Policy Kit 1

comar/CMakeLists.txt

@@ -45,17 +45,13 @@ SET (SOURCES src/main.c
 
 # Set standard libraries
 SET (LIBS python2.6
-          dbus-1
-          polkit-gobject-1)
+          dbus-1)
 
 # Include standard headers
 INCLUDE_DIRECTORIES (include/
                      /usr/include/python2.6
                      /usr/include/dbus-1.0
-                     /usr/lib/dbus-1.0/include
-                     /usr/include/polkit-1
-                     /usr/include/glib-2.0
-                     /usr/lib/glib-2.0/include)
+                     /usr/lib/dbus-1.0/include)
 
 # Compile comar from specified sources
 ADD_EXECUTABLE (comar ${SOURCES})

comar/include/bus.h

@@ -39,5 +39,7 @@ void bus_reply_object(DBusMessage *bus_msg, PyObject *py_obj, char *signature);
 void bus_reply_unknown_method(DBusMessage *bus_msg);
 int bus_signal(const char *path, const char *interface, const char *member, PyObject *obj, char *signature);
 PyObject *bus_call(const char *path, const char *interface, const char *member, PyObject *obj, int timeout, const char *lang, char *signature);
+PyObject * bus_execute(DBusConnection *conn, const char *path, const char *interface, const char *member, PyObject *obj, int timeout, char *signature);
+PyObject *bus_execute2(DBusConnection *conn, const char *destination, const char *path, const char *interface, const char *member, PyObject *obj, int timeout, char *signature);
 
 #endif /* BUS_H */

comar/include/policy.h

@@ -29,8 +29,12 @@
 #define POLICY_H
 
 #include <dbus/dbus.h>
-#include <polkit/polkit.h>
+#include <Python.h>
 
-int policy_check(const char *sender, const char *action_id, int *result);
+#define POLICY_YES 1
+#define POLICY_AUTH 0
+#define POLICY_NO -1
+
+int policy_check(const char *sender, const char *action, int *result);
 
 #endif /* POLICY_H */

comar/src/bus.c

@@ -38,7 +38,6 @@
 #include "config.h"
 #include "log.h"
 #include "process.h"
-#include "policy.h"
 #include "pydbus.h"
 #include "script.h"
 #include "utils.h"
@@ -219,6 +218,78 @@ bus_execute(DBusConnection *conn, const char *path, const char *interface, const
     return Py_None;
 }
 
+//! Calls a method and returns reply.
+PyObject *
+bus_execute2(DBusConnection *conn, const char *destination, const char *path, const char *interface, const char *member, PyObject *obj, int timeout, char *signature)
+{
+    DBusMessage *msg, *reply;
+    DBusMessageIter iter;
+    DBusError err;
+
+    msg = dbus_message_new_method_call(destination, path, interface, member);
+    dbus_message_iter_init_append(msg, &iter);
+
+    // If signature is not null, append Python object to message
+    if (strcmp(signature, "") != 0) {
+        PyObject *py_tuple;
+        if (!PyTuple_Check(obj)) {
+            py_tuple = PyTuple_New(1);
+            PyTuple_SetItem(py_tuple, 0, obj);
+        }
+        else {
+            py_tuple = obj;
+        }
+        if (pydbus_export(&iter, py_tuple, signature) != 0) {
+            return NULL;
+        }
+    }
+
+    // -1 means "use DBus default timeout
+    // Else, multiply it with 1000, because DBus wants time in microseconds.
+    if (timeout != -1) {
+        timeout *= 1000;
+    }
+
+    dbus_error_init(&err);
+    printf("******* 1\n");
+    reply = dbus_connection_send_with_reply_and_block(conn, msg, timeout, &err);
+    printf("******* 2\n");
+    dbus_message_unref(msg);
+
+    // Unable to call method, raise an exception
+    if (dbus_error_is_set(&err)) {
+        printf("******* 2.1\n");
+        PyErr_Format(PyExc_DBus, "Unable to call method: %s", err.message);
+        dbus_error_free(&err);
+        return NULL;
+    }
+
+    PyObject *ret;
+
+    switch (dbus_message_get_type(reply)) {
+        case DBUS_MESSAGE_TYPE_METHOD_RETURN:
+            // Method returned a reply
+            printf("******* 3\n");
+            ret = pydbus_import(reply);
+            printf("******* 3.1\n");
+            if (ret && PyTuple_Size(ret) == 1) {
+                ret = PyTuple_GetItem(ret, 0);
+            }
+            dbus_message_unref(reply);
+            return ret;
+        case DBUS_MESSAGE_TYPE_ERROR:
+            // Method retuned an error, raise an exception
+            printf("******* 4\n");
+            PyErr_SetString(PyExc_DBus, dbus_message_get_error_name(reply));
+            printf("******* 4.1\n");
+            dbus_message_unref(reply);
+            return NULL;
+    }
+
+    Py_INCREF(Py_None);
+    return Py_None;
+}
+
 //! Opens a connection, sets locale and calls interface.member()
 PyObject *
 bus_call(const char *path, const char *interface, const char *member, PyObject *obj, int timeout, const char *lang, char *signature)

comar/src/db.c

@@ -128,11 +128,11 @@ db_validate_model(iks *xml, char *filename)
     return 0;
 }
 
