* libsystemd-bus:
- default policy (allow uid == 0 and our own uid)
- enforce alignment of pointers passed in
- - negotiation for attach attributes
- when kdbus doesn't take our message without memfds, try again with memfds
- kdbus: generate correct bloom filter for matches
- implement translator service
- port systemd to new library
- implement busname unit type in systemd
- move to gvariant
- - keep the connection fds around as long as the bus is open
- merge busctl into systemctl or so?
- synthesize sd_bus_message objects from kernel messages
int message_version;
bool is_kernel:1;
- bool negotiate_fds:1;
bool can_fds:1;
bool bus_client:1;
bool ucred_valid:1;
unsigned n_memfd_cache;
pid_t original_pid;
+
+ uint64_t hello_flags;
};
static inline void bus_unrefp(sd_bus **b) {
}
hello->size = sizeof(h);
- hello->conn_flags =
- KDBUS_HELLO_ACCEPT_FD|
- KDBUS_HELLO_ATTACH_COMM|
- KDBUS_HELLO_ATTACH_EXE|
- KDBUS_HELLO_ATTACH_CMDLINE|
- KDBUS_HELLO_ATTACH_CGROUP|
- KDBUS_HELLO_ATTACH_CAPS|
- KDBUS_HELLO_ATTACH_SECLABEL|
- KDBUS_HELLO_ATTACH_AUDIT;
+ hello->conn_flags = b->hello_flags;
hello->items[0].type = KDBUS_HELLO_POOL;
hello->items[0].size = KDBUS_ITEM_HEADER_SIZE + sizeof(struct kdbus_vec);
b->is_kernel = true;
b->bus_client = true;
- b->can_fds = true;
+ b->can_fds = !!(hello->conn_flags & KDBUS_HELLO_ACCEPT_FD);
r = bus_start_running(b);
if (r < 0)
if (!e)
return 0;
- if (b->negotiate_fds) {
+ if (b->hello_flags & KDBUS_HELLO_ACCEPT_FD) {
f = memmem(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2);
if (!f)
return 0;
r = bus_socket_auth_write_ok(b);
}
} else if (line_equals(line, l, "NEGOTIATE_UNIX_FD")) {
- if (b->auth == _BUS_AUTH_INVALID || !b->negotiate_fds)
+ if (b->auth == _BUS_AUTH_INVALID || !(b->hello_flags & KDBUS_HELLO_ACCEPT_FD))
r = bus_socket_auth_write(b, "ERROR\r\n");
else {
b->can_fds = true;
* socket, just in case. */
enable = !b->bus_client;
setsockopt(b->input_fd, SOL_SOCKET, SO_PASSCRED, &enable, sizeof(enable));
+
+ enable = !b->bus_client && (b->hello_flags & KDBUS_HELLO_ATTACH_SECLABEL);
setsockopt(b->input_fd, SOL_SOCKET, SO_PASSSEC, &enable, sizeof(enable));
/* Increase the buffers to a MB */
if (!b->auth_buffer)
return -ENOMEM;
- if (b->negotiate_fds)
+ if (b->hello_flags & KDBUS_HELLO_ACCEPT_FD)
auth_suffix = "\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n";
else
auth_suffix = "\r\nBEGIN\r\n";
b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_DEFAULT_TIMEOUT;
if (sd_is_socket(b->input_fd, AF_UNIX, 0, 0) <= 0)
- b->negotiate_fds = false;
+ b->hello_flags &= ~KDBUS_HELLO_ACCEPT_FD;
if (b->output_fd != b->input_fd)
if (sd_is_socket(b->output_fd, AF_UNIX, 0, 0) <= 0)
- b->negotiate_fds = false;
+ b->hello_flags &= ~KDBUS_HELLO_ACCEPT_FD;
if (b->is_server)
