| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
* bus/bus.c: Initialize AVC earlier:
http://lists.freedesktop.org/archives/dbus/2008-October/010493.html
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
|
|
| |
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
|
|
|
|
| |
The requested_reply field is necessary in send denials too because
it's used in the policy language. The connection loginfo lack in
"would deny" was just an oversight.
|
|
|
|
|
|
|
|
| |
Extend the current security logs with even more relevant
information than just the message content. This requires
some utility code to look up and cache (as a string)
the data such as the uid/pid/command when a connection is
authenticated.
|
|
|
|
|
| |
This lets us have a backwards compatibility allow rule but still easily
see when that rule is being used.
|
|
|
|
| |
It's part of the security check, we should have it in the log.
|
|
|
|
|
| |
We need to start logging denials so that they become more easily trackable
and debuggable.
|
|
|
|
|
|
|
|
| |
2008-01-15 John (J5) Palmieri <johnp@redhat.com>
* patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
* bus/bus.c (setup_server): check failed allocation (FDO Bug #12920)
|
|
|
|
|
|
|
|
| |
2008-01-15 John (J5) Palmieri <johnp@redhat.com>
* bus/bus.c (bus_context_check_security_policy): rewrite selinux error
handling to not abort due to a NULL read and to set the error only if
it is not already set (Based off of FDO Bug #12430)
|
|
|
|
|
|
|
|
|
|
|
|
| |
namespace it
2007-10-23 Havoc Pennington <hp@redhat.com>
* bus/bus.c (bus_context_new): use the new name here
* bus/selinux.c (bus_selinux_audit_init): rename from audit_init()
to avoid possible libc conflict, and declare it in .h file to
avoid a warning
|
|
|
|
|
|
| |
2007-10-19 Havoc Pennington <hp@redhat.com>
* bus/bus.c (bus_context_new): put audit_init() in HAVE_SELINUX
|
|
|
|
|
|
|
|
|
|
|
|
| |
2007-10-19 Havoc Pennington <hp@redhat.com>
* bus/bus.c (bus_context_new): put the audit_init() in here
instead, which I believe ends up being the same as where it was
before, though I'm not sure I understand why it goes here.
* dbus/dbus-sysdeps-util-unix.c (_dbus_change_to_daemon_user):
remove audit_init() from here, this file can't depend on code in
bus/ directory
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/dbus-launch-x11.c (set_address_in_x11): fix from Michael
Lorenz to use long not int with XChangeProperty format 32
* dbus/dbus-sysdeps-util-unix.c
(_dbus_write_pid_to_file_and_pipe): factor this out, and use the
same code in _dbus_become_daemon (where the parent writes the pid
file and to the pid pipe) and in bus_context_new (where the daemon
writes its own pid file and to its own pid pipe)
* bus/bus.c (bus_context_new): close the pid pipe after we print
to it. Also, don't write the pid to the pipe twice when we fork,
someone reported this bug a long time ago.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.in: add AM_PROG_CC_C_O to allow per-target CPPFLAGS
* bus/dispatch.c (bus_dispatch_test_conf): Fix up setting
TEST_LAUNCH_HELPER_CONFIG to include the full path, and enable
test shell_fail_service_auto_start when use_launcher==TRUE
* bus/activation-helper-bin.c (convert_error_to_exit_code): pass
through the INVALID_ARGS error so the test suite works
* bus/activation.c (handle_activation_exit_error): return
DBUS_ERROR_NO_MEMORY if we get BUS_SPAWN_EXIT_CODE_NO_MEMORY
* dbus/dbus-spawn.c (_dbus_babysitter_get_child_exit_status):
return only the exit code of the child, not the entire thingy from
waitpid(), and make the return value indicate whether the child
exited normally (with a status code)
* bus/bus.c (process_config_first_time_only): _dbus_strdup works
on NULL so no need to check
(process_config_every_time): move servicehelper init here, so we
reload it on HUP or config file change
* bus/Makefile.am (install-data-hook): remove comment because
Emacs make mode seems to be grumpy about it
|
|
|
|
|
|
|
|
| |
* bus/bus.c: (process_config_first_time_only),
(process_config_every_time), (bus_context_unref),
(bus_context_get_servicehelper):
* bus/bus.h:
Add the concept of a service-helper and allow it's value to be read.
|
|
|
|
| |
* Add indent-tabs-mode: nil to all file headers.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* doc/dbus-specification.xml: document org.freedesktop.DBus.GetId()
* bus/driver.c (bus_driver_handle_get_id): implement org.freedesktop.DBus.GetId()
* bus/bus.c (bus_context_new): generate a unique ID for each bus context
* dbus/dbus-connection.c (dbus_connection_get_server_id): new function
* dbus/dbus-bus.c (dbus_bus_get_id): new function
* dbus/dbus-server.c (dbus_server_get_id): new function
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac, bus/selinux.c, dbus/dbus-sysdeps-unix-util.c: add
libaudit support, no clue what this means really but now we have
it. Patches from Fedora package.
