summaryrefslogtreecommitdiff
path: root/src/libsystemd/sd-bus
AgeCommit message (Collapse)Author
2015-10-24util-lib: split our string related calls from util.[ch] into its own file ↵Lennart Poettering
string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.
2015-10-24util: split out escaping code into escape.[ch]Lennart Poettering
This really deserves its own file, given how much code this is now.
2015-10-17sd-bus: fix error handling of pthread API callsLennart Poettering
pthread APIs (unlike the rest of libc) return their errors as positive error codes directly from the functions, rather than using errno. Let's make sure we always handle things that way.
2015-10-05hashmap: hash_funcs - make inputs unambiguousTom Gundersen
Make sure all variable-length inputs are properly terminated or that their length is encoded in some way. This avoids ambiguity of adjacent inputs. E.g., in case of a hash function taking two strings, compressing "ab" followed by "c" is now distinct from "a" followed by "bc".
2015-10-05hashmap: refactor hash_funcTom Gundersen
All our hash functions are based on siphash24(), factor out siphash_init() and siphash24_finalize() and pass the siphash state to the hash functions rather than the hash key. This simplifies the hash functions, and in particular makes composition simpler as calling siphash24_compress() repeatedly on separate chunks of input has the same effect as first concatenating the input and then calling siphash23_compress() on the result.
2015-09-29util: introduce common version() implementation and use it everywhereLennart Poettering
This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-29tree-wide: port more code to use send_one_fd() and receive_one_fd()Lennart Poettering
Also, make it slightly more powerful, by accepting a flags argument, and make it safe for handling if more than one cmsg attribute happens to be attached.
2015-09-27sd-bus: va_start should use the last named parameterThomas Hindoe Paaboel Andersen
2015-09-26sd-bus: add sd_bus_path_{encode,decode}_many()David Herrmann
This introduces two new helpers alongside sd_bus_path_{encode,decode}(), which work similarly to their counterparts, but accept a format-string as input. This allows encoding and decoding multiple labels of a format string at the same time.
2015-09-23busctl: also monitor messages to SERVICE argumentsLars Uebernickel
Add a 'destination' match rule for every SERVICE argument in addition to the 'sender' rule. This is consistent with busctl(1), which documents monitor as dumping "messages to or from this peer".
2015-09-22Merge pull request #1334 from poettering/sd-bus-default-flush-closeDavid Herrmann
sd-bus: introduce new sd_bus_default_flush_close() call
2015-09-22cgtop: underline table headerLennart Poettering
Let's underline the header line of the table shown by cgtop, how it is customary for tables. In order to do this, let's introduce new ANSI underline macros, and clean up the existing ones as side effect.
2015-09-22sd-bus: introduce new sd_bus_default_flush_close() callLennart Poettering
If code enqueues a message on one of the default busses, but doesn't sync on it, and immediately drops the reference to the bus again, it will stay queued and consume memory. Intrdouce a new call sd_bus_default_flush_close() that can be invoked at the end of programs (or threads) and flushes out all unsent messages on any of the default busses.
2015-09-16sd-bus: correct size calculation in DBus fd receiveMichal Schmidt
The size of the allocated array for received file descriptors was incorrectly calculated. This did not matter when a single file descriptor was received, but for more descriptors the allocation was insufficient.
2015-09-16basic: nicer assert messagesMichal Schmidt
Make sure the assert expression is not macro-expanded before stringification. This makes several assertion failure messages more readable. As an example: assert(streq("foo", "bar")); I'd rather see this: Assertion 'streq("foo", "bar")' failed at foo.c:5, function main(). Aborting. ...than this, though awesome, incomprehensible truncated mess: Assertion '(__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p (( "foo")) && __builtin_constant_p (("bar")) && (__s1_len = strlen (("foo")), __s2_ len = strlen (("bar")), (!((size_t)(const void *)((("foo")) + 1) - (size_t)(cons t void *)(("foo")) == 1) || __s1_len >= 4) && (!((size_t)(const void *)((("bar") ) + 1) - (size_t)(const void *)(("bar")) == 1) || __s2_len >= 4)) ? __builtin_st rcmp (("foo"), ("bar")) : (__builtin_constant_p (("foo")) && ((size_t)(const voi d *)((("foo")) + 1) - (size_t)(const void *)(("foo")) == 1) && (__s1_len = strle n (("foo")), __s1_len < 4) ? (__builtin_constant_p (("bar")) && ((size_t)(const void *)((("bar")) + 1) - (size_t)(const void *)(("bar")) == 1) ? __builtin_strcm p (("foo"), ("bar")) : (__extension__ ({ const unsigned char *__s2 = (const unsi gned char *) (const char *) (("bar")); int __result = (((const unsigned char *) (const char *) (("foo")))[0] - __s2[0]); if (__s1_len > 0 && __result == 0) { __ result = (((const unsigned char *) (const char *) (("foo")))[1] - __s2[1]); if ( __s1_len > 1 && __result == 0) { __result = (((const unsigned char *) (const cha r *) (("foo")))[2] - __s2[2]); if (__s1_len > 2 && __result == 0) __result = ((( const unsigned char *) (const char *) (("foo")))[3] - __s2[3]); } } __result; }) )) : (__builtin_constant_p (("bar")) && ((size_t)(const void *)((("bar")) + 1) - (size_t)(const void *)(("bar")) == 1) && (__s2_len = strlen (("bar")), __s2_len < 4) ? (__builtin_constant_p (("foo")) && ((size_t)(const void *)((("foo")) + 1 ) - (size_t)(const void *)(("foo")) == 1) ? __builtin_strcmp (("foo"), ("bar")) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (cons t char *) (("foo")); int __result = (((const unsigned char *) (const char *) ((" bar")))[0] - __s2[0]); if (__s2_len > 0 && __result == 0) { __result = (((const unsigned char *) (const char *) (("bar")))[1] - __s2[1]); if (__s2_len > 1 && __ result == 0) { __result = (((const unsigned char *) (const char *) (("bar")))[2] - __s2[2]); if (__s2_len > 2 && __result == 0)
2015-09-10tree-wide: never use the off_t unless glibc makes us use itLennart Poettering
off_t is a really weird type as it is usually 64bit these days (at least in sane programs), but could theoretically be 32bit. We don't support off_t as 32bit builds though, but still constantly deal with safely converting from off_t to other types and back for no point. Hence, never use the type anymore. Always use uint64_t instead. This has various benefits, including that we can expose these values directly as D-Bus properties, and also that the values parse the same in all cases.
2015-09-09tree-wide: make use of the fact that strv_free() returns NULLLennart Poettering
Another Coccinelle patch.
2015-09-09Merge pull request #1218 from poettering/safe-fcloseDaniel Mack
util: introduce safe_fclose() and port everything over to it
2015-09-09util: introduce safe_fclose() and port everything over to itLennart Poettering
Adds a coccinelle script to port things over automatically.
2015-09-09sd-bus: drop weird empty linesDavid Herrmann
We should never put empty lines between `if` and `else if`, unless we use braces.
2015-09-09tree-wide: drop {} from one-line if blocksLennart Poettering
Patch via coccinelle.
2015-09-09tree-wide: use coccinelle to patch a lot of code to use mfree()Lennart Poettering
This replaces this: free(p); p = NULL; by this: p = mfree(p); Change generated using coccinelle. Semantic patch is added to the sources.
2015-09-07sd-bus: when connecting to a container AF_UNIX bus, return errorLennart Poettering
When forking of a child process for connecting to a container, pass the preicse connection error to the calling process. We already did this correctly for kdbus busses, let's do so for dbus1 busses, too.
2015-09-06Merge pull request #1162 from dvdhrm/bus-recursive-nodesLennart Poettering
sd-bus: make introspection data non-recursive
2015-09-05sd-bus: make introspection data non-recursiveDavid Herrmann
Currently, our introspection data looks like this: <node> <interface name="org.freedesktop.DBus.Peer"> ... </interface> <interface name="org.freedesktop.DBus.Introspectable"> ... </interface> <interface name="org.freedesktop.DBus.Properties"> ... </interface> <node name="org"/> <node name="org/freedesktop"/> <node name="org/freedesktop/login1"/> <node name="org/freedesktop/login1/user"/> <node name="org/freedesktop/login1/user/self"/> <node name="org/freedesktop/login1/user/_1000"/> <node name="org/freedesktop/login1/seat"/> <node name="org/freedesktop/login1/seat/self"/> <node name="org/freedesktop/login1/seat/seat0"/> <node name="org/freedesktop/login1/session"/> <node name="org/freedesktop/login1/session/self"/> <node name="org/freedesktop/login1/session/c1"/> </node> (ordered alphabetically for better visibility) This is grossly incorrect. The spec says that we're allowed to return non-directed children, however, it does not allow us to return data recursively in multiple parents. If we return "org", then we must not return anything else that starts with "org/". It is unclear, whether we can include child-nodes as a tree. Moreover, it is usually not what the caller wants. Hence, this patch changes sd-bus to never return introspection data recursively. Instead, only a single child-layer is returned. This patch relies on enumerators to never return hierarchies. If someone registers an enumerator via sd_bus_add_enumerator, they better register sub-enumerators if they support *TRUE* hierarchies. Each enumerator is treated as a single layer and not filtered. Enumerators are still allowed to return nested data. However, that data is still required to be a single hierarchy. For instance, returning "/org/foo" and "/com/bar" is fine, but including "/com" or "/org" in that dataset is not. This should be the default for enumerators and I see no reason to filter in sd-bus. Moreover, filtering that data-set would require to sort the strv by path and then do prefix-filtering. This is O(n log n), which would be fine, but still better to avoid. Fixes #664.
