Added polkit support to TDE HW DBus daemon and removed obsolete

"at_console" support. Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
author: Michele Calgaro <michele.calgaro@yahoo.it> 2019-01-21 23:29:28 +0900
committer: Michele Calgaro <michele.calgaro@yahoo.it> 2019-02-06 23:37:13 +0900
commit: b11c80958878278a87e6b75ed8d47aff6ac1219c (patch)
tree: 72362e47700143cf40013173dbdb93d78dd64960
parent: 880ff6da35728b047915ad804f5c49aaf282883d (diff)
download: tdelibs-b11c80958878278a87e6b75ed8d47aff6ac1219c.tar.gz
tdelibs-b11c80958878278a87e6b75ed8d47aff6ac1219c.zip
5 files changed, 250 insertions, 60 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 60c6a60a5..d0aff45ac 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1128,6 +1128,14 @@ tde_setup_dbus( dbus-1-tqt )
 list( APPEND TDECORE_LIBRARY_DIRS ${DBUS_TQT_LIBRARY_DIRS} )
 
 
+##### set POLKIT-1 file locations ##################
+
+if( NOT DEFINED POLKIT_ACTIONS_DIRECTORY )
+  set (POLKIT_ACTIONS_DIRECTORY "/usr/share/polkit-1/actions/" )
+  message( STATUS "Using " ${POLKIT_ACTIONS_DIRECTORY} " for Polkit-1 policy action files" )
+endif( NOT DEFINED POLKIT_ACTIONS_DIRECTORY )
+
+
 ##### Add '[KDE4]' to KDE4 menu items #########
 
 if( WITH_KDE4_MENU_SUFFIX )
diff --git a/tdecore/tdehw/hwlibdaemons/dbus/CMakeLists.txt b/tdecore/tdehw/hwlibdaemons/dbus/CMakeLists.txt
index 4d1f4618a..d6e75af12 100644
--- a/tdecore/tdehw/hwlibdaemons/dbus/CMakeLists.txt
+++ b/tdecore/tdehw/hwlibdaemons/dbus/CMakeLists.txt
@@ -9,8 +9,10 @@
 #
 #################################################
 
+
 include_directories(
   ${DBUS_INCLUDE_DIRS}
+  ${DBUS_TQT_INCLUDE_DIRS}
   ${CMAKE_CURRENT_BINARY_DIR}
   ${CMAKE_BINARY_DIR}
   ${CMAKE_CURRENT_SOURCE_DIR}
@@ -19,8 +21,8 @@ include_directories(
 ##### tde_dbus_hardwarecontrol ##################
 
 tde_add_executable( tde_dbus_hardwarecontrol
-  SOURCES tde_dbus_hardwarecontrol.c
-  LINK ${DBUS_LIBRARIES}
+  SOURCES tde_dbus_hardwarecontrol.cpp
+  LINK ${DBUS_LIBRARIES} ${DBUS_TQT_LIBRARIES} ${TQT_LIBRARIES}
   DESTINATION ${BIN_INSTALL_DIR}
 )
 
@@ -28,10 +30,11 @@ tde_add_executable( tde_dbus_hardwarecontrol
 
 configure_file( org.trinitydesktop.hardwarecontrol.service.cmake org.trinitydesktop.hardwarecontrol.service @ONLY )
 
-install( FILES
-    org.trinitydesktop.hardwarecontrol.conf
-  DESTINATION ${DBUS_SYSTEM_CONF_DIRECTORY} )
+install( FILES org.trinitydesktop.hardwarecontrol.conf
+         DESTINATION ${DBUS_SYSTEM_CONF_DIRECTORY} )
+
+install( FILES ${CMAKE_CURRENT_BINARY_DIR}/org.trinitydesktop.hardwarecontrol.service
+         DESTINATION ${DBUS_SERVICE_DIRECTORY} )
 
-install( FILES
-    ${CMAKE_CURRENT_BINARY_DIR}/org.trinitydesktop.hardwarecontrol.service
-  DESTINATION ${DBUS_SERVICE_DIRECTORY} )
+install( FILES org.trinitydesktop.hardwarecontrol.policy
+         DESTINATION ${POLKIT_ACTIONS_DIRECTORY} )
diff --git a/tdecore/tdehw/hwlibdaemons/dbus/org.trinitydesktop.hardwarecontrol.conf b/tdecore/tdehw/hwlibdaemons/dbus/org.trinitydesktop.hardwarecontrol.conf
index b897da36b..47fbee050 100644
--- a/tdecore/tdehw/hwlibdaemons/dbus/org.trinitydesktop.hardwarecontrol.conf
+++ b/tdecore/tdehw/hwlibdaemons/dbus/org.trinitydesktop.hardwarecontrol.conf
@@ -3,14 +3,14 @@
 <!DOCTYPE busconfig PUBLIC
  "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+
 <busconfig>
   <!-- Only root can own the service -->
   <policy user="root">
     <allow own="org.trinitydesktop.hardwarecontrol"/>
   </policy>
 
-  <policy at_console="true">
-  <!-- Users with physical access to the machine are allowed access -->
+	<policy context="default">
     <allow send_destination="org.trinitydesktop.hardwarecontrol"
            send_interface="org.freedesktop.DBus.Introspectable"/>
 
@@ -36,11 +36,4 @@
     <allow send_destination="org.trinitydesktop.hardwarecontrol"
            send_interface="org.trinitydesktop.hardwarecontrol.Power"/>
   </policy>
-
-  <policy context="default">
-    <!-- Everyone else is denied access -->
-    <deny own="org.trinitydesktop.hardwarecontrol"/>
-
-    <deny send_destination="org.trinitydesktop.hardwarecontrol"/>
-  </policy>
 </busconfig>
diff --git a/tdecore/tdehw/hwlibdaemons/dbus/org.trinitydesktop.hardwarecontrol.policy b/tdecore/tdehw/hwlibdaemons/dbus/org.trinitydesktop.hardwarecontrol.policy
new file mode 100644
index 000000000..5183b47cb
--- /dev/null
+++ b/tdecore/tdehw/hwlibdaemons/dbus/org.trinitydesktop.hardwarecontrol.policy
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?> <!--*-nxml-*-->
+<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+					"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+
+<policyconfig>
+
+	<vendor>The Trinity Desktop Environment Project</vendor>
+	<vendor_url>http://www.trinitydesktop.org</vendor_url>
+
+	<action id="org.trinitydesktop.hardwarecontrol.power.freeze">
+		<description>Freeze the system.</description>
+		<message>Authentication is required to freeze the system.</message>
+		<defaults>
+			<allow_any>no</allow_any>
+			<allow_inactive>no</allow_inactive>
+			<allow_active>yes</allow_active>
+		</defaults>
+	</action>
+
+	<action id="org.trinitydesktop.hardwarecontrol.power.standby">
+		<description>Put the system in standby mode.</description>
+		<message>Authentication is required to put the system in standby.</message>
+		<defaults>
+			<allow_any>no</allow_any>
+			<allow_inactive>no</allow_inactive>
+			<allow_active>yes</allow_active>
+		</defaults>
+	</action>
+
+	<action id="org.trinitydesktop.hardwarecontrol.power.suspend">
+		<description>Put the system in suspend mode.</description>
+		<message>Authentication is required to suspend the system.</message>
+		<defaults>
+			<allow_any>no</allow_any>
+			<allow_inactive>no</allow_inactive>
+			<allow_active>yes</allow_active>
+		</defaults>
+	</action>
+
+	<action id="org.trinitydesktop.hardwarecontrol.power.hybridsuspend">
+		<description>Put the system in hybrid suspend mode.</description>
+		<message>Authentication is required to put the system in hybrid suspend mode.</message>
+		<defaults>
+			<allow_any>no</allow_any>
+			<allow_inactive>no</allow_inactive>
+			<allow_active>yes</allow_active>
+		</defaults>
+	</action>
+
+	<action id="org.trinitydesktop.hardwarecontrol.power.hibernate">
+		<description>Hibernate the system.</description>
+		<message>Authentication is required to hibernate the system.</message>
+		<defaults>
+			<allow_any>no</allow_any>
+			<allow_inactive>no</allow_inactive>
+			<allow_active>yes</allow_active>
+		</defaults>
+	</action>
+
+</policyconfig>
diff --git a/tdecore/tdehw/hwlibdaemons/dbus/tde_dbus_hardwarecontrol.c b/tdecore/tdehw/hwlibdaemons/dbus/tde_dbus_hardwarecontrol.cpp
index 77200334e..8ba765c34 100644
--- a/tdecore/tdehw/hwlibdaemons/dbus/tde_dbus_hardwarecontrol.c
+++ b/tdecore/tdehw/hwlibdaemons/dbus/tde_dbus_hardwarecontrol.cpp
@@ -7,12 +7,63 @@
 #include <string.h>
 #include <fcntl.h>
 
