chiark / gitweb /
bus: rework message struct to keep header with fields in same malloc() block
[elogind.git] / src / libsystemd-bus / bus-message.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4   This file is part of systemd.
5
6   Copyright 2013 Lennart Poettering
7
8   systemd is free software; you can redistribute it and/or modify it
9   under the terms of the GNU Lesser General Public License as published by
10   the Free Software Foundation; either version 2.1 of the License, or
11   (at your option) any later version.
12
13   systemd is distributed in the hope that it will be useful, but
14   WITHOUT ANY WARRANTY; without even the implied warranty of
15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16   Lesser General Public License for more details.
17
18   You should have received a copy of the GNU Lesser General Public License
19   along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <errno.h>
23 #include <fcntl.h>
24 #include <sys/mman.h>
25
26 #include "util.h"
27 #include "utf8.h"
28 #include "strv.h"
29 #include "time-util.h"
30 #include "cgroup-util.h"
31
32 #include "sd-bus.h"
33 #include "bus-message.h"
34 #include "bus-internal.h"
35 #include "bus-type.h"
36 #include "bus-signature.h"
37
38 static int message_append_basic(sd_bus_message *m, char type, const void *p, const void **stored);
39
40 static void *adjust_pointer(const void *p, void *old_base, size_t sz, void *new_base) {
41
42         if (p == NULL)
43                 return NULL;
44
45         if (old_base == new_base)
46                 return (void*) p;
47
48         if ((uint8_t*) p < (uint8_t*) old_base)
49                 return (void*) p;
50
51         if ((uint8_t*) p >= (uint8_t*) old_base + sz)
52                 return (void*) p;
53
54         return (uint8_t*) new_base + ((uint8_t*) p - (uint8_t*) old_base);
55 }
56
57 static void message_free_part(sd_bus_message *m, struct bus_body_part *part) {
58         assert(m);
59         assert(part);
60
61         if (part->memfd >= 0) {
62
63                 if (!part->sealed)
64                         bus_kernel_push_memfd(m->bus, part->memfd, part->data, part->mapped);
65                 else {
66                         if (part->size > 0)
67                                 assert_se(munmap(part->data, PAGE_ALIGN(part->size)) == 0);
68
69                         close_nointr_nofail(part->memfd);
70                 }
71
72         } else if (part->free_this)
73                 free(part->data);
74
75         if (part != &m->body)
76                 free(part);
77 }
78
79 static void message_reset_parts(sd_bus_message *m) {
80         struct bus_body_part *part;
81
82         assert(m);
83
84         part = &m->body;
85         while (m->n_body_parts > 0) {
86                 struct bus_body_part *next = part->next;
87                 message_free_part(m, part);
88                 part = next;
89                 m->n_body_parts--;
90         }
91
92         m->body_end = NULL;
93
94         m->cached_rindex_part = NULL;
95         m->cached_rindex_part_begin = 0;
96 }
97
98 static void message_reset_containers(sd_bus_message *m) {
99         unsigned i;
100
101         assert(m);
102
103         for (i = 0; i < m->n_containers; i++)
104                 free(m->containers[i].signature);
105
106         free(m->containers);
107         m->containers = NULL;
108
109         m->n_containers = 0;
110         m->root_container.index = 0;
111 }
112
113 static void message_free(sd_bus_message *m) {
114         assert(m);
115
116         if (m->free_header)
117                 free(m->header);
118
119         message_reset_parts(m);
120
121         if (m->free_kdbus)
122                 free(m->kdbus);
123
124         if (m->release_kdbus)
125                 ioctl(m->bus->input_fd, KDBUS_CMD_MSG_RELEASE, m->kdbus);
126
127         if (m->free_fds) {
128                 close_many(m->fds, m->n_fds);
129                 free(m->fds);
130         }
131
132         if (m->bus)
133                 sd_bus_unref(m->bus);
134
135         if (m->iovec != m->iovec_fixed)
136                 free(m->iovec);
137
138         free(m->cmdline_array);
139
140         message_reset_containers(m);
141         free(m->root_container.signature);
142
143         free(m->peeked_signature);
144
145         free(m->unit);
146         free(m->user_unit);
147         free(m->session);
148         free(m);
149 }
150
151 static void *message_extend_fields(sd_bus_message *m, size_t align, size_t sz) {
152         void *op, *np;
153         size_t old_size, new_size, start;
154
155         assert(m);
156
157         if (m->poisoned)
158                 return NULL;
159
160         old_size = sizeof(struct bus_header) + m->header->fields_size;
161         start = ALIGN_TO(old_size, align);
162         new_size = start + sz;
163
164         if (old_size == new_size)
165                 return (uint8_t*) m->header + old_size;
166
167         if (new_size > (size_t) ((uint32_t) -1))
168                 goto poison;
169
170         if (m->free_header) {
171                 np = realloc(m->header, ALIGN8(new_size));
172                 if (!np)
173                         goto poison;
174         } else {
175                 /* Initially, the header is allocated as part of of
176                  * the sd_bus_message itself, let's replace it by
177                  * dynamic data */
178
179                 np = malloc(ALIGN8(new_size));
180                 if (!np)
181                         goto poison;
182
183                 memcpy(np, m->header, sizeof(struct bus_header));
184         }
185
186         /* Zero out padding */
187         if (start > old_size)
188                 memset((uint8_t*) np + old_size, 0, start - old_size);
189
190         op = m->header;
191         m->header = np;
192         m->header->fields_size = new_size - sizeof(struct bus_header);
193
194         /* Adjust quick access pointers */
195         m->path = adjust_pointer(m->path, op, old_size, m->header);
196         m->interface = adjust_pointer(m->interface, op, old_size, m->header);
197         m->member = adjust_pointer(m->member, op, old_size, m->header);
198         m->destination = adjust_pointer(m->destination, op, old_size, m->header);
199         m->sender = adjust_pointer(m->sender, op, old_size, m->header);
200         m->error.name = adjust_pointer(m->error.name, op, old_size, m->header);
201
202         m->free_header = true;
203
204         return (uint8_t*) np + start;
205
206 poison:
207         m->poisoned = true;
208         return NULL;
209 }
210
211 static int message_append_field_string(
212                 sd_bus_message *m,
213                 uint8_t h,
214                 char type,
215                 const char *s,
216                 const char **ret) {
217
218         size_t l;
219         uint8_t *p;
220
221         assert(m);
222
223         l = strlen(s);
224         if (l > (size_t) (uint32_t) -1)
225                 return -EINVAL;
226
227         /* field id byte + signature length + signature 's' + NUL + string length + string + NUL */
228         p = message_extend_fields(m, 8, 4 + 4 + l + 1);
229         if (!p)
230                 return -ENOMEM;
231
232         p[0] = h;
233         p[1] = 1;
234         p[2] = type;
235         p[3] = 0;
236
237         ((uint32_t*) p)[1] = l;
238         memcpy(p + 8, s, l + 1);
239
240         if (ret)
241                 *ret = (char*) p + 8;
242
243         return 0;
244 }
245
246 static int message_append_field_signature(
247                 sd_bus_message *m,
248                 uint8_t h,
249                 const char *s,
250                 const char **ret) {
251
252         size_t l;
253         uint8_t *p;
254
255         assert(m);
256
257         l = strlen(s);
258         if (l > 255)
259                 return -EINVAL;
260
261         /* field id byte + signature length + signature 'g' + NUL + string length + string + NUL */
262         p = message_extend_fields(m, 8, 4 + 1 + l + 1);
263         if (!p)
264                 return -ENOMEM;
265
266         p[0] = h;
267         p[1] = 1;
268         p[2] = SD_BUS_TYPE_SIGNATURE;
269         p[3] = 0;
270         p[4] = l;
271         memcpy(p + 5, s, l + 1);
272
273         if (ret)
274                 *ret = (const char*) p + 5;
275
276         return 0;
277 }
278
279 static int message_append_field_uint32(sd_bus_message *m, uint8_t h, uint32_t x) {
280         uint8_t *p;
281
282         assert(m);
283
284         /* field id byte + signature length + signature 'u' + NUL + value */
285         p = message_extend_fields(m, 8, 4 + 4);
286         if (!p)
287                 return -ENOMEM;
288
289         p[0] = h;
290         p[1] = 1;
291         p[2] = SD_BUS_TYPE_UINT32;
292         p[3] = 0;
293
294         ((uint32_t*) p)[1] = x;
295
296         return 0;
297 }
298
299 int bus_message_from_header(
300                 void *buffer,
301                 size_t length,
302                 int *fds,
303                 unsigned n_fds,
304                 const struct ucred *ucred,
305                 const char *label,
306                 size_t extra,
307                 sd_bus_message **ret) {
308
309         sd_bus_message *m;
310         struct bus_header *h;
311         size_t a, label_sz;
312
313         assert(buffer || length <= 0);
314         assert(fds || n_fds <= 0);
315         assert(ret);
316
317         if (length < sizeof(struct bus_header))
318                 return -EBADMSG;
319
320         h = buffer;
321         if (h->version != 1)
322                 return -EBADMSG;
323
324         if (h->serial == 0)
325                 return -EBADMSG;
326
327         if (h->type == _SD_BUS_MESSAGE_TYPE_INVALID)
328                 return -EBADMSG;
329
330         if (h->endian != SD_BUS_LITTLE_ENDIAN &&
331             h->endian != SD_BUS_BIG_ENDIAN)
332                 return -EBADMSG;
333
334         a = ALIGN(sizeof(sd_bus_message)) + ALIGN(extra);
335
336         if (label) {
337                 label_sz = strlen(label);
338                 a += label_sz + 1;
339         }
340
341         m = malloc0(a);
342         if (!m)
343                 return -ENOMEM;
344
345         m->n_ref = 1;
346         m->sealed = true;
347         m->header = h;
348         m->fds = fds;
349         m->n_fds = n_fds;
350
351         if (ucred) {
352                 m->uid = ucred->uid;
353                 m->pid = ucred->pid;
354                 m->gid = ucred->gid;
355                 m->uid_valid = m->gid_valid = true;
356         }
357
358         if (label) {
359                 m->label = (char*) m + ALIGN(sizeof(sd_bus_message)) + ALIGN(extra);
360                 memcpy(m->label, label, label_sz + 1);
361         }
362
363         *ret = m;
364         return 0;
365 }
366
367 int bus_message_from_malloc(
368                 void *buffer,
369                 size_t length,
370                 int *fds,
371                 unsigned n_fds,
372                 const struct ucred *ucred,
373                 const char *label,
374                 sd_bus_message **ret) {
375
376         sd_bus_message *m;
377         int r;
378
379         r = bus_message_from_header(buffer, length, fds, n_fds, ucred, label, 0, &m);
380         if (r < 0)
381                 return r;
382
383         if (length != BUS_MESSAGE_SIZE(m)) {
384                 r = -EBADMSG;
385                 goto fail;
386         }
387
388         m->n_body_parts = 1;
389         m->body.data = (uint8_t*) buffer + sizeof(struct bus_header) + ALIGN8(BUS_MESSAGE_FIELDS_SIZE(m));
390         m->body.size = length - sizeof(struct bus_header) - ALIGN8(BUS_MESSAGE_FIELDS_SIZE(m));
391         m->body.sealed = true;
392         m->body.memfd = -1;
393
394         m->n_iovec = 1;
395         m->iovec = m->iovec_fixed;
396         m->iovec[0].iov_base = buffer;
397         m->iovec[0].iov_len = length;
398
399         r = bus_message_parse_fields(m);
400         if (r < 0)
401                 goto fail;
402
403         /* We take possession of the memory and fds now */
404         m->free_header = true;
405         m->free_fds = true;
406
407         *ret = m;
408         return 0;
409
410 fail:
411         message_free(m);
412         return r;
413 }
414
415 static sd_bus_message *message_new(sd_bus *bus, uint8_t type) {
416         sd_bus_message *m;
417
418         m = malloc0(ALIGN(sizeof(sd_bus_message)) + sizeof(struct bus_header));
419         if (!m)
420                 return NULL;
421
422         m->n_ref = 1;
423         m->header = (struct bus_header*) ((uint8_t*) m + ALIGN(sizeof(struct sd_bus_message)));
424         m->header->endian = SD_BUS_NATIVE_ENDIAN;
425         m->header->type = type;
426         m->header->version = bus ? bus->message_version : 1;
427         m->allow_fds = !bus || bus->can_fds || (bus->state != BUS_HELLO && bus->state != BUS_RUNNING);
428
429         if (bus)
430                 m->bus = sd_bus_ref(bus);
431
432         return m;
433 }
434
435 int sd_bus_message_new_signal(
436                 sd_bus *bus,
437                 const char *path,
438                 const char *interface,
439                 const char *member,
440                 sd_bus_message **m) {
441
442         sd_bus_message *t;
443         int r;
444
445         if (!path)
446                 return -EINVAL;
447         if (!interface)
448                 return -EINVAL;
449         if (!member)
450                 return -EINVAL;
451         if (!m)
452                 return -EINVAL;
453         if (bus && bus->state == BUS_UNSET)
454                 return -ENOTCONN;
455
456         t = message_new(bus, SD_BUS_MESSAGE_TYPE_SIGNAL);
457         if (!t)
458                 return -ENOMEM;
459
460         t->header->flags |= SD_BUS_MESSAGE_NO_REPLY_EXPECTED;
461
462         r = message_append_field_string(t, SD_BUS_MESSAGE_HEADER_PATH, SD_BUS_TYPE_OBJECT_PATH, path, &t->path);
463         if (r < 0)
464                 goto fail;
465         r = message_append_field_string(t, SD_BUS_MESSAGE_HEADER_INTERFACE, SD_BUS_TYPE_STRING, interface, &t->interface);
466         if (r < 0)
467                 goto fail;
468         r = message_append_field_string(t, SD_BUS_MESSAGE_HEADER_MEMBER, SD_BUS_TYPE_STRING, member, &t->member);
469         if (r < 0)
470                 goto fail;
471
472         *m = t;
473         return 0;
474
475 fail:
476         sd_bus_message_unref(t);
477         return r;
478 }
479
480 int sd_bus_message_new_method_call(
481                 sd_bus *bus,
482                 const char *destination,
483                 const char *path,
484                 const char *interface,
485                 const char *member,
486                 sd_bus_message **m) {
487
488         sd_bus_message *t;
489         int r;
490
491         if (!path)
492                 return -EINVAL;
493         if (!member)
494                 return -EINVAL;
495         if (!m)
496                 return -EINVAL;
497         if (bus && bus->state == BUS_UNSET)
498                 return -ENOTCONN;
499
500         t = message_new(bus, SD_BUS_MESSAGE_TYPE_METHOD_CALL);
501         if (!t)
502                 return -ENOMEM;
503
504         r = message_append_field_string(t, SD_BUS_MESSAGE_HEADER_PATH, SD_BUS_TYPE_OBJECT_PATH, path, &t->path);
505         if (r < 0)
506                 goto fail;
507         r = message_append_field_string(t, SD_BUS_MESSAGE_HEADER_MEMBER, SD_BUS_TYPE_STRING, member, &t->member);
508         if (r < 0)
509                 goto fail;
510
511         if (interface) {
512                 r = message_append_field_string(t, SD_BUS_MESSAGE_HEADER_INTERFACE, SD_BUS_TYPE_STRING, interface, &t->interface);
513                 if (r < 0)
514                         goto fail;
515         }
516
517         if (destination) {
518                 r = message_append_field_string(t, SD_BUS_MESSAGE_HEADER_DESTINATION, SD_BUS_TYPE_STRING, destination, &t->destination);
519                 if (r < 0)
520                         goto fail;
521         }
522
523         *m = t;
524         return 0;
525
526 fail:
527         message_free(t);
528         return r;
529 }
530
531 static int message_new_reply(
532                 sd_bus *bus,
533                 sd_bus_message *call,
534                 uint8_t type,
535                 sd_bus_message **m) {
536
537         sd_bus_message *t;
538         int r;
539
540         if (!call)
541                 return -EINVAL;
542         if (!call->sealed)
543                 return -EPERM;
544         if (call->header->type != SD_BUS_MESSAGE_TYPE_METHOD_CALL)
545                 return -EINVAL;
546         if (!m)
547                 return -EINVAL;
548         if (bus && bus->state == BUS_UNSET)
549                 return -ENOTCONN;
550
551         t = message_new(bus, type);
552         if (!t)
553                 return -ENOMEM;
554
555         t->header->flags |= SD_BUS_MESSAGE_NO_REPLY_EXPECTED;
556         t->reply_serial = BUS_MESSAGE_SERIAL(call);
557
558         r = message_append_field_uint32(t, SD_BUS_MESSAGE_HEADER_REPLY_SERIAL, t->reply_serial);
559         if (r < 0)
560                 goto fail;
561
562         if (call->sender) {
563                 r = message_append_field_string(t, SD_BUS_MESSAGE_HEADER_DESTINATION, SD_BUS_TYPE_STRING, call->sender, &t->sender);
564                 if (r < 0)
565                         goto fail;
566         }
567
568         t->dont_send = !!(call->header->flags & SD_BUS_MESSAGE_NO_REPLY_EXPECTED);
569
570         *m = t;
571         return 0;
572
573 fail:
574         message_free(t);
575         return r;
576 }
577
578 int sd_bus_message_new_method_return(
579                 sd_bus *bus,
580                 sd_bus_message *call,
581                 sd_bus_message **m) {
582
583         return message_new_reply(bus, call, SD_BUS_MESSAGE_TYPE_METHOD_RETURN, m);
584 }
585
586 int sd_bus_message_new_method_error(
587                 sd_bus *bus,
588                 sd_bus_message *call,
589                 const sd_bus_error *e,
590                 sd_bus_message **m) {
591
592         sd_bus_message *t;
593         int r;
594
595         if (!sd_bus_error_is_set(e))
596                 return -EINVAL;
597         if (!m)
598                 return -EINVAL;
599
600         r = message_new_reply(bus, call, SD_BUS_MESSAGE_TYPE_METHOD_ERROR, &t);
601         if (r < 0)
602                 return r;
603
604         r = message_append_field_string(t, SD_BUS_MESSAGE_HEADER_ERROR_NAME, SD_BUS_TYPE_STRING, e->name, &t->error.name);
605         if (r < 0)
606                 goto fail;
607
608         if (e->message) {
609                 r = message_append_basic(t, SD_BUS_TYPE_STRING, e->message, (const void**) &t->error.message);
610                 if (r < 0)
611                         goto fail;
612         }
613
614         *m = t;
615         return 0;
616
617 fail:
618         message_free(t);
619         return r;
620 }
621
622 sd_bus_message* sd_bus_message_ref(sd_bus_message *m) {
623         if (!m)
624                 return NULL;
625
626         assert(m->n_ref > 0);
627         m->n_ref++;
628
629         return m;
630 }
631
632 sd_bus_message* sd_bus_message_unref(sd_bus_message *m) {
633         if (!m)
634                 return NULL;
635
636         assert(m->n_ref > 0);
637         m->n_ref--;
638
639         if (m->n_ref <= 0)
640                 message_free(m);
641
642         return NULL;
643 }
644
645 int sd_bus_message_get_type(sd_bus_message *m, uint8_t *type) {
646         if (!m)
647                 return -EINVAL;
648         if (!type)
649                 return -EINVAL;
650
651         *type = m->header->type;
652         return 0;
653 }
654
655 int sd_bus_message_get_serial(sd_bus_message *m, uint64_t *serial) {
656         if (!m)
657                 return -EINVAL;
658         if (!serial)
659                 return -EINVAL;
660         if (m->header->serial == 0)
661                 return -ENOENT;
662
663         *serial = BUS_MESSAGE_SERIAL(m);
664         return 0;
665 }
666
667 int sd_bus_message_get_reply_serial(sd_bus_message *m, uint64_t *serial) {
668         if (!m)
669                 return -EINVAL;
670         if (!serial)
671                 return -EINVAL;
672         if (m->reply_serial == 0)
673                 return -ENOENT;
674
675         *serial = m->reply_serial;
676         return 0;
677 }
678
679 int sd_bus_message_get_no_reply(sd_bus_message *m) {
680         if (!m)
681                 return -EINVAL;
682
683         return m->header->type == SD_BUS_MESSAGE_TYPE_METHOD_CALL ? !!(m->header->flags & SD_BUS_MESSAGE_NO_REPLY_EXPECTED) : 0;
684 }
685
686 const char *sd_bus_message_get_path(sd_bus_message *m) {
687         if (!m)
688                 return NULL;
689
690         return m->path;
691 }
692
693 const char *sd_bus_message_get_interface(sd_bus_message *m) {
694         if (!m)
695                 return NULL;
696
697         return m->interface;
698 }
699
700 const char *sd_bus_message_get_member(sd_bus_message *m) {
701         if (!m)
702                 return NULL;
703
704         return m->member;
705 }
706 const char *sd_bus_message_get_destination(sd_bus_message *m) {
707         if (!m)
708                 return NULL;
709
710         return m->destination;
711 }
712
713 const char *sd_bus_message_get_sender(sd_bus_message *m) {
714         if (!m)
715                 return NULL;
716
717         return m->sender;
718 }
719
720 const sd_bus_error *sd_bus_message_get_error(sd_bus_message *m) {
721         if (!m)
722                 return NULL;
723
724         if (!sd_bus_error_is_set(&m->error))
725                 return NULL;
726
727         return &m->error;
728 }
729
730 int sd_bus_message_get_uid(sd_bus_message *m, uid_t *uid) {
731         if (!m)
732                 return -EINVAL;
733         if (!uid)
734                 return -EINVAL;
735         if (!m->uid_valid)
736                 return -ESRCH;
737
738         *uid = m->uid;
739         return 0;
740 }
741
742 int sd_bus_message_get_gid(sd_bus_message *m, gid_t *gid) {
743         if (!m)
744                 return -EINVAL;
745         if (!gid)
746                 return -EINVAL;
747         if (!m->gid_valid)
748                 return -ESRCH;
749
750         *gid = m->gid;
751         return 0;
752 }
753
754 int sd_bus_message_get_pid(sd_bus_message *m, pid_t *pid) {
755         if (!m)
756                 return -EINVAL;
757         if (!pid)
758                 return -EINVAL;
759         if (m->pid <= 0)
760                 return -ESRCH;
761
762         *pid = m->pid;
763         return 0;
764 }
765
766 int sd_bus_message_get_tid(sd_bus_message *m, pid_t *tid) {
767         if (!m)
768                 return -EINVAL;
769         if (!tid)
770                 return -EINVAL;
771         if (m->tid <= 0)
772                 return -ESRCH;
773
774         *tid = m->tid;
775         return 0;
776 }
777
778 int sd_bus_message_get_pid_starttime(sd_bus_message *m, uint64_t *usec) {
779         if (!m)
780                 return -EINVAL;
781         if (!usec)
782                 return -EINVAL;
783         if (m->pid_starttime <= 0)
784                 return -ESRCH;
785
786         *usec = m->pid_starttime;
787         return 0;
788 }
789
790 int sd_bus_message_get_selinux_context(sd_bus_message *m, const char **ret) {
791         if (!m)
792                 return -EINVAL;
793         if (!m->label)
794                 return -ESRCH;
795
796         *ret = m->label;
797         return 0;
798 }
799
800 int sd_bus_message_get_monotonic_timestamp(sd_bus_message *m, uint64_t *usec) {
801         if (!m)
802                 return -EINVAL;
803         if (!usec)
804                 return -EINVAL;
805         if (m->monotonic <= 0)
806                 return -ESRCH;
807
808         *usec = m->monotonic;
809         return 0;
810 }
811
812 int sd_bus_message_get_realtime_timestamp(sd_bus_message *m, uint64_t *usec) {
813         if (!m)
814                 return -EINVAL;
815         if (!usec)
816                 return -EINVAL;
817         if (m->realtime <= 0)
818                 return -ESRCH;
819
820         *usec = m->realtime;
821         return 0;
822 }
823
824 int sd_bus_message_get_comm(sd_bus_message *m, const char **ret) {
825         if (!m)
826                 return -EINVAL;
827         if (!ret)
828                 return -EINVAL;
829         if (!m->comm)
830                 return -ESRCH;
831
832         *ret = m->comm;
833         return 0;
834 }
835
836 int sd_bus_message_get_tid_comm(sd_bus_message *m, const char **ret) {
837         if (!m)
838                 return -EINVAL;
839         if (!ret)
840                 return -EINVAL;
841         if (!m->tid_comm)
842                 return -ESRCH;
843
844         *ret = m->tid_comm;
845         return 0;
846 }
847
848 int sd_bus_message_get_exe(sd_bus_message *m, const char **ret) {
849         if (!m)
850                 return -EINVAL;
851         if (!ret)
852                 return -EINVAL;
853         if (!m->exe)
854                 return -ESRCH;
855
856         *ret = m->exe;
857         return 0;
858 }
859
860 int sd_bus_message_get_cgroup(sd_bus_message *m, const char **ret) {
861         if (!m)
862                 return -EINVAL;
863         if (!ret)
864                 return -EINVAL;
865         if (!m->cgroup)
866                 return -ESRCH;
867
868         *ret = m->cgroup;
869         return 0;
870 }
871
872 int sd_bus_message_get_unit(sd_bus_message *m, const char **ret) {
873         int r;
874
875         if (!m)
876                 return -EINVAL;
877         if (!ret)
878                 return -EINVAL;
879         if (!m->cgroup)
880                 return -ESRCH;
881
882         if (!m->unit) {
883                 r = cg_path_get_unit(m->cgroup, &m->unit);
884                 if (r < 0)
885                         return r;
886         }
887
888         *ret = m->unit;
889         return 0;
890 }
891
892 int sd_bus_message_get_user_unit(sd_bus_message *m, const char **ret) {
893         int r;
894
895         if (!m)
896                 return -EINVAL;
897         if (!ret)
898                 return -EINVAL;
899         if (!m->cgroup)
900                 return -ESRCH;
901
902         if (!m->user_unit) {
903                 r = cg_path_get_user_unit(m->cgroup, &m->user_unit);
904                 if (r < 0)
905                         return r;
906         }
907
908         *ret = m->user_unit;
909         return 0;
910 }
911
912 int sd_bus_message_get_session(sd_bus_message *m, const char **ret) {
913         int r;
914
915         if (!m)
916                 return -EINVAL;
917         if (!ret)
918                 return -EINVAL;
919         if (!m->cgroup)
920                 return -ESRCH;
921
922         if (!m->session) {
923                 r = cg_path_get_session(m->cgroup, &m->session);
924                 if (r < 0)
925                         return r;
926         }
927
928         *ret = m->session;
929         return 0;
930 }
931
932 int sd_bus_message_get_owner_uid(sd_bus_message *m, uid_t *uid) {
933         if (!m)
934                 return -EINVAL;
935         if (!uid)
936                 return -EINVAL;
937         if (!m->cgroup)
938                 return -ESRCH;
939
940         return cg_path_get_owner_uid(m->cgroup, uid);
941 }
942
943 int sd_bus_message_get_cmdline(sd_bus_message *m, char ***cmdline) {
944         size_t n, i;
945         const char *p;
946         bool first;
947
948         if (!m)
949                 return -EINVAL;
950
951         if (!m->cmdline)
952                 return -ENOENT;
953
954         for (p = m->cmdline, n = 0; p < m->cmdline + m->cmdline_length; p++)
955                 if (*p == 0)
956                         n++;
957
958         m->cmdline_array = new(char*, n + 1);
959         if (!m->cmdline_array)
960                 return -ENOMEM;
961
962         for (p = m->cmdline, i = 0, first = true; p < m->cmdline + m->cmdline_length; p++) {
963                 if (first)
964                         m->cmdline_array[i++] = (char*) p;
965
966                 first = *p == 0;
967         }
968
969         m->cmdline_array[i] = NULL;
970         *cmdline = m->cmdline_array;
971
972         return 0;
973 }
974
975 int sd_bus_message_get_audit_sessionid(sd_bus_message *m, uint32_t *sessionid) {
976         if (!m)
977                 return -EINVAL;
978         if (!sessionid)
979                 return -EINVAL;
980         if (!m->audit)
981                 return -ESRCH;
982
983         *sessionid = m->audit->sessionid;
984         return 0;
985 }
986
987 int sd_bus_message_get_audit_loginuid(sd_bus_message *m, uid_t *uid) {
988         if (!m)
989                 return -EINVAL;
990         if (!uid)
991                 return -EINVAL;
992         if (!m->audit)
993                 return -ESRCH;
994
995         *uid = m->audit->loginuid;
996         return 0;
997 }
998
999 int sd_bus_message_has_effective_cap(sd_bus_message *m, int capability) {
1000         unsigned sz;
1001
1002         if (!m)
1003                 return -EINVAL;
1004         if (capability < 0)
1005                 return -EINVAL;
1006         if (!m->capability)
1007                 return -ESRCH;
1008
1009         sz = m->capability_size / 4;
1010         if ((unsigned) capability >= sz*8)
1011                 return 0;
1012
1013         return !!(m->capability[2 * sz + (capability / 8)] & (1 << (capability % 8)));
1014 }
1015
1016 int sd_bus_message_is_signal(sd_bus_message *m, const char *interface, const char *member) {
1017         if (!m)
1018                 return -EINVAL;
1019
1020         if (m->header->type != SD_BUS_MESSAGE_TYPE_SIGNAL)
1021                 return 0;
1022
1023         if (interface && (!m->interface || !streq(m->interface, interface)))
1024                 return 0;
