1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2013 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
34 #include "sd-daemon.h"
37 #include "bus-socket.h"
38 #include "bus-internal.h"
39 #include "bus-message.h"
41 static void iovec_advance(struct iovec iov[], unsigned *idx, size_t size) {
44 struct iovec *i = iov + *idx;
46 if (i->iov_len > size) {
47 i->iov_base = (uint8_t*) i->iov_base + size;
61 bool bus_socket_auth_needs_write(sd_bus *b) {
65 if (b->auth_index >= ELEMENTSOF(b->auth_iovec))
68 for (i = b->auth_index; i < ELEMENTSOF(b->auth_iovec); i++) {
69 struct iovec *j = b->auth_iovec + i;
78 static int bus_socket_write_auth(sd_bus *b) {
82 assert(b->state == BUS_AUTHENTICATING);
84 if (!bus_socket_auth_needs_write(b))
88 k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
93 mh.msg_iov = b->auth_iovec + b->auth_index;
94 mh.msg_iovlen = ELEMENTSOF(b->auth_iovec) - b->auth_index;
96 k = sendmsg(b->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
97 if (k < 0 && errno == ENOTSOCK) {
98 b->prefer_writev = true;
99 k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
104 return errno == EAGAIN ? 0 : -errno;
106 iovec_advance(b->auth_iovec, &b->auth_index, (size_t) k);
110 static int bus_socket_auth_verify_client(sd_bus *b) {
118 /* We expect two response lines: "OK" and possibly
121 e = memmem(b->rbuffer, b->rbuffer_size, "\r\n", 2);
125 if (b->negotiate_fds) {
126 f = memmem(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2);
136 /* Nice! We got all the lines we need. First check the OK
139 if (e - (char*) b->rbuffer != 3 + 32)
142 if (memcmp(b->rbuffer, "OK ", 3))
145 b->auth = b->anonymous_auth ? BUS_AUTH_ANONYMOUS : BUS_AUTH_EXTERNAL;
147 for (i = 0; i < 32; i += 2) {
150 x = unhexchar(((char*) b->rbuffer)[3 + i]);
151 y = unhexchar(((char*) b->rbuffer)[3 + i + 1]);
156 peer.bytes[i/2] = ((uint8_t) x << 4 | (uint8_t) y);
159 if (!sd_id128_equal(b->server_id, SD_ID128_NULL) &&
160 !sd_id128_equal(b->server_id, peer))
165 /* And possibly check the second line, too */
169 (f - e == sizeof("\r\nAGREE_UNIX_FD") - 1) &&
170 memcmp(e + 2, "AGREE_UNIX_FD", sizeof("AGREE_UNIX_FD") - 1) == 0;
172 b->rbuffer_size -= (start - (char*) b->rbuffer);
173 memmove(b->rbuffer, start, b->rbuffer_size);
175 r = bus_start_running(b);
182 static bool line_equals(const char *s, size_t m, const char *line) {
189 return memcmp(s, line, l) == 0;
192 static bool line_begins(const char *s, size_t m, const char *word) {
199 if (memcmp(s, word, l) != 0)
202 return m == l || (m > l && s[l] == ' ');
205 static int verify_anonymous_token(sd_bus *b, const char *p, size_t l) {
206 _cleanup_free_ char *token = NULL;
208 if (!b->anonymous_auth)
219 token = unhexmem(p, l);
223 if (memchr(token, 0, l/2))
226 return !!utf8_is_valid(token);
229 static int verify_external_token(sd_bus *b, const char *p, size_t l) {
230 _cleanup_free_ char *token = NULL;
234 /* We don't do any real authentication here. Instead, we if
235 * the owner of this bus wanted authentication he should have
236 * checked SO_PEERCRED before even creating the bus object. */
238 if (!b->anonymous_auth && !b->ucred_valid)
250 token = unhexmem(p, l);
254 if (memchr(token, 0, l/2))
257 r = parse_uid(token, &u);
261 /* We ignore the passed value if anonymous authentication is
