chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
bus: connect directly via kdbus in sd_bus_open_system_container()
[elogind.git]
/
src
/
libsystemd-bus
/
sd-bus.c
diff --git
a/src/libsystemd-bus/sd-bus.c
b/src/libsystemd-bus/sd-bus.c
index a86e33ce2756092c1a007cf93ad1b31b1ba5a3e3..edd917e30375786811727fd44590625e99ce3df1 100644
(file)
--- a/
src/libsystemd-bus/sd-bus.c
+++ b/
src/libsystemd-bus/sd-bus.c
@@
-47,6
+47,7
@@
#include "bus-objects.h"
#include "bus-util.h"
#include "bus-container.h"
#include "bus-objects.h"
#include "bus-util.h"
#include "bus-container.h"
+#include "bus-protocol.h"
static int bus_poll(sd_bus *bus, bool need_more, uint64_t timeout_usec);
static int bus_poll(sd_bus *bus, bool need_more, uint64_t timeout_usec);
@@
-317,6
+318,15
@@
_public_ int sd_bus_set_anonymous(sd_bus *bus, int b) {
return 0;
}
return 0;
}
+_public_ int sd_bus_set_trusted(sd_bus *bus, int b) {
+ assert_return(bus, -EINVAL);
+ assert_return(bus->state == BUS_UNSET, -EPERM);
+ assert_return(!bus_pid_changed(bus), -ECHILD);
+
+ bus->trusted = !!b;
+ return 0;
+}
+
static int hello_callback(sd_bus *bus, sd_bus_message *reply, void *userdata, sd_bus_error *error) {
const char *s;
int r;
static int hello_callback(sd_bus *bus, sd_bus_message *reply, void *userdata, sd_bus_error *error) {
const char *s;
int r;
@@
-754,6
+764,9
@@
static int parse_container_address(sd_bus *b, const char **p, char **guid) {
if (!machine)
return -EINVAL;
if (!machine)
return -EINVAL;
+ if (!filename_is_safe(machine))
+ return -EINVAL;
+
free(b->machine);
b->machine = machine;
machine = NULL;
free(b->machine);
b->machine = machine;
machine = NULL;
@@
-1004,6
+1017,11
@@
_public_ int sd_bus_open_system(sd_bus **ret) {
b->bus_client = true;
b->bus_client = true;
+ /* Let's do per-method access control on the system bus. We
+ * need the caller's UID and capability set for that. */
+ b->trusted = false;
+ b->attach_flags |= KDBUS_ATTACH_CAPS | KDBUS_ATTACH_CREDS;
+
r = sd_bus_start(b);
if (r < 0)
goto fail;
r = sd_bus_start(b);
if (r < 0)
goto fail;
@@
-1064,6
+1082,10
@@
_public_ int sd_bus_open_user(sd_bus **ret) {
b->bus_client = true;
b->bus_client = true;
+ /* We don't do any per-method access control on the user
+ * bus. */
+ b->trusted = true;
+
r = sd_bus_start(b);
if (r < 0)
goto fail;
r = sd_bus_start(b);
if (r < 0)
goto fail;
@@
-1120,12
+1142,17
@@
_public_ int sd_bus_open_system_container(const char *machine, sd_bus **ret) {
assert_return(machine, -EINVAL);
assert_return(ret, -EINVAL);
assert_return(machine, -EINVAL);
assert_return(ret, -EINVAL);
+ assert_return(filename_is_safe(machine), -EINVAL);
e = bus_address_escape(machine);
if (!e)
return -ENOMEM;
e = bus_address_escape(machine);
if (!e)
return -ENOMEM;
+#ifdef ENABLE_KDBUS
+ p = strjoin("kernel:path=/dev/kdbus/ns/machine-", e, "/0-system/bus;x-container:machine=", e, NULL);
+#else
p = strjoin("x-container:machine=", e, NULL);
p = strjoin("x-container:machine=", e, NULL);
+#endif
if (!p)
return -ENOMEM;
if (!p)
return -ENOMEM;
@@
-1195,7
+1222,9
@@
_public_ sd_bus *sd_bus_ref(sd_bus *bus) {
}
_public_ sd_bus *sd_bus_unref(sd_bus *bus) {
}
_public_ sd_bus *sd_bus_unref(sd_bus *bus) {
- assert_return(bus, NULL);
+
+ if (!bus)
