class Gio::DebugControllerDBus

Overview

GDebugControllerDBus is an implementation of Gio::DebugController which exposes debug settings as a D-Bus object.

It is a Gio::Initable object, and will register an object at /org/gtk/Debugging on the bus given as Gio::DebugControllerDBus#connection once it’s initialized. The object will be unregistered when the last reference to the GDebugControllerDBus is dropped.

This D-Bus object can be used by remote processes to enable or disable debug output in this process. Remote processes calling org.gtk.Debugging.SetDebugEnabled() will affect the value of [property@Gio.DebugController:debug-enabled] and, by default, GLib::log_get_debug_enabled.

By default, no processes are allowed to call SetDebugEnabled() unless a Gio::DebugControllerDBus::#authorize signal handler is installed. This is because the process may be privileged, or might expose sensitive information in its debug output. You may want to restrict the ability to enable debug output to privileged users or processes.

One option is to install a D-Bus security policy which restricts access to SetDebugEnabled(), installing something like the following in $datadir/dbus-1/system.d/:

WARNING ⚠️ The following code is in xml ⚠️

<?xml version="1.0"?> <!--*-nxml-*-->
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
     "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
  <policy user="root">
    <allow send_destination="com.example.MyService" send_interface="org.gtk.Debugging"/>
  </policy>
  <policy context="default">
    <deny send_destination="com.example.MyService" send_interface="org.gtk.Debugging"/>
  </policy>
</busconfig>

This will prevent the SetDebugEnabled() method from being called by all except root. It will not prevent the DebugEnabled property from being read, as it’s accessed through the org.freedesktop.DBus.Properties interface.

Another option is to use polkit to allow or deny requests on a case-by-case basis, allowing for the possibility of dynamic authorisation. To do this, connect to the Gio::DebugControllerDBus::#authorize signal and query polkit in it:

WARNING ⚠️ The following code is in c ⚠️

  g_autoptr(GError) child_error = NULL;
  g_autoptr(GDBusConnection) connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, NULL);
  gulong debug_controller_authorize_id = 0;

  // Set up the debug controller.
  debug_controller = G_DEBUG_CONTROLLER (g_debug_controller_dbus_new (priv->connection, NULL, &child_error));
  if (debug_controller == NULL)
    {
      g_error ("Could not register debug controller on bus: %s",
               child_error->message);
    }

  debug_controller_authorize_id = g_signal_connect (debug_controller,
                                                    "authorize",
                                                    G_CALLBACK (debug_controller_authorize_cb),
                                                    self);

  static gboolean
  debug_controller_authorize_cb (GDebugControllerDBus  *debug_controller,
                                 GDBusMethodInvocation *invocation,
                                 gpointer               user_data)
  {
    g_autoptr(PolkitAuthority) authority = NULL;
    g_autoptr(PolkitSubject) subject = NULL;
    g_autoptr(PolkitAuthorizationResult) auth_result = NULL;
    g_autoptr(GError) local_error = NULL;
    GDBusMessage *message;
    GDBusMessageFlags message_flags;
    PolkitCheckAuthorizationFlags flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE;

    message = g_dbus_method_invocation_get_message (invocation);
    message_flags = g_dbus_message_get_flags (message);

    authority = polkit_authority_get_sync (NULL, &local_error);
    if (authority == NULL)
      {
        g_warning ("Failed to get polkit authority: %s", local_error->message);
        return FALSE;
      }

    if (message_flags & G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION)
      flags |= POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION;

    subject = polkit_system_bus_name_new (g_dbus_method_invocation_get_sender (invocation));

    auth_result = polkit_authority_check_authorization_sync (authority,
                                                             subject,
                                                             "com.example.MyService.set-debug-enabled",
                                                             NULL,
                                                             flags,
                                                             NULL,
                                                             &local_error);
    if (auth_result == NULL)
      {
        g_warning ("Failed to get check polkit authorization: %s", local_error->message);
        return FALSE;
      }

    return polkit_authorization_result_get_is_authorized (auth_result);
  }

Included Modules

Defined in:

lib/gi-crystal/src/auto/gio-2.0/debug_controller_d_bus.cr

Constructors

Class Method Summary

Instance Method Summary

Instance methods inherited from module Gio::Initable

init(cancellable : Gio::Cancellable | Nil) : Bool init, newv(object_type : UInt64, parameters : Enumerable(GObject::Parameter), cancellable : Gio::Cancellable | Nil) : GObject::Object newv, to_unsafe to_unsafe

