summaryrefslogtreecommitdiff
path: root/src/libsystemd/sd-bus/bus-message.c
AgeCommit message (Collapse)Author
2015-02-16sd-bus: make sure we always serialize the reply cookie as 64bit on dbus2, ↵Lennart Poettering
and 32bit on dbus1
2015-02-16Revert "Revert "sd-bus: change serialization of kdbus messages to qualify in ↵Lennart Poettering
their entirety as gvariant objects"" This reverts commit 954871d8ba15911d014f76ed2c7a9492953cf39d.
2015-02-13sd-bus: export sd_bus_error_set_errnofv()Lennart Poettering
2015-01-30Revert "sd-bus: change serialization of kdbus messages to qualify in their ↵Kay Sievers
entirety as gvariant objects" This breaks booting with kdbus. This reverts commit b381de4197157748ed96e469fcc372c23f842ae1.
2015-01-26sd-bus: change serialization of kdbus messages to qualify in their entirety ↵Lennart Poettering
as gvariant objects Previously, we only minimally altered the dbus1 framing for kdbus, and while the header and its fields where compliant Gvariant objects, and so was the body, the entire message together was not. As result of discussions with Ryan Lortie this is now changed, so that the messages in there entirely are fully compliant GVariants. This follows the framing description described here: https://wiki.gnome.org/Projects/GLib/GDBus/Version2 Note that this change changes the framing of *all* messages sent via kdbus, this means you have to reboot your kdbus system, after compiling and installing this new version.
2015-01-26sd-bus: reuse the KDBUS_CMD_FREE wrapper wherever appropriateLennart Poettering
2015-01-23sd-bus: fix handling of double parameters in sd_bus_message_append()Lennart Poettering
We really need to use va_arg() with the right type here as uint64_t and double might have the same size, but are passed differently as arguments.
2015-01-18bus: use EUID over UID and fix unix-credsDavid Herrmann
Whenever a process performs an action on an object, the kernel uses the EUID of the process to do permission checks and to apply on any newly created objects. The UID of a process is only used if someone *ELSE* acts on the process. That is, the UID of a process defines who owns the process, the EUID defines what privileges are used by this process when performing an action. Process limits, on the other hand, are always applied to the real UID, not the effective UID. This is, because a process has a user object linked, which always corresponds to its UID. A process never has a user object linked for its EUID. Thus, accounting (and limits) is always done on the real UID. This commit fixes all sd-bus users to use the EUID when performing privilege checks and alike. Furthermore, it fixes unix-creds to be parsed as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone using UID (eg., to do user-accounting) has to fall back to the EUID as UDS does not transmit the UID.
2015-01-07sd-bus: unify how we set the sender of synthetic messagesLennart Poettering
2014-12-11bus: sync with kdbus.gitDavid Herrmann
Changes: * bloom parameters are returned in an offset via HELLO * FREE now takes items just like any other ioctl
2014-12-11sd-bus: correct spacing near eol in code commentsTorstein Husebø
2014-12-11bus: zero cmd_free before passing to ioctlDavid Herrmann
Make sure the whole cmd_free object is zeroed before passing it into the kernel. This makes valgrind happy and makes us future proof.
2014-12-11bus: fix memfd-cache regarding memfd offsetsDavid Herrmann
We must restore part->mmap_begin when poping memfds from the memfd-cache. We rely on the memfds to be unsealed, so we can be sure that we own the whole FD. Therefore, simply set part->mmap_begin to the same as part->data. This fixes test-bus-kernel-benchmark.
2014-12-09sd-bus: properly support passing memfds around with offset/size parametersLennart Poettering
2014-12-09bus: sync with kdbus-git (ABI break)David Herrmann
kdbus-git gained two new features: * memfd offsets: This allows to specify a 'start' offset in kdbus_memfd so you can send partial memfd hunks instead of always the full memfd * KDBUS_HELLO_UNPRIVILEGED: If passed during HELLO, the client will be treated as unprivileged.
2014-12-04sd-bus: add extra assert checkLennart Poettering
2014-11-28treewide: introduce UID_INVALID (and friends) as macro for (uid_t) -1Lennart Poettering
2014-11-28sd-bus: add support for matches against arrays of strings in messagesLennart Poettering
2014-11-28sd-bus: if a NULL signatures is passed to sd_bus_message_skip(), make it ↵Lennart Poettering
skip a single element of any type
2014-11-27sd-bus: be stricter with mismatches between dbus1 and kdbus message headersLennart Poettering
2014-11-27bus-proxy: check passed parameter signature of all driver method callsLennart Poettering
2014-11-25sd-bus: don't blindly take incomplete ucred bits from AF_UNIX when ↵Lennart Poettering
constructing message
2014-11-14sd-bus: add sd_bus_message_is_empty() for checking whether a message carries ↵Lennart Poettering
any body
2014-11-11sd-bus: add sd_bus_message.verify_destination_id and .destination_ptrDaniel Mack
kdbus learned to accept both a numerical destination ID as well as a well-known-name. In that case, kdbus makes sure that the numerical ID is in fact the owner of the provided name and fails otherwise. This allows for race-free assertion of a bus name owner while sending a message, which is a requirement for bus-proxyd. Add two new fields to sd_bus_message, and set the numerical ID to verify_destination_id if bus_message_setup_kmsg() is called for a message with a well-known name. Also, set the destination's name in the kdbus item to .destination_ptr if it is non-NULL. Normal users should not touch these fields, and they're not publicy accessible.
2014-10-30memfd: rename memfd.h to memfd-util.h to avoid any confusion with any libc ↵Lennart Poettering
provided headers
2014-10-30memfd: always use our internal utility functions where we have themLennart Poettering
2014-10-13sd-bus: add support for new allow-interactive-authorization message header flagLennart Poettering
2014-10-07sd-bus: fix KDBUS_CMD_FREE userDaniel Mack
Fix a user of the KDBUS_CMD_FREE ioctl that was missed in the transition.
2014-09-22bus: align kdbus ioctl parameters to 8byteDavid Herrmann
All kdbus ioctl arguments must be 8byte aligned. Make sure we use alloca_align() and _alignas_(8) in all situations where gcc doesn't guarantee 8-byte alignment. Note that objects on the stack are always 8byte aligned as we put _alignas_(8) into the structure definition in kdbus.h.
2014-09-16sd-bus: sd_bus_message_get_errno should only return positive errnoThomas Hindoe Paaboel Andersen
sd_bus_message_get_errno can currently return either a number of different poitive errno values (from bus-error-mapping), or a negative EINVAL if passed null as parameter. The check for null parameter was introduced in 40ca29a1370379d43e44c0ed425eecc7218dcbca at the same as the function was renamed from bus_message_to_errno and made public API. Before becoming public the function used to return only negative values. It is weird to have a function return both positive and negative errno and it generally looks like a mistake. The function is guarded by the --enable-kdbus flags so I wonder if we still have time to fix it up? It does not have any documentation yet. However, except for a few details it is just a convenient way to call sd_bus_error_get_errno which is documented to return only positive errno. This patch makes it return only positive errno and fixes up the two calls to the function that tried to cope with both positive and negative values.
2014-09-11bus: avoid using m->kdbus after freeing itPhilippe De Swert
m->kdbus could be freed before it is released. Changing the order fixes the issue. Found with Coverity. Fixes: CID#1237798
2014-08-26sd-bus: don't include internal header memfd.h in public header sd-bus.hHristo Venev
https://bugs.freedesktop.org/show_bug.cgi?id=83097
2014-08-18bus: map sealed memfds as MAP_PRIVATEDavid Herrmann
Mapping files as MAP_SHARED is handled by the kernel as 'writable' mapping. Always! Even with PROT_READ. Reason for that is, mprotect(PROT_WRITE) could change the mapping underneath and currently there is no kernel infrastructure to add protection there. This might change in the future, but until then, map sealed files as MAP_PRIVATE so we don't get EPERM.
2014-08-18memfd: internalize functions, drop sd_memfd typeDaniel Mack
Remove the sd_ prefix from internal functions and get rid of the sd_memfd type. As a memfd is now just a native file descriptor, we can get rid of our own wrapper type, and also use close() and dup() on them directly.