-//! Gets polkit action ID of a method
+//! Gets PolicyKit action ID of a method
 char *
 db_action_id(char *iface_name, iks *met)
 {
-    // If necessary, get polkit action ID from XML
+    // If necerssary, get PolicyKit action ID from XML
     char *action_id = iks_find_attrib(met, "action_id");
     if (action_id) {
         return action_id;
@@ -196,7 +196,7 @@ db_load_model(iks *xml, PyObject **py_models)
                 PyTuple_SetItem(py_tuple, 0, PyInt_FromLong((long) 1));
             }
 
-            // Second argument is polkit action ID
+            // Second argument is PolicyKit action ID
             char *action_id = db_action_id(iface_name, met);
             PyTuple_SetItem(py_tuple, 1, PyString_FromString(action_id));
 

comar/src/loop.c

@@ -79,7 +79,7 @@ message_execute(DBusMessage *msg, const char *app, const char *model, const char
         if (strcmp(action_id, "") != 0) {
             int result;
             if (policy_check(sender, action_id, &result) == 0) {
-                if (!result) {
+                if (result != POLICY_YES) {
                     bus_reply_error(msg, "Comar.PolicyKit", action_id);
                     return;
                 }

comar/src/policy.c

@@ -25,97 +25,65 @@
  */
 
 #include "log.h"
+#include "bus.h"
 #include "policy.h"
 
-static int is_authorized;
-
-static void check_authorization_cb(PolkitAuthority *authority, GAsyncResult *res, GMainLoop *loop)
-{
-    GError *error;
-    PolkitAuthorizationResult *result;
-
-    error = NULL;
-
-    /* A PolKitAuthorizationResult or NULL if error is set. Free with g_object_free() */
-    log_info("finish the async auth.\n");
-    result = polkit_authority_check_authorization_finish(authority, res, &error);
-    if (error != NULL)
-    {
-        log_error("Error checking authorization: %s\n", error->message);
-        g_error_free(error);
-    }
-    else
-        /* Set global result */
-        is_authorized = polkit_authorization_result_get_is_authorized(result);
-
-    log_info("quitting loop, is authorized: %d\n", is_authorized);
-    /*g_object_free(result);*/
-    g_main_loop_quit(loop);
-    log_info("callback returns.\n");
-}
-
-
 //! Check if sender is allowed to call method
 int
-policy_check(const char *sender, const char *action_id, int *result)
+policy_check(const char *sender, const char *action, int *result)
 {
     /*!
      *
      * @sender Bus name of the sender
-     * @result polkit result
+     * @result PK result
      * @return 0 on success, 1 on error
      */
 
-    /* polkit-1 stuff */
-    PolkitAuthority *pk_authority;
-    PolkitSubject *pk_subject;
-    GMainLoop *loop;
+    DBusConnection *conn;
+    DBusError err;
+    int uid = -1;
 
-    g_type_init();
-    /*g_thread_init(NULL);*/
+    *result = POLICY_NO;
 
-    /*int uid = -1;*/
-    is_authorized = 0;
+    dbus_error_init(&err);
 
-    /* FIXME: Could not find out how to get uid for sender */
-    /*uid = dbus_bus_get_unix_user(conn, sender, &err);*/
+    conn = dbus_bus_get_private(DBUS_BUS_SYSTEM, &err);
+    if (dbus_error_is_set(&err)) {
+        log_error("Unable to open DBus connection to query PolicyKit: %s\n", err.message);
+        dbus_error_free(&err);
+        return -1;
+    }
 
-    /* Always authorized
-    if (uid == 0 && (result=1))
+    // If UID is 0, don't query PolicyKit
+    uid = dbus_bus_get_unix_user(conn, sender, &err);
+    if (dbus_error_is_set(&err)) {
+        log_error("Unable to get caller UID: %s\n", err.message);
+        dbus_error_free(&err);
+        return -1;
+    }
+    if (uid == 0) {
+        *result = POLICY_YES;
         return 0;
-    */
-
-    /* Create loop */
-    loop = g_main_loop_new(NULL, FALSE);
-
-    /* Get authority */
-    log_info("Creating authority.\n");
-    pk_authority = polkit_authority_get();
+    }
 
