| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an AppArmor confined process wants to acquire a well-known name, a
check is performed to see if the action should be allowed.
The check is based on the connection's label, the bus type, and the name
being requested.
An example AppArmor rule that would allow the name
"com.example.ExampleName" to be acquired on the system bus would be:
dbus bind bus=system name=com.example.ExampleName,
To let a process acquire any name on any bus, the rule would be:
dbus bind,
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Signed-off-by: John Johansen <john.johansen@canonical.com>
[tyhicks: Use BusAppArmorConfinement, bug fixes, cleanup, commit msg]
[tyhicks: initialize reserved area at the start of the query string]
[tyhicks: Use empty string for NULL bustypes when building queries]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When processes connect the bus, the AppArmor confinement context should
be stored for later use when checks are to be done during message
sending/receiving, acquire a name, and eavesdropping.
Code outside of apparmor.c will need to initialize and unreference the
confinement context, so bus_apparmor_confinement_unref() can no longer
be a static function.
[Move bus_apparmor_confinement_unref back to its old location for
a more reasonable diff -smcv]
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
| |
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=46787
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
|
|
|
|
|
|
|
|
| |
Unlike eavesdropping, the point of capture is when the message is
received, except for messages originating inside the dbus-daemon.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=46787
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a special connection that is not allowed to send anything,
and loses all its well-known names.
In future commits, it will get a new set of match rules and the
ability to eavesdrop on messages before the rest of the bus daemon
has had a chance to process them.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=46787
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
|
| |
|
|\
| |
| |
| |
| |
| | |
Conflicts:
NEWS
configure.ac
|
| |
| |
| |
| |
| |
| |
| | |
This is a symptom of either a denial of service attack, or a
serious performance problem. Either way, sysadmins should know.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=86431
|
|/
|
|
|
|
|
|
|
|
| |
As an implementation detail, dbus-daemon handles this situation by
artificially triggering a timeout (even if its configured timeout for
method calls is in fact infinite). However, using the same debug message
for both is misleading, and can lead people who are debugging a service
crash to blame dbus-daemon instead, wasting their time.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=76112
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is one of four commits needed to address CVE-2014-3637.
The bus uses _dbus_connection_set_pending_fds_function and
_dbus_connection_get_pending_fds_count to be notified when there are pending
file descriptors. A timeout per connection is armed and disarmed when the file
descriptor list is used and emptied.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80559
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
|
|
| |
This addresses the parts of CVE-2014-3639 not already addressed by
reducing the default authentication timeout.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80851
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80919
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a DBusList* member of BusTransaction named "connections", while
its getter function bus_transaction_get_connections() returns
context->connections which in fact is a BusConnections pointer, this is
quite confusing. Because this is what bus_context_get_connections()
returns.
This patch call out to bus_context_get_connections() directly and remove
the then unused bus_transaction_get_connections().
https://bugs.freedesktop.org/show_bug.cgi?id=71597
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The message bus which can monitor its conf dirs for changes and reload
confs immediately if dir monitor enabled, for example, inotify in Linux,
kqueue in *BSD.
However, it doesn't apply policy rules change for completed connections,
so to apply policy rules change, the client connection has to disconnect
first and then re-connect to message bus.
For imcomplete connections, it always has the latest review of policy
rules.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39463
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
| |
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=60859
Reviewed-by: Chengwei Yang
[removed unused variable based on review -smcv]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When libdbus-1 moved to using monotonic time support for the
DBUS_COOKIE_SHA1 authentication was broken, in particular
interoperability with non-libdbus-1 implementations such as GDBus.
The problem is that if monotonic clocks are available in the OS,
_dbus_get_current_time() will not return the number of seconds since
the Epoch so using it for DBUS_COOKIE_SHA1 will violate the D-Bus
specification. If both peers are using libdbus-1 it's not a problem
since both ends will use the wrong time and thus agree. However, if
the other end is another implementation and following the spec it will
not work.
First, we change _dbus_get_current_time() back so it always returns
time since the Epoch and we then rename it _dbus_get_real_time() to
make this clear. We then introduce _dbus_get_monotonic_time() and
carefully make all current users of _dbus_get_current_time() use it,
if applicable. During this audit, one of the callers,
_dbus_generate_uuid(), was currently using monotonic time but it was
decided to make it use real time instead.
