1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2013 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
34 #include "sd-daemon.h"
37 #include "bus-socket.h"
38 #include "bus-internal.h"
39 #include "bus-message.h"
41 static void iovec_advance(struct iovec iov[], unsigned *idx, size_t size) {
44 struct iovec *i = iov + *idx;
46 if (i->iov_len > size) {
47 i->iov_base = (uint8_t*) i->iov_base + size;
61 bool bus_socket_auth_needs_write(sd_bus *b) {
65 if (b->auth_index >= ELEMENTSOF(b->auth_iovec))
68 for (i = b->auth_index; i < ELEMENTSOF(b->auth_iovec); i++) {
69 struct iovec *j = b->auth_iovec + i;
78 static int bus_socket_write_auth(sd_bus *b) {
82 assert(b->state == BUS_AUTHENTICATING);
84 if (!bus_socket_auth_needs_write(b))
88 k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
93 mh.msg_iov = b->auth_iovec + b->auth_index;
94 mh.msg_iovlen = ELEMENTSOF(b->auth_iovec) - b->auth_index;
96 k = sendmsg(b->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
97 if (k < 0 && errno == ENOTSOCK) {
98 b->prefer_writev = true;
99 k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
104 return errno == EAGAIN ? 0 : -errno;
106 iovec_advance(b->auth_iovec, &b->auth_index, (size_t) k);
110 static int bus_socket_auth_verify_client(sd_bus *b) {
118 /* We expect two response lines: "OK" and possibly
121 e = memmem(b->rbuffer, b->rbuffer_size, "\r\n", 2);
125 if (b->negotiate_fds) {
126 f = memmem(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2);
136 /* Nice! We got all the lines we need. First check the OK
139 if (e - (char*) b->rbuffer != 3 + 32)
142 if (memcmp(b->rbuffer, "OK ", 3))
145 b->auth = b->anonymous_auth ? BUS_AUTH_ANONYMOUS : BUS_AUTH_EXTERNAL;
147 for (i = 0; i < 32; i += 2) {
150 x = unhexchar(((char*) b->rbuffer)[3 + i]);
151 y = unhexchar(((char*) b->rbuffer)[3 + i + 1]);
156 peer.bytes[i/2] = ((uint8_t) x << 4 | (uint8_t) y);
159 if (!sd_id128_equal(b->server_id, SD_ID128_NULL) &&
160 !sd_id128_equal(b->server_id, peer))
165 /* And possibly check the second line, too */
169 (f - e == sizeof("\r\nAGREE_UNIX_FD") - 1) &&
170 memcmp(e + 2, "AGREE_UNIX_FD", sizeof("AGREE_UNIX_FD") - 1) == 0;
172 b->rbuffer_size -= (start - (char*) b->rbuffer);
173 memmove(b->rbuffer, start, b->rbuffer_size);
175 r = bus_start_running(b);
182 static bool line_equals(const char *s, size_t m, const char *line) {
189 return memcmp(s, line, l) == 0;
192 static bool line_begins(const char *s, size_t m, const char *word) {
199 if (memcmp(s, word, l) != 0)
202 return m == l || (m > l && s[l] == ' ');
205 static int verify_anonymous_token(sd_bus *b, const char *p, size_t l) {
206 _cleanup_free_ char *token = NULL;
208 if (!b->anonymous_auth)
219 token = unhexmem(p, l);
223 if (memchr(token, 0, l/2))
226 return !!utf8_is_valid(token);
229 static int verify_external_token(sd_bus *b, const char *p, size_t l) {
230 _cleanup_free_ char *token = NULL;
234 /* We don't do any real authentication here. Instead, we if
235 * the owner of this bus wanted authentication he should have
236 * checked SO_PEERCRED before even creating the bus object. */
250 token = unhexmem(p, l);
254 if (memchr(token, 0, l/2))
257 r = parse_uid(token, &u);
261 if (u != b->ucred.uid)
267 static int bus_socket_auth_write(sd_bus *b, const char *t) {
