[packagekit] packagekit: Branch 'master' - 2 commits

Richard Hughes hughsient at kemper.freedesktop.org
Fri Oct 19 12:04:12 PDT 2007


 src/Makefile.am          |    3 
 src/pk-engine.c          |  137 ++++++-------------------------
 src/pk-security-dummy.c  |  108 +++++++++++++++++++++++++
 src/pk-security-polkit.c |  203 +++++++++++++++++++++++++++++++++++++++++++++++
 src/pk-security.h        |   60 +++++++++++++
 5 files changed, 402 insertions(+), 109 deletions(-)

New commits:
commit ca9616b5f2ef3b5c64b0931052d35b0343c61a20
Author: Richard Hughes <richard at hughsie.com>
Date:   Fri Oct 19 20:01:55 2007 +0100

    modularize the security frameworks so others can be compiled in

diff --git a/src/Makefile.am b/src/Makefile.am
index 92ab7f5..4f99bb7 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -45,6 +45,8 @@ packagekitd_SOURCES =					\
 	pk-backend-internal.h				\
 	pk-backend.c					\
 	pk-backend.h					\
+	pk-security.h					\
+	pk-security-polkit.c				\
 	pk-conf.c					\
 	pk-conf.h					\
 	pk-spawn.c					\
@@ -145,6 +147,7 @@ pk_self_test_CPPFLAGS=	\
 
 EXTRA_DIST =						\
 	pk-marshal.list					\
+	pk-security-dummy.c				\
 	pk-interface.xml				\
 	$(NULL)
 
diff --git a/src/pk-engine.c b/src/pk-engine.c
index 21b3003..540c89b 100644
--- a/src/pk-engine.c
+++ b/src/pk-engine.c
@@ -36,8 +36,6 @@
 #include <glib/gi18n.h>
 #include <dbus/dbus-glib.h>
 #include <dbus/dbus-glib-lowlevel.h>
-#include <polkit/polkit.h>
-#include <polkit-dbus/polkit-dbus.h>
 #include <pk-package-id.h>
 #include <pk-package-list.h>
 
@@ -53,6 +51,7 @@
 #include "pk-transaction-list.h"
 #include "pk-inhibit.h"
 #include "pk-marshal.h"
+#include "pk-security.h"
 
 static void     pk_engine_class_init	(PkEngineClass *klass);
 static void     pk_engine_init		(PkEngine      *engine);
@@ -63,8 +62,6 @@ static void     pk_engine_finalize	(GObject       *object);
 struct PkEnginePrivate
 {
 	GTimer			*timer;
-	PolKitContext		*pk_context;
-	DBusConnection		*connection;
 	gchar			*backend;
 	PkTransactionList	*transaction_list;
 	PkTransactionDb		*transaction_db;
@@ -72,6 +69,7 @@ struct PkEnginePrivate
 	PkPackageList		*updates_cache;
 	PkInhibit		*inhibit;
 	PkNetwork		*network;
+	PkSecurity		*security;
 	PkEnumList		*actions;
 	PkEnumList		*groups;
 	PkEnumList		*filters;
@@ -786,53 +784,17 @@ pk_engine_get_tid (PkEngine *engine, gchar **tid, GError **error)
 }
 
