From cdff3bc41bb97ef16f6959d3135f5d4a03e90cd8 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Wed, 23 Oct 2013 15:19:13 +0100 Subject: path_namespace='/' should match everything Bug: https://bugs.freedesktop.org/show_bug.cgi?id=70799 Reviewed-by: Philip Withnall Reviewed-by: Ryan Lortie --- bus/signals.c | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) (limited to 'bus') diff --git a/bus/signals.c b/bus/signals.c index 28506d3f..a198c6e9 100644 --- a/bus/signals.c +++ b/bus/signals.c @@ -1836,8 +1836,11 @@ match_rule_matches (BusMatchRule *rule, * namespace, rather than just starting with that string, * by checking that the matched prefix is followed by a '/' * or the end of the path. + * + * Special case: the only valid path of length 1, "/", + * matches everything. */ - if (path[len] != '\0' && path[len] != '/') + if (len > 1 && path[len] != '\0' && path[len] != '/') return FALSE; } @@ -2719,6 +2722,7 @@ test_path_matching (void) static const char* path_namespace_should_match_message_1[] = { + "type='signal',path_namespace='/'", "type='signal',path_namespace='/foo'", "type='signal',path_namespace='/foo/TheObjectManager'", NULL @@ -2733,6 +2737,7 @@ path_namespace_should_not_match_message_1[] = { static const char* path_namespace_should_match_message_2[] = { + "type='signal',path_namespace='/'", "type='signal',path_namespace='/foo/TheObjectManager'", NULL }; @@ -2744,6 +2749,7 @@ path_namespace_should_not_match_message_2[] = { static const char* path_namespace_should_match_message_3[] = { + "type='signal',path_namespace='/'", NULL }; @@ -2753,12 +2759,25 @@ path_namespace_should_not_match_message_3[] = { NULL }; +static const char* +path_namespace_should_match_message_4[] = { + "type='signal',path_namespace='/'", + NULL +}; + +static const char* +path_namespace_should_not_match_message_4[] = { + "type='signal',path_namespace='/foo/TheObjectManager'", + NULL +}; + static void test_matching_path_namespace (void) { DBusMessage *message1; DBusMessage *message2; DBusMessage *message3; + DBusMessage *message4; message1 = dbus_message_new (DBUS_MESSAGE_TYPE_SIGNAL); _dbus_assert (message1 != NULL); @@ -2775,6 +2794,11 @@ test_matching_path_namespace (void) if (!dbus_message_set_path (message3, "/foo/TheObjectManagerOther")) _dbus_assert_not_reached ("oom"); + message4 = dbus_message_new (DBUS_MESSAGE_TYPE_SIGNAL); + _dbus_assert (message4 != NULL); + if (!dbus_message_set_path (message4, "/")) + _dbus_assert_not_reached ("oom"); + check_matching (message1, 1, path_namespace_should_match_message_1, path_namespace_should_not_match_message_1); @@ -2784,7 +2808,11 @@ test_matching_path_namespace (void) check_matching (message3, 3, path_namespace_should_match_message_3, path_namespace_should_not_match_message_3); + check_matching (message4, 4, + path_namespace_should_match_message_4, + path_namespace_should_not_match_message_4); + dbus_message_unref (message4); dbus_message_unref (message3); dbus_message_unref (message2); dbus_message_unref (message1); -- cgit v1.2.3 From aa4b9d39bd04d18b57af9b247a326f6b7c328254 Mon Sep 17 00:00:00 2001 From: Chengwei Yang Date: Fri, 1 Nov 2013 16:23:27 +0800 Subject: Use SIGHUP without check in UNIX environment As Simon's comment https://bugs.freedesktop.org/show_bug.cgi?id=66068#c8 we can do this in UNIX environment. Reviewed-by: Simon McVittie --- bus/main.c | 4 ---- 1 file changed, 4 deletions(-) (limited to 'bus') diff --git a/bus/main.c b/bus/main.c index 472458ed..e060baa8 100644 --- a/bus/main.c +++ b/bus/main.c @@ -61,7 +61,6 @@ signal_handler (int sig) { switch (sig) { -#ifdef SIGHUP case SIGHUP: { DBusString str; @@ -94,7 +93,6 @@ signal_handler (int sig) } } break; -#endif case SIGTERM: { @@ -642,9 +640,7 @@ main (int argc, char **argv) * no point in trying to make the handler portable to non-Unix. */ _dbus_set_signal_handler (SIGTERM, signal_handler); -#ifdef SIGHUP _dbus_set_signal_handler (SIGHUP, signal_handler); -#endif #endif /* DBUS_UNIX */ _dbus_verbose ("We are on D-Bus...