Merge lp:~aptdaemon-developers/aptdaemon/high-level-privilege into lp:aptdaemon/0.3

Proposed by Sebastian Heinlein on 2010-08-22
Status: Needs review
Proposed branch: lp:~aptdaemon-developers/aptdaemon/high-level-privilege
Merge into: lp:aptdaemon/0.3
Diff against target: 135 lines (+66/-9)
5 files modified
NEWS (+18/-0)
aptdaemon/core.py (+34/-2)
aptdaemon/errors.py (+1/-6)
aptdaemon/policykit1.py (+1/-1)
data/org.debian.apt.policy.in (+12/-0)
To merge this branch: bzr merge lp:~aptdaemon-developers/aptdaemon/high-level-privilege
Reviewer Review Type Date Requested Status
Aptdaemon Developers 2010-08-22 Pending
Review via email: mp+33318@code.launchpad.net
To post a comment you must log in.

Unmerged revisions

457. By Sebastian Heinlein on 2010-08-22

Check if the user can obtain the high level privilege install-or-remove in
CommitPackages before falling back to the single low level privileges.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'NEWS'
2--- NEWS 2010-07-20 14:24:48 +0000
3+++ NEWS 2010-08-22 06:52:40 +0000
4@@ -1,3 +1,21 @@
5+API CHANGES 0.3X
6+
7+* policykit1 Python module
8+
9+ - Raise an AuthorizationFailed exception in a non-interactive check if the
10+ user could obtain the privilege in interactive-mode (is_challenged)
11+
12+
13+* errors Python module
14+
15+ - Make the AuthorizationFailed error an inheritance of NotAuthorizedError
16+
17+
18+* PolicyKit1:
19+
20+ - Add a new high level privilege install-or-remove
21+
22+
23 API CHANGES 0.32
24
25 * PolicyKit1:
26
27=== modified file 'aptdaemon/core.py'
28--- aptdaemon/core.py 2010-08-21 06:56:19 +0000
29+++ aptdaemon/core.py 2010-08-22 06:52:40 +0000
30@@ -1155,14 +1155,46 @@
31 return lst
32 packages = [check_empty_list(lst) for lst in [install, reinstall,
33 remove, purge, upgrade]]
34+ # At first check if the high level privilege can be obtained
35+ flags = policykit1.CHECK_AUTH_NONE
36+ try:
37+ action = policykit1.PK_ACTION_INSTALL_OR_REMOVE_PACKAGES
38+ yield policykit1.check_authorization_by_name(sender, action,
39+ flags=flags)
40+ except errors.AuthorizationFailed:
41+ # If an interactive auth is required we get this error
42+ pass
43+ except errors.NotAuthorizedError:
44+ # Fallback to the low level privileges if the privilege cannot be
45+ # obtained at all
46+ flags = policykit1.CHECK_AUTH_ALLOW_USER_INTERACTION
47 if install != [""] or reinstall != [""]:
48 action = policykit1.PK_ACTION_INSTALL_PACKAGES
49- yield policykit1.check_authorization_by_name(sender, action)
50+ try:
51+ yield policykit1.check_authorization_by_name(sender, action,
52+ flags=flags)
53+ except errors.AuthorizationFailed:
54+ if flags:
55+ raise
56 elif upgrade != [""]:
57 action = policykit1.PK_ACTION_UPGRADE_PACKAGES
58- yield policykit1.check_authorization_by_name(sender, action)
59+ try:
60+ yield policykit1.check_authorization_by_name(sender, action,
61+ flags=flags)
62+ except errors.AuthorizationFailed:
63+ if flags:
64+ raise
65 if remove != [""] or purge != [""]:
66 action = policykit1.PK_ACTION_REMOVE_PACKAGES
67+ try:
68+ yield policykit1.check_authorization_by_name(sender, action,
69+ flags=flags)
70+ except errors.AuthorizationFailed:
71+ if flags:
72+ raise
73+ if not flags:
74+ # Finally check the high level privilege interactively
75+ action = policykit1.PK_ACTION_INSTALL_OR_REMOVE_PACKAGES
76 yield policykit1.check_authorization_by_name(sender, action)
77 uid = yield policykit1.get_uid_from_dbus_name(sender)
78 trans = Transaction(enums.ROLE_COMMIT_PACKAGES, self.queue, uid,
79
80=== modified file 'aptdaemon/errors.py'
81--- aptdaemon/errors.py 2010-07-18 06:42:39 +0000
82+++ aptdaemon/errors.py 2010-08-22 06:52:40 +0000
83@@ -115,15 +115,10 @@
84 self.subject = subject
85
86
87-class AuthorizationFailed(PolicyKitError):
88+class AuthorizationFailed(NotAuthorizedError):
89
90 _dbus_error_name = "org.freedesktop.PolicyKit.Error.Failed"
91
92- def __init__(self, subject, action_id):
93- dbus.DBusException.__init__(self, "%s: %s" % (subject, action_id))
94- self.action_id = action_id
95- self.subject = subject
96-
97
98 def convert_dbus_exception(func):
99 """A decorator which maps a raised DBbus exception to a native one.
100
101=== modified file 'aptdaemon/policykit1.py'
102--- aptdaemon/policykit1.py 2010-07-20 14:22:57 +0000
103+++ aptdaemon/policykit1.py 2010-08-22 06:52:40 +0000
104@@ -91,7 +91,7 @@
105 def policykit_done((authorized, challenged, auth_details)):
106 if authorized:
107 deferred.callback(auth_details)
108- elif challenged and flags:
109+ elif challenged:
110 deferred.errback(AuthorizationFailed(subject, action_id))
111 else:
112 deferred.errback(NotAuthorizedError(subject, action_id))
113
114=== modified file 'data/org.debian.apt.policy.in'
115--- data/org.debian.apt.policy.in 2010-08-20 18:42:22 +0000
116+++ data/org.debian.apt.policy.in 2010-08-22 06:52:40 +0000
117@@ -98,6 +98,18 @@
118 </defaults>
119 </action>
120
121+ <action id="org.debian.apt.install-or-remove-packages">
122+ <_description>Install or remove packages</_description>
123+ <_message>
124+ To install or remove software, you need to authenticate.
125+ </_message>
126+ <defaults>
127+ <allow_any>auth_admin</allow_any>
128+ <allow_inactive>auth_admin</allow_inactive>
129+ <allow_active>auth_admin_keep</allow_active>
130+ </defaults>
131+ </action>
132+
133 <action id="org.debian.apt.remove-packages">
134 <_description>Remove packages</_description>
135 <_message>To remove software, you need to authenticate.</_message>

Subscribers

People subscribed via source and target branches

to all changes: