GitLab

This makes an installed tree with

    /some-prefix/
        etc/
            dbus-1/
                session-local.conf
        share/
            dbus-1/
                session.conf

relocatable to any location.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92028Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Tested-by: Ralf Habacker <ralf.habacker@freenet.de>

This fixes the error reporting if you make two attempts
to activate a service that cannot be activated due to an
error that is reported synchronously, such as a system
service with no User= line in its .service file.

This is easy to reproduce with the gdbus(1) tool, which
sends an Introspect call in addition to the one you asked
it to. If you try to activate a service using

gdbus call --session -d com.example.FailToActivate \
    -o / -m org.freedesktop.DBus.Peer.Ping

then gdbus will actually send two method calls: one
Introspect, and one Ping. The Introspect gets the correct
error reply, but when dbus-daemon enters
bus_activation_activate_service() for the Ping call, it
sees that there is a pending activation and does an
early-return. The pending activation does not finish
until the timeout is reached.

A couple of error cases handled this correctly, but the
majority did not; make them all go into the same code path.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92200Reviewed-by: Thiago Macieira <thiago@kde.org>

Doing strcat() into a static buffer produces incorrect results for
the second and subsequent services if they are not in the ${prefix};
for example, if the first call should have returned
"C:\bar\bin\service1" and the second should have returned
"C:\bar\bin\service2", the second result would actually be
"C:\bar\bin\service1C:\bar\bin\service2".

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83539Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
[smcv: added commit message; used strncpy/strncat to avoid overflow]
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

The canonical location for bus setup changed from
${sysconfdir}/dbus-1 to ${datadir}/dbus-1 (or their CMake
equivalents) in version 1.9.18.

Also stop trying to use bus/session.conf from the build tree,
which will not work if our ${prefix} contains an older
${sysconfdir}/dbus-1/session.conf.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92028Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>

libcap-ng < 0.7.7 leaks one non-close-on-exec fd during initialization.
test-bus asserts that all fds beyond 2 passed to an executed subprocess
have the close-on-exec flag set, which will fail at that leaked fd.

This was unnoticed until commit 517c4685, because libaudit was
previously only initialized if we were configured to switch uid,
which the regression tests do not do; the system bus is normally
the only place that happens, but the system bus is not normally
run with the "embedded tests" enabled (since they are bad
for performance and security).

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=91684Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=91684Reviewed-by: Tyler Hicks <tyhicks@canonical.com>

This will effectively print a warning when failing to open the audit
socket running as a session bus.

The call to audit_open() should succeed even if the dbus-daemon doesn't
have the CAP_AUDIT_WRITE capability.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83856Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

If SELinux is enabled on the system, dbus will check the permissions but
no audit trails will be generated in case of denial as the audit
subsystem is not initialized. Same should apply for apparmor.

[smcv: without audit, the equivalent of the audit trail goes to stderr
where it can be picked up by systemd-journald]

A unprivileged user should be able to open the audit socket
(audit_open()) but should not have the permissions to log an audit
trail. The CAP_AUDIT_WRITE file capability could be set on the
dbus-daemon executable in order to allow the session bus to log an AVC
denial.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83856
[smcv: s/should/could/ in commit message to reflect lack of consensus that
"setcap cap_audit_write+ep dbus-daemon" is desirable in general]
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89225Reviewed-by: Colin Walters <walters@verbum.org>
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89225Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

This fixes various duplicated libaudit interactions in both
SELinux and AppArmor code paths, including opening two audit sockets
if both SELinux and AppArmor were enabled at compile time.
In particular, audit.c is now the only user of libcap-ng.

This commit is not intended to introduce any functional changes,
except for the de-duplication.

The actual audit_log_user_avc_message() call is still duplicated,
because the SELinux and AppArmor code paths use different mechanisms
to compose the audit message: the SELinux path uses a statically-sized
buffer on the stack which might be subject to truncation, whereas
the AppArmor path uses malloc() (via DBusString) and falls back to
using syslog on a memory allocation failure.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89225Reviewed-by: Colin Walters <walters@verbum.org>
[smcv: minor issues raised during review are subsequently fixed]
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

[smcv: added commit message; moved fallback implementation
below definition of DBusPollable; more comments; removed unnecessary cast]
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90314Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Conflicts:
	.gitignore
	NEWS
	tools/dbus-monitor.c

A normal DBusConnection will automatically reply to o.fd.Peer
messages such as Ping. We don't want this: we'll
confuse everyone else by replying to messages that weren't
intended for us.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90952Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
(cherry picked from commit d9ee040d,
commit message adjusted to describe the impact in versions < 1.9)
Conflicts:
	tools/dbus-monitor.c

(cherry picked from commit 1895a8ee)

This does not directly test the code in the previous commit, but it does
confirm that calling dbus_connection_set_route_peer_messages() is enough
to fix the observed bug.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90952Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
[smcv: re-worded commit message in response to review]

A normal DBusConnection will automatically reply to o.fd.Peer
messages such as Ping. We don't want this: if we are using
traditional eavesdropping with an older dbus-daemon, we'll
confuse everyone else by replying to messages that weren't
intended for us. If we are using the new Monitoring
interface (since 1.9.12), the same still applies, but in
addition, the dbus-daemon will disconnect us for not being
a well-behaved monitor.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90952Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>

bus_registry_new: Assert in case of not valid context parameter to avoid potiental crashes (CID 54764).

Because the context parameter is dereferenced several times in related code without a null check,
we need to make sure to have a valid context.

Reported by Coverity: CID 54764: Dereference after null check (FORWARD_NULL)

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90021Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Conflicts:
	NEWS

Reply message was not unreferenced when GetConnectionCredentials
handler was successful.
Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com>
[smcv: changed bus_message_unref() to dbus_message_unref()]
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=91008

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89280Reviewed-by: Dimitri John Ledkov <dimitri.j.ledkov@intel.com>

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89280Reviewed-by: Dimitri John Ledkov <dimitri.j.ledkov@intel.com>

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89280Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89280Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>