1025
1026         if (member &&  (!m->member || !streq(m->member, member)))
1027                 return 0;
1028
1029         return 1;
1030 }
1031
1032 int sd_bus_message_is_method_call(sd_bus_message *m, const char *interface, const char *member) {
1033         if (!m)
1034                 return -EINVAL;
1035
1036         if (m->header->type != SD_BUS_MESSAGE_TYPE_METHOD_CALL)
1037                 return 0;
1038
1039         if (interface && (!m->interface || !streq(m->interface, interface)))
1040                 return 0;
1041
1042         if (member &&  (!m->member || !streq(m->member, member)))
1043                 return 0;
1044
1045         return 1;
1046 }
1047
1048 int sd_bus_message_is_method_error(sd_bus_message *m, const char *name) {
1049         if (!m)
1050                 return -EINVAL;
1051
1052         if (m->header->type != SD_BUS_MESSAGE_TYPE_METHOD_ERROR)
1053                 return 0;
1054
1055         if (name && (!m->error.name || !streq(m->error.name, name)))
1056                 return 0;
1057
1058         return 1;
1059 }
1060
1061 int sd_bus_message_set_no_reply(sd_bus_message *m, int b) {
1062         if (!m)
1063                 return -EINVAL;
1064         if (m->sealed)
1065                 return -EPERM;
1066         if (m->header->type != SD_BUS_MESSAGE_TYPE_METHOD_CALL)
1067                 return -EPERM;
1068
1069         if (b)
1070                 m->header->flags |= SD_BUS_MESSAGE_NO_REPLY_EXPECTED;
1071         else
1072                 m->header->flags &= ~SD_BUS_MESSAGE_NO_REPLY_EXPECTED;
1073
1074         return 0;
1075 }
1076
1077 static struct bus_container *message_get_container(sd_bus_message *m) {
1078         assert(m);
1079
1080         if (m->n_containers == 0)
1081                 return &m->root_container;
1082
1083         assert(m->containers);
1084         return m->containers + m->n_containers - 1;
1085 }
1086
1087 struct bus_body_part *message_append_part(sd_bus_message *m) {
1088         struct bus_body_part *part;
1089
1090         assert(m);
1091
1092         if (m->poisoned)
1093                 return NULL;
1094
1095         if (m->n_body_parts <= 0) {
1096                 part = &m->body;
1097                 zero(*part);
1098         } else {
1099                 assert(m->body_end);
1100
1101                 part = new0(struct bus_body_part, 1);
1102                 if (!part) {
1103                         m->poisoned = true;
1104                         return NULL;
1105                 }
1106
1107                 m->body_end->next = part;
1108         }
1109
1110         part->memfd = -1;
1111         m->body_end = part;
1112         m->n_body_parts ++;
1113
1114         return part;
1115 }
1116
1117 static void part_zero(struct bus_body_part *part, size_t sz) {
1118         assert(part);
1119         assert(sz > 0);
1120         assert(sz < 8);
1121
1122         part->data = NULL;
1123         part->size = sz;
1124 }
1125
1126 static int part_make_space(
1127                 struct sd_bus_message *m,
1128                 struct bus_body_part *part,
1129                 size_t sz,
1130                 void **q) {
1131
1132         void *n;
1133         int r;
1134
1135         assert(m);
1136         assert(part);
1137         assert(!part->sealed);
1138
1139         if (m->poisoned)
1140                 return -ENOMEM;
1141
1142         if (!part->data && part->memfd < 0)
1143                 part->memfd = bus_kernel_pop_memfd(m->bus, &part->data, &part->mapped);
1144
1145         if (part->memfd >= 0) {
1146                 uint64_t u = sz;
1147
1148                 r = ioctl(part->memfd, KDBUS_CMD_MEMFD_SIZE_SET, &u);
1149                 if (r < 0) {
1150                         m->poisoned = true;
1151                         return -errno;
1152                 }
1153
1154                 if (sz > part->mapped) {
1155                         size_t psz = PAGE_ALIGN(sz);
1156
1157                         if (part->mapped <= 0)
1158                                 n = mmap(NULL, psz, PROT_READ|PROT_WRITE, MAP_SHARED, part->memfd, 0);
1159                         else
1160                                 n = mremap(part->data, part->mapped, psz, MREMAP_MAYMOVE);
1161
1162                         if (n == MAP_FAILED) {
1163                                 m->poisoned = true;
1164                                 return -errno;
1165                         }
1166
1167                         part->mapped = psz;
1168                         part->data = n;
1169                 }
1170         } else {
1171                 n = realloc(part->data, sz);
1172                 if (!n) {
1173                         m->poisoned = true;
1174                         return -ENOMEM;
1175                 }
1176
1177                 part->data = n;
1178                 part->free_this = true;
1179         }
1180
1181         if (q)
1182                 *q = part->data ? (uint8_t*) part->data + part->size : NULL;
1183
1184         part->size = sz;
1185         return 0;
1186 }
1187
1188 static void *message_extend_body(sd_bus_message *m, size_t align, size_t sz) {
1189         struct bus_container *c;
1190         struct bus_body_part *part = NULL;
1191         size_t start_body, end_body, padding, start_part, end_part, added;
1192         bool add_new_part;
1193         void *p;
1194         int r;
1195
1196         assert(m);
1197         assert(align > 0);
1198         assert(!m->sealed);
1199
1200         if (m->poisoned)
1201                 return NULL;
1202
1203         start_body = ALIGN_TO((size_t) m->header->body_size, align);
1204         end_body = start_body + sz;
1205
1206         padding = start_body - m->header->body_size;
1207         added = padding + sz;
1208
1209         /* Check for 32bit overflows */
1210         if (end_body > (size_t) ((uint32_t) -1)) {
1211                 m->poisoned = true;
1212                 return NULL;
1213         }
1214
1215         add_new_part =
1216                 m->n_body_parts <= 0 ||
1217                 m->body_end->sealed ||
1218                 padding != ALIGN_TO(m->body_end->size, align) - m->body_end->size;
1219
1220         if (add_new_part) {
1221                 if (padding > 0) {
1222                         part = message_append_part(m);
1223                         if (!part)
1224                                 return NULL;
1225
1226                         part_zero(part, padding);
1227                 }
1228
1229                 part = message_append_part(m);
1230                 if (!part)
1231                         return NULL;
1232
1233                 r = part_make_space(m, part, sz, &p);
1234                 if (r < 0)
1235                         return NULL;
1236         } else {
1237                 void *op;
1238                 size_t os;
1239
1240                 part = m->body_end;
1241                 op = part->data;
1242                 os = part->size;
1243
1244                 start_part = ALIGN_TO(part->size, align);
1245                 end_part = start_part + sz;
1246
1247                 r = part_make_space(m, part, end_part, &p);
1248                 if (r < 0)
1249                         return NULL;
1250
1251                 if (padding > 0) {
1252                         memset(p, 0, padding);
1253                         p = (uint8_t*) p + padding;
1254                 }
1255
1256                 /* Readjust pointers */
1257                 for (c = m->containers; c < m->containers + m->n_containers; c++)
1258                         c->array_size = adjust_pointer(c->array_size, op, os, part->data);
1259
1260                 m->error.message = (const char*) adjust_pointer(m->error.message, op, os, part->data);
1261         }
1262
1263         /* Update counters */
1264         for (c = m->containers; c < m->containers + m->n_containers; c++)
1265                 if (c->array_size)
1266                         *c->array_size += added;
1267
1268         m->header->body_size = end_body;
1269
1270         return p;
1271 }
1272
1273 int message_append_basic(sd_bus_message *m, char type, const void *p, const void **stored) {
1274         struct bus_container *c;
1275         ssize_t align, sz;
1276         uint32_t k;
1277         void *a;
1278         char *e = NULL;
1279         int fd = -1;
1280         uint32_t fdi = 0;
1281         int r;
1282
1283         if (!m)
1284                 return -EINVAL;
1285         if (!p)
1286                 return -EINVAL;
1287         if (m->sealed)
1288                 return -EPERM;
1289         if (!bus_type_is_basic(type))
1290                 return -EINVAL;
1291         if (m->poisoned)
1292                 return -ESTALE;
1293
1294         c = message_get_container(m);
1295
1296         if (c->signature && c->signature[c->index]) {
1297                 /* Container signature is already set */
1298
1299                 if (c->signature[c->index] != type)
1300                         return -ENXIO;
1301         } else {
1302                 /* Maybe we can append to the signature? But only if this is the top-level container*/
1303                 if (c->enclosing != 0)
1304                         return -ENXIO;
1305
1306                 e = strextend(&c->signature, CHAR_TO_STR(type), NULL);
1307                 if (!e) {
1308                         m->poisoned = true;
1309                         return -ENOMEM;
1310                 }
1311         }
1312
1313         switch (type) {
1314
1315         case SD_BUS_TYPE_STRING:
1316         case SD_BUS_TYPE_OBJECT_PATH:
1317
1318                 align = 4;
1319                 sz = 4 + strlen(p) + 1;
1320                 break;
1321
1322         case SD_BUS_TYPE_SIGNATURE:
1323
1324                 align = 1;
1325                 sz = 1 + strlen(p) + 1;
1326                 break;
1327
1328         case SD_BUS_TYPE_BOOLEAN:
1329                 align = sz = 4;
1330
1331                 assert_cc(sizeof(int) == sizeof(uint32_t));
1332                 memcpy(&k, p, 4);
1333                 k = !!k;
1334                 p = &k;
1335                 break;
1336
1337         case SD_BUS_TYPE_UNIX_FD: {
1338                 int z, *f;
1339
1340                 if (!m->allow_fds) {
1341                         r = -ENOTSUP;
1342                         goto fail;
1343                 }
1344
1345                 align = sz = 4;
1346
1347                 z = *(int*) p;
1348                 if (z < 0) {
1349                         r = -EINVAL;
1350                         goto fail;
1351                 }
1352
1353                 fd = fcntl(z, F_DUPFD_CLOEXEC, 3);
1354                 if (fd < 0) {
1355                         r = -errno;
1356                         goto fail;
1357                 }
1358
1359                 f = realloc(m->fds, sizeof(int) * (m->n_fds + 1));
1360                 if (!f) {
1361                         m->poisoned = true;
1362                         r = -ENOMEM;
1363                         goto fail;
1364                 }
1365
1366                 fdi = m->n_fds;
1367                 f[fdi] = fd;
1368                 m->fds = f;
1369                 m->free_fds = true;
1370                 break;
1371         }
1372
1373         default:
1374                 align = bus_type_get_alignment(type);
1375                 sz = bus_type_get_size(type);
1376                 break;
1377         }
1378
1379         assert(align > 0);
1380         assert(sz > 0);
1381
1382         a = message_extend_body(m, align, sz);
1383         if (!a) {
1384                 r = -ENOMEM;
1385                 goto fail;
1386         }
1387
1388         if (type == SD_BUS_TYPE_STRING || type == SD_BUS_TYPE_OBJECT_PATH) {
1389                 *(uint32_t*) a = sz - 5;
1390                 memcpy((uint8_t*) a + 4, p, sz - 4);
1391
1392                 if (stored)
1393                         *stored = (const uint8_t*) a + 4;
1394
1395         } else if (type == SD_BUS_TYPE_SIGNATURE) {
1396                 *(uint8_t*) a = sz - 1;
1397                 memcpy((uint8_t*) a + 1, p, sz - 1);
1398
1399                 if (stored)
1400                         *stored = (const uint8_t*) a + 1;
1401         } else if (type == SD_BUS_TYPE_UNIX_FD) {
1402                 *(uint32_t*) a = fdi;
1403
1404                 if (stored)
1405                         *stored = a;
1406
1407                 m->n_fds ++;
1408
1409         } else {
1410                 memcpy(a, p, sz);
1411
1412                 if (stored)
1413                         *stored = a;
1414         }
1415
1416         if (c->enclosing != SD_BUS_TYPE_ARRAY)
1417                 c->index++;
1418
1419         return 0;
1420
1421 fail:
1422         if (fd >= 0)
1423                 close_nointr_nofail(fd);
1424
1425         return r;
1426 }
1427
1428 int sd_bus_message_append_basic(sd_bus_message *m, char type, const void *p) {
1429         return message_append_basic(m, type, p, NULL);
1430 }
1431
1432 int sd_bus_message_append_string_space(sd_bus_message *m, size_t size, char **s) {
1433         struct bus_container *c;
1434         char *e;
1435         void *a;
1436
1437         if (!m)
1438                 return -EINVAL;
1439         if (!s)
1440                 return -EINVAL;
1441         if (m->sealed)
1442                 return -EPERM;
1443         if (m->poisoned)
1444                 return -ESTALE;
1445
1446         c = message_get_container(m);
1447
1448         if (c->signature && c->signature[c->index]) {
1449                 /* Container signature is already set */
1450
1451                 if (c->signature[c->index] != SD_BUS_TYPE_STRING)
1452                         return -ENXIO;
1453         } else {
1454                 /* Maybe we can append to the signature? But only if this is the top-level container*/
1455                 if (c->enclosing != 0)
1456                         return -ENXIO;
1457
1458                 e = strextend(&c->signature, CHAR_TO_STR(SD_BUS_TYPE_STRING), NULL);
1459                 if (!e) {
1460                         m->poisoned = true;
1461                         return -ENOMEM;
1462                 }
1463         }
1464
1465
1466         a = message_extend_body(m, 4, 4 + size + 1);
1467         if (!a)
1468                 return -ENOMEM;
1469
1470         *(uint32_t*) a = size;
1471         *s = (char*) a + 4;
1472
1473         (*s)[size] = 0;
1474
1475         if (c->enclosing != SD_BUS_TYPE_ARRAY)
1476                 c->index++;
1477
1478         return 0;
1479 }
1480
1481 static int bus_message_open_array(
1482                 sd_bus_message *m,
1483                 struct bus_container *c,
1484                 const char *contents,
1485                 uint32_t **array_size) {
1486
1487         unsigned nindex;
1488         char *e = NULL;
1489         void *a, *op;
1490         int alignment;
1491         size_t os;
1492         struct bus_body_part *o;
1493
1494         assert(m);
1495         assert(c);