+#include <tqdbusconnection.h>
+#include <tqdbusdata.h>
+#include <tqdbusdatamap.h>
+#include <tqdbuserror.h>
+#include <tqdbusmessage.h>
+#include <tqdbusproxy.h>
+#include <tqdbusvariant.h>
+
 // Input devices
 #include <linux/input.h>
 
 #define BITS_PER_LONG (sizeof(long) * 8)
 #define NUM_BITS(x) ((((x) - 1) / BITS_PER_LONG) + 1)
 
+bool checkPolKitAuthorization(DBusMessage* msg, const TQString &action_id)
+{
+	if (!msg) {
+		return false;
+	}
+	TQT_DBusConnection dbusConn = TQT_DBusConnection::addConnection(TQT_DBusConnection::SystemBus);
+	if (!dbusConn.isConnected()) {
+		return false;
+	}
+	TQT_DBusProxy polkitProxy("org.freedesktop.PolicyKit1", "/org/freedesktop/PolicyKit1/Authority",
+	                          "org.freedesktop.PolicyKit1.Authority", dbusConn);
+	if (polkitProxy.canSend()) {
+		// Check whether the requested action is authorized
+		TQString sender(dbus_message_get_sender(msg));
+		TQT_DBusVariant sysname;
+		sysname.value     = TQT_DBusData::fromString(sender);
+		sysname.signature = sysname.value.buildDBusSignature();
+		TQT_DBusDataMap<TQString> subjectMap = TQT_DBusDataMap<TQString>();
+		subjectMap.insert(TQString("name"), TQT_DBusData::fromVariant(sysname));
+		TQValueList<TQT_DBusData> subjectStruct;
+		subjectStruct << TQT_DBusData::fromString("system-bus-name");
+		subjectStruct << TQT_DBusData::fromStringKeyMap(subjectMap);
+
+		TQMap<TQString, TQString> detailsMap;
+		detailsMap.insert(TQString(""), TQString(""));
+		TQT_DBusDataMap<TQString> dbusDetailsMap(detailsMap);
+
+		TQValueList<TQT_DBusData> params;
+		params << TQT_DBusData::fromStruct(subjectStruct);
+		params << TQT_DBusData::fromString(action_id);
+		params << TQT_DBusData::fromStringKeyMap(dbusDetailsMap);
+		params << TQT_DBusData::fromUInt32(0);   // No user interaction
+		params << TQT_DBusData::fromString("");  // No cancellation
+
+		TQT_DBusMessage reply = polkitProxy.sendWithReply("CheckAuthorization", params);
+		if (reply.type() == TQT_DBusMessage::ReplyMessage && reply.count() == 1) {
+			return (reply[0].toStruct())[0].toBool();
+		}
+	}
+
+	return false;
+}
+
 void reply_Bool(DBusMessage* msg, DBusConnection* conn, int value) {
 	DBusMessage* reply;
 	DBusMessageIter args;
@@ -513,7 +564,7 @@ void reply_Introspect(DBusMessage* msg, DBusConnection* conn) {
 	size_t size = 4096;
 	const char* member = dbus_message_get_member(msg);
 	const char *path = dbus_message_get_path(msg);
-	char *data = malloc(size);
+	char *data = new char[size];
 
