Commit 13821cff authored by David Zeuthen's avatar David Zeuthen

finish authentication agent integration

Yay, it works!
parent 39427166
......@@ -6,7 +6,6 @@
<interface name="org.freedesktop.PolicyKit1.AuthenticationAgent">
<method name="BeginAuthentication">
<!-- The action id for the action that the user is authentication for -->
<arg name="action_id" direction="in" type="s"/>
......@@ -15,13 +14,10 @@
<!-- A list of identities of that the user can use for authentication -->
<arg name="identities" direction="in" type="a(sa{sv})"/>
</method>
<method name="EndAuthentication">
<method name="CancelAuthentication">
<arg name="cookie" direction="in" type="s"/>
</method>
</interface>
......
......@@ -238,5 +238,16 @@
</arg>
</method>
<method name="AuthenticationAgentResponse">
<arg name="cookie" direction="in" type="s">
<annotation name="org.gtk.EggDBus.DocString" value="The cookie identifying the authentication request that was passed to the authentication agent"/>
</arg>
<arg name="identity" direction="in" type="(sa{sv})">
<annotation name="org.gtk.EggDBus.StructType" value="Identity"/>
<annotation name="org.gtk.EggDBus.DocString" value="The identity that was authenticated"/>
</arg>
</method>
</interface>
</node>
......@@ -1046,3 +1046,107 @@ polkit_authority_unregister_authentication_agent_sync (PolkitAuthority *auth
}
/* ---------------------------------------------------------------------------------------------------- */
static guint
polkit_authority_authentication_agent_response_async (PolkitAuthority *authority,
const gchar *cookie,
PolkitIdentity *identity,
GCancellable *cancellable,
GAsyncReadyCallback callback,
gpointer user_data)
{
guint call_id;
GSimpleAsyncResult *simple;
_PolkitIdentity *real_identity;
simple = g_simple_async_result_new (G_OBJECT (authority),
callback,
user_data,
polkit_authority_authentication_agent_response_async);
real_identity = polkit_identity_get_real (identity);
call_id = _polkit_authority_authentication_agent_response (authority->real,
EGG_DBUS_CALL_FLAGS_NONE,
cookie,
real_identity,
cancellable,
generic_async_cb,
simple);
g_object_unref (real_identity);
return call_id;
}
void
polkit_authority_authentication_agent_response (PolkitAuthority *authority,
const gchar *cookie,
PolkitIdentity *identity,
GCancellable *cancellable,
GAsyncReadyCallback callback,
gpointer user_data)
{
polkit_authority_authentication_agent_response_async (authority,
cookie,
identity,
cancellable,
callback,
user_data);
}
gboolean
polkit_authority_authentication_agent_response_finish (PolkitAuthority *authority,
GAsyncResult *res,
GError **error)
{
GSimpleAsyncResult *simple;
GAsyncResult *real_res;
gboolean ret;
simple = G_SIMPLE_ASYNC_RESULT (res);
real_res = G_ASYNC_RESULT (g_simple_async_result_get_op_res_gpointer (simple));
g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == polkit_authority_authentication_agent_response_async);
ret = _polkit_authority_authentication_agent_response_finish (authority->real,
real_res,
error);
if (!ret)
goto out;
out:
g_object_unref (real_res);
return ret;
}
gboolean
polkit_authority_authentication_agent_response_sync (PolkitAuthority *authority,
const gchar *cookie,
PolkitIdentity *identity,
GCancellable *cancellable,
GError **error)
{
guint call_id;
GAsyncResult *res;
gboolean ret;
call_id = polkit_authority_authentication_agent_response_async (authority,
cookie,
identity,
cancellable,
generic_cb,
&res);
egg_dbus_connection_pending_call_block (authority->system_bus, call_id);
ret = polkit_authority_authentication_agent_response_finish (authority, res, error);
g_object_unref (res);
return ret;
}
/* ---------------------------------------------------------------------------------------------------- */
......@@ -93,6 +93,12 @@ gboolean polkit_authority_unregister_authentication_agent_sync
GCancellable *cancellable,
GError **error);
gboolean polkit_authority_authentication_agent_response_sync (PolkitAuthority *authority,
const gchar *cookie,
PolkitIdentity *identity,
GCancellable *cancellable,
GError **error);
/* ---------------------------------------------------------------------------------------------------- */
void polkit_authority_enumerate_actions (PolkitAuthority *authority,
......@@ -188,6 +194,17 @@ gboolean polkit_authority_unregister_authentication_agent_fini
GAsyncResult *res,
GError **error);
void polkit_authority_authentication_agent_response (PolkitAuthority *authority,
const gchar *cookie,
PolkitIdentity *identity,
GCancellable *cancellable,
GAsyncReadyCallback callback,
gpointer user_data);
gboolean polkit_authority_authentication_agent_response_finish (PolkitAuthority *authority,
GAsyncResult *res,
GError **error);
/* ---------------------------------------------------------------------------------------------------- */
G_END_DECLS
......
