summaryrefslogtreecommitdiff
path: root/src/libsystemd/sd-bus/bus-control.c
AgeCommit message (Collapse)Author
2015-01-22Fix some format strings for enums, they are signedZbigniew Jędrzejewski-Szmek
2015-01-18bus: fix SD_BUS_CREDS_AUGMENT on kdbus queriesDavid Herrmann
If we set SD_BUS_CREDS_AUGMENT, we *need* the PID from the kernel so we can lookup further information from /proc. However, we *must* set SD_BUS_CREDS_PIDS in "mask", otherwise, our creds-collector will never actually copy the pid into "sd_bus_creds". Fix this, so SD_BUS_CREDS_AUGMENT works even if SD_BUS_CREDS_PID is not specified by the caller.
2015-01-18bus: fix typoDavid Herrmann
Fix comment typo and clarify that this is not about privileges but can have rather arbitrary reasons.
2015-01-18bus: use EUID over UID and fix unix-credsDavid Herrmann
Whenever a process performs an action on an object, the kernel uses the EUID of the process to do permission checks and to apply on any newly created objects. The UID of a process is only used if someone *ELSE* acts on the process. That is, the UID of a process defines who owns the process, the EUID defines what privileges are used by this process when performing an action. Process limits, on the other hand, are always applied to the real UID, not the effective UID. This is, because a process has a user object linked, which always corresponds to its UID. A process never has a user object linked for its EUID. Thus, accounting (and limits) is always done on the real UID. This commit fixes all sd-bus users to use the EUID when performing privilege checks and alike. Furthermore, it fixes unix-creds to be parsed as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone using UID (eg., to do user-accounting) has to fall back to the EUID as UDS does not transmit the UID.
2015-01-08sd-bus: fix copy-paste errorLukasz Skalski
2015-01-07sd-bus: always catch name requests for the special names ↵Lennart Poettering
"org.freedesktop.DBus" and "org.freedesktop.DBus.Local" and refuse them
2014-12-30bus: drop creds->capability_sizeDavid Herrmann
The number of available caps can be read from /proc/sys/kernel/cap_last_cap during runtime. Our helper cap_last_cap() does that, so there's no reason to remember the size of any capability cache. We can just pre-allocate arrays with a suitable size for all available caps and reject any higher caps. The kernel capability API uses u32 as base so make sure we do the same. Note that this is specified by POSIX, so it's unlikely to change.
2014-12-11bus: sync with kdbus.gitDavid Herrmann
Sync up with recent kdbus changed: * several ioctls gained .size and .items members (but still unused) * CMD_SEND gained its own ioctl structure * several members of kdbus_msg were dropped as they were only used during SEND, not during RECV etc. * CMD_RECV and CMD_SEND now share a kdbus_reply member which contains the offset and size of the returned message.
2014-12-09sd-bus: get rid of PID starttime conceptLennart Poettering
As kdbus no longer exports this, remove all traces from sd-bus too
2014-12-09sd-bus: catch up with current kdbus, don't do matches on kdbus monitor ↵Lennart Poettering
connections
2014-12-08bus-proxy: fix compat with autostarted servicesLennart Poettering
2014-11-28treewide: introduce UID_INVALID (and friends) as macro for (uid_t) -1Lennart Poettering
2014-11-28sd-bus: rework credential query logicLennart Poettering
Also, make the call to free kdbus slices generic and use it everywhere
2014-11-27sd-bus: when we get the list of well-known names back from kdbus we ↵Lennart Poettering
shouldn't confuse the empty list with unknown information
2014-11-26sd-bus: given that the kernel now passes the auxgroups list as 32bit array ↵Lennart Poettering
to us, no need to convert to uid_t manually This way, we can save one allocation and avoid copying the array unnecesarily.
2014-11-26sd-bus: add suppot for renegotiating message credential attach flagsLennart Poettering
2014-11-26sd-bus: use free_and_strdup() where appropriateLennart Poettering
This simplifies things a bit and makes sure we free any previously set creds component before writing in a new one.
