FreeBSD 13.1 has been EOL since July 2023, but because there are
apparently no FreeBSD users among the dbus maintainers, nobody noticed.
dbus/dbus#308 is still present in FreeBSD 14.2, so remove the version
check when skipping that particular test.
Signed-off-by: Simon McVittie <smcv@collabora.com>
To achieve comparable results with Meson, the test environment should
provide the same set of environment variables when used in the source
code or the test environment.
Resolves: dbus/dbus#541
Signed-off-by: Ralf Habacker <ralf.habacker@freenet.de>
We no longer have an Autotools build system, but Meson sets the same
environment variables that Autotools used to set. CMake does not, yet,
but ideally should.
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/538
Signed-off-by: Simon McVittie <smcv@collabora.com>
Similar to #256, NSS plugins might open file descriptors the first time
they look up a system group, and leave them open. To avoid detecting
this as a leak, do one group lookup (which we expect to fail) before
starting testing, so that the fd is already open the first time we
call _dbus_check_fdleaks_enter(), and therefore is not considered to
have been leaked in _dbus_check_fdleaks_leave().
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/540
Signed-off-by: Simon McVittie <smcv@collabora.com>
Some distributions are known to have shipped dbus 1.15.x as though it
was a stable release, and it isn't clear whether they knew that we use
the odd/even versioning convention like GLib does.
If we add a -alpha, -beta, -rc suffix to development versions starting
from 1.17.0, then distros that know we use odd/even versioning will
know that our development versions are not a stable-branch, and so will
distros that mistakenly think we use the "semantic versioning"
versioning convention popularized by <https://semver.org/>.
(We intentionally do not use semver, because semver would require us to
ship a new minor version every time we add new API, and we do not have
the resources to provide security support for an unlimited number of
minor versions in parallel: we need to be able to nominate a subset of
our releases as having longer-term security support, in a way that signals
to distros that these are the releases they should prefer to ship.)
CMake's `project()` doesn't allow this version number format[1], but
we intend to use version numbers where the (major, minor, micro) tuple
is enough to uniquely identify a release, so we can just tell CMake our
version number without the suffix and there will be no ambiguity.
Similarly, the dash is not allowed in GNU ld version scripts, so use
the form of the version number without the suffix there.
[1] https://gitlab.kitware.com/cmake/cmake/-/issues/16716
Helps: dbus#530
Signed-off-by: Simon McVittie <smcv@collabora.com>
This hopefully helps to get across the point that enabling these tests
adds instrumentation to libdbus and dbus-daemon, with a potentially
significant impact on code size, performance and security.
To avoid a huge diffstat which would be difficult to review, the cpp
macro that is checked by most of the C code is still
DBUS_ENABLE_EMBEDDED_TESTS, which is defined or undefined under exactly
the same conditions as the new DBUS_ENABLE_INTRUSIVE_TESTS.
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/537
Co-authored-by: Philip Withnall <philip@tecnocode.co.uk>
Signed-off-by: Simon McVittie <smcv@collabora.com>
Solaris does not allow rmdir() to remove the cwd, so chdir() out of
the tempdir before removing it.
Without this fix, misc-internal reported a failure on Solaris 11.4:
not ok 16 - failed to remove test socket directory /tmp/dbus-test-tduvWc
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Other tests have different requirements for fds (and already check for
them), so move this check into the specific test (mirroring what those
other tests already do) instead of blocking the whole test program,
incorrectly using autoconf test return codes instead of TAP protocol,
as discussed in #176.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Many of these tests require more than the default fd limit on some systems,
so raise the limit, if we can, to give them a better chance of being able
to run.
Closes#176
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
If we're building on Unix with the message bus and tools enabled, then
we need to compile dbus-launch before we can expect this test to pass.
Continuation of commit 55e60abe "test: add missing test dependencies".
