picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

sd-bus: get rid of kdbus flags cruft 

We only need three bits from the old kdbus flags cruft, hence let's make
them proper booleans.
This commit is contained in:
Lennart Poettering 2017-12-18 14:21:34 +01:00
parent 56d820b6a4
commit c7db1984d0
7 changed files with 25 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libsystemd/sd-bus/bus-control.c
View File

@ -631,7 +631,7 @@ _public_ int sd_bus_get_owner_creds(sd_bus *bus, uint64_t mask, sd_bus_creds **r
}
#define internal_match(bus, m) \
((bus)->hello_flags & KDBUS_HELLO_MONITOR \
((bus)->is_monitor \
? (isempty(m) ? "eavesdrop='true'" : strjoina((m), ",eavesdrop='true'")) \
: (m))

68
src/libsystemd/sd-bus/bus-internal.h
View File

@ -213,6 +213,9 @@ struct sd_bus {
bool exit_triggered:1;
bool is_local:1;
bool watch_bind:1;
bool is_monitor:1;
bool accept_fd:1;
bool attach_timestamp:1;
int use_memfd;
@ -289,9 +292,6 @@ struct sd_bus {
pid_t original_pid;
uint64_t hello_flags;
uint64_t attach_flags;
sd_event_source *input_io_event_source;
sd_event_source *output_io_event_source;
sd_event_source *time_event_source;
@ -407,65 +407,3 @@ int bus_maybe_reply_error(sd_bus_message *m, int r, sd_bus_error *error);
if (!assert_log(expr, #expr)) \
return sd_bus_error_set_errno(error, r); \
} while (false)
/**
* enum kdbus_attach_flags - flags for metadata attachments
* @KDBUS_ATTACH_TIMESTAMP: Timestamp
* @KDBUS_ATTACH_CREDS: Credentials
* @KDBUS_ATTACH_PIDS: PIDs
* @KDBUS_ATTACH_AUXGROUPS: Auxiliary groups
* @KDBUS_ATTACH_NAMES: Well-known names
* @KDBUS_ATTACH_TID_COMM: The "comm" process identifier of the TID
* @KDBUS_ATTACH_PID_COMM: The "comm" process identifier of the PID
* @KDBUS_ATTACH_EXE: The path of the executable
* @KDBUS_ATTACH_CMDLINE: The process command line
* @KDBUS_ATTACH_CGROUP: The croup membership
* @KDBUS_ATTACH_CAPS: The process capabilities
* @KDBUS_ATTACH_SECLABEL: The security label
* @KDBUS_ATTACH_AUDIT: The audit IDs
* @KDBUS_ATTACH_CONN_DESCRIPTION: The human-readable connection name
* @_KDBUS_ATTACH_ALL: All of the above
* @_KDBUS_ATTACH_ANY: Wildcard match to enable any kind of
* metatdata.
*/
enum kdbus_attach_flags {
KDBUS_ATTACH_TIMESTAMP = 1ULL << 0,
KDBUS_ATTACH_CREDS = 1ULL << 1,
KDBUS_ATTACH_PIDS = 1ULL << 2,
KDBUS_ATTACH_AUXGROUPS = 1ULL << 3,
KDBUS_ATTACH_NAMES = 1ULL << 4,
KDBUS_ATTACH_TID_COMM = 1ULL << 5,
KDBUS_ATTACH_PID_COMM = 1ULL << 6,
KDBUS_ATTACH_EXE = 1ULL << 7,
KDBUS_ATTACH_CMDLINE = 1ULL << 8,
KDBUS_ATTACH_CGROUP = 1ULL << 9,
KDBUS_ATTACH_CAPS = 1ULL << 10,
KDBUS_ATTACH_SECLABEL = 1ULL << 11,
KDBUS_ATTACH_AUDIT = 1ULL << 12,
KDBUS_ATTACH_CONN_DESCRIPTION = 1ULL << 13,
_KDBUS_ATTACH_ALL = (1ULL << 14) - 1,
_KDBUS_ATTACH_ANY = ~0ULL
};
/**
* enum kdbus_hello_flags - flags for struct kdbus_cmd_hello
* @KDBUS_HELLO_ACCEPT_FD: The connection allows the reception of
* any passed file descriptors
* @KDBUS_HELLO_ACTIVATOR: Special-purpose connection which registers
* a well-know name for a process to be started
* when traffic arrives
* @KDBUS_HELLO_POLICY_HOLDER: Special-purpose connection which registers
* policy entries for a name. The provided name
* is not activated and not registered with the
* name database, it only allows unprivileged
* connections to acquire a name, talk or discover
* a service
* @KDBUS_HELLO_MONITOR: Special-purpose connection to monitor
* bus traffic
*/
enum kdbus_hello_flags {
KDBUS_HELLO_ACCEPT_FD = 1ULL << 0,
KDBUS_HELLO_ACTIVATOR = 1ULL << 1,
KDBUS_HELLO_POLICY_HOLDER = 1ULL << 2,
KDBUS_HELLO_MONITOR = 1ULL << 3,
};

46
src/libsystemd/sd-bus/bus-kernel.c
View File

@ -66,49 +66,3 @@ void bus_flush_memfd(sd_bus *b) {
for (i = 0; i < b->n_memfd_cache; i++)
close_and_munmap(b->memfd_cache[i].fd, b->memfd_cache[i].address, b->memfd_cache[i].mapped);
}
uint64_t attach_flags_to_kdbus(uint64_t mask) {
uint64_t m = 0;
if (mask & (SD_BUS_CREDS_UID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_SUID|SD_BUS_CREDS_FSUID|
SD_BUS_CREDS_GID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SGID|SD_BUS_CREDS_FSGID))
m |= KDBUS_ATTACH_CREDS;
if (mask & (SD_BUS_CREDS_PID|SD_BUS_CREDS_TID|SD_BUS_CREDS_PPID))
m |= KDBUS_ATTACH_PIDS;
if (mask & SD_BUS_CREDS_COMM)
m |= KDBUS_ATTACH_PID_COMM;
if (mask & SD_BUS_CREDS_TID_COMM)
m |= KDBUS_ATTACH_TID_COMM;
if (mask & SD_BUS_CREDS_EXE)
m |= KDBUS_ATTACH_EXE;
if (mask & SD_BUS_CREDS_CMDLINE)
m |= KDBUS_ATTACH_CMDLINE;
if (mask & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID))
m |= KDBUS_ATTACH_CGROUP;
if (mask & (SD_BUS_CREDS_EFFECTIVE_CAPS|SD_BUS_CREDS_PERMITTED_CAPS|SD_BUS_CREDS_INHERITABLE_CAPS|SD_BUS_CREDS_BOUNDING_CAPS))
m |= KDBUS_ATTACH_CAPS;
if (mask & SD_BUS_CREDS_SELINUX_CONTEXT)
m |= KDBUS_ATTACH_SECLABEL;
if (mask & (SD_BUS_CREDS_AUDIT_SESSION_ID|SD_BUS_CREDS_AUDIT_LOGIN_UID))
m |= KDBUS_ATTACH_AUDIT;
if (mask & SD_BUS_CREDS_WELL_KNOWN_NAMES)
m |= KDBUS_ATTACH_NAMES;
if (mask & SD_BUS_CREDS_DESCRIPTION)
m |= KDBUS_ATTACH_CONN_DESCRIPTION;
if (mask & SD_BUS_CREDS_SUPPLEMENTARY_GIDS)
m |= KDBUS_ATTACH_AUXGROUPS;
return m;
}

2
src/libsystemd/sd-bus/bus-kernel.h
View File

@ -41,5 +41,3 @@ struct memfd_cache {
void close_and_munmap(int fd, void *address, size_t size);
void bus_flush_memfd(sd_bus *bus);
uint64_t attach_flags_to_kdbus(uint64_t sd_bus_flags);

2
src/libsystemd/sd-bus/bus-objects.c
View File

@ -1369,7 +1369,7 @@ int bus_process_object(sd_bus *bus, sd_bus_message *m) {
assert(bus);
assert(m);
if (bus->hello_flags & KDBUS_HELLO_MONITOR)
if (bus->is_monitor)
return 0;
if (m->header->type != SD_BUS_MESSAGE_METHOD_CALL)

