Simon McVittie [Wed, 29 Aug 2018 17:33:01 +0000 (18:33 +0100)]
bus_config_parser_check_doctype: Remove, unused
We have never checked the <!DOCTYPE> of busconfig XML since the libxml
parser was removed in 2013, and the libxml parser was broken before
that anyway. The recommended Expat parser (our only parser since 2013)
does not appear to have ever validated this, so now does not seem like
the time to start. Just ignore the <!DOCTYPE> if there is one.
(We never validated this particularly strictly anyway;
<!DOCTYPE busconfig SYSTEM "http://example.com/bees"> would have been
treated as perfectly valid.)
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107739
Simon McVittie [Fri, 3 Aug 2018 14:33:08 +0000 (15:33 +0100)]
containers test: Exercise GetConnectionInstance() on dbus-daemon itself
This is an easy bit of missing test coverage detected by running the
test suite with gcov.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107739
Simon McVittie [Fri, 17 Aug 2018 15:35:37 +0000 (16:35 +0100)]
BusConfigParser test: Check that all limits are equal, not just one
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107739
Simon McVittie [Fri, 17 Aug 2018 15:33:06 +0000 (16:33 +0100)]
bus_context_get_policy: Remove, unused
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107739
Simon McVittie [Fri, 17 Aug 2018 15:31:00 +0000 (16:31 +0100)]
bus_connections_get_context: Remove, unused
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107739
These do not appear in code coverage statistics, and `git grep`
reveals that they are unused.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107739
Simon McVittie [Fri, 3 Aug 2018 14:21:53 +0000 (15:21 +0100)]
dbus-cleanup-sockets: Mark functions noreturn as suggested by clang
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107739
Simon McVittie [Thu, 23 Aug 2018 08:01:03 +0000 (09:01 +0100)]
Do not apply __attribute__((__malloc__)) to dbus_realloc()
As noted in GLib commit c879f50f, gcc's interpretation of the malloc
attribute has become more strict over time, which could result in
miscompilation. The new definition is that in addition to assuming
that the returned memory block is newly-allocated, gcc now assumes
that it does not contain any valid pointers. This is OK for
uninitialized or zero-initialized memory returned by dbus_malloc()
or dbus_malloc0(), but not valid for dbus_realloc(), which might be
used for a dynamically-sized array of (structures containing)
valid pointers.
See https://gitlab.gnome.org/GNOME/glib/issues/1465
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107741
Francesco Turco [Wed, 22 Aug 2018 11:43:21 +0000 (11:43 +0000)]
Distribute source code using .tar.xz archives
This saves around 32% of the size of the archive.
[smcv: Rebased onto current master] Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107630
Simon McVittie [Thu, 23 Aug 2018 18:14:14 +0000 (19:14 +0100)]
build: Don't install a ChangeLog that we don't update
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107630
Simon McVittie [Thu, 23 Aug 2018 18:13:35 +0000 (19:13 +0100)]
Remove old changelogs from git
The changelogs (and the commits themselves, converted to git format)
are still in the git history if anyone needs them.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
https://bugs.freedesktop.org/show_bug.cgi?id=107630
Simon McVittie [Thu, 23 Aug 2018 18:12:49 +0000 (19:12 +0100)]
build: Don't ship detailed changelogs for releases over 10 years old
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107630
Simon McVittie [Tue, 24 Jul 2018 12:21:37 +0000 (13:21 +0100)]
server-unix: Don't leak address of systemd server on success
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107320 Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Simon McVittie [Tue, 24 Jul 2018 12:18:48 +0000 (13:18 +0100)]
bus: Free address (from --address) when we have finished using it
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107320 Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Simon McVittie [Thu, 12 Jul 2018 18:11:05 +0000 (19:11 +0100)]
validate_body_helper: Bounds-check before validating booleans
Running the "embedded tests" through valgrind revealed that before this
commit, we would have been willing to read up to 3 bytes off the end of
a message if the message is truncated part way through a boolean. Any
practical allocator will round up allocations to the next 32-bit (or
larger) boundary, so in practice this will not leave the memory buffer
(and in particular did not crash during unit testing), but it could read
uninitialized contents.
On little-endian CPUs, an attacker might be able to use this to learn
whether up to 3 bytes of uninitialized memory in the dbus-daemon
were all-zero (their crafted message would be relayed) or not (their
connection would be disconnected for sending an invalid message). On
big-endian CPUs, an attacker might be able to use this to learn whether
up to 3 bytes were all-zeroes (relayed to a cooperating peer), 0-2
bytes of all-zeroes followed by 0x01 (relayed to a cooperating peer),
or something else (disconnected). This is not believed to be exploitable
to leak interesting information.
Fixes: 62e46533 "hardcode dbus_bool_t to 32 bits"
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107332 Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Thiago Macieira <thiago@kde.org> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Simon McVittie [Thu, 12 Jul 2018 14:28:54 +0000 (15:28 +0100)]
Don't do OOM testing under valgrind by default
It's just painfully slow, particularly when we fork (as we do in
test-bus to test service activation).
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107194
Simon McVittie [Thu, 12 Jul 2018 14:16:55 +0000 (15:16 +0100)]
dispatch test: Simplify OOM testing
Instead of having separate test wrappers for the cases that do and
don't take a DBusConnection, we can just pass a NULL DBusConnection
to the one that doesn't.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107194
Simon McVittie [Thu, 12 Jul 2018 12:06:32 +0000 (13:06 +0100)]
Skip name-test/ when running under valgrind for now
These tests are very reliant on their custom LOG_COMPILER,
which AX_VALGRIND_CHECK replaces.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107194
Simon McVittie [Thu, 12 Jul 2018 11:51:38 +0000 (12:51 +0100)]
tests: Detach most connections from main loop before closing
We don't need to do this for connections that were never set up
with the main loop.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107194
Simon McVittie [Thu, 12 Jul 2018 13:23:06 +0000 (14:23 +0100)]
test/containers: Fix some memory leaks
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107194
Simon McVittie [Thu, 12 Jul 2018 12:32:34 +0000 (13:32 +0100)]
test/marshal: Don't leak a message and its marshalled buffer
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107194
Simon McVittie [Thu, 12 Jul 2018 12:32:10 +0000 (13:32 +0100)]
nonce: Don't try to rmdir(NULL) on OOM
If re-initializing the string fails, it will be left in a state
where it has a length of 0 and a NULL buffer. That's valid to
"free", but not valid to pass to rmdir().
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107194
Simon McVittie [Wed, 11 Jul 2018 18:55:31 +0000 (19:55 +0100)]
test/dbus-daemon: Don't leak expected error for max connections
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107194
Simon McVittie [Wed, 11 Jul 2018 18:54:24 +0000 (19:54 +0100)]
test/dbus-daemon: Don't leak error if no machine ID was found
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107194
Simon McVittie [Wed, 11 Jul 2018 18:47:34 +0000 (19:47 +0100)]
Allow longer for tests under valgrind
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107194
Simon McVittie [Wed, 11 Jul 2018 15:40:12 +0000 (16:40 +0100)]
tests: Call dbus_shutdown()
Not all of these tests will be fully valgrind-clean yet (or perhaps
ever), but it's easier to add this to all of them than to think
about it.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107194
Simon McVittie [Wed, 11 Jul 2018 15:31:38 +0000 (16:31 +0100)]
tests: Interpret empty command-line arguments as --tap
AX_VALGRIND_CHECK overrides LOG_COMPILER, which means we can't rely
on running under glib-tap-test.sh. Default to TAP mode by modifying
our (effective) argv instead.
If you really want the default behaviour (unstructured output) this
can still be achieved by adding some arguments that are a no-op,
such as `-m quick`.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107194
Simon McVittie [Wed, 11 Jul 2018 15:22:49 +0000 (16:22 +0100)]
tests: Detach server from main loop during teardown
test_server_setup() takes a reference to the DBusServer, so we need
to release that ref by calling test_server_shutdown().
test_server_shutdown() also disconnects the server, so we don't need
to do that.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107194
If an implementation fails to listen, and a subsequent implementation
succeeds, then we would have leaked this. Detected by running
tests/loopback.c under valgrind.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107194
Simon McVittie [Wed, 11 Jul 2018 15:15:38 +0000 (16:15 +0100)]
loopback: Don't free credentials borrowed from the connection
We currently get away with this because the connection isn't fully
freed before we exit, but the connection is meant to own the result
of _dbus_connection_get_credentials() (it's "(transfer none)" in
GLib terminology).
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107194
Simon McVittie [Wed, 11 Jul 2018 15:14:27 +0000 (16:14 +0100)]
dbus_server_listen: Assert that implementations return a known result
If they didn't, we'd probably leak the server and/or the error.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107194
Simon McVittie [Mon, 9 Jul 2018 16:06:22 +0000 (17:06 +0100)]
Assert that DBUS_SERVER_LISTEN_ADDRESS_ALREADY_USED does not set error
The only place this is set in practice is in dbus-server-win.c, which
does not set the error. If it did, dbus_server_listen() would leak it.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107194
Simon McVittie [Mon, 23 Jul 2018 17:52:01 +0000 (18:52 +0100)]
sysdeps: Reassure gcc 8 that we are not overflowing struct sockaddr_un
Using strncpy (buffer, str, strlen (str)) is a "code smell" that
might indicate a serious bug (it effectively turns strncpy into
strcpy), and gcc 8 now warns about it. In fact we avoided the bug
here, but it wasn't at all obvious.
We already checked that path_len is less than or equal to
_DBUS_MAX_SUN_PATH_LENGTH, which is 99, chosen to be strictly less
than the POSIX minimum sizeof(sun_path) >= 100, so we couldn't
actually be overflowing the available buffer.
The new static assertion in this commit matches a comment above the
definition of _DBUS_MAX_SUN_PATH_LENGTH: we define
_DBUS_MAX_SUN_PATH_LENGTH to 99, because POSIX says struct
sockaddr_un's sun_path member is at least 100 bytes (including space
for a \0 terminator). dbus will now fail to compile on
platforms that are non-POSIX-compliant in this way, except for Windows.
We zeroed the struct sockaddr_un before writing into it, so stopping
one byte short of the end of sun_path ensures that we get \0
termination.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107350 Reviewed-by: Thiago Macieira <thiago@kde.org> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Simon McVittie [Mon, 23 Jul 2018 17:02:42 +0000 (18:02 +0100)]
test: Avoid g_queue_foreach
In gcc 8, -Wall -Wextra includes -Wcast-function-type, which warns
about passing an extra (unwanted) parameter to callbacks. Instead
of using g_list_foreach(), open-code the equivalent.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107349 Reviewed-by: Thiago Macieira <thiago@kde.org>
Simon McVittie [Mon, 23 Jul 2018 17:02:16 +0000 (18:02 +0100)]
dbus_connection_dispatch: Avoid using _dbus_list_foreach
In gcc 8, -Wall -Wextra includes -Wcast-function-type, which warns
about passing an extra (unwanted) parameter to callbacks. Instead
of using _dbus_list_foreach(), open-code the equivalent here.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107349 Reviewed-by: Thiago Macieira <thiago@kde.org>
Simon McVittie [Mon, 23 Jul 2018 16:33:24 +0000 (17:33 +0100)]
Add and use _dbus_list_clear_full
In gcc 8, -Wall -Wextra includes -Wcast-function-type, which warns
about passing an extra (unwanted) parameter to callbacks. Instead
of using _dbus_list_foreach(), add a function to do what we actually
wanted here.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107349 Reviewed-by: Thiago Macieira <thiago@kde.org>
Simon McVittie [Mon, 23 Jul 2018 16:32:27 +0000 (17:32 +0100)]
Rename dbus_internal_do_not_use_get_uuid to _dbus_get_uuid
This was the only remaining symbol using the long prefix. Renaming it
gives us one consistent rule: symbols starting with dbus are public,
symbols starting with _dbus are not.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107349 Reviewed-by: Thiago Macieira <thiago@kde.org>
Simon McVittie [Mon, 23 Jul 2018 16:26:18 +0000 (17:26 +0100)]
message-util: Make more functions static (and remove useless prefix)
The naming convention dbus_internal_do_not_use_foo() was for functions
that had to be exported by libdbus but called by the embedded tests.
This is obsolete (in favour of _dbus_foo()) now that we have
DBUS_PRIVATE_EXPORT, and is doubly useless in this case because these
functions aren't even in libdbus - they're local to dbus-message-util.c.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107349 Reviewed-by: Philip Withnall <withnall@endlessm.com>
Simon McVittie [Mon, 23 Jul 2018 16:19:53 +0000 (17:19 +0100)]
test: Fix signature of dbus_internal_do_not_use_try_message_file
In gcc 8, -Wall -Wextra includes -Wcast-function-type, which warns
about casting a function pointer to an incompatible type. In this
case the cast was because we were ignoring the void * argument, which
in this case is NULL. Since this function is only used within
dbus-message-util.c anyway, we might as well just use the correct
signature and remove the cast.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=107349 Reviewed-by: Thiago Macieira <thiago@kde.org>
Simon McVittie [Fri, 11 May 2018 17:40:51 +0000 (18:40 +0100)]
containers test: Record the unconfined manager connection's unique name
This is a bit more convenient than fetching it as-needed.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=105656
Simon McVittie [Fri, 11 May 2018 17:38:07 +0000 (18:38 +0100)]
containers test: Factor out fixture_disconnect_observer
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=105656
Simon McVittie [Fri, 11 May 2018 17:36:47 +0000 (18:36 +0100)]
containers test: Factor out disconnecting the unconfined manager
As this test's coverage expands, this function will have to do more
(clear up name watches, filters, etc.) so it'll be helpful to keep it
all in one place.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=105656
Simon McVittie [Thu, 31 May 2018 18:36:45 +0000 (19:36 +0100)]
containers test: Move teardown below all test-cases
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=105656
Simon McVittie [Mon, 16 Apr 2018 18:35:59 +0000 (19:35 +0100)]
containers: Factor out connection_get_instance and make it NULL-safe
When I introduce per-container message filtering, it'll be useful to
be able to get the instance for a connection without worrying about
whether that connection is NULL (representing the dbus-daemon itself,
or an activatable service that has not yet been activated).
Also make it robust against Containers having not been initialized,
for completeness.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=105656
Simon McVittie [Wed, 18 Apr 2018 10:49:07 +0000 (11:49 +0100)]
bus: Document arguments of bus_activation_activate_service
It isn't completely obvious that connection is allowed to be NULL here.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=105656
Simon McVittie [Tue, 17 Apr 2018 11:48:23 +0000 (12:48 +0100)]
bus_service_list_queued_owners: Don't return a DBusError
This makes it clearer that the only possible error is out-of-memory,
so its use in ListQueuedOwners() is not leaking information to callers
that might not be allowed to know the difference between "doesn't exist"
and "exists but you are not allowed to know that".
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=105656
Simon McVittie [Tue, 17 Apr 2018 11:38:57 +0000 (12:38 +0100)]
bus_driver_get_owner_of_name: Clarify role of connection
This connection is the one looking at the name, as opposed to the
one that owns the name (if any).
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=105656
Simon McVittie [Mon, 16 Apr 2018 18:39:04 +0000 (19:39 +0100)]
tests: Add a GAsyncReadyCallback that stores the GAsyncResult
It seems I eventually introduce this into every project where I've
added GLib-based unit tests. Today it's dbus' turn.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=105656
Simon McVittie [Tue, 17 Apr 2018 10:46:13 +0000 (11:46 +0100)]
driver: Remove references to an obsolete constant
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=105656
Simon McVittie [Mon, 4 Jun 2018 15:27:50 +0000 (16:27 +0100)]
test: Skip TCP tests if getaddrinfo doesn't work
For example, this can be the case in bubblewrap or Debian pbuilder after
unsharing the network namespace:
bwrap \
--bind / / \
--dev-bind /dev /dev \
--bind /dev/shm /dev/shm \
--bind /dev/pts /dev/pts \
--unshare-net \
${builddir}/test/test-loopback --tap
...
ok 1 /connect/tcp # SKIP Name resolution does not work here:
getaddrinfo("127.0.0.1", "0", {flags=ADDRCONFIG, family=INET,
socktype=STREAM, protocol=TCP}): Name or service not known
On some systems this can be circumvented by using nss_wrapper from
<https://cwrap.org/nss_wrapper.html>:
but for systems where that does't work, we should be prepared to skip
the affected tests.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106812
Simon McVittie [Mon, 4 Jun 2018 15:27:49 +0000 (16:27 +0100)]
server-oom test: Don't assume localhost is resolvable
Pathological autobuilder environments might not list localhost in
/etc/hosts.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106812
Simon McVittie [Mon, 4 Jun 2018 15:27:49 +0000 (16:27 +0100)]
test: Test the same things with unix: that we do with tcp:
Minimal autobuilder environments don't always have working TCP,
so we may need to skip TCP tests. Make sure we test the equivalent
code paths via Unix sockets in those environments.
One notable exception is test/fdpass.c, which uses TCP as a transport
that is known not to be able to carry Unix fds; this needs to continue
to use TCP.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106812
Simon McVittie [Mon, 4 Jun 2018 15:27:48 +0000 (16:27 +0100)]
server-oom test: Parse the address instead of going directly to TCP
This expands test coverage, and lets us reuse the test for other
address schemes.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106812
Simon McVittie [Mon, 4 Jun 2018 15:27:46 +0000 (16:27 +0100)]
sysdeps-unix: Handle errors from getaddrinfo correctly
getaddrinfo and getnameinfo have their own error-handling convention
in which the library call returns either 0 or an EAI_* error code
unrelated to errno. If the error code is not EAI_SYSTEM, then
the value of errno is undefined (in particular it might be carried
over from a previous system call or library call). Introduce a
new helper function _dbus_error_from_gai() to handle this.
The equivalent code paths in Windows appear to be OK: the Windows
implementation of getaddrinfo() is documented to return a Winsock
error code, which we seem to be handling correctly.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106395
Simon McVittie [Mon, 23 Apr 2018 17:27:25 +0000 (18:27 +0100)]
spec: Describe nonce-tcp as "nonce-authenticated", not "nonce-secured"
nonce-tcp isn't really any more secure than tcp, unless you are
using ANONYMOUS authentication, which should not be considered
secure in any case. Avoid the word "secured" so that people don't
get the wrong idea.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004 Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Simon McVittie [Thu, 12 Apr 2018 13:07:17 +0000 (14:07 +0100)]
spec, dbus-daemon(1): Mention and deprecate shared session buses
This might (?) have made sense behind a firewall in 2003; but now it's
2018, the typical threat model that we are defending against has
changed from "vandals want to feel proud of their l33t skills"
to "organised crime wants your money", and a "trusted" local LAN
probably contains an obsolete phone, tablet, games console or
Internet-of-Things-enabled toaster with remote root exploits.
This make network topologies that used to be acceptable look
increasingly irresponsible.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004 Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Simon McVittie [Thu, 12 Apr 2018 12:55:25 +0000 (13:55 +0100)]
spec: Expand on how tcp connections are normally authenticated
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004 Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Simon McVittie [Thu, 12 Apr 2018 13:09:19 +0000 (14:09 +0100)]
dbus-daemon(1): Recommend requiring EXTERNAL on non-Windows OSs
This is the default, and blocks TCP-based attacks by making the
attacker fail to authenticate (while also preventing inadvisable
TCP-based configurations from working).
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004 Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Simon McVittie [Thu, 12 Apr 2018 12:57:26 +0000 (13:57 +0100)]
spec, dbus-daemon(1): Recommend against remote TCP for debugging
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004 Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de> Reviewed-by: Philip Withnall <withnall@endlessm.com>
[smcv: Add a TODO comment as suggested] Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Thu, 12 Apr 2018 12:57:00 +0000 (13:57 +0100)]
spec, dbus-daemon(1): Say that non-local TCP is insecure
With some fairly reasonable threat models (active or passive local
attacker able to eavesdrop on the network link, confidential
information being transferred via D-Bus), secure authentication is
insufficient to make this transport secure: it does not protect
confidentiality or integrity either.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004 Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Simon McVittie [Thu, 12 Apr 2018 12:54:46 +0000 (13:54 +0100)]
spec: Don't claim that the nonce-tcp transport is "secured"
Like the normal TCP transport, it has no confidentiality or integrity
protection. The only difference is that it adds an extra layer of
authentication.
However, this extra authentication is easily defeated if an attacker
could be eavesdropping on the link between client and server (unlike
DBUS_COOKIE_SHA1, which for all its flaws does at least protect the
confidentiality of the magic cookie).
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004 Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Simon McVittie [Mon, 23 Apr 2018 10:22:41 +0000 (11:22 +0100)]
doxygen_to_devhelp: Produce Devhelp index format v2
The old version-1 format is deprecated and now produces warnings.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106186 Reviewed-by: Philip Withnall <withnall@endlessm.com>
[smcv: Add the .devhelp2 file to .gitignore as suggested] Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Mon, 23 Apr 2018 10:21:35 +0000 (11:21 +0100)]
doxygen_to_devhelp: Make the API reference the front page
The tutorial is not necessarily a great entry point for the libdbus
documentation: it's infrequently updated, and we should probably have
the "If you use this low-level API directly, you're signing up for some
pain" message from the API reference show up in devhelp more immediately.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106186 Reviewed-by: Philip Withnall <withnall@endlessm.com>
[smcv: Add longer commit message with rationale] Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Mon, 23 Apr 2018 16:38:56 +0000 (17:38 +0100)]
doc: Install highlight.pack.js if present
Newer versions of yelp-build use this instead of a jQuery syntax
highlighter.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106171 Reviewed-by: Philip Withnall <withnall@endlessm.com>
[smcv: Also add it to .gitignore as suggested] Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Sat, 21 Apr 2018 18:35:41 +0000 (19:35 +0100)]
doc: Only install ancillary files from yelp-build if they exist
Newer versions of yelp-build don't install jquery.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106171 Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
AddrPC.Offset is the same size as a pointer, but previously
we printed it as though it was the same size as a long,
which is 32 bits on 64-bit Windows.
Reviewed-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=105662
Simon McVittie [Tue, 20 Mar 2018 12:33:51 +0000 (12:33 +0000)]
bus: Clear INVOCATION_ID when carrying out traditional activation
We weren't sure whether this one should be inherited or not, so I
asked on systemd-devel, and Lennart thought it shouldn't.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104641 Reviewed-by: Philip Withnall <withnall@endlessm.com>
Ralf Habacker [Fri, 16 Mar 2018 20:36:11 +0000 (21:36 +0100)]
Add actual used ip family to --print-address output in case of listening on tcp
Specifying a dbus tcp address without a family let dbus-daemon the choice
for listen on ipv4 or ipv6, but did not return the real used ip family,
which is fixed with this commit.
Bug:https://bugs.freedesktop.org/show_bug.cgi?id=105489 Reviewed-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Mon, 23 Oct 2017 11:00:29 +0000 (12:00 +0100)]
cmake: Fold GObject detection into GLib detection
Everywhere that we want GLib, we also want GObject and GIO. Detecting
GLib and GIO but not GObject makes very little sense anyway, because
GIO depends on GObject.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=105521 Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Daniel Wendt [Tue, 13 Mar 2018 10:25:16 +0000 (11:25 +0100)]
Enable "unused result" warning for Visual Studio >= 2012 (MSVC 11.0)
The _Must_inspect_result_ annotation is documented to be used in both
the declaration and implementation, but in testing with the MSVC 2012
compiler it appears to be sufficient to use the annotation only in the
declaration to get a compiler warning, as with the GCC compiler.
So the annotation is not necessary in the C implementation.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=105460
[smcv: Rebase dbus-sysdeps.h changes on master]
[smcv: Clarify commit message] Reviewed-by: Simon McVittie <smcv@collabora.com> Tested-by: Daniel Wendt <daniel.wendt@linux.com>
projects / thirdparty / dbus.git / log