......@@ -65,7 +65,8 @@ libpolkit_agent_1_la_LIBADD = \
libexec_PROGRAMS = polkit-agent-helper-1
polkit_agent_helper_1_SOURCES = polkitagenthelper.c
polkit_agent_helper_1_LDADD = $(AUTH_LIBS)
polkit_agent_helper_1_CFLAGS = $(GLIB_CFLAGS)
polkit_agent_helper_1_LDADD = $(AUTH_LIBS) $(top_builddir)/src/polkit/libpolkit-gobject-1.la
# polkit-agent-helper-1 need to be setuid root because it's used to
# authenticate not only the invoking user, but possibly also root
......
......@@ -35,7 +35,7 @@ struct _PolkitAgentAuthenticationAgent
PolkitAuthority *authority;
PolkitAgentAuthenticationAgentBeginFunc begin_func;
PolkitAgentAuthenticationAgentEndFunc end_func;
PolkitAgentAuthenticationAgentCancelFunc cancel_func;
gpointer user_data;
};
......@@ -100,7 +100,7 @@ polkit_agent_authentication_agent_class_init (PolkitAgentAuthenticationAgentClas
PolkitAgentAuthenticationAgent *
polkit_agent_authentication_agent_new (PolkitAgentAuthenticationAgentBeginFunc begin_func,
PolkitAgentAuthenticationAgentEndFunc end_func,
PolkitAgentAuthenticationAgentCancelFunc cancel_func,
gpointer user_data,
GError **error)
{
......@@ -109,7 +109,7 @@ polkit_agent_authentication_agent_new (PolkitAgentAuthenticationAgentBeginFunc b
agent = POLKIT_AGENT_AUTHENTICATION_AGENT (g_object_new (POLKIT_AGENT_TYPE_AUTHENTICATION_AGENT, NULL));
agent->begin_func = begin_func;
agent->end_func = end_func;
agent->cancel_func = cancel_func;
agent->user_data = user_data;
if (!polkit_authority_register_authentication_agent_sync (agent->authority,
......@@ -147,41 +147,51 @@ handle_begin_authentication (_PolkitAgentAuthenticationAgent *instance,
list = g_list_reverse (list);
error = NULL;
if (!agent->begin_func (agent,
action_id,
cookie,
list,
&error,
agent->user_data))
agent->begin_func (agent,
action_id,
cookie,
list,
(gpointer) method_invocation);
g_list_free (list);
}
void
polkit_agent_authentication_agent_finish (PolkitAgentAuthenticationAgent *agent,
gpointer pending_call,
GError *error)
{
EggDBusMethodInvocation *method_invocation = EGG_DBUS_METHOD_INVOCATION (pending_call);
if (error != NULL)
{
egg_dbus_method_invocation_return_gerror (method_invocation, error);
g_error_free (error);
}
else
{
_polkit_agent_authentication_agent_handle_begin_authentication_finish (method_invocation);
}
g_list_free (list);
}
static void
handle_end_authentication (_PolkitAgentAuthenticationAgent *instance,
const gchar *cookie,
EggDBusMethodInvocation *method_invocation)
handle_cancel_authentication (_PolkitAgentAuthenticationAgent *instance,
const gchar *cookie,
EggDBusMethodInvocation *method_invocation)
{
PolkitAgentAuthenticationAgent *agent = POLKIT_AGENT_AUTHENTICATION_AGENT (instance);
agent->end_func (agent,
cookie,
agent->user_data);
agent->cancel_func (agent,
cookie,
agent->user_data);
