diff options
author | Papoteur <papoteur@mageia.org> | 2018-03-13 22:57:45 +0100 |
---|---|---|
committer | Papoteur <papoteur@mageia.org> | 2018-03-16 11:17:42 +0100 |
commit | 17261cba80b9e589f37519d3b5eb3b6c6038c871 (patch) | |
tree | 5250623595adf0d850a3a90e933787b406d86611 | |
parent | 5f24430ad44b80ff05d1fa5499f917681d51ed38 (diff) | |
download | isodumper-17261cba80b9e589f37519d3b5eb3b6c6038c871.tar isodumper-17261cba80b9e589f37519d3b5eb3b6c6038c871.tar.gz isodumper-17261cba80b9e589f37519d3b5eb3b6c6038c871.tar.bz2 isodumper-17261cba80b9e589f37519d3b5eb3b6c6038c871.tar.xz isodumper-17261cba80b9e589f37519d3b5eb3b6c6038c871.zip |
Add managing of credentials
-rwxr-xr-x | backend/magiback | 60 | ||||
-rw-r--r-- | polkit/org.mageia.isodumper.policy | 26 |
2 files changed, 48 insertions, 38 deletions
diff --git a/backend/magiback b/backend/magiback index 796ba78..e7fe881 100755 --- a/backend/magiback +++ b/backend/magiback @@ -56,11 +56,15 @@ class Isodumper(raw_write.Dumper): self.authorized_sender_read = set() self.authorized_sender_write = set() - def do_write(self,source, target): - print("Writing") - self.finished.clear() - self.thread = threading.Thread(target=self._do_write, args=(source, target, )) - self.thread.start() + def do_write(self,source, target, dbus_context): + if check_permission('org.mageia.Magiback.Isodumper.write',dbus_context): + print("Writing") + self.finished.clear() + self.thread = threading.Thread(target=self._do_write, args=(source, target, )) + self.thread.start() + else: + self.return_message = "Access denied" + self.finished.set() @property def done(self): @@ -75,7 +79,8 @@ class Isodumper(raw_write.Dumper): return self.return_state def end(self): - self.thread.join() + if hasattr(self, 'thread'): + self.thread.join() self._progress = 0 self.finished.clear() return self.return_state, self.return_message @@ -95,32 +100,10 @@ class Isodumper(raw_write.Dumper): def run(self): self.loop.run() - def check_permission_write(self, sender): - """ Check for senders permission to update system packages""" - if sender in self.authorized_sender_write: - return - else: - if self._check_permission(sender, 'org.baseurl.DnfSystem.write'): - self.authorized_sender_write.add(sender) - - def _check_permission(self, sender, action): - """ Check senders permissions using PolicyKit1 +def check_permission(self, action,dbus_context): + """ Check permission """ - if not sender: - raise ValueError('sender == None') - - obj = SystemBus().get( - 'org.freedesktop.PolicyKit1', - '/org/freedesktop/PolicyKit1/Authority') - iface = obj['org.freedesktop.PolicyKit1.Authority'] - (granted, _, details) = iface.CheckAuthorization( - ('system-bus-name', {'name': sender}), action, {}, - 1, '', timeout=600) - if not granted: - return False - else: - return True - + return dbus_context.is_authorized(action, {'polkit.icon_name': 'isodumper.png',}, interactive=True) class ConfFile(object): """ @@ -155,13 +138,14 @@ class ConfFile(object): content += line return content - def saveFile(self, tc): - try: - with open(self.file_name,'w') as tcf : - tcf.write(tc) - except: - return False - return True + def saveFile(self, tc, dbus_context): + if check_permission('org.mageia.Magiback.write',dbus_context): + try: + with open(self.file_name,'w') as tcf : + tcf.write(tc) + except: + return False + return True if __name__ == '__main__': print("Running Magiback service.") diff --git a/polkit/org.mageia.isodumper.policy b/polkit/org.mageia.isodumper.policy new file mode 100644 index 0000000..d9159b8 --- /dev/null +++ b/polkit/org.mageia.isodumper.policy @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" + "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd"> +<policyconfig> + <vendor>Mageia</vendor> + <vendor_url>http://www.mageia.org/</vendor_url> + <action id="org.mageia.Magiback.Isodumper.write"> + <description>Isodumper</description> + <message>Isodumper requesting write access</message> + <defaults> + <allow_any>auth_admin</allow_any> + <allow_inactive>no</allow_inactive> + <allow_active>auth_admin_keep</allow_active> + </defaults> + </action> + <action id="org.mageia.Magiback.write"> + <description>Manatools</description> + <message>Manatools requesting write access</message> + <defaults> + <allow_any>auth_admin</allow_any> + <allow_inactive>no</allow_inactive> + <allow_active>auth_admin_keep</allow_active> + </defaults> + </action> +</policyconfig> |