 /**
- * pk_engine_can_do_action:
- **/
-static PolKitResult
-pk_engine_can_do_action (PkEngine *engine, const gchar *dbus_name, const gchar *action)
-{
-	PolKitResult pk_result;
-	PolKitAction *pk_action;
-	PolKitCaller *pk_caller;
-	DBusError dbus_error;
-
-	/* set action */
-	pk_action = polkit_action_new ();
-	polkit_action_set_action_id (pk_action, action);
-
-	/* set caller */
-	pk_debug ("using caller %s", dbus_name);
-	dbus_error_init (&dbus_error);
-	pk_caller = polkit_caller_new_from_dbus_name (engine->priv->connection, dbus_name, &dbus_error);
-	if (pk_caller == NULL) {
-		if (dbus_error_is_set (&dbus_error)) {
-			pk_error ("error: polkit_caller_new_from_dbus_name(): %s: %s\n",
-				  dbus_error.name, dbus_error.message);
-		}
-	}
-
-	pk_result = polkit_context_can_caller_do_action (engine->priv->pk_context, pk_action, pk_caller);
-	pk_debug ("PolicyKit result = '%s'", polkit_result_to_string_representation (pk_result));
-
-	polkit_action_unref (pk_action);
-	polkit_caller_unref (pk_caller);
-
-	return pk_result;
-}
-
-/**
  * pk_engine_action_is_allowed:
  *
  * Only valid from an async caller, which is fine, as we won't prompt the user
  * when not async.
  **/
 static gboolean
-pk_engine_action_is_allowed (PkEngine *engine, const gchar *dbus_name,
+pk_engine_action_is_allowed (PkEngine *engine, const gchar *dbus_sender,
 			     PkRoleEnum role, GError **error)
 {
-	PolKitResult pk_result;
-	const gchar *policy = NULL;
 	gboolean ret;
+	gchar *error_detail;
 
 	/* could we actually do this, even with the right permissions? */
 	ret = pk_enum_list_contains (engine->priv->actions, role);
@@ -842,34 +804,10 @@ pk_engine_action_is_allowed (PkEngine *engine, const gchar *dbus_name,
 		return FALSE;
 	}
 
-#ifdef IGNORE_POLKIT
-	return TRUE;
-#endif
-
-	/* map the roles to policykit rules */
-	if (role == PK_ROLE_ENUM_UPDATE_PACKAGE ||
-	    role == PK_ROLE_ENUM_UPDATE_SYSTEM) {
-		policy = "org.freedesktop.packagekit.update";
-	} else if (role == PK_ROLE_ENUM_REMOVE_PACKAGE) {
-		policy = "org.freedesktop.packagekit.remove";
-	} else if (role == PK_ROLE_ENUM_INSTALL_PACKAGE) {
-		policy = "org.freedesktop.packagekit.install";
-	} else if (role == PK_ROLE_ENUM_INSTALL_FILE) {
-		policy = "org.freedesktop.packagekit.localinstall";
-	} else if (role == PK_ROLE_ENUM_ROLLBACK) {
-		policy = "org.freedesktop.packagekit.rollback";
-	} else if (role == PK_ROLE_ENUM_REPO_ENABLE ||
-		   role == PK_ROLE_ENUM_REPO_SET_DATA) {
-		policy = "org.freedesktop.packagekit.repo-change";
-	} else {
-		pk_error ("policykit type required for '%s'", pk_role_enum_to_text (role));
-	}
-
-	/* get the dbus sender */
-	pk_result = pk_engine_can_do_action (engine, dbus_name, policy);
-	if (pk_result != POLKIT_RESULT_YES) {
-		*error = g_error_new (PK_ENGINE_ERROR, PK_ENGINE_ERROR_REFUSED_BY_POLICY,
-				     "%s %s", policy, polkit_result_to_string_representation (pk_result));
+	/* use security model to get auth */
+	ret = pk_security_action_is_allowed (engine->priv->security, dbus_sender, role, &error_detail);
+	if (ret == FALSE) {
+		*error = g_error_new (PK_ENGINE_ERROR, PK_ENGINE_ERROR_REFUSED_BY_POLICY, error_detail);
 		return FALSE;
 	}
 	return TRUE;
@@ -1551,7 +1489,7 @@ pk_engine_update_system (PkEngine *engine, const gchar *tid, DBusGMethodInvocati
 		return;
 	}
 
-	/* check with PolicyKit if the action is allowed from this client - if not, set an error */
+	/* check if the action is allowed from this client - if not, set an error */
 	ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_UPDATE_SYSTEM, &error);
 	if (ret == FALSE) {
 		dbus_g_method_return_error (context, error);
@@ -1628,7 +1566,7 @@ pk_engine_remove_package (PkEngine *engine, const gchar *tid, const gchar *packa
 		return;
 	}
 
