static int async_polkit_callback(sd_bus *bus, sd_bus_message *reply, void *userdata, sd_bus_error *error) {
_cleanup_bus_error_free_ sd_bus_error error_buffer = SD_BUS_ERROR_NULL;
AsyncPolkitQuery *q = userdata;
int r;
assert(bus);
assert(reply);
assert(q);
q->slot = sd_bus_slot_unref(q->slot);
q->reply = sd_bus_message_ref(reply);
r = sd_bus_message_rewind(q->request, true);
if (r < 0) {
r = sd_bus_reply_method_errno(q->request, r, NULL);
goto finish;
}
r = q->callback(bus, q->request, q->userdata, &error_buffer);
r = bus_maybe_reply_error(q->request, r, &error_buffer);
finish:
async_polkit_query_free(q);
return r;
}
/* called when the object for the service is called */
static int api_dbus_server_on_object_called(sd_bus_message *message, void *userdata, sd_bus_error *ret_error)
{
int rc;
const char *method;
const char *uuid;
struct dbus_req *dreq;
struct api_dbus *api = userdata;
struct afb_req areq;
uint32_t flags;
/* check the interface */
if (strcmp(sd_bus_message_get_interface(message), api->name) != 0)
return 0;
/* get the method */
method = sd_bus_message_get_member(message);
/* create the request */
dreq = calloc(1 , sizeof *dreq);
if (dreq == NULL) {
sd_bus_reply_method_errorf(message, SD_BUS_ERROR_NO_MEMORY, "out of memory");
return 1;
}
/* get the data */
rc = sd_bus_message_read(message, "ssu", &dreq->request, &uuid, &flags);
if (rc < 0) {
sd_bus_reply_method_errorf(message, SD_BUS_ERROR_INVALID_SIGNATURE, "invalid signature");
free(dreq);
return 1;
}
/* connect to the context */
if (afb_context_connect(&dreq->context, uuid, NULL) < 0) {
sd_bus_reply_method_errorf(message, SD_BUS_ERROR_NO_MEMORY, "out of memory");
free(dreq);
return 1;
}
/* fulfill the request and emit it */
dreq->context.flags = flags;
dreq->message = sd_bus_message_ref(message);
dreq->json = NULL;
dreq->refcount = 1;
areq.itf = &dbus_req_itf;
areq.closure = dreq;
afb_apis_call_(areq, &dreq->context, api->api, method);
dbus_req_unref(dreq);
return 1;
}
static int async_polkit_callback(sd_bus *bus, sd_bus_message *reply, void *userdata) {
AsyncPolkitQuery *q = userdata;
_cleanup_bus_message_unref_ sd_bus_message *m = NULL;
int r;
assert(bus);
assert(reply);
assert(q);
q->reply = sd_bus_message_ref(reply);
q->serial = 0;
m = sd_bus_message_ref(q->request);
r = sd_bus_message_rewind(m, true);
if (r < 0)
return r;
r = q->callback(bus, m, q->userdata);
if (r < 0)
return r;
return 1;
}
_public_ sd_bus_creds *sd_bus_creds_ref(sd_bus_creds *c) {
assert_return(c, NULL);
if (c->allocated) {
assert(c->n_ref > 0);
c->n_ref++;
} else {
sd_bus_message *m;
/* If this is an embedded creds structure, then
* forward ref counting to the message */
m = container_of(c, sd_bus_message, creds);
sd_bus_message_ref(m);
}
return c;
}
int operation_new(Manager *manager, Machine *machine, pid_t child, sd_bus_message *message, int errno_fd, Operation **ret) {
Operation *o;
int r;
assert(manager);
assert(child > 1);
assert(message);
assert(errno_fd >= 0);
o = new0(Operation, 1);
if (!o)
return -ENOMEM;
o->extra_fd = -1;
r = sd_event_add_child(manager->event, &o->event_source, child, WEXITED, operation_done, o);
if (r < 0) {
free(o);
return r;
}
o->pid = child;
o->message = sd_bus_message_ref(message);
