Author: lslezak
Date: Tue Dec 9 14:16:10 2008
New Revision: 53999
URL: http://svn.opensuse.org/viewcvs/yast?rev=53999&view=rev
Log:
- SCR DBus service - check for the global permissions at first
(all method parameters are allowed) then for specific ones,
added .policy file with the default values (bnc#449794)
- 2.17.24
Added:
trunk/core/dbus/SCR_service/org.opensuse.yast.scr.policy
Modified:
trunk/core/ (props changed)
trunk/core/VERSION
trunk/core/base/tools/tty_wrapper/ (props changed)
trunk/core/dbus/SCR_service/DBusServer.cc
trunk/core/dbus/SCR_service/Makefile.am
trunk/core/package/yast2-core.changes
trunk/core/yast2-core.spec.in
Modified: trunk/core/VERSION
URL: http://svn.opensuse.org/viewcvs/yast/trunk/core/VERSION?rev=53999&r1=53998&r2=53999&view=diff
==============================================================================
--- trunk/core/VERSION (original)
+++ trunk/core/VERSION Tue Dec 9 14:16:10 2008
@@ -1 +1 @@
-2.17.23
+2.17.24
Modified: trunk/core/dbus/SCR_service/DBusServer.cc
URL: http://svn.opensuse.org/viewcvs/yast/trunk/core/dbus/SCR_service/DBusServer.cc?rev=53999&r1=53998&r2=53999&view=diff
==============================================================================
--- trunk/core/dbus/SCR_service/DBusServer.cc (original)
+++ trunk/core/dbus/SCR_service/DBusServer.cc Tue Dec 9 14:16:10 2008
@@ -426,7 +426,21 @@
{
// create actionId
static const char *polkit_prefix = "org.opensuse.yast.scr";
- std::string action_id(PolKit::createActionId(polkit_prefix, path, method, arg, opt));
+
+ // check the access right to all methods at first (see bnc#449794)
+ std::string action_id(PolKit::createActionId(polkit_prefix, "", method, "", ""));
+
+ if (policykit.isDBusUserAuthorized(action_id, caller, connection.getConnection()))
+ {
+ y2security("User is authorized to do action %s", action_id.c_str());
+ return true;
+ }
+ else
+ {
+ y2debug("User is NOT authorized to do action %s", action_id.c_str());
+ }
+
+ action_id = PolKit::createActionId(polkit_prefix, path, method, arg, opt);
bool ret = false;
Modified: trunk/core/dbus/SCR_service/Makefile.am
URL: http://svn.opensuse.org/viewcvs/yast/trunk/core/dbus/SCR_service/Makefile.am?rev=53999&r1=53998&r2=53999&view=diff
==============================================================================
--- trunk/core/dbus/SCR_service/Makefile.am (original)
+++ trunk/core/dbus/SCR_service/Makefile.am Tue Dec 9 14:16:10 2008
@@ -2,7 +2,7 @@
# Makefile.am for dbus/service
#
-EXTRA_DIST=org.opensuse.yast.SCR.service.in org.opensuse.yast.SCR.conf.in
+EXTRA_DIST=org.opensuse.yast.SCR.service.in org.opensuse.yast.SCR.conf.in org.opensuse.yast.scr.policy
AM_CXXFLAGS = -DY2LOG=\"SCR-service\" -DSUSEVERSION=\"${SUSEVERSION}\"
@@ -16,6 +16,14 @@
SCR_dbus_server_LDADD = ${AGENT_LIBADD} $(top_builddir)/liby2dbus/src/liby2dbus.la $(top_builddir)/scr/src/libpy2scr.la
+# PolicyKit defaults
+polkit_policiesdir = `pkg-config --print-errors --variable policydir polkit`
+polkit_policies_DATA = org.opensuse.yast.scr.policy
+
+# validate the policy files in 'make check' target
+check-local:
+ polkit-policy-file-validate $(polkit_policies_DATA)
+
# service activation config
Added: trunk/core/dbus/SCR_service/org.opensuse.yast.scr.policy
URL: http://svn.opensuse.org/viewcvs/yast/trunk/core/dbus/SCR_service/org.opensuse.yast.scr.policy?rev=53999&view=auto
==============================================================================
--- trunk/core/dbus/SCR_service/org.opensuse.yast.scr.policy (added)
+++ trunk/core/dbus/SCR_service/org.opensuse.yast.scr.policy Tue Dec 9 14:16:10 2008
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+
+<policyconfig>
+ <vendor>Novell, Inc.</vendor>
+ http://www.novell.com
+
+ <action id="org.opensuse.yast.scr.read">
+ <description>Yast SCR Read Method</description>
+ <message>System policy prevents the Yast SCR service from reading any value from the system.</message>
+
+ <defaults>
+ no
+ no
+ auth_admin_keep_session
+ </defaults>
+ </action>
+
+ <action id="org.opensuse.yast.scr.write">
