If the caller asks for a unique name, but the input name is already
unique we can shortcut things and just use that, as long as we make at
least one bus call to validate it.
These lines are generally out-of-date, incomplete and unnecessary. With
SPDX and git repository much more accurate and fine grained information
about licensing and authorship is available, hence let's drop the
per-file copyright notice. Of course, removing copyright lines of others
is problematic, hence this commit only removes my own lines and leaves
all others untouched. It might be nicer if sooner or later those could
go away too, making git the only and accurate source of authorship
information.
This part of the copyright blurb stems from the GPL use recommendations:
https://www.gnu.org/licenses/gpl-howto.en.html
The concept appears to originate in times where version control was per
file, instead of per tree, and was a way to glue the files together.
Ultimately, we nowadays don't live in that world anymore, and this
information is entirely useless anyway, as people are very welcome to
copy these files into any projects they like, and they shouldn't have to
change bits that are part of our copyright header for that.
hence, let's just get rid of this old cruft, and shorten our codebase a
bit.
Files which are installed as-is (any .service and other unit files, .conf
files, .policy files, etc), are left as is. My assumption is that SPDX
identifiers are not yet that well known, so it's better to retain the
extended header to avoid any doubt.
I also kept any copyright lines. We can probably remove them, but it'd nice to
obtain explicit acks from all involved authors before doing that.
Currently, sd-bus supports the ability to have thread-local default busses.
However, this is less useful than it can be since all functions which
require an sd_bus* as input require the caller to pass it. This patch adds
a new macro which allows the developer to pass a constant SD_BUS_DEFAULT,
SD_BUS_DEFAULT_USER or SD_BUS_DEFAULT_SYSTEM instead. This reduces work for
the caller.
For example:
r = sd_bus_default(&bus);
r = sd_bus_call_method(bus, ...);
sd_bus_unref(bus);
Becomes:
r = sd_bus_call_method(SD_BUS_DEFAULT, ...);
If the specified thread-local default bus does not exist, the function
calls will return -ENOPKG. No bus will ever be implicitly created.
log.h really should only include the bare minimum of other headers, as
it is really pulled into pretty much everything else and already in
itself one of the most basic pieces of code we have.
Let's hence drop inclusion of:
1. sd-id128.h because it's entirely unneeded in current log.h
2. errno.h, dito.
3. sys/signalfd.h which we can replace by a simple struct forward
declaration
4. process-util.h which was needed for getpid_cached() which we now hide
in a funciton log_emergency_level() instead, which nicely abstracts
the details away.
5. sys/socket.h which was needed for struct iovec, but a simple struct
forward declaration suffices for that too.
Ultimately this actually makes our source tree larger (since users of
the functionality above must now include it themselves, log.h won't do
that for them), but I think it helps to untangle our web of includes a
tiny bit.
(Background: I'd like to isolate the generic bits of src/basic/ enough
so that we can do a git submodule import into casync for it)
We usually enqueue a number of these calls on each service
initialization. Let's do this asynchronously, and thus remove
synchronization points. This improves both performance behaviour and
reduces the chances to deadlock.
We currently wait for the RemoveMatch() reply, but then ignore what it
actually says. Let's optimize this a bit, and not even ask for an answer
back: just enqueue the RemoveMatch() operation, and do not request not
wait for any answer.
They do the same thing as their synchronous counterparts, but only
enqueue the operation, thus removing synchronization points during
service initialization.
If the callback function is passed as NULL we'll fallback to generic
implementations of the reply handlers, that terminate the connection if
the requested name cannot be acquired, under the assumption that not
being able to acquire the name is a technical problem.
When kdbus was still around we always had two implementations of the
various control calls: one for dbus1 and one for kdbus. Let'sget rid of
this, simplify things, and just merge the wrappers that used to
multiplex this with the implementations.
No change in behaviour, just some merging of functions
Also, drop UID/GID validity checks from getpeercred() as the kernel will
never pass us invalid UID/GID on userns, but the overflow UID/GID
instead. Add a comment about this.
The advantage is that is the name is mispellt, cpp will warn us.
$ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/"
$ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;'
$ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g'
$ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g'
+ manual changes to meson.build
squash! build-sys: use #if Y instead of #ifdef Y everywhere
v2:
- fix incorrect setting of HAVE_LIBIDN2
THe match cookie was used by kdbus to identify matches we install
uniquely. But given that kdbus is gone, the cookie serves no process
anymore, let's kill it.
Some kdbus_flag and memfd related parts are left behind, because they
are entangled with the "legacy" dbus support.
test-bus-benchmark is switched to "manual". It was already broken before
(in the non-kdbus mode) but apparently nobody noticed. Hopefully it can
be fixed later.
Newer D-Bus versions implement the GetConnectionCredentials() driver
call to get all connection creds in one go. Make use of that to reduce
the number of bus calls we do.
When only a single credential field is queried we will still use the old
calls, which we'll also use if the new call isn't implemented.
The bus driver service is always implemented by the owner of the bus,
hence let's shortcut the credential operation and use our cached data.
This makes sure things simply work, given that dbus itself doesn't
support GetConnectionSELinuxSecurityContext() on the bus driver name
itself.
