1. 28 Jun, 2013 1 commit
  2. 22 Mar, 2012 2 commits
  3. 04 Mar, 2012 1 commit
  4. 14 Jul, 2009 1 commit
  5. 10 Jul, 2009 1 commit
  6. 16 Dec, 2008 2 commits
  7. 12 Dec, 2008 2 commits
  8. 14 Jul, 2007 1 commit
  9. 09 Jun, 2007 1 commit
    • Havoc Pennington's avatar
      2007-06-09 Havoc Pennington <hp@redhat.com> · 7be5fd95
      Havoc Pennington authored
      	* bus/policy.c (bus_policy_create_client_policy): gracefully
      	continue if the connection has no unix user - just don't apply
      	any unix user dependent rules.
      
      	* bus/config-parser.c: remove dbus-userdb.h usage
      
      	* bus/bus.c: remove dbus-userdb.h usage
      
      	* dbus/dbus-transport.c (_dbus_transport_get_is_authenticated):
      	support Windows user function; also, fix the logic for checking
      	auth as root in the default auth code (broken in the previous
      	commit)
      
      	* dbus/dbus-connection.c
      	(dbus_connection_set_windows_user_function): new function
      	(dbus_connection_get_windows_user): new function
      7be5fd95
  10. 15 Mar, 2007 1 commit
  11. 12 Dec, 2006 1 commit
  12. 25 Aug, 2004 1 commit
    • John Palmieri's avatar
      Console user security policy · b78d2220
      John Palmieri authored
      * bus/config-parser.c:
      (struct PolicyType): Add POLICY_CONSOLE
      (struct Element.d.policy): s/gid_or_uid/gid_uid_or_at_console
      (start_busconfig_child): Sets up console element when
      <policy at_console=""> is encountered in a policy file
      (append_rule_from_element): Convert console elements to console
      rules.
      
      * bus/policy.c:
      (bus_policy_create_client_policy): Add console rules to the client
      policy based on if the client is at the console
      (bus_policy_append_console_rule): New function for adding a
      console rule to a policy
      (bus_policy_merge): Handle console rule merging
      
      * dbus/dbus-sysdeps.h: Added the DBUS_CONSOLE_DIR constant
      where we check for console user files
      
      * dbus/dbus-sysdeps.c:
      (_dbus_file_exists): New function which checks if the given
      file exists
      (_dbus_user_at_console): New function which does the system
      specific process of checking if the user is at the console
      
      * dbus/dbus-userdb.c:
      (_dbus_is_console_user): New function converts a UID to user name
      and then calls the system specific _dbus_user_at_console to
      see if the user is at the console and therefor a console user
      b78d2220
  13. 10 Aug, 2004 1 commit
  14. 29 May, 2004 1 commit
    • Havoc Pennington's avatar
      2004-05-29 Havoc Pennington <hp@redhat.com> · 7c77664c
      Havoc Pennington authored
      	* bus/config-parser.c (process_test_valid_subdir): temporarily
      	stop testing config parser OOM handling, since expat has issues
      	http://freedesktop.org/pipermail/dbus/2004-May/001153.html
      
      	* bus/dbus-daemon-1.1.in: change requested_reply to
      	send_requested_reply/receive_requested_reply so we can send the
      	replies, not just receive them.
      
      	* bus/config-parser.c: parse the new
      	send_requested_reply/receive_requested_reply
      
      	* bus/policy.c (bus_client_policy_check_can_send): add
      	requested_reply argument and use it
      
      	* bus/bus.c (bus_context_check_security_policy): pass through
      	requested_reply status to message send check
      
      	* bus/system.conf.in: adapt to requested_reply change
      7c77664c
  15. 02 Dec, 2003 1 commit
  16. 27 Nov, 2003 1 commit
  17. 14 Oct, 2003 1 commit
    • Havoc Pennington's avatar
      2003-10-14 Havoc Pennington <hp@redhat.com> · 3251264a
      Havoc Pennington authored
      	* bus/bus.c (bus_context_check_security_policy): revamp this to
      	work more sanely with new policy-based requested reply setup
      
      	* bus/connection.c (bus_transaction_send_from_driver): set bus
      	driver messages as no reply
      
      	* bus/policy.c (bus_client_policy_check_can_receive): handle a
      	requested_reply attribute on allow/deny rules
      
      	* bus/system.conf: add <allow requested_reply="true"/>
      
      	* bus/driver.c (bus_driver_handle_message): fix check for replies
      	sent to the bus driver, which was backward. How did this ever work
      	at all though? I think I'm missing something.
      