 	// compose reply
 	strncpy(data,
@@ -632,7 +683,7 @@ void reply_Introspect(DBusMessage* msg, DBusConnection* conn) {
 
 	// free the reply
 	dbus_message_unref(reply);
-	free((void*)data);
+	delete[] data;
 }
 
 void reply_PropertiesGetAll(DBusMessage* msg, DBusConnection* conn) {
@@ -667,11 +718,8 @@ void reply_PropertiesGetAll(DBusMessage* msg, DBusConnection* conn) {
 }
 
 void error_UnknownMessage(DBusMessage* msg, DBusConnection* conn) {
-	DBusMessage* reply;
-	dbus_uint32_t serial = 0;
 	const char* member = dbus_message_get_member(msg);
 	const char* interface = dbus_message_get_interface(msg);
-
 	// print message
 	fprintf(stderr, "[tde_dbus_hardwarecontrol] Unknown method '%s' called on interface '%s', ignoring\n", member, interface);
 	if (DBUS_MESSAGE_TYPE_METHOD_CALL != dbus_message_get_type(msg)) {
@@ -679,12 +727,13 @@ void error_UnknownMessage(DBusMessage* msg, DBusConnection* conn) {
 	}
 
 	// create a reply from the message
-	reply = dbus_message_new_error_printf(msg,
+	DBusMessage* reply = dbus_message_new_error_printf(msg,
 		"org.freedesktop.DBus.Error.UnknownMethod",
 		"Method \"%s\" on interface \"%s\" doesn't exist",
 		member, interface);
 
 	// send the reply && flush the connection
+	dbus_uint32_t serial = 0;
 	if (!dbus_connection_send(conn, reply, &serial)) {
 		fprintf(stderr, "[tde_dbus_hardwarecontrol] %s: dbus_connection_send failed\n", member);
 		return;
@@ -695,6 +744,23 @@ void error_UnknownMessage(DBusMessage* msg, DBusConnection* conn) {
 	dbus_message_unref(reply);
 }
 
