]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/libsystemd-bus/bus-socket.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
bus: allow two different fds for input/output in sd_bus_set_fd()
[thirdparty/systemd.git] / src / libsystemd-bus / bus-socket.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2013 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <endian.h>
23 #include <assert.h>
24 #include <stdlib.h>
25 #include <unistd.h>
26 #include <sys/poll.h>
27 #include <byteswap.h>
28
29 #include "util.h"
30 #include "macro.h"
31 #include "missing.h"
32 #include "strv.h"
33 #include "utf8.h"
34
35 #include "sd-bus.h"
36 #include "bus-socket.h"
37 #include "bus-internal.h"
38 #include "bus-message.h"
39
40 static void iovec_advance(struct iovec iov[], unsigned *idx, size_t size) {
41
42 while (size > 0) {
43 struct iovec *i = iov + *idx;
44
45 if (i->iov_len > size) {
46 i->iov_base = (uint8_t*) i->iov_base + size;
47 i->iov_len -= size;
48 return;
49 }
50
51 size -= i->iov_len;
52
53 i->iov_base = NULL;
54 i->iov_len = 0;
55
56 (*idx) ++;
57 }
58 }
59
60 bool bus_socket_auth_needs_write(sd_bus *b) {
61
62 unsigned i;
63
64 if (b->auth_index >= ELEMENTSOF(b->auth_iovec))
65 return false;
66
67 for (i = b->auth_index; i < ELEMENTSOF(b->auth_iovec); i++) {
68 struct iovec *j = b->auth_iovec + i;
69
70 if (j->iov_len > 0)
71 return true;
72 }
73
74 return false;
75 }
76
77 static int bus_socket_write_auth(sd_bus *b) {
78 struct msghdr mh;
79 ssize_t k;
80
81 assert(b);
82 assert(b->state == BUS_AUTHENTICATING);
83
84 if (!bus_socket_auth_needs_write(b))
85 return 0;
86
87 zero(mh);
88 mh.msg_iov = b->auth_iovec + b->auth_index;
89 mh.msg_iovlen = ELEMENTSOF(b->auth_iovec) - b->auth_index;
90
91 k = sendmsg(b->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
92 if (k < 0)
93 return errno == EAGAIN ? 0 : -errno;
94
95 iovec_advance(b->auth_iovec, &b->auth_index, (size_t) k);
96
97 return 1;
98 }
99
100 static int bus_socket_auth_verify_client(sd_bus *b) {
101 char *e, *f, *start;
102 sd_id128_t peer;
103 unsigned i;
104 int r;
105
106 assert(b);
107
108 /* We expect two response lines: "OK" and possibly
109 * "AGREE_UNIX_FD" */
110
111 e = memmem(b->rbuffer, b->rbuffer_size, "\r\n", 2);
112 if (!e)
113 return 0;
114
115 if (b->negotiate_fds) {
116 f = memmem(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2);
117 if (!f)
118 return 0;
119
120 start = f + 2;
121 } else {
122 f = NULL;
123 start = e + 2;
124 }
125
126 /* Nice! We got all the lines we need. First check the OK
127 * line */
128
129 if (e - (char*) b->rbuffer != 3 + 32)
130 return -EPERM;
131
132 if (memcmp(b->rbuffer, "OK ", 3))
133 return -EPERM;
134
135 b->auth = b->anonymous_auth ? BUS_AUTH_ANONYMOUS : BUS_AUTH_EXTERNAL;
136
137 for (i = 0; i < 32; i += 2) {
138 int x, y;
139
140 x = unhexchar(((char*) b->rbuffer)[3 + i]);
141 y = unhexchar(((char*) b->rbuffer)[3 + i + 1]);
142
143 if (x < 0 || y < 0)
144 return -EINVAL;
145
146 peer.bytes[i/2] = ((uint8_t) x << 4 | (uint8_t) y);
147 }
148
149 if (!sd_id128_equal(b->server_id, SD_ID128_NULL) &&
150 !sd_id128_equal(b->server_id, peer))
151 return -EPERM;
152
153 b->server_id = peer;
154
155 /* And possibly check the second line, too */
156
157 if (f)
158 b->can_fds =
159 (f - e == sizeof("\r\nAGREE_UNIX_FD") - 1) &&
160 memcmp(e + 2, "AGREE_UNIX_FD", sizeof("AGREE_UNIX_FD") - 1) == 0;
161
162 b->rbuffer_size -= (start - (char*) b->rbuffer);
163 memmove(b->rbuffer, start, b->rbuffer_size);
164
165 r = bus_start_running(b);
166 if (r < 0)
167 return r;
168
169 return 1;
170 }
171
172 static bool line_equals(const char *s, size_t m, const char *line) {
173 size_t l;
174
175 l = strlen(line);
176 if (l != m)
177 return false;
178
179 return memcmp(s, line, l) == 0;
180 }
181
182 static bool line_begins(const char *s, size_t m, const char *word) {
183 size_t l;
184
185 l = strlen(word);
186 if (m < l)
187 return false;
188
189 if (memcmp(s, word, l) != 0)
190 return false;
191
192 return m == l || (m > l && s[l] == ' ');
193 }
194
195 static int verify_anonymous_token(sd_bus *b, const char *p, size_t l) {
196 _cleanup_free_ char *token = NULL;
197
198 if (!b->anonymous_auth)
199 return 0;
200
201 if (l <= 0)
202 return 1;
203
204 assert(p[0] == ' ');
205 p++; l--;
206
207 if (l % 2 != 0)
208 return 0;
209 token = unhexmem(p, l);
210 if (!token)
211 return -ENOMEM;
212
213 if (memchr(token, 0, l/2))
214 return 0;
215
216 return !!utf8_is_valid(token);
217 }
218
219 static int verify_external_token(sd_bus *b, const char *p, size_t l) {
220 _cleanup_free_ char *token = NULL;
221 uid_t u;
222 int r;
223
224 /* We don't do any real authentication here. Instead, we if
225 * the owner of this bus wanted authentication he should have
226 * checked SO_PEERCRED before even creating the bus object. */
227
228 if (!b->ucred_valid)
229 return 0;
230
231 if (l <= 0)
232 return 1;
233
234 assert(p[0] == ' ');
235 p++; l--;
236
237 if (l % 2 != 0)
238 return 0;
239
240 token = unhexmem(p, l);
241 if (!token)
242 return -ENOMEM;
243
244 if (memchr(token, 0, l/2))
245 return 0;
246
247 r = parse_uid(token, &u);
248 if (r < 0)
249 return 0;
250
251 if (u != b->ucred.uid)
252 return 0;
253
254 return 1;
255 }
256
257 static int bus_socket_auth_write(sd_bus *b, const char *t) {
258 char *p;
259 size_t l;
260
261 assert(b);
262 assert(t);
263
264 /* We only make use of the first iovec */
265 assert(b->auth_index == 0 || b->auth_index == 1);
266
267 l = strlen(t);
268 p = malloc(b->auth_iovec[0].iov_len + l);
269 if (!p)
270 return -ENOMEM;
271
272 memcpy(p, b->auth_iovec[0].iov_base, b->auth_iovec[0].iov_len);
273 memcpy(p + b->auth_iovec[0].iov_len, t, l);
274
275 b->auth_iovec[0].iov_base = p;
276 b->auth_iovec[0].iov_len += l;
277
278 free(b->auth_buffer);
279 b->auth_buffer = p;
280 b->auth_index = 0;
281 return 0;
282 }
283
284 static int bus_socket_auth_write_ok(sd_bus *b) {
285 char t[3 + 32 + 2 + 1];
286
287 assert(b);
288
289 snprintf(t, sizeof(t), "OK " SD_ID128_FORMAT_STR "\r\n", SD_ID128_FORMAT_VAL(b->server_id));
290 char_array_0(t);
291
292 return bus_socket_auth_write(b, t);
293 }
294
295 static int bus_socket_auth_verify_server(sd_bus *b) {
296 char *e;
297 const char *line;
298 size_t l;
299 bool processed = false;
300 int r;
301
302 assert(b);
303
304 if (b->rbuffer_size < 3)
305 return 0;
306
307 /* First char must be a NUL byte */
308 if (*(char*) b->rbuffer != 0)
309 return -EIO;
310
311 /* Begin with the first line */
312 if (b->auth_rbegin <= 0)
313 b->auth_rbegin = 1;
