Katana_mirror/kdelibs
1
0
Fork 0
mirror of https://bitbucket.org/smil3y/kdelibs.git synced 2025-02-23 10:22:48 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

forcing dbus backend and helper on kauth

Browse source
This commit is contained in:
Ivailo Monev 2014-11-17 17:12:37 +00:00
parent e60c979750
commit 4673760e01
20 changed files with 65 additions and 1663 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
kdecore/CMakeLists.txt
View file

@ -246,8 +246,6 @@ set(kdecore_LIB_SRCS
auth/BackendsManager.cpp
auth/HelperProxy.cpp
auth/kauthhelpersupport.cpp
auth/backends/fake/FakeBackend.cpp
auth/backends/fakehelper/FakeHelperProxy.cpp
services/kfoldermimetype.cpp
services/kmimetypefactory.cpp
services/kmimemagicrule.cpp
@ -429,49 +427,31 @@ install(TARGETS kdecore EXPORT kdelibsLibraryTargets ${INSTALL_TARGETS_DEFAULT_A
########### next target ###############
# KAuth policy generator executable
# Compile only if fake backend has not been selected
if (NOT "${KDE4_AUTH_BACKEND_NAME}" STREQUAL "FAKE")
# KAUTH_POLICY_GEN_SRCS has been generated from auth/ConfigureChecks.cmake
kde4_add_executable(kauth-policy-gen NOGUI ${KAUTH_POLICY_GEN_SRCS})
# KAUTH_POLICY_GEN_LIBRARIES has been generated from auth/ConfigureChecks.cmake
target_link_libraries( kauth-policy-gen ${KAUTH_POLICY_GEN_LIBRARIES} )
install( TARGETS kauth-policy-gen EXPORT kdelibsToolsTargets DESTINATION ${LIBEXEC_INSTALL_DIR})
endif (NOT "${KDE4_AUTH_BACKEND_NAME}" STREQUAL "FAKE")
if ( NOT WINCE )
########### next target ###############
# KAuth backend plugin
if (NOT "${KDE4_AUTH_BACKEND_NAME}" STREQUAL "FAKE")
set(KAUTH_BACKEND_SRCS ${KAUTH_BACKEND_SRCS} auth/AuthBackend.cpp)
kde4_add_plugin(kauth_backend_plugin ${KAUTH_BACKEND_SRCS})
target_link_libraries(kauth_backend_plugin ${KAUTH_BACKEND_LIBS})
install(TARGETS kauth_backend_plugin
LIBRARY DESTINATION ${KAUTH_BACKEND_PLUGIN_DIR}
ARCHIVE DESTINATION ${KAUTH_BACKEND_PLUGIN_DIR}
RUNTIME DESTINATION ${KAUTH_BACKEND_PLUGIN_DIR}
)
endif (NOT "${KDE4_AUTH_BACKEND_NAME}" STREQUAL "FAKE")
set(KAUTH_BACKEND_SRCS ${KAUTH_BACKEND_SRCS} auth/AuthBackend.cpp)
kde4_add_plugin(kauth_backend_plugin ${KAUTH_BACKEND_SRCS})
target_link_libraries(kauth_backend_plugin ${KAUTH_BACKEND_LIBS})
install(TARGETS kauth_backend_plugin
LIBRARY DESTINATION ${KAUTH_BACKEND_PLUGIN_DIR}
ARCHIVE DESTINATION ${KAUTH_BACKEND_PLUGIN_DIR}
RUNTIME DESTINATION ${KAUTH_BACKEND_PLUGIN_DIR}
)
########### next target ###############
# KAuth helper plugin
if (NOT "${KDE4_AUTH_HELPER_BACKEND_NAME}" STREQUAL "FAKE")
kde4_add_plugin(kauth_helper_plugin ${KAUTH_HELPER_BACKEND_SRCS} auth/HelperProxy.cpp)
target_link_libraries(kauth_helper_plugin ${KAUTH_HELPER_BACKEND_LIBS})
install(TARGETS kauth_helper_plugin
LIBRARY DESTINATION ${KAUTH_HELPER_PLUGIN_DIR}
ARCHIVE DESTINATION ${KAUTH_HELPER_PLUGIN_DIR}
RUNTIME DESTINATION ${KAUTH_HELPER_PLUGIN_DIR}
)
endif (NOT "${KDE4_AUTH_HELPER_BACKEND_NAME}" STREQUAL "FAKE")
kde4_add_plugin(kauth_helper_plugin ${KAUTH_HELPER_BACKEND_SRCS} auth/HelperProxy.cpp)
target_link_libraries(kauth_helper_plugin ${KAUTH_HELPER_BACKEND_LIBS})
install(TARGETS kauth_helper_plugin
LIBRARY DESTINATION ${KAUTH_HELPER_PLUGIN_DIR}
ARCHIVE DESTINATION ${KAUTH_HELPER_PLUGIN_DIR}
RUNTIME DESTINATION ${KAUTH_HELPER_PLUGIN_DIR}
)
endif ( NOT WINCE )
########### next target ###############

6
kdecore/auth/BackendsConfig.h.cmake
View file

@ -1,9 +1,5 @@
#cmakedefine KAUTH_COMPILING_OSX_BACKEND 1
#cmakedefine KAUTH_COMPILING_POLKITQT_BACKEND 1
#cmakedefine KAUTH_COMPILING_POLKITQT1_BACKEND 1
#cmakedefine KAUTH_COMPILING_FAKE_BACKEND 1
#cmakedefine KAUTH_COMPILING_DBUS_BACKEND 1
#cmakedefine KAUTH_COMPILING_DBUS_HELPER_BACKEND 1
#cmakedefine KAUTH_COMPILING_FAKE_HELPER_BACKEND 1
#define KAUTH_BACKEND_PLUGIN_DIR "${KAUTH_BACKEND_PLUGIN_DIR}"
#define KAUTH_HELPER_PLUGIN_DIR "${KAUTH_HELPER_PLUGIN_DIR}"
#define KAUTH_OTHER_PLUGIN_DIR "${KAUTH_OTHER_PLUGIN_DIR}"

18
kdecore/auth/BackendsManager.cpp
View file

@ -21,9 +21,9 @@
#include "BackendsConfig.h"
// Include fake backends
#include "backends/fake/FakeBackend.h"
#include "backends/fakehelper/FakeHelperProxy.h"
// Include dbus backends
#include "backends/dbus/DBusBackend.h"
#include "backends/dbus/DBusHelperProxy.h"
#include <QPluginLoader>
#include <QDir>
@ -98,22 +98,18 @@ void BackendsManager::init()
}
if (!auth) {
// Load the fake auth backend then
auth = new FakeBackend;
#ifndef KAUTH_COMPILING_FAKE_BACKEND
// Load the dbus auth backend then
auth = new DBusBackend;
// Spit a fat warning
kWarning() << "WARNING: KAuth was compiled with a working backend, but was unable to load it! Check your installation!";
#endif
}
if (!helper) {
// Load the fake helper backend then
helper = new FakeHelperProxy;
#ifndef KAUTH_COMPILING_FAKE_BACKEND
// Load the dbus helper backend then
helper = new DBusHelperProxy;
// Spit a fat warning
kWarning() << "WARNING: KAuth was compiled with a working helper backend, but was unable to load it! "
"Check your installation!";
#endif
}
}

