From 4587a7037d05f4113b2e860afd634d01ec425d9e Mon Sep 17 00:00:00 2001 From: Bastien Nocera <hadess@hadess.net> Date: Fri, 11 Sep 2009 16:34:45 +0100 Subject: [PATCH] Port to PolicyKit 1.0 - Port backend and policykit code to PolicyKit 1.0 - Rename mechanism's configuration file, as PolicyKit would ignore it otherwise --- Makefile.am | 2 +- configure.ac | 5 +-- data/Makefile.am | 6 ++-- data/gnome-lirc-properties-mechanism.policy.in | 22 ------------- data/org.gnome.lirc-properties.mechanism.policy.in | 22 +++++++++++++ gnome_lirc_properties/backend.py | 23 +++++++------ gnome_lirc_properties/policykit.py | 34 ++++++++----------- 7 files changed, 55 insertions(+), 59 deletions(-) delete mode 100644 data/gnome-lirc-properties-mechanism.policy.in create mode 100644 data/org.gnome.lirc-properties.mechanism.policy.in diff --git a/Makefile.am b/Makefile.am index b8dcf64..b4b2a55 100644 --- a/Makefile.am +++ b/Makefile.am @@ -20,7 +20,7 @@ DISTCLEANFILES = \ intltool-update DISTCHECK_CONFIGURE_FLAGS = \ - --disable-scrollkeeper --disable-policy-kit + --disable-scrollkeeper # Build ChangeLog from GIT history ChangeLog: diff --git a/configure.ac b/configure.ac index 17551a4..97188c3 100644 --- a/configure.ac +++ b/configure.ac @@ -36,8 +36,7 @@ AC_ARG_ENABLE([policy-kit], if test "$enable_policy_kit" != no then - PKG_CHECK_MODULES([POLICY_KIT], [polkit >= 0.7 - polkit-gnome >= 0.7]) + PKG_CHECK_MODULES([POLICY_KIT], [polkit-backend-1]) ENABLE_POLICY_KIT=True enable_policy_kit=yes else @@ -184,7 +183,7 @@ dnl generate files === AC_CONFIG_FILES([Makefile data/Makefile data/gnome-lirc-properties.desktop.in - data/gnome-lirc-properties-mechanism.policy + data/org.gnome.lirc-properties.mechanism.policy data/org.gnome.LircProperties.Mechanism.service data/icons/Makefile data/icons/16x16/Makefile diff --git a/data/Makefile.am b/data/Makefile.am index 8e98529..537f42b 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -5,9 +5,9 @@ SUBDIRS = icons dbusconfdir = $(sysconfdir)/dbus-1/system.d dbusconf_DATA = org.gnome.LircProperties.Mechanism.conf -policykitpolicydir = $(datadir)/PolicyKit/policy -policykitpolicy_in_files = gnome-lirc-properties-mechanism.policy.in -policykitpolicy_DATA = gnome-lirc-properties-mechanism.policy +policykitpolicydir = $(datadir)/polkit-1/actions +policykitpolicy_in_files = org.gnome.lirc-properties.mechanism.policy.in +policykitpolicy_DATA = org.gnome.lirc-properties.mechanism.policy # The .service file is generated from a .service.in file # so that the install location can be inserted. diff --git a/data/gnome-lirc-properties-mechanism.policy.in b/data/gnome-lirc-properties-mechanism.policy.in deleted file mode 100644 index e99b880..0000000 --- a/data/gnome-lirc-properties-mechanism.policy.in +++ /dev/null @@ -1,22 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE policyconfig PUBLIC - "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" - "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd"> - -<!-- needs i18n work --> - -<policyconfig> - <vendor>Fluendo Embedded S.L.</vendor> - <vendor_url>http://www.fluendo.com/</vendor_url> - <icon_name>gnome-lirc-properties</icon_name> - - <action id="@POLICY_KIT_ACTION@"> - <description>Change LIRC Configuration</description> - <message>Changing the LIRC configuration requires privileges.</message> - <defaults> - <allow_inactive>no</allow_inactive> - <allow_active>auth_self_keep_always</allow_active> - </defaults> - </action> - -</policyconfig> diff --git a/data/org.gnome.lirc-properties.mechanism.policy.in b/data/org.gnome.lirc-properties.mechanism.policy.in new file mode 100644 index 0000000..9677d36 --- /dev/null +++ b/data/org.gnome.lirc-properties.mechanism.policy.in @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" + "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd"> + +<!-- needs i18n work --> + +<policyconfig> + <vendor>Fluendo Embedded S.L.</vendor> + <vendor_url>http://www.fluendo.com/</vendor_url> + <icon_name>gnome-lirc-properties</icon_name> + + <action id="@POLICY_KIT_ACTION@"> + <description>Change LIRC Configuration</description> + <message>Changing the LIRC configuration requires privileges.