From f8e0c7a01d55b316be844379d9c0f090ec37b67e Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Fri, 1 Jul 2016 11:53:17 +0100 Subject: [PATCH 02/13] Log to syslog if max_completed_connections or max_connections_per_user are exceeded Bug: https://bugs.freedesktop.org/show_bug.cgi?id=86442 --- bus/connection.c | 25 +++++++++++++++++++++---- bus/connection.h | 2 ++ bus/driver.c | 15 +++++++++++++-- 3 files changed, 36 insertions(+), 6 deletions(-) diff --git a/bus/connection.c b/bus/connection.c index 2dda21c..61b2c4b 100644 --- a/bus/connection.c +++ b/bus/connection.c @@ -1645,13 +1645,23 @@ bus_connection_get_name (DBusConnection *connection) dbus_bool_t bus_connections_check_limits (BusConnections *connections, DBusConnection *requesting_completion, + const char **limit_name_out, + int *limit_out, DBusError *error) { unsigned long uid; + int limit; + + limit = bus_context_get_max_completed_connections (connections->context); - if (connections->n_completed >= - bus_context_get_max_completed_connections (connections->context)) + if (connections->n_completed >= limit) { + if (limit_name_out != NULL) + *limit_name_out = "max_completed_connections"; + + if (limit_out != NULL) + *limit_out = limit; + dbus_set_error (error, DBUS_ERROR_LIMITS_EXCEEDED, "The maximum number of active connections has been reached"); return FALSE; @@ -1659,9 +1669,16 @@ bus_connections_check_limits (BusConnections *connections, if (dbus_connection_get_unix_user (requesting_completion, &uid)) { - if (get_connections_for_uid (connections, uid) >= - bus_context_get_max_connections_per_user (connections->context)) + limit = bus_context_get_max_connections_per_user (connections->context); + + if (get_connections_for_uid (connections, uid) >= limit) { + if (limit_name_out != NULL) + *limit_name_out = "max_connections_per_user"; + + if (limit_out != NULL) + *limit_out = limit; + dbus_set_error (error, DBUS_ERROR_LIMITS_EXCEEDED, "The maximum number of active connections for UID %lu has been reached", uid); diff --git a/bus/connection.h b/bus/connection.h index 746f4eb..9e253ae 100644 --- a/bus/connection.h +++ b/bus/connection.h @@ -57,6 +57,8 @@ BusSELinuxID* bus_connection_get_selinux_id (DBusConnection BusAppArmorConfinement* bus_connection_dup_apparmor_confinement (DBusConnection *connection); dbus_bool_t bus_connections_check_limits (BusConnections *connections, DBusConnection *requesting_completion, + const char **limit_name_out, + int *limit_out, DBusError *error); void bus_connections_expire_incomplete (BusConnections *connections); diff --git a/bus/driver.c b/bus/driver.c index 684c3d8..2d06abc 100644 --- a/bus/driver.c +++ b/bus/driver.c @@ -428,6 +428,9 @@ bus_driver_handle_hello (DBusConnection *connection, dbus_bool_t retval; BusRegistry *registry; BusConnections *connections; + DBusError tmp_error; + int limit; + const char *limit_name; _DBUS_ASSERT_ERROR_IS_CLEAR (error); @@ -445,11 +448,19 @@ bus_driver_handle_hello (DBusConnection *connection, * incomplete connections. It's even OK if the connection wants to * retry the hello message, we support that. */ + dbus_error_init (&tmp_error); connections = bus_connection_get_connections (connection); if (!bus_connections_check_limits (connections, connection, - error)) + &limit_name, &limit, + &tmp_error)) { - _DBUS_ASSERT_ERROR_IS_SET (error); + BusContext *context; + + _DBUS_ASSERT_ERROR_IS_SET (&tmp_error); + context = bus_connection_get_context (connection); + bus_context_log (context, DBUS_SYSTEM_LOG_WARNING, "%s (%s=%d)", + tmp_error.message, limit_name, limit); + dbus_move_error (&tmp_error, error); return FALSE; } -- 2.8.1