[packagekit] packagekit: Branch 'master' - 2 commits
Richard Hughes
hughsient at kemper.freedesktop.org
Fri Oct 19 12:04:12 PDT 2007
src/Makefile.am | 3
src/pk-engine.c | 137 ++++++-------------------------
src/pk-security-dummy.c | 108 +++++++++++++++++++++++++
src/pk-security-polkit.c | 203 +++++++++++++++++++++++++++++++++++++++++++++++
src/pk-security.h | 60 +++++++++++++
5 files changed, 402 insertions(+), 109 deletions(-)
New commits:
commit ca9616b5f2ef3b5c64b0931052d35b0343c61a20
Author: Richard Hughes <richard at hughsie.com>
Date: Fri Oct 19 20:01:55 2007 +0100
modularize the security frameworks so others can be compiled in
diff --git a/src/Makefile.am b/src/Makefile.am
index 92ab7f5..4f99bb7 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -45,6 +45,8 @@ packagekitd_SOURCES = \
pk-backend-internal.h \
pk-backend.c \
pk-backend.h \
+ pk-security.h \
+ pk-security-polkit.c \
pk-conf.c \
pk-conf.h \
pk-spawn.c \
@@ -145,6 +147,7 @@ pk_self_test_CPPFLAGS= \
EXTRA_DIST = \
pk-marshal.list \
+ pk-security-dummy.c \
pk-interface.xml \
$(NULL)
diff --git a/src/pk-engine.c b/src/pk-engine.c
index 21b3003..540c89b 100644
--- a/src/pk-engine.c
+++ b/src/pk-engine.c
@@ -36,8 +36,6 @@
#include <glib/gi18n.h>
#include <dbus/dbus-glib.h>
#include <dbus/dbus-glib-lowlevel.h>
-#include <polkit/polkit.h>
-#include <polkit-dbus/polkit-dbus.h>
#include <pk-package-id.h>
#include <pk-package-list.h>
@@ -53,6 +51,7 @@
#include "pk-transaction-list.h"
#include "pk-inhibit.h"
#include "pk-marshal.h"
+#include "pk-security.h"
static void pk_engine_class_init (PkEngineClass *klass);
static void pk_engine_init (PkEngine *engine);
@@ -63,8 +62,6 @@ static void pk_engine_finalize (GObject *object);
struct PkEnginePrivate
{
GTimer *timer;
- PolKitContext *pk_context;
- DBusConnection *connection;
gchar *backend;
PkTransactionList *transaction_list;
PkTransactionDb *transaction_db;
@@ -72,6 +69,7 @@ struct PkEnginePrivate
PkPackageList *updates_cache;
PkInhibit *inhibit;
PkNetwork *network;
+ PkSecurity *security;
PkEnumList *actions;
PkEnumList *groups;
PkEnumList *filters;
@@ -786,53 +784,17 @@ pk_engine_get_tid (PkEngine *engine, gchar **tid, GError **error)
}
/**
- * pk_engine_can_do_action:
- **/
-static PolKitResult
-pk_engine_can_do_action (PkEngine *engine, const gchar *dbus_name, const gchar *action)
-{
- PolKitResult pk_result;
- PolKitAction *pk_action;
- PolKitCaller *pk_caller;
- DBusError dbus_error;
-
- /* set action */
- pk_action = polkit_action_new ();
- polkit_action_set_action_id (pk_action, action);
-
- /* set caller */
- pk_debug ("using caller %s", dbus_name);
- dbus_error_init (&dbus_error);
- pk_caller = polkit_caller_new_from_dbus_name (engine->priv->connection, dbus_name, &dbus_error);
- if (pk_caller == NULL) {
- if (dbus_error_is_set (&dbus_error)) {
- pk_error ("error: polkit_caller_new_from_dbus_name(): %s: %s\n",
- dbus_error.name, dbus_error.message);
- }
- }
-
- pk_result = polkit_context_can_caller_do_action (engine->priv->pk_context, pk_action, pk_caller);
- pk_debug ("PolicyKit result = '%s'", polkit_result_to_string_representation (pk_result));
-
- polkit_action_unref (pk_action);
- polkit_caller_unref (pk_caller);
-
- return pk_result;
-}
-
-/**
* pk_engine_action_is_allowed:
*
* Only valid from an async caller, which is fine, as we won't prompt the user
* when not async.
