From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Steven Allen via "Bug reports for GNU Emacs, the Swiss army knife of text editors" Newsgroups: gmane.emacs.bugs Subject: bug#71969: [PATCH] Support interactive D-Bus authentication Date: Sun, 07 Jul 2024 13:53:16 +0200 Message-ID: <874j91ifkj.fsf@stebalien.com> References: <877cdzklbd.fsf@stebalien.com> <87o77a20s6.fsf@gmx.de> <87frsm1sht.fsf@gmx.de> <86v81i36vh.fsf@gnu.org> <877cdy1r2a.fsf@gmx.de> Reply-To: Steven Allen Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="21776"; mail-complaints-to="usenet@ciao.gmane.io" Cc: 71969@debbugs.gnu.org To: Michael Albinus , Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sun Jul 07 13:54:17 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1sQQTA-0005NZ-BJ for geb-bug-gnu-emacs@m.gmane-mx.org; Sun, 07 Jul 2024 13:54:17 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sQQSu-0000j4-Dz; Sun, 07 Jul 2024 07:54:00 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sQQSs-0000ie-Rj for bug-gnu-emacs@gnu.org; Sun, 07 Jul 2024 07:53:59 -0400 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sQQSs-00031m-Je for bug-gnu-emacs@gnu.org; Sun, 07 Jul 2024 07:53:58 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sQQSv-0004v5-P0 for bug-gnu-emacs@gnu.org; Sun, 07 Jul 2024 07:54:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Steven Allen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 07 Jul 2024 11:54:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 71969 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 71969-submit@debbugs.gnu.org id=B71969.172035321218864 (code B ref 71969); Sun, 07 Jul 2024 11:54:01 +0000 Original-Received: (at 71969) by debbugs.gnu.org; 7 Jul 2024 11:53:32 +0000 Original-Received: from localhost ([127.0.0.1]:47513 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sQQSR-0004uC-HB for submit@debbugs.gnu.org; Sun, 07 Jul 2024 07:53:32 -0400 Original-Received: from fhigh6-smtp.messagingengine.com ([103.168.172.157]:49731) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sQQSO-0004tv-VB for 71969@debbugs.gnu.org; Sun, 07 Jul 2024 07:53:29 -0400 Original-Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailfhigh.nyi.internal (Postfix) with ESMTP id 882F211403AD; Sun, 7 Jul 2024 07:53:19 -0400 (EDT) Original-Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Sun, 07 Jul 2024 07:53:19 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stebalien.com; h=cc:cc:content-type:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm1; t=1720353199; x= 1720439599; bh=vTcyHPMGcFmN0yXtiIN6N5XxGPopm0p9hlKmKWm65t0=; b=q tBsXHiOWp/Kkl12hfZT5LWoPAAb9a8j5ds/LM9VEb74xnajJePOJKoNL0jQPALkx /gUPhEnmb1X9c01qpSI6WK5xYIPbZKq5JwkOyEMgzG7lsR/JP3LBfz6hmHsuix1q ONtLp6yBKirURITS24rYFbV/8TXNdBNnhSb9TaxiMW0tdpaGp9rwg9vXlgXfvDGn ypdaLQnWEElYWLISp1PK/6RL0/hQe3o0s5Dsw+F31JPCOC+3dGCF1V7R1st8u6kB VgsfR21etsfyn8b14Ht9R+Zkx70lRTnLVMxmYoBYuvrisTfuiPOotviqNaMLmPDn xlyrPCsiuLlYLCxIzUMHg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1720353199; x=1720439599; bh=vTcyHPMGcFmN0yXtiIN6N5XxGPop m0p9hlKmKWm65t0=; b=LLn1AzmJOlLiE241TY1rdYStmuXcCoOyLOFMxMAPZ6T2 bZ0+M+q1DJST0w8BvKl9ksWupFqhT2WU9e41Gs23dvzBiY335rwPOZhwJx2YzHqh 8jYGR/mn+iHT3VNgEZTPByTzLtjsO/quuJt4kEThOwcMJrBhkSlsMxNBzmIbcdGs LYyv3RgGEqa2MbH0wfM4+yr8zzNsBr2CndBcNfNbc8w9J24JZq111q1gKgGMlJcn lbuC8cnEla7ee8S4/kNa6Xm4IOMrhAaQwcYVC7FlngmsBUqvVwmku6wEFWqnb6S2 kIzmx2BA/aqaxvPR82+yVsTFW0qgC9TquVSTE4vsrQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrvdehgdegjecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefhvfevufgjfhffkfggtgesmhdtreertddttdenucfhrhhomhepufhtvghvvghn ucetlhhlvghnuceoshhtvghvvghnsehsthgvsggrlhhivghnrdgtohhmqeenucggtffrrg htthgvrhhnpeejudefvdeijeeukedttdegudegffevjeehheeiueelgfffhfelffehfeev hfdvgeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpe hsthgvvhgvnhesshhtvggsrghlihgvnhdrtghomh X-ME-Proxy: Feedback-ID: ie8a146a7:Fastmail Original-Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun, 7 Jul 2024 07:53:18 -0400 (EDT) In-Reply-To: <877cdy1r2a.fsf@gmx.de> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:288557 Archived-At: --=-=-= Content-Type: text/plain I've attached a patch that addresses the feedback so far: 1. Defines HAVE_DBUS_MESSAGE_SET_ALLOW_INTERACTIVE_AUTHORIZATION and uses it. 2. Renames :authenticate to :authorize for consistency. 