ruby-dbus 0.19.0 → 0.21.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7261c5ad0fb4e067da97b31298e6a79023e54743f69563b22c9a751101df2f85
-  data.tar.gz: 38075d862b0407889bf0a0e25eff450d18c8e225012a028545700fc1be15c342
+  metadata.gz: 922468208faa7a9a13f3c40c0b7ffd22a5a9a6b00de2e30e05e6ae18c84662d5
+  data.tar.gz: 9386581c654bad7f970763c1c67f8984e95654d6f49673a1c3452c2cc59ced0f
 SHA512:
-  metadata.gz: 700dc07af8d28f7a7537be292dd6313268032f169102c3581d2f5c7a13ba8b9b7c864b23d3b8bdb66e3760a147a7edf7d835098f450625ffade7f748e101f987
-  data.tar.gz: 2637cb7cad666a415c6e4a83a158b116507e5d6db3e70a53f5384d1a9240f191e6e2b540950076ae76397b7581c891e71b9f59e84346647394fe0bd7833e49c1
+  metadata.gz: 67e6e4058de8f6e9e0eddc404f53b5219487d711c165dd607ec1138c18f089de560f6467bf6960a28dc0c29b6df2a4a5eee4156e2c2fab68c1dada5ce9383f91
+  data.tar.gz: 364d914924b85f11354fdf8ed3f44f446091422014a92c5c7f0ecc3175cc28236d6a6b0cfec233321657a35554eb24be8692ab83c41a65eb9a75a7eef5dd7a5b

data/NEWS.md

@@ -2,6 +2,26 @@
 
 ## Unreleased
 
+## Ruby D-Bus 0.21.0 - 2023-04-08
+
+Features:
+ * Respect env RUBY_DBUS_ENDIANNESS=B (or =l) for outgoing messages.
+
+Bug fixes:
+ * Reduce socket buffer allocations ([#129][]).
+ * Message#marshall speedup: don't marshall the body twice.
+
+[#129]: https://github.com/mvidner/ruby-dbus/pull/129
+
+## Ruby D-Bus 0.20.0 - 2023-03-21
+
+Features:
+ * For EXTERNAL authentication, try also without the user id, to work with
+   containers ([#126][]).
+ * Thread safety, as long as the non-main threads only send signals.
+
+[#126]: https://github.com/mvidner/ruby-dbus/issues/126
+
 ## Ruby D-Bus 0.19.0 - 2023-01-18
 
 API:
@@ -73,7 +93,7 @@ API:
    when declaring properties ([#117][]).
 
 [#115]: https://github.com/mvidner/ruby-dbus/issues/115
-[#117]: https://github.com/mvidner/ruby-dbus/pulls/117
+[#117]: https://github.com/mvidner/ruby-dbus/pull/117
 
 ## Ruby D-Bus 0.18.0.beta7 - 2022-05-29
 
@@ -441,7 +461,7 @@ Bug fixes:
  * Handle more ways which tell us that a bus connection has died.
 
 [#3]: https://github.com/mvidner/ruby-dbus/issue/3
-[bsc#617350]: https://bugzilla.novell.com/show_bug.cgi?id=617350
+[bsc#617350]: https://bugzilla.suse.com/show_bug.cgi?id=617350
 
 ## Ruby D-Bus 0.3.0 - 2010-03-28
 
@@ -509,8 +529,8 @@ Bug fixes:
  * Fixed an endless sleep in DBus::Main.run ([bsc#537401][]).
  * Added details to PacketMarshaller exceptions ([bsc#538050][]).
 
-[bsc#537401]: https://bugzilla.novell.com/show_bug.cgi?id=537401
-[bsc#538050]: https://bugzilla.novell.com/show_bug.cgi?id=538050
+[bsc#537401]: https://bugzilla.suse.com/show_bug.cgi?id=537401
+[bsc#538050]: https://bugzilla.suse.com/show_bug.cgi?id=538050
 
 ## Ruby D-Bus "I'm not dead" 0.2.9 - 2009-08-26
 

data/VERSION

@@ -1 +1 @@
-0.19.0
+0.21.0

data/examples/simple/get_id.rb

@@ -6,7 +6,9 @@ $LOAD_PATH.unshift File.expand_path("../../lib", __dir__)
 
 require "dbus"
 
-bus = DBus::SystemBus.instance
+busname = ARGV.fetch(0, "system")
+bus = busname == "session" ? DBus::SessionBus.instance : DBus::SystemBus.instance
+
 driver_svc = bus["org.freedesktop.DBus"]
 # p driver_svc
 driver_obj = driver_svc["/"]
@@ -15,4 +17,4 @@ driver_ifc = driver_obj["org.freedesktop.DBus"]
 # p driver_ifc
 
 bus_id = driver_ifc.GetId
-puts "The system bus id is #{bus_id}"
+puts "The #{busname} bus id is #{bus_id}"

data/lib/dbus/auth.rb

@@ -12,261 +12,348 @@ require "rbconfig"
 
 module DBus
   # Exception raised when authentication fails somehow.
-  class AuthenticationFailed < Exception
+  class AuthenticationFailed < StandardError
   end
 
-  # = General class for authentication.
-  class Authenticator
-    # Returns the name of the authenticator.
-    def name
-      self.class.to_s.upcase.sub(/.*::/, "")
-    end
-  end
+  # The Authentication Protocol.
+  # https://dbus.freedesktop.org/doc/dbus-specification.html#auth-protocol
+  #
+  # @api private
+  module Authentication
+    # Base class of authentication mechanisms
+    class Mechanism
+      # @!method call(challenge)
+      # @abstract
+      # Replies to server *challenge*, or sends an initial response if the challenge is `nil`.
+      # @param challenge [String,nil]
+      # @return [Array(Symbol,String)] pair [action, response], where
+      #   - [:MechContinue, response] caller should send "DATA response" and go to :WaitingForData
+      #   - [:MechOk,       response] caller should send "DATA response" and go to :WaitingForOk
+      #   - [:MechError,    message]  caller should send "ERROR message" and go to :WaitingForData
 
