commit
ae1817e60a
@ -0,0 +1,2 @@
|
|||||||
|
SOURCES/spice-vdagent-0.20.0.tar.bz2
|
||||||
|
SOURCES/victortoso-E37A484F.keyring
|
@ -0,0 +1,2 @@
|
|||||||
|
93f67af0586f22af31074b47521e9a1953a5ce58 SOURCES/spice-vdagent-0.20.0.tar.bz2
|
||||||
|
da7a529db1ea28a1540c5892ea9836abeb378c3e SOURCES/victortoso-E37A484F.keyring
|
@ -0,0 +1,104 @@
|
|||||||
|
From 51489290e7fbd771907751990eda719199ff491e Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Jakub=20Jank=C5=AF?= <jjanku@redhat.com>
|
||||||
|
Date: Fri, 20 Mar 2020 10:36:03 +0100
|
||||||
|
Subject: [PATCH 1/4] vdagentd: work around GLib's fork issues
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Creating threads is not compatible with forking as only the thread
|
||||||
|
that calls fork() is inherited.
|
||||||
|
|
||||||
|
Handlers registered with g_unix_signal_add() create a thread so
|
||||||
|
move these calls after fork.
|
||||||
|
|
||||||
|
Also call g_socket_service_start() after fork to avoid creation of
|
||||||
|
new threads before it is necessary.
|
||||||
|
|
||||||
|
Fixes: https://gitlab.freedesktop.org/spice/linux/vd_agent/issues/18
|
||||||
|
|
||||||
|
Also see: https://gitlab.gnome.org/GNOME/glib/issues/2073
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Janků <jjanku@redhat.com>
|
||||||
|
Acked-by: Frediano Ziglio <fziglio@redhat.com>
|
||||||
|
(cherry picked from commit 9b8c0ebb9fb573e6ce3c5416371509f416503d0c)
|
||||||
|
---
|
||||||
|
src/udscs.c | 6 ++++++
|
||||||
|
src/udscs.h | 2 ++
|
||||||
|
src/vdagentd/vdagentd.c | 9 +++++----
|
||||||
|
3 files changed, 13 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/udscs.c b/src/udscs.c
|
||||||
|
index 4de75f8..7c99eed 100644
|
||||||
|
--- a/src/udscs.c
|
||||||
|
+++ b/src/udscs.c
|
||||||
|
@@ -186,6 +186,7 @@ struct udscs_server *udscs_server_new(
|
||||||
|
server->read_callback = read_callback;
|
||||||
|
server->error_cb = error_cb;
|
||||||
|
server->service = g_socket_service_new();
|
||||||
|
+ g_socket_service_stop(server->service);
|
||||||
|
|
||||||
|
g_signal_connect(server->service, "incoming",
|
||||||
|
G_CALLBACK(udscs_server_accept_cb), server);
|
||||||
|
@@ -223,6 +224,11 @@ void udscs_server_listen_to_address(struct udscs_server *server,
|
||||||
|
g_object_unref(sock_addr);
|
||||||
|
}
|
||||||
|
|
||||||
|
+void udscs_server_start(struct udscs_server *server)
|
||||||
|
+{
|
||||||
|
+ g_socket_service_start(server->service);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
void udscs_server_destroy_connection(struct udscs_server *server,
|
||||||
|
UdscsConnection *conn)
|
||||||
|
{
|
||||||
|
diff --git a/src/udscs.h b/src/udscs.h
|
||||||
|
index 45ebd3f..4f7ea36 100644
|
||||||
|
--- a/src/udscs.h
|
||||||
|
+++ b/src/udscs.h
|
||||||
|
@@ -98,6 +98,8 @@ void udscs_server_listen_to_address(struct udscs_server *server,
|
||||||
|
const gchar *addr,
|
||||||
|
GError **err);
|
||||||
|
|
||||||
|
+void udscs_server_start(struct udscs_server *server);
|
||||||
|
+
|
||||||
|
void udscs_server_destroy_connection(struct udscs_server *server,
|
||||||
|
UdscsConnection *conn);
|
||||||
|
|
||||||
|
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
|
||||||
|
index cfd0a51..1b63ec8 100644
|
||||||
|
--- a/src/vdagentd/vdagentd.c
|
||||||
|
+++ b/src/vdagentd/vdagentd.c
|
||||||
|
@@ -1184,10 +1184,6 @@ int main(int argc, char *argv[])
|
||||||
|
uinput_device = g_strdup(DEFAULT_UINPUT_DEVICE);
|
||||||
|
}
|
||||||
|
|
||||||
|
- g_unix_signal_add(SIGINT, signal_handler, NULL);
|
||||||
|
- g_unix_signal_add(SIGHUP, signal_handler, NULL);
|
||||||
|
- g_unix_signal_add(SIGTERM, signal_handler, NULL);
|
||||||
|
-
|
||||||
|
openlog("spice-vdagentd", do_daemonize ? 0 : LOG_PERROR, LOG_USER);
|
||||||
|
|
||||||
|
/* Setup communication with vdagent process(es) */
|
||||||
|
@@ -1240,6 +1236,10 @@ int main(int argc, char *argv[])
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+ g_unix_signal_add(SIGINT, signal_handler, NULL);
|
||||||
|
+ g_unix_signal_add(SIGHUP, signal_handler, NULL);
|
||||||
|
+ g_unix_signal_add(SIGTERM, signal_handler, NULL);
|
||||||
|
+
|
||||||
|
if (want_session_info)
|
||||||
|
session_info = session_info_create(debug);
|
||||||
|
if (session_info) {
|
||||||
|
@@ -1252,6 +1252,7 @@ int main(int argc, char *argv[])
|
||||||
|
|
||||||
|
active_xfers = g_hash_table_new(g_direct_hash, g_direct_equal);
|
||||||
|
|
||||||
|
+ udscs_server_start(server);
|
||||||
|
loop = g_main_loop_new(NULL, FALSE);
|
||||||
|
g_main_loop_run(loop);
|
||||||
|
|
||||||
|
--
|
||||||
|
2.26.1
|
||||||
|
|
@ -0,0 +1,45 @@
|
|||||||
|
From 3bcba789b9c5f776aa5f43b5783ef41befee62a6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Jakub=20Jank=C5=AF?= <jjanku@redhat.com>
|
||||||
|
Date: Fri, 20 Mar 2020 17:18:32 +0100
|
||||||
|
Subject: [PATCH 2/4] vdagentd: init static uinput before fork
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Otherwise the caller doesn't know that the init failed
|
||||||
|
because we're returning 0 in the parent and 1 in child.
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Janků <jjanku@redhat.com>
|
||||||
|
Acked-by: Frediano Ziglio <fziglio@redhat.com>
|
||||||
|
(cherry picked from commit 7b0435ef66af088c1a1be20b6bc6b0fcb76e4e1a)
|
||||||
|
---
|
||||||
|
src/vdagentd/vdagentd.c | 6 +++---
|
||||||
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
|
||||||
|
index 1b63ec8..753c9bf 100644
|
||||||
|
--- a/src/vdagentd/vdagentd.c
|
||||||
|
+++ b/src/vdagentd/vdagentd.c
|
||||||
|
@@ -1224,9 +1224,6 @@ int main(int argc, char *argv[])
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (do_daemonize)
|
||||||
|
- daemonize();
|
||||||
|
-
|
||||||
|
#ifdef WITH_STATIC_UINPUT
|
||||||
|
uinput = vdagentd_uinput_create(uinput_device, 1024, 768, NULL, 0,
|
||||||
|
debug > 1, uinput_fake);
|
||||||
|
@@ -1236,6 +1233,9 @@ int main(int argc, char *argv[])
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+ if (do_daemonize)
|
||||||
|
+ daemonize();
|
||||||
|
+
|
||||||
|
g_unix_signal_add(SIGINT, signal_handler, NULL);
|
||||||
|
g_unix_signal_add(SIGHUP, signal_handler, NULL);
|
||||||
|
g_unix_signal_add(SIGTERM, signal_handler, NULL);
|
||||||
|
--
|
||||||
|
2.26.1
|
||||||
|
|
@ -0,0 +1,35 @@
|
|||||||
|
From 823d743394f5696887ed1622623f45f7190d59bf Mon Sep 17 00:00:00 2001
|
||||||
|
From: Frediano Ziglio <fziglio@redhat.com>
|
||||||
|
Date: Thu, 26 Mar 2020 11:31:50 +0000
|
||||||
|
Subject: [PATCH 3/4] systemd-login: Avoid a crash on container
|
||||||
|
|
||||||
|
On containers dbus could be not running.
|
||||||
|
In this case dbus.system_connection is NULL and calling
|
||||||
|
dbus_connection_close on it will cause a crash.
|
||||||
|
This happens also under Gitlab CI.
|
||||||
|
|
||||||
|
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
|
||||||
|
Acked-by: Victor Toso <victortoso@redhat.com>
|
||||||
|
(cherry picked from commit 5654f4d2f90f95efd1f0ca70b438a3ab81022d15)
|
||||||
|
---
|
||||||
|
src/vdagentd/systemd-login.c | 4 +++-
|
||||||
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/vdagentd/systemd-login.c b/src/vdagentd/systemd-login.c
|
||||||
|
index 0b8f3c1..2d2311c 100644
|
||||||
|
--- a/src/vdagentd/systemd-login.c
|
||||||
|
+++ b/src/vdagentd/systemd-login.c
|
||||||
|
@@ -250,7 +250,9 @@ void session_info_destroy(struct session_info *si)
|
||||||
|
return;
|
||||||
|
|
||||||
|
si_dbus_match_remove(si);
|
||||||
|
- dbus_connection_close(si->dbus.system_connection);
|
||||||
|
+ if (si->dbus.system_connection) {
|
||||||
|
+ dbus_connection_close(si->dbus.system_connection);
|
||||||
|
+ }
|
||||||
|
sd_login_monitor_unref(si->mon);
|
||||||
|
g_free(si->session);
|
||||||
|
g_free(si);
|
||||||
|
--
|
||||||
|
2.26.1
|
||||||
|
|
@ -0,0 +1,31 @@
|
|||||||
|
From 7a9ae6219c5a114edcfd1ccb5db04568e47c94aa Mon Sep 17 00:00:00 2001
|
||||||
|
From: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
Date: Mon, 11 May 2020 10:47:49 +0100
|
||||||
|
Subject: [PATCH 4/4] Fix possible compile error using former GLib2 version
|
||||||
|
|
||||||
|
We require GLib 2.50 but G_SOURCE_FUNC was introduced in version
|
||||||
|
2.58. Do the conversion instead of using G_SOURCE_FUNC macro.
|
||||||
|
|
||||||
|
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
Acked-by: Victor Toso <victortoso@redhat.com>
|
||||||
|
(cherry picked from commit d0b5f80adaef757ebfa81d1ab1c6561697243dc9)
|
||||||
|
---
|
||||||
|
src/vdagent-connection.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/vdagent-connection.c b/src/vdagent-connection.c
|
||||||
|
index 8c023e2..c085d81 100644
|
||||||
|
--- a/src/vdagent-connection.c
|
||||||
|
+++ b/src/vdagent-connection.c
|
||||||
|
@@ -231,7 +231,7 @@ void vdagent_connection_write(VDAgentConnection *self,
|
||||||
|
out = G_POLLABLE_OUTPUT_STREAM(g_io_stream_get_output_stream(priv->io_stream));
|
||||||
|
|
||||||
|
source = g_pollable_output_stream_create_source(out, priv->cancellable);
|
||||||
|
- g_source_set_callback(source, G_SOURCE_FUNC(out_stream_ready_cb),
|
||||||
|
+ g_source_set_callback(source, (GSourceFunc) out_stream_ready_cb,
|
||||||
|
g_object_ref(self), NULL);
|
||||||
|
g_source_attach(source, NULL);
|
||||||
|
g_source_unref(source);
|
||||||
|
--
|
||||||
|
2.26.1
|
||||||
|
|
@ -0,0 +1,107 @@
|
|||||||
|
From 4bb11e214304209e37afe4bf324a7ce9e56f351c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
Date: Mon, 21 Sep 2020 06:53:45 +0100
|
||||||
|
Subject: [PATCH vd_agent_linux 05/17] vdagentd: Use bool for
|
||||||
|
agent_owns_clipboard and client_connected
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
More clear (instaed of 0/1) and save some bytes.
