = (void*) p;
67 m->iovec[m->n_iovec].iov_len = sz;
68 m->n_iovec++;
69
70 return 0;
71}
72
73static int bus_message_setup_iovec(sd_bus_message *m) {
74 struct bus_body_part *part;
75 unsigned n, i;
76 int r;
77
78 assert(m);
79 assert(m->sealed);
80
81 if (m->n_iovec > 0)
82 return 0;
83
84 assert(!m->iovec);
85
86 n = 1 + m->n_body_parts;
87 if (n < ELEMENTSOF(m->iovec_fixed))
88 m->iovec = m->iovec_fixed;
89 else {
90 m->iovec = new(struct iovec, n);
91 if (!m->iovec) {
92 r = -ENOMEM;
93 goto fail;
94 }
95 }
96
97 r = append_iovec(m, m->header, BUS_MESSAGE_BODY_BEGIN(m));
98 if (r < 0)
99 goto fail;
100
101 MESSAGE_FOREACH_PART(part, i, m) {
102 r = bus_body_part_map(part);
103 if (r < 0)
104 goto fail;
105
106 r = append_iovec(m, part->data, part->size);
107 if (r < 0)
108 goto fail;
109 }
110
111 assert(n == m->n_iovec);
112
113 return 0;
114
115fail:
116 m->poisoned = true;
117 return r;
118}
119
120bool bus_socket_auth_needs_write(sd_bus *b) {
121
122 unsigned i;
123
124 if (b->auth_index >= ELEMENTSOF(b->auth_iovec))
125 return false;
126
127 for (i = b->auth_index; i < ELEMENTSOF(b->auth_iovec); i++) {
128 struct iovec *j = b->auth_iovec + i;
129
130 if (j->iov_len > 0)
131 return true;
132 }
133
134 return false;
135}
136
137static int bus_socket_write_auth(sd_bus *b) {
138 ssize_t k;
139
140 assert(b);
141 assert(b->state == BUS_AUTHENTICATING);
142
143 if (!bus_socket_auth_needs_write(b))
144 return 0;
145
146 if (b->prefer_writev)
147 k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
148 else {
149 struct msghdr mh;
150 zero(mh);
151
152 mh.msg_iov = b->auth_iovec + b->auth_index;
153 mh.msg_iovlen = ELEMENTSOF(b->auth_iovec) - b->auth_index;
154
155 k = sendmsg(b->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
156 if (k < 0 && errno == ENOTSOCK) {
157 b->prefer_writev = true;
158 k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
159 }
160 }
161
162 if (k < 0)
163 return errno == EAGAIN ? 0 : -errno;
164
165 iovec_advance(b->auth_iovec, &b->auth_index, (size_t) k);
166 return 1;
167}
168
169static int bus_socket_auth_verify_client(sd_bus *b) {
170 char *e, *f, *start;
171 sd_id128_t peer;
172 unsigned i;
173 int r;
174
175 assert(b);
176
177 /* We expect two response lines: "OK" and possibly
178 * "AGREE_UNIX_FD" */
179
180 e = memmem(b->rbuffer, b->rbuffer_size, "\r\n", 2);
181 if (!e)
182 return 0;
183
184 if (b->hello_flags & KDBUS_HELLO_ACCEPT_FD) {
185 f = memmem(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2);
186 if (!f)
187 return 0;
188
189 start = f + 2;
190 } else {
191 f = NULL;
192 start = e + 2;
193 }
194
195 /* Nice! We got all the lines we need. First check the OK
196 * line */
197
198 if (e - (char*) b->rbuffer != 3 + 32)
199 return -EPERM;
200
201 if (memcmp(b->rbuffer, "OK ", 3))
202 return -EPERM;
203
204 b->auth = b->anonymous_auth ? BUS_AUTH_ANONYMOUS : BUS_AUTH_EXTERNAL;
205
206 for (i = 0; i < 32; i += 2) {
207 int x, y;
208
209 x = unhexchar(((char*) b->rbuffer)[3 + i]);
210 y = unhexchar(((char*) b->rbuffer)[3 + i + 1]);
211
212 if (x < 0 || y < 0)
213 return -EINVAL;
