summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichele Calgaro <michele.calgaro@yahoo.it>2019-01-21 23:29:28 +0900
committerMichele Calgaro <michele.calgaro@yahoo.it>2019-02-06 23:37:13 +0900
commitb11c80958878278a87e6b75ed8d47aff6ac1219c (patch)
tree72362e47700143cf40013173dbdb93d78dd64960
parent880ff6da35728b047915ad804f5c49aaf282883d (diff)
downloadtdelibs-b11c80958878278a87e6b75ed8d47aff6ac1219c.tar.gz
tdelibs-b11c80958878278a87e6b75ed8d47aff6ac1219c.zip
Added polkit support to TDE HW DBus daemon and removed obsolete
"at_console" support. Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
-rw-r--r--CMakeLists.txt8
-rw-r--r--tdecore/tdehw/hwlibdaemons/dbus/CMakeLists.txt19
-rw-r--r--tdecore/tdehw/hwlibdaemons/dbus/org.trinitydesktop.hardwarecontrol.conf11
-rw-r--r--tdecore/tdehw/hwlibdaemons/dbus/org.trinitydesktop.hardwarecontrol.policy60
-rw-r--r--tdecore/tdehw/hwlibdaemons/dbus/tde_dbus_hardwarecontrol.cpp (renamed from tdecore/tdehw/hwlibdaemons/dbus/tde_dbus_hardwarecontrol.c)212
5 files changed, 250 insertions, 60 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 60c6a60a..d0aff45a 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1128,6 +1128,14 @@ tde_setup_dbus( dbus-1-tqt )
list( APPEND TDECORE_LIBRARY_DIRS ${DBUS_TQT_LIBRARY_DIRS} )
+##### set POLKIT-1 file locations ##################
+
+if( NOT DEFINED POLKIT_ACTIONS_DIRECTORY )
+ set (POLKIT_ACTIONS_DIRECTORY "/usr/share/polkit-1/actions/" )
+ message( STATUS "Using " ${POLKIT_ACTIONS_DIRECTORY} " for Polkit-1 policy action files" )
+endif( NOT DEFINED POLKIT_ACTIONS_DIRECTORY )
+
+
##### Add '[KDE4]' to KDE4 menu items #########
if( WITH_KDE4_MENU_SUFFIX )
diff --git a/tdecore/tdehw/hwlibdaemons/dbus/CMakeLists.txt b/tdecore/tdehw/hwlibdaemons/dbus/CMakeLists.txt
index 4d1f4618..d6e75af1 100644
--- a/tdecore/tdehw/hwlibdaemons/dbus/CMakeLists.txt
+++ b/tdecore/tdehw/hwlibdaemons/dbus/CMakeLists.txt
@@ -9,8 +9,10 @@
#
#################################################
+
include_directories(
${DBUS_INCLUDE_DIRS}
+ ${DBUS_TQT_INCLUDE_DIRS}
${CMAKE_CURRENT_BINARY_DIR}
${CMAKE_BINARY_DIR}
${CMAKE_CURRENT_SOURCE_DIR}
@@ -19,8 +21,8 @@ include_directories(
##### tde_dbus_hardwarecontrol ##################
tde_add_executable( tde_dbus_hardwarecontrol
- SOURCES tde_dbus_hardwarecontrol.c
- LINK ${DBUS_LIBRARIES}
+ SOURCES tde_dbus_hardwarecontrol.cpp
+ LINK ${DBUS_LIBRARIES} ${DBUS_TQT_LIBRARIES} ${TQT_LIBRARIES}
DESTINATION ${BIN_INSTALL_DIR}
)
@@ -28,10 +30,11 @@ tde_add_executable( tde_dbus_hardwarecontrol
configure_file( org.trinitydesktop.hardwarecontrol.service.cmake org.trinitydesktop.hardwarecontrol.service @ONLY )
-install( FILES
- org.trinitydesktop.hardwarecontrol.conf
- DESTINATION ${DBUS_SYSTEM_CONF_DIRECTORY} )
+install( FILES org.trinitydesktop.hardwarecontrol.conf
+ DESTINATION ${DBUS_SYSTEM_CONF_DIRECTORY} )
+
+install( FILES ${CMAKE_CURRENT_BINARY_DIR}/org.trinitydesktop.hardwarecontrol.service
+ DESTINATION ${DBUS_SERVICE_DIRECTORY} )
-install( FILES
