[gnome-software] snap: Use snapd-glib to perform snapd login. This fixes non-root access being removed in snapd.
- From: Robert Ancell <rancell src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-software] snap: Use snapd-glib to perform snapd login. This fixes non-root access being removed in snapd.
- Date: Mon, 12 Sep 2016 08:13:52 +0000 (UTC)
commit 4b8f554c19025dad981f94fd1e0e663db3c8b3ef
Author: Robert Ancell <robert ancell canonical com>
Date: Mon Sep 12 20:13:34 2016 +1200
snap: Use snapd-glib to perform snapd login. This fixes non-root access being removed in snapd.
configure.ac | 23 ++++++++++
src/plugins/Makefile.am | 2 +
src/plugins/gs-plugin-snap.c | 50 ++++++++++------------
src/plugins/gs-snapd.c | 93 ------------------------------------------
src/plugins/gs-snapd.h | 7 ---
5 files changed, 48 insertions(+), 127 deletions(-)
---
diff --git a/configure.ac b/configure.ac
index 34c3d50..4e1a6e6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -396,6 +396,28 @@ GS_PLUGIN_API_VERSION=11
AC_SUBST(GS_PLUGIN_API_VERSION)
AC_DEFINE_UNQUOTED([GS_PLUGIN_API_VERSION], "$GS_PLUGIN_API_VERSION", [the plugin API version])
+# Snap
+AC_ARG_ENABLE(snap,
+ [AS_HELP_STRING([--enable-snap],
+ [enable Snap support [default=auto]])],,
+ enable_snap=maybe)
+AS_IF([test "x$enable_snap" != "xno"], [
+ PKG_CHECK_MODULES(SNAP,
+ [snapd-glib],
+ [have_snap=yes],
+ [have_snap=no])
+], [
+ have_snap=no
+])
+AS_IF([test "x$have_snap" = "xyes"], [
+ AC_DEFINE(HAVE_SNAP,1,[Build Snap support])
+], [
+ AS_IF([test "x$enable_snap" = "xyes"], [
+ AC_MSG_ERROR([Snap support requested but 'snapd-glib' was not found])
+ ])
+])
+AM_CONDITIONAL(HAVE_SNAP, test "$have_snap" != no)
+
GLIB_TESTS
dnl ---------------------------------------------------------------------------
@@ -452,4 +474,5 @@ echo "
ODRS support: ${enable_odrs}
Webapps support: ${enable_webapps}
Ubuntu Reviews support: ${enable_ubuntu_reviews}
+ Snap support: ${have_snap}
"
diff --git a/src/plugins/Makefile.am b/src/plugins/Makefile.am
index dadbe29..75d690c 100644
--- a/src/plugins/Makefile.am
+++ b/src/plugins/Makefile.am
@@ -17,6 +17,7 @@ AM_CPPFLAGS = \
$(FLATPAK_CFLAGS) \
$(RPM_CFLAGS) \
$(OAUTH_CFLAGS) \
+ $(SNAP_CFLAGS) \
-DI_KNOW_THE_GNOME_SOFTWARE_API_IS_SUBJECT_TO_CHANGE \
-DBINDIR=\"$(bindir)\" \
-DDATADIR=\"$(datadir)\" \
@@ -365,6 +366,7 @@ libgs_plugin_snap_la_SOURCES = \
gs-snapd.c
libgs_plugin_snap_la_LIBADD = \
$(GS_PLUGIN_LIBS) \
+ $(SNAP_LIBS) \
$(SOUP_LIBS) \
$(JSON_GLIB_LIBS)
libgs_plugin_snap_la_LDFLAGS = -module -avoid-version
diff --git a/src/plugins/gs-plugin-snap.c b/src/plugins/gs-plugin-snap.c
index bf9e54f..1a4ebf5 100644
--- a/src/plugins/gs-plugin-snap.c
+++ b/src/plugins/gs-plugin-snap.c
@@ -22,6 +22,7 @@
#include <config.h>
#include <json-glib/json-glib.h>
+#include <snapd-glib/snapd-glib.h>
#include <gnome-software.h>
#include "gs-snapd.h"
@@ -426,44 +427,39 @@ gs_plugin_auth_login (GsPlugin *plugin, GsAuth *auth,
