dbus-sysdeps-unix.c 125 KB
Newer Older
1
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2
/* dbus-sysdeps-unix.c Wrappers around UNIX system/libc features (internal to D-Bus implementation)
3
 *
4 5 6 7
 * Copyright (C) 2002, 2003, 2006  Red Hat, Inc.
 * Copyright (C) 2003 CodeFactory AB
 *
 * Licensed under the Academic Free License version 2.1
8
 *
9 10 11 12 13 14 15 16 17
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
18
 *
19 20
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
21
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
22 23 24
 *
 */

25
#include <config.h>
26

27 28
#include "dbus-internals.h"
#include "dbus-sysdeps.h"
29
#include "dbus-sysdeps-unix.h"
30 31
#include "dbus-threads.h"
#include "dbus-protocol.h"
32
#include "dbus-file.h"
33
#include "dbus-transport.h"
34
#include "dbus-string.h"
35 36
#include "dbus-userdb.h"
#include "dbus-list.h"
37
#include "dbus-credentials.h"
Frank Osterfeld's avatar
Frank Osterfeld committed
38
#include "dbus-nonce.h"
39

40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
#include <sys/types.h>
#include <stdlib.h>
#include <string.h>
#include <signal.h>
#include <unistd.h>
#include <stdio.h>
#include <fcntl.h>
#include <sys/socket.h>
#include <dirent.h>
#include <sys/un.h>
#include <pwd.h>
#include <time.h>
#include <locale.h>
#include <sys/time.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <netinet/in.h>
57
#include <netinet/tcp.h>
58 59
#include <netdb.h>
#include <grp.h>
60
#include <arpa/inet.h>
61 62 63 64

#ifdef HAVE_ERRNO_H
#include <errno.h>
#endif
65 66 67
#ifdef HAVE_SYSLOG_H
#include <syslog.h>
#endif
68 69 70 71 72 73 74 75 76 77 78 79
#ifdef HAVE_WRITEV
#include <sys/uio.h>
#endif
#ifdef HAVE_POLL
#include <sys/poll.h>
#endif
#ifdef HAVE_BACKTRACE
#include <execinfo.h>
#endif
#ifdef HAVE_GETPEERUCRED
#include <ucred.h>
#endif
80 81 82
#ifdef HAVE_ALLOCA_H
#include <alloca.h>
#endif
83

84 85 86 87
#ifdef HAVE_ADT
#include <bsm/adt.h>
#endif

88 89 90
#ifdef HAVE_SYSTEMD
#include <systemd/sd-daemon.h>
#endif
91

92 93 94 95
#if !DBUS_USE_SYNC
#include <pthread.h>
#endif

96 97 98 99
#ifndef O_BINARY
#define O_BINARY 0
#endif

100 101
#ifndef AI_ADDRCONFIG
#define AI_ADDRCONFIG 0
102 103
#endif

104 105 106 107
#ifndef HAVE_SOCKLEN_T
#define socklen_t int
#endif

108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139
#if defined (__sun) || defined (__sun__)
/*
 * CMS_SPACE etc. definitions for Solaris < 10, based on
 *   http://mailman.videolan.org/pipermail/vlc-devel/2006-May/024402.html
 * via
 *   http://wiki.opencsw.org/porting-faq#toc10
 *
 * These are only redefined for Solaris, for now: if your OS needs these too,
 * please file a bug. (Or preferably, improve your OS so they're not needed.)
 */

# ifndef CMSG_ALIGN
#   ifdef __sun__
#     define CMSG_ALIGN(len) _CMSG_DATA_ALIGN (len)
#   else
      /* aligning to sizeof (long) is assumed to be portable (fd.o#40235) */
#     define CMSG_ALIGN(len) (((len) + sizeof (long) - 1) & \
                              ~(sizeof (long) - 1))
#   endif
# endif

# ifndef CMSG_SPACE
#   define CMSG_SPACE(len) (CMSG_ALIGN (sizeof (struct cmsghdr)) + \
                            CMSG_ALIGN (len))
# endif

# ifndef CMSG_LEN
#   define CMSG_LEN(len) (CMSG_ALIGN (sizeof (struct cmsghdr)) + (len))
# endif

#endif /* Solaris */

140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214
/**
 * Ensure that the standard file descriptors stdin, stdout and stderr
 * are open, by opening /dev/null if necessary.
 *
 * This function does not use DBusError, to avoid calling malloc(), so
 * that it can be used in contexts where an async-signal-safe function
 * is required (for example after fork()). Instead, on failure it sets
 * errno and returns something like "Failed to open /dev/null" in
 * *error_str_p. Callers are expected to combine *error_str_p
 * with _dbus_strerror (errno) to get a full error report.
 *
 * This function can only be called while single-threaded: either during
 * startup of an executable, or after fork().
 */
dbus_bool_t
_dbus_ensure_standard_fds (DBusEnsureStandardFdsFlags   flags,
                           const char                 **error_str_p)
{
  static int const relevant_flag[] = { DBUS_FORCE_STDIN_NULL,
      DBUS_FORCE_STDOUT_NULL,
      DBUS_FORCE_STDERR_NULL };
  /* Should always get replaced with the real error before use */
  const char *error_str = "Failed mysteriously";
  int devnull = -1;
  int saved_errno;
  /* This function relies on the standard fds having their POSIX values. */
  _DBUS_STATIC_ASSERT (STDIN_FILENO == 0);
  _DBUS_STATIC_ASSERT (STDOUT_FILENO == 1);
  _DBUS_STATIC_ASSERT (STDERR_FILENO == 2);
  int i;

  for (i = STDIN_FILENO; i <= STDERR_FILENO; i++)
    {
      /* Because we rely on being single-threaded, and we want the
       * standard fds to not be close-on-exec, we don't set it
       * close-on-exec. */
      if (devnull < i)
        devnull = open ("/dev/null", O_RDWR);

      if (devnull < 0)
        {
          error_str = "Failed to open /dev/null";
          goto out;
        }

      /* We already opened all fds < i, so the only way this assertion
       * could fail is if another thread closed one, and we document
       * this function as not safe for multi-threading. */
      _dbus_assert (devnull >= i);

      if (devnull != i && (flags & relevant_flag[i]) != 0)
        {
          if (dup2 (devnull, i) < 0)
            {
              error_str = "Failed to dup2 /dev/null onto a standard fd";
              goto out;
            }
        }
    }

  error_str = NULL;

out:
  saved_errno = errno;

  if (devnull > STDERR_FILENO)
    close (devnull);

  if (error_str_p != NULL)
    *error_str_p = error_str;

  errno = saved_errno;
  return (error_str == NULL);
}

215 216 217
static dbus_bool_t _dbus_set_fd_nonblocking (int             fd,
                                             DBusError      *error);

