Commit f20a05f60f included in dbus-1.15.0 broke autolaunch: on
Windows. autolaunch_custom_command_line_parameter shall be initalized
to null as it is later used in only one place in the code, with this
ternary:
autolaunch_custom_command_line_parameter ? autolaunch_custom_command_line_parameter : "--session"
Closes#503
When `dbus-daemon` sets more than 128 directories for `XDG_DATA_DIRS`,
none of the elements in `new_dirs` will be `NULL`, which resulted in
these loops reading out-of-bounds (undefined behaviour). In practice
this led to a crash.
To avoid this, make sure to stop iteration at the end of the array.
[smcv: Expanded commit message]
Resolves: dbus/dbus#481
instead of using has_header use check_header to confirm the header
works. This is necessary to get the meson build to work with Visual
Studio 2022. It has <stdatomic.h> but it does not actually work when
compiling a C program. A minimal C program that include <stdatomic.h>
fails with the following errors:
C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.38.33130\include\vcruntime_c11_stdatomic.h(36): error C2061: syntax error: identifier 'atomic_bool'
C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.38.33130\include\vcruntime_c11_stdatomic.h(36): error C2059: syntax error: ';'
C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.38.33130\include\vcruntime_c11_stdatomic.h(37): error C2061: syntax error: identifier 'atomic_char'
C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.38.33130\include\vcruntime_c11_stdatomic.h(37): error C2059: syntax error: ';'
...
...
check_header is consistent with CMake's
check_include_file(stdatomic.h HAVE_STDATOMIC_H)
which is why the CMake-based build of dbus works with Visual Studio
2022, while the meson build doesn't.
Fixes#494
Recent versions of glibc support C.UTF-8 natively, and both Debian and
openSUSE (which we use for our CI) have been patching it into our glibc
versions for several years before that.
Helps: https://gitlab.freedesktop.org/dbus/dbus/-/issues/488
Signed-off-by: Simon McVittie <smcv@collabora.com>
After running the test suite, we don't need (or want) to re-run the test
suite as a side-effect of producing a dist tarball. Historically, this
test-case used Autotools `make dist`, not `make distcheck`, but when
we removed the Autotools build system, it was replaced with
`meson dist` (similar to Autotools `make distcheck`). Change that to
`meson dist --no-tests`, which is more like Autotools `make dist` as
originally intended.
In particular, when we re-ran the test suite, we weren't filtering out
the time-consuming and timeout-prone tests that emulate malloc()
failures, which we don't normally intend to run in CI.
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/489
Signed-off-by: Simon McVittie <smcv@collabora.com>
Before we removed the Autotools build system, these meant: do a
`make dist` with Autotools, then unpack the resulting tarball, and build
it with Meson or CMake (as appropriate). This was important because the
contents of an Autotools `make dist` differed significantly from what's
in git: only the files that were explicitly declared as sources in the
Autotools build system were distributed, and Autotools would also add its
own generated cruft.
Now that we're doing releases with Meson, the official source release
artifact is basically `git archive`, so there's much less need to
distinguish between official source releases and what's in git, and these
variant build systems became simple aliases for meson and cmake.
Remove those aliases from tools/ci-build.sh, and stop using them in
.gitlab-ci.yml.
Signed-off-by: Simon McVittie <smcv@collabora.com>
The 'debian mingw32 autotools debug' job was replaced with a corresponding
meson related job named 'debian mingw32 meson debug' and the remaining
autotools related jobs were removed.
The drop in replacement job for 'debian mingw64 autotools' is
'debian mingw32 meson' and is now build by default.
On 32 bit systems long will overflow in 2038, causing complete breakage.
This is confirmed by running dbus's test suite on a 32 bit system
with system time set to 2040 (and configured to use 64 bit time_t of course).
Note that both timespec and timeval are specified with time_t for the
seconds component. This should propagate everywhere where that data is
passed and stored, but previously _dbus_get_monotonic_time() and
_dbus_get_monotonic_time() would truncate it to long.
Also add a function for parsing dbus_int64_t from
files, as existing functions can only handle long.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
This makes it easier to verify that _dbus_user_database_unlock_system()
is called on all exit paths. The only early-return is when locking the
userdb failed.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Our implementation always assumed that both code paths set errno, but
according to their API documentation, getpwnam_r and getpwuid_r actually
don't: they *return* a code from the same pseudo-enum as errno. They
also return 0 (but with a NULL struct passwd) if the user is not found,
which these APIs don't count as an error (but we do).
Similarly, in the legacy getpwnam/getpwuid code path, it is unspecified
whether looking up a nonexistent user will set errno or not.
Having retrieved an errno-like error code, we might as well use it in
the human-readable message and not just the machine-readable code,
because the human-readable message is what ends up in the system log.
Helps: https://gitlab.freedesktop.org/dbus/dbus/-/issues/343
Signed-off-by: Simon McVittie <smcv@collabora.com>
If we want to get the struct passwd corresponding to uid 42, but we
can't, it's much better to say
User ID "42" unknown
rather than
User "???" unknown
Helps: https://gitlab.freedesktop.org/dbus/dbus/-/issues/343
Signed-off-by: Simon McVittie <smcv@collabora.com>
The only difference between these was that we only needed to allocate
and free buf in the getpwnam_r case. We expect that all reasonable
Unix platforms will have getpwnam_r (it's in POSIX) so adding a no-op
dbus_free(NULL) to the getpwnam code path seems harmless.
