Line | Branch | Exec | Source |
---|---|---|---|
1 | /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- | ||
2 | * | ||
3 | * Copyright © 2018 Endless Mobile, Inc. | ||
4 | * | ||
5 | * SPDX-License-Identifier: LGPL-2.1-or-later | ||
6 | * | ||
7 | * This library is free software; you can redistribute it and/or | ||
8 | * modify it under the terms of the GNU Lesser General Public | ||
9 | * License as published by the Free Software Foundation; either | ||
10 | * version 2.1 of the License, or (at your option) any later version. | ||
11 | * | ||
12 | * This library is distributed in the hope that it will be useful, | ||
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
15 | * Lesser General Public License for more details. | ||
16 | * | ||
17 | * You should have received a copy of the GNU Lesser General Public | ||
18 | * License along with this library; if not, write to the Free Software | ||
19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA | ||
20 | * | ||
21 | * Authors: | ||
22 | * - Philip Withnall <withnall@endlessm.com> | ||
23 | */ | ||
24 | |||
25 | #include "config.h" | ||
26 | |||
27 | #include <glib.h> | ||
28 | #include <glib-object.h> | ||
29 | #include <glib/gi18n-lib.h> | ||
30 | #include <gio/gio.h> | ||
31 | #include <libgsystemservice/peer-manager.h> | ||
32 | #include <libgsystemservice/peer-manager-dbus.h> | ||
33 | #include <stdlib.h> | ||
34 | |||
35 | |||
36 | /** | ||
37 | * SECTION:peer-manager-dbus | ||
38 | * @short_description: D-Bus peer management and notification (implementation) | ||
39 | * @stability: Stable | ||
40 | * @include: libgsystemservice/peer-manager-dbus.h | ||
41 | * | ||
42 | * An implementation of the #GssPeerManager interface which draws its data | ||
43 | * from the D-Bus daemon. This is the only expected runtime implementation of | ||
44 | * the interface, and has only been split out from the interface to allow for | ||
45 | * easier unit testing of anything which uses it. | ||
46 | * | ||
47 | * The credentials of a peer are retrieved from the D-Bus daemon using | ||
48 | * [`GetConnectionCredentials`](https://dbus.freedesktop.org/doc/dbus-specification.html#bus-messages-get-connection-credentials), | ||
49 | * and reading `/proc/$pid/cmdline` to get the absolute path to the executable | ||
50 | * for each peer, which we use as an identifier for it. This is not atomic or | ||
51 | * particularly trusted, as PIDs can be reused in the time it takes us to query | ||
52 | * the information, and processes can modify their own cmdline file, but | ||
53 | * without an LSM enabled in the kernel and dbus-daemon, it’s the best we can do | ||
54 | * for identifying processes. | ||
55 | * | ||
56 | * Since: 0.1.0 | ||
57 | */ | ||
58 | |||
59 | static void gss_peer_manager_dbus_peer_manager_init (GssPeerManagerInterface *iface); | ||
60 | static void gss_peer_manager_dbus_dispose (GObject *object); | ||
61 | |||
62 | static void gss_peer_manager_dbus_get_property (GObject *object, | ||
63 | guint property_id, | ||
64 | GValue *value, | ||
65 | GParamSpec *pspec); | ||
66 | static void gss_peer_manager_dbus_set_property (GObject *object, | ||
67 | guint property_id, | ||
68 | const GValue *value, | ||
69 | GParamSpec *pspec); | ||
70 | |||
71 | static void gss_peer_manager_dbus_ensure_peer_credentials_async (GssPeerManager *manager, | ||
72 | const gchar *sender, | ||
73 | GCancellable *cancellable, | ||
74 | GAsyncReadyCallback callback, | ||
75 | gpointer user_data); | ||
76 | static gchar *gss_peer_manager_dbus_ensure_peer_credentials_finish (GssPeerManager *manager, | ||
77 | GAsyncResult *result, | ||
78 | GError **error); | ||
79 | static const gchar *gss_peer_manager_dbus_get_peer_credentials (GssPeerManager *manager, | ||
80 | const gchar *sender); | ||
81 | |||
82 | /** | ||
83 | * GssPeerManagerDBus: | ||
84 | * | ||
85 | * An implementation of #GssPeerManager. | ||
86 | * | ||
87 | * Since: 0.1.0 | ||
88 | */ | ||
89 | struct _GssPeerManagerDBus | ||
90 | { | ||
91 | GObject parent; | ||
92 | |||
93 | GDBusConnection *connection; /* (owned) */ | ||
94 | |||
95 | /* Hold the watch IDs of all peers who have added entries at some point. */ | ||
96 | GPtrArray *peer_watch_ids; /* (owned) */ | ||
97 | |||
98 | /* Cache of peer credentials (currently only the executable path of each peer). */ | ||
99 | GHashTable *peer_credentials; /* (owned) (element-type utf8 filename) */ | ||
100 | }; | ||
101 | |||
102 | typedef enum | ||
103 | { | ||
104 | PROP_CONNECTION = 1, | ||
105 | } GssPeerManagerDBusProperty; | ||
106 | |||
107 |
6/7✓ Branch 0 taken 1 times.
