* bus/config-parser.c (bus_config_parser_new): change the default reply
timeout to "never"
Signed-off-by: Scott James Remnant <scott@ubuntu.com>
(cherry picked from commit 8f1d2a2fa8)
2008-01-15 John (J5) Palmieri <johnp@redhat.com>
* patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
* bus/config-parser.c (locate_attributes): remove dead code which
always evaluated to TRUE
* dbus/dbus-shell.c (_dbus_shell_quote): remove unused code
* configure.in: add AM_PROG_CC_C_O to allow per-target CPPFLAGS
* bus/dispatch.c (bus_dispatch_test_conf): Fix up setting
TEST_LAUNCH_HELPER_CONFIG to include the full path, and enable
test shell_fail_service_auto_start when use_launcher==TRUE
* bus/activation-helper-bin.c (convert_error_to_exit_code): pass
through the INVALID_ARGS error so the test suite works
* bus/activation.c (handle_activation_exit_error): return
DBUS_ERROR_NO_MEMORY if we get BUS_SPAWN_EXIT_CODE_NO_MEMORY
* dbus/dbus-spawn.c (_dbus_babysitter_get_child_exit_status):
return only the exit code of the child, not the entire thingy from
waitpid(), and make the return value indicate whether the child
exited normally (with a status code)
* bus/bus.c (process_config_first_time_only): _dbus_strdup works
on NULL so no need to check
(process_config_every_time): move servicehelper init here, so we
reload it on HUP or config file change
* bus/Makefile.am (install-data-hook): remove comment because
Emacs make mode seems to be grumpy about it
* bus/Makefile.am:
* bus/config-parser.c: (bus_config_parser_unref),
(start_busconfig_child), (bus_config_parser_end_element),
(servicehelper_path), (bus_config_parser_content),
(bus_config_parser_finished),
(bus_config_parser_get_servicehelper),
(test_default_session_servicedirs),
(test_default_system_servicedirs), (bus_config_parser_test):
* bus/config-parser.h:
Make the config-parser code use the common config code.
Also add the session and systemdirs stuff, and make the config parser
aware of the servicehelper field.
* bus/policy.c (bus_policy_create_client_policy): gracefully
continue if the connection has no unix user - just don't apply
any unix user dependent rules.
* bus/config-parser.c: remove dbus-userdb.h usage
* bus/bus.c: remove dbus-userdb.h usage
* dbus/dbus-transport.c (_dbus_transport_get_is_authenticated):
support Windows user function; also, fix the logic for checking
auth as root in the default auth code (broken in the previous
commit)
* dbus/dbus-connection.c
(dbus_connection_set_windows_user_function): new function
(dbus_connection_get_windows_user): new function
* tools/dbus-launch.c (do_close_stderr): fix C89 problem and
formatting problem
* Mostly fix the DBusPipe mess.
- put line break after function return types
- put space before parens
- do not pass structs around by value
- don't use dbus_strerror after calling supposedly cross-platform
api
- don't name pipe variables "fd"
- abstract special fd numbers like -1 and 1
* bus/session.conf.in: override all the default limits with much
higher limits on the session bus, there is no reason the session
bus should have low limits
* bus/config-parser.c (bus_config_parser_new): increase default
limits so they are less likely to be hit; in particular the max
replies per connection was way too low
_dbus_list_get_next_link so we don't get stuck in an infinite loop
(start_busconfig_child): move processing of standard_session_servicedirs
tags here because they have no content
(bus_config_parser_content): check we don't have content in
standard_session_servicedirs tag
* tools/Makefile.am: Make sure the /var/lib/dbus directory is created
Packagers need to own this directory
* bus/config-parser.c: add the standard_session_servicedirs element
to the parser
(bus_config_parser_content): process the standard_session_servicedirs
element by getting the standard directories from sysdeps and merging
them into the service directory list
(test_default_session_servicedirs): make sure we get what we expect
* bus/session.conf.in: replace the servicedir tag with the
standard_session_servicedirs tag
* dbus/dbus-list.h: remove the typedef of DBusList and place it in
dbus-sysdeps.h to avoid circular header dependencies
* dbus/dbus-sysdeps.h: add the typedef of DBusList
* dbus/dbus-sysdeps-unix.c (split_paths_and_append): utility function
which takes a string of directories delimited by colons, parses them
out, appends a suffix and puts them in a list ignoring empty elements