1496         assert(contents);
1497         assert(array_size);
1498
1499         if (!signature_is_single(contents))
1500                 return -EINVAL;
1501
1502         alignment = bus_type_get_alignment(contents[0]);
1503         if (alignment < 0)
1504                 return alignment;
1505
1506         if (c->signature && c->signature[c->index]) {
1507
1508                 /* Verify the existing signature */
1509
1510                 if (c->signature[c->index] != SD_BUS_TYPE_ARRAY)
1511                         return -ENXIO;
1512
1513                 if (!startswith(c->signature + c->index + 1, contents))
1514                         return -ENXIO;
1515
1516                 nindex = c->index + 1 + strlen(contents);
1517         } else {
1518                 if (c->enclosing != 0)
1519                         return -ENXIO;
1520
1521                 /* Extend the existing signature */
1522
1523                 e = strextend(&c->signature, CHAR_TO_STR(SD_BUS_TYPE_ARRAY), contents, NULL);
1524                 if (!e) {
1525                         m->poisoned = true;
1526                         return -ENOMEM;
1527                 }
1528
1529                 nindex = e - c->signature;
1530         }
1531
1532         a = message_extend_body(m, 4, 4);
1533         if (!a)
1534                 return -ENOMEM;
1535
1536         o = m->body_end;
1537         op = m->body_end->data;
1538         os = m->body_end->size;
1539
1540         /* Add alignment between size and first element */
1541         if (!message_extend_body(m, alignment, 0))
1542                 return -ENOMEM;
1543
1544         if (c->enclosing != SD_BUS_TYPE_ARRAY)
1545                 c->index = nindex;
1546
1547         /* location of array size might have changed so let's readjust a */
1548         if (o == m->body_end)
1549                 a = adjust_pointer(a, op, os, m->body_end->data);
1550
1551         *(uint32_t*) a = 0;
1552         *array_size = a;
1553         return 0;
1554 }
1555
1556 static int bus_message_open_variant(
1557                 sd_bus_message *m,
1558                 struct bus_container *c,
1559                 const char *contents) {
1560
1561         char *e = NULL;
1562         size_t l;
1563         void *a;
1564
1565         assert(m);
1566         assert(c);
1567         assert(contents);
1568
1569         if (!signature_is_single(contents))
1570                 return -EINVAL;
1571
1572         if (*contents == SD_BUS_TYPE_DICT_ENTRY_BEGIN)
1573                 return -EINVAL;
1574
1575         if (c->signature && c->signature[c->index]) {
1576
1577                 if (c->signature[c->index] != SD_BUS_TYPE_VARIANT)
1578                         return -ENXIO;
1579
1580         } else {
1581                 if (c->enclosing != 0)
1582                         return -ENXIO;
1583
1584                 e = strextend(&c->signature, CHAR_TO_STR(SD_BUS_TYPE_VARIANT), NULL);
1585                 if (!e) {
1586                         m->poisoned = true;
1587                         return -ENOMEM;
1588                 }
1589         }
1590
1591         l = strlen(contents);
1592         a = message_extend_body(m, 1, 1 + l + 1);
1593         if (!a)
1594                 return -ENOMEM;
1595
1596         *(uint8_t*) a = l;
1597         memcpy((uint8_t*) a + 1, contents, l + 1);
1598
1599         if (c->enclosing != SD_BUS_TYPE_ARRAY)
1600                 c->index++;
1601
1602         return 0;
1603 }
1604
1605 static int bus_message_open_struct(
1606                 sd_bus_message *m,
1607                 struct bus_container *c,
1608                 const char *contents) {
1609
1610         size_t nindex;
1611         char *e = NULL;
1612
1613         assert(m);
1614         assert(c);
1615         assert(contents);
1616
1617         if (!signature_is_valid(contents, false))
1618                 return -EINVAL;
1619
1620         if (c->signature && c->signature[c->index]) {
1621                 size_t l;
1622
1623                 l = strlen(contents);
1624
1625                 if (c->signature[c->index] != SD_BUS_TYPE_STRUCT_BEGIN ||
1626                     !startswith(c->signature + c->index + 1, contents) ||
1627                     c->signature[c->index + 1 + l] != SD_BUS_TYPE_STRUCT_END)
1628                         return -ENXIO;
1629
1630                 nindex = c->index + 1 + l + 1;
1631         } else {
1632                 if (c->enclosing != 0)
1633                         return -ENXIO;
1634
1635                 e = strextend(&c->signature, CHAR_TO_STR(SD_BUS_TYPE_STRUCT_BEGIN), contents, CHAR_TO_STR(SD_BUS_TYPE_STRUCT_END), NULL);
1636                 if (!e) {
1637                         m->poisoned = true;
1638                         return -ENOMEM;
1639                 }
1640
1641                 nindex = e - c->signature;
1642         }
1643
1644         /* Align contents to 8 byte boundary */
1645         if (!message_extend_body(m, 8, 0))
1646                 return -ENOMEM;
1647
1648         if (c->enclosing != SD_BUS_TYPE_ARRAY)
1649                 c->index = nindex;
1650
1651         return 0;
1652 }
1653
1654 static int bus_message_open_dict_entry(
1655                 sd_bus_message *m,
1656                 struct bus_container *c,
1657                 const char *contents) {
1658
1659         size_t nindex;
1660
1661         assert(m);
1662         assert(c);
1663         assert(contents);
1664
1665         if (!signature_is_pair(contents))
1666                 return -EINVAL;
1667
1668         if (c->enclosing != SD_BUS_TYPE_ARRAY)
1669                 return -ENXIO;
1670
1671         if (c->signature && c->signature[c->index]) {
1672                 size_t l;
1673
1674                 l = strlen(contents);
1675
1676                 if (c->signature[c->index] != SD_BUS_TYPE_DICT_ENTRY_BEGIN ||
1677                     !startswith(c->signature + c->index + 1, contents) ||
1678                     c->signature[c->index + 1 + l] != SD_BUS_TYPE_DICT_ENTRY_END)
1679                         return -ENXIO;
1680
1681                 nindex = c->index + 1 + l + 1;
1682         } else
1683                 return -ENXIO;
1684
1685         /* Align contents to 8 byte boundary */
1686         if (!message_extend_body(m, 8, 0))
1687                 return -ENOMEM;
1688
1689         if (c->enclosing != SD_BUS_TYPE_ARRAY)
1690                 c->index = nindex;
1691
1692         return 0;
1693 }
1694
1695 int sd_bus_message_open_container(
1696                 sd_bus_message *m,
1697                 char type,
1698                 const char *contents) {
1699
1700         struct bus_container *c, *w;
1701         uint32_t *array_size = NULL;
1702         char *signature;
1703         size_t before;
1704         int r;
1705
1706         if (!m)
1707                 return -EINVAL;
1708         if (m->sealed)
1709                 return -EPERM;
1710         if (!contents)
1711                 return -EINVAL;
1712         if (m->poisoned)
1713                 return -ESTALE;
1714
1715         /* Make sure we have space for one more container */
1716         w = realloc(m->containers, sizeof(struct bus_container) * (m->n_containers + 1));
1717         if (!w) {
1718                 m->poisoned = true;
1719                 return -ENOMEM;
1720         }
1721
1722         m->containers = w;
1723
1724         c = message_get_container(m);
1725
1726         signature = strdup(contents);
1727         if (!signature) {
1728                 m->poisoned = true;
1729                 return -ENOMEM;
1730         }
1731
1732         /* Save old index in the parent container, in case we have to
1733          * abort this container */
1734         c->saved_index = c->index;
1735         before = m->header->body_size;
1736
1737         if (type == SD_BUS_TYPE_ARRAY)
1738                 r = bus_message_open_array(m, c, contents, &array_size);
1739         else if (type == SD_BUS_TYPE_VARIANT)
1740                 r = bus_message_open_variant(m, c, contents);
1741         else if (type == SD_BUS_TYPE_STRUCT)
1742                 r = bus_message_open_struct(m, c, contents);
1743         else if (type == SD_BUS_TYPE_DICT_ENTRY)
1744                 r = bus_message_open_dict_entry(m, c, contents);
1745         else
1746                 r = -EINVAL;
1747
1748         if (r < 0) {
1749                 free(signature);
1750                 return r;
1751         }
1752
1753         /* OK, let's fill it in */
1754         w += m->n_containers++;
1755         w->enclosing = type;
1756         w->signature = signature;
1757         w->index = 0;
1758         w->array_size = array_size;
1759         w->before = before;
1760         w->begin = m->rindex;
1761
1762         return 0;
1763 }
1764
1765 int sd_bus_message_close_container(sd_bus_message *m) {
1766         struct bus_container *c;
1767
1768         if (!m)
1769                 return -EINVAL;
1770         if (m->sealed)
1771                 return -EPERM;
1772         if (m->n_containers <= 0)
1773                 return -EINVAL;
1774         if (m->poisoned)
1775                 return -ESTALE;
1776
1777         c = message_get_container(m);
1778         if (c->enclosing != SD_BUS_TYPE_ARRAY)
1779                 if (c->signature && c->signature[c->index] != 0)
1780                         return -EINVAL;
1781
1782         free(c->signature);
1783         m->n_containers--;
1784
1785         return 0;
1786 }
1787
1788 typedef struct {
1789         const char *types;
1790         unsigned n_struct;
1791         unsigned n_array;
1792 } TypeStack;
1793
1794 static int type_stack_push(TypeStack *stack, unsigned max, unsigned *i, const char *types, unsigned n_struct, unsigned n_array) {
1795         assert(stack);
1796         assert(max > 0);
1797
1798         if (*i >= max)
1799                 return -EINVAL;
1800
1801         stack[*i].types = types;
1802         stack[*i].n_struct = n_struct;
1803         stack[*i].n_array = n_array;
1804         (*i)++;
1805
1806         return 0;
1807 }
1808
1809 static int type_stack_pop(TypeStack *stack, unsigned max, unsigned *i, const char **types, unsigned *n_struct, unsigned *n_array) {
1810         assert(stack);
1811         assert(max > 0);
1812         assert(types);
1813         assert(n_struct);
1814         assert(n_array);
1815
1816         if (*i <= 0)
1817                 return 0;
1818
1819         (*i)--;
1820         *types = stack[*i].types;
1821         *n_struct = stack[*i].n_struct;
1822         *n_array = stack[*i].n_array;
1823
1824         return 1;
1825 }
1826
1827 int bus_message_append_ap(
1828                 sd_bus_message *m,
1829                 const char *types,
1830                 va_list ap) {
1831
1832         unsigned n_array, n_struct;
1833         TypeStack stack[BUS_CONTAINER_DEPTH];
1834         unsigned stack_ptr = 0;
1835         int r;
1836
1837         assert(m);
1838
1839         if (!types)
1840                 return 0;
1841
1842         n_array = (unsigned) -1;
1843         n_struct = strlen(types);
1844
1845         for (;;) {
1846                 const char *t;
1847
1848                 if (n_array == 0 || (n_array == (unsigned) -1 && n_struct == 0)) {
1849                         r = type_stack_pop(stack, ELEMENTSOF(stack), &stack_ptr, &types, &n_struct, &n_array);
1850                         if (r < 0)
1851                                 return r;
1852                         if (r == 0)
1853                                 break;
1854
1855                         r = sd_bus_message_close_container(m);
1856                         if (r < 0)
1857                                 return r;
1858
1859                         continue;
1860                 }
1861
1862                 t = types;
1863                 if (n_array != (unsigned) -1)
1864                         n_array --;
1865                 else {
1866                         types ++;
1867                         n_struct--;
1868                 }
1869
1870                 switch (*t) {
1871
1872                 case SD_BUS_TYPE_BYTE: {
1873                         uint8_t x;
1874
1875                         x = (uint8_t) va_arg(ap, int);
1876                         r = sd_bus_message_append_basic(m, *t, &x);
1877                         break;
1878                 }
1879
1880                 case SD_BUS_TYPE_BOOLEAN:
1881                 case SD_BUS_TYPE_INT32:
1882                 case SD_BUS_TYPE_UINT32:
1883                 case SD_BUS_TYPE_UNIX_FD: {
1884                         uint32_t x;
1885
1886                         /* We assume a boolean is the same as int32_t */
1887                         assert_cc(sizeof(int32_t) == sizeof(int));
1888
1889                         x = va_arg(ap, uint32_t);
1890                         r = sd_bus_message_append_basic(m, *t, &x);
1891                         break;
1892                 }
1893
1894                 case SD_BUS_TYPE_INT16:
1895                 case SD_BUS_TYPE_UINT16: {
1896                         uint16_t x;
1897
1898                         x = (uint16_t) va_arg(ap, int);
1899                         r = sd_bus_message_append_basic(m, *t, &x);
1900                         break;
1901                 }
1902
1903                 case SD_BUS_TYPE_INT64:
1904                 case SD_BUS_TYPE_UINT64:
1905                 case SD_BUS_TYPE_DOUBLE: {
1906                         uint64_t x;
1907
1908                         x = va_arg(ap, uint64_t);
1909                         r = sd_bus_message_append_basic(m, *t, &x);
1910                         break;
1911                 }
1912
1913                 case SD_BUS_TYPE_STRING:
1914                 case SD_BUS_TYPE_OBJECT_PATH:
1915                 case SD_BUS_TYPE_SIGNATURE: {
1916                         const char *x;
1917
1918                         x = va_arg(ap, const char*);
1919                         r = sd_bus_message_append_basic(m, *t, x);
1920                         break;
1921                 }
1922
1923                 case SD_BUS_TYPE_ARRAY: {
1924                         size_t k;
1925
1926                         r = signature_element_length(t + 1, &k);
1927                         if (r < 0)
1928                                 return r;
1929
1930                         {
1931                                 char s[k + 1];
1932                                 memcpy(s, t + 1, k);
1933                                 s[k] = 0;
1934
1935                                 r = sd_bus_message_open_container(m, SD_BUS_TYPE_ARRAY, s);
1936                                 if (r < 0)
1937                                         return r;
1938                         }
1939
1940                         if (n_array == (unsigned) -1) {
1941                                 types += k;
1942                                 n_struct -= k;
1943                         }
1944
1945                         r = type_stack_push(stack, ELEMENTSOF(stack), &stack_ptr, types, n_struct, n_array);
