summaryrefslogtreecommitdiff
path: root/src/libsystemd/sd-bus/sd-bus.c
AgeCommit message (Collapse)Author
2014-11-26sd-bus: make sure that when we connect to the system bus we have enough ↵Lennart Poettering
creds to make security decisions
2014-11-26sd-bus: add suppot for renegotiating message credential attach flagsLennart Poettering
2014-11-25sd-bus: update to current kernel version, by splitting off the extended ↵Lennart Poettering
KDBUS_ITEM_PIDS structure from KDBUS_ITEM_CREDS Also: - adds support for euid, suid, fsuid, egid, sgid, fsgid fields. - makes augmentation of creds with data from /proc explicitly controllable to give apps better control over this, given that this is racy. - enables augmentation for kdbus connections (previously we only did it for dbus1). This is useful since with recent kdbus versions it is possible for clients to control the metadata they want to send. - changes sd_bus_query_sender_privilege() to take the euid of the client into consideration, if known - when we don't have permissions to read augmentation data from /proc, don't fail, just don't add the data in
2014-11-13sd-bus: sync with kdbus upstream (ABI break)Daniel Mack
kdbus has seen a larger update than expected lately, most notably with kdbusfs, a file system to expose the kdbus control files: * Each time a file system of this type is mounted, a new kdbus domain is created. * The layout inside each mount point is the same as before, except that domains are not hierarchically nested anymore. * Domains are therefore also unnamed now. * Unmounting a kdbusfs will automatically also detroy the associated domain. * Hence, the action of creating a kdbus domain is now as privileged as mounting a filesystem. * This way, we can get around creating dev nodes for everything, which is last but not least something that is not limited by 20-bit minor numbers. The kdbus specific bits in nspawn have all been dropped now, as nspawn can rely on the container OS to set up its own kdbus domain, simply by mounting a new instance. A new set of mounts has been added to mount things *after* the kernel modules have been loaded. For now, only kdbus is in this set, which is invoked with mount_setup_late().
2014-11-04sd-bus: rename sd_bus_get_server_id() to sd_bus_get_owner_id()Lennart Poettering
In kdbus a "server id" is mostly a misnomer, as there isn't any "server" involved anymore. Let's rename this to "owner" id hence, since it is an ID that is picked by the owner of a bus or direct connection. This matches nicely the sd_bus_get_owner_creds() call we already have.
2014-11-04sd-bus,sd-event: unify error handling of object descriptionsLennart Poettering
a) When getting the description return ENXIO if none is set b) Allow setting a description to NULL c) return ECHILD on fork() like for other calls
2014-11-04sd-bus: make use of free_and_strdup() where it makes senseLennart Poettering
2014-11-04sd-event: rename sd_event_source_set_name() to sd_event_source_get_name()Lennart Poettering
To mirror the recent name change of the concept for sd_bus objects, follow the same logic for sd_event_source objects, too.
2014-11-04sd-bus: rename "connection name" to "description" for the sd-bus API tooLennart Poettering
kdbus recently renamed this concept, and so should we in what we expose in userspace.
2014-10-27sd-bus: explicitly cast asprintf() return value away we are not interested inLennart Poettering
Let's give coverity a hint what's going on here.
2014-10-27Revert "sd-bus: check return value of asprintf()"Lennart Poettering
This reverts commit b1543c4c93855b61b40118e9f14a0423dac2e078. We check b->address anyway, no need to check the return value, especially given that the other #ifdef branch don't get the same treatment.
2014-10-23sd-bus: make sd_bus::reply_callbacks a OrderedHashmapMichal Schmidt
The way process_closing() picks the first entry from reply_callbacks and works with it makes it likely that it cares about the order.
2014-10-22machine: validate machine names using machine_name_is_valid() instead of ↵Lennart Poettering
string_is_safe() After all, we know have this as generic validator, so let's be correct and use it wherver applicable.
2014-10-22sd-bus: implement sd_bus_get_owner_creds() for kdbusDaniel Mack
kdbus learned a new ioctl to tell userspace about a bus creator's credentials, which is what we need to implement sd_bus_get_owner_creds() for kdbus. Move the function from sd-bus.c to bus-control.c to be able to reuse the bus_populate_creds_from_items() helper.
2014-10-22sd-bus: rename sd_bus_get_owner_uid(), sd_bus_get_owner_machine_id() and ↵Daniel Mack
sd_bus_get_peer_creds() Clean up the function namespace by renaming the following: sd_bus_get_owner_uid() → sd_bus_get_name_creds_uid() sd_bus_get_owner_machine_id() → sd_bus_get_name_machine_id() sd_bus_get_peer_creds() → sd_bus_get_owner_creds()
2014-10-17Revert "sd-bus: sync kdbus.h (ABI break)"Kay Sievers
This reverts commit 1a2409e262da65a4b0ca8ab18fcf5eabd2d404ca. Support from the kdbus interface was removed. We require memfds to be supported by all clients.
