summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* DBusMessage: add support for custom marshalingbaserock/v1.10.0+custom_marshalingAleksandar Kanchev2015-09-084-44/+132
| | | | | | | Add functions to support querying and manipulating the message body and signature. This is useful for code generators, which can generate custom marshaling functions based on a given IDL. Those functions tend to be optimized and faster than the generic iterator based marshaling.
* 1.10.0dbus-1.10.0Simon McVittie2015-08-252-4/+14
|
* audit: make the first few fds close-on-execSimon McVittie2015-08-251-0/+7
| | | | | | | | | | | | | | | | libcap-ng < 0.7.7 leaks one non-close-on-exec fd during initialization. test-bus asserts that all fds beyond 2 passed to an executed subprocess have the close-on-exec flag set, which will fail at that leaked fd. This was unnoticed until commit 517c4685, because libaudit was previously only initialized if we were configured to switch uid, which the regression tests do not do; the system bus is normally the only place that happens, but the system bus is not normally run with the "embedded tests" enabled (since they are bad for performance and security). Bug: https://bugs.freedesktop.org/show_bug.cgi?id=91684 Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
* Distribute tap-test.sh.in unconditionallySimon McVittie2015-08-251-1/+1
| | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=91684 Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
* 1.9.21Simon McVittie2015-08-071-1/+1
|
* Prepare 1.9.20 (1.10rc1)dbus-1.9.20Simon McVittie2015-08-062-3/+71
|
* NEWSSimon McVittie2015-08-061-1/+12
|
* Throw a warning if we cannot open the audit socket as a session busLaurent Bigonville2015-08-061-4/+0
| | | | | | | | | | | This will effectively print a warning when failing to open the audit socket running as a session bus. The call to audit_open() should succeed even if the dbus-daemon doesn't have the CAP_AUDIT_WRITE capability. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83856 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* Initialize audit subsystem even for the session busLaurent Bigonville2015-08-061-2/+2
| | | | | | | | | | | | | | | | | | | | If SELinux is enabled on the system, dbus will check the permissions but no audit trails will be generated in case of denial as the audit subsystem is not initialized. Same should apply for apparmor. [smcv: without audit, the equivalent of the audit trail goes to stderr where it can be picked up by systemd-journald] A unprivileged user should be able to open the audit socket (audit_open()) but should not have the permissions to log an audit trail. The CAP_AUDIT_WRITE file capability could be set on the dbus-daemon executable in order to allow the session bus to log an AVC denial. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83856 [smcv: s/should/could/ in commit message to reflect lack of consensus that "setcap cap_audit_write+ep dbus-daemon" is desirable in general] Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* audit: only check for CAP_AUDIT_WRITE once, during initializationSimon McVittie2015-08-061-5/+5
| | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89225 Reviewed-by: Colin Walters <walters@verbum.org> Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* audit: use DBUS_SYSTEM_LOG_WARNING if we cannot open the audit fdSimon McVittie2015-08-063-6/+14
| | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89225 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* bus: move shared libaudit code to a new audit.[ch]Simon McVittie2015-08-0610-162/+243
| | | | | | | | | | | | | | | | | | | | | | This fixes various duplicated libaudit interactions in both SELinux and AppArmor code paths, including opening two audit sockets if both SELinux and AppArmor were enabled at compile time. In particular, audit.c is now the only user of libcap-ng. This commit is not intended to introduce any functional changes, except for the de-duplication. The actual audit_log_user_avc_message() call is still duplicated, because the SELinux and AppArmor code paths use different mechanisms to compose the audit message: the SELinux path uses a statically-sized buffer on the stack which might be subject to truncation, whereas the AppArmor path uses malloc() (via DBusString) and falls back to using syslog on a memory allocation failure. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89225 Reviewed-by: Colin Walters <walters@verbum.org> [smcv: minor issues raised during review are subsequently fixed] Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* Use poll's data types directly, where used at allRolland Dudemaine2015-08-062-92/+44
| | | | | | | [smcv: added commit message; moved fallback implementation below definition of DBusPollable; more comments; removed unnecessary cast] Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90314 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* 1.9.19Simon McVittie2015-07-212-1/+6
|
* dbus-1.9.16dbus-1.9.18Simon McVittie2015-07-212-5/+7
|\
| * dbus-1.8.20dbus-1.8.20Simon McVittie2015-07-212-3/+5
| |
