Those structs are for DBusTransport internal use, they should not be
referenced outside it.
The transport needs only to allocate memory on initialization and free
it on finalization.
The lifecycle for the two allocated structs is DBusTransport lifecycle
and at DBusTransport's finalization its connection is already
disconnected.
The assumption is that the transport owns a reference for any object the
two structs holds a reference for (particularly DBusConnection)
Bug: http://bugs.freedesktop.org/show_bug.cgi?id=39720
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Now that authorization is in SASL mechs, enable anonymous authorizations
when we are testing anonymous mechs functionality
Bug: http://bugs.freedesktop.org/show_bug.cgi?id=39720
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Also update the authentication script so that DBusAuthorization default
rules are used during testing.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39720
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
In order to authorize/reject a connection in a polite way, instead of
cutting it off after authentication succeed and Hello() is
sent, because authorization failed, we need to factor out some
authorization bits from DBusTransport and pass them to DBusAuth.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39720
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Historically, _dbus_transport_get_is_authenticated() has had the
side-effect of trying to advance the authentication state machine (if
there's enough buffered input to do so). This seems an inappropriate
activity for what looks like a simple getter.
Split it into _dbus_transport_try_to_authenticate (which does what it
always used to do) and _dbus_transport_peek_is_authenticated (which
is the simple getter version).
To minimize the difference in behaviour for the stable branch of D-Bus,
I've only used _dbus_transport_peek_is_authenticated where it was used
in an assertion, which should clearly not have side effects (and I've
checked that the asserting function cannot be called until both
authentication and authorization have completed). Replacing most of the
calls to get_is_authenticated with try_to_authenticate is a possible
piece of future work.
Based on patches from Cosimo Alfarano, who noticed this
assertion-with-side-effects.
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
https://bugs.freedesktop.org/show_bug.cgi?id=39720
Reviewed-by: Cosimo Alfarano <cosimo.alfarano@collabora.com>
It's currently not used, but it's safer to unset it and free user's
data for avoiding future head-aches
https://bugs.freedesktop.org/show_bug.cgi?id=39720
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
There are two errors in the sample service file.
First, a typo, Names should be Name.
Second, can not specify multiple names.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=66481
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
These are only part of the DBus interface because dbus-daemon didn't
previously support multiple interfaces. I don't know enough about
either of these security frameworks to know what they return, but
perhaps one day someone who knows about Solaris or SELinux will tell
us...
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=54445
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
The initial set of credentials is just UnixUserID and ProcessID.
The rest can follow when someone is sufficiently interested to actually
test them.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=54445
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
[rename a function that Ralf found unclear -smcv]
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
On wine (tested with 1.5.6) the mentioned function could not be located in
iphlpapi.dll using LoadLibrary()/GetProcAddress(), which is the prefered
method to get a tcp peer pid on WinXP <= SP2.
To workaround this limitation we use GetExtendedTcpTable() first to get the peer pid.
If this fails (which happens at least on real WinXP SP2) we then use
AllocateAndGetTcpExTableFromStack() to get the pid.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=66060
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
This patch makes sure, that the process id is fetched only from localhost
client address connections fetched from the tcp table.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=66060
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
This test was failing on s390; though it could fail
on other platforms too. Basically we need to be sure
we're passing at least word-aligned buffers to the
demarshalling code. malloc() will do that for us.
https://bugs.freedesktop.org/show_bug.cgi?id=67279
This test was failing on s390; though it could fail
on other platforms too. Basically we need to be sure
we're passing at least word-aligned buffers to the
demarshalling code. malloc() will do that for us.
https://bugs.freedesktop.org/show_bug.cgi?id=67279
This caused build failures on FreeBSD. Defining _POSIX_C_SOURCE to
a particular version will disable common non-POSIX extensions like
PF_UNIX, and on some systems will also disable features of later
POSIX versions, like IPv6. If we don't ask for a specific version,
we'll get some sort of sensible default.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=66257
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
[made the commit message more concise -smcv]
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
If a byte in DBusString *unescaped isn't a ascii byte, which will be
cast to char (signed char on most of platform), so that's the issue
unsigned char cast to signed char. e.g. "\303\266" is a valid unicode
character, if everything goes right, it will be escaped to "%c3%b6".
However, in fact, it escaped to "%<garbage-byte>3%<garbage-byte>6".
_dbus_string_append_byte_as_hex() take an int parameter, so negative
byte is valid, but cause get a negative index in array. So garbage value
will get. e.g. '\303' --> hexdigits[((signed byte)(-61)) >> 4] is
hexdigits[-4].
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=53499
Sgne-off-by: Chengwei Yang <chengwei.yang@intel.com>
[fixed whitespace -smcv]
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
