From 07e3f76f8e65af8d9de063c62af38c5b7495bc76 Mon Sep 17 00:00:00 2001 From: Havoc Pennington Date: Sat, 5 Apr 2003 23:50:47 +0000 Subject: 2003-04-05 Havoc Pennington * bus/bus.c (setup_server): fix this so dbus-daemon-1 doesn't crash on startup. Need to get "try starting the daemon" in the test suite I guess. ;-) * dbus/dbus-server.h, dbus/dbus-server.c: remove the stuff that tracked the number of open connections; it's better done in application-specific code as you want it to span all servers etc. --- ChangeLog | 10 ++++++++ bus/bus.c | 57 ++++++++++++++++++++++++++++++-------------- dbus/dbus-server.c | 69 +----------------------------------------------------- dbus/dbus-server.h | 5 ---- 4 files changed, 50 insertions(+), 91 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1eb1d45a..59f1e968 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2003-04-05 Havoc Pennington + + * bus/bus.c (setup_server): fix this so dbus-daemon-1 doesn't + crash on startup. Need to get "try starting the daemon" + in the test suite I guess. ;-) + + * dbus/dbus-server.h, dbus/dbus-server.c: remove the stuff that + tracked the number of open connections; it's better done in + application-specific code as you want it to span all servers etc. + 2003-04-05 Havoc Pennington * bus/Makefile.am (install-data-hook): add missing DESTDIR, diff --git a/bus/bus.c b/bus/bus.c index 5ae77d62..6c5a3f28 100644 --- a/bus/bus.c +++ b/bus/bus.c @@ -43,11 +43,15 @@ struct BusContext BusConnections *connections; BusActivation *activation; BusRegistry *registry; - DBusList *default_rules; /**< Default policy rules */ - DBusList *mandatory_rules; /**< Mandatory policy rules */ - DBusHashTable *rules_by_uid; /**< per-UID policy rules */ - DBusHashTable *rules_by_gid; /**< per-GID policy rules */ - int activation_timeout; /**< How long to wait for an activation to time out */ + DBusList *default_rules; /**< Default policy rules */ + DBusList *mandatory_rules; /**< Mandatory policy rules */ + DBusHashTable *rules_by_uid; /**< per-UID policy rules */ + DBusHashTable *rules_by_gid; /**< per-GID policy rules */ + int activation_timeout; /**< How long to wait for an activation to time out */ + int auth_timeout; /**< How long to wait for an authentication to time out */ + int max_completed_connections; /**< Max number of authorized connections */ + int max_incomplete_connections; /**< Max number of incomplete connections */ + int max_connections_per_user; /**< Max number of connections auth'd as same user */ }; static int server_data_slot = -1; @@ -242,6 +246,18 @@ setup_server (BusContext *context, DBusError *error) { BusServerData *bd; + + bd = dbus_new0 (BusServerData, 1); + if (!dbus_server_set_data (server, + server_data_slot, + bd, free_server_data)) + { + dbus_free (bd); + BUS_SET_OOM (error); + return FALSE; + } + + bd->context = context; if (!dbus_server_set_auth_mechanisms (server, (const char**) auth_mechanisms)) { @@ -274,17 +290,6 @@ setup_server (BusContext *context, return FALSE; } - bd = dbus_new0 (BusServerData, 1); - if (!dbus_server_set_data (server, - server_data_slot, - bd, free_server_data)) - { - dbus_free (bd); - return FALSE; - } - - bd->context = context; - return TRUE; } @@ -335,10 +340,26 @@ bus_context_new (const DBusString *config_file, context->refcount = 1; #ifdef DBUS_BUILD_TESTS - context->activation_timeout = 6000; /* 6/10 second */ /* FIXME */ + context->activation_timeout = 6000; /* 6 seconds */ #else - context->activation_timeout = 10000; /* 10 seconds */ + context->activation_timeout = 15000; /* 15 seconds */ #endif + + /* Making this long risks making a DOS attack easier, but too short + * and legitimate auth will fail. If interactive auth (ask user for + * password) is allowed, then potentially it has to be quite long. + * Ultimately it needs to come from the configuration file. + */ + context->auth_timeout = 3000; /* 3 seconds */ + + context->max_incomplete_connections = 32; + context->max_connections_per_user = 128; + + /* Note that max_completed_connections / max_connections_per_user + * is the number of users that would have to work together to + * DOS all the other users. + */ + context->max_completed_connections = 1024; context->loop = bus_loop_new (); if (context->loop == NULL) diff --git a/dbus/dbus-server.c b/dbus/dbus-server.c index be74ead0..566e9178 100644 --- a/dbus/dbus-server.c +++ b/dbus/dbus-server.c @@ -86,9 +86,7 @@ _dbus_server_init_base (DBusServer *server, server->connection_counter = _dbus_counter_new (); if (server->connection_counter == NULL) - goto failed; - - server->max_connections = 256; /* same as an X server, seems like a nice default */ + goto failed; _dbus_data_slot_list_init (&server->slot_list); @@ -632,71 +630,6 @@ dbus_server_set_auth_mechanisms (DBusServer *server, return TRUE; } -/** - * Sets the maximum number of connections that can be open at one - * time for this server. If the maximum is reached, and another - * client tries to connect, then the oldest unauthenticated client - * will be dropped. If no unauthenticated client exists, then - * the new connection will be refused. - * - * If the maximum is set to a number lower than the current - * number of connections, no current connections are - * disconnected. - * - * @todo honoring max_connections has not been implemented - * yet. The only real work involved is keeping a list - * of live connections on the DBusServer so the oldest - * unauthenticated client can be located when required. - * - * @todo for a systemwide daemon, we need a max number of connections - * per user, since any user can authenticate a bunch of connections - * and create a DOS. - * - * @todo a single process might listen on multiple mechanisms - * (multiple DBusServer) and might want the max connections - * value to span all those servers. Should consider - * changing the API accordingly, though I'm inclined to - * punt this to the app that wants to do it instead of - * putting it in the library. - * - * @param server the server - * @param max_connections maximum number of connections allowed - */ -void -dbus_server_set_max_connections (DBusServer *server, - int max_connections) -{ - server->max_connections = max_connections; -} - -/** - * Gets the maximum number of connections that can be active - * at a time for this server. - * - * @param server the server - * @returns maximum number of connections at once - */ -int -dbus_server_get_max_connections (DBusServer *server) -{ - return server->max_connections; -} - -/** - * Gets the number of #DBusConnection to this server that - * have not yet been finalized. i.e. all #DBusConnection that - * were passed to #DBusNewConnectionFunction and have not yet been - * finalized will count in this total. - * - * @param server the server - * @returns the number of connections - */ -int -dbus_server_get_n_connections (DBusServer *server) -{ - return _dbus_counter_get_value (server->connection_counter); -} - static DBusDataSlotAllocator slot_allocator; _DBUS_DEFINE_GLOBAL_LOCK (server_slots); diff --git a/dbus/dbus-server.h b/dbus/dbus-server.h index 152c7f97..7c10f5c2 100644 --- a/dbus/dbus-server.h +++ b/dbus/dbus-server.h @@ -65,11 +65,6 @@ dbus_bool_t dbus_server_set_timeout_functions (DBusServer * dbus_bool_t dbus_server_handle_watch (DBusServer *server, DBusWatch *watch, unsigned int condition); -void dbus_server_set_max_connections (DBusServer *server, - int max_connections); -int dbus_server_get_max_connections (DBusServer *server); -int dbus_server_get_n_connections (DBusServer *server); - dbus_bool_t dbus_server_set_auth_mechanisms (DBusServer *server, const char **mechanisms); -- cgit