chiark / gitweb /
~ianmdlvl / elogind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
bus: rework how we attach fds to event loops
[elogind.git] / src / libsystemd-bus / sd-bus.c
diff --git a/src/libsystemd-bus/sd-bus.c b/src/libsystemd-bus/sd-bus.c
index 0d5deb6c6deb1f88855a9e00c014c1e4f2d9c373..9ab4367819c9f58a46efee4708c4223ae3e86742 100644 (file)
--- a/src/libsystemd-bus/sd-bus.c
+++ b/src/libsystemd-bus/sd-bus.c
@@ -47,12 +47,17 @@
 #include "bus-objects.h"
 #include "bus-util.h"
 #include "bus-container.h"
+#include "bus-protocol.h"
 
 static int bus_poll(sd_bus *bus, bool need_more, uint64_t timeout_usec);
+static int attach_io_events(sd_bus *b);
+static void detach_io_events(sd_bus *b);
 
 static void bus_close_fds(sd_bus *b) {
         assert(b);
 
+        detach_io_events(b);
+
         if (b->input_fd >= 0)
                 close_nointr_nofail(b->input_fd);
 
@@ -181,6 +186,7 @@ _public_ int sd_bus_new(sd_bus **ret) {
         r->n_ref = REFCNT_INIT;
         r->input_fd = r->output_fd = -1;
         r->message_version = 1;
+        r->creds_mask |= SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME;
         r->hello_flags |= KDBUS_HELLO_ACCEPT_FD;
         r->attach_flags |= KDBUS_ATTACH_NAMES;
         r->original_pid = getpid();
@@ -286,11 +292,14 @@ _public_ int sd_bus_negotiate_attach_timestamp(sd_bus *bus, int b) {
 
 _public_ int sd_bus_negotiate_attach_creds(sd_bus *bus, uint64_t mask) {
         assert_return(bus, -EINVAL);
-        assert_return(mask <= _SD_BUS_CREDS_MAX, -EINVAL);
+        assert_return(mask <= _SD_BUS_CREDS_ALL, -EINVAL);
         assert_return(bus->state == BUS_UNSET, -EPERM);
         assert_return(!bus_pid_changed(bus), -ECHILD);
 
-        return kdbus_translate_attach_flags(mask, &bus->creds_mask);
+        /* The well knowns we need unconditionally, so that matches can work */
+        bus->creds_mask = mask | SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME;
+
+        return kdbus_translate_attach_flags(bus->creds_mask, &bus->creds_mask);
 }
 
 _public_ int sd_bus_set_server(sd_bus *bus, int b, sd_id128_t server_id) {
@@ -313,6 +322,15 @@ _public_ int sd_bus_set_anonymous(sd_bus *bus, int b) {
         return 0;
 }
 
+_public_ int sd_bus_set_trusted(sd_bus *bus, int b) {
+        assert_return(bus, -EINVAL);
+        assert_return(bus->state == BUS_UNSET, -EPERM);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        bus->trusted = !!b;
+        return 0;
+}
+
 static int hello_callback(sd_bus *bus, sd_bus_message *reply, void *userdata, sd_bus_error *error) {
         const char *s;
         int r;
@@ -750,6 +768,9 @@ static int parse_container_address(sd_bus *b, const char **p, char **guid) {
         if (!machine)
                 return -EINVAL;
 
+        if (!filename_is_safe(machine))
+                return -EINVAL;
+
         free(b->machine);
         b->machine = machine;
         machine = NULL;
@@ -865,36 +886,27 @@ static int bus_start_address(sd_bus *b) {
         assert(b);
 
         for (;;) {
-                sd_bus_close(b);
+                bool skipped = false;
 
-                if (b->exec_path) {
+                bus_close_fds(b);
 
+                if (b->exec_path)
                         r = bus_socket_exec(b);
-                        if (r >= 0)
-                                return r;
-
-                        b->last_connect_error = -r;
-                } else if (b->kernel) {
-
+                else if (b->kernel)
                         r = bus_kernel_connect(b);
-                        if (r >= 0)
-                                return r;
-
-                        b->last_connect_error = -r;
-
-                } else if (b->machine) {
-
+                else if (b->machine)
                         r = bus_container_connect(b);
-                        if (r >= 0)
-                                return r;
-
-                        b->last_connect_error = -r;
-
-                } else if (b->sockaddr.sa.sa_family != AF_UNSPEC) {
-
+                else if (b->sockaddr.sa.sa_family != AF_UNSPEC)
                         r = bus_socket_connect(b);
-                        if (r >= 0)
-                                return r;
+                else
+                        skipped = true;
+
+                if (!skipped) {
+                        if (r >= 0) {
+                                r = attach_io_events(b);
+                                if (r >= 0)
+                                        return r;
+                        }
 