(_dbus_get_standard_session_servicedirs): returns the standard
directories for a session bus to look for service activation files
on Unix which includes the XDG_DATA_HOME, XDG_DATA_DIRS and
DBUS_DATADIR directories
* test/data/valid-config-files/many-rules.conf: add the
standard_session_servicedirs tag to the valid config file tests
service_dirs_append_unique_or_free,
service_dirs_append_link_unique_or_free): New static methods
for only appending unique service directory names into
the service directory list
(merge_included, bus_config_parser_content): Only add unique
service directory names into the list
with cleanups of bugs found from Coverity reports:
* dbus/dbus-sysdeps-util.c (_dbus_write_pid_file):
close the file on error to avoid a leak
* bus/expirelist.c (bus_expire_list_test):
Check for NULL on dbus_new0
* bus/activation.c (update_directory):
remove dead code
* bus/config-parser.c (merge_service_context_hash, start_selinux_child):
Fix some leaks
* bus/bus.c (process_config_every_time):
Fixed a leak
* bus/desktop-file.c (parse_key_value):
Fixed leak
* bus/selinux.c (bus_selinux_id_table_insert):
Fixed leak
* bus/bus.c (process_config_every_time): Drop existing conf-dir
watches (if applicable) and add new watches
* bus/main.c (signal_handler): Handle SIGIO if using D_NOTIFY
(main): Setup SIGIO signal handler if using D_NOTIFY
* bus/config-parser.h: Add prototype bus_config_parser_get_conf_dirs
* bus/config-parser.c (struct BusConfigParser): Add conf_dirs list
(merge_included): Also merge conf_dirs list
(bus_config_parser_unref): Clear conf_dirs list
(include_dir): Add directory to conf_dirs list
(bus_config_parser_get_conf_dirs): New function
* bus/dir-watch.[ch]: New files
* bus/Makefile.am (BUS_SOURCES): Add dir-watch.[ch]
* configure.in: Add checks for D_NOTIFY on Linux
* Throughout, grand renaming to strip out the use of "service",
just say "name" instead (or "bus name" when ambiguous). Did not
change the internal code of the message bus itself, only the
programmer-facing API and messages.
* doc/dbus-specification.xml: further update the message bus section
* bus/config-parser.c (all_are_equiv): fix bug using freed string
in error case
* bus/bus.c (load_config): Break into three
separate functions: process_config_first_time_only,
process_config_every_time, and process_config_postinit.
(process_config_every_time): Move call of
bus_registry_set_service_context_table into
process_config_postinit.
(process_config_postinit): New function, does
any processing that needs to happen late
in initialization (and also on reload).
(bus_context_new): Instead of calling load_config,
open config parser here and call process_config_first_time_only
and process_config_every_time directly. Later, after
we have forked but before changing UID,
invoke bus_selinux_full_init, and then call
process_config_postinit.
(bus_context_reload_config): As in bus_context_new,
load parse file inside here, and call process_config_every_time
and process_config_postinit.
* bus/services.h, bus/services.c
(bus_registry_set_service_context_table): Rename
from bus_registry_set_sid_table. Take string hash from config
parser, and convert them here into SIDs.
* bus/config-parser.c (struct BusConfigParser): Have
config parser only store a mapping of service->context
string.
(merge_service_context_hash): New function.
(merge_included): Merge context string hashes instead
of using bus_selinux_id_table_union.
(bus_config_parser_new): Don't use bus_selinux_id_table_new;
simply create a new string hash.
(bus_config_parser_unref): Unref it.
(start_selinux_child): Simply insert strings into hash,
don't call bus_selinux_id_table_copy_over.
* bus/selinux.h, bus/selinux.c (bus_selinux_id_table_union)
(bus_selinux_id_table_copy_over): Delete.
* bus/selinux.h: Add bus_selinux_enabled.
* bus/selinux.c (bus_selinux_enabled): Implement it.
* bus/config-parser.c (struct include): Add
if_selinux_enabled member.
(start_busconfig_child): Parse if_selinux_enabled
attribute for include.
(bus_config_parser_content): Handle it.
* bus/session.conf.in, bus/system.conf.in: Add
inclusion of context mapping to default config files;
conditional on SELinux being enabled.
* doc/busconfig.dtd: Add to if_selinux_enabled to default DTD.
* test/data/invalid-config-files/badselinux-1.conf,
test/data/invalid-config-files/badselinux-2.conf:
Test files for bad syntax.
