diff options
-rw-r--r-- | ChangeLog | 26 | ||||
-rw-r--r-- | dbus/dbus-keyring.c | 5 | ||||
-rw-r--r-- | dbus/dbus-message.c | 92 | ||||
-rw-r--r-- | dbus/dbus-message.h | 8 | ||||
-rw-r--r-- | dbus/dbus-sysdeps.c | 36 | ||||
-rw-r--r-- | dbus/dbus-sysdeps.h | 2 | ||||
-rw-r--r-- | doc/TODO | 8 |
7 files changed, 167 insertions, 10 deletions
@@ -1,5 +1,31 @@ 2005-06-15 John (J5) Palmieri <johnp@redhat.com> + * dbus/dbus-message.c: + (dbus_message_has_path): New method + (dbus_message_has_interface): New method + (dbus_message_has_member): New method + + * dbus/dbus/dbus-sysdeps.c (_dbus_check_dir_is_private_to_user): + New method + + * dbus/dbus-keyring.c (_dbus_keyring_reload): Check to see that + the keyring directory is private to the user + + * doc/TODO: + - The convenience functions in dbus-bus.h should perhaps have + the signatures that they would have if they were autogenerated + stubs. e.g. the acquire service function. We should also evaluate + which of these functions to include, in light of the fact that + GLib/Qt native stubs will probably also exist.: Punted + + - add dbus_message_has_path(), maybe has_member/interface: + fixed in this patch + + - in dbus-keyring.c, enforce that the keyring dir is not + world readable/writable: Fixed in this patch + +2005-06-15 John (J5) Palmieri <johnp@redhat.com> + * dbus/dbus-marshal-validate.h: Added a new validation error code DBUS_VALIDITY_UNKNOWN_OOM_ERROR = -4 for out of memory errors when validating signitures diff --git a/dbus/dbus-keyring.c b/dbus/dbus-keyring.c index 8fbfd685..11f4826c 100644 --- a/dbus/dbus-keyring.c +++ b/dbus/dbus-keyring.c @@ -415,6 +415,9 @@ _dbus_keyring_reload (DBusKeyring *keyring, _DBUS_ASSERT_ERROR_IS_CLEAR (error); + if (!_dbus_check_dir_is_private_to_user (&keyring->directory, error)) + return FALSE; + if (!_dbus_string_init (&contents)) { dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); @@ -427,7 +430,7 @@ _dbus_keyring_reload (DBusKeyring *keyring, _dbus_string_free (&contents); return FALSE; } - + keys = NULL; n_keys = 0; retval = FALSE; diff --git a/dbus/dbus-message.c b/dbus/dbus-message.c index cdfdf5f3..983eea93 100644 --- a/dbus/dbus-message.c +++ b/dbus/dbus-message.c @@ -2431,6 +2431,36 @@ dbus_message_get_path (DBusMessage *message) } /** + * Checks if the message has a path + * + * @param message the message + * @returns #TRUE if there is a path field in the header + */ +dbus_bool_t +dbus_message_has_path (DBusMessage *message, + const char *path) +{ + const char *msg_path; + msg_path = dbus_message_get_path (message); + + if (msg_path == NULL) + { + if (path == NULL) + return TRUE; + else + return FALSE; + } + + if (path == NULL) + return FALSE; + + if (strcmp (msg_path, path) == 0) + return TRUE; + + return FALSE; +} + +/** * Gets the object path this message is being sent to * (for DBUS_MESSAGE_TYPE_METHOD_CALL) or being emitted * from (for DBUS_MESSAGE_TYPE_SIGNAL) in a decomposed @@ -2521,6 +2551,37 @@ dbus_message_get_interface (DBusMessage *message) } /** + * Checks if the message has an interface + * + * @param message the message + * @returns #TRUE if there is a interface field in the header + */ +dbus_bool_t +dbus_message_has_interface (DBusMessage *message, + const char *interface) +{ + const char *msg_interface; + msg_interface = dbus_message_get_interface (message); + + if (msg_interface == NULL) + { + if (interface == NULL) + return TRUE; + else + return FALSE; + } + + if (interface == NULL) + return FALSE; + + if (strcmp (msg_interface, interface) == 0) + return TRUE; + + return FALSE; + +} + +/** * Sets the interface member being invoked * (DBUS_MESSAGE_TYPE_METHOD_CALL) or emitted * (DBUS_MESSAGE_TYPE_SIGNAL). @@ -2570,6 +2631,37 @@ dbus_message_get_member (DBusMessage *message) } /** + * Checks if the message has an interface member + * + * @param message the message + * @returns #TRUE if there is a member field in