@@ -77,7 +77,7 @@ impl HelperSocketClient { |
| 77 | 77 | cookie: &str, |
| 78 | 78 | prompts: &mut P, |
| 79 | 79 | ) -> Result<HelperOutcome> { |
| 80 | | - let username_line = sanitize_control_line(username); |
| 80 | + let username_label = sanitize_control_line(username); |
| 81 | 81 | let cookie_line = sanitize_control_line(cookie); |
| 82 | 82 | let mut stream = UnixStream::connect(&self.socket_path).with_context(|| { |
| 83 | 83 | format!( |
@@ -87,16 +87,17 @@ impl HelperSocketClient { |
| 87 | 87 | })?; |
| 88 | 88 | let cookie_preview: String = cookie_line.chars().take(16).collect(); |
| 89 | 89 | tracing::debug!( |
| 90 | | - username = %username_line, |
| 90 | + username = %username_label, |
| 91 | 91 | cookie_len = cookie_line.len(), |
| 92 | 92 | cookie_preview = %cookie_preview, |
| 93 | 93 | socket = %self.socket_path.display(), |
| 94 | + protocol = "socket-activated-cookie-only", |
| 94 | 95 | "Connected to polkit helper socket" |
| 95 | 96 | ); |
| 96 | | - if username_line.len() != username.len() || cookie_line.len() != cookie.len() { |
| 97 | + if username_label.len() != username.len() || cookie_line.len() != cookie.len() { |
| 97 | 98 | tracing::debug!( |
| 98 | 99 | original_username_len = username.len(), |
| 99 | | - normalized_username_len = username_line.len(), |
| 100 | + normalized_username_len = username_label.len(), |
| 100 | 101 | original_cookie_len = cookie.len(), |
| 101 | 102 | normalized_cookie_len = cookie_line.len(), |
| 102 | 103 | "Normalized helper auth control lines before send" |
@@ -107,7 +108,8 @@ impl HelperSocketClient { |
| 107 | 108 | .context("failed to clone helper socket stream")?; |
| 108 | 109 | let mut reader = BufReader::new(read_stream); |
| 109 | 110 | |
| 110 | | - write_line(&mut stream, &username_line).context("failed to send helper username")?; |
| 111 | + // socket-activated polkit helper resolves identity from peer credentials. |
| 112 | + // It expects only the cookie line from the agent protocol stream. |
| 111 | 113 | write_line(&mut stream, &cookie_line).context("failed to send helper cookie")?; |
| 112 | 114 | |
| 113 | 115 | loop { |
@@ -395,8 +397,6 @@ mod tests { |
| 395 | 397 | let read_stream = stream.try_clone().expect("clone"); |
| 396 | 398 | let mut reader = BufReader::new(read_stream); |
| 397 | 399 | |
| 398 | | - let mut username = String::new(); |
| 399 | | - reader.read_line(&mut username).expect("read username"); |
| 400 | 400 | let mut cookie = String::new(); |
| 401 | 401 | reader.read_line(&mut cookie).expect("read cookie"); |
| 402 | 402 | |
@@ -410,7 +410,6 @@ mod tests { |
| 410 | 410 | |
| 411 | 411 | { |
| 412 | 412 | let mut lines = transcript_for_thread.lock().expect("lock transcript"); |
| 413 | | - lines.push(username.trim().to_string()); |
| 414 | 413 | lines.push(cookie.trim().to_string()); |
| 415 | 414 | lines.push(secret.trim().to_string()); |
| 416 | 415 | } |
@@ -434,7 +433,7 @@ mod tests { |
| 434 | 433 | server.join().expect("server join"); |
| 435 | 434 | |
| 436 | 435 | let lines = transcript.lock().expect("lock transcript"); |
| 437 | | - assert_eq!(lines.as_slice(), ["alice", "cookie-123", "correct horse"]); |
| 436 | + assert_eq!(lines.as_slice(), ["cookie-123", "correct horse"]); |
| 438 | 437 | |
| 439 | 438 | let _ = std::fs::remove_file(&socket_path); |
| 440 | 439 | } |
@@ -449,8 +448,6 @@ mod tests { |
| 449 | 448 | let read_stream = stream.try_clone().expect("clone"); |
| 450 | 449 | let mut reader = BufReader::new(read_stream); |
| 451 | 450 | |
| 452 | | - let mut username = String::new(); |
| 453 | | - reader.read_line(&mut username).expect("read username"); |
| 454 | 451 | let mut cookie = String::new(); |
| 455 | 452 | reader.read_line(&mut cookie).expect("read cookie"); |
| 456 | 453 | |