X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?a=blobdiff_plain;f=meta-security%2Frecipes-core%2Fdbus-cynara%2Fdbus-cynara%2F0001-Integration-of-Cynara-asynchronous-security-checks.patch;h=3dbfa8a887cef2d7edf4351a3e9110f89b999432;hb=3045563d9eb21cfa7450a911dc038f1ee9710de0;hp=6a7e8a39d985516b319225e63b351b316f1cb012;hpb=d7489cff0cbc5937951759c3d8f30da6a47771f4;p=AGL%2Fmeta-agl.git diff --git a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0001-Integration-of-Cynara-asynchronous-security-checks.patch b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0001-Integration-of-Cynara-asynchronous-security-checks.patch index 6a7e8a39d..3dbfa8a88 100644 --- a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0001-Integration-of-Cynara-asynchronous-security-checks.patch +++ b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0001-Integration-of-Cynara-asynchronous-security-checks.patch @@ -1,7 +1,7 @@ -From 8f69153081140fa4c347ab1729c348ec77b309ec Mon Sep 17 00:00:00 2001 +From 6c498a9b0f4122d1ac49d603f9968b6d85830cdb Mon Sep 17 00:00:00 2001 From: Jacek Bukarewicz Date: Thu, 27 Nov 2014 18:11:05 +0100 -Subject: [PATCH 1/5] Integration of Cynara asynchronous security checks +Subject: Integration of Cynara asynchronous security checks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -19,46 +19,17 @@ Currently such return value results in message denial. Cherry picked from 4dcfb02f17247ff9de966b62182cd2e08f301238 by José Bollo. +Updated for dbus 1.10.20 by Scott Murray and José Bollo + Change-Id: I9bcbce34577e5dc2a3cecf6233a0a2b0e43e1108 Signed-off-by: José Bollo ---- - bus/Makefile.am | 6 + - bus/bus.c | 136 +++++--- - bus/bus.h | 32 +- - bus/check.c | 217 ++++++++++++ - bus/check.h | 68 ++++ - bus/config-parser-common.c | 6 + - bus/config-parser-common.h | 1 + - bus/config-parser.c | 71 +++- - bus/connection.c | 56 ++- - bus/connection.h | 4 + - bus/cynara.c | 374 +++++++++++++++++++++ - bus/cynara.h | 37 ++ - bus/dispatch.c | 44 ++- - bus/policy.c | 193 +++++++---- - bus/policy.h | 51 ++- - configure.ac | 12 + - test/Makefile.am | 1 + - test/data/invalid-config-files/badcheck-1.conf | 9 + - test/data/invalid-config-files/badcheck-2.conf | 9 + - test/data/valid-config-files/check-1.conf | 9 + - .../valid-config-files/debug-check-some.conf.in | 18 + - tools/dbus-send.c | 2 +- - 22 files changed, 1193 insertions(+), 163 deletions(-) - create mode 100644 bus/check.c - create mode 100644 bus/check.h - create mode 100644 bus/cynara.c - create mode 100644 bus/cynara.h - create mode 100644 test/data/invalid-config-files/badcheck-1.conf - create mode 100644 test/data/invalid-config-files/badcheck-2.conf - create mode 100644 test/data/valid-config-files/check-1.conf - create mode 100644 test/data/valid-config-files/debug-check-some.conf.in +Signed-off-by: Scott Murray diff --git a/bus/Makefile.am b/bus/Makefile.am -index 33af09b0..3f57cc48 100644 +index 9ae3071..46afb31 100644 --- a/bus/Makefile.am +++ b/bus/Makefile.am -@@ -9,6 +9,7 @@ DBUS_BUS_LIBS = \ +@@ -13,6 +13,7 @@ DBUS_BUS_LIBS = \ $(THREAD_LIBS) \ $(ADT_LIBS) \ $(NETWORK_libs) \ @@ -66,7 +37,7 @@ index 33af09b0..3f57cc48 100644 $(NULL) DBUS_LAUNCHER_LIBS = \ -@@ -24,6 +25,7 @@ AM_CPPFLAGS = \ +@@ -30,6 +31,7 @@ AM_CPPFLAGS = \ $(APPARMOR_CFLAGS) \ -DDBUS_SYSTEM_CONFIG_FILE=\""$(dbusdatadir)/system.conf"\" \ -DDBUS_COMPILATION \ @@ -74,15 +45,16 @@ index 33af09b0..3f57cc48 100644 $(NULL) # if assertions are enabled, improve backtraces -@@ -82,12 +84,16 @@ BUS_SOURCES= \ +@@ -90,6 +92,8 @@ BUS_SOURCES= \ audit.h \ bus.c \ bus.h \ + check.c \ + check.h \ + config-loader-expat.c \ config-parser.c \ config-parser.h \ - config-parser-common.c \ +@@ -97,6 +101,8 @@ BUS_SOURCES= \ config-parser-common.h \ connection.c \ connection.h \ @@ -91,19 +63,41 @@ index 33af09b0..3f57cc48 100644 desktop-file.c \ desktop-file.h \ $(DIR_WATCH_SOURCE) \ +diff --git a/bus/activation.c b/bus/activation.c +index 6f009f5..f8a02eb 100644 +--- a/bus/activation.c ++++ b/bus/activation.c +@@ -1788,14 +1788,15 @@ bus_activation_activate_service (BusActivation *activation, + + if (auto_activation && + entry != NULL && +- !bus_context_check_security_policy (activation->context, ++ BUS_RESULT_TRUE != bus_context_check_security_policy (activation->context, + transaction, + connection, /* sender */ + NULL, /* addressed recipient */ + NULL, /* proposed recipient */ + activation_message, + entry, +- error)) ++ error, ++ NULL)) + { + _DBUS_ASSERT_ERROR_IS_SET (error); + _dbus_verbose ("activation not authorized: %s: %s\n", diff --git a/bus/bus.c b/bus/bus.c -index fd4ab9e4..c4008505 100644 +index 30ce4e1..237efe3 100644 --- a/bus/bus.c +++ b/bus/bus.c -@@ -37,6 +37,7 @@ +@@ -38,6 +38,7 @@ #include "apparmor.h" #include "audit.h" #include "dir-watch.h" +#include "check.h" + #include #include #include - #include -@@ -65,6 +66,7 @@ struct BusContext +@@ -67,6 +68,7 @@ struct BusContext BusRegistry *registry; BusPolicy *policy; BusMatchmaker *matchmaker; @@ -111,7 +105,7 @@ index fd4ab9e4..c4008505 100644 BusLimits limits; DBusRLimit *initial_fd_limit; unsigned int fork : 1; -@@ -988,6 +990,10 @@ bus_context_new (const DBusString *config_file, +@@ -1003,6 +1005,10 @@ bus_context_new (const DBusString *config_file, parser = NULL; } @@ -122,7 +116,7 @@ index fd4ab9e4..c4008505 100644 dbus_server_free_data_slot (&server_data_slot); return context; -@@ -1112,6 +1118,12 @@ bus_context_unref (BusContext *context) +@@ -1127,6 +1133,12 @@ bus_context_unref (BusContext *context) bus_context_shutdown (context); @@ -135,7 +129,7 @@ index fd4ab9e4..c4008505 100644 if (context->connections) { bus_connections_unref (context->connections); -@@ -1241,6 +1253,12 @@ bus_context_get_loop (BusContext *context) +@@ -1256,6 +1268,12 @@ bus_context_get_loop (BusContext *context) return context->loop; } @@ -148,7 +142,7 @@ index fd4ab9e4..c4008505 100644 dbus_bool_t bus_context_allow_unix_user (BusContext *context, unsigned long uid) -@@ -1456,6 +1474,7 @@ complain_about_message (BusContext *context, +@@ -1451,6 +1469,7 @@ complain_about_message (BusContext *context, DBusConnection *proposed_recipient, dbus_bool_t requested_reply, dbus_bool_t log, @@ -156,7 +150,7 @@ index fd4ab9e4..c4008505 100644 DBusError *error) { DBusError stack_error = DBUS_ERROR_INIT; -@@ -1485,7 +1504,8 @@ complain_about_message (BusContext *context, +@@ -1480,7 +1499,8 @@ complain_about_message (BusContext *context, dbus_set_error (&stack_error, error_name, "%s, %d matched rules; type=\"%s\", sender=\"%s\" (%s) " "interface=\"%s\" member=\"%s\" error name=\"%s\" " @@ -166,7 +160,7 @@ index fd4ab9e4..c4008505 100644 complaint, matched_rules, dbus_message_type_to_string (dbus_message_get_type (message)), -@@ -1496,7 +1516,8 @@ complain_about_message (BusContext *context, +@@ -1491,7 +1511,8 @@ complain_about_message (BusContext *context, nonnull (dbus_message_get_error_name (message), "(unset)"), requested_reply, nonnull (dbus_message_get_destination (message), DBUS_SERVICE_DBUS), @@ -176,26 +170,21 @@ index fd4ab9e4..c4008505 100644 /* If we hit OOM while setting the error, this will syslog "out of memory" * which is itself an indication that something is seriously wrong */ -@@ -1520,14 +1541,15 @@ complain_about_message (BusContext *context, +@@ -1519,7 +1540,7 @@ complain_about_message (BusContext *context, * NULL for addressed_recipient may mean the bus driver, or may mean * no destination was specified in the message (e.g. a signal). */ -dbus_bool_t --bus_context_check_security_policy (BusContext *context, -- BusTransaction *transaction, -- DBusConnection *sender, -- DBusConnection *addressed_recipient, -- DBusConnection *proposed_recipient, -- DBusMessage *message, -- DBusError *error) +BusResult -+bus_context_check_security_policy (BusContext *context, -+ BusTransaction *transaction, -+ DBusConnection *sender, -+ DBusConnection *addressed_recipient, -+ DBusConnection *proposed_recipient, -+ DBusMessage *message, -+ DBusError *error, + bus_context_check_security_policy (BusContext *context, + BusTransaction *transaction, + DBusConnection *sender, +@@ -1527,7 +1548,8 @@ bus_context_check_security_policy (BusContext *context, + DBusConnection *proposed_recipient, + DBusMessage *message, + BusActivationEntry *activation_entry, +- DBusError *error) ++ DBusError *error, + BusDeferredMessage **deferred_message) { const char *src, *dest; @@ -208,7 +197,7 @@ index fd4ab9e4..c4008505 100644 type = dbus_message_get_type (message); src = dbus_message_get_sender (message); -@@ -1564,7 +1587,7 @@ bus_context_check_security_policy (BusContext *context, +@@ -1565,7 +1588,7 @@ bus_context_check_security_policy (BusContext *context, dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, "Message bus will not accept messages of unknown type\n"); @@ -217,7 +206,7 @@ index fd4ab9e4..c4008505 100644 } requested_reply = FALSE; -@@ -1594,7 +1617,7 @@ bus_context_check_security_policy (BusContext *context, +@@ -1595,7 +1618,7 @@ bus_context_check_security_policy (BusContext *context, if (dbus_error_is_set (&error2)) { dbus_move_error (&error2, error); @@ -226,7 +215,7 @@ index fd4ab9e4..c4008505 100644 } } } -@@ -1621,11 +1644,11 @@ bus_context_check_security_policy (BusContext *context, +@@ -1624,11 +1647,11 @@ bus_context_check_security_policy (BusContext *context, complain_about_message (context, DBUS_ERROR_ACCESS_DENIED, "An SELinux policy prevents this sender from sending this " "message to this recipient", @@ -240,16 +229,16 @@ index fd4ab9e4..c4008505 100644 } /* next verify AppArmor access controls. If allowed then -@@ -1642,7 +1665,7 @@ bus_context_check_security_policy (BusContext *context, - dest ? dest : DBUS_SERVICE_DBUS, +@@ -1646,7 +1669,7 @@ bus_context_check_security_policy (BusContext *context, src ? src : DBUS_SERVICE_DBUS, + activation_entry, error)) - return FALSE; + return BUS_RESULT_FALSE; if (!bus_connection_is_active (sender)) { -@@ -1656,7 +1679,7 @@ bus_context_check_security_policy (BusContext *context, +@@ -1660,7 +1683,7 @@ bus_context_check_security_policy (BusContext *context, { _dbus_verbose ("security check allowing %s message\n", "Hello"); @@ -258,7 +247,7 @@ index fd4ab9e4..c4008505 100644 } else { -@@ -1667,7 +1690,7 @@ bus_context_check_security_policy (BusContext *context, +@@ -1671,7 +1694,7 @@ bus_context_check_security_policy (BusContext *context, "Client tried to send a message other than %s without being registered", "Hello"); @@ -267,7 +256,7 @@ index fd4ab9e4..c4008505 100644 } } } -@@ -1716,20 +1739,29 @@ bus_context_check_security_policy (BusContext *context, +@@ -1720,20 +1743,29 @@ bus_context_check_security_policy (BusContext *context, (proposed_recipient == NULL && recipient_policy == NULL)); log = FALSE; @@ -311,7 +300,7 @@ index fd4ab9e4..c4008505 100644 if (log) { -@@ -1738,23 +1770,29 @@ bus_context_check_security_policy (BusContext *context, +@@ -1742,23 +1774,29 @@ bus_context_check_security_policy (BusContext *context, complain_about_message (context, DBUS_ERROR_ACCESS_DENIED, "Would reject message", toggles, message, sender, proposed_recipient, requested_reply, @@ -355,7 +344,7 @@ index fd4ab9e4..c4008505 100644 } /* See if limits on size have been exceeded */ -@@ -1764,10 +1802,10 @@ bus_context_check_security_policy (BusContext *context, +@@ -1768,10 +1806,10 @@ bus_context_check_security_policy (BusContext *context, { complain_about_message (context, DBUS_ERROR_LIMITS_EXCEEDED, "Rejected: destination has a full message queue", @@ -368,7 +357,7 @@ index fd4ab9e4..c4008505 100644 } /* Record that we will allow a reply here in the future (don't -@@ -1784,11 +1822,11 @@ bus_context_check_security_policy (BusContext *context, +@@ -1792,11 +1830,11 @@ bus_context_check_security_policy (BusContext *context, message, error)) { _dbus_verbose ("Failed to record reply expectation or problem with the message expecting a reply\n"); @@ -383,13 +372,13 @@ index fd4ab9e4..c4008505 100644 void diff --git a/bus/bus.h b/bus/bus.h -index 3fab59ff..dab7791f 100644 +index 2e0de82..82c32c8 100644 --- a/bus/bus.h +++ b/bus/bus.h -@@ -44,6 +44,22 @@ typedef struct BusOwner BusOwner; - typedef struct BusTransaction BusTransaction; +@@ -45,6 +45,22 @@ typedef struct BusTransaction BusTransaction; typedef struct BusMatchmaker BusMatchmaker; typedef struct BusMatchRule BusMatchRule; + typedef struct BusActivationEntry BusActivationEntry; +typedef struct BusCheck BusCheck; +typedef struct BusDeferredMessage BusDeferredMessage; +typedef struct BusCynara BusCynara; @@ -409,7 +398,7 @@ index 3fab59ff..dab7791f 100644 typedef struct { -@@ -97,6 +113,7 @@ BusConnections* bus_context_get_connections (BusContext +@@ -101,6 +117,7 @@ BusConnections* bus_context_get_connections (BusContext BusActivation* bus_context_get_activation (BusContext *context); BusMatchmaker* bus_context_get_matchmaker (BusContext *context); DBusLoop* bus_context_get_loop (BusContext *context); @@ -417,31 +406,27 @@ index 3fab59ff..dab7791f 100644 dbus_bool_t bus_context_allow_unix_user (BusContext *context, unsigned long uid); dbus_bool_t bus_context_allow_windows_user (BusContext *context, -@@ -131,13 +148,14 @@ void bus_context_log_and_set_error (BusContext +@@ -136,14 +153,15 @@ void bus_context_log_and_set_error (BusContext const char *name, const char *msg, ...) _DBUS_GNUC_PRINTF (5, 6); -dbus_bool_t bus_context_check_security_policy (BusContext *context, -- BusTransaction *transaction, -- DBusConnection *sender, -- DBusConnection *addressed_recipient, -- DBusConnection *proposed_recipient, -- DBusMessage *message, ++BusResult bus_context_check_security_policy (BusContext *context, + BusTransaction *transaction, + DBusConnection *sender, + DBusConnection *addressed_recipient, + DBusConnection *proposed_recipient, + DBusMessage *message, + BusActivationEntry *activation_entry, - DBusError *error); -+BusResult bus_context_check_security_policy (BusContext *context, -+ BusTransaction *transaction, -+ DBusConnection *sender, -+ DBusConnection *addressed_recipient, -+ DBusConnection *proposed_recipient, -+ DBusMessage *message, -+ DBusError *error, ++ DBusError *error, + BusDeferredMessage **deferred_message); void bus_context_check_all_watches (BusContext *context); #endif /* BUS_BUS_H */ diff --git a/bus/check.c b/bus/check.c new file mode 100644 -index 00000000..5b72d31c +index 0000000..5b72d31 --- /dev/null +++ b/bus/check.c @@ -0,0 +1,217 @@ @@ -664,7 +649,7 @@ index 00000000..5b72d31c +} diff --git a/bus/check.h b/bus/check.h new file mode 100644 -index 00000000..c3fcaf90 +index 0000000..c3fcaf9 --- /dev/null +++ b/bus/check.h @@ -0,0 +1,68 @@ @@ -737,7 +722,7 @@ index 00000000..c3fcaf90 + BusResult result); +#endif /* BUS_CHECK_H */ diff --git a/bus/config-parser-common.c b/bus/config-parser-common.c -index 5db6b289..ea25f5e6 100644 +index c1c4191..e2f253d 100644 --- a/bus/config-parser-common.c +++ b/bus/config-parser-common.c @@ -75,6 +75,10 @@ bus_config_parser_element_name_to_type (const char *name) @@ -761,7 +746,7 @@ index 5db6b289..ea25f5e6 100644 return "fork"; case ELEMENT_PIDFILE: diff --git a/bus/config-parser-common.h b/bus/config-parser-common.h -index 382a0141..9e026d10 100644 +index 382a014..9e026d1 100644 --- a/bus/config-parser-common.h +++ b/bus/config-parser-common.h @@ -36,6 +36,7 @@ typedef enum @@ -773,10 +758,10 @@ index 382a0141..9e026d10 