1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
- Service and message names should be more carefully restricted;
they should have a max length, may not be an empty string,
and perhaps should not be allowed to be a glob such as "*" since
the config file could conveniently use such notation.
Suggest requiring length > 0, length < max,
name contains at least one ".", no initial ".", and valid UTF-8.
That would prohibit plain "*" but not "foo.bar.baz.operator*"
For maximum convenience from all programming languages, we could go
further and just categorically ban nearly all non-alphanumeric
characters.
- Message matching rules (so broadcasts can be filtered) need sorting
out.
- How we will handle DCOP needs sorting out. Among other things, we
need to check that service and service-ownership semantics map to DCOP
reasonably well.
- Activation needs some careful additional thinking-through.
- Property list feature on message bus (list of properties associated
with a connection). May also include message matching rules
that involve the properties of the source or destination
connection.
- Implement all the needed resource limits to keep clients from
killing the message bus.
- Automatic service activation, should probably be done through a message flag.
- Disconnecting the remote end on invalid UTF-8 is probably not a good
idea. The definitiion of "valid" is slightly fuzzy. I think it might
be better to just silently "fix" the UTF-8, or perhaps return an error.
Owen says we should only validate the UTF-8 on dbus_message_get_string()
(changing get_string to have an error return, and allowing a type error
as a possible return)
- We might consider returning a "no such operation" error in dbus-connection.c
for unhandled messages.
- The convenience functions in dbus-bus.h should perhaps have
the signatures that they would have if they were autogenerated
stubs. e.g. the acquire service function. We should also evaluate
which of these functions to include, in light of the fact that
GLib/Qt native stubs will probably also exist.
- The message handler interface needs rethinking, perhaps handlers should be able
to return an error that automatically gets turned into a message; most likely
some basic spec'ing out of the GLib/Qt level stubs/skels stuff will be
needed to understand the right approach.
- there are various bits of code to manage ref/unref of data slots, that should
be merged into a generic facility
- add _dbus_return_if_fail, _dbus_return_val_if_fail() and use on public entry
points in place of _dbus_assert(). Add --disable-checks to control whether these
do anything.
- assorted _-prefixed symbols in libdbus aren't actually used by
libdbus, only by the message bus. These bloat up the library
size. Not sure how to fix, really.
- dbus_error_has_name(), dbus_message_name_is()
- add DBUS_TYPE_INT64 ?
- if you send a message to a service then block for reply, and the service exits/crashes
after the message bus has processed your message but before the service has replied,
it would be nice if the message bus sent you an error reply.
- We have a limit on the number of messages a connection can send, but
not on how many can be buffered for a given connection.
- other apps can send you a fake DBUS_MESSAGE_LOCAL_DISCONNECT; need to
check for that and disallow it.
|