244
kdecore/auth/ConfigureChecks.cmake
View file

@ -1,244 +1,46 @@
####### checks for kdecore/kauth ###############
set(KDE4_AUTH_BACKEND_NAME "" CACHE STRING "Specifies the KAuth backend to build. Current available options are
PolkitQt, PolkitQt-1, Fake, Apple. Not setting this variable will build the most
appropriate backend for your system")
set(KAUTH_BACKEND ${KDE4_AUTH_BACKEND_NAME})
## Check if the user did not specify a backend to be built. If that is the case,
## we check what is the best backend to build on this system.
if(NOT KAUTH_BACKEND)
# Look for the most appropriate backend
message(STATUS "No backend for KAuth was explicitly specified: probing system to find the best one available")
if (APPLE)
set (KAUTH_BACKEND "OSX")
elseif (UNIX)
macro_optional_find_package(PolkitQt-1 0.99.0)
if (POLKITQT-1_FOUND)
set (KAUTH_BACKEND "PolkitQt-1")
set_package_properties(PolkitQt-1 PROPERTIES DESCRIPTION "Support for executing privileged actions in a controlled way (KAuth)"
URL "http://techbase.kde.org/Polkit-Qt-1"
TYPE RECOMMENDED
)
else (POLKITQT-1_FOUND)
macro_optional_find_package(PolkitQt)
if (POLKITQT_FOUND)
set (KAUTH_BACKEND "PolkitQt")
set_package_properties(PolkitQt PROPERTIES DESCRIPTION "Support for executing privileged actions in a controlled way (KAuth)"
URL "http://api.kde.org/polkit-qt"
TYPE RECOMMENDED
)
else (POLKITQT_FOUND)
# Nothing was found: notify and log the missing features
set_package_properties(PolkitQt-1 PROPERTIES DESCRIPTION "Support for executing privileged actions in a controlled way (KAuth)"
URL "http://techbase.kde.org/Polkit-Qt-1"
TYPE RECOMMENDED
PURPOSE "Either this or PolkitQt is required to make KAuth work, and hence enable certain workspace functionalities"
)
set_package_properties(PolkitQt PROPERTIES DESCRIPTION "Support for executing privileged actions in a controlled way (KAuth)"
URL "http://api.kde.org/polkit-qt"
TYPE RECOMMENDED
PURPOSE "Either this or PolkitQt-1 is required to make KAuth work, and hence enable certain workspace functionalities"
)
set (KAUTH_BACKEND "Fake")
endif (POLKITQT_FOUND)
endif (POLKITQT-1_FOUND)
else(UNIX)
set (KAUTH_BACKEND "Fake")
endif(APPLE)
# Case-insensitive
string(TOUPPER ${KAUTH_BACKEND} KAUTH_BACKEND_UPPER)
set (KAUTH_BACKEND ${KAUTH_BACKEND_UPPER})
else(NOT KAUTH_BACKEND)
# Case-insensitive
string(TOUPPER ${KAUTH_BACKEND} KAUTH_BACKEND_UPPER)
set (KAUTH_BACKEND ${KAUTH_BACKEND_UPPER})
# Check if the specified backend is valid. If it is not, we fall back to the Fake one
if (NOT KAUTH_BACKEND STREQUAL "OSX" AND NOT KAUTH_BACKEND STREQUAL "POLKITQT" AND NOT KAUTH_BACKEND STREQUAL "POLKITQT-1" AND NOT KAUTH_BACKEND STREQUAL "FAKE")
message ("WARNING: The KAuth Backend ${KAUTH_BACKEND} you specified does not exist. Falling back to Fake backend")
set (KAUTH_BACKEND "FAKE")
endif (NOT KAUTH_BACKEND STREQUAL "OSX" AND NOT KAUTH_BACKEND STREQUAL "POLKITQT" AND NOT KAUTH_BACKEND STREQUAL "POLKITQT-1" AND NOT KAUTH_BACKEND STREQUAL "FAKE")
# Check requirements for each backend. If not, fall back to the fake one
if (KAUTH_BACKEND STREQUAL "OSX" AND NOT APPLE)
message ("WARNING: You chose the Apple KAuth backend but your system does not support it. Falling back to Fake backend")
set (KAUTH_BACKEND "FAKE")
endif (KAUTH_BACKEND STREQUAL "OSX" AND NOT APPLE)
if (KAUTH_BACKEND STREQUAL "POLKITQT")
macro_optional_find_package(PolkitQt)
macro_log_feature(POLKITQT_FOUND "PolkitQt" "Support for executing priviledged actions in a controlled way (KAuth)" "http://api.kde.org/polkit-qt"
FALSE "" "STRONGLY RECOMMENDED: Required to make KAuth work, and hence enable certain workspace functionalities")
if (NOT POLKITQT_FOUND)
message ("WARNING: You chose the PolkitQt KAuth backend but you don't have PolkitQt installed.
Falling back to Fake backend")
set (KAUTH_BACKEND "FAKE")
endif (NOT POLKITQT_FOUND)
endif (KAUTH_BACKEND STREQUAL "POLKITQT")
if (KAUTH_BACKEND STREQUAL "POLKITQT-1")
macro_optional_find_package(PolkitQt-1 0.99.0)
macro_log_feature(POLKITQT-1_FOUND "PolkitQt-1" "Support for executing priviledged actions in a controlled way (KAuth)" "http://techbase.kde.org/Polkit-Qt-1"
FALSE "" "STRONGLY RECOMMENDED: Required to make KAuth work, and hence enable certain workspace functionalities")
if (NOT POLKITQT-1_FOUND)
message ("WARNING: You chose the PolkitQt-1 KAuth backend but you don't have PolkitQt-1 installed.
Falling back to Fake backend")
set (KAUTH_BACKEND "FAKE")
endif (NOT POLKITQT-1_FOUND)
endif (KAUTH_BACKEND STREQUAL "POLKITQT-1")
endif(NOT KAUTH_BACKEND)
set(KDE4_AUTH_BACKEND_NAME ${KAUTH_BACKEND} CACHE STRING "Specifies the KAuth backend to build. Current available options are
PolkitQt, PolkitQt-1, Fake, Apple. Not setting this variable will build the most
appropriate backend for your system" FORCE)
# Add the correct libraries depending on the backend, and eventually set the policy files install location
if(KDE4_AUTH_BACKEND_NAME STREQUAL "OSX")
set (KAUTH_COMPILING_OSX_BACKEND TRUE)
find_library(CORE_FOUNDATION_LIBRARY CoreFoundation)
find_library(SECURITY_LIBRARY Security)
message(STATUS "Building Apple KAuth backend")
set(KAUTH_BACKEND_SRCS
auth/backends/mac/AuthServicesBackend.cpp
)
set(KAUTH_BACKEND_LIBS ${SECURITY_LIBRARY} ${QT_QTCORE_LIBRARY})
elseif(KDE4_AUTH_BACKEND_NAME STREQUAL "POLKITQT")
set (KAUTH_COMPILING_POLKITQT_BACKEND TRUE)
message(STATUS "Building PolkitQt KAuth backend")
include_directories(${POLKITQT_INCLUDE_DIR})
set(KAUTH_BACKEND_SRCS
auth/backends/policykit/PolicyKitBackend.cpp
)
set(KAUTH_BACKEND_LIBS ${POLKITQT_CORE_LIBRARY} ${QT_QTCORE_LIBRARY})
set(KDE4_AUTH_POLICY_FILES_INSTALL_DIR ${POLKITQT_POLICY_FILES_INSTALL_DIR} CACHE STRING
"Where policy files generated by KAuth will be installed" FORCE)
elseif(KDE4_AUTH_BACKEND_NAME STREQUAL "POLKITQT-1")
set (KAUTH_COMPILING_POLKITQT1_BACKEND TRUE)
message(STATUS "Building PolkitQt-1 KAuth backend")
include_directories(${POLKITQT-1_INCLUDE_DIR})
set(KAUTH_BACKEND_SRCS
auth/backends/polkit-1/Polkit1Backend.cpp
)
set(KAUTH_BACKEND_LIBS ${POLKITQT-1_CORE_LIBRARY} ${QT_QTCORE_LIBRARY} ${QT_QTDBUS_LIBRARY} ${QT_QTGUI_LIBRARY} kdecore)
if (Q_WS_X11)
# QtGui as well
set(KAUTH_BACKEND_LIBS ${KAUTH_BACKEND_LIBS} ${QT_QTGUI_LIBRARY})
endif (Q_WS_X11)
# POLKITQT-1_POLICY_FILES_INSTALL_DIR has an absolute pathname, fix that.
string(REPLACE ${POLKITQT-1_INSTALL_DIR}
${CMAKE_INSTALL_PREFIX} _KDE4_AUTH_POLICY_FILES_INSTALL_DIR
${POLKITQT-1_POLICY_FILES_INSTALL_DIR})
set(KDE4_AUTH_POLICY_FILES_INSTALL_DIR ${_KDE4_AUTH_POLICY_FILES_INSTALL_DIR} CACHE STRING
"Where policy files generated by KAuth will be installed" FORCE)
elseif(KDE4_AUTH_BACKEND_NAME STREQUAL "FAKE")
set (KAUTH_COMPILING_FAKE_BACKEND TRUE)
message(STATUS "Building Fake KAuth backend")
message("WARNING: No valid KAuth backends will be built. The library will not work properly unless compiled with
a working backend")
endif()
# KAuth policy generator executable source probing
set(KAUTH_POLICY_GEN_SRCS
auth/policy-gen/policy-gen.cpp )
set(KAUTH_POLICY_GEN_LIBRARIES ${QT_QTCORE_LIBRARY})
if(KDE4_AUTH_BACKEND_NAME STREQUAL "OSX")
set(KAUTH_POLICY_GEN_SRCS ${KAUTH_POLICY_GEN_SRCS}
auth/backends/mac/kauth-policy-gen-mac.cpp)
set(KAUTH_POLICY_GEN_LIBRARIES ${KAUTH_POLICY_GEN_LIBRARIES} ${CORE_FOUNDATION_LIBRARY} ${SECURITY_LIBRARY})
elseif(KDE4_AUTH_BACKEND_NAME STREQUAL "POLKITQT")
set(KAUTH_POLICY_GEN_SRCS ${KAUTH_POLICY_GEN_SRCS}
auth/backends/policykit/kauth-policy-gen-polkit.cpp )
elseif(KDE4_AUTH_BACKEND_NAME STREQUAL "POLKITQT-1")
set(KAUTH_POLICY_GEN_SRCS ${KAUTH_POLICY_GEN_SRCS}
auth/backends/polkit-1/kauth-policy-gen-polkit1.cpp )
endif()
########################
# Helper backend probing
set(KDE4_AUTH_HELPER_BACKEND_NAME "" CACHE STRING "Specifies the KAuth helper backend to build. Current available options are
DBus, Fake. Not setting this variable will build the most appropriate backend for your system")
set(KAUTH_HELPER_BACKEND ${KDE4_AUTH_HELPER_BACKEND_NAME})
if(NOT KAUTH_HELPER_BACKEND)
# No checks needed, just set the dbus backend
set(KAUTH_HELPER_BACKEND "DBus")
string(TOUPPER ${KAUTH_HELPER_BACKEND} KAUTH_HELPER_BACKEND_UPPER)
set (KAUTH_HELPER_BACKEND ${KAUTH_HELPER_BACKEND_UPPER})
else(NOT KAUTH_HELPER_BACKEND)
# No checks needed here either
string(TOUPPER ${KAUTH_HELPER_BACKEND} KAUTH_HELPER_BACKEND_UPPER)
set (KAUTH_HELPER_BACKEND ${KAUTH_HELPER_BACKEND_UPPER})
endif(NOT KAUTH_HELPER_BACKEND)
set(KDE4_AUTH_HELPER_BACKEND_NAME ${KAUTH_HELPER_BACKEND} CACHE STRING "Specifies the KAuth helper backend to build. Current
available options are DBus, Fake. Not setting this variable will
build the most appropriate backend for your system" FORCE)
set(KAUTH_BACKEND "DBUS" CACHE STRING "Specifies the KAuth helper backend to build. Current available options are
DBus. Not setting this variable will build the most appropriate backend for your system")
# Add the correct libraries/files depending on the backend
if(KDE4_AUTH_HELPER_BACKEND_NAME STREQUAL "DBUS")
set (KAUTH_COMPILING_DBUS_HELPER_BACKEND TRUE)
if (KAUTH_BACKEND STREQUAL "DBUS")
set(KAUTH_COMPILING_DBUS_HELPER_BACKEND TRUE)
set(KAUTH_BACKEND_SRCS
auth/backends/dbus/DBusBackend.cpp
auth/backends/dbus/DBusBackend.h
)
set(KAUTH_BACKEND_LIBS ${QT_QTCORE_LIBRARY})
qt4_add_dbus_adaptor(kauth_dbus_adaptor_SRCS
qt4_add_dbus_adaptor(kauth_dbus_adaptor_SRCS
auth/backends/dbus/org.kde.auth.xml
auth/backends/dbus/DBusHelperProxy.h
KAuth::DBusHelperProxy)
set(KAUTH_HELPER_BACKEND_SRCS
set(KAUTH_HELPER_BACKEND_SRCS
auth/backends/dbus/DBusHelperProxy.cpp
${kauth_dbus_adaptor_SRCS}
)
)
set(KAUTH_HELPER_BACKEND_LIBS kdecore)
set(KAUTH_HELPER_BACKEND_LIBS kdecore)
# Install some files as well
install( FILES auth/backends/dbus/org.kde.auth.conf
DESTINATION ${SYSCONF_INSTALL_DIR}/dbus-1/system.d )
# Install some files as well
install( FILES auth/backends/dbus/org.kde.auth.conf
DESTINATION ${SYSCONF_INSTALL_DIR}/dbus-1/system.d )
install( FILES auth/backends/dbus/dbus_policy.stub
auth/backends/dbus/dbus_service.stub
DESTINATION ${DATA_INSTALL_DIR}/kauth COMPONENT Devel)
elseif(KDE4_AUTH_HELPER_BACKEND_NAME STREQUAL "FAKE")
set (KAUTH_COMPILING_FAKE_HELPER_BACKEND TRUE)
message("WARNING: No valid KAuth helper backends will be built. The library will not work properly unless compiled with
a working backend")
install( FILES auth/backends/dbus/dbus_policy.stub
auth/backends/dbus/dbus_service.stub
DESTINATION ${DATA_INSTALL_DIR}/kauth COMPONENT Devel)
endif()
set(kdecore_LIB_SRCS
${kdecore_LIB_SRCS}
${KAUTH_BACKEND_SRCS}
)
# Set directories for plugins
if(NOT WIN32)
_set_fancy(KAUTH_HELPER_PLUGIN_DIR "${PLUGIN_INSTALL_DIR}/plugins/kauth/helper" "Where KAuth's helper plugin will be installed")
_set_fancy(KAUTH_BACKEND_PLUGIN_DIR "${PLUGIN_INSTALL_DIR}/plugins/kauth/backend" "Where KAuth's backend plugin will be installed")
#set(KAUTH_OTHER_PLUGIN_DIR "${QT_PLUGINS_DIR}/kauth/plugins")
else(NOT WIN32)
set(KAUTH_HELPER_PLUGIN_DIR "${PLUGIN_INSTALL_DIR}/plugins/kauth/helper")
set(KAUTH_BACKEND_PLUGIN_DIR "${PLUGIN_INSTALL_DIR}/plugins/kauth/backend")
endif(NOT WIN32)
## End

28
kdecore/auth/backends/fake/FakeBackend.cpp → kdecore/auth/backends/dbus/DBusBackend.cpp
View file

@ -17,44 +17,50 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA .
*/
#include "FakeBackend.h"
#include "DBusBackend.h"
#include <QtCore/QCoreApplication>
namespace KAuth
{
FakeBackend::FakeBackend()
DBusBackend::DBusBackend()
: AuthBackend()
{
setCapabilities(NoCapability);
}
Action::AuthStatus FakeBackend::authorizeAction(const QString &action)
Action::AuthStatus DBusBackend::authorizeAction(const QString &action)
{
Q_UNUSED(action)
return Action::Denied;
return Action::Authorized;
}
void FakeBackend::setupAction(const QString &action)
void DBusBackend::setupAction(const QString &action)
{
Q_UNUSED(action)
}
Action::AuthStatus FakeBackend::actionStatus(const QString &action)
Action::AuthStatus DBusBackend::actionStatus(const QString &action)
{
Q_UNUSED(action)
return Action::Denied;
return Action::Authorized;
}
QByteArray FakeBackend::callerID() const
QByteArray DBusBackend::callerID() const
{
return QByteArray();
QByteArray a;
QDataStream s(&a, QIODevice::WriteOnly);
s << QCoreApplication::applicationPid();
return a;
}
bool FakeBackend::isCallerAuthorized(const QString &action, QByteArray callerID)
bool DBusBackend::isCallerAuthorized(const QString &action, QByteArray callerID)
{
Q_UNUSED(action)
Q_UNUSED(callerID)
return false;
return true;
}
} // namespace Auth

4
kdecore/auth/backends/fake/FakeBackend.h → kdecore/auth/backends/dbus/DBusBackend.h
View file

@ -28,13 +28,13 @@ class QByteArray;
namespace KAuth
{
class FakeBackend : public AuthBackend
class DBusBackend : public AuthBackend
{
Q_OBJECT
Q_INTERFACES(KAuth::AuthBackend)
public:
FakeBackend();
DBusBackend();
virtual void setupAction(const QString&);
virtual Action::AuthStatus authorizeAction(const QString&);
virtual Action::AuthStatus actionStatus(const QString&);

77
kdecore/auth/backends/fake/kauth-policy-gen-polkit.cpp
View file

@ -1,77 +0,0 @@
/*
* Copyright (C) 2008 Nicola Gigante <nicola.gigante@gmail.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the
* Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA .
*/
#include <auth/policy-gen/policy-gen.h>
#include <cstdio>
#include <QDebug>
#include <QTextStream>
const char header[] = ""
"<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"
"<!DOCTYPE policyconfig PUBLIC\n"
"\"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN\"\n"
"\"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd\">\n"
"<policyconfig>\n";
const char policy_tag[] = ""
" <defaults>\n"
" <allow_inactive>no</allow_inactive>\n"
" <allow_active>%1</allow_active>\n"
" </defaults>\n";
const char dent[] = " ";
void output(QList<Action> actions, QHash<QString, QString> domain)
{
Q_UNUSED(domain)
QTextStream out(stdout);
out.setCodec("UTF-8");
out << header;
foreach(const Action &action, actions) {
out << dent << "<action id=\"" << action.name << "\" >\n";
foreach(const QString& lang, action.descriptions.keys()) {
out << dent << dent << "<description";
if (lang != "en")
out << " xml:lang=\"" << lang << '"';
out << '>' << action.messages.value(lang) << "</description>\n";
}
foreach(const QString& lang, action.messages.keys()) {
out << dent << dent << "<message";
if (lang != "en")
out << " xml:lang=\"" << lang << '"';
out << '>' << action.descriptions.value(lang) << "</message>\n";
}
QString policy = action.policy;
if (!action.persistence.isEmpty())
policy += "_keep_" + action.persistence;
out << QString(policy_tag).arg(policy);
out << dent << "</action>\n";
}
out << "</policyconfig>\n";
}

97
kdecore/auth/backends/fakehelper/FakeHelperProxy.cpp
View file

@ -1,97 +0,0 @@
/*
* Copyright (C) 2010 Dario Freddi <drf@kde.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the
* Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA .
*/
#include "FakeHelperProxy.h"
namespace KAuth {
FakeHelperProxy::FakeHelperProxy()
: HelperProxy()
{
}
FakeHelperProxy::~FakeHelperProxy()
{
}
void FakeHelperProxy::sendProgressStep(const QVariantMap& step)
{
Q_UNUSED(step)
}
void FakeHelperProxy::sendProgressStep(int step)
{
Q_UNUSED(step)
}
void FakeHelperProxy::sendDebugMessage(int level, const char* msg)
{
Q_UNUSED(level)
Q_UNUSED(msg)
}
bool FakeHelperProxy::hasToStopAction()
{
return false;
}
void FakeHelperProxy::setHelperResponder(QObject* o)
{
Q_UNUSED(o)
}
bool FakeHelperProxy::initHelper(const QString& name)
{
Q_UNUSED(name)
return false;
}
void FakeHelperProxy::stopAction(const QString& action, const QString& helperID)
{
Q_UNUSED(action)
Q_UNUSED(helperID)
}
KAuth::ActionReply FakeHelperProxy::executeAction(const QString& action, const QString& helperID, const QVariantMap& arguments)
{
Q_UNUSED(action)
Q_UNUSED(helperID)
Q_UNUSED(arguments)
return KAuth::ActionReply::NoSuchActionReply;
}
bool FakeHelperProxy::executeActions(const QList< QPair< QString, QVariantMap > >& list, const QString& helperID)
{
Q_UNUSED(list)
Q_UNUSED(helperID)
return false;
}
Action::AuthStatus FakeHelperProxy::authorizeAction(const QString& action, const QString& helperID)
{
Q_UNUSED(action)
Q_UNUSED(helperID)
return Action::Denied;
}
}
#include "FakeHelperProxy.moc"

50
kdecore/auth/backends/fakehelper/FakeHelperProxy.h
View file

@ -1,50 +0,0 @@
/*
* Copyright (C) 2010 Dario Freddi <drf@kde.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the
* Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA .
*/
#ifndef FAKEHELPERPROXY_H
#define FAKEHELPERPROXY_H
#include "HelperProxy.h"
namespace KAuth {
class FakeHelperProxy : public HelperProxy
{
Q_OBJECT
Q_INTERFACES(KAuth::HelperProxy)
public:
FakeHelperProxy();
virtual ~FakeHelperProxy();
virtual void sendProgressStep(const QVariantMap& step);
virtual void sendProgressStep(int step);
virtual void sendDebugMessage(int level, const char* msg);
virtual bool hasToStopAction();
virtual void setHelperResponder(QObject* o);
virtual bool initHelper(const QString& name);
virtual void stopAction(const QString& action, const QString& helperID);
virtual ActionReply executeAction(const QString& action, const QString& helperID, const QVariantMap& arguments);
virtual bool executeActions(const QList< QPair< QString, QVariantMap > >& list, const QString& helperID);
virtual Action::AuthStatus authorizeAction(const QString& action, const QString& helperID);
};
}
#endif // FAKEHELPERPROXY_H

