[Telepathy] Spec for file-transfer and tubes

Mads Chr. Olesen telepathy-ml at shiyee.dk
Wed Mar 7 14:19:15 PST 2007

Hi all!

Following the discussion at #telepathy this evening, I have updated
smcv's spec proposal a little, to more or less follow the thoughts in
the wiki at http://telepathy.freedesktop.org/wiki/Tubes .

My darcs branch is at http://www.cs.aau.dk/~mchro/telepathy-spec.tubes/

Basically, there is 2 new channel types: FileTransferNegotiation and
TubeNegotiation to offer and get offered tubes and files.

4 new non-channel types:
 - IOStream for pumping raw data forth and back
 - FileTransfer for receiving a file - uses IOStream
 - Tube for handling a raw data tube (e.g. a TCP-connection or UDP) -
uses IOStream
 - DTube for handling a D-Bus connection - doesn't use IOStream

The issues I think we talked about on #telepathy was:
 - Security against other users connecting to the sockets opened by the
conn. mgr.
   - For a local unix socket this can mostly be handled with file
permissions, although this doesn't protect against malicious programs
running as the current user.
   - For local inet sockets there is three choices i can think of:
     - Use some form of AUTH, where a magic key needs to be transmitted
as the first data on the socket
       - Rules out easy porting of legacy apps, e.g. VNC.
     - Use no security
       - Easy for porting legacy apps.
     - Just thought of this one: Let the client notify the conn. mgr.
over the tube object when it is connected, that is the client does:
       1. Connect to socket
       2. conn. mgr. accepts connection
       3. client calls TubeObject.Connected
       4. Data flows
       This way if another program or user connects to the socket (the
conn. mgr. should only accept one connection) the client will not call
connected and the attacker will just have ruined the attempt, meaning
the client should try again. Better than nothing, probably...
         - How do we know when a legacy app. has connected?
LD_LIBRARY_PATH hacks maybe, looking for output on STDOUT/STDERR
indicating connection success? This needs more thinking.

 - How to advertise what tube-applications a client has
   - Pubsub (in some way i don't quite understand, Robert please
explain ;-) )
   - Service discovery
     - Advertise a <feature
var='http://telepathy.freedesktop.org/tubes/'> that can be further
queried to find out which applications the client has installed using
service discovery
     - Is good for the "I want to do something with contact X" usecase
     - Very bad for the "I want someone to play Chess with" usecase, as
it will require querying all contacts (ouch...)

 - How the conn. mgr. finds out which tube-applications are installed
    - .tube files, like we have .manager files ATM
      - Tried and tested, probably the most solid solution
    - Having tube applications register at some D-Bus path, for the
conn. mgr. to list, and later for mission control to autolaunch?
      - Maybe just crack of mine...

Comments/suggestions/flames are welcome.

Mads Chr. Olesen <telepathy-ml at shiyee.dk>

More information about the Telepathy mailing list