263 if (!b->anonymous_auth && u != b->ucred.uid)
269 static int bus_socket_auth_write(sd_bus *b, const char *t) {
276 /* We only make use of the first iovec */
277 assert(b->auth_index == 0 || b->auth_index == 1);
280 p = malloc(b->auth_iovec[0].iov_len + l);
284 memcpy(p, b->auth_iovec[0].iov_base, b->auth_iovec[0].iov_len);
285 memcpy(p + b->auth_iovec[0].iov_len, t, l);
287 b->auth_iovec[0].iov_base = p;
288 b->auth_iovec[0].iov_len += l;
290 free(b->auth_buffer);
296 static int bus_socket_auth_write_ok(sd_bus *b) {
297 char t[3 + 32 + 2 + 1];
301 snprintf(t, sizeof(t), "OK " SD_ID128_FORMAT_STR "\r\n", SD_ID128_FORMAT_VAL(b->server_id));
304 return bus_socket_auth_write(b, t);
307 static int bus_socket_auth_verify_server(sd_bus *b) {
311 bool processed = false;
316 if (b->rbuffer_size < 1)
319 /* First char must be a NUL byte */
320 if (*(char*) b->rbuffer != 0)
323 if (b->rbuffer_size < 3)
326 /* Begin with the first line */
327 if (b->auth_rbegin <= 0)
331 /* Check if line is complete */
332 line = (char*) b->rbuffer + b->auth_rbegin;
333 e = memmem(line, b->rbuffer_size - b->auth_rbegin, "\r\n", 2);
339 if (line_begins(line, l, "AUTH ANONYMOUS")) {
341 r = verify_anonymous_token(b, line + 14, l - 14);
345 r = bus_socket_auth_write(b, "REJECTED\r\n");
347 b->auth = BUS_AUTH_ANONYMOUS;
348 r = bus_socket_auth_write_ok(b);
351 } else if (line_begins(line, l, "AUTH EXTERNAL")) {
353 r = verify_external_token(b, line + 13, l - 13);
357 r = bus_socket_auth_write(b, "REJECTED\r\n");
359 b->auth = BUS_AUTH_EXTERNAL;
360 r = bus_socket_auth_write_ok(b);
363 } else if (line_begins(line, l, "AUTH"))
364 r = bus_socket_auth_write(b, "REJECTED EXTERNAL ANONYMOUS\r\n");
365 else if (line_equals(line, l, "CANCEL") ||
366 line_begins(line, l, "ERROR")) {
368 b->auth = _BUS_AUTH_INVALID;
369 r = bus_socket_auth_write(b, "REJECTED\r\n");
371 } else if (line_equals(line, l, "BEGIN")) {
373 if (b->auth == _BUS_AUTH_INVALID)
374 r = bus_socket_auth_write(b, "ERROR\r\n");
376 /* We can't leave from the auth phase
377 * before we haven't written
378 * everything queued, so let's check
381 if (bus_socket_auth_needs_write(b))
384 b->rbuffer_size -= (e + 2 - (char*) b->rbuffer);
385 memmove(b->rbuffer, e + 2, b->rbuffer_size);
386 return bus_start_running(b);
389 } else if (line_begins(line, l, "DATA")) {
391 if (b->auth == _BUS_AUTH_INVALID)
392 r = bus_socket_auth_write(b, "ERROR\r\n");
394 if (b->auth == BUS_AUTH_ANONYMOUS)
395 r = verify_anonymous_token(b, line + 4, l - 4);
397 r = verify_external_token(b, line + 4, l - 4);
402 b->auth = _BUS_AUTH_INVALID;
403 r = bus_socket_auth_write(b, "REJECTED\r\n");
405 r = bus_socket_auth_write_ok(b);
407 } else if (line_equals(line, l, "NEGOTIATE_UNIX_FD")) {
408 if (b->auth == _BUS_AUTH_INVALID || !b->negotiate_fds)
409 r = bus_socket_auth_write(b, "ERROR\r\n");
412 r = bus_socket_auth_write(b, "AGREE_UNIX_FD\r\n");
415 r = bus_socket_auth_write(b, "ERROR\r\n");
420 b->auth_rbegin = e + 2 - (char*) b->rbuffer;
426 static int bus_socket_auth_verify(sd_bus *b) {
430 return bus_socket_auth_verify_server(b);
432 return bus_socket_auth_verify_client(b);
435 static int bus_socket_read_auth(sd_bus *b) {
443 struct cmsghdr cmsghdr;
444 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX) +
445 CMSG_SPACE(sizeof(struct ucred)) +
446 CMSG_SPACE(NAME_MAX)]; /*selinux label */