149
kdecore/auth/backends/mac/AuthServicesBackend.cpp
View file

@ -1,149 +0,0 @@
/*
* Copyright (C) 2008 Nicola Gigante <nicola.gigante@gmail.com>
* Copyright (C) 2014 René Bertin <rjvbertin@gmail.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the
* Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA .
*/
#include "AuthServicesBackend.h"
#include <Security/Security.h>
#include <QtCore/qplugin.h>
#include <QtCore/QtCore>
namespace KAuth
{
static AuthorizationRef s_authRef = NULL;
AuthorizationRef authRef();
AuthorizationRef authRef()
{
if (!s_authRef) {
AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &s_authRef);
}
return s_authRef;
}
static OSStatus GetActionRights(const QString &action, AuthorizationFlags flags, AuthorizationRef auth=NULL)
{
AuthorizationItem item;
item.name = action.toUtf8();
item.valueLength = 0;
item.value = NULL;
item.flags = 0;
AuthorizationRights rights;
rights.count = 1;
rights.items = &item;
OSStatus result = AuthorizationCopyRights( (auth)? auth : authRef(),
&rights,
kAuthorizationEmptyEnvironment,
flags, NULL);
return result;
}
// On OS X, the suggestion is to make the helper grant the actual privilege. The app does instead a
// "pre-authorization", that's equivalent to look at isCallerAuthorized() in policykit.
// RJVB: grab the privilege from here, the client.
AuthServicesBackend::AuthServicesBackend()
: AuthBackend()
{
setCapabilities(AuthorizeFromClientCapability | CheckActionExistenceCapability);
}
void AuthServicesBackend::setupAction(const QString&)
{
// Nothing to do here...
}
// On OS X, the suggestion is to make the helper grant the actual privilege. The app does instead a
// "pre-authorization", that's equivalent to look at isCallerAuthorized() in policykit.
// RJVB: grab the privilege from here, the client.
Action::AuthStatus AuthServicesBackend::authorizeAction(const QString &action)
{
OSStatus result = GetActionRights( action, kAuthorizationFlagExtendRights | kAuthorizationFlagInteractionAllowed );
// qWarning() << "AuthServicesBackend::authorizeAction(" << action << ") AuthorizationCopyRights returned" << result;
switch (result) {
case errAuthorizationSuccess:
return Action::Authorized;
case errAuthorizationInteractionNotAllowed:
default:
return Action::Denied;
}
}
Action::AuthStatus AuthServicesBackend::actionStatus(const QString &action)
{
OSStatus result = GetActionRights( action, kAuthorizationFlagExtendRights | kAuthorizationFlagPreAuthorize );
// qWarning() << "AuthServicesBackend::actionStatus(" << action << ") AuthorizationCopyRights returned" << result;
switch (result) {
case errAuthorizationSuccess:
return Action::Authorized;
case errAuthorizationInteractionNotAllowed:
return Action::AuthRequired;
default:
return Action::Denied;
}
}
QByteArray AuthServicesBackend::callerID() const
{
AuthorizationExternalForm ext;
AuthorizationMakeExternalForm(authRef(), &ext);
QByteArray id((const char *)&ext, sizeof(ext));
return id;
}
bool AuthServicesBackend::isCallerAuthorized(const QString &action, QByteArray callerID)
{
AuthorizationExternalForm ext;
memcpy(&ext, callerID.data(), sizeof(ext));
AuthorizationRef auth;
if (AuthorizationCreateFromExternalForm(&ext, &auth) != noErr){
// qWarning() << "AuthorizationCreateFromExternalForm(" << action << "," << callerID.constData() << ") failed";
return false;
}
OSStatus result = GetActionRights( action, kAuthorizationFlagExtendRights | kAuthorizationFlagInteractionAllowed,
auth);
AuthorizationFree(auth, kAuthorizationFlagDefaults);
// qWarning() << "AuthServicesBackend::isCallerAuthorized(" << action << "," << callerID.constData() << ") AuthorizationCopyRights returned" << result;
return result == errAuthorizationSuccess;
}
// RJVB: OS X doesn't distinguish between "action doesn't exist" and "action not allowed". So the
// best thing we can do is return true and hope that the action will be created if it didn't exist...
bool AuthServicesBackend::actionExists(const QString& action)
{
OSStatus exists = AuthorizationRightGet(action.toUtf8(), NULL);
// qWarning() << "AuthServicesBackend::actionExists(" << action << ") AuthorizationRightGet returned" << exists;
return true;//exists == errAuthorizationSuccess;
}
}; // namespace KAuth
Q_EXPORT_PLUGIN2(kauth_backend, KAuth::AuthServicesBackend)

46
kdecore/auth/backends/mac/AuthServicesBackend.h
View file

@ -1,46 +0,0 @@
/*
* Copyright (C) 2008 Nicola Gigante <nicola.gigante@gmail.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the
* Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA .
*/
#ifndef AUTHSERVICES_BACKEND_H
#define AUTHSERVICES_BACKEND_H
#include "AuthBackend.h"
namespace KAuth
{
class AuthServicesBackend : public AuthBackend
{
Q_OBJECT
Q_INTERFACES(KAuth::AuthBackend)
public:
AuthServicesBackend();
virtual void setupAction(const QString&);
virtual Action::AuthStatus authorizeAction(const QString&);
virtual Action::AuthStatus actionStatus(const QString&);
virtual QByteArray callerID() const;
virtual bool isCallerAuthorized(const QString &action, QByteArray callerID);
virtual bool actionExists(const QString& action);
};
} // namespace KAuth
#endif

61
kdecore/auth/backends/mac/kauth-policy-gen-mac.cpp
View file

@ -1,61 +0,0 @@
/*
* Copyright (C) 2008 Nicola Gigante <nicola.gigante@gmail.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the
* Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA .
*/
#include <auth/policy-gen/policy-gen.h>
#include <iostream>
#include <Security/Security.h>
using namespace std;
void output(QList<Action> actions, QHash<QString, QString> domain)
{
AuthorizationRef auth;
AuthorizationCreate(NULL, NULL, kAuthorizationFlagDefaults, &auth);
OSStatus err;
foreach(const Action &action, actions) {
err = AuthorizationRightGet(action.name.toLatin1(), NULL);
if (err == errAuthorizationDenied) {
QString rule;
if (action.policy == QLatin1String("yes"))
rule = QString::fromLatin1(kAuthorizationRuleClassAllow);
else if (action.policy == QLatin1String("no"))
rule = QString::fromLatin1(kAuthorizationRuleClassDeny);
else if (action.policy == QLatin1String("auth_self"))
rule = QString::fromLatin1(kAuthorizationRuleAuthenticateAsSessionUser);
else if (action.policy == QLatin1String("auth_admin"))
rule = QString::fromLatin1(kAuthorizationRuleAuthenticateAsAdmin);
CFStringRef cfRule = CFStringCreateWithCString(NULL, rule.toLatin1(), kCFStringEncodingASCII);
CFStringRef cfPrompt = CFStringCreateWithCString(NULL, action.descriptions.value(QLatin1String("en")).toLatin1(), kCFStringEncodingASCII);
err = AuthorizationRightSet(auth, action.name.toLatin1(), cfRule, cfPrompt, NULL, NULL);
if (err != noErr) {
cerr << "You don't have the right to edit the security database (try to run cmake with sudo): " << err << endl;
exit(1);
}
}
}
}

