| Commit message (Collapse) | Author | Age |
| |
|
|
|
|
|
|
|
|
| |
The only function still using librt was
src/shared/clean-ipc.c::clean_posix_mq().
But that function is not really needed, because elogind does not call
mq_open() anywhere, or any other mqueue related functions.
|
|
|
|
|
|
|
| |
* src/systemd/sd-daemon.h:
* src/libelogind/sd-daemon/sd-daemon.c (sd_is_mq): Remove unused
function that depended on librt. Ultimately we should remove this
header at some point.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
When forking of a child process for connecting to a container, pass
the preicse connection error to the calling process.
We already did this correctly for kdbus busses, let's do so for dbus1
busses, too.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, our introspection data looks like this:
<node>
<interface name="org.freedesktop.DBus.Peer">
...
</interface>
<interface name="org.freedesktop.DBus.Introspectable">
...
</interface>
<interface name="org.freedesktop.DBus.Properties">
...
</interface>
<node name="org"/>
<node name="org/freedesktop"/>
<node name="org/freedesktop/login1"/>
<node name="org/freedesktop/login1/user"/>
<node name="org/freedesktop/login1/user/self"/>
<node name="org/freedesktop/login1/user/_1000"/>
<node name="org/freedesktop/login1/seat"/>
<node name="org/freedesktop/login1/seat/self"/>
<node name="org/freedesktop/login1/seat/seat0"/>
<node name="org/freedesktop/login1/session"/>
<node name="org/freedesktop/login1/session/self"/>
<node name="org/freedesktop/login1/session/c1"/>
</node>
(ordered alphabetically for better visibility)
This is grossly incorrect. The spec says that we're allowed to return
non-directed children, however, it does not allow us to return data
recursively in multiple parents. If we return "org", then we must not
return anything else that starts with "org/".
It is unclear, whether we can include child-nodes as a tree. Moreover, it
is usually not what the caller wants. Hence, this patch changes sd-bus to
never return introspection data recursively. Instead, only a single
child-layer is returned.
This patch relies on enumerators to never return hierarchies. If someone
registers an enumerator via sd_bus_add_enumerator, they better register
sub-enumerators if they support *TRUE* hierarchies. Each enumerator is
treated as a single layer and not filtered.
Enumerators are still allowed to return nested data. However, that data
is still required to be a single hierarchy. For instance, returning
"/org/foo" and "/com/bar" is fine, but including "/com" or "/org" in that
dataset is not.
This should be the default for enumerators and I see no reason to filter
in sd-bus. Moreover, filtering that data-set would require to sort the
strv by path and then do prefix-filtering. This is O(n log n), which
would be fine, but still better to avoid.
Fixes #664.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Whenever we run in a user context, sd_bus_{default_user,open_user}() and
friends should always connect to the user-bus of the current context,
instead of deriving the uid from getuid(). This allows us running
programs via sudo/su, without the nasty side-effect of accidentally
connecting to the root user-bus.
This patch enforces the idea of making su/sudo *not* opening sessions by
default. That is, all they do is raising privileges, but keeping
everything set as before. You can still use su/sudo to open real sessions
by requesting a login-session (or loading pam_elogind otherwise).
However, in this case XDG_RUNTIME_DIR= will not be set (as usual in these
cases), hence, you will not be able to connect to *any* user-bus.
Long story short: With this patch applied, both:
- ./busctl --user
- sudo ./busctl --user
..will successfully connect to the user-bus of the local user.
Fixes #390.
|
|
|
|
|
|
|
|
|
|
| |
This adds a new sd_pid_get_cgroup() call to sd-login which may be used
to query the control path of a process. This is useful for programs when
making use of delegation units, in order to figure out which subtree has
been delegated.