|
||||||
|
|
||||||
|
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
Acked-by: Jakub Janků <jjanku@redhat.com>
|
||||||
|
---
|
||||||
|
src/vdagentd/vdagentd.c | 19 ++++++++++---------
|
||||||
|
1 file changed, 10 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
|
||||||
|
index 753c9bf..051de74 100644
|
||||||
|
--- a/src/vdagentd/vdagentd.c
|
||||||
|
+++ b/src/vdagentd/vdagentd.c
|
||||||
|
@@ -23,6 +23,7 @@
|
||||||
|
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
+#include <stdbool.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <fcntl.h>
|
||||||
|
@@ -77,9 +78,9 @@ static int capabilities_size = 0;
|
||||||
|
static const char *active_session = NULL;
|
||||||
|
static unsigned int session_count = 0;
|
||||||
|
static UdscsConnection *active_session_conn = NULL;
|
||||||
|
-static int agent_owns_clipboard[256] = { 0, };
|
||||||
|
+static bool agent_owns_clipboard[256] = { false, };
|
||||||
|
static int retval = 0;
|
||||||
|
-static int client_connected = 0;
|
||||||
|
+static bool client_connected = false;
|
||||||
|
static int max_clipboard = -1;
|
||||||
|
static uint32_t clipboard_serial[256];
|
||||||
|
|
||||||
|
@@ -155,7 +156,7 @@ static void do_client_disconnect(void)
|
||||||
|
if (client_connected) {
|
||||||
|
udscs_server_write_all(server, VDAGENTD_CLIENT_DISCONNECTED, 0, 0,
|
||||||
|
NULL, 0);
|
||||||
|
- client_connected = 0;
|
||||||
|
+ client_connected = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -239,7 +240,7 @@ static void do_client_capabilities(VirtioPort *vport,
|
||||||
|
do_client_disconnect();
|
||||||
|
if (debug)
|
||||||
|
syslog(LOG_DEBUG, "New client connected");
|
||||||
|
- client_connected = 1;
|
||||||
|
+ client_connected = true;
|
||||||
|
memset(clipboard_serial, 0, sizeof(clipboard_serial));
|
||||||
|
send_capabilities(vport, 0);
|
||||||
|
}
|
||||||
|
@@ -286,7 +287,7 @@ static void do_client_clipboard(VirtioPort *vport,
|
||||||
|
}
|
||||||
|
|
||||||
|
msg_type = VDAGENTD_CLIPBOARD_GRAB;
|
||||||
|
- agent_owns_clipboard[selection] = 0;
|
||||||
|
+ agent_owns_clipboard[selection] = false;
|
||||||
|
break;
|
||||||
|
case VD_AGENT_CLIPBOARD_REQUEST: {
|
||||||
|
VDAgentClipboardRequest *req = (VDAgentClipboardRequest *)data;
|
||||||
|
@@ -624,7 +625,7 @@ static void virtio_port_read_complete(
|
||||||
|
|
||||||
|
static void virtio_port_error_cb(VDAgentConnection *conn, GError *err)
|
||||||
|
{
|
||||||
|
- gboolean old_client_connected = client_connected;
|
||||||
|
+ bool old_client_connected = client_connected;
|
||||||
|
syslog(LOG_CRIT, "AIIEEE lost spice client connection, reconnecting (err: %s)",
|
||||||
|
err ? err->message : "");
|
||||||
|
g_clear_error(&err);
|
||||||
|
@@ -717,7 +718,7 @@ static void do_agent_clipboard(UdscsConnection *conn,
|
||||||
|
switch (header->type) {
|
||||||
|
case VDAGENTD_CLIPBOARD_GRAB:
|
||||||
|
msg_type = VD_AGENT_CLIPBOARD_GRAB;
|
||||||
|
- agent_owns_clipboard[selection] = 1;
|
||||||
|
+ agent_owns_clipboard[selection] = true;
|
||||||
|
break;
|
||||||
|
case VDAGENTD_CLIPBOARD_REQUEST:
|
||||||
|
msg_type = VD_AGENT_CLIPBOARD_REQUEST;
|
||||||
|
@@ -737,7 +738,7 @@ static void do_agent_clipboard(UdscsConnection *conn,
|
||||||
|
case VDAGENTD_CLIPBOARD_RELEASE:
|
||||||
|
msg_type = VD_AGENT_CLIPBOARD_RELEASE;
|
||||||
|
size = 0;
|
||||||
|
- agent_owns_clipboard[selection] = 0;
|
||||||
|
+ agent_owns_clipboard[selection] = false;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
syslog(LOG_WARNING, "unexpected clipboard message type");
|
||||||
|
@@ -851,7 +852,7 @@ static void release_clipboards(void)
|
||||||
|
vdagent_virtio_port_write(virtio_port, VDP_CLIENT_PORT,
|
||||||
|
VD_AGENT_CLIPBOARD_RELEASE, 0, &sel, 1);
|
||||||
|
}
|
||||||
|
- agent_owns_clipboard[sel] = 0;
|
||||||
|
+ agent_owns_clipboard[sel] = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
@ -0,0 +1,72 @@
|
|||||||
|
From 21fbcf665a7ad6b761e9342d116657d5c2353592 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
Date: Mon, 21 Sep 2020 07:00:39 +0100
|
||||||
|
Subject: [PATCH vd_agent_linux 06/17] vdagentd: Automatically release
|
||||||
|
"agent_data"
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
It's not guaranteed that agent_disconnect will release the connection
|
||||||
|
so avoid to have a dandling pointer.
|
||||||
|
|
||||||
|
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
Acked-by: Jakub Janků <jjanku@redhat.com>
|
||||||
|
---
|
||||||
|
src/vdagentd/vdagentd.c | 17 ++++++++++-------
|
||||||
|
1 file changed, 10 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
|
||||||
|
index 051de74..94b8681 100644
|
||||||
|
--- a/src/vdagentd/vdagentd.c
|
||||||
|
+++ b/src/vdagentd/vdagentd.c
|
||||||
|
@@ -86,6 +86,13 @@ static uint32_t clipboard_serial[256];
|
||||||
|
|
||||||
|
static GMainLoop *loop;
|
||||||
|
|
||||||
|
+static void agent_data_destroy(struct agent_data *agent_data)
|
||||||
|
+{
|
||||||
|
+ g_free(agent_data->session);
|
||||||
|
+ g_free(agent_data->screen_info);
|
||||||
|
+ g_free(agent_data);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static void vdagentd_quit(gint exit_code)
|
||||||
|
{
|
||||||
|
retval = exit_code;
|
||||||
|
@@ -930,7 +937,7 @@ static void agent_connect(UdscsConnection *conn)
|
||||||
|
syslog(LOG_ERR, "Could not get peer PID, disconnecting new client: %s",
|
||||||
|
err->message);
|
||||||
|
g_error_free(err);
|
||||||
|
- g_free(agent_data);
|
||||||
|
+ agent_data_destroy(agent_data);
|
||||||
|
udscs_server_destroy_connection(server, conn);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
@@ -938,7 +945,8 @@ static void agent_connect(UdscsConnection *conn)
|
||||||
|
agent_data->session = session_info_session_for_pid(session_info, pid);
|
||||||
|
}
|
||||||
|
|
||||||
|
- g_object_set_data(G_OBJECT(conn), "agent_data", agent_data);
|
||||||
|
+ g_object_set_data_full(G_OBJECT(conn), "agent_data", agent_data,
|
||||||
|
+ (GDestroyNotify) agent_data_destroy);
|
||||||
|
udscs_write(conn, VDAGENTD_VERSION, 0, 0,
|
||||||
|
(uint8_t *)VERSION, strlen(VERSION) + 1);
|
||||||
|
update_active_session_connection(conn);
|
||||||
|
@@ -951,13 +959,8 @@ static void agent_connect(UdscsConnection *conn)
|
||||||
|
|
||||||
|
static void agent_disconnect(VDAgentConnection *conn, GError *err)
|
||||||
|
{
|
||||||
|
- struct agent_data *agent_data = g_object_get_data(G_OBJECT(conn), "agent_data");
|
||||||
|
-
|
||||||
|
g_hash_table_foreach_remove(active_xfers, remove_active_xfers, conn);
|
||||||
|
|
||||||
|
- g_clear_pointer(&agent_data->session, g_free);
|
||||||
|
- g_free(agent_data->screen_info);
|
||||||
|
- g_free(agent_data);
|
||||||
|
if (err) {
|
||||||
|
syslog(LOG_ERR, "%s", err->message);
|
||||||
|
g_error_free(err);
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
@ -0,0 +1,34 @@
|
|||||||
|
From ac89076d412f67aa7122a9fb786af32eb5f87d5d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
Date: Tue, 22 Sep 2020 11:45:56 +0100
|
||||||
|
Subject: [PATCH vd_agent_linux 07/17] vdagent-connection: Pass "err" to
|
||||||
|
g_credentials_get_unix_pid
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
Allows to return detailed information if g_credentials_get_unix_pid
|
||||||
|
fails.
|
||||||
|
|
||||||
|
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
Acked-by: Julien Ropé <jrope@redhat.com>
|
||||||
|
---
|
||||||
|
src/vdagent-connection.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/vdagent-connection.c b/src/vdagent-connection.c
|
||||||
|
index 8c023e2..b1d4db6 100644
|
||||||
|
--- a/src/vdagent-connection.c
|
||||||
|
+++ b/src/vdagent-connection.c
|
||||||
|
@@ -155,7 +155,7 @@ gint vdagent_connection_get_peer_pid(VDAgentConnection *self,
|
||||||
|
sock = g_socket_connection_get_socket(G_SOCKET_CONNECTION(priv->io_stream));
|
||||||
|
cred = g_socket_get_credentials(sock, err);
|
||||||
|
if (cred) {
|
||||||
|
- pid = g_credentials_get_unix_pid(cred, NULL);
|
||||||
|
+ pid = g_credentials_get_unix_pid(cred, err);
|
||||||
|
g_object_unref(cred);
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
@ -0,0 +1,44 @@
|
|||||||
|
From 64289e71a1b2a9dc6868eb810cf93ca8c0644693 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
Date: Mon, 21 Sep 2020 16:42:26 +0100
|
||||||
|
Subject: [PATCH vd_agent_linux 08/17] vdagentd: Better check for
|
||||||
|
vdagent_connection_get_peer_pid results
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
The function can return -1 and leave "err" to NULL in some cases,
|
||||||
|
do not check only for "err".
