diff options
author | Richard Hughes <richard@hughsie.com> | 2009-07-06 13:41:48 +0100 |
---|---|---|
committer | Richard Hughes <richard@hughsie.com> | 2009-07-06 13:41:48 +0100 |
commit | 618c8093aad4152d1ebff4342d615e8688eb0d52 (patch) | |
tree | 559291a8853a2f2f30f2a1ed3d339720382b7ab7 | |
parent | 364c26f631ae0a9f77c1f8b8666fe62c23abbd31 (diff) |
Port to PolicyKit1
-rw-r--r-- | configure.ac | 6 | ||||
-rw-r--r-- | policy/Makefile.am | 6 | ||||
-rw-r--r-- | src/Makefile.am | 4 | ||||
-rw-r--r-- | src/dkp-daemon.c | 24 | ||||
-rw-r--r-- | src/dkp-daemon.h | 2 | ||||
-rw-r--r-- | src/dkp-device.c | 1 | ||||
-rw-r--r-- | src/dkp-device.h | 2 | ||||
-rw-r--r-- | src/dkp-polkit.c | 237 | ||||
-rw-r--r-- | src/dkp-polkit.h | 12 | ||||
-rw-r--r-- | src/dkp-qos.c | 32 |
10 files changed, 130 insertions, 196 deletions
diff --git a/configure.ac b/configure.ac index 042c843..b1cff83 100644 --- a/configure.ac +++ b/configure.ac @@ -157,9 +157,9 @@ PKG_CHECK_MODULES(DBUS_GLIB, [dbus-glib-1 >= 0.76]) AC_SUBST(DBUS_GLIB_CFLAGS) AC_SUBST(DBUS_GLIB_LIBS) -PKG_CHECK_MODULES(POLKIT_DBUS, [polkit-dbus >= 0.7]) -AC_SUBST(POLKIT_DBUS_CFLAGS) -AC_SUBST(POLKIT_DBUS_LIBS) +PKG_CHECK_MODULES(POLKIT, [polkit-gobject-1 >= 0.91]) +AC_SUBST(POLKIT_CFLAGS) +AC_SUBST(POLKIT_LIBS) PKG_CHECK_MODULES(GIO, [gio-2.0 >= 2.16.1]) AC_SUBST(GIO_CFLAGS) diff --git a/policy/Makefile.am b/policy/Makefile.am index 041aae2..df0be71 100644 --- a/policy/Makefile.am +++ b/policy/Makefile.am @@ -1,4 +1,4 @@ -polkit_policydir = $(datadir)/PolicyKit/policy +polkit_policydir = $(datadir)/polkit-1/actions polkit_policy_DATA = \ org.freedesktop.devicekit.power.policy \ org.freedesktop.devicekit.power.qos.policy @@ -7,10 +7,6 @@ polkit_policy_DATA = \ # http://bugzilla.gnome.org/show_bug.cgi?id=462312 @INTLTOOL_POLICY_RULE@ -check: - polkit-policy-file-validate $(top_builddir)/policy/org.freedesktop.devicekit.power.policy - polkit-policy-file-validate $(top_builddir)/policy/org.freedesktop.devicekit.power.qos.policy - EXTRA_DIST = \ org.freedesktop.devicekit.power.policy.in \ org.freedesktop.devicekit.power.qos.policy.in diff --git a/src/Makefile.am b/src/Makefile.am index 14f68de..7f34925 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -20,7 +20,7 @@ INCLUDES = \ -I$(top_srcdir) \ $(GIO_CFLAGS) \ $(DBUS_GLIB_CFLAGS) \ - $(POLKIT_DBUS_CFLAGS) \ + $(POLKIT_CFLAGS) \ $(DEVKIT_CFLAGS) \ $(GLIB_CFLAGS) @@ -91,7 +91,7 @@ devkit_power_daemon_LDADD = \ $(USB_LIBS) \ $(GIO_LIBS) \ $(DBUS_GLIB_LIBS) \ - $(POLKIT_DBUS_LIBS) \ + $(POLKIT_LIBS) \ $(DEVKIT_POWER_LIBS) \ $(DEVKIT_LIBS) diff --git a/src/dkp-daemon.c b/src/dkp-daemon.c index 895b769..59a6e84 100644 --- a/src/dkp-daemon.c +++ b/src/dkp-daemon.c @@ -750,15 +750,15 @@ dkp_daemon_suspend (DkpDaemon *daemon, DBusGMethodInvocation *context) gboolean ret; GError *error; GError *error_local = NULL; - PolKitCaller *caller; + PolkitSubject *subject; gchar *stdout = NULL; gchar *stderr = NULL; - caller = dkp_polkit_get_caller (daemon->priv->polkit, context); - if (caller == NULL) + subject = dkp_polkit_get_subject (daemon->priv->polkit, context); + if (subject == NULL) goto out; - if (!dkp_polkit_check_auth (daemon->priv->polkit, caller, "org.freedesktop.devicekit.power.suspend", context)) + if (!dkp_polkit_check_auth (daemon->priv->polkit, subject, "org.freedesktop.devicekit.power.suspend", context)) goto out; ret = g_spawn_command_line_sync ("/usr/sbin/pm-suspend", &stdout, &stderr, NULL, &error_local); @@ -774,8 +774,8 @@ dkp_daemon_suspend (DkpDaemon *daemon, DBusGMethodInvocation *context) out: g_free (stdout); g_free (stderr); - if (caller != NULL) - polkit_caller_unref (caller); + if (subject != NULL) + g_object_unref (subject); return TRUE; } @@ -788,15 +788,15 @@ dkp_daemon_hibernate (DkpDaemon *daemon, DBusGMethodInvocation *context) gboolean ret; GError *error; GError *error_local = NULL; - PolKitCaller *caller; + PolkitSubject *subject; gchar *stdout = NULL; gchar *stderr = NULL; - caller = dkp_polkit_get_caller (daemon->priv->polkit, context); - if (caller == NULL) + subject = dkp_polkit_get_subject (daemon->priv->polkit, context); + if (subject == NULL) goto out; - if (!dkp_polkit_check_auth (daemon->priv->polkit, caller, "org.freedesktop.devicekit.power.hibernate", context)) + if (!dkp_polkit_check_auth (daemon->priv->polkit, subject, "org.freedesktop.devicekit.power.hibernate", context)) goto out; ret = g_spawn_command_line_sync ("/usr/sbin/pm-hibernate", &stdout, &stderr, NULL, &error_local); @@ -812,8 +812,8 @@ dkp_daemon_hibernate (DkpDaemon *daemon, DBusGMethodInvocation *context) out: g_free (stdout); g_free (stderr); - if (caller != NULL) - polkit_caller_unref (caller); + if (subject != NULL) + g_object_unref (subject); return TRUE; } diff --git a/src/dkp-daemon.h b/src/dkp-daemon.h index f3492ca..ce4725f 100644 --- a/src/dkp-daemon.h +++ b/src/dkp-daemon.h @@ -22,7 +22,7 @@ #define __DKP_DAEMON_H__ #include <glib-object.h> -#include <polkit-dbus/polkit-dbus.h> +#include <polkit/polkit.h> #include <dbus/dbus-glib.h> G_BEGIN_DECLS diff --git a/src/dkp-device.c b/src/dkp-device.c index 8ea4060..bf169d8 100644 --- a/src/dkp-device.c +++ b/src/dkp-device.c @@ -32,7 +32,6 @@ #include <dbus/dbus-glib.h> #include <dbus/dbus-glib-lowlevel.h> #include <devkit-gobject/devkit-gobject.h> -#include <polkit-dbus/polkit-dbus.h> #include "sysfs-utils.h" #include "egg-debug.h" diff --git a/src/dkp-device.h b/src/dkp-device.h index b85f80d..dec84a4 100644 --- a/src/dkp-device.h +++ b/src/dkp-device.h @@ -23,7 +23,7 @@ #define __DKP_DEVICE_H__ #include <glib-object.h> -#include <polkit-dbus/polkit-dbus.h> +#include <polkit/polkit.h> #include <devkit-gobject/devkit-gobject.h> #include <dbus/dbus-glib.h> diff --git a/src/dkp-polkit.c b/src/dkp-polkit.c index 0eb95d9..ca00936 100644 --- a/src/dkp-polkit.c +++ b/src/dkp-polkit.c @@ -29,7 +29,6 @@ #include <dbus/dbus-glib-lowlevel.h> #include <polkit/polkit.h> -#include <polkit-dbus/polkit-dbus.h> #include "egg-debug.h" @@ -41,134 +40,124 @@ struct DkpPolkitPrivate { DBusGConnection *connection; - PolKitContext *context; - PolKitTracker *tracker; + PolkitAuthority *authority; }; G_DEFINE_TYPE (DkpPolkit, dkp_polkit, G_TYPE_OBJECT) static gpointer dkp_polkit_object = NULL; /** - * pk_polkit_io_watch_have_data: + * dkp_polkit_get_subject: **/ -static gboolean -pk_polkit_io_watch_have_data (GIOChannel *channel, GIOCondition condition, gpointer user_data) +PolkitSubject * +dkp_polkit_get_subject (DkpPolkit *polkit, DBusGMethodInvocation *context) { - int fd; - PolKitContext *context = user_data; - fd = g_io_channel_unix_get_fd (channel); - polkit_context_io_func (context, fd); - return TRUE; -} + const gchar *sender; + PolkitSubject *subject; -/** - * pk_polkit_io_add_watch: - **/ -static int -pk_polkit_io_add_watch (PolKitContext *context, int fd) -{ - guint id = 0; - GIOChannel *channel; - channel = g_io_channel_unix_new (fd); - if (channel == NULL) - goto out; - id = g_io_add_watch (channel, G_IO_IN, pk_polkit_io_watch_have_data, context); - if (id == 0) { - g_io_channel_unref (channel); - goto out; - } - g_io_channel_unref (channel); -out: - return id; -} + sender = dbus_g_method_get_sender (context); + subject = polkit_system_bus_name_new (sender); -/** - * pk_polkit_io_remove_watch: - **/ -static void -pk_polkit_io_remove_watch (PolKitContext *context, int watch_id) -{ - g_source_remove (watch_id); + return subject; } /** - * dkp_polkit_dbus_filter: + * dkp_polkit_check_auth: **/ -static DBusHandlerResult -dkp_polkit_dbus_filter (DBusConnection *connection, DBusMessage *message, void *user_data) +gboolean +dkp_polkit_check_auth (DkpPolkit *polkit, PolkitSubject *subject, const gchar *action_id, DBusGMethodInvocation *context) { - DkpPolkit *polkit = DKP_POLKIT (user_data); - const gchar *interface; - - interface = dbus_message_get_interface (message); - - /* pass NameOwnerChanged signals from the bus to PolKitTracker */ - if (dbus_message_is_signal (message, DBUS_INTERFACE_DBUS, "NameOwnerChanged")) - polkit_tracker_dbus_func (polkit->priv->tracker, message); + gboolean ret = FALSE; + GError *error; + GError *error_local; + PolkitAuthorizationResult *result; - /* pass ConsoleKit signals to PolKitTracker */ - if (interface != NULL && g_str_has_prefix (interface, "org.freedesktop.ConsoleKit")) - polkit_tracker_dbus_func (polkit->priv->tracker, message); + /* check auth */ + result = polkit_authority_check_authorization_sync (polkit->priv->authority, subject, action_id, NULL, POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION, NULL, &error_local); + if (result == NULL) { + error = g_error_new (DKP_DAEMON_ERROR, DKP_DAEMON_ERROR_GENERAL, "failed to check authorisation: %s", error_local->message); + dbus_g_method_return_error (context, error); + g_error_free (error_local); + g_error_free (error); + goto out; + } - /* other filters might want to process this message too */ - return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; + /* okay? */ + if (polkit_authorization_result_get_is_authorized (result)) { + ret = TRUE; + } else { + error = g_error_new (DKP_DAEMON_ERROR, DKP_DAEMON_ERROR_GENERAL, "not authorized"); + dbus_g_method_return_error (context, error); + g_error_free (error); + } +out: + if (result != NULL) + g_object_unref (result); + return ret; } /** - * dkp_polkit_get_caller: + * dkp_polkit_get_uid: **/ -PolKitCaller * -dkp_polkit_get_caller (DkpPolkit *polkit, DBusGMethodInvocation *context) +gboolean +dkp_polkit_get_uid (DkpPolkit *polkit, PolkitSubject *subject, uid_t *uid) { - const gchar *sender; - GError *error; - DBusError dbus_error; - PolKitCaller *caller; + DBusConnection *connection; + const gchar *name; - sender = dbus_g_method_get_sender (context); - dbus_error_init (&dbus_error); - caller = polkit_tracker_get_caller_from_dbus_name (polkit->priv->tracker, sender, &dbus_error); - if (caller == NULL) { - error = g_error_new (DKP_DAEMON_ERROR, - DKP_DAEMON_ERROR_GENERAL, - "Error getting information about caller: %s: %s", - dbus_error.name, dbus_error.message); - dbus_error_free (&dbus_error); - dbus_g_method_return_error (context, error); - g_error_free (error); - return NULL; + if (!POLKIT_IS_SYSTEM_BUS_NAME (subject)) { + egg_debug ("not system bus name"); + return FALSE; } - return caller; + connection = dbus_g_connection_get_connection (polkit->priv->connection); + name = polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject)); + *uid = dbus_bus_get_unix_user (connection, name, NULL); + return TRUE; } /** - * dkp_polkit_check_auth: + * dkp_polkit_get_pid: **/ gboolean -dkp_polkit_check_auth (DkpPolkit *polkit, PolKitCaller *caller, const gchar *action_id, DBusGMethodInvocation *context) +dkp_polkit_get_pid (DkpPolkit *polkit, PolkitSubject *subject, pid_t *pid) { gboolean ret = FALSE; - GError *error; - DBusError dbus_error; - PolKitAction *action; - PolKitResult result; + GError *error = NULL; + const gchar *name; + DBusGProxy *proxy = NULL; - action = polkit_action_new (); - polkit_action_set_action_id (action, action_id); - result = polkit_context_is_caller_authorized (polkit->priv->context, action, caller, TRUE, NULL); - if (result == POLKIT_RESULT_YES) { - ret = TRUE; - } else { - dbus_error_init (&dbus_error); - polkit_dbus_error_generate (action, result, &dbus_error); - error = NULL; - dbus_set_g_error (&error, &dbus_error); - dbus_g_method_return_error (context, error); + /* bus name? */ + if (!POLKIT_IS_SYSTEM_BUS_NAME (subject)) { + egg_debug ("not system bus name"); + goto out; + } + + name = polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject)); + proxy = dbus_g_proxy_new_for_name_owner (polkit->priv->connection, + "org.freedesktop.DBus", + "/org/freedesktop/DBus/Bus", + "org.freedesktop.DBus", &error); + if (proxy == NULL) { + egg_warning ("DBUS error: %s", error->message); g_error_free (error); - dbus_error_free (&dbus_error); + goto out; } - polkit_action_unref (action); + + /* get pid from DBus (quite slow) */ + ret = dbus_g_proxy_call (proxy, "GetConnectionUnixProcessID", &error, + G_TYPE_STRING, name, + G_TYPE_INVALID, + G_TYPE_UINT, pid, + G_TYPE_INVALID); + if (!ret) { + egg_warning ("failed to get pid: %s", error->message); + g_error_free (error); + goto out; + } +out: + if (proxy != NULL) + g_object_unref (proxy); return ret; } @@ -184,9 +173,7 @@ dkp_polkit_finalize (GObject *object) if (polkit->priv->connection != NULL) dbus_g_connection_unref (polkit->priv->connection); - if (polkit->priv->tracker != NULL) - polkit_tracker_unref (polkit->priv->tracker); - polkit_context_unref (polkit->priv->context); + g_object_unref (polkit->priv->authority); G_OBJECT_CLASS (dkp_polkit_parent_class)->finalize (object); } @@ -212,14 +199,10 @@ dkp_polkit_class_init (DkpPolkitClass *klass) static