✓ Branch 1 taken 3 times.
✓ Branch 2 taken 1 times.
✓ Branch 3 taken 1 times.
✗ Branch 4 not taken.
✓ Branch 5 taken 1 times.
✓ Branch 6 taken 3 times.
|
12 | G_DEFINE_TYPE_WITH_CODE (GssPeerManagerDBus, gss_peer_manager_dbus, G_TYPE_OBJECT, |
108 | G_IMPLEMENT_INTERFACE (GSS_TYPE_PEER_MANAGER, | ||
109 | gss_peer_manager_dbus_peer_manager_init)) | ||
110 | static void | ||
111 | 1 | gss_peer_manager_dbus_class_init (GssPeerManagerDBusClass *klass) | |
112 | { | ||
113 | 1 | GObjectClass *object_class = (GObjectClass *) klass; | |
114 | 1 | GParamSpec *props[PROP_CONNECTION + 1] = { NULL, }; | |
115 | |||
116 | 1 | object_class->dispose = gss_peer_manager_dbus_dispose; | |
117 | 1 | object_class->get_property = gss_peer_manager_dbus_get_property; | |
118 | 1 | object_class->set_property = gss_peer_manager_dbus_set_property; | |
119 | |||
120 | /** | ||
121 | * GssPeerManagerDBus:connection: | ||
122 | * | ||
123 | * D-Bus connection to use for retrieving peer credentials. | ||
124 | * | ||
125 | * Since: 0.1.0 | ||
126 | */ | ||
127 | 1 | props[PROP_CONNECTION] = | |
128 | 1 | g_param_spec_object ("connection", "Connection", | |
129 | "D-Bus connection to use for retrieving peer credentials.", | ||
130 | G_TYPE_DBUS_CONNECTION, | ||
131 | G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY | G_PARAM_STATIC_STRINGS); | ||
132 | |||
133 | 1 | g_object_class_install_properties (object_class, G_N_ELEMENTS (props), props); | |
134 | 1 | } | |
135 | |||
136 | static void | ||
137 | 1 | gss_peer_manager_dbus_peer_manager_init (GssPeerManagerInterface *iface) | |
138 | { | ||
139 | 1 | iface->ensure_peer_credentials_async = gss_peer_manager_dbus_ensure_peer_credentials_async; | |
140 | 1 | iface->ensure_peer_credentials_finish = gss_peer_manager_dbus_ensure_peer_credentials_finish; | |
141 | 1 | iface->get_peer_credentials = gss_peer_manager_dbus_get_peer_credentials; | |
142 | 1 | } | |
143 | |||
144 | static void | ||
145 | ✗ | watcher_id_free (gpointer data) | |
146 | { | ||
147 | ✗ | g_bus_unwatch_name (GPOINTER_TO_UINT (data)); | |
148 | ✗ | } | |
149 | |||
150 | static void | ||
151 | 1 | gss_peer_manager_dbus_init (GssPeerManagerDBus *self) | |
152 | { | ||
153 | 1 | self->peer_watch_ids = g_ptr_array_new_with_free_func (watcher_id_free); | |
154 | 1 | self->peer_credentials = g_hash_table_new_full (g_str_hash, g_str_equal, | |
155 | g_free, g_free); | ||
156 | 1 | } | |
157 | |||
158 | static void | ||
159 | 1 | gss_peer_manager_dbus_dispose (GObject *object) | |
160 | { | ||
161 | 1 | GssPeerManagerDBus *self = GSS_PEER_MANAGER_DBUS (object); | |
162 | |||
163 |
1/2✓ Branch 0 taken 1 times.
✗ Branch 1 not taken.
|
1 | g_clear_object (&self->connection); |
164 | |||
165 |
1/2✓ Branch 0 taken 1 times.
✗ Branch 1 not taken.
|
1 | g_clear_pointer (&self->peer_credentials, g_hash_table_unref); |
166 |
1/2✓ Branch 0 taken 1 times.