|
||||||
|
|
||||||
|
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
Acked-by: Julien Ropé <jrope@redhat.com>
|
||||||
|
---
|
||||||
|
src/vdagentd/vdagentd.c | 12 ++++++++----
|
||||||
|
1 file changed, 8 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
|
||||||
|
index 94b8681..12cbbd0 100644
|
||||||
|
--- a/src/vdagentd/vdagentd.c
|
||||||
|
+++ b/src/vdagentd/vdagentd.c
|
||||||
|
@@ -933,10 +933,14 @@ static void agent_connect(UdscsConnection *conn)
|
||||||
|
|
||||||
|
if (session_info) {
|
||||||
|
pid = vdagent_connection_get_peer_pid(VDAGENT_CONNECTION(conn), &err);
|
||||||
|
- if (err) {
|
||||||
|
- syslog(LOG_ERR, "Could not get peer PID, disconnecting new client: %s",
|
||||||
|
- err->message);
|
||||||
|
- g_error_free(err);
|
||||||
|
+ if (err || pid <= 0) {
|
||||||
|
+ static const char msg[] = "Could not get peer PID, disconnecting new client";
|
||||||
|
+ if (err) {
|
||||||
|
+ syslog(LOG_ERR, "%s: %s", msg, err->message);
|
||||||
|
+ g_error_free(err);
|
||||||
|
+ } else {
|
||||||
|
+ syslog(LOG_ERR, "%s", msg);
|
||||||
|
+ }
|
||||||
|
agent_data_destroy(agent_data);
|
||||||
|
udscs_server_destroy_connection(server, conn);
|
||||||
|
return;
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
@ -0,0 +1,49 @@
|
|||||||
|
From dd46157d3faa95a12fc6f04cd2515f200e3ca465 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
Date: Thu, 24 Sep 2020 12:13:24 +0100
|
||||||
|
Subject: [PATCH vd_agent_linux 09/17] vdagentd: Avoid calling chmod
|
||||||
|
|
||||||
|
Create the socket with the right permissions using umask.
|
||||||
|
This also prevents possible symlink exploitation in case socket
|
||||||
|
path is not secure.
|
||||||
|
|
||||||
|
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
Acked-by: Uri Lublin <uril@redhat.com>
|
||||||
|
---
|
||||||
|
src/vdagentd/vdagentd.c | 12 ++----------
|
||||||
|
1 file changed, 2 insertions(+), 10 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
|
||||||
|
index 12cbbd0..eddfcf6 100644
|
||||||
|
--- a/src/vdagentd/vdagentd.c
|
||||||
|
+++ b/src/vdagentd/vdagentd.c
|
||||||
|
@@ -1211,7 +1211,9 @@ int main(int argc, char *argv[])
|
||||||
|
/* systemd socket activation not enabled, create our own */
|
||||||
|
#endif /* WITH_SYSTEMD_SOCKET_ACTIVATION */
|
||||||
|
{
|
||||||
|
+ mode_t mode = umask(0111);
|
||||||
|
udscs_server_listen_to_address(server, vdagentd_socket, &err);
|
||||||
|
+ umask(mode);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (err) {
|
||||||
|
@@ -1222,16 +1224,6 @@ int main(int argc, char *argv[])
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
- /* no need to set permissions on a socket that was provided by systemd */
|
||||||
|
- if (own_socket) {
|
||||||
|
- if (chmod(vdagentd_socket, 0666)) {
|
||||||
|
- syslog(LOG_CRIT, "Fatal could not change permissions on %s: %m",
|
||||||
|
- vdagentd_socket);
|
||||||
|
- udscs_destroy_server(server);
|
||||||
|
- return 1;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
#ifdef WITH_STATIC_UINPUT
|
||||||
|
uinput = vdagentd_uinput_create(uinput_device, 1024, 768, NULL, 0,
|
||||||
|
debug > 1, uinput_fake);
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
@ -0,0 +1,84 @@
|
|||||||
|
From 956608c1344f185e39294004b64906a7e1b5c14c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
Date: Sat, 19 Sep 2020 15:13:42 +0100
|
||||||
|
Subject: [PATCH vd_agent_linux 10/17] Avoids unchecked file transfer IDs
|
||||||
|
allocation and usage
|
||||||
|
|
||||||
|
Avoid agents allocating file transfers.
|
||||||
|
The "active_xfers" entries are now inserted when client start sending
|
||||||
|
files.
|
||||||
|
Also different agents cannot mess with other agent transfers as a
|
||||||
|
transfer is bound to a single agent.
|
||||||
|
|
||||||
|
This issue was reported by SUSE security team.
|
||||||
|
|
||||||
|
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
|
||||||
|
Acked-by: Uri Lublin <uril@redhat.com>
|
||||||
|
---
|
||||||
|
src/vdagentd/vdagentd.c | 28 ++++++++++++++++++++++------
|
||||||
|
1 file changed, 22 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
|
||||||
|
index eddfcf6..8961a99 100644
|
||||||
|
--- a/src/vdagentd/vdagentd.c
|
||||||
|
+++ b/src/vdagentd/vdagentd.c
|
||||||
|
@@ -381,9 +381,11 @@ static void do_client_file_xfer(VirtioPort *vport,
|
||||||
|
s->id, VD_AGENT_FILE_XFER_STATUS_SESSION_LOCKED, NULL, 0);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
- udscs_write(active_session_conn, VDAGENTD_FILE_XFER_START, 0, 0,
|
||||||
|
- data, message_header->size);
|
||||||
|
- return;
|
||||||
|
+ msg_type = VDAGENTD_FILE_XFER_START;
|
||||||
|
+ id = s->id;
|
||||||
|
+ // associate the id with the active connection
|
||||||
|
+ g_hash_table_insert(active_xfers, GUINT_TO_POINTER(id), active_session_conn);
|
||||||
|
+ break;
|
||||||
|
}
|
||||||
|
case VD_AGENT_FILE_XFER_STATUS: {
|
||||||
|
VDAgentFileXferStatusMessage *s = (VDAgentFileXferStatusMessage *)data;
|
||||||
|
@@ -408,6 +410,12 @@ static void do_client_file_xfer(VirtioPort *vport,
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
udscs_write(conn, msg_type, 0, 0, data, message_header->size);
|
||||||
|
+
|
||||||
|
+ // client told that transfer is ended, agents too stop the transfer
|
||||||
|
+ // and release resources
|
||||||
|
+ if (message_header->type == VD_AGENT_FILE_XFER_STATUS) {
|
||||||
|
+ g_hash_table_remove(active_xfers, GUINT_TO_POINTER(id));
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
static void forward_data_to_session_agent(uint32_t type, uint8_t *data, size_t size)
|
||||||
|
@@ -1015,6 +1023,15 @@ static void do_agent_file_xfer_status(UdscsConnection *conn,
|
||||||
|
const gchar *log_msg = NULL;
|
||||||
|
guint data_size = 0;
|
||||||
|
|
||||||
|
+ UdscsConnection *task_conn = g_hash_table_lookup(active_xfers, task_id);
|
||||||
|
+ if (task_conn == NULL || task_conn != conn) {
|
||||||
|
+ // Protect against misbehaving agent.
|
||||||
|
+ // Ignore the message, but do not disconnect the agent, to protect against
|
||||||
|
+ // a misbehaving client that tries to disconnect a good agent
|
||||||
|
+ // e.g. by sending a new task and immediately cancelling it.
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* header->arg1 = file xfer task id, header->arg2 = file xfer status */
|
||||||
|
switch (header->arg2) {
|
||||||
|
case VD_AGENT_FILE_XFER_STATUS_NOT_ENOUGH_SPACE:
|
||||||
|
@@ -1029,10 +1046,9 @@ static void do_agent_file_xfer_status(UdscsConnection *conn,
|
||||||
|
send_file_xfer_status(virtio_port, log_msg, header->arg1, header->arg2,
|
||||||
|
data, data_size);
|
||||||
|
|
||||||
|
- if (header->arg2 == VD_AGENT_FILE_XFER_STATUS_CAN_SEND_DATA)
|
||||||
|
- g_hash_table_insert(active_xfers, task_id, conn);
|
||||||
|
- else
|
||||||
|
+ if (header->arg2 != VD_AGENT_FILE_XFER_STATUS_CAN_SEND_DATA) {
|
||||||
|
g_hash_table_remove(active_xfers, task_id);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
static void agent_read_complete(UdscsConnection *conn,
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
@ -0,0 +1,61 @@
|
|||||||
|
From b173eba1698138f92b08d4deeaac4d2979a67bbf Mon Sep 17 00:00:00 2001
|
||||||
|
From: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
Date: Fri, 2 Oct 2020 12:27:59 +0100
|
||||||
|
Subject: [PATCH vd_agent_linux 11/17] Avoids uncontrolled "active_xfers"
|
||||||
|
allocations
|
||||||
|
|
||||||
|
Limit the number of active file transfers possibly causing DoSes
|
||||||
|
consuming memory in "active_xfers".
|
||||||
|
|
||||||
|
This issue was reported by SUSE security team.
|
||||||
|
|
||||||
|
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
|
||||||
|
Acked-by: Uri Lublin <uril@redhat.com>
|
||||||
|
---
|
||||||
|
src/vdagentd/vdagentd.c | 23 +++++++++++++++++++++++
|
||||||
|
1 file changed, 23 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
|
||||||
|
index 8961a99..b31941d 100644
|
||||||
|
--- a/src/vdagentd/vdagentd.c
|
||||||
|
+++ b/src/vdagentd/vdagentd.c
|
||||||
|
@@ -47,6 +47,14 @@
|
||||||
|
|
||||||
|
#define DEFAULT_UINPUT_DEVICE "/dev/uinput"
|
||||||
|
|
||||||
|
+// Maximum number of transfers active at any time.
|
||||||
|
+// Avoid DoS from client.
|
||||||
|
+// As each transfer could likely end up taking a file descriptor
|
||||||
|
+// it is good to have a limit less than the number of file descriptors
|
||||||
|
+// in the process (by default 1024). The daemon do not open file
|
||||||
|
+// descriptors for the transfers but the agents do.
|
||||||
|
+#define MAX_ACTIVE_TRANSFERS 128
|
||||||
|
+
|
||||||
|
struct agent_data {
|
||||||
|
char *session;
|
||||||
|
int width;
|
||||||
|
@@ -380,6 +388,21 @@ static void do_client_file_xfer(VirtioPort *vport,
|
||||||
|
"Cancelling client file-xfer request %u",
|
||||||
|
s->id, VD_AGENT_FILE_XFER_STATUS_SESSION_LOCKED, NULL, 0);
|
||||||
|
return;
|
||||||
|
+ } else if (g_hash_table_size(active_xfers) >= MAX_ACTIVE_TRANSFERS) {
|
||||||
|
+ VDAgentFileXferStatusError error = {
|
||||||
|
+ GUINT32_TO_LE(VD_AGENT_FILE_XFER_STATUS_ERROR_GLIB_IO),
|
||||||
|
+ GUINT32_TO_LE(G_IO_ERROR_TOO_MANY_OPEN_FILES),
|
||||||
|
+ };
|
||||||
|
+ size_t detail_size = sizeof(error);
|
||||||
|
+ if (!VD_AGENT_HAS_CAPABILITY(capabilities, capabilities_size,
|
||||||
|
+ VD_AGENT_CAP_FILE_XFER_DETAILED_ERRORS)) {
|
||||||
|
+ detail_size = 0;
|
||||||
|
+ }
|
||||||
|
+ send_file_xfer_status(vport,
|
||||||
|
+ "Too many transfers ongoing. "
|
||||||
|
+ "Cancelling client file-xfer request %u",
|
||||||
|
+ s->id, VD_AGENT_FILE_XFER_STATUS_ERROR, (void*) &error, detail_size);
|
||||||
|
+ return;
|
||||||
|
}
|
||||||
|
msg_type = VDAGENTD_FILE_XFER_START;
|
||||||
|
id = s->id;
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
@ -0,0 +1,50 @@
|
|||||||
|
From 6e5b9924b172be4f33c7fc264a8ff1d6109b79fe Mon Sep 17 00:00:00 2001
|
||||||
|
From: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
Date: Sun, 20 Sep 2020 08:05:37 +0100
|
||||||
|
Subject: [PATCH vd_agent_linux 12/17] Avoids unlimited agent connections
|
||||||
|
|
||||||
|
Limit the number of agents that can be connected.
|
||||||
|
Avoids reaching the maximum number of files in a process.
|
||||||
|
Beside one file descriptor per agent the daemon open just some
|
||||||
|
other fixed number of files.
|
||||||
|
|
||||||
|
This issue was reported by SUSE security team.
|
||||||
|
|
||||||
|
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
---
|
||||||
|
src/udscs.c | 12 ++++++++++++
|
||||||
|
1 file changed, 12 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/udscs.c b/src/udscs.c
|
||||||
|
index 7c99eed..3df67b3 100644
|
||||||
|
--- a/src/udscs.c
|
||||||
|
+++ b/src/udscs.c
|
||||||
|
@@ -30,6 +30,12 @@
|
||||||
|
#include "vdagentd-proto-strings.h"
|
||||||
|
#include "vdagent-connection.h"
|
||||||
|
|
||||||
|
+// Maximum number of connected agents.
|
||||||
|
+// Avoid DoS from agents.
|
||||||
|
+// As each connection end up taking a file descriptor is good to have a limit
|
||||||
|
+// less than the number of file descriptors in the process (by default 1024).
|
||||||
|
+#define MAX_CONNECTED_AGENTS 128
|
||||||
|
+
|
||||||
|
struct _UdscsConnection {
|
||||||
|
VDAgentConnection parent_instance;
|
||||||
|
int debug;
|
||||||
|
@@ -254,6 +260,12 @@ static gboolean udscs_server_accept_cb(GSocketService *service,
|
||||||
|
struct udscs_server *server = user_data;
|
||||||
|
UdscsConnection *new_conn;
|
||||||
|
|
||||||
|
+ /* prevents DoS having too many agents attached */
|
||||||
|
+ if (g_list_length(server->connections) >= MAX_CONNECTED_AGENTS) {
|
||||||
|
+ syslog(LOG_ERR, "Too many agents connected");
|
||||||
|
+ return TRUE;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
new_conn = g_object_new(UDSCS_TYPE_CONNECTION, NULL);
|
||||||
|
new_conn->debug = server->debug;
|
||||||
|
new_conn->read_callback = server->read_callback;
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
@ -0,0 +1,144 @@
|
|||||||
|
From 5d9881309d0aeeebbc177d8af6dc26aa2ba56cfc Mon Sep 17 00:00:00 2001
|
||||||
|
From: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
Date: Sun, 20 Sep 2020 08:06:16 +0100
|
||||||
|
Subject: [PATCH vd_agent_linux 13/17] Avoids user session hijacking
|
||||||
|
|
||||||
|
Avoids user hijacking sessions by reusing PID.
|
||||||
|
In theory an attacker could:
|
||||||
|
- open a connection to the daemon;
|
||||||
|
- fork and exit the process but keep the file descriptor open
|
||||||
|
(inheriting or duplicating it in forked process);
|
||||||
|
- force OS to recycle the initial PID, by creating many short lived
|
||||||
|
processes.
|
||||||
|
Daemon would detect the old PID as having the new session.
|
||||||
|
Check the user to avoid such replacements.
|
||||||
|
|
||||||
|
This issue was reported by SUSE security team.
|
||||||
|
|
||||||
|
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
Acked-by: Uri Lublin <uril@redhat.com>
|
||||||
|
---
|
||||||
|
src/vdagent-connection.c | 13 +++++++------
|
||||||
|
src/vdagent-connection.h | 13 +++++++++----
|
||||||
|
src/vdagentd/vdagentd.c | 31 +++++++++++++++++++++++++++----
|
||||||
|
3 files changed, 43 insertions(+), 14 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/vdagent-connection.c b/src/vdagent-connection.c
|
||||||
|
index b1d4db6..fb331be 100644
|
||||||
|
--- a/src/vdagent-connection.c
|
||||||
|
+++ b/src/vdagent-connection.c
|
||||||
|
@@ -142,24 +142,25 @@ void vdagent_connection_destroy(gpointer p)
|
||||||
|
g_object_unref(self);
|
||||||
|
}
|
||||||
|
|
||||||
|
-gint vdagent_connection_get_peer_pid(VDAgentConnection *self,
|
||||||
|
- GError **err)
|
||||||
|
+PidUid vdagent_connection_get_peer_pid_uid(VDAgentConnection *self,
|
||||||
|
+ GError **err)
|
||||||
|
{
|
||||||
|
VDAgentConnectionPrivate *priv = vdagent_connection_get_instance_private(self);
|
||||||
|
GSocket *sock;
|
||||||
|
GCredentials *cred;
|
||||||
|
- gint pid = -1;
|
||||||
|
+ PidUid pid_uid = { -1, -1 };
|
||||||
|
|
||||||
|
- g_return_val_if_fail(G_IS_SOCKET_CONNECTION(priv->io_stream), pid);
|
||||||
|
+ g_return_val_if_fail(G_IS_SOCKET_CONNECTION(priv->io_stream), pid_uid);
|
||||||
|
|
||||||
|
sock = g_socket_connection_get_socket(G_SOCKET_CONNECTION(priv->io_stream));
|
||||||
|
cred = g_socket_get_credentials(sock, err);
|
||||||
|
if (cred) {
|
||||||
|
- pid = g_credentials_get_unix_pid(cred, err);
|
||||||
|
+ pid_uid.pid = g_credentials_get_unix_pid(cred, err);
|
||||||
|
+ pid_uid.uid = g_credentials_get_unix_user(cred, err);
|
||||||
|
g_object_unref(cred);
|
||||||
|
}
|
||||||
|
|
||||||
|
- return pid;
|
||||||
|
+ return pid_uid;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Performs single write operation,
|
||||||
|
diff --git a/src/vdagent-connection.h b/src/vdagent-connection.h
|
||||||
|
index 9d5a212..c515a79 100644
|
||||||
|
--- a/src/vdagent-connection.h
|
||||||
|
+++ b/src/vdagent-connection.h
|
||||||
|
@@ -92,10 +92,15 @@ void vdagent_connection_write(VDAgentConnection *self,
|
||||||
|
/* Synchronously write all queued messages to the output stream. */
|
||||||
|
void vdagent_connection_flush(VDAgentConnection *self);
|
||||||
|
|
||||||
|
-/* Returns the PID of the foreign process connected to the socket
|
||||||
|
- * or -1 with @err set. */
|
||||||
|
-gint vdagent_connection_get_peer_pid(VDAgentConnection *self,
|
||||||
|
- GError **err);
|
||||||
|
+typedef struct PidUid {
|
||||||
|
+ pid_t pid;
|
||||||
|
+ uid_t uid;
|
||||||
|
+} PidUid;
|
||||||
|
+
|
||||||
|
+/* Returns the PID and UID of the foreign process connected to the socket
|
||||||
|
+ * or fill @err set. */
|
||||||
|
+PidUid vdagent_connection_get_peer_pid_uid(VDAgentConnection *self,
|
||||||
|
+ GError **err);
|
||||||
|
|
||||||
|
G_END_DECLS
|
||||||
|
|
||||||
|
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
|
||||||
|
index b31941d..e98fbe5 100644
|
||||||
|
--- a/src/vdagentd/vdagentd.c
|
||||||
|
+++ b/src/vdagentd/vdagentd.c
|
||||||
|
@@ -955,16 +955,28 @@ static gboolean remove_active_xfers(gpointer key, gpointer value, gpointer conn)
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* Check a given process has a given UID */
|
||||||
|
+static bool check_uid_of_pid(pid_t pid, uid_t uid)
|
||||||
|
+{
|
||||||
|
+ char fn[128];
|
||||||
|
+ struct stat st;
|
||||||
|
+
|
||||||
|
+ snprintf(fn, sizeof(fn), "/proc/%u/status", (unsigned) pid);
|
||||||
|
+ if (stat(fn, &st) != 0 || st.st_uid != uid) {
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+ return true;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static void agent_connect(UdscsConnection *conn)
|
||||||
|
{
|
||||||
|
struct agent_data *agent_data;
|
||||||
|
agent_data = g_new0(struct agent_data, 1);
|
||||||
|
GError *err = NULL;
|
||||||
|
- gint pid;
|
||||||
|
|
||||||
|
if (session_info) {
|
||||||
|
- pid = vdagent_connection_get_peer_pid(VDAGENT_CONNECTION(conn), &err);
|
||||||
|
- if (err || pid <= 0) {
|
||||||
|
+ PidUid pid_uid = vdagent_connection_get_peer_pid_uid(VDAGENT_CONNECTION(conn), &err);
|
||||||
|
+ if (err || pid_uid.pid <= 0) {
|
||||||
|
static const char msg[] = "Could not get peer PID, disconnecting new client";
|
||||||
|
if (err) {
|
||||||
|
syslog(LOG_ERR, "%s: %s", msg, err->message);
|
||||||
|
@@ -977,7 +989,18 @@ static void agent_connect(UdscsConnection *conn)
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
- agent_data->session = session_info_session_for_pid(session_info, pid);
|
||||||
|
+ agent_data->session = session_info_session_for_pid(session_info, pid_uid.pid);
|
||||||
|
+
|
||||||
|
+ /* Check that the UID of the PID did not change, this should be done after
|
||||||
|
+ * computing the session to avoid race conditions.
|
||||||
|
+ * This can happen as vdagent_connection_get_peer_pid_uid get information
|
||||||
|
+ * from the time of creating the socket, but the process in the meantime
|
||||||
|
+ * have been replaced */
|
||||||
|
+ if (!check_uid_of_pid(pid_uid.pid, pid_uid.uid)) {
|
||||||
|
+ agent_data_destroy(agent_data);
|
||||||
|
+ udscs_server_destroy_connection(server, conn);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
g_object_set_data_full(G_OBJECT(conn), "agent_data", agent_data,
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
@ -0,0 +1,164 @@
|
|||||||
|
From dc4d1b8e3e315933c82b23b2806a9cf973e78e78 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
Date: Mon, 21 Sep 2020 07:06:09 +0100
|
||||||
|
Subject: [PATCH vd_agent_linux 14/17] Better check for sessions
|
||||||
|
|
||||||
|
Do not allow other users to hijack a session checking that
|
||||||
|
the process is launched by the owner of the session.
