Compare commits

...

No commits in common. "c8" and "c10s" have entirely different histories.
c8 ... c10s

28 changed files with 97 additions and 3873 deletions

9
.gitignore vendored
View File

@ -1,2 +1,7 @@
SOURCES/spice-vdagent-0.20.0.tar.bz2
SOURCES/victortoso-E37A484F.keyring
/spice-vdagent-*.tar.bz2
/spice-vdagent-0.20.0.tar.bz2.sig
/victortoso-E37A484F.keyring
/jrope-7FDAB9AF.keyring
/spice-vdagent-0.21.0.tar.bz2.sig
/spice-vdagent-0.22.0.tar.bz2.sig
/spice-vdagent-0.22.1.tar.bz2.sig

View File

@ -1,2 +0,0 @@
93f67af0586f22af31074b47521e9a1953a5ce58 SOURCES/spice-vdagent-0.20.0.tar.bz2
da7a529db1ea28a1540c5892ea9836abeb378c3e SOURCES/victortoso-E37A484F.keyring

View File

@ -1,104 +0,0 @@
From 51489290e7fbd771907751990eda719199ff491e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Jank=C5=AF?= <jjanku@redhat.com>
Date: Fri, 20 Mar 2020 10:36:03 +0100
Subject: [PATCH 1/4] vdagentd: work around GLib's fork issues
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Creating threads is not compatible with forking as only the thread
that calls fork() is inherited.
Handlers registered with g_unix_signal_add() create a thread so
move these calls after fork.
Also call g_socket_service_start() after fork to avoid creation of
new threads before it is necessary.
Fixes: https://gitlab.freedesktop.org/spice/linux/vd_agent/issues/18
Also see: https://gitlab.gnome.org/GNOME/glib/issues/2073
Signed-off-by: Jakub Janků <jjanku@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
(cherry picked from commit 9b8c0ebb9fb573e6ce3c5416371509f416503d0c)
---
src/udscs.c | 6 ++++++
src/udscs.h | 2 ++
src/vdagentd/vdagentd.c | 9 +++++----
3 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/src/udscs.c b/src/udscs.c
index 4de75f8..7c99eed 100644
--- a/src/udscs.c
+++ b/src/udscs.c
@@ -186,6 +186,7 @@ struct udscs_server *udscs_server_new(
server->read_callback = read_callback;
server->error_cb = error_cb;
server->service = g_socket_service_new();
+ g_socket_service_stop(server->service);
g_signal_connect(server->service, "incoming",
G_CALLBACK(udscs_server_accept_cb), server);
@@ -223,6 +224,11 @@ void udscs_server_listen_to_address(struct udscs_server *server,
g_object_unref(sock_addr);
}
+void udscs_server_start(struct udscs_server *server)
+{
+ g_socket_service_start(server->service);
+}
+
void udscs_server_destroy_connection(struct udscs_server *server,
UdscsConnection *conn)
{
diff --git a/src/udscs.h b/src/udscs.h
index 45ebd3f..4f7ea36 100644
--- a/src/udscs.h
+++ b/src/udscs.h
@@ -98,6 +98,8 @@ void udscs_server_listen_to_address(struct udscs_server *server,
const gchar *addr,
GError **err);
+void udscs_server_start(struct udscs_server *server);
+
void udscs_server_destroy_connection(struct udscs_server *server,
UdscsConnection *conn);
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
index cfd0a51..1b63ec8 100644
--- a/src/vdagentd/vdagentd.c
+++ b/src/vdagentd/vdagentd.c
@@ -1184,10 +1184,6 @@ int main(int argc, char *argv[])
uinput_device = g_strdup(DEFAULT_UINPUT_DEVICE);
}
- g_unix_signal_add(SIGINT, signal_handler, NULL);
- g_unix_signal_add(SIGHUP, signal_handler, NULL);
- g_unix_signal_add(SIGTERM, signal_handler, NULL);
-
openlog("spice-vdagentd", do_daemonize ? 0 : LOG_PERROR, LOG_USER);
/* Setup communication with vdagent process(es) */
@@ -1240,6 +1236,10 @@ int main(int argc, char *argv[])
}
#endif
+ g_unix_signal_add(SIGINT, signal_handler, NULL);
+ g_unix_signal_add(SIGHUP, signal_handler, NULL);
+ g_unix_signal_add(SIGTERM, signal_handler, NULL);
+
if (want_session_info)
session_info = session_info_create(debug);
if (session_info) {
@@ -1252,6 +1252,7 @@ int main(int argc, char *argv[])
active_xfers = g_hash_table_new(g_direct_hash, g_direct_equal);
+ udscs_server_start(server);
loop = g_main_loop_new(NULL, FALSE);
g_main_loop_run(loop);
--
2.26.1

View File

@ -1,45 +0,0 @@
From 3bcba789b9c5f776aa5f43b5783ef41befee62a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Jank=C5=AF?= <jjanku@redhat.com>
Date: Fri, 20 Mar 2020 17:18:32 +0100
Subject: [PATCH 2/4] vdagentd: init static uinput before fork
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Otherwise the caller doesn't know that the init failed
because we're returning 0 in the parent and 1 in child.
Signed-off-by: Jakub Janků <jjanku@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
(cherry picked from commit 7b0435ef66af088c1a1be20b6bc6b0fcb76e4e1a)
---
src/vdagentd/vdagentd.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
index 1b63ec8..753c9bf 100644
--- a/src/vdagentd/vdagentd.c
+++ b/src/vdagentd/vdagentd.c
@@ -1224,9 +1224,6 @@ int main(int argc, char *argv[])
}
}
- if (do_daemonize)
- daemonize();
-
#ifdef WITH_STATIC_UINPUT
uinput = vdagentd_uinput_create(uinput_device, 1024, 768, NULL, 0,
debug > 1, uinput_fake);
@@ -1236,6 +1233,9 @@ int main(int argc, char *argv[])
}
#endif
+ if (do_daemonize)
+ daemonize();
+
g_unix_signal_add(SIGINT, signal_handler, NULL);
g_unix_signal_add(SIGHUP, signal_handler, NULL);
g_unix_signal_add(SIGTERM, signal_handler, NULL);
--
2.26.1

View File

@ -1,35 +0,0 @@
From 823d743394f5696887ed1622623f45f7190d59bf Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <fziglio@redhat.com>
Date: Thu, 26 Mar 2020 11:31:50 +0000
Subject: [PATCH 3/4] systemd-login: Avoid a crash on container
On containers dbus could be not running.
In this case dbus.system_connection is NULL and calling
dbus_connection_close on it will cause a crash.
This happens also under Gitlab CI.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Victor Toso <victortoso@redhat.com>
(cherry picked from commit 5654f4d2f90f95efd1f0ca70b438a3ab81022d15)
---
src/vdagentd/systemd-login.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/vdagentd/systemd-login.c b/src/vdagentd/systemd-login.c
index 0b8f3c1..2d2311c 100644
--- a/src/vdagentd/systemd-login.c
+++ b/src/vdagentd/systemd-login.c
@@ -250,7 +250,9 @@ void session_info_destroy(struct session_info *si)
return;
si_dbus_match_remove(si);
- dbus_connection_close(si->dbus.system_connection);
+ if (si->dbus.system_connection) {
+ dbus_connection_close(si->dbus.system_connection);
+ }
sd_login_monitor_unref(si->mon);
g_free(si->session);
g_free(si);
--
2.26.1

View File

@ -1,31 +0,0 @@
From 7a9ae6219c5a114edcfd1ccb5db04568e47c94aa Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <freddy77@gmail.com>
Date: Mon, 11 May 2020 10:47:49 +0100
Subject: [PATCH 4/4] Fix possible compile error using former GLib2 version
We require GLib 2.50 but G_SOURCE_FUNC was introduced in version
2.58. Do the conversion instead of using G_SOURCE_FUNC macro.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Victor Toso <victortoso@redhat.com>
(cherry picked from commit d0b5f80adaef757ebfa81d1ab1c6561697243dc9)
---
src/vdagent-connection.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/vdagent-connection.c b/src/vdagent-connection.c
index 8c023e2..c085d81 100644
--- a/src/vdagent-connection.c
+++ b/src/vdagent-connection.c
@@ -231,7 +231,7 @@ void vdagent_connection_write(VDAgentConnection *self,
out = G_POLLABLE_OUTPUT_STREAM(g_io_stream_get_output_stream(priv->io_stream));
source = g_pollable_output_stream_create_source(out, priv->cancellable);
- g_source_set_callback(source, G_SOURCE_FUNC(out_stream_ready_cb),
+ g_source_set_callback(source, (GSourceFunc) out_stream_ready_cb,
g_object_ref(self), NULL);
g_source_attach(source, NULL);
g_source_unref(source);
--
2.26.1

