| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
| |
The requested_reply field is necessary in send denials too because
it's used in the policy language. The connection loginfo lack in
"would deny" was just an oversight.
|
| |
|
|
|
|
|
|
| |
Extend the current security logs with even more relevant
information than just the message content. This requires
some utility code to look up and cache (as a string)
the data such as the uid/pid/command when a connection is
authenticated.
|
| |
|
|
| |
We are creating a new stream off of the 1.2.4 release.
|
| |
|
|
| |
This branch is intended to keep the old default-permissive.
|
| |\ |
|
| | |
| |
| |
| |
| | |
The former was too reliant on old bugs and was generally unclear.
This one makes explicit exactly what is allowed and not.
|
| | |
| |
| |
| |
| | |
This lets us have a backwards compatibility allow rule but still easily
see when that rule is being used.
|
| | |
| |
| |
| | |
It's part of the security check, we should have it in the log.
|
| |/
|
|
|
| |
We need to start logging denials so that they become more easily trackable
and debuggable.
|
| | |
|
| | |
|
| |
|
|
|
| |
We need to fix all of the bare send_interface rules; see:
https://bugs.freedesktop.org/show_bug.cgi?id=18961
|
| |
|
|
| |
We need some sort of general advice here.
|
| |
|
|
|
|
|
| |
Our previous fix went too far towards lockdown; many things rely
on signals to work, and there's no really good reason to restrict
which signals can be emitted on the bus because we can't tie
them to a particular sender.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
The previous rule <allow send_requested_reply="true"/> was actually
applied to all messages, even if they weren't a reply. This meant
that in fact the default DBus policy was effectively allow, rather
than deny as claimed.
This fix ensures that the above rule only applies to actual reply
messages.
Signed-off-by: Colin Walters <walters@verbum.org>
|
| |
|
|
|
|
| |
The tmp-session-like-system.conf bus configuration has a security
policy intended to mirror that of the system bus. This allows
testing policy rules.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* dbus/dbus-marshal-recursive.c: A stray comma
between two string literals caused incorrect
output and a compiler warning.
Signed-off-by: Colin Walters <walters@verbum.org>
|
| |
|
|
|
|
|
| |
* dbus/dbus-credentials.h: Add a prototype for
_dbus_credentials_add_adt_audit_data()
Signed-off-by: Colin Walters <walters@verbum.org>
|
| |
|
|
|
|
| |
* dbus/dbus-marshal-validate.c: Ensure we validate
a basic type before calling is_basic on it.
* dbus-marshal-validate-util.c: Test.
|
| |
|
|
|
|
|
|
|
| |
* dbus/dbus-sysdeps-unix.c:
* dbus/dbus-sysdeps-util-unix.c: Cast return
from sysconf temporarily so we actually see
-1.
Signed-off-by: Colin Walters <walters@verbum.org>
|
| |
|
|
| |
Signed-off-by: Colin Walters <walters@verbum.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Dbus is doing atomic file updates by copying them, changing
the copy, and re-naming them. However, it does not synchronize
the file before re-naming, which results in corruption in
case of unclean reboots. The reason for this is that file-systems
have write-back cache and they postpone writing data to the media.
This patch adds the missed fsync() for the Unix part. I do
not have windows so cannot provide a windows port fix.
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Signed-off-by: Colin Walters <walters@verbum.org>
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Patch originally from Noèl Köthe.
Modified by Colin Walters <walters@verbum.org>
* dbus/dbus-sysdeps-unix.c, dbus/dbus-sysdeps-unix-utils.c:
Use a while() loop to reallocate buffer if we get ERANGE
return. This fixes the case where a user is in a large
number of groups.
|
| |
|
|
|
|
| |
* bus/dir-watch-inotify.c: Always drop the watch in
handle_inotify_watch; this ensures we always readd it
correctly in bus_drop_all_directory_watches.
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Commit 91306ef938873fce8f2ae2d4a6b3282d0379c65a introduced
two memory leaks on OOM error paths. In one case the
environment string array wasn't getting freed, and in the
other case it was getting freed with dbus_free instead of
dbus_free_string_array.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
There have been a number of patches in the past try to key system
versus session bus policy off of the message bus type, when the
policy should be distinguished from more fine-grained options in the
individulal policy files. Hopefully, this man page update will make
that more clear.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
It adjusts the environment of activated bus clients.
