Merge lp:~aptdaemon-developers/aptdaemon/auth-later into lp:aptdaemon
- auth-later
- Merge into main
Proposed by
Sebastian Heinlein
| Status: | Merged |
|---|---|
| Merged at revision: | 488 |
| Proposed branch: | lp:~aptdaemon-developers/aptdaemon/auth-later |
| Merge into: | lp:aptdaemon |
| Diff against target: |
382 lines (+105/-94) 3 files modified
aptdaemon/core.py (+102/-93) aptdaemon/enums.py (+3/-0) aptdaemon/policykit1.py (+0/-1) |
| To merge this branch: | bzr merge lp:~aptdaemon-developers/aptdaemon/auth-later |
| Related bugs: |
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Aptdaemon Developers | Pending | ||
|
Review via email:
|
|||
Commit message
Description of the change
To post a comment you must log in.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
| 1 | === modified file 'aptdaemon/core.py' |
| 2 | --- aptdaemon/core.py 2010-09-11 07:44:27 +0000 |
| 3 | +++ aptdaemon/core.py 2010-09-13 10:27:47 +0000 |
| 4 | @@ -131,6 +131,36 @@ |
| 5 | privileges. |
| 6 | """ |
| 7 | |
| 8 | + ROLE_ACTION_MAP = { |
| 9 | + enums.ROLE_INSTALL_PACKAGES: \ |
| 10 | + policykit1.PK_ACTION_INSTALL_OR_REMOVE_PACKAGES, |
| 11 | + enums.ROLE_REMOVE_PACKAGES: \ |
| 12 | + policykit1.PK_ACTION_INSTALL_OR_REMOVE_PACKAGES, |
| 13 | + enums.ROLE_INSTALL_FILE: \ |
| 14 | + policykit1.PK_ACTION_INSTALL_FILE, |
| 15 | + enums.ROLE_UPGRADE_PACKAGES: \ |
| 16 | + policykit1.PK_ACTION_UPGRADE_PACKAGES, |
| 17 | + enums.ROLE_UPGRADE_SYSTEM: \ |
| 18 | + policykit1.PK_ACTION_UPGRADE_PACKAGES, |
| 19 | + enums.ROLE_UPDATE_CACHE: \ |
| 20 | + policykit1.PK_ACTION_UPDATE_CACHE, |
| 21 | + enums.ROLE_COMMIT_PACKAGES: \ |
| 22 | + policykit1.PK_ACTION_INSTALL_OR_REMOVE_PACKAGES, |
| 23 | + enums.ROLE_ADD_VENDOR_KEY_FILE: \ |
| 24 | + policykit1.PK_ACTION_CHANGE_REPOSITORY, |
| 25 | + enums.ROLE_ADD_VENDOR_KEY_FROM_KEYSERVER: \ |
| 26 | + policykit1.PK_ACTION_CHANGE_REPOSITORY, |
| 27 | + enums.ROLE_REMOVE_VENDOR_KEY: \ |
| 28 | + policykit1.PK_ACTION_CHANGE_REPOSITORY, |
| 29 | + enums.ROLE_FIX_INCOMPLETE_INSTALL: \ |
| 30 | + policykit1.PK_ACTION_INSTALL_OR_REMOVE_PACKAGES, |
| 31 | + enums.ROLE_FIX_BROKEN_DEPENDS: \ |
| 32 | + policykit1.PK_ACTION_INSTALL_OR_REMOVE_PACKAGES, |
| 33 | + enums.ROLE_ADD_REPOSITORY: \ |
| 34 | + policykit1.PK_ACTION_CHANGE_REPOSITORY, |
| 35 | + enums.ROLE_ENABLE_DISTRO_COMP: \ |
| 36 | + policykit1.PK_ACTION_CHANGE_REPOSITORY} |
| 37 | + |
| 38 | def __init__(self, role, queue, uid, sender, connect=True, bus=None, |
| 39 | packages=None, kwargs=None): |
| 40 | """Initialize a new Transaction instance. |
| 41 | @@ -204,6 +234,7 @@ |
| 42 | self._sender_owner_changed) |
| 43 | else: |
| 44 | self._sender_watch = None |
| 45 | + self.sender = sender |
| 46 | |
| 47 | def _sender_owner_changed(self, connection): |
| 48 | """Callback if the owner of the original sender changed, e.g. |
| 49 | @@ -598,12 +629,59 @@ |
| 50 | @inline_callbacks |
| 51 | def _run(self, sender): |
