| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=70799
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
Reviewed-by: Ryan Lortie <desrt@desrt.ca>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
dbus-daemon will crash due to invalid service file which key/value
starts before section. In that situation, new_line() will try to access
invalid address.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=60853
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| | |
| |
| |
| |
| | |
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When dbus-daemon receives a request to activate a systemd service before
systemd has connected to it, it enqueues a fake request to "activate"
systemd itself (as a way to get a BusPendingActivationEntry to track the
process of waiting for systemd). When systemd later joins the bus,
dbus-daemon sends the actual activation message; any future activation
messages are sent directly to systemd.
In the "pending" code path, the activation messages are currently
dispatched as though they had been sent by the same process that sent
the original activation request, which is wrong: the bus security
policy probably doesn't allow that process to talk to systemd directly.
They should be dispatched as though they had been sent by the
dbus-daemon itself (connection == NULL), the same as in the non-pending
code path.
In the worst case, if the attempt to activate systemd timed out, the
dbus-daemon would crash with a (fatal) warning, because in this special
case, activation_message is a signal with no serial number, whereas the
code to send an error reply is expecting a method call with a serial
number.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=50199
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Tested-by: Ma Yu <yu.ma@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Key-word "Group" of DBus .service file hasn't been used since it was
introduced in 2007, so it's fine to remove it.
https://bugs.freedesktop.org/show_bug.cgi?id=19158
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| | |
| |
| |
| |
| | |
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=66728
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| | |
| |
| |
| |
| |
| |
| | |
On platforms that use getpeereid(), this can't work.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=60340
Reviewed-by: Colin Walters <walters@verbum.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When we drop capabilities we shouldn't assume we can keep
CAP_AUDIT_WRITE unconditionally, since it will not be available when
running in containers.
This patch only adds CAP_AUDIT_WRITE to the list of caps we keep if we
actually have it in the first place.
This makes audit/selinux enabled D-Bus work in a Linux container.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=49062
Acked-by: Thiago Macieira <thiago@kde.org>
Acked-by: Colin Walters <walters@verbum.org>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On Windows, the dbus-daemon is not able to fork (daemonize). If someone
explicitly requests forking, it should fail, but if someone
explicitly requests *not* forking, there seems no harm in allowing it.
A few of the regression tests specifically require a dbus-daemon that
will not fork, so allowing this option on Windows means those tests
don't need an extra OS condition.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=68852
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
|
| | |
| |
| |
| | |
It must be one of the "only smcv tests this" configurations...
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Sharing a static variable between threads is not safe in general,
and this function is used in the shared libdbus (for nonce files),
so it can't rely on being single-threaded.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=68610
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
|
| | |
| |
| |
| |
| | |
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=68303
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
At previous, it will do get pid and print a verbose string per inotify
event, and then do send signal to the daemon.
This patch changes the behavior to get pid and print a verbose string
one time.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=68303
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| | |
| |
| |
| | |
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It's sufficiently portable that GLib has an equivalent, and I really
don't want to have to either open-code it in dbus-run-session or
link dbus-run-session statically. We have enough statically-linked
rubbish already.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39196
Reviewed-by: Colin Walters <walters@verbum.org>
|
| | |
| |
| |
| | |
This reverts commit 600621dbc8073527a958091316eddfbb490c1032.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In order to authorize/reject a connection in a polite way, instead of
cutting it off after authentication succeed and Hello() is
sent, because authorization failed, we need to factor out some
authorization bits from DBusTransport and pass them to DBusAuth.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39720
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The initial set of credentials is just UnixUserID and ProcessID.
