projects / systemd / .git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 78df26d)
sd-bus: introduce API for re-enqueuing incoming messages
authorJan Synacek <jsynacek@redhat.com>
Fri, 31 Jan 2020 10:34:45 +0000 (11:34 +0100)
committerLukas Nykryn <lnykryn@redhat.com>
Mon, 3 Feb 2020 11:41:24 +0000 (12:41 +0100)
When authorizing via PolicyKit we want to process incoming method calls
twice: once to process and figure out that we need PK authentication,
and a second time after we aquired PK authentication to actually execute
the operation. With this new call sd_bus_enqueue_for_read() we have a
way to put an incoming message back into the read queue for this
purpose.

This might have other uses too, for example debugging.
Related: CVE-2020-1712

src/libsystemd/libsystemd.sym patch | blob | history
src/libsystemd/sd-bus/sd-bus.c patch | blob | history
src/systemd/sd-bus.h patch | blob | history

diff --git a/src/libsystemd/libsystemd.sym b/src/libsystemd/libsystemd.sym
index 1eec17db50446477120329979fa1c11ea9512535..e9972593a66b799ad6b96891ac13539b6e235b81 100644 (file)
--- a/src/libsystemd/libsystemd.sym
+++ b/src/libsystemd/libsystemd.sym
@@ -569,4 +569,5 @@ global:
         sd_event_source_get_inotify_mask;
         sd_event_source_set_destroy_callback;
         sd_event_source_get_destroy_callback;
+        sd_bus_enqueue_for_read;
 } LIBSYSTEMD_238;
diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
index 2ab6387ffcb7bb8db33bf0bed01cd52e4e89aab9..97967ce9d3bf58a49efa63e6aae8181d6bae4c1b 100644 (file)
--- a/src/libsystemd/sd-bus/sd-bus.c
+++ b/src/libsystemd/sd-bus/sd-bus.c
@@ -4076,3 +4076,27 @@ _public_ int sd_bus_get_n_queued_write(sd_bus *bus, uint64_t *ret) {
         *ret = bus->wqueue_size;
         return 0;
 }
+
+_public_ int sd_bus_enqueue_for_read(sd_bus *bus, sd_bus_message *m) {
+        int r;
+
+        assert_return(bus, -EINVAL);
+        assert_return(bus = bus_resolve(bus), -ENOPKG);
+        assert_return(m, -EINVAL);
+        assert_return(m->sealed, -EINVAL);
+        assert_return(!bus_pid_changed(bus), -ECHILD);
+
+        if (!BUS_IS_OPEN(bus->state))
+                return -ENOTCONN;
+
+        /* Re-enqeue a message for reading. This is primarily useful for PolicyKit-style authentication,
+         * where we want accept a message, then determine we need to interactively authenticate the user, and
+         * when we have that process the message again. */
+
+        r = bus_rqueue_make_room(bus);
+        if (r < 0)
+                return r;
+
+        bus->rqueue[bus->rqueue_size++] = bus_message_ref_queued(m, bus);
+        return 0;
+}
diff --git a/src/systemd/sd-bus.h b/src/systemd/sd-bus.h
index 54c4b1ca83b221535d492855d095cfd32f6c7027..9ba757b13d29cb0140c879f26446af15277e30e5 100644 (file)
--- a/src/systemd/sd-bus.h
+++ b/src/systemd/sd-bus.h
@@ -193,6 +193,7 @@ int sd_bus_process(sd_bus *bus, sd_bus_message **r);
 int sd_bus_process_priority(sd_bus *bus, int64_t max_priority, sd_bus_message **r);
 int sd_bus_wait(sd_bus *bus, uint64_t timeout_usec);
 int sd_bus_flush(sd_bus *bus);
+int sd_bus_enqueue_for_read(sd_bus *bus, sd_bus_message *m);
 
 sd_bus_slot* sd_bus_get_current_slot(sd_bus *bus);
 sd_bus_message* sd_bus_get_current_message(sd_bus *bus);
https://github.com/systemd/systemd.git