Age | Commit message (Collapse) | Author |
|
This is useful to print wall messages from logind with the right client
tty. (to be added in a later patch)
|
|
Also, don't consider this an loggable event, so that code that tries to
read creds from a direct connection, doesn't generate logs.
|
|
direct connection
It's never a good idea, let's just not do it, not even on dierct
connections.
|
|
So far we authenticate direct connections primarily at connection time,
but let's also do this for each method individually, by attaching the
creds we need for that right away.
|
|
|
|
kdbus has been passing us the ppid file for a while, actually make use
of it.
|
|
Also, when we do permissions checks using creds, verify that we don't do
so based on augmented creds, as extra safety check.
|
|
is free
|
|
Let's better be safe than sorry.
|
|
known names
|
|
|
|
We are talking about one member of a group of things (resource limits, signals,
timeouts), without specifying which one. An indenfinite article is in order.
When we are talking about the control process, it's a specific one, so the
definite article is used.
|
|
Whenever we provide a bus API that allows clients to create and manage
server-side objects, we need to provide a unique name for these objects.
There are two ways to provide them:
1) Let the server choose a name and return it as method reply.
2) Let the client pass its name of choice in the method arguments.
The first method is the easiest one to implement. However, it suffers from
a race condition: If a client creates an object asynchronously, it cannot
destroy that object until it received the method reply. It cannot know the
name of the new object, thus, it cannot destroy it. Furthermore, this
method enforces a round-trip. If the client _depends_ on the method call
to succeed (eg., it would close() the connection if it failed), the client
usually has no reason to wait for the method reply. Instead, the client
can immediately schedule further method calls on the newly created object
(in case the API guarantees in-order method-call handling).
The second method fixes both problems: The client passes an object name
with the method-call. The server uses it to create the object. Therefore,
the client can schedule object destruction even if the object-creation
hasn't finished, yet (again, requiring in-order method-call handling).
Furthermore, the client can schedule further method calls on the newly
created object, before the constructor returned.
There're two problems to solve, though:
1) Object names are usually defined via dbus object paths, which are
usually globally namespaced. Therefore, multiple clients must be able
to choose unique object names without interference.
2) If multiple libraries share the same bus connection, they must be
able to choose unique object names without interference.
The first problem is solved easily by prefixing a name with the
unique-bus-name of a connection. The server side must enforce this and
reject any other name.
The second problem is solved by providing unique suffixes from within
sd-bus. As long as sd-bus always returns a fresh new ID, if requested,
multiple libraries will never interfere. This implementation re-uses
bus->cookie as ID generator, which already provides unique IDs for each
bus connection.
This patch introduces two new helpers:
bus_path_encode_unique(sd_bus *bus,
const char *prefix,
const char *sender_id,
const char *external_id,
char **ret_path);
This creates a new object-path via the template
'/prefix/sender_id/external_id'. That is, it appends two new labels to
the given prefix. If 'sender_id' is NULL, it will use
bus->unique_name, if 'external_id' is NULL, it will allocate a fresh,
unique cookie from bus->cookie.
bus_path_decode_unique(const char *path,
const char *prefix,
char **ret_sender,
char **ret_external);
This reverses what bus_path_encode_unique() did. It parses 'path' from
the template '/prefix/sender/external' and returns both suffix-labels
in 'ret_sender' and 'ret_external'. In case the template does not
match, 0 is returned and both output arguments are set to NULL.
Otherwise, 1 is returned and the output arguments contain the decoded
labels.
Note: Client-side allocated IDs are inspired by the Wayland protocol
(which itself was inspired by X11). Wayland uses those IDs heavily
to avoid round-trips. Clients can create server-side objects and
send method calls without any round-trip and waiting for any object
IDs to be returned. But unlike Wayland, DBus uses gobally namespaced
object names. Therefore, we have to add the extra step by adding the
unique-name of the bus connection.
|
|
|
|
|
|
|
|
Users might have hard time figuring out why exactly their systemctl request
failed. If dbus job fails try to figure out more details about failure by
examining Result property of the service.
https://bugzilla.redhat.com/show_bug.cgi?id=1016680
|
|
Avoid unbound for(;;) loop and use the established coding-style:
while ((r = sd_bus_message_read*(...)) > 0) {
}
if (r < 0)
return r;
This is much easier to read and used all over the code base.
|
|
Save some LOCs by replacing strdup()+error-handling+free+assign with
free_and_strdup().
|
|
inclusion
If necessary the passed string is enclosed in "", and all special
characters escapes.