2014-11-25sd-bus: add supplementary groups list to creds objectLennart Poettering
2014-11-25sd-bus: properly handle uninitialized audit creds from kdbusLennart Poettering
2014-11-25sd-bus: don't fail when querying creds and dbus1 refuses to tell us the ↵Lennart Poettering
selinux context
2014-11-25sd-bus: update to current kernel version, by splitting off the extended ↵Lennart Poettering
KDBUS_ITEM_PIDS structure from KDBUS_ITEM_CREDS Also: - adds support for euid, suid, fsuid, egid, sgid, fsgid fields. - makes augmentation of creds with data from /proc explicitly controllable to give apps better control over this, given that this is racy. - enables augmentation for kdbus connections (previously we only did it for dbus1). This is useful since with recent kdbus versions it is possible for clients to control the metadata they want to send. - changes sd_bus_query_sender_privilege() to take the euid of the client into consideration, if known - when we don't have permissions to read augmentation data from /proc, don't fail, just don't add the data in
2014-11-11sd-bus: pass attach flags to BUS_CREATOR_INFODaniel Mack
kdbus learned parsing the attach flags for the KDBUS_CMD_BUS_CREATOR_INFO ioctl. Bits not set in this mask will not be exported. Set that field to _KDBUS_ATTACH_ALL for now. Signed-off-by: Daniel Mack <daniel@zonque.org>
2014-11-04sd-bus: rename "connection name" to "description" for the sd-bus API tooLennart Poettering
kdbus recently renamed this concept, and so should we in what we expose in userspace.
2014-11-04sd-bus: sync kdbus.h (ABI break)Daniel Mack
Catch up with some changes in kdbus.h: * KDBUS_{ITEM,ATTACH}_CONN_NAME were renamed to KDBUS_{ITEM,ATTACH}_CONN_DESCRIPTION, so the term 'name' is not overloaded as much. * The item types were re-ordered a little so they are lined up to the order of the corresponding KDBUS_ATTACH flags * A new item type KDBUS_ITEM_OWNED_NAME was introduced, designated to store a struct kdbus_name in item->name. KDBUS_ITEM_NAME soley stores data in item->str now * Some kerneldoc fixes
2014-10-27sd-bus: sync kdbus.h (ABI break)Daniel Mack
Some comment fixes and header cleanups in kdbus.h, and the task capability meta information has been factored out to its own struct.
2014-10-22sd-bus: fix transition left-overs in sd_bus_get_owner_creds()Daniel Mack
sd_bus_get_owner_creds() was only halfly ported over to _cleanup_bus_creds_unref_.
2014-10-22sd-bus: implement sd_bus_get_owner_creds() for kdbusDaniel Mack
kdbus learned a new ioctl to tell userspace about a bus creator's credentials, which is what we need to implement sd_bus_get_owner_creds() for kdbus. Move the function from sd-bus.c to bus-control.c to be able to reuse the bus_populate_creds_from_items() helper.
2014-10-22sd-bus: rename sd_bus_get_owner_uid(), sd_bus_get_owner_machine_id() and ↵Daniel Mack
sd_bus_get_peer_creds() Clean up the function namespace by renaming the following: sd_bus_get_owner_uid() → sd_bus_get_name_creds_uid() sd_bus_get_owner_machine_id() → sd_bus_get_name_machine_id() sd_bus_get_peer_creds() → sd_bus_get_owner_creds()
2014-10-22sd-bus: factor out creds item iteratorDaniel Mack
We will re-use the code to walk items in order to populate a creds object, so let's factor it out first.
2014-10-22sd-bus: sync kdbus.hDaniel Mack
kdbus learned a new command to query a bus creator's credentials. Sync kdbus.h first, which also renames some struct to more generic terms. That is, however, not an ABI break this time.
2014-10-21sd-bus: sync kdbus.h (ABI break)Daniel Mack
In kdbus.h, the following details changed: * All commands gained a 'kernel_flags' field to report the flags supported by the driver. Before, this was done in the 'flags' field in a bidirectional way, which turned out to be a problem for the code in sd-bus, as many parts of it reuse the same ioctl struct more than once and consider them to be owned by userspace. * Name listings are now returned by a new struct instead of reusing struct kdbus_cmd_name for that matter. This way, we don't add more unneeded fields to it and make the API cleaner. * 'conn_flags' was renamed to 'flags' in struct kdbus_cmd_hello to make the API a bit more unified.
