├── tests ├── use-as-subproject │ ├── .gitignore │ ├── config.h │ ├── dummy-config.h.in │ ├── README │ └── meson.build ├── tap.test.in ├── Makefile.am.inc ├── meson.build └── test-proxy.c ├── SECURITY.md ├── README.md ├── meson_options.txt ├── release-checklist.md ├── .gitignore ├── NEWS ├── flatpak-proxy.h ├── meson.build ├── CODE_OF_CONDUCT.md ├── .github └── workflows │ └── check.yml ├── xdg-dbus-proxy.xml ├── backport-autoptr.h ├── dbus-proxy.c ├── COPYING └── flatpak-proxy.c /tests/use-as-subproject/.gitignore: -------------------------------------------------------------------------------- 1 | /_build/ 2 | /subprojects/ 3 | -------------------------------------------------------------------------------- /tests/tap.test.in: -------------------------------------------------------------------------------- 1 | [Test] 2 | Type=session 3 | Exec=@installed_testdir@/@basename@ --tap 4 | Output=TAP 5 | -------------------------------------------------------------------------------- /tests/use-as-subproject/config.h: -------------------------------------------------------------------------------- 1 | #error Should not use superproject config.h to compile xdg-dbus-proxy 2 | -------------------------------------------------------------------------------- /tests/use-as-subproject/dummy-config.h.in: -------------------------------------------------------------------------------- 1 | #error Should not use superproject generated config.h to compile xdg-dbus-proxy 2 | -------------------------------------------------------------------------------- /tests/use-as-subproject/README: -------------------------------------------------------------------------------- 1 | This is a simple example of a project that uses xdg-dbus-proxy as a 2 | subproject. The intention is that if this project can successfully build 3 | xdg-dbus-proxy as a subproject, then so could Flatpak. 4 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security policy for xdg-dbus-proxy 2 | 3 | See the [Flatpak security policy](https://github.com/flatpak/flatpak/blob/HEAD/SECURITY.md) 4 | 5 | ## Supported Versions 6 | 7 | Only the latest version is supported for security fixes. 8 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | xdg-dbus-proxy 2 | ============== 3 | 4 | xdg-dbus-proxy is a filtering proxy for D-Bus connections. It was originally 5 | part of the flatpak project, but it has been broken out as a standalone module 6 | to facilitate using it in other contexts. 7 | -------------------------------------------------------------------------------- /tests/use-as-subproject/meson.build: -------------------------------------------------------------------------------- 1 | project( 2 | 'use-xdg-dbus-proxy-as-subproject', 3 | 'c', 4 | version : '0', 5 | meson_version : '>=0.49.0', 6 | ) 7 | 8 | configure_file( 9 | output : 'config.h', 10 | input : 'dummy-config.h.in', 11 | configuration : configuration_data(), 12 | ) 13 | 14 | subproject( 15 | 'dbus-proxy', 16 | default_options : [ 17 | 'program_prefix=notflatpak-', 18 | ], 19 | ) 20 | -------------------------------------------------------------------------------- /meson_options.txt: -------------------------------------------------------------------------------- 1 | option( 2 | 'installed_tests', 3 | type : 'boolean', 4 | description : 'Build and install "as-installed" tests', 5 | value : false, 6 | ) 7 | option( 8 | 'man', 9 | type : 'feature', 10 | description : 'generate man pages', 11 | value : 'auto', 12 | ) 13 | option( 14 | 'program_prefix', 15 | type : 'string', 16 | description : 'Prepend string to executable name, for use with subprojects', 17 | value : '', 18 | ) 19 | option( 20 | 'tests', 21 | type : 'boolean', 22 | description : 'Build and run automated tests', 23 | value : true, 24 | ) 25 | -------------------------------------------------------------------------------- /tests/Makefile.am.inc: -------------------------------------------------------------------------------- 1 | # vim:set ft=automake: 2 | 3 | AM_TESTS_ENVIRONMENT += \ 4 | DBUS_PROXY=${abs_top_builddir}/xdg-dbus-proxy \ 5 | $(NULL) 6 | 7 | test_programs = \ 8 | test-proxy \ 9 | $(NULL) 10 | 11 | test_proxy_CPPFLAGS = -DBINDIR=\"$(bindir)\" 12 | test_proxy_SOURCES = tests/test-proxy.c 13 | test_proxy_LDADD = $(COMMON_LIBS) 14 | 15 | EXTRA_DIST += tests/meson.build 16 | EXTRA_DIST += tests/tap.test.in 17 | EXTRA_DIST += tests/use-as-subproject/README 18 | EXTRA_DIST += tests/use-as-subproject/config.h 19 | EXTRA_DIST += tests/use-as-subproject/dummy-config.h.in 20 | EXTRA_DIST += tests/use-as-subproject/meson.build 21 | -------------------------------------------------------------------------------- /release-checklist.md: -------------------------------------------------------------------------------- 1 | xdg-dbus-proxy release checklist 2 | ================================ 3 | 4 | * Update NEWS, including release date 5 | * Update version number in `meson.build` 6 | * Commit the changes 7 | * `meson dist` 8 | * Do any final smoke-testing, e.g. update a package, install and test it 9 | * `git evtag sign $VERSION` 10 | * `git push --atomic origin main $VERSION` 11 | * https://github.com/flatpak/xdg-dbus-proxy/releases/new 12 | * Fill in the new version's tag in the "Tag version" box 13 | * Title: `Release $VERSION` 14 | * Copy the `NEWS` text into the description 15 | * Upload the tarball that you built with `meson dist` 16 | * Get the `sha256sum` of the tarball and append it to the description 17 | * `Publish release` 18 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.1 2 | *.log 3 | *.o 4 | *.trs 5 | .deps 6 | .dirstamp 7 | /INSTALL 8 | /aclocal.m4 9 | /aminclude_static.am 10 | /autom4te.cache/ 11 | /build-aux/* 12 | /compile 13 | /config.h 14 | /config.h.in 15 | /config.h.in~ 16 | /config.log 17 | /config.status 18 | /configure 19 | /depcomp 20 | /install-sh 21 | /m4/* 22 | /missing 23 | /stamp-h1 24 | /test-proxy 25 | /test-suite.log 26 | /xdg-dbus-proxy 27 | /xdg-dbus-proxy-*.tar.xz 28 | /xdg-dbus-proxy-*-coverage.info 29 | /xdg-dbus-proxy-*-coverage.info.tmp 30 | /xdg-dbus-proxy-*-coverage/ 31 | Makefile 32 | Makefile.in 33 | 34 | !/build-aux/glib-tap.mk 35 | !/build-aux/tap-test 36 | !/m4/ax_ac_append_to_file.m4 37 | !/m4/ax_ac_print_to_file.m4 38 | !/m4/ax_add_am_macro_static.m4 39 | !/m4/ax_am_macros_static.m4 40 | !/m4/ax_check_gnu_make.m4 41 | !/m4/ax_code_coverage.m4 42 | !/m4/ax_file_escapes.m4 43 | !/m4/glibtests.m4 44 | 45 | -------------------------------------------------------------------------------- /tests/meson.build: -------------------------------------------------------------------------------- 1 | enable_installed_tests = get_option('installed_tests') and not meson.is_subproject() 2 | installed_testdir = get_option('libexecdir') / 'installed-tests' / meson.project_name() 3 | installed_tests_metadir = get_option('datadir') / 'installed-tests' / meson.project_name() 4 | 5 | test_programs = [ 6 | [ 7 | 'test-proxy', 8 | executable( 9 | 'test-proxy', 10 | 'test-proxy.c', 11 | dependencies : common_deps, 12 | include_directories : common_include_directories, 13 | install : enable_installed_tests, 14 | install_dir : installed_testdir, 15 | ), 16 | ], 17 | ] 18 | 19 | test_env = environment() 20 | test_env.set('DBUS_PROXY', dbus_proxy.full_path()) 21 | test_env.set('G_TEST_BUILDDIR', meson.current_build_dir()) 22 | test_env.set('G_TEST_SRCDIR', meson.current_source_dir()) 23 | 24 | foreach pair : test_programs 25 | name = pair[0] 26 | test_program = pair[1] 27 | if meson.version().version_compare('>=0.50.0') 28 | test( 29 | name, 30 | test_program, 31 | env : test_env, 32 | protocol : 'tap', 33 | ) 34 | else 35 | test( 36 | name, 37 | test_program, 38 | env : test_env, 39 | ) 40 | endif 41 | 42 | if enable_installed_tests 43 | configure_file( 44 | input : 'tap.test.in', 45 | output : name + '.test', 46 | configuration : { 47 | 'basename' : name, 48 | 'installed_testdir' : get_option('prefix') / installed_testdir, 49 | }, 50 | install_dir : installed_tests_metadir, 51 | ) 52 | endif 53 | endforeach 54 | -------------------------------------------------------------------------------- /NEWS: -------------------------------------------------------------------------------- 1 | Changes in 0.1.6 2 | ================ 3 | 4 | Released 2024-08-22 5 | 6 | * Use lower serial bits to differentiate proxy / client serials, and handle 7 | non-monotonically increasing serials better. 8 | * Fix various GVariant reference leaks 9 | * Don't require talk permission for broadcast rules 10 | * Support sdbus clients 11 | 12 | Changes in 0.1.5 13 | ================ 14 | 15 | Released 2023-08-07 16 | 17 | * Fix handling of object paths > 255 bytes 18 | * Print better errors when message parsing fails 19 | * Optionally install tests for "as-installed" testing 20 | 21 | Changes in 0.1.4 22 | ================ 23 | 24 | Released 2022-05-11 25 | 26 | * Add a Meson build system, with support for being used as a subproject. 27 | The original Autotools build system remains available for now, but 28 | might be removed in future. 29 | * Fix movement through multiline auth messages 30 | * Fix an unintended fallthrough if the message bus replies to Hello() 31 | with a non-REPLY such as an ERROR 32 | * Fix compiler warnings 33 | * Update AX_CODE_COVERAGE from autoconf-archive 34 | * Bundle a copy of AX_CHECK_GNU_MAKE from autoconf-archive, required 35 | by AX_CODE_COVERAGE 36 | 37 | Changes in 0.1.3 38 | ================ 39 | 40 | Released 2022-02-11 41 | 42 | * Silence compiler warnings 43 | * Fix build with musl 44 | * Fix UTF-8 characters being converted to ? when printing messages 45 | 46 | Changes in 0.1.2 47 | ================ 48 | 49 | * Some build fixes 50 | * Fix possible crash 51 | 52 | Changes in 0.1.1 53 | ================ 54 | 55 | * Added some docs 56 | * Added tests 57 | -------------------------------------------------------------------------------- /flatpak-proxy.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2015 Red Hat, Inc 3 | * 4 | * This program is free software; you can redistribute it and/or 5 | * modify it under the terms of the GNU Lesser General Public 6 | * License as published by the Free Software Foundation; either 7 | * version 2.1 of the License, or (at your option) any later version. 8 | * 9 | * This library is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 | * Lesser General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU Lesser General Public 15 | * License along with this library. If not, see . 16 | * 17 | * Authors: 18 | * Alexander Larsson 19 | */ 20 | 21 | #ifndef __FLATPAK_PROXY_H__ 22 | #define __FLATPAK_PROXY_H__ 23 | 24 | #include 25 | #include "backport-autoptr.h" 26 | 27 | typedef enum { 28 | FLATPAK_POLICY_NONE, 29 | FLATPAK_POLICY_SEE, 30 | FLATPAK_POLICY_TALK, 31 | FLATPAK_POLICY_OWN 32 | } FlatpakPolicy; 33 | 34 | typedef struct FlatpakProxy FlatpakProxy; 35 | 36 | #define FLATPAK_TYPE_PROXY flatpak_proxy_get_type () 37 | #define FLATPAK_PROXY(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), FLATPAK_TYPE_PROXY, FlatpakProxy)) 38 | #define FLATPAK_IS_PROXY(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), FLATPAK_TYPE_PROXY)) 39 | 40 | G_DEFINE_AUTOPTR_CLEANUP_FUNC (FlatpakProxy, g_object_unref) 41 | 42 | GType flatpak_proxy_get_type (void); 43 | 44 | FlatpakProxy *flatpak_proxy_new (const char *dbus_address, 45 | const char *socket_path); 46 | void flatpak_proxy_set_log_messages (FlatpakProxy *proxy, 47 | gboolean log); 48 | void flatpak_proxy_set_filter (FlatpakProxy *proxy, 49 | gboolean filter); 50 | void flatpak_proxy_set_sloppy_names (FlatpakProxy *proxy, 51 | gboolean sloppy_names); 52 | void flatpak_proxy_add_policy (FlatpakProxy *proxy, 53 | const char *name, 54 | gboolean name_is_subtree, 55 | FlatpakPolicy policy); 56 | void flatpak_proxy_add_call_rule (FlatpakProxy *proxy, 57 | const char *name, 58 | gboolean name_is_subtree, 59 | const char *rule); 60 | void flatpak_proxy_add_broadcast_rule (FlatpakProxy *proxy, 61 | const char *name, 62 | gboolean name_is_subtree, 63 | const char *rule); 64 | gboolean flatpak_proxy_start (FlatpakProxy *proxy, 65 | GError **error); 66 | void flatpak_proxy_stop (FlatpakProxy *proxy); 67 | 68 | #endif /* __FLATPAK_PROXY_H__ */ 69 | -------------------------------------------------------------------------------- /meson.build: -------------------------------------------------------------------------------- 1 | project( 2 | 'xdg-dbus-proxy', 3 | 'c', 4 | version : '0.1.6', 5 | meson_version : '>=0.49.0', 6 | default_options : [ 7 | 'warning_level=2', 8 | ], 9 | ) 10 | 11 | cc = meson.get_compiler('c') 12 | add_project_arguments('-D_GNU_SOURCE', language : 'c') 13 | common_include_directories = include_directories('.') 14 | 15 | add_project_arguments( 16 | cc.get_supported_arguments([ 17 | '-Werror=aggregate-return', 18 | '-Werror=empty-body', 19 | '-Werror=implicit-function-declaration', 20 | '-Werror=incompatible-pointer-types', 21 | '-Werror=init-self', 22 | '-Werror=int-conversion', 23 | '-Werror=misleading-indentation', 24 | '-Werror=missing-declarations', 25 | '-Werror=missing-include-dirs', 26 | '-Werror=missing-prototypes', 27 | '-Werror=overflow', 28 | '-Werror=parenthesis', 29 | '-Werror=pointer-arith', 30 | '-Werror=return-type', 31 | '-Werror=shadow', 32 | '-Werror=strict-prototypes', 33 | '-Werror=switch-default', 34 | '-Wswitch-enum', 35 | 36 | # Deliberately not warning about this, ability to zero-initialize 37 | # a struct is a feature 38 | '-Wno-missing-field-initializers', 39 | '-Wno-error=missing-field-initializers', 40 | 41 | # Deliberately not warning about this, unused parameters to a callback 42 | # are not a bug 43 | '-Wno-unused-parameter', 44 | '-Wno-error=unused-parameter', 45 | ]), 46 | language : 'c', 47 | ) 48 | 49 | glib_dep = dependency('glib-2.0', version : '>=2.40') 50 | gio_dep = dependency('gio-2.0', version : '>=2.40') 51 | gio_unix_dep = dependency('gio-unix-2.0', version : '>=2.40') 52 | common_deps = [glib_dep, gio_dep, gio_unix_dep] 53 | 54 | if meson.is_subproject() 55 | bindir = get_option('libexecdir') 56 | 57 | if get_option('program_prefix') == '' 58 | error('program_prefix option must be set when xdg-dbus-proxy is a subproject') 59 | endif 60 | 61 | exe_name = get_option('program_prefix') + 'dbus-proxy' 62 | else 63 | bindir = get_option('bindir') 64 | exe_name = 'xdg-dbus-proxy' 65 | endif 66 | 67 | conf_data = configuration_data() 68 | conf_data.set_quoted('BINDIR', get_option('prefix') / bindir) 69 | conf_data.set_quoted('PACKAGE_NAME', meson.project_name()) 70 | conf_data.set_quoted('PACKAGE_VERSION', meson.project_version()) 71 | configure_file(output : 'config.h', 72 | configuration : conf_data) 73 | 74 | dbus_proxy = executable( 75 | exe_name, 76 | [ 77 | 'dbus-proxy.c', 78 | 'flatpak-proxy.c', 79 | ], 80 | install : true, 81 | install_dir : bindir, 82 | dependencies : common_deps, 83 | ) 84 | 85 | xsltproc = find_program('xsltproc', required : get_option('man')) 86 | 87 | if xsltproc.found() and not meson.is_subproject() 88 | custom_target( 89 | 'xdg-dbus-proxy.1', 90 | output : 'xdg-dbus-proxy.1', 91 | input : 'xdg-dbus-proxy.xml', 92 | command : [ 93 | xsltproc, 94 | '--nonet', 95 | '--stringparam', 'man.output.quietly', '1', 96 | '--stringparam', 'funcsynopsis.style', 'ansi', 97 | '--stringparam', 'man.th.extra1.suppress', '1', 98 | '--stringparam', 'man.authors.section.enabled', '0', 99 | '--stringparam', 'man.copyright.section.enabled', '0', 100 | '-o', '@OUTPUT@', 101 | 'http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl', 102 | '@INPUT@', 103 | ], 104 | install : true, 105 | install_dir : get_option('mandir') / 'man1', 106 | ) 107 | endif 108 | 109 | if get_option('tests') 110 | subdir('tests') 111 | endif 112 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Code of Conduct 2 | 3 | ## 1. Purpose 4 | 5 | A primary goal of Flatpak is to be inclusive to the largest number of contributors, with the most varied and diverse backgrounds possible. As such, we are committed to providing a friendly, safe and welcoming environment for all, regardless of gender, sexual orientation, ability, ethnicity, socioeconomic status, and religion (or lack thereof). 6 | 7 | This code of conduct outlines our expectations for all those who participate in our community, as well as the consequences for unacceptable behavior. 8 | 9 | We invite all those who participate in Flatpak to help us create safe and positive experiences for everyone. 10 | 11 | ## 2. Open Source Citizenship 12 | 13 | A supplemental goal of this Code of Conduct is to increase open source citizenship by encouraging participants to recognize and strengthen the relationships between our actions and their effects on our community. 14 | 15 | Communities mirror the societies in which they exist and positive action is essential to counteract the many forms of inequality and abuses of power that exist in society. 16 | 17 | If you see someone who is making an extra effort to ensure our community is welcoming, friendly, and encourages all participants to contribute to the fullest extent, we want to know. 18 | 19 | ## 3. Expected Behavior 20 | 21 | The following behaviors are expected and requested of all community members: 22 | 23 | * Participate in an authentic and active way. In doing so, you contribute to the health and longevity of this community. 24 | * Exercise consideration and respect in your speech and actions. 25 | * Attempt collaboration before conflict. 26 | * Refrain from demeaning, discriminatory, or harassing behavior and speech. 27 | * Be mindful of your surroundings and of your fellow participants. Alert community leaders if you notice a dangerous situation, someone in distress, or violations of this Code of Conduct, even if they seem inconsequential. 28 | * Remember that community event venues may be shared with members of the public; please be respectful to all patrons of these locations. 29 | 30 | ## 4. Unacceptable Behavior 31 | 32 | The following behaviors are considered harassment and are unacceptable within our community: 33 | 34 | * Violence, threats of violence or violent language directed against another person. 35 | * Sexist, racist, homophobic, transphobic, ableist or otherwise discriminatory jokes and language. 36 | * Posting or displaying sexually explicit or violent material. 37 | * Posting or threatening to post other people’s personally identifying information ("doxing"). 38 | * Personal insults, particularly those related to gender, sexual orientation, race, religion, or disability. 39 | * Inappropriate photography or recording. 40 | * Inappropriate physical contact. You should have someone’s consent before touching them. 41 | * Unwelcome sexual attention. This includes, sexualized comments or jokes; inappropriate touching, groping, and unwelcomed sexual advances. 42 | * Deliberate intimidation, stalking or following (online or in person). 43 | * Advocating for, or encouraging, any of the above behavior. 44 | * Sustained disruption of community events, including talks and presentations. 45 | 46 | ## 5. Consequences of Unacceptable Behavior 47 | 48 | Unacceptable behavior from any community member, including sponsors and those with decision-making authority, will not be tolerated. 49 | 50 | Anyone asked to stop unacceptable behavior is expected to comply immediately. 51 | 52 | If a community member engages in unacceptable behavior, the community organizers may take any action they deem appropriate, up to and including a temporary ban or permanent expulsion from the community without warning (and without refund in the case of a paid event). 53 | 54 | ## 6. Reporting Guidelines 55 | 56 | If you are subject to or witness unacceptable behavior, or have any other concerns, please notify a community organizer as soon as possible. alexander.larsson@gmail.com. 57 | 58 | 59 | 60 | Additionally, community organizers are available to help community members engage with local law enforcement or to otherwise help those experiencing unacceptable behavior feel safe. In the context of in-person events, organizers will also provide escorts as desired by the person experiencing distress. 61 | 62 | ## 7. Addressing Grievances 63 | 64 | If you feel you have been falsely or unfairly accused of violating this Code of Conduct, you should notify Flatpak with a concise description of your grievance. Your grievance will be handled in accordance with our existing governing policies. 65 | 66 | 67 | 68 | ## 8. Scope 69 | 70 | We expect all community participants (contributors, paid or otherwise; sponsors; and other guests) to abide by this Code of Conduct in all community venues–online and in-person–as well as in all one-on-one communications pertaining to community business. 71 | 72 | This code of conduct and its related procedures also applies to unacceptable behavior occurring outside the scope of community activities when such behavior has the potential to adversely affect the safety and well-being of community members. 73 | 74 | ## 9. Contact info 75 | 76 | alexander.larsson@gmail.com 77 | 78 | ## 10. License and attribution 79 | 80 | This Code of Conduct is distributed under a [Creative Commons Attribution-ShareAlike license](http://creativecommons.org/licenses/by-sa/3.0/). 81 | 82 | Portions of text derived from the [Django Code of Conduct](https://www.djangoproject.com/conduct/) and the [Geek Feminism Anti-Harassment Policy](http://geekfeminism.wikia.com/wiki/Conference_anti-harassment/Policy). 83 | 84 | Retrieved on November 22, 2016 from [http://citizencodeofconduct.org/](http://citizencodeofconduct.org/) 85 | -------------------------------------------------------------------------------- /.github/workflows/check.yml: -------------------------------------------------------------------------------- 1 | name: CI checks 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | pull_request: 8 | paths-ignore: 9 | - CODE_OF_CONDUCT.md 10 | - CONTRIBUTING.md 11 | - COPYING 12 | - NEWS 13 | - README.md 14 | - SECURITY.md 15 | branches: 16 | - main 17 | 18 | jobs: 19 | meson: 20 | name: Build with Meson and gcc, and test 21 | runs-on: ubuntu-20.04 22 | steps: 23 | - name: Install Dependencies 24 | run: | 25 | sudo apt-get update 26 | sudo apt-get install -y \ 27 | dbus \ 28 | docbook-xml \ 29 | docbook-xsl \ 30 | libglib2.0-dev \ 31 | meson \ 32 | xsltproc \ 33 | ${NULL+} 34 | - name: Check out xdg-dbus-proxy 35 | uses: actions/checkout@v1 36 | with: 37 | submodules: true 38 | - name: Create logs dir 39 | run: mkdir test-logs 40 | - name: configure 41 | run: | 42 | meson setup . _build 43 | - name: Build xdg-dbus-proxy 44 | run: ninja -C _build -v 45 | - name: Run tests 46 | run: meson test -C _build -v 47 | - name: Collect overall test logs on failure 48 | if: failure() 49 | run: mv _build/meson-logs/testlog.txt test-logs/ || true 50 | - name: Collect individual test logs on cancel 51 | if: failure() || cancelled() 52 | run: mv _build/meson-logs/testlog.txt test-logs/ || true 53 | - name: install 54 | run: | 55 | DESTDIR="$(pwd)/DESTDIR" meson install -C _build 56 | ( cd DESTDIR && find -ls ) 57 | - name: distcheck 58 | run: | 59 | meson dist -C _build 60 | - name: Collect dist test logs on failure 61 | if: failure() 62 | run: mv _build/meson-private/dist-build/meson-logs/testlog.txt test-logs/disttestlog.txt || true 63 | - name: use as subproject 64 | run: | 65 | mkdir tests/use-as-subproject/subprojects 66 | tar -C tests/use-as-subproject/subprojects -xf _build/meson-dist/xdg-dbus-proxy-*.tar.xz 67 | mv tests/use-as-subproject/subprojects/xdg-dbus-proxy-* tests/use-as-subproject/subprojects/dbus-proxy 68 | ( cd tests/use-as-subproject && meson setup . _build ) 69 | ninja -C tests/use-as-subproject/_build -v 70 | meson test -C tests/use-as-subproject/_build 71 | DESTDIR="$(pwd)/DESTDIR-as-subproject" meson install -C tests/use-as-subproject/_build 72 | ( cd DESTDIR-as-subproject && find -ls ) 73 | test -x DESTDIR-as-subproject/usr/local/libexec/notflatpak-dbus-proxy 74 | - name: Upload test logs 75 | uses: actions/upload-artifact@v1 76 | if: failure() || cancelled() 77 | with: 78 | name: test logs 79 | path: test-logs 80 | 81 | clang: 82 | name: Build with clang and analyze 83 | runs-on: ubuntu-22.04 84 | strategy: 85 | fail-fast: false 86 | matrix: 87 | language: 88 | - cpp 89 | # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] 90 | # Learn more: 91 | # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed 92 | steps: 93 | # Initializes the CodeQL tools for scanning. 94 | - name: Initialize CodeQL 95 | uses: github/codeql-action/init@v3 96 | with: 97 | languages: ${{ matrix.language }} 98 | # If you wish to specify custom queries, you can do so here or in a config file. 99 | # By default, queries listed here will override any specified in a config file. 100 | # Prefix the list here with "+" to use these queries and those in the config file. 101 | # queries: ./path/to/local/query, your-org/your-repo/queries@main 102 | - name: Install Dependencies 103 | run: | 104 | sudo apt-get update 105 | sudo apt-get install -y \ 106 | clang \ 107 | dbus \ 108 | docbook-xml \ 109 | docbook-xsl \ 110 | libglib2.0-dev \ 111 | libtool \ 112 | meson \ 113 | xsltproc \ 114 | ${NULL+} 115 | - name: Check out xdg-dbus-proxy 116 | uses: actions/checkout@v1 117 | with: 118 | submodules: true 119 | - name: Create logs dir 120 | run: mkdir test-logs 121 | - name: configure 122 | run: | 123 | meson setup . _build -Db_sanitize=address,undefined 124 | env: 125 | CC: clang 126 | - name: Build xdg-dbus-proxy 127 | run: ninja -C _build -v 128 | - name: Perform CodeQL Analysis 129 | uses: github/codeql-action/analyze@v3 130 | - name: Run tests 131 | run: meson test -C _build -v 132 | - name: Collect overall test logs on failure 133 | if: failure() 134 | run: mv _build/meson-logs/testlog.txt test-logs/ || true 135 | - name: Collect individual test logs on cancel 136 | if: failure() || cancelled() 137 | run: mv _build/meson-logs/testlog.txt test-logs/ || true 138 | - name: Upload test logs 139 | uses: actions/upload-artifact@v1 140 | if: failure() || cancelled() 141 | with: 142 | name: test logs 143 | path: test-logs 144 | 145 | valgrind: 146 | name: Run tests in valgrind 147 | needs: meson # Don't run expensive test if main check fails 148 | runs-on: ubuntu-20.04 # Might as well test with a different one too 149 | steps: 150 | - name: Install Dependencies 151 | run: | 152 | sudo apt-get update 153 | sudo apt-get install -y \ 154 | clang \ 155 | dbus \ 156 | docbook-xml \ 157 | docbook-xsl \ 158 | libglib2.0-dev \ 159 | libtool \ 160 | meson \ 161 | valgrind \ 162 | xsltproc \ 163 | ${NULL+} 164 | - name: Check out xdg-dbus-proxy 165 | uses: actions/checkout@v1 166 | with: 167 | submodules: true 168 | - name: Create logs dir 169 | run: mkdir test-logs 170 | - name: configure 171 | run: | 172 | meson setup . _build 173 | env: 174 | CFLAGS: >- 175 | -O2 176 | -Wp,-D_FORTIFY_SOURCE=2 177 | - name: Build xdg-dbus-proxy 178 | run: ninja -C _build -v 179 | - name: Run tests 180 | run: meson test -C _build -v 181 | - name: Collect overall test logs on failure 182 | if: failure() 183 | run: mv _build/meson-logs/testlog.txt test-logs/ || true 184 | - name: Collect individual test logs on cancel 185 | if: failure() || cancelled() 186 | run: mv _build/meson-logs/testlog.txt test-logs/ || true 187 | - name: Upload test logs 188 | uses: actions/upload-artifact@v1 189 | if: failure() || cancelled() 190 | with: 191 | name: test logs 192 | path: test-logs 193 | -------------------------------------------------------------------------------- /tests/test-proxy.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2018 Collabora Ltd. 3 | * 4 | * This program is free software; you can redistribute it and/or 5 | * modify it under the terms of the GNU Lesser General Public 6 | * License as published by the Free Software Foundation; either 7 | * version 2.1 of the License, or (at your option) any later version. 8 | * 9 | * This library is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 | * Lesser General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU Lesser General Public 15 | * License along with this library. If not, see . 16 | */ 17 | 18 | #include "config.h" 19 | 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | 26 | #include 27 | #include 28 | #include 29 | #include 30 | 31 | #include "backport-autoptr.h" 32 | 33 | #define DBUS_SERVICE_DBUS "org.freedesktop.DBus" 34 | #define DBUS_PATH_DBUS "/org/freedesktop/DBus" 35 | #define DBUS_INTERFACE_DBUS "org.freedesktop.DBus" 36 | 37 | typedef struct 38 | { 39 | GDBusConnection *proxied_conn; 40 | GSubprocess *dbus_daemon; 41 | GSubprocess *proxy; 42 | gchar *dbus_address; 43 | gchar *temp_directory; 44 | gchar *proxy_socket; 45 | gchar *proxy_address; 46 | const gchar *proxy_path; 47 | int sync_pipe; 48 | } Fixture; 49 | 50 | typedef struct 51 | { 52 | int dummy; 53 | } Config; 54 | 55 | static void 56 | setup (Fixture *f, 57 | gconstpointer context G_GNUC_UNUSED) 58 | { 59 | g_autoptr(GSubprocessLauncher) launcher = NULL; 60 | g_autoptr(GError) error = NULL; 61 | GInputStream *address_pipe; 62 | gchar address_buffer[4096] = { 0 }; 63 | g_autofree gchar *escaped = NULL; 64 | char *newline; 65 | 66 | f->sync_pipe = -1; 67 | 68 | launcher = g_subprocess_launcher_new (G_SUBPROCESS_FLAGS_STDOUT_PIPE); 69 | f->dbus_daemon = g_subprocess_launcher_spawn (launcher, &error, 70 | "dbus-daemon", 71 | "--session", 72 | "--print-address=1", 73 | "--nofork", 74 | NULL); 75 | g_assert_no_error (error); 76 | g_assert_nonnull (f->dbus_daemon); 77 | 78 | address_pipe = g_subprocess_get_stdout_pipe (f->dbus_daemon); 79 | 80 | /* Crash if it takes too long to get the address */ 81 | alarm (30); 82 | 83 | while (strchr (address_buffer, '\n') == NULL) 84 | { 85 | if (strlen (address_buffer) >= sizeof (address_buffer) - 1) 86 | g_error ("Read %" G_GSIZE_FORMAT " bytes from dbus-daemon with " 87 | "no newline", 88 | sizeof (address_buffer) - 1); 89 | 90 | g_input_stream_read (address_pipe, 91 | address_buffer + strlen (address_buffer), 92 | sizeof (address_buffer) - strlen (address_buffer), 93 | NULL, &error); 94 | g_assert_no_error (error); 95 | } 96 | 97 | /* Disable alarm */ 98 | alarm (0); 99 | 100 | newline = strchr (address_buffer, '\n'); 101 | g_assert_nonnull (newline); 102 | *newline = '\0'; 103 | f->dbus_address = g_strdup (address_buffer); 104 | 105 | f->proxy_path = g_getenv ("DBUS_PROXY"); 106 | 107 | if (f->proxy_path == NULL) 108 | f->proxy_path = BINDIR "/xdg-dbus-proxy"; 109 | 110 | f->temp_directory = g_dir_make_tmp ("xdg-dbus-proxy-test.XXXXXX", &error); 111 | g_assert_no_error (error); 112 | f->proxy_socket = g_build_filename (f->temp_directory, "proxy", NULL); 113 | escaped = g_dbus_address_escape_value (f->proxy_socket); 114 | f->proxy_address = g_strdup_printf ("unix:path=%s", escaped); 115 | } 116 | 117 | enum 118 | { 119 | READ_END = 0, 120 | WRITE_END = 1, 121 | PIPE_FDS 122 | }; 123 | 124 | static void 125 | test_basics (Fixture *f, 126 | gconstpointer context G_GNUC_UNUSED) 127 | { 128 | g_autoptr(GSubprocessLauncher) launcher = NULL; 129 | g_autoptr(GError) error = NULL; 130 | g_autoptr(GVariant) tuple = NULL; 131 | g_auto(GStrv) strv = NULL; 132 | const char *proxied_name; 133 | int sync_pipe[PIPE_FDS]; 134 | char buf; 135 | ssize_t bytes_read; 136 | gsize i; 137 | gboolean found; 138 | 139 | alarm (30); 140 | 141 | g_unix_open_pipe (sync_pipe, FD_CLOEXEC, &error); 142 | g_assert_no_error (error); 143 | f->sync_pipe = sync_pipe[READ_END]; 144 | 145 | launcher = g_subprocess_launcher_new (G_SUBPROCESS_FLAGS_STDOUT_PIPE); 146 | g_subprocess_launcher_take_fd (launcher, sync_pipe[WRITE_END], 3); 147 | sync_pipe[WRITE_END] = -1; 148 | 149 | f->proxy = g_subprocess_launcher_spawn (launcher, &error, 150 | f->proxy_path, 151 | "--fd=3", 152 | f->dbus_address, 153 | f->proxy_socket, 154 | NULL); 155 | g_assert_no_error (error); 156 | g_assert_nonnull (f->proxy); 157 | 158 | /* Wait for the proxy to be ready */ 159 | bytes_read = read (sync_pipe[READ_END], &buf, 1); 160 | g_assert_cmpint (bytes_read, ==, 1); 161 | 162 | f->proxied_conn = g_dbus_connection_new_for_address_sync (f->proxy_address, 163 | G_DBUS_CONNECTION_FLAGS_AUTHENTICATION_CLIENT 164 | | G_DBUS_CONNECTION_FLAGS_MESSAGE_BUS_CONNECTION, 165 | NULL, NULL, &error); 166 | g_assert_no_error (error); 167 | g_assert_nonnull (f->proxied_conn); 168 | proxied_name = g_dbus_connection_get_unique_name (f->proxied_conn); 169 | 170 | tuple = g_dbus_connection_call_sync (f->proxied_conn, DBUS_SERVICE_DBUS, 171 | DBUS_PATH_DBUS, DBUS_INTERFACE_DBUS, 172 | "ListNames", NULL, 173 | G_VARIANT_TYPE ("(as)"), 174 | G_DBUS_CALL_FLAGS_NONE, -1, NULL, 175 | &error); 176 | g_assert_no_error (error); 177 | g_assert_nonnull (tuple); 178 | g_variant_get (tuple, "(^as)", &strv); 179 | found = FALSE; 180 | 181 | /* As a simple test of the proxying, assert that the array contains the 182 | * proxied connection itself */ 183 | for (i = 0; strv[i] != NULL; i++) 184 | { 185 | g_test_message ("ListNames(): %s", strv[i]); 186 | 187 | if (g_strcmp0 (strv[i], proxied_name) == 0) 188 | found = TRUE; 189 | } 190 | 191 | g_assert_true (found); 192 | } 193 | 194 | static void 195 | teardown (Fixture *f, 196 | gconstpointer context G_GNUC_UNUSED) 197 | { 198 | g_autoptr(GError) error = NULL; 199 | 200 | if (f->dbus_daemon != NULL) 201 | { 202 | g_subprocess_send_signal (f->dbus_daemon, SIGTERM); 203 | g_subprocess_wait (f->dbus_daemon, NULL, &error); 204 | g_assert_no_error (error); 205 | } 206 | 207 | if (f->sync_pipe >= 0) 208 | { 209 | g_close (f->sync_pipe, &error); 210 | g_assert_no_error (error); 211 | f->sync_pipe = -1; 212 | } 213 | 214 | if (f->proxy != NULL) 215 | { 216 | /* It terminates in response to us closing the sync_pipe */ 217 | g_subprocess_wait_check (f->proxy, NULL, &error); 218 | g_assert_no_error (error); 219 | } 220 | 221 | if (f->proxied_conn != NULL) 222 | { 223 | g_dbus_connection_close_sync (f->proxied_conn, NULL, &error); 224 | 225 | if (error != NULL) 226 | { 227 | g_assert_error (error, G_IO_ERROR, G_IO_ERROR_CLOSED); 228 | g_clear_error (&error); 229 | } 230 | } 231 | 232 | if (f->proxy_socket != NULL) 233 | { 234 | if (g_remove (f->proxy_socket) != 0 && errno != ENOENT) 235 | g_warning ("remove %s: %s", f->proxy_socket, g_strerror (errno)); 236 | 237 | g_free (f->proxy_socket); 238 | } 239 | 240 | if (f->temp_directory != NULL) 241 | { 242 | if (g_rmdir (f->temp_directory) != 0) 243 | g_warning ("rmdir %s: %s", f->temp_directory, g_strerror (errno)); 244 | 245 | g_free (f->temp_directory); 246 | } 247 | 248 | g_clear_object (&f->proxied_conn); 249 | g_clear_object (&f->dbus_daemon); 250 | g_clear_object (&f->proxy); 251 | g_free (f->dbus_address); 252 | g_free (f->proxy_address); 253 | alarm (0); 254 | } 255 | 256 | int 257 | main (int argc, 258 | char **argv) 259 | { 260 | g_test_init (&argc, &argv, NULL); 261 | 262 | g_test_add ("/basics", Fixture, NULL, setup, test_basics, teardown); 263 | 264 | return g_test_run (); 265 | } 266 | -------------------------------------------------------------------------------- /xdg-dbus-proxy.xml: -------------------------------------------------------------------------------- 1 | 2 | 5 | 6 | 7 | 8 | xdg-dbus-proxy 9 | flatpak 10 | 11 | 12 | Developer 13 | Alexander 14 | Larsson 15 | 16 | 17 | 18 | 19 | 20 | xdg-dbus-proxy 21 | 1 22 | User Commands 23 | 24 | 25 | 26 | xdg-dbus-proxy 27 | D-Bus proxy 28 | 29 | 30 | 31 | 32 | xdg-dbus-proxy 33 | OPTION 34 | ADDRESS PATH 35 | OPTION 36 | 37 | 38 | 39 | 40 | Description 41 | 42 | xdg-dbus-proxy is a filtering proxy for D-Bus connections. Its 43 | arguments are one or more ADDRESS-PATH 44 | pairs specifying the buses to proxy, with options that specify what filtering to apply. 45 | 46 | Basic Operation 47 | 48 | The proxy listens to the unix domain socket at PATH, 49 | and for each client that connects to the socket, it opens up a new connection to 50 | the specified D-Bus ADDRESS (typically the session bus) 51 | and forwards data between the two. During the authentication phase all data is 52 | forwarded as received, and additionally for the first 1 byte zero we also send 53 | the proxy credentials to the bus. 54 | 55 | 56 | Once the connection is authenticated there are two modes, filtered and unfiltered. 57 | In the unfiltered mode all messages are sent on as they are received. In the filtering 58 | mode policy is applied to determine which messages to allow, and which to drop. 59 | 60 | 61 | Filtering is applied only to outgoing signals and method calls and incoming broadcast 62 | signals. All replies (errors or method returns) are allowed once for an outstanding 63 | method call, and never otherwise. 64 | 65 | 66 | If a client ever receives a message from another peer on the bus, the senders unique 67 | name is made visible, so the client can track caller lifetimes via NameOwnerChanged 68 | signals. If a client calls a method on or receives a broadcast signal from a name 69 | (even if filtered to some subset of paths or interfaces), that names basic policy 70 | is considered to be (at least) TALK, from then on. 71 | 72 | 73 | Policy 74 | 75 | The policy for the filtering consists of a mapping from well-known names to a policy 76 | that is either SEE, TALK or OWN. The default initial policy is that the the user is only 77 | allowed to TALK to the bus itself (org.freedesktop.DBus, or no destination specified), 78 | and TALK to its own unique ID. All other clients are invisible. 79 | 80 | 81 | Here is a description of the policy levels (each level implies the ones before it): 82 | 83 | 84 | SEE 85 | 86 | The name/ID is visible in the ListNames reply 87 | The name/ID is visible in the ListActivatableNames reply 88 | You can call GetNameOwner on the name 89 | You can call NameHasOwner on the name 90 | You see NameOwnerChanged signals on the name 91 | You see NameOwnerChanged signals on the ID when the client disconnects 92 | You can call the GetXXX methods on the name/ID to get e.g. the peer pid 93 | You get AccessDenied rather than NameHasNoOwner when sending messages to the name/ID 94 | 95 | 96 | TALK 97 | 98 | You can send any method calls and signals to the name/ID 99 | You will receive broadcast signals from the name/ID (if you have a match rule for them) 100 | You can call StartServiceByName on the name 101 | 102 | 103 | OWN 104 | 105 | You are allowed to call RequestName/ReleaseName/ListQueuedOwners on the name 106 | 107 | 108 | 109 | 110 | Policy is specified with the , and 111 | options. The well-known names in these options can have a 112 | '.*' suffix. A name of "org.foo.*" matches "org.foo", org.foo.bar", and 113 | "org.foo.bar.gazonk", but not "org.foobar". 114 | 115 | 116 | Polices are specified for well-known names, but they also affect the owner of that 117 | name, so that the policy for a unique ID is the union of the polices for all the names 118 | it owns. For technical reasons, the policy for a unique name is "sticky", in that the 119 | highest policy granted by a once-owned name is kept, even when the client releases that 120 | name. This is impossible to avoid in a race-free way in a proxy. But it is rarely a 121 | problem in practice, as few clients release names and stay on the bus. 122 | 123 | 124 | In addition to the basic SEE/TALK/OWN policy, it is possible to specify more 125 | complicated rules about what method calls can be made on and what broadcast 126 | signals can be received from well-known names. A rule can restrict the allowed 127 | calls/signals to a specific object path or a subtree of object paths, and it 128 | can restrict the allowed interface down to an individual method or signal name. 129 | 130 | 131 | Rules are specified with the and 132 | options. The RULE in these options determines what interfaces, 133 | methods and object paths are allowed. It must be of the form 134 | [METHOD][@PATH], where 135 | METHOD can be either '*' or a D-Bus interface, possible 136 | with a '.*' suffix, or a fully-qualified method name, and PATH 137 | is a D-Bus object path, possible with a '/*' suffix. 138 | 139 | 140 | 141 | 142 | Options 143 | 144 | When options are used multiple times, the last option wins, unless otherwise 145 | specified. 146 | 147 | General options: 148 | 149 | 150 | 151 | Print help and exit 152 | 153 | 154 | 155 | Print version 156 | 157 | 158 | 159 | 160 | Write to FD when the proxies are ready, and stop when it is closed. 161 | 162 | 163 | 164 | 165 | 166 | Parse nul-separated arguments from the given file descriptor. 167 | This option can be used multiple times to parse options from 168 | multiple sources. 169 | 170 | 171 | 172 | Proxy Options: 173 | 174 | These options can only be used after an ADDRESS and apply to the proxy 175 | for that address. 176 | 177 | 178 | 179 | 180 | Enable filtering 181 | 182 | 183 | 184 | Turn on logging 185 | 186 | 187 | 188 | Make all unique names visible. 189 | 190 | 191 | 192 | Set the SEE policy for the given name. 193 | 194 | 195 | 196 | Set the TALK policy for the given name. 197 | 198 | 199 | 200 | Set the OWN policy for the given name. 201 | 202 | 203 | 204 | Set a rule for calls on the given name. 205 | 206 | 207 | 208 | Set a rule for broadcast signals from the given name. 209 | 210 | 211 | 212 | 213 | Examples 214 | 215 | $ xdg-dbus-proxy --fd=26 unix:path=/run/usr/1000/bus /run/usr/1000/.dbus-proxy/session-bus-proxy --filter --own=org.gnome.ghex.* --talk=ca.desrt.dconf --call=org.freedesktop.portal.*=* --broadcast=org.freedesktop.portal.*=@/org/freedesktop/portal/* 216 | 217 | 218 | 219 | 220 | -------------------------------------------------------------------------------- /backport-autoptr.h: -------------------------------------------------------------------------------- 1 | /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- 2 | * 3 | * Copyright (C) 2015 Colin Walters 4 | * 5 | * GLIB - Library of useful routines for C programming 6 | * Copyright (C) 1995-1997 Peter Mattis, Spencer Kimball and Josh MacDonald 7 | * 8 | * This library is free software; you can redistribute it and/or 9 | * modify it under the terms of the GNU Lesser General Public 10 | * License as published by the Free Software Foundation; either 11 | * version 2 of the License, or (at your option) any later version. 12 | * 13 | * This library is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 | * Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public 19 | * License along with this library; if not, write to the 20 | * Free Software Foundation, Inc., 59 Temple Place - Suite 330, 21 | * Boston, MA 02111-1307, USA. 22 | */ 23 | 24 | #pragma once 25 | 26 | #include 27 | 28 | G_BEGIN_DECLS 29 | 30 | #if !GLIB_CHECK_VERSION(2, 43, 4) 31 | 32 | #define _GLIB_AUTOPTR_FUNC_NAME(TypeName) glib_autoptr_cleanup_##TypeName 33 | #define _GLIB_AUTOPTR_TYPENAME(TypeName) TypeName##_autoptr 34 | #define _GLIB_AUTO_FUNC_NAME(TypeName) glib_auto_cleanup_##TypeName 35 | #define _GLIB_CLEANUP(func) __attribute__((cleanup(func))) 36 | #define _GLIB_DEFINE_AUTOPTR_CHAINUP(ModuleObjName, ParentName) \ 37 | typedef ModuleObjName *_GLIB_AUTOPTR_TYPENAME(ModuleObjName); \ 38 | static inline void _GLIB_AUTOPTR_FUNC_NAME(ModuleObjName) (ModuleObjName **_ptr) { \ 39 | _GLIB_AUTOPTR_FUNC_NAME(ParentName) ((ParentName **) _ptr); } \ 40 | 41 | 42 | /* these macros are API */ 43 | #define G_DEFINE_AUTOPTR_CLEANUP_FUNC(TypeName, func) \ 44 | typedef TypeName *_GLIB_AUTOPTR_TYPENAME(TypeName); \ 45 | G_GNUC_BEGIN_IGNORE_DEPRECATIONS \ 46 | static inline void _GLIB_AUTOPTR_FUNC_NAME(TypeName) (TypeName **_ptr) { if (*_ptr) (func) (*_ptr); } \ 47 | G_GNUC_END_IGNORE_DEPRECATIONS 48 | #define G_DEFINE_AUTO_CLEANUP_CLEAR_FUNC(TypeName, func) \ 49 | G_GNUC_BEGIN_IGNORE_DEPRECATIONS \ 50 | static inline void _GLIB_AUTO_FUNC_NAME(TypeName) (TypeName *_ptr) { (func) (_ptr); } \ 51 | G_GNUC_END_IGNORE_DEPRECATIONS 52 | #define G_DEFINE_AUTO_CLEANUP_FREE_FUNC(TypeName, func, none) \ 53 | G_GNUC_BEGIN_IGNORE_DEPRECATIONS \ 54 | static inline void _GLIB_AUTO_FUNC_NAME(TypeName) (TypeName *_ptr) { if (*_ptr != none) (func) (*_ptr); } \ 55 | G_GNUC_END_IGNORE_DEPRECATIONS 56 | #define g_autoptr(TypeName) _GLIB_CLEANUP(_GLIB_AUTOPTR_FUNC_NAME(TypeName)) _GLIB_AUTOPTR_TYPENAME(TypeName) 57 | #define g_auto(TypeName) _GLIB_CLEANUP(_GLIB_AUTO_FUNC_NAME(TypeName)) TypeName 58 | #define g_autofree _GLIB_CLEANUP(g_autoptr_cleanup_generic_gfree) 59 | 60 | /** 61 | * g_steal_pointer: 62 | * @pp: a pointer to a pointer 63 | * 64 | * Sets @pp to %NULL, returning the value that was there before. 65 | * 66 | * Conceptually, this transfers the ownership of the pointer from the 67 | * referenced variable to the "caller" of the macro (ie: "steals" the 68 | * reference). 69 | * 70 | * The return value will be properly typed, according to the type of 71 | * @pp. 72 | * 73 | * This can be very useful when combined with g_autoptr() to prevent the 74 | * return value of a function from being automatically freed. Consider 75 | * the following example (which only works on GCC and clang): 76 | * 77 | * |[ 78 | * GObject * 79 | * create_object (void) 80 | * { 81 | * g_autoptr(GObject) obj = g_object_new (G_TYPE_OBJECT, NULL); 82 | * 83 | * if (early_error_case) 84 | * return NULL; 85 | * 86 | * return g_steal_pointer (&obj); 87 | * } 88 | * ]| 89 | * 90 | * It can also be used in similar ways for 'out' parameters and is 91 | * particularly useful for dealing with optional out parameters: 92 | * 93 | * |[ 94 | * gboolean 95 | * get_object (GObject **obj_out) 96 | * { 97 | * g_autoptr(GObject) obj = g_object_new (G_TYPE_OBJECT, NULL); 98 | * 99 | * if (early_error_case) 100 | * return FALSE; 101 | * 102 | * if (obj_out) 103 | * *obj_out = g_steal_pointer (&obj); 104 | * 105 | * return TRUE; 106 | * } 107 | * ]| 108 | * 109 | * In the above example, the object will be automatically freed in the 110 | * early error case and also in the case that %NULL was given for 111 | * @obj_out. 112 | * 113 | * Since: 2.44 114 | */ 115 | static inline gpointer 116 | (g_steal_pointer) (gpointer pp) 117 | { 118 | gpointer *ptr = (gpointer *) pp; 119 | gpointer ref; 120 | 121 | ref = *ptr; 122 | *ptr = NULL; 123 | 124 | return ref; 125 | } 126 | 127 | /* type safety */ 128 | #define g_steal_pointer(pp) \ 129 | (0 ? (*(pp)) : (g_steal_pointer) (pp)) 130 | 131 | static inline void 132 | g_autoptr_cleanup_generic_gfree (void *p) 133 | { 134 | void **pp = (void**)p; 135 | if (*pp) 136 | g_free (*pp); 137 | } 138 | 139 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GAsyncQueue, g_async_queue_unref) 140 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GBookmarkFile, g_bookmark_file_free) 141 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GBytes, g_bytes_unref) 142 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GChecksum, g_checksum_free) 143 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GDateTime, g_date_time_unref) 144 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GDir, g_dir_close) 145 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GError, g_error_free) 146 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GHashTable, g_hash_table_unref) 147 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GHmac, g_hmac_unref) 148 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GIOChannel, g_io_channel_unref) 149 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GKeyFile, g_key_file_unref) 150 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GList, g_list_free) 151 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GArray, g_array_unref) 152 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GPtrArray, g_ptr_array_unref) 153 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GMainContext, g_main_context_unref) 154 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GMainLoop, g_main_loop_unref) 155 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GSource, g_source_unref) 156 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GMappedFile, g_mapped_file_unref) 157 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GMarkupParseContext, g_markup_parse_context_unref) 158 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(gchar, g_free) 159 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GNode, g_node_destroy) 160 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GOptionContext, g_option_context_free) 161 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GOptionGroup, g_option_group_free) 162 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GPatternSpec, g_pattern_spec_free) 163 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GQueue, g_queue_free) 164 | G_DEFINE_AUTO_CLEANUP_CLEAR_FUNC(GQueue, g_queue_clear) 165 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GRand, g_rand_free) 166 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GRegex, g_regex_unref) 167 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GMatchInfo, g_match_info_unref) 168 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GScanner, g_scanner_destroy) 169 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GSequence, g_sequence_free) 170 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GSList, g_slist_free) 171 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GStringChunk, g_string_chunk_free) 172 | G_DEFINE_AUTO_CLEANUP_FREE_FUNC(GStrv, g_strfreev, NULL) 173 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GThread, g_thread_unref) 174 | G_DEFINE_AUTO_CLEANUP_CLEAR_FUNC(GMutex, g_mutex_clear) 175 | G_DEFINE_AUTO_CLEANUP_CLEAR_FUNC(GCond, g_cond_clear) 176 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GTimer, g_timer_destroy) 177 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GTimeZone, g_time_zone_unref) 178 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GTree, g_tree_unref) 179 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GVariant, g_variant_unref) 180 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GVariantBuilder, g_variant_builder_unref) 181 | G_DEFINE_AUTO_CLEANUP_CLEAR_FUNC(GVariantBuilder, g_variant_builder_clear) 182 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GVariantIter, g_variant_iter_free) 183 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GVariantDict, g_variant_dict_unref) 184 | G_DEFINE_AUTO_CLEANUP_CLEAR_FUNC(GVariantDict, g_variant_dict_clear) 185 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GVariantType, g_variant_type_free) 186 | 187 | /* Add GObject-based types as needed. */ 188 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GAsyncResult, g_object_unref) 189 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GCancellable, g_object_unref) 190 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GConverter, g_object_unref) 191 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GConverterOutputStream, g_object_unref) 192 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GDataInputStream, g_object_unref) 193 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GFile, g_object_unref) 194 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GFileEnumerator, g_object_unref) 195 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GFileIOStream, g_object_unref) 196 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GFileInfo, g_object_unref) 197 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GFileInputStream, g_object_unref) 198 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GFileMonitor, g_object_unref) 199 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GFileOutputStream, g_object_unref) 200 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GInputStream, g_object_unref) 201 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GMemoryInputStream, g_object_unref) 202 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GMemoryOutputStream, g_object_unref) 203 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GMount, g_object_unref) 204 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GOutputStream, g_object_unref) 205 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GSocket, g_object_unref) 206 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GSocketAddress, g_object_unref) 207 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GSubprocess, g_object_unref) 208 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GSubprocessLauncher, g_object_unref) 209 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GTask, g_object_unref) 210 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GTlsCertificate, g_object_unref) 211 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GTlsDatabase, g_object_unref) 212 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GTlsInteraction, g_object_unref) 213 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GDBusConnection, g_object_unref) 214 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GDBusMessage, g_object_unref) 215 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GVolumeMonitor, g_object_unref) 216 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GZlibCompressor, g_object_unref) 217 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GZlibDecompressor, g_object_unref) 218 | 219 | #endif /* !GLIB_CHECK_VERSION(2, 43, 3) */ 220 | 221 | #if !GLIB_CHECK_VERSION(2, 45, 8) 222 | 223 | static inline void 224 | g_autoptr_cleanup_gstring_free (GString *string) 225 | { 226 | if (string) 227 | g_string_free (string, TRUE); 228 | } 229 | 230 | G_DEFINE_AUTOPTR_CLEANUP_FUNC(GString, g_autoptr_cleanup_gstring_free) 231 | 232 | #endif 233 | 234 | G_END_DECLS 235 | -------------------------------------------------------------------------------- /dbus-proxy.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2015 Red Hat, Inc 3 | * 4 | * This program is free software; you can redistribute it and/or 5 | * modify it under the terms of the GNU Lesser General Public 6 | * License as published by the Free Software Foundation; either 7 | * version 2.1 of the License, or (at your option) any later version. 8 | * 9 | * This library is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 | * Lesser General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU Lesser General Public 15 | * License along with this library. If not, see . 16 | * 17 | * Authors: 18 | * Alexander Larsson 19 | */ 20 | 21 | #include "config.h" 22 | 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | 33 | #include "flatpak-proxy.h" 34 | // Taken from glibc unistd.h 35 | #ifndef TEMP_FAILURE_RETRY 36 | # define TEMP_FAILURE_RETRY(expression) \ 37 | (__extension__ \ 38 | ({ long int __result; \ 39 | do __result = (long int) (expression); \ 40 | while (__result == -1L && errno == EINTR); \ 41 | __result; })) 42 | #endif 43 | 44 | static const char *argv0; 45 | static GList *proxies; 46 | static int sync_fd = -1; 47 | 48 | static void usage (int ecode, FILE *out) G_GNUC_NORETURN; 49 | static void 50 | usage (int ecode, FILE *out) 51 | { 52 | fprintf (out, "usage: %s [OPTIONS...] [ADDRESS PATH [OPTIONS...] ...]\n\n", argv0); 53 | 54 | fprintf (out, 55 | "Options:\n" 56 | " --help Print this help\n" 57 | " --version Print version\n" 58 | " --fd=FD Stop when FD is closed\n" 59 | " --args=FD Read arguments from FD\n\n" 60 | "Proxy Options:\n" 61 | " --filter Enable filtering\n" 62 | " --log Turn on logging\n" 63 | " --sloppy-names Report name changes for unique names\n" 64 | " --see=NAME Set 'see' policy for NAME\n" 65 | " --talk=NAME Set 'talk' policy for NAME\n" 66 | " --own=NAME Set 'own' policy for NAME\n" 67 | " --call=NAME=RULE Set RULE for calls on NAME\n" 68 | " --broadcast=NAME=RULE Set RULE for broadcasts from NAME\n" 69 | ); 70 | exit (ecode); 71 | } 72 | 73 | static GBytes * 74 | fd_readall_bytes (int fd, 75 | GError **error) 76 | { 77 | const guint maxreadlen = 4096; 78 | struct stat stbuf; 79 | gsize buf_allocated; 80 | g_autofree guint8* buf = NULL; 81 | gsize buf_size = 0; 82 | 83 | if (TEMP_FAILURE_RETRY (fstat (fd, &stbuf)) != 0) 84 | { 85 | int errsv = errno; 86 | g_set_error_literal (error, 87 | G_IO_ERROR, 88 | g_io_error_from_errno (errsv), 89 | g_strerror (errsv)); 90 | return NULL; 91 | } 92 | 93 | if (S_ISREG (stbuf.st_mode) && stbuf.st_size > 0) 94 | buf_allocated = stbuf.st_size; 95 | else 96 | buf_allocated = 16; 97 | 98 | buf = g_malloc (buf_allocated); 99 | 100 | while (TRUE) 101 | { 102 | gsize readlen = MIN (buf_allocated - buf_size, maxreadlen); 103 | gssize bytes_read; 104 | 105 | do 106 | bytes_read = read (fd, buf + buf_size, readlen); 107 | while (G_UNLIKELY (bytes_read == -1 && errno == EINTR)); 108 | 109 | if (G_UNLIKELY (bytes_read == -1)) 110 | { 111 | int errsv = errno; 112 | g_set_error_literal (error, 113 | G_IO_ERROR, 114 | g_io_error_from_errno (errsv), 115 | g_strerror (errsv)); 116 | return NULL; 117 | } 118 | if (bytes_read == 0) 119 | break; 120 | 121 | buf_size += bytes_read; 122 | if (buf_allocated - buf_size < maxreadlen) 123 | buf = g_realloc (buf, buf_allocated *= 2); 124 | } 125 | 126 | return g_bytes_new_take (g_steal_pointer (&buf), buf_size); 127 | } 128 | 129 | static void 130 | add_args (GBytes *bytes, 131 | GPtrArray *args, 132 | int pos) 133 | { 134 | gsize data_len, remainder_len; 135 | const guchar *data = g_bytes_get_data (bytes, &data_len); 136 | guchar *s; 137 | const guchar *remainder; 138 | 139 | remainder = data; 140 | remainder_len = data_len; 141 | s = memchr (remainder, 0, remainder_len); 142 | while (s) 143 | { 144 | gsize len = s - remainder; 145 | char *arg = g_strndup ((char *) remainder, len); 146 | g_ptr_array_insert (args, pos++, arg); 147 | remainder = s + 1; 148 | remainder_len -= len + 1; 149 | s = memchr (remainder, 0, remainder_len); 150 | } 151 | 152 | if (remainder_len) 153 | { 154 | char *arg = g_strndup ((char *) remainder, remainder_len); 155 | g_ptr_array_insert (args, pos++, arg); 156 | } 157 | } 158 | 159 | 160 | static gboolean 161 | parse_generic_args (GPtrArray *args, guint *args_i) 162 | { 163 | const char *arg = g_ptr_array_index (args, *args_i); 164 | 165 | if (strcmp (arg, "--help") == 0) 166 | { 167 | usage (EXIT_SUCCESS, stdout); 168 | } 169 | else if (strcmp (arg, "--version") == 0) 170 | { 171 | g_print ("%s %s\n", PACKAGE_NAME, PACKAGE_VERSION); 172 | exit (EXIT_SUCCESS); 173 | } 174 | else if (g_str_has_prefix (arg, "--fd=")) 175 | { 176 | const char *fd_s = arg + strlen ("--fd="); 177 | char *endptr; 178 | int fd; 179 | 180 | fd = strtol (fd_s, &endptr, 10); 181 | if (fd < 0 || endptr == fd_s || *endptr != 0) 182 | { 183 | g_printerr ("Invalid fd %s\n", fd_s); 184 | return FALSE; 185 | } 186 | sync_fd = fd; 187 | 188 | *args_i += 1; 189 | 190 | return TRUE; 191 | } 192 | else if (g_str_has_prefix (arg, "--args=")) 193 | { 194 | const char *fd_s = arg + strlen ("--args="); 195 | char *endptr; 196 | int fd; 197 | g_autoptr(GBytes) data = NULL; 198 | g_autoptr(GError) error = NULL; 199 | 200 | fd = strtol (fd_s, &endptr, 10); 201 | if (fd < 0 || endptr == fd_s || *endptr != 0) 202 | { 203 | g_printerr ("Invalid --args fd %s\n", fd_s); 204 | return FALSE; 205 | } 206 | 207 | data = fd_readall_bytes (fd, &error); 208 | 209 | if (data == NULL) 210 | { 211 | g_printerr ("Failed to load --args: %s\n", error->message); 212 | return FALSE; 213 | } 214 | 215 | *args_i += 1; 216 | 217 | add_args (data, args, *args_i); 218 | 219 | return TRUE; 220 | } 221 | else 222 | { 223 | g_printerr ("Unknown argument %s\n", arg); 224 | return FALSE; 225 | } 226 | } 227 | 228 | static gboolean 229 | start_proxy (GPtrArray *args, guint *args_i) 230 | { 231 | g_autoptr(FlatpakProxy) proxy = NULL; 232 | g_autoptr(GError) error = NULL; 233 | const char *bus_address, *socket_path; 234 | const char *arg; 235 | 236 | if (*args_i >= args->len || ((char *) g_ptr_array_index (args, *args_i))[0] == '-') 237 | { 238 | g_printerr ("No bus address given\n"); 239 | return FALSE; 240 | } 241 | 242 | bus_address = g_ptr_array_index (args, *args_i); 243 | *args_i += 1; 244 | 245 | if (*args_i >= args->len || ((char *) g_ptr_array_index (args, *args_i))[0] == '-') 246 | { 247 | g_printerr ("No socket path given\n"); 248 | return FALSE; 249 | } 250 | 251 | socket_path = g_ptr_array_index (args, *args_i); 252 | *args_i += 1; 253 | 254 | proxy = flatpak_proxy_new (bus_address, socket_path); 255 | 256 | while (*args_i < args->len) 257 | { 258 | arg = g_ptr_array_index (args, *args_i); 259 | 260 | if (arg[0] != '-') 261 | break; 262 | 263 | if (g_str_has_prefix (arg, "--see=") || 264 | g_str_has_prefix (arg, "--talk=") || 265 | g_str_has_prefix (arg, "--own=")) 266 | { 267 | FlatpakPolicy policy = FLATPAK_POLICY_SEE; 268 | g_autofree char *name = g_strdup (strchr (arg, '=') + 1); 269 | gboolean wildcard = FALSE; 270 | 271 | if (arg[2] == 't') 272 | policy = FLATPAK_POLICY_TALK; 273 | else if (arg[2] == 'o') 274 | policy = FLATPAK_POLICY_OWN; 275 | 276 | if (g_str_has_suffix (name, ".*")) 277 | { 278 | name[strlen (name) - 2] = 0; 279 | wildcard = TRUE; 280 | } 281 | 282 | if (name[0] == ':' || !g_dbus_is_name (name)) 283 | { 284 | g_printerr ("'%s' is not a valid dbus name\n", name); 285 | return FALSE; 286 | } 287 | 288 | flatpak_proxy_add_policy (proxy, name, wildcard, policy); 289 | 290 | *args_i += 1; 291 | } 292 | else if (g_str_has_prefix (arg, "--call=") || 293 | g_str_has_prefix (arg, "--broadcast=")) 294 | { 295 | g_autofree char *rest = g_strdup (strchr (arg, '=') + 1); 296 | char *name = rest; 297 | char *rule; 298 | char *name_end = strchr (rest, '='); 299 | gboolean wildcard = FALSE; 300 | 301 | if (name_end == NULL) 302 | { 303 | g_printerr ("'%s' is not a valid name + rule\n", rest); 304 | return FALSE; 305 | } 306 | 307 | *name_end = 0; 308 | rule = name_end + 1; 309 | 310 | if (g_str_has_suffix (name, ".*")) 311 | { 312 | name[strlen (name) - 2] = 0; 313 | wildcard = TRUE; 314 | } 315 | 316 | if (g_str_has_prefix (arg, "--call=")) 317 | flatpak_proxy_add_call_rule (proxy, name, wildcard, rule); 318 | else 319 | flatpak_proxy_add_broadcast_rule (proxy, name, wildcard, rule); 320 | 321 | *args_i += 1; 322 | } 323 | else if (g_str_equal (arg, "--log")) 324 | { 325 | flatpak_proxy_set_log_messages (proxy, TRUE); 326 | *args_i += 1; 327 | } 328 | else if (g_str_equal (arg, "--filter")) 329 | { 330 | flatpak_proxy_set_filter (proxy, TRUE); 331 | *args_i += 1; 332 | } 333 | else if (g_str_equal (arg, "--sloppy-names")) 334 | { 335 | /* This means we're reporting the name changes for all unique names, 336 | which is needed for the a11y bus */ 337 | flatpak_proxy_set_sloppy_names (proxy, TRUE); 338 | *args_i += 1; 339 | } 340 | else 341 | { 342 | if (!parse_generic_args (args, args_i)) 343 | return FALSE; 344 | } 345 | } 346 | 347 | if (!flatpak_proxy_start (proxy, &error)) 348 | { 349 | g_printerr ("Failed to start proxy for %s: %s\n", bus_address, error->message); 350 | return FALSE; 351 | } 352 | 353 | proxies = g_list_prepend (proxies, g_object_ref (proxy)); 354 | 355 | return TRUE; 356 | } 357 | 358 | static gboolean 359 | sync_closed_cb (GIOChannel *source, 360 | GIOCondition condition, 361 | gpointer data) 362 | { 363 | GList *l; 364 | 365 | for (l = proxies; l != NULL; l = l->next) 366 | flatpak_proxy_stop (FLATPAK_PROXY (l->data)); 367 | 368 | exit (0); 369 | return TRUE; 370 | } 371 | 372 | int 373 | main (int argc, const char *argv[]) 374 | { 375 | g_autoptr(GPtrArray) args = NULL; 376 | GMainLoop *service_loop; 377 | int i; 378 | guint args_i; 379 | 380 | setlocale (LC_ALL, ""); 381 | 382 | args = g_ptr_array_new_with_free_func (g_free); 383 | 384 | argv0 = argv[0]; 385 | 386 | if (argc == 1) 387 | usage (EXIT_FAILURE, stderr); 388 | 389 | for (i = 1; i < argc; i++) 390 | g_ptr_array_add (args, g_strdup ((char *) argv[i])); 391 | 392 | args_i = 0; 393 | while (args_i < args->len) 394 | { 395 | const char *arg = g_ptr_array_index (args, args_i); 396 | if (arg[0] == '-') 397 | { 398 | if (!parse_generic_args (args, &args_i)) 399 | return EXIT_FAILURE; 400 | } 401 | else 402 | { 403 | if (!start_proxy (args, &args_i)) 404 | return EXIT_FAILURE; 405 | } 406 | } 407 | 408 | if (proxies == NULL) 409 | { 410 | g_printerr ("No proxies specified\n"); 411 | return EXIT_FAILURE; 412 | } 413 | 414 | if (sync_fd >= 0) 415 | { 416 | ssize_t written; 417 | GIOChannel *sync_channel; 418 | written = write (sync_fd, "x", 1); 419 | if (written != 1) 420 | g_warning ("Can't write to sync socket"); 421 | 422 | sync_channel = g_io_channel_unix_new (sync_fd); 423 | g_io_add_watch (sync_channel, G_IO_ERR | G_IO_HUP, 424 | sync_closed_cb, NULL); 425 | } 426 | 427 | service_loop = g_main_loop_new (NULL, FALSE); 428 | g_main_loop_run (service_loop); 429 | 430 | g_main_loop_unref (service_loop); 431 | 432 | return EXIT_SUCCESS; 433 | } 434 | -------------------------------------------------------------------------------- /COPYING: -------------------------------------------------------------------------------- 1 | GNU LESSER GENERAL PUBLIC LICENSE 2 | Version 2.1, February 1999 3 | 4 | Copyright (C) 1991, 1999 Free Software Foundation, Inc. 5 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 6 | Everyone is permitted to copy and distribute verbatim copies 7 | of this license document, but changing it is not allowed. 8 | 9 | [This is the first released version of the Lesser GPL. It also counts 10 | as the successor of the GNU Library Public License, version 2, hence 11 | the version number 2.1.] 12 | 13 | Preamble 14 | 15 | The licenses for most software are designed to take away your 16 | freedom to share and change it. By contrast, the GNU General Public 17 | Licenses are intended to guarantee your freedom to share and change 18 | free software--to make sure the software is free for all its users. 19 | 20 | This license, the Lesser General Public License, applies to some 21 | specially designated software packages--typically libraries--of the 22 | Free Software Foundation and other authors who decide to use it. You 23 | can use it too, but we suggest you first think carefully about whether 24 | this license or the ordinary General Public License is the better 25 | strategy to use in any particular case, based on the explanations below. 26 | 27 | When we speak of free software, we are referring to freedom of use, 28 | not price. Our General Public Licenses are designed to make sure that 29 | you have the freedom to distribute copies of free software (and charge 30 | for this service if you wish); that you receive source code or can get 31 | it if you want it; that you can change the software and use pieces of 32 | it in new free programs; and that you are informed that you can do 33 | these things. 34 | 35 | To protect your rights, we need to make restrictions that forbid 36 | distributors to deny you these rights or to ask you to surrender these 37 | rights. These restrictions translate to certain responsibilities for 38 | you if you distribute copies of the library or if you modify it. 39 | 40 | For example, if you distribute copies of the library, whether gratis 41 | or for a fee, you must give the recipients all the rights that we gave 42 | you. You must make sure that they, too, receive or can get the source 43 | code. If you link other code with the library, you must provide 44 | complete object files to the recipients, so that they can relink them 45 | with the library after making changes to the library and recompiling 46 | it. And you must show them these terms so they know their rights. 47 | 48 | We protect your rights with a two-step method: (1) we copyright the 49 | library, and (2) we offer you this license, which gives you legal 50 | permission to copy, distribute and/or modify the library. 51 | 52 | To protect each distributor, we want to make it very clear that 53 | there is no warranty for the free library. Also, if the library is 54 | modified by someone else and passed on, the recipients should know 55 | that what they have is not the original version, so that the original 56 | author's reputation will not be affected by problems that might be 57 | introduced by others. 58 | 59 | Finally, software patents pose a constant threat to the existence of 60 | any free program. We wish to make sure that a company cannot 61 | effectively restrict the users of a free program by obtaining a 62 | restrictive license from a patent holder. Therefore, we insist that 63 | any patent license obtained for a version of the library must be 64 | consistent with the full freedom of use specified in this license. 65 | 66 | Most GNU software, including some libraries, is covered by the 67 | ordinary GNU General Public License. This license, the GNU Lesser 68 | General Public License, applies to certain designated libraries, and 69 | is quite different from the ordinary General Public License. We use 70 | this license for certain libraries in order to permit linking those 71 | libraries into non-free programs. 72 | 73 | When a program is linked with a library, whether statically or using 74 | a shared library, the combination of the two is legally speaking a 75 | combined work, a derivative of the original library. The ordinary 76 | General Public License therefore permits such linking only if the 77 | entire combination fits its criteria of freedom. The Lesser General 78 | Public License permits more lax criteria for linking other code with 79 | the library. 80 | 81 | We call this license the "Lesser" General Public License because it 82 | does Less to protect the user's freedom than the ordinary General 83 | Public License. It also provides other free software developers Less 84 | of an advantage over competing non-free programs. These disadvantages 85 | are the reason we use the ordinary General Public License for many 86 | libraries. However, the Lesser license provides advantages in certain 87 | special circumstances. 88 | 89 | For example, on rare occasions, there may be a special need to 90 | encourage the widest possible use of a certain library, so that it becomes 91 | a de-facto standard. To achieve this, non-free programs must be 92 | allowed to use the library. A more frequent case is that a free 93 | library does the same job as widely used non-free libraries. In this 94 | case, there is little to gain by limiting the free library to free 95 | software only, so we use the Lesser General Public License. 96 | 97 | In other cases, permission to use a particular library in non-free 98 | programs enables a greater number of people to use a large body of 99 | free software. For example, permission to use the GNU C Library in 100 | non-free programs enables many more people to use the whole GNU 101 | operating system, as well as its variant, the GNU/Linux operating 102 | system. 103 | 104 | Although the Lesser General Public License is Less protective of the 105 | users' freedom, it does ensure that the user of a program that is 106 | linked with the Library has the freedom and the wherewithal to run 107 | that program using a modified version of the Library. 108 | 109 | The precise terms and conditions for copying, distribution and 110 | modification follow. Pay close attention to the difference between a 111 | "work based on the library" and a "work that uses the library". The 112 | former contains code derived from the library, whereas the latter must 113 | be combined with the library in order to run. 114 | 115 | GNU LESSER GENERAL PUBLIC LICENSE 116 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 117 | 118 | 0. This License Agreement applies to any software library or other 119 | program which contains a notice placed by the copyright holder or 120 | other authorized party saying it may be distributed under the terms of 121 | this Lesser General Public License (also called "this License"). 122 | Each licensee is addressed as "you". 123 | 124 | A "library" means a collection of software functions and/or data 125 | prepared so as to be conveniently linked with application programs 126 | (which use some of those functions and data) to form executables. 127 | 128 | The "Library", below, refers to any such software library or work 129 | which has been distributed under these terms. A "work based on the 130 | Library" means either the Library or any derivative work under 131 | copyright law: that is to say, a work containing the Library or a 132 | portion of it, either verbatim or with modifications and/or translated 133 | straightforwardly into another language. (Hereinafter, translation is 134 | included without limitation in the term "modification".) 135 | 136 | "Source code" for a work means the preferred form of the work for 137 | making modifications to it. For a library, complete source code means 138 | all the source code for all modules it contains, plus any associated 139 | interface definition files, plus the scripts used to control compilation 140 | and installation of the library. 141 | 142 | Activities other than copying, distribution and modification are not 143 | covered by this License; they are outside its scope. The act of 144 | running a program using the Library is not restricted, and output from 145 | such a program is covered only if its contents constitute a work based 146 | on the Library (independent of the use of the Library in a tool for 147 | writing it). Whether that is true depends on what the Library does 148 | and what the program that uses the Library does. 149 | 150 | 1. You may copy and distribute verbatim copies of the Library's 151 | complete source code as you receive it, in any medium, provided that 152 | you conspicuously and appropriately publish on each copy an 153 | appropriate copyright notice and disclaimer of warranty; keep intact 154 | all the notices that refer to this License and to the absence of any 155 | warranty; and distribute a copy of this License along with the 156 | Library. 