1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2013 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
27 #include "sd-daemon.h"
32 #include "formats-util.h"
33 #include "signal-util.h"
36 #include "bus-socket.h"
37 #include "bus-internal.h"
38 #include "bus-message.h"
40 #define SNDBUF_SIZE (8*1024*1024)
42 static void iovec_advance(struct iovec iov[], unsigned *idx, size_t size) {
45 struct iovec *i = iov + *idx;
47 if (i->iov_len > size) {
48 i->iov_base = (uint8_t*) i->iov_base + size;
62 static int append_iovec(sd_bus_message *m, const void *p, size_t sz) {
67 m->iovec[m->n_iovec].iov_base = (void*) p;
68 m->iovec[m->n_iovec].iov_len = sz;
74 static int bus_message_setup_iovec(sd_bus_message *m) {
75 struct bus_body_part *part;
87 n = 1 + m->n_body_parts;
88 if (n < ELEMENTSOF(m->iovec_fixed))
89 m->iovec = m->iovec_fixed;
91 m->iovec = new(struct iovec, n);
98 r = append_iovec(m, m->header, BUS_MESSAGE_BODY_BEGIN(m));
102 MESSAGE_FOREACH_PART(part, i, m) {
103 r = bus_body_part_map(part);
107 r = append_iovec(m, part->data, part->size);
112 assert(n == m->n_iovec);
121 bool bus_socket_auth_needs_write(sd_bus *b) {
125 if (b->auth_index >= ELEMENTSOF(b->auth_iovec))
128 for (i = b->auth_index; i < ELEMENTSOF(b->auth_iovec); i++) {
129 struct iovec *j = b->auth_iovec + i;
138 static int bus_socket_write_auth(sd_bus *b) {
142 assert(b->state == BUS_AUTHENTICATING);
144 if (!bus_socket_auth_needs_write(b))
147 if (b->prefer_writev)
148 k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
153 mh.msg_iov = b->auth_iovec + b->auth_index;
154 mh.msg_iovlen = ELEMENTSOF(b->auth_iovec) - b->auth_index;
156 k = sendmsg(b->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
157 if (k < 0 && errno == ENOTSOCK) {
158 b->prefer_writev = true;
159 k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
164 return errno == EAGAIN ? 0 : -errno;
166 iovec_advance(b->auth_iovec, &b->auth_index, (size_t) k);
170 static int bus_socket_auth_verify_client(sd_bus *b) {
178 /* We expect two response lines: "OK" and possibly
181 e = memmem_safe(b->rbuffer, b->rbuffer_size, "\r\n", 2);
185 if (b->hello_flags & KDBUS_HELLO_ACCEPT_FD) {
186 f = memmem(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2);
196 /* Nice! We got all the lines we need. First check the OK
199 if (e - (char*) b->rbuffer != 3 + 32)
202 if (memcmp(b->rbuffer, "OK ", 3))
205 b->auth = b->anonymous_auth ? BUS_AUTH_ANONYMOUS : BUS_AUTH_EXTERNAL;
207 for (i = 0; i < 32; i += 2) {
210 x = unhexchar(((char*) b->rbuffer)[3 + i]);
211 y = unhexchar(((char*) b->rbuffer)[3 + i + 1]);
216 peer.bytes[i/2] = ((uint8_t) x << 4 | (uint8_t) y);
219 if (!sd_id128_equal(b->server_id, SD_ID128_NULL) &&
220 !sd_id128_equal(b->server_id, peer))
225 /* And possibly check the second line, too */
229 (f - e == strlen("\r\nAGREE_UNIX_FD")) &&
230 memcmp(e + 2, "AGREE_UNIX_FD", strlen("AGREE_UNIX_FD")) == 0;
232 b->rbuffer_size -= (start - (char*) b->rbuffer);
233 memmove(b->rbuffer, start, b->rbuffer_size);
235 r = bus_start_running(b);
242 static bool line_equals(const char *s, size_t m, const char *line) {
249 return memcmp(s, line, l) == 0;
252 static bool line_begins(const char *s, size_t m, const char *word) {
259 if (memcmp(s, word, l) != 0)
262 return m == l || (m > l && s[l] == ' ');
265 static int verify_anonymous_token(sd_bus *b, const char *p, size_t l) {
266 _cleanup_free_ char *token = NULL;
268 if (!b->anonymous_auth)
279 token = unhexmem(p, l);
283 if (memchr(token, 0, l/2))
286 return !!utf8_is_valid(token);
289 static int verify_external_token(sd_bus *b, const char *p, size_t l) {
290 _cleanup_free_ char *token = NULL;
294 /* We don't do any real authentication here. Instead, we if
295 * the owner of this bus wanted authentication he should have
296 * checked SO_PEERCRED before even creating the bus object. */
298 if (!b->anonymous_auth && !b->ucred_valid)
310 token = unhexmem(p, l);
314 if (memchr(token, 0, l/2))
317 r = parse_uid(token, &u);
321 /* We ignore the passed value if anonymous authentication is
323 if (!b->anonymous_auth && u != b->ucred.uid)
329 static int bus_socket_auth_write(sd_bus *b, const char *t) {
336 /* We only make use of the first iovec */
337 assert(b->auth_index == 0 || b->auth_index == 1);
340 p = malloc(b->auth_iovec[0].iov_len + l);
344 memcpy(p, b->auth_iovec[0].iov_base, b->auth_iovec[0].iov_len);
345 memcpy(p + b->auth_iovec[0].iov_len, t, l);
347 b->auth_iovec[0].iov_base = p;
348 b->auth_iovec[0].iov_len += l;
350 free(b->auth_buffer);
356 static int bus_socket_auth_write_ok(sd_bus *b) {
357 char t[3 + 32 + 2 + 1];
361 xsprintf(t, "OK " SD_ID128_FORMAT_STR "\r\n", SD_ID128_FORMAT_VAL(b->server_id));
363 return bus_socket_auth_write(b, t);
366 static int bus_socket_auth_verify_server(sd_bus *b) {
370 bool processed = false;
375 if (b->rbuffer_size < 1)
378 /* First char must be a NUL byte */
379 if (*(char*) b->rbuffer != 0)
382 if (b->rbuffer_size < 3)
385 /* Begin with the first line */
386 if (b->auth_rbegin <= 0)
390 /* Check if line is complete */
391 line = (char*) b->rbuffer + b->auth_rbegin;
392 e = memmem(line, b->rbuffer_size - b->auth_rbegin, "\r\n", 2);
398 if (line_begins(line, l, "AUTH ANONYMOUS")) {
400 r = verify_anonymous_token(b, line + 14, l - 14);
404 r = bus_socket_auth_write(b, "REJECTED\r\n");
406 b->auth = BUS_AUTH_ANONYMOUS;
407 r = bus_socket_auth_write_ok(b);
410 } else if (line_begins(line, l, "AUTH EXTERNAL")) {
412 r = verify_external_token(b, line + 13, l - 13);
416 r = bus_socket_auth_write(b, "REJECTED\r\n");
418 b->auth = BUS_AUTH_EXTERNAL;
419 r = bus_socket_auth_write_ok(b);
422 } else if (line_begins(line, l, "AUTH"))
423 r = bus_socket_auth_write(b, "REJECTED EXTERNAL ANONYMOUS\r\n");
424 else if (line_equals(line, l, "CANCEL") ||
425 line_begins(line, l, "ERROR")) {
427 b->auth = _BUS_AUTH_INVALID;
428 r = bus_socket_auth_write(b, "REJECTED\r\n");
430 } else if (line_equals(line, l, "BEGIN")) {
432 if (b->auth == _BUS_AUTH_INVALID)
433 r = bus_socket_auth_write(b, "ERROR\r\n");
435 /* We can't leave from the auth phase
436 * before we haven't written
437 * everything queued, so let's check
440 if (bus_socket_auth_needs_write(b))
443 b->rbuffer_size -= (e + 2 - (char*) b->rbuffer);
444 memmove(b->rbuffer, e + 2, b->rbuffer_size);
445 return bus_start_running(b);
448 } else if (line_begins(line, l, "DATA")) {
450 if (b->auth == _BUS_AUTH_INVALID)
451 r = bus_socket_auth_write(b, "ERROR\r\n");
453 if (b->auth == BUS_AUTH_ANONYMOUS)
454 r = verify_anonymous_token(b, line + 4, l - 4);
456 r = verify_external_token(b, line + 4, l - 4);
461 b->auth = _BUS_AUTH_INVALID;
462 r = bus_socket_auth_write(b, "REJECTED\r\n");
