Permalink
Switch branches/tags
Commits on Dec 12, 2017
  1. spec: Document the design principle that new headers must be asked for

    smcv committed Dec 12, 2017
    Signed-off-by: Simon McVittie <smcv@collabora.com>
  2. tests: Assert that dbus-daemon filters unknown header fields

    smcv committed Dec 12, 2017
    Signed-off-by: Simon McVittie <smcv@collabora.com>
  3. dbus-daemon: Filter out unknown header fields

    smcv committed Dec 12, 2017
    Signed-off-by: Simon McVittie <smcv@collabora.com>
  4. header-fields test: Exercise _dbus_message_remove_unknown_fields

    smcv committed Dec 12, 2017
    Signed-off-by: Simon McVittie <smcv@collabora.com>
  5. _dbus_message_remove_unknown_fields: Add

    smcv committed Dec 12, 2017
    Signed-off-by: Simon McVittie <smcv@collabora.com>
  6. Add a test for header fields

    smcv committed Nov 27, 2017
    Signed-off-by: Simon McVittie <smcv@collabora.com>
  7. spec: Recommend that relaying servers filter header fields

    smcv committed Dec 11, 2017
    This is an interpretation of the existing text. There are two plausible
    ways a relaying server could interpret "must ignore [new] fields":
    it could pass them through as-is, or it could delete them before
    relaying. Until now, the reference implementation has done the former.
    
    However, this behaviour is difficult to defend. If a server relays
    messages without filtering out header fields that it doesn't
    understand, then a client can't know whether the header field was
    supplied by the server, or whether it was supplied by a (possibly
    malicious) fellow client.
    
    We can't introduce useful round-trip-reducing header fields like
    SENDER_UNIX_USER_ID or SENDER_LINUX_SECURITY_LABEL until the
    message bus filters them out, *and* provides a way for clients to
    know for sure that it has done so. This is a step towards that
    feature.
    
    Signed-off-by: Simon McVittie <smcv@collabora.com>
  8. spec: Allow non-message-bus servers to use SENDER and DESTINATION

    smcv committed Dec 11, 2017
    The Telepathy "Tubes" APIs are an example of a server that is not a
    message bus, but makes use of the sender and destination fields to
    provide broadly unique-connection-name-like semantics.
    
    Signed-off-by: Simon McVittie <smcv@collabora.com>
  9. spec: Describe the EXTERNAL and ANONYMOUS auth mechanisms

    smcv committed Dec 12, 2017
    These are defined by standard RFCs rather than by D-Bus. What
    separates them from other standard mechanisms like	PLAIN (RFC 4616)
    is that in practice, D-Bus implementations support EXTERNAL,
    DBUS_COOKIE_SHA1 and sometimes ANONYMOUS, but not PLAIN.
    
    Signed-off-by: Simon McVittie <smcv@collabora.com>
  10. spec: Make example authentication transactions more realistic

    smcv committed Dec 12, 2017
    We don't need to invent a MAGIC_COOKIE mechanism when we have a
    perfectly good EXTERNAL.
    
    Signed-off-by: Simon McVittie <smcv@collabora.com>
  11. spec: Define what non-empty authorization identity strings mean

    smcv committed Dec 12, 2017
    The SASL RFC requires that we do this. I had previously thought that
    the D-Bus protocol on Unix requires the use of numeric user IDs,
    but in fact the reference implementation will also accept usernames.
    
    Signed-off-by: Simon McVittie <smcv@collabora.com>
  12. spec: ERROR takes an optional explanation in both directions

    smcv committed Dec 11, 2017
    The examples don't include an explanation, but the reference
    implementation always sends the human-readable explanation, in both
    directions.
    
    Signed-off-by: Simon McVittie <smcv@collabora.com>
  13. spec: Document NEGOTIATE_UNIX_FD, AGREE_UNIX_FD in state machines

    smcv committed Dec 11, 2017
    Signed-off-by: Simon McVittie <smcv@collabora.com>
  14. spec: Document expected reply for each client-to-server auth command

    smcv committed Dec 12, 2017
    Client-to-server auth commands expect a reply, whereas
    server-to-client auth commands don't (the client is expected to send
    another command that is valid in the new state, but it isn't really
    a direct reply to the server-to-client command).
    
