diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/fsck/fsck.c | 71 | ||||
-rw-r--r-- | src/libsystemd-bus/bus-util.c | 74 | ||||
-rw-r--r-- | src/libsystemd-bus/bus-util.h | 2 |
3 files changed, 100 insertions, 47 deletions
diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c index 96a79ddcdb..5c21c7e41f 100644 --- a/src/fsck/fsck.c +++ b/src/fsck/fsck.c @@ -27,15 +27,16 @@ #include <fcntl.h> #include <sys/file.h> -#include <dbus/dbus.h> +#include "sd-bus.h" +#include "libudev.h" #include "util.h" -#include "dbus-common.h" #include "special.h" +#include "bus-util.h" +#include "bus-error.h" #include "bus-errors.h" #include "virt.h" #include "fileio.h" -#include "libudev.h" #include "udev-util.h" static bool arg_skip = false; @@ -43,62 +44,38 @@ static bool arg_force = false; static bool arg_show_progress = false; static void start_target(const char *target) { - DBusMessage *m = NULL, *reply = NULL; - DBusError error; - const char *mode = "replace", *basic_target = "basic.target"; - DBusConnection *bus = NULL; + _cleanup_bus_unref_ sd_bus *bus = NULL; + _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL; + int r; assert(target); - dbus_error_init(&error); - - if (bus_connect(DBUS_BUS_SYSTEM, &bus, NULL, &error) < 0) { - log_error("Failed to get D-Bus connection: %s", bus_error_message(&error)); - goto finish; + r = bus_connect_system(&bus); + if (r < 0) { + log_error("Failed to get D-Bus connection: %s", strerror(-r)); + return; } - log_info("Running request %s/start/%s", target, mode); - - if (!(m = dbus_message_new_method_call("org.freedesktop.systemd1", "/org/freedesktop/systemd1", "org.freedesktop.systemd1.Manager", "StartUnitReplace"))) { - log_error("Could not allocate message."); - goto finish; - } + log_info("Running request %s/start/replace", target); /* Start these units only if we can replace base.target with it */ - - if (!dbus_message_append_args(m, - DBUS_TYPE_STRING, &basic_target, - DBUS_TYPE_STRING, &target, - DBUS_TYPE_STRING, &mode, - DBUS_TYPE_INVALID)) { - log_error("Could not attach target and flag information to message."); - goto finish; - } - - if (!(reply = dbus_connection_send_with_reply_and_block(bus, m, -1, &error))) { + r = sd_bus_call_method(bus, + "org.freedesktop.systemd1", + "/org/freedesktop/systemd1", + "org.freedesktop.systemd1.Manager", + "StartUnitReplace", + &error, + NULL, + "sss", "basic.target", target, "replace"); + if (r < 0) { /* Don't print a warning if we aren't called during * startup */ - if (!dbus_error_has_name(&error, BUS_ERROR_NO_SUCH_JOB)) - log_error("Failed to start unit: %s", bus_error_message(&error)); - - goto finish; - } - -finish: - if (m) - dbus_message_unref(m); - - if (reply) - dbus_message_unref(reply); - - if (bus) { - dbus_connection_flush(bus); - dbus_connection_close(bus); - dbus_connection_unref(bus); + if (!sd_bus_error_has_name(&error, BUS_ERROR_NO_SUCH_JOB)) + log_error("Failed to start unit: %s", bus_error_message(&error, -r)); } - dbus_error_free(&error); + return; } static int parse_proc_cmdline(void) { diff --git a/src/libsystemd-bus/bus-util.c b/src/libsystemd-bus/bus-util.c index b77ae91681..0046b486cf 100644 --- a/src/libsystemd-bus/bus-util.c +++ b/src/libsystemd-bus/bus-util.c @@ -19,6 +19,8 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>. ***/ +#include <sys/socket.h> + #include "sd-event.h" #include "sd-bus.h" @@ -376,3 +378,75 @@ void bus_verify_polkit_async_registry_free(sd_bus *bus, Hashmap *registry) { hashmap_free(registry); #endif } + +static int bus_check_peercred(sd_bus *c) { + int fd; + struct ucred ucred; + socklen_t l; + + assert(c); + + fd = sd_bus_get_fd(c); + + assert(fd >= 0); + + l = sizeof(struct ucred); + if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &l) < 0) { + log_error("SO_PEERCRED failed: %m"); + return -errno; + } + + if (l != sizeof(struct ucred)) { + log_error("SO_PEERCRED returned wrong size."); + return -E2BIG; + } + + if (ucred.uid != 0 && ucred.uid != geteuid()) + return -EPERM; + + return 1; +} + +int bus_connect_system(sd_bus **_bus) { + sd_bus *bus = NULL; + int r; + bool private = true; + + assert(_bus); + + if (geteuid() == 0) { + /* If we are root, then let's talk directly to the + * system instance, instead of going via the bus */ + + r = sd_bus_new(&bus); + if (r < 0) + return r; + + r = sd_bus_set_address(bus, "unix:path=/run/systemd/private"); + if (r < 0) + return r; + + r = sd_bus_start(bus); + if (r < 0) + return r; + + } else { + r = sd_bus_open_system(&bus); + if (r < 0) + return r; + + private = false; + } + + if (private) { + r = bus_check_peercred(bus); + if (r < 0) { + sd_bus_unref(bus); + + return -EACCES; + } + } + + *_bus = bus; + return 0; +} diff --git a/src/libsystemd-bus/bus-util.h b/src/libsystemd-bus/bus-util.h index 354183f690..9b270c8212 100644 --- a/src/libsystemd-bus/bus-util.h +++ b/src/libsystemd-bus/bus-util.h @@ -37,6 +37,8 @@ int bus_verify_polkit(sd_bus *bus, sd_bus_message *m, const char *action, bool i int bus_verify_polkit_async(sd_bus *bus, Hashmap **registry, sd_bus_message *m, const char *action, bool interactive, sd_bus_error *error, sd_bus_message_handler_t callback, void *userdata); void bus_verify_polkit_async_registry_free(sd_bus *bus, Hashmap *registry); +int bus_connect_system(sd_bus **_bus); + DEFINE_TRIVIAL_CLEANUP_FUNC(sd_bus*, sd_bus_unref); DEFINE_TRIVIAL_CLEANUP_FUNC(sd_bus_message*, sd_bus_message_unref); |