464 r = bus_socket_auth_write_ok(b);
466 } else if (line_equals(line, l, "NEGOTIATE_UNIX_FD")) {
467 if (b->auth == _BUS_AUTH_INVALID || !(b->hello_flags & KDBUS_HELLO_ACCEPT_FD))
468 r = bus_socket_auth_write(b, "ERROR\r\n");
471 r = bus_socket_auth_write(b, "AGREE_UNIX_FD\r\n");
474 r = bus_socket_auth_write(b, "ERROR\r\n");
479 b->auth_rbegin = e + 2 - (char*) b->rbuffer;
485 static int bus_socket_auth_verify(sd_bus *b) {
489 return bus_socket_auth_verify_server(b);
491 return bus_socket_auth_verify_client(b);
494 static int bus_socket_read_auth(sd_bus *b) {
496 struct iovec iov = {};
502 struct cmsghdr cmsghdr;
503 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX)];
505 bool handle_cmsg = false;
508 assert(b->state == BUS_AUTHENTICATING);
510 r = bus_socket_auth_verify(b);
514 n = MAX(256u, b->rbuffer_size * 2);
516 if (n > BUS_AUTH_SIZE_MAX)
517 n = BUS_AUTH_SIZE_MAX;
519 if (b->rbuffer_size >= n)
522 p = realloc(b->rbuffer, n);
528 iov.iov_base = (uint8_t*) b->rbuffer + b->rbuffer_size;
529 iov.iov_len = n - b->rbuffer_size;
532 k = readv(b->input_fd, &iov, 1);
537 mh.msg_control = &control;
538 mh.msg_controllen = sizeof(control);
540 k = recvmsg(b->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
541 if (k < 0 && errno == ENOTSOCK) {
542 b->prefer_readv = true;
543 k = readv(b->input_fd, &iov, 1);
548 return errno == EAGAIN ? 0 : -errno;
552 b->rbuffer_size += k;
555 struct cmsghdr *cmsg;
557 CMSG_FOREACH(cmsg, &mh)
558 if (cmsg->cmsg_level == SOL_SOCKET &&
559 cmsg->cmsg_type == SCM_RIGHTS) {
562 /* Whut? We received fds during the auth
563 * protocol? Somebody is playing games with
564 * us. Close them all, and fail */
565 j = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
566 close_many((int*) CMSG_DATA(cmsg), j);
569 log_debug("Got unexpected auxiliary data with level=%d and type=%d",
570 cmsg->cmsg_level, cmsg->cmsg_type);
573 r = bus_socket_auth_verify(b);
580 void bus_socket_setup(sd_bus *b) {
583 /* Increase the buffers to 8 MB */
584 fd_inc_rcvbuf(b->input_fd, SNDBUF_SIZE);
585 fd_inc_sndbuf(b->output_fd, SNDBUF_SIZE);
587 b->is_kernel = false;
588 b->message_version = 1;
589 b->message_endian = 0;
592 static void bus_get_peercred(sd_bus *b) {
597 /* Get the peer for socketpair() sockets */
598 b->ucred_valid = getpeercred(b->input_fd, &b->ucred) >= 0;
600 /* Get the SELinux context of the peer */
601 r = getpeersec(b->input_fd, &b->label);
602 if (r < 0 && r != -EOPNOTSUPP)
603 log_debug_errno(r, "Failed to determine peer security context: %m");
606 static int bus_socket_start_auth_client(sd_bus *b) {
608 const char *auth_suffix, *auth_prefix;
612 if (b->anonymous_auth) {
613 auth_prefix = "\0AUTH ANONYMOUS ";
615 /* For ANONYMOUS auth we send some arbitrary "trace" string */
617 b->auth_buffer = hexmem("anonymous", l);
619 char text[DECIMAL_STR_MAX(uid_t) + 1];
621 auth_prefix = "\0AUTH EXTERNAL ";
623 xsprintf(text, UID_FMT, geteuid());
626 b->auth_buffer = hexmem(text, l);
632 if (b->hello_flags & KDBUS_HELLO_ACCEPT_FD)
633 auth_suffix = "\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n";
635 auth_suffix = "\r\nBEGIN\r\n";
637 b->auth_iovec[0].iov_base = (void*) auth_prefix;
638 b->auth_iovec[0].iov_len = 1 + strlen(auth_prefix + 1);
639 b->auth_iovec[1].iov_base = (void*) b->auth_buffer;
640 b->auth_iovec[1].iov_len = l * 2;