                         b->last_connect_error = -r;
                 }
@@ -989,13 +1001,22 @@ _public_ int sd_bus_open_system(sd_bus **ret) {
         if (e)
                 r = sd_bus_set_address(b, e);
         else
+#ifdef ENABLE_KDBUS
                 r = sd_bus_set_address(b, "kernel:path=/dev/kdbus/0-system/bus;unix:path=/run/dbus/system_bus_socket");
+#else
+                r = sd_bus_set_address(b, "unix:path=/run/dbus/system_bus_socket");
+#endif
 
         if (r < 0)
                 goto fail;
 
         b->bus_client = true;
 
+        /* Let's do per-method access control on the system bus. We
+         * need the caller's UID and capability set for that. */
+        b->trusted = false;
+        b->attach_flags |= KDBUS_ATTACH_CAPS | KDBUS_ATTACH_CREDS;
+
         r = sd_bus_start(b);
         if (r < 0)
                 goto fail;
@@ -1031,13 +1052,22 @@ _public_ int sd_bus_open_user(sd_bus **ret) {
 
                         ee = bus_address_escape(e);
                         if (!ee) {
-                                r = -ENOENT;
+                                r = -ENOMEM;
                                 goto fail;
                         }
 
+#ifdef ENABLE_KDBUS
                         asprintf(&b->address, "kernel:path=/dev/kdbus/%lu-user/bus;unix:path=%s/bus", (unsigned long) getuid(), ee);
-                } else
+#else
+                        b->address = strjoin("unix:path=", ee, "/bus", NULL);
+#endif
+                } else {
+#ifdef ENABLE_KDBUS
                         asprintf(&b->address, "kernel:path=/dev/kdbus/%lu-user/bus", (unsigned long) getuid());
+#else
+                        return -ECONNREFUSED;
+#endif
+                }
 
                 if (!b->address) {
                         r = -ENOMEM;
@@ -1047,6 +1077,10 @@ _public_ int sd_bus_open_user(sd_bus **ret) {
 
         b->bus_client = true;
 
+        /* We don't do any per-method access control on the user
+         * bus. */
+        b->trusted = true;
+
         r = sd_bus_start(b);
         if (r < 0)
                 goto fail;
@@ -1103,12 +1137,17 @@ _public_ int sd_bus_open_system_container(const char *machine, sd_bus **ret) {
 
         assert_return(machine, -EINVAL);
         assert_return(ret, -EINVAL);
+        assert_return(filename_is_safe(machine), -EINVAL);
 
         e = bus_address_escape(machine);
         if (!e)
                 return -ENOMEM;
 
+#ifdef ENABLE_KDBUS
+        p = strjoin("kernel:path=/dev/kdbus/ns/machine-", e, "/0-system/bus;x-container:machine=", e, NULL);
+#else
         p = strjoin("x-container:machine=", e, NULL);
+#endif
         if (!p)
                 return -ENOMEM;
 
@@ -1153,9 +1192,8 @@ _public_ void sd_bus_close(sd_bus *bus) {
 
         /* We'll leave the fd open in case this is a kernel bus, since
          * there might still be memblocks around that reference this
-         * bus, and they might need to invoke the
-         * KDBUS_CMD_MSG_RELEASE ioctl on the fd when they are
-         * freed. */
+         * bus, and they might need to invoke the * KDBUS_CMD_FREE
+         * ioctl on the fd when they are freed. */
 }
 
 static void bus_enter_closing(sd_bus *bus) {
@@ -1179,7 +1217,9 @@ _public_ sd_bus *sd_bus_ref(sd_bus *bus) {
 }
 
 _public_ sd_bus *sd_bus_unref(sd_bus *bus) {
-        assert_return(bus, NULL);
+
+        if (!bus)
+                return NULL;
 
         if (REFCNT_DEC(bus->n_ref) <= 0)
                 bus_free(bus);
@@ -1231,11 +1271,16 @@ _public_ int sd_bus_get_server_id(sd_bus *bus, sd_id128_t *server_id) {
         return 0;
 }
 
-static int bus_seal_message(sd_bus *b, sd_bus_message *m) {
+static int bus_seal_message(sd_bus *b, sd_bus_message *m, usec_t timeout) {
         assert(b);
         assert(m);
 
