Merge lp:~aptdaemon-developers/aptdaemon/auth-later into lp:aptdaemon
- auth-later
- Merge into main
Proposed by
Sebastian Heinlein
Status: | Merged |
---|---|
Merged at revision: | 488 |
Proposed branch: | lp:~aptdaemon-developers/aptdaemon/auth-later |
Merge into: | lp:aptdaemon |
Diff against target: |
382 lines (+105/-94) 3 files modified
aptdaemon/core.py (+102/-93) aptdaemon/enums.py (+3/-0) aptdaemon/policykit1.py (+0/-1) |
To merge this branch: | bzr merge lp:~aptdaemon-developers/aptdaemon/auth-later |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Aptdaemon Developers | Pending | ||
Review via email: mp+35264@code.launchpad.net |
Commit message
Description of the change
To post a comment you must log in.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'aptdaemon/core.py' |
2 | --- aptdaemon/core.py 2010-09-11 07:44:27 +0000 |
3 | +++ aptdaemon/core.py 2010-09-13 10:27:47 +0000 |
4 | @@ -131,6 +131,36 @@ |
5 | privileges. |
6 | """ |
7 | |
8 | + ROLE_ACTION_MAP = { |
9 | + enums.ROLE_INSTALL_PACKAGES: \ |
10 | + policykit1.PK_ACTION_INSTALL_OR_REMOVE_PACKAGES, |
11 | + enums.ROLE_REMOVE_PACKAGES: \ |
12 | + policykit1.PK_ACTION_INSTALL_OR_REMOVE_PACKAGES, |
13 | + enums.ROLE_INSTALL_FILE: \ |
14 | + policykit1.PK_ACTION_INSTALL_FILE, |
15 | + enums.ROLE_UPGRADE_PACKAGES: \ |
16 | + policykit1.PK_ACTION_UPGRADE_PACKAGES, |
17 | + enums.ROLE_UPGRADE_SYSTEM: \ |
18 | + policykit1.PK_ACTION_UPGRADE_PACKAGES, |
19 | + enums.ROLE_UPDATE_CACHE: \ |
20 | + policykit1.PK_ACTION_UPDATE_CACHE, |
21 | + enums.ROLE_COMMIT_PACKAGES: \ |
22 | + policykit1.PK_ACTION_INSTALL_OR_REMOVE_PACKAGES, |
23 | + enums.ROLE_ADD_VENDOR_KEY_FILE: \ |
24 | + policykit1.PK_ACTION_CHANGE_REPOSITORY, |
25 | + enums.ROLE_ADD_VENDOR_KEY_FROM_KEYSERVER: \ |
26 | + policykit1.PK_ACTION_CHANGE_REPOSITORY, |
27 | + enums.ROLE_REMOVE_VENDOR_KEY: \ |
28 | + policykit1.PK_ACTION_CHANGE_REPOSITORY, |
29 | + enums.ROLE_FIX_INCOMPLETE_INSTALL: \ |
30 | + policykit1.PK_ACTION_INSTALL_OR_REMOVE_PACKAGES, |
31 | + enums.ROLE_FIX_BROKEN_DEPENDS: \ |
32 | + policykit1.PK_ACTION_INSTALL_OR_REMOVE_PACKAGES, |
33 | + enums.ROLE_ADD_REPOSITORY: \ |
34 | + policykit1.PK_ACTION_CHANGE_REPOSITORY, |
35 | + enums.ROLE_ENABLE_DISTRO_COMP: \ |
36 | + policykit1.PK_ACTION_CHANGE_REPOSITORY} |
37 | + |
38 | def __init__(self, role, queue, uid, sender, connect=True, bus=None, |
39 | packages=None, kwargs=None): |
40 | """Initialize a new Transaction instance. |
41 | @@ -204,6 +234,7 @@ |
42 | self._sender_owner_changed) |
43 | else: |
44 | self._sender_watch = None |
45 | + self.sender = sender |
46 | |
47 | def _sender_owner_changed(self, connection): |
48 | """Callback if the owner of the original sender changed, e.g. |
49 | @@ -598,12 +629,59 @@ |
50 | @inline_callbacks |
51 | def _run(self, sender): |
52 | yield self._check_foreign_user(sender) |
53 | + yield self._check_auth() |
54 | self.queue.put(self.tid) |
55 | + self.status = enums.STATUS_RUNNING |
56 | next = self.after |
57 | while next: |
58 | + yield next._check_auth() |
59 | self.queue.put(next.tid) |
60 | + next = enums.STATUS_RUNNING |
61 | next = next.after |
62 | |
63 | + @inline_callbacks |
64 | + def _check_auth(self): |
65 | + """Check silently if one of the high level privileges has been granted |
66 | + before to reduce clicks to install packages from third party |
67 | + epositories: AddRepository -> UpdateCache -> InstallPackages |
