detach_io_events(b);
if (b->input_fd >= 0)
- close_nointr_nofail(b->input_fd);
+ safe_close(b->input_fd);
if (b->output_fd >= 0 && b->output_fd != b->input_fd)
- close_nointr_nofail(b->output_fd);
+ safe_close(b->output_fd);
b->input_fd = b->output_fd = -1;
}
#ifdef ENABLE_KDBUS
asprintf(&b->address, KERNEL_USER_BUS_FMT, (unsigned long) getuid());
#else
- return -ECONNREFUSED;
+ r = -ECONNREFUSED;
+ goto fail;
#endif
}
static int bus_remarshal_message(sd_bus *b, sd_bus_message **m) {
assert(b);
- /* Do packet version and endianess already match? */
+ /* Do packet version and endianness already match? */
if ((b->message_version == 0 || b->message_version == (*m)->header->version) &&
(b->message_endian == 0 || b->message_endian == (*m)->header->endian))
return 0;
* hence let's fill something in for synthetic messages. Since
* synthetic messages might have a fake sender and we don't
* want to interfere with the real sender's serial numbers we
- * pick a fixed, artifical one. We use (uint32_t) -1 rather
+ * pick a fixed, artificial one. We use (uint32_t) -1 rather
* than (uint64_t) -1 since dbus1 only had 32bit identifiers,
* even though kdbus can do 64bit. */
return r;
if (bus->is_kernel || *idx >= BUS_MESSAGE_SIZE(m))
- log_debug("Sent message type=%s sender=%s destination=%s object=%s interface=%s member=%s cookie=%lu reply_cookie=%lu error=%s",
+ log_debug("Sent message type=%s sender=%s destination=%s object=%s interface=%s member=%s cookie=%" PRIu64 " reply_cookie=%" PRIu64 " error=%s",
bus_message_type_to_string(m->header->type),
strna(sd_bus_message_get_sender(m)),
strna(sd_bus_message_get_destination(m)),
strna(sd_bus_message_get_path(m)),
strna(sd_bus_message_get_interface(m)),
strna(sd_bus_message_get_member(m)),
- (unsigned long) BUS_MESSAGE_COOKIE(m),
- (unsigned long) m->reply_cookie,
+ BUS_MESSAGE_COOKIE(m),
+ m->reply_cookie,
strna(m->error.message));
return r;
if (incoming->header->type == SD_BUS_MESSAGE_METHOD_RETURN) {
- if (reply)
- *reply = incoming;
- else
- sd_bus_message_unref(incoming);
+ if (incoming->n_fds <= 0 || (bus->hello_flags & KDBUS_HELLO_ACCEPT_FD)) {
+ if (reply)
+ *reply = incoming;
+ else
+ sd_bus_message_unref(incoming);
+
+ return 1;
+ }
+
+ r = sd_bus_error_setf(error, SD_BUS_ERROR_INCONSISTENT_MESSAGE, "Reply message contained file descriptors which I couldn't accept. Sorry.");
- return 1;
} else if (incoming->header->type == SD_BUS_MESSAGE_METHOD_ERROR)
r = sd_bus_error_copy(error, &incoming->error);
else
}
static int process_reply(sd_bus *bus, sd_bus_message *m) {
+ _cleanup_bus_message_unref_ sd_bus_message *synthetic_reply = NULL;
_cleanup_bus_error_free_ sd_bus_error error_buffer = SD_BUS_ERROR_NULL;
- struct reply_callback *c;
+ _cleanup_free_ struct reply_callback *c = NULL;
int r;
assert(bus);
if (c->timeout != 0)
prioq_remove(bus->reply_callbacks_prioq, c, &c->prioq_idx);
- r = sd_bus_message_rewind(m, true);
- if (r < 0)
- return r;
+ if (m->n_fds > 0 && !(bus->hello_flags & KDBUS_HELLO_ACCEPT_FD)) {
+
+ /* If the reply contained a file descriptor which we
+ * didn't want we pass an error instead. */
+
+ r = bus_message_new_synthetic_error(
+ bus,
+ m->reply_cookie,
+ &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_INCONSISTENT_MESSAGE, "Reply message contained file descriptor"),
+ &synthetic_reply);
+ if (r < 0)
+ return r;
+
+ r = bus_seal_synthetic_message(bus, synthetic_reply);
+ if (r < 0)
+ return r;
+
+ m = synthetic_reply;
+ } else {
+ r = sd_bus_message_rewind(m, true);
+ if (r < 0)
+ return r;
+ }
r = c->callback(bus, m, c->userdata, &error_buffer);
r = bus_maybe_reply_error(m, r, &error_buffer);
- free(c);
return r;
}
return 1;
}
+static int process_fd_check(sd_bus *bus, sd_bus_message *m) {
+ assert(bus);
+ assert(m);
+
+ /* If we got a message with a file descriptor which we didn't
+ * want to accept, then let's drop it. How can this even
+ * happen? For example, when the kernel queues a message into
+ * an activatable names's queue which allows fds, and then is
+ * delivered to us later even though we ourselves did not
+ * negotiate it. */
+
+ if (m->n_fds <= 0)
+ return 0;
+
+ if (bus->hello_flags & KDBUS_HELLO_ACCEPT_FD)
+ return 0;
+
+ if (m->header->type != SD_BUS_MESSAGE_METHOD_CALL)
+ return 1; /* just eat it up */
+
+ return sd_bus_reply_method_errorf(m, SD_BUS_ERROR_INCONSISTENT_MESSAGE, "Message contains file descriptors, which I cannot accept. Sorry.");
+}
+
static int process_message(sd_bus *bus, sd_bus_message *m) {
int r;
bus->current = m;
bus->iteration_counter++;
- log_debug("Got message type=%s sender=%s destination=%s object=%s interface=%s member=%s cookie=%lu reply_cookie=%lu error=%s",
+ log_debug("Got message type=%s sender=%s destination=%s object=%s interface=%s member=%s cookie=%" PRIu64 " reply_cookie=%" PRIu64 " error=%s",
bus_message_type_to_string(m->header->type),
strna(sd_bus_message_get_sender(m)),
strna(sd_bus_message_get_destination(m)),
strna(sd_bus_message_get_path(m)),
strna(sd_bus_message_get_interface(m)),
strna(sd_bus_message_get_member(m)),
- (unsigned long) BUS_MESSAGE_COOKIE(m),
- (unsigned long) m->reply_cookie,
+ BUS_MESSAGE_COOKIE(m),
+ m->reply_cookie,
strna(m->error.message));
r = process_hello(bus, m);
if (r != 0)
goto finish;
+ r = process_fd_check(bus, m);
+ if (r != 0)
+ goto finish;
+
r = process_filter(bus, m);
if (r != 0)
goto finish;