-	/* check with PolicyKit if the action is allowed from this client - if not, set an error */
+	/* check if the action is allowed from this client - if not, set an error */
 	ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_REMOVE_PACKAGE, &error);
 	if (ret == FALSE) {
 		dbus_g_method_return_error (context, error);
@@ -1699,7 +1637,7 @@ pk_engine_install_package (PkEngine *engine, const gchar *tid, const gchar *pack
 		return;
 	}
 
-	/* check with PolicyKit if the action is allowed from this client - if not, set an error */
+	/* check if the action is allowed from this client - if not, set an error */
 	ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_INSTALL_PACKAGE, &error);
 	if (ret == FALSE) {
 		dbus_g_method_return_error (context, error);
@@ -1761,7 +1699,7 @@ pk_engine_install_file (PkEngine *engine, const gchar *tid, const gchar *full_pa
 		return;
 	}
 
-	/* check with PolicyKit if the action is allowed from this client - if not, set an error */
+	/* check if the action is allowed from this client - if not, set an error */
 	ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_INSTALL_FILE, &error);
 	if (ret == FALSE) {
 		dbus_g_method_return_error (context, error);
@@ -1823,7 +1761,7 @@ pk_engine_rollback (PkEngine *engine, const gchar *tid, const gchar *transaction
 		return;
 	}
 
-	/* check with PolicyKit if the action is allowed from this client - if not, set an error */
+	/* check if the action is allowed from this client - if not, set an error */
 	ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_ROLLBACK, &error);
 	if (ret == FALSE) {
 		dbus_g_method_return_error (context, error);
@@ -1894,7 +1832,7 @@ pk_engine_update_package (PkEngine *engine, const gchar *tid, const gchar *packa
 		return;
 	}
 
-	/* check with PolicyKit if the action is allowed from this client - if not, set an error */
+	/* check if the action is allowed from this client - if not, set an error */
 	ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_UPDATE_PACKAGE, &error);
 	if (ret == FALSE) {
 		dbus_g_method_return_error (context, error);
@@ -1995,7 +1933,7 @@ pk_engine_repo_enable (PkEngine *engine, const gchar *tid, const gchar *repo_id,
 		return;
 	}
 
-	/* check with PolicyKit if the action is allowed from this client - if not, set an error */
+	/* check if the action is allowed from this client - if not, set an error */
 	ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_REPO_ENABLE, &error);
 	if (ret == FALSE) {
 		dbus_g_method_return_error (context, error);
@@ -2058,7 +1996,7 @@ pk_engine_repo_set_data (PkEngine *engine, const gchar *tid, const gchar *repo_i
 		return;
 	}
 
-	/* check with PolicyKit if the action is allowed from this client - if not, set an error */
+	/* check if the action is allowed from this client - if not, set an error */
 	ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_REPO_SET_DATA, &error);
 	if (ret == FALSE) {
 		dbus_g_method_return_error (context, error);
@@ -2523,10 +2461,6 @@ pk_engine_class_init (PkEngineClass *klass)
 static void
 pk_engine_init (PkEngine *engine)
 {
-	DBusError dbus_error;
-	polkit_bool_t retval;
-	PolKitError *pk_error;
-
 	engine->priv = PK_ENGINE_GET_PRIVATE (engine);
 	engine->priv->timer = g_timer_new ();
 	engine->priv->backend = NULL;
@@ -2537,6 +2471,9 @@ pk_engine_init (PkEngine *engine)
 	/* we dont need this, just don't keep creating and destroying it */
 	engine->priv->network = pk_network_new ();
 