This will be helpful when we make the error handling better, in a
subsequent commit.
Helps: https://gitlab.freedesktop.org/dbus/dbus/-/issues/343
Signed-off-by: Simon McVittie <smcv@collabora.com>
When running tests, we use DBUS_FATAL_WARNINGS=1 to make the tests fail
on internal errors. Failing to set up inotify is not really an internal
error: it's more like an environmental error, which can occur for
reasons outside our control.
Instead, log using bus_context_log(), which never crashes the process
and always just logs a warning.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/473
If we have a large number of connections to the bus, and we fail to
reload the policy for one of them (perhaps because its uid no longer
exists in the system user database), previously we would crash, which
is obviously unintended. After the previous commit, we would stop
iteration through the list of client connections, which doesn't seem
great either: one bad connection shouldn't prevent us from reloading
the rest of our state.
Instead, let's distinguish between new connections (where we want
failure to establish a security policy to be fatal), and pre-existing
connections (where the current security policy is presumably good
enough to keep using if we have nothing better). If we're unable to
reload the policy for a pre-existing connection, log a warning and
carry on iterating.
Helps: https://gitlab.freedesktop.org/dbus/dbus/-/issues/343
Signed-off-by: Simon McVittie <smcv@collabora.com>
Previously, if dbus_connection_get_unix_user() succeeded but
_dbus_unix_groups_from_uid() failed, then bus_connection_get_unix_groups()
would incorrectly fail without setting the error indicator, resulting
in "(null)" being logged, which is rather unhelpful.
This also lets us distinguish between ENOMEM and other errors, such as
the uid not existing in the system's user database.
Fixes: 145fb99b (untitled refactoring commit, 2006-12-12)
Helps: https://gitlab.freedesktop.org/dbus/dbus/-/issues/343
Signed-off-by: Simon McVittie <smcv@collabora.com>
If policy creation fails, we can't usefully leave a NULL policy in the
BusConnectionData. If we did, the next attempt to reload policy would
crash with a NULL dereference when we tried to unref it, or with
an assertion failure.
One situation in which we can legitimately fail to create a client policy
is an out-of-memory condition. Another is if we are unable to look up a
connection's supplementary groups with SO_PEERGROUPS, and also unable to
look up the connection's uid's groups in the system user database, for
example because it belongs to a user account that has been deleted (which
is sysadmin error, but can happen, particularly in automated test systems)
or because a service required by a Name Service Switch plugin has failed.
Keeping the last known policy is consistent with what happens to all
the connections that are after this one in iteration order: after we
early-return, all of those connections retain their previous policies
(which doesn't seem ideal either, but that's how this has always worked).
[smcv: Add commit message]
Co-authored-by: Simon McVittie <smcv@collabora.com>
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/343
Most of these binary blobs is mechanically derived from the
corresponding .hex file, which is hand-written.
boolean-has-no-value.message-raw is presumably either hand-constructed
or fuzzer-generated: it was committed by a Red Hat employee and never
altered, so I've assumed Red Hat is the copyright holder. Permission
was already granted by Red Hat to relicense their dbus contributions
under the MIT (Expat) license.
Signed-off-by: Simon McVittie <smcv@collabora.com>
When cross-compiling Windows binaries on (for example) Linux, we only
need a Windows C++ compiler and not a Linux C++ compiler.
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/439
Signed-off-by: Simon McVittie <smcv@collabora.com>
On Unix, dbus has historically used gcc-specific lock-free atomic
intrinsics where available, falling back to a pthreads mutex where
possible. Meanwhile, on Windows, it has historically used
InterlockedIncrement() and similar library functions (in practice
wrappers around lock-free intrinsics on real Windows, but IPC calls into
wineserver on Wine).
ISO C11 provides a new header, stdatomic.h, with standardized support
for atomic operations. Exactly how these are implemented is a compiler
quality-of-implementation decision, but any reasonable compiler
implementation on a modern CPU should be using intrinsics. Let's use
this wherever possible, falling back to our old implementation only if
the C11 implementation is unsupported.
One concrete benefit that we get from this is that when compiling with
mingw-w64 gcc and running via Wine, this makes atomic reference counting
operations into a simple local operation, rather than IPC to wineserver
which can be very slow. This should make our CI tests considerably more
reliable.
In all vaguely modern gcc versions (gcc 5.5 or later) and in contemporary
versions of clang, the default compiler mode is C11 or later with GNU
extensions. We intentionally do not ask for any specific C standard, so
we can use C11 features like this one, as long as we do so conditionally.
The Microsoft Visual C compiler does not currently support this without
special options, so we still use the Interlocked family of functions
when compiling for Windows with MSVC.
Signed-off-by: Simon McVittie <smcv@collabora.com>
I want to use <stdatomic.h> in dbus-sysdeps.h, but if we do that, we
won't be able to include that header into C++ code on all compilers.
Move the declarations for new internal Windows-specific functions
introduced in commit 17a23d08
"dbus_threads_init_default, dbus_threads_init: be safe to call at any time"
into their own header.
Signed-off-by: Simon McVittie <smcv@collabora.com>
