[yast-commit] r48796 - in /branches/research/web-service/polkit-auth: ./ Makefile polkit.c polkit.h readme.txt

3 Jul 2008

Author: jsrain
Date: Thu Jul  3 10:43:00 2008
New Revision: 48796

URL: http://svn.opensuse.org/viewcvs/yast?rev=48796&view=rev
Log:
added jreidinger's modified polkit authentication binding

Added:
    branches/research/web-service/polkit-auth/
    branches/research/web-service/polkit-auth/Makefile
    branches/research/web-service/polkit-auth/polkit.c
    branches/research/web-service/polkit-auth/polkit.h
    branches/research/web-service/polkit-auth/readme.txt

Added: branches/research/web-service/polkit-auth/Makefile
URL: http://svn.opensuse.org/viewcvs/yast/branches/research/web-service/polkit-auth/Makefile?rev=48796&view=auto
==============================================================================

--- branches/research/web-service/polkit-auth/Makefile (added)
+++ branches/research/web-service/polkit-auth/Makefile Thu Jul  3 10:43:00 2008
@@ -0,0 +1,5 @@
+polkitbind.so: polkit.c
+	gcc -fPIC -rdynamic -L/lib64 -lpython2.5 -ldbus-1 -lpolkit -lpolkit-dbus -I/usr/include/python  -I/usr/include/PolicyKit -I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include -shared -o polkitbind.so polkit.c
+
+install: polkitbind.so
+	cp $? /usr/lib64/python/site-packages/

Added: branches/research/web-service/polkit-auth/polkit.c
URL: http://svn.opensuse.org/viewcvs/yast/branches/research/web-service/polkit-auth/polkit.c?rev=48796&view=auto
==============================================================================
--- branches/research/web-service/polkit-auth/polkit.c (added)
+++ branches/research/web-service/polkit-auth/polkit.c Thu Jul  3 10:43:00 2008
@@ -0,0 +1,175 @@
+
+/*
+  check function
+*/
+
+#include 
+#include 
+
+#include 
+#include 
+
+#include 
+
+#include "polkit.h"
+
+#include 
+#include 
+
+#define SCRIPT_FILE "polkitwrapper.py"
+
+int polkit_check(const char *action_id, const char *user) {
+
+    int ret = -1;
+    DBusError dbus_error;
+    DBusConnection *bus = NULL;
+    PolKitCaller *caller = NULL;
+    PolKitAction *action = NULL;
+    PolKitContext *context = NULL;
+    PolKitError *polkit_error = NULL;
+    PolKitSession *session = NULL;
+    PolKitResult polkit_result;
+
+    dbus_error_init(&dbus_error);
+
+    if (!(bus = dbus_bus_get(DBUS_BUS_SYSTEM, &dbus_error))) {
+        goto finish;
+    }
+
+    if (!(caller = polkit_caller_new_from_pid(bus, getpid(), &dbus_error))) {
+        goto finish;
+    }
+
+    /* This function is called when PulseAudio is called SUID root. We
+     * want to authenticate the real user that called us and not the
+     * effective user we gained through being SUID root. Hence we
+     * overwrite the UID caller data here explicitly, just for
+     * paranoia. In fact PolicyKit should fill in the UID here anyway
+     * -- an not the EUID or any other user id. */
+
+    struct passwd *passwd = getpwnam(user);
+    uid_t uid = passwd->pw_uid;
+    if (!(polkit_caller_set_uid(caller, uid))) {
+        goto finish;
+    }
+
+    if (!(polkit_caller_get_ck_session(caller, &session)))
+    {
+        goto finish;
+    }
+
+
+    if (session!=NULL)
+    {
+    	/* We need to overwrite the UID in both the caller and the session
+     	* object */
+    	if (!(polkit_session_set_uid(session, getuid()))) {
+        	goto finish;
+    	}
+    }
+
+    if (!(action = polkit_action_new())) {
+        goto finish;
+    }
+
+    if (!polkit_action_set_action_id(action, action_id)) {
+        goto finish;
+    }
+
+    if (!(context = polkit_context_new())) {
+        goto finish;
+    }
+
+    if (!polkit_context_init(context, &polkit_error)) {
+        goto finish;
+    }
+
+        polkit_result = polkit_context_is_caller_authorized(context, action, caller, FALSE, &polkit_error);
+
+        if (polkit_error_is_set(polkit_error)) {
+            goto finish;
+        }
+    
+        //printf("Action: %s Result: %s\n", action_id, polkit_result_to_string_representation(polkit_result));
+
+        switch (polkit_result)
+	{
+	  case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH:
+ 	  case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION:
+          case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS:
+	  case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT:
+          case POLKIT_RESULT_ONLY_VIA_SELF_AUTH:
+          case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION:
+          case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS:
+          case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT:
+            ret = -2;
+            break;
+	  case POLKIT_RESULT_YES:
+	    ret = 0;
+    	    break;
+	  case POLKIT_RESULT_NO:
+	    ret = -3;
+	    break;
+ 	  default:
+	    ; //handle new value in polkit
+	    break;
+	}
+
+finish:
+
+    if (caller)
+        polkit_caller_unref(caller);
+
+    if (action)
+        polkit_action_unref(action);
+
+    if (context)
+        polkit_context_unref(context);
+
+    if (bus)
+        dbus_connection_unref(bus);
+
+    dbus_error_free(&dbus_error);
+
+    if (polkit_error)
+        polkit_error_free(polkit_error);
+
+    return ret;
+}
+
+
+PyObject* checkWrap(PyObject* self, PyObject* args)  
+{  
+	PyObject* pResult;  
+	int       result;  
+	char*     arg_text;  
+	char*	  arg_user;
+
+	PyArg_ParseTuple(args, "ss", &arg_text, &arg_user);  
+
+	result = polkit_check(arg_text, arg_user);  
+	pResult = Py_BuildValue("i", result);  
+
+	return pResult;  
+}
+
+static PyMethodDef methods[] = {  
+	{"checkPolicyLow", checkWrap, METH_VARARGS, "policy kit wrapper"},  
+	{NULL, NULL, 0, NULL}  
+	}; 
+
+PyMODINIT_FUNC
+initpolkitbind(void)
+{
+  Py_InitModule("polkitbind",methods);
+}
+
+int main(int argc, char *argv[])  
+{  
+   Py_SetProgramName(argv[0]);
+   Py_Initialize();  
+   initpolkitbind();
+  
+   Py_Finalize();  
+   return 0;  
+} 