+	/* we need an auth framework */
+	engine->priv->security = pk_security_new ();
+
 	engine->priv->transaction_list = pk_transaction_list_new ();
 	g_signal_connect (engine->priv->transaction_list, "changed",
 			  G_CALLBACK (pk_engine_transaction_list_changed_cb), engine);
@@ -2549,22 +2486,6 @@ pk_engine_init (PkEngine *engine)
 	engine->priv->transaction_db = pk_transaction_db_new ();
 	g_signal_connect (engine->priv->transaction_db, "transaction",
 			  G_CALLBACK (pk_engine_transaction_cb), engine);
-
-	/* get a connection to the bus */
-	dbus_error_init (&dbus_error);
-	engine->priv->connection = dbus_bus_get (DBUS_BUS_SYSTEM, &dbus_error);
-	if (engine->priv->connection == NULL) {
-		pk_error ("failed to get system connection %s: %s\n", dbus_error.name, dbus_error.message);
-	}
-
-	/* get PolicyKit context */
-	engine->priv->pk_context = polkit_context_new ();
-	pk_error = NULL;
-	retval = polkit_context_init (engine->priv->pk_context, &pk_error);
-	if (retval == FALSE) {
-		pk_error ("Could not init PolicyKit context: %s", polkit_error_get_error_message (pk_error));
-		polkit_error_free (pk_error);
-	}
 }
 
 /**
@@ -2586,7 +2507,6 @@ pk_engine_finalize (GObject *object)
 	/* compulsory gobjects */
 	g_timer_destroy (engine->priv->timer);
 	g_free (engine->priv->backend);
-	polkit_context_unref (engine->priv->pk_context);
 	g_object_unref (engine->priv->inhibit);
 	g_object_unref (engine->priv->transaction_list);
 	g_object_unref (engine->priv->transaction_db);
@@ -2594,6 +2514,7 @@ pk_engine_finalize (GObject *object)
 	g_object_unref (engine->priv->groups);
 	g_object_unref (engine->priv->filters);
 	g_object_unref (engine->priv->network);
+	g_object_unref (engine->priv->security);
 
