From: Simon McVittie <smcv@collabora.com>
Date: Fri, 12 Jan 2018 19:55:41 +0000 (+0000)
Subject: containers: Include credentials of initiator in container instance info
X-Git-Tag: dbus-1.13.0~26
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1086acbd792c810c4ad643b319732a5060add6a9;p=thirdparty%2Fdbus.git

containers: Include credentials of initiator in container instance info

This provides the necessary information for services to make an
informed decision about how far they should trust the container type,
name and metadata fields.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104610
---

diff --git a/bus/containers.c b/bus/containers.c
index f9865706d..6eb327ff5 100644
--- a/bus/containers.c
+++ b/bus/containers.c
@@ -1130,6 +1130,7 @@ bus_containers_handle_get_connection_instance (DBusConnection *caller,
   DBusConnection *subject;
   DBusMessage *reply = NULL;
   DBusMessageIter writer;
+  DBusMessageIter arr_writer;
   const char *bus_name;
 
   _DBUS_ASSERT_ERROR_IS_CLEAR (error);
@@ -1169,6 +1170,25 @@ bus_containers_handle_get_connection_instance (DBusConnection *caller,
 
   if (!dbus_message_append_args (reply,
                                  DBUS_TYPE_OBJECT_PATH, &instance->path,
+                                 DBUS_TYPE_INVALID))
+    goto oom;
+
+  dbus_message_iter_init_append (reply, &writer);
+
+  if (!dbus_message_iter_open_container (&writer, DBUS_TYPE_ARRAY, "{sv}",
+                                         &arr_writer))
+    goto oom;
+
+  if (!bus_driver_fill_connection_credentials (instance->creator, &arr_writer))
+    {
+      dbus_message_iter_abandon_container (&writer, &arr_writer);
+      goto oom;
+    }
+
+  if (!dbus_message_iter_close_container (&writer, &arr_writer))
+    goto oom;
+
+  if (!dbus_message_append_args (reply,
                                  DBUS_TYPE_STRING, &instance->type,
                                  DBUS_TYPE_STRING, &instance->name,
                                  DBUS_TYPE_INVALID))
@@ -1206,6 +1226,7 @@ bus_containers_handle_get_instance_info (DBusConnection *connection,
   BusContainerInstance *instance = NULL;
   DBusMessage *reply = NULL;
   DBusMessageIter writer;
+  DBusMessageIter arr_writer;
   const char *path;
 
   if (!dbus_message_get_args (message, error,
@@ -1234,6 +1255,21 @@ bus_containers_handle_get_instance_info (DBusConnection *connection,
   if (reply == NULL)
     goto oom;
 
+  dbus_message_iter_init_append (reply, &writer);
+
+  if (!dbus_message_iter_open_container (&writer, DBUS_TYPE_ARRAY, "{sv}",
+                                         &arr_writer))
+    goto oom;
+
+  if (!bus_driver_fill_connection_credentials (instance->creator, &arr_writer))
+    {
+      dbus_message_iter_abandon_container (&writer, &arr_writer);
+      goto oom;
+    }
+
+  if (!dbus_message_iter_close_container (&writer, &arr_writer))
+    goto oom;
+
   if (!dbus_message_append_args (reply,
                                  DBUS_TYPE_STRING, &instance->type,
                                  DBUS_TYPE_STRING, &instance->name,
diff --git a/bus/driver.c b/bus/driver.c
index fab1a8bac..d07000292 100644
--- a/bus/driver.c
+++ b/bus/driver.c
@@ -2593,10 +2593,10 @@ static const MessageHandler containers_message_handlers[] = {
     METHOD_FLAG_NO_CONTAINERS },
   { "StopListening", "o", "", bus_containers_handle_stop_listening,
     METHOD_FLAG_NO_CONTAINERS },
-  { "GetConnectionInstance", "s", "ossa{sv}",
+  { "GetConnectionInstance", "s", "oa{sv}ssa{sv}",
     bus_containers_handle_get_connection_instance,
     METHOD_FLAG_NONE },
-  { "GetInstanceInfo", "o", "ssa{sv}", bus_containers_handle_get_instance_info,
+  { "GetInstanceInfo", "o", "a{sv}ssa{sv}", bus_containers_handle_get_instance_info,
     METHOD_FLAG_NONE },
   { NULL, NULL, NULL, NULL }
 };
diff --git a/test/containers.c b/test/containers.c
index 92e93ae68..0af4ec4c6 100644
--- a/test/containers.c
+++ b/test/containers.c
@@ -284,13 +284,16 @@ test_basic (Fixture *f,
 {
 #ifdef HAVE_CONTAINERS_TEST
   GVariant *asv;
+  GVariant *creator;
   GVariant *parameters;
+  GVariantDict dict;
   const gchar *confined_unique_name;
   const gchar *path_from_query;
   const gchar *manager_unique_name;
   const gchar *name;
   const gchar *name_owner;
   const gchar *type;
+  guint32 uid;
   GStatBuf stat_buf;
   GVariant *tuple;
 