104
kdecore/auth/backends/policykit/PolicyKitBackend.cpp
View file

@ -1,104 +0,0 @@
/*
* Copyright (C) 2008 Nicola Gigante <nicola.gigante@gmail.com>
* Copyright (C) 2009 Dario Freddi <drf@kde.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the
* Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA .
*/
#include "PolicyKitBackend.h"
#include <QtCore/qplugin.h>
#include <syslog.h>
#include <polkit-qt/context.h>
#include <polkit-qt/auth.h>
namespace KAuth
{
PolicyKitBackend::PolicyKitBackend()
: AuthBackend()
{
setCapabilities(AuthorizeFromClientCapability);
}
Action::AuthStatus PolicyKitBackend::authorizeAction(const QString &action)
{
switch (PolkitQt::Auth::computeAndObtainAuth(action)) {
case PolkitQt::Auth::Yes:
return Action::Authorized;
default:
return Action::Denied;
}
}
void PolicyKitBackend::setupAction(const QString &action)
{
connect(PolkitQt::Context::instance(), SIGNAL(configChanged()),
this, SLOT(checkForResultChanged()));
connect(PolkitQt::Context::instance(), SIGNAL(consoleKitDBChanged()),
this, SLOT(checkForResultChanged()));
m_cachedResults[action] = actionStatus(action);
}
Action::AuthStatus PolicyKitBackend::actionStatus(const QString &action)
{
PolkitQt::Auth::Result r = PolkitQt::Auth::isCallerAuthorized(action, QCoreApplication::applicationPid(),
false);
switch (r) {
case PolkitQt::Auth::Yes:
return Action::Authorized;
case PolkitQt::Auth::No:
case PolkitQt::Auth::Unknown:
return Action::Denied;
default:
return Action::AuthRequired;
}
}
QByteArray PolicyKitBackend::callerID() const
{
QByteArray a;
QDataStream s(&a, QIODevice::WriteOnly);
s << QCoreApplication::applicationPid();
return a;
}
bool PolicyKitBackend::isCallerAuthorized(const QString &action, QByteArray callerID)
{
QDataStream s(&callerID, QIODevice::ReadOnly);
qint64 pid;
s >> pid;
return (PolkitQt::Auth::isCallerAuthorized(action, pid, false) == PolkitQt::Auth::Yes);
}
void PolicyKitBackend::checkForResultChanged()
{
QHash<QString, Action::AuthStatus>::iterator i;
for (i = m_cachedResults.begin(); i != m_cachedResults.end(); ++i) {
if (i.value() != actionStatus(i.key())) {
i.value() = actionStatus(i.key());
emit actionStatusChanged(i.key(), i.value());
}
}
}
} // namespace Auth
Q_EXPORT_PLUGIN2(kauth_backend, KAuth::PolicyKitBackend)

54
kdecore/auth/backends/policykit/PolicyKitBackend.h
View file

@ -1,54 +0,0 @@
/*
* Copyright (C) 2008 Nicola Gigante <nicola.gigante@gmail.com>
* Copyright (C) 2009 Dario Freddi <drf@kde.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the
* Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA .
*/
#ifndef POLICYKIT_BACKEND_H
#define POLICYKIT_BACKEND_H
#include "AuthBackend.h"
#include <QHash>
class QByteArray;
namespace KAuth
{
class PolicyKitBackend : public AuthBackend
{
Q_OBJECT
Q_INTERFACES(KAuth::AuthBackend)
public:
PolicyKitBackend();
virtual void setupAction(const QString&);
virtual Action::AuthStatus authorizeAction(const QString&);
virtual Action::AuthStatus actionStatus(const QString&);
virtual QByteArray callerID() const;
virtual bool isCallerAuthorized(const QString &action, QByteArray callerID);
private Q_SLOTS:
void checkForResultChanged();
private:
QHash<QString, Action::AuthStatus> m_cachedResults;
};
} // namespace Auth
#endif

119
kdecore/auth/backends/policykit/kauth-policy-gen-polkit.cpp
View file

@ -1,119 +0,0 @@
/*
* Copyright (C) 2008 Nicola Gigante <nicola.gigante@gmail.com>
* Copyright (C) 2009-2010 Dario Freddi <drf@kde.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the
* Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA .
*/
#include <auth/policy-gen/policy-gen.h>
#include <cstdio>
#include <QDebug>
#include <QTextStream>
const char header[] = ""
"<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"
"<!DOCTYPE policyconfig PUBLIC\n"
"\"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN\"\n"
"\"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd\">\n"
"<policyconfig>\n";
const char policy_tag[] = ""
" <defaults>\n"
" <allow_inactive>%1</allow_inactive>\n"
" <allow_active>%2</allow_active>\n"
" </defaults>\n";
const char dent[] = " ";
void output(QList<Action> actions, QHash<QString, QString> domain)
{
QTextStream out(stdout);
out.setCodec("UTF-8");
out << header;
// Blacklisted characters + replacements
QHash< QChar, QString > blacklist;
blacklist.insert(QChar::fromLatin1('&'), QString::fromLatin1("&amp;"));
if (domain.contains(QLatin1String("vendor"))) {
QHash< QChar, QString >::const_iterator blI;
QString vendor = domain[QLatin1String("vendor")];
for (blI = blacklist.constBegin(); blI != blacklist.constEnd(); ++blI) {
vendor.replace(blI.key(), blI.value());
}
out << "<vendor>" << vendor << "</vendor>\n";
}
if (domain.contains(QLatin1String("vendorurl"))) {
out << "<vendor_url>" << domain[QLatin1String("vendorurl")] << "</vendor_url>\n";
}
if (domain.contains(QLatin1String("icon"))) {
out << "<icon_name>" << domain[QLatin1String("icon")] << "</icon_name>\n";
}
foreach (const Action &action, actions) {
out << dent << "<action id=\"" << action.name << "\" >\n";
for (QHash< QString, QString >::const_iterator i = action.messages.constBegin(); i != action.messages.constEnd(); ++i) {
out << dent << dent << "<description";
if (i.key() != QLatin1String("en")) {
out << " xml:lang=\"" << i.key() << '"';
}
QHash< QChar, QString >::const_iterator blI;
QString description = i.value();
for (blI = blacklist.constBegin(); blI != blacklist.constEnd(); ++blI) {
description.replace(blI.key(), blI.value());
}
out << '>' << description << "</description>\n";
}
for (QHash< QString, QString>::const_iterator i = action.descriptions.constBegin();
i != action.descriptions.constEnd();
++i) {
out << dent << dent << "<message";
if (i.key() != QLatin1String("en")) {
out << " xml:lang=\"" << i.key() << '"';
}
QHash< QChar, QString >::const_iterator blI;
QString message = i.value();
for (blI = blacklist.constBegin(); blI != blacklist.constEnd(); ++blI) {
message.replace(blI.key(), blI.value());
}
out << '>' << message << "</message>\n";
}
QString policy = action.policy;
QString policyInactive = action.policyInactive.isEmpty() ? QLatin1String("no") : action.policyInactive;
if (!action.persistence.isEmpty() && policy != QLatin1String("yes") && policy != QLatin1String("no")) {
policy += QLatin1String("_keep_") + action.persistence;
}
if (!action.persistence.isEmpty() && policyInactive != QLatin1String("yes") &&
policyInactive != QLatin1String("no")) {
policyInactive += QLatin1String("_keep_") + action.persistence;
}
out << QString(QLatin1String(policy_tag)).arg(policyInactive).arg(policy);
out << dent << "</action>\n";
}
out << "</policyconfig>\n";
}

