diff --git a/CMakeLists.txt b/CMakeLists.txt --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -43,6 +43,7 @@ find_package(ECM ${KF5_MIN_VERSION} REQUIRED NO_MODULE) set(CMAKE_MODULE_PATH ${ECM_MODULE_PATH} ${CMAKE_MODULE_PATH} "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules/") +find_package(PolkitQt5-1 REQUIRED) include(KDEInstallDirs) include(KDECMakeSettings) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -43,6 +43,7 @@ Qt5::Core PRIVATE ${BLKID_LIBRARIES} + ${POLKITQT-1_LIBRARIES} Qt5::DBus Qt5::Gui qca-qt5 diff --git a/src/util/CMakeLists.txt b/src/util/CMakeLists.txt --- a/src/util/CMakeLists.txt +++ b/src/util/CMakeLists.txt @@ -20,6 +20,7 @@ ${HelperInterface_SRCS} util/capacity.cpp util/externalcommand.cpp + util/externalcommand_polkitbackend.cpp util/globallog.cpp util/helpers.cpp util/htmlreport.cpp @@ -30,6 +31,7 @@ util/libpartitionmanagerexport.h util/capacity.h util/externalcommand.h + util/externalcommand_polkitbackend.h util/globallog.h util/helpers.h util/htmlreport.h @@ -43,6 +45,7 @@ target_link_libraries(kpmcore_externalcommand qca-qt5 + ${POLKITQT-1_LIBRARIES} Qt5::Core Qt5::DBus KF5::AuthCore diff --git a/src/util/externalcommand.h b/src/util/externalcommand.h --- a/src/util/externalcommand.h +++ b/src/util/externalcommand.h @@ -25,14 +25,16 @@ #include #include #include -#include #include #include #include namespace KAuth { class ExecuteJob; } +// Remove above namespace later +namespace Auth { class PolkitQt1Backend; } + class KJob; class Report; class CopySource; @@ -139,6 +141,7 @@ static KAuth::ExecuteJob *m_job; static bool helperStarted; static QWidget *parent; + static Auth::PolkitQt1Backend *m_authJob; }; #endif diff --git a/src/util/externalcommand.cpp b/src/util/externalcommand.cpp --- a/src/util/externalcommand.cpp +++ b/src/util/externalcommand.cpp @@ -25,11 +25,10 @@ #include "core/copytargetdevice.h" #include "util/globallog.h" #include "util/externalcommand.h" +#include "util/externalcommand_polkitbackend.h" #include "util/report.h" - #include "externalcommandhelper_interface.h" -#include #include #include #include @@ -46,6 +45,8 @@ #include #include +#include + struct ExternalCommandPrivate { Report *m_Report; @@ -61,7 +62,7 @@ KAuth::ExecuteJob* ExternalCommand::m_job; bool ExternalCommand::helperStarted = false; QWidget* ExternalCommand::parent; - +Auth::PolkitQt1Backend* ExternalCommand::m_authJob; /** Creates a new ExternalCommand instance without Report. @param cmd the command to run @@ -354,6 +355,7 @@ } QDBusInterface iface(QStringLiteral("org.kde.kpmcore.helperinterface"), QStringLiteral("/Helper"), QStringLiteral("org.kde.kpmcore.externalcommand"), QDBusConnection::systemBus()); + if (iface.isValid()) { exit(0); } @@ -378,6 +380,22 @@ loop.exec(); QObject::disconnect(conn); + ////////////////////////////////////// + // Authorize using Polkit backend /// + /// Remove above code once complte/// + //////////////////////////////////// + + // initialize KDE Polkit daemon + m_authJob->initPolkitAgent(QStringLiteral("org.kde.kpmcore.externalcommand.init"), parent); + + bool isActionAuthorized = m_authJob->authorizeAction(QStringLiteral("org.kde.kpmcore.externalcommand.init"), m_authJob->callerID()); + + auto authResult = m_authJob->actionStatus(QStringLiteral("org.kde.kpmcore.externalcommand.init"), m_authJob->callerID()); + + if (!isActionAuthorized || authResult == PolkitQt1::Authority::No) { + qDebug() << "Unable to obtain Administrative privileges, the action can not be executed!!"; + } + helperStarted = true; return true; } @@ -387,7 +405,6 @@ auto *interface = new org::kde::kpmcore::externalcommand(QStringLiteral("org.kde.kpmcore.externalcommand"), QStringLiteral("/Helper"), QDBusConnection::systemBus()); interface->exit(); - } void DBusThread::run() diff --git a/src/util/externalcommand_polkitbackend.h b/src/util/externalcommand_polkitbackend.h new file mode 100644 --- /dev/null +++ b/src/util/externalcommand_polkitbackend.h @@ -0,0 +1,152 @@ +/************************************************************************* + * Copyright (C) 2019 by Shubham * + * * + * This program is free software; you can redistribute it and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; either version 3 of * + * the License, or (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program. If not, see .* + *************************************************************************/ + +#ifndef EXTERNALCOMMAND_POLKITBACKEND_H +#define EXTERNALCOMMAND_POLKITBACKEND_H + +#include +#include +#include +#include +#include + +#include + +using namespace PolkitQt1; + +namespace Auth +{ + +/** A Polkit Qt backend class for authorizing actions. + + This class is used to authorize various actions if they + ask for privileged execution. It starts by verifying the + action under consideration if it is the one it is + saying and authorizes it based on the credentials + provided. + + @author Shubham +**/ +class PolkitQt1Backend : public QObject +{ + Q_OBJECT + Q_DISABLE_COPY(PolkitQt1Backend) + +public: + /** + * \brief Constructor of PolkitQt1Backend class + */ + PolkitQt1Backend(); + + /** + * \brief Destructor of PolkitQt1Backend class + */ + ~PolkitQt1Backend(); + + /** + * \brief Initializes the KDE Polkit Authentication Agent. + * + * \param action Action in question + * \param parent Parent widget + * + */ + void