[systemd.git] / src / core / dbus-scope.c

/* SPDX-License-Identifier: LGPL-2.1+ */

#include "alloc-util.h"
#include "bus-common-errors.h"
#include "bus-internal.h"
#include "bus-util.h"
#include "dbus-cgroup.h"
#include "dbus-kill.h"
#include "dbus-scope.h"
#include "dbus-unit.h"
#include "dbus-util.h"
#include "dbus.h"
#include "scope.h"
#include "selinux-access.h"
#include "unit.h"

int bus_scope_method_abandon(sd_bus_message *message, void *userdata, sd_bus_error *error) {
        Scope *s = userdata;
        int r;

        assert(message);
        assert(s);

        r = mac_selinux_unit_access_check(UNIT(s), message, "stop", error);
        if (r < 0)
                return r;

        r = bus_verify_manage_units_async(UNIT(s)->manager, message, error);
        if (r < 0)
                return r;
        if (r == 0)
                return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */

        r = scope_abandon(s);
        if (r == -ESTALE)
                return sd_bus_error_setf(error, BUS_ERROR_SCOPE_NOT_RUNNING, "Scope %s is not running, cannot abandon.", UNIT(s)->id);
        if (r < 0)
                return r;

        return sd_bus_reply_method_return(message, NULL);
}

static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_result, scope_result, ScopeResult);

const sd_bus_vtable bus_scope_vtable[] = {
        SD_BUS_VTABLE_START(0),
        SD_BUS_PROPERTY("Controller", "s", NULL, offsetof(Scope, controller), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
        SD_BUS_PROPERTY("TimeoutStopUSec", "t", bus_property_get_usec, offsetof(Scope, timeout_stop_usec), SD_BUS_VTABLE_PROPERTY_CONST),
        SD_BUS_PROPERTY("Result", "s", property_get_result, offsetof(Scope, result), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
        SD_BUS_SIGNAL("RequestStop", NULL, 0),
        SD_BUS_METHOD("Abandon", NULL, NULL, bus_scope_method_abandon, SD_BUS_VTABLE_UNPRIVILEGED),
        SD_BUS_VTABLE_END
};

static int bus_scope_set_transient_property(
                Scope *s,
                const char *name,
                sd_bus_message *message,
                UnitWriteFlags flags,
                sd_bus_error *error) {

        int r;

        assert(s);
        assert(name);
        assert(message);

        flags |= UNIT_PRIVATE;

        if (streq(name, "TimeoutStopUSec"))
                return bus_set_transient_usec(UNIT(s), name, &s->timeout_stop_usec, message, flags, error);

        if (streq(name, "PIDs")) {
                _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
                unsigned n = 0;

                r = sd_bus_message_enter_container(message, 'a', "u");
                if (r < 0)
                        return r;

                for (;;) {
                        uint32_t upid;
                        pid_t pid;

                        r = sd_bus_message_read(message, "u", &upid);
                        if (r < 0)
                                return r;
                        if (r == 0)
                                break;

                        if (upid == 0) {
                                if (!creds) {
                                        r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_PID, &creds);
                                        if (r < 0)
                                                return r;
                                }

                                r = sd_bus_creds_get_pid(creds, &pid);
                                if (r < 0)
                                        return r;
                        } else
                                pid = (uid_t) upid;

                        r = unit_pid_attachable(UNIT(s), pid, error);
                        if (r < 0)
                                return r;

                        if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
                                r = unit_watch_pid(UNIT(s), pid);
                                if (r < 0 && r != -EEXIST)
                                        return r;
                        }

                        n++;
                }

                r = sd_bus_message_exit_container(message);
                if (r < 0)
                        return r;

                if (n <= 0)
                        return -EINVAL;

                return 1;

        } else if (streq(name, "Controller")) {
                const char *controller;