* | Merge branch 'dbus-1.8'Simon McVittie2015-07-211-0/+3
|\ \ | |/ | | | | | | | | | | Conflicts: .gitignore NEWS tools/dbus-monitor.c
| * NEWS for 1.8.xSimon McVittie2015-07-211-0/+3
| |
| * dbus-monitor: disable automatic handling of o.fd.Peer messagesSimon McVittie2015-07-211-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A normal DBusConnection will automatically reply to o.fd.Peer messages such as Ping. We don't want this: we'll confuse everyone else by replying to messages that weren't intended for us. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90952 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk> (cherry picked from commit d9ee040d0bff2b421bca80c2339dcd9347d906db, commit message adjusted to describe the impact in versions < 1.9) Conflicts: tools/dbus-monitor.c
| * .gitignore: ignore /test-driver, generated by recent AutomakeSimon McVittie2015-07-211-0/+1
| | | | | | | | (cherry picked from commit 1895a8ee5b0e3813b571e9db3528611802ea7f7e)
* | Add test-case for the same situation as fd.o #90952Simon McVittie2015-07-211-0/+24
| | | | | | | | | | | | | | | | | | | | | | This does not directly test the code in the previous commit, but it does confirm that calling dbus_connection_set_route_peer_messages() is enough to fix the observed bug. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90952 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk> [smcv: re-worded commit message in response to review]
* | dbus-monitor: disable automatic handling of o.fd.Peer messagesSimon McVittie2015-07-211-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A normal DBusConnection will automatically reply to o.fd.Peer messages such as Ping. We don't want this: if we are using traditional eavesdropping with an older dbus-daemon, we'll confuse everyone else by replying to messages that weren't intended for us. If we are using the new Monitoring interface (since 1.9.12), the same still applies, but in addition, the dbus-daemon will disconnect us for not being a well-behaved monitor. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90952 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
* | bus_registry_new: Assert in case of not valid context parameter to avoid ↵Ralf Habacker2015-07-131-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | potiental crashes (CID 54764). Because the context parameter is dereferenced several times in related code without a null check, we need to make sure to have a valid context. Reported by Coverity: CID 54764: Dereference after null check (FORWARD_NULL) Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90021 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* | Merge branch 'dbus-1.8'Simon McVittie2015-06-172-0/+7
|\ \ | |/ | | | | | | Conflicts: NEWS
| * NEWSSimon McVittie2015-06-171-1/+4
| |
| * Fix memleak in GetConnectionCredentials handlerJacek Bukarewicz2015-06-171-0/+2
| | | | | | | | | | | | | | | | | | | | Reply message was not unreferenced when GetConnectionCredentials handler was successful. Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com> [smcv: changed bus_message_unref() to dbus_message_unref()] Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=91008
* | tests: use the new bus setup for `make installcheck`Simon McVittie2015-06-172-3/+3
| | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89280 Reviewed-by: Dimitri John Ledkov <dimitri.j.ledkov@intel.com>
* | dbus-daemon.1: document the new locationsSimon McVittie2015-06-171-7/+9
| | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89280 Reviewed-by: Dimitri John Ledkov <dimitri.j.ledkov@intel.com>
* | NEWSSimon McVittie2015-05-271-1/+25
| |
* | Adjust cmake build to match autoconf installation locations.Dimitri John Ledkov2015-05-273-70/+17
| | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89280 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* | Move session & system bus configuration to datadir, by default.Dimitri John Ledkov2015-05-279-19/+77
| | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89280 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* | Start towards 1.9.18Simon McVittie2015-05-272-1/+6
| |
* | more NEWS, also more release namedbus-1.9.16Simon McVittie2015-05-141-0/+25
| |
* | 1.9.16Simon McVittie2015-05-142-9/+11
| |
* | Merge branch 'dbus-1.8'Simon McVittie2015-05-141-3/+6
|\ \ | |/ | | | | | | Conflicts: NEWS
| * add a missing change, fix some bug numbersSimon McVittie2015-05-141-2/+5
| |
* | Merge branch 'dbus-1.8'Simon McVittie2015-05-142-13/+37
|\ \ | |/ | | | | | | | | | | Conflicts: NEWS cmake/CMakeLists.txt configure.ac
| * start towards 1.8.20Simon McVittie2015-05-142-1/+6
| |
| * 1.8.18dbus-1.8.18Simon McVittie2015-05-142-4/+27
| |
| * Security hardening: force EXTERNAL auth in session.conf on UnixSimon McVittie2015-05-123-0/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | DBUS_COOKIE_SHA1 is dependent on unguessable strings, i.e. indirectly dependent on high-quality pseudo-random numbers whereas EXTERNAL authentication (credentials-passing) is mediated by the kernel and cannot be faked. On Windows, EXTERNAL authentication is not available, so we continue to use the hard-coded default (all authentication mechanisms are tried). Users of tcp: or nonce-tcp: on Unix will have to comment this out, but they would have had to use a special configuration anyway (to set the listening address), and the tcp: and nonce-tcp: transports are inherently insecure unless special steps are taken to have them restricted to a VPN or SSH tunnelling. Users of obscure Unix platforms (those that trigger the warning "Socket credentials not supported on this Unix OS" when compiling dbus-sysdeps-unix.c) might also have to comment this out, or preferably provide a tested patch to enable credentials-passing on that OS. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90414
| * reader_init: Initialize all fields of struct DBusTypeReader (CID 54754, ↵Ralf Habacker2015-05-081-13/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 54772, 54773). This patch is based on the fix for 'Field reader.array_len_offset is uninitialized' Reported by Coverity: CID 54754, 54772, 54773: Uninitialized scalar variable (UNINIT) [smcv: also re-order how the class is set when we recurse, so that the sub-reader's class doesn't end up NULL] Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90021
* | Fail to generate random bytes instead of falling back to rand()Simon McVittie2015-05-1412-119/+146
| | | | | | | | | | | | | | | | | | | | This is more robust against broken setups where we run out of memory or cannot read /dev/urandom. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90414 Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de> [smcv: document @error] Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* | Make UUID generation failableSimon McVittie2015-05-1410-43/+96
| | | | | | | | | | | | | | | | | | | | | | | | | | Previously, this would always succeed, but might use weak random numbers in rare failure cases. I don't think these UUIDs are security-sensitive, but if they're generated by a PRNG as weak as rand() (<= 32 bits of entropy), we certainly can't claim that they're universally unique. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90414 Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de> [smcv: document @error] Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* | _dbus_server_init_base: raise a DBusErrorSimon McVittie2015-05-144-14/+24
| | | | | | | | | | | | | | | | | | | | This can currently only fail from OOM, but I'm about to make it possible to fail from insufficient entropy. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90414 Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de> [smcv: document @error] Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* | _dbus_server_new_for_socket: raise a DBusErrorSimon McVittie2015-05-144-13/+17
| | | | | | | | | | | | | | | | | | | | This can currently only fail due to OOM, but I'm about to make it possible to fail for other reasons. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90414 Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de> [smcv: correct failure to set error in one case; document @error] Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* | Security hardening: force EXTERNAL auth in session.conf on UnixSimon McVittie2015-05-143-0/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | DBUS_COOKIE_SHA1 is dependent on unguessable strings, i.e. indirectly dependent on high-quality pseudo-random numbers whereas EXTERNAL authentication (credentials-passing) is mediated by the kernel and cannot be faked. On Windows, EXTERNAL authentication is not available, so we continue to use the hard-coded default (all authentication mechanisms are tried). Users of tcp: or nonce-tcp: on Unix will have to comment this out, but they would have had to use a special configuration anyway (to set the listening address), and the tcp: and nonce-tcp: transports are inherently insecure unless special steps are taken to have them restricted to a VPN or SSH tunnelling. Users of obscure Unix platforms (those that trigger the warning "Socket credentials not supported on this Unix OS" when compiling dbus-sysdeps-unix.c) might also have to comment this out, or preferably provide a tested patch to enable credentials-passing on that OS. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90414 Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
* | dbus_daemon_publish_session_bus_address: Fix -Wsign-compare issue.Ralf Habacker2015-05-141-1/+4
| | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90089 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* | NEWSSimon McVittie2015-05-131-0/+11
| |
* | Avoid reading beyond the length of a variableSimon McVittie2015-05-131-1/+5
| | | | | | | | | | | | | | | | Appending &some as DBUS_TYPE_INT64, DBUS_TYPE_UINT64 or DBUS_TYPE_DOUBLE, where "some" is an int, reads beyond the bounds of that variable. Use a zero-filled DBusBasicValue instead. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=30350
* | Fix whitespace as per Havoc's review (in 2010)Simon McVittie2015-05-131-1/+2
| | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=30350
View Lorry Controller Status