| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
The full license texts are not added because they were already
added in a previous commit.
Signed-off-by: Ralf Habacker <ralf.habacker@freenet.de>
see #394
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't usually mass-remove trailing whitespace from the actual source
code because it would complicate cherry-picking bug fixes to older
branches, but that reasoning doesn't really apply to the comments
containing copyright and licensing notices.
Removing trailing whitespace makes it much easier to move code around:
we have a commit hook that rejects commits containing trailing
whitespace, but that commit hook counts moving a file as a delete + add
pair, so it objects to moving code that contains trailing whitespace.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
|
|
|
|
|
|
|
|
|
| |
In gcc 8, -Wall -Wextra includes -Wcast-function-type, which warns
about passing an extra (unwanted) parameter to callbacks. Instead
of using _dbus_list_foreach(), add a function to do what we actually
wanted here.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107349
Reviewed-by: Thiago Macieira <thiago@kde.org>
|
|
|
|
|
|
|
| |
Coverity CID 265359.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61922
Reviewed-by: Simon McVittie <smcv@collabora.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When we use AF_UNSPEC, we are likely to get multiple addresses back
from getaddrinfo(), and perhaps we won't be able to use them all.
Give that failure mode, or any other bind() failure, the same treatment
as EADDRINUSE failures here and all connect() failures in
_dbus_connect_tcp_socket_with_nonce(): if any address succeeds, then
the overall operation succeeds, but if all of them fail, then the
overall operation fails.
I've made _dbus_combine_tcp_errors() generic enough that
_dbus_connect_tcp_socket_with_nonce() could use it too, although that
isn't implemented here.
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
[smcv: Adjust commit message]
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61922
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When we have resolved a hostname/port pair to a list of IPv4 or IPv6
addresses, if we are unable to listen on a a specific one of those
addresses, we should report which one.
When IPv6 is disabled for the loopback interface, this changes the
diagnostic from:
Failed to bind socket "localhost:1234": Cannot assign requested address
to the more informative
Failed to bind socket "::1" port 1234: Cannot assign requested address
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61922
|
|
|
|
|
|
| |
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61922
|
|
|
|
|
|
|
|
|
| |
This is clearly equivalent, and quiets -Wswitch-default.
Based on part of a patch by Thomas Zimmermann.
Signed-off-by: Simon McVittie <smcv@debian.org>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98191
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Annoyingly, the POSIX way to declare environ (as
"extern char **environ") is a redundant declaration in glibc with
_GNU_SOURCE; work around that.
We also have a workaround for _NSGetEnviron() needing to be used
instead of direct access to environ in at least some circumstances on
Mac OS. Attempt to sync that up between all the files that use environ,
consistently sorting the most special special-cases first (Windows
for files that are compiled there, then Mac, then GNU, with
lowest-common-denominator POSIX last).
The affected files are already OS-specific, so I'm not bothering to
introduce a nicer or higher-level API for this.
Based on the best bits of an earlier patch from me, and an earlier
patch from Thomas Zimmermann.
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Thomas Zimmermann <tdz@users.sourceforge.net>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=97357
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This changes the behaviour of _dbus_logv() if _dbus_init_system_log() was
not called. Previously, _dbus_logv() would always log to syslog;
additionally, it would log to stderr, unless the process is dbus-daemon
and it was started by systemd. Now, it will log to stderr only,
unless _dbus_init_system_log() was called first.
This is the desired behaviour because when we hook up
_dbus_warn_check_failed() to _dbus_logv() in the next commit, we don't
want typical users of libdbus to start logging their check failures to
syslog - we only want the dbus-daemon to do that.
In practice this is not usually a behaviour change, because there was
only one situation in which we called _dbus_logv() without first calling
_dbus_init_system_log(), namely an error while parsing configuration
files. Initialize the system log "just in time" in that situation
to preserve existing behaviour.
Signed-off-by: Simon McVittie <smcv@debian.org>
|
|
|
|
|
|
|
|
|
| |
This is a step towards making it write to either stderr or syslog
or both, as configured globally.
Signed-off-by: Simon McVittie <smcv@debian.org>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=97009
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is in preparation for optionally making _dbus_warn() use it.
dbus-daemon closes its stderr under some circumstances, including
when launched by dbus-launch, which makes failures in that
situation rather hard to debug.
_dbus_system_log() is the same on Unix and Windows, so move it
to dbus-sysdeps.c. _dbus_system_logv() remains platform-specific.
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=97009
[smcv: move the #include for syslog.h, too]
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
| |
This is more robust against broken setups where we run out
of memory or cannot read /dev/urandom.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90414
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
[smcv: document @error]
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some functions in dbus-transport-socket.c make a (wrapped)
socket syscall, then call other APIs, then test the result and
errno of the socket syscall.
This would break horribly if those "other APIs" overwrote errno with
their own value (... and this is part of why errno is an awful API).
Notably, if running under DBUS_VERBOSE, _dbus_verbose() is basically
fprintf(), which sets errno; and our Unix fd-passing support
makes calls of the form _dbus_verbose ("Read/wrote %i unix fds\n", n)
between the syscall and the result processing.
Maybe one day we'll convert all of dbus' syscall wrappers to either
raise a DBusError, or use the "negative errno" convention that systemd
borrowed from the Linux kernel, and in particular, we would need to
do that if we ever ported it to a platform where socket error reporting
was not basically errno. However, in practice everyone uses something
derived from BSD sockets, so "this sets errno, you know what errno is"
is a good enough internal API if we make sure to use it correctly.
Nothing calls _dbus_get_is_errno_nonzero(), so I just removed it instead
of converting it to the new calling convention.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83625
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since Linux commit 25888e (from 2.6.37-rc4, Nov 2010), sendmsg() on Unix
sockets returns -1 errno=ETOOMANYREFS ("Too many references: cannot splice")
when the passfd mechanism (SCM_RIGHTS) is "abusively" used recursively by
applications. A malicious client could use this to force a victim system
service to be disconnected from the system bus; the victim would likely
respond by exiting. This is a denial of service (fd.o #80163,
CVE-2014-3532).
This patch silently drops the D-Bus message on ETOOMANYREFS and does not close
the connection.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80163
Reviewed-by: Thiago Macieira <thiago@kde.org>
[altered commit message to explain DoS significance -smcv]
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
| |
It's sufficiently portable that GLib has an equivalent, and I really
don't want to have to either open-code it in dbus-run-session or
link dbus-run-session statically. We have enough statically-linked
rubbish already.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39196
Reviewed-by: Colin Walters <walters@verbum.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This means we can use a much simpler code structure in data-slot
allocators: instead of giving them a DBusRMutex ** at first-allocation,
we can just give them an index into the array, which can be done
statically.
It doesn't make us any more thread-safe-by-default - the mutexes will
only actually be used if threads were already initialized - but it's
substantially better than nothing.
These locks really do have to be recursive: for instance,
internal_bus_get() calls dbus_bus_register() under the bus lock,
and dbus_bus_register() can call _dbus_connection_close_possibly_shared(),
which takes the bus lock.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=54972
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Alban Crequy <alban.crequy@collabora.co.uk>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Reviewed-by: Anas Nashif <anas.nashif@intel.com>
|
|
|
|
|
|
|
| |
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=54972
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Alban Crequy <alban.crequy@collabora.co.uk>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
|
|
|
|
|
|
|
|
| |
It breaks gnome-keyring-daemon at least in some
configurations; see
https://bugs.freedesktop.org/show_bug.cgi?id=52202#c24
This reverts commit 1a556443757b19fee67ef4441141246dd9cfed4f.
|
|
|
|
|
|
|
|
| |
This helps us in the case where we were executed via filesystem
capabilities or a SELinux domain transition, not necessarily a plain
old setuid binary.
https://bugs.freedesktop.org/show_bug.cgi?id=52202
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This matches a corresponding change in GLib. See
glib/gutils.c:g_check_setuid().
Some programs attempt to use libdbus when setuid; notably the X.org
server is shipped in such a configuration. libdbus never had an
explicit policy about its use in setuid programs.
I'm not sure whether we should advertise such support. However, given
that there are real-world programs that do this currently, we can make
them safer with not too much effort.
Better to fix a problem caused by an interaction between two
components in *both* places if possible.
How to determine whether or not we're running in a privilege-escalated
path is operating system specific. Note that GTK+'s code to check
euid versus uid worked historically on Unix, more modern systems have
filesystem capabilities and SELinux domain transitions, neither of
which are captured by the uid comparison.
On Linux/glibc, the way this works is that the kernel sets an
AT_SECURE flag in the ELF auxiliary vector, and glibc looks for it on
startup. If found, then glibc sets a public-but-undocumented
__libc_enable_secure variable which we can use. Unfortunately, while
it *previously* worked to check this variable, a combination of newer
binutils and RPM break it:
http://www.openwall.com/lists/owl-dev/2012/08/14/1
So for now on Linux/glibc, we fall back to the historical Unix version
until we get glibc fixed.
On some BSD variants, there is a issetugid() function. On other Unix
variants, we fall back to what GTK+ has been doing.
Reported-by: Sebastian Krahmer <krahmer@suse.de>
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When libdbus-1 moved to using monotonic time support for the
DBUS_COOKIE_SHA1 authentication was broken, in particular
interoperability with non-libdbus-1 implementations such as GDBus.
The problem is that if monotonic clocks are available in the OS,
_dbus_get_current_time() will not return the number of seconds since
the Epoch so using it for DBUS_COOKIE_SHA1 will violate the D-Bus
specification. If both peers are using libdbus-1 it's not a problem
since both ends will use the wrong time and thus agree. However, if
the other end is another implementation and following the spec it will
not work.
First, we change _dbus_get_current_time() back so it always returns
time since the Epoch and we then rename it _dbus_get_real_time() to
make this clear. We then introduce _dbus_get_monotonic_time() and
carefully make all current users of _dbus_get_current_time() use it,
if applicable. During this audit, one of the callers,
_dbus_generate_uuid(), was currently using monotonic time but it was
decided to make it use real time instead.
