Simon McVittie [Tue, 24 Nov 2015 01:19:27 +0000 (01:19 +0000)]
embedded tests: accept and ignore --tap argument
This makes them semi-command-line-compatible with a way we can
invoke the GLib-based tests to get more useful debug logs.
These tests still do not actually produce TAP output yet; I tried
implementing that, but it requires changing a lot of noise on stdout
to come out of stderr, and there was something weird going on with
subprocesses restarting the test numbering which will need further
investigation before making that change.
Initialize SELinux and Apparmor after capabilities are set
avc_init() in the SELinux code path is creating a new thread, we need to
set to capabilities before it gets created so it has the permission to
send audit messages.
It also make more sense to open the audit netlink before the different
logging callbacks are set.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92832
[smcv: add comments explaining why initialization must happen in this
specific order] Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Simon McVittie [Thu, 26 Nov 2015 10:37:48 +0000 (10:37 +0000)]
Do not attempt to call child_setup on Windows
child_setup() is defined to be called after fork() and before exec(),
but Windows' process model does not have fork(): the equivalent of
those two operations is a single CreateProcess() call. This means
that there is no point at which we could call child_setup() and
have it affect only the child's process-global state. At the point
where it is currently executed, it affects the parent's process-global
state instead, which would be actively harmful if we used any
child_setup() function that was not a no-op on Windows.
The equivalent function in GLib, g_spawn_async_with_pipes(), documents
child_setup() as unused on Windows. Do the same here.
In practice, our only use of child_setup() outside tests
is #ifdef DBUS_UNIX anyway, so this change has no practical effect
right now.
Simon McVittie [Fri, 20 Nov 2015 17:19:51 +0000 (17:19 +0000)]
uid-permissions test: don't assert that root can UpdateActivationEnvironment
Since 1.10.4 this is hard-coded to be disallowed when an activation
helper is used. That would be a security flaw waiting to happen,
and makes little sense anyway, because the activation helper sanitises
its environment.
Use BecomeMonitor() instead, as our way to assert that root and
messagebus are privileged.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=93036 Reviewed-by: Iain Lane
Simon McVittie [Fri, 6 Nov 2015 14:52:51 +0000 (15:52 +0100)]
monitor: use the addressed_recipient to select matches
This means we respect the destination keyword in arguments to
BecomeMonitor.
In bus_dispatch(), this means that we need to defer capturing until
we have decided whether there is an addressed recipient; so instead
of capturing once, we capture at each leaf of the decision tree.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92074 Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk> Reviewed-by: Lars Uebernickel <lars@uebernic.de>
Simon McVittie [Tue, 17 Nov 2015 16:42:01 +0000 (16:42 +0000)]
name-test: don't run these tests with autotools if targeting Windows.
The wrapper shell script that sets up their environment is nowhere
near being portable. In particular, it uses dbus-run-session,
which is Unix-specific.
[rh: Add autotools scope in commit title]
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92899 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Rewieved-by: Ralf Habacker <ralf.habacker@freenet.de>
bus-driver: Support returning org.freedesktop.DBus UID and PID
Attempting to call SetEnvironment on systemd causes it to inquire
about the caller's connection UID and PID. If this check fails,
the call is rejected.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92857 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
[smcv: go back to DBUS_ERROR_UNIX_PROCESS_ID_UNKNOWN as the error code
for failure to determine the pid]
bus_driver_handle_update_activation_environment: Forward to systemd
If we use systemd activation, forward all UpdateActivationEnvironment
requests to org.freedesktop.systemd1.Manager.SetEnvironment, in order
to ensure variables needed by D-Bus services are available when these
services are launched by systemd.
Since UpdateActivationEnvironment is not available on the system bus,
this only applies to user buses.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92857 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
bus_driver_handle_update_activation_environment: Error on system buses
The default policy already disallows calls on system buses. Since any
bus with a service helper cleans the environment anyway, there's no
point in allowing this to be called.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92857 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Simon McVittie [Tue, 17 Nov 2015 13:23:30 +0000 (13:23 +0000)]
fdpass test: assert that TCP connections don't say they can pass fds
As well as slightly increasing our test coverage, this ensures
that at least one test-case in this test is not skipped, working
around CMake's lack of support for the Automake-style exit code
produced by GTest executables (they exit 77 if everything was skipped).
