This test-case is actually in the test for monitoring the bus,
because it's easier to see what's going on there - the error reply
to a rejected broadcast is not visible unless you are monitoring.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Reviewed-by: Thiago Macieira <thiago@kde.org>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92853
To do this, we have to use the <standard_session_servicedirs/>.
A previous commit ensured that those don't provide any service files
we don't expect.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99825
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Don't just exercise _dbus_get_standard_session_servicedirs(), but
also its integration into the BusConfigParser.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99825
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
We were not actually doing what was intended (flooding the bus with
10k or 100k messages for the other side) because the bus was limiting
the sender to 128 parallel method calls.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=86442
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Previously, we didn't consistently test parsing of every file in
valid-config-files-system/ everywhere that we tested valid-config-files/.
We now test it on Unix.
The system bus is not supported on Windows, so we do not test
valid-config-files-system/ there.
valid-config-files/many-rules.conf contains <user> and <group> rules
which are not applicable to Windows. Copy the original many-rules.conf
to valid-config-files-system/ so that it will be tested on Unix, and
remove the non-portable rules from valid-config-files/many-rules.conf.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92721
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
[rh:base patch came from Simon]
This includes most of the situations I could think of:
* method call on dbus-daemon and response
* NameOwnerChanged
* NameAcquired, NameLost (although I'm not 100% sure these should
get captured, since they're redundant with NameOwnerChanged)
* unicast message is allowed through
* unicast message is rejected by no-sending or no-receiving policy
* broadcast is allowed through
* broadcast is rejected by no-sending policy (the error reply
is also captured)
* broadcast is rejected by no-receiving policy (there is no error
reply)
* message causing service activation, and the message telling systemd
to do the actual activation
* systemd reporting that activation failed
It does not cover:
* sending a message to dbus-daemon, then provoking a reply, then
dbus-daemon does not allow itself to send the reply due to its
own security policy
This is such an obscure corner case that I'm not even convinced it's
testable without dropping down into lower-level socket manipulation:
dbus-daemon's replies are always assumed to be requested replies,
and replies contain so little other metadata that I think we can
only forbid them by forbidding all method replies. If we do that,
the reply to Hello() won't arrive and the client-side connection will
not become active.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=46787
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
As an implementation detail, dbus-daemon handles this situation by
artificially triggering a timeout (even if its configured timeout for
method calls is in fact infinite). However, using the same debug message
for both is misleading, and can lead people who are debugging a service
crash to blame dbus-daemon instead, wasting their time.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=76112
In Unix, the tests listened on both debug-pipe (which is a socketpair,
or a TCP emulation of socketpair on Windows) and a Unix socket.
In the Windows port, the tests were hard-coded to listen on a particular
port, which allowed the dispatch test to connect to that port, as long
as no two tests ran simultaneously (which I don't think was ever guaranteed -
make -j can violate this). That's valid out-of-process, and also
fully-specified, so they only needed one <listen> directive, so the
CMake input only had one.
To make the tests work under CMake on Unix, there was a hack: the string
substituted for the content of the <listen> directive contained
</listen><listen> to get the other address in, which is pretty nasty.
Instead of doing that, I've made both build systems, on both Unix and
Windows, use both debug-pipe and a more normal transport (Unix or TCP).
debug-pipe has a Windows implementation and it's used in
dbus-spawn-win.c, so it'd better work. The use of debug-pipe is now
hard-coded rather than being a configure parameter (there's no reason
to vary it in different builds), and I used TEST_LISTEN as the name of the
Unix/TCP address, because it's a "vague" address (no specific Unix path, no
TCP port), that you can listen on but not connect to.
This in turn means that we can merge the Autoconf .in and CMake .cmake
files, similar to Bug #41033.
You might wonder why I've kept debug-pipe. I did try to get rid of it, but
it turns out that the tests in dispatch.c rely on
dbus_connection_open_private() not blocking, and normal socket
connections block on connect(). Until we fix that by adding an async
version of dbus_connection_open_private(), it won't be safe to have a
test like dispatch.c that "talks to itself", unless it uses a transport
as trivial as debug-pipe in which neither end has to block on the other.
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=41222
The number of messages is arbitrary; the more messages, the more likely
the crash is. 2000 messages seem to cause it reliably on this laptop,
but I've set it to 10000 to be safe.
Reviewed-by: Colin Walters <walters@verbum.org>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=34393
The excellently-titled commit 197bef8 “Fix test failures on OSX.” broke
the tests on Linux, since there's no wheel group on this side of the
tracks. So here's a group everyone should enjoy.
(If anyone comes along and tells me that DragonflyBSD doesn't have
'nogroup' …)
2007-09-13 Ryan Lortie <desrt@desrt.ca>
migrate from cvs to git (cvs2svn -> git-svnimport).