218
static dbus_bool_t
219
_dbus_open_socket (int              *fd_p,
220 221
                   int               domain,
                   int               type,
222 223
                   int               protocol,
                   DBusError        *error)
224
{
225 226 227 228 229 230 231
#ifdef SOCK_CLOEXEC
  dbus_bool_t cloexec_done;

  *fd_p = socket (domain, type | SOCK_CLOEXEC, protocol);
  cloexec_done = *fd_p >= 0;

  /* Check if kernel seems to be too old to know SOCK_CLOEXEC */
232
  if (*fd_p < 0 && (errno == EINVAL || errno == EPROTOTYPE))
233 234 235 236 237
#endif
    {
      *fd_p = socket (domain, type, protocol);
    }

238
  if (*fd_p >= 0)
239
    {
240 241 242 243 244 245 246
#ifdef SOCK_CLOEXEC
      if (!cloexec_done)
#endif
        {
          _dbus_fd_set_close_on_exec(*fd_p);
        }

247
      _dbus_verbose ("socket fd %d opened\n", *fd_p);
248 249 250 251 252 253 254 255 256 257 258 259
      return TRUE;
    }
  else
    {
      dbus_set_error(error,
                     _dbus_error_from_errno (errno),
                     "Failed to open socket: %s",
                     _dbus_strerror (errno));
      return FALSE;
    }
}

260 261 262
/**
 * Opens a UNIX domain socket (as in the socket() call).
 * Does not bind the socket.
263 264 265
 *
 * This will set FD_CLOEXEC for the socket returned
 *
266 267 268 269
 * @param fd return location for socket descriptor
 * @param error return location for an error
 * @returns #FALSE if error is set
 */
270
static dbus_bool_t
271 272 273 274
_dbus_open_unix_socket (int              *fd,
                        DBusError        *error)
{
  return _dbus_open_socket(fd, PF_UNIX, SOCK_STREAM, 0, error);
275 276
}

277 278 279 280 281 282 283 284
/**
 * Closes a socket. Should not be used on non-socket
 * file descriptors or handles.
 *
 * @param fd the socket
 * @param error return location for an error
 * @returns #FALSE if error is set
 */
285
dbus_bool_t
286
_dbus_close_socket (DBusSocket        fd,
287 288
                    DBusError        *error)
{
289
  return _dbus_close (fd.fd, error);
290 291
}

292 293 294 295 296 297 298 299 300
/**
 * Like _dbus_read(), but only works on sockets so is
 * available on Windows.
 *
 * @param fd the socket
 * @param buffer string to append data to
 * @param count max amount of data to read
 * @returns number of bytes appended to the string
 */
301
int
302
_dbus_read_socket (DBusSocket        fd,
303 304 305
                   DBusString       *buffer,
                   int               count)
{
306
  return _dbus_read (fd.fd, buffer, count);
307 308
}

309 310 311 312 313 314 315 316 317 318
/**
 * Like _dbus_write(), but only supports sockets
 * and is thus available on Windows.
 *
 * @param fd the file descriptor to write
 * @param buffer the buffer to write data from
 * @param start the first byte in the buffer to write
 * @param len the number of bytes to try to write
 * @returns the number of bytes written or -1 on error
 */
319
int
320
_dbus_write_socket (DBusSocket        fd,
321 322 323 324
                    const DBusString *buffer,
                    int               start,
                    int               len)
{
325
#if HAVE_DECL_MSG_NOSIGNAL
326 327 328 329 330 331 332
  const char *data;
  int bytes_written;

  data = _dbus_string_get_const_data_len (buffer, start, len);

 again:

333
  bytes_written = send (fd.fd, data, len, MSG_NOSIGNAL);
334 335 336 337 338 339 340

  if (bytes_written < 0 && errno == EINTR)
    goto again;

  return bytes_written;

#else
341
  return _dbus_write (fd.fd, buffer, start, len);
342
#endif
343 344
}

345 346 347 348 349 350 351 352 353 354 355 356 357
/**
 * Like _dbus_read_socket() but also tries to read unix fds from the
 * socket. When there are more fds to read than space in the array
 * passed this function will fail with ENOSPC.
 *
 * @param fd the socket
 * @param buffer string to append data to
 * @param count max amount of data to read
 * @param fds array to place read file descriptors in
 * @param n_fds on input space in fds array, on output how many fds actually got read
 * @returns number of bytes appended to string
 */
int
358
_dbus_read_socket_with_unix_fds (DBusSocket        fd,
359 360 361
                                 DBusString       *buffer,
                                 int               count,
                                 int              *fds,
362
                                 unsigned int     *n_fds) {
363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378
#ifndef HAVE_UNIX_FD_PASSING
  int r;

  if ((r = _dbus_read_socket(fd, buffer, count)) < 0)
    return r;

  *n_fds = 0;
  return r;

#else
  int bytes_read;
  int start;
  struct msghdr m;
  struct iovec iov;

  _dbus_assert (count >= 0);
379
  _dbus_assert (*n_fds <= DBUS_MAXIMUM_MESSAGE_UNIX_FDS);
380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407

  start = _dbus_string_get_length (buffer);

  if (!_dbus_string_lengthen (buffer, count))
    {
      errno = ENOMEM;
      return -1;
    }

  _DBUS_ZERO(iov);
  iov.iov_base = _dbus_string_get_data_len (buffer, start, count);
  iov.iov_len = count;

  _DBUS_ZERO(m);
  m.msg_iov = &iov;
  m.msg_iovlen = 1;

  /* Hmm, we have no clue how long the control data will actually be
     that is queued for us. The least we can do is assume that the
     caller knows. Hence let's make space for the number of fds that
     we shall read at max plus the cmsg header. */
  m.msg_controllen = CMSG_SPACE(*n_fds * sizeof(int));

  /* It's probably safe to assume that systems with SCM_RIGHTS also
     know alloca() */
  m.msg_control = alloca(m.msg_controllen);
  memset(m.msg_control, 0, m.msg_controllen);

408 409 410 411 412 413
  /* Do not include the padding at the end when we tell the kernel
   * how much we're willing to receive. This avoids getting
   * the padding filled with additional fds that we weren't expecting,
   * if a (potentially malicious) sender included them. (fd.o #83622) */
  m.msg_controllen = CMSG_LEN (*n_fds * sizeof(int));

414 415
 again:

416
  bytes_read = recvmsg (fd.fd, &m, 0
417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452
#ifdef MSG_CMSG_CLOEXEC
                       |MSG_CMSG_CLOEXEC
#endif
                       );

  if (bytes_read < 0)
    {
      if (errno == EINTR)
        goto again;
      else
        {
          /* put length back (note that this doesn't actually realloc anything) */
          _dbus_string_set_length (buffer, start);
          return -1;
        }
    }
  else
    {
      struct cmsghdr *cm;
      dbus_bool_t found = FALSE;

      if (m.msg_flags & MSG_CTRUNC)
        {
          /* Hmm, apparently the control data was truncated. The bad
             thing is that we might have completely lost a couple of fds
             without chance to recover them. Hence let's treat this as a
             serious error. */

          errno = ENOSPC;
          _dbus_string_set_length (buffer, start);
          return -1;
        }

      for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm))
        if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS)
          {
453 454 455 456 457 458
            size_t i;
            int *payload = (int *) CMSG_DATA (cm);
            size_t payload_len_bytes = (cm->cmsg_len - CMSG_LEN (0));
            size_t payload_len_fds = payload_len_bytes / sizeof (int);
            size_t fds_to_use;

459
            /* Every unsigned int fits in a size_t without truncation, so
460
             * casting (size_t) *n_fds is OK */
461
            _DBUS_STATIC_ASSERT (sizeof (size_t) >= sizeof (unsigned int));
462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485

            if (_DBUS_LIKELY (payload_len_fds <= (size_t) *n_fds))
              {
                /* The fds in the payload will fit in our buffer */
                fds_to_use = payload_len_fds;
              }
            else
              {
                /* Too many fds in the payload. This shouldn't happen
                 * any more because we're setting m.msg_controllen to
                 * the exact number we can accept, but be safe and
                 * truncate. */
                fds_to_use = (size_t) *n_fds;

                /* Close the excess fds to avoid DoS: if they stayed open,
                 * someone could send us an extra fd per message
                 * and we'd eventually run out. */
                for (i = fds_to_use; i < payload_len_fds; i++)
                  {
                    close (payload[i]);
                  }
              }

            memcpy (fds, payload, fds_to_use * sizeof (int));
486
            found = TRUE;
487 488
            /* This narrowing cast from size_t to unsigned int cannot
             * overflow because we have chosen fds_to_use
489
             * to be <= *n_fds */
490
            *n_fds = (unsigned int) fds_to_use;
491 492 493 494

            /* Linux doesn't tell us whether MSG_CMSG_CLOEXEC actually
               worked, hence we need to go through this list and set
               CLOEXEC everywhere in any case */
495
            for (i = 0; i < fds_to_use; i++)
496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517
              _dbus_fd_set_close_on_exec(fds[i]);

            break;
          }

      if (!found)
        *n_fds = 0;

      /* put length back (doesn't actually realloc) */
      _dbus_string_set_length (buffer, start + bytes_read);

#if 0
      if (bytes_read > 0)
        _dbus_verbose_bytes_of_string (buffer, start, bytes_read);
#endif

      return bytes_read;
    }
#endif
}

int
518
_dbus_write_socket_with_unix_fds(DBusSocket        fd,
519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538
                                 const DBusString *buffer,
                                 int               start,
                                 int               len,
                                 const int        *fds,
                                 int               n_fds) {

#ifndef HAVE_UNIX_FD_PASSING

  if (n_fds > 0) {
    errno = ENOTSUP;
    return -1;
  }

  return _dbus_write_socket(fd, buffer, start, len);
#else
  return _dbus_write_socket_with_unix_fds_two(fd, buffer, start, len, NULL, 0, 0, fds, n_fds);
#endif
}

int
539
_dbus_write_socket_with_unix_fds_two(DBusSocket        fd,
540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598
                                     const DBusString *buffer1,
                                     int               start1,
                                     int               len1,
                                     const DBusString *buffer2,
                                     int               start2,
                                     int               len2,
                                     const int        *fds,
                                     int               n_fds) {

#ifndef HAVE_UNIX_FD_PASSING

  if (n_fds > 0) {
    errno = ENOTSUP;
    return -1;
  }

  return _dbus_write_socket_two(fd,
                                buffer1, start1, len1,
                                buffer2, start2, len2);
#else

  struct msghdr m;
  struct cmsghdr *cm;
  struct iovec iov[2];
  int bytes_written;

  _dbus_assert (len1 >= 0);
  _dbus_assert (len2 >= 0);
  _dbus_assert (n_fds >= 0);

  _DBUS_ZERO(iov);
  iov[0].iov_base = (char*) _dbus_string_get_const_data_len (buffer1, start1, len1);
  iov[0].iov_len = len1;

  if (buffer2)
    {
      iov[1].iov_base = (char*) _dbus_string_get_const_data_len (buffer2, start2, len2);
      iov[1].iov_len = len2;
    }

  _DBUS_ZERO(m);
  m.msg_iov = iov;
  m.msg_iovlen = buffer2 ? 2 : 1;

  if (n_fds > 0)
    {
      m.msg_controllen = CMSG_SPACE(n_fds * sizeof(int));
      m.msg_control = alloca(m.msg_controllen);
      memset(m.msg_control, 0, m.msg_controllen);

      cm = CMSG_FIRSTHDR(&m);
      cm->cmsg_level = SOL_SOCKET;
      cm->cmsg_type = SCM_RIGHTS;
      cm->cmsg_len = CMSG_LEN(n_fds * sizeof(int));
      memcpy(CMSG_DATA(cm), fds, n_fds * sizeof(int));
    }

 again:

599
  bytes_written = sendmsg (fd.fd, &m, 0
600
#if HAVE_DECL_MSG_NOSIGNAL
601 602 603 604 605 606 607 608 609 610 611 612 613 614
                           |MSG_NOSIGNAL
#endif
                           );

  if (bytes_written < 0 && errno == EINTR)
    goto again;

#if 0
  if (bytes_written > 0)
    _dbus_verbose_bytes_of_string (buffer, start, bytes_written);
#endif

  return bytes_written;
#endif
615 616
}

617 618 619
/**
 * Like _dbus_write_two() but only works on sockets and is thus
 * available on Windows.
620
 *
621 622 623 624 625 626 627 628 629
 * @param fd the file descriptor
 * @param buffer1 first buffer
 * @param start1 first byte to write in first buffer
 * @param len1 number of bytes to write from first buffer
 * @param buffer2 second buffer, or #NULL
 * @param start2 first byte to write in second buffer
 * @param len2 number of bytes to write in second buffer
 * @returns total bytes written from both buffers, or -1 on error
 */
630
int
631
_dbus_write_socket_two (DBusSocket        fd,
632 633 634 635 636 637 638
                        const DBusString *buffer1,
                        int               start1,
                        int               len1,
                        const DBusString *buffer2,
                        int               start2,
                        int               len2)
{
639
#if HAVE_DECL_MSG_NOSIGNAL
640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667
  struct iovec vectors[2];
  const char *data1;
  const char *data2;
  int bytes_written;
  struct msghdr m;

  _dbus_assert (buffer1 != NULL);
  _dbus_assert (start1 >= 0);
  _dbus_assert (start2 >= 0);
  _dbus_assert (len1 >= 0);
  _dbus_assert (len2 >= 0);

  data1 = _dbus_string_get_const_data_len (buffer1, start1, len1);

  if (buffer2 != NULL)
    data2 = _dbus_string_get_const_data_len (buffer2, start2, len2);
  else
    {
      data2 = NULL;
      start2 = 0;
      len2 = 0;
    }

  vectors[0].iov_base = (char*) data1;
  vectors[0].iov_len = len1;
  vectors[1].iov_base = (char*) data2;
  vectors[1].iov_len = len2;

668
  _DBUS_ZERO(m);
669 670 671 672 673
  m.msg_iov = vectors;
  m.msg_iovlen = data2 ? 2 : 1;

 again:

674
  bytes_written = sendmsg (fd.fd, &m, MSG_NOSIGNAL);
675 676 677 678 679 680 681

  if (bytes_written < 0 && errno == EINTR)
    goto again;

  return bytes_written;

#else
682
  return _dbus_write_two (fd.fd, buffer1, start1, len1,
683
                          buffer2, start2, len2);
684
#endif
685 686
}

687 688 689 690 691
/**
 * Thin wrapper around the read() system call that appends
 * the data it reads to the DBusString buffer. It appends
 * up to the given count, and returns the same value
 * and same errno as read(). The only exception is that
692
 * _dbus_read() handles EINTR for you. Also, _dbus_read() can
693 694
 * return ENOMEM, even though regular UNIX read doesn't.
 *
695 696
 * Unlike _dbus_read_socket(), _dbus_read() is not available
 * on Windows.
697
 *
698 699 700 701 702 703 704 705 706 707 708 709 710 711 712
 * @param fd the file descriptor to read from
 * @param buffer the buffer to append data to
 * @param count the amount of data to read
 * @returns the number of bytes read or -1
 */
int
_dbus_read (int               fd,
            DBusString       *buffer,
            int               count)
{
  int bytes_read;
  int start;
  char *data;

  _dbus_assert (count >= 0);
713

714 715 716 717 718 719 720 721 722 723 724
  start = _dbus_string_get_length (buffer);

  if (!_dbus_string_lengthen (buffer, count))
    {
      errno = ENOMEM;
      return -1;
    }

  data = _dbus_string_get_data_len (buffer, start, count);

 again:
725

726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747
  bytes_read = read (fd, data, count);

  if (bytes_read < 0)
    {
      if (errno == EINTR)
        goto again;
      else
        {
          /* put length back (note that this doesn't actually realloc anything) */
          _dbus_string_set_length (buffer, start);
          return -1;
        }
    }
  else
    {
      /* put length back (doesn't actually realloc) */
      _dbus_string_set_length (buffer, start + bytes_read);

#if 0
      if (bytes_read > 0)
        _dbus_verbose_bytes_of_string (buffer, start, bytes_read);
#endif
748

749 750 751 752 753 754 755
      return bytes_read;
    }
}

/**
 * Thin wrapper around the write() system call that writes a part of a
 * DBusString and handles EINTR for you.
756
 *
757 758 759 760 761 762 763 764 765 766 767 768 769 770
 * @param fd the file descriptor to write
 * @param buffer the buffer to write data from
 * @param start the first byte in the buffer to write
 * @param len the number of bytes to try to write
 * @returns the number of bytes written or -1 on error
 */
int
_dbus_write (int               fd,
             const DBusString *buffer,
             int               start,
             int               len)
{
  const char *data;
  int bytes_written;
771

772
  data = _dbus_string_get_const_data_len (buffer, start, len);
773

774 775 776 777 778 779 780 781 782 783 784
 again:

  bytes_written = write (fd, data, len);

  if (bytes_written < 0 && errno == EINTR)
    goto again;

#if 0
  if (bytes_written > 0)
    _dbus_verbose_bytes_of_string (buffer, start, bytes_written);
#endif
785

786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822
  return bytes_written;
}

/**
 * Like _dbus_write() but will use writev() if possible
 * to write both buffers in sequence. The return value
 * is the number of bytes written in the first buffer,
 * plus the number written in the second. If the first
 * buffer is written successfully and an error occurs
 * writing the second, the number of bytes in the first
 * is returned (i.e. the error is ignored), on systems that
 * don't have writev. Handles EINTR for you.
 * The second buffer may be #NULL.
 *
 * @param fd the file descriptor
 * @param buffer1 first buffer
 * @param start1 first byte to write in first buffer
 * @param len1 number of bytes to write from first buffer
 * @param buffer2 second buffer, or #NULL
 * @param start2 first byte to write in second buffer
 * @param len2 number of bytes to write in second buffer
 * @returns total bytes written from both buffers, or -1 on error
 */
int
_dbus_write_two (int               fd,
                 const DBusString *buffer1,
                 int               start1,
                 int               len1,
                 const DBusString *buffer2,
                 int               start2,
                 int               len2)
{
  _dbus_assert (buffer1 != NULL);
  _dbus_assert (start1 >= 0);
  _dbus_assert (start2 >= 0);
  _dbus_assert (len1 >= 0);
  _dbus_assert (len2 >= 0);
823

824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840
#ifdef HAVE_WRITEV
  {
    struct iovec vectors[2];
    const char *data1;
    const char *data2;
    int bytes_written;

    data1 = _dbus_string_get_const_data_len (buffer1, start1, len1);

    if (buffer2 != NULL)
      data2 = _dbus_string_get_const_data_len (buffer2, start2, len2);
    else
      {
        data2 = NULL;
        start2 = 0;
        len2 = 0;
      }
841