_polkit_agent_authentication_agent_handle_end_authentication_finish (method_invocation);
_polkit_agent_authentication_agent_handle_cancel_authentication_finish (method_invocation);
}
static void
authentication_agent_iface_init (_PolkitAgentAuthenticationAgentIface *agent_iface)
{
agent_iface->handle_begin_authentication = handle_begin_authentication;
agent_iface->handle_end_authentication = handle_end_authentication;
agent_iface->handle_cancel_authentication = handle_cancel_authentication;
}
......@@ -19,8 +19,8 @@
* Author: David Zeuthen <davidz@redhat.com>
*/
#ifndef __POLKIT_AGENT_AUTHENTICATION_SESSION_H
#define __POLKIT_AGENT_AUTHENTICATION_SESSION_H
#ifndef __POLKIT_AGENT_AUTHENTICATION_AGENT_H
#define __POLKIT_AGENT_AUTHENTICATION_AGENT_H
#include <polkit/polkit.h>
#include <polkitagent/polkitagenttypes.h>
......@@ -41,25 +41,29 @@ typedef struct _PolkitAgentAuthenticationAgentClass PolkitAgentAuthentication
/* TODO: we probably want to express this interface in another way but this is good enough for now */
typedef gboolean (*PolkitAgentAuthenticationAgentBeginFunc) (PolkitAgentAuthenticationAgent *agent,
const gchar *action_id,
const gchar *cookie,
GList *identities,
GError **error,
gpointer user_data);
typedef void (*PolkitAgentAuthenticationAgentEndFunc) (PolkitAgentAuthenticationAgent *agent,
typedef void (*PolkitAgentAuthenticationAgentBeginFunc) (PolkitAgentAuthenticationAgent *agent,
const gchar *action_id,
const gchar *cookie,
gpointer user_data);
GList *identities,
gpointer pending_call);
typedef void (*PolkitAgentAuthenticationAgentCancelFunc) (PolkitAgentAuthenticationAgent *agent,
const gchar *cookie,
gpointer user_data);
GType polkit_agent_authentication_agent_get_type (void) G_GNUC_CONST;
PolkitAgentAuthenticationAgent *polkit_agent_authentication_agent_new (PolkitAgentAuthenticationAgentBeginFunc begin_func,
PolkitAgentAuthenticationAgentEndFunc end_func,
PolkitAgentAuthenticationAgentCancelFunc cancel_func,
gpointer user_data,
GError **error);
void polkit_agent_authentication_agent_finish (PolkitAgentAuthenticationAgent *agent,
gpointer pending_call,
GError *error);
/* --- */
G_END_DECLS
#endif /* __POLKIT_AGENT_AUTHENTICATION_SESSION_H */
#endif /* __POLKIT_AGENT_AUTHENTICATION_AGENT_H */
......@@ -286,7 +286,7 @@ polkit_agent_authentication_session_initiate_auth (PolkitAgentAuthenticationSess
goto error;
}
helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-session-helper-1";
helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-agent-helper-1";
helper_argv[1] = passwd->pw_name;
helper_argv[2] = session->cookie;
helper_argv[3] = NULL;
......
......@@ -29,6 +29,8 @@
#include <syslog.h>
#include <security/pam_appl.h>
#include <polkit/polkit.h>
#ifdef HAVE_SOLARIS
# define LOG_AUTHPRIV (10<<3)
#endif
......@@ -38,7 +40,9 @@
* sensitive information.