2014-08-17kdbus: switch over to generic memfd implementation (ABI+API break)Daniel Mack
2014-07-02bus: drop bus/message GC logicLennart Poettering
When a caller drops all references to a bus and its messages while the messages where still queue, this causes the bus to reference the messages, and the messages to reference the bus, without anybody else keeping a reference, which is something we so far considered a leak, and tried to fix with a GC logic that would recognize cases like this, and drop the reference. This GC logic has been broken sofar, and remained unfixed. This commit removes it altogther, replacing it with nothing. The rationale is that simply because all refs to the bus have been dropped its queued messages should *still* be written to the bus, even if the caller doesn't retain any reference to either bus nor message. This means it was actually wrong to attempt to clean up the bus in this case. The proper way how applications should handle this is by explicitly invoking sd_bus_close(), when they want busses to go away. This is probably want they want to do anyway to avoid getting spurious callbacks after they stopped using a bus.
2014-06-06sd-bus: don't allow creating message objects that are not attached to a busLennart Poettering
It seems unnecessary to support this, and we rather should avoid allowing this at all, so that people don't program against this sloppily and we end up remarshalling all the time...
2014-03-18util: replace close_nointr_nofail() by a more useful safe_close()Lennart Poettering
safe_close() automatically becomes a NOP when a negative fd is passed, and returns -1 unconditionally. This makes it easy to write lines like this: fd = safe_close(fd); Which will close an fd if it is open, and reset the fd variable correctly. By making use of this new scheme we can drop a > 200 lines of code that was required to test for non-negative fds or to reset the closed fd variable afterwards.
2014-03-17core, libsystemd, systemd, timedate, udev: spelling fixesMiklos Vajna
2014-03-14sd-bus: don't choke if somebody sends us a message with a unix fd count of 0Lennart Poettering
It's kinda pointless to include a unix fd header field in messages if it carries the value 0, but let's do this anyway...
2014-03-13sd-bus: don't look for a 64bit value when we only have 32bit value on reply ↵Lennart Poettering
cookie hash table access This broke hashtable lookups for the message cookies on s390x, which is a 64bit BE machine where accessing 32bit values as 64bit and vice versa will explode. Also, while we are at it, be a bit more careful when dealing with the 64bit cookies we expose and the 32bit serial numbers dbus uses in its payload. Problem identified by Fridrich Strba.
2014-02-20api: in constructor function calls, always put the returned object pointer ↵Lennart Poettering
first (or second) Previously the returned object of constructor functions where sometimes returned as last, sometimes as first and sometimes as second parameter. Let's clean this up a bit. Here are the new rules: 1. The object the new object is derived from is put first, if there is any 2. The object we are creating will be returned in the next arguments 3. This is followed by any additional arguments Rationale: For functions that operate on an object we always put that object first. Constructors should probably not be too different in this regard. Also, if the additional parameters might want to use varargs which suggests to put them last. Note that this new scheme only applies to constructor functions, not to all other functions. We do give a lot of freedom for those. Note that this commit only changes the order of the new functions we added, for old ones we accept the wrong order and leave it like that.
2014-02-19make gcc shut upLennart Poettering
If -flto is used then gcc will generate a lot more warnings than before, among them a number of use-without-initialization warnings. Most of them without are false positives, but let's make them go away, because it doesn't really matter.
2014-01-31use memzero(foo, length); for all memset(foo, 0, length); callsGreg KH
In trying to track down a stupid linker bug, I noticed a bunch of memset() calls that should be using memzero() to make it more "obvious" that the options are correct (i.e. 0 is not the length, but the data to set). So fix up all current calls to memset(foo, 0, length) to memzero(foo, length).
2014-01-22bus: change API to expose "inverted" no_reply and no_auto_start message ↵Lennart Poettering
flags non-inverted
2014-01-22bus: expose priority field of messages, in preparation for prioq supportLennart Poettering
2014-01-22bus: rename sd_bus_get_realtime_timestamp() to sd_bus_get_realtime_usec()Lennart Poettering
This brings the calls into similar style as the respective functions in libsystemd-journal, and also is a bi shorter and more descriptive since it clarifies the time unit used.
2014-01-22bus: add API for querying the kdbus message sequence numberLennart Poettering
2014-01-21libsystemd: split up into subdirsTom Gundersen
We still only produce on .so, but let's keep the sources separate to make things a bit less messy.