platform/upstream/dbus.git
15 years agoDon't allocate DBusTimeout for pending call when passed INT_MAX
Scott James Remnant [Mon, 11 May 2009 21:40:38 +0000 (22:40 +0100)]
Don't allocate DBusTimeout for pending call when passed INT_MAX

* dbus/dbus-pending-call.c (_dbus_pending_call_new_unlocked): When passed
  INT_MAX, do not clamp the value and do not allocate a timeout for the call
  (_dbus_pending_call_get_timeout_unlocked): Document that this may return
  NULL.

Signed-off-by: Scott James Remnant <scott@ubuntu.com>
15 years agoAllow a pending call to block forever
Scott James Remnant [Mon, 11 May 2009 21:40:10 +0000 (22:40 +0100)]
Allow a pending call to block forever

* dbus/dbus-connection.c (_dbus_connection_block_pending_call): Allow the
  pending call to have no timeout, in which case we simply block until we
  complete, have data or get disconnected.

Signed-off-by: Scott James Remnant <scott@ubuntu.com>
15 years agoMake sure a pending call timeout isn't assumed.
Scott James Remnant [Mon, 11 May 2009 21:38:23 +0000 (22:38 +0100)]
Make sure a pending call timeout isn't assumed.

* dbus/dbus-connection.c (_dbus_connection_attach_pending_call_unlocked):
  Don't assume that the pending call has a timeout.
  (connection_timeout_and_complete_all_pending_call_unlocked): check that
  the timeout was actually added before removing it; this safeguards us
  if the pending call doesn't have a timeout.

Signed-off-by: Scott James Remnant <scott@ubuntu.com>
15 years agoMerge branch 'dbus-1.2'
Thiago Macieira [Wed, 13 May 2009 13:52:26 +0000 (15:52 +0200)]
Merge branch 'dbus-1.2'

15 years agoMerge branch 'dbus-1.2'
Thiago Macieira [Wed, 13 May 2009 13:52:18 +0000 (15:52 +0200)]
Merge branch 'dbus-1.2'

Conflicts:
dbus/dbus-sysdeps-util-unix.c

15 years agoconfigure.in: fail abstract socket test gracefully when cross-compiling
Marc Mutz [Wed, 7 Jan 2009 11:46:53 +0000 (12:46 +0100)]
configure.in: fail abstract socket test gracefully when cross-compiling

 * configure.in: only run AC_CACHE_CHECK if enable_abstract_sockets=auto
 * configure.in: warn that, when cross-compiling, we're unable to detect
                 abstract sockets availability automatically

Signed-off-by: Thiago Macieira <thiago@kde.org>
15 years agoconfigure.in: not all gccs support -Wno-pointer-sign
Marc Mutz [Fri, 17 Apr 2009 14:23:42 +0000 (16:23 +0200)]
configure.in: not all gccs support -Wno-pointer-sign

Signed-off-by: Thiago Macieira <thiago@kde.org>
15 years agoRelease 1.2.14 dbus-1.2.14
Colin Walters [Mon, 27 Apr 2009 16:13:25 +0000 (12:13 -0400)]
Release 1.2.14

15 years agolibselinux behavior in permissive mode wrt invalid domains
Eamon Walsh [Tue, 21 Apr 2009 23:11:22 +0000 (19:11 -0400)]
libselinux behavior in permissive mode wrt invalid domains

Stephen Smalley wrote:
> On Tue, 2009-04-21 at 16:32 -0400, Joshua Brindle wrote:
>
>> Stephen Smalley wrote:
>>
>>> On Thu, 2009-04-16 at 20:47 -0400, Eamon Walsh wrote:
>>>
>>>> Stephen Smalley wrote:
>>>>
>> <snip>
>>
>>
>>> No, I don't want to change the behavior upon context_to_sid calls in
>>> general, as we otherwise lose all context validity checking in
>>> permissive mode.
>>>
>>> I think I'd rather change compute_sid behavior to preclude the situation
>>> from arising in the first place, possibly altering the behavior in
>>> permissive mode upon an invalid context to fall back on the ssid
>>> (process) or the tsid (object).  But I'm not entirely convinced any
>>> change is required here.
>>>
>>>
>> I just want to follow up to make sure we are all on the same page here. Was the
>> suggestion to change avc_has_perm in libselinux or context_to_sid in the kernel
>> or leave the code as is and fix the callers of avc_has_perm to correctly handle
>> error codes?
>>
>> I prefer the last approach because of Eamon's explanation, EINVAL is already
>> passed in errno to specify the context was invalid (and if object managers
>> aren't handling that correctly now there is a good chance they aren't handling
>> the ENOMEM case either).
>>
>
> I'd be inclined to change compute_sid (not context_to_sid) in the kernel
> to prevent invalid contexts from being formed even in permissive mode
> (scenario is a type transition where role is not authorized for the new
> type).  That was originally to allow the system to boot in permissive
> mode.  But an alternative would be to just stay in the caller's context
> (ssid) in that situation.
>
> Changing the callers of avc_has_perm() to handle EINVAL and/or ENOMEM
> may make sense, but that logic should not depend on enforcing vs.
> permissive mode.
>
>

FWIW, the following patch to D-Bus should help:

bfo21072 - Log SELinux denials better by checking errno for the cause

    Note that this does not fully address the bug report since
    EINVAL can still be returned in permissive mode.  However the log
    messages will now reflect the proper cause of the denial.

Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Colin Walters <walters@verbum.org>
15 years agobfo20738 - Return a useful error message from dbus_signature_validate()
Federico Mena Quintero [Wed, 18 Mar 2009 22:17:00 +0000 (16:17 -0600)]
bfo20738 - Return a useful error message from dbus_signature_validate()

Signed-off-by: Federico Mena Quintero <federico@novell.com>
15 years agobfo20738 - Translate DBusValidity into error message
Federico Mena Quintero [Wed, 18 Mar 2009 22:15:23 +0000 (16:15 -0600)]
bfo20738 - Translate DBusValidity into error message

Signed-off-by: Federico Mena Quintero <federico@novell.com>
15 years agoBug 19567 - Make marshaling code usable without DBusConnection
William Lachance [Tue, 21 Apr 2009 17:51:46 +0000 (13:51 -0400)]
Bug 19567 - Make marshaling code usable without DBusConnection

Some projects want to reuse the DBus message format, without
actually going through a DBusConnection.  This set of changes
makes a few functions from DBusMessage public, and adds a new
function to determine the number of bytes needed to demarshal
a message.

Signed-off-by: Colin Walters <walters@verbum.org>
15 years agoFollowup Bug 19502 - Don't attempt to init va_list, not portable
Colin Walters [Tue, 21 Apr 2009 17:11:54 +0000 (13:11 -0400)]
Followup Bug 19502 - Don't attempt to init va_list, not portable

15 years agoBug 19502 - Sparse warning cleanups
Kjartan Maraas [Tue, 21 Apr 2009 16:52:22 +0000 (12:52 -0400)]
Bug 19502 - Sparse warning cleanups

This patch makes various things that should be static static,
corrects some "return FALSE" where it should be NULL, etc.

Signed-off-by: Colin Walters <walters@verbum.org>
15 years agodbus-launch: use InputOnly X window
Eamon Walsh [Fri, 20 Mar 2009 04:26:42 +0000 (00:26 -0400)]
dbus-launch: use InputOnly X window

Working on SELinux policy for X, and came across this issue in dbus-launch:

Windows created for use as property/selection placeholders should be of
class InputOnly, since no drawing is ever done to them.

Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Thiago Macieira <thiago@kde.org>
15 years agoBug 20494 - Fix signed confusion for dbus_message_get_reply_serial return
Johan Gyllenspetz [Tue, 17 Mar 2009 21:26:03 +0000 (17:26 -0400)]
Bug 20494 - Fix signed confusion for dbus_message_get_reply_serial return

We were incorrectly converting the serial to a signed integer
and comparing it to -1.

Signed-off-by: Colin Walters <walters@verbum.org>
15 years agoBug 20137 - Fix alignment usage when demarshaling basics
Colin Walters [Wed, 25 Feb 2009 16:10:15 +0000 (11:10 -0500)]
Bug 20137 - Fix alignment usage when demarshaling basics

We can't safely type-pun from e.g. char * to DBusBasicValue *, because
the latter has higher alignment requirements.  Instead, create an
explicit pointer for each case.

Also, we mark each one volatile to sidestep strict aliasing issues, for
the future when we turn on strict aliasing support.

Original patch and review from Jay Estabrook <jay.estabrook@hp.com>.

15 years agoAlways append closing quote in log command
Colin Walters [Thu, 12 Mar 2009 14:31:54 +0000 (10:31 -0400)]
Always append closing quote in log command

Patch suggested by Tomas Hoger <thoger@redhat.com>

15 years agoBug 17803 - Fix both test case and validation logic
Colin Walters [Wed, 1 Apr 2009 16:02:00 +0000 (12:02 -0400)]
Bug 17803 - Fix both test case and validation logic

The previous commit had errors in both the test case and
the validation logic.  The test case was missing a trailing
comma before the previous one, so we weren't testing the
signature we thought we were.

The validation logic was wrong because if the type was not valid,
we'd drop through the entire if clause, and thus skip returning
an error code, and accept the signature.

15 years agoMerge branch 'dbus-1.2'
Thiago Macieira [Tue, 28 Apr 2009 13:16:36 +0000 (15:16 +0200)]
Merge branch 'dbus-1.2'

Conflicts:
bus/bus.c
bus/config-parser-common.c
bus/config-parser-common.h
bus/config-parser.c
bus/connection.c
bus/dbus-daemon.1.in
dbus/dbus-marshal-validate-util.c
dbus/dbus-marshal-validate.c
dbus/dbus-sysdeps-util-unix.c
test/name-test/tmp-session-like-system.conf

15 years agoconfigure.in: fix help string alignment
Marc Mutz [Mon, 20 Apr 2009 11:47:59 +0000 (13:47 +0200)]
configure.in: fix help string alignment

* AC_ARG_ENABLE(libaudit: use AS_HELP_STRING for aligned help messages

Signed-off-by: Thiago Macieira <thiago@kde.org>
(cherry picked from commit 660073925b03cad2f6e95ba9f25a81c2d9727185)

15 years agolibselinux behavior in permissive mode wrt invalid domains
Eamon Walsh [Tue, 21 Apr 2009 23:11:22 +0000 (19:11 -0400)]
libselinux behavior in permissive mode wrt invalid domains

Stephen Smalley wrote:
> On Tue, 2009-04-21 at 16:32 -0400, Joshua Brindle wrote:
>
>> Stephen Smalley wrote:
>>
>>> On Thu, 2009-04-16 at 20:47 -0400, Eamon Walsh wrote:
>>>
>>>> Stephen Smalley wrote:
>>>>
>> <snip>
>>
>>
>>> No, I don't want to change the behavior upon context_to_sid calls in
>>> general, as we otherwise lose all context validity checking in
>>> permissive mode.
>>>
>>> I think I'd rather change compute_sid behavior to preclude the situation
>>> from arising in the first place, possibly altering the behavior in
>>> permissive mode upon an invalid context to fall back on the ssid
>>> (process) or the tsid (object).  But I'm not entirely convinced any
>>> change is required here.
>>>
>>>
>> I just want to follow up to make sure we are all on the same page here. Was the
>> suggestion to change avc_has_perm in libselinux or context_to_sid in the kernel
>> or leave the code as is and fix the callers of avc_has_perm to correctly handle
>> error codes?
>>
>> I prefer the last approach because of Eamon's explanation, EINVAL is already
>> passed in errno to specify the context was invalid (and if object managers
>> aren't handling that correctly now there is a good chance they aren't handling
>> the ENOMEM case either).
>>
>
> I'd be inclined to change compute_sid (not context_to_sid) in the kernel
> to prevent invalid contexts from being formed even in permissive mode
> (scenario is a type transition where role is not authorized for the new
> type).  That was originally to allow the system to boot in permissive
> mode.  But an alternative would be to just stay in the caller's context
> (ssid) in that situation.
>
> Changing the callers of avc_has_perm() to handle EINVAL and/or ENOMEM
> may make sense, but that logic should not depend on enforcing vs.
> permissive mode.
>
>

FWIW, the following patch to D-Bus should help:

bfo21072 - Log SELinux denials better by checking errno for the cause

    Note that this does not fully address the bug report since
    EINVAL can still be returned in permissive mode.  However the log
    messages will now reflect the proper cause of the denial.

Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Colin Walters <walters@verbum.org>
15 years agobfo20738 - Return a useful error message from dbus_signature_validate()
Federico Mena Quintero [Wed, 18 Mar 2009 22:17:00 +0000 (16:17 -0600)]
bfo20738 - Return a useful error message from dbus_signature_validate()

Signed-off-by: Federico Mena Quintero <federico@novell.com>
15 years agobfo20738 - Translate DBusValidity into error message
Federico Mena Quintero [Wed, 18 Mar 2009 22:15:23 +0000 (16:15 -0600)]
bfo20738 - Translate DBusValidity into error message

Signed-off-by: Federico Mena Quintero <federico@novell.com>
15 years agoBug 19567 - Make marshaling code usable without DBusConnection
William Lachance [Tue, 21 Apr 2009 17:51:46 +0000 (13:51 -0400)]
Bug 19567 - Make marshaling code usable without DBusConnection

Some projects want to reuse the DBus message format, without
actually going through a DBusConnection.  This set of changes
makes a few functions from DBusMessage public, and adds a new
function to determine the number of bytes needed to demarshal
a message.

Signed-off-by: Colin Walters <walters@verbum.org>
15 years agoFollowup Bug 19502 - Don't attempt to init va_list, not portable
Colin Walters [Tue, 21 Apr 2009 17:11:54 +0000 (13:11 -0400)]
Followup Bug 19502 - Don't attempt to init va_list, not portable

15 years agoBug 19502 - Sparse warning cleanups
Kjartan Maraas [Tue, 21 Apr 2009 16:52:22 +0000 (12:52 -0400)]
Bug 19502 - Sparse warning cleanups

This patch makes various things that should be static static,
corrects some "return FALSE" where it should be NULL, etc.