✗ Branch 1 not taken.
|
1 | g_clear_pointer (&self->peer_watch_ids, g_ptr_array_unref); |
167 | |||
168 | /* Chain up to the parent class */ | ||
169 | 1 | G_OBJECT_CLASS (gss_peer_manager_dbus_parent_class)->dispose (object); | |
170 | 1 | } | |
171 | |||
172 | static void | ||
173 | ✗ | gss_peer_manager_dbus_get_property (GObject *object, | |
174 | guint property_id, | ||
175 | GValue *value, | ||
176 | GParamSpec *pspec) | ||
177 | { | ||
178 | ✗ | GssPeerManagerDBus *self = GSS_PEER_MANAGER_DBUS (object); | |
179 | |||
180 | ✗ | switch ((GssPeerManagerDBusProperty) property_id) | |
181 | { | ||
182 | ✗ | case PROP_CONNECTION: | |
183 | ✗ | g_value_set_object (value, self->connection); | |
184 | ✗ | break; | |
185 | ✗ | default: | |
186 | ✗ | g_assert_not_reached (); | |
187 | } | ||
188 | ✗ | } | |
189 | |||
190 | static void | ||
191 | 1 | gss_peer_manager_dbus_set_property (GObject *object, | |
192 | guint property_id, | ||
193 | const GValue *value, | ||
194 | GParamSpec *pspec) | ||
195 | { | ||
196 | 1 | GssPeerManagerDBus *self = GSS_PEER_MANAGER_DBUS (object); | |
197 | |||
198 |
1/2✓ Branch 0 taken 1 times.
✗ Branch 1 not taken.
|
1 | switch ((GssPeerManagerDBusProperty) property_id) |
199 | { | ||
200 | 1 | case PROP_CONNECTION: | |
201 | /* Construct only. */ | ||
202 |
1/2✗ Branch 0 not taken.
✓ Branch 1 taken 1 times.
|
1 | g_assert (self->connection == NULL); |
203 | 1 | self->connection = g_value_dup_object (value); | |
204 | 1 | break; | |
205 | ✗ | default: | |
206 | ✗ | g_assert_not_reached (); | |
207 | } | ||
208 | 1 | } | |
209 | |||
210 | static void | ||
211 | ✗ | peer_vanished_cb (GDBusConnection *connection, | |
212 | const gchar *name, | ||
213 | gpointer user_data) | ||
214 | { | ||
215 | ✗ | GssPeerManagerDBus *self = GSS_PEER_MANAGER_DBUS (user_data); | |
216 | |||
217 | ✗ | g_debug ("%s: Removing peer credentials for ‘%s’ from cache", G_STRFUNC, name); | |
218 | ✗ | if (g_hash_table_remove (self->peer_credentials, name)) | |
219 | { | ||
220 | /* Notify users of this API. */ | ||
221 | ✗ | g_signal_emit_by_name (self, "peer-vanished", name); | |
222 | } | ||
223 | ✗ | } | |
224 | |||
225 | /* An async function for getting credentials for D-Bus peers, either by querying | ||
226 | * the bus, or by getting them from a cache. */ | ||
227 | static void ensure_peer_credentials_cb (GObject *obj, | ||
228 | GAsyncResult *result, | ||
229 | gpointer user_data); | ||
230 | |||
231 | static void | ||
232 | ✗ | gss_peer_manager_dbus_ensure_peer_credentials_async (GssPeerManager *manager, | |
233 | const gchar *sender, | ||
234 | GCancellable *cancellable, | ||
235 | GAsyncReadyCallback callback, | ||
236 | gpointer user_data) | ||
237 | { | ||
238 | ✗ | GssPeerManagerDBus *self = GSS_PEER_MANAGER_DBUS (manager); | |
239 | |||
240 | ✗ | g_autoptr(GTask) task = g_task_new (self, cancellable, callback, user_data); | |
241 | ✗ | g_task_set_source_tag (task, (gpointer) gss_peer_manager_dbus_ensure_peer_credentials_async); | |
242 | ✗ | g_task_set_task_data (task, g_strdup (sender), g_free); | |
243 | |||
244 | /* Look up information about the sender so that we can (for example) | ||
245 | * prioritise downloads by sender. */ | ||
246 | ✗ | const gchar *peer_path = gss_peer_manager_get_peer_credentials (manager, sender); | |
247 | |||
248 | ✗ | if (peer_path != NULL) | |
249 | { | ||
250 | ✗ | g_debug ("%s: Found credentials in cache; path is ‘%s’", | |
