Previously, the comments said "this function will crash", but that's not
strictly true (checks can be disabled or made non-fatal). Their behaviour
is undefined if you do that, though.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=20496
Reviewed-by: Will Thompson <will.thompson@collabora.co.uk>
In an embedded system where the D-Bus session is a core part of the
environment, like Maemo, accidentally auto-launching a second session bus
(for instance for a concurrent ssh session) is a bad idea - it can lead
to a "split brain" situation where half the applications in the GUI are
using a different bus. In these controlled environments, it'd be useful
to prevent autolaunch from ever happening.
(As a side benefit, the changes to configure.in also mean that packagers
can explicitly --enable-x11-autolaunch, to make sure that failure to find
X will make compilation fail cleanly.)
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=19997
Bug-NB: NB#219964
According to the XDG Base Directory Specification, “the base directory
defined by $XDG_DATA_HOME is considered more important than any of the
base directories defined by $XDG_DATA_DIRS.” This makes it easier to
override a system service file as a normal user.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=34496
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
There was previously a leak in _dbus_transport_get_is_authenticated, if
we hit OOM when copying the server's actual GUID. This would fail the
"SHA1 connection test" if _dbus_iterate was modified to allocate and free
one extra pointer per iteration.
Rather than adding OOM handling everywhere, if we avoid strdup'ing the
GUID, and just re-fetch the const string from the DBusAuth object on demand
instead, we go back to a situation where _dbus_transport_get_is_authenticated
can't fail.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=33126
The default configuration has hardcoded 2048 complete connections,
and 64 incomplete. We need at least that number of file descriptors,
plus some for internal use.
In the bus, attempt to call setrlimit() before we drop privileges.
Practically speaking for this means the system bus gets it, the
session bus doesn't.
http://bugs.freedesktop.org/show_bug.cgi?id=33474
Reviewed-By: Simon McVittie <simon.mcvittie@collabora.co.uk>
This is one of the patches from Maemo's dbus package. It seems to do all
of:
* fix some documentation
* remove unreached code to delete/free the nonce file from
_dbus_server_new_for_socket - doing that on failure violates
least-astonishment anyway
* in _dbus_server_new_for_tcp_socket, never fail without setting @error
* if we fail after creating the nonce file, delete it
* if we fail after allocating the nonce file struct, free it
Origin: vendor, Maemo
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=33128
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
This isn't thread-safe or reentrant, but it turns out we don't need
either of those properties, and readdir_r is a real pain to use correctly,
particularly in the presence of FUSE filesystems that might implement
statfs() wrong.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=8284
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=15922
Reviewed-by: Will Thompson <will.thompson@collabora.co.uk>
Again, this shouldn't happen - modules are responsible for cleaning up
their watches - but the failure mode here is really bad: if we leave an
invalid fd in the set, every poll() call will instantly return, marking
it as POLLNVAL. The result is that dbus-daemon busy-loops on poll()
without responding to I/O, so the bad watch will probably never be
cleared up.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=32992
Bug-NB: NB#200248
Reviewed-by: Colin Walters <walters@verbum.org>
This shouldn't happen - other modules are responsible for cleaning up
their watches - but the bug fixed in my last commit has been present for
several years and I'm sure it's not the only one, so for robustness,
let's refuse to watch obviously-wrong file descriptors.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=32992
Bug-NB: NB#200248
Reviewed-by: Colin Walters <walters@verbum.org>
The code called from handle_watch() might close either or both of the
sockets we're watching, without cleaning up the DBusWatch. This results
in invalid file descriptors being passed to _dbus_poll(), which could
end up busy-looping on a POLLNVAL condition until the babysitter loses
its last ref (which automatically clears up both watches).
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=32992
Bug-NB: NB#200248
Reviewed-by: Colin Walters <walters@verbum.org>
Helpfully, AC_CHECK_DECLS (which configure.in uses to define
HAVE_DECL_MSG_NOSIGNAL) behaves differently to every similar AC_CHECK_*
macro and, rather than producing #undef HAVE_DECL_MSG_NOSIGNAL if the
given symbol is not found, instead produces #define
HAVE_DECL_MSG_NOSIGNAL 0.
Mike McQuaid's patch fixes the uses of this constant in sysdeps-unix;
with this patch, all code is guarded consistently and correctly.
Add DBUS_INVALID_NESTED_TOO_DEEPLY validity problem and a test that
should generate it.
Previously, we rejected deep nesting in the signature, but
variants allow dynamic message nesting, conditional only
on the depth of the message body.
The nesting limit is 64, which was also the limit in static
signatures. Empirically, dynamic nesting depth observed on my
Fedora 14 system doesn't exceed 2; 64 is really a huge limit.
https://bugs.freedesktop.org/show_bug.cgi?id=32321
Signed-Off-By: Colin Walters <walters@verbum.org>
Signed-off-by: Will Thompson <will.thompson@collabora.co.uk>
MSG_NOSIGNAL could theoretically be an enum member or something rather
than an #define, so it's better to check for the flag defined by the
configure check (as is done in dbus-connection.c already).
Reviewed-by: Colin Walters <walters@verbum.org>
Reviewed-by: Scott James Remnant <scott@netsplit.com>
Since SIGPIPE is no longer touched by default when MSG_NOSIGNAL is
available, it's extra-critical that all socket writes actually pass
that flag.
Signed-off-by: Will Thompson <will.thompson@collabora.co.uk>
This patch enables support for Mac OS X's launch daemon
for startup as well as sharing of the DBus session bus
environment. It includes a LaunchAgent plist for automatic
start of the session bus.
The code for accessing services requires absolute pathes, which are based
on DBUS_DATADIR. DBUS_DATADIR on windows is defined relative. This patch
makes sure that those pathes are absolute.