157 | 158 | You may charge a fee for the physical act of transferring a copy, 159 | and you may at your option offer warranty protection in exchange for a 160 | fee. 161 | 162 | 2. You may modify your copy or copies of the Library or any portion 163 | of it, thus forming a work based on the Library, and copy and 164 | distribute such modifications or work under the terms of Section 1 165 | above, provided that you also meet all of these conditions: 166 | 167 | a) The modified work must itself be a software library. 168 | 169 | b) You must cause the files modified to carry prominent notices 170 | stating that you changed the files and the date of any change. 171 | 172 | c) You must cause the whole of the work to be licensed at no 173 | charge to all third parties under the terms of this License. 174 | 175 | d) If a facility in the modified Library refers to a function or a 176 | table of data to be supplied by an application program that uses 177 | the facility, other than as an argument passed when the facility 178 | is invoked, then you must make a good faith effort to ensure that, 179 | in the event an application does not supply such function or 180 | table, the facility still operates, and performs whatever part of 181 | its purpose remains meaningful. 182 | 183 | (For example, a function in a library to compute square roots has 184 | a purpose that is entirely well-defined independent of the 185 | application. Therefore, Subsection 2d requires that any 186 | application-supplied function or table used by this function must 187 | be optional: if the application does not supply it, the square 188 | root function must still compute square roots.) 189 | 190 | These requirements apply to the modified work as a whole. If 191 | identifiable sections of that work are not derived from the Library, 192 | and can be reasonably considered independent and separate works in 193 | themselves, then this License, and its terms, do not apply to those 194 | sections when you distribute them as separate works. But when you 195 | distribute the same sections as part of a whole which is a work based 196 | on the Library, the distribution of the whole must be on the terms of 197 | this License, whose permissions for other licensees extend to the 198 | entire whole, and thus to each and every part regardless of who wrote 199 | it. 200 | 201 | Thus, it is not the intent of this section to claim rights or contest 202 | your rights to work written entirely by you; rather, the intent is to 203 | exercise the right to control the distribution of derivative or 204 | collective works based on the Library. 205 | 206 | In addition, mere aggregation of another work not based on the Library 207 | with the Library (or with a work based on the Library) on a volume of 208 | a storage or distribution medium does not bring the other work under 209 | the scope of this License. 210 | 211 | 3. You may opt to apply the terms of the ordinary GNU General Public 212 | License instead of this License to a given copy of the Library. To do 213 | this, you must alter all the notices that refer to this License, so 214 | that they refer to the ordinary GNU General Public License, version 2, 215 | instead of to this License. (If a newer version than version 2 of the 216 | ordinary GNU General Public License has appeared, then you can specify 217 | that version instead if you wish.) Do not make any other change in 218 | these notices. 219 | 220 | Once this change is made in a given copy, it is irreversible for 221 | that copy, so the ordinary GNU General Public License applies to all 222 | subsequent copies and derivative works made from that copy. 223 | 224 | This option is useful when you wish to copy part of the code of 225 | the Library into a program that is not a library. 226 | 227 | 4. You may copy and distribute the Library (or a portion or 228 | derivative of it, under Section 2) in object code or executable form 229 | under the terms of Sections 1 and 2 above provided that you accompany 230 | it with the complete corresponding machine-readable source code, which 231 | must be distributed under the terms of Sections 1 and 2 above on a 232 | medium customarily used for software interchange. 233 | 234 | If distribution of object code is made by offering access to copy 235 | from a designated place, then offering equivalent access to copy the 236 | source code from the same place satisfies the requirement to 237 | distribute the source code, even though third parties are not 238 | compelled to copy the source along with the object code. 239 | 240 | 5. A program that contains no derivative of any portion of the 241 | Library, but is designed to work with the Library by being compiled or 242 | linked with it, is called a "work that uses the Library". Such a 243 | work, in isolation, is not a derivative work of the Library, and 244 | therefore falls outside the scope of this License. 245 | 246 | However, linking a "work that uses the Library" with the Library 247 | creates an executable that is a derivative of the Library (because it 248 | contains portions of the Library), rather than a "work that uses the 249 | library". The executable is therefore covered by this License. 250 | Section 6 states terms for distribution of such executables. 251 | 252 | When a "work that uses the Library" uses material from a header file 253 | that is part of the Library, the object code for the work may be a 254 | derivative work of the Library even though the source code is not. 255 | Whether this is true is especially significant if the work can be 256 | linked without the Library, or if the work is itself a library. The 257 | threshold for this to be true is not precisely defined by law. 258 | 259 | If such an object file uses only numerical parameters, data 260 | structure layouts and accessors, and small macros and small inline 261 | functions (ten lines or less in length), then the use of the object 262 | file is unrestricted, regardless of whether it is legally a derivative 263 | work. (Executables containing this object code plus portions of the 264 | Library will still fall under Section 6.) 265 | 266 | Otherwise, if the work is a derivative of the Library, you may 267 | distribute the object code for the work under the terms of Section 6. 268 | Any executables containing that work also fall under Section 6, 269 | whether or not they are linked directly with the Library itself. 270 | 271 | 6. As an exception to the Sections above, you may also combine or 272 | link a "work that uses the Library" with the Library to produce a 273 | work containing portions of the Library, and distribute that work 274 | under terms of your choice, provided that the terms permit 275 | modification of the work for the customer's own use and reverse 276 | engineering for debugging such modifications. 277 | 278 | You must give prominent notice with each copy of the work that the 279 | Library is used in it and that the Library and its use are covered by 280 | this License. You must supply a copy of this License. If the work 281 | during execution displays copyright notices, you must include the 282 | copyright notice for the Library among them, as well as a reference 283 | directing the user to the copy of this License. Also, you must do one 284 | of these things: 285 | 286 | a) Accompany the work with the complete corresponding 287 | machine-readable source code for the Library including whatever 288 | changes were used in the work (which must be distributed under 289 | Sections 1 and 2 above); and, if the work is an executable linked 290 | with the Library, with the complete machine-readable "work that 291 | uses the Library", as object code and/or source code, so that the 292 | user can modify the Library and then relink to produce a modified 293 | executable containing the modified Library. (It is understood 294 | that the user who changes the contents of definitions files in the 295 | Library will not necessarily be able to recompile the application 296 | to use the modified definitions.) 297 | 298 | b) Use a suitable shared library mechanism for linking with the 299 | Library. A suitable mechanism is one that (1) uses at run time a 300 | copy of the library already present on the user's computer system, 301 | rather than copying library functions into the executable, and (2) 302 | will operate properly with a modified version of the library, if 303 | the user installs one, as long as the modified version is 304 | interface-compatible with the version that the work was made with. 305 | 306 | c) Accompany the work with a written offer, valid for at 307 | least three years, to give the same user the materials 308 | specified in Subsection 6a, above, for a charge no more 309 | than the cost of performing this distribution. 310 | 311 | d) If distribution of the work is made by offering access to copy 312 | from a designated place, offer equivalent access to copy the above 313 | specified materials from the same place. 314 | 315 | e) Verify that the user has already received a copy of these 316 | materials or that you have already sent this user a copy. 317 | 318 | For an executable, the required form of the "work that uses the 319 | Library" must include any data and utility programs needed for 320 | reproducing the executable from it. However, as a special exception, 321 | the materials to be distributed need not include anything that is 322 | normally distributed (in either source or binary form) with the major 323 | components (compiler, kernel, and so on) of the operating system on 324 | which the executable runs, unless that component itself accompanies 325 | the executable. 326 | 327 | It may happen that this requirement contradicts the license 328 | restrictions of other proprietary libraries that do not normally 329 | accompany the operating system. Such a contradiction means you cannot 330 | use both them and the Library together in an executable that you 331 | distribute. 332 | 333 | 7. You may place library facilities that are a work based on the 334 | Library side-by-side in a single library together with other library 335 | facilities not covered by this License, and distribute such a combined 336 | library, provided that the separate distribution of the work based on 337 | the Library and of the other library facilities is otherwise 338 | permitted, and provided that you do these two things: 339 | 340 | a) Accompany the combined library with a copy of the same work 341 | based on the Library, uncombined with any other library 342 | facilities. This must be distributed under the terms of the 343 | Sections above. 344 | 345 | b) Give prominent notice with the combined library of the fact 346 | that part of it is a work based on the Library, and explaining 347 | where to find the accompanying uncombined form of the same work. 348 | 349 | 8. You may not copy, modify, sublicense, link with, or distribute 350 | the Library except as expressly provided under this License. Any 351 | attempt otherwise to copy, modify, sublicense, link with, or 352 | distribute the Library is void, and will automatically terminate your 353 | rights under this License. However, parties who have received copies, 354 | or rights, from you under this License will not have their licenses 355 | terminated so long as such parties remain in full compliance. 356 | 357 | 9. You are not required to accept this License, since you have not 358 | signed it. However, nothing else grants you permission to modify or 359 | distribute the Library or its derivative works. These actions are 360 | prohibited by law if you do not accept this License. Therefore, by 361 | modifying or distributing the Library (or any work based on the 362 | Library), you indicate your acceptance of this License to do so, and 363 | all its terms and conditions for copying, distributing or modifying 364 | the Library or works based on it. 365 | 366 | 10. Each time you redistribute the Library (or any work based on the 367 | Library), the recipient automatically receives a license from the 368 | original licensor to copy, distribute, link with or modify the Library 369 | subject to these terms and conditions. You may not impose any further 370 | restrictions on the recipients' exercise of the rights granted herein. 371 | You are not responsible for enforcing compliance by third parties with 372 | this License. 373 | 374 | 11. If, as a consequence of a court judgment or allegation of patent 375 | infringement or for any other reason (not limited to patent issues), 376 | conditions are imposed on you (whether by court order, agreement or 377 | otherwise) that contradict the conditions of this License, they do not 378 | excuse you from the conditions of this License. If you cannot 379 | distribute so as to satisfy simultaneously your obligations under this 380 | License and any other pertinent obligations, then as a consequence you 381 | may not distribute the Library at all. For example, if a patent 382 | license would not permit royalty-free redistribution of the Library by 383 | all those who receive copies directly or indirectly through you, then 384 | the only way you could satisfy both it and this License would be to 385 | refrain entirely from distribution of the Library. 386 | 387 | If any portion of this section is held invalid or unenforceable under any 388 | particular circumstance, the balance of the section is intended to apply, 389 | and the section as a whole is intended to apply in other circumstances. 390 | 391 | It is not the purpose of this section to induce you to infringe any 392 | patents or other property right claims or to contest validity of any 393 | such claims; this section has the sole purpose of protecting the 394 | integrity of the free software distribution system which is 395 | implemented by public license practices. Many people have made 396 | generous contributions to the wide range of software distributed 397 | through that system in reliance on consistent application of that 398 | system; it is up to the author/donor to decide if he or she is willing 399 | to distribute software through any other system and a licensee cannot 400 | impose that choice. 401 | 402 | This section is intended to make thoroughly clear what is believed to 403 | be a consequence of the rest of this License. 404 | 405 | 12. If the distribution and/or use of the Library is restricted in 406 | certain countries either by patents or by copyrighted interfaces, the 407 | original copyright holder who places the Library under this License may add 408 | an explicit geographical distribution limitation excluding those countries, 409 | so that distribution is permitted only in or among countries not thus 410 | excluded. In such case, this License incorporates the limitation as if 411 | written in the body of this License. 412 | 413 | 13. The Free Software Foundation may publish revised and/or new 414 | versions of the Lesser General Public License from time to time. 415 | Such new versions will be similar in spirit to the present version, 416 | but may differ in detail to address new problems or concerns. 417 | 418 | Each version is given a distinguishing version number. If the Library 419 | specifies a version number of this License which applies to it and 420 | "any later version", you have the option of following the terms and 421 | conditions either of that version or of any later version published by 422 | the Free Software Foundation. If the Library does not specify a 423 | license version number, you may choose any version ever published by 424 | the Free Software Foundation. 425 | 426 | 14. If you wish to incorporate parts of the Library into other free 427 | programs whose distribution conditions are incompatible with these, 428 | write to the author to ask for permission. For software which is 429 | copyrighted by the Free Software Foundation, write to the Free 430 | Software Foundation; we sometimes make exceptions for this. Our 431 | decision will be guided by the two goals of preserving the free status 432 | of all derivatives of our free software and of promoting the sharing 433 | and reuse of software generally. 434 | 435 | NO WARRANTY 436 | 437 | 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO 438 | WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. 439 | EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR 440 | OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY 441 | KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE 442 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 443 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE 444 | LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME 445 | THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 446 | 447 | 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN 448 | WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY 449 | AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU 450 | FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR 451 | CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE 452 | LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING 453 | RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A 454 | FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF 455 | SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH 456 | DAMAGES. 457 | 458 | END OF TERMS AND CONDITIONS 459 | 460 | How to Apply These Terms to Your New Libraries 461 | 462 | If you develop a new library, and you want it to be of the greatest 463 | possible use to the public, we recommend making it free software that 464 | everyone can redistribute and change. You can do so by permitting 465 | redistribution under these terms (or, alternatively, under the terms of the 466 | ordinary General Public License). 467 | 468 | To apply these terms, attach the following notices to the library. It is 469 | safest to attach them to the start of each source file to most effectively 470 | convey the exclusion of warranty; and each file should have at least the 471 | "copyright" line and a pointer to where the full notice is found. 472 | 473 | 474 | Copyright (C) 475 | 476 | This library is free software; you can redistribute it and/or 477 | modify it under the terms of the GNU Lesser General Public 478 | License as published by the Free Software Foundation; either 479 | version 2.1 of the License, or (at your option) any later version. 480 | 481 | This library is distributed in the hope that it will be useful, 482 | but WITHOUT ANY WARRANTY; without even the implied warranty of 483 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 484 | Lesser General Public License for more details. 485 | 486 | You should have received a copy of the GNU Lesser General Public 487 | License along with this library; if not, write to the Free Software 488 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 489 | 490 | Also add information on how to contact you by electronic and paper mail. 491 | 492 | You should also get your employer (if you work as a programmer) or your 493 | school, if any, to sign a "copyright disclaimer" for the library, if 494 | necessary. Here is a sample; alter the names: 495 | 496 | Yoyodyne, Inc., hereby disclaims all copyright interest in the 497 | library `Frob' (a library for tweaking knobs) written by James Random Hacker. 498 | 499 | , 1 April 1990 500 | Ty Coon, President of Vice 501 | 502 | That's all there is to it! 503 | -------------------------------------------------------------------------------- /flatpak-proxy.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright © 2015 Red Hat, Inc 3 | * 4 | * This program is free software; you can redistribute it and/or 5 | * modify it under the terms of the GNU Lesser General Public 6 | * License as published by the Free Software Foundation; either 7 | * version 2.1 of the License, or (at your option) any later version. 8 | * 9 | * This library is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 | * Lesser General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU Lesser General Public 15 | * License along with this library. If not, see . 16 | * 17 | * Authors: 18 | * Alexander Larsson 19 | */ 20 | 21 | #include "config.h" 22 | 23 | #include 24 | #include 25 | 26 | #include "flatpak-proxy.h" 27 | 28 | #include 29 | #include 30 | #include 31 | 32 | #if !GLIB_CHECK_VERSION(2, 58, 0) 33 | # define G_SOURCE_FUNC(f) ((GSourceFunc) (void (*)(void)) (f)) 34 | #endif 35 | 36 | /** 37 | * The proxy listens to a unix domain socket, and for each new 38 | * connection it opens up a new connection to a specified dbus bus 39 | * address (typically the session bus) and forwards data between the 40 | * two. During the authentication phase all data is forwarded as 41 | * received, and additionally for the first 1 byte zero we also send 42 | * the proxy credentials to the bus. 43 | * 44 | * Once the connection is authenticated there are two modes, filtered 45 | * and unfiltered. In the unfiltered mode we just send all messages on 46 | * as we receive, but in the in the filtering mode we apply a policy, 47 | * which is similar to the policy supported by kdbus. 48 | * 49 | * The policy for the filtering consists of a mapping from well-known 50 | * names to a policy that is either SEE, TALK or OWN. The default 51 | * initial policy is that the the user is only allowed to TALK to the 52 | * bus itself (org.freedesktop.DBus, or no destination specified), and 53 | * TALK to its own unique id. All other clients are invisible. The 54 | * well-known names can be specified exactly, or as a arg0namespace 55 | * wildcards like "org.foo.*" which matches "org.foo", "org.foo.bar", 56 | * and "org.foo.bar.gazonk", but not "org.foobar". 57 | * 58 | * Polices are specified for well-known names, but they also affect 59 | * the owner of that name, so that the policy for a unique id is the 60 | * superset of the polices for all the names it owns. Due to technical 61 | * reasons the policy for a unique name is "sticky", in that we keep 62 | * the highest policy granted by a once-owned name even when the client 63 | * releases that name. This is impossible to avoid in a race-free way 64 | * in a proxy. But this is rarely a problem in practice, as clients 65 | * rarely release names and stay on the bus. 66 | * 67 | * Here is a description of the policy levels: 68 | * (all policy levels also imply the ones before it) 69 | * 70 | * SEE: 71 | * The name/id is visible in the ListNames reply 72 | * The name/id is visible in the ListActivatableNames reply 73 | * You can call GetNameOwner on the name 74 | * You can call NameHasOwner on the name 75 | * You see NameOwnerChanged signals on the name 76 | * You see NameOwnerChanged signals on the id when the client disconnects 77 | * You can call the GetXXX methods on the name/id to get e.g. the peer pid 78 | * You get AccessDenied rather than NameHasNoOwner when sending messages to the name/id 79 | * 80 | * TALK: 81 | * You can send any method calls and signals to the name/id 82 | * You will receive broadcast signals from the name/id (if you have a match rule for them) 83 | * You can call StartServiceByName on the name 84 | * 85 | * OWN: 86 | * You are allowed to call RequestName/ReleaseName/ListQueuedOwners on the name. 87 | * 88 | * Additionally, there can be more detailed filters installed that 89 | * limits what messages you can send to and receive broadcasts from. 90 | * However, if you can *ever* call or recieve broadcasts from a name (even if 91 | * filtered to some subset of paths/interfaces) its visibility is considered 92 | * to be as TALK. 93 | * 94 | * The policy applies only to outgoing signals and method calls and 95 | * incoming broadcast. All replies (errors or method returns) are 96 | * allowed once for an outstanding method call, and never 97 | * otherwise. 