Extend the current security logs with even more relevant
information than just the message content. This requires
some utility code to look up and cache (as a string)
the data such as the uid/pid/command when a connection is
authenticated.
* bus/policy.c (bus_policy_create_client_policy): gracefully
continue if the connection has no unix user - just don't apply
any unix user dependent rules.
* bus/config-parser.c: remove dbus-userdb.h usage
* bus/bus.c: remove dbus-userdb.h usage
* dbus/dbus-transport.c (_dbus_transport_get_is_authenticated):
support Windows user function; also, fix the logic for checking
auth as root in the default auth code (broken in the previous
commit)
* dbus/dbus-connection.c
(dbus_connection_set_windows_user_function): new function
(dbus_connection_get_windows_user): new function
SELinux support from Matthew Rickard <mjricka@epoch.ncsc.mil>
* bus/selinux.c, bus/selinux.h: new file encapsulating selinux
functionality
* configure.in: add --enable-selinux
* bus/policy.c (bus_policy_merge): add FIXME to a comment
* bus/main.c (main): initialize and shut down selinux
* bus/connection.c: store SELinux ID on each connection, to avoid
repeated getting of the string context and converting it into
an ID
* bus/bus.c (bus_context_get_policy): new accessor, though it
isn't used
(bus_context_check_security_policy): check whether the security
context of sender connection can send to the security context of
recipient connection
* bus/config-parser.c: add parsing for <selinux> and <associate>
* dbus/dbus-transport.c (_dbus_transport_get_unix_fd): to
implement dbus_connection_get_unix_fd()
* dbus/dbus-connection.c (dbus_connection_get_unix_fd): new
function, used by the selinux stuff
* bus/connection.c: implement pending reply tracking using
BusExpireList
* bus/bus.c (bus_context_check_security_policy): verify that a
reply is pending in order to allow a reply to be sent. Deny
messages of unknown type.
* bus/dbus-daemon-1.1.in: update to mention new resource limits
* bus/bus.c (bus_context_get_max_replies_per_connection): new
(bus_context_get_reply_timeout): new
Get matching rules mostly working in the bus; only actually
parsing the rule text remains. However, the client side of
"signal connections" hasn't been started, this patch is only the
bus side.
* dbus/dispatch.c: fix for the matching rules changes
* bus/driver.c (bus_driver_handle_remove_match)
(bus_driver_handle_add_match): send an ack reply from these
method calls
* glib/dbus-gproxy.c (dbus_gproxy_begin_call): fix order of
arguments, reported by Seth Nickell
* bus/config-parser.c (append_rule_from_element): support
eavesdrop=true|false attribute on policies so match rules
can be prevented from snooping on the system bus.
* bus/dbus-daemon-1.1.in: consistently use terminology "sender"
and "destination" in attribute names; fix some docs bugs;
add eavesdrop=true|false attribute
* bus/driver.c (bus_driver_handle_add_match)
(bus_driver_handle_remove_match): handle AddMatch, RemoveMatch
messages
* dbus/dbus-protocol.h (DBUS_SERVICE_ORG_FREEDESKTOP_BROADCAST): get
rid of broadcast service concept, signals are just always broadcast
* bus/signals.c, bus/dispatch.c, bus/connection.c, bus/bus.c:
mostly implement matching rules stuff (currently only exposed as signal
connections)
Unbreak my code...
* dbus/dbus-transport.c (_dbus_transport_get_dispatch_status):
report correct status if we finish processing authentication
inside this function.
* bus/activation.c (try_send_activation_failure): use
bus_transaction_send_error_reply
* bus/connection.c (bus_connection_get_groups): return an error
explaining the problem
* bus/bus.c (bus_context_check_security_policy): implement
restriction here that inactive connections can only send the
hello message. Also, allow bus driver to send anything to
any recipient.
* bus/connection.c (bus_connection_complete): create the
BusClientPolicy here instead of on-demand.
(bus_connection_get_policy): don't return an error
* dbus/dbus-message.c (dbus_message_new_error_reply): allow NULL
sender field in message being replied to
* bus/bus.c (bus_context_check_security_policy): fix silly typo
causing it to return FALSE always
* bus/policy.c (bus_client_policy_check_can_send): fix bug where
we checked sender rather than destination
test suite is slightly hosed at the moment, will fix soon
* bus/connection.c (bus_connections_expire_incomplete): fix to
properly disable the timeout when required
(bus_connection_set_name): check whether we can remove incomplete
connections timeout after we complete each connection.
* dbus/dbus-mainloop.c (check_timeout): fix this up a bit,
probably still broken.
* bus/services.c (bus_registry_acquire_service): implement max
number of services owned, and honor allow/deny rules on which
services a connection can own.
* bus/connection.c (bus_connection_get_policy): report errors here
* bus/activation.c: implement limit on number of pending
activations
* bus/dispatch.c: somehow missed some name_is
* dbus/dbus-timeout.c (_dbus_timeout_set_enabled)
(_dbus_timeout_set_interval): new
* bus/connection.c (bus_connections_setup_connection): record time
when each connection is first set up, and expire them after the
auth timeout passes.
* bus/driver.c (bus_driver_handle_hello): check limits and
return an error if they are exceeded.
* bus/connection.c: maintain separate lists of active and inactive
connections, and a count of each. Maintain count of completed
connections per user. Implement code to check connection limits.
* dbus/dbus-list.c (_dbus_list_unlink): export
* bus/bus.c (bus_context_check_security_policy): enforce a maximum
number of bytes in the message queue for a connection
* bus/bus.c: create and keep around a shared DBusUserDatabase
object.
* bus/connection.c (bus_connection_get_groups): don't cache
groups for user in the connection object, since user database
object now does that.
* dbus/dbus-mainloop.c: fix some reentrancy issues by refcounting
callbacks
* test/data/valid-config-files/debug-allow-all.conf.in: allow all
users
* dbus/dbus-transport.c (_dbus_transport_get_dispatch_status):
fix to only recover unused bytes if we're already authenticated
(_dbus_transport_get_is_authenticated): fix to still mark us
authenticated if there are unused bytes.
* bus/dispatch.c: implement security policy checking
* bus/connection.c (bus_transaction_send_from_driver): new
* bus/bus.c (bus_context_check_security_policy): new
* bus/dispatch.c (send_service_nonexistent_error): delete this,
now we just set the DBusError and it gets converted to an error
reply.
* bus/connection.c (allow_user_function): enable code using actual
data from the config file
* bus/policy.c (list_allows_user): handle wildcard rules for
user/group connection perms
* bus/policy.h: change BusPolicy to be the thing from the config
file, and rename old BusPolicy to BusClientPolicy
* bus/bus.c, bus/connection.c, bus/config-parser.c: change to
match change in how policy works
* dbus/dbus-internals.h: mark assert_not_reached as
__attribute((noreturn))__
* dbus/dbus-connection.c (dbus_connection_flush): don't spin on
the connection if it's disconnected
* bus/activation.c (bus_activation_service_created): use new
transaction features to roll back removal of pending activation if
we don't successfully create the service after all. Don't remove
pending activation if the function fails.
* dbus/dbus-list.c (_dbus_list_insert_before_link)
(_dbus_list_insert_after_link): new code to facilitate
services.c fixes
* dbus/dbus-hash.c (_dbus_hash_table_insert_string_preallocated):
new functionality, so we can preallocate the ability to insert
into a hash table.
* bus/connection.c (bus_transaction_add_cancel_hook): new function
allowing us to put custom hooks in a transaction to be used for
cancelling said transaction
* doc/dbus-specification.sgml: add some discussion of secondary
service owners, and disallow zero-length service names
* bus/services.c (bus_registry_acquire_service): new function,
splits out part of bus_driver_handle_acquire_service() and fixes
a bug where we didn't remove the service doing the acquiring
from the secondary queue if we failed to remove the current owner
from the front of the queue.
Throughout: purge global variables, introduce BusActivation,
BusConnections, BusRegistry, etc. objects instead.
* bus/bus.h, bus/bus.c: introduce BusContext as a global
message bus object
* test/Makefile.am (TEST_BINARIES): disable bus-test for now,
going to redo this a bit differently I think
Mega-patch that gets the message bus daemon initially handling
out-of-memory. Work still needed. Also lots of random
moving stuff to DBusError instead of ResultCode.
* dbus/dbus-list.c (_dbus_list_length_is_one): new function
* dbus/dbus-connection.c
(dbus_connection_send_with_reply_and_block): use DBusError
* dbus/dbus-bus.c: adapt to API changes, make it use DBusError not
DBusResultCode
* dbus/dbus-connection.c (dbus_connection_send): drop the result
code here, as the only failure possible is OOM.
* bus/connection.c (bus_connection_disconnect):
rename bus_connection_disconnected as it's a notification only
* bus/driver.c (bus_driver_handle_acquire_service): don't free
"name" on get_args failure, should be done by get_args;
don't disconnect client for bad args, just return an error.
(bus_driver_handle_service_exists): ditto
* bus/services.c (bus_services_list): NULL-terminate returned array
* bus/driver.c (bus_driver_send_service_lost)
(bus_driver_send_service_acquired): send messages from driver to a
specific client to the client's unique name, not to the broadcast
service.
* dbus/dbus-message.c (decode_header_data): reject messages that
contain no name field
(_dbus_message_get_client_serial): rename to
dbus_message_get_serial and make public
(_dbus_message_set_serial): rename from set_client_serial
(_dbus_message_set_reply_serial): make public
(_dbus_message_get_reply_serial): make public
* bus/connection.c (bus_connection_foreach): allow stopping
iteration by returning FALSE from foreach function.