2015-09-05sd-bus: derive uid from cgroup if possibleDavid Herrmann
Whenever we run in a user context, sd_bus_{default_user,open_user}() and friends should always connect to the user-bus of the current context, instead of deriving the uid from getuid(). This allows us running programs via sudo/su, without the nasty side-effect of accidentally connecting to the root user-bus. This patch enforces the idea of making su/sudo *not* opening sessions by default. That is, all they do is raising privileges, but keeping everything set as before. You can still use su/sudo to open real sessions by requesting a login-session (or loading pam_systemd otherwise). However, in this case XDG_RUNTIME_DIR= will not be set (as usual in these cases), hence, you will not be able to connect to *any* user-bus. Long story short: With this patch applied, both: - ./busctl --user - sudo ./busctl --user ..will successfully connect to the user-bus of the local user. Fixes #390.
2015-09-05Merge pull request #1140 from poettering/sd-event-signalsDavid Herrmann
A variety of sd-event, sd-login and cgroup fixes
2015-09-04tests: Skip tests which need to access /sys/fs/cgroup if that is not availableMartin Pitt
Commit efdb023 ("core: unified cgroup hierarchy support") introduced a new error ENOEXEC in cg_unified() if /sys/fs/cgroup/ is not available. Adjust the "skip" checks in various tests accordingly. Add a corresponding "skip" check to test-bus-creds as well, as sd_bus_creds_new_from_pid() now calls cg_unified() as well. This re-fixes "make check" in build chroots without /sys/fs/cgroup. https://github.com/systemd/systemd/issues/1132
2015-09-04audit: audit calls should return ENODATA when process are not in an audit ↵Lennart Poettering
session ENODATA is how we usually indicate such "missing info" cases, so we should do this here, too.
2015-09-01sd-bus: when connecting to a container, don't fall back to host busLennart Poettering
We should never connect to the host bus as fallback if connecting to a container failed via one method. Otherwise connecting to a dbus1 container will always result in a connection to the host.
2015-09-01sd-bus: when connecting to a kdbus container bus pass error upLennart Poettering
We rely on the correct error used when opening the kdbus device node, hence let's make sure we pass it up from the namespaced child process to the process which actually wants to connect.
2015-08-30sd-bus: Fix incorrect cleanup attribute in bus_match_to_string()Cristian Rodríguez
Must be _cleanup_fclose_ not _cleanup_free_
2015-08-27Merge pull request #1055 from poettering/dhcp-updatesTom Gundersen
Various networkd and dhcp updates
2015-08-27sd-bus: do not connect to dbus-1 socket when kdbus is availableDavid Herrmann
We should not fall back to dbus-1 and connect to the proxy when kdbus returns an error that indicates that kdbus is running but just does not accept new connections because of quota limits or something similar. Based on a patch by Kay.
2015-08-27Revert "sd-bus: do not connect to dbus-1 socket when kdbus is available"David Herrmann
This reverts commit d4d00020d6ad855d65d31020fefa5003e1bb477f. The idea of the commit is broken and needs to be reworked. We really cannot reduce the bus-addresses to a single address. We always will have systemd with native clients and legacy clients at the same time, so we also need both addresses at the same time.
2015-08-27sd-bus: rename bloom-tag to arg0-hasDavid Herrmann
We use dashes in our bloom-tags. Make sure the newly introduced arg0has tag uses the same style. Note that the external dbus-tags don't use dashes, though. They are defined in the spec and we need to keep compatibility there.
2015-08-27Merge pull request #1036 from poettering/sd-bus-arg0hasDavid Herrmann
sd-bus: introduce new match type "arg0has=" for matching arrays of st…
2015-08-27Merge pull request #1024 from poettering/sd-bus-explicitDavid Herrmann
sd-bus: introduce new SD_BUS_VTABLE_PROPERTY_EXPLICIT flag
2015-08-27sd-bus: it's not a user error to query the error contained in a bus messageLennart Poettering
It's an OK way to check whether a message contains an erro, let's not consider this a loggable assertion event.
