|
|
b9a53a |
From 8efdae75ddf035c8c04983820f8d8cf767cc17b1 Mon Sep 17 00:00:00 2001
|
|
|
4b8c80 |
From: Jan Synacek <jsynacek@redhat.com>
|
|
|
4b8c80 |
Date: Fri, 31 Jan 2020 11:34:45 +0100
|
|
|
4b8c80 |
Subject: [PATCH] sd-bus: introduce API for re-enqueuing incoming messages
|
|
|
4b8c80 |
|
|
|
4b8c80 |
When authorizing via PolicyKit we want to process incoming method calls
|
|
|
4b8c80 |
twice: once to process and figure out that we need PK authentication,
|
|
|
4b8c80 |
and a second time after we aquired PK authentication to actually execute
|
|
|
4b8c80 |
the operation. With this new call sd_bus_enqueue_for_read() we have a
|
|
|
4b8c80 |
way to put an incoming message back into the read queue for this
|
|
|
4b8c80 |
purpose.
|
|
|
4b8c80 |
|
|
|
4b8c80 |
This might have other uses too, for example debugging.
|
|
|
4b8c80 |
Related: CVE-2020-1712
|
|
|
4b8c80 |
---
|
|
|
4b8c80 |
src/libsystemd/libsystemd.sym | 1 +
|
|
|
4b8c80 |
src/libsystemd/sd-bus/sd-bus.c | 24 ++++++++++++++++++++++++
|
|
|
4b8c80 |
src/systemd/sd-bus.h | 1 +
|
|
|
4b8c80 |
3 files changed, 26 insertions(+)
|
|
|
4b8c80 |
|
|
|
4b8c80 |
diff --git a/src/libsystemd/libsystemd.sym b/src/libsystemd/libsystemd.sym
|
|
|
4b8c80 |
index 1eec17db50..e9972593a6 100644
|
|
|
4b8c80 |
--- a/src/libsystemd/libsystemd.sym
|
|
|
4b8c80 |
+++ b/src/libsystemd/libsystemd.sym
|
|
|
4b8c80 |
@@ -569,4 +569,5 @@ global:
|
|
|
4b8c80 |
sd_event_source_get_inotify_mask;
|
|
|
4b8c80 |
sd_event_source_set_destroy_callback;
|
|
|
4b8c80 |
sd_event_source_get_destroy_callback;
|
|
|
4b8c80 |
+ sd_bus_enqueue_for_read;
|
|
|
4b8c80 |
} LIBSYSTEMD_238;
|
|
|
4b8c80 |
diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
|
|
|
4b8c80 |
index e49d58137d..68ad6cbe89 100644
|
|
|
4b8c80 |
--- a/src/libsystemd/sd-bus/sd-bus.c
|
|
|
4b8c80 |
+++ b/src/libsystemd/sd-bus/sd-bus.c
|
|
|
4b8c80 |
@@ -4120,3 +4120,27 @@ _public_ int sd_bus_get_n_queued_write(sd_bus *bus, uint64_t *ret) {
|
|
|
4b8c80 |
*ret = bus->wqueue_size;
|
|
|
4b8c80 |
return 0;
|
|
|
4b8c80 |
}
|
|
|
4b8c80 |
+
|
|
|
4b8c80 |
+_public_ int sd_bus_enqueue_for_read(sd_bus *bus, sd_bus_message *m) {
|
|
|
4b8c80 |
+ int r;
|
|
|
4b8c80 |
+
|
|
|
4b8c80 |
+ assert_return(bus, -EINVAL);
|
|
|
4b8c80 |
+ assert_return(bus = bus_resolve(bus), -ENOPKG);
|
|
|
4b8c80 |
+ assert_return(m, -EINVAL);
|
|
|
4b8c80 |
+ assert_return(m->sealed, -EINVAL);
|
|
|
4b8c80 |
+ assert_return(!bus_pid_changed(bus), -ECHILD);
|
|
|
4b8c80 |
+
|
|
|
4b8c80 |
+ if (!BUS_IS_OPEN(bus->state))
|
|
|
4b8c80 |
+ return -ENOTCONN;
|
|
|
4b8c80 |
+
|
|
|
4b8c80 |
+ /* Re-enqeue a message for reading. This is primarily useful for PolicyKit-style authentication,
|
|
|
4b8c80 |
+ * where we want accept a message, then determine we need to interactively authenticate the user, and
|
|
|
4b8c80 |
+ * when we have that process the message again. */
|
|
|
4b8c80 |
+
|
|
|
4b8c80 |
+ r = bus_rqueue_make_room(bus);
|
|
|
4b8c80 |
+ if (r < 0)
|
|
|
4b8c80 |
+ return r;
|
|
|
4b8c80 |
+
|
|
|
4b8c80 |
+ bus->rqueue[bus->rqueue_size++] = bus_message_ref_queued(m, bus);
|
|
|
4b8c80 |
+ return 0;
|
|
|
4b8c80 |
+}
|
|
|
4b8c80 |
diff --git a/src/systemd/sd-bus.h b/src/systemd/sd-bus.h
|
|
|
4b8c80 |
index 54c4b1ca83..9ba757b13d 100644
|
|
|
4b8c80 |
--- a/src/systemd/sd-bus.h
|
|
|
4b8c80 |
+++ b/src/systemd/sd-bus.h
|
|
|
4b8c80 |
@@ -193,6 +193,7 @@ int sd_bus_process(sd_bus *bus, sd_bus_message **r);
|
|
|
4b8c80 |
int sd_bus_process_priority(sd_bus *bus, int64_t max_priority, sd_bus_message **r);
|
|
|
4b8c80 |
int sd_bus_wait(sd_bus *bus, uint64_t timeout_usec);
|
|
|
4b8c80 |
int sd_bus_flush(sd_bus *bus);
|
|
|
4b8c80 |
+int sd_bus_enqueue_for_read(sd_bus *bus, sd_bus_message *m);
|
|
|
4b8c80 |
|
|
|
4b8c80 |
sd_bus_slot* sd_bus_get_current_slot(sd_bus *bus);
|
|
|
4b8c80 |
sd_bus_message* sd_bus_get_current_message(sd_bus *bus);
|