-        if (m->header->version > b->message_version)
+        if (b->message_version != 0 &&
+            m->header->version != b->message_version)
+                return -EPERM;
+
+        if (b->message_endian != 0 &&
+            m->header->endian != b->message_endian)
                 return -EPERM;
 
         if (m->sealed) {
@@ -1246,16 +1291,16 @@ static int bus_seal_message(sd_bus *b, sd_bus_message *m) {
                 return 0;
         }
 
-        return bus_message_seal(m, ++b->serial);
+        if (timeout == 0)
+                timeout = BUS_DEFAULT_TIMEOUT;
+
+        return bus_message_seal(m, ++b->serial, timeout);
 }
 
 int bus_seal_synthetic_message(sd_bus *b, sd_bus_message *m) {
         assert(b);
         assert(m);
 
-        if (m->header->version > b->message_version)
-                return -EPERM;
-
         /* The bus specification says the serial number cannot be 0,
          * hence let's fill something in for synthetic messages. Since
          * synthetic messages might have a fake sender and we don't
@@ -1264,12 +1309,10 @@ int bus_seal_synthetic_message(sd_bus *b, sd_bus_message *m) {
          * than (uint64_t) -1 since dbus1 only had 32bit identifiers,
          * even though kdbus can do 64bit. */
 
-        return bus_message_seal(m, 0xFFFFFFFFULL);
+        return bus_message_seal(m, 0xFFFFFFFFULL, 0);
 }
 
 static int bus_write_message(sd_bus *bus, sd_bus_message *message, size_t *idx) {
-        int r;
-
         assert(bus);
         assert(message);
 
@@ -1277,8 +1320,6 @@ static int bus_write_message(sd_bus *bus, sd_bus_message *message, size_t *idx)
                 return bus_kernel_write_message(bus, message);
         else
                 return bus_socket_write_message(bus, message, idx);
-
-        return r;
 }
 
 static int dispatch_wqueue(sd_bus *bus) {
@@ -1396,9 +1437,9 @@ _public_ int sd_bus_send(sd_bus *bus, sd_bus_message *m, uint64_t *serial) {
         /* If the serial number isn't kept, then we know that no reply
          * is expected */
         if (!serial && !m->sealed)
-                m->header->flags |= SD_BUS_MESSAGE_NO_REPLY_EXPECTED;
+                m->header->flags |= BUS_MESSAGE_NO_REPLY_EXPECTED;
 
-        r = bus_seal_message(bus, m);
+        r = bus_seal_message(bus, m, 0);
         if (r < 0)
                 return r;
 
@@ -1473,9 +1514,6 @@ static usec_t calc_elapse(uint64_t usec) {
         if (usec == (uint64_t) -1)
                 return 0;
 
-        if (usec == 0)
-                usec = BUS_DEFAULT_TIMEOUT;
-
         return now(CLOCK_MONOTONIC) + usec;
 }
 
@@ -1512,7 +1550,7 @@ _public_ int sd_bus_call_async(
         assert_return(BUS_IS_OPEN(bus->state), -ENOTCONN);
         assert_return(m, -EINVAL);
         assert_return(m->header->type == SD_BUS_MESSAGE_METHOD_CALL, -EINVAL);
-        assert_return(!(m->header->flags & SD_BUS_MESSAGE_NO_REPLY_EXPECTED), -EINVAL);
+        assert_return(!(m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED), -EINVAL);
         assert_return(callback, -EINVAL);
         assert_return(!bus_pid_changed(bus), -ECHILD);
 
@@ -1520,13 +1558,11 @@ _public_ int sd_bus_call_async(
         if (r < 0)
                 return r;
 
-        if (usec != (uint64_t) -1) {
-                r = prioq_ensure_allocated(&bus->reply_callbacks_prioq, timeout_compare);
-                if (r < 0)
-                        return r;
-        }
+        r = prioq_ensure_allocated(&bus->reply_callbacks_prioq, timeout_compare);
+        if (r < 0)
+                return r;
 
-        r = bus_seal_message(bus, m);
+        r = bus_seal_message(bus, m, usec);
         if (r < 0)
                 return r;
 
