X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Flibsystemd%2Fsd-bus%2Fbus-kernel.c;h=03c4165095ce0a7c2d130d3318d2fe6c05f98dc2;hb=bb19cb17076bbec942ad08f94d41ba36b28a5a13;hp=2a1b0b424a9dba2a7fd96ca2f13083984473b16c;hpb=1683342af1fc85e75ba21264bbcedc26aef0fa39;p=elogind.git diff --git a/src/libsystemd/sd-bus/bus-kernel.c b/src/libsystemd/sd-bus/bus-kernel.c index 2a1b0b424..03c416509 100644 --- a/src/libsystemd/sd-bus/bus-kernel.c +++ b/src/libsystemd/sd-bus/bus-kernel.c @@ -36,6 +36,7 @@ #include "bus-kernel.h" #include "bus-bloom.h" #include "bus-util.h" +#include "bus-label.h" #include "cgroup-util.h" #define UNIQUE_NAME_MAX (3+DECIMAL_STR_MAX(uint64_t)) @@ -265,7 +266,7 @@ static int bus_message_setup_kmsg(sd_bus *b, sd_bus_message *m) { well_known ? 0 : m->destination ? unique : KDBUS_DST_ID_BROADCAST; m->kdbus->payload_type = KDBUS_PAYLOAD_DBUS; - m->kdbus->cookie = m->header->serial; + m->kdbus->cookie = (uint64_t) m->header->serial; m->kdbus->priority = m->priority; if (m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED) @@ -541,11 +542,9 @@ static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k) { m->creds.cgroup = d->str; m->creds.mask |= (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID) & bus->creds_mask; - if (!bus->cgroup_root) { - r = cg_get_root_path(&bus->cgroup_root); - if (r < 0) - goto fail; - } + r = bus_get_root_path(bus); + if (r < 0) + goto fail; m->creds.cgroup_root = bus->cgroup_root; @@ -658,7 +657,7 @@ int bus_kernel_take_fd(sd_bus *b) { b->use_memfd = 1; if (b->connection_name) { - g = sd_bus_label_escape(b->connection_name); + g = bus_label_escape(b->connection_name); if (!g) return -ENOMEM; @@ -678,7 +677,7 @@ int bus_kernel_take_fd(sd_bus *b) { } else { _cleanup_free_ char *e = NULL; - e = sd_bus_label_escape(pr); + e = bus_label_escape(pr); if (!e) return -ENOMEM; @@ -691,7 +690,7 @@ int bus_kernel_take_fd(sd_bus *b) { name = g; } - b->connection_name = sd_bus_label_unescape(name); + b->connection_name = bus_label_unescape(name); if (!b->connection_name) return -ENOMEM; } @@ -810,7 +809,7 @@ static void close_kdbus_msg(sd_bus *bus, struct kdbus_msg *k) { if (d->type == KDBUS_ITEM_FDS) close_many(d->fds, (d->size - offsetof(struct kdbus_item, fds)) / sizeof(int)); else if (d->type == KDBUS_ITEM_PAYLOAD_MEMFD) - close_nointr_nofail(d->memfd.fd); + safe_close(d->memfd.fd); } } @@ -1110,39 +1109,24 @@ int bus_kernel_pop_memfd(sd_bus *bus, void **address, size_t *mapped, size_t *al if (bus->n_memfd_cache <= 0) { _cleanup_free_ char *g = NULL; - struct kdbus_cmd_memfd_make *cmd; - struct kdbus_item *item; - size_t l, sz; int r; assert_se(pthread_mutex_unlock(&bus->memfd_cache_mutex) >= 0); assert(bus->connection_name); - g = sd_bus_label_escape(bus->connection_name); + g = bus_label_escape(bus->connection_name); if (!g) return -ENOMEM; - l = strlen(g); - sz = ALIGN8(offsetof(struct kdbus_cmd_memfd_make, items)) + - ALIGN8(offsetof(struct kdbus_item, str)) + - l + 1; - cmd = alloca0(sz); - cmd->size = sz; - - item = cmd->items; - item->size = ALIGN8(offsetof(struct