-    /* Create PolkitSubject */
-    log_info("Creating subject from: %s\n", sender);
-    pk_subject = polkit_system_bus_name_new((const gchar*) sender);
+    PyObject *subject = PyTuple_New(2);
+    PyTuple_SetItem(subject, 0, PyString_FromString("system-bus-name"));
+    PyObject *details = PyDict_New();
+    PyDict_SetItemString(details, "name", PyString_FromString(sender));
+    PyTuple_SetItem(subject, 1, details);
 
-    /* Asynchronously check for authorization */
-    log_info("async check authorization.\n");
-    polkit_authority_check_authorization(pk_authority,
-                                         pk_subject,
-                                         action_id,
-                                         NULL, /* PolkitDetails */
-                                         POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION, /* FIXME */
-                                         NULL, /* cancellable */
-                                         (GAsyncReadyCallback) check_authorization_cb,
-                                         loop);
+    PyObject *details2 = PyDict_New();
 
-    log_info("running loop.\n");
-    g_main_loop_run(loop);
-    g_object_unref(pk_authority);
-    g_object_unref(pk_subject);
-    g_main_loop_unref(loop);
+    PyObject *obj = PyTuple_New(5);
+    PyTuple_SetItem(obj, 0, subject);
+    PyTuple_SetItem(obj, 1, PyString_FromString(action));
+    PyTuple_SetItem(obj, 2, details2);
+    PyTuple_SetItem(obj, 3, PyInt_FromLong((long) 0));
+    PyTuple_SetItem(obj, 4, PyString_FromString("abc"));
 
-    /* Set result */
-    *result = is_authorized;
-    log_info("returning 0 with result: %d\n", *result);
+    printf("DEB: %s\n", PyString_AsString(PyObject_Repr(obj)));
+    PyObject *ret = bus_execute2(conn, "org.freedesktop.PolicyKit1", "/org/freedesktop/PolicyKit1/Authority", "org.freedesktop.PolicyKit1.Authority", "CheckAuthorization", obj, 25, "(sa{sv})sa{ss}us");
+    printf("DEB: %s\n", PyString_AsString(PyObject_Repr(ret)));
 
     return 0;
 }

comar/src/script.c

@@ -44,7 +44,7 @@ PyObject *PyExc_COMAR_Invalid;
 PyObject *PyExc_COMAR_Script;
 PyObject *PyExc_COMAR_Missing;
 PyObject *PyExc_DBus;
-PyObject *PyExc_polkit;
+PyObject *PyExc_PolicyKit;
 
 //! Initializes Python VM
 int
@@ -58,7 +58,7 @@ script_init()
     PyExc_COMAR_Script = PyErr_NewException("Comar.Script", NULL, NULL);
     PyExc_COMAR_Missing = PyErr_NewException("Comar.Missing", NULL, NULL);
     PyExc_DBus = PyErr_NewException("Comar.DBus", NULL, NULL);
-    PyExc_polkit = PyErr_NewException("Comar.PolicyKit", NULL, NULL);
+    PyExc_PolicyKit = PyErr_NewException("Comar.PolicyKit", NULL, NULL);
 
     // Load model definitions
     PyObject *py_models;
@@ -513,7 +513,7 @@ py_execute(const char *app, const char *model, const char *method, PyObject *py_
      * @method Method
      * @py_args Arguments
      * @py_ret Pointer to returned value
-     * @return 0 on success, -1 on missing file, -2 on Python error, -3 on access denied, -4 on polkit error
+     * @return 0 on success, -1 on missing file, -2 on Python error, -3 on access denied, -4 on PolicyKit error
      *
      */
 
@@ -619,20 +619,20 @@ py_execute(const char *app, const char *model, const char *method, PyObject *py_
         return -2;
     }
     else {
-        // Check if polkit action defined at runtime
+        // Check if PolicyKit action defined at runtime
         if (PyObject_HasAttrString(py_func, "policy_action_id")) {
             const char *action_id = PyString_AsString(PyObject_GetAttrString(py_func, "policy_action_id"));
             const char *sender = dbus_message_get_sender(my_proc.bus_msg);
-            int result;
 
+            int result;
             if (policy_check(sender, action_id, &result) == 0) {
-                if (!result) {
-                    PyErr_Format(PyExc_polkit, action_id);
+                if (result != POLICY_YES) {
+                    PyErr_Format(PyExc_PolicyKit, action_id);
                     return -3;
                 }
             }
             else {
-                PyErr_Format(PyExc_polkit, "error");
+                PyErr_Format(PyExc_PolicyKit, "error");
                 return -4;
             }
         }