// SPDX-License-Identifier: GPL-2.0+
/*
* Copyright (C) 2008 - 2012 Red Hat, Inc.
*/
#include "nm-default.h"
#include <syslog.h>
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <sys/types.h>
#include <signal.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <arpa/inet.h>
#include <glib-unix.h>
#include "nm-libnm-core-aux/nm-dispatcher-api.h"
#include "nm-dispatcher-utils.h"
/*****************************************************************************/
typedef struct Request Request;
static struct {
GDBusConnection *dbus_connection;
GMainLoop *loop;
gboolean debug;
gboolean persist;
guint quit_id;
guint request_id_counter;
gboolean ever_acquired_name;
bool exit_with_failure;
Request *current_request;
GQueue *requests_waiting;
int num_requests_pending;
} gl;
typedef struct {
Request *request;
char *script;
GPid pid;
DispatchResult result;
char *error;
gboolean wait;
gboolean dispatched;
guint watch_id;
guint timeout_id;
} ScriptInfo;
struct Request {
guint request_id;
GDBusMethodInvocation *context;
char *action;
char *iface;
char **envp;
gboolean debug;
GPtrArray *scripts; /* list of ScriptInfo */
guint idx;
int num_scripts_done;
int num_scripts_nowait;
};
/*****************************************************************************/
#define __LOG_print(print_cmd, ...) \
G_STMT_START { \
if (FALSE) { \
/* g_message() alone does not warn about invalid format. Add a dummy printf() statement to
* get a compiler warning about wrong format. */ \
printf (__VA_ARGS__); \
} \
print_cmd (__VA_ARGS__); \
} G_STMT_END
#define __LOG_print_R(print_cmd, _request, ...) \
G_STMT_START { \
__LOG_print (print_cmd, \
"req:%u '%s'%s%s%s" _NM_UTILS_MACRO_FIRST (__VA_ARGS__), \
(_request)->request_id, \
(_request)->action, \
(_request)->iface ? " [" : "", \
(_request)->iface ?: "", \
(_request)->iface ? "]" : "" \
_NM_UTILS_MACRO_REST (__VA_ARGS__)); \
} G_STMT_END
#define __LOG_print_S(print_cmd, _request, _script, ...) \
G_STMT_START { \
__LOG_print_R (print_cmd, \
(_request), \
"%s%s%s" _NM_UTILS_MACRO_FIRST (__VA_ARGS__), \
(_script) ? ", \"" : "", \
(_script) ? (_script)->script : "", \
(_script) ? "\"" : "" \
_NM_UTILS_MACRO_REST (__VA_ARGS__)); \
} G_STMT_END
#define _LOG_X_(enabled_cmd, print_cmd, ...) \
G_STMT_START { \
if (enabled_cmd) \
__LOG_print (print_cmd, __VA_ARGS__); \
} G_STMT_END
#define _LOG_R_(enabled_cmd, x_request, print_cmd, ...) \
G_STMT_START { \
const Request *const _request = (x_request); \
\
nm_assert (_request); \
if (enabled_cmd) \
__LOG_print_R (print_cmd, _request, ": "__VA_ARGS__); \
} G_STMT_END
#define _LOG_S_(enabled_cmd, x_script, print_cmd, ...) \
G_STMT_START { \
const ScriptInfo *const _script = (x_script); \
const Request *const _request = _script ? _script->request : NULL; \
\
nm_assert (_script && _request); \
if (enabled_cmd) \
__LOG_print_S (print_cmd, _request, _script, ": "__VA_ARGS__); \
} G_STMT_END
#define _LOG_X_D_enabled() (gl.debug)
#define _LOG_X_T_enabled() _LOG_X_D_enabled ()
#define _LOG_R_D_enabled(request) (_NM_ENSURE_TYPE_CONST (Request *, request)->debug)
#define _LOG_R_T_enabled(request) _LOG_R_D_enabled (request)
#define _LOG_X_T(...) _LOG_X_ (_LOG_X_T_enabled (), g_debug, __VA_ARGS__)
#define _LOG_X_D(...) _LOG_X_ (_LOG_X_D_enabled (), g_info, __VA_ARGS__)
#define _LOG_X_I(...) _LOG_X_ (TRUE, g_message, __VA_ARGS__)
#define _LOG_X_W(...) _LOG_X_ (TRUE, g_warning, __VA_ARGS__)
#define _LOG_R_T(request, ...) _LOG_R_ (_LOG_R_T_enabled (_request), request, g_debug, __VA_ARGS__)
#define _LOG_R_D(request, ...) _LOG_R_ (_LOG_R_D_enabled (_request), request, g_info, __VA_ARGS__)
#define _LOG_R_W(request, ...) _LOG_R_ (TRUE, request, g_warning, __VA_ARGS__)
#define _LOG_S_T(script, ...) _LOG_S_ (_LOG_R_T_enabled (_request), script, g_debug, __VA_ARGS__)