o->errno_fd = errno_fd;
LIST_PREPEND(operations, manager->operations, o);
manager->n_operations++;
o->manager = manager;
if (machine) {
LIST_PREPEND(operations_by_machine, machine->operations, o);
o->machine = machine;
}
log_debug("Started new operation " PID_FMT ".", child);
/* At this point we took ownership of both the child and the errno file descriptor! */
if (ret)
*ret = o;
return 0;
}
int vconsole_read_data(Context *c, sd_bus_message *m) {
struct stat st;
usec_t t;
int r;
/* Do not try to re-read the file within single bus operation. */
if (m) {
if (m == c->vc_cache)
return 0;
sd_bus_message_unref(c->vc_cache);
c->vc_cache = sd_bus_message_ref(m);
}
if (stat("/etc/vconsole.conf", &st) < 0) {
if (errno != ENOENT)
return -errno;
c->vc_mtime = USEC_INFINITY;
context_free_vconsole(c);
return 0;
}
/* If mtime is not changed, then we do not need to re-read */
t = timespec_load(&st.st_mtim);
if (c->vc_mtime != USEC_INFINITY && t == c->vc_mtime)
return 0;
c->vc_mtime = t;
context_free_vconsole(c);
r = parse_env_file(NULL, "/etc/vconsole.conf", NEWLINE,
"KEYMAP", &c->vc_keymap,
"KEYMAP_TOGGLE", &c->vc_keymap_toggle,
NULL);
if (r < 0)
return r;
return 0;
}
int bus_verify_polkit_async(
sd_bus_message *call,
int capability,
const char *action,
bool interactive,
Hashmap **registry,
sd_bus_error *error) {
#ifdef ENABLE_POLKIT
_cleanup_bus_message_unref_ sd_bus_message *pk = NULL;
AsyncPolkitQuery *q;
const char *sender;
sd_bus_message_handler_t callback;
void *userdata;
#endif
int r;
assert(call);
assert(action);
assert(registry);
#ifdef ENABLE_POLKIT
q = hashmap_get(*registry, call);
if (q) {
int authorized, challenge;
/* This is the second invocation of this function, and
* there's already a response from polkit, let's
* process it */
assert(q->reply);
if (sd_bus_message_is_method_error(q->reply, NULL)) {
const sd_bus_error *e;
/* Copy error from polkit reply */
e = sd_bus_message_get_error(q->reply);
sd_bus_error_copy(error, e);
/* Treat no PK available as access denied */
if (sd_bus_error_has_name(e, SD_BUS_ERROR_SERVICE_UNKNOWN))
return -EACCES;
return -sd_bus_error_get_errno(e);
}
r = sd_bus_message_enter_container(q->reply, 'r', "bba{ss}");
if (r >= 0)
r = sd_bus_message_read(q->reply, "bb", &authorized, &challenge);
if (r < 0)
return r;
if (authorized)
return 1;
return -EACCES;
}
#endif
r = sd_bus_query_sender_privilege(call, capability);
if (r < 0)
return r;
else if (r > 0)
return 1;
#ifdef ENABLE_POLKIT
if (sd_bus_get_current_message(call->bus) != call)
return -EINVAL;
callback = sd_bus_get_current_handler(call->bus);
if (!callback)
return -EINVAL;
userdata = sd_bus_get_current_userdata(call->bus);
sender = sd_bus_message_get_sender(call);
if (!sender)
return -EBADMSG;
r = hashmap_ensure_allocated(registry, trivial_hash_func, trivial_compare_func);
if (r < 0)
return r;
r = sd_bus_message_new_method_call(
call->bus,
&pk,
"org.freedesktop.PolicyKit1",
"/org/freedesktop/PolicyKit1/Authority",
"org.freedesktop.PolicyKit1.Authority",
"CheckAuthorization");
if (r < 0)
return r;
r = sd_bus_message_append(
pk,
"(sa{sv})sa{ss}us",
"system-bus-name", 1, "name", "s", sender,
action,
0,
interactive ? 1 : 0,
NULL);
if (r < 0)