214
215 peer.bytes[i/2] = ((uint8_t) x << 4 | (uint8_t) y);
216 }
217
218 if (!sd_id128_equal(b->server_id, SD_ID128_NULL) &&
219 !sd_id128_equal(b->server_id, peer))
220 return -EPERM;
221
222 b->server_id = peer;
223
224 /* And possibly check the second line, too */
225
226 if (f)
227 b->can_fds =
228 (f - e == sizeof("\r\nAGREE_UNIX_FD") - 1) &&
229 memcmp(e + 2, "AGREE_UNIX_FD", sizeof("AGREE_UNIX_FD") - 1) == 0;
230
231 b->rbuffer_size -= (start - (char*) b->rbuffer);
232 memmove(b->rbuffer, start, b->rbuffer_size);
233
234 r = bus_start_running(b);
235 if (r < 0)
236 return r;
237
238 return 1;
239}
240
241static bool line_equals(const char *s, size_t m, const char *line) {
242 size_t l;
243
244 l = strlen(line);
245 if (l != m)
246 return false;
247
248 return memcmp(s, line, l) == 0;
249}
250
251static bool line_begins(const char *s, size_t m, const char *word) {
252 size_t l;
253
254 l = strlen(word);
255 if (m < l)
256 return false;
257
258 if (memcmp(s, word, l) != 0)
259 return false;
260
261 return m == l || (m > l && s[l] == ' ');
262}
263
264static int verify_anonymous_token(sd_bus *b, const char *p, size_t l) {
265 _cleanup_free_ char *token = NULL;
266
267 if (!b->anonymous_auth)
268 return 0;
269
270 if (l <= 0)
271 return 1;
272
273 assert(p[0] == ' ');
274 p++; l--;
275
276 if (l % 2 != 0)
277 return 0;
278 token = unhexmem(p, l);
279 if (!token)
280 return -ENOMEM;
281
282 if (memchr(token, 0, l/2))
283 return 0;
284
285 return !!utf8_is_valid(token);
286}
287
288static int verify_external_token(sd_bus *b, const char *p, size_t l) {
289 _cleanup_free_ char *token = NULL;
290 uid_t u;
291 int r;
292
293 /* We don't do any real authentication here. Instead, we if
294 * the owner of this bus wanted authentication he should have
295 * checked SO_PEERCRED before even creating the bus object. */
296
297 if (!b->anonymous_auth && !b->ucred_valid)
298 return 0;
299
300 if (l <= 0)
301 return 1;
302
303 assert(p[0] == ' ');
304 p++; l--;
305
306 if (l % 2 != 0)
307 return 0;
308
309 token = unhexmem(p, l);
310 if (!token)
311 return -ENOMEM;
312
313 if (memchr(token, 0, l/2))
314 return 0;
315
316 r = parse_uid(token, &u);
317 if (r < 0)
318 return 0;
319
320 /* We ignore the passed value if anonymous authentication is
321 * on anyway. */
322 if (!b->anonymous_auth && u != b->ucred.uid)
323 return 0;
324
325 return 1;
326}
327
328static int bus_socket_auth_write(sd_bus *b, const char *t) {
329 char *p;
330 size_t l;
331
332 assert(b);
333 assert(t);
334
335 /* We only make use of the first iovec */
336 assert(b->auth_index == 0 || b->auth_index == 1);
337
338 l = strlen(t);
339 p = malloc(b->auth_iovec[0].iov_len + l);
340 if (!p)
341 return -ENOMEM;
342
343 memcpy(p, b->auth_iovec[0].iov_base, b->auth_iovec[0].iov_len);
344 memcpy(p + b->auth_iovec[0].iov_len, t, l);
345
346 b->auth_iovec[0].iov_base = p;
347 b->auth_iovec[0].iov_len += l;
348
349 free(b->auth_buffer);
350 b->auth_buffer = p;
351 b->auth_index = 0;
352 return 0;
353}
354
355static int bus_socket_auth_write_ok(sd_bus *b) {
356 char t[3 + 32 + 2 + 1];