- ${CMAKE_CURRENT_BINARY_DIR}/org.trinitydesktop.hardwarecontrol.service
- DESTINATION ${DBUS_SERVICE_DIRECTORY} )
+install( FILES org.trinitydesktop.hardwarecontrol.policy
+ DESTINATION ${POLKIT_ACTIONS_DIRECTORY} )
diff --git a/tdecore/tdehw/hwlibdaemons/dbus/org.trinitydesktop.hardwarecontrol.conf b/tdecore/tdehw/hwlibdaemons/dbus/org.trinitydesktop.hardwarecontrol.conf
index b897da36..47fbee05 100644
--- a/tdecore/tdehw/hwlibdaemons/dbus/org.trinitydesktop.hardwarecontrol.conf
+++ b/tdecore/tdehw/hwlibdaemons/dbus/org.trinitydesktop.hardwarecontrol.conf
@@ -3,14 +3,14 @@
<!DOCTYPE busconfig PUBLIC
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+
<busconfig>
<!-- Only root can own the service -->
<policy user="root">
<allow own="org.trinitydesktop.hardwarecontrol"/>
</policy>
- <policy at_console="true">
- <!-- Users with physical access to the machine are allowed access -->
+ <policy context="default">
<allow send_destination="org.trinitydesktop.hardwarecontrol"
send_interface="org.freedesktop.DBus.Introspectable"/>
@@ -36,11 +36,4 @@
<allow send_destination="org.trinitydesktop.hardwarecontrol"
send_interface="org.trinitydesktop.hardwarecontrol.Power"/>
</policy>
-
- <policy context="default">
- <!-- Everyone else is denied access -->
- <deny own="org.trinitydesktop.hardwarecontrol"/>
-
- <deny send_destination="org.trinitydesktop.hardwarecontrol"/>
- </policy>
</busconfig>
diff --git a/tdecore/tdehw/hwlibdaemons/dbus/org.trinitydesktop.hardwarecontrol.policy b/tdecore/tdehw/hwlibdaemons/dbus/org.trinitydesktop.hardwarecontrol.policy
new file mode 100644
index 00000000..5183b47c
--- /dev/null
+++ b/tdecore/tdehw/hwlibdaemons/dbus/org.trinitydesktop.hardwarecontrol.policy
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?> <!--*-nxml-*-->
+<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+
+<policyconfig>
+
+ <vendor>The Trinity Desktop Environment Project</vendor>
+ <vendor_url>http://www.trinitydesktop.org</vendor_url>
+
+ <action id="org.trinitydesktop.hardwarecontrol.power.freeze">
+ <description>Freeze the system.</description>
+ <message>Authentication is required to freeze the system.</message>
+ <defaults>
+ <allow_any>no</allow_any>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
+ </defaults>
+ </action>
+
+ <action id="org.trinitydesktop.hardwarecontrol.power.standby">
+ <description>Put the system in standby mode.</description>
+ <message>Authentication is required to put the system in standby.</message>
+ <defaults>
+ <allow_any>no</allow_any>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
+ </defaults>
+ </action>
+
+ <action id="org.trinitydesktop.hardwarecontrol.power.suspend">
+ <description>Put the system in suspend mode.</description>
+ <message>Authentication is required to suspend the system.</message>
+ <defaults>
+ <allow_any>no</allow_any>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
+ </defaults>
+ </action>
+
+ <action id="org.trinitydesktop.hardwarecontrol.power.hybridsuspend">
+ <description>Put the system in hybrid suspend mode.</description>
