Commit Graph

284 Commits

Author SHA1 Message Date
Philip Withnall
9c66880af0
gdbusconnection: Fix a crash on arg0 matching
If a connection has two signal subscriptions active for the same signal,
one with arg0 matching and one without, a signal which doesn’t contain
an arg0 value (i.e. `g_dbus_message_get_arg0()` returns `NULL`) will
cause `NULL` to be passed to `strcmp()` when checking for a match
against the signal subscription which *has* arg0 matching, causing a
crash.

Fix that by adding the obvious `NULL` check, and add a unit test.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Fixes: #3342
2024-05-01 10:53:22 +01:00
Philip Withnall
747e3af998
gdbusconnection: Fix user_data leaks on error
There were a couple of functions in `GDBusConnection` which take a
`user_data` argument, but which then leak it if they error out early.

A true positive spotted by scan-build!

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #1767
2024-04-26 10:33:03 +01:00
Philip Withnall
e2c3581e37
gdbusconnection: Ensure out_serial return value is always set
There were some error paths where it wasn’t set, returning an
uninitialised value to the caller.

Spotted by scan-build.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Helps: #1767
2024-04-26 10:32:32 +01:00
Marco Trevisan (Treviño)
81068e5c00 gio: Use g_task_return_error_literal() where we don't need formatting 2023-12-20 16:14:57 +00:00
Michael Olbrich
19a6742fc2 gdbusconnection: don't cache G_IO_ERROR_CANCELLED errors
It can cause failures for shared connection objects.

What can currently happen is this:
1. A user starts to asynchronously create a proxy object
2. A user starts to asynchronously create another proxy object

At this point, the asynchronous initialization for the two proxy objects
share the not yet initialized connection object.

3. While the shared connection objected is created, the user cancels the
   creation with the supplied cancellable from the fist proxy object.
4. initable_init caches the canceled error and marks the connection as
   initialized.
5. The initialization of the second proxy object fails with the same
   canceled error.

To avoid this, clear the error in this case and destroy any member
variables that may have been created before the creation was canceled.

This way, the initialization of the second proxy object will restart the
connection initialization and with probably succeed.

Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
2023-12-11 14:17:14 +00:00
Sophie Herold
0d268c4825 Remove all nicks and blurbs from param specs
Nicks and blurbs don't have any practical use for gio/gobject libraries.
Leaving tests untouched since this features is still used by other libraries.

Closes #2991
2023-11-29 13:41:34 +00:00
Philip Withnall
96c317418a gdbusconnection: Support matching object paths with arg0 matching
GDBus has always supported matching strings with arg0 matching
(`G_DBUS_SIGNAL_FLAGS_MATCH_ARG0_PATH`). In D-Bus 1.5, support was added
to the spec for also matching object paths. This got forgotten about and
was never added to GDBus, meaning that
`G_DBUS_SIGNAL_FLAGS_MATCH_ARG0_PATH` won’t match against a signal arg0
of type `o`.

Fix that, and add a unit test.

To do so, we need to add a new `g_dbus_message_get_arg0_path()` API to
complement the existing `g_dbus_message_get_arg0()` API. The approach of
letting `g_dbus_message_get_arg0()` return an object-path *or* a string
would not work, as it’s also called in the implementation of
`G_DBUS_SIGNAL_FLAGS_MATCH_ARG0_NAMESPACE`, which must only match
string-typed arg0 values and not object-path-typed ones.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Fixes: #3183
2023-11-28 14:42:41 +00:00
Philip Withnall
635100b1f5 gio: Fix invalid doc links
Signed-off-by: Philip Withnall <philip@tecnocode.co.uk>

Helps: #3037
2023-10-23 11:26:53 +01:00
Matthias Clasen
2d1a9ed5a3 docs: Move the GDBusConnection SECTION
Move contents to struct docs.

Helps: #3037
2023-10-17 11:20:14 +01:00
Philip Withnall
9f6b77d835 gdbusconnection: Add some assertions about required message fields
The fields are fully validated in `validate_headers()` in
`gdbusmessage.c` now, so the connection code should be able to rely on
the required ones being non-`NULL`.

Signed-off-by: Philip Withnall <philip@tecnocode.co.uk>

Helps: #3061
2023-08-28 11:11:37 +01:00
Philip Withnall
eae5c49085 gdbusconnection: Combine two identical variables
`object_path` and `path` were doing exactly the same thing here.

This introduces no functional changes.

Signed-off-by: Philip Withnall <philip@tecnocode.co.uk>
2023-08-28 11:11:37 +01:00
Philip Withnall
56bc6bcad2 Merge branch '1264-gdbus-double-unref' into 'main'
gdbusconnection: Fix double unref on timeout/cancel sending a message

Closes #1264

See merge request GNOME/glib!3291
2023-04-14 14:57:32 +00:00
Philip Withnall
0a84c182e2 gdbusconnection: Improve refcount handling of timeout source
The ref on the timeout source owned by `SendMessageData` was being
dropped just after attaching the source to the main context, leaving it
unowned in that struct. That meant the only ref on the source was held
by the `GMainContext` it was attached to.

This ref was dropped when returning `G_SOURCE_REMOVE` from
`send_message_with_reply_timeout_cb()`. Before that happens,
`send_message_data_deliver_error()` is called, which normally calls
`send_message_with_reply_cleanup()` and destroys the source.

However, if `send_message_data_deliver_error()` is called when the
message has already been delivered, calling
`send_message_with_reply_cleanup()` will be skipped. This leaves the
source pointer in `SendMessageData` dangling, which will cause problems
when `g_source_destroy()` is subsequently called on it.

I’m not sure if it’s possible in practice for this situation to occur,
but the code certainly does nothing to prevent it, and it’s easy enough
to avoid by keeping a strong ref on the source in `SendMessageData`.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1264
2023-04-14 15:37:21 +01:00
Philip Withnall
b84ec21f9c gdbusconnection: Rearrange refcount handling of map_method_serial_to_task
It already implicitly held a strong ref on its `GTask` values, but
didn’t have a free function set so that they would be automatically
unreffed on removal from the map.

This meant that the functions handling removals from the map,
`on_worker_closed()` (via `cancel_method_on_close()`) and
`send_message_with_reply_cleanup()` had to call unref once more than
they would otherwise.

In `send_message_with_reply_cleanup()`, this behaviour depended on
whether it was called with `remove == TRUE`. If not, it was `(transfer
none)` not `(transfer full)`. This led to bugs in its callers.

For example, this led to a direct leak in `cancel_method_on_close()`, as
it needed to remove tasks from `map_method_serial_to_task`, but called
`send_message_with_reply_cleanup(remove = FALSE)` and erroneously didn’t
call unref an additional time.

Try and simplify it all by setting a `GDestroyNotify` on
`map_method_serial_to_task`’s values, and making the refcount handling
of `send_message_with_reply_cleanup()` not be conditional on its
arguments.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1264
2023-04-14 15:37:21 +01:00
Simon McVittie
6c22a5ee2b Merge branch '2925-gdbus-threading-test' into 'main'
gdbusconnection: Explicitly destroy an idle source on cleanup

See merge request GNOME/glib!3296
2023-03-02 12:35:21 +00:00
Philip Withnall
7b101588e9 gdbusconnection: Make GDBusMethodInvocation transfer a bit clearer
Add a missing steal call in `schedule_method_call()`. This introduces no
functional changes, but documents the ownership transfer more clearly.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2924
2023-02-23 12:16:05 +00:00
Philip Withnall
5a69cc22dc gdbusconnection: Explicitly destroy an idle source on cleanup
Otherwise it’s possible for it to hang around in the `GMainContext`
after the “send message” operation has finished. In the best case, this
will cause the `GTask` and `GDBusMessage` to not be freed when the
calling code expects. In the worst case, it could cause use-after-free
problems if it derefs allocations which have since been freed.

I have not seen either of these problems in practice, but it would be
best for the code to eliminate the risk of them altogether by explicitly
destroying the source when the operation is finished.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2925
2023-02-23 12:14:29 +00:00
Philip Withnall
90af20d950 gdbusconnection: Improve docs of message ownership in closures
This introduces no functional changes, but makes it a little clearer how
the ownership of these `GDBusMessage` instances works. The free function
is changed to `g_clear_object()` to avoid the possibility of somehow
using the messages after freeing them.