448 struct cmsghdr *cmsg;
449 bool handle_cmsg = false;
452 assert(b->state == BUS_AUTHENTICATING);
454 r = bus_socket_auth_verify(b);
458 n = MAX(256, b->rbuffer_size * 2);
460 if (n > BUS_AUTH_SIZE_MAX)
461 n = BUS_AUTH_SIZE_MAX;
463 if (b->rbuffer_size >= n)
466 p = realloc(b->rbuffer, n);
473 iov.iov_base = (uint8_t*) b->rbuffer + b->rbuffer_size;
474 iov.iov_len = n - b->rbuffer_size;
477 k = readv(b->input_fd, &iov, 1);
482 mh.msg_control = &control;
483 mh.msg_controllen = sizeof(control);
485 k = recvmsg(b->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
486 if (k < 0 && errno == ENOTSOCK) {
487 b->prefer_readv = true;
488 k = readv(b->input_fd, &iov, 1);
493 return errno == EAGAIN ? 0 : -errno;
497 b->rbuffer_size += k;
500 for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) {
501 if (cmsg->cmsg_level == SOL_SOCKET &&
502 cmsg->cmsg_type == SCM_RIGHTS) {
505 /* Whut? We received fds during the auth
506 * protocol? Somebody is playing games with
507 * us. Close them all, and fail */
508 j = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
509 close_many((int*) CMSG_DATA(cmsg), j);
512 } else if (cmsg->cmsg_level == SOL_SOCKET &&
513 cmsg->cmsg_type == SCM_CREDENTIALS &&
514 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
516 memcpy(&b->ucred, CMSG_DATA(cmsg), sizeof(struct ucred));
517 b->ucred_valid = true;
519 } else if (cmsg->cmsg_level == SOL_SOCKET &&
520 cmsg->cmsg_type == SCM_SECURITY) {
523 l = cmsg->cmsg_len - CMSG_LEN(0);
524 memcpy(&b->label, CMSG_DATA(cmsg), l);
530 r = bus_socket_auth_verify(b);
537 static int bus_socket_setup(sd_bus *b) {
542 /* Enable SO_PASSCRED + SO_PASSEC. We try this on any
543 * socket, just in case. */
544 enable = !b->bus_client;
545 setsockopt(b->input_fd, SOL_SOCKET, SO_PASSCRED, &enable, sizeof(enable));
546 setsockopt(b->input_fd, SOL_SOCKET, SO_PASSSEC, &enable, sizeof(enable));
548 /* Increase the buffers to a MB */
549 fd_inc_rcvbuf(b->input_fd, 1024*1024);
550 fd_inc_sndbuf(b->output_fd, 1024*1024);
555 static int bus_socket_start_auth_client(sd_bus *b) {
557 const char *auth_suffix, *auth_prefix;
561 if (b->anonymous_auth) {
562 auth_prefix = "\0AUTH ANONYMOUS ";
564 /* For ANONYMOUS auth we send some arbitrary "trace" string */
566 b->auth_buffer = hexmem("anonymous", l);
568 char text[20 + 1]; /* enough space for a 64bit integer plus NUL */
570 auth_prefix = "\0AUTH EXTERNAL ";
572 snprintf(text, sizeof(text), "%lu", (unsigned long) geteuid());
576 b->auth_buffer = hexmem(text, l);
582 if (b->negotiate_fds)
583 auth_suffix = "\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n";
585 auth_suffix = "\r\nBEGIN\r\n";
587 b->auth_iovec[0].iov_base = (void*) auth_prefix;
588 b->auth_iovec[0].iov_len = 1 + strlen(auth_prefix + 1);
589 b->auth_iovec[1].iov_base = (void*) b->auth_buffer;
590 b->auth_iovec[1].iov_len = l * 2;
591 b->auth_iovec[2].iov_base = (void*) auth_suffix;
592 b->auth_iovec[2].iov_len = strlen(auth_suffix);
594 return bus_socket_write_auth(b);
597 static int bus_socket_start_auth(sd_bus *b) {
600 b->state = BUS_AUTHENTICATING;
601 b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_DEFAULT_TIMEOUT;
603 if (sd_is_socket(b->input_fd, AF_UNIX, 0, 0) <= 0)
604 b->negotiate_fds = false;
606 if (b->output_fd != b->input_fd)