+ <message>Authentication is required to put the system in hybrid suspend mode.</message>
+ <defaults>
+ <allow_any>no</allow_any>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
+ </defaults>
+ </action>
+
+ <action id="org.trinitydesktop.hardwarecontrol.power.hibernate">
+ <description>Hibernate the system.</description>
+ <message>Authentication is required to hibernate the system.</message>
+ <defaults>
+ <allow_any>no</allow_any>
+ <allow_inactive>no</allow_inactive>
+ <allow_active>yes</allow_active>
+ </defaults>
+ </action>
+
+</policyconfig>
diff --git a/tdecore/tdehw/hwlibdaemons/dbus/tde_dbus_hardwarecontrol.c b/tdecore/tdehw/hwlibdaemons/dbus/tde_dbus_hardwarecontrol.cpp
index 77200334..8ba765c3 100644
--- a/tdecore/tdehw/hwlibdaemons/dbus/tde_dbus_hardwarecontrol.c
+++ b/tdecore/tdehw/hwlibdaemons/dbus/tde_dbus_hardwarecontrol.cpp
@@ -7,12 +7,63 @@
#include <string.h>
#include <fcntl.h>
+#include <tqdbusconnection.h>
+#include <tqdbusdata.h>
+#include <tqdbusdatamap.h>
+#include <tqdbuserror.h>
+#include <tqdbusmessage.h>
+#include <tqdbusproxy.h>
+#include <tqdbusvariant.h>
+
// Input devices
#include <linux/input.h>
#define BITS_PER_LONG (sizeof(long) * 8)
#define NUM_BITS(x) ((((x) - 1) / BITS_PER_LONG) + 1)
+bool checkPolKitAuthorization(DBusMessage* msg, const TQString &action_id)
+{
+ if (!msg) {
+ return false;
+ }
+ TQT_DBusConnection dbusConn = TQT_DBusConnection::addConnection(TQT_DBusConnection::SystemBus);
+ if (!dbusConn.isConnected()) {
+ return false;
+ }
+ TQT_DBusProxy polkitProxy("org.freedesktop.PolicyKit1", "/org/freedesktop/PolicyKit1/Authority",
+ "org.freedesktop.PolicyKit1.Authority", dbusConn);
+ if (polkitProxy.canSend()) {
+ // Check whether the requested action is authorized
+ TQString sender(dbus_message_get_sender(msg));
+ TQT_DBusVariant sysname;
+ sysname.value = TQT_DBusData::fromString(sender);
+ sysname.signature = sysname.value.buildDBusSignature();
+ TQT_DBusDataMap<TQString> subjectMap = TQT_DBusDataMap<TQString>();
+ subjectMap.insert(TQString("name"), TQT_DBusData::fromVariant(sysname));
+ TQValueList<TQT_DBusData> subjectStruct;
+ subjectStruct << TQT_DBusData::fromString("system-bus-name");
+ subjectStruct << TQT_DBusData::fromStringKeyMap(subjectMap);
+
+ TQMap<TQString, TQString> detailsMap;
+ detailsMap.insert(TQString(""), TQString(""));
+ TQT_DBusDataMap<TQString> dbusDetailsMap(detailsMap);
+
+ TQValueList<TQT_DBusData> params;
+ params << TQT_DBusData::fromStruct(subjectStruct);
+ params << TQT_DBusData::fromString(action_id);
+ params << TQT_DBusData::fromStringKeyMap(dbusDetailsMap);
+ params << TQT_DBusData::fromUInt32(0); // No user interaction
+ params << TQT_DBusData::fromString(""); // No cancellation
+
+ TQT_DBusMessage reply = polkitProxy.sendWithReply("CheckAuthorization", params);
+ if (reply.type() == TQT_DBusMessage::ReplyMessage && reply.count() == 1) {
+ return (reply[0].toStruct())[0].toBool();
+ }
+ }
+
+ return false;
+}
+
void reply_Bool(DBusMessage* msg, DBusConnection* conn, int value) {
