dbus-sysdeps-unix.c 127 KB
Newer Older
1
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2
/* dbus-sysdeps-unix.c Wrappers around UNIX system/libc features (internal to D-Bus implementation)
3
 *
4 5 6 7
 * Copyright (C) 2002, 2003, 2006  Red Hat, Inc.
 * Copyright (C) 2003 CodeFactory AB
 *
 * Licensed under the Academic Free License version 2.1
8
 *
9 10 11 12 13 14 15 16 17
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
18
 *
19 20
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
21
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
22 23 24
 *
 */

25
#include <config.h>
26

27 28
#include "dbus-internals.h"
#include "dbus-sysdeps.h"
29
#include "dbus-sysdeps-unix.h"
30 31
#include "dbus-threads.h"
#include "dbus-protocol.h"
32
#include "dbus-file.h"
33
#include "dbus-transport.h"
34
#include "dbus-string.h"
35 36
#include "dbus-userdb.h"
#include "dbus-list.h"
37
#include "dbus-credentials.h"
38
#include "dbus-nonce.h"
39

40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
#include <sys/types.h>
#include <stdlib.h>
#include <string.h>
#include <signal.h>
#include <unistd.h>
#include <stdio.h>
#include <fcntl.h>
#include <sys/socket.h>
#include <dirent.h>
#include <sys/un.h>
#include <pwd.h>
#include <time.h>
#include <locale.h>
#include <sys/time.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <netinet/in.h>
57
#include <netinet/tcp.h>
58 59
#include <netdb.h>
#include <grp.h>
60
#include <arpa/inet.h>
61 62 63 64

#ifdef HAVE_ERRNO_H
#include <errno.h>
#endif
65 66 67
#ifdef HAVE_SYSLOG_H
#include <syslog.h>
#endif
68 69 70 71 72 73 74 75 76 77 78 79
#ifdef HAVE_WRITEV
#include <sys/uio.h>
#endif
#ifdef HAVE_POLL
#include <sys/poll.h>
#endif
#ifdef HAVE_BACKTRACE
#include <execinfo.h>
#endif
#ifdef HAVE_GETPEERUCRED
#include <ucred.h>
#endif
80 81 82
#ifdef HAVE_ALLOCA_H
#include <alloca.h>
#endif
83

84 85 86 87
#ifdef HAVE_ADT
#include <bsm/adt.h>
#endif

88 89 90
#ifdef HAVE_SYSTEMD
#include <systemd/sd-daemon.h>
#endif
91

92 93 94 95
#if !DBUS_USE_SYNC
#include <pthread.h>
#endif

96 97 98 99
#ifndef O_BINARY
#define O_BINARY 0
#endif

100 101
#ifndef AI_ADDRCONFIG
#define AI_ADDRCONFIG 0
102 103
#endif

104 105 106 107
#ifndef HAVE_SOCKLEN_T
#define socklen_t int
#endif

108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139
#if defined (__sun) || defined (__sun__)
/*
 * CMS_SPACE etc. definitions for Solaris < 10, based on
 *   http://mailman.videolan.org/pipermail/vlc-devel/2006-May/024402.html
 * via
 *   http://wiki.opencsw.org/porting-faq#toc10
 *
 * These are only redefined for Solaris, for now: if your OS needs these too,
 * please file a bug. (Or preferably, improve your OS so they're not needed.)
 */

# ifndef CMSG_ALIGN
#   ifdef __sun__
#     define CMSG_ALIGN(len) _CMSG_DATA_ALIGN (len)
#   else
      /* aligning to sizeof (long) is assumed to be portable (fd.o#40235) */
#     define CMSG_ALIGN(len) (((len) + sizeof (long) - 1) & \
                              ~(sizeof (long) - 1))
#   endif
# endif

# ifndef CMSG_SPACE
#   define CMSG_SPACE(len) (CMSG_ALIGN (sizeof (struct cmsghdr)) + \
                            CMSG_ALIGN (len))
# endif

# ifndef CMSG_LEN
#   define CMSG_LEN(len) (CMSG_ALIGN (sizeof (struct cmsghdr)) + (len))
# endif

#endif /* Solaris */

140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214
/**
 * Ensure that the standard file descriptors stdin, stdout and stderr
 * are open, by opening /dev/null if necessary.
 *
 * This function does not use DBusError, to avoid calling malloc(), so
 * that it can be used in contexts where an async-signal-safe function
 * is required (for example after fork()). Instead, on failure it sets
 * errno and returns something like "Failed to open /dev/null" in
 * *error_str_p. Callers are expected to combine *error_str_p
 * with _dbus_strerror (errno) to get a full error report.
 *
 * This function can only be called while single-threaded: either during
 * startup of an executable, or after fork().
 */
dbus_bool_t
_dbus_ensure_standard_fds (DBusEnsureStandardFdsFlags   flags,
                           const char                 **error_str_p)
{
  static int const relevant_flag[] = { DBUS_FORCE_STDIN_NULL,
      DBUS_FORCE_STDOUT_NULL,
      DBUS_FORCE_STDERR_NULL };
  /* Should always get replaced with the real error before use */
  const char *error_str = "Failed mysteriously";
  int devnull = -1;
  int saved_errno;
  /* This function relies on the standard fds having their POSIX values. */
  _DBUS_STATIC_ASSERT (STDIN_FILENO == 0);
  _DBUS_STATIC_ASSERT (STDOUT_FILENO == 1);
  _DBUS_STATIC_ASSERT (STDERR_FILENO == 2);
  int i;

  for (i = STDIN_FILENO; i <= STDERR_FILENO; i++)
    {
      /* Because we rely on being single-threaded, and we want the
       * standard fds to not be close-on-exec, we don't set it
       * close-on-exec. */
      if (devnull < i)
        devnull = open ("/dev/null", O_RDWR);

      if (devnull < 0)
        {
          error_str = "Failed to open /dev/null";
          goto out;
        }

      /* We already opened all fds < i, so the only way this assertion
       * could fail is if another thread closed one, and we document
       * this function as not safe for multi-threading. */
      _dbus_assert (devnull >= i);

      if (devnull != i && (flags & relevant_flag[i]) != 0)
        {
          if (dup2 (devnull, i) < 0)
            {
              error_str = "Failed to dup2 /dev/null onto a standard fd";
              goto out;
            }
        }
    }

  error_str = NULL;

out:
  saved_errno = errno;

  if (devnull > STDERR_FILENO)
    close (devnull);

  if (error_str_p != NULL)
    *error_str_p = error_str;

  errno = saved_errno;
  return (error_str == NULL);
}

215 216 217
static dbus_bool_t _dbus_set_fd_nonblocking (int             fd,
                                             DBusError      *error);

218
static dbus_bool_t
219
_dbus_open_socket (int              *fd_p,
220 221
                   int               domain,
                   int               type,
222 223
                   int               protocol,
                   DBusError        *error)
224
{
225 226 227 228 229 230 231
#ifdef SOCK_CLOEXEC
  dbus_bool_t cloexec_done;

  *fd_p = socket (domain, type | SOCK_CLOEXEC, protocol);
  cloexec_done = *fd_p >= 0;

  /* Check if kernel seems to be too old to know SOCK_CLOEXEC */
232
  if (*fd_p < 0 && (errno == EINVAL || errno == EPROTOTYPE))
233 234 235 236 237
#endif
    {
      *fd_p = socket (domain, type, protocol);
    }