    Signed-off-by: Simon McVittie <smcv@collabora.com>
  15. spec: Document the direction of each auth command

    smcv committed Dec 12, 2017
    Signed-off-by: Simon McVittie <smcv@collabora.com>
  16. spec: Move text about the BEGIN command to documentation of BEGIN

    smcv committed Dec 11, 2017
    Having the text about the message stream in the documentation
    of AUTH seemed rather odd, and made it likely to get out of sync
    with the rest of the spec. Move it to the BEGIN section, remove
    some duplication, and make it clearer that if the client pipelines
    the fd-negotiation, the server is expected to send exactly one
    reply per non-BEGIN command before switching to the D-Bus wire protocol.
    
    Signed-off-by: Simon McVittie <smcv@collabora.com>
  17. spec: Explicitly say that auth client and server take turns

    smcv committed Dec 12, 2017
    This was (hopefully) implicit in the protocol descriptions, but we
    never actually said it. Do so.
    
    Signed-off-by: Simon McVittie <smcv@collabora.com>
Commits on Dec 4, 2017
  1. _dbus_test_oom_handling: print TAP diagnostics

    smcv committed Nov 28, 2017
    These aren't *that* verbose, so it seems OK to print them all the time,
    not just in the needlessly spammy verbose mode.
    
    Bug: https://bugs.freedesktop.org/show_bug.cgi?id=100317
    Reviewed-by: Philip Withnall <withnall@endlessm.com>
    Signed-off-by: Simon McVittie <smcv@collabora.com>
  2. tests: Add the ability to multiply up test timeouts

    smcv committed Nov 27, 2017
    Tests that brute-force OOM code paths can be rather slow.
    
    Bug: https://bugs.freedesktop.org/show_bug.cgi?id=100317
    Reviewed-by: Philip Withnall <withnall@endlessm.com>
    Signed-off-by: Simon McVittie <smcv@collabora.com>
  3. test-utils: Separate failable and non-failable functions

    smcv committed Nov 27, 2017
    test_object_try_whatever() now has libdbus-like OOM handling,
    while test_object_whatever() has GLib-like OOM handling. This is
    because an overwhelming majority of the callers of these functions
    either didn't check for OOM anyway, or checked for it but then
    aborted. In the uncommon case where we do care, we can use the _try_
    version.
    
    Bug: https://bugs.freedesktop.org/show_bug.cgi?id=100317
    Reviewed-by: Philip Withnall <withnall@endlessm.com>
    Signed-off-by: Simon McVittie <smcv@collabora.com>
  4. test_connection_setup: Don't crash on unlikely OOM

    smcv committed Nov 27, 2017
    If _dbus_loop_queue_dispatch fails with OOM, we'd try to free cd,
    while cd is already owned by the connection's timeout functions.
    
    Bug: https://bugs.freedesktop.org/show_bug.cgi?id=100317
    Reviewed-by: Philip Withnall <withnall@endlessm.com>
    Signed-off-by: Simon McVittie <smcv@collabora.com>
  5. test_try_connect_to_bus: Cope with OOM while setting up connection

    smcv committed Nov 27, 2017
    Bug: https://bugs.freedesktop.org/show_bug.cgi?id=100317
    Reviewed-by: Philip Withnall <withnall@endlessm.com>
    Signed-off-by: Simon McVittie <smcv@collabora.com>
  6. test_try_connect_to_bus: Don't leak the connection on OOM

    smcv committed Nov 27, 2017
    Bug: https://bugs.freedesktop.org/show_bug.cgi?id=100317
    Reviewed-by: Philip Withnall <withnall@endlessm.com>
    Signed-off-by: Simon McVittie <smcv@collabora.com>
  7. dbus_message_demarshal: Set error if we can't allocate the loader

    smcv committed Nov 27, 2017
    Bug: https://bugs.freedesktop.org/show_bug.cgi?id=100317
    Reviewed-by: Philip Withnall <withnall@endlessm.com>
    Signed-off-by: Simon McVittie <smcv@collabora.com>
  8. DBusHeader: Add a diagram of the header