357
358 assert(b);
359
360 snprintf(t, sizeof(t), "OK " SD_ID128_FORMAT_STR "\r\n", SD_ID128_FORMAT_VAL(b->server_id));
361 char_array_0(t);
362
363 return bus_socket_auth_write(b, t);
364}
365
366static int bus_socket_auth_verify_server(sd_bus *b) {
367 char *e;
368 const char *line;
369 size_t l;
370 bool processed = false;
371 int r;
372
373 assert(b);
374
375 if (b->rbuffer_size < 1)
376 return 0;
377
378 /* First char must be a NUL byte */
379 if (*(char*) b->rbuffer != 0)
380 return -EIO;
381
382 if (b->rbuffer_size < 3)
383 return 0;
384
385 /* Begin with the first line */
386 if (b->auth_rbegin <= 0)
387 b->auth_rbegin = 1;
388
389 for (;;) {
390 /* Check if line is complete */
391 line = (char*) b->rbuffer + b->auth_rbegin;
392 e = memmem(line, b->rbuffer_size - b->auth_rbegin, "\r\n", 2);
393 if (!e)
394 return processed;
395
396 l = e - line;
397
398 if (line_begins(line, l, "AUTH ANONYMOUS")) {
399
400 r = verify_anonymous_token(b, line + 14, l - 14);
401 if (r < 0)
402 return r;
403 if (r == 0)
404 r = bus_socket_auth_write(b, "REJECTED\r\n");
405 else {
406 b->auth = BUS_AUTH_ANONYMOUS;
407 r = bus_socket_auth_write_ok(b);
408 }
409
410 } else if (line_begins(line, l, "AUTH EXTERNAL")) {
411
412 r = verify_external_token(b, line + 13, l - 13);
413 if (r < 0)
414 return r;
415 if (r == 0)
416 r = bus_socket_auth_write(b, "REJECTED\r\n");
417 else {
418 b->auth = BUS_AUTH_EXTERNAL;
419 r = bus_socket_auth_write_ok(b);
420 }
421
422 } else if (line_begins(line, l, "AUTH"))
423 r = bus_socket_auth_write(b, "REJECTED EXTERNAL ANONYMOUS\r\n");
424 else if (line_equals(line, l, "CANCEL") ||
425 line_begins(line, l, "ERROR")) {
426
427 b->auth = _BUS_AUTH_INVALID;
428 r = bus_socket_auth_write(b, "REJECTED\r\n");
429
430 } else if (line_equals(line, l, "BEGIN")) {
431
432 if (b->auth == _BUS_AUTH_INVALID)
433 r = bus_socket_auth_write(b, "ERROR\r\n");
434 else {
435 /* We can't leave from the auth phase
436 * before we haven't written
437 * everything queued, so let's check
438 * that */
439
440 if (bus_socket_auth_needs_write(b))
441 return 1;
442
443 b->rbuffer_size -= (e + 2 - (char*) b->rbuffer);
444 memmove(b->rbuffer, e + 2, b->rbuffer_size);
445 return bus_start_running(b);
446 }
447
448 } else if (line_begins(line, l, "DATA")) {
449
450 if (b->auth == _BUS_AUTH_INVALID)
451 r = bus_socket_auth_write(b, "ERROR\r\n");
452 else {
453 if (b->auth == BUS_AUTH_ANONYMOUS)
454 r = verify_anonymous_token(b, line + 4, l - 4);
455 else
456 r = verify_external_token(b, line + 4, l - 4);
457
458 if (r < 0)
459 return r;
460 if (r == 0) {
461 b->auth = _BUS_AUTH_INVALID;
462 r = bus_socket_auth_write(b, "REJECTED\r\n");
463 } else
464 r = bus_socket_auth_write_ok(b);
465 }
466 } else if (line_equals(line, l, "NEGOTIATE_UNIX_FD")) {
467 if (b->auth == _BUS_AUTH_INVALID || !(b->hello_flags & KDBUS_HELLO_ACCEPT_FD))
468 r = bus_socket_auth_write(b, "ERROR\r\n");
469 else {
470 b->can_fds = true;
471 r = bus_socket_auth_write(b, "AGREE_UNIX_FD\r\n");
472 }
473 } else
474 r = bus_socket_auth_write(b, "ERROR\r\n");
475
476 if (r < 0)