#define _LOG_S_D(script, ...) _LOG_S_ (_LOG_R_D_enabled (_request), script, g_info, __VA_ARGS__)
#define _LOG_S_W(script, ...) _LOG_S_ (TRUE, script, g_warning, __VA_ARGS__)
/*****************************************************************************/
static gboolean dispatch_one_script (Request *request);
/*****************************************************************************/
static void
script_info_free (gpointer ptr)
{
ScriptInfo *info = ptr;
g_free (info->script);
g_free (info->error);
g_slice_free (ScriptInfo, info);
}
static void
request_free (Request *request)
{
g_assert_cmpuint (request->num_scripts_done, ==, request->scripts->len);
g_assert_cmpuint (request->num_scripts_nowait, ==, 0);
g_free (request->action);
g_free (request->iface);
g_strfreev (request->envp);
g_ptr_array_free (request->scripts, TRUE);
g_slice_free (Request, request);
}
static gboolean
quit_timeout_cb (gpointer user_data)
{
gl.quit_id = 0;
g_main_loop_quit (gl.loop);
return G_SOURCE_REMOVE;
}
static void
quit_timeout_reschedule (void)
{
if (!gl.persist) {
nm_clear_g_source (&gl.quit_id);
gl.quit_id = g_timeout_add_seconds (10, quit_timeout_cb, NULL);
}
}
/**
* next_request:
*
* @request: (allow-none): the request to set as next. If %NULL, dequeue the next
* waiting request. Otherwise, try to set the given request.
*
* Sets the currently active request (@current_request). The current request
* is a request that has at least on "wait" script, because requests that only
* consist of "no-wait" scripts are handled right away and not enqueued to
* @requests_waiting nor set as @current_request.
*
* Returns: %TRUE, if there was currently not request in process and it set
* a new request as current.
*/
static gboolean
next_request (Request *request)
{
if (request) {
if (gl.current_request) {
g_queue_push_tail (gl.requests_waiting, request);
return FALSE;
}
} else {
/* when calling next_request() without explicit @request, we always
* forcefully clear @current_request. That one is certainly
* handled already. */
gl.current_request = NULL;
request = g_queue_pop_head (gl.requests_waiting);
if (!request)
return FALSE;
}
_LOG_R_D (request, "start running ordered scripts...");
gl.current_request = request;
return TRUE;
}
/**
* complete_request:
* @request: the request
*
* Checks if all the scripts for the request have terminated and in such case
* it sends the D-Bus response and releases the request resources.
*
* It also decreases @num_requests_pending and possibly does quit_timeout_reschedule().
*/
static void
complete_request (Request *request)
{
GVariantBuilder results;
GVariant *ret;
guint i;
nm_assert (request);
/* Are there still pending scripts? Then do nothing (for now). */
if (request->num_scripts_done < request->scripts->len)
return;
g_variant_builder_init (&results, G_VARIANT_TYPE ("a(sus)"));
for (i = 0; i < request->scripts->len; i++) {
ScriptInfo *script = g_ptr_array_index (request->scripts, i);
g_variant_builder_add (&results, "(sus)",
script->script,
script->result,
script->error ?: "");
}
ret = g_variant_new ("(a(sus))", &results);
g_dbus_method_invocation_return_value (request->context, ret);
_LOG_R_T (request, "completed (%u scripts)", request->scripts->len);
if (gl.current_request == request)
gl.current_request = NULL;
request_free (request);
g_assert_cmpuint (gl.num_requests_pending, >, 0);
if (--gl.num_requests_pending <= 0) {
nm_assert (!gl.current_request && !g_queue_peek_head (gl.requests_waiting));
quit_timeout_reschedule ();
}
}
static void
complete_script (ScriptInfo *script)
{
Request *request;
gboolean wait = script->wait;
request = script->request;
if (wait) {
/* for "wait" scripts, try to schedule the next blocking script.
* If that is successful, return (as we must wait for its completion). */
if (dispatch_one_script (request))
return;
}
nm_assert (!wait || gl.current_request == request);
/* Try to complete the request. @request will be possibly free'd,
* making @script and @request a dangling pointer. */
complete_request (request);
if (!wait) {
/* this was a "no-wait" script. We either completed the request,
* or there is nothing to do. Especially, there is no need to
* queue the next_request() -- because no-wait scripts don't block
* requests. However, if this was the last "no-wait" script and
* there are "wait" scripts ready to run, launch them.
*/
if ( gl.current_request == request
&& gl.current_request->num_scripts_nowait == 0) {
if (dispatch_one_script (gl.current_request))
return;
complete_request (gl.current_request);
} else
return;
} else {
/* if the script is a "wait" script, we already tried above to
* dispatch the next script. As we didn't do that, it means we
* just completed the last script of @request and we can continue
* with the next request...
*
* Also, it cannot be that there is another request currently being
* processed because only requests with "wait" scripts can become
* @current_request. As there can only be one "wait" script running
* at any time, it means complete_request() above completed @request. */
nm_assert (!gl.current_request);
}
while (next_request (NULL)) {
request = gl.current_request;
if (dispatch_one_script (request))
return;
/* Try to complete the request. It will be either completed
* now, or when all pending "no-wait" scripts return. */
complete_request (request);
/* We can immediately start next_request(), because our current
* @request has obviously no more "wait" scripts either.
* Repeat... */
}
}
static void
script_watch_cb (GPid pid, int status, gpointer user_data)
{
ScriptInfo *script = user_data;
guint err;
g_assert (pid == script->pid);
script->watch_id = 0;
nm_clear_g_source (&script->timeout_id);
script->request->num_scripts_done++;
if (!script->wait)
script->request->num_scripts_nowait--;
if (WIFEXITED (status)) {
err = WEXITSTATUS (status);
if (err == 0)
script->result = DISPATCH_RESULT_SUCCESS;
else {
script->error = g_strdup_printf ("Script '%s' exited with error status %d.",
script->script, err);
}
} else if (WIFSTOPPED (status)) {
script->error = g_strdup_printf ("Script '%s' stopped unexpectedly with signal %d.",
script->script, WSTOPSIG (status));
} else if (WIFSIGNALED (status)) {
script->error = g_strdup_printf ("Script '%s' died with signal %d",
script->script, WTERMSIG (status));
} else {
script->error = g_strdup_printf ("Script '%s' died from an unknown cause",
script->script);
}
if (script->result == DISPATCH_RESULT_SUCCESS) {
_LOG_S_T (script, "complete");
} else {
script->result = DISPATCH_RESULT_FAILED;
_LOG_S_W (script, "complete: failed with %s", script->error);
}
g_spawn_close_pid (script->pid);
complete_script (script);
}
static gboolean
script_timeout_cb (gpointer user_data)
{
ScriptInfo *script = user_data;
script->timeout_id = 0;
nm_clear_g_source (&script->watch_id);
script->request->num_scripts_done++;
if (!script->wait)
script->request->num_scripts_nowait--;
_LOG_S_W (script, "complete: timeout (kill script)");
kill (script->pid, SIGKILL);
again:
if (waitpid (script->pid, NULL, 0) == -1) {
if (errno == EINTR)
goto again;
}
script->error = g_strdup_printf ("Script '%s' timed out.", script->script);
script->result = DISPATCH_RESULT_TIMEOUT;
g_spawn_close_pid (script->pid);
complete_script (script);
return FALSE;
}
static gboolean
check_permissions (struct stat *s, const char **out_error_msg)
{
g_return_val_if_fail (s != NULL, FALSE);
g_return_val_if_fail (out_error_msg != NULL, FALSE);
g_return_val_if_fail (*out_error_msg == NULL, FALSE);
/* Only accept files owned by root */
if (s->st_uid != 0) {
*out_error_msg = "not owned by root.";
return FALSE;
}
/* Only accept files not writable by group or other, and not SUID */
if (s->st_mode & (S_IWGRP | S_IWOTH | S_ISUID)) {
*out_error_msg = "writable by group or other, or set-UID.";
return FALSE;
}
/* Only accept files executable by the owner */
if (!(s->st_mode & S_IXUSR)) {
*out_error_msg = "not executable by owner.";
return FALSE;
}
return TRUE;
}
static gboolean
check_filename (const char *file_name)
{
static const char *bad_suffixes[] = {
"~",
".rpmsave",
".rpmorig",
".rpmnew",
".swp",
};
char *tmp;
guint i;
/* File must not be a backup file, package management file, or start with '.' */
if (file_name[0] == '.')