607 if (sd_is_socket(b->output_fd, AF_UNIX, 0, 0) <= 0)
608 b->negotiate_fds = false;
611 return bus_socket_read_auth(b);
613 return bus_socket_start_auth_client(b);
616 int bus_socket_connect(sd_bus *b) {
620 assert(b->input_fd < 0);
621 assert(b->output_fd < 0);
622 assert(b->sockaddr.sa.sa_family != AF_UNSPEC);
624 b->input_fd = socket(b->sockaddr.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
628 b->output_fd = b->input_fd;
630 r = bus_socket_setup(b);
634 r = connect(b->input_fd, &b->sockaddr.sa, b->sockaddr_size);
636 if (errno == EINPROGRESS)
642 return bus_socket_start_auth(b);
645 int bus_socket_exec(sd_bus *b) {
650 assert(b->input_fd < 0);
651 assert(b->output_fd < 0);
652 assert(b->exec_path);
654 r = socketpair(AF_UNIX, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0, s);
666 reset_all_signal_handlers();
668 close_all_fds(s+1, 1);
670 assert_se(dup3(s[1], STDIN_FILENO, 0) == STDIN_FILENO);
671 assert_se(dup3(s[1], STDOUT_FILENO, 0) == STDOUT_FILENO);
673 if (s[1] != STDIN_FILENO && s[1] != STDOUT_FILENO)
674 close_nointr_nofail(s[1]);
676 fd_cloexec(STDIN_FILENO, false);
677 fd_cloexec(STDOUT_FILENO, false);
678 fd_nonblock(STDIN_FILENO, false);
679 fd_nonblock(STDOUT_FILENO, false);
682 execvp(b->exec_path, b->exec_argv);
684 const char *argv[] = { b->exec_path, NULL };
685 execvp(b->exec_path, (char**) argv);
691 close_nointr_nofail(s[1]);
692 b->output_fd = b->input_fd = s[0];
694 return bus_socket_start_auth(b);
697 int bus_socket_take_fd(sd_bus *b) {
701 r = bus_socket_setup(b);
705 return bus_socket_start_auth(b);
708 int bus_socket_write_message(sd_bus *bus, sd_bus_message *m, size_t *idx) {
717 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
722 n = m->n_iovec * sizeof(struct iovec);
724 memcpy(iov, m->iovec, n);
727 iovec_advance(iov, &j, *idx);
729 if (bus->prefer_writev)
730 k = writev(bus->output_fd, iov, m->n_iovec);
736 struct cmsghdr *control;
737 control = alloca(CMSG_SPACE(sizeof(int) * m->n_fds));
739 mh.msg_control = control;
740 control->cmsg_level = SOL_SOCKET;
741 control->cmsg_type = SCM_RIGHTS;
742 mh.msg_controllen = control->cmsg_len = CMSG_LEN(sizeof(int) * m->n_fds);
743 memcpy(CMSG_DATA(control), m->fds, sizeof(int) * m->n_fds);
747 mh.msg_iovlen = m->n_iovec;
749 k = sendmsg(bus->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
750 if (k < 0 && errno == ENOTSOCK) {
751 bus->prefer_writev = true;
752 k = writev(bus->output_fd, iov, m->n_iovec);
757 return errno == EAGAIN ? 0 : -errno;
763 static int bus_socket_read_message_need(sd_bus *bus, size_t *need) {
770 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
772 if (bus->rbuffer_size < sizeof(struct bus_header)) {
773 *need = sizeof(struct bus_header) + 8;
775 /* Minimum message size:
779 * Method Call: +2 string headers
780 * Signal: +3 string headers
781 * Method Error: +1 string headers
783 * Method Reply: +1 uint32 headers
785 * A string header is at least 9 bytes
786 * A uint32 header is at least 8 bytes
788 * Hence the minimum message size of a valid message
789 * is header + 8 bytes */
794 a = ((const uint32_t*) bus->rbuffer)[1];
795 b = ((const uint32_t*) bus->rbuffer)[3];
797 e = ((const uint8_t*) bus->rbuffer)[0];
798 if (e == SD_BUS_LITTLE_ENDIAN) {
801 } else if (e == SD_BUS_BIG_ENDIAN) {
807 sum = (uint64_t) sizeof(struct bus_header) + (uint64_t) ALIGN_TO(b, 8) + (uint64_t) a;
