Simon McVittie [Mon, 15 Jan 2018 20:05:05 +0000 (20:05 +0000)]
sysdeps: Document what _dbus_credentials_new_from_current_process has
It only has the most important credentials, not the full set.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103737
Simon McVittie [Mon, 15 Jan 2018 19:51:24 +0000 (19:51 +0000)]
bus: Get loginfo string bits from DBusCredentials
This saves a couple of _dbus_strdup/dbus_free pairs.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103737
Simon McVittie [Mon, 15 Jan 2018 19:45:39 +0000 (19:45 +0000)]
bus: Try to get groups directly from credentials, not userdb
If we avoid consulting the userdb, then it's one less chance to
deadlock.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103737 Reviewed-by: Philip Withnall <withnall@endlessm.com>
Simon McVittie [Tue, 16 Jan 2018 13:32:49 +0000 (13:32 +0000)]
loopback test: Display credentials received
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103737 Reviewed-by: Philip Withnall <withnall@endlessm.com>
Simon McVittie [Mon, 15 Jan 2018 20:05:18 +0000 (20:05 +0000)]
DBusCredentials: Add _dbus_clear_credentials()
Not to be confused with _dbus_credentials_clear(), which does something
different (this is a little unfortunate, but the fact that they take
different types should clarify which is which).
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103737
Simon McVittie [Tue, 16 Jan 2018 13:16:38 +0000 (13:16 +0000)]
credentials: Add test coverage for stringification
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103737
It can't actually matter in practice, because we never know the
Unix uid and Unix groups but not pid, and we never have a Windows SID
and also a Linux security label; but resetting join to FALSE can only
ever result in us outputting something like "foo=123bar=456" instead
of the intended form with a space in the middle.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103737
Simon McVittie [Tue, 16 Jan 2018 13:16:23 +0000 (13:16 +0000)]
credentials: Add test coverage for groups
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103737 Reviewed-by: Philip Withnall <withnall@endlessm.com>
Simon McVittie [Mon, 15 Jan 2018 19:44:45 +0000 (19:44 +0000)]
sysdeps: Get complete group vector from Linux SO_PEERGROUPS if possible
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103737 Reviewed-by: Philip Withnall <withnall@endlessm.com>
Simon McVittie [Fri, 12 Jan 2018 19:12:41 +0000 (19:12 +0000)]
DBusTransport, DBusConnection: Add internal getter for the credentials
We have a lot of dbus_connection_get_foo() and
_dbus_transport_get_foo() that are actually rather redundant.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103737
Simon McVittie [Mon, 15 Jan 2018 15:31:55 +0000 (15:31 +0000)]
bus: Also tell systemd before we shut down
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104641
Simon McVittie [Mon, 15 Jan 2018 15:31:41 +0000 (15:31 +0000)]
bus: Also tell systemd when we're reloading
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104641
Simon McVittie [Mon, 15 Jan 2018 15:15:52 +0000 (15:15 +0000)]
bus: Notify systemd when we are ready
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104641 Reviewed-by: Philip Withnall <withnall@endlessm.com>
Simon McVittie [Mon, 15 Jan 2018 15:26:33 +0000 (15:26 +0000)]
bus: Don't pass systemd environment variables to activated services
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104641 Reviewed-by: Philip Withnall <withnall@endlessm.com>
Simon McVittie [Tue, 20 Feb 2018 11:45:39 +0000 (11:45 +0000)]
Add a unit test for the dbus-daemon resetting its fd limit
Reviewed-by: David King <dking@redhat.com>
[smcv: Fix typo in cmake macro name] Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=105165
Simon McVittie [Tue, 20 Feb 2018 12:20:35 +0000 (12:20 +0000)]
cmake: Check for getrlimit, setrlimit
This gives us feature parity with the Autotools build system for this
particular area, and in particular means a system dbus-daemon built
with cmake can expand its fd limit.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=105165
David King [Wed, 7 Feb 2018 14:37:24 +0000 (14:37 +0000)]
bus: raise fd limits before dropping privs
Startup ordering was changed in #92832 to ensure that SELinux audit
messages could be sent. As a side effect, the raising of file descriptor
limits was moved to after the dropping of root privileges, resulting in
the limit change always failing.
Move the raise_file_descriptor_limit() call to ensure that it is called
before dropping root privileges.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=105165
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1529044
[smcv: Call raise_file_descriptor_limit() even if !context->user] Reviewed-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Mon, 15 Jan 2018 17:23:16 +0000 (17:23 +0000)]
test/containers: Test the new header field
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101899
Simon McVittie [Mon, 15 Jan 2018 16:40:06 +0000 (16:40 +0000)]
containers: Add a method to ask to be sent the connection instance header
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101899
Simon McVittie [Mon, 15 Jan 2018 16:30:33 +0000 (16:30 +0000)]
DBusMessage: Add a header field for the container instance
In the bus daemon, don't pass through the container instance path:
if there's any value here at all, we want to be able to guarantee that
we sent it (in a later commit).
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101899
Simon McVittie [Mon, 15 Jan 2018 16:31:53 +0000 (16:31 +0000)]
bus_transaction_send: Take sender and destination connections
We'll need this if we want to stamp optional header fields on the
message according to the preferences of the recipient(s).
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101899
Philip Withnall [Sat, 3 Feb 2018 11:25:17 +0000 (12:25 +0100)]
doc: Fix bracket escaping in Ducktype API design file
There’s no need to escape closing brackets if the paired opening bracket
is escaped (or doesn’t need escaping).
See
https://github.com/projectmallard/mallard-ducktype/issues/16#issuecomment-362590519.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104925 Reviewed-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Thu, 1 Feb 2018 19:47:00 +0000 (19:47 +0000)]
Add new test for waiting on pending calls in threads
Based on code contributed by Manish Narang. This is not included in the
automated test suite, because it isn't reliable on heavily-loaded
automatic test infrastructure like Travis-CI.
Reviewed-by: Philip Withnall <withnall@endlessm.com>
[smcv: Add the test to the CMake build system too, as requested]
[smcv: Convert into a manual test] Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=102839
Simon McVittie [Thu, 1 Feb 2018 19:46:28 +0000 (19:46 +0000)]
test_try_connect_to_bus: Allow skipping the use of a DBusLoop
DBusLoop isn't thread-safe, so we can't use it to test multi-threaded
situations.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=102839 Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Simon McVittie [Thu, 25 Jan 2018 12:35:07 +0000 (12:35 +0000)]
DBusPendingCall: Improve doc-comments around completed flag
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=102839 Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Manish Narang [Thu, 25 Jan 2018 11:39:44 +0000 (11:39 +0000)]
DBusPendingCall: Only update ->completed under the connection lock
If one thread is blocking on a pending call, and another thread is
dispatching the connection, then we need them to agree on the value
of the completed flag by protecting all accesses with a lock. Reads
for this member seem to have the connection lock already, so it's
sufficient to make sure that the only write also happens under the
connection lock.
We already set the completed flag before calling the callback, so it
seems OK to stretch it to meaning that some thread has merely *taken
responsibility for* calling the callback.
The completed flag shares a bitfield with timeout_added, but that
flag is protected by the connection lock already.
Based on suggestions from Simon McVittie on
<https://bugs.freedesktop.org/show_bug.cgi?id=102839>.
Manish Narang [Thu, 25 Jan 2018 11:39:44 +0000 (11:39 +0000)]
DBusConnection: Pass a pending call around more often
If a pending call is provided, _dbus_connection_do_iteration_unlocked
checks whether it has completed or has a reply ready as soon as it
acquires the I/O path. If that's the case, then the iteration
terminates without trying to carry out I/O, so that the pending call
can be dispatched immediately, without blocking until a timeout is
reached. This change is believed to be necessary, but not sufficient,
to resolve #102839.
Based on part of a patch from Michael Searle on
<https://bugs.freedesktop.org/show_bug.cgi?id=102839>.
Commit message added by Simon McVittie.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=102839 Reviewed-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Tue, 16 Jan 2018 12:23:06 +0000 (12:23 +0000)]
_dbus_credentials_add_from_user: Check return of add_unix_uid
Coverity CID 253543.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104588 Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Simon McVittie [Mon, 15 Jan 2018 14:14:29 +0000 (14:14 +0000)]
dbus-spawn-unix: Rename from dbus-spawn
This file is the Unix counterpart of dbus-spawn-win.c, so it's less
confusing for it to have an indicative name.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104588
Simon McVittie [Mon, 15 Jan 2018 14:12:33 +0000 (14:12 +0000)]
dbus-spawn.c: Eliminate trailing whitespace
Otherwise the pre-commit hook won't let me rename it.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104588
Simon McVittie [Fri, 12 Jan 2018 14:09:59 +0000 (14:09 +0000)]
Clarify which files are Unix-specific
dbus-spawn.c and dbus-userdb* don't have obviously-Unix-specific names,
but are Unix-specific anyway.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104588
Simon McVittie [Fri, 12 Jan 2018 16:52:58 +0000 (16:52 +0000)]
test: Add a test-case for EXTERNAL auth rejecting usernames
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104588
Simon McVittie [Fri, 12 Jan 2018 16:50:20 +0000 (16:50 +0000)]
test: Add a test for authenticating with an empty authorization identity
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104588
Simon McVittie [Fri, 12 Jan 2018 16:47:55 +0000 (16:47 +0000)]
DBusAuthScript: Make USERNAME_HEX differ from USERID_HEX
Previously, USERID_HEX and USERNAME_HEX were both replaced by the hex
encoding of the numeric uid, something like 31303030 for "1000".
Now USERNAME_HEX is something like 736d6376 for "smcv". This is only
supported on Unix, but no authentication mechanisms use usernames on
Windows anyway.
This would require changing the tests that make use of USERNAME_HEX
if we had any, but we currently don't.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104588
Simon McVittie [Fri, 12 Jan 2018 16:09:08 +0000 (16:09 +0000)]
_dbus_credentials_add_from_user: Only accept numeric uid for EXTERNAL
In the well-known system dbus-daemon, it's desirable to avoid looking
up non-numeric authorization identities in the user database, because
that could deadlock with NSS modules that directly or indirectly
require the system bus. Add a flag for whether the username will be
looked up in the userdb, and don't set that flag for EXTERNAL auth
(which is what we use on the system bus, and on the session bus
if not configured otherwise).
DBUS_COOKIE_SHA1 authentication is documented in terms of the
username (although in fact libdbus sends a numeric uid there too,
and GDBus only accepts a numeric uid) so continue to use the userdb
for that mechanism. DBUS_COOKIE_SHA1 needs to use the userdb on Unix
anyway, otherwise it won't find the user's home directory.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104588
While I'm changing its signature anyway, I might as well fix a
long-standing FIXME.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104588
Simon McVittie [Fri, 12 Jan 2018 14:22:23 +0000 (14:22 +0000)]
_dbus_credentials_add_from_user: Add a fast-path for numeric strings
The very common case for this function is that during AUTH EXTERNAL,
it receives a Unix uid encoded as an ASCII decimal integer. There is
no need to look up such uids in the system's user database
(/etc/password or NSS) when the only information we are going to use
from the DBusUserInfo struct is the uid anyway. This avoids taking
the lock and performing a potentially time-consuming NSS lookup.
This changes behaviour in one corner case: if a privileged process has
used one of the set*uid family of functions to set its effective uid
to a numeric uid that does not exist in the system's user database,
we would previously fail. Now, we succeed anyway: it is true to say
in the DBusCredentials that the process has uid 12345, even if uid
12345 does not correspond to any named user.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104588
Simon McVittie [Fri, 12 Jan 2018 19:55:41 +0000 (19:55 +0000)]
containers: Include credentials of initiator in container instance info
This provides the necessary information for services to make an
informed decision about how far they should trust the container type,
name and metadata fields.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104610
Simon McVittie [Wed, 10 Jan 2018 15:36:55 +0000 (15:36 +0000)]
driver: Factor out bus_driver_fill_connection_credentials
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104610
Simon McVittie [Wed, 10 Jan 2018 15:01:33 +0000 (15:01 +0000)]
bus driver: Omit container type, name from GetConnectionCredentials
On the session bus, the container type and name might be
uncontroversial, but on the system bus, it's questionable how far
they can be trusted: they're supplied by the initiator of the
per-container server, so we only have their word for it. While we
think about what to do about this, remove them, leaving only the
instance (which can be used to look up the rest).
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104610
Simon McVittie [Wed, 10 Jan 2018 15:00:41 +0000 (15:00 +0000)]
test/containers: Don't require type, name in GetConnectionCredentials
On the session bus, the container type and name might be
uncontroversial, but on the system bus, it's questionable how far
they can be trusted: they're supplied by the initiator of the
per-container server, so we only have their word for it.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104610
Simon McVittie [Tue, 19 Dec 2017 19:21:16 +0000 (19:21 +0000)]
header-fields test: Assert that we can remove multiple unknown fields
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=100317 Reviewed-by: Philip Withnall <withnall@endlessm.com> Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Tue, 12 Dec 2017 15:36:36 +0000 (15:36 +0000)]
spec: Document the design principle that new headers must be asked for
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=100317 Reviewed-by: Philip Withnall <withnall@endlessm.com> Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Tue, 12 Dec 2017 14:05:20 +0000 (14:05 +0000)]
tests: Assert that dbus-daemon filters unknown header fields
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=100317 Reviewed-by: Philip Withnall <withnall@endlessm.com> Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Tue, 12 Dec 2017 14:05:04 +0000 (14:05 +0000)]
dbus-daemon: Filter out unknown header fields
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=100317 Reviewed-by: Philip Withnall <withnall@endlessm.com> Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=100317 Reviewed-by: Philip Withnall <withnall@endlessm.com> Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Tue, 12 Dec 2017 14:04:04 +0000 (14:04 +0000)]
_dbus_message_remove_unknown_fields: Add
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=100317 Reviewed-by: Philip Withnall <withnall@endlessm.com> Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Mon, 27 Nov 2017 15:51:15 +0000 (15:51 +0000)]
Add a test for header fields
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=100317 Reviewed-by: Philip Withnall <withnall@endlessm.com> Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Mon, 11 Dec 2017 18:46:47 +0000 (18:46 +0000)]
spec: Recommend that relaying servers filter header fields
This is an interpretation of the existing text. There are two plausible
ways a relaying server could interpret "must ignore [new] fields":
it could pass them through as-is, or it could delete them before
relaying. Until now, the reference implementation has done the former.
However, this behaviour is difficult to defend. If a server relays
messages without filtering out header fields that it doesn't
understand, then a client can't know whether the header field was
supplied by the server, or whether it was supplied by a (possibly
malicious) fellow client.
We can't introduce useful round-trip-reducing header fields like
SENDER_UNIX_USER_ID or SENDER_LINUX_SECURITY_LABEL until the
message bus filters them out, *and* provides a way for clients to
know for sure that it has done so. This is a step towards that
feature.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=100317 Reviewed-by: Philip Withnall <withnall@endlessm.com> Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Mon, 11 Dec 2017 18:40:36 +0000 (18:40 +0000)]
spec: Allow non-message-bus servers to use SENDER and DESTINATION
The Telepathy "Tubes" APIs are an example of a server that is not a
message bus, but makes use of the sender and destination fields to
provide broadly unique-connection-name-like semantics.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=100317 Reviewed-by: Philip Withnall <withnall@endlessm.com> Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Tue, 12 Dec 2017 13:36:24 +0000 (13:36 +0000)]
spec: Describe the EXTERNAL and ANONYMOUS auth mechanisms
These are defined by standard RFCs rather than by D-Bus. What
separates them from other standard mechanisms like PLAIN (RFC 4616)
is that in practice, D-Bus implementations support EXTERNAL,
DBUS_COOKIE_SHA1 and sometimes ANONYMOUS, but not PLAIN.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104224
Simon McVittie [Tue, 12 Dec 2017 13:19:51 +0000 (13:19 +0000)]
spec: Make example authentication transactions more realistic
We don't need to invent a MAGIC_COOKIE mechanism when we have a
perfectly good EXTERNAL.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104224
Simon McVittie [Tue, 12 Dec 2017 13:10:11 +0000 (13:10 +0000)]
spec: Define what non-empty authorization identity strings mean
The SASL RFC requires that we do this. I had previously thought that
the D-Bus protocol on Unix requires the use of numeric user IDs,
but in fact the reference implementation will also accept usernames.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com> Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104224
Simon McVittie [Mon, 11 Dec 2017 17:47:56 +0000 (17:47 +0000)]
spec: ERROR takes an optional explanation in both directions
The examples don't include an explanation, but the reference
implementation always sends the human-readable explanation, in both
directions.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104224
Simon McVittie [Mon, 11 Dec 2017 17:39:31 +0000 (17:39 +0000)]
spec: Document NEGOTIATE_UNIX_FD, AGREE_UNIX_FD in state machines
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104224
Simon McVittie [Tue, 12 Dec 2017 12:33:00 +0000 (12:33 +0000)]
spec: Document expected reply for each client-to-server auth command
Client-to-server auth commands expect a reply, whereas
server-to-client auth commands don't (the client is expected to send
another command that is valid in the new state, but it isn't really
a direct reply to the server-to-client command).
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104224
Simon McVittie [Tue, 12 Dec 2017 12:31:20 +0000 (12:31 +0000)]
spec: Document the direction of each auth command
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104224
Simon McVittie [Mon, 11 Dec 2017 17:27:16 +0000 (17:27 +0000)]
spec: Move text about the BEGIN command to documentation of BEGIN
Having the text about the message stream in the documentation
of AUTH seemed rather odd, and made it likely to get out of sync
with the rest of the spec. Move it to the BEGIN section, remove
some duplication, and make it clearer that if the client pipelines
the fd-negotiation, the server is expected to send exactly one
reply per non-BEGIN command before switching to the D-Bus wire protocol.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104224
Simon McVittie [Tue, 12 Dec 2017 12:23:50 +0000 (12:23 +0000)]
spec: Explicitly say that auth client and server take turns
This was (hopefully) implicit in the protocol descriptions, but we
never actually said it. Do so.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104224
Simon McVittie [Thu, 11 Jan 2018 18:20:34 +0000 (18:20 +0000)]
Revert "spec: Document the initial Containers1 interface"
This reverts commit 39262d0a2913fc8ee951beb3d0241720abf651c0.
I'm reasonably sure the API for Container1 is going to change
incompatibly, so it isn't ready to be in the published spec yet.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Chris Lesiak [Wed, 10 Jan 2018 21:35:20 +0000 (15:35 -0600)]
Modify systemd tmpfiles.d snippet to create /var/lib/dbus/
This snippet was already attempting to create /var/lib/dbus/machine-id,
but would fail on volatile or stateless systems where /var/lib/dbus/
did not already exist. systemd-tmpfiles automatically creates parent
directories for tmpfiles of type 'd', 'D', etc., but not for files
or symlinks (https://github.com/systemd/systemd/issues/7853).
Signed-off-by: Chris Lesiak <chris.lesiak@licor.com>
[smcv: Extended commit message to clarify why we need this]
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104577 Reviewed-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Sun, 26 Nov 2017 11:40:51 +0000 (11:40 +0000)]
spec: Deprecate hyphen/minus in well-known names
We don't really need two parallel forms of punctuation, and in
particular DNS domain names only have one (hyphens). If we choose one
representation and deprecate the other, it makes the recommendation
clearer for app authors.
This reflects a similar change to the Desktop Entry Specification,
which uses D-Bus well-known names as app IDs. While hyphens are not a
problem for D-Bus well-known names or for freedesktop.org app IDs,
they create problems for adjacent APIs and specifications that want to
use a well-known name in a context where hyphens are not allowed.
Hyphens are not allowed in D-Bus object paths and interface names,
are only conditionally allowed in Flatpak app IDs (they can only
appear in the last element), and have a special syntactic role in
Freedesktop icon names.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103216
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103914 Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com> Reviewed-by: Alexander Larsson <alexl@redhat.com>
Simon McVittie [Tue, 12 Dec 2017 17:41:19 +0000 (17:41 +0000)]
Merge branch 'containers-minimum-101354'
Add experimental support for creating extra servers at runtime, to
be used by app containers like Flatpak or Snap. This API is still
subject to change and is not compiled in by default.
Simon McVittie [Fri, 30 Jun 2017 14:50:56 +0000 (15:50 +0100)]
system.conf: Allow creating containers on the system bus
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354
Simon McVittie [Fri, 23 Jun 2017 15:45:13 +0000 (16:45 +0100)]
bus/driver: Allow unprivileged connections to create app-containers
This lets ordinary users create a limited number of app-containers
on the system bus.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354
Simon McVittie [Mon, 24 Jul 2017 11:37:12 +0000 (12:37 +0100)]
Revert "test/uid-permissions: Assert that AddServer is privileged"
I'm about to make that not be true.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354
Simon McVittie [Fri, 23 Jun 2017 15:24:22 +0000 (16:24 +0100)]
test/containers: Exercise the resource limits
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354
Simon McVittie [Mon, 24 Jul 2017 11:36:32 +0000 (12:36 +0100)]
containers: Enforce max_containers_per_user
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354
Simon McVittie [Thu, 22 Jun 2017 21:49:06 +0000 (22:49 +0100)]
bus/containers: Enforce max_containers limit
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354
Simon McVittie [Thu, 22 Jun 2017 11:19:51 +0000 (12:19 +0100)]
bus/containers: Limit the size of metadata we will store
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354
Simon McVittie [Fri, 23 Jun 2017 14:11:47 +0000 (15:11 +0100)]
test/containers: Check that GetInstanceInfo stops working
After the container instance is removed, the method should not work.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354
Simon McVittie [Thu, 6 Jul 2017 16:29:26 +0000 (17:29 +0100)]
t/containers: Exercise trivial and non-trivial container metadata
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354
Simon McVittie [Fri, 9 Jun 2017 14:59:44 +0000 (15:59 +0100)]
test/dbus-daemon: Assert absence of Containers1 credentials
These connections are not to a container server.
Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354
projects / thirdparty / dbus.git / log
