It wasn't immediately clear from the names of these method whether they
should return TRUE or FALSE for queued owners other than the primary
owner. Renaming them makes it obvious that the answer should be TRUE.
While I'm there, make the corresponding _dbus_verbose() messages more
precise.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Resolves: https://gitlab.freedesktop.org/dbus/dbus/issues/270
This extends dbus-daemon with support for send_destination_prefix
attribute in XML policies.
It allows having policy rules for sending to bus names generated
within namespaces defined by a prefix. The similar behaviour can be
emulated by owning an additional name, not used for addressing messages,
as described in
https://lists.freedesktop.org/archives/dbus/2017-May/017188.html
However, introducing send_destination_prefix creates possibility
of communicating intentions in a more direct way, which is easier
to understand.
Signed-off-by: Adrian Szyndela <adrian.s@samsung.com>
Change-Id: I0016ad93f1c16b7742fef5f45ebaf01b55694d3c
This extracts a few lines of code and adds it as a DBusString function
that checks if a DBusString starts with words given with a C string
and a word separator. In other words, it checks if:
- a DBusString is a given C string, or
- a DBusString starts with a given C string and the next character is
a given word separator.
It is used for matching names to prefixes when checking the policy.
Signed-off-by: Adrian Szyndela <adrian.s@samsung.com>
Change-Id: Ie39d33916863d950dde38d3b8b20c8a539217302
Linux systems have traditionally set the soft limit to 1024 and the hard
limit to 4096. Recent versions of systemd keep the soft fd limit at
1024 to avoid breaking programs that still use select(), but raise the
hard limit to 512*1024, while in recent Debian versions a complicated
interaction between components gives a soft limit of 1024 and a hard
limit of 1024*1024. If we can, we might as well elevate our soft limit
to match the hard limit, minimizing the chance that we will run out of
file descriptor slots.
Unlike the previous code to raise the hard and soft limits to at least
65536, we do this even if we don't have privileges: privileges are
unnecessary to raise the soft limit up to the hard limit.
If we *do* have privileges, we also continue to raise the hard and soft
limits to at least 65536 if they weren't already that high, making
it harder to carry out a denial of service attack on the system bus on
systems that use the traditional limit (CVE-2014-7824).
As was previously the case on the system bus, we'll drop the limits back
to our initial limits before we execute a subprocess for traditional
(non-systemd) activation, if enabled.
systemd activation doesn't involve us starting subprocesses at all,
so in both cases activated services will still inherit the same limits
they did previously.
Reviewed-by: Lennart Poettering <lennart@poettering.net>
[smcv: Correct a comment based on Lennart's review, reword commit message]
Signed-off-by: Simon McVittie <smcv@collabora.com>
As described in the spec, we want GetConnectionCredentials() to report
less information, successfully, if it sees a group ID that it can't
represent.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Traditional activation could be disabled if all services use
SystemdService activation instead. Provide an example of a hardened
DBus systemd service drop-in file for such a setup.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
AX_CODE_COVERAGE recently changed the way it embedded its Makefile rules
in the output file: instead of using @CODE_COVERAGE_RULES@, users
are now meant to include aminclude_static.am.
The new AX_CODE_COVERAGE is only in the latest autoconf-archive release,
version 2019.01.06, which is inconveniently new, so bundle everything
we need for the moment.
This requires us to stop using the deprecated CODE_COVERAGE_LDFLAGS
(which we still used to support older versions of autoconf-archive)
and replace them with CODE_COVERAGE_LIBS.
Signed-off-by: Simon McVittie <smcv@collabora.com>
The -test suffix does not indicate that this is a test, but rather that
it is for tests (similar to the -unix and -win suffixes on modules like
dbus-sysdeps). This seems unnecessarily confusing, so rename it to end
with -for-tests.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This groups them with the other tests, and avoids having them influence
the test coverage stats in bus/.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This is in preparation to move some of this code into the test/
directory. I've ignored changes that appear to be trivial.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This means we can share them between tests without having to compile
the same file repeatedly, and makes them easier to share between
directories when we move test executables into test/.
Signed-off-by: Simon McVittie <smcv@collabora.com>
It's unexpected for a function to take ownership of its arguments
without indicating that in its name, or at least documenting it.
The only caller with envp != NULL is in
bus_activation_activate_service(), which has been updated.