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92887 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Simon McVittie [Sat, 7 Nov 2015 12:06:52 +0000 (13:06 +0100)]
Stop statically enabling dbus.socket in dbus.target
dbus.target was relevant in early versions of systemd, but is not
used or installed any more. We also enable the socket in sockets.target,
which is the right place to do this sort of thing.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=78412
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757913 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Lennart Poettering
Simon McVittie [Sat, 7 Nov 2015 12:03:47 +0000 (13:03 +0100)]
Drop [Install] sections from user services
We install the symlink to enable dbus.socket statically, so it doesn't
make much sense to invoke `systemctl enable` on it; and
dbus.service should normally be started by socket activation
(or possibly an explicit dependency) rather than manually.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92402 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Lennart Poettering
It's generally a good idea to avoid trailing whitespace in order to keep
patchs minimal. While it's common to enforce such restrictions for C code,
it's important for docbok XML files too. Hence, let's clean this up and
remove all trailing whitespace currently in place.
[By policy we do not clean up historical trailing whitespace and
tab-indentation in the C source code unless we are modifying those lines
anyway, to retain the ability to merge stable-branch bugfixes into the
development branch. However, the copy of the spec in the development
branch is the only one that receives any updates, so that concern
doesn't apply here. -smcv]
Allowing to send replies when NO_REPLY_EXPECTED is set is useless in
practice: Clients need to be careful not to send these replies, because
bus policy could deny these messages. The spec even mentions that this
issue exists.
To make this more clear and misbehaving clients less likely, disallow
sending unexpected replies entirely.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75749 Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk> Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Ralf Habacker [Fri, 6 Nov 2015 13:03:23 +0000 (14:03 +0100)]
Fix test cases running client and server dispatch design issue.
DBus test cases running the server *and* client loop in the same
process assumed that all messages send from the server has to be
received in one client dispatch, which is not the case in all
environments.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92721 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Ralf Habacker [Mon, 2 Nov 2015 23:23:56 +0000 (00:23 +0100)]
Test system bus config files on Unix only
Previously, we didn't consistently test parsing of every file in
valid-config-files-system/ everywhere that we tested valid-config-files/.
We now test it on Unix.
The system bus is not supported on Windows, so we do not test
valid-config-files-system/ there.
valid-config-files/many-rules.conf contains <user> and <group> rules
which are not applicable to Windows. Copy the original many-rules.conf
to valid-config-files-system/ so that it will be tested on Unix, and
remove the non-portable rules from valid-config-files/many-rules.conf.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92721 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
[rh:base patch came from Simon]
Simon McVittie [Thu, 29 Oct 2015 05:31:38 +0000 (06:31 +0100)]
refs test: reduce number of repeats under Wine
Under Wine, the API calls we use to do this are implemented via IPC
to wineserver, which makes it unreasonably slow to try to brute-force
bugs by having many threads stress-test refcounting. Do a few
repetitions just to verify that refcounting basically works, but
don't do the full stress-test.
As discussed in <https://github.com/systemd/systemd/issues/1600>.
See also <https://bugs.archlinux.org/task/46721>,
<https://bugzilla.gnome.org/show_bug.cgi?id=756420>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92612
[smcv: use AC_PATH_PROG to find systemctl; ignore systemctl failure] Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
[smcv: add links to earlier bug reports elsewhere]
Simon McVittie [Mon, 19 Oct 2015 14:19:27 +0000 (15:19 +0100)]
When running dbus-daemon --session in tests, override listen address
Otherwise, we can't reliably run tests for Windows, because the default
listening address on Windows is "autolaunch:" which is global to
a machine, resulting in testing an installed dbus-daemon instead of
the one we intended to test.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92538 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Simon McVittie [Tue, 6 Oct 2015 11:43:22 +0000 (12:43 +0100)]
BecomeMonitor: do not overwrite error with another error
If the user gave us a syntactically invalid error name, we'd
overwrite the MatchRuleInvalid error with NoMemory, causing an
assertion failure (crash) in the dbus-daemon.
This is not a denial-of-service vulnerability on the system bus,
because monitoring is a privileged action, and root privilege
is checked before this code is reached. However, it's an annoying
bug on the session bus.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92298 Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk> Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de> Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Simon McVittie [Fri, 2 Oct 2015 15:51:59 +0000 (16:51 +0100)]
Assume that DBUS_DATADIR is absolute on Windows
Both build systems arrange for this to be the case,
and we already assume that it's absolute on Unix.
On Windows, it's probably going to be /mingw/share or
something; it gets relocated via _dbus_replace_install_prefix()
at runtime.
projects / thirdparty / dbus.git / log
