1. 05 Jun, 2014 1 commit
    • Alban Crequy's avatar
      CVE-2014-3477: deliver activation errors correctly, fixing Denial of Service · 24c59070
      Alban Crequy authored
      How it should work:
      
      When a D-Bus message activates a service, LSMs (SELinux or AppArmor) check
      whether the message can be delivered after the service has been activated. The
      service is considered activated when its well-known name is requested with
      org.freedesktop.DBus.RequestName. When the message delivery is denied, the
      service stays activated but should not receive the activating message (the
      message which triggered the activation). dbus-daemon is supposed to drop the
      activating message and reply to the sender with a D-Bus error message.
      
      However, it does not work as expected:
      
      1. The error message is delivered to the service instead of being delivered to
         the sender. As an example, the error message could be something like:
      
           An SELinux policy prevents this sender from sending this
           message to this recipient, [...] member="MaliciousMethod"
      
         If the sender and the service are malicious confederates and agree on a
         protocol to insert information in the member name, the sender can leak
         information to the service, even though the LSM attempted to block the
         communication between the sender and the service.
      
      2. The error message is delivered as a reply to the RequestName call from
         service. It means the activated service will believe it cannot request the
         name and might exit. The sender could activate the service frequently and
         systemd will give up activating it. Thus the denial of service.
      
      The following changes fix the bug:
      - bus_activation_send_pending_auto_activation_messages() only returns an error
        in case of OOM. The prototype is changed to return TRUE, or FALSE on OOM
        (and its only caller sets the OOM error).
      - When a client is not allowed to talk to the service, a D-Bus error message
        is pre-allocated to be delivered to the client as part of the transaction.
        The error is not propagated to the caller so RequestName will not fail
        (except on OOM).
      
      [fixed a misleading comment -smcv]
      
      Bug: https://bugs.freedesktop.org/show_bug.cgi?id=78979Reviewed-by: default avatarSimon McVittie <simon.mcvittie@collabora.co.uk>
      Reviewed-by: Colin Walters's avatarColin Walters <walters@verbum.org>
      24c59070
  2. 09 Jul, 2010 1 commit
  3. 28 Jan, 2010 1 commit
    • Colin Walters's avatar
      Don't drop pending activations when reloading configuration · b93476ce
      Colin Walters authored
      The reload handling for activation simply dropped all knowledge
      of pending activations, which was clearly wrong.  Refactor things
      so that reload only reloads directories, server address etc.
      
      Based on a patch originally from Matthias Clasen <mclasen@redhat.com>
      b93476ce
  4. 14 Jul, 2009 1 commit
  5. 10 Jul, 2009 1 commit
  6. 12 Jul, 2008 1 commit
    • Ray Strode's avatar
      Store what environment to activate with on activation object · 91306ef9
      Ray Strode authored
      We now keep the environment in a hash table member of the
      activation object and provide a method
      bus_activation_set_environment_variable to modify the
      hash table.  This hash table is seeded initially with the
      environment of the bus daemon itself.
      91306ef9
  7. 14 Jul, 2007 1 commit
  8. 14 Jul, 2006 1 commit
    • John Palmieri's avatar
      * bus/activation.[ch] (bus_activation_list_services): new function to · 7628b541
      John Palmieri authored
        get the list of services that can be activated
      
      * bus/dispatch.c: test coverage for the new bus method
        ListActivatableNames
      
      * bus/driver.c: new bus method ListActivatableNames to get the list of
        services that can be activated
      
      * doc/dbus-specification.xml: ListActivatableNames method documentation
      7628b541
  9. 10 Aug, 2004 1 commit
  10. 16 Mar, 2004 1 commit
    • Richard Hult's avatar
      2004-03-16 Richard Hult <richard@imendio.com> · 93f433a1
      Richard Hult authored
      	* bus/activation.c: (bus_activation_service_created),
      	(bus_activation_send_pending_auto_activation_messages),
      	(bus_activation_activate_service):
      	* bus/activation.h:
      	* bus/dispatch.c: (bus_dispatch),
      	(check_nonexistent_service_auto_activation),
      	(check_service_auto_activated),
      	(check_segfault_service_auto_activation),
      	(check_existent_service_auto_activation), (bus_dispatch_test):
      	* bus/driver.c: (bus_driver_handle_activate_service):
      	* bus/services.c: (bus_registry_acquire_service):
      	* dbus/dbus-message.c: (dbus_message_set_auto_activation),
      	(dbus_message_get_auto_activation):
      	* dbus/dbus-message.h:
      	* dbus/dbus-protocol.h: Implement auto-activation.
      93f433a1
  11. 02 Dec, 2003 1 commit
  12. 27 Nov, 2003 1 commit
  13. 02 Apr, 2003 2 commits
    • Havoc Pennington's avatar
      2003-04-02 Havoc Pennington <hp@redhat.com> · e55fd2c6
      Havoc Pennington authored
      	* bus/connection.c (bus_transaction_send_error_reply): set sender
      	service for the error, and unref the reply on success
      
      	* bus/activation.c: convert to use BusTransaction so OOM can be
      	handled correctly
      	(bus_activation_service_created): set sender of the message
      e55fd2c6
    • Havoc Pennington's avatar
      2003-04-01 Havoc Pennington <hp@redhat.com> · cfa261b4
      Havoc Pennington authored
      	* bus/config-parser.c, bus/bus.c: implement <servicedir> and
      	<includedir> (at least mostly)
      
      	* dbus/dbus-sysdeps.c (_dbus_change_identity): set the group ID
      	first, then the user ID
      cfa261b4
  14. 31 Mar, 2003 1 commit
    • Havoc Pennington's avatar
      2003-03-31 Havoc Pennington <hp@pobox.com> · 29c71168
      Havoc Pennington authored
      	* dbus/dbus-transport-unix.c (_dbus_transport_new_for_domain_socket)
      	(_dbus_transport_new_for_tcp_socket): these didn't need the "server"
      	argument since they are always client side
      
      	* dbus/dbus-server.c (dbus_server_get_address): new function
      
      	* bus/main.c (main): take the configuration file as an argument.
      
      	* test/data/valid-config-files/debug-allow-all.conf: new file to
      	use with dispatch.c tests for example
      
      	* bus/test-main.c (main): require test data dir
      
      	* bus/bus.c (bus_context_new): change this to take a
      	configuration file name as argument
      
      	* doc/config-file.txt (Elements): add <servicedir>
      
      	* bus/system.conf, bus/session.conf: new files
      
      	* dbus/dbus-bus.c (dbus_bus_get): look for system bus on
      	well-known socket if none set
      
      	* configure.in: create system.conf and session.conf
      29c71168
  15. 16 Mar, 2003 1 commit
    • Anders Carlsson's avatar
      2003-03-16 Anders Carlsson <andersca@codefactory.se> · 3f4086f0
      Anders Carlsson authored
      	* bus/activation.c: (bus_pending_activation_entry_free),
      	(bus_pending_activation_free), (bus_activation_new),
      	(bus_activation_unref), (bus_activation_service_created),
      	(bus_activation_activate_service):
      	* bus/activation.h:
      	* bus/bus.c: (bus_context_new):
      	* bus/desktop-file.c: (new_section):
      	* bus/driver.c: (bus_driver_send_service_deleted),
      	(bus_driver_handle_activate_service):
      	* bus/services.c: (bus_registry_new), (bus_registry_ensure):
      	* bus/services.h:
      	* dbus/dbus-connection.c:
      	(dbus_connection_send_with_reply_and_block):
      	* dbus/dbus-message.c: (dbus_message_append_args_valist):
      	* dbus/dbus-protocol.h:
      	Make activation work better. Now pending activations will be queued
      	and the daemon won't try to activate services that are already registered.
      3f4086f0
  16. 13 Mar, 2003 2 commits
    • Havoc Pennington's avatar
      2003-03-12 Havoc Pennington <hp@pobox.com> · 6ecc14ff
      Havoc Pennington authored
      	Throughout: purge global variables, introduce BusActivation,
      	BusConnections, BusRegistry, etc. objects instead.
      
      	* bus/bus.h, bus/bus.c: introduce BusContext as a global
      	message bus object
      
      	* test/Makefile.am (TEST_BINARIES): disable bus-test for now,
      	going to redo this a bit differently I think
      6ecc14ff
    • Havoc Pennington's avatar
      2003-03-12 Havoc Pennington <hp@redhat.com> · 29560adc
      Havoc Pennington authored
              Mega-patch that gets the message bus daemon initially handling
      	out-of-memory. Work still needed. Also lots of random
      	moving stuff to DBusError instead of ResultCode.
      
      	* dbus/dbus-list.c (_dbus_list_length_is_one): new function
      
      	* dbus/dbus-connection.c
      	(dbus_connection_send_with_reply_and_block): use DBusError
      
      	* dbus/dbus-bus.c: adapt to API changes, make it use DBusError not
      	DBusResultCode
      
      	* dbus/dbus-connection.c (dbus_connection_send): drop the result
      	code here, as the only failure possible is OOM.
      
      	* bus/connection.c (bus_connection_disconnect):
      	rename bus_connection_disconnected as it's a notification only
      
      	* bus/driver.c (bus_driver_handle_acquire_service): don't free
      	"name" on get_args failure, should be done by get_args;
      	don't disconnect client for bad args, just return an error.
      	(bus_driver_handle_service_exists): ditto
      
      	* bus/services.c (bus_services_list): NULL-terminate returned array
      
      	* bus/driver.c (bus_driver_send_service_lost)
      	(bus_driver_send_service_acquired): send messages from driver to a
      	specific client to the client's unique name, not to the broadcast
      	service.
      
      	* dbus/dbus-message.c (decode_header_data): reject messages that
      	contain no name field
      	(_dbus_message_get_client_serial): rename to
      	dbus_message_get_serial and make public
      	(_dbus_message_set_serial): rename from set_client_serial
      	(_dbus_message_set_reply_serial): make public
      	(_dbus_message_get_reply_serial): make public
      
      	* bus/connection.c (bus_connection_foreach): allow stopping
      	iteration by returning FALSE from foreach function.
      
      	* dbus/dbus-connection.c (dbus_connection_send_preallocated)
      	(dbus_connection_free_preallocated_send)
      	(dbus_connection_preallocate_send): new API for sending a message
      	without possibility of malloc failure.
      	(dbus_connection_send_message): rename to just
      	dbus_connection_send (and same for whole function family)
      
      	* dbus/dbus-errors.c (dbus_error_free): make this reinit the error
      
      	* dbus/dbus-sysdeps.c (_dbus_exit): new function
      
      	* bus/activation.c: handle/return errors
      
      	* dbus/dbus-errors.h: add more DBUS_ERROR #define
      
      	* dbus/dbus-sysdeps.c (_dbus_directory_open) (_dbus_file_get_contents)
      	(_dbus_directory_get_next_file): use DBusError instead of DBusResultCode
      	(_dbus_result_from_errno): move to this file
      29560adc
  17. 17 Feb, 2003 1 commit
    • Anders Carlsson's avatar
      2003-02-17 Anders Carlsson <andersca@codefactory.se> · 3c8db267
      Anders Carlsson authored
      	* bus/activation.c: (bus_activation_init), (child_setup),
      	(bus_activation_activate_service):
      	* bus/activation.h:
      	* bus/main.c: (main):
      	Set DBUS_ADDRESS environment variable.
      
      	* dbus/dbus-errors.c: (dbus_set_error):
      	Don't use va_copy since that's a C99 feature.
      
      	* dbus/dbus-sysdeps.c: (_dbus_setenv), (do_exec),
      	(_dbus_spawn_async):
      	* dbus/dbus-sysdeps.h:
      	Add child_setup_func to _dbus_spawn_async.
      
      	* doc/dbus-specification.sgml:
      	Update specification.
      
      	* test/spawn-test.c: (setup_func), (main):
      	Fix test.
      3c8db267
  18. 16 Feb, 2003 1 commit
    • Anders Carlsson's avatar
      2003-02-16 Anders Carlsson <andersca@codefactory.se> · f116b128
      Anders Carlsson authored
      	* bus/activation.c: (load_directory), (bus_activation_init),
      	(bus_activation_activate_service):
      	* bus/activation.h:
      	* bus/driver.c:
      	(bus_driver_handle_activate_service), (bus_driver_handle_message):
      	More work on the activation handling.
      
      	* dbus/dbus-errors.h:
      	Add some error messages
      
      	* dbus/dbus-message.c: (dbus_message_new_error_reply):
      	* dbus/dbus-message.h:
      	New function that creates an error message.
      
