1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2013 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
34 #include "sd-daemon.h"
37 #include "bus-socket.h"
38 #include "bus-internal.h"
39 #include "bus-message.h"
41 static void iovec_advance(struct iovec iov[], unsigned *idx, size_t size) {
44 struct iovec *i = iov + *idx;
46 if (i->iov_len > size) {
47 i->iov_base = (uint8_t*) i->iov_base + size;
61 bool bus_socket_auth_needs_write(sd_bus *b) {
65 if (b->auth_index >= ELEMENTSOF(b->auth_iovec))
68 for (i = b->auth_index; i < ELEMENTSOF(b->auth_iovec); i++) {
69 struct iovec *j = b->auth_iovec + i;
78 static int bus_socket_write_auth(sd_bus *b) {
82 assert(b->state == BUS_AUTHENTICATING);
84 if (!bus_socket_auth_needs_write(b))
88 k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
93 mh.msg_iov = b->auth_iovec + b->auth_index;
94 mh.msg_iovlen = ELEMENTSOF(b->auth_iovec) - b->auth_index;
96 k = sendmsg(b->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
97 if (k < 0 && errno == ENOTSOCK) {
98 b->prefer_writev = true;
99 k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
104 return errno == EAGAIN ? 0 : -errno;
106 iovec_advance(b->auth_iovec, &b->auth_index, (size_t) k);
110 static int bus_socket_auth_verify_client(sd_bus *b) {
118 /* We expect two response lines: "OK" and possibly
121 e = memmem(b->rbuffer, b->rbuffer_size, "\r\n", 2);
125 if (b->negotiate_fds) {
126 f = memmem(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2);
136 /* Nice! We got all the lines we need. First check the OK
139 if (e - (char*) b->rbuffer != 3 + 32)
142 if (memcmp(b->rbuffer, "OK ", 3))
145 b->auth = b->anonymous_auth ? BUS_AUTH_ANONYMOUS : BUS_AUTH_EXTERNAL;
147 for (i = 0; i < 32; i += 2) {
150 x = unhexchar(((char*) b->rbuffer)[3 + i]);
151 y = unhexchar(((char*) b->rbuffer)[3 + i + 1]);
156 peer.bytes[i/2] = ((uint8_t) x << 4 | (uint8_t) y);
159 if (!sd_id128_equal(b->server_id, SD_ID128_NULL) &&
160 !sd_id128_equal(b->server_id, peer))
165 /* And possibly check the second line, too */
169 (f - e == sizeof("\r\nAGREE_UNIX_FD") - 1) &&
170 memcmp(e + 2, "AGREE_UNIX_FD", sizeof("AGREE_UNIX_FD") - 1) == 0;
172 b->rbuffer_size -= (start - (char*) b->rbuffer);
173 memmove(b->rbuffer, start, b->rbuffer_size);
175 r = bus_start_running(b);
182 static bool line_equals(const char *s, size_t m, const char *line) {
189 return memcmp(s, line, l) == 0;
192 static bool line_begins(const char *s, size_t m, const char *word) {
199 if (memcmp(s, word, l) != 0)
202 return m == l || (m > l && s[l] == ' ');
205 static int verify_anonymous_token(sd_bus *b, const char *p, size_t l) {
206 _cleanup_free_ char *token = NULL;
208 if (!b->anonymous_auth)
219 token = unhexmem(p, l);
223 if (memchr(token, 0, l/2))
226 return !!utf8_is_valid(token);
229 static int verify_external_token(sd_bus *b, const char *p, size_t l) {
230 _cleanup_free_ char *token = NULL;
234 /* We don't do any real authentication here. Instead, we if
235 * the owner of this bus wanted authentication he should have
236 * checked SO_PEERCRED before even creating the bus object. */
238 if (!b->anonymous_auth && !b->ucred_valid)
250 token = unhexmem(p, l);
254 if (memchr(token, 0, l/2))
257 r = parse_uid(token, &u);
261 /* We ignore the passed value if anonymous authentication is
263 if (!b->anonymous_auth && u != b->ucred.uid)
269 static int bus_socket_auth_write(sd_bus *b, const char *t) {
276 /* We only make use of the first iovec */
277 assert(b->auth_index == 0 || b->auth_index == 1);
280 p = malloc(b->auth_iovec[0].iov_len + l);
284 memcpy(p, b->auth_iovec[0].iov_base, b->auth_iovec[0].iov_len);
285 memcpy(p + b->auth_iovec[0].iov_len, t, l);
287 b->auth_iovec[0].iov_base = p;
288 b->auth_iovec[0].iov_len += l;
290 free(b->auth_buffer);
296 static int bus_socket_auth_write_ok(sd_bus *b) {
297 char t[3 + 32 + 2 + 1];
301 snprintf(t, sizeof(t), "OK " SD_ID128_FORMAT_STR "\r\n", SD_ID128_FORMAT_VAL(b->server_id));
304 return bus_socket_auth_write(b, t);
307 static int bus_socket_auth_verify_server(sd_bus *b) {
311 bool processed = false;
316 if (b->rbuffer_size < 1)
319 /* First char must be a NUL byte */
320 if (*(char*) b->rbuffer != 0)
323 if (b->rbuffer_size < 3)
326 /* Begin with the first line */
327 if (b->auth_rbegin <= 0)
331 /* Check if line is complete */
332 line = (char*) b->rbuffer + b->auth_rbegin;
333 e = memmem(line, b->rbuffer_size - b->auth_rbegin, "\r\n", 2);
339 if (line_begins(line, l, "AUTH ANONYMOUS")) {
341 r = verify_anonymous_token(b, line + 14, l - 14);
345 r = bus_socket_auth_write(b, "REJECTED\r\n");
347 b->auth = BUS_AUTH_ANONYMOUS;
348 r = bus_socket_auth_write_ok(b);
351 } else if (line_begins(line, l, "AUTH EXTERNAL")) {
353 r = verify_external_token(b, line + 13, l - 13);
357 r = bus_socket_auth_write(b, "REJECTED\r\n");
359 b->auth = BUS_AUTH_EXTERNAL;
360 r = bus_socket_auth_write_ok(b);
363 } else if (line_begins(line, l, "AUTH"))
364 r = bus_socket_auth_write(b, "REJECTED EXTERNAL ANONYMOUS\r\n");
365 else if (line_equals(line, l, "CANCEL") ||
366 line_begins(line, l, "ERROR")) {
368 b->auth = _BUS_AUTH_INVALID;
369 r = bus_socket_auth_write(b, "REJECTED\r\n");
371 } else if (line_equals(line, l, "BEGIN")) {
373 if (b->auth == _BUS_AUTH_INVALID)
374 r = bus_socket_auth_write(b, "ERROR\r\n");
376 /* We can't leave from the auth phase
377 * before we haven't written
378 * everything queued, so let's check
381 if (bus_socket_auth_needs_write(b))
384 b->rbuffer_size -= (e + 2 - (char*) b->rbuffer);
385 memmove(b->rbuffer, e + 2, b->rbuffer_size);
386 return bus_start_running(b);
389 } else if (line_begins(line, l, "DATA")) {
391 if (b->auth == _BUS_AUTH_INVALID)
392 r = bus_socket_auth_write(b, "ERROR\r\n");
394 if (b->auth == BUS_AUTH_ANONYMOUS)
395 r = verify_anonymous_token(b, line + 4, l - 4);
397 r = verify_external_token(b, line + 4, l - 4);
402 b->auth = _BUS_AUTH_INVALID;
403 r = bus_socket_auth_write(b, "REJECTED\r\n");
405 r = bus_socket_auth_write_ok(b);
407 } else if (line_equals(line, l, "NEGOTIATE_UNIX_FD")) {
408 if (b->auth == _BUS_AUTH_INVALID || !b->negotiate_fds)
409 r = bus_socket_auth_write(b, "ERROR\r\n");
412 r = bus_socket_auth_write(b, "AGREE_UNIX_FD\r\n");
415 r = bus_socket_auth_write(b, "ERROR\r\n");
420 b->auth_rbegin = e + 2 - (char*) b->rbuffer;
426 static int bus_socket_auth_verify(sd_bus *b) {
430 return bus_socket_auth_verify_server(b);
432 return bus_socket_auth_verify_client(b);
435 static int bus_socket_read_auth(sd_bus *b) {
443 struct cmsghdr cmsghdr;
444 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX) +
445 CMSG_SPACE(sizeof(struct ucred)) +
446 CMSG_SPACE(NAME_MAX)]; /*selinux label */
448 struct cmsghdr *cmsg;
449 bool handle_cmsg = false;
452 assert(b->state == BUS_AUTHENTICATING);
454 r = bus_socket_auth_verify(b);
458 n = MAX(256u, b->rbuffer_size * 2);