</message> + <defaults> + <allow_inactive>no</allow_inactive> + <allow_active>auth_self_keep</allow_active> + </defaults> + </action> + +</policyconfig> diff --git a/gnome_lirc_properties/backend.py b/gnome_lirc_properties/backend.py index 881b7df..2475b21 100644 --- a/gnome_lirc_properties/backend.py +++ b/gnome_lirc_properties/backend.py @@ -63,17 +63,20 @@ class PolicyKitService(dbus.service.Object): try: if sender: - kit = dbus.SystemBus().get_object('org.freedesktop.PolicyKit', '/') - kit = dbus.Interface(kit, 'org.freedesktop.PolicyKit') - - # Note that we don't use IsProcessAuthorized because we have - # no ways to get the PID of the front-end, so we're left - # with checking that its bus name is authorised instead - # See http://bugzilla.gnome.org/show_bug.cgi?id=540912 - granted = kit.IsSystemBusNameAuthorized(action, sender, False) + kit = dbus.SystemBus().get_object('org.freedesktop.PolicyKit1', '/org/freedesktop/PolicyKit1/Authority') + kit = dbus.Interface(kit, 'org.freedesktop.PolicyKit1.Authority') + + # Note that we don't use CheckAuthorization with bus name + # details because we have no ways to get the PID of the + # front-end, so we're left with checking that its bus name + # is authorised instead + # See http://bugzilla.gnome.org/show_bug.cgi?id=540912 + (granted, _, details) = kit.CheckAuthorization( + ('system-bus-name', {'name': sender}), + action, {}, dbus.UInt32(1), '', timeout=600) logging.info('authorization of system bus name \'%s\': %r', sender, granted) - if 'yes' != granted: + if not granted: raise AccessDeniedException('Session not authorized by PolicyKit') except AccessDeniedException: @@ -484,7 +487,7 @@ class BackendService(PolicyKitService): INTERFACE_NAME = 'org.gnome.LircProperties.Mechanism' SERVICE_NAME = 'org.gnome.LircProperties.Mechanism' - IDLE_TIMEOUT = 30 + IDLE_TIMEOUT = 300 # These are extra fields set by our GUI: diff --git a/gnome_lirc_properties/policykit.py b/gnome_lirc_properties/policykit.py index f60c1f8..750883c 100644 --- a/gnome_lirc_properties/policykit.py +++ b/gnome_lirc_properties/policykit.py @@ -39,42 +39,36 @@ class PolicyKitAuthentication(object): return True # Check whether the process is authorized: - pid = dbus.UInt32(os.getpid()) - authorized = self.policy_kit.IsProcessAuthorized(action_id, pid, False) - logging.debug('%s: authorized=%r', action_id, authorized) + pid = os.getpid() + (is_auth, _, details) = self.policy_kit.CheckAuthorization( + ('unix-process', {'pid': dbus.UInt32(pid, variant_level=1)}), + action_id, {}, dbus.UInt32(0), '', timeout=600) + logging.debug('%s: authorized=%r', action_id, is_auth) - return ('yes' == authorized) + return bool(is_auth) def obtain_authorization(self, widget, action_id=config.POLICY_KIT_ACTION): ''' - Try to obtain authoriztation for the specified action. + Try to obtain authorization for the specified action. ''' if not config.ENABLE_POLICY_KIT: return True - xid = (widget and widget.get_toplevel().window.xid or 0) - xid, pid = dbus.UInt32(xid), dbus.UInt32(os.getpid()) + pid = os.getpid() + (granted, _, details) = self.policy_kit.CheckAuthorization( + ('unix-process', {'pid': dbus.UInt32(pid, variant_level=1)}), + action_id, {}, dbus.UInt32(1), '', timeout=600) - granted = self.auth_agent.ObtainAuthorization(action_id, xid, pid) logging.debug('%s: granted=%r', action_id, granted) return bool(granted) def __get_policy_kit(self): - '''Retreive the D-Bus interface of PolicyKit.''' + '''Retrieve the D-Bus interface of PolicyKit.''' # retreiving the interface raises DBusException on error: - service = dbus.SystemBus().get_object('org.freedesktop.PolicyKit', '/') - return dbus.Interface(service, 'org.freedesktop.PolicyKit') + service = dbus.SystemBus().get_object('org.freedesktop.PolicyKit1', '/org/freedesktop/PolicyKit1/Authority') + return dbus.Interface(service, 'org.freedesktop.PolicyKit1.Authority') - def __get_auth_agent(self): - '''Retreive the D-Bus interface of the PolicyKit authentication agent.''' - - # retreiving the interface raises DBusException on error: - return dbus.SessionBus().get_object( - 'org.freedesktop.PolicyKit.AuthenticationAgent', '/', - 'org.gnome.PolicyKit.AuthorizationManager.SingleInstance') - - auth_agent = property(__get_auth_agent) policy_kit = property(__get_policy_kit) -- 1.6.2.5