Commit Graph

83 Commits

Author SHA1 Message Date
Pablo Correa Gómez
14c5589ed6
gdbusaddress: setuid error message references AT_SECURE
g_check_setuid does more than setuid checks when using AT_SECURE.
Make sure that it is referenced in the error message to help
users debug in case or errors

Closes #2518
2021-11-01 15:54:55 +01:00
Philip Withnall
0f9c7ed021 Revert "gdbus: Use DBUS_SESSION_BUS_ADDRESS if AT_SECURE but not setuid"
This reverts commit 7aa0580cc5.

As stated in #2316, that commit was a workaround to allow gnome-keyring
and msmtp to continue to get their session bus address from
`DBUS_SESSION_BUS_ADDRESS`, even though they’re `AT_SECURE`. The timeout
on that workaround has expired so that commit is now being reverted.

Fixes: #2316
2021-08-04 16:16:16 +01:00
Simon McVittie
e0b6b8037d Distinguish more clearly between wait status and exit status
On Unix platforms, wait() and friends yield an integer that encodes
how the process exited. Confusingly, this is usually not the same as
the integer passed to exit() or returned from main(): conceptually it's
an integer encoding of this tagged union:

    enum { EXITED, SIGNALLED, ... } tag;
    union {
        int exit_status;         /* if EXITED */
        struct {
            int terminating_signal;
            bool core_dumped;
        } terminating_signal;    /* if SIGNALLED */
        ...
    } detail;

Meanwhile, on Windows, wait statuses and exit statuses are
interchangeable.

I find that it's clearer what is going on if we are consistent about
referring to the result of wait() as a "wait status", and the value
passed to exit() as an "exit status".

GSubprocess already gets this right: g_subprocess_get_status() returns
the wait status, while g_subprocess_get_exit_status() genuinely returns
the exit status. However, the GSpawn family of APIs has tended to
conflate the two.

Confusingly, g_spawn_check_exit_status() has always checked a wait
status, and it would not be correct to pass an exit status to it; so
let's deprecate it in favour of g_spawn_check_wait_status(), which
does the same thing that g_spawn_check_exit_status() always did.
Code that needs backwards-compatibility with older GLib can use:

    #if !GLIB_CHECK_VERSION(2, 69, 0)
    #define g_spawn_check_wait_status(x) (g_spawn_check_exit_status (x))
    #endif

Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-06-15 14:33:14 +01:00
Simon McVittie
7aa0580cc5 gdbus: Use DBUS_SESSION_BUS_ADDRESS if AT_SECURE but not setuid
This is against my better judgement, but it's the least bad regression
fix I can think of. If we don't do this, at least gnome-keyring-daemon
(setcap) and msmtp (setgid) are known to regress.

Resolves: https://gitlab.gnome.org/GNOME/glib/-/issues/2305
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981420
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981555
Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-02-02 20:52:19 +00:00
Simon McVittie
6436d52a0a gdbus: Rename a variable to be less misleading
We're using "setuid" here as shorthand for any elevated privileges
that should make us distrust the caller: setuid, setgid, filesystem
capabilities, more obscure Linux things that set the AT_SECURE flag
(such as certain AppArmor transitions), and their equivalents on
other operating systems. This is fine if we do it consistently, but
I'm about to add a check for whether we are *literally* setuid,
which would be particularly confusing without a rename.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-02-02 20:38:41 +00:00
Simon McVittie
7c0b9c776f gdbus: Improve readability by avoiding ternary operator
Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-02-02 10:25:40 +00:00
Philip Withnall
dba585d020 gdbusaddress: Ignore D-Bus addresses from the environment when setuid
As with the previous commit, it’s unsafe to trust the environment when
running as setuid, as it comes from an untrusted caller. In particular,
with D-Bus, the caller could set up a fake ‘system’ bus which fed
incorrect data to this process.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2168
2021-01-07 15:02:25 +00:00
Philip Withnall
b19782e26b gdbusaddress: Add missing (transfer) and (nullable) return annotations
This commit only looks at the `Returns:` lines in the documentation, and
has examined all of them in the file. Function arguments have not been
checked.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2227
2020-12-15 09:11:50 +00:00
Philip Withnall
9664ff15ac gdbusaddress: Drop an unnecessary NULL check
`g_strsplit()` never returns `NULL`, although it can return an empty
strv (i.e. with its first element being `NULL`).

Drop a redundant `NULL` check.