|
||||||
|
|
||||||
|
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
Acked-by: Uri Lublin <uril@redhat.com>
|
||||||
|
---
|
||||||
|
src/vdagentd/console-kit.c | 67 +++++++++++++++++++++++++++++++
|
||||||
|
src/vdagentd/dummy-session-info.c | 5 +++
|
||||||
|
src/vdagentd/session-info.h | 3 ++
|
||||||
|
src/vdagentd/systemd-login.c | 9 +++++
|
||||||
|
src/vdagentd/vdagentd.c | 10 ++++-
|
||||||
|
5 files changed, 93 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/vdagentd/console-kit.c b/src/vdagentd/console-kit.c
|
||||||
|
index fc630f1..09a8402 100644
|
||||||
|
--- a/src/vdagentd/console-kit.c
|
||||||
|
+++ b/src/vdagentd/console-kit.c
|
||||||
|
@@ -568,3 +568,70 @@ exit:
|
||||||
|
}
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+uid_t session_info_uid_for_session(struct session_info *info, const char *session)
|
||||||
|
+{
|
||||||
|
+ DBusError error;
|
||||||
|
+ DBusMessage *message = NULL;
|
||||||
|
+ DBusMessage *reply = NULL;
|
||||||
|
+ uint32_t uid;
|
||||||
|
+ uid_t ret = -1;
|
||||||
|
+ const char *err_msg;
|
||||||
|
+
|
||||||
|
+ g_return_val_if_fail(info != NULL, ret);
|
||||||
|
+ g_return_val_if_fail(info->connection != NULL, ret);
|
||||||
|
+ g_return_val_if_fail(info->active_session != NULL, ret);
|
||||||
|
+
|
||||||
|
+ dbus_error_init(&error);
|
||||||
|
+
|
||||||
|
+ err_msg = "(console-kit) Unable to create dbus message for GetUnixUser";
|
||||||
|
+ message = dbus_message_new_method_call(INTERFACE_CONSOLE_KIT,
|
||||||
|
+ session,
|
||||||
|
+ INTERFACE_CONSOLE_KIT_SESSION,
|
||||||
|
+ "GetUnixUser");
|
||||||
|
+ if (message == NULL) {
|
||||||
|
+ goto exit;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ err_msg = "(console-kit) GetUnixUser failed";
|
||||||
|
+ reply = dbus_connection_send_with_reply_and_block(info->connection,
|
||||||
|
+ message,
|
||||||
|
+ -1,
|
||||||
|
+ &error);
|
||||||
|
+ if (reply == NULL || dbus_error_is_set(&error)) {
|
||||||
|
+ goto exit;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ dbus_error_init(&error);
|
||||||
|
+ err_msg = "(console-kit) fail to get session-type from reply";
|
||||||
|
+ if (!dbus_message_get_args(reply,
|
||||||
|
+ &error,
|
||||||
|
+ DBUS_TYPE_UINT32, &uid,
|
||||||
|
+ DBUS_TYPE_INVALID)) {
|
||||||
|
+ goto exit;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (info->verbose) {
|
||||||
|
+ syslog(LOG_DEBUG, "(console-kit) unix user is '%u'", (unsigned) uid);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ err_msg = NULL;
|
||||||
|
+ ret = uid;
|
||||||
|
+
|
||||||
|
+exit:
|
||||||
|
+ if (err_msg) {
|
||||||
|
+ if (dbus_error_is_set(&error)) {
|
||||||
|
+ syslog(LOG_ERR, "%s: %s", err_msg, error.message);
|
||||||
|
+ dbus_error_free(&error);
|
||||||
|
+ } else {
|
||||||
|
+ syslog(LOG_ERR, "%s", err_msg);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ if (reply != NULL) {
|
||||||
|
+ dbus_message_unref(reply);
|
||||||
|
+ }
|
||||||
|
+ if (message != NULL) {
|
||||||
|
+ dbus_message_unref(message);
|
||||||
|
+ }
|
||||||
|
+ return ret;
|
||||||
|
+}
|
||||||
|
diff --git a/src/vdagentd/dummy-session-info.c b/src/vdagentd/dummy-session-info.c
|
||||||
|
index 7fd1eea..137c01a 100644
|
||||||
|
--- a/src/vdagentd/dummy-session-info.c
|
||||||
|
+++ b/src/vdagentd/dummy-session-info.c
|
||||||
|
@@ -55,3 +55,8 @@ gboolean session_info_session_is_locked(G_GNUC_UNUSED struct session_info *si)
|
||||||
|
{
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+uid_t session_info_uid_for_session(struct session_info *si, const char *session)
|
||||||
|
+{
|
||||||
|
+ return -1;
|
||||||
|
+}
|
||||||
|
diff --git a/src/vdagentd/session-info.h b/src/vdagentd/session-info.h
|
||||||
|
index c8edb86..96aa8d3 100644
|
||||||
|
--- a/src/vdagentd/session-info.h
|
||||||
|
+++ b/src/vdagentd/session-info.h
|
||||||
|
@@ -40,4 +40,7 @@ char *session_info_session_for_pid(struct session_info *ck, uint32_t pid);
|
||||||
|
gboolean session_info_session_is_locked(struct session_info *si);
|
||||||
|
gboolean session_info_is_user(struct session_info *si);
|
||||||
|
|
||||||
|
+/* get owner of a given session */
|
||||||
|
+uid_t session_info_uid_for_session(struct session_info *si, const char *session);
|
||||||
|
+
|
||||||
|
#endif
|
||||||
|
diff --git a/src/vdagentd/systemd-login.c b/src/vdagentd/systemd-login.c
|
||||||
|
index 0b8f3c1..0e1ff3f 100644
|
||||||
|
--- a/src/vdagentd/systemd-login.c
|
||||||
|
+++ b/src/vdagentd/systemd-login.c
|
||||||
|
@@ -392,3 +392,12 @@ gboolean session_info_is_user(struct session_info *si)
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+uid_t session_info_uid_for_session(struct session_info *si, const char *session)
|
||||||
|
+{
|
||||||
|
+ uid_t ret = -1;
|
||||||
|
+ if (sd_session_get_uid(session, &ret) < 0) {
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+ return ret;
|
||||||
|
+}
|
||||||
|
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
|
||||||
|
index e98fbe5..bb39340 100644
|
||||||
|
--- a/src/vdagentd/vdagentd.c
|
||||||
|
+++ b/src/vdagentd/vdagentd.c
|
||||||
|
@@ -991,12 +991,20 @@ static void agent_connect(UdscsConnection *conn)
|
||||||
|
|
||||||
|
agent_data->session = session_info_session_for_pid(session_info, pid_uid.pid);
|
||||||
|
|
||||||
|
+ uid_t session_uid = session_info_uid_for_session(session_info, agent_data->session);
|
||||||
|
+
|
||||||
|
/* Check that the UID of the PID did not change, this should be done after
|
||||||
|
* computing the session to avoid race conditions.
|
||||||
|
* This can happen as vdagent_connection_get_peer_pid_uid get information
|
||||||
|
* from the time of creating the socket, but the process in the meantime
|
||||||
|
* have been replaced */
|
||||||
|
- if (!check_uid_of_pid(pid_uid.pid, pid_uid.uid)) {
|
||||||
|
+ if (!check_uid_of_pid(pid_uid.pid, pid_uid.uid) ||
|
||||||
|
+ /* Check that the user launching the Agent is the same as session one
|
||||||
|
+ * or root user.
|
||||||
|
+ * This prevents session hijacks from other users. */
|
||||||
|
+ (pid_uid.uid != 0 && pid_uid.uid != session_uid)) {
|
||||||
|
+ syslog(LOG_ERR, "UID mismatch: UID=%u PID=%u suid=%u", pid_uid.uid,
|
||||||
|
+ pid_uid.pid, session_uid);
|
||||||
|
agent_data_destroy(agent_data);
|
||||||
|
udscs_server_destroy_connection(server, conn);
|
||||||
|
return;
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
@ -0,0 +1,57 @@
|
|||||||
|
From 570b15e0ea71950ff14ddc2bf667e9e361720939 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
Date: Thu, 24 Sep 2020 12:13:44 +0100
|
||||||
|
Subject: [PATCH vd_agent_linux 15/17] vdagentd: Limit number of agents per
|
||||||
|
session to 1
|
||||||
|
|
||||||
|
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
Acked-by: Uri Lublin <uril@redhat.com>
|
||||||
|
---
|
||||||
|
src/vdagentd/vdagentd.c | 24 ++++++++++++++++++++++++
|
||||||
|
1 file changed, 24 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
|
||||||
|
index bb39340..5ef547e 100644
|
||||||
|
--- a/src/vdagentd/vdagentd.c
|
||||||
|
+++ b/src/vdagentd/vdagentd.c
|
||||||
|
@@ -955,6 +955,20 @@ static gboolean remove_active_xfers(gpointer key, gpointer value, gpointer conn)
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* Check if this connection matches the passed session */
|
||||||
|
+static int connection_matches_session(UdscsConnection *conn, void *priv)
|
||||||
|
+{
|
||||||
|
+ const char *session = priv;
|
||||||
|
+ const struct agent_data *agent_data = g_object_get_data(G_OBJECT(conn), "agent_data");
|
||||||
|
+
|
||||||
|
+ if (!agent_data || !agent_data->session ||
|
||||||
|
+ strcmp(agent_data->session, session) != 0) {
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return 1;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/* Check a given process has a given UID */
|
||||||
|
static bool check_uid_of_pid(pid_t pid, uid_t uid)
|
||||||
|
{
|
||||||
|
@@ -1007,6 +1021,16 @@ static void agent_connect(UdscsConnection *conn)
|
||||||
|
udscs_server_destroy_connection(server, conn);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ // Check there are no other connection for this session
|
||||||
|
+ // Note that "conn" is not counted as "agent_data" is still not attached to it
|
||||||
|
+ if (udscs_server_for_all_clients(server, connection_matches_session,
|
||||||
|
+ agent_data->session) > 0) {
|
||||||
|
+ syslog(LOG_ERR, "An agent is already connected for this session");
|
||||||
|
+ agent_data_destroy(agent_data);
|
||||||
|
+ udscs_server_destroy_connection(server, conn);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
g_object_set_data_full(G_OBJECT(conn), "agent_data", agent_data,
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
@ -0,0 +1,27 @@
|
|||||||
|
From 1153bb8906377e155dccf730762b83f00a8d47c2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Uri Lublin <uril@redhat.com>
|
||||||
|
Date: Wed, 7 Oct 2020 19:34:57 +0300
|
||||||
|
Subject: [PATCH vd_agent_linux 16/17] cleanup active_xfers when the client
|
||||||
|
disconnects
|
||||||
|
|
||||||
|
Signed-off-by: Uri Lublin <uril@redhat.com>
|
||||||
|
Acked-by: Frediano Ziglio <fziglio@redhat.com>
|
||||||
|
---
|
||||||
|
src/vdagentd/vdagentd.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
|
||||||
|
index 5ef547e..9243cfb 100644
|
||||||
|
--- a/src/vdagentd/vdagentd.c
|
||||||
|
+++ b/src/vdagentd/vdagentd.c
|
||||||
|
@@ -168,6 +168,7 @@ static void send_capabilities(VirtioPort *vport,
|
||||||
|
|
||||||
|
static void do_client_disconnect(void)
|
||||||
|
{
|
||||||
|
+ g_hash_table_remove_all(active_xfers);
|
||||||
|
if (client_connected) {
|
||||||
|
udscs_server_write_all(server, VDAGENTD_CLIENT_DISCONNECTED, 0, 0,
|
||||||
|
NULL, 0);
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
@ -0,0 +1,33 @@
|
|||||||
|
From 12708a0fc9f3da1d1cc492bb3a49844b02e76b40 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Uri Lublin <uril@redhat.com>
|
||||||
|
Date: Sun, 11 Oct 2020 20:59:17 +0300
|
||||||
|
Subject: [PATCH vd_agent_linux 17/17] vdagentd: do not allow to use an already
|
||||||
|
used file-xfer id
|
||||||
|
|
||||||
|
Signed-off-by: Uri Lublin <uril@redhat.com>
|
||||||
|
Acked-by: Frediano Ziglio <fziglio@redhat.com>
|
||||||
|
---
|
||||||
|
src/vdagentd/vdagentd.c | 7 +++++++
|
||||||
|
1 file changed, 7 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/vdagentd/vdagentd.c b/src/vdagentd/vdagentd.c
|
||||||
|
index 9243cfb..279e7c3 100644
|
||||||
|
--- a/src/vdagentd/vdagentd.c
|
||||||
|
+++ b/src/vdagentd/vdagentd.c
|
||||||
|
@@ -404,6 +404,13 @@ static void do_client_file_xfer(VirtioPort *vport,
|
||||||
|
"Cancelling client file-xfer request %u",
|
||||||
|
s->id, VD_AGENT_FILE_XFER_STATUS_ERROR, (void*) &error, detail_size);
|
||||||
|
return;
|
||||||
|
+ } else if (g_hash_table_lookup(active_xfers, GUINT_TO_POINTER(s->id)) != NULL) {
|
||||||
|
+ // id is already used -- client is confused
|
||||||
|
+ send_file_xfer_status(vport,
|
||||||
|
+ "File transfer ID is already used. "
|
||||||
|
+ "Cancelling client file-xfer request %u",
|
||||||
|
+ s->id, VD_AGENT_FILE_XFER_STATUS_ERROR, NULL, 0);
|
||||||
|
+ return;
|
||||||
|
}
|
||||||
|
msg_type = VDAGENTD_FILE_XFER_START;
|
||||||
|
id = s->id;
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
@ -0,0 +1,130 @@
|
|||||||
|
From a77b09e5d77e5cf1d4fdd38d018ecf164cd01df9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
Date: Tue, 20 Oct 2020 16:38:37 +0100
|
||||||
|
Subject: [PATCH 10/10] Add a test for session_info
|
||||||
|
|
||||||
|
Test from Uri, integrated in test suite.
