From 6676a7db9cb30dad9bdd477e5949ca12a3c15cf6 Mon Sep 17 00:00:00 2001 From: Ralf Habacker Date: Tue, 5 Feb 2013 01:20:46 +0100 Subject: Moved docbook sources used by cmake into doc subdir and adapted cmake build system. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=59805 Reviewed-by: Simon McVittie --- doc/dbus-daemon.1.xml.in | 752 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 752 insertions(+) create mode 100644 doc/dbus-daemon.1.xml.in (limited to 'doc/dbus-daemon.1.xml.in') diff --git a/doc/dbus-daemon.1.xml.in b/doc/dbus-daemon.1.xml.in new file mode 100644 index 00000000..f331699c --- /dev/null +++ b/doc/dbus-daemon.1.xml.in @@ -0,0 +1,752 @@ + + + + + + + + + +dbus-daemon +1 + + +dbus-daemon +Message bus daemon + + + + + dbus-daemon + + dbus-daemon --version + --session + --system + --config-file=FILE + --print-address =DESCRIPTOR + --print-pid =DESCRIPTOR + --fork + + + + + +DESCRIPTION +dbus-daemon is the D-Bus message bus daemon. See +http://www.freedesktop.org/software/dbus/ for more information about +the big picture. D-Bus is first a library that provides one-to-one +communication between any two applications; dbus-daemon is an +application that uses this library to implement a message bus +daemon. Multiple programs connect to the message bus daemon and can +exchange messages with one another. + + +There are two standard message bus instances: the systemwide message bus +(installed on many systems as the "messagebus" init service) and the +per-user-login-session message bus (started each time a user logs in). +dbus-daemon is used for both of these instances, but with +a different configuration file. + + +The --session option is equivalent to +"--config-file=/etc/dbus-1/session.conf" and the --system +option is equivalent to +"--config-file=/etc/dbus-1/system.conf". By creating +additional configuration files and using the --config-file option, +additional special-purpose message bus daemons could be created. + + +The systemwide daemon is normally launched by an init script, +standardly called simply "messagebus". + + +The systemwide daemon is largely used for broadcasting system events, +such as changes to the printer queue, or adding/removing devices. + + +The per-session daemon is used for various interprocess communication +among desktop applications (however, it is not tied to X or the GUI +in any way). + + +SIGHUP will cause the D-Bus daemon to PARTIALLY reload its +configuration file and to flush its user/group information caches. Some +configuration changes would require kicking all apps off the bus; so they will +only take effect if you restart the daemon. Policy changes should take effect +with SIGHUP. + + + +OPTIONS +The following options are supported: + + + + +Use the given configuration file. + + + + + +Force the message bus to fork and become a daemon, even if +the configuration file does not specify that it should. +In most contexts the configuration file already gets this +right, though. + + + + + +Print the address of the message bus to standard output, or +to the given file descriptor. This is used by programs that +launch the message bus. + + + + + +Print the process ID of the message bus to standard output, or +to the given file descriptor. This is used by programs that +launch the message bus. + + + + + +Use the standard configuration file for the per-login-session message +bus. + + + + + +Use the standard configuration file for the systemwide message bus. + + + + + +Print the version of the daemon. + + + + + + +CONFIGURATION FILE +A message bus daemon has a configuration file that specializes it +for a particular application. For example, one configuration +file might set up the message bus to be a systemwide message bus, +while another might set it up to be a per-user-login-session bus. + + +The configuration file also establishes resource limits, security +parameters, and so forth. + + +The configuration file is not part of any interoperability +specification and its backward compatibility is not guaranteed; this +document is documentation, not specification. + + +The standard systemwide and per-session message bus setups are +configured in the files "/etc/dbus-1/system.conf" and +"/etc/dbus-1/session.conf". These files normally +<include> a system-local.conf or session-local.conf; you can put local +overrides in those files to avoid modifying the primary configuration +files. + + +The configuration file is an XML document. It must have the following +doctype declaration: + + + <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> + + + + +The following elements may be present in the configuration file. + + + + <busconfig> + + + + + + +Root element. + + + + <type> + + + + + + + +The well-known type of the message bus. Currently known values are +"system" and "session"; if other values are set, they should be +either added to the D-Bus specification, or namespaced. The last +<type> element "wins" (previous values are ignored). + + +Example: <type>session</type> + + + + <include> + + + + + + +Include a file <include>filename.conf</include> at this point. If the +filename is relative, it is located relative to the configuration file +doing the including. + + +<include> has an optional attribute "ignore_missing=(yes|no)" +which defaults to "no" if not provided. This attribute +controls whether it's a fatal error for the included file +to be absent. + + + + <includedir> + + + + + + + +Include all files in <includedir>foo.d</includedir> at this +point. Files in the directory are included in undefined order. +Only files ending in ".conf" are included. + + +This is intended to allow extension of the system bus by particular +packages. For example, if CUPS wants to be able to send out +notification of printer queue changes, it could install a file to +/etc/dbus-1/system.d that allowed all apps to receive +this message and allowed the printer daemon user to send it. + + + + <user> + + + + + + + +The user account the daemon should run as, as either a username or a +UID. If the daemon cannot change to this UID on startup, it will exit. +If this element is not present, the daemon will not change or care +about its UID. + + +The last <user> entry in the file "wins", the others are ignored. + + +The user is changed after the bus has completed initialization. So +sockets etc. will be created before changing user, but no data will be +read from clients before changing user. This means that sockets +and PID files can be created in a location that requires root +privileges for writing. + + + + <fork> + + + + + + +If present, the bus daemon becomes a real daemon (forks +into the background, etc.). This is generally used +rather than the --fork command line option. + + + + <listen> + + + + + + + +Add an address that the bus should listen on. The +address is in the standard D-Bus format that contains +a transport name plus possible parameters/options. + + +Example: <listen>unix:path=/tmp/foo</listen> + + +If there are multiple <listen> elements, then the bus listens +on multiple addresses. The bus will pass its address to +started services or other interested parties with +the last address given in <listen> first. That is, +apps will try to connect to the last <listen> address first. + + + + <auth> + + + + + + + +Lists permitted authorization mechanisms. If this element doesn't +exist, then all known mechanisms are allowed. If there are multiple +<auth> elements, all the listed mechanisms are allowed. The order in +which mechanisms are listed is not meaningful. + + +Example: <auth>EXTERNAL</auth> + + +Example: <auth>DBUS_COOKIE_SHA1</auth> + + + + <servicedir> + + + + + + + +Adds a directory to scan for .service files. Directories are +scanned starting with the last to appear in the config file +(the first .service file found that provides a particular +service will be used). + + +Service files tell the bus how to automatically start a program. +They are primarily used with the per-user-session bus, +not the systemwide bus. + + + + <standard_session_servicedirs/> + + + + + + + +<standard_session_servicedirs/> is equivalent to specifying a series +of <servicedir/> elements for each of the data directories in the "XDG +Base Directory Specification" with the subdirectory "dbus-1/services", +so for example "/usr/share/dbus-1/services" would be among the +directories searched. + + +The "XDG Base Directory Specification" can be found at +http://freedesktop.org/wiki/Standards/basedir-spec if it hasn't moved, +otherwise try your favorite search engine. + + +The <standard_session_servicedirs/> option is only relevant to the +per-user-session bus daemon defined in +/etc/dbus-1/session.conf. Putting it in any other +configuration file would probably be nonsense. + + + + <limit> + + + + + + + +<limit> establishes a resource limit. For example: + + <limit name="max_message_size">64</limit> + <limit name="max_completed_connections">512</limit> + + + +The name attribute is mandatory. +Available limit names are: + + "max_incoming_bytes" : total size in bytes of messages + incoming from a single connection + "max_outgoing_bytes" : total size in bytes of messages + queued up for a single connection + "max_message_size" : max size of a single message in + bytes + "service_start_timeout" : milliseconds (thousandths) until + a started service has to connect + "auth_timeout" : milliseconds (thousandths) a + connection is given to + authenticate + "max_completed_connections" : max number of authenticated connections + "max_incomplete_connections" : max number of unauthenticated + connections + "max_connections_per_user" : max number of completed connections from + the same user + "max_pending_service_starts" : max number of service launches in + progress at the same time + "max_names_per_connection" : max number of names a single + connection can own + "max_match_rules_per_connection": max number of match rules for a single + connection + "max_replies_per_connection" : max number of pending method + replies per connection + (number of calls-in-progress) + "reply_timeout" : milliseconds (thousandths) + until a method call times out + + + +The max incoming/outgoing queue sizes allow a new message to be queued +if one byte remains below the max. So you can in fact exceed the max +by max_message_size. + + +max_completed_connections divided by max_connections_per_user is the +number of users that can work together to denial-of-service all other users by using +up all connections on the systemwide bus. + + +Limits are normally only of interest on the systemwide bus, not the user session +buses. + + + + <policy> + + + + + + + +The <policy> element defines a security policy to be applied to a particular +set of connections to the bus. A policy is made up of +<allow> and <deny> elements. Policies are normally used with the systemwide bus; +they are analogous to a firewall in that they allow expected traffic +and prevent unexpected traffic. + + +The <policy> element has one of three attributes: + + context="(default|mandatory)" + user="username or userid" + group="group name or gid" + + + + +Policies are applied to a connection as follows: + + - all context="default" policies are applied + - all group="connection's user's group" policies are applied + in undefined order + - all user="connection's auth user" policies are applied + in undefined order + - all context="mandatory" policies are applied + + + +Policies applied later will override those applied earlier, +when the policies overlap. Multiple policies with the same +user/group/context are applied in the order they appear +in the config file. + + + + <deny> + +<allow> + + + + + +A <deny> element appears below a <policy> element and prohibits some +action. The <allow> element makes an exception to previous <deny> +statements, and works just like <deny> but with the inverse meaning. + + +The possible attributes of these elements are: + + send_interface="interface_name" + send_member="method_or_signal_name" + send_error="error_name" + send_destination="name" + send_type="method_call" | "method_return" | "signal" | "error" + send_path="/path/name" + + receive_interface="interface_name" + receive_member="method_or_signal_name" + receive_error="error_name" + receive_sender="name" + receive_type="method_call" | "method_return" | "signal" | "error" + receive_path="/path/name" + + send_requested_reply="true" | "false" + receive_requested_reply="true" | "false" + + eavesdrop="true" | "false" + + own="name" + own_prefix="name" + user="username" + group="groupname" + + + +Examples: + + <deny send_interface="org.freedesktop.System" send_member="Reboot"/> + <deny receive_interface="org.freedesktop.System" receive_member="Reboot"/> + <deny own="org.freedesktop.System"/> + <deny send_destination="org.freedesktop.System"/> + <deny receive_sender="org.freedesktop.System"/> + <deny user="john"/> + <deny group="enemies"/> + + + +The <deny> element's attributes determine whether the deny "matches" a +particular action. If it matches, the action is denied (unless later +rules in the config file allow it). + + +send_destination and receive_sender rules mean that messages may not be +sent to or received from the *owner* of the given name, not that +they may not be sent *to that name*. That is, if a connection +owns services A, B, C, and sending to A is denied, sending to B or C +will not work either. + + +The other send_* and receive_* attributes are purely textual/by-value +matches against the given field in the message header. + + +"Eavesdropping" occurs when an application receives a message that +was explicitly addressed to a name the application does not own. +Eavesdropping thus only applies to messages that are addressed to +services (i.e. it does not apply to signals). + + +For <allow>, eavesdrop="true" indicates that the rule matches even +when eavesdropping. eavesdrop="false" is the default and means that +the rule only allows messages to go to their specified recipient. +For <deny>, eavesdrop="true" indicates that the rule matches +only when eavesdropping. eavesdrop="false" is the default for <deny> +also, but here it means that the rule applies always, even when +not eavesdropping. The eavesdrop attribute can only be combined with +receive rules (with receive_* attributes). + + + +The [send|receive]_requested_reply attribute works similarly to the eavesdrop +attribute. It controls whether the <deny> or <allow> matches a reply +that is expected (corresponds to a previous method call message). +This attribute only makes sense for reply messages (errors and method +returns), and is ignored for other message types. + + +For <allow>, [send|receive]_requested_reply="true" is the default and indicates that +only requested replies are allowed by the +rule. [send|receive]_requested_reply="false" means that the rule allows any reply +even if unexpected. + + +For <deny>, [send|receive]_requested_reply="false" is the default but indicates that +the rule matches only when the reply was not +requested. [send|receive]_requested_reply="true" indicates that the rule applies +always, regardless of pending reply state. + + +user and group denials mean that the given user or group may +not connect to the message bus. + + +For "name", "username", "groupname", etc. +the character "*" can be substituted, meaning "any." Complex globs +like "foo.bar.*" aren't allowed for now because they'd be work to +implement and maybe encourage sloppy security anyway. + +<allow own_prefix="a.b"/> allows you to own the name "a.b" or any +name whose first dot-separated elements are "a.b": in particular, +you can own "a.b.c" or "a.b.c.d", but not "a.bc" or "a.c". +This is useful when services like Telepathy and ReserveDevice +define a meaning for subtrees of well-known names, such as +org.freedesktop.Telepathy.ConnectionManager.(anything) +and org.freedesktop.ReserveDevice1.(anything). + +It does not make sense to deny a user or group inside a <policy> +for a user or group; user/group denials can only be inside +context="default" or context="mandatory" policies. + + +A single <deny> rule may specify combinations of attributes such as +send_destination and send_interface and send_type. In this case, the +denial applies only if both attributes match the message being denied. +e.g. <deny send_interface="foo.bar" send_destination="foo.blah"/> would +deny messages with the given interface AND the given bus name. +To get an OR effect you specify multiple <deny> rules. + + +You can't include both send_ and receive_ attributes on the same +rule, since "whether the message can be sent" and "whether it can be +received" are evaluated separately. + + +Be careful with send_interface/receive_interface, because the +interface field in messages is optional. + + + + <selinux> + + + + + + + +The <selinux> element contains settings related to Security Enhanced Linux. +More details below. + + + + <associate> + + + + + + + +An <associate> element appears below an <selinux> element and +creates a mapping. Right now only one kind of association is possible: + + <associate own="org.freedesktop.Foobar" context="foo_t"/> + + + +This means that if a connection asks to own the name +"org.freedesktop.Foobar" then the source context will be the context +of the connection and the target context will be "foo_t" - see the +short discussion of SELinux below. + + +Note, the context here is the target context when requesting a name, +NOT the context of the connection owning the name. + + +There's currently no way to set a default for owning any name, if +we add this syntax it will look like: + + <associate own="*" context="foo_t"/> + +If you find a reason this is useful, let the developers know. +Right now the default will be the security context of the bus itself. + + +If two <associate> elements specify the same name, the element +appearing later in the configuration file will be used. + + + +SELinux +See http://www.nsa.gov/selinux/ for full details on SELinux. Some useful excerpts: + + +Every subject (process) and object (e.g. file, socket, IPC object, +etc) in the system is assigned a collection of security attributes, +known as a security context. A security context contains all of the +security attributes associated with a particular subject or object +that are relevant to the security policy. + + +In order to better encapsulate security contexts and to provide +greater efficiency, the policy enforcement code of SELinux typically +handles security identifiers (SIDs) rather than security contexts. A +SID is an integer that is mapped by the security server to a security +context at runtime. + + +When a security decision is required, the policy enforcement code +passes a pair of SIDs (typically the SID of a subject and the SID of +an object, but sometimes a pair of subject SIDs or a pair of object +SIDs), and an object security class to the security server. The object +security class indicates the kind of object, e.g. a process, a regular +file, a directory, a TCP socket, etc. + + +Access decisions specify whether or not a permission is granted for a +given pair of SIDs and class. Each object class has a set of +associated permissions defined to control operations on objects with +that class. + + +D-Bus performs SELinux security checks in two places. + + +First, any time a message is routed from one connection to another +connection, the bus daemon will check permissions with the security context of +the first connection as source, security context of the second connection +as target, object class "dbus" and requested permission "send_msg". + + +If a security context is not available for a connection +(impossible when using UNIX domain sockets), then the target +context used is the context of the bus daemon itself. +There is currently no way to change this default, because we're +assuming that only UNIX domain sockets will be used to +connect to the systemwide bus. If this changes, we'll +probably add a way to set the default connection context. + + +Second, any time a connection asks to own a name, +the bus daemon will check permissions with the security +context of the connection as source, the security context specified +for the name in the config file as target, object +class "dbus" and requested permission "acquire_svc". + + +The security context for a bus name is specified with the +<associate> element described earlier in this document. +If a name has no security context associated in the +configuration file, the security context of the bus daemon +itself will be used. + + + +AUTHOR +See http://www.freedesktop.org/software/dbus/doc/AUTHORS + + + +BUGS +Please send bug reports to the D-Bus mailing list or bug tracker, +see http://www.freedesktop.org/software/dbus/ + + + -- cgit v1.2.3 From 60cf73ce6482ae89fdf1777f3c7f8f767b36a278 Mon Sep 17 00:00:00 2001 From: Ralf Habacker Date: Tue, 5 Feb 2013 02:19:28 +0100 Subject: Updated man docbook xml sources from man page source using doclifter. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=59805 Reviewed-by: Simon McVittie --- cmake/doc/CMakeLists.txt | 2 + doc/dbus-cleanup-sockets.1.xml | 64 +++++ doc/dbus-daemon.1.xml.in | 582 +++++++++++++++++++++++++---------------- doc/dbus-launch.1.xml | 78 ++++-- doc/dbus-monitor.1.xml | 12 +- doc/dbus-send.1.xml | 72 +++-- doc/dbus-uuidgen.1.xml | 125 +++++++++ 7 files changed, 653 insertions(+), 282 deletions(-) create mode 100644 doc/dbus-cleanup-sockets.1.xml create mode 100644 doc/dbus-uuidgen.1.xml (limited to 'doc/dbus-daemon.1.xml.in') diff --git a/cmake/doc/CMakeLists.txt b/cmake/doc/CMakeLists.txt index 3c6d9525..a0bb361f 100644 --- a/cmake/doc/CMakeLists.txt +++ b/cmake/doc/CMakeLists.txt @@ -102,6 +102,8 @@ DOCBOOK(${CMAKE_BINARY_DIR}/doc/dbus-daemon.1.xml html-nochunks) DOCBOOK(${CMAKE_SOURCE_DIR}/../doc/dbus-monitor.1.xml html-nochunks) DOCBOOK(${CMAKE_SOURCE_DIR}/../doc/dbus-send.1.xml html-nochunks) DOCBOOK(${CMAKE_SOURCE_DIR}/../doc/dbus-launch.1.xml html-nochunks) +DOCBOOK(${CMAKE_SOURCE_DIR}/../doc/dbus-uuidgen.1.xml html-nochunks) +DOCBOOK(${CMAKE_SOURCE_DIR}/../doc/dbus-cleanup-sockets.1.xml html-nochunks) # # handle html index file diff --git a/doc/dbus-cleanup-sockets.1.xml b/doc/dbus-cleanup-sockets.1.xml new file mode 100644 index 00000000..190b68a0 --- /dev/null +++ b/doc/dbus-cleanup-sockets.1.xml @@ -0,0 +1,64 @@ + + + + + + + + +dbus-cleanup-sockets +1 + + +dbus-cleanup-sockets +clean up leftover sockets in a directory + + + + + dbus-cleanup-sockets DIRECTORY + + + + + +DESCRIPTION +The dbus-cleanup-sockets command cleans up unused D-Bus +connection sockets. See http://www.freedesktop.org/software/dbus/ for +more information about the big picture. + + +If given no arguments, dbus-cleanup-sockets cleans up sockets +in the standard default socket directory for the +per-user-login-session message bus; this is usually /tmp. +Optionally, you can pass a different directory on the command line. + + +On Linux, this program is essentially useless, because D-Bus defaults +to using "abstract sockets" that exist only in memory and don't have a +corresponding file in /tmp. + + +On most other flavors of UNIX, it's possible for the socket files to +leak when programs using D-Bus exit abnormally or without closing +their D-Bus connections. Thus, it might be interesting to run +dbus-cleanup-sockets in a cron job to mop up any leaked sockets. +Or you can just ignore the leaked sockets, they aren't really hurting +anything, other than cluttering the output of "ls /tmp" + + + +AUTHOR +dbus-cleanup-sockets was adapted by Havoc Pennington from +linc-cleanup-sockets written by Michael Meeks. + + + +BUGS +Please send bug reports to the D-Bus mailing list or bug tracker, +see http://www.freedesktop.org/software/dbus/ + + + diff --git a/doc/dbus-daemon.1.xml.in b/doc/dbus-daemon.1.xml.in index f331699c..bc602bbf 100644 --- a/doc/dbus-daemon.1.xml.in +++ b/doc/dbus-daemon.1.xml.in @@ -1,17 +1,17 @@ - + - - - - + + + dbus-daemon 1 - + dbus-daemon Message bus daemon @@ -41,35 +41,29 @@ application that uses this library to implement a message bus daemon. Multiple programs connect to the message bus daemon and can exchange messages with one another. - -There are two standard message bus instances: the systemwide message bus -(installed on many systems as the "messagebus" init service) and the +There are two standard message bus instances: the systemwide message bus +(installed on many systems as the "messagebus" init service) and the per-user-login-session message bus (started each time a user logs in). -dbus-daemon is used for both of these instances, but with +dbus-daemon is used for both of these instances, but with a different configuration file. - The --session option is equivalent to -"--config-file=/etc/dbus-1/session.conf" and the --system +"--config-file=@EXPANDED_SYSCONFDIR@/dbus-1/session.conf" and the --system option is equivalent to -"--config-file=/etc/dbus-1/system.conf". By creating +"--config-file=@EXPANDED_SYSCONFDIR@/dbus-1/system.conf". By creating additional configuration files and using the --config-file option, additional special-purpose message bus daemons could be created. +The systemwide daemon is normally launched by an init script, +standardly called simply "messagebus". -The systemwide daemon is normally launched by an init script, -standardly called simply "messagebus". - - -The systemwide daemon is largely used for broadcasting system events, +The systemwide daemon is largely used for broadcasting system events, such as changes to the printer queue, or adding/removing devices. - -The per-session daemon is used for various interprocess communication -among desktop applications (however, it is not tied to X or the GUI +The per-session daemon is used for various interprocess communication +among desktop applications (however, it is not tied to X or the GUI in any way). - SIGHUP will cause the D-Bus daemon to PARTIALLY reload its configuration file and to flush its user/group information caches. Some configuration changes would require kicking all apps off the bus; so they will @@ -90,25 +84,28 @@ with SIGHUP. -Force the message bus to fork and become a daemon, even if +Force the message bus to fork and become a daemon, even if the configuration file does not specify that it should. In most contexts the configuration file already gets this -right, though. +right, though. + +Force the message bus not to fork and become a daemon, even if +the configuration file specifies that it should. -Print the address of the message bus to standard output, or -to the given file descriptor. This is used by programs that +Print the address of the message bus to standard output, or +to the given file descriptor. This is used by programs that launch the message bus. -Print the process ID of the message bus to standard output, or -to the given file descriptor. This is used by programs that +Print the process ID of the message bus to standard output, or +to the given file descriptor. This is used by programs that launch the message bus. @@ -129,6 +126,33 @@ bus. Print the version of the daemon. + + + + + +Print the introspection information for all D-Bus internal interfaces. + + + + + +Set the address to listen on. This option overrides the address +configured in the configuration file. + + + + + +Enable systemd-style service activation. Only useful in conjunction +with the systemd system and session manager on Linux. + + + + + +Don't write a PID file even if one is configured in the configuration +files. @@ -137,23 +161,20 @@ bus. CONFIGURATION FILE A message bus daemon has a configuration file that specializes it -for a particular application. For example, one configuration -file might set up the message bus to be a systemwide message bus, +for a particular application. For example, one configuration +file might set up the message bus to be a systemwide message bus, while another might set it up to be a per-user-login-session bus. - The configuration file also establishes resource limits, security parameters, and so forth. - The configuration file is not part of any interoperability specification and its backward compatibility is not guaranteed; this document is documentation, not specification. - The standard systemwide and per-session message bus setups are -configured in the files "/etc/dbus-1/system.conf" and -"/etc/dbus-1/session.conf". These files normally +configured in the files "@EXPANDED_SYSCONFDIR@/dbus-1/system.conf" and +"@EXPANDED_SYSCONFDIR@/dbus-1/session.conf". These files normally <include> a system-local.conf or session-local.conf; you can put local overrides in those files to avoid modifying the primary configuration files. @@ -171,43 +192,50 @@ doctype declaration: The following elements may be present in the configuration file. - - - <busconfig> - - - - - + + + <busconfig> + + + Root element. - - - <type> - + - - - - + <type> + + + The well-known type of the message bus. Currently known values are "system" and "session"; if other values are set, they should be either added to the D-Bus specification, or namespaced. The last -<type> element "wins" (previous values are ignored). +<type> element "wins" (previous values are ignored). This element +only controls which message bus specific environment variables are +set in activated clients. Most of the policy that distinguishes a +session bus from the system bus is controlled from the other elements +in the configuration file. + + +If the well-known type of the message bus is "session", then the +DBUS_STARTER_BUS_TYPE environment variable will be set to "session" +and the DBUS_SESSION_BUS_ADDRESS environment variable will be set +to the address of the session bus. Likewise, if the type of the +message bus is "system", then the DBUS_STARTER_BUS_TYPE environment +variable will be set to "system" and the DBUS_SESSION_BUS_ADDRESS +environment variable will be set to the address of the system bus +(which is normally well known anyway). Example: <type>session</type> - - - <include> - - - - - + + + <include> + + + Include a file <include>filename.conf</include> at this point. If the filename is relative, it is located relative to the configuration file @@ -215,19 +243,16 @@ doing the including. <include> has an optional attribute "ignore_missing=(yes|no)" -which defaults to "no" if not provided. This attribute -controls whether it's a fatal error for the included file +which defaults to "no" if not provided. This attribute +controls whether it's a fatal error for the included file to be absent. - - - <includedir> - + - - - - + <includedir> + + + Include all files in <includedir>foo.d</includedir> at this point. Files in the directory are included in undefined order. @@ -237,18 +262,15 @@ Only files ending in ".conf" are included. This is intended to allow extension of the system bus by particular packages. For example, if CUPS wants to be able to send out notification of printer queue changes, it could install a file to -/etc/dbus-1/system.d that allowed all apps to receive +@EXPANDED_SYSCONFDIR@/dbus-1/system.d that allowed all apps to receive this message and allowed the printer daemon user to send it. - - - <user> - + - - - - + <user> + + + The user account the daemon should run as, as either a username or a UID. If the daemon cannot change to this UID on startup, it will exit. @@ -261,97 +283,127 @@ about its UID. The user is changed after the bus has completed initialization. So sockets etc. will be created before changing user, but no data will be -read from clients before changing user. This means that sockets -and PID files can be created in a location that requires root +read from clients before changing user. This means that sockets +and PID files can be created in a location that requires root privileges for writing. - - - <fork> - - - - - + -If present, the bus daemon becomes a real daemon (forks -into the background, etc.). This is generally used + <fork> + + + + +If present, the bus daemon becomes a real daemon (forks +into the background, etc.). This is generally used rather than the --fork command line option. - - - <listen> - + - - - - + <keep_umask> + + + + +If present, the bus daemon keeps its original umask when forking. +This may be useful to avoid affecting