10
src/libsystemd/sd-bus/bus-socket.c
View File

@ -191,7 +191,7 @@ static int bus_socket_auth_verify_client(sd_bus *b) {
if (!e)
return 0;
if (b->hello_flags & KDBUS_HELLO_ACCEPT_FD) {
if (b->accept_fd) {
f = memmem(e + 2, b->rbuffer_size - (e - (char*) b->rbuffer) - 2, "\r\n", 2);
if (!f)
return 0;
@ -478,7 +478,7 @@ static int bus_socket_auth_verify_server(sd_bus *b) {
r = bus_socket_auth_write_ok(b);
}
} else if (line_equals(line, l, "NEGOTIATE_UNIX_FD")) {
if (b->auth == _BUS_AUTH_INVALID || !(b->hello_flags & KDBUS_HELLO_ACCEPT_FD))
if (b->auth == _BUS_AUTH_INVALID || !b->accept_fd)
r = bus_socket_auth_write(b, "ERROR\r\n");
else {
b->can_fds = true;
@ -655,7 +655,7 @@ static int bus_socket_start_auth_client(sd_bus *b) {
if (!b->auth_buffer)
return -ENOMEM;
if (b->hello_flags & KDBUS_HELLO_ACCEPT_FD)
if (b->accept_fd)
auth_suffix = "\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n";
else
auth_suffix = "\r\nBEGIN\r\n";
@ -679,11 +679,11 @@ int bus_socket_start_auth(sd_bus *b) {
b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_AUTH_TIMEOUT;
if (sd_is_socket(b->input_fd, AF_UNIX, 0, 0) <= 0)
b->hello_flags &= ~KDBUS_HELLO_ACCEPT_FD;
b->accept_fd = false;
if (b->output_fd != b->input_fd)
if (sd_is_socket(b->output_fd, AF_UNIX, 0, 0) <= 0)
b->hello_flags &= ~KDBUS_HELLO_ACCEPT_FD;
b->accept_fd = false;
if (b->is_server)
return bus_socket_read_auth(b);