314
315 for (;;) {
316 /* Check if line is complete */
317 line = (char*) b->rbuffer + b->auth_rbegin;
318 e = memmem(line, b->rbuffer_size - b->auth_rbegin, "\r\n", 2);
319 if (!e)
320 return processed;
321
322 l = e - line;
323
324 if (line_begins(line, l, "AUTH ANONYMOUS")) {
325
326 r = verify_anonymous_token(b, line + 14, l - 14);
327 if (r < 0)
328 return r;
329 if (r == 0)
330 r = bus_socket_auth_write(b, "REJECTED\r\n");
331 else {
332 b->auth = BUS_AUTH_ANONYMOUS;
333 r = bus_socket_auth_write_ok(b);
334 }
335
336 } else if (line_begins(line, l, "AUTH EXTERNAL")) {
337
338 r = verify_external_token(b, line + 13, l - 13);
339 if (r < 0)
340 return r;
341 if (r == 0)
342 r = bus_socket_auth_write(b, "REJECTED\r\n");
343 else {
344 b->auth = BUS_AUTH_EXTERNAL;
345 r = bus_socket_auth_write_ok(b);
346 }
347
348 } else if (line_begins(line, l, "AUTH"))
349 r = bus_socket_auth_write(b, "REJECTED EXTERNAL ANONYMOUS\r\n");
350 else if (line_equals(line, l, "CANCEL") ||
351 line_begins(line, l, "ERROR")) {
352
353 b->auth = _BUS_AUTH_INVALID;
354 r = bus_socket_auth_write(b, "REJECTED\r\n");
355
356 } else if (line_equals(line, l, "BEGIN")) {
357
358 if (b->auth == _BUS_AUTH_INVALID)
359 r = bus_socket_auth_write(b, "ERROR\r\n");
360 else {
361 /* We can't leave from the auth phase
362 * before we haven't written
363 * everything queued, so let's check
364 * that */
365
366 if (bus_socket_auth_needs_write(b))
367 return 1;
368
369 b->rbuffer_size -= (e + 2 - (char*) b->rbuffer);
370 memmove(b->rbuffer, e + 2, b->rbuffer_size);
371 return bus_start_running(b);
372 }
373
374 } else if (line_begins(line, l, "DATA")) {
375
376 if (b->auth == _BUS_AUTH_INVALID)
377 r = bus_socket_auth_write(b, "ERROR\r\n");
378 else {
379 if (b->auth == BUS_AUTH_ANONYMOUS)
380 r = verify_anonymous_token(b, line + 4, l - 4);
381 else
382 r = verify_external_token(b, line + 4, l - 4);
383
384 if (r < 0)
385 return r;
386 if (r == 0) {
387 b->auth = _BUS_AUTH_INVALID;
388 r = bus_socket_auth_write(b, "REJECTED\r\n");
389 } else
390 r = bus_socket_auth_write_ok(b);
391 }
392 } else if (line_equals(line, l, "NEGOTIATE_UNIX_FD")) {
393 if (b->auth == _BUS_AUTH_INVALID || !b->negotiate_fds)
394 r = bus_socket_auth_write(b, "ERROR\r\n");
395 else {
396 b->can_fds = true;
397 r = bus_socket_auth_write(b, "AGREE_UNIX_FD\r\n");
398 }
399 } else
400 r = bus_socket_auth_write(b, "ERROR\r\n");
401
402 if (r < 0)
403 return r;
404
405 b->auth_rbegin = e + 2 - (char*) b->rbuffer;
406
407 processed = true;
408 }
409 }
410
411 static int bus_socket_auth_verify(sd_bus *b) {
412 assert(b);
413
414 if (b->is_server)
415 return bus_socket_auth_verify_server(b);
416 else
417 return bus_socket_auth_verify_client(b);
418 }
419
420 static int bus_socket_read_auth(sd_bus *b) {
421 struct msghdr mh;
422 struct iovec iov;
423 size_t n;
424 ssize_t k;
425 int r;
426 void *p;
427 union {
428 struct cmsghdr cmsghdr;
429 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX) +
430 CMSG_SPACE(sizeof(struct ucred)) +
431 CMSG_SPACE(NAME_MAX)]; /*selinux label */
432 } control;
433 struct cmsghdr *cmsg;
434
435 assert(b);
436 assert(b->state == BUS_AUTHENTICATING);
437
438 r = bus_socket_auth_verify(b);
439 if (r != 0)
440 return r;
441
