`c293974`

Prefer session backend then fallback helper

Authored by mfwolffe <wolffemf@dukes.jmu.edu> 2 months ago

SHA: c293974d0e065a71d94ecc2496e7d86f30c07944
Parents: ebbdce3
Tree: 57b54f7

1 changed file

Status	File	+	-
M	`garcard/src/polkit_helper.rs`	120	15

garcard/src/polkit_helper.rsmodified

          cookie: &str,
          prompts: &mut P,
      ) -> Result<HelperOutcome> {
++        let username_line = sanitize_control_line(username);
++        let cookie_line = sanitize_control_line(cookie);
          let conversation_backend = helper_conversation_backend();
          tracing::debug!(
              backend = %conversation_backend.as_str(),
              env_key = HELPER_CONVERSATION_BACKEND_ENV,
              "Selected polkit helper conversation backend"
          );
--        match conversation_backend {
++        self.authenticate_with_backend(&username_line, &cookie_line, prompts, conversation_backend)
--            HelperConversationBackend::Auto | HelperConversationBackend::HelperProtocol => {
++    }
--                self.authenticate_with_helper_protocol(username, cookie, prompts)
++
++    fn authenticate_with_backend<P: PromptProvider>(
++        &self,
++        username_line: &str,
++        cookie_line: &str,
++        prompts: &mut P,
++        backend: HelperConversationBackend,
++    ) -> Result<HelperOutcome> {
++        match backend {
++            HelperConversationBackend::HelperProtocol => {
++                self.authenticate_with_helper_protocol(username_line, cookie_line, prompts)
+             }
              HelperConversationBackend::SessionApi => {
--                self.authenticate_via_session_api(username, cookie, prompts)
++                self.authenticate_via_session_api(username_line, cookie_line, prompts)
++            }
++            HelperConversationBackend::Auto => {
++                match self.authenticate_via_session_api(username_line, cookie_line, prompts) {
++                    Ok(outcome) => return Ok(outcome),
++                    Err(err) if is_session_api_unavailable_error(&err) => {
++                        tracing::debug!(
++                            error = %err,
++                            "Session-api conversation backend unavailable; falling back to helper protocol backend"
++                        );
++                    }
++                    Err(err) => {
++                        tracing::warn!(
++                            error = %err,
++                            "Session-api conversation backend failed; falling back to helper protocol backend"
++                        );
++                    }
++                }
++                self.authenticate_with_helper_protocol(username_line, cookie_line, prompts)
+             }
+         }
+     }
      fn authenticate_with_helper_protocol<P: PromptProvider>(
          &self,
--        username: &str,
++        username_line: &str,
--        cookie: &str,
++        cookie_line: &str,
          prompts: &mut P,
      ) -> Result<HelperOutcome> {
--        let username_line = sanitize_control_line(username);
--        let cookie_line = sanitize_control_line(cookie);
          let transport = helper_transport_mode();
          tracing::debug!(
              transport = %transport.as_str(),
      fn authenticate_via_session_api<P: PromptProvider>(
          &self,
--        _username: &str,
++        username_line: &str,
--        _cookie: &str,
++        cookie_line: &str,
--        _prompts: &mut P,
++        prompts: &mut P,
      ) -> Result<HelperOutcome> {
--        anyhow::bail!("session-api helper conversation backend is not yet implemented");
++        let helper = resolve_direct_helper_path()
++            .ok_or_else(|| anyhow::Error::new(SessionApiUnavailableError))?;
++        tracing::debug!(
++            helper = %helper.display(),
++            "Using session-api conversation backend via direct helper process"
++        );
++        self.authenticate_via_helper_process_with_helper(
++            &helper,
++            username_line,
++            cookie_line,
++            prompts,
++        )
+     }
      fn authenticate_auto_transport<P: PromptProvider>(
      err.downcast_ref::<NoInitialHelperResponseError>().is_some()
+ }
++#[derive(Debug)]
++struct SessionApiUnavailableError;
++
++impl std::fmt::Display for SessionApiUnavailableError {
++    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
++        f.write_str(
++            "session-api helper conversation backend unavailable: no root setuid helper found",
++        )
++    }
++}
++
++impl std::error::Error for SessionApiUnavailableError {}
++
++fn is_session_api_unavailable_error(err: &anyhow::Error) -> bool {
++    err.downcast_ref::<SessionApiUnavailableError>().is_some()
++}
++
  fn write_line(stream: &mut impl Write, value: &str) -> Result<()> {
      stream.write_all(value.as_bytes())?;
      stream.write_all(b"\n")?;
+     }
      #[test]
--    fn session_backend_reports_not_implemented() {
++    fn session_backend_reports_unavailable_without_setuid_helper() {
          let client = HelperSocketClient::new(temp_socket_path());
          let mut prompts = FakePrompt::default();
          let err = client
              .authenticate_via_session_api("alice", "cookie-session", &mut prompts)
--            .expect_err("session backend should be unimplemented");
++            .expect_err("session backend should be unavailable");
          assert!(
              err.to_string()
--                .contains("session-api helper conversation backend is not yet implemented")
++                .contains("session-api helper conversation backend unavailable")
          );
+     }
++    #[test]
++    fn auto_backend_falls_back_to_helper_protocol_when_session_unavailable() {
++        let socket_path = temp_socket_path();
++        let listener = UnixListener::bind(&socket_path).expect("bind test socket");
++
++        let server = thread::spawn(move || {
++            let (mut stream, _) = listener.accept().expect("accept");
++            let read_stream = stream.try_clone().expect("clone");
++            let mut reader = BufReader::new(read_stream);
++
++            let mut first_line = String::new();
++            reader.read_line(&mut first_line).expect("read first line");
++            if first_line.trim() == "alice" {
++                let mut cookie = String::new();
++                reader.read_line(&mut cookie).expect("read cookie");
++            }
++
++            stream
++                .write_all(b"PAM_PROMPT_ECHO_OFF Password:\n")
++                .expect("write prompt");
++            stream.flush().expect("flush prompt");
++
++            let mut secret = String::new();
++            reader.read_line(&mut secret).expect("read secret");
++            stream.write_all(b"SUCCESS\n").expect("write success");
++            stream.flush().expect("flush success");
++        });
++
++        let client = HelperSocketClient::new(&socket_path);
++        let mut prompts = FakePrompt {
++            secret_response: PromptResponse::Submitted("correct horse".to_string()),
++            ..FakePrompt::default()
++        };
++
++        let outcome = client
++            .authenticate_with_backend(
++                "alice",
++                "cookie-auto-fallback",
++                &mut prompts,
++                HelperConversationBackend::Auto,
++            )
++            .expect("auto backend fallback should succeed");
++        assert_eq!(outcome, HelperOutcome::Authorized);
++        assert_eq!(prompts.success_count, 1);
++
++        server.join().expect("server join");
++        let _ = std::fs::remove_file(&socket_path);
++    }
++
      #[test]
      fn helper_client_drives_prompt_round_trip() {
          let socket_path = temp_socket_path();