This is important for session managers that get started
after the session bus daemon and want to influence the
environment of desktop services that are started by the
bus.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
We now keep the environment in a hash table member of the
activation object and provide a method
bus_activation_set_environment_variable to modify the
hash table. This hash table is seeded initially with the
environment of the bus daemon itself.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Previously, we'd always call execv() and unconditionally use
the environment of the parent. Now we call execve() with the
passed in environment. For compatibility, we detect if
the passed in environment is NULL and for that case, use the
environment from the parent instead.
|
| | |
| |
| |
| |
| | |
It allows you to turn a string like KEY=VALUE
into two strings key and value.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
It's a wrapper around the environ external variable.
It will be important in the future when we allow
bus clients to modify the environment of future
activated clients. Presently, we just always use the
bus daemon environment wholesale.
|
| |/
|
|
|
|
| |
* test/name-test/test-privserver.c (filter_session_message, main),
* test/name-test/test-privserver-client.c (open_shutdown_private_connection):
Replace TestServer with PrivServer to match the service definition files.
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* dbus/dbus-connection.c (_dbus_connection_read_write_dispatch):
The double negation re no_progress_possible was obviously too
confusing: the path for dispatch = FALSE would return an inverted
status. So make it progress_possible and fix the logic.
Signed-off-by: Thiago Macieira <thiago@kde.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* bus/driver.c: Add GetAdtAuditSessionData method
which returns audit data for a connection.
* configure.in: Detect ADT auditing support
* dbus/dbus-auth.c: Read ADT auditing creds.
* dbus/dbus-connection.c: Implement
dbus_connection_get_adt_audit_session_data.
* dbus/dbus-connection.h: Export it.
* dbus/dbus-credentials.c: Add support for
gathering adt_audit_data and retrieving it
via _dbus_credentials_get_adt_audit_data.
* dbus/dbus-credentials.h: Add
DBUS_CREDENTIAL_ADT_AUDIT_DATA_ID.
* dbus/dbus-protocol.h: New error
DBUS_ERROR_ADT_AUDIT_DATA_UNKNOWN.
* dbus/dbus-sysdeps.c: Support for reading
audit credentials via ADT API.
* dbus/dbus-transport.c: New function
_dbus_transport_get_adt_audit_session_data
to retrieve credentials.
* dbus/dbus-transport.h: Export it.
|
| | |
| |
| |
| | |
* HACKING: Describe test/name-test.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* dbus/dbus-connection.c (_dbus_connection_read_write_dispatch):
Reference the D-Bus connection during the function call since we
call other functions that may free the last reference and we
still expect to be able to check the connection after they return
to decide our own return value.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* dbus/dbus-connection.c (connection_forget_shared_unlocked):
Remove shared connections which lack a GUID from the list that
caches those, otherwise references to them will remain after
they have been freed.
* test/name-test/test-privserver-client.c: Update test to
try GUID-less connections too.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* dbus/dbus-bus.c (addresses_shutdown_func): Reset initialized back
to FALSE after cleaning up the address list so that it will be
reinitialized again if D-Bus is used after dbus_shutdown()
* test/name-test/test-privserver-client.c: Uncomment part of
test which should now pass.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* test/data/valid-service-files/org.freedesktop.DBus.TestSuite.PrivServer.service.in:
New service file for PrivServer.
* configure.in: Generate it.
* test/name-test/Makefile.am: Build test-privserver and
test-privserver-client.
* test/name-test/test-privserver.c: Use DBusServer to
serve a private connection.
* test/name-test/test-privserver-client.c: Connect
via session bus and get address of private server,
exercise dbus_shutdown().
* test/name-test/run-test.sh: Run it.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* test/Makefile.am: New convenience library
libdbus_testutils_la. Reorder build so that
test/ gets built before test/name-test so
name-test files can depend on it.
* test/name-test/test-shutdown.c: New file,
exercises dbus_shutdown () a bit.
* test/name-test/run-test.sh Run test-shutdown.
* test/test-utils.h: In some cases we already have
DBUS_COMPILATION defined, avoid double definition
warning.
|