                /* We can't support direct connections with this, as direct connections know no service or unique name
                 * concept, but the Controller field stores exactly that. */
                if (sd_bus_message_get_bus(message) != UNIT(s)->manager->api_bus)
                        return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Sorry, Controller= logic only supported via the bus.");

                r = sd_bus_message_read(message, "s", &controller);
                if (r < 0)
                        return r;

                if (!isempty(controller) && !service_name_is_valid(controller))
                        return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Controller '%s' is not a valid bus name.", controller);

                if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
                        r = free_and_strdup(&s->controller, empty_to_null(controller));
                        if (r < 0)
                                return r;
                }

                return 1;
        }

        return 0;
}

int bus_scope_set_property(
                Unit *u,
                const char *name,
                sd_bus_message *message,
                UnitWriteFlags flags,
                sd_bus_error *error) {

        Scope *s = SCOPE(u);
        int r;

        assert(s);
        assert(name);
        assert(message);

        r = bus_cgroup_set_property(u, &s->cgroup_context, name, message, flags, error);
        if (r != 0)
                return r;

        if (u->load_state == UNIT_STUB) {
                /* While we are created we still accept PIDs */

                r = bus_scope_set_transient_property(s, name, message, flags, error);
                if (r != 0)
                        return r;

                r = bus_kill_context_set_transient_property(u, &s->kill_context, name, message, flags, error);
                if (r != 0)
                        return r;
        }

        return 0;
}

int bus_scope_commit_properties(Unit *u) {
        assert(u);

        unit_invalidate_cgroup_members_masks(u);
        unit_realize_cgroup(u);

        return 0;
}

int bus_scope_send_request_stop(Scope *s) {
        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
        _cleanup_free_ char *p = NULL;
        int r;

        assert(s);

        if (!s->controller)
                return 0;

        p = unit_dbus_path(UNIT(s));
        if (!p)
                return -ENOMEM;

        r = sd_bus_message_new_signal(
                        UNIT(s)->manager->api_bus,
                        &m,
                        p,
                        "org.freedesktop.systemd1.Scope",
                        "RequestStop");
        if (r < 0)
                return r;

        return sd_bus_send_to(UNIT(s)->manager->api_bus, m, s->controller, NULL);
}

static int on_controller_gone(sd_bus_track *track, void *userdata) {
        Scope *s = userdata;

        assert(track);

        if (s->controller) {
                log_unit_debug(UNIT(s), "Controller %s disappeared from bus.", s->controller);
                unit_add_to_dbus_queue(UNIT(s));
                s->controller = mfree(s->controller);
        }

        s->controller_track = sd_bus_track_unref(s->controller_track);

        return 0;
}

int bus_scope_track_controller(Scope *s) {
        int r;

        assert(s);

        if (!s->controller || s->controller_track)
                return 0;

        r = sd_bus_track_new(UNIT(s)->manager->api_bus, &s->controller_track, on_controller_gone, s);
        if (r < 0)
                return r;

        r = sd_bus_track_add_name(s->controller_track, s->controller);
        if (r < 0) {
                s->controller_track = sd_bus_track_unref(s->controller_track);
                return r;
        }

