summaryrefslogtreecommitdiff
path: root/src/bus-proxyd/driver.c
AgeCommit message (Collapse)Author
2015-11-27tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easyLennart Poettering
GLIB has recently started to officially support the gcc cleanup attribute in its public API, hence let's do the same for our APIs. With this patch we'll define an xyz_unrefp() call for each public xyz_unref() call, to make it easy to use inside a __attribute__((cleanup())) expression. Then, all code is ported over to make use of this. The new calls are also documented in the man pages, with examples how to use them (well, I only added docs where the _unref() call itself already had docs, and the examples, only cover sd_bus_unrefp() and sd_event_unrefp()). This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we tend to call our destructors these days. Note that this defines no public macro that wraps gcc's attribute and makes it easier to use. While I think it's our duty in the library to make our stuff easy to use, I figure it's not our duty to make gcc's own features easy to use on its own. Most likely, client code which wants to make use of this should define its own: #define _cleanup_(function) __attribute__((cleanup(function))) Or similar, to make the gcc feature easier to use. Making this logic public has the benefit that we can remove three header files whose only purpose was to define these functions internally. See #2008.
2015-10-27util-lib: split out allocation calls into alloc-util.[ch]Lennart Poettering
2015-10-24util-lib: split our string related calls from util.[ch] into its own file ↵Lennart Poettering
string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.
2015-08-04bus-proxy: discard invalid environment updatesDavid Herrmann
If the caller provides invalid assignments via UpdateActivationEnvironment=, we now drop it and warn loudly about it. We need this to be compatible to dbus1, but we also clearly want to tell the caller that they better ought to follow POSIX recommendations and use valid labels only. Fixes #826.
2015-07-31bus-proxy: allow empty arguments to UpdateActivationEnvironment()systemd/v224David Herrmann
There is no reason to prevent empty argument lists on UpdateActivationEnvironment(). Make sure we don't fail, but still skip the call to pid1.
2015-07-31bus-proxy: fix cookie namespacingDavid Herrmann
If we generate messages from within bus-proxyd, we really must make sure that we do not clutter the cookie-namespace of our client. The client has full control over it, so we cannot steal cookies from it. However, we can re-use the cookie the client used for our request. As long as we only send a single message, we're fine.
2015-07-31bus-proxy: make StartServiceByName synchronousDavid Herrmann
The StartServiceByName() call was provided by dbus-daemon to activate a service without sending a message. On receiption, dbus-daemon schedules an activation request (different modes are supported) and sends back the reply once activation is done. With kdbus, we marked StartServiceByName() as deprecated. There is no real reason to start services explicitly. Instead, applications should just *use* the service and rely on it being activated implicitly. However, we provide compatibility with dbus-daemon and implement StartServiceByName() on the proxy via a call to org.freedesktop.DBus.Peer.Ping() on the destination. This will activate the peer implicitly as part of the no-op Ping() method call (regardless whether the peer actually implements that call). Now, the problem is, StartServiceByName() was synchronous on dbus-daemon but isn't on bus-proxy. Hence, on return, there is no guarantee that ListNames includes the activated name. As this is required by some applications, we need to make this synchronous. This patch makes the proxy track the Ping() method call and send the reply of StartServiceByName() only once Ping() returned. We do not look at possible errors of Ping(), as there is no strict requirement for the peer to implement org.freedesktop.DBus.Peer. Furthermore, any interesting error should have already been caught by sd_bus_send() before. Note: This race was triggered by gdbus. The gdbus-proxy implementation relies on a name to be available after StartServiceByName() returns. This is highly fragile and should be dropped by gdbus. Even if the call is synchronous, there is no reason whatsoever to assume the service did not exit-on-idle before ListNames() returns. However, this race is much less likely than the startup race, so we try to be compatible to dbus-daemon now.
2015-07-30sd-bus: fix parsing of KDBUS_CMD_LISTDavid Herrmann
We *must not* assume that an entry returned by KDBUS_CMD_LIST only carries a single KDBUS_ITEM_OWNED_NAME. Similarly, we already parse multiple such items for message-metadata, so make sure we support the same on KDBUS_CMD_LIST. By relying on the kernel to return all names separately, we limit the kernel API significantly. Stop this and let the kernel decide how to return its data.