* bus/bus.c (bus_context_new): move selinux initialization after
changing to daemon user, patch from Fedora package
* dbus/dbus-transport.c (auth_via_unix_user_function): fix a typo
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/policy.c (bus_policy_create_client_policy): gracefully
continue if the connection has no unix user - just don't apply
any unix user dependent rules.
* bus/config-parser.c: remove dbus-userdb.h usage
* bus/bus.c: remove dbus-userdb.h usage
* dbus/dbus-transport.c (_dbus_transport_get_is_authenticated):
support Windows user function; also, fix the logic for checking
auth as root in the default auth code (broken in the previous
commit)
* dbus/dbus-connection.c
(dbus_connection_set_windows_user_function): new function
(dbus_connection_get_windows_user): new function
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/dispatch.c (check_get_connection_unix_process_id): adapt
since sysdeps-unix.h stuff isn't included anymore
* bus/bus.c (bus_context_new): use more abstract functions to
change user, so they can be no-ops on Windows
* dbus/dbus-credentials.c, dbus/dbus-credentials.h,
dbus/dbus-credentials-util.c: new files containing a fully opaque
DBusCredentials data type to replace the old not opaque one.
* configure.in (DBUS_UNIX): define DBUS_UNIX to match DBUS_WIN on
windows
* dbus/dbus-userdb.h: prohibit on Windows, next step is to clean
up the uses of it in bus/*.c and factor out the parts of
cookie auth that depend on it
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/dbus-launch.c (do_close_stderr): fix C89 problem and
formatting problem
* Mostly fix the DBusPipe mess.
- put line break after function return types
- put space before parens
- do not pass structs around by value
- don't use dbus_strerror after calling supposedly cross-platform
api
- don't name pipe variables "fd"
- abstract special fd numbers like -1 and 1
|
|
|
|
| |
dbus/dbus-sysdeps-util-unix.c, dbus/dbus-sysdeps-util-win.c, bus/dbus-sysdeps-win.c,dbus/dbus-sysdeps.h: renamed _dbus_xxx_pipe to _dbus_pipe_xxx, completed _dbus_pipe support.
|
|
|
|
| |
related write() function calls to _dbus_write_pipe().
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/bus.c (process_config_every_time):
don't overwrite existing bus context activation object
until after we've checked that the new activation is
valid.
* bus/main.c
(signal_handler), (handle_reload_watch):
don't call exit() on failure, instead make do and keep
going.
(close_reload_pipe): new function to turn off
hangup-causes-config-reload behavior if an unexpected
error occurs
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* dbus/dbus-sysdeps-unix.h: small change to Peter's patch to make
dbus-sysdeps-unix-util.c build, add unix-specific sysdeps header.
* dbus/dbus-sysdeps.h, dbus-sysdeps-unix.c: patch from Peter
Kümmel bug #8249 to make the sysdeps.h read/write/open/close
functions specifically for sockets only, and move generic
read/write/open/close into unix-specific code.
|
|
|
|
|
|
|
|
| |
* dbus/dbus-threads.c (dbus_threads_init): change the documentation
to reflect the init late change
* bus/bus.c (bus_context_new): Check user before we fork so we can
print out an error message a user will be able to see
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
with cleanups of bugs found from Coverity reports:
* dbus/dbus-sysdeps-util.c (_dbus_write_pid_file):
close the file on error to avoid a leak
* bus/expirelist.c (bus_expire_list_test):
Check for NULL on dbus_new0
* bus/activation.c (update_directory):
remove dead code
* bus/config-parser.c (merge_service_context_hash, start_selinux_child):
Fix some leaks
* bus/bus.c (process_config_every_time):
Fixed a leak
* bus/desktop-file.c (parse_key_value):
Fixed leak
* bus/selinux.c (bus_selinux_id_table_insert):
Fixed leak
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
config reload.
