2 This file is part of systemd.
4 Copyright 2013 Lennart Poettering
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
26 #include "sd-daemon.h"
28 #include "alloc-util.h"
29 #include "bus-internal.h"
30 #include "bus-message.h"
31 #include "bus-socket.h"
33 #include "formats-util.h"
34 #include "hexdecoct.h"
37 #include "selinux-util.h"
38 #include "signal-util.h"
39 #include "stdio-util.h"
40 #include "string-util.h"
41 #include "user-util.h"
45 #define SNDBUF_SIZE (8*1024*1024)
47 static void iovec_advance(struct iovec iov[], unsigned *idx, size_t size) {
50 struct iovec *i = iov + *idx;
52 if (i->iov_len > size) {
53 i->iov_base = (uint8_t*) i->iov_base + size;
67 static int append_iovec(sd_bus_message *m, const void *p, size_t sz) {
72 m->iovec[m->n_iovec].iov_base = (void*) p;
73 m->iovec[m->n_iovec].iov_len = sz;
79 static int bus_message_setup_iovec(sd_bus_message *m) {
80 struct bus_body_part *part;
92 n = 1 + m->n_body_parts;
93 if (n < ELEMENTSOF(m->iovec_fixed))
94 m->iovec = m->iovec_fixed;
96 m->iovec = new(struct iovec, n);
103 r = append_iovec(m, m->header, BUS_MESSAGE_BODY_BEGIN(m));
107 MESSAGE_FOREACH_PART(part, i, m) {
108 r = bus_body_part_map(part);
112 r = append_iovec(m, part->data, part->size);
117 assert(n == m->n_iovec);
126 bool bus_socket_auth_needs_write(sd_bus *b) {
130 if (b->auth_index >= ELEMENTSOF(b->auth_iovec))
133 for (i = b->auth_index; i < ELEMENTSOF(b->auth_iovec); i++) {
134 struct iovec *j = b->auth_iovec + i;
143 static int bus_socket_write_auth(sd_bus *b) {
147 assert(b->state == BUS_AUTHENTICATING);
149 if (!bus_socket_auth_needs_write(b))
152 if (b->prefer_writev)
153 k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
158 mh.msg_iov = b->auth_iovec + b->auth_index;
159 mh.msg_iovlen = ELEMENTSOF(b->auth_iovec) - b->auth_index;
161 k = sendmsg(b->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
162 if (k < 0 && errno == ENOTSOCK) {
163 b->prefer_writev = true;
164 k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
169 return errno == EAGAIN ? 0 : -errno;
171 iovec_advance(b->auth_iovec, &b->auth_index, (size_t) k);
175 static int bus_socket_auth_verify_client(sd_bus *b) {
183 /* We expect two response lines: "OK" and possibly
186 e = memmem_safe(b->rbuffer, b->rbuffer_size, "\r\n", 2);
190 if (b->hello_flags & KDBUS_HELLO_ACCEPT_FD) {
191 f = memmem(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2);
201 /* Nice! We got all the lines we need. First check the OK
204 if (e - (char*) b->rbuffer != 3 + 32)
207 if (memcmp(b->rbuffer, "OK ", 3))
210 b->auth = b->anonymous_auth ? BUS_AUTH_ANONYMOUS : BUS_AUTH_EXTERNAL;
212 for (i = 0; i < 32; i += 2) {
215 x = unhexchar(((char*) b->rbuffer)[3 + i]);
216 y = unhexchar(((char*) b->rbuffer)[3 + i + 1]);
221 peer.bytes[i/2] = ((uint8_t) x << 4 | (uint8_t) y);
224 if (!sd_id128_is_null(b->server_id) &&
225 !sd_id128_equal(b->server_id, peer))
230 /* And possibly check the second line, too */
234 (f - e == strlen("\r\nAGREE_UNIX_FD")) &&
235 memcmp(e + 2, "AGREE_UNIX_FD", strlen("AGREE_UNIX_FD")) == 0;
237 b->rbuffer_size -= (start - (char*) b->rbuffer);
238 memmove(b->rbuffer, start, b->rbuffer_size);
240 r = bus_start_running(b);
247 static bool line_equals(const char *s, size_t m, const char *line) {
254 return memcmp(s, line, l) == 0;
257 static bool line_begins(const char *s, size_t m, const char *word) {
