summaryrefslogtreecommitdiff
path: root/src/libsystemd/sd-bus/bus-creds.c
AgeCommit message (Collapse)Author
2015-11-27tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easyLennart Poettering
GLIB has recently started to officially support the gcc cleanup attribute in its public API, hence let's do the same for our APIs. With this patch we'll define an xyz_unrefp() call for each public xyz_unref() call, to make it easy to use inside a __attribute__((cleanup())) expression. Then, all code is ported over to make use of this. The new calls are also documented in the man pages, with examples how to use them (well, I only added docs where the _unref() call itself already had docs, and the examples, only cover sd_bus_unrefp() and sd_event_unrefp()). This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we tend to call our destructors these days. Note that this defines no public macro that wraps gcc's attribute and makes it easier to use. While I think it's our duty in the library to make our stuff easy to use, I figure it's not our duty to make gcc's own features easy to use on its own. Most likely, client code which wants to make use of this should define its own: #define _cleanup_(function) __attribute__((cleanup(function))) Or similar, to make the gcc feature easier to use. Making this logic public has the benefit that we can remove three header files whose only purpose was to define these functions internally. See #2008.
2015-10-27util-lib: split out allocation calls into alloc-util.[ch]Lennart Poettering
2015-10-27user-util: move UID/GID related macros from macro.h to user-util.hLennart Poettering
2015-10-27src/basic: rename audit.[ch] → audit-util.[ch] and capability.[ch] → ↵Lennart Poettering
capability-util.[ch] The files are named too generically, so that they might conflict with the upstream project headers. Hence, let's add a "-util" suffix, to clarify that this are just our utility headers and not any official upstream headers.
2015-10-27util-lib: split out hex/dec/oct encoding/decoding into its own fileLennart Poettering
2015-10-27util-lib: split string parsing related calls from util.[ch] into parse-util.[ch]Lennart Poettering
2015-10-25util-lib: split out fd-related operations into fd-util.[ch]Lennart Poettering
There are more than enough to deserve their own .c file, hence move them over.
2015-10-24util-lib: split our string related calls from util.[ch] into its own file ↵Lennart Poettering
string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.
2015-09-09tree-wide: make use of the fact that strv_free() returns NULLLennart Poettering
Another Coccinelle patch.
2015-09-09tree-wide: drop {} from one-line if blocksLennart Poettering
Patch via coccinelle.
2015-09-09tree-wide: use coccinelle to patch a lot of code to use mfree()Lennart Poettering
This replaces this: free(p); p = NULL; by this: p = mfree(p); Change generated using coccinelle. Semantic patch is added to the sources.
2015-09-04audit: audit calls should return ENODATA when process are not in an audit ↵Lennart Poettering
session ENODATA is how we usually indicate such "missing info" cases, so we should do this here, too.
2015-08-27Revert "sd-bus: do not connect to dbus-1 socket when kdbus is available"David Herrmann
This reverts commit d4d00020d6ad855d65d31020fefa5003e1bb477f. The idea of the commit is broken and needs to be reworked. We really cannot reduce the bus-addresses to a single address. We always will have systemd with native clients and legacy clients at the same time, so we also need both addresses at the same time.
2015-08-11 sd-bus: do not connect to dbus-1 socket when kdbus is availableKay Sievers
We should not fall back to dbus-1 and connect to the proxy when kdbus returns an error that indicates that kdbus is running but just does not accept new connections because of quota limits or something similar. Using is_kdbus_available() in libsystemd/ requires it to move from shared/ to libsystemd/. Based on a patch from David Herrmann: https://github.com/systemd/systemd/pull/886
2015-06-09bus-creds: always set SD_BUS_CREDS_PID when we set pid in the maskZbigniew Jędrzejewski-Szmek
Also reorder the code a bit to be easier to parse.
2015-05-26treewide: fix typosTorstein Husebø
2015-04-30sd-bus,sd-login: add api for querying the slice within the the user systemd ↵Lennart Poettering
instance of a process units are organized in slice trees, not only for the system instance, but also for user systemd instances, expose this properly.
2015-04-29sd-bus: properly handle creds that are known but undefined for a processLennart Poettering
A number of fields do not apply to all processes, including: there a processes without a controlling tty, without parent process, without service, user services or session. To distuingish these cases from the case where we simply don't have the data, always return ENXIO for them, while returning ENODATA for the case where we really lack the information. Also update the credentials dumping code to show this properly. Fields that are known but do not apply are now shown as "n/a". Note that this also changes some of the calls in process-util.c and cgroup-util.c to return ENXIO for these cases.
2015-04-23sd-bus: add controlling tty field to sd_creds objectLennart Poettering
This is useful to print wall messages from logind with the right client tty. (to be added in a later patch)
2015-04-22sd-bus: handle ppid=0 more gracefully (which happens for pid=1)Lennart Poettering
2015-04-21sd-bus: expose ppid fieldLennart Poettering
kdbus has been passing us the ppid file for a while, actually make use of it.
2015-04-21sd-bus: when augmenting creds, remember which ones were augmentedLennart Poettering
Also, when we do permissions checks using creds, verify that we don't do so based on augmented creds, as extra safety check.
2015-04-21sd-bus: augmenting cgroups-based creds when we have the cgroup path already ↵Lennart Poettering
is free
2015-04-21sd-bus: when augmenting creds, don't override any creds in any caseLennart Poettering
Let's better be safe than sorry.