47
src/libsystemd/sd-bus/sd-bus.c
View File

@ -196,8 +196,7 @@ _public_ int sd_bus_new(sd_bus **ret) {
r->inotify_fd = -1;
r->message_version = 1;
r->creds_mask |= SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME;
r->hello_flags |= KDBUS_HELLO_ACCEPT_FD;
r->attach_flags |= KDBUS_ATTACH_NAMES;
r->accept_fd = true;
r->original_pid = getpid_cached();
r->n_groups = (size_t) -1;
@ -286,7 +285,7 @@ _public_ int sd_bus_set_monitor(sd_bus *bus, int b) {
assert_return(bus->state == BUS_UNSET, -EPERM);
assert_return(!bus_pid_changed(bus), -ECHILD);
SET_FLAG(bus->hello_flags, KDBUS_HELLO_MONITOR, b);
bus->is_monitor = b;
return 0;
}
@ -295,30 +294,23 @@ _public_ int sd_bus_negotiate_fds(sd_bus *bus, int b) {
assert_return(bus->state == BUS_UNSET, -EPERM);
assert_return(!bus_pid_changed(bus), -ECHILD);
SET_FLAG(bus->hello_flags, KDBUS_HELLO_ACCEPT_FD, b);
bus->accept_fd = b;
return 0;
}
_public_ int sd_bus_negotiate_timestamp(sd_bus *bus, int b) {
uint64_t new_flags;
assert_return(bus, -EINVAL);
assert_return(!IN_SET(bus->state, BUS_CLOSING, BUS_CLOSED), -EPERM);
assert_return(!bus_pid_changed(bus), -ECHILD);
new_flags = bus->attach_flags;
SET_FLAG(new_flags, KDBUS_ATTACH_TIMESTAMP, b);
if (bus->attach_flags == new_flags)
return 0;
bus->attach_flags = new_flags;
/* This is not actually supported by any of our transports these days, but we do honour it for synthetic
* replies, and maybe one day classic D-Bus learns this too */
bus->attach_timestamp = b;
return 0;
}
_public_ int sd_bus_negotiate_creds(sd_bus *bus, int b, uint64_t mask) {
uint64_t new_flags;
assert_return(bus, -EINVAL);
assert_return(mask <= _SD_BUS_CREDS_ALL, -EINVAL);
assert_return(!IN_SET(bus->state, BUS_CLOSING, BUS_CLOSED), -EPERM);
@ -329,13 +321,6 @@ _public_ int sd_bus_negotiate_creds(sd_bus *bus, int b, uint64_t mask) {
/* The well knowns we need unconditionally, so that matches can work */
bus->creds_mask |= SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME;
/* Make sure we don't lose the timestamp flag */
new_flags = (bus->attach_flags & KDBUS_ATTACH_TIMESTAMP) | attach_flags_to_kdbus(bus->creds_mask);
if (bus->attach_flags == new_flags)
return 0;
bus->attach_flags = new_flags;
return 0;
}
@ -1094,7 +1079,6 @@ _public_ int sd_bus_open(sd_bus **ret) {
* be safe, and authenticate everything */
b->trusted = false;
b->is_local = false;
b->attach_flags |= KDBUS_ATTACH_CAPS | KDBUS_ATTACH_CREDS;
b->creds_mask |= SD_BUS_CREDS_UID | SD_BUS_CREDS_EUID | SD_BUS_CREDS_EFFECTIVE_CAPS;
r = sd_bus_start(b);
@ -1140,7 +1124,6 @@ _public_ int sd_bus_open_system(sd_bus **ret) {
/* Let's do per-method access control on the system bus. We
* need the caller's UID and capability set for that. */
b->trusted = false;
b->attach_flags |= KDBUS_ATTACH_CAPS | KDBUS_ATTACH_CREDS;
b->creds_mask |= SD_BUS_CREDS_UID | SD_BUS_CREDS_EUID | SD_BUS_CREDS_EFFECTIVE_CAPS;
b->is_local = true;
@ -1419,11 +1402,11 @@ _public_ int sd_bus_can_send(sd_bus *bus, char type) {
assert_return(bus->state != BUS_UNSET, -ENOTCONN);
assert_return(!bus_pid_changed(bus), -ECHILD);
if (bus->hello_flags & KDBUS_HELLO_MONITOR)
if (bus->is_monitor)
return 0;
if (type == SD_BUS_TYPE_UNIX_FD) {
if (!(bus->hello_flags & KDBUS_HELLO_ACCEPT_FD))
if (!bus->accept_fd)
return 0;
r = bus_ensure_running(bus);
@ -1491,7 +1474,7 @@ int bus_seal_synthetic_message(sd_bus *b, sd_bus_message *m) {
/* Fake some timestamps, if they were requested, and not
* already initialized */
if (b->attach_flags & KDBUS_ATTACH_TIMESTAMP) {
if (b->attach_timestamp) {
if (m->realtime <= 0)
m->realtime = now(CLOCK_REALTIME);
@ -1936,7 +1919,7 @@ _public_ int sd_bus_call(
if (incoming->header->type == SD_BUS_MESSAGE_METHOD_RETURN) {
if (incoming->n_fds <= 0 || (bus->hello_flags & KDBUS_HELLO_ACCEPT_FD)) {
if (incoming->n_fds <= 0 || bus->accept_fd) {
if (reply)
*reply = incoming;
else
@ -2262,7 +2245,7 @@ static int process_reply(sd_bus *bus, sd_bus_message *m) {
slot = container_of(c, sd_bus_slot, reply_callback);
if (m->n_fds > 0 && !(bus->hello_flags & KDBUS_HELLO_ACCEPT_FD)) {
if (m->n_fds > 0 && !bus->accept_fd) {
/* If the reply contained a file descriptor which we
* didn't want we pass an error instead. */
@ -2394,7 +2377,7 @@ static int process_builtin(sd_bus *bus, sd_bus_message *m) {
assert(bus);
assert(m);
if (bus->hello_flags & KDBUS_HELLO_MONITOR)
if (bus->is_monitor)
return 0;
if (bus->manual_peer_interface)
@ -2452,13 +2435,13 @@ static int process_fd_check(sd_bus *bus, sd_bus_message *m) {
* delivered to us later even though we ourselves did not
* negotiate it. */
if (bus->hello_flags & KDBUS_HELLO_MONITOR)
if (bus->is_monitor)
return 0;
if (m->n_fds <= 0)
return 0;
if (bus->hello_flags & KDBUS_HELLO_ACCEPT_FD)
if (bus->accept_fd)
return 0;
if (m->header->type != SD_BUS_MESSAGE_METHOD_CALL)
@ -3769,7 +3752,7 @@ _public_ int sd_bus_is_monitor(sd_bus *bus) {
assert_return(bus, -EINVAL);
assert_return(!bus_pid_changed(bus), -ECHILD);
return !!(bus->hello_flags & KDBUS_HELLO_MONITOR);
return bus->is_monitor;
}
static void flush_close(sd_bus *bus) {