+ <description>Yast SCR Write Method</description>
+ <message>System policy prevents the Yast SCR service from writing any value to the system.</message>
+
+ <defaults>
+ no
+ no
+ auth_admin_keep_session
+ </defaults>
+ </action>
+
+ <action id="org.opensuse.yast.scr.execute">
+ <description>Yast SCR Write Method</description>
+ <message>System policy prevents the Yast SCR service from executing system calls.</message>
+
+ <defaults>
+ no
+ no
+ auth_admin_keep_session
+ </defaults>
+ </action>
+
+ <action id="org.opensuse.yast.scr.dir">
+ <description>Yast SCR Write Method</description>
+ <message>System policy prevents the Yast SCR service from listing agent properties.</message>
+
+ <defaults>
+ no
+ no
+ auth_admin_keep_session
+ </defaults>
+ </action>
+
+ <action id="org.opensuse.yast.scr.registeragent">
+ <description>Yast SCR Write Method</description>
+ <message>System policy prevents the Yast SCR service from registering a new agent.</message>
+
+ <defaults>
+ no
+ no
+ auth_admin_keep_session
+ </defaults>
+ </action>
+
+ <action id="org.opensuse.yast.scr.unregisteragent">
+ <description>Yast SCR Write Method</description>
+ <message>System policy prevents the Yast SCR service from unregistering an agent.</message>
+
+ <defaults>
+ no
+ no
+ auth_admin_keep_session
+ </defaults>
+ </action>
+
+ <action id="org.opensuse.yast.scr.unmountagent">
+ <description>Yast SCR Write Method</description>
+ <message>System policy prevents the Yast SCR service from unmounting an agent.</message>
+
+ <defaults>
+ no
+ no
+ auth_admin_keep_session
+ </defaults>
+ </action>
+
+ <action id="org.opensuse.yast.scr.error">
+ <description>Yast SCR Write Method</description>
+ <message>System policy prevents the Yast SCR service from reading error status.</message>
+
+ <defaults>
+ no
+ no
+ auth_admin_keep_session
+ </defaults>
+ </action>
+
+ <action id="org.opensuse.yast.scr.unregisterallagents">
+ <description>Yast SCR Write Method</description>
+ <message>System policy prevents the Yast SCR service from unregistering all agents.</message>
+
+ <defaults>
+ no
+ no
+ auth_admin_keep_session
+ </defaults>
+ </action>
+
+ <action id="org.opensuse.yast.scr.registernewagents">
+ <description>Yast SCR Write Method</description>
+ <message>System policy prevents the Yast SCR service from registering new unloaded agents.</message>
+
+ <defaults>
+ no
+ no
+ auth_admin_keep_session
+ </defaults>
+ </action>
+
+</policyconfig>
+
Modified: trunk/core/package/yast2-core.changes
URL: http://svn.opensuse.org/viewcvs/yast/trunk/core/package/yast2-core.changes?rev=53999&r1=53998&r2=53999&view=diff
==============================================================================
--- trunk/core/package/yast2-core.changes (original)
+++ trunk/core/package/yast2-core.changes Tue Dec 9 14:16:10 2008
@@ -1,4 +1,12 @@
-------------------------------------------------------------------
+Tue Dec 9 13:20:49 CET 2008 - lslezak@suse.cz
+
+- SCR DBus service - check for the global permissions at first
+ (all method parameters are allowed) then for specific ones,
+ added .policy file with the default values (bnc#449794)
+- 2.17.24
+
+-------------------------------------------------------------------
Thu Nov 27 15:22:59 CET 2008 - lslezak@suse.cz
- tty_wrapper - disable LF to CRLF translation on the stdout stream
Modified: trunk/core/yast2-core.spec.in
URL: http://svn.opensuse.org/viewcvs/yast/trunk/core/yast2-core.spec.in?rev=53999&r1=53998&r2=53999&view=diff
==============================================================================
--- trunk/core/yast2-core.spec.in (original)
+++ trunk/core/yast2-core.spec.in Tue Dec 9 14:16:10 2008
@@ -106,6 +106,8 @@
# DBus service config
/usr/share/dbus-1/system-services/org.opensuse.yast.SCR.service
/etc/dbus-1/system.d/org.opensuse.yast.SCR.conf
+# PolicyKit default policies
+/usr/share/PolicyKit/policy/org.opensuse.yast.scr.policy
%files devel
%defattr(-,root,root)
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org