return r;
q = new0(AsyncPolkitQuery, 1);
if (!q)
return -ENOMEM;
q->request = sd_bus_message_ref(call);
q->callback = callback;
q->userdata = userdata;
r = hashmap_put(*registry, call, q);
if (r < 0) {
async_polkit_query_free(q);
return r;
}
q->registry = *registry;
r = sd_bus_call_async(call->bus, &q->slot, pk, async_polkit_callback, q, 0);
if (r < 0) {
async_polkit_query_free(q);
return r;
}
return 0;
#endif
return -EACCES;
}
int locale_read_data(Context *c, sd_bus_message *m) {
struct stat st;
int r;
/* Do not try to re-read the file within single bus operation. */
if (m) {
if (m == c->locale_cache)
return 0;
sd_bus_message_unref(c->locale_cache);
c->locale_cache = sd_bus_message_ref(m);
}
r = stat("/etc/locale.conf", &st);
if (r < 0 && errno != ENOENT)
return -errno;
if (r >= 0) {
usec_t t;
/* If mtime is not changed, then we do not need to re-read the file. */
t = timespec_load(&st.st_mtim);
if (c->locale_mtime != USEC_INFINITY && t == c->locale_mtime)
return 0;
c->locale_mtime = t;
context_free_locale(c);
r = parse_env_file(NULL, "/etc/locale.conf", NEWLINE,
"LANG", &c->locale[VARIABLE_LANG],
"LANGUAGE", &c->locale[VARIABLE_LANGUAGE],
"LC_CTYPE", &c->locale[VARIABLE_LC_CTYPE],
"LC_NUMERIC", &c->locale[VARIABLE_LC_NUMERIC],
"LC_TIME", &c->locale[VARIABLE_LC_TIME],
"LC_COLLATE", &c->locale[VARIABLE_LC_COLLATE],
"LC_MONETARY", &c->locale[VARIABLE_LC_MONETARY],
"LC_MESSAGES", &c->locale[VARIABLE_LC_MESSAGES],
"LC_PAPER", &c->locale[VARIABLE_LC_PAPER],
"LC_NAME", &c->locale[VARIABLE_LC_NAME],
"LC_ADDRESS", &c->locale[VARIABLE_LC_ADDRESS],
"LC_TELEPHONE", &c->locale[VARIABLE_LC_TELEPHONE],
"LC_MEASUREMENT", &c->locale[VARIABLE_LC_MEASUREMENT],
"LC_IDENTIFICATION", &c->locale[VARIABLE_LC_IDENTIFICATION],
NULL);
if (r < 0)
return r;
} else {
int p;
c->locale_mtime = USEC_INFINITY;
context_free_locale(c);
/* Fill in what we got passed from systemd. */
for (p = 0; p < _VARIABLE_LC_MAX; p++) {
const char *name;
name = locale_variable_to_string(p);
assert(name);
r = free_and_strdup(&c->locale[p], empty_to_null(getenv(name)));
if (r < 0)
return r;
}
}
locale_simplify(c->locale);
return 0;
}
int x11_read_data(Context *c, sd_bus_message *m) {
_cleanup_fclose_ FILE *f = NULL;
bool in_section = false;
char line[LINE_MAX];
struct stat st;
usec_t t;
int r;
/* Do not try to re-read the file within single bus operation. */
if (m) {
if (m == c->x11_cache)
return 0;
sd_bus_message_unref(c->x11_cache);
c->x11_cache = sd_bus_message_ref(m);
}
if (stat("/etc/X11/xorg.conf.d/00-keyboard.conf", &st) < 0) {
if (errno != ENOENT)
return -errno;
c->x11_mtime = USEC_INFINITY;
context_free_x11(c);
return 0;
}
/* If mtime is not changed, then we do not need to re-read */
t = timespec_load(&st.st_mtim);
if (c->x11_mtime != USEC_INFINITY && t == c->x11_mtime)
return 0;
c->x11_mtime = t;
context_free_x11(c);
f = fopen("/etc/X11/xorg.conf.d/00-keyboard.conf", "re");
if (!f)
return -errno;
while (fgets(line, sizeof(line), f)) {
char *l;
char_array_0(line);
l = strstrip(line);
if (IN_SET(l[0], 0, '#'))
continue;
if (in_section && first_word(l, "Option")) {
_cleanup_strv_free_ char **a = NULL;
r = strv_split_extract(&a, l, WHITESPACE, EXTRACT_QUOTES);
if (r < 0)
return r;
if (strv_length(a) == 3) {
char **p = NULL;
if (streq(a[1], "XkbLayout"))
p = &c->x11_layout;
else if (streq(a[1], "XkbModel"))
p = &c->x11_model;
else if (streq(a[1], "XkbVariant"))
p = &c->x11_variant;
else if (streq(a[1], "XkbOptions"))
p = &c->x11_options;
if (p) {
free_and_replace(*p, a[2]);
}
}
} else if (!in_section && first_word(l, "Section")) {
_cleanup_strv_free_ char **a = NULL;
r = strv_split_extract(&a, l, WHITESPACE, EXTRACT_QUOTES);
if (r < 0)
return -ENOMEM;
if (strv_length(a) == 2 && streq(a[1], "InputClass"))
in_section = true;
} else if (in_section && first_word(l, "EndSection"))
in_section = false;
}
return 0;
}
static int bus_method_resolve_address(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) {
_cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
_cleanup_(dns_question_unrefp) DnsQuestion *question = NULL;
_cleanup_free_ char *reverse = NULL;
Manager *m = userdata;
int family, ifindex;
uint64_t flags;
const void *d;
DnsQuery *q;
size_t sz;
int r;
assert(bus);
assert(message);
assert(m);
r = sd_bus_message_read(message, "ii", &ifindex, &family);
if (r < 0)
return r;
if (!IN_SET(family, AF_INET, AF_INET6))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unknown address family %i", family);
r = sd_bus_message_read_array(message, 'y', &d, &sz);
if (r < 0)
return r;
if (sz != FAMILY_ADDRESS_SIZE(family))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid address size");
r = sd_bus_message_read(message, "t", &flags);
if (r < 0)
return r;
r = check_ifindex_flags(ifindex, &flags, error);
if (r < 0)
return r;
r = dns_name_reverse(family, d, &reverse);
if (r < 0)
return r;
question = dns_question_new(1);
if (!question)
return -ENOMEM;
key = dns_resource_key_new_consume(DNS_CLASS_IN, DNS_TYPE_PTR, reverse);
if (!key)
return -ENOMEM;
reverse = NULL;
r = dns_question_add(question, key);
if (r < 0)
return r;
r = dns_query_new(m, &q, question, ifindex, flags);
if (r < 0)
return r;
q->request = sd_bus_message_ref(message);
q->request_family = family;
memcpy(&q->request_address, d, sz);
q->complete = bus_method_resolve_address_complete;
r = dns_query_bus_track(q, bus, message);
if (r < 0)
return r;
r = dns_query_go(q);
if (r < 0) {
dns_query_free(q);
if (r == -ESRCH)
sd_bus_error_setf(error, BUS_ERROR_NO_NAME_SERVERS, "No appropriate name servers or networks for name found");
return r;
}
return 1;
}
static int bus_method_resolve_hostname(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) {
_cleanup_(dns_question_unrefp) DnsQuestion *question = NULL;
Manager *m = userdata;
const char *hostname;
int family, ifindex;
uint64_t flags;
DnsQuery *q;
int r;
assert(bus);
assert(message);
assert(m);
r = sd_bus_message_read(message, "isit", &ifindex, &hostname, &family, &flags);
if (r < 0)
return r;
if (!IN_SET(family, AF_INET, AF_INET6, AF_UNSPEC))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unknown address family %i", family);
r = dns_name_normalize(hostname, NULL);
if (r < 0)
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid hostname '%s'", hostname);
r = check_ifindex_flags(ifindex, &flags, error);
if (r < 0)
return r;
question = dns_question_new(family == AF_UNSPEC ? 2 : 1);
if (!question)