238
  if (*fd_p >= 0)
239
    {
240 241 242 243 244 245 246
#ifdef SOCK_CLOEXEC
      if (!cloexec_done)
#endif
        {
          _dbus_fd_set_close_on_exec(*fd_p);
        }

247
      _dbus_verbose ("socket fd %d opened\n", *fd_p);
248 249 250 251 252 253 254 255 256 257 258 259
      return TRUE;
    }
  else
    {
      dbus_set_error(error,
                     _dbus_error_from_errno (errno),
                     "Failed to open socket: %s",
                     _dbus_strerror (errno));
      return FALSE;
    }
}

260 261 262
/**
 * Opens a UNIX domain socket (as in the socket() call).
 * Does not bind the socket.
263 264 265
 *
 * This will set FD_CLOEXEC for the socket returned
 *
266 267 268 269
 * @param fd return location for socket descriptor
 * @param error return location for an error
 * @returns #FALSE if error is set
 */
270
static dbus_bool_t
271 272 273 274
_dbus_open_unix_socket (int              *fd,
                        DBusError        *error)
{
  return _dbus_open_socket(fd, PF_UNIX, SOCK_STREAM, 0, error);
275 276
}

277 278 279 280 281 282 283 284
/**
 * Closes a socket. Should not be used on non-socket
 * file descriptors or handles.
 *
 * @param fd the socket
 * @param error return location for an error
 * @returns #FALSE if error is set
 */
285
dbus_bool_t
286
_dbus_close_socket (DBusSocket        fd,
287 288
                    DBusError        *error)
{
289
  return _dbus_close (fd.fd, error);
290 291
}

292 293 294 295 296 297 298 299 300
/**
 * Like _dbus_read(), but only works on sockets so is
 * available on Windows.
 *
 * @param fd the socket
 * @param buffer string to append data to
 * @param count max amount of data to read
 * @returns number of bytes appended to the string
 */
301
int
302
_dbus_read_socket (DBusSocket        fd,
303 304 305
                   DBusString       *buffer,
                   int               count)
{
306
  return _dbus_read (fd.fd, buffer, count);
307 308
}

309 310 311 312 313 314 315 316 317 318
/**
 * Like _dbus_write(), but only supports sockets
 * and is thus available on Windows.
 *
 * @param fd the file descriptor to write
 * @param buffer the buffer to write data from
 * @param start the first byte in the buffer to write
 * @param len the number of bytes to try to write
 * @returns the number of bytes written or -1 on error
 */
319
int
320
_dbus_write_socket (DBusSocket        fd,
321 322 323 324
                    const DBusString *buffer,
                    int               start,
                    int               len)
{
325
#if HAVE_DECL_MSG_NOSIGNAL
326 327 328 329 330 331 332
  const char *data;
  int bytes_written;

  data = _dbus_string_get_const_data_len (buffer, start, len);

 again:

333
  bytes_written = send (fd.fd, data, len, MSG_NOSIGNAL);
334 335 336 337 338 339 340

  if (bytes_written < 0 && errno == EINTR)
    goto again;

  return bytes_written;

#else
341
  return _dbus_write (fd.fd, buffer, start, len);
342
#endif
343 344
}

345 346 347 348 349 350 351 352 353 354 355 356 357
/**
 * Like _dbus_read_socket() but also tries to read unix fds from the
 * socket. When there are more fds to read than space in the array
 * passed this function will fail with ENOSPC.
 *
 * @param fd the socket
 * @param buffer string to append data to
 * @param count max amount of data to read
 * @param fds array to place read file descriptors in
 * @param n_fds on input space in fds array, on output how many fds actually got read
 * @returns number of bytes appended to string
 */
int
358
_dbus_read_socket_with_unix_fds (DBusSocket        fd,
359 360 361
                                 DBusString       *buffer,
                                 int               count,
                                 int              *fds,
362
                                 unsigned int     *n_fds) {
363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378
#ifndef HAVE_UNIX_FD_PASSING
  int r;

  if ((r = _dbus_read_socket(fd, buffer, count)) < 0)
    return r;

  *n_fds = 0;
  return r;

#else
  int bytes_read;
  int start;
  struct msghdr m;
  struct iovec iov;

  _dbus_assert (count >= 0);
379
  _dbus_assert (*n_fds <= DBUS_MAXIMUM_MESSAGE_UNIX_FDS);
380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407

  start = _dbus_string_get_length (buffer);

  if (!_dbus_string_lengthen (buffer, count))
    {
      errno = ENOMEM;
      return -1;
    }

  _DBUS_ZERO(iov);
  iov.iov_base = _dbus_string_get_data_len (buffer, start, count);
  iov.iov_len = count;

  _DBUS_ZERO(m);
  m.msg_iov = &iov;
  m.msg_iovlen = 1;

  /* Hmm, we have no clue how long the control data will actually be
     that is queued for us. The least we can do is assume that the
     caller knows. Hence let's make space for the number of fds that
     we shall read at max plus the cmsg header. */
  m.msg_controllen = CMSG_SPACE(*n_fds * sizeof(int));

  /* It's probably safe to assume that systems with SCM_RIGHTS also
     know alloca() */
  m.msg_control = alloca(m.msg_controllen);
  memset(m.msg_control, 0, m.msg_controllen);

408 409 410 411 412 413
  /* Do not include the padding at the end when we tell the kernel
   * how much we're willing to receive. This avoids getting
   * the padding filled with additional fds that we weren't expecting,
   * if a (potentially malicious) sender included them. (fd.o #83622) */
  m.msg_controllen = CMSG_LEN (*n_fds * sizeof(int));

414 415
 again:

416
  bytes_read = recvmsg (fd.fd, &m, 0
417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452
#ifdef MSG_CMSG_CLOEXEC
                       |MSG_CMSG_CLOEXEC
#endif
                       );

  if (bytes_read < 0)
    {
      if (errno == EINTR)
        goto again;
      else
        {
          /* put length back (note that this doesn't actually realloc anything) */
          _dbus_string_set_length (buffer, start);
          return -1;
        }
    }
  else
    {
      struct cmsghdr *cm;
      dbus_bool_t found = FALSE;

      if (m.msg_flags & MSG_CTRUNC)
        {
          /* Hmm, apparently the control data was truncated. The bad
             thing is that we might have completely lost a couple of fds
             without chance to recover them. Hence let's treat this as a
             serious error. */

          errno = ENOSPC;
          _dbus_string_set_length (buffer, start);
          return -1;
        }

      for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm))
        if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS)
          {
453 454 455 456 457 458
            size_t i;
            int *payload = (int *) CMSG_DATA (cm);
            size_t payload_len_bytes = (cm->cmsg_len - CMSG_LEN (0));
            size_t payload_len_fds = payload_len_bytes / sizeof (int);
            size_t fds_to_use;

459
            /* Every unsigned int fits in a size_t without truncation, so
460
             * casting (size_t) *n_fds is OK */
461
            _DBUS_STATIC_ASSERT (sizeof (size_t) >= sizeof (unsigned int));
462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485

            if (_DBUS_LIKELY (payload_len_fds <= (size_t) *n_fds))
              {
                /* The fds in the payload will fit in our buffer */
                fds_to_use = payload_len_fds;
              }
            else
              {
                /* Too many fds in the payload. This shouldn't happen
                 * any more because we're setting m.msg_controllen to
                 * the exact number we can accept, but be safe and
                 * truncate. */
                fds_to_use = (size_t) *n_fds;