220
kdecore/auth/backends/polkit-1/Polkit1Backend.cpp
View file

@ -1,220 +0,0 @@
/*
* Copyright (C) 2008 Nicola Gigante <nicola.gigante@gmail.com>
* Copyright (C) 2009 Radek Novacek <rnovacek@redhat.com>
* Copyright (C) 2009-2010 Dario Freddi <drf@kde.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the
* Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA .
*/
#include "Polkit1Backend.h"
#include <QtCore/qplugin.h>
#include <QtCore/QCoreApplication>
#include <QtCore/QTimer>
#include <QtGui/QApplication>
#include <QtGui/QWidget>
#include <QtDBus/QDBusConnection>
#include <QtDBus/QDBusConnectionInterface>
#include <kdebug.h>
#include <PolkitQt1/Authority>
#include <PolkitQt1/Subject>
namespace KAuth
{
PolkitResultEventLoop::PolkitResultEventLoop(QObject* parent)
: QEventLoop(parent)
{
}
PolkitResultEventLoop::~PolkitResultEventLoop()
{
}
void PolkitResultEventLoop::requestQuit(const PolkitQt1::Authority::Result& result)
{
m_result = result;
quit();
}
PolkitQt1::Authority::Result PolkitResultEventLoop::result() const
{
return m_result;
}
Polkit1Backend::Polkit1Backend()
: AuthBackend()
, m_flyingActions(false)
{
setCapabilities(AuthorizeFromHelperCapability | CheckActionExistenceCapability | PreAuthActionCapability);
// Setup useful signals
connect(PolkitQt1::Authority::instance(), SIGNAL(configChanged()),
this, SLOT(checkForResultChanged()));
connect(PolkitQt1::Authority::instance(), SIGNAL(consoleKitDBChanged()),
this, SLOT(checkForResultChanged()));
connect(PolkitQt1::Authority::instance(), SIGNAL(enumerateActionsFinished(PolkitQt1::ActionDescription::List)),
this, SLOT(updateCachedActions(PolkitQt1::ActionDescription::List)));
// Cache existing action IDs as soon as possible
m_flyingActions = true;
PolkitQt1::Authority::instance()->enumerateActions();
}
Polkit1Backend::~Polkit1Backend()
{
}
void Polkit1Backend::preAuthAction(const QString& action, QWidget* parent)
{
kDebug();
// If a parent was not specified, skip this
if (!parent) {
kDebug() << "Parent widget does not exist, skipping";
return;
}
// Are we running our KDE auth agent?
if (QDBusConnection::sessionBus().interface()->isServiceRegistered(QLatin1String("org.kde.Polkit1AuthAgent"))) {
// Check if we actually are entitled to use GUI capabilities
if (qApp == 0 || QApplication::type() == QApplication::Tty) {
kDebug() << "Not streaming parent as we are on a TTY application";
}
// Retrieve the dialog root window Id
qulonglong wId = parent->effectiveWinId();
// Send it over the bus to our agent
QDBusMessage methodCall =
QDBusMessage::createMethodCall(QLatin1String("org.kde.Polkit1AuthAgent"), QLatin1String("/org/kde/Polkit1AuthAgent"), QLatin1String("org.kde.Polkit1AuthAgent"),
QLatin1String("setWIdForAction"));
methodCall << action;
methodCall << wId;
QDBusPendingCall call = QDBusConnection::sessionBus().asyncCall(methodCall);
call.waitForFinished();
if (call.isError()) {
kWarning() << "ERROR while streaming the parent!!" << call.error();
}
} else {
kDebug() << "KDE polkit agent appears too old or not registered on the bus";
}
}
void Polkit1Backend::updateCachedActions(const PolkitQt1::ActionDescription::List& actions)
{
m_knownActions.clear();
foreach (const PolkitQt1::ActionDescription& action, actions) {
m_knownActions << action.actionId();
}
m_flyingActions = false;
}
Action::AuthStatus Polkit1Backend::authorizeAction(const QString &action)
{
Q_UNUSED(action)
// Always return Yes here, we'll authorize inside isCallerAuthorized
return Action::Authorized;
}
void Polkit1Backend::setupAction(const QString &action)
{
m_cachedResults[action] = actionStatus(action);
}
Action::AuthStatus Polkit1Backend::actionStatus(const QString &action)
{
PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID()));
PolkitQt1::Authority::Result r = PolkitQt1::Authority::instance()->checkAuthorizationSync(action, subject,
PolkitQt1::Authority::None);
switch (r) {
case PolkitQt1::Authority::Yes:
return Action::Authorized;
case PolkitQt1::Authority::No:
case PolkitQt1::Authority::Unknown:
return Action::Denied;
default:
return Action::AuthRequired;
}
}
QByteArray Polkit1Backend::callerID() const
{
return QDBusConnection::systemBus().baseService().toUtf8();
}
bool Polkit1Backend::isCallerAuthorized(const QString &action, QByteArray callerID)
{
PolkitQt1::SystemBusNameSubject subject(QString::fromUtf8(callerID));
PolkitQt1::Authority *authority = PolkitQt1::Authority::instance();
PolkitResultEventLoop e;
connect(authority, SIGNAL(checkAuthorizationFinished(PolkitQt1::Authority::Result)),
&e, SLOT(requestQuit(PolkitQt1::Authority::Result)));
authority->checkAuthorization(action, subject, PolkitQt1::Authority::AllowUserInteraction);
e.exec();
switch (e.result()) {
case PolkitQt1::Authority::Yes:
return true;
default:
return false;
}
return false;
}
void Polkit1Backend::checkForResultChanged()
{
foreach(const QString &action, m_cachedResults.keys()) {
if (m_cachedResults[action] != actionStatus(action)) {
m_cachedResults[action] = actionStatus(action);
emit actionStatusChanged(action, m_cachedResults[action]);
}
}
// Force updating known actions
PolkitQt1::Authority::instance()->enumerateActions();
m_flyingActions = true;
}
bool Polkit1Backend::actionExists(const QString& action)
{
// Any flying actions?
if (m_flyingActions) {
int tries = 0;
while (m_flyingActions && tries < 10) {
// Wait max 2 seconds
QEventLoop e;
QTimer::singleShot(200, &e, SLOT(quit()));
e.exec();
++tries;
}
}
return m_knownActions.contains(action);
}
} // namespace Auth
Q_EXPORT_PLUGIN2(kauth_backend, KAuth::Polkit1Backend)

82
kdecore/auth/backends/polkit-1/Polkit1Backend.h
View file

@ -1,82 +0,0 @@
/*
* Copyright (C) 2008 Nicola Gigante <nicola.gigante@gmail.com>
* Copyright (C) 2009 Radek Novacek <rnovacek@redhat.com>
* Copyright (C) 2009-2010 Dario Freddi <drf@kde.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the
* Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA .
*/
#ifndef POLKIT1BACKEND_H
#define POLKIT1BACKEND_H
#include "AuthBackend.h"
#include <QtCore/QHash>
#include <QtCore/QEventLoop>
#include <QtCore/QStringList>
#include <PolkitQt1/Authority>
class QByteArray;
namespace KAuth
{
class Polkit1Backend : public AuthBackend
{
Q_OBJECT
Q_INTERFACES(KAuth::AuthBackend)
public:
Polkit1Backend();
virtual ~Polkit1Backend();
virtual void setupAction(const QString&);
virtual void preAuthAction(const QString& action, QWidget* parent);
virtual Action::AuthStatus authorizeAction(const QString&);
virtual Action::AuthStatus actionStatus(const QString&);
virtual QByteArray callerID() const;
virtual bool isCallerAuthorized(const QString &action, QByteArray callerID);
virtual bool actionExists(const QString& action);
private Q_SLOTS:
void checkForResultChanged();
void updateCachedActions(const PolkitQt1::ActionDescription::List &actions);
private:
QHash<QString, Action::AuthStatus> m_cachedResults;
QStringList m_knownActions;
bool m_flyingActions;
};
class PolkitResultEventLoop : public QEventLoop
{
Q_OBJECT
public:
PolkitResultEventLoop(QObject* parent = 0);
virtual ~PolkitResultEventLoop();
PolkitQt1::Authority::Result result() const;
public Q_SLOTS:
void requestQuit(const PolkitQt1::Authority::Result &result);
private:
PolkitQt1::Authority::Result m_result;
};
} // namespace Auth
#endif

