ruby-dbus 0.18.1 → 0.20.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 07f1f2fd26d13923b2601c9c3f29ccf57afd42c0348b937bceea0804eece6d66
-  data.tar.gz: 5ad80792234951e7ed422b6eba16e7f6e55b41f24a116ef40afaa7f32cdeef74
+  metadata.gz: d52907f5f6be32813466ae280cb99ff605d4195ca84396e97a90a7568fb579ec
+  data.tar.gz: 01bf87805f19878641a424f5c9ba21fcff637dcb6d4bbcdc230dda3713df8c80
 SHA512:
-  metadata.gz: acbe18b2d9695f8959ef6d51a3871e989600291076d6eef870a9215768ed6c7afd599d3af2741e13a733fe2f5cc9f75fdf075a130cafd0a9144b4ca00bd80dc9
-  data.tar.gz: 0363375dd8c4465aa2650649d0bd62a4f95431b78178edb624a84f5326e395476e0c54e4755b27fedc86caf94b7c059abbdc15af28832417ec1d3e4770ea9ae0
+  metadata.gz: 8009bcca0c66ddb5d5e9ca76a2fbc06b0408437ac3f5135d1378362f58520cbcb20c6d625d242e7c19ca1f679b4ab7b4e584e5f9d6c376eea90f57372f7f27aa
+  data.tar.gz: 0d8388654ae2ad5aeca7cf0eb6cec2fb3eb463ac43b85eb7a83bfbd32a011d65749b1a1195fcc4ae0f8c6a5591e49c0176a09c442c67a166ce2432bb30d704f7

data/NEWS.md

@@ -2,6 +2,32 @@
 
 ## Unreleased
 
+## Ruby D-Bus 0.20.0 - 2023-03-21
+
+Features:
+ * For EXTERNAL authentication, try also without the user id, to work with
+   containers ([#126][]).
+ * Thread safety, as long as the non-main threads only send signals.
+
+[#126]: https://github.com/mvidner/ruby-dbus/issues/126
+
+## Ruby D-Bus 0.19.0 - 2023-01-18
+
+API:
+ * Added a ObjectManager mix-in to implement the service-side
+   [ObjectManager][objmgr] interface.
+
+Bug fixes:
+ * dbus_attr_accessor and friends validate the signature ([#120][]).
+ * Declare the Introspectable interface in exported objects([#99][]).
+ * Do reply with an error when calling a nonexisting object
+   with an existing path prefix([#121][]).
+
+[#120]: https://github.com/mvidner/ruby-dbus/issues/120
+[#99]: https://github.com/mvidner/ruby-dbus/issues/99
+[#121]: https://github.com/mvidner/ruby-dbus/issues/121
+[objmgr]: https://dbus.freedesktop.org/doc/dbus-specification.html#standard-interfaces-objectmanager
+
 ## Ruby D-Bus 0.18.1 - 2022-07-13
 
 No changes since 0.18.0.beta8.

data/VERSION

@@ -1 +1 @@
-0.18.1
+0.20.0

data/examples/simple/get_id.rb

@@ -6,7 +6,9 @@ $LOAD_PATH.unshift File.expand_path("../../lib", __dir__)
 
 require "dbus"
 
-bus = DBus::SystemBus.instance
+busname = ARGV.fetch(0, "system")
+bus = busname == "session" ? DBus::SessionBus.instance : DBus::SystemBus.instance
+
 driver_svc = bus["org.freedesktop.DBus"]
 # p driver_svc
 driver_obj = driver_svc["/"]
@@ -15,4 +17,4 @@ driver_ifc = driver_obj["org.freedesktop.DBus"]
 # p driver_ifc
 
 bus_id = driver_ifc.GetId
-puts "The system bus id is #{bus_id}"
+puts "The #{busname} bus id is #{bus_id}"

data/lib/dbus/auth.rb

@@ -12,261 +12,348 @@ require "rbconfig"
 
 module DBus
   # Exception raised when authentication fails somehow.
-  class AuthenticationFailed < Exception
+  class AuthenticationFailed < StandardError
   end
 
