/* -*- mode: C; c-file-style: "gnu" -*- */ /* dbus-sysdeps-unix.c Wrappers around UNIX system/libc features (internal to D-Bus implementation) * * Copyright (C) 2002, 2003, 2006 Red Hat, Inc. * Copyright (C) 2003 CodeFactory AB * * Licensed under the Academic Free License version 2.1 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * */ #include "dbus-internals.h" #include "dbus-sysdeps.h" #include "dbus-sysdeps-unix.h" #include "dbus-threads.h" #include "dbus-protocol.h" #include "dbus-transport.h" #include "dbus-string.h" #include "dbus-userdb.h" #include "dbus-list.h" #include "dbus-credentials.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef HAVE_ERRNO_H #include #endif #ifdef HAVE_WRITEV #include #endif #ifdef HAVE_POLL #include #endif #ifdef HAVE_BACKTRACE #include #endif #ifdef HAVE_GETPEERUCRED #include #endif #ifndef O_BINARY #define O_BINARY 0 #endif #ifndef HAVE_SOCKLEN_T #define socklen_t int #endif static dbus_bool_t _dbus_open_socket (int *fd_p, int domain, int type, int protocol, DBusError *error) { *fd_p = socket (domain, type, protocol); if (*fd_p >= 0) { _dbus_verbose ("socket fd %d opened\n", *fd_p); return TRUE; } else { dbus_set_error(error, _dbus_error_from_errno (errno), "Failed to open socket: %s", _dbus_strerror (errno)); return FALSE; } } dbus_bool_t _dbus_open_tcp_socket (int *fd, DBusError *error) { return _dbus_open_socket(fd, AF_INET, SOCK_STREAM, 0, error); } /** * Opens a UNIX domain socket (as in the socket() call). * Does not bind the socket. * @param fd return location for socket descriptor * @param error return location for an error * @returns #FALSE if error is set */ dbus_bool_t _dbus_open_unix_socket (int *fd, DBusError *error) { return _dbus_open_socket(fd, PF_UNIX, SOCK_STREAM, 0, error); } /** * Closes a socket. Should not be used on non-socket * file descriptors or handles. * * @param fd the socket * @param error return location for an error * @returns #FALSE if error is set */ dbus_bool_t _dbus_close_socket (int fd, DBusError *error) { return _dbus_close (fd, error); } /** * Like _dbus_read(), but only works on sockets so is * available on Windows. * * @param fd the socket * @param buffer string to append data to * @param count max amount of data to read * @returns number of bytes appended to the string */ int _dbus_read_socket (int fd, DBusString *buffer, int count) { return _dbus_read (fd, buffer, count); } /** * Like _dbus_write(), but only supports sockets * and is thus available on Windows. * * @param fd the file descriptor to write * @param buffer the buffer to write data from * @param start the first byte in the buffer to write * @param len the number of bytes to try to write * @returns the number of bytes written or -1 on error */ int _dbus_write_socket (int fd, const DBusString *buffer, int start, int len) { return _dbus_write (fd, buffer, start, len); } /** * write data to a pipe. * * @param pipe the pipe instance * @param buffer the buffer to write data from * @param start the first byte in the buffer to write * @param len the number of bytes to try to write * @param error error return * @returns the number of bytes written or -1 on error */ int _dbus_pipe_write (DBusPipe *pipe, const DBusString *buffer, int start, int len, DBusError *error) { int written; written = _dbus_write (pipe->fd_or_handle, buffer, start, len); if (written < 0) { dbus_set_error (error, DBUS_ERROR_FAILED, "Writing to pipe: %s\n", _dbus_strerror (errno)); } return written; } /** * close a pipe. * * @param pipe the pipe instance * @param error return location for an error * @returns #FALSE if error is set */ int _dbus_pipe_close (DBusPipe *pipe, DBusError *error) { if (_dbus_close (pipe->fd_or_handle, error) < 0) { return -1; } else { _dbus_pipe_invalidate (pipe); return 0; } } /** * Like _dbus_write_two() but only works on sockets and is thus * available on Windows. * * @param fd the file descriptor * @param buffer1 first buffer * @param start1 first byte to write in first buffer * @param len1 number of bytes to write from first buffer * @param buffer2 second buffer, or #NULL * @param start2 first byte to write in second buffer * @param len2 number of bytes to write in second buffer * @returns total bytes written from both buffers, or -1 on error */ int _dbus_write_socket_two (int fd, const DBusString *buffer1, int start1, int len1, const DBusString *buffer2, int start2, int len2) { return _dbus_write_two (fd, buffer1, start1, len1, buffer2, start2, len2); } /** * Thin wrapper around the read() system call that appends * the data it reads to the DBusString buffer. It appends * up to the given count, and returns the same value * and same errno as read(). The only exception is that * _dbus_read() handles EINTR for you. Also, _dbus_read() can * return ENOMEM, even though regular UNIX read doesn't. * * Unlike _dbus_read_socket(), _dbus_read() is not available * on Windows. * * @param fd the file descriptor to read from * @param buffer the buffer to append data to * @param count the amount of data to read * @returns the number of bytes read or -1 */ int _dbus_read (int fd, DBusString *buffer, int count) { int bytes_read; int start; char *data; _dbus_assert (count >= 0); start = _dbus_string_get_length (buffer); if (!_dbus_string_lengthen (buffer, count)) { errno = ENOMEM; return -1; } data = _dbus_string_get_data_len (buffer, start, count); again: bytes_read = read (fd, data, count); if (bytes_read < 0) { if (errno == EINTR) goto again; else { /* put length back (note that this doesn't actually realloc anything) */ _dbus_string_set_length (buffer, start); return -1; } } else { /* put length back (doesn't actually realloc) */ _dbus_string_set_length (buffer, start + bytes_read); #if 0 if (bytes_read > 0) _dbus_verbose_bytes_of_string (buffer, start, bytes_read); #endif return bytes_read; } } /** * Thin wrapper around the write() system call that writes a part of a * DBusString and handles EINTR for you. * * @param fd the file descriptor to write * @param buffer the buffer to write data from * @param start the first byte in the buffer to write * @param len the number of bytes to try to write * @returns the number of bytes written or -1 on error */ int _dbus_write (int fd, const DBusString *buffer, int start, int len) { const char *data; int bytes_written; data = _dbus_string_get_const_data_len (buffer, start, len); again: bytes_written = write (fd, data, len); if (bytes_written < 0 && errno == EINTR) goto again; #if 0 if (bytes_written > 0) _dbus_verbose_bytes_of_string (buffer, start, bytes_written); #endif return bytes_written; } /** * Like _dbus_write() but will use writev() if possible * to write both buffers in sequence. The return value * is the number of bytes written in the first buffer, * plus the number written in the second. If the first * buffer is written successfully and an error occurs * writing the second, the number of bytes in the first * is returned (i.e. the error is ignored), on systems that * don't have writev. Handles EINTR for you. * The second buffer may be #NULL. * * @param fd the file descriptor * @param buffer1 first buffer * @param start1 first byte to write in first buffer * @param len1 number of bytes to write from first buffer * @param buffer2 second buffer, or #NULL * @param start2 first byte to write in second buffer * @param len2 number of bytes to write in second buffer * @returns total bytes written from both buffers, or -1 on error */ int _dbus_write_two (int fd, const DBusString *buffer1, int start1, int len1, const DBusString *buffer2, int start2, int len2) { _dbus_assert (buffer1 != NULL); _dbus_assert (start1 >= 0); _dbus_assert (start2 >= 0); _dbus_assert (len1 >= 0); _dbus_assert (len2 >= 0); #ifdef HAVE_WRITEV { struct iovec vectors[2]; const char *data1; const char *data2; int bytes_written; data1 = _dbus_string_get_const_data_len (buffer1, start1, len1); if (buffer2 != NULL) data2 = _dbus_string_get_const_data_len (buffer2, start2, len2); else { data2 = NULL; start2 = 0; len2 = 0; } vectors[0].iov_base = (char*) data1; vectors[0].iov_len = len1; vectors[1].iov_base = (char*) data2; vectors[1].iov_len = len2; again: bytes_written = writev (fd, vectors, data2 ? 2 : 1); if (bytes_written < 0 && errno == EINTR) goto again; return bytes_written; } #else /* HAVE_WRITEV */ { int ret1; ret1 = _dbus_write (fd, buffer1, start1, len1); if (ret1 == len1 && buffer2 != NULL) { ret2 = _dbus_write (fd, buffer2, start2, len2); if (ret2 < 0) ret2 = 0; /* we can't report an error as the first write was OK */ return ret1 + ret2; } else return ret1; } #endif /* !HAVE_WRITEV */ } #define _DBUS_MAX_SUN_PATH_LENGTH 99 /** * @def _DBUS_MAX_SUN_PATH_LENGTH * * Maximum length of the path to a UNIX domain socket, * sockaddr_un::sun_path member. POSIX requires that all systems * support at least 100 bytes here, including the nul termination. * We use 99 for the max value to allow for the nul. * * We could probably also do sizeof (addr.sun_path) * but this way we are the same on all platforms * which is probably a good idea. */ /** * Creates a socket and connects it to the UNIX domain socket at the * given path. The connection fd is returned, and is set up as * nonblocking. * * Uses abstract sockets instead of filesystem-linked sockets if * requested (it's possible only on Linux; see "man 7 unix" on Linux). * On non-Linux abstract socket usage always fails. * * @param path the path to UNIX domain socket * @param abstract #TRUE to use abstract namespace * @param error return location for error code * @returns connection file descriptor or -1 on error */ int _dbus_connect_unix_socket (const char *path, dbus_bool_t abstract, DBusError *error) { int fd; size_t path_len; struct sockaddr_un addr; _DBUS_ASSERT_ERROR_IS_CLEAR (error); _dbus_verbose ("connecting to unix socket %s abstract=%d\n", path, abstract); if (!_dbus_open_unix_socket (&fd, error)) { _DBUS_ASSERT_ERROR_IS_SET(error); return -1; } _DBUS_ASSERT_ERROR_IS_CLEAR(error); _DBUS_ZERO (addr); addr.sun_family = AF_UNIX; path_len = strlen (path); if (abstract) { #ifdef HAVE_ABSTRACT_SOCKETS addr.sun_path[0] = '\0'; /* this is what says "use abstract" */ path_len++; /* Account for the extra nul byte added to the start of sun_path */ if (path_len > _DBUS_MAX_SUN_PATH_LENGTH) { dbus_set_error (error, DBUS_ERROR_BAD_ADDRESS, "Abstract socket name too long\n"); _dbus_close (fd, NULL); return -1; } strncpy (&addr.sun_path[1], path, path_len); /* _dbus_verbose_bytes (addr.sun_path, sizeof (addr.sun_path)); */ #else /* HAVE_ABSTRACT_SOCKETS */ dbus_set_error (error, DBUS_ERROR_NOT_SUPPORTED, "Operating system does not support abstract socket namespace\n"); _dbus_close (fd, NULL); return -1; #endif /* ! HAVE_ABSTRACT_SOCKETS */ } else { if (path_len > _DBUS_MAX_SUN_PATH_LENGTH) { dbus_set_error (error, DBUS_ERROR_BAD_ADDRESS, "Socket name too long\n"); _dbus_close (fd, NULL); return -1; } strncpy (addr.sun_path, path, path_len); } if (connect (fd, (struct sockaddr*) &addr, _DBUS_STRUCT_OFFSET (struct sockaddr_un, sun_path) + path_len) < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to connect to socket %s: %s", path, _dbus_strerror (errno)); _dbus_close (fd, NULL); fd = -1; return -1; } if (!_dbus_set_fd_nonblocking (fd, error)) { _DBUS_ASSERT_ERROR_IS_SET (error); _dbus_close (fd, NULL); fd = -1; return -1; } return fd; } /** * Enables or disables the reception of credentials on the given socket during * the next message transmission. This is only effective if the #LOCAL_CREDS * system feature exists, in which case the other side of the connection does * not have to do anything special to send the credentials. * * @param fd socket on which to change the #LOCAL_CREDS flag. * @param on whether to enable or disable the #LOCAL_CREDS flag. */ static dbus_bool_t _dbus_set_local_creds (int fd, dbus_bool_t on) { dbus_bool_t retval = TRUE; #if defined(HAVE_CMSGCRED) /* NOOP just to make sure only one codepath is used * and to prefer CMSGCRED */ #elif defined(LOCAL_CREDS) int val = on ? 1 : 0; if (setsockopt (fd, 0, LOCAL_CREDS, &val, sizeof (val)) < 0) { _dbus_verbose ("Unable to set LOCAL_CREDS socket option on fd %d\n", fd); retval = FALSE; } else _dbus_verbose ("LOCAL_CREDS %s for further messages on fd %d\n", on ? "enabled" : "disabled", fd); #endif return retval; } /** * Creates a socket and binds it to the given path, * then listens on the socket. The socket is * set to be nonblocking. * * Uses abstract sockets instead of filesystem-linked * sockets if requested (it's possible only on Linux; * see "man 7 unix" on Linux). * On non-Linux abstract socket usage always fails. * * @param path the socket name * @param abstract #TRUE to use abstract namespace * @param error return location for errors * @returns the listening file descriptor or -1 on error */ int _dbus_listen_unix_socket (const char *path, dbus_bool_t abstract, DBusError *error) { int listen_fd; struct sockaddr_un addr; size_t path_len; _DBUS_ASSERT_ERROR_IS_CLEAR (error); _dbus_verbose ("listening on unix socket %s abstract=%d\n", path, abstract); if (!_dbus_open_unix_socket (&listen_fd, error)) { _DBUS_ASSERT_ERROR_IS_SET(error); return -1; } _DBUS_ASSERT_ERROR_IS_CLEAR(error); _DBUS_ZERO (addr); addr.sun_family = AF_UNIX; path_len = strlen (path); if (abstract) { #ifdef HAVE_ABSTRACT_SOCKETS /* remember that abstract names aren't nul-terminated so we rely * on sun_path being filled in with zeroes above. */ addr.sun_path[0] = '\0'; /* this is what says "use abstract" */ path_len++; /* Account for the extra nul byte added to the start of sun_path */ if (path_len > _DBUS_MAX_SUN_PATH_LENGTH) { dbus_set_error (error, DBUS_ERROR_BAD_ADDRESS, "Abstract socket name too long\n"); _dbus_close (listen_fd, NULL); return -1; } strncpy (&addr.sun_path[1], path, path_len); /* _dbus_verbose_bytes (addr.sun_path, sizeof (addr.sun_path)); */ #else /* HAVE_ABSTRACT_SOCKETS */ dbus_set_error (error, DBUS_ERROR_NOT_SUPPORTED, "Operating system does not support abstract socket namespace\n"); _dbus_close (listen_fd, NULL); return -1; #endif /* ! HAVE_ABSTRACT_SOCKETS */ } else { /* Discussed security implications of this with Nalin, * and we couldn't think of where it would kick our ass, but * it still seems a bit sucky. It also has non-security suckage; * really we'd prefer to exit if the socket is already in use. * But there doesn't seem to be a good way to do this. * * Just to be extra careful, I threw in the stat() - clearly * the stat() can't *fix* any security issue, but it at least * avoids inadvertent/accidental data loss. */ { struct stat sb; if (stat (path, &sb) == 0 && S_ISSOCK (sb.st_mode)) unlink (path); } if (path_len > _DBUS_MAX_SUN_PATH_LENGTH) { dbus_set_error (error, DBUS_ERROR_BAD_ADDRESS, "Abstract socket name too long\n"); _dbus_close (listen_fd, NULL); return -1; } strncpy (addr.sun_path, path, path_len); } if (bind (listen_fd, (struct sockaddr*) &addr, _DBUS_STRUCT_OFFSET (struct sockaddr_un, sun_path) + path_len) < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to bind socket \"%s\": %s", path, _dbus_strerror (errno)); _dbus_close (listen_fd, NULL); return -1; } if (listen (listen_fd, 30 /* backlog */) < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to listen on socket \"%s\": %s", path, _dbus_strerror (errno)); _dbus_close (listen_fd, NULL); return -1; } if (!_dbus_set_local_creds (listen_fd, TRUE)) { dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to enable LOCAL_CREDS on socket \"%s\": %s", path, _dbus_strerror (errno)); close (listen_fd); return -1; } if (!_dbus_set_fd_nonblocking (listen_fd, error)) { _DBUS_ASSERT_ERROR_IS_SET (error); _dbus_close (listen_fd, NULL); return -1; } /* Try opening up the permissions, but if we can't, just go ahead * and continue, maybe it will be good enough. */ if (!abstract && chmod (path, 0777) < 0) _dbus_warn ("Could not set mode 0777 on socket %s\n", path); return listen_fd; } /** * Creates a socket and connects to a socket at the given host * and port. The connection fd is returned, and is set up as * nonblocking. * * @param host the host name to connect to * @param port the prot to connect to * @param error return location for error code * @returns connection file descriptor or -1 on error */ int _dbus_connect_tcp_socket (const char *host, dbus_uint32_t port, DBusError *error) { int fd; struct sockaddr_in addr; struct hostent *he; struct in_addr *haddr; _DBUS_ASSERT_ERROR_IS_CLEAR (error); if (!_dbus_open_tcp_socket (&fd, error)) { _DBUS_ASSERT_ERROR_IS_SET(error); return -1; } _DBUS_ASSERT_ERROR_IS_CLEAR(error); if (host == NULL) host = "localhost"; he = gethostbyname (host); if (he == NULL) { dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to lookup hostname: %s", host); _dbus_close (fd, NULL); return -1; } haddr = ((struct in_addr *) (he->h_addr_list)[0]); _DBUS_ZERO (addr); memcpy (&addr.sin_addr, haddr, sizeof(struct in_addr)); addr.sin_family = AF_INET; addr.sin_port = htons (port); if (connect (fd, (struct sockaddr*) &addr, sizeof (addr)) < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to connect to socket %s:%d %s", host, port, _dbus_strerror (errno)); _dbus_close (fd, NULL); fd = -1; return -1; } if (!_dbus_set_fd_nonblocking (fd, error)) { _dbus_close (fd, NULL); fd = -1; return -1; } return fd; } /** * Creates a socket and binds it to the given path, then listens on * the socket. The socket is set to be nonblocking. In case of port=0 * a random free port is used and returned in the port parameter. * If inaddr_any is specified, the hostname is ignored. * * @param host the host name to listen on * @param port the prot to listen on, if zero a free port will be used * @param inaddr_any TRUE to listen on all local interfaces instead of on the host name * @param error return location for errors * @returns the listening file descriptor or -1 on error */ int _dbus_listen_tcp_socket (const char *host, dbus_uint32_t *port, dbus_bool_t inaddr_any, DBusError *error) { int listen_fd; struct sockaddr_in addr; socklen_t len = (socklen_t) sizeof (struct sockaddr); _DBUS_ASSERT_ERROR_IS_CLEAR (error); if (!_dbus_open_tcp_socket (&listen_fd, error)) { _DBUS_ASSERT_ERROR_IS_SET(error); return -1; } _DBUS_ASSERT_ERROR_IS_CLEAR(error); _DBUS_ZERO (addr); if (inaddr_any) { addr.sin_addr.s_addr = INADDR_ANY; } else { struct hostent *he; struct in_addr *haddr; he = gethostbyname (host); if (he == NULL) { dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to lookup hostname: %s", host); _dbus_close (listen_fd, NULL); return -1; } haddr = ((struct in_addr *) (he->h_addr_list)[0]); memcpy (&addr.sin_addr, haddr, sizeof (struct in_addr)); } addr.sin_family = AF_INET; addr.sin_port = htons (*port); if (bind (listen_fd, (struct sockaddr*) &addr, sizeof (struct sockaddr))) { dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to bind socket \"%s:%d\": %s", host, *port, _dbus_strerror (errno)); _dbus_close (listen_fd, NULL); return -1; } if (listen (listen_fd, 30 /* backlog */) < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to listen on socket \"%s:%d\": %s", host, *port, _dbus_strerror (errno)); _dbus_close (listen_fd, NULL); return -1; } getsockname(listen_fd, (struct sockaddr*) &addr, &len); *port = (dbus_uint32_t) ntohs(addr.sin_port); if (!_dbus_set_fd_nonblocking (listen_fd, error)) { _dbus_close (listen_fd, NULL); return -1; } return listen_fd; } static dbus_bool_t write_credentials_byte (int server_fd, DBusError *error) { int bytes_written; char buf[1] = { '\0' }; #if defined(HAVE_CMSGCRED) struct { struct cmsghdr hdr; struct cmsgcred cred; } cmsg; struct iovec iov; struct msghdr msg; iov.iov_base = buf; iov.iov_len = 1; memset (&msg, 0, sizeof (msg)); msg.msg_iov = &iov; msg.msg_iovlen = 1; msg.msg_control = &cmsg; msg.msg_controllen = sizeof (cmsg); memset (&cmsg, 0, sizeof (cmsg)); cmsg.hdr.cmsg_len = sizeof (cmsg); cmsg.hdr.cmsg_level = SOL_SOCKET; cmsg.hdr.cmsg_type = SCM_CREDS; #endif _DBUS_ASSERT_ERROR_IS_CLEAR (error); again: #if defined(HAVE_CMSGCRED) bytes_written = sendmsg (server_fd, &msg, 0); #else bytes_written = write (server_fd, buf, 1); #endif if (bytes_written < 0 && errno == EINTR) goto again; if (bytes_written < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to write credentials byte: %s", _dbus_strerror (errno)); return FALSE; } else if (bytes_written == 0) { dbus_set_error (error, DBUS_ERROR_IO_ERROR, "wrote zero bytes writing credentials byte"); return FALSE; } else { _dbus_assert (bytes_written == 1); _dbus_verbose ("wrote credentials byte\n"); return TRUE; } } /** * Reads a single byte which must be nul (an error occurs otherwise), * and reads unix credentials if available. Clears the credentials * object, then adds pid/uid if available, so any previous credentials * stored in the object are lost. * * Return value indicates whether a byte was read, not whether * we got valid credentials. On some systems, such as Linux, * reading/writing the byte isn't actually required, but we do it * anyway just to avoid multiple codepaths. * * Fails if no byte is available, so you must select() first. * * The point of the byte is that on some systems we have to * use sendmsg()/recvmsg() to transmit credentials. * * @param client_fd the client file descriptor * @param credentials object to add client credentials to * @param error location to store error code * @returns #TRUE on success */ dbus_bool_t _dbus_read_credentials_socket (int client_fd, DBusCredentials *credentials, DBusError *error) { struct msghdr msg; struct iovec iov; char buf; dbus_uid_t uid_read; dbus_pid_t pid_read; uid_read = DBUS_UID_UNSET; pid_read = DBUS_PID_UNSET; #ifdef HAVE_CMSGCRED struct { struct cmsghdr hdr; struct cmsgcred cred; } cmsg; #elif defined(LOCAL_CREDS) struct { struct cmsghdr hdr; struct sockcred cred; } cmsg; #endif _DBUS_ASSERT_ERROR_IS_CLEAR (error); /* The POSIX spec certainly doesn't promise this, but * we need these assertions to fail as soon as we're wrong about * it so we can do the porting fixups */ _dbus_assert (sizeof (pid_t) <= sizeof (dbus_pid_t)); _dbus_assert (sizeof (uid_t) <= sizeof (dbus_uid_t)); _dbus_assert (sizeof (gid_t) <= sizeof (dbus_gid_t)); _dbus_credentials_clear (credentials); /* Systems supporting LOCAL_CREDS are configured to have this feature * enabled (if it does not conflict with HAVE_CMSGCRED) prior accepting * the connection. Therefore, the received message must carry the * credentials information without doing anything special. */ iov.iov_base = &buf; iov.iov_len = 1; memset (&msg, 0, sizeof (msg)); msg.msg_iov = &iov; msg.msg_iovlen = 1; #if defined(HAVE_CMSGCRED) || defined(LOCAL_CREDS) memset (&cmsg, 0, sizeof (cmsg)); msg.msg_control = &cmsg; msg.msg_controllen = sizeof (cmsg); #endif again: if (recvmsg (client_fd, &msg, 0) < 0) { if (errno == EINTR) goto again; dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to read credentials byte: %s", _dbus_strerror (errno)); return FALSE; } if (buf != '\0') { dbus_set_error (error, DBUS_ERROR_FAILED, "Credentials byte was not nul"); return FALSE; } #if defined(HAVE_CMSGCRED) || defined(LOCAL_CREDS) if (cmsg.hdr.cmsg_len < sizeof (cmsg) || cmsg.hdr.cmsg_type != SCM_CREDS) { dbus_set_error (error, DBUS_ERROR_FAILED, "Message from recvmsg() was not SCM_CREDS"); return FALSE; } #endif _dbus_verbose ("read credentials byte\n"); { #ifdef SO_PEERCRED struct ucred cr; int cr_len = sizeof (cr); if (getsockopt (client_fd, SOL_SOCKET, SO_PEERCRED, &cr, &cr_len) == 0 && cr_len == sizeof (cr)) { pid_read = cr.pid; uid_read = cr.uid; } else { _dbus_verbose ("Failed to getsockopt() credentials, returned len %d/%d: %s\n", cr_len, (int) sizeof (cr), _dbus_strerror (errno)); } #elif defined(HAVE_CMSGCRED) pid_read = cmsg.cred.cmcred_pid; uid_read = cmsg.cred.cmcred_euid; #elif defined(LOCAL_CREDS) pid_read = DBUS_PID_UNSET; uid_read = cmsg.cred.sc_uid; /* Since we have already got the credentials from this socket, we can * disable its LOCAL_CREDS flag if it was ever set. */ _dbus_set_local_creds (client_fd, FALSE); #elif defined(HAVE_GETPEEREID) uid_t euid; gid_t egid; if (getpeereid (client_fd, &euid, &egid) == 0) { uid_read = euid; } else { _dbus_verbose ("Failed to getpeereid() credentials: %s\n", _dbus_strerror (errno)); } #elif defined(HAVE_GETPEERUCRED) ucred_t * ucred = NULL; if (getpeerucred (client_fd, &ucred) == 0) { pid_read = ucred_getpid (ucred); uid_read = ucred_geteuid (ucred); } else { _dbus_verbose ("Failed to getpeerucred() credentials: %s\n", _dbus_strerror (errno)); } if (ucred != NULL) ucred_free (ucred); #else /* !SO_PEERCRED && !HAVE_CMSGCRED && !HAVE_GETPEEREID && !HAVE_GETPEERUCRED */ _dbus_verbose ("Socket credentials not supported on this OS\n"); #endif } _dbus_verbose ("Credentials:" " pid "DBUS_PID_FORMAT " uid "DBUS_UID_FORMAT "\n", pid_read, uid_read); if (pid_read != DBUS_PID_UNSET) { if (!_dbus_credentials_add_unix_pid (credentials, pid_read)) { _DBUS_SET_OOM (error); return FALSE; } } if (uid_read != DBUS_UID_UNSET) { if (!_dbus_credentials_add_unix_uid (credentials, uid_read)) { _DBUS_SET_OOM (error); return FALSE; } } return TRUE; } /** * Sends a single nul byte with our UNIX credentials as ancillary * data. Returns #TRUE if the data was successfully written. On * systems that don't support sending credentials, just writes a byte, * doesn't send any credentials. On some systems, such as Linux, * reading/writing the byte isn't actually required, but we do it * anyway just to avoid multiple codepaths. * * Fails if no byte can be written, so you must select() first. * * The point of the byte is that on some systems we have to * use sendmsg()/recvmsg() to transmit credentials. * * @param server_fd file descriptor for connection to server * @param error return location for error code * @returns #TRUE if the byte was sent */ dbus_bool_t _dbus_send_credentials_socket (int server_fd, DBusError *error) { _DBUS_ASSERT_ERROR_IS_CLEAR (error); if (write_credentials_byte (server_fd, error)) return TRUE; else return FALSE; } /** * Accepts a connection on a listening socket. * Handles EINTR for you. * * @param listen_fd the listen file descriptor * @returns the connection fd of the client, or -1 on error */ int _dbus_accept (int listen_fd) { int client_fd; struct sockaddr addr; socklen_t addrlen; addrlen = sizeof (addr); retry: client_fd = accept (listen_fd, &addr, &addrlen); if (client_fd < 0) { if (errno == EINTR) goto retry; } _dbus_verbose ("client fd %d accepted\n", client_fd); return client_fd; } /** * Checks to make sure the given directory is * private to the user * * @param dir the name of the directory * @param error error return * @returns #FALSE on failure **/ dbus_bool_t _dbus_check_dir_is_private_to_user (DBusString *dir, DBusError *error) { const char *directory; struct stat sb; _DBUS_ASSERT_ERROR_IS_CLEAR (error); directory = _dbus_string_get_const_data (dir); if (stat (directory, &sb) < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), "%s", _dbus_strerror (errno)); return FALSE; } if ((S_IROTH & sb.st_mode) || (S_IWOTH & sb.st_mode) || (S_IRGRP & sb.st_mode) || (S_IWGRP & sb.st_mode)) { dbus_set_error (error, DBUS_ERROR_FAILED, "%s directory is not private to the user", directory); return FALSE; } return TRUE; } static dbus_bool_t fill_user_info_from_passwd (struct passwd *p, DBusUserInfo *info, DBusError *error) { _dbus_assert (p->pw_name != NULL); _dbus_assert (p->pw_dir != NULL); info->uid = p->pw_uid; info->primary_gid = p->pw_gid; info->username = _dbus_strdup (p->pw_name); info->homedir = _dbus_strdup (p->pw_dir); if (info->username == NULL || info->homedir == NULL) { dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); return FALSE; } return TRUE; } static dbus_bool_t fill_user_info (DBusUserInfo *info, dbus_uid_t uid, const DBusString *username, DBusError *error) { const char *username_c; /* exactly one of username/uid provided */ _dbus_assert (username != NULL || uid != DBUS_UID_UNSET); _dbus_assert (username == NULL || uid == DBUS_UID_UNSET); info->uid = DBUS_UID_UNSET; info->primary_gid = DBUS_GID_UNSET; info->group_ids = NULL; info->n_group_ids = 0; info->username = NULL; info->homedir = NULL; if (username != NULL) username_c = _dbus_string_get_const_data (username); else username_c = NULL; /* For now assuming that the getpwnam() and getpwuid() flavors * are always symmetrical, if not we have to add more configure * checks */ #if defined (HAVE_POSIX_GETPWNAM_R) || defined (HAVE_NONPOSIX_GETPWNAM_R) { struct passwd *p; int result; char buf[1024]; struct passwd p_str; p = NULL; #ifdef HAVE_POSIX_GETPWNAM_R if (uid != DBUS_UID_UNSET) result = getpwuid_r (uid, &p_str, buf, sizeof (buf), &p); else result = getpwnam_r (username_c, &p_str, buf, sizeof (buf), &p); #else if (uid != DBUS_UID_UNSET) p = getpwuid_r (uid, &p_str, buf, sizeof (buf)); else p = getpwnam_r (username_c, &p_str, buf, sizeof (buf)); result = 0; #endif /* !HAVE_POSIX_GETPWNAM_R */ if (result == 0 && p == &p_str) { if (!fill_user_info_from_passwd (p, info, error)) return FALSE; } else { dbus_set_error (error, _dbus_error_from_errno (errno), "User \"%s\" unknown or no memory to allocate password entry\n", username_c ? username_c : "???"); _dbus_verbose ("User %s unknown\n", username_c ? username_c : "???"); return FALSE; } } #else /* ! HAVE_GETPWNAM_R */ { /* I guess we're screwed on thread safety here */ struct passwd *p; if (uid != DBUS_UID_UNSET) p = getpwuid (uid); else p = getpwnam (username_c); if (p != NULL) { if (!fill_user_info_from_passwd (p, info, error)) return FALSE; } else { dbus_set_error (error, _dbus_error_from_errno (errno), "User \"%s\" unknown or no memory to allocate password entry\n", username_c ? username_c : "???"); _dbus_verbose ("User %s unknown\n", username_c ? username_c : "???"); return FALSE; } } #endif /* ! HAVE_GETPWNAM_R */ /* Fill this in so we can use it to get groups */ username_c = info->username; #ifdef HAVE_GETGROUPLIST { gid_t *buf; int buf_count; int i; buf_count = 17; buf = dbus_new (gid_t, buf_count); if (buf == NULL) { dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); goto failed; } if (getgrouplist (username_c, info->primary_gid, buf, &buf_count) < 0) { gid_t *new = dbus_realloc (buf, buf_count * sizeof (buf[0])); if (new == NULL) { dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); dbus_free (buf); goto failed; } buf = new; errno = 0; if (getgrouplist (username_c, info->primary_gid, buf, &buf_count) < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to get groups for username \"%s\" primary GID " DBUS_GID_FORMAT ": %s\n", username_c, info->primary_gid, _dbus_strerror (errno)); dbus_free (buf); goto failed; } } info->group_ids = dbus_new (dbus_gid_t, buf_count); if (info->group_ids == NULL) { dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); dbus_free (buf); goto failed; } for (i = 0; i < buf_count; ++i) info->group_ids[i] = buf[i]; info->n_group_ids = buf_count; dbus_free (buf); } #else /* HAVE_GETGROUPLIST */ { /* We just get the one group ID */ info->group_ids = dbus_new (dbus_gid_t, 1); if (info->group_ids == NULL) { dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); goto failed; } info->n_group_ids = 1; (info->group_ids)[0] = info->primary_gid; } #endif /* HAVE_GETGROUPLIST */ _DBUS_ASSERT_ERROR_IS_CLEAR (error); return TRUE; failed: _DBUS_ASSERT_ERROR_IS_SET (error); return FALSE; } /** * Gets user info for the given username. * * @param info user info object to initialize * @param username the username * @param error error return * @returns #TRUE on success */ dbus_bool_t _dbus_user_info_fill (DBusUserInfo *info, const DBusString *username, DBusError *error) { return fill_user_info (info, DBUS_UID_UNSET, username, error); } /** * Gets user info for the given user ID. * * @param info user info object to initialize * @param uid the user ID * @param error error return * @returns #TRUE on success */ dbus_bool_t _dbus_user_info_fill_uid (DBusUserInfo *info, dbus_uid_t uid, DBusError *error) { return fill_user_info (info, uid, NULL, error); } /** * Adds the credentials of the current process to the * passed-in credentials object. * * @param credentials credentials to add to * @returns #FALSE if no memory; does not properly roll back on failure, so only some credentials may have been added */ dbus_bool_t _dbus_credentials_add_from_current_process (DBusCredentials *credentials) { /* The POSIX spec certainly doesn't promise this, but * we need these assertions to fail as soon as we're wrong about * it so we can do the porting fixups */ _dbus_assert (sizeof (pid_t) <= sizeof (dbus_pid_t)); _dbus_assert (sizeof (uid_t) <= sizeof (dbus_uid_t)); _dbus_assert (sizeof (gid_t) <= sizeof (dbus_gid_t)); if (!