329 lines
9.2 KiB
C
329 lines
9.2 KiB
C
/***
|
|
This file is part of systemd.
|
|
|
|
Copyright 2010 Lennart Poettering
|
|
Copyright 2013 Daniel Mack
|
|
Copyright 2014 Kay Sievers
|
|
Copyright 2015 David Herrmann
|
|
|
|
systemd is free software; you can redistribute it and/or modify it
|
|
under the terms of the GNU Lesser General Public License as published by
|
|
the Free Software Foundation; either version 2.1 of the License, or
|
|
(at your option) any later version.
|
|
|
|
systemd is distributed in the hope that it will be useful, but
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Lesser General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Lesser General Public License
|
|
along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
|
***/
|
|
|
|
#include <errno.h>
|
|
#include <getopt.h>
|
|
#include <pthread.h>
|
|
#include <stddef.h>
|
|
#include <string.h>
|
|
#include <sys/prctl.h>
|
|
#include <sys/socket.h>
|
|
#include <unistd.h>
|
|
|
|
#include "sd-daemon.h"
|
|
|
|
#include "alloc-util.h"
|
|
#include "bus-internal.h"
|
|
#include "bus-xml-policy.h"
|
|
#include "capability-util.h"
|
|
#include "def.h"
|
|
#include "fd-util.h"
|
|
#include "formats-util.h"
|
|
#include "log.h"
|
|
#include "proxy.h"
|
|
#include "string-util.h"
|
|
#include "strv.h"
|
|
#include "user-util.h"
|
|
#include "util.h"
|
|
|
|
static char *arg_address = NULL;
|
|
static char **arg_configuration = NULL;
|
|
|
|
typedef struct {
|
|
int fd;
|
|
SharedPolicy *policy;
|
|
uid_t bus_uid;
|
|
} ClientContext;
|
|
|
|
static ClientContext *client_context_free(ClientContext *c) {
|
|
if (!c)
|
|
return NULL;
|
|
|
|
safe_close(c->fd);
|
|
free(c);
|
|
|
|
return NULL;
|
|
}
|
|
|
|
DEFINE_TRIVIAL_CLEANUP_FUNC(ClientContext*, client_context_free);
|
|
|
|
static int client_context_new(ClientContext **out) {
|
|
_cleanup_(client_context_freep) ClientContext *c = NULL;
|
|
|
|
c = new0(ClientContext, 1);
|
|
if (!c)
|
|
return -ENOMEM;
|
|
|
|
c->fd = -1;
|
|
|
|
*out = c;
|
|
c = NULL;
|
|
return 0;
|
|
}
|
|
|
|
static void *run_client(void *userdata) {
|
|
_cleanup_(client_context_freep) ClientContext *c = userdata;
|
|
_cleanup_(proxy_freep) Proxy *p = NULL;
|
|
char comm[16];
|
|
int r;
|
|
|
|
r = proxy_new(&p, c->fd, c->fd, arg_address);
|
|
c->fd = -1;
|
|
|
|
if (r < 0)
|
|
goto exit;
|
|
|
|
/* set comm to "p$PIDu$UID" and suffix with '*' if truncated */
|
|
r = snprintf(comm, sizeof(comm), "p" PID_FMT "u" UID_FMT, p->local_creds.pid, p->local_creds.uid);
|
|
if (r >= (ssize_t)sizeof(comm))
|
|
comm[sizeof(comm) - 2] = '*';
|
|
(void) prctl(PR_SET_NAME, comm);
|
|
|
|
r = proxy_set_policy(p, c->policy, arg_configuration);
|
|
if (r < 0)
|
|
goto exit;
|
|
|
|
r = proxy_hello_policy(p, c->bus_uid);
|
|
if (r < 0)
|
|
goto exit;
|
|
|
|
r = proxy_run(p);
|
|
|
|
exit:
|
|
return NULL;
|
|
}
|
|
|
|
static int loop_clients(int accept_fd, uid_t bus_uid) {
|
|
_cleanup_(shared_policy_freep) SharedPolicy *sp = NULL;
|
|
pthread_attr_t attr;
|
|
int r;
|
|
|
|
r = pthread_attr_init(&attr);
|
|
if (r != 0)
|
|
return log_error_errno(r, "Cannot initialize pthread attributes: %m");
|
|
|
|
r = pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
|
|
if (r != 0) {
|
|
r = log_error_errno(r, "Cannot mark pthread attributes as detached: %m");
|
|
goto finish;
|
|
}
|
|
|
|
r = shared_policy_new(&sp);
|
|
if (r < 0)
|
|
goto finish;
|
|
|
|
for (;;) {
|
|
ClientContext *c;
|
|
pthread_t tid;
|
|
int fd;
|
|
|
|
fd = accept4(accept_fd, NULL, NULL, SOCK_NONBLOCK | SOCK_CLOEXEC);
|
|
if (fd < 0) {
|
|
if (errno == EAGAIN || errno == EINTR)
|
|
continue;
|
|
|
|
r = log_error_errno(errno, "accept4() failed: %m");
|
|
goto finish;
|
|
}
|
|
|
|
r = client_context_new(&c);
|
|
if (r < 0) {
|
|
log_oom();
|
|
close(fd);
|
|
continue;