    smcv committed Nov 21, 2017
    Bug: https://bugs.freedesktop.org/show_bug.cgi?id=100317
    Reviewed-by: Philip Withnall <withnall@endlessm.com>
    Signed-off-by: Simon McVittie <smcv@collabora.com>
  9. _dbus_header_load: Operate on the entire string, not a substring

    smcv committed Dec 1, 2017
    This function worked with a (string,position,length) triple, but it
    turns out to only have one caller, which tells it to look at the
    entire string anyway. It'll be easier to document if all the offsets
    start from 0.
    
    Bug: https://bugs.freedesktop.org/show_bug.cgi?id=100317
    Reviewed-by: Philip Withnall <withnall@endlessm.com>
    Signed-off-by: Simon McVittie <smcv@collabora.com>
Commits on Nov 27, 2017
  1. _dbus_server_new_for_socket: Iterate over arrays as intended

    smcv committed Nov 27, 2017
    Commit 0c03b50 was meant to clear all the fds indexed by j in
    [0, n_fds), which socket_disconnect() can't be allowed to close
    (because on failure the caller remains responsible for closing them);
    but instead it closed the one we failed to add to the main loop
    (fd i), repeatedly.
    
    Similarly, it was meant to invalidate all the watches indexed by j
    in [i, n_fds) (the one we failed to add to the main loop and the ones
    we didn't try to add to the main loop yet), which socket_disconnect()
    can't be allowed to see (because it would fail to remove them from
    the main loop and hit an assertion failure); but instead it invalidated
    fd i, repeatedly.
    
    These happen to be the same thing if you only have one fd, resulting
    in the test-case passing on an IPv4-only system, but failing on a
    system with both IPv4 and IPv6.
    
    Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89104
    Signed-off-by: Simon McVittie <smcv@collabora.com>
    Reviewed-by: Philip Withnall <withnall@endlessm.com>
Commits on Nov 24, 2017
  1. NEWS for 1.13.x

    smcv committed Nov 24, 2017
    Signed-off-by: Simon McVittie <smcv@collabora.com>
  2. tests: Use test_main_context_call_and_wait

    smcv committed Nov 21, 2017
    Also use test_oom() where the relevant lines are changing anyway.
    
    Signed-off-by: Simon McVittie <smcv@collabora.com>
    Reviewed-by: Philip Withnall <withnall@endlessm.com>
    Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103600
  3. test_main_context_call_and_wait: Add

    smcv committed Nov 21, 2017
    Signed-off-by: Simon McVittie <smcv@collabora.com>
    Reviewed-by: Philip Withnall <withnall@endlessm.com>
    Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103600
  4. test-utils: Use TAP syntax to die with a fatal error

    smcv committed Nov 21, 2017
    Signed-off-by: Simon McVittie <smcv@collabora.com>
    Reviewed-by: Philip Withnall <withnall@endlessm.com>
    Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103600
  5. tests: Don't use the same variable for call and reply

    smcv committed Nov 21, 2017
    It seemed like a nice idea at the time, but I now think it's more
    confusing than it's worth.
    
    Signed-off-by: Simon McVittie <smcv@collabora.com>
    Reviewed-by: Philip Withnall <withnall@endlessm.com>
    Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103600
  6. test/sd-activation: Make more use of dbus_clear_message()

    smcv committed Nov 21, 2017
    Signed-off-by: Simon McVittie <smcv@collabora.com>
    Reviewed-by: Philip Withnall <withnall@endlessm.com>
    Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103600
  7. tests: Don't leak pending calls

    smcv committed Nov 21, 2017
    Signed-off-by: Simon McVittie <smcv@collabora.com>
    Reviewed-by: Philip Withnall <withnall@endlessm.com>
    Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103600
  8. test/dbus-daemon: Don't leak method call messages if we skip tests

    smcv committed Nov 21, 2017
    Signed-off-by: Simon McVittie <smcv@collabora.com>
    Reviewed-by: Philip Withnall <withnall@endlessm.com>
    Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103600