1946                         if (r < 0)
1947                                 return r;
1948
1949                         types = t + 1;
1950                         n_struct = k;
1951                         n_array = va_arg(ap, unsigned);
1952
1953                         break;
1954                 }
1955
1956                 case SD_BUS_TYPE_VARIANT: {
1957                         const char *s;
1958
1959                         s = va_arg(ap, const char*);
1960                         if (!s)
1961                                 return -EINVAL;
1962
1963                         r = sd_bus_message_open_container(m, SD_BUS_TYPE_VARIANT, s);
1964                         if (r < 0)
1965                                 return r;
1966
1967                         r = type_stack_push(stack, ELEMENTSOF(stack), &stack_ptr, types, n_struct, n_array);
1968                         if (r < 0)
1969                                 return r;
1970
1971                         types = s;
1972                         n_struct = strlen(s);
1973                         n_array = (unsigned) -1;
1974
1975                         break;
1976                 }
1977
1978                 case SD_BUS_TYPE_STRUCT_BEGIN:
1979                 case SD_BUS_TYPE_DICT_ENTRY_BEGIN: {
1980                         size_t k;
1981
1982                         r = signature_element_length(t, &k);
1983                         if (r < 0)
1984                                 return r;
1985
1986                         {
1987                                 char s[k - 1];
1988
1989                                 memcpy(s, t + 1, k - 2);
1990                                 s[k - 2] = 0;
1991
1992                                 r = sd_bus_message_open_container(m, *t == SD_BUS_TYPE_STRUCT_BEGIN ? SD_BUS_TYPE_STRUCT : SD_BUS_TYPE_DICT_ENTRY, s);
1993                                 if (r < 0)
1994                                         return r;
1995                         }
1996
1997                         if (n_array == (unsigned) -1) {
1998                                 types += k - 1;
1999                                 n_struct -= k - 1;
2000                         }
2001
2002                         r = type_stack_push(stack, ELEMENTSOF(stack), &stack_ptr, types, n_struct, n_array);
2003                         if (r < 0)
2004                                 return r;
2005
2006                         types = t + 1;
2007                         n_struct = k - 2;
2008                         n_array = (unsigned) -1;
2009
2010                         break;
2011                 }
2012
2013                 default:
2014                         r = -EINVAL;
2015                 }
2016
2017                 if (r < 0)
2018                         return r;
2019         }
2020
2021         return 0;
2022 }
2023
2024 int sd_bus_message_append(sd_bus_message *m, const char *types, ...) {
2025         va_list ap;
2026         int r;
2027
2028         if (!m)
2029                 return -EINVAL;
2030         if (m->sealed)
2031                 return -EPERM;
2032         if (m->poisoned)
2033                 return -ESTALE;
2034         if (!types)
2035                 return 0;
2036
2037         va_start(ap, types);
2038         r = bus_message_append_ap(m, types, ap);
2039         va_end(ap);
2040
2041         return r;
2042 }
2043
2044 int sd_bus_message_append_array_space(sd_bus_message *m, char type, size_t size, void **ptr) {
2045         ssize_t align, sz;
2046         void *a;
2047         int r;
2048
2049         if (!m)
2050                 return -EINVAL;
2051         if (m->sealed)
2052                 return -EPERM;
2053         if (!bus_type_is_trivial(type))
2054                 return -EINVAL;
2055         if (!ptr && size > 0)
2056                 return -EINVAL;
2057         if (m->poisoned)
2058                 return -ESTALE;
2059
2060         align = bus_type_get_alignment(type);
2061         sz = bus_type_get_size(type);
2062
2063         assert_se(align > 0);
2064         assert_se(sz > 0);
2065
2066         if (size % sz != 0)
2067                 return -EINVAL;
2068
2069         r = sd_bus_message_open_container(m, SD_BUS_TYPE_ARRAY, CHAR_TO_STR(type));
2070         if (r < 0)
2071                 return r;
2072
2073         a = message_extend_body(m, align, size);
2074         if (!a)
2075                 return -ENOMEM;
2076
2077         r = sd_bus_message_close_container(m);
2078         if (r < 0)
2079                 return r;
2080
2081         *ptr = a;
2082         return 0;
2083 }
2084
2085 int sd_bus_message_append_array(sd_bus_message *m, char type, const void *ptr, size_t size) {
2086         int r;
2087         void *p;
2088
2089         if (!ptr && size > 0)
2090                 return -EINVAL;
2091
2092         r = sd_bus_message_append_array_space(m, type, size, &p);
2093         if (r < 0)
2094                 return r;
2095
2096         if (size > 0)
2097                 memcpy(p, ptr, size);
2098
2099         return 0;
2100 }
2101
2102 static int buffer_peek(const void *p, uint32_t sz, size_t *rindex, size_t align, size_t nbytes, void **r) {
2103         size_t k, start, end;
2104
2105         assert(rindex);
2106         assert(align > 0);
2107
2108         start = ALIGN_TO((size_t) *rindex, align);
2109         end = start + nbytes;
2110
2111         if (end > sz)
2112                 return -EBADMSG;
2113
2114         /* Verify that padding is 0 */
2115         for (k = *rindex; k < start; k++)
2116                 if (((const uint8_t*) p)[k] != 0)
2117                         return -EBADMSG;
2118
2119         if (r)
2120                 *r = (uint8_t*) p + start;
2121
2122         *rindex = end;
2123
2124         return 1;
2125 }
2126
2127 static bool message_end_of_array(sd_bus_message *m, size_t index) {
2128         struct bus_container *c;
2129
2130         assert(m);
2131
2132         c = message_get_container(m);
2133         if (!c->array_size)
2134                 return false;
2135
2136         return index >= c->begin + BUS_MESSAGE_BSWAP32(m, *c->array_size);
2137 }
2138
2139 static struct bus_body_part* find_part(sd_bus_message *m, size_t index, size_t sz, void **p) {
2140         struct bus_body_part *part;
2141         size_t begin;
2142         assert(m);
2143
2144         if (m->cached_rindex_part && index >= m->cached_rindex_part_begin) {
2145                 part = m->cached_rindex_part;
2146                 begin = m->cached_rindex_part_begin;
2147         } else {
2148                 part = &m->body;
2149                 begin = 0;
2150         }
2151
2152         while (part) {
2153                 if (index < begin)
2154                         return NULL;
2155
2156                 if (index + sz <= begin + part->size) {
2157                         if (p)
2158                                 *p = part->data ? (uint8_t*) part->data + index - begin : NULL;
2159
2160                         m->cached_rindex_part = part;
2161                         m->cached_rindex_part_begin = begin;
2162
2163                         return part;
2164                 }
2165
2166                 part = part->next;
2167         }
2168
2169         return NULL;
2170 }
2171
2172 static int message_peek_body(
2173                 sd_bus_message *m,
2174                 size_t *rindex,
2175                 size_t align,
2176                 size_t nbytes,
2177                 void **ret) {
2178
2179         size_t k, start, end, padding;
2180         struct bus_body_part *part;
2181         uint8_t *q;
2182
2183         assert(m);
2184         assert(rindex);
2185         assert(align > 0);
2186
2187         if (message_end_of_array(m, *rindex))
2188                 return 0;
2189
2190         start = ALIGN_TO((size_t) *rindex, align);
2191         padding = start - *rindex;
2192         end = start + nbytes;
2193
2194         if (end > BUS_MESSAGE_BODY_SIZE(m))
2195                 return -EBADMSG;
2196
2197         part = find_part(m, *rindex, padding, (void**) &q);
2198         if (!part)
2199                 return -EBADMSG;
2200
2201         if (q) {
2202                 /* Verify padding */
2203                 for (k = 0; k < padding; k++)
2204                         if (q[k] != 0)
2205                                 return -EBADMSG;
2206         }
2207
2208         part = find_part(m, start, nbytes, (void**) &q);
2209         if (!part || !q)
2210                 return -EBADMSG;
2211
2212         *rindex = end;
2213
2214         if (ret)
2215                 *ret = q;
2216
2217         return 1;
2218 }
2219
2220 static bool validate_nul(const char *s, size_t l) {
2221
2222         /* Check for NUL chars in the string */
2223         if (memchr(s, 0, l))
2224                 return false;
2225
2226         /* Check for NUL termination */
2227         if (s[l] != 0)
2228                 return false;
2229
2230         return true;
2231 }
2232
2233 static bool validate_string(const char *s, size_t l) {
2234
2235         if (!validate_nul(s, l))
2236                 return false;
2237
2238         /* Check if valid UTF8 */
2239         if (!utf8_is_valid(s))
2240                 return false;
2241
2242         return true;
2243 }
2244
2245 static bool validate_signature(const char *s, size_t l) {
2246
2247         if (!validate_nul(s, l))
2248                 return false;
2249
2250         /* Check if valid signature */
2251         if (!signature_is_valid(s, true))
2252                 return false;
2253
2254         return true;
2255 }
2256
2257 static bool validate_object_path(const char *s, size_t l) {
2258
2259         if (!validate_nul(s, l))
2260                 return false;
2261
2262         if (!object_path_is_valid(s))
2263                 return false;
2264
2265         return true;
2266 }
2267
2268 int sd_bus_message_read_basic(sd_bus_message *m, char type, void *p) {
2269         struct bus_container *c;
2270         int r;
2271         void *q;
2272
2273         if (!m)
2274                 return -EINVAL;
2275         if (!m->sealed)
2276                 return -EPERM;
2277         if (!bus_type_is_basic(type))
2278                 return -EINVAL;
2279         if (!p)
2280                 return -EINVAL;
2281
2282         c = message_get_container(m);
2283
2284         if (!c->signature || c->signature[c->index] == 0)
2285                 return 0;
2286
2287         if (c->signature[c->index] != type)
2288                 return -ENXIO;
2289
2290         switch (type) {
2291
2292         case SD_BUS_TYPE_STRING:
2293         case SD_BUS_TYPE_OBJECT_PATH: {
2294                 uint32_t l;
2295                 size_t rindex;
2296
2297                 rindex = m->rindex;
2298                 r = message_peek_body(m, &rindex, 4, 4, &q);
2299                 if (r <= 0)
2300                         return r;
2301
2302                 l = BUS_MESSAGE_BSWAP32(m, *(uint32_t*) q);
2303                 r = message_peek_body(m, &rindex, 1, l+1, &q);
2304                 if (r < 0)
2305                         return r;
2306                 if (r == 0)
2307                         return -EBADMSG;
2308
2309                 if (type == SD_BUS_TYPE_OBJECT_PATH) {
2310                         if (!validate_object_path(q, l))
2311                                 return -EBADMSG;
2312                 } else {
2313                         if (!validate_string(q, l))
2314                                 return -EBADMSG;
2315                 }
2316
2317                 m->rindex = rindex;
2318                 *(const char**) p = q;
2319                 break;
2320         }
2321
2322         case SD_BUS_TYPE_SIGNATURE: {
2323                 uint8_t l;
2324                 size_t rindex;
2325
2326                 rindex = m->rindex;
2327                 r = message_peek_body(m, &rindex, 1, 1, &q);
2328                 if (r <= 0)
2329                         return r;
2330
2331                 l = *(uint8_t*) q;
2332                 r = message_peek_body(m, &rindex, 1, l+1, &q);
2333                 if (r < 0)
2334                         return r;
2335                 if (r == 0)
2336                         return -EBADMSG;
2337
2338                 if (!validate_signature(q, l))
2339                         return -EBADMSG;
2340
2341                 m->rindex = rindex;
2342                 *(const char**) p = q;
2343                 break;
2344         }
2345
2346         default: {
2347                 ssize_t sz, align;
2348                 size_t rindex;
2349
2350                 align = bus_type_get_alignment(type);
2351                 sz = bus_type_get_size(type);
2352                 assert(align > 0 && sz > 0);
2353
2354                 rindex = m->rindex;
2355                 r = message_peek_body(m, &rindex, align, sz, &q);
2356                 if (r <= 0)
2357                         return r;
2358
2359                 switch (type) {
2360
2361                 case SD_BUS_TYPE_BYTE:
2362                         *(uint8_t*) p = *(uint8_t*) q;
2363                         break;
2364
2365                 case SD_BUS_TYPE_BOOLEAN:
2366                         *(int*) p = !!*(uint32_t*) q;
2367                         break;
2368
2369                 case SD_BUS_TYPE_INT16:
2370                 case SD_BUS_TYPE_UINT16:
2371                         *(uint16_t*) p = BUS_MESSAGE_BSWAP16(m, *(uint16_t*) q);
2372                         break;
2373
2374                 case SD_BUS_TYPE_INT32:
2375                 case SD_BUS_TYPE_UINT32:
2376                         *(uint32_t*) p = BUS_MESSAGE_BSWAP32(m, *(uint32_t*) q);
2377                         break;
2378
2379                 case SD_BUS_TYPE_INT64:
2380                 case SD_BUS_TYPE_UINT64:
2381                 case SD_BUS_TYPE_DOUBLE:
2382                         *(uint64_t*) p = BUS_MESSAGE_BSWAP64(m, *(uint64_t*) q);
2383                         break;
2384
2385                 case SD_BUS_TYPE_UNIX_FD: {
2386                         uint32_t j;
2387
2388                         j = BUS_MESSAGE_BSWAP32(m, *(uint32_t*) q);
2389                         if (j >= m->n_fds)
2390                                 return -EBADMSG;
2391
2392                         *(int*) p = m->fds[j];
2393                         break;
2394                 }
2395
2396                 default:
2397                         assert_not_reached("Unknown basic type...");
2398                 }
2399
2400                 m->rindex = rindex;
2401
2402                 break;
2403         }
2404         }
2405
2406         if (c->enclosing != SD_BUS_TYPE_ARRAY)
2407                 c->index++;
2408
2409         return 1;
2410 }
2411
2412 static int bus_message_enter_array(
2413                 sd_bus_message *m,
2414                 struct bus_container *c,
2415                 const char *contents,
2416                 uint32_t **array_size) {
2417
2418         size_t rindex;
2419         void *q;
