Kaydet (Commit) 757e6911 authored tarafından Ozan Çağlayan's avatar Ozan Çağlayan

Port to polkit-1

üst b6b5d1b0
......@@ -46,14 +46,16 @@ SET (SOURCES src/main.c
# Set standard libraries
SET (LIBS python2.6
dbus-1
polkit-dbus)
polkit-gobject-1)
# Include standard headers
INCLUDE_DIRECTORIES (include/
/usr/include/python2.6
/usr/include/dbus-1.0
/usr/lib/dbus-1.0/include
/usr/include/polkit-1)
/usr/include/polkit-1
/usr/include/glib-2.0
/usr/lib/glib-2.0/include)
# Compile comar from specified sources
ADD_EXECUTABLE (comar ${SOURCES})
......@@ -83,12 +85,11 @@ INSTALL (FILES
config/tr.org.pardus.comar2.service
DESTINATION /usr/share/dbus-1/system-services/)
# Install policies
# Install PK policies
# Install polkit policies
INSTALL (DIRECTORY
policy/
DESTINATION /usr/share/polkit-1/actions
FILES_MATCHING_PATTERN "*.policy"
FILES_MATCHING PATTERN "*.policy"
PATTERN ".svn" EXCLUDE)
# Install system bus policy under /etc/dbus-1/system.d/
......
......@@ -29,8 +29,8 @@
#define POLICY_H
#include <dbus/dbus.h>
#include <polkit-dbus/polkit-dbus.h>
#include <polkit/polkit.h>
int policy_check(const char *sender, const char *action, PolKitResult *result);
int policy_check(const char *sender, const char *action_id, int *result);
#endif /* POLICY_H */
......@@ -128,11 +128,11 @@ db_validate_model(iks *xml, char *filename)
return 0;
}
//! Gets PolicyKit action ID of a method
//! Gets polkit action ID of a method
char *
db_action_id(char *iface_name, iks *met)
{
// If necerssary, get PolicyKit action ID from XML
// If necessary, get polkit action ID from XML
char *action_id = iks_find_attrib(met, "action_id");
if (action_id) {
return action_id;
......@@ -196,7 +196,7 @@ db_load_model(iks *xml, PyObject **py_models)
PyTuple_SetItem(py_tuple, 0, PyInt_FromLong((long) 1));
}
// Second argument is PolicyKit action ID
// Second argument is polkit action ID
char *action_id = db_action_id(iface_name, met);
PyTuple_SetItem(py_tuple, 1, PyString_FromString(action_id));
......
......@@ -77,9 +77,9 @@ message_execute(DBusMessage *msg, const char *app, const char *model, const char
const char *sender = dbus_message_get_sender(my_proc.bus_msg);
if (strcmp(action_id, "") != 0) {
PolKitResult result;
int result;
if (policy_check(sender, action_id, &result) == 0) {
if (result != POLKIT_RESULT_YES) {
if (!result) {
bus_reply_error(msg, "Comar.PolicyKit", action_id);
return;
}
......
......@@ -27,71 +27,95 @@
#include "log.h"
#include "policy.h"
static int is_authorized;
static void check_authorization_cb(PolkitAuthority *authority, GAsyncResult *res, GMainLoop *loop)
{
GError *error;
PolkitAuthorizationResult *result;
error = NULL;
/* A PolKitAuthorizationResult or NULL if error is set. Free with g_object_free() */
log_info("finish the async auth.\n");
result = polkit_authority_check_authorization_finish(authority, res, &error);
if (error != NULL)
{
log_error("Error checking authorization: %s\n", error->message);
g_error_free(error);
}
else
/* Set global result */
is_authorized = polkit_authorization_result_get_is_authorized(result);
log_info("quitting loop, is authorized: %d\n", is_authorized);
/*g_object_free(result);*/
g_main_loop_quit(loop);
log_info("callback returns.\n");
}
//! Check if sender is allowed to call method
int
policy_check(const char *sender, const char *action, PolKitResult *result)
policy_check(const char *sender, const char *action_id, int *result)
{
/*!