View File

@ -1,107 +0,0 @@
From 4bb11e214304209e37afe4bf324a7ce9e56f351c Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <freddy77@gmail.com>
Date: Mon, 21 Sep 2020 06:53:45 +0100
Subject: [PATCH vd_agent_linux 05/17] vdagentd: Use bool for
agent_owns_clipboard and client_connected
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
More clear (instaed of 0/1) and save some bytes.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Jakub Janků <jjanku@redhat.com>
---
src/vdagentd/vdagentd.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
index 753c9bf..051de74 100644
--- a/src/vdagentd/vdagentd.c
+++ b/src/vdagentd/vdagentd.c
@@ -23,6 +23,7 @@
#include <stdio.h>
#include <stdlib.h>
+#include <stdbool.h>
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
@@ -77,9 +78,9 @@ static int capabilities_size = 0;
static const char *active_session = NULL;
static unsigned int session_count = 0;
static UdscsConnection *active_session_conn = NULL;
-static int agent_owns_clipboard[256] = { 0, };
+static bool agent_owns_clipboard[256] = { false, };
static int retval = 0;
-static int client_connected = 0;
+static bool client_connected = false;
static int max_clipboard = -1;
static uint32_t clipboard_serial[256];
@@ -155,7 +156,7 @@ static void do_client_disconnect(void)
if (client_connected) {
udscs_server_write_all(server, VDAGENTD_CLIENT_DISCONNECTED, 0, 0,
NULL, 0);
- client_connected = 0;
+ client_connected = false;
}
}
@@ -239,7 +240,7 @@ static void do_client_capabilities(VirtioPort *vport,
do_client_disconnect();
if (debug)
syslog(LOG_DEBUG, "New client connected");
- client_connected = 1;
+ client_connected = true;
memset(clipboard_serial, 0, sizeof(clipboard_serial));
send_capabilities(vport, 0);
}
@@ -286,7 +287,7 @@ static void do_client_clipboard(VirtioPort *vport,
}
msg_type = VDAGENTD_CLIPBOARD_GRAB;
- agent_owns_clipboard[selection] = 0;
+ agent_owns_clipboard[selection] = false;
break;
case VD_AGENT_CLIPBOARD_REQUEST: {
VDAgentClipboardRequest *req = (VDAgentClipboardRequest *)data;
@@ -624,7 +625,7 @@ static void virtio_port_read_complete(
static void virtio_port_error_cb(VDAgentConnection *conn, GError *err)
{
- gboolean old_client_connected = client_connected;
+ bool old_client_connected = client_connected;
syslog(LOG_CRIT, "AIIEEE lost spice client connection, reconnecting (err: %s)",
err ? err->message : "");
g_clear_error(&err);
@@ -717,7 +718,7 @@ static void do_agent_clipboard(UdscsConnection *conn,
switch (header->type) {
case VDAGENTD_CLIPBOARD_GRAB:
msg_type = VD_AGENT_CLIPBOARD_GRAB;
- agent_owns_clipboard[selection] = 1;
+ agent_owns_clipboard[selection] = true;
break;
case VDAGENTD_CLIPBOARD_REQUEST:
msg_type = VD_AGENT_CLIPBOARD_REQUEST;
@@ -737,7 +738,7 @@ static void do_agent_clipboard(UdscsConnection *conn,
case VDAGENTD_CLIPBOARD_RELEASE:
msg_type = VD_AGENT_CLIPBOARD_RELEASE;
size = 0;
- agent_owns_clipboard[selection] = 0;
+ agent_owns_clipboard[selection] = false;
break;
default:
syslog(LOG_WARNING, "unexpected clipboard message type");
@@ -851,7 +852,7 @@ static void release_clipboards(void)
vdagent_virtio_port_write(virtio_port, VDP_CLIENT_PORT,
VD_AGENT_CLIPBOARD_RELEASE, 0, &sel, 1);
}
- agent_owns_clipboard[sel] = 0;
+ agent_owns_clipboard[sel] = false;
}
}
--
2.26.2

View File

@ -1,72 +0,0 @@
From 21fbcf665a7ad6b761e9342d116657d5c2353592 Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <freddy77@gmail.com>
Date: Mon, 21 Sep 2020 07:00:39 +0100
Subject: [PATCH vd_agent_linux 06/17] vdagentd: Automatically release
"agent_data"
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
It's not guaranteed that agent_disconnect will release the connection
so avoid to have a dandling pointer.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Jakub Janků <jjanku@redhat.com>
---
src/vdagentd/vdagentd.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
index 051de74..94b8681 100644
--- a/src/vdagentd/vdagentd.c
+++ b/src/vdagentd/vdagentd.c
@@ -86,6 +86,13 @@ static uint32_t clipboard_serial[256];
static GMainLoop *loop;
+static void agent_data_destroy(struct agent_data *agent_data)
+{
+ g_free(agent_data->session);
+ g_free(agent_data->screen_info);
+ g_free(agent_data);
+}
+
static void vdagentd_quit(gint exit_code)
{
retval = exit_code;
@@ -930,7 +937,7 @@ static void agent_connect(UdscsConnection *conn)
syslog(LOG_ERR, "Could not get peer PID, disconnecting new client: %s",
err->message);
g_error_free(err);
- g_free(agent_data);
+ agent_data_destroy(agent_data);
udscs_server_destroy_connection(server, conn);
return;
}
@@ -938,7 +945,8 @@ static void agent_connect(UdscsConnection *conn)
agent_data->session = session_info_session_for_pid(session_info, pid);
}
- g_object_set_data(G_OBJECT(conn), "agent_data", agent_data);
+ g_object_set_data_full(G_OBJECT(conn), "agent_data", agent_data,
+ (GDestroyNotify) agent_data_destroy);
udscs_write(conn, VDAGENTD_VERSION, 0, 0,
(uint8_t *)VERSION, strlen(VERSION) + 1);
update_active_session_connection(conn);
@@ -951,13 +959,8 @@ static void agent_connect(UdscsConnection *conn)
static void agent_disconnect(VDAgentConnection *conn, GError *err)
{
- struct agent_data *agent_data = g_object_get_data(G_OBJECT(conn), "agent_data");
-
g_hash_table_foreach_remove(active_xfers, remove_active_xfers, conn);
- g_clear_pointer(&agent_data->session, g_free);
- g_free(agent_data->screen_info);
- g_free(agent_data);
if (err) {
syslog(LOG_ERR, "%s", err->message);
g_error_free(err);
--
2.26.2

View File

@ -1,34 +0,0 @@
From ac89076d412f67aa7122a9fb786af32eb5f87d5d Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <freddy77@gmail.com>
Date: Tue, 22 Sep 2020 11:45:56 +0100
Subject: [PATCH vd_agent_linux 07/17] vdagent-connection: Pass "err" to
g_credentials_get_unix_pid
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Allows to return detailed information if g_credentials_get_unix_pid
fails.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Julien Ropé <jrope@redhat.com>
---
src/vdagent-connection.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/vdagent-connection.c b/src/vdagent-connection.c
index 8c023e2..b1d4db6 100644
--- a/src/vdagent-connection.c
+++ b/src/vdagent-connection.c
@@ -155,7 +155,7 @@ gint vdagent_connection_get_peer_pid(VDAgentConnection *self,
sock = g_socket_connection_get_socket(G_SOCKET_CONNECTION(priv->io_stream));
cred = g_socket_get_credentials(sock, err);
if (cred) {
- pid = g_credentials_get_unix_pid(cred, NULL);
+ pid = g_credentials_get_unix_pid(cred, err);
g_object_unref(cred);
}
--
2.26.2