2420         int r, alignment;
2421
2422         assert(m);
2423         assert(c);
2424         assert(contents);
2425         assert(array_size);
2426
2427         if (!signature_is_single(contents))
2428                 return -EINVAL;
2429
2430         alignment = bus_type_get_alignment(contents[0]);
2431         if (alignment < 0)
2432                 return alignment;
2433
2434         if (!c->signature || c->signature[c->index] == 0)
2435                 return 0;
2436
2437         if (c->signature[c->index] != SD_BUS_TYPE_ARRAY)
2438                 return -ENXIO;
2439
2440         if (!startswith(c->signature + c->index + 1, contents))
2441                 return -ENXIO;
2442
2443         rindex = m->rindex;
2444         r = message_peek_body(m, &rindex, 4, 4, &q);
2445         if (r <= 0)
2446                 return r;
2447
2448         if (BUS_MESSAGE_BSWAP32(m, *(uint32_t*) q) > BUS_ARRAY_MAX_SIZE)
2449                 return -EBADMSG;
2450
2451         r = message_peek_body(m, &rindex, alignment, 0, NULL);
2452         if (r < 0)
2453                 return r;
2454         if (r == 0)
2455                 return -EBADMSG;
2456
2457         if (c->enclosing != SD_BUS_TYPE_ARRAY)
2458                 c->index += 1 + strlen(contents);
2459
2460         m->rindex = rindex;
2461
2462         *array_size = (uint32_t*) q;
2463
2464         return 1;
2465 }
2466
2467 static int bus_message_enter_variant(
2468                 sd_bus_message *m,
2469                 struct bus_container *c,
2470                 const char *contents) {
2471
2472         size_t rindex;
2473         uint8_t l;
2474         void *q;
2475         int r;
2476
2477         assert(m);
2478         assert(c);
2479         assert(contents);
2480
2481         if (!signature_is_single(contents))
2482                 return -EINVAL;
2483
2484         if (*contents == SD_BUS_TYPE_DICT_ENTRY_BEGIN)
2485                 return -EINVAL;
2486
2487         if (!c->signature || c->signature[c->index] == 0)
2488                 return 0;
2489
2490         if (c->signature[c->index] != SD_BUS_TYPE_VARIANT)
2491                 return -ENXIO;
2492
2493         rindex = m->rindex;
2494         r = message_peek_body(m, &rindex, 1, 1, &q);
2495         if (r <= 0)
2496                 return r;
2497
2498         l = *(uint8_t*) q;
2499         r = message_peek_body(m, &rindex, 1, l+1, &q);
2500         if (r < 0)
2501                 return r;
2502         if (r == 0)
2503                 return -EBADMSG;
2504
2505         if (!validate_signature(q, l))
2506                 return -EBADMSG;
2507
2508         if (!streq(q, contents))
2509                 return -ENXIO;
2510
2511         if (c->enclosing != SD_BUS_TYPE_ARRAY)
2512                 c->index++;
2513
2514         m->rindex = rindex;
2515
2516         return 1;
2517 }
2518
2519 static int bus_message_enter_struct(
2520                 sd_bus_message *m,
2521                 struct bus_container *c,
2522                 const char *contents) {
2523
2524         size_t l;
2525         int r;
2526
2527         assert(m);
2528         assert(c);
2529         assert(contents);
2530
2531         if (!signature_is_valid(contents, false))
2532                 return -EINVAL;
2533
2534         if (!c->signature || c->signature[c->index] == 0)
2535                 return 0;
2536
2537         l = strlen(contents);
2538
2539         if (c->signature[c->index] != SD_BUS_TYPE_STRUCT_BEGIN ||
2540             !startswith(c->signature + c->index + 1, contents) ||
2541             c->signature[c->index + 1 + l] != SD_BUS_TYPE_STRUCT_END)
2542                 return -ENXIO;
2543
2544         r = message_peek_body(m, &m->rindex, 8, 0, NULL);
2545         if (r <= 0)
2546                 return r;
2547
2548         if (c->enclosing != SD_BUS_TYPE_ARRAY)
2549                 c->index += 1 + l + 1;
2550
2551         return 1;
2552 }
2553
2554 static int bus_message_enter_dict_entry(
2555                 sd_bus_message *m,
2556                 struct bus_container *c,
2557                 const char *contents) {
2558
2559         size_t l;
2560         int r;
2561
2562         assert(m);
2563         assert(c);
2564         assert(contents);
2565
2566         if (!signature_is_pair(contents))
2567                 return -EINVAL;
2568
2569         if (c->enclosing != SD_BUS_TYPE_ARRAY)
2570                 return -ENXIO;
2571
2572         if (!c->signature || c->signature[c->index] == 0)
2573                 return 0;
2574
2575         l = strlen(contents);
2576
2577         if (c->signature[c->index] != SD_BUS_TYPE_DICT_ENTRY_BEGIN ||
2578             !startswith(c->signature + c->index + 1, contents) ||
2579             c->signature[c->index + 1 + l] != SD_BUS_TYPE_DICT_ENTRY_END)
2580                 return -ENXIO;
2581
2582         r = message_peek_body(m, &m->rindex, 8, 0, NULL);
2583         if (r <= 0)
2584                 return r;
2585
2586         if (c->enclosing != SD_BUS_TYPE_ARRAY)
2587                 c->index += 1 + l + 1;
2588
2589         return 1;
2590 }
2591
2592 int sd_bus_message_enter_container(sd_bus_message *m, char type, const char *contents) {
2593         struct bus_container *c, *w;
2594         uint32_t *array_size = NULL;
2595         char *signature;
2596         size_t before;
2597         int r;
2598
2599         if (!m)
2600                 return -EINVAL;
2601         if (!m->sealed)
2602                 return -EPERM;
2603         if (!contents)
2604                 return -EINVAL;
2605
2606         /*
2607          * We enforce a global limit on container depth, that is much
2608          * higher than the 32 structs and 32 arrays the specification
2609          * mandates. This is simpler to implement for us, and we need
2610          * this only to ensure our container array doesn't grow
2611          * without bounds. We are happy to return any data from a
2612          * message as long as the data itself is valid, even if the
2613          * overall message might be not.
2614          *
2615          * Note that the message signature is validated when
2616          * parsing the headers, and that validation does check the
2617          * 32/32 limit.
2618          *
2619          * Note that the specification defines no limits on the depth
2620          * of stacked variants, but we do.
2621          */
2622         if (m->n_containers >= BUS_CONTAINER_DEPTH)
2623                 return -EBADMSG;
2624
2625         w = realloc(m->containers, sizeof(struct bus_container) * (m->n_containers + 1));
2626         if (!w)
2627                 return -ENOMEM;
2628         m->containers = w;
2629
2630         c = message_get_container(m);
2631
2632         if (!c->signature || c->signature[c->index] == 0)
2633                 return 0;
2634
2635         signature = strdup(contents);
2636         if (!signature)
2637                 return -ENOMEM;
2638
2639         c->saved_index = c->index;
2640         before = m->rindex;
2641
2642         if (type == SD_BUS_TYPE_ARRAY)
2643                 r = bus_message_enter_array(m, c, contents, &array_size);
2644         else if (type == SD_BUS_TYPE_VARIANT)
2645                 r = bus_message_enter_variant(m, c, contents);
2646         else if (type == SD_BUS_TYPE_STRUCT)
2647                 r = bus_message_enter_struct(m, c, contents);
2648         else if (type == SD_BUS_TYPE_DICT_ENTRY)
2649                 r = bus_message_enter_dict_entry(m, c, contents);
2650         else
2651                 r = -EINVAL;
2652
2653         if (r <= 0) {
2654                 free(signature);
2655                 return r;
2656         }
2657
2658         /* OK, let's fill it in */
2659         w += m->n_containers++;
2660         w->enclosing = type;
2661         w->signature = signature;
2662         w->index = 0;
2663         w->array_size = array_size;
2664         w->before = before;
2665         w->begin = m->rindex;
2666
2667         return 1;
2668 }
2669
2670 int sd_bus_message_exit_container(sd_bus_message *m) {
2671         struct bus_container *c;
2672
2673         if (!m)
2674                 return -EINVAL;
2675         if (!m->sealed)
2676                 return -EPERM;
2677         if (m->n_containers <= 0)
2678                 return -EINVAL;
2679
2680         c = message_get_container(m);
2681         if (c->enclosing == SD_BUS_TYPE_ARRAY) {
2682                 uint32_t l;
2683
2684                 l = BUS_MESSAGE_BSWAP32(m, *c->array_size);
2685                 if (c->begin + l != m->rindex)
2686                         return -EBUSY;
2687
2688         } else {
2689                 if (c->signature && c->signature[c->index] != 0)
2690                         return -EINVAL;
2691         }
2692
2693         free(c->signature);
2694         m->n_containers--;
2695
2696         return 1;
2697 }
2698
2699 static void message_quit_container(sd_bus_message *m) {
2700         struct bus_container *c;
2701
2702         assert(m);
2703         assert(m->sealed);
2704         assert(m->n_containers > 0);
2705
2706         c = message_get_container(m);
2707
2708         /* Undo seeks */
2709         assert(m->rindex >= c->before);
2710         m->rindex = c->before;
2711
2712         /* Free container */
2713         free(c->signature);
2714         m->n_containers--;
2715
2716         /* Correct index of new top-level container */
2717         c = message_get_container(m);
2718         c->index = c->saved_index;
2719 }
2720
2721 int sd_bus_message_peek_type(sd_bus_message *m, char *type, const char **contents) {
2722         struct bus_container *c;
2723         int r;
2724
2725         if (!m)
2726                 return -EINVAL;
2727         if (!m->sealed)
2728                 return -EPERM;
2729
2730         c = message_get_container(m);
2731
2732         if (!c->signature || c->signature[c->index] == 0)
2733                 goto eof;
2734
2735         if (message_end_of_array(m, m->rindex))
2736                 goto eof;
2737
2738         if (bus_type_is_basic(c->signature[c->index])) {
2739                 if (contents)
2740                         *contents = NULL;
2741                 if (type)
2742                         *type = c->signature[c->index];
2743                 return 1;
2744         }
2745
2746         if (c->signature[c->index] == SD_BUS_TYPE_ARRAY) {
2747
2748                 if (contents) {
2749                         size_t l;
2750                         char *sig;
2751
2752                         r = signature_element_length(c->signature+c->index+1, &l);
2753                         if (r < 0)
2754                                 return r;
2755
2756                         assert(l >= 1);
2757
2758                         sig = strndup(c->signature + c->index + 1, l);
2759                         if (!sig)
2760                                 return -ENOMEM;
2761
2762                         free(m->peeked_signature);
2763                         m->peeked_signature = sig;
2764
2765                         *contents = sig;
2766                 }
2767
2768                 if (type)
2769                         *type = SD_BUS_TYPE_ARRAY;
2770
2771                 return 1;
2772         }
2773
2774         if (c->signature[c->index] == SD_BUS_TYPE_STRUCT_BEGIN ||
2775             c->signature[c->index] == SD_BUS_TYPE_DICT_ENTRY_BEGIN) {
2776
2777                 if (contents) {
2778                         size_t l;
2779                         char *sig;
2780
2781                         r = signature_element_length(c->signature+c->index, &l);
2782                         if (r < 0)
2783                                 return r;
2784
2785                         assert(l >= 2);
2786                         sig = strndup(c->signature + c->index + 1, l - 2);
2787                         if (!sig)
2788                                 return -ENOMEM;
2789
2790                         free(m->peeked_signature);
2791                         m->peeked_signature = sig;
2792
2793                         *contents = sig;
2794                 }
2795
2796                 if (type)
2797                         *type = c->signature[c->index] == SD_BUS_TYPE_STRUCT_BEGIN ? SD_BUS_TYPE_STRUCT : SD_BUS_TYPE_DICT_ENTRY;
2798
2799                 return 1;
2800         }
2801
2802         if (c->signature[c->index] == SD_BUS_TYPE_VARIANT) {
2803                 if (contents) {
2804                         size_t rindex, l;
2805                         void *q;
2806
2807                         rindex = m->rindex;
2808                         r = message_peek_body(m, &rindex, 1, 1, &q);
2809                         if (r < 0)
2810                                 return r;
2811                         if (r == 0)
2812                                 goto eof;
2813
2814                         l = *(uint8_t*) q;
2815                         r = message_peek_body(m, &rindex, 1, l+1, &q);
2816                         if (r < 0)
2817                                 return r;
2818                         if (r == 0)
2819                                 return -EBADMSG;
2820
2821                         if (!validate_signature(q, l))
2822                                 return -EBADMSG;
2823
2824                         *contents = q;
2825                 }
2826
2827                 if (type)
2828                         *type = SD_BUS_TYPE_VARIANT;
2829
2830                 return 1;
2831         }
2832
2833         return -EINVAL;
2834
2835 eof:
2836         if (type)
2837                 *type = c->enclosing;
2838         if (contents)
2839                 *contents = NULL;
2840         return 0;
2841 }
2842
2843 int sd_bus_message_rewind(sd_bus_message *m, int complete) {
2844         struct bus_container *c;
2845
2846         if (!m)
2847                 return -EINVAL;
2848         if (!m->sealed)
2849                 return -EPERM;
2850
2851         if (complete) {
2852                 message_reset_containers(m);
2853                 m->rindex = 0;
2854                 m->root_container.index = 0;
2855
2856                 c = message_get_container(m);
2857         } else {
2858                 c = message_get_container(m);
2859
2860                 c->index = 0;
2861                 m->rindex = c->begin;
2862         }
2863
2864         return !isempty(c->signature);
2865 }
2866 static int message_read_ap(
2867                 sd_bus_message *m,
2868                 const char *types,
2869                 va_list ap) {
2870
2871         unsigned n_array, n_struct;
2872         TypeStack stack[BUS_CONTAINER_DEPTH];
2873         unsigned stack_ptr = 0;
2874         int r;
2875
2876         assert(m);
2877
2878         if (!types)
2879                 return 0;
2880
2881         /* Ideally, we'd just call ourselves recursively on every
2882          * complex type. However, the state of a va_list that is
2883          * passed to a function is undefined after that function
