summaryrefslogtreecommitdiff
path: root/src/bus-proxyd
AgeCommit message (Collapse)Author
2015-11-17tree-wide: use right cast macros for UIDs, GIDs and PIDsLennart Poettering
2015-11-16tree-wide: sort includesThomas Hindoe Paaboel Andersen
Sort the includes accoding to the new coding style.
2015-10-27util-lib: split out allocation calls into alloc-util.[ch]Lennart Poettering
2015-10-27user-util: move UID/GID related macros from macro.h to user-util.hLennart Poettering
2015-10-27src/basic: rename audit.[ch] → audit-util.[ch] and capability.[ch] → ↵Lennart Poettering
capability-util.[ch] The files are named too generically, so that they might conflict with the upstream project headers. Hence, let's add a "-util" suffix, to clarify that this are just our utility headers and not any official upstream headers.
2015-10-27util-lib: move more locale-related calls to locale-util.[ch]Lennart Poettering
2015-10-27util-lib: move string table stuff into its own string-table.[ch]Lennart Poettering
2015-10-26util-lib: split out user/group/uid/gid calls into user-util.[ch]Lennart Poettering
2015-10-25util-lib: split out fd-related operations into fd-util.[ch]Lennart Poettering
There are more than enough to deserve their own .c file, hence move them over.
2015-10-24util-lib: split our string related calls from util.[ch] into its own file ↵Lennart Poettering
string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.
2015-10-17sd-bus: fix error handling of pthread API callsLennart Poettering
pthread APIs (unlike the rest of libc) return their errors as positive error codes directly from the functions, rather than using errno. Let's make sure we always handle things that way.
2015-10-17bus-proxy: don't close local bus fds twiceLennart Poettering
Clear up how we pass fd owner ship to proxy and bus objects. Document that ownership is passed of the fds in question even in case of failing constructors, and that callers should forget about fds pass into the proxy object. The alternative would be to duplicate the fds, but given that fds are a relatively scarce and heavy resource let's better avoid that. Fixes #1591.
2015-09-29util: introduce common version() implementation and use it everywhereLennart Poettering
This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-08-27Revert "sd-bus: do not connect to dbus-1 socket when kdbus is available"David Herrmann
This reverts commit d4d00020d6ad855d65d31020fefa5003e1bb477f. The idea of the commit is broken and needs to be reworked. We really cannot reduce the bus-addresses to a single address. We always will have systemd with native clients and legacy clients at the same time, so we also need both addresses at the same time.
2015-08-11 sd-bus: do not connect to dbus-1 socket when kdbus is availableKay Sievers
We should not fall back to dbus-1 and connect to the proxy when kdbus returns an error that indicates that kdbus is running but just does not accept new connections because of quota limits or something similar. Using is_kdbus_available() in libsystemd/ requires it to move from shared/ to libsystemd/. Based on a patch from David Herrmann: https://github.com/systemd/systemd/pull/886
2015-08-06bus-proxy: add comment to remove -EPERM checkKay Sievers
2015-08-06bus-proxy: fix error code for invalid reply-slotsDavid Herrmann
The kernel may return EBADSLT if a reply slot cannot be found. Make sure to ignore it just like we ignore EPERM (the comment still applies).
2015-08-04bus-proxy: discard invalid environment updatesDavid Herrmann
If the caller provides invalid assignments via UpdateActivationEnvironment=, we now drop it and warn loudly about it. We need this to be compatible to dbus1, but we also clearly want to tell the caller that they better ought to follow POSIX recommendations and use valid labels only. Fixes #826.
2015-07-31tree-wide: introduce mfree()David Herrmann
Pretty trivial helper which wraps free() but returns NULL, so we can simplify this: free(foobar); foobar = NULL; to this: foobar = mfree(foobar);
2015-07-31bus-proxy: allow empty arguments to UpdateActivationEnvironment()systemd/v224David Herrmann
There is no reason to prevent empty argument lists on UpdateActivationEnvironment(). Make sure we don't fail, but still skip the call to pid1.
2015-07-31bus-proxy: fix cookie namespacingDavid Herrmann
If we generate messages from within bus-proxyd, we really must make sure that we do not clutter the cookie-namespace of our client. The client has full control over it, so we cannot steal cookies from it. However, we can re-use the cookie the client used for our request. As long as we only send a single message, we're fine.
2015-07-31Merge pull request #804 from dvdhrm/proxy-directed2Daniel Mack
bus-proxy: make NameAcquired/Lost directed (v2)
2015-07-31bus-proxy: make StartServiceByName synchronousDavid Herrmann
The StartServiceByName() call was provided by dbus-daemon to activate a service without sending a message. On receiption, dbus-daemon schedules an activation request (different modes are supported) and sends back the reply once activation is done. With kdbus, we marked StartServiceByName() as deprecated. There is no real reason to start services explicitly. Instead, applications should just *use* the service and rely on it being activated implicitly. However, we provide compatibility with dbus-daemon and implement StartServiceByName() on the proxy via a call to org.freedesktop.DBus.Peer.Ping() on the destination. This will activate the peer implicitly as part of the no-op Ping() method call (regardless whether the peer actually implements that call). Now, the problem is, StartServiceByName() was synchronous on dbus-daemon but isn't on bus-proxy. Hence, on return, there is no guarantee that ListNames includes the activated name. As this is required by some applications, we need to make this synchronous. This patch makes the proxy track the Ping() method call and send the reply of StartServiceByName() only once Ping() returned. We do not look at possible errors of Ping(), as there is no strict requirement for the peer to implement org.freedesktop.DBus.Peer. Furthermore, any interesting error should have already been caught by sd_bus_send() before. Note: This race was triggered by gdbus. The gdbus-proxy implementation relies on a name to be available after StartServiceByName() returns. This is highly fragile and should be dropped by gdbus. Even if the call is synchronous, there is no reason whatsoever to assume the service did not exit-on-idle before ListNames() returns. However, this race is much less likely than the startup race, so we try to be compatible to dbus-daemon now.
2015-07-31bus-proxy: don't filter directed signalsDavid Herrmann
NameAcquired and NameLost are directed signals. Never ever filter them on dbus1. On dbus1, filters *exclusively* apply to broadcasts! Hence, we must always forward directed signals unconditionally!
2015-07-31bus-proxy: fix NameAcquired and NameLost to be directedDavid Herrmann
The NameAcquired and NameLost signals are _directed_ signals. Make sure we properly set the destination correctly, and verify it in our proxy-test.
2015-07-30sd-bus: fix parsing of KDBUS_CMD_LISTDavid Herrmann
We *must not* assume that an entry returned by KDBUS_CMD_LIST only carries a single KDBUS_ITEM_OWNED_NAME. Similarly, we already parse multiple such items for message-metadata, so make sure we support the same on KDBUS_CMD_LIST. By relying on the kernel to return all names separately, we limit the kernel API significantly. Stop this and let the kernel decide how to return its data.
2015-07-27bus-proxy: augment debug message for dropped broadcasts a bitDaniel Mack
Add the PID we are proxying for, as well as the message's sender and destination string, to the debug message that is printed when the proxy drops unmatched broadcasts.
2015-07-25proxyd: downgrade to log_debug() for unmatched broadcastsDaniel Buch
2015-07-16bus-proxy: never pass on unmatched broadcastsDavid Herrmann
The lovely libvirtd goes into crazy mode if it receives broadcasts that it didn't subscribe to. With bus-proxyd, this might happen in 2 cases: 1) The kernel passes us an unmatched signal due to a false-positive bloom-match. 2) We generate NameOwnerChanged/NameAcquired/NameLost locally even though the peer didn't subscribe to it. dbus-daemon is reliable in what signals it passes on. So make sure we follow that style. Never ever send a signal to a local peer if it doesn't match an installed filter of that peer.
2015-07-06bus-proxyd: fix log message and explain dbus-1 compat matchesKay Sievers
2015-07-06bus-proxyd: subscribe to unicast signals directed to the proxy connectionKay Sievers
2015-07-03sd-bus: introduce new sd_bus_flush_close_unref() callLennart Poettering
sd_bus_flush_close_unref() is a call that simply combines sd_bus_flush() (which writes all unwritten messages out) + sd_bus_close() (which terminates the connection, releasing all unread messages) + sd_bus_unref() (which frees the connection). The combination of this call is used pretty frequently in systemd tools right before exiting, and should also be relevant for most external clients, and is hence useful to cover in a call of its own. Previously the combination of the three calls was already done in the _cleanup_bus_close_unref_ macro, but this was only available internally. Also see #327
2015-07-01bus-proxy: never apply policy when sending signalsDavid Herrmann
Unlike dbus-daemon, the bus-proxy does not know the receiver of a broadcast (as the kernel has exclusive access on the bus connections). Hence, and "destination=" matches in dbus1 policies cannot be applied. But kdbus does not place any restrictions on *SENDING* broadcasts, anyway. The kernel never returns EPERM to KDBUS_CMD_SEND if KDBUS_MSG_SIGNAL is set. Instead, receiver policies are checked. Hence, stop checking sender policies for signals in bus-proxy and leave it up to the kernel. This fixes some network-manager bus-proxy issues where NM uses weird dst-based matches against interface-based matches. As we cannot perform dst-based matches, our bus-proxy cannot properly implement this policy.
