2 This file is part of systemd.
4 Copyright 2013 Lennart Poettering
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
26 #include "sd-daemon.h"
28 #include "alloc-util.h"
29 #include "bus-internal.h"
30 #include "bus-message.h"
31 #include "bus-socket.h"
33 #include "format-util.h"
34 #include "hexdecoct.h"
37 #include "selinux-util.h"
38 #include "signal-util.h"
39 #include "stdio-util.h"
40 #include "string-util.h"
41 #include "user-util.h"
45 #define SNDBUF_SIZE (8*1024*1024)
47 static void iovec_advance(struct iovec iov[], unsigned *idx, size_t size) {
50 struct iovec *i = iov + *idx;
52 if (i->iov_len > size) {
53 i->iov_base = (uint8_t*) i->iov_base + size;
67 static int append_iovec(sd_bus_message *m, const void *p, size_t sz) {
72 m->iovec[m->n_iovec].iov_base = (void*) p;
73 m->iovec[m->n_iovec].iov_len = sz;
79 static int bus_message_setup_iovec(sd_bus_message *m) {
80 struct bus_body_part *part;
92 n = 1 + m->n_body_parts;
93 if (n < ELEMENTSOF(m->iovec_fixed))
94 m->iovec = m->iovec_fixed;
96 m->iovec = new(struct iovec, n);
103 r = append_iovec(m, m->header, BUS_MESSAGE_BODY_BEGIN(m));
107 MESSAGE_FOREACH_PART(part, i, m) {
108 r = bus_body_part_map(part);
112 r = append_iovec(m, part->data, part->size);
117 assert(n == m->n_iovec);
126 bool bus_socket_auth_needs_write(sd_bus *b) {
130 if (b->auth_index >= ELEMENTSOF(b->auth_iovec))
133 for (i = b->auth_index; i < ELEMENTSOF(b->auth_iovec); i++) {
134 struct iovec *j = b->auth_iovec + i;
143 static int bus_socket_write_auth(sd_bus *b) {
147 assert(b->state == BUS_AUTHENTICATING);
149 if (!bus_socket_auth_needs_write(b))
152 if (b->prefer_writev)
153 k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
158 mh.msg_iov = b->auth_iovec + b->auth_index;
159 mh.msg_iovlen = ELEMENTSOF(b->auth_iovec) - b->auth_index;
161 k = sendmsg(b->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
162 if (k < 0 && errno == ENOTSOCK) {
163 b->prefer_writev = true;
164 k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
169 return errno == EAGAIN ? 0 : -errno;
171 iovec_advance(b->auth_iovec, &b->auth_index, (size_t) k);
175 static int bus_socket_auth_verify_client(sd_bus *b) {
183 /* We expect two response lines: "OK" and possibly
186 e = memmem_safe(b->rbuffer, b->rbuffer_size, "\r\n", 2);
190 if (b->hello_flags & KDBUS_HELLO_ACCEPT_FD) {
191 f = memmem(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2);
201 /* Nice! We got all the lines we need. First check the OK
204 if (e - (char*) b->rbuffer != 3 + 32)
207 if (memcmp(b->rbuffer, "OK ", 3))
210 b->auth = b->anonymous_auth ? BUS_AUTH_ANONYMOUS : BUS_AUTH_EXTERNAL;
212 for (i = 0; i < 32; i += 2) {
215 x = unhexchar(((char*) b->rbuffer)[3 + i]);
216 y = unhexchar(((char*) b->rbuffer)[3 + i + 1]);
221 peer.bytes[i/2] = ((uint8_t) x << 4 | (uint8_t) y);
224 if (!sd_id128_is_null(b->server_id) &&
225 !sd_id128_equal(b->server_id, peer))
230 /* And possibly check the second line, too */
234 (f - e == strlen("\r\nAGREE_UNIX_FD")) &&
235 memcmp(e + 2, "AGREE_UNIX_FD", strlen("AGREE_UNIX_FD")) == 0;
237 b->rbuffer_size -= (start - (char*) b->rbuffer);
238 memmove(b->rbuffer, start, b->rbuffer_size);
240 r = bus_start_running(b);
247 static bool line_equals(const char *s, size_t m, const char *line) {
254 return memcmp(s, line, l) == 0;
257 static bool line_begins(const char *s, size_t m, const char *word) {