477 return r;
478
479 b->auth_rbegin = e + 2 - (char*) b->rbuffer;
480
481 processed = true;
482 }
483}
484
485static int bus_socket_auth_verify(sd_bus *b) {
486 assert(b);
487
488 if (b->is_server)
489 return bus_socket_auth_verify_server(b);
490 else
491 return bus_socket_auth_verify_client(b);
492}
493
494static int bus_socket_read_auth(sd_bus *b) {
495 struct msghdr mh;
496 struct iovec iov;
497 size_t n;
498 ssize_t k;
499 int r;
500 void *p;
501 union {
502 struct cmsghdr cmsghdr;
503 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX) +
504 CMSG_SPACE(sizeof(struct ucred)) +
505 CMSG_SPACE(NAME_MAX)]; /*selinux label */
506 } control;
507 struct cmsghdr *cmsg;
508 bool handle_cmsg = false;
509
510 assert(b);
511 assert(b->state == BUS_AUTHENTICATING);
512
513 r = bus_socket_auth_verify(b);
514 if (r != 0)
515 return r;
516
517 n = MAX(256u, b->rbuffer_size * 2);
518
519 if (n > BUS_AUTH_SIZE_MAX)
520 n = BUS_AUTH_SIZE_MAX;
521
522 if (b->rbuffer_size >= n)
523 return -ENOBUFS;
524
525 p = realloc(b->rbuffer, n);
526 if (!p)
527 return -ENOMEM;
528
529 b->rbuffer = p;
530
531 zero(iov);
532 iov.iov_base = (uint8_t*) b->rbuffer + b->rbuffer_size;
533 iov.iov_len = n - b->rbuffer_size;
534
535 if (b->prefer_readv)
536 k = readv(b->input_fd, &iov, 1);
537 else {
538 zero(mh);
539 mh.msg_iov = &iov;
540 mh.msg_iovlen = 1;
541 mh.msg_control = &control;
542 mh.msg_controllen = sizeof(control);
543
544 k = recvmsg(b->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
545 if (k < 0 && errno == ENOTSOCK) {
546 b->prefer_readv = true;
547 k = readv(b->input_fd, &iov, 1);
548 } else
549 handle_cmsg = true;
550 }
551 if (k < 0)
552 return errno == EAGAIN ? 0 : -errno;
553 if (k == 0)
554 return -ECONNRESET;
555
556 b->rbuffer_size += k;
557
558 if (handle_cmsg) {
559 for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) {
560 if (cmsg->cmsg_level == SOL_SOCKET &&
561 cmsg->cmsg_type == SCM_RIGHTS) {
562 int j;
563
564 /* Whut? We received fds during the auth
565 * protocol? Somebody is playing games with
566 * us. Close them all, and fail */
567 j = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
568 close_many((int*) CMSG_DATA(cmsg), j);
569 return -EIO;
570
571 } else if (cmsg->cmsg_level == SOL_SOCKET &&
572 cmsg->cmsg_type == SCM_CREDENTIALS &&
573 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
574
575 /* Ignore bogus data, which we might
576 * get on socketpair() sockets */
577 if (((struct ucred*) CMSG_DATA(cmsg))->pid != 0) {
578 memcpy(&b->ucred, CMSG_DATA(cmsg), sizeof(struct ucred));
579 b->ucred_valid = true;
580 }
581
582 } else if (cmsg->cmsg_level == SOL_SOCKET &&
583 cmsg->cmsg_type == SCM_SECURITY) {
584
585 size_t l;
586
587 l = cmsg->cmsg_len - CMSG_LEN(0);
588 if (l > 0) {
589 memcpy(&b->label, CMSG_DATA(cmsg), l);
590 b->label[l] = 0;
591 }
592 }
593 }
594 }
595
596 r = bus_socket_auth_verify(b);
597 if (r != 0)
598 return r;
599
600 return 1;
601}
602
603int bus_socket_setup(sd_bus *b) {
604 int enable;
605 socklen_t l;
606
607 assert(b);
608
609 /* Enable SO_PASSCRED + SO_PASSEC. We try this on any