**/
static gboolean
-pk_engine_action_is_allowed (PkEngine *engine, const gchar *dbus_name,
+pk_engine_action_is_allowed (PkEngine *engine, const gchar *dbus_sender,
PkRoleEnum role, GError **error)
{
- PolKitResult pk_result;
- const gchar *policy = NULL;
gboolean ret;
+ gchar *error_detail;
/* could we actually do this, even with the right permissions? */
ret = pk_enum_list_contains (engine->priv->actions, role);
@@ -842,34 +804,10 @@ pk_engine_action_is_allowed (PkEngine *engine, const gchar *dbus_name,
return FALSE;
}
-#ifdef IGNORE_POLKIT
- return TRUE;
-#endif
-
- /* map the roles to policykit rules */
- if (role == PK_ROLE_ENUM_UPDATE_PACKAGE ||
- role == PK_ROLE_ENUM_UPDATE_SYSTEM) {
- policy = "org.freedesktop.packagekit.update";
- } else if (role == PK_ROLE_ENUM_REMOVE_PACKAGE) {
- policy = "org.freedesktop.packagekit.remove";
- } else if (role == PK_ROLE_ENUM_INSTALL_PACKAGE) {
- policy = "org.freedesktop.packagekit.install";
- } else if (role == PK_ROLE_ENUM_INSTALL_FILE) {
- policy = "org.freedesktop.packagekit.localinstall";
- } else if (role == PK_ROLE_ENUM_ROLLBACK) {
- policy = "org.freedesktop.packagekit.rollback";
- } else if (role == PK_ROLE_ENUM_REPO_ENABLE ||
- role == PK_ROLE_ENUM_REPO_SET_DATA) {
- policy = "org.freedesktop.packagekit.repo-change";
- } else {
- pk_error ("policykit type required for '%s'", pk_role_enum_to_text (role));
- }
-
- /* get the dbus sender */
- pk_result = pk_engine_can_do_action (engine, dbus_name, policy);
- if (pk_result != POLKIT_RESULT_YES) {
- *error = g_error_new (PK_ENGINE_ERROR, PK_ENGINE_ERROR_REFUSED_BY_POLICY,
- "%s %s", policy, polkit_result_to_string_representation (pk_result));
+ /* use security model to get auth */
+ ret = pk_security_action_is_allowed (engine->priv->security, dbus_sender, role, &error_detail);
+ if (ret == FALSE) {
+ *error = g_error_new (PK_ENGINE_ERROR, PK_ENGINE_ERROR_REFUSED_BY_POLICY, error_detail);
return FALSE;
}
return TRUE;
@@ -1551,7 +1489,7 @@ pk_engine_update_system (PkEngine *engine, const gchar *tid, DBusGMethodInvocati
return;
}
- /* check with PolicyKit if the action is allowed from this client - if not, set an error */
+ /* check if the action is allowed from this client - if not, set an error */
ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_UPDATE_SYSTEM, &error);
if (ret == FALSE) {
dbus_g_method_return_error (context, error);
@@ -1628,7 +1566,7 @@ pk_engine_remove_package (PkEngine *engine, const gchar *tid, const gchar *packa
return;
}
- /* check with PolicyKit if the action is allowed from this client - if not, set an error */
+ /* check if the action is allowed from this client - if not, set an error */
ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_REMOVE_PACKAGE, &error);
if (ret == FALSE) {
dbus_g_method_return_error (context, error);
@@ -1699,7 +1637,7 @@ pk_engine_install_package (PkEngine *engine, const gchar *tid, const gchar *pack
return;
}
- /* check with PolicyKit if the action is allowed from this client - if not, set an error */
+ /* check if the action is allowed from this client - if not, set an error */
ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_INSTALL_PACKAGE, &error);
if (ret == FALSE) {
dbus_g_method_return_error (context, error);
@@ -1761,7 +1699,7 @@ pk_engine_install_file (PkEngine *engine, const gchar *tid, const gchar *full_pa
return;
}
- /* check with PolicyKit if the action is allowed from this client - if not, set an error */
+ /* check if the action is allowed from this client - if not, set an error */
ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_INSTALL_FILE, &error);
if (ret == FALSE) {
dbus_g_method_return_error (context, error);
@@ -1823,7 +1761,7 @@ pk_engine_rollback (PkEngine *engine, const gchar *tid, const gchar *transaction
return;
}
- /* check with PolicyKit if the action is allowed from this client - if not, set an error */
+ /* check if the action is allowed from this client - if not, set an error */
ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_ROLLBACK, &error);
if (ret == FALSE) {
dbus_g_method_return_error (context, error);
@@ -1894,7 +1832,7 @@ pk_engine_update_package (PkEngine *engine, const gchar *tid, const gchar *packa
return;
}
- /* check with PolicyKit if the action is allowed from this client - if not, set an error */
