1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2013 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
36 #include "bus-socket.h"
37 #include "bus-internal.h"
38 #include "bus-message.h"
40 static void iovec_advance(struct iovec iov[], unsigned *idx, size_t size) {
43 struct iovec *i = iov + *idx;
45 if (i->iov_len > size) {
46 i->iov_base = (uint8_t*) i->iov_base + size;
60 bool bus_socket_auth_needs_write(sd_bus *b) {
64 if (b->auth_index >= ELEMENTSOF(b->auth_iovec))
67 for (i = b->auth_index; i < ELEMENTSOF(b->auth_iovec); i++) {
68 struct iovec *j = b->auth_iovec + i;
77 static int bus_socket_write_auth(sd_bus *b) {
82 assert(b->state == BUS_AUTHENTICATING);
84 if (!bus_socket_auth_needs_write(b))
88 mh.msg_iov = b->auth_iovec + b->auth_index;
89 mh.msg_iovlen = ELEMENTSOF(b->auth_iovec) - b->auth_index;
91 k = sendmsg(b->fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
93 return errno == EAGAIN ? 0 : -errno;
95 iovec_advance(b->auth_iovec, &b->auth_index, (size_t) k);
100 static int bus_socket_auth_verify_client(sd_bus *b) {
108 /* We expect two response lines: "OK" and possibly
111 e = memmem(b->rbuffer, b->rbuffer_size, "\r\n", 2);
115 if (b->negotiate_fds) {
116 f = memmem(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2);
126 /* Nice! We got all the lines we need. First check the OK
129 if (e - (char*) b->rbuffer != 3 + 32)
132 if (memcmp(b->rbuffer, "OK ", 3))
135 b->auth = b->anonymous_auth ? BUS_AUTH_ANONYMOUS : BUS_AUTH_EXTERNAL;
137 for (i = 0; i < 32; i += 2) {
140 x = unhexchar(((char*) b->rbuffer)[3 + i]);
141 y = unhexchar(((char*) b->rbuffer)[3 + i + 1]);
146 peer.bytes[i/2] = ((uint8_t) x << 4 | (uint8_t) y);
149 if (!sd_id128_equal(b->server_id, SD_ID128_NULL) &&
150 !sd_id128_equal(b->server_id, peer))
155 /* And possibly check the second line, too */
159 (f - e == sizeof("\r\nAGREE_UNIX_FD") - 1) &&
160 memcmp(e + 2, "AGREE_UNIX_FD", sizeof("AGREE_UNIX_FD") - 1) == 0;
162 b->rbuffer_size -= (start - (char*) b->rbuffer);
163 memmove(b->rbuffer, start, b->rbuffer_size);
165 r = bus_start_running(b);
172 static bool line_equals(const char *s, size_t m, const char *line) {
179 return memcmp(s, line, l) == 0;
182 static bool line_begins(const char *s, size_t m, const char *word) {
189 if (memcmp(s, word, l) != 0)
192 return m == l || (m > l && s[l] == ' ');
195 static int verify_anonymous_token(sd_bus *b, const char *p, size_t l) {
196 _cleanup_free_ char *token = NULL;
198 if (!b->anonymous_auth)
209 token = unhexmem(p, l);
213 if (memchr(token, 0, l/2))
216 return !!utf8_is_valid(token);
219 static int verify_external_token(sd_bus *b, const char *p, size_t l) {
220 _cleanup_free_ char *token = NULL;
224 /* We don't do any real authentication here. Instead, we if
225 * the owner of this bus wanted authentication he should have
226 * checked SO_PEERCRED before even creating the bus object. */
240 token = unhexmem(p, l);
244 if (memchr(token, 0, l/2))
247 r = parse_uid(token, &u);
251 if (u != b->ucred.uid)
257 static int bus_socket_auth_write(sd_bus *b, const char *t) {
264 /* We only make use of the first iovec */
265 assert(b->auth_index == 0 || b->auth_index == 1);
268 p = malloc(b->auth_iovec[0].iov_len + l);
272 memcpy(p, b->auth_iovec[0].iov_base, b->auth_iovec[0].iov_len);
273 memcpy(p + b->auth_iovec[0].iov_len, t, l);
275 b->auth_iovec[0].iov_base = p;
276 b->auth_iovec[0].iov_len += l;
278 free(b->auth_buffer);
284 static int bus_socket_auth_write_ok(sd_bus *b) {
285 char t[3 + 32 + 2 + 1];
289 snprintf(t, sizeof(t), "OK " SD_ID128_FORMAT_STR "\r\n", SD_ID128_FORMAT_VAL(b->server_id));
292 return bus_socket_auth_write(b, t);
295 static int bus_socket_auth_verify_server(sd_bus *b) {
299 bool processed = false;
304 if (b->rbuffer_size < 3)
307 /* First char must be a NUL byte */
308 if (*(char*) b->rbuffer != 0)
311 /* Begin with the first line */
312 if (b->auth_rbegin <= 0)
316 /* Check if line is complete */
317 line = (char*) b->rbuffer + b->auth_rbegin;
318 e = memmem(line, b->rbuffer_size - b->auth_rbegin, "\r\n", 2);
324 if (line_begins(line, l, "AUTH ANONYMOUS")) {
326 r = verify_anonymous_token(b, line + 14, l - 14);
330 r = bus_socket_auth_write(b, "REJECTED\r\n");
332 b->auth = BUS_AUTH_ANONYMOUS;
333 r = bus_socket_auth_write_ok(b);
336 } else if (line_begins(line, l, "AUTH EXTERNAL")) {
338 r = verify_external_token(b, line + 13, l - 13);
342 r = bus_socket_auth_write(b, "REJECTED\r\n");
344 b->auth = BUS_AUTH_EXTERNAL;
345 r = bus_socket_auth_write_ok(b);
348 } else if (line_begins(line, l, "AUTH"))
349 r = bus_socket_auth_write(b, "REJECTED EXTERNAL ANONYMOUS\r\n");
350 else if (line_equals(line, l, "CANCEL") ||
351 line_begins(line, l, "ERROR")) {
353 b->auth = _BUS_AUTH_INVALID;
354 r = bus_socket_auth_write(b, "REJECTED\r\n");
356 } else if (line_equals(line, l, "BEGIN")) {
358 if (b->auth == _BUS_AUTH_INVALID)
359 r = bus_socket_auth_write(b, "ERROR\r\n");
361 /* We can't leave from the auth phase
362 * before we haven't written
363 * everything queued, so let's check
366 if (bus_socket_auth_needs_write(b))
369 b->rbuffer_size -= (e + 2 - (char*) b->rbuffer);
370 memmove(b->rbuffer, e + 2, b->rbuffer_size);
371 return bus_start_running(b);
374 } else if (line_begins(line, l, "DATA")) {
376 if (b->auth == _BUS_AUTH_INVALID)
377 r = bus_socket_auth_write(b, "ERROR\r\n");
379 if (b->auth == BUS_AUTH_ANONYMOUS)
380 r = verify_anonymous_token(b, line + 4, l - 4);
382 r = verify_external_token(b, line + 4, l - 4);
387 b->auth = _BUS_AUTH_INVALID;
388 r = bus_socket_auth_write(b, "REJECTED\r\n");
390 r = bus_socket_auth_write_ok(b);
392 } else if (line_equals(line, l, "NEGOTIATE_UNIX_FD")) {
393 if (b->auth == _BUS_AUTH_INVALID || !b->negotiate_fds)
394 r = bus_socket_auth_write(b, "ERROR\r\n");
397 r = bus_socket_auth_write(b, "AGREE_UNIX_FD\r\n");
400 r = bus_socket_auth_write(b, "ERROR\r\n");
405 b->auth_rbegin = e + 2 - (char*) b->rbuffer;
411 static int bus_socket_auth_verify(sd_bus *b) {
415 return bus_socket_auth_verify_server(b);
417 return bus_socket_auth_verify_client(b);
420 static int bus_socket_read_auth(sd_bus *b) {
428 struct cmsghdr cmsghdr;