264 if (memcmp(s, word, l) != 0)
267 return m == l || (m > l && s[l] == ' ');
270 static int verify_anonymous_token(sd_bus *b, const char *p, size_t l) {
271 _cleanup_free_ char *token = NULL;
275 if (!b->anonymous_auth)
287 r = unhexmem(p, l, (void **) &token, &len);
291 if (memchr(token, 0, len))
294 return !!utf8_is_valid(token);
297 static int verify_external_token(sd_bus *b, const char *p, size_t l) {
298 _cleanup_free_ char *token = NULL;
303 /* We don't do any real authentication here. Instead, we if
304 * the owner of this bus wanted authentication he should have
305 * checked SO_PEERCRED before even creating the bus object. */
307 if (!b->anonymous_auth && !b->ucred_valid)
319 r = unhexmem(p, l, (void**) &token, &len);
323 if (memchr(token, 0, len))
326 r = parse_uid(token, &u);
330 /* We ignore the passed value if anonymous authentication is
332 if (!b->anonymous_auth && u != b->ucred.uid)
338 static int bus_socket_auth_write(sd_bus *b, const char *t) {
345 /* We only make use of the first iovec */
346 assert(b->auth_index == 0 || b->auth_index == 1);
349 p = malloc(b->auth_iovec[0].iov_len + l);
353 memcpy_safe(p, b->auth_iovec[0].iov_base, b->auth_iovec[0].iov_len);
354 memcpy(p + b->auth_iovec[0].iov_len, t, l);
356 b->auth_iovec[0].iov_base = p;
357 b->auth_iovec[0].iov_len += l;
359 free(b->auth_buffer);
365 static int bus_socket_auth_write_ok(sd_bus *b) {
366 char t[3 + 32 + 2 + 1];
370 xsprintf(t, "OK " SD_ID128_FORMAT_STR "\r\n", SD_ID128_FORMAT_VAL(b->server_id));
372 return bus_socket_auth_write(b, t);
375 static int bus_socket_auth_verify_server(sd_bus *b) {
379 bool processed = false;
384 if (b->rbuffer_size < 1)
387 /* First char must be a NUL byte */
388 if (*(char*) b->rbuffer != 0)
391 if (b->rbuffer_size < 3)
394 /* Begin with the first line */
395 if (b->auth_rbegin <= 0)
399 /* Check if line is complete */
400 line = (char*) b->rbuffer + b->auth_rbegin;
401 e = memmem(line, b->rbuffer_size - b->auth_rbegin, "\r\n", 2);
407 if (line_begins(line, l, "AUTH ANONYMOUS")) {
409 r = verify_anonymous_token(b, line + 14, l - 14);
413 r = bus_socket_auth_write(b, "REJECTED\r\n");
415 b->auth = BUS_AUTH_ANONYMOUS;
416 r = bus_socket_auth_write_ok(b);
419 } else if (line_begins(line, l, "AUTH EXTERNAL")) {
421 r = verify_external_token(b, line + 13, l - 13);
425 r = bus_socket_auth_write(b, "REJECTED\r\n");
427 b->auth = BUS_AUTH_EXTERNAL;
428 r = bus_socket_auth_write_ok(b);
431 } else if (line_begins(line, l, "AUTH"))
432 r = bus_socket_auth_write(b, "REJECTED EXTERNAL ANONYMOUS\r\n");
433 else if (line_equals(line, l, "CANCEL") ||
434 line_begins(line, l, "ERROR")) {
436 b->auth = _BUS_AUTH_INVALID;
437 r = bus_socket_auth_write(b, "REJECTED\r\n");
439 } else if (line_equals(line, l, "BEGIN")) {
441 if (b->auth == _BUS_AUTH_INVALID)
442 r = bus_socket_auth_write(b, "ERROR\r\n");
444 /* We can't leave from the auth phase
445 * before we haven't written
446 * everything queued, so let's check
449 if (bus_socket_auth_needs_write(b))
452 b->rbuffer_size -= (e + 2 - (char*) b->rbuffer);
453 memmove(b->rbuffer, e + 2, b->rbuffer_size);
454 return bus_start_running(b);
457 } else if (line_begins(line, l, "DATA")) {
459 if (b->auth == _BUS_AUTH_INVALID)
460 r = bus_socket_auth_write(b, "ERROR\r\n");
462 if (b->auth == BUS_AUTH_ANONYMOUS)
463 r = verify_anonymous_token(b, line + 4, l - 4);
465 r = verify_external_token(b, line + 4, l - 4);
