Author: lslezak Date: Wed Feb 11 14:15:40 2009 New Revision: 55414 URL: http://svn.opensuse.org/viewcvs/yast?rev=55414&view=rev Log: - DBus service - added org.opensuse.yast.modules.policy file, added "Lock" and "Unlock" methonds to ModuleManager interface, obtain PolicyKit authorization when PolicyKit result is POLKIT_RESULT_ONLY_VIA_*_AUTH_* Added: branches/tmp/lslezak/core/dbus/namespace_service/org.opensuse.yast.modules.policy Modified: branches/tmp/lslezak/core/dbus/namespace_service/DBusModulesServer.cc branches/tmp/lslezak/core/dbus/namespace_service/Makefile.am branches/tmp/lslezak/core/dbus/namespace_service/Yast_dbus_server.cc branches/tmp/lslezak/core/liby2dbus/src/DBusCaller.cc branches/tmp/lslezak/core/liby2dbus/src/DBusServerBase.cc branches/tmp/lslezak/core/liby2dbus/src/DBusServerBase.h branches/tmp/lslezak/core/liby2dbus/src/PolKit.cc Modified: branches/tmp/lslezak/core/dbus/namespace_service/DBusModulesServer.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/tmp/lslezak/core/dbus/namespac... ============================================================================== --- branches/tmp/lslezak/core/dbus/namespace_service/DBusModulesServer.cc (original) +++ branches/tmp/lslezak/core/dbus/namespace_service/DBusModulesServer.cc Wed Feb 11 14:15:40 2009 @@ -223,6 +223,11 @@ // register the manager object: register_function(object, interface, method, signature, handler) register_method("", "org.opensuse.yast.modules.ModuleManager", "Import", sig, manager_callback); + + DBusSignature void_sig; + // register the manager object: register_function(object, interface, method, signature, handler) + register_method("", "org.opensuse.yast.modules.ModuleManager", "Unlock", void_sig, manager_callback); + register_method("", "org.opensuse.yast.modules.ModuleManager", "Lock", void_sig, manager_callback); } std::string DBusModulesServer::Y2Dtype(constTypePtr type) const @@ -517,7 +522,7 @@ std::string object(request.path()); std::string interface(request.interface()); - y2internal("ModuleManager request: object: %s, method: %s, interface: %s", + y2milestone("ModuleManager request: object: %s, method: %s, interface: %s", object.c_str(), method.c_str(), interface.c_str()); YCPValue ret; @@ -566,6 +571,14 @@ y2error("ModuleManager function %s got %d parameters instead of 1", method.c_str(), request.arguments()); } } + else if (method == "Unlock") + { + unregister_client(request.sender()); + } + else if (method == "Lock") + { + register_client(request.sender()); + } } } @@ -583,16 +596,25 @@ std::string DBusModulesServer::createActionId(const DBusMsg &msg) { // actionId: <prefix>.<namespace>.<method> - std::string ret("org.opensuse.yast.modules"); + std::string ret(msg.interface() == "org.opensuse.yast.modules.ModuleManager" + ? "org.opensuse.yast.module_manager" : "org.opensuse.yast.modules"); std::string obj(msg.path()); - if (!obj.empty() && obj[0] == '/') + if (!obj.empty()) { - obj.erase(obj.begin()); + if (obj[0] == '/') + { + obj.erase(obj.begin()); + } + + if (!obj.empty()) + { + ret += '.' + obj; + } } - ret += '.' + obj + '.' + msg.method(); + ret += '.' + msg.method(); if (!PolKit::isValidActionID(ret)) { Modified: branches/tmp/lslezak/core/dbus/namespace_service/Makefile.am URL: http://svn.opensuse.org/viewcvs/yast/branches/tmp/lslezak/core/dbus/namespac... ============================================================================== --- branches/tmp/lslezak/core/dbus/namespace_service/Makefile.am (original) +++ branches/tmp/lslezak/core/dbus/namespace_service/Makefile.am Wed Feb 11 14:15:40 2009 @@ -2,9 +2,9 @@ # Makefile.am for dbus/service # -EXTRA_DIST=org.opensuse.yast.modules.service.in org.opensuse.yast.modules.conf.in +EXTRA_DIST=org.opensuse.yast.modules.service.in org.opensuse.yast.modules.conf.in org.opensuse.yast.modules.policy -AM_CXXFLAGS = -DY2LOG="SCR-service" -DSUSEVERSION="${SUSEVERSION}" +AM_CXXFLAGS = -DY2LOG="DBus-service" -DSUSEVERSION="${SUSEVERSION}" INCLUDES = ${AGENT_INCLUDES} @@ -16,6 +16,14 @@ Yast_dbus_server_LDADD = ${AGENT_LIBADD} $(top_builddir)/liby2dbus/src/liby2dbus.la $(top_builddir)/scr/src/libpy2scr.la $(top_builddir)/wfm/src/libpy2wfm.la +# PolicyKit defaults +polkit_policiesdir = `pkg-config --print-errors --variable policydir polkit` +polkit_policies_DATA = org.opensuse.yast.modules.policy + +# validate the policy files in 'make check' target +check-local: + polkit-policy-file-validate $(polkit_policies_DATA) + # service activation config Modified: branches/tmp/lslezak/core/dbus/namespace_service/Yast_dbus_server.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/tmp/lslezak/core/dbus/namespac... ============================================================================== --- branches/tmp/lslezak/core/dbus/namespace_service/Yast_dbus_server.cc (original) +++ branches/tmp/lslezak/core/dbus/namespace_service/Yast_dbus_server.cc Wed Feb 11 14:15:40 2009 @@ -43,6 +43,7 @@ { y2error ("Usage: %s [--disable-timer] namespace <namespace> <namespace>....", argv[0]); std::cerr << "Usage: " << argv[0] << " [--disable-timer] namespace <namespace> <namespace>..." << std::endl; + std::cerr << " --disable-timer Disable automatic shutdown of the service, useful for debugging\n"; return 1; } Added: branches/tmp/lslezak/core/dbus/namespace_service/org.opensuse.yast.modules.policy URL: http://svn.opensuse.org/viewcvs/yast/branches/tmp/lslezak/core/dbus/namespac... ============================================================================== --- branches/tmp/lslezak/core/dbus/namespace_service/org.opensuse.yast.modules.policy (added) +++ branches/tmp/lslezak/core/dbus/namespace_service/org.opensuse.yast.modules.policy Wed Feb 11 14:15:40 2009 @@ -0,0 +1,43 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" + "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd"> + +<policyconfig> + <vendor>Novell, Inc.</vendor> + <vendor_url>http://www.novell.com</vendor_url> + + <action id="org.opensuse.yast.module-manager.import"> + <description>Import a Yast name space into the Yast DBus service</description> + <message>System policy prevents the Yast DBus service from importing an Yast name space and make it available on DBus</message> + + <defaults> + <allow_any>no</allow_any> + <allow_inactive>no</allow_inactive> + <allow_active>auth_admin_keep_session</allow_active> + </defaults> + </action> + + <action id="org.opensuse.yast.module-manager.lock"> + <description>Lock the Yast DBus service by application</description> + <message>System policy prevents applications from locking the Yast DBus service.</message> + + <defaults> + <allow_any>no</allow_any> + <allow_inactive>no</allow_inactive> + <allow_active>auth_admin_keep_session</allow_active> + </defaults> + </action> + + <action id="org.opensuse.yast.module-manager.unlock"> + <description>Unlock the Yast DBus service by application</description> + <message>System policy prevents applications from unlocking the Yast DBus service.</message> + + <defaults> + <allow_any>no</allow_any> + <allow_inactive>no</allow_inactive> + <allow_active>auth_admin_keep_session</allow_active> + </defaults> + </action> + +</policyconfig> + Modified: branches/tmp/lslezak/core/liby2dbus/src/DBusCaller.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/tmp/lslezak/core/liby2dbus/src... ============================================================================== --- branches/tmp/lslezak/core/liby2dbus/src/DBusCaller.cc (original) +++ branches/tmp/lslezak/core/liby2dbus/src/DBusCaller.cc Wed Feb 11 14:15:40 2009 @@ -49,7 +49,7 @@ y2internal("Unexpected type in PID reply %d (%c)", type, (char)type); } - y2milestone("Created DBusCaller with PID %d", pid); + y2debug("Created DBusCaller with PID %d", pid); } DBusCaller::~DBusCaller() Modified: branches/tmp/lslezak/core/liby2dbus/src/DBusServerBase.