429 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX) +
430 CMSG_SPACE(sizeof(struct ucred)) +
431 CMSG_SPACE(NAME_MAX)]; /*selinux label */
433 struct cmsghdr *cmsg;
436 assert(b->state == BUS_AUTHENTICATING);
438 r = bus_socket_auth_verify(b);
442 n = MAX(256, b->rbuffer_size * 2);
444 if (n > BUS_AUTH_SIZE_MAX)
445 n = BUS_AUTH_SIZE_MAX;
447 if (b->rbuffer_size >= n)
450 p = realloc(b->rbuffer, n);
457 iov.iov_base = (uint8_t*) b->rbuffer + b->rbuffer_size;
458 iov.iov_len = n - b->rbuffer_size;
463 mh.msg_control = &control;
464 mh.msg_controllen = sizeof(control);
466 k = recvmsg(b->fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
468 return errno == EAGAIN ? 0 : -errno;
472 b->rbuffer_size += k;
474 for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) {
475 if (cmsg->cmsg_level == SOL_SOCKET &&
476 cmsg->cmsg_type == SCM_RIGHTS) {
479 /* Whut? We received fds during the auth
480 * protocol? Somebody is playing games with
481 * us. Close them all, and fail */
482 j = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
483 close_many((int*) CMSG_DATA(cmsg), j);
486 } else if (cmsg->cmsg_level == SOL_SOCKET &&
487 cmsg->cmsg_type == SCM_CREDENTIALS &&
488 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
490 memcpy(&b->ucred, CMSG_DATA(cmsg), sizeof(struct ucred));
491 b->ucred_valid = true;
493 } else if (cmsg->cmsg_level == SOL_SOCKET &&
494 cmsg->cmsg_type == SCM_SECURITY) {
497 l = cmsg->cmsg_len - CMSG_LEN(0);
498 memcpy(&b->label, CMSG_DATA(cmsg), l);
503 r = bus_socket_auth_verify(b);
510 static int bus_socket_setup(sd_bus *b) {
515 /* Enable SO_PASSCRED + SO_PASSEC. We try this on any
516 * socket, just in case. */
517 enable = !b->bus_client;
518 setsockopt(b->fd, SOL_SOCKET, SO_PASSCRED, &enable, sizeof(enable));
519 setsockopt(b->fd, SOL_SOCKET, SO_PASSSEC, &enable, sizeof(enable));
521 /* Increase the buffers to a MB */
522 fd_inc_rcvbuf(b->fd, 1024*1024);
523 fd_inc_sndbuf(b->fd, 1024*1024);
528 static int bus_socket_start_auth_client(sd_bus *b) {
530 const char *auth_suffix, *auth_prefix;
534 if (b->anonymous_auth) {
535 auth_prefix = "\0AUTH ANONYMOUS ";
537 /* For ANONYMOUS auth we send some arbitrary "trace" string */
539 b->auth_buffer = hexmem("anonymous", l);
541 char text[20 + 1]; /* enough space for a 64bit integer plus NUL */
543 auth_prefix = "\0AUTH EXTERNAL ";
545 snprintf(text, sizeof(text), "%lu", (unsigned long) geteuid());
549 b->auth_buffer = hexmem(text, l);
555 if (b->negotiate_fds)
556 auth_suffix = "\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n";
558 auth_suffix = "\r\nBEGIN\r\n";
560 b->auth_iovec[0].iov_base = (void*) auth_prefix;
561 b->auth_iovec[0].iov_len = 1 + strlen(auth_prefix + 1);
562 b->auth_iovec[1].iov_base = (void*) b->auth_buffer;
563 b->auth_iovec[1].iov_len = l * 2;
564 b->auth_iovec[2].iov_base = (void*) auth_suffix;
565 b->auth_iovec[2].iov_len = strlen(auth_suffix);
567 return bus_socket_write_auth(b);
570 static int bus_socket_start_auth(sd_bus *b) {
576 b->state = BUS_AUTHENTICATING;
577 b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_DEFAULT_TIMEOUT;
580 r = getsockopt(b->fd, SOL_SOCKET, SO_DOMAIN, &domain, &sl);
584 if (domain != AF_UNIX)
585 b->negotiate_fds = false;
588 return bus_socket_read_auth(b);
590 return bus_socket_start_auth_client(b);
593 int bus_socket_connect(sd_bus *b) {
598 assert(b->sockaddr.sa.sa_family != AF_UNSPEC);
600 b->fd = socket(b->sockaddr.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
604 r = bus_socket_setup(b);
608 r = connect(b->fd, &b->sockaddr.sa, b->sockaddr_size);
610 if (errno == EINPROGRESS)
616 return bus_socket_start_auth(b);
619 int bus_socket_exec(sd_bus *b) {
625 assert(b->exec_path);
627 b->fd = socketpair(AF_UNIX, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0, s);
640 close_nointr_nofail(s[0]);
642 assert_se(dup3(s[1], STDIN_FILENO, 0) == STDIN_FILENO);
643 assert_se(dup3(s[1], STDOUT_FILENO, 0) == STDOUT_FILENO);
645 if (s[1] != STDIN_FILENO && s[1] != STDOUT_FILENO)
646 close_nointr_nofail(s[1]);
648 fd_cloexec(STDIN_FILENO, false);
649 fd_cloexec(STDOUT_FILENO, false);
650 fd_nonblock(STDIN_FILENO, false);
651 fd_nonblock(STDOUT_FILENO, false);
654 execvp(b->exec_path, b->exec_argv);
656 const char *argv[] = { b->exec_path, NULL };
657 execvp(b->exec_path, (char**) argv);
663 close_nointr_nofail(s[1]);
666 return bus_socket_start_auth(b);
669 int bus_socket_take_fd(sd_bus *b) {
673 r = bus_socket_setup(b);
677 return bus_socket_start_auth(b);
680 int bus_socket_write_message(sd_bus *bus, sd_bus_message *m, size_t *idx) {
690 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
697 struct cmsghdr *control;
698 control = alloca(CMSG_SPACE(sizeof(int) * m->n_fds));
700 mh.msg_control = control;
701 control->cmsg_level = SOL_SOCKET;
702 control->cmsg_type = SCM_RIGHTS;
703 mh.msg_controllen = control->cmsg_len = CMSG_LEN(sizeof(int) * m->n_fds);
704 memcpy(CMSG_DATA(control), m->fds, sizeof(int) * m->n_fds);
707 n = m->n_iovec * sizeof(struct iovec);
709 memcpy(iov, m->iovec, n);
712 iovec_advance(iov, &j, *idx);
715 mh.msg_iovlen = m->n_iovec;
717 k = sendmsg(bus->fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
719 return errno == EAGAIN ? 0 : -errno;
725 static int bus_socket_read_message_need(sd_bus *bus, size_t *need) {
732 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
734 if (bus->rbuffer_size < sizeof(struct bus_header)) {
735 *need = sizeof(struct bus_header) + 8;
737 /* Minimum message size:
741 * Method Call: +2 string headers
742 * Signal: +3 string headers
743 * Method Error: +1 string headers
745 * Method Reply: +1 uint32 headers
747 * A string header is at least 9 bytes
748 * A uint32 header is at least 8 bytes
750 * Hence the minimum message size of a valid message
751 * is header + 8 bytes */
756 a = ((const uint32_t*) bus->rbuffer)[1];
757 b = ((const uint32_t*) bus->rbuffer)[3];
759 e = ((const uint8_t*) bus->rbuffer)[0];
760 if (e == SD_BUS_LITTLE_ENDIAN) {
763 } else if (e == SD_BUS_BIG_ENDIAN) {
769 sum = (uint64_t) sizeof(struct bus_header) + (uint64_t) ALIGN_TO(b, 8) + (uint64_t) a;
770 if (sum >= BUS_MESSAGE_SIZE_MAX)
773 *need = (size_t) sum;
777 static int bus_socket_make_message(sd_bus *bus, size_t size, sd_bus_message **m) {
784 assert(bus->rbuffer_size >= size);
785 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
787 if (bus->rbuffer_size > size) {
788 b = memdup((const uint8_t*) bus->rbuffer + size,
789 bus->rbuffer_size - size);
795 r = bus_message_from_malloc(bus->rbuffer, size,
796 bus->fds, bus->n_fds,
797 bus->ucred_valid ? &bus->ucred : NULL,
798 bus->label[0] ? bus->label : NULL,
806 bus->rbuffer_size -= size;
815 int bus_socket_read_message(sd_bus *bus, sd_bus_message **m) {
823 struct cmsghdr cmsghdr;
824 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX) +
825 CMSG_SPACE(sizeof(struct ucred)) +
826 CMSG_SPACE(NAME_MAX)]; /*selinux label */
828 struct cmsghdr *cmsg;
832 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
834 r = bus_socket_read_message_need(bus, &need);
838 if (bus->rbuffer_size >= need)
839 return bus_socket_make_message(bus, need, m);
841 b = realloc(bus->rbuffer, need);
848 iov.iov_base = (uint8_t*) bus->rbuffer + bus->rbuffer_size;
849 iov.iov_len = need - bus->rbuffer_size;
854 mh.msg_control = &control;
855 mh.msg_controllen = sizeof(control);
857 k = recvmsg(bus->fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
859 return errno == EAGAIN ? 0 : -errno;
863 bus->rbuffer_size += k;
865 for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) {
866 if (cmsg->cmsg_level == SOL_SOCKET &&
867 cmsg->cmsg_type == SCM_RIGHTS) {
870 n = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
873 /* Whut? We received fds but this
874 * isn't actually enabled? Close them,
877 close_many((int*) CMSG_DATA(cmsg), n);
881 f = realloc(bus->fds, sizeof(int) + (bus->n_fds + n));
883 close_many((int*) CMSG_DATA(cmsg), n);
887 memcpy(f + bus->n_fds, CMSG_DATA(cmsg), n * sizeof(int));
890 } else if (cmsg->cmsg_level == SOL_SOCKET &&
891 cmsg->cmsg_type == SCM_CREDENTIALS &&
892 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
894 memcpy(&bus->ucred, CMSG_DATA(cmsg), sizeof(struct ucred));
895 bus->ucred_valid = true;
897 } else if (cmsg->cmsg_level == SOL_SOCKET &&
898 cmsg->cmsg_type == SCM_SECURITY) {
901 l = cmsg->cmsg_len - CMSG_LEN(0);
902 memcpy(&bus->label, CMSG_DATA(cmsg), l);
907 r = bus_socket_read_message_need(bus, &need);
911 if (bus->rbuffer_size >= need)
912 return bus_socket_make_message(bus, need, m);
917 int bus_socket_process_opening(sd_bus *b) {
919 socklen_t slen = sizeof(error);
924 assert(b->state == BUS_OPENING);
934 if (!(p.revents & (POLLOUT|POLLERR|POLLHUP)))
937 r = getsockopt(b->fd, SOL_SOCKET, SO_ERROR, &error, &slen);
939 b->last_connect_error = errno;
941 b->last_connect_error = error;
942 else if (p.revents & (POLLERR|POLLHUP))
943 b->last_connect_error = ECONNREFUSED;
945 return bus_socket_start_auth(b);
947 return bus_next_address(b);
950 int bus_socket_process_authenticating(sd_bus *b) {
954 assert(b->state == BUS_AUTHENTICATING);
956 if (now(CLOCK_MONOTONIC) >= b->auth_timeout)
959 r = bus_socket_write_auth(b);
963 return bus_socket_read_auth(b);