2014-10-14sd-bus: sync kdbus.h (ABI break)Daniel Mack
kdbus learned KDBUS_HELLO_ACCEPT_MEMFD as new connection negotiation flag. Set it by default in systemd for now.
2014-10-09sd-bus: check return value of asprintf()Daniel Mack
Check for OOM conditions of asprintf() in bus_set_address_user().
2014-10-05bus: add assert to check that we're not freeing a static structureZbigniew Jędrzejewski-Szmek
CID #996315.
2014-09-16sd-bus: sd_bus_message_get_errno should only return positive errnoThomas Hindoe Paaboel Andersen
sd_bus_message_get_errno can currently return either a number of different poitive errno values (from bus-error-mapping), or a negative EINVAL if passed null as parameter. The check for null parameter was introduced in 40ca29a1370379d43e44c0ed425eecc7218dcbca at the same as the function was renamed from bus_message_to_errno and made public API. Before becoming public the function used to return only negative values. It is weird to have a function return both positive and negative errno and it generally looks like a mistake. The function is guarded by the --enable-kdbus flags so I wonder if we still have time to fix it up? It does not have any documentation yet. However, except for a few details it is just a convenient way to call sd_bus_error_get_errno which is documented to return only positive errno. This patch makes it return only positive errno and fixes up the two calls to the function that tried to cope with both positive and negative values.
2014-09-15hashmap: introduce hash_ops to make struct Hashmap smallerMichal Schmidt
It is redundant to store 'hash' and 'compare' function pointers in struct Hashmap separately. The functions always comprise a pair. Store a single pointer to struct hash_ops instead. systemd keeps hundreds of hashmaps, so this saves a little bit of memory.
2014-09-11bus: unref buscreds on failurePhilippe De Swert
Actually unref the buscreds when we are not going to return a pointer to them. As when bus_creds_add_more fails we immediately return the error code otherwise and leak the new buscreds. Found with coverity. Fixes: CID#1237761
2014-08-28sd-event: name event sources used in librariesTom Gundersen
This should help in debugging failing event sources.
2014-08-28bus: fix use-after-free in slot-releaseDavid Herrmann
We must not access slot->floating after we possible dropped the last reference to it. Fix all callback-invocations to first check slot->floating and possible disconnect the slot, then release the last reference.
2014-08-18bus-control: Fix cgroup handlingDenis Kenzior
On systems without properly setup systemd, cg_get_root_path returns -ENOENT. This means that busctl doesn't display much information. busctl monitor also fails whenever it intercepts messages. This fix fakes creates a fake "/" root cgroup which lets busctl work on such systems.
2014-08-18sd-bus: add API to query which handler/callback is currently being dispatchedLennart Poettering
2014-07-29time-util: add and use USEC/NSEC_INFINIYKay Sievers
2014-07-03bus: close a bus that failed to connectLennart Poettering
2014-07-03sd-bus: support connecting to remote hosts, directly into containersLennart Poettering
systemctl -H root@foobar:waldi will now show a list of services running on container "waldi" on host "foobar", using "root" for authenticating at "foobar". Since entereing a container requires priviliges, this will only work correctly for root logins.
2014-07-02sd-bus: when an event loop terminates, explicitly close the busLennart Poettering
This makes sure we actually release the bus and all the messages it references.
2014-07-02bus: drop bus/message GC logicLennart Poettering
When a caller drops all references to a bus and its messages while the messages where still queue, this causes the bus to reference the messages, and the messages to reference the bus, without anybody else keeping a reference, which is something we so far considered a leak, and tried to fix with a GC logic that would recognize cases like this, and drop the reference. This GC logic has been broken sofar, and remained unfixed. This commit removes it altogther, replacing it with nothing. The rationale is that simply because all refs to the bus have been dropped its queued messages should *still* be written to the bus, even if the caller doesn't retain any reference to either bus nor message. This means it was actually wrong to attempt to clean up the bus in this case. The proper way how applications should handle this is by explicitly invoking sd_bus_close(), when they want busses to go away. This is probably want they want to do anyway to avoid getting spurious callbacks after they stopped using a bus.
2014-05-16bus: fix unitialized variable access in error pathZbigniew Jędrzejewski-Szmek
2014-05-15sd-bus: always keep slot reference while dispatching callbackLennart Poettering
Also, make sure we automatically destroy reply callbacks that are floating.