68 | + """ |
69 | + self.status = enums.STATUS_AUTHENTICATING |
70 | + action = self.ROLE_ACTION_MAP[self.role] |
71 | + # Special case if CommitPackages only upgrades |
72 | + if self.role == enums.ROLE_COMMIT_PACKAGES and \ |
73 | + not self.packages[enums.PKGS_INSTALL] and \ |
74 | + not self.packages[enums.PKGS_REINSTALL] and \ |
75 | + not self.packages[enums.PKGS_REMOVE] and \ |
76 | + not self.packages[enums.PKGS_PURGE] and \ |
77 | + not self.packages[enums.PKGS_DOWNGRADE]: |
78 | + action = policykit1.PK_ACTION_UPGRADE_PACKAGES |
79 | + authorized = yield self._check_alternative_auth() |
80 | + if not authorized: |
81 | + yield policykit1.check_authorization_by_name(self.sender, action) |
82 | + |
83 | + @inline_callbacks |
84 | + def _check_alternative_auth(self): |
85 | + """Check non-interactively if one of the high level privileges |
86 | + has been granted. |
87 | + """ |
88 | + if self.role not in [enums.ROLE_ADD_REPOSITORY, |
89 | + enums.ROLE_ADD_VENDOR_KEY_FROM_KEYSERVER, |
90 | + enums.ROLE_UPDATE_CACHE, |
91 | + enums.ROLE_INSTALL_PACKAGES]: |
92 | + return_value(False) |
93 | + flags = policykit1.CHECK_AUTH_NONE |
94 | + for action in [policykit1.PK_ACTION_INSTALL_PACKAGES_FROM_NEW_REPO, |
95 | + policykit1.PK_ACTION_INSTALL_PURCHASED_PACKAGES]: |
96 | + try: |
97 | + yield policykit1.check_authorization_by_name(self.sender, |
98 | + action, |
99 | + flags=flags) |
100 | + except errors.NotAuthorizedError, error: |
101 | + continue |
102 | + else: |
103 | + return_value(True) |
104 | + return_value(False) |
105 | + |
106 | @dbus_deferred_method(APTDAEMON_TRANSACTION_DBUS_INTERFACE, |
107 | in_signature="", out_signature="", |
108 | sender_keyword="sender") |
109 | @@ -1106,43 +1184,14 @@ |
110 | self.Quit(None) |
111 | |
112 | @inline_callbacks |
113 | - def _create_trans(self, role, action, sender, packages=None, kwargs=None): |
114 | + def _create_trans(self, role, sender, packages=None, kwargs=None): |
115 | """Helper method which returns the tid of a new transaction.""" |
116 | - # Check silently if one of the high level privileges has been granted |
117 | - # before to reduce clicks to install packages from third party |
118 | - # repositories: AddRepository -> UpdateCache -> InstallPackages |
119 | - authorized = yield self._check_alternative_privileges(role, sender) |
120 | - if not authorized: |
121 | - yield policykit1.check_authorization_by_name(sender, action) |
122 | uid = yield policykit1.get_uid_from_dbus_name(sender) |
123 | trans = Transaction(role, self.queue, uid, sender, packages=packages, |
124 | kwargs=kwargs) |
125 | self.queue.limbo[trans.tid] = trans |
126 | return_value(trans.tid) |
127 | |
128 | - @inline_callbacks |
129 | - def _check_alternative_privileges(self, role, sender): |
130 | - """Check non-interactively if one of the high level privileges |
131 | - has been granted. |
132 | - """ |
133 | - if role not in [enums.ROLE_ADD_REPOSITORY, |
134 | - enums.ROLE_ADD_VENDOR_KEY_FROM_KEYSERVER, |
135 | - enums.ROLE_UPDATE_CACHE, |
136 | - enums.ROLE_INSTALL_PACKAGES]: |
137 | - return_value(False) |
138 | - flags = policykit1.CHECK_AUTH_NONE |
139 | - for action in [policykit1.PK_ACTION_INSTALL_PACKAGES_FROM_NEW_REPO, |
140 | - policykit1.PK_ACTION_INSTALL_PURCHASED_PACKAGES]: |
141 | - try: |
142 | - yield policykit1.check_authorization_by_name(sender, |
