]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/libsystemd/sd-bus/bus-socket.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2013 Lennart Poettering
7 systemd is free software; you can redistribute it and/or modify it
8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
10 (at your option) any later version.
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
17 You should have received a copy of the GNU Lesser General Public License
18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
27 #include "sd-daemon.h"
29 #include "alloc-util.h"
30 #include "bus-internal.h"
31 #include "bus-message.h"
32 #include "bus-socket.h"
34 #include "format-util.h"
36 #include "hexdecoct.h"
40 #include "path-util.h"
41 #include "process-util.h"
42 #include "selinux-util.h"
43 #include "signal-util.h"
44 #include "stdio-util.h"
45 #include "string-util.h"
46 #include "user-util.h"
50 #define SNDBUF_SIZE (8*1024*1024)
52 static void iovec_advance(struct iovec iov
[], unsigned *idx
, size_t size
) {
55 struct iovec
*i
= iov
+ *idx
;
57 if (i
->iov_len
> size
) {
58 i
->iov_base
= (uint8_t*) i
->iov_base
+ size
;
72 static int append_iovec(sd_bus_message
*m
, const void *p
, size_t sz
) {
77 m
->iovec
[m
->n_iovec
].iov_base
= (void*) p
;
78 m
->iovec
[m
->n_iovec
].iov_len
= sz
;
84 static int bus_message_setup_iovec(sd_bus_message
*m
) {
85 struct bus_body_part
*part
;
97 n
= 1 + m
->n_body_parts
;
98 if (n
< ELEMENTSOF(m
->iovec_fixed
))
99 m
->iovec
= m
->iovec_fixed
;
101 m
->iovec
= new(struct iovec
, n
);
108 r
= append_iovec(m
, m
->header
, BUS_MESSAGE_BODY_BEGIN(m
));
112 MESSAGE_FOREACH_PART(part
, i
, m
) {
113 r
= bus_body_part_map(part
);
117 r
= append_iovec(m
, part
->data
, part
->size
);
122 assert(n
== m
->n_iovec
);
131 bool bus_socket_auth_needs_write(sd_bus
*b
) {
135 if (b
->auth_index
>= ELEMENTSOF(b
->auth_iovec
))
138 for (i
= b
->auth_index
; i
< ELEMENTSOF(b
->auth_iovec
); i
++) {
139 struct iovec
*j
= b
->auth_iovec
+ i
;
148 static int bus_socket_write_auth(sd_bus
*b
) {
152 assert(b
->state
== BUS_AUTHENTICATING
);
154 if (!bus_socket_auth_needs_write(b
))
157 if (b
->prefer_writev
)
158 k
= writev(b
->output_fd
, b
->auth_iovec
+ b
->auth_index
, ELEMENTSOF(b
->auth_iovec
) - b
->auth_index
);
163 mh
.msg_iov
= b
->auth_iovec
+ b
->auth_index
;
164 mh
.msg_iovlen
= ELEMENTSOF(b
->auth_iovec
) - b
->auth_index
;
166 k
= sendmsg(b
->output_fd
, &mh
, MSG_DONTWAIT
|MSG_NOSIGNAL
);
167 if (k
< 0 && errno
== ENOTSOCK
) {
168 b
->prefer_writev
= true;
169 k
= writev(b
->output_fd
, b
->auth_iovec
+ b
->auth_index
, ELEMENTSOF(b
->auth_iovec
) - b
->auth_index
);
174 return errno
== EAGAIN
? 0 : -errno
;
176 iovec_advance(b
->auth_iovec
, &b
->auth_index
, (size_t) k
);
180 static int bus_socket_auth_verify_client(sd_bus
*b
) {
188 /* We expect two response lines: "OK" and possibly
191 e
= memmem_safe(b
->rbuffer
, b
->rbuffer_size
, "\r\n", 2);
196 f
= memmem(e
+ 2, b
->rbuffer_size
- (e
- (char*) b
->rbuffer
) - 2, "\r\n", 2);
206 /* Nice! We got all the lines we need. First check the OK
209 if (e
- (char*) b