@@ -361,14 +364,20 @@ test_basic (Fixture *f,
                                   G_DBUS_CALL_FLAGS_NONE, -1, NULL, &f->error);
   g_assert_no_error (f->error);
   g_assert_nonnull (tuple);
-  g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(ossa{sv})");
-  g_variant_get (tuple, "(&o&s&s@a{sv})", &path_from_query, &type, &name, &asv);
+  g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(oa{sv}ssa{sv})");
+  g_variant_get (tuple, "(&o@a{sv}&s&s@a{sv})",
+                 &path_from_query, &creator, &type, &name, &asv);
   g_assert_cmpstr (path_from_query, ==, f->instance_path);
+  g_variant_dict_init (&dict, creator);
+  g_assert_true (g_variant_dict_lookup (&dict, "UnixUserID", "u", &uid));
+  g_assert_cmpuint (uid, ==, _dbus_getuid ());
+  g_variant_dict_clear (&dict);
   g_assert_cmpstr (type, ==, "com.example.NotFlatpak");
   g_assert_cmpstr (name, ==, "sample-app");
   /* Trivial case: the metadata a{sv} is empty */
   g_assert_cmpuint (g_variant_n_children (asv), ==, 0);
   g_clear_pointer (&asv, g_variant_unref);
+  g_clear_pointer (&creator, g_variant_unref);
   g_clear_pointer (&tuple, g_variant_unref);
 
   g_test_message ("Inspecting container instance info");
@@ -377,13 +386,18 @@ test_basic (Fixture *f,
                                   G_DBUS_CALL_FLAGS_NONE, -1, NULL, &f->error);
   g_assert_no_error (f->error);
   g_assert_nonnull (tuple);
-  g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(ssa{sv})");
-  g_variant_get (tuple, "(&s&s@a{sv})", &type, &name, &asv);
+  g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(a{sv}ssa{sv})");
+  g_variant_get (tuple, "(@a{sv}&s&s@a{sv})", &creator, &type, &name, &asv);
+  g_variant_dict_init (&dict, creator);
+  g_assert_true (g_variant_dict_lookup (&dict, "UnixUserID", "u", &uid));
+  g_assert_cmpuint (uid, ==, _dbus_getuid ());
+  g_variant_dict_clear (&dict);
   g_assert_cmpstr (type, ==, "com.example.NotFlatpak");
   g_assert_cmpstr (name, ==, "sample-app");
   /* Trivial case: the metadata a{sv} is empty */
   g_assert_cmpuint (g_variant_n_children (asv), ==, 0);
   g_clear_pointer (&asv, g_variant_unref);
+  g_clear_pointer (&creator, g_variant_unref);
   g_clear_pointer (&tuple, g_variant_unref);
 
   /* Check that the socket is cleaned up when the dbus-daemon is terminated */
@@ -454,6 +468,7 @@ test_metadata (Fixture *f,
 {
 #ifdef HAVE_CONTAINERS_TEST
   GVariant *asv;
+  GVariant *creator;
   GVariant *tuple;
   GVariant *parameters;
   GVariantDict dict;
@@ -461,6 +476,7 @@ test_metadata (Fixture *f,
   const gchar *path_from_query;
   const gchar *name;
   const gchar *type;
+  guint32 uid;
   guint u;
   gboolean b;
   const gchar *s;
@@ -519,9 +535,14 @@ test_metadata (Fixture *f,
                                   G_DBUS_CALL_FLAGS_NONE, -1, NULL, &f->error);
   g_assert_no_error (f->error);
   g_assert_nonnull (tuple);
-  g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(ossa{sv})");
-  g_variant_get (tuple, "(&o&s&s@a{sv})", &path_from_query, &type, &name, &asv);
+  g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(oa{sv}ssa{sv})");
+  g_variant_get (tuple, "(&o@a{sv}&s&s@a{sv})",
+                 &path_from_query, &creator, &type, &name, &asv);
   g_assert_cmpstr (path_from_query, ==, f->instance_path);
+  g_variant_dict_init (&dict, creator);
+  g_assert_true (g_variant_dict_lookup (&dict, "UnixUserID", "u", &uid));
+  g_assert_cmpuint (uid, ==, _dbus_getuid ());
+  g_variant_dict_clear (&dict);
   g_assert_cmpstr (type, ==, "org.example.Springwatch");
   g_assert_cmpstr (name, ==, "");
   g_variant_dict_init (&dict, asv);
@@ -534,6 +555,7 @@ test_metadata (Fixture *f,
   g_variant_dict_clear (&dict);
   g_assert_cmpuint (g_variant_n_children (asv), ==, 3);
   g_clear_pointer (&asv, g_variant_unref);
+  g_clear_pointer (&creator, g_variant_unref);
   g_clear_pointer (&tuple, g_variant_unref);
 
   g_test_message ("Inspecting container instance info");
@@ -542,8 +564,12 @@ test_metadata (Fixture *f,
                                   G_DBUS_CALL_FLAGS_NONE, -1, NULL, &f->error);
   g_assert_no_error (f->error);
   g_assert_nonnull (tuple);
-  g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(ssa{sv})");
-  g_variant_get (tuple, "(&s&s@a{sv})", &type, &name, &asv);
+  g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(a{sv}ssa{sv})");
+  g_variant_get (tuple, "(@a{sv}&s&s@a{sv})", &creator, &type, &name, &asv);
+  g_variant_dict_init (&dict, creator);
+  g_assert_true (g_variant_dict_lookup (&dict, "UnixUserID", "u", &uid));
+  g_assert_cmpuint (uid, ==, _dbus_getuid ());
+  g_variant_dict_clear (&dict);
   g_assert_cmpstr (type, ==, "org.example.Springwatch");
   g_assert_cmpstr (name, ==, "");
   g_variant_dict_init (&dict, asv);
@@ -556,6 +582,7 @@ test_metadata (Fixture *f,
   g_variant_dict_clear (&dict);
   g_assert_cmpuint (g_variant_n_children (asv), ==, 3);
   g_clear_pointer (&asv, g_variant_unref);
+  g_clear_pointer (&creator, g_variant_unref);
   g_clear_pointer (&tuple, g_variant_unref);
 
 #else /* !HAVE_CONTAINERS_TEST */