-  # = Anonymous authentication class
-  class Anonymous < Authenticator
-    def authenticate
-      "527562792044427573" # Hex encoded version of "Ruby DBus"
+      # Uppercase mechanism name, as sent to the server
+      # @return [String]
+      def name
+        self.class.to_s.upcase.sub(/.*::/, "")
+      end
     end
-  end
 
-  # = External authentication class
-  #
-  # Class for 'external' type authentication.
-  class External < Authenticator
-    # Performs the authentication.
-    def authenticate
-      # Take the user id (eg integer 1000) make a string out of it "1000", take
-      # each character and determin hex value "1" => 0x31, "0" => 0x30. You
-      # obtain for "1000" => 31303030 This is what the server is expecting.
-      # Why? I dunno. How did I come to that conclusion? by looking at rbus
-      # code. I have no idea how he found that out.
-      Process.uid.to_s.split(//).map { |d| d.ord.to_s(16) }.join
+    # Anonymous authentication class.
+    # https://dbus.freedesktop.org/doc/dbus-specification.html#auth-mechanisms-anonymous
+    class Anonymous < Mechanism
+      def call(_challenge)
+        [:MechOk, "Ruby DBus"]
+      end
     end
-  end
 
-  # = Authentication class using SHA1 crypto algorithm
-  #
-  # Class for 'CookieSHA1' type authentication.
-  # Implements the AUTH DBUS_COOKIE_SHA1 mechanism.
-  class DBusCookieSHA1 < Authenticator
-    # the autenticate method (called in stage one of authentification)
-    def authenticate
-      require "etc"
-      # number of retries we have for auth
-      @retries = 1
-      hex_encode(Etc.getlogin).to_s # server expects it to be binary
+    # Class for 'external' type authentication.
+    # https://dbus.freedesktop.org/doc/dbus-specification.html#auth-mechanisms-external
+    class External < Mechanism
+      # Performs the authentication.
+      def call(_challenge)
+        [:MechOk, Process.uid.to_s]
+      end
     end
 
-    # returns the modules name
-    def name
-      "DBUS_COOKIE_SHA1"
+    # A variant of EXTERNAL that doesn't say our UID.
+    # Seen busctl do this and it worked across a container boundary.
+    class ExternalWithoutUid < External
+      def name
+        "EXTERNAL"
+      end
+
+      def call(_challenge)
+        [:MechContinue, nil]
+      end
     end
 
-    # handles the interesting crypto stuff, check the rbus-project for more info: http://rbus.rubyforge.org/
-    def data(hexdata)
-      require "digest/sha1"
-      data = hex_decode(hexdata)
-      # name of cookie file, id of cookie in file, servers random challenge
-      context, id, s_challenge = data.split(" ")
-      # Random client challenge
-      c_challenge = 1.upto(s_challenge.bytesize / 2).map { rand(255).to_s }.join
-      # Search cookie file for id
-      path = File.join(ENV["HOME"], ".dbus-keyrings", context)
-      DBus.logger.debug "path: #{path.inspect}"
-      File.foreach(path) do |line|
-        if line.start_with?(id)
-          # Right line of file, read cookie
-          cookie = line.split(" ")[2].chomp
-          DBus.logger.debug "cookie: #{cookie.inspect}"
-          # Concatenate and encrypt
-          to_encrypt = [s_challenge, c_challenge, cookie].join(":")
-          sha = Digest::SHA1.hexdigest(to_encrypt)
-          # the almighty tcp server wants everything hex encoded
-          hex_response = hex_encode("#{c_challenge} #{sha}")
-          # Return response
-          response = [:AuthOk, hex_response]
-          return response
+    # Implements the AUTH DBUS_COOKIE_SHA1 mechanism.
+    # https://dbus.freedesktop.org/doc/dbus-specification.html#auth-mechanisms-sha
+    class DBusCookieSHA1 < Mechanism
+      # returns the modules name
+      def name
+        "DBUS_COOKIE_SHA1"
+      end
+
+      # First we are called with nil and we reply with our username.
+      # Then we prove that we can read that user's cookie file.
+      def call(challenge)
+        if challenge.nil?
+          require "etc"
+          # number of retries we have for auth
+          @retries = 1
+          return [:MechContinue, Etc.getlogin]
+        end
+
+        require "digest/sha1"
+        # name of cookie file, id of cookie in file, servers random challenge
+        context, id, s_challenge = challenge.split(" ")
+        # Random client challenge
+        c_challenge = 1.upto(s_challenge.bytesize / 2).map { rand(255).to_s }.join
+        # Search cookie file for id
+        path = File.join(ENV["HOME"], ".dbus-keyrings", context)
+        DBus.logger.debug "path: #{path.inspect}"
+        File.foreach(path) do |line|
+          if line.start_with?(id)
+            # Right line of file, read cookie
+            cookie = line.split(" ")[2].chomp
+            DBus.logger.debug "cookie: #{cookie.inspect}"
+            # Concatenate and encrypt
+            to_encrypt = [s_challenge, c_challenge, cookie].join(":")
+            sha = Digest::SHA1.hexdigest(to_encrypt)
+            # Return response
+            response = [:MechOk, "#{c_challenge} #{sha}"]
+            return response
+          end
         end
+        return if @retries <= 0
+
+        # a little rescue magic
+        puts "ERROR: Could not auth, will now exit."
+        puts "ERROR: Unable to locate cookie, retry in 1 second."
+        @retries -= 1
+        sleep 1
+        call(challenge)
       end
-      return if @retries <= 0
-
-      # a little rescue magic
-      puts "ERROR: Could not auth, will now exit."
-      puts "ERROR: Unable to locate cookie, retry in 1 second."
-      @retries -= 1
-      sleep 1
-      data(hexdata)
     end
 
-    # encode plain to hex
-    def hex_encode(plain)
-      return nil if plain.nil?
+    # Declare client state transitions, for ease of code reading.
+    # It is just a pair.
+    NextState = Struct.new(:state, :command_words)
 