The rest can follow when someone is sufficiently interested to actually
test them.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=54445
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
[rename a function that Ralf found unclear -smcv]
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| | |
| |
| |
| |
| |
| | |
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=54445
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| | |
| |
| |
| |
| |
| | |
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=66291
|
| | |
| |
| |
| |
| |
| | |
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=66291
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
dnotify as a dir watch backend is broken since Jan 2010 (almost 3.5
years). According to fd.o: #33001, it's no harm to remove dnotify from
this project.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=33001
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| | |
| |
| |
| |
| |
| | |
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=66035
|
| | |
| |
| |
| |
| |
| | |
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=54445
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
|
| | |
| |
| |
| |
| |
| | |
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=66004
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| | |
| |
| |
| |
| | |
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=42441
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This lets them be thread-safe by default, at the cost that they can
now fail.
init_uninitialized_locks() and init_global_locks() must now both
reimplement the equivalent of _dbus_register_shutdown_func(), by using
_dbus_platform_rmutex_lock() on the same underlying mutex around a call
to _dbus_register_shutdown_func_unlocked().
This is because if they used the usual _DBUS_LOCK() API (as
_dbus_register_shutdown_func() does), it would automatically try to
initialize global locking, leading to infinite recursion.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=54972
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Alban Crequy <alban.crequy@collabora.co.uk>
Reviewed-by: Anas Nashif <anas.nashif@intel.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
[The libxml code path has been broken for at least 2.5 years, and Expat
is tiny, so there seems no point in supporting both. -smcv]
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=20253
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
dbus-daemon will crash due to invalid service file which key/value
starts before section. In that situation, new_line() will try to access
invalid address.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=60853
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| | |
| |
| |
| |
| | |
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When dbus-daemon receives a request to activate a systemd service before
systemd has connected to it, it enqueues a fake request to "activate"
systemd itself (as a way to get a BusPendingActivationEntry to track the
process of waiting for systemd). When systemd later joins the bus,
dbus-daemon sends the actual activation message; any future activation
messages are sent directly to systemd.
In the "pending" code path, the activation messages are currently
dispatched as though they had been sent by the same process that sent
the original activation request, which is wrong: the bus security
policy probably doesn't allow that process to talk to systemd directly.
They should be dispatched as though they had been sent by the
dbus-daemon itself (connection == NULL), the same as in the non-pending
code path.
In the worst case, if the attempt to activate systemd timed out, the
dbus-daemon would crash with a (fatal) warning, because in this special
case, activation_message is a signal with no serial number, whereas the
code to send an error reply is expecting a method call with a serial
number.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=50199
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Tested-by: Ma Yu <yu.ma@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It is no longer required or recommended in fact it no longer
exists since
http://cgit.freedesktop.org/systemd/systemd/commit/?id=5d4caf565471ff3401bd9b53aa814c8545a18a93
[Clarification: there are two reasons why we do not need that dependency.
First, we do not have DefaultDependencies=no, so we only get run after
sockets.target. Second, syslog.socket doesn't provide /dev/log, which is
part of systemd-journald.socket. -smcv]
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=63531
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As Ralf pointed out, we usually use upper-case when substituting
variables (apart from "somethingdir", which Autoconf conventionally
makes lower-case for some reason).
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=63682
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
QNX has an arbitrary limit to the number of file descriptors
which may be passed in a message, which is smaller than the
current default. This patch therefore changes the default from
a hardcoded constant to a macro, which is determined at configure
time by looking at the host operating system.
[This reduces the limit from 4096 (session)/1024 (system) to 128 fds
per message on QNX, and 1024 fds per message on other operating systems.
I think the reduced session bus limit on other OSs is a reasonable change
too, given that the default hard/soft ulimits in Linux are only 4096/1024
fds per process. -smcv]
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61176
Reviewed-by: Simon McVittie <simon.mcvittie.collabora.co.uk>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This causes the test to fail. The assumption implicitly being made was
"if pid 1 is systemd, then every caller of _dbus_init_system_log() is a
systemd service" which is not valid for the regression test.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=63163
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Colin Walters <walters@verbum.org>
|
| | |
| |
| |
| |
| |
| | |
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=54445
Reviewed-by: Thiago Macieira <thiago@kde.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
QNX's copy of sys/inotify.h is broken, and doesn't include
stdint.h even though it refers to types from it. Therefore,
it must be included manually.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61176
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
<servicehelper> is not supported in the included config file, i. e. it's
not merged in merge_included(). There's clearly no reason it shouldn't
be supported in the included config file along with <user>, <type>
and others. It's quite reasonable for a client willing to override the
default servicehelper, e. g. in system-local.conf.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=51560
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| |\ \
| |/
| |
| |
| |
| |
| | |
Conflicts:
NEWS
bus/activation-helper.c
configure.ac
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Otherwise, the tests try to connect to the real system bus, which will
often fail - particularly if you run the tests configured for the default
/usr/local (with no intention of installing the result), in which case
the tests would try to connect to /usr/local/var/run/dbus/system_bus_socket.
