diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/faudit/dbus.c | 59 | ||||
-rw-r--r-- | src/faudit/faudit.h | 1 | ||||
-rw-r--r-- | src/faudit/main.c | 5 | ||||
-rw-r--r-- | src/faudit/x11.c | 62 |
4 files changed, 110 insertions, 17 deletions
diff --git a/src/faudit/dbus.c b/src/faudit/dbus.c index 64f5d8ae4..d17d3922a 100644 --- a/src/faudit/dbus.c +++ b/src/faudit/dbus.c | |||
@@ -21,15 +21,15 @@ | |||
21 | #include <sys/socket.h> | 21 | #include <sys/socket.h> |
22 | #include <sys/un.h> | 22 | #include <sys/un.h> |
23 | 23 | ||
24 | void check_session_bus(const char *sockfile) { | 24 | // return 0 if the connection is possible |
25 | int check_unix(const char *sockfile) { | ||
25 | assert(sockfile); | 26 | assert(sockfile); |
26 | 27 | int rv = -1; | |
28 | |||
27 | // open socket | 29 | // open socket |
28 | int sock = socket(AF_UNIX, SOCK_STREAM, 0); | 30 | int sock = socket(AF_UNIX, SOCK_STREAM, 0); |
29 | if (sock == -1) { | 31 | if (sock == -1) |
30 | printf("GOOD: I cannot connect to session bus. If the application misbehaves, please log a bug with the application developer.\n"); | 32 | return rv; |
31 | return; | ||
32 | } | ||
33 | 33 | ||
34 | // connect | 34 | // connect |
35 | struct sockaddr_un remote; | 35 | struct sockaddr_un remote; |
@@ -37,35 +37,60 @@ void check_session_bus(const char *sockfile) { | |||
37 | remote.sun_family = AF_UNIX; | 37 | remote.sun_family = AF_UNIX; |
38 | strcpy(remote.sun_path, sockfile); | 38 | strcpy(remote.sun_path, sockfile); |
39 | int len = strlen(remote.sun_path) + sizeof(remote.sun_family); | 39 | int len = strlen(remote.sun_path) + sizeof(remote.sun_family); |
40 | remote.sun_path[0] = '\0'; | 40 | if (*sockfile == '@') |
41 | if (connect(sock, (struct sockaddr *)&remote, len) == -1) { | 41 | remote.sun_path[0] = '\0'; |
42 | printf("GOOD: I cannot connect to session bus. If the application misbehaves, please log a bug with the application developer.\n"); | 42 | if (connect(sock, (struct sockaddr *)&remote, len) == 0) |
43 | } | 43 | rv = 0; |
44 | else { | 44 | |
45 | printf("MAYBE: I can connect to session bus. It could be a good idea to disable it by creating a new network namespace using \"--net=none\" or \"--net=eth0\".\n"); | ||
46 | } | ||
47 | |||
48 | close(sock); | 45 | close(sock); |
46 | return rv; | ||
49 | } | 47 | } |
50 | 48 | ||
51 | void dbus_test(void) { | 49 | void dbus_test(void) { |
52 | // check the session bus | 50 | // check the session bus |
53 | char *str = getenv("DBUS_SESSION_BUS_ADDRESS"); | 51 | char *str = getenv("DBUS_SESSION_BUS_ADDRESS"); |
54 | if (str) { | 52 | if (str) { |
53 | int rv = 0; | ||
55 | char *bus = strdup(str); | 54 | char *bus = strdup(str); |
56 | if (!bus) | 55 | if (!bus) |
57 | errExit("strdup"); | 56 | errExit("strdup"); |
58 | char *sockfile = strstr(bus, "unix:abstract="); | 57 | char *sockfile; |
59 | if (sockfile) { | 58 | if ((sockfile = strstr(bus, "unix:abstract=")) != NULL) { |
60 | sockfile += 13; | 59 | sockfile += 13; |
61 | *sockfile = '@'; | 60 | *sockfile = '@'; |
62 | char *ptr = strchr(sockfile, ','); | 61 | char *ptr = strchr(sockfile, ','); |
63 | if (ptr) | 62 | if (ptr) |
64 | *ptr = '\0'; | 63 | *ptr = '\0'; |
65 | check_session_bus(sockfile); | 64 | rv = check_unix(sockfile); |
65 | *sockfile = '@'; | ||
66 | if (rv == 0) | ||
67 | printf("MAYBE: D-Bus socket %s is available\n", sockfile); | ||
68 | else if (rv == -1) | ||
69 | printf("GOOD: cannot connect to D-Bus socket %s\n", sockfile); | ||
70 | } | ||
71 | else if ((sockfile = strstr(bus, "unix:path=")) != NULL) { | ||
72 | sockfile += 10; | ||
73 | char *ptr = strchr(sockfile, ','); | ||
74 | if (ptr) | ||
