Use unique name for dbus connection during integration testing

2022-08-25 01:00:18 +02:00 · 2022-08-25 01:00:18 +02:00 · 9978bfd783
commit 9978bfd783
parent c52195dd8b
5 changed files with 74 additions and 54 deletions
--- a/src/policy_checker/mod.rs
+++ b/src/policy_checker/mod.rs
@ -11,6 +11,7 @@ use {
    std::collections::HashMap,
    std::net::{SocketAddr, TcpStream},
    std::sync::{Arc, RwLock},
+    std::time::Duration,
    trust_dns_proto::rr::domain::Name as DomainName,
    trust_dns_resolver::config as dns_config,
    trust_dns_resolver::TokioAsyncResolver,
@ -35,14 +36,36 @@ impl PolicyChecker {
        }
    }

-    async fn restrictions<'a>(&'a self, user: Uid) -> Result<Restrictions> {
+    async fn restrictions(&self, user: Uid) -> Result<Restrictions> {
        if user.is_root() {
            return Ok(vec![]);
        };

        let connection = zbus::Connection::session().await?;
+
+        #[cfg(not(feature = "integration_test"))]
        let proxy = MalcontentDnsProxy::new(&connection).await?;
-        Ok(proxy.get_restrictions(user.as_raw()).await?)
+
+        #[cfg(feature = "integration_test")]
+        let proxy = {
+            let dbus_name = std::env::var("TEST_DBUS_SERVICE_NAME").map_err(|_| {
+                anyhow::anyhow!("The test hasn't set the TEST_DBUS_SERVICE_NAME environment var")
+            })?;
+            MalcontentDnsProxy::builder(&connection)
+                .destination(zbus_names::UniqueName::try_from(dbus_name).unwrap())
+                .unwrap()
+                .build()
+                .await
+                .expect("Unable to build DBus proxy object")
+        };
+
+        let restrictions = proxy.get_restrictions(user.as_raw()).await;
+        log::trace!(
+            "malcontent-nss: user {} restrictions are {:?}",
+            user,
+            &restrictions
+        );
+        Ok(restrictions?)
    }

    pub async fn resolver(&self, user: Option<Uid>) -> Result<Option<Arc<TokioAsyncResolver>>> {
@ -89,12 +112,17 @@ fn resolver_config_for(restrictions: Vec<Restriction>) -> dns_config::ResolverCo
        restrictions
            .into_iter()
            .fold(NsConfig::new(), |mut config, restr| {
-                let new_config =
-                    if TcpStream::connect(SocketAddr::new(restr.ip, DNS_TLS_PORT)).is_ok() {
-                        NsConfig::from_ips_tls(&[restr.ip], DNS_TLS_PORT, restr.hostname, true)
-                    } else {
-                        NsConfig::from_ips_clear(&[restr.ip], DNS_UDP_PORT, true)
-                    };
+                let supports_tls = TcpStream::connect_timeout(
+                    &SocketAddr::new(restr.ip, DNS_TLS_PORT),
+                    Duration::from_secs(1),
+                )
+                .is_ok();
+
+                let new_config = if supports_tls {
+                    NsConfig::from_ips_tls(&[restr.ip], DNS_TLS_PORT, restr.hostname, true)
+                } else {
+                    NsConfig::from_ips_clear(&[restr.ip], DNS_UDP_PORT, true)
+                };

                config.merge(new_config);
                config