1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2 #pragma once
3
4 #include <pthread.h>
5
6 #include "sd-bus.h"
7
8 #include "bus-error.h"
9 #include "bus-kernel.h"
10 #include "bus-match.h"
11 #include "def.h"
12 #include "hashmap.h"
13 #include "list.h"
14 #include "prioq.h"
15 #include "socket-util.h"
16 #include "time-util.h"
17
18 /* Note that we use the new /run prefix here (instead of /var/run) since we require them to be aliases and
19 * that way we become independent of /var being mounted */
20 #define DEFAULT_SYSTEM_BUS_ADDRESS "unix:path=/run/dbus/system_bus_socket"
21 #define DEFAULT_USER_BUS_ADDRESS_FMT "unix:path=%s/bus"
22
23 struct reply_callback {
24 sd_bus_message_handler_t callback;
25 usec_t timeout_usec; /* this is a relative timeout until we reach the BUS_HELLO state, and an absolute one right after */
26 uint64_t cookie;
27 unsigned prioq_idx;
28 };
29
30 struct filter_callback {
31 sd_bus_message_handler_t callback;
32
33 unsigned last_iteration;
34
35 LIST_FIELDS(struct filter_callback, callbacks);
36 };
37
38 struct match_callback {
39 sd_bus_message_handler_t callback;
40 sd_bus_message_handler_t install_callback;
41
42 sd_bus_slot *install_slot; /* The AddMatch() call */
43
44 unsigned last_iteration;
45
46 /* Don't dispatch this slot with messages that arrived in any iteration before or at the this
47 * one. We use this to ensure that matches don't apply "retroactively" and confuse the caller:
48 * only messages received after the match was installed will be considered. */
49 uint64_t after;
50
51 char *match_string;
52
53 struct bus_match_node *match_node;
54 };
55
56 struct node {
57 char *path;
58 struct node *parent;
59 LIST_HEAD(struct node, child);
60 LIST_FIELDS(struct node, siblings);
61
62 LIST_HEAD(struct node_callback, callbacks);
63 LIST_HEAD(struct node_vtable, vtables);
64 LIST_HEAD(struct node_enumerator, enumerators);
65 LIST_HEAD(struct node_object_manager, object_managers);
66 };
67
68 struct node_callback {
69 struct node *node;
70
71 bool is_fallback:1;
72 unsigned last_iteration;
73
74 sd_bus_message_handler_t callback;
75
76 LIST_FIELDS(struct node_callback, callbacks);
77 };
78
79 struct node_enumerator {
80 struct node *node;
81
82 sd_bus_node_enumerator_t callback;
83
84 unsigned last_iteration;
85
86 LIST_FIELDS(struct node_enumerator, enumerators);
87 };
88
89 struct node_object_manager {
90 struct node *node;
91
92 LIST_FIELDS(struct node_object_manager, object_managers);
93 };
94
95 struct node_vtable {
96 struct node *node;
97
98 bool is_fallback:1;
99 unsigned last_iteration;
100
101 char *interface;
102 const sd_bus_vtable *vtable;
103 sd_bus_object_find_t find;
104
105 LIST_FIELDS(struct node_vtable, vtables);
106 };
107
108 struct vtable_member {
109 const char *path;
110 const char *interface;
111 const char *member;
112 struct node_vtable *parent;
113 unsigned last_iteration;
114 const sd_bus_vtable *vtable;
115 };
116
117 typedef enum BusSlotType {
118 BUS_REPLY_CALLBACK,
119 BUS_FILTER_CALLBACK,
120 BUS_MATCH_CALLBACK,
121 BUS_NODE_CALLBACK,
122 BUS_NODE_ENUMERATOR,
123 BUS_NODE_VTABLE,
124 BUS_NODE_OBJECT_MANAGER,
125 _BUS_SLOT_INVALID = -EINVAL,
126 } BusSlotType;
127
128 struct sd_bus_slot {
129 unsigned n_ref;
130 BusSlotType type:8;
131
132 /* Slots can be "floating" or not. If they are not floating (the usual case) then they reference the
133 * bus object they are associated with. This means the bus object stays allocated at least as long as
134 * there is a slot around associated with it. If it is floating, then the slot's lifecycle is bound
135 * to the lifecycle of the bus: it will be disconnected from the bus when the bus is destroyed, and
136 * it keeping the slot reffed hence won't mean the bus stays reffed too. Internally this means the
137 * reference direction is reversed: floating slots objects are referenced by the bus object, and not
138 * vice versa. */
139 bool floating;
140 bool match_added;
141
142 sd_bus *bus;
143 void *userdata;
144 sd_bus_destroy_t destroy_callback;
145
146 char *description;
