And insert "client" or "server" into the PROJECT_NAME to know which one we
have.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>

This switches the scanner to generate doxygen-compatible tags for the
generated protocol headers, and hooks up the doxygen build to generate server
and client-side API documentation. That documentation is now in
Client/ and Server/, respectively.

GENERATE_HTML is on by default and must be disabled for the xml/man targets to
avoid messing up the new documentation. We disable all three three targets in
the doxyfile (xml and man default to NO anyway) to make it obvious that they
need to be set in the per-target instructions.

Each protocol is a separate doxygen @page, with each interface a @subpage.
Wayland only has one protocol, wayland-protocols will have these nested.
Each protocol page has a list of interfaces and the copyright and description
where available.
All interfaces are grouped by doxygen @defgroup and @ingroups and appear in
"Modules" in the generated output. Each interface subpage has the description
and a link to the actual API doc.
Function, struct and #defines are documented in doxygen style and associated
with the matching interface.

Note that pages and groups have fixed HTML file names and are directly
linkable/bookmark-able.

The @mainpage is a separate file that's included at build time. It doesn't
contain much other than links to where the interesting bits are. It's a static
file though that supports markdown, so we can extend it easily in the future.

For doxygen we need the new options EXTRACT_ALL and OPTIMIZE_OUTPUT_FOR_C so
it scans C code properly. EXTRACT_STATIC is needed since most of the protocol
hooks are static.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>

Before this patch:
$ scanelf -lpqe ./wayland-scanner
RWX --- ---  ./wayland-scanner

That indicates the stack is executable, which is a bad thing for
security. Wayland-scanner does not actually need an executable stack, it
is just an oversight from using an .S file in the sources.

Add a special incantation in dtddata.S to make it not cause the stack to
become executable.
Reported-by: Mart Raudsepp <leio@gentoo.org>
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Tested-by: Mart Raudsepp <leio@gentoo.org>

When configured with --disable-dtd-validation:

  CPPAS    src/dtddata.o
src/dtddata.S: Assembler messages:
src/dtddata.S:39: Error: file not found: src/wayland.dtd.embed
Makefile:1520: recipe for target 'src/dtddata.o' failed

This is because the variable name used does not match the implicit
variable name in autoconf.

Fix the variable name, making both --disable-dtd-validation and
--enable-dtd-validation to what they should.

Do not try to build dtddata.S if dtd-validation is disabled. It depends
on wayland.dtd.embed which is created by configure only if
dtd-validation is enabled.

If not building dtddata.S, also make sure the extern definitions in
scanner.c are compiled out.

Bugzilla: https://bugs.gentoo.org/show_bug.cgi?id=575212
Reported-by: leio@gentoo.org
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Quentin Glidic <sardemff7+git@sardemff7.net>
Tested-by: Bryce Harrington <bryce@osg.samsung.com>

test if receiving an error on already destroyed object won't
do any harm
Signed-off-by: Marek Chalupa <mchqwerty@gmail.com>
Reviewed-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Tested-by: Bryce Harrington <bryce@osg.samsung.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>

If an error is received on a destroyed object, we'd get NULL passed
to display_handle_error() instead of a pointer to a valid wl_proxy.

The logging is changed to report [unknown interface] and [unknown id]
instead of the actual interface name and id.

The wl_display_get_protocol_error() documentation is updated to handle
the situation. For when the proxy was NULL, the object id 0 and
interface NULL is written.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Marek Chalupa <mchqwerty@gmail.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
[Pekka: changed the error message wording]
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Acked-by: Jonas Ådahl <jadahl@gmail.com>

Reviewed-by: Auke Booij <auke@tulcod.com>

This reverts commit 88ff135a.

The parent interface version may be higher than this interface version,
and the child object should inherit that version.

This check is wrong.

This reverts commit 8125919b.

This makes things far more annoying than intended, especially since
the list of default warnings isn't consistent from distro to distro.

Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>

New --enable-fatal-warnings ./configure option that just adds -Werror
to GCC_CFLAGS
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>

We shouldn't ever create a resource with version less than 1 or
greater than the interface version.
Reviewed-by: Marek Chalupa <mchqwerty@gmail.com>
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>

We're creating resources with versions up to 4.  wl_display isn't version 4,
so this is technically verifying that we can do something we shouldn't.

wl_seat already has versions this high, so switch to that.
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Marek Chalupa <mchqwerty@gmail.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>

Master is open for new feature development again.