|
|
}
|
|
|
|
c->fd = fd;
|
|
c->policy = sp;
|
|
c->bus_uid = bus_uid;
|
|
|
|
r = pthread_create(&tid, &attr, run_client, c);
|
|
if (r != 0) {
|
|
log_warning_errno(r, "Cannot spawn thread, ignoring: %m");
|
|
client_context_free(c);
|
|
continue;
|
|
}
|
|
}
|
|
|
|
finish:
|
|
pthread_attr_destroy(&attr);
|
|
return r;
|
|
}
|
|
|
|
static int help(void) {
|
|
|
|
printf("%s [OPTIONS...]\n\n"
|
|
"DBus proxy server.\n\n"
|
|
" -h --help Show this help\n"
|
|
" --version Show package version\n"
|
|
" --configuration=PATH Configuration file or directory\n"
|
|
" --machine=MACHINE Connect to specified machine\n"
|
|
" --address=ADDRESS Connect to the bus specified by ADDRESS\n"
|
|
" (default: " DEFAULT_SYSTEM_BUS_ADDRESS ")\n",
|
|
program_invocation_short_name);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int parse_argv(int argc, char *argv[]) {
|
|
|
|
enum {
|
|
ARG_VERSION = 0x100,
|
|
ARG_ADDRESS,
|
|
ARG_CONFIGURATION,
|
|
ARG_MACHINE,
|
|
};
|
|
|
|
static const struct option options[] = {
|
|
{ "help", no_argument, NULL, 'h' },
|
|
{ "version", no_argument, NULL, ARG_VERSION },
|
|
{ "address", required_argument, NULL, ARG_ADDRESS },
|
|
{ "configuration", required_argument, NULL, ARG_CONFIGURATION },
|
|
{ "machine", required_argument, NULL, ARG_MACHINE },
|
|
{},
|
|
};
|
|
|
|
int c, r;
|
|
|
|
assert(argc >= 0);
|
|
assert(argv);
|
|
|
|
while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
|
|
|
|
switch (c) {
|
|
|
|
case 'h':
|
|
help();
|
|
return 0;
|
|
|
|
case ARG_VERSION:
|
|
return version();
|
|
|
|
case ARG_ADDRESS:
|
|
r = free_and_strdup(&arg_address, optarg);
|
|
if (r < 0)
|
|
return log_oom();
|
|
break;
|
|
|
|
case ARG_CONFIGURATION:
|
|
r = strv_extend(&arg_configuration, optarg);
|
|
if (r < 0)
|
|
return log_oom();
|
|
break;
|
|
|
|
case ARG_MACHINE: {
|
|
_cleanup_free_ char *e = NULL;
|
|
char *a;
|
|
|
|
e = bus_address_escape(optarg);
|
|
if (!e)
|
|
return log_oom();
|
|
|
|
a = strjoin("x-machine-kernel:machine=", e, ";x-machine-unix:machine=", e, NULL);
|
|
if (!a)
|
|
return log_oom();
|
|
|
|
free(arg_address);
|
|
arg_address = a;
|
|
|
|
break;
|
|
}
|
|
|
|
case '?':
|
|
return -EINVAL;
|
|
|
|
default:
|
|
assert_not_reached("Unhandled option");
|
|
}
|
|
|
|
if (argc > optind) {
|
|
log_error("Too many arguments");
|
|
return -EINVAL;
|
|
}
|
|
|
|
if (!arg_address) {
|
|
arg_address = strdup(DEFAULT_SYSTEM_BUS_ADDRESS);
|
|
if (!arg_address)
|
|
return log_oom();
|
|
}
|
|
|
|
return 1;
|
|
}
|
|
|
|
int main(int argc, char *argv[]) {
|
|
int r, accept_fd;
|
|
uid_t uid, bus_uid;
|
|
gid_t gid;
|
|
|
|
log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
|
|
log_parse_environment();
|
|
log_open();
|
|
|
|
bus_uid = getuid();
|
|
|
|
if (geteuid() == 0) {
|
|
const char *user = "systemd-bus-proxy";
|
|
|
|
r = get_user_creds(&user, &uid, &gid, NULL, NULL);
|
|
if (r < 0) {
|
|
log_error_errno(r, "Cannot resolve user name %s: %m", user);
|
|
goto finish;
|
|
}
|
|
|
|
r = drop_privileges(uid, gid, 1ULL << CAP_IPC_OWNER);
|
|
if (r < 0) {
|
|
log_error_errno(r, "Cannot drop privileges: %m");
|
|
goto finish;
|
|
}
|
|
}
|
|
|
|
r = parse_argv(argc, argv);
|
|
if (r <= 0)
|
|
goto finish;
|
|
|
|
r = sd_listen_fds(0);
|
|
if (r != 1) {
|
|
log_error("Illegal number of file descriptors passed");
|
|
goto finish;
|
|
}
|
|
|
|
accept_fd = SD_LISTEN_FDS_START;
|
|
|
|
r = fd_nonblock(accept_fd, false);
|
|
if (r < 0) {
|
|
log_error_errno(r, "Cannot mark accept-fd non-blocking: %m");
|
|
goto finish;
|
|
}
|
|
|
|
r = loop_clients(accept_fd, bus_uid);
|
|
|
|
finish:
|
|
sd_notify(false,
|
|
"STOPPING=1\n"
|
|
"STATUS=Shutting down.");
|
|
|
|
strv_free(arg_configuration);
|
|
free(arg_address);
|
|
|
|
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
|
|
}
|