kdbus_item, str)) + l + 1; - item->type = KDBUS_ITEM_MEMFD_NAME; - memcpy(item->str, g, l + 1); - - r = ioctl(bus->input_fd, KDBUS_CMD_MEMFD_NEW, cmd); + r = memfd_create(g, MFD_ALLOW_SEALING); if (r < 0) return -errno; *address = NULL; *mapped = 0; *allocated = 0; - return cmd->fd; + return r; } c = &bus->memfd_cache[--bus->n_memfd_cache]; @@ -1164,7 +1148,7 @@ static void close_and_munmap(int fd, void *address, size_t size) { if (size > 0) assert_se(munmap(address, PAGE_ALIGN(size)) >= 0); - close_nointr_nofail(fd); + safe_close(fd); } void bus_kernel_push_memfd(sd_bus *bus, int fd, void *address, size_t mapped, size_t allocated) { @@ -1194,7 +1178,7 @@ void bus_kernel_push_memfd(sd_bus *bus, int fd, void *address, size_t mapped, si /* If overly long, let's return a bit to the OS */ if (mapped > max_mapped) { - assert_se(ioctl(fd, KDBUS_CMD_MEMFD_SIZE_SET, &max_mapped) >= 0); + assert_se(ftruncate(fd, max_mapped) >= 0); assert_se(munmap((uint8_t*) address + max_mapped, PAGE_ALIGN(mapped - max_mapped)) >= 0); c->mapped = c->allocated = max_mapped; } else { @@ -1304,7 +1288,7 @@ int bus_kernel_create_bus(const char *name, bool world, char **s) { make->size += ALIGN8(n->size); n = KDBUS_ITEM_NEXT(n); - sprintf(n->str, "%lu-%s", (unsigned long) getuid(), name); + sprintf(n->str, UID_FMT "-%s", getuid(), name); n->size = offsetof(struct kdbus_item, str) + strlen(n->str) + 1; n->type = KDBUS_ITEM_MAKE_NAME; make->size += ALIGN8(n->size); @@ -1312,14 +1296,14 @@ int bus_kernel_create_bus(const char *name, bool world, char **s) { make->flags = world ? KDBUS_MAKE_ACCESS_WORLD : 0; if (ioctl(fd, KDBUS_CMD_BUS_MAKE, make) < 0) { - close_nointr_nofail(fd); + safe_close(fd); return -errno; } /* The higher 32bit of the flags field are considered * 'incompatible flags'. Refuse them all for now. */ if (make->flags > 0xFFFFFFFFULL) { - close_nointr_nofail(fd); + safe_close(fd); return -ENOTSUP; } @@ -1328,7 +1312,7 @@ int bus_kernel_create_bus(const char *name, bool world, char **s) { p = strjoin("/dev/kdbus/", n->str, "/bus", NULL); if (!p) { - close_nointr_nofail(fd); + safe_close(fd); return -ENOMEM; } @@ -1338,67 +1322,116 @@ int bus_kernel_create_bus(const char *name, bool world, char **s) { return fd; } -static void bus_kernel_translate_policy(const BusNamePolicy *policy, struct kdbus_item *item) -{ - switch (policy->type) { - case BUSNAME_POLICY_TYPE_USER: - item->policy_access.type = KDBUS_POLICY_ACCESS_USER; - item->policy_access.id = policy->uid; - break; +static int bus_kernel_translate_access(BusNamePolicyAccess access) { + assert(access >= 0); + assert(access < _BUSNAME_POLICY_ACCESS_MAX); - case BUSNAME_POLICY_TYPE_GROUP: - item->policy_access.type = KDBUS_POLICY_ACCESS_GROUP; - item->policy_access.id = policy->gid; - break; + switch (access) { - case BUSNAME_POLICY_TYPE_WORLD: - item->policy_access.type = KDBUS_POLICY_ACCESS_WORLD; - break; + case BUSNAME_POLICY_ACCESS_SEE: + return KDBUS_POLICY_SEE; + + case BUSNAME_POLICY_ACCESS_TALK: + return KDBUS_POLICY_TALK; + + case BUSNAME_POLICY_ACCESS_OWN: + return