diff options
| author | Marcel Holtmann <marcel@holtmann.org> | 2010-09-09 18:44:06 +0200 |
|---|---|---|
| committer | Marcel Holtmann <marcel@holtmann.org> | 2010-09-09 18:44:06 +0200 |
| commit | 3681fe237d4c9ed4b5a6f432c1002e25964207d8 (patch) | |
| tree | cd665482db7d6c468a95af21b5c05272608843a9 | |
| parent | 494e2a2858e53566ec2afd9e5ac0c092b4e665a4 (diff) | |
| download | connman-3681fe237d4c9ed4b5a6f432c1002e25964207d8.tar.gz connman-3681fe237d4c9ed4b5a6f432c1002e25964207d8.tar.bz2 connman-3681fe237d4c9ed4b5a6f432c1002e25964207d8.zip | |
Update support for PolicyKit with GDBus security integration
| -rw-r--r-- | Makefile.plugins | 5 | ||||
| -rw-r--r-- | configure.ac | 9 | ||||
| -rw-r--r-- | plugins/polkit.c | 146 |
3 files changed, 15 insertions, 145 deletions
diff --git a/Makefile.plugins b/Makefile.plugins index 4ca78d3f..5ce6c52e 100644 --- a/Makefile.plugins +++ b/Makefile.plugins @@ -163,13 +163,10 @@ if POLKIT if POLKIT_BUILTIN builtin_modules += polkit builtin_sources += plugins/polkit.c -builtin_libadd += @POLKIT_LIBS@ -builtin_cflags += @POLKIT_CFLAGS@ else plugin_LTLIBRARIES += plugins/polkit.la plugin_objects += $(plugins_polkit_la_OBJECTS) -plugins_polkit_la_CFLAGS = $(plugin_cflags) @POLKIT_CFLAGS@ -plugins_polkit_la_LIBADD = @POLKIT_LIBS@ @GLIB_LIBS@ +plugins_polkit_la_CFLAGS = $(plugin_cflags) plugins_polkit_la_LDFLAGS = $(plugin_ldflags) endif diff --git a/configure.ac b/configure.ac index 75abaf57..a02d6de3 100644 --- a/configure.ac +++ b/configure.ac @@ -293,13 +293,10 @@ AC_ARG_ENABLE(polkit, AC_HELP_STRING([--enable-polkit], [enable PolicyKit support]), [enable_polkit=${enableval}], [enable_polkit="no"]) if (test "${enable_polkit}" != "no"); then - PKG_CHECK_MODULES(POLKIT, polkit-dbus >= 0.7, dummy=yes, - AC_MSG_ERROR(PolicyKit >= 0.7 is required)) - AC_SUBST(POLKIT_CFLAGS) - AC_SUBST(POLKIT_LIBS) - POLKIT_DATADIR="`$PKG_CONFIG --variable=policydir polkit`" + POLKIT_DATADIR="`$PKG_CONFIG --variable=actiondir polkit`" + POLKIT_DATADIR="" if (test -z "${POLKIT_DATADIR}"); then - POLKIT_DATADIR="${datadir}/PolicyKit/policy" + POLKIT_DATADIR="${datadir}/polkit-1/actions" fi AC_SUBST(POLKIT_DATADIR) fi diff --git a/plugins/polkit.c b/plugins/polkit.c index 8590dde4..be72eb07 100644 --- a/plugins/polkit.c +++ b/plugins/polkit.c @@ -23,156 +23,32 @@ #include <config.h> #endif -#include <errno.h> - -#include <glib.h> -#include <polkit-dbus/polkit-dbus.h> +#include <gdbus.h> #define CONNMAN_API_SUBJECT_TO_CHANGE #include <connman/plugin.h> #include <connman/security.h> -#include <connman/dbus.h> -#include <connman/log.h> - -#define ACTION_MODIFY "org.moblin.connman.modify" -#define ACTION_SECRET "org.moblin.connman.secret" - -static DBusConnection *connection; -static PolKitContext *polkit_context; - -static int polkit_authorize(const char *sender, - enum connman_security_privilege privilege) -{ - DBusError error; - PolKitCaller *caller; - PolKitAction *action; - PolKitResult result; - const char *id = NULL; - - DBG("sender %s", sender); - - switch (privilege) { - case