+ /* check if the action is allowed from this client - if not, set an error */
ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_UPDATE_PACKAGE, &error);
if (ret == FALSE) {
dbus_g_method_return_error (context, error);
@@ -1995,7 +1933,7 @@ pk_engine_repo_enable (PkEngine *engine, const gchar *tid, const gchar *repo_id,
return;
}
- /* check with PolicyKit if the action is allowed from this client - if not, set an error */
+ /* check if the action is allowed from this client - if not, set an error */
ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_REPO_ENABLE, &error);
if (ret == FALSE) {
dbus_g_method_return_error (context, error);
@@ -2058,7 +1996,7 @@ pk_engine_repo_set_data (PkEngine *engine, const gchar *tid, const gchar *repo_i
return;
}
- /* check with PolicyKit if the action is allowed from this client - if not, set an error */
+ /* check if the action is allowed from this client - if not, set an error */
ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_REPO_SET_DATA, &error);
if (ret == FALSE) {
dbus_g_method_return_error (context, error);
@@ -2523,10 +2461,6 @@ pk_engine_class_init (PkEngineClass *klass)
static void
pk_engine_init (PkEngine *engine)
{
- DBusError dbus_error;
- polkit_bool_t retval;
- PolKitError *pk_error;
-
engine->priv = PK_ENGINE_GET_PRIVATE (engine);
engine->priv->timer = g_timer_new ();
engine->priv->backend = NULL;
@@ -2537,6 +2471,9 @@ pk_engine_init (PkEngine *engine)
/* we dont need this, just don't keep creating and destroying it */
engine->priv->network = pk_network_new ();
+ /* we need an auth framework */
+ engine->priv->security = pk_security_new ();
+
engine->priv->transaction_list = pk_transaction_list_new ();
g_signal_connect (engine->priv->transaction_list, "changed",
G_CALLBACK (pk_engine_transaction_list_changed_cb), engine);
@@ -2549,22 +2486,6 @@ pk_engine_init (PkEngine *engine)
engine->priv->transaction_db = pk_transaction_db_new ();
g_signal_connect (engine->priv->transaction_db, "transaction",
G_CALLBACK (pk_engine_transaction_cb), engine);
-
- /* get a connection to the bus */
- dbus_error_init (&dbus_error);
- engine->priv->connection = dbus_bus_get (DBUS_BUS_SYSTEM, &dbus_error);
- if (engine->priv->connection == NULL) {
- pk_error ("failed to get system connection %s: %s\n", dbus_error.name, dbus_error.message);
- }
-
- /* get PolicyKit context */
- engine->priv->pk_context = polkit_context_new ();
- pk_error = NULL;
- retval = polkit_context_init (engine->priv->pk_context, &pk_error);
- if (retval == FALSE) {
- pk_error ("Could not init PolicyKit context: %s", polkit_error_get_error_message (pk_error));
- polkit_error_free (pk_error);
- }
}
/**
@@ -2586,7 +2507,6 @@ pk_engine_finalize (GObject *object)
/* compulsory gobjects */
g_timer_destroy (engine->priv->timer);
g_free (engine->priv->backend);
- polkit_context_unref (engine->priv->pk_context);
g_object_unref (engine->priv->inhibit);
g_object_unref (engine->priv->transaction_list);
g_object_unref (engine->priv->transaction_db);
@@ -2594,6 +2514,7 @@ pk_engine_finalize (GObject *object)
g_object_unref (engine->priv->groups);
g_object_unref (engine->priv->filters);
g_object_unref (engine->priv->network);
+ g_object_unref (engine->priv->security);
if (engine->priv->updates_cache != NULL) {
pk_debug ("unreffing updates cache");
diff --git a/src/pk-security-dummy.c b/src/pk-security-dummy.c
new file mode 100644
index 0000000..afb7d22
--- /dev/null
+++ b/src/pk-security-dummy.c
@@ -0,0 +1,108 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*-
+ *
+ * Copyright (C) 2007 Richard Hughes <richard at hughsie.com>
+ *
+ * Licensed under the GNU General Public License Version 2
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/time.h>
+#include <sys/types.h>
+
+#include <glib/gi18n.h>
+#include <glib.h>
+
+#include <pk-enum.h>
+
+#include "pk-debug.h"
+#include "pk-security.h"
+
+#define PK_SECURITY_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), PK_TYPE_SECURITY, PkSecurityPrivate))
+
+struct PkSecurityPrivate
+{
+ gpointer data;
+};
+
+G_DEFINE_TYPE (PkSecurity, pk_security, G_TYPE_OBJECT)
+
+/**
+ * pk_security_action_is_allowed:
+ *
+ * Only valid from an async caller, which is fine, as we won't prompt the user
+ * when not async.
+ **/
+gboolean
+pk_security_action_is_allowed (PkSecurity *security, const gchar *dbus_sender,
+ PkRoleEnum role, gchar **error_detail)
+{
+ g_return_val_if_fail (security != NULL, FALSE);
+ g_return_val_if_fail (PK_IS_SECURITY (security), FALSE);
+ return TRUE;
+}
+
+/**
+ * pk_security_finalize:
+ **/
+static void
+pk_security_finalize (GObject *object)
+{
+ PkSecurity *security;
+ g_return_if_fail (object != NULL);
+ g_return_if_fail (PK_IS_SECURITY (object));
+ security = PK_SECURITY (object);
+ G_OBJECT_CLASS (pk_security_parent_class)->finalize (object);
+}
+
+/**
+ * pk_security_class_init:
+ **/
+static void
+pk_security_class_init (PkSecurityClass *klass)
+{
+ GObjectClass *object_class = G_OBJECT_CLASS (klass);
+ object_class->finalize = pk_security_finalize;
+ g_type_class_add_private (klass, sizeof (PkSecurityPrivate));
+}
+
+/**
+ * pk_security_init:
+ *
+ * initialises the security class. NOTE: We expect security objects
+ * to *NOT* be removed or added during the session.
+ * We only control the first security object if there are more than one.
+ **/
+static void
+pk_security_init (PkSecurity *security)
+{
+ pk_warning ("THERE IS NO SECURITY MODEL BEING USED!!!");
+}
+
+/**
+ * pk_security_new:
+ * Return value: A new security class instance.
+ **/
+PkSecurity *
+pk_security_new (void)
+{
+ PkSecurity *security;
+ security = g_object_new (PK_TYPE_SECURITY, NULL);
+ return PK_SECURITY (security);
+}
+
diff --git a/src/pk-security-polkit.c b/src/pk-security-polkit.c
new file mode 100644
index 0000000..b304259
--- /dev/null
+++ b/src/pk-security-polkit.c
@@ -0,0 +1,203 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*-
+ *
+ * Copyright (C) 2007 Richard Hughes <richard at hughsie.com>
+ *
+ * Licensed under the GNU General Public License Version 2
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/time.h>
+#include <sys/types.h>
+
+#include <glib/gi18n.h>
+#include <glib.h>
+#include <dbus/dbus-glib.h>
+
+#include <polkit/polkit.h>
+#include <polkit-dbus/polkit-dbus.h>
+
+#include <pk-enum.h>
+
+#include "pk-debug.h"
+#include "pk-security.h"
+
+#define PK_SECURITY_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), PK_TYPE_SECURITY, PkSecurityPrivate))
+
+struct PkSecurityPrivate
+{
+ PolKitContext *pk_context;
+ DBusConnection *connection;
+};
+
+G_DEFINE_TYPE (PkSecurity, pk_security, G_TYPE_OBJECT)
+
+/**
+ * pk_security_can_do_action:
+ **/
+static PolKitResult
+pk_security_can_do_action (PkSecurity *security, const gchar *dbus_sender, const gchar *action)
+{
+ PolKitResult pk_result;
+ PolKitAction *pk_action;
+ PolKitCaller *pk_caller;
+ DBusError dbus_error;
+
+ /* set action */
+ pk_action = polkit_action_new ();
+ polkit_action_set_action_id (pk_action, action);
+
+ /* set caller */
+ pk_debug ("using caller %s", dbus_sender);
+ dbus_error_init (&dbus_error);
+ pk_caller = polkit_caller_new_from_dbus_name (security->priv->connection, dbus_sender, &dbus_error);
+ if (pk_caller == NULL) {
+ if (dbus_error_is_set (&dbus_error)) {
+ pk_error ("error: polkit_caller_new_from_dbus_name(): %s: %s\n",
+ dbus_error.name, dbus_error.message);
+ }
+ }
+
+ pk_result = polkit_context_can_caller_do_action (security->priv->pk_context, pk_action, pk_caller);
+ pk_debug ("PolicyKit result = '%s'", polkit_result_to_string_representation (pk_result));
+
+ polkit_action_unref (pk_action);
+ polkit_caller_unref (pk_caller);
+
+ return pk_result;
+}
+
+/**
+ * pk_security_action_is_allowed:
+ *
+ * Only valid from an async caller, which is fine, as we won't prompt the user
+ * when not async.
+ **/
+gboolean
+pk_security_action_is_allowed (PkSecurity *security, const gchar *dbus_sender,
+ PkRoleEnum role, gchar **error_detail)
+{
+ PolKitResult pk_result;
+ const gchar *policy = NULL;
+
+ g_return_val_if_fail (security != NULL, FALSE);
+ g_return_val_if_fail (PK_IS_SECURITY (security), FALSE);
+
+ /* map the roles to policykit rules */
+ if (role == PK_ROLE_ENUM_UPDATE_PACKAGE ||
+ role == PK_ROLE_ENUM_UPDATE_SYSTEM) {
+ policy = "org.freedesktop.packagekit.update";
+ } else if (role == PK_ROLE_ENUM_REMOVE_PACKAGE) {
+ policy = "org.freedesktop.packagekit.remove";
+ } else if (role == PK_ROLE_ENUM_INSTALL_PACKAGE) {
+ policy = "org.freedesktop.packagekit.install";
+ } else if (role == PK_ROLE_ENUM_INSTALL_FILE) {
+ policy = "org.freedesktop.packagekit.localinstall";
+ } else if (role == PK_ROLE_ENUM_ROLLBACK) {
+ policy = "org.freedesktop.packagekit.rollback";
+ } else if (role == PK_ROLE_ENUM_REPO_ENABLE ||
+ role == PK_ROLE_ENUM_REPO_SET_DATA) {
+ policy = "org.freedesktop.packagekit.repo-change";
+ } else {
+ pk_error ("policykit type required for '%s'", pk_role_enum_to_text (role));
+ }
+
+ /* get the dbus sender */
+ pk_result = pk_security_can_do_action (security, dbus_sender, policy);
+ if (pk_result != POLKIT_RESULT_YES) {
+ if (error_detail != NULL) {
+ *error_detail = g_strdup_printf ("%s %s", policy, polkit_result_to_string_representation (pk_result));
+ }
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/**
+ * pk_security_finalize:
+ **/
+static void
+pk_security_finalize (GObject *object)
+{
+ PkSecurity *security;
+ g_return_if_fail (object != NULL);
+ g_return_if_fail (PK_IS_SECURITY (object));
+ security = PK_SECURITY (object);
+
+ /* unref PolicyKit */
+ polkit_context_unref (security->priv->pk_context);
+
+ G_OBJECT_CLASS (pk_security_parent_class)->finalize (object);
+}
+
+/**
+ * pk_security_class_init:
+ **/
+static void
+pk_security_class_init (PkSecurityClass *klass)
+{
+ GObjectClass *object_class = G_OBJECT_CLASS (klass);
+ object_class->finalize = pk_security_finalize;
+ g_type_class_add_private (klass, sizeof (PkSecurityPrivate));
+}
+
+/**
+ * pk_security_init:
+ *
+ * initialises the security class. NOTE: We expect security objects
+ * to *NOT* be removed or added during the session.
+ * We only control the first security object if there are more than one.
+ **/
+static void
+pk_security_init (PkSecurity *security)
+{
+ PolKitError *pk_error;
+ polkit_bool_t retval;
+ DBusError dbus_error;
+
+ security->priv = PK_SECURITY_GET_PRIVATE (security);
+
+ /* get a connection to the bus */
+ dbus_error_init (&dbus_error);
+ security->priv->connection = dbus_bus_get (DBUS_BUS_SYSTEM, &dbus_error);
+ if (security->priv->connection == NULL) {
+ pk_error ("failed to get system connection %s: %s\n", dbus_error.name, dbus_error.message);
+ }
+
+ /* get PolicyKit context */
+ security->priv->pk_context = polkit_context_new ();
+ pk_error = NULL;
+ retval = polkit_context_init (security->priv->pk_context, &pk_error);
+ if (retval == FALSE) {
+ pk_error ("Could not init PolicyKit context: %s", polkit_error_get_error_message (pk_error));
+ polkit_error_free (pk_error);
+ }
+}
+
+/**
+ * pk_security_new:
+ * Return value: A new security class instance.
+ **/
+PkSecurity *
+pk_security_new (void)
+{
+ PkSecurity *security;
+ security = g_object_new (PK_TYPE_SECURITY, NULL);
+ return PK_SECURITY (security);
+}
+
diff --git a/src/pk-security.h b/src/pk-security.h
new file mode 100644
index 0000000..7d762cc
--- /dev/null
+++ b/src/pk-security.h
@@ -0,0 +1,60 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*-
+ *
+ * Copyright (C) 2007 Richard Hughes <richard at hughsie.com>
+ *
+ * Licensed under the GNU General Public License Version 2
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#ifndef __PK_SECURITY_H
+#define __PK_SECURITY_H
+
+#include <glib-object.h>
+#include <pk-enum.h>
+
+G_BEGIN_DECLS
+
+#define PK_TYPE_SECURITY (pk_security_get_type ())
+#define PK_SECURITY(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), PK_TYPE_SECURITY, PkSecurity))
+#define PK_SECURITY_CLASS(k) (G_TYPE_CHECK_CLASS_CAST((k), PK_TYPE_SECURITY, PkSecurityClass))
+#define PK_IS_SECURITY(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), PK_TYPE_SECURITY))
+#define PK_IS_SECURITY_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), PK_TYPE_SECURITY))
+#define PK_SECURITY_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), PK_TYPE_SECURITY, PkSecurityClass))
+
+typedef struct PkSecurityPrivate PkSecurityPrivate;
+
+typedef struct
+{
+ GObject parent;
+ PkSecurityPrivate *priv;
+} PkSecurity;
+
+typedef struct
+{
+ GObjectClass parent_class;
+} PkSecurityClass;
+
+GType pk_security_get_type (void);
+PkSecurity *pk_security_new (void);
+
+gboolean pk_security_action_is_allowed (PkSecurity *security,
+ const gchar *dbus_sender,
+ PkRoleEnum role,
+ gchar **error_detail);
+
+G_END_DECLS
+
+#endif /* __PK_SECURITY_H */
commit 7c77a955487d43b33ae1997a947dc2425b1ff679
Author: Richard Hughes <richard at hughsie.com>
Date: Fri Oct 19 19:32:30 2007 +0100
don't use the context, send the dbus name
diff --git a/src/pk-engine.c b/src/pk-engine.c
index 67645e0..21b3003 100644
--- a/src/pk-engine.c
+++ b/src/pk-engine.c
@@ -827,11 +827,10 @@ pk_engine_can_do_action (PkEngine *engine, const gchar *dbus_name, const gchar *
* when not async.