* HACKING: update release/branch/tag instructions
* */.cvsignore: rename to .gitignore
also, clean up tags and branch names to conform to HACKING
* bus/config-parser.c: add the standard_session_servicedirs element
to the parser
(bus_config_parser_content): process the standard_session_servicedirs
element by getting the standard directories from sysdeps and merging
them into the service directory list
(test_default_session_servicedirs): make sure we get what we expect
* bus/session.conf.in: replace the servicedir tag with the
standard_session_servicedirs tag
* dbus/dbus-list.h: remove the typedef of DBusList and place it in
dbus-sysdeps.h to avoid circular header dependencies
* dbus/dbus-sysdeps.h: add the typedef of DBusList
* dbus/dbus-sysdeps-unix.c (split_paths_and_append): utility function
which takes a string of directories delimited by colons, parses them
out, appends a suffix and puts them in a list ignoring empty elements
(_dbus_get_standard_session_servicedirs): returns the standard
directories for a session bus to look for service activation files
on Unix which includes the XDG_DATA_HOME, XDG_DATA_DIRS and
DBUS_DATADIR directories
* test/data/valid-config-files/many-rules.conf: add the
standard_session_servicedirs tag to the valid config file tests
* glib/Makefile.am: Generate dbus-glib-bindings.h and
install it.
* bus/print-introspect.c: New file; prints introspection
data for a given name and object path.
* bus/run-with-tmp-session-bus.sh: New file, refactored
from test/glib/run-test.sh. Creates a temporary session
bus and runs another program.
* test/glib/run-test.sh: Refactor to invoke
run-with-tmp-session-bus.sh.
* bus/driver.c (bus_driver_handle_introspect): Fix to print new
introspection format. Also change to use DBUS_TYPE_x_AS_STRING
macros instead of hardcoding.
* glib/.cvsignore, bus/.cvsignore, test/glib/.cvsignore: Update.
* Throughout, grand renaming to strip out the use of "service",
just say "name" instead (or "bus name" when ambiguous). Did not
change the internal code of the message bus itself, only the
programmer-facing API and messages.
* doc/dbus-specification.xml: further update the message bus section
* bus/config-parser.c (all_are_equiv): fix bug using freed string
in error case
* bus/dbus-daemon-1.1.in:
* test/data/valid-config-files/many-rules.conf: set the
max_match_rules_per_connection limt from the config file.
* doc/busconfig.dtd: update the DTD.
* bus/driver.c: remove some unused variables.
SELinux support from Matthew Rickard <mjricka@epoch.ncsc.mil>
* bus/selinux.c, bus/selinux.h: new file encapsulating selinux
functionality
* configure.in: add --enable-selinux
* bus/policy.c (bus_policy_merge): add FIXME to a comment
* bus/main.c (main): initialize and shut down selinux
* bus/connection.c: store SELinux ID on each connection, to avoid
repeated getting of the string context and converting it into
an ID
* bus/bus.c (bus_context_get_policy): new accessor, though it
isn't used
(bus_context_check_security_policy): check whether the security
context of sender connection can send to the security context of
recipient connection
* bus/config-parser.c: add parsing for <selinux> and <associate>
* dbus/dbus-transport.c (_dbus_transport_get_unix_fd): to
implement dbus_connection_get_unix_fd()
* dbus/dbus-connection.c (dbus_connection_get_unix_fd): new
function, used by the selinux stuff
Get matching rules mostly working in the bus; only actually
parsing the rule text remains. However, the client side of
"signal connections" hasn't been started, this patch is only the
bus side.
* dbus/dispatch.c: fix for the matching rules changes
* bus/driver.c (bus_driver_handle_remove_match)
(bus_driver_handle_add_match): send an ack reply from these
method calls
* glib/dbus-gproxy.c (dbus_gproxy_begin_call): fix order of
arguments, reported by Seth Nickell
* bus/config-parser.c (append_rule_from_element): support
eavesdrop=true|false attribute on policies so match rules
can be prevented from snooping on the system bus.
* bus/dbus-daemon-1.1.in: consistently use terminology "sender"
and "destination" in attribute names; fix some docs bugs;
add eavesdrop=true|false attribute
* bus/driver.c (bus_driver_handle_add_match)
(bus_driver_handle_remove_match): handle AddMatch, RemoveMatch
messages
* dbus/dbus-protocol.h (DBUS_SERVICE_ORG_FREEDESKTOP_BROADCAST): get
rid of broadcast service concept, signals are just always broadcast
* bus/signals.c, bus/dispatch.c, bus/connection.c, bus/bus.c:
mostly implement matching rules stuff (currently only exposed as signal
connections)
* doc/dbus-specification.sgml: partial updates
* bus/dbus-daemon-1.1.in: fix the config file docs for the
zillionth time; hopefully I edited the right file this time.
* bus/config-parser.c (append_rule_from_element): support
send_type, send_path, receive_type, receive_path
* bus/policy.c: add message type and path to the list of things
that can be "firewalled"
* test/data/valid-config-files/system.d/test.conf: change to
root for the user so warnings don't get printed
* dbus/dbus-message.c: add dbus_message_get_path,
dbus_message_set_path
* dbus/dbus-object-tree.c (do_test_dispatch): add test of
dispatching to a path
* dbus/dbus-string.c (_dbus_string_validate_path): add
* dbus/dbus-marshal.c (_dbus_demarshal_object_path): implement
(_dbus_marshal_object_path): implement
* dbus/dbus-protocol.h (DBUS_HEADER_FIELD_PATH): new header field
to contain the path to the target object
(DBUS_HEADER_FIELD_SENDER_SERVICE): rename
DBUS_HEADER_FIELD_SENDER to explicitly say it's the sender service
* dbus/dbus-message.c (decode_string_field): support FIELD_SENDER
(dbus_message_is_error): fix this function
* bus/dbus-daemon-1.1: clarify logic on when <deny>/<allow> rules
match
* bus/policy.c (bus_client_policy_check_can_receive): fix code to
reflect clarified man page
(bus_client_policy_check_can_send): ditto
* bus/session.conf.in: fixup
* bus/system.conf.in: fixup
* configure.in: 0.10
* NEWS: update
* bus/system.conf.in: add <includedir>system.d</includedir>
* dbus/dbus-userdb.c (_dbus_user_database_lookup): fix bug when
username was provided but not uid
* bus/config-parser.c (struct BusConfigParser): keep track of
whether the parser is toplevel or was included; change some
of the error handling if it's included.
test suite is slightly hosed at the moment, will fix soon
* bus/connection.c (bus_connections_expire_incomplete): fix to
properly disable the timeout when required
(bus_connection_set_name): check whether we can remove incomplete
connections timeout after we complete each connection.
* dbus/dbus-mainloop.c (check_timeout): fix this up a bit,
probably still broken.
* bus/services.c (bus_registry_acquire_service): implement max
number of services owned, and honor allow/deny rules on which
services a connection can own.
* bus/connection.c (bus_connection_get_policy): report errors here
* bus/activation.c: implement limit on number of pending
activations
* test/data/valid-config-files/basic.conf: add <limit> tags to
this test
* bus/config-parser.h, bus/config-parser.c, bus/bus.c: Implement
<limit> tag in configuration file.
* dbus/dbus-userdb.c: user database abstraction, mostly to get
caching, but at some point we might want to be able to use a
different database.
* bus/dispatch.c (bus_dispatch_sha1_test): add a test that uses
SHA1 conf file to test the sha1 auth mechanism, since the regular
test always uses EXTERNAL when available.
* configure.in,
test/data/valid-config-files/debug-allow-all-sha1.conf.in:
add conf file that requires use of sha1 auth
* dbus/dbus-mainloop.c: fix some reentrancy issues by refcounting
callbacks
* test/data/valid-config-files/debug-allow-all.conf.in: allow all
users
* dbus/dbus-transport.c (_dbus_transport_get_dispatch_status):
fix to only recover unused bytes if we're already authenticated
(_dbus_transport_get_is_authenticated): fix to still mark us
authenticated if there are unused bytes.
* bus/dispatch.c: implement security policy checking
* bus/connection.c (bus_transaction_send_from_driver): new
* bus/bus.c (bus_context_check_security_policy): new
* bus/dispatch.c (send_service_nonexistent_error): delete this,
now we just set the DBusError and it gets converted to an error
reply.
* bus/connection.c (allow_user_function): enable code using actual
data from the config file
* bus/policy.c (list_allows_user): handle wildcard rules for
user/group connection perms
* bus/policy.h: change BusPolicy to be the thing from the config
file, and rename old BusPolicy to BusClientPolicy
* bus/bus.c, bus/connection.c, bus/config-parser.c: change to
match change in how policy works
* dbus/dbus-internals.h: mark assert_not_reached as
__attribute((noreturn))__
* bus/bus.c (bus_context_new): print the address in here, rather
than in main(), because we need to do it before forking the daemon
* bus/dispatch.c (send_service_nonexistent_error): set the sender
on the service nonexistent error
* bus/driver.c (bus_driver_handle_acquire_service): set the
sender on the AcquireService reply
* test/data/valid-config-files/debug-allow-all.conf.in: Make test
server also listen on a UNIX socket so services can connect to it.
* test/Makefile.am (all-local): add a rule to copy tests to
builddir, so we can have generated tests. Use this to remove the
silly hack for testing system.conf and session.conf. Will use this
shortly to generate .service files pointing to test binaries.