the behavior of child processes. + + -Add an address that the bus should listen on. The -address is in the standard D-Bus format that contains + <listen> + + + + +Add an address that the bus should listen on. The +address is in the standard D-Bus format that contains a transport name plus possible parameters/options. Example: <listen>unix:path=/tmp/foo</listen> -If there are multiple <listen> elements, then the bus listens -on multiple addresses. The bus will pass its address to -started services or other interested parties with -the last address given in <listen> first. That is, +Example: <listen>tcp:host=localhost,port=1234</listen> + + +If there are multiple <listen> elements, then the bus listens +on multiple addresses. The bus will pass its address to +started services or other interested parties with +the last address given in <listen> first. That is, apps will try to connect to the last <listen> address first. - - - <auth> - - - - - +tcp sockets can accept IPv4 addresses, IPv6 addresses or hostnames. +If a hostname resolves to multiple addresses, the server will bind +to all of them. The family=ipv4 or family=ipv6 options can be used +to force it to bind to a subset of addresses + + +Example: <listen>tcp:host=localhost,port=0,family=ipv4</listen> + + +A special case is using a port number of zero (or omitting the port), +which means to choose an available port selected by the operating +system. The port number chosen can be obtained with the +--print-address command line parameter and will be present in other +cases where the server reports its own address, such as when +DBUS_SESSION_BUS_ADDRESS is set. + + +Example: <listen>tcp:host=localhost,port=0</listen> + + +tcp addresses also allow a bind=hostname option, which will override +the host option specifying what address to bind to, without changing +the address reported by the bus. The bind option can also take a +special name '*' to cause the bus to listen on all local address +(INADDR_ANY). The specified host should be a valid name of the local +machine or weird stuff will happen. + + +Example: <listen>tcp:host=localhost,bind=*,port=0</listen> + + + + <auth> + + + Lists permitted authorization mechanisms. If this element doesn't exist, then all known mechanisms are allowed. If there are multiple <auth> elements, all the listed mechanisms are allowed. The order in which mechanisms are listed is not meaningful. - + Example: <auth>EXTERNAL</auth> Example: <auth>DBUS_COOKIE_SHA1</auth> - - - <servicedir> - + - - - - + <servicedir> + + + Adds a directory to scan for .service files. Directories are -scanned starting with the last to appear in the config file -(the first .service file found that provides a particular +scanned starting with the last to appear in the config file +(the first .service file found that provides a particular service will be used). Service files tell the bus how to automatically start a program. -They are primarily used with the per-user-session bus, +They are primarily used with the per-user-session bus, not the systemwide bus. - - - <standard_session_servicedirs/> - + - - - - + <standard_session_servicedirs/> + + + <standard_session_servicedirs/> is equivalent to specifying a series of <servicedir/> elements for each of the data directories in the "XDG @@ -367,18 +419,48 @@ otherwise try your favorite search engine. The <standard_session_servicedirs/> option is only relevant to the per-user-session bus daemon defined in -/etc/dbus-1/session.conf. Putting it in any other +@EXPANDED_SYSCONFDIR@/dbus-1/session.conf. Putting it in any other configuration file would probably be nonsense. - - - <limit> - + - - - - + <standard_system_servicedirs/> + + + + +<standard_system_servicedirs/> specifies the standard system-wide +activation directories that should be searched for service files. +This option defaults to @EXPANDED_DATADIR@/dbus-1/system-services. + + +The <standard_system_servicedirs/> option is only relevant to the +per-system bus daemon defined in +@EXPANDED_SYSCONFDIR@/dbus-1/system.conf. Putting it in any other +configuration file would probably be nonsense. + + + + <servicehelper/> + + + + +<servicehelper/> specifies the setuid helper that is used to launch +system daemons with an alternate user. Typically this should be +the dbus-daemon-launch-helper executable in located in libexec. + + +The <servicehelper/> option is only relevant to the per-system bus daemon +defined in @EXPANDED_SYSCONFDIR@/dbus-1/system.conf. Putting it in any other +configuration file would probably be nonsense. + + + + <limit> + + + <limit> establishes a resource limit. For example: @@ -392,31 +474,36 @@ Available limit names are: "max_incoming_bytes" : total size in bytes of messages incoming from a single connection + "max_incoming_unix_fds" : total number of unix fds of messages + incoming from a single connection "max_outgoing_bytes" : total size in bytes of messages queued up for a single connection + "max_outgoing_unix_fds" : total number of unix fds of messages + queued up for a single connection "max_message_size" : max size of a single message in bytes - "service_start_timeout" : milliseconds (thousandths) until + "max_message_unix_fds" : max unix fds of a single message + "service_start_timeout" : milliseconds (thousandths) until a started service has to connect "auth_timeout" : milliseconds (thousandths) a connection is given to authenticate - "max_completed_connections" : max number of authenticated connections + "max_completed_connections" : max number of authenticated connections "max_incomplete_connections" : max number of unauthenticated connections "max_connections_per_user" : max number of completed connections from the same user "max_pending_service_starts" : max number of service launches in progress at the same time - "max_names_per_connection" : max number of names a single + "max_names_per_connection" : max number of names a single connection can own - "max_match_rules_per_connection": max number of match rules for a single + "max_match_rules_per_connection": max number of match rules for a single connection - "max_replies_per_connection" : max number of pending method + "max_replies_per_connection" : max number of pending method replies per connection (number of calls-in-progress) - "reply_timeout" : milliseconds (thousandths) - until a method call times out + "reply_timeout" : milliseconds (thousandths) + until a method call times out @@ -430,49 +517,60 @@ number of users that can work together to denial-of-service all other users by u up all connections on the systemwide bus. -Limits are normally only of interest on the systemwide bus, not the user session +Limits are normally only of interest on the systemwide bus, not the user session buses. - - - <policy> - + - - - - + <policy> + + + The <policy> element defines a security policy to be applied to a particular set of connections to the bus. A policy is made up of <allow> and <deny> elements. Policies are normally used with the systemwide bus; -they are analogous to a firewall in that they allow expected traffic +they are analogous to a firewall in that they allow expected traffic and prevent unexpected traffic. -The <policy> element has one of three attributes: +Currently, the system bus has a default-deny policy for sending method calls +and owning bus names. Everything else, in particular reply messages, receive +checks, and signals has a default allow policy. + + +In general, it is best to keep system services as small, targeted programs which +run in their own process and provide a single bus name. Then, all that is needed +is an <allow> rule for the "own" permission to let the process claim the bus +name, and a "send_destination" rule to allow traffic from some or all uids to +your service. + + +The <policy> element has one of four attributes: context="(default|mandatory)" + at_console="(true|false)" user="username or userid" group="group name or gid" - -Policies are applied to a connection as follows: +Policies are applied to a connection as follows: - all context="default" policies are applied - all group="connection's user's group" policies are applied in undefined order - all user="connection's auth user" policies are applied in undefined order + - all at_console="true" policies are applied + - all at_console="false" policies are applied - all context="mandatory" policies are applied -Policies applied later will override those applied earlier, -when the policies overlap. Multiple policies with the same -user/group/context are applied in the order they appear +Policies applied later will override those applied earlier, +when the policies overlap. Multiple policies with the same +user/group/context are applied in the order they appear in the config file. @@ -493,16 +591,16 @@ statements, and works just like <deny> but with the inverse meaning.The possible attributes of these elements are: send_interface="interface_name" - send_member="method_or_signal_name" - send_error="error_name" - send_destination="name" - send_type="method_call" | "method_return" | "signal" | "error" + send_member="method_or_signal_name" + send_error="error_name" + send_destination="name" + send_type="method_call" | "method_return" | "signal" | "error" send_path="/path/name" receive_interface="interface_name" - receive_member="method_or_signal_name" - receive_error="error_name" - receive_sender="name" + receive_member="method_or_signal_name" + receive_error="error_name" + receive_sender="name" receive_type="method_call" | "method_return" | "signal" | "error" receive_path="/path/name" @@ -520,9 +618,7 @@ statements, and works just like <deny> but with the inverse meaning.Examples: - <deny send_interface="org.freedesktop.System" send_member="Reboot"/> - <deny receive_interface="org.freedesktop.System" receive_member="Reboot"/> - <deny own="org.freedesktop.System"/> + <deny send_destination="org.freedesktop.Service" send_interface="org.freedesktop.System" send_member="Reboot"/> <deny send_destination="org.freedesktop.System"/> <deny receive_sender="org.freedesktop.System"/> <deny user="john"/> @@ -534,34 +630,29 @@ statements, and works just like <deny> but with the inverse meaning. - send_destination and receive_sender rules mean that messages may not be sent to or received from the *owner* of the given name, not that they may not be sent *to that name*. That is, if a connection owns services A, B, C, and sending to A is denied, sending to B or C will not work either. - The other send_* and receive_* attributes are purely textual/by-value matches against the given field in the message header. - "Eavesdropping" occurs when an application receives a message that -was explicitly addressed to a name the application does not own. -Eavesdropping thus only applies to messages that are addressed to -services (i.e. it does not apply to signals). +was explicitly addressed to a name the application does not own, or +is a reply to such a message. Eavesdropping thus only applies to +messages that are addressed to services and replies to such messages +(i.e. it does not apply to signals). - -For <allow>, eavesdrop="true" indicates that the rule matches even -when eavesdropping. eavesdrop="false" is the default and means that +For <allow>, eavesdrop="true" indicates that the rule matches even +when eavesdropping. eavesdrop="false" is the default and means that the rule only allows messages to go to their specified recipient. -For <deny>, eavesdrop="true" indicates that the rule matches +For <deny>, eavesdrop="true" indicates that the rule matches only when eavesdropping. eavesdrop="false" is the default for <deny> -also, but here it means that the rule applies always, even when +also, but here it means that the rule applies always, even when not eavesdropping. The eavesdrop attribute can only be combined with -receive rules (with receive_* attributes). - - +send and receive rules (with send_* and receive_* attributes). The [send|receive]_requested_reply attribute works similarly to the eavesdrop attribute. It controls whether the <deny> or <allow> matches a reply @@ -582,7 +673,7 @@ requested. [send|receive]_requested_reply="true" indicates that the rule applies always, regardless of pending reply state. -user and group denials mean that the given user or group may +user and group denials mean that the given user or group may not connect to the message bus. @@ -591,6 +682,7 @@ the character "*" can be substituted, meaning "any." Complex globs like "foo.bar.*" aren't allowed for now because they'd be work to implement and maybe encourage sloppy security anyway. + <allow own_prefix="a.b"/> allows you to own the name "a.b" or any name whose first dot-separated elements are "a.b": in particular, you can own "a.b.c" or "a.b.c.d", but not "a.bc" or "a.c". @@ -599,6 +691,7 @@ define a meaning for subtrees of well-known names, such as org.freedesktop.Telepathy.ConnectionManager.(anything) and org.freedesktop.ReserveDevice1.(anything). + It does not make sense to deny a user or group inside a <policy> for a user or group; user/group denials can only be inside context="default" or context="mandatory" policies. @@ -617,42 +710,40 @@ rule, since "whether the message can be sent" and "whether it can be received" are evaluated separately. -Be careful with send_interface/receive_interface, because the -interface field in messages is optional. +Be careful with send_interface/receive_interface, because the +interface field in messages is optional. In particular, do NOT +specify <deny send_interface="org.foo.Bar"/>! This will cause +no-interface messages to be blocked for all services, which is +almost certainly not what you intended. Always use rules of +the form: <deny send_interface="org.foo.Bar" send_destination="org.foo.Service"/> - - - <selinux> - + - - - - + <selinux> + + + The <selinux> element contains settings related to Security Enhanced Linux. More details below. - - - <associate> - + - - - - + <associate> + + + An <associate> element appears below an <selinux> element and creates a mapping. Right now only one kind of association is possible: - <associate own="org.freedesktop.Foobar" context="foo_t"/> + <associate own="org.freedesktop.Foobar" context="foo_t"/> This means that if a connection asks to own the name "org.freedesktop.Foobar" then the source context will be the context -of the connection and the target context will be "foo_t" - see the +of the connection and the target context will be "foo_t" - see the short discussion of SELinux below. @@ -663,7 +754,7 @@ NOT the context of the connection owning the name. There's currently no way to set a default for owning any name, if we add this syntax it will look like: - <associate own="*" context="foo_t"/> + <associate own="*" context="foo_t"/> If you find a reason this is useful, let the developers know. Right now the default will be the security context of the bus itself. @@ -715,30 +806,75 @@ the first connection as source, security context of the second connection as target, object class "dbus" and requested permission "send_msg". -If a security context is not available for a connection -(impossible when using UNIX domain sockets), then the target +If a security context is not available for a connection +(impossible when using UNIX domain sockets), then the target context used is the context of the bus daemon itself. -There is currently no way to change this default, because we're -assuming that only UNIX domain sockets will be used to -connect to the systemwide bus. If this changes, we'll +There is currently no way to change this default, because we're +assuming that only UNIX domain sockets will be used to +connect to the systemwide bus. If this changes, we'll probably add a way to set the default connection context. -Second, any time a connection asks to own a name, -the bus daemon will check permissions with the security +Second, any time a connection asks to own a name, +the bus daemon will check permissions with the security context of the connection as source, the security context specified -for the name in the config file as target, object +for