**/
static gboolean
-pk_engine_action_is_allowed (PkEngine *engine, DBusGMethodInvocation *context,
+pk_engine_action_is_allowed (PkEngine *engine, const gchar *dbus_name,
PkRoleEnum role, GError **error)
{
PolKitResult pk_result;
- const gchar *dbus_name;
const gchar *policy = NULL;
gboolean ret;
@@ -867,7 +866,6 @@ pk_engine_action_is_allowed (PkEngine *engine, DBusGMethodInvocation *context,
}
/* get the dbus sender */
- dbus_name = dbus_g_method_get_sender (context);
pk_result = pk_engine_can_do_action (engine, dbus_name, policy);
if (pk_result != POLKIT_RESULT_YES) {
*error = g_error_new (PK_ENGINE_ERROR, PK_ENGINE_ERROR_REFUSED_BY_POLICY,
@@ -1554,7 +1552,7 @@ pk_engine_update_system (PkEngine *engine, const gchar *tid, DBusGMethodInvocati
}
/* check with PolicyKit if the action is allowed from this client - if not, set an error */
- ret = pk_engine_action_is_allowed (engine, context, PK_ROLE_ENUM_UPDATE_SYSTEM, &error);
+ ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_UPDATE_SYSTEM, &error);
if (ret == FALSE) {
dbus_g_method_return_error (context, error);
return;
@@ -1631,7 +1629,7 @@ pk_engine_remove_package (PkEngine *engine, const gchar *tid, const gchar *packa
}
/* check with PolicyKit if the action is allowed from this client - if not, set an error */
- ret = pk_engine_action_is_allowed (engine, context, PK_ROLE_ENUM_REMOVE_PACKAGE, &error);
+ ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_REMOVE_PACKAGE, &error);
if (ret == FALSE) {
dbus_g_method_return_error (context, error);
return;
@@ -1702,7 +1700,7 @@ pk_engine_install_package (PkEngine *engine, const gchar *tid, const gchar *pack
}
/* check with PolicyKit if the action is allowed from this client - if not, set an error */
- ret = pk_engine_action_is_allowed (engine, context, PK_ROLE_ENUM_INSTALL_PACKAGE, &error);
+ ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_INSTALL_PACKAGE, &error);
if (ret == FALSE) {
dbus_g_method_return_error (context, error);
return;
@@ -1764,7 +1762,7 @@ pk_engine_install_file (PkEngine *engine, const gchar *tid, const gchar *full_pa
}
/* check with PolicyKit if the action is allowed from this client - if not, set an error */
- ret = pk_engine_action_is_allowed (engine, context, PK_ROLE_ENUM_INSTALL_FILE, &error);
+ ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_INSTALL_FILE, &error);
if (ret == FALSE) {
dbus_g_method_return_error (context, error);
return;
@@ -1826,7 +1824,7 @@ pk_engine_rollback (PkEngine *engine, const gchar *tid, const gchar *transaction
}
/* check with PolicyKit if the action is allowed from this client - if not, set an error */
- ret = pk_engine_action_is_allowed (engine, context, PK_ROLE_ENUM_ROLLBACK, &error);
+ ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_ROLLBACK, &error);
if (ret == FALSE) {
dbus_g_method_return_error (context, error);
return;
@@ -1897,7 +1895,7 @@ pk_engine_update_package (PkEngine *engine, const gchar *tid, const gchar *packa
}
/* check with PolicyKit if the action is allowed from this client - if not, set an error */
- ret = pk_engine_action_is_allowed (engine, context, PK_ROLE_ENUM_UPDATE_PACKAGE, &error);
+ ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_UPDATE_PACKAGE, &error);
if (ret == FALSE) {
dbus_g_method_return_error (context, error);
return;
@@ -1998,7 +1996,7 @@ pk_engine_repo_enable (PkEngine *engine, const gchar *tid, const gchar *repo_id,
}
/* check with PolicyKit if the action is allowed from this client - if not, set an error */
- ret = pk_engine_action_is_allowed (engine, context, PK_ROLE_ENUM_REPO_ENABLE, &error);
+ ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_REPO_ENABLE, &error);
if (ret == FALSE) {
dbus_g_method_return_error (context, error);
return;
@@ -2061,7 +2059,7 @@ pk_engine_repo_set_data (PkEngine *engine, const gchar *tid, const gchar *repo_i
}
/* check with PolicyKit if the action is allowed from this client - if not, set an error */
- ret = pk_engine_action_is_allowed (engine, context, PK_ROLE_ENUM_REPO_SET_DATA, &error);
+ ret = pk_engine_action_is_allowed (engine, dbus_g_method_get_sender (context), PK_ROLE_ENUM_REPO_SET_DATA, &error);
if (ret == FALSE) {
dbus_g_method_return_error (context, error);
return;
More information about the PackageKit
mailing list