Basically just some drive-by docs improvements while trying to debug
issue #1264.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1264
2023-02-23 12:11:24 +00:00
Philip Withnall
127c899a2e gdbusconnection: Fix the type of a free function
This didn’t actually cause any observable bugs, since the structures of
`PropertyData` and `PropertyGetAllData` were equivalent for the members
which the free function touches.

Definitely should be fixed though.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2023-02-23 12:11:24 +00:00
Philip Withnall
4900ea5215 gdbusconnection: Fix double unref on timeout/cancel sending a message
This appears to fix an intermittent failure seen when sending a D-Bus
message with either of a cancellable or a timeout set.

In particular, I can reliably reproduce it with:
```
meson test gdbus-test-codegen-min-required-2-64 --repeat 10000
```

It can be caught easily with asan when reproduced. Tracking down the
location of the refcount mismatch was a little tricky, but was
simplified by replacing a load of `g_object_ref (message)` calls with
`g_dbus_message_copy (message, NULL)` to switch `GDBusMessage` handling
to using copy semantics. This allowed asan to home in on where the
refcount mismatch was happening.

The problem was that `send_message_data_deliver_error()` takes ownership
of the `GTask` passed to it, but the
`send_message_with_replace_cancelled_idle_cb()` and
`send_message_with_reply_timeout_cb()` functions which were calling it,
were not passing in a strong reference as they should have.

Another approach to fixing this would have been to change the transfer
semantics of `send_message_data_deliver_error()` so it was `(transfer
none)` on its `GTask`. That would probably have resulted in cleaner
code, but would have been a lot harder to verify/review the fix, and
easier to inadvertently introduce new bugs.

The fact that the bug was only triggered by the cancellation and timeout
callbacks explains why it was intermittent: these code paths are
typically never hit, but the timeout path may sometimes be hit on a very
slow test run.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #1264
2023-02-23 12:11:24 +00:00
Marco Trevisan (Treviño)
e733a3db10 gdbusconnection: Avoid copying connection registered set values twice 2022-12-16 18:45:36 +01:00
Sonny Piers
29da935c28 Fix doc typo in g_dbus_connection_signal_subscribe 2022-11-28 11:33:09 +00:00
Matthias Clasen
794ee60306 gdbusconnection: Set a name on all sources
We already set names on most sources, this
one was just forgotten. This lets us set
a static name, and prevents g_task_attach_source
from setting a non-static one.
2022-11-01 11:48:33 +00:00
Simon McVittie
32b226d1b1 gdbus: Allow cross-namespace connections to Linux session and system buses
The dominant implementations of the well-known session and system
message buses are the reference implementation from the dbus project
(dbus-daemon) and the sd-bus-based reimplementation dbus-broker, both
of which have correct implementations for EXTERNAL authentication with
an unspecified authorization identity.

This makes it reasonably safe to assume that the well-known message
buses can cope with the unspecified authorization identity, even if we
cannot make the same assumption for custom servers such as the ones
used in ibus and gvfs (which might have been started with an older
GLib version before upgrading GLib in-place).

Signed-off-by: Simon McVittie <smcv@collabora.com>
2022-07-24 14:07:02 +01:00
Simon McVittie
e0a0749268 gdbusauthmechanismexternal: Optionally send empty authorization identity
When using a GDBus client in a non-trivial user namespace, the result of
geteuid() can differ from the uid in the namespace where the server is
running. This would result in connection attempts being rejected, because
the identity that the client claims to have does not match the identity
that the server derives from its credentials.

RFC 4422 allows us to send an empty authorization identity, which means we
want to authenticate as whatever identity the server can derive from our
out-of-band credentials. In particular, this resolves the authentication
failure when crossing between different Linux user namespaces.

Because D-Bus does not have a way to represent an empty initial response
as distinct from the absence of an initial response, we cannot use the
initial-response optimization (RFC 4422 §4.3.a) in this case, and must
fall back to waiting for the server to send a challenge.

Unfortunately, GDBus versions older than glib!2826 did not implement
the server side of this protocol correctly, and would respond to the
missing initial response in a way that breaks the SASL state machine
(expecting a response without sending a challenge), causing client and
server to deadlock with each waiting for the other to respond. Until
fixed versions of GDBus are widespread, we can't rely on having a server
that can cope with this, so gate it behind a flag, which can be set for
connections that are known to cross non-trivial namespace boundaries.