-      plain.to_s.unpack1("H*")
-    end
+    # Authenticates the connection before messages can be exchanged.
+    class Client
+      # @return [Boolean] have we negotiated Unix file descriptor passing
+      # NOTE: not implemented yet in upper layers
+      attr_reader :unix_fd
 
-    # decode hex to plain
-    def hex_decode(encoded)
-      encoded.scan(/[[:xdigit:]]{2}/).map { |h| h.hex.chr }.join
-    end
-  end
+      # @return [String]
+      attr_reader :address_uuid
 
-  # Note: this following stuff is tested with External authenticator only!
+      # Create a new authentication client.
+      # @param mechs [Array<Mechanism,Class>,nil] custom list of auth Mechanism objects or classes
+      def initialize(socket, mechs = nil)
+        @unix_fd = false
+        @address_uuid = nil
 
-  # = Authentication client class.
-  #
-  # Class tha performs the actional authentication.
-  class Client
-    # Create a new authentication client.
-    def initialize(socket)
-      @socket = socket
-      @state = nil
-      @auth_list = [External, DBusCookieSHA1, Anonymous]
-    end
+        @socket = socket
+        @state = nil
+        @auth_list = mechs || [
+          External,
+          DBusCookieSHA1,
+          ExternalWithoutUid,
+          Anonymous
+        ]
+      end
+
+      # Start the authentication process.
+      # @return [void]
+      # @raise [AuthenticationFailed]
+      def authenticate
+        DBus.logger.debug "Authenticating"
+        send_nul_byte
 
-    # Start the authentication process.
-    def authenticate
-      if RbConfig::CONFIG["target_os"] =~ /freebsd/
-        @socket.sendmsg(0.chr, 0, nil, [:SOCKET, :SCM_CREDS, ""])
-      else
-        @socket.write(0.chr)
+        use_next_mechanism
+
+        @state, command = next_state_via_mechanism.to_a
+        send(command)
+
+        loop do
+          DBus.logger.debug "auth STATE: #{@state}"
+          words = next_msg
+
+          @state, command = next_state(words).to_a
+          break if [:TerminatedOk, :TerminatedError].include? @state
+
+          send(command)
+        end
+
+        raise AuthenticationFailed, command.first if @state == :TerminatedError
+
+        send("BEGIN")
       end
-      next_authenticator
-      @state = :Starting
-      while @state != :Authenticated
-        r = next_state
-        return r if !r
+
+      ##########
+
+      private
+
+      ##########
+
+      # The authentication protocol requires a nul byte
+      # that may carry credentials.
+      # @return [void]
+      def send_nul_byte
+        if RbConfig::CONFIG["target_os"] =~ /freebsd/
+          @socket.sendmsg(0.chr, 0, nil, [:SOCKET, :SCM_CREDS, ""])
+        else
+          @socket.write(0.chr)
+        end
       end
-      true
-    end
 
-    ##########
+      # encode plain to hex
+      # @param plain [String,nil]
+      # @return [String,nil]
+      def hex_encode(plain)
+        return nil if plain.nil?
 
-    private
+        plain.unpack1("H*")
+      end
 
-    ##########
+      # decode hex to plain
+      # @param encoded [String,nil]
+      # @return [String,nil]
+      def hex_decode(encoded)
+        return nil if encoded.nil?
 
-    # Send an authentication method _meth_ with arguments _args_ to the
-    # server.
-    def send(meth, *args)
-      o = ([meth] + args).join(" ")
-      @socket.write("#{o}\r\n")
-    end
+        [encoded].pack("H*")
+      end
 
-    # Try authentication using the next authenticator.
-    def next_authenticator
-      raise AuthenticationFailed if @auth_list.empty?
-
-      @authenticator = @auth_list.shift.new
-      auth_msg = ["AUTH", @authenticator.name, @authenticator.authenticate]
-      DBus.logger.debug "auth_msg: #{auth_msg.inspect}"
-      send(auth_msg)
-    rescue AuthenticationFailed
-      @socket.close
-      raise
-    end
+      # Send a string to the socket; good place for test mocks.
+      def write_line(str)
+        DBus.logger.debug "auth_write: #{str.inspect}"
+        @socket.write(str)
+      end
 
-    # Read data (a buffer) from the bus until CR LF is encountered.
-    # Return the buffer without the CR LF characters.
-    def next_msg
-      data = ""
-      crlf = "\r\n"
-      left = 1024 # 1024 byte, no idea if it's ever getting bigger
-      while left.positive?
-        buf = @socket.read(left > 1 ? 1 : left)
-        break if buf.nil?
-
-        left -= buf.bytesize
-        data += buf
-        break if data.include? crlf # crlf means line finished, the TCP socket keeps on listening, so we break
+      # Send *words* to the server as a single CRLF terminated string.
+      # @param words [Array<String>,String]
+      def send(words)
+        joined = Array(words).compact.join(" ")
+        write_line("#{joined}\r\n")
       end
-      readline = data.chomp.split(" ")
-      DBus.logger.debug "readline: #{readline.inspect}"
-      readline
-    end
 