|
||||||
|
|
||||||
|
Signed-off-by: Uri Lublin <uril@redhat.com>
|
||||||
|
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
---
|
||||||
|
Makefile.am | 30 ++++++++++++++++++++
|
||||||
|
tests/test-session-info.c | 58 +++++++++++++++++++++++++++++++++++++++
|
||||||
|
2 files changed, 88 insertions(+)
|
||||||
|
create mode 100644 tests/test-session-info.c
|
||||||
|
|
||||||
|
diff --git a/Makefile.am b/Makefile.am
|
||||||
|
index 575ba52..f4c65b4 100644
|
||||||
|
--- a/Makefile.am
|
||||||
|
+++ b/Makefile.am
|
||||||
|
@@ -109,13 +109,43 @@ src_spice_vdagentd_SOURCES = \
|
||||||
|
src/vdagentd/virtio-port.h \
|
||||||
|
$(NULL)
|
||||||
|
|
||||||
|
+tests_test_session_info_CFLAGS = \
|
||||||
|
+ $(DBUS_CFLAGS) \
|
||||||
|
+ $(LIBSYSTEMD_DAEMON_CFLAGS) \
|
||||||
|
+ $(LIBSYSTEMD_LOGIN_CFLAGS) \
|
||||||
|
+ $(SPICE_CFLAGS) \
|
||||||
|
+ $(GIO2_CFLAGS) \
|
||||||
|
+ -I$(srcdir)/src \
|
||||||
|
+ -I$(srcdir)/src/vdagentd \
|
||||||
|
+ -DUDSCS_NO_SERVER \
|
||||||
|
+ $(NULL)
|
||||||
|
+
|
||||||
|
+tests_test_session_info_LDADD = \
|
||||||
|
+ $(DBUS_LIBS) \
|
||||||
|
+ $(LIBSYSTEMD_DAEMON_LIBS) \
|
||||||
|
+ $(LIBSYSTEMD_LOGIN_LIBS) \
|
||||||
|
+ $(SPICE_LIBS) \
|
||||||
|
+ $(GIO2_LIBS) \
|
||||||
|
+ $(NULL)
|
||||||
|
+
|
||||||
|
+tests_test_session_info_SOURCES = \
|
||||||
|
+ $(common_sources) \
|
||||||
|
+ src/vdagentd/session-info.h \
|
||||||
|
+ tests/test-session-info.c \
|
||||||
|
+ $(NULL)
|
||||||
|
+
|
||||||
|
+check_PROGRAMS += tests/test-session-info
|
||||||
|
+
|
||||||
|
if HAVE_CONSOLE_KIT
|
||||||
|
src_spice_vdagentd_SOURCES += src/vdagentd/console-kit.c
|
||||||
|
+tests_test_session_info_SOURCES += src/vdagentd/console-kit.c
|
||||||
|
else
|
||||||
|
if HAVE_LIBSYSTEMD_LOGIN
|
||||||
|
src_spice_vdagentd_SOURCES += src/vdagentd/systemd-login.c
|
||||||
|
+tests_test_session_info_SOURCES += src/vdagentd/systemd-login.c
|
||||||
|
else
|
||||||
|
src_spice_vdagentd_SOURCES += src/vdagentd/dummy-session-info.c
|
||||||
|
+tests_test_session_info_SOURCES += src/vdagentd/dummy-session-info.c
|
||||||
|
endif
|
||||||
|
endif
|
||||||
|
|
||||||
|
diff --git a/tests/test-session-info.c b/tests/test-session-info.c
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..dae3ec6
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/test-session-info.c
|
||||||
|
@@ -0,0 +1,58 @@
|
||||||
|
+/* test-session-info.c - test session info
|
||||||
|
+
|
||||||
|
+ Copyright 2020 Red Hat, Inc.
|
||||||
|
+
|
||||||
|
+ This program is free software: you can redistribute it and/or modify
|
||||||
|
+ it under the terms of the GNU General Public License as published by
|
||||||
|
+ the Free Software Foundation, either version 3 of the License, or
|
||||||
|
+ (at your option) any later version.
|
||||||
|
+
|
||||||
|
+ This program is distributed in the hope that it will be useful,
|
||||||
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
+ GNU General Public License for more details.
|
||||||
|
+
|
||||||
|
+ You should have received a copy of the GNU General Public License
|
||||||
|
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
+*/
|
||||||
|
+#include <config.h>
|
||||||
|
+
|
||||||
|
+#undef NDEBUG
|
||||||
|
+#include <assert.h>
|
||||||
|
+#include <stdio.h>
|
||||||
|
+#include <stdlib.h>
|
||||||
|
+#include <unistd.h>
|
||||||
|
+
|
||||||
|
+#include "session-info.h"
|
||||||
|
+
|
||||||
|
+int main(int argc, char *argv[])
|
||||||
|
+{
|
||||||
|
+ int pid, uid, ck_uid;
|
||||||
|
+
|
||||||
|
+ pid = (int)getpid();
|
||||||
|
+
|
||||||
|
+ struct session_info *session_info = session_info_create(1);
|
||||||
|
+ if (session_info == NULL) {
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ char *session = session_info_session_for_pid(session_info, pid);
|
||||||
|
+ if (session == NULL) {
|
||||||
|
+ session_info_destroy(session_info);
|
||||||
|
+ return 2;
|
||||||
|
+ }
|
||||||
|
+ ck_uid = session_info_uid_for_session(session_info, session);
|
||||||
|
+
|
||||||
|
+ free(session);
|
||||||
|
+ session_info_destroy(session_info);
|
||||||
|
+
|
||||||
|
+ uid = getuid();
|
||||||
|
+ printf("MAIN: uid is %d, ck_uid is %d\n", uid, ck_uid);
|
||||||
|
+
|
||||||
|
+ if (uid != ck_uid) {
|
||||||
|
+ fprintf(stderr, "MAIN: uid (%d) does not match console-kit uid %d\n", uid, ck_uid);
|
||||||
|
+ return 3;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
--
|
||||||
|
2.28.0
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,62 @@
|
|||||||
|
From 1aa2c06015e15f707ba9f874d5a5ea49fd450745 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Victor Toso <victortoso@redhat.com>
|
||||||
|
Date: Wed, 1 Dec 2021 20:07:22 +0100
|
||||||
|
Subject: [PATCH 20/21] vdagent: udscs: limit retry to connect to vdagentd
|
||||||
|
|
||||||
|
Related: https://bugzilla.redhat.com/show_bug.cgi?id=2005802
|
||||||
|
Related: https://bugzilla.redhat.com/show_bug.cgi?id=2028013
|
||||||
|
Signed-off-by: Victor Toso <victortoso@redhat.com>
|
||||||
|
---
|
||||||
|
src/vdagent/vdagent.c | 21 +++++++++++++++++++++
|
||||||
|
1 file changed, 21 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/vdagent/vdagent.c b/src/vdagent/vdagent.c
|
||||||
|
index fd08522..0d3945e 100644
|
||||||
|
--- a/src/vdagent/vdagent.c
|
||||||
|
+++ b/src/vdagent/vdagent.c
|
||||||
|
@@ -42,11 +42,14 @@
|
||||||
|
#include "clipboard.h"
|
||||||
|
#include "display.h"
|
||||||
|
|
||||||
|
+#define MAX_RETRY_CONNECT_SYSTEM_AGENT 60
|
||||||
|
+
|
||||||
|
typedef struct VDAgent {
|
||||||
|
VDAgentClipboards *clipboards;
|
||||||
|
VDAgentDisplay *display;
|
||||||
|
struct vdagent_file_xfers *xfers;
|
||||||
|
UdscsConnection *conn;
|
||||||
|
+ gint udscs_num_retry;
|
||||||
|
|
||||||
|
GMainLoop *loop;
|
||||||
|
} VDAgent;
|
||||||
|
@@ -378,9 +381,27 @@ static gboolean vdagent_init_async_cb(gpointer user_data)
|
||||||
|
daemon_read_complete, daemon_error_cb,
|
||||||
|
debug);
|
||||||
|
if (agent->conn == NULL) {
|
||||||
|
+ if (agent->udscs_num_retry == MAX_RETRY_CONNECT_SYSTEM_AGENT) {
|
||||||
|
+ syslog(LOG_WARNING,
|
||||||
|
+ "Failed to connect to spice-vdagentd at %s (tried %d times)",
|
||||||
|
+ vdagentd_socket, agent->udscs_num_retry);
|
||||||
|
+ goto err_init;
|
||||||
|
+ }
|
||||||
|
+ if (agent->udscs_num_retry == 0) {
|
||||||
|
+ /* Log only when it fails and at the end */
|
||||||
|
+ syslog(LOG_DEBUG,
|
||||||
|
+ "Failed to connect with spice-vdagentd. Trying again in 1s");
|
||||||
|
+ }
|
||||||
|
+ agent->udscs_num_retry++;
|
||||||
|
g_timeout_add_seconds(1, vdagent_init_async_cb, agent);
|
||||||
|
return G_SOURCE_REMOVE;
|
||||||
|
}
|
||||||
|
+ if (agent->udscs_num_retry != 0) {
|
||||||
|
+ syslog(LOG_DEBUG,
|
||||||
|
+ "Connected with spice-vdagentd after %d attempts",
|
||||||
|
+ agent->udscs_num_retry);
|
||||||
|
+ }
|
||||||
|
+ agent->udscs_num_retry = 0;
|
||||||
|
g_object_set_data(G_OBJECT(agent->conn), "agent", agent);
|
||||||
|
|
||||||
|
agent->display = vdagent_display_create(agent->conn, debug, x11_sync);
|
||||||
|
--
|
||||||
|
2.33.1
|
||||||
|
|
@ -0,0 +1,98 @@
|
|||||||
|
From 09de02fd5cb12fcda3326e243981750c5358b7b6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Victor Toso <victortoso@redhat.com>
|
||||||
|
Date: Mon, 20 Dec 2021 19:09:37 +0100
|
||||||
|
Subject: [PATCH 21/21] udscs: udscs_connect: return error to caller
|
||||||
|
|
||||||
|
This way we can have the log in one place and avoid flooding the journal.