Signed-off-by: Colin Walters <walters@verbum.org>
15 years agoMerge branch 'dbus-1.2'
Thiago Macieira [Tue, 21 Apr 2009 11:00:50 +0000 (13:00 +0200)]
Merge branch 'dbus-1.2'

15 years agoconfigure.in: fix help string alignment
Marc Mutz [Mon, 20 Apr 2009 11:47:59 +0000 (13:47 +0200)]
configure.in: fix help string alignment

* AC_ARG_ENABLE(libaudit: use AS_HELP_STRING for aligned help messages

Signed-off-by: Thiago Macieira <thiago@kde.org>
(cherry picked from commit 660073925b03cad2f6e95ba9f25a81c2d9727185)

15 years agoconfigure.in: fix help string alignment
Marc Mutz [Mon, 20 Apr 2009 11:47:59 +0000 (13:47 +0200)]
configure.in: fix help string alignment

* AC_ARG_ENABLE(libaudit: use AS_HELP_STRING for aligned help messages

Signed-off-by: Thiago Macieira <thiago@kde.org>
15 years agoBug 17803 - Fix both test case and validation logic
Colin Walters [Wed, 1 Apr 2009 16:02:00 +0000 (12:02 -0400)]
Bug 17803 - Fix both test case and validation logic

The previous commit had errors in both the test case and
the validation logic.  The test case was missing a trailing
comma before the previous one, so we weren't testing the
signature we thought we were.

The validation logic was wrong because if the type was not valid,
we'd drop through the entire if clause, and thus skip returning
an error code, and accept the signature.

15 years agodbus-launch: use InputOnly X window
Eamon Walsh [Fri, 20 Mar 2009 04:26:42 +0000 (00:26 -0400)]
dbus-launch: use InputOnly X window

Working on SELinux policy for X, and came across this issue in dbus-launch:

Windows created for use as property/selection placeholders should be of
class InputOnly, since no drawing is ever done to them.

Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Thiago Macieira <thiago@kde.org>
15 years agoBug 20494 - Fix signed confusion for dbus_message_get_reply_serial return
Johan Gyllenspetz [Tue, 17 Mar 2009 21:26:03 +0000 (17:26 -0400)]
Bug 20494 - Fix signed confusion for dbus_message_get_reply_serial return

We were incorrectly converting the serial to a signed integer
and comparing it to -1.

Signed-off-by: Colin Walters <walters@verbum.org>
15 years agoBug 20137 - Fix alignment usage when demarshaling basics
Colin Walters [Wed, 25 Feb 2009 16:10:15 +0000 (11:10 -0500)]
Bug 20137 - Fix alignment usage when demarshaling basics

We can't safely type-pun from e.g. char * to DBusBasicValue *, because
the latter has higher alignment requirements.  Instead, create an
explicit pointer for each case.

Also, we mark each one volatile to sidestep strict aliasing issues, for
the future when we turn on strict aliasing support.

Original patch and review from Jay Estabrook <jay.estabrook@hp.com>.

15 years agoAlways append closing quote in log command
Colin Walters [Thu, 12 Mar 2009 14:31:54 +0000 (10:31 -0400)]
Always append closing quote in log command

Patch suggested by Tomas Hoger <thoger@redhat.com>

15 years agoFix typo in docs.
Xan Lopez [Mon, 14 Apr 2008 12:46:33 +0000 (15:46 +0300)]
Fix typo in docs.

15 years agoFix typo in docs.
Xan Lopez [Mon, 14 Apr 2008 12:46:33 +0000 (15:46 +0300)]
Fix typo in docs.

15 years agoBump for unstable cycle
Colin Walters [Wed, 7 Jan 2009 00:36:11 +0000 (19:36 -0500)]
Bump for unstable cycle

15 years agoRelease 1.2.12. dbus-1.2.12
Colin Walters [Wed, 7 Jan 2009 00:35:55 +0000 (19:35 -0500)]
Release 1.2.12.

15 years agoAdd Scott to HACKING
Colin Walters [Tue, 23 Sep 2008 18:56:41 +0000 (14:56 -0400)]
Add Scott to HACKING

15 years agoBug 17060: Explicitly hard fail if expat is not available
Colin Walters [Mon, 11 Aug 2008 20:50:39 +0000 (16:50 -0400)]
Bug 17060: Explicitly hard fail if expat is not available

* configure.in: Tweak libxml/expat detection and handling.

