Author: lslezak
Date: Tue Dec 20 09:57:14 2011
New Revision: 67034
URL: http://svn.opensuse.org/viewcvs/yast?rev=67034&view=rev
Log:
merged tmp/lslezak/dbus-server branch
use the new polkit-1 instead of obsoleted PolicyKit
Modified:
trunk/dbus-server/ (props changed)
trunk/dbus-server/configure.in.in
trunk/dbus-server/src/liby2dbus/src/DBusServerBase.cc
trunk/dbus-server/src/liby2dbus/src/PolKit.cc
trunk/dbus-server/src/liby2dbus/src/PolKit.h
trunk/dbus-server/src/services/SCR_service/Makefile.am
trunk/dbus-server/src/services/SCR_service/SCR_dbus_server.cc
trunk/dbus-server/src/services/SCR_service/org.opensuse.yast.scr.policy
trunk/dbus-server/src/services/namespace_service/src/Makefile.am
trunk/dbus-server/src/services/namespace_service/src/org.opensuse.yast.module-manager.policy.in
trunk/dbus-server/src/services/namespace_service/src/yast_modules_dbus_server.cc
trunk/dbus-server/yast2-dbus-server.spec.in
Modified: trunk/dbus-server/configure.in.in
URL: http://svn.opensuse.org/viewcvs/yast/trunk/dbus-server/configure.in.in?rev=67034&r1=67033&r2=67034&view=diff
==============================================================================
--- trunk/dbus-server/configure.in.in (original)
+++ trunk/dbus-server/configure.in.in Tue Dec 20 09:57:14 2011
@@ -23,16 +23,16 @@
[policykit=yes])
if test "x${policykit}" == xyes ; then
- PKG_CHECK_MODULES(POLKIT, [ polkit-dbus >= 0.7 ],
+ PKG_CHECK_MODULES(POLKIT, [ polkit-gobject-1 ],
[
HAVE_POLKIT=1
AC_DEFINE([HAVE_POLKIT], 1, [Have PolicyKit])
- policydir=`pkg-config polkit-dbus --variable prefix`/share/PolicyKit/policy/
+ policydir=`pkg-config polkit-gobject-1 --variable policydir`
AC_SUBST(policydir)
],
[
HAVE_POLKIT=0
- AC_MSG_ERROR([*** PolicyKit support not found, install PolicyKit-devel: 'zypper in PolicyKit-devel' or libpolkit-dbus-dev.deb])
+ AC_MSG_ERROR([*** PolicyKit support not found, install polkit-devel: 'zypper in polkit-devel' or libpolkit-gobject-1-dev.deb])
])
else
HAVE_POLKIT=0
Modified: trunk/dbus-server/src/liby2dbus/src/DBusServerBase.cc
URL: http://svn.opensuse.org/viewcvs/yast/trunk/dbus-server/src/liby2dbus/src/DBusServerBase.cc?rev=67034&r1=67033&r2=67034&view=diff
==============================================================================
--- trunk/dbus-server/src/liby2dbus/src/DBusServerBase.cc (original)
+++ trunk/dbus-server/src/liby2dbus/src/DBusServerBase.cc Tue Dec 20 09:57:14 2011
@@ -261,11 +261,6 @@
DBusError dbus_error;
dbus_error_init(&dbus_error);
-#ifdef HAVE_POLKIT
- // check for changes in policykit config
- policykit.checkPolkitChanges();
-#endif
-
// check the policy using PolicyKit, the check is disabled in the test mode
if (test_mode || isActionAllowed(request, &dbus_error))
{
Modified: trunk/dbus-server/src/liby2dbus/src/PolKit.cc
URL: http://svn.opensuse.org/viewcvs/yast/trunk/dbus-server/src/liby2dbus/src/PolKit.cc?rev=67034&r1=67033&r2=67034&view=diff
==============================================================================
--- trunk/dbus-server/src/liby2dbus/src/PolKit.cc (original)
+++ trunk/dbus-server/src/liby2dbus/src/PolKit.cc Tue Dec 20 09:57:14 2011
@@ -7,115 +7,17 @@
#include
-#include<map>
-
-extern "C"
-{
-#include
-#include
-}
-
-#include <cstring>
-
-typedef std::map PolKitMapping;
-
-// PolKitContext * -> PolKit * mapping
-// for routing the policykit callbacks to the correct PolKit object
-PolKitMapping polkit_mapping;
-
-PolKit* findPolKitObj(PolKitContext *context)
-{
- PolKitMapping::const_iterator it = polkit_mapping.find(context);
-
- if (it == polkit_mapping.end())
- {
- y2error("Cannot find PolKit object for PolKitContext %p", context);
- return NULL;
- }
- else
- {
- return it->second;
- }
-}
-
-static void _polkitConfigChanged(PolKitContext *context, void *data)
-{
- y2debug("PolicyKit context %p has been changed", context);
-
- PolKit *pk = findPolKitObj(context);
-
- if (pk != NULL)
- {
- pk->configChanged();
- }
-}
-
-static int _polkitIOAddWatch(PolKitContext *context, int fd)
-{
- y2debug("PolicyKit context %p: adding IO watch: %d", context, fd);
-
- PolKit *pk = findPolKitObj(context);
-
- if (pk == NULL)
- {
- return 0;
- }
- else
- {
- pk->addWatch(fd);
- }
-
- // TODO: Polkit doc says the result must be unique ID, is this OK??