*/
#undef PAH_DEBUG
#define PAH_DEBUG
//#define PAH_DEBUG
static gboolean send_dbus_message (const char *cookie, const char *user);
static int conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data);
......@@ -154,9 +158,11 @@ main (int argc, char *argv[])
fprintf (stderr, "polkit-agent-helper-1: successfully authenticated user '%s'.\n", user_to_auth);
#endif /* PAH_DEBUG */
/* TODO: now send a D-Bus message to the PolicyKit daemon that
* includes a) the cookie; and b) the user we authenticated
/* now send a D-Bus message to the PolicyKit daemon that
* includes a) the cookie; and b) the user we authenticated
*/
if (!send_dbus_message (cookie, user_to_auth))
goto error;
fprintf (stdout, "SUCCESS\n");
fflush (stdout);
......@@ -253,3 +259,51 @@ error:
*resp = NULL;
return PAM_CONV_ERR;
}
static gboolean
send_dbus_message (const char *cookie, const char *user)
{
PolkitAuthority *authority;
PolkitIdentity *identity;
GError *error;
gboolean ret;
ret = FALSE;
error = NULL;
g_type_init ();
authority = polkit_authority_get ();
identity = polkit_unix_user_new_for_name (user, &error);
if (identity == NULL)
{
g_printerr ("Error constructing identity: %s\n", error->message);
g_error_free (error);
goto out;
}
if (!polkit_authority_authentication_agent_response_sync (authority,
cookie,
identity,
NULL,
&error))
{
g_printerr ("Error sending response to PolicyKit daemon: %s\n", error->message);
g_error_free (error);
goto out;
}
ret = TRUE;
out:
if (identity != NULL)
g_object_unref (identity);
if (authority != NULL)
g_object_unref (authority);
return ret;
}
......@@ -15,23 +15,33 @@ INCLUDES = \
-DEGG_DBUS_I_KNOW_API_IS_SUBJECT_TO_CHANGE \
$(NULL)
BUILT_SOURCES = \
ckmanager.c ckmanager.h \
cksession.c cksession.h \
ckseat.c ckseat.h \
ckdevice.c ckdevice.h \
ckbindings.c ckbindings.h \
ckbindingsmarshal.list \
ckbindingsmarshal.c ckbindingsmarshal.h \
ckbindingstypes.h \
ckerror.c ckerror.h \
BUILT_SOURCES = \
ckmanager.c ckmanager.h \
cksession.c cksession.h \
ckseat.c ckseat.h \
ckdevice.c ckdevice.h \
ckbindings.c ckbindings.h \
ckbindingsmarshal.list \
ckbindingsmarshal.c ckbindingsmarshal.h \
ckbindingstypes.h \
ckerror.c ckerror.h \
_polkitagentauthenticationagent.c _polkitagentauthenticationagent.h \
_polkitagentbindings.c _polkitagentbindings.h \
_polkitagentbindingsmarshal.list \
_polkitagentbindingsmarshal.c _polkitagentbindingsmarshal.h \
_polkitagentbindingstypes.h \
$(NULL)
$(BUILT_SOURCES) : Makefile.am $(top_srcdir)/src/polkitbackend/org.freedesktop.ConsoleKit.xml
eggdbus-binding-tool \
--namespace "Ck" \
--dbus-namespace "org.freedesktop.ConsoleKit" \
--introspection-xml $(top_srcdir)/src/polkitbackend/org.freedesktop.ConsoleKit.xml \
$(BUILT_SOURCES) : Makefile.am $(top_srcdir)/src/polkitbackend/org.freedesktop.ConsoleKit.xml $(top_srcdir)/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml
eggdbus-binding-tool \
--namespace "Ck" \
--dbus-namespace "org.freedesktop.ConsoleKit" \
--introspection-xml $(top_srcdir)/src/polkitbackend/org.freedesktop.ConsoleKit.xml \
$(NULL)
eggdbus-binding-tool \
--namespace "_PolkitAgent" \
--dbus-namespace "org.freedesktop.PolicyKit1" \
--introspection-xml $(top_srcdir)/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml \
$(NULL)
lib_LTLIBRARIES=libpolkit-backend-1.la
......
