return 0;
}
-int bus_message_from_malloc(void *buffer, size_t length, sd_bus_message **ret) {
+int bus_message_from_malloc(
+ void *buffer,
+ size_t length,
+ struct ucred *ucred,
+ const char *label,
+ sd_bus_message **ret) {
+
sd_bus_message *m;
struct bus_header *h;
- size_t total, fs, bs;
+ size_t total, fs, bs, label_sz, a;
int r;
assert(buffer || length <= 0);
if (length != total)
return -EBADMSG;
- m = new0(sd_bus_message, 1);
+ if (label) {
+ label_sz = strlen(label);
+ a = ALIGN(sizeof(sd_bus_message)) + label_sz + 1;
+ } else
+ a = sizeof(sd_bus_message);
+
+ m = malloc0(a);
if (!m)
return -ENOMEM;
m->body = (uint8_t*) buffer + sizeof(struct bus_header) + ALIGN_TO(fs, 8);
m->sealed = true;
+ if (ucred) {
+ m->uid = ucred->uid;
+ m->pid = ucred->pid;
+ m->gid = ucred->gid;
+ m->uid_valid = m->gid_valid = true;
+ }
+
+ if (label) {
+ m->label = (char*) m + ALIGN(sizeof(sd_bus_message));
+ memcpy(m->label, label, label_sz + 1);
+ }
+
m->n_iovec = 1;
m->iovec[0].iov_base = buffer;
m->iovec[0].iov_len = length;
return 0;
}
+const char *sd_bus_message_get_label(sd_bus_message *m) {
+ if (!m)
+ return NULL;
+
+ return m->label;
+}
+
int sd_bus_message_is_signal(sd_bus_message *m, const char *interface, const char *member) {
if (!m)
return -EINVAL;
#include "util.h"
#include "macro.h"
+#include "missing.h"
#include "sd-bus.h"
#include "bus-internal.h"
return 1;
}
+static int bus_setup_fd(sd_bus *b) {
+ int one;
+
+ assert(b);
+
+ /* Enable SO_PASSCRED + SO_PASSEC. We try this on any socket,
+ * just in case. This is actually irrelavant for */
+ one = 1;
+ setsockopt(b->fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
+ setsockopt(b->fd, SOL_SOCKET, SO_PASSSEC, &one, sizeof(one));
+
+ /* Increase the buffers to a MB */
+ fd_inc_rcvbuf(b->fd, 1024*1024);
+ fd_inc_sndbuf(b->fd, 1024*1024);
+
+ return 0;
+}
+
static int bus_start_auth(sd_bus *b) {
static const char auth_prefix[] = "\0AUTH EXTERNAL ";
static const char auth_suffix[] = "\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n";
b->fd = socket(b->sockaddr.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
if (b->fd < 0) {
b->last_connect_error = errno;
- zero(b->sockaddr);
- continue;
+ goto try_again;
+ }
+
+ r = bus_setup_fd(b);
+ if (r < 0) {
+ b->last_connect_error = errno;
+ goto try_again;
}
r = connect(b->fd, &b->sockaddr.sa, b->sockaddr_size);
return 1;
b->last_connect_error = errno;
- close_nointr_nofail(b->fd);
- b->fd = -1;
- zero(b->sockaddr);
- continue;
+ goto try_again;
}
return bus_start_auth(b);
+
+ try_again:
+ zero(b->sockaddr);
+
+ if (b->fd >= 0) {
+ close_nointr_nofail(b->fd);
+ b->fd = -1;
+ }
}
}
return -ENOMEM;
b->fd = fd;
- fd_nonblock(b->fd, true);
+
+ r = fd_nonblock(b->fd, true);
+ if (r < 0)
+ goto fail;
+
fd_cloexec(b->fd, true);
+ if (r < 0)
+ goto fail;
+
+ r = bus_setup_fd(b);
+ if (r < 0)
+ goto fail;
r = bus_start_auth(b);
- if (r < 0) {
- bus_free(b);
- return r;
- }
+ if (r < 0)
+ goto fail;
*ret = b;
return 0;
+
+fail:
+ bus_free(b);
+ return r;
}
void sd_bus_close(sd_bus *bus) {
}
}
- r = bus_message_from_malloc(bus->rbuffer, size, &t);
+ r = bus_message_from_malloc(bus->rbuffer, size,
+ bus->ucred_valid ? &bus->ucred : NULL,
+ bus->label[0] ? bus->label : NULL, &t);
if (r < 0) {
free(b);
return r;
size_t need;
int r;
void *b;
+ union {
+ struct cmsghdr cmsghdr;
+ uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) +
+ CMSG_SPACE(NAME_MAX)]; /*selinux label */
+ } control;
+ struct cmsghdr *cmsg;
assert(bus);
assert(m);
zero(mh);
mh.msg_iov = &iov;
mh.msg_iovlen = 1;
+ mh.msg_control = &control;
+ mh.msg_controllen = sizeof(control);
- k = recvmsg(bus->fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
+ k = recvmsg(bus->fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
if (k < 0)
return errno == EAGAIN ? 0 : -errno;
bus->rbuffer_size += k;
+ bus->ucred_valid = false;
+ bus->label[0] = 0;
+
+ for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) {
+ if (cmsg->cmsg_level == SOL_SOCKET &&
+ cmsg->cmsg_type == SCM_CREDENTIALS &&
+ cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
+
+ memcpy(&bus->ucred, CMSG_DATA(cmsg), sizeof(struct ucred));
+ bus->ucred_valid = true;
+
+ } else if (cmsg->cmsg_level == SOL_SOCKET &&
+ cmsg->cmsg_type == SCM_SECURITY) {
+
+ size_t l;
+ l = cmsg->cmsg_len - CMSG_LEN(0);
+ memcpy(&bus->label, CMSG_DATA(cmsg), l);
+ bus->label[l] = 0;
+ }
+ }
r = message_read_need(bus, &need);
if (r < 0)
~ianmdlvl / elogind.git / commitdiff