View File

@ -1,44 +0,0 @@
From 64289e71a1b2a9dc6868eb810cf93ca8c0644693 Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <freddy77@gmail.com>
Date: Mon, 21 Sep 2020 16:42:26 +0100
Subject: [PATCH vd_agent_linux 08/17] vdagentd: Better check for
vdagent_connection_get_peer_pid results
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The function can return -1 and leave "err" to NULL in some cases,
do not check only for "err".
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Julien Ropé <jrope@redhat.com>
---
src/vdagentd/vdagentd.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
index 94b8681..12cbbd0 100644
--- a/src/vdagentd/vdagentd.c
+++ b/src/vdagentd/vdagentd.c
@@ -933,10 +933,14 @@ static void agent_connect(UdscsConnection *conn)
if (session_info) {
pid = vdagent_connection_get_peer_pid(VDAGENT_CONNECTION(conn), &err);
- if (err) {
- syslog(LOG_ERR, "Could not get peer PID, disconnecting new client: %s",
- err->message);
- g_error_free(err);
+ if (err || pid <= 0) {
+ static const char msg[] = "Could not get peer PID, disconnecting new client";
+ if (err) {
+ syslog(LOG_ERR, "%s: %s", msg, err->message);
+ g_error_free(err);
+ } else {
+ syslog(LOG_ERR, "%s", msg);
+ }
agent_data_destroy(agent_data);
udscs_server_destroy_connection(server, conn);
return;
--
2.26.2

View File

@ -1,49 +0,0 @@
From dd46157d3faa95a12fc6f04cd2515f200e3ca465 Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <freddy77@gmail.com>
Date: Thu, 24 Sep 2020 12:13:24 +0100
Subject: [PATCH vd_agent_linux 09/17] vdagentd: Avoid calling chmod
Create the socket with the right permissions using umask.
This also prevents possible symlink exploitation in case socket
path is not secure.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Uri Lublin <uril@redhat.com>
---
src/vdagentd/vdagentd.c | 12 ++----------
1 file changed, 2 insertions(+), 10 deletions(-)
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
index 12cbbd0..eddfcf6 100644
--- a/src/vdagentd/vdagentd.c
+++ b/src/vdagentd/vdagentd.c
@@ -1211,7 +1211,9 @@ int main(int argc, char *argv[])
/* systemd socket activation not enabled, create our own */
#endif /* WITH_SYSTEMD_SOCKET_ACTIVATION */
{
+ mode_t mode = umask(0111);
udscs_server_listen_to_address(server, vdagentd_socket, &err);
+ umask(mode);
}
if (err) {
@@ -1222,16 +1224,6 @@ int main(int argc, char *argv[])
return 1;
}
- /* no need to set permissions on a socket that was provided by systemd */
- if (own_socket) {
- if (chmod(vdagentd_socket, 0666)) {
- syslog(LOG_CRIT, "Fatal could not change permissions on %s: %m",
- vdagentd_socket);
- udscs_destroy_server(server);
- return 1;
- }
- }
-
#ifdef WITH_STATIC_UINPUT
uinput = vdagentd_uinput_create(uinput_device, 1024, 768, NULL, 0,
debug > 1, uinput_fake);
--
2.26.2

View File

@ -1,84 +0,0 @@
From 956608c1344f185e39294004b64906a7e1b5c14c Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <freddy77@gmail.com>
Date: Sat, 19 Sep 2020 15:13:42 +0100
Subject: [PATCH vd_agent_linux 10/17] Avoids unchecked file transfer IDs
allocation and usage
Avoid agents allocating file transfers.
The "active_xfers" entries are now inserted when client start sending
files.
Also different agents cannot mess with other agent transfers as a
transfer is bound to a single agent.
This issue was reported by SUSE security team.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Uri Lublin <uril@redhat.com>
---
src/vdagentd/vdagentd.c | 28 ++++++++++++++++++++++------
1 file changed, 22 insertions(+), 6 deletions(-)
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
index eddfcf6..8961a99 100644
--- a/src/vdagentd/vdagentd.c
+++ b/src/vdagentd/vdagentd.c
@@ -381,9 +381,11 @@ static void do_client_file_xfer(VirtioPort *vport,
s->id, VD_AGENT_FILE_XFER_STATUS_SESSION_LOCKED, NULL, 0);
return;
}
- udscs_write(active_session_conn, VDAGENTD_FILE_XFER_START, 0, 0,
- data, message_header->size);
- return;
+ msg_type = VDAGENTD_FILE_XFER_START;
+ id = s->id;
+ // associate the id with the active connection
+ g_hash_table_insert(active_xfers, GUINT_TO_POINTER(id), active_session_conn);
+ break;
}
case VD_AGENT_FILE_XFER_STATUS: {
VDAgentFileXferStatusMessage *s = (VDAgentFileXferStatusMessage *)data;
@@ -408,6 +410,12 @@ static void do_client_file_xfer(VirtioPort *vport,
return;
}
udscs_write(conn, msg_type, 0, 0, data, message_header->size);
+
+ // client told that transfer is ended, agents too stop the transfer
+ // and release resources
+ if (message_header->type == VD_AGENT_FILE_XFER_STATUS) {
+ g_hash_table_remove(active_xfers, GUINT_TO_POINTER(id));
+ }
}
static void forward_data_to_session_agent(uint32_t type, uint8_t *data, size_t size)
@@ -1015,6 +1023,15 @@ static void do_agent_file_xfer_status(UdscsConnection *conn,
const gchar *log_msg = NULL;
guint data_size = 0;
+ UdscsConnection *task_conn = g_hash_table_lookup(active_xfers, task_id);
+ if (task_conn == NULL || task_conn != conn) {
+ // Protect against misbehaving agent.
+ // Ignore the message, but do not disconnect the agent, to protect against
+ // a misbehaving client that tries to disconnect a good agent
+ // e.g. by sending a new task and immediately cancelling it.
+ return;
+ }
+
/* header->arg1 = file xfer task id, header->arg2 = file xfer status */
switch (header->arg2) {
case VD_AGENT_FILE_XFER_STATUS_NOT_ENOUGH_SPACE:
@@ -1029,10 +1046,9 @@ static void do_agent_file_xfer_status(UdscsConnection *conn,
send_file_xfer_status(virtio_port, log_msg, header->arg1, header->arg2,
data, data_size);
- if (header->arg2 == VD_AGENT_FILE_XFER_STATUS_CAN_SEND_DATA)
- g_hash_table_insert(active_xfers, task_id, conn);
- else
+ if (header->arg2 != VD_AGENT_FILE_XFER_STATUS_CAN_SEND_DATA) {
g_hash_table_remove(active_xfers, task_id);
+ }
}
static void agent_read_complete(UdscsConnection *conn,
--
2.26.2

View File

@ -1,61 +0,0 @@
From b173eba1698138f92b08d4deeaac4d2979a67bbf Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <freddy77@gmail.com>
Date: Fri, 2 Oct 2020 12:27:59 +0100
Subject: [PATCH vd_agent_linux 11/17] Avoids uncontrolled "active_xfers"
allocations
Limit the number of active file transfers possibly causing DoSes
consuming memory in "active_xfers".
This issue was reported by SUSE security team.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Uri Lublin <uril@redhat.com>
---
src/vdagentd/vdagentd.c | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
index 8961a99..b31941d 100644
--- a/src/vdagentd/vdagentd.c
+++ b/src/vdagentd/vdagentd.c
@@ -47,6 +47,14 @@
#define DEFAULT_UINPUT_DEVICE "/dev/uinput"
+// Maximum number of transfers active at any time.
+// Avoid DoS from client.
+// As each transfer could likely end up taking a file descriptor
+// it is good to have a limit less than the number of file descriptors
+// in the process (by default 1024). The daemon do not open file
+// descriptors for the transfers but the agents do.
+#define MAX_ACTIVE_TRANSFERS 128
+
struct agent_data {
char *session;
int width;
@@ -380,6 +388,21 @@ static void do_client_file_xfer(VirtioPort *vport,
"Cancelling client file-xfer request %u",
s->id, VD_AGENT_FILE_XFER_STATUS_SESSION_LOCKED, NULL, 0);
return;
+ } else if (g_hash_table_size(active_xfers) >= MAX_ACTIVE_TRANSFERS) {
+ VDAgentFileXferStatusError error = {
+ GUINT32_TO_LE(VD_AGENT_FILE_XFER_STATUS_ERROR_GLIB_IO),
+ GUINT32_TO_LE(G_IO_ERROR_TOO_MANY_OPEN_FILES),
+ };
+ size_t detail_size = sizeof(error);
+ if (!VD_AGENT_HAS_CAPABILITY(capabilities, capabilities_size,
+ VD_AGENT_CAP_FILE_XFER_DETAILED_ERRORS)) {
+ detail_size = 0;
+ }
+ send_file_xfer_status(vport,
+ "Too many transfers ongoing. "
+ "Cancelling client file-xfer request %u",
+ s->id, VD_AGENT_FILE_XFER_STATUS_ERROR, (void*) &error, detail_size);
+ return;
}
msg_type = VDAGENTD_FILE_XFER_START;
id = s->id;
--
2.26.2

