Add support for passing Unix file descriptors
Needs ReviewPublic
Actions

Authored by volkov on Sep 26 2019, 4:22 PM.

Details

Reviewers

fvogt
chinmoyr
cfeck
security-team

Group Reviewers

Frameworks

Summary

Introduce UnixFileDescriptor class, which holds a copy of a file
descriptor. Actually it's a wrapper around QDBusUnixFileDescriptor
that hides the use of QtDBus from client code.

Currently arguments to/from a helper are passed as QVariantMap,
encoded as QByteArray. To support passing of file descriptors,
separate them into their own QVariantMap, and pass arguments as
QVariantList consisting of the QByteArray blob of data arguments
and the file descriptors map ({un}packedArguments() functions).

Diff Detail

Repository

R283 KAuth

Branch

master

Lint

No Linters Available

Unit

No Unit Test Coverage

Build Status

Buildable 17106
Build 17124: arc lint + arc unit

volkov created this revision.Sep 26 2019, 4:22 PM

Restricted Application added a project: Frameworks. · View Herald TranscriptSep 26 2019, 4:22 PM

Restricted Application added a subscriber: kde-frameworks-devel. · View Herald Transcript

volkov requested review of this revision.Sep 26 2019, 4:22 PM

Harbormaster completed remote builds in B17058: Diff 66905.Sep 26 2019, 4:22 PM

volkov mentioned this in D5394: KAuth integration in document saving - vol. 2.Sep 26 2019, 4:26 PM

ngraham added reviewers: fvogt, chinmoyr, cfeck, Frameworks.Sep 26 2019, 4:28 PM

volkov mentioned this in D6709: Add support for sharing file descriptor between KIO slave and KAuth helper.Sep 26 2019, 4:32 PM

Unfortunately, this breaks public API and ABI by modifying KAuth::ActionReply.

I'm not sure whether there has to be any compatibility for the DBus API, but I guess not (logging out and back in should suffice to make sure the backend used is the same).

I wonder why you made a wrapper around QDBusUnixFileDescriptor, does it not work inside a QVariant OOTB?

This revision now requires changes to proceed.Sep 26 2019, 5:00 PM

aacid added a reviewer: security-team.Sep 26 2019, 6:06 PM

DBus is an internal dependency for KAuth. With the wrapper users don't have to link with QtDBus.

fix breaking API and ABI of KAuth::ActionReply

Harbormaster completed remote builds in B17086: Diff 66946.Sep 27 2019, 1:13 PM

volkov added a dependent revision: D24259: WIP: Save file directly if possible when root privileges are required.Sep 27 2019, 1:18 PM

aacid added a subscriber: aacid.Sep 27 2019, 7:51 PM

aacid added inline comments.

src/HelperProxy.cpp
25 ↗	(On Diff #66946)	i don't think we should have dbus stuff in HelperProxy, dbus stuff should be in DBusHelperProxy, no?

volkov added a comment.Sep 27 2019, 8:13 PM

This comment was removed by volkov.

src/HelperProxy.cpp
25 ↗	(On Diff #66946)	yes, thanks

moved dbus stuff to DBusHelperProxy

Harbormaster completed remote builds in B17106: Diff 66968.Sep 27 2019, 8:15 PM

volkov edited the summary of this revision. (Show Details)Sep 27 2019, 8:17 PM

aacid added inline comments.Sep 28 2019, 6:59 AM

src/kauthunixfiledescriptor.h
33	Does this class really need to be exported and its header installed? Seems like this is implementation detail? Who would use this header?

volkov added inline comments.Sep 28 2019, 8:49 AM

src/kauthunixfiledescriptor.h
33	It's needed to mark file descriptors in QVariantMap. Usage example: ActionReply reply; QVariantMap data; auto variantFd = QVariant::fromValue(UnixFileDescriptor(saveFile.handle())); data.insert(QStringLiteral("fd"), variantFd); reply.setData(data); return reply;

Applications are supposed to do that?

Yes, UnixFileDescriptor allows to use existing methods Action::setArguments() and ActionReply::setData().

Without UnixFileDescriptor you could try to write

int fd = ...
Action action(...);
action.addArgument(QStringLiteral("fd"), fd);

but then KAuth won't be able to detect that it'a file descriptor and will pass it to a helper as int.

In D24245#539508, @volkov wrote:
Without UnixFileDescriptor you could try to write
int fd = ...
Action action(...);
action.addArgument(QStringLiteral("fd"), fd);
but then KAuth won't be able to detect that it'a file descriptor and will pass it to a helper as int.

Would it make more sense to add a new function

Action::addFileDescriptor(const QString &, int)?

This way we don't have to expose UnixFileDescriptor to the world

It will require adding the following methods:

Action::setFileDescriptors()
Action::addFileDescriptor()
Action::fileDescriptors()
ActionReply::setFileDescriptors()
ActionReply::addFileDescriptor()
ActionReply::fileDescriptors()

and

ExecuteJob::fileDescriptors()
ExecuteJob::newFileDescriptors()

with the condition that for progress data they can be used only with direct signal-slot connections,
because without UnixFileDescriptor we cannot guarantee the open state of file descriptors.
It doesn't seem better than exposing this class.

ok, fair enough.

Am i correct in understanding this breaks the wire-protocol for the dbus messages?

Are we sure that's fine?

Revision Contents
Changeset List

		Path
M		autotests/CMakeLists.txt (1 line)
M		src/CMakeLists.txt (3 lines)
M		src/HelperProxy.h (1 line)
M		src/backends/dbus/DBusHelperProxy.h (17 lines)
M		src/backends/dbus/DBusHelperProxy.cpp (187 lines)
M		src/backends/dbus/org.kde.kf5auth.xml (8 lines)
M		src/backends/fakehelper/FakeHelperProxy.h (1 line)
M		src/backends/fakehelper/FakeHelperProxy.cpp (5 lines)
M		src/kauth.h (1 line)
A	M	src/kauthunixfiledescriptor.h (57 lines)
A	M	src/kauthunixfiledescriptor.cpp (94 lines)

Diff	ID	Base	Description	Created	Lint	Unit
Base			Base
Diff 1	66905	9662bc8		Sep 26 2019, 4:22 PM	★	★
Diff 2	66946	9662bc8	fix breaking API and ABI of KAuth::ActionReply	Sep 27 2019, 1:13 PM	★	★
Diff 3	66968	9662bc8	moved dbus stuff to DBusHelperProxy	Sep 27 2019, 8:15 PM	★	★

Commit	Tree	Parents	Author	Summary	Date
88342012074b	43c4af601ede	9662bc890713	Alexander Volkov	Add support for passing Unix file descriptors (Show More…)	Sep 27 2019, 7:56 PM

	Status	Author	Revision
	Needs Review	volkov	D24259 WIP: Save file directly if possible when root privileges are required
	Needs Review	volkov	D24245 Add support for passing Unix file descriptors