| 52 | yield self._check_foreign_user(sender) |
| 53 | + yield self._check_auth() |
| 54 | self.queue.put(self.tid) |
| 55 | + self.status = enums.STATUS_RUNNING |
| 56 | next = self.after |
| 57 | while next: |
| 58 | + yield next._check_auth() |
| 59 | self.queue.put(next.tid) |
| 60 | + next = enums.STATUS_RUNNING |
| 61 | next = next.after |
| 62 | |
| 63 | + @inline_callbacks |
| 64 | + def _check_auth(self): |
| 65 | + """Check silently if one of the high level privileges has been granted |
| 66 | + before to reduce clicks to install packages from third party |
| 67 | + epositories: AddRepository -> UpdateCache -> InstallPackages |
| 68 | + """ |
| 69 | + self.status = enums.STATUS_AUTHENTICATING |
| 70 | + action = self.ROLE_ACTION_MAP[self.role] |
| 71 | + # Special case if CommitPackages only upgrades |
| 72 | + if self.role == enums.ROLE_COMMIT_PACKAGES and \ |
| 73 | + not self.packages[enums.PKGS_INSTALL] and \ |
| 74 | + not self.packages[enums.PKGS_REINSTALL] and \ |
| 75 | + not self.packages[enums.PKGS_REMOVE] and \ |
| 76 | + not self.packages[enums.PKGS_PURGE] and \ |
| 77 | + not self.packages[enums.PKGS_DOWNGRADE]: |
| 78 | + action = policykit1.PK_ACTION_UPGRADE_PACKAGES |
| 79 | + authorized = yield self._check_alternative_auth() |
| 80 | + if not authorized: |
| 81 | + yield policykit1.check_authorization_by_name(self.sender, action) |
| 82 | + |
| 83 | + @inline_callbacks |
| 84 | + def _check_alternative_auth(self): |
| 85 | + """Check non-interactively if one of the high level privileges |
| 86 | + has been granted. |
| 87 | + """ |
| 88 | + if self.role not in [enums.ROLE_ADD_REPOSITORY, |
| 89 | + enums.ROLE_ADD_VENDOR_KEY_FROM_KEYSERVER, |
| 90 | + enums.ROLE_UPDATE_CACHE, |
| 91 | + enums.ROLE_INSTALL_PACKAGES]: |
| 92 | + return_value(False) |
| 93 | + flags = policykit1.CHECK_AUTH_NONE |
| 94 | + for action in [policykit1.PK_ACTION_INSTALL_PACKAGES_FROM_NEW_REPO, |
| 95 | + policykit1.PK_ACTION_INSTALL_PURCHASED_PACKAGES]: |
| 96 | + try: |
| 97 | + yield policykit1.check_authorization_by_name(self.sender, |
| 98 | + action, |
| 99 | + flags=flags) |
| 100 | + except errors.NotAuthorizedError, error: |
| 101 | + continue |
| 102 | + else: |
| 103 | + return_value(True) |
| 104 | + return_value(False) |
| 105 | + |
| 106 | @dbus_deferred_method(APTDAEMON_TRANSACTION_DBUS_INTERFACE, |
| 107 | in_signature="", out_signature="", |
| 108 | sender_keyword="sender") |
| 109 | @@ -1106,43 +1184,14 @@ |
| 110 | self.Quit(None) |
| 111 | |
| 112 | @inline_callbacks |
| 113 | - def _create_trans(self, role, action, sender, packages=None, kwargs=None): |
| 114 | + def _create_trans(self, role, sender, packages=None, kwargs=None): |
| 115 | """Helper method which returns the tid of a new transaction.""" |
| 116 | - # Check silently if one of the high level privileges has been granted |
| 117 | - # before to reduce clicks to install packages from third party |
| 118 | - # repositories: AddRepository -> UpdateCache -> InstallPackages |
