1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2013 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
36 #include "bus-socket.h"
37 #include "bus-internal.h"
38 #include "bus-message.h"
40 static void iovec_advance(struct iovec iov[], unsigned *idx, size_t size) {
43 struct iovec *i = iov + *idx;
45 if (i->iov_len > size) {
46 i->iov_base = (uint8_t*) i->iov_base + size;
60 bool bus_socket_auth_needs_write(sd_bus *b) {
64 if (b->auth_index >= ELEMENTSOF(b->auth_iovec))
67 for (i = b->auth_index; i < ELEMENTSOF(b->auth_iovec); i++) {
68 struct iovec *j = b->auth_iovec + i;
77 static int bus_socket_write_auth(sd_bus *b) {
81 assert(b->state == BUS_AUTHENTICATING);
83 if (!bus_socket_auth_needs_write(b))
87 k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
92 mh.msg_iov = b->auth_iovec + b->auth_index;
93 mh.msg_iovlen = ELEMENTSOF(b->auth_iovec) - b->auth_index;
95 k = sendmsg(b->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
96 if (k < 0 && errno == ENOTSOCK) {
97 b->prefer_writev = true;
98 k = writev(b->output_fd, b->auth_iovec + b->auth_index, ELEMENTSOF(b->auth_iovec) - b->auth_index);
103 return errno == EAGAIN ? 0 : -errno;
105 iovec_advance(b->auth_iovec, &b->auth_index, (size_t) k);
109 static int bus_socket_auth_verify_client(sd_bus *b) {
117 /* We expect two response lines: "OK" and possibly
120 e = memmem(b->rbuffer, b->rbuffer_size, "\r\n", 2);
124 if (b->negotiate_fds) {
125 f = memmem(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2);
135 /* Nice! We got all the lines we need. First check the OK
138 if (e - (char*) b->rbuffer != 3 + 32)
141 if (memcmp(b->rbuffer, "OK ", 3))
144 b->auth = b->anonymous_auth ? BUS_AUTH_ANONYMOUS : BUS_AUTH_EXTERNAL;
146 for (i = 0; i < 32; i += 2) {
149 x = unhexchar(((char*) b->rbuffer)[3 + i]);
150 y = unhexchar(((char*) b->rbuffer)[3 + i + 1]);
155 peer.bytes[i/2] = ((uint8_t) x << 4 | (uint8_t) y);
158 if (!sd_id128_equal(b->server_id, SD_ID128_NULL) &&
159 !sd_id128_equal(b->server_id, peer))
164 /* And possibly check the second line, too */
168 (f - e == sizeof("\r\nAGREE_UNIX_FD") - 1) &&
169 memcmp(e + 2, "AGREE_UNIX_FD", sizeof("AGREE_UNIX_FD") - 1) == 0;
171 b->rbuffer_size -= (start - (char*) b->rbuffer);
172 memmove(b->rbuffer, start, b->rbuffer_size);
174 r = bus_start_running(b);
181 static bool line_equals(const char *s, size_t m, const char *line) {
188 return memcmp(s, line, l) == 0;
191 static bool line_begins(const char *s, size_t m, const char *word) {
198 if (memcmp(s, word, l) != 0)
201 return m == l || (m > l && s[l] == ' ');
204 static int verify_anonymous_token(sd_bus *b, const char *p, size_t l) {
205 _cleanup_free_ char *token = NULL;
207 if (!b->anonymous_auth)
218 token = unhexmem(p, l);
222 if (memchr(token, 0, l/2))
225 return !!utf8_is_valid(token);
228 static int verify_external_token(sd_bus *b, const char *p, size_t l) {
229 _cleanup_free_ char *token = NULL;
233 /* We don't do any real authentication here. Instead, we if
234 * the owner of this bus wanted authentication he should have
235 * checked SO_PEERCRED before even creating the bus object. */
249 token = unhexmem(p, l);
253 if (memchr(token, 0, l/2))
256 r = parse_uid(token, &u);
260 if (u != b->ucred.uid)
266 static int bus_socket_auth_write(sd_bus *b, const char *t) {