2014-10-20kdbus: free returned buffer when the memory is no longer neededLukasz Skalski
2014-10-18sd-bus: sync kdbus.h (ABI break)Daniel Mack
In kdbus.h, the 'features' field has been dropped again. Instead of negotiating features that way, we decided to make the kernel return the set of supported flags in each ioctl struct's .flags field, in both the success and error cases.
2014-10-10kdbus: fix buffer overflow in bus_get_owner_kdbus() functionLukasz Skalski
Commit 710fc9779b7c (kdbus repo) introduced attaching items[] instead of name[] in kdbus_cmd_conn_info struct. Commit 581fe6c81 (systemd repo) caught up with this change, but item size was not properly calculated.
2014-10-06sd-bus: sync kdbus.h (ABI break)Daniel Mack
The KDBUS_CMD_FREE ioctl now uses a struct rather than a direct pointer to the offset to free. The KDBUS_CMD_MSG_CANCEL ioctl has also changes, but there's no user of it yet in systemd.
2014-10-02sd-bus: sync kdbus.h (ABI break)Daniel Mack
struct kdbus_cmd_conn_info takes a list of items now instead of a string. Fix the only user in SD of that ioctl.
2014-09-28sd-bus: clean up string length calculationDaniel Mack
Move the +1 calculus onto the definition of the variable, just to make the code a little easier to read. No functional change.
2014-09-23sd-bus: sync kdbus.h (API break)Daniel Mack
Just a rename of two struct members to make the header file c++ compatible.
2014-09-22sd-bus: sync kdbus.h (API+ABI break)Daniel Mack
The kdbus logic name registry logic was changed to transport the actual name to acquire, release or report in a kdbus item. This brings the name API a little more in line with other calls, and allows for later augmentation. Follow that change on the systemd side.
2014-09-22bus: align kdbus ioctl parameters to 8byteDavid Herrmann
All kdbus ioctl arguments must be 8byte aligned. Make sure we use alloca_align() and _alignas_(8) in all situations where gcc doesn't guarantee 8-byte alignment. Note that objects on the stack are always 8byte aligned as we put _alignas_(8) into the structure definition in kdbus.h.
2014-08-18bus-control: Fix cgroup handlingDenis Kenzior
On systems without properly setup systemd, cg_get_root_path returns -ENOENT. This means that busctl doesn't display much information. busctl monitor also fails whenever it intercepts messages. This fix fakes creates a fake "/" root cgroup which lets busctl work on such systems.
2014-05-15sd-bus: fix an assert when running in kdbus modeLennart Poettering
2014-05-15sd-bus: don't hit assert when installing matchLennart Poettering
2014-04-22bus: remove "on behalf" kdbus logic (ABI break)Kay Sievers
2014-04-10bus: catch up with kdbus changes (ABI break)Kay Sievers
2014-03-19sd-bus: don't use assert_return() to check for disconnected bus connectionsLennart Poettering
A terminated connection is a runtime error and not a developer mistake, hence don't use assert_return() to check for it.
2014-03-19sd-bus: add proper monitoring APILennart Poettering
2014-03-04Introduce strv_consume which takes ownershipZbigniew Jędrzejewski-Szmek
This mirrors set_consume and makes the common use a bit nicer.
2014-02-20api: in constructor function calls, always put the returned object pointer ↵Lennart Poettering
first (or second) Previously the returned object of constructor functions where sometimes returned as last, sometimes as first and sometimes as second parameter. Let's clean this up a bit. Here are the new rules: 1. The object the new object is derived from is put first, if there is any 2. The object we are creating will be returned in the next arguments 3. This is followed by any additional arguments Rationale: For functions that operate on an object we always put that object first. Constructors should probably not be too different in this regard. Also, if the additional parameters might want to use varargs which suggests to put them last. Note that this new scheme only applies to constructor functions, not to all other functions. We do give a lot of freedom for those. Note that this commit only changes the order of the new functions we added, for old ones we accept the wrong order and leave it like that.
2014-02-19make gcc shut upLennart Poettering
If -flto is used then gcc will generate a lot more warnings than before, among them a number of use-without-initialization warnings. Most of them without are false positives, but let's make them go away, because it doesn't really matter.