1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2013 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
34 #include "sd-daemon.h"
37 #include "bus-socket.h"
38 #include "bus-internal.h"
39 #include "bus-message.h"
41 static void iovec_advance(struct iovec iov[], unsigned *idx, size_t size) {
44 struct iovec *i = iov + *idx;
46 if (i->iov_len > size) {
47 i->iov_base = (uint8_t*) i->iov_base + size;
61 bool bus_socket_auth_needs_write(sd_bus *b) {
65 if (b->auth_index >= ELEMENTSOF(b->auth_iovec))
68 for (i = b->auth_index; i < ELEMENTSOF(b->auth_iovec); i++) {
69 struct iovec *j = b->auth_iovec + i;
78 static int bus_socket_write_auth(sd_bus *b) {
82 assert(b->state == BUS_AUTHENTICATING);
84 if (!bus_socket_auth_needs_write(b))
88 k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
93 mh.msg_iov = b->auth_iovec + b->auth_index;
94 mh.msg_iovlen = ELEMENTSOF(b->auth_iovec) - b->auth_index;
96 k = sendmsg(b->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
97 if (k < 0 && errno == ENOTSOCK) {
98 b->prefer_writev = true;
99 k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
104 return errno == EAGAIN ? 0 : -errno;
106 iovec_advance(b->auth_iovec, &b->auth_index, (size_t) k);
110 static int bus_socket_auth_verify_client(sd_bus *b) {
118 /* We expect two response lines: "OK" and possibly
121 e = memmem(b->rbuffer, b->rbuffer_size, "\r\n", 2);
125 if (b->negotiate_fds) {
126 f = memmem(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2);
136 /* Nice! We got all the lines we need. First check the OK
139 if (e - (char*) b->rbuffer != 3 + 32)
142 if (memcmp(b->rbuffer, "OK ", 3))
145 b->auth = b->anonymous_auth ? BUS_AUTH_ANONYMOUS : BUS_AUTH_EXTERNAL;
147 for (i = 0; i < 32; i += 2) {
150 x = unhexchar(((char*) b->rbuffer)[3 + i]);
151 y = unhexchar(((char*) b->rbuffer)[3 + i + 1]);
156 peer.bytes[i/2] = ((uint8_t) x << 4 | (uint8_t) y);
159 if (!sd_id128_equal(b->server_id, SD_ID128_NULL) &&
160 !sd_id128_equal(b->server_id, peer))
165 /* And possibly check the second line, too */
169 (f - e == sizeof("\r\nAGREE_UNIX_FD") - 1) &&
170 memcmp(e + 2, "AGREE_UNIX_FD", sizeof("AGREE_UNIX_FD") - 1) == 0;
172 b->rbuffer_size -= (start - (char*) b->rbuffer);
173 memmove(b->rbuffer, start, b->rbuffer_size);
175 r = bus_start_running(b);
182 static bool line_equals(const char *s, size_t m, const char *line) {
189 return memcmp(s, line, l) == 0;
192 static bool line_begins(const char *s, size_t m, const char *word) {
199 if (memcmp(s, word, l) != 0)
202 return m == l || (m > l && s[l] == ' ');
205 static int verify_anonymous_token(sd_bus *b, const char *p, size_t l) {
206 _cleanup_free_ char *token = NULL;
208 if (!b->anonymous_auth)
219 token = unhexmem(p, l);
223 if (memchr(token, 0, l/2))
226 return !!utf8_is_valid(token);
229 static int verify_external_token(sd_bus *b, const char *p, size_t l) {
230 _cleanup_free_ char *token = NULL;
234 /* We don't do any real authentication here. Instead, we if
235 * the owner of this bus wanted authentication he should have
236 * checked SO_PEERCRED before even creating the bus object. */
238 if (!b->anonymous_auth && !b->ucred_valid)
250 token = unhexmem(p, l);
254 if (memchr(token, 0, l/2))
257 r = parse_uid(token, &u);
261 /* We ignore the passed value if anonymous authentication is
263 if (!b->anonymous_auth && u != b->ucred.uid)
269 static int bus_socket_auth_write(sd_bus *b, const char *t) {
276 /* We only make use of the first iovec */
277 assert(b->auth_index == 0 || b->auth_index == 1);
280 p = malloc(b->auth_iovec[0].iov_len + l);
284 memcpy(p, b->auth_iovec[0].iov_base, b->auth_iovec[0].iov_len);
285 memcpy(p + b->auth_iovec[0].iov_len, t, l);
287 b->auth_iovec[0].iov_base = p;
288 b->auth_iovec[0].iov_len += l;
290 free(b->auth_buffer);
296 static int bus_socket_auth_write_ok(sd_bus *b) {
297 char t[3 + 32 + 2 + 1];
301 snprintf(t, sizeof(t), "OK " SD_ID128_FORMAT_STR "\r\n", SD_ID128_FORMAT_VAL(b->server_id));
304 return bus_socket_auth_write(b, t);
307 static int bus_socket_auth_verify_server(sd_bus *b) {
311 bool processed = false;
316 if (b->rbuffer_size < 3)
319 /* First char must be a NUL byte */
320 if (*(char*) b->rbuffer != 0)
323 /* Begin with the first line */
324 if (b->auth_rbegin <= 0)
328 /* Check if line is complete */
329 line = (char*) b->rbuffer + b->auth_rbegin;
330 e = memmem(line, b->rbuffer_size - b->auth_rbegin, "\r\n", 2);
336 if (line_begins(line, l, "AUTH ANONYMOUS")) {
338 r = verify_anonymous_token(b, line + 14, l - 14);
342 r = bus_socket_auth_write(b, "REJECTED\r\n");
344 b->auth = BUS_AUTH_ANONYMOUS;
345 r = bus_socket_auth_write_ok(b);
348 } else if (line_begins(line, l, "AUTH EXTERNAL")) {
350 r = verify_external_token(b, line + 13, l - 13);
354 r = bus_socket_auth_write(b, "REJECTED\r\n");
356 b->auth = BUS_AUTH_EXTERNAL;
357 r = bus_socket_auth_write_ok(b);
360 } else if (line_begins(line, l, "AUTH"))
361 r = bus_socket_auth_write(b, "REJECTED EXTERNAL ANONYMOUS\r\n");
362 else if (line_equals(line, l, "CANCEL") ||
363 line_begins(line, l, "ERROR")) {
365 b->auth = _BUS_AUTH_INVALID;
366 r = bus_socket_auth_write(b, "REJECTED\r\n");
368 } else if (line_equals(line, l, "BEGIN")) {
370 if (b->auth == _BUS_AUTH_INVALID)
371 r = bus_socket_auth_write(b, "ERROR\r\n");
373 /* We can't leave from the auth phase
374 * before we haven't written
375 * everything queued, so let's check
378 if (bus_socket_auth_needs_write(b))
381 b->rbuffer_size -= (e + 2 - (char*) b->rbuffer);
382 memmove(b->rbuffer, e + 2, b->rbuffer_size);
383 return bus_start_running(b);
386 } else if (line_begins(line, l, "DATA")) {
388 if (b->auth == _BUS_AUTH_INVALID)
389 r = bus_socket_auth_write(b, "ERROR\r\n");
391 if (b->auth == BUS_AUTH_ANONYMOUS)
392 r = verify_anonymous_token(b, line + 4, l - 4);
394 r = verify_external_token(b, line + 4, l - 4);
399 b->auth = _BUS_AUTH_INVALID;
400 r = bus_socket_auth_write(b, "REJECTED\r\n");
402 r = bus_socket_auth_write_ok(b);
404 } else if (line_equals(line, l, "NEGOTIATE_UNIX_FD")) {
405 if (b->auth == _BUS_AUTH_INVALID || !b->negotiate_fds)
406 r = bus_socket_auth_write(b, "ERROR\r\n");
409 r = bus_socket_auth_write(b, "AGREE_UNIX_FD\r\n");
412 r = bus_socket_auth_write(b, "ERROR\r\n");
417 b->auth_rbegin = e + 2 - (char*) b->rbuffer;
423 static int bus_socket_auth_verify(sd_bus *b) {
427 return bus_socket_auth_verify_server(b);
429 return bus_socket_auth_verify_client(b);
432 static int bus_socket_read_auth(sd_bus *b) {
440 struct cmsghdr cmsghdr;
441 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX) +
442 CMSG_SPACE(sizeof(struct ucred)) +
443 CMSG_SPACE(NAME_MAX)]; /*selinux label */
445 struct cmsghdr *cmsg;
446 bool handle_cmsg = false;
449 assert(b->state == BUS_AUTHENTICATING);
451 r = bus_socket_auth_verify(b);
455 n = MAX(256, b->rbuffer_size * 2);
457 if (n > BUS_AUTH_SIZE_MAX)
458 n = BUS_AUTH_SIZE_MAX;
460 if (b->rbuffer_size >= n)
463 p = realloc(b->rbuffer, n);
470 iov.iov_base = (uint8_t*) b->rbuffer + b->rbuffer_size;
471 iov.iov_len = n - b->rbuffer_size;
474 k = readv(b->input_fd, &iov, 1);
479 mh.msg_control = &control;
480 mh.msg_controllen = sizeof(control);
482 k = recvmsg(b->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
483 if (k < 0 && errno == ENOTSOCK) {
484 b->prefer_readv = true;
485 k = readv(b->input_fd, &iov, 1);
490 return errno == EAGAIN ? 0 : -errno;
494 b->rbuffer_size += k;
497 for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) {
498 if (cmsg->cmsg_level == SOL_SOCKET &&
499 cmsg->cmsg_type == SCM_RIGHTS) {
502 /* Whut? We received fds during the auth
503 * protocol? Somebody is playing games with
504 * us. Close them all, and fail */
505 j = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
506 close_many((int*) CMSG_DATA(cmsg), j);
509 } else if (cmsg->cmsg_level == SOL_SOCKET &&
510 cmsg->cmsg_type == SCM_CREDENTIALS &&
511 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
513 memcpy(&b->ucred, CMSG_DATA(cmsg), sizeof(struct ucred));
514 b->ucred_valid = true;
516 } else if (cmsg->cmsg_level == SOL_SOCKET &&
517 cmsg->cmsg_type == SCM_SECURITY) {
520 l = cmsg->cmsg_len - CMSG_LEN(0);
521 memcpy(&b->label, CMSG_DATA(cmsg), l);
527 r = bus_socket_auth_verify(b);
534 static int bus_socket_setup(sd_bus *b) {
539 /* Enable SO_PASSCRED + SO_PASSEC. We try this on any
540 * socket, just in case. */
541 enable = !b->bus_client;
542 setsockopt(b->input_fd, SOL_SOCKET, SO_PASSCRED, &enable, sizeof(enable));
543 setsockopt(b->input_fd, SOL_SOCKET, SO_PASSSEC, &enable, sizeof(enable));
545 /* Increase the buffers to a MB */
546 fd_inc_rcvbuf(b->input_fd, 1024*1024);
547 fd_inc_sndbuf(b->output_fd, 1024*1024);
552 static int bus_socket_start_auth_client(sd_bus *b) {
554 const char *auth_suffix, *auth_prefix;
558 if (b->anonymous_auth) {
559 auth_prefix = "\0AUTH ANONYMOUS ";
561 /* For ANONYMOUS auth we send some arbitrary "trace" string */
563 b->auth_buffer = hexmem("anonymous", l);
565 char text[20 + 1]; /* enough space for a 64bit integer plus NUL */
567 auth_prefix = "\0AUTH EXTERNAL ";
569 snprintf(text, sizeof(text), "%lu", (unsigned long) geteuid());
573 b->auth_buffer = hexmem(text, l);
579 if (b->negotiate_fds)
580 auth_suffix = "\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n";
582 auth_suffix = "\r\nBEGIN\r\n";
584 b->auth_iovec[0].iov_base = (void*) auth_prefix;
585 b->auth_iovec[0].iov_len = 1 + strlen(auth_prefix + 1);
586 b->auth_iovec[1].iov_base = (void*) b->auth_buffer;
587 b->auth_iovec[1].iov_len = l * 2;
588 b->auth_iovec[2].iov_base = (void*) auth_suffix;
589 b->auth_iovec[2].iov_len = strlen(auth_suffix);
591 return bus_socket_write_auth(b);
594 static int bus_socket_start_auth(sd_bus *b) {
597 b->state = BUS_AUTHENTICATING;
598 b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_DEFAULT_TIMEOUT;
600 if (sd_is_socket(b->input_fd, AF_UNIX, 0, 0) <= 0)
601 b->negotiate_fds = false;
603 if (b->output_fd != b->input_fd)
604 if (sd_is_socket(b->output_fd, AF_UNIX, 0, 0) <= 0)