808 if (sum >= BUS_MESSAGE_SIZE_MAX)
811 *need = (size_t) sum;
815 static int bus_socket_make_message(sd_bus *bus, size_t size, sd_bus_message **m) {
822 assert(bus->rbuffer_size >= size);
823 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
825 if (bus->rbuffer_size > size) {
826 b = memdup((const uint8_t*) bus->rbuffer + size,
827 bus->rbuffer_size - size);
833 r = bus_message_from_malloc(bus->rbuffer, size,
834 bus->fds, bus->n_fds,
835 bus->ucred_valid ? &bus->ucred : NULL,
836 bus->label[0] ? bus->label : NULL,
844 bus->rbuffer_size -= size;
853 int bus_socket_read_message(sd_bus *bus, sd_bus_message **m) {
861 struct cmsghdr cmsghdr;
862 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX) +
863 CMSG_SPACE(sizeof(struct ucred)) +
864 CMSG_SPACE(NAME_MAX)]; /*selinux label */
866 struct cmsghdr *cmsg;
871 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
873 r = bus_socket_read_message_need(bus, &need);
877 if (bus->rbuffer_size >= need)
878 return bus_socket_make_message(bus, need, m);
880 b = realloc(bus->rbuffer, need);
887 iov.iov_base = (uint8_t*) bus->rbuffer + bus->rbuffer_size;
888 iov.iov_len = need - bus->rbuffer_size;
890 if (bus->prefer_readv)
891 k = readv(bus->input_fd, &iov, 1);
896 mh.msg_control = &control;
897 mh.msg_controllen = sizeof(control);
899 k = recvmsg(bus->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
900 if (k < 0 && errno == ENOTSOCK) {
901 bus->prefer_readv = true;
902 k = readv(bus->input_fd, &iov, 1);
907 return errno == EAGAIN ? 0 : -errno;
911 bus->rbuffer_size += k;
914 for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) {
915 if (cmsg->cmsg_level == SOL_SOCKET &&
916 cmsg->cmsg_type == SCM_RIGHTS) {
919 n = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
922 /* Whut? We received fds but this
923 * isn't actually enabled? Close them,
926 close_many((int*) CMSG_DATA(cmsg), n);
930 f = realloc(bus->fds, sizeof(int) + (bus->n_fds + n));
932 close_many((int*) CMSG_DATA(cmsg), n);
936 memcpy(f + bus->n_fds, CMSG_DATA(cmsg), n * sizeof(int));
939 } else if (cmsg->cmsg_level == SOL_SOCKET &&
940 cmsg->cmsg_type == SCM_CREDENTIALS &&
941 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
943 memcpy(&bus->ucred, CMSG_DATA(cmsg), sizeof(struct ucred));
944 bus->ucred_valid = true;
946 } else if (cmsg->cmsg_level == SOL_SOCKET &&
947 cmsg->cmsg_type == SCM_SECURITY) {
950 l = cmsg->cmsg_len - CMSG_LEN(0);
951 memcpy(&bus->label, CMSG_DATA(cmsg), l);
957 r = bus_socket_read_message_need(bus, &need);
961 if (bus->rbuffer_size >= need)
962 return bus_socket_make_message(bus, need, m);
967 int bus_socket_process_opening(sd_bus *b) {
969 socklen_t slen = sizeof(error);
974 assert(b->state == BUS_OPENING);
984 if (!(p.revents & (POLLOUT|POLLERR|POLLHUP)))
987 r = getsockopt(b->output_fd, SOL_SOCKET, SO_ERROR, &error, &slen);
989 b->last_connect_error = errno;
991 b->last_connect_error = error;
992 else if (p.revents & (POLLERR|POLLHUP))
993 b->last_connect_error = ECONNREFUSED;
995 return bus_socket_start_auth(b);
997 return bus_next_address(b);
1000 int bus_socket_process_authenticating(sd_bus *b) {
1004 assert(b->state == BUS_AUTHENTICATING);
1006 if (now(CLOCK_MONOTONIC) >= b->auth_timeout)
1009 r = bus_socket_write_auth(b);
1013 return bus_socket_read_auth(b);