 	if (engine->priv->updates_cache != NULL) {
 		pk_debug ("unreffing updates cache");
diff --git a/src/pk-security-dummy.c b/src/pk-security-dummy.c
new file mode 100644
index 0000000..afb7d22
--- /dev/null
+++ b/src/pk-security-dummy.c
@@ -0,0 +1,108 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*-
+ *
+ * Copyright (C) 2007 Richard Hughes <richard at hughsie.com>
+ *
+ * Licensed under the GNU General Public License Version 2
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/time.h>
+#include <sys/types.h>
+
+#include <glib/gi18n.h>
+#include <glib.h>
+
+#include <pk-enum.h>
+
+#include "pk-debug.h"
+#include "pk-security.h"
+
+#define PK_SECURITY_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), PK_TYPE_SECURITY, PkSecurityPrivate))
+
+struct PkSecurityPrivate
+{
+	gpointer		data;
+};
+
+G_DEFINE_TYPE (PkSecurity, pk_security, G_TYPE_OBJECT)
+
+/**
+ * pk_security_action_is_allowed:
+ *
+ * Only valid from an async caller, which is fine, as we won't prompt the user
+ * when not async.
+ **/
+gboolean
+pk_security_action_is_allowed (PkSecurity *security, const gchar *dbus_sender,
+			       PkRoleEnum role, gchar **error_detail)
+{
+	g_return_val_if_fail (security != NULL, FALSE);
+	g_return_val_if_fail (PK_IS_SECURITY (security), FALSE);
+	return TRUE;
+}
+
+/**
+ * pk_security_finalize:
+ **/
+static void
+pk_security_finalize (GObject *object)
+{
+	PkSecurity *security;
+	g_return_if_fail (object != NULL);
+	g_return_if_fail (PK_IS_SECURITY (object));
+	security = PK_SECURITY (object);
+	G_OBJECT_CLASS (pk_security_parent_class)->finalize (object);
+}
+
+/**
+ * pk_security_class_init:
+ **/
+static void
+pk_security_class_init (PkSecurityClass *klass)
+{
+	GObjectClass *object_class = G_OBJECT_CLASS (klass);
+	object_class->finalize = pk_security_finalize;
+	g_type_class_add_private (klass, sizeof (PkSecurityPrivate));
+}
+
+/**
+ * pk_security_init:
+ *
+ * initialises the security class. NOTE: We expect security objects
+ * to *NOT* be removed or added during the session.
+ * We only control the first security object if there are more than one.
+ **/
+static void
+pk_security_init (PkSecurity *security)
+{
+	pk_warning ("THERE IS NO SECURITY MODEL BEING USED!!!");
+}
+
+/**
+ * pk_security_new:
+ * Return value: A new security class instance.
+ **/
+PkSecurity *
+pk_security_new (void)
+{
+	PkSecurity *security;
+	security = g_object_new (PK_TYPE_SECURITY, NULL);
+	return PK_SECURITY (security);
+}
+
diff --git a/src/pk-security-polkit.c b/src/pk-security-polkit.c
new file mode 100644
index 0000000..b304259
--- /dev/null
+++ b/src/pk-security-polkit.c
@@ -0,0 +1,203 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*-
+ *
+ * Copyright (C) 2007 Richard Hughes <richard at hughsie.com>
+ *
+ * Licensed under the GNU General Public License Version 2
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/time.h>
+#include <sys/types.h>
+
+#include <glib/gi18n.h>
+#include <glib.h>
+#include <dbus/dbus-glib.h>
+
+#include <polkit/polkit.h>
+#include <polkit-dbus/polkit-dbus.h>
+
+#include <pk-enum.h>
+
+#include "pk-debug.h"
+#include "pk-security.h"
+
+#define PK_SECURITY_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), PK_TYPE_SECURITY, PkSecurityPrivate))
+
+struct PkSecurityPrivate
+{
+	PolKitContext		*pk_context;
+	DBusConnection		*connection;
+};
+
+G_DEFINE_TYPE (PkSecurity, pk_security, G_TYPE_OBJECT)
+
+/**
+ * pk_security_can_do_action:
+ **/
+static PolKitResult
+pk_security_can_do_action (PkSecurity *security, const gchar *dbus_sender, const gchar *action)
+{
+	PolKitResult pk_result;
+	PolKitAction *pk_action;
+	PolKitCaller *pk_caller;
+	DBusError dbus_error;
+
+	/* set action */
+	pk_action = polkit_action_new ();
+	polkit_action_set_action_id (pk_action, action);
+
+	/* set caller */
+	pk_debug ("using caller %s", dbus_sender);
+	dbus_error_init (&dbus_error);
+	pk_caller = polkit_caller_new_from_dbus_name (security->priv->connection, dbus_sender, &dbus_error);
+	if (pk_caller == NULL) {
+		if (dbus_error_is_set (&dbus_error)) {
+			pk_error ("error: polkit_caller_new_from_dbus_name(): %s: %s\n",
+				  dbus_error.name, dbus_error.message);
+		}
+	}
+
+	pk_result = polkit_context_can_caller_do_action (security->priv->pk_context, pk_action, pk_caller);
+	pk_debug ("PolicyKit result = '%s'", polkit_result_to_string_representation (pk_result));
+
+	polkit_action_unref (pk_action);
+	polkit_caller_unref (pk_caller);
+
+	return pk_result;
+}
+
+/**
+ * pk_security_action_is_allowed:
+ *
+ * Only valid from an async caller, which is fine, as we won't prompt the user
+ * when not async.
+ **/
+gboolean
+pk_security_action_is_allowed (PkSecurity *security, const gchar *dbus_sender,
+			       PkRoleEnum role, gchar **error_detail)
+{
+	PolKitResult pk_result;
+	const gchar *policy = NULL;
+