442 n = MAX(256, b->rbuffer_size * 2);
443
444 if (n > BUS_AUTH_SIZE_MAX)
445 n = BUS_AUTH_SIZE_MAX;
446
447 if (b->rbuffer_size >= n)
448 return -ENOBUFS;
449
450 p = realloc(b->rbuffer, n);
451 if (!p)
452 return -ENOMEM;
453
454 b->rbuffer = p;
455
456 zero(iov);
457 iov.iov_base = (uint8_t*) b->rbuffer + b->rbuffer_size;
458 iov.iov_len = n - b->rbuffer_size;
459
460 zero(mh);
461 mh.msg_iov = &iov;
462 mh.msg_iovlen = 1;
463 mh.msg_control = &control;
464 mh.msg_controllen = sizeof(control);
465
466 k = recvmsg(b->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
467 if (k < 0)
468 return errno == EAGAIN ? 0 : -errno;
469 if (k == 0)
470 return -ECONNRESET;
471
472 b->rbuffer_size += k;
473
474 for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) {
475 if (cmsg->cmsg_level == SOL_SOCKET &&
476 cmsg->cmsg_type == SCM_RIGHTS) {
477 int j;
478
479 /* Whut? We received fds during the auth
480 * protocol? Somebody is playing games with
481 * us. Close them all, and fail */
482 j = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
483 close_many((int*) CMSG_DATA(cmsg), j);
484 return -EIO;
485
486 } else if (cmsg->cmsg_level == SOL_SOCKET &&
487 cmsg->cmsg_type == SCM_CREDENTIALS &&
488 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
489
490 memcpy(&b->ucred, CMSG_DATA(cmsg), sizeof(struct ucred));
491 b->ucred_valid = true;
492
493 } else if (cmsg->cmsg_level == SOL_SOCKET &&
494 cmsg->cmsg_type == SCM_SECURITY) {
495
496 size_t l;
497 l = cmsg->cmsg_len - CMSG_LEN(0);
498 memcpy(&b->label, CMSG_DATA(cmsg), l);
499 b->label[l] = 0;
500 }
501 }
502
503 r = bus_socket_auth_verify(b);
504 if (r != 0)
505 return r;
506
507 return 1;
508 }
509
510 static int bus_socket_setup(sd_bus *b) {
511 int enable;
512
513 assert(b);
514
515 /* Enable SO_PASSCRED + SO_PASSEC. We try this on any
516 * socket, just in case. */
517 enable = !b->bus_client;
518 setsockopt(b->input_fd, SOL_SOCKET, SO_PASSCRED, &enable, sizeof(enable));
519 setsockopt(b->input_fd, SOL_SOCKET, SO_PASSSEC, &enable, sizeof(enable));
520
521 /* Increase the buffers to a MB */
522 fd_inc_rcvbuf(b->input_fd, 1024*1024);
523 fd_inc_sndbuf(b->output_fd, 1024*1024);
524
525 return 0;
526 }
527
528 static int bus_socket_start_auth_client(sd_bus *b) {
529 size_t l;
530 const char *auth_suffix, *auth_prefix;
531
532 assert(b);
533
534 if (b->anonymous_auth) {
535 auth_prefix = "\0AUTH ANONYMOUS ";
536
537 /* For ANONYMOUS auth we send some arbitrary "trace" string */
538 l = 9;
539 b->auth_buffer = hexmem("anonymous", l);
540 } else {
541 char text[20 + 1]; /* enough space for a 64bit integer plus NUL */
542
543 auth_prefix = "\0AUTH EXTERNAL ";
544
545 snprintf(text, sizeof(text), "%lu", (unsigned long) geteuid());
546 char_array_0(text);
547
548 l = strlen(text);
549 b->auth_buffer = hexmem(text, l);
550 }
551
552 if (!b->auth_buffer)
553 return -ENOMEM;
554
555 if (b->negotiate_fds)
556 auth_suffix = "\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n";
557 else
558 auth_suffix = "\r\nBEGIN\r\n";
559
560 b->auth_iovec[0].iov_base = (void*) auth_prefix;
561 b->auth_iovec[0].iov_len = 1 + strlen(auth_prefix + 1);
562 b->auth_iovec[1].iov_base = (void*) b->auth_buffer;
563 b->auth_iovec[1].iov_len = l * 2;