Signed-off-by: Simon McVittie <smcv@collabora.com>
check_valid_fd() does not touch its second parameter if the fd is not,
in fact, a valid fd. Initialize the "out" parameter to the opposite
of the value we are hoping for, so that both assertions will fail if
there is a problem.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Unlike "bin", "tty" actually means something on modern Linux distros,
and is used by a default udev rule, so it's more likely to exist on
distros than a group that just exists for historical compatibility
with who knows what.
"tty" exists on macOS, Debian, and Fedora (the criteria used for
choosing "bin" in f2905def ("policy tests: Use bin rather than
nogroup, wheel, or root")), but also fixes running the bus test for me
on NixOS, which has "tty" but not "bin".
Closes: https://gitlab.freedesktop.org/dbus/dbus/-/issues/514
Signed-off-by: Alyssa Ross <hi@alyssa.is>
It's a wrapper around snprintf(), so we are not gaining any efficiency
versus _dbus_string_append_printf(), and might as well use the more
general function instead. Doing it this way might even be a little *more*
efficient, since it reduces reallocations; it's certainly more concise.
Signed-off-by: Simon McVittie <smcv@collabora.com>
On 32 bit systems long will overflow in 2038, causing complete breakage.
This is confirmed by running dbus's test suite on a 32 bit system
with system time set to 2040 (and configured to use 64 bit time_t of course).
Note that both timespec and timeval are specified with time_t for the
seconds component. This should propagate everywhere where that data is
passed and stored, but previously _dbus_get_monotonic_time() and
_dbus_get_monotonic_time() would truncate it to long.
Also add a function for parsing dbus_int64_t from
files, as existing functions can only handle long.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Previously, if dbus_connection_get_unix_user() succeeded but
_dbus_unix_groups_from_uid() failed, then bus_connection_get_unix_groups()
would incorrectly fail without setting the error indicator, resulting
in "(null)" being logged, which is rather unhelpful.
This also lets us distinguish between ENOMEM and other errors, such as
the uid not existing in the system's user database.
Fixes: 145fb99b (untitled refactoring commit, 2006-12-12)
Helps: https://gitlab.freedesktop.org/dbus/dbus/-/issues/343
Signed-off-by: Simon McVittie <smcv@collabora.com>
Most of these binary blobs is mechanically derived from the
corresponding .hex file, which is hand-written.
boolean-has-no-value.message-raw is presumably either hand-constructed
or fuzzer-generated: it was committed by a Red Hat employee and never
altered, so I've assumed Red Hat is the copyright holder. Permission
was already granted by Red Hat to relicense their dbus contributions
under the MIT (Expat) license.
Signed-off-by: Simon McVittie <smcv@collabora.com>
The new socket option SO_PEERPIDFD allows to pin the process on the
other side of the socket by file descriptor, which closes a race
condition where a PID can be reused before we can pin it manually.
Available since Linux v6.5.
When storing credentials, pin the process by FD from the PID.
When querying the PID, if the PID FD is available, resolve
it from there first if possible.
Ensure the DBusCredentials object only returns the PID FD if it was
obtained by this call, so that we know for sure we can rely on it
being safe against PID reuse attacks.
Signed-off-by: Luca Boccassi <bluca@debian.org>
The exact failure mode reported in dbus/dbus#457 is quite difficult
to achieve in a reliable way in a unit test, because we'd have to send
enough messages to a client to fill up its queue, then stop that client
from draining its queue, while still triggering a message that gets a
reply from the bus driver. However, we can trigger the same crash in a
slightly different way by not allowing the client to receive a
particular message. I chose NameAcquired.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Test it's possible to consume libdbus as a subproject.
Suggested-by: Simon McVittie <smcv@collabora.com>
Signed-off-by: Daniel Wagner <dwagner@suse.de>
To make the consume libdbus via Meson's subproject use case more useful,
introduce message_bus and tools command line options which control if
the D-Bus daemon and/or the tools are build. The idea here is that
depending projects are interested only in the library.