* bus/config-parser.c:
(struct PolicyType): Add POLICY_CONSOLE
(struct Element.d.policy): s/gid_or_uid/gid_uid_or_at_console
(start_busconfig_child): Sets up console element when
<policy at_console=""> is encountered in a policy file
(append_rule_from_element): Convert console elements to console
rules.
* bus/policy.c:
(bus_policy_create_client_policy): Add console rules to the client
policy based on if the client is at the console
(bus_policy_append_console_rule): New function for adding a
console rule to a policy
(bus_policy_merge): Handle console rule merging
* dbus/dbus-sysdeps.h: Added the DBUS_CONSOLE_DIR constant
where we check for console user files
* dbus/dbus-sysdeps.c:
(_dbus_file_exists): New function which checks if the given
file exists
(_dbus_user_at_console): New function which does the system
specific process of checking if the user is at the console
* dbus/dbus-userdb.c:
(_dbus_is_console_user): New function converts a UID to user name
and then calls the system specific _dbus_user_at_console to
see if the user is at the console and therefor a console user
* bus/dbus-daemon-1.1.in:
* test/data/valid-config-files/many-rules.conf: set the
max_match_rules_per_connection limt from the config file.
* doc/busconfig.dtd: update the DTD.
* bus/driver.c: remove some unused variables.
* bus/selinux.h: Prototype bus_selinux_get_policy_root.
* bus/selinux.c: Create a thread for policy reload notification.
(bus_selinux_get_policy_root): Implement.
Updated SELinux support from Matthew Rickard <mjricka@epoch.ncsc.mil>
* bus/config-parser.c (start_busconfig_child)
(bus_config_parser_content): Support SELinux-root relative
inclusion.
* configure.in <HAVE_SELINUX>: Add -lpthread.
* bus/test-main.c (test_pre_hook, test_post_hook): New.
(test_post_hook): Move memory checking into here.
(test_pre_hook, test_post_hook): Move SELinux checks in
here, but conditional on a DBUS_TEST_SELINUX environment
variable. Unfortunately we can't run the SELinux checks
as a normal user, since they won't have any permissions
for /selinux. So this will have to be tested manually
for now, until we have virtualization for most of
libselinux.
in the SELinux support.
* doc/busconfig.dtd: update DTD for SELinux support.
* bus/config-loader-libxml.c: fix error handler and parser
initialisation/cleanup. OOM test now works with libxml2 HEAD.
* configure.in: remove the warning about libxml2
* dbus/dbus-bus.c: silence doxygen warning.
SELinux support from Matthew Rickard <mjricka@epoch.ncsc.mil>
* bus/selinux.c, bus/selinux.h: new file encapsulating selinux
functionality
* configure.in: add --enable-selinux
* bus/policy.c (bus_policy_merge): add FIXME to a comment
* bus/main.c (main): initialize and shut down selinux
* bus/connection.c: store SELinux ID on each connection, to avoid
repeated getting of the string context and converting it into
an ID
* bus/bus.c (bus_context_get_policy): new accessor, though it
isn't used
(bus_context_check_security_policy): check whether the security
context of sender connection can send to the security context of
recipient connection
* bus/config-parser.c: add parsing for <selinux> and <associate>
* dbus/dbus-transport.c (_dbus_transport_get_unix_fd): to
implement dbus_connection_get_unix_fd()
* dbus/dbus-connection.c (dbus_connection_get_unix_fd): new
function, used by the selinux stuff
* bus/config-parser.c (process_test_valid_subdir): temporarily
stop testing config parser OOM handling, since expat has issues
http://freedesktop.org/pipermail/dbus/2004-May/001153.html
* bus/dbus-daemon-1.1.in: change requested_reply to
send_requested_reply/receive_requested_reply so we can send the
replies, not just receive them.
* bus/config-parser.c: parse the new
send_requested_reply/receive_requested_reply
* bus/policy.c (bus_client_policy_check_can_send): add
requested_reply argument and use it
* bus/bus.c (bus_context_check_security_policy): pass through
requested_reply status to message send check
* bus/system.conf.in: adapt to requested_reply change
* bus/config-parser.c (struct BusConfigParser): Added
included_files field.
(seen_include): Added. Checks whether or not a file has already
been included by any parent BusConfigParser.
(bus_config_parser_new): Copy the parent's included_files.
(include_file): Track which files have been included, and fail on
circular inclusions.
(process_test_valid_subdir): Changed printf to report if we are
testing valid or invalid conf files.
(all_are_equiv): Changed printf to be a bit clearer about
what we are actually doing.
