This adds the initial named arguments that we anticipate we will need
for Flatpak and Snap: Flatpak will want to hold the server open until the
xdg-dbus-proxy exits, while Snap developers want to clean up the
per-container servers explicitly and have their existence stored as part
of the persistent state of the restartable snapd service.
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/186
Signed-off-by: Simon McVittie <smcv@collabora.com>
This allows for potential future mechanisms where the caller, rather than
the message bus, is responsible for creating the socket, without needing
to have a "null-like" representation for the absence of a path and the
absence of an address (in practice the empty string).
I've left the per-container server object path as a top-level thing
rather than moving it into the a{sv}, because I don't see any reason
why we would want to crate a per-container server without having a way
to talk about it in future API calls.
Requested-by: Sebastian Wick
Signed-off-by: Simon McVittie <smcv@collabora.com>
This aligns it with the analogous Wayland specification
security-context-v1, and in particular allows Flatpak-aware applications
to look up the instance's sandboxing parameters and other metadata.
Helps: https://gitlab.freedesktop.org/dbus/dbus/-/issues/479
Signed-off-by: Simon McVittie <smcv@collabora.com>
Flatpak has the concept of an "instance ID" for a running app, which we
should expose in Containers1, similar to the analogous Wayland
specification security-context-v1[1]. If we use the word "instance" for
both the Flatpak (or other container manager) side and the D-Bus side,
the resulting API will be really confusing.
[1] https://gitlab.freedesktop.org/wayland/wayland-protocols/-/tree/main/staging/security-context
Signed-off-by: Simon McVittie <smcv@collabora.com>
If we're building on Unix with the message bus and tools enabled, then
we need to compile dbus-launch before we can expect this test to pass.
Continuation of commit 55e60abe "test: add missing test dependencies".
Signed-off-by: Simon McVittie <smcv@collabora.com>
check_valid_fd() does not touch its second parameter if the fd is not,
in fact, a valid fd. Initialize the "out" parameter to the opposite
of the value we are hoping for, so that both assertions will fail if
there is a problem.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Unlike "bin", "tty" actually means something on modern Linux distros,
and is used by a default udev rule, so it's more likely to exist on
distros than a group that just exists for historical compatibility
with who knows what.
"tty" exists on macOS, Debian, and Fedora (the criteria used for
choosing "bin" in f2905def ("policy tests: Use bin rather than
nogroup, wheel, or root")), but also fixes running the bus test for me
on NixOS, which has "tty" but not "bin".
Closes: https://gitlab.freedesktop.org/dbus/dbus/-/issues/514
Signed-off-by: Alyssa Ross <hi@alyssa.is>
It's a wrapper around snprintf(), so we are not gaining any efficiency
versus _dbus_string_append_printf(), and might as well use the more
general function instead. Doing it this way might even be a little *more*
efficient, since it reduces reallocations; it's certainly more concise.
Signed-off-by: Simon McVittie <smcv@collabora.com>
On 32 bit systems long will overflow in 2038, causing complete breakage.
This is confirmed by running dbus's test suite on a 32 bit system
with system time set to 2040 (and configured to use 64 bit time_t of course).
Note that both timespec and timeval are specified with time_t for the
seconds component. This should propagate everywhere where that data is
passed and stored, but previously _dbus_get_monotonic_time() and
_dbus_get_monotonic_time() would truncate it to long.
Also add a function for parsing dbus_int64_t from
files, as existing functions can only handle long.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Previously, if dbus_connection_get_unix_user() succeeded but
_dbus_unix_groups_from_uid() failed, then bus_connection_get_unix_groups()
would incorrectly fail without setting the error indicator, resulting
in "(null)" being logged, which is rather unhelpful.
This also lets us distinguish between ENOMEM and other errors, such as
the uid not existing in the system's user database.
Fixes: 145fb99b (untitled refactoring commit, 2006-12-12)
Helps: https://gitlab.freedesktop.org/dbus/dbus/-/issues/343
Signed-off-by: Simon McVittie <smcv@collabora.com>
Most of these binary blobs is mechanically derived from the
corresponding .hex file, which is hand-written.
boolean-has-no-value.message-raw is presumably either hand-constructed
or fuzzer-generated: it was committed by a Red Hat employee and never
altered, so I've assumed Red Hat is the copyright holder. Permission
was already granted by Red Hat to relicense their dbus contributions
under the MIT (Expat) license.
Signed-off-by: Simon McVittie <smcv@collabora.com>
The new socket option SO_PEERPIDFD allows to pin the process on the
other side of the socket by file descriptor, which closes a race
condition where a PID can be reused before we can pin it manually.
Available since Linux v6.5.
When storing credentials, pin the process by FD from the PID.
When querying the PID, if the PID FD is available, resolve
it from there first if possible.
Ensure the DBusCredentials object only returns the PID FD if it was
obtained by this call, so that we know for sure we can rely on it
being safe against PID reuse attacks.
