Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
The previous commit had errors in both the test case and
the validation logic. The test case was missing a trailing
comma before the previous one, so we weren't testing the
signature we thought we were.
The validation logic was wrong because if the type was not valid,
we'd drop through the entire if clause, and thus skip returning
an error code, and accept the signature.
|
|
|
|
|
|
* configure.in: Tweak libxml/expat detection and handling.
|
|
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
* dbus/dbus-marshal-validate.c: If an array is fixed size,
skip validation
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
* bus/bus.c: Initialize AVC earlier:
http://lists.freedesktop.org/archives/dbus/2008-October/010493.html
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
* tools/dbus-print-message.c: Print serial too.
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
The AC_CANONICAL_TARGET macro and the $target_os variables are used for the
target of compilers and other code-generation tools, and should not be used
during cross-compile of generic software. Replace them with
AC_CANONICAL_HOST and $host_os instead, as they should have been from the
start.
For a breakdown of what host, build and target machines are, please see
http://blog.flameeyes.eu/s/canonical-target .
|
|
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
Important compiler warnings were being lost in the noise from warnings
we know about but aren't problems, and moreover made using -Werror
difficult. Now we expect *all* developers and testers to be using
-Werror.
|
|
|
|
|
|
The requested_reply field is necessary in send denials too because
it's used in the policy language. The connection loginfo lack in
"would deny" was just an oversight.
|
|
Extend the current security logs with even more relevant
information than just the message content. This requires
some utility code to look up and cache (as a string)
the data such as the uid/pid/command when a connection is
authenticated.
|
|
We are creating a new stream off of the 1.2.4 release.
|
|
This branch is intended to keep the old default-permissive.
|
|
|
|
This lets us have a backwards compatibility allow rule but still easily
see when that rule is being used.
|
|
It's part of the security check, we should have it in the log.
|
|
We need to start logging denials so that they become more easily trackable
and debuggable.
|
|
The former was too reliant on old bugs and was generally unclear.
This one makes explicit exactly what is allowed and not.
|
|
|
|
|
|
We need to fix all of the bare send_interface rules; see:
https://bugs.freedesktop.org/show_bug.cgi?id=18961
|
|
We need some sort of general advice here.
|
|
Our previous fix went too far towards lockdown; many things rely
on signals to work, and there's no really good reason to restrict
which signals can be emitted on the bus because we can't tie
them to a particular sender.
|
|
|
|
The previous rule <allow send_requested_reply="true"/> was actually
applied to all messages, even if they weren't a reply. This meant
that in fact the default DBus policy was effectively allow, rather
than deny as claimed.
This fix ensures that the above rule only applies to actual reply
messages.
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
The tmp-session-like-system.conf bus configuration has a security
policy intended to mirror that of the system bus. This allows
testing policy rules.
|
|
|
|
|
|
* dbus/dbus-marshal-recursive.c: A stray comma
between two string literals caused incorrect
output and a compiler warning.
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
* dbus/dbus-credentials.h: Add a prototype for
_dbus_credentials_add_adt_audit_data()
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
* dbus/dbus-marshal-validate.c: Ensure we validate
a basic type before calling is_basic on it.
* dbus-marshal-validate-util.c: Test.
|
|
* dbus/dbus-sysdeps-unix.c:
* dbus/dbus-sysdeps-util-unix.c: Cast return
from sysconf temporarily so we actually see
-1.
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
Dbus is doing atomic file updates by copying them, changing
the copy, and re-naming them. However, it does not synchronize
the file before re-naming, which results in corruption in
case of unclean reboots. The reason for this is that file-systems
have write-back cache and they postpone writing data to the media.
This patch adds the missed fsync() for the Unix part. I do
not have windows so cannot provide a windows port fix.
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
|
|
|
|
|
|
Patch originally from Noèl Köthe.
Modified by Colin Walters <walters@verbum.org>
* dbus/dbus-sysdeps-unix.c, dbus/dbus-sysdeps-unix-utils.c:
Use a while() loop to reallocate buffer if we get ERANGE
return. This fixes the case where a user is in a large
number of groups.
|
|
* bus/dir-watch-inotify.c: Always drop the watch in
handle_inotify_watch; this ensures we always readd it
correctly in bus_drop_all_directory_watches.
|
|
|
|
|
|
* test/name-test/test-privserver.c (filter_session_message, main),
* test/name-test/test-privserver-client.c (open_shutdown_private_connection):
Replace TestServer with PrivServer to match the service definition files.
|