842 843 844 845 846 847
    vectors[0].iov_base = (char*) data1;
    vectors[0].iov_len = len1;
    vectors[1].iov_base = (char*) data2;
    vectors[1].iov_len = len2;

  again:
848

849 850 851 852 853 854
    bytes_written = writev (fd,
                            vectors,
                            data2 ? 2 : 1);

    if (bytes_written < 0 && errno == EINTR)
      goto again;
855

856 857 858 859
    return bytes_written;
  }
#else /* HAVE_WRITEV */
  {
860
    int ret1, ret2;
861

862 863 864 865 866 867
    ret1 = _dbus_write (fd, buffer1, start1, len1);
    if (ret1 == len1 && buffer2 != NULL)
      {
        ret2 = _dbus_write (fd, buffer2, start2, len2);
        if (ret2 < 0)
          ret2 = 0; /* we can't report an error as the first write was OK */
868

869 870 871 872 873
        return ret1 + ret2;
      }
    else
      return ret1;
  }
874
#endif /* !HAVE_WRITEV */
875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895
}

#define _DBUS_MAX_SUN_PATH_LENGTH 99

/**
 * @def _DBUS_MAX_SUN_PATH_LENGTH
 *
 * Maximum length of the path to a UNIX domain socket,
 * sockaddr_un::sun_path member. POSIX requires that all systems
 * support at least 100 bytes here, including the nul termination.
 * We use 99 for the max value to allow for the nul.
 *
 * We could probably also do sizeof (addr.sun_path)
 * but this way we are the same on all platforms
 * which is probably a good idea.
 */

/**
 * Creates a socket and connects it to the UNIX domain socket at the
 * given path.  The connection fd is returned, and is set up as
 * nonblocking.
896
 *
897 898 899 900
 * Uses abstract sockets instead of filesystem-linked sockets if
 * requested (it's possible only on Linux; see "man 7 unix" on Linux).
 * On non-Linux abstract socket usage always fails.
 *
901 902
 * This will set FD_CLOEXEC for the socket returned.
 *
903 904 905 906 907 908 909 910 911 912 913 914
 * @param path the path to UNIX domain socket
 * @param abstract #TRUE to use abstract namespace
 * @param error return location for error code
 * @returns connection file descriptor or -1 on error
 */
int
_dbus_connect_unix_socket (const char     *path,
                           dbus_bool_t     abstract,
                           DBusError      *error)
{
  int fd;
  size_t path_len;
915
  struct sockaddr_un addr;
916 917 918 919 920

  _DBUS_ASSERT_ERROR_IS_CLEAR (error);

  _dbus_verbose ("connecting to unix socket %s abstract=%d\n",
                 path, abstract);
921 922


923
  if (!_dbus_open_unix_socket (&fd, error))
924
    {
925
      _DBUS_ASSERT_ERROR_IS_SET(error);
926 927
      return -1;
    }
928
  _DBUS_ASSERT_ERROR_IS_CLEAR(error);
929 930 931 932 933 934 935

  _DBUS_ZERO (addr);
  addr.sun_family = AF_UNIX;
  path_len = strlen (path);

  if (abstract)
    {
936
#ifdef __linux__
937 938 939 940 941 942 943 944 945 946
      addr.sun_path[0] = '\0'; /* this is what says "use abstract" */
      path_len++; /* Account for the extra nul byte added to the start of sun_path */

      if (path_len > _DBUS_MAX_SUN_PATH_LENGTH)
        {
          dbus_set_error (error, DBUS_ERROR_BAD_ADDRESS,
                      "Abstract socket name too long\n");
          _dbus_close (fd, NULL);
          return -1;
	}
947

948 949
      strncpy (&addr.sun_path[1], path, path_len);
      /* _dbus_verbose_bytes (addr.sun_path, sizeof (addr.sun_path)); */
950
#else /* !__linux__ */
951 952 953 954
      dbus_set_error (error, DBUS_ERROR_NOT_SUPPORTED,
                      "Operating system does not support abstract socket namespace\n");
      _dbus_close (fd, NULL);
      return -1;
955
#endif /* !__linux__ */
956 957 958 959 960 961 962 963 964 965 966 967 968
    }
  else
    {
      if (path_len > _DBUS_MAX_SUN_PATH_LENGTH)
        {
          dbus_set_error (error, DBUS_ERROR_BAD_ADDRESS,
                      "Socket name too long\n");
          _dbus_close (fd, NULL);
          return -1;
	}

      strncpy (addr.sun_path, path, path_len);
    }
969

970
  if (connect (fd, (struct sockaddr*) &addr, _DBUS_STRUCT_OFFSET (struct sockaddr_un, sun_path) + path_len) < 0)
971
    {
972 973 974 975 976 977 978 979 980 981 982 983
      dbus_set_error (error,
                      _dbus_error_from_errno (errno),
                      "Failed to connect to socket %s: %s",
                      path, _dbus_strerror (errno));

      _dbus_close (fd, NULL);
      return -1;
    }

  if (!_dbus_set_fd_nonblocking (fd, error))
    {
      _DBUS_ASSERT_ERROR_IS_SET (error);
984

985 986 987 988 989 990 991
      _dbus_close (fd, NULL);
      return -1;
    }

  return fd;
}

992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010
/**
 * Creates a UNIX domain socket and connects it to the specified
 * process to execute.
 *
 * This will set FD_CLOEXEC for the socket returned.
 *
 * @param path the path to the executable
 * @param argv the argument list for the process to execute.
 * argv[0] typically is identical to the path of the executable
 * @param error return location for error code
 * @returns connection file descriptor or -1 on error
 */
int
_dbus_connect_exec (const char     *path,
                    char *const    argv[],
                    DBusError      *error)
{
  int fds[2];
  pid_t pid;
1011 1012
  int retval;
  dbus_bool_t cloexec_done = 0;
1013 1014 1015 1016 1017 1018

  _DBUS_ASSERT_ERROR_IS_CLEAR (error);

  _dbus_verbose ("connecting to process %s\n", path);

#ifdef SOCK_CLOEXEC
1019 1020 1021
  retval = socketpair (AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0, fds);
  cloexec_done = (retval >= 0);

1022
  if (retval < 0 && (errno == EINVAL || errno == EPROTOTYPE))
1023
#endif
1024 1025 1026 1027 1028
    {
      retval = socketpair (AF_UNIX, SOCK_STREAM, 0, fds);
    }

  if (retval < 0)
1029 1030 1031 1032 1033 1034 1035 1036
    {
      dbus_set_error (error,
                      _dbus_error_from_errno (errno),
                      "Failed to create socket pair: %s",
                      _dbus_strerror (errno));
      return -1;
    }