460 if (n > BUS_AUTH_SIZE_MAX)
461 n = BUS_AUTH_SIZE_MAX;
463 if (b->rbuffer_size >= n)
466 p = realloc(b->rbuffer, n);
473 iov.iov_base = (uint8_t*) b->rbuffer + b->rbuffer_size;
474 iov.iov_len = n - b->rbuffer_size;
477 k = readv(b->input_fd, &iov, 1);
482 mh.msg_control = &control;
483 mh.msg_controllen = sizeof(control);
485 k = recvmsg(b->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
486 if (k < 0 && errno == ENOTSOCK) {
487 b->prefer_readv = true;
488 k = readv(b->input_fd, &iov, 1);
493 return errno == EAGAIN ? 0 : -errno;
497 b->rbuffer_size += k;
500 for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) {
501 if (cmsg->cmsg_level == SOL_SOCKET &&
502 cmsg->cmsg_type == SCM_RIGHTS) {
505 /* Whut? We received fds during the auth
506 * protocol? Somebody is playing games with
507 * us. Close them all, and fail */
508 j = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
509 close_many((int*) CMSG_DATA(cmsg), j);
512 } else if (cmsg->cmsg_level == SOL_SOCKET &&
513 cmsg->cmsg_type == SCM_CREDENTIALS &&
514 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
516 /* Ignore bogus data, which we might
517 * get on socketpair() sockets */
518 if (((struct ucred*) CMSG_DATA(cmsg))->pid != 0) {
519 memcpy(&b->ucred, CMSG_DATA(cmsg), sizeof(struct ucred));
520 b->ucred_valid = true;
523 } else if (cmsg->cmsg_level == SOL_SOCKET &&
524 cmsg->cmsg_type == SCM_SECURITY) {
528 l = cmsg->cmsg_len - CMSG_LEN(0);
530 memcpy(&b->label, CMSG_DATA(cmsg), l);
537 r = bus_socket_auth_verify(b);
544 static int bus_socket_setup(sd_bus *b) {
550 /* Enable SO_PASSCRED + SO_PASSEC. We try this on any
551 * socket, just in case. */
552 enable = !b->bus_client;
553 setsockopt(b->input_fd, SOL_SOCKET, SO_PASSCRED, &enable, sizeof(enable));
554 setsockopt(b->input_fd, SOL_SOCKET, SO_PASSSEC, &enable, sizeof(enable));
556 /* Increase the buffers to a MB */
557 fd_inc_rcvbuf(b->input_fd, 1024*1024);
558 fd_inc_sndbuf(b->output_fd, 1024*1024);
560 /* Get the peer for socketpair() sockets */
561 l = sizeof(b->ucred);
562 if (getsockopt(b->input_fd, SOL_SOCKET, SO_PEERCRED, &b->ucred, &l) >= 0 && l >= sizeof(b->ucred))
563 b->ucred_valid = b->ucred.pid > 0;
568 static int bus_socket_start_auth_client(sd_bus *b) {
570 const char *auth_suffix, *auth_prefix;
574 if (b->anonymous_auth) {
575 auth_prefix = "\0AUTH ANONYMOUS ";
577 /* For ANONYMOUS auth we send some arbitrary "trace" string */
579 b->auth_buffer = hexmem("anonymous", l);
581 char text[20 + 1]; /* enough space for a 64bit integer plus NUL */
583 auth_prefix = "\0AUTH EXTERNAL ";
585 snprintf(text, sizeof(text), "%lu", (unsigned long) geteuid());
589 b->auth_buffer = hexmem(text, l);
595 if (b->negotiate_fds)
596 auth_suffix = "\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n";
598 auth_suffix = "\r\nBEGIN\r\n";
600 b->auth_iovec[0].iov_base = (void*) auth_prefix;
601 b->auth_iovec[0].iov_len = 1 + strlen(auth_prefix + 1);
602 b->auth_iovec[1].iov_base = (void*) b->auth_buffer;
603 b->auth_iovec[1].iov_len = l * 2;
604 b->auth_iovec[2].iov_base = (void*) auth_suffix;
605 b->auth_iovec[2].iov_len = strlen(auth_suffix);
607 return bus_socket_write_auth(b);
610 static int bus_socket_start_auth(sd_bus *b) {
613 b->state = BUS_AUTHENTICATING;
614 b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_DEFAULT_TIMEOUT;
616 if (sd_is_socket(b->input_fd, AF_UNIX, 0, 0) <= 0)
617 b->negotiate_fds = false;