KDBUS_POLICY_OWN; default: - assert_not_reached("Unknown policy type"); + assert_not_reached("Unknown policy access"); } +} - switch (policy->access) { - case BUSNAME_POLICY_ACCESS_SEE: - item->policy_access.access = KDBUS_POLICY_SEE; - break; +static int bus_kernel_translate_policy(const BusNamePolicy *policy, struct kdbus_item *item) { + int r; - case BUSNAME_POLICY_ACCESS_TALK: - item->policy_access.access = KDBUS_POLICY_TALK; + assert(policy); + assert(item); + + switch (policy->type) { + + case BUSNAME_POLICY_TYPE_USER: { + const char *user = policy->name; + uid_t uid; + + r = get_user_creds(&user, &uid, NULL, NULL, NULL); + if (r < 0) + return r; + + item->policy_access.type = KDBUS_POLICY_ACCESS_USER; + item->policy_access.id = uid; break; + } - case BUSNAME_POLICY_ACCESS_OWN: - item->policy_access.access = KDBUS_POLICY_OWN; + case BUSNAME_POLICY_TYPE_GROUP: { + const char *group = policy->name; + gid_t gid; + + r = get_group_creds(&group, &gid); + if (r < 0) + return r; + + item->policy_access.type = KDBUS_POLICY_ACCESS_GROUP; + item->policy_access.id = gid; break; + } default: - assert_not_reached("Unknown policy access"); + assert_not_reached("Unknown policy type"); } + + item->policy_access.access = bus_kernel_translate_access(policy->access); + + return 0; } -int bus_kernel_create_starter(const char *bus, const char *name, BusNamePolicy *policy) { - struct kdbus_cmd_hello *hello; - struct kdbus_item *n; - size_t policy_cnt = 0; - BusNamePolicy *po; - size_t size; +int bus_kernel_open_bus_fd(const char *bus, char **path) { char *p; int fd; + size_t len; - assert(bus); - assert(name); + len = strlen("/dev/kdbus/") + DECIMAL_STR_MAX(uid_t) + 1 + strlen(bus) + strlen("/bus") + 1; - p = alloca(sizeof("/dev/kdbus/") - 1 + DECIMAL_STR_MAX(uid_t) + 1 + strlen(bus) + sizeof("/bus")); - sprintf(p, "/dev/kdbus/%lu-%s/bus", (unsigned long) getuid(), bus); + if (path) { + p = malloc(len); + if (!p) + return -ENOMEM; + *path = p; + } else + p = alloca(len); + sprintf(p, "/dev/kdbus/" UID_FMT "-%s/bus", getuid(), bus); fd = open(p, O_RDWR|O_NOCTTY|O_CLOEXEC); if (fd < 0) return -errno; + return fd; +} + +int bus_kernel_make_starter( + int fd, + const char *name, + bool activating, + bool accept_fd, + BusNamePolicy *policy, + BusNamePolicyAccess world_policy) { + + struct kdbus_cmd_hello *hello; + struct kdbus_item *n; + size_t policy_cnt = 0; + BusNamePolicy *po; + size_t size; + int r; + + assert(fd >= 0); + assert(name); + LIST_FOREACH(policy, po, policy) policy_cnt++; + if (world_policy >= 0) + policy_cnt++; + size = ALIGN8(offsetof(struct kdbus_cmd_hello, items)) + ALIGN8(offsetof(struct kdbus_item, str) + strlen(name) + 1) + policy_cnt * ALIGN8(offsetof(struct kdbus_item, policy_access) + sizeof(struct kdbus_policy_access)); @@ -1414,31 +1447,39 @@ int bus_kernel_create_starter(const char *bus, const char *name, BusNamePolicy * LIST_FOREACH(policy, po, policy) { n->type = KDBUS_ITEM_POLICY_ACCESS; n->size = offsetof(struct kdbus_item, policy_access) + sizeof(struct kdbus_policy_access); - bus_kernel_translate_policy(po, n); + + r = bus_kernel_translate_policy(po, n); + if (r < 0) + return r; + n = KDBUS_ITEM_NEXT(n); } + if (world_policy >= 0) { + n->type = KDBUS_ITEM_POLICY_ACCESS; + n->size = offsetof(struct kdbus_item, policy_access) + sizeof(struct kdbus_policy_access); + n->policy_access.type = KDBUS_POLICY_ACCESS_WORLD; + n->policy_access.access = bus_kernel_translate_access(world_policy); + } + hello->size = size; - hello->conn_flags = KDBUS_HELLO_ACTIVATOR; + hello->conn_flags = + (activating ? KDBUS_HELLO_ACTIVATOR : KDBUS_HELLO_POLICY_HOLDER) | + (accept_fd ? KDBUS_HELLO_ACCEPT_FD : 0); hello->pool_size = KDBUS_POOL_SIZE; + hello->attach_flags = _KDBUS_ATTACH_ALL; - if (ioctl(fd, KDBUS_CMD_HELLO, hello) < 0) { - close_nointr_nofail(fd); + if (ioctl(fd, KDBUS_CMD_HELLO, hello) < 0) return -errno; - } /* The higher 32bit of both flags fields are considered * 'incompatible flags'. Refuse them all for now. */ if (hello->bus_flags > 0xFFFFFFFFULL || - hello->conn_flags > 0xFFFFFFFFULL) { - close_nointr_nofail(fd); + hello->conn_flags > 0xFFFFFFFFULL) return -ENOTSUP; - } - if (!bloom_validate_parameters((size_t) hello->bloom.size, (unsigned) hello->bloom.n_hash)) { - close_nointr_nofail(fd); + if (!bloom_validate_parameters((size_t) hello->bloom.size, (unsigned) hello->bloom.n_hash)) return -ENOTSUP; - } return fd; } @@ -1468,14 +1509,14 @@ int bus_kernel_create_domain(const char *name, char **s) { make->flags = KDBUS_MAKE_ACCESS_WORLD; if (ioctl(fd, KDBUS_CMD_DOMAIN_MAKE, make) < 0) { - close_nointr_nofail(fd); + safe_close(fd); return -errno; } /* The higher 32bit of the flags field are considered * 'incompatible flags'. Refuse them all for now. */ if (make->flags > 0xFFFFFFFFULL) { - close_nointr_nofail(fd); + safe_close(fd); return -ENOTSUP; } @@ -1484,7 +1525,7 @@ int bus_kernel_create_domain(const char *name, char **s) { p = strappend("/dev/kdbus/domain/", name); if (!p) { - close_nointr_nofail(fd); + safe_close(fd); return -ENOMEM; } @@ -1494,41 +1535,6 @@ int bus_kernel_create_domain(const char *name, char **s) { return fd; } -int bus_kernel_create_monitor(const char *bus) { - struct kdbus_cmd_hello *hello; - char *p; - int fd; - - assert(bus); - - p = alloca(sizeof("/dev/kdbus/") - 1 + DECIMAL_STR_MAX(uid_t) + 1 + strlen(bus) + sizeof("/bus")); - sprintf(p, "/dev/kdbus/%lu-%s/bus", (unsigned long) getuid(), bus); - - fd = open(p, O_RDWR|O_NOCTTY|O_CLOEXEC); - if (fd < 0) - return -errno; - - hello = alloca0(sizeof(struct kdbus_cmd_hello)); - hello->size = sizeof(struct kdbus_cmd_hello); - hello->conn_flags = KDBUS_HELLO_ACTIVATOR; - hello->pool_size = KDBUS_POOL_SIZE; - - if (ioctl(fd, KDBUS_CMD_HELLO, hello) < 0) { - close_nointr_nofail(fd); - return -errno; - } - - /* The higher 32bit of both flags fields are considered - * 'incompatible flags'. Refuse them all for now. */ - if (hello->bus_flags > 0xFFFFFFFFULL || - hello->conn_flags > 0xFFFFFFFFULL) { - close_nointr_nofail(fd); - return -ENOTSUP; - } - - return fd; -} - int bus_kernel_try_close(sd_bus *bus) { assert(bus); assert(bus->is_kernel);