\n"); -- cgit v1.2.3 From 7c540d743db0d7b2f00d35782defcacda8b1479c Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Wed, 28 Nov 2012 17:11:38 +0000 Subject: transaction_free: factor out Bug: https://bugs.freedesktop.org/show_bug.cgi?id=60859 Reviewed-by: Chengwei Yang [removed unused variable based on review -smcv] --- bus/connection.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) (limited to 'bus') diff --git a/bus/connection.c b/bus/connection.c index d69758c9..fddbc78a 100644 --- a/bus/connection.c +++ b/bus/connection.c @@ -2125,6 +2125,16 @@ bus_transaction_send (BusTransaction *transaction, return TRUE; } +static void +transaction_free (BusTransaction *transaction) +{ + _dbus_assert (transaction->connections == NULL); + + free_cancel_hooks (transaction); + + dbus_free (transaction); +} + static void connection_cancel_transaction (DBusConnection *connection, BusTransaction *transaction) @@ -2163,14 +2173,10 @@ bus_transaction_cancel_and_free (BusTransaction *transaction) while ((connection = _dbus_list_pop_first (&transaction->connections))) connection_cancel_transaction (connection, transaction); - _dbus_assert (transaction->connections == NULL); - _dbus_list_foreach (&transaction->cancel_hooks, cancel_hook_cancel, NULL); - free_cancel_hooks (transaction); - - dbus_free (transaction); + transaction_free (transaction); } static void @@ -2224,11 +2230,7 @@ bus_transaction_execute_and_free (BusTransaction *transaction) while ((connection = _dbus_list_pop_first (&transaction->connections))) connection_execute_transaction (connection, transaction); - _dbus_assert (transaction->connections == NULL); - - free_cancel_hooks (transaction); - - dbus_free (transaction); + transaction_free (transaction); } static void -- cgit v1.2.3 From ec6ea1a6a8ad1d5e3c1280a55207e9b4f5742814 Mon Sep 17 00:00:00 2001 From: Chengwei Yang Date: Tue, 15 Oct 2013 13:04:53 +0800 Subject: DBusBabysitter: change executable to log_name DBusBabysitter->executable is defined as executable name to use in error messages. However, if servicehelper used, then the executable name is servicehelper. It's not much help because we couldn't figure out which service we're trying to activated if error happens. In the following patch, we'll use service name to be activated as the child log identifier and add a parameter to _dbus_spawn_async_with_babysitter() to pass the log identifier. Since this is not the case in test, so executable changed to log_name. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=68559 Reviewed-by: Simon McVittie --- bus/activation.c | 4 +++- dbus/dbus-spawn-win.c | 37 ++++++++++++++++++++++++------------- dbus/dbus-spawn.c | 44 ++++++++++++++++++++++++++++---------------- dbus/dbus-spawn.h | 1 + test/spawn-test.c | 2 +- 5 files changed, 57 insertions(+), 31 deletions(-) (limited to 'bus') diff --git a/bus/activation.c b/bus/activation.c index 77357bea..868ce05c 100644 --- a/bus/activation.c +++ b/bus/activation.c @@ -2104,7 +2104,9 @@ bus_activation_activate_service (BusActivation *activation, dbus_error_init (&tmp_error); - if (!_dbus_spawn_async_with_babysitter (&pending_activation->babysitter, argv, + if (!