(bus_config_parser_test): Test invalid configuration files.
* bus/config-parser.c (bus_config_parser_new): Added a 'parent'
argument. If non-null, the newly-constructed BusConfigParser will
be initialized with the parent's BusLimits instead of the default
values.
(include_file): When including a config file, pass in
the current parser as the parent and then copy the BusLimits
from the included BusConfigParser pack to the current parser.
(process_test_valid_subdir): Renamed from process_test_subdir.
(process_test_equiv_subdir): Added. Walks through a directory,
descending into each subdirectory and loading the config files
it finds there. If any subdirectory contains two config files
that don't produce identical BusConfigParser structs, fail.
For now, the BusConfigParser's BusPolicies are not compared.
(bus_config_parser_test): Call both process_test_valid_subdir and
process_test_equiv_subdir.
* bus/config-loader-libxml.c (bus_config_load): Take a parent
argument and pass it along to the call to bus_config_parser_new.
Also made a few small changes to allow this code to compile.
* bus/config-loader-expat.c (bus_config_load): Take a parent
argument and pass it along to the call to bus_config_parser_new.
* bus/bus.c (bus_context_new): Load the config file
with a NULL parent argument.
* bus/bus.c (bus_context_check_security_policy): revamp this to
work more sanely with new policy-based requested reply setup
* bus/connection.c (bus_transaction_send_from_driver): set bus
driver messages as no reply
* bus/policy.c (bus_client_policy_check_can_receive): handle a
requested_reply attribute on allow/deny rules
* bus/system.conf: add <allow requested_reply="true"/>
* bus/driver.c (bus_driver_handle_message): fix check for replies
sent to the bus driver, which was backward. How did this ever work
at all though? I think I'm missing something.
* dbus/dbus-message.c (decode_header_data): require error and
method return messages to have a reply serial field to be valid
(_dbus_message_loader_queue_messages): break up this function;
validate that reply serial and plain serial are nonzero;
clean up the OOM/error handling.
(get_uint_field): don't return -1 from this
(dbus_message_create_header): fix signed/unsigned bug
* bus/connection.c (bus_connections_expect_reply): save serial of
the incoming message, not reply serial
* bus/connection.c: implement pending reply tracking using
BusExpireList
* bus/bus.c (bus_context_check_security_policy): verify that a
reply is pending in order to allow a reply to be sent. Deny
messages of unknown type.
* bus/dbus-daemon-1.1.in: update to mention new resource limits
* bus/bus.c (bus_context_get_max_replies_per_connection): new
(bus_context_get_reply_timeout): new
Make matching rules theoretically work (add parser).
* bus/bus.c (bus_context_check_security_policy): fix up to handle
the case where destination is explicitly specified as bus driver
and someone else is eavesdropping.
* bus/policy.c (bus_client_policy_check_can_receive): fix up
definition of eavesdropping and assertion
* tools/dbus-send.c (main): use dbus_message_type_from_string
* bus/signals.c (bus_match_rule_parse): implement
* dbus/dbus-message.c (dbus_message_type_from_string): new
* dbus/dbus-errors.h (DBUS_ERROR_MATCH_RULE_INVALID): add
Get matching rules mostly working in the bus; only actually
parsing the rule text remains. However, the client side of
"signal connections" hasn't been started, this patch is only the
bus side.
* dbus/dispatch.c: fix for the matching rules changes
* bus/driver.c (bus_driver_handle_remove_match)
(bus_driver_handle_add_match): send an ack reply from these
method calls
* glib/dbus-gproxy.c (dbus_gproxy_begin_call): fix order of
arguments, reported by Seth Nickell
* bus/config-parser.c (append_rule_from_element): support
eavesdrop=true|false attribute on policies so match rules
can be prevented from snooping on the system bus.
* bus/dbus-daemon-1.1.in: consistently use terminology "sender"
and "destination" in attribute names; fix some docs bugs;
add eavesdrop=true|false attribute
* bus/driver.c (bus_driver_handle_add_match)
(bus_driver_handle_remove_match): handle AddMatch, RemoveMatch
messages
* dbus/dbus-protocol.h (DBUS_SERVICE_ORG_FREEDESKTOP_BROADCAST): get
rid of broadcast service concept, signals are just always broadcast
* bus/signals.c, bus/dispatch.c, bus/connection.c, bus/bus.c:
mostly implement matching rules stuff (currently only exposed as signal
connections)
* doc/dbus-specification.sgml: partial updates
* bus/dbus-daemon-1.1.in: fix the config file docs for the
zillionth time; hopefully I edited the right file this time.