274 /* We only make use of the first iovec */
275 assert(b->auth_index == 0 || b->auth_index == 1);
278 p = malloc(b->auth_iovec[0].iov_len + l);
282 memcpy(p, b->auth_iovec[0].iov_base, b->auth_iovec[0].iov_len);
283 memcpy(p + b->auth_iovec[0].iov_len, t, l);
285 b->auth_iovec[0].iov_base = p;
286 b->auth_iovec[0].iov_len += l;
288 free(b->auth_buffer);
294 static int bus_socket_auth_write_ok(sd_bus *b) {
295 char t[3 + 32 + 2 + 1];
299 snprintf(t, sizeof(t), "OK " SD_ID128_FORMAT_STR "\r\n", SD_ID128_FORMAT_VAL(b->server_id));
302 return bus_socket_auth_write(b, t);
305 static int bus_socket_auth_verify_server(sd_bus *b) {
309 bool processed = false;
314 if (b->rbuffer_size < 3)
317 /* First char must be a NUL byte */
318 if (*(char*) b->rbuffer != 0)
321 /* Begin with the first line */
322 if (b->auth_rbegin <= 0)
326 /* Check if line is complete */
327 line = (char*) b->rbuffer + b->auth_rbegin;
328 e = memmem(line, b->rbuffer_size - b->auth_rbegin, "\r\n", 2);
334 if (line_begins(line, l, "AUTH ANONYMOUS")) {
336 r = verify_anonymous_token(b, line + 14, l - 14);
340 r = bus_socket_auth_write(b, "REJECTED\r\n");
342 b->auth = BUS_AUTH_ANONYMOUS;
343 r = bus_socket_auth_write_ok(b);
346 } else if (line_begins(line, l, "AUTH EXTERNAL")) {
348 r = verify_external_token(b, line + 13, l - 13);
352 r = bus_socket_auth_write(b, "REJECTED\r\n");
354 b->auth = BUS_AUTH_EXTERNAL;
355 r = bus_socket_auth_write_ok(b);
358 } else if (line_begins(line, l, "AUTH"))
359 r = bus_socket_auth_write(b, "REJECTED EXTERNAL ANONYMOUS\r\n");
360 else if (line_equals(line, l, "CANCEL") ||
361 line_begins(line, l, "ERROR")) {
363 b->auth = _BUS_AUTH_INVALID;
364 r = bus_socket_auth_write(b, "REJECTED\r\n");
366 } else if (line_equals(line, l, "BEGIN")) {
368 if (b->auth == _BUS_AUTH_INVALID)
369 r = bus_socket_auth_write(b, "ERROR\r\n");
371 /* We can't leave from the auth phase
372 * before we haven't written
373 * everything queued, so let's check
376 if (bus_socket_auth_needs_write(b))
379 b->rbuffer_size -= (e + 2 - (char*) b->rbuffer);
380 memmove(b->rbuffer, e + 2, b->rbuffer_size);
381 return bus_start_running(b);
384 } else if (line_begins(line, l, "DATA")) {
386 if (b->auth == _BUS_AUTH_INVALID)
387 r = bus_socket_auth_write(b, "ERROR\r\n");
389 if (b->auth == BUS_AUTH_ANONYMOUS)
390 r = verify_anonymous_token(b, line + 4, l - 4);
392 r = verify_external_token(b, line + 4, l - 4);
397 b->auth = _BUS_AUTH_INVALID;
398 r = bus_socket_auth_write(b, "REJECTED\r\n");
400 r = bus_socket_auth_write_ok(b);
402 } else if (line_equals(line, l, "NEGOTIATE_UNIX_FD")) {
403 if (b->auth == _BUS_AUTH_INVALID || !b->negotiate_fds)
404 r = bus_socket_auth_write(b, "ERROR\r\n");
407 r = bus_socket_auth_write(b, "AGREE_UNIX_FD\r\n");
410 r = bus_socket_auth_write(b, "ERROR\r\n");
415 b->auth_rbegin = e + 2 - (char*) b->rbuffer;
421 static int bus_socket_auth_verify(sd_bus *b) {
425 return bus_socket_auth_verify_server(b);
427 return bus_socket_auth_verify_client(b);
430 static int bus_socket_read_auth(sd_bus *b) {
438 struct cmsghdr cmsghdr;
439 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX) +
440 CMSG_SPACE(sizeof(struct ucred)) +
441 CMSG_SPACE(NAME_MAX)]; /*selinux label */
443 struct cmsghdr *cmsg;
444 bool handle_cmsg = false;