Reviewed-by: Colin Walters <walters@verbum.org>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=52202
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The fix for CVE-2012-3524 filters out all environment variables if
libdbus is used from a setuid program, to prevent various spoofing
attacks.
Unfortunately, the activation helper is a setuid program linking
libdbus, and this creates a regression for launched programs using
DBUS_STARTER_ADDRESS, since it will no longer exist.
Fix this by hardcoding the starter address to the default system bus
address.
Signed-off-by: Geoffrey Thomas <gthomas@mokafive.com>
Signed-off-by: Colin Walters <walters@verbum.org>
|
| | |
| |
| |
| |
| |
| | |
It's not really useful.
See https://bugs.freedesktop.org/show_bug.cgi?id=52202#c17
|
| | |
| |
| |
| |
| |
| |
| |
| | |
addresses and set better defaults"
This reverts commit b5d36dc27d1905d4d46ad7f0097f0ea0e0776adb.
On second thoughts, this is too big a change for a stable branch.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The fix for CVE-2012-3524 filters out all environment variables if
libdbus is used from a setuid program, to prevent various spoofing
attacks.
Unfortunately, the activation helper is a setuid program linking
libdbus, and this creates a regression for launched programs using
DBUS_STARTER_ADDRESS, since it will no longer exist.
Fix this by hardcoding the starter address to the default system bus
address.
Signed-off-by: Geoffrey Thomas <gthomas@mokafive.com>
Signed-off-by: Colin Walters <walters@verbum.org>
|
| |/
|
|
|
|
| |
It's not really useful.
See https://bugs.freedesktop.org/show_bug.cgi?id=52202#c17
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
set better defaults
On Unix, the connect address should basically always be "autolaunch:"
but the listen address has to be something you can listen on.
On Windows, you can listen on "autolaunch:" or
"autolaunch:scope=*install-path", for instance, and the dbus-daemon is
involved in the auto-launching process.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=38201
Reviewed-by: David Zeuthen <davidz@redhat.com>
[default address changed to autolaunch: for interop with GDBus -smcv]
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When libdbus-1 moved to using monotonic time support for the
DBUS_COOKIE_SHA1 authentication was broken, in particular
interoperability with non-libdbus-1 implementations such as GDBus.
The problem is that if monotonic clocks are available in the OS,
_dbus_get_current_time() will not return the number of seconds since
the Epoch so using it for DBUS_COOKIE_SHA1 will violate the D-Bus
specification. If both peers are using libdbus-1 it's not a problem
since both ends will use the wrong time and thus agree. However, if
the other end is another implementation and following the spec it will
not work.
First, we change _dbus_get_current_time() back so it always returns
time since the Epoch and we then rename it _dbus_get_real_time() to
make this clear. We then introduce _dbus_get_monotonic_time() and
carefully make all current users of _dbus_get_current_time() use it,
if applicable. During this audit, one of the callers,
_dbus_generate_uuid(), was currently using monotonic time but it was
decided to make it use real time instead.
Signed-off-by: David Zeuthen <davidz@redhat.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=48580
|
| |
|
|
|
|
|
| |
After parsing [allow|deny] rules with own_prefix, check they are enforced
correctly.
https://bugs.freedesktop.org/show_bug.cgi?id=46886
|