_dbus_credentials_add_unix_pid(credentials, _dbus_getpid())) return FALSE; if (!_dbus_credentials_add_unix_uid(credentials, _dbus_getuid())) return FALSE; return TRUE; } /** * Append to the string the identity we would like to have when we * authenticate, on UNIX this is the current process UID and on * Windows something else, probably a Windows SID string. No escaping * is required, that is done in dbus-auth.c. The username here * need not be anything human-readable, it can be the machine-readable * form i.e. a user id. * * @param str the string to append to * @returns #FALSE on no memory */ dbus_bool_t _dbus_append_user_from_current_process (DBusString *str) { return _dbus_string_append_uint (str, _dbus_getuid ()); } /** * Gets our process ID * @returns process ID */ dbus_pid_t _dbus_getpid (void) { return getpid (); } /** Gets our UID * @returns process UID */ dbus_uid_t _dbus_getuid (void) { return getuid (); } /** * The only reason this is separate from _dbus_getpid() is to allow it * on Windows for logging but not for other purposes. * * @returns process ID to put in log messages */ unsigned long _dbus_pid_for_log (void) { return getpid (); } /** * Gets a UID from a UID string. * * @param uid_str the UID in string form * @param uid UID to fill in * @returns #TRUE if successfully filled in UID */ dbus_bool_t _dbus_parse_uid (const DBusString *uid_str, dbus_uid_t *uid) { int end; long val; if (_dbus_string_get_length (uid_str) == 0) { _dbus_verbose ("UID string was zero length\n"); return FALSE; } val = -1; end = 0; if (!_dbus_string_parse_int (uid_str, 0, &val, &end)) { _dbus_verbose ("could not parse string as a UID\n"); return FALSE; } if (end != _dbus_string_get_length (uid_str)) { _dbus_verbose ("string contained trailing stuff after UID\n"); return FALSE; } *uid = val; return TRUE; } _DBUS_DEFINE_GLOBAL_LOCK (atomic); #ifdef DBUS_USE_ATOMIC_INT_486 /* Taken from CVS version 1.7 of glibc's sysdeps/i386/i486/atomicity.h */ /* Since the asm stuff here is gcc-specific we go ahead and use "inline" also */ static inline dbus_int32_t atomic_exchange_and_add (DBusAtomic *atomic, volatile dbus_int32_t val) { register dbus_int32_t result; __asm__ __volatile__ ("lock; xaddl %0,%1" : "=r" (result), "=m" (atomic->value) : "0" (val), "m" (atomic->value)); return result; } #endif /** * Atomically increments an integer * * @param atomic pointer to the integer to increment * @returns the value before incrementing * * @todo implement arch-specific faster atomic ops */ dbus_int32_t _dbus_atomic_inc (DBusAtomic *atomic) { #ifdef DBUS_USE_ATOMIC_INT_486 return atomic_exchange_and_add (atomic, 1); #else dbus_int32_t res; _DBUS_LOCK (atomic); res = atomic->value; atomic->value += 1; _DBUS_UNLOCK (atomic); return res; #endif } /** * Atomically decrement an integer * * @param atomic pointer to the integer to decrement * @returns the value before decrementing * * @todo implement arch-specific faster atomic ops */ dbus_int32_t _dbus_atomic_dec (DBusAtomic *atomic) { #ifdef DBUS_USE_ATOMIC_INT_486 return atomic_exchange_and_add (atomic, -1); #else dbus_int32_t res; _DBUS_LOCK (atomic); res = atomic->value; atomic->value -= 1; _DBUS_UNLOCK (atomic); return res; #endif } #ifdef DBUS_BUILD_TESTS /** Gets our GID * @returns process GID */ dbus_gid_t _dbus_getgid (void) { return getgid (); } #endif /** * Wrapper for poll(). * * @param fds the file descriptors to poll * @param n_fds number of descriptors in the array * @param timeout_milliseconds timeout or -1 for infinite * @returns numbers of fds with revents, or <0 on error */ int _dbus_poll (DBusPollFD *fds, int n_fds, int timeout_milliseconds) { #ifdef HAVE_POLL /* This big thing is a constant expression and should get optimized * out of existence. So it's more robust than a configure check at * no cost. */ if (_DBUS_POLLIN == POLLIN && _DBUS_POLLPRI == POLLPRI && _DBUS_POLLOUT == POLLOUT && _DBUS_POLLERR == POLLERR && _DBUS_POLLHUP == POLLHUP && _DBUS_POLLNVAL == POLLNVAL && sizeof (DBusPollFD) == sizeof (struct pollfd) && _DBUS_STRUCT_OFFSET (DBusPollFD, fd) == _DBUS_STRUCT_OFFSET (struct pollfd, fd) && _DBUS_STRUCT_OFFSET (DBusPollFD, events) == _DBUS_STRUCT_OFFSET (struct pollfd, events) && _DBUS_STRUCT_OFFSET (DBusPollFD, revents) == _DBUS_STRUCT_OFFSET (struct pollfd, revents)) { return poll ((struct pollfd*) fds, n_fds, timeout_milliseconds); } else { /* We have to convert the DBusPollFD to an array of * struct pollfd, poll, and convert back. */ _dbus_warn ("didn't implement poll() properly for this system yet\n"); return -1; } #else /* ! HAVE_POLL */ fd_set read_set, write_set, err_set; int max_fd = 0; int i; struct timeval tv; int ready; FD_ZERO (&read_set); FD_ZERO (&write_set); FD_ZERO (&err_set); for (i = 0; i < n_fds; i++) { DBusPollFD *fdp = &fds[i]; if (fdp->events & _DBUS_POLLIN) FD_SET (fdp->fd, &read_set); if (fdp->events & _DBUS_POLLOUT) FD_SET (fdp->fd, &write_set); FD_SET (fdp->fd, &err_set); max_fd = MAX (max_fd, fdp->fd); } tv.tv_sec = timeout_milliseconds / 1000; tv.tv_usec = (timeout_milliseconds % 1000) * 1000; ready = select (max_fd + 1, &read_set, &write_set, &err_set, timeout_milliseconds < 0 ? NULL : &tv); if (ready > 0) { for (i = 0; i < n_fds; i++) { DBusPollFD *fdp = &fds[i]; fdp->revents = 0; if (FD_ISSET (fdp->fd, &read_set)) fdp->revents |= _DBUS_POLLIN; if (FD_ISSET (fdp->fd, &write_set)) fdp->revents |= _DBUS_POLLOUT; if (FD_ISSET (fdp->fd, &err_set)) fdp->revents |= _DBUS_POLLERR; } } return ready; #endif } /** * Get current time, as in gettimeofday(). * * @param tv_sec return location for number of seconds * @param tv_usec return location for number of microseconds (thousandths) */ void _dbus_get_current_time (long *tv_sec, long *tv_usec) { struct timeval t; gettimeofday (&t, NULL); if (tv_sec) *tv_sec = t.tv_sec; if (tv_usec) *tv_usec = t.tv_usec; } /** * Appends the contents of the given file to the string, * returning error code. At the moment, won't open a file * more than a megabyte in size. * * @param str the string to append to * @param filename filename to load * @param error place to set an error * @returns #FALSE if error was set */ dbus_bool_t _dbus_file_get_contents (DBusString *str, const DBusString *filename, DBusError *error) { int fd; struct stat sb; int orig_len; int total; const char *filename_c; _DBUS_ASSERT_ERROR_IS_CLEAR (error); filename_c = _dbus_string_get_const_data (filename); /* O_BINARY useful on Cygwin */ fd = open (filename_c, O_RDONLY | O_BINARY); if (fd < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to open \"%s\": %s", filename_c, _dbus_strerror (errno)); return FALSE; } _dbus_verbose ("file fd %d opened\n", fd); if (fstat (fd, &sb) < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to stat \"%s\": %s", filename_c, _dbus_strerror (errno)); _dbus_verbose ("fstat() failed: %s", _dbus_strerror (errno)); _dbus_close (fd, NULL); return FALSE; } if (sb.st_size > _DBUS_ONE_MEGABYTE) { dbus_set_error (error, DBUS_ERROR_FAILED, "File size %lu of \"%s\" is too large.", (unsigned long) sb.st_size, filename_c); _dbus_close (fd, NULL); return FALSE; } total = 0; orig_len = _dbus_string_get_length (str); if (sb.st_size > 0 && S_ISREG (sb.st_mode)) { int bytes_read; while (total < (int) sb.st_size) { bytes_read = _dbus_read (fd, str, sb.st_size - total); if (bytes_read <= 0) { dbus_set_error (error, _dbus_error_from_errno (errno), "Error reading \"%s\": %s", filename_c, _dbus_strerror (errno)); _dbus_verbose ("read() failed: %s", _dbus_strerror (errno)); _dbus_close (fd, NULL); _dbus_string_set_length (str, orig_len); return FALSE; } else total += bytes_read; } _dbus_close (fd, NULL); return TRUE; } else if (sb.st_size != 0) { _dbus_verbose ("Can only open regular files at the moment.