From 008bca5a4e3600d56ac7c1fe984789110b83e1b2 Mon Sep 17 00:00:00 2001 From: Joe Marcus Clarke Date: Thu, 4 Sep 2008 22:13:30 -0400 Subject: Bug 17061: Handle error return from sysconf correctly * dbus/dbus-sysdeps-unix.c: * dbus/dbus-sysdeps-util-unix.c: Cast return from sysconf temporarily so we actually see -1. Signed-off-by: Colin Walters --- dbus/dbus-sysdeps-util-unix.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'dbus/dbus-sysdeps-util-unix.c') diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c index 55eb9346..0343a90c 100644 --- a/dbus/dbus-sysdeps-util-unix.c +++ b/dbus/dbus-sysdeps-util-unix.c @@ -836,7 +836,11 @@ fill_group_info (DBusGroupInfo *info, /* retrieve maximum needed size for buf */ buflen = sysconf (_SC_GETGR_R_SIZE_MAX); - if (buflen <= 0) + /* sysconf actually returns a long, but everything else expects size_t, + * so just recast here. + * https://bugs.freedesktop.org/show_bug.cgi?id=17061 + */ + if ((long) buflen <= 0) buflen = 1024; result = -1; -- cgit From 69ed32cbccbec9d613447cb64e9d7b1ffa11ce3c Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 10 Dec 2008 14:17:02 -0500 Subject: Add syslog of security denials and configuration file reloads We need to start logging denials so that they become more easily trackable and debuggable. --- dbus/dbus-sysdeps-util-unix.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'dbus/dbus-sysdeps-util-unix.c') diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c index 0343a90c..3f2a2330 100644 --- a/dbus/dbus-sysdeps-util-unix.c +++ b/dbus/dbus-sysdeps-util-unix.c @@ -451,6 +451,38 @@ _dbus_change_to_daemon_user (const char *user, return FALSE; } +void +_dbus_init_system_log (void) +{ + openlog ("dbus", LOG_PID, LOG_DAEMON); +} + +/** + * Log an informative message. Intended for use primarily by + * the system bus. + * + * @param msg a printf-style format string + * @param args arguments for the format string + */ +void +_dbus_log_info (const char *msg, va_list args) +{ + vsyslog (LOG_DAEMON|LOG_NOTICE, msg, args); +} + +/** + * Log a security-related message. Intended for use primarily by + * the system bus. + * + * @param msg a printf-style format string + * @param args arguments for the format string + */ +void +_dbus_log_security (const char *msg, va_list args) +{ + vsyslog (LOG_AUTH|LOG_NOTICE, msg, args); +} + /** Installs a UNIX signal handler * * @param sig the signal to handle -- cgit From 9a1657e8e1c0106bb5f1411fe9ea3c4ef6ec826f Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 17 Dec 2008 16:01:28 -0500 Subject: Add uid, pid, and command to security logs Extend the current security logs with even more relevant information than just the message content. This requires some utility code to look up and cache (as a string) the data such as the uid/pid/command when a connection is authenticated. --- dbus/dbus-sysdeps-util-unix.c | 96 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) (limited to 'dbus/dbus-sysdeps-util-unix.c') diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c index 3f2a2330..6ca662b2 100644 --- a/dbus/dbus-sysdeps-util-unix.c +++ b/dbus/dbus-sysdeps-util-unix.c @@ -1132,3 +1132,99 @@ _dbus_string_get_dirname (const DBusString *filename, } /** @} */ /* DBusString stuff */ +static void +string_squash_nonprintable (DBusString *str) +{ + char *buf; + int i, len; + + buf = _dbus_string_get_data (str); + len = _dbus_string_get_length (str); + + for (i = 0; i < len; i++) + if (buf[i] == '\0') + buf[i] = ' '; + else if (buf[i] < 0x20 || buf[i] > 127) + buf[i] = '?'; +} + +/** + * Get a printable string describing the command used to execute + * the process with pid. This