gdbus: Allow cross-namespace connections to Linux session and system buses

The dominant implementations of the well-known session and system
message buses are the reference implementation from the dbus project
(dbus-daemon) and the sd-bus-based reimplementation dbus-broker, both
of which have correct implementations for EXTERNAL authentication with
an unspecified authorization identity.

This makes it reasonably safe to assume that the well-known message
buses can cope with the unspecified authorization identity, even if we
cannot make the same assumption for custom servers such as the ones
used in ibus and gvfs (which might have been started with an older
GLib version before upgrading GLib in-place).

Signed-off-by: Simon McVittie <smcv@collabora.com>

5 files changed, 14 insertions, 4 deletions

diff --git a/gio/gdbusauth.c b/gio/gdbusauth.c
index eadecb50d..671036805 100644
--- a/gio/gdbusauth.c
+++ b/gio/gdbusauth.c
@@ -577,8 +577,8 @@ _g_dbus_auth_run_client (GDBusAuth     *auth,
   ClientState state;
   GDBusCapabilityFlags negotiated_capabilities;
 
-  g_return_val_if_fail ((connection->flags & G_DBUS_CONNECTION_FLAGS_AUTHENTICATION_CLIENT), NULL);
-  g_return_val_if_fail (!(connection->flags & G_DBUS_CONNECTION_FLAGS_AUTHENTICATION_SERVER), NULL);
+  g_return_val_if_fail ((conn_flags & G_DBUS_CONNECTION_FLAGS_AUTHENTICATION_CLIENT), NULL);
+  g_return_val_if_fail (!(conn_flags & G_DBUS_CONNECTION_FLAGS_AUTHENTICATION_SERVER), NULL);
 
   debug_print ("CLIENT: initiating");
 
diff --git a/gio/gdbusauthmechanism.c b/gio/gdbusauthmechanism.c
index 38d7210e5..6e494dbd9 100644
--- a/gio/gdbusauthmechanism.c
+++ b/gio/gdbusauthmechanism.c
@@ -301,11 +301,13 @@ _g_dbus_auth_mechanism_client_get_state (GDBusAuthMechanism *mechanism)
 }
 
 gchar *
-_g_dbus_auth_mechanism_client_initiate (GDBusAuthMechanism *mechanism,
-                                        gsize              *out_initial_response_len)
+_g_dbus_auth_mechanism_client_initiate (GDBusAuthMechanism   *mechanism,
+                                        GDBusConnectionFlags  conn_flags,
+                                        gsize                *out_initial_response_len)
 {
   g_return_val_if_fail (G_IS_DBUS_AUTH_MECHANISM (mechanism), NULL);
   return G_DBUS_AUTH_MECHANISM_GET_CLASS (mechanism)->client_initiate (mechanism,
+                                                                       conn_flags,
                                                                        out_initial_response_len);
 }
 
diff --git a/gio/gdbusauthmechanismsha1.c b/gio/gdbusauthmechanismsha1.c
index a11c9f38d..fb6488a2a 100644
--- a/gio/gdbusauthmechanismsha1.c
+++ b/gio/gdbusauthmechanismsha1.c
@@ -119,6 +119,7 @@ static gchar                   *mechanism_server_get_reject_reason  (GDBusAuthMe
 static void                     mechanism_server_shutdown           (GDBusAuthMechanism   *mechanism);
 static GDBusAuthMechanismState  mechanism_client_get_state          (GDBusAuthMechanism   *mechanism);
 static gchar                   *mechanism_client_initiate           (GDBusAuthMechanism   *mechanism,
+                                                                     GDBusConnectionFlags  conn_flags,
                                                                      gsize                *out_initial_response_len);
 static void                     mechanism_client_data_receive       (GDBusAuthMechanism   *mechanism,
                                                                      const gchar          *data,
@@ -1160,6 +1161,7 @@ mechanism_client_get_state (GDBusAuthMechanism   *mechanism)
 
 static gchar *
 mechanism_client_initiate (GDBusAuthMechanism   *mechanism,
+                           GDBusConnectionFlags  conn_flags,
                            gsize                *out_initial_response_len)
 {
   GDBusAuthMechanismSha1 *m = G_DBUS_AUTH_MECHANISM_SHA1 (mechanism);
diff --git a/gio/gdbusconnection.c b/gio/gdbusconnection.c
index 454f216bd..663cd95ab 100644
--- a/gio/gdbusconnection.c
+++ b/gio/gdbusconnection.c
@@ -7369,6 +7369,9 @@ get_uninitialized_connection (GBusType       bus_type,
       ret = g_object_new (G_TYPE_DBUS_CONNECTION,
                           "address", address,
                           "flags", G_DBUS_CONNECTION_FLAGS_AUTHENTICATION_CLIENT |
+#ifdef __linux__
+                                   G_DBUS_CONNECTION_FLAGS_CROSS_NAMESPACE |
+#endif
                                    G_DBUS_CONNECTION_FLAGS_MESSAGE_BUS_CONNECTION,
                           "exit-on-close", TRUE,
                           NULL);
diff --git a/gio/tests/gdbus-connection.c b/gio/tests/gdbus-connection.c
index 61ca5c4b7..d04dd0446 100644
--- a/gio/tests/gdbus-connection.c
+++ b/gio/tests/gdbus-connection.c
@@ -1234,6 +1234,9 @@ test_connection_basic (void)
                  flags == G_DBUS_CAPABILITY_FLAGS_UNIX_FD_PASSING);
 
   connection_flags = g_dbus_connection_get_flags (connection);
+  /* Ignore G_DBUS_CONNECTION_FLAGS_CROSS_NAMESPACE, it's an
+   * implementation detail whether we set it */
+  connection_flags &= ~G_DBUS_CONNECTION_FLAGS_CROSS_NAMESPACE;
   g_assert_cmpint (connection_flags, ==,
                    G_DBUS_CONNECTION_FLAGS_AUTHENTICATION_CLIENT |
                    G_DBUS_CONNECTION_FLAGS_MESSAGE_BUS_CONNECTION);