From e9def2b8b0098842d0223d0951f41e2106821a88 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Wed, 14 Apr 2021 17:04:59 +0200 Subject: [PATCH] Do not use Python slip package It's not maintained anymore and it allows us to drop dependency on Python slip package Use DBUS polkit interface instead - https://www.freedesktop.org/software/polkit/docs/latest/eggdbus-interface-org.freedesktop.PolicyKit1.Authority.html --- src/SetroubleshootFixit.py | 35 +++++++++++++++++++++++++---------- src/setroubleshoot/browser.py | 3 --- 2 files changed, 25 insertions(+), 13 deletions(-) diff --git a/framework/src/SetroubleshootFixit.py b/framework/src/SetroubleshootFixit.py index f7cbf95..ab0ad2b 100644 --- a/framework/src/SetroubleshootFixit.py +++ b/framework/src/SetroubleshootFixit.py @@ -4,13 +4,11 @@ import dbus import dbus.service import dbus.mainloop.glib from gi.repository import GLib -import slip.dbus.service -from slip.dbus import polkit import os import signal +import subprocess - -class RunFix(slip.dbus.service.Object): +class RunFix(dbus.service.Object): default_polkit_auth_required = "org.fedoraproject.setroubleshootfixit.write" def __init__(self, *p, **k): @@ -21,14 +19,32 @@ class RunFix(slip.dbus.service.Object): def alarm(self, timeout=10): signal.alarm(timeout) - - @dbus.service.method("org.fedoraproject.SetroubleshootFixit", in_signature='ss', out_signature='s') - def run_fix(self, local_id, analysis_id): - import subprocess + def is_authorized(self, sender): + bus = dbus.SystemBus() + + proxy = bus.get_object('org.freedesktop.PolicyKit1', '/org/freedesktop/PolicyKit1/Authority') + authority = dbus.Interface(proxy, dbus_interface='org.freedesktop.PolicyKit1.Authority') + subject = ('system-bus-name', {'name' : sender}) + action_id = 'org.fedoraproject.setroubleshootfixit.write' + details = {} + flags = 1 # AllowUserInteraction flag + cancellation_id = '' # No cancellation id + result = authority.CheckAuthorization(subject, action_id, details, flags, cancellation_id) + return result[0] + + @dbus.service.method("org.fedoraproject.SetroubleshootFixit", sender_keyword="sender", in_signature='ss', out_signature='s') + def run_fix(self, local_id, analysis_id, sender): self.alarm(0) command = ["sealert", "-f", local_id, "-P", analysis_id] - return subprocess.check_output(command, universal_newlines=True) + + if self.is_authorized(sender): + result = subprocess.check_output(command, universal_newlines=True) + else: + result = "Authorization failed" + self.alarm(self.timeout) + return result + if __name__ == "__main__": mainloop = GLib.MainLoop() @@ -36,5 +52,4 @@ if __name__ == "__main__": system_bus = dbus.SystemBus() name = dbus.service.BusName("org.fedoraproject.SetroubleshootFixit", system_bus) object = RunFix(system_bus, "/org/fedoraproject/SetroubleshootFixit/object") - slip.dbus.service.set_mainloop(mainloop) mainloop.run() diff --git a/framework/src/setroubleshoot/browser.py b/framework/src/setroubleshoot/browser.py index 2d37bb4..3203f75 100644 --- a/framework/src/setroubleshoot/browser.py +++ b/framework/src/setroubleshoot/browser.py @@ -65,8 +65,6 @@ from setroubleshoot.util import * from setroubleshoot.html_util import html_to_text import re import dbus -import slip.dbus.service -from slip.dbus import polkit import report import report.io import report.io.GTKIO @@ -933,7 +931,6 @@ class DBusProxy (object): self.bus = dbus.SystemBus() self.dbus_object = self.bus.get_object("org.fedoraproject.SetroubleshootFixit", "/org/fedoraproject/SetroubleshootFixit/object") - @polkit.enable_proxy def run_fix(self, local_id, plugin_name): return self.dbus_object.run_fix(local_id, plugin_name, dbus_interface="org.fedoraproject.SetroubleshootFixit") -- 2.30.2