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/tmp/lslezak/core/liby2dbus/src... ============================================================================== --- branches/tmp/lslezak/core/liby2dbus/src/DBusServerBase.cc (original) +++ branches/tmp/lslezak/core/liby2dbus/src/DBusServerBase.cc Wed Feb 11 14:15:40 2009 @@ -467,3 +467,36 @@ // the inherited classes should redefine it return std::string(); } + +void DBusServerBase::unregister_client(const std::string &bus_id) +{ + Clients::iterator it = clients.find(bus_id); + + if (it != clients.end()) + { + y2milestone("Unregistering client %s", bus_id.c_str()); + clients.erase(it); + } +} + +void DBusServerBase::register_client(const std::string &bus_id) +{ + // remember the client + if (clients.find(bus_id) == clients.end()) + { + // insert the dbus name and PID + DBusCaller caller(bus_id, connection); + + // pid 0 = an error at DBus query + if (caller.getPid() > 0) + { + Clients::value_type new_client = make_pair(bus_id, caller); + y2milestone("Registered a new client %s (pid %d)", bus_id.c_str(), caller.getPid()); + clients.insert(new_client); + } + else + { + y2error("Cannot register client %s, pid query failed", bus_id.c_str()); + } + } +} Modified: branches/tmp/lslezak/core/liby2dbus/src/DBusServerBase.h URL: http://svn.opensuse.org/viewcvs/yast/branches/tmp/lslezak/core/liby2dbus/src... ============================================================================== --- branches/tmp/lslezak/core/liby2dbus/src/DBusServerBase.h (original) +++ branches/tmp/lslezak/core/liby2dbus/src/DBusServerBase.h Wed Feb 11 14:15:40 2009 @@ -47,6 +47,8 @@ typedef std::function<DBusMsg(const DBusMsg &)> methodHandler; void register_method(const Object &obj, const Interface &i, const Method &m, const DBusSignature &sig, methodHandler h); + void unregister_client(const std::string &bus_id); + void register_client(const std::string &bus_id); // create PolicyKit action ID for the received message virtual std::string createActionId(const DBusMsg &msg); Modified: branches/tmp/lslezak/core/liby2dbus/src/PolKit.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/tmp/lslezak/core/liby2dbus/src... ============================================================================== --- branches/tmp/lslezak/core/liby2dbus/src/PolKit.cc (original) +++ branches/tmp/lslezak/core/liby2dbus/src/PolKit.cc Wed Feb 11 14:15:40 2009 @@ -56,12 +56,51 @@ PolKitResult pk_result = polkit_context_is_caller_authorized( context, pk_action, pk_caller, TRUE, &polkit_error); - polkit_caller_unref (pk_caller); polkit_action_unref (pk_action); if (polkit_error) polkit_error_free(polkit_error); + if (pk_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH || + pk_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION || + pk_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS || + pk_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT || + pk_result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH || + pk_result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION || + pk_result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS || + pk_result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT + ) + { + y2milestone("Obtaining authorization: action: %s, caller: %s ...", action_id.c_str(), dbus_caller.c_str()); + + pid_t caller_pid; + + if (!polkit_caller_get_pid(pk_caller, &caller_pid)) + { + y2error("Error: polkit_caller_get_pid() failed"); + } + else + { + if (polkit_auth_obtain(action_id.c_str(), 0, caller_pid, &dbus_error)) + { + y2milestone("Authorization succeeded"); + pk_result = POLKIT_RESULT_YES; + } + else + { + y2milestone("Authorization failed"); + } + + if (dbus_error_is_set(&dbus_error)) + { + y2error("Error: polkit_auth_obtain(): %s", dbus_error.message); + dbus_error_free (&dbus_error); + } + } + } + + polkit_caller_unref(pk_caller); + return pk_result == POLKIT_RESULT_YES; } -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org