|
||||||
|
|
||||||
|
Signed-off-by: Victor Toso <victortoso@redhat.com>
|
||||||
|
---
|
||||||
|
src/udscs.c | 10 ++++------
|
||||||
|
src/udscs.h | 5 ++++-
|
||||||
|
src/vdagent/vdagent.c | 12 +++++++++---
|
||||||
|
3 files changed, 17 insertions(+), 10 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/udscs.c b/src/udscs.c
|
||||||
|
index 3df67b3..6c50f76 100644
|
||||||
|
--- a/src/udscs.c
|
||||||
|
+++ b/src/udscs.c
|
||||||
|
@@ -107,16 +107,14 @@ static void udscs_connection_class_init(UdscsConnectionClass *klass)
|
||||||
|
UdscsConnection *udscs_connect(const char *socketname,
|
||||||
|
udscs_read_callback read_callback,
|
||||||
|
VDAgentConnErrorCb error_cb,
|
||||||
|
- int debug)
|
||||||
|
+ int debug,
|
||||||
|
+ GError **err)
|
||||||
|
{
|
||||||
|
GIOStream *io_stream;
|
||||||
|
UdscsConnection *conn;
|
||||||
|
- GError *err = NULL;
|
||||||
|
|
||||||
|
- io_stream = vdagent_socket_connect(socketname, &err);
|
||||||
|
- if (err) {
|
||||||
|
- syslog(LOG_ERR, "%s: %s", __func__, err->message);
|
||||||
|
- g_error_free(err);
|
||||||
|
+ io_stream = vdagent_socket_connect(socketname, err);
|
||||||
|
+ if (*err) {
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/src/udscs.h b/src/udscs.h
|
||||||
|
index 4f7ea36..0d4197b 100644
|
||||||
|
--- a/src/udscs.h
|
||||||
|
+++ b/src/udscs.h
|
||||||
|
@@ -53,11 +53,14 @@ typedef void (*udscs_read_callback)(UdscsConnection *conn,
|
||||||
|
*
|
||||||
|
* If debug is true then the events on this connection will be traced.
|
||||||
|
* This includes the incoming and outgoing message names.
|
||||||
|
+ *
|
||||||
|
+ * In case of failure, returns NULL and set @err with reason.
|
||||||
|
*/
|
||||||
|
UdscsConnection *udscs_connect(const char *socketname,
|
||||||
|
udscs_read_callback read_callback,
|
||||||
|
VDAgentConnErrorCb error_cb,
|
||||||
|
- int debug);
|
||||||
|
+ int debug,
|
||||||
|
+ GError **err);
|
||||||
|
|
||||||
|
/* Queue a message for delivery to the client connected through conn.
|
||||||
|
*/
|
||||||
|
diff --git a/src/vdagent/vdagent.c b/src/vdagent/vdagent.c
|
||||||
|
index 0d3945e..05d1a8f 100644
|
||||||
|
--- a/src/vdagent/vdagent.c
|
||||||
|
+++ b/src/vdagent/vdagent.c
|
||||||
|
@@ -376,22 +376,28 @@ static void vdagent_destroy(VDAgent *agent)
|
||||||
|
static gboolean vdagent_init_async_cb(gpointer user_data)
|
||||||
|
{
|
||||||
|
VDAgent *agent = user_data;
|
||||||
|
+ GError *err = NULL;
|
||||||
|
|
||||||
|
agent->conn = udscs_connect(vdagentd_socket,
|
||||||
|
- daemon_read_complete, daemon_error_cb,
|
||||||
|
- debug);
|
||||||
|
+ daemon_read_complete,
|
||||||
|
+ daemon_error_cb,
|
||||||
|
+ debug,
|
||||||
|
+ &err);
|
||||||
|
if (agent->conn == NULL) {
|
||||||
|
if (agent->udscs_num_retry == MAX_RETRY_CONNECT_SYSTEM_AGENT) {
|
||||||
|
syslog(LOG_WARNING,
|
||||||
|
"Failed to connect to spice-vdagentd at %s (tried %d times)",
|
||||||
|
vdagentd_socket, agent->udscs_num_retry);
|
||||||
|
+ g_error_free(err);
|
||||||
|
goto err_init;
|
||||||
|
}
|
||||||
|
if (agent->udscs_num_retry == 0) {
|
||||||
|
/* Log only when it fails and at the end */
|
||||||
|
syslog(LOG_DEBUG,
|
||||||
|
- "Failed to connect with spice-vdagentd. Trying again in 1s");
|
||||||
|
+ "Failed to connect with spice-vdagentd due '%s'. Trying again in 1s",
|
||||||
|
+ err->message);
|
||||||
|
}
|
||||||
|
+ g_error_free(err);
|
||||||
|
agent->udscs_num_retry++;
|
||||||
|
g_timeout_add_seconds(1, vdagent_init_async_cb, agent);
|
||||||
|
return G_SOURCE_REMOVE;
|
||||||
|
--
|
||||||
|
2.33.1
|
||||||
|
|
@ -0,0 +1,33 @@
|
|||||||
|
From 0717474feca8753bce7b8933bd10b3bab62a2f14 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
Date: Sat, 12 Feb 2022 21:12:57 +0000
|
||||||
|
Subject: [PATCH] Do not process X11 events in vdagent_x11_create
|
||||||
|
|
||||||
|
Processing events requires some more initialisation between
|
||||||
|
VDAgentDisplay and vdagent_x11.
|
||||||
|
Postpone that after initialisation.
|
||||||
|
This fix a crash on Fedora 36, see
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=2042877.
|
||||||
|
|
||||||
|
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
|
||||||
|
---
|
||||||
|
src/vdagent/x11.c | 3 ---
|
||||||
|
1 file changed, 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/vdagent/x11.c b/src/vdagent/x11.c
|
||||||
|
index 05a41d7..4af4bdc 100644
|
||||||
|
--- a/src/vdagent/x11.c
|
||||||
|
+++ b/src/vdagent/x11.c
|
||||||
|
@@ -302,9 +302,6 @@ struct vdagent_x11 *vdagent_x11_create(UdscsConnection *vdagentd,
|
||||||
|
x11->height[i] = attrib.height;
|
||||||
|
}
|
||||||
|
|
||||||
|
- /* Flush output buffers and consume any pending events */
|
||||||
|
- vdagent_x11_do_read(x11);
|
||||||
|
-
|
||||||
|
return x11;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.39.0
|
||||||
|
|
@ -0,0 +1,48 @@
|
|||||||
|
From bcbbea34d93d07d33b767f808ff3adf628b1ea0f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Victor Toso <victortoso@redhat.com>
|
||||||
|
Date: Fri, 13 Jan 2023 13:54:06 +0100
|
||||||
|
Subject: [PATCH] vdagent: Remove watch event on vdagent_display_destroy()
|
||||||
|
|
||||||
|
To avoid main loop calling it when GIOChannel for x11 was already
|
||||||
|
destroyed.
|
||||||
|
|
||||||
|
Related: https://bugzilla.redhat.com/show_bug.cgi?id=2145004
|
||||||
|
Signed-off-by: Victor Toso <victortoso@redhat.com>
|
||||||
|
---
|
||||||
|
src/vdagent/display.c | 6 ++++--
|
||||||
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/vdagent/display.c b/src/vdagent/display.c
|
||||||
|
index 790d9ad..602ab65 100644
|
||||||
|
--- a/src/vdagent/display.c
|
||||||
|
+++ b/src/vdagent/display.c
|
||||||
|
@@ -60,6 +60,7 @@ struct VDAgentDisplay {
|
||||||
|
UdscsConnection *vdagentd;
|
||||||
|
int debug;
|
||||||
|
GIOChannel *x11_channel;
|
||||||
|
+ guint io_watch_source_id;
|
||||||
|
VDAgentMutterDBus *mutter;
|
||||||
|
};
|
||||||
|
|
||||||
|
@@ -296,7 +297,8 @@ VDAgentDisplay* vdagent_display_create(UdscsConnection *vdagentd, int debug, int
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
- g_io_add_watch(display->x11_channel, G_IO_IN, x11_io_channel_cb, display);
|
||||||
|
+ display->io_watch_source_id =
|
||||||
|
+ g_io_add_watch(display->x11_channel, G_IO_IN, x11_io_channel_cb, display);
|
||||||
|
|
||||||
|
|
||||||
|
/* Since we are started at the same time as the wm,
|
||||||
|
@@ -323,7 +325,7 @@ void vdagent_display_destroy(VDAgentDisplay *display, int vdagentd_disconnected)
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
-
|
||||||
|
+ g_source_remove(display->io_watch_source_id);
|
||||||
|
g_clear_pointer(&display->x11_channel, g_io_channel_unref);
|
||||||
|
vdagent_x11_destroy(display->x11, vdagentd_disconnected);
|
||||||
|
|
||||||
|
--
|
||||||
|
2.39.0
|
||||||
|
|
Binary file not shown.
@ -0,0 +1,263 @@
|
|||||||
|
Name: spice-vdagent
|
||||||
|
Version: 0.20.0
|
||||||
|
Release: 5%{?dist}
|
||||||
|
Summary: Agent for Spice guests
|
||||||
|
Group: Applications/System
|
||||||
|
License: GPLv3+
|
||||||
|
URL: https://spice-space.org/
|
||||||
|
Source0: https://spice-space.org/download/releases/%{name}-%{version}.tar.bz2
|
||||||
|
Source1: https://spice-space.org/download/releases/%{name}-%{version}.tar.bz2.sig
|
||||||
|
Source2: victortoso-E37A484F.keyring
|
||||||
|
Patch0001: 0001-vdagentd-work-around-GLib-s-fork-issues.patch
|
||||||
|
Patch0002: 0002-vdagentd-init-static-uinput-before-fork.patch
|
||||||
|
Patch0003: 0003-systemd-login-Avoid-a-crash-on-container.patch
|
||||||
|
Patch0004: 0004-Fix-possible-compile-error-using-former-GLib2-versio.patch
|
||||||
|
Patch0005: 0005-vdagentd-Use-bool-for-agent_owns_clipboard-and-clien.patch
|
||||||
|
Patch0006: 0006-vdagentd-Automatically-release-agent_data.patch
|
||||||
|
Patch0007: 0007-vdagent-connection-Pass-err-to-g_credentials_get_uni.patch
|
||||||
|
Patch0008: 0008-vdagentd-Better-check-for-vdagent_connection_get_pee.patch
|
||||||
|
Patch0009: 0009-vdagentd-Avoid-calling-chmod.patch
|
||||||
|
Patch0010: 0010-Avoids-unchecked-file-transfer-IDs-allocation-and-us.patch
|
||||||
|
Patch0011: 0011-Avoids-uncontrolled-active_xfers-allocations.patch
|
||||||
|
Patch0012: 0012-Avoids-unlimited-agent-connections.patch
|
||||||
|
Patch0013: 0013-Avoids-user-session-hijacking.patch
|
||||||
|
Patch0014: 0014-Better-check-for-sessions.patch
|
||||||
|
Patch0015: 0015-vdagentd-Limit-number-of-agents-per-session-to-1.patch
|
||||||
|
Patch0016: 0016-cleanup-active_xfers-when-the-client-disconnects.patch
|
||||||
|
Patch0017: 0017-vdagentd-do-not-allow-to-use-an-already-used-file-xf.patch
|
||||||
|
Patch0018: 0018-Add-a-test-for-session_info.patch
|
||||||
|
Patch0019: 0019-wayland-fix-monitor-mapping-issues.patch
|
||||||
|
Patch0020: 0020-vdagent-udscs-limit-retry-to-connect-to-vdagentd.patch
|
||||||
|
Patch0021: 0021-udscs-udscs_connect-return-error-to-caller.patch
|
||||||
|
Patch0022: 0022-Do-not-process-X11-events-in-vdagent_x11_create.patch
|
||||||
|
Patch0023: 0023-vdagent-Remove-watch-event-on-vdagent_display_destro.patch
|
||||||
|
|
||||||
|
BuildRequires: git-core gnupg2
|
||||||
|
BuildRequires: systemd-devel
|
||||||
|
BuildRequires: glib2-devel >= 2.50
|
||||||
|
BuildRequires: spice-protocol >= 0.14.1
|
||||||
|
BuildRequires: libpciaccess-devel libXrandr-devel libXinerama-devel
|
||||||
|
BuildRequires: libXfixes-devel systemd desktop-file-utils libtool
|
||||||
|
BuildRequires: alsa-lib-devel dbus-devel libdrm-devel
|
||||||
|
%{?systemd_requires}
|
||||||
|
|
||||||
|
%description
|
||||||
|
Spice agent for Linux guests offering the following features:
|
||||||
|
|
||||||
|
Features:
|
||||||
|
* Client mouse mode (no need to grab mouse by client, no mouse lag)
|
||||||
|
this is handled by the daemon by feeding mouse events into the kernel
|
||||||
|
via uinput. This will only work if the active X-session is running a
|
||||||
|
spice-vdagent process so that its resolution can be determined.