15 years agoBug 17969: Don't test for abstract sockets if explicitly disabled
Lionel Landwerlin [Sat, 18 Oct 2008 18:25:52 +0000 (14:25 -0400)]
Bug 17969: Don't test for abstract sockets if explicitly disabled
Signed-off-by: Colin Walters <walters@verbum.org>
15 years agoBug 18064 - more efficient validation for fixed-size type arrays
Jon Gosting [Tue, 11 Nov 2008 04:29:05 +0000 (23:29 -0500)]
Bug 18064 - more efficient validation for fixed-size type arrays

* dbus/dbus-marshal-validate.c: If an array is fixed size,
skip validation

Signed-off-by: Colin Walters <walters@verbum.org>
15 years agoInitialize AVC earlier so we can look up service security contexts
James Carter [Wed, 1 Oct 2008 20:40:33 +0000 (16:40 -0400)]
Initialize AVC earlier so we can look up service security contexts

* bus/bus.c: Initialize AVC earlier:
http://lists.freedesktop.org/archives/dbus/2008-October/010493.html

Signed-off-by: Colin Walters <walters@verbum.org>
15 years agoPrint serial in dbus-monitor
Michael Meeks [Fri, 29 Aug 2008 12:48:45 +0000 (08:48 -0400)]
Print serial in dbus-monitor

* tools/dbus-print-message.c: Print serial too.

Signed-off-by: Colin Walters <walters@verbum.org>
15 years ago[win32] Protect usage of SIGHUP with #ifdef
Tor Lillqvist [Thu, 18 Sep 2008 23:40:50 +0000 (19:40 -0400)]
[win32] Protect usage of SIGHUP with #ifdef

Signed-off-by: Colin Walters <walters@verbum.org>
15 years agoBug 15412: Add --address option to dbus-send
Lawrence R. Steeger [Sat, 18 Oct 2008 18:50:49 +0000 (14:50 -0400)]
Bug 15412: Add --address option to dbus-send
Signed-off-by: Colin Walters <walters@verbum.org>
15 years agoBug 18446: Keep umask for session bus
Matt McCutchen [Mon, 10 Nov 2008 13:55:27 +0000 (08:55 -0500)]
Bug 18446: Keep umask for session bus

Signed-off-by: Colin Walters <walters@verbum.org>
15 years agoFix cross-compiling with autotools.
Diego E. 'Flameeyes' Pettenò [Sun, 4 Jan 2009 00:16:50 +0000 (01:16 +0100)]
Fix cross-compiling with autotools.

The AC_CANONICAL_TARGET macro and the $target_os variables are used for the
target of compilers and other code-generation tools, and should not be used
during cross-compile of generic software. Replace them with
AC_CANONICAL_HOST and $host_os instead, as they should have been from the
start.

For a breakdown of what host, build and target machines are, please see
http://blog.flameeyes.eu/s/canonical-target .

15 years agoAvoid possible use of uninitialized variable
Peter Breitenlohner [Tue, 6 Jan 2009 21:48:39 +0000 (16:48 -0500)]
Avoid possible use of uninitialized variable

Signed-off-by: Colin Walters <walters@verbum.org>
15 years agoEnable -Werror by default with --enable-maintainer-mode, and change warnings
Colin Walters [Sat, 20 Dec 2008 01:02:14 +0000 (20:02 -0500)]
Enable -Werror by default with --enable-maintainer-mode, and change warnings

Important compiler warnings were being lost in the noise from warnings
we know about but aren't problems, and moreover made using -Werror
difficult.  Now we expect *all* developers and testers to be using
-Werror.

15 years agoVarious compiler warning fixes
Colin Walters [Fri, 19 Dec 2008 23:54:59 +0000 (18:54 -0500)]
Various compiler warning fixes

15 years agoBug 19307: Add missing syslog include
Colin Walters [Tue, 6 Jan 2009 22:34:20 +0000 (17:34 -0500)]
Bug 19307: Add missing syslog include

15 years agoFix cross-compiling with autotools.
Diego E. 'Flameeyes' Pettenò [Sun, 4 Jan 2009 00:16:50 +0000 (01:16 +0100)]
Fix cross-compiling with autotools.

The AC_CANONICAL_TARGET macro and the $target_os variables are used for the
target of compilers and other code-generation tools, and should not be used
during cross-compile of generic software. Replace them with
AC_CANONICAL_HOST and $host_os instead, as they should have been from the
start.

For a breakdown of what host, build and target machines are, please see
http://blog.flameeyes.eu/s/canonical-target .

