Finish implementation of gethostbyname

2022-09-05 23:15:29 +02:00 · 2022-09-05 23:15:29 +02:00 · 571aa90d6a
commit 571aa90d6a
parent 9978bfd783
8 changed files with 105 additions and 82 deletions
--- a/src/policy_checker/dbus.rs
+++ b/src/policy_checker/dbus.rs
@ -2,6 +2,7 @@
 // SPDX-License-Identifier: GPL-3.0-or-later

 use {
+    nix::unistd::Uid,
    serde::{Deserialize, Serialize},
    std::net::IpAddr,
    zbus::{dbus_proxy, Result},
@ -24,3 +25,36 @@ pub struct Restriction {
 }

 pub type Restrictions = Vec<Restriction>;
+
+pub async fn restrictions_for(user: Uid) -> anyhow::Result<Vec<Restriction>, anyhow::Error> {
+    #[cfg(not(feature = "integration_test"))]
+    let proxy = {
+        // This is the normal behavior
+        let connection = zbus::Connection::system().await?;
+        MalcontentDnsProxy::new(&connection).await?
+    };
+
+    #[cfg(feature = "integration_test")]
+    let proxy = {
+        // During integration testing, we want to connect to a private
+        // bus name to avoid clashes with existing system services.
+        let connection = zbus::Connection::session().await?;
+        let dbus_name = std::env::var("TEST_DBUS_SERVICE_NAME")
+            .expect("The test has not set the TEST_DBUS_SERVICE_NAME environment variable to the private bus name prior to attempting name resolution");
+        MalcontentDnsProxy::builder(&connection)
+            .destination(zbus_names::UniqueName::try_from(dbus_name).unwrap())
+            .unwrap()
+            .build()
+            .await
+            .expect("Unable to build DBus proxy object")
+    };
+
+    let restrictions = proxy.get_restrictions(user.as_raw()).await;
+    log::trace!(
+        "malcontent-nss: user {} restrictions are {:?}",
+        user,
+        &restrictions
+    );
+
+    Ok(restrictions?)
+}
--- a/src/policy_checker/mod.rs
+++ b/src/policy_checker/mod.rs
@ -4,7 +4,6 @@
 mod dbus;

 use {
-    self::dbus::*,
    anyhow::Result,
    nix::unistd::{getuid, Uid},
    once_cell::sync::Lazy,
@ -41,31 +40,7 @@ impl PolicyChecker {
            return Ok(vec![]);
        };

-        let connection = zbus::Connection::session().await?;
-
-        #[cfg(not(feature = "integration_test"))]
-        let proxy = MalcontentDnsProxy::new(&connection).await?;
-
-        #[cfg(feature = "integration_test")]
-        let proxy = {
-            let dbus_name = std::env::var("TEST_DBUS_SERVICE_NAME").map_err(|_| {
-                anyhow::anyhow!("The test hasn't set the TEST_DBUS_SERVICE_NAME environment var")
-            })?;
-            MalcontentDnsProxy::builder(&connection)
-                .destination(zbus_names::UniqueName::try_from(dbus_name).unwrap())
-                .unwrap()
-                .build()
-                .await
-                .expect("Unable to build DBus proxy object")
-        };
-
-        let restrictions = proxy.get_restrictions(user.as_raw()).await;
-        log::trace!(
-            "malcontent-nss: user {} restrictions are {:?}",
-            user,
-            &restrictions
-        );
-        Ok(restrictions?)
+        dbus::restrictions_for(user).await
    }

    pub async fn resolver(&self, user: Option<Uid>) -> Result<Option<Arc<TokioAsyncResolver>>> {