470 b->auth = _BUS_AUTH_INVALID;
471 r = bus_socket_auth_write(b, "REJECTED\r\n");
473 r = bus_socket_auth_write_ok(b);
475 } else if (line_equals(line, l, "NEGOTIATE_UNIX_FD")) {
476 if (b->auth == _BUS_AUTH_INVALID || !(b->hello_flags & KDBUS_HELLO_ACCEPT_FD))
477 r = bus_socket_auth_write(b, "ERROR\r\n");
480 r = bus_socket_auth_write(b, "AGREE_UNIX_FD\r\n");
483 r = bus_socket_auth_write(b, "ERROR\r\n");
488 b->auth_rbegin = e + 2 - (char*) b->rbuffer;
494 static int bus_socket_auth_verify(sd_bus *b) {
498 return bus_socket_auth_verify_server(b);
500 return bus_socket_auth_verify_client(b);
503 static int bus_socket_read_auth(sd_bus *b) {
505 struct iovec iov = {};
511 struct cmsghdr cmsghdr;
512 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX)];
514 bool handle_cmsg = false;
517 assert(b->state == BUS_AUTHENTICATING);
519 r = bus_socket_auth_verify(b);
523 n = MAX(256u, b->rbuffer_size * 2);
525 if (n > BUS_AUTH_SIZE_MAX)
526 n = BUS_AUTH_SIZE_MAX;
528 if (b->rbuffer_size >= n)
531 p = realloc(b->rbuffer, n);
537 iov.iov_base = (uint8_t*) b->rbuffer + b->rbuffer_size;
538 iov.iov_len = n - b->rbuffer_size;
541 k = readv(b->input_fd, &iov, 1);
546 mh.msg_control = &control;
547 mh.msg_controllen = sizeof(control);
549 k = recvmsg(b->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
550 if (k < 0 && errno == ENOTSOCK) {
551 b->prefer_readv = true;
552 k = readv(b->input_fd, &iov, 1);
557 return errno == EAGAIN ? 0 : -errno;
561 b->rbuffer_size += k;
564 struct cmsghdr *cmsg;
566 CMSG_FOREACH(cmsg, &mh)
567 if (cmsg->cmsg_level == SOL_SOCKET &&
568 cmsg->cmsg_type == SCM_RIGHTS) {
571 /* Whut? We received fds during the auth
572 * protocol? Somebody is playing games with
573 * us. Close them all, and fail */
574 j = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
575 close_many((int*) CMSG_DATA(cmsg), j);
578 log_debug("Got unexpected auxiliary data with level=%d and type=%d",
579 cmsg->cmsg_level, cmsg->cmsg_type);
582 r = bus_socket_auth_verify(b);
589 void bus_socket_setup(sd_bus *b) {
592 /* Increase the buffers to 8 MB */
593 fd_inc_rcvbuf(b->input_fd, SNDBUF_SIZE);
594 fd_inc_sndbuf(b->output_fd, SNDBUF_SIZE);
596 b->is_kernel = false;
597 b->message_version = 1;
598 b->message_endian = 0;
601 static void bus_get_peercred(sd_bus *b) {
606 /* Get the peer for socketpair() sockets */
607 b->ucred_valid = getpeercred(b->input_fd, &b->ucred) >= 0;
609 /* Get the SELinux context of the peer */
610 if (mac_selinux_have()) {
611 r = getpeersec(b->input_fd, &b->label);
612 if (r < 0 && r != -EOPNOTSUPP)
613 log_debug_errno(r, "Failed to determine peer security context: %m");
617 static int bus_socket_start_auth_client(sd_bus *b) {
619 const char *auth_suffix, *auth_prefix;
623 if (b->anonymous_auth) {
624 auth_prefix = "\0AUTH ANONYMOUS ";
626 /* For ANONYMOUS auth we send some arbitrary "trace" string */
628 b->auth_buffer = hexmem("anonymous", l);
630 char text[DECIMAL_STR_MAX(uid_t) + 1];
632 auth_prefix = "\0AUTH EXTERNAL ";
634 xsprintf(text, UID_FMT, geteuid());
637 b->auth_buffer = hexmem(text, l);
643 if (b->hello_flags & KDBUS_HELLO_ACCEPT_FD)
644 auth_suffix = "\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n";
646 auth_suffix = "\r\nBEGIN\r\n";
648 b->auth_iovec[0].iov_base = (void*) auth_prefix;
649 b->auth_iovec[0].iov_len = 1 + strlen(auth_prefix + 1);
650 b->auth_iovec[1].iov_base = (void*) b->auth_buffer;
651 b->auth_iovec[1].iov_len = l * 2;
652 b->auth_iovec[2].iov_base = (void*) auth_suffix;
653 b->auth_iovec[2].iov_len = strlen(auth_suffix);
655 return bus_socket_write_auth(b);
658 int bus_socket_start_auth(sd_bus *b) {
663 b->state = BUS_AUTHENTICATING;
664 b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_DEFAULT_TIMEOUT;
666 if (sd_is_socket(b->input_fd, AF_UNIX, 0, 0) <= 0)
667 b->hello_flags &= ~KDBUS_HELLO_ACCEPT_FD;
669 if (b->output_fd != b->input_fd)
670 if (sd_is_socket(b->output_fd, AF_UNIX, 0, 0) <= 0)
671 b->hello_flags &= ~KDBUS_HELLO_ACCEPT_FD;
674 return bus_socket_read_auth(b);
676 return bus_socket_start_auth_client(b);
679 int bus_socket_connect(sd_bus *b) {
683 assert(b->input_fd < 0);
684 assert(b->output_fd < 0);
685 assert(b->sockaddr.sa.sa_family != AF_UNSPEC);
687 b->input_fd = socket(b->sockaddr.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
691 b->output_fd = b->input_fd;
695 r = connect(b->input_fd, &b->sockaddr.sa, b->sockaddr_size);
697 if (errno == EINPROGRESS)
703 return bus_socket_start_auth(b);
706 int bus_socket_exec(sd_bus *b) {
711 assert(b->input_fd < 0);
712 assert(b->output_fd < 0);
713 assert(b->exec_path);
715 r = socketpair(AF_UNIX, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0, s);
727 (void) reset_all_signal_handlers();
728 (void) reset_signal_mask();
730 close_all_fds(s+1, 1);
732 assert_se(dup3(s[1], STDIN_FILENO, 0) == STDIN_FILENO);
733 assert_se(dup3(s[1], STDOUT_FILENO, 0) == STDOUT_FILENO);
735 if (s[1] != STDIN_FILENO && s[1] != STDOUT_FILENO)
738 fd_cloexec(STDIN_FILENO, false);
739 fd_cloexec(STDOUT_FILENO, false);
740 fd_nonblock(STDIN_FILENO, false);
741 fd_nonblock(STDOUT_FILENO, false);
744 execvp(b->exec_path, b->exec_argv);
746 const char *argv[] = { b->exec_path, NULL };
747 execvp(b->exec_path, (char**) argv);
754 b->output_fd = b->input_fd = s[0];
758 return bus_socket_start_auth(b);
761 int bus_socket_take_fd(sd_bus *b) {
766 return bus_socket_start_auth(b);
769 int bus_socket_write_message(sd_bus *bus, sd_bus_message *m, size_t *idx) {
779 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
781 if (*idx >= BUS_MESSAGE_SIZE(m))
784 r = bus_message_setup_iovec(m);
788 n = m->n_iovec * sizeof(struct iovec);
790 memcpy_safe(iov, m->iovec, n);
793 iovec_advance(iov, &j, *idx);
795 if (bus->prefer_writev)
796 k = writev(bus->output_fd, iov, m->n_iovec);
800 .msg_iovlen = m->n_iovec,
804 struct cmsghdr *control;
806 mh.msg_control = control = alloca(CMSG_SPACE(sizeof(int) * m->n_fds));
807 mh.msg_controllen = control->cmsg_len = CMSG_LEN(sizeof(int) * m->n_fds);
808 control->cmsg_level = SOL_SOCKET;
809 control->cmsg_type = SCM_RIGHTS;
810 memcpy(CMSG_DATA(control), m->fds, sizeof(int) * m->n_fds);
813 k = sendmsg(bus->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
814 if (k < 0 && errno == ENOTSOCK) {
815 bus->prefer_writev = true;
816 k = writev(bus->output_fd, iov, m->n_iovec);
821 return errno == EAGAIN ? 0 : -errno;
827 static int bus_socket_read_message_need(sd_bus *bus, size_t *need) {
834 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
836 if (bus->rbuffer_size < sizeof(struct bus_header)) {
837 *need = sizeof(struct bus_header) + 8;
839 /* Minimum message size:
843 * Method Call: +2 string headers
844 * Signal: +3 string headers
845 * Method Error: +1 string headers
847 * Method Reply: +1 uint32 headers
849 * A string header is at least 9 bytes
850 * A uint32 header is at least 8 bytes
852 * Hence the minimum message size of a valid message
853 * is header + 8 bytes */
858 a = ((const uint32_t*) bus->rbuffer)[1];
859 b = ((const uint32_t*) bus->rbuffer)[3];
861 e = ((const uint8_t*) bus->rbuffer)[0];
862 if (e == BUS_LITTLE_ENDIAN) {
865 } else if (e == BUS_BIG_ENDIAN) {
871 sum = (uint64_t) sizeof(struct bus_header) + (uint64_t) ALIGN_TO(b, 8) + (uint64_t) a;
872 if (sum >= BUS_MESSAGE_SIZE_MAX)
875 *need = (size_t) sum;
879 static int bus_socket_make_message(sd_bus *bus, size_t size) {
885 assert(bus->rbuffer_size >= size);
886 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
888 r = bus_rqueue_make_room(bus);
892 if (bus->rbuffer_size > size) {
893 b = memdup((const uint8_t*) bus->rbuffer + size,
894 bus->rbuffer_size - size);
900 r = bus_message_from_malloc(bus,
902 bus->fds, bus->n_fds,
911 bus->rbuffer_size -= size;
916 bus->rqueue[bus->rqueue_size++] = t;
921 int bus_socket_read_message(sd_bus *bus) {
923 struct iovec iov = {};
929 struct cmsghdr cmsghdr;
930 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX)];
932 bool handle_cmsg = false;
935 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
937 r = bus_socket_read_message_need(bus, &need);
941 if (bus->rbuffer_size >= need)
942 return bus_socket_make_message(bus, need);
944 b = realloc(bus->rbuffer, need);
950 iov.iov_base = (uint8_t*) bus->rbuffer + bus->rbuffer_size;
951 iov.iov_len = need - bus->rbuffer_size;
953 if (bus->prefer_readv)
954 k = readv(bus->input_fd, &iov, 1);
959 mh.msg_control = &control;
960 mh.msg_controllen = sizeof(control);
962 k = recvmsg(bus->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
963 if (k < 0 && errno == ENOTSOCK) {
964 bus->prefer_readv = true;
965 k = readv(bus->input_fd, &iov, 1);
970 return errno == EAGAIN ? 0 : -errno;
974 bus->rbuffer_size += k;
977 struct cmsghdr *cmsg;
979 CMSG_FOREACH(cmsg, &mh)
980 if (cmsg->cmsg_level == SOL_SOCKET &&
981 cmsg->cmsg_type == SCM_RIGHTS) {
984 n = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
987 /* Whut? We received fds but this
988 * isn't actually enabled? Close them,
991 close_many((int*) CMSG_DATA(cmsg), n);
995 f = realloc(bus->fds, sizeof(int) * (bus->n_fds + n));
997 close_many((int*) CMSG_DATA(cmsg), n);
1001 memcpy_safe(f + bus->n_fds, CMSG_DATA(cmsg), n * sizeof(int));
1005 log_debug("Got unexpected auxiliary data with level=%d and type=%d",
1006 cmsg->cmsg_level, cmsg->cmsg_type);
1009 r = bus_socket_read_message_need(bus, &need);
1013 if (bus->rbuffer_size >= need)
1014 return bus_socket_make_message(bus, need);
1019 int bus_socket_process_opening(sd_bus *b) {
1021 socklen_t slen = sizeof(error);
1028 assert(b->state == BUS_OPENING);
1034 if (!(p.revents & (POLLOUT|POLLERR|POLLHUP)))
1037 r = getsockopt(b->output_fd, SOL_SOCKET, SO_ERROR, &error, &slen);
1039 b->last_connect_error = errno;
1040 else if (error != 0)
1041 b->last_connect_error = error;
1042 else if (p.revents & (POLLERR|POLLHUP))
1043 b->last_connect_error = ECONNREFUSED;
1045 return bus_socket_start_auth(b);
1047 return bus_next_address(b);
1050 int bus_socket_process_authenticating(sd_bus *b) {
1054 assert(b->state == BUS_AUTHENTICATING);
1056 if (now(CLOCK_MONOTONIC) >= b->auth_timeout)
1059 r = bus_socket_write_auth(b);
1063 return bus_socket_read_auth(b);