along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
+#include <sys/capability.h>
+
#include "strv.h"
#include "set.h"
#include "bus-internal.h"
if (r < 0)
return r;
if (sd_bus_error_is_set(error))
- return sd_bus_error_get_errno(error);
+ return -sd_bus_error_get_errno(error);
if (r == 0)
return r;
}
if (r < 0)
return r;
if (sd_bus_error_is_set(error))
- return sd_bus_error_get_errno(error);
+ return -sd_bus_error_get_errno(error);
STRV_FOREACH(k, children) {
if (r < 0) {
return 0;
}
+#define CAPABILITY_SHIFT(x) (((x) >> __builtin_ctzll(_SD_BUS_VTABLE_CAPABILITY_MASK)) & 0xFFFF)
+
+static int check_access(sd_bus *bus, sd_bus_message *m, struct vtable_member *c, sd_bus_error *error) {
+ _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL;
+ uint64_t cap;
+ uid_t uid;
+ int r;
+
+ assert(bus);
+ assert(m);
+ assert(c);
+
+ /* If the entire bus is trusted let's grant access */
+ if (bus->trusted)
+ return 0;
+
+ /* If the member is marked UNPRIVILEGED let's grant access */
+ if (c->vtable->flags & SD_BUS_VTABLE_UNPRIVILEGED)
+ return 0;
+
+ /* If we are not connected to kdbus we cannot retrieve the
+ * effective capability set without race. Since we need this
+ * for a security decision we cannot use racy data, hence
+ * don't request it. */
+ if (bus->is_kernel)
+ r = sd_bus_query_sender_creds(m, SD_BUS_CREDS_UID|SD_BUS_CREDS_EFFECTIVE_CAPS, &creds);
+ else
+ r = sd_bus_query_sender_creds(m, SD_BUS_CREDS_UID, &creds);
+ if (r < 0)
+ return r;
+
+ /* Check have the caller has the requested capability
+ * set. Note that the flags value contains the capability
+ * number plus one, which we need to subtract here. We do this
+ * so that we have 0 as special value for "default
+ * capability". */
+ cap = CAPABILITY_SHIFT(c->vtable->flags);
+ if (cap == 0)
+ cap = CAPABILITY_SHIFT(c->parent->vtable[0].flags);
+ if (cap == 0)
+ cap = CAP_SYS_ADMIN;
+ else
+ cap --;
+
+ r = sd_bus_creds_has_effective_cap(creds, cap);
+ if (r > 0)
+ return 1;
+
+ /* Caller has same UID as us, then let's grant access */
+ r = sd_bus_creds_get_uid(creds, &uid);
+ if (r >= 0) {
+ if (uid == getuid())
+ return 1;
+ }
+
+ return sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Access to %s.%s() not permitted.", c->interface, c->member);
+}
+
static int method_callbacks_run(
sd_bus *bus,
sd_bus_message *m,
if (require_fallback && !c->parent->is_fallback)
return 0;
+ r = check_access(bus, m, c, &error);
+ if (r < 0)
+ return bus_maybe_reply_error(m, r, &error);
+
r = node_vtable_get_userdata(bus, m->path, c->parent, &u, &error);
if (r <= 0)
return bus_maybe_reply_error(m, r, &error);
"Invalid arguments '%s' to call %s.%s(), expecting '%s'.",
signature, c->interface, c->member, strempty(c->vtable->x.method.signature));
+ /* Keep track what the signature of the reply to this message
+ * should be, so that this can be enforced when sealing the
+ * reply. */
+ m->enforced_reply_signature = strempty(c->vtable->x.method.result);
+
if (c->vtable->x.method.handler) {
r = c->vtable->x.method.handler(bus, m, u, &error);
return bus_maybe_reply_error(m, r, &error);
if (r < 0)
return r;
if (sd_bus_error_is_set(error))
- return sd_bus_error_get_errno(error);
+ return -sd_bus_error_get_errno(error);
return r;
}
if (r < 0)
return r;
if (sd_bus_error_is_set(error))
- return sd_bus_error_get_errno(error);
+ return -sd_bus_error_get_errno(error);
return r;
}
if (r < 0)
return r;
+ /* Note that we do not do an access check here. Read
+ * access to properties is always unrestricted, since
+ * PropertiesChanged signals broadcast contents
+ * anyway. */
+
r = invoke_property_get(bus, c->vtable, m->path, c->interface, c->member, reply, u, &error);
if (r < 0)
return bus_maybe_reply_error(m, r, &error);
if (r < 0)
return r;
+ r = check_access(bus, m, c, &error);
+ if (r < 0)