Originally inspired by
<1ed4723d38>,
and based on earlier work by Giuseppe Scrivano (in which the
cross-namespace behaviour was unconditional, rather than gated by a
flag).

Co-authored-by: Giuseppe Scrivano <giuseppe@scrivano.org>
Signed-off-by: Simon McVittie <smcv@collabora.com>
2022-07-24 13:46:26 +01:00
Philip Withnall
5942cd7984 gio: Add SPDX license headers automatically
Add SPDX license (but not copyright) headers to all files which follow a
certain pattern in their existing non-machine-readable header comment.

This commit was entirely generated using the command:
```
git ls-files gio/*.[ch] | xargs perl -0777 -pi -e 's/\n \*\n \* This library is free software; you can redistribute it and\/or\n \* modify it under the terms of the GNU Lesser General Public/\n \*\n \* SPDX-License-Identifier: LGPL-2.1-or-later\n \*\n \* This library is free software; you can redistribute it and\/or\n \* modify it under the terms of the GNU Lesser General Public/igs'
```

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1415
2022-05-18 09:18:52 +01:00
Philip Withnall
6c31ef6f18 Merge branch 'cleanup-warnings-split-8' into 'main'
Cleanup warnings split 8

See merge request GNOME/glib!2497
2022-04-01 15:13:32 +00:00
Philip Withnall
e4d77f7e89 gdbusconnection: Use g_strv_contains() rather than a home-grown version
The public `g_strv_contains()` API didn’t exist at the time this code
was originally written. Now, happily, it does.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-03-17 16:24:08 +00:00
Gabor Karsay
7e64004db0 docs: mark macros, flags, enums with percent sign 2022-03-04 16:21:55 +00:00
Loic Le Page
c2b60e0323 Fix redefinition of local variable in gio/gdbusconnection.c 2022-02-18 11:02:05 +01:00
Hu Jialun
7f044ba9c0 Amend g_bus_get* documentation regarding private connection 2022-01-28 13:11:34 +00:00
Philip Withnall
117b748e44 gdbusconnection: Fix race between subtree method call and unregistration
Fix another variant of the previous commit, this time specific to the
idle callback of a method call on a subtree object, racing with
unregistration of that subtree.

In this case, the `process_subtree_vtable_message_in_idle_cb()` idle
callback already has a pointer to the right `ExportedSubtree` struct,
but again doesn’t have a strong reference to it.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2400
2021-10-28 14:53:48 +01:00
Philip Withnall
50fbf05d61 gdbusconnection: Fix race between method calls and object unregistration
If `g_dbus_connection_unregister_object()` (or `unregister_subtree()`)
was called from one thread, while an idle callback for a method call (or
a property get or set) was being invoked in another, it was possible for
the two to race after the idle callback had checked that the
object/subtree was registered, but before it had finished dereferencing
all the data related to that object/subtree.

Unregistering the object/subtree would immediately free the data,
leading the idle callback to cause a use-after-free error.

Fix that by giving the idle callback a strong reference to the data from
inside the locked section where it checks whether the object/subtree is
still registered.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2400
2021-10-28 14:53:48 +01:00
Philip Withnall
c8c2ed4af5 gdbusconnection: Make ExportedInterface/ExportedSubtree refcounted
This is needed for an upcoming change which decouples their lifecycle
from their presence in the `map_id_to_ei` and `map_id_to_es` hash
tables.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2400
2021-10-28 14:53:48 +01:00
Philip Withnall
a497fdf302 gdbusconnection: Add some ownership annotations
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-10-28 14:53:48 +01:00
Philip Withnall
310f2c1632 gdbusconnection: Move ExportedSubtree definition
Move it further up the file, but make no changes to it. This will help
with a subsequent commit.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2400
2021-10-28 14:53:48 +01:00
Philip Withnall
8e963e0e31 Port internal uses to use g_source_set_static_name()
This should reduce allocations.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-07-26 11:01:07 +01:00
Philip Withnall
055f7c6bc5 gdbusconnection: Fix a typo in a code comment
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-06-10 12:37:23 +01:00
Philip Withnall
c794261a40 docs: Expand documentation about D-Bus GUIDs
Clarify that the terms ‘GUID’ and ‘UUID’ are used interchangeably in the
context of D-Bus, and that neither of them are an RFC 4122 UUID.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-06-10 12:36:25 +01:00
Philip Withnall
9ed66b21dd Merge branch 'confusing_errors' into 'main'
gdbusconnection: removed a confusing message

Closes #793

See merge request GNOME/glib!2118
2021-06-09 12:49:04 +00:00
nitinosiris
5e2986ea2c gdbusconnection: removed a confusing message
The message `No such interface %s on object at path %s`
displayed when requested object does not exist, which was kind of
confusing.

