summaryrefslogtreecommitdiff
path: root/dbus/dbus-transport.c
Commit message (Collapse)AuthorAgeFilesLines
* Add SPDX license marker for the AFL-2.1 OR GPL-2.0-or-later licenseRalf Habacker2023-01-041-0/+2
| | | | | | | | | The full license texts are not added because they were already added in a previous commit. Signed-off-by: Ralf Habacker <ralf.habacker@freenet.de> see #394
* dbus: move AF_UNIX code to transport-socketMarc-André Lureau2022-07-151-1/+1
| | | | Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
* dbus: add _dbus_transport_open_unixexec()Marc-André Lureau2022-07-151-0/+1
| | | | | | | Split _dbus_transport_open_unix_socket() to leave the "unixexec:" handling to the unix-specific unit. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
* dbus: handle unix transport in a new common functionMarc-André Lureau2022-07-151-0/+3
| | | | | | | Split out the Unix socket handling from open_platform_specific(), enabling "unix:" connectable addresses on Windows in next patch. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
* trivial: Remove trailing whitespace from copyright noticesSimon McVittie2018-12-171-2/+2
| | | | | | | | | | | | | | We don't usually mass-remove trailing whitespace from the actual source code because it would complicate cherry-picking bug fixes to older branches, but that reasoning doesn't really apply to the comments containing copyright and licensing notices. Removing trailing whitespace makes it much easier to move code around: we have a commit hook that rejects commits containing trailing whitespace, but that commit hook counts moving a file as a delete + add pair, so it objects to moving code that contains trailing whitespace. Signed-off-by: Simon McVittie <smcv@collabora.com>
* _DBUS_ASSERT_ERROR_XOR_BOOL: Add and useSimon McVittie2018-11-201-4/+1
| | | | | | As suggested by Philip Withnall in dbus!43. Signed-off-by: Simon McVittie <smcv@collabora.com>
* DBusTransport, DBusConnection: Add internal getter for the credentialsSimon McVittie2018-03-021-0/+16
| | | | | | | | | We have a lot of dbus_connection_get_foo() and _dbus_transport_get_foo() that are actually rather redundant. Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103737
* transport: Don't pile up errors for semicolon-separated componentsSimon McVittie2017-06-081-0/+3
| | | | | | | | | | If we somehow get an autolaunch address with multiple semicolon-separated components, and one of them fails, then we will hit an assertion failure when we try the next one. Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101257
* DBusTransport: be explicit about _dbus_auth_do_work() resultsSimon McVittie2017-04-071-1/+10
| | | | | | | | | | | | | Explicitly enumerate the states where we reset the maybe_authenticated flag, and assert that _dbus_auth_do_work() doesn't return an impossible or invalid state (by source code inspection, it doesn't). This silences -Wswitch-enum. Based on part of a patch from Thomas Zimmermann. Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98191
* DBusTransport: assert that invalid results don't happenSimon McVittie2017-04-071-0/+3
| | | | | | | | | | This silences -Wswitch-default. Based on part of a patch from Thomas Zimmermann. Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98191
* Only read one message at a time if there are fds pendingSimon McVittie2017-02-011-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | systemd-logind's OpenSession() API call returns a fd. If there is a flood of new sessions, it is possible that by the time we finish reading message 1, message 2 will already be in our incoming buffer and so on. This results in systemd-logind consistently having one or more fds enqueued for an extended period, which we interpret as a denial of service attack, and handle by kicking it off the bus (at least until we worked around the resulting logind failure by making uid 0 immune to that particular anti-DoS mechanism, but that workaround doesn't work for other uids). To avoid this without the complexity of tracking multiple countdowns per connection (one for each message with fds), we can avoid reading any additional messages while we already have a message with a fd attached pending processing. To avoid stalling, we have to read the rest of any partial message we might have, but we stop after that. Assuming we are able to get rid of the pending fds within a reasonable time, we'll eventually drain the incoming queue to a level of 0 bytes and 0 fds, at which point the countdown stops. To make this actually work, we need fd.o #95619 to be fixed first, so that when we receive more fds and restart the countdown, it restarts with its correct time remaining. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=95263 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Tested-by: Kai-Heng Feng