Signed-off-by: David Zeuthen <davidz@redhat.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=48580
|
|\
| |
| |
| |
| | |
Reviewed-by: Will Thompson <will.thompson@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=33337
|
| |
| |
| |
| |
| | |
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=33337
Bug-NB: NB#197191
|
| |
| |
| |
| | |
need it
|
| | |
|
|/
|
|
|
| |
Reviewed-by: Cosimo Alfarano <cosimo.alfarano@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=34040
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Similar to the previous commit, almost every use of DBusWatch can just
have the main loop call dbus_watch_handle.
The one exception is the bus activation code; it's had a comment
explaining why it's wrong since 2003. We should fix that one day, but for
now, just migrate it to a new _dbus_loop_add_watch_full which preserves
the second-layer callback.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=33342
Reviewed-by: Thiago Macieira <thiago@kde.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of supplying 8 tiny wrapper functions around dbus_timeout_handle,
each with a user_data parameter that's a potentially unsafe borrowed
pointer but isn't actually used, we can call dbus_timeout_handle directly
and save a lot of trouble.
One of the wrappers previously called dbus_timeout_handle repeatedly
if it returned FALSE to indicate OOM, but that timeout's handler never
actually returned FALSE, so there was no practical effect. The rest just
ignore the return, which is documented as OK to do.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=33342
Reviewed-by: Thiago Macieira <thiago@kde.org>
|
| |
|
| |
|
|
|
|
| |
printed by default.
|
| |
|
|
|
|
|
|
| |
No comment.
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
|
|
| |
Patch suggested by Tomas Hoger <thoger@redhat.com>
|
|
|
|
|
|
|
|
| |
Extend the current security logs with even more relevant
information than just the message content. This requires
some utility code to look up and cache (as a string)
the data such as the uid/pid/command when a connection is
authenticated.
|
|
|
|
|
|
|
|
|
|
|
|
| |
2007-11-08 Havoc Pennington <hp@redhat.com>
* bus/connection.c, bus/expirelist.c: Make the BusExpireList
struct opaque, adding accessors for manipulating the list. In this
commit there should be no change in functionality or behavior. The
purpose of this change is to improve encapsulation prior to fixing
some bugs Kimmo Hämäläinen found where the timeout is not properly
updated, since we need to e.g. take some action whenever adding
and removing stuff from the expire list.
|
|
|
|
|
|
|
|
|
| |
2008-01-14 John (J5) Palmieri <johnp@redhat.com>
* patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
* bus/connection.c (bus_connection_complete): plug a possible
BusClientPolicy leak (FDO Bug #13242)
|
|
|
|
| |
* Add indent-tabs-mode: nil to all file headers.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/policy.c (bus_policy_create_client_policy): gracefully
continue if the connection has no unix user - just don't apply
any unix user dependent rules.
* bus/config-parser.c: remove dbus-userdb.h usage
* bus/bus.c: remove dbus-userdb.h usage
* dbus/dbus-transport.c (_dbus_transport_get_is_authenticated):
support Windows user function; also, fix the logic for checking
auth as root in the default auth code (broken in the previous
commit)
* dbus/dbus-connection.c
(dbus_connection_set_windows_user_function): new function
(dbus_connection_get_windows_user): new function
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.in (LT_CURRENT, LT_AGE): increment current and age to
reflect addition of interfaces.
* doc/dbus-specification.xml: describe a new
org.freedesktop.DBus.Peer.GetMachineId method
* dbus/dbus-string.c (_dbus_string_skip_white_reverse): new function
(_dbus_string_skip_white, _dbus_string_skip_blank): use new
DBUS_IS_ASCII_BLANK, DBUS_IS_ASCII_WHITE macros and fix assertion
at end of skip_white
(_dbus_string_chop_white): new function
* bus/connection.c (bus_connections_setup_connection): call
dbus_connection_set_route_peer_messages.
* dbus/dbus-connection.c
(_dbus_connection_peer_filter_unlocked_no_update): modify to
support a GetMachineId method.
Also, support a new flag to let the bus pass peer methods through
to apps on the bus, which can be set with
dbus_connection_set_route_peer_messages.
Finally, handle and return an error for anything unknown on the
Peer interface, which will allow us to extend the Peer interface
in the future without fear that we're now intercepting something
apps were wanting to see.
