summaryrefslogtreecommitdiffstats
path: root/bus
Commit message (Collapse)AuthorAgeFilesLines
* move desktop file parser from bus/ to dbus/Lennart Poettering2009-10-176-1128/+273
| | | | | | We want to make use of it for reading the ConsoleKit database which will need to be implemented in dbus/dbus-userdb-util.c, so let's move this to dbus/.
* Merge branch 'fd-passing'Thiago Macieira2009-07-1611-8/+230
|\ | | | | | | | | | | | | Conflicts: dbus/dbus-connection.c dbus/dbus-message-util.c dbus/dbus-sysdeps-unix.c
| * bus: don't forward messages with unix fds on connections that don't support itLennart Poettering2009-05-211-0/+14
| | | | | | | | | | | | This simply verifies that we forward unix fds only on connection that support it. We willr eturn an error if a client attempts to send a message with unix fds to another client that cannot do it.
| * bus: make use of new unix fd limitsLennart Poettering2009-05-205-2/+46
| | | | | | | | | | Create configuration settings and enforce message unix fd limits the same way we do for allocated message memory.
| * memset: replace memset() by _DBUS_ZERO where applicableLennart Poettering2009-05-201-1/+1
| |
| * auth: add fd passing negotiation supportLennart Poettering2009-05-201-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds two new directives to the auth protocol: NEGOTIATE_UNIX_FD is sent by the client after the authentication was sucessful, i.e. OK was received. AGREE_UNIX_FD is then sent by the server if it can do unix fd passing as well. ERROR is returned when the server cannot or is unwilling to do unix fd passing. This should be compatible with existing D-Bus implementations which will naturally return ERROR on NEGOTIATE_UNIX_FD.
| * build-system: define _GNU_SOURCE centrallyLennart Poettering2009-05-201-1/+0
| | | | | | | | | | Instead of having everyone define _GNU_SOURCE and similar macros seperately, simply do so centrally by using AC_USE_SYSTEM_EXTENSIONS
| * cloexec: set FD_CLOEXEC for all full duplex pipesLennart Poettering2009-05-201-3/+0
| | | | | | | | | | | | | | All users of full duplex pipes enable FD_CLOEXEC later anyway so let's just do it as part of _dbus_full_duplex_pipe. By side effect this allows to make use of SOCK_CLOEXEC which fixes a race when forking/execing from a different thread at the same time as we ar in this function.
| * unix-fd: add test for passing unix fdsLennart Poettering2009-05-203-1/+164
| | | | | | | | | | This adds a full test for passing multiple fds across a D-Bus connection.
* | Bug 22516 - Ensure inotify fd is set close on execMatthias Clasen2009-07-101-0/+4
| | | | | | | | | | | | This prevents it leaking into spawned child processes. Signed-off-by: Colin Walters <walters@verbum.org>
* | Bug 21161 - Update the FSF addressTobias Mueller2009-07-1047-47/+47
| | | | | | | | | | | | No comment. Signed-off-by: Colin Walters <walters@verbum.org>
* | Unrestrict session bus timeout.Scott James Remnant2009-05-281-1/+0
| | | | | | | | | | | | | | * bus/session.conf.in: Remove the reply_timeout stanza, previously intended to increase the reply timeout, this now reduces it. Signed-off-by: Scott James Remnant <scott@ubuntu.com>
* | Change default reply timeout.Scott James Remnant2009-05-281-1/+1
| | | | | | | | | | | | | | * bus/config-parser.c (bus_config_parser_new): change the default reply timeout to "never" Signed-off-by: Scott James Remnant <scott@ubuntu.com>
* | Expire list timeout may be negative for no expiry.Scott James Remnant2009-05-281-2/+2
| | | | | | | | | | | | | | | | * bus/expirelist.c (do_expiration_with_current_time): Don't check for expiry if expire_after is negative, will just disable the expiry timer after the call. Signed-off-by: Scott James Remnant <scott@ubuntu.com>
* | Explicitly check for zero time fields.Scott James Remnant2009-05-281-1/+2
|/ | | | | | | * bus/expirelist.c (do_expiration_with_current_time): If the item added time fields are both zero, always expire. Signed-off-by: Scott James Remnant <scott@ubuntu.com>
* Merge branch 'dbus-1.2'Thiago Macieira2009-04-282-23/+22
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: bus/bus.c bus/config-parser-common.c bus/config-parser-common.h bus/config-parser.c bus/connection.c bus/dbus-daemon.1.in dbus/dbus-marshal-validate-util.c dbus/dbus-marshal-validate.c dbus/dbus-sysdeps-util-unix.c test/name-test/tmp-session-like-system.conf
| * Initialize AVC earlier so we can look up service security contextsJames Carter2009-01-061-5/+5
| | | | | | | | | | | | | | * bus/bus.c: Initialize AVC earlier: http://lists.freedesktop.org/archives/dbus/2008-October/010493.html Signed-off-by: Colin Walters <walters@verbum.org>
| * [win32] Protect usage of SIGHUP with #ifdefTor Lillqvist2009-01-061-9/+14
| | | | | | | | Signed-off-by: Colin Walters <walters@verbum.org>
| * Bug 18446: Keep umask for session busMatt McCutchen2009-01-067-4/+56
| | | | | | | | Signed-off-by: Colin Walters <walters@verbum.org>
| * Avoid possible use of uninitialized variablePeter Breitenlohner2009-01-061-1/+1
| | | | | | | | Signed-off-by: Colin Walters <walters@verbum.org>
| * Various compiler warning fixesColin Walters2009-01-062-1/+2
| |
| * Add requested_reply to send denials, and connection loginfo to "would deny"Colin Walters2008-12-181-31/+38
| | | | | | | | | | | | The requested_reply field is necessary in send denials too because it's used in the policy language. The connection loginfo lack in "would deny" was just an oversight.