447 assert(b->state == BUS_AUTHENTICATING);
449 r = bus_socket_auth_verify(b);
453 n = MAX(256, b->rbuffer_size * 2);
455 if (n > BUS_AUTH_SIZE_MAX)
456 n = BUS_AUTH_SIZE_MAX;
458 if (b->rbuffer_size >= n)
461 p = realloc(b->rbuffer, n);
468 iov.iov_base = (uint8_t*) b->rbuffer + b->rbuffer_size;
469 iov.iov_len = n - b->rbuffer_size;
472 k = readv(b->input_fd, &iov, 1);
477 mh.msg_control = &control;
478 mh.msg_controllen = sizeof(control);
480 k = recvmsg(b->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
481 if (k < 0 && errno == ENOTSOCK) {
482 b->prefer_readv = true;
483 k = readv(b->input_fd, &iov, 1);
488 return errno == EAGAIN ? 0 : -errno;
492 b->rbuffer_size += k;
495 for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) {
496 if (cmsg->cmsg_level == SOL_SOCKET &&
497 cmsg->cmsg_type == SCM_RIGHTS) {
500 /* Whut? We received fds during the auth
501 * protocol? Somebody is playing games with
502 * us. Close them all, and fail */
503 j = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
504 close_many((int*) CMSG_DATA(cmsg), j);
507 } else if (cmsg->cmsg_level == SOL_SOCKET &&
508 cmsg->cmsg_type == SCM_CREDENTIALS &&
509 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
511 memcpy(&b->ucred, CMSG_DATA(cmsg), sizeof(struct ucred));
512 b->ucred_valid = true;
514 } else if (cmsg->cmsg_level == SOL_SOCKET &&
515 cmsg->cmsg_type == SCM_SECURITY) {
518 l = cmsg->cmsg_len - CMSG_LEN(0);
519 memcpy(&b->label, CMSG_DATA(cmsg), l);
525 r = bus_socket_auth_verify(b);
532 static int bus_socket_setup(sd_bus *b) {
537 /* Enable SO_PASSCRED + SO_PASSEC. We try this on any
538 * socket, just in case. */
539 enable = !b->bus_client;
540 setsockopt(b->input_fd, SOL_SOCKET, SO_PASSCRED, &enable, sizeof(enable));
541 setsockopt(b->input_fd, SOL_SOCKET, SO_PASSSEC, &enable, sizeof(enable));
543 /* Increase the buffers to a MB */
544 fd_inc_rcvbuf(b->input_fd, 1024*1024);
545 fd_inc_sndbuf(b->output_fd, 1024*1024);
550 static int bus_socket_start_auth_client(sd_bus *b) {
552 const char *auth_suffix, *auth_prefix;
556 if (b->anonymous_auth) {
557 auth_prefix = "\0AUTH ANONYMOUS ";
559 /* For ANONYMOUS auth we send some arbitrary "trace" string */
561 b->auth_buffer = hexmem("anonymous", l);
563 char text[20 + 1]; /* enough space for a 64bit integer plus NUL */
565 auth_prefix = "\0AUTH EXTERNAL ";
567 snprintf(text, sizeof(text), "%lu", (unsigned long) geteuid());
571 b->auth_buffer = hexmem(text, l);
577 if (b->negotiate_fds)
578 auth_suffix = "\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n";
580 auth_suffix = "\r\nBEGIN\r\n";
582 b->auth_iovec[0].iov_base = (void*) auth_prefix;
583 b->auth_iovec[0].iov_len = 1 + strlen(auth_prefix + 1);
584 b->auth_iovec[1].iov_base = (void*) b->auth_buffer;
585 b->auth_iovec[1].iov_len = l * 2;
586 b->auth_iovec[2].iov_base = (void*) auth_suffix;
587 b->auth_iovec[2].iov_len = strlen(auth_suffix);
589 return bus_socket_write_auth(b);
592 static int bus_socket_start_auth(sd_bus *b) {
595 b->state = BUS_AUTHENTICATING;
596 b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_DEFAULT_TIMEOUT;
598 if (sd_is_socket(b->input_fd, AF_UNIX, 0, 0) <= 0)
599 b->negotiate_fds = false;
601 if (b->output_fd != b->input_fd)
602 if (sd_is_socket(b->output_fd, AF_UNIX, 0, 0) <= 0)
603 b->negotiate_fds = false;