->rbuffer
!= 3 + 32)
212 if (memcmp(b
->rbuffer
, "OK ", 3))
215 b
->auth
= b
->anonymous_auth
? BUS_AUTH_ANONYMOUS
: BUS_AUTH_EXTERNAL
;
217 for (i
= 0; i
< 32; i
+= 2) {
220 x
= unhexchar(((char*) b
->rbuffer
)[3 + i
]);
221 y
= unhexchar(((char*) b
->rbuffer
)[3 + i
+ 1]);
226 peer
.bytes
[i
/2] = ((uint8_t) x
<< 4 | (uint8_t) y
);
229 if (!sd_id128_is_null(b
->server_id
) &&
230 !sd_id128_equal(b
->server_id
, peer
))
235 /* And possibly check the second line, too */
239 (f
- e
== STRLEN("\r\nAGREE_UNIX_FD")) &&
240 memcmp(e
+ 2, "AGREE_UNIX_FD",
241 STRLEN("AGREE_UNIX_FD")) == 0;
243 b
->rbuffer_size
-= (start
- (char*) b
->rbuffer
);
244 memmove(b
->rbuffer
, start
, b
->rbuffer_size
);
246 r
= bus_start_running(b
);
253 static bool line_equals(const char *s
, size_t m
, const char *line
) {
260 return memcmp(s
, line
, l
) == 0;
263 static bool line_begins(const char *s
, size_t m
, const char *word
) {
270 if (memcmp(s
, word
, l
) != 0)
273 return m
== l
|| (m
> l
&& s
[l
] == ' ');
276 static int verify_anonymous_token(sd_bus
*b
, const char *p
, size_t l
) {
277 _cleanup_free_
char *token
= NULL
;
281 if (!b
->anonymous_auth
)
293 r
= unhexmem(p
, l
, (void **) &token
, &len
);
297 if (memchr(token
, 0, len
))
300 return !!utf8_is_valid(token
);
303 static int verify_external_token(sd_bus
*b
, const char *p
, size_t l
) {
304 _cleanup_free_
char *token
= NULL
;
309 /* We don't do any real authentication here. Instead, we if
310 * the owner of this bus wanted authentication he should have
311 * checked SO_PEERCRED before even creating the bus object. */
313 if (!b
->anonymous_auth
&& !b
->ucred_valid
)
325 r
= unhexmem(p
, l
, (void**) &token
, &len
);
329 if (memchr(token
, 0, len
))
332 r
= parse_uid(token
, &u
);
336 /* We ignore the passed value if anonymous authentication is
338 if (!b
->anonymous_auth
&& u
!= b
->ucred
.uid
)
344 static int bus_socket_auth_write(sd_bus
*b
, const char *t
) {
351 /* We only make use of the first iovec */
352 assert(IN_SET(b
->auth_index
, 0, 1));
355 p
= malloc(b
->auth_iovec
[0].iov_len
+ l
);
359 memcpy_safe(p
, b
->auth_iovec
[0].iov_base
, b
->auth_iovec
[0].iov_len
);
360 memcpy(p
+ b
->auth_iovec
[0].iov_len
, t
, l
);
362 b
->auth_iovec
[0].iov_base
= p
;
363 b
->auth_iovec
[0].iov_len
+= l
;
365 free(b
->auth_buffer
);
371 static int bus_socket_auth_write_ok(sd_bus
*b
) {
372 char t
[3 + 32 + 2 + 1];
376 xsprintf(t
, "OK " SD_ID128_FORMAT_STR
"\r\n", SD_ID128_FORMAT_VAL(b
->server_id
));
378 return bus_socket_auth_write(b
, t
);
381 static int bus_socket_auth_verify_server(sd_bus
*b
) {
385 bool processed
= false;
390 if (b
->rbuffer_size
< 1)
393 /* First char must be a NUL byte */
394 if (*(char*) b
->rbuffer
!= 0)
397 if (b
->rbuffer_size
< 3)
400 /* Begin with the first line */
401 if (b
->auth_rbegin
<= 0)
405 /* Check if line is complete */
406 line
= (char*) b
->rbuffer
+ b
->auth_rbegin
;
407 e
= memmem(line
, b
->rbuffer_size
- b
->auth_rbegin
, "\r\n", 2);
413 if (line_begins(line
, l
, "AUTH ANONYMOUS")) {
415 r
= verify_anonymous_token(b
, line
+ 14, l
- 14);
419 r
= bus_socket_auth_write(b
, "REJECTED\r\n");
421 b
->auth
= BUS_AUTH_ANONYMOUS
;
422 r
= bus_socket_auth_write_ok(b
);
425 } else if (line_begins(line
, l
, "AUTH EXTERNAL")) {
427 r
= verify_external_token(b
, line
+ 13, l
- 13);
431 r
= bus_socket_auth_write(b
, "REJECTED\r\n");
433 b
->auth
= BUS_AUTH_EXTERNAL
;
434 r
= bus_socket_auth_write_ok(b
);
437 } else if (line_begins(line
, l
, "AUTH"))
438 r
= bus_socket_auth_write(b
, "REJECTED EXTERNAL ANONYMOUS\r\n");
439 else if (line_equals(line
, l
, "CANCEL") ||
440 line_begins(line
, l
, "ERROR")) {
442 b
->auth
= _BUS_AUTH_INVALID
;
443 r
= bus_socket_auth_write(b
, "REJECTED\r\n");
445 } else if (line_equals(line
, l
, "BEGIN")) {
447 if (b
->auth
== _BUS_AUTH_INVALID
)
448 r
= bus_socket_auth_write(b
, "ERROR\r\n");
450 /* We can't leave from the auth phase
451 * before we haven't written
452 * everything queued, so let's check
455 if (bus_socket_auth_needs_write(b
))
458 b
->rbuffer_size
-= (e
+ 2 - (char*) b
->rbuffer
);
459 memmove(b
->rbuffer
, e
+ 2, b
->rbuffer_size
);
460 return bus_start_running(b
);
463 } else if (line_begins(line
, l
, "DATA")) {
465 if (b
->auth
== _BUS_AUTH_INVALID
)
466 r
= bus_socket_auth_write(b
, "ERROR\r\n");
468 if (b
->auth
== BUS_AUTH_ANONYMOUS
)
469 r
= verify_anonymous_token(b
, line
+ 4, l
- 4);
471 r
= verify_external_token(b
, line
+ 4, l
- 4);
476 b
->auth
= _BUS_AUTH_INVALID
;
477 r
= bus_socket_auth_write(b
, "REJECTED\r\n");
479 r
= bus_socket_auth_write_ok(b
);
481 } else if (line_equals(line
, l
, "NEGOTIATE_UNIX_FD")) {
482 if (b
->auth
== _BUS_AUTH_INVALID
|| !b
->accept_fd
)
483 r
= bus_socket_auth_write(b
, "ERROR\r\n");
486 r
= bus_socket_auth_write(b
, "AGREE_UNIX_FD\r\n");
489 r
= bus_socket_auth_write(b
, "ERROR\r\n");
494 b
->auth_rbegin
= e
+ 2 - (char*) b
->rbuffer
;
500 static int bus_socket_auth_verify(sd_bus
*b
) {
504 return bus_socket_auth_verify_server(b
);
506 return bus_socket_auth_verify_client(b
);
509 static int bus_socket_read_auth(sd_bus
*b
) {
511 struct iovec iov
= {};
517 struct cmsghdr cmsghdr
;
518 uint8_t buf
[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX
)];
520 bool handle_cmsg
= false;
523 assert(b
->state
== BUS_AUTHENTICATING
);
525 r
= bus_socket_auth_verify(b
);
529 n
= MAX(256u, b
->rbuffer_size
* 2);
531 if (n
> BUS_AUTH_SIZE_MAX
)
532 n
= BUS_AUTH_SIZE_MAX
;
534 if (b
->rbuffer_size
>= n
)
537 p
= realloc(b
->rbuffer
, n
);
543 iov
.iov_base
= (uint8_t*) b
->rbuffer
+ b
->rbuffer_size
;
544 iov
.iov_len
= n
- b
->rbuffer_size
;
547 k
= readv(b
->input_fd
, &iov
, 1);
552 mh
.msg_control
= &control
;
553 mh
.msg_controllen
= sizeof(control
);
555 k
= recvmsg(b
->input_fd
, &mh
, MSG_DONTWAIT
|MSG_NOSIGNAL
|MSG_CMSG_CLOEXEC
);
556 if (k
< 0 && errno
== ENOTSOCK
) {
557 b
->prefer_readv
= true;
558 k
= readv(b
->input_fd
, &iov
, 1);
563 return errno
== EAGAIN
? 0 : -errno
;
567 b
->rbuffer_size
+= k
;
570 struct cmsghdr
*cmsg
;
572 CMSG_FOREACH(cmsg
, &mh
)
573 if (cmsg
->cmsg_level
== SOL_SOCKET
&&
574 cmsg
->cmsg_type
== SCM_RIGHTS
) {
577 /* Whut? We received fds during the auth