return bus_socket_read_auth(b);
r->n_ref = REFCNT_INIT;
r->input_fd = r->output_fd = -1;
r->message_version = 1;
- r->negotiate_fds = true;
+ r->hello_flags |= KDBUS_HELLO_ACCEPT_FD;
r->original_pid = getpid();
assert_se(pthread_mutex_init(&r->memfd_cache_mutex, NULL) == 0);
return 0;
}
-int sd_bus_set_negotiate_fds(sd_bus *bus, int b) {
+int sd_bus_negotiate_fds(sd_bus *bus, int b) {
if (!bus)
return -EINVAL;
if (bus->state != BUS_UNSET)
if (bus_pid_changed(bus))
return -ECHILD;
- bus->negotiate_fds = !!b;
+ SET_FLAG(bus->hello_flags, KDBUS_HELLO_ACCEPT_FD, b);
+ return 0;
+}
+
+int sd_bus_negotiate_attach_comm(sd_bus *bus, int b) {
+ if (!bus)
+ return -EINVAL;
+ if (bus->state != BUS_UNSET)
+ return -EPERM;
+ if (bus_pid_changed(bus))
+ return -ECHILD;
+
+ SET_FLAG(bus->hello_flags, KDBUS_HELLO_ATTACH_COMM, b);
+ return 0;
+}
+
+int sd_bus_negotiate_attach_exe(sd_bus *bus, int b) {
+ if (!bus)
+ return -EINVAL;
+ if (bus->state != BUS_UNSET)
+ return -EPERM;
+ if (bus_pid_changed(bus))
+ return -ECHILD;
+
+ SET_FLAG(bus->hello_flags, KDBUS_HELLO_ATTACH_EXE, b);
+ return 0;
+}
+
+int sd_bus_negotiate_attach_cmdline(sd_bus *bus, int b) {
+ if (!bus)
+ return -EINVAL;
+ if (bus->state != BUS_UNSET)
+ return -EPERM;
+ if (bus_pid_changed(bus))
+ return -ECHILD;
+
+ SET_FLAG(bus->hello_flags, KDBUS_HELLO_ATTACH_CMDLINE, b);
+ return 0;
+}
+
+int sd_bus_negotiate_attach_cgroup(sd_bus *bus, int b) {
+ if (!bus)
+ return -EINVAL;
+ if (bus->state != BUS_UNSET)
+ return -EPERM;
+ if (bus_pid_changed(bus))
+ return -ECHILD;
+
+ SET_FLAG(bus->hello_flags, KDBUS_HELLO_ATTACH_CGROUP, b);
+ return 0;
+}
+
+int sd_bus_negotiate_attach_caps(sd_bus *bus, int b) {
+ if (!bus)
+ return -EINVAL;
+ if (bus->state != BUS_UNSET)
+ return -EPERM;
+ if (bus_pid_changed(bus))
+ return -ECHILD;
+
+ SET_FLAG(bus->hello_flags, KDBUS_HELLO_ATTACH_CAPS, b);
+ return 0;
+}
+
+int sd_bus_negotiate_attach_selinux_context(sd_bus *bus, int b) {
+ if (!bus)
+ return -EINVAL;
+ if (bus->state != BUS_UNSET)
+ return -EPERM;
+ if (bus_pid_changed(bus))
+ return -ECHILD;
+
+ SET_FLAG(bus->hello_flags, KDBUS_HELLO_ATTACH_SECLABEL, b);
+ return 0;
+}
+
+int sd_bus_negotiate_attach_audit(sd_bus *bus, int b) {
+ if (!bus)
+ return -EINVAL;
+ if (bus->state != BUS_UNSET)
+ return -EPERM;
+ if (bus_pid_changed(bus))
+ return -ECHILD;
+
+ SET_FLAG(bus->hello_flags, KDBUS_HELLO_ATTACH_AUDIT, b);
return 0;
}
return -ECHILD;
if (type == SD_BUS_TYPE_UNIX_FD) {
- if (!bus->negotiate_fds)
+ if (!(bus->hello_flags & KDBUS_HELLO_ACCEPT_FD))
return 0;
r = bus_ensure_running(bus);
r = sd_bus_set_address(b, address);
assert_se(r >= 0);
+ assert_se(sd_bus_negotiate_attach_comm(a, 1) >= 0);
+ assert_se(sd_bus_negotiate_attach_exe(a, 1) >= 0);