-  # = General class for authentication.
-  class Authenticator
-    # Returns the name of the authenticator.
-    def name
-      self.class.to_s.upcase.sub(/.*::/, "")
-    end
-  end
+  # The Authentication Protocol.
+  # https://dbus.freedesktop.org/doc/dbus-specification.html#auth-protocol
+  #
+  # @api private
+  module Authentication
+    # Base class of authentication mechanisms
+    class Mechanism
+      # @!method call(challenge)
+      # @abstract
+      # Replies to server *challenge*, or sends an initial response if the challenge is `nil`.
+      # @param challenge [String,nil]
+      # @return [Array(Symbol,String)] pair [action, response], where
+      #   - [:MechContinue, response] caller should send "DATA response" and go to :WaitingForData
+      #   - [:MechOk,       response] caller should send "DATA response" and go to :WaitingForOk
+      #   - [:MechError,    message]  caller should send "ERROR message" and go to :WaitingForData
 
-  # = Anonymous authentication class
-  class Anonymous < Authenticator
-    def authenticate
-      "527562792044427573" # Hex encoded version of "Ruby DBus"
+      # Uppercase mechanism name, as sent to the server
+      # @return [String]
+      def name
+        self.class.to_s.upcase.sub(/.*::/, "")
+      end
     end
-  end
 
-  # = External authentication class
-  #
-  # Class for 'external' type authentication.
-  class External < Authenticator
-    # Performs the authentication.
-    def authenticate
-      # Take the user id (eg integer 1000) make a string out of it "1000", take
-      # each character and determin hex value "1" => 0x31, "0" => 0x30. You
-      # obtain for "1000" => 31303030 This is what the server is expecting.
-      # Why? I dunno. How did I come to that conclusion? by looking at rbus
-      # code. I have no idea how he found that out.
-      Process.uid.to_s.split(//).map { |d| d.ord.to_s(16) }.join
+    # Anonymous authentication class.
+    # https://dbus.freedesktop.org/doc/dbus-specification.html#auth-mechanisms-anonymous
+    class Anonymous < Mechanism
+      def call(_challenge)
+        [:MechOk, "Ruby DBus"]
+      end
     end
-  end
 
-  # = Authentication class using SHA1 crypto algorithm
-  #
-  # Class for 'CookieSHA1' type authentication.
-  # Implements the AUTH DBUS_COOKIE_SHA1 mechanism.
-  class DBusCookieSHA1 < Authenticator
-    # the autenticate method (called in stage one of authentification)
-    def authenticate
-      require "etc"
-      # number of retries we have for auth
-      @retries = 1
-      hex_encode(Etc.getlogin).to_s # server expects it to be binary
+    # Class for 'external' type authentication.
+    # https://dbus.freedesktop.org/doc/dbus-specification.html#auth-mechanisms-external
+    class External < Mechanism
+      # Performs the authentication.
+      def call(_challenge)
+        [:MechOk, Process.uid.to_s]
+      end
     end
 
-    # returns the modules name
-    def name
-      "DBUS_COOKIE_SHA1"
+    # A variant of EXTERNAL that doesn't say our UID.
+    # Seen busctl do this and it worked across a container boundary.
+    class ExternalWithoutUid < External
+      def name
+        "EXTERNAL"
+      end
+
+      def call(_challenge)
+        [:MechContinue, nil]
+      end
     end
 
