From: Lennart Poettering Date: Sat, 30 Mar 2013 14:21:06 +0000 (+0100) Subject: bus: implement server mode, and anonymous authentication X-Git-Tag: v201~133 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=2181a7f558eb52a22f09f8add9ac0abb4f2ee016 bus: implement server mode, and anonymous authentication --- diff --git a/Makefile.am b/Makefile.am index 92bd54276..e599da9b5 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1693,7 +1693,8 @@ noinst_LTLIBRARIES += \ noinst_tests += \ test-bus-marshal \ test-bus-signature \ - test-bus-chat + test-bus-chat \ + test-bus-server noinst_PROGRAMS += \ busctl @@ -1731,6 +1732,18 @@ test_bus_chat_LDADD = \ libsystemd-bus.la \ libsystemd-id128-internal.la +test_bus_server_SOURCES = \ + src/libsystemd-bus/test-bus-server.c + +test_bus_server_CFLAGS = \ + $(AM_CFLAGS) \ + -pthread + +test_bus_server_LDADD = \ + libsystemd-shared.la \ + libsystemd-bus.la \ + libsystemd-id128-internal.la + busctl_SOURCES = \ src/libsystemd-bus/busctl.c diff --git a/src/libsystemd-bus/bus-internal.h b/src/libsystemd-bus/bus-internal.h index 345e6568d..76b90ea3a 100644 --- a/src/libsystemd-bus/bus-internal.h +++ b/src/libsystemd-bus/bus-internal.h @@ -64,6 +64,12 @@ enum bus_state { BUS_RUNNING }; +enum bus_auth { + _BUS_AUTH_INVALID, + BUS_AUTH_EXTERNAL, + BUS_AUTH_ANONYMOUS +}; + struct sd_bus { unsigned n_ref; enum bus_state state; @@ -74,6 +80,8 @@ struct sd_bus { bool can_fds:1; bool bus_client:1; bool ucred_valid:1; + bool is_server:1; + bool anonymous_auth:1; void *rbuffer; size_t rbuffer_size; @@ -109,10 +117,11 @@ struct sd_bus { int last_connect_error; + enum bus_auth auth; + size_t auth_rbegin; struct iovec auth_iovec[3]; unsigned auth_index; - size_t auth_size; - char *auth_uid; + char *auth_buffer; usec_t auth_timeout; struct ucred ucred; diff --git a/src/libsystemd-bus/bus-socket.c b/src/libsystemd-bus/bus-socket.c index de823d582..cb1e94283 100644 --- a/src/libsystemd-bus/bus-socket.c +++ b/src/libsystemd-bus/bus-socket.c @@ -30,13 +30,14 @@ #include "macro.h" #include "missing.h" #include "strv.h" +#include "utf8.h" #include "sd-bus.h" #include "bus-socket.h" #include "bus-internal.h" #include "bus-message.h" -static void iovec_advance(struct iovec *iov, unsigned *idx, size_t size) { +static void iovec_advance(struct iovec iov[], unsigned *idx, size_t size) { while (size > 0) { struct iovec *i = iov + *idx; @@ -56,6 +57,23 @@ static void iovec_advance(struct iovec *iov, unsigned *idx, size_t size) { } } +bool bus_socket_auth_needs_write(sd_bus *b) { + + unsigned i; + + if (b->auth_index >= ELEMENTSOF(b->auth_iovec)) + return false; + + for (i = b->auth_index; i < ELEMENTSOF(b->auth_iovec); i++) { + struct iovec *j = b->auth_iovec + i; + + if (j->iov_len > 0) + return true; + } + + return false; +} + static int bus_socket_write_auth(sd_bus *b) { struct msghdr mh; ssize_t k; @@ -63,12 +81,9 @@ static int bus_socket_write_auth(sd_bus *b) { assert(b); assert(b->state == BUS_AUTHENTICATING); - if (b->auth_index >= ELEMENTSOF(b->auth_iovec)) + if (!bus_socket_auth_needs_write(b)) return 0; - if (b->auth_timeout == 0) - b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_DEFAULT_TIMEOUT; - zero(mh); mh.msg_iov = b->auth_iovec + b->auth_index; mh.msg_iovlen = ELEMENTSOF(b->auth_iovec) - b->auth_index; @@ -82,12 +97,14 @@ static int bus_socket_write_auth(sd_bus *b) { return 1; } -static int bus_socket_auth_verify(sd_bus *b) { +static int bus_socket_auth_verify_client(sd_bus *b) { char *e, *f, *start; sd_id128_t peer; unsigned i; int r; + assert(b); + /* We expect two response lines: "OK" and possibly * "AGREE_UNIX_FD" */ @@ -115,6 +132,8 @@ static int bus_socket_auth_verify(sd_bus *b) { if (memcmp(b->rbuffer, "OK ", 3)) return -EPERM; + b->auth = b->anonymous_auth ? BUS_AUTH_ANONYMOUS : BUS_AUTH_EXTERNAL; + for (i = 0; i < 32; i += 2) { int x, y; @@ -150,6 +169,254 @@ static int bus_socket_auth_verify(sd_bus *b) { return 1; } +static bool line_equals(const char *s, size_t m, const char *line) { + size_t l; + + l = strlen(line); + if (l != m) + return false; + + return memcmp(s, line, l) == 0; +} + +static bool line_begins(const char *s, size_t m, const char *word) { + size_t l; + + l = strlen(word); + if (m < l) + return false; + + if (memcmp(s, word, l) != 0) + return false; + + return m == l || (m > l && s[l] == ' '); +} + +static int verify_anonymous_token(sd_bus *b, const char *p, size_t l) { + _cleanup_free_ char *token = NULL; + + if (!b->anonymous_auth) + return 0; + + if (l <= 0) + return 1; + + assert(p[0] == ' '); + p++; l--; + + if (l % 2 != 0) + return 0; + token = unhexmem(p, l); + if (!token) + return -ENOMEM; + + if (memchr(token, 0, l/2)) + return 0; + + return !!utf8_is_valid(token); +} + +static int verify_external_token(sd_bus *b, const char *p, size_t l) { + _cleanup_free_ char *token = NULL; + uid_t u; + int r; + + /* We don't do any real authentication here. Instead, we if + * the owner of this bus wanted authentication he should have + * checked SO_PEERCRED before even creating the bus object. */ + + if (!b->ucred_valid) + return 0; + + if (l <= 0) + return 1; + + assert(p[0] == ' '); + p++; l--; + + if (l % 2 != 0) + return 0; + + token = unhexmem(p, l); + if (!token) + return -ENOMEM; + + if (memchr(token, 0, l/2)) + return 0; + + r = parse_uid(token, &u); + if (r < 0) + return 0; + + if (u != b->ucred.uid) + return 0; + + return 1; +} + +static int bus_socket_auth_write(sd_bus *b, const char *t) { + char *p; + size_t l; + + assert(b); + assert(t); + + /* We only make use of the first iovec */ + assert(b->auth_index == 0 || b->auth_index == 1); + + l = strlen(t); + p = malloc(b->auth_iovec[0].iov_len + l); + if (!p) + return -ENOMEM; + + memcpy(p, b->auth_iovec[0].iov_base, b->auth_iovec[0].iov_len); + memcpy(p + b->auth_iovec[0].iov_len, t, l); + + b->auth_iovec[0].iov_base = p; + b->auth_iovec[0].iov_len += l; + + free(b->auth_buffer); + b->auth_buffer = p; + b->auth_index = 0; + return 0; +} + +static int bus_socket_auth_write_ok(sd_bus *b) { + char t[3 + 32 + 2 + 1]; + + assert(b); + + snprintf(t, sizeof(t), "OK " SD_ID128_FORMAT_STR "\r\n", SD_ID128_FORMAT_VAL(b->peer)); + char_array_0(t); + + return bus_socket_auth_write(b, t); +} + +static int bus_socket_auth_verify_server(sd_bus *b) { + char *e; + const char *line; + size_t l; + bool processed = false; + int r; + + assert(b); + + if (b->rbuffer_size < 3) + return 0; + + /* First char must be a NUL byte */ + if (*(char*) b->rbuffer != 0) + return -EIO; + + /* Begin with the first line */ + if (b->auth_rbegin <= 0) + b->auth_rbegin = 1; + + for (;;) { + /* Check if line is complete */ + line = (char*) b->rbuffer + b->auth_rbegin; + e = memmem(line, b->rbuffer_size - b->auth_rbegin, "\r\n", 2); + if (!e) + return processed; + + l = e - line; + + if (line_begins(line, l, "AUTH ANONYMOUS")) { + + r = verify_anonymous_token(b, line + 14, l - 14); + if (r < 0) + return r; + if (r == 0) + r = bus_socket_auth_write(b, "REJECTED\r\n"); + else { + b->auth = BUS_AUTH_ANONYMOUS; + r = bus_socket_auth_write_ok(b); + } + + } else if (line_begins(line, l, "AUTH EXTERNAL")) { + + r = verify_external_token(b, line + 13, l - 13); + if (r < 0) + return r; + if (r == 0) + r = bus_socket_auth_write(b, "REJECTED\r\n"); + else { + b->auth = BUS_AUTH_EXTERNAL; + r = bus_socket_auth_write_ok(b); + } + + } else if (line_begins(line, l, "AUTH")) + r = bus_socket_auth_write(b, "REJECTED EXTERNAL ANONYMOUS\r\n"); + else if (line_equals(line, l, "CANCEL") || + line_begins(line, l, "ERROR")) { + + b->auth = _BUS_AUTH_INVALID; + r = bus_socket_auth_write(b, "REJECTED\r\n"); + + } else if (line_equals(line, l, "BEGIN")) { + + if (b->auth == _BUS_AUTH_INVALID) + r = bus_socket_auth_write(b, "ERROR\r\n"); + else { + /* We can't leave from the auth phase + * before we haven't written + * everything queued, so let's check + * that */ + + if (bus_socket_auth_needs_write(b)) + return 1; + + b->rbuffer_size -= (e + 2 - (char*) b->rbuffer); + memmove(b->rbuffer, e + 2, b->rbuffer_size); + return bus_start_running(b); + } + + } else if (line_begins(line, l, "DATA")) { + + if (b->auth == _BUS_AUTH_INVALID) + r = bus_socket_auth_write(b, "ERROR\r\n"); + else { + if (b->auth == BUS_AUTH_ANONYMOUS) + r = verify_anonymous_token(b, line + 4, l - 4); + else + r = verify_external_token(b, line + 4, l - 4); + + if (r < 0) + return r; + if (r == 0) { + b->auth = _BUS_AUTH_INVALID; + r = bus_socket_auth_write(b, "REJECTED\r\n"); + } else + r = bus_socket_auth_write_ok(b); + } + } else if (line_equals(line, l, "NEGOTIATE_UNIX_FD")) { + if (b->auth == _BUS_AUTH_INVALID || !b->negotiate_fds) + r = bus_socket_auth_write(b, "ERROR\r\n"); + else { + b->can_fds = true; + r = bus_socket_auth_write(b, "AGREE_UNIX_FD\r\n"); + } + } else + r = bus_socket_auth_write(b, "ERROR\r\n"); + + if (r < 0) + return r; + + b->auth_rbegin = e + 2 - (char*) b->rbuffer; + + processed = true; + } +} + +static int bus_socket_auth_verify(sd_bus *b) { + assert(b); + + if (b->is_server) + return bus_socket_auth_verify_server(b); + else + return bus_socket_auth_verify_client(b); +} + static int bus_socket_read_auth(sd_bus *b) { struct msghdr mh; struct iovec iov; @@ -157,14 +424,22 @@ static int bus_socket_read_auth(sd_bus *b) { ssize_t k; int r; void *p; + union { + struct cmsghdr cmsghdr; + uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX) + + CMSG_SPACE(sizeof(struct ucred)) + + CMSG_SPACE(NAME_MAX)]; /*selinux label */ + } control; + struct cmsghdr *cmsg; assert(b); + assert(b->state == BUS_AUTHENTICATING); r = bus_socket_auth_verify(b); if (r != 0) return r; - n = MAX(3 + 32 + 2 + sizeof("AGREE_UNIX_FD") - 1 + 2, b->rbuffer_size * 2); + n = MAX(256, b->rbuffer_size * 2); if (n > BUS_AUTH_SIZE_MAX) n = BUS_AUTH_SIZE_MAX; @@ -185,8 +460,10 @@ static int bus_socket_read_auth(sd_bus *b) { zero(mh); mh.msg_iov = &iov; mh.msg_iovlen = 1; + mh.msg_control = &control; + mh.msg_controllen = sizeof(control); - k = recvmsg(b->fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL); + k = recvmsg(b->fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC); if (k < 0) return errno == EAGAIN ? 0 : -errno; if (k == 0) @@ -194,6 +471,35 @@ static int bus_socket_read_auth(sd_bus *b) { b->rbuffer_size += k; + for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) { + if (cmsg->cmsg_level == SOL_SOCKET && + cmsg->cmsg_type == SCM_RIGHTS) { + int j; + + /* Whut? We received fds during the auth + * protocol? Somebody is playing games with + * us. Close them all, and fail */ + j = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int); + close_many((int*) CMSG_DATA(cmsg), j); + return -EIO; + + } else if (cmsg->cmsg_level == SOL_SOCKET && + cmsg->cmsg_type == SCM_CREDENTIALS && + cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) { + + memcpy(&b->ucred, CMSG_DATA(cmsg), sizeof(struct ucred)); + b->ucred_valid = true; + + } else if (cmsg->cmsg_level == SOL_SOCKET && + cmsg->cmsg_type == SCM_SECURITY) { + + size_t l; + l = cmsg->cmsg_len - CMSG_LEN(0); + memcpy(&b->label, CMSG_DATA(cmsg), l); + b->label[l] = 0; + } + } + r = bus_socket_auth_verify(b); if (r != 0) return r; @@ -219,50 +525,71 @@ static int bus_socket_setup(sd_bus *b) { return 0; } -static int bus_socket_start_auth(sd_bus *b) { - static const char auth_prefix[] = "\0AUTH EXTERNAL "; - static const char auth_suffix_with_unix_fd[] = "\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n"; - static const char auth_suffix_without_unix_fd[] = "\r\nBEGIN\r\n"; - - char text[20 + 1]; /* enough space for a 64bit integer plus NUL */ +static int bus_socket_start_auth_client(sd_bus *b) { size_t l; - const char *auth_suffix; - int domain = 0, r; - socklen_t sl; + const char *auth_suffix, *auth_prefix; assert(b); - b->state = BUS_AUTHENTICATING; + if (b->anonymous_auth) { + auth_prefix = "\0AUTH ANONYMOUS "; - sl = sizeof(domain); - r = getsockopt(b->fd, SOL_SOCKET, SO_DOMAIN, &domain, &sl); - if (r < 0) - return -errno; + /* For ANONYMOUS auth we send some arbitrary "trace" string */ + l = 9; + b->auth_buffer = hexmem("anonymous", l); + } else { + char text[20 + 1]; /* enough space for a 64bit integer plus NUL */ - if (domain != AF_UNIX) - b->negotiate_fds = false; + auth_prefix = "\0AUTH EXTERNAL "; - snprintf(text, sizeof(text), "%llu", (unsigned long long) geteuid()); - char_array_0(text); + snprintf(text, sizeof(text), "%lu", (unsigned