Coverity CID: #1430976
Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-08-18 10:36:26 +01:00
Philip Withnall
8492df9f34 gdbusaddress: Validate the noncefile attribute of nonce-tcp addresses
Doing this mostly to fix a compiler warning about tautological
assignments on Android.

See the D-Bus specification:
https://dbus.freedesktop.org/doc/dbus-specification.html#transports-nonce-tcp-sockets

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2019-10-08 13:53:01 +01:00
Philip Withnall
e99003841a gdbusaddress: Collapse two translatable strings into one
Signed-off-by: Philip Withnall <withnall@endlessm.com>
2019-10-08 13:51:57 +01:00
Simon McVittie
3f1a79a4fa Merge branch 'allow_guid_key_in_dbus_addresses' into 'master'
Allow guid key in dbus addresses

Closes #1018

See merge request GNOME/glib!995
2019-07-23 13:01:09 +00:00
Matthew Leeds
0c495f3dbf gdbusaddress: Add missing transfer annotation 2019-07-16 13:43:20 -07:00
Emmanuel Fleury
6a1512ed65 Allow guid key in dbus addresses
Original patch from William Hua

Fix issue #1018
2019-07-16 10:34:42 +02:00
Michael Catanzaro
fc597fa5f9 gdbus: support unix:dir= addresses
unix:dir= addresses are exactly the same as unix:tmpdir= addresses,
already supported by GDBus, except they forbid use of abstract sockets.
This is convenient for situations where abstract sockets are
impermissible, such as when a D-Bus client inside a network namespace
needs to connect to a server running in a different network namespace.
An abstract socket cannot be shared between two processes in different
network namespaces.

Applications could use unix:path= addresses instead, so this is only a
convenience, but there's no good reason not to support unix:dir=.
Currently it is not supported simply because unix:dir= is a relatively
recent addition to the D-Bus spec.
2019-06-17 12:07:10 -05:00
Philip Withnall
e458b0168e gdbusaddress: Clean up memory management in _g_dbus_address_parse_entry()
This introduces no functional changes.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2019-03-15 14:20:54 +00:00
Philip Withnall
131ba66160 gdbusaddress: Require that transport names and keys are non-empty
The specification doesn’t explicitly say this, but it doesn’t say
otherwise, and it would be pretty weird to have an empty transport name
or key.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2019-03-15 14:20:16 +00:00
Philip Withnall
8966b0f8b1 gdbusaddress: Remove some always-true branches
g_strsplit() can never return NULL.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2019-03-15 14:19:55 +00:00
Philip Withnall
7f9e76d2bc gdbusaddress: Simplify address validation in is_valid_unix()
No need for the `meaningless` label and some unreachable if-branches.
This introduces no functional changes.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2019-03-15 14:18:55 +00:00
Vasily Galkin
4342dbbe4d gdbus, win32: move most W32 dbus autolaunch code to gdbusprivate
This allows referencig them from more than single .c file.

Implementation moved without changes
from gdbusaddress.c to gdbusprivate.c

g_win32_run_session_bus signature also kept, so ABI unchanged.
2019-03-07 15:56:44 +03:00
Vasily Galkin
4ed5abda43 gdbusaddress, win32: don't rely on short names
Closes: https://gitlab.gnome.org/GNOME/glib/issues/1566

Short names were used in win32 implementation to allow launching
on installations where full path to libgio-2.0-0.dll contain spaces.
However, short names are optional on windows: so if they were disabled
that method fails - see issue linked above.

Since rundll32 doesn't support neither spaces, nor quotes in cmdline
this patch changes rundll32 argument to just .\gio-dll-name.dll
and uses the entire path directory containing gio dll as rundll32
current directory.

Added comments informing about potential subtleties discovered during
writing test for gdbusaddress on win32.
There are not known to have real-world user-visible effect,
so by now I'm only adding comments without creating issues.
2019-03-07 15:56:44 +03:00
Will Thompson
ba7b035f5b
g_dbus_is_supported_address(): set error if returning FALSE
Previously, calling:

    g_dbus_is_supported_address ("some-imaginary-transport:", NULL)

correctly returned FALSE; but calling:

    g_dbus_is_supported_address ("some-imaginary-transport:", &error)

crashed with:

    GLib-GIO:ERROR:../gio/gdbusaddress.c:434:g_dbus_is_supported_address:
    assertion failed: (ret || (!ret && (error == NULL || *error != NULL)))

This was because, if the address component did not start with a known
transport, no error was set. Fix this, reusing an error string used by
the corresponding else branch in g_dbus_address_connect(), and adjust
the test to pass both NULL and non-NULL GError **s to this function in
every test case. This case:

    g_assert (!g_dbus_is_supported_address ("some-imaginary-transport:foo=bar;unix:path=/this/is/valid", NULL));

would have caught this bug with a non-NULL GError **.
2018-06-13 11:01:56 +01:00
Philip Withnall
4752d72a60 gdbusaddress: Disable proxy support for D-Bus addresses
See the discussion in the bug report: with proxy support enabled, a
proxy resolver is created. Doing that will load all the GIO modules, and
typically at least one of them will try to use GDBus during
initialisation, which will cause a deadlock.