......@@ -161,3 +161,16 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority
klass->unregister_authentication_agent (authority, object_path, pending_call);
}
void
polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority,
const gchar *cookie,
PolkitIdentity *identity,
PolkitBackendPendingCall *pending_call)
{
PolkitBackendAuthorityClass *klass;
klass = POLKIT_BACKEND_AUTHORITY_GET_CLASS (authority);
klass->authentication_agent_response (authority, cookie, identity, pending_call);
}
......@@ -95,6 +95,11 @@ struct _PolkitBackendAuthorityClass
const gchar *object_path,
PolkitBackendPendingCall *pending_call);
void (*authentication_agent_response) (PolkitBackendAuthority *authority,
const gchar *cookie,
PolkitIdentity *identity,
PolkitBackendPendingCall *pending_call);
/*< private >*/
/* Padding for future expansion */
void (*_polkit_reserved1) (void);
......@@ -154,6 +159,11 @@ void polkit_backend_authority_unregister_authentication_agent (PolkitBackend
const gchar *object_path,
PolkitBackendPendingCall *pending_call);
void polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority,
const gchar *cookie,
PolkitIdentity *identity,
PolkitBackendPendingCall *pending_call);
/* --- */
void polkit_backend_authority_enumerate_actions_finish (PolkitBackendPendingCall *pending_call,
......@@ -176,8 +186,11 @@ void polkit_backend_authority_add_authorization_finish (PolkitBackend
void polkit_backend_authority_remove_authorization_finish (PolkitBackendPendingCall *pending_call);
void polkit_backend_authority_register_authentication_agent_finish (PolkitBackendPendingCall *pending_call);
void polkit_backend_authority_unregister_authentication_agent_finish (PolkitBackendPendingCall *pending_call);
void polkit_backend_authority_authentication_agent_response_finish (PolkitBackendPendingCall *pending_call);
G_END_DECLS
......
......@@ -472,6 +472,37 @@ polkit_backend_authority_unregister_authentication_agent_finish (PolkitBackendPe
/* ---------------------------------------------------------------------------------------------------- */
static void
authority_handle_authentication_agent_response (_PolkitAuthority *instance,
const gchar *cookie,
_PolkitIdentity *real_identity,
EggDBusMethodInvocation *method_invocation)
{
PolkitBackendServer *server = POLKIT_BACKEND_SERVER (instance);
PolkitBackendPendingCall *pending_call;
PolkitIdentity *identity;
pending_call = _polkit_backend_pending_call_new (method_invocation, server);
identity = polkit_identity_new_for_real (real_identity);
g_object_set_data_full (G_OBJECT (pending_call), "identity", identity, (GDestroyNotify) g_object_unref);
polkit_backend_authority_authentication_agent_response (server->authority,
cookie,
identity,
pending_call);
}
void
polkit_backend_authority_authentication_agent_response_finish (PolkitBackendPendingCall *pending_call)
{
_polkit_authority_handle_authentication_agent_response_finish (_polkit_backend_pending_call_get_method_invocation (pending_call));
g_object_unref (pending_call);
}
/* ---------------------------------------------------------------------------------------------------- */
static void
authority_iface_init (_PolkitAuthorityIface *authority_iface)
{
......@@ -484,4 +515,5 @@ authority_iface_init (_PolkitAuthorityIface *authority_iface)
authority_iface->handle_remove_authorization = authority_handle_remove_authorization;
authority_iface->handle_register_authentication_agent = authority_handle_register_authentication_agent;
authority_iface->handle_unregister_authentication_agent = authority_handle_unregister_authentication_agent;
authority_iface->handle_authentication_agent_response = authority_handle_authentication_agent_response;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment