If OS builders (distributions) have chosen to use the per-user bus,
this provides two possible modes of operation for compatibility with
existing X session startup hooks.
A legacy-free system can just upload DISPLAY, XAUTHORITY and possibly
DBUS_SESSION_BUS_ADDRESS into dbus-daemon's and systemd's activation
environments, similar to
http://cgit.freedesktop.org/systemd/systemd/tree/xorg/50-systemd-user.sh
installed by systemd (but unlike systemctl,
dbus-update-activation-environment works for traditional
D-Bus-activated services, not just for systemd services).
A system where compatibility is required for environment variables
exported by snippets in /etc/X11/xinit/xinitrc.d (in Red Hat derivatives,
Gentoo, etc.) or /etc/X11/Xsession.d (Debian derivatives) can upload
the entire environment of the X session, minus some selected environment
variables which are specific to a login session (notably XDG_SESSION_ID).
In Debian, I plan to put the former in a new dbus-user-session package
that enables a user-session-centric mode of operation for D-Bus,
and the latter in the existing dbus-x11 package, with the intention that
dbus-x11 eventually becomes a tool for change-averse setups or goes
away entirely.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61301
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
This is not used by default, but can be configured by OS builders (or
regression-test environments) if desired.
If used, this listens on $XDG_RUNTIME_DIR/bus, or fails if $XDG_RUNTIME_DIR
is not set. Fallback behaviour is unnecessary, because it is already
possible to use a string of semicolon-separated addresses like
<listen>unix:runtime=yes;unix:tmpdir=/tmp</listen>, resulting in
listening on either $XDG_RUNTIME_DIR/bus or /tmp/something.
We use a non-abstract socket here, because that is desirable for
use with Linux containers: abstract sockets are attached to the
network namespace, whereas non-abstract sockets are part of the
filesystem and can be bind-mounted between domains if necessary.
The major advantage of abstract sockets is that they do not need
cleanup, but the specification of XDG_RUNTIME_DIR guarantees to
provide cleanup anyway.
Based on prior work by Simon McVittie, Colin Walters and Alexander
Larsson.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61303
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
This guide gives some pointers on how to write D-Bus APIs which are nice
to use.
It adds an optional dependency on Ducktype and yelp-build from
yelp-tools. These are used when available, but are not required unless
--enable-ducktype-docs is passed to configure. They are required for
uploading the docs, however.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88994
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Unlike eavesdropping, the point of capture is when the message is
received, except for messages originating inside the dbus-daemon.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=46787
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
Heavily based on a patch from Lennart Poettering.
This is useful for authentication frameworks such as polkit, but this
flag is supposed to be generic, and not be bound to any implementation
of such a framework.
The dbus specification already clarifies that unknown flags must be
ignored, the reference implementation and the other implementations we
checked indeed ignore any new flags, hence we should be fine with
compatibility here.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83449
The message type is more important than whether NO_REPLY_EXPECTED is
set, when deciding whether a reply is expected. This documents
existing practice in at least libdbus, GDBus and dbus-daemon.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75749
Reviewed-by: Thiago Macieira
This is one of four commits needed to address CVE-2014-3637.
When a file descriptor is passed to dbus-daemon, the associated D-Bus message
might not be fully sent to dbus-daemon yet. Dbus-daemon keeps the file
descriptor in the DBusMessageLoader of the connection, waiting for the rest of
the message. If the client stops sending the remaining bytes, dbus-daemon will
wait forever and keep that file descriptor.
This patch adds pending_fd_timeout (milliseconds) in the configuration to
disconnect a connection after a timeout when a file descriptor was sent but not
the remaining message.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80559
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
DBUS_TYPE_G_BYTE_ARRAY does not exist. It should be DBUS_TYPE_G_UCHAR_ARRAY
Signed-off-by: Thomas Haller <thaller@redhat.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80795
tcp/nonce-tcp transport has a "bind" key, which can be specified a
hostname and will override hostname specified in "host" key.
"bind" has a special value "*" which means ip address 0.0.0.0 and will
cause dbus-daemon listen on all interfaces.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=72301
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
The --with-dbus-session-bus-connect-address configure option and the
DBUS_SESSION_BUS_CONNECT_ADDRESS CMake variable expect a connectable
address, while the --with-dbus-session-bus-listen-address option and
the DBUS_SESSION_BUS_LISTEN_ADDRESS variable expect a listenable address.
DBUS_SYSTEM_BUS_DEFAULT_ADDRESS currently has to be an address that
is simultaneously listenable and connectable.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61303
Reviewed-by: Chengwei Yang <chengwei.yang@intel.com>
[fixed name of DBUS_SESSION_BUS_CONNECT_ADDRESS as per review -smcv]
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
This is an important security measure. Without it, the system bus
would not deliver its intended security properties. The actual
implementation has always behaved like this, I think.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=68597
Reviewed-by: Chengwei Yang <chengwei.yang@intel.com>
Previously, if we have interfaces:
interface com.example.foo:
method Ambiguous()
interface com.example.bar:
method Ambiguous()
method Unambiguous()
implementations were required to deliver a message with no INTERFACE
and METHOD=Unambiguous to "bar". A message with no INTERFACE and
METHOD=Ambiguous could either be delivered to "foo", delivered to "bar"
or treated as an error.
Relax this to allow an error for the unambiguous case, too, and
strongly recommend specifying the interface (which is best-practice).
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=68597
Reviewed-by: Chengwei Yang <chengwei.yang@intel.com>
Vaguely-acked-by: Thiago Macieira, David Zeuthen
[and desrt objected that it didn't go far enough]
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Update three configurable elements for dbus-daemon manual, <syslog>,
<pidfile> and <allow_anonymous>, all of them are undocumented so far.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69125
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