View File

@ -1,50 +0,0 @@
From 6e5b9924b172be4f33c7fc264a8ff1d6109b79fe Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <freddy77@gmail.com>
Date: Sun, 20 Sep 2020 08:05:37 +0100
Subject: [PATCH vd_agent_linux 12/17] Avoids unlimited agent connections
Limit the number of agents that can be connected.
Avoids reaching the maximum number of files in a process.
Beside one file descriptor per agent the daemon open just some
other fixed number of files.
This issue was reported by SUSE security team.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
---
src/udscs.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/udscs.c b/src/udscs.c
index 7c99eed..3df67b3 100644
--- a/src/udscs.c
+++ b/src/udscs.c
@@ -30,6 +30,12 @@
#include "vdagentd-proto-strings.h"
#include "vdagent-connection.h"
+// Maximum number of connected agents.
+// Avoid DoS from agents.
+// As each connection end up taking a file descriptor is good to have a limit
+// less than the number of file descriptors in the process (by default 1024).
+#define MAX_CONNECTED_AGENTS 128
+
struct _UdscsConnection {
VDAgentConnection parent_instance;
int debug;
@@ -254,6 +260,12 @@ static gboolean udscs_server_accept_cb(GSocketService *service,
struct udscs_server *server = user_data;
UdscsConnection *new_conn;
+ /* prevents DoS having too many agents attached */
+ if (g_list_length(server->connections) >= MAX_CONNECTED_AGENTS) {
+ syslog(LOG_ERR, "Too many agents connected");
+ return TRUE;
+ }
+
new_conn = g_object_new(UDSCS_TYPE_CONNECTION, NULL);
new_conn->debug = server->debug;
new_conn->read_callback = server->read_callback;
--
2.26.2

View File

@ -1,144 +0,0 @@
From 5d9881309d0aeeebbc177d8af6dc26aa2ba56cfc Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <freddy77@gmail.com>
Date: Sun, 20 Sep 2020 08:06:16 +0100
Subject: [PATCH vd_agent_linux 13/17] Avoids user session hijacking
Avoids user hijacking sessions by reusing PID.
In theory an attacker could:
- open a connection to the daemon;
- fork and exit the process but keep the file descriptor open
(inheriting or duplicating it in forked process);
- force OS to recycle the initial PID, by creating many short lived
processes.
Daemon would detect the old PID as having the new session.
Check the user to avoid such replacements.
This issue was reported by SUSE security team.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Uri Lublin <uril@redhat.com>
---
src/vdagent-connection.c | 13 +++++++------
src/vdagent-connection.h | 13 +++++++++----
src/vdagentd/vdagentd.c | 31 +++++++++++++++++++++++++++----
3 files changed, 43 insertions(+), 14 deletions(-)
diff --git a/src/vdagent-connection.c b/src/vdagent-connection.c
index b1d4db6..fb331be 100644
--- a/src/vdagent-connection.c
+++ b/src/vdagent-connection.c
@@ -142,24 +142,25 @@ void vdagent_connection_destroy(gpointer p)
g_object_unref(self);
}
-gint vdagent_connection_get_peer_pid(VDAgentConnection *self,
- GError **err)
+PidUid vdagent_connection_get_peer_pid_uid(VDAgentConnection *self,
+ GError **err)
{
VDAgentConnectionPrivate *priv = vdagent_connection_get_instance_private(self);
GSocket *sock;
GCredentials *cred;
- gint pid = -1;
+ PidUid pid_uid = { -1, -1 };
- g_return_val_if_fail(G_IS_SOCKET_CONNECTION(priv->io_stream), pid);
+ g_return_val_if_fail(G_IS_SOCKET_CONNECTION(priv->io_stream), pid_uid);
sock = g_socket_connection_get_socket(G_SOCKET_CONNECTION(priv->io_stream));
cred = g_socket_get_credentials(sock, err);
if (cred) {
- pid = g_credentials_get_unix_pid(cred, err);
+ pid_uid.pid = g_credentials_get_unix_pid(cred, err);
+ pid_uid.uid = g_credentials_get_unix_user(cred, err);
g_object_unref(cred);
}
- return pid;
+ return pid_uid;
}
/* Performs single write operation,
diff --git a/src/vdagent-connection.h b/src/vdagent-connection.h
index 9d5a212..c515a79 100644
--- a/src/vdagent-connection.h
+++ b/src/vdagent-connection.h
@@ -92,10 +92,15 @@ void vdagent_connection_write(VDAgentConnection *self,
/* Synchronously write all queued messages to the output stream. */
void vdagent_connection_flush(VDAgentConnection *self);
-/* Returns the PID of the foreign process connected to the socket
- * or -1 with @err set. */
-gint vdagent_connection_get_peer_pid(VDAgentConnection *self,
- GError **err);
+typedef struct PidUid {
+ pid_t pid;
+ uid_t uid;
+} PidUid;
+
+/* Returns the PID and UID of the foreign process connected to the socket
+ * or fill @err set. */
+PidUid vdagent_connection_get_peer_pid_uid(VDAgentConnection *self,
+ GError **err);
G_END_DECLS
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
index b31941d..e98fbe5 100644
--- a/src/vdagentd/vdagentd.c
+++ b/src/vdagentd/vdagentd.c
@@ -955,16 +955,28 @@ static gboolean remove_active_xfers(gpointer key, gpointer value, gpointer conn)
return 0;
}
+/* Check a given process has a given UID */
+static bool check_uid_of_pid(pid_t pid, uid_t uid)
+{
+ char fn[128];
+ struct stat st;
+
+ snprintf(fn, sizeof(fn), "/proc/%u/status", (unsigned) pid);
+ if (stat(fn, &st) != 0 || st.st_uid != uid) {
+ return false;
+ }
+ return true;
+}
+
static void agent_connect(UdscsConnection *conn)
{
struct agent_data *agent_data;
agent_data = g_new0(struct agent_data, 1);
GError *err = NULL;
- gint pid;
if (session_info) {
- pid = vdagent_connection_get_peer_pid(VDAGENT_CONNECTION(conn), &err);
- if (err || pid <= 0) {
+ PidUid pid_uid = vdagent_connection_get_peer_pid_uid(VDAGENT_CONNECTION(conn), &err);
+ if (err || pid_uid.pid <= 0) {
static const char msg[] = "Could not get peer PID, disconnecting new client";
if (err) {
syslog(LOG_ERR, "%s: %s", msg, err->message);
@@ -977,7 +989,18 @@ static void agent_connect(UdscsConnection *conn)
return;
}
- agent_data->session = session_info_session_for_pid(session_info, pid);
+ agent_data->session = session_info_session_for_pid(session_info, pid_uid.pid);
+
+ /* Check that the UID of the PID did not change, this should be done after
+ * computing the session to avoid race conditions.
+ * This can happen as vdagent_connection_get_peer_pid_uid get information
+ * from the time of creating the socket, but the process in the meantime
+ * have been replaced */
+ if (!check_uid_of_pid(pid_uid.pid, pid_uid.uid)) {
+ agent_data_destroy(agent_data);
+ udscs_server_destroy_connection(server, conn);
+ return;
+ }
}
g_object_set_data_full(G_OBJECT(conn), "agent_data", agent_data,
--
2.26.2

