diff options
author | Havoc Pennington <hp@redhat.com> | 2003-04-05 23:50:47 +0000 |
---|---|---|
committer | Havoc Pennington <hp@redhat.com> | 2003-04-05 23:50:47 +0000 |
commit | 07e3f76f8e65af8d9de063c62af38c5b7495bc76 (patch) | |
tree | 489fb5e64b95600266846b0ed3ab7ed74e73d544 /bus | |
parent | 5ecb2a781f287ddb3fcee4afc3ab4e07d7d17f83 (diff) |
2003-04-05 Havoc Pennington <hp@pobox.com>
* bus/bus.c (setup_server): fix this so dbus-daemon-1 doesn't
crash on startup. Need to get "try starting the daemon"
in the test suite I guess. ;-)
* dbus/dbus-server.h, dbus/dbus-server.c: remove the stuff that
tracked the number of open connections; it's better done in
application-specific code as you want it to span all servers etc.
Diffstat (limited to 'bus')
-rw-r--r-- | bus/bus.c | 57 |
1 files changed, 39 insertions, 18 deletions
@@ -43,11 +43,15 @@ struct BusContext BusConnections *connections; BusActivation *activation; BusRegistry *registry; - DBusList *default_rules; /**< Default policy rules */ - DBusList *mandatory_rules; /**< Mandatory policy rules */ - DBusHashTable *rules_by_uid; /**< per-UID policy rules */ - DBusHashTable *rules_by_gid; /**< per-GID policy rules */ - int activation_timeout; /**< How long to wait for an activation to time out */ + DBusList *default_rules; /**< Default policy rules */ + DBusList *mandatory_rules; /**< Mandatory policy rules */ + DBusHashTable *rules_by_uid; /**< per-UID policy rules */ + DBusHashTable *rules_by_gid; /**< per-GID policy rules */ + int activation_timeout; /**< How long to wait for an activation to time out */ + int auth_timeout; /**< How long to wait for an authentication to time out */ + int max_completed_connections; /**< Max number of authorized connections */ + int max_incomplete_connections; /**< Max number of incomplete connections */ + int max_connections_per_user; /**< Max number of connections auth'd as same user */ }; static int server_data_slot = -1; @@ -242,6 +246,18 @@ setup_server (BusContext *context, DBusError *error) { BusServerData *bd; + + bd = dbus_new0 (BusServerData, 1); + if (!dbus_server_set_data (server, + server_data_slot, + bd, free_server_data)) + { + dbus_free (bd); + BUS_SET_OOM (error); + return FALSE; + } + + bd->context = context; if (!dbus_server_set_auth_mechanisms (server, (const char**) auth_mechanisms)) { @@ -274,17 +290,6 @@ setup_server (BusContext *context, return FALSE; } - bd = dbus_new0 (BusServerData, 1); - if (!dbus_server_set_data (server, - server_data_slot, - bd, free_server_data)) - { - dbus_free (bd); - return FALSE; - } - - bd->context = context; - return TRUE; } @@ -335,10 +340,26 @@ bus_context_new (const DBusString *config_file, context->refcount = 1; #ifdef DBUS_BUILD_TESTS - context->activation_timeout = 6000; /* 6/10 second */ /* FIXME */ + context->activation_timeout = 6000; /* 6 seconds */ #else - context->activation_timeout = 10000; /* 10 seconds */ + context->activation_timeout = 15000; /* 15 seconds */ #endif + + /* Making this long risks making a DOS attack easier, but too short + * and legitimate auth will fail. If interactive auth (ask user for + * password) is allowed, then potentially it has to be quite long. + * Ultimately it needs to come from the configuration file. + */ + context->auth_timeout = 3000; /* 3 seconds */ + + context->max_incomplete_connections = 32; + context->max_connections_per_user = 128; + + /* Note that max_completed_connections / max_connections_per_user + * is the number of users that would have to work together to + * DOS all the other users. + */ + context->max_completed_connections = 1024; context->loop = bus_loop_new (); if (context->loop == NULL) |