        return 0;
}
Commit	Line	Data
52ad194e	1	/* SPDX-License-Identifier: LGPL-2.1+ */
14228c0d	2
db2df898	3	#include "alloc-util.h"
f47781d8	4	#include "bus-common-errors.h"
db2df898 MP	5	#include "bus-internal.h"
db2df898 MP	6	#include "bus-util.h"
e3bff60a MP	7	#include "dbus-cgroup.h"
	8	#include "dbus-kill.h"
	9	#include "dbus-scope.h"
db2df898	10	#include "dbus-unit.h"
1d42b86d	11	#include "dbus-util.h"
db2df898 MP	12	#include "dbus.h"
	13	#include "scope.h"
	14	#include "selinux-access.h"
	15	#include "unit.h"
14228c0d	16
6e866b33	17	int bus_scope_method_abandon(sd_bus_message message, void userdata, sd_bus_error *error) {
60f067b4 JS	18	Scope *s = userdata;
60f067b4 JS	19	int r;
14228c0d	20
60f067b4 JS	21	assert(message);
60f067b4 JS	22	assert(s);
14228c0d	23
e3bff60a MP	24	r = mac_selinux_unit_access_check(UNIT(s), message, "stop", error);
	25	if (r < 0)
	26	return r;
	27
	28	r = bus_verify_manage_units_async(UNIT(s)->manager, message, error);
5eef597e MP	29	if (r < 0)
	30	return r;
	31	if (r == 0)
	32	return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
	33
60f067b4	34	r = scope_abandon(s);
60f067b4 JS	35	if (r == -ESTALE)
60f067b4 JS	36	return sd_bus_error_setf(error, BUS_ERROR_SCOPE_NOT_RUNNING, "Scope %s is not running, cannot abandon.", UNIT(s)->id);
e3bff60a MP	37	if (r < 0)
e3bff60a MP	38	return r;
14228c0d	39
60f067b4	40	return sd_bus_reply_method_return(message, NULL);
14228c0d MB	41	}
14228c0d MB	42
60f067b4 JS	43	static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_result, scope_result, ScopeResult);
	44
	45	const sd_bus_vtable bus_scope_vtable[] = {
	46	SD_BUS_VTABLE_START(0),
52ad194e	47	SD_BUS_PROPERTY("Controller", "s", NULL, offsetof(Scope, controller), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
60f067b4 JS	48	SD_BUS_PROPERTY("TimeoutStopUSec", "t", bus_property_get_usec, offsetof(Scope, timeout_stop_usec), SD_BUS_VTABLE_PROPERTY_CONST),
	49	SD_BUS_PROPERTY("Result", "s", property_get_result, offsetof(Scope, result), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
	50	SD_BUS_SIGNAL("RequestStop", NULL, 0),
6e866b33	51	SD_BUS_METHOD("Abandon", NULL, NULL, bus_scope_method_abandon, SD_BUS_VTABLE_UNPRIVILEGED),
60f067b4 JS	52	SD_BUS_VTABLE_END
	53	};
	54
14228c0d MB	55	static int bus_scope_set_transient_property(
	56	Scope *s,
	57	const char *name,
60f067b4	58	sd_bus_message *message,
52ad194e	59	UnitWriteFlags flags,
60f067b4	60	sd_bus_error *error) {
14228c0d MB	61
	62	int r;
	63
14228c0d	64	assert(s);
60f067b4 JS	65	assert(name);
60f067b4 JS	66	assert(message);
14228c0d	67
52ad194e MB	68	flags \|= UNIT_PRIVATE;
52ad194e MB	69
1d42b86d MB	70	if (streq(name, "TimeoutStopUSec"))
	71	return bus_set_transient_usec(UNIT(s), name, &s->timeout_stop_usec, message, flags, error);
	72
14228c0d	73	if (streq(name, "PIDs")) {
98393f85	74	_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
14228c0d MB	75	unsigned n = 0;
14228c0d MB	76
60f067b4	77	r = sd_bus_message_enter_container(message, 'a', "u");
14228c0d MB	78	if (r < 0)
	79	return r;
	80
98393f85 MB	81	for (;;) {
	82	uint32_t upid;
	83	pid_t pid;
	84
	85	r = sd_bus_message_read(message, "u", &upid);
	86	if (r < 0)
	87	return r;
	88	if (r == 0)
	89	break;
	90
	91	if (upid == 0) {
	92	if (!creds) {
	93	r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_PID, &creds);
	94	if (r < 0)
	95	return r;
	96	}
	97
	98	r = sd_bus_creds_get_pid(creds, &pid);
	99	if (r < 0)
	100	return r;
	101	} else
	102	pid = (uid_t) upid;
14228c0d	103
98393f85 MB	104	r = unit_pid_attachable(UNIT(s), pid, error);
	105	if (r < 0)
	106	return r;
14228c0d	107
52ad194e	108	if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
60f067b4	109	r = unit_watch_pid(UNIT(s), pid);
14228c0d MB	110	if (r < 0 && r != -EEXIST)
	111	return r;
	112	}
	113
14228c0d MB	114	n++;
14228c0d MB	115	}
60f067b4 JS	116
	117	r = sd_bus_message_exit_container(message);
