Author: lslezak Date: Tue Dec 20 09:57:14 2011 New Revision: 67034 URL: http://svn.opensuse.org/viewcvs/yast?rev=67034&view=rev Log: merged tmp/lslezak/dbus-server branch use the new polkit-1 instead of obsoleted PolicyKit Modified: trunk/dbus-server/ (props changed) trunk/dbus-server/configure.in.in trunk/dbus-server/src/liby2dbus/src/DBusServerBase.cc trunk/dbus-server/src/liby2dbus/src/PolKit.cc trunk/dbus-server/src/liby2dbus/src/PolKit.h trunk/dbus-server/src/services/SCR_service/Makefile.am trunk/dbus-server/src/services/SCR_service/SCR_dbus_server.cc trunk/dbus-server/src/services/SCR_service/org.opensuse.yast.scr.policy trunk/dbus-server/src/services/namespace_service/src/Makefile.am trunk/dbus-server/src/services/namespace_service/src/org.opensuse.yast.module-manager.policy.in trunk/dbus-server/src/services/namespace_service/src/yast_modules_dbus_server.cc trunk/dbus-server/yast2-dbus-server.spec.in Modified: trunk/dbus-server/configure.in.in URL: http://svn.opensuse.org/viewcvs/yast/trunk/dbus-server/configure.in.in?rev=6... ============================================================================== --- trunk/dbus-server/configure.in.in (original) +++ trunk/dbus-server/configure.in.in Tue Dec 20 09:57:14 2011 @@ -23,16 +23,16 @@ [policykit=yes]) if test "x${policykit}" == xyes ; then - PKG_CHECK_MODULES(POLKIT, [ polkit-dbus >= 0.7 ], + PKG_CHECK_MODULES(POLKIT, [ polkit-gobject-1 ], [ HAVE_POLKIT=1 AC_DEFINE([HAVE_POLKIT], 1, [Have PolicyKit]) - policydir=`pkg-config polkit-dbus --variable prefix`/share/PolicyKit/policy/ + policydir=`pkg-config polkit-gobject-1 --variable policydir` AC_SUBST(policydir) ], [ HAVE_POLKIT=0 - AC_MSG_ERROR([*** PolicyKit support not found, install PolicyKit-devel: 'zypper in PolicyKit-devel' or libpolkit-dbus-dev.deb]) + AC_MSG_ERROR([*** PolicyKit support not found, install polkit-devel: 'zypper in polkit-devel' or libpolkit-gobject-1-dev.deb]) ]) else HAVE_POLKIT=0 Modified: trunk/dbus-server/src/liby2dbus/src/DBusServerBase.cc URL: http://svn.opensuse.org/viewcvs/yast/trunk/dbus-server/src/liby2dbus/src/DBu... ============================================================================== --- trunk/dbus-server/src/liby2dbus/src/DBusServerBase.cc (original) +++ trunk/dbus-server/src/liby2dbus/src/DBusServerBase.cc Tue Dec 20 09:57:14 2011 @@ -261,11 +261,6 @@ DBusError dbus_error; dbus_error_init(&dbus_error); -#ifdef HAVE_POLKIT - // check for changes in policykit config - policykit.checkPolkitChanges(); -#endif - // check the policy using PolicyKit, the check is disabled in the test mode if (test_mode || isActionAllowed(request, &dbus_error)) { Modified: trunk/dbus-server/src/liby2dbus/src/PolKit.cc URL: http://svn.opensuse.org/viewcvs/yast/trunk/dbus-server/src/liby2dbus/src/Pol... ============================================================================== --- trunk/dbus-server/src/liby2dbus/src/PolKit.cc (original) +++ trunk/dbus-server/src/liby2dbus/src/PolKit.cc Tue Dec 20 09:57:14 2011 @@ -7,115 +7,17 @@ #include <ycp/y2log.h> -#include<map> - -extern "C" -{ -#include <sys/select.h> -#include <errno.h> -} - -#include <cstring> - -typedef std::map<PolKitContext *, PolKit*> PolKitMapping; - -// PolKitContext * -> PolKit * mapping -// for routing the policykit callbacks to the correct PolKit object -PolKitMapping polkit_mapping; - -PolKit* findPolKitObj(PolKitContext *context) -{ - PolKitMapping::const_iterator it = polkit_mapping.find(context); - - if (it == polkit_mapping.end()) - { - y2error("Cannot find PolKit object for PolKitContext %p", context); - return NULL; - } - else - { - return it->second; - } -} - -static void _polkitConfigChanged(PolKitContext *context, void *data) -{ - y2debug("PolicyKit context %p has been changed", context); - - PolKit *pk = findPolKitObj(context); - - if (pk != NULL) - { - pk->configChanged(); - } -} - -static int _polkitIOAddWatch(PolKitContext *context, int