1037 1038 1039 1040 1041
  if (!cloexec_done)
    {
      _dbus_fd_set_close_on_exec (fds[0]);
      _dbus_fd_set_close_on_exec (fds[1]);
    }
1042

1043 1044 1045 1046 1047
  /* Make sure our output buffers aren't redundantly printed by both the
   * parent and the child */
  fflush (stdout);
  fflush (stderr);

1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076
  pid = fork ();
  if (pid < 0)
    {
      dbus_set_error (error,
                      _dbus_error_from_errno (errno),
                      "Failed to fork() to call %s: %s",
                      path, _dbus_strerror (errno));
      close (fds[0]);
      close (fds[1]);
      return -1;
    }

  if (pid == 0)
    {
      /* child */
      close (fds[0]);

      dup2 (fds[1], STDIN_FILENO);
      dup2 (fds[1], STDOUT_FILENO);

      if (fds[1] != STDIN_FILENO &&
          fds[1] != STDOUT_FILENO)
        close (fds[1]);

      /* Inherit STDERR and the controlling terminal from the
         parent */

      _dbus_close_all ();

Simon McVittie's avatar
Simon McVittie committed
1077
      execvp (path, (char * const *) argv);
1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097

      fprintf (stderr, "Failed to execute process %s: %s\n", path, _dbus_strerror (errno));

      _exit(1);
    }

  /* parent */
  close (fds[1]);

  if (!_dbus_set_fd_nonblocking (fds[0], error))
    {
      _DBUS_ASSERT_ERROR_IS_SET (error);

      close (fds[0]);
      return -1;
    }

  return fds[0];
}

1098 1099 1100 1101 1102 1103 1104 1105 1106 1107
/**
 * Creates a socket and binds it to the given path,
 * then listens on the socket. The socket is
 * set to be nonblocking.
 *
 * Uses abstract sockets instead of filesystem-linked
 * sockets if requested (it's possible only on Linux;
 * see "man 7 unix" on Linux).
 * On non-Linux abstract socket usage always fails.
 *
1108 1109
 * This will set FD_CLOEXEC for the socket returned
 *
1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127
 * @param path the socket name
 * @param abstract #TRUE to use abstract namespace
 * @param error return location for errors
 * @returns the listening file descriptor or -1 on error
 */
int
_dbus_listen_unix_socket (const char     *path,
                          dbus_bool_t     abstract,
                          DBusError      *error)
{
  int listen_fd;
  struct sockaddr_un addr;
  size_t path_len;

  _DBUS_ASSERT_ERROR_IS_CLEAR (error);

  _dbus_verbose ("listening on unix socket %s abstract=%d\n",
                 path, abstract);
1128

1129
  if (!_dbus_open_unix_socket (&listen_fd, error))
1130
    {
1131
      _DBUS_ASSERT_ERROR_IS_SET(error);
1132 1133
      return -1;
    }
1134
  _DBUS_ASSERT_ERROR_IS_CLEAR(error);
1135 1136 1137 1138

  _DBUS_ZERO (addr);
  addr.sun_family = AF_UNIX;
  path_len = strlen (path);
1139

1140 1141
  if (abstract)
    {
1142
#ifdef __linux__
1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155
      /* remember that abstract names aren't nul-terminated so we rely
       * on sun_path being filled in with zeroes above.
       */
      addr.sun_path[0] = '\0'; /* this is what says "use abstract" */
      path_len++; /* Account for the extra nul byte added to the start of sun_path */

      if (path_len > _DBUS_MAX_SUN_PATH_LENGTH)
        {
          dbus_set_error (error, DBUS_ERROR_BAD_ADDRESS,
                      "Abstract socket name too long\n");
          _dbus_close (listen_fd, NULL);
          return -1;
	}
1156

1157 1158
      strncpy (&addr.sun_path[1], path, path_len);
      /* _dbus_verbose_bytes (addr.sun_path, sizeof (addr.sun_path)); */
1159
#else /* !__linux__ */
1160 1161 1162 1163
      dbus_set_error (error, DBUS_ERROR_NOT_SUPPORTED,
                      "Operating system does not support abstract socket namespace\n");
      _dbus_close (listen_fd, NULL);
      return -1;
1164
#endif /* !__linux__ */
1165 1166 1167
    }
  else
    {
1168
      /* Discussed security implications of this with Nalin,
1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188
       * and we couldn't think of where it would kick our ass, but
       * it still seems a bit sucky. It also has non-security suckage;
       * really we'd prefer to exit if the socket is already in use.
       * But there doesn't seem to be a good way to do this.
       *
       * Just to be extra careful, I threw in the stat() - clearly
       * the stat() can't *fix* any security issue, but it at least
       * avoids inadvertent/accidental data loss.
       */
      {
        struct stat sb;

        if (stat (path, &sb) == 0 &&
            S_ISSOCK (sb.st_mode))
          unlink (path);
      }

      if (path_len > _DBUS_MAX_SUN_PATH_LENGTH)
        {
          dbus_set_error (error, DBUS_ERROR_BAD_ADDRESS,
Antoine Jacoutot's avatar
Antoine Jacoutot committed
1189
                      "Socket name too long\n");
1190 1191 1192
          _dbus_close (listen_fd, NULL);
          return -1;
	}
1193

1194 1195
      strncpy (addr.sun_path, path, path_len);
    }
1196

1197 1198 1199 1200 1201 1202 1203 1204 1205
  if (bind (listen_fd, (struct sockaddr*) &addr, _DBUS_STRUCT_OFFSET (struct sockaddr_un, sun_path) + path_len) < 0)
    {
      dbus_set_error (error, _dbus_error_from_errno (errno),
                      "Failed to bind socket \"%s\": %s",
                      path, _dbus_strerror (errno));
      _dbus_close (listen_fd, NULL);
      return -1;
    }

1206
  if (listen (listen_fd, SOMAXCONN /* backlog */) < 0)
1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220
    {
      dbus_set_error (error, _dbus_error_from_errno (errno),
                      "Failed to listen on socket \"%s\": %s",
                      path, _dbus_strerror (errno));
      _dbus_close (listen_fd, NULL);
      return -1;
    }

  if (!_dbus_set_fd_nonblocking (listen_fd, error))
    {
      _DBUS_ASSERT_ERROR_IS_SET (error);
      _dbus_close (listen_fd, NULL);
      return -1;
    }
1221

1222 1223 1224 1225
  /* Try opening up the permissions, but if we can't, just go ahead
   * and continue, maybe it will be good enough.
   */
  if (!abstract && chmod (path, 0777) < 0)
1226
    _dbus_warn ("Could not set mode 0777 on socket %s", path);
1227