251 | G_STRFUNC, peer_path); | ||
252 | ✗ | g_task_return_pointer (task, g_strdup (peer_path), g_free); | |
253 | } | ||
254 | else | ||
255 | { | ||
256 | /* Watch the peer so we can know if/when it disappears. */ | ||
257 | ✗ | guint watch_id = g_bus_watch_name_on_connection (self->connection, sender, | |
258 | G_BUS_NAME_WATCHER_FLAGS_NONE, | ||
259 | NULL, peer_vanished_cb, | ||
260 | self, NULL); | ||
261 | ✗ | g_ptr_array_add (self->peer_watch_ids, GUINT_TO_POINTER (watch_id)); | |
262 | |||
263 | /* And query for its credentials. */ | ||
264 | ✗ | g_dbus_connection_call (self->connection, "org.freedesktop.DBus", "/", | |
265 | "org.freedesktop.DBus", "GetConnectionCredentials", | ||
266 | g_variant_new ("(s)", sender), | ||
267 | G_VARIANT_TYPE ("(a{sv})"), | ||
268 | G_DBUS_CALL_FLAGS_NONE, | ||
269 | -1 /* default timeout */, | ||
270 | cancellable, | ||
271 | ensure_peer_credentials_cb, g_steal_pointer (&task)); | ||
272 | } | ||
273 | ✗ | } | |
274 | |||
275 | static void | ||
276 | ✗ | ensure_peer_credentials_cb (GObject *obj, | |
277 | GAsyncResult *result, | ||
278 | gpointer user_data) | ||
279 | { | ||
280 | ✗ | g_autoptr(GTask) task = G_TASK (user_data); | |
281 | ✗ | GssPeerManagerDBus *self = GSS_PEER_MANAGER_DBUS (g_task_get_source_object (task)); | |
282 | ✗ | GDBusConnection *connection = G_DBUS_CONNECTION (obj); | |
283 | ✗ | const gchar *sender = g_task_get_task_data (task); | |
284 | ✗ | g_autoptr(GError) local_error = NULL; | |
285 | |||
286 | /* Finish looking up the sender. */ | ||
287 | ✗ | g_autoptr(GVariant) retval = NULL; | |
288 | ✗ | retval = g_dbus_connection_call_finish (connection, result, &local_error); | |
289 | |||
290 | ✗ | if (retval == NULL) | |
291 | { | ||
292 | ✗ | g_task_return_error (task, g_steal_pointer (&local_error)); | |
293 | ✗ | return; | |
294 | } | ||
295 | |||
296 | /* From the credentials information from D-Bus, we can get the process ID, | ||
297 | * and then look up the process name. Note that this is racy (the process | ||
298 | * ID may get recycled between GetConnectionCredentials() returning and us | ||
299 | * querying the kernel for the process name), but there’s nothing we can | ||
300 | * do about that. The correct approach is to use an LSM label as returned | ||
301 | * by GetConnectionCredentials(), but EOS doesn’t support any LSM. | ||
302 | * We would look at /proc/$pid/exe, but that requires elevated privileges | ||
303 | * (CAP_SYS_PTRACE, but I can’t get that working; so it would require root | ||
304 | * privileges). Instead, we look at /proc/$pid/cmdline, which is accessible | ||
305 | * by all. Unfortunately, it is also forgeable. */ | ||
306 | guint process_id; | ||
307 | |||
308 | ✗ | g_autoptr(GVariant) credentials = g_variant_get_child_value (retval, 0); | |
309 | |||
310 | ✗ | if (!g_variant_lookup (credentials, "ProcessID", "u", &process_id)) | |
311 | { | ||
312 | ✗ | g_task_return_new_error (task, GSS_PEER_MANAGER_ERROR, | |
313 | GSS_PEER_MANAGER_ERROR_IDENTIFYING_PEER, | ||
314 | ✗ | _("Process ID for peer ‘%s’ could not be determined"), | |
315 | sender); | ||
316 | ✗ | return; | |
317 | } | ||
318 | |||
319 | ✗ | g_autofree gchar *pid_str = g_strdup_printf ("%u", process_id); | |
320 | ✗ | g_autofree gchar *proc_pid_cmdline = g_build_filename ("/proc", pid_str, "cmdline", NULL); | |
321 | ✗ | g_autofree gchar *cmdline = NULL; | |
322 | |||
323 | ✗ | g_debug ("%s: Getting contents of ‘%s’", G_STRFUNC, proc_pid_cmdline); | |