610 * socket, just in case. */
611 enable = !b->bus_client;
612 setsockopt(b->input_fd, SOL_SOCKET, SO_PASSCRED, &enable, sizeof(enable));
613
614 enable = !b->bus_client && (b->attach_flags & KDBUS_ATTACH_SECLABEL);
615 setsockopt(b->input_fd, SOL_SOCKET, SO_PASSSEC, &enable, sizeof(enable));
616
617 /* Increase the buffers to a MB */
618 fd_inc_rcvbuf(b->input_fd, 1024*1024);
619 fd_inc_sndbuf(b->output_fd, 1024*1024);
620
621 /* Get the peer for socketpair() sockets */
622 l = sizeof(b->ucred);
623 if (getsockopt(b->input_fd, SOL_SOCKET, SO_PEERCRED, &b->ucred, &l) >= 0 && l >= sizeof(b->ucred))
624 b->ucred_valid = b->ucred.pid > 0;
625
626 b->is_kernel = false;
627 b->message_version = 1;
628
629 return 0;
630}
631
632static int bus_socket_start_auth_client(sd_bus *b) {
633 size_t l;
634 const char *auth_suffix, *auth_prefix;
635
636 assert(b);
637
638 if (b->anonymous_auth) {
639 auth_prefix = "\0AUTH ANONYMOUS ";
640
641 /* For ANONYMOUS auth we send some arbitrary "trace" string */
642 l = 9;
643 b->auth_buffer = hexmem("anonymous", l);
644 } else {
645 char text[20 + 1]; /* enough space for a 64bit integer plus NUL */
646
647 auth_prefix = "\0AUTH EXTERNAL ";
648
649 snprintf(text, sizeof(text), "%lu", (unsigned long) geteuid());
650 char_array_0(text);
651
652 l = strlen(text);
653 b->auth_buffer = hexmem(text, l);
654 }
655
656 if (!b->auth_buffer)
657 return -ENOMEM;
658
659 if (b->hello_flags & KDBUS_HELLO_ACCEPT_FD)
660 auth_suffix = "\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n";
661 else
662 auth_suffix = "\r\nBEGIN\r\n";
663
664 b->auth_iovec[0].iov_base = (void*) auth_prefix;
665 b->auth_iovec[0].iov_len = 1 + strlen(auth_prefix + 1);
666 b->auth_iovec[1].iov_base = (void*) b->auth_buffer;
667 b->auth_iovec[1].iov_len = l * 2;
668 b->auth_iovec[2].iov_base = (void*) auth_suffix;
669 b->auth_iovec[2].iov_len = strlen(auth_suffix);
670
671 return bus_socket_write_auth(b);
672}
673
674int bus_socket_start_auth(sd_bus *b) {
675 assert(b);
676
677 b->state = BUS_AUTHENTICATING;
678 b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_DEFAULT_TIMEOUT;
679
680 if (sd_is_socket(b->input_fd, AF_UNIX, 0, 0) <= 0)
681 b->hello_flags &= ~KDBUS_HELLO_ACCEPT_FD;
682
683 if (b->output_fd != b->input_fd)
684 if (sd_is_socket(b->output_fd, AF_UNIX, 0, 0) <= 0)
685 b->hello_flags &= ~KDBUS_HELLO_ACCEPT_FD;
686
687 if (b->is_server)
688 return bus_socket_read_auth(b);
689 else
690 return bus_socket_start_auth_client(b);
691}
692
693int bus_socket_connect(sd_bus *b) {
694 int r;
695
696 assert(b);
697 assert(b->input_fd < 0);
698 assert(b->output_fd < 0);
699 assert(b->sockaddr.sa.sa_family != AF_UNSPEC);
700
701 b->input_fd = socket(b->sockaddr.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
702 if (b->input_fd < 0)
703 return -errno;
704
705 b->output_fd = b->input_fd;
706
707 r = bus_socket_setup(b);
708 if (r < 0)
709 return r;
710
711 r = connect(b->input_fd, &b->sockaddr.sa, b->sockaddr_size);
712 if (r < 0) {
713 if (errno == EINPROGRESS)
714 return 1;
715
716 return -errno;
717 }
718
719 return bus_socket_start_auth(b);