\n"); dbus_set_error (error, DBUS_ERROR_FAILED, "\"%s\" is not a regular file", filename_c); _dbus_close (fd, NULL); return FALSE; } else { _dbus_close (fd, NULL); return TRUE; } } /** * Writes a string out to a file. If the file exists, * it will be atomically overwritten by the new data. * * @param str the string to write out * @param filename the file to save string to * @param error error to be filled in on failure * @returns #FALSE on failure */ dbus_bool_t _dbus_string_save_to_file (const DBusString *str, const DBusString *filename, DBusError *error) { int fd; int bytes_to_write; const char *filename_c; DBusString tmp_filename; const char *tmp_filename_c; int total; dbus_bool_t need_unlink; dbus_bool_t retval; _DBUS_ASSERT_ERROR_IS_CLEAR (error); fd = -1; retval = FALSE; need_unlink = FALSE; if (!_dbus_string_init (&tmp_filename)) { dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); return FALSE; } if (!_dbus_string_copy (filename, 0, &tmp_filename, 0)) { dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); _dbus_string_free (&tmp_filename); return FALSE; } if (!_dbus_string_append (&tmp_filename, ".")) { dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); _dbus_string_free (&tmp_filename); return FALSE; } #define N_TMP_FILENAME_RANDOM_BYTES 8 if (!_dbus_generate_random_ascii (&tmp_filename, N_TMP_FILENAME_RANDOM_BYTES)) { dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); _dbus_string_free (&tmp_filename); return FALSE; } filename_c = _dbus_string_get_const_data (filename); tmp_filename_c = _dbus_string_get_const_data (&tmp_filename); fd = open (tmp_filename_c, O_WRONLY | O_BINARY | O_EXCL | O_CREAT, 0600); if (fd < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), "Could not create %s: %s", tmp_filename_c, _dbus_strerror (errno)); goto out; } _dbus_verbose ("tmp file fd %d opened\n", fd); need_unlink = TRUE; total = 0; bytes_to_write = _dbus_string_get_length (str); while (total < bytes_to_write) { int bytes_written; bytes_written = _dbus_write (fd, str, total, bytes_to_write - total); if (bytes_written <= 0) { dbus_set_error (error, _dbus_error_from_errno (errno), "Could not write to %s: %s", tmp_filename_c, _dbus_strerror (errno)); goto out; } total += bytes_written; } if (!_dbus_close (fd, NULL)) { dbus_set_error (error, _dbus_error_from_errno (errno), "Could not close file %s: %s", tmp_filename_c, _dbus_strerror (errno)); goto out; } fd = -1; if (rename (tmp_filename_c, filename_c) < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), "Could not rename %s to %s: %s", tmp_filename_c, filename_c, _dbus_strerror (errno)); goto out; } need_unlink = FALSE; retval = TRUE; out: /* close first, then unlink, to prevent ".nfs34234235" garbage * files */ if (fd >= 0) _dbus_close (fd, NULL); if (need_unlink && unlink (tmp_filename_c) < 0) _dbus_verbose ("Failed to unlink temp file %s: %s\n", tmp_filename_c, _dbus_strerror (errno)); _dbus_string_free (&tmp_filename); if (!retval) _DBUS_ASSERT_ERROR_IS_SET (error); return retval; } /** Makes the file readable by every user in the system. * * @param filename the filename * @param error error location * @returns #TRUE if the file's permissions could be changed. */ dbus_bool_t _dbus_make_file_world_readable(const DBusString *filename, DBusError *error) { const char *filename_c; _DBUS_ASSERT_ERROR_IS_CLEAR (error); filename_c = _dbus_string_get_const_data (filename); if (chmod (filename_c, 0644) == -1) { dbus_set_error (error, DBUS_ERROR_FAILED, "Could not change permissions of file %s: %s\n", filename_c, _dbus_strerror (errno)); return FALSE; } return TRUE; } /** Creates the given file, failing if the file already exists. * * @param filename the filename * @param error error location * @returns #TRUE if we created the file and it didn't exist */ dbus_bool_t _dbus_create_file_exclusively (const DBusString *filename, DBusError *error) { int fd; const char *filename_c; _DBUS_ASSERT_ERROR_IS_CLEAR (error); filename_c = _dbus_string_get_const_data (filename); fd = open (filename_c, O_WRONLY | O_BINARY | O_EXCL | O_CREAT, 0600); if (fd < 0) { dbus_set_error (error, DBUS_ERROR_FAILED, "Could not create file %s: %s\n", filename_c, _dbus_strerror (errno)); return FALSE; } _dbus_verbose ("exclusive file fd %d opened\n", fd); if (!_dbus_close (fd, NULL)) { dbus_set_error (error, DBUS_ERROR_FAILED, "Could not close file %s: %s\n", filename_c, _dbus_strerror (errno)); return FALSE; } return TRUE; } /** * Deletes the given file. * * @param filename the filename * @param error error location * * @returns #TRUE if unlink() succeeded */ dbus_bool_t _dbus_delete_file (const DBusString *filename, DBusError *error) { const char *filename_c; _DBUS_ASSERT_ERROR_IS_CLEAR (error); filename_c = _dbus_string_get_const_data (filename); if (unlink (filename_c) < 0) { dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to delete file %s: %s\n", filename_c, _dbus_strerror (errno)); return FALSE; } else return TRUE; } /** * Creates a directory; succeeds if the directory * is created or already existed. * * @param filename directory filename * @param error initialized error object * @returns #TRUE on success */ dbus_bool_t _dbus_create_directory (const DBusString *filename, DBusError *error) { const char *filename_c; _DBUS_ASSERT_ERROR_IS_CLEAR (error); filename_c = _dbus_string_get_const_data (filename); if (mkdir (filename_c, 0700) < 0) { if (errno == EEXIST) return TRUE; dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to create directory %s: %s\n", filename_c, _dbus_strerror (errno)); return FALSE; } else return TRUE; } /** * Appends the given filename to the given directory. * * @todo it might be cute to collapse multiple '/' such as "foo//" * concat "//bar" * * @param dir the directory name * @param next_component the filename * @returns #TRUE on success */ dbus_bool_t _dbus_concat_dir_and_file (DBusString *dir, const DBusString *next_component) { dbus_bool_t dir_ends_in_slash; dbus_bool_t file_starts_with_slash; if (_dbus_string_get_length (dir) == 0 || _dbus_string_get_length (next_component) == 0) return TRUE; dir_ends_in_slash = '/' == _dbus_string_get_byte (dir, _dbus_string_get_length (dir) - 1); file_starts_with_slash = '/' == _dbus_string_get_byte (next_component, 0); if (dir_ends_in_slash && file_starts_with_slash) { _dbus_string_shorten (dir, 1); } else if (!(dir_ends_in_slash || file_starts_with_slash)) { if (!_dbus_string_append_byte (dir, '/')) return FALSE; } return _dbus_string_copy (next_component, 0, dir, _dbus_string_get_length (dir)); } /** nanoseconds in a second */ #define NANOSECONDS_PER_SECOND 1000000000 /** microseconds in a second */ #define MICROSECONDS_PER_SECOND 1000000 /** milliseconds in a second */ #define MILLISECONDS_PER_SECOND 1000 /** nanoseconds in a millisecond */ #define NANOSECONDS_PER_MILLISECOND 1000000 /** microseconds in a millisecond */ #define MICROSECONDS_PER_MILLISECOND 1000 /** * Sleeps the given number of milliseconds. * @param milliseconds number of milliseconds */ void _dbus_sleep_milliseconds (int milliseconds) { #ifdef HAVE_NANOSLEEP struct timespec req; struct timespec rem; req.tv_sec = milliseconds / MILLISECONDS_PER_SECOND; req.tv_nsec = (milliseconds % MILLISECONDS_PER_SECOND) * NANOSECONDS_PER_MILLISECOND; rem.tv_sec = 0; rem.tv_nsec = 0; while (nanosleep (&req, &rem) < 0 && errno == EINTR) req = rem; #elif defined (HAVE_USLEEP) usleep (milliseconds * MICROSECONDS_PER_MILLISECOND); #else /* ! HAVE_USLEEP */ sleep (MAX (milliseconds / 1000, 1)); #endif } static dbus_bool_t _dbus_generate_pseudorandom_bytes (DBusString *str, int n_bytes) { int old_len; char *p; old_len = _dbus_string_get_length (str); if (!