                /* Close the excess fds to avoid DoS: if they stayed open,
                 * someone could send us an extra fd per message
                 * and we'd eventually run out. */
                for (i = fds_to_use; i < payload_len_fds; i++)
                  {
                    close (payload[i]);
                  }
              }

            memcpy (fds, payload, fds_to_use * sizeof (int));
486
            found = TRUE;
487 488
            /* This narrowing cast from size_t to unsigned int cannot
             * overflow because we have chosen fds_to_use
489
             * to be <= *n_fds */
490
            *n_fds = (unsigned int) fds_to_use;
491 492 493 494

            /* Linux doesn't tell us whether MSG_CMSG_CLOEXEC actually
               worked, hence we need to go through this list and set
               CLOEXEC everywhere in any case */
495
            for (i = 0; i < fds_to_use; i++)
496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517
              _dbus_fd_set_close_on_exec(fds[i]);

            break;
          }

      if (!found)
        *n_fds = 0;

      /* put length back (doesn't actually realloc) */
      _dbus_string_set_length (buffer, start + bytes_read);

#if 0
      if (bytes_read > 0)
        _dbus_verbose_bytes_of_string (buffer, start, bytes_read);
#endif

      return bytes_read;
    }
#endif
}

int
518
_dbus_write_socket_with_unix_fds(DBusSocket        fd,
519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538
                                 const DBusString *buffer,
                                 int               start,
                                 int               len,
                                 const int        *fds,
                                 int               n_fds) {

#ifndef HAVE_UNIX_FD_PASSING

  if (n_fds > 0) {
    errno = ENOTSUP;
    return -1;
  }

  return _dbus_write_socket(fd, buffer, start, len);
#else
  return _dbus_write_socket_with_unix_fds_two(fd, buffer, start, len, NULL, 0, 0, fds, n_fds);
#endif
}

int
539
_dbus_write_socket_with_unix_fds_two(DBusSocket        fd,
540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598
                                     const DBusString *buffer1,
                                     int               start1,
                                     int               len1,
                                     const DBusString *buffer2,
                                     int               start2,
                                     int               len2,
                                     const int        *fds,
                                     int               n_fds) {

#ifndef HAVE_UNIX_FD_PASSING

  if (n_fds > 0) {
    errno = ENOTSUP;
    return -1;
  }

  return _dbus_write_socket_two(fd,
                                buffer1, start1, len1,
                                buffer2, start2, len2);
#else

  struct msghdr m;
  struct cmsghdr *cm;
  struct iovec iov[2];
  int bytes_written;

  _dbus_assert (len1 >= 0);
  _dbus_assert (len2 >= 0);
  _dbus_assert (n_fds >= 0);

  _DBUS_ZERO(iov);
  iov[0].iov_base = (char*) _dbus_string_get_const_data_len (buffer1, start1, len1);
  iov[0].iov_len = len1;

  if (buffer2)
    {
      iov[1].iov_base = (char*) _dbus_string_get_const_data_len (buffer2, start2, len2);
      iov[1].iov_len = len2;
    }

  _DBUS_ZERO(m);
  m.msg_iov = iov;
  m.msg_iovlen = buffer2 ? 2 : 1;

  if (n_fds > 0)
    {
      m.msg_controllen = CMSG_SPACE(n_fds * sizeof(int));
      m.msg_control = alloca(m.msg_controllen);
      memset(m.msg_control, 0, m.msg_controllen);

      cm = CMSG_FIRSTHDR(&m);
      cm->cmsg_level = SOL_SOCKET;
      cm->cmsg_type = SCM_RIGHTS;
      cm->cmsg_len = CMSG_LEN(n_fds * sizeof(int));
      memcpy(CMSG_DATA(cm), fds, n_fds * sizeof(int));
    }

 again:

599
  bytes_written = sendmsg (fd.fd, &m, 0
600
#if HAVE_DECL_MSG_NOSIGNAL
601 602 603 604 605 606 607 608 609 610 611 612 613 614
                           |MSG_NOSIGNAL
#endif
                           );

  if (bytes_written < 0 && errno == EINTR)
    goto again;

#if 0
  if (bytes_written > 0)
    _dbus_verbose_bytes_of_string (buffer, start, bytes_written);
#endif

  return bytes_written;
#endif
615 616
}

617 618 619
/**
 * Like _dbus_write_two() but only works on sockets and is thus
 * available on Windows.
620
 *
621 622 623 624 625 626 627 628 629
 * @param fd the file descriptor
 * @param buffer1 first buffer
 * @param start1 first byte to write in first buffer
 * @param len1 number of bytes to write from first buffer
 * @param buffer2 second buffer, or #NULL
 * @param start2 first byte to write in second buffer
 * @param len2 number of bytes to write in second buffer
 * @returns total bytes written from both buffers, or -1 on error
 */
630
int
631
_dbus_write_socket_two (DBusSocket        fd,
632 633 634 635 636 637 638
                        const DBusString *buffer1,
                        int               start1,
                        int               len1,
                        const DBusString *buffer2,
                        int               start2,
                        int               len2)
{
639
#if HAVE_DECL_MSG_NOSIGNAL
640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667
  struct iovec vectors[2];
  const char *data1;
  const char *data2;
  int bytes_written;
  struct msghdr m;

  _dbus_assert (buffer1 != NULL);
  _dbus_assert (start1 >= 0);
  _dbus_assert (start2 >= 0);
  _dbus_assert (len1 >= 0);
  _dbus_assert (len2 >= 0);

  data1 = _dbus_string_get_const_data_len (buffer1, start1, len1);

  if (buffer2 != NULL)
    data2 = _dbus_string_get_const_data_len (buffer2, start2, len2);
  else
    {
      data2 = NULL;
      start2 = 0;
      len2 = 0;
    }

  vectors[0].iov_base = (char*) data1;
  vectors[0].iov_len = len1;
  vectors[1].iov_base = (char*) data2;
  vectors[1].iov_len = len2;

668
  _DBUS_ZERO(m);
669 670 671 672 673
  m.msg_iov = vectors;
  m.msg_iovlen = data2 ? 2 : 1;

 again:

674
  bytes_written = sendmsg (fd.fd, &m, MSG_NOSIGNAL);
675 676 677 678 679 680 681

  if (bytes_written < 0 && errno == EINTR)
    goto again;

  return bytes_written;

#else
682
  return _dbus_write_two (fd.fd, buffer1, start1, len1,
683
                          buffer2, start2, len2);
684
#endif
685 686
}

687 688 689 690 691
/**
 * Thin wrapper around the read() system call that appends
 * the data it reads to the DBusString buffer. It appends
 * up to the given count, and returns the same value
 * and same errno as read(). The only exception is that
692
 * _dbus_read() handles EINTR for you. Also, _dbus_read() can
693 694
 * return ENOMEM, even though regular UNIX read doesn't.
 *
695 696
 * Unlike _dbus_read_socket(), _dbus_read() is not available
 * on Windows.
697
 *
698 699 700 701 702 703 704 705 706 707 708 709 710 711 712
 * @param fd the file descriptor to read from
 * @param buffer the buffer to append data to
 * @param count the amount of data to read
 * @returns the number of bytes read or -1
 */
int
_dbus_read (int               fd,
            DBusString       *buffer,
            int               count)
{
  int bytes_read;
  int start;
  char *data;

