Ticket #44655: AuthServicesBackend.patch
| File AuthServicesBackend.patch, 6.4 KB (added by RJVB (René Bertin), 10 years ago) |
|---|
-
kdelibs-4.12.5//kdecore/auth/backends/mac/
old new 1 1 /* 2 2 * Copyright (C) 2008 Nicola Gigante <nicola.gigante@gmail.com> 3 * Modifications (C) 2014 René Bertin <rjvbertin@gmail.com> 3 4 * 4 5 * This program is free software; you can redistribute it and/or modify 5 6 * it under the terms of the GNU Lesser General Public License as published by … … 21 22 #include <Security/Security.h> 22 23 23 24 #include <QtCore/qplugin.h> 25 #include <QtCore/QtCore> 24 26 25 27 namespace KAuth 26 28 { … … 34 36 if (!s_authRef) { 35 37 AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &s_authRef); 36 38 } 37 38 39 return s_authRef; 39 40 } 40 41 42 static OSStatus GetActionRights(const QString &action, AuthorizationFlags flags, AuthorizationRef auth=NULL) 43 { 44 AuthorizationItem item; 45 item.name = action.toUtf8(); 46 item.valueLength = 0; 47 item.value = NULL; 48 item.flags = 0; 49 50 AuthorizationRights rights; 51 rights.count = 1; 52 rights.items = &item; 53 54 OSStatus result = AuthorizationCopyRights( (auth)? auth : authRef(), 55 &rights, 56 kAuthorizationEmptyEnvironment, 57 flags, NULL); 58 return result; 59 } 60 61 // On OS X, the suggestion is to make the helper grant the actual privilege. The app does instead a 62 // "pre-authorization", that's equivalent to look at isCallerAuthorized() in policykit. 63 // RJVB: grab the privilege from here, the client. 41 64 AuthServicesBackend::AuthServicesBackend() 42 65 : AuthBackend() 43 66 { 44 setCapabilities(AuthorizeFrom HelperCapability | CheckActionExistenceCapability);67 setCapabilities(AuthorizeFromClientCapability | CheckActionExistenceCapability); 45 68 } 46 69 47 70 void AuthServicesBackend::setupAction(const QString&) … … 51 74 52 75 // On OS X, the suggestion is to make the helper grant the actual privilege. The app does instead a 53 76 // "pre-authorization", that's equivalent to look at isCallerAuthorized() in policykit. 77 // RJVB: grab the privilege from here, the client. 54 78 Action::AuthStatus AuthServicesBackend::authorizeAction(const QString &action) 55 79 { 56 return actionStatus(action); 80 OSStatus result = GetActionRights( action, kAuthorizationFlagExtendRights | kAuthorizationFlagInteractionAllowed ); 81 // qWarning() << "AuthServicesBackend::authorizeAction(" << action << ") AuthorizationCopyRights returned" << result; 82 switch (result) { 83 case errAuthorizationSuccess: 84 return Action::Authorized; 85 case errAuthorizationInteractionNotAllowed: 86 default: 87 return Action::Denied; 88 } 57 89 } 58 90 59 91 Action::AuthStatus AuthServicesBackend::actionStatus(const QString &action) 60 92 { 61 AuthorizationItem item; 62 item.name = action.toUtf8(); 63 item.valueLength = 0; 64 item.value = NULL; 65 item.flags = 0; 66 67 AuthorizationRights rights; 68 rights.count = 1; 69 rights.items = &item; 70 71 OSStatus result = AuthorizationCopyRights(authRef(), 72 &rights, 73 kAuthorizationEmptyEnvironment, 74 kAuthorizationFlagExtendRights | kAuthorizationFlagPreAuthorize, 75 NULL); 76 93 OSStatus result = GetActionRights( action, kAuthorizationFlagExtendRights | kAuthorizationFlagPreAuthorize ); 94 // qWarning() << "AuthServicesBackend::actionStatus(" << action << ") AuthorizationCopyRights returned" << result; 77 95 switch (result) { 78 96 case errAuthorizationSuccess: 79 97 return Action::Authorized; … … 101 119 102 120 AuthorizationRef auth; 103 121 104 if (AuthorizationCreateFromExternalForm(&ext, &auth) != noErr) 122 if (AuthorizationCreateFromExternalForm(&ext, &auth) != noErr){ 123 // qWarning() << "AuthorizationCreateFromExternalForm(" << action << "," << callerID.constData() << ") failed"; 105 124 return false; 125 } 106 126 107 AuthorizationItem item; 108 item.name = action.toUtf8(); 109 item.valueLength = 0; 110 item.value = NULL; 111 item.flags = 0; 112 113 AuthorizationRights rights; 114 rights.count = 1; 115 rights.items = &item; 116 117 OSStatus result = AuthorizationCopyRights(auth, 118 &rights, 119 kAuthorizationEmptyEnvironment, 120 kAuthorizationFlagExtendRights | kAuthorizationFlagInteractionAllowed, 121 NULL); 127 OSStatus result = GetActionRights( action, kAuthorizationFlagExtendRights | kAuthorizationFlagInteractionAllowed, 128 auth); 122 129 123 130 AuthorizationFree(auth, kAuthorizationFlagDefaults); 131 // qWarning() << "AuthServicesBackend::isCallerAuthorized(" << action << "," << callerID.constData() << ") AuthorizationCopyRights returned" << result; 124 132 125 133 return result == errAuthorizationSuccess; 126 134 } 127 135 136 // RJVB: OS X doesn't distinguish between "action doesn't exist" and "action not allowed". So the 137 // best thing we can do is return true and hope that the action will be created if it didn't exist... 128 138 bool AuthServicesBackend::actionExists(const QString& action) 129 139 { 130 140 OSStatus exists = AuthorizationRightGet(action.toUtf8(), NULL); 141 // qWarning() << "AuthServicesBackend::actionExists(" << action << ") AuthorizationRightGet returned" << exists; 131 142 132 return exists == errAuthorizationSuccess;143 return true;//exists == errAuthorizationSuccess; 133 144 } 134 145 135 146 }; // namespace KAuth -
kdelibs-4.12.5//kdecore/auth/
old new 356 356 return executeActions(QList<Action>() << *this, NULL, helperID) ? 357 357 ActionReply::SuccessReply : ActionReply::AuthorizationDeniedReply; 358 358 } else { 359 #if defined(Q_OS_MACX) || defined(__APPLE__) || defined(__MACH__) 360 if( BackendsManager::authBackend()->capabilities() & KAuth::AuthBackend::AuthorizeFromClientCapability ){ 361 // RJVB: authorisation through DBus seems to be flaky (at least when using the OSX keychain ... maybe because DBus 362 // isn't built with Keychain support in MacPorts?) 363 return ActionReply::SuccessReply; 364 } 365 #endif //APPLE 359 366 if (hasHelper()) { 360 367 // Perform the pre auth here 361 368 if (BackendsManager::authBackend()->capabilities() & KAuth::AuthBackend::PreAuthActionCapability) {