In light of the unified control group hierarchy this is finally safe to
do, hence let's add a proper API for it, to make it easier to use this.
|
|
|
|
|
|
| |
Makre sure we always return sensible errors for the various, following
the same rules, and document them in a comment in sd-login.c. Also,
update all relevant man pages accordingly.
|
|
|
|
|
|
|
| |
session
ENODATA is how we usually indicate such "missing info" cases, so we
should do this here, too.
|
|
|
|
|
|
| |
This simply factors out the uid validation checks from parse_uid() and
uses them everywhere. This simply verifies that the passed UID is
neither 64bit -1 nor 32bit -1.
|
|
|
|
|
|
| |
We should never connect to the host bus as fallback if connecting to a
container failed via one method. Otherwise connecting to a dbus1
container will always result in a connection to the host.
|
|
|
|
|
|
| |
We rely on the correct error used when opening the kdbus device node,
hence let's make sure we pass it up from the namespaced child process to
the process which actually wants to connect.
|
|
|
|
|
|
|
| |
let's return ENXIO whenever we don't know something rather than ENOENT.
ENOENT suggests this was really about a file or directory, while ENXIO
is a more generic "not found" indicator.
|
|
|
|
|
| |
Let's help users to debug issues with epoll fd removal by printing the
name of the event source.
|
|
|
|
|
| |
It's an OK way to check whether a message contains an erro, let's not
consider this a loggable assertion event.
|
|
|
|
| |
functions.
|
|
|
|
| |
that got lost during git am transfer.
|
|
|
|
| |
that got lost during git am transfer.
|
|
|
|
| |
got lost during git am transfer.
|
|
|
|
|
|
|
|
| |
If a connection passed KDBUS_HELLO_ACTIVATOR, it cannot do I/O on the
bus. Hence, we should not treat it as proper peer. To actually query it,
you have to explicitly ask for activators.
This makes kdbus in-line with what dbus-daemon does.
|
|
|
|
|
| |
The function "mfree" should be called instead of "free" at a specific
source code place.
|
|
|
|
| |
bus can never be NULL due to assert
|
|
|
|
| |
This matches what open(2) and other system functions do.
|
|
|
|
|
| |
The kernel nowadays sends these along, and that's OK, hence don't even
debug log about it, but completely ignore it.
|
|
|
|
| |
Both strv_free() and mfree() return NULL pointer after free.
|
|
|
|
|
| |
Recently mfree() was introduced to reduce work of tedious free + reset
pointers. Use it in bus_reset_queues() too.
|
|
|
|
| |
The safe_close() already checks the fd and returns -1.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit replays the moving around of source files that have been
done between systemd-219 and systemd-221.
Further the Makefile.am is synchronized with the upstream version and
then "re-cleaned".
A lot of functions, that are not used anywhere in elogind have been
coated into #if 0/#endif directives to further shorten the list of
dependencies.
All unneeded files have been removed.
|
|
|
|
|
|
|
|
|
|
| |
Prep v220: Remove not needed headers, round 1
Prep v220: Remove not needed headers, round 2
Prep v220: Remove not needed headers, round 3
Prep v220: Remove empty source directories
Prep v220: Remove non-empty source directories, that aren't needed by elogind
Prep v220: Remove all root directories that aren't referenced by the elogind build chain.
Prep v220: remove superfluous src/import directory and systemd configurations and policies.
|
|
|
|
|
| |
Prep v220: Update logind and loginctl to upstream version.
Prep v220: src/shared/rm-rf.c does not need to be able to handle btrfs subvolumes for elogind.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The StartServiceByName() call was provided by dbus-daemon to activate a
service without sending a message. On receiption, dbus-daemon schedules
an activation request (different modes are supported) and sends back the
reply once activation is done.
With kdbus, we marked StartServiceByName() as deprecated. There is no
real reason to start services explicitly. Instead, applications should
just *use* the service and rely on it being activated implicitly.
However, we provide compatibility with dbus-daemon and implement
StartServiceByName() on the proxy via a call to
org.freedesktop.DBus.Peer.Ping() on the destination. This will activate
the peer implicitly as part of the no-op Ping() method call (regardless
whether the peer actually implements that call).
Now, the problem is, StartServiceByName() was synchronous on dbus-daemon
but isn't on bus-proxy. Hence, on return, there is no guarantee that
ListNames includes the activated name. As this is required by some
applications, we need to make this synchronous.
This patch makes the proxy track the Ping() method call and send the
reply of StartServiceByName() only once Ping() returned. We do not look
at possible errors of Ping(), as there is no strict requirement for the
peer to implement org.freedesktop.DBus.Peer. Furthermore, any interesting
error should have already been caught by sd_bus_send() before.
Note:
This race was triggered by gdbus. The gdbus-proxy implementation
relies on a name to be available after StartServiceByName()
returns. This is highly fragile and should be dropped by gdbus.
Even if the call is synchronous, there is no reason whatsoever to
assume the service did not exit-on-idle before ListNames()
returns.
However, this race is much less likely than the startup race, so
we try to be compatible to dbus-daemon now.
|
|
|
|
|
|
|
|
|
|
|
| |
We *must not* assume that an entry returned by KDBUS_CMD_LIST only
carries a single KDBUS_ITEM_OWNED_NAME. Similarly, we already parse
multiple such items for message-metadata, so make sure we support the
same on KDBUS_CMD_LIST.
By relying on the kernel to return all names separately, we limit the
kernel API significantly. Stop this and let the kernel decide how to
return its data.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The gvariant root container contains a 'variant' at the end, which embeds
the whole message body. This variant *must* contain a structure so we are
compatible to dbus1. Otherwise, it could encode at most 1 type, instead
of a full signature.
Our gvariant message parser already parses the variant-content as a
structure, so we're mostly good. However, it does *not* include the
opening and closing parantheses, nor does it parse them.
This patch fixes the decoder to verify a message contains the
parantheses, and also make the encoder add those parantheses into the
marshaled message.
|
|
|
|
|
| |
The unary type has a fixed size of 1 in gvariant. Make sure we properly
encode it as such. Right now, we encode/decode it as empty sequence.
|
|
|
|
|
|
|
| |
If c->item_size is 0, the next item to parse in a structure is empty.
However, this also implies that the signature must be empty. The latter
case is already handled just fine by enter_struct_or_dict_entry() so
there is no reason to handle the same case in the caller.
|
|
|
|
|
|
|
| |
Right now sd_bus_message_skip() will abort execution if passed a
signature of the unary type "()". Regardless whether this should be
supported or not, we really must not abort. Drop the incorrect assertion
and add a test-case for this.
|
|
|
|
|
| |
Defaults to zero, which retains the current behaviour.
Fixes #577
|
|
|
|
|
|
| |
In bus_kernel_translate_message(), we print a DEBUG message on unknown
items. But right now, we also print this message for KDBUS_ITEM_TIMESTAMP
despite parsing it properly. Fix this!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Each signal of the ObjectManager interface carries the path of the object
in question as an argument. Therefore, a caller will deduce the object
this signal is generated for, by parsing the _argument_. A caller will
*not* use the object-path of the message itself (i.e., message->path).
This is done on purpose, so the caller can rely on message->path to be
the path of the actual object-manager that generated this signal, instead
of the path of the object that triggered this signal.
This commit fixes all InterfacesAdded/Removed signals to use the path of
the closest object-manager as message->path. 'closest' in this case means
closest parent with at least one object-manager registered.
This fix raises the question what happens if we stack object-managers in
a hierarchy. Two implementations are possible: First, we report each
object only on the nearest object-manager. Second, we report it on each
parent object-manager. This patch chooses the former. This is compatible
with other existing ObjectManager implementations, which are required to
call GetManagedObjects() recursively on each object they find, which
implements the ObjectManager interface.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The lovely libvirtd goes into crazy mode if it receives broadcasts that
it didn't subscribe to. With bus-proxyd, this might happen in 2 cases:
1) The kernel passes us an unmatched signal due to a false-positive
bloom-match.