- return fd;
-}
-
-static void _polkitIORemoveWatch(PolKitContext *context, int fd)
-{
- y2debug("PolicyKit context %p removing IO watch: %d", context, fd);
-
- PolKit *pk = findPolKitObj(context);
-
- if (pk != NULL)
- {
- pk->removeWatch(fd);
- }
-}
+#include <map>
PolKit::PolKit()
{
- context = polkit_context_new();
-
- // add object mapping
- polkit_mapping.insert(std::make_pair(context, this));
-
- // set PolicyKit config change callback
- polkit_context_set_config_changed(context, _polkitConfigChanged, NULL);
-
- // set PolicyKit config watch callbacks
- polkit_context_set_io_watch_functions(context, _polkitIOAddWatch, _polkitIORemoveWatch);
-
- PolKitError *polkit_error = NULL;
- polkit_context_init(context, &polkit_error);
-
- if (polkit_error)
- {
- y2error("PolicyKit error: %s: %s", polkit_error_get_error_name(polkit_error),
- polkit_error_get_error_message(polkit_error));
-
- polkit_error_free(polkit_error);
- }
-
- select_timeout.tv_sec = 0;
- select_timeout.tv_usec = 0;
+ pk_authority = polkit_authority_get();
}
PolKit::~PolKit()
{
- // release this object from mapping
- polkit_mapping.erase(context);
-
- // release the PolKitContext object
- polkit_context_unref(context);
+ // release the PolkitAuthority object
+ g_object_unref(pk_authority);
}
@@ -123,60 +25,38 @@
{
y2debug("Checking action %s from %s", action_id.c_str(), dbus_caller.c_str());
- PolKitCaller *pk_caller = polkit_caller_new_from_dbus_name(con, dbus_caller.c_str(), err);
-
- if (dbus_error_is_set(err))
- {
- // PolKit sometimes sets the error even if the PolKitCaller object has been successfully returned
- // see bnc#439150
- if (pk_caller == NULL)
- {
- y2error ("DBus error: creating PolKitCaller object failed: %s: %s", err->name, err->message);
- return false;
- }
- else
- {
- // reset the error flag, no error
- dbus_error_free(err);
- }
- }
+ PolkitSubject *pk_subject = polkit_system_bus_name_new(dbus_caller.c_str());
- if (pk_caller == NULL)
+ if (pk_subject == NULL)
{
- y2error("PolKitCaller is NULL!");
+ y2error("PolkitSubject is NULL!");
return false;
}
- PolKitAction *pk_action = polkit_action_new();
- polkit_action_set_action_id (pk_action, action_id.c_str());
+ GError *polkit_error = NULL;
- PolKitError *polkit_error = NULL;
- PolKitResult pk_result = polkit_context_is_caller_authorized(
- context, pk_action, pk_caller, TRUE, &polkit_error);
-
- y2debug("polkit_context_is_caller_authorized() result: %s", polkit_result_to_string_representation(pk_result));
-
- if (pk_result != POLKIT_RESULT_YES)
- {
- if (!polkit_dbus_error_generate(pk_action, pk_result, err))
- {
- y2error("Cannot set DBus error from PolicyKit result");
- }
- }
+ PolkitAuthorizationResult *pk_result = polkit_authority_check_authorization_sync(
+ pk_authority, pk_subject, action_id.c_str(), NULL, POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE, NULL, &polkit_error);
- polkit_action_unref (pk_action);
+ g_object_unref(pk_subject);
if (polkit_error)
{
- y2error("PolicyKit error: %s: %s", polkit_error_get_error_name(polkit_error),
- polkit_error_get_error_message(polkit_error));
+ y2error("polkit error: %s", polkit_error->message);
- polkit_error_free(polkit_error);
+ // set a DBus error here
+ dbus_set_error(err, "%s:%s", action_id.c_str(), polkit_error->message);
+
+ g_error_free(polkit_error);
}
- polkit_caller_unref(pk_caller);
+ // remember the result before freeing the object
+ bool result = polkit_authorization_result_get_is_authorized(pk_result);
+
+ // free the result object
+ g_object_unref(pk_result);
- return pk_result == POLKIT_RESULT_YES;
+ return result;
}
std::string PolKit::makeValidActionID(const std::string &s)
@@ -245,94 +125,26 @@
bool PolKit::isValidActionID(const std::string &action)
{
- return polkit_action_validate_id(action.c_str());
-}
-
-
-// check the registered file descriptors here,
-// if there is something to read then call
-// polkit_context_io_func(context, ready_fd)
-// to process the changes by PolicyKit
-//
-// this method must be called from the main loop
-
-void PolKit::checkPolkitChanges()
-{
- y2debug("Checking changes in PolicyKit config...");
-
- // filedescriptor set
- fd_set rfds;
+ int str_size = action.size();
- // init to empty set
- FD_ZERO(&rfds);
+ // action ID must not exceed 255 characters
+ if (str_size > 255) return false;
- int max_fd = -1;
+ // only lower case ASCII characters, numbers, period (.) and hyphen (-)
+ // are allowed in action ID (see man polkit)
- for(WatchListType::const_iterator it = fd_watch_list.begin();
- it != fd_watch_list.end();
- ++it)
+ int idx = 0;
+ while (idx < str_size)
{
- // add the FD to the watch set
- FD_SET(*it, &rfds);
-
- if (max_fd < *it)
+ char ch = action[idx];
+ if (!(islower(ch) || isdigit(ch) || ch == '.' || ch == '-'))
{
- max_fd = *it;
+ return false;
}
- }
-
- // check whether there is something to read, timeout is 0 (return immediately)
- int retval = ::select(max_fd + 1, &rfds, NULL, NULL, &select_timeout);
- y2debug("select() result: %d", retval);
-
- // error?
- if (retval == -1)
- {
- y2error("Error in select() call: %s", ::strerror(errno));
+ idx++;
}
- // data available?
- else if (retval > 0)
- {
- for(WatchListType::const_iterator it = fd_watch_list.begin();
- it != fd_watch_list.end();
- ++it)
- {
- // check the FD in the result
- if (FD_ISSET(*it, &rfds))
- {
- y2debug("File descriptor %d has data available", *it);
- // call the PolicyKit IO handler
- // (the config changed callbacked will be called
- // if the config has been changed)
- polkit_context_io_func(context, *it);
- }
- }
- }
+ return true;
}
-void PolKit::addWatch(int fd)
-{
- y2milestone("Adding Polkit watch fd: %d", fd);
-
- // add the fd to the internal list
- fd_watch_list.push_back(fd);
-
- y2debug("%zd file descriptors in the watch list", fd_watch_list.size());
-}
-
-void PolKit::removeWatch(int fd)
-{
- y2milestone("Removing Polkit watch fd: %d", fd);
-
- // remove the fd from the internal list
- fd_watch_list.remove_if(std::bind2nd(std::equal_to<int>(), fd));
-
- y2debug("%zd file descriptors in the watch list", fd_watch_list.size());
-}
-
-void PolKit::configChanged()
-{
- y2milestone("PolicyKit config has been changed");
-}
Modified: trunk/dbus-server/src/liby2dbus/src/PolKit.h
URL: http://svn.opensuse.org/viewcvs/yast/trunk/dbus-server/src/liby2dbus/src/PolKit.h?rev=67034&r1=67033&r2=67034&view=diff
==============================================================================
--- trunk/dbus-server/src/liby2dbus/src/PolKit.h (original)
+++ trunk/dbus-server/src/liby2dbus/src/PolKit.h Tue Dec 20 09:57:14 2011
@@ -11,12 +11,7 @@
#include <list>
#include
-#include
-
-extern "C"
-{
-#include
-}
+#include
class PolKit
{
@@ -28,11 +23,7 @@
bool isDBusUserAuthorized(const std::string &action_id, const std::string &dbus_caller,
DBusConnection *con, DBusError*err);
- void checkPolkitChanges();
- void addWatch(int fd);
- void removeWatch(int fd);
- void configChanged();
static std::string createActionId(const std::string &prefix, const std::string &path,
const std::string &method, const std::string &arg = std::string(),
@@ -44,15 +35,7 @@
private:
- PolKitContext *context;
-
- typedef std::list<int> WatchListType;
-
- WatchListType fd_watch_list;
-
- // select() timeout (set to 0 to return immediately)
- struct timeval select_timeout;
-
+ PolkitAuthority *pk_authority;