605 b->negotiate_fds = false;
608 return bus_socket_read_auth(b);
610 return bus_socket_start_auth_client(b);
613 int bus_socket_connect(sd_bus *b) {
617 assert(b->input_fd < 0);
618 assert(b->output_fd < 0);
619 assert(b->sockaddr.sa.sa_family != AF_UNSPEC);
621 b->input_fd = socket(b->sockaddr.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
625 b->output_fd = b->input_fd;
627 r = bus_socket_setup(b);
631 r = connect(b->input_fd, &b->sockaddr.sa, b->sockaddr_size);
633 if (errno == EINPROGRESS)
639 return bus_socket_start_auth(b);
642 int bus_socket_exec(sd_bus *b) {
647 assert(b->input_fd < 0);
648 assert(b->output_fd < 0);
649 assert(b->exec_path);
651 r = socketpair(AF_UNIX, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0, s);
663 reset_all_signal_handlers();
665 close_all_fds(s+1, 1);
667 assert_se(dup3(s[1], STDIN_FILENO, 0) == STDIN_FILENO);
668 assert_se(dup3(s[1], STDOUT_FILENO, 0) == STDOUT_FILENO);
670 if (s[1] != STDIN_FILENO && s[1] != STDOUT_FILENO)
671 close_nointr_nofail(s[1]);
673 fd_cloexec(STDIN_FILENO, false);
674 fd_cloexec(STDOUT_FILENO, false);
675 fd_nonblock(STDIN_FILENO, false);
676 fd_nonblock(STDOUT_FILENO, false);
679 execvp(b->exec_path, b->exec_argv);
681 const char *argv[] = { b->exec_path, NULL };
682 execvp(b->exec_path, (char**) argv);
688 close_nointr_nofail(s[1]);
689 b->output_fd = b->input_fd = s[0];
691 return bus_socket_start_auth(b);
694 int bus_socket_take_fd(sd_bus *b) {
698 r = bus_socket_setup(b);
702 return bus_socket_start_auth(b);
705 int bus_socket_write_message(sd_bus *bus, sd_bus_message *m, size_t *idx) {
714 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
719 n = m->n_iovec * sizeof(struct iovec);
721 memcpy(iov, m->iovec, n);
724 iovec_advance(iov, &j, *idx);
726 if (bus->prefer_writev)
727 k = writev(bus->output_fd, iov, m->n_iovec);
733 struct cmsghdr *control;
734 control = alloca(CMSG_SPACE(sizeof(int) * m->n_fds));
736 mh.msg_control = control;
737 control->cmsg_level = SOL_SOCKET;
738 control->cmsg_type = SCM_RIGHTS;
739 mh.msg_controllen = control->cmsg_len = CMSG_LEN(sizeof(int) * m->n_fds);
740 memcpy(CMSG_DATA(control), m->fds, sizeof(int) * m->n_fds);
744 mh.msg_iovlen = m->n_iovec;
746 k = sendmsg(bus->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
747 if (k < 0 && errno == ENOTSOCK) {
748 bus->prefer_writev = true;
749 k = writev(bus->output_fd, iov, m->n_iovec);
754 return errno == EAGAIN ? 0 : -errno;
760 static int bus_socket_read_message_need(sd_bus *bus, size_t *need) {
767 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
769 if (bus->rbuffer_size < sizeof(struct bus_header)) {
770 *need = sizeof(struct bus_header) + 8;
772 /* Minimum message size:
776 * Method Call: +2 string headers
777 * Signal: +3 string headers
778 * Method Error: +1 string headers
780 * Method Reply: +1 uint32 headers
782 * A string header is at least 9 bytes
783 * A uint32 header is at least 8 bytes
785 * Hence the minimum message size of a valid message
786 * is header + 8 bytes */
791 a = ((const uint32_t*) bus->rbuffer)[1];
792 b = ((const uint32_t*) bus->rbuffer)[3];
794 e = ((const uint8_t*) bus->rbuffer)[0];
795 if (e == SD_BUS_LITTLE_ENDIAN) {
798 } else if (e == SD_BUS_BIG_ENDIAN) {
804 sum = (uint64_t) sizeof(struct bus_header) + (uint64_t) ALIGN_TO(b, 8) + (uint64_t) a;
805 if (sum >= BUS_MESSAGE_SIZE_MAX)
808 *need = (size_t) sum;
812 static int bus_socket_make_message(sd_bus *bus, size_t size, sd_bus_message **m) {
819 assert(bus->rbuffer_size >= size);
820 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
822 if (bus->rbuffer_size > size) {
823 b = memdup((const uint8_t*) bus->rbuffer + size,
824 bus->rbuffer_size - size);
830 r = bus_message_from_malloc(bus->rbuffer, size,
831 bus->fds, bus->n_fds,
832 bus->ucred_valid ? &bus->ucred : NULL,
833 bus->label[0] ? bus->label : NULL,
841 bus->rbuffer_size -= size;
850 int bus_socket_read_message(sd_bus *bus, sd_bus_message **m) {
858 struct cmsghdr cmsghdr;
859 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX) +
860 CMSG_SPACE(sizeof(struct ucred)) +
861 CMSG_SPACE(NAME_MAX)]; /*selinux label */
863 struct cmsghdr *cmsg;
868 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
870 r = bus_socket_read_message_need(bus, &need);
874 if (bus->rbuffer_size >= need)
875 return bus_socket_make_message(bus, need, m);
877 b = realloc(bus->rbuffer, need);
884 iov.iov_base = (uint8_t*) bus->rbuffer + bus->rbuffer_size;
885 iov.iov_len = need - bus->rbuffer_size;
887 if (bus->prefer_readv)
888 k = readv(bus->input_fd, &iov, 1);
893 mh.msg_control = &control;
894 mh.msg_controllen = sizeof(control);
896 k = recvmsg(bus->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
897 if (k < 0 && errno == ENOTSOCK) {
898 bus->prefer_readv = true;
899 k = readv(bus->input_fd, &iov, 1);
904 return errno == EAGAIN ? 0 : -errno;
908 bus->rbuffer_size += k;
911 for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) {
912 if (cmsg->cmsg_level == SOL_SOCKET &&
913 cmsg->cmsg_type == SCM_RIGHTS) {
916 n = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
919 /* Whut? We received fds but this
920 * isn't actually enabled? Close them,
923 close_many((int*) CMSG_DATA(cmsg), n);
927 f = realloc(bus->fds, sizeof(int) + (bus->n_fds + n));
929 close_many((int*) CMSG_DATA(cmsg), n);
933 memcpy(f + bus->n_fds, CMSG_DATA(cmsg), n * sizeof(int));
936 } else if (cmsg->cmsg_level == SOL_SOCKET &&
937 cmsg->cmsg_type == SCM_CREDENTIALS &&
938 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
940 memcpy(&bus->ucred, CMSG_DATA(cmsg), sizeof(struct ucred));
941 bus->ucred_valid = true;
943 } else if (cmsg->cmsg_level == SOL_SOCKET &&
944 cmsg->cmsg_type == SCM_SECURITY) {
947 l = cmsg->cmsg_len - CMSG_LEN(0);
948 memcpy(&bus->label, CMSG_DATA(cmsg), l);
954 r = bus_socket_read_message_need(bus, &need);
958 if (bus->rbuffer_size >= need)
959 return bus_socket_make_message(bus, need, m);
964 int bus_socket_process_opening(sd_bus *b) {
966 socklen_t slen = sizeof(error);
971 assert(b->state == BUS_OPENING);
981 if (!(p.revents & (POLLOUT|POLLERR|POLLHUP)))
984 r = getsockopt(b->output_fd, SOL_SOCKET, SO_ERROR, &error, &slen);
986 b->last_connect_error = errno;
988 b->last_connect_error = error;
989 else if (p.revents & (POLLERR|POLLHUP))
990 b->last_connect_error = ECONNREFUSED;
992 return bus_socket_start_auth(b);
994 return bus_next_address(b);
997 int bus_socket_process_authenticating(sd_bus *b) {
1001 assert(b->state == BUS_AUTHENTICATING);
1003 if (now(CLOCK_MONOTONIC) >= b->auth_timeout)
1006 r = bus_socket_write_auth(b);
1010 return bus_socket_read_auth(b);