2003-04-24 Havoc Pennington <hp@redhat.com>

* test/data/valid-config-files/basic.conf: add <limit> tags to this test * bus/config-parser.h, bus/config-parser.c, bus/bus.c: Implement <limit> tag in configuration file.
author: Havoc Pennington <hp@redhat.com> 2003-04-24 22:30:38 +0000
committer: Havoc Pennington <hp@redhat.com> 2003-04-24 22:30:38 +0000
commit: 3185d7edde8ffc7672aa7d771966b0f1e0158aea (patch)
tree: 03f33d4ca7737d26badd04f2fd6ee95db0ffdba7 /bus/bus.c
parent: 1820f3bd0a5a4b0ab14dbcc80ba1b68d2c48e01d (diff)
1 files changed, 12 insertions, 43 deletions
diff --git a/bus/bus.c b/bus/bus.c
index 53ad8e65..7bb4bf99 100644
--- a/bus/bus.c
+++ b/bus/bus.c
@@ -45,14 +45,7 @@ struct BusContext
   BusRegistry *registry;
   BusPolicy *policy;
   DBusUserDatabase *user_database;
-  long max_incoming_bytes;          /**< How many incoming messages for a connection */
-  long max_outgoing_bytes;          /**< How many outgoing bytes can be queued for a connection */
-  long max_message_size;            /**< Max size of a single message in bytes */
-  int activation_timeout;           /**< How long to wait for an activation to time out */
-  int auth_timeout;                 /**< How long to wait for an authentication to time out */
-  int max_completed_connections;    /**< Max number of authorized connections */
-  int max_incomplete_connections;   /**< Max number of incomplete connections */
-  int max_connections_per_user;     /**< Max number of connections auth'd as same user */
+  BusLimits limits;
 };
 
 static int server_data_slot = -1;
@@ -215,10 +208,10 @@ new_connection_callback (DBusServer     *server,
     }
 
   dbus_connection_set_max_received_size (new_connection,
-                                         context->max_incoming_bytes);
+                                         context->limits.max_incoming_bytes);
 
   dbus_connection_set_max_message_size (new_connection,
-                                        context->max_message_size);
+                                        context->limits.max_message_size);
   
   /* on OOM, we won't have ref'd the connection so it will die. */
 }
@@ -357,38 +350,14 @@ bus_context_new (const DBusString *config_file,
   
   context->refcount = 1;
 
+  /* get our limits and timeout lengths */
+  bus_config_parser_get_limits (parser, &context->limits);
+  
   /* we need another ref of the server data slot for the context
    * to own
    */
   if (!server_data_slot_ref ())
     _dbus_assert_not_reached ("second ref of server data slot failed");
-
-  /* Make up some numbers! woot! */
-  context->max_incoming_bytes = _DBUS_ONE_MEGABYTE * 63;  
-  context->max_outgoing_bytes = _DBUS_ONE_MEGABYTE * 63;
-  context->max_message_size = _DBUS_ONE_MEGABYTE * 32;
-  
-#ifdef DBUS_BUILD_TESTS
-  context->activation_timeout = 6000;  /* 6 seconds */
-#else
-  context->activation_timeout = 15000; /* 15 seconds */
-#endif
-
-  /* Making this long risks making a DOS attack easier, but too short
-   * and legitimate auth will fail.  If interactive auth (ask user for
-   * password) is allowed, then potentially it has to be quite long.
-   * Ultimately it needs to come from the configuration file.
-   */     
-  context->auth_timeout = 3000; /* 3 seconds */
-
-  context->max_incomplete_connections = 32;
-  context->max_connections_per_user = 128;
-
-  /* Note that max_completed_connections / max_connections_per_user
-   * is the number of users that would have to work together to
-   * DOS all the other users.
-   */
-  context->max_completed_connections = 1024;
   
   context->user_database = _dbus_user_database_new ();
   if (context->user_database == NULL)
@@ -829,31 +798,31 @@ int
 bus_context_get_activation_timeout (BusContext *context)
 {
   
-  return context->activation_timeout;
+  return context->limits.activation_timeout;
 }
 
 int
 bus_context_get_auth_timeout (BusContext *context)
 {
-  return context->auth_timeout;
+  return context->limits.auth_timeout;
 }
 
 int
 bus_context_get_max_completed_connections (BusContext *context)
 {
-  return context->max_completed_connections;
+  return context->limits.max_completed_connections;
 }
 
 int
 bus_context_get_max_incomplete_connections (BusContext *context)
 {
-  return context->max_incomplete_connections;
+  return context->limits.max_incomplete_connections;
 }
 
 int
 bus_context_get_max_connections_per_user (BusContext *context)
 {
-  return context->max_connections_per_user;
+  return context->limits.max_connections_per_user;
 }
 
 dbus_bool_t
@@ -919,7 +888,7 @@ bus_context_check_security_policy (BusContext     *context,
   /* See if limits on size have been exceeded */
   if (recipient &&
       dbus_connection_get_outgoing_size (recipient) >
-      context->max_outgoing_bytes)
+      context->limits.max_outgoing_bytes)
     {
       const char *dest = dbus_message_get_destination (message);
       dbus_set_error (error, DBUS_ERROR_LIMITS_EXCEEDED,
author	Havoc Pennington <hp@redhat.com>	2003-04-24 22:30:38 +0000
committer	Havoc Pennington <hp@redhat.com>	2003-04-24 22:30:38 +0000
commit	3185d7edde8ffc7672aa7d771966b0f1e0158aea (patch)
tree	03f33d4ca7737d26badd04f2fd6ee95db0ffdba7 /bus/bus.c
parent	1820f3bd0a5a4b0ab14dbcc80ba1b68d2c48e01d (diff)