122
kdecore/auth/backends/polkit-1/kauth-policy-gen-polkit1.cpp
View file

@ -1,122 +0,0 @@
/*
* Copyright (C) 2008 Nicola Gigante <nicola.gigante@gmail.com>
* Copyright (C) 2009-2010 Dario Freddi <drf@kde.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the
* Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA .
*/
#include <auth/policy-gen/policy-gen.h>
#include <cstdio>
#include <QDebug>
#include <QTextStream>
const char header[] = ""
"<?xml version=\"1.0\" encoding=\"utf-8\"?>\n"
"<!DOCTYPE policyconfig PUBLIC\n"
"\"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN\"\n"
"\"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd\">\n"
"<policyconfig>\n";
const char policy_tag[] = ""
" <defaults>\n"
" <allow_inactive>%1</allow_inactive>\n"
" <allow_active>%2</allow_active>\n"
" </defaults>\n";
const char dent[] = " ";
void output(QList<Action> actions, QHash<QString, QString> domain)
{
QTextStream out(stdout);
out.setCodec("UTF-8");
out << header;
// Blacklisted characters + replacements
QHash< QChar, QString > blacklist;
blacklist.insert(QLatin1Char('&'), QLatin1String("&amp;"));
if (domain.contains(QLatin1String("vendor"))) {
QHash< QChar, QString >::const_iterator blI;
QString vendor = domain[QLatin1String("vendor")];
for (blI = blacklist.constBegin(); blI != blacklist.constEnd(); ++blI) {
vendor.replace(blI.key(), blI.value());
}
out << "<vendor>" << vendor << "</vendor>\n";
}
if (domain.contains(QLatin1String("vendorurl"))) {
out << "<vendor_url>" << domain[QLatin1String("vendorurl")] << "</vendor_url>\n";
}
if (domain.contains(QLatin1String("icon"))) {
out << "<icon_name>" << domain[QLatin1String("icon")] << "</icon_name>\n";
}
foreach (const Action &action, actions) {
out << dent << "<action id=\"" << action.name << "\" >\n";
// Not a typo, messages and descriptions are actually inverted
for (QHash< QString, QString >::const_iterator i = action.messages.constBegin(); i != action.messages.constEnd(); ++i) {
out << dent << dent << "<description";
if (i.key() != QLatin1String("en")) {
out << " xml:lang=\"" << i.key() << '"';
}
QHash< QChar, QString >::const_iterator blI;
QString description = i.value();
for (blI = blacklist.constBegin(); blI != blacklist.constEnd(); ++blI) {
description.replace(blI.key(), blI.value());
}
out << '>' << description << "</description>\n";
}
QHash< QString, QString >::const_iterator i;
for (QHash< QString, QString >::const_iterator i = action.descriptions.constBegin();
i != action.descriptions.constEnd();
++i) {
out << dent << dent << "<message";
if (i.key() != QLatin1String("en")) {
out << " xml:lang=\"" << i.key() << '"';
}
QHash< QChar, QString >::const_iterator blI;
QString message = i.value();
for (blI = blacklist.constBegin(); blI != blacklist.constEnd(); ++blI) {
message.replace(blI.key(), blI.value());
}
out << '>' << message << "</message>\n";
}
QString policy = action.policy;
QString policyInactive = action.policyInactive.isEmpty() ? QLatin1String("no") : action.policyInactive;
if (!action.persistence.isEmpty() && policy != QLatin1String("yes") && policy !=
QLatin1String("no")) {
policy += QLatin1String("_keep");
}
if (!action.persistence.isEmpty() && policyInactive != QLatin1String("yes") && policyInactive !=
QLatin1String("no")) {
policyInactive += QLatin1String("_keep");
}
out << QString(QLatin1String(policy_tag)).arg(policyInactive).arg(policy);
out << dent << "</action>\n";
}
out << "</policyconfig>\n";
}

155
kdecore/auth/policy-gen/policy-gen.cpp
View file

@ -1,155 +0,0 @@
/*
* Copyright (C) 2008 Nicola Gigante <nicola.gigante@gmail.com>
* Copyright (C) 2009 Dario Freddi <drf@kde.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the
* Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA .
*/
#include "policy-gen.h"
#include <QFile>
#include <QCoreApplication>
#include <QSettings>
#include <QRegExp>
#include <QStringList>
#include <QDebug>
using namespace std;
QList<Action> parse(QSettings &ini);
QHash<QString, QString> parseDomain(QSettings &ini);
int main(int argc, char **argv)
{
QCoreApplication app(argc, argv);
if (argc < 2) {
qCritical("Too few arguments");
return 1;
}
QSettings ini(QFile::decodeName(argv[1]), QSettings::IniFormat);
ini.setIniCodec("UTF-8");
if (ini.status()) {
qCritical("Error loading file: %s", argv[1]);
return 1;
}
output(parse(ini), parseDomain(ini));
}
QList<Action> parse(QSettings &ini)
{
QList<Action> actions;
QRegExp actionExp(QLatin1String("[0-9a-z]+(\\.[0-9a-z]+)*"));
QRegExp descriptionExp(QLatin1String("description(?:\\[(\\w+)\\])?"));
QRegExp nameExp(QLatin1String("name(?:\\[(\\w+)\\])?"));
QRegExp policyExp(QLatin1String("yes|no|auth_self|auth_admin"));
descriptionExp.setCaseSensitivity(Qt::CaseInsensitive);
nameExp.setCaseSensitivity(Qt::CaseInsensitive);
foreach(const QString &name, ini.childGroups()) {
Action action;
if (name == QLatin1String("Domain")) {
continue;
}
if (!actionExp.exactMatch(name)) {
qCritical("Wrong action syntax: %s\n", name.toLatin1().data());
exit(1);
}
action.name = name;
ini.beginGroup(name);
foreach(const QString &key, ini.childKeys()) {
if (descriptionExp.exactMatch(key)) {
QString lang = descriptionExp.capturedTexts().at(1);
if (lang.isEmpty())
lang = QString::fromLatin1("en");
action.descriptions.insert(lang, ini.value(key).toString());
} else if (nameExp.exactMatch(key)) {
QString lang = nameExp.capturedTexts().at(1);
if (lang.isEmpty())
lang = QString::fromLatin1("en");
action.messages.insert(lang, ini.value(key).toString());
} else if (key.toLower() == QLatin1String("policy")) {
QString policy = ini.value(key).toString();
if (!policyExp.exactMatch(policy)) {
qCritical("Wrong policy: %s", policy.toLatin1().data());
exit(1);
}
action.policy = policy;
} else if (key.toLower() == QLatin1String("policyinactive")) {
QString policyInactive = ini.value(key).toString();
if (!policyExp.exactMatch(policyInactive)) {
qCritical("Wrong policy: %s", policyInactive.toLatin1().data());
exit(1);
}
action.policyInactive = policyInactive;
} else if (key.toLower() == QLatin1String("persistence")) {
QString persistence = ini.value(key).toString();
if (persistence != QLatin1String("session") && persistence != QLatin1String("always")) {
qCritical("Wrong persistence: %s", persistence.toLatin1().data());
exit(1);
}
action.persistence = persistence;
}
}
if (action.policy.isEmpty() || action.messages.isEmpty() || action.descriptions.isEmpty()) {
qCritical("Missing option in action: %s", name.toLatin1().data());
exit(1);
}
ini.endGroup();
actions.append(action);
}
return actions;
}
QHash<QString, QString> parseDomain(QSettings& ini)
{
QHash<QString, QString> rethash;
if (ini.childGroups().contains(QString::fromLatin1("Domain"))) {
if (ini.contains(QString::fromLatin1("Domain/Name"))) {
rethash[QString::fromLatin1("vendor")] = ini.value(QString::fromLatin1("Domain/Name")).toString();
}
if (ini.contains(QString::fromLatin1("Domain/URL"))) {
rethash[QString::fromLatin1("vendorurl")] = ini.value(QString::fromLatin1("Domain/URL")).toString();
}
if (ini.contains(QString::fromLatin1("Domain/Icon"))) {
rethash[QString::fromLatin1("icon")] = ini.value(QString::fromLatin1("Domain/Icon")).toString();
}
}
return rethash;
}

42
kdecore/auth/policy-gen/policy-gen.h
View file

@ -1,42 +0,0 @@
/*
* Copyright (C) 2008 Nicola Gigante <nicola.gigante@gmail.com>
* Copyright (C) 2009 Dario Freddi <drf@kde.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, write to the
* Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA .
*/
#ifndef _POLICY_GEN_H_
#define _POLICY_GEN_H_
#include <QString>
#include <QMap>
#include <QHash>
struct Action {
QString name;
QHash<QString, QString> descriptions;
QHash<QString, QString> messages;
QString policy;
QString policyInactive;
QString persistence;
};
extern void output(QList<Action> actions, QHash<QString, QString> domain);
#endif