GNU bug report logs - #71969
[PATCH] Support interactive D-Bus authentication

Previous Next

Full log

Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Michael Albinus <michael.albinus <at> gmx.de>
To: Steven Allen via "Bug reports for GNU Emacs, the Swiss army knife of
 text editors" <bug-gnu-emacs <at> gnu.org>
Cc: 71969 <at> debbugs.gnu.org, Steven Allen <steven <at> stebalien.com>
Subject: Re: bug#71969: [PATCH] Support interactive D-Bus authentication
Date: Sat, 06 Jul 2024 13:54:49 +0200

Steven Allen via "Bug reports for GNU Emacs, the Swiss army knife of
text editors" <bug-gnu-emacs <at> gnu.org> writes:

Hi Steven,

> When invoking D-Bus methods, let the user enable interactive
> authorization by passing an :authenticate t parameter.  This makes it
> possible to D-Bus methods that require polkit authorization.

Thanks for the patch, it looks interesting. Since I've never used D-Bus
interactive authentication, could you pls provide an example that I
could see it in action? I'm running Fedora 40, if that matters.

Bonus point, if you could add a test to dbus-tests.el.

> Alternatively, we could allow interactive authorization unconditionally,
> but I'd prefer to leave it up to the caller.

Agreed.

> From fa996a3363e9bcefb547c2a587d55b279d44c5dd Mon Sep 17 00:00:00 2001
> From: Steven Allen <steven <at> stebalien.com>
> Date: Thu, 4 Jul 2024 20:45:07 +0200
> Subject: [PATCH] Support interactive D-Bus authentication
>
> When invoking D-Bus methods, let the user enable interactive
> authorization by passing an :authenticate t parameter.  This makes it
> possible to D-Bus methods that require polkit authorization.

Do you mean authorization or authentication? I guess authorization. Pls
change all places consistently.

> +++ b/src/dbusbind.c
> @@ -1512,12 +1512,23 @@ DEFUN ("dbus-message-internal", Fdbus_message_internal, Sdbus_message_internal,
>  	XD_SIGNAL1 (build_string ("Unable to create an error message"));
>      }
>
> -  /* Check for timeout parameter.  */
> -  if ((count + 2 <= nargs) && EQ (args[count], QCtimeout))
> +  while ((count + 2 <= nargs))
>      {
> -      CHECK_FIXNAT (args[count+1]);
> -      timeout = min (XFIXNAT (args[count+1]), INT_MAX);
> -      count = count+2;
> +      /* Check for timeout parameter.  */
> +      if (EQ (args[count], QCtimeout))
> +        {
> +          CHECK_FIXNAT (args[count+1]);
> +          timeout = min (XFIXNAT (args[count+1]), INT_MAX);
> +          count = count+2;
> +	}
> +      /* Check for authenticate parameter.  */
> +      else if (EQ (args[count], QCauthenticate))
> +        {
> +	  dbus_message_set_allow_interactive_authorization
> +	  (dmessage, NILP (args[count+1]) ? FALSE : TRUE);
> +          count = count+2;
> +	}
> +      else break;

I guess, we shall check only in case the message type is
DBUS_MESSAGE_TYPE_METHOD_CALL. Otherwise, if there is a :timeout or
:authorize keyword, we shall raise an error.

Furthermore, does exist dbus_message_set_allow_interactive_authorization
"since ever"? Or shall we check for the existence in configure.ac, like
we do it with other dbus_* functions?

Best regards, Michael.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.