606 return bus_socket_read_auth(b);
608 return bus_socket_start_auth_client(b);
611 int bus_socket_connect(sd_bus *b) {
615 assert(b->input_fd < 0);
616 assert(b->output_fd < 0);
617 assert(b->sockaddr.sa.sa_family != AF_UNSPEC);
619 b->input_fd = socket(b->sockaddr.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
623 b->output_fd = b->input_fd;
625 r = bus_socket_setup(b);
629 r = connect(b->input_fd, &b->sockaddr.sa, b->sockaddr_size);
631 if (errno == EINPROGRESS)
637 return bus_socket_start_auth(b);
640 int bus_socket_exec(sd_bus *b) {
645 assert(b->input_fd < 0);
646 assert(b->output_fd < 0);
647 assert(b->exec_path);
649 r = socketpair(AF_UNIX, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0, s);
661 reset_all_signal_handlers();
663 close_all_fds(s+1, 1);
665 assert_se(dup3(s[1], STDIN_FILENO, 0) == STDIN_FILENO);
666 assert_se(dup3(s[1], STDOUT_FILENO, 0) == STDOUT_FILENO);
668 if (s[1] != STDIN_FILENO && s[1] != STDOUT_FILENO)
669 close_nointr_nofail(s[1]);
671 fd_cloexec(STDIN_FILENO, false);
672 fd_cloexec(STDOUT_FILENO, false);
673 fd_nonblock(STDIN_FILENO, false);
674 fd_nonblock(STDOUT_FILENO, false);
677 execvp(b->exec_path, b->exec_argv);
679 const char *argv[] = { b->exec_path, NULL };
680 execvp(b->exec_path, (char**) argv);
686 close_nointr_nofail(s[1]);
687 b->output_fd = b->input_fd = s[0];
689 return bus_socket_start_auth(b);
692 int bus_socket_take_fd(sd_bus *b) {
696 r = bus_socket_setup(b);
700 return bus_socket_start_auth(b);
703 int bus_socket_write_message(sd_bus *bus, sd_bus_message *m, size_t *idx) {
712 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
717 n = m->n_iovec * sizeof(struct iovec);
719 memcpy(iov, m->iovec, n);
722 iovec_advance(iov, &j, *idx);
724 if (bus->prefer_writev)
725 k = writev(bus->output_fd, iov, m->n_iovec);
731 struct cmsghdr *control;
732 control = alloca(CMSG_SPACE(sizeof(int) * m->n_fds));
734 mh.msg_control = control;
735 control->cmsg_level = SOL_SOCKET;
736 control->cmsg_type = SCM_RIGHTS;
737 mh.msg_controllen = control->cmsg_len = CMSG_LEN(sizeof(int) * m->n_fds);
738 memcpy(CMSG_DATA(control), m->fds, sizeof(int) * m->n_fds);
742 mh.msg_iovlen = m->n_iovec;
744 k = sendmsg(bus->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
745 if (k < 0 && errno == ENOTSOCK) {
746 bus->prefer_writev = true;
747 k = writev(bus->output_fd, iov, m->n_iovec);
752 return errno == EAGAIN ? 0 : -errno;
758 static int bus_socket_read_message_need(sd_bus *bus, size_t *need) {
765 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
767 if (bus->rbuffer_size < sizeof(struct bus_header)) {
768 *need = sizeof(struct bus_header) + 8;
770 /* Minimum message size:
774 * Method Call: +2 string headers
775 * Signal: +3 string headers
776 * Method Error: +1 string headers
778 * Method Reply: +1 uint32 headers
780 * A string header is at least 9 bytes
781 * A uint32 header is at least 8 bytes
783 * Hence the minimum message size of a valid message
784 * is header + 8 bytes */
789 a = ((const uint32_t*) bus->rbuffer)[1];
790 b = ((const uint32_t*) bus->rbuffer)[3];
792 e = ((const uint8_t*) bus->rbuffer)[0];
793 if (e == SD_BUS_LITTLE_ENDIAN) {
796 } else if (e == SD_BUS_BIG_ENDIAN) {
802 sum = (uint64_t) sizeof(struct bus_header) + (uint64_t) ALIGN_TO(b, 8) + (uint64_t) a;