|
||||||
|
* Automatic adjustment of the X-session resolution to the client resolution
|
||||||
|
* Support of copy and paste (text and images) between the active X-session
|
||||||
|
and the client
|
||||||
|
|
||||||
|
|
||||||
|
%prep
|
||||||
|
gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
|
||||||
|
%autosetup -S git_am
|
||||||
|
#autoreconf -fi
|
||||||
|
|
||||||
|
|
||||||
|
%build
|
||||||
|
%configure --with-session-info=systemd --with-init-script=systemd
|
||||||
|
make %{?_smp_mflags} V=2
|
||||||
|
|
||||||
|
|
||||||
|
%install
|
||||||
|
make install DESTDIR=$RPM_BUILD_ROOT V=2
|
||||||
|
|
||||||
|
|
||||||
|
%post
|
||||||
|
%systemd_post spice-vdagentd.service spice-vdagentd.socket
|
||||||
|
|
||||||
|
%preun
|
||||||
|
%systemd_preun spice-vdagentd.service spice-vdagentd.socket
|
||||||
|
|
||||||
|
%postun
|
||||||
|
%systemd_postun_with_restart spice-vdagentd.service spice-vdagentd.socket
|
||||||
|
|
||||||
|
|
||||||
|
%files
|
||||||
|
%doc COPYING CHANGELOG.md README.md
|
||||||
|
/usr/lib/udev/rules.d/70-spice-vdagentd.rules
|
||||||
|
%{_unitdir}/spice-vdagentd.service
|
||||||
|
%{_unitdir}/spice-vdagentd.socket
|
||||||
|
%{_prefix}/lib/tmpfiles.d/spice-vdagentd.conf
|
||||||
|
%{_bindir}/spice-vdagent
|
||||||
|
%{_sbindir}/spice-vdagentd
|
||||||
|
%{_var}/run/spice-vdagentd
|
||||||
|
%{_sysconfdir}/xdg/autostart/spice-vdagent.desktop
|
||||||
|
# For /usr/share/gdm/autostart/LoginWindow/spice-vdagent.desktop
|
||||||
|
# We own the dir too, otherwise we must Require gdm
|
||||||
|
%{_datadir}/gdm
|
||||||
|
%{_mandir}/man1/%{name}*.1*
|
||||||
|
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Mon Jan 16 2023 Victor Toso <victortoso@redhat.com> 0.20.0-5
|
||||||
|
- Fix upstream segfault on X11 events
|
||||||
|
Resolves: rhbz#2145004
|
||||||
|
|
||||||
|
* Tue Dec 21 2021 Victor Toso <victortoso@redhat.com> 0.20.0-4
|
||||||
|
- Do not flood the journal with retry messages.
|
||||||
|
Resolves: rhbz#2005802
|
||||||
|
|
||||||
|
* Wed Jan 20 2021 Julien Ropé <jrope@redhat.com> - 0.20.0-3
|
||||||
|
- Fix mouse problems in multi-monitor environments under Wayland
|
||||||
|
Resolves: rhbz#1790904 rhbz#1824610
|
||||||
|
|
||||||
|
* Mon Oct 19 2020 Frediano Ziglio <fziglio@redhat.com> 0.20.0-2
|
||||||
|
- Resolves: CVE-2020-25650, CVE-2020-25651, CVE-2020-25652, CVE-2020-25653
|
||||||
|
|
||||||
|
* Fri May 15 2020 Victor Toso <victortoso@redhat.com> 0.20.0-1
|
||||||
|
- Update to 0.20.0
|
||||||
|
- Backport fixes post-release
|
||||||
|
Resolves: rhbz#1817476
|
||||||
|
|
||||||
|
* Tue Aug 27 2019 Victor Toso <victortoso@redhat.com> 0.19.0-3
|
||||||
|
- Fix two new covscan warnings
|
||||||
|
Resolves: rhbz#1660566
|
||||||
|
|
||||||
|
* Mon Aug 19 2019 Victor Toso <victortoso@redhat.com> 0.19.0-2
|
||||||
|
- Fix some covscan warnings from latest build
|
||||||
|
Resolves: rhbz#1660566
|
||||||
|
|
||||||
|
* Mon May 20 2019 Victor Toso <victortoso@redhat.com> 0.19.0-1
|
||||||
|
- Update to 0.19.0
|
||||||
|
Resolves: rhbz#1711975
|
||||||
|
- Validate tarball with gpg
|
||||||
|
|
||||||
|
* Tue Dec 18 2018 Victor Toso <victortoso@redhat.com> 0.18.0-3
|
||||||
|
- Fix leak of unix sockets.
|
||||||
|
Resolves: rhbz#1660108
|
||||||
|
|
||||||
|
* Thu Nov 15 2018 Victor Toso <victortoso@redhat.com> 0.18.0-2
|
||||||
|
- Fix unusable mouse on xorg resolution event in wayland
|
||||||
|
Resolves: rhbz#1641723
|
||||||
|
|
||||||
|
* Tue Jun 12 2018 Victor Toso <victortoso@redhat.com> 0.18.0-1
|
||||||
|
- Update to spice-vdagent 0.18.0
|
||||||
|
|
||||||
|
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.17.0-6
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jan 25 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.17.0-5
|
||||||
|
- Fix systemd executions/requirements
|
||||||
|
|
||||||
|
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.17.0-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.17.0-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.17.0-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Nov 22 2016 Christophe Fergeau <cfergeau@redhat.com> 0.17.0-1
|
||||||
|
- Update to spice-vdagent 0.17.0
|
||||||
|
|
||||||
|
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.16.0-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Oct 05 2015 Christophe Fergeau <cfergeau@redhat.com> 0.16.0-2
|
||||||
|
- Add upstream patch fixing a memory corruption bug (double free)
|
||||||
|
Resolves: rhbz#1268666
|
||||||
|
Exit with a non-0 exit code when the virtio device cannot be opened by the
|
||||||
|
agent
|
||||||
|
|
||||||
|
* Tue Jun 30 2015 Christophe Fergeau <cfergeau@redhat.com> 0.16.0-1
|
||||||
|
- Update to 0.16.0 release
|
||||||
|
|
||||||
|
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.15.0-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Feb 21 2015 Till Maas <opensource@till.name> - 0.15.0-4
|
||||||
|
- Rebuilt for Fedora 23 Change
|
||||||
|
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
|
||||||
|
|
||||||
|
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.15.0-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.15.0-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Oct 14 2013 Alon Levy <alevy@redhat.com> - 0.15.0-1
|
||||||
|
- New upstream release 0.15.0
|
||||||
|
|
||||||
|
* Tue Sep 10 2013 Hans de Goede <hdegoede@redhat.com> - 0.14.0-5
|
||||||
|
- Silence session agent error logging when not running in a vm (rhbz#999804)
|
||||||
|
- Release guest clipboard ownership on client disconnect (rhbz#1003977)
|
||||||
|
|
||||||
|
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.14.0-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jul 3 2013 Hans de Goede <hdegoede@redhat.com> - 0.14.0-3
|
||||||
|
- Advertise clipboard line-endings for copy and paste line-ending conversion
|
||||||
|
- Build spice-vdagentd as pie + relro
|
||||||
|
|
||||||
|
* Mon May 20 2013 Hans de Goede <hdegoede@redhat.com> - 0.14.0-2
|
||||||
|
- Drop the no longer needed /etc/modules-load.d/spice-vdagentd.conf (#963201)
|
||||||
|
|
||||||
|
* Fri Apr 12 2013 Hans de Goede <hdegoede@redhat.com> - 0.14.0-1
|
||||||
|
- New upstream release 0.14.0
|
||||||
|
- Adds support for file transfers from client to guest
|
||||||
|
- Adds manpages for spice-vdagent and spice-vdagentd
|
||||||
|
|
||||||
|
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.12.1-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jan 8 2013 Hans de Goede <hdegoede@redhat.com> - 0.12.1-1
|
||||||
|
- New upstream release 0.12.1
|
||||||
|
- Fixes various issues with dynamic monitor / resolution support
|
||||||
|
|
||||||
|
* Mon Nov 12 2012 Hans de Goede <hdegoede@redhat.com> - 0.12.0-2
|
||||||
|
- Fix setting of mode on non arbitrary resolution capable X driver
|
||||||
|
- Fix wrong mouse coordinates on vms with multiple qxl devices
|
||||||
|
|
||||||
|
* Sat Sep 1 2012 Hans de Goede <hdegoede@redhat.com> - 0.12.0-1
|
||||||
|
- New upstream release 0.12.0
|
||||||
|
- This moves the tmpfiles.d to /usr/lib/tmpfiles.d (rhbz#840194)
|
||||||
|
- This adds a systemd .service file (rhbz#848102)
|
||||||
|
|
||||||
|
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.10.1-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Mar 27 2012 Hans de Goede <hdegoede@redhat.com> - 0.10.1-1
|
||||||
|
- New upstream release 0.10.1
|
||||||
|
|
||||||
|
* Thu Mar 22 2012 Hans de Goede <hdegoede@redhat.com> - 0.10.0-1
|
||||||
|
- New upstream release 0.10.0
|
||||||
|
- This supports using systemd-logind instead of console-kit (rhbz#756398)
|
||||||
|
|
||||||
|
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.1-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Jul 18 2011 Hans de Goede <hdegoede@redhat.com> 0.8.1-1
|
||||||
|
- New upstream release 0.8.1
|
||||||
|
|
||||||
|
* Fri Jul 15 2011 Hans de Goede <hdegoede@redhat.com> 0.8.0-2
|
||||||
|
- Make the per session agent process automatically reconnect to the system
|
||||||
|
spice-vdagentd when the system daemon gets restarted
|
||||||
|
|
||||||
|
* Tue Apr 19 2011 Hans de Goede <hdegoede@redhat.com> 0.8.0-1
|
||||||
|
- New upstream release 0.8.0
|
||||||
|
|
||||||
|
* Mon Mar 07 2011 Hans de Goede <hdegoede@redhat.com> 0.6.3-6
|
||||||
|
- Fix setting of the guest resolution from a multi monitor client
|
||||||
|
|
||||||
|
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.3-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Jan 10 2011 Hans de Goede <hdegoede@redhat.com> 0.6.3-4
|
||||||
|
- Make sysvinit script exit cleanly when not running on a spice enabled vm
|
||||||
|
|
||||||
|
* Fri Nov 19 2010 Hans de Goede <hdegoede@redhat.com> 0.6.3-3
|
||||||
|
- Put the pid and log files into their own subdir (#648553)
|
||||||
|
|
||||||
|
* Mon Nov 8 2010 Hans de Goede <hdegoede@redhat.com> 0.6.3-2
|
||||||
|
- Fix broken multiline description in initscript lsb header (#648549)
|
||||||
|
|
||||||
|
* Sat Oct 30 2010 Hans de Goede <hdegoede@redhat.com> 0.6.3-1
|
||||||
|
- Initial Fedora package
|
Loading…
Reference in new issue