Added: branches/research/web-service/polkit-auth/polkit.h
URL: http://svn.opensuse.org/viewcvs/yast/branches/research/web-service/polkit-auth/polkit.h?rev=48796&view=auto
==============================================================================
--- branches/research/web-service/polkit-auth/polkit.h (added)
+++ branches/research/web-service/polkit-auth/polkit.h Thu Jul  3 10:43:00 2008
@@ -0,0 +1,13 @@
+/* $Id$ */
+
+#ifndef polkith
+#define polkith
+
+/**
+ * checks if user can provide action
+ * \param action action which user want do
+ * \return 0 if user have permision, -1 if error occured, -2 if authorization required and -3 if permision denied
+ */
+int polkit_check(const char *action, const char* user);
+
+#endif

Added: branches/research/web-service/polkit-auth/readme.txt
URL: http://svn.opensuse.org/viewcvs/yast/branches/research/web-service/polkit-auth/readme.txt?rev=48796&view=auto
==============================================================================
--- branches/research/web-service/polkit-auth/readme.txt (added)
+++ branches/research/web-service/polkit-auth/readme.txt Thu Jul  3 10:43:00 2008
@@ -0,0 +1,12 @@
+you must have setted yast_service projekt
+then use 'make install'
+
+/usr/share/dbus-1/system-services/org.opensuse.YaST.Auth.service
+in config dir
+/etc/dbus-1/system.d/yast.conf
+/etc/dbus-1/system.d/yastproxy.conf
+in config dir
+
+How to run:
+./test.py
+

-- 
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org

    

[yast-commit] r48796 - in /branches/research/web-service/polkit-auth: ./ Makefile polkit.c polkit.h readme.txt

jsrain＠svn.opensuse.org