2007-10-19 Havoc Pennington <hp@redhat.com>
* bus/bus.c (bus_context_new): put the audit_init() in here
instead, which I believe ends up being the same as where it was
before, though I'm not sure I understand why it goes here.
* dbus/dbus-sysdeps-util-unix.c (_dbus_change_to_daemon_user):
remove audit_init() from here, this file can't depend on code in
bus/ directory
* patch by Dan Walsh <dwalsh@redhat.com>
* https://bugs.freedesktop.org/show_bug.cgi?id=12429
* Reverse we_were_root check to setpcap if we were root. Also only init
audit if we were root. So error dbus message will not show up when policy
reload happens. dbus -session will no longer try to send audit message,
only system will.
* For security reasons we want possition independent code for libraries
and possition independent executable for executables
* before we were just enabling -fPIC
* now we correctly enable -fPIC and -PIE for libdbus and the bus respectively
* propper LD_FLAGS are set for each also
2007-09-20 Ryan Lortie <desrt@desrt.ca>
* dbus/signals.c (struct DBusMatchRule, bus_match_rule_new,
bus_match_rule_set_arg, bus_match_rule_parse_arg_match,
match_rule_matches): Add support for parsing and matching on
arg0path='/some/path' type rules.
* dbus/signals.h (bus_match_rule_set_arg): change to take const
DBusString instead of const char * for the string to match against.
* dbus/dbus-bus.c: add a quick note to dbus_bus_add_match
documentation about the path matching.
* doc/dbus-specification.xml: add a more detailed description of the
changes here.
2007-09-13 Ryan Lortie <desrt@desrt.ca>
migrate from cvs to git (cvs2svn -> git-svnimport).
* HACKING: update release/branch/tag instructions
* */.cvsignore: rename to .gitignore
also, clean up tags and branch names to conform to HACKING
* tools/dbus-launch-x11.c (set_address_in_x11): fix from Michael
Lorenz to use long not int with XChangeProperty format 32
* dbus/dbus-sysdeps-util-unix.c
(_dbus_write_pid_to_file_and_pipe): factor this out, and use the
same code in _dbus_become_daemon (where the parent writes the pid
file and to the pid pipe) and in bus_context_new (where the daemon
writes its own pid file and to its own pid pipe)
* bus/bus.c (bus_context_new): close the pid pipe after we print
to it. Also, don't write the pid to the pipe twice when we fork,
someone reported this bug a long time ago.
* bus/activation-helper.c (check_bus_name): don't use
_dbus_check_valid_bus_name() which is only around with
--enable-checks, instead use _dbus_validate_bus_name().
Bug #11766 from Diego <diego@pemas.net>
* bus/config-parser-trivial.c (check_return_values): disable a
test that hardcoded the bus user's name
* bus/dispatch.c (bus_dispatch_test_conf): remove the "if
(!use_launcher)" around the tests, they were only failing because
we didn't pass through all the expected errors from the helper.
* bus/activation-exit-codes.h
(BUS_SPAWN_EXIT_CODE_CHILD_SIGNALED): add a code for child segfaulting
(BUS_SPAWN_EXIT_CODE_GENERIC_FAILURE): make "1" be a generic
failure code, so if a third party launch helper were written it
could just always return 1 on failure.
* configure.in: add AM_PROG_CC_C_O to allow per-target CPPFLAGS
* bus/dispatch.c (bus_dispatch_test_conf): Fix up setting
TEST_LAUNCH_HELPER_CONFIG to include the full path, and enable
test shell_fail_service_auto_start when use_launcher==TRUE
* bus/activation-helper-bin.c (convert_error_to_exit_code): pass
through the INVALID_ARGS error so the test suite works
* bus/activation.c (handle_activation_exit_error): return
DBUS_ERROR_NO_MEMORY if we get BUS_SPAWN_EXIT_CODE_NO_MEMORY
* dbus/dbus-spawn.c (_dbus_babysitter_get_child_exit_status):
return only the exit code of the child, not the entire thingy from
waitpid(), and make the return value indicate whether the child
exited normally (with a status code)
* bus/bus.c (process_config_first_time_only): _dbus_strdup works
on NULL so no need to check
(process_config_every_time): move servicehelper init here, so we
reload it on HUP or config file change
* bus/Makefile.am (install-data-hook): remove comment because
Emacs make mode seems to be grumpy about it
* bus/Makefile.am:
* bus/test-system.c: (die), (check_memleaks), (test_pre_hook),
(test_post_hook), (main):
Add back the test-system.c file - not sure now this got ignored in the
diff. I blame git.
* bus/dispatch.c: (check_segfault_service_no_auto_start),
(check_launch_service_file_missing),
(check_launch_service_user_missing),
(check_launch_service_exec_missing),
(check_launch_service_service_missing), (bus_dispatch_test_conf),
(bus_dispatch_test_conf_fail), (bus_dispatch_test):
Add unit tests for system activation. Most are copied from the
session activation tests, but some didn't apply when using a laucher.
* bus/bus.c: (process_config_first_time_only),
(process_config_every_time), (bus_context_unref),
(bus_context_get_servicehelper):
* bus/bus.h:
Add the concept of a service-helper and allow it's value to be read.
* bus/activation.c: (bus_activation_entry_unref),
(update_desktop_file_entry):
Add the concept of, and read the value of user from the desktop file.
The user string is not required unless we are using system activation.
* bus/activation.c:
* bus/desktop-file.h:
Move the defines into the header file, as we use these in the lauch
helper as well as the desktop file parsing.
* bus/Makefile.am:
* bus/test.h:
Add the build glue for the lauch helper, and also add the launch-helper
OOM checks into make check. I've probably broken the build, give me 2.
* bus/test-launch-helper.c: (die), (check_memleaks),
(test_post_hook), (bus_activation_helper_oom_test), (main):
Add a test wrapper to allow OOM checks on the launch helper.
* bus/activation-helper-bin.c: (convert_error_to_exit_code),
(main):
* bus/activation-helper.c: (desktop_file_for_name),
(clear_environment), (check_permissions), (check_service_name),
(get_parameters_for_service), (switch_user),
(exec_for_correct_user), (check_bus_name), (get_correct_parser),
(launch_bus_name), (check_dbus_user), (run_launch_helper):
* bus/activation-helper.h:
Add the initial launch-helper. This is split into a main section and a
binary loader that allows us to lauch the main section in another test
harness to do stuff like OOM testing. No build glue yet.
* bus/Makefile.am:
* bus/config-parser.c: (bus_config_parser_unref),
(start_busconfig_child), (bus_config_parser_end_element),
(servicehelper_path), (bus_config_parser_content),
(bus_config_parser_finished),
(bus_config_parser_get_servicehelper),
(test_default_session_servicedirs),
(test_default_system_servicedirs), (bus_config_parser_test):
* bus/config-parser.h:
Make the config-parser code use the common config code.
Also add the session and systemdirs stuff, and make the config parser
aware of the servicehelper field.
* bus/config-parser-trivial.c: (service_dirs_find_dir),
(service_dirs_append_link_unique_or_free), (bus_config_parser_new),
(bus_config_parser_unref), (bus_config_parser_start_element),
(bus_config_parser_end_element), (bus_config_parser_content),
(bus_config_parser_finished), (bus_config_parser_get_user),
(bus_config_parser_get_type), (bus_config_parser_get_service_dirs),
(check_return_values), (do_load), (check_loader_oom_func),
(process_test_valid_subdir), (make_full_path), (check_file_valid),
(bus_config_parser_trivial_test):
* bus/config-parser-trivial.h:
Add a security sensitive stripped down config parser for the setuid
launcher. This file only reads what it needs, and doesn't try to do
anything remotely clever like including external files.
It is not intended to validate the config file; it is expected that
config-parser will do that before the setuid program tries to read it.
* bus/config-parser-common.c:
(bus_config_parser_element_name_to_type),
(bus_config_parser_element_type_to_name):
* bus/config-parser-common.h:
We don't want to run the whole config parser with all it's deps in the
setuid program. We need to implement a stripped down config parser just
for the launcher, and to do so I need some common functions and
defines; add them here.
* bus/activation-exit-codes.h:
Add defines which specify the output codes of the launch helper.
We have to use exit codes as this is the only way we can return failure
type without going grotty things like redirecting possibly-nonsecure
stderr into the error.
* doc/dbus-specification.xml: document org.freedesktop.DBus.GetId()
* bus/driver.c (bus_driver_handle_get_id): implement org.freedesktop.DBus.GetId()
* bus/bus.c (bus_context_new): generate a unique ID for each bus context
* dbus/dbus-connection.c (dbus_connection_get_server_id): new function
* dbus/dbus-bus.c (dbus_bus_get_id): new function
* dbus/dbus-server.c (dbus_server_get_id): new function
* dbus/dbus-sysdeps-unix.c (_dbus_append_session_config_file)
(_dbus_append_system_config_file): new functions
* bus/main.c (main): use _dbus_append_system_config_file() and
_dbus_append_session_config_file()
* dbus/Makefile.am (INCLUDES): move DBUS_SYSTEM_CONFIG_FILE and
DBUS_SESSION_CONFIG_FILE into this makefile
* dbus/dbus-sysdeps.c (_dbus_set_errno_to_zero)
(_dbus_get_is_errno_nonzero, _dbus_get_is_errno_eintr)
(_dbus_strerror_from_errno): family of functions to abstract
errno, though these are somewhat bogus (really we should make our
socket wrappers not use errno probably - the issue is that any
usage of errno that isn't socket-related probably is not
cross-platform, so should either be in a unix-only file that can
use errno directly, or is a bug - these general errno wrappers
hide issues of this nature in non-socket code, while
socket-specific API changes would not since sockets are allowed
cross-platform)
* bus/dispatch.c (check_get_connection_unix_process_id): mop up
getpid() (noticed by Peter KKümmel) and adapt the test to
expect a "pid unknown" error when running on Windows.
* dbus/dbus-server-socket.c (_dbus_server_listen_socket): support
all_interfaces=true|false for tcp servers
* dbus/dbus-sysdeps-unix.c (_dbus_listen_tcp_socket): support
inaddr_any flag
* bus/selinux.c: fix some missing includes
* dbus/dbus-server-socket.c (_dbus_server_listen_socket): allow
port to simply be omitted in addition to specifying 0
* configure.ac, bus/selinux.c, dbus/dbus-sysdeps-unix-util.c: add
libaudit support, no clue what this means really but now we have
it. Patches from Fedora package.
* bus/bus.c (bus_context_new): move selinux initialization after
changing to daemon user, patch from Fedora package
* dbus/dbus-transport.c (auth_via_unix_user_function): fix a typo
* bus/policy.c (bus_policy_create_client_policy): gracefully
continue if the connection has no unix user - just don't apply
any unix user dependent rules.
* bus/config-parser.c: remove dbus-userdb.h usage
* bus/bus.c: remove dbus-userdb.h usage
* dbus/dbus-transport.c (_dbus_transport_get_is_authenticated):
support Windows user function; also, fix the logic for checking
auth as root in the default auth code (broken in the previous
commit)
* dbus/dbus-connection.c
(dbus_connection_set_windows_user_function): new function
(dbus_connection_get_windows_user): new function
* bus/dispatch.c (check_get_connection_unix_process_id): adapt
since sysdeps-unix.h stuff isn't included anymore
* bus/bus.c (bus_context_new): use more abstract functions to
change user, so they can be no-ops on Windows
* dbus/dbus-credentials.c, dbus/dbus-credentials.h,
dbus/dbus-credentials-util.c: new files containing a fully opaque
DBusCredentials data type to replace the old not opaque one.
* configure.in (DBUS_UNIX): define DBUS_UNIX to match DBUS_WIN on
windows
* dbus/dbus-userdb.h: prohibit on Windows, next step is to clean
up the uses of it in bus/*.c and factor out the parts of
cookie auth that depend on it
* dbus-sysdeps-win.h (_dbus_get_config_file_name,_dbus_file_exists): new prototyp, undefined interface after including windows.h because t makes trouble when a paramater is named interface.
* dbus-sysdeps-win.c (_dbus_get_install_root,_dbus_get_config_file_name,_dbus_file_exists): new functions.
* tools/dbus-launch.c (do_close_stderr): fix C89 problem and
formatting problem
* Mostly fix the DBusPipe mess.
- put line break after function return types
- put space before parens
- do not pass structs around by value
- don't use dbus_strerror after calling supposedly cross-platform
api
- don't name pipe variables "fd"
- abstract special fd numbers like -1 and 1
* dbus/dbus-server-socket.c (_dbus_server_new_for_tcp_socket): implemented returning tcp port. Skipping port parameter and non integer port values in config <listen> statement needs more effort.
* dbus/dbus-sysdeps-unix.c, dbus/dbus-sysdeps-win.c (_dbus_listen_tcp_socket): return the real used tcp port.
* bus/dbus-daemon.1.in: added <listen> tcp examples
