cookiez/pam-fprint-grosshack
1
0
Fork 0
mirror of https://gitlab.com/mishakmak/pam-fprint-grosshack.git synced 2026-04-08 20:03:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

Port to PolicyKit 1.0

Browse Source 
See https://bugzilla.redhat.com/show_bug.cgi?id=498368
and
https://fedoraproject.org/wiki/Features/PolicyKitOne
This commit is contained in:
Matthias Clasen
2009-08-10 15:37:00 +01:00
committed by Bastien Nocera
parent 4ea1c48f9f
commit 24fefbe332
5 changed files with 34 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@ -22,7 +22,7 @@ PKG_CHECK_MODULES(GLIB, glib-2.0 dbus-glib-1)
AC_SUBST(GLIB_CFLAGS) AC_SUBST(GLIB_CFLAGS)
AC_SUBST(GLIB_LIBS) AC_SUBST(GLIB_LIBS)
PKG_CHECK_MODULES(DAEMON, glib-2.0 dbus-glib-1 gmodule-2.0 polkit >= 0.8 polkit-dbus) PKG_CHECK_MODULES(DAEMON, glib-2.0 dbus-glib-1 gmodule-2.0 polkit-gobject-1 >= 0.91)
AC_SUBST(DAEMON_LIBS) AC_SUBST(DAEMON_LIBS)
AC_SUBST(DAEMON_CFLAGS) AC_SUBST(DAEMON_CFLAGS)

2
data/Makefile.am
View File

@ -9,7 +9,7 @@ $(dbus_services_DATA): $(dbus_services_in_files)
dbus_confdir = $(sysconfdir)/dbus-1/system.d dbus_confdir = $(sysconfdir)/dbus-1/system.d
dbus_conf_DATA = net.reactivated.Fprint.conf dbus_conf_DATA = net.reactivated.Fprint.conf
polkitdir = $(datadir)/PolicyKit/policy polkitdir = $(datadir)/polkit-1/actions
polkit_in_files = net.reactivated.fprint.device.policy.in polkit_in_files = net.reactivated.fprint.device.policy.in
@INTLTOOL_POLICY_RULE@ @INTLTOOL_POLICY_RULE@

2
data/net.reactivated.fprint.device.policy.in
View File

@ -35,7 +35,7 @@
<defaults> <defaults>
<allow_any>no</allow_any> <allow_any>no</allow_any>
<allow_inactive>no</allow_inactive> <allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep_always</allow_active> <allow_active>auth_admin_keep</allow_active>
</defaults> </defaults>
</action> </action>

10
pam/Makefile.am
View File

@ -1,12 +1,12 @@
if HAVE_PAM if HAVE_PAM
pammod_PROGRAMS = pam_fprintd.so pammod_LTLIBRARIES = pam_fprintd.la
pammoddir=$(libdir)/security pammoddir=$(libdir)/security
pam_fprintd_so_SOURCES = pam_fprintd.c $(MARSHALFILES) pam_fprintd_la_SOURCES = pam_fprintd.c $(MARSHALFILES)
pam_fprintd_so_CFLAGS = -fPIC $(WARN_CFLAGS) $(GLIB_CFLAGS) pam_fprintd_la_CFLAGS = -fPIC $(WARN_CFLAGS) $(GLIB_CFLAGS)
pam_fprintd_so_LDFLAGS = -shared pam_fprintd_la_LDFLAGS = -avoid-version -module
pam_fprintd_so_LDADD = $(PAM_LIBS) $(GLIB_LIBS) pam_fprintd_la_LIBADD = $(PAM_LIBS) $(GLIB_LIBS)
MARSHALFILES = marshal.c marshal.h MARSHALFILES = marshal.c marshal.h
GLIB_GENMARSHAL=`pkg-config --variable=glib_genmarshal glib-2.0` GLIB_GENMARSHAL=`pkg-config --variable=glib_genmarshal glib-2.0`

