+2005-06-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * dbus/dbus-message.c:
+ (dbus_message_has_path): New method
+ (dbus_message_has_interface): New method
+ (dbus_message_has_member): New method
+
+ * dbus/dbus/dbus-sysdeps.c (_dbus_check_dir_is_private_to_user):
+ New method
+
+ * dbus/dbus-keyring.c (_dbus_keyring_reload): Check to see that
+ the keyring directory is private to the user
+
+ * doc/TODO:
+ - The convenience functions in dbus-bus.h should perhaps have
+ the signatures that they would have if they were autogenerated
+ stubs. e.g. the acquire service function. We should also evaluate
+ which of these functions to include, in light of the fact that
+ GLib/Qt native stubs will probably also exist.: Punted
+
+ - add dbus_message_has_path(), maybe has_member/interface:
+ fixed in this patch
+
+ - in dbus-keyring.c, enforce that the keyring dir is not
+ world readable/writable: Fixed in this patch
+
2005-06-15 John (J5) Palmieri <johnp@redhat.com>
* dbus/dbus-marshal-validate.h: Added a new validation
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
+ if (!_dbus_check_dir_is_private_to_user (&keyring->directory, error))
+ return FALSE;
+
if (!_dbus_string_init (&contents))
{
dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
_dbus_string_free (&contents);
return FALSE;
}
-
+
keys = NULL;
n_keys = 0;
retval = FALSE;
return v;
}
+/**
+ * Checks if the message has a path
+ *
+ * @param message the message
+ * @returns #TRUE if there is a path field in the header
+ */
+dbus_bool_t
+dbus_message_has_path (DBusMessage *message,
+ const char *path)
+{
+ const char *msg_path;
+ msg_path = dbus_message_get_path (message);
+
+ if (msg_path == NULL)
+ {
+ if (path == NULL)
+ return TRUE;
+ else
+ return FALSE;
+ }
+
+ if (path == NULL)
+ return FALSE;
+
+ if (strcmp (msg_path, path) == 0)
+ return TRUE;
+
+ return FALSE;
+}
+
/**
* Gets the object path this message is being sent to
* (for DBUS_MESSAGE_TYPE_METHOD_CALL) or being emitted
return v;
}
+/**
+ * Checks if the message has an interface
+ *
+ * @param message the message
+ * @returns #TRUE if there is a interface field in the header
+ */
+dbus_bool_t
+dbus_message_has_interface (DBusMessage *message,
+ const char *interface)
+{
+ const char *msg_interface;
+ msg_interface = dbus_message_get_interface (message);
+
+ if (msg_interface == NULL)
+ {
+ if (interface == NULL)
+ return TRUE;
+ else
+ return FALSE;
+ }
+
+ if (interface == NULL)
+ return FALSE;
+
+ if (strcmp (msg_interface, interface) == 0)
+ return TRUE;
+
+ return FALSE;
+
+}
+
/**
* Sets the interface member being invoked
* (DBUS_MESSAGE_TYPE_METHOD_CALL) or emitted
return v;
}
+/**
+ * Checks if the message has an interface member
+ *
+ * @param message the message
+ * @returns #TRUE if there is a member field in the header
+ */
+dbus_bool_t
+dbus_message_has_member (DBusMessage *message,
+ const char *member)
+{
+ const char *msg_member;
+ msg_member = dbus_message_get_member (message);
+
+ if (msg_member == NULL)
+ {
+ if (member == NULL)
+ return TRUE;
+ else
+ return FALSE;
+ }
+
+ if (member == NULL)
+ return FALSE;
+
+ if (strcmp (msg_member, member) == 0)
+ return TRUE;
+
+ return FALSE;
+
+}
+
/**
* Sets the name of the error (DBUS_MESSAGE_TYPE_ERROR).
* The name is fully-qualified (namespaced).
dbus_bool_t dbus_message_set_path (DBusMessage *message,
const char *object_path);
const char* dbus_message_get_path (DBusMessage *message);
+dbus_bool_t dbus_message_has_path (DBusMessage *message,
+ const char *object_path);
dbus_bool_t dbus_message_set_interface (DBusMessage *message,
- const char *interface);
+ const char *interface);
const char* dbus_message_get_interface (DBusMessage *message);
+dbus_bool_t dbus_message_has_interface (DBusMessage *message,
+ const char *interface);
dbus_bool_t dbus_message_set_member (DBusMessage *message,
const char *member);
const char* dbus_message_get_member (DBusMessage *message);
+dbus_bool_t dbus_message_has_member (DBusMessage *message,
+ const char *member);
dbus_bool_t dbus_message_set_error_name (DBusMessage *message,
const char *name);
const char* dbus_message_get_error_name (DBusMessage *message);
return TRUE;
}
+/**
+* Checks to make sure the given directory is
+* private to the user
+*
+* @param error error return
+* @returns #FALSE on failure
+**/
+dbus_bool_t
+_dbus_check_dir_is_private_to_user (DBusString *dir, DBusError *error)
+{
+ const char *directory;
+ struct stat sb;
+
+ _DBUS_ASSERT_ERROR_IS_CLEAR (error);
+
+ directory = _dbus_string_get_const_data (dir);
+
+ if (stat (directory, &sb) < 0)
+ {
+ dbus_set_error (error, _dbus_error_from_errno (errno),
+ "%s", _dbus_strerror (errno));
+
+ return FALSE;
+ }
+
+ if ((S_IROTH & sb.st_mode) || (S_IWOTH & sb.st_mode) ||
+ (S_IRGRP & sb.st_mode) || (S_IWGRP & sb.st_mode))
+ {
+ dbus_set_error (error, DBUS_ERROR_FAILED,
+ "%s directory is not private to the user", directory);
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
#ifdef DBUS_BUILD_TESTS
/* Not currently used, so only built when tests are enabled */
/**
DBusError *error);
void _dbus_directory_close (DBusDirIter *iter);
+dbus_bool_t _dbus_check_dir_is_private_to_user (DBusString *dir,
+ DBusError *error);
void _dbus_generate_random_bytes_buffer (char *buffer,
int n_bytes);
- Audit @todo and FIXME for security issues
- - The convenience functions in dbus-bus.h should perhaps have
- the signatures that they would have if they were autogenerated
- stubs. e.g. the acquire service function. We should also evaluate
- which of these functions to include, in light of the fact that
- GLib/Qt native stubs will probably also exist.
-
- the "break loader" and valid/invalid message tests are all disabled;
they need to be fixed and re-enabled with the new message args stuff.
I think I want to drop the .message files thing and just have code
Might as Well for 1.0
===
- - add dbus_message_has_path(), maybe has_member/interface
-
- protocol version in each message is pretty silly
Can Be Post 1.0
projects / thirdparty / dbus.git / commitdiff
