aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPapoteur <papoteur@mageia.org>2018-03-13 22:57:45 +0100
committerPapoteur <papoteur@mageia.org>2018-03-16 11:17:42 +0100
commit17261cba80b9e589f37519d3b5eb3b6c6038c871 (patch)
tree5250623595adf0d850a3a90e933787b406d86611
parent5f24430ad44b80ff05d1fa5499f917681d51ed38 (diff)
downloadisodumper-17261cba80b9e589f37519d3b5eb3b6c6038c871.tar
isodumper-17261cba80b9e589f37519d3b5eb3b6c6038c871.tar.gz
isodumper-17261cba80b9e589f37519d3b5eb3b6c6038c871.tar.bz2
isodumper-17261cba80b9e589f37519d3b5eb3b6c6038c871.tar.xz
isodumper-17261cba80b9e589f37519d3b5eb3b6c6038c871.zip
Add managing of credentials
-rwxr-xr-xbackend/magiback60
-rw-r--r--polkit/org.mageia.isodumper.policy26
2 files changed, 48 insertions, 38 deletions
diff --git a/backend/magiback b/backend/magiback
index 796ba78..e7fe881 100755
--- a/backend/magiback
+++ b/backend/magiback
@@ -56,11 +56,15 @@ class Isodumper(raw_write.Dumper):
self.authorized_sender_read = set()
self.authorized_sender_write = set()
- def do_write(self,source, target):
- print("Writing")
- self.finished.clear()
- self.thread = threading.Thread(target=self._do_write, args=(source, target, ))
- self.thread.start()
+ def do_write(self,source, target, dbus_context):
+ if check_permission('org.mageia.Magiback.Isodumper.write',dbus_context):
+ print("Writing")
+ self.finished.clear()
+ self.thread = threading.Thread(target=self._do_write, args=(source, target, ))
+ self.thread.start()
+ else:
+ self.return_message = "Access denied"
+ self.finished.set()
@property
def done(self):
@@ -75,7 +79,8 @@ class Isodumper(raw_write.Dumper):
return self.return_state
def end(self):
- self.thread.join()
+ if hasattr(self, 'thread'):
+ self.thread.join()
self._progress = 0
self.finished.clear()
return self.return_state, self.return_message
@@ -95,32 +100,10 @@ class Isodumper(raw_write.Dumper):
def run(self):
self.loop.run()
- def check_permission_write(self, sender):
- """ Check for senders permission to update system packages"""
- if sender in self.authorized_sender_write:
- return
- else:
- if self._check_permission(sender, 'org.baseurl.DnfSystem.write'):
- self.authorized_sender_write.add(sender)
-
- def _check_permission(self, sender, action):
- """ Check senders permissions using PolicyKit1
+def check_permission(self, action,dbus_context):
+ """ Check permission
"""
- if not sender:
- raise ValueError('sender == None')
-
- obj = SystemBus().get(
- 'org.freedesktop.PolicyKit1',
- '/org/freedesktop/PolicyKit1/Authority')
- iface = obj['org.freedesktop.PolicyKit1.Authority']
- (granted, _, details) = iface.CheckAuthorization(
- ('system-bus-name', {'name': sender}), action, {},
- 1, '', timeout=600)
- if not granted:
- return False
- else:
- return True
-
+ return dbus_context.is_authorized(action, {'polkit.icon_name': 'isodumper.png',}, interactive=True)
class ConfFile(object):
"""
@@ -155,13 +138,14 @@ class ConfFile(object):
content += line
return content
- def saveFile(self, tc):
- try:
- with open(self.file_name,'w') as tcf :
- tcf.write(tc)
- except:
- return False
- return True
+ def saveFile(self, tc, dbus_context):
+ if check_permission('org.mageia.Magiback.write',dbus_context):
+ try:
+ with open(self.file_name,'w') as tcf :
+ tcf.write(tc)
+ except:
+ return False
+ return True
if __name__ == '__main__':
print("Running Magiback service.")
diff --git a/polkit/org.mageia.isodumper.policy b/polkit/org.mageia.isodumper.policy
new file mode 100644
index 0000000..d9159b8
--- /dev/null
+++ b/polkit/org.mageia.isodumper.policy
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+<policyconfig>
+ <vendor>Mageia</vendor>
+ <vendor_url>http://www.mageia.org/</vendor_url>
+ <action id="org.mageia.Magiback.Isodumper.write">
+ <description>Isodumper</description>
+ <message>Isodumper requesting write access</message>
+ <defaults>
+ <allow_any>auth_admin</allow_any>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>auth_admin_keep</allow_active>
+ </defaults>
+ </action>
+ <action id="org.mageia.Magiback.write">
+ <description>Manatools</description>
+ <message>Manatools requesting write access</message>
+ <defaults>
+ <allow_any>auth_admin</allow_any>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>auth_admin_keep</allow_active>
+ </defaults>
+ </action>
+</policyconfig>