@@ -1537,7 +1573,7 @@ _public_ int sd_bus_call_async(
         c->callback = callback;
         c->userdata = userdata;
         c->serial = BUS_MESSAGE_SERIAL(m);
-        c->timeout = calc_elapse(usec);
+        c->timeout = calc_elapse(m->timeout);
 
         r = hashmap_put(bus->reply_callbacks, &c->serial, c);
         if (r < 0) {
@@ -1622,7 +1658,7 @@ _public_ int sd_bus_call(
         assert_return(BUS_IS_OPEN(bus->state), -ENOTCONN);
         assert_return(m, -EINVAL);
         assert_return(m->header->type == SD_BUS_MESSAGE_METHOD_CALL, -EINVAL);
-        assert_return(!(m->header->flags & SD_BUS_MESSAGE_NO_REPLY_EXPECTED), -EINVAL);
+        assert_return(!(m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED), -EINVAL);
         assert_return(!bus_error_is_dirty(error), -EINVAL);
         assert_return(!bus_pid_changed(bus), -ECHILD);
 
@@ -1632,11 +1668,15 @@ _public_ int sd_bus_call(
 
         i = bus->rqueue_size;
 
+        r = bus_seal_message(bus, m, usec);
+        if (r < 0)
+                return r;
+
         r = sd_bus_send(bus, m, &serial);
         if (r < 0)
                 return r;
 
-        timeout = calc_elapse(usec);
+        timeout = calc_elapse(m->timeout);
 
         for (;;) {
                 usec_t left;
@@ -1713,6 +1753,8 @@ _public_ int sd_bus_call(
                 r = bus_poll(bus, true, left);
                 if (r < 0)
                         return r;
+                if (r == 0)
+                        return -ETIMEDOUT;
 
                 r = dispatch_wqueue(bus);
                 if (r < 0) {
@@ -1964,7 +2006,7 @@ static int process_builtin(sd_bus *bus, sd_bus_message *m) {
         if (!streq_ptr(m->interface, "org.freedesktop.DBus.Peer"))
                 return 0;
 
-        if (m->header->flags & SD_BUS_MESSAGE_NO_REPLY_EXPECTED)
+        if (m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED)
                 return 1;
 
         if (streq_ptr(m->member, "Ping"))
@@ -2551,6 +2593,66 @@ static int quit_callback(sd_event_source *event, void *userdata) {
         return 1;
 }
 
+static int attach_io_events(sd_bus *bus) {
+        int r;
+
+        assert(bus);
+
+        if (bus->input_fd < 0)
+                return 0;
+
+        if (!bus->event)
+                return 0;
+
+        if (!bus->input_io_event_source) {
+                r = sd_event_add_io(bus->event, bus->input_fd, 0, io_callback, bus, &bus->input_io_event_source);
+                if (r < 0)
+                        return r;
+
+                r = sd_event_source_set_prepare(bus->input_io_event_source, prepare_callback);
+                if (r < 0)
+                        return r;
+
+                r = sd_event_source_set_priority(bus->input_io_event_source, bus->event_priority);
+        } else
+                r = sd_event_source_set_io_fd(bus->input_io_event_source, bus->input_fd);
+
+        if (r < 0)
+                return r;
+
+        if (bus->output_fd != bus->input_fd) {
+                assert(bus->output_fd >= 0);
+
+                if (!bus->output_io_event_source) {
+                        r = sd_event_add_io(bus->event, bus->output_fd, 0, io_callback, bus, &bus->output_io_event_source);
+                        if (r < 0)
+                                return r;
+
+                        r = sd_event_source_set_priority(bus->output_io_event_source, bus->event_priority);
+                } else
+                        r = sd_event_source_set_io_fd(bus->output_io_event_source, bus->output_fd);
+
+                if (r < 0)
+                        return r;
+        }
+
+        return 0;
+}
+
+static void detach_io_events(sd_bus *bus) {
+        assert(bus);
+
+        if (bus->input_io_event_source) {
+                sd_event_source_set_enabled(bus->input_io_event_source, SD_EVENT_OFF);
+                bus->input_io_event_source = sd_event_source_unref(bus->input_io_event_source);
+        }
+
+        if (bus->output_io_event_source) {
+                sd_event_source_set_enabled(bus->output_io_event_source, SD_EVENT_OFF);
+                bus->output_io_event_source = sd_event_source_unref(bus->output_io_event_source);
+        }
+}
+
 _public_ int sd_bus_attach_event(sd_bus *bus, sd_event *event, int priority) {
         int r;
 
@@ -2569,37 +2671,21 @@ _public_ int sd_bus_attach_event(sd_bus *bus, sd_event *event, int priority) {
                         return r;
         }
 
