}
/**
+ * Creates a UNIX domain socket and connects it to the specified
+ * process to execute.
+ *
+ * This will set FD_CLOEXEC for the socket returned.
+ *
+ * @param path the path to the executable
+ * @param argv the argument list for the process to execute.
+ * argv[0] typically is identical to the path of the executable
+ * @param error return location for error code
+ * @returns connection file descriptor or -1 on error
+ */
+int
+_dbus_connect_exec (const char *path,
+ char *const argv[],
+ DBusError *error)
+{
+ int fds[2];
+ pid_t pid;
+
+ _DBUS_ASSERT_ERROR_IS_CLEAR (error);
+
+ _dbus_verbose ("connecting to process %s\n", path);
+
+ if (socketpair (AF_UNIX, SOCK_STREAM
+#ifdef SOCK_CLOEXEC
+ |SOCK_CLOEXEC
+#endif
+ , 0, fds) < 0)
+ {
+ dbus_set_error (error,
+ _dbus_error_from_errno (errno),
+ "Failed to create socket pair: %s",
+ _dbus_strerror (errno));
+ return -1;
+ }
+
+ _dbus_fd_set_close_on_exec (fds[0]);
+ _dbus_fd_set_close_on_exec (fds[1]);
+
+ pid = fork ();
+ if (pid < 0)
+ {
+ dbus_set_error (error,
+ _dbus_error_from_errno (errno),
+ "Failed to fork() to call %s: %s",
+ path, _dbus_strerror (errno));
+ close (fds[0]);
+ close (fds[1]);
+ return -1;
+ }
+
+ if (pid == 0)
+ {
+ /* child */
+ close (fds[0]);
+
+ dup2 (fds[1], STDIN_FILENO);
+ dup2 (fds[1], STDOUT_FILENO);
+
+ if (fds[1] != STDIN_FILENO &&
+ fds[1] != STDOUT_FILENO)
+ close (fds[1]);
+
+ /* Inherit STDERR and the controlling terminal from the
+ parent */
+
+ _dbus_close_all ();
+
+ execvp (path, argv);
+
+ fprintf (stderr, "Failed to execute process %s: %s\n", path, _dbus_strerror (errno));
+
+ _exit(1);
+ }
+
+ /* parent */
+ close (fds[1]);
+
+ if (!_dbus_set_fd_nonblocking (fds[0], error))
+ {
+ _DBUS_ASSERT_ERROR_IS_SET (error);
+
+ close (fds[0]);
+ return -1;
+ }
+
+ return fds[0];
+}
+
+/**
* Enables or disables the reception of credentials on the given socket during
* the next message transmission. This is only effective if the #LOCAL_CREDS
* system feature exists, in which case the other side of the connection does
_dbus_error_from_errno (errno),
"Failed to lookup host/port: \"%s:%s\": %s (%d)",
host, port, gai_strerror(res), res);
- _dbus_close (fd, NULL);
return -1;
}
hints.ai_flags = AI_ADDRCONFIG | AI_PASSIVE;
redo_lookup_with_port:
+ ai = NULL;
if ((res = getaddrinfo(host, port, &hints, &ai)) != 0 || !ai)
{
dbus_set_error (error,
_dbus_error_from_errno (errno),
"Failed to lookup host/port: \"%s:%s\": %s (%d)",
host ? host : "*", port, gai_strerror(res), res);
- return -1;
+ goto failed;
}
tmp = ai;
#endif
}
-#ifdef DBUS_BUILD_TESTS
-/** Gets our GID
- * @returns process GID
- */
-dbus_gid_t
-_dbus_getgid (void)
-{
- return getgid ();
-}
-#endif
-
/**
* Wrapper for poll().
*
* available, to avoid problems when the system time changes.
*
* @param tv_sec return location for number of seconds
- * @param tv_usec return location for number of microseconds (thousandths)
+ * @param tv_usec return location for number of microseconds
*/
void
-_dbus_get_current_time (long *tv_sec,
- long *tv_usec)
+_dbus_get_monotonic_time (long *tv_sec,
+ long *tv_usec)
{
#ifdef HAVE_MONOTONIC_CLOCK
struct timespec ts;
}
/**
+ * Get current time, as in gettimeofday(). Never uses the monotonic
+ * clock.