75 | *ptr = '\0'; | ||
76 | rv = check_unix(sockfile); | ||
77 | if (rv == 0) | ||
78 | printf("MAYBE: D-Bus socket %s is available\n", sockfile); | ||
79 | else if (rv == -1) | ||
80 | printf("GOOD: cannot connect to D-Bus socket %s\n", sockfile); | ||
81 | } | ||
82 | else if ((sockfile = strstr(bus, "tcp:host=")) != NULL) { | ||
83 | printf("UGLY: session bus configured for TCPcommunication.\n"); | ||
84 | rv = -2; | ||
66 | } | 85 | } |
86 | else | ||
87 | printf("GOOD: cannot find a D-Bus socket\n"); | ||
88 | |||
89 | |||
67 | free(bus); | 90 | free(bus); |
68 | } | 91 | } |
92 | else | ||
93 | printf("GOOD: DBUS_SESSION_BUS_ADDRESS environment variable not configured."); | ||
69 | } | 94 | } |
70 | 95 | ||
71 | 96 | ||
diff --git a/src/faudit/faudit.h b/src/faudit/faudit.h index 93fb4b709..3fddbf1f5 100644 --- a/src/faudit/faudit.h +++ b/src/faudit/faudit.h | |||
@@ -56,6 +56,7 @@ void files_test(void); | |||
56 | void network_test(void); | 56 | void network_test(void); |
57 | 57 | ||
58 | // dbus.c | 58 | // dbus.c |
59 | int check_unix(const char *sockfile); | ||
59 | void dbus_test(void); | 60 | void dbus_test(void); |
60 | 61 | ||
61 | // dev.c | 62 | // dev.c |
diff --git a/src/faudit/main.c b/src/faudit/main.c index 6ff938d98..61005945d 100644 --- a/src/faudit/main.c +++ b/src/faudit/main.c | |||
@@ -69,10 +69,15 @@ int main(int argc, char **argv) { | |||
69 | dbus_test(); | 69 | dbus_test(); |
70 | printf("\n"); | 70 | printf("\n"); |
71 | 71 | ||
72 | // x11 test | ||
73 | x11_test(); | ||
74 | printf("\n"); | ||
75 | |||
72 | // /dev test | 76 | // /dev test |
73 | dev_test(); | 77 | dev_test(); |
74 | printf("\n"); | 78 | printf("\n"); |
75 | 79 | ||
80 | |||
76 | free(prog); | 81 | free(prog); |
77 | printf("--------------------------------------------------------------------------------\n"); | 82 | printf("--------------------------------------------------------------------------------\n"); |
78 | 83 | ||
diff --git a/src/faudit/x11.c b/src/faudit/x11.c new file mode 100644 index 000000000..e1a4bf66e --- /dev/null +++ b/src/faudit/x11.c | |||
@@ -0,0 +1,62 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014-2016 Firejail Authors | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | #include "faudit.h" | ||
21 | #include <sys/socket.h> | ||
22 | #include <dirent.h> | ||
23 | |||
24 | |||
25 | void x11_test(void) { | ||
26 | // check regular display 0 sockets | ||
27 | if (check_unix("/tmp/.X11-unix/X0") == 0) | ||
28 | printf("MAYBE: X11 socket /tmp/.X11-unix/X0 is available\n"); | ||
29 | |||
30 | if (check_unix("@/tmp/.X11-unix/X0") == 0) | ||
31 | printf("MAYBE: X11 socket @/tmp/.X11-unix/X0 is available\n"); | ||
32 | |||
33 | // check all unix sockets in /tmp/.X11-unix directory | ||
34 | DIR *dir; | ||
35 | if (!(dir = opendir("/tmp/.X11-unix"))) { | ||
36 | // sleep 2 seconds and try again | ||
37 | sleep(2); | ||
38 | if (!(dir = opendir("/tmp/.X11-unix"))) | ||
39 | ; | ||
40 | } | ||
41 | |||
42 | if (dir == NULL) | ||
43 | printf("GOOD: cannot open /tmp/.X11-unix directory\n"); | ||
44 | else { | ||
45 | struct dirent *entry; | ||
46 | while ((entry = readdir(dir)) != NULL) { | ||
47 | if (strcmp(entry->d_name, "X0") == 0) | ||
48 | continue; | ||
49 | if (strcmp(entry->d_name, ".") == 0) | ||
50 | continue; | ||
51 | if (strcmp(entry->d_name, "..") == 0) | ||
52 | continue; | ||
53 | char *name; | ||
54 | if (asprintf(&name, "/tmp/.X11-unix/%s", entry->d_name) == -1) | ||
55 | errExit("asprintf"); | ||
56 | if (check_unix(name) == 0) | ||
57 | printf("MAYBE: X11 socket %s is available\n", name); | ||
58 | free(name); | ||
59 | } | ||
60 | closedir(dir); | ||
61 | } | ||
62 | } | ||