      	* dbus/dbus-message.c (decode_header_data): require error and
      	method return messages to have a reply serial field to be valid
      	(_dbus_message_loader_queue_messages): break up this function;
      	validate that reply serial and plain serial are nonzero;
      	clean up the OOM/error handling.
      	(get_uint_field): don't return -1 from this
      	(dbus_message_create_header): fix signed/unsigned bug
      
      	* bus/connection.c (bus_connections_expect_reply): save serial of
      	the incoming message, not reply serial
      3251264a
  18. 21 Sep, 2003 1 commit
    • Havoc Pennington's avatar
      2003-09-21 Havoc Pennington <hp@pobox.com> · a683a80c
      Havoc Pennington authored
      	Get matching rules mostly working in the bus; only actually
      	parsing the rule text remains. However, the client side of
      	"signal connections" hasn't been started, this patch is only the
      	bus side.
      
      	* dbus/dispatch.c: fix for the matching rules changes
      
      	* bus/driver.c (bus_driver_handle_remove_match)
      	(bus_driver_handle_add_match): send an ack reply from these
      	method calls
      
      	* glib/dbus-gproxy.c (dbus_gproxy_begin_call): fix order of
      	arguments, reported by Seth Nickell
      
      	* bus/config-parser.c (append_rule_from_element): support
      	eavesdrop=true|false attribute on policies so match rules
      	can be prevented from snooping on the system bus.
      
      	* bus/dbus-daemon-1.1.in: consistently use terminology "sender"
      	and "destination" in attribute names; fix some docs bugs;
      	add eavesdrop=true|false attribute
      
      	* bus/driver.c (bus_driver_handle_add_match)
      	(bus_driver_handle_remove_match): handle AddMatch, RemoveMatch
      	messages
      
      	* dbus/dbus-protocol.h (DBUS_SERVICE_ORG_FREEDESKTOP_BROADCAST): get
      	rid of broadcast service concept, signals are just always broadcast
      
      	* bus/signals.c, bus/dispatch.c, bus/connection.c, bus/bus.c:
      	mostly implement matching rules stuff (currently only exposed as signal
      	connections)
      a683a80c
  19. 06 Sep, 2003 1 commit
    • Havoc Pennington's avatar
      2003-09-06 Havoc Pennington <hp@pobox.com> · 83e41dff
      Havoc Pennington authored
      	* doc/dbus-specification.sgml: partial updates
      
      	* bus/dbus-daemon-1.1.in: fix the config file docs for the
      	zillionth time; hopefully I edited the right file this time.
      
      	* bus/config-parser.c (append_rule_from_element): support
      	send_type, send_path, receive_type, receive_path
      
      	* bus/policy.c: add message type and path to the list of things
      	that can be "firewalled"
      83e41dff
  20. 18 Aug, 2003 1 commit
    • Havoc Pennington's avatar
      2003-08-17 Havoc Pennington <hp@pobox.com> · 95717a93
      Havoc Pennington authored
      	This doesn't compile yet, but syncing up so I can hack on it from
      	work. What are branches for if not broken code? ;-)
      
      	* dbus/dbus-protocol.h: remove DBUS_HEADER_FIELD_NAME, add
      	DBUS_HEADER_FIELD_INTERFACE, DBUS_HEADER_FIELD_MEMBER,
      	DBUS_HEADER_FIELD_ERROR_NAME
      
      	* dbus/dbus-hash.c: Introduce DBUS_HASH_TWO_STRINGS as hack to use
      	for the interface+member pairs
      	(string_hash): change to use g_str_hash algorithm
      	(find_direct_function, find_string_function): refactor these to
      	share most code.
      
      	* dbus/dbus-message.c: port all of this over to support
      	interface/member fields instead of name field
      
      	* dbus/dbus-object-registry.c: port over
      
      	* dbus/dbus-string.c (_dbus_string_validate_interface): rename
      	from _dbus_string_validate_name
      
      	* bus/dbus-daemon-1.1: change file format for the
      	<deny>/<allow> stuff to match new message naming scheme
      
      	* bus/policy.c: port over
      
      	* bus/config-parser.c: parse new format
      95717a93
  21. 17 May, 2003 1 commit
  22. 27 Apr, 2003 1 commit
    • Havoc Pennington's avatar
      2003-04-27 Havoc Pennington <hp@pobox.com> · e8d396ef
      Havoc Pennington authored
      	Unbreak my code...
      
      	* dbus/dbus-transport.c (_dbus_transport_get_dispatch_status):
      	report correct status if we finish processing authentication
      	inside this function.
      
      	* bus/activation.c (try_send_activation_failure): use
      	bus_transaction_send_error_reply
      
      	* bus/connection.c (bus_connection_get_groups): return an error
      	explaining the problem
      
      	* bus/bus.c (bus_context_check_security_policy): implement
      	restriction here that inactive connections can only send the
      	hello message. Also, allow bus driver to send anything to
      	any recipient.
      