When we are adding padding bytes making our wl_buffer buffer content 4
byte aligned, we are just moving the pointer. Since the buffer is
allocated using plain malloc(), this means our padding bytes are
effectively uninitialized data, which could be anything previously
allocated in the server process. As we'll be sharing this buffer
content with arbitrary clients, we are effectively sharing private
memory with every client, and even though a well behaving client will
discard any such memory, a malicious client may not.

Therefor, to avoid any potential missuse of the uninitialized padding
memory shared between the server and client, initialize the buffer
content to 0, making the padding bytes always 0.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>

Some copyright strings could result in broken generated header files with
unmatched */

This change:
Runs the loop long enough so the copyright[i] == 0 test can actually
happen. (if there was no \n no copyright text was printed, */ still was)

Prints the opening /* even if there was whitespace at the start of
the very first line.

Only emits a */ if a /* was printed.
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Jon A. Cruz <jonc@osg.samsung.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>

Don't just print prefix the errors with "protocol", but the actual file
name, if wayland-scanner was passed with the filename of the protocol
file. If wayland-scanner is reading from stdin, errors will be prefixed
with "<stdin>" instead of "protocol".
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: David Fort <contact@hardening-consulting.com>
Reviewed-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>

0 is not a valid version number for registry bind requests, so
let's check for it in registry_bind.
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>

we're returning a pointer
Signed-off-by: Marek Chalupa <mchqwerty@gmail.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>

Add a note to the wl_data_device_manager global interface about the
different requirements for operating the objects created from the bound
global.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Carlos Garnacho <carlosg@gnome.org>

If wl_event_loop_add_fd failed, the fail path didn't free the
newly allocated struct wl_socket.
Reviewed-by: Derek Foreman <derekf@osg.samsung.com>

This adds an API to get the file descriptor for a client.
The client file descriptor can be used for a wayland compositor to validate
a request from a client if there are any additional information provided from
the client's file descriptor.

For instance, this will be helpful in some linux distributions, in which SELinux
or SMACK is enabled. In those environments, each file (including socket) will have
each security contexts in its inode as xattr member variable. A wayland compositor
can validate a client request by getting the file descriptor of the client and
by checking the security contexts associated with the file descriptor.
Signed-off-by: Sung-Jin Park <input.hacker@gmail.com>

Add a test that confirms that proxy versions are always 0 for display
and correct otherwise.
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>

This provides a standardized mechanism for tracking protocol object
versions in client code.  The wl_display object is created with version 1.
Every time an object is created from within wl_registry_bind, it gets the
bound version.  Every other time an object is created, it simply inherits
it's version from the parent object that created it.

(comments and minor reformatting added
by Derek Foreman <derekf@osg.samsung.com>)
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>

Second trivial commit squashed into this one:
Authored by Derek Foreman <derekf@osg.samsung.com>
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
(it's literally one of code and a lot of comments)

This sets wl_display's version (for proxy version query purposes)
to 0.  Any proxy created with unversioned API (this happens when
a client compiled with old headers links against new wayland)
will inherit this 0.

This gives us a way for new libraries linked by old clients to
realize they can't know a proxy's version.

wl_display's version being unqueryable (always returning 0) is
an acceptable side effect, since it's a special object you can't
bind specific versions of anyway.

Second half:
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Jason Ekstrand <jason@jlekstrand.net>

If a client is terminated due to some reason, it should always be
possible to retrieve protocol error associated with the termination.
Test that, while either using the dispatch helpers
(wl_display_dispatch(_queue)() or the prepare read API, it should be
possible to retrieve the error after EPIPE.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>

Change the API to pass an "void *" argument to the client main
function, allowing the caller to call the same main function with
different input.

A helper (client_create_noarg) is added for when no argument is passed,
and the existing test cases are changed to use this function instead.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>

We currently wait for clients in the wl_client destroy signal, which is
called before the client is destructed and the socket is closed. If test
clients rely on being closed due to the socket being closed we'd dead
lock. Avoid this by synchronizing in an idle task that is called after
the client is fully destroyed.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>

wl_display_flush() may fail with EAGAIN which means that not all data
waiting in the buffer has been flushed. We later block until there is
data to read, which could mean that we block on input from the
compositor without having sent out all data from the client. Avoid this
by fully flushing the socket before starting to wait.

