summaryrefslogtreecommitdiff
path: root/bus/connection.c
Commit message (Collapse)AuthorAgeFilesLines
* Mediation of processes that acquire well-known namesJohn Johansen2015-02-181-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | When an AppArmor confined process wants to acquire a well-known name, a check is performed to see if the action should be allowed. The check is based on the connection's label, the bus type, and the name being requested. An example AppArmor rule that would allow the name "com.example.ExampleName" to be acquired on the system bus would be: dbus bind bus=system name=com.example.ExampleName, To let a process acquire any name on any bus, the rule would be: dbus bind, Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113 Signed-off-by: John Johansen <john.johansen@canonical.com> [tyhicks: Use BusAppArmorConfinement, bug fixes, cleanup, commit msg] [tyhicks: initialize reserved area at the start of the query string] [tyhicks: Use empty string for NULL bustypes when building queries] Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* Store AppArmor label of connecting processesTyler Hicks2015-02-181-0/+22
| | | | | | | | | | | | | | | | When processes connect the bus, the AppArmor confinement context should be stored for later use when checks are to be done during message sending/receiving, acquire a name, and eavesdropping. Code outside of apparmor.c will need to initialize and unreference the confinement context, so bus_apparmor_confinement_unref() can no longer be a static function. [Move bus_apparmor_confinement_unref back to its old location for a more reasonable diff -smcv] Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* Capture a fake reply if a broadcast cannot be deliveredSimon McVittie2015-02-041-1/+1
| | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=46787 Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
* Capture all messages received or sent, and send them to monitorsSimon McVittie2015-02-041-9/+178
| | | | | | | | Unlike eavesdropping, the point of capture is when the message is received, except for messages originating inside the dbus-daemon. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=46787 Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
* Add support for morphing a D-Bus connection into a "monitor"Simon McVittie2015-02-041-1/+101
| | | | | | | | | | | | This is a special connection that is not allowed to send anything, and loses all its well-known names. In future commits, it will get a new set of match rules and the ability to eavesdrop on messages before the rest of the bus daemon has had a chance to process them. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=46787 Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
* Upgrade auth_timeout violation to a warning, since this branch has thoseSimon McVittie2014-11-241-1/+1
|
* Merge branch 'dbus-1.8'Simon McVittie2014-11-241-0/+8
|\ | | | | | | | | | | Conflicts: NEWS configure.ac
| * Log to syslog when auth_timeout drops an incomplete connectionSimon McVittie2014-11-221-0/+8
| | | | | | | | | | | | | | This is a symptom of either a denial of service attack, or a serious performance problem. Either way, sysadmins should know. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=86431
* | Use a better NoReply message for disconnection with reply pendingSimon McVittie2014-10-291-1/+6
|/ | | | | | | | | | As an implementation detail, dbus-daemon handles this situation by artificially triggering a timeout (even if its configured timeout for method calls is in fact infinite). However, using the same debug message for both is misleading, and can lead people who are debugging a service crash to blame dbus-daemon instead, wasting their time. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=76112
* bus: enforce pending_fd_timeoutAlban Crequy2014-09-151-0/+71
| | | | | | | | | | | | This is one of four commits needed to address CVE-2014-3637. The bus uses _dbus_connection_set_pending_fds_function and _dbus_connection_get_pending_fds_count to be notified when there are pending file descriptors. A timeout per connection is armed and disarmed when the file descriptor list is used and emptied. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80559 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* Stop listening on DBusServer sockets when reaching max_incomplete_connectionsAlban Crequy2014-09-151-24/+18
| | | | | | | | | This addresses the parts of CVE-2014-3639 not already addressed by reducing the default authentication timeout. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80851 Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80919 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* BusTransaction: remove confusing getter of connectionsChengwei Yang2014-01-061-6/+0
| | | | | | | | | | | | | | There is a DBusList* member of BusTransaction named "connections", while its getter function bus_transaction_get_connections() returns context->connections which in fact is a BusConnections pointer, this is quite confusing. Because this is what bus_context_get_connections() returns. This patch call out to bus_context_get_connections() directly and remove the then unused bus_transaction_get_connections(). https://bugs.freedesktop.org/show_bug.cgi?id=71597 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* Reload policy rules for completed connectionsChengwei Yang2014-01-061-0/+36