578 * protocol? Somebody is playing games with
579 * us. Close them all, and fail */
580 j
= (cmsg
->cmsg_len
- CMSG_LEN(0)) / sizeof(int);
581 close_many((int*) CMSG_DATA(cmsg
), j
);
584 log_debug("Got unexpected auxiliary data with level=%d and type=%d",
585 cmsg
->cmsg_level
, cmsg
->cmsg_type
);
588 r
= bus_socket_auth_verify(b
);
595 void bus_socket_setup(sd_bus
*b
) {
598 /* Increase the buffers to 8 MB */
599 (void) fd_inc_rcvbuf(b
->input_fd
, SNDBUF_SIZE
);
600 (void) fd_inc_sndbuf(b
->output_fd
, SNDBUF_SIZE
);
602 b
->message_version
= 1;
603 b
->message_endian
= 0;
606 static void bus_get_peercred(sd_bus
*b
) {
610 assert(!b
->ucred_valid
);
612 assert(b
->n_groups
== (size_t) -1);
614 /* Get the peer for socketpair() sockets */
615 b
->ucred_valid
= getpeercred(b
->input_fd
, &b
->ucred
) >= 0;
617 /* Get the SELinux context of the peer */
618 r
= getpeersec(b
->input_fd
, &b
->label
);
619 if (r
< 0 && !IN_SET(r
, -EOPNOTSUPP
, -ENOPROTOOPT
))
620 log_debug_errno(r
, "Failed to determine peer security context: %m");
622 /* Get the list of auxiliary groups of the peer */
623 r
= getpeergroups(b
->input_fd
, &b
->groups
);
625 b
->n_groups
= (size_t) r
;
626 else if (!IN_SET(r
, -EOPNOTSUPP
, -ENOPROTOOPT
))
627 log_debug_errno(r
, "Failed to determine peer's group list: %m");
630 static int bus_socket_start_auth_client(sd_bus
*b
) {
632 const char *auth_suffix
, *auth_prefix
;
636 if (b
->anonymous_auth
) {
637 auth_prefix
= "\0AUTH ANONYMOUS ";
639 /* For ANONYMOUS auth we send some arbitrary "trace" string */
641 b
->auth_buffer
= hexmem("anonymous", l
);
643 char text
[DECIMAL_STR_MAX(uid_t
) + 1];
645 auth_prefix
= "\0AUTH EXTERNAL ";
647 xsprintf(text
, UID_FMT
, geteuid());
650 b
->auth_buffer
= hexmem(text
, l
);
657 auth_suffix
= "\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n";
659 auth_suffix
= "\r\nBEGIN\r\n";
661 b
->auth_iovec
[0].iov_base
= (void*) auth_prefix
;
662 b
->auth_iovec
[0].iov_len
= 1 + strlen(auth_prefix
+ 1);
663 b
->auth_iovec
[1].iov_base
= (void*) b
->auth_buffer
;
664 b
->auth_iovec
[1].iov_len
= l
* 2;
665 b
->auth_iovec
[2].iov_base
= (void*) auth_suffix
;
666 b
->auth_iovec
[2].iov_len
= strlen(auth_suffix
);
668 return bus_socket_write_auth(b
);
671 int bus_socket_start_auth(sd_bus
*b
) {
676 bus_set_state(b
, BUS_AUTHENTICATING
);
677 b
->auth_timeout
= now(CLOCK_MONOTONIC
) + BUS_AUTH_TIMEOUT
;
679 if (sd_is_socket(b
->input_fd
, AF_UNIX
, 0, 0) <= 0)
680 b
->accept_fd
= false;
682 if (b
->output_fd
!= b
->input_fd
)
683 if (sd_is_socket(b
->output_fd
, AF_UNIX
, 0, 0) <= 0)
684 b
->accept_fd
= false;
687 return bus_socket_read_auth(b
);
689 return bus_socket_start_auth_client(b
);
692 static int bus_socket_inotify_setup(sd_bus
*b
) {
693 _cleanup_free_
int *new_watches
= NULL
;
694 _cleanup_free_
char *absolute
= NULL
;
695 size_t n_allocated
= 0, n
= 0, done
= 0, i
;
696 unsigned max_follow
= 32;
701 assert(b
->watch_bind
);
702 assert(b
->sockaddr
.sa
.sa_family
== AF_UNIX
);
703 assert(b
->sockaddr
.un
.sun_path
[0] != 0);
705 /* Sets up an inotify fd in case watch_bind is enabled: wait until the configured AF_UNIX file system socket