2015-06-25bus-proxy: ignore 'log' attributes in XML policyDaniel Mack
'log' is unsupported but nothing to warn about. Ignore it just like we ignore 'eavesdrop'.
2015-06-17bus-proxy: add new dbus policy search paths from /usrLennart Poettering
D-Bus upstream is working on extending the configuration/policy search path, follow this. See #274 for details.
2015-06-17turn kdbus support into a runtime optionKay Sievers
./configure --enable/disable-kdbus can be used to set the default behavior regarding kdbus. If no kdbus kernel support is available, dbus-dameon will be used. With --enable-kdbus, the kernel command line option "kdbus=0" can be used to disable kdbus. With --disable-kdbus, the kernel command line option "kdbus=1" is required to enable kdbus support.
2015-05-21bus-proxy: fix GetConnectionSELinuxSecurityContext() return valueLennart Poettering
2015-04-10shared: add formats-util.hRonny Chevalier
2015-03-13tree-wide: there is no ENOTSUP on linuxDavid Herrmann
Replace ENOTSUP by EOPNOTSUPP as this is what linux actually uses.
2015-03-11bus-proxy: complain only once about queue overflowsDavid Herrmann
If the local peer does not dispatch its incoming queue, the bus-proxy will slowly fill its outgoing queue. Once its full, it will continously complain that it cannot forward its messages. As it turns out, pulseaudio does have an idle background dbus connection that is not integrated into any mainloop (and given that gdbus and libdbus1 both support background shared connections, PA is probably not the only example), therefore, the bus-proxy will loudly complain if it cannot forward NameOwnerChanged events once the queue is full. This commit makes the proxy track queue-state and complain only once the queue runs full, not if it is already full. A PA bug-report (and patch) has been filed, and other applications should be fixed similarly. Hence, lets keep the error message, instead of dropping it. It's unused resources we really want to get rid of, so silencing the message does not really help (which is actually what dbus-daemon does).
2015-03-10bus-proxy: add support for "GetConnectionCredentials" methodLukasz Skalski
GetConnectionCredentials method was added to dbus-1 specification more than one year ago. This method should return "[...] as many credentials as possible for the process connected to the server", but at this moment only "UnixUserID", "LinuxSecurityLabel" and "ProcessID" are defined by the specification. We should add support for next credentials after extending dbus-1 spec.
2015-03-03bus-proxyd: avoid logging oom twiceZbigniew Jędrzejewski-Szmek
2015-02-23remove unused includesThomas Hindoe Paaboel Andersen
This patch removes includes that are not used. The removals were found with include-what-you-use which checks if any of the symbols from a header is in use.
2015-02-14bus-proxy: be more verbose if messages cannot be forwardedDavid Herrmann
If we cannot forward messages, include information on the peer and message just like the xml-policy does. This helps debugging such situations and figuring out what exactly is going wrong.
2015-02-14bus-proxy: don't fake data we don't haveDavid Herrmann
UDS sockets transmit EUID+EGID only. Don't try to fake data we don't know! Otherwise, this might be used to override user-limits by non-root setuid programs (by faking UID==EUID). Now that sd-bus is fixed to always use EUID even on UDS, we can safely set all other UID/GID fields to INVALID.
2015-02-13bus-proxy: ECONNRESET/ENOTCONN can hit us on every step, hence handle it on ↵Lennart Poettering
every step
2015-02-13bus-proxy: a few simplificationsLennart Poettering
2015-02-13bus-proxy: close each connection fd only onceLennart Poettering
After passing the fds over to the sd_bus object, we should forget them, so that we don't close them a second time when the object goes away.
2015-02-13bus-proxy: also consider ENOTCONN a clean termination conditionLennart Poettering
Sometimes, when we try to reply to messages we don't check return values. This means we might miss a ECONNRESET, and will get a ENOTCONN on next command. Treat both the same hence.
2015-02-13bus-proxy: whenever we cannot forward a message, report this back to caller, ↵Lennart Poettering
but don't exit Errors like EPERM from the kernel should certainly not be reason to exit. Let's try to be defensive here, and try to continue on most send errors, but possibly tell the sender about it.