2884          * returns. This means we need to docode the va_list linearly
2885          * in a single stackframe. We hence implement our own
2886          * home-grown stack in an array. */
2887
2888         n_array = (unsigned) -1;
2889         n_struct = strlen(types);
2890
2891         for (;;) {
2892                 const char *t;
2893
2894                 if (n_array == 0 || (n_array == (unsigned) -1 && n_struct == 0)) {
2895                         r = type_stack_pop(stack, ELEMENTSOF(stack), &stack_ptr, &types, &n_struct, &n_array);
2896                         if (r < 0)
2897                                 return r;
2898                         if (r == 0)
2899                                 break;
2900
2901                         r = sd_bus_message_exit_container(m);
2902                         if (r < 0)
2903                                 return r;
2904
2905                         continue;
2906                 }
2907
2908                 t = types;
2909                 if (n_array != (unsigned) -1)
2910                         n_array --;
2911                 else {
2912                         types ++;
2913                         n_struct--;
2914                 }
2915
2916                 switch (*t) {
2917
2918                 case SD_BUS_TYPE_BYTE:
2919                 case SD_BUS_TYPE_BOOLEAN:
2920                 case SD_BUS_TYPE_INT16:
2921                 case SD_BUS_TYPE_UINT16:
2922                 case SD_BUS_TYPE_INT32:
2923                 case SD_BUS_TYPE_UINT32:
2924                 case SD_BUS_TYPE_INT64:
2925                 case SD_BUS_TYPE_UINT64:
2926                 case SD_BUS_TYPE_DOUBLE:
2927                 case SD_BUS_TYPE_STRING:
2928                 case SD_BUS_TYPE_OBJECT_PATH:
2929                 case SD_BUS_TYPE_SIGNATURE:
2930                 case SD_BUS_TYPE_UNIX_FD: {
2931                         void *p;
2932
2933                         p = va_arg(ap, void*);
2934                         r = sd_bus_message_read_basic(m, *t, p);
2935                         if (r < 0)
2936                                 return r;
2937                         if (r == 0)
2938                                 return -ENXIO;
2939
2940                         break;
2941                 }
2942
2943                 case SD_BUS_TYPE_ARRAY: {
2944                         size_t k;
2945
2946                         r = signature_element_length(t + 1, &k);
2947                         if (r < 0)
2948                                 return r;
2949
2950                         {
2951                                 char s[k + 1];
2952                                 memcpy(s, t + 1, k);
2953                                 s[k] = 0;
2954
2955                                 r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, s);
2956                                 if (r < 0)
2957                                         return r;
2958                                 if (r == 0)
2959                                         return -ENXIO;
2960                         }
2961
2962                         if (n_array == (unsigned) -1) {
2963                                 types += k;
2964                                 n_struct -= k;
2965                         }
2966
2967                         r = type_stack_push(stack, ELEMENTSOF(stack), &stack_ptr, types, n_struct, n_array);
2968                         if (r < 0)
2969                                 return r;
2970
2971                         types = t + 1;
2972                         n_struct = k;
2973                         n_array = va_arg(ap, unsigned);
2974
2975                         break;
2976                 }
2977
2978                 case SD_BUS_TYPE_VARIANT: {
2979                         const char *s;
2980
2981                         s = va_arg(ap, const char *);
2982                         if (!s)
2983                                 return -EINVAL;
2984
2985                         r = sd_bus_message_enter_container(m, SD_BUS_TYPE_VARIANT, s);
2986                         if (r < 0)
2987                                 return r;
2988                         if (r == 0)
2989                                 return -ENXIO;
2990
2991                         r = type_stack_push(stack, ELEMENTSOF(stack), &stack_ptr, types, n_struct, n_array);
2992                         if (r < 0)
2993                                 return r;
2994
2995                         types = s;
2996                         n_struct = strlen(s);
2997                         n_array = (unsigned) -1;
2998
2999                         break;
3000                 }
3001
3002                 case SD_BUS_TYPE_STRUCT_BEGIN:
3003                 case SD_BUS_TYPE_DICT_ENTRY_BEGIN: {
3004                         size_t k;
3005
3006                         r = signature_element_length(t, &k);
3007                         if (r < 0)
3008                                 return r;
3009
3010                         {
3011                                 char s[k - 1];
3012                                 memcpy(s, t + 1, k - 2);
3013                                 s[k - 2] = 0;
3014
3015                                 r = sd_bus_message_enter_container(m, *t == SD_BUS_TYPE_STRUCT_BEGIN ? SD_BUS_TYPE_STRUCT : SD_BUS_TYPE_DICT_ENTRY, s);
3016                                 if (r < 0)
3017                                         return r;
3018                                 if (r == 0)
3019                                         return -ENXIO;
3020                         }
3021
3022                         if (n_array == (unsigned) -1) {
3023                                 types += k - 1;
3024                                 n_struct -= k - 1;
3025                         }
3026
3027                         r = type_stack_push(stack, ELEMENTSOF(stack), &stack_ptr, types, n_struct, n_array);
3028                         if (r < 0)
3029                                 return r;
3030
3031                         types = t + 1;
3032                         n_struct = k - 2;
3033                         n_array = (unsigned) -1;
3034
3035                         break;
3036                 }
3037
3038                 default:
3039                         return -EINVAL;
3040                 }
3041         }
3042
3043         return 1;
3044 }
3045
3046 int sd_bus_message_read(sd_bus_message *m, const char *types, ...) {
3047         va_list ap;
3048         int r;
3049
3050         if (!m)
3051                 return -EINVAL;
3052         if (!m->sealed)
3053                 return -EPERM;
3054         if (!types)
3055                 return -EINVAL;
3056
3057         va_start(ap, types);
3058         r = message_read_ap(m, types, ap);
3059         va_end(ap);
3060
3061         return r;
3062 }
3063
3064 int sd_bus_message_read_array(sd_bus_message *m, char type, const void **ptr, size_t *size) {
3065         struct bus_container *c;
3066         void *p;
3067         size_t sz;
3068         ssize_t align;
3069         int r;
3070
3071         if (!m)
3072                 return -EINVAL;
3073         if (!m->sealed)
3074                 return -EPERM;
3075         if (!bus_type_is_trivial(type))
3076                 return -EINVAL;
3077         if (!ptr)
3078                 return -EINVAL;
3079         if (!size)
3080                 return -EINVAL;
3081         if (BUS_MESSAGE_NEED_BSWAP(m))
3082                 return -ENOTSUP;
3083
3084         align = bus_type_get_alignment(type);
3085         if (align < 0)
3086                 return align;
3087
3088         r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, CHAR_TO_STR(type));
3089         if (r < 0)
3090                 return r;
3091
3092         c = message_get_container(m);
3093         sz = BUS_MESSAGE_BSWAP32(m, *c->array_size);
3094
3095         r = message_peek_body(m, &m->rindex, align, sz, &p);
3096         if (r < 0)
3097                 goto fail;
3098         if (r == 0) {
3099                 r = -EBADMSG;
3100                 goto fail;
3101         }
3102
3103         r = sd_bus_message_exit_container(m);
3104         if (r < 0)
3105                 goto fail;
3106
3107         *ptr = (const void*) p;
3108         *size = sz;
3109
3110         return 1;
3111
3112 fail:
3113         message_quit_container(m);
3114         return r;
3115 }
3116
3117 static int message_peek_fields(
3118                 sd_bus_message *m,
3119                 size_t *rindex,
3120                 size_t align,
3121                 size_t nbytes,
3122                 void **ret) {
3123
3124         assert(m);
3125         assert(rindex);
3126         assert(align > 0);
3127
3128         return buffer_peek(BUS_MESSAGE_FIELDS(m), BUS_MESSAGE_FIELDS_SIZE(m), rindex, align, nbytes, ret);
3129 }
3130
3131 static int message_peek_field_uint32(
3132                 sd_bus_message *m,
3133                 size_t *ri,
3134                 uint32_t *ret) {
3135
3136         int r;
3137         void *q;
3138
3139         assert(m);
3140         assert(ri);
3141
3142         r = message_peek_fields(m, ri, 4, 4, &q);
3143         if (r < 0)
3144                 return r;
3145
3146         if (ret)
3147                 *ret = BUS_MESSAGE_BSWAP32(m, *(uint32_t*) q);
3148
3149         return 0;
3150 }
3151
3152 static int message_peek_field_string(
3153                 sd_bus_message *m,
3154                 bool (*validate)(const char *p),
3155                 size_t *ri,
3156                 const char **ret) {
3157
3158         uint32_t l;
3159         int r;
3160         void *q;
3161
3162         assert(m);
3163         assert(ri);
3164
3165         r = message_peek_field_uint32(m, ri, &l);
3166         if (r < 0)
3167                 return r;
3168
3169         r = message_peek_fields(m, ri, 1, l+1, &q);
3170         if (r < 0)
3171                 return r;
3172
3173         if (validate) {
3174                 if (!validate_nul(q, l))
3175                         return -EBADMSG;
3176
3177                 if (!validate(q))
3178                         return -EBADMSG;
3179         } else {
3180                 if (!validate_string(q, l))
3181                         return -EBADMSG;
3182         }
3183
3184         if (ret)
3185                 *ret = q;
3186
3187         return 0;
3188 }
3189
3190 static int message_peek_field_signature(
3191                 sd_bus_message *m,
3192                 size_t *ri,
3193                 const char **ret) {
3194
3195         size_t l;
3196         int r;
3197         void *q;
3198
3199         assert(m);
3200         assert(ri);
3201
3202         r = message_peek_fields(m, ri, 1, 1, &q);
3203         if (r < 0)
3204                 return r;
3205
3206         l = *(uint8_t*) q;
3207         r = message_peek_fields(m, ri, 1, l+1, &q);
3208         if (r < 0)
3209                 return r;
3210
3211         if (!validate_signature(q, l))
3212                 return -EBADMSG;
3213
3214         if (ret)
3215                 *ret = q;
3216
3217         return 0;
3218 }
3219
3220 static int message_skip_fields(
3221                 sd_bus_message *m,
3222                 size_t *ri,
3223                 uint32_t array_size,
3224                 const char **signature) {
3225
3226         size_t original_index;
3227         int r;
3228
3229         assert(m);
3230         assert(ri);
3231         assert(signature);
3232
3233         original_index = *ri;
3234
3235         for (;;) {
3236                 char t;
3237                 size_t l;
3238
3239                 if (array_size != (uint32_t) -1 &&
3240                     array_size <= *ri - original_index)
3241                         return 0;
3242
3243                 t = **signature;
3244                 if (!t)
3245                         return 0;
3246
3247                 if (t == SD_BUS_TYPE_STRING) {
3248
3249                         r = message_peek_field_string(m, NULL, ri, NULL);
3250                         if (r < 0)
3251                                 return r;
3252
3253                         (*signature)++;
3254
3255                 } else if (t == SD_BUS_TYPE_OBJECT_PATH) {
3256
3257                         r = message_peek_field_string(m, object_path_is_valid, ri, NULL);
3258                         if (r < 0)
3259                                 return r;
3260
3261                         (*signature)++;
3262
3263                 } else if (t == SD_BUS_TYPE_SIGNATURE) {
3264
3265                         r = message_peek_field_signature(m, ri, NULL);
3266                         if (r < 0)
3267                                 return r;
3268
3269                         (*signature)++;
3270
3271                 } else if (bus_type_is_basic(t)) {
3272                         ssize_t align, k;
3273
3274                         align = bus_type_get_alignment(t);
3275                         k = bus_type_get_size(t);
3276                         assert(align > 0 && k > 0);
3277
3278                         r = message_peek_fields(m, ri, align, k, NULL);
3279                         if (r < 0)
3280                                 return r;
3281
3282                         (*signature)++;
3283
3284                 } else if (t == SD_BUS_TYPE_ARRAY) {
3285
3286                         r = signature_element_length(*signature+1, &l);
3287                         if (r < 0)
3288                                 return r;
3289
3290                         assert(l >= 1);
3291                         {
3292                                 char sig[l-1], *s;
3293                                 uint32_t nas;
3294                                 int alignment;
3295
3296                                 strncpy(sig, *signature + 1, l-1);
3297                                 s = sig;
3298
3299                                 alignment = bus_type_get_alignment(sig[0]);
3300                                 if (alignment < 0)
3301                                         return alignment;
3302
3303                                 r = message_peek_field_uint32(m, ri, &nas);
3304                                 if (r < 0)
3305                                         return r;
3306                                 if (nas > BUS_ARRAY_MAX_SIZE)
3307                                         return -EBADMSG;
3308
3309                                 r = message_peek_fields(m, ri, alignment, 0, NULL);
3310                                 if (r < 0)
3311                                         return r;
3312
3313                                 r = message_skip_fields(m, ri, nas, (const char**) &s);
3314                                 if (r < 0)
3315                                         return r;
3316                         }
3317
3318                         (*signature) += 1 + l;
3319
3320                 } else if (t == SD_BUS_TYPE_VARIANT) {
3321                         const char *s;
3322
3323                         r = message_peek_field_signature(m, ri, &s);
3324                         if (r < 0)
