2003-04-05 Havoc Pennington <hp@pobox.com>

* bus/bus.c (setup_server): fix this so dbus-daemon-1 doesn't crash on startup. Need to get "try starting the daemon" in the test suite I guess. ;-) * dbus/dbus-server.h, dbus/dbus-server.c: remove the stuff that tracked the number of open connections; it's better done in application-specific code as you want it to span all servers etc.
2026-01-03 10:20:17 +01:00 · 2003-04-05 23:50:47 +00:00 · 2003-04-05 23:50:47 +00:00 · 07e3f76f8e
commit 07e3f76f8e
parent 5ecb2a781f
4 changed files with 50 additions and 91 deletions
--- a/10
+++ b/10
@ -1,3 +1,13 @@
+2003-04-05  Havoc Pennington  <hp@pobox.com>
+
+	* bus/bus.c (setup_server): fix this so dbus-daemon-1 doesn't 
+	crash on startup. Need to get "try starting the daemon" 
+	in the test suite I guess. ;-)
+
+	* dbus/dbus-server.h, dbus/dbus-server.c: remove the stuff that
+	tracked the number of open connections; it's better done in 
+	application-specific code as you want it to span all servers etc.
+
 2003-04-05  Havoc Pennington  <hp@pobox.com>

 	* bus/Makefile.am (install-data-hook): add missing DESTDIR, 
--- a/bus/bus.c
+++ b/bus/bus.c
@ -43,11 +43,15 @@ struct BusContext
  BusConnections *connections;
  BusActivation *activation;
  BusRegistry *registry;
-  DBusList *default_rules;      /**< Default policy rules */
-  DBusList *mandatory_rules;    /**< Mandatory policy rules */
-  DBusHashTable *rules_by_uid;  /**< per-UID policy rules */
-  DBusHashTable *rules_by_gid;  /**< per-GID policy rules */
-  int activation_timeout;       /**< How long to wait for an activation to time out */
+  DBusList *default_rules;       /**< Default policy rules */
+  DBusList *mandatory_rules;     /**< Mandatory policy rules */
+  DBusHashTable *rules_by_uid;   /**< per-UID policy rules */
+  DBusHashTable *rules_by_gid;   /**< per-GID policy rules */
+  int activation_timeout;        /**< How long to wait for an activation to time out */
+  int auth_timeout;              /**< How long to wait for an authentication to time out */
+  int max_completed_connections;    /**< Max number of authorized connections */
+  int max_incomplete_connections;   /**< Max number of incomplete connections */
+  int max_connections_per_user;     /**< Max number of connections auth'd as same user */
 };

 static int server_data_slot = -1;
@ -242,6 +246,18 @@ setup_server (BusContext *context,
              DBusError  *error)
 {
  BusServerData *bd;
+
+  bd = dbus_new0 (BusServerData, 1);
+  if (!dbus_server_set_data (server,
+                             server_data_slot,
+                             bd, free_server_data))
+    {
+      dbus_free (bd);
+      BUS_SET_OOM (error);
+      return FALSE;
+    }
+
+  bd->context = context;
  
  if (!dbus_server_set_auth_mechanisms (server, (const char**) auth_mechanisms))
    {
@ -274,17 +290,6 @@ setup_server (BusContext *context,
      return FALSE;
    }
  
-  bd = dbus_new0 (BusServerData, 1);
-  if (!dbus_server_set_data (server,
-                             server_data_slot,
-                             bd, free_server_data))
-    {
-      dbus_free (bd);
-      return FALSE;
-    }
-
-  bd->context = context;
-  
  return TRUE;
 }

@ -335,10 +340,26 @@ bus_context_new (const DBusString *config_file,
  context->refcount = 1;