720}
721
722int bus_socket_exec(sd_bus *b) {
723 int s[2], r;
724 pid_t pid;
725
726 assert(b);
727 assert(b->input_fd < 0);
728 assert(b->output_fd < 0);
729 assert(b->exec_path);
730
731 r = socketpair(AF_UNIX, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0, s);
732 if (r < 0)
733 return -errno;
734
735 pid = fork();
736 if (pid < 0) {
737 close_pipe(s);
738 return -errno;
739 }
740 if (pid == 0) {
741 /* Child */
742
743 reset_all_signal_handlers();
744
745 close_all_fds(s+1, 1);
746
747 assert_se(dup3(s[1], STDIN_FILENO, 0) == STDIN_FILENO);
748 assert_se(dup3(s[1], STDOUT_FILENO, 0) == STDOUT_FILENO);
749
750 if (s[1] != STDIN_FILENO && s[1] != STDOUT_FILENO)
751 close_nointr_nofail(s[1]);
752
753 fd_cloexec(STDIN_FILENO, false);
754 fd_cloexec(STDOUT_FILENO, false);
755 fd_nonblock(STDIN_FILENO, false);
756 fd_nonblock(STDOUT_FILENO, false);
757
758 if (b->exec_argv)
759 execvp(b->exec_path, b->exec_argv);
760 else {
761 const char *argv[] = { b->exec_path, NULL };
762 execvp(b->exec_path, (char**) argv);
763 }
764
765 _exit(EXIT_FAILURE);
766 }
767
768 close_nointr_nofail(s[1]);
769 b->output_fd = b->input_fd = s[0];
770
771 r = bus_socket_setup(b);
772 if (r < 0)
773 return r;
774
775 return bus_socket_start_auth(b);
776}
777
778int bus_socket_take_fd(sd_bus *b) {
779 int r;
780 assert(b);
781
782 r = bus_socket_setup(b);
783 if (r < 0)
784 return r;
785
786 return bus_socket_start_auth(b);
787}
788
789int bus_socket_write_message(sd_bus *bus, sd_bus_message *m, size_t *idx) {
790 struct iovec *iov;
791 ssize_t k;
792 size_t n;
793 unsigned j;
794 int r;
795
796 assert(bus);
797 assert(m);
798 assert(idx);
799 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
800
801 if (*idx >= BUS_MESSAGE_SIZE(m))
802 return 0;
803
804 r = bus_message_setup_iovec(m);
805 if (r < 0)
806 return r;
807
808 n = m->n_iovec * sizeof(struct iovec);
809 iov = alloca(n);
810 memcpy(iov, m->iovec, n);
811
812 j = 0;
813 iovec_advance(iov, &j, *idx);
814
815 if (bus->prefer_writev)
816 k = writev(bus->output_fd, iov, m->n_iovec);
817 else {
818 struct msghdr mh;
819 zero(mh);
820
821 if (m->n_fds > 0) {
822 struct cmsghdr *control;
823 control = alloca(CMSG_SPACE(sizeof(int) * m->n_fds));
824
825 mh.msg_control = control;
826 control->cmsg_level = SOL_SOCKET;
827 control->cmsg_type = SCM_RIGHTS;
828 mh.msg_controllen = control->cmsg_len = CMSG_LEN(sizeof(int) * m->n_fds);
829 memcpy(CMSG_DATA(control), m->fds, sizeof(int) * m->n_fds);
830 }
831
832 mh.msg_iov = iov;
833 mh.msg_iovlen = m->n_iovec;
834
835 k = sendmsg(bus->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
836 if (k < 0 && errno == ENOTSOCK) {
837 bus->prefer_writev = true;
838 k = writev(bus->output_fd, iov, m->n_iovec);
839 }
840 }
841
842 if (k < 0)
843 return errno == EAGAIN ? 0 : -errno;
844
845 *idx += (size_t) k;
846 return 1;
847}
848
849static int bus_socket_read_message_need(sd_bus *bus, size_t *need) {
850 uint32_t a, b;
851 uint8_t e;
852 uint64_t sum;
853
854 assert(bus);
855 assert(need);
856 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