| 119 | - authorized = yield self._check_alternative_privileges(role, sender) |
| 120 | - if not authorized: |
| 121 | - yield policykit1.check_authorization_by_name(sender, action) |
| 122 | uid = yield policykit1.get_uid_from_dbus_name(sender) |
| 123 | trans = Transaction(role, self.queue, uid, sender, packages=packages, |
| 124 | kwargs=kwargs) |
| 125 | self.queue.limbo[trans.tid] = trans |
| 126 | return_value(trans.tid) |
| 127 | |
| 128 | - @inline_callbacks |
| 129 | - def _check_alternative_privileges(self, role, sender): |
| 130 | - """Check non-interactively if one of the high level privileges |
| 131 | - has been granted. |
| 132 | - """ |
| 133 | - if role not in [enums.ROLE_ADD_REPOSITORY, |
| 134 | - enums.ROLE_ADD_VENDOR_KEY_FROM_KEYSERVER, |
| 135 | - enums.ROLE_UPDATE_CACHE, |
| 136 | - enums.ROLE_INSTALL_PACKAGES]: |
| 137 | - return_value(False) |
| 138 | - flags = policykit1.CHECK_AUTH_NONE |
| 139 | - for action in [policykit1.PK_ACTION_INSTALL_PACKAGES_FROM_NEW_REPO, |
| 140 | - policykit1.PK_ACTION_INSTALL_PURCHASED_PACKAGES]: |
| 141 | - try: |
| 142 | - yield policykit1.check_authorization_by_name(sender, |
| 143 | - action, |
| 144 | - flags=flags) |
| 145 | - except errors.NotAuthorizedError, error: |
| 146 | - continue |
| 147 | - else: |
| 148 | - return_value(True) |
| 149 | - return_value(False) |
| 150 | - |
| 151 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
| 152 | in_signature="", out_signature="s", |
| 153 | sender_keyword="sender") |
| 154 | @@ -1154,9 +1203,7 @@ |
| 155 | performs this action. |
| 156 | """ |
| 157 | log.info("FixIncompleteInstall() called") |
| 158 | - action = policykit1.PK_ACTION_INSTALL_OR_REMOVE_PACKAGES |
| 159 | - return self._create_trans(enums.ROLE_FIX_INCOMPLETE_INSTALL, |
| 160 | - action, sender) |
| 161 | + return self._create_trans(enums.ROLE_FIX_INCOMPLETE_INSTALL, sender) |
| 162 | |
| 163 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
| 164 | in_signature="", out_signature="s", |
| 165 | @@ -1168,9 +1215,7 @@ |
| 166 | performs this action. |
| 167 | """ |
| 168 | log.info("FixBrokenDepends() called") |
| 169 | - action = policykit1.PK_ACTION_INSTALL_OR_REMOVE_PACKAGES |
| 170 | - return self._create_trans(enums.ROLE_FIX_BROKEN_DEPENDS, |
| 171 | - action, sender) |
| 172 | + return self._create_trans(enums.ROLE_FIX_BROKEN_DEPENDS, sender) |
| 173 | |
| 174 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
| 175 | in_signature="", out_signature="s", |
| 176 | @@ -1184,8 +1229,7 @@ |
| 177 | """ |
| 178 | log.info("UpdateCache() was called") |
| 179 | kwargs = {"sources_list": None} |
| 180 | - return self._create_trans(enums.ROLE_UPDATE_CACHE, |
| 181 | - policykit1.PK_ACTION_UPDATE_CACHE, sender, |
| 182 | + return self._create_trans(enums.ROLE_UPDATE_CACHE, sender, |
| 183 | kwargs=kwargs) |
| 184 | |
| 185 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
| 186 | @@ -1205,8 +1249,7 @@ |