3325                                 return r;
3326
3327                         r = message_skip_fields(m, ri, (uint32_t) -1, (const char**) &s);
3328                         if (r < 0)
3329                                 return r;
3330
3331                         (*signature)++;
3332
3333                 } else if (t == SD_BUS_TYPE_STRUCT ||
3334                            t == SD_BUS_TYPE_DICT_ENTRY) {
3335
3336                         r = signature_element_length(*signature, &l);
3337                         if (r < 0)
3338                                 return r;
3339
3340                         assert(l >= 2);
3341                         {
3342                                 char sig[l-1], *s;
3343                                 strncpy(sig, *signature + 1, l-1);
3344                                 s = sig;
3345
3346                                 r = message_skip_fields(m, ri, (uint32_t) -1, (const char**) &s);
3347                                 if (r < 0)
3348                                         return r;
3349                         }
3350
3351                         *signature += l;
3352                 } else
3353                         return -EINVAL;
3354         }
3355 }
3356
3357 int bus_message_parse_fields(sd_bus_message *m) {
3358         size_t ri;
3359         int r;
3360         uint32_t unix_fds = 0;
3361
3362         assert(m);
3363
3364         for (ri = 0; ri < BUS_MESSAGE_FIELDS_SIZE(m); ) {
3365                 const char *signature;
3366                 uint8_t *header;
3367
3368                 r = message_peek_fields(m, &ri, 8, 1, (void**) &header);
3369                 if (r < 0)
3370                         return r;
3371
3372                 r = message_peek_field_signature(m, &ri, &signature);
3373                 if (r < 0)
3374                         return r;
3375
3376                 switch (*header) {
3377                 case _SD_BUS_MESSAGE_HEADER_INVALID:
3378                         return -EBADMSG;
3379
3380                 case SD_BUS_MESSAGE_HEADER_PATH:
3381
3382                         if (m->path)
3383                                 return -EBADMSG;
3384
3385                         if (!streq(signature, "o"))
3386                                 return -EBADMSG;
3387
3388                         r = message_peek_field_string(m, object_path_is_valid, &ri, &m->path);
3389                         break;
3390
3391                 case SD_BUS_MESSAGE_HEADER_INTERFACE:
3392
3393                         if (m->interface)
3394                                 return -EBADMSG;
3395
3396                         if (!streq(signature, "s"))
3397                                 return -EBADMSG;
3398
3399                         r = message_peek_field_string(m, interface_name_is_valid, &ri, &m->interface);
3400                         break;
3401
3402                 case SD_BUS_MESSAGE_HEADER_MEMBER:
3403
3404                         if (m->member)
3405                                 return -EBADMSG;
3406
3407                         if (!streq(signature, "s"))
3408                                 return -EBADMSG;
3409
3410                         r = message_peek_field_string(m, member_name_is_valid, &ri, &m->member);
3411                         break;
3412
3413                 case SD_BUS_MESSAGE_HEADER_ERROR_NAME:
3414
3415                         if (m->error.name)
3416                                 return -EBADMSG;
3417
3418                         if (!streq(signature, "s"))
3419                                 return -EBADMSG;
3420
3421                         r = message_peek_field_string(m, error_name_is_valid, &ri, &m->error.name);
3422                         break;
3423
3424                 case SD_BUS_MESSAGE_HEADER_DESTINATION:
3425
3426                         if (m->destination)
3427                                 return -EBADMSG;
3428
3429                         if (!streq(signature, "s"))
3430                                 return -EBADMSG;
3431
3432                         r = message_peek_field_string(m, service_name_is_valid, &ri, &m->destination);
3433                         break;
3434
3435                 case SD_BUS_MESSAGE_HEADER_SENDER:
3436
3437                         if (m->sender)
3438                                 return -EBADMSG;
3439
3440                         if (!streq(signature, "s"))
3441                                 return -EBADMSG;
3442
3443                         r = message_peek_field_string(m, service_name_is_valid, &ri, &m->sender);
3444                         break;
3445
3446
3447                 case SD_BUS_MESSAGE_HEADER_SIGNATURE: {
3448                         const char *s;
3449                         char *c;
3450
3451                         if (m->root_container.signature)
3452                                 return -EBADMSG;
3453
3454                         if (!streq(signature, "g"))
3455                                 return -EBADMSG;
3456
3457                         r = message_peek_field_signature(m, &ri, &s);
3458                         if (r < 0)
3459                                 return r;
3460
3461                         c = strdup(s);
3462                         if (!c)
3463                                 return -ENOMEM;
3464
3465                         free(m->root_container.signature);
3466                         m->root_container.signature = c;
3467                         break;
3468                 }
3469
3470                 case SD_BUS_MESSAGE_HEADER_REPLY_SERIAL:
3471                         if (m->reply_serial != 0)
3472                                 return -EBADMSG;
3473
3474                         if (!streq(signature, "u"))
3475                                 return -EBADMSG;
3476
3477                         r = message_peek_field_uint32(m, &ri, &m->reply_serial);
3478                         if (r < 0)
3479                                 return r;
3480
3481                         if (m->reply_serial == 0)
3482                                 return -EBADMSG;
3483
3484                         break;
3485
3486                 case SD_BUS_MESSAGE_HEADER_UNIX_FDS:
3487                         if (unix_fds != 0)
3488                                 return -EBADMSG;
3489
3490                         if (!streq(signature, "u"))
3491                                 return -EBADMSG;
3492
3493                         r = message_peek_field_uint32(m, &ri, &unix_fds);
3494                         if (r < 0)
3495                                 return -EBADMSG;
3496
3497                         if (unix_fds == 0)
3498                                 return -EBADMSG;
3499
3500                         break;
3501
3502                 default:
3503                         r = message_skip_fields(m, &ri, (uint32_t) -1, (const char **) &signature);
3504                 }
3505
3506                 if (r < 0)
3507                         return r;
3508         }
3509
3510         if (m->n_fds != unix_fds)
3511                 return -EBADMSG;
3512
3513         if (isempty(m->root_container.signature) != (BUS_MESSAGE_BODY_SIZE(m) == 0))
3514                 return -EBADMSG;
3515
3516         switch (m->header->type) {
3517
3518         case SD_BUS_MESSAGE_TYPE_SIGNAL:
3519                 if (!m->path || !m->interface || !m->member)
3520                         return -EBADMSG;
3521                 break;
3522
3523         case SD_BUS_MESSAGE_TYPE_METHOD_CALL:
3524
3525                 if (!m->path || !m->member)
3526                         return -EBADMSG;
3527
3528                 break;
3529
3530         case SD_BUS_MESSAGE_TYPE_METHOD_RETURN:
3531
3532                 if (m->reply_serial == 0)
3533                         return -EBADMSG;
3534                 break;
3535
3536         case SD_BUS_MESSAGE_TYPE_METHOD_ERROR:
3537
3538                 if (m->reply_serial == 0 || !m->error.name)
3539                         return -EBADMSG;
3540                 break;
3541         }
3542
3543         /* Try to read the error message, but if we can't it's a non-issue */
3544         if (m->header->type == SD_BUS_MESSAGE_TYPE_METHOD_ERROR)
3545                 sd_bus_message_read(m, "s", &m->error.message);
3546
3547         return 0;
3548 }
3549
3550 int bus_message_seal(sd_bus_message *m, uint64_t serial) {
3551         struct bus_body_part *part;
3552         size_t l, a;
3553         unsigned i;
3554         int r;
3555
3556         assert(m);
3557
3558         if (m->sealed)
3559                 return -EPERM;
3560
3561         if (m->n_containers > 0)
3562                 return -EBADMSG;
3563
3564         if (m->poisoned)
3565                 return -ESTALE;
3566
3567         /* If there's a non-trivial signature set, then add it in here */
3568         if (!isempty(m->root_container.signature)) {
3569                 r = message_append_field_signature(m, SD_BUS_MESSAGE_HEADER_SIGNATURE, m->root_container.signature, NULL);
3570                 if (r < 0)
3571                         return r;
3572         }
3573
3574         if (m->n_fds > 0) {
3575                 r = message_append_field_uint32(m, SD_BUS_MESSAGE_HEADER_UNIX_FDS, m->n_fds);
3576                 if (r < 0)
3577                         return r;
3578         }
3579
3580         /* Add padding at the end, since we know the body
3581          * needs to start at an 8 byte alignment. */
3582
3583         l = BUS_MESSAGE_FIELDS_SIZE(m);
3584         a = ALIGN8(l) - l;
3585         if (a > 0)
3586                 memset((uint8_t*) BUS_MESSAGE_FIELDS(m) + l, 0, a);
3587
3588         MESSAGE_FOREACH_PART(part, i, m)
3589                 if (part->memfd >= 0 && !part->sealed) {
3590                         ioctl(part->memfd, KDBUS_CMD_MEMFD_SEAL_SET, 1);
3591                         part->sealed = true;
3592                 }
3593
3594         m->header->serial = serial;
3595         m->sealed = true;
3596
3597         return 0;
3598 }
3599
3600 int sd_bus_message_set_destination(sd_bus_message *m, const char *destination) {
3601         if (!m)
3602                 return -EINVAL;
3603         if (!destination)
3604                 return -EINVAL;
3605         if (m->sealed)
3606                 return -EPERM;
3607         if (m->destination)
3608                 return -EEXIST;
3609
3610         return message_append_field_string(m, SD_BUS_MESSAGE_HEADER_DESTINATION, SD_BUS_TYPE_STRING, destination, &m->destination);
3611 }
3612
3613 int bus_message_dump(sd_bus_message *m) {
3614         const char *u = NULL, *uu = NULL, *s = NULL;
3615         char **cmdline = NULL;
3616         unsigned level = 1;
3617         int r;
3618         uid_t owner, audit_loginuid;
3619         uint32_t audit_sessionid;
3620
3621         assert(m);
3622
3623         printf("Message %p\n"
3624                "\tn_ref=%u\n"
3625                "\tendian=%c\n"
3626                "\ttype=%i\n"
3627                "\tflags=%u\n"
3628                "\tversion=%u\n"
3629                "\tserial=%u\n"
3630                "\tfields_size=%u\n"
3631                "\tbody_size=%u\n"
3632                "\tpath=%s\n"
3633                "\tinterface=%s\n"
3634                "\tmember=%s\n"
3635                "\tdestination=%s\n"
3636                "\tsender=%s\n"
3637                "\tsignature=%s\n"
3638                "\treply_serial=%u\n"
3639                "\terror.name=%s\n"
3640                "\terror.message=%s\n"
3641                "\tsealed=%s\n",
3642                m,
3643                m->n_ref,
3644                m->header->endian,
3645                m->header->type,
3646                m->header->flags,
3647                m->header->version,
3648                BUS_MESSAGE_SERIAL(m),
3649                BUS_MESSAGE_FIELDS_SIZE(m),
3650                BUS_MESSAGE_BODY_SIZE(m),
3651                strna(m->path),
3652                strna(m->interface),
3653                strna(m->member),
3654                strna(m->destination),
3655                strna(m->sender),
3656                strna(m->root_container.signature),
3657                m->reply_serial,
3658                strna(m->error.name),
3659                strna(m->error.message),
3660                yes_no(m->sealed));
3661
3662         if (m->pid != 0)
3663                 printf("\tpid=%lu\n", (unsigned long) m->pid);
3664         if (m->tid != 0)
3665                 printf("\ttid=%lu\n", (unsigned long) m->tid);
3666         if (m->uid_valid)
3667                 printf("\tuid=%lu\n", (unsigned long) m->uid);
3668         if (m->gid_valid)
3669                 printf("\tgid=%lu\n", (unsigned long) m->gid);
3670         if (m->pid_starttime != 0)
3671                 printf("\tpid_starttime=%llu\n", (unsigned long long) m->pid_starttime);
3672         if (m->monotonic != 0)
3673                 printf("\tmonotonic=%llu\n", (unsigned long long) m->monotonic);
3674         if (m->realtime != 0)
3675                 printf("\trealtime=%llu\n", (unsigned long long) m->realtime);
3676         if (m->exe)
3677                 printf("\texe=[%s]\n", m->exe);
3678         if (m->comm)
3679                 printf("\tcomm=[%s]\n", m->comm);
3680         if (m->tid_comm)
3681                 printf("\ttid_comm=[%s]\n", m->tid_comm);
3682         if (m->label)
3683                 printf("\tlabel=[%s]\n", m->label);
3684         if (m->cgroup)
3685                 printf("\tcgroup=[%s]\n", m->cgroup);
3686
3687         sd_bus_message_get_unit(m, &u);
3688         if (u)
3689                 printf("\tunit=[%s]\n", u);
3690         sd_bus_message_get_user_unit(m, &uu);
3691         if (uu)
3692                 printf("\tuser_unit=[%s]\n", uu);
3693         sd_bus_message_get_session(m, &s);
3694         if (s)
3695                 printf("\tsession=[%s]\n", s);
3696         if (sd_bus_message_get_owner_uid(m, &owner) >= 0)
3697                 printf("\towner_uid=%lu\n", (unsigned long) owner);
3698         if (sd_bus_message_get_audit_loginuid(m, &audit_loginuid) >= 0)
3699                 printf("\taudit_loginuid=%lu\n", (unsigned long) audit_loginuid);
3700         if (sd_bus_message_get_audit_sessionid(m, &audit_sessionid) >= 0)
3701                 printf("\taudit_sessionid=%lu\n", (unsigned long) audit_sessionid);
3702
3703         printf("\tCAP_KILL=%i\n", sd_bus_message_has_effective_cap(m, 5));
3704
3705         if (sd_bus_message_get_cmdline(m, &cmdline) >= 0) {
3706                 char **c;
3707
3708                 fputs("\tcmdline=[", stdout);
3709                 STRV_FOREACH(c, cmdline) {
3710                         if (c != cmdline)
3711                                 putchar(' ');
3712
3713                         fputs(*c, stdout);
3714                 }
3715
3716                 fputs("]\n", stdout);
3717         }
3718
3719         r = sd_bus_message_rewind(m, true);
3720         if (r < 0) {
3721                 log_error("Failed to rewind: %s", strerror(-r));
3722                 return r;