GNU bug report logs - #71969
[PATCH] Support interactive D-Bus authentication

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Michael Albinus <michael.albinus <at> gmx.de>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#71969: closed ([PATCH] Support interactive D-Bus authentication)
Date: Tue, 09 Jul 2024 12:11:02 +0000

[Message part 1 (text/plain, inline)]

Your message dated Tue, 09 Jul 2024 14:10:20 +0200
with message-id <871q42936b.fsf <at> gmx.de>
and subject line Re: bug#71969: [PATCH] Support interactive D-Bus authentication
has caused the debbugs.gnu.org bug report #71969,
regarding [PATCH] Support interactive D-Bus authentication
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
71969: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=71969
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Steven Allen <steven <at> stebalien.com>
To: bug-gnu-emacs <at> gnu.org
Subject: [PATCH] Support interactive D-Bus authentication
Date: Sat, 06 Jul 2024 09:53:58 +0200

[Message part 3 (text/plain, inline)]

When invoking D-Bus methods, let the user enable interactive
authorization by passing an :authenticate t parameter.  This makes it
possible to D-Bus methods that require polkit authorization.

Alternatively, we could allow interactive authorization unconditionally,
but I'd prefer to leave it up to the caller.

[0001-Support-interactive-D-Bus-authentication.patch (text/x-patch, inline)]

From fa996a3363e9bcefb547c2a587d55b279d44c5dd Mon Sep 17 00:00:00 2001
From: Steven Allen <steven <at> stebalien.com>
Date: Thu, 4 Jul 2024 20:45:07 +0200
Subject: [PATCH] Support interactive D-Bus authentication

When invoking D-Bus methods, let the user enable interactive
authorization by passing an :authenticate t parameter.  This makes it
possible to D-Bus methods that require polkit authorization.

* src/dbusbind.c (dbus-message-internal): Allow interactive
authorization by passing :authenticate t.
* lisp/net/dbus.el (dbus-call-method-asynchronously): Document the new
parameter.
* doc/misc/dbus.texi (Synchronous Methods, Asynchronous Methods):
Document the new parameter.
---
 doc/misc/dbus.texi | 12 ++++++++++--
 etc/NEWS           |  6 ++++++
 lisp/net/dbus.el   |  8 ++++++++
 src/dbusbind.c     | 26 ++++++++++++++++++++------
 4 files changed, 44 insertions(+), 8 deletions(-)

diff --git a/doc/misc/dbus.texi b/doc/misc/dbus.texi
index e5d867acd40..9bde8cbc76b 100644
--- a/doc/misc/dbus.texi
+++ b/doc/misc/dbus.texi
@@ -1208,7 +1208,7 @@ Synchronous Methods
 be called, and a reply message returning the resulting output
 parameters from the object.
 
-@defun dbus-call-method bus service path interface method &optional :timeout timeout &rest args
+@defun dbus-call-method bus service path interface method &optional :timeout timeout :authenticate auth &rest args
 @anchor{dbus-call-method}
 This function calls @var{method} on the D-Bus @var{bus}.  @var{bus} is
 either the keyword @code{:system} or the keyword @code{:session}.
@@ -1223,6 +1223,10 @@ Synchronous Methods
 call doesn't return in time, a D-Bus error is raised (@pxref{Errors
 and Events}).
 
+If the parameter @code{:authenticate} is given and the following
+@var{auth} is non-nil, the invoked method may interactively prompt the
+user for authorization.  The default is @code{nil}.
+
 The remaining arguments @var{args} are passed to @var{method} as
 arguments.  They are converted into D-Bus types as described in
 @ref{Type Conversion}.
@@ -1302,7 +1306,7 @@ Asynchronous Methods
 @cindex method calls, asynchronous
 @cindex asynchronous method calls
 
-@defun dbus-call-method-asynchronously bus service path interface method handler &optional :timeout timeout &rest args
+@defun dbus-call-method-asynchronously bus service path interface method handler &optional :timeout timeout :authenticate auth &rest args
 This function calls @var{method} on the D-Bus @var{bus}
 asynchronously.  @var{bus} is either the keyword @code{:system} or the
 keyword @code{:session}.
@@ -1321,6 +1325,10 @@ Asynchronous Methods
 no reply message in time, a D-Bus error is raised (@pxref{Errors and
 Events}).
 
+If the parameter @code{:authenticate} is given and the following
+@var{auth} is non-nil, the invoked method may interactively prompt the
+user for authorization.  The default is @code{nil}.
+
 The remaining arguments @var{args} are passed to @var{method} as
 arguments.  They are converted into D-Bus types as described in
 @ref{Type Conversion}.
diff --git a/etc/NEWS b/etc/NEWS
index 3d2b86cfb6a..fd6e3737eb8 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -79,6 +79,12 @@ levels that SHR cycles through when calling 'shr-zoom-image'.
 
 * Lisp Changes in Emacs 31.1
 
++++
+*** Support interactive D-Bus authentication
+A new ':authenticate t' parameter has been added to 'dbus-call-method'
+and 'dbus-call-method-asynchronously' to allow the invoked D-Bus method
+to interactively authenticate the user (e.g., via polkit).
+
 
 * Changes in Emacs 31.1 on Non-Free Operating Systems
 
diff --git a/lisp/net/dbus.el b/lisp/net/dbus.el
index dd5f0e88859..749a12b5368 100644
--- a/lisp/net/dbus.el
+++ b/lisp/net/dbus.el
@@ -297,6 +297,10 @@ dbus-call-method
 method call must return.  The default value is 25,000.  If the
 method call doesn't return in time, a D-Bus error is raised.
 
+If the parameter `:authenticate' is given and the following AUTH
+is non-nil, the invoked method may interactively prompt the user
+for authorization.  The default is nil.
+
 All other arguments ARGS are passed to METHOD as arguments.  They are
 converted into D-Bus types via the following rules:
 
@@ -427,6 +431,10 @@ dbus-call-method-asynchronously
 method call must return.  The default value is 25,000.  If the
 method call doesn't return in time, a D-Bus error is raised.
 
+If the parameter `:authenticate' is given and the following AUTH
+is non-nil, the invoked method may interactively prompt the user
+for authorization.  The default is nil.
+
 All other arguments ARGS are passed to METHOD as arguments.  They are
 converted into D-Bus types via the following rules:
 
diff --git a/src/dbusbind.c b/src/dbusbind.c
index 35ce03c7911..6037112cfe7 100644
--- a/src/dbusbind.c
+++ b/src/dbusbind.c
@@ -1314,7 +1314,7 @@ DEFUN ("dbus-message-internal", Fdbus_message_internal, Sdbus_message_internal,
 `dbus-call-method', `dbus-call-method-asynchronously':
   (dbus-message-internal
     dbus-message-type-method-call BUS SERVICE PATH INTERFACE METHOD HANDLER
-    &optional :timeout TIMEOUT &rest ARGS)
+    &optional :timeout TIMEOUT :authenticate AUTH &rest ARGS)
 
 `dbus-send-signal':
   (dbus-message-internal
@@ -1512,12 +1512,23 @@ DEFUN ("dbus-message-internal", Fdbus_message_internal, Sdbus_message_internal,
 	XD_SIGNAL1 (build_string ("Unable to create an error message"));
     }
 
-  /* Check for timeout parameter.  */
-  if ((count + 2 <= nargs) && EQ (args[count], QCtimeout))
+  while ((count + 2 <= nargs))
     {
-      CHECK_FIXNAT (args[count+1]);
-      timeout = min (XFIXNAT (args[count+1]), INT_MAX);
-      count = count+2;
+      /* Check for timeout parameter.  */
+      if (EQ (args[count], QCtimeout))
+        {
+          CHECK_FIXNAT (args[count+1]);
+          timeout = min (XFIXNAT (args[count+1]), INT_MAX);
+          count = count+2;
+	}
+      /* Check for authenticate parameter.  */
+      else if (EQ (args[count], QCauthenticate))
+        {
+	  dbus_message_set_allow_interactive_authorization
+	  (dmessage, NILP (args[count+1]) ? FALSE : TRUE);
+          count = count+2;
+	}
+      else break;
     }
 
   /* Initialize parameter list of message.  */
@@ -1895,6 +1906,9 @@ syms_of_dbusbind (void)
   /* Lisp symbol for method call timeout.  */
   DEFSYM (QCtimeout, ":timeout");
 
+  /* Lisp symbol for method interactive authentication.  */
+  DEFSYM (QCauthenticate, ":authenticate");
+
   /* Lisp symbols of D-Bus types.  */
   DEFSYM (QCbyte, ":byte");
   DEFSYM (QCboolean, ":boolean");
-- 
2.45.2

[Message part 5 (message/rfc822, inline)]

From: Michael Albinus <michael.albinus <at> gmx.de>
To: Steven Allen <steven <at> stebalien.com>
Cc: Eli Zaretskii <eliz <at> gnu.org>, 71969-done <at> debbugs.gnu.org
Subject: Re: bug#71969: [PATCH] Support interactive D-Bus authentication
Date: Tue, 09 Jul 2024 14:10:20 +0200

Version: 31.1

Steven Allen <steven <at> stebalien.com> writes:

Hi Steven,

> I meant that `dbus-method-call` worked without `:authorize t` for me as
> well until I updated my system. Testing both systemd and fwupd, it
> appears that the issue was caused by upgrading to systemd 256 (available
> on Arch Linux but not Fedora 40). That is, systemd 256 requires
> `:authorize t` while fwupd does not.
>
> From what I can tell, this change was introduced in this [1] systemd PR.
> Specifically, this comment:
>
>     This also fixes a bunch of wrong uses of the "interactive" bool. The
>     bool makes no sense today as the ALLOW_INTERACTIVE_AUTHORIZATION
>     field in the D-Bus message header replaces it fully.
>
> [1]: https://github.com/systemd/systemd/pull/30565

Thanks for the explanation. I've installed systemd 256 from Fedora
rawhide on my system, and now I see the same behavior.

I've installed your patch to the Emacs master branch. Closing the bug.

Do we need to mention somewhere in the doc, that this is needed starting
with systemd 256?

Best regards, Michael.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.