Author: jreidinger Date: Thu Jul 3 10:19:22 2008 New Revision: 48793 URL: http://svn.opensuse.org/viewcvs/yast?rev=48793&view=rev Log: add configuration files and remove unnecesary checks Added: branches/tmp/lslezak/workshop/auth_dbus_layer/config/ branches/tmp/lslezak/workshop/auth_dbus_layer/config/org.opensuse.YaST.Auth.service branches/tmp/lslezak/workshop/auth_dbus_layer/config/yast.conf branches/tmp/lslezak/workshop/auth_dbus_layer/config/yastproxy.conf Modified: branches/tmp/lslezak/workshop/auth_dbus_layer/polkit.c branches/tmp/lslezak/workshop/auth_dbus_layer/readme.txt Added: branches/tmp/lslezak/workshop/auth_dbus_layer/config/org.opensuse.YaST.Auth.service URL: http://svn.opensuse.org/viewcvs/yast/branches/tmp/lslezak/workshop/auth_dbus_layer/config/org.opensuse.YaST.Auth.service?rev=48793&view=auto ============================================================================== --- branches/tmp/lslezak/workshop/auth_dbus_layer/config/org.opensuse.YaST.Auth.service (added) +++ branches/tmp/lslezak/workshop/auth_dbus_layer/config/org.opensuse.YaST.Auth.service Thu Jul 3 10:19:22 2008 @@ -0,0 +1,4 @@ +[D-BUS Service] +Name=org.opensuse.YaST.Auth +Exec=/usr/lib64/python/site-packages/auth_layer_service.py +User=scrproxy Added: branches/tmp/lslezak/workshop/auth_dbus_layer/config/yast.conf URL: http://svn.opensuse.org/viewcvs/yast/branches/tmp/lslezak/workshop/auth_dbus_layer/config/yast.conf?rev=48793&view=auto ============================================================================== --- branches/tmp/lslezak/workshop/auth_dbus_layer/config/yast.conf (added) +++ branches/tmp/lslezak/workshop/auth_dbus_layer/config/yast.conf Thu Jul 3 10:19:22 2008 @@ -0,0 +1,24 @@ +<!DOCTYPE busconfig PUBLIC + "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> +<busconfig> + <policy user="root"> + <allow own="org.opensuse.YaST"/> + <allow send_destination="org.opensuse.YaST"/> + <allow send_interface="org.opensuse.YaST"/> + + </policy> + <policy user="scrproxy"> + <deny own="org.opensuse.YaST"/> + <allow send_destination="org.opensuse.YaST"/> + <allow send_interface="org.opensuse.YaST"/> + </policy> + <policy context="default"> + <deny own="org.opensuse.YaST"/> + <deny send_destination="org.opensuse.YaST"/> + <deny send_interface="org.opensuse.YaST"/> + + </policy> + + <limit name="max_replies_per_connection">512</limit> +</busconfig> Added: branches/tmp/lslezak/workshop/auth_dbus_layer/config/yastproxy.conf URL: http://svn.opensuse.org/viewcvs/yast/branches/tmp/lslezak/workshop/auth_dbus_layer/config/yastproxy.conf?rev=48793&view=auto ============================================================================== --- branches/tmp/lslezak/workshop/auth_dbus_layer/config/yastproxy.conf (added) +++ branches/tmp/lslezak/workshop/auth_dbus_layer/config/yastproxy.conf Thu Jul 3 10:19:22 2008 @@ -0,0 +1,15 @@ +<!DOCTYPE busconfig PUBLIC + "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> +<busconfig> + <policy user="scrproxy"> + <allow own="org.opensuse.YaST.Auth"/> + </policy> + <policy context="default"> + <deny own="org.opensuse.YaST.Auth"/> + <allow send_destination="org.opensuse.YaST.Auth"/> + <allow send_interface="org.opensuse.YaST.Auth"/> + </policy> + + <limit name="max_replies_per_connection">512</limit> +</busconfig> Modified: branches/tmp/lslezak/workshop/auth_dbus_layer/polkit.c URL: http://svn.opensuse.org/viewcvs/yast/branches/tmp/lslezak/workshop/auth_dbus_layer/polkit.c?rev=48793&r1=48792&r2=48793&view=diff ============================================================================== --- branches/tmp/lslezak/workshop/auth_dbus_layer/polkit.c (original) +++ branches/tmp/lslezak/workshop/auth_dbus_layer/polkit.c Thu Jul 3 10:19:22 2008 @@ -40,35 +40,6 @@ goto finish; } - /* This function is called when PulseAudio is called SUID root. We - * want to authenticate the real user that called us and not the - * effective user we gained through being SUID root. Hence we - * overwrite the UID caller data here explicitly, just for - * paranoia. In fact PolicyKit should fill in the UID here anyway - * -- an not the EUID or any other user id. - - if (!(polkit_caller_set_uid(caller, getuid()))) { - goto finish; - } - */ - /* - if (!(polkit_caller_get_ck_session(caller, &session))) - { - goto finish; - } - - - if (session!=NULL) - { - * We need to overwrite the UID in both the caller and the session - * object * - if (!(polkit_session_set_uid(session, getuid()))) { - goto finish; - } - } - - */ - if (!(action = polkit_action_new())) { goto finish; } Modified: branches/tmp/lslezak/workshop/auth_dbus_layer/readme.txt URL: http://svn.opensuse.org/viewcvs/yast/branches/tmp/lslezak/workshop/auth_dbus_layer/readme.txt?rev=48793&r1=48792&r2=48793&view=diff ============================================================================== --- branches/tmp/lslezak/workshop/auth_dbus_layer/readme.txt (original) +++ branches/tmp/lslezak/workshop/auth_dbus_layer/readme.txt Thu Jul 3 10:19:22 2008 @@ -1,16 +1,12 @@ you must have setted yast_service projekt then use 'make install' -/usr/share/dbus-1/services/org.opensuse.YaST.Auth.service --------------------------------------------------------- -[D-BUS Service] -Name=org.opensuse.YaST -Exec=/usr/lib64/python/site-packages/auth_layer_service.py ----------------------------------------------------------- +/usr/share/dbus-1/system-services/org.opensuse.YaST.Auth.service +in config dir +/etc/dbus-1/system.d/yast.conf +/etc/dbus-1/system.d/yastproxy.conf +in config dir How to run: ./test.py - -TODO: -set policy in /etc/dbus-1/system.d/yast.conf to prevent call scr service directly, use only auth proxy -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org