[yast-devel] DBus/PolicyKit support in Yast in openSUSE-11.1-Alpha1
Hi all! I'd like to inform you about a new feature in Yast in openSUSE-11.1-Alpha1. The feature allows you to configure role based access to yast. The current implementation is limited only to some yast functionality (the SCR part), e.g. it doesn't allow to install packages by a non-root user. WARNING: the DBus support is still in development state, it may be buggy or whatever else... I ask the brave people here to give it a try. See http://en.opensuse.org/YaST/DBus_Integration for more details. There is an example how to enable "time zone change" task for a non-root user. If you find any problem with the DBus integration report it to bugzilla.novell.com and assign the bug to me. Do not forget to attach also the non-root log file (described in the link above). -- Best Regards Ladislav Slezák Yast Developer ------------------------------------------------------------------------ SUSE LINUX, s.r.o. e-mail: lslezak@suse.cz Lihovarská 1060/12 tel: +420 284 028 960 190 00 Prague 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz/ -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
Hi, thank you for the documentation. In the last few days I have had a look into the DBUS-SCR interface and it has already worked very well. Then I have tried to connect this DBUS interface via Ruby without success cause I was not able to map the requested arguments correctly. ( Maybe due the lack of my ruby knowledges. Hm, but I have manged other DBUS interfaces e.g. org.freedesktop.ConsoleKit :-) ) I believe that our interface is too complex: Read ( STRUCT of (Boolean, STRING, VARIANT) path, STRUCT of (Boolean, STRING, VARIANT) arg, STRUCT of (Boolean, STRING, VARIANT) opt) Execute ( STRUCT of (Boolean, STRING, VARIANT) path, STRUCT of (Boolean, STRING, VARIANT) arg, STRUCT of (Boolean, STRING, VARIANT) opt) Write( STRUCT of (Boolean, STRING, VARIANT) path, STRUCT of (Boolean, STRING, VARIANT) arg, STRUCT of (Boolean, STRING, VARIANT) opt) The return values are not more clearlier: STRUCT of (Boolean, STRING, VARIANT) path, STRUCT of (Boolean, STRING, VARIANT) arg, STRUCT of (Boolean, STRING, VARIANT) opt, STRUCT of (Boolean, STRING, VARIANT) ret) Especial the VARIANT argument is not understandable by the user who uses this interface cause he does not know the internals. So, if we would like to use the SCR via DBUS in other applications ( e.g. a web-service server) we should simplify the interface. I would like to have an interface like: Read ( STRING path, STRING arg, STRING outputFormat) path: e.g. .sysconfig.console.CONSOLE_MAGIC arg: e.g. /etc/install.inf for the call SCR::Read (.target.size, "/etc/install.inf") outputFormat: XML, String, YaST, ... Execute ( STRING path, STRING command, STRING YaSTarg, STRING outputFormat) path: e.g. .target.bash command : e.g. "/bin/touch /etc/modprobe.d/tv" YaSTarg: Special YaST arguments like $[ "C_locale" : true, "env" : $[ "LC_ALL" : "en_US" ] ] outputFormat: XML, String, YaST, YaSTBinary, ... Write ( STRING path, STRING value ) The return value should always be a STRING with a special kind like XML, YaST, ... (defined in the arguments) The other possibility would be to take the complete argument list into one STRING: e.g. Write (".sysconfig.displaymanager.DISPLAYMANAGER_XSERVER, \"Xgl\") and parse it in the DBUS server. Would this be possible? It would increase the acceptance of the API. Are there other options ? I fear otherwise no one ( with the exception of YaST) would be able to use the SCR via DBUS. Martin, Ladislav what do you think about ? Greetings Stefan Ladislav Slezak schrieb:
Hi all!
I'd like to inform you about a new feature in Yast in openSUSE-11.1-Alpha1.
The feature allows you to configure role based access to yast. The current implementation is limited only to some yast functionality (the SCR part), e.g. it doesn't allow to install packages by a non-root user.
WARNING: the DBus support is still in development state, it may be buggy or whatever else... I ask the brave people here to give it a try.
See http://en.opensuse.org/YaST/DBus_Integration for more details. There is an example how to enable "time zone change" task for a non-root user.
If you find any problem with the DBus integration report it to bugzilla.novell.com and assign the bug to me. Do not forget to attach also the non-root log file (described in the link above).
--
Best Regards
Ladislav Slezák Yast Developer ------------------------------------------------------------------------ SUSE LINUX, s.r.o. e-mail: lslezak@suse.cz Lihovarská 1060/12 tel: +420 284 028 960 190 00 Prague 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz/
-- ******************************************************************************* Stefan Schubert SUSE LINUX GmbH - Maxfeldstrasse 5 - D-90409 Nuernberg, Germany e-mail: schubi@suse.de ------------------------------------------------------------------------------- SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
For example, this is an working access to the SCR: ----------------------------------- #!/usr/bin/ruby require "dbus" system_bus = DBus::SystemBus.instance # Get the yast service yast = system_bus.service("org.opensuse.yast.SCR") # Get the object from this service objYast = yast.object("/SCR") objYast.introspect puts objYast.interfaces poiSCR = DBus::ProxyObjectInterface.new(objYast, "org.opensuse.yast.SCR.Methods") poiSCR.define_method("Read", "in path:(bsv), in arg:(bsv), in opt:(bsv)") p poiSCR.Read([false, "path", ["s",".sysconfig.language.RC_LANG"] ], [false, "", ["s",""] ], [false, "", ["s",""] ]) main = DBus::Main.new main << system_bus main.run ------------------------------------------- This returns: org.opensuse.yast.SCR.Methods [[false, "string", "de_DE.UTF-8"]] By the way. The call is VERY fast. :-) So the reason for the slow YaST module has to be somewhere else. Greetings Stefan Stefan Schubert schrieb:
Hi, thank you for the documentation. In the last few days I have had a look into the DBUS-SCR interface and it has already worked very well.
Then I have tried to connect this DBUS interface via Ruby without success cause I was not able to map the requested arguments correctly. ( Maybe due the lack of my ruby knowledges. Hm, but I have manged other DBUS interfaces e.g. org.freedesktop.ConsoleKit :-) )
I believe that our interface is too complex:
Read ( STRUCT of (Boolean, STRING, VARIANT) path, STRUCT of (Boolean, STRING, VARIANT) arg, STRUCT of (Boolean, STRING, VARIANT) opt) Execute ( STRUCT of (Boolean, STRING, VARIANT) path, STRUCT of (Boolean, STRING, VARIANT) arg, STRUCT of (Boolean, STRING, VARIANT) opt) Write( STRUCT of (Boolean, STRING, VARIANT) path, STRUCT of (Boolean, STRING, VARIANT) arg, STRUCT of (Boolean, STRING, VARIANT) opt)
The return values are not more clearlier: STRUCT of (Boolean, STRING, VARIANT) path, STRUCT of (Boolean, STRING, VARIANT) arg, STRUCT of (Boolean, STRING, VARIANT) opt, STRUCT of (Boolean, STRING, VARIANT) ret)
Especial the VARIANT argument is not understandable by the user who uses this interface cause he does not know the internals.
So, if we would like to use the SCR via DBUS in other applications ( e.g. a web-service server) we should simplify the interface. I would like to have an interface like:
Read ( STRING path, STRING arg, STRING outputFormat) path: e.g. .sysconfig.console.CONSOLE_MAGIC arg: e.g. /etc/install.inf for the call SCR::Read (.target.size, "/etc/install.inf") outputFormat: XML, String, YaST, ...
Execute ( STRING path, STRING command, STRING YaSTarg, STRING outputFormat) path: e.g. .target.bash command : e.g. "/bin/touch /etc/modprobe.d/tv" YaSTarg: Special YaST arguments like $[ "C_locale" : true, "env" : $[ "LC_ALL" : "en_US" ] ] outputFormat: XML, String, YaST, YaSTBinary, ...
Write ( STRING path, STRING value )
The return value should always be a STRING with a special kind like XML, YaST, ... (defined in the arguments)
The other possibility would be to take the complete argument list into one STRING:
e.g. Write (".sysconfig.displaymanager.DISPLAYMANAGER_XSERVER, \"Xgl\") and parse it in the DBUS server.
Would this be possible? It would increase the acceptance of the API. Are there other options ? I fear otherwise no one ( with the exception of YaST) would be able to use the SCR via DBUS.
Martin, Ladislav what do you think about ?
Greetings Stefan
Ladislav Slezak schrieb:
Hi all!
I'd like to inform you about a new feature in Yast in openSUSE-11.1-Alpha1.
The feature allows you to configure role based access to yast. The current implementation is limited only to some yast functionality (the SCR part), e.g. it doesn't allow to install packages by a non-root user.
WARNING: the DBus support is still in development state, it may be buggy or whatever else... I ask the brave people here to give it a try.
See http://en.opensuse.org/YaST/DBus_Integration for more details. There is an example how to enable "time zone change" task for a non-root user.
If you find any problem with the DBus integration report it to bugzilla.novell.com and assign the bug to me. Do not forget to attach also the non-root log file (described in the link above).
--
Best Regards
Ladislav Slezák Yast Developer ------------------------------------------------------------------------ SUSE LINUX, s.r.o. e-mail: lslezak@suse.cz Lihovarská 1060/12 tel: +420 284 028 960 190 00 Prague 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz/
-- ******************************************************************************* Stefan Schubert SUSE LINUX GmbH - Maxfeldstrasse 5 - D-90409 Nuernberg, Germany e-mail: schubi@suse.de ------------------------------------------------------------------------------- SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
On Wed, Jul 30, 2008 at 01:02:36PM +0200, Stefan Schubert wrote:
I believe that our interface is too complex:
Read ( STRUCT of (Boolean, STRING, VARIANT) path, STRUCT of (Boolean, STRING, VARIANT) arg, STRUCT of (Boolean, STRING, VARIANT) opt) Execute ( STRUCT of (Boolean, STRING, VARIANT) path, STRUCT of (Boolean, STRING, VARIANT) arg, STRUCT of (Boolean, STRING, VARIANT) opt) Write( STRUCT of (Boolean, STRING, VARIANT) path, STRUCT of (Boolean, STRING, VARIANT) arg, STRUCT of (Boolean, STRING, VARIANT) opt)
The return values are not more clearlier: STRUCT of (Boolean, STRING, VARIANT) path, STRUCT of (Boolean, STRING, VARIANT) arg, STRUCT of (Boolean, STRING, VARIANT) opt, STRUCT of (Boolean, STRING, VARIANT) ret)
Yes, it is too complex. That is because the current SCR interface relies on the rich type set of YCP which is not available in DBus. For example the ini agent Write(.entry, "") writes entry="" while Write(.entry, nil) deletes the line. We figured it is better to release an early prototype than to modify the interface so that it uses only the simple DBus types.
Especial the VARIANT argument is not understandable by the user who uses this interface cause he does not know the internals.
So, if we would like to use the SCR via DBUS in other applications ( e.g. a web-service server) we should simplify the interface. I would like to have an interface like:
Read ( STRING path, STRING arg, STRING outputFormat) path: e.g. .sysconfig.console.CONSOLE_MAGIC arg: e.g. /etc/install.inf for the call SCR::Read (.target.size, "/etc/install.inf") outputFormat: XML, String, YaST, ...
Execute ( STRING path, STRING command, STRING YaSTarg, STRING outputFormat) path: e.g. .target.bash command : e.g. "/bin/touch /etc/modprobe.d/tv" YaSTarg: Special YaST arguments like $[ "C_locale" : true, "env" : $[ "LC_ALL" : "en_US" ] ] outputFormat: XML, String, YaST, YaSTBinary, ...
Write ( STRING path, STRING value )
The return value should always be a STRING with a special kind like XML, YaST, ... (defined in the arguments)
The other possibility would be to take the complete argument list into one STRING:
e.g. Write (".sysconfig.displaymanager.DISPLAYMANAGER_XSERVER, \"Xgl\") and parse it in the DBUS server.