+ *
+ * @param tv_sec return location for number of seconds
+ * @param tv_usec return location for number of microseconds
+ */
+void
+_dbus_get_real_time (long *tv_sec,
+ long *tv_usec)
+{
+ struct timeval t;
+
+ gettimeofday (&t, NULL);
+
+ if (tv_sec)
+ *tv_sec = t.tv_sec;
+ if (tv_usec)
+ *tv_usec = t.tv_usec;
+}
+
+/**
* Creates a directory; succeeds if the directory
* is created or already existed.
*
*
* Marks both file descriptors as close-on-exec
*
- * @todo libdbus only uses this for the debug-pipe server, so in
- * principle it could be in dbus-sysdeps-util.c, except that
- * dbus-sysdeps-util.c isn't in libdbus when tests are enabled and the
- * debug-pipe server is used.
- *
* @param fd1 return location for one end
* @param fd2 return location for the other end
* @param blocking #TRUE if pipe should be blocking
int ret;
int status;
int orig_len;
- int i;
dbus_bool_t retval;
sigset_t new_set, old_set;
if (pid == 0)
{
/* child process */
- int maxfds;
int fd;
fd = open ("/dev/null", O_RDWR);
if (dup2 (errors_pipe[WRITE_END], 2) == -1)
_exit (1);
- maxfds = sysconf (_SC_OPEN_MAX);
- /* Pick something reasonable if for some reason sysconf
- * says unlimited.
- */
- if (maxfds < 0)
- maxfds = 1024;
- /* close all inherited fds */
- for (i = 3; i < maxfds; i++)
- close (i);
+ _dbus_close_all ();
sigprocmask (SIG_SETMASK, &old_set, NULL);
DBusString uuid;
dbus_bool_t retval;
+ if (_dbus_check_setuid ())
+ {
+ dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED,
+ "Unable to autolaunch when setuid");
+ return FALSE;
+ }
+
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
retval = FALSE;
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
+ if (_dbus_check_setuid ())
+ {
+ dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED,
+ "Unable to find launchd socket when setuid");
+ return FALSE;
+ }
+
i = 0;
argv[i] = "launchctl";
++i;
dbus_bool_t valid_socket;
DBusString socket_path;
+ if (_dbus_check_setuid ())
+ {
+ dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED,
+ "Unable to find launchd socket when setuid");
+ return FALSE;
+ }
+
if (!_dbus_string_init (&socket_path))
{
_DBUS_SET_OOM (error);
dbus_bool_t
_dbus_get_standard_system_servicedirs (DBusList **dirs)
{
- const char *xdg_data_dirs;
- DBusString servicedir_path;
-
- if (!_dbus_string_init (&servicedir_path))
- return FALSE;
-
- xdg_data_dirs = _dbus_getenv ("XDG_DATA_DIRS");
-
- if (xdg_data_dirs != NULL)
- {
- if (!_dbus_string_append (&servicedir_path, xdg_data_dirs))
- goto oom;
-
- if (!_dbus_string_append (&servicedir_path, ":"))
- goto oom;
- }
- else
- {
- if (!_dbus_string_append (&servicedir_path, "/usr/local/share:/usr/share:"))
- goto oom;
- }
-
/*
- * Add configured datadir to defaults. This may be the same as one
- * of the XDG directories. However, the config parser should take
- * care of the duplicates.
+ * DBUS_DATADIR may be the same as one of the standard directories. However,
+ * the config parser should take care of the duplicates.
*
* Also, append /lib as counterpart of /usr/share on the root
* directory (the root directory does not know /share), in order to
* facilitate early boot system bus activation where /usr might not
* be available.