View File

@ -1,164 +0,0 @@
From dc4d1b8e3e315933c82b23b2806a9cf973e78e78 Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <freddy77@gmail.com>
Date: Mon, 21 Sep 2020 07:06:09 +0100
Subject: [PATCH vd_agent_linux 14/17] Better check for sessions
Do not allow other users to hijack a session checking that
the process is launched by the owner of the session.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Uri Lublin <uril@redhat.com>
---
src/vdagentd/console-kit.c | 67 +++++++++++++++++++++++++++++++
src/vdagentd/dummy-session-info.c | 5 +++
src/vdagentd/session-info.h | 3 ++
src/vdagentd/systemd-login.c | 9 +++++
src/vdagentd/vdagentd.c | 10 ++++-
5 files changed, 93 insertions(+), 1 deletion(-)
diff --git a/src/vdagentd/console-kit.c b/src/vdagentd/console-kit.c
index fc630f1..09a8402 100644
--- a/src/vdagentd/console-kit.c
+++ b/src/vdagentd/console-kit.c
@@ -568,3 +568,70 @@ exit:
}
return ret;
}
+
+uid_t session_info_uid_for_session(struct session_info *info, const char *session)
+{
+ DBusError error;
+ DBusMessage *message = NULL;
+ DBusMessage *reply = NULL;
+ uint32_t uid;
+ uid_t ret = -1;
+ const char *err_msg;
+
+ g_return_val_if_fail(info != NULL, ret);
+ g_return_val_if_fail(info->connection != NULL, ret);
+ g_return_val_if_fail(info->active_session != NULL, ret);
+
+ dbus_error_init(&error);
+
+ err_msg = "(console-kit) Unable to create dbus message for GetUnixUser";
+ message = dbus_message_new_method_call(INTERFACE_CONSOLE_KIT,
+ session,
+ INTERFACE_CONSOLE_KIT_SESSION,
+ "GetUnixUser");
+ if (message == NULL) {
+ goto exit;
+ }
+
+ err_msg = "(console-kit) GetUnixUser failed";
+ reply = dbus_connection_send_with_reply_and_block(info->connection,
+ message,
+ -1,
+ &error);
+ if (reply == NULL || dbus_error_is_set(&error)) {
+ goto exit;
+ }
+
+ dbus_error_init(&error);
+ err_msg = "(console-kit) fail to get session-type from reply";
+ if (!dbus_message_get_args(reply,
+ &error,
+ DBUS_TYPE_UINT32, &uid,
+ DBUS_TYPE_INVALID)) {
+ goto exit;
+ }
+
+ if (info->verbose) {
+ syslog(LOG_DEBUG, "(console-kit) unix user is '%u'", (unsigned) uid);
+ }
+
+ err_msg = NULL;
+ ret = uid;
+
+exit:
+ if (err_msg) {
+ if (dbus_error_is_set(&error)) {
+ syslog(LOG_ERR, "%s: %s", err_msg, error.message);
+ dbus_error_free(&error);
+ } else {
+ syslog(LOG_ERR, "%s", err_msg);
+ }
+ }
+ if (reply != NULL) {
+ dbus_message_unref(reply);
+ }
+ if (message != NULL) {
+ dbus_message_unref(message);
+ }
+ return ret;
+}
diff --git a/src/vdagentd/dummy-session-info.c b/src/vdagentd/dummy-session-info.c
index 7fd1eea..137c01a 100644
--- a/src/vdagentd/dummy-session-info.c
+++ b/src/vdagentd/dummy-session-info.c
@@ -55,3 +55,8 @@ gboolean session_info_session_is_locked(G_GNUC_UNUSED struct session_info *si)
{
return FALSE;
}
+
+uid_t session_info_uid_for_session(struct session_info *si, const char *session)
+{
+ return -1;
+}
diff --git a/src/vdagentd/session-info.h b/src/vdagentd/session-info.h
index c8edb86..96aa8d3 100644
--- a/src/vdagentd/session-info.h
+++ b/src/vdagentd/session-info.h
@@ -40,4 +40,7 @@ char *session_info_session_for_pid(struct session_info *ck, uint32_t pid);
gboolean session_info_session_is_locked(struct session_info *si);
gboolean session_info_is_user(struct session_info *si);
+/* get owner of a given session */
+uid_t session_info_uid_for_session(struct session_info *si, const char *session);
+
#endif
diff --git a/src/vdagentd/systemd-login.c b/src/vdagentd/systemd-login.c
index 0b8f3c1..0e1ff3f 100644
--- a/src/vdagentd/systemd-login.c
+++ b/src/vdagentd/systemd-login.c
@@ -392,3 +392,12 @@ gboolean session_info_is_user(struct session_info *si)
return ret;
}
+
+uid_t session_info_uid_for_session(struct session_info *si, const char *session)
+{
+ uid_t ret = -1;
+ if (sd_session_get_uid(session, &ret) < 0) {
+ return -1;
+ }
+ return ret;
+}
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
index e98fbe5..bb39340 100644
--- a/src/vdagentd/vdagentd.c
+++ b/src/vdagentd/vdagentd.c
@@ -991,12 +991,20 @@ static void agent_connect(UdscsConnection *conn)
agent_data->session = session_info_session_for_pid(session_info, pid_uid.pid);
+ uid_t session_uid = session_info_uid_for_session(session_info, agent_data->session);
+
/* Check that the UID of the PID did not change, this should be done after
* computing the session to avoid race conditions.
* This can happen as vdagent_connection_get_peer_pid_uid get information
* from the time of creating the socket, but the process in the meantime
* have been replaced */
- if (!check_uid_of_pid(pid_uid.pid, pid_uid.uid)) {
+ if (!check_uid_of_pid(pid_uid.pid, pid_uid.uid) ||
+ /* Check that the user launching the Agent is the same as session one
+ * or root user.
+ * This prevents session hijacks from other users. */
+ (pid_uid.uid != 0 && pid_uid.uid != session_uid)) {
+ syslog(LOG_ERR, "UID mismatch: UID=%u PID=%u suid=%u", pid_uid.uid,
+ pid_uid.pid, session_uid);
agent_data_destroy(agent_data);
udscs_server_destroy_connection(server, conn);
return;
--
2.26.2

View File

@ -1,57 +0,0 @@
From 570b15e0ea71950ff14ddc2bf667e9e361720939 Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <freddy77@gmail.com>
Date: Thu, 24 Sep 2020 12:13:44 +0100
Subject: [PATCH vd_agent_linux 15/17] vdagentd: Limit number of agents per
session to 1
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Uri Lublin <uril@redhat.com>
---
src/vdagentd/vdagentd.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
index bb39340..5ef547e 100644
--- a/src/vdagentd/vdagentd.c
+++ b/src/vdagentd/vdagentd.c
@@ -955,6 +955,20 @@ static gboolean remove_active_xfers(gpointer key, gpointer value, gpointer conn)
return 0;
}
+/* Check if this connection matches the passed session */
+static int connection_matches_session(UdscsConnection *conn, void *priv)
+{
+ const char *session = priv;
+ const struct agent_data *agent_data = g_object_get_data(G_OBJECT(conn), "agent_data");
+
+ if (!agent_data || !agent_data->session ||
+ strcmp(agent_data->session, session) != 0) {
+ return 0;
+ }
+
+ return 1;
+}
+
/* Check a given process has a given UID */
static bool check_uid_of_pid(pid_t pid, uid_t uid)
{
@@ -1007,6 +1021,16 @@ static void agent_connect(UdscsConnection *conn)
udscs_server_destroy_connection(server, conn);
return;
}
+
+ // Check there are no other connection for this session
+ // Note that "conn" is not counted as "agent_data" is still not attached to it
+ if (udscs_server_for_all_clients(server, connection_matches_session,
+ agent_data->session) > 0) {
+ syslog(LOG_ERR, "An agent is already connected for this session");
+ agent_data_destroy(agent_data);
+ udscs_server_destroy_connection(server, conn);
+ return;
+ }
}
g_object_set_data_full(G_OBJECT(conn), "agent_data", agent_data,
--
2.26.2