1228 1229 1230 1231
  return listen_fd;
}

/**
1232 1233 1234 1235 1236
 * Acquires one or more sockets passed in from systemd. The sockets
 * are set to be nonblocking.
 *
 * This will set FD_CLOEXEC for the sockets returned.
 *
1237
 * @param fds the file descriptors
1238 1239 1240 1241
 * @param error return location for errors
 * @returns the number of file descriptors
 */
int
1242 1243
_dbus_listen_systemd_sockets (DBusSocket **fds,
                              DBusError   *error)
1244
{
1245
#ifdef HAVE_SYSTEMD
1246
  int r, n;
1247
  int fd;
1248
  DBusSocket *new_fds;
1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289

  _DBUS_ASSERT_ERROR_IS_CLEAR (error);

  n = sd_listen_fds (TRUE);
  if (n < 0)
    {
      dbus_set_error (error, _dbus_error_from_errno (-n),
                      "Failed to acquire systemd socket: %s",
                      _dbus_strerror (-n));
      return -1;
    }

  if (n <= 0)
    {
      dbus_set_error (error, DBUS_ERROR_BAD_ADDRESS,
                      "No socket received.");
      return -1;
    }

  for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd ++)
    {
      r = sd_is_socket (fd, AF_UNSPEC, SOCK_STREAM, 1);
      if (r < 0)
        {
          dbus_set_error (error, _dbus_error_from_errno (-r),
                          "Failed to verify systemd socket type: %s",
                          _dbus_strerror (-r));
          return -1;
        }

      if (!r)
        {
          dbus_set_error (error, DBUS_ERROR_BAD_ADDRESS,
                          "Passed socket has wrong type.");
          return -1;
        }
    }

  /* OK, the file descriptors are all good, so let's take posession of
     them then. */

1290
  new_fds = dbus_new (DBusSocket, n);
1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305
  if (!new_fds)
    {
      dbus_set_error (error, DBUS_ERROR_NO_MEMORY,
                      "Failed to allocate file handle array.");
      goto fail;
    }

  for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd ++)
    {
      if (!_dbus_set_fd_nonblocking (fd, error))
        {
          _DBUS_ASSERT_ERROR_IS_SET (error);
          goto fail;
        }

1306
      new_fds[fd - SD_LISTEN_FDS_START].fd = fd;
1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320
    }

  *fds = new_fds;
  return n;

 fail:

  for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; fd ++)
    {
      _dbus_close (fd, NULL);
    }

  dbus_free (new_fds);
  return -1;
1321 1322 1323 1324 1325
#else
  dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED,
                        "dbus was compiled without systemd support");
  return -1;
#endif
1326 1327 1328 1329
}

/**
 * Creates a socket and connects to a socket at the given host
1330 1331 1332
 * and port. The connection fd is returned, and is set up as
 * nonblocking.
 *
1333 1334
 * This will set FD_CLOEXEC for the socket returned
 *
1335
 * @param host the host name to connect to
1336 1337
 * @param port the port to connect to
 * @param family the address family to listen on, NULL for all
1338 1339 1340
 * @param error return location for error code
 * @returns connection file descriptor or -1 on error
 */
1341
DBusSocket
1342
_dbus_connect_tcp_socket (const char     *host,
1343 1344
                          const char     *port,
                          const char     *family,
1345
                          DBusError      *error)
1346 1347 1348 1349
{
    return _dbus_connect_tcp_socket_with_nonce (host, port, family, (const char*)NULL, error);
}

1350
DBusSocket
1351 1352 1353 1354 1355
_dbus_connect_tcp_socket_with_nonce (const char     *host,
                                     const char     *port,
                                     const char     *family,
                                     const char     *noncefile,
                                     DBusError      *error)
1356
{
1357
  int saved_errno = 0;
1358 1359
  DBusSocket fd = DBUS_SOCKET_INIT;
  int res;
1360 1361
  struct addrinfo hints;
  struct addrinfo *ai, *tmp;
1362

1363
  _DBUS_ASSERT_ERROR_IS_CLEAR(error);
1364

1365 1366 1367 1368 1369 1370 1371 1372 1373
  _DBUS_ZERO (hints);

  if (!family)
    hints.ai_family = AF_UNSPEC;
  else if (!strcmp(family, "ipv4"))
    hints.ai_family = AF_INET;
  else if (!strcmp(family, "ipv6"))
    hints.ai_family = AF_INET6;
  else
1374 1375
    {
      dbus_set_error (error,
1376
                      DBUS_ERROR_BAD_ADDRESS,
1377
                      "Unknown address family %s", family);
1378
      return _dbus_socket_get_invalid ();
1379
    }
1380 1381 1382
  hints.ai_protocol = IPPROTO_TCP;
  hints.ai_socktype = SOCK_STREAM;
  hints.ai_flags = AI_ADDRCONFIG;
1383

1384 1385
  if ((res = getaddrinfo(host, port, &hints, &ai)) != 0)
    {
1386
      dbus_set_error (error,
1387 1388 1389
                      _dbus_error_from_errno (errno),
                      "Failed to lookup host/port: \"%s:%s\": %s (%d)",
                      host, port, gai_strerror(res), res);
1390
      return _dbus_socket_get_invalid ();
1391 1392
    }

1393 1394 1395
  tmp = ai;
  while (tmp)
    {
1396
      if (!_dbus_open_socket (&fd.fd, tmp->ai_family, SOCK_STREAM, 0, error))
1397 1398 1399
        {
          freeaddrinfo(ai);
          _DBUS_ASSERT_ERROR_IS_SET(error);
1400
          return _dbus_socket_get_invalid ();
1401 1402 1403
        }
      _DBUS_ASSERT_ERROR_IS_CLEAR(error);

1404
      if (connect (fd.fd, (struct sockaddr*) tmp->ai_addr, tmp->ai_addrlen) < 0)
1405
        {
1406
          saved_errno = errno;
1407 1408
          _dbus_close (fd.fd, NULL);
          fd.fd = -1;
1409 1410 1411 1412 1413 1414 1415 1416
          tmp = tmp->ai_next;
          continue;
        }

      break;
    }
  freeaddrinfo(ai);

1417
  if (fd.fd == -1)
1418 1419
    {
      dbus_set_error (error,
1420
                      _dbus_error_from_errno (saved_errno),
1421
                      "Failed to connect to socket \"%s:%s\" %s",
1422
                      host, port, _dbus_strerror(saved_errno));
1423
      return _dbus_socket_get_invalid ();
1424 1425
    }

1426 1427 1428 1429 1430 1431 1432
  if (noncefile != NULL)
    {
      DBusString noncefileStr;
      dbus_bool_t ret;
      _dbus_string_init_const (&noncefileStr, noncefile);
      ret = _dbus_send_nonce (fd, &noncefileStr, error);
      _dbus_string_free (&noncefileStr);
1433

1434
      if (!ret)
1435 1436 1437
        {
          _dbus_close (fd.fd, NULL);
          return _dbus_socket_get_invalid ();
1438 1439
        }
    }
1440

1441
  if (!_dbus_set_fd_nonblocking (fd.fd, error))
1442
    {
1443 1444
      _dbus_close (fd.fd, NULL);
      return _dbus_socket_get_invalid ();
1445 1446 1447 1448 1449 1450
    }

  return fd;
}

/**
1451 1452 1453 1454
 * Creates a socket and binds it to the given path, then listens on
 * the socket. The socket is set to be nonblocking.  In case of port=0
 * a random free port is used and returned in the port parameter.
 * If inaddr_any is specified, the hostname is ignored.
1455
 *
1456 1457
 * This will set FD_CLOEXEC for the socket returned
 *
1458
 * @param host the host name to listen on
1459 1460 1461 1462
 * @param port the port to listen on, if zero a free port will be used
 * @param family the address family to listen on, NULL for all
 * @param retport string to return the actual port listened on
 * @param fds_p location to store returned file descriptors
1463
 * @param error return location for errors
1464
 * @returns the number of listening file descriptors or -1 on error
1465 1466 1467
 */
int
_dbus_listen_tcp_socket (const char     *host,
1468 1469 1470
                         const char     *port,
                         const char     *family,
                         DBusString     *retport,
1471
                         DBusSocket    **fds_p,
1472 1473
                         DBusError      *error)
{
1474
  int saved_errno;
1475 1476
  int nlisten_fd = 0, res, i;
  DBusSocket *listen_fd = NULL;
1477 1478
  struct addrinfo hints;
  struct addrinfo *ai, *tmp;
1479
  unsigned int reuseaddr;
1480

1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492
  *fds_p = NULL;
  _DBUS_ASSERT_ERROR_IS_CLEAR (error);

  _DBUS_ZERO (hints);

  if (!family)
    hints.ai_family = AF_UNSPEC;
  else if (!strcmp(family, "ipv4"))
    hints.ai_family = AF_INET;
  else if (!strcmp(family, "ipv6"))
    hints.ai_family = AF_INET6;
  else
1493
    {
1494
      dbus_set_error (error,
1495
                      DBUS_ERROR_BAD_ADDRESS,
1496
                      "Unknown address family %s", family);
1497 1498 1499
      return -1;
    }

1500 1501 1502 1503 1504
  hints.ai_protocol = IPPROTO_TCP;
  hints.ai_socktype = SOCK_STREAM;
  hints.ai_flags = AI_ADDRCONFIG | AI_PASSIVE;

 redo_lookup_with_port:
1505
  ai = NULL;
1506
  if ((res = getaddrinfo(host, port, &hints, &ai)) != 0 || !ai)
1507
    {
1508 1509 1510 1511
      dbus_set_error (error,
                      _dbus_error_from_errno (errno),
                      "Failed to lookup host/port: \"%s:%s\": %s (%d)",
                      host ? host : "*", port, gai_strerror(res), res);
1512
      goto failed;
1513
    }
1514 1515 1516

  tmp = ai;
  while (tmp)
1517
    {
1518 1519 1520
      int fd = -1, tcp_nodelay_on;
      DBusSocket *newlisten_fd;

1521 1522 1523 1524 1525 1526
      if (!_dbus_open_socket (&fd, tmp->ai_family, SOCK_STREAM, 0, error))
        {
          _DBUS_ASSERT_ERROR_IS_SET(error);
          goto failed;
        }
      _DBUS_ASSERT_ERROR_IS_CLEAR(error);
1527

1528 1529 1530
      reuseaddr = 1;
      if (setsockopt (fd, SOL_SOCKET, SO_REUSEADDR, &reuseaddr, sizeof(reuseaddr))==-1)
        {
1531 1532
          _dbus_warn ("Failed to set socket option \"%s:%s\": %s",
                      host ? host : "*", port, _dbus_strerror (errno));
1533
        }
1534 1535 1536 1537 1538 1539 1540 1541 1542

      /* Nagle's algorithm imposes a huge delay on the initial messages
         going over TCP. */
      tcp_nodelay_on = 1;
      if (setsockopt (fd, IPPROTO_TCP, TCP_NODELAY, &tcp_nodelay_on, sizeof (tcp_nodelay_on)) == -1)
        {
          _dbus_warn ("Failed to set TCP_NODELAY socket option \"%s:%s\": %s",
                      host ? host : "*", port, _dbus_strerror (errno));
        }
1543

1544
      if (bind (fd, (struct sockaddr*) tmp->ai_addr, tmp->ai_addrlen) < 0)
1545
        {
1546
          saved_errno = errno;
1547
          _dbus_close(fd, NULL);
1548
          if (saved_errno == EADDRINUSE)
1549
            {
1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561
              /* Depending on kernel policy, binding to an IPv6 address
                 might implicitly bind to a corresponding IPv4
                 address or vice versa, resulting in EADDRINUSE for the
                 other one (e.g. bindv6only=0 on Linux).

                 Also, after we "goto redo_lookup_with_port" after binding
                 a port on one of the possible addresses, we will
                 try to bind that same port on every address, including the
                 same address again for a second time; that one will
                 also fail with EADDRINUSE.

                 For both those reasons, ignore EADDRINUSE here */
1562 1563 1564
              tmp = tmp->ai_next;
              continue;
            }
1565
          dbus_set_error (error, _dbus_error_from_errno (saved_errno),
1566
                          "Failed to bind socket \"%s:%s\": %s",
1567
                          host ? host : "*", port, _dbus_strerror (saved_errno));
1568
          goto failed;
1569
        }
1570 1571 1572

      if (listen (fd, 30 /* backlog */) < 0)
        {
1573
          saved_errno = errno;
1574
          _dbus_close (fd, NULL);
1575
          dbus_set_error (error, _dbus_error_from_errno (saved_errno),
1576
                          "Failed to listen on socket \"%s:%s\": %s",
1577
                          host ? host : "*", port, _dbus_strerror (saved_errno));
1578 1579 1580
          goto failed;
        }

1581
      newlisten_fd<