+void error_PolkitAccessDenied(DBusMessage* msg, DBusConnection* conn) {
+	// create a reply from the message
+	DBusMessage* reply = dbus_message_new_error(msg,
+		"org.freedesktop.DBus.Error.AccessDenied", "Permission denied.");
+
+	// send the reply && flush the connection
+	dbus_uint32_t serial = 0;
+	if (!dbus_connection_send(conn, reply, &serial)) {
+		fprintf(stderr, "[tde_dbus_hardwarecontrol] error_PolkitAccessDenied: dbus_connection_send failed\n");
+		return;
+	}
+	dbus_connection_flush(conn);
+
+	// free the reply
+	dbus_message_unref(reply);
+}
+
 void listen() {
 	DBusMessage* msg;
 	DBusConnection* conn;
@@ -753,69 +819,129 @@ void listen() {
 			reply_SetBrightness(msg, conn);
 		}
 		else if (dbus_message_is_method_call(msg, "org.trinitydesktop.hardwarecontrol.Power", "CanFreeze")) {
-			bool result = CanSetPowerState("freeze", NULL, NULL) || CanSetPowerState("mem", NULL, "s2idle");
-			reply_Bool(msg, conn, result);
+			bool result = checkPolKitAuthorization(msg, "org.trinitydesktop.hardwarecontrol.power.freeze");
+			if (!result) {
+				error_PolkitAccessDenied(msg, conn);
+			}
+			else {
+				result = CanSetPowerState("freeze", NULL, NULL) || CanSetPowerState("mem", NULL, "s2idle");
+				reply_Bool(msg, conn, result);
+			}
 		}
 		else if (dbus_message_is_method_call(msg, "org.trinitydesktop.hardwarecontrol.Power", "Freeze")) {
-			bool result = false;
-			if (CanSetPowerState("freeze", NULL, NULL)) {
-				result = SetPowerState("freeze", NULL, NULL);
+			bool result = checkPolKitAuthorization(msg, "org.trinitydesktop.hardwarecontrol.power.freeze");
+			if (!result) {
+				error_PolkitAccessDenied(msg, conn);
 			}
-			else if (CanSetPowerState("mem", NULL, "s2idle")) {
-				result = SetPowerState("mem", NULL, "s2idle");
+			else {
+				result = false;
+				if (CanSetPowerState("freeze", NULL, NULL)) {
+					result = SetPowerState("freeze", NULL, NULL);
+				}
+				else if (CanSetPowerState("mem", NULL, "s2idle")) {
+					result = SetPowerState("mem", NULL, "s2idle");
+				}
+				reply_Bool(msg, conn, result);
 			}
-			reply_Bool(msg, conn, result);
 		}
 		else if (dbus_message_is_method_call(msg, "org.trinitydesktop.hardwarecontrol.Power", "CanStandby")) {
-			bool result = CanSetPowerState("standby", NULL, NULL) || CanSetPowerState("mem", NULL, "shallow");
-			reply_Bool(msg, conn, result);
+			bool result = checkPolKitAuthorization(msg, "org.trinitydesktop.hardwarecontrol.power.standby");
+			if (!result) {
+				error_PolkitAccessDenied(msg, conn);
+			}
+			else {
+				result = CanSetPowerState("standby", NULL, NULL) || CanSetPowerState("mem", NULL, "shallow");
+				reply_Bool(msg, conn, result);
+			}
 		}
 		else if (dbus_message_is_method_call(msg, "org.trinitydesktop.hardwarecontrol.Power", "Standby")) {
-			bool result = false;
-			if (CanSetPowerState("standby", NULL, NULL)) {
-				result = SetPowerState("standby", NULL, NULL);
+			bool result = checkPolKitAuthorization(msg, "org.trinitydesktop.hardwarecontrol.power.standby");
+			if (!result) {
+				error_PolkitAccessDenied(msg, conn);
 			}
-			else if (CanSetPowerState("mem", NULL, "shallow")) {
-				result = SetPowerState("mem", NULL, "shallow");
+			else {
+				result = false;
+				if (CanSetPowerState("standby", NULL, NULL)) {
+					result = SetPowerState("standby", NULL, NULL);
+				}
+				else if (CanSetPowerState("mem", NULL, "shallow")) {
+					result = SetPowerState("mem", NULL, "shallow");
+				}
+				reply_Bool(msg, conn, result);
 			}
-			reply_Bool(msg, conn, result);
 		}
 		else if (dbus_message_is_method_call(msg, "org.trinitydesktop.hardwarecontrol.Power", "CanSuspend")) {
-			bool result = (CanSetPowerState("mem", NULL, NULL) && access("/sys/power/mem_sleep", R_OK) != 0) ||
-			               CanSetPowerState("mem", NULL, "deep");
-			reply_Bool(msg, conn, result);
+			bool result = checkPolKitAuthorization(msg, "org.trinitydesktop.hardwarecontrol.power.suspend");
+			if (!result) {
+				error_PolkitAccessDenied(msg, conn);
+			}
+			else {
+				result = (CanSetPowerState("mem", NULL, NULL) && access("/sys/power/mem_sleep", R_OK) != 0) ||