  _dbus_assert (count >= 0);
713

714 715 716 717 718 719 720 721 722 723 724
  start = _dbus_string_get_length (buffer);

  if (!_dbus_string_lengthen (buffer, count))
    {
      errno = ENOMEM;
      return -1;
    }

  data = _dbus_string_get_data_len (buffer, start, count);

 again:
725

726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747
  bytes_read = read (fd, data, count);

  if (bytes_read < 0)
    {
      if (errno == EINTR)
        goto again;
      else
        {
          /* put length back (note that this doesn't actually realloc anything) */
          _dbus_string_set_length (buffer, start);
          return -1;
        }
    }
  else
    {
      /* put length back (doesn't actually realloc) */
      _dbus_string_set_length (buffer, start + bytes_read);

#if 0
      if (bytes_read > 0)
        _dbus_verbose_bytes_of_string (buffer, start, bytes_read);
#endif
748

749 750 751 752 753 754 755
      return bytes_read;
    }
}

/**
 * Thin wrapper around the write() system call that writes a part of a
 * DBusString and handles EINTR for you.
756
 *
757 758 759 760 761 762 763 764 765 766 767 768 769 770
 * @param fd the file descriptor to write
 * @param buffer the buffer to write data from
 * @param start the first byte in the buffer to write
 * @param len the number of bytes to try to write
 * @returns the number of bytes written or -1 on error
 */
int
_dbus_write (int               fd,
             const DBusString *buffer,
             int               start,
             int               len)
{
  const char *data;
  int bytes_written;
771

772
  data = _dbus_string_get_const_data_len (buffer, start, len);
773

774 775 776 777 778 779 780 781 782 783 784
 again:

  bytes_written = write (fd, data, len);

  if (bytes_written < 0 && errno == EINTR)
    goto again;

#if 0
  if (bytes_written > 0)
    _dbus_verbose_bytes_of_string (buffer, start, bytes_written);
#endif
785

786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822
  return bytes_written;
}

/**
 * Like _dbus_write() but will use writev() if possible
 * to write both buffers in sequence. The return value
 * is the number of bytes written in the first buffer,
 * plus the number written in the second. If the first
 * buffer is written successfully and an error occurs
 * writing the second, the number of bytes in the first
 * is returned (i.e. the error is ignored), on systems that
 * don't have writev. Handles EINTR for you.
 * The second buffer may be #NULL.
 *
 * @param fd the file descriptor
 * @param buffer1 first buffer
 * @param start1 first byte to write in first buffer
 * @param len1 number of bytes to write from first buffer
 * @param buffer2 second buffer, or #NULL
 * @param start2 first byte to write in second buffer
 * @param len2 number of bytes to write in second buffer
 * @returns total bytes written from both buffers, or -1 on error
 */
int
_dbus_write_two (int               fd,
                 const DBusString *buffer1,
                 int               start1,
                 int               len1,
                 const DBusString *buffer2,
                 int               start2,
                 int               len2)
{
  _dbus_assert (buffer1 != NULL);
  _dbus_assert (start1 >= 0);
  _dbus_assert (start2 >= 0);
  _dbus_assert (len1 >= 0);
  _dbus_assert (len2 >= 0);
823

824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840
#ifdef HAVE_WRITEV
  {
    struct iovec vectors[2];
    const char *data1;
    const char *data2;
    int bytes_written;

    data1 = _dbus_string_get_const_data_len (buffer1, start1, len1);

    if (buffer2 != NULL)
      data2 = _dbus_string_get_const_data_len (buffer2, start2, len2);
    else
      {
        data2 = NULL;
        start2 = 0;
        len2 = 0;
      }
841

842 843 844 845 846 847
    vectors[0].iov_base = (char*) data1;
    vectors[0].iov_len = len1;
    vectors[1].iov_base = (char*) data2;
    vectors[1].iov_len = len2;

  again:
848

849 850 851 852 853 854
    bytes_written = writev (fd,
                            vectors,
                            data2 ? 2 : 1);

    if (bytes_written < 0 && errno == EINTR)
      goto again;
855

856 857 858 859
    return bytes_written;
  }
#else /* HAVE_WRITEV */
  {
860
    int ret1, ret2;
861

862 863 864 865 866 867
    ret1 = _dbus_write (fd, buffer1, start1, len1);
    if (ret1 == len1 && buffer2 != NULL)
      {
        ret2 = _dbus_write (fd, buffer2, start2, len2);
        if (ret2 < 0)
          ret2 = 0; /* we can't report an error as the first write was OK */
868

869 870 871 872 873
        return ret1 + ret2;
      }
    else
      return ret1;
  }
874
#endif /* !HAVE_WRITEV */
875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895
}

#define _DBUS_MAX_SUN_PATH_LENGTH 99

/**
 * @def _DBUS_MAX_SUN_PATH_LENGTH
 *
 * Maximum length of the path to a UNIX domain socket,
 * sockaddr_un::sun_path member. POSIX requires that all systems
 * support at least 100 bytes here, including the nul termination.
 * We use 99 for the max value to allow for the nul.
 *
 * We could probably also do sizeof (addr.sun_path)
 * but this way we are the same on all platforms
 * which is probably a good idea.
 */

/**
 * Creates a socket and connects it to the UNIX domain socket at the
 * given path.  The connection fd is returned, and is set up as
 * nonblocking.
896
 *
897 898 899 900
 * Uses abstract sockets instead of filesystem-linked sockets if
 * requested (it's possible only on Linux; see "man 7 unix" on Linux).
 * On non-Linux abstract socket usage always fails.
 *
901 902
 * This will set FD_CLOEXEC for the socket returned.
 *
903 904 905 906 907 908 909 910 911 912 913 914
 * @param path the path to UNIX domain socket
 * @param abstract #TRUE to use abstract namespace
 * @param error return location for error code
 * @returns connection file descriptor or -1 on error
 */
int
_dbus_connect_unix_socket (const char     *path,
                           dbus_bool_t     abstract,
                           DBusError      *error)
{
  int fd;
  size_t path_len;
915
  struct sockaddr_un addr;
916
  _DBUS_STATIC_ASSERT (sizeof (addr.sun_path) > _DBUS_MAX_SUN_PATH_LENGTH);
917 918 919 920 921

  _DBUS_ASSERT_ERROR_IS_CLEAR (error);

  _dbus_verbose ("connecting to unix socket %s abstract=%d\n",
                 path, abstract);
922 923


924
  if (!_dbus_open_unix_socket (&fd, error))
925
    {
926
      _DBUS_ASSERT_ERROR_IS_SET(error);
927 928
      return -1;
    }
929
  _DBUS_ASSERT_ERROR_IS_CLEAR(error);
930 931 932 933 934 935 936

  _DBUS_ZERO (addr);
  addr.sun_family = AF_UNIX;
  path_len = strlen (path);

  if (abstract)
    {
937
#ifdef __linux__
938 939 940 941 942 943 944 945 946 947
      addr.sun_path[0] = '\0'; /* this is what says "use abstract" */
      path_len++; /* Account for the extra nul byte added to the start of sun_path */

      if (path_len > _DBUS_MAX_SUN_PATH_LENGTH)
        {
          dbus_set_error (error, DBUS_ERROR_BAD_ADDRESS,
                      "Abstract socket name too long\n");
          _dbus_close (fd, NULL);
          return -1;
	}
948

949
      strncpy (&addr.sun_path[1], path, sizeof (addr.sun_path) - 2);
950
      /* _dbus_verbose_bytes (addr.sun_path, sizeof (addr.sun_path)); */
951
#else /* !__linux__ */
952 953 954 955
      dbus_set_error (error, DBUS_ERROR_NOT_SUPPORTED,
                      "Operating system does not support abstract socket namespace\n");
      _dbus_close (fd, NULL);
      return -1;
956
#endif /* !__linux__ */
957 958 959 960 961 962 963 964 965 966 967
    }
  else
    {
      if (path_len > _DBUS_MAX_SUN_PATH_LENGTH)
        {
          dbus_set_error (error, DBUS_ERROR_BAD_ADDRESS,
                      "Socket name too long\n");
          _dbus_close (fd, NULL);
          return -1;
	}

968
      strncpy (addr.sun_path, path, sizeof (addr.sun_path) - 1);
969
    }
970

971
  if (connect (fd, (struct sockaddr*) &addr, _DBUS_STRUCT_OFFSET (struct sockaddr_un, sun_path) + path_len) < 0)
972
    {
973 974 975 976 977 978 979 980 981 982 983 984
      dbus_set_error (error,
                      _dbus_error_from_errno (errno),
                      "Failed to connect to socket %s: %s",
                      path, _dbus_strerror (errno));

      _dbus_close (fd, NULL);
      return -1;
    }

  if (!_dbus_set_fd_nonblocking (fd, error))
    {
      _DBUS_ASSERT_ERROR_IS_SET (error);
985

986 987 988 989 990 991 992
      _dbus_close (fd, NULL);
      return -1;
    }

  return fd;
}

993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011
/**
 * Creates a UNIX domain socket and connects it to the specified
 * process to execute.
 *
 * This will set FD_CLOEXEC for the socket returned.
 *
 * @param path the path to the executable
 * @param argv the argument list for the process to execute.
 * argv[0] typically is identical to the path of the executable
 * @param error return location for error code
 * @returns connection file descriptor or -1 on error
 */
int
_dbus_connect_exec (const char     *path,
                    char *const    argv[],
                    DBusError      *error)
{
  int fds[2];
  pid_t pid;
1012 1013
  int retval;
  dbus_bool_t cloexec_done = 0;
1014 1015 1016 1017 1018 1019

  _DBUS_ASSERT_ERROR_IS_CLEAR (error);

  _dbus_verbose ("connecting to process %s\n", path);

#ifdef SOCK_CLOEXEC
1020 1021 1022
  retval = socketpair (AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0, fds);
  cloexec_done = (retval >= 0);

1023
  if (retval < 0 && (errno == EINVAL || errno == EPROTOTYPE))
1024
#endif
1025 1026 1027 1028 1029
    {
      retval = socketpair (AF_UNIX, SOCK_STREAM, 0, fds);
    }

  if (retval < 0)
1030 1031 1032 1033 1034 1035 1036 1037
    {
      dbus_set_error (error,
                      _dbus_error_from_errno (errno),
                      "Failed to create socket pair: %s",
                      _dbus_strerror (errno));
      return -1;
    }

1038 1039 1040 1041 1042
  if (!cloexec_done)
    {
      _dbus_fd_set_close_on_exec (fds[0]);
      _dbus_fd_set_close_on_exec (fds[1]);
    }
1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072

  pid = fork ();
  if (pid < 0)
    {
      dbus_set_error (error,
                      _dbus_error_from_errno (errno),
                      "Failed to fork() to call %s: %s",
                      path, _dbus_strerror (errno));
      close (fds[0]);
      close (fds[1]);
      return -1;
    }

  if (pid == 0)
    {
      /* child */
      close (fds[0]);

      dup2 (fds[1], STDIN_FILENO);
      dup2 (fds[1], STDOUT_FILENO);

      if (fds[1] != STDIN_FILENO &&
          fds[1] != STDOUT_FILENO)
        close (fds[1]);

      /* Inherit STDERR and the controlling terminal from the
         parent */

      _dbus_close_all ();

Simon McVittie's avatar
Simon McVittie committed
1073
      execvp (path, (char * const *) argv);
1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093

      fprintf (stderr, "Failed to execute process %s: %s\n", path, _dbus_strerror (errno));

      _exit(1);
    }

  /* parent */
  close (fds[1]);

  if (!_dbus_set_fd_nonblocking (fds[0], error))
    {
      _DBUS_ASSERT_ERROR_IS_SET (error);

      close (fds[0]);
      return -1;
    }

  return fds[0];
}

1094 1095 1096 1097 1098 1099 1100 1101 1102 1103
/**
 * Creates a socket and binds it to the given path,
 * then listens on the socket. The socket is
 * set to be nonblocking.
 *
 * Uses abstract sockets instead of filesystem-linked
 * sockets if requested (it's possible only on Linux;
 * see "man 7 unix" on Linux).
 * On non-Linux abstract socket usage always fails.
 *
1104 1105
 * This will set FD_CLOEXEC for the socket returned
 *
1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118
 * @param path the socket name
 * @param abstract #TRUE to use abstract namespace
 * @param error return location for errors
 * @returns the listening file descriptor or -1 on error
 */
int
_dbus_listen_unix_socket (const char     *path,
                          dbus_bool_t     abstract,
                          DBusError      *error)
{
  int listen_fd;
  struct sockaddr_un addr;
  size_t path_len;
1119
  _DBUS_STATIC_ASSERT (sizeof (addr.sun_path) > _DBUS_MAX_SUN_PATH_LENGTH);
1120 1121 1122 1123 1124

  _DBUS_ASSERT_ERROR_IS_CLEAR (error);

  _dbus_verbose ("listening on unix socket %s abstract=%d\n",
                 path, abstract);
1125

1126
  if (!_dbus_open_unix_socket (&listen_fd, error))
1127
    {
1128
      _DBUS_ASSERT_ERROR_IS_SET(error);
1129 1130
      return -1;
    }
1131
  _DBUS_ASSERT_ERROR_IS_CLEAR(error);
1132 1133 1134 1135

  _DBUS_ZERO (addr);
  addr.sun_family = AF_UNIX;
  path_len = strlen (path);
1136

1137 1138
  if (abstract)
    {
1139
#ifdef __linux__
1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152
      /* remember that abstract names aren't nul-terminated so we rely
       * on sun_path being filled in with zeroes above.
       */
      addr.sun_path[0] = '\0'; /* this is what says "use abstract" */
      path_len++; /* Account for the extra nul byte added to the start of sun_path */

      if (path_len > _DBUS_MAX_SUN_PATH_LENGTH)
        {
          dbus_set_error (error, DBUS_ERROR_BAD_ADDRESS,
                      "Abstract socket name too long\n");
          _dbus_close (listen_fd, NULL);
          return -1;
	}
1153

1154
      strncpy (&addr.sun_path[1], path, sizeof (addr.sun_path) - 2);
1155
      /* _dbus_verbose_bytes (addr.sun_path, sizeof (addr.sun_path)); */
1156
#else /* !__linux__ */
1157 1158 1159 1160
      dbus_set_error (error, DBUS_ERROR_NOT_SUPPORTED,
                      "Operating system does not support abstract socket namespace\n");
      _dbus_close (listen_fd, NULL);
      return -1;
1161
#endif /* !__linux__ */
1162 1163 1164
    }
  else
    {
1165
      /* Discussed security implications of this with Nalin,
1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185
       * and we couldn't think of where it would kick our ass, but
       * it still seems a bit sucky. It also has non-security suckage;
       * really we'd prefer to exit if the socket is already in use.
       * But there doesn't seem to be a good way to do this.
       *
       * Just to be extra careful, I threw in the stat() - clearly
       * the stat() can't *fix* any security issue, but it at least
       * avoids inadvertent/accidental data loss.
       */
      {
        struct stat sb;

        if (stat (path, &sb) == 0 &&
            S_ISSOCK (sb.st_mode))
          unlink (path);
      }

      if (path_len > _DBUS_MAX_SUN_PATH_LENGTH)
        {
          dbus_set_error (error, DBUS_ERROR_BAD_ADDRESS,
Antoine Jacoutot's avatar
Antoine Jacoutot committed
1186
                      "Socket name too long\n");
1187 1188 1189
          _dbus_close (listen_fd, NULL);
          return -1;
	}
1190

1191
      strncpy (addr.sun_path, path, sizeof (addr.sun_path) - 1);
1192
    }
1193

1194 1195 1196 1197 1198 1199 1200 1201 1202
  if (bind (listen_fd, (struct sockaddr*) &addr, _DBUS_STRUCT_OFFSET (struct sockaddr_un, sun_path) + path_len) < 0)
    {
      dbus_set_error (error, _dbus_error_from_errno (errno),
                      "Failed to bind socket \"%s\": %s",
                      path, _dbus_strerror (errno));
      _dbus_close (listen_fd, NULL);
      return -1;
    }

1203
  if (listen (listen_fd, SOMAXCONN /* backlog */) < 0)
1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217
    {
      dbus_set_error (error, _dbus_error_from_errno (errno),
                      "Failed to listen on socket \"%s\": %s",
                      path, _dbus_strerror (errno));
      _dbus_close (listen_fd, NULL);
      return -1;
    }

  if (!_dbus_set_fd_nonblocking (listen_fd, error))
    {
      _DBUS_ASSERT_ERROR_IS_SET (error);
      _dbus_close (listen_fd, NULL);
      return -1;
    }
1218

1219 1220 1221 1222
  /* Try opening up the permissions, but if we can't, just go ahead
   * and continue, maybe it will be good enough.
   */
  if (!abstract && chmod (path, 0777) < 0)
1223
    _dbus_warn ("Could not set mode 0777 on socket %s", path);
1224

1225 1226 1227 1228
  return listen_fd;
}

/**
1229 1230 1231 1232 1233
 * Acquires one or more sockets passed in from systemd. The sockets
 * are set to be nonblocking.
 *
 * This will set FD_CLOEXEC for the sockets returned.
 *
1234
 * @param fds the file descriptors
1235 1236 1237 1238
 * @param error return location for errors
 * @returns the number of file descriptors
 */
int
1239 1240
_dbus_listen_systemd_sockets (DBusSocket **fds,
                              DBusError   *error)
1241
{
1242
#ifdef HAVE_SYSTEMD
1243
  int r, n;
1244
  int fd;
1245
  DBusSocket *new_fds;
1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286

  _DBUS_ASSERT_ERROR_IS_CLEAR (error);

  n = sd_listen_fds (TRUE);
  if (n < 0)
    {
      dbus_set_error (error, _dbus_error_from_errno (-n),
                      "Failed to acquire systemd socket: %s",
                      _dbus_strerror (-n));
      return -1;
    }

  if (n <= 0)
    {
      dbus_set_error (error, DBUS_ERROR_BAD_ADDRESS,
                      "No socket received.");
      return -1;
    }

  for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd ++)
    {
      r = sd_is_socket (fd, AF_UNSPEC, SOCK_STREAM, 1);
      if (r < 0)
        {
          dbus_set_error (error, _dbus_error_from_errno (-r),
                          "Failed to verify systemd socket type: %s",
                          _dbus_strerror (-r));
          return -1;
        }

      if (!r)
        {
          dbus_set_error (error, DBUS_ERROR_BAD_ADDRESS,
                          "Passed socket has wrong type.");
          return -1;
        }
    }

  /* OK, the file descriptors are all good, so let's take posession of
     them then. */

1287
  new_fds = dbus_new (DBusSocket, n);
1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302
  if (!new_fds)
    {
      dbus_set_error (error, DBUS_ERROR_NO_MEMORY,
                      "Failed to allocate file handle array.");
      goto fail;
    }

  for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd ++)
    {
      if (!_dbus_set_fd_nonblocking (fd, error))
        {
          _DBUS_ASSERT_ERROR_IS_SET (error);
          goto fail;
        }

1303
      new_fds[fd - SD_LISTEN_FDS_START].fd = fd;
1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317
    }

  *fds = new_fds;
  return n;

 fail:

  for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd ++)
    {
      _dbus_close (fd, NULL);
    }

  dbus_free (new_fds);
  return -1;
1318 1319 1320 1321 1322
#else
  dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED,
                        "dbus was compiled without systemd support");
  return -1;
#endif
1323 1324
}

1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374
/* Convert an error code from getaddrinfo() or getnameinfo() into
 * a D-Bus error name. */
static const char *
_dbus_error_from_gai (int gai_res,
                      int saved_errno)
{
  switch (gai_res)
    {
#ifdef EAI_FAMILY
      case EAI_FAMILY:
        /* ai_family not supported (at all) */
        return DBUS_ERROR_NOT_SUPPORTED;
#endif

#ifdef EAI_SOCKTYPE
      case EAI_SOCKTYPE:
        /* ai_socktype not supported (at all) */
        return DBUS_ERROR_NOT_SUPPORTED;
#endif

#ifdef EAI_MEMORY
      case EAI_MEMORY:
        /* Out of memory */
        return DBUS_ERROR_NO_MEMORY;
#endif

#ifdef EAI_SYSTEM
      case EAI_SYSTEM:
        /* Unspecified system error, details in errno */
        return _dbus_error_from_errno (saved_errno);
#endif

      case 0:
        /* It succeeded, but we didn't get any addresses? */
        return DBUS_ERROR_FAILED;

      /* EAI_AGAIN: Transient failure */
      /* EAI_BADFLAGS: invalid ai_flags (programming error) */
      /* EAI_FAIL: Non-recoverable failure */
      /* EAI_NODATA: host exists but has no addresses */
      /* EAI_NONAME: host does not exist */
      /* EAI_OVERFLOW: argument buffer overflow */
      /* EAI_SERVICE: service not available for specified socket
       * type (we should never see this because we use numeric
       * ports) */
      default:
        return DBUS_ERROR_FAILED;
    }
}