* Fix double printing function name in _dbus_verbose() messages.Ralf Habacker2016-10-051-2/+2
| | | | | Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98089
* Remove trailing newlines from _dbus_warn, _dbus_warn_check_failedSimon McVittie2016-09-301-1/+1
| | | | | | | They used to be needed, but are not needed any more, and we were never completely consistent about including them in any case. Signed-off-by: Simon McVittie <smcv@debian.org>
* Protect 'orig_len' in recover_unused_bytes by DBUS_ENABLE_VERBOSE_MODEThomas Zimmermann2016-08-111-2/+6
| | | | | | Signed-off-by: Thomas Zimmermann <tdz@users.sourceforge.net> Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=97282
* generic socket transport code: work in terms of DBusSocketSimon McVittie2015-05-121-1/+1
| | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89444 Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
* Merge branch 'dbus-1.8'Simon McVittie2015-05-051-2/+2
|\
| * extend lock's range in live_messages_notify()Adrian Szyndela2015-05-051-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | The other code paths that ref or unref a transport are protected by the DBusConnection's lock. This function already used that lock, but for a narrower scope than the refcount manipulation. live_messages_notify() could be triggered by unreffing messages that originated from the same connection in a different thread. [smcv: added commit message] Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90312 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* | Add LSM-agnostic support for LinuxSecurityLabel credentialSimon McVittie2015-02-181-0/+27
|/ | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89041 Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> (for SELinux) Acked-by: John Johansen <john.johansen@canonical.com> (for AppArmor) Acked-by: Casey Schaufler <casey@schaufler-ca.com> (for Smack) Tested-by: Tyler Hicks <tyhicks@canonical.com>
* DBusConnection: implements _dbus_connection_set_pending_fds_functionAlban Crequy2014-09-151-0/+16
| | | | | | | | | | This is one of four commits needed to address CVE-2014-3637. This will allow the bus to be notified whenever a file descriptor is added or removed from a DBusConnection's DBusMessageLoader. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80559 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* DBusConnection: implements _dbus_connection_get_pending_fds_countAlban Crequy2014-09-151-0/+11
| | | | | | | | | | | | This is one of four commits needed to address CVE-2014-3637. This will allow the bus to know whether there are pending file descriptors in a DBusConnection's DBusMessageLoader. https://bugs.freedesktop.org/show_bug.cgi?id=80559 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk> [fix compilation on platforms that do not HAVE_UNIX_FD_PASSING -smcv] Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* dbus-message.c: unused variable bytes_read in _dbus_message_loader_get_bufferVasiliy Balyasnyy2013-10-081-6/+2
| | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=70218 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* Revert "Factor out DBusAuthorization from DBusTransport"Simon McVittie2013-08-231-53/+214
| | | | This reverts commit 600621dbc8073527a958091316eddfbb490c1032.
* Revert "Actually use DBusAuthorization in DBusAuth EXTERNAL mech"Simon McVittie2013-08-231-1/+1
| | | | This reverts commit d5d25b5efd35d8d9bbb9d58cae441debf8f7ded6.
* Revert "Remove refcounting from DBusAuth and DBusAuthorization"Simon McVittie2013-08-231-9/+9
| | | | This reverts commit 7f6d7229d8812d985d544cf5dd3636865c5abc81.
* Revert "Remove transport's call to _dbus_authorization_do_authorization()."Simon McVittie2013-08-231-0/+23
| | | | This reverts commit 64e50dd167993fb2344d2d3be18bb0d5820b5b26.
* Remove transport's call to _dbus_authorization_do_authorization().Cosimo Alfarano2013-08-231-23/+0
| | | | | | | | | | All mechs do authorization before answering OK/REJECT. There is no reason to run a second round of authorization which will return the same answer of the first time (when OK) or will never be reched (if REJECTed). Bug: http://bugs.freedesktop.org/show_bug.cgi?id=39720 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* Remove refcounting from DBusAuth and DBusAuthorizationCosimo Alfarano2013-08-231-9/+9
| | | | | | | | | | | | | | | Those structs are for DBusTransport internal use, they should not be referenced outside it. The transport needs only to allocate memory on initialization and free it on finalization. The lifecycle for the two allocated structs is DBusTransport lifecycle and at DBusTransport's finalization its connection is already disconnected. The assumption is that the transport owns a reference for any object the two structs holds a reference for (particularly DBusConnection) Bug: http://bugs.freedesktop.org/show_bug.cgi?id=39720 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* Actually use DBusAuthorization in DBusAuth EXTERNAL mechCosimo Alfarano2013-08-231-1/+1
| | | | | | | | Also update the authentication script so that DBusAuthorization default rules are used during testing. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39720 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* Factor out DBusAuthorization from DBusTransportCosimo Alfarano2013-08-231-214/+53
| | | | | | | | | | In order to authorize/reject a connection in a polite way, instead of cutting it off after authentication succeed and Hello() is sent, because authorization failed, we need to factor out some authorization bits from DBusTransport and pass them to DBusAuth. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39720 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* Fix confusion between "is it authenticated?" and "try to authenticate"Simon McVittie2013-08-231-5/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | Historically, _dbus_transport_get_is_authenticated() has had the side-effect of trying to advance the authentication state machine (if there's enough buffered input to do so). This seems an inappropriate activity for what looks like a simple getter. Split it into _dbus_transport_try_to_authenticate (which does what it always used to do) and _dbus_transport_peek_is_authenticated (which is the simple getter version). To minimize the difference in behaviour for the stable branch of D-Bus, I've only used _dbus_transport_peek_is_authenticated where it was used in an assertion, which should clearly not have side effects (and I've checked that the asserting function cannot be called until both authentication and authorization have completed). Replacing most of the calls to get_is_authenticated with try_to_authenticate is a possible piece of future work. Based on patches from Cosimo Alfarano, who noticed this assertion-with-side-effects. Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> https://bugs.freedesktop.org/show_bug.cgi?id=39720 Reviewed-by: Cosimo Alfarano <cosimo.alfarano@collabora.com>
* Doc: fix incorrect param names, missing params, non-exist paramsChengwei Yang2013-08-221-0/+2
| | | | | | Signed-off-by: Chengwei Yang <chengwei.yang@intel.com> Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65755
* tests to embedded tests: replaced in libdbusChengwei Yang2013-06-281-2/+2
| | | | | | Signed-off-by: Chengwei Yang <chengwei.yang@intel.com> Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=66291
* Rename the term 'unix_pid' to 'pid' in variables and functions.Ralf Habacker2013-03-081-1/+1
| | | | | | | | Windows also has numeric process IDs that fit in an unsigned long, so there's no reason this has to be Unix-specific. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61787 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* DBusTransport: do not assert that autolaunch address is non-emptySimon McVittie2012-07-031-1/+0
| | | | | | | | | | dbus-launch can apparently return an empty address under certain circumstances, and dbus_parse_address() in the next line will return a nice DBusError for an empty address rather than aborting the process. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=51657 Bug-Debian: http://bugs.debian.org/680027 Reviewed-by: David Zeuthen <davidz@redhat.com>
* DBusTransport: don't include dbus-marshal-header.h eitherSimon McVittie2012-02-211-1/+0
| | | | | | | | No longer needed. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=46095 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Guillaume Desmottes <guillaume.desmottes@collabora.co.uk>
* DBusTransport: don't use dbus-message-private.hSimon McVittie2012-02-211-1/+1
| | | | | | | | It seems it's no longer needed here. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=46095 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Guillaume Desmottes <guillaume.desmottes@collabora.co.uk>
* Don't finalize sent or dispatched messages while under the connection lockSimon McVittie2011-07-281-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | Finalizing a message can trigger callbacks; that's bad, if we have a connection locked. In particular, if a message is received by the "left side", passed to the "right side" and sent (as in test/relay.c (see the diagram there) or in dbus-daemon), then finalizing that message could result in the live messages counter for the left side, and the outgoing messages counter for the right side, both being decremented while under either side's lock. After a message is dispatched on the left side, finalizing it now drops the lock temporarily, to avoid this problem. After a message is sent on the right side, finalizing it is now deferred until the right side unlocks, by moving it to a new queue of "expired messages" which is automatically cleared every time we release the lock. The "live messages" counter for the "left" connection will now explicitly take the left connection's lock before decrementing, to avoid manipulating watches without a lock. Reviewed-by: Colin Walters <walters@verbum.org> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=34393
* When attaching counters to messages, don't automatically notify callbacksSimon McVittie2011-07-281-0/+7
| | | | | | | | | In all the places where counters are added, we're under a lock. The caller knows what effect adding the counter might have, and can replicate it in a lock-safe way if necessary. Reviewed-by: Colin Walters <walters@verbum.org> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=34393
* Also record peak values for queued bytes/fds in connection statsSimon McVittie2011-06-241-1/+9
| | | | | Reviewed-by: Cosimo Alfarano <cosimo.alfarano@collabora.co.uk> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=34040
* DBusConnection, DBusTransport: add queue statisticsSimon McVittie2011-06-241-0/+14
| | | | | Reviewed-by: Cosimo Alfarano <cosimo.alfarano@collabora.co.uk> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=34040
* DBusTransport: don't copy DBusAuth's GUID to expected_guidSimon McVittie2011-02-161-11/+3
| | | | | | | | | | | | | | There was previously a leak in _dbus_transport_get_is_authenticated, if we hit OOM when copying the server's actual GUID. This would fail the "SHA1 connection test" if _dbus_iterate was modified to allocate and free one extra pointer per iteration. Rather than adding OOM handling everywhere, if we avoid strdup'ing the GUID, and just re-fetch the const string from the DBusAuth object on demand instead, we go back to a situation where _dbus_transport_get_is_authenticated can't fail. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=33126
* Extended autolaunch protocol with scope attribute.Ralf Habacker2010-09-271-3/+5
|
* Cleaned up _dbus_verbose calls: function names and code line numbers are ↵Ralf Habacker2010-03-271-9/+9
| | | | printed by default.
* Consistently include <config.h> in all C source files and never in header files.Marcus Brinkmann2010-03-191-0/+1
|
* dbus/dbus-transport.c: _dbus_credentials_get_windows_sid might return NULL ↵Tor Lillqvist2009-11-301-2/+4
| | | | (cherry picked from commit 8d8d5fa1babc8f51f1d1bb95b8116850978c60d9)
* dbus/dbus-transport.c: fix {our,auth}_identity mismatch (cherry picked from ↵Tor Lillqvist2009-11-301-2/+2
| | | | commit e15f1cde3b5893357f640e360f64c0a1ae37f93b)
* Merge branch 'fd-passing'Thiago Macieira2009-07-161-15/+92
|\ | | | | | | | | | | | | Conflicts: dbus/dbus-connection.c dbus/dbus-message-util.c dbus/dbus-sysdeps-unix.c
| * unix-fd: add logic to count unix fds the same way as allocated memoryLennart Poettering2009-05-201-18/+76
| | | | | | | | This make all counters count both bytes of memory and unix fds.
| * auth: add fd passing negotiation supportLennart Poettering2009-05-201-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds two new directives to the auth protocol: NEGOTIATE_UNIX_FD is sent by the client after the authentication was sucessful, i.e. OK was received. AGREE_UNIX_FD is then sent by the server if it can do unix fd passing as well. ERROR is returned when the server cannot or is unwilling to do unix fd passing. This should be compatible with existing D-Bus implementations which will naturally return ERROR on NEGOTIATE_UNIX_FD.
| * unix-fd: add message encoding/decoding for unix fdsLennart Poettering2009-05-201-2/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When appending unix fds to the message a new entry in the fd array will be allocated and the index to it will be written to the message payload. When parsing unix fds from the message the index will be read from the payload and then looked up in the fd array. When we read fds we put them in a queue first. Since each message knows how many fds are attached to it we will then pop enough fds from this queue each time we decode a message from the stream. This should make sending and receiving more portable since we don't make any strong requirements on the exact semantics of the SCM_RIGHTS implementation: as long as fds are recieved in order, none or lost and the arrive at the same time as at least one byte from the actual message dat we should be able to handle them correctly.
View Lorry Controller Status