Author: lslezak Date: Thu Jul 3 14:22:42 2008 New Revision: 48817 URL: http://svn.opensuse.org/viewcvs/yast?rev=48817&view=rev Log: - added SCRAgent::DBusCaller - do policykit authorization against the dbus caller Modified: branches/tmp/lslezak/workshop/core/libscr/src/SCR.cc branches/tmp/lslezak/workshop/core/libscr/src/SCRAgent.cc branches/tmp/lslezak/workshop/core/libscr/src/include/scr/SCRAgent.h branches/tmp/lslezak/workshop/core/scr/src/PolKit.cc branches/tmp/lslezak/workshop/core/scr/src/PolKit.h branches/tmp/lslezak/workshop/core/scr/src/ScriptingAgent.cc Modified: branches/tmp/lslezak/workshop/core/libscr/src/SCR.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/tmp/lslezak/workshop/core/libscr/src/SCR.cc?rev=48817&r1=48816&r2=48817&view=diff ============================================================================== --- branches/tmp/lslezak/workshop/core/libscr/src/SCR.cc (original) +++ branches/tmp/lslezak/workshop/core/libscr/src/SCR.cc Thu Jul 3 14:22:42 2008 @@ -212,6 +212,20 @@ return SCRAgent::instance ()->RegisterNewAgents (); } +static YCPValue +SCRDBuscaller(const YCPString &caller) +{ + if (! SCRAgent::instance()) + { + ycperror ( "No SCR instance found" ); + return YCPVoid (); + } + y2debug( "Running SCR::DBusCaller on SCR agent %p", SCRAgent::instance () ); + + y2internal("DBus caller: %s", caller->toString().c_str()); + return SCRAgent::instance()->DBusCaller(caller); +} + SCR::SCR () { // already done, we must avoid double registration @@ -238,6 +252,7 @@ { "UnregisterAllAgents","boolean ()", (void *)SCRUnregisterAllAgents }, { "UnmountAgent", "boolean (path)", (void *)SCRUnmountAgent }, { "RegisterNewAgents", "boolean ()", (void *)SCRRegisterNewAgents }, + { "DBusCaller", "void(string)", (void *)SCRDBuscaller }, { 0 } }; Modified: branches/tmp/lslezak/workshop/core/libscr/src/SCRAgent.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/tmp/lslezak/workshop/core/libscr/src/SCRAgent.cc?rev=48817&r1=48816&r2=48817&view=diff ============================================================================== --- branches/tmp/lslezak/workshop/core/libscr/src/SCRAgent.cc (original) +++ branches/tmp/lslezak/workshop/core/libscr/src/SCRAgent.cc Thu Jul 3 14:22:42 2008 @@ -32,7 +32,7 @@ YCPMap SCRAgent::unspecified_error; SCRAgent::SCRAgent () - : mainscragent (0) + : mainscragent (0), dbus_caller() { if( current_scr == 0 ) current_scr = this; if (unspecified_error.size () == 0) @@ -108,3 +108,11 @@ return ret; } + +YCPValue SCRAgent::DBusCaller(const YCPString &caller) +{ + dbus_caller = caller->asString()->value(); + y2internal("Setting caller : %s", dbus_caller.c_str()); + return YCPNull(); +} + Modified: branches/tmp/lslezak/workshop/core/libscr/src/include/scr/SCRAgent.h URL: http://svn.opensuse.org/viewcvs/yast/branches/tmp/lslezak/workshop/core/libscr/src/include/scr/SCRAgent.h?rev=48817&r1=48816&r2=48817&view=diff ============================================================================== --- branches/tmp/lslezak/workshop/core/libscr/src/include/scr/SCRAgent.h (original) +++ branches/tmp/lslezak/workshop/core/libscr/src/include/scr/SCRAgent.h Thu Jul 3 14:22:42 2008 @@ -75,8 +75,6 @@ return YCPNull (); } -public: - /** * Get a detailed error description if a previous command failed */ @@ -128,6 +126,8 @@ * not defined in your Agent. */ virtual YCPValue otherCommand (const YCPTerm& term); + + virtual YCPValue DBusCaller(const YCPString &caller); /** * A pointer to the SCRAgent (which normally is the ScriptingAgent) @@ -148,6 +148,9 @@ void setAsCurrentSCR() { current_scr = this; } + +protected: + std::string dbus_caller; private: static SCRAgent* current_scr; Modified: branches/tmp/lslezak/workshop/core/scr/src/PolKit.