+ return bus_maybe_reply_error(m, r, &error);
+
r = invoke_property_set(bus, c->vtable, m->path, c->interface, c->member, m, u, &error);
if (r < 0)
return bus_maybe_reply_error(m, r, &error);
return 1;
}
+static int vtable_append_one_property(
+ sd_bus *bus,
+ sd_bus_message *reply,
+ const char *path,
+ struct node_vtable *c,
+ const sd_bus_vtable *v,
+ void *userdata,
+ sd_bus_error *error) {
+
+ int r;
+
+ assert(bus);
+ assert(reply);
+ assert(path);
+ assert(c);
+ assert(v);
+
+ r = sd_bus_message_open_container(reply, 'e', "sv");
+ if (r < 0)
+ return r;
+
+ r = sd_bus_message_append(reply, "s", v->x.property.member);
+ if (r < 0)
+ return r;
+
+ r = sd_bus_message_open_container(reply, 'v', v->x.property.signature);
+ if (r < 0)
+ return r;
+
+ r = invoke_property_get(bus, v, path, c->interface, v->x.property.member, reply, vtable_property_convert_userdata(v, userdata), error);
+ if (r < 0)
+ return r;
+ if (bus->nodes_modified)
+ return 0;
+
+ r = sd_bus_message_close_container(reply);
+ if (r < 0)
+ return r;
+
+ r = sd_bus_message_close_container(reply);
+ if (r < 0)
+ return r;
+
+ return 0;
+}
+
static int vtable_append_all_properties(
sd_bus *bus,
sd_bus_message *reply,
assert(path);
assert(c);
+ if (c->vtable[0].flags & SD_BUS_VTABLE_HIDDEN)
+ return 1;
+
for (v = c->vtable+1; v->type != _SD_BUS_VTABLE_END; v++) {
if (v->type != _SD_BUS_VTABLE_PROPERTY && v->type != _SD_BUS_VTABLE_WRITABLE_PROPERTY)
continue;
- r = sd_bus_message_open_container(reply, 'e', "sv");
- if (r < 0)
- return r;
-
- r = sd_bus_message_append(reply, "s", v->x.property.member);
- if (r < 0)
- return r;
-
- r = sd_bus_message_open_container(reply, 'v', v->x.property.signature);
- if (r < 0)
- return r;
+ if (v->flags & SD_BUS_VTABLE_HIDDEN)
+ continue;
- r = invoke_property_get(bus, v, path, c->interface, v->x.property.member, reply, vtable_property_convert_userdata(v, userdata), error);
+ r = vtable_append_one_property(bus, reply, path, c, v, userdata, error);
if (r < 0)
return r;
if (bus->nodes_modified)
return 0;
-
- r = sd_bus_message_close_container(reply);
- if (r < 0)
- return r;
-
- r = sd_bus_message_close_container(reply);
- if (r < 0)
- return r;
}
return 1;
if (bus->nodes_modified)
return 0;
- r = introspect_begin(&intro);
+ r = introspect_begin(&intro, bus->trusted);
if (r < 0)
return r;
empty = false;
+ if (c->vtable[0].flags & SD_BUS_VTABLE_HIDDEN)
+ continue;
+
if (!streq_ptr(previous_interface, c->interface)) {
if (previous_interface)
if (m->header->type != SD_BUS_MESSAGE_METHOD_CALL)
return 0;
- if (!m->path)
+ if (hashmap_isempty(bus->nodes))
return 0;
- if (hashmap_isempty(bus->nodes))
+ /* Never respond to broadcast messages */
+ if (bus->bus_client && !m->destination)
return 0;
+ assert(m->path);
+ assert(m->member);
+
pl = strlen(m->path);
do {
char prefix[pl+1];
static struct node *bus_node_allocate(sd_bus *bus, const char *path) {
struct node *n, *parent;
const char *e;
- char *s, *p;
+ _cleanup_free_ char *s = NULL;
+ char *p;
int r;
assert(bus);
p = strndupa(path, MAX(1, path - e));
parent = bus_node_allocate(bus, p);
- if (!parent) {
- free(s);
+ if (!parent)
return NULL;
- }
}
n = new0(struct node, 1);
n->parent = parent;
n->path = s;
+ s = NULL; /* do not free */
- r = hashmap_put(bus->nodes, s, n);
+ r = hashmap_put(bus->nodes, n->path, n);
if (r < 0) {
- free(s);
+ free(n->path);
free(n);
return NULL;
}
free(w);
}
-static unsigned vtable_member_hash_func(const void *a) {
+static unsigned long vtable_member_hash_func(const void *a, const uint8_t hash_key[HASH_KEY_SIZE]) {
const struct vtable_member *m = a;
+ uint8_t hash_key2[HASH_KEY_SIZE];
+ unsigned long ret;
assert(m);
- return
- string_hash_func(m->path) ^
- string_hash_func(m->interface) ^
- string_hash_func(m->member);
+ ret = string_hash_func(m->path, hash_key);
+