+ return NULL;
if (REFCNT_DEC(bus->n_ref) <= 0)
bus_free(bus);
if (REFCNT_DEC(bus->n_ref) <= 0)
bus_free(bus);
@@
-1408,7
+1437,7
@@
_public_ int sd_bus_send(sd_bus *bus, sd_bus_message *m, uint64_t *serial) {
/* If the serial number isn't kept, then we know that no reply
* is expected */
if (!serial && !m->sealed)
/* If the serial number isn't kept, then we know that no reply
* is expected */
if (!serial && !m->sealed)
- m->header->flags |=
SD_
BUS_MESSAGE_NO_REPLY_EXPECTED;
+ m->header->flags |= BUS_MESSAGE_NO_REPLY_EXPECTED;
r = bus_seal_message(bus, m);
if (r < 0)
r = bus_seal_message(bus, m);
if (r < 0)
@@
-1524,7
+1553,7
@@
_public_ int sd_bus_call_async(
assert_return(BUS_IS_OPEN(bus->state), -ENOTCONN);
assert_return(m, -EINVAL);
assert_return(m->header->type == SD_BUS_MESSAGE_METHOD_CALL, -EINVAL);
assert_return(BUS_IS_OPEN(bus->state), -ENOTCONN);
assert_return(m, -EINVAL);
assert_return(m->header->type == SD_BUS_MESSAGE_METHOD_CALL, -EINVAL);
- assert_return(!(m->header->flags &
SD_
BUS_MESSAGE_NO_REPLY_EXPECTED), -EINVAL);
+ assert_return(!(m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED), -EINVAL);
assert_return(callback, -EINVAL);
assert_return(!bus_pid_changed(bus), -ECHILD);
assert_return(callback, -EINVAL);
assert_return(!bus_pid_changed(bus), -ECHILD);
@@
-1634,7
+1663,7
@@
_public_ int sd_bus_call(
assert_return(BUS_IS_OPEN(bus->state), -ENOTCONN);
assert_return(m, -EINVAL);
assert_return(m->header->type == SD_BUS_MESSAGE_METHOD_CALL, -EINVAL);
assert_return(BUS_IS_OPEN(bus->state), -ENOTCONN);
assert_return(m, -EINVAL);
assert_return(m->header->type == SD_BUS_MESSAGE_METHOD_CALL, -EINVAL);
- assert_return(!(m->header->flags &
SD_
BUS_MESSAGE_NO_REPLY_EXPECTED), -EINVAL);
+ assert_return(!(m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED), -EINVAL);
assert_return(!bus_error_is_dirty(error), -EINVAL);
assert_return(!bus_pid_changed(bus), -ECHILD);
assert_return(!bus_error_is_dirty(error), -EINVAL);
assert_return(!bus_pid_changed(bus), -ECHILD);
@@
-1976,7
+2005,7
@@
static int process_builtin(sd_bus *bus, sd_bus_message *m) {
if (!streq_ptr(m->interface, "org.freedesktop.DBus.Peer"))
return 0;
if (!streq_ptr(m->interface, "org.freedesktop.DBus.Peer"))
return 0;
- if (m->header->flags &
SD_
BUS_MESSAGE_NO_REPLY_EXPECTED)
+ if (m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED)
return 1;
if (streq_ptr(m->member, "Ping"))
return 1;
if (streq_ptr(m->member, "Ping"))
@@
-2624,7
+2653,9
@@
fail:
_public_ int sd_bus_detach_event(sd_bus *bus) {
assert_return(bus, -EINVAL);
_public_ int sd_bus_detach_event(sd_bus *bus) {
assert_return(bus, -EINVAL);
- assert_return(bus->event, -ENXIO);
+
+ if (!bus->event)
+ return 0;
if (bus->input_io_event_source) {
sd_event_source_set_enabled(bus->input_io_event_source, SD_EVENT_OFF);
if (bus->input_io_event_source) {
sd_event_source_set_enabled(bus->input_io_event_source, SD_EVENT_OFF);
@@
-2649,7
+2680,7
@@
_public_ int sd_bus_detach_event(sd_bus *bus) {
if (bus->event)
bus->event = sd_event_unref(bus->event);
if (bus->event)
bus->event = sd_event_unref(bus->event);
- return
0
;
+ return
1
;
}
_public_ sd_event* sd_bus_get_event(sd_bus *bus) {
}
_public_ sd_event* sd_bus_get_event(sd_bus *bus) {