4 files changed, 50 insertions, 91 deletions

diff --git a/ChangeLog b/ChangeLog
index 1eb1d45a..59f1e968 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,15 @@
 2003-04-05  Havoc Pennington  <hp@pobox.com>
 
+	* bus/bus.c (setup_server): fix this so dbus-daemon-1 doesn't 
+	crash on startup. Need to get "try starting the daemon" 
+	in the test suite I guess. ;-)
+
+	* dbus/dbus-server.h, dbus/dbus-server.c: remove the stuff that
+	tracked the number of open connections; it's better done in 
+	application-specific code as you want it to span all servers etc.
+
+2003-04-05  Havoc Pennington  <hp@pobox.com>
+
 	* bus/Makefile.am (install-data-hook): add missing DESTDIR, 
 	patch from Colin Walters
 
diff --git a/bus/bus.c b/bus/bus.c
index 5ae77d62..6c5a3f28 100644
--- a/bus/bus.c
+++ b/bus/bus.c
@@ -43,11 +43,15 @@ struct BusContext
   BusConnections *connections;
   BusActivation *activation;
   BusRegistry *registry;
-  DBusList *default_rules;      /**< Default policy rules */
-  DBusList *mandatory_rules;    /**< Mandatory policy rules */
-  DBusHashTable *rules_by_uid;  /**< per-UID policy rules */
-  DBusHashTable *rules_by_gid;  /**< per-GID policy rules */
-  int activation_timeout;       /**< How long to wait for an activation to time out */
+  DBusList *default_rules;       /**< Default policy rules */
+  DBusList *mandatory_rules;     /**< Mandatory policy rules */
+  DBusHashTable *rules_by_uid;   /**< per-UID policy rules */
+  DBusHashTable *rules_by_gid;   /**< per-GID policy rules */
+  int activation_timeout;        /**< How long to wait for an activation to time out */
+  int auth_timeout;              /**< How long to wait for an authentication to time out */
+  int max_completed_connections;    /**< Max number of authorized connections */
+  int max_incomplete_connections;   /**< Max number of incomplete connections */
+  int max_connections_per_user;     /**< Max number of connections auth'd as same user */
 };
 
 static int server_data_slot = -1;
@@ -242,6 +246,18 @@ setup_server (BusContext *context,
               DBusError  *error)
 {
   BusServerData *bd;
+
+  bd = dbus_new0 (BusServerData, 1);
+  if (!dbus_server_set_data (server,
+                             server_data_slot,
+                             bd, free_server_data))
+    {
+      dbus_free (bd);
+      BUS_SET_OOM (error);
+      return FALSE;
+    }
+
+  bd->context = context;
   
   if (!dbus_server_set_auth_mechanisms (server, (const char**) auth_mechanisms))
     {
@@ -274,17 +290,6 @@ setup_server (BusContext *context,
       return FALSE;
     }
   
-  bd = dbus_new0 (BusServerData, 1);
-  if (!dbus_server_set_data (server,
-                             server_data_slot,
-                             bd, free_server_data))
-    {
-      dbus_free (bd);
-      return FALSE;
-    }
-
-  bd->context = context;
-  
   return TRUE;
 }
 
@@ -335,10 +340,26 @@ bus_context_new (const DBusString *config_file,
   context->refcount = 1;
 
 #ifdef DBUS_BUILD_TESTS
-  context->activation_timeout = 6000;   /* 6/10 second */ /* FIXME */
+  context->activation_timeout = 6000;  /* 6 seconds */
 #else
-  context->activation_timeout = 10000; /* 10 seconds */
+  context->activation_timeout = 15000; /* 15 seconds */
 #endif
+
+  /* Making this long risks making a DOS attack easier, but too short
+   * and legitimate auth will fail.  If interactive auth (ask user for
+   * password) is allowed, then potentially it has to be quite long.
+   * Ultimately it needs to come from the configuration file.
+   */     
+  context->auth_timeout = 3000; /* 3 seconds */
+
+  context->max_incomplete_connections = 32;
+  context->max_connections_per_user = 128;
+
+  /* Note that max_completed_connections / max_connections_per_user
+   * is the number of users that would have to work together to
+   * DOS all the other users.
+   */
+  context->max_completed_connections = 1024;
   