the header + */ +dbus_bool_t +dbus_message_has_member (DBusMessage *message, + const char *member) +{ + const char *msg_member; + msg_member = dbus_message_get_member (message); + + if (msg_member == NULL) + { + if (member == NULL) + return TRUE; + else + return FALSE; + } + + if (member == NULL) + return FALSE; + + if (strcmp (msg_member, member) == 0) + return TRUE; + + return FALSE; + +} + +/** * Sets the name of the error (DBUS_MESSAGE_TYPE_ERROR). * The name is fully-qualified (namespaced). * diff --git a/dbus/dbus-message.h b/dbus/dbus-message.h index 6124e253..f0e80a67 100644 --- a/dbus/dbus-message.h +++ b/dbus/dbus-message.h @@ -85,12 +85,18 @@ int dbus_message_get_type (DBusMessage *message); dbus_bool_t dbus_message_set_path (DBusMessage *message, const char *object_path); const char* dbus_message_get_path (DBusMessage *message); +dbus_bool_t dbus_message_has_path (DBusMessage *message, + const char *object_path); dbus_bool_t dbus_message_set_interface (DBusMessage *message, - const char *interface); + const char *interface); const char* dbus_message_get_interface (DBusMessage *message); +dbus_bool_t dbus_message_has_interface (DBusMessage *message, + const char *interface); dbus_bool_t dbus_message_set_member (DBusMessage *message, const char *member); const char* dbus_message_get_member (DBusMessage *message); +dbus_bool_t dbus_message_has_member (DBusMessage *message, + const char *member); dbus_bool_t dbus_message_set_error_name (DBusMessage *message, const char *name); const char* dbus_message_get_error_name (DBusMessage *message); diff --git a/dbus/dbus-sysdeps.c b/dbus/dbus-sysdeps.c index 96d51bed..fe747b8d 100644 --- a/dbus/dbus-sysdeps.c +++ b/dbus/dbus-sysdeps.c @@ -1131,6 +1131,42 @@ _dbus_string_parse_int (const DBusString *str, return TRUE; } +/** +* Checks to make sure the given directory is +* private to the user +* +* @param error error return +* @returns #FALSE on failure +**/ +dbus_bool_t +_dbus_check_dir_is_private_to_user (DBusString *dir, DBusError *error) +{ + const char *directory; + struct stat sb; + + _DBUS_ASSERT_ERROR_IS_CLEAR (error); + + directory = _dbus_string_get_const_data (dir); + + if (stat (directory, &sb) < 0) + { + dbus_set_error (error, _dbus_error_from_errno (errno), + "%s", _dbus_strerror (errno)); + + return FALSE; + } + + if ((S_IROTH & sb.st_mode) || (S_IWOTH & sb.st_mode) || + (S_IRGRP & sb.st_mode) || (S_IWGRP & sb.st_mode)) + { + dbus_set_error (error, DBUS_ERROR_FAILED, + "%s directory is not private to the user", directory); + return FALSE; + } + + return TRUE; +} + #ifdef DBUS_BUILD_TESTS /* Not currently used, so only built when tests are enabled */ /** diff --git a/dbus/dbus-sysdeps.h b/dbus/dbus-sysdeps.h index 6727630a..da80c052 100644 --- a/dbus/dbus-sysdeps.h +++ b/dbus/dbus-sysdeps.h @@ -255,6 +255,8 @@ dbus_bool_t _dbus_directory_get_next_file (DBusDirIter *iter, DBusError *error); void _dbus_directory_close (DBusDirIter *iter); +dbus_bool_t _dbus_check_dir_is_private_to_user (DBusString *dir, + DBusError *error); void _dbus_generate_random_bytes_buffer (char *buffer, int n_bytes); @@ -5,12 +5,6 @@ Important for 1.0 - Audit @todo and FIXME for security issues - - The convenience functions in dbus-bus.h should perhaps have - the signatures that they would have if they were autogenerated - stubs. e.g. the acquire service function. We should also evaluate - which of these functions to include, in light of the fact that - GLib/Qt native stubs will probably also exist. - - the "break loader" and valid/invalid message tests are all disabled; they need to be fixed and re-enabled with the new message args stuff. I think I want to drop the .message files thing and just have code @@ -48,8 +42,6 @@ Important for 1.0 GLib Bindings Might as Well for 1.0 === - - add dbus_message_has_path(), maybe has_member/interface - - protocol version in each message is pretty silly Can Be Post 1.0 |