98 | * 99 | * Every peer on the bus is considered priviledged, and we thus trust 100 | * it and don't apply any filtering (except broadcasts). So we rely on 101 | * similar proxies to be running for all untrusted clients. Any such 102 | * priviledged peer is allowed to send method call or unicast signal 103 | * messages to the proxied client. Once another peer 104 | * sends you a message the unique id of that peer is now made visible 105 | * (policy SEE) to the proxied client, allowing the client to track 106 | * caller lifetimes via NameOwnerChanged signals. 107 | * 108 | * Differences to kdbus custom endpoint policies: 109 | * 110 | * * The proxy will return the credentials (like pid) of the proxy, 111 | * not the real client. 112 | * 113 | * * Policy is not dropped when a peer releases a name. 114 | * 115 | * * Peers that call you become visible (SEE) (and get signals for 116 | * NameOwnerChange disconnect) In kdbus currently custom endpoints 117 | * never get NameOwnerChange signals for unique ids, but this is 118 | * problematic as it disallows a services to track lifetimes of its 119 | * clients. 120 | * 121 | * Mode of operation 122 | * 123 | * Once authenticated we receive incoming messages one at a time, 124 | * and then we demarshal the message headers to make routing decisions. 125 | * This means we trust the bus to do message format validation, etc. 126 | * (because we don't parse the body). Also we assume that the bus verifies 127 | * reply_serials, i.e. that a reply can only be sent once and by the real 128 | * recipient of an previously sent method call. 129 | * 130 | * Serial numbers larger than MAX_CLIENT_SERIAL reserved for messages created by the 131 | * proxy itself (fake messages). This limits the possible values of serials 132 | * available to the client to the value of MAX_CLIENT_SERIAL. Versions 133 | * older than 0.1.6 required monotonically increasing serials instead. This 134 | * mechanism was dropped since it caused regular issues with multiple D-Bus 135 | * clients. 136 | * 137 | * In order to track the ownership of the allowed names we hijack the 138 | * connection after the initial Hello message, sending AddMatch, 139 | * ListNames and GetNameOwner messages to get a proper view of who 140 | * owns the names atm. Then we listen to NameOwnerChanged events for 141 | * further updates. This causes some serials abow MAX_CLIENT_SERIAL to be 142 | * used for "fake messages". 143 | * 144 | * After that the filter is strictly passive, in that we never 145 | * construct our own requests. For each message received from the 146 | * client we look up the type and the destination policy and make a 147 | * decision to either pass it on as is, rewrite it before passing on 148 | * (for instance ListName replies), drop it completely, or return a 149 | * made-up reply/error to the sender. 150 | * 151 | * When returning a made-up reply we replace the actual message with a 152 | * Ping request to the bus with the same serial and replace the resulting 153 | * reply with the made up reply (with the serial from the Ping reply). 154 | * This means we keep the strict message ordering and serial numbers of 155 | * the bus. 156 | * 157 | * Policy is applied to unique ids in the following cases: 158 | * * During startup we call AddWatch for signals on all policy names 159 | * and wildcards (using arg0namespace) so that we get NameOwnerChanged 160 | * events which we use to update the unique id policies. 161 | * * During startup we create synthetic GetNameOwner requests for all 162 | * normal policy names, and if there are wildcarded names we create a 163 | * synthetic ListNames request and use the results of that to do further 164 | * GetNameOwner for the existing names matching the wildcards. When we get 165 | * replies for the GetNameOwner requests the unique id policy is updated. 166 | * * When we get a method call from a unique id, it gets SEE 167 | * * When we get a reply to the initial Hello request we give 168 | * our own assigned unique id policy TALK. 169 | * 170 | * There is also a mode called "sloppy-names" where you automatically get 171 | * SEE access to all the unique names on the bus. This is used only for 172 | * the a11y bus. 173 | * 174 | * All messages sent to the bus itself are fully demarshalled 175 | * and handled on a per-method basis: 176 | * 177 | * Hello, AddMatch, RemoveMatch, GetId: Always allowed 178 | * ListNames, ListActivatableNames: Always allowed, but response filtered 179 | * UpdateActivationEnvironment, BecomeMonitor: Always denied 180 | * RequestName, ReleaseName, ListQueuedOwners: Only allowed if arg0 is a name with policy OWN 181 | * NameHasOwner, GetNameOwner: Only pass on if arg0 is a name with policy SEE, otherwise return synthetic reply 182 | * StartServiceByName: Only allowed if policy TALK on arg0 183 | * GetConnectionUnixProcessID, GetConnectionCredentials, 184 | * GetAdtAuditSessionData, GetConnectionSELinuxSecurityContext, 185 | * GetConnectionUnixUser: Allowed if policy SEE on arg0 186 | * 187 | * For unknown methods, we return a synthetic error. 188 | */ 189 | 190 | typedef struct FlatpakProxyClient FlatpakProxyClient; 191 | 192 | #define FIND_AUTH_END_CONTINUE -1 193 | #define FIND_AUTH_END_ABORT -2 194 | 195 | #define AUTH_LINE_SENTINEL "\r\n" 196 | #define AUTH_BEGIN "BEGIN" 197 | 198 | // Use a relatively hight number since there are not a lot of fake requests we need to do 199 | #define MAX_CLIENT_SERIAL (G_MAXUINT32 - 65536) 200 | 201 | typedef enum { 202 | /* The client has not sent BEGIN yet */ 203 | AUTH_WAITING_FOR_BEGIN, 204 | /* The client sent BEGIN, but the server has not yet responded to the auth 205 | messages that the client sent before */ 206 | AUTH_WAITING_FOR_BACKLOG, 207 | /* Authentication is fully complete */ 208 | AUTH_COMPLETE, 209 | } AuthState; 210 | 211 | typedef enum { 212 | EXPECTED_REPLY_NONE, 213 | EXPECTED_REPLY_NORMAL, 214 | EXPECTED_REPLY_HELLO, 215 | EXPECTED_REPLY_FILTER, 216 | EXPECTED_REPLY_FAKE_GET_NAME_OWNER, 217 | EXPECTED_REPLY_FAKE_LIST_NAMES, 218 | EXPECTED_REPLY_LIST_NAMES, 219 | EXPECTED_REPLY_REWRITE, 220 | } ExpectedReplyType; 221 | 222 | typedef struct 223 | { 224 | /* During write and message parsing this is the size of the valid data in the buffer. 225 | During reads this is the capacity of the buffer. */ 226 | gsize size; 227 | /* Offset to the first writable position (the buffer is full when pos == 228 | * size) */ 229 | gsize pos; 230 | /* Offset to the first byte that hasn't been sent yet */ 231 | gsize sent; 232 | int refcount; 233 | gboolean send_credentials; 234 | GList *control_messages; 235 | 236 | guchar data[16]; 237 | /* data continues here */ 238 | } Buffer; 239 | 240 | typedef struct 241 | { 242 | Buffer *buffer; 243 | gboolean big_endian; 244 | guchar type; 245 | guchar flags; 246 | guint32 length; 247 | guint32 serial; 248 | const char *path; 249 | const char *interface; 250 | const char *member; 251 | const char *error_name; 252 | const char *destination; 253 | const char *sender; 254 | const char *signature; 255 | gboolean has_reply_serial; 256 | guint32 reply_serial; 257 | guint32 unix_fds; 258 | } Header; 259 | 260 | typedef enum { 261 | FILTER_TYPE_CALL = 1 << 0, 262 | FILTER_TYPE_BROADCAST = 1 << 1, 263 | } FilterTypeMask; 264 | 265 | #define FILTER_TYPE_ALL (FILTER_TYPE_CALL | FILTER_TYPE_BROADCAST) 266 | 267 | typedef struct 268 | { 269 | char *name; 270 | gboolean name_is_subtree; 271 | FlatpakPolicy policy; 272 | 273 | /* More detailed filter */ 274 | FilterTypeMask types; 275 | char *path; 276 | gboolean path_is_subtree; 277 | char *interface; 278 | char *member; 279 | } Filter; 280 | 281 | static void header_free (Header *header); 282 | G_DEFINE_AUTOPTR_CLEANUP_FUNC (Header, header_free) 283 | 284 | typedef struct 285 | { 286 | gboolean got_first_byte; /* always true on bus side */ 287 | gboolean closed; /* always true on bus side */ 288 | 289 | FlatpakProxyClient *client; 290 | GSocketConnection *connection; 291 | GSource *in_source; 292 | GSource *out_source; 293 | 294 | GBytes *extra_input_data; 295 | Buffer *current_read_buffer; 296 | Buffer header_buffer; 297 | 298 | GList *buffers; /* to be sent */ 299 | GList *control_messages; 300 | 301 | GHashTable *expected_replies; 302 | } ProxySide; 303 | 304 | struct FlatpakProxyClient 305 | { 306 | GObject parent; 307 | 308 | FlatpakProxy *proxy; 309 | 310 | AuthState auth_state; 311 | gsize auth_requests; 312 | gsize auth_replies; 313 | GByteArray *auth_buffer; 314 | 315 | ProxySide client_side; 316 | ProxySide bus_side; 317 | 318 | /* Filtering data: */ 319 | guint32 hello_serial; 320 | guint32 last_fake_serial; 321 | GHashTable *rewrite_reply; 322 | GHashTable *get_owner_reply; 323 | 324 | GHashTable *unique_id_policy; 325 | GHashTable *unique_id_owned_names; 326 | }; 327 | 328 | typedef struct 329 | { 330 | GObjectClass parent_class; 331 | } FlatpakProxyClientClass; 332 | 333 | struct FlatpakProxy 334 | { 335 | GSocketService parent; 336 | 337 | gboolean log_messages; 338 | 339 | GList *clients; 340 | char *socket_path; 341 | char *dbus_address; 342 | 343 | gboolean filter; 344 | gboolean sloppy_names; 345 | 346 | GHashTable *filters; 347 | }; 348 | 349 | typedef struct 350 | { 351 | GSocketServiceClass parent_class; 352 | } FlatpakProxyClass; 353 | 354 | 355 | enum { 356 | PROP_0, 357 | 358 | PROP_DBUS_ADDRESS, 359 | PROP_SOCKET_PATH 360 | }; 361 | 362 | #define FLATPAK_TYPE_PROXY flatpak_proxy_get_type () 363 | #define FLATPAK_PROXY(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), FLATPAK_TYPE_PROXY, FlatpakProxy)) 364 | #define FLATPAK_IS_PROXY(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), FLATPAK_TYPE_PROXY)) 365 | 366 | 367 | #define FLATPAK_TYPE_PROXY_CLIENT flatpak_proxy_client_get_type () 368 | #define FLATPAK_PROXY_CLIENT(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), FLATPAK_TYPE_PROXY_CLIENT, FlatpakProxyClient)) 369 | #define FLATPAK_IS_PROXY_CLIENT(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), FLATPAK_TYPE_PROXY_CLIENT)) 370 | 371 | GType flatpak_proxy_client_get_type (void); 372 | 373 | G_DEFINE_TYPE (FlatpakProxy, flatpak_proxy, G_TYPE_SOCKET_SERVICE) 374 | G_DEFINE_TYPE (FlatpakProxyClient, flatpak_proxy_client, G_TYPE_OBJECT) 375 | 376 | static void start_reading (ProxySide *side); 377 | static void stop_reading (ProxySide *side); 378 | 379 | static void 380 | string_list_free (GList *filters) 381 | { 382 | g_list_free_full (filters, (GDestroyNotify) g_free); 383 | } 384 | 385 | static void 386 | buffer_unref (Buffer *buffer) 387 | { 388 | g_assert (buffer->refcount > 0); 389 | buffer->refcount--; 390 | 391 | if (buffer->refcount == 0) 392 | { 393 | g_list_free_full (buffer->control_messages, g_object_unref); 394 | g_free (buffer); 395 | } 396 | } 397 | 398 | static Buffer * 399 | buffer_ref (Buffer *buffer) 400 | { 401 | g_assert (buffer->refcount > 0); 402 | buffer->refcount++; 403 | return buffer; 404 | } 405 | 406 | static void 407 | free_side (ProxySide *side) 408 | { 409 | g_clear_object (&side->connection); 410 | g_clear_pointer (&side->extra_input_data, g_bytes_unref); 411 | 412 | g_list_free_full (side->buffers, (GDestroyNotify) buffer_unref); 413 | g_list_free_full (side->control_messages, (GDestroyNotify) g_object_unref); 414 | 415 | if (side->in_source) 416 | g_source_destroy (side->in_source); 417 | if (side->out_source) 418 | g_source_destroy (side->out_source); 419 | 420 | g_hash_table_destroy (side->expected_replies); 421 | } 422 | 423 | static void 424 | flatpak_proxy_client_finalize (GObject *object) 425 | { 426 | FlatpakProxyClient *client = FLATPAK_PROXY_CLIENT (object); 427 | 428 | client->proxy->clients = g_list_remove (client->proxy->clients, client); 429 | g_clear_object (&client->proxy); 430 | 431 | g_byte_array_free (client->auth_buffer, TRUE); 432 | g_hash_table_destroy (client->rewrite_reply); 433 | g_hash_table_destroy (client->get_owner_reply); 434 | g_hash_table_destroy (client->unique_id_policy); 435 | g_hash_table_destroy (client->unique_id_owned_names); 436 | 437 | free_side (&client->client_side); 438 | free_side (&client->bus_side); 439 | 440 | G_OBJECT_CLASS (flatpak_proxy_client_parent_class)->finalize (object); 441 | } 442 | 443 | static void 444 | flatpak_proxy_client_class_init (FlatpakProxyClientClass *klass) 445 | { 446 | GObjectClass *object_class = G_OBJECT_CLASS (klass); 447 | 448 | object_class->finalize = flatpak_proxy_client_finalize; 449 | } 450 | 451 | static void 452 | init_side (FlatpakProxyClient *client, ProxySide *side) 453 | { 454 | side->got_first_byte = (side == &client->bus_side); 455 | side->client = client; 456 | side->header_buffer.size = 16; 457 | side->header_buffer.pos = 0; 458 | side->current_read_buffer = &side->header_buffer; 459 | side->expected_replies = g_hash_table_new (g_direct_hash, g_direct_equal); 460 | } 461 | 462 | static void 463 | flatpak_proxy_client_init (FlatpakProxyClient *client) 464 | { 465 | init_side (client, &client->client_side); 466 | init_side (client, &client->bus_side); 467 | 468 | client->last_fake_serial = MAX_CLIENT_SERIAL; 469 | client->auth_buffer = g_byte_array_new (); 470 | client->rewrite_reply = g_hash_table_new_full (g_direct_hash, g_direct_equal, NULL, g_object_unref); 471 | client->get_owner_reply = g_hash_table_new_full (g_direct_hash, g_direct_equal, NULL, g_free); 472 | client->unique_id_policy = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL); 473 | client->unique_id_owned_names = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, (GDestroyNotify) string_list_free); 474 | } 475 | 476 | static FlatpakProxyClient * 477 | flatpak_proxy_client_new (FlatpakProxy *proxy, GSocketConnection *connection) 478 | { 479 | FlatpakProxyClient *client; 480 | 481 | g_socket_set_blocking (g_socket_connection_get_socket (connection), FALSE); 482 | 483 | client = g_object_new (FLATPAK_TYPE_PROXY_CLIENT, NULL); 484 | client->proxy = g_object_ref (proxy); 485 | client->client_side.connection = g_object_ref (connection); 486 | 487 | proxy->clients = g_list_prepend (proxy->clients, client); 488 | 489 | return client; 490 | } 491 | 492 | void 493 | flatpak_proxy_set_filter (FlatpakProxy *proxy, 494 | gboolean filter) 495 | { 496 | proxy->filter = filter; 497 | } 498 | 499 | void 500 | flatpak_proxy_set_sloppy_names (FlatpakProxy *proxy, 501 | gboolean sloppy_names) 502 | { 503 | proxy->sloppy_names = sloppy_names; 504 | } 505 | 506 | void 507 | flatpak_proxy_set_log_messages (FlatpakProxy *proxy, 508 | gboolean log) 509 | { 510 | proxy->log_messages = log; 511 | } 512 | 513 | static void 514 | filter_free (Filter *filter) 515 | { 516 | g_free (filter->name); 517 | g_free (filter->path); 518 | g_free (filter->interface); 519 | g_free (filter->member); 520 | g_free (filter); 521 | } 522 | 523 | static void 524 | filter_list_free (GList *filters) 525 | { 526 | g_list_free_full (filters, (GDestroyNotify) filter_free); 527 | } 528 | 529 | 530 | static Filter * 531 | filter_new (const char *name, 532 | gboolean name_is_subtree, 533 | FlatpakPolicy policy) 534 | { 535 | Filter *filter = g_new0 (Filter, 1); 536 | 537 | filter->name = g_strdup (name); 538 | filter->name_is_subtree = name_is_subtree; 539 | filter->policy = policy; 540 | filter->types = FILTER_TYPE_ALL; 541 | 542 | return filter; 543 | } 544 | 545 | // rules are of the form [*|org.the.interface.[method|*]]|[@/obj/path[/*]] 546 | static Filter * 547 | filter_new_from_rule (const char *name, 548 | gboolean name_is_subtree, 549 | FilterTypeMask types, 550 | const char *rule) 551 | { 552 | Filter *filter; 553 | const char *obj_path_start = NULL; 554 | const char *method_end = NULL; 555 | 556 | filter = filter_new (name, name_is_subtree, FLATPAK_POLICY_TALK); 557 | filter->types = types; 558 | 559 | obj_path_start = strchr (rule, '@'); 560 | if (obj_path_start && obj_path_start[1] != 0) 561 | { 562 | filter->path = g_strdup (obj_path_start + 1); 563 | 564 | if (g_str_has_suffix (filter->path, "/*")) 565 | { 566 | filter->path_is_subtree = TRUE; 567 | filter->path[strlen (filter->path) - 2] = 0; 568 | } 569 | } 570 | 571 | if (obj_path_start != NULL) 572 | method_end = obj_path_start; 573 | else 574 | method_end = rule + strlen (rule); 575 | 576 | if (method_end != rule) 577 | { 578 | if (rule[0] == '*') 579 | { 580 | /* Both interface and method wildcarded */ 581 | } 582 | else 583 | { 584 | filter->interface = g_strndup (rule, method_end - rule); 585 | char *dot = strrchr (filter->interface, '.'); 586 | if (dot != NULL) 587 | { 588 | *dot = 0; 589 | if (strcmp (dot + 1, "*") != 0) 590 | filter->member = g_strdup (dot + 1); 591 | } 592 | } 593 | } 594 | 595 | return filter; 596 | } 597 | 598 | static gboolean 599 | filter_matches (Filter *filter, 600 | FilterTypeMask type, 601 | const char *path, 602 | const char *interface, 603 | const char *member) 604 | { 605 | if (filter->policy < FLATPAK_POLICY_TALK || 606 | (filter->types & type) == 0) 607 | return FALSE; 608 | 609 | if (filter->path) 610 | { 611 | if (path == NULL) 612 | return FALSE; 613 | 614 | if (filter->path_is_subtree) 615 | { 616 | gsize filter_path_len = strlen (filter->path); 617 | if (strncmp (path, filter->path, filter_path_len) != 0 || 618 | (path[filter_path_len] != 0 && path[filter_path_len] != '/')) 619 | return FALSE; 620 | } 621 | else if (strcmp (filter->path, path) != 0) 622 | return FALSE; 623 | } 624 | 625 | if (filter->interface && g_strcmp0 (filter->interface, interface) != 0) 626 | return FALSE; 627 | 628 | if (filter->member && g_strcmp0 (filter->member, member) != 0) 629 | return FALSE; 630 | 631 | return TRUE; 632 | } 633 | 634 | static gboolean 635 | any_filter_matches (GList *filters, 636 | FilterTypeMask type, 637 | const char *path, 638 | const char *interface, 639 | const char *member) 640 | { 641 | GList *l; 642 | 643 | for (l = filters; l != NULL; l = l->next) 644 | { 645 | Filter *filter = l->data; 646 | if (filter_matches (filter, type, path, interface, member)) 647 | return TRUE; 648 | } 649 | 650 | return FALSE; 651 | } 652 | 653 | 654 | static void 655 | flatpak_proxy_add_filter (FlatpakProxy *proxy, 656 | Filter *filter) 657 | { 658 | GList *filters, *new_filters; 659 | 660 | if (g_hash_table_lookup_extended (proxy->filters, 661 | filter->name, 662 | NULL, (void **) &filters)) 663 | { 664 | new_filters = g_list_append (filters, filter); 665 | g_assert (new_filters == filters); 666 | } 667 | else 668 | { 669 | filters = g_list_append (NULL, filter); 670 | g_hash_table_insert (proxy->filters, g_strdup (filter->name), filters); 671 | } 672 | } 673 | 674 | void 675 | flatpak_proxy_add_policy (FlatpakProxy *proxy, 676 | const char *name, 677 | gboolean name_is_subtree, 678 | FlatpakPolicy policy) 679 | { 680 | Filter *filter = filter_new (name, name_is_subtree, policy); 681 | 682 | flatpak_proxy_add_filter (proxy, filter); 683 | } 684 | 685 | void 686 | flatpak_proxy_add_call_rule (FlatpakProxy *proxy, 687 | const char *name, 688 | gboolean name_is_subtree, 689 | const char *rule) 690 | { 691 | Filter *filter = filter_new_from_rule (name, name_is_subtree, FILTER_TYPE_CALL, rule); 692 | 693 | flatpak_proxy_add_filter (proxy, filter); 694 | } 695 | 696 | void 697 | flatpak_proxy_add_broadcast_rule (FlatpakProxy *proxy, 698 | const char *name, 699 | gboolean name_is_subtree, 700 | const char *rule) 701 | { 702 | Filter *filter = filter_new_from_rule (name, name_is_subtree, FILTER_TYPE_BROADCAST, rule); 703 | 704 | flatpak_proxy_add_filter (proxy, filter); 705 | } 706 | 707 | static void 708 | flatpak_proxy_finalize (GObject *object) 709 | { 710 | FlatpakProxy *proxy = FLATPAK_PROXY (object); 711 | 712 | if (g_socket_service_is_active (G_SOCKET_SERVICE (proxy))) 713 | unlink (proxy->socket_path); 714 | 715 | g_assert (proxy->clients == NULL); 716 | 717 | g_hash_table_destroy (proxy->filters); 718 | 719 | g_free (proxy->socket_path); 720 | g_free (proxy->dbus_address); 721 | 722 | G_OBJECT_CLASS (flatpak_proxy_parent_class)->finalize (object); 723 | } 724 | 725 | static void 726 | flatpak_proxy_set_property (GObject *object, 727 | guint prop_id, 728 | const GValue *value, 729 | GParamSpec *pspec) 730 | { 731 | FlatpakProxy *proxy = FLATPAK_PROXY (object); 732 | 733 | switch (prop_id) 734 | { 735 | case PROP_DBUS_ADDRESS: 736 | proxy->dbus_address = g_value_dup_string (value); 737 | break; 738 | 739 | case PROP_SOCKET_PATH: 740 | proxy->socket_path = g_value_dup_string (value); 741 | break; 742 | 743 | default: 744 | G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); 745 | break; 746 | } 747 | } 748 | 749 | static void 750 | flatpak_proxy_get_property (GObject *object, 751 | guint prop_id, 752 | GValue *value, 753 | GParamSpec *pspec) 754 | { 755 | FlatpakProxy *proxy = FLATPAK_PROXY (object); 756 | 757 | switch (prop_id) 758 | { 759 | case PROP_DBUS_ADDRESS: 760 | g_value_set_string (value, proxy->dbus_address); 761 | break; 762 | 763 | case PROP_SOCKET_PATH: 764 | g_value_set_string (value, proxy->socket_path); 765 | break; 766 | 767 | default: 768 | G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); 769 | break; 770 | } 771 | } 772 | 773 | /* Buffer contains a default size of data that is 16 bytes, so that 774 | it can be used on the stack for reading the header. However we 775 | also support passing in sizes smaller that 16, which will allocate 776 | a smaller object than the full Buffer object. This is safe as we 777 | respect the size member, however there is no way for GCC to know this, 778 | so we silence it manually. 