From bc7200fb1598d2a5fd9f5c9773170b9447433797 Mon Sep 17 00:00:00 2001 From: Packit Bot Date: May 04 2021 22:21:33 +0000 Subject: Apply patch 0001-GDBus-prefer-getsockopt-style-credentials-passing-AP.patch patch_name: 0001-GDBus-prefer-getsockopt-style-credentials-passing-AP.patch present_in_specfile: true location_in_specfile: 12 --- diff --git a/gio/gcredentialsprivate.h b/gio/gcredentialsprivate.h index 06f0aed..e9ec09b 100644 --- a/gio/gcredentialsprivate.h +++ b/gio/gcredentialsprivate.h @@ -81,6 +81,18 @@ */ #undef G_CREDENTIALS_SPOOFING_SUPPORTED +/* + * G_CREDENTIALS_PREFER_MESSAGE_PASSING: + * + * Defined to 1 if the data structure transferred by the message-passing + * API is strictly more informative than the one transferred by the + * `getsockopt()`-style API, and hence should be preferred, even for + * protocols like D-Bus that are defined in terms of the credentials of + * the (process that opened the) socket, as opposed to the credentials + * of an individual message. + */ +#undef G_CREDENTIALS_PREFER_MESSAGE_PASSING + #ifdef __linux__ #define G_CREDENTIALS_SUPPORTED 1 #define G_CREDENTIALS_USE_LINUX_UCRED 1 @@ -100,6 +112,12 @@ #define G_CREDENTIALS_NATIVE_SIZE (sizeof (struct cmsgcred)) #define G_CREDENTIALS_UNIX_CREDENTIALS_MESSAGE_SUPPORTED 1 #define G_CREDENTIALS_SPOOFING_SUPPORTED 1 +/* GLib doesn't implement it yet, but FreeBSD's getsockopt()-style API + * is getpeereid(), which is not as informative as struct cmsgcred - + * it does not tell us the PID. As a result, libdbus prefers to use + * SCM_CREDS, and if we implement getpeereid() in future, we should + * do the same. */ +#define G_CREDENTIALS_PREFER_MESSAGE_PASSING 1 #elif defined(__NetBSD__) #define G_CREDENTIALS_SUPPORTED 1 diff --git a/gio/gdbusauth.c b/gio/gdbusauth.c index 1a0ada5..e9a953a 100644 --- a/gio/gdbusauth.c +++ b/gio/gdbusauth.c @@ -31,6 +31,7 @@ #include "gdbusutils.h" #include "gioenumtypes.h" #include "gcredentials.h" +#include "gcredentialsprivate.h" #include "gdbusprivate.h" #include "giostream.h" #include "gdatainputstream.h" @@ -996,9 +997,31 @@ _g_dbus_auth_run_server (GDBusAuth *auth, g_data_input_stream_set_newline_type (dis, G_DATA_STREAM_NEWLINE_TYPE_CR_LF); - /* first read the NUL-byte */ + /* read the NUL-byte, possibly with credentials attached */ #ifdef G_OS_UNIX - if (G_IS_UNIX_CONNECTION (auth->priv->stream)) +#ifndef G_CREDENTIALS_PREFER_MESSAGE_PASSING + if (G_IS_SOCKET_CONNECTION (auth->priv->stream)) + { + GSocket *sock = g_socket_connection_get_socket (G_SOCKET_CONNECTION (auth->priv->stream)); + + local_error = NULL; + credentials = g_socket_get_credentials (sock, &local_error); + + if (credentials == NULL && !g_error_matches (local_error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED)) + { + g_propagate_error (error, local_error); + goto out; + } + else + { + /* Clear the error indicator, so we can retry with + * g_unix_connection_receive_credentials() if necessary */ + g_clear_error (&local_error); + } + } +#endif + + if (credentials == NULL && G_IS_UNIX_CONNECTION (auth->priv->stream)) { local_error = NULL; credentials = g_unix_connection_receive_credentials (G_UNIX_CONNECTION (auth->priv->stream),