Add managing of credentials

2 files changed, 48 insertions, 38 deletions

diff --git a/backend/magiback b/backend/magiback
index 796ba78..e7fe881 100755
--- a/backend/magiback
+++ b/backend/magiback
@@ -56,11 +56,15 @@ class Isodumper(raw_write.Dumper):
         self.authorized_sender_read = set()
         self.authorized_sender_write = set()
 
-    def do_write(self,source, target):
-        print("Writing")
-        self.finished.clear()
-        self.thread = threading.Thread(target=self._do_write, args=(source, target, ))
-        self.thread.start()
+    def do_write(self,source, target, dbus_context):
+        if check_permission('org.mageia.Magiback.Isodumper.write',dbus_context):
+            print("Writing")
+            self.finished.clear()
+            self.thread = threading.Thread(target=self._do_write, args=(source, target, ))
+            self.thread.start()
+        else:
+            self.return_message = "Access denied"
+            self.finished.set()
 
     @property
     def done(self):
@@ -75,7 +79,8 @@ class Isodumper(raw_write.Dumper):
         return self.return_state
 
     def end(self):
-        self.thread.join()
+        if hasattr(self, 'thread'):
+            self.thread.join()
         self._progress = 0
         self.finished.clear()
         return self.return_state, self.return_message
@@ -95,32 +100,10 @@ class Isodumper(raw_write.Dumper):
     def run(self):
        self.loop.run()
 
-    def check_permission_write(self, sender):
-        """ Check for senders permission to update system packages"""
-        if sender in self.authorized_sender_write:
-            return
-        else:
-            if self._check_permission(sender, 'org.baseurl.DnfSystem.write'):
-                self.authorized_sender_write.add(sender)
-
-    def _check_permission(self, sender, action):
-        """ Check senders permissions using PolicyKit1
+def check_permission(self, action,dbus_context):
+        """ Check permission
         """
-        if not sender:
-            raise ValueError('sender == None')
-
-        obj = SystemBus().get(
-            'org.freedesktop.PolicyKit1',
-            '/org/freedesktop/PolicyKit1/Authority')
-        iface = obj['org.freedesktop.PolicyKit1.Authority']
-        (granted, _, details) = iface.CheckAuthorization(
-            ('system-bus-name', {'name': sender}), action, {},
-            1, '', timeout=600)
-        if not granted:
-            return False
-        else:
-            return True
-
+        return dbus_context.is_authorized(action, {'polkit.icon_name': 'isodumper.png',}, interactive=True)
   
 class ConfFile(object):
     """
@@ -155,13 +138,14 @@ class ConfFile(object):
                 content += line
         return content
     
-    def saveFile(self, tc):
-        try:
-            with open(self.file_name,'w') as tcf :
-                tcf.write(tc)
-        except:
-            return False
-        return True
+    def saveFile(self, tc, dbus_context):
+        if check_permission('org.mageia.Magiback.write',dbus_context):
+            try:
+                with open(self.file_name,'w') as tcf :
+                    tcf.write(tc)
+            except:
+                return False
+            return True
 
 if __name__ == '__main__':
     print("Running Magiback service.")
diff --git a/polkit/org.mageia.isodumper.policy b/polkit/org.mageia.isodumper.policy
new file mode 100644
index 0000000..d9159b8
--- /dev/null
+++ b/polkit/org.mageia.isodumper.policy
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+<policyconfig>
+  <vendor>Mageia</vendor>
+  <vendor_url>http://www.mageia.org/</vendor_url>
+  <action id="org.mageia.Magiback.Isodumper.write">
+    <description>Isodumper</description>
+    <message>Isodumper requesting write access</message>
+    <defaults>
+      <allow_any>auth_admin</allow_any>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+  </action>
+  <action id="org.mageia.Magiback.write">
+    <description>Manatools</description>
+    <message>Manatools requesting write access</message>
+    <defaults>
+      <allow_any>auth_admin</allow_any>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+  </action>
+</policyconfig>