DBusMessage* reply;
DBusMessageIter args;
@@ -513,7 +564,7 @@ void reply_Introspect(DBusMessage* msg, DBusConnection* conn) {
size_t size = 4096;
const char* member = dbus_message_get_member(msg);
const char *path = dbus_message_get_path(msg);
- char *data = malloc(size);
+ char *data = new char[size];
// compose reply
strncpy(data,
@@ -632,7 +683,7 @@ void reply_Introspect(DBusMessage* msg, DBusConnection* conn) {
// free the reply
dbus_message_unref(reply);
- free((void*)data);
+ delete[] data;
}
void reply_PropertiesGetAll(DBusMessage* msg, DBusConnection* conn) {
@@ -667,11 +718,8 @@ void reply_PropertiesGetAll(DBusMessage* msg, DBusConnection* conn) {
}
void error_UnknownMessage(DBusMessage* msg, DBusConnection* conn) {
- DBusMessage* reply;
- dbus_uint32_t serial = 0;
const char* member = dbus_message_get_member(msg);
const char* interface = dbus_message_get_interface(msg);
-
// print message
fprintf(stderr, "[tde_dbus_hardwarecontrol] Unknown method '%s' called on interface '%s', ignoring\n", member, interface);
if (DBUS_MESSAGE_TYPE_METHOD_CALL != dbus_message_get_type(msg)) {
@@ -679,12 +727,13 @@ void error_UnknownMessage(DBusMessage* msg, DBusConnection* conn) {
}
// create a reply from the message
- reply = dbus_message_new_error_printf(msg,
+ DBusMessage* reply = dbus_message_new_error_printf(msg,
"org.freedesktop.DBus.Error.UnknownMethod",
"Method \"%s\" on interface \"%s\" doesn't exist",
member, interface);
// send the reply && flush the connection
+ dbus_uint32_t serial = 0;
if (!dbus_connection_send(conn, reply, &serial)) {
fprintf(stderr, "[tde_dbus_hardwarecontrol] %s: dbus_connection_send failed\n", member);
return;
@@ -695,6 +744,23 @@ void error_UnknownMessage(DBusMessage* msg, DBusConnection* conn) {
dbus_message_unref(reply);
}
+void error_PolkitAccessDenied(DBusMessage* msg, DBusConnection* conn) {
+ // create a reply from the message
+ DBusMessage* reply = dbus_message_new_error(msg,
+ "org.freedesktop.DBus.Error.AccessDenied", "Permission denied.");
+
+ // send the reply && flush the connection
+ dbus_uint32_t serial = 0;
+ if (!dbus_connection_send(conn, reply, &serial)) {
+ fprintf(stderr, "[tde_dbus_hardwarecontrol] error_PolkitAccessDenied: dbus_connection_send failed\n");
+ return;
+ }
+ dbus_connection_flush(conn);
+
+ // free the reply
+ dbus_message_unref(reply);
+}
+
void listen() {
DBusMessage* msg;
DBusConnection* conn;
@@ -753,69 +819,129 @@ void listen() {
reply_SetBrightness(msg, conn);
}
else if (dbus_message_is_method_call(msg, "org.trinitydesktop.hardwarecontrol.Power", "CanFreeze")) {
- bool result = CanSetPowerState("freeze", NULL, NULL) || CanSetPowerState("mem", NULL, "s2idle");
- reply_Bool(msg, conn, result);
+ bool result = checkPolKitAuthorization(msg, "org.trinitydesktop.hardwarecontrol.power.freeze");
+ if (!result) {
+ error_PolkitAccessDenied(msg, conn);
+ }
+ else {
+ result = CanSetPowerState("freeze", NULL, NULL) || CanSetPowerState("mem", NULL, "s2idle");
+ reply_Bool(msg, conn, result);