*/
- if (!_dbus_string_append (&servicedir_path,
- DBUS_DATADIR":"
- "/lib:"))
- goto oom;
-
- if (!_dbus_split_paths_and_append (&servicedir_path,
- DBUS_UNIX_STANDARD_SYSTEM_SERVICEDIR,
- dirs))
- goto oom;
+ static const char standard_search_path[] =
+ "/usr/local/share:"
+ "/usr/share:"
+ DBUS_DATADIR ":"
+ "/lib";
+ DBusString servicedir_path;
- _dbus_string_free (&servicedir_path);
- return TRUE;
+ _dbus_string_init_const (&servicedir_path, standard_search_path);
- oom:
- _dbus_string_free (&servicedir_path);
- return FALSE;
+ return _dbus_split_paths_and_append (&servicedir_path,
+ DBUS_UNIX_STANDARD_SYSTEM_SERVICEDIR,
+ dirs);
}
/**
return configure_time_path;
}
+/**
+ * Closes all file descriptors except the first three (i.e. stdin,
+ * stdout, stderr).
+ */
+void
+_dbus_close_all (void)
+{
+ int maxfds, i;
+
+#ifdef __linux__
+ DIR *d;
+
+ /* On Linux we can optimize this a bit if /proc is available. If it
+ isn't available, fall back to the brute force way. */
+
+ d = opendir ("/proc/self/fd");
+ if (d)
+ {
+ for (;;)
+ {
+ struct dirent buf, *de;
+ int k, fd;
+ long l;
+ char *e = NULL;
+
+ k = readdir_r (d, &buf, &de);
+ if (k != 0 || !de)
+ break;
+
+ if (de->d_name[0] == '.')
+ continue;
+
+ errno = 0;
+ l = strtol (de->d_name, &e, 10);
+ if (errno != 0 || e == NULL || *e != '\0')
+ continue;
+
+ fd = (int) l;
+ if (fd < 3)
+ continue;
+
+ if (fd == dirfd (d))
+ continue;
+
+ close (fd);
+ }
+
+ closedir (d);
+ return;
+ }
+#endif
+
+ maxfds = sysconf (_SC_OPEN_MAX);
+
+ /* Pick something reasonable if for some reason sysconf says
+ * unlimited.
+ */
+ if (maxfds < 0)
+ maxfds = 1024;
+
+ /* close all inherited fds */
+ for (i = 3; i < maxfds; i++)
+ close (i);
+}
+
+/**
+ * **NOTE**: If you modify this function, please also consider making
+ * the corresponding change in GLib. See
+ * glib/gutils.c:g_check_setuid().
+ *
+ * Returns TRUE if the current process was executed as setuid (or an
+ * equivalent __libc_enable_secure is available). See:
+ * http://osdir.com/ml/linux.lfs.hardened/2007-04/msg00032.html
+ */
+dbus_bool_t
+_dbus_check_setuid (void)
+{
+ /* TODO: get __libc_enable_secure exported from glibc.
+ * See http://www.openwall.com/lists/owl-dev/2012/08/14/1
+ */
+#if 0 && defined(HAVE_LIBC_ENABLE_SECURE)
+ {
+ /* See glibc/include/unistd.h */
+ extern int __libc_enable_secure;
+ return __libc_enable_secure;
+ }
+#elif defined(HAVE_ISSETUGID)
+ /* BSD: http://www.freebsd.org/cgi/man.cgi?query=issetugid&sektion=2 */
+ return issetugid ();
+#else
+ uid_t ruid, euid, suid; /* Real, effective and saved user ID's */
+ gid_t rgid, egid, sgid; /* Real, effective and saved group ID's */
+
+ static dbus_bool_t check_setuid_initialised;
+ static dbus_bool_t is_setuid;
+
+ if (_DBUS_UNLIKELY (!check_setuid_initialised))
+ {
+#ifdef HAVE_GETRESUID
+ if (getresuid (&ruid, &euid, &suid) != 0 ||
+ getresgid (&rgid, &egid, &sgid) != 0)
+#endif /* HAVE_GETRESUID */
+ {
+ suid = ruid = getuid ();
+ sgid = rgid = getgid ();
+ euid = geteuid ();
+ egid = getegid ();
+ }
+
+ check_setuid_initialised = TRUE;
+ is_setuid = (ruid != euid || ruid != suid ||
+ rgid != egid || rgid != sgid);
+
+ }
+ return is_setuid;
+#endif
+}
+
/* tests in dbus-sysdeps-util.c */
projects / platform / upstream / dbus.git / blobdiff