the name in the config file as target, object class "dbus" and requested permission "acquire_svc". -The security context for a bus name is specified with the +The security context for a bus name is specified with the <associate> element described earlier in this document. -If a name has no security context associated in the -configuration file, the security context of the bus daemon +If a name has no security context associated in the +configuration file, the security context of the bus daemon itself will be used. +DEBUGGING +If you're trying to figure out where your messages are going or why +you aren't getting messages, there are several things you can try. + +Remember that the system bus is heavily locked down and if you +haven't installed a security policy file to allow your message +through, it won't work. For the session bus, this is not a concern. + +The simplest way to figure out what's happening on the bus is to run +the dbus-monitor program, which comes with the D-Bus +package. You can also send test messages with dbus-send. These +programs have their own man pages. + +If you want to know what the daemon itself is doing, you might consider +running a separate copy of the daemon to test against. This will allow you +to put the daemon under a debugger, or run it with verbose output, without +messing up your real session and system daemons. + +To run a separate test copy of the daemon, for example you might open a terminal +and type: + + DBUS_VERBOSE=1 dbus-daemon --session --print-address + + +The test daemon address will be printed when the daemon starts. You will need +to copy-and-paste this address and use it as the value of the +DBUS_SESSION_BUS_ADDRESS environment variable when you launch the applications +you want to test. This will cause those applications to connect to your +test bus instead of the DBUS_SESSION_BUS_ADDRESS of your real session bus. + +DBUS_VERBOSE=1 will have NO EFFECT unless your copy of D-Bus +was compiled with verbose mode enabled. This is not recommended in +production builds due to performance impact. You may need to rebuild +D-Bus if your copy was not built with debugging in mind. (DBUS_VERBOSE +also affects the D-Bus library and thus applications using D-Bus; it may +be useful to see verbose output on both the client side and from the daemon.) + +If you want to get fancy, you can create a custom bus +configuration for your test bus (see the session.conf and system.conf +files that define the two default configurations for example). This +would allow you to specify a different directory for .service files, +for example. + + + AUTHOR See http://www.freedesktop.org/software/dbus/doc/AUTHORS diff --git a/doc/dbus-launch.1.xml b/doc/dbus-launch.1.xml index dc34898f..ab4d5edf 100644 --- a/doc/dbus-launch.1.xml +++ b/doc/dbus-launch.1.xml @@ -1,17 +1,17 @@ - + - - - + + dbus-launch 1 - + dbus-launch Utility to start a message bus from a shell script @@ -41,7 +41,7 @@ backticks or the $() construct can be used to read information from dbus-launch. With no arguments, dbus-launch will launch a session bus -instance and print the address and pid of that instance to standard +instance and print the address and PID of that instance to standard output. You may specify a program to be run; in this case, dbus-launch @@ -64,7 +64,7 @@ to set up the environment. of the SHELL environment variable to determine which shell syntax should be used. If SHELL ends in "csh", then csh-compatible code is emitted; otherwise Bourne shell code is emitted. Instead of passing ---auto-syntax, you may explicity specify a particular one by using +--auto-syntax, you may explicitly specify a particular one by using --sh-syntax for Bourne syntax, or --csh-syntax for csh syntax. In scripts, it's more robust to avoid --auto-syntax and you hopefully know which shell your script is written in. @@ -73,30 +73,46 @@ know which shell your script is written in. See http://www.freedesktop.org/software/dbus/ for more information about D-Bus. See also the man page for dbus-daemon. + -Here is an example of how to use dbus-launch with an -sh-compatible shell to start the per-session bus daemon: - +EXAMPLES +Distributions running +dbus-launch +as part of a standard X session should run +dbus-launch --exit-with-session +after the X server has started and become available, as a wrapper around +the "main" X client (typically a session manager or window manager), as in +these examples: - ## test for an existing bus daemon, just to be safe - if test -z "$DBUS_SESSION_BUS_ADDRESS" ; then - ## if not found, launch a new one - eval `dbus-launch --sh-syntax --exit-with-session` - echo "D-Bus per-session daemon address is: $DBUS_SESSION_BUS_ADDRESS" - fi +
+dbus-launch --exit-with-session gnome-session - -You might run something like that in your login scripts. +dbus-launch --exit-with-session openbox +dbus-launch --exit-with-session ~/.xsession +
-Another way to use dbus-launch is to run your main session -program, like so: - +If your distribution does not do this, you can achieve similar results +by running your session or window manager in the same way in a script +run by your X session, such as +~/.xsession, +~/.xinitrc +or +~/.Xclients. -dbus-launch gnome-session +To start a D-Bus session within a text-mode session, you can run +dbus-launch in the background. For instance, in a sh-compatible shell: + + ## test for an existing bus daemon, just to be safe + if test -z "$DBUS_SESSION_BUS_ADDRESS" ; then + ## if not found, launch a new one + eval `dbus-launch --sh-syntax` + echo "D-Bus per-session daemon address is: $DBUS_SESSION_BUS_ADDRESS" + fi -The above would likely be appropriate for ~/.xsession or ~/.Xclients. +Note that in this case, dbus-launch will exit, and dbus-daemon will not be +terminated automatically on logout. @@ -227,6 +243,20 @@ use it manually. It may change in the future. +NOTES +If you run +dbus-launch myapp +(with any other options), dbus-daemon will +not +exit when +myapp +terminates: this is because +myapp +is assumed to be part of a larger session, rather than a session in its +own right. + + + AUTHOR See http://www.freedesktop.org/software/dbus/doc/AUTHORS diff --git a/doc/dbus-monitor.1.xml b/doc/dbus-monitor.1.xml index b41cace2..20e9301e 100644 --- a/doc/dbus-monitor.1.xml +++ b/doc/dbus-monitor.1.xml @@ -1,17 +1,17 @@ - + - - - + + dbus-monitor 1 - + dbus-monitor debug probe to print message bus messages diff --git a/doc/dbus-send.1.xml b/doc/dbus-send.1.xml index 7fefc03e..30d57c5b 100644 --- a/doc/dbus-send.1.xml +++ b/doc/dbus-send.1.xml @@ -1,17 +1,17 @@ - + - - - + + dbus-send 1 - + dbus-send Send a message to a message bus @@ -21,14 +21,12 @@ dbus-send --system --session --dest=NAME - --print-reply + --print-reply =literal + --reply-timeout=MSEC --type=TYPE - <destination - object - path> - <message - name> - contents + OBJECT_PATH + INTERFACE.MEMBER + CONTENTS @@ -43,14 +41,14 @@ information about the big picture. There are two well-known message buses: the systemwide message bus (installed on many systems as the "messagebus" service) and the per-user-login-session message bus (started each time a user logs in). -The --system and --session options direct dbus-send to send -messages to the system or session buses respectively. If neither is -specified, dbus-send sends to the session bus. +The and options direct +dbus-send to send messages to the system or session buses respectively. +If neither is specified, dbus-send sends to the session bus. -Nearly all uses of dbus-send must provide the --dest argument +Nearly all uses of dbus-send must provide the argument which is the name of a connection on the bus to send the message to. If ---dest is omitted, no destination is set. + is omitted, no destination is set. The object path and the name of the message to send must always be @@ -76,13 +74,13 @@ or nested containers (e.g. arrays of variants). Here is an example invocation: - dbus-send --dest=org.freedesktop.ExampleName \ - /org/freedesktop/sample/object/name \ - org.freedesktop.ExampleInterface.ExampleMethod \ - int32:47 string:'hello world' double:65.32 \ - array:string:"1st item","next item","last item" \ - dict:string:int32:"one",1,"two",2,"three",3 \ - variant:int32:-8 \ + dbus-send --dest=org.freedesktop.ExampleName \ + /org/freedesktop/sample/object/name \ + org.freedesktop.ExampleInterface.ExampleMethod \ + int32:47 string:'hello world' double:65.32 \ + array:string:"1st item","next item","last item" \ + dict:string:int32:"one",1,"two",2,"three",3 \ + variant:int32:-8 \ objpath:/org/freedesktop/sample/object/name @@ -97,7 +95,7 @@ and the interface member are separate fields. The following options are supported: - + NAME Specify the name of the connection to receive the message. @@ -105,7 +103,23 @@ and the interface member are separate fields. -Block for a reply to the message sent, and print any reply received. +Block for a reply to the message sent, and print any reply received +in a human-readable form. + + + + + +Block for a reply to the message sent, and print the body of the +reply. If the reply is an object path or a string, it is printed +literally, with no punctuation, escape characters etc. + + + + MSEC + +Wait for a reply for up to MSEC milliseconds. +The default is implementation‐defined, typically 25 seconds. @@ -121,9 +135,9 @@ and the interface member are separate fields. - + TYPE -Specify "method_call" or "signal" (defaults to "signal"). +Specify method_call or signal (defaults to "signal"). diff --git a/doc/dbus-uuidgen.1.xml b/doc/dbus-uuidgen.1.xml new file mode 100644 index 00000000..3d99ef8e --- /dev/null +++ b/doc/dbus-uuidgen.1.xml @@ -0,0 +1,125 @@ + + + + + + + + +dbus-uuidgen +1 + + +dbus-uuidgen +Utility to generate UUIDs + + + + + dbus-uuidgen --version + --ensure =FILENAME + --get =FILENAME + + + + + +DESCRIPTION +The dbus-uuidgen command generates or reads a universally unique ID. + + +Note that the D-Bus UUID has no relationship to RFC 4122 and does not generate +UUIDs compatible with that spec. Many systems have a separate command +for that (often called "uuidgen"). + + +See http://www.freedesktop.org/software/dbus/ for more information +about D-Bus. + + +The primary usage of dbus-uuidgen is to run in the post-install +script of a D-Bus package like this: + + dbus-uuidgen --ensure + + + +This will ensure that /var/lib/dbus/machine-id exists and has the uuid in it. +It won't overwrite an existing uuid, since this id should remain fixed +for a single machine until the next reboot at least. + + +The important properties of the machine UUID are that 1) it remains +unchanged until the next reboot and 2) it is different for any two +running instances of the OS kernel. That is, if two processes see the +same UUID, they should also see the same shared memory, UNIX domain +sockets, local X displays, localhost.localdomain resolution, process +IDs, and so forth. + + +If you run dbus-uuidgen with no options it just prints a new uuid made +up out of thin air. + + +If you run it with --get, it prints the machine UUID by default, or +the UUID in the specified file if you specify a file. + + +If you try to change an existing machine-id on a running system, it will +probably result in bad things happening. Don't try to change this file. Also, +don't make it the same on two different systems; it needs to be different +anytime there are two different kernels running. + + +The UUID should be different on two different virtual machines, +because there are two different kernels. + + + +OPTIONS +The following options are supported: + + + + +If a filename is not given, defaults to localstatedir/lib/dbus/machine-id +(localstatedir is usually /var). If this file exists and is valid, the +uuid in the file is printed on stdout. Otherwise, the command exits +with a nonzero status. + + + + + + +If a filename is not given, defaults to localstatedir/lib/dbus/machine-id +(localstatedir is usually /var). If this file exists then it will be +validated, and a failure code returned if it contains the wrong thing. +If the file does not exist, it will be created with a new uuid in it. +On success, prints no output. + + + + + + +Print the version of dbus-uuidgen + + + + + + +AUTHOR +See http://www.freedesktop.org/software/dbus/doc/AUTHORS + + + +BUGS +Please send bug reports to the D-Bus mailing list or bug tracker, +see http://www.freedesktop.org/software/dbus/ + + + -- cgit v1.2.3 From 644e466b36b623e28884fde1db994769477cf6ce Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Tue, 12 Feb 2013 16:01:56 +0000 Subject: Fill in a manual and source for all man pages I only filled in a version for dbus-daemon, whose XML is already generated by configure. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=59805 Reviewed-by: Ralf Habacker Signed-off-by: Simon McVittie --- doc/dbus-cleanup-sockets.1.xml | 2 ++ doc/dbus-daemon.1.xml.in | 3 +++ doc/dbus-launch.1.xml | 2 ++ doc/dbus-monitor.1.xml | 2 ++ doc/dbus-send.1.xml | 2 ++ doc/dbus-uuidgen.1.xml | 2 ++ 6 files changed, 13 insertions(+) (limited to 'doc/dbus-daemon.1.xml.in') diff --git a/doc/dbus-cleanup-sockets.1.xml b/doc/dbus-cleanup-sockets.1.xml index 190b68a0..a147ad88 100644 --- a/doc/dbus-cleanup-sockets.1.xml +++ b/doc/dbus-cleanup-sockets.1.xml @@ -10,6 +10,8 @@ dbus-cleanup-sockets 1 +User Commands +D-Bus dbus-cleanup-sockets diff --git a/doc/dbus-daemon.1.xml.in b/doc/dbus-daemon.1.xml.in index bc602bbf..8380f215 100644 --- a/doc/dbus-daemon.1.xml.in +++ b/doc/dbus-daemon.1.xml.in @@ -10,6 +10,9 @@ dbus-daemon 1 +User Commands +D-Bus +@DBUS_VERSION@ dbus-daemon diff --git a/doc/dbus-launch.1.xml b/doc/dbus-launch.1.xml index ab4d5edf..6e6f4960 100644 --- a/doc/dbus-launch.1.xml +++ b/doc/dbus-launch.1.xml @@ -10,6 +10,8 @@ dbus-launch 1 +User Commands +D-Bus dbus-launch diff --git a/doc/dbus-monitor.1.xml b/doc/dbus-monitor.1.xml index 20e9301e..c3d1a972 100644 --- a/doc/dbus-monitor.1.xml +++ b/doc/dbus-monitor.1.xml @@ -10,6 +10,8 @@ dbus-monitor 1 +User Commands +D-Bus dbus-monitor diff --git a/doc/dbus-send.1.xml b/doc/dbus-send.1.xml index 30d57c5b..0988e19f 100644 --- a/doc/dbus-send.1.xml +++ b/doc/dbus-send.1.xml @@ -10,6 +10,8 @@ dbus-send 1 +User Commands +D-Bus dbus-send diff --git a/doc/dbus-uuidgen.1.xml b/doc/dbus-uuidgen.1.xml index 3d99ef8e..ee622353 100644 --- a/doc/dbus-uuidgen.1.xml +++ b/doc/dbus-uuidgen.1.xml @@ -10,6 +10,8 @@ dbus-uuidgen 1 +User Commands +D-Bus dbus-uuidgen -- cgit v1.2.3 From 4057fcb66f5b7820431b6569e6e48b771a79fa5f Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 14 Feb 2013 13:39:15 +0000 Subject: Remove doclifter "signature" from Docbook man pages' source This no longer serves any purpose, and might mislead contributors into thinking that this XML is not the source for the man pages. (The man(7)-formatted man pages used to be the canonical source for the XML, but now it's the other way round.) Bug: https://bugs.freedesktop.org/show_bug.cgi?id=59805 Signed-off-by: Simon McVittie Reviewed-by: Ralf Habacker --- doc/dbus-cleanup-sockets.1.xml.in | 1 - doc/dbus-daemon.1.xml.in | 3 +-- doc/dbus-launch.1.xml.in | 1 - doc/dbus-monitor.1.xml.in | 1 - doc/dbus-send.1.xml.in | 1 - doc/dbus-uuidgen.1.xml.in | 1 - 6 files changed, 1 insertion(+), 7 deletions(-) (limited to 'doc/dbus-daemon.1.xml.in') diff --git a/doc/dbus-cleanup-sockets.1.xml.in b/doc/dbus-cleanup-sockets.1.xml.in index 9a9ae7e0..56574963 100644 --- a/doc/dbus-cleanup-sockets.1.xml.in +++ b/doc/dbus-cleanup-sockets.1.xml.in @@ -1,7 +1,6 @@ - - + diff --git a/doc/dbus-launch.1.xml.in b/doc/dbus-launch.1.xml.in index c6ae0f14..b9f07672 100644 --- a/doc/dbus-launch.1.xml.in +++ b/doc/dbus-launch.1.xml.in @@ -1,7 +1,6 @@ - - dbus-monitor + dbus-monitor --system --session --address ADDRESS --profile --monitor watchexpressions @@ -120,4 +120,3 @@ The profiling output mode was added by Olli Salli. see http://www.freedesktop.org/software/dbus/ - diff --git a/doc/dbus-send.1.xml.in b/doc/dbus-send.1.xml.in index af4f158d..78f1374b 100644 --- a/doc/dbus-send.1.xml.in +++ b/doc/dbus-send.1.xml.in @@ -20,7 +20,7 @@ - dbus-send + dbus-send --system --session --dest=NAME --print-reply =literal @@ -36,12 +36,12 @@ DESCRIPTION The dbus-send command is used to send a message to a D-Bus message -bus. See http://www.freedesktop.org/software/dbus/ for more +bus. See http://www.freedesktop.org/software/dbus/ for more information about the big picture. -There are two well-known message buses: the systemwide message bus -(installed on many systems as the "messagebus" service) and the +There are two well-known message buses: the systemwide message bus +(installed on many systems as the "messagebus" service) and the per-user-login-session message bus (started each time a user logs in). The and options direct dbus-send to send messages to the system or session buses respectively. @@ -55,14 +55,14 @@ which is the name of a connection on the bus to send the message to. If The object path and the name of the message to send must always be specified. Following arguments, if any, are the message contents -(message arguments). These are given as type-specified values and +(message arguments). These are given as type-specified values and may include containers (arrays, dicts, and variants) as described below. <contents> ::= <item> | <container> [ <item> | <container>...] <item> ::= <type>:<value> <container> ::= <array> | <dict> | <variant> -<array> ::= array:<type>:<value>[,<value>...] +<array> ::= array:<type>:<value>[,<value>...] <dict> ::= dict:<type>:<type>:<key>,<value>[,<key>,<value>...] <variant> ::= variant:<type>:<value> <type> ::= string | int16 | uint 16 | int32 | uint32 | int64 | uint64 | double | byte | boolean | objpath @@ -83,11 +83,11 @@ or nested containers (e.g. arrays of variants). array:string:"1st item","next item","last item" \ dict:string:int32:"one",1,"two",2,"three",3 \ variant:int32:-8 \ - objpath:/org/freedesktop/sample/object/name + objpath:/org/freedesktop/sample/object/name -Note that the interface is separated from a method or signal +Note that the interface is separated from a method or signal name by a dot, though in the actual protocol the interface and the interface member are separate fields. @@ -156,4 +156,3 @@ The default is implementation‐defined, typically 25 seconds. see http://www.freedesktop.org/software/dbus/ - diff --git a/doc/dbus-uuidgen.1.xml.in b/doc/dbus-uuidgen.1.xml.in index 88e33add..fbd26812 100644 --- a/doc/dbus-uuidgen.1.xml.in +++ b/doc/dbus-uuidgen.1.xml.in @@ -54,8 +54,8 @@ for a single machine until the next reboot at least. The important properties of the machine UUID are that 1) it remains -unchanged until the next reboot and 2) it is different for any two -running instances of the OS kernel. That is, if two processes see the +unchanged until the next reboot and 2) it is different for any two +running instances of the OS kernel. That is, if two processes see the same UUID, they should also see the same shared memory, UNIX domain sockets, local X displays, localhost.localdomain resolution, process IDs, and so forth. @@ -88,7 +88,7 @@ because there are two different kernels. If a filename is not given, defaults to localstatedir/lib/dbus/machine-id (localstatedir is usually /var). If this file exists and is valid, the -uuid in the file is printed on stdout. Otherwise, the command exits +uuid in the file is printed on stdout. Otherwise, the command exits with a nonzero status. @@ -124,4 +124,3 @@ On success, prints no output. see http://www.freedesktop.org/software/dbus/ - -- cgit v1.2.3 From 732021af1b6abaa999c2562b67d22665389cfdd9 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 29 Aug 2013 11:49:00 +0100 Subject: Allow dbus-daemon --nofork on Windows On Windows, the dbus-daemon is not able to fork (daemonize). If someone explicitly requests forking, it should fail, but if someone explicitly requests *not* forking, there seems no harm in allowing it. A few of the regression tests specifically require a dbus-daemon that will not fork, so allowing this option on Windows means those tests don't need an extra OS condition. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=68852 Reviewed-by: Ralf Habacker --- bus/main.c | 4 ++-- doc/dbus-daemon.1.xml.in | 14 ++++++++++---- 2 files changed, 12 insertions(+), 6 deletions(-) (limited to 'doc/dbus-daemon.1.xml.in') diff --git a/bus/main.c b/bus/main.c index 53a77e25..472458ed 100644 --- a/bus/main.c +++ b/bus/main.c @@ -138,9 +138,9 @@ usage (void) " [--introspect]" " [--address=ADDRESS]" " [--nopidfile]" + " [--nofork]" #ifdef DBUS_UNIX " [--fork]" - " [--nofork]" " [--systemd-activation]" #endif "\n"); @@ -412,12 +412,12 @@ main (int argc, char **argv) { introspect (); } -#ifdef DBUS_UNIX else if (strcmp (arg, "--nofork") == 0) { flags &= ~BUS_CONTEXT_FLAG_FORK_ALWAYS; flags |= BUS_CONTEXT_FLAG_FORK_NEVER; } +#ifdef DBUS_UNIX else if (strcmp (arg, "--fork") == 0) { flags &= ~BUS_CONTEXT_FLAG_FORK_NEVER; diff --git a/doc/dbus-daemon.1.xml.in b/doc/dbus-daemon.1.xml.in index aea25144..023bebae 100644 --- a/doc/dbus-daemon.1.xml.in +++ b/doc/dbus-daemon.1.xml.in @@ -89,10 +89,16 @@ with SIGHUP. Force the message bus to fork and become a daemon, even if the configuration file does not specify that it should. In most contexts the configuration file already gets this -right, though. - -Force the message bus not to fork and become a daemon, even if -the configuration file specifies that it should. +right, though. This option is not supported on Windows. + + + + + + Force the message bus not to fork and become a daemon, even if + the configuration file specifies that it should. On Windows, + the dbus-daemon never forks, so this option is allowed but does + nothing. -- cgit v1.2.3 From dd71688e5d5fe2bdca8b3c0b090a40d053100a4f Mon Sep 17 00:00:00 2001 From: Chengwei Yang Date: Wed, 4 Sep 2013 14:52:21 +0800 Subject: Fix dbus-daemon document about servicedir In dbus-daemon implementation, the servicedir are searched in order in which they appear in the config file. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=66994 Reviewed-by: Simon McVittie --- doc/dbus-daemon.1.xml.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc/dbus-daemon.1.xml.in') diff --git a/doc/dbus-daemon.1.xml.in b/doc/dbus-daemon.1.xml.in index 023bebae..c08cf2b2 100644 --- a/doc/dbus-daemon.1.xml.in +++ b/doc/dbus-daemon.1.xml.in @@ -397,7 +397,7 @@ which mechanisms are listed is not meaningful. Adds a directory to scan for .service files. Directories are -scanned starting with the last to appear in the config file +scanned starting with the first to appear in the config file (the first .service file found that provides a particular service will be used). -- cgit v1.2.3 From f110f0011600f80bb50a9037e5fdcf5296fc1fde Mon Sep 17 00:00:00 2001 From: Chengwei Yang Date: Fri, 13 Sep 2013 20:37:56 +0800 Subject: Update configurable elements for dbus-daemon manual Update three configurable elements for dbus-daemon manual, , and , all of them are undocumented so far. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69125 Reviewed-by: Simon McVittie --- doc/dbus-daemon.1.xml.in | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'doc/dbus-daemon.1.xml.in') diff --git a/doc/dbus-daemon.1.xml.in b/doc/dbus-daemon.1.xml.in index c08cf2b2..1a1e42cd 100644 --- a/doc/dbus-daemon.1.xml.in +++ b/doc/dbus-daemon.1.xml.in @@ -316,6 +316,37 @@ rather than the --fork command line option. If present, the bus daemon keeps its original umask when forking. This may be useful to avoid affecting the behavior of child processes. + + + <syslog> + + + + +If present, the bus daemon will log to syslog. + + + + <pidfile> + + + + +If present, the bus daemon will write its pid to the specified file. +The --nopidfile command-line option takes precedence over this setting. + + + + <allow_anonymous> + + + + +If present, connections that authenticated using the ANONYMOUS +mechanism will be authorized to connect. This option has no practical +effect unless the ANONYMOUS mechanism has also been enabled using the +<auth> element, described below. + <listen> -- cgit v1.2.3 From a77f64d5e1b411b14a6768d63a2c677ae064a256 Mon Sep 17 00:00:00 2001 From: Chengwei Yang Date: Tue, 10 Dec 2013 10:06:23 +0800 Subject: dbus-daemon(1): align document about "bind" with DBus Spec Bug: https://bugs.freedesktop.org/show_bug.cgi?id=72301 Reviewed-by: Simon McVittie --- doc/dbus-daemon.1.xml.in | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'doc/dbus-daemon.1.xml.in') diff --git a/doc/dbus-daemon.1.xml.in b/doc/dbus-daemon.1.xml.in index 1a1e42cd..7b7f4a1b 100644 --- a/doc/dbus-daemon.1.xml.in +++ b/doc/dbus-daemon.1.xml.in @@ -392,12 +392,13 @@ DBUS_SESSION_BUS_ADDRESS is set. Example: <listen>tcp:host=localhost,port=0</listen> -tcp addresses also allow a bind=hostname option, which will override -the host option specifying what address to bind to, without changing -the address reported by the bus. The bind option can also take a -special name '*' to cause the bus to listen on all local address -(INADDR_ANY). The specified host should be a valid name of the local -machine or weird stuff will happen. +tcp/nonce-tcp addresses also allow a bind=hostname option, +used in a listenable address to configure the interface on which +the server will listen: either the hostname is the IP address of +one of the local machine's interfaces (most commonly 127.0.0.1), +or a DNS name that resolves to one of those IP addresses, or '*' +to listen on all interfaces simultaneously. If not specified, +the default is the same value as "host". Example: <listen>tcp:host=localhost,bind=*,port=0</listen> -- cgit v1.2.3 From 403920f796c3cbeca1bba58bda497da4770e7d0a Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Mon, 15 Sep 2014 12:55:54 +0100 Subject: Imported Upstream version 1.8.8 --- Makefile.in | 1 - NEWS | 57 +++++++++++ README.win | 13 ++- bus/Makefile.in | 1 - bus/bus.c | 43 ++++++++ bus/bus.h | 3 + bus/config-parser.c | 16 ++- bus/connection.c | 113 +++++++++++++++----- bus/connection.h | 3 +- bus/session.conf.in | 4 +- bus/stats.c | 4 +- cmake/CMakeLists.txt | 4 - cmake/config.h.cmake | 2 - config.guess | 192 +++++----------------------------- config.h.in | 12 ++- config.sub | 23 +++-- configure | 222 ++++++++++++++++++++++++++++++++++------ configure.ac | 30 +++--- dbus/Makefile.in | 1 - dbus/dbus-connection-internal.h | 6 ++ dbus/dbus-connection.c | 27 +++++ dbus/dbus-internals.h | 2 +- dbus/dbus-macros.h | 3 + dbus/dbus-message-internal.h | 4 + dbus/dbus-message-private.h | 2 + dbus/dbus-message.c | 41 ++++++++ dbus/dbus-server-protected.h | 5 +- dbus/dbus-server.c | 19 +--- dbus/dbus-sysdeps-unix.c | 49 +++++++-- dbus/dbus-sysdeps.h | 8 ++ dbus/dbus-transport.c | 27 +++++ dbus/dbus-transport.h | 4 + dbus/dbus-watch.c | 21 ++++ dbus/dbus-watch.h | 2 + doc/Makefile.in | 3 +- doc/dbus-daemon.1.xml.in | 4 + ltmain.sh | 4 +- test/Makefile.in | 1 - test/name-test/Makefile.in | 1 - test/test-segfault.c | 18 +++- tools/Makefile.in | 1 - 41 files changed, 697 insertions(+), 299 deletions(-) (limited to 'doc/dbus-daemon.1.xml.in') diff --git a/Makefile.in b/Makefile.in index 3b8886b7..dfdc6194 100644 --- a/Makefile.in +++ b/Makefile.in @@ -340,7 +340,6 @@ DBUS_USER = @DBUS_USER@ DBUS_VERSION = @DBUS_VERSION@ DBUS_X_CFLAGS = @DBUS_X_CFLAGS@ DBUS_X_LIBS = @DBUS_X_LIBS@ -DEFAULT_MESSAGE_UNIX_FDS = @DEFAULT_MESSAGE_UNIX_FDS@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ diff --git a/NEWS b/NEWS index 0944bf42..b10ab4f7 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,60 @@ +D-Bus 1.8.8 (2014-09-16) +== + +The "smashy smashy egg man" release. + +Security fixes: + +• Do not accept an extra fd in the padding of a cmsg message, which + could lead to a 4-byte heap buffer overrun. + (CVE-2014-3635, fd.o #83622; Simon McVittie) + +• Reduce default for maximum Unix file descriptors passed per message + from 1024 to 16, preventing a uid with the default maximum number of + connections from exhausting the system bus' file descriptors under + Linux's default rlimit. Distributors or system administrators with a + more restrictive fd limit may wish to reduce these limits further. + + Additionally, on Linux this prevents a second denial of service + in which the dbus-daemon can be made to exceed the maximum number + of fds per sendmsg() and disconnect the process that would have + received them. + (CVE-2014-3636, fd.o #82820; Alban Crequy) + +• Disconnect connections that still have a fd pending unmarshalling after + a new configurable limit, pending_fd_timeout (defaulting to 150 seconds), + removing the possibility of creating an abusive connection that cannot be + disconnected by setting up a circular reference to a connection's + file descriptor. + (CVE-2014-3637, fd.o #80559; Alban Crequy) + +• Reduce default for maximum pending replies per connection from 8192 to 128, + mitigating an algorithmic complexity denial-of-service attack + (CVE-2014-3638, fd.o #81053; Alban Crequy) + +• Reduce default for authentication timeout on the system bus from + 30 seconds to 5 seconds, avoiding denial of service by using up + all unauthenticated connection slots; and when all unauthenticated + connection slots are used up, make new connection attempts block + instead of disconnecting them. + (CVE-2014-3639, fd.o #80919; Alban Crequy) + +Other fixes: + +• Check for libsystemd from systemd >= 209, falling back to + the older separate libraries if not found (Umut Tezduyar Lindskog, + Simon McVittie) + +• On Linux, use prctl() to disable core dumps from a test executable + that deliberately raises SIGSEGV to test dbus-daemon's handling + of that condition (fd.o #83772, Simon McVittie) + +• Fix compilation with --enable-stats (fd.o #81043, Gentoo #507232; + Alban Crequy) + +• Improve documentation for running tests on Windows (fd.o #41252, + Ralf Habacker) + D-Bus 1.8.6 (2014-06-02) == diff --git a/README.win b/README.win index bd67c188..8a5b3c0a 100644 --- a/README.win +++ b/README.win @@ -13,7 +13,7 @@ test not running yet and there is help needed to get them running. Supported compilers ------------------- -On windows Microsoft Visual Studio 2010 (Express and professional variants) +On windows Microsoft Visual Studio 2010 (Express and professional variants) and mingw-w64|32 are known to work. Building @@ -30,14 +30,19 @@ updated with windows specific stuff. Tests ----- + - run complete test suite + make check + or + ctest [-V] + - dbus library check - bin\test-dbus.exe \test\data + ctest [-V] -R test-dbus - bus daemon check - bin\test-bus.exe \test\data + ctest [-V] -R test-bus - check available names - bin\test_names.exe + ctest [-V] -R test-names - check if dbus-daemon is accessable bin\dbus-send.exe --session --type=method_call --print-reply --dest=org.freedesktop.DBus / org.freedesktop.DBus.ListNames method return sender=org.freedesktop.DBus -> dest=:1.4 array [ string "org.freedesktop.DBus"string ":1.4"] diff --git a/bus/Makefile.in b/bus/Makefile.in index 46f9e9ab..4425b030 100644 --- a/bus/Makefile.in +++ b/bus/Makefile.in @@ -368,7 +368,6 @@ DBUS_USER = @DBUS_USER@ DBUS_VERSION = @DBUS_VERSION@ DBUS_X_CFLAGS = @DBUS_X_CFLAGS@ DBUS_X_LIBS = @DBUS_X_LIBS@ -DEFAULT_MESSAGE_UNIX_FDS = @DEFAULT_MESSAGE_UNIX_FDS@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ diff --git a/bus/bus.c b/bus/bus.c index a514e31d..35d40754 100644 --- a/bus/bus.c +++ b/bus/bus.c @@ -39,6 +39,7 @@ #include #include #include +#include #ifdef DBUS_CYGWIN #include @@ -68,6 +69,7 @@ struct BusContext unsigned int keep_umask : 1; unsigned int allow_anonymous : 1; unsigned int systemd_activation : 1; + dbus_bool_t watches_enabled; }; static dbus_int32_t server_data_slot = -1; @@ -758,6 +760,8 @@ bus_context_new (const DBusString *config_file, goto failed; } + context->watches_enabled = TRUE; + context->registry = bus_registry_new (context); if (context->registry == NULL) { @@ -1236,6 +1240,12 @@ bus_context_get_auth_timeout (BusContext *context) return context->limits.auth_timeout; } +int +bus_context_get_pending_fd_timeout (BusContext *context) +{ + return context->limits.pending_fd_timeout; +} + int bus_context_get_max_completed_connections (BusContext *context) { @@ -1658,3 +1668,36 @@ bus_context_check_security_policy (BusContext *context, _dbus_verbose ("security policy allowing message\n"); return TRUE; } + +void +bus_context_check_all_watches (BusContext *context) +{ + DBusList *link; + dbus_bool_t enabled = TRUE; + + if (bus_connections_get_n_incomplete (context->connections) >= + bus_context_get_max_incomplete_connections (context)) + { + enabled = FALSE; + } + + if (context->watches_enabled == enabled) + return; + + context->watches_enabled = enabled; + + for (link = _dbus_list_get_first_link (&context->servers); + link != NULL; + link = _dbus_list_get_next_link (&context->servers, link)) + { + /* A BusContext might contains several DBusServer (if there are + * several configuration items) and a DBusServer might + * contain several DBusWatch in its DBusWatchList (if getaddrinfo + * returns several addresses on a dual IPv4-IPv6 stack or if + * systemd passes several fds). + * We want to enable/disable them all. + */ + DBusServer *server = link->data; + _dbus_server_toggle_all_watches (server, enabled); + } +} diff --git a/bus/bus.h b/bus/bus.h index 35978841..7d0b3697 100644 --- a/bus/bus.h +++ b/bus/bus.h @@ -54,6 +54,7 @@ typedef struct long max_message_unix_fds; /**< Max number of unix fds of a single message*/ int activation_timeout; /**< How long to wait for an activation to time out */ int auth_timeout; /**< How long to wait for an authentication to time out */ + int pending_fd_timeout; /**< How long to wait for a D-Bus message with a fd to time out */ int max_completed_connections; /**< Max number of authorized connections */ int max_incomplete_connections; /**< Max number of incomplete connections */ int max_connections_per_user; /**< Max number of connections auth'd as same user */ @@ -106,6 +107,7 @@ BusClientPolicy* bus_context_create_client_policy (BusContext DBusError *error); int bus_context_get_activation_timeout (BusContext *context); int bus_context_get_auth_timeout (BusContext *context); +int bus_context_get_pending_fd_timeout (BusContext *context); int bus_context_get_max_completed_connections (BusContext *context); int bus_context_get_max_incomplete_connections (BusContext *context); int bus_context_get_max_connections_per_user (BusContext *context); @@ -125,5 +127,6 @@ dbus_bool_t bus_context_check_security_policy (BusContext DBusConnection *proposed_recipient, DBusMessage *message, DBusError *error); +void bus_context_check_all_watches (BusContext *context); #endif /* BUS_BUS_H */ diff --git a/bus/config-parser.c b/bus/config-parser.c index a6a8e1cf..7bc9c019 100644 --- a/bus/config-parser.c +++ b/bus/config-parser.c @@ -438,7 +438,12 @@ bus_config_parser_new (const DBusString *basedir, * and legitimate auth will fail. If interactive auth (ask user for * password) is allowed, then potentially it has to be quite long. */ - parser->limits.auth_timeout = 30000; /* 30 seconds */ + parser->limits.auth_timeout = 5000; /* 5 seconds */ + + /* Do not allow a fd to stay forever in dbus-daemon + * https://bugs.freedesktop.org/show_bug.cgi?id=80559 + */ + parser->limits.pending_fd_timeout = 150000; /* 2.5 minutes */ parser->limits.max_incomplete_connections = 64; parser->limits.max_connections_per_user = 256; @@ -467,7 +472,7 @@ bus_config_parser_new (const DBusString *basedir, /* this is effectively a limit on message queue size for messages * that require a reply */ - parser->limits.max_replies_per_connection = 1024*8; + parser->limits.max_replies_per_connection = 128; } parser->refcount = 1; @@ -1902,6 +1907,12 @@ set_limit (BusConfigParser *parser, must_be_int = TRUE; parser->limits.auth_timeout = value; } + else if (strcmp (name, "pending_fd_timeout") == 0) + { + must_be_positive = TRUE; + must_be_int = TRUE; + parser->limits.pending_fd_timeout = value; + } else if (strcmp (name, "reply_timeout") == 0) { must_be_positive = TRUE; @@ -3108,6 +3119,7 @@ limits_equal (const BusLimits *a, || a->max_message_unix_fds == b->max_message_unix_fds || a->activation_timeout == b->activation_timeout || a->auth_timeout == b->auth_timeout + || a->pending_fd_timeout == b->pending_fd_timeout || a->max_completed_connections == b->max_completed_connections || a->max_incomplete_connections == b->max_incomplete_connections || a->max_connections_per_user == b->max_connections_per_user diff --git a/bus/connection.c b/bus/connection.c index ea2d155a..519122c5 100644 --- a/bus/connection.c +++ b/bus/connection.c @@ -33,6 +33,7 @@ #include #include #include +#include /* Trim executed commands to this length; we want to keep logs readable */ #define MAX_LOG_COMMAND_LEN 50 @@ -102,6 +103,8 @@ typedef struct int peak_match_rules; int peak_bus_names; #endif + int n_pending_unix_fds; + DBusTimeout *pending_unix_fds_timeout; } BusConnectionData; static dbus_bool_t bus_pending_reply_expired (BusExpireList *list, @@ -268,6 +271,15 @@ bus_connection_disconnected (DBusConnection *connection) dbus_connection_set_dispatch_status_function (connection, NULL, NULL, NULL); + + if (d->pending_unix_fds_timeout) + { + _dbus_loop_remove_timeout (bus_context_get_loop (d->connections->context), + d->pending_unix_fds_timeout); + _dbus_timeout_unref (d->pending_unix_fds_timeout); + } + d->pending_unix_fds_timeout = NULL; + _dbus_connection_set_pending_fds_function (connection, NULL, NULL); bus_connection_remove_transactions (connection); @@ -293,6 +305,10 @@ bus_connection_disconnected (DBusConnection *connection) _dbus_list_remove_link (&d->connections->incomplete, d->link_in_connection_list); d->link_in_connection_list = NULL; d->connections->n_incomplete -= 1; + + /* If we have dropped below the max. number of incomplete + * connections, start accept()ing again */ + bus_context_check_all_watches (d->connections->context); } _dbus_assert (d->connections->n_incomplete >= 0); @@ -588,6 +604,42 @@ oom: return FALSE; } +static void +check_pending_fds_cb (DBusConnection *connection) +{ + BusConnectionData *d = BUS_CONNECTION_DATA (connection); + int n_pending_unix_fds_old = d->n_pending_unix_fds; + int n_pending_unix_fds_new; + + n_pending_unix_fds_new = _dbus_connection_get_pending_fds_count (connection); + + _dbus_verbose ("Pending fds count changed on connection %p: %d -> %d\n", + connection, n_pending_unix_fds_old, n_pending_unix_fds_new); + + if (n_pending_unix_fds_old == 0 && n_pending_unix_fds_new > 0) + { + _dbus_timeout_set_interval (d->pending_unix_fds_timeout, + bus_context_get_pending_fd_timeout (d->connections->context)); + _dbus_timeout_set_enabled (d->pending_unix_fds_timeout, TRUE); + } + + if (n_pending_unix_fds_old > 0 && n_pending_unix_fds_new == 0) + { + _dbus_timeout_set_enabled (d->pending_unix_fds_timeout, FALSE); + } + + + d->n_pending_unix_fds = n_pending_unix_fds_new; +} + +static dbus_bool_t +pending_unix_fds_timeout_cb (void *data) +{ + DBusConnection *connection = data; + dbus_connection_close (connection); + return TRUE; +} + dbus_bool_t bus_connections_setup_connection (BusConnections *connections, DBusConnection *connection) @@ -683,36 +735,38 @@ bus_connections_setup_connection (BusConnections *connections, } } + /* Setup pending fds timeout (see #80559) */ + d->pending_unix_fds_timeout = _dbus_timeout_new (100, /* irrelevant */ + pending_unix_fds_timeout_cb, + connection, NULL); + if (d->pending_unix_fds_timeout == NULL) + goto out; + + _dbus_timeout_set_enabled (d->pending_unix_fds_timeout, FALSE); + if (!_dbus_loop_add_timeout (bus_context_get_loop (connections->context), + d->pending_unix_fds_timeout)) + goto out; + + _dbus_connection_set_pending_fds_function (connection, + (DBusPendingFdsChangeFunction) check_pending_fds_cb, + connection); + _dbus_list_append_link (&connections->incomplete, d->link_in_connection_list); connections->n_incomplete += 1; dbus_connection_ref (connection); - /* Note that we might disconnect ourselves here, but it only takes - * effect on return to the main loop. We call this to free up - * expired connections if possible, and to queue the timeout for our - * own expiration. - */ bus_connections_expire_incomplete (connections); - /* And we might also disconnect ourselves here, but again it - * only takes effect on return to main loop. - */ - if (connections->n_incomplete > - bus_context_get_max_incomplete_connections (connections->context)) - { - _dbus_verbose ("Number of incomplete connections exceeds max, dropping oldest one\n"); - - _dbus_assert (connections->incomplete != NULL); - /* Disconnect the oldest unauthenticated connection. FIXME - * would it be more secure to drop a *random* connection? This - * algorithm seems to mean that if someone can create new - * connections quickly enough, they can keep anyone else from - * completing authentication. But random may or may not really - * help with that, a more elaborate solution might be required. - */ - dbus_connection_close (connections->incomplete->data); - } + /* The listening socket is removed from the main loop, + * i.e. does not accept(), while n_incomplete is at its + * maximum value; so we shouldn't get here in that case */ + _dbus_assert (connections->n_incomplete <= + bus_context_get_max_incomplete_connections (connections->context)); + + /* If we have the maximum number of incomplete connections, + * stop accept()ing any more, to avert a DoS. See fd.o #80919 */ + bus_context_check_all_watches (d->connections->context); retval = TRUE; @@ -744,6 +798,13 @@ bus_connections_setup_connection (BusConnections *connections, dbus_connection_set_dispatch_status_function (connection, NULL, NULL, NULL); + if (d->pending_unix_fds_timeout) + _dbus_timeout_unref (d->pending_unix_fds_timeout); + + d->pending_unix_fds_timeout = NULL; + + _dbus_connection_set_pending_fds_function (connection, NULL, NULL); + if (d->link_in_connection_list != NULL) { _dbus_assert (d->link_in_connection_list->next == NULL); @@ -1419,6 +1480,10 @@ bus_connection_complete (DBusConnection *connection, _dbus_assert (d->connections->n_incomplete >= 0); _dbus_assert (d->connections->n_completed > 0); + /* If we have dropped below the max. number of incomplete + * connections, start accept()ing again */ + bus_context_check_all_watches (d->connections->context); + /* See if we can remove the timeout */ bus_connections_expire_incomplete (d->connections); @@ -2348,7 +2413,6 @@ bus_transaction_add_cancel_hook (BusTransaction *transaction, return TRUE; } -#ifdef DBUS_ENABLE_STATS int bus_connections_get_n_active (BusConnections *connections) { @@ -2361,6 +2425,7 @@ bus_connections_get_n_incomplete (BusConnections *connections) return connections->n_incomplete; } +#ifdef DBUS_ENABLE_STATS int bus_connections_get_total_match_rules (BusConnections *connections) { diff --git a/bus/connection.h b/bus/connection.h index 9f4f9aea..6fbcd38d 100644 --- a/bus/connection.h +++ b/bus/connection.h @@ -139,9 +139,10 @@ dbus_bool_t bus_transaction_add_cancel_hook (BusTransaction * void *data, DBusFreeFunction free_data_function); -/* called by stats.c, only present if DBUS_ENABLE_STATS */ int bus_connections_get_n_active (BusConnections *connections); int bus_connections_get_n_incomplete (BusConnections *connections); + +/* called by stats.c, only present if DBUS_ENABLE_STATS */ int bus_connections_get_total_match_rules (BusConnections *connections); int bus_connections_get_peak_match_rules (BusConnections *connections); int bus_connections_get_peak_match_rules_per_conn (BusConnections *connections); diff --git a/bus/session.conf.in b/bus/session.conf.in index 74d9d1fd..cfe9544f 100644 --- a/bus/session.conf.in +++ b/bus/session.conf.in @@ -49,9 +49,11 @@ 1000000000 250000000 1000000000 - @DEFAULT_MESSAGE_UNIX_FDS@ + 120000 240000 + 150000 100000 10000 100000 diff --git a/bus/stats.c b/bus/stats.c index 2bf86d66..24308eb5 100644 --- a/bus/stats.c +++ b/bus/stats.c @@ -40,6 +40,7 @@ bus_stats_handle_get_stats (DBusConnection *connection, DBusMessage *message, DBusError *error) { + BusContext *context; BusConnections *connections; DBusMessage *reply = NULL; DBusMessageIter iter, arr_iter; @@ -48,7 +49,8 @@ bus_stats_handle_get_stats (DBusConnection *connection, _DBUS_ASSERT_ERROR_IS_CLEAR (error); - connections = bus_context_get_connections (transaction->context); + context = bus_transaction_get_context (transaction); + connections = bus_context_get_connections (context); reply = _dbus_asv_new_method_return (message, &iter, &arr_iter); diff --git a/cmake/CMakeLists.txt b/cmake/CMakeLists.txt index b7c25299..c767c171 100644 --- a/cmake/CMakeLists.txt +++ b/cmake/CMakeLists.txt @@ -417,10 +417,6 @@ endif (WIN32) set (DBUS_USER ) -# In Autotools this has a different default on QNX, but there seems little -# point in replicating that here; if you're on an unusual Unix, use Autotools. -set (DEFAULT_MESSAGE_UNIX_FDS 1024) - # This won't work on Windows. It's not meant to - the system bus is # meaningless on Windows anyway. # diff --git a/cmake/config.h.cmake b/cmake/config.h.cmake index bd4cd444..eaec1e98 100644 --- a/cmake/config.h.cmake +++ b/cmake/config.h.cmake @@ -82,8 +82,6 @@ # define DBUS_ENABLE_X11_AUTOLAUNCH 1 #endif -#define DBUS_DEFAULT_MESSAGE_UNIX_FDS @DEFAULT_MESSAGE_UNIX_FDS@ - #define _DBUS_VA_COPY_ASSIGN(a1,a2) { a1 = a2; } #cmakedefine DBUS_VA_COPY_FUNC diff --git a/config.guess b/config.guess index b79252d6..1f5c50c0 100755 --- a/config.guess +++ b/config.guess @@ -1,8 +1,8 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2013 Free Software Foundation, Inc. +# Copyright 1992-2014 Free Software Foundation, Inc. -timestamp='2013-06-10' +timestamp='2014-03-23' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -50,7 +50,7 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2013 Free Software Foundation, Inc. +Copyright 1992-2014 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -149,7 +149,7 @@ Linux|GNU|GNU/*) LIBC=gnu #endif EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` ;; esac @@ -826,7 +826,7 @@ EOF *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; - i*:MSYS*:*) + *:MSYS*:*) echo ${UNAME_MACHINE}-pc-msys exit ;; i*:windows32*:*) @@ -969,10 +969,10 @@ EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } ;; - or1k:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + openrisc*:Linux:*:*) + echo or1k-unknown-linux-${LIBC} exit ;; - or32:Linux:*:*) + or32:Linux:*:* | or1k*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; padre:Linux:*:*) @@ -1260,16 +1260,26 @@ EOF if test "$UNAME_PROCESSOR" = unknown ; then UNAME_PROCESSOR=powerpc fi - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then - if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - case $UNAME_PROCESSOR in - i386) UNAME_PROCESSOR=x86_64 ;; - powerpc) UNAME_PROCESSOR=powerpc64 ;; - esac + if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + case $UNAME_PROCESSOR in + i386) UNAME_PROCESSOR=x86_64 ;; + powerpc) UNAME_PROCESSOR=powerpc64 ;; + esac + fi fi + elif test "$UNAME_PROCESSOR" = i386 ; then + # Avoid executing cc on OS X 10.9, as it ships with a stub + # that puts up a graphical alert prompting to install + # developer tools. Any system running Mac OS X 10.7 or + # later (Darwin 11 and later) is required to have a 64-bit + # processor. This is not true of the ARM version of Darwin + # that Apple uses in portable devices. + UNAME_PROCESSOR=x86_64 fi echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; @@ -1361,154 +1371,6 @@ EOF exit ;; esac -eval $set_cc_for_build -cat >$dummy.c < -# include -#endif -main () -{ -#if defined (sony) -#if defined (MIPSEB) - /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, - I don't know.... */ - printf ("mips-sony-bsd\n"); exit (0); -#else -#include - printf ("m68k-sony-newsos%s\n", -#ifdef NEWSOS4 - "4" -#else - "" -#endif - ); exit (0); -#endif -#endif - -#if defined (__arm) && defined (__acorn) && defined (__unix) - printf ("arm-acorn-riscix\n"); exit (0); -#endif - -#if defined (hp300) && !defined (hpux) - printf ("m68k-hp-bsd\n"); exit (0); -#endif - -#if defined (NeXT) -#if !defined (__ARCHITECTURE__) -#define __ARCHITECTURE__ "m68k" -#endif - int version; - version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; - if (version < 4) - printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); - else - printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); - exit (0); -#endif - -#if defined (MULTIMAX) || defined (n16) -#if defined (UMAXV) - printf ("ns32k-encore-sysv\n"); exit (0); -#else -#if defined (CMU) - printf ("ns32k-encore-mach\n"); exit (0); -#else - printf ("ns32k-encore-bsd\n"); exit (0); -#endif -#endif -#endif - -#if defined (__386BSD__) - printf ("i386-pc-bsd\n"); exit (0); -#endif - -#if defined (sequent) -#if defined (i386) - printf ("i386-sequent-dynix\n"); exit (0); -#endif -#if defined (ns32000) - printf ("ns32k-sequent-dynix\n"); exit (0); -#endif -#endif - -#if defined (_SEQUENT_) - struct utsname un; - - uname(&un); - - if (strncmp(un.version, "V2", 2) == 0) { - printf ("i386-sequent-ptx2\n"); exit (0); - } - if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ - printf ("i386-sequent-ptx1\n"); exit (0); - } - printf ("i386-sequent-ptx\n"); exit (0); - -#endif - -#if defined (vax) -# if !defined (ultrix) -# include -# if defined (BSD) -# if BSD == 43 - printf ("vax-dec-bsd4.3\n"); exit (0); -# else -# if BSD == 199006 - printf ("vax-dec-bsd4.3reno\n"); exit (0); -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# endif -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# else - printf ("vax-dec-ultrix\n"); exit (0); -# endif -#endif - -#if defined (alliant) && defined (i860) - printf ("i860-alliant-bsd\n"); exit (0); -#endif - - exit (1); -} -EOF - -$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && - { echo "$SYSTEM_NAME"; exit; } - -# Apollos put the system type in the environment. - -test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } - -# Convex versions that predate uname can use getsysinfo(1) - -if [ -x /usr/convex/getsysinfo ] -then - case `getsysinfo -f cpu_type` in - c1*) - echo c1-convex-bsd - exit ;; - c2*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi - exit ;; - c34*) - echo c34-convex-bsd - exit ;; - c38*) - echo c38-convex-bsd - exit ;; - c4*) - echo c4-convex-bsd - exit ;; - esac -fi - cat >&2 < header file. */ #undef HAVE_SYS_INOTIFY_H +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_PRCTL_H + /* Define to 1 if you have the header file. */ #undef HAVE_SYS_RESOURCE_H diff --git a/config.sub b/config.sub index 9633db70..d654d03c 100755 --- a/config.sub +++ b/config.sub @@ -1,8 +1,8 @@ #! /bin/sh # Configuration validation subroutine script. -# Copyright 1992-2013 Free Software Foundation, Inc. +# Copyright 1992-2014 Free Software Foundation, Inc. -timestamp='2013-08-10' +timestamp='2014-05-01' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -68,7 +68,7 @@ Report bugs and patches to ." version="\ GNU config.sub ($timestamp) -Copyright 1992-2013 Free Software Foundation, Inc. +Copyright 1992-2014 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -265,6 +265,7 @@ case $basic_machine in | hexagon \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ + | k1om \ | le32 | le64 \ | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ @@ -282,8 +283,10 @@ case $basic_machine in | mips64vr5900 | mips64vr5900el \ | mipsisa32 | mipsisa32el \ | mipsisa32r2 | mipsisa32r2el \ + | mipsisa32r6 | mipsisa32r6el \ | mipsisa64 | mipsisa64el \ | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64r6 | mipsisa64r6el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ | mipsr5900 | mipsr5900el \ @@ -295,8 +298,7 @@ case $basic_machine in | nds32 | nds32le | nds32be \ | nios | nios2 | nios2eb | nios2el \ | ns16k | ns32k \ - | open8 \ - | or1k | or32 \ + | open8 | or1k | or1knd | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ | pyramid \ @@ -324,7 +326,7 @@ case $basic_machine in c6x) basic_machine=tic6x-unknown ;; - m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) + m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) basic_machine=$basic_machine-unknown os=-none ;; @@ -381,6 +383,7 @@ case $basic_machine in | hexagon-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ + | k1om-* \ | le32-* | le64-* \ | lm32-* \ | m32c-* | m32r-* | m32rle-* \ @@ -400,8 +403,10 @@ case $basic_machine in | mips64vr5900-* | mips64vr5900el-* \ | mipsisa32-* | mipsisa32el-* \ | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa32r6-* | mipsisa32r6el-* \ | mipsisa64-* | mipsisa64el-* \ | mipsisa64r2-* | mipsisa64r2el-* \ + | mipsisa64r6-* | mipsisa64r6el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ | mipsr5900-* | mipsr5900el-* \ @@ -413,6 +418,7 @@ case $basic_machine in | nios-* | nios2-* | nios2eb-* | nios2el-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | open8-* \ + | or1k*-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ @@ -1374,7 +1380,7 @@ case $os in | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1592,9 +1598,6 @@ case $basic_machine in mips*-*) os=-elf ;; - or1k-*) - os=-elf - ;; or32-*) os=-coff ;; diff --git a/configure b/configure index 3f5067a4..fb0d5176 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for dbus 1.8.6. +# Generated by GNU Autoconf 2.69 for dbus 1.8.8. # # Report bugs to . # @@ -591,8 +591,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='dbus' PACKAGE_TARNAME='dbus' -PACKAGE_VERSION='1.8.6' -PACKAGE_STRING='dbus 1.8.6' +PACKAGE_VERSION='1.8.8' +PACKAGE_STRING='dbus 1.8.8' PACKAGE_BUGREPORT='https://bugs.freedesktop.org/enter_bug.cgi?product=dbus' PACKAGE_URL='' @@ -632,6 +632,8 @@ ac_includes_default="\ # include #endif" +ac_header_list= +ac_func_list= ac_subst_vars='am__EXEEXT_FALSE am__EXEEXT_TRUE LTLIBOBJS @@ -690,7 +692,6 @@ X_PRE_LIBS X_CFLAGS XMKMF LIBDBUS_LIBS -DEFAULT_MESSAGE_UNIX_FDS VALGRIND_LIBS VALGRIND_CFLAGS NETWORK_libs @@ -1512,7 +1513,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures dbus 1.8.6 to adapt to many kinds of systems. +\`configure' configures dbus 1.8.8 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1586,7 +1587,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of dbus 1.8.6:";; + short | recursive ) echo "Configuration of dbus 1.8.8:";; esac cat <<\_ACEOF @@ -1783,7 +1784,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -dbus configure 1.8.6 +dbus configure 1.8.8 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2502,7 +2503,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by dbus $as_me 1.8.6, which was +It was created by dbus $as_me 1.8.8, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2782,6 +2783,9 @@ $as_echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi +as_fn_append ac_header_list " sys/prctl.h" +as_fn_append ac_func_list " prctl" +as_fn_append ac_func_list " raise" # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false @@ -3442,7 +3446,7 @@ fi # Define the identity of the package. PACKAGE='dbus' - VERSION='1.8.6' + VERSION='1.8.8' cat >>confdefs.h <<_ACEOF @@ -3742,7 +3746,7 @@ LT_CURRENT=11 ## increment any time the source changes; set to ## 0 if you increment CURRENT -LT_REVISION=6 +LT_REVISION=7 ## increment if any interfaces have been added; set to 0 ## if any interfaces have been changed or removed. removal has @@ -3755,8 +3759,8 @@ LT_AGE=8 DBUS_MAJOR_VERSION=1 DBUS_MINOR_VERSION=8 -DBUS_MICRO_VERSION=6 -DBUS_VERSION=1.8.6 +DBUS_MICRO_VERSION=8 +DBUS_VERSION=1.8.8 @@ -18710,6 +18714,48 @@ _ACEOF fi +# For test-segfault.c + + + + for ac_header in $ac_header_list +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + + + + + + + for ac_func in $ac_func_list +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + + + + + + #### Check for broken poll; taken from Glib's configure { $as_echo "$as_me:${as_lineno-$LINENO}: checking for broken poll" >&5 @@ -20243,6 +20289,131 @@ pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SYSTEMD" >&5 $as_echo_n "checking for SYSTEMD... " >&6; } +if test -n "$SYSTEMD_CFLAGS"; then + pkg_cv_SYSTEMD_CFLAGS="$SYSTEMD_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd >= 209\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libsystemd >= 209") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_SYSTEMD_CFLAGS=`$PKG_CONFIG --cflags "libsystemd >= 209" 2>/dev/null` +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$SYSTEMD_LIBS"; then + pkg_cv_SYSTEMD_LIBS="$SYSTEMD_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd >= 209\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libsystemd >= 209") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_SYSTEMD_LIBS=`$PKG_CONFIG --libs "libsystemd >= 209" 2>/dev/null` +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + SYSTEMD_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "libsystemd >= 209" 2>&1` + else + SYSTEMD_PKG_ERRORS=`$PKG_CONFIG --print-errors "libsystemd >= 209" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$SYSTEMD_PKG_ERRORS" >&5 + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SYSTEMD" >&5 +$as_echo_n "checking for SYSTEMD... " >&6; } + +if test -n "$SYSTEMD_CFLAGS"; then + pkg_cv_SYSTEMD_CFLAGS="$SYSTEMD_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd-login >= 32, libsystemd-daemon >= 32, libsystemd-journal >= 32\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libsystemd-login >= 32, libsystemd-daemon >= 32, libsystemd-journal >= 32") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_SYSTEMD_CFLAGS=`$PKG_CONFIG --cflags "libsystemd-login >= 32, libsystemd-daemon >= 32, libsystemd-journal >= 32" 2>/dev/null` +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$SYSTEMD_LIBS"; then + pkg_cv_SYSTEMD_LIBS="$SYSTEMD_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd-login >= 32, libsystemd-daemon >= 32, libsystemd-journal >= 32\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libsystemd-login >= 32, libsystemd-daemon >= 32, libsystemd-journal >= 32") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_SYSTEMD_LIBS=`$PKG_CONFIG --libs "libsystemd-login >= 32, libsystemd-daemon >= 32, libsystemd-journal >= 32" 2>/dev/null` +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + SYSTEMD_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "libsystemd-login >= 32, libsystemd-daemon >= 32, libsystemd-journal >= 32" 2>&1` + else + SYSTEMD_PKG_ERRORS=`$PKG_CONFIG --print-errors "libsystemd-login >= 32, libsystemd-daemon >= 32, libsystemd-journal >= 32" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$SYSTEMD_PKG_ERRORS" >&5 + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + have_systemd=no +elif test $pkg_failed = untried; then + have_systemd=no +else + SYSTEMD_CFLAGS=$pkg_cv_SYSTEMD_CFLAGS + SYSTEMD_LIBS=$pkg_cv_SYSTEMD_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + have_systemd=yes +fi +elif test $pkg_failed = untried; then + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SYSTEMD" >&5 +$as_echo_n "checking for SYSTEMD... " >&6; } + if test -n "$SYSTEMD_CFLAGS"; then pkg_cv_SYSTEMD_CFLAGS="$SYSTEMD_CFLAGS" elif test -n "$PKG_CONFIG"; then @@ -20305,6 +20476,13 @@ else $as_echo "yes" >&6; } have_systemd=yes fi +else + SYSTEMD_CFLAGS=$pkg_cv_SYSTEMD_CFLAGS + SYSTEMD_LIBS=$pkg_cv_SYSTEMD_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + have_systemd=yes +fi fi if test x$have_systemd = xyes; then @@ -20623,22 +20801,6 @@ $as_echo "#define WITH_VALGRIND 1" >>confdefs.h fi -# Determine maximum number of Unix fds which may be passed -case $host_os in #( - *qnx*) : - DEFAULT_MESSAGE_UNIX_FDS=256 ;; #( - *) : - DEFAULT_MESSAGE_UNIX_FDS=1024 ;; #( - *) : - ;; -esac - -cat >>confdefs.h <<_ACEOF -#define DBUS_DEFAULT_MESSAGE_UNIX_FDS $DEFAULT_MESSAGE_UNIX_FDS -_ACEOF - - - #### Set up final flags LIBDBUS_LIBS="$THREAD_LIBS $NETWORK_libs" @@ -23266,7 +23428,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by dbus $as_me 1.8.6, which was +This file was extended by dbus $as_me 1.8.8, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -23332,7 +23494,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -dbus config.status 1.8.6 +dbus config.status 1.8.8 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 8ffbb5c3..2d4624c7 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.63]) m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [8]) -m4_define([dbus_micro_version], [6]) +m4_define([dbus_micro_version], [8]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) @@ -37,7 +37,7 @@ LT_CURRENT=11 ## increment any time the source changes; set to ## 0 if you increment CURRENT -LT_REVISION=6 +LT_REVISION=7 ## increment if any interfaces have been added; set to 0 ## if any interfaces have been changed or removed. removal has @@ -598,6 +598,10 @@ if test "x$ac_cv_header_syslog_h" = "xyes"; then AC_CHECK_DECLS([LOG_PERROR], [], [], [[#include ]]) fi +# For test-segfault.c +AC_CHECK_HEADERS_ONCE([sys/prctl.h]) +AC_CHECK_FUNCS_ONCE([prctl raise]) + #### Check for broken poll; taken from Glib's configure AC_MSG_CHECKING([for broken poll]) @@ -1143,10 +1147,13 @@ dnl systemd detection if test x$enable_systemd = xno ; then have_systemd=no; else - PKG_CHECK_MODULES(SYSTEMD, - [libsystemd-login >= 32, libsystemd-daemon >= 32, libsystemd-journal >= 32], - have_systemd=yes, - have_systemd=no) + PKG_CHECK_MODULES([SYSTEMD], + [libsystemd >= 209], + [have_systemd=yes], + [PKG_CHECK_MODULES([SYSTEMD], + [libsystemd-login >= 32, libsystemd-daemon >= 32, libsystemd-journal >= 32], + [have_systemd=yes], + [have_systemd=no])]) fi if test x$have_systemd = xyes; then @@ -1235,17 +1242,6 @@ if test x$with_valgrind != xno; then AC_DEFINE([WITH_VALGRIND], [1], [Define to add Valgrind instrumentation]) fi -# Determine maximum number of Unix fds which may be passed -AS_CASE([$host_os], - [*qnx*], - [DEFAULT_MESSAGE_UNIX_FDS=256], - [*], - [DEFAULT_MESSAGE_UNIX_FDS=1024]) -AC_DEFINE_UNQUOTED([DBUS_DEFAULT_MESSAGE_UNIX_FDS], - [$DEFAULT_MESSAGE_UNIX_FDS], - [Default for dbus_connection_get_max_message_unix_fds()]) -AC_SUBST([DEFAULT_MESSAGE_UNIX_FDS]) - #### Set up final flags LIBDBUS_LIBS="$THREAD_LIBS $NETWORK_libs" AC_SUBST([LIBDBUS_LIBS]) diff --git a/dbus/Makefile.in b/dbus/Makefile.in index d10ebb31..43e3c7d0 100644 --- a/dbus/Makefile.in +++ b/dbus/Makefile.in @@ -514,7 +514,6 @@ DBUS_USER = @DBUS_USER@ DBUS_VERSION = @DBUS_VERSION@ DBUS_X_CFLAGS = @DBUS_X_CFLAGS@ DBUS_X_LIBS = @DBUS_X_LIBS@ -DEFAULT_MESSAGE_UNIX_FDS = @DEFAULT_MESSAGE_UNIX_FDS@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ diff --git a/dbus/dbus-connection-internal.h b/dbus/dbus-connection-internal.h index 2842f2f4..28974040 100644 --- a/dbus/dbus-connection-internal.h +++ b/dbus/dbus-connection-internal.h @@ -44,6 +44,8 @@ typedef enum /** default timeout value when waiting for a message reply, 25 seconds */ #define _DBUS_DEFAULT_TIMEOUT_VALUE (25 * 1000) +typedef void (* DBusPendingFdsChangeFunction) (void *data); + void _dbus_connection_lock (DBusConnection *connection); void _dbus_connection_unlock (DBusConnection *connection); DBusConnection * _dbus_connection_ref_unlocked (DBusConnection *connection); @@ -100,6 +102,10 @@ void _dbus_connection_test_get_locks (DBusConnectio DBusMutex **io_path_mutex_loc, DBusCondVar **dispatch_cond_loc, DBusCondVar **io_path_cond_loc); +int _dbus_connection_get_pending_fds_count (DBusConnection *connection); +void _dbus_connection_set_pending_fds_function (DBusConnection *connection, + DBusPendingFdsChangeFunction callback, + void *data); /* if DBUS_ENABLE_STATS */ void _dbus_connection_get_stats (DBusConnection *connection, diff --git a/dbus/dbus-connection.c b/dbus/dbus-connection.c index f0b6871e..b574207d 100644 --- a/dbus/dbus-connection.c +++ b/dbus/dbus-connection.c @@ -2549,6 +2549,33 @@ _dbus_connection_block_pending_call (DBusPendingCall *pending) dbus_pending_call_unref (pending); } +/** + * Return how many file descriptors are pending in the loader + * + * @param connection the connection + */ +int +_dbus_connection_get_pending_fds_count (DBusConnection *connection) +{ + return _dbus_transport_get_pending_fds_count (connection->transport); +} + +/** + * Register a function to be called whenever the number of pending file + * descriptors in the loader change. + * + * @param connection the connection + * @param callback the callback + */ +void +_dbus_connection_set_pending_fds_function (DBusConnection *connection, + DBusPendingFdsChangeFunction callback, + void *data) +{ + _dbus_transport_set_pending_fds_function (connection->transport, + callback, data); +} + /** @} */ /** diff --git a/dbus/dbus-internals.h b/dbus/dbus-internals.h index c64d7566..4658b67b 100644 --- a/dbus/dbus-internals.h +++ b/dbus/dbus-internals.h @@ -371,7 +371,7 @@ dbus_bool_t _dbus_get_local_machine_uuid_encoded (DBusString *uuid_str); #define _DBUS_PASTE(a, b) _DBUS_PASTE2 (a, b) #define _DBUS_STATIC_ASSERT(expr) \ typedef struct { char _assertion[(expr) ? 