2015-07-16bus-proxy: never pass on unmatched broadcastsDavid Herrmann
The lovely libvirtd goes into crazy mode if it receives broadcasts that it didn't subscribe to. With bus-proxyd, this might happen in 2 cases: 1) The kernel passes us an unmatched signal due to a false-positive bloom-match. 2) We generate NameOwnerChanged/NameAcquired/NameLost locally even though the peer didn't subscribe to it. dbus-daemon is reliable in what signals it passes on. So make sure we follow that style. Never ever send a signal to a local peer if it doesn't match an installed filter of that peer.
2015-05-21bus-proxy: fix GetConnectionSELinuxSecurityContext() return valueLennart Poettering
2015-03-13tree-wide: there is no ENOTSUP on linuxDavid Herrmann
Replace ENOTSUP by EOPNOTSUPP as this is what linux actually uses.
2015-03-10bus-proxy: add support for "GetConnectionCredentials" methodLukasz Skalski
GetConnectionCredentials method was added to dbus-1 specification more than one year ago. This method should return "[...] as many credentials as possible for the process connected to the server", but at this moment only "UnixUserID", "LinuxSecurityLabel" and "ProcessID" are defined by the specification. We should add support for next credentials after extending dbus-1 spec.
2015-02-23remove unused includesThomas Hindoe Paaboel Andersen
This patch removes includes that are not used. The removals were found with include-what-you-use which checks if any of the symbols from a header is in use.
2015-02-13bus-proxy: rename synthetic_reply_return_strv() to ↵Lennart Poettering
synthetic_reply_method_return_strv() That way it matches more closely the nomenclature of our other success reply calls.
2015-02-10bus-proxyd: initialize ioctl structure only onceLennart Poettering
2015-02-07bus-proxyd: fix 'ListQueuedOwners' callLukasz Skalski
Set proper kdbus_cmd_list object size, otherwise: dbus-send --system --dest=org.freedesktop.DBus --type=method_call \ print-reply / org.freedesktop.DBus.ListQueuedOwners string:org.freedesktop.systemd1 Error org.freedesktop.DBus.Error.InvalidArgs: Invalid argument
2015-02-05bus: sync with kdbus (ABI break)David Herrmann
2015-02-02remove unused variablesThomas Hindoe Paaboel Andersen
2015-01-18bus-proxy: don't pretend everyone is rootDavid Herrmann
While it's a lovely scenario, it's probably not really useful. Fix our GetConnectionUnixUser() to return the actual 'euid' which we asked for, not the possible uninitialized 'uid'.
2015-01-18bus: use EUID over UID and fix unix-credsDavid Herrmann
Whenever a process performs an action on an object, the kernel uses the EUID of the process to do permission checks and to apply on any newly created objects. The UID of a process is only used if someone *ELSE* acts on the process. That is, the UID of a process defines who owns the process, the EUID defines what privileges are used by this process when performing an action. Process limits, on the other hand, are always applied to the real UID, not the effective UID. This is, because a process has a user object linked, which always corresponds to its UID. A process never has a user object linked for its EUID. Thus, accounting (and limits) is always done on the real UID. This commit fixes all sd-bus users to use the EUID when performing privilege checks and alike. Furthermore, it fixes unix-creds to be parsed as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone using UID (eg., to do user-accounting) has to fall back to the EUID as UDS does not transmit the UID.
2015-01-17bus-proxy: implement org.freedesktop.DBus.ReloadConfig()David Herrmann
Make sure to reload our xml policy configuration if requested via the bus.
2015-01-17bus-proxy: fix indentationDavid Herrmann
Fix whitespace indentation.
2015-01-17bus-proxy: share policy between threadsDavid Herrmann
This implements a shared policy cache with read-write locks. We no longer parse the XML policy in each thread. This will allow us to easily implement ReloadConfig().
2015-01-15bus-proxy: factor out code for driver handling and message synthesisDaniel Mack
Move synthesize_*() into synthesize.c and bus_proxy_process_driver() into driver.c for better code separation.