diff options
author | Alexander Larsson <alexl@redhat.com> | 2015-10-01 21:23:23 +0200 |
---|---|---|
committer | Alexander Larsson <alexl@redhat.com> | 2015-10-01 21:23:23 +0200 |
commit | 208eb7b1aa3d7cc781baae7aba5d5aa2184a9764 (patch) | |
tree | 1ab2f60d7b98552380562281c854b04317f2a639 | |
parent | eedbeab9d06675aed8bc885dbf4a87e19cab730b (diff) | |
download | xdg-app-208eb7b1aa3d7cc781baae7aba5d5aa2184a9764.tar.gz |
Propagate Xauthority details to the sandbox if X11 is enabled
Some xservers out there (like xorg 1.17.1) have a broken server interpreted
local xauth, which causes apps to fail to connect to the xserver.
This fixes that by propagating Xauthority data such as the MIT-MAGIC-COOKIE-1.
-rw-r--r-- | configure.ac | 3 | ||||
-rw-r--r-- | document-portal/Makefile.am.inc | 2 | ||||
-rw-r--r-- | lib/Makefile.am.inc | 4 | ||||
-rw-r--r-- | lib/xdg-app-helper.c | 5 | ||||
-rw-r--r-- | lib/xdg-app-run.c | 76 |
5 files changed, 87 insertions, 3 deletions
diff --git a/configure.ac b/configure.ac index 7fe375f..962eacb 100644 --- a/configure.ac +++ b/configure.ac @@ -59,6 +59,9 @@ AC_SUBST(BASE_LIBS) PKG_CHECK_MODULES(SOUP, [libsoup-2.4]) AC_SUBST(SOUP_CFLAGS) AC_SUBST(SOUP_LIBS) +PKG_CHECK_MODULES(XAUTH, [xau]) +AC_SUBST(XAUTH_CFLAGS) +AC_SUBST(XAUTH_LIBS) PKG_CHECK_MODULES(OSTREE, [libgsystem >= 2015.1 ostree-1 >= 2015.3]) AC_SUBST(OSTREE_CFLAGS) diff --git a/document-portal/Makefile.am.inc b/document-portal/Makefile.am.inc index 13ef3bf..c8ad995 100644 --- a/document-portal/Makefile.am.inc +++ b/document-portal/Makefile.am.inc @@ -42,4 +42,4 @@ xdg_document_portal_SOURCES = \ $(NULL) xdg_document_portal_LDADD = $(BASE_LIBS) $(FUSE_LIBS) libxdgapp.la -xdg_document_portal_CFLAGS = $(BASE_CFLAGS) $(OSTREE_CFLAGS) $(SOUP_CFLAGS) $(FUSE_CFLAGS) -I$(srcdir)/document-portal -I$(builddir)/document-portal +xdg_document_portal_CFLAGS = $(BASE_CFLAGS) $(OSTREE_CFLAGS) $(SOUP_CFLAGS) $(XAUTH_LIBS) $(FUSE_CFLAGS) -I$(srcdir)/document-portal -I$(builddir)/document-portal diff --git a/lib/Makefile.am.inc b/lib/Makefile.am.inc index f2e12d8..01e4ba3 100644 --- a/lib/Makefile.am.inc +++ b/lib/Makefile.am.inc @@ -42,8 +42,8 @@ libxdgapp_la_SOURCES = \ $(systemd_dbus_built_sources) \ $(NULL) -libxdgapp_la_CFLAGS = $(AM_CFLAGS) $(BASE_CFLAGS) $(OSTREE_CFLAGS) $(SOUP_CFLAGS) -I$(srcdir)/dbus-proxy -libxdgapp_la_LIBADD = libglnx.la $(BASE_LIBS) $(OSTREE_LIBS) $(SOUP_LIBS) +libxdgapp_la_CFLAGS = $(AM_CFLAGS) $(BASE_CFLAGS) $(OSTREE_CFLAGS) $(SOUP_CFLAGS) $(XAUTH_CFLAGS) -I$(srcdir)/dbus-proxy +libxdgapp_la_LIBADD = libglnx.la $(BASE_LIBS) $(OSTREE_LIBS) $(SOUP_LIBS) $(XAUTH_LIBS) bin_PROGRAMS += \ xdg-app-helper \ diff --git a/lib/xdg-app-helper.c b/lib/xdg-app-helper.c index 8416a21..8b6cba6 100644 --- a/lib/xdg-app-helper.c +++ b/lib/xdg-app-helper.c @@ -2278,19 +2278,24 @@ main (int argc, if (stat (x11_socket, &st) == 0 && S_ISSOCK (st.st_mode)) { + char *xauth_path = strdup_printf ("/run/user/%d/Xauthority", uid); if (bind_mount (x11_socket, "tmp/.X11-unix/X99", 0)) die ("can't bind X11 socket"); xsetenv ("DISPLAY", ":99.0", 1); + xsetenv ("XAUTHORITY", xauth_path, 1); + free (xauth_path); } else { xunsetenv ("DISPLAY"); + xunsetenv ("XAUTHORITY"); } } else { xunsetenv ("DISPLAY"); + xunsetenv ("XAUTHORITY"); } /* Bind mount in the Wayland socket */ diff --git a/lib/xdg-app-run.c b/lib/xdg-app-run.c index a462ab1..648d91a 100644 --- a/lib/xdg-app-run.c +++ b/lib/xdg-app-run.c @@ -24,6 +24,9 @@ #include <fcntl.h> #include <stdio.h> #include <unistd.h> +#include <sys/utsname.h> + +#include <X11/Xauth.h> #include <gio/gio.h> #include "libgsystem.h" @@ -34,6 +37,7 @@ #include "xdg-app-utils.h" #include "xdg-app-systemd-dbus.h" + typedef enum { XDG_APP_CONTEXT_SHARED_NETWORK = 1 << 0, XDG_APP_CONTEXT_SHARED_IPC = 1 << 1, @@ -974,6 +978,58 @@ extract_unix_path_from_dbus_address (const char *address) return g_strndup (path, path_end - path); } +static gboolean auth_streq (char *str, + char *au_str, + int au_len) +{ + return au_len == strlen (str) && memcmp (str, au_str, au_len) == 0; +} + +static void +write_xauth (char *number, FILE *output) +{ + Xauth *xa, local_xa; + char *filename; + FILE *f; + struct utsname unames; + + if (uname (&unames)) + { + g_warning ("uname failed"); + return; + } + + filename = XauFileName (); + f = fopen (filename, "rb"); + if (f == NULL) + return; + + while (TRUE) + { + xa = XauReadAuth (f); + if (xa == NULL) + break; + if (xa->family == FamilyLocal && + auth_streq (unames.nodename, xa->address, xa->address_length) && + (xa->number == NULL || auth_streq (number, xa->number, xa->number_length))) + { + local_xa = *xa; + if (local_xa.number) + { + local_xa.number = "99"; + local_xa.number_length = 2; + } + + if (!XauWriteAuth(output, &local_xa)) + g_warning ("xauth write error"); + } + + XauDisposeAuth(xa); + } + + fclose (f); +} + static void xdg_app_run_add_x11_args (GPtrArray *argv_array) { @@ -985,6 +1041,10 @@ xdg_app_run_add_x11_args (GPtrArray *argv_array) const char *display_nr = &display[1]; const char *display_nr_end = display_nr; g_autofree char *d = NULL; + g_autofree char *tmp_path = NULL; + g_autofree char *path = NULL; + int fd; + FILE *output; while (g_ascii_isdigit (*display_nr_end)) display_nr_end++; @@ -994,6 +1054,22 @@ xdg_app_run_add_x11_args (GPtrArray *argv_array) g_ptr_array_add (argv_array, g_strdup ("-x")); g_ptr_array_add (argv_array, x11_socket); + + fd = g_file_open_tmp ("xdg-app-xauth-XXXXXX", &tmp_path, NULL); + if (fd >= 0) + { + output = fdopen (fd, "wb"); + if (output != NULL) + { + write_xauth (d, output); + fclose (output); + + g_ptr_array_add (argv_array, g_strdup ("-M")); + g_ptr_array_add (argv_array, g_strdup_printf ("/run/user/%d/Xauthority=%s", getuid(), tmp_path)); + } + else + close (fd); + } } } |