| * Add uid, pid, and command to security logsColin Walters2008-12-183-21/+127
| | | | | | | | | | | | | | | | Extend the current security logs with even more relevant information than just the message content. This requires some utility code to look up and cache (as a string) the data such as the uid/pid/command when a connection is authenticated.
| * Merge commit '3d6abf64d0abb2718e082e120f14f8f923a4af59' into dbus-1.2Colin Walters2008-12-161-23/+19
| |\
| | * Clean up and clarify default system policyColin Walters2008-12-121-23/+19
| | | | | | | | | | | | | | | The former was too reliant on old bugs and was generally unclear. This one makes explicit exactly what is allowed and not.
| * | Add optional logging on allow rulesColin Walters2008-12-164-16/+34
| | | | | | | | | | | | | | | This lets us have a backwards compatibility allow rule but still easily see when that rule is being used.
| * | Add message type to security syslog entriesColin Walters2008-12-121-2/+6
| | | | | | | | | | | | It's part of the security check, we should have it in the log.
| * | Add syslog of security denials and configuration file reloadsColin Walters2008-12-129-19/+133
| |/ | | | | | | | | We need to start logging denials so that they become more easily trackable and debuggable.
| * Another manpage update explicitly mentioning bare send_interfaceColin Walters2008-12-091-2/+6
| | | | | | | | | | We need to fix all of the bare send_interface rules; see: https://bugs.freedesktop.org/show_bug.cgi?id=18961
| * Add at_console docs to manpage, as well as brief <policy> forewardColin Walters2008-12-091-2/+17
| | | | | | | | We need some sort of general advice here.
| * Bug 18229: Allow signalsColin Walters2008-12-091-0/+2
| | | | | | | | | | | | | | Our previous fix went too far towards lockdown; many things rely on signals to work, and there's no really good reason to restrict which signals can be emitted on the bus because we can't tie them to a particular sender.
| * Bug 18229 - Change system.conf to correctly deny non-reply sends by defaultTomas Hoger2008-12-051-2/+12
| | | | | | | | | | | | | | | | | | | | | | The previous rule <allow send_requested_reply="true"/> was actually applied to all messages, even if they weren't a reply. This meant that in fact the default DBus policy was effectively allow, rather than deny as claimed. This fix ensures that the above rule only applies to actual reply messages. Signed-off-by: Colin Walters <walters@verbum.org>
* | libselinux behavior in permissive mode wrt invalid domainsEamon Walsh2009-04-221-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Stephen Smalley wrote: > On Tue, 2009-04-21 at 16:32 -0400, Joshua Brindle wrote: > >> Stephen Smalley wrote: >> >>> On Thu, 2009-04-16 at 20:47 -0400, Eamon Walsh wrote: >>> >>>> Stephen Smalley wrote: >>>> >> <snip> >> >> >>> No, I don't want to change the behavior upon context_to_sid calls in >>> general, as we otherwise lose all context validity checking in >>> permissive mode. >>> >>> I think I'd rather change compute_sid behavior to preclude the situation >>> from arising in the first place, possibly altering the behavior in >>> permissive mode upon an invalid context to fall back on the ssid >>> (process) or the tsid (object). But I'm not entirely convinced any >>> change is required here. >>> >>> >> I just want to follow up to make sure we are all on the same page here. Was the >> suggestion to change avc_has_perm in libselinux or context_to_sid in the kernel >> or leave the code as is and fix the callers of avc_has_perm to correctly handle >> error codes? >> >> I prefer the last approach because of Eamon's explanation, EINVAL is already >> passed in errno to specify the context was invalid (and if object managers >> aren't handling that correctly now there is a good chance they aren't handling >> the ENOMEM case either). >> > > I'd be inclined to change compute_sid (not context_to_sid) in the kernel > to prevent invalid contexts from being formed even in permissive mode > (scenario is a type transition where role is not authorized for the new > type). That was originally to allow the system to boot in permissive > mode. But an alternative would be to just stay in the caller's context > (ssid) in that situation. > > Changing the callers of avc_has_perm() to handle EINVAL and/or ENOMEM > may make sense, but that logic should not depend on enforcing vs. > permissive mode. > > FWIW, the following patch to D-Bus should help: bfo21072 - Log SELinux denials better by checking errno for the cause Note that this does not fully address the bug report since EINVAL can still be returned in permissive mode. However the log messages will now reflect the proper cause of the denial. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> Signed-off-by: Colin Walters <walters@verbum.org>