* bus/dbus-daemon.1.in: Also note that SIGHUP flushes the user/group
information caches
* dbus/dbus-hash.c: (_dbus_hash_table_remove_all):
* dbus/dbus-hash.h: Add function to remove all entries from a hash table
* dbus/dbus-userdb.c: (_dbus_user_database_flush):
* dbus/dbus-userdb.h: Add function to flush all user/group information
caches.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Patch from Timo Hoenig <thoenig@suse.de>.
* bus/bus.c: I've recently investigated why the automatic reload
of configuration files does not work as expected.
Currently, reloading configuration files does only work when
running dbus-daemon with --nodaemon. If we are running as daemon
we're hitting a dnotify bug once we fork the process.
We're initializing the dnotify fds before calling fork(). Once
the child process forked it does still have the fds (and they
still show up in /proc/`pidof dbus-daemon`/fd/) but we're not
getting SIGIO as changes are made to the configuration files.
The attached patch moves the initialization of the dnotify fds to
process_config_postinit(). This is safe for all current code
paths and solves the dnotify disfunction. If we're running
dbus-daemon as daemon the fds for dnotify are now being
initialized after fork() for the child process.
* configure.in: The current configure.in check for dnotify probes
'x$target_os' for being 'xlinux-gnu'. I've changed the check to
match for 'xlinux', too. Additionally I have adapted the configure
option's style to match with the others.
|
|
|
|
|
| |
* bus/bus.c (bus_context_new): Set parser to NULL
after we unref it (Patch from Chris Boscolo, #2174).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/bus.c (process_config_every_time): Drop existing conf-dir
watches (if applicable) and add new watches
* bus/main.c (signal_handler): Handle SIGIO if using D_NOTIFY
(main): Setup SIGIO signal handler if using D_NOTIFY
* bus/config-parser.h: Add prototype bus_config_parser_get_conf_dirs
* bus/config-parser.c (struct BusConfigParser): Add conf_dirs list
(merge_included): Also merge conf_dirs list
(bus_config_parser_unref): Clear conf_dirs list
(include_dir): Add directory to conf_dirs list
(bus_config_parser_get_conf_dirs): New function
* bus/dir-watch.[ch]: New files
* bus/Makefile.am (BUS_SOURCES): Add dir-watch.[ch]
* configure.in: Add checks for D_NOTIFY on Linux
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(dbus_connection_disconnect): renamed to dbus_connection_close
for API symmetry with dbus_connection_open
(_dbus_connection_open_internal):
s/dbus_connection_disconnect/dbus_connection_close
* dbus/dbus-bus.c (dbus_bus_get):
s/dbus_connection_disconnect/dbus_connection_close
* bus/connection.c (bus_connections_unref,
bus_connections_setup_connection, bus_connections_expire_incomplete):
s/dbus_connection_disconnect/dbus_connection_close
* bus/dispatch.c (bus_dispatch, kill_client_connection,
kill_client_connection_unchecked, check_hello_connection):
s/dbus_connection_disconnect/dbus_connection_close
* bus/bus.c (new_connection_callback):
s/dbus_connection_disconnect/dbus_connection_close
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/selinux.c: Add c-file-style to top of file
(log_audit_callback): Don't free the data here anymore
(bus_selinux_check): Don't take spid and tpid since appending
that to auxdata may OOM.
(bus_selinux_allows_acquire_service): Handle OOM and signal back
to the caller if we are OOM by taking an error object.
(bus_selinux_allows_send): -do-
* bus/selinux.h: Fix prototypes for bus_selinux_allows_acquire_service
and bus_selinux_allows_send
* bus/bus.c (bus_context_check_security_policy): Pass error and
pass on OOM thrown by bus_selinux_allows_send()
* bus/services.c (bus_registry_acquire_service): Pass error and
pass on OOM thrown by bus_selinux_allows_acquire_service()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dbus/dbus-protocol.h (DBUS_SERVICE_ORG_FREEDESKTOP_DBUS):
Rename to DBUS_SERVICE_DBUS.
(DBUS_PATH_ORG_FREEDESKTOP_DBUS): Rename to DBUS_PATH_DBUS.
(DBUS_PATH_ORG_FREEDESKTOP_LOCAL): Rename to DBUS_PATH_LOCAL.
