Age | Commit message (Collapse) | Author |
|
inclusion
If necessary the passed string is enclosed in "", and all special
characters escapes.
This also ports over usage in bus-util.c and job.c to use this, instead
of a incorrect local implementation that forgets to properly escape.
|
|
non-interactive
Interactive authorization should only happen asynchronously, hence
disallow it in synchronous bus_verify_polkit(), and rename it to
bus_test_polkit(). This way even if the bus message header asks for
interactive authorization, we'll ask for non-interactive authorization
which is actually the desired behaviour if CanSuspend, CanHibernate and
friends, which call this function.
|
|
CID #1237548.
|
|
We were using a space more often than not, and this way is
codified in CODING_STYLE.
|
|
Replace ENOTSUP by EOPNOTSUPP as this is what linux actually uses.
|
|
The error code is called EDEADLK, stop using legacy names like EDEADLOCK.
Note that _some_ weird architectures define them differently (namely, mips
and sparc), but on all sane architectures they're exactly the same. So
stay with the widely used code, which is EDEADLK.
|
|
If we receive an sd_bus_message from the kernel, m->kdbus will contain
additional items that cannot be used when sending a message. Therefore,
always remarshal the message if it is used again.
|
|
This assignment is already done in the parent context, no need to do it
again.
|
|
CID #1271349.
|
|
|
|
After some reconsideration, we decided to move the binary protocol
back to 64-bit wide UIDs and GIDs. After all, it should be possible
to redefine [gu]id_t to uint64_t and things should continue to
work. As we want to avoid such data types in kdbus.h, let's move
back to 64-bit values and be safe.
In sd-bus, we have to do a translation between uint64_t and gid_t
now for supplementary gids.
Some inline comments have also been updated in kdbus upstream.
|
|
The kernel part of kdbus does not allow userspace to make any assumption on
which unique address the first user on the bus will get.
Instead, use sd_bus_get_unique_name() to get the server's address.
|
|
Follow two small changes in the kdbus API:
* Flags are now returned in cmd->return_flags by KDBUS_CMD_NAME_ACQUIRE
* struct kdbus_item_list has been dropped. The information stored in
this struct was redundant since awhile already, as all commands
report their returned slice size anyway.
|
|
Include <sys/socket.h> from util.h and bus-message.h in order to
build errors like the ones below on kdbus enabled systems.
./src/shared/util.h:976:32: warning: its scope is only this definition or declaration, which is probably not what you want
In file included from src/libsystemd/sd-bus/bus-kernel.c:37:0:
./src/shared/util.h:1081:28: warning: 'struct msghdr' declared inside parameter list
void cmsg_close_all(struct msghdr *mh);
^
CC src/libsystemd/sd-bus/libsystemd_la-bus-creds.lo
In file included from src/libsystemd/sd-bus/bus-creds.c:25:0:
./src/shared/util.h:976:32: warning: 'struct ucred' declared inside parameter list
int getpeercred(int fd, struct ucred *ucred);
^
|
|
This patch removes includes that are not used. The removals were found with
include-what-you-use which checks if any of the symbols from a header is
in use.
|
|
This syncs up the new KDBUS_CMD_CONN_INFO behavior:
- attach-flags are passed in .attach_flags, instead of directly merged
with the command flags.
|
|
Also, allow clients to alter their own objects without any further
priviliges. i.e. this allows clients to kill and lock their own sessions
without involving PK.
|
|
"allow-interactive-authentication" message flag
Most of our client tools want to set this bit for all their method
calls, even though it defaults to off in sd-bus, and rightfully so.
Hence, to simplify thing, introduce a per sd_bus-object flag that sets
the default value for all messages created on the connection.
|
|
Pull in new kdbus changes, namely:
- EOVERFLOW is replaces by KDBUS_RECV_RETURN_DROPPED_MSGS
- ENOMSG is merged with EAGAIN for consistency
|
|
We should never put any constraints on the IDs returned by the kernel. Use
sd_bus_get_unique_name() to retrieve the ID of a peer.
|
|
and 32bit on dbus1
|
|
their entirety as gvariant objects""
This reverts commit 954871d8ba15911d014f76ed2c7a9492953cf39d.
|
|
|
|
sd_event_wait() returning 0 usually means that it timed out, which means it must
have been idle. However, sd_event_wait() may return 0 in case an event was triggered
but it turned out there was nothing to do. Make the check for idle explicit to avoid
this edge-case.
|
|
|
|
Another slice logic rework in kdbus made KDBUS_ITEM_PAYLOAD_OFF items
relative to the message header again. Catch up with that in sd-bus.
|
|
include-what-you-use automatically does this and it makes finding
unnecessary harder to spot. The only content of poll.h is a include
of sys/poll.h so should be harmless.
|
|
This fixes various issues found by globally reordering the include
sections of all .c files.
|
|
Also, document in adjacent comments and in CODING_STYLE why we do that.
|
|
|
|
|
|
After all it is now much more like strjoin() than strappend(). At the
same time, add support for NULL sentinels, even if they are normally not
necessary.
|
|
If we scale our buffer to be wide enough for the format string, we
should expect that the calculation was correct.
char_array_0() invocations are removed, since snprintf nul-terminates
the output in any case.
A similar wrapper is used for strftime calls, but only in timedatectl.c.
|
|
entirety as gvariant objects"
This breaks booting with kdbus.
This reverts commit b381de4197157748ed96e469fcc372c23f842ae1.
|
|
as gvariant objects
Previously, we only minimally altered the dbus1 framing for kdbus, and
while the header and its fields where compliant Gvariant objects, and so
was the body, the entire message together was not.
As result of discussions with Ryan Lortie this is now changed, so that
the messages in there entirely are fully compliant GVariants. This
follows the framing description described here:
https://wiki.gnome.org/Projects/GLib/GDBus/Version2
Note that this change changes the framing of *all* messages sent via
kdbus, this means you have to reboot your kdbus system, after compiling
and installing this new version.
|
|
|
|
|
|
|
|
We really need to use va_arg() with the right type here as uint64_t and
double might have the same size, but are passed differently as
arguments.
|
|
Otherwise they can be optimized away with -DNDEBUG
|
|
Types used for pids and uids in various interfaces are unpredictable.
Too bad.
|
|
|
|
client to it
The old "systemd-import" binary is now an internal tool. We still use it
as asynchronous backend for systemd-importd. Since the import tool might
require some IO and CPU resources (due to qcow2 explosion, and
decompression), and because we might want to run it with more minimal
priviliges we still keep it around as the worker binary to execute as
child process of importd.
machinectl now has verbs for pulling down images, cancelling them and
listing them.
|
|
There is no reason to provide our own attach_flags_mask. We can simply
rely on kdbus.attach_flags_mask= which is read by the kernel *and* kmod.
If it's set, we assume the user wants to override our setting, so we
simply skip setting it.
|
|
If we set SD_BUS_CREDS_AUGMENT, we *need* the PID from the kernel so we
can lookup further information from /proc. However, we *must* set
SD_BUS_CREDS_PIDS in "mask", otherwise, our creds-collector will never
actually copy the pid into "sd_bus_creds". Fix this, so
SD_BUS_CREDS_AUGMENT works even if SD_BUS_CREDS_PID is not specified by
the caller.
|
|
Fix comment typo and clarify that this is not about privileges but can
have rather arbitrary reasons.
|
|
Whenever a process performs an action on an object, the kernel uses the
EUID of the process to do permission checks and to apply on any newly
created objects. The UID of a process is only used if someone *ELSE* acts
on the process. That is, the UID of a process defines who owns the
process, the EUID defines what privileges are used by this process when
performing an action.
Process limits, on the other hand, are always applied to the real UID, not
the effective UID. This is, because a process has a user object linked,
which always corresponds to its UID. A process never has a user object
linked for its EUID. Thus, accounting (and limits) is always done on the
real UID.
This commit fixes all sd-bus users to use the EUID when performing
privilege checks and alike. Furthermore, it fixes unix-creds to be parsed
as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone
using UID (eg., to do user-accounting) has to fall back to the EUID as UDS
does not transmit the UID.
|
|
|
|
Just a simple variable rename, and a dropped flag that sd-bus didn't make
use of.
|
|
|