rpms/dbus/devel dbus-1.2.8-syslog.patch, NONE, 1.1 dbus.spec, 1.156, 1.157
Colin Walters
walters at fedoraproject.org
Wed Dec 10 19:41:53 UTC 2008
- Previous message (by thread): rpms/eclipse-changelog/F-10 .cvsignore, 1.19, 1.20 eclipse-changelog.spec, 1.72, 1.73 fetch-changelog.sh, 1.1, 1.2 sources, 1.28, 1.29
- Next message (by thread): rpms/kdebase-workspace/devel kdebase-workspace-4.1.82-redhat-startkde.patch, NONE, 1.1 .cvsignore, 1.21, 1.22 kdebase-workspace.spec, 1.147, 1.148 sources, 1.26, 1.27 kdebase-workspace-4.1.72-redhat-startkde.patch, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: walters
Update of /cvs/pkgs/rpms/dbus/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv12219
Modified Files:
dbus.spec
Added Files:
dbus-1.2.8-syslog.patch
Log Message:
* Wed Dec 10 2008 Colin Walters <walters at redhat.com> - 1.2.8-3
- Add back working syslog patch
dbus-1.2.8-syslog.patch:
--- NEW FILE dbus-1.2.8-syslog.patch ---
>From cde84d96106bd005a98d064fe392301ba1f87743 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters at verbum.org>
Date: Wed, 10 Dec 2008 14:17:02 -0500
Subject: [PATCH] Add syslog of security denials and configuration file reloads
We need to start logging denials so that they become more easily trackable
and debuggable.
---
bus/bus.c | 41 +++++++++++++++++++++++++++++++----------
bus/main.c | 1 +
dbus/dbus-sysdeps-unix.c | 1 -
dbus/dbus-sysdeps-util-unix.c | 38 ++++++++++++++++++++++++++++++++++++++
dbus/dbus-sysdeps.h | 3 +++
5 files changed, 73 insertions(+), 11 deletions(-)
diff --git a/bus/bus.c b/bus/bus.c
index 42cc295..8d7879a 100644
--- a/bus/bus.c
+++ b/bus/bus.c
@@ -834,6 +834,7 @@ bus_context_reload_config (BusContext *context,
}
ret = TRUE;
+ _dbus_log_info ("Reloaded configuration\n");
failed:
if (parser != NULL)
bus_config_parser_unref (parser);
@@ -1315,13 +1316,13 @@ bus_context_check_security_policy (BusContext *context,
message))
{
const char *dest;
+ const char *msg = "A security policy in place prevents this sender "
+ "from sending this message to this recipient, "
+ "see message bus configuration file (rejected message "
+ "had interface \"%s\" member \"%s\" error name \"%s\" destination \"%s\")";
dest = dbus_message_get_destination (message);
- dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
- "A security policy in place prevents this sender "
- "from sending this message to this recipient, "
- "see message bus configuration file (rejected message "
- "had interface \"%s\" member \"%s\" error name \"%s\" destination \"%s\")",
+ dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg,
dbus_message_get_interface (message) ?
dbus_message_get_interface (message) : "(unset)",
dbus_message_get_member (message) ?
@@ -1329,6 +1330,15 @@ bus_context_check_security_policy (BusContext *context,
dbus_message_get_error_name (message) ?
dbus_message_get_error_name (message) : "(unset)",
dest ? dest : DBUS_SERVICE_DBUS);
+ /* Needs to be duplicated to avoid calling malloc and having to handle OOM */
+ _dbus_log_security (msg,
+ dbus_message_get_interface (message) ?
+ dbus_message_get_interface (message) : "(unset)",
+ dbus_message_get_member (message) ?
+ dbus_message_get_member (message) : "(unset)",
+ dbus_message_get_error_name (message) ?
+ dbus_message_get_error_name (message) : "(unset)",
+ dest ? dest : DBUS_SERVICE_DBUS);
_dbus_verbose ("security policy disallowing message due to sender policy\n");
return FALSE;
}
@@ -1341,14 +1351,14 @@ bus_context_check_security_policy (BusContext *context,
addressed_recipient, proposed_recipient,
message))
{
+ const char *msg = "A security policy in place prevents this recipient "
+ "from receiving this message from this sender, "
+ "see message bus configuration file (rejected message "
+ "had interface \"%s\" member \"%s\" error name \"%s\" destination \"%s\" reply serial %u requested_reply=%d)";
const char *dest;
dest = dbus_message_get_destination (message);
- dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
- "A security policy in place prevents this recipient "
- "from receiving this message from this sender, "
- "see message bus configuration file (rejected message "
- "had interface \"%s\" member \"%s\" error name \"%s\" destination \"%s\" reply serial %u requested_reply=%d)",
+ dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg,
dbus_message_get_interface (message) ?
dbus_message_get_interface (message) : "(unset)",
dbus_message_get_member (message) ?
@@ -1358,6 +1368,17 @@ bus_context_check_security_policy (BusContext *context,
dest ? dest : DBUS_SERVICE_DBUS,
dbus_message_get_reply_serial (message),
requested_reply);
+ /* Needs to be duplicated to avoid calling malloc and having to handle OOM */
+ _dbus_log_security (error, DBUS_ERROR_ACCESS_DENIED, msg,
+ dbus_message_get_interface (message) ?
+ dbus_message_get_interface (message) : "(unset)",
+ dbus_message_get_member (message) ?
+ dbus_message_get_member (message) : "(unset)",
+ dbus_message_get_error_name (message) ?
+ dbus_message_get_error_name (message) : "(unset)",
+ dest ? dest : DBUS_SERVICE_DBUS,
+ dbus_message_get_reply_serial (message),
+ requested_reply);
_dbus_verbose ("security policy disallowing message due to recipient policy\n");
return FALSE;
}
diff --git a/bus/main.c b/bus/main.c
index 51538fe..23ebb3e 100644
--- a/bus/main.c
+++ b/bus/main.c
@@ -178,6 +178,7 @@ handle_reload_watch (DBusWatch *watch,
dbus_error_has_name (&error, DBUS_ERROR_NO_MEMORY));
_dbus_warn ("Unable to reload configuration: %s\n",
error.message);
+ _dbus_log_info ("Unable to reload configuration: %s\n", error.message);
dbus_error_free (&error);
}
return TRUE;
diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
index fb40d5a..01516a1 100644
--- a/dbus/dbus-sysdeps-unix.c
+++ b/dbus/dbus-sysdeps-unix.c
@@ -2786,7 +2786,6 @@ _dbus_full_duplex_pipe (int *fd1,
#endif
}
-
/**
* Measure the length of the given format string and arguments,
* not including the terminating nul.
diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c
index d8718c2..0b0badd 100644
--- a/dbus/dbus-sysdeps-util-unix.c
+++ b/dbus/dbus-sysdeps-util-unix.c
@@ -456,6 +456,44 @@ _dbus_change_to_daemon_user (const char *user,
return FALSE;
}
+/**
+ * Log an informative message. Intended for use primarily by
+ * the system bus.
+ *
+ * @param msg a printf-style format string
+ * @param args arguments for the format string
+ */
+void
+_dbus_log_info (const char *msg, ...)
+{
+ va_list args;
+
+ va_start (args, msg);
+
+ vsyslog (LOG_DAEMON|LOG_NOTICE, msg, args);
+
+ va_end (args);
+}
+
+/**
+ * Log a security-related message. Intended for use primarily by
+ * the system bus.
+ *
+ * @param msg a printf-style format string
+ * @param args arguments for the format string
+ */
+void
+_dbus_log_security (const char *msg, ...)
+{
+ va_list args;
+
+ va_start (args, msg);
+
+ vsyslog (LOG_AUTH|LOG_NOTICE, msg, args);
+
+ va_end (args);
+}
+
/** Installs a UNIX signal handler
*
* @param sig the signal to handle
diff --git a/dbus/dbus-sysdeps.h b/dbus/dbus-sysdeps.h
index 469b5e5..1a67d0c 100644
--- a/dbus/dbus-sysdeps.h
+++ b/dbus/dbus-sysdeps.h
@@ -421,6 +421,9 @@ void _dbus_set_signal_handler (int sig,
dbus_bool_t _dbus_user_at_console (const char *username,
DBusError *error);
+void _dbus_log_info (const char *msg, ...);
+void _dbus_log_security (const char *msg, ...);
+
/* Define DBUS_VA_COPY() to do the right thing for copying va_list variables.
* config.h may have already defined DBUS_VA_COPY as va_copy or __va_copy.
*/
--
1.6.0.4
Index: dbus.spec
===================================================================
RCS file: /cvs/pkgs/rpms/dbus/devel/dbus.spec,v
retrieving revision 1.156
retrieving revision 1.157
diff -u -r1.156 -r1.157
--- dbus.spec 9 Dec 2008 16:24:29 -0000 1.156
+++ dbus.spec 10 Dec 2008 19:41:23 -0000 1.157
@@ -8,7 +8,7 @@
Summary: D-BUS message bus
Name: dbus
Version: 1.2.8
-Release: 2%{?dist}
+Release: 3%{?dist}
URL: http://www.freedesktop.org/software/dbus/
Source0: http://dbus.freedesktop.org/releases/dbus/%{name}-%{version}.tar.gz
Source1: doxygen_to_devhelp.xsl
@@ -40,6 +40,7 @@
Patch0: start-early.patch
Patch1: dbus-1.0.1-generate-xml-docs.patch
Patch6: dbus-1.2.1-increase-timeout.patch
+Patch7: dbus-1.2.8-syslog.patch
%description
D-BUS is a system for sending messages between applications. It is
@@ -94,6 +95,7 @@
%patch0 -p1 -b .start-early
%patch1 -p1 -b .generate-xml-docs
%patch6 -p1 -b .increase-timeout
+%patch7 -p1 -b .syslog
autoreconf -f -i
@@ -225,6 +227,9 @@
%{_includedir}/*
%changelog
+* Wed Dec 10 2008 Colin Walters <walters at redhat.com> - 1.2.8-3
+- Add back working syslog patch
+
* Tue Dec 09 2008 Colin Walters <walters at redhat.com> - 1.2.8-2
- Remove accidentally added syslog patch
- Previous message (by thread): rpms/eclipse-changelog/F-10 .cvsignore, 1.19, 1.20 eclipse-changelog.spec, 1.72, 1.73 fetch-changelog.sh, 1.1, 1.2 sources, 1.28, 1.29
- Next message (by thread): rpms/kdebase-workspace/devel kdebase-workspace-4.1.82-redhat-startkde.patch, NONE, 1.1 .cvsignore, 1.21, 1.22 kdebase-workspace.spec, 1.147, 1.148 sources, 1.26, 1.27 kdebase-workspace-4.1.72-redhat-startkde.patch, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list