1. 28 Jul, 2017 2 commits
  2. 07 Apr, 2017 1 commit
  3. 28 Nov, 2016 1 commit
  4. 28 Jun, 2013 1 commit
  5. 22 Mar, 2012 2 commits
  6. 04 Mar, 2012 1 commit
  7. 04 Jan, 2012 1 commit
    • Simon McVittie's avatar
      Revert all changes since a36d4918 · 5df8c3db
      Simon McVittie authored
      Someone seems to have merged part of master into 1.4. Again. Let's go
      back to the "last known good" point (the branch-point of some 1.4
      branches I had locally), then we can cherry-pick the changes that
      should have gone in.
      5df8c3db
  8. 19 Sep, 2011 1 commit
  9. 27 Jul, 2011 1 commit
  10. 03 May, 2010 1 commit
  11. 19 Mar, 2010 1 commit
  12. 14 Jul, 2009 1 commit
  13. 10 Jul, 2009 1 commit
  14. 16 Dec, 2008 2 commits
  15. 12 Dec, 2008 2 commits
  16. 26 Feb, 2008 1 commit
    • John Palmieri's avatar
      CVE-2008-0595 dbus security policy circumvention · 6db561dc
      John Palmieri authored
      * CVE-2008-0595 - security policy of the type <allow send_interface=
        "some.interface.WithMethods"/> work as an implicit allow for
        messages sent without an interface bypassing the default deny rules
        and potentially allowing restricted methods exported on the bus to be
        executed by unauthorized users.  This patch fixes the issue.
      * bus/policy.c (bus_client_policy_check_can_send,
        bus_client_policy_check_can_receive): skip messages without an
        interface when evaluating an allow rule, and thus pass it to the
        default deny rules
      6db561dc
  17. 14 Jul, 2007 1 commit
  18. 09 Jun, 2007 2 commits
    • Havoc Pennington's avatar
      2007-06-09 Havoc Pennington <hp@redhat.com> · 7be5fd95
      Havoc Pennington authored
      	* bus/policy.c (bus_policy_create_client_policy): gracefully
      	continue if the connection has no unix user - just don't apply
      	any unix user dependent rules.
      
      	* bus/config-parser.c: remove dbus-userdb.h usage
      
      	* bus/bus.c: remove dbus-userdb.h usage
      
      	* dbus/dbus-transport.c (_dbus_transport_get_is_authenticated):
      	support Windows user function; also, fix the logic for checking
      	auth as root in the default auth code (broken in the previous
      	commit)
      
      	* dbus/dbus-connection.c
      	(dbus_connection_set_windows_user_function): new function
      	(dbus_connection_get_windows_user): new function
      7be5fd95
    • Havoc Pennington's avatar
      2007-06-09 Havoc Pennington <hp@redhat.com> · 23832672
      Havoc Pennington authored
      	* bus/dispatch.c (check_get_connection_unix_process_id): adapt
      	since sysdeps-unix.h stuff isn't included anymore
      
      	* bus/bus.c (bus_context_new): use more abstract functions to
      	change user, so they can be no-ops on Windows
      
      	* dbus/dbus-credentials.c, dbus/dbus-credentials.h,
      	dbus/dbus-credentials-util.c: new files containing a fully opaque
      	DBusCredentials data type to replace the old not opaque one.
      
      	* configure.in (DBUS_UNIX): define DBUS_UNIX to match DBUS_WIN on
      	windows
      
      	* dbus/dbus-userdb.h: prohibit on Windows, next step is to clean
      	up the uses of it in bus/*.c and factor out the parts of
      	cookie auth that depend on it
      23832672
  19. 19 May, 2007 1 commit
  20. 15 Mar, 2007 1 commit
  21. 12 Dec, 2006 1 commit
  22. 29 Aug, 2005 1 commit
    • John Palmieri's avatar
      * Release 0.36.2 · b701a78a
      John Palmieri authored
      * Add Havoc's patch that never got applied to HEAD (Bug #2436):
      
      * bus/policy.c (bus_policy_allow_user): change default "user is
      allowed" to be "user has same uid as the bus itself"; any
      allow/deny rules will override.
      
      * bus/session.conf.in: don't allow all users, since now by default
      the user that ran the bus can connect.
      b701a78a
  23. 25 Aug, 2004 1 commit
    • John Palmieri's avatar
      Console user security policy · b78d2220
      John Palmieri authored
      * bus/config-parser.c:
      (struct PolicyType): Add POLICY_CONSOLE
      (struct Element.d.policy): s/gid_or_uid/gid_uid_or_at_console
      (start_busconfig_child): Sets up console element when
      <policy at_console=""> is encountered in a policy file
      (append_rule_from_element): Convert console elements to console
      rules.
      
      * bus/policy.c:
      (bus_policy_create_client_policy): Add console rules to the client
      policy based on if the client is at the console
      (bus_policy_append_console_rule): New function for adding a
      console rule to a policy
      (bus_policy_merge): Handle console rule merging
      
      * dbus/dbus-sysdeps.h: Added the DBUS_CONSOLE_DIR constant
      where we check for console user files
      
      * dbus/dbus-sysdeps.c:
      (_dbus_file_exists): New function which checks if the given
      file exists
      (_dbus_user_at_console): New function which does the system
      specific process of checking if the user is at the console
      
      * dbus/dbus-userdb.c:
      (_dbus_is_console_user): New function converts a UID to user name
      and then calls the system specific _dbus_user_at_console to
      see if the user is at the console and therefor a console user
      b78d2220
  24. 10 Aug, 2004 1 commit
  25. 30 Jul, 2004 1 commit
    • Havoc Pennington's avatar
      2004-07-24 Havoc Pennington <hp@redhat.com> · 1e9b185b
      Havoc Pennington authored
      	SELinux support from Matthew Rickard <mjricka@epoch.ncsc.mil>
      
      	* bus/selinux.c, bus/selinux.h: new file encapsulating selinux
      	functionality
      
      	* configure.in: add --enable-selinux
      
      	* bus/policy.c (bus_policy_merge): add FIXME to a comment
      
      	* bus/main.c (main): initialize and shut down selinux
      
      	* bus/connection.c: store SELinux ID on each connection, to avoid
      	repeated getting of the string context and converting it into
      	an ID
      
      	* bus/bus.c (bus_context_get_policy): new accessor, though it
      	isn't used
      	(bus_context_check_security_policy): check whether the security
      	context of sender connection can send to the security context of
      	recipient connection
      
      	* bus/config-parser.c: add parsing for <selinux> and <associate>
      
      	* dbus/dbus-transport.c (_dbus_transport_get_unix_fd): to
      	implement dbus_connection_get_unix_fd()
      
      	* dbus/dbus-connection.c (dbus_connection_get_unix_fd): new
      	function, used by the selinux stuff
      1e9b185b
  26. 29 May, 2004 1 commit
    • Havoc Pennington's avatar
      2004-05-29 Havoc Pennington <hp@redhat.com> · 7c77664c
      Havoc Pennington authored
      	* bus/config-parser.c (process_test_valid_subdir): temporarily
      	stop testing config parser OOM handling, since expat has issues
      	http://freedesktop.org/pipermail/dbus/2004-May/001153.html
      
      	* bus/dbus-daemon-1.1.in: change requested_reply to
      	send_requested_reply/receive_requested_reply so we can send the
      	replies, not just receive them.
      
      	* bus/config-parser.c: parse the new
      	send_requested_reply/receive_requested_reply
      
      	* bus/policy.c (bus_client_policy_check_can_send): add
      	requested_reply argument and use it
      
      	* bus/bus.c (bus_context_check_security_policy): pass through
      	requested_reply status to message send check
      
      	* bus/system.conf.in: adapt to requested_reply change
      7c77664c
  27. 02 Dec, 2003 1 commit
  28. 27 Nov, 2003 1 commit
  29. 14 Oct, 2003 1 commit
    • Havoc Pennington's avatar
      2003-10-14 Havoc Pennington <hp@redhat.com> · 3251264a
      Havoc Pennington authored
      	* bus/bus.c (bus_context_check_security_policy): revamp this to
      	work more sanely with new policy-based requested reply setup
      
      	* bus/connection.c (bus_transaction_send_from_driver): set bus
      	driver messages as no reply
      
      	* bus/policy.c (bus_client_policy_check_can_receive): handle a
      	requested_reply attribute on allow/deny rules
      
      	* bus/system.conf: add <allow requested_reply="true"/>
      
      	* bus/driver.c (bus_driver_handle_message): fix check for replies
      	sent to the bus driver, which was backward. How did this ever work
      	at all though? I think I'm missing something.
      
      	* dbus/dbus-message.c (decode_header_data): require error and
      	method return messages to have a reply serial field to be valid
      	(_dbus_message_loader_queue_messages): break up this function;
      	validate that reply serial and plain serial are nonzero;
      	clean up the OOM/error handling.
      	(get_uint_field): don't return -1 from this
      	(dbus_message_create_header): fix signed/unsigned bug
      
      	* bus/connection.c (bus_connections_expect_reply): save serial of
      	the incoming message, not reply serial
      3251264a
  30. 10 Oct, 2003 1 commit
    • Havoc Pennington's avatar
      2003-10-09 Havoc Pennington <hp@redhat.com> · 6a65f480
      Havoc Pennington authored
              Make matching rules theoretically work (add parser).
      
      	* bus/bus.c (bus_context_check_security_policy): fix up to handle
      	the case where destination is explicitly specified as bus driver
      	and someone else is eavesdropping.
      
      	* bus/policy.c (bus_client_policy_check_can_receive): fix up
      	definition of eavesdropping and assertion
      
      	* tools/dbus-send.c (main): use dbus_message_type_from_string
      
      	* bus/signals.c (bus_match_rule_parse): implement
      
      	* dbus/dbus-message.c (dbus_message_type_from_string): new
      
      	* dbus/dbus-errors.h (DBUS_ERROR_MATCH_RULE_INVALID): add
      6a65f480
  31. 21 Sep, 2003 1 commit
    • Havoc Pennington's avatar
      2003-09-21 Havoc Pennington <hp@pobox.com> · a683a80c
      Havoc Pennington authored
      	Get matching rules mostly working in the bus; only actually
      	parsing the rule text remains. However, the client side of
      	"signal connections" hasn't been started, this patch is only the
      	bus side.
      
      	* dbus/dispatch.c: fix for the matching rules changes
      
      	* bus/driver.c (bus_driver_handle_remove_match)
      	(bus_driver_handle_add_match): send an ack reply from these
      	method calls
      
      	* glib/dbus-gproxy.c (dbus_gproxy_begin_call): fix order of
      	arguments, reported by Seth Nickell
      
      	* bus/config-parser.c (append_rule_from_element): support
      	eavesdrop=true|false attribute on policies so match rules
      	can be prevented from snooping on the system bus.
      
      	* bus/dbus-daemon-1.1.in: consistently use terminology "sender"
      	and "destination" in attribute names; fix some docs bugs;
      	add eavesdrop=true|false attribute
      
      	* bus/driver.c (bus_driver_handle_add_match)
      	(bus_driver_handle_remove_match): handle AddMatch, RemoveMatch
      	messages
      
      	* dbus/dbus-protocol.h (DBUS_SERVICE_ORG_FREEDESKTOP_BROADCAST): get
      	rid of broadcast service concept, signals are just always broadcast
      
      	* bus/signals.c, bus/dispatch.c, bus/connection.c, bus/bus.c:
      	mostly implement matching rules stuff (currently only exposed as signal
      	connections)
      a683a80c
  32. 06 Sep, 2003 1 commit
    • Havoc Pennington's avatar
      2003-09-06 Havoc Pennington <hp@pobox.com> · 83e41dff
      Havoc Pennington authored
      	* doc/dbus-specification.sgml: partial updates
      
      	* bus/dbus-daemon-1.1.in: fix the config file docs for the
      	zillionth time; hopefully I edited the right file this time.
      
      	* bus/config-parser.c (append_rule_from_element): support
      	send_type, send_path, receive_type, receive_path
      
      	* bus/policy.c: add message type and path to the list of things
      	that can be "firewalled"
      83e41dff
  33. 20 Aug, 2003 1 commit
    • Havoc Pennington's avatar
      2003-08-19 Havoc Pennington <hp@pobox.com> · d0c58857
      Havoc Pennington authored
      	* dbus/dbus-message.c (decode_string_field): support FIELD_SENDER
      	(dbus_message_is_error): fix this function
      
      	* bus/dbus-daemon-1.1: clarify logic on when <deny>/<allow> rules
      	match
      
      	* bus/policy.c (bus_client_policy_check_can_receive): fix code to
      	reflect clarified man page
      	(bus_client_policy_check_can_send): ditto
      
      	* bus/session.conf.in: fixup
      
      	* bus/system.conf.in: fixup
      d0c58857
  34. 18 Aug, 2003 2 commits
    • Havoc Pennington's avatar
      2003-08-18 Havoc Pennington <hp@redhat.com> · 68a3c593
      Havoc Pennington authored
      	* dbus/dbus-hash.c (_dbus_hash_table_insert_two_strings): fix
      
      	* dbus/dbus-message.c (_dbus_message_loader_queue_messages): fix
      	dumb bug created earlier (wrong order of args to
      	decode_header_data())
      
      	* tools/dbus-send.c: port
      
      	* tools/dbus-print-message.c (print_message): port
      
              * test/data/*messages: port all messages over
      
              * dbus/dbus-message-builder.c: support including
      	message type
      
              * bus/driver.c: port over
      
      	* bus/dispatch.c: port over to new stuff
      
      	* dbus/dbus-connection.c (_dbus_connection_new_for_transport):
      	rename disconnect signal to "Disconnected"
      68a3c593
    • Havoc Pennington's avatar
      2003-08-17 Havoc Pennington <hp@pobox.com> · 95717a93
      Havoc Pennington authored
      	This doesn't compile yet, but syncing up so I can hack on it from
      	work. What are branches for if not broken code? ;-)
      
      	* dbus/dbus-protocol.h: remove DBUS_HEADER_FIELD_NAME, add
      	DBUS_HEADER_FIELD_INTERFACE, DBUS_HEADER_FIELD_MEMBER,
      	DBUS_HEADER_FIELD_ERROR_NAME
      
      	* dbus/dbus-hash.c: Introduce DBUS_HASH_TWO_STRINGS as hack to use
      	for the interface+member pairs
      	(string_hash): change to use g_str_hash algorithm
      	(find_direct_function, find_string_function): refactor these to
      	share most code.
      
      	* dbus/dbus-message.c: port all of this over to support
      	interface/member fields instead of name field
      
      	* dbus/dbus-object-registry.c: port over
      
      	* dbus/dbus-string.c (_dbus_string_validate_interface): rename
      	from _dbus_string_validate_name
      
      	* bus/dbus-daemon-1.1: change file format for the
      	<deny>/<allow> stuff to match new message naming scheme
      
      	* bus/policy.c: port over
      
      	* bus/config-parser.c: parse new format
      95717a93