View File

@ -1,27 +0,0 @@
From 1153bb8906377e155dccf730762b83f00a8d47c2 Mon Sep 17 00:00:00 2001
From: Uri Lublin <uril@redhat.com>
Date: Wed, 7 Oct 2020 19:34:57 +0300
Subject: [PATCH vd_agent_linux 16/17] cleanup active_xfers when the client
disconnects
Signed-off-by: Uri Lublin <uril@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
---
src/vdagentd/vdagentd.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
index 5ef547e..9243cfb 100644
--- a/src/vdagentd/vdagentd.c
+++ b/src/vdagentd/vdagentd.c
@@ -168,6 +168,7 @@ static void send_capabilities(VirtioPort *vport,
static void do_client_disconnect(void)
{
+ g_hash_table_remove_all(active_xfers);
if (client_connected) {
udscs_server_write_all(server, VDAGENTD_CLIENT_DISCONNECTED, 0, 0,
NULL, 0);
--
2.26.2

View File

@ -1,33 +0,0 @@
From 12708a0fc9f3da1d1cc492bb3a49844b02e76b40 Mon Sep 17 00:00:00 2001
From: Uri Lublin <uril@redhat.com>
Date: Sun, 11 Oct 2020 20:59:17 +0300
Subject: [PATCH vd_agent_linux 17/17] vdagentd: do not allow to use an already
used file-xfer id
Signed-off-by: Uri Lublin <uril@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
---
src/vdagentd/vdagentd.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
index 9243cfb..279e7c3 100644
--- a/src/vdagentd/vdagentd.c
+++ b/src/vdagentd/vdagentd.c
@@ -404,6 +404,13 @@ static void do_client_file_xfer(VirtioPort *vport,
"Cancelling client file-xfer request %u",
s->id, VD_AGENT_FILE_XFER_STATUS_ERROR, (void*) &error, detail_size);
return;
+ } else if (g_hash_table_lookup(active_xfers, GUINT_TO_POINTER(s->id)) != NULL) {
+ // id is already used -- client is confused
+ send_file_xfer_status(vport,
+ "File transfer ID is already used. "
+ "Cancelling client file-xfer request %u",
+ s->id, VD_AGENT_FILE_XFER_STATUS_ERROR, NULL, 0);
+ return;
}
msg_type = VDAGENTD_FILE_XFER_START;
id = s->id;
--
2.26.2

View File

@ -1,130 +0,0 @@
From a77b09e5d77e5cf1d4fdd38d018ecf164cd01df9 Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <freddy77@gmail.com>
Date: Tue, 20 Oct 2020 16:38:37 +0100
Subject: [PATCH 10/10] Add a test for session_info
Test from Uri, integrated in test suite.
Signed-off-by: Uri Lublin <uril@redhat.com>
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
---
Makefile.am | 30 ++++++++++++++++++++
tests/test-session-info.c | 58 +++++++++++++++++++++++++++++++++++++++
2 files changed, 88 insertions(+)
create mode 100644 tests/test-session-info.c
diff --git a/Makefile.am b/Makefile.am
index 575ba52..f4c65b4 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -109,13 +109,43 @@ src_spice_vdagentd_SOURCES = \
src/vdagentd/virtio-port.h \
$(NULL)
+tests_test_session_info_CFLAGS = \
+ $(DBUS_CFLAGS) \
+ $(LIBSYSTEMD_DAEMON_CFLAGS) \
+ $(LIBSYSTEMD_LOGIN_CFLAGS) \
+ $(SPICE_CFLAGS) \
+ $(GIO2_CFLAGS) \
+ -I$(srcdir)/src \
+ -I$(srcdir)/src/vdagentd \
+ -DUDSCS_NO_SERVER \
+ $(NULL)
+
+tests_test_session_info_LDADD = \
+ $(DBUS_LIBS) \
+ $(LIBSYSTEMD_DAEMON_LIBS) \
+ $(LIBSYSTEMD_LOGIN_LIBS) \
+ $(SPICE_LIBS) \
+ $(GIO2_LIBS) \
+ $(NULL)
+
+tests_test_session_info_SOURCES = \
+ $(common_sources) \
+ src/vdagentd/session-info.h \
+ tests/test-session-info.c \
+ $(NULL)
+
+check_PROGRAMS += tests/test-session-info
+
if HAVE_CONSOLE_KIT
src_spice_vdagentd_SOURCES += src/vdagentd/console-kit.c
+tests_test_session_info_SOURCES += src/vdagentd/console-kit.c
else
if HAVE_LIBSYSTEMD_LOGIN
src_spice_vdagentd_SOURCES += src/vdagentd/systemd-login.c
+tests_test_session_info_SOURCES += src/vdagentd/systemd-login.c
else
src_spice_vdagentd_SOURCES += src/vdagentd/dummy-session-info.c
+tests_test_session_info_SOURCES += src/vdagentd/dummy-session-info.c
endif
endif
diff --git a/tests/test-session-info.c b/tests/test-session-info.c
new file mode 100644
index 0000000..dae3ec6
--- /dev/null
+++ b/tests/test-session-info.c
@@ -0,0 +1,58 @@
+/* test-session-info.c - test session info
+
+ Copyright 2020 Red Hat, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+#include <config.h>
+
+#undef NDEBUG
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include "session-info.h"
+
+int main(int argc, char *argv[])
+{
+ int pid, uid, ck_uid;
+
+ pid = (int)getpid();
+
+ struct session_info *session_info = session_info_create(1);
+ if (session_info == NULL) {
+ return 1;
+ }
+
+ char *session = session_info_session_for_pid(session_info, pid);
+ if (session == NULL) {
+ session_info_destroy(session_info);
+ return 2;
+ }
+ ck_uid = session_info_uid_for_session(session_info, session);
+
+ free(session);
+ session_info_destroy(session_info);
+
+ uid = getuid();
+ printf("MAIN: uid is %d, ck_uid is %d\n", uid, ck_uid);
+
+ if (uid != ck_uid) {
+ fprintf(stderr, "MAIN: uid (%d) does not match console-kit uid %d\n", uid, ck_uid);
+ return 3;
+ }
+
+ return 0;
+}
--
2.28.0

File diff suppressed because it is too large Load Diff

View File

@ -1,62 +0,0 @@
From 1aa2c06015e15f707ba9f874d5a5ea49fd450745 Mon Sep 17 00:00:00 2001
From: Victor Toso <victortoso@redhat.com>
Date: Wed, 1 Dec 2021 20:07:22 +0100
Subject: [PATCH 20/21] vdagent: udscs: limit retry to connect to vdagentd
Related: https://bugzilla.redhat.com/show_bug.cgi?id=2005802
Related: https://bugzilla.redhat.com/show_bug.cgi?id=2028013
Signed-off-by: Victor Toso <victortoso@redhat.com>
---
src/vdagent/vdagent.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/src/vdagent/vdagent.c b/src/vdagent/vdagent.c
index fd08522..0d3945e 100644
--- a/src/vdagent/vdagent.c
+++ b/src/vdagent/vdagent.c
@@ -42,11 +42,14 @@
#include "clipboard.h"
#include "display.h"
+#define MAX_RETRY_CONNECT_SYSTEM_AGENT 60
+
typedef struct VDAgent {
VDAgentClipboards *clipboards;
VDAgentDisplay *display;
struct vdagent_file_xfers *xfers;
UdscsConnection *conn;
+ gint udscs_num_retry;
GMainLoop *loop;
} VDAgent;
@@ -378,9 +381,27 @@ static gboolean vdagent_init_async_cb(gpointer user_data)
daemon_read_complete, daemon_error_cb,
debug);
if (agent->conn == NULL) {
+ if (agent->udscs_num_retry == MAX_RETRY_CONNECT_SYSTEM_AGENT) {
+ syslog(LOG_WARNING,
+ "Failed to connect to spice-vdagentd at %s (tried %d times)",
+ vdagentd_socket, agent->udscs_num_retry);
+ goto err_init;
+ }
+ if (agent->udscs_num_retry == 0) {
+ /* Log only when it fails and at the end */
+ syslog(LOG_DEBUG,
+ "Failed to connect with spice-vdagentd. Trying again in 1s");
+ }
+ agent->udscs_num_retry++;
g_timeout_add_seconds(1, vdagent_init_async_cb, agent);
return G_SOURCE_REMOVE;
}
+ if (agent->udscs_num_retry != 0) {
+ syslog(LOG_DEBUG,
+ "Connected with spice-vdagentd after %d attempts",
+ agent->udscs_num_retry);
+ }
+ agent->udscs_num_retry = 0;
g_object_set_data(G_OBJECT(agent->conn), "agent", agent);
agent->display = vdagent_display_create(agent->conn, debug, x11_sync);
--
2.33.1