619 if (b->output_fd != b->input_fd)
620 if (sd_is_socket(b->output_fd, AF_UNIX, 0, 0) <= 0)
621 b->negotiate_fds = false;
624 return bus_socket_read_auth(b);
626 return bus_socket_start_auth_client(b);
629 int bus_socket_connect(sd_bus *b) {
633 assert(b->input_fd < 0);
634 assert(b->output_fd < 0);
635 assert(b->sockaddr.sa.sa_family != AF_UNSPEC);
637 b->input_fd = socket(b->sockaddr.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
641 b->output_fd = b->input_fd;
643 r = bus_socket_setup(b);
647 r = connect(b->input_fd, &b->sockaddr.sa, b->sockaddr_size);
649 if (errno == EINPROGRESS)
655 return bus_socket_start_auth(b);
658 int bus_socket_exec(sd_bus *b) {
663 assert(b->input_fd < 0);
664 assert(b->output_fd < 0);
665 assert(b->exec_path);
667 r = socketpair(AF_UNIX, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0, s);
679 reset_all_signal_handlers();
681 close_all_fds(s+1, 1);
683 assert_se(dup3(s[1], STDIN_FILENO, 0) == STDIN_FILENO);
684 assert_se(dup3(s[1], STDOUT_FILENO, 0) == STDOUT_FILENO);
686 if (s[1] != STDIN_FILENO && s[1] != STDOUT_FILENO)
687 close_nointr_nofail(s[1]);
689 fd_cloexec(STDIN_FILENO, false);
690 fd_cloexec(STDOUT_FILENO, false);
691 fd_nonblock(STDIN_FILENO, false);
692 fd_nonblock(STDOUT_FILENO, false);
695 execvp(b->exec_path, b->exec_argv);
697 const char *argv[] = { b->exec_path, NULL };
698 execvp(b->exec_path, (char**) argv);
704 close_nointr_nofail(s[1]);
705 b->output_fd = b->input_fd = s[0];
707 return bus_socket_start_auth(b);
710 int bus_socket_take_fd(sd_bus *b) {
714 r = bus_socket_setup(b);
718 return bus_socket_start_auth(b);
721 int bus_socket_write_message(sd_bus *bus, sd_bus_message *m, size_t *idx) {
730 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
735 n = m->n_iovec * sizeof(struct iovec);
737 memcpy(iov, m->iovec, n);
740 iovec_advance(iov, &j, *idx);
742 if (bus->prefer_writev)
743 k = writev(bus->output_fd, iov, m->n_iovec);
749 struct cmsghdr *control;
750 control = alloca(CMSG_SPACE(sizeof(int) * m->n_fds));
752 mh.msg_control = control;
753 control->cmsg_level = SOL_SOCKET;
754 control->cmsg_type = SCM_RIGHTS;
755 mh.msg_controllen = control->cmsg_len = CMSG_LEN(sizeof(int) * m->n_fds);
756 memcpy(CMSG_DATA(control), m->fds, sizeof(int) * m->n_fds);
760 mh.msg_iovlen = m->n_iovec;
762 k = sendmsg(bus->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
763 if (k < 0 && errno == ENOTSOCK) {
764 bus->prefer_writev = true;
765 k = writev(bus->output_fd, iov, m->n_iovec);
770 return errno == EAGAIN ? 0 : -errno;
776 static int bus_socket_read_message_need(sd_bus *bus, size_t *need) {
783 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
785 if (bus->rbuffer_size < sizeof(struct bus_header)) {
786 *need = sizeof(struct bus_header) + 8;
788 /* Minimum message size:
792 * Method Call: +2 string headers
793 * Signal: +3 string headers
794 * Method Error: +1 string headers
796 * Method Reply: +1 uint32 headers
798 * A string header is at least 9 bytes
799 * A uint32 header is at least 8 bytes
801 * Hence the minimum message size of a valid message
802 * is header + 8 bytes */
807 a = ((const uint32_t*) bus->rbuffer)[1];
808 b = ((const uint32_t*) bus->rbuffer)[3];
810 e = ((const uint8_t*) bus->rbuffer)[0];
811 if (e == SD_BUS_LITTLE_ENDIAN) {
814 } else if (e == SD_BUS_BIG_ENDIAN) {
820 sum = (uint64_t) sizeof(struct bus_header) + (uint64_t) ALIGN_TO(b, 8) + (uint64_t) a;
821 if (sum >= BUS_MESSAGE_SIZE_MAX)