void dkp_polkit_init (DkpPolkit *polkit) { - - DBusConnection *connection; - DBusError dbus_error; GError *error = NULL; polkit->priv = DKP_POLKIT_GET_PRIVATE (polkit); - error = NULL; polkit->priv->connection = dbus_g_bus_get (DBUS_BUS_SYSTEM, &error); if (polkit->priv->connection == NULL) { if (error != NULL) { @@ -228,57 +211,7 @@ dkp_polkit_init (DkpPolkit *polkit) } goto out; } - connection = dbus_g_connection_get_connection (polkit->priv->connection); - - polkit->priv->context = polkit_context_new (); - polkit_context_set_io_watch_functions (polkit->priv->context, pk_polkit_io_add_watch, pk_polkit_io_remove_watch); - if (!polkit_context_init (polkit->priv->context, NULL)) { - g_critical ("cannot initialize libpolkit"); - goto out; - } - - polkit->priv->tracker = polkit_tracker_new (); - polkit_tracker_set_system_bus_connection (polkit->priv->tracker, connection); - polkit_tracker_init (polkit->priv->tracker); - - /* TODO FIXME: I'm pretty sure dbus-glib blows in a way that - * we can't say we're interested in all signals from all - * members on all interfaces for a given service... So we do - * this.. - */ - - dbus_error_init (&dbus_error); - - /* need to listen to NameOwnerChanged */ - dbus_bus_add_match (connection, - "type='signal'" - ",interface='"DBUS_INTERFACE_DBUS"'" - ",sender='"DBUS_SERVICE_DBUS"'" - ",member='NameOwnerChanged'", - &dbus_error); - - if (dbus_error_is_set (&dbus_error)) { - egg_warning ("Cannot add match rule: %s: %s", dbus_error.name, dbus_error.message); - dbus_error_free (&dbus_error); - goto out; - } - - /* need to listen to ConsoleKit signals */ - dbus_bus_add_match (connection, - "type='signal',sender='org.freedesktop.ConsoleKit'", - &dbus_error); - - if (dbus_error_is_set (&dbus_error)) { - egg_warning ("Cannot add match rule: %s: %s", dbus_error.name, dbus_error.message); - dbus_error_free (&dbus_error); - goto out; - } - - if (!dbus_connection_add_filter (connection, dkp_polkit_dbus_filter, polkit, NULL)) { - egg_warning ("Cannot add D-Bus filter: %s: %s", dbus_error.name, dbus_error.message); - goto out; - } - + polkit->priv->authority = polkit_authority_get (); out: return; } diff --git a/src/dkp-polkit.h b/src/dkp-polkit.h index 8934af2..56ed205 100644 --- a/src/dkp-polkit.h +++ b/src/dkp-polkit.h @@ -23,7 +23,7 @@ #define __DKP_POLKIT_H #include <glib-object.h> -#include <polkit-dbus/polkit-dbus.h> +#include <polkit/polkit.h> G_BEGIN_DECLS @@ -49,12 +49,18 @@ typedef struct GType dkp_polkit_get_type (void); DkpPolkit *dkp_polkit_new (void); -PolKitCaller *dkp_polkit_get_caller (DkpPolkit *polkit, +PolkitSubject *dkp_polkit_get_subject (DkpPolkit *polkit, DBusGMethodInvocation *context); gboolean dkp_polkit_check_auth (DkpPolkit *polkit, - PolKitCaller *pk_caller, + PolkitSubject *subject, const gchar *action_id, DBusGMethodInvocation *context); +gboolean dkp_polkit_get_uid (DkpPolkit *polkit, + PolkitSubject *subject, + uid_t *uid); +gboolean dkp_polkit_get_pid (DkpPolkit *polkit, + PolkitSubject *subject, + pid_t *pid); G_END_DECLS diff --git a/src/dkp-qos.c b/src/dkp-qos.c index 7ef0a54..8e52e38 100644 --- a/src/dkp-qos.c +++ b/src/dkp-qos.c @@ -252,8 +252,8 @@ dkp_qos_request_latency (DkpQos *qos, const gchar *type_text, gint value, gboole GError *error; guint uid; gint pid; - PolKitCaller *caller = NULL; - polkit_bool_t retval; + PolkitSubject *subject = NULL; + gboolean retval; DkpQosType type; /* get correct data */ @@ -272,9 +272,9 @@ dkp_qos_request_latency (DkpQos *qos, const gchar *type_text, gint value, gboole goto out; } - /* get the caller */ - caller = dkp_polkit_get_caller (qos->priv->polkit, context); - if (caller == NULL) + /* get the subject */ + subject = dkp_polkit_get_subject (qos->priv->polkit, context); + if (subject == NULL) goto out; /* check auth */ @@ -282,11 +282,11 @@ dkp_qos_request_latency (DkpQos *qos, const gchar *type_text, gint value, gboole auth = "org.freedesktop.devicekit.power.qos.request-latency-persistent"; else auth = "org.freedesktop.devicekit.power.qos.request-latency"; - if (!dkp_polkit_check_auth (qos->priv->polkit, caller, auth, context)) + if (!dkp_polkit_check_auth (qos->priv->polkit, subject, auth, context)) goto out; /* get uid */ - retval = polkit_caller_get_uid (caller, &uid); + retval = dkp_polkit_get_uid (qos->priv->polkit, subject, &uid); if (!retval) { error = g_error_new (DKP_DAEMON_ERROR, DKP_DAEMON_ERROR_GENERAL, "cannot get UID"); dbus_g_method_return_error (context, error); @@ -294,7 +294,7 @@ dkp_qos_request_latency (DkpQos *qos, const gchar *type_text, gint value, gboole } /* get pid */ - retval = polkit_caller_get_pid (caller, &pid); + retval = dkp_polkit_get_pid (qos->priv->polkit, subject, &pid); if (!retval) { error = g_error_new (DKP_DAEMON_ERROR, DKP_DAEMON_ERROR_GENERAL, "cannot get PID"); dbus_g_method_return_error (context, error); @@ -330,8 +330,8 @@ dkp_qos_request_latency (DkpQos *qos, const gchar *type_text, gint value, gboole dkp_qos_latency_perhaps_changed (qos, type); dbus_g_method_return (context, obj->cookie); out: - if (caller != NULL) - polkit_caller_unref (caller); + if (subject != NULL) + g_object_unref (subject); g_free (sender); g_free (cmdline); } @@ -358,7 +358,7 @@ dkp_qos_cancel_request (DkpQos *qos, guint cookie, DBusGMethodInvocation *contex DkpQosObj *obj; GError *error; gchar *sender = NULL; - PolKitCaller *caller = NULL; + PolkitSubject *subject = NULL; /* find the correct cookie */ obj = dkp_qos_find_from_cookie (qos, cookie); @@ -379,10 +379,10 @@ dkp_qos_cancel_request (DkpQos *qos, guint cookie, DBusGMethodInvocation *contex /* are we not the sender? */ if (g_strcmp0 (sender, obj->sender) != 0) { - caller = dkp_polkit_get_caller (qos->priv->polkit, context); - if (caller == NULL) + subject = dkp_polkit_get_subject (qos->priv->polkit, context); + if (subject == NULL) goto out; - if (!dkp_polkit_check_auth (qos->priv->polkit, caller, "org.freedesktop.devicekit.power.qos.cancel-request", context)) + if (!dkp_polkit_check_auth (qos->priv->polkit, subject, "org.freedesktop.devicekit.power.qos.cancel-request", context)) goto out; } @@ -398,8 +398,8 @@ dkp_qos_cancel_request (DkpQos *qos, guint cookie, DBusGMethodInvocation *contex g_signal_emit (qos, signals [REQUESTS_CHANGED], 0); out: - if (caller != NULL) - polkit_caller_unref (caller); + if (subject != NULL) + g_object_unref (subject); g_free (sender); } |