fd) -{ - y2debug("PolicyKit context %p: adding IO watch: %d", context, fd); - - PolKit *pk = findPolKitObj(context); - - if (pk == NULL) - { - return 0; - } - else - { - pk->addWatch(fd); - } - - // TODO: Polkit doc says the result must be unique ID, is this OK?? - return fd; -} - -static void _polkitIORemoveWatch(PolKitContext *context, int fd) -{ - y2debug("PolicyKit context %p removing IO watch: %d", context, fd); - - PolKit *pk = findPolKitObj(context); - - if (pk != NULL) - { - pk->removeWatch(fd); - } -} +#include <map> PolKit::PolKit() { - context = polkit_context_new(); - - // add object mapping - polkit_mapping.insert(std::make_pair(context, this)); - - // set PolicyKit config change callback - polkit_context_set_config_changed(context, _polkitConfigChanged, NULL); - - // set PolicyKit config watch callbacks - polkit_context_set_io_watch_functions(context, _polkitIOAddWatch, _polkitIORemoveWatch); - - PolKitError *polkit_error = NULL; - polkit_context_init(context, &polkit_error); - - if (polkit_error) - { - y2error("PolicyKit error: %s: %s", polkit_error_get_error_name(polkit_error), - polkit_error_get_error_message(polkit_error)); - - polkit_error_free(polkit_error); - } - - select_timeout.tv_sec = 0; - select_timeout.tv_usec = 0; + pk_authority = polkit_authority_get(); } PolKit::~PolKit() { - // release this object from mapping - polkit_mapping.erase(context); - - // release the PolKitContext object - polkit_context_unref(context); + // release the PolkitAuthority object + g_object_unref(pk_authority); } @@ -123,60 +25,38 @@ { y2debug("Checking action %s from %s", action_id.c_str(), dbus_caller.c_str()); - PolKitCaller *pk_caller = polkit_caller_new_from_dbus_name(con, dbus_caller.c_str(), err); - - if (dbus_error_is_set(err)) - { - // PolKit sometimes sets the error even if the PolKitCaller object has been successfully returned - // see bnc#439150 - if (pk_caller == NULL) - { - y2error ("DBus error: creating PolKitCaller object failed: %s: %s", err->name, err->message); - return false; - } - else - { - // reset the error flag, no error - dbus_error_free(err); - } - } + PolkitSubject *pk_subject = polkit_system_bus_name_new(dbus_caller.c_str()); - if (pk_caller == NULL) + if (pk_subject == NULL) { - y2error("PolKitCaller is NULL!"); + y2error("PolkitSubject is NULL!"); return false; } - PolKitAction *pk_action = polkit_action_new(); - polkit_action_set_action_id (pk_action, action_id.c_str()); + GError *polkit_error = NULL; - PolKitError *polkit_error = NULL; - PolKitResult pk_result = polkit_context_is_caller_authorized( - context, pk_action, pk_caller, TRUE, &polkit_error); - - y2debug("polkit_context_is_caller_authorized() result: %s", polkit_result_to_string_representation(pk_result)); - - if (pk_result != POLKIT_RESULT_YES) - { - if (!polkit_dbus_error_generate(pk_action, pk_result, err)) - { - y2error("Cannot set DBus error from PolicyKit result"); - } - } + PolkitAuthorizationResult *pk_result = polkit_authority_check_authorization_sync( + pk_authority, pk_subject, action_id.c_str(), NULL, POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE, NULL, &polkit_error); - polkit_action_unref (pk_action); + g_object_unref(pk_subject); if (polkit_error) { - y2error("PolicyKit error: %s: %s", polkit_error_get_error_name(polkit_error), - polkit_error_get_error_message(polkit_error)); + y2error("polkit error: %s", polkit_error->message); - polkit_error_free(polkit_error); + // set a DBus error here + dbus_set_error(err, "%s:%s", action_id.c_str(), polkit_error->message); + + g_error_free(polkit_error); } - polkit_caller_unref(pk_caller); + // remember the result before freeing the object + bool result = polkit_authorization_result_get_is_authorized(pk_result); + + // free the result object + g_object_unref(pk_result); - return pk_result == POLKIT_RESULT_YES; + return result; } std::string PolKit::makeValidActionID(const std::string &s) @@ -245,94 +125,26 @@ bool PolKit::isValidActionID(const std::string &action) { - return polkit_action_validate_id(action.c_str()); -} - - -// check the registered file descriptors here, -// if there is something to read then call -// polkit_context_io_func(context, ready_fd) -// to process the changes by PolicyKit -// -// this method must be called from the main loop - -void PolKit::checkPolkitChanges() -{ - y2debug("Checking changes in PolicyKit config..."); - - // filedescriptor set - fd_set rfds; + int str_size = action.size(); - // init to empty set - FD_ZERO(&rfds); + // action ID must not exceed 255 characters + if (str_size > 255) return false; - int max_fd = -1; + // only lower case ASCII characters, numbers, period (.) and hyphen (-) + // are allowed in action ID (see man polkit) - for(WatchListType::const_iterator it = fd_watch_list.begin(); - it != fd_watch_list.end(); - ++it) + int idx = 0; + while (idx < str_size) { - // add the FD to the watch set - FD_SET(*it, &rfds); - - if (max_fd < *it) + char ch = action[idx]; + if (!(islower(ch) || isdigit(ch) || ch == '.' || ch == '-')) { - max_fd = *it; + return false; } - } - - // check whether there is something to read, timeout is 0 (return immediately) - int retval = ::select(max_fd + 1, &rfds, NULL, NULL, &select_timeout); - y2debug("select() result: %d", retval); - - // error? - if (retval == -1) - { - y2error("Error in select() call: %s", ::strerror(errno)); + idx++; } - // data available? - else if (retval > 0) - { - for(WatchListType::const_iterator it = fd_watch_list.begin(); - it != fd_watch_list.end(); - ++it) - { - // check the FD in the result - if (FD_ISSET(*it, &rfds)) - { - y2debug("File descriptor %d has data available", *it); - // call the PolicyKit IO handler - // (the config changed callbacked will be called - // if the config has been changed) - polkit_context_io_func(context, *it); - } - } - } + return true; } -void PolKit::addWatch(int fd) -{ - y2milestone("Adding Polkit watch fd: %d", fd); - - // add the fd to the internal list - fd_watch_list.push_back(fd); - - y2debug("%zd file descriptors in the watch list", fd_watch_list.size()); -} - -void PolKit::removeWatch(int fd) -{ - y2milestone("Removing Polkit watch fd: %d", fd); - - // remove the fd from the internal list - fd_watch_list.remove_if(std::bind2nd(std::equal_to<int>(), fd)); - - y2debug("%zd file descriptors in the watch list", fd_watch_list.size()); -} - -void PolKit::configChanged() -{ - y2milestone("PolicyKit config has been changed"); -} Modified: trunk/dbus-server/src/liby2dbus/src/PolKit.h URL: http://svn.opensuse.org/viewcvs/yast/trunk/dbus-server/src/liby2dbus/src/Pol... ============================================================================== --- trunk/dbus-server/src/liby2dbus/src/PolKit.h (original) +++ trunk/dbus-server/src/liby2dbus/src/PolKit.h Tue Dec 20 09:57:14 2011 @@ -11,12 +11,7 @@ #include <list> #include <dbus/dbus.h> -#include <polkit-dbus/polkit-dbus.h> - -extern "C" -{ -#include <sys/time.h> -} +#include <polkit/polkit.h> class PolKit { @@ -28,11 +23,7 @@ bool isDBusUserAuthorized(const std::string &action_id, const std::string &dbus_caller, DBusConnection *con, DBusError*err); - void checkPolkitChanges(); - void addWatch(int fd); - void removeWatch(int fd); - void configChanged(); static std::string createActionId(const std::string &prefix, const std::string &path, const std::string &method, const std::string &arg = std::string(), @@ -44,15 +35,7 @@ private: - PolKitContext *context; - - typedef std::list<int> WatchListType; - - WatchListType fd_watch_list; - - // select() timeout (set to 0 to return immediately) - struct timeval select_timeout; - + PolkitAuthority *pk_authority; }; #endif Modified: trunk/dbus-server/src/services/SCR_service/Makefile.am URL: http://svn.opensuse.org/viewcvs/yast/trunk/dbus-server/src/services/SCR_serv... ============================================================================== --- trunk/dbus-server/src/services/SCR_service/Makefile.am (original) +++ trunk/dbus-server/src/services/SCR_service/Makefile.am Tue Dec 20 09:57:14 2011 @@ -21,12 +21,13 @@ SCR_dbus_server_LDADD = ${AGENT_LIBADD} $(top_builddir)/src/liby2dbus/src/liby2dbus.la -lycp -ly2 -ly2util ${libdir}/YaST2/plugin/libpy2scr.la # PolicyKit defaults -polkit_policiesdir = `pkg-config --print-errors --variable policydir polkit` +polkit_policiesdir = `pkg-config --print-errors --variable policydir polkit-gobject-1` polkit_policies_DATA = org.opensuse.yast.scr.policy # validate the policy files in 'make check' target check-local: - polkit-policy-file-validate $(polkit_policies_DATA) +# TODO FIXME: temporarily disabled, polkit-policy-file-validate is part of deprecated package PolicyKit.rpm +# polkit-policy-file-validate $(polkit_policies_DATA) if type ruby; then \ ruby test_SCR_dbus_server.rb; \ else \ Modified: trunk/dbus-server/src/services/SCR_service/SCR_dbus_server.cc URL: http://svn.opensuse.org/viewcvs/yast/trunk/dbus-server/src/services/SCR_serv... ============================================================================== --- trunk/dbus-server/src/services/SCR_service/SCR_dbus_server.cc (original) +++ trunk/dbus-server/src/services/SCR_service/SCR_dbus_server.cc Tue Dec 20 09:57:14 2011 @@ -9,6 +9,8 @@ int main(int argc, char **argv) { + // needed by libpolkit + g_type_init(); DBusServer server; Modified: trunk/dbus-server/src/services/SCR_service/org.opensuse.yast.scr.policy URL: http://svn.opensuse.org/viewcvs/yast/trunk/dbus-server/src/services/SCR_serv... ============================================================================== --- trunk/dbus-server/src/services/SCR_service/org.opensuse.yast.scr.policy (original) +++ trunk/dbus-server/src/services/SCR_service/org.opensuse.yast.scr.policy Tue Dec 20 09:57:14 2011 @@ -13,7 +13,7 @@ <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> - <allow_active>auth_admin_keep_session</allow_active> + <allow_active>auth_admin</allow_active> </defaults> </action> @@ -24,7 +24,7 @@ <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> - <allow_active>auth_admin_keep_session</allow_active> + <allow_active>auth_admin</allow_active> </defaults> </action> @@ -35,7 +35,7 @@ <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> - <allow_active>auth_admin_keep_session</allow_active> + <allow_active>auth_admin</allow_active> </defaults> </action> @@ -46,7 +46,7 @@ <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> - <allow_active>auth_admin_keep_session</allow_active> + <allow_active>auth_admin</allow_active> </defaults> </action> @@ -57,7 +57,7 @@ <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> - <allow_active>auth_admin_keep_session</allow_active> + <allow_active>auth_admin</allow_active> </defaults> </action> @@ -68,7 +68,7 @@ <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> - <allow_active>auth_admin_keep_session</allow_active> + <allow_active>auth_admin</allow_active> </defaults> </action> @@ -79,7 +79,7 @@ <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> - <allow_active>auth_admin_keep_session</allow_active> + <allow_active>auth_admin</allow_active> </defaults> </action> @@ -90,7 +90,7 @@ <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> - <allow_active>auth_admin_keep_session</allow_active> + <allow_active>auth_admin</allow_active> </defaults> </action> @@ -101,7 +101,7 @@ <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> - <allow_active>auth_admin_keep_session</allow_active> + <allow_active>auth_admin</allow_active> </defaults> </action> @@ -112,7 +112,7 @@ <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> - <allow_active>auth_admin_keep_session</allow_active> + <allow_active>auth_admin</allow_active> </defaults> </action> Modified: trunk/dbus-server/src/services/namespace_service/src/Makefile.am URL: http://svn.opensuse.org/viewcvs/yast/trunk/dbus-server/src/services/namespac... ============================================================================== --- trunk/dbus-server/src/services/namespace_service/src/Makefile.am (original) +++ trunk/dbus-server/src/services/namespace_service/src/Makefile.am Tue Dec 20 09:57:14 2011 @@ -20,12 +20,13 @@ yast_modules_dbus_server_LDADD = ${AGENT_LIBADD} $(top_builddir)/src/liby2dbus/src/liby2dbus.la -lycp -ly2 -ly2util ${libdir}/YaST2/plugin/libpy2wfm.la # PolicyKit defaults -polkit_policiesdir = `pkg-config --print-errors --variable policydir polkit` +polkit_policiesdir = `pkg-config --print-errors --variable policydir polkit-gobject-1` polkit_policies_DATA = org.opensuse.yast.module-manager.policy +# TODO FIXME: temporarily disabled, polkit-policy-file-validate is part of deprecated package PolicyKit.rpm # validate the policy files in 'make check' target -check-local: - polkit-policy-file-validate $(polkit_policies_DATA) +#check-local: +# polkit-policy-file-validate $(polkit_policies_DATA) # service activation config Modified: trunk/dbus-server/src/services/namespace_service/src/org.opensuse.yast.module-manager.policy.in URL: http://svn.opensuse.org/viewcvs/yast/trunk/dbus-server/src/services/namespac... ============================================================================== --- trunk/dbus-server/src/services/namespace_service/src/org.opensuse.yast.module-manager.policy.in (original) +++ trunk/dbus-server/src/services/namespace_service/src/org.opensuse.yast.module-manager.policy.in Tue Dec 20 09:57:14 2011 @@ -13,7 +13,7 @@ <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> - <allow_active>auth_admin_keep_session</allow_active> + <allow_active>auth_admin</allow_active> </defaults> </action> @@ -24,7 +24,7 @@ <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> - <allow_active>auth_admin_keep_session</allow_active> + <allow_active>auth_admin</allow_active> </defaults> </action> Modified: trunk/dbus-server/src/services/namespace_service/src/yast_modules_dbus_server.cc URL: http://svn.opensuse.org/viewcvs/yast/trunk/dbus-server/src/services/namespac... ============================================================================== --- trunk/dbus-server/src/services/namespace_service/src/yast_modules_dbus_server.cc (original) +++ trunk/dbus-server/src/services/namespace_service/src/yast_modules_dbus_server.cc Tue Dec 20 09:57:14 2011 @@ -53,6 +53,9 @@ return 1; } + // needed by libpolkit + g_type_init(); + DBusModulesServer server(modules, test_mode); bool connected = server.connect(); Modified: trunk/dbus-server/yast2-dbus-server.spec.in URL: http://svn.opensuse.org/viewcvs/yast/trunk/dbus-server/yast2-dbus-server.spe... ============================================================================== --- trunk/dbus-server/yast2-dbus-server.spec.in (original) +++ trunk/dbus-server/yast2-dbus-server.spec.in Tue Dec 20 09:57:14 2011 @@ -19,7 +19,9 @@ BuildRequires: sgml-skel # for SCR DBus service -BuildRequires: dbus-1-devel dbus-1-x11 PolicyKit-devel libxcrypt-devel +BuildRequires: dbus-1-devel dbus-1-x11 polkit-devel libxcrypt-devel +# its tests +BuildRequires: dbus-1-python python-devel # its tests BuildRequires: dbus-1-python python-devel @@ -65,13 +67,13 @@ /usr/share/dbus-1/system-services/org.opensuse.yast.SCR.service %config /etc/dbus-1/system.d/org.opensuse.yast.SCR.conf # PolicyKit default policies -/usr/share/PolicyKit/policy/org.opensuse.yast.scr.policy +/usr/share/polkit-1/actions/org.opensuse.yast.scr.policy # DBus namespace service @ybindir@/yast_modules_dbus_server /usr/share/dbus-1/system-services/org.opensuse.YaST.modules.service %config /etc/dbus-1/system.d/org.opensuse.YaST.modules.conf -/usr/share/PolicyKit/policy/org.opensuse.yast.module-manager.policy +/usr/share/polkit-1/actions/org.opensuse.yast.module-manager.policy %doc @docdir@ -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org