-        r = sd_event_add_io(bus->event, bus->input_fd, 0, io_callback, bus, &bus->input_io_event_source);
-        if (r < 0)
-                goto fail;
-
-        r = sd_event_source_set_priority(bus->input_io_event_source, priority);
-        if (r < 0)
-                goto fail;
-
-        if (bus->output_fd != bus->input_fd) {
-                r = sd_event_add_io(bus->event, bus->output_fd, 0, io_callback, bus, &bus->output_io_event_source);
-                if (r < 0)
-                        goto fail;
-
-                r = sd_event_source_set_priority(bus->output_io_event_source, priority);
-                if (r < 0)
-                        goto fail;
-        }
+        bus->event_priority = priority;
 
-        r = sd_event_source_set_prepare(bus->input_io_event_source, prepare_callback);
+        r = sd_event_add_monotonic(bus->event, 0, 0, time_callback, bus, &bus->time_event_source);
         if (r < 0)
                 goto fail;
 
-        r = sd_event_add_monotonic(bus->event, 0, 0, time_callback, bus, &bus->time_event_source);
+        r = sd_event_source_set_priority(bus->time_event_source, priority);
         if (r < 0)
                 goto fail;
 
-        r = sd_event_source_set_priority(bus->time_event_source, priority);
+        r = sd_event_add_exit(bus->event, quit_callback, bus, &bus->quit_event_source);
         if (r < 0)
                 goto fail;
 
-        r = sd_event_add_quit(bus->event, quit_callback, bus, &bus->quit_event_source);
+        r = attach_io_events(bus);
         if (r < 0)
                 goto fail;
 
@@ -2612,17 +2698,11 @@ fail:
 
 _public_ int sd_bus_detach_event(sd_bus *bus) {
         assert_return(bus, -EINVAL);
-        assert_return(bus->event, -ENXIO);
 
-        if (bus->input_io_event_source) {
-                sd_event_source_set_enabled(bus->input_io_event_source, SD_EVENT_OFF);
-                bus->input_io_event_source = sd_event_source_unref(bus->input_io_event_source);
-        }
+        if (!bus->event)
+                return 0;
 
-        if (bus->output_io_event_source) {
-                sd_event_source_set_enabled(bus->output_io_event_source, SD_EVENT_OFF);
-                bus->output_io_event_source = sd_event_source_unref(bus->output_io_event_source);
-        }
+        detach_io_events(bus);
 
         if (bus->time_event_source) {
                 sd_event_source_set_enabled(bus->time_event_source, SD_EVENT_OFF);
@@ -2637,7 +2717,7 @@ _public_ int sd_bus_detach_event(sd_bus *bus) {
         if (bus->event)
                 bus->event = sd_event_unref(bus->event);
 
-        return 0;
+        return 1;
 }
 
 _public_ sd_event* sd_bus_get_event(sd_bus *bus) {
@@ -2785,7 +2865,7 @@ _public_ int sd_bus_get_peer_creds(sd_bus *bus, uint64_t mask, sd_bus_creds **re
         int r;
 
         assert_return(bus, -EINVAL);
-        assert_return(mask <= _SD_BUS_CREDS_MAX, -ENOTSUP);
+        assert_return(mask <= _SD_BUS_CREDS_ALL, -ENOTSUP);
         assert_return(ret, -EINVAL);
         assert_return(BUS_IS_OPEN(bus->state), -ENOTCONN);
         assert_return(!bus_pid_changed(bus), -ECHILD);
@@ -2803,7 +2883,7 @@ _public_ int sd_bus_get_peer_creds(sd_bus *bus, uint64_t mask, sd_bus_creds **re
                 c->uid = bus->ucred.uid;
                 c->gid = bus->ucred.gid;
 
-                c->mask |= ((SD_BUS_CREDS_UID | SD_BUS_CREDS_PID | SD_BUS_CREDS_GID) & mask) & bus->creds_mask;
+                c->mask |= (SD_BUS_CREDS_UID | SD_BUS_CREDS_PID | SD_BUS_CREDS_GID) & mask;
         }
 
         if (!isempty(bus->label) && (mask & SD_BUS_CREDS_SELINUX_CONTEXT)) {
@@ -2813,7 +2893,7 @@ _public_ int sd_bus_get_peer_creds(sd_bus *bus, uint64_t mask, sd_bus_creds **re
                         return -ENOMEM;
                 }
 
-                c->mask |= SD_BUS_CREDS_SELINUX_CONTEXT | bus->creds_mask;
+                c->mask |= SD_BUS_CREDS_SELINUX_CONTEXT;
         }
 
         r = bus_creds_add_more(c, mask, pid, 0);
Unnamed repository; edit this file 'description' to name the repository.