641 b->auth_iovec[2].iov_base = (void*) auth_suffix;
642 b->auth_iovec[2].iov_len = strlen(auth_suffix);
644 return bus_socket_write_auth(b);
647 int bus_socket_start_auth(sd_bus *b) {
652 b->state = BUS_AUTHENTICATING;
653 b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_DEFAULT_TIMEOUT;
655 if (sd_is_socket(b->input_fd, AF_UNIX, 0, 0) <= 0)
656 b->hello_flags &= ~KDBUS_HELLO_ACCEPT_FD;
658 if (b->output_fd != b->input_fd)
659 if (sd_is_socket(b->output_fd, AF_UNIX, 0, 0) <= 0)
660 b->hello_flags &= ~KDBUS_HELLO_ACCEPT_FD;
663 return bus_socket_read_auth(b);
665 return bus_socket_start_auth_client(b);
668 int bus_socket_connect(sd_bus *b) {
672 assert(b->input_fd < 0);
673 assert(b->output_fd < 0);
674 assert(b->sockaddr.sa.sa_family != AF_UNSPEC);
676 b->input_fd = socket(b->sockaddr.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
680 b->output_fd = b->input_fd;
684 r = connect(b->input_fd, &b->sockaddr.sa, b->sockaddr_size);
686 if (errno == EINPROGRESS)
692 return bus_socket_start_auth(b);
695 int bus_socket_exec(sd_bus *b) {
700 assert(b->input_fd < 0);
701 assert(b->output_fd < 0);
702 assert(b->exec_path);
704 r = socketpair(AF_UNIX, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0, s);
716 (void) reset_all_signal_handlers();
717 (void) reset_signal_mask();
719 close_all_fds(s+1, 1);
721 assert_se(dup3(s[1], STDIN_FILENO, 0) == STDIN_FILENO);
722 assert_se(dup3(s[1], STDOUT_FILENO, 0) == STDOUT_FILENO);
724 if (s[1] != STDIN_FILENO && s[1] != STDOUT_FILENO)
727 fd_cloexec(STDIN_FILENO, false);
728 fd_cloexec(STDOUT_FILENO, false);
729 fd_nonblock(STDIN_FILENO, false);
730 fd_nonblock(STDOUT_FILENO, false);
733 execvp(b->exec_path, b->exec_argv);
735 const char *argv[] = { b->exec_path, NULL };
736 execvp(b->exec_path, (char**) argv);
743 b->output_fd = b->input_fd = s[0];
747 return bus_socket_start_auth(b);
750 int bus_socket_take_fd(sd_bus *b) {
755 return bus_socket_start_auth(b);
758 int bus_socket_write_message(sd_bus *bus, sd_bus_message *m, size_t *idx) {
768 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
770 if (*idx >= BUS_MESSAGE_SIZE(m))
773 r = bus_message_setup_iovec(m);
777 n = m->n_iovec * sizeof(struct iovec);
779 memcpy(iov, m->iovec, n);
782 iovec_advance(iov, &j, *idx);
784 if (bus->prefer_writev)
785 k = writev(bus->output_fd, iov, m->n_iovec);
789 .msg_iovlen = m->n_iovec,
793 struct cmsghdr *control;
795 mh.msg_control = control = alloca(CMSG_SPACE(sizeof(int) * m->n_fds));
796 mh.msg_controllen = control->cmsg_len = CMSG_LEN(sizeof(int) * m->n_fds);
797 control->cmsg_level = SOL_SOCKET;
798 control->cmsg_type = SCM_RIGHTS;
799 memcpy(CMSG_DATA(control), m->fds, sizeof(int) * m->n_fds);
802 k = sendmsg(bus->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
803 if (k < 0 && errno == ENOTSOCK) {
804 bus->prefer_writev = true;
805 k = writev(bus->output_fd, iov, m->n_iovec);
810 return errno == EAGAIN ? 0 : -errno;
816 static int bus_socket_read_message_need(sd_bus *bus, size_t *need) {
823 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
825 if (bus->rbuffer_size < sizeof(struct bus_header)) {
826 *need = sizeof(struct bus_header) + 8;
828 /* Minimum message size:
832 * Method Call: +2 string headers
833 * Signal: +3 string headers
834 * Method Error: +1 string headers
836 * Method Reply: +1 uint32 headers