264 if (memcmp(s, word, l) != 0)
267 return m == l || (m > l && s[l] == ' ');
270 static int verify_anonymous_token(sd_bus *b, const char *p, size_t l) {
271 _cleanup_free_ char *token = NULL;
275 if (!b->anonymous_auth)
287 r = unhexmem(p, l, (void **) &token, &len);
291 if (memchr(token, 0, len))
294 return !!utf8_is_valid(token);
297 static int verify_external_token(sd_bus *b, const char *p, size_t l) {
298 _cleanup_free_ char *token = NULL;
303 /* We don't do any real authentication here. Instead, we if
304 * the owner of this bus wanted authentication he should have
305 * checked SO_PEERCRED before even creating the bus object. */
307 if (!b->anonymous_auth && !b->ucred_valid)
319 r = unhexmem(p, l, (void**) &token, &len);
323 if (memchr(token, 0, len))
326 r = parse_uid(token, &u);
330 /* We ignore the passed value if anonymous authentication is
332 if (!b->anonymous_auth && u != b->ucred.uid)
338 static int bus_socket_auth_write(sd_bus *b, const char *t) {
345 /* We only make use of the first iovec */
346 assert(IN_SET(b->auth_index, 0, 1));
349 p = malloc(b->auth_iovec[0].iov_len + l);
353 memcpy_safe(p, b->auth_iovec[0].iov_base, b->auth_iovec[0].iov_len);
354 memcpy(p + b->auth_iovec[0].iov_len, t, l);
356 b->auth_iovec[0].iov_base = p;
357 b->auth_iovec[0].iov_len += l;
359 free(b->auth_buffer);
365 static int bus_socket_auth_write_ok(sd_bus *b) {
366 char t[3 + 32 + 2 + 1];
370 xsprintf(t, "OK " SD_ID128_FORMAT_STR "\r\n", SD_ID128_FORMAT_VAL(b->server_id));
372 return bus_socket_auth_write(b, t);
375 static int bus_socket_auth_verify_server(sd_bus *b) {
379 bool processed = false;
384 if (b->rbuffer_size < 1)
387 /* First char must be a NUL byte */
388 if (*(char*) b->rbuffer != 0)
391 if (b->rbuffer_size < 3)
394 /* Begin with the first line */
395 if (b->auth_rbegin <= 0)
399 /* Check if line is complete */
400 line = (char*) b->rbuffer + b->auth_rbegin;
401 e = memmem(line, b->rbuffer_size - b->auth_rbegin, "\r\n", 2);
407 if (line_begins(line, l, "AUTH ANONYMOUS")) {
409 r = verify_anonymous_token(b, line + 14, l - 14);
413 r = bus_socket_auth_write(b, "REJECTED\r\n");
415 b->auth = BUS_AUTH_ANONYMOUS;
416 r = bus_socket_auth_write_ok(b);
419 } else if (line_begins(line, l, "AUTH EXTERNAL")) {
421 r = verify_external_token(b, line + 13, l - 13);
425 r = bus_socket_auth_write(b, "REJECTED\r\n");
427 b->auth = BUS_AUTH_EXTERNAL;
428 r = bus_socket_auth_write_ok(b);
431 } else if (line_begins(line, l, "AUTH"))
432 r = bus_socket_auth_write(b, "REJECTED EXTERNAL ANONYMOUS\r\n");
433 else if (line_equals(line, l, "CANCEL") ||
434 line_begins(line, l, "ERROR")) {
436 b->auth = _BUS_AUTH_INVALID;
437 r = bus_socket_auth_write(b, "REJECTED\r\n");
439 } else if (line_equals(line, l, "BEGIN")) {
441 if (b->auth == _BUS_AUTH_INVALID)
442 r = bus_socket_auth_write(b, "ERROR\r\n");
444 /* We can't leave from the auth phase
445 * before we haven't written
446 * everything queued, so let's check
449 if (bus_socket_auth_needs_write(b))
452 b->rbuffer_size -= (e + 2 - (char*) b->rbuffer);
453 memmove(b->rbuffer, e + 2, b->rbuffer_size);
454 return bus_start_running(b);
457 } else if (line_begins(line, l, "DATA")) {
459 if (b->auth == _BUS_AUTH_INVALID)
460 r = bus_socket_auth_write(b, "ERROR\r\n");
462 if (b->auth == BUS_AUTH_ANONYMOUS)
463 r = verify_anonymous_token(b, line + 4, l - 4);
465 r = verify_external_token(b, line + 4, l - 4);