1375 1376
/**
 * Creates a socket and connects to a socket at the given host
1377 1378 1379
 * and port. The connection fd is returned, and is set up as
 * nonblocking.
 *
1380 1381
 * This will set FD_CLOEXEC for the socket returned
 *
1382
 * @param host the host name to connect to
1383 1384
 * @param port the port to connect to
 * @param family the address family to listen on, NULL for all
1385 1386 1387
 * @param error return location for error code
 * @returns connection file descriptor or -1 on error
 */
1388
DBusSocket
1389
_dbus_connect_tcp_socket (const char     *host,
1390 1391
                          const char     *port,
                          const char     *family,
1392
                          DBusError      *error)
1393 1394 1395 1396
{
    return _dbus_connect_tcp_socket_with_nonce (host, port, family, (const char*)NULL, error);
}

1397
DBusSocket
1398 1399 1400 1401 1402
_dbus_connect_tcp_socket_with_nonce (const char     *host,
                                     const char     *port,
                                     const char     *family,
                                     const char     *noncefile,
                                     DBusError      *error)
1403
{
1404
  int saved_errno = 0;
1405 1406
  DBusSocket fd = DBUS_SOCKET_INIT;
  int res;
1407 1408
  struct addrinfo hints;
  struct addrinfo *ai, *tmp;
1409

1410
  _DBUS_ASSERT_ERROR_IS_CLEAR(error);
1411

1412 1413 1414 1415 1416 1417 1418 1419 1420
  _DBUS_ZERO (hints);

  if (!family)
    hints.ai_family = AF_UNSPEC;
  else if (!strcmp(family, "ipv4"))
    hints.ai_family = AF_INET;
  else if (!strcmp(family, "ipv6"))
    hints.ai_family = AF_INET6;
  else
1421 1422
    {
      dbus_set_error (error,
1423
                      DBUS_ERROR_BAD_ADDRESS,
1424
                      "Unknown address family %s", family);
1425
      return _dbus_socket_get_invalid ();
1426
    }
1427 1428 1429
  hints.ai_protocol = IPPROTO_TCP;
  hints.ai_socktype = SOCK_STREAM;
  hints.ai_flags = AI_ADDRCONFIG;
1430

1431 1432
  if ((res = getaddrinfo(host, port, &hints, &ai)) != 0)
    {
1433
      dbus_set_error (error,
1434
                      _dbus_error_from_gai (res, errno),
1435 1436
                      "Failed to lookup host/port: \"%s:%s\": %s (%d)",
                      host, port, gai_strerror(res), res);
1437
      return _dbus_socket_get_invalid ();
1438 1439
    }

1440 1441 1442
  tmp = ai;
  while (tmp)
    {
1443
      if (!_dbus_open_socket (&fd.fd, tmp->ai_family, SOCK_STREAM, 0, error))
1444 1445 1446
        {
          freeaddrinfo(ai);
          _DBUS_ASSERT_ERROR_IS_SET(error);
1447
          return _dbus_socket_get_invalid ();
1448 1449 1450
        }
      _DBUS_ASSERT_ERROR_IS_CLEAR(error);

1451
      if (connect (fd.fd, (struct sockaddr*) tmp->ai_addr, tmp->ai_addrlen) < 0)
1452
        {
1453
          saved_errno = errno;
1454 1455
          _dbus_close (fd.fd, NULL);
          fd.fd = -1;
1456 1457 1458 1459 1460 1461 1462 1463
          tmp = tmp->ai_next;
          continue;
        }

      break;
    }
  freeaddrinfo(ai);

1464
  if (fd.fd == -1)
1465 1466
    {
      dbus_set_error (error,
1467
                      _dbus_error_from_errno (saved_errno),
1468
                      "Failed to connect to socket \"%s:%s\" %s",
1469
                      host, port, _dbus_strerror(saved_errno));
1470
      return _dbus_socket_get_invalid ();
1471 1472
    }

1473 1474 1475 1476 1477 1478 1479
  if (noncefile != NULL)
    {
      DBusString noncefileStr;
      dbus_bool_t ret;
      _dbus_string_init_const (&noncefileStr, noncefile);
      ret = _dbus_send_nonce (fd, &noncefileStr, error);
      _dbus_string_free (&noncefileStr);
1480

1481
      if (!ret)
1482 1483 1484
        {
          _dbus_close (fd.fd, NULL);
          return _dbus_socket_get_invalid ();
1485 1486
        }
    }
1487

1488
  if (!_dbus_set_fd_nonblocking (fd.fd, error))
1489
    {
1490 1491
      _dbus_close (fd.fd, NULL);
      return _dbus_socket_get_invalid ();
1492 1493 1494 1495 1496 1497
    }

  return fd;
}

/**
1498 1499 1500 1501
 * Creates a socket and binds it to the given path, then listens on
 * the socket. The socket is set to be nonblocking.  In case of port=0
 * a random free port is used and returned in the port parameter.
 * If inaddr_any is specified, the hostname is ignored.
1502
 *
1503 1504
 * This will set FD_CLOEXEC for the socket returned
 *
1505
 * @param host the host name to listen on
1506 1507 1508 1509
 * @param port the port to listen on, if zero a free port will be used
 * @param family the address family to listen on, NULL for all
 * @param retport string to return the actual port listened on
 * @param fds_p location to store returned file descriptors
1510
 * @param error return location for errors
1511
 * @returns the number of listening file descriptors or -1 on error
1512 1513 1514
 */
int
_dbus_listen_tcp_socket (const char     *host,
1515 1516 1517
                         const char     *port,
                         const char     *family,
                         DBusString     *retport,
1518
                         DBusSocket    **fds_p,
1519 1520
                         DBusError      *error)
{
1521
  int saved_errno;
1522 1523
  int nlisten_fd = 0, res, i;
  DBusSocket *listen_fd = NULL;
1524 1525
  struct addrinfo hints;
  struct addrinfo *ai, *tmp;
1526
  unsigned int reuseaddr;
1527

1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539
  *fds_p = NULL;
  _DBUS_ASSERT_ERROR_IS_CLEAR (error);

  _DBUS_ZERO (hints);

  if (!family)
    hints.ai_family = AF_UNSPEC;
  else if (!strcmp(family, "ipv4"))
    hints.ai_family = AF_INET;
  else if (!strcmp(family, "ipv6"))
    hints.ai_family = AF_INET6;
  else
1540
    {
1541
      dbus_set_error (error,
1542
                      DBUS_ERROR_BAD_ADDRESS,
1543
                      "Unknown address family %s", family);
1544 1545 1546
      return -1;
    }

1547 1548 1549 1550 1551
  hints.ai_protocol = IPPROTO_TCP;
  hints.ai_socktype = SOCK_STREAM;
  hints.ai_flags = AI_ADDRCONFIG | AI_PASSIVE;

 redo_lookup_with_port:
1552
  ai = NULL;
1553
  if ((res = getaddrinfo(host, port, &hints, &ai)) != 0 || !ai)
1554
    {
1555
      dbus_set_error (error,
1556
                      _dbus_error_from_gai (res, errno),
1557 1558
                      "Failed to lookup host/port: \"%s:%s\": %s (%d)",
                      host ? host : "*", port, gai_strerror(res), res);
1559
      goto failed;
1560
    }
1561 1562 1563

  tmp = ai;
  while (tmp)
1564
    {
1565 1566 1567
      int fd = -1, tcp_nodelay_on;
      DBusSocket *newlisten_fd;

