| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an AppArmor confined process wants to acquire a well-known name, a
check is performed to see if the action should be allowed.
The check is based on the connection's label, the bus type, and the name
being requested.
An example AppArmor rule that would allow the name
"com.example.ExampleName" to be acquired on the system bus would be:
dbus bind bus=system name=com.example.ExampleName,
To let a process acquire any name on any bus, the rule would be:
dbus bind,
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Signed-off-by: John Johansen <john.johansen@canonical.com>
[tyhicks: Use BusAppArmorConfinement, bug fixes, cleanup, commit msg]
[tyhicks: initialize reserved area at the start of the query string]
[tyhicks: Use empty string for NULL bustypes when building queries]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
| |
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=46787
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
|
|
|
|
|
|
|
|
| |
Unlike eavesdropping, the point of capture is when the message is
received, except for messages originating inside the dbus-daemon.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=46787
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a special connection that is not allowed to send anything,
and loses all its well-known names.
In future commits, it will get a new set of match rules and the
ability to eavesdrop on messages before the rest of the bus daemon
has had a chance to process them.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=46787
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
|
|
|
|
|
|
|
|
|
| |
This addresses the parts of CVE-2014-3639 not already addressed by
reducing the default authentication timeout.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80851
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80919
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a DBusList* member of BusTransaction named "connections", while
its getter function bus_transaction_get_connections() returns
context->connections which in fact is a BusConnections pointer, this is
quite confusing. Because this is what bus_context_get_connections()
returns.
This patch call out to bus_context_get_connections() directly and remove
the then unused bus_transaction_get_connections().
https://bugs.freedesktop.org/show_bug.cgi?id=71597
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The message bus which can monitor its conf dirs for changes and reload
confs immediately if dir monitor enabled, for example, inotify in Linux,
kqueue in *BSD.
However, it doesn't apply policy rules change for completed connections,
so to apply policy rules change, the client connection has to disconnect
first and then re-connect to message bus.
For imcomplete connections, it always has the latest review of policy
rules.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39463
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
| |
Reviewed-by: Cosimo Alfarano <cosimo.alfarano@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=34040
|
|
|
|
|
|
| |
No comment.
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
|
|
|
|
|
|
| |
Extend the current security logs with even more relevant
information than just the message content. This requires
some utility code to look up and cache (as a string)
the data such as the uid/pid/command when a connection is
authenticated.
|
|
|
|
| |
* Add indent-tabs-mode: nil to all file headers.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/policy.c (bus_policy_create_client_policy): gracefully
continue if the connection has no unix user - just don't apply
any unix user dependent rules.
* bus/config-parser.c: remove dbus-userdb.h usage
* bus/bus.c: remove dbus-userdb.h usage
* dbus/dbus-transport.c (_dbus_transport_get_is_authenticated):
support Windows user function; also, fix the logic for checking
auth as root in the default auth code (broken in the previous
commit)
* dbus/dbus-connection.c
(dbus_connection_set_windows_user_function): new function
(dbus_connection_get_windows_user): new function
|
|
|
|
|
| |
* COPYING: switch to Academic Free License version 2.1 instead of
2.0, to resolve complaints about patent termination clause.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SELinux support from Matthew Rickard <mjricka@epoch.ncsc.mil>
* bus/selinux.c, bus/selinux.h: new file encapsulating selinux
functionality
* configure.in: add --enable-selinux
* bus/policy.c (bus_policy_merge): add FIXME to a comment
* bus/main.c (main): initialize and shut down selinux
* bus/connection.c: store SELinux ID on each connection, to avoid
repeated getting of the string context and converting it into
an ID
* bus/bus.c (bus_context_get_policy): new accessor, though it
isn't used
(bus_context_check_security_policy): check whether the security
context of sender connection can send to the security context of
recipient connection
* bus/config-parser.c: add parsing for <selinux> and <associate>
* dbus/dbus-transport.c (_dbus_transport_get_unix_fd): to
implement dbus_connection_get_unix_fd()
* dbus/dbus-connection.c (dbus_connection_get_unix_fd): new
function, used by the selinux stuff
|
|
|
|
|
| |
* Update AFL version to 2.0 throughout the source files to reflect
the update that was done a while ago.
|
|
|
|
|
|
| |
* bus/*.[ch]:
* dbus/*.[ch]:
* glib/*.[ch]: Made ref functions return the pointer
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/connection.c: implement pending reply tracking using
BusExpireList
* bus/bus.c (bus_context_check_security_policy): verify that a
reply is pending in order to allow a reply to be sent. Deny
messages of unknown type.