143 | - action, |
144 | - flags=flags) |
145 | - except errors.NotAuthorizedError, error: |
146 | - continue |
147 | - else: |
148 | - return_value(True) |
149 | - return_value(False) |
150 | - |
151 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
152 | in_signature="", out_signature="s", |
153 | sender_keyword="sender") |
154 | @@ -1154,9 +1203,7 @@ |
155 | performs this action. |
156 | """ |
157 | log.info("FixIncompleteInstall() called") |
158 | - action = policykit1.PK_ACTION_INSTALL_OR_REMOVE_PACKAGES |
159 | - return self._create_trans(enums.ROLE_FIX_INCOMPLETE_INSTALL, |
160 | - action, sender) |
161 | + return self._create_trans(enums.ROLE_FIX_INCOMPLETE_INSTALL, sender) |
162 | |
163 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
164 | in_signature="", out_signature="s", |
165 | @@ -1168,9 +1215,7 @@ |
166 | performs this action. |
167 | """ |
168 | log.info("FixBrokenDepends() called") |
169 | - action = policykit1.PK_ACTION_INSTALL_OR_REMOVE_PACKAGES |
170 | - return self._create_trans(enums.ROLE_FIX_BROKEN_DEPENDS, |
171 | - action, sender) |
172 | + return self._create_trans(enums.ROLE_FIX_BROKEN_DEPENDS, sender) |
173 | |
174 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
175 | in_signature="", out_signature="s", |
176 | @@ -1184,8 +1229,7 @@ |
177 | """ |
178 | log.info("UpdateCache() was called") |
179 | kwargs = {"sources_list": None} |
180 | - return self._create_trans(enums.ROLE_UPDATE_CACHE, |
181 | - policykit1.PK_ACTION_UPDATE_CACHE, sender, |
182 | + return self._create_trans(enums.ROLE_UPDATE_CACHE, sender, |
183 | kwargs=kwargs) |
184 | |
185 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
186 | @@ -1205,8 +1249,7 @@ |
187 | """ |
188 | log.info("UpdateCachePartially() was called") |
189 | kwargs = {"sources_list": sources_list} |
190 | - return self._create_trans(enums.ROLE_UPDATE_CACHE, |
191 | - policykit1.PK_ACTION_UPDATE_CACHE, sender, |
192 | + return self._create_trans(enums.ROLE_UPDATE_CACHE, sender, |
193 | kwargs=kwargs) |
194 | |
195 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
196 | @@ -1224,9 +1267,7 @@ |
197 | performs this action. |
198 | """ |
199 | log.info("RemovePackages() was called: '%s'", package_names) |
200 | - action = policykit1.PK_ACTION_INSTALL_OR_REMOVE_PACKAGES |
201 | - return self._create_trans(enums.ROLE_REMOVE_PACKAGES, |
202 | - action, sender, |
203 | + return self._create_trans(enums.ROLE_REMOVE_PACKAGES, sender, |
204 | packages=([], [], package_names, [], [])) |
205 | |
206 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
207 | @@ -1244,9 +1285,7 @@ |
208 | """ |
209 | log.info("UpgradeSystem() was called with safe mode: " |
210 | "%s" % safe_mode) |
211 | - return self._create_trans(enums.ROLE_UPGRADE_SYSTEM, |
212 | - policykit1.PK_ACTION_UPGRADE_PACKAGES, |
213 | - sender, |
214 | + return self._create_trans(enums.ROLE_UPGRADE_SYSTEM, sender, |
215 | kwargs={"safe_mode": safe_mode}) |
216 | |
217 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
218 | @@ -1280,32 +1319,17 @@ |
219 | # or an origin different from the candidate |
220 | log.info("CommitPackages() was called: %s, %s, %s, %s, %s, %s", |
221 | install, reinstall, remove, purge, upgrade, downgrade) |
222 | - return self._commit_packages(install, reinstall, remove, purge, upgrade, |
223 | - downgrade, sender) |
224 | - |
225 | - @inline_callbacks |
