Commit 1086acbd authored by Simon McVittie's avatar Simon McVittie

containers: Include credentials of initiator in container instance info

This provides the necessary information for services to make an
informed decision about how far they should trust the container type,
name and metadata fields.
Signed-off-by: Simon McVittie's avatarSimon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104610
parent d6d01c78
......@@ -1130,6 +1130,7 @@ bus_containers_handle_get_connection_instance (DBusConnection *caller,
DBusConnection *subject;
DBusMessage *reply = NULL;
DBusMessageIter writer;
DBusMessageIter arr_writer;
const char *bus_name;
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
......@@ -1169,6 +1170,25 @@ bus_containers_handle_get_connection_instance (DBusConnection *caller,
if (!dbus_message_append_args (reply,
DBUS_TYPE_OBJECT_PATH, &instance->path,
DBUS_TYPE_INVALID))
goto oom;
dbus_message_iter_init_append (reply, &writer);
if (!dbus_message_iter_open_container (&writer, DBUS_TYPE_ARRAY, "{sv}",
&arr_writer))
goto oom;
if (!bus_driver_fill_connection_credentials (instance->creator, &arr_writer))
{
dbus_message_iter_abandon_container (&writer, &arr_writer);
goto oom;
}
if (!dbus_message_iter_close_container (&writer, &arr_writer))
goto oom;
if (!dbus_message_append_args (reply,
DBUS_TYPE_STRING, &instance->type,
DBUS_TYPE_STRING, &instance->name,
DBUS_TYPE_INVALID))
......@@ -1206,6 +1226,7 @@ bus_containers_handle_get_instance_info (DBusConnection *connection,
BusContainerInstance *instance = NULL;
DBusMessage *reply = NULL;
DBusMessageIter writer;
DBusMessageIter arr_writer;
const char *path;
if (!dbus_message_get_args (message, error,
......@@ -1234,6 +1255,21 @@ bus_containers_handle_get_instance_info (DBusConnection *connection,
if (reply == NULL)
goto oom;
dbus_message_iter_init_append (reply, &writer);
if (!dbus_message_iter_open_container (&writer, DBUS_TYPE_ARRAY, "{sv}",
&arr_writer))
goto oom;
if (!bus_driver_fill_connection_credentials (instance->creator, &arr_writer))
{
dbus_message_iter_abandon_container (&writer, &arr_writer);
goto oom;
}
if (!dbus_message_iter_close_container (&writer, &arr_writer))
goto oom;
if (!dbus_message_append_args (reply,
DBUS_TYPE_STRING, &instance->type,
DBUS_TYPE_STRING, &instance->name,
......
......@@ -2593,10 +2593,10 @@ static const MessageHandler containers_message_handlers[] = {
METHOD_FLAG_NO_CONTAINERS },
{ "StopListening", "o", "", bus_containers_handle_stop_listening,
METHOD_FLAG_NO_CONTAINERS },
{ "GetConnectionInstance", "s", "ossa{sv}",
{ "GetConnectionInstance", "s", "oa{sv}ssa{sv}",
bus_containers_handle_get_connection_instance,
METHOD_FLAG_NONE },
{ "GetInstanceInfo", "o", "ssa{sv}", bus_containers_handle_get_instance_info,
{ "GetInstanceInfo", "o", "a{sv}ssa{sv}", bus_containers_handle_get_instance_info,
METHOD_FLAG_NONE },
{ NULL, NULL, NULL, NULL }
};
......