_dbus_string_lengthen (str, n_bytes)) return FALSE; p = _dbus_string_get_data_len (str, old_len, n_bytes); _dbus_generate_pseudorandom_bytes_buffer (p, n_bytes); return TRUE; } /** * Generates the given number of random bytes, * using the best mechanism we can come up with. * * @param str the string * @param n_bytes the number of random bytes to append to string * @returns #TRUE on success, #FALSE if no memory */ dbus_bool_t _dbus_generate_random_bytes (DBusString *str, int n_bytes) { int old_len; int fd; /* FALSE return means "no memory", if it could * mean something else then we'd need to return * a DBusError. So we always fall back to pseudorandom * if the I/O fails. */ old_len = _dbus_string_get_length (str); fd = -1; /* note, urandom on linux will fall back to pseudorandom */ fd = open ("/dev/urandom", O_RDONLY); if (fd < 0) return _dbus_generate_pseudorandom_bytes (str, n_bytes); _dbus_verbose ("/dev/urandom fd %d opened\n", fd); if (_dbus_read (fd, str, n_bytes) != n_bytes) { _dbus_close (fd, NULL); _dbus_string_set_length (str, old_len); return _dbus_generate_pseudorandom_bytes (str, n_bytes); } _dbus_verbose ("Read %d bytes from /dev/urandom\n", n_bytes); _dbus_close (fd, NULL); return TRUE; } /** * Exit the process, returning the given value. * * @param code the exit code */ void _dbus_exit (int code) { _exit (code); } /** * A wrapper around strerror() because some platforms * may be lame and not have strerror(). * * @param error_number errno. * @returns error description. */ const char* _dbus_strerror (int error_number) { const char *msg; msg = strerror (error_number); if (msg == NULL) msg = "unknown"; return msg; } /** * signal (SIGPIPE, SIG_IGN); */ void _dbus_disable_sigpipe (void) { signal (SIGPIPE, SIG_IGN); } /** * Sets the file descriptor to be close * on exec. Should be called for all file * descriptors in D-Bus code. * * @param fd the file descriptor */ void _dbus_fd_set_close_on_exec (int fd) { int val; val = fcntl (fd, F_GETFD, 0); if (val < 0) return; val |= FD_CLOEXEC; fcntl (fd, F_SETFD, val); } /** * Closes a file descriptor. * * @param fd the file descriptor * @param error error object * @returns #FALSE if error set */ dbus_bool_t _dbus_close (int fd, DBusError *error) { _DBUS_ASSERT_ERROR_IS_CLEAR (error); again: if (close (fd) < 0) { if (errno == EINTR) goto again; dbus_set_error (error, _dbus_error_from_errno (errno), "Could not close fd %d", fd); return FALSE; } return TRUE; } /** * Sets a file descriptor to be nonblocking. * * @param fd the file descriptor. * @param error address of error location. * @returns #TRUE on success. */ dbus_bool_t _dbus_set_fd_nonblocking (int fd, DBusError *error) { int val; _DBUS_ASSERT_ERROR_IS_CLEAR (error); val = fcntl (fd, F_GETFL, 0); if (val < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to get flags from file descriptor %d: %s", fd, _dbus_strerror (errno)); _dbus_verbose ("Failed to get flags for fd %d: %s\n", fd, _dbus_strerror (errno)); return FALSE; } if (fcntl (fd, F_SETFL, val | O_NONBLOCK) < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to set nonblocking flag of file descriptor %d: %s", fd, _dbus_strerror (errno)); _dbus_verbose ("Failed to set fd %d nonblocking: %s\n", fd, _dbus_strerror (errno)); return FALSE; } return TRUE; } /** * On GNU libc systems, print a crude backtrace to stderr. On other * systems, print "no backtrace support" and block for possible gdb * attachment if an appropriate environment variable is set. */ void _dbus_print_backtrace (void) { #if defined (HAVE_BACKTRACE) && defined (DBUS_BUILT_R_DYNAMIC) void *bt[500]; int bt_size; int i; char **syms; bt_size = backtrace (bt, 500); syms = backtrace_symbols (bt, bt_size); i = 0; while (i < bt_size) { /* don't use dbus_warn since it can _dbus_abort() */ fprintf (stderr, " %s\n", syms[i]); ++i; } fflush (stderr); free (syms); #elif defined (HAVE_BACKTRACE) && ! defined (DBUS_BUILT_R_DYNAMIC) fprintf (stderr, " D-Bus not built with -rdynamic so unable to print a backtrace\n"); #else fprintf (stderr, " D-Bus not compiled with backtrace support so unable to print a backtrace\n"); #endif } /** * Creates a full-duplex pipe (as in socketpair()). * Sets both ends of the pipe nonblocking. * * @todo libdbus only uses this for the debug-pipe server, so in * principle it could be in dbus-sysdeps-util.c, except that * dbus-sysdeps-util.c isn't in libdbus when tests are enabled and the * debug-pipe server is used. * * @param fd1 return location for one end * @param fd2 return location for the other end * @param blocking #TRUE if pipe should be blocking * @param error error return * @returns #FALSE on failure (if error is set) */ dbus_bool_t _dbus_full_duplex_pipe (int *fd1, int *fd2, dbus_bool_t blocking, DBusError *error) { #ifdef HAVE_SOCKETPAIR int fds[2]; _DBUS_ASSERT_ERROR_IS_CLEAR (error); if (socketpair (AF_UNIX, SOCK_STREAM, 0, fds) < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), "Could not create full-duplex pipe"); return FALSE; } if (!blocking && (!_dbus_set_fd_nonblocking (fds[0], NULL) || !_dbus_set_fd_nonblocking (fds[1], NULL))) { dbus_set_error (error, _dbus_error_from_errno (errno), "Could not set full-duplex pipe nonblocking"); _dbus_close (fds[0], NULL); _dbus_close (fds[1], NULL); return FALSE; } *fd1 = fds[0]; *fd2 = fds[1]; _dbus_verbose ("full-duplex pipe %d <-> %d\n", *fd1, *fd2); return TRUE; #else _dbus_warn ("_dbus_full_duplex_pipe() not implemented on this OS\n"); dbus_set_error (error, DBUS_ERROR_FAILED, "_dbus_full_duplex_pipe() not implemented on this OS"); return FALSE; #endif } /** * Measure the length of the given format string and arguments, * not including the terminating nul. * * @param format a printf-style format string * @param args arguments for the format string * @returns length of the given format string and args */ int _dbus_printf_string_upper_bound (const char *format, va_list args) { char c; return vsnprintf (&c, 1, format, args); } /** * Gets the temporary files directory by inspecting the environment variables * TMPDIR, TMP, and TEMP in that order. If none of those are set "/tmp" is returned * * @returns location of temp directory */ const char* _dbus_get_tmpdir(void) { static const char* tmpdir = NULL; if (tmpdir == NULL) { /* TMPDIR is what glibc uses, then * glibc falls back to the P_tmpdir macro which * just expands to "/tmp" */ if (tmpdir == NULL) tmpdir = getenv("TMPDIR"); /* These two env variables are probably * broken, but maybe some OS uses them? */ if (tmpdir == NULL) tmpdir = getenv("TMP"); if (tmpdir == NULL) tmpdir = getenv("TEMP"); /* And this is the sane fallback. */ if (tmpdir == NULL) tmpdir = "/tmp"; } _dbus_assert(tmpdir != NULL); return tmpdir; } /** * Determines the address of the session bus by querying a * platform-specific method. * * If successful, returns #TRUE and appends the address to @p * address. If a failure happens, returns #FALSE and * sets an error in @p error. * * @param address a DBusString where the address can be stored * @param error a DBusError to store the error in case of failure * @returns #TRUE on success, #FALSE if an error happened */ dbus_bool_t _dbus_get_autolaunch_address (DBusString *address, DBusError *error) { static char *argv[6]; int address_pipe[2] = { -1, -1 }; int errors_pipe[2] = { -1, -1 }; pid_t pid; int ret; int status; int orig_len; int i; DBusString uuid; dbus_bool_t retval; _DBUS_ASSERT_ERROR_IS_CLEAR (error); retval = FALSE; _dbus_string_init (&uuid); if (!