706 * appears before connecting to it. The implemented is pretty simplistic: we just subscribe to relevant changes
707 * to all prefix components of the path, and every time we get an event for that we try to reconnect again,
708 * without actually caring what precisely the event we got told us. If we still can't connect we re-subscribe
709 * to all relevant changes of anything in the path, so that our watches include any possibly newly created path
712 if (b
->inotify_fd
< 0) {
713 b
->inotify_fd
= inotify_init1(IN_NONBLOCK
|IN_CLOEXEC
);
714 if (b
->inotify_fd
< 0)
717 b
->inotify_fd
= fd_move_above_stdio(b
->inotify_fd
);
720 /* Make sure the path is NUL terminated */
721 p
= strndupa(b
->sockaddr
.un
.sun_path
, sizeof(b
->sockaddr
.un
.sun_path
));
723 /* Make sure the path is absolute */
724 r
= path_make_absolute_cwd(p
, &absolute
);
728 /* Watch all parent directories, and don't mind any prefix that doesn't exist yet. For the innermost directory
729 * that exists we want to know when files are created or moved into it. For all parents of it we just care if
730 * they are removed or renamed. */
732 if (!GREEDY_REALLOC(new_watches
, n_allocated
, n
+ 1)) {
737 /* Start with the top-level directory, which is a bit simpler than the rest, since it can't be a symlink, and
739 wd
= inotify_add_watch(b
->inotify_fd
, "/", IN_CREATE
|IN_MOVED_TO
);
741 r
= log_debug_errno(errno
, "Failed to add inotify watch on /: %m");
744 new_watches
[n
++] = wd
;
747 _cleanup_free_
char *component
= NULL
, *prefix
= NULL
, *destination
= NULL
;
748 size_t n_slashes
, n_component
;
751 n_slashes
= strspn(absolute
+ done
, "/");
752 n_component
= n_slashes
+ strcspn(absolute
+ done
+ n_slashes
, "/");
754 if (n_component
== 0) /* The end */
757 component
= strndup(absolute
+ done
, n_component
);
763 /* A trailing slash? That's a directory, and not a socket then */
764 if (path_equal(component
, "/")) {
769 /* A single dot? Let's eat this up */
770 if (path_equal(component
, "/.")) {
775 prefix
= strndup(absolute
, done
+ n_component
);
781 if (!GREEDY_REALLOC(new_watches
, n_allocated
, n
+ 1)) {
786 wd
= inotify_add_watch(b
->inotify_fd
, prefix
, IN_DELETE_SELF
|IN_MOVE_SELF
|IN_ATTRIB
|IN_CREATE
|IN_MOVED_TO
|IN_DONT_FOLLOW
);
787 log_debug("Added inotify watch for %s on bus %s: %i", prefix
, strna(b
->description
), wd
);
790 if (IN_SET(errno
, ENOENT
, ELOOP
))
791 break; /* This component doesn't exist yet, or the path contains a cyclic symlink right now */
793 r
= log_debug_errno(errno
, "Failed to add inotify watch on %s: %m", isempty(prefix
) ? "/" : prefix
);
796 new_watches
[n
++] = wd
;
798 /* Check if this is possibly a symlink. If so, let's follow it and watch it too. */
799 r
= readlink_malloc(prefix
, &destination
);
800 if (r
== -EINVAL
) { /* not a symlink */
807 if (isempty(destination
)) { /* Empty symlink target? Yuck! */
812 if (max_follow
<= 0) { /* Let's make sure we don't follow symlinks forever */
817 if (path_is_absolute(destination
)) {
818 /* For absolute symlinks we build the new path and start anew */
819 c
= strjoin(destination
, absolute
+ done
+ n_component
);
822 _cleanup_free_
char *t
= NULL
;
824 /* For relative symlinks we replace the last component, and try again */
825 t
= strndup(absolute
, done
);
829 c
= strjoin(t
, "/", destination
, absolute
+ done
+ n_component
);
842 /* And now, let's remove all watches from the previous iteration we don't need anymore */
843 for (i
= 0; i
< b
->n_inotify_watches
; i
++) {
847 for (j
= 0; j
< n
; j
++)
848 if (new_watches
[j
] == b
->inotify_watches
[i
]) {
856 (void) inotify_rm_watch(b
->inotify_fd
, b
->inotify_watches
[i
]);
859 free_and_replace(b
->inotify_watches
, new_watches
);
860 b
->n_inotify_watches
= n
;
865 bus_close_inotify_fd(b
);
869 int bus_socket_connect(sd_bus
*b
) {
870 bool inotify_done
= false;
876 assert(b
->input_fd
< 0);
877 assert(b
->output_fd
< 0);
878 assert(b
->sockaddr
.sa
.sa_family
!= AF_UNSPEC
);
880 b
->input_fd
= socket(b
->sockaddr
.sa
.sa_family
, SOCK_STREAM
|SOCK_CLOEXEC
|SOCK_NONBLOCK
, 0);
884 b
->input_fd
= fd_move_above_stdio(b
->input_fd
);
886 b
->output_fd
= b
->input_fd
;
889 if (connect(b
->input_fd
, &b
->sockaddr
.sa
, b
->sockaddr_size
) < 0) {
890 if (errno
== EINPROGRESS
) {
892 /* If we have any inotify watches open, close them now, we don't need them anymore, as
893 * we have successfully initiated a connection */
894 bus_close_inotify_fd(b
);
896 /* Note that very likely we are already in BUS_OPENING state here, as we enter it when
897 * we start parsing the address string. The only reason we set the state explicitly
898 * here, is to undo BUS_WATCH_BIND, in case we did the inotify magic. */
899 bus_set_state(b
, BUS_OPENING
);
903 if (IN_SET(errno
, ENOENT
, ECONNREFUSED
) && /* ENOENT → unix socket doesn't exist at all; ECONNREFUSED → unix socket stale */
905 b
->sockaddr
.sa
.sa_family
== AF_UNIX
&&
906 b
->sockaddr
.un
.sun_path
[0] != 0) {
908 /* This connection attempt failed, let's release the socket for now, and start with a
909 * fresh one when reconnecting. */
913 /* inotify set up already, don't do it again, just return now, and remember
914 * that we are waiting for inotify events now. */
915 bus_set_state(b
, BUS_WATCH_BIND
);
919 /* This is a file system socket, and the inotify logic is enabled. Let's create the necessary inotify fd. */
920 r
= bus_socket_inotify_setup(b
);
924 /* Let's now try to connect a second time, because in theory there's otherwise a race
925 * here: the socket might have been created in the time between our first connect() and
926 * the time we set up the inotify logic. But let's remember that we set up inotify now,
927 * so that we don't do the connect() more than twice. */
936 /* Yay, established, we don't need no inotify anymore! */
937 bus_close_inotify_fd(b
);
939 return bus_socket_start_auth(b
);
942 int bus_socket_exec(sd_bus
*b
) {
946 assert(b
->input_fd
< 0);
947 assert(b
->output_fd
< 0);
948 assert(b
->exec_path
);
949 assert(b
->busexec_pid
== 0);
951 r
= socketpair(AF_UNIX
, SOCK_STREAM
|SOCK_NONBLOCK
|SOCK_CLOEXEC
, 0, s
);
955 r
= safe_fork_full("(sd-busexec)", s
+1, 1, FORK_RESET_SIGNALS
|FORK_CLOSE_ALL_FDS
, &b
->busexec_pid
);
963 if (rearrange_stdio(s
[1], s
[1], STDERR_FILENO
) < 0)
966 (void) fd_nonblock(STDIN_FILENO
, false);
967 (void) fd_nonblock(STDOUT_FILENO
, false);
970 execvp(b
->exec_path
, b
->exec_argv
);
972 const char *argv
[] = { b
->exec_path
, NULL
};
973 execvp(b
->exec_path
, (char**) argv
);
980 b
->output_fd
= b
->input_fd
= fd_move_above_stdio(s
[0]);
984 return bus_socket_start_auth(b
);
987 int bus_socket_take_fd(sd_bus
*b
) {
992 return bus_socket_start_auth(b
);
995 int bus_socket_write_message(sd_bus
*bus
, sd_bus_message
*m
, size_t *idx
) {
1005 assert(IN_SET(bus
->state
, BUS_RUNNING
, BUS_HELLO
));
1007 if (*idx
>= BUS_MESSAGE_SIZE(m
))
1010 r
= bus_message_setup_iovec(m
);
1014 n
= m
->n_iovec
* sizeof(struct iovec
);
1016 memcpy_safe(iov
, m
->iovec
, n
);
1019 iovec_advance(iov
, &j
, *idx
);
1021 if (bus
->prefer_writev
)
1022 k
= writev(bus
->output_fd
, iov
, m
->n_iovec
);
1024 struct msghdr mh
= {
1026 .msg_iovlen
= m
->n_iovec
,
1029 if (m
->n_fds
> 0 && *idx
== 0) {
1030 struct cmsghdr
*control
;
1032 mh
.msg_control
= control
= alloca(CMSG_SPACE(sizeof(int) * m
->n_fds
));
1033 mh
.msg_controllen
= control
->cmsg_len
= CMSG_LEN(sizeof(int) * m
->n_fds
);
1034 control
->cmsg_level
= SOL_SOCKET
;
1035 control
->cmsg_type
= SCM_RIGHTS
;
1036 memcpy(CMSG_DATA(control
), m
->fds
, sizeof(int) * m
->n_fds
);
1039 k
= sendmsg(bus
->output_fd
, &mh
, MSG_DONTWAIT
|MSG_NOSIGNAL
);
1040 if (k
< 0 && errno
== ENOTSOCK
) {
1041 bus
->prefer_writev
= true;
1042 k
= writev(bus
->output_fd
, iov
, m
->n_iovec
);
1047 return errno
== EAGAIN
? 0 : -errno
;
1053 static int bus_socket_read_message_need(sd_bus
*bus
, size_t *need
) {
1060 assert(IN_SET(bus
->state
, BUS_RUNNING
, BUS_HELLO
));
1062 if (bus
->rbuffer_size
< sizeof(struct bus_header
)) {
1063 *need
= sizeof(struct bus_header
) + 8;
1065 /* Minimum message size:
1069 * Method Call: +2 string headers
1070 * Signal: +3 string headers
1071 * Method Error: +1 string headers
1073 * Method Reply: +1 uint32 headers
1075 * A string header is at least 9 bytes
1076 * A uint32 header is at least 8 bytes
1078 * Hence the minimum message size of a valid message
1079 * is header + 8 bytes */
1084 a
= ((const uint32_t*) bus
->rbuffer
)[1];
1085 b
= ((const uint32_t*) bus
->rbuffer
)[3];
1087 e
= ((const uint8_t*) bus
->rbuffer
)[0];
1088 if (e
== BUS_LITTLE_ENDIAN
) {
1091 } else if (e
== BUS_BIG_ENDIAN
) {
1097 sum
= (uint64_t) sizeof(struct bus_header
) + (uint64_t) ALIGN_TO(b
, 8) + (uint64_t) a
;
1098 if (sum
>= BUS_MESSAGE_SIZE_MAX
)
1101 *need
= (size_t) sum
;
1105 static int bus_socket_make_message(sd_bus
*bus
, size_t size
) {
1111 assert(bus
->rbuffer_size
>= size
);
1112 assert(IN_SET(bus
->state
, BUS_RUNNING
, BUS_HELLO
));
1114 r
= bus_rqueue_make_room(bus
);
1118 if (bus
->rbuffer_size
> size
) {
1119 b
= memdup((const uint8_t*) bus
->rbuffer
+ size
,
1120 bus
->rbuffer_size
- size
);
1126 r
= bus_message_from_malloc(bus
,
1128 bus
->fds
, bus
->n_fds
,
1137 bus
->rbuffer_size
-= size
;
1142 bus