226 | - def _commit_packages(self, install, reinstall, remove, purge, upgrade, |
227 | - downgrade, sender): |
228 | def check_empty_list(lst): |
229 | if lst == [""]: |
230 | return [] |
231 | else: |
232 | return lst |
233 | - packages = [check_empty_list(lst) for lst in [install, reinstall, |
234 | - remove, purge, upgrade, |
235 | - downgrade]] |
236 | - if install != [""] or reinstall != [""] or \ |
237 | - remove != [""] or purge != [""] or downgrade != [""]: |
238 | - action = policykit1.PK_ACTION_INSTALL_OR_REMOVE_PACKAGES |
239 | - yield policykit1.check_authorization_by_name(sender, action) |
240 | - elif upgrade != [""]: |
241 | - action = policykit1.PK_ACTION_UPGRADE_PACKAGES |
242 | - yield policykit1.check_authorization_by_name(sender, action) |
243 | - uid = yield policykit1.get_uid_from_dbus_name(sender) |
244 | - trans = Transaction(enums.ROLE_COMMIT_PACKAGES, self.queue, uid, |
245 | - sender, packages=packages) |
246 | - self.queue.limbo[trans.tid] = trans |
247 | - return_value(trans.tid) |
248 | + packages_lst = [check_empty_list(lst) for lst in [install, reinstall, |
249 | + remove, purge, |
250 | + upgrade, |
251 | + downgrade]] |
252 | + return self._create_trans(enums.ROLE_COMMIT_PACKAGES, sender, |
253 | + packages=packages_lst) |
254 | |
255 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
256 | in_signature="as", out_signature="s", |
257 | @@ -1320,9 +1344,7 @@ |
258 | performs this action. |
259 | """ |
260 | log.info("InstallPackages() was called: %s" % package_names) |
261 | - action = policykit1.PK_ACTION_INSTALL_OR_REMOVE_PACKAGES |
262 | - return self._create_trans(enums.ROLE_INSTALL_PACKAGES, |
263 | - action, sender, |
264 | + return self._create_trans(enums.ROLE_INSTALL_PACKAGES, sender, |
265 | packages=(package_names, [], [], [], [])) |
266 | |
267 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
268 | @@ -1338,9 +1360,7 @@ |
269 | performs this action. |
270 | """ |
271 | log.info("UpgradePackages() was called: %s" % package_names) |
272 | - return self._create_trans(enums.ROLE_UPGRADE_PACKAGES, |
273 | - policykit1.PK_ACTION_UPGRADE_PACKAGES, |
274 | - sender, |
275 | + return self._create_trans(enums.ROLE_UPGRADE_PACKAGES, sender, |
276 | packages=([], [], [], [], package_names)) |
277 | |
278 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
279 | @@ -1361,12 +1381,11 @@ |
280 | performs this action. |
281 | """ |
282 | #FIXME: Should not be a transaction |
283 | - log.info("InstallVendorKeyFromKeyserver() was called: %s %s" % (keyid, keyserver)) |
284 | + log.info("InstallVendorKeyFromKeyserver() was called: %s %s", |
285 | + keyid, keyserver) |
286 | return self._create_trans(enums.ROLE_ADD_VENDOR_KEY_FROM_KEYSERVER, |
287 | - policykit1.PK_ACTION_CHANGE_REPOSITORY, |
288 | - sender, |
289 | - kwargs={"keyid": keyid, |
290 | - "keyserver": keyserver}) |
291 | + sender, kwargs={"keyid": keyid, |
292 | + "keyserver": keyserver}) |
293 | |
294 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
295 | in_signature="s", out_signature="s", |
296 | @@ -1384,9 +1403,7 @@ |
297 | #FIXME: Should not be a transaction |
298 | log.info("InstallVendorKeyFile() was called: %s" % path) |
299 | return self._create_trans(enums.ROLE_ADD_VENDOR_KEY_FILE, |
300 | - policykit1.PK_ACTION_CHANGE_REPOSITORY, |
301 | - sender, |
302 | - kwargs={"path": path}) |
303 | + sender, kwargs={"path": path}) |
304 | |
305 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
306 | in_signature="s", out_signature="s", |
307 | @@ -1404,9 +1421,7 @@ |
308 | #FIXME: Should not be a transaction |
309 | log.info("RemoveVendorKey() was called: %s" % fingerprint) |
310 | return self._create_trans(enums.ROLE_REMOVE_VENDOR_KEY, |
311 | - policykit1.PK_ACTION_CHANGE_REPOSITORY, |
312 | - sender, |
313 | - kwargs={"fingerprint": fingerprint}) |
314 | + sender, kwargs={"fingerprint": fingerprint}) |
315 | |
316 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
317 | in_signature="s", out_signature="s", |
318 | @@ -1424,9 +1439,7 @@ |
319 | #FIXME: Perform some checks |
320 | #FIXME: Should we already extract the package name here? |
321 | return self._create_trans(enums.ROLE_INSTALL_FILE, |
322 | - policykit1.PK_ACTION_INSTALL_FILE, |
323 | - sender, |
324 | - kwargs={"path": path}) |
325 | + sender, kwargs={"path": path}) |
326 | |
327 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
328 | in_signature="sssasss", out_signature="s", |
329 | @@ -1456,9 +1469,7 @@ |
330 | log.info("AddRepository() was called: type='%s' uri='%s' " |
331 | "dist='%s' comps='%s' comment='%s' sourcesfile='%s'", |
332 | src_type, uri, dist, comps, comment, sourcesfile) |
333 | - return self._create_trans(enums.ROLE_ADD_REPOSITORY, |
334 | - policykit1.PK_ACTION_CHANGE_REPOSITORY, |
335 | - sender, |
336 | + return self._create_trans(enums.ROLE_ADD_REPOSITORY, sender, |
337 | kwargs={"src_type": src_type, "uri": uri, |
338 | "dist": dist, "comps": comps, |
339 | "comment": comment, |
340 | @@ -1483,9 +1494,7 @@ |
341 | performs this action. |
342 | """ |
343 | log.info("EnableComponent() was called: component='%s' ", component) |
344 | - return self._create_trans(enums.ROLE_ENABLE_DISTRO_COMP, |
345 | - policykit1.PK_ACTION_CHANGE_REPOSITORY, |
346 | - sender, |
347 | + return self._create_trans(enums.ROLE_ENABLE_DISTRO_COMP, sender, |
348 | kwargs={"component": component}) |
349 | |
350 | @dbus_deferred_method(APTDAEMON_DBUS_INTERFACE, |
351 | |
352 | === modified file 'aptdaemon/enums.py' |
353 | --- aptdaemon/enums.py 2010-09-04 07:27:52 +0000 |
354 | +++ aptdaemon/enums.py 2010-09-13 10:27:47 +0000 |
355 | @@ -165,6 +165,8 @@ |
356 | STATUS_FINISHED = "status-finished" |
357 | #: The transaction has been cancelled. |
358 | STATUS_CANCELLING = "status-cancelling" |
359 | +#: The transaction waits for authentication |
360 | +STATUS_AUTHENTICATING = "status-authenticating" |
361 | |
362 | # TRANSACTION ROLES |
363 | #: The role of the transaction has not been specified yet. |
364 | @@ -504,6 +506,7 @@ |
365 | STATUS_FINISHED : _("Finished"), |
366 | STATUS_CANCELLING : _("Cancelling"), |
367 | STATUS_LOADING_CACHE : _("Loading software list"), |
368 | + STATUS_AUTHENTICATING : _("Waiting for authentication"), |
369 | } |
370 | |
371 | def get_status_string_from_enum(enum): |
372 | |
373 | === modified file 'aptdaemon/policykit1.py' |
374 | --- aptdaemon/policykit1.py 2010-09-09 13:22:17 +0000 |
375 | +++ aptdaemon/policykit1.py 2010-09-13 10:27:47 +0000 |
376 | @@ -29,7 +29,6 @@ |
377 | "PK_ACTION_INSTALL_OR_REMOVE_PACKAGES", |
378 | "PK_ACTION_INSTALL_PACKAGES_FROM_NRE_REPO", |
379 | "PK_ACTION_INSTALL_PURCHASED_PACKAGES", |
380 | - "PK_ACTION_ADD_OR_REMOVE_VENDOR_KEY", |
381 | "PK_ACTION_UPDATE_CACHE", "PK_ACTION_UPGRADE_PACKAGES", |
382 | "PK_ACTION_SET_PROXY") |
383 |