Based on part of a larger commit by Ralf Habacker.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This all seems to have been written by Red Hat or by Collabora, so we
have permission to relicense it under the MIT/X11 license, and we
might as well do so.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This results in one less special case in test-main, which will be
significant when we want to make the tests more data-driven.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This will make it possible to unify the wrapper code that runs them.
I'm using a plain C string rather than a DBusString to make it
more straightforward to carve out tests into their own executables.
Signed-off-by: Simon McVittie <smcv@collabora.com>
We don't usually mass-remove trailing whitespace from the actual source
code because it would complicate cherry-picking bug fixes to older
branches, but that reasoning doesn't really apply to the comments
containing copyright and licensing notices.
Removing trailing whitespace makes it much easier to move code around:
we have a commit hook that rejects commits containing trailing
whitespace, but that commit hook counts moving a file as a delete + add
pair, so it objects to moving code that contains trailing whitespace.
Signed-off-by: Simon McVittie <smcv@collabora.com>
libdbus has been thread-safe by default since 1.7.6 (2013):
dbus_threads_init_default() is called on a just-in-time basis
whenever needed, and _dbus_thread_init_debug() is equivalent to that.
Signed-off-by: Simon McVittie <smcv@collabora.com>
If lists are in a completely arbitrary order, sorting them consistently
means that there is only one correct place to insert a new entry, avoiding
the merge conflicts that would occur if we always append new entries.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Patterns in the top-level .gitignore match in all subdirectories, so
there's no need to repeat ourselves quite so much for generic
C, Autotools and gcov patterns.
Signed-off-by: Simon McVittie <smcv@collabora.com>
We don't want to set these globally via the normal CFLAGS, because if
we did, AddressSanitizer would catch test-segfault deliberately
segfaulting, and "helpfully" turn it into exit status 1, which in turn
makes our test fail because it asserts that the segfault is reported
as a segfault.
A typical use with gcc as compiler, on a reasonably recent Debian,
would be:
./configure SANITIZE_CFLAGS="-fsanitize=address -fsanitize=undefined -fPIE -pie"
Signed-off-by: Simon McVittie <smcv@collabora.com>
This is technically a denial of service because the dbus-daemon will
run out of memory eventually, but it's a very slow and noisy one,
because all the rejected messages are also very likely to have
been logged to the system log.
Detected by AddressSanitizer.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Resolves: https://gitlab.freedesktop.org/dbus/dbus/issues/234
Reviewed-by: pwithnall
This check is now possible because with merge request
https://gitlab.freedesktop.org/dbus/dbus/merge_requests/55
the prerequisites are valid.
It was already run if built with Autotools, because DBUS_WIN_FIXME
was only defined in the CMake build system.
[smcv: Add more context regarding Autotools vs. CMake]
Signed-off-by: Simon McVittie <smcv@collabora.com>
Despite its name, which is a historical quirk, this is now a
generic cross-platform process ID on anything with the concept of
numbered processes. It appears it has actually worked on Windows
since dbus 1.7.x.
Bug: https://gitlab.freedesktop.org/dbus/dbus/issues/239
Signed-off-by: Simon McVittie <smcv@collabora.com>
This should avoid test failures under CMake in which the
dbus-daemon inherits an unwanted fd from CMake's test framework, causing
the close-on-exec check before executing activated services to fail.
The dbus-daemon now marks all fds that it inherits, except for its
stdin, stdout and stderr, to be closed on exec. For completeness, the
dbus-daemons run by dbus-run-session and dbus-launch also now inherit
stdin, stdout, stderr and the pipes used to communicate with their
callers, but nothing else.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Now that we have _DBUS_STRING_INIT_INVALID, we can initialize
parser.data to a value that is safe for _dbus_string_free(), which
means we can put all the cleanup through a single code path that
definitely frees everything.
(This is just refactoring, not a correctness fix.)
Signed-off-by: Simon McVittie <smcv@collabora.com>
BusDesktopFile has a strange convention in which the various parser
helper functions (parse_section_start(), etc.) free the parser on error.
However, this particular error case happens outside the helper functions
and so will leak.
Signed-off-by: Simon McVittie <smcv@collabora.com>
When running tests under "make check" or similar to take advantage
of facilities like AM_TESTS_ENVIRONMENT and AX_VALGRIND_CHECK, it's
more straightforward to set an environment variable than to pass a
command-line option.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://gitlab.freedesktop.org/dbus/dbus/issues/218
