cmake provides a macro named GnuInstallDirs to let install locations
be compatible with GNU's install location layout on several plattforms.
Using that layout makes cmake installs be more compatible to what
autotools use and also supports 32 and 64 bit installations out of the box.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99721
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
This includes fixing a memory leak in _dbus_hash_iter_lookup(), which is
not one of the unit tests; but it is only ever called from the unit
tests, so this is not a user-facing leak.
Coverity IDs: 54730, 54740
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99793
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
This is a fairly pointless feature to add, since the current behaviour
was to abort due to a NULL pointer dereference shortly after the OOM
failure. At least now people will get a helpful error message when they
try to use dbus-send on a machine with incurable memory pressure.
Coverity ID: 54710
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99759
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
I am increasingly of the opinion that this is a gigantic waste of time.
But at least Coverity will be happy.
Coverity IDs: 60585, 60586
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99724
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
This is mostly pointless, but will shut Coverity up.
Coverity ID: 54718
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99724
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
This should shut up Coverity from complaining about not checking the
return value of dbus_set_error_from_message(), which is equivalent to
the (type == DBUS_MESSAGE_TYPE_ERROR) check.
Coverity ID: 54697
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99723
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
This is mostly pointless, but should shut Coverity up.
Coverity ID: 54693
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99722
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
As a hash table becomes unbelievably large and full, the down_shift
tends towards 0. The overflow detection code in rebuild_table() does not
prevent down_shift becoming negative, which then causes undefined
behaviour in RANDOM_INDEX for int-keyed tables.
Note that this can only happen with approaching INT_MAX entries in the
hash table, at which point we’ve almost certainly hit OOM somewhere, so
this is vanishingly unlikely to happen. This is why I can’t add a test
for the bug.
As always, thanks to Coverity.
Coverity ID: 54682
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99641
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
This will shut Coverity up. All the paths are checks on the return value
from dbus_message_set_destination().
Coverity IDs: 54822, 54823, 54824, 54825
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99712
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Also take the opportunity to tweak the test-threads-init messages
slightly to make it more TAP-compliant. It is not entirely TAP compliant
because it doesn’t print a test plan before starting its tests.
Coverity IDs: 54701, 54714, 54726
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99694
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Check that at most one argument which sets the payload is provided, so
the allocated payload is not overwritten and leaked.
Coverity ID: 54759
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99693
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
check_parse() can return NULL on OOM, which we might as well handle
gracefully in the tests with an assertion, rather than an explosion. At
least it will shut Coverity up.
Coverity ID: 54724
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99643
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
context is definitely non-NULL at this point, and has been dereferenced
already on all paths leading to it.
Coverity ID: 141062
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99642
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
This adds a "sysusers.d" snippet for creating the system user "dbus" at
boot, if it is missing, in order to support stateless systems that boot
up with an empty /etc and need static information for determining which
system users to create.
This is only installed on systemd-based systems.
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99162
Using expanded paths make no sense in install commands because they
may be patched by cmake for example by specifying DESTDIR on install.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99752
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Previously, executables like dbus-daemon were installed to
the lib subdirectory, but this was unintended. RUNTIME DESTINATION
is the equivalent of Autotools ${bindir}.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99752
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
On Windows, dbus can be configured to send DBUS_VERBOSE messages
to the Windows debug port instead of stderr. If we're in that
configuration, we already avoided printing thread information to
stderr before each verbose message; do the same for timestamps.
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99749
Previously, all implemented mechanisms were included, even if the
sysadmin had configured them not to be allowed.
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99621
With recent code starting dbus-daemon with an unsupported auth mechanism
let dbus-daemon silently ignore this issue. Clients connecting to this
server fails to connect without any descriptive explanation of the
root cause, only the message 'Rejected client connection due to lack
of memory' error is reported in dbus-daemon verbose log, which is disabled
in production environments.
With this patch dbus-daemon checks the supported auth mechanisms on startup
and shuts down with a descriptive error message, which gives admins an
immediate feedback on service startup/restart.
Signed-off-by: Ralf Habacker <ralf.habacker@freenet.de>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99622
This is almost certainly not going to make a difference, as it’s on the
OOM handling path; but the fewer leaks the better.
Coverity ID: 141058
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99612
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
systemd-logind's OpenSession() API call returns a fd. If there is a
flood of new sessions, it is possible that by the time we finish reading
message 1, message 2 will already be in our incoming buffer and so on.
This results in systemd-logind consistently having one or more fds enqueued
for an extended period, which we interpret as a denial of service
attack, and handle by kicking it off the bus (at least until we worked
around the resulting logind failure by making uid 0 immune to that
particular anti-DoS mechanism, but that workaround doesn't work for
other uids).
To avoid this without the complexity of tracking multiple countdowns
per connection (one for each message with fds), we can avoid reading
any additional messages while we already have a message with a fd
attached pending processing. To avoid stalling, we have to read the rest
of any partial message we might have, but we stop after that.
Assuming we are able to get rid of the pending fds within a reasonable
time, we'll eventually drain the incoming queue to a level of 0 bytes
and 0 fds, at which point the countdown stops.
To make this actually work, we need fd.o #95619 to be fixed first, so
that when we receive more fds and restart the countdown, it restarts
with its correct time remaining.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=95263
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Tested-by: Kai-Heng Feng
The code counting pending fds relied on restart of timeouts when they are
enabled. This patch adds function that ensures that such enabled timeouts
have their timekeeping data reset (and not only when timeout is
registered into event loop processing).
When timeouts weren't reset, they'd fire at rather random and mainly
incorrect moments leading to interruption of connections of dbus-daemon.
Every time we reset the interval, we also need to re-enable the timeout
and mark its end time to be recalculated by the event loop, so combine
the old set_enabled(TRUE) with set_interval() as a new restart() method.
This leaves all the set_enabled() calls having a FALSE parameter, so
remove the parameter and rename the method to disable().
[smcv: fix minor coding style issues]
[smcv: replace set_reenabled()/set_interval() pair with restart()]
[smcv: replace set_enabled(FALSE) with disable()]
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=95619
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
This quiets -Wswitch-enum warnings. The trivial config parser
is used by the setuid activation helper, and only handles the
elements whose contents influence the operation of that helper:
system service directories, the setuid activation helper itself,
the bus uid, and the bus type.
[smcv: split out from a larger commit; add justification; move
ELEMENT_SERVICEDIR start handler to a functionally equivalent list
of elements whose content we are going to process later]
Reviewed-by: Simon McVittie <smcv@debian.org>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98191
This is clearly equivalent, and quiets -Wswitch-default.
Based on part of a patch by Thomas Zimmermann.
Signed-off-by: Simon McVittie <smcv@debian.org>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98191
This was doing no harm (clearing an already-cleared list is a no-op),
but it was also pointless.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99435