Signed-off-by: David Zeuthen <davidz@redhat.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=48580
|
|\
| |
| |
| |
| |
| | |
Conflicts:
NEWS
configure.ac
|
| |
| |
| |
| |
| |
| |
| |
| | |
In mingw-w64 both ESOMETHING and WSASOMETHING are defined,
leading to a duplicate case in the switch.
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=47321
|
| |
| |
| |
| |
| |
| |
| |
| | |
They're unused, except by their own regression tests.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39759
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Lennart Poettering <lennart@poettering.net>
|
|/
|
|
|
|
| |
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=34976
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Cosimo Alfarano <cosimo.alfarano@collabora.co.uk>
|
|
|
|
|
|
|
|
| |
The Windows implementation is untested, but does at least (cross-)compile,
and matches what GLib does.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=38005
Reviewed-by: Lennart Poettering <lennart@poettering.net>
|
|
|
|
|
| |
Reviewed-by: Cosimo Alfarano <cosimo.alfarano@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=38005
|
|
|
|
|
|
| |
This reverts commit 6f9077ee870ad02119facf83d1293301b4535c3b, which
broke the build on Unix (see previous patch) and introduced a bunch of
warnings.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libdbus uses several config variables. On unix these settings are read from
environment variables by using _dbus_getenv.
On other platforms like wince there are no environment variables available and
_dbus_getenv needs an emulation for those plattforms (see
dbus/dbus-sysdeps-wince-glue.c)
To cleanup this emulation the appended patch adds a config api by adding
_dbus_config_... functions.
Also having all client config related functions listed in one header file
provides a good overview about which config attributes are available.
The default implementation retrieves the config values from environment
variables. For other os this could be easily extended or replaced by.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
in dbus4win
|
| |
|
|
|
|
|
|
| |
Handle those WinSock errors that match the errno values handled. Don't
bother handling those errors that are mapped to DBUS_ERROR_FAILED in
the switch as that is the default return value anyway.
|
|
|
|
|
| |
errno.h is present and needed on Windows. (It's not present on Windows CE though.)
(cherry picked from commit cef676c0c7ea8ad352e1ecf1c3643edb1abd7ad6)
|
|
|
|
| |
5874d104f52a0ef4d956ab56376776d3e385072f)
|
|
|
|
|
|
|
|
|
|
|
|
| |
Patch based on extensive work from Michael Meeks <michael.meeks@novell.com>,
thanks to Dafydd Harries <dafydd.harries@collabora.co.uk>,
Kimmo Hämäläinen <kimmo.hamalainen@nokia.com> and others.
The basic idea with this bug is that we effectively ignore errors
on write. Only when we're done reading from a connection do we
close down a connection. This avoids a race condition where
if a process (such as dbus-send) exited while we still had
data to read in the buffer, we'd miss that data.
|
|
|
|
|
|
| |
No comment.
Signed-off-by: Colin Walters <walters@verbum.org>
|
| |
|
|
|
|
|
|
|
|
| |
It's a wrapper around the environ external variable.
It will be important in the future when we allow
bus clients to modify the environment of future
activated clients. Presently, we just always use the
bus daemon environment wholesale.
|
|
|
|
| |
* patch from Brian Cameron <brian.cameron at sun.com>
|
|
|
|
|
|
| |
* dbus/dbus-sysdeps.c: (_dbus_clearenv):
* dbus/dbus-sysdeps.h:
Add a wrapper for clearenv.
|
|
|
|
| |
* Add indent-tabs-mode: nil to all file headers.
|
|
|
|
|
|
|
| |
* dbus/dbus-sysdeps-util.c (_dbus_sysdeps_test): invert the test
for parsing hex as double to be sure it fails to work
* dbus/dbus-sysdeps.c (_dbus_string_parse_double): don't allow hex numbers.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dbus/dbus-sysdeps.c (_dbus_set_errno_to_zero)
(_dbus_get_is_errno_nonzero, _dbus_get_is_errno_eintr)
(_dbus_strerror_from_errno): family of functions to abstract
errno, though these are somewhat bogus (really we should make our
socket wrappers not use errno probably - the issue is that any
usage of errno that isn't socket-related probably is not
cross-platform, so should either be in a unix-only file that can
use errno directly, or is a bug - these general errno wrappers
hide issues of this nature in non-socket code, while
socket-specific API changes would not since sockets are allowed
cross-platform)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bus/dispatch.c (check_get_connection_unix_process_id): adapt
since sysdeps-unix.h stuff isn't included anymore
* bus/bus.c (bus_context_new): use more abstract functions to
change user, so they can be no-ops on Windows
* dbus/dbus-credentials.c, dbus/dbus-credentials.h,
dbus/dbus-credentials-util.c: new files containing a fully opaque
DBusCredentials data type to replace the old not opaque one.
* configure.in (DBUS_UNIX): define DBUS_UNIX to match DBUS_WIN on
windows
* dbus/dbus-userdb.h: prohibit on Windows, next step is to clean
up the uses of it in bus/*.c and factor out the parts of
cookie auth that depend on it
|