* dbus/dbus-connection.c (dbus_connection_send_preallocated)
(dbus_connection_free_preallocated_send)
(dbus_connection_preallocate_send): new API for sending a message
without possibility of malloc failure.
(dbus_connection_send_message): rename to just
dbus_connection_send (and same for whole function family)
* dbus/dbus-errors.c (dbus_error_free): make this reinit the error
* dbus/dbus-sysdeps.c (_dbus_exit): new function
* bus/activation.c: handle/return errors
* dbus/dbus-errors.h: add more DBUS_ERROR #define
* dbus/dbus-sysdeps.c (_dbus_directory_open) (_dbus_file_get_contents)
(_dbus_directory_get_next_file): use DBusError instead of DBusResultCode
(_dbus_result_from_errno): move to this file
* dbus/dbus-threads.c:
* dbus/dbus-threads.h:
Add condvars. Remove static mutext from API.
Implement static mutexes by initializing them from threads_init.
* glib/dbus-gthread.c:
* qt/dbus-qthread.cpp:
Update with the thread api changes.
* dbus/dbus-list.c:
* dbus/dbus-list.h:
Turn StaticMutex into normal mutex + init function.
Export new functions _dbus_list_alloc_link, _dbus_list_free_link,
_dbus_list_append_link, _dbus_list_prepend_link
* dbus/dbus-sysdeps.c:
* dbus/dbus-sysdeps.h:
New type dbus_atomic_t, and new functions _dbus_atomic_inc,
_dbus_atomic_dec. Only slow fallback implementation at the moment.
* dbus/dbus-protocol.h:
Add DBUS_MESSAGE_LOCAL_DISCONNECT define
* dbus/dbus-message.c:
Make ref/unref atomic.
Fix some docs.
* dbus/dbus-connection-internal.h:
* dbus/dbus-connection.c:
* dbus/dbus-connection.h:
Make threadsafe.
Change _peek to _borrow,_return & _steal_borrowed.
Change disconnect callback to event.
Make dbus_connection_dispatch_messages reentrant.
* dbus/dbus-transport.c:
Don't ref the connection on calls to the transport
implementation.
* dbus/dbus-message-handler.c:
Make threadsafe.
* glib/dbus-gmain.c:
Don't use peek_message anymore
* test/Makefile.am:
* test/debug-thread.c:
* test/debug-thread.h:
Simple thread implementation that asserts() on deadlocks in
single-threaded code.
* test/bus-test.c:
(main) Call debug_threads_init.
* test/watch.c:
Use disconnect message instead of disconnect callback.
* bus/connection.c:
* bus/connection.h:
Don't call dbus_connection_set_disconnect_function. Instead export
bus_connection_disconnect.
* bus/dispatch.c:
Call bus_connection_disconnect when we get a disconnected message.
* bus/connection.c: (bus_connection_foreach):
* bus/connection.h:
Add new bus_connection_foreach function.
* bus/driver.c: (send_one_message), (bus_driver_broadcast_message):
Add function that broadcasts a message to all clients.
(bus_driver_send_service_created), (bus_driver_handle_hello),
(bus_driver_send_welcome_message),
(bus_driver_handle_list_services), (bus_driver_message_handler):
Implement functions that take care of listing services, and notifying
clients when new services are created.
* bus/services.c: (bus_services_list):
* bus/services.h:
Add new function that returns an array of strings with the currently
registered services.
* glib/dbus-glib.h:
* glib/dbus-gmain.c:
Update copyright year.
* bus/Makefile.am:
Add driver.[ch]
* bus/connection.c: (connection_disconnect_handler):
Remove the connection from the bus driver's list.
(connection_watch_callback): Dispatch messages.
(free_connection_data): Free connection name.
(bus_connection_setup): Add connection to the bus driver's list.
(bus_connection_remove_owned_service):
(bus_connection_set_name), (bus_connection_get_name):
Add functions for setting and getting the connection's name.
* bus/connection.h:
Add function headers.
* bus/driver.c: (create_unique_client_name),
(bus_driver_handle_hello_message),
(bus_driver_send_welcome_message), (bus_driver_message_handler),
(bus_driver_add_connection), (bus_driver_remove_connection):
* bus/driver.h:
* bus/main.c:
* bus/services.c: (bus_service_free):
* bus/services.h:
New file that handles communication and registreation with the bus
itself.
* bus/connection.c: implement routines for handling connections,
first thing is keeping a list of owned services on each connection
and setting up watches etc.
* bus/services.c: implement a mapping from service names to lists
of connections
* dbus/dbus-hash.c: add DBUS_HASH_POINTER
* dbus/dbus-threads.c (dbus_static_mutex_lock): add functions
to use static mutexes for global data
* dbus/dbus-connection.c (dbus_connection_set_data): add new
collection of functions to set/get application-specific data
on the DBusConnection.