-    # handles the interesting crypto stuff, check the rbus-project for more info: http://rbus.rubyforge.org/
-    def data(hexdata)
-      require "digest/sha1"
-      data = hex_decode(hexdata)
-      # name of cookie file, id of cookie in file, servers random challenge
-      context, id, s_challenge = data.split(" ")
-      # Random client challenge
-      c_challenge = 1.upto(s_challenge.bytesize / 2).map { rand(255).to_s }.join
-      # Search cookie file for id
-      path = File.join(ENV["HOME"], ".dbus-keyrings", context)
-      DBus.logger.debug "path: #{path.inspect}"
-      File.foreach(path) do |line|
-        if line.start_with?(id)
-          # Right line of file, read cookie
-          cookie = line.split(" ")[2].chomp
-          DBus.logger.debug "cookie: #{cookie.inspect}"
-          # Concatenate and encrypt
-          to_encrypt = [s_challenge, c_challenge, cookie].join(":")
-          sha = Digest::SHA1.hexdigest(to_encrypt)
-          # the almighty tcp server wants everything hex encoded
-          hex_response = hex_encode("#{c_challenge} #{sha}")
-          # Return response
-          response = [:AuthOk, hex_response]
-          return response
+    # Implements the AUTH DBUS_COOKIE_SHA1 mechanism.
+    # https://dbus.freedesktop.org/doc/dbus-specification.html#auth-mechanisms-sha
+    class DBusCookieSHA1 < Mechanism
+      # returns the modules name
+      def name
+        "DBUS_COOKIE_SHA1"
+      end
+
+      # First we are called with nil and we reply with our username.
+      # Then we prove that we can read that user's cookie file.
+      def call(challenge)
+        if challenge.nil?
+          require "etc"
+          # number of retries we have for auth
+          @retries = 1
+          return [:MechContinue, Etc.getlogin]
+        end
+
+        require "digest/sha1"
+        # name of cookie file, id of cookie in file, servers random challenge
+        context, id, s_challenge = challenge.split(" ")
+        # Random client challenge
+        c_challenge = 1.upto(s_challenge.bytesize / 2).map { rand(255).to_s }.join
+        # Search cookie file for id
+        path = File.join(ENV["HOME"], ".dbus-keyrings", context)
+        DBus.logger.debug "path: #{path.inspect}"
+        File.foreach(path) do |line|
+          if line.start_with?(id)
+            # Right line of file, read cookie
+            cookie = line.split(" ")[2].chomp
+            DBus.logger.debug "cookie: #{cookie.inspect}"
+            # Concatenate and encrypt
+            to_encrypt = [s_challenge, c_challenge, cookie].join(":")
+            sha = Digest::SHA1.hexdigest(to_encrypt)
+            # Return response
+            response = [:MechOk, "#{c_challenge} #{sha}"]
+            return response
+          end
         end
+        return if @retries <= 0
+
+        # a little rescue magic
+        puts "ERROR: Could not auth, will now exit."
+        puts "ERROR: Unable to locate cookie, retry in 1 second."
+        @retries -= 1
+        sleep 1
+        call(challenge)
       end
-      return if @retries <= 0
-
-      # a little rescue magic
-      puts "ERROR: Could not auth, will now exit."
-      puts "ERROR: Unable to locate cookie, retry in 1 second."
-      @retries -= 1
-      sleep 1
-      data(hexdata)
     end
 
-    # encode plain to hex
-    def hex_encode(plain)
-      return nil if plain.nil?
+    # Declare client state transitions, for ease of code reading.
+    # It is just a pair.
+    NextState = Struct.new(:state, :command_words)
 
-      plain.to_s.unpack1("H*")
-    end
+    # Authenticates the connection before messages can be exchanged.
+    class Client
+      # @return [Boolean] have we negotiated Unix file descriptor passing
+      # NOTE: not implemented yet in upper layers
+      attr_reader :unix_fd
 
-    # decode hex to plain
-    def hex_decode(encoded)
-      encoded.scan(/[[:xdigit:]]{2}/).map { |h| h.hex.chr }.join
-    end
-  end
+      # @return [String]
+      attr_reader :address_uuid
 
-  # Note: this following stuff is tested with External authenticator only!
+      # Create a new authentication client.
+      # @param mechs [Array<Mechanism,Class>,nil] custom list of auth Mechanism objects or classes
+      def initialize(socket, mechs = nil)
+        @unix_fd = false
+        @address_uuid = nil
 