CONNMAN_SECURITY_PRIVILEGE_PUBLIC: - return 0; - case CONNMAN_SECURITY_PRIVILEGE_MODIFY: - id = ACTION_MODIFY; - break; - case CONNMAN_SECURITY_PRIVILEGE_SECRET: - id = ACTION_SECRET; - break; - } - - dbus_error_init(&error); - - caller = polkit_caller_new_from_dbus_name(connection, sender, &error); - if (caller == NULL) { - if (dbus_error_is_set(&error) == TRUE) { - connman_error("%s", error.message); - dbus_error_free(&error); - } else - connman_error("Failed to get caller information"); - return -EIO; - } - - action = polkit_action_new(); - polkit_action_set_action_id(action, id); - - result = polkit_context_is_caller_authorized(polkit_context, - action, caller, TRUE, NULL); - polkit_action_unref(action); - polkit_caller_unref(caller); - - DBG("result %s", polkit_result_to_string_representation(result)); - - if (result == POLKIT_RESULT_NO) - return -EPERM; - - return 0; -} - -static struct connman_security polkit_security = { - .name = "polkit", - .authorize_sender = polkit_authorize, +static const GDBusSecurityTable polkit_security[] = { + { CONNMAN_SECURITY_PRIVILEGE_MODIFY, "org.moblin.connman.modify", + G_DBUS_SECURITY_FLAG_BUILTIN | + G_DBUS_SECURITY_FLAG_ALLOW_INTERACTION }, + { CONNMAN_SECURITY_PRIVILEGE_SECRET, "org.moblin.connman.secret", + G_DBUS_SECURITY_FLAG_BUILTIN | + G_DBUS_SECURITY_FLAG_ALLOW_INTERACTION }, + { } }; -static gboolean watch_event(GIOChannel *channel, GIOCondition condition, - gpointer user_data) -{ - PolKitContext *context = user_data; - int fd; - - DBG("context %p", context); - - fd = g_io_channel_unix_get_fd(channel); - - polkit_context_io_func(context, fd); - - return TRUE; -} - -static int add_watch(PolKitContext *context, int fd) -{ - GIOChannel *channel; - guint id = 0; - - DBG("context %p", context); - - channel = g_io_channel_unix_new(fd); - if (channel == NULL) - return 0; - - id = g_io_add_watch(channel, G_IO_IN, watch_event, context); - - g_io_channel_unref(channel); - - return id; -} - -static void remove_watch(PolKitContext *context, int id) -{ - DBG("context %p", context); - - g_source_remove(id); -} - static int polkit_init(void) { - int err; - - connection = connman_dbus_get_connection(); - if (connection == NULL) - return -EIO; - - polkit_context = polkit_context_new(); - - polkit_context_set_io_watch_functions(polkit_context, - add_watch, remove_watch); - - if (polkit_context_init(polkit_context, NULL) == FALSE) { - connman_error("Can't initialize PolicyKit"); - polkit_context_unref(polkit_context); - dbus_connection_unref(connection); - return -EIO; - } - - err = connman_security_register(&polkit_security); - if (err < 0) { - polkit_context_unref(polkit_context); - dbus_connection_unref(connection); - return err; - } + g_dbus_register_security(polkit_security); return 0; } static void polkit_exit(void) { - connman_security_unregister(&polkit_security); - - polkit_context_unref(polkit_context); - - dbus_connection_unref(connection); + g_dbus_unregister_security(polkit_security); } CONNMAN_PLUGIN_DEFINE(polkit, "PolicyKit authorization plugin", VERSION, |