470 b->auth = _BUS_AUTH_INVALID;
471 r = bus_socket_auth_write(b, "REJECTED\r\n");
473 r = bus_socket_auth_write_ok(b);
475 } else if (line_equals(line, l, "NEGOTIATE_UNIX_FD")) {
476 if (b->auth == _BUS_AUTH_INVALID || !(b->hello_flags & KDBUS_HELLO_ACCEPT_FD))
477 r = bus_socket_auth_write(b, "ERROR\r\n");
480 r = bus_socket_auth_write(b, "AGREE_UNIX_FD\r\n");
483 r = bus_socket_auth_write(b, "ERROR\r\n");
488 b->auth_rbegin = e + 2 - (char*) b->rbuffer;
494 static int bus_socket_auth_verify(sd_bus *b) {
498 return bus_socket_auth_verify_server(b);
500 return bus_socket_auth_verify_client(b);
503 static int bus_socket_read_auth(sd_bus *b) {
505 struct iovec iov = {};
511 struct cmsghdr cmsghdr;
512 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX)];
514 bool handle_cmsg = false;
517 assert(b->state == BUS_AUTHENTICATING);
519 r = bus_socket_auth_verify(b);
523 n = MAX(256u, b->rbuffer_size * 2);
525 if (n > BUS_AUTH_SIZE_MAX)
526 n = BUS_AUTH_SIZE_MAX;
528 if (b->rbuffer_size >= n)
531 p = realloc(b->rbuffer, n);
537 iov.iov_base = (uint8_t*) b->rbuffer + b->rbuffer_size;
538 iov.iov_len = n - b->rbuffer_size;
541 k = readv(b->input_fd, &iov, 1);
546 mh.msg_control = &control;
547 mh.msg_controllen = sizeof(control);
549 k = recvmsg(b->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
550 if (k < 0 && errno == ENOTSOCK) {
551 b->prefer_readv = true;
552 k = readv(b->input_fd, &iov, 1);
557 return errno == EAGAIN ? 0 : -errno;
561 b->rbuffer_size += k;
564 struct cmsghdr *cmsg;
566 CMSG_FOREACH(cmsg, &mh)
567 if (cmsg->cmsg_level == SOL_SOCKET &&
568 cmsg->cmsg_type == SCM_RIGHTS) {
571 /* Whut? We received fds during the auth
572 * protocol? Somebody is playing games with
573 * us. Close them all, and fail */
574 j = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
575 close_many((int*) CMSG_DATA(cmsg), j);
578 log_debug("Got unexpected auxiliary data with level=%d and type=%d",
579 cmsg->cmsg_level, cmsg->cmsg_type);
582 r = bus_socket_auth_verify(b);
589 void bus_socket_setup(sd_bus *b) {
592 /* Increase the buffers to 8 MB */
593 fd_inc_rcvbuf(b->input_fd, SNDBUF_SIZE);
594 fd_inc_sndbuf(b->output_fd, SNDBUF_SIZE);
596 b->message_version = 1;
597 b->message_endian = 0;
600 static void bus_get_peercred(sd_bus *b) {
605 /* Get the peer for socketpair() sockets */
606 b->ucred_valid = getpeercred(b->input_fd, &b->ucred) >= 0;
608 /* Get the SELinux context of the peer */
609 if (mac_selinux_use()) {
610 r = getpeersec(b->input_fd, &b->label);
611 if (r < 0 && r != -EOPNOTSUPP)
612 log_debug_errno(r, "Failed to determine peer security context: %m");
616 static int bus_socket_start_auth_client(sd_bus *b) {
618 const char *auth_suffix, *auth_prefix;
622 if (b->anonymous_auth) {
623 auth_prefix = "\0AUTH ANONYMOUS ";
625 /* For ANONYMOUS auth we send some arbitrary "trace" string */
627 b->auth_buffer = hexmem("anonymous", l);
629 char text[DECIMAL_STR_MAX(uid_t) + 1];
631 auth_prefix = "\0AUTH EXTERNAL ";
633 xsprintf(text, UID_FMT, geteuid());
636 b->auth_buffer = hexmem(text, l);
642 if (b->hello_flags & KDBUS_HELLO_ACCEPT_FD)
643 auth_suffix = "\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n";
645 auth_suffix = "\r\nBEGIN\r\n";
647 b->auth_iovec[0].iov_base = (void*) auth_prefix;
648 b->auth_iovec[0].iov_len = 1 + strlen(auth_prefix + 1);
649 b->auth_iovec[1].iov_base = (void*) b->auth_buffer;
650 b->auth_iovec[1].iov_len = l * 2;
651 b->auth_iovec[2].iov_base = (void*) auth_suffix;
652 b->auth_iovec[2].iov_len = strlen(auth_suffix);
654 return bus_socket_write_auth(b);
657 int bus_socket_start_auth(sd_bus *b) {
662 b->state = BUS_AUTHENTICATING;
663 b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_AUTH_TIMEOUT;
665 if (sd_is_socket(b->input_fd, AF_UNIX, 0, 0) <= 0)
666 b->hello_flags &= ~KDBUS_HELLO_ACCEPT_FD;
668 if (b->output_fd != b->input_fd)
669 if (sd_is_socket(b->output_fd, AF_UNIX, 0, 0) <= 0)
670 b->hello_flags &= ~KDBUS_HELLO_ACCEPT_FD;
673 return bus_socket_read_auth(b);
675 return bus_socket_start_auth_client(b);
678 int bus_socket_connect(sd_bus *b) {
682 assert(b->input_fd < 0);
683 assert(b->output_fd < 0);
684 assert(b->sockaddr.sa.sa_family != AF_UNSPEC);
686 b->input_fd = socket(b->sockaddr.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
690 b->output_fd = b->input_fd;
694 r = connect(b->input_fd, &b->sockaddr.sa, b->sockaddr_size);
696 if (errno == EINPROGRESS)
702 return bus_socket_start_auth(b);
705 int bus_socket_exec(sd_bus *b) {
710 assert(b->input_fd < 0);
711 assert(b->output_fd < 0);
712 assert(b->exec_path);
714 r = socketpair(AF_UNIX, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0, s);
726 (void) reset_all_signal_handlers();
727 (void) reset_signal_mask();
729 close_all_fds(s+1, 1);
731 assert_se(dup3(s[1], STDIN_FILENO, 0) == STDIN_FILENO);
732 assert_se(dup3(s[1], STDOUT_FILENO, 0) == STDOUT_FILENO);
734 if (!IN_SET(s[1], STDIN_FILENO, STDOUT_FILENO))
737 fd_cloexec(STDIN_FILENO, false);
738 fd_cloexec(STDOUT_FILENO, false);
739 fd_nonblock(STDIN_FILENO, false);
740 fd_nonblock(STDOUT_FILENO, false);
743 execvp(b->exec_path, b->exec_argv);
745 const char *argv[] = { b->exec_path, NULL };
746 execvp(b->exec_path, (char**) argv);
753 b->output_fd = b->input_fd = s[0];
757 return bus_socket_start_auth(b);
760 int bus_socket_take_fd(sd_bus *b) {
765 return bus_socket_start_auth(b);
768 int bus_socket_write_message(sd_bus *bus, sd_bus_message *m, size_t *idx) {
778 assert(IN_SET(bus->state, BUS_RUNNING, BUS_HELLO));
780 if (*idx >= BUS_MESSAGE_SIZE(m))
783 r = bus_message_setup_iovec(m);
787 n = m->n_iovec * sizeof(struct iovec);
789 memcpy_safe(iov, m->iovec, n);
792 iovec_advance(iov, &j, *idx);
794 if (bus->prefer_writev)
795 k = writev(bus->output_fd, iov, m->n_iovec);
799 .msg_iovlen = m->n_iovec,
802 if (m->n_fds > 0 && *idx == 0) {
803 struct cmsghdr *control;
805 mh.msg_control = control = alloca(CMSG_SPACE(sizeof(int) * m->n_fds));
806 mh.msg_controllen = control->cmsg_len = CMSG_LEN(sizeof(int) * m->n_fds);
807 control->cmsg_level = SOL_SOCKET;
808 control->cmsg_type = SCM_RIGHTS;
809 memcpy(CMSG_DATA(control), m->fds, sizeof(int) * m->n_fds);
812 k = sendmsg(bus->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
813 if (k < 0 && errno == ENOTSOCK) {
814 bus->prefer_writev = true;
815 k = writev(bus->output_fd, iov, m->n_iovec);
820 return errno == EAGAIN ? 0 : -errno;
826 static int bus_socket_read_message_need(sd_bus *bus, size_t *need) {
833 assert(IN_SET(bus->state, BUS_RUNNING, BUS_HELLO));
835 if (bus->rbuffer_size < sizeof(struct bus_header)) {
836 *need = sizeof(struct bus_header) + 8;
838 /* Minimum message size:
842 * Method Call: +2 string headers
843 * Signal: +3 string headers
844 * Method Error: +1 string headers