15 years agoAvoid possible use of uninitialized variable
Peter Breitenlohner [Tue, 6 Jan 2009 21:48:39 +0000 (16:48 -0500)]
Avoid possible use of uninitialized variable

Signed-off-by: Colin Walters <walters@verbum.org>
15 years agoEnable -Werror by default with --enable-maintainer-mode, and change warnings
Colin Walters [Sat, 20 Dec 2008 01:02:14 +0000 (20:02 -0500)]
Enable -Werror by default with --enable-maintainer-mode, and change warnings

Important compiler warnings were being lost in the noise from warnings
we know about but aren't problems, and moreover made using -Werror
difficult.  Now we expect *all* developers and testers to be using
-Werror.

15 years agoVarious compiler warning fixes
Colin Walters [Fri, 19 Dec 2008 23:54:59 +0000 (18:54 -0500)]
Various compiler warning fixes

15 years agoBump for unstable cycle
Colin Walters [Fri, 19 Dec 2008 20:17:49 +0000 (15:17 -0500)]
Bump for unstable cycle

15 years agoRelease 1.2.10 dbus-1.2.10
Colin Walters [Fri, 19 Dec 2008 20:17:24 +0000 (15:17 -0500)]
Release 1.2.10

15 years agoAdd requested_reply to send denials, and connection loginfo to "would deny"
Colin Walters [Thu, 18 Dec 2008 00:29:39 +0000 (19:29 -0500)]
Add requested_reply to send denials, and connection loginfo to "would deny"

The requested_reply field is necessary in send denials too because
it's used in the policy language.  The connection loginfo lack in
"would deny" was just an oversight.

15 years agoAdd uid, pid, and command to security logs
Colin Walters [Wed, 17 Dec 2008 21:01:28 +0000 (16:01 -0500)]
Add uid, pid, and command to security logs

Extend the current security logs with even more relevant
information than just the message content.  This requires
some utility code to look up and cache (as a string)
the data such as the uid/pid/command when a connection is
authenticated.

15 years agoClean up and clarify default system policy
Colin Walters [Fri, 12 Dec 2008 19:50:21 +0000 (14:50 -0500)]
Clean up and clarify default system policy

The former was too reliant on old bugs and was generally unclear.
This one makes explicit exactly what is allowed and not.

15 years agoAdd requested_reply to send denials, and connection loginfo to "would deny"
Colin Walters [Thu, 18 Dec 2008 00:29:39 +0000 (19:29 -0500)]
Add requested_reply to send denials, and connection loginfo to "would deny"

The requested_reply field is necessary in send denials too because
it's used in the policy language.  The connection loginfo lack in
"would deny" was just an oversight.

15 years agoAdd uid, pid, and command to security logs
Colin Walters [Wed, 17 Dec 2008 21:01:28 +0000 (16:01 -0500)]
Add uid, pid, and command to security logs

Extend the current security logs with even more relevant
information than just the message content.  This requires
some utility code to look up and cache (as a string)
the data such as the uid/pid/command when a connection is
authenticated.

15 years agoMerge commit '3d6abf64d0abb2718e082e120f14f8f923a4af59' into dbus-1.2
Colin Walters [Tue, 16 Dec 2008 17:29:04 +0000 (12:29 -0500)]
Merge commit '3d6abf64d0abb2718e082e120f14f8f923a4af59' into dbus-1.2

15 years agoAdd optional logging on allow rules
Colin Walters [Tue, 16 Dec 2008 16:57:27 +0000 (11:57 -0500)]
Add optional logging on allow rules

This lets us have a backwards compatibility allow rule but still easily
see when that rule is being used.

15 years agoAdd optional logging on allow rules
Colin Walters [Tue, 16 Dec 2008 16:57:27 +0000 (11:57 -0500)]
Add optional logging on allow rules

This lets us have a backwards compatibility allow rule but still easily
see when that rule is being used.

15 years agoAdd message type to security syslog entries
Colin Walters [Fri, 12 Dec 2008 21:58:06 +0000 (16:58 -0500)]
Add message type to security syslog entries

It's part of the security check, we should have it in the log.

15 years agoAdd message type to security syslog entries
Colin Walters [Fri, 12 Dec 2008 21:58:06 +0000 (16:58 -0500)]
Add message type to security syslog entries

It's part of the security check, we should have it in the log.

15 years agoAdd syslog of security denials and configuration file reloads
Colin Walters [Wed, 10 Dec 2008 19:17:02 +0000 (14:17 -0500)]
Add syslog of security denials and configuration file reloads

We need to start logging denials so that they become more easily trackable
and debuggable.

15 years agoClean up and clarify default system policy
Colin Walters [Fri, 12 Dec 2008 19:50:21 +0000 (14:50 -0500)]
Clean up and clarify default system policy

The former was too reliant on old bugs and was generally unclear.
This one makes explicit exactly what is allowed and not.

15 years agoAdd syslog of security denials and configuration file reloads
Colin Walters [Wed, 10 Dec 2008 19:17:02 +0000 (14:17 -0500)]
Add syslog of security denials and configuration file reloads

We need to start logging denials so that they become more easily trackable
and debuggable.

