We were incorrectly passing NULL for a DBusList when the usage expected
is a pointer to a NULL DBusList pointer. Also during dbus_shutdown
we need to actually close the inotify fd, and remove our watch.
Move the shutdown handler out of bus.c and into inotify where we
can do all of this cleanly.
Substantially based on a patch by Matthias Clasen <mclasen@redhat.com>
kqueue implementation by Joe Marcus Clarke <marcus@freebsd.org>
Previously, when we detected a configuration change (which included
the set of config directories to monitor for changes), we would
simply drop all watches, then readd them.
The problem with this is that it introduced a race condition where
we might not be watching one of the config directories for changes.
Rather than dropping and readding, change the OS-dependent monitoring
API to simply take a new set of directories to monitor. Implicit
in this is that the OS-specific layer needs to keep track of the
previously monitored set.
The reload handling for activation simply dropped all knowledge
of pending activations, which was clearly wrong. Refactor things
so that reload only reloads directories, server address etc.
Based on a patch originally from Matthias Clasen <mclasen@redhat.com>
The requested_reply field is necessary in send denials too because
it's used in the policy language. The connection loginfo lack in
"would deny" was just an oversight.
Extend the current security logs with even more relevant
information than just the message content. This requires
some utility code to look up and cache (as a string)
the data such as the uid/pid/command when a connection is
authenticated.
2008-01-15 John (J5) Palmieri <johnp@redhat.com>
* bus/bus.c (bus_context_check_security_policy): rewrite selinux error
handling to not abort due to a NULL read and to set the error only if
it is not already set (Based off of FDO Bug #12430)
2007-10-23 Havoc Pennington <hp@redhat.com>
* bus/bus.c (bus_context_new): use the new name here
* bus/selinux.c (bus_selinux_audit_init): rename from audit_init()
to avoid possible libc conflict, and declare it in .h file to
avoid a warning
2007-10-19 Havoc Pennington <hp@redhat.com>
* bus/bus.c (bus_context_new): put the audit_init() in here
instead, which I believe ends up being the same as where it was
before, though I'm not sure I understand why it goes here.
* dbus/dbus-sysdeps-util-unix.c (_dbus_change_to_daemon_user):
remove audit_init() from here, this file can't depend on code in
bus/ directory
* tools/dbus-launch-x11.c (set_address_in_x11): fix from Michael
Lorenz to use long not int with XChangeProperty format 32
* dbus/dbus-sysdeps-util-unix.c
(_dbus_write_pid_to_file_and_pipe): factor this out, and use the
same code in _dbus_become_daemon (where the parent writes the pid
file and to the pid pipe) and in bus_context_new (where the daemon
writes its own pid file and to its own pid pipe)
* bus/bus.c (bus_context_new): close the pid pipe after we print
to it. Also, don't write the pid to the pipe twice when we fork,
someone reported this bug a long time ago.
* configure.in: add AM_PROG_CC_C_O to allow per-target CPPFLAGS
* bus/dispatch.c (bus_dispatch_test_conf): Fix up setting
TEST_LAUNCH_HELPER_CONFIG to include the full path, and enable
test shell_fail_service_auto_start when use_launcher==TRUE
* bus/activation-helper-bin.c (convert_error_to_exit_code): pass
through the INVALID_ARGS error so the test suite works
* bus/activation.c (handle_activation_exit_error): return
DBUS_ERROR_NO_MEMORY if we get BUS_SPAWN_EXIT_CODE_NO_MEMORY
* dbus/dbus-spawn.c (_dbus_babysitter_get_child_exit_status):
return only the exit code of the child, not the entire thingy from
waitpid(), and make the return value indicate whether the child
exited normally (with a status code)
* bus/bus.c (process_config_first_time_only): _dbus_strdup works
on NULL so no need to check
(process_config_every_time): move servicehelper init here, so we
reload it on HUP or config file change
* bus/Makefile.am (install-data-hook): remove comment because
Emacs make mode seems to be grumpy about it
* bus/bus.c: (process_config_first_time_only),
(process_config_every_time), (bus_context_unref),
(bus_context_get_servicehelper):
* bus/bus.h:
Add the concept of a service-helper and allow it's value to be read.