	118	if (r < 0)
	119	return r;
14228c0d MB	120
	121	if (n <= 0)
	122	return -EINVAL;
	123
	124	return 1;
	125
60f067b4 JS	126	} else if (streq(name, "Controller")) {
60f067b4 JS	127	const char *controller;
52ad194e MB	128
	129	/* We can't support direct connections with this, as direct connections know no service or unique name
	130	* concept, but the Controller field stores exactly that. */
	131	if (sd_bus_message_get_bus(message) != UNIT(s)->manager->api_bus)
	132	return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Sorry, Controller= logic only supported via the bus.");
14228c0d	133
60f067b4 JS	134	r = sd_bus_message_read(message, "s", &controller);
	135	if (r < 0)
	136	return r;
	137
	138	if (!isempty(controller) && !service_name_is_valid(controller))
	139	return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Controller '%s' is not a valid bus name.", controller);
14228c0d	140
52ad194e MB	141	if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
	142	r = free_and_strdup(&s->controller, empty_to_null(controller));
	143	if (r < 0)
	144	return r;
60f067b4	145	}
14228c0d	146
14228c0d MB	147	return 1;
	148	}
	149
	150	return 0;
	151	}
	152
	153	int bus_scope_set_property(
	154	Unit *u,
	155	const char *name,
60f067b4	156	sd_bus_message *message,
52ad194e	157	UnitWriteFlags flags,
60f067b4	158	sd_bus_error *error) {
14228c0d MB	159
	160	Scope *s = SCOPE(u);
	161	int r;
	162
60f067b4	163	assert(s);
14228c0d	164	assert(name);
60f067b4	165	assert(message);
14228c0d	166
52ad194e	167	r = bus_cgroup_set_property(u, &s->cgroup_context, name, message, flags, error);
14228c0d MB	168	if (r != 0)
	169	return r;
	170
	171	if (u->load_state == UNIT_STUB) {
	172	/* While we are created we still accept PIDs */
	173
52ad194e	174	r = bus_scope_set_transient_property(s, name, message, flags, error);
14228c0d MB	175	if (r != 0)
	176	return r;
	177
52ad194e	178	r = bus_kill_context_set_transient_property(u, &s->kill_context, name, message, flags, error);
14228c0d MB	179	if (r != 0)
	180	return r;
	181	}
	182
	183	return 0;
	184	}
	185
	186	int bus_scope_commit_properties(Unit *u) {
	187	assert(u);
	188
6e866b33	189	unit_invalidate_cgroup_members_masks(u);
14228c0d	190	unit_realize_cgroup(u);
60f067b4	191
14228c0d MB	192	return 0;
14228c0d MB	193	}
60f067b4 JS	194
60f067b4 JS	195	int bus_scope_send_request_stop(Scope *s) {
4c89c718	196	_cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
60f067b4 JS	197	_cleanup_free_ char *p = NULL;
	198	int r;
	199
	200	assert(s);
	201
	202	if (!s->controller)
	203	return 0;
	204
	205	p = unit_dbus_path(UNIT(s));
	206	if (!p)
	207	return -ENOMEM;
	208
	209	r = sd_bus_message_new_signal(
	210	UNIT(s)->manager->api_bus,
	211	&m,
	212	p,
	213	"org.freedesktop.systemd1.Scope",
	214	"RequestStop");
	215	if (r < 0)
	216	return r;
	217
5a920b42	218	return sd_bus_send_to(UNIT(s)->manager->api_bus, m, s->controller, NULL);
60f067b4	219	}
52ad194e MB	220
	221	static int on_controller_gone(sd_bus_track track, void userdata) {
	222	Scope *s = userdata;
	223
	224	assert(track);
	225
	226	if (s->controller) {
	227	log_unit_debug(UNIT(s), "Controller %s disappeared from bus.", s->controller);
	228	unit_add_to_dbus_queue(UNIT(s));
	229	s->controller = mfree(s->controller);
	230	}
	231
	232	s->controller_track = sd_bus_track_unref(s->controller_track);
	233
	234	return 0;
	235	}
	236
	237	int bus_scope_track_controller(Scope *s) {
	238	int r;
	239
	240	assert(s);
	241
	242	if (!s->controller \|\| s->controller_track)
	243	return 0;
	244
	245	r = sd_bus_track_new(UNIT(s)->manager->api_bus, &s->controller_track, on_controller_gone, s);
	246	if (r < 0)
	247	return r;
	248
	249	r = sd_bus_track_add_name(s->controller_track, s->controller);
	250	if (r < 0) {
	251	s->controller_track = sd_bus_track_unref(s->controller_track);
	252	return r;
	253	}
	254
	255	return 0;
	256	}