-    #     # Read data (a buffer) from the bus until CR LF is encountered.
-    #     # Return the buffer without the CR LF characters.
-    #     def next_msg
-    #       @socket.readline.chomp.split(" ")
-    #     end
-
-    # Try to reach the next state based on the current state.
-    def next_state
-      msg = next_msg
-      if @state == :Starting
-        DBus.logger.debug ":Starting msg: #{msg[0].inspect}"
-        case msg[0]
-        when "OK"
-          @state = :WaitingForOk
-        when "CONTINUE"
-          @state = :WaitingForData
-        when "REJECTED" # needed by tcp, unix-path/abstract doesn't get here
-          @state = :WaitingForData
-        end
+      # Try authentication using the next mechanism.
+      # @raise [AuthenticationFailed] if there are no more left
+      # @return [void]
+      def use_next_mechanism
+        raise AuthenticationFailed, "Authentication mechanisms exhausted" if @auth_list.empty?
+
+        @mechanism = @auth_list.shift
+        @mechanism = @mechanism.new if @mechanism.is_a? Class
+      rescue AuthenticationFailed
+        # TODO: make this caller's responsibility
+        @socket.close
+        raise
       end
-      DBus.logger.debug "state: #{@state}"
-      case @state
-      when :WaitingForData
-        DBus.logger.debug ":WaitingForData msg: #{msg[0].inspect}"
-        case msg[0]
-        when "DATA"
-          chall = msg[1]
-          resp, chall = @authenticator.data(chall)
-          DBus.logger.debug ":WaitingForData/DATA resp: #{resp.inspect}"
-          case resp
-          when :AuthContinue
-            send("DATA", chall)
-            @state = :WaitingForData
-          when :AuthOk
-            send("DATA", chall)
-            @state = :WaitingForOk
-          when :AuthError
-            send("ERROR")
-            @state = :WaitingForData
-          end
-        when "REJECTED"
-          next_authenticator
-          @state = :WaitingForData
-        when "ERROR"
-          send("CANCEL")
-          @state = :WaitingForReject
-        when "OK"
-          send("BEGIN")
-          @state = :Authenticated
-        else
-          send("ERROR")
-          @state = :WaitingForData
+
+      # Read data (a buffer) from the bus until CR LF is encountered.
+      # Return the buffer without the CR LF characters.
+      # @return [Array<String>] received words
+      def next_msg
+        read_line.chomp.split(" ")
+      end
+
+      # Read a line from the socket; good place for test mocks.
+      # @return [String] CRLF (\r\n) terminated
+      def read_line
+        # TODO: probably can simply call @socket.readline
+        data = ""
+        crlf = "\r\n"
+        left = 1024 # 1024 byte, no idea if it's ever getting bigger
+        while left.positive?
+          buf = @socket.read(left > 1 ? 1 : left)
+          break if buf.nil?
+
+          left -= buf.bytesize
+          data += buf
+          break if data.include? crlf # crlf means line finished, the TCP socket keeps on listening, so we break
         end
-      when :WaitingForOk
-        DBus.logger.debug ":WaitingForOk msg: #{msg[0].inspect}"
-        case msg[0]
-        when "OK"
-          send("BEGIN")
-          @state = :Authenticated
-        when "REJECT"
-          next_authenticator
-          @state = :WaitingForData
-        when "DATA", "ERROR"
-          send("CANCEL")
-          @state = :WaitingForReject
+        DBus.logger.debug "auth_read: #{data.inspect}"
+        data
+      end
+
+      #     # Read data (a buffer) from the bus until CR LF is encountered.
+      #     # Return the buffer without the CR LF characters.
+      #     def next_msg
+      #       @socket.readline.chomp.split(" ")
+      #     end
+
+      # @param hex_challenge [String,nil] (nil when the server said "DATA\r\n")
+      # @param use_data [Boolean] say DATA instead of AUTH
+      # @return [NextState]
+      def next_state_via_mechanism(hex_challenge = nil, use_data: false)
+        challenge = hex_decode(hex_challenge)
+
+        action, response = @mechanism.call(challenge)
+        DBus.logger.debug "auth mechanism action: #{action.inspect}"
+
+        command = use_data ? ["DATA"] : ["AUTH", @mechanism.name]
+
+        case action
+        when :MechError
+          NextState.new(:WaitingForData, ["ERROR", response])
+        when :MechContinue
+          NextState.new(:WaitingForData, command + [hex_encode(response)])
+        when :MechOk
+          NextState.new(:WaitingForOk, command + [hex_encode(response)])
         else
-          send("ERROR")
-          @state = :WaitingForOk
+          raise AuthenticationFailed, "internal error, unknown action #{action.inspect} " \
+                                      "from our mechanism #{@mechanism.inspect}"
         end
-      when :WaitingForReject
-        DBus.logger.debug ":WaitingForReject msg: #{msg[0].inspect}"
-        case msg[0]
-        when "REJECT"
-          next_authenticator
-          @state = :WaitingForOk
+      end
+
+      # Try to reach the next state based on the current state.
+      # @param received_words [Array<String>]
+      # @return [NextState]
+      def next_state(received_words)
+        msg = received_words
+
+        case @state
+        when :WaitingForData
+          case msg[0]
+          when "DATA"
+            next_state_via_mechanism(msg[1], use_data: true)
+          when "REJECTED"
+            use_next_mechanism
+            next_state_via_mechanism
+          when "ERROR"
+            NextState.new(:WaitingForReject, ["CANCEL"])
+          when "OK"
+            @address_uuid = msg[1]
+            # NextState.new(:TerminatedOk, [])
+            NextState.new(:WaitingForAgreeUnixFD, ["NEGOTIATE_UNIX_FD"])
+          else
+            NextState.new(:WaitingForData, ["ERROR"])
+          end
+        when :WaitingForOk
+          case msg[0]
+          when "OK"
+            @address_uuid = msg[1]
+            # NextState.new(:TerminatedOk, [])
+            NextState.new(:WaitingForAgreeUnixFD, ["NEGOTIATE_UNIX_FD"])
+          when "REJECTED"
+            use_next_mechanism
+            next_state_via_mechanism
+          when "DATA", "ERROR"
+            NextState.new(:WaitingForReject, ["CANCEL"])
+          else
+            # we don't understand server's response but still wait for a successful auth completion
+            NextState.new(:WaitingForOk, ["ERROR"])
+          end
+        when :WaitingForReject
+          case msg[0]
+          when "REJECTED"
+            use_next_mechanism
+            next_state_via_mechanism
+          else
+            # TODO: spec says to close socket, clarify
+            NextState.new(:TerminatedError, ["Unknown server reply #{msg[0].inspect} when expecting REJECTED"])
+          end
+        when :WaitingForAgreeUnixFD
+          case msg[0]
+          when "AGREE_UNIX_FD"
+            @unix_fd = true
+            NextState.new(:TerminatedOk, [])
+          when "ERROR"
+            @unix_fd = false
+            NextState.new(:TerminatedOk, [])
+          else
+            # TODO: spec says to close socket, clarify
+            NextState.new(:TerminatedError, ["Unknown server reply #{msg[0].inspect} to NEGOTIATE_UNIX_FD"])
+          end
         else
-          @socket.close
-          return false
+          raise "Internal error: unhandled state #{@state.inspect}"
         end
       end
-      true
     end
   end
 end

data/lib/dbus/message.rb

@@ -10,6 +10,8 @@
 # License, version 2.1 as published by the Free Software Foundation.
 # See the file "COPYING" for the exact licensing terms.
 
+require_relative "raw_message"
+
 # = D-Bus main module
 #
 # Module containing all the D-Bus modules and classes.
@@ -144,6 +146,10 @@ module DBus
       @params << [type, val]
     end
 
+    # "l" or "B"
+    ENDIANNESS_CHAR = ENV.fetch("RUBY_DBUS_ENDIANNESS", HOST_END)
+    ENDIANNESS = RawMessage.endianness(ENDIANNESS_CHAR)
+
     # FIXME: what are these? a message element constant enumeration?
     # See method below, in a message, you have and array of optional parameters
     # that come with an index, to determine their meaning. The values are in
@@ -165,14 +171,14 @@ module DBus
         raise InvalidDestinationName
       end
 
-      params = PacketMarshaller.new
-      @params.each do |param|
-        params.append(param[0], param[1])
+      params_marshaller = PacketMarshaller.new(endianness: ENDIANNESS)
+      @params.each do |type, value|
+        params_marshaller.append(type, value)
       end
-      @body_length = params.packet.bytesize
+      @body_length = params_marshaller.packet.bytesize
 
-      marshaller = PacketMarshaller.new
-      marshaller.append(Type::BYTE, HOST_END.ord)
+      marshaller = PacketMarshaller.new(endianness: ENDIANNESS)
+      marshaller.append(Type::BYTE, ENDIANNESS_CHAR.ord)
       marshaller.append(Type::BYTE, @message_type)
       marshaller.append(Type::BYTE, @flags)
       marshaller.append(Type::BYTE, @protocol)
@@ -191,10 +197,8 @@ module DBus
       marshaller.append("a(yv)", headers)
 
       marshaller.align(8)
-      @params.each do |param|
-        marshaller.append(param[0], param[1])
-      end
-      marshaller.packet
+
+      marshaller.packet + params_marshaller.packet
     end
 
     # Unmarshall a packet contained in the buffer _buf_ and set the

data/lib/dbus/message_queue.rb

@@ -18,10 +18,17 @@ module DBus
     # The socket that is used to connect with the bus.
     attr_reader :socket
 
+    # The buffer size for messages.
+    MSG_BUF_SIZE = 4096
+
     def initialize(address)
+      DBus.logger.debug "MessageQueue: #{address}"
       @address = address
       @buffer = ""
+      # Reduce allocations by using a single buffer for our socket
+      @read_buffer = String.new(capacity: MSG_BUF_SIZE)
       @is_tcp = false
+      @mutex = Mutex.new
       connect
     end
 
@@ -32,23 +39,28 @@ module DBus
     # @raise EOFError
     # @todo failure modes
     def pop(blocking: true)
-      buffer_from_socket_nonblock
-      message = message_from_buffer_nonblock
-      if blocking
-        # we can block
-        while message.nil?
-          r, _d, _d = IO.select([@socket])
-          if r && r[0] == @socket
-            buffer_from_socket_nonblock
-            message = message_from_buffer_nonblock
+      # FIXME: this is not enough, the R/W test deadlocks on shared connections
+      @mutex.synchronize do
+        buffer_from_socket_nonblock
+        message = message_from_buffer_nonblock
+        if blocking
+          # we can block
+          while message.nil?
+            r, _d, _d = IO.select([@socket])
+            if r && r[0] == @socket
+              buffer_from_socket_nonblock
+              message = message_from_buffer_nonblock
+            end
           end
         end
+        message
       end
-      message
     end
 
     def push(message)
-      @socket.write(message.marshall)
+      @mutex.synchronize do
+        @socket.write(message.marshall)
+      end
     end
     alias << push
 
@@ -129,7 +141,7 @@ module DBus
 
     # Initialize the connection to the bus.
     def init_connection
-      client = Client.new(@socket)
+      client = Authentication::Client.new(@socket)
       client.authenticate
     end
 
@@ -150,15 +162,12 @@ module DBus
       ret
     end
 
-    # The buffer size for messages.
-    MSG_BUF_SIZE = 4096
-
     # Fill (append) the buffer from data that might be available on the
     # socket.
     # @return [void]
     # @raise EOFError
     def buffer_from_socket_nonblock
-      @buffer += @socket.read_nonblock(MSG_BUF_SIZE)
+      @buffer += @socket.read_nonblock(MSG_BUF_SIZE, @read_buffer)
     rescue EOFError
       raise # the caller expects it
     rescue Errno::EAGAIN

data/lib/dbus.rb

@@ -10,6 +10,21 @@
 # License, version 2.1 as published by the Free Software Foundation.
 # See the file "COPYING" for the exact licensing terms.
 
+module DBus
+  # Byte signifying big endianness.
+  BIG_END = "B"
+  # Byte signifying little endianness.
+  LIL_END = "l"
+
+  # Byte signifying the host's endianness.
+  HOST_END = if [0x01020304].pack("L").unpack1("V") == 0x01020304
+               LIL_END
+             else
+               BIG_END
+             end
+end
+# ^ That's because dbus/message needs HOST_END early
+
 require_relative "dbus/api_options"
 require_relative "dbus/auth"
 require_relative "dbus/bus"
@@ -41,18 +56,6 @@ module DBus
   # Default socket name for the system bus.
   SYSTEM_BUS_ADDRESS = "unix:path=/var/run/dbus/system_bus_socket"
 
-  # Byte signifying big endianness.
-  BIG_END = "B"
-  # Byte signifying little endianness.
-  LIL_END = "l"
-
-  # Byte signifying the host's endianness.
-  HOST_END = if [0x01020304].pack("L").unpack1("V") == 0x01020304
-               LIL_END
-             else
-               BIG_END
-             end
-
   # Comparing symbols is faster than strings
   # @return [:little,:big]
   HOST_ENDIANNESS = RawMessage.endianness(HOST_END)

data/spec/auth_spec.rb

@@ -0,0 +1,225 @@
+#!/usr/bin/env rspec
+# frozen_string_literal: true
+
+require_relative "spec_helper"
+require "dbus"
+
+describe DBus::Authentication::Client do
+  let(:socket) { instance_double("Socket") }
+  let(:subject) { described_class.new(socket) }
+
+  before(:each) do
+    allow(Process).to receive(:uid).and_return(999)
+    allow(subject).to receive(:send_nul_byte)
+  end
+
+  describe "#next_state" do
+    it "raises when I forget to handle a state" do
+      subject.instance_variable_set(:@state, :Denmark)
+      expect { subject.__send__(:next_state, []) }.to raise_error(RuntimeError, /unhandled state :Denmark/)
+    end
+  end
+
+  def expect_protocol(pairs)
+    pairs.each do |we_say, server_says|
+      expect(subject).to receive(:write_line).with(we_say)
+      next if server_says.nil?
+
+      expect(subject).to receive(:read_line).and_return(server_says)
+    end
+  end
+
+  context "with ANONYMOUS" do
+    let(:subject) { described_class.new(socket, [DBus::Authentication::Anonymous]) }
+
+    it "authentication passes" do
+      expect_protocol [
+        ["AUTH ANONYMOUS 527562792044427573\r\n", "OK ffffffffffffffffffffffffffffffff\r\n"],
+        ["NEGOTIATE_UNIX_FD\r\n", "ERROR not for anonymous\r\n"],
+        ["BEGIN\r\n"]
+      ]
+
+      expect { subject.authenticate }.to_not raise_error
+    end
+  end
+
+  context "with EXTERNAL" do
+    let(:subject) { described_class.new(socket, [DBus::Authentication::External]) }
+
+    it "authentication passes, and address_uuid is set" do
+      expect_protocol [
+        ["AUTH EXTERNAL 393939\r\n", "OK ffffffffffffffffffffffffffffffff\r\n"],
+        ["NEGOTIATE_UNIX_FD\r\n", "AGREE_UNIX_FD\r\n"],
+        ["BEGIN\r\n"]
+      ]
+
+      expect { subject.authenticate }.to_not raise_error
+      expect(subject.address_uuid).to eq "ffffffffffffffffffffffffffffffff"
+    end
+
+    context "when the server says superfluous things before an OK" do
+      it "authentication passes" do
+        expect_protocol [
+          ["AUTH EXTERNAL 393939\r\n", "WOULD_YOU_LIKE_SOME_TEA\r\n"],
+          ["ERROR\r\n", "OK ffffffffffffffffffffffffffffffff\r\n"],
+          ["NEGOTIATE_UNIX_FD\r\n", "AGREE_UNIX_FD\r\n"],
+          ["BEGIN\r\n"]
+        ]
+
+        expect { subject.authenticate }.to_not raise_error
+      end
+    end
+
+    context "when the server messes up NEGOTIATE_UNIX_FD" do
+      it "authentication fails orderly" do
+        expect_protocol [
+          ["AUTH EXTERNAL 393939\r\n", "OK ffffffffffffffffffffffffffffffff\r\n"],
+          ["NEGOTIATE_UNIX_FD\r\n", "I_DONT_NEGOTIATE_WITH_TENORISTS\r\n"]
+        ]
+
+        allow(socket).to receive(:close) # want to get rid of this
+        # TODO: quote the server error message?
+        expect { subject.authenticate }.to raise_error(DBus::AuthenticationFailed, /Unknown server reply/)
+      end
+    end
+
+    context "when the server replies with ERROR" do
+      it "authentication fails orderly" do
+        expect_protocol [
+          ["AUTH EXTERNAL 393939\r\n", "ERROR something failed\r\n"],
+          ["CANCEL\r\n", "REJECTED DBUS_COOKIE_SHA1\r\n"]
+        ]
+
+        allow(socket).to receive(:close) # want to get rid of this
+        # TODO: quote the server error message?
+        expect { subject.authenticate }.to raise_error(DBus::AuthenticationFailed, /exhausted/)
+      end
+    end
+  end
+
+  context "with EXTERNAL without uid" do
+    let(:subject) do
+      described_class.new(socket, [DBus::Authentication::External, DBus::Authentication::ExternalWithoutUid])
+    end
+
+    it "authentication passes" do
+      expect_protocol [
+        ["AUTH EXTERNAL 393939\r\n", "REJECTED EXTERNAL\r\n"],
+        # this succeeds when we connect to a privileged container,
+        # where outside-non-root becomes inside-root
+        ["AUTH EXTERNAL\r\n", "DATA\r\n"],
+        ["DATA\r\n", "OK ffffffffffffffffffffffffffffffff\r\n"],
+        ["NEGOTIATE_UNIX_FD\r\n", "AGREE_UNIX_FD\r\n"],
+        ["BEGIN\r\n"]
+      ]
+
+      expect { subject.authenticate }.to_not raise_error
+    end
+  end
+
+  context "with a rejected mechanism and then EXTERNAL" do
+    let(:rejected_mechanism) do
+      double("Mechanism", name: "WIMP", call: [:MechContinue, "I expect to be rejected"])
+    end
+
+    let(:subject) { described_class.new(socket, [rejected_mechanism, DBus::Authentication::External]) }
+
+    it "authentication eventually passes" do
+      expect_protocol [
+        [/^AUTH WIMP .*\r\n/, "REJECTED EXTERNAL\r\n"],
+        ["AUTH EXTERNAL 393939\r\n", "OK ffffffffffffffffffffffffffffffff\r\n"],
+        ["NEGOTIATE_UNIX_FD\r\n", "AGREE_UNIX_FD\r\n"],
+        ["BEGIN\r\n"]
+      ]
+
+      expect { subject.authenticate }.to_not raise_error
+    end
+  end
+
+  context "with a DATA-using mechanism" do
+    let(:mechanism) do
+      double("Mechanism", name: "CHALLENGE_ME", call: [:MechContinue, "1"])
+    end
+
+    # try it twice to test calling #use_next_mechanism
+    let(:subject) { described_class.new(socket, [mechanism, mechanism]) }
+
+    it "authentication fails orderly when the server says ERROR" do
+      expect_protocol [
+        ["AUTH CHALLENGE_ME 31\r\n", "ERROR something failed\r\n"],
+        ["CANCEL\r\n", "REJECTED DBUS_COOKIE_SHA1\r\n"],
+        ["AUTH CHALLENGE_ME 31\r\n", "ERROR something failed\r\n"],
+        ["CANCEL\r\n", "REJECTED DBUS_COOKIE_SHA1\r\n"]
+      ]
+
+      allow(socket).to receive(:close) # want to get rid of this
+      # TODO: quote the server error message?
+      expect { subject.authenticate }.to raise_error(DBus::AuthenticationFailed, /exhausted/)
+    end
+
+    it "authentication fails orderly when the server says ERROR and then changes its mind" do
+      expect_protocol [
+        ["AUTH CHALLENGE_ME 31\r\n", "ERROR something failed\r\n"],
+        ["CANCEL\r\n", "I_CHANGED_MY_MIND please come back\r\n"]
+      ]
+
+      allow(socket).to receive(:close) # want to get rid of this
+      # TODO: quote the server error message?
+      expect { subject.authenticate }.to raise_error(DBus::AuthenticationFailed, /Unknown.*MIND.*REJECTED/)
+    end
+
+    it "authentication passes when the server says superfluous things before DATA" do
+      expect_protocol [
+        ["AUTH CHALLENGE_ME 31\r\n", "WOULD_YOU_LIKE_SOME_TEA\r\n"],
+        ["ERROR\r\n", "DATA\r\n"],
+        ["DATA 31\r\n", "OK ffffffffffffffffffffffffffffffff\r\n"],
+        ["NEGOTIATE_UNIX_FD\r\n", "AGREE_UNIX_FD\r\n"],
+        ["BEGIN\r\n"]
+      ]
+
+      expect { subject.authenticate }.to_not raise_error
+    end
+
+    it "authentication passes when the server decides not to need the DATA" do
+      expect_protocol [
+        ["AUTH CHALLENGE_ME 31\r\n", "OK ffffffffffffffffffffffffffffffff\r\n"],
+        ["NEGOTIATE_UNIX_FD\r\n", "AGREE_UNIX_FD\r\n"],
+        ["BEGIN\r\n"]
+      ]
+
+      expect { subject.authenticate }.to_not raise_error
+    end
+  end
+
+  context "with a mechanism returning :MechError" do
+    let(:fallible_mechanism) do
+      double(name: "FALLIBLE", call: [:MechError, "not my best day"])
+    end
+
+    let(:subject) { described_class.new(socket, [fallible_mechanism]) }
+
+    it "authentication fails orderly" do
+      expect_protocol [
+        ["ERROR not my best day\r\n", "REJECTED DBUS_COOKIE_SHA1\r\n"]
+      ]
+
+      allow(socket).to receive(:close) # want to get rid of thise
+      expect { subject.authenticate }.to raise_error(DBus::AuthenticationFailed, /exhausted/)
+    end
+  end
+
+  context "with a badly implemented mechanism" do
+    let(:buggy_mechanism) do
+      double(name: "buggy", call: [:smurf, nil])
+    end
+
+    let(:subject) { described_class.new(socket, [buggy_mechanism]) }
+
+    it "authentication fails before protoxol is exchanged" do
+      expect(subject).to_not receive(:write_line)
+      expect(subject).to_not receive(:read_line)
+
+      expect { subject.authenticate }.to raise_error(DBus::AuthenticationFailed, /smurf/)
+    end
+  end
+end