This commit also changes the array length of the struct pollfd array
from 2 to 1, as only one element was ever used.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>

Instead of doing things that do the equivalent of using
wl_display_prepare_read() and friends, just use the public API. The
only semantical difference is that we will now unlock and lock the mutex
more times compared to before.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>

If flushing hits EPIPE it should not make it a fatal error since it
would make it impossible to process the rest of the data available in
the buffer. Instead, let reading the socket make EPIPE fatal, letting
the client have the possibility to process the last messages including
any error causing the termination.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>

There was documentation about how to integrate the display server file
descriptor in the documentation about wl_display_dispatch_pending().
This is not the right place to put it, and it also had incorrect usage
of the API (calling wl_display_dispatch_queue() on input on an unrelated
fd) as an example.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Daniel Stone <daniels@collabora.com>

The current documentation about wl_display_dispatch() states one may not
mix wl_display_dispatch(_queue)() with wl_display_prepare_read() and
friends, but this is a misconception about how
wl_display_dispatch(_queue)() works. The fact is that the dispatch
functions does the equivalent of what the preparation API does
internally, and it is safe to use together.

What is not safe is to dispatch using the wl_display_dispatch(_queue)()
functions while being prepared to read using wl_display_read_events().

This patch rewrites the documentation to correctly state when the
various API's are thread safe and how they may not be used.

https://bugs.freedesktop.org/show_bug.cgi?id=91767Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>

These 2 requests have been added:

- wl_data_source.set_actions: Notifies the compositor of the available
  actions on the data source.
- wl_data_offer.set_actions: Notifies the compositor of the available
  actions on the destination side, plus the preferred action.

Out of the data from these requests, the compositor can determine the action
both parts agree on (and let the user play a role through eg. keyboard
modifiers). The chosen option will be notified to both parties
through the following two requests:

- wl_data_source.action
- wl_data_offer.action

In addition, the destination side can peek the source side actions through
wl_data_offer.source_actions.

Compared to the XDND protocol, there's two notable changes:

- XDND lets the source suggest an action, whereas wl_data_device lets
  the destination prefer a given action. The difference is subtle here,
  it comes off as convenience because it is the drag destination which
  receives the motion events (unlike in X) and can perform action updates.

  The drag destination seems also in a better position to update the
  preferred action based on things like the data being transferred, the
  place being dropped, and whether the drag is client-local.

- That same source-side preferred action is used in XDND to convey the
  modifier-induced action to the drag destination, which would then ack
  it, or reply with another action that's accepted (or none), this makes
  the XdndPosition/XdndStatus messaging very verbose, and synchronous
  because the drag source always needs to know the latest status/action
  for every position+action sent.

  Here it's the compositor which takes care of modifiers and matching
  available/accepted actions, this allows for the signaling to happen
  only whenever the actions/modifiers change for real.

Roughly based on previous work by Giulio Camuffo <giuliocamuffo@gmail.com>

Changes since v10:
- Narrow down the situations where wl_data_source/offer.accept requests
  are supposed to happen.

Changes since v9:
- Deferred the protocol errors to .finish after some IRC chat with Jonas,
  added further errors if actions API is used on selection sources/offers.

Changes since v8:
- Defined further the expected behavior on "ask", described the protocol
  errors that may happen. Fix more spaces vs tabs issues.

Changes since v7:
- Misc changes after updating the progress notification patch.

Changes since v6:
- Further explanations on wl_data_source/offer.set_actions, including a
  description of "ask" actions. Added protocol errors for unknown action
  values.

Changes since v5:
- Applied rewording suggestions from Jonas Ådahl. Dropped slot reservation
  scheme for actions. Fixed indentation and other minor formatting issues.

Changes since v4:
- Minor rewording.

Changes since v3:
- Splitted from DnD progress notification changes.
- Further rationales in commit log.

Changes since v2:
- Renamed notify_actions to set_actions on both sides, seems more consistent
  with the rest of the protocol.
- Spelled out better which events may be triggered on the compositor side
  by the requests, the circumstances in which events are emitted, and
  what are events useful for in clients.
- Defined a minimal common ground wrt compositor-side action picking and
  keybindings.
- Acknowledge the possibility of compositor/toolkit defined actions, even
  though none are used at the moment.
Changes since v1:
- Added wl_data_offer.source_actions to let know of the actions offered
  by a data source.
- Renamed wl_data_source.finished to "drag_finished" for clarity
- Improved wording as suggested by Bryce
Signed-off-by: Carlos Garnacho <carlosg@gnome.org>
Reviewed-by: Michael Catanzaro <mcatanzaro@igalia.com>
Reviewed-by: Mike Blumenkrantz <zmike@samsung.com>
Reviewed-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>