GCancellable *cancellable, GError **error)
{
GsPluginData *priv = gs_plugin_get_data (plugin);
- g_autoptr(JsonObject) result = NULL;
- JsonArray *discharges;
- guint i;
- g_autoptr(GVariantBuilder) b = NULL;
+ g_autoptr(SnapdAuthData) auth_data = NULL;
g_autoptr(GVariant) macaroon_variant = NULL;
g_autofree gchar *serialized_macaroon = NULL;
+ g_autoptr(GError) local_error = NULL;
if (auth != priv->auth)
return TRUE;
- result = gs_snapd_login (gs_auth_get_username (auth), gs_auth_get_password (auth), gs_auth_get_pin
(auth), cancellable, error);
- if (result == NULL)
- return FALSE;
-
- if (!json_object_has_member (result, "macaroon")) {
- g_set_error_literal (error,
- GS_PLUGIN_ERROR,
- GS_PLUGIN_ERROR_AUTH_INVALID,
- "Login response missing macaroon");
- return FALSE;
- }
- discharges = json_object_get_array_member (result, "discharges");
- b = g_variant_builder_new (G_VARIANT_TYPE ("as"));
- for (i = 0; i < json_array_get_length (discharges); i++) {
- JsonNode *node;
- node = json_array_get_element (discharges, i);
- if (!JSON_NODE_HOLDS_VALUE (node) && json_node_get_value_type (node) != G_TYPE_STRING) {
+ auth_data = snapd_login_sync (gs_auth_get_username (auth), gs_auth_get_password (auth),
gs_auth_get_pin (auth), NULL, &local_error);
+ if (auth_data == NULL) {
+ if (g_error_matches (local_error, SNAPD_ERROR, SNAPD_ERROR_TWO_FACTOR_REQUIRED)) {
+ g_set_error_literal (error,
+ GS_PLUGIN_ERROR,
+ GS_PLUGIN_ERROR_PIN_REQUIRED,
+ local_error->message);
+ } else if (g_error_matches (local_error, SNAPD_ERROR, SNAPD_ERROR_AUTH_DATA_INVALID) ||
+ g_error_matches (local_error, SNAPD_ERROR, SNAPD_ERROR_TWO_FACTOR_INVALID)) {
g_set_error_literal (error,
GS_PLUGIN_ERROR,
GS_PLUGIN_ERROR_AUTH_INVALID,
- "Macaroon discharge contains unexpected value");
- return FALSE;
+ local_error->message);
+ } else {
+ g_set_error_literal (error,
+ GS_PLUGIN_ERROR,
+ GS_PLUGIN_ERROR_NOT_SUPPORTED,
+ local_error->message);
}
- g_variant_builder_add (b, "s", json_node_get_string (node));
+ return FALSE;
}
- macaroon_variant = g_variant_new ("(sas)",
- json_object_get_string_member (result, "macaroon"),
- b);
+
+ macaroon_variant = g_variant_new ("(s^as)",
+ snapd_auth_data_get_macaroon (auth_data),
+ snapd_auth_data_get_discharges (auth_data));
serialized_macaroon = g_variant_print (macaroon_variant, FALSE);
gs_auth_add_metadata (auth, "macaroon", serialized_macaroon);
diff --git a/src/plugins/gs-snapd.c b/src/plugins/gs-snapd.c
index 0778686..7470c5f 100644
--- a/src/plugins/gs-snapd.c
+++ b/src/plugins/gs-snapd.c
@@ -666,96 +666,3 @@ gs_snapd_get_resource (const gchar *macaroon, gchar **discharges,
return g_steal_pointer (&data);
}
-
-JsonObject *
-gs_snapd_login (const gchar *username, const gchar *password, const gchar *otp,
- GCancellable *cancellable, GError **error)
-{
- g_autoptr(JsonBuilder) builder = NULL;
- g_autoptr(JsonNode) json_root = NULL;
- g_autoptr(JsonGenerator) json_generator = NULL;
- g_autofree gchar *data = NULL;
