From 71ec33a92f33482e0d5cf7bd2eff57ab1c351721 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Tue, 30 Oct 2012 16:06:55 +0100 Subject: [PATCH] Register the 'realm' command as a fallback policy kit agent * This allows us to authorize via the console even when another polkit agent isn't running for the session. https://bugs.freedesktop.org/show_bug.cgi?id=56319 --- configure.ac | 4 ++-- tools/Makefile.am | 2 ++ tools/realm-client.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 52 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index 6b6109a..f39f116 100644 --- a/configure.ac +++ b/configure.ac @@ -1,6 +1,6 @@ AC_PREREQ(2.63) -AC_INIT([realmd], [0.10], +AC_INIT([realmd], [0.10.90], [http://bugs.freedesktop.org/enter_bug.cgi?product=realmd], [realmd]) @@ -85,7 +85,7 @@ AC_SUBST(PACKAGEKIT_LIBS) # -------------------------------------------------------------------- # PolicyKit -PKG_CHECK_MODULES(POLKIT, polkit-gobject-1) +PKG_CHECK_MODULES(POLKIT, polkit-gobject-1 polkit-agent-1) AC_SUBST(POLKIT_CFLAGS) AC_SUBST(POLKIT_LIBS) diff --git a/tools/Makefile.am b/tools/Makefile.am index 4335d98..a7dbd20 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -22,12 +22,14 @@ AM_CFLAGS = \ -I$(top_builddir)/dbus \ -DLOCALEDIR=\""$(datadir)/locale"\" \ -DREALMD_EXECUTABLE=\""$(privatedir)/realmd"\" \ + $(POLKIT_CFLAGS) \ $(GLIB_CFLAGS) \ $(KRB5_CFLAGS) \ $(NULL) LDADD = \ $(top_builddir)/dbus/librealm-dbus.a \ + $(POLKIT_LIBS) \ $(GLIB_LIBS) \ $(KRB5_LIBS) \ $(NULL) diff --git a/tools/realm-client.c b/tools/realm-client.c index 688f38d..a33d051 100644 --- a/tools/realm-client.c +++ b/tools/realm-client.c @@ -23,6 +23,9 @@ #include +#define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE +#include + #include #include @@ -32,6 +35,7 @@ struct _RealmClient { EggDBusObjectManagerClient parent; RealmDbusProvider *provider; GPid peer_pid; + gpointer polkit_handle; }; struct _RealmClientClass { @@ -58,7 +62,6 @@ on_complete_get_result (GObject *source, static void realm_client_init (RealmClient *self) { - } static void @@ -74,6 +77,9 @@ realm_client_finalize (GObject *obj) if (self->provider) g_object_unref (self->provider); + if (self->polkit_handle) + polkit_agent_listener_unregister (self->polkit_handle); + G_OBJECT_CLASS (realm_client_parent_class)->finalize (obj); } @@ -130,6 +136,46 @@ on_diagnostics_signal (GDBusConnection *connection, g_printerr ("%s", data); } +static void +register_fallback_polkit_agent (RealmClient *self) +{ + PolkitAgentListener *listener; + GVariantBuilder builder; + GVariant *options; + PolkitSubject *subject; + gpointer handle; + GError *error = NULL; + + /* Become a fallback polkit agent for our own process */ + listener = polkit_agent_text_listener_new (NULL, NULL); + + if (!listener) + return; + + g_variant_builder_init (&builder, G_VARIANT_TYPE_VARDICT); + g_variant_builder_add (&builder, "{sv}", "fallback", g_variant_new_boolean (TRUE)); + options = g_variant_builder_end (&builder); + + /* + * We don't need to start another thread. All our DBus calls are async, + * and we don't block the mainloop while calling into realmd. + */ + + subject = polkit_unix_process_new (getpid ()); + handle = polkit_agent_listener_register_with_options (listener, + POLKIT_AGENT_REGISTER_FLAGS_NONE, + subject, NULL, options, + NULL, &error); + + g_object_unref (subject); + g_object_unref (listener); + + if (error == NULL) + self->polkit_handle = handle; + else + realm_handle_error (error, _("Couldn't register a policy kit agent")); +} + static RealmClient * realm_client_new_on_connection (GDBusConnection *connection, gboolean verbose, @@ -186,7 +232,7 @@ realm_client_new_on_connection (GDBusConnection *connection, return NULL; } - + register_fallback_polkit_agent (client); return client; } -- 1.7.12.1