| | | | | | | | | | | | | | | | The message bus which can monitor its conf dirs for changes and reload confs immediately if dir monitor enabled, for example, inotify in Linux, kqueue in *BSD. However, it doesn't apply policy rules change for completed connections, so to apply policy rules change, the client connection has to disconnect first and then re-connect to message bus. For imcomplete connections, it always has the latest review of policy rules. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39463 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* transaction_free: factor outSimon McVittie2013-11-011-10/+12
| | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=60859 Reviewed-by: Chengwei Yang [removed unused variable based on review -smcv]
* Avoid using monotonic time in the DBUS_COOKIE_SHA1 authentication methodDavid Zeuthen2012-04-121-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | When libdbus-1 moved to using monotonic time support for the DBUS_COOKIE_SHA1 authentication was broken, in particular interoperability with non-libdbus-1 implementations such as GDBus. The problem is that if monotonic clocks are available in the OS, _dbus_get_current_time() will not return the number of seconds since the Epoch so using it for DBUS_COOKIE_SHA1 will violate the D-Bus specification. If both peers are using libdbus-1 it's not a problem since both ends will use the wrong time and thus agree. However, if the other end is another implementation and following the spec it will not work. First, we change _dbus_get_current_time() back so it always returns time since the Epoch and we then rename it _dbus_get_real_time() to make this clear. We then introduce _dbus_get_monotonic_time() and carefully make all current users of _dbus_get_current_time() use it, if applicable. During this audit, one of the callers, _dbus_generate_uuid(), was currently using monotonic time but it was decided to make it use real time instead. Signed-off-by: David Zeuthen <davidz@redhat.com> Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=48580
* Merge branch 'socket-set-33337'Simon McVittie2012-02-071-1/+10
|\ | | | | | | | | Reviewed-by: Will Thompson <will.thompson@collabora.co.uk> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=33337
| * Add a stub _dbus_loop_toggle_watch and call it where neededSimon McVittie2011-06-131-1/+10
| | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=33337 Bug-NB: NB#197191
* | BusConnections: don't assert about BusConnectionData in functions that don't ↵Simon McVittie2011-09-191-11/+0
| | | | | | | | need it
* | Remove a never-used callbackSimon McVittie2011-09-191-8/+0
| |
* | BusConnections: add usage stats for well-known names, match rulesSimon McVittie2011-06-241-0/+120
|/ | | | | Reviewed-by: Cosimo Alfarano <cosimo.alfarano@collabora.co.uk> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=34040
* DBusLoop: remove second layer of watch callbacks where possibleSimon McVittie2011-06-131-21/+2
| | | | | | | | | | | | | Similar to the previous commit, almost every use of DBusWatch can just have the main loop call dbus_watch_handle. The one exception is the bus activation code; it's had a comment explaining why it's wrong since 2003. We should fix that one day, but for now, just migrate it to a new _dbus_loop_add_watch_full which preserves the second-layer callback. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=33342 Reviewed-by: Thiago Macieira <thiago@kde.org>
* DBusLoop: remove a layer of pointless abstraction around timeoutsSimon McVittie2011-06-131-18/+4
| | | | | | | | | | | | | | | Instead of supplying 8 tiny wrapper functions around dbus_timeout_handle, each with a user_data parameter that's a potentially unsafe borrowed pointer but isn't actually used, we can call dbus_timeout_handle directly and save a lot of trouble. One of the wrappers previously called dbus_timeout_handle repeatedly if it returned FALSE to indicate OOM, but that timeout's handler never actually returned FALSE, so there was no practical effect. The rest just ignore the return, which is documented as OK to do. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=33342 Reviewed-by: Thiago Macieira <thiago@kde.org>
* Take care to free windows_sid in cache_peer_loginfo_stringChristian Dywan2010-10-051-2/+5
|
* Don't truncate pointers on Windows x64 platformFridrich Štrba2010-05-031-4/+4
|
* Cleaned up _dbus_verbose calls: function names and code line numbers are ↵Ralf Habacker2010-03-271-5/+5
| | | | printed by default.
* Consistently include <config.h> in all C source files and never in header files.Marcus Brinkmann2010-03-191-0/+2
|
* Bug 21161 - Update the FSF addressTobias Mueller2009-07-101-1/+1
| | | | | | No comment. Signed-off-by: Colin Walters <walters@verbum.org>
* Always append closing quote in log commandColin Walters2009-03-121-6/+5
| | | | Patch suggested by Tomas Hoger <thoger@redhat.com>
* Add uid, pid, and command to security logsColin Walters2008-12-171-10/+95
| | | | | | | | Extend the current security logs with even more relevant information than just the message content. This requires some utility code to look up and cache (as a string) the data such as the uid/pid/command when a connection is authenticated.