3. Signals an error when either :timeout or :authorize are passed when not invoking a method. Remaining questions: 1. I'm not sure if :authorize is quite correct either. Really, the key part is that it allows /interactive/ authorization. I wonder if :interactive-authorization or :interactive might be better (although they're kind of long). 2. Am I correctly signaling the error? I just copied that code from other parts of debusbind.c. --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0001-Support-interactive-D-Bus-authorization.patch >From 14a6c82848ebc02e98ca76aa8f7465209960c227 Mon Sep 17 00:00:00 2001 From: Steven Allen Date: Thu, 4 Jul 2024 20:45:07 +0200 Subject: [PATCH] Support interactive D-Bus authorization When invoking D-Bus methods, let the user enable interactive authorization by passing an :authorize t parameter. This makes it possible to D-Bus methods that require polkit authorization. * src/dbusbind.c (dbus-message-internal): Allow interactive authorization by passing :authorize t. * lisp/net/dbus.el (dbus-call-method-asynchronously): Document the new parameter. * doc/misc/dbus.texi (Synchronous Methods, Asynchronous Methods): Document the new parameter. * configure.ac (HAVE_DBUS_MESSAGE_SET_ALLOW_INTERACTIVE_AUTHORIZATION): Set a new variable if `dbus_message_set_allow_interactive_authorization' is available. --- configure.ac | 5 ++++- doc/misc/dbus.texi | 12 ++++++++++-- etc/NEWS | 6 ++++++ lisp/net/dbus.el | 8 ++++++++ src/dbusbind.c | 37 +++++++++++++++++++++++++++++++------ 5 files changed, 59 insertions(+), 9 deletions(-) diff --git a/configure.ac b/configure.ac index 909f5786c9a..ee2ef1c60fb 100644 --- a/configure.ac +++ b/configure.ac @@ -3943,6 +3943,8 @@ AC_DEFUN dnl dbus_watch_get_unix_fd has been introduced in D-Bus 1.1.1. dnl dbus_type_is_valid and dbus_validate_* have been introduced in dnl D-Bus 1.5.12. + dnl dbus_message_set_allow_interactive_authorization was introduced + dnl in D-Bus 1.8.10. OLD_LIBS=$LIBS LIBS="$LIBS $DBUS_LIBS" AC_CHECK_FUNCS([dbus_watch_get_unix_fd \ @@ -3950,7 +3952,8 @@ AC_DEFUN dbus_validate_bus_name \ dbus_validate_path \ dbus_validate_interface \ - dbus_validate_member]) + dbus_validate_member \ + dbus_message_set_allow_interactive_authorization]) LIBS=$OLD_LIBS DBUS_OBJ=dbusbind.o fi diff --git a/doc/misc/dbus.texi b/doc/misc/dbus.texi index e5d867acd40..6c02546508a 100644 --- a/doc/misc/dbus.texi +++ b/doc/misc/dbus.texi @@ -1208,7 +1208,7 @@ Synchronous Methods be called, and a reply message returning the resulting output parameters from the object. -@defun dbus-call-method bus service path interface method &optional :timeout timeout &rest args +@defun dbus-call-method bus service path interface method &optional :timeout timeout :authorize auth &rest args @anchor{dbus-call-method} This function calls @var{method} on the D-Bus @var{bus}. @var{bus} is either the keyword @code{:system} or the keyword @code{:session}. @@ -1223,6 +1223,10 @@ Synchronous Methods call doesn't return in time, a D-Bus error is raised (@pxref{Errors and Events}). +If the parameter @code{:authorize} is given and the following +@var{auth} is non-nil, the invoked method may interactively prompt the +user for authorization. The default is @code{nil}. + The remaining arguments @var{args} are passed to @var{method} as arguments. They are converted into D-Bus types as described in @ref{Type Conversion}. @@ -1302,7 +1306,7 @@ Asynchronous Methods @cindex method calls, asynchronous @cindex asynchronous method calls -@defun dbus-call-method-asynchronously bus service path interface method handler &optional :timeout timeout &rest args +@defun dbus-call-method-asynchronously bus service path interface method handler &optional :timeout timeout :authorize auth &rest args This function calls @var{method} on the D-Bus @var{bus} asynchronously. @var{bus} is either the keyword @code{:system} or the keyword @code{:session}. @@ -1321,6 +1325,10 @@ Asynchronous Methods no reply message in time, a D-Bus error is raised (@pxref{Errors and Events}). +If the parameter @code{:authorize} is given and the following +@var{auth} is non-nil, the invoked method may interactively prompt the +user for authorization. The default is @code{nil}. + The remaining arguments @var{args} are passed to @var{method} as arguments. They are converted into D-Bus types as described in @ref{Type Conversion}. diff --git a/etc/NEWS b/etc/NEWS index 3d2b86cfb6a..d6128cc078e 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -79,6 +79,12 @@ levels that SHR cycles through when calling 'shr-zoom-image'. * Lisp Changes in Emacs 31.1 ++++ +*** Support interactive D-Bus authorization +A new ':authorization t' parameter has been added to 'dbus-call-method' +and 'dbus-call-method-asynchronously' to allow the user to interactively +authorize the invoked D-Bus method (e.g., via polkit). + * Changes in Emacs 31.1 on Non-Free Operating Systems diff --git a/lisp/net/dbus.el b/lisp/net/dbus.el index dd5f0e88859..d526423e089 100644 --- a/lisp/net/dbus.el +++ b/lisp/net/dbus.el @@ -297,6 +297,10 @@ dbus-call-method method call must return. The default value is 25,000. If the method call doesn't return in time, a D-Bus error is raised. +If the parameter `:authorize' is given and the following AUTH +is non-nil, the invoked method may interactively prompt the user +for authorization. The default is nil. + All other arguments ARGS are passed to METHOD as arguments. They are converted into D-Bus types via the following rules: @@ -427,6 +431,10 @@ dbus-call-method-asynchronously method call must return. The default value is 25,000. If the method call doesn't return in time, a D-Bus error is raised. +If the parameter `:authorize' is given and the following AUTH +is non-nil, the invoked method may interactively prompt the user +for authorization. The default is nil. + All other arguments ARGS are passed to METHOD as arguments. They are converted into D-Bus types via the following rules: diff --git a/src/dbusbind.c b/src/dbusbind.c index 35ce03c7911..827411644ec 100644 --- a/src/dbusbind.c +++ b/src/dbusbind.c @@ -1314,7 +1314,7 @@ DEFUN ("dbus-message-internal", Fdbus_message_internal, Sdbus_message_internal, `dbus-call-method', `dbus-call-method-asynchronously': (dbus-message-internal dbus-message-type-method-call BUS SERVICE PATH INTERFACE METHOD HANDLER - &optional :timeout TIMEOUT &rest ARGS) + &optional :timeout TIMEOUT :authorize AUTH &rest ARGS) `dbus-send-signal': (dbus-message-internal @@ -1512,12 +1512,34 @@ DEFUN ("dbus-message-internal", Fdbus_message_internal, Sdbus_message_internal, XD_SIGNAL1 (build_string ("Unable to create an error message")); } - /* Check for timeout parameter. */ - if ((count + 2 <= nargs) && EQ (args[count], QCtimeout)) + while ((count + 2 <= nargs)) { - CHECK_FIXNAT (args[count+1]); - timeout = min (XFIXNAT (args[count+1]), INT_MAX); - count = count+2; + /* Check for timeout parameter. */ + if (EQ (args[count], QCtimeout)) + { + if (mtype != DBUS_MESSAGE_TYPE_METHOD_CALL) + XD_SIGNAL2 (build_string (":timeout is only supported on method calls"), bus); + + CHECK_FIXNAT (args[count+1]); + timeout = min (XFIXNAT (args[count+1]), INT_MAX); + count = count+2; + } + /* Check for authorize parameter. */ + else if (EQ (args[count], QCauthorize)) + { + if (mtype != DBUS_MESSAGE_TYPE_METHOD_CALL) + XD_SIGNAL2 (build_string (":authorize is only supported on method calls"), bus); + + /* Ignore this keyword if unsupported. */ + #ifdef HAVE_DBUS_MESSAGE_SET_ALLOW_INTERACTIVE_AUTHORIZATION + dbus_message_set_allow_interactive_authorization + (dmessage, NILP (args[count+1]) ? FALSE : TRUE); + #endif + + count = count+2; + } + else break; + } /* Initialize parameter list of message. */ @@ -1895,6 +1917,9 @@ syms_of_dbusbind (void) /* Lisp symbol for method call timeout. */ DEFSYM (QCtimeout, ":timeout"); + /* Lisp symbol for method interactive authorization. */ + DEFSYM (QCauthorize, ":authorize"); + /* Lisp symbols of D-Bus types. */ DEFSYM (QCbyte, ":byte"); DEFSYM (QCboolean, ":boolean"); -- 2.45.2 --=-=-=--