(DBUS_INTERFACE_ORG_FREEDESKTOP_DBUS): Rename to DBUS_INTERFACE_DBUS.
(DBUS_INTERFACE_ORG_FREEDESKTOP_INTROSPECTABLE): Rename to
DBUS_INTERFACE_INTROSPECTABLE.
(DBUS_INTERFACE_ORG_FREEDESKTOP_PROPERTIES): Rename to
DBUS_INTERFACE_PROPERTIES.
(DBUS_INTERFACE_ORG_FREEDESKTOP_PEER): Rename to
DBUS_INTERFACE_PEER.
(DBUS_INTERFACE_ORG_FREEDESKTOP_LOCAL):
DBUS_INTERFACE_LOCAL.
All other users of those constants have been changed.
* bus/driver.c (bus_driver_handle_introspect): Use constants.
* glib/dbus-gobject.c (handle_introspect): Use constants.
* doc/dbus-faq.xml, doc/dbus-specification.xml: Update for rename.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dbus/dbus-string.c (_dbus_string_get_length): New
function, writes DBusString to C buffer.
* dbus/dbus-string.h: Prototype it.
* dbus/dbus-message.c (dbus_message_type_to_string): New
function, converts message type into C string.
* dbus/dbus-message.h: Prototype it.
* bus/selinux.c (bus_selinux_check): Take source pid,
target pid, and audit data. Pass audit data to
avc_has_perm.
(log_audit_callback): New function, appends extra
audit information.
(bus_selinux_allows_acquire_service): Also take
service name, add it to audit data.
(bus_selinux_allows_send): Also take message
type, interface, method member, error name,
and destination, and add them to audit data.
(log_cb): Initialize func_audit.
* bus/selinux.h (bus_selinux_allows_acquire_service)
(bus_selinux_allows_send): Update prototypes
* bus/services.c (bus_registry_acquire_service): Pass
service name to bus_selinux_allows_acquire_service.
* bus/bus.c (bus_context_check_security_policy): Pass
additional audit data. Move assignment of dest
to its own line.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/bus.c (load_config): Break into three
separate functions: process_config_first_time_only,
process_config_every_time, and process_config_postinit.
(process_config_every_time): Move call of
bus_registry_set_service_context_table into
process_config_postinit.
(process_config_postinit): New function, does
any processing that needs to happen late
in initialization (and also on reload).
(bus_context_new): Instead of calling load_config,
open config parser here and call process_config_first_time_only
and process_config_every_time directly. Later, after
we have forked but before changing UID,
invoke bus_selinux_full_init, and then call
process_config_postinit.
(bus_context_reload_config): As in bus_context_new,
load parse file inside here, and call process_config_every_time
and process_config_postinit.
* bus/services.h, bus/services.c
(bus_registry_set_service_context_table): Rename
from bus_registry_set_sid_table. Take string hash from config
parser, and convert them here into SIDs.
* bus/config-parser.c (struct BusConfigParser): Have
config parser only store a mapping of service->context
string.
(merge_service_context_hash): New function.
(merge_included): Merge context string hashes instead
of using bus_selinux_id_table_union.
(bus_config_parser_new): Don't use bus_selinux_id_table_new;
simply create a new string hash.
(bus_config_parser_unref): Unref it.
(start_selinux_child): Simply insert strings into hash,
don't call bus_selinux_id_table_copy_over.
* bus/selinux.h, bus/selinux.c (bus_selinux_id_table_union)
(bus_selinux_id_table_copy_over): Delete.
|
|
|
|
|
|
|
|
|
|
| |
* dbus/dbus-sysdeps.h (_dbus_become_daemon): Also take
parameter for fd to write pid to.
* dbus/dbus-sysdeps.c (_dbus_become_daemon): Implement it.
* bus/bus.c (bus_context_new): Pass print_pid_fd
to _dbus_become_daemon (bug #1720)
|
|
|
|
|
|
|
|
|
|
|
| |
Patch from Kay Sievers <kay.sievers@vrfy.org>
* bus/bus.c (bus_context_new):
* bus/bus.h:
* bus/main.c (usage)
(main):
Add commandline option --nofork to override configuration file
setting.
|
|
|
|
|
|
|
|
|
| |
DBusError that was causing a memoy leak (bug #989).
* dbus/dbus-keyring.c, dbus/dbus-message.c: fix compilation on
Solaris/Forte C (bug #974)
* bus/main.c (main): plug two minuscule memleaks.
|
|
|
|
|
| |
* COPYING: switch to Academic Free License version 2.1 instead of
2.0, to resolve complaints about patent termination clause.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SELinux support from Matthew Rickard <mjricka@epoch.ncsc.mil>
* bus/selinux.c, bus/selinux.h: new file encapsulating selinux
functionality
* configure.in: add --enable-selinux
* bus/policy.c (bus_policy_merge): add FIXME to a comment
* bus/main.c (main): initialize and shut down selinux
* bus/connection.c: store SELinux ID on each connection, to avoid
repeated getting of the string context and converting it into
an ID
* bus/bus.c (bus_context_get_policy): new accessor, though it
isn't used
(bus_context_check_security_policy): check whether the security
context of sender connection can send to the security context of
recipient connection
* bus/config-parser.c: add parsing for <selinux> and <associate>
* dbus/dbus-transport.c (_dbus_transport_get_unix_fd): to
implement dbus_connection_get_unix_fd()
* dbus/dbus-connection.c (dbus_connection_get_unix_fd): new
function, used by the selinux stuff
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/config-parser.c (process_test_valid_subdir): temporarily
stop testing config parser OOM handling, since expat has issues
http://freedesktop.org/pipermail/dbus/2004-May/001153.html
* bus/dbus-daemon-1.1.in: change requested_reply to
send_requested_reply/receive_requested_reply so we can send the
replies, not just receive them.
* bus/config-parser.c: parse the new
send_requested_reply/receive_requested_reply
* bus/policy.c (bus_client_policy_check_can_send): add
requested_reply argument and use it
* bus/bus.c (bus_context_check_security_policy): pass through
requested_reply status to message send check
* bus/system.conf.in: adapt to requested_reply change
|
|
|
|
|
|
|
|
|
|
|
|
| |
fix incorrect setting of .name_offset in the HeaderField (it was
off by two bytes, positioned right after the name and typecode)
* bus/bus.c (bus_context_new, bus_context_unref): test before
calling dbus_server_free_data_slot and _dbus_user_database_unref
in case of an error.
* tools/Makefile.am: add $(DBUS_GLIB_TOOL_LIBS), xml libs needed
by libdbus-gtool.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/main.c (signal_handler): Reload the configuration files
on SIGHUP.
(main): Set up our SIGHUP handler.
* bus/bus.c (struct BusContext): Store the config file, user and
fork flag in the BusContext.
(process_config_first_time_only): Added. Contains the code
(previously in bus_context_new) for setting up the BusContext from
the BusConfigParser that should only be run the first time the
config files are read.
(process_config_every_time): Added. Contains the code (previously
in bus_context_new) for setting up the BusContext from the
BusConfigParser that should be run every time the config files are
read.
(load_config): Added. Builds a BusConfigParser from the config
files and passes the resulting structure off to
process_config_first_time_only (assuming this is the first time)
and process_config_every_time.
(bus_context_new): All of the config-related code has been moved
to process_config_first_time_only and process_config_every_time.
Now this function just does the non-config-related initializations
and calls load_config.
(bus_context_reload_config): Added.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/config-parser.c (bus_config_parser_new): Added a 'parent'
argument. If non-null, the newly-constructed BusConfigParser will
be initialized with the parent's BusLimits instead of the default
values.
(include_file): When including a config file, pass in
the current parser as the parent and then copy the BusLimits
from the included BusConfigParser pack to the current parser.
(process_test_valid_subdir): Renamed from process_test_subdir.
(process_test_equiv_subdir): Added. Walks through a directory,
descending into each subdirectory and loading the config files
it finds there. If any subdirectory contains two config files
that don't produce identical BusConfigParser structs, fail.
For now, the BusConfigParser's BusPolicies are not compared.
(bus_config_parser_test): Call both process_test_valid_subdir and
process_test_equiv_subdir.
* bus/config-loader-libxml.c (bus_config_load): Take a parent
argument and pass it along to the call to bus_config_parser_new.
Also made a few small changes to allow this code to compile.
* bus/config-loader-expat.c (bus_config_load): Take a parent
argument and pass it along to the call to bus_config_parser_new.
* bus/bus.c (bus_context_new): Load the config file
with a NULL parent argument.
|
|
|
|
|
| |
* Update AFL version to 2.0 throughout the source files to reflect
the update that was done a while ago.
|