2015-08-25sd-bus: introduce new match type "arg0has=" for matching arrays of stringsLennart Poettering
Previously, sd-bus inofficially already supported bus matches that tested a string against an array of strings ("as"). This was done via an enhanced way to interpret "arg0=" matches. This is problematic however, since clients have no way to determine if their respective implementation understood strv matches or not, thus allowing invalid matches to be installed without a way to detect that. This patch changes the logic to only allow such matches with a new "arg0has=" syntax. This has the benefit that non-conforming implementations will return a parse error and a client application may thus efficiently detect support for the match type. Matches of this type are useful for "udev"-like systems that "tag" objects with a number of strings, and clients need to be able to match against any of these "tags". The name "has" takes inspiration from Python's ".has_key()" construct.
2015-08-25sd-bus: introduce new SD_BUS_VTABLE_PROPERTY_EXPLICIT flagLennart Poettering
This allows marking properties as "explicit". Properties marked like this are included in the introspection, but are avoided in GetAll() property queries, PropertiesChanged() signals and in in GetManaged() object manager calls and InterfacesAdded() signals. Expensive properties may be marked that way, and they will be retrievable when explicitly being requested, but never in "blanket" all-property queries and signals. This flag may be combined with the flags for "const" and "emit-validation" properties, but not with "emit-validation", as that is only useful for properties whose value shall be sent in "blanket" all-property signals. The "explicit" flag is also exposed in the introspection data via a new annotation.
2015-08-24util: make machine_name_is_valid() a macro and move it to hostname-util.hLennart Poettering
As it turns out machine_name_is_valid() does the exact same thing as hostname_is_valid() these days, as it just invoked that and checked the name length was < 64. However, hostname_is_valid() checks the length against HOST_NAME_MAX anyway (which is 64 on Linux), hence any additional check is redundant. We hence replace machine_name_is_valid() by a macro that simply maps it to hostname_is_valid() but sets the allow_trailing_dot parameter to false. We also move this this call to hostname-util.h, to the same place as the hostname_is_valid() declaration.
2015-08-24sd-bus: don't list activators as proper peersDavid Herrmann
If a connection passed KDBUS_HELLO_ACTIVATOR, it cannot do I/O on the bus. Hence, we should not treat it as proper peer. To actually query it, you have to explicitly ask for activators. This makes kdbus in-line with what dbus-daemon does.
2015-08-24Revert "sd-bus: include queried path in GetManagedObjects"David Herrmann
This reverts commit 92d16a53e385781a55d9231d9f8f89c1747ab0e4. As it turns out, this is not how ObjectManager is supposed to work. It is just a special behavior of BlueZ, but no-one else implements it this way. Revert the patch as discussed on github, and as such revert to the previous behavior (as described in the spec).
2015-08-17Merge pull request #977 from richardmaw-codethink/machinectl-userns-login-v2Lennart Poettering
Fix machinectl login with containers in user namespaces (v2)
2015-08-17Merge pull request #976 from elfring/Remove_unnecessary_checks2Lennart Poettering
Delete unnecessary checks before some function calls
2015-08-17namespace helpers: Allow entering a UID namespaceRichard Maw
To be able to use `systemd-run` or `machinectl login` on a container that is in a private user namespace, the sub-process must have entered the user namespace before connecting to the container's D-Bus, otherwise the UID and GID in the peer credentials are garbage. So we extend namespace_open and namespace_enter to support UID namespaces, and we enter the UID namespace in bus_container_connect_{socket,kernel}. namespace_open will degrade to a no-op if user namespaces are not enabled in the kernel. Special handling is required for the setns call in namespace_enter with a user namespace, since transitioning to your own namespace is forbidden, as it would result in re-entering your user namespace as root. Arguably it may be valid to check this at the call site, rather than inside namespace_enter, but it is less code to do it inside, and if the intention of calling namespace_enter is to *be* in the target namespace, rather than to transition to the target namespace, it is a reasonable approach. The check for whether the user namespace is the same must happen before entering namespaces, as we may not be able to access /proc during the intermediate transition stage. We can't instead attempt to enter the user namespace and then ignore the failure from it being the same namespace, since the error code is not distinct, and we can't compare namespaces while mid-transition.
2015-08-17Bug #944: Deletion of unnecessary checks before a few calls of systemd functionsMarkus Elfring
The following functions return immediately if a null pointer was passed. * calendar_spec_free * link_address_free * manager_free * sd_bus_unref * sd_journal_close * udev_monitor_unref * udev_unref It is therefore not needed that a function caller repeats a corresponding check. This issue was fixed by using the software Coccinelle 1.0.1.
2015-08-17Merge pull request #953 from poettering/ebadfDaniel Mack
tree-wide: generate EBADF when we get invalid fds
2015-08-17Bug #944: Replacement of a free() call by mfree()Markus Elfring
The function "mfree" should be called instead of "free" at a specific source code place.