824 *need = (size_t) sum;
828 static int bus_socket_make_message(sd_bus *bus, size_t size, sd_bus_message **m) {
835 assert(bus->rbuffer_size >= size);
836 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
838 if (bus->rbuffer_size > size) {
839 b = memdup((const uint8_t*) bus->rbuffer + size,
840 bus->rbuffer_size - size);
846 r = bus_message_from_malloc(bus->rbuffer, size,
847 bus->fds, bus->n_fds,
848 bus->ucred_valid ? &bus->ucred : NULL,
849 bus->label[0] ? bus->label : NULL,
857 bus->rbuffer_size -= size;
866 int bus_socket_read_message(sd_bus *bus, sd_bus_message **m) {
874 struct cmsghdr cmsghdr;
875 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX) +
876 CMSG_SPACE(sizeof(struct ucred)) +
877 CMSG_SPACE(NAME_MAX)]; /*selinux label */
879 struct cmsghdr *cmsg;
884 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
886 r = bus_socket_read_message_need(bus, &need);
890 if (bus->rbuffer_size >= need)
891 return bus_socket_make_message(bus, need, m);
893 b = realloc(bus->rbuffer, need);
900 iov.iov_base = (uint8_t*) bus->rbuffer + bus->rbuffer_size;
901 iov.iov_len = need - bus->rbuffer_size;
903 if (bus->prefer_readv)
904 k = readv(bus->input_fd, &iov, 1);
909 mh.msg_control = &control;
910 mh.msg_controllen = sizeof(control);
912 k = recvmsg(bus->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
913 if (k < 0 && errno == ENOTSOCK) {
914 bus->prefer_readv = true;
915 k = readv(bus->input_fd, &iov, 1);
920 return errno == EAGAIN ? 0 : -errno;
924 bus->rbuffer_size += k;
927 for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) {
928 if (cmsg->cmsg_level == SOL_SOCKET &&
929 cmsg->cmsg_type == SCM_RIGHTS) {
932 n = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
935 /* Whut? We received fds but this
936 * isn't actually enabled? Close them,
939 close_many((int*) CMSG_DATA(cmsg), n);
943 f = realloc(bus->fds, sizeof(int) + (bus->n_fds + n));
945 close_many((int*) CMSG_DATA(cmsg), n);
949 memcpy(f + bus->n_fds, CMSG_DATA(cmsg), n * sizeof(int));
952 } else if (cmsg->cmsg_level == SOL_SOCKET &&
953 cmsg->cmsg_type == SCM_CREDENTIALS &&
954 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
956 /* Ignore bogus data, which we might
957 * get on socketpair() sockets */
958 if (((struct ucred*) CMSG_DATA(cmsg))->pid != 0) {
959 memcpy(&bus->ucred, CMSG_DATA(cmsg), sizeof(struct ucred));
960 bus->ucred_valid = true;
963 } else if (cmsg->cmsg_level == SOL_SOCKET &&
964 cmsg->cmsg_type == SCM_SECURITY) {
967 l = cmsg->cmsg_len - CMSG_LEN(0);
969 memcpy(&bus->label, CMSG_DATA(cmsg), l);
976 r = bus_socket_read_message_need(bus, &need);
980 if (bus->rbuffer_size >= need)
981 return bus_socket_make_message(bus, need, m);
986 int bus_socket_process_opening(sd_bus *b) {
988 socklen_t slen = sizeof(error);
995 assert(b->state == BUS_OPENING);
1001 if (!(p.revents & (POLLOUT|POLLERR|POLLHUP)))
1004 r = getsockopt(b->output_fd, SOL_SOCKET, SO_ERROR, &error, &slen);
1006 b->last_connect_error = errno;
1007 else if (error != 0)
1008 b->last_connect_error = error;
1009 else if (p.revents & (POLLERR|POLLHUP))
1010 b->last_connect_error = ECONNREFUSED;
1012 return bus_socket_start_auth(b);
1014 return bus_next_address(b);
1017 int bus_socket_process_authenticating(sd_bus *b) {
1021 assert(b->state == BUS_AUTHENTICATING);
1023 if (now(CLOCK_MONOTONIC) >= b->auth_timeout)
1026 r = bus_socket_write_auth(b);
1030 return bus_socket_read_auth(b);