Author: jsrain
Date: Thu Jul 3 10:43:00 2008
New Revision: 48796
URL: http://svn.opensuse.org/viewcvs/yast?rev=48796&view=rev
Log:
added jreidinger's modified polkit authentication binding
Added:
branches/research/web-service/polkit-auth/
branches/research/web-service/polkit-auth/Makefile
branches/research/web-service/polkit-auth/polkit.c
branches/research/web-service/polkit-auth/polkit.h
branches/research/web-service/polkit-auth/readme.txt
Added: branches/research/web-service/polkit-auth/Makefile
URL: http://svn.opensuse.org/viewcvs/yast/branches/research/web-service/polkit-auth/Makefile?rev=48796&view=auto
==============================================================================
--- branches/research/web-service/polkit-auth/Makefile (added)
+++ branches/research/web-service/polkit-auth/Makefile Thu Jul 3 10:43:00 2008
@@ -0,0 +1,5 @@
+polkitbind.so: polkit.c
+ gcc -fPIC -rdynamic -L/lib64 -lpython2.5 -ldbus-1 -lpolkit -lpolkit-dbus -I/usr/include/python -I/usr/include/PolicyKit -I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include -shared -o polkitbind.so polkit.c
+
+install: polkitbind.so
+ cp $? /usr/lib64/python/site-packages/
Added: branches/research/web-service/polkit-auth/polkit.c
URL: http://svn.opensuse.org/viewcvs/yast/branches/research/web-service/polkit-auth/polkit.c?rev=48796&view=auto
==============================================================================
--- branches/research/web-service/polkit-auth/polkit.c (added)
+++ branches/research/web-service/polkit-auth/polkit.c Thu Jul 3 10:43:00 2008
@@ -0,0 +1,175 @@
+
+/*
+ check function
+*/
+
+#include
+#include
+
+#include
+#include
+
+#include
+
+#include "polkit.h"
+
+#include
+#include
+
+#define SCRIPT_FILE "polkitwrapper.py"
+
+int polkit_check(const char *action_id, const char *user) {
+
+ int ret = -1;
+ DBusError dbus_error;
+ DBusConnection *bus = NULL;
+ PolKitCaller *caller = NULL;
+ PolKitAction *action = NULL;
+ PolKitContext *context = NULL;
+ PolKitError *polkit_error = NULL;
+ PolKitSession *session = NULL;
+ PolKitResult polkit_result;
+
+ dbus_error_init(&dbus_error);
+
+ if (!(bus = dbus_bus_get(DBUS_BUS_SYSTEM, &dbus_error))) {
+ goto finish;
+ }
+
+ if (!(caller = polkit_caller_new_from_pid(bus, getpid(), &dbus_error))) {
+ goto finish;
+ }
+
+ /* This function is called when PulseAudio is called SUID root. We
+ * want to authenticate the real user that called us and not the
+ * effective user we gained through being SUID root. Hence we
+ * overwrite the UID caller data here explicitly, just for
+ * paranoia. In fact PolicyKit should fill in the UID here anyway
+ * -- an not the EUID or any other user id. */
+
+ struct passwd *passwd = getpwnam(user);
+ uid_t uid = passwd->pw_uid;
+ if (!(polkit_caller_set_uid(caller, uid))) {
+ goto finish;
+ }
+
+ if (!(polkit_caller_get_ck_session(caller, &session)))
+ {
+ goto finish;
+ }
+
+
+ if (session!=NULL)
+ {
+ /* We need to overwrite the UID in both the caller and the session
+ * object */
+ if (!(polkit_session_set_uid(session, getuid()))) {
+ goto finish;
+ }
+ }
+
+ if (!(action = polkit_action_new())) {
+ goto finish;
+ }
+
+ if (!polkit_action_set_action_id(action, action_id)) {
+ goto finish;
+ }
+
+ if (!(context = polkit_context_new())) {
+ goto finish;
+ }
+
+ if (!polkit_context_init(context, &polkit_error)) {
+ goto finish;
+ }
+
+ polkit_result = polkit_context_is_caller_authorized(context, action, caller, FALSE, &polkit_error);
+
+ if (polkit_error_is_set(polkit_error)) {
+ goto finish;
+ }
+
+ //printf("Action: %s Result: %s\n", action_id, polkit_result_to_string_representation(polkit_result));
+
+ switch (polkit_result)
+ {
+ case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH:
+ case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION:
+ case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS:
+ case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT:
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH:
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION:
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS:
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT:
+ ret = -2;
+ break;
+ case POLKIT_RESULT_YES:
+ ret = 0;
+ break;
+ case POLKIT_RESULT_NO:
+ ret = -3;
+ break;
+ default:
+ ; //handle new value in polkit
+ break;
+ }
+
+finish:
+
+ if (caller)
+ polkit_caller_unref(caller);
+
+ if (action)
+ polkit_action_unref(action);
+
+ if (context)
+ polkit_context_unref(context);
+
+ if (bus)
+ dbus_connection_unref(bus);
+
+ dbus_error_free(&dbus_error);
+
+ if (polkit_error)
+ polkit_error_free(polkit_error);
+
+ return ret;
+}
+
+
+PyObject* checkWrap(PyObject* self, PyObject* args)
+{
+ PyObject* pResult;
+ int result;
+ char* arg_text;
+ char* arg_user;
+
+ PyArg_ParseTuple(args, "ss", &arg_text, &arg_user);
+
+ result = polkit_check(arg_text, arg_user);
+ pResult = Py_BuildValue("i", result);
+
+ return pResult;
+}
+
+static PyMethodDef methods[] = {
+ {"checkPolicyLow", checkWrap, METH_VARARGS, "policy kit wrapper"},
+ {NULL, NULL, 0, NULL}
+ };
+
+PyMODINIT_FUNC
+initpolkitbind(void)
+{
+ Py_InitModule("polkitbind",methods);
+}
+
+int main(int argc, char *argv[])
+{
+ Py_SetProgramName(argv[0]);
+ Py_Initialize();
+ initpolkitbind();
+
+ Py_Finalize();
+ return 0;
+}
Added: branches/research/web-service/polkit-auth/polkit.h
URL: http://svn.opensuse.org/viewcvs/yast/branches/research/web-service/polkit-auth/polkit.h?rev=48796&view=auto
==============================================================================
--- branches/research/web-service/polkit-auth/polkit.h (added)
+++ branches/research/web-service/polkit-auth/polkit.h Thu Jul 3 10:43:00 2008
@@ -0,0 +1,13 @@
+/* $Id$ */
+
+#ifndef polkith
+#define polkith
+
+/**
+ * checks if user can provide action
+ * \param action action which user want do
+ * \return 0 if user have permision, -1 if error occured, -2 if authorization required and -3 if permision denied
+ */
+int polkit_check(const char *action, const char* user);
+
+#endif
Added: branches/research/web-service/polkit-auth/readme.txt
URL: http://svn.opensuse.org/viewcvs/yast/branches/research/web-service/polkit-auth/readme.txt?rev=48796&view=auto
==============================================================================
--- branches/research/web-service/polkit-auth/readme.txt (added)
+++ branches/research/web-service/polkit-auth/readme.txt Thu Jul 3 10:43:00 2008
@@ -0,0 +1,12 @@
+you must have setted yast_service projekt
+then use 'make install'
+
+/usr/share/dbus-1/system-services/org.opensuse.YaST.Auth.service
+in config dir
+/etc/dbus-1/system.d/yast.conf
+/etc/dbus-1/system.d/yastproxy.conf
+in config dir
+
+How to run:
+./test.py
+
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org