      	* dbus/dbus-protocol.h:
      	Add ACTIVATE_SERVER message.
      
      	* dbus/dbus-server-unix.c: (unix_handle_watch),
      	(_dbus_server_new_for_domain_socket):
      	Call _dbus_fd_set_close_on_exec.
      
      	* dbus/dbus-sysdeps.c: (make_pipe), (do_exec),
      	(_dbus_spawn_async), (_dbus_disable_sigpipe),
      	(_dbus_fd_set_close_on_exec):
      	* dbus/dbus-sysdeps.h:
      	Add _dbus_fd_set_close_on exec function. Also add function that checks
      	that all open fds are set to close-on-exec and warns otherwise.
      
      	* dbus/dbus-transport-unix.c:
      	(_dbus_transport_new_for_domain_socket):
      	Call _dbus_fd_set_close_on_exec.
      f116b128
  19. 15 Feb, 2003 1 commit
    • Anders Carlsson's avatar
      2003-02-15 Anders Carlsson <andersca@codefactory.se> · efd53eca
      Anders Carlsson authored
      	* bus/Makefile.am:
      	* bus/activation.c: (bus_activation_entry_free),
      	(add_desktop_file_entry), (load_directory), (bus_activation_init):
      	* bus/activation.h:
      	* bus/main.c: (main):
      	Add simple activation support, doesn't work yet though.
      efd53eca
  20. 13 Feb, 2003 1 commit
    • Anders Carlsson's avatar
      2003-02-13 Anders Carlsson <andersca@codefactory.se> · 02dfd4fb
      Anders Carlsson authored
      	* bus/Makefile.am:
      	Add utils.[ch]
      
      	* bus/connection.c: (bus_connection_foreach):
      	Fix a warning.
      
      	* bus/desktop-file.c: (grow_lines_in_section), (grow_sections),
      	(unescape_string), (new_section), (parse_section_start),
      	(parse_key_value), (report_error), (bus_desktop_file_load),
      	(bus_desktop_file_get_string):
      	* bus/desktop-file.h:
      	Use DBusError for error reporting.
      
      	* bus/dispatch.c: (send_one_message),
      	(bus_dispatch_message_handler):
      	* bus/driver.c: (bus_driver_send_service_deleted),
      	(bus_driver_send_service_created), (bus_driver_send_service_lost),
      	(bus_driver_send_service_acquired), (bus_driver_handle_hello),
      	(bus_driver_send_welcome_message),
      	(bus_driver_handle_list_services),
      	(bus_driver_handle_acquire_service),
      	(bus_driver_handle_service_exists):
      	* bus/loop.c: (bus_loop_run):
      	* bus/main.c:
      	Use BUS_HANDLE_OOM instead of _DBUS_HANDLE_OOM.
      
      	* bus/utils.c: (bus_wait_for_memory):
      	* bus/utils.h:
      	New files with general utility functions.
      
      	* dbus/dbus-internals.h:
      	Remove _DBUS_HANDLE_OOM.
      02dfd4fb
  21. 21 Nov, 2002 3 commits
    • Havoc Pennington's avatar
      2002-11-21 Havoc Pennington <hp@redhat.com> · 5a6adeee
      Havoc Pennington authored
      	* dbus/Makefile.am (INCLUDES): define DBUS_COMPILATION
      	so we can allow ourselves to include files directly,
      	instead of having to use dbus.h
      
      	* dbus/dbus.h: fill in
      
      	* dbus/dbus-message.h: sketch out a sample header file.
      	Include griping if you include it directly instead of
      	via dbus.h
      
      	* dbus/dbus-macros.h: new file with macros for extern "C",
      	TRUE/FALSE, NULL, etc.
      
      	* doc/file-boilerplate.c: put include guards in here
      5a6adeee
    • Havoc Pennington's avatar
      2002-11-21 Havoc Pennington <hp@redhat.com> · 89161753
      Havoc Pennington authored
      	* doc/file-boilerplate.c: include both AFL and GPL boilerplate.
      
      	* COPYING: include the GPL as well, and license code
      	under both AFL and GPL.
      89161753
    • Havoc Pennington's avatar
      add file-boilerplate.c · f6343e58
      Havoc Pennington authored
      f6343e58