You are proposing to pass only DBus strings and interpret them outside DBus. Another possibility is to use DBus Variants, containing strings, numbers, or nested arrays/dicts. That is what we started with, but had to add the other two bits: boolean (is-it-nil?) and string (type, distinguishing YCP "foo" from `foo and .foo)
Would this be possible? It would increase the acceptance of the API. Are there other options ? I fear otherwise no one ( with the exception of YaST) would be able to use the SCR via DBUS.
Correct. IMO we should simplify the interface and remove the YCP specific types, for example by replacing SCR::Write(.someini.crash_interval, nil) by SCR::Execute(.someini.crash_interval, "remove") -- Martin Vidner, YaST developer http://en.opensuse.org/User:Mvidner Kuracke oddeleni v restauraci je jako fekalni oddeleni v bazenu -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
Martin Vidner schrieb:
Would this be possible? It would increase the acceptance of the API. Are there other options ? I fear otherwise no one ( with the exception of YaST) would be able to use the SCR via DBUS.
Correct. IMO we should simplify the interface and remove the YCP specific types, for example by replacing SCR::Write(.someini.crash_interval, nil) by SCR::Execute(.someini.crash_interval, "remove")
That would be great. Please inform me(us) when you intent to change the interface. Meanwhile I will try to write a WebService-Server in Ruby which use the SCR interface. I would like to have a demo server (.e.g. for system time setting). Greetings Stefan -- ******************************************************************************* Stefan Schubert SUSE LINUX GmbH - Maxfeldstrasse 5 - D-90409 Nuernberg, Germany e-mail: schubi@suse.de ------------------------------------------------------------------------------- SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
Dne Thursday 31 of July 2008 13:05:16 Stefan Schubert napsal(a):
Martin Vidner schrieb:
Would this be possible? It would increase the acceptance of the API. Are there other options ? I fear otherwise no one ( with the exception of YaST) would be able to use the SCR via DBUS.
Correct. IMO we should simplify the interface and remove the YCP specific types, for example by replacing SCR::Write(.someini.crash_interval, nil) by SCR::Execute(.someini.crash_interval, "remove")
That would be great. Please inform me(us) when you intent to change the interface. Meanwhile I will try to write a WebService-Server in Ruby which use the SCR interface. I would like to have a demo server (.e.g. for system time setting).
Hi Stefan! You may have a look at the workshop result, which also uses SCR in order to set timezone. Just for inspiration if it helps... It's in the YaST SVN in the research branch. Jiri -- Regards, Jiri Srain YaST Team Leader --------------------------------------------------------------------- SUSE LINUX, s.r.o. e-mail: jsrain@suse.cz Lihovarska 1060/12 tel: +420 284 028 959 190 00 Praha 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz
Jiri Srain schrieb:
Dne Thursday 31 of July 2008 13:05:16 Stefan Schubert napsal(a):
Martin Vidner schrieb:
Would this be possible? It would increase the acceptance of the API. Are there other options ? I fear otherwise no one ( with the exception of YaST) would be able to use the SCR via DBUS.
Correct. IMO we should simplify the interface and remove the YCP specific types, for example by replacing SCR::Write(.someini.crash_interval, nil) by SCR::Execute(.someini.crash_interval, "remove")
That would be great. Please inform me(us) when you intent to change the interface. Meanwhile I will try to write a WebService-Server in Ruby which use the SCR interface. I would like to have a demo server (.e.g. for system time setting).
Hi Stefan!
You may have a look at the workshop result, which also uses SCR in order to set timezone.
Just for inspiration if it helps... It's in the YaST SVN in the research branch.
Yes, it helps very much. Thank you !
Jiri
-- ******************************************************************************* Stefan Schubert SUSE LINUX GmbH - Maxfeldstrasse 5 - D-90409 Nuernberg, Germany e-mail: schubi@suse.de ------------------------------------------------------------------------------- SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
participants (4)
-
Jiri Srain -
Ladislav Slezak -
Martin Vidner -
Stefan Schubert