109
src/device.c
View File

@ -23,7 +23,6 @@
#include <dbus/dbus-glib-lowlevel.h> #include <dbus/dbus-glib-lowlevel.h>
#include <glib/gi18n.h> #include <glib/gi18n.h>
#include <polkit/polkit.h> #include <polkit/polkit.h>
#include <polkit-dbus/polkit-dbus.h>
#include <libfprint/fprint.h> #include <libfprint/fprint.h>
#include <sys/types.h> #include <sys/types.h>
@ -96,7 +95,7 @@ struct FprintDevicePrivate {
struct fp_dev *dev; struct fp_dev *dev;
struct session_data *session; struct session_data *session;
PolKitContext *pol_ctx; PolkitAuthority *auth;
/* The current user of the device, if claimed */ /* The current user of the device, if claimed */
char *sender; char *sender;
@ -263,53 +262,13 @@ static void fprint_device_class_init(FprintDeviceClass *klass)
g_cclosure_marshal_VOID__STRING, G_TYPE_NONE, 1, G_TYPE_STRING); g_cclosure_marshal_VOID__STRING, G_TYPE_NONE, 1, G_TYPE_STRING);
} }
static gboolean
pk_io_watch_have_data (GIOChannel *channel, GIOCondition condition, gpointer user_data)
{
int fd;
PolKitContext *pk_context = user_data;
fd = g_io_channel_unix_get_fd (channel);
polkit_context_io_func (pk_context, fd);
return TRUE;
}
static int
pk_io_add_watch (PolKitContext *pk_context, int fd)
{
guint id = 0;
GIOChannel *channel;
channel = g_io_channel_unix_new (fd);
if (channel == NULL)
goto out;
id = g_io_add_watch (channel, G_IO_IN, pk_io_watch_have_data, pk_context);
if (id == 0) {
g_io_channel_unref (channel);
goto out;
}
g_io_channel_unref (channel);
out:
return id;
}
static void
pk_io_remove_watch (PolKitContext *pk_context, int watch_id)
{
g_source_remove (watch_id);
}
static void fprint_device_init(FprintDevice *device) static void fprint_device_init(FprintDevice *device)
{ {
FprintDevicePrivate *priv = DEVICE_GET_PRIVATE(device); FprintDevicePrivate *priv = DEVICE_GET_PRIVATE(device);
priv->id = ++last_id; priv->id = ++last_id;
/* Setup PolicyKit */ /* Setup PolicyKit */
priv->pol_ctx = polkit_context_new (); priv->auth = polkit_authority_get ();
polkit_context_set_io_watch_functions (priv->pol_ctx, pk_io_add_watch, pk_io_remove_watch);
if (!polkit_context_init (priv->pol_ctx, NULL)) {
g_critical ("cannot initialize libpolkit");
polkit_context_unref (priv->pol_ctx);
priv->pol_ctx = NULL;
}
priv->clients = g_hash_table_new_full (g_str_hash, priv->clients = g_hash_table_new_full (g_str_hash,
g_str_equal, g_str_equal,
g_free, g_free,
@ -446,56 +405,40 @@ _fprint_device_check_polkit_for_action (FprintDevice *rdev, DBusGMethodInvocatio
{ {
FprintDevicePrivate *priv = DEVICE_GET_PRIVATE(rdev); FprintDevicePrivate *priv = DEVICE_GET_PRIVATE(rdev);
const char *sender; const char *sender;
DBusError dbus_error; PolkitSubject *subject;
PolKitCaller *pk_caller; PolkitAuthorizationResult *result;
PolKitAction *pk_action; GError *_error = NULL;
PolKitResult pk_result;
uid_t uid;
/* Check that caller is privileged */ /* Check that caller is privileged */
sender = dbus_g_method_get_sender (context); sender = dbus_g_method_get_sender (context);
dbus_error_init (&dbus_error); subject = polkit_system_bus_name_new (sender);
pk_caller = polkit_caller_new_from_dbus_name (
dbus_g_connection_get_connection (fprintd_dbus_conn),
sender,
&dbus_error);
if (pk_caller == NULL) {
g_set_error (error, FPRINT_ERROR,
FPRINT_ERROR_INTERNAL,
"Error getting information about caller: %s: %s",
dbus_error.name, dbus_error.message);
dbus_error_free (&dbus_error);
return FALSE;
}
/* XXX Hack? result = polkit_authority_check_authorization_sync (priv->auth,
* We'd like to allow root to set the username by default, so subject,
* it can authenticate users through PAM action,
* https://bugzilla.redhat.com/show_bug.cgi?id=447266 */ NULL,
if ((polkit_caller_get_uid (pk_caller, &uid) && uid == 0) && POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
(g_str_equal (action, "net.reactivated.fprint.device.setusername") || NULL, &_error);
g_str_equal (action, "net.reactivated.fprint.device.verify"))) { g_object_unref (subject);
polkit_caller_unref (pk_caller);
return TRUE;
}
pk_action = polkit_action_new (); if (result == NULL) {
polkit_action_set_action_id (pk_action, action);
pk_result = polkit_context_is_caller_authorized (priv->pol_ctx, pk_action, pk_caller,
TRUE, NULL);
polkit_caller_unref (pk_caller);
polkit_action_unref (pk_action);
if (pk_result != POLKIT_RESULT_YES) {
g_set_error (error, FPRINT_ERROR, g_set_error (error, FPRINT_ERROR,
FPRINT_ERROR_PERMISSION_DENIED, FPRINT_ERROR_PERMISSION_DENIED,
"%s %s <-- (action, result)", "Not Authorized: %s", _error->message);
action, g_error_free (_error);
polkit_result_to_string_representation (pk_result));
dbus_error_free (&dbus_error);
return FALSE; return FALSE;
} }
if (!polkit_authorization_result_get_is_authorized (result)) {
g_set_error (error, FPRINT_ERROR,
FPRINT_ERROR_PERMISSION_DENIED,
"Not Authorized: %s", action);
g_object_unref (result);
return FALSE;
}
g_object_unref (result);
return TRUE; return TRUE;
} }