147
148 LIST_FIELDS(sd_bus_slot, slots);
149
150 union {
151 struct reply_callback reply_callback;
152 struct filter_callback filter_callback;
153 struct match_callback match_callback;
154 struct node_callback node_callback;
155 struct node_enumerator node_enumerator;
156 struct node_object_manager node_object_manager;
157 struct node_vtable node_vtable;
158 };
159 };
160
161 enum bus_state {
162 BUS_UNSET,
163 BUS_WATCH_BIND, /* waiting for the socket to appear via inotify */
164 BUS_OPENING, /* the kernel's connect() is still not ready */
165 BUS_AUTHENTICATING, /* we are currently in the "SASL" authorization phase of dbus */
166 BUS_HELLO, /* we are waiting for the Hello() response */
167 BUS_RUNNING,
168 BUS_CLOSING,
169 BUS_CLOSED,
170 _BUS_STATE_MAX,
171 };
172
BUS_IS_OPEN(enum bus_state state)173 static inline bool BUS_IS_OPEN(enum bus_state state) {
174 return state > BUS_UNSET && state < BUS_CLOSING;
175 }
176
177 enum bus_auth {
178 _BUS_AUTH_INVALID,
179 BUS_AUTH_EXTERNAL,
180 BUS_AUTH_ANONYMOUS
181 };
182
183 struct sd_bus {
184 unsigned n_ref;
185
186 enum bus_state state;
187 int input_fd, output_fd;
188 int inotify_fd;
189 int message_version;
190 int message_endian;
191
192 bool can_fds:1;
193 bool bus_client:1;
194 bool ucred_valid:1;
195 bool is_server:1;
196 bool anonymous_auth:1;
197 bool prefer_readv:1;
198 bool prefer_writev:1;
199 bool match_callbacks_modified:1;
200 bool filter_callbacks_modified:1;
201 bool nodes_modified:1;
202 bool trusted:1;
203 bool manual_peer_interface:1;
204 bool is_system:1;
205 bool is_user:1;
206 bool allow_interactive_authorization:1;
207 bool exit_on_disconnect:1;
208 bool exited:1;
209 bool exit_triggered:1;
210 bool is_local:1;
211 bool watch_bind:1;
212 bool is_monitor:1;
213 bool accept_fd:1;
214 bool attach_timestamp:1;
215 bool connected_signal:1;
216 bool close_on_exit:1;
217
218 signed int use_memfd:2;
219
220 void *rbuffer;
221 size_t rbuffer_size;
222
223 sd_bus_message **rqueue;
224 size_t rqueue_size;
225
226 sd_bus_message **wqueue;
227 size_t wqueue_size;
228 size_t windex;
229
230 uint64_t cookie;
231 uint64_t read_counter; /* A counter for each incoming msg */
232
233 char *unique_name;
234 uint64_t unique_id;
235
236 struct bus_match_node match_callbacks;
237 Prioq *reply_callbacks_prioq;
238 OrderedHashmap *reply_callbacks;
239 LIST_HEAD(struct filter_callback, filter_callbacks);
240
241 Hashmap *nodes;
242 Hashmap *vtable_methods;
243 Hashmap *vtable_properties;
244
245 union sockaddr_union sockaddr;
246 socklen_t sockaddr_size;
247
248 pid_t nspid;
249 char *machine;
250
251 sd_id128_t server_id;
252
253 char *address;
254 unsigned address_index;
255
256 int last_connect_error;
257
258 enum bus_auth auth;
259 unsigned auth_index;
260 struct iovec auth_iovec[3];
261 size_t auth_rbegin;
262 char *auth_buffer;
263 usec_t auth_timeout;
264
265 struct ucred ucred;
266 char *label;
267 gid_t *groups;
268 size_t n_groups;
269
270 uint64_t creds_mask;
271
272 int *fds;
273 size_t n_fds;
274
275 char *exec_path;
276 char **exec_argv;
277
278 /* We do locking around the memfd cache, since we want to
279 * allow people to process a sd_bus_message in a different
280 * thread then it was generated on and free it there. Since
281 * adding something to the memfd cache might happen when a
282 * message is released, we hence need to protect this bit with
283 * a mutex. */
284 pthread_mutex_t memfd_cache_mutex;
285 struct memfd_cache memfd_cache[MEMFD_CACHE_MAX];
286 unsigned n_memfd_cache;
287
288 pid_t original_pid;
289 pid_t busexec_pid;
290
291 unsigned iteration_counter;
292
293 sd_event_source *input_io_event_source;
294 sd_event_source *output_io_event_source;
295 sd_event_source *time_event_source;
296 sd_event_source *quit_event_source;
297 sd_event_source *inotify_event_source;
298 sd_event *event;
299 int event_priority;
300
301 pid_t tid;
302
303 sd_bus_message *current_message;
304 sd_bus_slot *current_slot;
305 sd_bus_message_handler_t current_handler;
306 void *current_userdata;
307
308 sd_bus **default_bus_ptr;