1568 1569 1570 1571 1572 1573
      if (!_dbus_open_socket (&fd, tmp->ai_family, SOCK_STREAM, 0, error))
        {
          _DBUS_ASSERT_ERROR_IS_SET(error);
          goto failed;
        }
      _DBUS_ASSERT_ERROR_IS_CLEAR(error);
1574

1575 1576 1577
      reuseaddr = 1;
      if (setsockopt (fd, SOL_SOCKET, SO_REUSEADDR, &reuseaddr, sizeof(reuseaddr))==-1)
        {
1578 1579
          _dbus_warn ("Failed to set socket option \"%s:%s\": %s",
                      host ? host : "*", port, _dbus_strerror (errno));
1580
        }
1581 1582 1583 1584 1585 1586 1587 1588 1589

      /* Nagle's algorithm imposes a huge delay on the initial messages
         going over TCP. */
      tcp_nodelay_on = 1;
      if (setsockopt (fd, IPPROTO_TCP, TCP_NODELAY, &tcp_nodelay_on, sizeof (tcp_nodelay_on)) == -1)
        {
          _dbus_warn ("Failed to set TCP_NODELAY socket option \"%s:%s\": %s",
                      host ? host : "*", port, _dbus_strerror (errno));
        }
1590

1591
      if (bind (fd, (struct sockaddr*) tmp->ai_addr, tmp->ai_addrlen) < 0)
1592
        {
1593
          saved_errno = errno;
1594
          _dbus_close(fd, NULL);
1595
          if (saved_errno == EADDRINUSE)
1596
            {
1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608
              /* Depending on kernel policy, binding to an IPv6 address
                 might implicitly bind to a corresponding IPv4
                 address or vice versa, resulting in EADDRINUSE for the
                 other one (e.g. bindv6only=0 on Linux).

                 Also, after we "goto redo_lookup_with_port" after binding
                 a port on one of the possible addresses, we will
                 try to bind that same port on every address, including the
                 same address again for a second time; that one will
                 also fail with EADDRINUSE.

                 For both those reasons, ignore EADDRINUSE here */
1609 1610 1611
              tmp = tmp->ai_next;
              continue;
            }
1612
          dbus_set_error (error, _dbus_error_from_errno (saved_errno),
1613
                          "Failed to bind socket \"%s:%s\": %s",
1614
                          host ? host : "*", port, _dbus_strerror (saved_errno));
1615
          goto failed;
1616
        }
1617 1618 1619

      if (listen (fd, 30 /* backlog */) < 0)
        {
1620
          saved_errno = errno;
1621
          _dbus_close (fd, NULL);
1622
          dbus_set_error (error, _dbus_error_from_errno (saved_errno),
1623
                          "Failed to listen on socket \"%s:%s\": %s",
1624
                          host ? host : "*", port, _dbus_strerror (saved_errno));
1625 1626 1627
          goto failed;
        }

1628
      newlisten_fd = dbus_realloc(listen_fd, sizeof(DBusSocket)*(nlisten_fd+1));
1629 1630 1631
      if (!newlisten_fd)
        {
          _dbus_close (fd, NULL);
1632 1633
          dbus_set_error (error, DBUS_ERROR_NO_MEMORY,
                          "Failed to allocate file handle array");
1634 1635 1636
          goto failed;
        }
      listen_fd = newlisten_fd;
1637
      listen_fd[nlisten_fd].fd = fd;
1638 1639 1640 1641 1642 1643 1644 1645 1646 1647
      nlisten_fd++;

      if (!_dbus_string_get_length(retport))
        {
          /* If the user didn't specify a port, or used 0, then
             the kernel chooses a port. After the first address
             is bound to, we need to force all remaining addresses
             to use the same port */
          if (!port || !strcmp(port, "0"))
            {
1648
              int result;
1649 1650 1651 1652 1653
              struct sockaddr_storage addr;
              socklen_t addrlen;
              char portbuf[50];

              addrlen = sizeof(addr);
1654
              result = getsockname(fd, (struct sockaddr*) &addr, &addrlen);
1655

1656 1657 1658 1659 1660 1661 1662 1663 1664 1665
              if (result == -1)
                {
                  saved_errno = errno;
                  dbus_set_error (error, _dbus_error_from_errno (saved_errno),
                                  "Failed to retrieve socket name for \"%s:%s\": %s",
                                  host ? host : "*", port, _dbus_strerror (saved_errno));
                  goto failed;
                }

              if ((res = getnameinfo ((struct sockaddr*)&addr, addrlen, NULL, 0,
1666
                                      portbuf, sizeof(portbuf),
1667
                                      NI_NUMERICHOST | NI_NUMERICSERV)) != 0)
1668
                {
1669 1670
                  saved_errno = errno;
                  dbus_set_error (error, _dbus_error_from_gai (res, saved_errno),
1671
                                  "Failed to resolve port \"%s:%s\": %s (%d)",
1672 1673 1674
                                  host ? host : "*", port, gai_strerror(res), res);
                  goto failed;
                }
1675

1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697
              if (!_dbus_string_append(retport, portbuf))
                {
                  dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
                  goto failed;
                }

              /* Release current address list & redo lookup */
              port = _dbus_string_get_const_data(retport);
              freeaddrinfo(ai);
              goto redo_lookup_with_port;
            }
          else
            {
              if (!_dbus_string_append(retport, port))
                {
                    dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
                    goto failed;
                }
            }
        }

      tmp = tmp->ai_next;
1698
    }
1699 1700
  freeaddrinfo(ai);
  ai = NULL;
1701

1702
  if (!nlisten_fd)
1703
    {
1704
      errno = EADDRINUSE;
1705
      dbus_set_error (error, _dbus_error_from_errno (errno),
1706 1707
                      "Failed to bind socket \"%s:%s\": %s",
                      host ? host : "*", port, _dbus_strerror (errno));
1708
      goto failed;
1709 1710
    }

1711
  for (i = 0 ; i < nlisten_fd ; i++)
1712
    {
1713
      if (!_dbus_set_fd_nonblocking (listen_fd[i].fd, error))
1714 1715 1716
        {
          goto failed;
        }
1717 1718
    }

1719
  *fds_p = listen_fd;
1720

1721 1722 1723 1724 1725 1726
  return nlisten_fd;

 failed:
  if (ai)
    freeaddrinfo(ai);
  for (i = 0 ; i < nlisten_fd ; i++)
1727
    _dbus_close(listen_fd[i].fd, NULL);
1728 1729
  dbus_free(listen_fd);
  return -1;
1730 1731 1732 1733 1734 1735 1736 1737
}

static dbus_bool_t
write_credentials_byte (int             server_fd,
                        DBusError      *error)
{
  int bytes_written;
  char buf[1] = { '\0' };
1738
#if defined(HAVE_CMSGCRED)
1739
  union {
1740
	  struct cmsghdr hdr;
1741
	  char cred[CMSG_SPACE (sizeof (struct cmsgcred))];
1742 1743 1744 1745 1746 1747
  } cmsg;
  struct iovec iov;
  struct msghdr msg;
  iov.iov_base = buf;
  iov.iov_len = 1;