Constructor methods inherited from module Gio::Initable

cast(obj : GObject::Object) : self cast

Class methods inherited from module Gio::Initable

cast?(obj : GObject::Object) : self | Nil cast?, g_type : UInt64 g_type

Instance methods inherited from module Gio::DebugController

debug_enabled : Bool debug_enabled, debug_enabled=(debug_enabled : Bool) : Nil debug_enabled=, debug_enabled? : Bool debug_enabled?, to_unsafe to_unsafe

Constructor methods inherited from module Gio::DebugController

cast(obj : GObject::Object) : self cast

Class methods inherited from module Gio::DebugController

cast?(obj : GObject::Object) : self | Nil cast?, g_type : UInt64 g_type

Instance methods inherited from class GObject::Object

==(other : self) ==, bind_property(source_property : String, target : GObject::Object, target_property : String, flags : GObject::BindingFlags) : GObject::Binding bind_property, bind_property_full(source_property : String, target : GObject::Object, target_property : String, flags : GObject::BindingFlags, transform_to : GObject::Closure, transform_from : GObject::Closure) : GObject::Binding bind_property_full, data(key : String) : Pointer(Void) | Nil data, finalize finalize, freeze_notify : Nil freeze_notify, getv(names : Enumerable(String), values : Enumerable(_)) : Nil getv, hash(hasher) hash, notify(property_name : String) : Nil notify, notify_by_pspec(pspec : GObject::ParamSpec) : Nil notify_by_pspec, notify_signal notify_signal, property(property_name : String, value : _) : Nil property, qdata(quark : UInt32) : Pointer(Void) | Nil qdata, ref_count : UInt32 ref_count, run_dispose : Nil run_dispose, set_data(key : String, data : Pointer(Void) | Nil) : Nil set_data, set_property(property_name : String, value : _) : Nil set_property, steal_data(key : String) : Pointer(Void) | Nil steal_data, steal_qdata(quark : UInt32) : Pointer(Void) | Nil steal_qdata, thaw_notify : Nil thaw_notify, to_unsafe : Pointer(Void) to_unsafe, watch_closure(closure : GObject::Closure) : Nil watch_closure

Constructor methods inherited from class GObject::Object

cast(obj : GObject::Object) : self cast, new(pointer : Pointer(Void), transfer : GICrystal::Transfer)
new new, newv(object_type : UInt64, parameters : Enumerable(GObject::Parameter)) : self newv

Class methods inherited from class GObject::Object

cast?(obj : GObject::Object) : self | Nil cast?, compat_control(what : UInt64, data : Pointer(Void) | Nil) : UInt64 compat_control, g_type : UInt64 g_type, interface_find_property(g_iface : GObject::TypeInterface, property_name : String) : GObject::ParamSpec interface_find_property, interface_list_properties(g_iface : GObject::TypeInterface) : Enumerable(GObject::ParamSpec) interface_list_properties

Macros inherited from class GObject::Object

previous_vfunc(*args) previous_vfunc, previous_vfunc!(*args) previous_vfunc!, signal(signature) signal

Constructor Detail

def self.new(connection : Gio::DBusConnection, cancellable : Gio::Cancellable | Nil) : self | Nil #

Create a new #GDebugControllerDBus and synchronously initialize it.

Initializing the object will export the debug object on connection. The object will remain registered until the last reference to the #GDebugControllerDBus is dropped.

Initialization may fail if registering the object on connection fails.


def self.new #

Initialize a new DebugControllerDBus.


def self.new(*, connection : Gio::DBusConnection | Nil = nil, debug_enabled : Bool | Nil = nil) #

Class Method Detail

def self.g_type : UInt64 #

Returns the type id (GType) registered in GLib type system.


Instance Method Detail

def ==(other : self) #
Description copied from class Reference

Returns true if this reference is the same as other. Invokes same?.


def authorize_signal #

def connection : Gio::DBusConnection | Nil #

def connection=(value : Gio::DBusConnection | Nil) : Gio::DBusConnection | Nil #

def hash(hasher) #
Description copied from class Reference

See Object#hash(hasher)


def stop : Nil #

Stop the debug controller, unregistering its object from the bus.

Any pending method calls to the object will complete successfully, but new ones will return an error. This method will block until all pending #GDebugControllerDBus::authorize signals have been handled. This is expected to not take long, as it will just be waiting for threads to join. If any #GDebugControllerDBus::authorize signal handlers are still executing in other threads, this will block until after they have returned.

This method will be called automatically when the final reference to the #GDebugControllerDBus is dropped. You may want to call it explicitly to know when the controller has been fully removed from the bus, or to break reference count cycles.

Calling this method from within a #GDebugControllerDBus::authorize signal handler will cause a deadlock and must not be done.