* | Bug 19502 - Sparse warning cleanupsKjartan Maraas2009-04-212-2/+2
| | | | | | | | | | | | | | This patch makes various things that should be static static, corrects some "return FALSE" where it should be NULL, etc. Signed-off-by: Colin Walters <walters@verbum.org>
* | Always append closing quote in log commandColin Walters2009-03-121-6/+5
| | | | | | | | Patch suggested by Tomas Hoger <thoger@redhat.com>
* | Avoid possible use of uninitialized variablePeter Breitenlohner2009-01-061-1/+1
| | | | | | | | Signed-off-by: Colin Walters <walters@verbum.org>
* | Various compiler warning fixesColin Walters2008-12-192-1/+2
| |
* | Clean up and clarify default system policyColin Walters2008-12-181-23/+19
| | | | | | | | | | The former was too reliant on old bugs and was generally unclear. This one makes explicit exactly what is allowed and not.
* | Add requested_reply to send denials, and connection loginfo to "would deny"Colin Walters2008-12-171-31/+38
| | | | | | | | | | | | The requested_reply field is necessary in send denials too because it's used in the policy language. The connection loginfo lack in "would deny" was just an oversight.
* | Add uid, pid, and command to security logsColin Walters2008-12-173-21/+127
| | | | | | | | | | | | | | | | Extend the current security logs with even more relevant information than just the message content. This requires some utility code to look up and cache (as a string) the data such as the uid/pid/command when a connection is authenticated.
* | Add optional logging on allow rulesColin Walters2008-12-164-16/+34
| | | | | | | | | | This lets us have a backwards compatibility allow rule but still easily see when that rule is being used.
* | Add message type to security syslog entriesColin Walters2008-12-121-2/+6
| | | | | | | | It's part of the security check, we should have it in the log.
* | Add syslog of security denials and configuration file reloadsColin Walters2008-12-129-17/+131
| | | | | | | | | | We need to start logging denials so that they become more easily trackable and debuggable.
* | Another manpage update explicitly mentioning bare send_interfaceColin Walters2008-12-091-2/+6
| | | | | | | | | | We need to fix all of the bare send_interface rules; see: https://bugs.freedesktop.org/show_bug.cgi?id=18961
* | Add at_console docs to manpage, as well as brief <policy> forewardColin Walters2008-12-091-2/+4
| | | | | | | | We need some sort of general advice here.
* | Merge branch 'manpage'Colin Walters2008-12-091-3/+13
|\ \
| * | Bug 18229: Update manpage with better adviceColin Walters2008-12-081-3/+13
| | | | | | | | | | | | See https://bugs.freedesktop.org/show_bug.cgi?id=18229
* | | Bug 18229: Allow signalsColin Walters2008-12-091-0/+2
|/ / | | | | | | | | | | | | Our previous fix went too far towards lockdown; many things rely on signals to work, and there's no really good reason to restrict which signals can be emitted on the bus because we can't tie them to a particular sender.
* | Bug 18229 - Change system.conf to correctly deny non-reply sends by defaultTomas Hoger2008-12-051-2/+12
| | | | | | | | | | | | | | | | | | | | | | The previous rule <allow send_requested_reply="true"/> was actually applied to all messages, even if they weren't a reply. This meant that in fact the default DBus policy was effectively allow, rather than deny as claimed. This fix ensures that the above rule only applies to actual reply messages. Signed-off-by: Colin Walters <walters@verbum.org>
* | Bug 15393 - support allow_anonymous config variableDennis Kaarsemaker2008-11-124-1/+37
| | | | | | | | | | | | | | | | | | * bus/bus.c: Set allow_anonymous if specified from parser. * bus/config-parser.c: Parse it. * bus/config-parser-common.h: Declare it. Signed-off-by: Colin Walters <walters@verbum.org>
generated by cgit (git 2.34.1) at 2024-04-30 06:56:30 +0000