564 b->auth_iovec[2].iov_base = (void*) auth_suffix;
565 b->auth_iovec[2].iov_len = strlen(auth_suffix);
566
567 return bus_socket_write_auth(b);
568 }
569
570 static int bus_socket_start_auth(sd_bus *b) {
571 int domain = 0, r;
572 socklen_t sl;
573
574 assert(b);
575
576 b->state = BUS_AUTHENTICATING;
577 b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_DEFAULT_TIMEOUT;
578
579 sl = sizeof(domain);
580 r = getsockopt(b->input_fd, SOL_SOCKET, SO_DOMAIN, &domain, &sl);
581 if (r < 0 || domain != AF_UNIX)
582 b->negotiate_fds = false;
583
584 if (b->output_fd != b->input_fd) {
585 r = getsockopt(b->output_fd, SOL_SOCKET, SO_DOMAIN, &domain, &sl);
586 if (r < 0 || domain != AF_UNIX)
587 b->negotiate_fds = false;
588 }
589
590
591 if (b->is_server)
592 return bus_socket_read_auth(b);
593 else
594 return bus_socket_start_auth_client(b);
595 }
596
597 int bus_socket_connect(sd_bus *b) {
598 int r;
599
600 assert(b);
601 assert(b->input_fd < 0);
602 assert(b->output_fd < 0);
603 assert(b->sockaddr.sa.sa_family != AF_UNSPEC);
604
605 b->input_fd = socket(b->sockaddr.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
606 if (b->input_fd < 0)
607 return -errno;
608
609 b->output_fd = b->input_fd;
610
611 r = bus_socket_setup(b);
612 if (r < 0)
613 return r;
614
615 r = connect(b->input_fd, &b->sockaddr.sa, b->sockaddr_size);
616 if (r < 0) {
617 if (errno == EINPROGRESS)
618 return 1;
619
620 return -errno;
621 }
622
623 return bus_socket_start_auth(b);
624 }
625
626 int bus_socket_exec(sd_bus *b) {
627 int s[2], r;
628 pid_t pid;
629
630 assert(b);
631 assert(b->input_fd < 0);
632 assert(b->output_fd < 0);
633 assert(b->exec_path);
634
635 r = socketpair(AF_UNIX, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0, s);
636 if (r < 0)
637 return -errno;
638
639 pid = fork();
640 if (pid < 0) {
641 close_pipe(s);
642 return -errno;
643 }
644 if (pid == 0) {
645 /* Child */
646
647 reset_all_signal_handlers();
648
649 close_all_fds(s+1, 1);
650
651 assert_se(dup3(s[1], STDIN_FILENO, 0) == STDIN_FILENO);
652 assert_se(dup3(s[1], STDOUT_FILENO, 0) == STDOUT_FILENO);
653
654 if (s[1] != STDIN_FILENO && s[1] != STDOUT_FILENO)
655 close_nointr_nofail(s[1]);
656
657 fd_cloexec(STDIN_FILENO, false);
658 fd_cloexec(STDOUT_FILENO, false);
659 fd_nonblock(STDIN_FILENO, false);
660 fd_nonblock(STDOUT_FILENO, false);
661
662 if (b->exec_argv)
663 execvp(b->exec_path, b->exec_argv);
664 else {
665 const char *argv[] = { b->exec_path, NULL };
666 execvp(b->exec_path, (char**) argv);
667 }
668
669 _exit(EXIT_FAILURE);
670 }
671
672 close_nointr_nofail(s[1]);
673 b->output_fd = b->input_fd = s[0];
674
675 return bus_socket_start_auth(b);
676 }
677
678 int bus_socket_take_fd(sd_bus *b) {
679 int r;
680 assert(b);
681
682 r = bus_socket_setup(b);
683 if (r < 0)
684 return r;
685
686 return bus_socket_start_auth(b);
687 }
688
689 int bus_socket_write_message(sd_bus *bus, sd_bus_message *m, size_t *idx) {
690 struct msghdr mh;
691 struct iovec *iov;
692 ssize_t k;
693 size_t n;
694 unsigned j;
695
696 assert(bus);
697 assert(m);
698 assert(idx);
699 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
700
701 if (*idx >= m->size)
702 return 0;
703 zero(mh);
704
705 if (m->n_fds > 0) {
706 struct cmsghdr *control;