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/tmp/lslezak/workshop/core/scr/src/PolKit.cc?rev=48817&r1=48816&r2=48817&view=diff ============================================================================== --- branches/tmp/lslezak/workshop/core/scr/src/PolKit.cc (original) +++ branches/tmp/lslezak/workshop/core/scr/src/PolKit.cc Thu Jul 3 14:22:42 2008 @@ -141,3 +141,109 @@ return ret; } +bool PolKit::isDBusUserAuthorized(const std::string &action_id, const std::string &dbus_caller) +{ + bool ret = false; + DBusError dbus_error; + DBusConnection *bus = NULL; + PolKitCaller *caller = NULL; + PolKitAction *action = NULL; + PolKitContext *context = NULL; + PolKitError *polkit_error = NULL; + PolKitSession *session = NULL; + PolKitResult polkit_result; + + dbus_error_init(&dbus_error); + + if (!(bus = dbus_bus_get(DBUS_BUS_SYSTEM, &dbus_error))) { + dbus_error_free (&dbus_error); + return false; + } + + caller = polkit_caller_new_from_dbus_name ( + bus, + dbus_caller.c_str(), + &dbus_error); + + if (caller == NULL) { + dbus_error_free (&dbus_error); + return false; + } + + if (!(polkit_caller_get_ck_session(caller, &session))) { + goto finish; + } + + action = polkit_action_new (); + polkit_action_set_action_id (action, action_id.c_str()); + + if (!(context = polkit_context_new())) { + goto finish; + } + + if (!polkit_context_init(context, &polkit_error)) { + goto finish; + } + + for (;;) { + + polkit_result = polkit_context_is_caller_authorized(context, action, caller, TRUE, &polkit_error); + + if (polkit_error_is_set(polkit_error)) { + goto finish; + } + + y2milestone("Action: %s Result: %s", action_id.c_str(), polkit_result_to_string_representation(polkit_result)); + + if (polkit_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH || + polkit_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION || + polkit_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS || + polkit_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT || + polkit_result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH || + polkit_result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION || + polkit_result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS || + polkit_result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT + ) { + y2milestone("Obtaining the authentication..."); + + int obtained = polkit_auth_obtain(action_id.c_str(), 0, getpid(), &dbus_error); + + y2milestone("Obtained: %d", obtained); + + if (obtained) { + polkit_result = POLKIT_RESULT_YES; + break; + } + + if (dbus_error_is_set(&dbus_error)) { + y2error("DBUS error"); + goto finish; + } + } + + break; + } + + ret = polkit_result == POLKIT_RESULT_YES; + +finish: + + if (caller) + polkit_caller_unref(caller); + + if (action) + polkit_action_unref(action); + + if (context) + polkit_context_unref(context); + + if (bus) + dbus_connection_unref(bus); + + dbus_error_free(&dbus_error); + + if (polkit_error) + polkit_error_free(polkit_error); + + return ret; +} Modified: branches/tmp/lslezak/workshop/core/scr/src/PolKit.h URL: http://svn.opensuse.org/viewcvs/yast/branches/tmp/lslezak/workshop/core/scr/src/PolKit.h?rev=48817&r1=48816&r2=48817&view=diff ============================================================================== --- branches/tmp/lslezak/workshop/core/scr/src/PolKit.h (original) +++ branches/tmp/lslezak/workshop/core/scr/src/PolKit.h Thu Jul 3 14:22:42 2008 @@ -17,6 +17,7 @@ ~PolKit(); static bool isUserAuthorized(const std::string &action_id); + static bool isDBusUserAuthorized(const std::string &action_id, const std::string &dbus_caller); private: Modified: branches/tmp/lslezak/workshop/core/scr/src/ScriptingAgent.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/tmp/lslezak/workshop/core/scr/src/ScriptingAgent.cc?rev=48817&r1=48816&r2=48817&view=diff ============================================================================== --- branches/tmp/lslezak/workshop/core/scr/src/ScriptingAgent.cc (original) +++ branches/tmp/lslezak/workshop/core/scr/src/ScriptingAgent.cc Thu Jul 3 14:22:42 2008 @@ -597,7 +597,7 @@ std::string action_id(polkit_prefix + pathstr + "." + toLower(command)); // check the policy here - if (PolKit::isUserAuthorized(action_id)) + if (PolKit::isDBusUserAuthorized(action_id, dbus_caller)) { y2internal("User is authorized to do acion %s", action_id.c_str()); } -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org