* bus/dbus-daemon-1.1.in: update to mention new resource limits
* bus/bus.c (bus_context_get_max_replies_per_connection): new
(bus_context_get_reply_timeout): new
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Get matching rules mostly working in the bus; only actually
parsing the rule text remains. However, the client side of
"signal connections" hasn't been started, this patch is only the
bus side.
* dbus/dispatch.c: fix for the matching rules changes
* bus/driver.c (bus_driver_handle_remove_match)
(bus_driver_handle_add_match): send an ack reply from these
method calls
* glib/dbus-gproxy.c (dbus_gproxy_begin_call): fix order of
arguments, reported by Seth Nickell
* bus/config-parser.c (append_rule_from_element): support
eavesdrop=true|false attribute on policies so match rules
can be prevented from snooping on the system bus.
* bus/dbus-daemon-1.1.in: consistently use terminology "sender"
and "destination" in attribute names; fix some docs bugs;
add eavesdrop=true|false attribute
* bus/driver.c (bus_driver_handle_add_match)
(bus_driver_handle_remove_match): handle AddMatch, RemoveMatch
messages
* dbus/dbus-protocol.h (DBUS_SERVICE_ORG_FREEDESKTOP_BROADCAST): get
rid of broadcast service concept, signals are just always broadcast
* bus/signals.c, bus/dispatch.c, bus/connection.c, bus/bus.c:
mostly implement matching rules stuff (currently only exposed as signal
connections)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unbreak my code...
* dbus/dbus-transport.c (_dbus_transport_get_dispatch_status):
report correct status if we finish processing authentication
inside this function.
* bus/activation.c (try_send_activation_failure): use
bus_transaction_send_error_reply
* bus/connection.c (bus_connection_get_groups): return an error
explaining the problem
* bus/bus.c (bus_context_check_security_policy): implement
restriction here that inactive connections can only send the
hello message. Also, allow bus driver to send anything to
any recipient.
* bus/connection.c (bus_connection_complete): create the
BusClientPolicy here instead of on-demand.
(bus_connection_get_policy): don't return an error
* dbus/dbus-message.c (dbus_message_new_error_reply): allow NULL
sender field in message being replied to
* bus/bus.c (bus_context_check_security_policy): fix silly typo
causing it to return FALSE always
* bus/policy.c (bus_client_policy_check_can_send): fix bug where
we checked sender rather than destination
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
test suite is slightly hosed at the moment, will fix soon
* bus/connection.c (bus_connections_expire_incomplete): fix to
properly disable the timeout when required
(bus_connection_set_name): check whether we can remove incomplete
connections timeout after we complete each connection.
* dbus/dbus-mainloop.c (check_timeout): fix this up a bit,
probably still broken.
* bus/services.c (bus_registry_acquire_service): implement max
number of services owned, and honor allow/deny rules on which
services a connection can own.
* bus/connection.c (bus_connection_get_policy): report errors here
* bus/activation.c: implement limit on number of pending
activations
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/dispatch.c: somehow missed some name_is
* dbus/dbus-timeout.c (_dbus_timeout_set_enabled)
(_dbus_timeout_set_interval): new
* bus/connection.c (bus_connections_setup_connection): record time
when each connection is first set up, and expire them after the
auth timeout passes.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/driver.c (bus_driver_handle_hello): check limits and
return an error if they are exceeded.
* bus/connection.c: maintain separate lists of active and inactive
connections, and a count of each. Maintain count of completed
connections per user. Implement code to check connection limits.
* dbus/dbus-list.c (_dbus_list_unlink): export
* bus/bus.c (bus_context_check_security_policy): enforce a maximum
number of bytes in the message queue for a connection
|
|
|
|
|
|
|
|
|
| |
* bus/bus.c: create and keep around a shared DBusUserDatabase
object.
* bus/connection.c (bus_connection_get_groups): don't cache
groups for user in the connection object, since user database
object now does that.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dbus/dbus-mainloop.c: fix some reentrancy issues by refcounting
callbacks
* test/data/valid-config-files/debug-allow-all.conf.in: allow all
users
* dbus/dbus-transport.c (_dbus_transport_get_dispatch_status):
fix to only recover unused bytes if we're already authenticated
(_dbus_transport_get_is_authenticated): fix to still mark us
authenticated if there are unused bytes.
* bus/dispatch.c: implement security policy checking
* bus/connection.c (bus_transaction_send_from_driver): new
* bus/bus.c (bus_context_check_security_policy): new
* bus/dispatch.c (send_service_nonexistent_error): delete this,
now we just set the DBusError and it gets converted to an error
reply.
* bus/connection.c (allow_user_function): enable code using actual
data from the config file
* bus/policy.c (list_allows_user): handle wildcard rules for
user/group connection perms
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/policy.h: change BusPolicy to be the thing from the config
file, and rename old BusPolicy to BusClientPolicy
* bus/bus.c, bus/connection.c, bus/config-parser.c: change to
match change in how policy works
* dbus/dbus-internals.h: mark assert_not_reached as
__attribute((noreturn))__
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dbus/dbus-connection.c (dbus_connection_flush): don't spin on
the connection if it's disconnected
* bus/activation.c (bus_activation_service_created): use new
transaction features to roll back removal of pending activation if
we don't successfully create the service after all. Don't remove
pending activation if the function fails.
* dbus/dbus-list.c (_dbus_list_insert_before_link)
(_dbus_list_insert_after_link): new code to facilitate
services.c fixes
* dbus/dbus-hash.c (_dbus_hash_table_insert_string_preallocated):
new functionality, so we can preallocate the ability to insert
into a hash table.
* bus/connection.c (bus_transaction_add_cancel_hook): new function
allowing us to put custom hooks in a transaction to be used for
cancelling said transaction
* doc/dbus-specification.sgml: add some discussion of secondary
service owners, and disallow zero-length service names
* bus/services.c (bus_registry_acquire_service): new function,
splits out part of bus_driver_handle_acquire_service() and fixes
a bug where we didn't remove the service doing the acquiring
from the secondary queue if we failed to remove the current owner
from the front of the queue.
|
|
|
|
|
|
|
|
|
|
| |
* bus/policy.c, bus/bus.c, bus/connection.c: implement allow/deny
policies code
* dbus/dbus-hash.h: add ULONG hash keys
* dbus/dbus-sysdeps.c (_dbus_get_groups): new
(_dbus_get_group_id): new function
|
|
|
|
|
|
|
|
|
|
|
| |
Throughout: purge global variables, introduce BusActivation,
BusConnections, BusRegistry, etc. objects instead.
* bus/bus.h, bus/bus.c: introduce BusContext as a global
message bus object
* test/Makefile.am (TEST_BINARIES): disable bus-test for now,
going to redo this a bit differently I think
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mega-patch that gets the message bus daemon initially handling
out-of-memory. Work still needed. Also lots of random
moving stuff to DBusError instead of ResultCode.
* dbus/dbus-list.c (_dbus_list_length_is_one): new function
* dbus/dbus-connection.c
(dbus_connection_send_with_reply_and_block): use DBusError
* dbus/dbus-bus.c: adapt to API changes, make it use DBusError not
DBusResultCode
* dbus/dbus-connection.c (dbus_connection_send): drop the result
code here, as the only failure possible is OOM.
* bus/connection.c (bus_connection_disconnect):
rename bus_connection_disconnected as it's a notification only
* bus/driver.c (bus_driver_handle_acquire_service): don't free
"name" on get_args failure, should be done by get_args;
don't disconnect client for bad args, just return an error.
(bus_driver_handle_service_exists): ditto
* bus/services.c (bus_services_list): NULL-terminate returned array
* bus/driver.c (bus_driver_send_service_lost)
(bus_driver_send_service_acquired): send messages from driver to a
specific client to the client's unique name, not to the broadcast
service.
* dbus/dbus-message.c (decode_header_data): reject messages that
contain no name field
(_dbus_message_get_client_serial): rename to
dbus_message_get_serial and make public
(_dbus_message_set_serial): rename from set_client_serial
(_dbus_message_set_reply_serial): make public
(_dbus_message_get_reply_serial): make public
* bus/connection.c (bus_connection_foreach): allow stopping
iteration by returning FALSE from foreach function.
* dbus/dbus-connection.c (dbus_connection_send_preallocated)
(dbus_connection_free_preallocated_send)
(dbus_connection_preallocate_send): new API for sending a message
without possibility of malloc failure.
(dbus_connection_send_message): rename to just
dbus_connection_send (and same for whole function family)
* dbus/dbus-errors.c (dbus_error_free): make this reinit the error
* dbus/dbus-sysdeps.c (_dbus_exit): new function
* bus/activation.c: handle/return errors
* dbus/dbus-errors.h: add more DBUS_ERROR #define
* dbus/dbus-sysdeps.c (_dbus_directory_open) (_dbus_file_get_contents)
(_dbus_directory_get_next_file): use DBusError instead of DBusResultCode
(_dbus_result_from_errno): move to this file
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dbus/dbus-threads.c:
* dbus/dbus-threads.h:
Add condvars. Remove static mutext from API.
Implement static mutexes by initializing them from threads_init.
* glib/dbus-gthread.c:
* qt/dbus-qthread.cpp:
Update with the thread api changes.
* dbus/dbus-list.c:
* dbus/dbus-list.h:
Turn StaticMutex into normal mutex + init function.
Export new functions _dbus_list_alloc_link, _dbus_list_free_link,
_dbus_list_append_link, _dbus_list_prepend_link
* dbus/dbus-sysdeps.c:
* dbus/dbus-sysdeps.h:
New type dbus_atomic_t, and new functions _dbus_atomic_inc,
_dbus_atomic_dec. Only slow fallback implementation at the moment.
* dbus/dbus-protocol.h:
Add DBUS_MESSAGE_LOCAL_DISCONNECT define
* dbus/dbus-message.c:
Make ref/unref atomic.
Fix some docs.
* dbus/dbus-connection-internal.h:
* dbus/dbus-connection.c:
* dbus/dbus-connection.h:
Make threadsafe.
Change _peek to _borrow,_return & _steal_borrowed.
Change disconnect callback to event.
Make dbus_connection_dispatch_messages reentrant.
* dbus/dbus-transport.c:
Don't ref the connection on calls to the transport
implementation.
* dbus/dbus-message-handler.c:
Make threadsafe.
* glib/dbus-gmain.c:
Don't use peek_message anymore
* test/Makefile.am:
* test/debug-thread.c:
* test/debug-thread.h:
Simple thread implementation that asserts() on deadlocks in
single-threaded code.
* test/bus-test.c:
(main) Call debug_threads_init.
* test/watch.c:
Use disconnect message instead of disconnect callback.
* bus/connection.c:
* bus/connection.h:
Don't call dbus_connection_set_disconnect_function. Instead export
bus_connection_disconnect.
* bus/dispatch.c:
Call bus_connection_disconnect when we get a disconnected message.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/connection.c: (bus_connection_foreach):
* bus/connection.h:
Add new bus_connection_foreach function.
* bus/driver.c: (send_one_message), (bus_driver_broadcast_message):
Add function that broadcasts a message to all clients.
(bus_driver_send_service_created), (bus_driver_handle_hello),
(bus_driver_send_welcome_message),
(bus_driver_handle_list_services), (bus_driver_message_handler):
Implement functions that take care of listing services, and notifying
clients when new services are created.
* bus/services.c: (bus_services_list):
* bus/services.h:
Add new function that returns an array of strings with the currently
registered services.
* glib/dbus-glib.h:
* glib/dbus-gmain.c:
Update copyright year.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/Makefile.am:
Add driver.[ch]
* bus/connection.c: (connection_disconnect_handler):
Remove the connection from the bus driver's list.
(connection_watch_callback): Dispatch messages.
(free_connection_data): Free connection name.
(bus_connection_setup): Add connection to the bus driver's list.
(bus_connection_remove_owned_service):
(bus_connection_set_name), (bus_connection_get_name):
Add functions for setting and getting the connection's name.
* bus/connection.h:
Add function headers.
* bus/driver.c: (create_unique_client_name),
(bus_driver_handle_hello_message),
(bus_driver_send_welcome_message), (bus_driver_message_handler),
(bus_driver_add_connection), (bus_driver_remove_connection):
* bus/driver.h:
* bus/main.c:
* bus/services.c: (bus_service_free):
* bus/services.h:
New file that handles communication and registreation with the bus
itself.
|
|
* bus/connection.c: implement routines for handling connections,
first thing is keeping a list of owned services on each connection
and setting up watches etc.
* bus/services.c: implement a mapping from service names to lists
of connections
* dbus/dbus-hash.c: add DBUS_HASH_POINTER
* dbus/dbus-threads.c (dbus_static_mutex_lock): add functions
to use static mutexes for global data
* dbus/dbus-connection.c (dbus_connection_set_data): add new
collection of functions to set/get application-specific data
on the DBusConnection.
|