803 if (sum >= BUS_MESSAGE_SIZE_MAX)
806 *need = (size_t) sum;
810 static int bus_socket_make_message(sd_bus *bus, size_t size, sd_bus_message **m) {
817 assert(bus->rbuffer_size >= size);
818 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
820 if (bus->rbuffer_size > size) {
821 b = memdup((const uint8_t*) bus->rbuffer + size,
822 bus->rbuffer_size - size);
828 r = bus_message_from_malloc(bus->rbuffer, size,
829 bus->fds, bus->n_fds,
830 bus->ucred_valid ? &bus->ucred : NULL,
831 bus->label[0] ? bus->label : NULL,
839 bus->rbuffer_size -= size;
848 int bus_socket_read_message(sd_bus *bus, sd_bus_message **m) {
856 struct cmsghdr cmsghdr;
857 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX) +
858 CMSG_SPACE(sizeof(struct ucred)) +
859 CMSG_SPACE(NAME_MAX)]; /*selinux label */
861 struct cmsghdr *cmsg;
866 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
868 r = bus_socket_read_message_need(bus, &need);
872 if (bus->rbuffer_size >= need)
873 return bus_socket_make_message(bus, need, m);
875 b = realloc(bus->rbuffer, need);
882 iov.iov_base = (uint8_t*) bus->rbuffer + bus->rbuffer_size;
883 iov.iov_len = need - bus->rbuffer_size;
885 if (bus->prefer_readv)
886 k = readv(bus->input_fd, &iov, 1);
891 mh.msg_control = &control;
892 mh.msg_controllen = sizeof(control);
894 k = recvmsg(bus->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
895 if (k < 0 && errno == ENOTSOCK) {
896 bus->prefer_readv = true;
897 k = readv(bus->input_fd, &iov, 1);
902 return errno == EAGAIN ? 0 : -errno;
906 bus->rbuffer_size += k;
909 for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) {
910 if (cmsg->cmsg_level == SOL_SOCKET &&
911 cmsg->cmsg_type == SCM_RIGHTS) {
914 n = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
917 /* Whut? We received fds but this
918 * isn't actually enabled? Close them,
921 close_many((int*) CMSG_DATA(cmsg), n);
925 f = realloc(bus->fds, sizeof(int) + (bus->n_fds + n));
927 close_many((int*) CMSG_DATA(cmsg), n);
931 memcpy(f + bus->n_fds, CMSG_DATA(cmsg), n * sizeof(int));
934 } else if (cmsg->cmsg_level == SOL_SOCKET &&
935 cmsg->cmsg_type == SCM_CREDENTIALS &&
936 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
938 memcpy(&bus->ucred, CMSG_DATA(cmsg), sizeof(struct ucred));
939 bus->ucred_valid = true;
941 } else if (cmsg->cmsg_level == SOL_SOCKET &&
942 cmsg->cmsg_type == SCM_SECURITY) {
945 l = cmsg->cmsg_len - CMSG_LEN(0);
946 memcpy(&bus->label, CMSG_DATA(cmsg), l);
952 r = bus_socket_read_message_need(bus, &need);
956 if (bus->rbuffer_size >= need)
957 return bus_socket_make_message(bus, need, m);
962 int bus_socket_process_opening(sd_bus *b) {
964 socklen_t slen = sizeof(error);
969 assert(b->state == BUS_OPENING);
979 if (!(p.revents & (POLLOUT|POLLERR|POLLHUP)))
982 r = getsockopt(b->output_fd, SOL_SOCKET, SO_ERROR, &error, &slen);
984 b->last_connect_error = errno;
986 b->last_connect_error = error;
987 else if (p.revents & (POLLERR|POLLHUP))
988 b->last_connect_error = ECONNREFUSED;
990 return bus_socket_start_auth(b);
992 return bus_next_address(b);
995 int bus_socket_process_authenticating(sd_bus *b) {
999 assert(b->state == BUS_AUTHENTICATING);
1001 if (now(CLOCK_MONOTONIC) >= b->auth_timeout)
1004 r = bus_socket_write_auth(b);
1008 return bus_socket_read_auth(b);