779 | */ 780 | #pragma GCC diagnostic push 781 | #pragma GCC diagnostic ignored "-Warray-bounds" 782 | static Buffer * 783 | buffer_new (gsize size, Buffer *old) 784 | { 785 | Buffer *buffer = g_malloc0 (sizeof (Buffer) + size - 16); 786 | 787 | buffer->control_messages = NULL; 788 | buffer->size = size; 789 | buffer->refcount = 1; 790 | 791 | if (old) 792 | { 793 | buffer->pos = old->pos; 794 | buffer->sent = old->sent; 795 | /* Takes ownership of any old control messages */ 796 | buffer->control_messages = old->control_messages; 797 | old->control_messages = NULL; 798 | 799 | g_assert (size >= old->size); 800 | memcpy (buffer->data, old->data, old->size); 801 | } 802 | 803 | return buffer; 804 | } 805 | #pragma GCC diagnostic pop 806 | 807 | static ProxySide * 808 | get_other_side (ProxySide *side) 809 | { 810 | FlatpakProxyClient *client = side->client; 811 | 812 | if (side == &client->client_side) 813 | return &client->bus_side; 814 | 815 | return &client->client_side; 816 | } 817 | 818 | static void 819 | side_closed (ProxySide *side) 820 | { 821 | GSocket *socket, *other_socket; 822 | ProxySide *other_side = get_other_side (side); 823 | 824 | if (side->closed) 825 | return; 826 | 827 | socket = g_socket_connection_get_socket (side->connection); 828 | g_socket_close (socket, NULL); 829 | side->closed = TRUE; 830 | 831 | other_socket = g_socket_connection_get_socket (other_side->connection); 832 | if (!other_side->closed && other_side->buffers == NULL) 833 | { 834 | g_socket_close (other_socket, NULL); 835 | other_side->closed = TRUE; 836 | } 837 | 838 | if (other_side->closed) 839 | { 840 | g_object_unref (side->client); 841 | } 842 | else 843 | { 844 | GError *error = NULL; 845 | 846 | if (!g_socket_shutdown (other_socket, TRUE, FALSE, &error)) 847 | { 848 | g_warning ("Unable to shutdown read side: %s", error->message); 849 | g_error_free (error); 850 | } 851 | } 852 | } 853 | 854 | static gboolean 855 | buffer_read (ProxySide *side, 856 | Buffer *buffer, 857 | GSocket *socket) 858 | { 859 | FlatpakProxyClient *client = side->client; 860 | gsize received = 0; 861 | GInputVector v; 862 | GError *error = NULL; 863 | GSocketControlMessage **messages; 864 | int num_messages, i; 865 | 866 | if (client->auth_state == AUTH_WAITING_FOR_BACKLOG && 867 | side == &client->client_side) 868 | return FALSE; 869 | 870 | if (side->extra_input_data && client->auth_state == AUTH_COMPLETE) 871 | { 872 | gsize extra_size; 873 | const guchar *extra_bytes = g_bytes_get_data (side->extra_input_data, &extra_size); 874 | 875 | g_assert (buffer->size >= buffer->pos); 876 | received = MIN (extra_size, buffer->size - buffer->pos); 877 | memcpy (&buffer->data[buffer->pos], extra_bytes, received); 878 | 879 | if (received < extra_size) 880 | { 881 | side->extra_input_data = 882 | g_bytes_new_with_free_func (extra_bytes + received, 883 | extra_size - received, 884 | (GDestroyNotify) g_bytes_unref, 885 | side->extra_input_data); 886 | } 887 | else 888 | { 889 | g_clear_pointer (&side->extra_input_data, g_bytes_unref); 890 | } 891 | } 892 | else if (!side->extra_input_data) 893 | { 894 | gssize res; 895 | int flags = 0; 896 | v.buffer = &buffer->data[buffer->pos]; 897 | v.size = buffer->size - buffer->pos; 898 | 899 | res = g_socket_receive_message (socket, NULL, &v, 1, 900 | &messages, 901 | &num_messages, 902 | &flags, NULL, &error); 903 | if (res < 0 && g_error_matches (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK)) 904 | { 905 | g_error_free (error); 906 | return FALSE; 907 | } 908 | 909 | if (res <= 0) 910 | { 911 | if (res != 0) 912 | { 913 | g_debug ("Error reading from socket: %s", error->message); 914 | g_error_free (error); 915 | } 916 | 917 | side_closed (side); 918 | return FALSE; 919 | } 920 | 921 | /* We now know res is strictly positive */ 922 | received = (gsize) res; 923 | 924 | for (i = 0; i < num_messages; i++) 925 | buffer->control_messages = g_list_append (buffer->control_messages, messages[i]); 926 | 927 | g_free (messages); 928 | } 929 | 930 | buffer->pos += received; 931 | return TRUE; 932 | } 933 | 934 | static gboolean 935 | buffer_write (ProxySide *side, 936 | Buffer *buffer, 937 | GSocket *socket) 938 | { 939 | gssize res; 940 | GOutputVector v; 941 | GError *error = NULL; 942 | GSocketControlMessage **messages = NULL; 943 | int i, n_messages; 944 | GList *l; 945 | 946 | if (buffer->send_credentials && 947 | G_IS_UNIX_CONNECTION (side->connection)) 948 | { 949 | g_assert (buffer->size == 1); 950 | 951 | if (!g_unix_connection_send_credentials (G_UNIX_CONNECTION (side->connection), 952 | NULL, 953 | &error)) 954 | { 955 | if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK)) 956 | { 957 | g_error_free (error); 958 | return FALSE; 959 | } 960 | 961 | g_warning ("Error writing credentials to socket: %s", error->message); 962 | g_error_free (error); 963 | 964 | side_closed (side); 965 | return FALSE; 966 | } 967 | 968 | buffer->sent = 1; 969 | return TRUE; 970 | } 971 | 972 | n_messages = g_list_length (buffer->control_messages); 973 | messages = g_new (GSocketControlMessage *, n_messages); 974 | for (l = buffer->control_messages, i = 0; l != NULL; l = l->next, i++) 975 | messages[i] = l->data; 976 | 977 | v.buffer = &buffer->data[buffer->sent]; 978 | v.size = buffer->pos - buffer->sent; 979 | 980 | res = g_socket_send_message (socket, NULL, &v, 1, 981 | messages, n_messages, 982 | G_SOCKET_MSG_NONE, NULL, &error); 983 | g_free (messages); 984 | if (res < 0 && g_error_matches (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK)) 985 | { 986 | g_error_free (error); 987 | return FALSE; 988 | } 989 | 990 | if (res <= 0) 991 | { 992 | if (res < 0) 993 | { 994 | g_warning ("Error writing credentials to socket: %s", error->message); 995 | g_error_free (error); 996 | } 997 | 998 | side_closed (side); 999 | return FALSE; 1000 | } 1001 | 1002 | g_list_free_full (buffer->control_messages, g_object_unref); 1003 | buffer->control_messages = NULL; 1004 | 1005 | buffer->sent += res; 1006 | return TRUE; 1007 | } 1008 | 1009 | static gboolean 1010 | send_outgoing_buffers (GSocket *socket, ProxySide *side) 1011 | { 1012 | FlatpakProxyClient *client = side->client; 1013 | gboolean all_done = FALSE; 1014 | 1015 | g_object_ref (client); 1016 | 1017 | while (side->buffers) 1018 | { 1019 | Buffer *buffer = side->buffers->data; 1020 | 1021 | if (buffer_write (side, buffer, socket)) 1022 | { 1023 | if (buffer->sent == buffer->size) 1024 | { 1025 | side->buffers = g_list_delete_link (side->buffers, side->buffers); 1026 | buffer_unref (buffer); 1027 | } 1028 | } 1029 | else 1030 | { 1031 | break; 1032 | } 1033 | } 1034 | 1035 | if (side->buffers == NULL) 1036 | { 1037 | ProxySide *other_side = get_other_side (side); 1038 | 1039 | all_done = TRUE; 1040 | 1041 | if (other_side->closed) 1042 | side_closed (side); 1043 | } 1044 | 1045 | g_object_unref (client); 1046 | 1047 | return all_done; 1048 | } 1049 | 1050 | static gboolean 1051 | side_out_cb (GSocket *socket, GIOCondition condition, gpointer user_data) 1052 | { 1053 | ProxySide *side = user_data; 1054 | 1055 | gboolean all_done = send_outgoing_buffers (socket, side); 1056 | if (all_done) 1057 | { 1058 | side->out_source = NULL; 1059 | return G_SOURCE_REMOVE; 1060 | } 1061 | else 1062 | { 1063 | return G_SOURCE_CONTINUE; 1064 | } 1065 | } 1066 | 1067 | static void 1068 | queue_expected_reply (ProxySide *side, guint32 serial, ExpectedReplyType type) 1069 | { 1070 | g_hash_table_replace (side->expected_replies, 1071 | GUINT_TO_POINTER (serial), 1072 | GUINT_TO_POINTER (type)); 1073 | } 1074 | 1075 | static ExpectedReplyType 1076 | steal_expected_reply (ProxySide *side, guint32 serial) 1077 | { 1078 | ExpectedReplyType type; 1079 | 1080 | type = GPOINTER_TO_UINT (g_hash_table_lookup (side->expected_replies, 1081 | GUINT_TO_POINTER (serial))); 1082 | if (type) 1083 | g_hash_table_remove (side->expected_replies, 1084 | GUINT_TO_POINTER (serial)); 1085 | return type; 1086 | } 1087 | 1088 | 1089 | static void 1090 | queue_outgoing_buffer (ProxySide *side, Buffer *buffer) 1091 | { 1092 | if (side->out_source == NULL) 1093 | { 1094 | GSocket *socket; 1095 | 1096 | socket = g_socket_connection_get_socket (side->connection); 1097 | side->out_source = g_socket_create_source (socket, G_IO_OUT, NULL); 1098 | g_source_set_callback (side->out_source, G_SOURCE_FUNC (side_out_cb), side, NULL); 1099 | g_source_attach (side->out_source, NULL); 1100 | g_source_unref (side->out_source); 1101 | } 1102 | 1103 | side->buffers = g_list_append (side->buffers, buffer); 1104 | } 1105 | 1106 | static guint32 1107 | read_uint32 (Header *header, guint8 *ptr) 1108 | { 1109 | if (header->big_endian) 1110 | return GUINT32_FROM_BE (*(guint32 *) ptr); 1111 | else 1112 | return GUINT32_FROM_LE (*(guint32 *) ptr); 1113 | } 1114 | 1115 | static inline guint32 1116 | align_by_8 (guint32 offset) 1117 | { 1118 | return (offset + 8 - 1) & ~(8 - 1); 1119 | } 1120 | 1121 | static inline guint32 1122 | align_by_4 (guint32 offset) 1123 | { 1124 | return (offset + 4 - 1) & ~(4 - 1); 1125 | } 1126 | 1127 | static const char * 1128 | get_signature (Buffer *buffer, guint32 *offset, guint32 end_offset) 1129 | { 1130 | guint8 len; 1131 | char *str; 1132 | 1133 | if (*offset >= end_offset) 1134 | return FALSE; 1135 | 1136 | len = buffer->data[*offset]; 1137 | (*offset)++; 1138 | 1139 | if ((*offset) + len + 1 > end_offset) 1140 | return FALSE; 1141 | 1142 | if (buffer->data[(*offset) + len] != 0) 1143 | return FALSE; 1144 | 1145 | str = (char *) &buffer->data[(*offset)]; 1146 | *offset += len + 1; 1147 | 1148 | return str; 1149 | } 1150 | 1151 | static const char * 1152 | get_string (Buffer *buffer, Header *header, guint32 *offset, guint32 end_offset, GError **error) 1153 | { 1154 | guint32 len; 1155 | char *str; 1156 | 1157 | *offset = align_by_4 (*offset); 1158 | if (*offset + 4 >= end_offset) 1159 | { 1160 | g_set_error (error, 1161 | G_IO_ERROR, 1162 | G_IO_ERROR_INVALID_DATA, 1163 | "String header would align past boundary"); 1164 | return FALSE; 1165 | } 1166 | 1167 | len = read_uint32 (header, &buffer->data[*offset]); 1168 | *offset += 4; 1169 | 1170 | if ((*offset) + len + 1 > end_offset) 1171 | { 1172 | g_set_error (error, 1173 | G_IO_ERROR, 1174 | G_IO_ERROR_INVALID_DATA, 1175 | "String would align past boundary"); 1176 | return FALSE; 1177 | } 1178 | 1179 | if (buffer->data[(*offset) + len] != 0) 1180 | { 1181 | g_set_error (error, 1182 | G_IO_ERROR, 1183 | G_IO_ERROR_INVALID_DATA, 1184 | "String is not nul-terminated (%.*s)", 1185 | buffer->data[(*offset) + len], 1186 | (char *) &buffer->data[(*offset)]); 1187 | return FALSE; 1188 | } 1189 | 1190 | str = (char *) &buffer->data[(*offset)]; 1191 | *offset += len + 1; 1192 | 1193 | return str; 1194 | } 1195 | 1196 | static void 1197 | header_free (Header *header) 1198 | { 1199 | if (header->buffer) 1200 | buffer_unref (header->buffer); 1201 | g_free (header); 1202 | } 1203 | 1204 | static const char * 1205 | header_debug_str (GString *s, Header *header) 1206 | { 1207 | if (header->path) 1208 | g_string_append_printf (s, "\n\tPath: %s", header->path); 1209 | if (header->interface) 1210 | g_string_append_printf (s, "\n\tInterface: %s", header->interface); 1211 | if (header->member) 1212 | g_string_append_printf (s, "\n\tMember: %s", header->member); 1213 | if (header->error_name) 1214 | g_string_append_printf (s, "\n\tError name: %s", header->error_name); 1215 | if (header->destination) 1216 | g_string_append_printf (s, "\n\tDestination: %s", header->destination); 1217 | if (header->sender) 1218 | g_string_append_printf (s, "\n\tSender: %s", header->sender); 1219 | return s->str; 1220 | } 1221 | 1222 | static Header * 1223 | parse_header (Buffer *buffer, GError **error) 1224 | { 1225 | guint32 array_len, header_len; 1226 | guint32 offset, end_offset; 1227 | guint8 header_type; 1228 | const char *signature; 1229 | g_autoptr(GError) str_error = NULL; 1230 | g_autoptr(GString) header_str = NULL; 1231 | 1232 | g_autoptr(Header) header = g_new0 (Header, 1); 1233 | 1234 | header->buffer = buffer_ref (buffer); 1235 | 1236 | if (buffer->size < 16) 1237 | { 1238 | g_set_error (error, 1239 | G_IO_ERROR, 1240 | G_IO_ERROR_INVALID_DATA, 1241 | "Buffer too small: %"G_GSIZE_FORMAT, buffer->size); 1242 | return NULL; 1243 | } 1244 | 1245 | if (buffer->data[3] != 1) /* Protocol version */ 1246 | { 1247 | g_set_error (error, 1248 | G_IO_ERROR, 1249 | G_IO_ERROR_INVALID_DATA, 1250 | "Wrong protocol version: %d", buffer->data[3]); 1251 | return NULL; 1252 | } 1253 | 1254 | if (buffer->data[0] == 'B') 1255 | header->big_endian = TRUE; 1256 | else if (buffer->data[0] == 'l') 1257 | header->big_endian = FALSE; 1258 | else 1259 | { 1260 | g_set_error (error, 1261 | G_IO_ERROR, 1262 | G_IO_ERROR_INVALID_DATA, 1263 | "Invalid endianess marker: %c", buffer->data[0]); 1264 | return NULL; 1265 | } 1266 | 1267 | header->type = buffer->data[1]; 1268 | header->flags = buffer->data[2]; 1269 | 1270 | header->length = read_uint32 (header, &buffer->data[4]); 1271 | header->serial = read_uint32 (header, &buffer->data[8]); 1272 | 1273 | if (header->serial == 0) 1274 | { 1275 | g_set_error (error, 1276 | G_IO_ERROR, 1277 | G_IO_ERROR_INVALID_DATA, 1278 | "No serial"); 1279 | return NULL; 1280 | } 1281 | 1282 | array_len = read_uint32 (header, &buffer->data[12]); 1283 | 1284 | header_len = align_by_8 (12 + 4 + array_len); 1285 | g_assert (buffer->size >= header_len); /* We should have verified this when reading in the message */ 1286 | if (header_len > buffer->size) 1287 | { 1288 | g_set_error (error, 1289 | G_IO_ERROR, 1290 | G_IO_ERROR_INVALID_DATA, 1291 | "Header len (%d) bigger than buffer size (%"G_GSIZE_FORMAT")", 1292 | header_len, buffer->size); 1293 | return NULL; 1294 | } 1295 | 1296 | offset = 12 + 4; 1297 | end_offset = offset + array_len; 1298 | 1299 | header_str = g_string_new (NULL); 1300 | 1301 | while (offset < end_offset) 1302 | { 1303 | offset = align_by_8 (offset); /* Structs must be 8 byte aligned */ 1304 | if (offset >= end_offset) 1305 | { 1306 | g_set_error (error, 1307 | G_IO_ERROR, 1308 | G_IO_ERROR_INVALID_DATA, 1309 | "Struct would align past boundary%s", 1310 | header_debug_str (header_str, header)); 1311 | return NULL; 1312 | } 1313 | 1314 | header_type = buffer->data[offset++]; 1315 | if (offset >= end_offset) 1316 | { 1317 | g_set_error (error, 1318 | G_IO_ERROR, 1319 | G_IO_ERROR_INVALID_DATA, 1320 | "Went past boundary after parsing header_type%s", 1321 | header_debug_str (header_str, header)); 1322 | return NULL; 1323 | } 1324 | 1325 | signature = get_signature (buffer, &offset, end_offset); 1326 | if (signature == NULL) 1327 | { 1328 | g_set_error (error, 1329 | G_IO_ERROR, 1330 | G_IO_ERROR_INVALID_DATA, 1331 | "Could not parse signature%s", 1332 | header_debug_str (header_str, header)); 1333 | return NULL; 1334 | } 1335 | 1336 | switch (header_type) 1337 | { 1338 | case G_DBUS_MESSAGE_HEADER_FIELD_INVALID: 1339 | g_set_error (error, 1340 | G_IO_ERROR, 1341 | G_IO_ERROR_INVALID_DATA, 1342 | "Field is invalid%s", 1343 | header_debug_str (header_str, header)); 1344 | return NULL; 1345 | 1346 | case G_DBUS_MESSAGE_HEADER_FIELD_PATH: 1347 | if (strcmp (signature, "o") != 0) 1348 | { 1349 | g_set_error (error, 1350 | G_IO_ERROR, 1351 | G_IO_ERROR_INVALID_DATA, 1352 | "Signature is invalid for path ('%s')%s", 1353 | signature, 1354 | header_debug_str (header_str, header)); 1355 | return NULL; 1356 | } 1357 | header->path = get_string (buffer, header, &offset, end_offset, &str_error); 1358 | if (header->path == NULL) 1359 | { 1360 | g_set_error (error, 1361 | G_IO_ERROR, 1362 | G_IO_ERROR_INVALID_DATA, 1363 | "Could not parse path in path field: %s%s", 1364 | str_error->message, 1365 | header_debug_str (header_str, header)); 1366 | return NULL; 1367 | } 1368 | break; 1369 | 1370 | case G_DBUS_MESSAGE_HEADER_FIELD_INTERFACE: 1371 | if (strcmp (signature, "s") != 0) 1372 | { 1373 | g_set_error (error, 1374 | G_IO_ERROR, 1375 | G_IO_ERROR_INVALID_DATA, 1376 | "Signature is invalid for interface ('%s')%s", 1377 | signature, 1378 | header_debug_str (header_str, header)); 1379 | return NULL; 1380 | } 1381 | header->interface = get_string (buffer, header, &offset, end_offset, &str_error); 1382 | if (header->interface == NULL) 1383 | { 1384 | g_set_error (error, 1385 | G_IO_ERROR, 1386 | G_IO_ERROR_INVALID_DATA, 1387 | "Could not parse interface in interface field: %s%s", 1388 | str_error->message, 1389 | header_debug_str (header_str, header)); 1390 | return NULL; 1391 | } 1392 | break; 1393 | 1394 | case G_DBUS_MESSAGE_HEADER_FIELD_MEMBER: 1395 | if (strcmp (signature, "s") != 0) 1396 | { 1397 | g_set_error (error, 1398 | G_IO_ERROR, 1399 | G_IO_ERROR_INVALID_DATA, 1400 | "Signature is invalid for member ('%s')%s", 1401 | signature, 1402 | header_debug_str (header_str, header)); 1403 | return NULL; 1404 | } 1405 | header->member = get_string (buffer, header, &offset, end_offset, &str_error); 1406 | if (header->member == NULL) 1407 | { 1408 | g_set_error (error, 1409 | G_IO_ERROR, 1410 | G_IO_ERROR_INVALID_DATA, 1411 | "Could not parse member in member field: %s%s", 1412 | str_error->message, 1413 | header_debug_str (header_str, header)); 1414 | return NULL; 1415 | } 1416 | break; 1417 | 1418 | case G_DBUS_MESSAGE_HEADER_FIELD_ERROR_NAME: 1419 | if (strcmp (signature, "s") != 0) 1420 | { 1421 | g_set_error (error, 1422 | G_IO_ERROR, 1423 | G_IO_ERROR_INVALID_DATA, 1424 | "Signature is invalid for error ('%s')%s", 1425 | signature, 1426 | header_debug_str (header_str, header)); 1427 | return NULL; 1428 | } 1429 | header->error_name = get_string (buffer, header, &offset, end_offset, &str_error); 1430 | if (header->error_name == NULL) 1431 | { 1432 | g_set_error (error, 1433 | G_IO_ERROR, 1434 | G_IO_ERROR_INVALID_DATA, 1435 | "Could not parse error in error field: %s%s", 1436 | str_error->message, 1437 | header_debug_str (header_str, header)); 1438 | return NULL; 1439 | } 1440 | break; 1441 | 1442 | case G_DBUS_MESSAGE_HEADER_FIELD_REPLY_SERIAL: 1443 | if (offset + 4 > end_offset) 1444 | { 1445 | g_set_error (error, 1446 | G_IO_ERROR, 1447 | G_IO_ERROR_INVALID_DATA, 1448 | "Header too small to fit reply serial%s", 1449 | header_debug_str (header_str, header)); 1450 | return NULL; 1451 | } 1452 | 1453 | header->has_reply_serial = TRUE; 1454 | header->reply_serial = read_uint32 (header, &buffer->data[offset]); 1455 | offset += 4; 1456 | break; 1457 | 1458 | case G_DBUS_MESSAGE_HEADER_FIELD_DESTINATION: 1459 | if (strcmp (signature, "s") != 0) 1460 | { 1461 | g_set_error (error, 1462 | G_IO_ERROR, 1463 | G_IO_ERROR_INVALID_DATA, 1464 | "Signature is invalid for destination ('%s')%s", 1465 | signature, 1466 | header_debug_str (header_str, header)); 1467 | return NULL; 1468 | } 1469 | header->destination = get_string (buffer, header, &offset, end_offset, &str_error); 1470 | if (header->destination == NULL) 1471 | { 1472 | g_set_error (error, 1473 | G_IO_ERROR, 1474 | G_IO_ERROR_INVALID_DATA, 1475 | "Could not parse destination in destination field: %s%s", 1476 | str_error->message, 1477 | header_debug_str (header_str, header)); 1478 | return NULL; 1479 | } 1480 | break; 1481 | 1482 | case G_DBUS_MESSAGE_HEADER_FIELD_SENDER: 1483 | if (strcmp (signature, "s") != 0) 1484 | { 1485 | g_set_error (error, 1486 | G_IO_ERROR, 1487 | G_IO_ERROR_INVALID_DATA, 1488 | "Signature is invalid for sender ('%s')%s", 1489 | signature, 1490 | header_debug_str (header_str, header)); 1491 | return NULL; 1492 | } 1493 | header->sender = get_string (buffer, header, &offset, end_offset, &str_error); 1494 | if (header->sender == NULL) 1495 | { 1496 | g_set_error (error, 1497 | G_IO_ERROR, 1498 | G_IO_ERROR_INVALID_DATA, 1499 | "Could not parse sender in sender field: %s%s", 1500 | str_error->message, 1501 | header_debug_str (header_str, header)); 1502 | return NULL; 1503 | } 1504 | break; 1505 | 1506 | case G_DBUS_MESSAGE_HEADER_FIELD_SIGNATURE: 1507 | if (strcmp (signature, "g") != 0) 1508 | { 1509 | g_set_error (error, 1510 | G_IO_ERROR, 1511 | G_IO_ERROR_INVALID_DATA, 1512 | "Signature is invalid for signature ('%s')%s", 1513 | signature, 1514 | header_debug_str (header_str, header)); 1515 | return NULL; 1516 | } 1517 | header->signature = get_signature (buffer, &offset, end_offset); 1518 | if (header->signature == NULL) 1519 | { 1520 | g_set_error (error, 1521 | G_IO_ERROR, 1522 | G_IO_ERROR_INVALID_DATA, 1523 | "Could not parse signature in signature field%s", 1524 | header_debug_str (header_str, header)); 1525 | return NULL; 1526 | } 1527 | break; 1528 | 1529 | case G_DBUS_MESSAGE_HEADER_FIELD_NUM_UNIX_FDS: 1530 | if (offset + 4 > end_offset) 1531 | { 1532 | g_set_error (error, 1533 | G_IO_ERROR, 1534 | G_IO_ERROR_INVALID_DATA, 1535 | "Header too small to fit Unix FDs%s", 1536 | header_debug_str (header_str, header)); 1537 | return NULL; 1538 | } 1539 | 1540 | header->unix_fds = read_uint32 (header, &buffer->data[offset]); 1541 | offset += 4; 1542 | break; 1543 | 1544 | default: 1545 | /* Unknown header field, for safety, fail parse */ 1546 | g_set_error (error, 1547 | G_IO_ERROR, 1548 | G_IO_ERROR_INVALID_DATA, 1549 | "Unknown header field (%d)%s", 1550 | header_type, 1551 | header_debug_str (header_str, header)); 1552 | return NULL; 1553 | } 1554 | } 1555 | 1556 | switch (header->type) 1557 | { 1558 | case G_DBUS_MESSAGE_TYPE_METHOD_CALL: 1559 | if (header->path == NULL || header->member == NULL) 1560 | { 1561 | g_set_error (error, 1562 | G_IO_ERROR, 1563 | G_IO_ERROR_INVALID_DATA, 1564 | "Method call is missing path or member%s", 1565 | header_debug_str (header_str, header)); 1566 | return NULL; 1567 | } 1568 | break; 1569 | 1570 | case G_DBUS_MESSAGE_TYPE_METHOD_RETURN: 1571 | if (!header->has_reply_serial) 1572 | { 1573 | g_set_error (error, 1574 | G_IO_ERROR, 1575 | G_IO_ERROR_INVALID_DATA, 1576 | "Method return has no reply serial%s", 1577 | header_debug_str (header_str, header)); 1578 | return NULL; 1579 | } 1580 | break; 1581 | 1582 | case G_DBUS_MESSAGE_TYPE_ERROR: 1583 | if (header->error_name == NULL || !header->has_reply_serial) 1584 | { 1585 | g_set_error (error, 1586 | G_IO_ERROR, 1587 | G_IO_ERROR_INVALID_DATA, 1588 | "Error is missing error name or reply serial%s", 1589 | header_debug_str (header_str, header)); 1590 | return NULL; 1591 | } 1592 | break; 1593 | 1594 | case G_DBUS_MESSAGE_TYPE_SIGNAL: 1595 | if (header->path == NULL || 1596 | header->interface == NULL || 1597 | header->member == NULL) 1598 | { 1599 | g_set_error (error, 1600 | G_IO_ERROR, 1601 | G_IO_ERROR_INVALID_DATA, 1602 | "Signal is missing path, interface or member%s", 1603 | header_debug_str (header_str, header)); 1604 | return NULL; 1605 | } 1606 | if (strcmp (header->path, "/org/freedesktop/DBus/Local") == 0 || 1607 | strcmp (header->interface, "org.freedesktop.DBus.Local") == 0) 1608 | { 1609 | g_set_error (error, 1610 | G_IO_ERROR, 1611 | G_IO_ERROR_INVALID_DATA, 1612 | "Signal is to D-Bus Local path or interface%s", 1613 | header_debug_str (header_str, header)); 1614 | return NULL; 1615 | } 1616 | break; 1617 | 1618 | default: 1619 | /* Unknown message type, for safety, fail parse */ 1620 | g_set_error (error, 1621 | G_IO_ERROR, 1622 | G_IO_ERROR_INVALID_DATA, 1623 | "Unknown message type (%d)%s", 1624 | header->type, 1625 | header_debug_str (header_str, header)); 1626 | return NULL; 1627 | } 1628 | 1629 | return g_steal_pointer (&header); 1630 | } 1631 | 1632 | static void 1633 | print_outgoing_header (Header *header) 1634 | { 1635 | switch (header->type) 1636 | { 1637 | case G_DBUS_MESSAGE_TYPE_METHOD_CALL: 1638 | g_print ("C%d: -> %s call %s.%s at %s\n", 1639 | header->serial, 1640 | header->destination ? header->destination : "(no dest)", 1641 | header->interface ? header->interface : "", 1642 | header->member ? header->member : "", 1643 | header->path ? header->path : ""); 1644 | break; 1645 | 1646 | case G_DBUS_MESSAGE_TYPE_METHOD_RETURN: 1647 | g_print ("C%d: -> %s return from B%d\n", 1648 | header->serial, 1649 | header->destination ? header->destination : "(no dest)", 1650 | header->reply_serial); 1651 | break; 1652 | 1653 | case G_DBUS_MESSAGE_TYPE_ERROR: 1654 | g_print ("C%d: -> %s return error %s from B%d\n", 1655 | header->serial, 1656 | header->destination ? header->destination : "(no dest)", 1657 | header->error_name ? header->error_name : "(no error)", 1658 | header->reply_serial); 1659 | break; 1660 | 1661 | case G_DBUS_MESSAGE_TYPE_SIGNAL: 1662 | g_print ("C%d: -> %s signal %s.%s at %s\n", 1663 | header->serial, 1664 | header->destination ? header->destination : "all", 1665 | header->interface ? header->interface : "", 1666 | header->member ? header->member : "", 1667 | header->path ? header->path : ""); 1668 | break; 1669 | 1670 | default: 1671 | g_print ("unknown message type\n"); 1672 | } 1673 | } 1674 | 1675 | static void 1676 | print_incoming_header (Header *header) 1677 | { 1678 | switch (header->type) 1679 | { 1680 | case G_DBUS_MESSAGE_TYPE_METHOD_CALL: 1681 | g_print ("B%d: <- %s call %s.%s at %s\n", 1682 | header->serial, 1683 | header->sender ? header->sender : "(no sender)", 1684 | header->interface ? header->interface : "", 1685 | header->member ? header->member : "", 1686 | header->path ? header->path : ""); 1687 | break; 1688 | 1689 | case G_DBUS_MESSAGE_TYPE_METHOD_RETURN: 1690 | g_print ("B%d: <- %s return from C%d\n", 1691 | header->serial, 1692 | header->sender ? header->sender : "(no sender)", 1693 | header->reply_serial); 1694 | break; 1695 | 1696 | case G_DBUS_MESSAGE_TYPE_ERROR: 1697 | g_print ("B%d: <- %s return error %s from C%d\n", 1698 | header->serial, 1699 | header->sender ? header->sender : "(no sender)", 1700 | header->error_name ? header->error_name : "(no error)", 1701 | header->reply_serial); 1702 | break; 1703 | 1704 | case G_DBUS_MESSAGE_TYPE_SIGNAL: 1705 | g_print ("B%d: <- %s signal %s.