- guint status_code;
- g_autofree gchar *reason_phrase = NULL;
- g_autofree gchar *response_type = NULL;
- g_autofree gchar *response = NULL;
- g_autoptr(JsonParser) parser = NULL;
- JsonObject *root, *result;
-
- builder = json_builder_new ();
- json_builder_begin_object (builder);
- json_builder_set_member_name (builder, "username");
- json_builder_add_string_value (builder, username);
- json_builder_set_member_name (builder, "password");
- json_builder_add_string_value (builder, password);
- if (otp != NULL) {
- json_builder_set_member_name (builder, "otp");
- json_builder_add_string_value (builder, otp);
- }
- json_builder_end_object (builder);
-
- json_root = json_builder_get_root (builder);
- json_generator = json_generator_new ();
- json_generator_set_pretty (json_generator, TRUE);
- json_generator_set_root (json_generator, json_root);
- data = json_generator_to_data (json_generator, NULL);
- if (data == NULL) {
- g_set_error_literal (error,
- GS_PLUGIN_ERROR,
- GS_PLUGIN_ERROR_INVALID_FORMAT,
- "Failed to generate JSON request");
- return NULL;
- }
-
- if (!send_request ("POST", "/v2/login", data,
- NULL, NULL,
- &status_code, &reason_phrase,
- &response_type, &response, NULL,
- cancellable, error))
- return NULL;
-
- if (status_code != SOUP_STATUS_OK) {
- const gchar *error_message, *error_kind;
-
- parser = parse_result (response, response_type, error);
- if (parser == NULL)
- return NULL;
-
- root = json_node_get_object (json_parser_get_root (parser));
- result = json_object_get_object_member (root, "result");
-
- error_message = json_object_get_string_member (result, "message");
- error_kind = json_object_has_member (result, "kind") ? json_object_get_string_member (result,
"kind") : NULL;
-
- if (g_strcmp0 (error_kind, "two-factor-required") == 0) {
- g_set_error_literal (error,
- GS_PLUGIN_ERROR,
- GS_PLUGIN_ERROR_PIN_REQUIRED,
- error_message);
- }
- else {
- g_set_error_literal (error,
- GS_PLUGIN_ERROR,
- GS_PLUGIN_ERROR_NOT_SUPPORTED,
- error_message);
- }
-
- return NULL;
- }
-
- parser = parse_result (response, response_type, error);
- if (parser == NULL)
- return NULL;
-
- root = json_node_get_object (json_parser_get_root (parser));
- result = json_object_get_object_member (root, "result");
- if (result == NULL) {
- g_set_error (error,
- GS_PLUGIN_ERROR,
- GS_PLUGIN_ERROR_INVALID_FORMAT,
- "snapd returned no result");
- return NULL;
- }
-
- return json_object_ref (result);
-}
diff --git a/src/plugins/gs-snapd.h b/src/plugins/gs-snapd.h
index b930abf..90a2c7d 100644
--- a/src/plugins/gs-snapd.h
+++ b/src/plugins/gs-snapd.h
@@ -69,11 +69,4 @@ gchar *gs_snapd_get_resource (const gchar *macaroon,
GCancellable *cancellable,
GError **error);
-JsonObject *gs_snapd_login (const gchar *username,
- const gchar *password,
- const gchar *otp,
- GCancellable *cancellable,
- GError **error);
-
-
#endif /* __GS_SNAPD_H__ */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