Closes #793
2021-06-08 21:07:21 +05:30
Philip Withnall
1a43d950b4 docs: Update various external links to use HEAD instead of master
Update several links to allow the remote to use its configured default
branch name, rather than specifying `master` as the default branch name.
This will help avoid breakage if any of these projects rename their
default branch in the future.

Fix a few of the links where they were hitting redirects or had moved.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2348
2021-06-07 14:03:48 +01:00
Thomas Haller
b0157af9a6 gdbus: document completion after idle action for g_dbus_connection_signal_unsubscribe()
Since commit ab285899a6 ('gdbusconnection: Document main context
iteration for unsubscript'), we document when the user is guaranteed
that all resources are gone after g_dbus_connection_signal_unsubscribe().
This is not merely an implementation detail, it's something that the
user needs to be able to rely on. It is good that this is documented.

However, libnm does something different ([1]). It registers to several D-Bus
signals without providing a GDestroyNotify. After unsubscription, it schedules
another idle action with lower priority and uses that to know when
cleanup is complete. I think this is a useful alternative and should
also be guaranteed and documented to work.

Also note that this isn't just some implementation detail that currently
happens to work. GDBusConnection tightly integrates with GMainContext and it
works by scheduling idle sources with G_PRIORITY_DEFAULT priority. It needs to
schedule all events with this same priority, otherwise the ordering is not
preserved. At this point, with GDBusConnection working this way, this is no longer
something that can reasonably be any different. It's how GDBusConnection fundamentally
works, and a user must be able to rely on that. As such, this new promise isn't
something that we would want to break in the future.

Thus document it.

[1] a55c10c6cb/src/libnm-client-impl/nm-client.c (L7918)
2021-05-10 13:16:05 +02:00
Thomas Haller
090eeabe9c gdbus: simplify error handling in g_dbus_connection_send_message_unlocked()
"goto out" is a fine pattern, especially when we are not using
cleanup attribute macros.

But in this case it was unnecessary.
2021-03-31 20:56:45 +02:00
Thomas Haller
60d4092a2c gdbus: refactor duplicate code for freeing FilterData 2021-03-31 20:56:45 +02:00
Avinash Sonawane
5ce6ba287f docs: Replace git.gnome.org with gitlab.gnome.org urls 2021-03-24 16:18:53 +05:30
Philip Withnall
1a6aa9a493 gdbus: Add flags to require authentication as the same user
This eliminates a common use case for the
`GDBusAuthObserver::authorize-authenticated-peer` signal, which is often
implemented incorrectly by people.

Suggested by Simon McVittie.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #1804
2021-02-11 16:12:40 +00:00
Simon McVittie
ba25c8a770 gdbus: Reject attempts to set future connection or server flags
The GDBusConnectionFlags and GDBusServerFlags can affect how we carry
out authentication and authorization, either making it more or less
restrictive, so it's desirable to "fail closed" if a program is compiled
against a new version of GLib but run against an old version.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-02-08 13:35:16 +00:00
Philip Withnall
73b293fd30 gio: Use g_memdup2() instead of g_memdup() in obvious places
Convert all the call sites which use `g_memdup()`’s length argument
trivially (for example, by passing a `sizeof()`), so that they use
`g_memdup2()` instead.

In almost all of these cases the use of `g_memdup()` would not have
caused problems, but it will soon be deprecated, so best port away from
it.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #2319
2021-02-04 14:13:21 +00:00
Emmanuel Fleury
68e69a4128 Fix missing initializer warning in gio/gdbusconnection.c:g_dbus_connection_register_object_with_closures()
gio/gdbusconnection.c: In function ‘g_dbus_connection_register_object_with_closures’:
gio/gdbusconnection.c:5527:5: error: missing initializer for field ‘padding’ of ‘GDBusInterfaceVTable’ {aka ‘struct _GDBusInterfaceVTable’}
 5527 |     };
      |     ^
2021-02-01 11:14:21 +01:00