*
* @sender Bus name of the sender
* @result PK result
* @result polkit result
* @return 0 on success, 1 on error
*/
DBusConnection *conn;
DBusError err;
PolKitContext *polkit_ctx;
PolKitCaller *polkit_clr;
PolKitAction *polkit_act;
PolKitError *perr;
int uid = -1;
/* polkit-1 stuff */
PolkitAuthority *pk_authority;
PolkitSubject *pk_subject;
GMainLoop *loop;
*result = (PolKitResult) POLKIT_RESULT_NO;
g_type_init();
/*g_thread_init(NULL);*/
dbus_error_init(&err);
/*int uid = -1;*/
is_authorized = 0;
conn = dbus_bus_get_private(DBUS_BUS_SYSTEM, &err);
if (dbus_error_is_set(&err)) {
log_error("Unable to open connection to query PolicyKit: %s\n", err.message);
dbus_error_free(&err);
return -1;
}
/* FIXME: Could not find out how to get uid for sender */
/*uid = dbus_bus_get_unix_user(conn, sender, &err);*/
// If UID is 0, don't query PolicyKit
uid = dbus_bus_get_unix_user(conn, sender, &err);
if (dbus_error_is_set(&err)) {
log_error("Unable to get caller UID: %s\n", err.message);
dbus_error_free(&err);
return -1;
}
if (uid == 0) {
*result = (PolKitResult) POLKIT_RESULT_YES;
/* Always authorized
if (uid == 0 && (result=1))
return 0;
}
*/
polkit_ctx = polkit_context_new();
if (!polkit_context_init(polkit_ctx, &perr)) {
log_error("Unable to initialize PK context: %s\n", polkit_error_get_error_message(perr));
polkit_error_free(perr);
return -1;
}
/* Create loop */
loop = g_main_loop_new(NULL, FALSE);
polkit_clr = polkit_caller_new_from_dbus_name(conn, sender, &err);
if (dbus_error_is_set(&err)) {
log_error("Unable to get caller info: %s\n", err.message);
dbus_error_free(&err);
return -1;
}
/* Get authority */
log_info("Creating authority.\n");
pk_authority = polkit_authority_get();
if (!polkit_action_validate_id(action)) {
log_error("Unable to query PolicyKit, action is not valid: %s\n", action);
return -1;
}
/* Create PolkitSubject */
log_info("Creating subject from: %s\n", sender);
pk_subject = polkit_system_bus_name_new((const gchar*) sender);
/* Asynchronously check for authorization */
log_info("async check authorization.\n");
polkit_authority_check_authorization(pk_authority,
pk_subject,
action_id,
NULL, /* PolkitDetails */
POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION, /* FIXME */
NULL, /* cancellable */
(GAsyncReadyCallback) check_authorization_cb,
loop);
polkit_act = polkit_action_new();
polkit_action_set_action_id(polkit_act, action);
log_info("running loop.\n");
g_main_loop_run(loop);
g_object_unref(pk_authority);
g_object_unref(pk_subject);
g_main_loop_unref(loop);
*result = polkit_context_is_caller_authorized(polkit_ctx, polkit_act, polkit_clr, FALSE, &perr);
/* Set result */
*result = is_authorized;
log_info("returning 0 with result: %d\n", *result);
return 0;
}
......@@ -44,7 +44,7 @@ PyObject *PyExc_COMAR_Invalid;
PyObject *PyExc_COMAR_Script;
PyObject *PyExc_COMAR_Missing;
PyObject *PyExc_DBus;
PyObject *PyExc_PolicyKit;
PyObject *PyExc_polkit;
//! Initializes Python VM
int
......@@ -58,7 +58,7 @@ script_init()
PyExc_COMAR_Script = PyErr_NewException("Comar.Script", NULL, NULL);
PyExc_COMAR_Missing = PyErr_NewException("Comar.Missing", NULL, NULL);
PyExc_DBus = PyErr_NewException("Comar.DBus", NULL, NULL);
PyExc_PolicyKit = PyErr_NewException("Comar.PolicyKit", NULL, NULL);
PyExc_polkit = PyErr_NewException("Comar.PolicyKit", NULL, NULL);
// Load model definitions
PyObject *py_models;
......@@ -513,7 +513,7 @@ py_execute(const char *app, const char *model, const char *method, PyObject *py_
* @method Method
* @py_args Arguments
* @py_ret Pointer to returned value
* @return 0 on success, -1 on missing file, -2 on Python error, -3 on access denied, -4 on PolicyKit error
* @return 0 on success, -1 on missing file, -2 on Python error, -3 on access denied, -4 on polkit error
*
*/
......@@ -619,20 +619,20 @@ py_execute(const char *app, const char *model, const char *method, PyObject *py_
return -2;
}
else {
// Check if PolicyKit action defined at runtime
// Check if polkit action defined at runtime
if (PyObject_HasAttrString(py_func, "policy_action_id")) {
const char *action_id = PyString_AsString(PyObject_GetAttrString(py_func, "policy_action_id"));
const char *sender = dbus_message_get_sender(my_proc.bus_msg);
int result;
PolKitResult result;
if (policy_check(sender, action_id, &result) == 0) {
if (result != POLKIT_RESULT_YES) {
PyErr_Format(PyExc_PolicyKit, action_id);
if (!result) {
PyErr_Format(PyExc_polkit, action_id);
return -3;
}
}
else {
PyErr_Format(PyExc_PolicyKit, "error");
PyErr_Format(PyExc_polkit, "error");
return -4;
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment