Adrian Szyndela [Thu, 25 Apr 2019 07:35:59 +0000 (09:35 +0200)]
test: send_destination(_prefix) tests
This adds tests for mostly "send_destination_prefix" cases
and some "send_destination" cases.
The general test case is:
- addressed recipient is running and owns a name;
- a message is sent to the name owner;
- the response is checked for allow/deny (method return/error).
Each test case is executed both for primary and queued ownership.
The tests include:
- checking send allow/deny for names and namespaces, including nesting;
- checking send allow/deny for neighbour names;
- checking send allow/deny for names/namespaces+interface+member.
Signed-off-by: Adrian Szyndela <adrian.s@samsung.com>
Change-Id: If5fcada01601355e7aadefadad79c0b24f8c397f
Adrian Szyndela [Wed, 28 Nov 2018 14:15:16 +0000 (15:15 +0100)]
dbus-daemon: add send_destination_prefix support
This extends dbus-daemon with support for send_destination_prefix
attribute in XML policies.
It allows having policy rules for sending to bus names generated
within namespaces defined by a prefix. The similar behaviour can be
emulated by owning an additional name, not used for addressing messages,
as described in
https://lists.freedesktop.org/archives/dbus/2017-May/017188.html
However, introducing send_destination_prefix creates possibility
of communicating intentions in a more direct way, which is easier
to understand.
Signed-off-by: Adrian Szyndela <adrian.s@samsung.com>
Change-Id: I0016ad93f1c16b7742fef5f45ebaf01b55694d3c
Adrian Szyndela [Wed, 16 Jan 2019 11:30:22 +0000 (12:30 +0100)]
DBusString: extend with checking for starting with words
This extracts a few lines of code and adds it as a DBusString function
that checks if a DBusString starts with words given with a C string
and a word separator. In other words, it checks if:
- a DBusString is a given C string, or
- a DBusString starts with a given C string and the next character is
a given word separator.
It is used for matching names to prefixes when checking the policy.
Signed-off-by: Adrian Szyndela <adrian.s@samsung.com>
Change-Id: Ie39d33916863d950dde38d3b8b20c8a539217302
Simon McVittie [Mon, 11 Mar 2019 09:03:39 +0000 (09:03 +0000)]
bus: Try to raise soft fd limit to match hard limit
Linux systems have traditionally set the soft limit to 1024 and the hard
limit to 4096. Recent versions of systemd keep the soft fd limit at
1024 to avoid breaking programs that still use select(), but raise the
hard limit to 512*1024, while in recent Debian versions a complicated
interaction between components gives a soft limit of 1024 and a hard
limit of 1024*1024. If we can, we might as well elevate our soft limit
to match the hard limit, minimizing the chance that we will run out of
file descriptor slots.
Unlike the previous code to raise the hard and soft limits to at least
65536, we do this even if we don't have privileges: privileges are
unnecessary to raise the soft limit up to the hard limit.
If we *do* have privileges, we also continue to raise the hard and soft
limits to at least 65536 if they weren't already that high, making
it harder to carry out a denial of service attack on the system bus on
systems that use the traditional limit (CVE-2014-7824).
As was previously the case on the system bus, we'll drop the limits back
to our initial limits before we execute a subprocess for traditional
(non-systemd) activation, if enabled.
systemd activation doesn't involve us starting subprocesses at all,
so in both cases activated services will still inherit the same limits
they did previously.
Reviewed-by: Lennart Poettering <lennart@poettering.net>
[smcv: Correct a comment based on Lennart's review, reword commit message] Signed-off-by: Simon McVittie <smcv@collabora.com>
Topi Miettinen [Sat, 23 Mar 2019 20:18:11 +0000 (22:18 +0200)]
Configure option to disable traditional activation
Traditional activation could be disabled if all services use
SystemdService activation instead. Provide an example of a hardened
DBus systemd service drop-in file for such a setup.
Clemens Lang [Fri, 8 Feb 2019 14:48:15 +0000 (15:48 +0100)]
cmake: Avoid overwriting PKG_CONFIG_PATH env var
The CMake config file installed by DBus will run in the context of other
projects. Consequently, changing the value of the PKG_CONFIG_DIR,
PKG_CONFIG_PATH or PKG_CONFIG_LIBDIR environment variables will affect
any further calls to pkg-config made by such projects, which can cause
problems.
A common case of this happening are pkg-config files installed in
usr/share/pkgconfig for .pc files that are architecture-independent, as
for example systemd does.
Avoid clobbering the environment variables by saving and restoring their
values. Note that for some of the variables, setting them to an empty
string is different from not setting them at all.
Signed-off-by: Clemens Lang <clemens.lang@bmw-carit.de>
Simon McVittie [Fri, 25 Jan 2019 11:49:56 +0000 (11:49 +0000)]
_dbus_test_main: Exercise NSS modules before running tests
Some NSS modules like those for sssd and LDAP might allocate fds
on a one-per-process basis, for example a socket to talk to sssd.
Make sure those have already been allocated before we enter the code
under test, so that they don't show up as having been "leaked" by the
first module of code under test that happens to do a NSS lookup.
The call to _dbus_test_check_memleaks tears down libdbus' own memory
allocations, but not any hidden state in libc or NSS.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Mon, 21 Jan 2019 18:45:38 +0000 (18:45 +0000)]
Consistently add CODE_COVERAGE_LIBS everywhere
We need to link the code coverage objects, directly or indirectly,
into every executable and every shared library. The rule I've followed
to make it clear that we do this, without too much repetition, is:
each executable, shared library or convenience library has
CODE_COVERAGE_LIBS in its LDADD or LIBADD, unless it is linked to a
convenience library in the same directory that has CODE_COVERAGE_LIBS
in *its* LIBADD.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Mon, 21 Jan 2019 17:51:07 +0000 (17:51 +0000)]
Adapt to API change in AX_CODE_COVERAGE version 28
AX_CODE_COVERAGE recently changed the way it embedded its Makefile rules
in the output file: instead of using @CODE_COVERAGE_RULES@, users
are now meant to include aminclude_static.am.
The new AX_CODE_COVERAGE is only in the latest autoconf-archive release,
version 2019.01.06, which is inconveniently new, so bundle everything
we need for the moment.
This requires us to stop using the deprecated CODE_COVERAGE_LDFLAGS
(which we still used to support older versions of autoconf-archive)
and replace them with CODE_COVERAGE_LIBS.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Fri, 28 Sep 2018 15:57:13 +0000 (16:57 +0100)]
dbus-signature: Move static assertion outside test code
This always needs to be true, even if we're not embedding test goo
in the library. These static assertions have no runtime overhead, only
compile-time, so it's OK to make it unconditional.
Signed-off-by: Simon McVittie <smcv@collabora.com>
projects / thirdparty / dbus.git / log
