When libdbus-1 moved to using monotonic time support for the
DBUS_COOKIE_SHA1 authentication was broken, in particular
interoperability with non-libdbus-1 implementations such as GDBus.
The problem is that if monotonic clocks are available in the OS,
_dbus_get_current_time() will not return the number of seconds since
the Epoch so using it for DBUS_COOKIE_SHA1 will violate the D-Bus
specification. If both peers are using libdbus-1 it's not a problem
since both ends will use the wrong time and thus agree. However, if
the other end is another implementation and following the spec it will
not work.
First, we change _dbus_get_current_time() back so it always returns
time since the Epoch and we then rename it _dbus_get_real_time() to
make this clear. We then introduce _dbus_get_monotonic_time() and
carefully make all current users of _dbus_get_current_time() use it,
if applicable. During this audit, one of the callers,
_dbus_generate_uuid(), was currently using monotonic time but it was
decided to make it use real time instead.
Signed-off-by: David Zeuthen <davidz@redhat.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=48580
This is just as useful for bindings as dbus_signature_validate, and I
think it's a good design principle to say that anything checked in a
_dbus_return_if_fail should be something the caller could check
for themselves.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=20496
Reviewed-by: Will Thompson <will.thompson@collabora.co.uk>
A Red Hat QA engineer hit in practice a race condition in dbus-uuidgen
where it could leave an empty file.
dbus-uuidgen (_dbus_create_uuid_file_exclusively) formerly created an
empty file in the path to the uuid, then filled it in. At some point,
the internal libdbus _dbus_string_save_to_file became atomic on Unix
at least (doing the save to temp file, fsync(), rename() dance).
So _dbus_create_uuid_file_exclusively doesn't need to create the file
beforehand anymore. However, it *does* need the file to be
world-readable, unlike all other consumers of
_dbus_string_save_to_file. So add a "world_readable" argument.
* Land the new message args API and type system.
This patch is huge, but the public API change is not
really large. The set of D-BUS types has changed somewhat,
and the arg "getters" are more geared toward language bindings;
they don't make a copy, etc.
There are also some known issues. See these emails for details
on this huge patch:
http://lists.freedesktop.org/archives/dbus/2004-December/001836.htmlhttp://lists.freedesktop.org/archives/dbus/2005-January/001922.html
* dbus/dbus-marshal-*: all the new stuff
* dbus/dbus-message.c: basically rewritten
* dbus/dbus-memory.c (check_guards): with "guards" enabled, init
freed blocks to be all non-nul bytes so using freed memory is less
likely to work right
* dbus/dbus-internals.c (_dbus_test_oom_handling): add
DBUS_FAIL_MALLOC=N environment variable, so you can do
DBUS_FAIL_MALLOC=0 to skip the out-of-memory checking, or
DBUS_FAIL_MALLOC=10 to make it really, really, really slow and
thorough.
* qt/message.cpp: port to the new message args API
(operator<<): use str.utf8() rather than str.unicode()
(pretty sure this is right from the Qt docs?)
* glib/dbus-gvalue.c: port to the new message args API
* bus/dispatch.c, bus/driver.c: port to the new message args API
* dbus/dbus-string.c (_dbus_string_init_const_len): initialize the
"locked" flag to TRUE and align_offset to 0; I guess we never
looked at these anyhow, but seems cleaner.
* dbus/dbus-string.h (_DBUS_STRING_ALLOCATION_PADDING):
move allocation padding macro to this header; use it to implement
(_DBUS_STRING_STATIC): ability to declare a static string.
* dbus/dbus-message.c (_dbus_message_has_type_interface_member):
change to return TRUE if the interface is not set.
* dbus/dbus-string.[hc]: move the D-BUS specific validation stuff
to dbus-marshal-validate.[hc]
* dbus/dbus-marshal-basic.c (_dbus_type_to_string): move here from
dbus-internals.c
* dbus/Makefile.am: cut over from dbus-marshal.[hc]
to dbus-marshal-*.[hc]
* dbus/dbus-object-tree.c (_dbus_decompose_path): move this
function here from dbus-marshal.c
hmm, make check is currently not passing.
* doc/dbus-specification.xml: add requirement that custom type
names follow the same rules as interface names.
* dbus/dbus-protocol.h: change some of the byte codes, to avoid
duplication and allow 'c' to be 'custom'; dict is now 'm' for
'map'
* doc/dbus-specification.xml: update type codes to match
dbus-protocol.h, using the ASCII byte values. Rename type NAMED to
CUSTOM. Add type OBJECT_PATH to the spec.
2003-10-17 Havoc Pennington <hp@redhat.com>
* bus/driver.c (create_unique_client_name): use "." as separator
in base service names instead of '-'
* dbus/dbus-string.c (_dbus_string_get_byte): allow getting nul
byte at the end of the string
* dbus/dbus-internals.h (_DBUS_LIKELY, _DBUS_UNLIKELY): add
optimization macros since string validation seems to be a slow
point.
* doc/dbus-specification.xml: restrict valid
service/interface/member/error names. Add test suite code for the
name validation.
* dbus/dbus-string.c: limit service/interface/member/error names
to [0-9][A-Z][a-z]_
* dbus/dbus-connection.c (dbus_connection_dispatch): add missing
format arg to verbose spew
* glib/dbus-gproxy.c (dbus_gproxy_call_no_reply): if not out of
memory, return instead of g_error
* test/test-service.c (path_message_func): support emitting a
signal on request
* dbus/dbus-bus.c (init_connections_unlocked): only fill in
activation bus type if DBUS_BUS_ACTIVATION was set; default to
assuming the activation bus was the session bus so that services
started manually will still register.