* doc/dbus-specification.xml: document org.freedesktop.DBus.GetId()
* bus/driver.c (bus_driver_handle_get_id): implement org.freedesktop.DBus.GetId()
* bus/bus.c (bus_context_new): generate a unique ID for each bus context
* dbus/dbus-connection.c (dbus_connection_get_server_id): new function
* dbus/dbus-bus.c (dbus_bus_get_id): new function
* dbus/dbus-server.c (dbus_server_get_id): new function
* configure.ac, bus/selinux.c, dbus/dbus-sysdeps-unix-util.c: add
libaudit support, no clue what this means really but now we have
it. Patches from Fedora package.
* bus/bus.c (bus_context_new): move selinux initialization after
changing to daemon user, patch from Fedora package
* dbus/dbus-transport.c (auth_via_unix_user_function): fix a typo
* bus/policy.c (bus_policy_create_client_policy): gracefully
continue if the connection has no unix user - just don't apply
any unix user dependent rules.
* bus/config-parser.c: remove dbus-userdb.h usage
* bus/bus.c: remove dbus-userdb.h usage
* dbus/dbus-transport.c (_dbus_transport_get_is_authenticated):
support Windows user function; also, fix the logic for checking
auth as root in the default auth code (broken in the previous
commit)
* dbus/dbus-connection.c
(dbus_connection_set_windows_user_function): new function
(dbus_connection_get_windows_user): new function
* bus/dispatch.c (check_get_connection_unix_process_id): adapt
since sysdeps-unix.h stuff isn't included anymore
* bus/bus.c (bus_context_new): use more abstract functions to
change user, so they can be no-ops on Windows
* dbus/dbus-credentials.c, dbus/dbus-credentials.h,
dbus/dbus-credentials-util.c: new files containing a fully opaque
DBusCredentials data type to replace the old not opaque one.
* configure.in (DBUS_UNIX): define DBUS_UNIX to match DBUS_WIN on
windows
* dbus/dbus-userdb.h: prohibit on Windows, next step is to clean
up the uses of it in bus/*.c and factor out the parts of
cookie auth that depend on it
* tools/dbus-launch.c (do_close_stderr): fix C89 problem and
formatting problem
* Mostly fix the DBusPipe mess.
- put line break after function return types
- put space before parens
- do not pass structs around by value
- don't use dbus_strerror after calling supposedly cross-platform
api
- don't name pipe variables "fd"
- abstract special fd numbers like -1 and 1
* bus/bus.c (process_config_every_time):
don't overwrite existing bus context activation object
until after we've checked that the new activation is
valid.
* bus/main.c
(signal_handler), (handle_reload_watch):
don't call exit() on failure, instead make do and keep
going.
(close_reload_pipe): new function to turn off
hangup-causes-config-reload behavior if an unexpected
error occurs
* dbus/dbus-sysdeps-unix.h: small change to Peter's patch to make
dbus-sysdeps-unix-util.c build, add unix-specific sysdeps header.
* dbus/dbus-sysdeps.h, dbus-sysdeps-unix.c: patch from Peter
Kümmel bug #8249 to make the sysdeps.h read/write/open/close
functions specifically for sockets only, and move generic
read/write/open/close into unix-specific code.
* dbus/dbus-threads.c (dbus_threads_init): change the documentation
to reflect the init late change
* bus/bus.c (bus_context_new): Check user before we fork so we can
print out an error message a user will be able to see
with cleanups of bugs found from Coverity reports:
* dbus/dbus-sysdeps-util.c (_dbus_write_pid_file):
close the file on error to avoid a leak
* bus/expirelist.c (bus_expire_list_test):
Check for NULL on dbus_new0
* bus/activation.c (update_directory):
remove dead code
* bus/config-parser.c (merge_service_context_hash, start_selinux_child):
Fix some leaks
* bus/bus.c (process_config_every_time):
Fixed a leak
* bus/desktop-file.c (parse_key_value):
Fixed leak
* bus/selinux.c (bus_selinux_id_table_insert):
Fixed leak
config reload.
* bus/dbus-daemon.1.in: Also note that SIGHUP flushes the user/group
information caches
* dbus/dbus-hash.c: (_dbus_hash_table_remove_all):
* dbus/dbus-hash.h: Add function to remove all entries from a hash table
* dbus/dbus-userdb.c: (_dbus_user_database_flush):
* dbus/dbus-userdb.h: Add function to flush all user/group information
caches.
Patch from Timo Hoenig <thoenig@suse.de>.
* bus/bus.c: I've recently investigated why the automatic reload
of configuration files does not work as expected.
Currently, reloading configuration files does only work when
running dbus-daemon with --nodaemon. If we are running as daemon
we're hitting a dnotify bug once we fork the process.
We're initializing the dnotify fds before calling fork(). Once
the child process forked it does still have the fds (and they
still show up in /proc/`pidof dbus-daemon`/fd/) but we're not
getting SIGIO as changes are made to the configuration files.
The attached patch moves the initialization of the dnotify fds to
process_config_postinit(). This is safe for all current code
paths and solves the dnotify disfunction. If we're running
dbus-daemon as daemon the fds for dnotify are now being
initialized after fork() for the child process.
* configure.in: The current configure.in check for dnotify probes
'x$target_os' for being 'xlinux-gnu'. I've changed the check to
match for 'xlinux', too. Additionally I have adapted the configure
option's style to match with the others.
* bus/bus.c (process_config_every_time): Drop existing conf-dir
watches (if applicable) and add new watches
* bus/main.c (signal_handler): Handle SIGIO if using D_NOTIFY
(main): Setup SIGIO signal handler if using D_NOTIFY
* bus/config-parser.h: Add prototype bus_config_parser_get_conf_dirs
* bus/config-parser.c (struct BusConfigParser): Add conf_dirs list
(merge_included): Also merge conf_dirs list
(bus_config_parser_unref): Clear conf_dirs list
(include_dir): Add directory to conf_dirs list
(bus_config_parser_get_conf_dirs): New function
* bus/dir-watch.[ch]: New files
* bus/Makefile.am (BUS_SOURCES): Add dir-watch.[ch]
* configure.in: Add checks for D_NOTIFY on Linux
* bus/selinux.c: Add c-file-style to top of file
(log_audit_callback): Don't free the data here anymore
(bus_selinux_check): Don't take spid and tpid since appending
that to auxdata may OOM.
(bus_selinux_allows_acquire_service): Handle OOM and signal back
to the caller if we are OOM by taking an error object.
(bus_selinux_allows_send): -do-
* bus/selinux.h: Fix prototypes for bus_selinux_allows_acquire_service
and bus_selinux_allows_send
* bus/bus.c (bus_context_check_security_policy): Pass error and
pass on OOM thrown by bus_selinux_allows_send()
* bus/services.c (bus_registry_acquire_service): Pass error and
pass on OOM thrown by bus_selinux_allows_acquire_service()
* dbus/dbus-protocol.h (DBUS_SERVICE_ORG_FREEDESKTOP_DBUS):
Rename to DBUS_SERVICE_DBUS.
(DBUS_PATH_ORG_FREEDESKTOP_DBUS): Rename to DBUS_PATH_DBUS.
(DBUS_PATH_ORG_FREEDESKTOP_LOCAL): Rename to DBUS_PATH_LOCAL.
(DBUS_INTERFACE_ORG_FREEDESKTOP_DBUS): Rename to DBUS_INTERFACE_DBUS.
(DBUS_INTERFACE_ORG_FREEDESKTOP_INTROSPECTABLE): Rename to
DBUS_INTERFACE_INTROSPECTABLE.
(DBUS_INTERFACE_ORG_FREEDESKTOP_PROPERTIES): Rename to
DBUS_INTERFACE_PROPERTIES.
(DBUS_INTERFACE_ORG_FREEDESKTOP_PEER): Rename to
DBUS_INTERFACE_PEER.
(DBUS_INTERFACE_ORG_FREEDESKTOP_LOCAL):
DBUS_INTERFACE_LOCAL.
All other users of those constants have been changed.
* bus/driver.c (bus_driver_handle_introspect): Use constants.