-  # = Authentication client class.
-  #
-  # Class tha performs the actional authentication.
-  class Client
-    # Create a new authentication client.
-    def initialize(socket)
-      @socket = socket
-      @state = nil
-      @auth_list = [External, DBusCookieSHA1, Anonymous]
-    end
+        @socket = socket
+        @state = nil
+        @auth_list = mechs || [
+          External,
+          DBusCookieSHA1,
+          ExternalWithoutUid,
+          Anonymous
+        ]
+      end
+
+      # Start the authentication process.
+      # @return [void]
+      # @raise [AuthenticationFailed]
+      def authenticate
+        DBus.logger.debug "Authenticating"
+        send_nul_byte
 
-    # Start the authentication process.
-    def authenticate
-      if RbConfig::CONFIG["target_os"] =~ /freebsd/
-        @socket.sendmsg(0.chr, 0, nil, [:SOCKET, :SCM_CREDS, ""])
-      else
-        @socket.write(0.chr)
+        use_next_mechanism
+
+        @state, command = next_state_via_mechanism.to_a
+        send(command)
+
+        loop do
+          DBus.logger.debug "auth STATE: #{@state}"
+          words = next_msg
+
+          @state, command = next_state(words).to_a
+          break if [:TerminatedOk, :TerminatedError].include? @state
+
+          send(command)
+        end
+
+        raise AuthenticationFailed, command.first if @state == :TerminatedError
+
+        send("BEGIN")
       end
-      next_authenticator
-      @state = :Starting
-      while @state != :Authenticated
-        r = next_state
-        return r if !r
+
+      ##########
+
+      private
+
+      ##########
+
+      # The authentication protocol requires a nul byte
+      # that may carry credentials.
+      # @return [void]
+      def send_nul_byte
+        if RbConfig::CONFIG["target_os"] =~ /freebsd/
+          @socket.sendmsg(0.chr, 0, nil, [:SOCKET, :SCM_CREDS, ""])
+        else
+          @socket.write(0.chr)
+        end
       end
-      true
-    end
 
-    ##########
+      # encode plain to hex
+      # @param plain [String,nil]
+      # @return [String,nil]
+      def hex_encode(plain)
+        return nil if plain.nil?
 
-    private
+        plain.unpack1("H*")
+      end
 
-    ##########
+      # decode hex to plain
+      # @param encoded [String,nil]
+      # @return [String,nil]
+      def hex_decode(encoded)
+        return nil if encoded.nil?
 
-    # Send an authentication method _meth_ with arguments _args_ to the
-    # server.
-    def send(meth, *args)
-      o = ([meth] + args).join(" ")
-      @socket.write("#{o}\r\n")
-    end
+        [encoded].pack("H*")
+      end
 
-    # Try authentication using the next authenticator.
-    def next_authenticator
-      raise AuthenticationFailed if @auth_list.empty?
-
-      @authenticator = @auth_list.shift.new
-      auth_msg = ["AUTH", @authenticator.name, @authenticator.authenticate]
-      DBus.logger.debug "auth_msg: #{auth_msg.inspect}"
-      send(auth_msg)
-    rescue AuthenticationFailed
-      @socket.close
-      raise
-    end
+      # Send a string to the socket; good place for test mocks.
+      def write_line(str)
+        DBus.logger.debug "auth_write: #{str.inspect}"
+        @socket.write(str)
+      end
 
-    # Read data (a buffer) from the bus until CR LF is encountered.
-    # Return the buffer without the CR LF characters.
-    def next_msg
-      data = ""
-      crlf = "\r\n"
-      left = 1024 # 1024 byte, no idea if it's ever getting bigger
-      while left.positive?
-        buf = @socket.read(left > 1 ? 1 : left)
-        break if buf.nil?
-
-        left -= buf.bytesize
-        data += buf
-        break if data.include? crlf # crlf means line finished, the TCP socket keeps on listening, so we break
+      # Send *words* to the server as a single CRLF terminated string.
+      # @param words [Array<String>,String]
+      def send(words)
+        joined = Array(words).compact.join(" ")
+        write_line("#{joined}\r\n")
       end
-      readline = data.chomp.split(" ")
-      DBus.logger.debug "readline: #{readline.inspect}"
-      readline
-    end
 