* Make BusExpireList an opaque data typeHavoc Pennington2008-03-041-30/+28
| | | | | | | | | | | | 2007-11-08 Havoc Pennington <hp@redhat.com> * bus/connection.c, bus/expirelist.c: Make the BusExpireList struct opaque, adding accessors for manipulating the list. In this commit there should be no change in functionality or behavior. The purpose of this change is to improve encapsulation prior to fixing some bugs Kimmo Hämäläinen found where the timeout is not properly updated, since we need to e.g. take some action whenever adding and removing stuff from the expire list.
* plug a possible BusClientPolicy leak (FDO Bug #13242)John (J5) Palmieri2008-01-141-0/+2
| | | | | | | | | 2008-01-14 John (J5) Palmieri <johnp@redhat.com> * patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com> * bus/connection.c (bus_connection_complete): plug a possible BusClientPolicy leak (FDO Bug #13242)
* 2007-07-13 Havoc Pennington <hp@redhat.com>Havoc Pennington2007-07-141-1/+1
| | | | * Add indent-tabs-mode: nil to all file headers.
* 2007-06-09 Havoc Pennington <hp@redhat.com>Havoc Pennington2007-06-091-17/+26
| | | | | | | | | | | | | | | | | | | * bus/policy.c (bus_policy_create_client_policy): gracefully continue if the connection has no unix user - just don't apply any unix user dependent rules. * bus/config-parser.c: remove dbus-userdb.h usage * bus/bus.c: remove dbus-userdb.h usage * dbus/dbus-transport.c (_dbus_transport_get_is_authenticated): support Windows user function; also, fix the logic for checking auth as root in the default auth code (broken in the previous commit) * dbus/dbus-connection.c (dbus_connection_set_windows_user_function): new function (dbus_connection_get_windows_user): new function
* commit.msgTim Dijkstra2006-12-121-7/+2
|
* 2006-09-30 Havoc Pennington <hp@redhat.com>Havoc Pennington2006-10-011-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * configure.in (LT_CURRENT, LT_AGE): increment current and age to reflect addition of interfaces. * doc/dbus-specification.xml: describe a new org.freedesktop.DBus.Peer.GetMachineId method * dbus/dbus-string.c (_dbus_string_skip_white_reverse): new function (_dbus_string_skip_white, _dbus_string_skip_blank): use new DBUS_IS_ASCII_BLANK, DBUS_IS_ASCII_WHITE macros and fix assertion at end of skip_white (_dbus_string_chop_white): new function * bus/connection.c (bus_connections_setup_connection): call dbus_connection_set_route_peer_messages. * dbus/dbus-connection.c (_dbus_connection_peer_filter_unlocked_no_update): modify to support a GetMachineId method. Also, support a new flag to let the bus pass peer methods through to apps on the bus, which can be set with dbus_connection_set_route_peer_messages. Finally, handle and return an error for anything unknown on the Peer interface, which will allow us to extend the Peer interface in the future without fear that we're now intercepting something apps were wanting to see. * tools/dbus-uuidgen.c: a thin wrapper around the functions in dbus/dbus-uuidgen.c * dbus/dbus-uuidgen.c: implement the bulk of the dbus-uuidgen binary here, since most of the code is already in libdbus * dbus/dbus-sysdeps.c (_dbus_read_local_machine_uuid): read the uuid from the system config file * dbus/dbus-internals.c (_dbus_generate_uuid, _dbus_uuid_encode) (_dbus_read_uuid_file_without_creating) (_dbus_create_uuid_file_exclusively, _dbus_read_uuid_file): new