Fixes: #6120
The code is mostly correct, but gcc is trying to outsmart us, and emits a
warning for a "llu vs lu" mismatch, even though they are the same size (on alpha):
src/libsystemd/sd-bus/bus-control.c: In function ‘kernel_get_list’:
src/libsystemd/sd-bus/bus-control.c:267:42: error: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘__u64 {aka long unsigned int}’ [-Werror=format=]
if (asprintf(&n, ":1.%llu", name->id) < 0) {
^
src/libsystemd/sd-bus/bus-control.c: In function ‘bus_get_name_creds_kdbus’:
src/libsystemd/sd-bus/bus-control.c:714:47: error: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘__u64 {aka long unsigned int}’ [-Werror=format=]
if (asprintf(&c->unique_name, ":1.%llu", conn_info->id) < 0) {
^
This is hard to work around properly, because kdbus.h uses __u64 which is
defined-differently-despite-being-the-same-size then uint64_t. Thus the simple
solution of using %PRIu64 fails on amd64:
src/libsystemd/sd-bus/bus-control.c:714:47: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘__u64 {aka long long unsigned int}’ [-Werror=format=]
if (asprintf(&c->unique_name, ":1.%"PRIu64, conn_info->id) < 0) {
^~~~~~
Let's just avoid the whole issue for now by silencing the warning.
After the next release, we should just get rid of the kdbus code.
Fixes#5561.
If the SD_BUS_CREDS_SUPPLEMENTARY_GIDS value is requested, the pid is
queried to find out the supplementary gids value from /proc/pid/status.
Otherwise sd_bus_creds_get_supplementary_gids() won't work unless some
other value in mask triggered fetching the pid information.
ISO/IEC 9899:1999 §7.21.1/2 says:
Where an argument declared as size_t n specifies the length of the array
for a function, n can have the value zero on a call to that
function. Unless explicitly stated otherwise in the description of a
particular function in this subclause, pointer arguments on such a call
shall still have valid values, as described in 7.1.4.
In base64_append_width memcpy was called as memcpy(x, NULL, 0). GCC 4.9
started making use of this and assumes This worked fine under -O0, but
does something strange under -O3.
This patch fixes a bug in base64_append_width(), fixes a possible bug in
journal_file_append_entry_internal(), and makes use of the new function
to simplify the code in other places.
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
The files are named too generically, so that they might conflict with
the upstream project headers. Hence, let's add a "-util" suffix, to
clarify that this are just our utility headers and not any official
upstream headers.
There are more than enough calls doing string manipulations to deserve
its own files, hence do something about it.
This patch also sorts the #include blocks of all files that needed to be
updated, according to the sorting suggestions from CODING_STYLE. Since
pretty much every file needs our string manipulation functions this
effectively means that most files have sorted #include blocks now.
Also touches a few unrelated include files.
This reverts commit d4d00020d6. The idea of
the commit is broken and needs to be reworked. We really cannot reduce
the bus-addresses to a single address. We always will have systemd with
native clients and legacy clients at the same time, so we also need both
addresses at the same time.
We use dashes in our bloom-tags. Make sure the newly introduced arg0has
tag uses the same style.
Note that the external dbus-tags don't use dashes, though. They are
defined in the spec and we need to keep compatibility there.
Previously, sd-bus inofficially already supported bus matches that
tested a string against an array of strings ("as"). This was done via an
enhanced way to interpret "arg0=" matches. This is problematic however,
since clients have no way to determine if their respective
implementation understood strv matches or not, thus allowing invalid
matches to be installed without a way to detect that.
This patch changes the logic to only allow such matches with a new
"arg0has=" syntax. This has the benefit that non-conforming
implementations will return a parse error and a client application may
thus efficiently detect support for the match type.
Matches of this type are useful for "udev"-like systems that "tag" objects
with a number of strings, and clients need to be able to match against
any of these "tags".
The name "has" takes inspiration from Python's ".has_key()" construct.
If a connection passed KDBUS_HELLO_ACTIVATOR, it cannot do I/O on the
bus. Hence, we should not treat it as proper peer. To actually query it,
you have to explicitly ask for activators.
This makes kdbus in-line with what dbus-daemon does.
We should not fall back to dbus-1 and connect to the proxy when kdbus
returns an error that indicates that kdbus is running but just does not
accept new connections because of quota limits or something similar.
Using is_kdbus_available() in libsystemd/ requires it to move from
shared/ to libsystemd/.
Based on a patch from David Herrmann:
https://github.com/systemd/systemd/pull/886
We *must not* assume that an entry returned by KDBUS_CMD_LIST only
carries a single KDBUS_ITEM_OWNED_NAME. Similarly, we already parse
multiple such items for message-metadata, so make sure we support the
same on KDBUS_CMD_LIST.
By relying on the kernel to return all names separately, we limit the
kernel API significantly. Stop this and let the kernel decide how to
return its data.
If the caller does not specify arg1 for NameOwnerChanged matches, we
really must take the ID from arg2 or arg3, if provided. They are
guaranteed to be identical to arg1 if either is supplied, but there is no
strict requiredment that arg1 is supplied. Hence, make sure to always
take the more restrictive match. Otherwise, we install rather wide
matches without anyone requiring them.
Ben Boeckel