838 * A string header is at least 9 bytes
839 * A uint32 header is at least 8 bytes
841 * Hence the minimum message size of a valid message
842 * is header + 8 bytes */
847 a = ((const uint32_t*) bus->rbuffer)[1];
848 b = ((const uint32_t*) bus->rbuffer)[3];
850 e = ((const uint8_t*) bus->rbuffer)[0];
851 if (e == BUS_LITTLE_ENDIAN) {
854 } else if (e == BUS_BIG_ENDIAN) {
860 sum = (uint64_t) sizeof(struct bus_header) + (uint64_t) ALIGN_TO(b, 8) + (uint64_t) a;
861 if (sum >= BUS_MESSAGE_SIZE_MAX)
864 *need = (size_t) sum;
868 static int bus_socket_make_message(sd_bus *bus, size_t size) {
874 assert(bus->rbuffer_size >= size);
875 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
877 r = bus_rqueue_make_room(bus);
881 if (bus->rbuffer_size > size) {
882 b = memdup((const uint8_t*) bus->rbuffer + size,
883 bus->rbuffer_size - size);
889 r = bus_message_from_malloc(bus,
891 bus->fds, bus->n_fds,
900 bus->rbuffer_size -= size;
905 bus->rqueue[bus->rqueue_size++] = t;
910 int bus_socket_read_message(sd_bus *bus) {
912 struct iovec iov = {};
918 struct cmsghdr cmsghdr;
919 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX)];
921 bool handle_cmsg = false;
924 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
926 r = bus_socket_read_message_need(bus, &need);
930 if (bus->rbuffer_size >= need)
931 return bus_socket_make_message(bus, need);
933 b = realloc(bus->rbuffer, need);
939 iov.iov_base = (uint8_t*) bus->rbuffer + bus->rbuffer_size;
940 iov.iov_len = need - bus->rbuffer_size;
942 if (bus->prefer_readv)
943 k = readv(bus->input_fd, &iov, 1);
948 mh.msg_control = &control;
949 mh.msg_controllen = sizeof(control);
951 k = recvmsg(bus->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
952 if (k < 0 && errno == ENOTSOCK) {
953 bus->prefer_readv = true;
954 k = readv(bus->input_fd, &iov, 1);
959 return errno == EAGAIN ? 0 : -errno;
963 bus->rbuffer_size += k;
966 struct cmsghdr *cmsg;
968 CMSG_FOREACH(cmsg, &mh)
969 if (cmsg->cmsg_level == SOL_SOCKET &&
970 cmsg->cmsg_type == SCM_RIGHTS) {
973 n = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
976 /* Whut? We received fds but this
977 * isn't actually enabled? Close them,
980 close_many((int*) CMSG_DATA(cmsg), n);
984 f = realloc(bus->fds, sizeof(int) + (bus->n_fds + n));
986 close_many((int*) CMSG_DATA(cmsg), n);
990 memcpy(f + bus->n_fds, CMSG_DATA(cmsg), n * sizeof(int));
994 log_debug("Got unexpected auxiliary data with level=%d and type=%d",
995 cmsg->cmsg_level, cmsg->cmsg_type);
998 r = bus_socket_read_message_need(bus, &need);
1002 if (bus->rbuffer_size >= need)
1003 return bus_socket_make_message(bus, need);
1008 int bus_socket_process_opening(sd_bus *b) {
1010 socklen_t slen = sizeof(error);
1017 assert(b->state == BUS_OPENING);
1023 if (!(p.revents & (POLLOUT|POLLERR|POLLHUP)))
1026 r = getsockopt(b->output_fd, SOL_SOCKET, SO_ERROR, &error, &slen);
1028 b->last_connect_error = errno;
1029 else if (error != 0)
1030 b->last_connect_error = error;
1031 else if (p.revents & (POLLERR|POLLHUP))
1032 b->last_connect_error = ECONNREFUSED;
1034 return bus_socket_start_auth(b);
1036 return bus_next_address(b);
1039 int bus_socket_process_authenticating(sd_bus *b) {
1043 assert(b->state == BUS_AUTHENTICATING);
1045 if (now(CLOCK_MONOTONIC) >= b->auth_timeout)
1048 r = bus_socket_write_auth(b);
1052 return bus_socket_read_auth(b);