Dominique Leuenberger
735e68af55
Add patch from upstream OBS-URL: https://build.opensuse.org/request/show/460002 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/flatpak?expand=0&rev=20
139 lines
3.6 KiB
Diff
139 lines
3.6 KiB
Diff
From 1c78637e440675eda987147fa873e4ff7065b49f Mon Sep 17 00:00:00 2001
|
|
From: Ray Strode <rstrode@redhat.com>
|
|
Date: Wed, 15 Feb 2017 10:10:29 -0500
|
|
Subject: [PATCH] run: propagate wildcard xauth entries to app bundle
|
|
|
|
At the moment, flatpak applications are only given FamilyLocal family
|
|
xauth cookies from the Xauthority file. This is so, the sandboxed
|
|
application doesn't inadvertently get access to displays on other
|
|
computers.
|
|
|
|
But FamilyLocal isn't the only xauth family that's local. FamilyWild
|
|
entries can be local as well.
|
|
|
|
Furthermore, FamilyWild entries are preferable to FamilyLocal entries
|
|
when found, because they don't break if the system hostname is changed.
|
|
|
|
This commit makes FamilyWild xauth entries get propagated in the same
|
|
way as their FamilyLocal counterparts.
|
|
---
|
|
common/flatpak-run.c | 24 +++++++++++++++++++++---
|
|
1 file changed, 21 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/common/flatpak-run.c b/common/flatpak-run.c
|
|
index 8dff6d2..34f99f1 100644
|
|
--- a/common/flatpak-run.c
|
|
+++ b/common/flatpak-run.c
|
|
@@ -1718,87 +1718,105 @@ static char *
|
|
extract_unix_path_from_dbus_address (const char *address)
|
|
{
|
|
const char *path, *path_end;
|
|
|
|
if (address == NULL)
|
|
return NULL;
|
|
|
|
if (!g_str_has_prefix (address, "unix:"))
|
|
return NULL;
|
|
|
|
path = strstr (address, "path=");
|
|
if (path == NULL)
|
|
return NULL;
|
|
path += strlen ("path=");
|
|
path_end = path;
|
|
while (*path_end != 0 && *path_end != ',')
|
|
path_end++;
|
|
|
|
return g_strndup (path, path_end - path);
|
|
}
|
|
|
|
#ifdef ENABLE_XAUTH
|
|
static gboolean
|
|
auth_streq (char *str,
|
|
char *au_str,
|
|
int au_len)
|
|
{
|
|
return au_len == strlen (str) && memcmp (str, au_str, au_len) == 0;
|
|
}
|
|
|
|
+static gboolean
|
|
+xauth_entry_should_propagate (Xauth *xa,
|
|
+ char *hostname,
|
|
+ char *number)
|
|
+{
|
|
+ /* ensure entry isn't for remote access */
|
|
+ if (xa->family != FamilyLocal && xa->family != FamilyWild)
|
|
+ return FALSE;
|
|
+
|
|
+ /* ensure entry is for this machine */
|
|
+ if (xa->family == FamilyLocal && !auth_streq (hostname, xa->address, xa->address_length))
|
|
+ return FALSE;
|
|
+
|
|
+ /* ensure entry is for this session */
|
|
+ if (xa->number != NULL && !auth_streq (number, xa->number, xa->number_length))
|
|
+ return FALSE;
|
|
+
|
|
+ return TRUE;
|
|
+}
|
|
+
|
|
static void
|
|
write_xauth (char *number, FILE *output)
|
|
{
|
|
Xauth *xa, local_xa;
|
|
char *filename;
|
|
FILE *f;
|
|
struct utsname unames;
|
|
|
|
if (uname (&unames))
|
|
{
|
|
g_warning ("uname failed");
|
|
return;
|
|
}
|
|
|
|
filename = XauFileName ();
|
|
f = fopen (filename, "rb");
|
|
if (f == NULL)
|
|
return;
|
|
|
|
while (TRUE)
|
|
{
|
|
xa = XauReadAuth (f);
|
|
if (xa == NULL)
|
|
break;
|
|
- if (xa->family == FamilyLocal &&
|
|
- auth_streq (unames.nodename, xa->address, xa->address_length) &&
|
|
- (xa->number == NULL || auth_streq (number, xa->number, xa->number_length)))
|
|
+ if (xauth_entry_should_propagate (xa, unames.nodename, number))
|
|
{
|
|
local_xa = *xa;
|
|
if (local_xa.number)
|
|
{
|
|
local_xa.number = "99";
|
|
local_xa.number_length = 2;
|
|
}
|
|
|
|
if (!XauWriteAuth (output, &local_xa))
|
|
g_warning ("xauth write error");
|
|
}
|
|
|
|
XauDisposeAuth (xa);
|
|
}
|
|
|
|
fclose (f);
|
|
}
|
|
#endif /* ENABLE_XAUTH */
|
|
|
|
static void
|
|
add_args (GPtrArray *argv_array, ...)
|
|
{
|
|
va_list args;
|
|
const gchar *arg;
|
|
|
|
va_start (args, argv_array);
|
|
while ((arg = va_arg (args, const gchar *)))
|
|
g_ptr_array_add (argv_array, g_strdup (arg));
|
|
va_end (args);
|
|
}
|
|
--
|
|
2.9.3
|
|
|