->rqueue
[bus
->rqueue_size
++] = t
;
1147 int bus_socket_read_message(sd_bus
*bus
) {
1149 struct iovec iov
= {};
1155 struct cmsghdr cmsghdr
;
1156 uint8_t buf
[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX
)];
1158 bool handle_cmsg
= false;
1161 assert(IN_SET(bus
->state
, BUS_RUNNING
, BUS_HELLO
));
1163 r
= bus_socket_read_message_need(bus
, &need
);
1167 if (bus
->rbuffer_size
>= need
)
1168 return bus_socket_make_message(bus
, need
);
1170 b
= realloc(bus
->rbuffer
, need
);
1176 iov
.iov_base
= (uint8_t*) bus
->rbuffer
+ bus
->rbuffer_size
;
1177 iov
.iov_len
= need
- bus
->rbuffer_size
;
1179 if (bus
->prefer_readv
)
1180 k
= readv(bus
->input_fd
, &iov
, 1);
1185 mh
.msg_control
= &control
;
1186 mh
.msg_controllen
= sizeof(control
);
1188 k
= recvmsg(bus
->input_fd
, &mh
, MSG_DONTWAIT
|MSG_NOSIGNAL
|MSG_CMSG_CLOEXEC
);
1189 if (k
< 0 && errno
== ENOTSOCK
) {
1190 bus
->prefer_readv
= true;
1191 k
= readv(bus
->input_fd
, &iov
, 1);
1196 return errno
== EAGAIN
? 0 : -errno
;
1200 bus
->rbuffer_size
+= k
;
1203 struct cmsghdr
*cmsg
;
1205 CMSG_FOREACH(cmsg
, &mh
)
1206 if (cmsg
->cmsg_level
== SOL_SOCKET
&&
1207 cmsg
->cmsg_type
== SCM_RIGHTS
) {
1210 n
= (cmsg
->cmsg_len
- CMSG_LEN(0)) / sizeof(int);
1212 if (!bus
->can_fds
) {
1213 /* Whut? We received fds but this
1214 * isn't actually enabled? Close them,
1217 close_many((int*) CMSG_DATA(cmsg
), n
);
1221 f
= reallocarray(bus
->fds
, bus
->n_fds
+ n
, sizeof(int));
1223 close_many((int*) CMSG_DATA(cmsg
), n
);
1227 for (i
= 0; i
< n
; i
++)
1228 f
[bus
->n_fds
++] = fd_move_above_stdio(((int*) CMSG_DATA(cmsg
))[i
]);
1231 log_debug("Got unexpected auxiliary data with level=%d and type=%d",
1232 cmsg
->cmsg_level
, cmsg
->cmsg_type
);
1235 r
= bus_socket_read_message_need(bus
, &need
);
1239 if (bus
->rbuffer_size
>= need
)
1240 return bus_socket_make_message(bus
, need
);
1245 int bus_socket_process_opening(sd_bus
*b
) {
1247 socklen_t slen
= sizeof(error
);
1254 assert(b
->state
== BUS_OPENING
);
1260 if (!(p
.revents
& (POLLOUT
|POLLERR
|POLLHUP
)))
1263 r
= getsockopt(b
->output_fd
, SOL_SOCKET
, SO_ERROR
, &error
, &slen
);
1265 b
->last_connect_error
= errno
;
1266 else if (error
!= 0)
1267 b
->last_connect_error
= error
;
1268 else if (p
.revents
& (POLLERR
|POLLHUP
))
1269 b
->last_connect_error
= ECONNREFUSED
;
1271 return bus_socket_start_auth(b
);
1273 return bus_next_address(b
);
1276 int bus_socket_process_authenticating(sd_bus
*b
) {
1280 assert(b
->state
== BUS_AUTHENTICATING
);
1282 if (now(CLOCK_MONOTONIC
) >= b
->auth_timeout
)
1285 r
= bus_socket_write_auth(b
);
1289 return bus_socket_read_auth(b
);
1292 int bus_socket_process_watch_bind(sd_bus
*b
) {
1296 assert(b
->state
== BUS_WATCH_BIND
);
1297 assert(b
->inotify_fd
>= 0);
1299 r
= flush_fd(b
->inotify_fd
);
1303 log_debug("Got inotify event on bus %s.", strna(b
->description
));
1305 /* We flushed events out of the inotify fd. In that case, maybe the socket is valid now? Let's try to connect
1308 r
= bus_socket_connect(b
);
1312 q
= bus_attach_io_events(b
);
1316 q
= bus_attach_inotify_event(b
);