uuid-related functions, partly factored out from dbus-server.c * dbus/dbus-sysdeps.c (_dbus_error_from_errno): convert EEXIST to DBUS_ERROR_FILE_EXISTS instead of EEXIST * dbus/dbus-protocol.h (DBUS_ERROR_FILE_EXISTS): add file exists error * tools/dbus-cleanup-sockets.1: explain what the point of this thing is a bit more * autogen.sh (run_configure): add --config-cache to default configure args * dbus/dbus-internals.h (_DBUS_ASSERT_ERROR_IS_SET): disable the error set/clear assertions when DBUS_DISABLE_CHECKS is defined * tools/dbus-launch.c (main): if xdisplay hasn't been opened, don't try to save address, fixes crash in make check
* * remove a bunch of todo items from the 1.0 listJohn (J5) Palmieri2006-09-111-2/+2
|
* * doc/TODO, various source files: Audited todo's and FIXME's andJohn (J5) Palmieri2006-09-061-1/+1
| | | | | | prepended the ones we should be looking at with 1.0. Those prepended with 1.0? need clerification or might not be needed for 1.0
* 2006-02-10 John (J5) Palmieri <johnp@redhat.com>John (J5) Palmieri2006-02-101-1/+2
| | | | | | * bus/connection.c (bus_connections_expect_reply): Make pending reply limit not common to all connections (Bug #5416) Patch from Kimmo Hämäläinen <kimmo.hamalainen at nokia.com>
* 2005-08-03 Havoc Pennington <hp@redhat.com>Havoc Pennington2005-08-031-6/+2
| | | | | | | | * dbus/dbus-sysdeps.c (_dbus_read_credentials_unix_socket): fix typo, from Julien Puydt * bus/connection.c (bus_connection_disconnected): we were always doing a wait_for_memory due to a buggy loop, found by Timo Hoenig
* * dbus/dbus-connection.c, dbus/dbus-connection.hJohn (J5) Palmieri2005-06-021-4/+4
| | | | | | | | | | | | | | | | | | | | | (dbus_connection_disconnect): renamed to dbus_connection_close for API symmetry with dbus_connection_open (_dbus_connection_open_internal): s/dbus_connection_disconnect/dbus_connection_close * dbus/dbus-bus.c (dbus_bus_get): s/dbus_connection_disconnect/dbus_connection_close * bus/connection.c (bus_connections_unref, bus_connections_setup_connection, bus_connections_expire_incomplete): s/dbus_connection_disconnect/dbus_connection_close * bus/dispatch.c (bus_dispatch, kill_client_connection, kill_client_connection_unchecked, check_hello_connection): s/dbus_connection_disconnect/dbus_connection_close * bus/bus.c (new_connection_callback): s/dbus_connection_disconnect/dbus_connection_close
* 2005-02-17 Colin Walters <walters@verbum.org>Colin Walters2005-02-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | * dbus/dbus-protocol.h (DBUS_SERVICE_ORG_FREEDESKTOP_DBUS): Rename to DBUS_SERVICE_DBUS. (DBUS_PATH_ORG_FREEDESKTOP_DBUS): Rename to DBUS_PATH_DBUS. (DBUS_PATH_ORG_FREEDESKTOP_LOCAL): Rename to DBUS_PATH_LOCAL. (DBUS_INTERFACE_ORG_FREEDESKTOP_DBUS): Rename to DBUS_INTERFACE_DBUS. (DBUS_INTERFACE_ORG_FREEDESKTOP_INTROSPECTABLE): Rename to DBUS_INTERFACE_INTROSPECTABLE. (DBUS_INTERFACE_ORG_FREEDESKTOP_PROPERTIES): Rename to DBUS_INTERFACE_PROPERTIES. (DBUS_INTERFACE_ORG_FREEDESKTOP_PEER): Rename to DBUS_INTERFACE_PEER. (DBUS_INTERFACE_ORG_FREEDESKTOP_LOCAL): DBUS_INTERFACE_LOCAL. All other users of those constants have been changed. * bus/driver.c (bus_driver_handle_introspect): Use constants. * glib/dbus-gobject.c (handle_introspect): Use constants. * doc/dbus-faq.xml, doc/dbus-specification.xml: Update for rename.
* 2005-01-16 Havoc Pennington <hp@redhat.com>Havoc Pennington2005-01-161-1/+1
| | | | | | | | | | | | | | | | | * Add and fix docs according to Doxygen warnings throughout source. * dbus/dbus-marshal-recursive.c (_dbus_type_reader_array_is_empty): change this to just call array_reader_get_array_len() and make it static * dbus/dbus-message.c (dbus_message_iter_get_element_type): rename from get_array_type (dbus_message_iter_init_append): rename from append_iter_init * dbus/dbus-marshal-recursive.c (_dbus_type_reader_get_element_type): rename from _dbus_type_reader_get_array_type
* 2005-01-15 Havoc Pennington <hp@redhat.com>Havoc Pennington2005-01-151-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Land the new message args API and type system. This patch is huge, but the public API change is not really large. The set of D-BUS types has changed somewhat, and the arg "getters" are more geared toward language bindings; they don't make a copy, etc. There are also some known issues. See these emails for details on this huge patch: http://lists.freedesktop.org/archives/dbus/2004-December/001836.html http://lists.freedesktop.org/archives/dbus/2005-January/001922.html * dbus/dbus-marshal-*: all the new stuff * dbus/dbus-message.c: basically rewritten * dbus/dbus-memory.c (check_guards): with "guards" enabled, init freed blocks to be all non-nul bytes so using freed memory is less likely to work right * dbus/dbus-internals.c (_dbus_test_oom_handling): add DBUS_FAIL_MALLOC=N environment variable, so you can do DBUS_FAIL_MALLOC=0 to skip the out-of-memory checking, or DBUS_FAIL_MALLOC=10 to make it really, really, really slow and thorough. * qt/message.cpp: port to the new message args API (operator<<): use str.utf8() rather than str.unicode() (pretty sure this is right from the Qt docs?) * glib/dbus-gvalue.c: port to the new message args API * bus/dispatch.c, bus/driver.c: port to the new message args API * dbus/dbus-string.c (_dbus_string_init_const_len): initialize the "locked" flag to TRUE and align_offset to 0; I guess we never looked at these anyhow, but seems cleaner. * dbus/dbus-string.h (_DBUS_STRING_ALLOCATION_PADDING): move allocation padding macro to this header; use it to implement (_DBUS_STRING_STATIC): ability to declare a static string. * dbus/dbus-message.c (_dbus_message_has_type_interface_member): change to return TRUE if the interface is not set. * dbus/dbus-string.[hc]: move the D-BUS specific validation stuff to dbus-marshal-validate.[hc] * dbus/dbus-marshal-basic.c (_dbus_type_to_string): move here from dbus-internals.c * dbus/Makefile.am: cut over from dbus-marshal.[hc] to dbus-marshal-*.[hc] * dbus/dbus-object-tree.c (_dbus_decompose_path): move this function here from dbus-marshal.c
* 2004-08-09 Havoc Pennington <hp@redhat.com>Havoc Pennington2004-08-101-1/+1
| | | | | * COPYING: switch to Academic Free License version 2.1 instead of 2.0, to resolve complaints about patent termination clause.
* 2004-07-24 Havoc Pennington <hp@redhat.com>Havoc Pennington2004-07-301-1/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SELinux support from Matthew Rickard <mjricka@epoch.ncsc.mil> * bus/selinux.c, bus/selinux.h: new file encapsulating selinux functionality * configure.in: add --enable-selinux * bus/policy.c (bus_policy_merge): add FIXME to a comment * bus/main.c (main): initialize and shut down selinux * bus/connection.c: store SELinux ID on each connection, to avoid repeated getting of the string context and converting it into an ID * bus/bus.c (bus_context_get_policy): new accessor, though it isn't used (bus_context_check_security_policy): check whether the security context of sender connection can send to the security context of recipient connection * bus/config-parser.c: add parsing for <selinux> and <associate> * dbus/dbus-transport.c (_dbus_transport_get_unix_fd): to implement dbus_connection_get_unix_fd() * dbus/dbus-connection.c (dbus_connection_get_unix_fd): new function, used by the selinux stuff
* * doc/TODO: Remove resolved items.Kristian Høgsberg2004-05-201-1/+11
| | | | | | | | * bus/expirelist.h (struct BusExpireList): remove unused n_items field. * bus/connection.c (bus_connections_expect_reply): Enforce the per-connection limit on pending replies.
* 2003-12-02 Richard Hult <richard@imendio.com>Richard Hult2003-12-021-1/+1
| | | | | * Update AFL version to 2.0 throughout the source files to reflect the update that was done a while ago.
* 2003-11-26 Mikael Hallendal <micke@imendio.com>Mikael Hallendal2003-11-271-1/+3
| | | | | | * bus/*.[ch]: * dbus/*.[ch]: * glib/*.[ch]: Made ref functions return the pointer
* 2003-10-28 Havoc Pennington <hp@redhat.com>Havoc Pennington2003-10-281-6/+8
| | | | | | | | | | * bus/expirelist.c (do_expiration_with_current_time): detect failure of the expire_func due to OOM * bus/connection.c (bus_pending_reply_expired): return FALSE on OOM * bus/dispatch.c (check_send_exit_to_service): fix to handle the NoReply error that's now created by the bus when the service exits
* 2003-10-22 Havoc Pennington <hp@redhat.com>Havoc Pennington2003-10-221-0/+7
| | | | | | | * bus/bus.c (bus_context_check_security_policy): fix up assertion * bus/connection.c (bus_transaction_send_from_driver): set the destination to the connection's base service
View Lorry Controller Status