return -ENOMEM;
if (family != AF_INET6) {
_cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_A, hostname);
if (!key)
return -ENOMEM;
r = dns_question_add(question, key);
if (r < 0)
return r;
}
if (family != AF_INET) {
_cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
key = dns_resource_key_new(DNS_CLASS_IN, DNS_TYPE_AAAA, hostname);
if (!key)
return -ENOMEM;
r = dns_question_add(question, key);
if (r < 0)
return r;
}
r = dns_query_new(m, &q, question, ifindex, flags);
if (r < 0)
return r;
q->request = sd_bus_message_ref(message);
q->request_family = family;
q->request_hostname = hostname;
q->complete = bus_method_resolve_hostname_complete;
r = dns_query_bus_track(q, bus, message);
if (r < 0)
return r;
r = dns_query_go(q);
if (r < 0) {
dns_query_free(q);
if (r == -ESRCH)
sd_bus_error_setf(error, BUS_ERROR_NO_NAME_SERVERS, "No appropriate name servers or networks for name found");
return r;
}
return 1;
}
int bus_verify_polkit_async(
sd_bus *bus,
Hashmap **registry,
sd_bus_message *m,
const char *action,
bool interactive,
sd_bus_error *error,
sd_bus_message_handler_t callback,
void *userdata) {
#ifdef ENABLE_POLKIT
_cleanup_bus_message_unref_ sd_bus_message *pk = NULL;
AsyncPolkitQuery *q;
#endif
const char *sender;
uid_t uid;
int r;
assert(bus);
assert(registry);
assert(m);
assert(action);
#ifdef ENABLE_POLKIT
q = hashmap_remove(*registry, m);
if (q) {
unsigned authorized, challenge;
/* This is the second invocation of this function, and
* there's already a response from polkit, let's
* process it */
assert(q->reply);
if (sd_bus_message_is_method_error(q->reply, NULL)) {
const sd_bus_error *e;
/* Treat no PK available as access denied */
if (sd_bus_message_is_method_error(q->reply, SD_BUS_ERROR_SERVICE_UNKNOWN)) {
async_polkit_query_free(bus, q);
return -EACCES;
}
e = sd_bus_message_get_error(q->reply);
sd_bus_error_copy(error, e);
r = sd_bus_error_get_errno(e);
async_polkit_query_free(bus, q);
return r;
}
r = sd_bus_message_enter_container(q->reply, 'r', "bba{ss}");
if (r >= 0)
r = sd_bus_message_read(q->reply, "bb", &authorized, &challenge);
async_polkit_query_free(bus, q);
if (r < 0)
return r;
if (authorized)
return 1;
return -EACCES;
}
#endif
sender = sd_bus_message_get_sender(m);
if (!sender)
return -EBADMSG;
r = sd_bus_get_owner_uid(bus, sender, &uid);
if (r < 0)
return r;
if (uid == 0)
return 1;
#ifdef ENABLE_POLKIT
r = hashmap_ensure_allocated(registry, trivial_hash_func, trivial_compare_func);
if (r < 0)
return r;
r = sd_bus_message_new_method_call(
bus,
"org.freedesktop.PolicyKit1",
"/org/freedesktop/PolicyKit1/Authority",
"org.freedesktop.PolicyKit1.Authority",
"CheckAuthorization",
&pk);
if (r < 0)
return r;
r = sd_bus_message_append(
pk,
"(sa{sv})sa{ss}us",
"system-bus-name", 1, "name", "s", sender,
action,
0,
interactive ? 1 : 0,
"");
if (r < 0)
return r;
q = new0(AsyncPolkitQuery, 1);
if (!q)
return -ENOMEM;
q->request = sd_bus_message_ref(m);
q->callback = callback;
q->userdata = userdata;
r = hashmap_put(*registry, m, q);
if (r < 0) {
async_polkit_query_free(bus, q);
return r;
}
r = sd_bus_send_with_reply(bus, pk, async_polkit_callback, q, 0, &q->serial);
if (r < 0)
return r;
return 0;
#endif
return -EACCES;
}