......@@ -284,13 +284,16 @@ test_basic (Fixture *f,
{
#ifdef HAVE_CONTAINERS_TEST
GVariant *asv;
GVariant *creator;
GVariant *parameters;
GVariantDict dict;
const gchar *confined_unique_name;
const gchar *path_from_query;
const gchar *manager_unique_name;
const gchar *name;
const gchar *name_owner;
const gchar *type;
guint32 uid;
GStatBuf stat_buf;
GVariant *tuple;
......@@ -361,14 +364,20 @@ test_basic (Fixture *f,
G_DBUS_CALL_FLAGS_NONE, -1, NULL, &f->error);
g_assert_no_error (f->error);
g_assert_nonnull (tuple);
g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(ossa{sv})");
g_variant_get (tuple, "(&o&s&s@a{sv})", &path_from_query, &type, &name, &asv);
g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(oa{sv}ssa{sv})");
g_variant_get (tuple, "(&o@a{sv}&s&s@a{sv})",
&path_from_query, &creator, &type, &name, &asv);
g_assert_cmpstr (path_from_query, ==, f->instance_path);
g_variant_dict_init (&dict, creator);
g_assert_true (g_variant_dict_lookup (&dict, "UnixUserID", "u", &uid));
g_assert_cmpuint (uid, ==, _dbus_getuid ());
g_variant_dict_clear (&dict);
g_assert_cmpstr (type, ==, "com.example.NotFlatpak");
g_assert_cmpstr (name, ==, "sample-app");
/* Trivial case: the metadata a{sv} is empty */
g_assert_cmpuint (g_variant_n_children (asv), ==, 0);
g_clear_pointer (&asv, g_variant_unref);
g_clear_pointer (&creator, g_variant_unref);
g_clear_pointer (&tuple, g_variant_unref);
g_test_message ("Inspecting container instance info");
......@@ -377,13 +386,18 @@ test_basic (Fixture *f,
G_DBUS_CALL_FLAGS_NONE, -1, NULL, &f->error);
g_assert_no_error (f->error);
g_assert_nonnull (tuple);
g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(ssa{sv})");
g_variant_get (tuple, "(&s&s@a{sv})", &type, &name, &asv);
g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(a{sv}ssa{sv})");
g_variant_get (tuple, "(@a{sv}&s&s@a{sv})", &creator, &type, &name, &asv);
g_variant_dict_init (&dict, creator);
g_assert_true (g_variant_dict_lookup (&dict, "UnixUserID", "u", &uid));
g_assert_cmpuint (uid, ==, _dbus_getuid ());
g_variant_dict_clear (&dict);
g_assert_cmpstr (type, ==, "com.example.NotFlatpak");
g_assert_cmpstr (name, ==, "sample-app");
/* Trivial case: the metadata a{sv} is empty */
g_assert_cmpuint (g_variant_n_children (asv), ==, 0);
g_clear_pointer (&asv, g_variant_unref);
g_clear_pointer (&creator, g_variant_unref);
g_clear_pointer (&tuple, g_variant_unref);
/* Check that the socket is cleaned up when the dbus-daemon is terminated */
......@@ -454,6 +468,7 @@ test_metadata (Fixture *f,
{
#ifdef HAVE_CONTAINERS_TEST
GVariant *asv;
GVariant *creator;
GVariant *tuple;
GVariant *parameters;
GVariantDict dict;
......@@ -461,6 +476,7 @@ test_metadata (Fixture *f,
const gchar *path_from_query;
const gchar *name;
const gchar *type;
guint32 uid;
guint u;
gboolean b;
const gchar *s;
......@@ -519,9 +535,14 @@ test_metadata (Fixture *f,
G_DBUS_CALL_FLAGS_NONE, -1, NULL, &f->error);
g_assert_no_error (f->error);
g_assert_nonnull (tuple);
g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(ossa{sv})");
g_variant_get (tuple, "(&o&s&s@a{sv})", &path_from_query, &type, &name, &asv);
g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(oa{sv}ssa{sv})");
g_variant_get (tuple, "(&o@a{sv}&s&s@a{sv})",
&path_from_query, &creator, &type, &name, &asv);
g_assert_cmpstr (path_from_query, ==, f->instance_path);
g_variant_dict_init (&dict, creator);
g_assert_true (g_variant_dict_lookup (&dict, "UnixUserID", "u", &uid));
g_assert_cmpuint (uid, ==, _dbus_getuid ());
g_variant_dict_clear (&dict);
g_assert_cmpstr (type, ==, "org.example.Springwatch");
g_assert_cmpstr (name, ==, "");
g_variant_dict_init (&dict, asv);
......@@ -534,6 +555,7 @@ test_metadata (Fixture *f,
g_variant_dict_clear (&dict);
g_assert_cmpuint (g_variant_n_children (asv), ==, 3);
g_clear_pointer (&asv, g_variant_unref);
g_clear_pointer (&creator, g_variant_unref);
g_clear_pointer (&tuple, g_variant_unref);
g_test_message ("Inspecting container instance info");
......@@ -542,8 +564,12 @@ test_metadata (Fixture *f,
G_DBUS_CALL_FLAGS_NONE, -1, NULL, &f->error);
g_assert_no_error (f->error);
g_assert_nonnull (tuple);
g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(ssa{sv})");
g_variant_get (tuple, "(&s&s@a{sv})", &type, &name, &asv);
g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(a{sv}ssa{sv})");
g_variant_get (tuple, "(@a{sv}&s&s@a{sv})", &creator, &type, &name, &asv);
g_variant_dict_init (&dict, creator);
g_assert_true (g_variant_dict_lookup (&dict, "UnixUserID", "u", &uid));
g_assert_cmpuint (uid, ==, _dbus_getuid ());
g_variant_dict_clear (&dict);
g_assert_cmpstr (type, ==, "org.example.Springwatch");
g_assert_cmpstr (name, ==, "");
g_variant_dict_init (&dict, asv);
......@@ -556,6 +582,7 @@ test_metadata (Fixture *f,
g_variant_dict_clear (&dict);
g_assert_cmpuint (g_variant_n_children (asv), ==, 3);
g_clear_pointer (&asv, g_variant_unref);
g_clear_pointer (&creator, g_variant_unref);
g_clear_pointer (&tuple, g_variant_unref);
#else /* !HAVE_CONTAINERS_TEST */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment