Support interactive D-Bus authorization

When invoking D-Bus methods, let the user enable interactive authorization by passing an :authorizable t parameter. This makes it possible to D-Bus methods that require polkit authorization. * configure.ac (HAVE_DBUS_MESSAGE_SET_ALLOW_INTERACTIVE_AUTHORIZATION): Set a new variable if `dbus_message_set_allow_interactive_authorization' is available. * src/dbusbind.c (dbus-message-internal): Allow interactive authorization by passing :authorizable t. * doc/misc/dbus.texi (Synchronous Methods, Asynchronous Methods): * etc/NEWS: * lisp/net/dbus.el (dbus-call-method-asynchronously): Document the new parameter.
2024-07-09 13:16:43 +02:00
parent 24cad0e2e7
commit 551a71c313
5 changed files with 63 additions and 9 deletions
--- a/configure.ac
+++ b/configure.ac
@@ -3943,6 +3943,8 @@ if test "${with_dbus}" = "yes"; then
     dnl dbus_watch_get_unix_fd has been introduced in D-Bus 1.1.1.
     dnl dbus_type_is_valid and dbus_validate_* have been introduced in
     dnl D-Bus 1.5.12.
+     dnl dbus_message_set_allow_interactive_authorization was introduced
+     dnl in D-Bus 1.8.10.
     OLD_LIBS=$LIBS
     LIBS="$LIBS $DBUS_LIBS"
     AC_CHECK_FUNCS([dbus_watch_get_unix_fd \
@@ -3950,7 +3952,8 @@ if test "${with_dbus}" = "yes"; then
 		    dbus_validate_bus_name \
                    dbus_validate_path \
 		    dbus_validate_interface \
-		    dbus_validate_member])
+		    dbus_validate_member \
+                    dbus_message_set_allow_interactive_authorization])
     LIBS=$OLD_LIBS
     DBUS_OBJ=dbusbind.o
   fi
--- a/doc/misc/dbus.texi
+++ b/doc/misc/dbus.texi
@@ -1208,7 +1208,7 @@ which carries the input parameters to the object owning the method to
 be called, and a reply message returning the resulting output
 parameters from the object.

-@defun dbus-call-method bus service path interface method &optional :timeout timeout &rest args
+@defun dbus-call-method bus service path interface method &optional :timeout timeout :authorizable auth &rest args
@anchor{dbus-call-method}
 This function calls @var{method} on the D-Bus @var{bus}.  @var{bus} is
 either the keyword @code{:system} or the keyword @code{:session}.
@@ -1223,6 +1223,10 @@ method call must return.  The default value is 25,000.  If the method
 call doesn't return in time, a D-Bus error is raised (@pxref{Errors
 and Events}).

+If the parameter @code{:authorizable} is given and the following
+@var{auth} is non-@code{nil}, the invoked method may interactively
+prompt the user for authorization.  The default is @code{nil}.
+
 The remaining arguments @var{args} are passed to @var{method} as
 arguments.  They are converted into D-Bus types as described in
@ref{Type Conversion}.
@@ -1302,7 +1306,7 @@ emulate the @code{lshal} command on GNU/Linux systems:
@cindex method calls, asynchronous
@cindex asynchronous method calls

-@defun dbus-call-method-asynchronously bus service path interface method handler &optional :timeout timeout &rest args
+@defun dbus-call-method-asynchronously bus service path interface method handler &optional :timeout timeout :authorizable auth &rest args
 This function calls @var{method} on the D-Bus @var{bus}
 asynchronously.  @var{bus} is either the keyword @code{:system} or the
 keyword @code{:session}.
@@ -1321,6 +1325,10 @@ reply message must arrive.  The default value is 25,000.  If there is
 no reply message in time, a D-Bus error is raised (@pxref{Errors and
 Events}).

+If the parameter @code{:authorizable} is given and the following
+@var{auth} is non-@code{nil}, the invoked method may interactively
+prompt the user for authorization.  The default is @code{nil}.
+
 The remaining arguments @var{args} are passed to @var{method} as
 arguments.  They are converted into D-Bus types as described in
@ref{Type Conversion}.
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -109,6 +109,12 @@ positives.

 * Lisp Changes in Emacs 31.1

+++
+*** Support interactive D-Bus authorization.
+A new ':authorizable t' parameter has been added to 'dbus-call-method'
+and 'dbus-call-method-asynchronously' to allow the user to interactively
+authorize the invoked D-Bus method (e.g., via polkit).
+

 * Changes in Emacs 31.1 on Non-Free Operating Systems

--- a/lisp/net/dbus.el
+++ b/lisp/net/dbus.el
@@ -297,6 +297,10 @@ TIMEOUT specifies the maximum number of milliseconds before the
 method call must return.  The default value is 25,000.  If the
 method call doesn't return in time, a D-Bus error is raised.

+If the parameter `:authorizable' is given and the following AUTH
+is non-nil, the invoked method may interactively prompt the user
+for authorization.  The default is nil.
+
 All other arguments ARGS are passed to METHOD as arguments.  They are
 converted into D-Bus types via the following rules:

@@ -427,6 +431,10 @@ TIMEOUT specifies the maximum number of milliseconds before the
 method call must return.  The default value is 25,000.  If the
 method call doesn't return in time, a D-Bus error is raised.

+If the parameter `:authorizable' is given and the following AUTH
+is non-nil, the invoked method may interactively prompt the user
+for authorization.  The default is nil.
+
 All other arguments ARGS are passed to METHOD as arguments.  They are
 converted into D-Bus types via the following rules:

--- a/src/dbusbind.c
+++ b/src/dbusbind.c
@@ -1314,7 +1314,7 @@ The following usages are expected:
 `dbus-call-method', `dbus-call-method-asynchronously':
  (dbus-message-internal
    dbus-message-type-method-call BUS SERVICE PATH INTERFACE METHOD HANDLER
-    &optional :timeout TIMEOUT &rest ARGS)
+    &optional :timeout TIMEOUT :authorizable AUTH &rest ARGS)

 `dbus-send-signal':
  (dbus-message-internal
@@ -1512,12 +1512,38 @@ usage: (dbus-message-internal &rest REST)  */)
 	XD_SIGNAL1 (build_string ("Unable to create an error message"));
    }

-  /* Check for timeout parameter.  */
-  if ((count + 2 <= nargs) && EQ (args[count], QCtimeout))
+  while ((count + 2 <= nargs))
    {
-      CHECK_FIXNAT (args[count+1]);
-      timeout = min (XFIXNAT (args[count+1]), INT_MAX);
-      count = count+2;
+      /* Check for timeout parameter.  */
+      if (EQ (args[count], QCtimeout))
+        {
+	  if (mtype != DBUS_MESSAGE_TYPE_METHOD_CALL)
+	    XD_SIGNAL1
+	      (build_string (":timeout is only supported on method calls"));
+
+          CHECK_FIXNAT (args[count+1]);
+          timeout = min (XFIXNAT (args[count+1]), INT_MAX);
+          count = count+2;
+	}
+      /* Check for authorizable parameter.  */
+      else if (EQ (args[count], QCauthorizable))
+        {
+	  if (mtype != DBUS_MESSAGE_TYPE_METHOD_CALL)
+	    XD_SIGNAL1
+	      (build_string (":authorizable is only supported on method calls"));
+
+	  /* Ignore this keyword if unsupported.  */
+#ifdef HAVE_DBUS_MESSAGE_SET_ALLOW_INTERACTIVE_AUTHORIZATION
+	  dbus_message_set_allow_interactive_authorization
+	    (dmessage, NILP (args[count+1]) ? FALSE : TRUE);
+#else
+	  XD_DEBUG_MESSAGE (":authorizable not supported");
+#endif
+
+          count = count+2;
+	}
+      else break;
+
    }

  /* Initialize parameter list of message.  */
@@ -1895,6 +1921,9 @@ syms_of_dbusbind (void)
  /* Lisp symbol for method call timeout.  */
  DEFSYM (QCtimeout, ":timeout");

+  /* Lisp symbol for method interactive authorization.  */
+  DEFSYM (QCauthorizable, ":authorizable");
+
  /* Lisp symbols of D-Bus types.  */
  DEFSYM (QCbyte, ":byte");
  DEFSYM (QCboolean, ":boolean");