857
858 if (bus->rbuffer_size < sizeof(struct bus_header)) {
859 *need = sizeof(struct bus_header) + 8;
860
861 /* Minimum message size:
862 *
863 * Header +
864 *
865 * Method Call: +2 string headers
866 * Signal: +3 string headers
867 * Method Error: +1 string headers
868 * +1 uint32 headers
869 * Method Reply: +1 uint32 headers
870 *
871 * A string header is at least 9 bytes
872 * A uint32 header is at least 8 bytes
873 *
874 * Hence the minimum message size of a valid message
875 * is header + 8 bytes */
876
877 return 0;
878 }
879
880 a = ((const uint32_t*) bus->rbuffer)[1];
881 b = ((const uint32_t*) bus->rbuffer)[3];
882
883 e = ((const uint8_t*) bus->rbuffer)[0];
884 if (e == BUS_LITTLE_ENDIAN) {
885 a = le32toh(a);
886 b = le32toh(b);
887 } else if (e == BUS_BIG_ENDIAN) {
888 a = be32toh(a);
889 b = be32toh(b);
890 } else
891 return -EBADMSG;
892
893 sum = (uint64_t) sizeof(struct bus_header) + (uint64_t) ALIGN_TO(b, 8) + (uint64_t) a;
894 if (sum >= BUS_MESSAGE_SIZE_MAX)
895 return -ENOBUFS;
896
897 *need = (size_t) sum;
898 return 0;
899}
900
901static int bus_socket_make_message(sd_bus *bus, size_t size) {
902 sd_bus_message *t;
903 void *b;
904 int r;
905
906 assert(bus);
907 assert(bus->rbuffer_size >= size);
908 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
909
910 r = bus_rqueue_make_room(bus);
911 if (r < 0)
912 return r;
913
914 if (bus->rbuffer_size > size) {
915 b = memdup((const uint8_t*) bus->rbuffer + size,
916 bus->rbuffer_size - size);
917 if (!b)
918 return -ENOMEM;
919 } else
920 b = NULL;
921
922 r = bus_message_from_malloc(bus,
923 bus->rbuffer, size,
924 bus->fds, bus->n_fds,
925 bus->ucred_valid ? &bus->ucred : NULL,
926 bus->label[0] ? bus->label : NULL,
927 &t);
928 if (r < 0) {
929 free(b);
930 return r;
931 }
932
933 bus->rbuffer = b;
934 bus->rbuffer_size -= size;
935
936 bus->fds = NULL;
937 bus->n_fds = 0;
938
939 bus->rqueue[bus->rqueue_size++] = t;
940
941 return 1;
942}
943
944int bus_socket_read_message(sd_bus *bus) {
945 struct msghdr mh;
946 struct iovec iov;
947 ssize_t k;
948 size_t need;
949 int r;
950 void *b;
951 union {
952 struct cmsghdr cmsghdr;
953 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX) +
954 CMSG_SPACE(sizeof(struct ucred)) +
955 CMSG_SPACE(NAME_MAX)]; /*selinux label */
956 } control;
957 struct cmsghdr *cmsg;
958 bool handle_cmsg = false;
959
960 assert(bus);
961 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
962
963 r = bus_socket_read_message_need(bus, &need);
964 if (r < 0)
965 return r;
966
967 if (bus->rbuffer_size >= need)
968 return bus_socket_make_message(bus, need);
969
970 b = realloc(bus->rbuffer, need);
971 if (!b)
972 return -ENOMEM;
973
974 bus->rbuffer = b;
975
976 zero(iov);
977 iov.iov_base = (uint8_t*) bus->rbuffer + bus->rbuffer_size;
978 iov.iov_len = need - bus->rbuffer_size;
979
980 if (bus->prefer_readv)
981 k = readv(bus->input_fd, &iov, 1);
982 else {
983 zero(mh);
984 mh.msg_iov = &iov;
985 mh.msg_iovlen = 1;
986 mh.msg_control = &control;
987 mh.msg_controllen = sizeof(control);
988
989 k = recvmsg(bus->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
990 if (k < 0 && errno == ENOTSOCK) {
991 bus->prefer_readv = true;
992 k = readv(bus->input_fd, &iov, 1);
993 } else
994 handle_cmsg = true;
995 }
996 if (k < 0)
997 return errno == EAGAIN ? 0 : -errno;
998 if (k == 0)
999 return -ECONNRESET;
1000
1001 bus->rbuffer_size += k;
1002
1003 if (handle_cmsg) {
1004 for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) {
1005 if (cmsg->cmsg_level == SOL_SOCKET &&
1006 cmsg->cmsg_type == SCM_RIGHTS) {
1007 int n, *f;
1008
1009 n = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
1010
1011 if (!bus->can_fds) {
1012 /* Whut? We received fds but this
1013 * isn't actually enabled? Close them,
1014 * and fail */
1015
1016 close_many((int*) CMSG_DATA(cmsg), n);
1017 return -EIO;
1018 }
1019
1020 f = realloc(bus->fds, sizeof(int) + (bus->n_fds + n));
1021 if (!f) {
1022 close_many((int*) CMSG_DATA(cmsg), n);
1023 return -ENOMEM;
1024 }
1025
1026 memcpy(f + bus->n_fds, CMSG_DATA(cmsg), n * sizeof(int));
1027 bus->fds = f;
1028 bus->n_fds += n;
1029 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1030 cmsg->cmsg_type == SCM_CREDENTIALS &&
1031 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
1032
1033 /* Ignore bogus data, which we might
1034 * get on socketpair() sockets */
1035 if (((struct ucred*) CMSG_DATA(cmsg))->pid != 0) {
1036 memcpy(&bus->ucred, CMSG_DATA(cmsg), sizeof(struct ucred));
1037 bus->ucred_valid = true;
1038 }
1039
1040 } else if (cmsg->cmsg_level == SOL_SOCKET &&
1041 cmsg->cmsg_type == SCM_SECURITY) {
1042
1043 size_t l;
1044 l = cmsg->cmsg_len - CMSG_LEN(0);
1045 if (l > 0) {
1046 memcpy(&bus->label, CMSG_DATA(cmsg), l);
1047 bus->label[l] = 0;
1048 }
1049 }
1050 }
1051 }
1052
1053 r = bus_socket_read_message_need(bus, &need);
1054 if (r < 0)
1055 return r;
1056
1057 if (bus->rbuffer_size >= need)
1058 return bus_socket_make_message(bus, need);
1059
1060 return 1;
1061}
1062
1063int bus_socket_process_opening(sd_bus *b) {
1064 int error = 0;
1065 socklen_t slen = sizeof(error);
1066 struct pollfd p = {
1067 .fd = b->output_fd,
1068 .events = POLLOUT,
1069 };
1070 int r;
1071
1072 assert(b->state == BUS_OPENING);
1073
1074 r = poll(&p, 1, 0);
1075 if (r < 0)
1076 return -errno;
1077
1078 if (!(p.revents & (POLLOUT|POLLERR|POLLHUP)))
1079 return 0;
1080
1081 r = getsockopt(b->output_fd, SOL_SOCKET, SO_ERROR, &error, &slen);
1082 if (r < 0)
1083 b->last_connect_error = errno;
1084 else if (error != 0)
1085 b->last_connect_error = error;
1086 else if (p.revents & (POLLERR|POLLHUP))
1087 b->last_connect_error = ECONNREFUSED;
1088 else
1089 return bus_socket_start_auth(b);
1090
1091 return bus_next_address(b);
1092}
1093
1094int bus_socket_process_authenticating(sd_bus *b) {
1095 int r;
1096
1097 assert(b);
1098 assert(b->state == BUS_AUTHENTICATING);
1099
1100 if (now(CLOCK_MONOTONIC) >= b->auth_timeout)
1101 return -ETIMEDOUT;
1102
1103 r = bus_socket_write_auth(b);
1104 if (r != 0)
1105 return r;
1106
1107 return bus_socket_read_auth(b);
1108}
Unnamed repository; edit this file 'description' to name the repository.