2015-04-21sd-bus: when copying creds objects, make sure we copy even the implicit well ↵Lennart Poettering
known names
2015-04-10shared: add process-util.[ch]Ronny Chevalier
2015-04-10shared: add formats-util.hRonny Chevalier
2015-03-13tree-wide: there is no ENOTSUP on linuxDavid Herrmann
Replace ENOTSUP by EOPNOTSUPP as this is what linux actually uses.
2015-03-02sd-bus: sync kdbus.h (ABI break)Daniel Mack
After some reconsideration, we decided to move the binary protocol back to 64-bit wide UIDs and GIDs. After all, it should be possible to redefine [gu]id_t to uint64_t and things should continue to work. As we want to avoid such data types in kdbus.h, let's move back to 64-bit values and be safe. In sd-bus, we have to do a translation between uint64_t and gid_t now for supplementary gids. Some inline comments have also been updated in kdbus upstream.
2015-02-23remove unused includesThomas Hindoe Paaboel Andersen
This patch removes includes that are not used. The removals were found with include-what-you-use which checks if any of the symbols from a header is in use.
2015-01-23sd-bus: fix typoLennart Poettering
2014-12-30bus: fix capabilities on big-endianDavid Herrmann
The kernel provides capabilities as a u32 array, sd-bus uses an u8 array. This works fine on little-endian as both are encoded the same way. However, this fails on big-endian if we do not perform sufficient byte-swapping on each u32 entry. This patch makes sd-bus use u32, too. We avoid changing any kernel provided data so we can keep pointing into kdbus pool buffers which contain u32 arrays.
2014-12-30bus: drop creds->capability_sizeDavid Herrmann
The number of available caps can be read from /proc/sys/kernel/cap_last_cap during runtime. Our helper cap_last_cap() does that, so there's no reason to remember the size of any capability cache. We can just pre-allocate arrays with a suitable size for all available caps and reject any higher caps. The kernel capability API uses u32 as base so make sure we do the same. Note that this is specified by POSIX, so it's unlikely to change.
2014-12-09sd-bus: get rid of PID starttime conceptLennart Poettering
As kdbus no longer exports this, remove all traces from sd-bus too
2014-11-27sd-bus: set creds info for "org.freedesktop.DBus.Local" generated messages, tooLennart Poettering
2014-11-27sd-bus: fake valid well-known-names metadata for faked bus messagesLennart Poettering
2014-11-27sd-bus: optimize how we generate the well-known-names lists in messages from ↵Lennart Poettering
kdbus
2014-11-26sd-bus: given that the kernel now passes the auxgroups list as 32bit array ↵Lennart Poettering
to us, no need to convert to uid_t manually This way, we can save one allocation and avoid copying the array unnecesarily.
2014-11-25sd-bus: properly copy selinux label and description field when duplicating ↵Lennart Poettering
creds object
2014-11-25sd-bus: add supplementary groups list to creds objectLennart Poettering
2014-11-25sd-bus: update to current kernel version, by splitting off the extended ↵Lennart Poettering
KDBUS_ITEM_PIDS structure from KDBUS_ITEM_CREDS Also: - adds support for euid, suid, fsuid, egid, sgid, fsgid fields. - makes augmentation of creds with data from /proc explicitly controllable to give apps better control over this, given that this is racy. - enables augmentation for kdbus connections (previously we only did it for dbus1). This is useful since with recent kdbus versions it is possible for clients to control the metadata they want to send. - changes sd_bus_query_sender_privilege() to take the euid of the client into consideration, if known - when we don't have permissions to read augmentation data from /proc, don't fail, just don't add the data in
2014-11-04sd-bus: rename "connection name" to "description" for the sd-bus API tooLennart Poettering
kdbus recently renamed this concept, and so should we in what we expose in userspace.
2014-05-15Remove unnecessary casts in printfsZbigniew Jędrzejewski-Szmek
No functional change expected :)
2014-03-11bus: replace sd_bus_label_{escape,unescape}() by new ↵Lennart Poettering
sd_bus_path_{encode,decode}() The new calls work similarly, but enforce a that a common, fixed bus path prefix is used. This follows discussions with Simon McVittie on IRC that it should be a good idea to make sure that people don't use the escaping applied here too wildly as anything other than the last label of a bus path.
2014-02-20api: in constructor function calls, always put the returned object pointer ↵Lennart Poettering
first (or second) Previously the returned object of constructor functions where sometimes returned as last, sometimes as first and sometimes as second parameter. Let's clean this up a bit. Here are the new rules: 1. The object the new object is derived from is put first, if there is any 2. The object we are creating will be returned in the next arguments 3. This is followed by any additional arguments Rationale: For functions that operate on an object we always put that object first. Constructors should probably not be too different in this regard. Also, if the additional parameters might want to use varargs which suggests to put them last. Note that this new scheme only applies to constructor functions, not to all other functions. We do give a lot of freedom for those. Note that this commit only changes the order of the new functions we added, for old ones we accept the wrong order and leave it like that.
2014-02-18util: generalize code that checks whether PIDs are alive or unwaited forLennart Poettering
2014-01-22bus: unescape connection name when reading it from credentialsLennart Poettering
2014-01-22bus: include connection name in credentials structureLennart Poettering
2014-01-21libsystemd: split up into subdirsTom Gundersen
We still only produce on .so, but let's keep the sources separate to make things a bit less messy.