+	g_return_val_if_fail (security != NULL, FALSE);
+	g_return_val_if_fail (PK_IS_SECURITY (security), FALSE);
+
+	/* map the roles to policykit rules */
+	if (role == PK_ROLE_ENUM_UPDATE_PACKAGE ||
+	    role == PK_ROLE_ENUM_UPDATE_SYSTEM) {
+		policy = "org.freedesktop.packagekit.update";
+	} else if (role == PK_ROLE_ENUM_REMOVE_PACKAGE) {
+		policy = "org.freedesktop.packagekit.remove";
+	} else if (role == PK_ROLE_ENUM_INSTALL_PACKAGE) {
+		policy = "org.freedesktop.packagekit.install";
+	} else if (role == PK_ROLE_ENUM_INSTALL_FILE) {
+		policy = "org.freedesktop.packagekit.localinstall";
+	} else if (role == PK_ROLE_ENUM_ROLLBACK) {
+		policy = "org.freedesktop.packagekit.rollback";
+	} else if (role == PK_ROLE_ENUM_REPO_ENABLE ||
+		   role == PK_ROLE_ENUM_REPO_SET_DATA) {
+		policy = "org.freedesktop.packagekit.repo-change";
+	} else {
+		pk_error ("policykit type required for '%s'", pk_role_enum_to_text (role));
+	}
+
+	/* get the dbus sender */
+	pk_result = pk_security_can_do_action (security, dbus_sender, policy);
+	if (pk_result != POLKIT_RESULT_YES) {
+		if (error_detail != NULL) {
+			*error_detail = g_strdup_printf ("%s %s", policy, polkit_result_to_string_representation (pk_result));
+		}
+		return FALSE;
+	}
+	return TRUE;
+}
+
+/**
+ * pk_security_finalize:
+ **/
+static void
+pk_security_finalize (GObject *object)
+{
+	PkSecurity *security;
+	g_return_if_fail (object != NULL);
+	g_return_if_fail (PK_IS_SECURITY (object));
+	security = PK_SECURITY (object);
+
+	/* unref PolicyKit */
+	polkit_context_unref (security->priv->pk_context);
+
+	G_OBJECT_CLASS (pk_security_parent_class)->finalize (object);
+}
+
+/**
+ * pk_security_class_init:
+ **/
+static void
+pk_security_class_init (PkSecurityClass *klass)
+{
+	GObjectClass *object_class = G_OBJECT_CLASS (klass);
+	object_class->finalize = pk_security_finalize;
+	g_type_class_add_private (klass, sizeof (PkSecurityPrivate));
+}
+
+/**
+ * pk_security_init:
+ *
+ * initialises the security class. NOTE: We expect security objects
+ * to *NOT* be removed or added during the session.
+ * We only control the first security object if there are more than one.
+ **/
+static void
+pk_security_init (PkSecurity *security)
+{
+	PolKitError *pk_error;
+	polkit_bool_t retval;
+	DBusError dbus_error;
+
+	security->priv = PK_SECURITY_GET_PRIVATE (security);
+
+	/* get a connection to the bus */
+	dbus_error_init (&dbus_error);
+	security->priv->connection = dbus_bus_get (DBUS_BUS_SYSTEM, &dbus_error);
+	if (security->priv->connection == NULL) {
+		pk_error ("failed to get system connection %s: %s\n", dbus_error.name, dbus_error.message);
+	}
+
+	/* get PolicyKit context */
+	security->priv->pk_context = polkit_context_new ();
+	pk_error = NULL;
+	retval = polkit_context_init (security->priv->pk_context, &pk_error);
+	if (retval == FALSE) {
+		pk_error ("Could not init PolicyKit context: %s", polkit_error_get_error_message (pk_error));
+		polkit_error_free (pk_error);
+	}
+}
+
+/**
+ * pk_security_new:
+ * Return value: A new security class instance.
+ **/
+PkSecurity *
+pk_security_new (void)
+{
+	PkSecurity *security;
+	security = g_object_new (PK_TYPE_SECURITY, NULL);
+	return PK_SECURITY (security);
+}
+
diff --git a/src/pk-security.h b/src/pk-security.h
new file mode 100644
index 0000000..7d762cc
--- /dev/null
+++ b/src/pk-security.h
@@ -0,0 +1,60 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*-
+ *
+ * Copyright (C) 2007 Richard Hughes <richard at hughsie.com>
+ *
+ * Licensed under the GNU General Public License Version 2
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#ifndef __PK_SECURITY_H
+#define __PK_SECURITY_H
+
+#include <glib-object.h>
+#include <pk-enum.h>
+
+G_BEGIN_DECLS
+
+#define PK_TYPE_SECURITY		(pk_security_get_type ())
+#define PK_SECURITY(o)			(G_TYPE_CHECK_INSTANCE_CAST ((o), PK_TYPE_SECURITY, PkSecurity))
+#define PK_SECURITY_CLASS(k)		(G_TYPE_CHECK_CLASS_CAST((k), PK_TYPE_SECURITY, PkSecurityClass))
+#define PK_IS_SECURITY(o)		(G_TYPE_CHECK_INSTANCE_TYPE ((o), PK_TYPE_SECURITY))
+#define PK_IS_SECURITY_CLASS(k)		(G_TYPE_CHECK_CLASS_TYPE ((k), PK_TYPE_SECURITY))
+#define PK_SECURITY_GET_CLASS(o)	(G_TYPE_INSTANCE_GET_CLASS ((o), PK_TYPE_SECURITY, PkSecurityClass))
+
+typedef struct PkSecurityPrivate PkSecurityPrivate;
+
+typedef struct
+{
+	GObject		      parent;
+	PkSecurityPrivate     *priv;
+} PkSecurity;
+
+typedef struct
+{
+	GObjectClass	parent_class;
+} PkSecurityClass;
+
+GType		 pk_security_get_type		(void);
+PkSecurity	*pk_security_new		(void);
+
+gboolean	 pk_security_action_is_allowed	(PkSecurity	*security,
+						 const gchar	*dbus_sender,
+						 PkRoleEnum	 role,
+						 gchar		**error_detail);
+
+G_END_DECLS
+
+#endif /* __PK_SECURITY_H */
commit 7c77a955487d43b33ae1997a947dc2425b1ff679
Author: Richard Hughes <richard at hughsie.com>
Date:   Fri Oct 19 19:32:30 2007 +0100

    don't use the context, send the dbus name

diff --git a/src/pk-engine.c b/src/pk-engine.c
index 67645e0..21b3003 100644
--- a/src/pk-engine.c
+++ b/src/pk-engine.c
@@ -827,11 +827,10 @@ pk_engine_can_do_action (PkEngine *engine, const gchar *dbus_name, const gchar *
  * when not async.
  **/
 static gboolean
-pk_engine_action_is_allowed (PkEngine *engine, DBusGMethodInvocation *context,
+pk_engine_action_is_allowed (PkEngine *engine, const gchar *dbus_name,
 			     PkRoleEnum role, GError **error)
 {
 	PolKitResult pk_result;
-	const gchar *dbus_name;
 	const gchar *policy = NULL;
 	gboolean ret;
 
@@ -867,7 +866,6 @@ pk_engine_action_is_allowed (PkEngine *engine, DBusGMethodInvocation *context,
 	}
 
 	/* get the dbus sender */
-	dbus_name = dbus_g_method_get_sender (context);
 	pk_result = pk_engine_can_do_action (engine, dbus_name, policy);
 	if (pk_result != POLKIT_RESULT_YES) {
 		*error = g_error_new (PK_ENGINE_ERROR, PK_ENGINE_ERROR_REFUSED_BY_POLICY,
@@ -1554,7 +1552,7 @@ pk_engine_update_system (PkEngine *engine, const gchar *tid, DBusGMethodInvocati
 	}
 
 	/* check with PolicyKit if the action is allowed from this client - if not, set an error */
-	ret = pk_engine_action_is_allowed (engine, context, PK_ROLE_ENUM_UPDATE_SYSTEM, &error);
+	ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_UPDATE_SYSTEM, &error);
 	if (ret == FALSE) {
 		dbus_g_method_return_error (context, error);
 		return;
@@ -1631,7 +1629,7 @@ pk_engine_remove_package (PkEngine *engine, const gchar *tid, const gchar *packa
 	}
 
 	/* check with PolicyKit if the action is allowed from this client - if not, set an error */
-	ret = pk_engine_action_is_allowed (engine, context, PK_ROLE_ENUM_REMOVE_PACKAGE, &error);
+	ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_REMOVE_PACKAGE, &error);
 	if (ret == FALSE) {
 		dbus_g_method_return_error (context, error);
 		return;
@@ -1702,7 +1700,7 @@ pk_engine_install_package (PkEngine *engine, const gchar *tid, const gchar *pack
 	}
 
 	/* check with PolicyKit if the action is allowed from this client - if not, set an error */
-	ret = pk_engine_action_is_allowed (engine, context, PK_ROLE_ENUM_INSTALL_PACKAGE, &error);
+	ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_INSTALL_PACKAGE, &error);
 	if (ret == FALSE) {
 		dbus_g_method_return_error (context, error);
 		return;
@@ -1764,7 +1762,7 @@ pk_engine_install_file (PkEngine *engine, const gchar *tid, const gchar *full_pa
 	}
 
 	/* check with PolicyKit if the action is allowed from this client - if not, set an error */
-	ret = pk_engine_action_is_allowed (engine, context, PK_ROLE_ENUM_INSTALL_FILE, &error);
+	ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_INSTALL_FILE, &error);
 	if (ret == FALSE) {
 		dbus_g_method_return_error (context, error);
 		return;
@@ -1826,7 +1824,7 @@ pk_engine_rollback (PkEngine *engine, const gchar *tid, const gchar *transaction
 	}
 
 	/* check with PolicyKit if the action is allowed from this client - if not, set an error */
-	ret = pk_engine_action_is_allowed (engine, context, PK_ROLE_ENUM_ROLLBACK, &error);
+	ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_ROLLBACK, &error);
 	if (ret == FALSE) {
 		dbus_g_method_return_error (context, error);
 		return;
@@ -1897,7 +1895,7 @@ pk_engine_update_package (PkEngine *engine, const gchar *tid, const gchar *packa
 	}
 
 	/* check with PolicyKit if the action is allowed from this client - if not, set an error */
-	ret = pk_engine_action_is_allowed (engine, context, PK_ROLE_ENUM_UPDATE_PACKAGE, &error);
+	ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_UPDATE_PACKAGE, &error);
 	if (ret == FALSE) {
 		dbus_g_method_return_error (context, error);
 		return;
@@ -1998,7 +1996,7 @@ pk_engine_repo_enable (PkEngine *engine, const gchar *tid, const gchar *repo_id,
 	}
 
 	/* check with PolicyKit if the action is allowed from this client - if not, set an error */
-	ret = pk_engine_action_is_allowed (engine, context, PK_ROLE_ENUM_REPO_ENABLE, &error);
+	ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_REPO_ENABLE, &error);
 	if (ret == FALSE) {
 		dbus_g_method_return_error (context, error);
 		return;
@@ -2061,7 +2059,7 @@ pk_engine_repo_set_data (PkEngine *engine, const gchar *tid, const gchar *repo_i
 	}
 
 	/* check with PolicyKit if the action is allowed from this client - if not, set an error */
-	ret = pk_engine_action_is_allowed (engine, context, PK_ROLE_ENUM_REPO_SET_DATA, &error);
+	ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_REPO_SET_DATA, &error);
 	if (ret == FALSE) {
 		dbus_g_method_return_error (context, error);
 		return;



More information about the PackageKit mailing list