sd-varlink: add flag for sd_varlink_server for creating connections with fd passing enabled

Let's add a simple flag that enables fd passing for all connections of a server. It's much easier to use this than to install a connect handler which manually enables this for each connection.
2025-03-11 20:58:27 +03:00 · 2024-11-20 12:57:33 +01:00 · 2024-11-20 12:57:33 +01:00 · 29dc3fbcdc
commit 29dc3fbcdc
parent 348cb8b94a
2 changed files with 17 additions and 6 deletions
--- a/src/libsystemd/sd-varlink/sd-varlink.c
+++ b/src/libsystemd/sd-varlink/sd-varlink.c
@ -3215,7 +3215,13 @@ _public_ int sd_varlink_server_new(sd_varlink_server **ret, sd_varlink_server_fl
        int r;

        assert_return(ret, -EINVAL);
-        assert_return((flags & ~(SD_VARLINK_SERVER_ROOT_ONLY|SD_VARLINK_SERVER_MYSELF_ONLY|SD_VARLINK_SERVER_ACCOUNT_UID|SD_VARLINK_SERVER_INHERIT_USERDATA|SD_VARLINK_SERVER_INPUT_SENSITIVE)) == 0, -EINVAL);
+        assert_return((flags & ~(SD_VARLINK_SERVER_ROOT_ONLY|
+                                 SD_VARLINK_SERVER_MYSELF_ONLY|
+                                 SD_VARLINK_SERVER_ACCOUNT_UID|
+                                 SD_VARLINK_SERVER_INHERIT_USERDATA|
+                                 SD_VARLINK_SERVER_INPUT_SENSITIVE|
+                                 SD_VARLINK_SERVER_ALLOW_FD_PASSING_INPUT|
+                                 SD_VARLINK_SERVER_ALLOW_FD_PASSING_OUTPUT)) == 0, -EINVAL);

        s = new(sd_varlink_server, 1);
        if (!s)
@ -3425,6 +3431,9 @@ _public_ int sd_varlink_server_add_connection_pair(
        if (asprintf(&desc, "%s-%i-%i", varlink_server_description(server), input_fd, output_fd) >= 0)
                v->description = TAKE_PTR(desc);

+        (void) sd_varlink_set_allow_fd_passing_input(v, FLAGS_SET(server->flags, SD_VARLINK_SERVER_ALLOW_FD_PASSING_INPUT));
+        (void) sd_varlink_set_allow_fd_passing_output(v, FLAGS_SET(server->flags, SD_VARLINK_SERVER_ALLOW_FD_PASSING_OUTPUT));
+
        /* Link up the server and the connection, and take reference in both directions. Note that the
         * reference on the connection is left dangling. It will be dropped when the connection is closed,
         * which happens in varlink_close(), including in the event loop quit callback. */
--- a/src/systemd/sd-varlink.h
+++ b/src/systemd/sd-varlink.h
@ -65,11 +65,13 @@ __extension__ typedef enum _SD_ENUM_TYPE_S64(sd_varlink_method_flags_t) {
 } sd_varlink_method_flags_t;

 __extension__ typedef enum _SD_ENUM_TYPE_S64(sd_varlink_server_flags_t) {
-        SD_VARLINK_SERVER_ROOT_ONLY        = 1 << 0, /* Only accessible by root */
-        SD_VARLINK_SERVER_MYSELF_ONLY      = 1 << 1, /* Only accessible by our own UID */
-        SD_VARLINK_SERVER_ACCOUNT_UID      = 1 << 2, /* Do per user accounting */
-        SD_VARLINK_SERVER_INHERIT_USERDATA = 1 << 3, /* Initialize Varlink connection userdata from sd_varlink_server userdata */
-        SD_VARLINK_SERVER_INPUT_SENSITIVE  = 1 << 4, /* Automatically mark all connection input as sensitive */
+        SD_VARLINK_SERVER_ROOT_ONLY               = 1 << 0, /* Only accessible by root */
+        SD_VARLINK_SERVER_MYSELF_ONLY             = 1 << 1, /* Only accessible by our own UID */
+        SD_VARLINK_SERVER_ACCOUNT_UID             = 1 << 2, /* Do per user accounting */
+        SD_VARLINK_SERVER_INHERIT_USERDATA        = 1 << 3, /* Initialize Varlink connection userdata from sd_varlink_server userdata */
+        SD_VARLINK_SERVER_INPUT_SENSITIVE         = 1 << 4, /* Automatically mark all connection input as sensitive */
+        SD_VARLINK_SERVER_ALLOW_FD_PASSING_INPUT  = 1 << 5, /* Allow receiving fds over all connections */
+        SD_VARLINK_SERVER_ALLOW_FD_PASSING_OUTPUT = 1 << 6, /* Allow sending fds over all connections */
        _SD_ENUM_FORCE_S64(SD_VARLINK_SERVER)
 } sd_varlink_server_flags_t;