2) We generate NameOwnerChanged/NameAcquired/NameLost locally even
though the peer didn't subscribe to it.
dbus-daemon is reliable in what signals it passes on. So make sure we
follow that style. Never ever send a signal to a local peer if it doesn't
match an installed filter of that peer.
|
|
|
|
|
| |
Make sure we actually parse "unsigned long long" if we encode a uint64_t.
Otherwise, we will get random data from the stack.
|
|
|
|
|
|
|
|
|
| |
If the caller does not specify arg1 for NameOwnerChanged matches, we
really must take the ID from arg2 or arg3, if provided. They are
guaranteed to be identical to arg1 if either is supplied, but there is no
strict requiredment that arg1 is supplied. Hence, make sure to always
take the more restrictive match. Otherwise, we install rather wide
matches without anyone requiring them.
|
|
|
|
|
|
|
|
|
|
| |
Make sure we don't install NameOwnerChanged matches if the caller passed
a destination='' match (except if it is the broadcast address). Per spec,
all NameOwnerChanged signals are broadcasts.
Only the NameLost/NameAcquired signals are unicasts, but those are never
received through sd-bus. Instead, the bus-proxy synthesizes them and it
already installs proper matches for them.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In gvariant, all fixed-size objects need to be sized a multiple of their
alignment. If a structure has only fixed-size members, it is required to
be fixed size itself. If you imagine a structure like (ty), you have an
8-byte member followed by an 1-byte member. Hence, the overall inner-size
is 9. The alignment of the object is 8, though. Therefore, the specs
mandates final padding after fixed-size structures, to make sure it's
sized a multiple of its alignment (=> 16).
On the gvariant decoder side, we already account for this in
bus_gvariant_get_size(), as we apply overall padding to the size of the
structure. Therefore, our decoder correctly skips such final padding when
parsing fixed-size structure.
On the gvariant encoder side, however, we don't account for this final
padding. This patch fixes the structure and dict-entry encoders to
properly place such padding at the end of non-uniform fixed-size
structures.
The problem can be easily seen by running:
$ busctl --user monitor
and
$ busctl call --user org.freedesktop.systemd1 / org.foobar foobar "(ty)" 777 8
The monitor will fail to parse the message and print an error. With this
patch applied, everything works fine again.
This patch also adds a bunch of test-cases to force non-uniform
structures with non-pre-aligned positions.
Thanks to Jan Alexander Steffens <jan.steffens@gmail.com> for spotting
this and narrowing it down to non-uniform gvariant structures. Fixes #597.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
So right now our object-tree is limited to 2 levels at most
('/' and '/foo/...../bar'). We never link any intermediate levels, even
though that was clearly the plan. Fix the bus_node_allocate() helper to
actually link all intermediate nodes, too, not just the root node.
This fixes a simple inverse ptr-diff bug.
The downside of this fix is that we clearly never tested (nor used) the
object tree in any way. The only reason that the introspection works is
that our enumerators shortcut the object tree.
Lets see whether that code actually works..
Thanks to: Nathaniel McCallum <nathaniel@themccallums.org>
..for reporting this. See #524 for an actual example code.
|
|
|
|
|
|
|
|
|
|
|
| |
It is highly confusing if a getter function returns 0, but the value is
set to NULL. This, right now, triggers assertions as code relies on the
returned values to be non-NULL.
Like with sd-bus-creds and friends, return 0 only if a value is actually
available.
Discussed with Tom, and actually fixes real bugs as in #512.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Given a container "foo", that maps user id $UID to container user, using
user namespaces, this NSS module extenstion will now map the $UID to a
name "vu-foo-$TUID" for the translated UID $UID.
Similar, userns groups are mapped to "vg-foo-$TGID" for translated GIDs
of $GID.
This simple change should make userns users more discoverable. Also,
given that many tools like "adduser" check NSS before allocating a UID,
should lower the chance of UID range conflicts between tools.
|