(init_connections_unlocked): fix so that in OOM situation we get
the same semantics when retrying the function
* test/test-service.c (main): change to use path registration, to
test those codepaths; register with DBUS_BUS_ACTIVATION rather
than DBUS_BUS_SESSION
* test/decode-gcov.c (function_solve_graph): make broken block
graph a nonfatal error since it seems to be broken. Need to debug
this.
* dbus/dbus-marshal.c (_dbus_type_is_valid): new function since we
can't just check type > INVALID < LAST anymore
* dbus/dbus-message.c (dbus_message_get_signature): new function
(dbus_message_has_signature): new function
(struct DBusMessage): add signature field (right now it isn't sent
over the wire, just generated on the fly)
(dbus_message_copy): copy the signature, and init strings to
proper length to avoid some reallocs
(dbus_message_iter_init_array_iterator): return void, since it
can't fail
(dbus_message_iter_init_dict_iterator): return void since it can't fail
(_dbus_message_loader_queue_messages): add silly temporary hack to
fill in message->signature on load
* dbus/dbus-protocol.h: change DBUS_TYPE_* values to be ASCII
characters, so they are relatively human-readable.
* doc/dbus-specification.sgml: don't require header fields
to be 4-byte aligned and specify that fields should be
distinguished from padding by the fact that zero is not
a valid field name.
* doc/TODO: remove re-alignment item and add item to doc
the OBJECT_PATH type.
* dbus/dbus-message.c:
(HeaderField): rename the original member to value_offset
and introduce a name_offset member to keep track of where
the field actually begins.
(adjust_field_offsets): remove.
(append_int_field), (append_uint_field),
(append_string_field): don't align the start of the header
field to a 4-byte boundary.
(get_next_field): impl finding the next marhsalled field
after a given field.
(re_align_field_recurse): impl re-aligning a number of
already marshalled fields.
(delete_field): impl deleting a field of any type and
re-aligning any following fields.
(delete_int_or_uint_field), (delete_string_field): remove.
(set_int_field), (set_uint_field): no need to re-check
that we have the correct type for the field.
(set_string_field): ditto and impl re-aligning any
following fields.
(decode_header_data): update to take into account that
the fields aren't 4-byte aligned any more and the new
way to distinguish padding from header fields. Also,
don't exit when there is too much header padding.
(process_test_subdir): print the directory.
(_dbus_message_test): add test to make sure a following
field is re-aligned correctly after field deletion.
* dbus/dbus-string.[ch]:
(_dbus_string_insert_bytes): rename from insert_byte and
allow the insert of multiple bytes.
(_dbus_string_test): test inserting multiple bytes.
* dbus/dbus-marshal.c: (_dbus_marshal_set_string): add
warning note to docs about having to re-align any
marshalled values following the string.
* dbus/dbus-message-builder.c:
(append_string_field), (_dbus_message_data_load):
don't align the header field.
* dbus/dbus-auth.c: (process_test_subdir): print the
directory.
* test/break-loader.c: (randomly_add_one_byte): upd. for
insert_byte change.
* test/data/invalid-messages/bad-header-field-alignment.message:
new test case.
* test/data/valid-messages/unknown-header-field.message: shove
a dict in the unknown field.
* test/data/valid-messages/opposite-endian.message: fix test
to use proper type for rply field
* test/data/invalid-messages: add tests for below validation
* dbus/dbus-message.c (decode_header_data): validate field types,
and validate that named fields are valid names
(decode_name_field): consider messages in the
org.freedesktop.Local. namespace to be invalid.
* dbus/dbus-string.c (_dbus_string_validate_name): new
* bus/config-parser.c (bus_config_parser_new): fix a memleak
* dbus/dbus-sysdeps.c: change DBusCredentials to use longs for
the pid/gid/uid, just for paranoia.
* test/break-loader.c (randomly_do_n_things): find a byte
containing a type code, and randomly change it to a different
type code.
Fix some annoying DBusString API and fix all affected code.
* dbus/dbus-string.c (_dbus_string_init): get rid of annoying
max_length argument
(_dbus_string_get_data): change to return string instead of using
an out param
(_dbus_string_get_const_data): ditto
(_dbus_string_get_data_len): ditto
(_dbus_string_get_const_data_len): ditto
* dbus/dbus-sysdeps.c (_dbus_set_fd_nonblocking): move to this
file
* dbus/dbus-errors.c (dbus_set_error, dbus_set_error_const): allow
NULL argument for "message" if the error is a well-known one,
fill in a generic message in this case.
* dbus/dbus-errors.h (DBusResultCode): Kill DBusResultCode in
favor of DBusError
* bus/test.c (bus_test_flush_bus): add
* bus/policy.c (bus_policy_test): test code stub
* test/break-loader.c (randomly_set_extreme_ints): add test that
sets really huge and small integers
* dbus/dbus-marshal.c (_dbus_marshal_validate_arg): add check
that length of boolean array fits in the string, and that
string has room for boolean value in single-bool case.
* dbus/dbus-message-builder.c (_dbus_message_data_load): add
optional value to "ALIGN" command which is what to fill the
alignment with.
* test/data/valid-messages/no-padding.message: add regression
test for the message padding problem
* dbus/Makefile.am:
* dbus/dbus-break-loader.c:
* test/Makefile.am:
* test/break-loader.c:
Move dbus-break-loader to test/ and rename it to break-loader.