+ /* Use a slightly different hash key for the interface */
+ memcpy(hash_key2, hash_key, HASH_KEY_SIZE);
+ hash_key2[0]++;
+ ret ^= string_hash_func(m->interface, hash_key2);
+
+ /* And an even different one for the member */
+ hash_key2[0]++;
+ ret ^= string_hash_func(m->member, hash_key2);
+
+ return ret;
}
static int vtable_member_compare_func(const void *a, const void *b) {
!signature_is_valid(strempty(v->x.method.signature), false) ||
!signature_is_valid(strempty(v->x.method.result), false) ||
!(v->x.method.handler || (isempty(v->x.method.signature) && isempty(v->x.method.result))) ||
- v->flags & (SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE|SD_BUS_VTABLE_PROPERTY_INVALIDATE_ONLY)) {
+ v->flags & (SD_BUS_VTABLE_PROPERTY_CONST|SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE|SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION)) {
r = -EINVAL;
goto fail;
}
!signature_is_single(v->x.property.signature, false) ||
!(v->x.property.get || bus_type_is_basic(v->x.property.signature[0]) || streq(v->x.property.signature, "as")) ||
v->flags & SD_BUS_VTABLE_METHOD_NO_REPLY ||
- (v->flags & SD_BUS_VTABLE_PROPERTY_INVALIDATE_ONLY && !(v->flags & SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE))) {
+ (!!(v->flags & SD_BUS_VTABLE_PROPERTY_CONST) + !!(v->flags & SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE) + !!(v->flags & SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION)) > 1 ||
+ (v->flags & SD_BUS_VTABLE_UNPRIVILEGED && v->type == _SD_BUS_VTABLE_PROPERTY)) {
r = -EINVAL;
goto fail;
}
-
m = new0(struct vtable_member, 1);
if (!m) {
r = -ENOMEM;
case _SD_BUS_VTABLE_SIGNAL:
if (!member_name_is_valid(v->x.signal.member) ||
- !signature_is_valid(strempty(v->x.signal.signature), false)) {
+ !signature_is_valid(strempty(v->x.signal.signature), false) ||
+ v->flags & SD_BUS_VTABLE_UNPRIVILEGED) {
r = -EINVAL;
goto fail;
}
const char *path,
const char *interface,
bool require_fallback,
+ bool *found_interface,
char **names) {
_cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
assert(prefix);
assert(path);
assert(interface);
+ assert(found_interface);
n = hashmap_get(bus->nodes, prefix);
if (!n)
if (r == 0)
continue;
- STRV_FOREACH(property, names) {
- struct vtable_member *v;
+ *found_interface = true;
- assert_return(member_name_is_valid(*property), -EINVAL);
+ if (names) {
+ /* If the caller specified a list of
+ * properties we include exactly those in the
+ * PropertiesChanged message */
- key.member = *property;
- v = hashmap_get(bus->vtable_properties, &key);
- if (!v)
- return -ENOENT;
+ STRV_FOREACH(property, names) {
+ struct vtable_member *v;
- /* If there are two vtables for the same
- * interface, let's handle this property when
- * we come to that vtable. */
- if (c != v->parent)
- continue;
+ assert_return(member_name_is_valid(*property), -EINVAL);
- assert_return(v->vtable->flags & SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE, -EDOM);
+ key.member = *property;
+ v = hashmap_get(bus->vtable_properties, &key);
+ if (!v)
+ return -ENOENT;
+
+ /* If there are two vtables for the same
+ * interface, let's handle this property when
+ * we come to that vtable. */
+ if (c != v->parent)
+ continue;
- if (v->vtable->flags & SD_BUS_VTABLE_PROPERTY_INVALIDATE_ONLY) {
- has_invalidating = true;
- continue;
+ assert_return(v->vtable->flags & SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE ||
+ v->vtable->flags & SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION, -EDOM);
+
+ assert_return(!(v->vtable->flags & SD_BUS_VTABLE_HIDDEN), -EDOM);
+
+ if (v->vtable->flags & SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION) {
+ has_invalidating = true;
+ continue;
+ }
+
+ has_changing = true;
+
+ r = vtable_append_one_property(bus, m, m->path, c, v->vtable, u, &error);
+ if (r < 0)
+ return r;
+ if (bus->nodes_modified)
+ return 0;
}
+ } else {
+ const sd_bus_vtable *v;
- has_changing = true;
+ /* If the caller specified no properties list
+ * we include all properties that are marked
+ * as changing in the message. */
- r = sd_bus_message_open_container(m, 'e', "sv");
- if (r < 0)
- return r;
+ for (v = c->vtable+1; v->type != _SD_BUS_VTABLE_END; v++) {
+ if (v->type != _SD_BUS_VTABLE_PROPERTY && v->type != _SD_BUS_VTABLE_WRITABLE_PROPERTY)
+ continue;
- r = sd_bus_message_append(m, "s", *property);
- if (r < 0)
- return r;
+ if (v->flags & SD_BUS_VTABLE_HIDDEN)
+ continue;
- r = sd_bus_message_open_container(m, 'v', v->vtable->x.property.signature);
- if (r < 0)
- return r;
+ if (v->flags & SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION) {
+ has_invalidating = true;
+ continue;
+ }
- r = invoke_property_get(bus, v->vtable, m->path, interface, *property, m, vtable_property_convert_userdata(v->vtable, u), &error);
- if (r < 0)
- return r;
- if (bus->nodes_modified)
- return 0;
+ if (!(v->flags & SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE))
+ continue;
- r = sd_bus_message_close_container(m);
- if (r < 0)
- return r;
+ has_changing = true;
- r = sd_bus_message_close_container(m);
- if (r < 0)
- return r;
+ r = vtable_append_one_property(bus, m, m->path, c, v, u, &error);
+ if (r < 0)
+ return r;
+ if (bus->nodes_modified)
+ return 0;
+ }
}
}
if (r == 0)
continue;
- STRV_FOREACH(property, names) {
- struct vtable_member *v;
+ if (names) {
+ STRV_FOREACH(property, names) {
+ struct vtable_member *v;
- key.member = *property;
- assert_se(v = hashmap_get(bus->vtable_properties, &key));
- assert(c == v->parent);
+ key.member = *property;
+ assert_se(v = hashmap_get(bus->vtable_properties, &key));
+ assert(c == v->parent);
- if (!(v->vtable->flags & SD_BUS_VTABLE_PROPERTY_INVALIDATE_ONLY))
- continue;
+ if (!(v->vtable->flags & SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION))
+ continue;
- r = sd_bus_message_append(m, "s", *property);
- if (r < 0)
- return r;
+ r = sd_bus_message_append(m, "s", *property);
+ if (r < 0)
+ return r;
+ }
+ } else {
+ const sd_bus_vtable *v;
+
+ for (v = c->vtable+1; v->type != _SD_BUS_VTABLE_END; v++) {
+ if (v->type != _SD_BUS_VTABLE_PROPERTY && v->type != _SD_BUS_VTABLE_WRITABLE_PROPERTY)
+ continue;
+
+ if (v->flags & SD_BUS_VTABLE_HIDDEN)
+ continue;
+
+ if (!(v->flags & SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION))
+ continue;
+
+ r = sd_bus_message_append(m, "s", v->x.property.member);
+ if (r < 0)
+ return r;
+ }
}
}
}
char **names) {
BUS_DONT_DESTROY(bus);
+ bool found_interface = false;
char *prefix;
int r;
assert_return(BUS_IS_OPEN(bus->state), -ENOTCONN);
assert_return(!bus_pid_changed(bus), -ECHILD);
- if (strv_isempty(names))
+
+ /* A non-NULL but empty names list means nothing needs to be
+ generated. A NULL list OTOH indicates that all properties
+ that are set to EMITS_CHANGE or EMITS_INVALIDATION shall be
+ included in the PropertiesChanged message. */
+ if (names && names[0] == NULL)
return 0;
do {
bus->nodes_modified = false;
- r = emit_properties_changed_on_interface(bus, path, path, interface, false, names);
+ r = emit_properties_changed_on_interface(bus, path, path, interface, false, &found_interface, names);
if (r != 0)
return r;
if (bus->nodes_modified)
prefix = alloca(strlen(path) + 1);
OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
- r = emit_properties_changed_on_interface(bus, prefix, path, interface, true, names);
+ r = emit_properties_changed_on_interface(bus, prefix, path, interface, true, &found_interface, names);
if (r != 0)
return r;
if (bus->nodes_modified)
} while (bus->nodes_modified);
- return -ENOENT;
+ return found_interface ? 0 : -ENOENT;
}
_public_ int sd_bus_emit_properties_changed(