return FALSE;
for (i = 0; i < G_N_ELEMENTS (bad_suffixes); i++) {
if (g_str_has_suffix (file_name, bad_suffixes[i]))
return FALSE;
}
tmp = g_strrstr (file_name, ".dpkg-");
if (tmp && !strchr (&tmp[1], '.'))
return FALSE;
return TRUE;
}
#define SCRIPT_TIMEOUT 600 /* 10 minutes */
static gboolean
script_dispatch (ScriptInfo *script)
{
gs_free_error GError *error = NULL;
char *argv[4];
Request *request = script->request;
if (script->dispatched)
return FALSE;
script->dispatched = TRUE;
/* Only for "hostname" action we coerce the interface name to "none". We don't
* do so for "connectivity-check" action. */
argv[0] = script->script;
argv[1] = request->iface
?: (nm_streq (request->action, NMD_ACTION_HOSTNAME) ? "none" : "");
argv[2] = request->action;
argv[3] = NULL;
_LOG_S_T (script, "run script%s", script->wait ? "" : " (no-wait)");
if (!g_spawn_async ("/", argv, request->envp, G_SPAWN_DO_NOT_REAP_CHILD, NULL, NULL, &script->pid, &error)) {
_LOG_S_W (script, "complete: failed to execute script: %s", error->message);
script->result = DISPATCH_RESULT_EXEC_FAILED;
script->error = g_strdup (error->message);
request->num_scripts_done++;
return FALSE;
}
script->watch_id = g_child_watch_add (script->pid, (GChildWatchFunc) script_watch_cb, script);
script->timeout_id = g_timeout_add_seconds (SCRIPT_TIMEOUT, script_timeout_cb, script);
if (!script->wait)
request->num_scripts_nowait++;
return TRUE;
}
static gboolean
dispatch_one_script (Request *request)
{
if (request->num_scripts_nowait > 0)
return TRUE;
while (request->idx < request->scripts->len) {
ScriptInfo *script;
script = g_ptr_array_index (request->scripts, request->idx++);
if (script_dispatch (script))
return TRUE;
}
return FALSE;
}
static int
_compare_basenames (gconstpointer a, gconstpointer b)
{
const char *basename_a = strrchr (a, '/');
const char *basename_b = strrchr (b, '/');
int ret;
nm_assert (basename_a);
nm_assert (basename_b);
ret = strcmp (++basename_a, ++basename_b);
if (ret)
return ret;
nm_assert_not_reached ();
return 0;
}
static void
_find_scripts (Request *request, GHashTable *scripts, const char *base, const char *subdir)
{
const char *filename;
gs_free char *dirname = NULL;
GError *error = NULL;
GDir *dir;
dirname = g_build_filename (base, "dispatcher.d", subdir, NULL);
if (!(dir = g_dir_open (dirname, 0, &error))) {
if (!g_error_matches (error, G_FILE_ERROR, G_FILE_ERROR_NOENT)) {
_LOG_R_W (request, "find-scripts: Failed to open dispatcher directory '%s': %s",
dirname, error->message);
}
g_error_free (error);
return;
}
while ((filename = g_dir_read_name (dir))) {
if (!check_filename (filename))
continue;
g_hash_table_insert (scripts,
g_strdup (filename),
g_build_filename (dirname, filename, NULL));
}
g_dir_close (dir);
}
static GSList *
find_scripts (Request *request)
{
gs_unref_hashtable GHashTable *scripts = NULL;
GSList *script_list = NULL;
GHashTableIter iter;
const char *subdir;
char *path;
char *filename;
if (NM_IN_STRSET (request->action, NMD_ACTION_PRE_UP,
NMD_ACTION_VPN_PRE_UP))
subdir = "pre-up.d";
else if (NM_IN_STRSET (request->action, NMD_ACTION_PRE_DOWN,
NMD_ACTION_VPN_PRE_DOWN))
subdir = "pre-down.d";
else
subdir = NULL;
scripts = g_hash_table_new_full (nm_str_hash, g_str_equal, g_free, g_free);
_find_scripts (request, scripts, NMLIBDIR, subdir);