Signed-off-by: Luca Boccassi <bluca@debian.org>
The exact failure mode reported in dbus/dbus#457 is quite difficult
to achieve in a reliable way in a unit test, because we'd have to send
enough messages to a client to fill up its queue, then stop that client
from draining its queue, while still triggering a message that gets a
reply from the bus driver. However, we can trigger the same crash in a
slightly different way by not allowing the client to receive a
particular message. I chose NameAcquired.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Test it's possible to consume libdbus as a subproject.
Suggested-by: Simon McVittie <smcv@collabora.com>
Signed-off-by: Daniel Wagner <dwagner@suse.de>
To make the consume libdbus via Meson's subproject use case more useful,
introduce message_bus and tools command line options which control if
the D-Bus daemon and/or the tools are build. The idea here is that
depending projects are interested only in the library.
The strong recommendation is only to build libdbus as static library:
libdbus_dep = dependency(
'dbus-1',
required: get_option('libdbus'),
fallback: ['dbus', 'libdbus_dep'],
default_options: [
'default_library=static',
'embedded_tests=false',
'message_bus=false',
'modular_tests=disabled',
'tools=false',
],
)
This ensures that any installed D-Bus infrastructure on the target
system is not overwritten.
Signed-off-by: Daniel Wagner <dwagner@suse.de>
The full license texts are not added because they were already
added in a previous commit.
Signed-off-by: Ralf Habacker <ralf.habacker@freenet.de>
see #394
After 6e48c317 the test-apparmor-activation test fails as it can no
longer access the dbus socket in /tmp. This commit updates the apparmor
profile used within the test
In some more complicated loops, we do need to use 'goto' to exit from
an inner loop, or to jump to cleanup or an increment of an iterator
immediately before the next loop iteration. However, in these simple
cases, jumping to a label immediately before the 'while' keyword is
unnecessary: we can use an equivalent 'continue' statement for flow
control.
This makes it easier for maintainers to notice the loops where we are
doing something more complicated, which still use 'goto', and know
that they need to pay more attention in those cases.
Signed-off-by: Simon McVittie <smcv@collabora.com>
The TCL-derived code is under its own license, so the overall license
of the file is (AFL-2.1 OR GPL-2.0-or-later) AND TCL.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Red Hat have previously given permission for relicensing, and all
subsequent contributions to this file were trivial.
Signed-off-by: Simon McVittie <smcv@collabora.com>
With permission from Philip Withnall on behalf of Endless, me on behalf
of Collabora, and relying on previous permission from Red Hat
representatives.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This was contributed by Ralf Habacker and later edited by me, with a
trivial change from Thomas Zimmermann which I don't think affects its
copyright.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This was contributed by Ralf Habacker, with a trivial change from
Philip Withnall which I don't think affects its copyright.
Signed-off-by: Simon McVittie <smcv@collabora.com>
All significant contributions to this file were from companies or
individuals that gave permission for relicensing to MIT (I have assumed
that trivial changes from Marcus Brinkmann and Kjartan Maraas were too
small to affect copyright status).
Signed-off-by: Simon McVittie <smcv@collabora.com>
All significant contributions to this file were from companies that gave
permission for relicensing to MIT (I have assumed that trivial changes
from Marcus Brinkmann and Ralf Habacker were too small to affect
copyright status).
Signed-off-by: Simon McVittie <smcv@collabora.com>
The license for this file was never stated, but all contributions to it
have been from Red Hat or Collabora, and representatives of both
companies gave permission for MIT relicensing in 2007.
Signed-off-by: Simon McVittie <smcv@collabora.com>
dbus_message_unref() is in principle able to handle a NULL parameter, but
causes the program to abort when `fatal_warnings_on_check_failed` is set.
Therefore the call with a NULL parameter is avoided from now on.
Fixes#422
This seems to have been intended to give a more specific error message
if the method call failed, but it will not have been effective, because
dbus_connection_send_with_reply_and_block() ends with a check for ERROR
messages using dbus_set_error_from_message(). This means that if the
reply was an ERROR message, it will already have been converted into a
DBusError by the time call_method() regains control.
Signed-off-by: Simon McVittie <smcv@collabora.com>
An unrelated branch failed CI with this assertion failure:
26: dbus[6768]: error: arguments to dbus_set_error() were incorrect,
assertion "(error) == NULL || !dbus_error_is_set ((error))" failed in
file ...\dbus-errors.c line 365.
Looking at the test, this seems to be the most likely candidate for
this bug in error handling, which is masking whatever the real cause
for the failure was (we can't tell from here). If
dbus_connection_send_with_reply_and_block() returns NULL, then it should
already have set the error.
Fixing this bug in the error handling will hopefully give us a better
error message for the actual failure if it happens again.
Signed-off-by: Simon McVittie <smcv@collabora.com>