View File

@ -1,98 +0,0 @@
From 09de02fd5cb12fcda3326e243981750c5358b7b6 Mon Sep 17 00:00:00 2001
From: Victor Toso <victortoso@redhat.com>
Date: Mon, 20 Dec 2021 19:09:37 +0100
Subject: [PATCH 21/21] udscs: udscs_connect: return error to caller
This way we can have the log in one place and avoid flooding the journal.
Signed-off-by: Victor Toso <victortoso@redhat.com>
---
src/udscs.c | 10 ++++------
src/udscs.h | 5 ++++-
src/vdagent/vdagent.c | 12 +++++++++---
3 files changed, 17 insertions(+), 10 deletions(-)
diff --git a/src/udscs.c b/src/udscs.c
index 3df67b3..6c50f76 100644
--- a/src/udscs.c
+++ b/src/udscs.c
@@ -107,16 +107,14 @@ static void udscs_connection_class_init(UdscsConnectionClass *klass)
UdscsConnection *udscs_connect(const char *socketname,
udscs_read_callback read_callback,
VDAgentConnErrorCb error_cb,
- int debug)
+ int debug,
+ GError **err)
{
GIOStream *io_stream;
UdscsConnection *conn;
- GError *err = NULL;
- io_stream = vdagent_socket_connect(socketname, &err);
- if (err) {
- syslog(LOG_ERR, "%s: %s", __func__, err->message);
- g_error_free(err);
+ io_stream = vdagent_socket_connect(socketname, err);
+ if (*err) {
return NULL;
}
diff --git a/src/udscs.h b/src/udscs.h
index 4f7ea36..0d4197b 100644
--- a/src/udscs.h
+++ b/src/udscs.h
@@ -53,11 +53,14 @@ typedef void (*udscs_read_callback)(UdscsConnection *conn,
*
* If debug is true then the events on this connection will be traced.
* This includes the incoming and outgoing message names.
+ *
+ * In case of failure, returns NULL and set @err with reason.
*/
UdscsConnection *udscs_connect(const char *socketname,
udscs_read_callback read_callback,
VDAgentConnErrorCb error_cb,
- int debug);
+ int debug,
+ GError **err);
/* Queue a message for delivery to the client connected through conn.
*/
diff --git a/src/vdagent/vdagent.c b/src/vdagent/vdagent.c
index 0d3945e..05d1a8f 100644
--- a/src/vdagent/vdagent.c
+++ b/src/vdagent/vdagent.c
@@ -376,22 +376,28 @@ static void vdagent_destroy(VDAgent *agent)
static gboolean vdagent_init_async_cb(gpointer user_data)
{
VDAgent *agent = user_data;
+ GError *err = NULL;
agent->conn = udscs_connect(vdagentd_socket,
- daemon_read_complete, daemon_error_cb,
- debug);
+ daemon_read_complete,
+ daemon_error_cb,
+ debug,
+ &err);
if (agent->conn == NULL) {
if (agent->udscs_num_retry == MAX_RETRY_CONNECT_SYSTEM_AGENT) {
syslog(LOG_WARNING,
"Failed to connect to spice-vdagentd at %s (tried %d times)",
vdagentd_socket, agent->udscs_num_retry);
+ g_error_free(err);
goto err_init;
}
if (agent->udscs_num_retry == 0) {
/* Log only when it fails and at the end */
syslog(LOG_DEBUG,
- "Failed to connect with spice-vdagentd. Trying again in 1s");
+ "Failed to connect with spice-vdagentd due '%s'. Trying again in 1s",
+ err->message);
}
+ g_error_free(err);
agent->udscs_num_retry++;
g_timeout_add_seconds(1, vdagent_init_async_cb, agent);
return G_SOURCE_REMOVE;
--
2.33.1

View File

@ -1,33 +0,0 @@
From 0717474feca8753bce7b8933bd10b3bab62a2f14 Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <freddy77@gmail.com>
Date: Sat, 12 Feb 2022 21:12:57 +0000
Subject: [PATCH] Do not process X11 events in vdagent_x11_create
Processing events requires some more initialisation between
VDAgentDisplay and vdagent_x11.
Postpone that after initialisation.
This fix a crash on Fedora 36, see
https://bugzilla.redhat.com/show_bug.cgi?id=2042877.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
---
src/vdagent/x11.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/src/vdagent/x11.c b/src/vdagent/x11.c
index 05a41d7..4af4bdc 100644
--- a/src/vdagent/x11.c
+++ b/src/vdagent/x11.c
@@ -302,9 +302,6 @@ struct vdagent_x11 *vdagent_x11_create(UdscsConnection *vdagentd,
x11->height[i] = attrib.height;
}
- /* Flush output buffers and consume any pending events */
- vdagent_x11_do_read(x11);
-
return x11;
}
--
2.39.0

View File

@ -1,48 +0,0 @@
From bcbbea34d93d07d33b767f808ff3adf628b1ea0f Mon Sep 17 00:00:00 2001
From: Victor Toso <victortoso@redhat.com>
Date: Fri, 13 Jan 2023 13:54:06 +0100
Subject: [PATCH] vdagent: Remove watch event on vdagent_display_destroy()
To avoid main loop calling it when GIOChannel for x11 was already
destroyed.
Related: https://bugzilla.redhat.com/show_bug.cgi?id=2145004
Signed-off-by: Victor Toso <victortoso@redhat.com>
---
src/vdagent/display.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/vdagent/display.c b/src/vdagent/display.c
index 790d9ad..602ab65 100644
--- a/src/vdagent/display.c
+++ b/src/vdagent/display.c
@@ -60,6 +60,7 @@ struct VDAgentDisplay {
UdscsConnection *vdagentd;
int debug;
GIOChannel *x11_channel;
+ guint io_watch_source_id;
VDAgentMutterDBus *mutter;
};
@@ -296,7 +297,8 @@ VDAgentDisplay* vdagent_display_create(UdscsConnection *vdagentd, int debug, int
return NULL;
}
- g_io_add_watch(display->x11_channel, G_IO_IN, x11_io_channel_cb, display);
+ display->io_watch_source_id =
+ g_io_add_watch(display->x11_channel, G_IO_IN, x11_io_channel_cb, display);
/* Since we are started at the same time as the wm,
@@ -323,7 +325,7 @@ void vdagent_display_destroy(VDAgentDisplay *display, int vdagentd_disconnected)
return;
}
-
+ g_source_remove(display->io_watch_source_id);
g_clear_pointer(&display->x11_channel, g_io_channel_unref);
vdagent_x11_destroy(display->x11, vdagentd_disconnected);
--
2.39.0

3
sources Normal file
View File

@ -0,0 +1,3 @@
SHA512 (spice-vdagent-0.22.1.tar.bz2) = 5a4d2661145f33a0583880a128d925b15ca5aec05df83271c80f8baa0fcdd28fab0242301bc38443ccddf70fbdcfd76b5d30bb5a6b4b7c895c3cea0eb38bdf92
SHA512 (spice-vdagent-0.22.1.tar.bz2.sig) = a2db0e4bef423768e1d71343bd0dac29fc825b130453adb6cc40a570bc1ae72b66abb5a656c8e7f80f3ef43d4614273b7c721f497f0ab94d06e97a04e6ca6b09
SHA512 (victortoso-E37A484F.keyring) = 091755da8a358c8c8ebd3b5443b4b5eb3c260afed943454c085d48c973de6a42763547c321c64e4da5c1b2983ad0c5146aaeddeb1d54ef414f7e6a530a3bf14a