_find_scripts (request, scripts, NMCONFDIR, subdir);
g_hash_table_iter_init (&iter, scripts);
while (g_hash_table_iter_next (&iter, (gpointer *) &filename, (gpointer *) &path)) {
gs_free char *link_target = NULL;
const char *err_msg = NULL;
struct stat st;
int err;
link_target = g_file_read_link (path, NULL);
if (nm_streq0 (link_target, "/dev/null"))
continue;
err = stat (path, &st);
if (err)
_LOG_R_W (request, "find-scripts: Failed to stat '%s': %d", path, err);
else if ( !S_ISREG (st.st_mode)
|| st.st_size == 0) {
/* silently skip. */
} else if (!check_permissions (&st, &err_msg))
_LOG_R_W (request, "find-scripts: Cannot execute '%s': %s", path, err_msg);
else {
/* success */
script_list = g_slist_prepend (script_list, g_strdup (path));
continue;
}
}
return g_slist_sort (script_list, _compare_basenames);
}
static gboolean
script_must_wait (const char *path)
{
gs_free char *link = NULL;
link = g_file_read_link (path, NULL);
if (link) {
gs_free char *dir = NULL;
nm_auto_free char *real = NULL;
if (!g_path_is_absolute (link)) {
char *tmp;
dir = g_path_get_dirname (path);
tmp = g_build_path ("/", dir, link, NULL);
g_free (link);
g_free (dir);
link = tmp;
}
dir = g_path_get_dirname (link);
real = realpath (dir, NULL);
if (NM_STR_HAS_SUFFIX (real, "/no-wait.d"))
return FALSE;
}
return TRUE;
}
static void
_method_call_action (GDBusMethodInvocation *invocation,
GVariant *parameters)
{
const char *action;
gs_unref_variant GVariant *connection = NULL;
gs_unref_variant GVariant *connection_properties = NULL;
gs_unref_variant GVariant *device_properties = NULL;
gs_unref_variant GVariant *device_proxy_properties = NULL;
gs_unref_variant GVariant *device_ip4_config = NULL;
gs_unref_variant GVariant *device_ip6_config = NULL;
gs_unref_variant GVariant *device_dhcp4_config = NULL;
gs_unref_variant GVariant *device_dhcp6_config = NULL;
const char *connectivity_state;
const char *vpn_ip_iface;
gs_unref_variant GVariant *vpn_proxy_properties = NULL;
gs_unref_variant GVariant *vpn_ip4_config = NULL;
gs_unref_variant GVariant *vpn_ip6_config = NULL;
gboolean debug;
GSList *sorted_scripts = NULL;
GSList *iter;
Request *request;
char **p;
guint i, num_nowait = 0;
const char *error_message = NULL;
g_variant_get (parameters, "("
"&s" /* action */
"@a{sa{sv}}" /* connection */
"@a{sv}" /* connection_properties */
"@a{sv}" /* device_properties */
"@a{sv}" /* device_proxy_properties */
"@a{sv}" /* device_ip4_config */
"@a{sv}" /* device_ip6_config */
"@a{sv}" /* device_dhcp4_config */
"@a{sv}" /* device_dhcp6_config */
"&s" /* connectivity_state */
"&s" /* vpn_ip_iface */
"@a{sv}" /* vpn_proxy_properties */
"@a{sv}" /* vpn_ip4_config */
"@a{sv}" /* vpn_ip6_config */
"b" /* debug */
")",
&action,
&connection,
&connection_properties,
&device_properties,
&device_proxy_properties,
&device_ip4_config,
&device_ip6_config,
&device_dhcp4_config,
&device_dhcp6_config,
&connectivity_state,
&vpn_ip_iface,
&vpn_proxy_properties,
&vpn_ip4_config,
&vpn_ip6_config,
&debug);
request = g_slice_new0 (Request);
request->request_id = ++gl.request_id_counter;
request->debug = debug || gl.debug;
request->context = invocation;
request->action = g_strdup (action);
request->envp = nm_dispatcher_utils_construct_envp (action,
connection,
connection_properties,
device_properties,
device_proxy_properties,
device_ip4_config,
device_ip6_config,
device_dhcp4_config,
device_dhcp6_config,
connectivity_state,
vpn_ip_iface,
vpn_proxy_properties,
vpn_ip4_config,
vpn_ip6_config,
&request->iface,
&error_message);
request->scripts = g_ptr_array_new_full (5, script_info_free);
sorted_scripts = find_scripts (request);
for (iter = sorted_scripts; iter; iter = g_slist_next (iter)) {
ScriptInfo *s;
s = g_slice_new0 (ScriptInfo);
s->request = request;
s->script = iter->data;
s->wait = script_must_wait (s->script);
g_ptr_array_add (request->scripts, s);
}
g_slist_free (sorted_scripts);
_LOG_R_D (request, "new request (%u scripts)", request->scripts->len);
if ( _LOG_R_T_enabled (request)
&& request->envp) {
for (p = request->envp; *p; p++)
_LOG_R_T (request, "environment: %s", *p);
}
if (error_message || request->scripts->len == 0) {
GVariant *results;
if (error_message)
_LOG_R_W (request, "completed: invalid request: %s", error_message);
else
_LOG_R_D (request, "completed: no scripts");
results = g_variant_new_array (G_VARIANT_TYPE ("(sus)"), NULL, 0);
g_dbus_method_invocation_return_value (invocation, g_variant_new ("(@a(sus))", results));
request->num_scripts_done = request->scripts->len;
request_free (request);
return;
}
nm_clear_g_source (&gl.quit_id);
gl.num_requests_pending++;
for (i = 0; i < request->scripts->len; i++) {
ScriptInfo *s = g_ptr_array_index (request->scripts, i);
if (!s->wait) {
script_dispatch (s);
num_nowait++;
}
}
if (num_nowait < request->scripts->len) {
/* The request has at least one wait script.
* Try next_request() to schedule the request for
* execution. This either enqueues the request or
* sets it as gl.current_request. */
if (next_request (request)) {
/* @request is now @current_request. Go ahead and
* schedule the first wait script. */
if (!dispatch_one_script (request)) {
/* If that fails, we might be already finished with the
* request. Try complete_request(). */
complete_request (request);
if (next_request (NULL)) {
/* As @request was successfully scheduled as next_request(), there is no
* other request in queue that can be scheduled afterwards. Assert against
* that, but call next_request() to clear current_request. */
g_assert_not_reached ();
}
}
}
} else {
/* The request contains only no-wait scripts. Try to complete
* the request right away (we might have failed to schedule any
* of the scripts). It will be either completed now, or later
* when the pending scripts return.
* We don't enqueue it to gl.requests_waiting.
* There is no need to handle next_request(), because @request is
* not the current request anyway and does not interfere with requests
* that have any "wait" scripts. */
complete_request (request);
}
}
static void
on_name_acquired (GDBusConnection *connection,
const char *name,
gpointer user_data)
{
gl.ever_acquired_name = TRUE;
}
static void
on_name_lost (GDBusConnection *connection,
const char *name,
gpointer user_data)
{
if (!connection) {
if (!gl.ever_acquired_name) {
_LOG_X_W ("Could not get the system bus. Make sure the message bus daemon is running!");
gl.exit_with_failure = TRUE;
} else {
_LOG_X_I ("System bus stopped. Exiting");
}
} else if (!gl.ever_acquired_name) {
_LOG_X_W ("Could not acquire the " NM_DISPATCHER_DBUS_SERVICE " service.");
gl.exit_with_failure = TRUE;
} else
_LOG_X_I ("Lost the " NM_DISPATCHER_DBUS_SERVICE " name. Exiting");
g_main_loop_quit (gl.loop);
}
static void
_method_call (GDBusConnection *connection,
const char *sender,
const char *object_path,
const char *interface_name,
const char *method_name,
GVariant *parameters,
GDBusMethodInvocation *invocation,
gpointer user_data)
{
if (nm_streq (interface_name, NM_DISPATCHER_DBUS_INTERFACE)) {
if (nm_streq (method_name, "Action")) {
_method_call_action (invocation, parameters);
return;
}
}
g_dbus_method_invocation_return_error (invocation,
G_DBUS_ERROR,
G_DBUS_ERROR_UNKNOWN_METHOD,
"Unknown method %s",
method_name);
}
static GDBusInterfaceInfo *const interface_info = NM_DEFINE_GDBUS_INTERFACE_INFO (
NM_DISPATCHER_DBUS_INTERFACE,
.methods = NM_DEFINE_GDBUS_METHOD_INFOS (
NM_DEFINE_GDBUS_METHOD_INFO (
"Action",
.in_args = NM_DEFINE_GDBUS_ARG_INFOS (
NM_DEFINE_GDBUS_ARG_INFO ("action", "s"),
NM_DEFINE_GDBUS_ARG_INFO ("connection", "a{sa{sv}}"),
NM_DEFINE_GDBUS_ARG_INFO ("connection_properties", "a{sv}"),
NM_DEFINE_GDBUS_ARG_INFO ("device_properties", "a{sv}"),
NM_DEFINE_GDBUS_ARG_INFO ("device_proxy_properties", "a{sv}"),
NM_DEFINE_GDBUS_ARG_INFO ("device_ip4_config", "a{sv}"),
NM_DEFINE_GDBUS_ARG_INFO ("device_ip6_config", "a{sv}"),
NM_DEFINE_GDBUS_ARG_INFO ("device_dhcp4_config", "a{sv}"),
NM_DEFINE_GDBUS_ARG_INFO ("device_dhcp6_config", "a{sv}"),
NM_DEFINE_GDBUS_ARG_INFO ("connectivity_state", "s"),
NM_DEFINE_GDBUS_ARG_INFO ("vpn_ip_iface", "s"),
NM_DEFINE_GDBUS_ARG_INFO ("vpn_proxy_properties", "a{sv}"),
NM_DEFINE_GDBUS_ARG_INFO ("vpn_ip4_config", "a{sv}"),
NM_DEFINE_GDBUS_ARG_INFO ("vpn_ip6_config", "a{sv}"),
NM_DEFINE_GDBUS_ARG_INFO ("debug", "b"),
),
.out_args = NM_DEFINE_GDBUS_ARG_INFOS (
NM_DEFINE_GDBUS_ARG_INFO ("results", "a(sus)"),
),
),
),
);
static const GDBusInterfaceVTable interface_vtable = {
.method_call = _method_call,
};
/*****************************************************************************/
static void
log_handler (const char *log_domain,
GLogLevelFlags log_level,
const char *message,
gpointer ignored)
{
int syslog_priority;
switch (log_level) {
case G_LOG_LEVEL_ERROR:
syslog_priority = LOG_CRIT;
break;
case G_LOG_LEVEL_CRITICAL:
syslog_priority = LOG_ERR;
break;
case G_LOG_LEVEL_WARNING:
syslog_priority = LOG_WARNING;
break;
case G_LOG_LEVEL_MESSAGE:
syslog_priority = LOG_NOTICE;
break;
case G_LOG_LEVEL_DEBUG:
syslog_priority = LOG_DEBUG;
break;
case G_LOG_LEVEL_INFO:
default:
syslog_priority = LOG_INFO;
break;
}
syslog (syslog_priority, "%s", message);
}
static void
logging_setup (void)
{
openlog (G_LOG_DOMAIN, LOG_CONS, LOG_DAEMON);
g_log_set_handler (G_LOG_DOMAIN,
G_LOG_LEVEL_MASK | G_LOG_FLAG_FATAL | G_LOG_FLAG_RECURSION,
log_handler,
NULL);
}
static void
logging_shutdown (void)
{
closelog ();
}
static gboolean
signal_handler (gpointer user_data)
{
int signo = GPOINTER_TO_INT (user_data);
_LOG_X_I ("Caught signal %d, shutting down...", signo);
g_main_loop_quit (gl.loop);
return G_SOURCE_CONTINUE;
}
static gboolean
parse_command_line (int *p_argc,
char ***p_argv,
GError **error)
{
GOptionContext *opt_ctx;
GOptionEntry entries[] = {
{ "debug", 0, 0, G_OPTION_ARG_NONE, &gl.debug, "Output to console rather than syslog", NULL },
{ "persist", 0, 0, G_OPTION_ARG_NONE, &gl.persist, "Don't quit after a short timeout", NULL },
{ NULL }
};
gboolean success;
opt_ctx = g_option_context_new (NULL);
