| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
How it should work:
When a D-Bus message activates a service, LSMs (SELinux or AppArmor) check
whether the message can be delivered after the service has been activated. The
service is considered activated when its well-known name is requested with
org.freedesktop.DBus.RequestName. When the message delivery is denied, the
service stays activated but should not receive the activating message (the
message which triggered the activation). dbus-daemon is supposed to drop the
activating message and reply to the sender with a D-Bus error message.
However, it does not work as expected:
1. The error message is delivered to the service instead of being delivered to
the sender. As an example, the error message could be something like:
An SELinux policy prevents this sender from sending this
message to this recipient, [...] member="MaliciousMethod"
If the sender and the service are malicious confederates and agree on a
protocol to insert information in the member name, the sender can leak
information to the service, even though the LSM attempted to block the
communication between the sender and the service.
2. The error message is delivered as a reply to the RequestName call from
service. It means the activated service will believe it cannot request the
name and might exit. The sender could activate the service frequently and
systemd will give up activating it. Thus the denial of service.
The following changes fix the bug:
- bus_activation_send_pending_auto_activation_messages() only returns an error
in case of OOM. The prototype is changed to return TRUE, or FALSE on OOM
(and its only caller sets the OOM error).
- When a client is not allowed to talk to the service, a D-Bus error message
is pre-allocated to be delivered to the client as part of the transaction.
The error is not propagated to the caller so RequestName will not fail
(except on OOM).
[fixed a misleading comment -smcv]
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=78979
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Colin Walters <walters@verbum.org>
|
| |
|
|
|
|
|
|
|
|
| |
The reload handling for activation simply dropped all knowledge
of pending activations, which was clearly wrong. Refactor things
so that reload only reloads directories, server address etc.
Based on a patch originally from Matthias Clasen <mclasen@redhat.com>
|
|
|
|
|
|
|
| |
No comment.
Signed-off-by: Colin Walters <walters@verbum.org>
(cherry picked from commit 5baf2f856a9c6625993234855b07680da1c8916f)
|
|
|
|
|
|
|
|
| |
We now keep the environment in a hash table member of the
activation object and provide a method
bus_activation_set_environment_variable to modify the
hash table. This hash table is seeded initially with the
environment of the bus daemon itself.
|
|
|
|
| |
* Add indent-tabs-mode: nil to all file headers.
|
|
|
|
|
|
|
|
|
|
|
|
| |
get the list of services that can be activated
* bus/dispatch.c: test coverage for the new bus method
ListActivatableNames
* bus/driver.c: new bus method ListActivatableNames to get the list of
services that can be activated
* doc/dbus-specification.xml: ListActivatableNames method documentation
|
|
|
|
|
| |
* COPYING: switch to Academic Free License version 2.1 instead of
2.0, to resolve complaints about patent termination clause.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/activation.c: (bus_activation_service_created),
(bus_activation_send_pending_auto_activation_messages),
(bus_activation_activate_service):
* bus/activation.h:
* bus/dispatch.c: (bus_dispatch),
(check_nonexistent_service_auto_activation),
(check_service_auto_activated),
(check_segfault_service_auto_activation),
(check_existent_service_auto_activation), (bus_dispatch_test):
* bus/driver.c: (bus_driver_handle_activate_service):
* bus/services.c: (bus_registry_acquire_service):
* dbus/dbus-message.c: (dbus_message_set_auto_activation),
(dbus_message_get_auto_activation):
* dbus/dbus-message.h:
* dbus/dbus-protocol.h: Implement auto-activation.
|
|
|
|
|
| |
* Update AFL version to 2.0 throughout the source files to reflect
the update that was done a while ago.
|
|
|
|
|
|
| |
* bus/*.[ch]:
* dbus/*.[ch]:
* glib/*.[ch]: Made ref functions return the pointer
|
|
|
|
|
|
|
|
|
| |
* bus/connection.c (bus_transaction_send_error_reply): set sender
service for the error, and unref the reply on success
* bus/activation.c: convert to use BusTransaction so OOM can be
handled correctly
(bus_activation_service_created): set sender of the message
|
|
|
|
|
|
|
|
| |
* bus/config-parser.c, bus/bus.c: implement <servicedir> and
<includedir> (at least mostly)
* dbus/dbus-sysdeps.c (_dbus_change_identity): set the group ID
first, then the user ID
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dbus/dbus-transport-unix.c (_dbus_transport_new_for_domain_socket)
(_dbus_transport_new_for_tcp_socket): these didn't need the "server"
argument since they are always client side
* dbus/dbus-server.c (dbus_server_get_address): new function
* bus/main.c (main): take the configuration file as an argument.
* test/data/valid-config-files/debug-allow-all.conf: new file to
use with dispatch.c tests for example
* bus/test-main.c (main): require test data dir
* bus/bus.c (bus_context_new): change this to take a
configuration file name as argument
* doc/config-file.txt (Elements): add <servicedir>
* bus/system.conf, bus/session.conf: new files
* dbus/dbus-bus.c (dbus_bus_get): look for system bus on
well-known socket if none set
* configure.in: create system.conf and session.conf
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/activation.c: (bus_pending_activation_entry_free),
(bus_pending_activation_free), (bus_activation_new),
(bus_activation_unref), (bus_activation_service_created),
(bus_activation_activate_service):
* bus/activation.h:
* bus/bus.c: (bus_context_new):
* bus/desktop-file.c: (new_section):
* bus/driver.c: (bus_driver_send_service_deleted),
(bus_driver_handle_activate_service):
* bus/services.c: (bus_registry_new), (bus_registry_ensure):
* bus/services.h:
* dbus/dbus-connection.c:
(dbus_connection_send_with_reply_and_block):
* dbus/dbus-message.c: (dbus_message_append_args_valist):
* dbus/dbus-protocol.h:
Make activation work better. Now pending activations will be queued
and the daemon won't try to activate services that are already registered.
|
|
|
|
|
|
|
|
|
|
|
| |
Throughout: purge global variables, introduce BusActivation,
BusConnections, BusRegistry, etc. objects instead.
* bus/bus.h, bus/bus.c: introduce BusContext as a global
message bus object
* test/Makefile.am (TEST_BINARIES): disable bus-test for now,
going to redo this a bit differently I think
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mega-patch that gets the message bus daemon initially handling
out-of-memory. Work still needed. Also lots of random
moving stuff to DBusError instead of ResultCode.
* dbus/dbus-list.c (_dbus_list_length_is_one): new function
* dbus/dbus-connection.c
(dbus_connection_send_with_reply_and_block): use DBusError
* dbus/dbus-bus.c: adapt to API changes, make it use DBusError not
DBusResultCode
* dbus/dbus-connection.c (dbus_connection_send): drop the result
code here, as the only failure possible is OOM.
* bus/connection.c (bus_connection_disconnect):
rename bus_connection_disconnected as it's a notification only
* bus/driver.c (bus_driver_handle_acquire_service): don't free
"name" on get_args failure, should be done by get_args;
don't disconnect client for bad args, just return an error.
(bus_driver_handle_service_exists): ditto
* bus/services.c (bus_services_list): NULL-terminate returned array
* bus/driver.c (bus_driver_send_service_lost)
(bus_driver_send_service_acquired): send messages from driver to a
specific client to the client's unique name, not to the broadcast
service.
* dbus/dbus-message.c (decode_header_data): reject messages that
contain no name field
(_dbus_message_get_client_serial): rename to
dbus_message_get_serial and make public
(_dbus_message_set_serial): rename from set_client_serial
(_dbus_message_set_reply_serial): make public
(_dbus_message_get_reply_serial): make public
* bus/connection.c (bus_connection_foreach): allow stopping
iteration by returning FALSE from foreach function.
* dbus/dbus-connection.c (dbus_connection_send_preallocated)
(dbus_connection_free_preallocated_send)
(dbus_connection_preallocate_send): new API for sending a message
without possibility of malloc failure.
(dbus_connection_send_message): rename to just
dbus_connection_send (and same for whole function family)
* dbus/dbus-errors.c (dbus_error_free): make this reinit the error
* dbus/dbus-sysdeps.c (_dbus_exit): new function
* bus/activation.c: handle/return errors
* dbus/dbus-errors.h: add more DBUS_ERROR #define
* dbus/dbus-sysdeps.c (_dbus_directory_open) (_dbus_file_get_contents)
(_dbus_directory_get_next_file): use DBusError instead of DBusResultCode
(_dbus_result_from_errno): move to this file
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/activation.c: (bus_activation_init), (child_setup),
(bus_activation_activate_service):
* bus/activation.h:
* bus/main.c: (main):
Set DBUS_ADDRESS environment variable.
* dbus/dbus-errors.c: (dbus_set_error):
Don't use va_copy since that's a C99 feature.
* dbus/dbus-sysdeps.c: (_dbus_setenv), (do_exec),
(_dbus_spawn_async):
* dbus/dbus-sysdeps.h:
Add child_setup_func to _dbus_spawn_async.
* doc/dbus-specification.sgml:
Update specification.
* test/spawn-test.c: (setup_func), (main):
Fix test.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/activation.c: (load_directory), (bus_activation_init),
(bus_activation_activate_service):
* bus/activation.h:
* bus/driver.c:
(bus_driver_handle_activate_service), (bus_driver_handle_message):
More work on the activation handling.
* dbus/dbus-errors.h:
Add some error messages
* dbus/dbus-message.c: (dbus_message_new_error_reply):
* dbus/dbus-message.h:
New function that creates an error message.
* dbus/dbus-protocol.h:
Add ACTIVATE_SERVER message.
* dbus/dbus-server-unix.c: (unix_handle_watch),
(_dbus_server_new_for_domain_socket):
Call _dbus_fd_set_close_on_exec.
* dbus/dbus-sysdeps.c: (make_pipe), (do_exec),
(_dbus_spawn_async), (_dbus_disable_sigpipe),
(_dbus_fd_set_close_on_exec):
* dbus/dbus-sysdeps.h:
Add _dbus_fd_set_close_on exec function. Also add function that checks
that all open fds are set to close-on-exec and warns otherwise.
* dbus/dbus-transport-unix.c:
(_dbus_transport_new_for_domain_socket):
Call _dbus_fd_set_close_on_exec.
|
|
* bus/Makefile.am:
* bus/activation.c: (bus_activation_entry_free),
(add_desktop_file_entry), (load_directory), (bus_activation_init):
* bus/activation.h:
* bus/main.c: (main):
Add simple activation support, doesn't work yet though.
|