273 /* We only make use of the first iovec */
274 assert(b->auth_index == 0 || b->auth_index == 1);
277 p = malloc(b->auth_iovec[0].iov_len + l);
281 memcpy(p, b->auth_iovec[0].iov_base, b->auth_iovec[0].iov_len);
282 memcpy(p + b->auth_iovec[0].iov_len, t, l);
284 b->auth_iovec[0].iov_base = p;
285 b->auth_iovec[0].iov_len += l;
287 free(b->auth_buffer);
293 static int bus_socket_auth_write_ok(sd_bus *b) {
294 char t[3 + 32 + 2 + 1];
298 snprintf(t, sizeof(t), "OK " SD_ID128_FORMAT_STR "\r\n", SD_ID128_FORMAT_VAL(b->server_id));
301 return bus_socket_auth_write(b, t);
304 static int bus_socket_auth_verify_server(sd_bus *b) {
308 bool processed = false;
313 if (b->rbuffer_size < 3)
316 /* First char must be a NUL byte */
317 if (*(char*) b->rbuffer != 0)
320 /* Begin with the first line */
321 if (b->auth_rbegin <= 0)
325 /* Check if line is complete */
326 line = (char*) b->rbuffer + b->auth_rbegin;
327 e = memmem(line, b->rbuffer_size - b->auth_rbegin, "\r\n", 2);
333 if (line_begins(line, l, "AUTH ANONYMOUS")) {
335 r = verify_anonymous_token(b, line + 14, l - 14);
339 r = bus_socket_auth_write(b, "REJECTED\r\n");
341 b->auth = BUS_AUTH_ANONYMOUS;
342 r = bus_socket_auth_write_ok(b);
345 } else if (line_begins(line, l, "AUTH EXTERNAL")) {
347 r = verify_external_token(b, line + 13, l - 13);
351 r = bus_socket_auth_write(b, "REJECTED\r\n");
353 b->auth = BUS_AUTH_EXTERNAL;
354 r = bus_socket_auth_write_ok(b);
357 } else if (line_begins(line, l, "AUTH"))
358 r = bus_socket_auth_write(b, "REJECTED EXTERNAL ANONYMOUS\r\n");
359 else if (line_equals(line, l, "CANCEL") ||
360 line_begins(line, l, "ERROR")) {
362 b->auth = _BUS_AUTH_INVALID;
363 r = bus_socket_auth_write(b, "REJECTED\r\n");
365 } else if (line_equals(line, l, "BEGIN")) {
367 if (b->auth == _BUS_AUTH_INVALID)
368 r = bus_socket_auth_write(b, "ERROR\r\n");
370 /* We can't leave from the auth phase
371 * before we haven't written
372 * everything queued, so let's check
375 if (bus_socket_auth_needs_write(b))
378 b->rbuffer_size -= (e + 2 - (char*) b->rbuffer);
379 memmove(b->rbuffer, e + 2, b->rbuffer_size);
380 return bus_start_running(b);
383 } else if (line_begins(line, l, "DATA")) {
385 if (b->auth == _BUS_AUTH_INVALID)
386 r = bus_socket_auth_write(b, "ERROR\r\n");
388 if (b->auth == BUS_AUTH_ANONYMOUS)
389 r = verify_anonymous_token(b, line + 4, l - 4);
391 r = verify_external_token(b, line + 4, l - 4);
396 b->auth = _BUS_AUTH_INVALID;
397 r = bus_socket_auth_write(b, "REJECTED\r\n");
399 r = bus_socket_auth_write_ok(b);
401 } else if (line_equals(line, l, "NEGOTIATE_UNIX_FD")) {
402 if (b->auth == _BUS_AUTH_INVALID || !b->negotiate_fds)
403 r = bus_socket_auth_write(b, "ERROR\r\n");
406 r = bus_socket_auth_write(b, "AGREE_UNIX_FD\r\n");
409 r = bus_socket_auth_write(b, "ERROR\r\n");
414 b->auth_rbegin = e + 2 - (char*) b->rbuffer;
420 static int bus_socket_auth_verify(sd_bus *b) {
424 return bus_socket_auth_verify_server(b);
426 return bus_socket_auth_verify_client(b);
429 static int bus_socket_read_auth(sd_bus *b) {
437 struct cmsghdr cmsghdr;
438 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX) +
439 CMSG_SPACE(sizeof(struct ucred)) +
440 CMSG_SPACE(NAME_MAX)]; /*selinux label */
442 struct cmsghdr *cmsg;
443 bool handle_cmsg = false;
446 assert(b->state == BUS_AUTHENTICATING);
448 r = bus_socket_auth_verify(b);
