dbus/config: seal with session and system bus proxy

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
Ophestra 2024-09-09 21:13:00 +09:00
parent e5918ba3b3
commit 20c0e66d8f
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
2 changed files with 50 additions and 17 deletions

View File

@ -1,5 +1,10 @@
package dbus package dbus
import (
"errors"
"strings"
)
type Config struct { type Config struct {
// See set 'see' policy for NAME (--see=NAME) // See set 'see' policy for NAME (--see=NAME)
See []string `json:"see"` See []string `json:"see"`
@ -17,7 +22,7 @@ type Config struct {
Filter bool `json:"filter"` Filter bool `json:"filter"`
} }
func (c *Config) Args(address, path string) (args []string) { func (c *Config) Args(bus [2]string) (args []string) {
argc := 2 + len(c.See) + len(c.Talk) + len(c.Own) + len(c.Call) + len(c.Broadcast) argc := 2 + len(c.See) + len(c.Talk) + len(c.Own) + len(c.Call) + len(c.Broadcast)
if c.Log { if c.Log {
argc++ argc++
@ -27,7 +32,7 @@ func (c *Config) Args(address, path string) (args []string) {
} }
args = make([]string, 0, argc) args = make([]string, 0, argc)
args = append(args, address, path) args = append(args, bus[0], bus[1])
for _, name := range c.See { for _, name := range c.See {
args = append(args, "--see="+name) args = append(args, "--see="+name)
} }
@ -53,6 +58,23 @@ func (c *Config) Args(address, path string) (args []string) {
return return
} }
func (c *Config) buildSeal(seal *strings.Builder, bus [2]string) error {
for _, arg := range c.Args(bus) {
// reject argument strings containing null
for _, b := range arg {
if b == '\x00' {
return errors.New("argument contains null")
}
}
// write null terminated argument
seal.WriteString(arg)
seal.WriteByte('\x00')
}
return nil
}
// NewConfig returns a reference to a Config struct with optional defaults. // NewConfig returns a reference to a Config struct with optional defaults.
// If id is an empty string own defaults are omitted. // If id is an empty string own defaults are omitted.
func NewConfig(id string, defaults, mpris bool) (c *Config) { func NewConfig(id string, defaults, mpris bool) (c *Config) {

View File

@ -16,8 +16,9 @@ type Proxy struct {
statP [2]*os.File statP [2]*os.File
argsP [2]*os.File argsP [2]*os.File
address [2]string
path string path string
session [2]string
system [2]string
wait *chan error wait *chan error
read *chan error read *chan error
@ -28,6 +29,13 @@ type Proxy struct {
} }
func (p *Proxy) String() string { func (p *Proxy) String() string {
if p == nil {
return "(invalid dbus proxy)"
}
p.lock.RLock()
defer p.lock.RUnlock()
if p.cmd != nil { if p.cmd != nil {
return p.cmd.String() return p.cmd.String()
} }
@ -40,34 +48,37 @@ func (p *Proxy) String() string {
} }
// Seal seals the Proxy instance. // Seal seals the Proxy instance.
func (p *Proxy) Seal(c *Config) error { func (p *Proxy) Seal(session, system *Config) error {
p.lock.Lock() p.lock.Lock()
defer p.lock.Unlock() defer p.lock.Unlock()
if p.seal != nil { if p.seal != nil {
panic("dbus proxy sealed twice") panic("dbus proxy sealed twice")
} }
args := c.Args(p.address[0], p.address[1])
if session == nil && system == nil {
return errors.New("no configuration to seal")
}
seal := strings.Builder{} seal := strings.Builder{}
for _, arg := range args {
// reject argument strings containing null if session != nil {
for _, b := range arg { if err := session.buildSeal(&seal, p.session); err != nil {
if b == '\x00' { return err
return errors.New("argument contains null") }
}
if system != nil {
if err := system.buildSeal(&seal, p.system); err != nil {
return err
} }
} }
// write null terminated argument
seal.WriteString(arg)
seal.WriteByte('\x00')
}
v := seal.String() v := seal.String()
p.seal = &v p.seal = &v
return nil return nil
} }
// New returns a reference to a new unsealed Proxy. // New returns a reference to a new unsealed Proxy.
func New(binPath, address, path string) *Proxy { func New(binPath string, session, system [2]string) *Proxy {
return &Proxy{path: binPath, address: [2]string{address, path}} return &Proxy{path: binPath, session: session, system: system}
} }