From 03c0a725b77db0efaeda804e67a2622b426bb8b4 Mon Sep 17 00:00:00 2001 From: Marek Kasik Date: Tue, 16 Feb 2010 20:01:48 +0100 Subject: Port to PolicyKit 1 Signed-off-by: Vincent Untz --- configure.ac | 4 +- src/Makefile.am | 2 +- src/cups-pk-helper-mechanism.c | 101 ++++------------------ src/org.opensuse.cupspkhelper.mechanism.policy.in | 18 ++-- 4 files changed, 31 insertions(+), 94 deletions(-) diff --git a/configure.ac b/configure.ac index 0f6f2ef..5a2bee8 100644 --- a/configure.ac +++ b/configure.ac @@ -43,8 +43,8 @@ fi GLIB_REQUIRED=2.14.0 DBUS_REQUIRED=1.1.2 DBUS_GLIB_REQUIRED=0.74 -POLKIT_DBUS_REQUIRED=0.8 GTK_REQUIRED=2.12.0 +POLKIT_REQUIRED=0.92 # pkg-config dependency checks PKG_CHECK_MODULES(CUPS_PK, glib-2.0 >= $GLIB_REQUIRED \ @@ -53,7 +53,7 @@ PKG_CHECK_MODULES(CUPS_PK, glib-2.0 >= $GLIB_REQUIRED \ gthread-2.0 \ dbus-1 >= $DBUS_REQUIRED \ dbus-glib-1 >= $DBUS_GLIB_REQUIRED \ - polkit-dbus >= $POLKIT_DBUS_REQUIRED) + polkit-gobject-1 >= $POLKIT_REQUIRED) AC_SUBST(CUPS_PK_CFLAGS) AC_SUBST(CUPS_PK_LIBS) diff --git a/src/Makefile.am b/src/Makefile.am index 2bf1dbe..5cdb306 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -46,7 +46,7 @@ BUILT_SOURCES = cups-pk-helper-mechanism-glue.h dbus_servicesdir = $(datadir)/dbus-1/system-services dbus_confdir = $(sysconfdir)/dbus-1/system.d -polkitdir = $(datadir)/PolicyKit/policy +polkitdir = $(datadir)/polkit-1/actions dbus_services_in_files = org.opensuse.CupsPkHelper.Mechanism.service.in polkit_in_files = org.opensuse.cupspkhelper.mechanism.policy.in diff --git a/src/cups-pk-helper-mechanism.c b/src/cups-pk-helper-mechanism.c index 990f123..dede9bc 100644 --- a/src/cups-pk-helper-mechanism.c +++ b/src/cups-pk-helper-mechanism.c @@ -45,7 +45,7 @@ #include #include -#include +#include #include @@ -124,7 +124,7 @@ G_DEFINE_TYPE (CphMechanism, cph_mechanism, G_TYPE_OBJECT) struct CphMechanismPrivate { DBusGConnection *system_bus_connection; - PolKitContext *pol_ctx; + PolkitAuthority *pol_auth; CphCups *cups; }; @@ -200,60 +200,12 @@ cph_mechanism_finalize (GObject *object) G_OBJECT_CLASS (cph_mechanism_parent_class)->finalize (object); } -static gboolean -pk_io_watch_have_data (GIOChannel *channel, - GIOCondition condition, - gpointer user_data) -{ - int fd; - PolKitContext *pk_context; - - pk_context = user_data; - fd = g_io_channel_unix_get_fd (channel); - polkit_context_io_func (pk_context, fd); - - return TRUE; -} - -static int -pk_io_add_watch (PolKitContext *pk_context, - int fd) -{ - guint id; - GIOChannel *channel; - - channel = g_io_channel_unix_new (fd); - if (channel == NULL) - return 0; - - id = g_io_add_watch (channel, G_IO_IN, - pk_io_watch_have_data, pk_context); - - return id; -} - -static void -pk_io_remove_watch (PolKitContext *pk_context, - int watch_id) -{ - g_source_remove (watch_id); -} - static gboolean register_mechanism (CphMechanism *mechanism) { GError *error; - mechanism->priv->pol_ctx = polkit_context_new (); - - polkit_context_set_io_watch_functions (mechanism->priv->pol_ctx, - pk_io_add_watch, - pk_io_remove_watch); - - if (!polkit_context_init (mechanism->priv->pol_ctx, NULL)) { - g_critical ("cannot initialize libpolkit"); - return FALSE; - } + mechanism->priv->pol_auth = polkit_authority_get (); error = NULL; mechanism->priv->system_bus_connection = dbus_g_bus_get (DBUS_BUS_SYSTEM, @@ -299,11 +251,10 @@ _check_polkit_for_action_internal (CphMechanism *mechanism, const char *action_method, GError **error) { - const char *sender; + char *sender; DBusError dbus_error; - PolKitCaller *pk_caller; - PolKitAction *pk_action; - PolKitResult pk_result; + PolkitSubject *pk_caller; + PolkitAuthorizationResult *pk_result; char *action; g_return_val_if_fail (error == NULL || *error == NULL, FALSE); @@ -315,44 +266,30 @@ _check_polkit_for_action_internal (CphMechanism *mechanism, sender = dbus_g_method_get_sender (context); dbus_error_init (&dbus_error); - pk_caller = polkit_caller_new_from_dbus_name ( - dbus_g_connection_get_connection (mechanism->priv->system_bus_connection), - sender, - &dbus_error); - - if (pk_caller == NULL) { - g_set_error (error, - CPH_MECHANISM_ERROR, CPH_MECHANISM_ERROR_GENERAL, - "Error getting information about caller: %s: %s", - dbus_error.name, dbus_error.message); - dbus_error_free (&dbus_error); - g_free (action); - - return FALSE; - } + pk_caller = polkit_system_bus_name_new (sender); + g_free (sender); - pk_action = polkit_action_new (); - polkit_action_set_action_id (pk_action, action); - pk_result = polkit_context_is_caller_authorized (mechanism->priv->pol_ctx, - pk_action, pk_caller, - FALSE, NULL); - polkit_caller_unref (pk_caller); - polkit_action_unref (pk_action); + pk_result = polkit_authority_check_authorization_sync (mechanism->priv->pol_auth, + pk_caller, + action, + NULL, + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION, + NULL, + NULL); + g_object_unref (pk_caller); - if (pk_result != POLKIT_RESULT_YES) { + if (pk_result == NULL || !polkit_authorization_result_get_is_authorized (pk_result)) { g_set_error (error, CPH_MECHANISM_ERROR, CPH_MECHANISM_ERROR_NOT_PRIVILEGED, - "%s %s <-- (action, result)", - action, - polkit_result_to_string_representation (pk_result)); - dbus_error_free (&dbus_error); + "Not Authorized: %s", action); g_free (action); return FALSE; } g_free (action); + g_object_unref (pk_result); return TRUE; } diff --git a/src/org.opensuse.cupspkhelper.mechanism.policy.in b/src/org.opensuse.cupspkhelper.mechanism.policy.in index 858d329..189f665 100644 --- a/src/org.opensuse.cupspkhelper.mechanism.policy.in +++ b/src/org.opensuse.cupspkhelper.mechanism.policy.in @@ -13,7 +13,7 @@ <_message>Privileges are required to get/set server settings. no - auth_admin + auth_admin_keep @@ -22,7 +22,7 @@ <_message>Privileges are required to get devices. no - auth_admin + auth_admin_keep @@ -34,7 +34,7 @@ <_message>Privileges are required to set a printer, or a class, as default printer. no - auth_admin + auth_admin_keep @@ -46,7 +46,7 @@ <_message>Privileges are required to enable/disable a printer, or a class. no - auth_admin + auth_admin_keep @@ -55,7 +55,7 @@ <_message>Privileges are required to add/remove/edit a local printer. no - auth_admin + auth_admin_keep @@ -64,7 +64,7 @@ <_message>Privileges are required to add/remove/edit a remote printer. no - auth_admin + auth_admin_keep @@ -73,7 +73,7 @@ <_message>Privileges are required to add/remove/edit a class. no - auth_admin + auth_admin_keep @@ -91,7 +91,7 @@ <_message>Privileges are required to restart/cancel/edit a job owned by another user. no - auth_admin + auth_admin_keep @@ -101,7 +101,7 @@ <_message>Privileges are required to add/remove/edit a printer. no - auth_admin + auth_admin_keep -- cgit v1.2.3