707 control = alloca(CMSG_SPACE(sizeof(int) * m->n_fds));
708
709 mh.msg_control = control;
710 control->cmsg_level = SOL_SOCKET;
711 control->cmsg_type = SCM_RIGHTS;
712 mh.msg_controllen = control->cmsg_len = CMSG_LEN(sizeof(int) * m->n_fds);
713 memcpy(CMSG_DATA(control), m->fds, sizeof(int) * m->n_fds);
714 }
715
716 n = m->n_iovec * sizeof(struct iovec);
717 iov = alloca(n);
718 memcpy(iov, m->iovec, n);
719
720 j = 0;
721 iovec_advance(iov, &j, *idx);
722
723 mh.msg_iov = iov;
724 mh.msg_iovlen = m->n_iovec;
725
726 k = sendmsg(bus->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
727 if (k < 0)
728 return errno == EAGAIN ? 0 : -errno;
729
730 *idx += (size_t) k;
731 return 1;
732 }
733
734 static int bus_socket_read_message_need(sd_bus *bus, size_t *need) {
735 uint32_t a, b;
736 uint8_t e;
737 uint64_t sum;
738
739 assert(bus);
740 assert(need);
741 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
742
743 if (bus->rbuffer_size < sizeof(struct bus_header)) {
744 *need = sizeof(struct bus_header) + 8;
745
746 /* Minimum message size:
747 *
748 * Header +
749 *
750 * Method Call: +2 string headers
751 * Signal: +3 string headers
752 * Method Error: +1 string headers
753 * +1 uint32 headers
754 * Method Reply: +1 uint32 headers
755 *
756 * A string header is at least 9 bytes
757 * A uint32 header is at least 8 bytes
758 *
759 * Hence the minimum message size of a valid message
760 * is header + 8 bytes */
761
762 return 0;
763 }
764
765 a = ((const uint32_t*) bus->rbuffer)[1];
766 b = ((const uint32_t*) bus->rbuffer)[3];
767
768 e = ((const uint8_t*) bus->rbuffer)[0];
769 if (e == SD_BUS_LITTLE_ENDIAN) {
770 a = le32toh(a);
771 b = le32toh(b);
772 } else if (e == SD_BUS_BIG_ENDIAN) {
773 a = be32toh(a);
774 b = be32toh(b);
775 } else
776 return -EBADMSG;
777
778 sum = (uint64_t) sizeof(struct bus_header) + (uint64_t) ALIGN_TO(b, 8) + (uint64_t) a;
779 if (sum >= BUS_MESSAGE_SIZE_MAX)
780 return -ENOBUFS;
781
782 *need = (size_t) sum;
783 return 0;
784 }
785
786 static int bus_socket_make_message(sd_bus *bus, size_t size, sd_bus_message **m) {
787 sd_bus_message *t;
788 void *b;
789 int r;
790
791 assert(bus);
792 assert(m);
793 assert(bus->rbuffer_size >= size);
794 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
795
796 if (bus->rbuffer_size > size) {
797 b = memdup((const uint8_t*) bus->rbuffer + size,
798 bus->rbuffer_size - size);
799 if (!b)
800 return -ENOMEM;
801 } else
802 b = NULL;
803
804 r = bus_message_from_malloc(bus->rbuffer, size,
805 bus->fds, bus->n_fds,
806 bus->ucred_valid ? &bus->ucred : NULL,
807 bus->label[0] ? bus->label : NULL,
808 &t);
809 if (r < 0) {
810 free(b);
811 return r;
812 }
813
814 bus->rbuffer = b;
815 bus->rbuffer_size -= size;
816
817 bus->fds = NULL;
818 bus->n_fds = 0;
819
820 *m = t;
821 return 1;
822 }
823
824 int bus_socket_read_message(sd_bus *bus, sd_bus_message **m) {
825 struct msghdr mh;
826 struct iovec iov;
827 ssize_t k;
828 size_t need;
829 int r;
830 void *b;
831 union {
832 struct cmsghdr cmsghdr;
833 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX) +
834 CMSG_SPACE(sizeof(struct ucred)) +
835 CMSG_SPACE(NAME_MAX)]; /*selinux label */
836 } control;
837 struct cmsghdr *cmsg;
838
839 assert(bus);
840 assert(m);
841 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
842
843 r = bus_socket_read_message_need(bus, &need);
844 if (r < 0)
845 return r;
846
847 if (bus->rbuffer_size >= need)
848 return bus_socket_make_message(bus, need, m);
849
850 b = realloc(bus->rbuffer, need);
851 if (!b)
852 return -ENOMEM;
853
854 bus->rbuffer = b;
855
856 zero(iov);
857 iov.iov_base = (uint8_t*) bus->rbuffer + bus->rbuffer_size;
858 iov.iov_len = need - bus->rbuffer_size;
859
860 zero(mh);
861 mh.msg_iov = &iov;
862 mh.msg_iovlen = 1;
863 mh.msg_control = &control;
864 mh.msg_controllen = sizeof(control);
865
866 k = recvmsg(bus->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
867 if (k < 0)
868 return errno == EAGAIN ? 0 : -errno;
869 if (k == 0)
870 return -ECONNRESET;
871
872 bus->rbuffer_size += k;
873
874 for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) {
875 if (cmsg->cmsg_level == SOL_SOCKET &&
876 cmsg->cmsg_type == SCM_RIGHTS) {
877 int n, *f;
878
879 n = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
880
881 if (!bus->can_fds) {
882 /* Whut? We received fds but this
883 * isn't actually enabled? Close them,
884 * and fail */
885
886 close_many((int*) CMSG_DATA(cmsg), n);
887 return -EIO;
888 }
889
890 f = realloc(bus->fds, sizeof(int) + (bus->n_fds + n));
891 if (!f) {
892 close_many((int*) CMSG_DATA(cmsg), n);
893 return -ENOMEM;
894 }
895
896 memcpy(f + bus->n_fds, CMSG_DATA(cmsg), n * sizeof(int));
897 bus->fds = f;
898 bus->n_fds += n;
899 } else if (cmsg->cmsg_level == SOL_SOCKET &&
900 cmsg->cmsg_type == SCM_CREDENTIALS &&
901 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
902
903 memcpy(&bus->ucred, CMSG_DATA(cmsg), sizeof(struct ucred));
904 bus->ucred_valid = true;
905
906 } else if (cmsg->cmsg_level == SOL_SOCKET &&
907 cmsg->cmsg_type == SCM_SECURITY) {
908
909 size_t l;
910 l = cmsg->cmsg_len - CMSG_LEN(0);
911 memcpy(&bus->label, CMSG_DATA(cmsg), l);
912 bus->label[l] = 0;
913 }
914 }
915
916 r = bus_socket_read_message_need(bus, &need);
917 if (r < 0)
918 return r;
919
920 if (bus->rbuffer_size >= need)
921 return bus_socket_make_message(bus, need, m);
922
923 return 1;
924 }
925
926 int bus_socket_process_opening(sd_bus *b) {
927 int error = 0;
928 socklen_t slen = sizeof(error);
929 struct pollfd p;
930 int r;
931
932 assert(b);
933 assert(b->state == BUS_OPENING);
934
935 zero(p);
936 p.fd = b->output_fd;
937 p.events = POLLOUT;
938
939 r = poll(&p, 1, 0);
940 if (r < 0)
941 return -errno;
942
943 if (!(p.revents & (POLLOUT|POLLERR|POLLHUP)))
944 return 0;
945
946 r = getsockopt(b->output_fd, SOL_SOCKET, SO_ERROR, &error, &slen);
947 if (r < 0)
948 b->last_connect_error = errno;
949 else if (error != 0)
950 b->last_connect_error = error;
951 else if (p.revents & (POLLERR|POLLHUP))
952 b->last_connect_error = ECONNREFUSED;
953 else
954 return bus_socket_start_auth(b);
955
956 return bus_next_address(b);
957 }
958
959 int bus_socket_process_authenticating(sd_bus *b) {
960 int r;
961
962 assert(b);
963 assert(b->state == BUS_AUTHENTICATING);
964
965 if (now(CLOCK_MONOTONIC) >= b->auth_timeout)
966 return -ETIMEDOUT;
967
968 r = bus_socket_write_auth(b);
969 if (r != 0)
970 return r;
971
972 return bus_socket_read_auth(b);
973 }
Unnamed repository; edit this file 'description' to name the repository.