_dbus_get_local_machine_uuid_encoded (&uuid)) { _DBUS_SET_OOM (error); goto out; } i = 0; argv[i] = "dbus-launch"; ++i; argv[i] = "--autolaunch"; ++i; argv[i] = _dbus_string_get_data (&uuid); ++i; argv[i] = "--binary-syntax"; ++i; argv[i] = "--close-stderr"; ++i; argv[i] = NULL; ++i; _dbus_assert (i == _DBUS_N_ELEMENTS (argv)); orig_len = _dbus_string_get_length (address); #define READ_END 0 #define WRITE_END 1 if (pipe (address_pipe) < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to create a pipe: %s", _dbus_strerror (errno)); _dbus_verbose ("Failed to create a pipe to call dbus-launch: %s\n", _dbus_strerror (errno)); goto out; } if (pipe (errors_pipe) < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to create a pipe: %s", _dbus_strerror (errno)); _dbus_verbose ("Failed to create a pipe to call dbus-launch: %s\n", _dbus_strerror (errno)); goto out; } pid = fork (); if (pid < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to fork(): %s", _dbus_strerror (errno)); _dbus_verbose ("Failed to fork() to call dbus-launch: %s\n", _dbus_strerror (errno)); goto out; } if (pid == 0) { /* child process */ int fd = open ("/dev/null", O_RDWR); if (fd == -1) /* huh?! can't open /dev/null? */ _exit (1); _dbus_verbose ("/dev/null fd %d opened\n", fd); /* set-up stdXXX */ close (address_pipe[READ_END]); close (errors_pipe[READ_END]); close (0); /* close stdin */ close (1); /* close stdout */ close (2); /* close stderr */ if (dup2 (fd, 0) == -1) _exit (1); if (dup2 (address_pipe[WRITE_END], 1) == -1) _exit (1); if (dup2 (errors_pipe[WRITE_END], 2) == -1) _exit (1); close (fd); close (address_pipe[WRITE_END]); close (errors_pipe[WRITE_END]); execv (DBUS_BINDIR "/dbus-launch", argv); /* failed, try searching PATH */ execvp ("dbus-launch", argv); /* still nothing, we failed */ _exit (1); } /* parent process */ close (address_pipe[WRITE_END]); close (errors_pipe[WRITE_END]); address_pipe[WRITE_END] = -1; errors_pipe[WRITE_END] = -1; ret = 0; do { ret = _dbus_read (address_pipe[READ_END], address, 1024); } while (ret > 0); /* reap the child process to avoid it lingering as zombie */ do { ret = waitpid (pid, &status, 0); } while (ret == -1 && errno == EINTR); /* We succeeded if the process exited with status 0 and anything was read */ if (!WIFEXITED (status) || WEXITSTATUS (status) != 0 || _dbus_string_get_length (address) == orig_len) { /* The process ended with error */ DBusString error_message; _dbus_string_init (&error_message); ret = 0; do { ret = _dbus_read (errors_pipe[READ_END], &error_message, 1024); } while (ret > 0); _dbus_string_set_length (address, orig_len); if (_dbus_string_get_length (&error_message) > 0) dbus_set_error (error, DBUS_ERROR_SPAWN_EXEC_FAILED, "dbus-launch failed to autolaunch D-Bus session: %s", _dbus_string_get_data (&error_message)); else dbus_set_error (error, DBUS_ERROR_SPAWN_EXEC_FAILED, "Failed to execute dbus-launch to autolaunch D-Bus session"); goto out; } retval = TRUE; out: if (retval) _DBUS_ASSERT_ERROR_IS_CLEAR (error); else _DBUS_ASSERT_ERROR_IS_SET (error); if (address_pipe[0] != -1) close (address_pipe[0]); if (address_pipe[1] != -1) close (address_pipe[1]); if (errors_pipe[0] != -1) close (errors_pipe[0]); if (errors_pipe[1] != -1) close (errors_pipe[1]); _dbus_string_free (&uuid); return retval; } /** * Reads the uuid of the machine we're running on from * the dbus configuration. Optionally try to create it * (only root can do this usually). * * On UNIX, reads a file that gets created by dbus-uuidgen * in a post-install script. On Windows, if there's a standard * machine uuid we could just use that, but I can't find one * with the right properties (the hardware profile guid can change * without rebooting I believe). If there's no standard one * we might want to use the registry instead of a file for * this, and I'm not sure how we'd ensure the uuid gets created. * * @param machine_id guid to init with the machine's uuid * @param create_if_not_found try to create the uuid if it doesn't exist * @param error the error return * @returns #FALSE if the error is set */ dbus_bool_t _dbus_read_local_machine_uuid (DBusGUID *machine_id, dbus_bool_t create_if_not_found, DBusError *error) { DBusString filename; _dbus_string_init_const (&filename, DBUS_MACHINE_UUID_FILE); return _dbus_read_uuid_file (&filename, machine_id, create_if_not_found, error); } #define DBUS_UNIX_STANDARD_SESSION_SERVICEDIR "/dbus-1/services" /** * Returns the standard directories for a session bus to look for service * activation files * * On UNIX this should be the standard xdg freedesktop.org data directories: * * XDG_DATA_HOME=${XDG_DATA_HOME-$HOME/.local/share} * XDG_DATA_DIRS=${XDG_DATA_DIRS-/usr/local/share:/usr/share} * * and * * DBUS_DATADIR * * @param dirs the directory list we are returning * @returns #FALSE on OOM */ dbus_bool_t _dbus_get_standard_session_servicedirs (DBusList **dirs) { const char *xdg_data_home; const char *xdg_data_dirs; DBusString servicedir_path; if (!_dbus_string_init (&servicedir_path)) return FALSE; xdg_data_home = _dbus_getenv ("XDG_DATA_HOME"); xdg_data_dirs = _dbus_getenv ("XDG_DATA_DIRS"); if (xdg_data_dirs != NULL) { if (!_dbus_string_append (&servicedir_path, xdg_data_dirs)) goto oom; if (!_dbus_string_append (&servicedir_path, ":")) goto oom; } else { if (!_dbus_string_append (&servicedir_path, "/usr/local/share:/usr/share:")) goto oom; } /* * add configured datadir to defaults * this may be the same as an xdg dir * however the config parser should take * care of duplicates */ if (!_dbus_string_append (&servicedir_path, DBUS_DATADIR":")) goto oom; if (xdg_data_home != NULL) { if (!_dbus_string_append (&servicedir_path, xdg_data_home)) goto oom; } else { const DBusString *homedir; DBusString local_share; if (!_dbus_homedir_from_current_process (&homedir)) goto oom; if (!_dbus_string_append (&servicedir_path, _dbus_string_get_const_data (homedir))) goto oom; _dbus_string_init_const (&local_share, "/.local/share"); if (!_dbus_concat_dir_and_file (&servicedir_path, &local_share)) goto oom; } if (!_dbus_split_paths_and_append (&servicedir_path, DBUS_UNIX_STANDARD_SESSION_SERVICEDIR, dirs)) goto oom; _dbus_string_free (&servicedir_path); return TRUE; oom: _dbus_string_free (&servicedir_path); return FALSE; } /** * Called when the bus daemon is signaled to reload its configuration; any * caches should be nuked. Of course any caches that need explicit reload * are probably broken, but c'est la vie. * * */ void _dbus_flush_caches (void) { _dbus_user_database_flush_system (); } /** * Appends the directory in which a keyring for the given credentials * should be stored. The credentials should have either a Windows or * UNIX user in them. The directory should be an absolute path. * * On UNIX the directory is ~/.dbus-keyrings while on Windows it should probably * be something else, since the dotfile convention is not normal on Windows. * * @param directory string to append directory to * @param credentials credentials the directory should be for * * @returns #FALSE on no memory */ dbus_bool_t _dbus_append_keyring_directory_for_credentials (DBusString *directory, DBusCredentials *credentials) { DBusString homedir; DBusString dotdir; dbus_uid_t uid; _dbus_assert (credentials != NULL); _dbus_assert (!_dbus_credentials_are_anonymous (credentials)); if (!_dbus_string_init (&homedir)) return FALSE; uid = _dbus_credentials_get_unix_uid (credentials); _dbus_assert (uid != DBUS_UID_UNSET); if (!_dbus_homedir_from_uid (uid, &homedir)) goto failed; #ifdef DBUS_BUILD_TESTS { const char *override; override = _dbus_getenv ("DBUS_TEST_HOMEDIR"); if (override != NULL && *override != '\0') { _dbus_string_set_length (&homedir, 0); if (!_dbus_string_append (&homedir, override)) goto failed; _dbus_verbose ("Using fake homedir for testing: %s\n", _dbus_string_get_const_data (&homedir)); } else { static dbus_bool_t already_warned = FALSE; if (!already_warned) { _dbus_warn ("Using your real home directory for testing, set DBUS_TEST_HOMEDIR to avoid\n"); already_warned = TRUE; } } } #endif _dbus_string_init_const (&dotdir, ".dbus-keyrings"); if (!_dbus_concat_dir_and_file (&homedir, &dotdir)) goto failed; if (!_dbus_string_copy (&homedir, 0, directory, _dbus_string_get_length (directory))) { goto failed; } _dbus_string_free (&homedir); return TRUE; failed: _dbus_string_free (&homedir); return FALSE; } /* tests in dbus-sysdeps-util.c */