};
#endif
Modified: trunk/dbus-server/src/services/SCR_service/Makefile.am
URL: http://svn.opensuse.org/viewcvs/yast/trunk/dbus-server/src/services/SCR_service/Makefile.am?rev=67034&r1=67033&r2=67034&view=diff
==============================================================================
--- trunk/dbus-server/src/services/SCR_service/Makefile.am (original)
+++ trunk/dbus-server/src/services/SCR_service/Makefile.am Tue Dec 20 09:57:14 2011
@@ -21,12 +21,13 @@
SCR_dbus_server_LDADD = ${AGENT_LIBADD} $(top_builddir)/src/liby2dbus/src/liby2dbus.la -lycp -ly2 -ly2util ${libdir}/YaST2/plugin/libpy2scr.la
# PolicyKit defaults
-polkit_policiesdir = `pkg-config --print-errors --variable policydir polkit`
+polkit_policiesdir = `pkg-config --print-errors --variable policydir polkit-gobject-1`
polkit_policies_DATA = org.opensuse.yast.scr.policy
# validate the policy files in 'make check' target
check-local:
- polkit-policy-file-validate $(polkit_policies_DATA)
+# TODO FIXME: temporarily disabled, polkit-policy-file-validate is part of deprecated package PolicyKit.rpm
+# polkit-policy-file-validate $(polkit_policies_DATA)
if type ruby; then \
ruby test_SCR_dbus_server.rb; \
else \
Modified: trunk/dbus-server/src/services/SCR_service/SCR_dbus_server.cc
URL: http://svn.opensuse.org/viewcvs/yast/trunk/dbus-server/src/services/SCR_service/SCR_dbus_server.cc?rev=67034&r1=67033&r2=67034&view=diff
==============================================================================
--- trunk/dbus-server/src/services/SCR_service/SCR_dbus_server.cc (original)
+++ trunk/dbus-server/src/services/SCR_service/SCR_dbus_server.cc Tue Dec 20 09:57:14 2011
@@ -9,6 +9,8 @@
int main(int argc, char **argv)
{
+ // needed by libpolkit
+ g_type_init();
DBusServer server;
Modified: trunk/dbus-server/src/services/SCR_service/org.opensuse.yast.scr.policy
URL: http://svn.opensuse.org/viewcvs/yast/trunk/dbus-server/src/services/SCR_service/org.opensuse.yast.scr.policy?rev=67034&r1=67033&r2=67034&view=diff
==============================================================================
--- trunk/dbus-server/src/services/SCR_service/org.opensuse.yast.scr.policy (original)
+++ trunk/dbus-server/src/services/SCR_service/org.opensuse.yast.scr.policy Tue Dec 20 09:57:14 2011
@@ -13,7 +13,7 @@
<defaults>
no
no
- auth_admin_keep_session
+ auth_admin
</defaults>
</action>
@@ -24,7 +24,7 @@
<defaults>
no
no
- auth_admin_keep_session
+ auth_admin
</defaults>
</action>
@@ -35,7 +35,7 @@
<defaults>
no
no
- auth_admin_keep_session
+ auth_admin
</defaults>
</action>
@@ -46,7 +46,7 @@
<defaults>
no
no
- auth_admin_keep_session
+ auth_admin
</defaults>
</action>
@@ -57,7 +57,7 @@
<defaults>
no
no
- auth_admin_keep_session
+ auth_admin
</defaults>
</action>
@@ -68,7 +68,7 @@
<defaults>
no
no
- auth_admin_keep_session
+ auth_admin
</defaults>
</action>
@@ -79,7 +79,7 @@
<defaults>
no
no
- auth_admin_keep_session
+ auth_admin
</defaults>
</action>
@@ -90,7 +90,7 @@
<defaults>
no
no
- auth_admin_keep_session
+ auth_admin
</defaults>
</action>
@@ -101,7 +101,7 @@
<defaults>
no
no
- auth_admin_keep_session
+ auth_admin
</defaults>
</action>
@@ -112,7 +112,7 @@
<defaults>
no
no
- auth_admin_keep_session
+ auth_admin
</defaults>
</action>
Modified: trunk/dbus-server/src/services/namespace_service/src/Makefile.am
URL: http://svn.opensuse.org/viewcvs/yast/trunk/dbus-server/src/services/namespace_service/src/Makefile.am?rev=67034&r1=67033&r2=67034&view=diff
==============================================================================
--- trunk/dbus-server/src/services/namespace_service/src/Makefile.am (original)
