From 113f1e5ab113c63852059435ee18d1e6ae841fa0 Mon Sep 17 00:00:00 2001
From: Yaroslav Bolyukin <iam@lach.pw>
Date: Fri, 12 Jun 2026 20:08:23 +0000
Subject: [PATCH] fix: privileged agent plugins


---
--- a/cmds/remowt-agent/src/main.rs
+++ b/cmds/remowt-agent/src/main.rs
@@ -15,12 +15,13 @@
 use remowt_link_shared::{Address, BifConfig, Fs, Pty, Systemd};
 use remowt_polkit_shared::{emphasize, BackendRequest, Identity, PidDisplay};
 use remowt_ui_prompt::bifrost::PromptEndpointsClient;
+use remowt_ui_prompt::rofi::RofiPrompter;
 use remowt_ui_prompt::{PrependSourcePrompter, Prompter, Source};
 use tokio::fs;
 use tokio::net::UnixStream;
 use tokio::runtime::Builder;
 use tokio::task::AbortHandle;
-use tracing::{info, trace};
+use tracing::{debug, info, trace};
 use zbus::fdo;
 use zbus::zvariant::{OwnedValue, Str};
 use zbus::{interface, proxy, Connection};
@@ -39,7 +40,7 @@
 }
 impl Drop for CancelTaskOnDrop {
 	fn drop(&mut self) {
-		info!("cancel on drop");
+		debug!("cancel on drop");
 		if let Some(task) = self
 			.tasks
 			.lock()
@@ -121,7 +122,7 @@
 					identities.iter().map(|v| v.to_string()).collect();
 				let identity_displays: Vec<&str> =
 					identity_displays.iter().map(|v| v.as_str()).collect();
-				info!("choose identity");
+				debug!("choose identity");
 				let choosen_identity = match identity_displays.len() {
 					0 => {
 						return Err(fdo::Error::AuthFailed(
@@ -140,7 +141,7 @@
 							.await?
 					}
 				};
-				info!("identity chosen");
+				debug!("identity chosen");
 
 				let _ = write!(
 					description,
@@ -169,7 +170,7 @@
 			.lock()
 			.unwrap()
 			.insert(cookie.clone(), task.abort_handle());
-		info!("abort handle stored");
+		debug!("abort handle stored");
 		let _ = _cancel_guard.set(CancelTaskOnDrop {
 			tasks: self.tasks.clone(),
 			handle: cookie.clone(),
@@ -182,9 +183,9 @@
 
 	/// CancelAuthentication method
 	async fn cancel_authentication(&self, cookie: &str) -> zbus::fdo::Result<()> {
-		info!("auth cancelled");
+		debug!("auth cancelled");
 		if let Some(abort) = self.tasks.lock().unwrap().remove(cookie) {
-			info!("abort handle found");
+			debug!("abort handle found");
 			abort.abort();
 		}
 		// debug!("Authentication cancled ! {cookie}");
@@ -220,6 +221,7 @@
 		#[arg(long)]
 		privileged: bool,
 	},
+	LocalAgent,
 }
 
 fn main() -> anyhow::Result<()> {
@@ -227,6 +229,7 @@
 	// so anything written there would corrupt the stream.
 	tracing_subscriber::fmt()
 		.with_writer(std::io::stderr)
+		.without_time()
 		.init();
 	let opts = Opts::parse();
 
@@ -237,10 +240,21 @@
 			prompt,
 			description,
 		} => runtime.block_on(askpass::ask(&prompt, description)),
+		Opts::LocalAgent => runtime.block_on(main_real()),
 		Opts::Editor { path } => runtime.block_on(editor::edit(path)),
 		Opts::RealAgent { path, privileged } => runtime.block_on(main_real_agent(path, privileged)),
 	}
 }
+async fn main_real() -> anyhow::Result<()> {
+	let conn = Connection::system().await?;
+	let helper = SocketHelper {
+		fallback: SuidHelper,
+	};
+	register_auth_agent(&conn, Agent::new(helper, RofiPrompter)).await?;
+
+	let _conn = conn;
+	pending().await
+}
 async fn main_real_agent(path: Option<PathBuf>, privileged: bool) -> anyhow::Result<()> {
 	let address = if privileged {
 		Address::AgentPrivileged
@@ -330,7 +344,7 @@
 	proxy
 		.register_authentication_agent(&subject, "C", OBJ_PATH)
 		.await?;
-	info!(kind = subject.subject_kind, "registered polkit agent");
+	debug!(kind = subject.subject_kind, "registered polkit agent");
 	Ok(())
 }
 
--- a/crates/remowt-plugin/Cargo.toml
+++ b/crates/remowt-plugin/Cargo.toml
@@ -11,6 +11,7 @@
 bifrostlink-ports.workspace = true
 bytes.workspace = true
 remowt-link-shared.workspace = true
+serde_json.workspace = true
 tokio = { workspace = true, features = [
 	"rt",
 	"net",
--- a/crates/remowt-plugin/src/host.rs
+++ b/crates/remowt-plugin/src/host.rs
@@ -13,6 +13,7 @@
 
 pub fn serve(rpc: &mut Rpc<BifConfig>) {
 	let host = Host {
+		me: rpc.me(),
 		rpc: rpc.clone().downgrade(),
 		children: Mutex::new(Vec::new()),
 	};
@@ -20,6 +21,7 @@
 }
 
 struct Host {
+	me: Address,
 	rpc: WeakRpc<BifConfig>,
 	children: Mutex<Vec<Child>>,
 }
@@ -30,6 +32,7 @@
 
 		let mut child = Command::new(path)
 			.arg(id.to_string())
+			.arg(serde_json::to_string(&self.me).expect("address serializes"))
 			.stdin(Stdio::piped())
 			.stdout(Stdio::piped())
 			.kill_on_drop(true)
--- a/crates/remowt-plugin/src/lib.rs
+++ b/crates/remowt-plugin/src/lib.rs
@@ -18,6 +18,13 @@
 		.map_err(|e| anyhow::anyhow!("invalid plugin index {arg:?}: {e}"))
 }
 
+pub fn host_address() -> Result<Address> {
+	let arg = std::env::args()
+		.nth(2)
+		.ok_or_else(|| anyhow::anyhow!("missing host address argument"))?;
+	serde_json::from_str(&arg).map_err(|e| anyhow::anyhow!("invalid host address {arg:?}: {e}"))
+}
+
 pub fn run<F>(register: F) -> Result<()>
 where
 	F: FnOnce(&mut Rpc<BifConfig>),
@@ -27,10 +34,11 @@
 		.init();
 
 	let index = plugin_index()?;
+	let host = host_address()?;
 	let runtime = Builder::new_current_thread().enable_all().build()?;
 	runtime.block_on(async move {
 		let mut rpc = Rpc::<BifConfig>::new(Address::Plugin(index));
-		rpc.add_direct(Address::Agent, from_stdio(), Rtt(0));
+		rpc.add_direct(host, from_stdio(), Rtt(0));
 		register(&mut rpc);
 		let _rpc = rpc;
 		pending::<Result<()>>().await

-- 
gitstuff