The strong recommendation is only to build libdbus as static library:
libdbus_dep = dependency(
'dbus-1',
required: get_option('libdbus'),
fallback: ['dbus', 'libdbus_dep'],
default_options: [
'default_library=static',
'embedded_tests=false',
'message_bus=false',
'modular_tests=disabled',
'tools=false',
],
)
This ensures that any installed D-Bus infrastructure on the target
system is not overwritten.
Signed-off-by: Daniel Wagner <dwagner@suse.de>
The full license texts are not added because they were already
added in a previous commit.
Signed-off-by: Ralf Habacker <ralf.habacker@freenet.de>
see #394
After 6e48c317 the test-apparmor-activation test fails as it can no
longer access the dbus socket in /tmp. This commit updates the apparmor
profile used within the test
In some more complicated loops, we do need to use 'goto' to exit from
an inner loop, or to jump to cleanup or an increment of an iterator
immediately before the next loop iteration. However, in these simple
cases, jumping to a label immediately before the 'while' keyword is
unnecessary: we can use an equivalent 'continue' statement for flow
control.
This makes it easier for maintainers to notice the loops where we are
doing something more complicated, which still use 'goto', and know
that they need to pay more attention in those cases.
Signed-off-by: Simon McVittie <smcv@collabora.com>
The TCL-derived code is under its own license, so the overall license
of the file is (AFL-2.1 OR GPL-2.0-or-later) AND TCL.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Red Hat have previously given permission for relicensing, and all
subsequent contributions to this file were trivial.
Signed-off-by: Simon McVittie <smcv@collabora.com>
With permission from Philip Withnall on behalf of Endless, me on behalf
of Collabora, and relying on previous permission from Red Hat
representatives.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This was contributed by Ralf Habacker and later edited by me, with a
trivial change from Thomas Zimmermann which I don't think affects its
copyright.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This was contributed by Ralf Habacker, with a trivial change from
Philip Withnall which I don't think affects its copyright.
Signed-off-by: Simon McVittie <smcv@collabora.com>
All significant contributions to this file were from companies or
individuals that gave permission for relicensing to MIT (I have assumed
that trivial changes from Marcus Brinkmann and Kjartan Maraas were too
small to affect copyright status).
Signed-off-by: Simon McVittie <smcv@collabora.com>
All significant contributions to this file were from companies that gave
permission for relicensing to MIT (I have assumed that trivial changes
from Marcus Brinkmann and Ralf Habacker were too small to affect
copyright status).
Signed-off-by: Simon McVittie <smcv@collabora.com>
The license for this file was never stated, but all contributions to it
have been from Red Hat or Collabora, and representatives of both
companies gave permission for MIT relicensing in 2007.
Signed-off-by: Simon McVittie <smcv@collabora.com>
dbus_message_unref() is in principle able to handle a NULL parameter, but
causes the program to abort when `fatal_warnings_on_check_failed` is set.
Therefore the call with a NULL parameter is avoided from now on.
Fixes#422
This seems to have been intended to give a more specific error message
if the method call failed, but it will not have been effective, because
dbus_connection_send_with_reply_and_block() ends with a check for ERROR
messages using dbus_set_error_from_message(). This means that if the
reply was an ERROR message, it will already have been converted into a
DBusError by the time call_method() regains control.
Signed-off-by: Simon McVittie <smcv@collabora.com>
An unrelated branch failed CI with this assertion failure:
26: dbus[6768]: error: arguments to dbus_set_error() were incorrect,
assertion "(error) == NULL || !dbus_error_is_set ((error))" failed in
file ...\dbus-errors.c line 365.
Looking at the test, this seems to be the most likely candidate for
this bug in error handling, which is masking whatever the real cause
for the failure was (we can't tell from here). If
dbus_connection_send_with_reply_and_block() returns NULL, then it should
already have set the error.
Fixing this bug in the error handling will hopefully give us a better
error message for the actual failure if it happens again.
Signed-off-by: Simon McVittie <smcv@collabora.com>