-    #     # Read data (a buffer) from the bus until CR LF is encountered.
-    #     # Return the buffer without the CR LF characters.
-    #     def next_msg
-    #       @socket.readline.chomp.split(" ")
-    #     end
-
-    # Try to reach the next state based on the current state.
-    def next_state
-      msg = next_msg
-      if @state == :Starting
-        DBus.logger.debug ":Starting msg: #{msg[0].inspect}"
-        case msg[0]
-        when "OK"
-          @state = :WaitingForOk
-        when "CONTINUE"
-          @state = :WaitingForData
-        when "REJECTED" # needed by tcp, unix-path/abstract doesn't get here
-          @state = :WaitingForData
-        end
+      # Try authentication using the next mechanism.
+      # @raise [AuthenticationFailed] if there are no more left
+      # @return [void]
+      def use_next_mechanism
+        raise AuthenticationFailed, "Authentication mechanisms exhausted" if @auth_list.empty?
+
+        @mechanism = @auth_list.shift
+        @mechanism = @mechanism.new if @mechanism.is_a? Class
+      rescue AuthenticationFailed
+        # TODO: make this caller's responsibility
+        @socket.close
+        raise
       end
-      DBus.logger.debug "state: #{@state}"
-      case @state
-      when :WaitingForData
-        DBus.logger.debug ":WaitingForData msg: #{msg[0].inspect}"
-        case msg[0]
-        when "DATA"
-          chall = msg[1]
-          resp, chall = @authenticator.data(chall)
-          DBus.logger.debug ":WaitingForData/DATA resp: #{resp.inspect}"
-          case resp
-          when :AuthContinue
-            send("DATA", chall)
-            @state = :WaitingForData
-          when :AuthOk
-            send("DATA", chall)
-            @state = :WaitingForOk
-          when :AuthError
-            send("ERROR")
-            @state = :WaitingForData
-          end
-        when "REJECTED"
-          next_authenticator
-          @state = :WaitingForData
-        when "ERROR"
-          send("CANCEL")
-          @state = :WaitingForReject
-        when "OK"
-          send("BEGIN")
-          @state = :Authenticated
-        else
-          send("ERROR")
-          @state = :WaitingForData
+
+      # Read data (a buffer) from the bus until CR LF is encountered.
+      # Return the buffer without the CR LF characters.
+      # @return [Array<String>] received words
+      def next_msg
+        read_line.chomp.split(" ")
+      end
+
+      # Read a line from the socket; good place for test mocks.
+      # @return [String] CRLF (\r\n) terminated
+      def read_line
+        # TODO: probably can simply call @socket.readline
+        data = ""
+        crlf = "\r\n"
+        left = 1024 # 1024 byte, no idea if it's ever getting bigger
+        while left.positive?
+          buf = @socket.read(left > 1 ? 1 : left)
+          break if buf.nil?
+
+          left -= buf.bytesize
+          data += buf
+          break if data.include? crlf # crlf means line finished, the TCP socket keeps on listening, so we break
         end
-      when :WaitingForOk
-        DBus.logger.debug ":WaitingForOk msg: #{msg[0].inspect}"
-        case msg[0]
-        when "OK"
-          send("BEGIN")
-          @state = :Authenticated
-        when "REJECT"
-          next_authenticator
-          @state = :WaitingForData
-        when "DATA", "ERROR"
-          send("CANCEL")
-          @state = :WaitingForReject
+        DBus.logger.debug "auth_read: #{data.inspect}"
+        data
+      end
+
+      #     # Read data (a buffer) from the bus until CR LF is encountered.
+      #     # Return the buffer without the CR LF characters.
+      #     def next_msg
+      #       @socket.readline.chomp.split(" ")
+      #     end
+
+      # @param hex_challenge [String,nil] (nil when the server said "DATA\r\n")
+      # @param use_data [Boolean] say DATA instead of AUTH
+      # @return [NextState]
+      def next_state_via_mechanism(hex_challenge = nil, use_data: false)
+        challenge = hex_decode(hex_challenge)
+
+        action, response = @mechanism.call(challenge)
+        DBus.logger.debug "auth mechanism action: #{action.inspect}"
+
+        command = use_data ? ["DATA"] : ["AUTH", @mechanism.name]
+
+        case action
+        when :MechError
+          NextState.new(:WaitingForData, ["ERROR", response])
+        when :MechContinue
+          NextState.new(:WaitingForData, command + [hex_encode(response)])
+        when :MechOk
+          NextState.new(:WaitingForOk, command + [hex_encode(response)])
         else
-          send("ERROR")
-          @state = :WaitingForOk
+          raise AuthenticationFailed, "internal error, unknown action #{action.inspect} " \
+                                      "from our mechanism #{@mechanism.inspect}"
         end
-      when :WaitingForReject
-        DBus.logger.debug ":WaitingForReject msg: #{msg[0].inspect}"
-        case msg[0]
-        when "REJECT"
-          next_authenticator
-          @state = :WaitingForOk
+      end
+
+      # Try to reach the next state based on the current state.
+      # @param received_words [Array<String>]
+      # @return [NextState]
+      def next_state(received_words)
+        msg = received_words
+
+        case @state
+        when :WaitingForData
+          case msg[0]
+          when "DATA"
+            next_state_via_mechanism(msg[1], use_data: true)
+          when "REJECTED"
+            use_next_mechanism
+            next_state_via_mechanism
+          when "ERROR"
+            NextState.new(:WaitingForReject, ["CANCEL"])
+          when "OK"
+            @address_uuid = msg[1]
+            # NextState.new(:TerminatedOk, [])
+            NextState.new(:WaitingForAgreeUnixFD, ["NEGOTIATE_UNIX_FD"])
+          else
+            NextState.new(:WaitingForData, ["ERROR"])
+          end
+        when :WaitingForOk
+          case msg[0]
+          when "OK"
+            @address_uuid = msg[1]
+            # NextState.new(:TerminatedOk, [])
+            NextState.new(:WaitingForAgreeUnixFD, ["NEGOTIATE_UNIX_FD"])
+          when "REJECTED"
+            use_next_mechanism
+            next_state_via_mechanism
+          when "DATA", "ERROR"
+            NextState.new(:WaitingForReject, ["CANCEL"])
+          else
+            # we don't understand server's response but still wait for a successful auth completion
+            NextState.new(:WaitingForOk, ["ERROR"])
+          end
+        when :WaitingForReject
+          case msg[0]
+          when "REJECTED"
+            use_next_mechanism
+            next_state_via_mechanism
+          else
+            # TODO: spec says to close socket, clarify
+            NextState.new(:TerminatedError, ["Unknown server reply #{msg[0].inspect} when expecting REJECTED"])
+          end
+        when :WaitingForAgreeUnixFD
+          case msg[0]
+          when "AGREE_UNIX_FD"
+            @unix_fd = true
+            NextState.new(:TerminatedOk, [])
+          when "ERROR"
+            @unix_fd = false
+            NextState.new(:TerminatedOk, [])
+          else
+            # TODO: spec says to close socket, clarify
+            NextState.new(:TerminatedError, ["Unknown server reply #{msg[0].inspect} to NEGOTIATE_UNIX_FD"])
+          end
         else
-          @socket.close
-          return false
+          raise "Internal error: unhandled state #{@state.inspect}"
         end
       end
-      true
     end
   end
 end