* tools/dbus-uuidgen.c: a thin wrapper around the functions in
dbus/dbus-uuidgen.c
* dbus/dbus-uuidgen.c: implement the bulk of the dbus-uuidgen
binary here, since most of the code is already in libdbus
* dbus/dbus-sysdeps.c (_dbus_read_local_machine_uuid): read the
uuid from the system config file
* dbus/dbus-internals.c (_dbus_generate_uuid, _dbus_uuid_encode)
(_dbus_read_uuid_file_without_creating)
(_dbus_create_uuid_file_exclusively, _dbus_read_uuid_file): new
uuid-related functions, partly factored out from dbus-server.c
* dbus/dbus-sysdeps.c (_dbus_error_from_errno): convert EEXIST to
DBUS_ERROR_FILE_EXISTS instead of EEXIST
* dbus/dbus-protocol.h (DBUS_ERROR_FILE_EXISTS): add file exists error
* tools/dbus-cleanup-sockets.1: explain what the point of this
thing is a bit more
* autogen.sh (run_configure): add --config-cache to default
configure args
* dbus/dbus-internals.h (_DBUS_ASSERT_ERROR_IS_SET): disable the
error set/clear assertions when DBUS_DISABLE_CHECKS is defined
* tools/dbus-launch.c (main): if xdisplay hasn't been opened,
don't try to save address, fixes crash in make check
|
| |
|
|
|
|
|
|
| |
prepended the ones we should be looking at with 1.0. Those
prepended with 1.0? need clerification or might not be needed
for 1.0
|
|
|
|
|
|
| |
* bus/connection.c (bus_connections_expect_reply): Make
pending reply limit not common to all connections (Bug #5416)
Patch from Kimmo Hämäläinen <kimmo.hamalainen at nokia.com>
|
|
|
|
|
|
|
|
| |
* dbus/dbus-sysdeps.c (_dbus_read_credentials_unix_socket): fix
typo, from Julien Puydt
* bus/connection.c (bus_connection_disconnected): we were always
doing a wait_for_memory due to a buggy loop, found by Timo Hoenig
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(dbus_connection_disconnect): renamed to dbus_connection_close
for API symmetry with dbus_connection_open
(_dbus_connection_open_internal):
s/dbus_connection_disconnect/dbus_connection_close
* dbus/dbus-bus.c (dbus_bus_get):
s/dbus_connection_disconnect/dbus_connection_close
* bus/connection.c (bus_connections_unref,
bus_connections_setup_connection, bus_connections_expire_incomplete):
s/dbus_connection_disconnect/dbus_connection_close
* bus/dispatch.c (bus_dispatch, kill_client_connection,
kill_client_connection_unchecked, check_hello_connection):
s/dbus_connection_disconnect/dbus_connection_close
* bus/bus.c (new_connection_callback):
s/dbus_connection_disconnect/dbus_connection_close
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dbus/dbus-protocol.h (DBUS_SERVICE_ORG_FREEDESKTOP_DBUS):
Rename to DBUS_SERVICE_DBUS.
(DBUS_PATH_ORG_FREEDESKTOP_DBUS): Rename to DBUS_PATH_DBUS.
(DBUS_PATH_ORG_FREEDESKTOP_LOCAL): Rename to DBUS_PATH_LOCAL.
(DBUS_INTERFACE_ORG_FREEDESKTOP_DBUS): Rename to DBUS_INTERFACE_DBUS.
(DBUS_INTERFACE_ORG_FREEDESKTOP_INTROSPECTABLE): Rename to
DBUS_INTERFACE_INTROSPECTABLE.
(DBUS_INTERFACE_ORG_FREEDESKTOP_PROPERTIES): Rename to
DBUS_INTERFACE_PROPERTIES.
(DBUS_INTERFACE_ORG_FREEDESKTOP_PEER): Rename to
DBUS_INTERFACE_PEER.
(DBUS_INTERFACE_ORG_FREEDESKTOP_LOCAL):
DBUS_INTERFACE_LOCAL.
All other users of those constants have been changed.
* bus/driver.c (bus_driver_handle_introspect): Use constants.
* glib/dbus-gobject.c (handle_introspect): Use constants.
* doc/dbus-faq.xml, doc/dbus-specification.xml: Update for rename.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add and fix docs according to Doxygen warnings throughout
source.
* dbus/dbus-marshal-recursive.c
(_dbus_type_reader_array_is_empty): change this to just call
array_reader_get_array_len() and make it static
* dbus/dbus-message.c (dbus_message_iter_get_element_type): rename
from get_array_type
(dbus_message_iter_init_append): rename from append_iter_init
* dbus/dbus-marshal-recursive.c
(_dbus_type_reader_get_element_type): rename from
_dbus_type_reader_get_array_type
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Land the new message args API and type system.