_dbus_spawn_async_with_babysitter (&pending_activation->babysitter, + service_name, + argv, envp, NULL, activation, &tmp_error)) diff --git a/dbus/dbus-spawn-win.c b/dbus/dbus-spawn-win.c index cd8ca666..7da7a431 100644 --- a/dbus/dbus-spawn-win.c +++ b/dbus/dbus-spawn-win.c @@ -68,7 +68,7 @@ struct DBusBabysitter HANDLE end_sync_event; #endif - char *executable; + char *log_name; DBusSpawnChildSetupFunc child_setup; void *user_data; @@ -258,7 +258,7 @@ _dbus_babysitter_unref (DBusBabysitter *sitter) } #endif - dbus_free (sitter->executable); + dbus_free (sitter->log_name); dbus_free (sitter); } @@ -337,7 +337,7 @@ _dbus_babysitter_set_child_exit_error (DBusBabysitter *sitter, char *emsg = _dbus_win_error_string (sitter->spawn_errno); dbus_set_error (error, DBUS_ERROR_SPAWN_EXEC_FAILED, "Failed to execute program %s: %s", - sitter->executable, emsg); + sitter->log_name, emsg); _dbus_win_free_error_string (emsg); } else if (sitter->have_child_status) @@ -345,14 +345,14 @@ _dbus_babysitter_set_child_exit_error (DBusBabysitter *sitter, PING(); dbus_set_error (error, DBUS_ERROR_SPAWN_CHILD_EXITED, "Process %s exited with status %d", - sitter->executable, sitter->child_status); + sitter->log_name, sitter->child_status); } else { PING(); dbus_set_error (error, DBUS_ERROR_FAILED, "Process %s exited, status unknown", - sitter->executable); + sitter->log_name); } PING(); } @@ -593,10 +593,10 @@ babysitter (void *parameter) (*sitter->child_setup) (sitter->user_data); } - _dbus_verbose ("babysitter: spawning %s\n", sitter->executable); + _dbus_verbose ("babysitter: spawning %s\n", sitter->log_name); PING(); - sitter->child_handle = spawn_program (sitter->executable, + sitter->child_handle = spawn_program (sitter->log_name, sitter->argv, sitter->envp); PING(); @@ -642,6 +642,7 @@ babysitter (void *parameter) dbus_bool_t _dbus_spawn_async_with_babysitter (DBusBabysitter **sitter_p, + const char *log_name, char **argv, char **envp, DBusSpawnChildSetupFunc child_setup, @@ -653,6 +654,7 @@ _dbus_spawn_async_with_babysitter (DBusBabysitter **sitter_p, DWORD sitter_thread_id; _DBUS_ASSERT_ERROR_IS_CLEAR (error); + _dbus_assert (argv[0] != NULL); *sitter_p = NULL; @@ -667,8 +669,17 @@ _dbus_spawn_async_with_babysitter (DBusBabysitter **sitter_p, sitter->child_setup = child_setup; sitter->user_data = user_data; - sitter->executable = _dbus_strdup (argv[0]); - if (sitter->executable == NULL) + sitter->log_name = _dbus_strdup (log_name); + if (sitter->log_name == NULL && log_name != NULL) + { + _DBUS_SET_OOM (error); + goto out0; + } + + if (sitter->log_name == NULL) + sitter->log_name = _dbus_strdup (argv[0]); + + if (sitter->log_name == NULL) { _DBUS_SET_OOM (error); goto out0; @@ -804,7 +815,7 @@ check_spawn_nonexistent (void *data) /*** Test launching nonexistent binary */ argv[0] = "/this/does/not/exist/32542sdgafgafdg"; - if (_dbus_spawn_async_with_babysitter (&sitter, argv, NULL, + if (_dbus_spawn_async_with_babysitter (&sitter, "spawn_nonexistent", argv, NULL, NULL, NULL, &error)) { @@ -857,7 +868,7 @@ check_spawn_segfault (void *data) return TRUE; } - if (_dbus_spawn_async_with_babysitter (&sitter, argv, NULL, + if (_dbus_spawn_async_with_babysitter (&sitter, "spawn_segfault", argv, NULL, NULL, NULL, &error)) { @@ -912,7 +923,7 @@ check_spawn_exit (void *data) return TRUE; } - if (_dbus_spawn_async_with_babysitter (&sitter, argv, NULL, + if (_dbus_spawn_async_with_babysitter (&sitter, "spawn_exit", argv, NULL, NULL, NULL, &error)) { @@ -967,7 +978,7 @@ check_spawn_and_kill (void *data) return TRUE; } - if (_dbus_spawn_async_with_babysitter (&sitter, argv, NULL, + if (_dbus_spawn_async_with_babysitter (&sitter, "spawn_and_kill", argv, NULL, NULL, NULL, &error)) { diff --git a/dbus/dbus-spawn.c b/dbus/dbus-spawn.c index 3d8ed2e8..a0ff2f4e 100644 --- a/dbus/dbus-spawn.c +++ b/dbus/dbus-spawn.c @@ -234,7 +234,8 @@ struct DBusBabysitter { int refcount; /**< Reference count */ - char *executable; /**< executable name to use in error messages */ + char *log_name; /**< the name under which to log messages about this + process being spawned */ int socket_to_babysitter; /**< Connection to the babysitter process */ int error_pipe_from_child; /**< Connection to the process that does the exec() */ @@ -388,7 +389,7 @@ _dbus_babysitter_unref (DBusBabysitter *sitter) if (sitter->watches) _dbus_watch_list_free (sitter->watches); - dbus_free (sitter->executable); + dbus_free (sitter->log_name); dbus_free (sitter); } @@ -743,34 +744,34 @@ _dbus_babysitter_set_child_exit_error (DBusBabysitter *sitter, { dbus_set_error (error, DBUS_ERROR_SPAWN_EXEC_FAILED, "Failed to execute program %s: %s", - sitter->executable, _dbus_strerror (sitter->errnum)); + sitter->log_name, _dbus_strerror (sitter->errnum)); } else if (sitter->have_fork_errnum) { dbus_set_error (error, DBUS_ERROR_NO_MEMORY, "Failed to fork a new process %s: %s", - sitter->executable, _dbus_strerror (sitter->errnum)); + sitter->log_name, _dbus_strerror (sitter->errnum)); } else if (sitter->have_child_status) { if (WIFEXITED (sitter->status)) dbus_set_error (error, DBUS_ERROR_SPAWN_CHILD_EXITED, "Process %s exited with status %d", - sitter->executable, WEXITSTATUS (sitter->status)); + sitter->log_name, WEXITSTATUS (sitter->status)); else if (WIFSIGNALED (sitter->status)) dbus_set_error (error, DBUS_ERROR_SPAWN_CHILD_SIGNALED, "Process %s received signal %d", - sitter->executable, WTERMSIG (sitter->status)); + sitter->log_name, WTERMSIG (sitter->status)); else dbus_set_error (error, DBUS_ERROR_FAILED, "Process %s exited abnormally", - sitter->executable); + sitter->log_name); } else { dbus_set_error (error, DBUS_ERROR_FAILED, "Process %s exited, reason unknown", - sitter->executable); + sitter->log_name); } } @@ -1165,8 +1166,7 @@ babysit (pid_t grandchild_pid, } /** - * Spawns a new process. The executable name and argv[0] - * are the same, both are provided in argv[0]. The child_setup + * Spawns a new process. The child_setup * function is passed the given user_data and is run in the child * just before calling exec(). * @@ -1176,6 +1176,7 @@ babysit (pid_t grandchild_pid, * If sitter_p is #NULL, no babysitter is kept. * * @param sitter_p return location for babysitter or #NULL + * @log_name the name under which to log messages about this process being spawned * @param argv the executable and arguments * @param env the environment, or #NULL to copy the parent's * @param child_setup function to call in child pre-exec() @@ -1185,6 +1186,7 @@ babysit (pid_t grandchild_pid, */ dbus_bool_t _dbus_spawn_async_with_babysitter (DBusBabysitter **sitter_p, + const char *log_name, char **argv, char **env, DBusSpawnChildSetupFunc child_setup, @@ -1197,6 +1199,7 @@ _dbus_spawn_async_with_babysitter (DBusBabysitter **sitter_p, pid_t pid; _DBUS_ASSERT_ERROR_IS_CLEAR (error); + _dbus_assert (argv[0] != NULL); if (sitter_p != NULL) *sitter_p = NULL; @@ -1210,8 +1213,17 @@ _dbus_spawn_async_with_babysitter (DBusBabysitter **sitter_p, return FALSE; } - sitter->executable = _dbus_strdup (argv[0]); - if (sitter->executable == NULL) + sitter->log_name = _dbus_strdup (log_name); + if (sitter->log_name == NULL && log_name != NULL) + { + dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); + goto cleanup_and_fail; + } + + if (sitter->log_name == NULL) + sitter->log_name = _dbus_strdup (argv[0]); + + if (sitter->log_name == NULL) { dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); goto cleanup_and_fail; @@ -1418,7 +1430,7 @@ check_spawn_nonexistent (void *data) /*** Test launching nonexistent binary */ argv[0] = "/this/does/not/exist/32542sdgafgafdg"; - if (_dbus_spawn_async_with_babysitter (&sitter, argv, + if (_dbus_spawn_async_with_babysitter (&sitter, "spawn_nonexistent", argv, NULL, NULL, NULL, &error)) { @@ -1467,7 +1479,7 @@ check_spawn_segfault (void *data) return TRUE; } - if (_dbus_spawn_async_with_babysitter (&sitter, argv, + if (_dbus_spawn_async_with_babysitter (&sitter, "spawn_segfault", argv, NULL, NULL, NULL, &error)) { @@ -1518,7 +1530,7 @@ check_spawn_exit (void *data) return TRUE; } - if (_dbus_spawn_async_with_babysitter (&sitter, argv, + if (_dbus_spawn_async_with_babysitter (&sitter, "spawn_exit", argv, NULL, NULL, NULL, &error)) { @@ -1569,7 +1581,7 @@ check_spawn_and_kill (void *data) return TRUE; } - if (_dbus_spawn_async_with_babysitter (&sitter, argv, + if (_dbus_spawn_async_with_babysitter (&sitter, "spawn_and_kill", argv, NULL, NULL, NULL, &error)) { diff --git a/dbus/dbus-spawn.h b/dbus/dbus-spawn.h index a8814fb9..e6baae97 100644 --- a/dbus/dbus-spawn.h +++ b/dbus/dbus-spawn.h @@ -39,6 +39,7 @@ typedef void (* DBusBabysitterFinishedFunc) (DBusBabysitter *sitter, void *user_data); dbus_bool_t _dbus_spawn_async_with_babysitter (DBusBabysitter **sitter_p, + const char *log_name, char **argv, char **env, DBusSpawnChildSetupFunc child_setup, diff --git a/test/spawn-test.c b/test/spawn-test.c index e6513fa6..723a4889 100644 --- a/test/spawn-test.c +++ b/test/spawn-test.c @@ -30,7 +30,7 @@ main (int argc, char **argv) argv_copy [i] = argv[i + 1]; argv_copy[argc - 1] = NULL; - if (!_dbus_spawn_async_with_babysitter (NULL, argv_copy, NULL, setup_func, NULL, &error)) + if (!_dbus_spawn_async_with_babysitter (NULL, argv_copy[0], argv_copy, NULL, setup_func, NULL, &error)) { fprintf (stderr, "Could not launch application: \"%s\"\n", error.message); -- cgit v1.2.3 From 983237258dc440419b863461fae15f31cce08639 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sun, 27 Oct 2013 16:21:19 -0400 Subject: bus/selinux: Fix previous commit for CAP_AUDIT_WRITE retention As soon as capng_clear() is called, we won't appear to have CAP_AUDIT_WRITE. Fix this by checking for it before resetting the libcap state. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=49062 Tested-by: Laurent Bigonville Reviewed-by: Laurent Bigonville Reviewed-by: Simon McVittie Reviewed-by: Lennart Poettering --- bus/selinux.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'bus') diff --git a/bus/selinux.c b/bus/selinux.c index 7ae84d6d..768e55ef 100644 --- a/bus/selinux.c +++ b/bus/selinux.c @@ -1043,9 +1043,15 @@ _dbus_change_to_daemon_user (const char *user, if (_dbus_geteuid () == 0) { int rc; + int have_audit_write; + have_audit_write = capng_have_capability (CAPNG_PERMITTED, CAP_AUDIT_WRITE); capng_clear (CAPNG_SELECT_BOTH); - if (capng_have_capability (CAPNG_PERMITTED, CAP_AUDIT_WRITE)) + /* Only attempt to retain CAP_AUDIT_WRITE if we had it when + * starting. See: + * https://bugs.freedesktop.org/show_bug.cgi?id=49062#c9 + */ + if (have_audit_write) capng_update (CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, CAP_AUDIT_WRITE); rc = capng_change_id (uid, gid, CAPNG_DROP_SUPP_GRP); -- cgit v1.2.3