 #ifdef DBUS_BUILD_TESTS
-  context->activation_timeout = 6000;   /* 6/10 second */ /* FIXME */
+  context->activation_timeout = 6000;  /* 6 seconds */
 #else
-  context->activation_timeout = 10000; /* 10 seconds */
+  context->activation_timeout = 15000; /* 15 seconds */
 #endif
+
+  /* Making this long risks making a DOS attack easier, but too short
+   * and legitimate auth will fail.  If interactive auth (ask user for
+   * password) is allowed, then potentially it has to be quite long.
+   * Ultimately it needs to come from the configuration file.
+   */     
+  context->auth_timeout = 3000; /* 3 seconds */
+
+  context->max_incomplete_connections = 32;
+  context->max_connections_per_user = 128;
+
+  /* Note that max_completed_connections / max_connections_per_user
+   * is the number of users that would have to work together to
+   * DOS all the other users.
+   */
+  context->max_completed_connections = 1024;
  
  context->loop = bus_loop_new ();
  if (context->loop == NULL)
--- a/dbus/dbus-server.c
+++ b/dbus/dbus-server.c
@ -86,9 +86,7 @@ _dbus_server_init_base (DBusServer             *server,
  
  server->connection_counter = _dbus_counter_new ();
  if (server->connection_counter == NULL)
-    goto failed;  
-
-  server->max_connections = 256; /* same as an X server, seems like a nice default */
+    goto failed;

  _dbus_data_slot_list_init (&server->slot_list);

@ -632,71 +630,6 @@ dbus_server_set_auth_mechanisms (DBusServer  *server,
  return TRUE;
 }

-/**
- * Sets the maximum number of connections that can be open at one
- * time for this server. If the maximum is reached, and another
- * client tries to connect, then the oldest unauthenticated client
- * will be dropped. If no unauthenticated client exists, then
- * the new connection will be refused.
- *
- * If the maximum is set to a number lower than the current
- * number of connections, no current connections are
- * disconnected.
- *
- * @todo honoring max_connections has not been implemented
- * yet. The only real work involved is keeping a list
- * of live connections on the DBusServer so the oldest
- * unauthenticated client can be located when required.
- * 
- * @todo for a systemwide daemon, we need a max number of connections
- * per user, since any user can authenticate a bunch of connections
- * and create a DOS.
- *
- * @todo a single process might listen on multiple mechanisms
- * (multiple DBusServer) and might want the max connections
- * value to span all those servers. Should consider
- * changing the API accordingly, though I'm inclined to
- * punt this to the app that wants to do it instead of
- * putting it in the library.
- * 
- * @param server the server
- * @param max_connections maximum number of connections allowed
- */
-void
-dbus_server_set_max_connections (DBusServer *server,
-                                 int         max_connections)
-{
-  server->max_connections = max_connections;
-}
-
-/**
- * Gets the maximum number of connections that can be active
- * at a time for this server.
- *
- * @param server the server
- * @returns maximum number of connections at once
- */
-int
-dbus_server_get_max_connections (DBusServer *server)
-{
-  return server->max_connections;
-}
-
-/**
- * Gets the number of #DBusConnection to this server that
- * have not yet been finalized. i.e. all #DBusConnection that
- * were passed to #DBusNewConnectionFunction and have not yet been
- * finalized will count in this total.
- *
- * @param server the server
- * @returns the number of connections
- */
-int
-dbus_server_get_n_connections (DBusServer *server)
-{
-  return _dbus_counter_get_value (server->connection_counter);
-}
-

 static DBusDataSlotAllocator slot_allocator;
 _DBUS_DEFINE_GLOBAL_LOCK (server_slots);
--- a/dbus/dbus-server.h
+++ b/dbus/dbus-server.h
@ -65,11 +65,6 @@ dbus_bool_t dbus_server_set_timeout_functions       (DBusServer                *
 dbus_bool_t dbus_server_handle_watch                (DBusServer                *server,
                                                     DBusWatch                 *watch,
                                                     unsigned int               condition);
-void        dbus_server_set_max_connections         (DBusServer                *server,
-                                                     int                        max_connections);
-int         dbus_server_get_max_connections         (DBusServer                *server);
-int         dbus_server_get_n_connections           (DBusServer                *server);
-
 dbus_bool_t dbus_server_set_auth_mechanisms         (DBusServer                *server,
                                                     const char               **mechanisms);