100644 ELEMENT_PIDFILE, ELEMENT_SERVICEDIR, diff --git a/bus/config-parser.c b/bus/config-parser.c -index d9f6042c..a8c4ca5d 100644 +index be27d38..b5f1dd1 100644 --- a/bus/config-parser.c +++ b/bus/config-parser.c -@@ -1172,7 +1172,7 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1318,7 +1318,7 @@ append_rule_from_element (BusConfigParser *parser, const char *element_name, const char **attribute_names, const char **attribute_values, @@ -785,15 +770,15 @@ index d9f6042c..a8c4ca5d 100644 DBusError *error) { const char *log; -@@ -1195,6 +1195,7 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1360,6 +1360,7 @@ append_rule_from_element (BusConfigParser *parser, const char *own_prefix; const char *user; const char *group; + const char *privilege; BusPolicyRule *rule; - -@@ -1222,6 +1223,7 @@ append_rule_from_element (BusConfigParser *parser, + +@@ -1390,6 +1391,7 @@ append_rule_from_element (BusConfigParser *parser, "user", &user, "group", &group, "log", &log, @@ -801,15 +786,15 @@ index d9f6042c..a8c4ca5d 100644 NULL)) return FALSE; -@@ -1230,6 +1232,7 @@ append_rule_from_element (BusConfigParser *parser, - receive_interface || receive_member || receive_error || receive_sender || - receive_type || receive_path || eavesdrop || - send_requested_reply || receive_requested_reply || +@@ -1422,6 +1424,7 @@ append_rule_from_element (BusConfigParser *parser, + + if (!(any_send_attribute || + any_receive_attribute || + privilege || own || own_prefix || user || group)) { dbus_set_error (error, DBUS_ERROR_FAILED, -@@ -1246,7 +1249,30 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1438,7 +1441,30 @@ append_rule_from_element (BusConfigParser *parser, element_name); return FALSE; } @@ -841,25 +826,25 @@ index d9f6042c..a8c4ca5d 100644 /* Allowed combinations of elements are: * * base, must be all send or all receive: -@@ -1420,7 +1446,7 @@ append_rule_from_element (BusConfigParser *parser, - return FALSE; - } - +@@ -1589,7 +1615,7 @@ append_rule_from_element (BusConfigParser *parser, + error)) + return FALSE; + - rule = bus_policy_rule_new (BUS_POLICY_RULE_SEND, allow); + rule = bus_policy_rule_new (BUS_POLICY_RULE_SEND, access); if (rule == NULL) goto nomem; -@@ -1502,7 +1528,7 @@ append_rule_from_element (BusConfigParser *parser, - return FALSE; - } - +@@ -1694,7 +1720,7 @@ append_rule_from_element (BusConfigParser *parser, + error)) + return FALSE; + - rule = bus_policy_rule_new (BUS_POLICY_RULE_RECEIVE, allow); + rule = bus_policy_rule_new (BUS_POLICY_RULE_RECEIVE, access); if (rule == NULL) goto nomem; -@@ -1532,7 +1558,7 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1726,7 +1752,7 @@ append_rule_from_element (BusConfigParser *parser, } else if (own || own_prefix) { @@ -868,7 +853,7 @@ index d9f6042c..a8c4ca5d 100644 if (rule == NULL) goto nomem; -@@ -1558,7 +1584,7 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1752,7 +1778,7 @@ append_rule_from_element (BusConfigParser *parser, { if (IS_WILDCARD (user)) { @@ -877,7 +862,7 @@ index d9f6042c..a8c4ca5d 100644 if (rule == NULL) goto nomem; -@@ -1573,7 +1599,7 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1767,7 +1793,7 @@ append_rule_from_element (BusConfigParser *parser, if (_dbus_parse_unix_user_from_config (&username, &uid)) { @@ -886,7 +871,7 @@ index d9f6042c..a8c4ca5d 100644 if (rule == NULL) goto nomem; -@@ -1590,7 +1616,7 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1784,7 +1810,7 @@ append_rule_from_element (BusConfigParser *parser, { if (IS_WILDCARD (group)) { @@ -895,7 +880,7 @@ index d9f6042c..a8c4ca5d 100644 if (rule == NULL) goto nomem; -@@ -1605,7 +1631,7 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1799,7 +1825,7 @@ append_rule_from_element (BusConfigParser *parser, if (_dbus_parse_unix_group_from_config (&groupname, &gid)) { @@ -904,7 +889,7 @@ index d9f6042c..a8c4ca5d 100644 if (rule == NULL) goto nomem; -@@ -1629,6 +1655,10 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1823,6 +1849,10 @@ append_rule_from_element (BusConfigParser *parser, _dbus_assert (pe != NULL); _dbus_assert (pe->type == ELEMENT_POLICY); @@ -915,7 +900,7 @@ index d9f6042c..a8c4ca5d 100644 switch (pe->d.policy.type) { case POLICY_IGNORED: -@@ -1703,7 +1733,7 @@ start_policy_child (BusConfigParser *parser, +@@ -1898,7 +1928,7 @@ start_policy_child (BusConfigParser *parser, { if (!append_rule_from_element (parser, element_name, attribute_names, attribute_values, @@ -924,7 +909,7 @@ index d9f6042c..a8c4ca5d 100644 return FALSE; if (push_element (parser, ELEMENT_ALLOW) == NULL) -@@ -1718,7 +1748,7 @@ start_policy_child (BusConfigParser *parser, +@@ -1913,7 +1943,7 @@ start_policy_child (BusConfigParser *parser, { if (!append_rule_from_element (parser, element_name, attribute_names, attribute_values, @@ -933,7 +918,7 @@ index d9f6042c..a8c4ca5d 100644 return FALSE; if (push_element (parser, ELEMENT_DENY) == NULL) -@@ -1727,6 +1757,21 @@ start_policy_child (BusConfigParser *parser, +@@ -1922,6 +1952,21 @@ start_policy_child (BusConfigParser *parser, return FALSE; } @@ -955,7 +940,7 @@ index d9f6042c..a8c4ca5d 100644 return TRUE; } else -@@ -2088,6 +2133,7 @@ bus_config_parser_end_element (BusConfigParser *parser, +@@ -2284,6 +2329,7 @@ bus_config_parser_end_element (BusConfigParser *parser, case ELEMENT_POLICY: case ELEMENT_ALLOW: case ELEMENT_DENY: @@ -963,7 +948,7 @@ index d9f6042c..a8c4ca5d 100644 case ELEMENT_FORK: case ELEMENT_SYSLOG: case ELEMENT_KEEP_UMASK: -@@ -2397,6 +2443,7 @@ bus_config_parser_content (BusConfigParser *parser, +@@ -2600,6 +2646,7 @@ bus_config_parser_content (BusConfigParser *parser, case ELEMENT_POLICY: case ELEMENT_ALLOW: case ELEMENT_DENY: @@ -971,7 +956,7 @@ index d9f6042c..a8c4ca5d 100644 case ELEMENT_FORK: case ELEMENT_SYSLOG: case ELEMENT_KEEP_UMASK: -@@ -2862,6 +2909,8 @@ do_load (const DBusString *full_path, +@@ -3127,6 +3174,8 @@ do_load (const DBusString *full_path, dbus_error_init (&error); parser = bus_config_load (full_path, TRUE, NULL, &error); @@ -981,7 +966,7 @@ index d9f6042c..a8c4ca5d 100644 { _DBUS_ASSERT_ERROR_IS_SET (&error); diff --git a/bus/connection.c b/bus/connection.c -index 02d6c220..eea50ecd 100644 +index 53605fa..b348d42 100644 --- a/bus/connection.c +++ b/bus/connection.c @@ -36,6 +36,10 @@ @@ -1061,7 +1046,7 @@ index 02d6c220..eea50ecd 100644 } static void -@@ -451,6 +458,10 @@ free_connection_data (void *data) +@@ -448,6 +455,10 @@ free_connection_data (void *data) dbus_free (d->name); @@ -1072,7 +1057,7 @@ index 02d6c220..eea50ecd 100644 dbus_free (d); } -@@ -1063,6 +1074,22 @@ bus_connection_get_policy (DBusConnection *connection) +@@ -1078,6 +1089,22 @@ bus_connection_get_policy (DBusConnection *connection) return d->policy; } @@ -1095,7 +1080,7 @@ index 02d6c220..eea50ecd 100644 static dbus_bool_t foreach_active (BusConnections *connections, BusConnectionForeachFunction function, -@@ -2289,6 +2316,7 @@ bus_transaction_send_from_driver (BusTransaction *transaction, +@@ -2333,6 +2360,7 @@ bus_transaction_send_from_driver (BusTransaction *transaction, DBusMessage *message) { DBusError error = DBUS_ERROR_INIT; @@ -1103,22 +1088,23 @@ index 02d6c220..eea50ecd 100644 /* We have to set the sender to the driver, and have * to check security policy since it was not done in -@@ -2326,9 +2354,11 @@ bus_transaction_send_from_driver (BusTransaction *transaction, +@@ -2370,10 +2398,11 @@ bus_transaction_send_from_driver (BusTransaction *transaction, * if we're actively capturing messages, it's nice to log that we * tried to send it and did not allow ourselves to do so. */ - if (!bus_context_check_security_policy (bus_transaction_get_context (transaction), - transaction, -- NULL, connection, connection, message, &error)) +- NULL, connection, connection, +- message, NULL, &error)) + res = bus_context_check_security_policy (bus_transaction_get_context (transaction), + transaction, -+ NULL, connection, connection, message, &error, -+ NULL); ++ NULL, connection, connection, message, NULL, ++ &error, NULL); + if (res == BUS_RESULT_FALSE) { - if (!bus_transaction_capture_error_reply (transaction, &error, message)) - { -@@ -2342,6 +2372,12 @@ bus_transaction_send_from_driver (BusTransaction *transaction, + if (!bus_transaction_capture_error_reply (transaction, connection, + &error, message)) +@@ -2388,6 +2417,12 @@ bus_transaction_send_from_driver (BusTransaction *transaction, dbus_error_free (&error); return TRUE; } @@ -1132,7 +1118,7 @@ index 02d6c220..eea50ecd 100644 return bus_transaction_send (transaction, connection, message); } diff --git a/bus/connection.h b/bus/connection.h -index 8c68d0a0..a6e5dfde 100644 +index 9e253ae..71078ea 100644 --- a/bus/connection.h +++ b/bus/connection.h @@ -31,6 +31,7 @@ @@ -1143,7 +1129,7 @@ index 8c68d0a0..a6e5dfde 100644 BusConnections* bus_connections_new (BusContext *context); BusConnections* bus_connections_ref (BusConnections *connections); -@@ -122,6 +123,9 @@ dbus_bool_t bus_connection_be_monitor (DBusConnection *connection, +@@ -124,6 +125,9 @@ dbus_bool_t bus_connection_be_monitor (DBusConnection *connection, BusTransaction *transaction, DBusList **rules, DBusError *error); @@ -1155,7 +1141,7 @@ index 8c68d0a0..a6e5dfde 100644 diff --git a/bus/cynara.c b/bus/cynara.c new file mode 100644 -index 00000000..57a4c45c +index 0000000..57a4c45 --- /dev/null +++ b/bus/cynara.c @@ -0,0 +1,374 @@ @@ -1535,7 +1521,7 @@ index 00000000..57a4c45c +#endif /* DBUS_ENABLE_CYNARA */ diff --git a/bus/cynara.h b/bus/cynara.h new file mode 100644 -index 00000000..c4728bb7 +index 0000000..c4728bb --- /dev/null +++ b/bus/cynara.h @@ -0,0 +1,37 @@ @@ -1577,7 +1563,7 @@ index 00000000..c4728bb7 + BusDeferredMessageStatus check_type, + BusDeferredMessage **deferred_message); diff --git a/bus/dispatch.c b/bus/dispatch.c -index edfa1b44..05be3bdf 100644 +index 19228be..d3867f7 100644 --- a/bus/dispatch.c +++ b/bus/dispatch.c @@ -25,6 +25,7 @@ @@ -1588,7 +1574,7 @@ index edfa1b44..05be3bdf 100644 #include "connection.h" #include "driver.h" #include "services.h" -@@ -64,13 +65,17 @@ send_one_message (DBusConnection *connection, +@@ -64,14 +65,18 @@ send_one_message (DBusConnection *connection, DBusError *error) { DBusError stack_error = DBUS_ERROR_INIT; @@ -1601,34 +1587,35 @@ index edfa1b44..05be3bdf 100644 addressed_recipient, connection, message, + NULL, - &stack_error)) + &stack_error, + &deferred_message); + if (result != BUS_RESULT_TRUE) { - if (!bus_transaction_capture_error_reply (transaction, &stack_error, - message)) -@@ -129,6 +134,7 @@ bus_dispatch_matches (BusTransaction *transaction, + if (!bus_transaction_capture_error_reply (transaction, sender, + &stack_error, message)) +@@ -130,6 +135,8 @@ bus_dispatch_matches (BusTransaction *transaction, BusMatchmaker *matchmaker; DBusList *link; BusContext *context; + BusDeferredMessage *deferred_message; ++ BusResult res; _DBUS_ASSERT_ERROR_IS_CLEAR (error); -@@ -144,11 +150,21 @@ bus_dispatch_matches (BusTransaction *transaction, +@@ -145,11 +152,20 @@ bus_dispatch_matches (BusTransaction *transaction, /* First, send the message to the addressed_recipient, if there is one. */ if (addressed_recipient != NULL) { - if (!bus_context_check_security_policy (context, transaction, - sender, addressed_recipient, - addressed_recipient, -- message, error)) -+ BusResult res; +- message, NULL, error)) + res = bus_context_check_security_policy (context, transaction, + sender, addressed_recipient, + addressed_recipient, -+ message, error, ++ message, NULL, error, + &deferred_message); + if (res == BUS_RESULT_FALSE) return FALSE; @@ -1642,17 +1629,25 @@ index edfa1b44..05be3bdf 100644 if (dbus_message_contains_unix_fds (message) && !dbus_connection_can_send_type (addressed_recipient, -@@ -379,12 +395,24 @@ bus_dispatch (DBusConnection *connection, +@@ -374,19 +390,31 @@ bus_dispatch (DBusConnection *connection, if (service_name && strcmp (service_name, DBUS_SERVICE_DBUS) == 0) /* to bus driver */ { -- if (!bus_context_check_security_policy (context, transaction, -- connection, NULL, NULL, message, &error)) + BusDeferredMessage *deferred_message; + BusResult res; ++ + if (!bus_transaction_capture (transaction, connection, NULL, message)) + { + BUS_SET_OOM (&error); + goto out; + } + +- if (!bus_context_check_security_policy (context, transaction, +- connection, NULL, NULL, message, +- NULL, &error)) + res = bus_context_check_security_policy (context, transaction, -+ connection, NULL, NULL, message, &error, -+ &deferred_message); ++ connection, NULL, NULL, message, NULL, ++ &error, &deferred_message); + if (res == BUS_RESULT_FALSE) { _dbus_verbose ("Security policy rejected message\n"); @@ -1670,7 +1665,7 @@ index edfa1b44..05be3bdf 100644 _dbus_verbose ("Giving message to %s\n", DBUS_SERVICE_DBUS); if (!bus_driver_handle_message (connection, transaction, message, &error)) diff --git a/bus/policy.c b/bus/policy.c -index 082f3853..bcade176 100644 +index a37be80..7ee1ce5 100644 --- a/bus/policy.c +++ b/bus/policy.c @@ -22,6 +22,7 @@ @@ -1681,7 +1676,7 @@ index 082f3853..bcade176 100644 #include "policy.h" #include "services.h" #include "test.h" -@@ -32,7 +33,7 @@ +@@ -33,7 +34,7 @@ BusPolicyRule* bus_policy_rule_new (BusPolicyRuleType type, @@ -1690,7 +1685,7 @@ index 082f3853..bcade176 100644 { BusPolicyRule *rule; -@@ -42,7 +43,7 @@ bus_policy_rule_new (BusPolicyRuleType type, +@@ -43,7 +44,7 @@ bus_policy_rule_new (BusPolicyRuleType type, rule->type = type; rule->refcount = 1; @@ -1699,7 +1694,7 @@ index 082f3853..bcade176 100644 switch (rule->type) { -@@ -54,18 +55,19 @@ bus_policy_rule_new (BusPolicyRuleType type, +@@ -55,18 +56,19 @@ bus_policy_rule_new (BusPolicyRuleType type, break; case BUS_POLICY_RULE_SEND: rule->d.send.message_type = DBUS_MESSAGE_TYPE_INVALID; @@ -1722,9 +1717,9 @@ index 082f3853..bcade176 100644 break; case BUS_POLICY_RULE_OWN: break; -@@ -117,7 +119,8 @@ bus_policy_rule_unref (BusPolicyRule *rule) - case BUS_POLICY_RULE_GROUP: - break; +@@ -122,7 +124,8 @@ bus_policy_rule_unref (BusPolicyRule *rule) + default: + _dbus_assert_not_reached ("invalid rule"); } - + @@ -1732,7 +1727,7 @@ index 082f3853..bcade176 100644 dbus_free (rule); } } -@@ -427,7 +430,10 @@ list_allows_user (dbus_bool_t def, +@@ -435,7 +438,10 @@ list_allows_user (dbus_bool_t def, else continue; @@ -1744,7 +1739,7 @@ index 082f3853..bcade176 100644 } return allowed; -@@ -862,18 +868,23 @@ bus_client_policy_append_rule (BusClientPolicy *policy, +@@ -873,18 +879,23 @@ bus_client_policy_append_rule (BusClientPolicy *policy, return TRUE; } @@ -1778,7 +1773,7 @@ index 082f3853..bcade176 100644 /* policy->rules is in the order the rules appeared * in the config file, i.e. last rule that applies wins */ -@@ -881,7 +892,7 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, +@@ -892,7 +903,7 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, _dbus_verbose (" (policy) checking send rules\n"); *toggles = 0; @@ -1787,7 +1782,7 @@ index 082f3853..bcade176 100644 link = _dbus_list_get_first_link (&policy->rules); while (link != NULL) { -@@ -912,13 +923,14 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, +@@ -923,13 +934,14 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, /* If it's a reply, the requested_reply flag kicks in */ if (dbus_message_get_reply_serial (message) != 0) { @@ -1807,7 +1802,7 @@ index 082f3853..bcade176 100644 continue; } -@@ -926,7 +938,7 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, +@@ -937,7 +949,7 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, * when the reply was not requested. requested_reply=true means the * rule always applies. */ @@ -1816,7 +1811,7 @@ index 082f3853..bcade176 100644 { _dbus_verbose (" (policy) skipping deny rule since it only applies to unrequested replies\n"); continue; -@@ -949,13 +961,15 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, +@@ -960,13 +972,15 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, /* The interface is optional in messages. For allow rules, if the message * has no interface we want to skip the rule (and thus not allow); * for deny rules, if the message has no interface we want to use the @@ -1834,7 +1829,7 @@ index 082f3853..bcade176 100644 (!no_interface && strcmp (dbus_message_get_interface (message), rule->d.send.interface) != 0)) -@@ -1029,33 +1043,63 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, +@@ -1079,33 +1093,63 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, } /* Use this rule */ @@ -1912,7 +1907,7 @@ index 082f3853..bcade176 100644 eavesdropping = addressed_recipient != proposed_recipient && -@@ -1068,7 +1112,7 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, +@@ -1118,7 +1162,7 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, _dbus_verbose (" (policy) checking receive rules, eavesdropping = %d\n", eavesdropping); *toggles = 0; @@ -1921,7 +1916,7 @@ index 082f3853..bcade176 100644 link = _dbus_list_get_first_link (&policy->rules); while (link != NULL) { -@@ -1091,19 +1135,21 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, +@@ -1141,19 +1185,21 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, } } @@ -1948,7 +1943,7 @@ index 082f3853..bcade176 100644 { _dbus_verbose (" (policy) skipping deny rule since it only applies to eavesdropping\n"); continue; -@@ -1112,13 +1158,14 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, +@@ -1162,13 +1208,14 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, /* If it's a reply, the requested_reply flag kicks in */ if (dbus_message_get_reply_serial (message) != 0) { @@ -1968,7 +1963,7 @@ index 082f3853..bcade176 100644 continue; } -@@ -1126,7 +1173,7 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, +@@ -1176,7 +1223,7 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, * when the reply was not requested. requested_reply=true means the * rule always applies. */ @@ -1977,7 +1972,7 @@ index 082f3853..bcade176 100644 { _dbus_verbose (" (policy) skipping deny rule since it only applies to unrequested replies\n"); continue; -@@ -1149,13 +1196,13 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, +@@ -1199,13 +1246,13 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, /* The interface is optional in messages. For allow rules, if the message * has no interface we want to skip the rule (and thus not allow); * for deny rules, if the message has no interface we want to use the @@ -1993,9 +1988,9 @@ index 082f3853..bcade176 100644 (!no_interface && strcmp (dbus_message_get_interface (message), rule->d.receive.interface) != 0)) -@@ -1230,14 +1277,42 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, +@@ -1295,14 +1342,42 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, } - + /* Use this rule */ - allowed = rule->allow; + switch (rule->access) @@ -2040,7 +2035,7 @@ index 082f3853..bcade176 100644 } -@@ -1289,7 +1364,7 @@ bus_rules_check_can_own (DBusList *rules, +@@ -1354,7 +1429,7 @@ bus_rules_check_can_own (DBusList *rules, } /* Use this rule */ @@ -2050,12 +2045,12 @@ index 082f3853..bcade176 100644 return allowed; diff --git a/bus/policy.h b/bus/policy.h -index d1d3e72b..e9f193af 100644 +index ec43ffa..f839d23 100644 --- a/bus/policy.h +++ b/bus/policy.h -@@ -39,6 +39,14 @@ typedef enum - BUS_POLICY_RULE_GROUP - } BusPolicyRuleType; +@@ -46,6 +46,14 @@ typedef enum + BUS_POLICY_TRISTATE_TRUE + } BusPolicyTristate; +typedef enum +{ @@ -2068,7 +2063,7 @@ index d1d3e72b..e9f193af 100644 /** determines whether the rule affects a connection, or some global item */ #define BUS_POLICY_RULE_IS_PER_CLIENT(rule) (!((rule)->type == BUS_POLICY_RULE_USER || \ (rule)->type == BUS_POLICY_RULE_GROUP)) -@@ -49,8 +57,9 @@ struct BusPolicyRule +@@ -56,8 +64,9 @@ struct BusPolicyRule BusPolicyRuleType type; @@ -2080,7 +2075,7 @@ index d1d3e72b..e9f193af 100644 union { struct -@@ -106,7 +115,7 @@ struct BusPolicyRule +@@ -118,7 +127,7 @@ struct BusPolicyRule }; BusPolicyRule* bus_policy_rule_new (BusPolicyRuleType type, @@ -2089,54 +2084,43 @@ index d1d3e72b..e9f193af 100644 BusPolicyRule* bus_policy_rule_ref (BusPolicyRule *rule); void bus_policy_rule_unref (BusPolicyRule *rule); -@@ -140,21 +149,27 @@ dbus_bool_t bus_policy_merge (BusPolicy *policy, +@@ -152,21 +161,27 @@ dbus_bool_t bus_policy_merge (BusPolicy *policy, BusClientPolicy* bus_client_policy_new (void); BusClientPolicy* bus_client_policy_ref (BusClientPolicy *policy); void bus_client_policy_unref (BusClientPolicy *policy); -dbus_bool_t bus_client_policy_check_can_send (BusClientPolicy *policy, -- BusRegistry *registry, -- dbus_bool_t requested_reply, -- DBusConnection *receiver, -- DBusMessage *message, -- dbus_int32_t *toggles, ++BusResult bus_client_policy_check_can_send (DBusConnection *sender, ++ BusClientPolicy *policy, + BusRegistry *registry, + dbus_bool_t requested_reply, ++ DBusConnection *addressed_recipient, + DBusConnection *receiver, + DBusMessage *message, + dbus_int32_t *toggles, - dbus_bool_t *log); -dbus_bool_t bus_client_policy_check_can_receive (BusClientPolicy *policy, -- BusRegistry *registry, -- dbus_bool_t requested_reply, -- DBusConnection *sender, -- DBusConnection *addressed_recipient, -- DBusConnection *proposed_recipient, -- DBusMessage *message, -- dbus_int32_t *toggles); -+BusResult bus_client_policy_check_can_send (DBusConnection *sender, -+ BusClientPolicy *policy, -+ BusRegistry *registry, -+ dbus_bool_t requested_reply, -+ DBusConnection *addressed_recipient, -+ DBusConnection *receiver, -+ DBusMessage *message, -+ dbus_int32_t *toggles, -+ dbus_bool_t *log, -+ const char **privilege_param, ++ dbus_bool_t *log, ++ const char **privilege_param, + BusDeferredMessage **deferred_message); -+BusResult bus_client_policy_check_can_receive (BusClientPolicy *policy, -+ BusRegistry *registry, -+ dbus_bool_t requested_reply, -+ DBusConnection *sender, -+ DBusConnection *addressed_recipient, -+ DBusConnection *proposed_recipient, -+ DBusMessage *message, -+ dbus_int32_t *toggles, -+ const char **privilege_param, ++BusResult bus_client_policy_check_can_receive (BusClientPolicy *policy, + BusRegistry *registry, + dbus_bool_t requested_reply, + DBusConnection *sender, + DBusConnection *addressed_recipient, + DBusConnection *proposed_recipient, + DBusMessage *message, +- dbus_int32_t *toggles); ++ dbus_int32_t *toggles, ++ const char **privilege_param, + BusDeferredMessage **deferred_message); dbus_bool_t bus_client_policy_check_can_own (BusClientPolicy *policy, const DBusString *service_name); dbus_bool_t bus_client_policy_append_rule (BusClientPolicy *policy, diff --git a/configure.ac b/configure.ac -index 71e3515c..f3a2ffc1 100644 +index 81028ba..f21d1b2 100644 --- a/configure.ac +++ b/configure.ac -@@ -1873,6 +1873,17 @@ AC_ARG_ENABLE([user-session], +@@ -1770,6 +1770,17 @@ AC_ARG_ENABLE([user-session], AM_CONDITIONAL([DBUS_ENABLE_USER_SESSION], [test "x$enable_user_session" = xyes]) @@ -2154,7 +2138,7 @@ index 71e3515c..f3a2ffc1 100644 AC_CONFIG_FILES([ Doxyfile dbus/Version -@@ -1952,6 +1963,7 @@ echo " +@@ -1852,6 +1863,7 @@ echo " Building bus stats API: ${enable_stats} Building SELinux support: ${have_selinux} Building AppArmor support: ${have_apparmor} @@ -2163,20 +2147,20 @@ index 71e3515c..f3a2ffc1 100644 Building kqueue support: ${have_kqueue} Building systemd support: ${have_systemd} diff --git a/test/Makefile.am b/test/Makefile.am -index 914dd7f2..86882537 100644 +index 6a6e1a3..ce84dbc 100644 --- a/test/Makefile.am +++ b/test/Makefile.am -@@ -341,6 +341,7 @@ in_data = \ +@@ -439,6 +439,7 @@ in_data = \ data/valid-config-files/debug-allow-all.conf.in \ data/valid-config-files/finite-timeout.conf.in \ data/valid-config-files/forbidding.conf.in \ + data/valid-config-files/debug-check-some.conf.in \ data/valid-config-files/incoming-limit.conf.in \ - data/valid-config-files/multi-user.conf.in \ - data/valid-config-files/systemd-activation.conf.in \ + data/valid-config-files/max-completed-connections.conf.in \ + data/valid-config-files/max-connections-per-user.conf.in \ diff --git a/test/data/invalid-config-files/badcheck-1.conf b/test/data/invalid-config-files/badcheck-1.conf new file mode 100644 -index 00000000..fad9f502 +index 0000000..fad9f50 --- /dev/null +++ b/test/data/invalid-config-files/badcheck-1.conf @@ -0,0 +1,9 @@ @@ -2191,7 +2175,7 @@ index 00000000..fad9f502 + diff --git a/test/data/invalid-config-files/badcheck-2.conf b/test/data/invalid-config-files/badcheck-2.conf new file mode 100644 -index 00000000..63c7ef25 +index 0000000..63c7ef2 --- /dev/null +++ b/test/data/invalid-config-files/badcheck-2.conf @@ -0,0 +1,9 @@ @@ -2206,7 +2190,7 @@ index 00000000..63c7ef25 + diff --git a/test/data/valid-config-files/check-1.conf b/test/data/valid-config-files/check-1.conf new file mode 100644 -index 00000000..ad714733 +index 0000000..ad71473 --- /dev/null +++ b/test/data/valid-config-files/check-1.conf @@ -0,0 +1,9 @@ @@ -2221,7 +2205,7 @@ index 00000000..ad714733 + diff --git a/test/data/valid-config-files/debug-check-some.conf.in b/test/data/valid-config-files/debug-check-some.conf.in new file mode 100644 -index 00000000..47ee8548 +index 0000000..47ee854 --- /dev/null +++ b/test/data/valid-config-files/debug-check-some.conf.in @@ -0,0 +1,18 @@ @@ -2243,19 +2227,6 @@ index 00000000..47ee8548 + + + -diff --git a/tools/dbus-send.c b/tools/dbus-send.c -index 0dc1f5b3..76ddab3f 100644 ---- a/tools/dbus-send.c -+++ b/tools/dbus-send.c -@@ -458,7 +458,7 @@ main (int argc, char *argv[]) - char *arg; - char *c; - int type; -- int secondary_type; -+ int secondary_type = 0; - int container_type; - DBusMessageIter *target_iter; - DBusMessageIter container_iter; -- -2.14.3 +2.17.2