This also ports over usage in bus-util.c and job.c to use this, instead
of a incorrect local implementation that forgets to properly escape.
|
|
non-interactive
Interactive authorization should only happen asynchronously, hence
disallow it in synchronous bus_verify_polkit(), and rename it to
bus_test_polkit(). This way even if the bus message header asks for
interactive authorization, we'll ask for non-interactive authorization
which is actually the desired behaviour if CanSuspend, CanHibernate and
friends, which call this function.
|
|
CID #1237548.
|
|
We were using a space more often than not, and this way is
codified in CODING_STYLE.
|
|
Replace ENOTSUP by EOPNOTSUPP as this is what linux actually uses.
|
|
The error code is called EDEADLK, stop using legacy names like EDEADLOCK.
Note that _some_ weird architectures define them differently (namely, mips
and sparc), but on all sane architectures they're exactly the same. So
stay with the widely used code, which is EDEADLK.
|
|
If we receive an sd_bus_message from the kernel, m->kdbus will contain
additional items that cannot be used when sending a message. Therefore,
always remarshal the message if it is used again.
|
|
This assignment is already done in the parent context, no need to do it
again.
|
|
CID #1271349.
|
|
|
|
After some reconsideration, we decided to move the binary protocol
back to 64-bit wide UIDs and GIDs. After all, it should be possible
to redefine [gu]id_t to uint64_t and things should continue to
work. As we want to avoid such data types in kdbus.h, let's move
back to 64-bit values and be safe.
In sd-bus, we have to do a translation between uint64_t and gid_t
now for supplementary gids.
Some inline comments have also been updated in kdbus upstream.
|
|
The kernel part of kdbus does not allow userspace to make any assumption on
which unique address the first user on the bus will get.
Instead, use sd_bus_get_unique_name() to get the server's address.
|
|
Follow two small changes in the kdbus API:
* Flags are now returned in cmd->return_flags by KDBUS_CMD_NAME_ACQUIRE
* struct kdbus_item_list has been dropped. The information stored in
this struct was redundant since awhile already, as all commands
report their returned slice size anyway.
|
|
Include <sys/socket.h> from util.h and bus-message.h in order to
build errors like the ones below on kdbus enabled systems.
./src/shared/util.h:976:32: warning: its scope is only this definition or declaration, which is probably not what you want
In file included from src/libsystemd/sd-bus/bus-kernel.c:37:0:
./src/shared/util.h:1081:28: warning: 'struct msghdr' declared inside parameter list
void cmsg_close_all(struct msghdr *mh);
^
CC src/libsystemd/sd-bus/libsystemd_la-bus-creds.lo
In file included from src/libsystemd/sd-bus/bus-creds.c:25:0:
./src/shared/util.h:976:32: warning: 'struct ucred' declared inside parameter list
int getpeercred(int fd, struct ucred *ucred);
^
|
|
This patch removes includes that are not used. The removals were found with
include-what-you-use which checks if any of the symbols from a header is
in use.
|
|
This syncs up the new KDBUS_CMD_CONN_INFO behavior:
- attach-flags are passed in .attach_flags, instead of directly merged
with the command flags.
|
|
Also, allow clients to alter their own objects without any further
priviliges. i.e. this allows clients to kill and lock their own sessions
without involving PK.
|
|
"allow-interactive-authentication" message flag
Most of our client tools want to set this bit for all their method
calls, even though it defaults to off in sd-bus, and rightfully so.
Hence, to simplify thing, introduce a per sd_bus-object flag that sets
the default value for all messages created on the connection.
|
|
Pull in new kdbus changes, namely:
- EOVERFLOW is replaces by KDBUS_RECV_RETURN_DROPPED_MSGS
- ENOMSG is merged with EAGAIN for consistency
|
|
We should never put any constraints on the IDs returned by the kernel. Use
sd_bus_get_unique_name() to retrieve the ID of a peer.
|
|
and 32bit on dbus1
|
|
their entirety as gvariant objects""
This reverts commit 954871d8ba15911d014f76ed2c7a9492953cf39d.
|
|
|
|
sd_event_wait() returning 0 usually means that it timed out, which means it must
have been idle. However, sd_event_wait() may return 0 in case an event was triggered
but it turned out there was nothing to do. Make the check for idle explicit to avoid
this edge-case.
|
|
|
|
Another slice logic rework in kdbus made KDBUS_ITEM_PAYLOAD_OFF items
relative to the message header again. Catch up with that in sd-bus.
|
|
include-what-you-use automatically does this and it makes finding
unnecessary harder to spot. The only content of poll.h is a include
of sys/poll.h so should be harmless.
|
|
This fixes various issues found by globally reordering the include
sections of all .c files.
|
|
Also, document in adjacent comments and in CODING_STYLE why we do that.
|
|
|
|
|