| 187 | """ |
| 188 | log.info("UpdateCachePartially() was called") |
| 189 | kwargs = {"sources_list": sources_list} |
| 190 | - return self._create_trans(enums.ROLE_UPDATE_CACHE, |
| 191 | - policykit1.PK_ACTION_UPDATE_CACHE, sender, |
| 192 | + return self._create_trans(enums.ROLE_UPDATE_CACHE, sender, |
| 193 | kwargs=kwargs) |
| 194 | |
| 195 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
| 196 | @@ -1224,9 +1267,7 @@ |
| 197 | performs this action. |
| 198 | """ |
| 199 | log.info("RemovePackages() was called: '%s'", package_names) |
| 200 | - action = policykit1.PK_ACTION_INSTALL_OR_REMOVE_PACKAGES |
| 201 | - return self._create_trans(enums.ROLE_REMOVE_PACKAGES, |
| 202 | - action, sender, |
| 203 | + return self._create_trans(enums.ROLE_REMOVE_PACKAGES, sender, |
| 204 | packages=([], [], package_names, [], [])) |
| 205 | |
| 206 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
| 207 | @@ -1244,9 +1285,7 @@ |
| 208 | """ |
| 209 | log.info("UpgradeSystem() was called with safe mode: " |
| 210 | "%s" % safe_mode) |
| 211 | - return self._create_trans(enums.ROLE_UPGRADE_SYSTEM, |
| 212 | - policykit1.PK_ACTION_UPGRADE_PACKAGES, |
| 213 | - sender, |
| 214 | + return self._create_trans(enums.ROLE_UPGRADE_SYSTEM, sender, |
| 215 | kwargs={"safe_mode": safe_mode}) |
| 216 | |
| 217 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
| 218 | @@ -1280,32 +1319,17 @@ |
| 219 | # or an origin different from the candidate |
| 220 | log.info("CommitPackages() was called: %s, %s, %s, %s, %s, %s", |
| 221 | install, reinstall, remove, purge, upgrade, downgrade) |
| 222 | - return self._commit_packages(install, reinstall, remove, purge, upgrade, |
| 223 | - downgrade, sender) |
| 224 | - |
| 225 | - @inline_callbacks |
| 226 | - def _commit_packages(self, install, reinstall, remove, purge, upgrade, |
| 227 | - downgrade, sender): |
| 228 | def check_empty_list(lst): |
| 229 | if lst == [""]: |
| 230 | return [] |
| 231 | else: |
| 232 | return lst |
| 233 | - packages = [check_empty_list(lst) for lst in [install, reinstall, |
| 234 | - remove, purge, upgrade, |
| 235 | - downgrade]] |
| 236 | - if install != [""] or reinstall != [""] or \ |
| 237 | - remove != [""] or purge != [""] or downgrade != [""]: |
| 238 | - action = policykit1.PK_ACTION_INSTALL_OR_REMOVE_PACKAGES |
| 239 | - yield policykit1.check_authorization_by_name(sender, action) |
| 240 | - elif upgrade != [""]: |
| 241 | - action = policykit1.PK_ACTION_UPGRADE_PACKAGES |
| 242 | - yield policykit1.check_authorization_by_name(sender, action) |
| 243 | - uid = yield policykit1.get_uid_from_dbus_name(sender) |
| 244 | - trans = Transaction(enums.ROLE_COMMIT_PACKAGES, self.queue, uid, |
| 245 | - sender, packages=packages) |
| 246 | - self.queue.limbo[trans.tid] = trans |
| 247 | - return_value(trans.tid) |
| 248 | + packages_lst = [check_empty_list(lst) for lst in [install, reinstall, |
| 249 | + remove, purge, |
| 250 | + upgrade, |