      	* bus/connection.c (bus_connection_complete): create the
      	BusClientPolicy here instead of on-demand.
      	(bus_connection_get_policy): don't return an error
      
      	* dbus/dbus-message.c (dbus_message_new_error_reply): allow NULL
      	sender field in message being replied to
      
      	* bus/bus.c (bus_context_check_security_policy): fix silly typo
      	causing it to return FALSE always
      
      	* bus/policy.c (bus_client_policy_check_can_send): fix bug where
      	we checked sender rather than destination
      e8d396ef
  23. 17 Apr, 2003 1 commit
    • Havoc Pennington's avatar
      2003-04-15 Havoc Pennington <hp@pobox.com> · 7c022a80
      Havoc Pennington authored
      	* bus/bus.c: create and keep around a shared DBusUserDatabase
      	object.
      
      	* bus/connection.c (bus_connection_get_groups): don't cache
      	groups for user in the connection object, since user database
      	object now does that.
      7c022a80
  24. 14 Apr, 2003 1 commit
    • Havoc Pennington's avatar
      2003-04-13 Havoc Pennington <hp@pobox.com> · 777707ed
      Havoc Pennington authored
      	* dbus/dbus-mainloop.c: fix some reentrancy issues by refcounting
      	callbacks
      
      	* test/data/valid-config-files/debug-allow-all.conf.in: allow all
      	users
      
      	* dbus/dbus-transport.c (_dbus_transport_get_dispatch_status):
      	fix to only recover unused bytes if we're already authenticated
      	(_dbus_transport_get_is_authenticated): fix to still mark us
      	authenticated if there are unused bytes.
      
      	* bus/dispatch.c: implement security policy checking
      
      	* bus/connection.c (bus_transaction_send_from_driver): new
      
      	* bus/bus.c (bus_context_check_security_policy): new
      
      	* bus/dispatch.c (send_service_nonexistent_error): delete this,
      	now we just set the DBusError and it gets converted to an error
      	reply.
      
      	* bus/connection.c (allow_user_function): enable code using actual
      	data from the config file
      
      	* bus/policy.c (list_allows_user): handle wildcard rules for
      	user/group connection perms
      777707ed
  25. 13 Apr, 2003 1 commit
    • Havoc Pennington's avatar
      2003-04-13 Havoc Pennington <hp@pobox.com> · 8aabca8d
      Havoc Pennington authored
      	* bus/config-parser.c: Load up the BusPolicy and BusPolicyRules
      
      	* dbus/dbus-sysdeps.c (_dbus_get_user_id): new function
      
      	* bus/policy.c (bus_policy_append_mandatory_rule)
      	(bus_policy_append_default_rule, bus_policy_append_user_rule)
      	(bus_policy_append_group_rule): new functions
      8aabca8d
  26. 12 Apr, 2003 1 commit
    • Havoc Pennington's avatar
      2003-04-12 Havoc Pennington <hp@pobox.com> · bc983ecf
      Havoc Pennington authored
      	* bus/policy.h: change BusPolicy to be the thing from the config
      	file, and rename old BusPolicy to BusClientPolicy
      
      	* bus/bus.c, bus/connection.c, bus/config-parser.c: change to
      	match change in how policy works
      
      	* dbus/dbus-internals.h: mark assert_not_reached as
      	__attribute((noreturn))__
      bc983ecf
  27. 23 Mar, 2003 1 commit
    • Havoc Pennington's avatar
      2003-03-23 Havoc Pennington <hp@pobox.com> · a26607ab
      Havoc Pennington authored
      	* bus/policy.c, bus/bus.c, bus/connection.c: implement allow/deny
      	policies code
      
      	* dbus/dbus-hash.h: add ULONG hash keys
      
      	* dbus/dbus-sysdeps.c (_dbus_get_groups): new
      	(_dbus_get_group_id): new function
      a26607ab
  28. 20 Mar, 2003 1 commit
    • Havoc Pennington's avatar
      2003-03-20 Havoc Pennington <hp@pobox.com> · 056d76d8
      Havoc Pennington authored
      	* bus/connection.c (bus_connection_send_oom_error): assert that
      	message has a sender
      	(connection_execute_transaction): ditto
      	(bus_connection_preallocate_oom_error): fix to set the sender, and
      	set recipient to the destination service, not the bus driver
      
      	* bus/policy.c: hacking
      
      	* dbus/dbus-message.c (dbus_message_service_is): new function
      	(dbus_message_sender_is): new
      056d76d8
  29. 19 Mar, 2003 1 commit