* bus/config-parser.c (append_rule_from_element): support
send_type, send_path, receive_type, receive_path
* bus/policy.c: add message type and path to the list of things
that can be "firewalled"
This doesn't compile yet, but syncing up so I can hack on it from
work. What are branches for if not broken code? ;-)
* dbus/dbus-protocol.h: remove DBUS_HEADER_FIELD_NAME, add
DBUS_HEADER_FIELD_INTERFACE, DBUS_HEADER_FIELD_MEMBER,
DBUS_HEADER_FIELD_ERROR_NAME
* dbus/dbus-hash.c: Introduce DBUS_HASH_TWO_STRINGS as hack to use
for the interface+member pairs
(string_hash): change to use g_str_hash algorithm
(find_direct_function, find_string_function): refactor these to
share most code.
* dbus/dbus-message.c: port all of this over to support
interface/member fields instead of name field
* dbus/dbus-object-registry.c: port over
* dbus/dbus-string.c (_dbus_string_validate_interface): rename
from _dbus_string_validate_name
* bus/dbus-daemon-1.1: change file format for the
<deny>/<allow> stuff to match new message naming scheme
* bus/policy.c: port over
* bus/config-parser.c: parse new format
* bus/config-parser.c (merge_included): merge in policies from
child configuration file.
* bus/policy.c (bus_policy_merge): function to merge two policies
together
* configure.in: 0.10
* NEWS: update
* bus/system.conf.in: add <includedir>system.d</includedir>
* dbus/dbus-userdb.c (_dbus_user_database_lookup): fix bug when
username was provided but not uid
* bus/config-parser.c (struct BusConfigParser): keep track of
whether the parser is toplevel or was included; change some
of the error handling if it's included.
Unbreak my code...
* dbus/dbus-transport.c (_dbus_transport_get_dispatch_status):
report correct status if we finish processing authentication
inside this function.
* bus/activation.c (try_send_activation_failure): use
bus_transaction_send_error_reply
* bus/connection.c (bus_connection_get_groups): return an error
explaining the problem
* bus/bus.c (bus_context_check_security_policy): implement
restriction here that inactive connections can only send the
hello message. Also, allow bus driver to send anything to
any recipient.
* bus/connection.c (bus_connection_complete): create the
BusClientPolicy here instead of on-demand.
(bus_connection_get_policy): don't return an error
* dbus/dbus-message.c (dbus_message_new_error_reply): allow NULL
sender field in message being replied to
* bus/bus.c (bus_context_check_security_policy): fix silly typo
causing it to return FALSE always
* bus/policy.c (bus_client_policy_check_can_send): fix bug where
we checked sender rather than destination
test suite is slightly hosed at the moment, will fix soon
* bus/connection.c (bus_connections_expire_incomplete): fix to
properly disable the timeout when required
(bus_connection_set_name): check whether we can remove incomplete
connections timeout after we complete each connection.
* dbus/dbus-mainloop.c (check_timeout): fix this up a bit,
probably still broken.
* bus/services.c (bus_registry_acquire_service): implement max
number of services owned, and honor allow/deny rules on which
services a connection can own.
* bus/connection.c (bus_connection_get_policy): report errors here
* bus/activation.c: implement limit on number of pending
activations
* test/data/valid-config-files/basic.conf: add <limit> tags to
this test
* bus/config-parser.h, bus/config-parser.c, bus/bus.c: Implement
<limit> tag in configuration file.
* dbus/dbus-mainloop.c: fix some reentrancy issues by refcounting
callbacks
* test/data/valid-config-files/debug-allow-all.conf.in: allow all
users
* dbus/dbus-transport.c (_dbus_transport_get_dispatch_status):
fix to only recover unused bytes if we're already authenticated
(_dbus_transport_get_is_authenticated): fix to still mark us
authenticated if there are unused bytes.
* bus/dispatch.c: implement security policy checking
* bus/connection.c (bus_transaction_send_from_driver): new
* bus/bus.c (bus_context_check_security_policy): new
* bus/dispatch.c (send_service_nonexistent_error): delete this,
now we just set the DBusError and it gets converted to an error
reply.
* bus/connection.c (allow_user_function): enable code using actual
data from the config file
* bus/policy.c (list_allows_user): handle wildcard rules for
user/group connection perms