1 : -1]; } \ - _DBUS_PASTE (_DBUS_STATIC_ASSERT_, __LINE__) + _DBUS_PASTE (_DBUS_STATIC_ASSERT_, __LINE__) _DBUS_GNUC_UNUSED DBUS_END_DECLS diff --git a/dbus/dbus-macros.h b/dbus/dbus-macros.h index cae4100e..8d6c3000 100644 --- a/dbus/dbus-macros.h +++ b/dbus/dbus-macros.h @@ -69,9 +69,12 @@ __attribute__((__format__ (__printf__, format_idx, arg_idx))) #define _DBUS_GNUC_NORETURN \ __attribute__((__noreturn__)) +#define _DBUS_GNUC_UNUSED \ + __attribute__((__unused__)) #else /* !__GNUC__ */ #define _DBUS_GNUC_PRINTF( format_idx, arg_idx ) #define _DBUS_GNUC_NORETURN +#define _DBUS_GNUC_UNUSED #endif /* !__GNUC__ */ #if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 96) diff --git a/dbus/dbus-message-internal.h b/dbus/dbus-message-internal.h index 5d6594e3..e9a9ec01 100644 --- a/dbus/dbus-message-internal.h +++ b/dbus/dbus-message-internal.h @@ -96,6 +96,10 @@ long _dbus_message_loader_get_max_message_size (DBusMessageLoader void _dbus_message_loader_set_max_message_unix_fds(DBusMessageLoader *loader, long n); long _dbus_message_loader_get_max_message_unix_fds(DBusMessageLoader *loader); +int _dbus_message_loader_get_pending_fds_count (DBusMessageLoader *loader); +void _dbus_message_loader_set_pending_fds_function (DBusMessageLoader *loader, + void (* callback) (void *), + void *data); typedef struct DBusInitialFDs DBusInitialFDs; DBusInitialFDs *_dbus_check_fdleaks_enter (void); diff --git a/dbus/dbus-message-private.h b/dbus/dbus-message-private.h index e1578abd..a611b095 100644 --- a/dbus/dbus-message-private.h +++ b/dbus/dbus-message-private.h @@ -80,6 +80,8 @@ struct DBusMessageLoader int *unix_fds; /**< File descriptors that have been read from the transport but not yet been handed to any message. Array will be allocated at first use. */ unsigned n_unix_fds_allocated; /**< Number of file descriptors this array has space for */ unsigned n_unix_fds; /**< Number of valid file descriptors in array */ + void (* unix_fds_change) (void *); /**< Notify when the pending fds change */ + void *unix_fds_change_data; #endif }; diff --git a/dbus/dbus-message.c b/dbus/dbus-message.c index 78df7558..3e74fc54 100644 --- a/dbus/dbus-message.c +++ b/dbus/dbus-message.c @@ -35,6 +35,7 @@ #include "dbus-list.h" #include "dbus-threads-internal.h" #ifdef HAVE_UNIX_FD_PASSING +#include "dbus-sysdeps.h" #include "dbus-sysdeps-unix.h" #endif @@ -4058,6 +4059,9 @@ _dbus_message_loader_return_unix_fds(DBusMessageLoader *loader, loader->n_unix_fds += n_fds; loader->unix_fds_outstanding = FALSE; + + if (n_fds && loader->unix_fds_change) + loader->unix_fds_change (loader->unix_fds_change_data); #else _dbus_assert_not_reached("Platform doesn't support unix fd passing"); #endif @@ -4205,6 +4209,9 @@ load_message (DBusMessageLoader *loader, message->n_unix_fds_allocated = message->n_unix_fds = n_unix_fds; loader->n_unix_fds -= n_unix_fds; memmove (loader->unix_fds, loader->unix_fds + n_unix_fds, loader->n_unix_fds * sizeof (loader->unix_fds[0])); + + if (loader->unix_fds_change) + loader->unix_fds_change (loader->unix_fds_change_data); } else message->unix_fds = NULL; @@ -4498,6 +4505,40 @@ _dbus_message_loader_get_max_message_unix_fds (DBusMessageLoader *loader) return loader->max_message_unix_fds; } +/** + * Return how many file descriptors are pending in the loader + * + * @param loader the loader + */ +int +_dbus_message_loader_get_pending_fds_count (DBusMessageLoader *loader) +{ +#ifdef HAVE_UNIX_FD_PASSING + return loader->n_unix_fds; +#else + return 0; +#endif +} + +/** + * Register a function to be called whenever the number of pending file + * descriptors in the loader change. + * + * @param loader the loader + * @param callback the callback + * @param data the data for the callback + */ +void +_dbus_message_loader_set_pending_fds_function (DBusMessageLoader *loader, + void (* callback) (void *), + void *data) +{ +#ifdef HAVE_UNIX_FD_PASSING + loader->unix_fds_change = callback; + loader->unix_fds_change_data = data; +#endif +} + static DBusDataSlotAllocator slot_allocator = _DBUS_DATA_SLOT_ALLOCATOR_INIT (_DBUS_LOCK_NAME (message_slots)); diff --git a/dbus/dbus-server-protected.h b/dbus/dbus-server-protected.h index dd5234b9..e6dbd1e1 100644 --- a/dbus/dbus-server-protected.h +++ b/dbus/dbus-server-protected.h @@ -99,9 +99,8 @@ dbus_bool_t _dbus_server_add_watch (DBusServer *server, DBusWatch *watch); void _dbus_server_remove_watch (DBusServer *server, DBusWatch *watch); -void _dbus_server_toggle_watch (DBusServer *server, - DBusWatch *watch, - dbus_bool_t enabled); +void _dbus_server_toggle_all_watches (DBusServer *server, + dbus_bool_t enabled); dbus_bool_t _dbus_server_add_timeout (DBusServer *server, DBusTimeout *timeout); void _dbus_server_remove_timeout (DBusServer *server, diff --git a/dbus/dbus-server.c b/dbus/dbus-server.c index 19d8590c..c1d5f6e5 100644 --- a/dbus/dbus-server.c +++ b/dbus/dbus-server.c @@ -312,26 +312,17 @@ _dbus_server_remove_watch (DBusServer *server, } /** - * Toggles a watch and notifies app via server's - * DBusWatchToggledFunction if available. It's an error to call this - * function on a watch that was not previously added. + * Toggles all watch and notifies app via server's + * DBusWatchToggledFunction if available. * * @param server the server. - * @param watch the watch to toggle. * @param enabled whether to enable or disable */ void -_dbus_server_toggle_watch (DBusServer *server, - DBusWatch *watch, - dbus_bool_t enabled) +_dbus_server_toggle_all_watches (DBusServer *server, + dbus_bool_t enabled) { - _dbus_assert (watch != NULL); - - HAVE_LOCK_CHECK (server); - protected_change_watch (server, watch, - NULL, NULL, - _dbus_watch_list_toggle_watch, - enabled); + _dbus_watch_list_toggle_all_watches (server->watches, enabled); } /** Function to be called in protected_change_timeout() with refcount held */ diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c index e81e52c3..fe891ab7 100644 --- a/dbus/dbus-sysdeps-unix.c +++ b/dbus/dbus-sysdeps-unix.c @@ -320,6 +320,12 @@ _dbus_read_socket_with_unix_fds (int fd, m.msg_control = alloca(m.msg_controllen); memset(m.msg_control, 0, m.msg_controllen); + /* Do not include the padding at the end when we tell the kernel + * how much we're willing to receive. This avoids getting + * the padding filled with additional fds that we weren't expecting, + * if a (potentially malicious) sender included them. (fd.o #83622) */ + m.msg_controllen = CMSG_LEN (*n_fds * sizeof(int)); + again: bytes_read = recvmsg(fd, &m, 0 @@ -359,18 +365,49 @@ _dbus_read_socket_with_unix_fds (int fd, for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm)) if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS) { - unsigned i; - - _dbus_assert(cm->cmsg_len <= CMSG_LEN(*n_fds * sizeof(int))); - *n_fds = (cm->cmsg_len - CMSG_LEN(0)) / sizeof(int); + size_t i; + int *payload = (int *) CMSG_DATA (cm); + size_t payload_len_bytes = (cm->cmsg_len - CMSG_LEN (0)); + size_t payload_len_fds = payload_len_bytes / sizeof (int); + size_t fds_to_use; + + /* Every non-negative int fits in a size_t without truncation, + * and we already know that *n_fds is non-negative, so + * casting (size_t) *n_fds is OK */ + _DBUS_STATIC_ASSERT (sizeof (size_t) >= sizeof (int)); + + if (_DBUS_LIKELY (payload_len_fds <= (size_t) *n_fds)) + { + /* The fds in the payload will fit in our buffer */ + fds_to_use = payload_len_fds; + } + else + { + /* Too many fds in the payload. This shouldn't happen + * any more because we're setting m.msg_controllen to + * the exact number we can accept, but be safe and + * truncate. */ + fds_to_use = (size_t) *n_fds; + + /* Close the excess fds to avoid DoS: if they stayed open, + * someone could send us an extra fd per message + * and we'd eventually run out. */ + for (i = fds_to_use; i < payload_len_fds; i++) + { + close (payload[i]); + } + } - memcpy(fds, CMSG_DATA(cm), *n_fds * sizeof(int)); + memcpy (fds, payload, fds_to_use * sizeof (int)); found = TRUE; + /* This cannot overflow because we have chosen fds_to_use + * to be <= *n_fds */ + *n_fds = (int) fds_to_use; /* Linux doesn't tell us whether MSG_CMSG_CLOEXEC actually worked, hence we need to go through this list and set CLOEXEC everywhere in any case */ - for (i = 0; i < *n_fds; i++) + for (i = 0; i < fds_to_use; i++) _dbus_fd_set_close_on_exec(fds[i]); break; diff --git a/dbus/dbus-sysdeps.h b/dbus/dbus-sysdeps.h index 21033ebf..47ba2f43 100644 --- a/dbus/dbus-sysdeps.h +++ b/dbus/dbus-sysdeps.h @@ -558,6 +558,14 @@ void _dbus_request_file_descriptor_limit (unsigned int limit); const char * _dbus_replace_install_prefix (const char *configure_time_path); +/* Do not set this too high: it is a denial-of-service risk. + * See + * + * (This needs to be in the non-Unix-specific header so that + * the config-parser can use it.) + */ +#define DBUS_DEFAULT_MESSAGE_UNIX_FDS 16 + /** @} */ DBUS_END_DECLS diff --git a/dbus/dbus-transport.c b/dbus/dbus-transport.c index ecc31827..f63e0ced 100644 --- a/dbus/dbus-transport.c +++ b/dbus/dbus-transport.c @@ -1512,6 +1512,33 @@ _dbus_transport_set_allow_anonymous (DBusTransport *transport, transport->allow_anonymous = value != FALSE; } +/** + * Return how many file descriptors are pending in the loader + * + * @param transport the transport + */ +int +_dbus_transport_get_pending_fds_count (DBusTransport *transport) +{ + return _dbus_message_loader_get_pending_fds_count (transport->loader); +} + +/** + * Register a function to be called whenever the number of pending file + * descriptors in the loader change. + * + * @param transport the transport + * @param callback the callback + */ +void +_dbus_transport_set_pending_fds_function (DBusTransport *transport, + void (* callback) (void *), + void *data) +{ + _dbus_message_loader_set_pending_fds_function (transport->loader, + callback, data); +} + #ifdef DBUS_ENABLE_STATS void _dbus_transport_get_stats (DBusTransport *transport, diff --git a/dbus/dbus-transport.h b/dbus/dbus-transport.h index 80fa24ef..39c74c46 100644 --- a/dbus/dbus-transport.h +++ b/dbus/dbus-transport.h @@ -97,6 +97,10 @@ dbus_bool_t _dbus_transport_set_auth_mechanisms (DBusTransport const char **mechanisms); void _dbus_transport_set_allow_anonymous (DBusTransport *transport, dbus_bool_t value); +int _dbus_transport_get_pending_fds_count (DBusTransport *transport); +void _dbus_transport_set_pending_fds_function (DBusTransport *transport, + void (* callback) (void *), + void *data); /* if DBUS_ENABLE_STATS */ void _dbus_transport_get_stats (DBusTransport *transport, diff --git a/dbus/dbus-watch.c b/dbus/dbus-watch.c index b82c57d4..76a5d641 100644 --- a/dbus/dbus-watch.c +++ b/dbus/dbus-watch.c @@ -454,6 +454,27 @@ _dbus_watch_list_toggle_watch (DBusWatchList *watch_list, } } +/** + * Sets all watches to the given enabled state, invoking the + * application's DBusWatchToggledFunction if appropriate. + * + * @param watch_list the watch list. + * @param enabled #TRUE to enable + */ +void +_dbus_watch_list_toggle_all_watches (DBusWatchList *watch_list, + dbus_bool_t enabled) +{ + DBusList *link; + + for (link = _dbus_list_get_first_link (&watch_list->watches); + link != NULL; + link = _dbus_list_get_next_link (&watch_list->watches, link)) + { + _dbus_watch_list_toggle_watch (watch_list, link->data, enabled); + } +} + /** * Sets the handler for the watch. * diff --git a/dbus/dbus-watch.h b/dbus/dbus-watch.h index c5832141..321740ed 100644 --- a/dbus/dbus-watch.h +++ b/dbus/dbus-watch.h @@ -76,6 +76,8 @@ void _dbus_watch_list_remove_watch (DBusWatchList *watch_li void _dbus_watch_list_toggle_watch (DBusWatchList *watch_list, DBusWatch *watch, dbus_bool_t enabled); +void _dbus_watch_list_toggle_all_watches (DBusWatchList *watch_list, + dbus_bool_t enabled); dbus_bool_t _dbus_watch_get_enabled (DBusWatch *watch); dbus_bool_t _dbus_watch_get_oom_last_time (DBusWatch *watch); diff --git a/doc/Makefile.in b/doc/Makefile.in index 89d952da..a48c7e5a 100644 --- a/doc/Makefile.in +++ b/doc/Makefile.in @@ -210,7 +210,6 @@ DBUS_USER = @DBUS_USER@ DBUS_VERSION = @DBUS_VERSION@ DBUS_X_CFLAGS = @DBUS_X_CFLAGS@ DBUS_X_LIBS = @DBUS_X_LIBS@ -DEFAULT_MESSAGE_UNIX_FDS = @DEFAULT_MESSAGE_UNIX_FDS@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ @@ -667,8 +666,8 @@ distclean-generic: maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@DBUS_DOXYGEN_DOCS_ENABLED_FALSE@uninstall-local: @DBUS_DOXYGEN_DOCS_ENABLED_FALSE@install-data-local: +@DBUS_DOXYGEN_DOCS_ENABLED_FALSE@uninstall-local: clean: clean-am clean-am: clean-generic clean-libtool clean-local mostlyclean-am diff --git a/doc/dbus-daemon.1.xml.in b/doc/dbus-daemon.1.xml.in index 7b7f4a1b..cd7942c3 100644 --- a/doc/dbus-daemon.1.xml.in +++ b/doc/dbus-daemon.1.xml.in @@ -528,6 +528,10 @@ Available limit names are: "auth_timeout" : milliseconds (thousandths) a connection is given to authenticate + "pending_fd_timeout" : milliseconds (thousandths) a + fd is given to be transmitted to + dbus-daemon before disconnecting the + connection "max_completed_connections" : max number of authenticated connections "max_incomplete_connections" : max number of unauthenticated connections diff --git a/ltmain.sh b/ltmain.sh index bb5fa024..3fd54dfa 100644 --- a/ltmain.sh +++ b/ltmain.sh @@ -70,7 +70,7 @@ # compiler: $LTCC # compiler flags: $LTCFLAGS # linker: $LD (gnu? $with_gnu_ld) -# $progname: (GNU libtool) 2.4.2 Debian-2.4.2-1.7 +# $progname: (GNU libtool) 2.4.2 Debian-2.4.2-1.10 # automake: $automake_version # autoconf: $autoconf_version # @@ -80,7 +80,7 @@ PROGRAM=libtool PACKAGE=libtool -VERSION="2.4.2 Debian-2.4.2-1.7" +VERSION="2.4.2 Debian-2.4.2-1.10" TIMESTAMP="" package_revision=1.3337 diff --git a/test/Makefile.in b/test/Makefile.in index df19f01b..d8fc34a2 100644 --- a/test/Makefile.in +++ b/test/Makefile.in @@ -624,7 +624,6 @@ DBUS_USER = @DBUS_USER@ DBUS_VERSION = @DBUS_VERSION@ DBUS_X_CFLAGS = @DBUS_X_CFLAGS@ DBUS_X_LIBS = @DBUS_X_LIBS@ -DEFAULT_MESSAGE_UNIX_FDS = @DEFAULT_MESSAGE_UNIX_FDS@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ diff --git a/test/name-test/Makefile.in b/test/name-test/Makefile.in index 5d037d60..466bd54d 100644 --- a/test/name-test/Makefile.in +++ b/test/name-test/Makefile.in @@ -458,7 +458,6 @@ DBUS_USER = @DBUS_USER@ DBUS_VERSION = @DBUS_VERSION@ DBUS_X_CFLAGS = @DBUS_X_CFLAGS@ DBUS_X_LIBS = @DBUS_X_LIBS@ -DEFAULT_MESSAGE_UNIX_FDS = @DEFAULT_MESSAGE_UNIX_FDS@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ diff --git a/test/test-segfault.c b/test/test-segfault.c index 329a21fd..c062ce1c 100644 --- a/test/test-segfault.c +++ b/test/test-segfault.c @@ -9,18 +9,34 @@ #include #endif +#ifdef HAVE_SYS_PRCTL_H +#include +#endif + int main (int argc, char **argv) { char *p; #if HAVE_SETRLIMIT + /* No core dumps please, we know we crashed. */ struct rlimit r = { 0, }; getrlimit (RLIMIT_CORE, &r); r.rlim_cur = 0; setrlimit (RLIMIT_CORE, &r); - +#endif + +#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) + /* Really, no core dumps please. On Linux, if core_pattern is + * set to a pipe (for abrt/apport/corekeeper/etc.), RLIMIT_CORE of 0 + * is ignored (deliberately, so people can debug init(8) and other + * early stuff); but Linux has PR_SET_DUMPABLE, so we can avoid core + * dumps anyway. */ + prctl (PR_SET_DUMPABLE, 0, 0, 0, 0); +#endif + +#ifdef HAVE_RAISE raise (SIGSEGV); #endif p = NULL; diff --git a/tools/Makefile.in b/tools/Makefile.in index a7f70a65..dd562f10 100644 --- a/tools/Makefile.in +++ b/tools/Makefile.in @@ -259,7 +259,6 @@ DBUS_USER = @DBUS_USER@ DBUS_VERSION = @DBUS_VERSION@ DBUS_X_CFLAGS = @DBUS_X_CFLAGS@ DBUS_X_LIBS = @DBUS_X_LIBS@ -DEFAULT_MESSAGE_UNIX_FDS = @DEFAULT_MESSAGE_UNIX_FDS@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ -- cgit v1.2.3