%s at %s\n", 1706 | header->serial, 1707 | header->sender ? header->sender : "(no sender)", 1708 | header->interface ? header->interface : "", 1709 | header->member ? header->member : "", 1710 | header->path ? header->path : ""); 1711 | break; 1712 | 1713 | default: 1714 | g_print ("unknown message type\n"); 1715 | } 1716 | } 1717 | 1718 | 1719 | static Filter *match_all[FLATPAK_POLICY_OWN + 1] = { NULL }; 1720 | 1721 | 1722 | static FlatpakPolicy 1723 | flatpak_proxy_client_get_max_policy_and_matched (FlatpakProxyClient *client, 1724 | const char *source, 1725 | GList **matched_filters) 1726 | { 1727 | GList *names, *filters, *l; 1728 | FlatpakPolicy max_policy = FLATPAK_POLICY_NONE; 1729 | g_autofree char *name = NULL; 1730 | gboolean exact_name_match; 1731 | char *dot; 1732 | 1733 | if (match_all[FLATPAK_POLICY_SEE] == NULL) 1734 | { 1735 | match_all[FLATPAK_POLICY_SEE] = filter_new ("", FALSE, FLATPAK_POLICY_SEE); 1736 | match_all[FLATPAK_POLICY_TALK] = filter_new ("", FALSE, FLATPAK_POLICY_TALK); 1737 | match_all[FLATPAK_POLICY_OWN] = filter_new ("", FALSE, FLATPAK_POLICY_OWN); 1738 | } 1739 | 1740 | if (source == NULL) 1741 | { 1742 | if (matched_filters) 1743 | *matched_filters = g_list_append (*matched_filters, match_all[FLATPAK_POLICY_TALK]); 1744 | 1745 | return FLATPAK_POLICY_TALK; /* All clients can talk to the bus itself */ 1746 | } 1747 | 1748 | if (source[0] == ':') 1749 | { 1750 | /* Default to the unique id policy, i.e. TALK for self, and SEE for trusted peers */ 1751 | max_policy = GPOINTER_TO_UINT (g_hash_table_lookup (client->unique_id_policy, source)); 1752 | if (max_policy > FLATPAK_POLICY_NONE && matched_filters) 1753 | *matched_filters = g_list_append (*matched_filters, match_all[max_policy]); 1754 | 1755 | /* Treat this as the merged list of filters for all the names the unique id ever owned */ 1756 | names = g_hash_table_lookup (client->unique_id_owned_names, source); 1757 | for (l = names; l != NULL; l = l->next) 1758 | { 1759 | const char *owned_name = l->data; 1760 | max_policy = MAX (max_policy, flatpak_proxy_client_get_max_policy_and_matched (client, owned_name, matched_filters)); 1761 | } 1762 | 1763 | 1764 | return max_policy; 1765 | } 1766 | 1767 | name = g_strdup (source); 1768 | exact_name_match = TRUE; 1769 | do 1770 | { 1771 | filters = g_hash_table_lookup (client->proxy->filters, name); 1772 | 1773 | for (l = filters; l != NULL; l = l->next) 1774 | { 1775 | Filter *filter = l->data; 1776 | 1777 | if (exact_name_match || filter->name_is_subtree) 1778 | { 1779 | max_policy = MAX (max_policy, filter->policy); 1780 | if (matched_filters) 1781 | *matched_filters = g_list_append (*matched_filters, filter); 1782 | } 1783 | } 1784 | 1785 | exact_name_match = FALSE; 1786 | dot = strrchr (name, '.'); 1787 | if (dot != NULL) 1788 | *dot = 0; 1789 | } 1790 | while (dot != NULL); 1791 | 1792 | return max_policy; 1793 | } 1794 | 1795 | static FlatpakPolicy 1796 | flatpak_proxy_client_get_max_policy (FlatpakProxyClient *client, 1797 | const char *source) 1798 | { 1799 | return flatpak_proxy_client_get_max_policy_and_matched (client, source, NULL); 1800 | } 1801 | 1802 | static void 1803 | flatpak_proxy_client_update_unique_id_policy (FlatpakProxyClient *client, 1804 | const char *unique_id, 1805 | FlatpakPolicy policy) 1806 | { 1807 | if (policy > FLATPAK_POLICY_NONE) 1808 | { 1809 | FlatpakPolicy old_policy; 1810 | old_policy = GPOINTER_TO_UINT (g_hash_table_lookup (client->unique_id_policy, unique_id)); 1811 | if (policy > old_policy) 1812 | g_hash_table_replace (client->unique_id_policy, g_strdup (unique_id), GINT_TO_POINTER (policy)); 1813 | } 1814 | } 1815 | 1816 | 1817 | static void 1818 | flatpak_proxy_client_add_unique_id_owned_name (FlatpakProxyClient *client, 1819 | const char *unique_id, 1820 | const char *owned_name) 1821 | { 1822 | GList *names; 1823 | gboolean already_added; 1824 | 1825 | names = NULL; 1826 | already_added = g_hash_table_lookup_extended (client->unique_id_owned_names, 1827 | unique_id, 1828 | NULL, (void **) &names); 1829 | names = g_list_append (names, g_strdup (owned_name)); 1830 | 1831 | if (!already_added) 1832 | g_hash_table_insert (client->unique_id_owned_names, g_strdup (unique_id), names); 1833 | } 1834 | 1835 | 1836 | static gboolean 1837 | client_message_generates_reply (Header *header) 1838 | { 1839 | switch (header->type) 1840 | { 1841 | case G_DBUS_MESSAGE_TYPE_METHOD_CALL: 1842 | return (header->flags & G_DBUS_MESSAGE_FLAGS_NO_REPLY_EXPECTED) == 0; 1843 | 1844 | case G_DBUS_MESSAGE_TYPE_SIGNAL: 1845 | case G_DBUS_MESSAGE_TYPE_METHOD_RETURN: 1846 | case G_DBUS_MESSAGE_TYPE_ERROR: 1847 | default: 1848 | return FALSE; 1849 | } 1850 | } 1851 | 1852 | static Buffer * 1853 | message_to_buffer (GDBusMessage *message) 1854 | { 1855 | Buffer *buffer; 1856 | guchar *blob; 1857 | gsize blob_size; 1858 | 1859 | blob = g_dbus_message_to_blob (message, &blob_size, G_DBUS_CAPABILITY_FLAGS_NONE, NULL); 1860 | buffer = buffer_new (blob_size, NULL); 1861 | memcpy (buffer->data, blob, blob_size); 1862 | buffer->pos = blob_size; 1863 | g_free (blob); 1864 | 1865 | return buffer; 1866 | } 1867 | 1868 | static GDBusMessage * 1869 | get_error_for_header (FlatpakProxyClient *client, Header *header, const char *error) 1870 | { 1871 | GDBusMessage *reply; 1872 | 1873 | reply = g_dbus_message_new (); 1874 | g_dbus_message_set_message_type (reply, G_DBUS_MESSAGE_TYPE_ERROR); 1875 | g_dbus_message_set_flags (reply, G_DBUS_MESSAGE_FLAGS_NO_REPLY_EXPECTED); 1876 | g_dbus_message_set_reply_serial (reply, header->serial); 1877 | g_dbus_message_set_error_name (reply, error); 1878 | g_dbus_message_set_body (reply, g_variant_new ("(s)", error)); 1879 | 1880 | return reply; 1881 | } 1882 | 1883 | static GDBusMessage * 1884 | get_bool_reply_for_header (FlatpakProxyClient *client, Header *header, gboolean val) 1885 | { 1886 | GDBusMessage *reply; 1887 | 1888 | reply = g_dbus_message_new (); 1889 | g_dbus_message_set_message_type (reply, G_DBUS_MESSAGE_TYPE_METHOD_RETURN); 1890 | g_dbus_message_set_flags (reply, G_DBUS_MESSAGE_FLAGS_NO_REPLY_EXPECTED); 1891 | g_dbus_message_set_reply_serial (reply, header->serial); 1892 | g_dbus_message_set_body (reply, g_variant_new ("(b)", val)); 1893 | 1894 | return reply; 1895 | } 1896 | 1897 | static Buffer * 1898 | get_ping_buffer_for_header (Header *header) 1899 | { 1900 | Buffer *buffer; 1901 | GDBusMessage *dummy; 1902 | 1903 | dummy = g_dbus_message_new_method_call (NULL, "/", "org.freedesktop.DBus.Peer", "Ping"); 1904 | g_dbus_message_set_serial (dummy, header->serial); 1905 | g_dbus_message_set_flags (dummy, header->flags); 1906 | 1907 | buffer = message_to_buffer (dummy); 1908 | 1909 | g_object_unref (dummy); 1910 | 1911 | return buffer; 1912 | } 1913 | 1914 | static Buffer * 1915 | get_error_for_roundtrip (FlatpakProxyClient *client, Header *header, const char *error_name) 1916 | { 1917 | Buffer *ping_buffer = get_ping_buffer_for_header (header); 1918 | GDBusMessage *reply; 1919 | 1920 | reply = get_error_for_header (client, header, error_name); 1921 | g_hash_table_replace (client->rewrite_reply, GINT_TO_POINTER (header->serial), reply); 1922 | return ping_buffer; 1923 | } 1924 | 1925 | static Buffer * 1926 | get_bool_reply_for_roundtrip (FlatpakProxyClient *client, Header *header, gboolean val) 1927 | { 1928 | Buffer *ping_buffer = get_ping_buffer_for_header (header); 1929 | GDBusMessage *reply; 1930 | 1931 | reply = get_bool_reply_for_header (client, header, val); 1932 | g_hash_table_replace (client->rewrite_reply, GINT_TO_POINTER (header->serial), reply); 1933 | 1934 | return ping_buffer; 1935 | } 1936 | 1937 | typedef enum { 1938 | HANDLE_PASS, 1939 | HANDLE_DENY, 1940 | HANDLE_HIDE, 1941 | HANDLE_FILTER_NAME_LIST_REPLY, 1942 | HANDLE_FILTER_HAS_OWNER_REPLY, 1943 | HANDLE_FILTER_GET_OWNER_REPLY, 1944 | HANDLE_VALIDATE_OWN, 1945 | HANDLE_VALIDATE_SEE, 1946 | HANDLE_VALIDATE_TALK, 1947 | HANDLE_VALIDATE_MATCH, 1948 | } BusHandler; 1949 | 1950 | static gboolean 1951 | is_for_bus (Header *header) 1952 | { 1953 | return g_strcmp0 (header->destination, "org.freedesktop.DBus") == 0; 1954 | } 1955 | 1956 | static gboolean 1957 | is_dbus_method_call (Header *header) 1958 | { 1959 | return 1960 | is_for_bus (header) && 1961 | header->type == G_DBUS_MESSAGE_TYPE_METHOD_CALL && 1962 | g_strcmp0 (header->interface, "org.freedesktop.DBus") == 0; 1963 | } 1964 | 1965 | static gboolean 1966 | is_introspection_call (Header *header) 1967 | { 1968 | return 1969 | header->type == G_DBUS_MESSAGE_TYPE_METHOD_CALL && 1970 | g_strcmp0 (header->interface, "org.freedesktop.DBus.Introspectable") == 0; 1971 | } 1972 | 1973 | static BusHandler 1974 | get_dbus_method_handler (FlatpakProxyClient *client, Header *header) 1975 | { 1976 | FlatpakPolicy policy; 1977 | const char *method; 1978 | 1979 | g_autoptr(GList) filters = NULL; 1980 | 1981 | if (header->has_reply_serial) 1982 | { 1983 | ExpectedReplyType expected_reply = 1984 | steal_expected_reply (&client->bus_side, 1985 | header->reply_serial); 1986 | if (expected_reply == EXPECTED_REPLY_NONE) 1987 | return HANDLE_DENY; 1988 | 1989 | return HANDLE_PASS; 1990 | } 1991 | 1992 | policy = flatpak_proxy_client_get_max_policy_and_matched (client, header->destination, &filters); 1993 | if (policy < FLATPAK_POLICY_SEE) 1994 | return HANDLE_HIDE; 1995 | if (policy < FLATPAK_POLICY_TALK) 1996 | return HANDLE_DENY; 1997 | 1998 | if (!is_for_bus (header)) 1999 | { 2000 | if (policy == FLATPAK_POLICY_OWN || 2001 | any_filter_matches (filters, FILTER_TYPE_CALL, 2002 | header->path, 2003 | header->interface, 2004 | header->member)) 2005 | return HANDLE_PASS; 2006 | 2007 | return HANDLE_DENY; 2008 | } 2009 | 2010 | /* Its a bus call */ 2011 | 2012 | if (is_introspection_call (header)) 2013 | { 2014 | return HANDLE_PASS; 2015 | } 2016 | else if (is_dbus_method_call (header)) 2017 | { 2018 | method = header->member; 2019 | if (method == NULL) 2020 | return HANDLE_DENY; 2021 | 2022 | if (strcmp (method, "AddMatch") == 0) 2023 | return HANDLE_VALIDATE_MATCH; 2024 | 2025 | if (strcmp (method, "Hello") == 0 || 2026 | strcmp (method, "RemoveMatch") == 0 || 2027 | strcmp (method, "GetId") == 0) 2028 | return HANDLE_PASS; 2029 | 2030 | if (strcmp (method, "UpdateActivationEnvironment") == 0 || 2031 | strcmp (method, "BecomeMonitor") == 0) 2032 | return HANDLE_DENY; 2033 | 2034 | if (strcmp (method, "RequestName") == 0 || 2035 | strcmp (method, "ReleaseName") == 0 || 2036 | strcmp (method, "ListQueuedOwners") == 0) 2037 | return HANDLE_VALIDATE_OWN; 2038 | 2039 | if (strcmp (method, "NameHasOwner") == 0) 2040 | return HANDLE_FILTER_HAS_OWNER_REPLY; 2041 | 2042 | if (strcmp (method, "GetNameOwner") == 0) 2043 | return HANDLE_FILTER_GET_OWNER_REPLY; 2044 | 2045 | if (strcmp (method, "GetConnectionUnixProcessID") == 0 || 2046 | strcmp (method, "GetConnectionCredentials") == 0 || 2047 | strcmp (method, "GetAdtAuditSessionData") == 0 || 2048 | strcmp (method, "GetConnectionSELinuxSecurityContext") == 0 || 2049 | strcmp (method, "GetConnectionUnixUser") == 0) 2050 | return HANDLE_VALIDATE_SEE; 2051 | 2052 | if (strcmp (method, "StartServiceByName") == 0) 2053 | return HANDLE_VALIDATE_TALK; 2054 | 2055 | if (strcmp (method, "ListNames") == 0 || 2056 | strcmp (method, "ListActivatableNames") == 0) 2057 | return HANDLE_FILTER_NAME_LIST_REPLY; 2058 | 2059 | g_warning ("Unknown bus method %s", method); 2060 | return HANDLE_DENY; 2061 | } 2062 | else 2063 | { 2064 | return HANDLE_DENY; 2065 | } 2066 | } 2067 | 2068 | static FlatpakPolicy 2069 | policy_from_handler (BusHandler handler) 2070 | { 2071 | switch (handler) 2072 | { 2073 | case HANDLE_VALIDATE_OWN: 2074 | return FLATPAK_POLICY_OWN; 2075 | 2076 | case HANDLE_VALIDATE_TALK: 2077 | return FLATPAK_POLICY_TALK; 2078 | 2079 | case HANDLE_VALIDATE_SEE: 2080 | return FLATPAK_POLICY_SEE; 2081 | 2082 | case HANDLE_DENY: 2083 | case HANDLE_FILTER_GET_OWNER_REPLY: 2084 | case HANDLE_FILTER_HAS_OWNER_REPLY: 2085 | case HANDLE_FILTER_NAME_LIST_REPLY: 2086 | case HANDLE_HIDE: 2087 | case HANDLE_PASS: 2088 | case HANDLE_VALIDATE_MATCH: 2089 | default: 2090 | return FLATPAK_POLICY_NONE; 2091 | } 2092 | } 2093 | 2094 | static char * 2095 | get_arg0_string (Buffer *buffer) 2096 | { 2097 | g_autoptr(GDBusMessage) message = 2098 | g_dbus_message_new_from_blob (buffer->data, buffer->size, 0, NULL); 2099 | GVariant *body; 2100 | g_autoptr(GVariant) arg0 = NULL; 2101 | 2102 | if (message != NULL && 2103 | (body = g_dbus_message_get_body (message)) != NULL && 2104 | (arg0 = g_variant_get_child_value (body, 0)) != NULL && 2105 | g_variant_is_of_type (arg0, G_VARIANT_TYPE_STRING)) 2106 | return g_variant_dup_string (arg0, NULL); 2107 | 2108 | return NULL; 2109 | } 2110 | 2111 | static gboolean 2112 | validate_arg0_match (FlatpakProxyClient *client, Buffer *buffer) 2113 | { 2114 | g_autoptr(GDBusMessage) message = 2115 | g_dbus_message_new_from_blob (buffer->data, buffer->size, 0, NULL); 2116 | GVariant *body; 2117 | g_autoptr(GVariant) arg0 = NULL; 2118 | const char *match; 2119 | 2120 | if (message != NULL && 2121 | (body = g_dbus_message_get_body (message)) != NULL && 2122 | (arg0 = g_variant_get_child_value (body, 0)) != NULL && 2123 | g_variant_is_of_type (arg0, G_VARIANT_TYPE_STRING)) 2124 | { 2125 | match = g_variant_get_string (arg0, NULL); 2126 | if (strstr (match, "eavesdrop=") != NULL) 2127 | return FALSE; 2128 | } 2129 | 2130 | return TRUE; 2131 | } 2132 | 2133 | static gboolean 2134 | validate_arg0_name (FlatpakProxyClient *client, Buffer *buffer, FlatpakPolicy required_policy, FlatpakPolicy *has_policy) 2135 | { 2136 | g_autoptr(GDBusMessage) message = 2137 | g_dbus_message_new_from_blob (buffer->data, buffer->size, 0, NULL); 2138 | GVariant *body; 2139 | g_autoptr(GVariant) arg0 = NULL; 2140 | const char *name; 2141 | FlatpakPolicy name_policy; 2142 | 2143 | if (has_policy) 2144 | *has_policy = FLATPAK_POLICY_NONE; 2145 | 2146 | if (message != NULL && 2147 | (body = g_dbus_message_get_body (message)) != NULL && 2148 | (arg0 = g_variant_get_child_value (body, 0)) != NULL && 2149 | g_variant_is_of_type (arg0, G_VARIANT_TYPE_STRING)) 2150 | { 2151 | name = g_variant_get_string (arg0, NULL); 2152 | name_policy = flatpak_proxy_client_get_max_policy (client, name); 2153 | 2154 | if (has_policy) 2155 | *has_policy = name_policy; 2156 | 2157 | if (name_policy >= required_policy) 2158 | return TRUE; 2159 | 2160 | if (client->proxy->log_messages) 2161 | g_print ("Filtering message due to arg0 %s, policy: %d (required %d)\n", name, name_policy, required_policy); 2162 | } 2163 | 2164 | return FALSE; 2165 | } 2166 | 2167 | static Buffer * 2168 | filter_names_list (FlatpakProxyClient *client, Buffer *buffer) 2169 | { 2170 | g_autoptr(GDBusMessage) message = 2171 | g_dbus_message_new_from_blob (buffer->data, buffer->size, 0, NULL); 2172 | GVariant *body, *new_names; 2173 | g_autoptr(GVariant) arg0 = NULL; 2174 | const gchar **names; 2175 | int i; 2176 | GVariantBuilder builder; 2177 | Buffer *filtered; 2178 | 2179 | if (message == NULL || 2180 | (body = g_dbus_message_get_body (message)) == NULL || 2181 | (arg0 = g_variant_get_child_value (body, 0)) == NULL || 2182 | !g_variant_is_of_type (arg0, G_VARIANT_TYPE_STRING_ARRAY)) 2183 | return NULL; 2184 | 2185 | names = g_variant_get_strv (arg0, NULL); 2186 | 2187 | g_variant_builder_init (&builder, G_VARIANT_TYPE_STRING_ARRAY); 2188 | for (i = 0; names[i] != NULL; i++) 2189 | { 2190 | if (flatpak_proxy_client_get_max_policy (client, names[i]) >= FLATPAK_POLICY_SEE) 2191 | g_variant_builder_add (&builder, "s", names[i]); 2192 | } 2193 | g_free (names); 2194 | 2195 | new_names = g_variant_builder_end (&builder); 2196 | g_dbus_message_set_body (message, 2197 | g_variant_new_tuple (&new_names, 1)); 2198 | 2199 | filtered = message_to_buffer (message); 2200 | return filtered; 2201 | } 2202 | 2203 | static gboolean 2204 | message_is_name_owner_changed (FlatpakProxyClient *client, Header *header) 2205 | { 2206 | if (header->type == G_DBUS_MESSAGE_TYPE_SIGNAL && 2207 | g_strcmp0 (header->sender, "org.freedesktop.DBus") == 0 && 2208 | g_strcmp0 (header->interface, "org.freedesktop.DBus") == 0 && 2209 | g_strcmp0 (header->member, "NameOwnerChanged") == 0) 2210 | return TRUE; 2211 | return FALSE; 2212 | } 2213 | 2214 | static gboolean 2215 | should_filter_name_owner_changed (FlatpakProxyClient *client, Buffer *buffer) 2216 | { 2217 | g_autoptr(GDBusMessage) message = 2218 | g_dbus_message_new_from_blob (buffer->data, buffer->size, 0, NULL); 2219 | GVariant *body; 2220 | g_autoptr(GVariant) arg0 = NULL; 2221 | g_autoptr(GVariant) arg1 = NULL; 2222 | g_autoptr(GVariant) arg2 = NULL; 2223 | const gchar *name, *new; 2224 | 2225 | if (message == NULL || 2226 | (body = g_dbus_message_get_body (message)) == NULL || 2227 | (arg0 = g_variant_get_child_value (body, 0)) == NULL || 2228 | !g_variant_is_of_type (arg0, G_VARIANT_TYPE_STRING) || 2229 | (arg1 = g_variant_get_child_value (body, 1)) == NULL || 2230 | !g_variant_is_of_type (arg1, G_VARIANT_TYPE_STRING) || 2231 | (arg2 = g_variant_get_child_value (body, 2)) == NULL || 2232 | !g_variant_is_of_type (arg2, G_VARIANT_TYPE_STRING)) 2233 | return TRUE; 2234 | 2235 | name = g_variant_get_string (arg0, NULL); 2236 | new = g_variant_get_string (arg2, NULL); 2237 | 2238 | if (flatpak_proxy_client_get_max_policy (client, name) >= FLATPAK_POLICY_SEE || 2239 | (client->proxy->sloppy_names && name[0] == ':')) 2240 | { 2241 | if (name[0] != ':') 2242 | { 2243 | if (new[0] != 0) 2244 | flatpak_proxy_client_add_unique_id_owned_name (client, new, name); 2245 | } 2246 | 2247 | return FALSE; 2248 | } 2249 | 2250 | return TRUE; 2251 | } 2252 | 2253 | static GList * 2254 | side_get_n_unix_fds (ProxySide *side, int n_fds) 2255 | { 2256 | GList *res = NULL; 2257 | 2258 | while (side->control_messages != NULL) 2259 | { 2260 | GSocketControlMessage *control_message = side->control_messages->data; 2261 | 2262 | if (G_IS_UNIX_FD_MESSAGE (control_message)) 2263 | { 2264 | GUnixFDMessage *fd_message = G_UNIX_FD_MESSAGE (control_message); 2265 | GUnixFDList *fd_list = g_unix_fd_message_get_fd_list (fd_message); 2266 | int len = g_unix_fd_list_get_length (fd_list); 2267 | 2268 | /* I believe that socket control messages are never merged, and 2269 | the sender side sends only one unix-fd-list per message, so 2270 | at this point there should always be one full fd list 2271 | per requested number of fds */ 2272 | if (len != n_fds) 2273 | { 2274 | g_warning ("Not right nr of fds in socket message"); 2275 | return NULL; 2276 | } 2277 | 2278 | side->control_messages = g_list_delete_link (side->control_messages, side->control_messages); 2279 | 2280 | return g_list_append (NULL, control_message); 2281 | } 2282 | 2283 | g_object_unref (control_message); 2284 | side->control_messages = g_list_delete_link (side->control_messages, side->control_messages); 2285 | } 2286 | 2287 | return res; 2288 | } 2289 | 2290 | static gboolean 2291 | update_socket_messages (ProxySide *side, Buffer *buffer, Header *header) 2292 | { 2293 | /* We may accidentally combine multiple control messages into one 2294 | buffer when we receive (since we can do several recvs), so we 2295 | keep a list of all we get and then only re-attach the amount 2296 | specified in the header to the buffer. */ 2297 | 2298 | side->control_messages = g_list_concat (side->control_messages, buffer->control_messages); 2299 | buffer->control_messages = NULL; 2300 | if (header->unix_fds > 0) 2301 | { 2302 | buffer->control_messages = side_get_n_unix_fds (side, header->unix_fds); 2303 | if (buffer->control_messages == NULL) 2304 | { 2305 | g_warning ("Not enough fds for message"); 2306 | side_closed (side); 2307 | buffer_unref (buffer); 2308 | return FALSE; 2309 | } 2310 | } 2311 | return TRUE; 2312 | } 2313 | 2314 | static void 2315 | queue_fake_message (FlatpakProxyClient *client, GDBusMessage *message, ExpectedReplyType reply_type) 2316 | { 2317 | Buffer *buffer; 2318 | 2319 | client->last_fake_serial++; 2320 | g_assert (client->last_fake_serial > MAX_CLIENT_SERIAL); 2321 | g_dbus_message_set_serial (message, client->last_fake_serial); 2322 | buffer = message_to_buffer (message); 2323 | g_object_unref (message); 2324 | 2325 | queue_outgoing_buffer (&client->bus_side, buffer); 2326 | queue_expected_reply (&client->client_side, client->last_fake_serial, reply_type); 2327 | } 2328 | 2329 | /* After the first Hello message we need to synthesize a bunch of messages to synchronize the 2330 | ownership state for the names in the policy */ 2331 | static void 2332 | queue_initial_name_ops (FlatpakProxyClient *client) 2333 | { 2334 | GHashTableIter iter; 2335 | gpointer key, value; 2336 | gboolean has_wildcards = FALSE; 2337 | 2338 | g_hash_table_iter_init (&iter, client->proxy->filters); 2339 | while (g_hash_table_iter_next (&iter, &key, &value)) 2340 | { 2341 | const char *name = key; 2342 | GList *filters = value; 2343 | gboolean name_needs_subtree = FALSE; 2344 | GDBusMessage *message; 2345 | GVariant *match; 2346 | GList *l; 2347 | 2348 | for (l = filters; l != NULL; l = l->next) 2349 | { 2350 | Filter *filter = l->data; 2351 | if (filter->name_is_subtree) 2352 | { 2353 | name_needs_subtree = TRUE; 2354 | break; 2355 | } 2356 | } 2357 | 2358 | if (strcmp (name, "org.freedesktop.DBus") == 0) 2359 | continue; 2360 | 2361 | /* AddMatch the name so we get told about ownership changes. 2362 | Do it before the GetNameOwner to avoid races */ 2363 | message = g_dbus_message_new_method_call ("org.freedesktop.DBus", "/", "org.freedesktop.DBus", "AddMatch"); 2364 | if (name_needs_subtree) 2365 | match = g_variant_new_printf ("type='signal',sender='org.freedesktop.DBus',interface='org.freedesktop.DBus',member='NameOwnerChanged',arg0namespace='%s'", name); 2366 | else 2367 | match = g_variant_new_printf ("type='signal',sender='org.freedesktop.DBus',interface='org.freedesktop.DBus',member='NameOwnerChanged',arg0='%s'", name); 2368 | g_dbus_message_set_body (message, g_variant_new_tuple (&match, 1)); 2369 | queue_fake_message (client, message, EXPECTED_REPLY_FILTER); 2370 | 2371 | if (client->proxy->log_messages) 2372 | g_print ("C%d: -> org.freedesktop.DBus fake %sAddMatch for %s\n", client->last_fake_serial, name_needs_subtree ? "wildcarded " : "", name); 2373 | 2374 | if (!name_needs_subtree) 2375 | { 2376 | /* Get the current owner of the name (if any) so we can apply policy to it */ 2377 | message = g_dbus_message_new_method_call ("org.freedesktop.DBus", "/", "org.freedesktop.DBus", "GetNameOwner"); 2378 | g_dbus_message_set_body (message, g_variant_new ("(s)", name)); 2379 | queue_fake_message (client, message, EXPECTED_REPLY_FAKE_GET_NAME_OWNER); 2380 | g_hash_table_replace (client->get_owner_reply, GINT_TO_POINTER (client->last_fake_serial), g_strdup (name)); 2381 | 2382 | if (client->proxy->log_messages) 2383 | g_print ("C%d: -> org.freedesktop.DBus fake GetNameOwner for %s\n", client->last_fake_serial, name); 2384 | } 2385 | else 2386 | has_wildcards = TRUE; /* Send ListNames below */ 2387 | } 2388 | 2389 | /* For wildcarded rules we don't know the actual names to GetNameOwner for, so we have to list all current names */ 2390 | if (has_wildcards) 2391 | { 2392 | GDBusMessage *message; 2393 | 2394 | /* AddMatch the name so we get told about ownership changes. 2395 | Do it before the GetNameOwner to avoid races */ 2396 | message = g_dbus_message_new_method_call ("org.freedesktop.DBus", "/", "org.freedesktop.DBus", "ListNames"); 2397 | g_dbus_message_set_body (message, g_variant_new ("()")); 2398 | queue_fake_message (client, message, EXPECTED_REPLY_FAKE_LIST_NAMES); 2399 | 2400 | if (client->proxy->log_messages) 2401 | g_print ("C%d: -> org.freedesktop.DBus fake ListNames\n", client->last_fake_serial); 2402 | 2403 | /* Stop reading from the client, to avoid incoming messages fighting with the ListNames roundtrip. 