long) geteuid()); + char_array_0(text); - l = strlen(text); - b->auth_uid = hexmem(text, l); - if (!b->auth_uid) + l = strlen(text); + b->auth_buffer = hexmem(text, l); + } + + if (!b->auth_buffer) return -ENOMEM; - auth_suffix = b->negotiate_fds ? auth_suffix_with_unix_fd : auth_suffix_without_unix_fd; + if (b->negotiate_fds) + auth_suffix = "\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n"; + else + auth_suffix = "\r\nBEGIN\r\n"; b->auth_iovec[0].iov_base = (void*) auth_prefix; - b->auth_iovec[0].iov_len = sizeof(auth_prefix) -1; - b->auth_iovec[1].iov_base = (void*) b->auth_uid; + b->auth_iovec[0].iov_len = 1 + strlen(auth_prefix + 1); + b->auth_iovec[1].iov_base = (void*) b->auth_buffer; b->auth_iovec[1].iov_len = l * 2; b->auth_iovec[2].iov_base = (void*) auth_suffix; b->auth_iovec[2].iov_len = strlen(auth_suffix); - b->auth_size = sizeof(auth_prefix) - 1 + l * 2 + sizeof(auth_suffix) - 1; return bus_socket_write_auth(b); } +static int bus_socket_start_auth(sd_bus *b) { + int domain = 0, r; + socklen_t sl; + + assert(b); + + b->state = BUS_AUTHENTICATING; + b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_DEFAULT_TIMEOUT; + + sl = sizeof(domain); + r = getsockopt(b->fd, SOL_SOCKET, SO_DOMAIN, &domain, &sl); + if (r < 0) + return -errno; + + if (domain != AF_UNIX) + b->negotiate_fds = false; + + if (b->is_server) + return bus_socket_read_auth(b); + else + return bus_socket_start_auth_client(b); +} + int bus_socket_connect(sd_bus *b) { int r; diff --git a/src/libsystemd-bus/bus-socket.h b/src/libsystemd-bus/bus-socket.h index 3656a442a..a9c43f82d 100644 --- a/src/libsystemd-bus/bus-socket.h +++ b/src/libsystemd-bus/bus-socket.h @@ -32,3 +32,5 @@ int bus_socket_read_message(sd_bus *bus, sd_bus_message **m); int bus_socket_process_opening(sd_bus *b); int bus_socket_process_authenticating(sd_bus *b); + +bool bus_socket_auth_needs_write(sd_bus *b); diff --git a/src/libsystemd-bus/sd-bus.c b/src/libsystemd-bus/sd-bus.c index 870d617ac..047f286f0 100644 --- a/src/libsystemd-bus/sd-bus.c +++ b/src/libsystemd-bus/sd-bus.c @@ -52,7 +52,7 @@ static void bus_free(sd_bus *b) { free(b->rbuffer); free(b->unique_name); - free(b->auth_uid); + free(b->auth_buffer); free(b->address); free(b->exec_path); @@ -197,6 +197,29 @@ int sd_bus_set_negotiate_fds(sd_bus *bus, int b) { return 0; } +int sd_bus_set_server(sd_bus *bus, int b, sd_id128_t server) { + if (!bus) + return -EINVAL; + if (!b && !sd_id128_equal(server, SD_ID128_NULL)) + return -EINVAL; + if (bus->state != BUS_UNSET) + return -EPERM; + + bus->is_server = !!b; + bus->peer = server; + return 0; +} + +int sd_bus_set_anonymous(sd_bus *bus, int b) { + if (!bus) + return -EINVAL; + if (bus->state != BUS_UNSET) + return -EPERM; + + bus->anonymous_auth = !!b; + return 0; +} + static int hello_callback(sd_bus *bus, int error, sd_bus_message *reply, void *userdata) { const char *s; int r; @@ -716,6 +739,9 @@ int sd_bus_start(sd_bus *bus) { bus->state = BUS_OPENING; + if (bus->is_server && bus->bus_client) + return -EINVAL; + if (bus->fd >= 0) r = bus_start_fd(bus); else if (bus->address || bus->sockaddr.sa.sa_family != AF_UNSPEC || bus->exec_path) @@ -1350,7 +1376,7 @@ int sd_bus_get_events(sd_bus *bus) { flags |= POLLOUT; else if (bus->state == BUS_AUTHENTICATING) { - if (bus->auth_index < ELEMENTSOF(bus->auth_iovec)) + if (bus_socket_auth_needs_write(bus)) flags |= POLLOUT; flags |= POLLIN; @@ -1426,8 +1452,8 @@ static int process_hello(sd_bus *bus, sd_bus_message *m) { /* Let's make sure the first message on the bus is the HELLO * reply. But note that we don't actually parse the message - * here (we leave that to the usual reply handling), we just - * verify we don't let any earlier msg through. */ + * here (we leave that to the usual handling), we just verify + * we don't let any earlier msg through. */ if (m->header->type != SD_BUS_MESSAGE_TYPE_METHOD_RETURN && m->header->type != SD_BUS_MESSAGE_TYPE_METHOD_ERROR) diff --git a/src/libsystemd-bus/sd-bus.h b/src/libsystemd-bus/sd-bus.h index 148a99c86..db3b22790 100644 --- a/src/libsystemd-bus/sd-bus.h +++ b/src/libsystemd-bus/sd-bus.h @@ -33,9 +33,7 @@ extern "C" { #endif /* TODO: - * - server side * - allow installing match callbacks - * - anonymous auth * * Later: * - add page donation logic @@ -66,6 +64,8 @@ int sd_bus_set_fd(sd_bus *bus, int fd); int sd_bus_set_exec(sd_bus *bus, const char *path, char *const argv[]); int sd_bus_set_bus_client(sd_bus *bus, int b); int sd_bus_set_negotiate_fds(sd_bus *bus, int b); +int sd_bus_set_server(sd_bus *bus, int b, sd_id128_t server_id); +int sd_bus_set_anonymous(sd_bus *bus, int b); int sd_bus_start(sd_bus *ret); void sd_bus_close(sd_bus *bus); diff --git a/src/libsystemd-bus/test-bus-chat.c b/src/libsystemd-bus/test-bus-chat.c index e124b247d..906a7e646 100644 --- a/src/libsystemd-bus/test-bus-chat.c +++ b/src/libsystemd-bus/test-bus-chat.c @@ -564,9 +564,15 @@ int main(int argc, char *argv[]) { q = pthread_join(c1, &p); if (q != 0) return EXIT_FAILURE; + if (PTR_TO_INT(p) < 0) + return EXIT_FAILURE; + q = pthread_join(c2, &p); if (q != 0) return EXIT_FAILURE; + if (PTR_TO_INT(p) < 0) + return EXIT_FAILURE; + if (r < 0) return EXIT_FAILURE; diff --git a/src/shared/util.c b/src/shared/util.c index 7281cc8ab..873c95820 100644 --- a/src/shared/util.c +++ b/src/shared/util.c @@ -1069,6 +1069,32 @@ char *hexmem(const void *p, size_t l) { return r; } +void *unhexmem(const char *p, size_t l) { + uint8_t *r, *z; + const char *x; + + assert(p); + + z = r = malloc((l + 1) / 2 + 1); + if (!r) + return NULL; + + for (x = p; x < p + l; x += 2) { + int a, b; + + a = unhexchar(x[0]); + if (x+1 < p + l) + b = unhexchar(x[1]); + else + b = 0; + + *(z++) = (uint8_t) a << 4 | (uint8_t) b; + } + + *z = 0; + return r; +} + char octchar(int x) { return '0' + (x & 7); } diff --git a/src/shared/util.h b/src/shared/util.h index 485733f65..0d05cd665 100644 --- a/src/shared/util.h +++ b/src/shared/util.h @@ -609,5 +609,7 @@ static inline void *mempset(void *s, int c, size_t n) { } char *hexmem(const void *p, size_t l); +void *unhexmem(const char *p, size_t l); + char *strextend(char **x, ...); char *strrep(const char *s, unsigned n);