452 n = MAX(256, b->rbuffer_size * 2);
454 if (n > BUS_AUTH_SIZE_MAX)
455 n = BUS_AUTH_SIZE_MAX;
457 if (b->rbuffer_size >= n)
460 p = realloc(b->rbuffer, n);
467 iov.iov_base = (uint8_t*) b->rbuffer + b->rbuffer_size;
468 iov.iov_len = n - b->rbuffer_size;
471 k = readv(b->input_fd, &iov, 1);
476 mh.msg_control = &control;
477 mh.msg_controllen = sizeof(control);
479 k = recvmsg(b->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
480 if (k < 0 && errno == ENOTSOCK) {
481 b->prefer_readv = true;
482 k = readv(b->input_fd, &iov, 1);
487 return errno == EAGAIN ? 0 : -errno;
491 b->rbuffer_size += k;
494 for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) {
495 if (cmsg->cmsg_level == SOL_SOCKET &&
496 cmsg->cmsg_type == SCM_RIGHTS) {
499 /* Whut? We received fds during the auth
500 * protocol? Somebody is playing games with
501 * us. Close them all, and fail */
502 j = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
503 close_many((int*) CMSG_DATA(cmsg), j);
506 } else if (cmsg->cmsg_level == SOL_SOCKET &&
507 cmsg->cmsg_type == SCM_CREDENTIALS &&
508 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
510 memcpy(&b->ucred, CMSG_DATA(cmsg), sizeof(struct ucred));
511 b->ucred_valid = true;
513 } else if (cmsg->cmsg_level == SOL_SOCKET &&
514 cmsg->cmsg_type == SCM_SECURITY) {
517 l = cmsg->cmsg_len - CMSG_LEN(0);
518 memcpy(&b->label, CMSG_DATA(cmsg), l);
524 r = bus_socket_auth_verify(b);
531 static int bus_socket_setup(sd_bus *b) {
536 /* Enable SO_PASSCRED + SO_PASSEC. We try this on any
537 * socket, just in case. */
538 enable = !b->bus_client;
539 setsockopt(b->input_fd, SOL_SOCKET, SO_PASSCRED, &enable, sizeof(enable));
540 setsockopt(b->input_fd, SOL_SOCKET, SO_PASSSEC, &enable, sizeof(enable));
542 /* Increase the buffers to a MB */
543 fd_inc_rcvbuf(b->input_fd, 1024*1024);
544 fd_inc_sndbuf(b->output_fd, 1024*1024);
549 static int bus_socket_start_auth_client(sd_bus *b) {
551 const char *auth_suffix, *auth_prefix;
555 if (b->anonymous_auth) {
556 auth_prefix = "\0AUTH ANONYMOUS ";
558 /* For ANONYMOUS auth we send some arbitrary "trace" string */
560 b->auth_buffer = hexmem("anonymous", l);
562 char text[20 + 1]; /* enough space for a 64bit integer plus NUL */
564 auth_prefix = "\0AUTH EXTERNAL ";
566 snprintf(text, sizeof(text), "%lu", (unsigned long) geteuid());
570 b->auth_buffer = hexmem(text, l);
576 if (b->negotiate_fds)
577 auth_suffix = "\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n";
579 auth_suffix = "\r\nBEGIN\r\n";
581 b->auth_iovec[0].iov_base = (void*) auth_prefix;
582 b->auth_iovec[0].iov_len = 1 + strlen(auth_prefix + 1);
583 b->auth_iovec[1].iov_base = (void*) b->auth_buffer;
584 b->auth_iovec[1].iov_len = l * 2;
585 b->auth_iovec[2].iov_base = (void*) auth_suffix;
586 b->auth_iovec[2].iov_len = strlen(auth_suffix);
588 return bus_socket_write_auth(b);
591 static int bus_socket_start_auth(sd_bus *b) {
597 b->state = BUS_AUTHENTICATING;
598 b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_DEFAULT_TIMEOUT;
601 r = getsockopt(b->input_fd, SOL_SOCKET, SO_DOMAIN, &domain, &sl);
602 if (r < 0 || domain != AF_UNIX)
603 b->negotiate_fds = false;
605 if (b->output_fd != b->input_fd) {
606 r = getsockopt(b->output_fd, SOL_SOCKET, SO_DOMAIN, &domain, &sl);
607 if (r < 0 || domain != AF_UNIX)
608 b->negotiate_fds = false;
613 return bus_socket_read_auth(b);
615 return bus_socket_start_auth_client(b);
618 int bus_socket_connect(sd_bus *b) {
622 assert(b->input_fd < 0);
623 assert(b->output_fd < 0);
624 assert(b->sockaddr.sa.sa_family != AF_UNSPEC);
626 b->input_fd = socket(b->sockaddr.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
630 b->output_fd = b->input_fd;
632 r = bus_socket_setup(b);
636 r = connect(b->input_fd, &b->sockaddr.sa, b->sockaddr_size);
638 if (errno == EINPROGRESS)
644 return bus_socket_start_auth(b);
647 int bus_socket_exec(sd_bus *b) {
652 assert(b->input_fd < 0);
653 assert(b->output_fd < 0);
654 assert(b->exec_path);
656 r = socketpair(AF_UNIX, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0, s);
668 reset_all_signal_handlers();
670 close_all_fds(s+1, 1);
672 assert_se(dup3(s[1], STDIN_FILENO, 0) == STDIN_FILENO);
673 assert_se(dup3(s[1], STDOUT_FILENO, 0) == STDOUT_FILENO);
675 if (s[1] != STDIN_FILENO && s[1] != STDOUT_FILENO)
676 close_nointr_nofail(s[1]);
678 fd_cloexec(STDIN_FILENO, false);
679 fd_cloexec(STDOUT_FILENO, false);
680 fd_nonblock(STDIN_FILENO, false);
681 fd_nonblock(STDOUT_FILENO, false);
684 execvp(b->exec_path, b->exec_argv);
686 const char *argv[] = { b->exec_path, NULL };
687 execvp(b->exec_path, (char**) argv);
693 close_nointr_nofail(s[1]);
694 b->output_fd = b->input_fd = s[0];
696 return bus_socket_start_auth(b);
699 int bus_socket_take_fd(sd_bus *b) {
703 r = bus_socket_setup(b);
707 return bus_socket_start_auth(b);
710 int bus_socket_write_message(sd_bus *bus, sd_bus_message *m, size_t *idx) {
719 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
724 n = m->n_iovec * sizeof(struct iovec);
726 memcpy(iov, m->iovec, n);
729 iovec_advance(iov, &j, *idx);
731 if (bus->prefer_writev)
732 k = writev(bus->output_fd, iov, m->n_iovec);
738 struct cmsghdr *control;
739 control = alloca(CMSG_SPACE(sizeof(int) * m->n_fds));
741 mh.msg_control = control;
742 control->cmsg_level = SOL_SOCKET;
743 control->cmsg_type = SCM_RIGHTS;
744 mh.msg_controllen = control->cmsg_len = CMSG_LEN(sizeof(int) * m->n_fds);
745 memcpy(CMSG_DATA(control), m->fds, sizeof(int) * m->n_fds);
749 mh.msg_iovlen = m->n_iovec;
751 k = sendmsg(bus->output_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL);
752 if (k < 0 && errno == ENOTSOCK) {
753 bus->prefer_writev = true;
754 k = writev(bus->output_fd, iov, m->n_iovec);
759 return errno == EAGAIN ? 0 : -errno;
765 static int bus_socket_read_message_need(sd_bus *bus, size_t *need) {
772 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
774 if (bus->rbuffer_size < sizeof(struct bus_header)) {
775 *need = sizeof(struct bus_header) + 8;
777 /* Minimum message size:
781 * Method Call: +2 string headers
782 * Signal: +3 string headers
783 * Method Error: +1 string headers
785 * Method Reply: +1 uint32 headers
787 * A string header is at least 9 bytes
788 * A uint32 header is at least 8 bytes
790 * Hence the minimum message size of a valid message
791 * is header + 8 bytes */
796 a = ((const uint32_t*) bus->rbuffer)[1];
797 b = ((const uint32_t*) bus->rbuffer)[3];
799 e = ((const uint8_t*) bus->rbuffer)[0];
800 if (e == SD_BUS_LITTLE_ENDIAN) {
803 } else if (e == SD_BUS_BIG_ENDIAN) {
809 sum = (uint64_t) sizeof(struct bus_header) + (uint64_t) ALIGN_TO(b, 8) + (uint64_t) a;
810 if (sum >= BUS_MESSAGE_SIZE_MAX)
813 *need = (size_t) sum;
817 static int bus_socket_make_message(sd_bus *bus, size_t size, sd_bus_message **m) {
824 assert(bus->rbuffer_size >= size);
825 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
827 if (bus->rbuffer_size > size) {
828 b = memdup((const uint8_t*) bus->rbuffer + size,
829 bus->rbuffer_size - size);
835 r = bus_message_from_malloc(bus->rbuffer, size,
836 bus->fds, bus->n_fds,
837 bus->ucred_valid ? &bus->ucred : NULL,
838 bus->label[0] ? bus->label : NULL,
846 bus->rbuffer_size -= size;
855 int bus_socket_read_message(sd_bus *bus, sd_bus_message **m) {
863 struct cmsghdr cmsghdr;
864 uint8_t buf[CMSG_SPACE(sizeof(int) * BUS_FDS_MAX) +
865 CMSG_SPACE(sizeof(struct ucred)) +
866 CMSG_SPACE(NAME_MAX)]; /*selinux label */
868 struct cmsghdr *cmsg;
873 assert(bus->state == BUS_RUNNING || bus->state == BUS_HELLO);
875 r = bus_socket_read_message_need(bus, &need);
879 if (bus->rbuffer_size >= need)
880 return bus_socket_make_message(bus, need, m);
882 b = realloc(bus->rbuffer, need);
889 iov.iov_base = (uint8_t*) bus->rbuffer + bus->rbuffer_size;
890 iov.iov_len = need - bus->rbuffer_size;
892 if (bus->prefer_readv)
893 k = readv(bus->input_fd, &iov, 1);
898 mh.msg_control = &control;
899 mh.msg_controllen = sizeof(control);
901 k = recvmsg(bus->input_fd, &mh, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC);
902 if (k < 0 && errno == ENOTSOCK) {
903 bus->prefer_readv = true;
904 k = readv(bus->input_fd, &iov, 1);
909 return errno == EAGAIN ? 0 : -errno;
913 bus->rbuffer_size += k;
916 for (cmsg = CMSG_FIRSTHDR(&mh); cmsg; cmsg = CMSG_NXTHDR(&mh, cmsg)) {
917 if (cmsg->cmsg_level == SOL_SOCKET &&
918 cmsg->cmsg_type == SCM_RIGHTS) {
921 n = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
924 /* Whut? We received fds but this
925 * isn't actually enabled? Close them,
928 close_many((int*) CMSG_DATA(cmsg), n);
932 f = realloc(bus->fds, sizeof(int) + (bus->n_fds + n));
934 close_many((int*) CMSG_DATA(cmsg), n);
938 memcpy(f + bus->n_fds, CMSG_DATA(cmsg), n * sizeof(int));
941 } else if (cmsg->cmsg_level == SOL_SOCKET &&
942 cmsg->cmsg_type == SCM_CREDENTIALS &&
943 cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
945 memcpy(&bus->ucred, CMSG_DATA(cmsg), sizeof(struct ucred));
946 bus->ucred_valid = true;
948 } else if (cmsg->cmsg_level == SOL_SOCKET &&
949 cmsg->cmsg_type == SCM_SECURITY) {
952 l = cmsg->cmsg_len - CMSG_LEN(0);
953 memcpy(&bus->label, CMSG_DATA(cmsg), l);
959 r = bus_socket_read_message_need(bus, &need);
963 if (bus->rbuffer_size >= need)
964 return bus_socket_make_message(bus, need, m);
969 int bus_socket_process_opening(sd_bus *b) {
971 socklen_t slen = sizeof(error);
976 assert(b->state == BUS_OPENING);
986 if (!(p.revents & (POLLOUT|POLLERR|POLLHUP)))
989 r = getsockopt(b->output_fd, SOL_SOCKET, SO_ERROR, &error, &slen);
991 b->last_connect_error = errno;
993 b->last_connect_error = error;
994 else if (p.revents & (POLLERR|POLLHUP))
995 b->last_connect_error = ECONNREFUSED;
997 return bus_socket_start_auth(b);
999 return bus_next_address(b);
1002 int bus_socket_process_authenticating(sd_bus *b) {
1006 assert(b->state == BUS_AUTHENTICATING);
1008 if (now(CLOCK_MONOTONIC) >= b->auth_timeout)
1011 r = bus_socket_write_auth(b);
1015 return bus_socket_read_auth(b);