| 251 | + downgrade]] |
| 252 | + return self._create_trans(enums.ROLE_COMMIT_PACKAGES, sender, |
| 253 | + packages=packages_lst) |
| 254 | |
| 255 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
| 256 | in_signature="as", out_signature="s", |
| 257 | @@ -1320,9 +1344,7 @@ |
| 258 | performs this action. |
| 259 | """ |
| 260 | log.info("InstallPackages() was called: %s" % package_names) |
| 261 | - action = policykit1.PK_ACTION_INSTALL_OR_REMOVE_PACKAGES |
| 262 | - return self._create_trans(enums.ROLE_INSTALL_PACKAGES, |
| 263 | - action, sender, |
| 264 | + return self._create_trans(enums.ROLE_INSTALL_PACKAGES, sender, |
| 265 | packages=(package_names, [], [], [], [])) |
| 266 | |
| 267 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
| 268 | @@ -1338,9 +1360,7 @@ |
| 269 | performs this action. |
| 270 | """ |
| 271 | log.info("UpgradePackages() was called: %s" % package_names) |
| 272 | - return self._create_trans(enums.ROLE_UPGRADE_PACKAGES, |
| 273 | - policykit1.PK_ACTION_UPGRADE_PACKAGES, |
| 274 | - sender, |
| 275 | + return self._create_trans(enums.ROLE_UPGRADE_PACKAGES, sender, |
| 276 | packages=([], [], [], [], package_names)) |
| 277 | |
| 278 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
| 279 | @@ -1361,12 +1381,11 @@ |
| 280 | performs this action. |
| 281 | """ |
| 282 | #FIXME: Should not be a transaction |
| 283 | - log.info("InstallVendorKeyFromKeyserver() was called: %s %s" % (keyid, keyserver)) |
| 284 | + log.info("InstallVendorKeyFromKeyserver() was called: %s %s", |
| 285 | + keyid, keyserver) |
| 286 | return self._create_trans(enums.ROLE_ADD_VENDOR_KEY_FROM_KEYSERVER, |
| 287 | - policykit1.PK_ACTION_CHANGE_REPOSITORY, |
| 288 | - sender, |
| 289 | - kwargs={"keyid": keyid, |
| 290 | - "keyserver": keyserver}) |
| 291 | + sender, kwargs={"keyid": keyid, |
| 292 | + "keyserver": keyserver}) |
| 293 | |
| 294 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
| 295 | in_signature="s", out_signature="s", |
| 296 | @@ -1384,9 +1403,7 @@ |
| 297 | #FIXME: Should not be a transaction |
| 298 | log.info("InstallVendorKeyFile() was called: %s" % path) |
| 299 | return self._create_trans(enums.ROLE_ADD_VENDOR_KEY_FILE, |
| 300 | - policykit1.PK_ACTION_CHANGE_REPOSITORY, |
| 301 | - sender, |
| 302 | - kwargs={"path": path}) |
| 303 | + sender, kwargs={"path": path}) |
| 304 | |
| 305 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
| 306 | in_signature="s", out_signature="s", |
| 307 | @@ -1404,9 +1421,7 @@ |
| 308 | #FIXME: Should not be a transaction |
| 309 | log.info("RemoveVendorKey() was called: %s" % fingerprint) |
| 310 | return self._create_trans(enums.ROLE_REMOVE_VENDOR_KEY, |
| 311 | - policykit1.PK_ACTION_CHANGE_REPOSITORY, |
| 312 | - sender, |
| 313 | - kwargs={"fingerprint": fingerprint}) |
| 314 | + sender, kwargs={"fingerprint": fingerprint}) |
| 315 | |
| 316 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
| 317 | in_signature="s", out_signature="s", |
| 318 | @@ -1424,9 +1439,7 @@ |
| 319 | #FIXME: Perform some checks |
| 320 | #FIXME: Should we already extract the package name here? |
| 321 | return self._create_trans(enums.ROLE_INSTALL_FILE, |
| 322 | - policykit1.PK_ACTION_INSTALL_FILE, |
| 323 | - sender, |
| 324 | - kwargs={"path": path}) |
| 325 | + sender, kwargs={"path": path}) |
| 326 | |
| 327 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
| 328 | in_signature="sssasss", out_signature="s", |
| 329 | @@ -1456,9 +1469,7 @@ |
| 330 | log.info("AddRepository() was called: type='%s' uri='%s' " |
| 331 | "dist='%s' comps='%s' comment='%s' sourcesfile='%s'", |
| 332 | src_type, uri, dist, comps, comment, sourcesfile) |
| 333 | - return self._create_trans(enums.ROLE_ADD_REPOSITORY, |
| 334 | - policykit1.PK_ACTION_CHANGE_REPOSITORY, |
| 335 | - sender, |
| 336 | + return self._create_trans(enums.ROLE_ADD_REPOSITORY, sender, |
| 337 | kwargs={"src_type": src_type, "uri": uri, |
| 338 | "dist": dist, "comps": comps, |
| 339 | "comment": comment, |
| 340 | @@ -1483,9 +1494,7 @@ |
| 341 | performs this action. |
| 342 | """ |
| 343 | log.info("EnableComponent() was called: component='%s' ", component) |
| 344 | - return self._create_trans(enums.ROLE_ENABLE_DISTRO_COMP, |
| 345 | - policykit1.PK_ACTION_CHANGE_REPOSITORY, |
| 346 | - sender, |
| 347 | + return self._create_trans(enums.ROLE_ENABLE_DISTRO_COMP, sender, |
| 348 | kwargs={"component": component}) |
| 349 | |
| 350 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
| 351 | |
| 352 | === modified file 'aptdaemon/enums.py' |
| 353 | --- aptdaemon/enums.py 2010-09-04 07:27:52 +0000 |
| 354 | +++ aptdaemon/enums.py 2010-09-13 10:27:47 +0000 |
| 355 | @@ -165,6 +165,8 @@ |
| 356 | STATUS_FINISHED = "status-finished" |
| 357 | #: The transaction has been cancelled. |
| 358 | STATUS_CANCELLING = "status-cancelling" |
| 359 | +#: The transaction waits for authentication |
| 360 | +STATUS_AUTHENTICATING = "status-authenticating" |
| 361 | |
| 362 | # TRANSACTION ROLES |
| 363 | #: The role of the transaction has not been specified yet. |
| 364 | @@ -504,6 +506,7 @@ |
| 365 | STATUS_FINISHED : _("Finished"), |
| 366 | STATUS_CANCELLING : _("Cancelling"), |
| 367 | STATUS_LOADING_CACHE : _("Loading software list"), |
| 368 | + STATUS_AUTHENTICATING : _("Waiting for authentication"), |
| 369 | } |
| 370 | |
| 371 | def get_status_string_from_enum(enum): |
| 372 | |
| 373 | === modified file 'aptdaemon/policykit1.py' |
| 374 | --- aptdaemon/policykit1.py 2010-09-09 13:22:17 +0000 |
| 375 | +++ aptdaemon/policykit1.py 2010-09-13 10:27:47 +0000 |
| 376 | @@ -29,7 +29,6 @@ |
| 377 | "PK_ACTION_INSTALL_OR_REMOVE_PACKAGES", |
| 378 | "PK_ACTION_INSTALL_PACKAGES_FROM_NRE_REPO", |
| 379 | "PK_ACTION_INSTALL_PURCHASED_PACKAGES", |
| 380 | - "PK_ACTION_ADD_OR_REMOVE_VENDOR_KEY", |
| 381 | "PK_ACTION_UPDATE_CACHE", "PK_ACTION_UPGRADE_PACKAGES", |
| 382 | "PK_ACTION_SET_PROXY") |
| 383 |