2014-05-15Remove unnecessary casts in printfsZbigniew Jędrzejewski-Szmek
No functional change expected :)
2014-05-15sd-bus: introduce sd_bus_slot objects encapsulating callbacks or vtables ↵Lennart Poettering
attached to a bus connection This makes callback behaviour more like sd-event or sd-resolve, and creates proper object for unregistering callbacks. Taking the refernce to the slot is optional. If not taken life time of the slot will be bound to the underlying bus object (or in the case of an async call until the reply has been recieved).
2014-04-29sd-resolve: rework sd-resolve to be callback based, similar in style to ↵Lennart Poettering
sd-bus and sd-event
2014-03-24sd-bus: invert bus->is_kernel check in sd_bus_get_peer_creds()Daniel Mack
The bug was introducted in a3d59cd1 ("sd-bus: don't use assert_return() to check for disconnected bus connections")
2014-03-24sd-event: rework API to support CLOCK_REALTIME_ALARM and ↵Lennart Poettering
CLOCK_BOOTTIME_ALARM, too
2014-03-22sd-bus: mark sd_bus_unref() as broken regarding self-refsDavid Herrmann
If you allocate a message with bus==NULL and then unref the main bus, it will free your message underneath and your program will go boom! To fix that, we really need to figure out what the semantics for self-references (m->bus) should be and when/where/what accesses are actually allowed. Same is true for the pseudo-thread-safety we employ..
2014-03-22sd-bus: add note about sd_bus_unref() recursionDavid Herrmann
In sd_bus_unref() we check for self-reference loops and destruct our queues in case we're the only reference holders. However, we do _not_ modify our own ref-count, thus effectively causing the message-destructions to enter with the same reference count as we did. The only reason this doesn't cause an endless recursion (or trigger assert(m->n_ref > 0) in sd_bus_message_unref()) is the fact that we decrease queue-counters _before_ calling _unref(). That's not obvious at all, so add a big fat note in bus_reset_queues() to everyone touching that code.
2014-03-19sd-bus: don't use assert_return() to check for disconnected bus connectionsLennart Poettering
A terminated connection is a runtime error and not a developer mistake, hence don't use assert_return() to check for it.
2014-03-19sd-bus: properly translate high-level attach flags into kdbus attach flagsLennart Poettering
2014-03-19sd-bus: add proper monitoring APILennart Poettering
2014-03-18sd-bus: if we got a message with fds attached even though we didn't ↵Lennart Poettering
negotiate it, refuse to take it This makes sure we don't mishandle if developers specificy a different AcceptFileDescriptors= setting in .busname units then they set for the bus connection in the activated program.
2014-03-18util: replace close_nointr_nofail() by a more useful safe_close()Lennart Poettering
safe_close() automatically becomes a NOP when a negative fd is passed, and returns -1 unconditionally. This makes it easy to write lines like this: fd = safe_close(fd); Which will close an fd if it is open, and reset the fd variable correctly. By making use of this new scheme we can drop a > 200 lines of code that was required to test for non-negative fds or to reset the closed fd variable afterwards.
2014-03-17core, libsystemd, systemd, timedate, udev: spelling fixesMiklos Vajna
2014-03-13sd-bus: don't look for a 64bit value when we only have 32bit value on reply ↵Lennart Poettering
cookie hash table access This broke hashtable lookups for the message cookies on s390x, which is a 64bit BE machine where accessing 32bit values as 64bit and vice versa will explode. Also, while we are at it, be a bit more careful when dealing with the 64bit cookies we expose and the 32bit serial numbers dbus uses in its payload. Problem identified by Fridrich Strba.
2014-03-13bus: fix memory leak when kdbus is not enabledLennart Poettering
2014-03-11bus: replace sd_bus_label_{escape,unescape}() by new ↵Lennart Poettering
sd_bus_path_{encode,decode}() The new calls work similarly, but enforce a that a common, fixed bus path prefix is used. This follows discussions with Simon McVittie on IRC that it should be a good idea to make sure that people don't use the escaping applied here too wildly as anything other than the last label of a bus path.
2014-03-03bus: add sd_bus_track object for tracking peers, and port core over to itLennart Poettering
This is primarily useful for services that need to track clients which reference certain objects they maintain, or which explicitly want to subscribe to certain events. Something like this is done in a large number of services, and not trivial to do. Hence, let's unify this at one place. This also ports over PID 1 to use this to ensure that subscriptions to job and manager events are correctly tracked. As a side-effect this makes sure we properly serialize and restore the track list across daemon reexec/reload, which didn't work correctly before. This also simplifies how we distribute messages to broadcast to the direct busses: we only track subscriptions for the API bus and implicitly assume that all direct busses are subscribed. This should be a pretty OK simplification since clients connected via direct bus connections are shortlived anyway.