View File

@ -1,44 +1,22 @@
Name: spice-vdagent
Version: 0.20.0
Release: 5%{?dist}
Version: 0.22.1
Release: 7%{?dist}
Summary: Agent for Spice guests
Group: Applications/System
License: GPLv3+
License: GPL-3.0-or-later
URL: https://spice-space.org/
Source0: https://spice-space.org/download/releases/%{name}-%{version}.tar.bz2
Source1: https://spice-space.org/download/releases/%{name}-%{version}.tar.bz2.sig
Source2: victortoso-E37A484F.keyring
Patch0001: 0001-vdagentd-work-around-GLib-s-fork-issues.patch
Patch0002: 0002-vdagentd-init-static-uinput-before-fork.patch
Patch0003: 0003-systemd-login-Avoid-a-crash-on-container.patch
Patch0004: 0004-Fix-possible-compile-error-using-former-GLib2-versio.patch
Patch0005: 0005-vdagentd-Use-bool-for-agent_owns_clipboard-and-clien.patch
Patch0006: 0006-vdagentd-Automatically-release-agent_data.patch
Patch0007: 0007-vdagent-connection-Pass-err-to-g_credentials_get_uni.patch
Patch0008: 0008-vdagentd-Better-check-for-vdagent_connection_get_pee.patch
Patch0009: 0009-vdagentd-Avoid-calling-chmod.patch
Patch0010: 0010-Avoids-unchecked-file-transfer-IDs-allocation-and-us.patch
Patch0011: 0011-Avoids-uncontrolled-active_xfers-allocations.patch
Patch0012: 0012-Avoids-unlimited-agent-connections.patch
Patch0013: 0013-Avoids-user-session-hijacking.patch
Patch0014: 0014-Better-check-for-sessions.patch
Patch0015: 0015-vdagentd-Limit-number-of-agents-per-session-to-1.patch
Patch0016: 0016-cleanup-active_xfers-when-the-client-disconnects.patch
Patch0017: 0017-vdagentd-do-not-allow-to-use-an-already-used-file-xf.patch
Patch0018: 0018-Add-a-test-for-session_info.patch
Patch0019: 0019-wayland-fix-monitor-mapping-issues.patch
Patch0020: 0020-vdagent-udscs-limit-retry-to-connect-to-vdagentd.patch
Patch0021: 0021-udscs-udscs_connect-return-error-to-caller.patch
Patch0022: 0022-Do-not-process-X11-events-in-vdagent_x11_create.patch
Patch0023: 0023-vdagent-Remove-watch-event-on-vdagent_display_destro.patch
BuildRequires: git-core gnupg2
BuildRequires: make
BuildRequires: systemd-devel
BuildRequires: glib2-devel >= 2.50
BuildRequires: spice-protocol >= 0.14.1
BuildRequires: spice-protocol >= 0.14.3
BuildRequires: libpciaccess-devel libXrandr-devel libXinerama-devel
BuildRequires: libXfixes-devel systemd desktop-file-utils libtool
BuildRequires: alsa-lib-devel dbus-devel libdrm-devel
# For autoreconf, needed after clipboard patch series
BuildRequires: automake autoconf
BuildRequires: gnupg2
%{?systemd_requires}
%description
@ -56,17 +34,17 @@ Features:
%prep
gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
%autosetup -S git_am
#autoreconf -fi
%autosetup -p1
autoreconf -fi
%build
%configure --with-session-info=systemd --with-init-script=systemd
make %{?_smp_mflags} V=2
%make_build V=2
%install
make install DESTDIR=$RPM_BUILD_ROOT V=2
%make_install V=2
%post
@ -85,6 +63,7 @@ make install DESTDIR=$RPM_BUILD_ROOT V=2
%{_unitdir}/spice-vdagentd.service
%{_unitdir}/spice-vdagentd.socket
%{_prefix}/lib/tmpfiles.d/spice-vdagentd.conf
%{_userunitdir}/spice-vdagent.service
%{_bindir}/spice-vdagent
%{_sbindir}/spice-vdagentd
%{_var}/run/spice-vdagentd
@ -96,46 +75,89 @@ make install DESTDIR=$RPM_BUILD_ROOT V=2
%changelog
* Mon Jan 16 2023 Victor Toso <victortoso@redhat.com> 0.20.0-5
- Fix upstream segfault on X11 events
Resolves: rhbz#2145004
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 0.22.1-7
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Tue Dec 21 2021 Victor Toso <victortoso@redhat.com> 0.20.0-4
- Do not flood the journal with retry messages.
Resolves: rhbz#2005802
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 0.22.1-6
- Bump release for June 2024 mass rebuild
* Wed Jan 20 2021 Julien Ropé <jrope@redhat.com> - 0.20.0-3
- Fix mouse problems in multi-monitor environments under Wayland
Resolves: rhbz#1790904 rhbz#1824610
* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.22.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Oct 19 2020 Frediano Ziglio <fziglio@redhat.com> 0.20.0-2
- Resolves: CVE-2020-25650, CVE-2020-25651, CVE-2020-25652, CVE-2020-25653
* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.22.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri May 15 2020 Victor Toso <victortoso@redhat.com> 0.20.0-1
- Update to 0.20.0
- Backport fixes post-release
Resolves: rhbz#1817476
* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.22.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Aug 27 2019 Victor Toso <victortoso@redhat.com> 0.19.0-3
- Fix two new covscan warnings
Resolves: rhbz#1660566
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.22.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Aug 19 2019 Victor Toso <victortoso@redhat.com> 0.19.0-2
- Fix some covscan warnings from latest build
Resolves: rhbz#1660566
* Mon Feb 14 2022 Victor Toso <victortoso@redhat.com> 0.22.1-1
- Update to spice-vdagent 0.22.1
* Mon May 20 2019 Victor Toso <victortoso@redhat.com> 0.19.0-1
- Update to 0.19.0
Resolves: rhbz#1711975
- Validate tarball with gpg
* Thu Feb 10 2022 Victor Toso <victortoso@redhat.com> 0.22.0-1
- Update to spice-vdagent 0.22.0
* Tue Dec 18 2018 Victor Toso <victortoso@redhat.com> 0.18.0-3
- Fix leak of unix sockets.
Resolves: rhbz#1660108
* Mon Feb 07 2022 Stephen Gallagher <sgallagh@redhat.com> - 0.21.0-7
- Fix build against GLib >= 2.68
* Thu Nov 15 2018 Victor Toso <victortoso@redhat.com> 0.18.0-2
- Fix unusable mouse on xorg resolution event in wayland
Resolves: rhbz#1641723
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.21.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.21.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jul 16 2021 Rex Dieter <rdieter@fedoraproject.org> - 0.21.0-4
- use upstream-able patch (upstream merge request 37)
* Wed Jul 14 2021 Rex Dieter <rdieter@fedoraproject.org> - 0.21.0-3
- add user spice-vdgant.service (#1951580)
- use %%make_build/%%make_install
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.21.0-2
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Mon Feb 8 2021 Victor Toso <victortoso@redhat.com> 0.21.0-1
- Update to spice-vdagent 0.21.0
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.20.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.20.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu Mar 26 2020 Victor Toso <victortoso@redhat.com> 0.20.0-2
- Fix agent shutdown
Resolves: rhbz#1813667
* Tue Mar 10 2020 Victor Toso <victortoso@redhat.com> 0.20.0-1
- Update to spice-vdagent 0.20.0
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.19.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Oct 04 2019 Adam Williamson <awilliam@redhat.com> - 0.19.0-4
- Backport clipboard-race patches for #1755038
* Fri Sep 13 2019 Benjamin Berg <bberg@redhat.com> - 0.19.0-3
- Add patch to lookup graphical session
https://gitlab.freedesktop.org/spice/linux/vd_agent/merge_requests/2
- Resolves: #1750120
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.19.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Apr 12 2019 Victor Toso <victortoso@redhat.com> 0.19.0-1
- Update to spice-vdagent 0.19.0
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.18.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.18.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jun 12 2018 Victor Toso <victortoso@redhat.com> 0.18.0-1
- Update to spice-vdagent 0.18.0