data/spec/proxy_object_interface_spec.rb

@@ -0,0 +1,35 @@
+#!/usr/bin/env rspec
+# frozen_string_literal: true
+
+require_relative "spec_helper"
+require "dbus"
+
+describe DBus::ProxyObjectInterface do
+  # TODO: tag tests that need a service, eg "needs-service"
+  # TODO: maybe remove this and rely on a packaged tool
+  around(:each) do |example|
+    with_private_bus do
+      with_service_by_activation(&example)
+    end
+  end
+
+  let(:bus) { DBus::ASessionBus.new }
+
+  context "when calling org.ruby.service" do
+    let(:svc) { bus["org.ruby.service"] }
+
+    # This is white box testing, knowing the implementation
+    # A better way would be structuring it according to the D-Bus Spec
+    # Or testing the service side doing the right thing? (What if our bugs cancel out)
+    describe "#define_method_from_descriptor" do
+      it "can call a method with multiple OUT arguments" do
+        obj = svc["/org/ruby/MyInstance"]
+        ifc = obj["org.ruby.SampleInterface"]
+
+        even, odd = ifc.EvenOdd([3, 1, 4, 1, 5, 9, 2, 6])
+        expect(even).to eq [4, 2, 6]
+        expect(odd).to eq [3, 1, 1, 5, 9]
+      end
+    end
+  end
+end

data/spec/raw_message_spec.rb

@@ -0,0 +1,32 @@
+#!/usr/bin/env rspec
+# frozen_string_literal: true
+
+require_relative "spec_helper"
+require "dbus"
+
+# Pedantic full coverage test.
+# The happy paths are covered via calling classes
+describe DBus::RawMessage do
+  describe ".endianness" do
+    it "returns :little for 'l'" do
+      expect(described_class.endianness("l")).to eq :little
+    end
+
+    it "returns :big for 'B'" do
+      expect(described_class.endianness("B")).to eq :big
+    end
+
+    it "raises for other strings" do
+      expect { described_class.endianness("m") }
+        .to raise_error(DBus::InvalidPacketException, /Incorrect endianness/)
+    end
+  end
+
+  describe "#align" do
+    it "raises for values other than 1 2 4 8" do
+      subject = described_class.new("l")
+      expect { subject.align(3) }.to raise_error(ArgumentError)
+      expect { subject.align(16) }.to raise_error(ArgumentError)
+    end
+  end
+end

data/spec/service_newapi.rb

@@ -102,6 +102,12 @@ class Test < DBus::Object
       [coords]
     end
 
+    # Two OUT arguments
+    dbus_method :EvenOdd, "in numbers:ai, out even:ai, out odd:ai" do |numbers|
+      even, odd = numbers.partition(&:even?)
+      [even, odd]
+    end
+
     # Properties:
     # ReadMe:string, returns "READ ME" at first, then what WriteMe received
     # WriteMe:string

data/spec/spec_helper.rb

@@ -31,7 +31,7 @@ if coverage
       c.single_report_path = "coverage/lcov.info"
     end
 
-    SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter[
+    SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter.new [
       SimpleCov::Formatter::HTMLFormatter,
       SimpleCov::Formatter::LcovFormatter
     ]

data/spec/thread_safety_spec.rb

@@ -5,28 +5,71 @@
 require_relative "spec_helper"
 require "dbus"
 
-describe "ThreadSafetyTest" do
-  it "tests thread competition" do
-    print "Thread competition: "
-    jobs = []
-    5.times do
-      jobs << Thread.new do
-        Thread.current.abort_on_exception = true
+class TestSignalRace < DBus::Object
+  dbus_interface "org.ruby.ServerTest" do
+    dbus_signal :signal_without_arguments
+  end
+end
+
+# Run *count* threads all doing *body*, wait for their finish
+def race_threads(count, &body)
+  jobs = count.times.map do |j|
+    Thread.new do
+      Thread.current.abort_on_exception = true
+
+      body.call(j)
+    end
+  end
+  jobs.each(&:join)
+end
+
+# Repeat *count* times: { random sleep, *body* }, printing progress
+def repeat_with_jitter(count, &body)
+  count.times do |i|
+    sleep 0.1 * rand
+    print "#{i} "
+    $stdout.flush
 
+    body.call
+  end
+end
+
+describe "thread safety" do
+  context "R/W: when the threads call methods with return values" do
+    it "it works with separate bus connections" do
+      race_threads(5) do |_j|
         # use separate connections to avoid races
         bus = DBus::ASessionBus.new
         svc = bus.service("org.ruby.service")
         obj = svc.object("/org/ruby/MyInstance")
         obj.default_iface = "org.ruby.SampleInterface"
 
-        10.times do |i|
-          print "#{i} "
-          $stdout.flush
+        repeat_with_jitter(10) do
           expect(obj.the_answer[0]).to eq(42)
-          sleep 0.1 * rand
         end
       end
+      puts
+    end
+  end
+
+  context "W/O: when the threads only send signals" do
+    it "it works with a shared separate bus connection" do
+      race_threads(5) do |j|
+        # shared connection
+        bus = DBus::SessionBus.instance
+        # hackish: we do not actually request the name
+        svc = DBus::Service.new("org.ruby.server-test#{j}", bus)
+
+        obj = TestSignalRace.new "/org/ruby/Foo"
+        svc.export obj
+
+        repeat_with_jitter(10) do
+          obj.signal_without_arguments
+        end
+
+        svc.unexport(obj)
+      end
+      puts
     end
-    jobs.each(&:join)
   end
 end

data/spec/tools/dbus-limited-session.conf

@@ -7,6 +7,20 @@
   <!-- Our well-known bus type, don't change this -->
   <type>session</type>
 
+  <!-- Authentication:
+       This was useful during refactoring, but meanwhile RSpec mocking has
+       replaced it. -->
+  <!-- Explicitly list all known authentication mechanisms,
+       their order is not important.
+       By default the daemon allows all but this lets me disable some. -->
+  <auth>EXTERNAL</auth>
+  <auth>DBUS_COOKIE_SHA1</auth>
+  <auth>ANONYMOUS</auth>
+  <!-- Insecure, other users could call us and exploit debug APIs/bugs -->
+  <!--
+  <allow_anonymous/>
+  -->
+
   <listen>unix:tmpdir=/tmp</listen>
   <listen>tcp:host=127.0.0.1</listen>
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ruby-dbus
 version: !ruby/object:Gem::Version
-  version: 0.19.0
+  version: 0.21.0
 platform: ruby
 authors:
 - Ruby DBus Team
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-01-18 00:00:00.000000000 Z
+date: 2023-04-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rexml
@@ -165,6 +165,7 @@ files:
 - lib/dbus/xml.rb
 - ruby-dbus.gemspec
 - spec/async_spec.rb
+- spec/auth_spec.rb
 - spec/binding_spec.rb
 - spec/bus_and_xml_backend_spec.rb
 - spec/bus_driver_spec.rb
@@ -186,7 +187,9 @@ files:
 - spec/packet_marshaller_spec.rb
 - spec/packet_unmarshaller_spec.rb
 - spec/property_spec.rb
+- spec/proxy_object_interface_spec.rb
 - spec/proxy_object_spec.rb
+- spec/raw_message_spec.rb
 - spec/server_robustness_spec.rb
 - spec/server_spec.rb
 - spec/service_newapi.rb
@@ -208,7 +211,7 @@ homepage: https://github.com/mvidner/ruby-dbus
 licenses:
 - LGPL-2.1
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -223,9 +226,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6.3
-signing_key: 
+rubygems_version: 3.3.0.dev
+signing_key:
 specification_version: 4
 summary: Ruby module for interaction with D-Bus
 test_files: []