This is one of four commits needed to address CVE-2014-3637.
When a file descriptor is passed to dbus-daemon, the associated D-Bus message
might not be fully sent to dbus-daemon yet. Dbus-daemon keeps the file
descriptor in the DBusMessageLoader of the connection, waiting for the rest of
the message. If the client stops sending the remaining bytes, dbus-daemon will
wait forever and keep that file descriptor.
This patch adds pending_fd_timeout (milliseconds) in the configuration to
disconnect a connection after a timeout when a file descriptor was sent but not
the remaining message.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80559
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
tcp/nonce-tcp transport has a "bind" key, which can be specified a
hostname and will override hostname specified in "host" key.
"bind" has a special value "*" which means ip address 0.0.0.0 and will
cause dbus-daemon listen on all interfaces.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=72301
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
The --with-dbus-session-bus-connect-address configure option and the
DBUS_SESSION_BUS_CONNECT_ADDRESS CMake variable expect a connectable
address, while the --with-dbus-session-bus-listen-address option and
the DBUS_SESSION_BUS_LISTEN_ADDRESS variable expect a listenable address.
DBUS_SYSTEM_BUS_DEFAULT_ADDRESS currently has to be an address that
is simultaneously listenable and connectable.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61303
Reviewed-by: Chengwei Yang <chengwei.yang@intel.com>
[fixed name of DBUS_SESSION_BUS_CONNECT_ADDRESS as per review -smcv]
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
This is an important security measure. Without it, the system bus
would not deliver its intended security properties. The actual
implementation has always behaved like this, I think.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=68597
Reviewed-by: Chengwei Yang <chengwei.yang@intel.com>
Previously, if we have interfaces:
interface com.example.foo:
method Ambiguous()
interface com.example.bar:
method Ambiguous()
method Unambiguous()
implementations were required to deliver a message with no INTERFACE
and METHOD=Unambiguous to "bar". A message with no INTERFACE and
METHOD=Ambiguous could either be delivered to "foo", delivered to "bar"
or treated as an error.
Relax this to allow an error for the unambiguous case, too, and
strongly recommend specifying the interface (which is best-practice).
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=68597
Reviewed-by: Chengwei Yang <chengwei.yang@intel.com>
Vaguely-acked-by: Thiago Macieira, David Zeuthen
[and desrt objected that it didn't go far enough]
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Update three configurable elements for dbus-daemon manual, <syslog>,
<pidfile> and <allow_anonymous>, all of them are undocumented so far.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69125
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
In current dbus-daemon(1) implement, system .serivce must named after
its owned name, but this is not the case for session .service.
For session service, the result of multiple .service files own the
same well known name is undefined since readdir(3) doesn't return
dirent in a defined sequence.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=66608
[added some </para><para> -smcv]
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
According to Wikipedia
http://en.wikipedia.org/wiki/Latency_%28engineering%29#Packet-switched_networks
latency means "the time from the source sending a packet to the destination
receiving it". Therefore, latency is unrelated to whether the operation is
asynchronous or synchronous. And also unrelated to whether it's one-way or
round-trip. Latency exists for asynchronous and one-way transfer, because for
current DBus implementations we need at least one context switch to transfer
each message from the sender process to the receiver process. Emphasizing
D-Bus is low-latency could encourage user to abuse/misuse the system.
Mail disscusion:
http://lists.freedesktop.org/archives/dbus/2013-May/015665.html
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65141
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
In dbus-daemon implementation, the servicedir are searched in order in
which they appear in the config file.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=66994
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
On Windows, the dbus-daemon is not able to fork (daemonize). If someone
explicitly requests forking, it should fail, but if someone
explicitly requests *not* forking, there seems no harm in allowing it.
A few of the regression tests specifically require a dbus-daemon that
will not fork, so allowing this option on Windows means those tests
don't need an extra OS condition.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=68852
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
There are a lot of examples in DBus Spec, and some of them just use the
namespace org.freedesktop, and so as object namespace org/freedesktop.
However, this is quite confusing.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=66481
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
DBUS_SESSION_BUS_PID is not mandatory to set, but we should unset it
if present, since it points to a different session's bus. Likewise for
DBUS_SESSION_BUS_WINDOWID.
Similarly, if DBUS_STARTER_BUS_TYPE and DBUS_STARTER_ADDRESS
are set (as they would be under GNOME Terminal 3.8, see
<https://bugs.freedesktop.org/show_bug.cgi?id=63119>) then they
are likely to point to a different session's bus.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39196
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Colin Walters <walters@verbum.org>
In order to authorize/reject a connection in a polite way, instead of
cutting it off after authentication succeed and Hello() is
sent, because authorization failed, we need to factor out some
authorization bits from DBusTransport and pass them to DBusAuth.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39720
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
There are two errors in the sample service file.
First, a typo, Names should be Name.
Second, can not specify multiple names.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=66481
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
These are only part of the DBus interface because dbus-daemon didn't
previously support multiple interfaces. I don't know enough about
either of these security frameworks to know what they return, but
perhaps one day someone who knows about Solaris or SELinux will tell
us...
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=54445
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
The initial set of credentials is just UnixUserID and ProcessID.
The rest can follow when someone is sufficiently interested to actually
test them.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=54445
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
[rename a function that Ralf found unclear -smcv]
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
I doubt this line was copied by mistake from section "Summary of types".
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=66115
As demanded by the git commit hook set up by autogen.sh, this eliminates
trailing whitespace on each line, and blank lines at EOF. We might as
well do this now, since every line in these files has changed anyway.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=59805
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
This no longer serves any purpose, and might mislead contributors
into thinking that this XML is not the source for the man pages.
(The man(7)-formatted man pages used to be the canonical source for
the XML, but now it's the other way round.)
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=59805
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