string should only be used for + * informative purposes such as logging; it may not be trusted. + * + * The command is guaranteed to be printable ASCII and no longer + * than max_len. + * + * @param pid Process id + * @param str Append command to this string + * @param max_len Maximum length of returned command + * @param error return location for errors + * @returns #FALSE on error + */ +dbus_bool_t +_dbus_command_for_pid (unsigned long pid, + DBusString *str, + int max_len, + DBusError *error) +{ + /* This is all Linux-specific for now */ + DBusString path; + DBusString cmdline; + int fd; + + if (!_dbus_string_init (&path)) + { + _DBUS_SET_OOM (error); + return FALSE; + } + + if (!_dbus_string_init (&cmdline)) + { + _DBUS_SET_OOM (error); + _dbus_string_free (&path); + return FALSE; + } + + if (!_dbus_string_append_printf (&path, "/proc/%ld/cmdline", pid)) + goto oom; + + fd = open (_dbus_string_get_const_data (&path), O_RDONLY); + if (fd < 0) + { + dbus_set_error (error, + _dbus_error_from_errno (errno), + "Failed to open \"%s\": %s", + _dbus_string_get_const_data (&path), + _dbus_strerror (errno)); + goto fail; + } + + if (!_dbus_read (fd, &cmdline, max_len)) + { + dbus_set_error (error, + _dbus_error_from_errno (errno), + "Failed to read from \"%s\": %s", + _dbus_string_get_const_data (&path), + _dbus_strerror (errno)); + goto fail; + } + + if (!_dbus_close (fd, error)) + goto fail; + + string_squash_nonprintable (&cmdline); + + if (!_dbus_string_copy (&cmdline, 0, str, _dbus_string_get_length (str))) + goto oom; + + _dbus_string_free (&cmdline); + _dbus_string_free (&path); + return TRUE; +oom: + _DBUS_SET_OOM (error); +fail: + _dbus_string_free (&cmdline); + _dbus_string_free (&path); + return FALSE; +} \ No newline at end of file -- cgit From 4e4f0de8cc8c3127641013fd833349dab34b676b Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 19 Dec 2008 18:54:59 -0500 Subject: Various compiler warning fixes --- dbus/dbus-sysdeps-util-unix.c | 1 + 1 file changed, 1 insertion(+) (limited to 'dbus/dbus-sysdeps-util-unix.c') diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c index 6ca662b2..be7bc968 100644 --- a/dbus/dbus-sysdeps-util-unix.c +++ b/dbus/dbus-sysdeps-util-unix.c @@ -43,6 +43,7 @@ #include #include #include +#include #ifdef HAVE_LIBAUDIT #include #include -- cgit From 6663d1dd35f94717209cd6fca86045bca853ef79 Mon Sep 17 00:00:00 2001 From: Matt McCutchen Date: Mon, 10 Nov 2008 08:55:27 -0500 Subject: Bug 18446: Keep umask for session bus Signed-off-by: Colin Walters --- dbus/dbus-sysdeps-util-unix.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'dbus/dbus-sysdeps-util-unix.c') diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c index be7bc968..03928044 100644 --- a/dbus/dbus-sysdeps-util-unix.c +++ b/dbus/dbus-sysdeps-util-unix.c @@ -70,12 +70,14 @@ * @param pidfile #NULL, or pidfile to create * @param print_pid_pipe pipe to print daemon's pid to, or -1 for none * @param error return location for errors + * @param keep_umask #TRUE to keep the original umask * @returns #FALSE on failure */ dbus_bool_t _dbus_become_daemon (const DBusString *pidfile, DBusPipe *print_pid_pipe, - DBusError *error) + DBusError *error, + dbus_bool_t keep_umask) { const char *s; pid_t child_pid; @@ -122,9 +124,12 @@ _dbus_become_daemon (const DBusString *pidfile, _dbus_verbose ("keeping stderr open due to DBUS_DEBUG_OUTPUT\n"); } - /* Get a predictable umask */ - _dbus_verbose ("setting umask\n"); - umask (022); + if (!keep_umask) + { + /* Get a predictable umask */ + _dbus_verbose ("setting umask\n"); + umask (022); + } _dbus_verbose ("calling setsid()\n"); if (setsid () == -1) -- cgit