* glib/dbus-gobject.c (handle_introspect): Use constants.
* doc/dbus-faq.xml, doc/dbus-specification.xml: Update for rename.
* dbus/dbus-string.c (_dbus_string_get_length): New
function, writes DBusString to C buffer.
* dbus/dbus-string.h: Prototype it.
* dbus/dbus-message.c (dbus_message_type_to_string): New
function, converts message type into C string.
* dbus/dbus-message.h: Prototype it.
* bus/selinux.c (bus_selinux_check): Take source pid,
target pid, and audit data. Pass audit data to
avc_has_perm.
(log_audit_callback): New function, appends extra
audit information.
(bus_selinux_allows_acquire_service): Also take
service name, add it to audit data.
(bus_selinux_allows_send): Also take message
type, interface, method member, error name,
and destination, and add them to audit data.
(log_cb): Initialize func_audit.
* bus/selinux.h (bus_selinux_allows_acquire_service)
(bus_selinux_allows_send): Update prototypes
* bus/services.c (bus_registry_acquire_service): Pass
service name to bus_selinux_allows_acquire_service.
* bus/bus.c (bus_context_check_security_policy): Pass
additional audit data. Move assignment of dest
to its own line.
* bus/bus.c (load_config): Break into three
separate functions: process_config_first_time_only,
process_config_every_time, and process_config_postinit.
(process_config_every_time): Move call of
bus_registry_set_service_context_table into
process_config_postinit.
(process_config_postinit): New function, does
any processing that needs to happen late
in initialization (and also on reload).
(bus_context_new): Instead of calling load_config,
open config parser here and call process_config_first_time_only
and process_config_every_time directly. Later, after
we have forked but before changing UID,
invoke bus_selinux_full_init, and then call
process_config_postinit.
(bus_context_reload_config): As in bus_context_new,
load parse file inside here, and call process_config_every_time
and process_config_postinit.
* bus/services.h, bus/services.c
(bus_registry_set_service_context_table): Rename
from bus_registry_set_sid_table. Take string hash from config
parser, and convert them here into SIDs.
* bus/config-parser.c (struct BusConfigParser): Have
config parser only store a mapping of service->context
string.
(merge_service_context_hash): New function.
(merge_included): Merge context string hashes instead
of using bus_selinux_id_table_union.
(bus_config_parser_new): Don't use bus_selinux_id_table_new;
simply create a new string hash.
(bus_config_parser_unref): Unref it.
(start_selinux_child): Simply insert strings into hash,
don't call bus_selinux_id_table_copy_over.
* bus/selinux.h, bus/selinux.c (bus_selinux_id_table_union)
(bus_selinux_id_table_copy_over): Delete.
* dbus/dbus-sysdeps.h (_dbus_become_daemon): Also take
parameter for fd to write pid to.
* dbus/dbus-sysdeps.c (_dbus_become_daemon): Implement it.
* bus/bus.c (bus_context_new): Pass print_pid_fd
to _dbus_become_daemon (bug #1720)
DBusError that was causing a memoy leak (bug #989).
* dbus/dbus-keyring.c, dbus/dbus-message.c: fix compilation on
Solaris/Forte C (bug #974)
* bus/main.c (main): plug two minuscule memleaks.
SELinux support from Matthew Rickard <mjricka@epoch.ncsc.mil>
* bus/selinux.c, bus/selinux.h: new file encapsulating selinux
functionality
* configure.in: add --enable-selinux
* bus/policy.c (bus_policy_merge): add FIXME to a comment
* bus/main.c (main): initialize and shut down selinux
* bus/connection.c: store SELinux ID on each connection, to avoid
repeated getting of the string context and converting it into
an ID
* bus/bus.c (bus_context_get_policy): new accessor, though it
isn't used
(bus_context_check_security_policy): check whether the security
context of sender connection can send to the security context of
recipient connection
* bus/config-parser.c: add parsing for <selinux> and <associate>
* dbus/dbus-transport.c (_dbus_transport_get_unix_fd): to
implement dbus_connection_get_unix_fd()
* dbus/dbus-connection.c (dbus_connection_get_unix_fd): new
function, used by the selinux stuff