+++ trunk/dbus-server/src/services/namespace_service/src/Makefile.am Tue Dec 20 09:57:14 2011
@@ -20,12 +20,13 @@
yast_modules_dbus_server_LDADD = ${AGENT_LIBADD} $(top_builddir)/src/liby2dbus/src/liby2dbus.la -lycp -ly2 -ly2util ${libdir}/YaST2/plugin/libpy2wfm.la
# PolicyKit defaults
-polkit_policiesdir = `pkg-config --print-errors --variable policydir polkit`
+polkit_policiesdir = `pkg-config --print-errors --variable policydir polkit-gobject-1`
polkit_policies_DATA = org.opensuse.yast.module-manager.policy
+# TODO FIXME: temporarily disabled, polkit-policy-file-validate is part of deprecated package PolicyKit.rpm
# validate the policy files in 'make check' target
-check-local:
- polkit-policy-file-validate $(polkit_policies_DATA)
+#check-local:
+# polkit-policy-file-validate $(polkit_policies_DATA)
# service activation config
Modified: trunk/dbus-server/src/services/namespace_service/src/org.opensuse.yast.module-manager.policy.in
URL: http://svn.opensuse.org/viewcvs/yast/trunk/dbus-server/src/services/namespace_service/src/org.opensuse.yast.module-manager.policy.in?rev=67034&r1=67033&r2=67034&view=diff
==============================================================================
--- trunk/dbus-server/src/services/namespace_service/src/org.opensuse.yast.module-manager.policy.in (original)
+++ trunk/dbus-server/src/services/namespace_service/src/org.opensuse.yast.module-manager.policy.in Tue Dec 20 09:57:14 2011
@@ -13,7 +13,7 @@
<defaults>
no
no
- auth_admin_keep_session
+ auth_admin
</defaults>
</action>
@@ -24,7 +24,7 @@
<defaults>
no
no
- auth_admin_keep_session
+ auth_admin
</defaults>
</action>
Modified: trunk/dbus-server/src/services/namespace_service/src/yast_modules_dbus_server.cc
URL: http://svn.opensuse.org/viewcvs/yast/trunk/dbus-server/src/services/namespace_service/src/yast_modules_dbus_server.cc?rev=67034&r1=67033&r2=67034&view=diff
==============================================================================
--- trunk/dbus-server/src/services/namespace_service/src/yast_modules_dbus_server.cc (original)
+++ trunk/dbus-server/src/services/namespace_service/src/yast_modules_dbus_server.cc Tue Dec 20 09:57:14 2011
@@ -53,6 +53,9 @@
return 1;
}
+ // needed by libpolkit
+ g_type_init();
+
DBusModulesServer server(modules, test_mode);
bool connected = server.connect();
Modified: trunk/dbus-server/yast2-dbus-server.spec.in
URL: http://svn.opensuse.org/viewcvs/yast/trunk/dbus-server/yast2-dbus-server.spec.in?rev=67034&r1=67033&r2=67034&view=diff
==============================================================================
--- trunk/dbus-server/yast2-dbus-server.spec.in (original)
+++ trunk/dbus-server/yast2-dbus-server.spec.in Tue Dec 20 09:57:14 2011
@@ -19,7 +19,9 @@
BuildRequires: sgml-skel
# for SCR DBus service
-BuildRequires: dbus-1-devel dbus-1-x11 PolicyKit-devel libxcrypt-devel
+BuildRequires: dbus-1-devel dbus-1-x11 polkit-devel libxcrypt-devel
+# its tests
+BuildRequires: dbus-1-python python-devel
# its tests
BuildRequires: dbus-1-python python-devel
@@ -65,13 +67,13 @@
/usr/share/dbus-1/system-services/org.opensuse.yast.SCR.service
%config /etc/dbus-1/system.d/org.opensuse.yast.SCR.conf
# PolicyKit default policies
-/usr/share/PolicyKit/policy/org.opensuse.yast.scr.policy
+/usr/share/polkit-1/actions/org.opensuse.yast.scr.policy
# DBus namespace service
@ybindir@/yast_modules_dbus_server
/usr/share/dbus-1/system-services/org.opensuse.YaST.modules.service
%config /etc/dbus-1/system.d/org.opensuse.YaST.modules.conf
-/usr/share/PolicyKit/policy/org.opensuse.yast.module-manager.policy
+/usr/share/polkit-1/actions/org.opensuse.yast.module-manager.policy
%doc @docdir@
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org