2404 | We will start it again once we have handled the ListNames reply */ 2405 | stop_reading (&client->client_side); 2406 | 2407 | /* Once we get the reply to this queue_wildcard_initial_name_ops() will be called and we continue there */ 2408 | } 2409 | } 2410 | 2411 | static void 2412 | queue_wildcard_initial_name_ops (FlatpakProxyClient *client, Header *header, Buffer *buffer) 2413 | { 2414 | g_autoptr(GDBusMessage) decoded_message = 2415 | g_dbus_message_new_from_blob (buffer->data, buffer->size, 0, NULL); 2416 | GVariant *body; 2417 | g_autoptr(GVariant) arg0 = NULL; 2418 | g_autofree const gchar **names = NULL; 2419 | int i; 2420 | 2421 | if (decoded_message == NULL || 2422 | header->type != G_DBUS_MESSAGE_TYPE_METHOD_RETURN || 2423 | (body = g_dbus_message_get_body (decoded_message)) == NULL || 2424 | (arg0 = g_variant_get_child_value (body, 0)) == NULL || 2425 | !g_variant_is_of_type (arg0, G_VARIANT_TYPE_STRING_ARRAY)) 2426 | return; 2427 | 2428 | names = g_variant_get_strv (arg0, NULL); 2429 | 2430 | /* Loop over all current names and get the owner for all the ones that match our rules 2431 | policies so that we can update the unique id policies for those */ 2432 | for (i = 0; names[i] != NULL; i++) 2433 | { 2434 | const char *name = names[i]; 2435 | 2436 | if (name[0] != ':' && 2437 | flatpak_proxy_client_get_max_policy (client, name) != FLATPAK_POLICY_NONE) 2438 | { 2439 | /* Get the current owner of the name (if any) so we can apply policy to it */ 2440 | GDBusMessage *message = g_dbus_message_new_method_call ("org.freedesktop.DBus", "/", "org.freedesktop.DBus", "GetNameOwner"); 2441 | g_dbus_message_set_body (message, g_variant_new ("(s)", name)); 2442 | queue_fake_message (client, message, EXPECTED_REPLY_FAKE_GET_NAME_OWNER); 2443 | g_hash_table_replace (client->get_owner_reply, GINT_TO_POINTER (client->last_fake_serial), g_strdup (name)); 2444 | 2445 | if (client->proxy->log_messages) 2446 | g_print ("C%d: -> org.freedesktop.DBus fake GetNameOwner for %s\n", client->last_fake_serial, name); 2447 | } 2448 | } 2449 | } 2450 | 2451 | 2452 | static void 2453 | got_buffer_from_client (FlatpakProxyClient *client, ProxySide *side, Buffer *buffer) 2454 | { 2455 | ExpectedReplyType expecting_reply = EXPECTED_REPLY_NONE; 2456 | 2457 | if (client->auth_state == AUTH_COMPLETE && client->proxy->filter) 2458 | { 2459 | g_autoptr(Header) header = NULL; 2460 | g_autoptr(GError) error = NULL; 2461 | BusHandler handler; 2462 | 2463 | /* Filter and rewrite outgoing messages as needed */ 2464 | 2465 | header = parse_header (buffer, &error); 2466 | if (header == NULL) 2467 | { 2468 | g_warning ("Invalid message header format from client: %s", 2469 | error->message); 2470 | side_closed (side); 2471 | buffer_unref (buffer); 2472 | return; 2473 | } 2474 | 2475 | if (!update_socket_messages (side, buffer, header)) 2476 | return; 2477 | 2478 | if (header->serial > MAX_CLIENT_SERIAL) 2479 | { 2480 | g_warning ("Invalid client serial: Exceeds maximum value of %u", MAX_CLIENT_SERIAL); 2481 | side_closed (side); 2482 | buffer_unref (buffer); 2483 | return; 2484 | } 2485 | 2486 | if (client->proxy->log_messages) 2487 | print_outgoing_header (header); 2488 | 2489 | /* Keep track of the initial Hello request so that we can read 2490 | the reply which has our assigned unique id */ 2491 | if (is_dbus_method_call (header) && 2492 | g_strcmp0 (header->member, "Hello") == 0) 2493 | { 2494 | expecting_reply = EXPECTED_REPLY_HELLO; 2495 | client->hello_serial = header->serial; 2496 | } 2497 | 2498 | handler = get_dbus_method_handler (client, header); 2499 | 2500 | switch (handler) 2501 | { 2502 | case HANDLE_FILTER_HAS_OWNER_REPLY: 2503 | case HANDLE_FILTER_GET_OWNER_REPLY: 2504 | if (!validate_arg0_name (client, buffer, FLATPAK_POLICY_SEE, NULL)) 2505 | { 2506 | g_clear_pointer (&buffer, buffer_unref); 2507 | if (handler == HANDLE_FILTER_GET_OWNER_REPLY) 2508 | buffer = get_error_for_roundtrip (client, header, 2509 | "org.freedesktop.DBus.Error.NameHasNoOwner"); 2510 | else 2511 | buffer = get_bool_reply_for_roundtrip (client, header, FALSE); 2512 | 2513 | expecting_reply = EXPECTED_REPLY_REWRITE; 2514 | break; 2515 | } 2516 | 2517 | goto handle_pass; 2518 | 2519 | case HANDLE_VALIDATE_MATCH: 2520 | if (!validate_arg0_match (client, buffer)) 2521 | { 2522 | if (client->proxy->log_messages) 2523 | g_print ("*DENIED* (ping)\n"); 2524 | g_clear_pointer (&buffer, buffer_unref); 2525 | buffer = get_error_for_roundtrip (client, header, 2526 | "org.freedesktop.DBus.Error.AccessDenied"); 2527 | expecting_reply = EXPECTED_REPLY_REWRITE; 2528 | break; 2529 | } 2530 | 2531 | goto handle_pass; 2532 | 2533 | case HANDLE_VALIDATE_OWN: 2534 | case HANDLE_VALIDATE_SEE: 2535 | case HANDLE_VALIDATE_TALK: 2536 | { 2537 | FlatpakPolicy name_policy; 2538 | if (validate_arg0_name (client, buffer, policy_from_handler (handler), &name_policy)) 2539 | goto handle_pass; 2540 | 2541 | if (name_policy < (int) FLATPAK_POLICY_SEE) 2542 | goto handle_hide; 2543 | else 2544 | goto handle_deny; 2545 | } 2546 | 2547 | case HANDLE_FILTER_NAME_LIST_REPLY: 2548 | expecting_reply = EXPECTED_REPLY_LIST_NAMES; 2549 | goto handle_pass; 2550 | 2551 | case HANDLE_PASS: 2552 | handle_pass: 2553 | if (client_message_generates_reply (header)) 2554 | { 2555 | if (expecting_reply == EXPECTED_REPLY_NONE) 2556 | expecting_reply = EXPECTED_REPLY_NORMAL; 2557 | } 2558 | 2559 | break; 2560 | 2561 | case HANDLE_HIDE: 2562 | handle_hide: 2563 | g_clear_pointer (&buffer, buffer_unref); 2564 | 2565 | if (client_message_generates_reply (header)) 2566 | { 2567 | const char *error_str; 2568 | 2569 | if (client->proxy->log_messages) 2570 | g_print ("*HIDDEN* (ping)\n"); 2571 | 2572 | if ((header->destination != NULL && header->destination[0] == ':') || 2573 | (header->flags & G_DBUS_MESSAGE_FLAGS_NO_AUTO_START) != 0) 2574 | error_str = "org.freedesktop.DBus.Error.NameHasNoOwner"; 2575 | else 2576 | error_str = "org.freedesktop.DBus.Error.ServiceUnknown"; 2577 | 2578 | buffer = get_error_for_roundtrip (client, header, error_str); 2579 | expecting_reply = EXPECTED_REPLY_REWRITE; 2580 | } 2581 | else 2582 | { 2583 | if (client->proxy->log_messages) 2584 | g_print ("*HIDDEN*\n"); 2585 | } 2586 | break; 2587 | 2588 | default: 2589 | case HANDLE_DENY: 2590 | handle_deny: 2591 | g_clear_pointer (&buffer, buffer_unref); 2592 | 2593 | if (client_message_generates_reply (header)) 2594 | { 2595 | if (client->proxy->log_messages) 2596 | g_print ("*DENIED* (ping)\n"); 2597 | 2598 | buffer = get_error_for_roundtrip (client, header, 2599 | "org.freedesktop.DBus.Error.AccessDenied"); 2600 | expecting_reply = EXPECTED_REPLY_REWRITE; 2601 | } 2602 | else 2603 | { 2604 | if (client->proxy->log_messages) 2605 | g_print ("*DENIED*\n"); 2606 | } 2607 | break; 2608 | } 2609 | 2610 | if (buffer != NULL && expecting_reply != EXPECTED_REPLY_NONE) 2611 | queue_expected_reply (side, header->serial, expecting_reply); 2612 | } 2613 | 2614 | if (buffer) 2615 | queue_outgoing_buffer (&client->bus_side, buffer); 2616 | 2617 | if (buffer != NULL && expecting_reply == EXPECTED_REPLY_HELLO) 2618 | queue_initial_name_ops (client); 2619 | } 2620 | 2621 | static void 2622 | got_buffer_from_bus (FlatpakProxyClient *client, ProxySide *side, Buffer *buffer) 2623 | { 2624 | if (client->auth_state == AUTH_COMPLETE && client->proxy->filter) 2625 | { 2626 | g_autoptr(Header) header = NULL; 2627 | g_autoptr(GError) error = NULL; 2628 | GDBusMessage *rewritten; 2629 | FlatpakPolicy policy; 2630 | ExpectedReplyType expected_reply; 2631 | 2632 | /* Filter and rewrite incoming messages as needed */ 2633 | 2634 | header = parse_header (buffer, &error); 2635 | if (header == NULL) 2636 | { 2637 | g_warning ("Invalid message header format from bus: %s", 2638 | error->message); 2639 | buffer_unref (buffer); 2640 | side_closed (side); 2641 | return; 2642 | } 2643 | 2644 | if (!update_socket_messages (side, buffer, header)) 2645 | return; 2646 | 2647 | if (client->proxy->log_messages) 2648 | print_incoming_header (header); 2649 | 2650 | if (header->has_reply_serial) 2651 | { 2652 | expected_reply = steal_expected_reply (get_other_side (side), header->reply_serial); 2653 | 2654 | switch (expected_reply) 2655 | { 2656 | case EXPECTED_REPLY_NONE: 2657 | /* We only allow replies we expect */ 2658 | if (client->proxy->log_messages) 2659 | g_print ("*Unexpected reply*\n"); 2660 | buffer_unref (buffer); 2661 | return; 2662 | 2663 | case EXPECTED_REPLY_HELLO: 2664 | /* When we get the initial reply to Hello, allow all 2665 | further communications to our own unique id. */ 2666 | if (header->type == G_DBUS_MESSAGE_TYPE_METHOD_RETURN) 2667 | { 2668 | g_autofree char *my_id = get_arg0_string (buffer); 2669 | flatpak_proxy_client_update_unique_id_policy (client, my_id, FLATPAK_POLICY_TALK); 2670 | } 2671 | /* ... else it's an ERROR or something. Either way, pass it 2672 | * through to the client unedited. */ 2673 | break; 2674 | 2675 | case EXPECTED_REPLY_REWRITE: 2676 | /* Replace a roundtrip ping with the rewritten message */ 2677 | 2678 | rewritten = g_hash_table_lookup (client->rewrite_reply, 2679 | GINT_TO_POINTER (header->reply_serial)); 2680 | 2681 | if (client->proxy->log_messages) 2682 | g_print ("*REWRITTEN*\n"); 2683 | 2684 | g_dbus_message_set_serial (rewritten, header->serial); 2685 | g_clear_pointer (&buffer, buffer_unref); 2686 | buffer = message_to_buffer (rewritten); 2687 | 2688 | g_hash_table_remove (client->rewrite_reply, 2689 | GINT_TO_POINTER (header->reply_serial)); 2690 | break; 2691 | 2692 | case EXPECTED_REPLY_FAKE_LIST_NAMES: 2693 | /* This is a reply from the bus to a fake ListNames 2694 | request, request ownership of any name matching a 2695 | wildcard policy */ 2696 | 2697 | queue_wildcard_initial_name_ops (client, header, buffer); 2698 | 2699 | /* Don't forward fake replies to the app */ 2700 | if (client->proxy->log_messages) 2701 | g_print ("*SKIPPED*\n"); 2702 | g_clear_pointer (&buffer, buffer_unref); 2703 | 2704 | /* Start reading the clients requests now that we are done with the names */ 2705 | start_reading (&client->client_side); 2706 | break; 2707 | 2708 | case EXPECTED_REPLY_FAKE_GET_NAME_OWNER: 2709 | /* This is a reply from the bus to a fake GetNameOwner 2710 | request, update the policy for this unique name based on 2711 | the policy */ 2712 | { 2713 | char *requested_name = g_hash_table_lookup (client->get_owner_reply, GINT_TO_POINTER (header->reply_serial)); 2714 | 2715 | if (header->type == G_DBUS_MESSAGE_TYPE_METHOD_RETURN) 2716 | { 2717 | g_autofree char *owner = get_arg0_string (buffer); 2718 | flatpak_proxy_client_add_unique_id_owned_name (client, owner, requested_name); 2719 | } 2720 | 2721 | g_hash_table_remove (client->get_owner_reply, GINT_TO_POINTER (header->reply_serial)); 2722 | 2723 | /* Don't forward fake replies to the app */ 2724 | if (client->proxy->log_messages) 2725 | g_print ("*SKIPPED*\n"); 2726 | g_clear_pointer (&buffer, buffer_unref); 2727 | break; 2728 | } 2729 | 2730 | case EXPECTED_REPLY_FILTER: 2731 | if (client->proxy->log_messages) 2732 | g_print ("*SKIPPED*\n"); 2733 | g_clear_pointer (&buffer, buffer_unref); 2734 | break; 2735 | 2736 | case EXPECTED_REPLY_LIST_NAMES: 2737 | /* This is a reply from the bus to a ListNames request, filter 2738 | it according to the policy */ 2739 | if (header->type == G_DBUS_MESSAGE_TYPE_METHOD_RETURN) 2740 | { 2741 | Buffer *filtered_buffer; 2742 | 2743 | filtered_buffer = filter_names_list (client, buffer); 2744 | g_clear_pointer (&buffer, buffer_unref); 2745 | buffer = filtered_buffer; 2746 | } 2747 | 2748 | break; 2749 | 2750 | case EXPECTED_REPLY_NORMAL: 2751 | break; 2752 | 2753 | default: 2754 | g_warning ("Unexpected expected reply type %d", expected_reply); 2755 | } 2756 | } 2757 | else /* Not reply */ 2758 | { 2759 | 2760 | /* Don't allow reply types with no reply_serial */ 2761 | if (header->type == G_DBUS_MESSAGE_TYPE_METHOD_RETURN || 2762 | header->type == G_DBUS_MESSAGE_TYPE_ERROR) 2763 | { 2764 | if (client->proxy->log_messages) 2765 | g_print ("*Invalid reply*\n"); 2766 | g_clear_pointer (&buffer, buffer_unref); 2767 | } 2768 | 2769 | /* We filter all NameOwnerChanged signal according to the policy */ 2770 | if (message_is_name_owner_changed (client, header)) 2771 | { 2772 | if (should_filter_name_owner_changed (client, buffer)) 2773 | g_clear_pointer (&buffer, buffer_unref); 2774 | } 2775 | } 2776 | 2777 | /* All incoming broadcast signals are filtered according to policy */ 2778 | if (header->type == G_DBUS_MESSAGE_TYPE_SIGNAL && header->destination == NULL) 2779 | { 2780 | g_autoptr(GList) filters = NULL; 2781 | gboolean filtered = TRUE; 2782 | 2783 | policy = flatpak_proxy_client_get_max_policy_and_matched (client, header->sender, &filters); 2784 | 2785 | if (policy == FLATPAK_POLICY_OWN || 2786 | policy == FLATPAK_POLICY_TALK || 2787 | any_filter_matches (filters, FILTER_TYPE_BROADCAST, 2788 | header->path, 2789 | header->interface, 2790 | header->member)) 2791 | filtered = FALSE; 2792 | 2793 | if (filtered) 2794 | { 2795 | if (client->proxy->log_messages) 2796 | g_print ("*FILTERED IN*\n"); 2797 | g_clear_pointer (&buffer, buffer_unref); 2798 | } 2799 | } 2800 | 2801 | /* We received and forwarded a message from a trusted peer. Make the policy for 2802 | this unique id SEE so that the client can track its lifetime. */ 2803 | if (buffer && header->sender && header->sender[0] == ':') 2804 | flatpak_proxy_client_update_unique_id_policy (client, header->sender, FLATPAK_POLICY_SEE); 2805 | 2806 | if (buffer && client_message_generates_reply (header)) 2807 | queue_expected_reply (side, header->serial, EXPECTED_REPLY_NORMAL); 2808 | } 2809 | 2810 | if (buffer) 2811 | queue_outgoing_buffer (&client->client_side, buffer); 2812 | } 2813 | 2814 | static void 2815 | got_buffer_from_side (ProxySide *side, Buffer *buffer) 2816 | { 2817 | FlatpakProxyClient *client = side->client; 2818 | 2819 | if (side == &client->client_side) 2820 | got_buffer_from_client (client, side, buffer); 2821 | else 2822 | got_buffer_from_bus (client, side, buffer); 2823 | } 2824 | 2825 | #define _DBUS_ISASCII(c) ((c) != '\0' && (((c) & ~0x7f) == 0)) 2826 | 2827 | static gboolean 2828 | auth_line_is_valid (guint8 *line, guint8 *line_end) 2829 | { 2830 | guint8 *p; 2831 | 2832 | for (p = line; p < line_end; p++) 2833 | { 2834 | if (!_DBUS_ISASCII (*p)) 2835 | return FALSE; 2836 | 2837 | /* Technically, the dbus spec allows all ASCII characters, but for robustness we also 2838 | fail if we see any control characters. Such low values will appear in potential attacks, 2839 | but will never happen in real sasl (where all binary data is hex encoded). */ 2840 | if (*p < ' ') 2841 | return FALSE; 2842 | } 2843 | 2844 | /* For robustness we require the first char of the line to be an upper case letter. 2845 | This is not technically required by the dbus spec, but all commands are upper 2846 | case, and there is no provisioning for whitespace before the command, so in practice 2847 | this is true, and this means we're not confused by e.g. initial whitespace. */ 2848 | if (line[0] < 'A' || line[0] > 'Z') 2849 | return FALSE; 2850 | 2851 | return TRUE; 2852 | } 2853 | 2854 | static gboolean 2855 | auth_line_is_begin (guint8 *line) 2856 | { 2857 | guint8 next_char; 2858 | 2859 | if (!g_str_has_prefix ((char *) line, AUTH_BEGIN)) 2860 | return FALSE; 2861 | 2862 | /* dbus-daemon accepts either nothing, or a whitespace followed by anything as end of auth */ 2863 | next_char = line[strlen (AUTH_BEGIN)]; 2864 | return next_char == 0 || 2865 | next_char == ' ' || 2866 | next_char == '\t'; 2867 | } 2868 | 2869 | static guint8 * 2870 | find_auth_line_end (guint8 *line_start, gsize buffer_size) 2871 | { 2872 | return memmem (line_start, buffer_size, 2873 | AUTH_LINE_SENTINEL, strlen (AUTH_LINE_SENTINEL)); 2874 | } 2875 | 2876 | static gssize 2877 | find_auth_end (FlatpakProxyClient *client, Buffer *buffer, gsize *out_lines_skipped) 2878 | { 2879 | goffset offset = 0; 2880 | gsize original_size = client->auth_buffer->len; 2881 | gsize lines_skipped = 0; 2882 | 2883 | /* Add the new data to the remaining data from last iteration */ 2884 | g_byte_array_append (client->auth_buffer, buffer->data, buffer->pos); 2885 | 2886 | while (TRUE) 2887 | { 2888 | guint8 *line_start = client->auth_buffer->data + offset; 2889 | gsize remaining_data = client->auth_buffer->len - offset; 2890 | guint8 *line_end; 2891 | 2892 | line_end = find_auth_line_end (line_start, remaining_data); 2893 | if (line_end) /* Found end of line */ 2894 | { 2895 | offset = (line_end + strlen (AUTH_LINE_SENTINEL) - client->auth_buffer->data); 2896 | 2897 | if (!auth_line_is_valid (line_start, line_end)) 2898 | return FIND_AUTH_END_ABORT; 2899 | 2900 | *line_end = 0; 2901 | if (auth_line_is_begin (line_start)) 2902 | { 2903 | *out_lines_skipped = lines_skipped; 2904 | return offset - original_size; 2905 | } 2906 | 2907 | /* continue with next line */ 2908 | ++lines_skipped; 2909 | } 2910 | else 2911 | { 2912 | /* No more end-of-line in this buffer */ 2913 | *out_lines_skipped = lines_skipped; 2914 | g_byte_array_remove_range (client->auth_buffer, 0, offset); 2915 | 2916 | /* Abort if more than 16k before newline, similar to what dbus-daemon does */ 2917 | if (client->auth_buffer->len >= 16 * 1024) 2918 | return FIND_AUTH_END_ABORT; 2919 | 2920 | return FIND_AUTH_END_CONTINUE; 2921 | } 2922 | } 2923 | } 2924 | 2925 | static gboolean 2926 | side_in_cb (GSocket *socket, GIOCondition condition, gpointer user_data) 2927 | { 2928 | ProxySide *side = user_data; 2929 | FlatpakProxyClient *client = side->client; 2930 | GError *error = NULL; 2931 | Buffer *buffer; 2932 | gboolean retval = G_SOURCE_CONTINUE; 2933 | gboolean wake_client_reader = FALSE; 2934 | 2935 | g_object_ref (client); 2936 | 2937 | while (!side->closed) 2938 | { 2939 | if (!side->got_first_byte) 2940 | buffer = buffer_new (1, NULL); 2941 | else if (client->auth_state != AUTH_COMPLETE) 2942 | buffer = buffer_new (256, NULL); 2943 | else 2944 | buffer = side->current_read_buffer; 2945 | 2946 | if (!buffer_read (side, buffer, socket)) 2947 | { 2948 | if (buffer != side->current_read_buffer) 2949 | buffer_unref (buffer); 2950 | break; 2951 | } 2952 | 2953 | if (client->auth_state != AUTH_COMPLETE) 2954 | { 2955 | if (buffer->pos == 0) 2956 | { 2957 | buffer_unref (buffer); 2958 | continue; 2959 | } 2960 | 2961 | /* The state of the client after handling this buffer */ 2962 | AuthState new_auth_state = client->auth_state; 2963 | 2964 | buffer->size = buffer->pos; 2965 | if (!side->got_first_byte) 2966 | { 2967 | buffer->send_credentials = TRUE; 2968 | side->got_first_byte = TRUE; 2969 | } 2970 | /* Look for end of authentication mechanism */ 2971 | else if (side == &client->client_side && client->auth_state == AUTH_WAITING_FOR_BEGIN) 2972 | { 2973 | gsize lines_skipped = 0; 2974 | gssize auth_end = find_auth_end (client, buffer, &lines_skipped); 2975 | 2976 | client->auth_requests += lines_skipped; 2977 | 2978 | if (auth_end >= 0) 2979 | { 2980 | gsize extra_data; 2981 | 2982 | if (client->auth_replies == client->auth_requests) 2983 | new_auth_state = AUTH_COMPLETE; 2984 | else 2985 | new_auth_state = AUTH_WAITING_FOR_BACKLOG; 2986 | 2987 | extra_data = buffer->pos - auth_end; 2988 | buffer->size = buffer->pos = auth_end; 2989 | 2990 | /* We may have gotten some extra data which is not part of 2991 | the auth handshake, keep it for the next iteration. */ 2992 | if (extra_data > 0) 2993 | side->extra_input_data = g_bytes_new (buffer->data + buffer->size, extra_data); 2994 | } 2995 | else if (auth_end == FIND_AUTH_END_ABORT) 2996 | { 2997 | buffer_unref (buffer); 2998 | if (client->proxy->log_messages) 2999 | g_print ("Invalid AUTH line, aborting\n"); 3000 | side_closed (side); 3001 | break; 3002 | } 3003 | } 3004 | else if (side == &client->bus_side) 3005 | { 3006 | gsize remaining = buffer->pos; 3007 | guint8 *line_start = buffer->data; 3008 | 3009 | while (remaining > 0) 3010 | { 3011 | guint8 *line_end = NULL; 3012 | 3013 | if (client->auth_replies == client->auth_requests) 3014 | { 3015 | buffer_unref (buffer); 3016 | if (client->proxy->log_messages) 3017 | g_print ("Unexpected auth reply line from bus, aborting\n"); 3018 | side_closed (side); 3019 | break; 3020 | } 3021 | 3022 | line_end = find_auth_line_end (line_start, remaining); 3023 | if (line_end == NULL) 3024 | line_end = line_start + remaining; 3025 | else 3026 | { 3027 | line_end += strlen (AUTH_LINE_SENTINEL); 3028 | client->auth_replies++; 3029 | } 3030 | 3031 | remaining -= line_end - line_start; 3032 | line_start = line_end; 3033 | 3034 | if (client->auth_state == AUTH_WAITING_FOR_BACKLOG && 3035 | client->auth_replies == client->auth_requests) 3036 | { 3037 | new_auth_state = AUTH_COMPLETE; 3038 | /* We may have added extra data on the input, ensure we read it directly */ 3039 | wake_client_reader = TRUE; 3040 | 3041 | buffer->pos = buffer->size = line_start - buffer->data; 3042 | 3043 | /* We may have gotten some extra data which is not part of 3044 | the auth handshake, keep it for the next iteration. */ 3045 | if (remaining > 0) 3046 | side->extra_input_data = g_bytes_new (line_start, remaining); 3047 | 3048 | break; 3049 | } 3050 | } 3051 | } 3052 | 3053 | got_buffer_from_side (side, buffer); 3054 | 3055 | client->auth_state = new_auth_state; 3056 | } 3057 | else if (buffer->pos == buffer->size) 3058 | { 3059 | if (buffer == &side->header_buffer) 3060 | { 3061 | gssize required; 3062 | required = g_dbus_message_bytes_needed (buffer->data, buffer->size, &error); 3063 | if (required < 0) 3064 | { 3065 | g_warning ("Invalid message header read"); 3066 | side_closed (side); 3067 | } 3068 | else 3069 | { 3070 | side->current_read_buffer = buffer_new (required, buffer); 3071 | } 3072 | } 3073 | else 3074 | { 3075 | got_buffer_from_side (side, buffer); 3076 | side->header_buffer.pos = 0; 3077 | side->current_read_buffer = &side->header_buffer; 3078 | } 3079 | } 3080 | } 3081 | 3082 | if (side->closed) 3083 | { 3084 | side->in_source = NULL; 3085 | retval = G_SOURCE_REMOVE; 3086 | } 3087 | else if (wake_client_reader) 3088 | { 3089 | GSocket *client_socket = g_socket_connection_get_socket (client->client_side.connection); 3090 | side_in_cb (client_socket, G_IO_IN, &client->client_side); 3091 | } 3092 | 3093 | g_object_unref (client); 3094 | 3095 | return retval; 3096 | } 3097 | 3098 | static void 3099 | start_reading (ProxySide *side) 3100 | { 3101 | GSocket *socket; 3102 | 3103 | socket = g_socket_connection_get_socket (side->connection); 3104 | side->in_source = g_socket_create_source (socket, G_IO_IN, NULL); 3105 | g_source_set_callback (side->in_source, G_SOURCE_FUNC (side_in_cb), side, NULL); 3106 | g_source_attach (side->in_source, NULL); 3107 | g_source_unref (side->in_source); 3108 | } 3109 | 3110 | static void 3111 | stop_reading (ProxySide *side) 3112 | { 3113 | if (side->in_source) 3114 | { 3115 | g_source_destroy (side->in_source); 3116 | side->in_source = NULL; 3117 | } 3118 | } 3119 | 3120 | 3121 | static void 3122 | client_connected_to_dbus (GObject *source_object, 3123 | GAsyncResult *res, 3124 | gpointer user_data) 3125 | { 3126 | FlatpakProxyClient *client = user_data; 3127 | GSocketConnection *connection; 3128 | GError *error = NULL; 3129 | GIOStream *stream; 3130 | 3131 | stream = g_dbus_address_get_stream_finish (res, NULL, &error); 3132 | if (stream == NULL) 3133 | { 3134 | g_warning ("Failed to connect to bus: %s", error->message); 3135 | g_object_unref (client); 3136 | return; 3137 | } 3138 | 3139 | connection = G_SOCKET_CONNECTION (stream); 3140 | g_socket_set_blocking (g_socket_connection_get_socket (connection), FALSE); 3141 | client->bus_side.connection = connection; 3142 | 3143 | start_reading (&client->client_side); 3144 | start_reading (&client->bus_side); 3145 | } 3146 | 3147 | static gboolean 3148 | flatpak_proxy_incoming (GSocketService *service, 3149 | GSocketConnection *connection, 3150 | GObject *source_object) 3151 | { 3152 | FlatpakProxy *proxy = FLATPAK_PROXY (service); 3153 | FlatpakProxyClient *client; 3154 | 3155 | client = flatpak_proxy_client_new (proxy, connection); 3156 | 3157 | g_dbus_address_get_stream (proxy->dbus_address, 3158 | NULL, 3159 | client_connected_to_dbus, 3160 | client); 3161 | return TRUE; 3162 | } 3163 | 3164 | static void 3165 | flatpak_proxy_init (FlatpakProxy *proxy) 3166 | { 3167 | proxy->filters = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, (GDestroyNotify) filter_list_free); 3168 | flatpak_proxy_add_policy (proxy, "org.freedesktop.DBus", FALSE, FLATPAK_POLICY_TALK); 3169 | } 3170 | 3171 | static void 3172 | flatpak_proxy_class_init (FlatpakProxyClass *klass) 3173 | { 3174 | GObjectClass *object_class = G_OBJECT_CLASS (klass); 3175 | GSocketServiceClass *socket_service_class = G_SOCKET_SERVICE_CLASS (klass); 3176 | 3177 | object_class->get_property = flatpak_proxy_get_property; 3178 | object_class->set_property = flatpak_proxy_set_property; 3179 | object_class->finalize = flatpak_proxy_finalize; 3180 | 3181 | socket_service_class->incoming = flatpak_proxy_incoming; 3182 | 3183 | g_object_class_install_property (object_class, 3184 | PROP_DBUS_ADDRESS, 3185 | g_param_spec_string ("dbus-address", 3186 | "", 3187 | "", 3188 | NULL, 3189 | G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); 3190 | g_object_class_install_property (object_class, 3191 | PROP_SOCKET_PATH, 3192 | g_param_spec_string ("socket-path", 3193 | "", 3194 | "", 3195 | NULL, 3196 | G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY)); 3197 | 3198 | } 3199 | 3200 | FlatpakProxy * 3201 | flatpak_proxy_new (const char *dbus_address, 3202 | const char *socket_path) 3203 | { 3204 | FlatpakProxy *proxy; 3205 | 3206 | proxy = g_object_new (FLATPAK_TYPE_PROXY, "dbus-address", dbus_address, "socket-path", socket_path, NULL); 3207 | return proxy; 3208 | } 3209 | 3210 | gboolean 3211 | flatpak_proxy_start (FlatpakProxy *proxy, GError **error) 3212 | { 3213 | GSocketAddress *address; 3214 | gboolean res; 3215 | 3216 | unlink (proxy->socket_path); 3217 | 3218 | address = g_unix_socket_address_new (proxy->socket_path); 3219 | 3220 | res = g_socket_listener_add_address (G_SOCKET_LISTENER (proxy), 3221 | address, 3222 | G_SOCKET_TYPE_STREAM, 3223 | G_SOCKET_PROTOCOL_DEFAULT, 3224 | NULL, /* source_object */ 3225 | NULL, /* effective_address */ 3226 | error); 3227 | g_object_unref (address); 3228 | 3229 | if (!res) 3230 | return FALSE; 3231 | 3232 | 3233 | g_socket_service_start (G_SOCKET_SERVICE (proxy)); 3234 | return TRUE; 3235 | } 3236 | 3237 | void 3238 | flatpak_proxy_stop (FlatpakProxy *proxy) 3239 | { 3240 | unlink (proxy->socket_path); 3241 | 3242 | g_socket_service_stop (G_SOCKET_SERVICE (proxy)); 3243 | } 3244 | --------------------------------------------------------------------------------