+ }
}
else if (dbus_message_is_method_call(msg, "org.trinitydesktop.hardwarecontrol.Power", "Freeze")) {
- bool result = false;
- if (CanSetPowerState("freeze", NULL, NULL)) {
- result = SetPowerState("freeze", NULL, NULL);
+ bool result = checkPolKitAuthorization(msg, "org.trinitydesktop.hardwarecontrol.power.freeze");
+ if (!result) {
+ error_PolkitAccessDenied(msg, conn);
}
- else if (CanSetPowerState("mem", NULL, "s2idle")) {
- result = SetPowerState("mem", NULL, "s2idle");
+ else {
+ result = false;
+ if (CanSetPowerState("freeze", NULL, NULL)) {
+ result = SetPowerState("freeze", NULL, NULL);
+ }
+ else if (CanSetPowerState("mem", NULL, "s2idle")) {
+ result = SetPowerState("mem", NULL, "s2idle");
+ }
+ reply_Bool(msg, conn, result);
}
- reply_Bool(msg, conn, result);
}
else if (dbus_message_is_method_call(msg, "org.trinitydesktop.hardwarecontrol.Power", "CanStandby")) {
- bool result = CanSetPowerState("standby", NULL, NULL) || CanSetPowerState("mem", NULL, "shallow");
- reply_Bool(msg, conn, result);
+ bool result = checkPolKitAuthorization(msg, "org.trinitydesktop.hardwarecontrol.power.standby");
+ if (!result) {
+ error_PolkitAccessDenied(msg, conn);
+ }
+ else {
+ result = CanSetPowerState("standby", NULL, NULL) || CanSetPowerState("mem", NULL, "shallow");
+ reply_Bool(msg, conn, result);
+ }
}
else if (dbus_message_is_method_call(msg, "org.trinitydesktop.hardwarecontrol.Power", "Standby")) {
- bool result = false;
- if (CanSetPowerState("standby", NULL, NULL)) {
- result = SetPowerState("standby", NULL, NULL);
+ bool result = checkPolKitAuthorization(msg, "org.trinitydesktop.hardwarecontrol.power.standby");
+ if (!result) {
+ error_PolkitAccessDenied(msg, conn);
}
- else if (CanSetPowerState("mem", NULL, "shallow")) {
- result = SetPowerState("mem", NULL, "shallow");
+ else {
+ result = false;
+ if (CanSetPowerState("standby", NULL, NULL)) {
+ result = SetPowerState("standby", NULL, NULL);
+ }
+ else if (CanSetPowerState("mem", NULL, "shallow")) {
+ result = SetPowerState("mem", NULL, "shallow");
+ }
+ reply_Bool(msg, conn, result);
}
- reply_Bool(msg, conn, result);
}
else if (dbus_message_is_method_call(msg, "org.trinitydesktop.hardwarecontrol.Power", "CanSuspend")) {
- bool result = (CanSetPowerState("mem", NULL, NULL) && access("/sys/power/mem_sleep", R_OK) != 0) ||
- CanSetPowerState("mem", NULL, "deep");
- reply_Bool(msg, conn, result);
+ bool result = checkPolKitAuthorization(msg, "org.trinitydesktop.hardwarecontrol.power.suspend");
+ if (!result) {
+ error_PolkitAccessDenied(msg, conn);
+ }
+ else {
+ result = (CanSetPowerState("mem", NULL, NULL) && access("/sys/power/mem_sleep", R_OK) != 0) ||
+ CanSetPowerState("mem", NULL, "deep");
+ reply_Bool(msg, conn, result);
+ }
}
else if (dbus_message_is_method_call(msg, "org.trinitydesktop.hardwarecontrol.Power", "Suspend")) {
- bool result = false;
- if (CanSetPowerState("mem", NULL, NULL) && access("/sys/power/mem_sleep", R_OK) != 0) {
- result = SetPowerState("mem", NULL, NULL);
+ bool result = checkPolKitAuthorization(msg, "org.trinitydesktop.hardwarecontrol.power.suspend");
+ if (!result) {
+ error_PolkitAccessDenied(msg, conn);
}
- else if (CanSetPowerState("mem", NULL, "deep")) {
- result = SetPowerState("mem", NULL, "deep");
+ else {
+ result = false;
+ if (CanSetPowerState("mem", NULL, NULL) && access("/sys/power/mem_sleep", R_OK) != 0) {
+ result = SetPowerState("mem", NULL, NULL);
+ }
+ else if (CanSetPowerState("mem", NULL, "deep")) {
+ result = SetPowerState("mem", NULL, "deep");
+ }
+ reply_Bool(msg, conn, result);
}
- reply_Bool(msg, conn, result);
}
else if (dbus_message_is_method_call(msg, "org.trinitydesktop.hardwarecontrol.Power", "CanHybridSuspend")) {
- bool result = CanSetPowerState("disk", "suspend", NULL);
- reply_Bool(msg, conn, result);
+ bool result = checkPolKitAuthorization(msg, "org.trinitydesktop.hardwarecontrol.power.hybridsuspend");
+ if (!result) {
+ error_PolkitAccessDenied(msg, conn);
+ }
+ else {
+ result = CanSetPowerState("disk", "suspend", NULL);
+ reply_Bool(msg, conn, result);
+ }
}
else if (dbus_message_is_method_call(msg, "org.trinitydesktop.hardwarecontrol.Power", "HybridSuspend")) {
- bool result = SetPowerState("disk", "suspend", NULL);
- reply_Bool(msg, conn, result);
+ bool result = checkPolKitAuthorization(msg, "org.trinitydesktop.hardwarecontrol.power.hybridsuspend");
+ if (!result) {
+ error_PolkitAccessDenied(msg, conn);
+ }
+ else {
+ result = SetPowerState("disk", "suspend", NULL);
+ reply_Bool(msg, conn, result);
+ }
}
else if (dbus_message_is_method_call(msg, "org.trinitydesktop.hardwarecontrol.Power", "CanHibernate")) {
- bool result = CanSetPowerState("disk", "shutdown", NULL) || CanSetPowerState("disk", "platform", NULL);
- reply_Bool(msg, conn, result);
+ bool result = checkPolKitAuthorization(msg, "org.trinitydesktop.hardwarecontrol.power.hibernate");
+ if (!result) {
+ error_PolkitAccessDenied(msg, conn);
+ }
+ else {
+ result = CanSetPowerState("disk", "shutdown", NULL) || CanSetPowerState("disk", "platform", NULL);
+ reply_Bool(msg, conn, result);
+ }
}
else if (dbus_message_is_method_call(msg, "org.trinitydesktop.hardwarecontrol.Power", "Hibernate")) {
- bool result = false;
- if (CanSetPowerState("disk", "shutdown", NULL)) {
- result = SetPowerState("disk", "shutdown", NULL);
+ bool result = checkPolKitAuthorization(msg, "org.trinitydesktop.hardwarecontrol.power.hibernate");
+ if (!result) {
+ error_PolkitAccessDenied(msg, conn);
}
- else if (CanSetPowerState("disk", "platform", NULL)) {
- result = SetPowerState("disk", "platform", NULL);
+ else {
+ result = false;
+ if (CanSetPowerState("disk", "shutdown", NULL)) {
+ result = SetPowerState("disk", "shutdown", NULL);
+ }
+ else if (CanSetPowerState("disk", "platform", NULL)) {
+ result = SetPowerState("disk", "platform", NULL);
+ }
+ reply_Bool(msg, conn, result);
}
- reply_Bool(msg, conn, result);
}
else if (dbus_message_is_method_call(msg, "org.trinitydesktop.hardwarecontrol.Power", "CanSetHibernationMethod")) {
reply_CanSetHibernationMethod(msg, conn);