309
310 char *description;
311 char *patch_sender;
312
313 sd_bus_track *track_queue;
314
315 LIST_HEAD(sd_bus_slot, slots);
316 LIST_HEAD(sd_bus_track, tracks);
317
318 int *inotify_watches;
319 size_t n_inotify_watches;
320
321 /* zero means use value specified by $SYSTEMD_BUS_TIMEOUT= environment variable or built-in default */
322 usec_t method_call_timeout;
323 };
324
325 /* For method calls we timeout at 25s, like in the D-Bus reference implementation */
326 #define BUS_DEFAULT_TIMEOUT ((usec_t) (25 * USEC_PER_SEC))
327
328 /* For the authentication phase we grant 90s, to provide extra room during boot, when RNGs and such are not filled up
329 * with enough entropy yet and might delay the boot */
330 #define BUS_AUTH_TIMEOUT ((usec_t) DEFAULT_TIMEOUT_USEC)
331
332 #define BUS_WQUEUE_MAX (384*1024)
333 #define BUS_RQUEUE_MAX (384*1024)
334
335 #define BUS_MESSAGE_SIZE_MAX (128*1024*1024)
336 #define BUS_AUTH_SIZE_MAX (64*1024)
337 /* Note that the D-Bus specification states that bus paths shall have no size limit. We enforce here one
338 * anyway, since truly unbounded strings are a security problem. The limit we pick is relatively large however,
339 * to not clash unnecessarily with real-life applications. */
340 #define BUS_PATH_SIZE_MAX (64*1024)
341
342 #define BUS_CONTAINER_DEPTH 128
343
344 /* Defined by the specification as maximum size of an array in bytes */
345 #define BUS_ARRAY_MAX_SIZE 67108864
346
347 #define BUS_FDS_MAX 1024
348
349 #define BUS_EXEC_ARGV_MAX 256
350
351 bool interface_name_is_valid(const char *p) _pure_;
352 bool service_name_is_valid(const char *p) _pure_;
353 bool member_name_is_valid(const char *p) _pure_;
354 bool object_path_is_valid(const char *p) _pure_;
355
356 char *object_path_startswith(const char *a, const char *b) _pure_;
357
358 bool namespace_complex_pattern(const char *pattern, const char *value) _pure_;
359 bool path_complex_pattern(const char *pattern, const char *value) _pure_;
360
361 bool namespace_simple_pattern(const char *pattern, const char *value) _pure_;
362 bool path_simple_pattern(const char *pattern, const char *value) _pure_;
363
364 int bus_message_type_from_string(const char *s, uint8_t *u) _pure_;
365 const char *bus_message_type_to_string(uint8_t u) _pure_;
366
367 #define error_name_is_valid interface_name_is_valid
368
369 sd_bus *bus_resolve(sd_bus *bus);
370
371 int bus_ensure_running(sd_bus *bus);
372 int bus_start_running(sd_bus *bus);
373 int bus_next_address(sd_bus *bus);
374
375 int bus_seal_synthetic_message(sd_bus *b, sd_bus_message *m);
376
377 int bus_rqueue_make_room(sd_bus *bus);
378
379 bool bus_pid_changed(sd_bus *bus);
380
381 char *bus_address_escape(const char *v);
382
383 int bus_attach_io_events(sd_bus *b);
384 int bus_attach_inotify_event(sd_bus *b);
385
386 void bus_close_inotify_fd(sd_bus *b);
387 void bus_close_io_fds(sd_bus *b);
388
389 #define OBJECT_PATH_FOREACH_PREFIX(prefix, path) \
390 for (char *_slash = ({ strcpy((prefix), (path)); streq((prefix), "/") ? NULL : strrchr((prefix), '/'); }) ; \
391 _slash && ((_slash[(_slash) == (prefix)] = 0), true); \
392 _slash = streq((prefix), "/") ? NULL : strrchr((prefix), '/'))
393
394 /* If we are invoking callbacks of a bus object, ensure unreffing the
395 * bus from the callback doesn't destroy the object we are working on */
396 #define BUS_DONT_DESTROY(bus) \
397 _cleanup_(sd_bus_unrefp) _unused_ sd_bus *_dont_destroy_##bus = sd_bus_ref(bus)
398
399 int bus_set_address_system(sd_bus *bus);
400 int bus_set_address_user(sd_bus *bus);
401 int bus_set_address_system_remote(sd_bus *b, const char *host);
402 int bus_set_address_machine(sd_bus *b, bool user, const char *machine);
403
404 int bus_maybe_reply_error(sd_bus_message *m, int r, sd_bus_error *error);
405
406 #define bus_assert_return(expr, r, error) \
407 do { \
408 if (!assert_log(expr, #expr)) \
409 return sd_bus_error_set_errno(error, r); \
410 } while (false)
411
412 void bus_enter_closing(sd_bus *bus);
413
414 void bus_set_state(sd_bus *bus, enum bus_state state);
415