From 17261cba80b9e589f37519d3b5eb3b6c6038c871 Mon Sep 17 00:00:00 2001 From: Papoteur Date: Tue, 13 Mar 2018 22:57:45 +0100 Subject: Add managing of credentials --- backend/magiback | 60 ++++++++++++++------------------------ polkit/org.mageia.isodumper.policy | 26 +++++++++++++++++ 2 files changed, 48 insertions(+), 38 deletions(-) create mode 100644 polkit/org.mageia.isodumper.policy diff --git a/backend/magiback b/backend/magiback index 796ba78..e7fe881 100755 --- a/backend/magiback +++ b/backend/magiback @@ -56,11 +56,15 @@ class Isodumper(raw_write.Dumper): self.authorized_sender_read = set() self.authorized_sender_write = set() - def do_write(self,source, target): - print("Writing") - self.finished.clear() - self.thread = threading.Thread(target=self._do_write, args=(source, target, )) - self.thread.start() + def do_write(self,source, target, dbus_context): + if check_permission('org.mageia.Magiback.Isodumper.write',dbus_context): + print("Writing") + self.finished.clear() + self.thread = threading.Thread(target=self._do_write, args=(source, target, )) + self.thread.start() + else: + self.return_message = "Access denied" + self.finished.set() @property def done(self): @@ -75,7 +79,8 @@ class Isodumper(raw_write.Dumper): return self.return_state def end(self): - self.thread.join() + if hasattr(self, 'thread'): + self.thread.join() self._progress = 0 self.finished.clear() return self.return_state, self.return_message @@ -95,32 +100,10 @@ class Isodumper(raw_write.Dumper): def run(self): self.loop.run() - def check_permission_write(self, sender): - """ Check for senders permission to update system packages""" - if sender in self.authorized_sender_write: - return - else: - if self._check_permission(sender, 'org.baseurl.DnfSystem.write'): - self.authorized_sender_write.add(sender) - - def _check_permission(self, sender, action): - """ Check senders permissions using PolicyKit1 +def check_permission(self, action,dbus_context): + """ Check permission """ - if not sender: - raise ValueError('sender == None') - - obj = SystemBus().get( - 'org.freedesktop.PolicyKit1', - '/org/freedesktop/PolicyKit1/Authority') - iface = obj['org.freedesktop.PolicyKit1.Authority'] - (granted, _, details) = iface.CheckAuthorization( - ('system-bus-name', {'name': sender}), action, {}, - 1, '', timeout=600) - if not granted: - return False - else: - return True - + return dbus_context.is_authorized(action, {'polkit.icon_name': 'isodumper.png',}, interactive=True) class ConfFile(object): """ @@ -155,13 +138,14 @@ class ConfFile(object): content += line return content - def saveFile(self, tc): - try: - with open(self.file_name,'w') as tcf : - tcf.write(tc) - except: - return False - return True + def saveFile(self, tc, dbus_context): + if check_permission('org.mageia.Magiback.write',dbus_context): + try: + with open(self.file_name,'w') as tcf : + tcf.write(tc) + except: + return False + return True if __name__ == '__main__': print("Running Magiback service.") diff --git a/polkit/org.mageia.isodumper.policy b/polkit/org.mageia.isodumper.policy new file mode 100644 index 0000000..d9159b8 --- /dev/null +++ b/polkit/org.mageia.isodumper.policy @@ -0,0 +1,26 @@ + + + + Mageia + http://www.mageia.org/ + + Isodumper + Isodumper requesting write access + + auth_admin + no + auth_admin_keep + + + + Manatools + Manatools requesting write access + + auth_admin + no + auth_admin_keep + + + -- cgit v1.2.1