g_option_context_set_summary (opt_ctx, "Executes scripts upon actions by NetworkManager.");
g_option_context_add_main_entries (opt_ctx, entries, NULL);
success = g_option_context_parse (opt_ctx, p_argc, p_argv, error);
g_option_context_free (opt_ctx);
return success;
}
int
main (int argc, char **argv)
{
gs_free_error GError *error = NULL;
guint signal_id_term = 0;
guint signal_id_int = 0;
guint dbus_regist_id = 0;
guint dbus_own_name_id = 0;
if (!parse_command_line (&argc, &argv, &error)) {
_LOG_X_W ("Error parsing command line arguments: %s", error->message);
gl.exit_with_failure = TRUE;
goto done;
}
signal_id_term = g_unix_signal_add (SIGTERM, signal_handler, GINT_TO_POINTER (SIGTERM));
signal_id_int = g_unix_signal_add (SIGINT, signal_handler, GINT_TO_POINTER (SIGINT));
if (gl.debug) {
if (!g_getenv ("G_MESSAGES_DEBUG")) {
/* we log our regular messages using g_debug() and g_info().
* When we redirect glib logging to syslog, there is no problem.
* But in "debug" mode, glib will no print these messages unless
* we set G_MESSAGES_DEBUG. */
g_setenv ("G_MESSAGES_DEBUG", "all", TRUE);
}
} else
logging_setup ();
gl.loop = g_main_loop_new (NULL, FALSE);
gl.dbus_connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, &error);
if (!gl.dbus_connection) {
_LOG_X_W ("Could not get the system bus (%s). Make sure the message bus daemon is running!",
error->message);
gl.exit_with_failure = TRUE;
goto done;
}
gl.requests_waiting = g_queue_new ();
dbus_regist_id = g_dbus_connection_register_object (gl.dbus_connection,
NM_DISPATCHER_DBUS_PATH,
interface_info,
NM_UNCONST_PTR (GDBusInterfaceVTable, &interface_vtable),
NULL,
NULL,
&error);
if (dbus_regist_id == 0) {
_LOG_X_W ("Could not export Dispatcher D-Bus interface: %s", error->message);
gl.exit_with_failure = 1;
goto done;
}
dbus_own_name_id = g_bus_own_name_on_connection (gl.dbus_connection,
NM_DISPATCHER_DBUS_SERVICE,
G_BUS_NAME_OWNER_FLAGS_NONE,
on_name_acquired,
on_name_lost,
NULL, NULL);
quit_timeout_reschedule ();
g_main_loop_run (gl.loop);
done:
if (gl.num_requests_pending > 0) {
/* this only happens when we quit due to SIGTERM (not due to the idle timer).
*
* Log a warning about pending scripts.
*
* Maybe we should notify NetworkManager that these scripts are left in an unknown state.
* But this is either a bug of a dispatcher script (not terminating in time).
*
* FIXME(shutdown): Also, currently NetworkManager behaves wrongly on shutdown.
* Note that systemd would not terminate NetworkManager-dispatcher before NetworkManager.
* It's NetworkManager's responsibility to keep running long enough so that all requests
* can complete (with a watchdog timer, and a warning that user provided scripts hang). */
_LOG_X_W ("exiting but there are still %u requests pending", gl.num_requests_pending);
}
if (dbus_own_name_id != 0)
g_bus_unown_name (nm_steal_int (&dbus_own_name_id));
if (dbus_regist_id != 0)
g_dbus_connection_unregister_object (gl.dbus_connection, nm_steal_int (&dbus_regist_id));
nm_clear_pointer (&gl.requests_waiting, g_queue_free);
nm_clear_g_source (&signal_id_term);
nm_clear_g_source (&signal_id_int);
nm_clear_g_source (&gl.quit_id);
nm_clear_pointer (&gl.loop, g_main_loop_unref);
g_clear_object (&gl.dbus_connection);
if (!gl.debug)
logging_shutdown ();
return gl.exit_with_failure ? 1 : 0;
}