15 years agoBump version for unstable cycle
Colin Walters [Tue, 9 Dec 2008 15:47:25 +0000 (10:47 -0500)]
Bump version for unstable cycle

15 years agoRelease 1.2.8 dbus-1.2.8
Colin Walters [Tue, 9 Dec 2008 15:46:41 +0000 (10:46 -0500)]
Release 1.2.8

15 years agoAnother manpage update explicitly mentioning bare send_interface
Colin Walters [Tue, 9 Dec 2008 15:15:49 +0000 (10:15 -0500)]
Another manpage update explicitly mentioning bare send_interface

We need to fix all of the bare send_interface rules; see:
https://bugs.freedesktop.org/show_bug.cgi?id=18961

15 years agoAdd at_console docs to manpage, as well as brief <policy> foreward
Colin Walters [Tue, 9 Dec 2008 14:18:49 +0000 (09:18 -0500)]
Add at_console docs to manpage, as well as brief <policy> foreward

We need some sort of general advice here.

15 years agoBug 18229: Allow signals
Colin Walters [Tue, 9 Dec 2008 14:15:06 +0000 (09:15 -0500)]
Bug 18229: Allow signals

Our previous fix went too far towards lockdown; many things rely
on signals to work, and there's no really good reason to restrict
which signals can be emitted on the bus because we can't tie
them to a particular sender.

15 years agoAnother manpage update explicitly mentioning bare send_interface
Colin Walters [Tue, 9 Dec 2008 15:15:49 +0000 (10:15 -0500)]
Another manpage update explicitly mentioning bare send_interface

We need to fix all of the bare send_interface rules; see:
https://bugs.freedesktop.org/show_bug.cgi?id=18961

15 years agoAdd at_console docs to manpage, as well as brief <policy> foreward
Colin Walters [Tue, 9 Dec 2008 14:18:49 +0000 (09:18 -0500)]
Add at_console docs to manpage, as well as brief <policy> foreward

We need some sort of general advice here.

15 years agoMerge branch 'manpage'
Colin Walters [Tue, 9 Dec 2008 14:17:14 +0000 (09:17 -0500)]
Merge branch 'manpage'

15 years agoBug 18229: Allow signals
Colin Walters [Tue, 9 Dec 2008 14:15:06 +0000 (09:15 -0500)]
Bug 18229: Allow signals

Our previous fix went too far towards lockdown; many things rely
on signals to work, and there's no really good reason to restrict
which signals can be emitted on the bus because we can't tie
them to a particular sender.

15 years agoBug 18229: Update manpage with better advice
Colin Walters [Tue, 9 Dec 2008 01:25:02 +0000 (20:25 -0500)]
Bug 18229: Update manpage with better advice

See https://bugs.freedesktop.org/show_bug.cgi?id=18229

15 years agoRelease 1.2.6 dbus-1.2.6
Colin Walters [Fri, 5 Dec 2008 16:53:14 +0000 (11:53 -0500)]
Release 1.2.6

15 years agoBug 18229 - Change system.conf to correctly deny non-reply sends by default
Tomas Hoger [Thu, 4 Dec 2008 20:19:13 +0000 (15:19 -0500)]
Bug 18229 - Change system.conf to correctly deny non-reply sends by default

The previous rule <allow send_requested_reply="true"/> was actually
applied to all messages, even if they weren't a reply.  This meant
that in fact the default DBus policy was effectively allow, rather
than deny as claimed.

This fix ensures that the above rule only applies to actual reply
messages.
Signed-off-by: Colin Walters <walters@verbum.org>
15 years agoInfrastructure for testing a "system like" bus in test suite
Colin Walters [Thu, 4 Dec 2008 19:27:21 +0000 (14:27 -0500)]
Infrastructure for testing a "system like" bus in test suite

The tmp-session-like-system.conf bus configuration has a security
policy intended to mirror that of the system bus.  This allows
testing policy rules.

15 years agoBug 18229 - Change system.conf to correctly deny non-reply sends by default
Tomas Hoger [Thu, 4 Dec 2008 20:19:13 +0000 (15:19 -0500)]
Bug 18229 - Change system.conf to correctly deny non-reply sends by default

The previous rule <allow send_requested_reply="true"/> was actually
applied to all messages, even if they weren't a reply.  This meant
that in fact the default DBus policy was effectively allow, rather
than deny as claimed.

This fix ensures that the above rule only applies to actual reply
messages.
Signed-off-by: Colin Walters <walters@verbum.org>
15 years agoInfrastructure for testing a "system like" bus in test suite
Colin Walters [Thu, 4 Dec 2008 19:27:21 +0000 (14:27 -0500)]
Infrastructure for testing a "system like" bus in test suite

The tmp-session-like-system.conf bus configuration has a security
policy intended to mirror that of the system bus.  This allows
testing policy rules.

15 years agoBug 15393 - support allow_anonymous config variable
Dennis Kaarsemaker [Wed, 12 Nov 2008 13:51:00 +0000 (08:51 -0500)]
Bug 15393 - support allow_anonymous config variable

* bus/bus.c: Set allow_anonymous if specified from
parser.
* bus/config-parser.c: Parse it.
* bus/config-parser-common.h: Declare it.

Signed-off-by: Colin Walters <walters@verbum.org>
15 years agoBug 18064 - more efficient validation for fixed-size type arrays
Jon Gosting [Tue, 11 Nov 2008 04:29:05 +0000 (23:29 -0500)]
Bug 18064 - more efficient validation for fixed-size type arrays

* dbus/dbus-marshal-validate.c: If an array is fixed size,
skip validation

Signed-off-by: Colin Walters <walters@verbum.org>
15 years agoBug 18446: Keep umask for session bus
Matt McCutchen [Mon, 10 Nov 2008 13:55:27 +0000 (08:55 -0500)]
Bug 18446: Keep umask for session bus
Signed-off-by: Colin Walters <walters@verbum.org>
16 years agoBug 15412: Add --address option to dbus-send
Lawrence R. Steeger [Sat, 18 Oct 2008 18:50:49 +0000 (14:50 -0400)]
Bug 15412: Add --address option to dbus-send
Signed-off-by: Colin Walters <walters@verbum.org>
16 years agoBug 17969: Don't test for abstract sockets if explicitly disabled
Lionel Landwerlin [Sat, 18 Oct 2008 18:25:52 +0000 (14:25 -0400)]
Bug 17969: Don't test for abstract sockets if explicitly disabled
Signed-off-by: Colin Walters <walters@verbum.org>
16 years agoBump configure again for git
Colin Walters [Mon, 6 Oct 2008 22:10:55 +0000 (18:10 -0400)]
Bump configure again for git

16 years agoRelease 1.2.4 dbus-1.2.4
Colin Walters [Mon, 6 Oct 2008 22:09:51 +0000 (18:09 -0400)]
Release 1.2.4

16 years agoInitialize AVC earlier so we can look up service security contexts
James Carter [Wed, 1 Oct 2008 20:40:33 +0000 (16:40 -0400)]
Initialize AVC earlier so we can look up service security contexts

* bus/bus.c: Initialize AVC earlier:
http://lists.freedesktop.org/archives/dbus/2008-October/010493.html

Signed-off-by: Colin Walters <walters@verbum.org>
16 years ago2008-08-24 Peter McCurdy <pmccurdy@skeptopotamus>
Peter McCurdy [Mon, 25 Aug 2008 14:00:09 +0000 (10:00 -0400)]
2008-08-24  Peter McCurdy <pmccurdy@skeptopotamus>

* dbus/dbus-marshal-recursive.c: A stray comma
        between two string literals caused incorrect
        output and a compiler warning.

Signed-off-by: Colin Walters <walters@verbum.org>
16 years agoBug 17280: Add a prototype for _dbus_credentials_add_adt_audit_data()
Peter McCurdy [Mon, 25 Aug 2008 14:10:00 +0000 (10:10 -0400)]
Bug 17280: Add a prototype for _dbus_credentials_add_adt_audit_data()

* dbus/dbus-credentials.h: Add a prototype for
_dbus_credentials_add_adt_audit_data()

Signed-off-by: Colin Walters <walters@verbum.org>
16 years agoBug 17803: Panic from dbus_signature_validate
Colin Walters [Wed, 1 Oct 2008 17:49:48 +0000 (13:49 -0400)]
Bug 17803: Panic from dbus_signature_validate

* dbus/dbus-marshal-validate.c: Ensure we validate
a basic type before calling is_basic on it.
* dbus-marshal-validate-util.c: Test.

16 years agoBug 17061: Handle error return from sysconf correctly
Joe Marcus Clarke [Fri, 5 Sep 2008 02:13:30 +0000 (22:13 -0400)]
Bug 17061: Handle error return from sysconf correctly

* dbus/dbus-sysdeps-unix.c:
* dbus/dbus-sysdeps-util-unix.c: Cast return
from sysconf temporarily so we actually see
-1.

Signed-off-by: Colin Walters <walters@verbum.org>
16 years agoBug 13387: Fix compilation failure with AI_ADDRCONFIG
Jens Granseuer [Thu, 7 Aug 2008 18:45:51 +0000 (14:45 -0400)]
Bug 13387: Fix compilation failure with AI_ADDRCONFIG

Signed-off-by: Colin Walters <walters@verbum.org>