+ assert_se(sd_bus_negotiate_attach_cmdline(a, 1) >= 0);
+ assert_se(sd_bus_negotiate_attach_cgroup(a, 1) >= 0);
+ assert_se(sd_bus_negotiate_attach_caps(a, 1) >= 0);
+ assert_se(sd_bus_negotiate_attach_selinux_context(a, 1) >= 0);
+ assert_se(sd_bus_negotiate_attach_audit(a, 1) >= 0);
+
+ assert_se(sd_bus_negotiate_attach_comm(b, 1) >= 0);
+ assert_se(sd_bus_negotiate_attach_exe(b, 1) >= 0);
+ assert_se(sd_bus_negotiate_attach_cmdline(b, 1) >= 0);
+ assert_se(sd_bus_negotiate_attach_cgroup(b, 1) >= 0);
+ assert_se(sd_bus_negotiate_attach_caps(b, 1) >= 0);
+ assert_se(sd_bus_negotiate_attach_selinux_context(b, 1) >= 0);
+ assert_se(sd_bus_negotiate_attach_audit(b, 1) >= 0);
+
r = sd_bus_start(a);
assert_se(r >= 0);
assert_se(sd_bus_new(&bus) >= 0);
assert_se(sd_bus_set_fd(bus, c->fds[0], c->fds[0]) >= 0);
assert_se(sd_bus_set_server(bus, 1, id) >= 0);
- assert_se(sd_bus_set_negotiate_fds(bus, c->server_negotiate_unix_fds) >= 0);
assert_se(sd_bus_set_anonymous(bus, c->server_anonymous_auth) >= 0);
+ assert_se(sd_bus_negotiate_fds(bus, c->server_negotiate_unix_fds) >= 0);
assert_se(sd_bus_start(bus) >= 0);
while (!quit) {
assert_se(sd_bus_new(&bus) >= 0);
assert_se(sd_bus_set_fd(bus, c->fds[1], c->fds[1]) >= 0);
- assert_se(sd_bus_set_negotiate_fds(bus, c->client_negotiate_unix_fds) >= 0);
+ assert_se(sd_bus_negotiate_fds(bus, c->client_negotiate_unix_fds) >= 0);
assert_se(sd_bus_set_anonymous(bus, c->client_anonymous_auth) >= 0);
assert_se(sd_bus_start(bus) >= 0);
sizeof(type) <= 4 ? 10 : \
sizeof(type) <= 8 ? 20 : sizeof(int[-2*(sizeof(type) > 8)])))
+#define SET_FLAG(v, flag, b) \
+ (v) = (b) ? ((v) | (flag)) : ((v) & ~(flag))
+
#include "log.h"
goto finish;
}
- r = sd_bus_set_negotiate_fds(a, is_unix);
+ r = sd_bus_negotiate_fds(a, is_unix);
if (r < 0) {
log_error("Failed to set FD negotiation: %s", strerror(-r));
goto finish;
goto finish;
}
- r = sd_bus_set_negotiate_fds(b, is_unix);
+ r = sd_bus_negotiate_fds(b, is_unix);
if (r < 0) {
log_error("Failed to set FD negotiation: %s", strerror(-r));
goto finish;
int sd_bus_set_bus_client(sd_bus *bus, int b);
int sd_bus_set_server(sd_bus *bus, int b, sd_id128_t server_id);
int sd_bus_set_anonymous(sd_bus *bus, int b);
-int sd_bus_set_negotiate_fds(sd_bus *bus, int b);
+int sd_bus_negotiate_fds(sd_bus *bus, int b);
+int sd_bus_negotiate_attach_comm(sd_bus *bus, int b);
+int sd_bus_negotiate_attach_exe(sd_bus *bus, int b);
+int sd_bus_negotiate_attach_cmdline(sd_bus *bus, int b);
+int sd_bus_negotiate_attach_cgroup(sd_bus *bus, int b);
+int sd_bus_negotiate_attach_caps(sd_bus *bus, int b);
+int sd_bus_negotiate_attach_selinux_context(sd_bus *bus, int b);
+int sd_bus_negotiate_attach_audit(sd_bus *bus, int b);
int sd_bus_start(sd_bus *ret);
void sd_bus_close(sd_bus *bus);