about using privileged (KAuth) helpers: system dbus daemon on OS X?
René J.V. Bertin
rjvbertin at gmail.com
Tue Sep 20 16:01:05 UTC 2016
On Monday September 19 2016 14:44:09 Thiago Macieira wrote:
Below is the sequence of actions as far as I have been able to follow them, when the privileged helper service is started through dbus-daemon-helper-tool. I hope this is detailed enough for someone to say something about how the DBus connection sequence is supposed to play out so.
In the meantime I think I understand where the connection process aborts on OS X: in init_connections_unlocked() (called from internal_bus_get()) when there is no address for neither DBUS_BUS_STARTER nor for DBUS_BUS_SESSION. This is considered an error by internal_bus_get() even if it is asked to get the DBUS_BUS_SYSTEM.
Would this be an acceptable modification to internal_bus_get()?
+ #ifdef DBUS_ENABLE_LAUNCHD
+ // on Mac we will typically not have all 3 bus addresses; as long
+ // as we have the requested one we should be fine.
+ if (!init_connections_unlocked () && bus_connection_addresses[type] == NULL)
+ #else
if (!init_connections_unlocked ())
+ #endif
{
_DBUS_SET_OOM (error);
goto out;
}
>On segunda-feira, 19 de setembro de 2016 23:31:28 PDT René J.V. Bertin wrote:
>> I can only suggest you look at the KAuth code (without expecting you to, of
>I'm not going to read its source, sorry.
1- the service exec's main hands over control to KAuth::HelperSupport::helperMain() which creates a QCoreApplication(argc,argv) instance and then calls KAuth::BackendsManager::helperProxy()->initHelper(QString(<service ID>))
2- KAuth::BackendsManager::helperProxy() returns a KAuth::DBusHelperProxy instance; its ctor initialises a member variable m_busConnection=QDBusConnection::systemBus() . So the service exec is indeed supposed to connect to the system dbus, explicitly.
3- KAuth::BackendsManager::helperProxy()->initHelper() creates a new Kf5authAdaptor() which inherits QDBusAbstractAdaptor and sets autoRelaySignals=true .
4- KAuth::BackendsManager::helperProxy()->initHelper() calls m_busConnection.registerService() with the service ID.
Am I right that qdbus and qdbusViewer also use QDBusConnection::systemBus() to connect to the system bus? I've traced the flow down from that function to a call q_dbus_bus_get_private(DBUS_BUS_SYSTEM, error) which led me into init_connections_unlocked() as described above.
The Kf5AuthAdaptor class is generated with qdbusxml2cpp from a file containing the following:
<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
<node>
<interface name="org.kde.kf5auth">
<method name="performAction" >
<arg name="action" type="s" direction="in" />
<arg name="callerID" type="ay" direction="in" />
<arg name="arguments" type="ay" direction="in" />
<arg name="r" type="ay" direction="out" />
</method>
<method name="authorizeAction" >
<arg name="action" type="s" direction="in" />
<arg name="callerID" type="ay" direction="in" />
<arg name="r" type="u" direction="out" />
</method>
<method name="stopAction" >
<arg name="action" type="s" direction="in" />
<annotation name="org.freedesktop.DBus.Method.NoReply" value="true"/>
</method>
<signal name="remoteSignal" >
<arg name="type" type="i" />
<arg name="action" type="s" />
<arg name="blob" type="ay" />
</signal>
</interface>
</node>
If and when justified (= as more than a programming exercise) I might implement a KAuth::MacHelperProxy to replace KAuth::DBusHelperProxy on Mac. What makes this more than a trivial matter is the fact that the class implements a whole IPC protocol based on signals/slots which includes calling slots with service-specific names with service-specific argument lists.
R.
More information about the dbus
mailing list