Using a TCP address with GDBusAddress is still supported, but accessing
it over a proxy is not.

Document this.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

https://bugzilla.gnome.org/show_bug.cgi?id=792499
2018-01-31 22:25:02 +00:00
Philip Withnall
8e8f4e6486 docs: Fix various minor syntax errors in gtk-doc comments
This will fix a few broken links in the documentation, and shut up a
load of gtk-doc warnings (but certainly not all of them).

Signed-off-by: Philip Withnall <withnall@endlessm.com>

https://bugzilla.gnome.org/show_bug.cgi?id=790015
2017-11-07 14:51:12 +00:00
Philip Withnall
5cddde1fb2 Consistently save errno immediately after the operation setting it
Prevent the situation where errno is set by function A, then function B
is called (which is typically _(), but could be anything else) and it
overwrites errno, then errno is checked by the caller.

errno is a horrific API, and we need to be careful to save its value as
soon as a function call (which might set it) returns. i.e. Follow the
pattern:
  int errsv, ret;
  ret = some_call_which_might_set_errno ();
  errsv = errno;

  if (ret < 0)
    puts (strerror (errsv));

This patch implements that pattern throughout GLib. There might be a few
places in the test code which still use errno directly. They should be
ported as necessary. It doesn’t modify all the call sites like this:
  if (some_call_which_might_set_errno () && errno == ESOMETHING)
since the refactoring involved is probably more harmful than beneficial
there. It does, however, refactor other call sites regardless of whether
they were originally buggy.

https://bugzilla.gnome.org/show_bug.cgi?id=785577
2017-08-03 10:21:13 +01:00
Sébastien Wilmet
3bf4a720c3 gio/: LGPLv2+ -> LGPLv2.1+
Sub-directories inside gio/ already processed in a previous commit:
- fam/
- gdbus-2.0/ (which contains only codegen/)
- gvdb/
- inotify/
- tests/
- win32/
- xdgmime/

Other sub-directories inside gio/:
- completion/: no license headers
- kqueue/: not LGPL, BSD-style license

https://bugzilla.gnome.org/show_bug.cgi?id=776504
2017-05-29 19:53:34 +02:00
Philip Withnall
257aff6f60 docs: Fix a typo in a documentation string 2017-02-08 15:06:34 +00:00
Philip Withnall
78fba90f65 docs: Add links to D-Bus specification for D-Bus address format
In an attempt to clarify the format a little.
2017-02-08 15:06:23 +00:00
Ignacio Casal Quinteiro
93179f10b8 dbusaddress: do not leak error on win32 code 2016-11-29 09:21:04 +01:00
Christian Hergert
18a33f72db introspection: use (nullable) or (optional) instead of (allow-none)
If we have an input parameter (or return value) we need to use (nullable).
However, if it is an (inout) or (out) parameter, (optional) is sufficient.

It looks like (nullable) could be used for everything according to the
Annotation documentation, but (optional) is more specific.
2016-11-22 14:14:37 -08:00
Piotr Drąg
10c490cdfe Use Unicode in translatable strings
See https://developer.gnome.org/hig/stable/typography.html

https://bugzilla.gnome.org/show_bug.cgi?id=772221
2016-10-12 21:30:42 +02:00
Simon McVittie
0f2e4fd01c Do not attempt to autolaunch a session dbus-daemon with no DISPLAY
The two known use-cases for autolaunching are:

* X-forwarding: "ssh -Y myhost myapp" resulting in a
  session bus on myhost but an X server on the original host

* Legacy desktop environments on OSs without D-Bus integration:
  e.g. running a single GNOME or KDE app under fvwm or something,
  without a session dbus-daemon being started by either systemd,
  gnome-session, or OS integration scripts analogous to Debian's
  /etc/X11/Xsession.d/75dbus_dbus-launch

In either case, an X11 DISPLAY is also needed.

"dbus-launch --autolaunch" doesn't do anything useful when unable
to connect to an X11 display; this has been the case since the feature
was added in 2006, and is useful to avoid "split brain" situations in
which two processes that ought to be part of the same session end up
on separate session buses. Since dbus commit 407c111 in 2011,
libdbus hasn't even attempted to run "dbus-launch --autolaunch"
unless getenv("DISPLAY") returns non-null in the parent: this avoids
doing a relatively complicated fork-and-exec that is clearly not
going to lead to success. This commit gives GDBus the same policy.

This change was originally made to work around a race condition in
subprocess spawning (Debian bug #737380, GNOME bug #711090) but
it seems valid in its own right.

In my opinion as D-Bus maintainer, "dbus-launch --autolaunch" should
be considered to be an X11 feature, and any future D-Bus enhancements
(e.g. kdbus) or successors for X11 (e.g. Wayland, Mir) should obtain
a session bus address by other means - either a session manager
such as "systemd --user", gnome-session or Upstart, or a wrapper
for the user session like dbus-run-session(1).

Related to dbus bug <https://bugs.freedesktop.org/show_bug.cgi?id=19997>.

Bug: https://bugzilla.gnome.org/show_bug.cgi?id=723506
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737380
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
2016-07-16 20:33:34 -04:00
Philip Withnall
3613b7a366 gio: Add source tags to various GTasks constructed in GLib
This makes them easier to identify when debugging and profiling.

This patch was somewhat less than interesting to write.

https://bugzilla.gnome.org/show_bug.cgi?id=767765
2016-06-29 15:16:52 +01:00
Руслан Ижбулатов
74b1dd87b5 W32: eliminate busy cursor when a rundll32-hosted child runs
Even though GetStartupInfo() in g_win32_run_session_bus() would
tell us that STARTF_FORCEONFEEDBACK flag is not set, it still
affects the rundll32 process for some reason.

This means that Windows WM changes mouse cursor to IDC_APPSTARTING for
a few seconds when rundll32 runs g_win32_run_session_bus(). Since
g_win32_run_session_bus() never satisfies the conditions set by
STARTF_FORCEONFEEDBACK, the busy cursor only goes away after a
timeout.

Fix this by explicitly running GetMessage(). To ensure that GetMessage()
doesn't block, post a quit message immediately before calling it.

https://bugzilla.gnome.org/show_bug.cgi?id=760694
2016-03-03 07:26:04 +00:00
Rico Tzschichholz
e3189527dc gio/gobject: Various introspection fixes 2016-02-03 18:13:49 +01:00
Philip Withnall
456e02f280 gdbusaddress: Fix memory leak when G_DBUS_DEBUG_ADDRESS is enabled
Coverity CID: 1325374
2015-10-03 11:52:27 +01:00
Simon McVittie
32492c6ab0 GDBus: try XDG_RUNTIME_DIR/bus before resorting to dbus-launch
This is the right thing to do for the "a session is a user-session"
model implemented in dbus 1.9.14, which is described in
<http://lists.freedesktop.org/archives/dbus/2015-January/016522.html>.

It also resembles sd-bus' behaviour, although sd-bus will only try
kdbus and XDG_RUNTIME_DIR/bus, and never runs dbus-launch.

On systems following the more traditional "a session is a login-session"
model, X_R_D/bus won't exist, so it is harmless to check for it before
falling back to X11 autolaunching. Again, this matches the behaviour
of current libdbus and sd-bus versions.

Now that we do this, g_test_dbus_unset() needs to clear XDG_RUNTIME_DIR
as well as everything else.

Bug: https://bugzilla.gnome.org/show_bug.cgi?id=747941
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
2015-06-09 18:17:16 +01:00
Simon McVittie
0d3f56e31c g_dbus_address_connect: specifically use dbus-launch for autolaunch:
This only alters what happens if we specifically connect to
"autolaunch:", for instance via "DBUS_SESSION_BUS_ADDRESS=autolaunch:".
We will still potentially try other platform-specific things if
DBUS_SESSION_BUS_ADDRESS is unset. There are currently no other
platform-specific things, so there is no practical difference yet,
but I'm about to add a more-preferred fallback path before autolaunch.

This matches libdbus' behaviour and the D-Bus Specification, in which
the autolaunch: transport specifically means X11 autolaunch
(as implemented by "dbus-launch --autolaunch") on Unix, or a
shared-memory-based protocol on Windows. Other platform-specific
transports or default/fallback modes, including launchd on Mac OS X
and XDG_RUNTIME_DIR/bus on Unix, are not part of "autolaunch:".

It's rather unfortunate that the same name means two different
platform-specific mechanisms, specific to different platforms -
if they were added today I'd call them x11: and windows-shm: or
something - but it's been like this since 2007 so it's too late now.

Bug: https://bugzilla.gnome.org/show_bug.cgi?id=747941
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
2015-06-09 18:17:01 +01:00
Dan Winship
f10b6550ff gio: (belatedly) port gdbus from GSimpleAsyncResult to GTask
https://bugzilla.gnome.org/show_bug.cgi?id=661767
2015-04-04 10:16:45 -04:00
Matthias Clasen
35066ed6c6 Docs: Drop entities, switch away from sgml mode
Since all element markup is now gone from the doc comments,
we can turn off the gtk-doc sgml mode, which means that from
now on, docbook markup is no longer allowed in doc comments.

To make this possible, we have to replace all remaining
entities in doc comments by their replacement text, &amp; -> &
and so on.
2014-02-09 02:07:26 -05:00
Matthias Clasen
e7fd3de86d Eradicate links and xrefs
These are all replaced by markdown ref links.
2014-02-08 12:26:56 -05:00
Matthias Clasen
a4c33c6f8b Docs: Don't use the code tag 2014-01-31 22:05:04 -05:00
Daniel Mustieles
078dbda148 Updated FSF's address 2014-01-31 14:31:55 +01:00
Chun-wei Fan
3af58d2e9f gio/gdbusaddress: Clean up Win32 code a bit
Combine duplicate parts into one, as the symbol used by RunDLL under x64
is the same for either Visual C++ or MinGW-64
2013-12-12 18:00:52 +08:00
Manuel Bachmann
1e3fe29fc3 Fix g_win32_run_session_bus hook for MinGW-w64
On win64, g_win32_run_session_bus gets exported with this
precise name, with MinGW as well as MSVC.

Fixes annoying "Entry not found" UI warning.
2013-11-27 23:18:54 +01:00
Chun-wei Fan
bb7b0a8ca0 gio/gdbusaddress.c: Silence RunDLL errors
The RunDLL command call during get_session_address_dbus_launch() was
expecting _g_win32_run_session_bus@16 and g_win32_run_session_bus
on Win32 and Win64 respectively at least when GLib is compiled with MSVC,
not g_win32_run_session_bus@16, which caused annoying RunDLL error dialogue
boxes to show up during the use of GtkApplication (such as when running
gtk3-demo-application on Windows), prevented GtkApplication items from
being run for more than one time during the lifespan of the program,
and this also interfered with some GTK+ tests, causing them to fail.

Update accordingly to address the issue.
2013-08-21 20:28:26 +08:00
Dan Winship
4b94c0831e Use 'dumb quotes' rather than `really dumb quotes'
Back in the far-off twentieth century, it was normal on unix
workstations for U+0060 GRAVE ACCENT to be drawn as "‛" and for U+0027
APOSTROPHE to be drawn as "’". This led to the convention of using
them as poor-man's ‛smart quotes’ in ASCII-only text.

However, "'" is now universally drawn as a vertical line, and "`" at a
45-degree angle, making them an `odd couple' when used together.

Unfortunately, there are lots of very old strings in glib, and also
lots of new strings in which people have kept up the old tradition,
perhaps entirely unaware that it used to not look stupid.

Fix this by just using 'dumb quotes' everywhere.

https://bugzilla.gnome.org/show_bug.cgi?id=700746
2013-05-21 11:23:22 -03:00
Simon McVittie
d200208d2b g_dbus_address_escape_value: add
This is a GLib reimplementation of dbus_address_escape_value().
It's useful if you want to construct a D-Bus address from pieces:
for instance, if you have a listening Unix socket whose path is known,
and you want to connect a D-Bus peer to it.

Bug: https://bugzilla.gnome.org/show_bug.cgi?id=693673
Reviewed-by: Colin Walters <walters@verbum.org>
[amended to add Since: 2.36 as per review]
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
2013-02-13 20:42:58 +00:00
Dan Winship
b8c13a01b6 win32: misc warning fixes
https://bugzilla.gnome.org/show_bug.cgi?id=688109
2012-11-15 14:19:06 -05:00
Ryan Lortie
1dc774a653 Remove g_type_init() calls
Very many testcases, some GLib tools (resource compiler, etc) and
GApplication were calling g_type_init().

Remove those uses, as they are no longer required.

https://bugzilla.gnome.org/show_bug.cgi?id=686161
2012-10-16 09:39:24 -04:00