+											CanSetPowerState("mem", NULL, "deep");
+				reply_Bool(msg, conn, result);
+			}
 		}
 		else if (dbus_message_is_method_call(msg, "org.trinitydesktop.hardwarecontrol.Power", "Suspend")) {
-			bool result = false;
-			if (CanSetPowerState("mem", NULL, NULL) && access("/sys/power/mem_sleep", R_OK) != 0) {
-				result = SetPowerState("mem", NULL, NULL);
+			bool result = checkPolKitAuthorization(msg, "org.trinitydesktop.hardwarecontrol.power.suspend");
+			if (!result) {
+				error_PolkitAccessDenied(msg, conn);
 			}
-			else if (CanSetPowerState("mem", NULL, "deep")) {
-				result = SetPowerState("mem", NULL, "deep");
+			else {
+				result = false;
+				if (CanSetPowerState("mem", NULL, NULL) && access("/sys/power/mem_sleep", R_OK) != 0) {
+					result = SetPowerState("mem", NULL, NULL);
+				}
+				else if (CanSetPowerState("mem", NULL, "deep")) {
+					result = SetPowerState("mem", NULL, "deep");
+				}
+				reply_Bool(msg, conn, result);
 			}
-			reply_Bool(msg, conn, result);
 		}
 		else if (dbus_message_is_method_call(msg, "org.trinitydesktop.hardwarecontrol.Power", "CanHybridSuspend")) {
-			bool result = CanSetPowerState("disk", "suspend", NULL);
-			reply_Bool(msg, conn, result);
+			bool result = checkPolKitAuthorization(msg, "org.trinitydesktop.hardwarecontrol.power.hybridsuspend");
+			if (!result) {
+				error_PolkitAccessDenied(msg, conn);
+			}
+			else {
+				result = CanSetPowerState("disk", "suspend", NULL);
+				reply_Bool(msg, conn, result);
+			}
 		}
 		else if (dbus_message_is_method_call(msg, "org.trinitydesktop.hardwarecontrol.Power", "HybridSuspend")) {
-			bool result = SetPowerState("disk", "suspend", NULL);
-			reply_Bool(msg, conn, result);
+			bool result = checkPolKitAuthorization(msg, "org.trinitydesktop.hardwarecontrol.power.hybridsuspend");
+			if (!result) {
+				error_PolkitAccessDenied(msg, conn);
+			}
+			else {
+				result = SetPowerState("disk", "suspend", NULL);
+				reply_Bool(msg, conn, result);
+			}
 		}
 		else if (dbus_message_is_method_call(msg, "org.trinitydesktop.hardwarecontrol.Power", "CanHibernate")) {
-			bool result = CanSetPowerState("disk", "shutdown", NULL) || CanSetPowerState("disk", "platform", NULL);
-			reply_Bool(msg, conn, result);
+			bool result = checkPolKitAuthorization(msg, "org.trinitydesktop.hardwarecontrol.power.hibernate");
+			if (!result) {
+				error_PolkitAccessDenied(msg, conn);
+			}
+			else {
+				result = CanSetPowerState("disk", "shutdown", NULL) || CanSetPowerState("disk", "platform", NULL);
+				reply_Bool(msg, conn, result);
+			}
 		}
 		else if (dbus_message_is_method_call(msg, "org.trinitydesktop.hardwarecontrol.Power", "Hibernate")) {
-			bool result = false;
-			if (CanSetPowerState("disk", "shutdown", NULL)) {
-				result = SetPowerState("disk", "shutdown", NULL);
+			bool result = checkPolKitAuthorization(msg, "org.trinitydesktop.hardwarecontrol.power.hibernate");
+			if (!result) {
+				error_PolkitAccessDenied(msg, conn);
 			}
-			else if (CanSetPowerState("disk", "platform", NULL)) {
-				result = SetPowerState("disk", "platform", NULL);
+			else {
+				result = false;
+				if (CanSetPowerState("disk", "shutdown", NULL)) {
+					result = SetPowerState("disk", "shutdown", NULL);
+				}
+				else if (CanSetPowerState("disk", "platform", NULL)) {
+					result = SetPowerState("disk", "platform", NULL);
+				}
+				reply_Bool(msg, conn, result);
 			}
-			reply_Bool(msg, conn, result);
 		}
 		else if (dbus_message_is_method_call(msg, "org.trinitydesktop.hardwarecontrol.Power", "CanSetHibernationMethod")) {
 			reply_CanSetHibernationMethod(msg, conn);
author	Michele Calgaro <michele.calgaro@yahoo.it>	2019-01-21 23:29:28 +0900
committer	Michele Calgaro <michele.calgaro@yahoo.it>	2019-02-06 23:37:13 +0900
commit	b11c80958878278a87e6b75ed8d47aff6ac1219c (patch)
tree	72362e47700143cf40013173dbdb93d78dd64960
parent	880ff6da35728b047915ad804f5c49aaf282883d (diff)
download	tdelibs-b11c80958878278a87e6b75ed8d47aff6ac1219c.tar.gz tdelibs-b11c80958878278a87e6b75ed8d47aff6ac1219c.zip