324 | |||
325 | /* Assume the path is always the first nul-terminated segment. */ | ||
326 | ✗ | if (!g_file_get_contents (proc_pid_cmdline, &cmdline, NULL, &local_error)) | |
327 | { | ||
328 | ✗ | g_task_return_new_error (task, GSS_PEER_MANAGER_ERROR, | |
329 | GSS_PEER_MANAGER_ERROR_IDENTIFYING_PEER, | ||
330 | ✗ | _("Executable path for peer ‘%s’ (process ID: %s) " | |
331 | "could not be determined: %s"), | ||
332 | ✗ | sender, pid_str, local_error->message); | |
333 | ✗ | return; | |
334 | } | ||
335 | |||
336 | /* Resolve to an absolute path, since what we get back might not be absolute. */ | ||
337 | ✗ | g_autofree gchar *sender_path = g_find_program_in_path (cmdline); | |
338 | |||
339 | ✗ | if (sender_path == NULL) | |
340 | { | ||
341 | ✗ | g_autofree gchar *message = | |
342 | ✗ | g_strdup_printf (_("Path ‘%s’ could not be resolved"), cmdline); | |
343 | ✗ | g_task_return_new_error (task, GSS_PEER_MANAGER_ERROR, | |
344 | GSS_PEER_MANAGER_ERROR_IDENTIFYING_PEER, | ||
345 | ✗ | _("Executable path for peer ‘%s’ (process ID: %s) " | |
346 | "could not be determined: %s"), | ||
347 | sender, pid_str, message); | ||
348 | ✗ | return; | |
349 | } | ||
350 | |||
351 | ✗ | g_debug ("%s: Got credentials from D-Bus daemon; path is ‘%s’ (resolved from ‘%s’)", | |
352 | G_STRFUNC, sender_path, cmdline); | ||
353 | |||
354 | ✗ | g_hash_table_replace (self->peer_credentials, | |
355 | ✗ | g_strdup (sender), g_strdup (sender_path)); | |
356 | |||
357 | ✗ | g_task_return_pointer (task, g_steal_pointer (&sender_path), g_free); | |
358 | } | ||
359 | |||
360 | static gchar * | ||
361 | ✗ | gss_peer_manager_dbus_ensure_peer_credentials_finish (GssPeerManager *manager, | |
362 | GAsyncResult *result, | ||
363 | GError **error) | ||
364 | { | ||
365 | ✗ | g_return_val_if_fail (g_task_is_valid (result, manager), NULL); | |
366 | ✗ | g_return_val_if_fail (g_async_result_is_tagged (result, (gpointer) gss_peer_manager_dbus_ensure_peer_credentials_async), NULL); | |
367 | |||
368 | ✗ | return g_task_propagate_pointer (G_TASK (result), error); | |
369 | } | ||
370 | |||
371 | static const gchar * | ||
372 | 1 | gss_peer_manager_dbus_get_peer_credentials (GssPeerManager *manager, | |
373 | const gchar *sender) | ||
374 | { | ||
375 | 1 | GssPeerManagerDBus *self = GSS_PEER_MANAGER_DBUS (manager); | |
376 | |||
377 | 1 | g_debug ("%s: Querying credentials for peer ‘%s’", G_STRFUNC, sender); | |
378 | 1 | return g_hash_table_lookup (self->peer_credentials, sender); | |
379 | } | ||
380 | |||
381 | /** | ||
382 | * gss_peer_manager_dbus_new: | ||
383 | * @connection: a #GDBusConnection | ||
384 | * | ||
385 | * Create a #GssPeerManagerDBus object to wrap the given existing @connection. | ||
386 | * | ||
387 | * Returns: (transfer full): a new #GssPeerManagerDBus wrapping @connection | ||
388 | * Since: 0.1.0 | ||
389 | */ | ||
390 | GssPeerManagerDBus * | ||
391 | 1 | gss_peer_manager_dbus_new (GDBusConnection *connection) | |
392 | { | ||
393 |
4/8✗ Branch 0 not taken.
✓ Branch 1 taken 1 times.
✓ Branch 2 taken 1 times.
✗ Branch 3 not taken.
✓ Branch 4 taken 1 times.
✗ Branch 5 not taken.
✗ Branch 6 not taken.
✓ Branch 7 taken 1 times.
|
1 | g_return_val_if_fail (G_IS_DBUS_CONNECTION (connection), NULL); |
394 | |||
395 | 1 | return g_object_new (GSS_TYPE_PEER_MANAGER_DBUS, | |
396 | "connection", connection, | ||
397 | NULL); | ||
398 | } | ||
399 |