This patch is huge, but the public API change is not
really large. The set of D-BUS types has changed somewhat,
and the arg "getters" are more geared toward language bindings;
they don't make a copy, etc.
There are also some known issues. See these emails for details
on this huge patch:
http://lists.freedesktop.org/archives/dbus/2004-December/001836.html
http://lists.freedesktop.org/archives/dbus/2005-January/001922.html
* dbus/dbus-marshal-*: all the new stuff
* dbus/dbus-message.c: basically rewritten
* dbus/dbus-memory.c (check_guards): with "guards" enabled, init
freed blocks to be all non-nul bytes so using freed memory is less
likely to work right
* dbus/dbus-internals.c (_dbus_test_oom_handling): add
DBUS_FAIL_MALLOC=N environment variable, so you can do
DBUS_FAIL_MALLOC=0 to skip the out-of-memory checking, or
DBUS_FAIL_MALLOC=10 to make it really, really, really slow and
thorough.
* qt/message.cpp: port to the new message args API
(operator<<): use str.utf8() rather than str.unicode()
(pretty sure this is right from the Qt docs?)
* glib/dbus-gvalue.c: port to the new message args API
* bus/dispatch.c, bus/driver.c: port to the new message args API
* dbus/dbus-string.c (_dbus_string_init_const_len): initialize the
"locked" flag to TRUE and align_offset to 0; I guess we never
looked at these anyhow, but seems cleaner.
* dbus/dbus-string.h (_DBUS_STRING_ALLOCATION_PADDING):
move allocation padding macro to this header; use it to implement
(_DBUS_STRING_STATIC): ability to declare a static string.
* dbus/dbus-message.c (_dbus_message_has_type_interface_member):
change to return TRUE if the interface is not set.
* dbus/dbus-string.[hc]: move the D-BUS specific validation stuff
to dbus-marshal-validate.[hc]
* dbus/dbus-marshal-basic.c (_dbus_type_to_string): move here from
dbus-internals.c
* dbus/Makefile.am: cut over from dbus-marshal.[hc]
to dbus-marshal-*.[hc]
* dbus/dbus-object-tree.c (_dbus_decompose_path): move this
function here from dbus-marshal.c
|
|
|
|
|
| |
* COPYING: switch to Academic Free License version 2.1 instead of
2.0, to resolve complaints about patent termination clause.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SELinux support from Matthew Rickard <mjricka@epoch.ncsc.mil>
* bus/selinux.c, bus/selinux.h: new file encapsulating selinux
functionality
* configure.in: add --enable-selinux
* bus/policy.c (bus_policy_merge): add FIXME to a comment
* bus/main.c (main): initialize and shut down selinux
* bus/connection.c: store SELinux ID on each connection, to avoid
repeated getting of the string context and converting it into
an ID
* bus/bus.c (bus_context_get_policy): new accessor, though it
isn't used
(bus_context_check_security_policy): check whether the security
context of sender connection can send to the security context of
recipient connection
* bus/config-parser.c: add parsing for <selinux> and <associate>
* dbus/dbus-transport.c (_dbus_transport_get_unix_fd): to
implement dbus_connection_get_unix_fd()
* dbus/dbus-connection.c (dbus_connection_get_unix_fd): new
function, used by the selinux stuff
|
|
|
|
|
|
|
|
| |
* bus/expirelist.h (struct BusExpireList): remove unused n_items
field.
* bus/connection.c (bus_connections_expect_reply): Enforce the
per-connection limit on pending replies.
|
|
|
|
|
| |
* Update AFL version to 2.0 throughout the source files to reflect
the update that was done a while ago.
|
|
|
|
|
|
| |
* bus/*.[ch]:
* dbus/*.[ch]:
* glib/*.[ch]: Made ref functions return the pointer
|
|
|
|
|
|
|
|
|
|
| |
* bus/expirelist.c (do_expiration_with_current_time): detect
failure of the expire_func due to OOM
* bus/connection.c (bus_pending_reply_expired): return FALSE on OOM
* bus/dispatch.c (check_send_exit_to_service): fix to handle the
NoReply error that's now created by the bus when the service exits
|
|
|
|
|
|
|
| |
* bus/bus.c (bus_context_check_security_policy): fix up assertion
* bus/connection.c (bus_transaction_send_from_driver): set the
destination to the connection's base service
|