   context->loop = bus_loop_new ();
   if (context->loop == NULL)
diff --git a/dbus/dbus-server.c b/dbus/dbus-server.c
index be74ead0..566e9178 100644
--- a/dbus/dbus-server.c
+++ b/dbus/dbus-server.c
@@ -86,9 +86,7 @@ _dbus_server_init_base (DBusServer             *server,
   
   server->connection_counter = _dbus_counter_new ();
   if (server->connection_counter == NULL)
-    goto failed;  
-
-  server->max_connections = 256; /* same as an X server, seems like a nice default */
+    goto failed;
 
   _dbus_data_slot_list_init (&server->slot_list);
 
@@ -632,71 +630,6 @@ dbus_server_set_auth_mechanisms (DBusServer  *server,
   return TRUE;
 }
 
-/**
- * Sets the maximum number of connections that can be open at one
- * time for this server. If the maximum is reached, and another
- * client tries to connect, then the oldest unauthenticated client
- * will be dropped. If no unauthenticated client exists, then
- * the new connection will be refused.
- *
- * If the maximum is set to a number lower than the current
- * number of connections, no current connections are
- * disconnected.
- *
- * @todo honoring max_connections has not been implemented
- * yet. The only real work involved is keeping a list
- * of live connections on the DBusServer so the oldest
- * unauthenticated client can be located when required.
- * 
- * @todo for a systemwide daemon, we need a max number of connections
- * per user, since any user can authenticate a bunch of connections
- * and create a DOS.
- *
- * @todo a single process might listen on multiple mechanisms
- * (multiple DBusServer) and might want the max connections
- * value to span all those servers. Should consider
- * changing the API accordingly, though I'm inclined to
- * punt this to the app that wants to do it instead of
- * putting it in the library.
- * 
- * @param server the server
- * @param max_connections maximum number of connections allowed
- */
-void
-dbus_server_set_max_connections (DBusServer *server,
-                                 int         max_connections)
-{
-  server->max_connections = max_connections;
-}
-
-/**
- * Gets the maximum number of connections that can be active
- * at a time for this server.
- *
- * @param server the server
- * @returns maximum number of connections at once
- */
-int
-dbus_server_get_max_connections (DBusServer *server)
-{
-  return server->max_connections;
-}
-
-/**
- * Gets the number of #DBusConnection to this server that
- * have not yet been finalized. i.e. all #DBusConnection that
- * were passed to #DBusNewConnectionFunction and have not yet been
- * finalized will count in this total.
- *
- * @param server the server
- * @returns the number of connections
- */
-int
-dbus_server_get_n_connections (DBusServer *server)
-{
-  return _dbus_counter_get_value (server->connection_counter);
-}
-
 
 static DBusDataSlotAllocator slot_allocator;
 _DBUS_DEFINE_GLOBAL_LOCK (server_slots);
diff --git a/dbus/dbus-server.h b/dbus/dbus-server.h
index 152c7f97..7c10f5c2 100644
--- a/dbus/dbus-server.h
+++ b/dbus/dbus-server.h
@@ -65,11 +65,6 @@ dbus_bool_t dbus_server_set_timeout_functions       (DBusServer                *
 dbus_bool_t dbus_server_handle_watch                (DBusServer                *server,
                                                      DBusWatch                 *watch,
                                                      unsigned int               condition);
-void        dbus_server_set_max_connections         (DBusServer                *server,
-                                                     int                        max_connections);
-int         dbus_server_get_max_connections         (DBusServer                *server);
-int         dbus_server_get_n_connections           (DBusServer                *server);
-
 dbus_bool_t dbus_server_set_auth_mechanisms         (DBusServer                *server,
                                                      const char               **mechanisms);