846 * Method Reply: +1 uint32 headers
848 * A string header is at least 9 bytes
849 * A uint32 header is at least 8 bytes
851 * Hence the minimum message size of a valid message
852 * is header + 8 bytes */
857 a = ((const uint32_t*) bus->rbuffer)[1];
858 b = ((const uint32_t*) bus->rbuffer)[3];
860 e = ((const uint8_t*) bus->rbuffer)[0];
861 if (e == BUS_LITTLE_ENDIAN) {
864 } else if (e == BUS_BIG_ENDIAN) {
870 sum = (uint64_t) sizeof(struct bus_header) + (uint64_t) ALIGN_TO(b, 8) + (uint64_t) a;
871 if (sum >= BUS_MESSAGE_SIZE_MAX)
874 *need = (size_t) sum;
878 static int bus_socket_make_message(sd_bus *bus, size_t size) {
884 assert(bus->rbuffer_size >= size);
885 assert(IN_SET(bus->state, BUS_RUNNING, BUS_HELLO));
887 r = bus_rqueue_make_room(bus);
891 if (bus->rbuffer_size > size) {
892 b = memdup((const uint8_t*) bus->rbuffer + size,
893 bus->rbuffer_size - size);
899 r = bus_message_from_malloc(bus,
901 bus->fds, bus->n_fds,
910 bus->rbuffer_size -= size;
915 bus->rqueue[bus->rqueue_size++] = t;
920 int bus_socket_read_message(sd_bus *bus) {
922 struct iovec iov = {};
928 struct cmsghdr cmsghdr;
929 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX)];
931 bool handle_cmsg = false;
934 assert(IN_SET(bus->state, BUS_RUNNING, BUS_HELLO));
936 r = bus_socket_read_message_need(bus, &need);
940 if (bus->rbuffer_size >= need)
941 return bus_socket_make_message(bus, need);
943 b = realloc(bus->rbuffer, need);
949 iov.iov_base = (uint8_t*) bus->rbuffer + bus->rbuffer_size;
950 iov.iov_len = need - bus->rbuffer_size;
952 if (bus->prefer_readv)
953 k = readv(bus->input_fd, &iov, 1);
958 mh.msg_control = &control;
959 mh.msg_controllen = sizeof(control);
961 k = recvmsg(bus->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
962 if (k < 0 && errno == ENOTSOCK) {
963 bus->prefer_readv = true;
964 k = readv(bus->input_fd, &iov, 1);
969 return errno == EAGAIN ? 0 : -errno;
973 bus->rbuffer_size += k;
976 struct cmsghdr *cmsg;
978 CMSG_FOREACH(cmsg, &mh)
979 if (cmsg->cmsg_level == SOL_SOCKET &&
980 cmsg->cmsg_type == SCM_RIGHTS) {
983 n = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
986 /* Whut? We received fds but this
987 * isn't actually enabled? Close them,
990 close_many((int*) CMSG_DATA(cmsg), n);
994 f = realloc(bus->fds, sizeof(int) * (bus->n_fds + n));
996 close_many((int*) CMSG_DATA(cmsg), n);
1000 memcpy_safe(f + bus->n_fds, CMSG_DATA(cmsg), n * sizeof(int));
1004 log_debug("Got unexpected auxiliary data with level=%d and type=%d",
1005 cmsg->cmsg_level, cmsg->cmsg_type);
1008 r = bus_socket_read_message_need(bus, &need);
1012 if (bus->rbuffer_size >= need)
1013 return bus_socket_make_message(bus, need);
1018 int bus_socket_process_opening(sd_bus *b) {
1020 socklen_t slen = sizeof(error);
1027 assert(b->state == BUS_OPENING);
1033 if (!(p.revents & (POLLOUT|POLLERR|POLLHUP)))
1036 r = getsockopt(b->output_fd, SOL_SOCKET, SO_ERROR, &error, &slen);
1038 b->last_connect_error = errno;
1039 else if (error != 0)
1040 b->last_connect_error = error;
1041 else if (p.revents & (POLLERR|POLLHUP))
1042 b->last_connect_error = ECONNREFUSED;
1044 return bus_socket_start_auth(b);
1046 return bus_next_address(b);
1049 int bus_socket_process_authenticating(sd_bus *b) {
1053 assert(b->state == BUS_AUTHENTICATING);
1055 if (now(CLOCK_MONOTONIC) >= b->auth_timeout)
1058 r = bus_socket_write_auth(b);
1062 return bus_socket_read_auth(b);