initPolkitAgent(const QString &action, QWidget *parent = nullptr) const; + + /** + * \brief A function to check for the action's current status. + * + * \param action Action in question + * \param calledID The Application process ID of the action + * + * \return the result of action status ie. If action is Authorized or not. + */ + Authority::Result actionStatus(const QString &action, const QByteArray &callerID) const; + + /** + * \brief Function to get the current Application process ID + * + * \return Application process ID of the action + */ + QByteArray callerID() const; + + /** + * \brief Tries to authorize to the \p action in question. + * + * \param action Action in question. + * \param callerID The Application process ID of the action + * + * \return \c true if authority authorizes the action successfully, \c false Action is not authorized. + * + */ + bool authorizeAction(const QString &action, const QByteArray &callerID); + + + /** + * \brief Stops the running \p action from executing. + * + * \param action Action in question. + * \param callerID The Application process ID of the action + * + * \return \c true if action is successfully stopped, \c false Action is not stopped. + * + */ + bool stopAction(const QString &action, const QByteArray &callerID); + + // Dummy function for calling QTimer + static void quit(); + +public Q_SLOTS: + void authStatusChanged(); + +Q_SIGNALS: + void actionAuthorized(bool isAuthorized = false); + +private: + QHash m_cachedResults; + bool m_flyingActions; // Already running actions +}; + +/** A Polkit event loop class. + + This class is used to implement a polkit event + loop and has the capability of returning the + current authorization result of the action in + que. + + @author Shubham +**/ +class PolkitEventLoop : public QEventLoop +{ + Q_OBJECT + +public: + PolkitEventLoop(QObject *parent = nullptr); + ~PolkitEventLoop(); + + Authority::Result result() const; + +public Q_SLOTS: + // Quits from the current Polkit Event loop + void requestQuit(const Authority::Result &result); + +private: + Authority::Result m_result; +}; + +} // namespace Auth + +#endif // EXTERNALCOMMAND_POLKITBACKEND_H diff --git a/src/util/externalcommand_polkitbackend.cpp b/src/util/externalcommand_polkitbackend.cpp new file mode 100644 --- /dev/null +++ b/src/util/externalcommand_polkitbackend.cpp @@ -0,0 +1,207 @@ + /************************************************************************* + * Copyright (C) 2019 by Shubham * + * * + * This program is free software; you can redistribute it and/or * + * modify it under the terms of the GNU General Public License as * + * published by the Free Software Foundation; either version 3 of * + * the License, or (at your option) any later version. * + * * + * This program is distributed in the hope that it will be useful, * + * but WITHOUT ANY WARRANTY; without even the implied warranty of * + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * + * GNU General Public License for more details. * + * * + * You should have received a copy of the GNU General Public License * + * along with this program. If not, see .* + *************************************************************************/ + +#include "util/externalcommand_polkitbackend.h" + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +using namespace PolkitQt1; + +namespace Auth +{ + +PolkitEventLoop::PolkitEventLoop(QObject *parent) + : QEventLoop(parent), + m_result(Authority::No) +{ + +} + +PolkitEventLoop::~PolkitEventLoop() +{ + +} + +void PolkitEventLoop::requestQuit(const Authority::Result &result) +{ + m_result = result; + QTimer::singleShot(1000, this, PolkitQt1Backend::quit); +} + +Authority::Result PolkitEventLoop::result() const +{ + return m_result; +} + +PolkitQt1Backend::PolkitQt1Backend() + : m_flyingActions(false) +{ + // Connect various useful Polkit signals + connect(Authority::instance(), &Authority::configChanged, this, &Auth::PolkitQt1Backend::authStatusChanged); + connect(Authority::instance(), &Authority::consoleKitDBChanged, this, &Auth::PolkitQt1Backend::authStatusChanged); + + m_flyingActions = true; +} + +PolkitQt1Backend::~PolkitQt1Backend() +{ + +} + +void PolkitQt1Backend::initPolkitAgent(const QString &action, QWidget *parent /*= nullptr*/) const +{ + if (!parent) { + qWarning() << "Parent widget does not exists, can not proceed further"; + return; + } + + // Check if we are running terminal session or GUI session + if (!qApp) { + qWarning() << "We are running a TTY (Terminal) session"; + qDebug() << "Can not proceed further since we do not support Text based Polkit Authentication Agent"; + return; + } + + // Get the dialog parent window Id + quint64 parentWindowID = parent->effectiveWinId(); + + // Make a call to the KDE polkit Authentication Agent asking for it's services + QDBusMessage callAgent = QDBusMessage::createMethodCall(QLatin1String("org.kde.polkit-kde-authentication-agent-1"), QLatin1String("/org/kde/Polkit1AuthAgent"), QLatin1String("org.kde.Polkit1AuthAgent"), + QLatin1String("setWindowIdForAction")); + + callAgent << action; + callAgent << parentWindowID; + + QDBusPendingCall call = QDBusConnection::sessionBus().asyncCall(callAgent); + call.waitForFinished(); + + auto watcher = new QDBusPendingCallWatcher(call); + + connect(watcher, &QDBusPendingCallWatcher::finished, this, [this, action, watcher](){ + + const QDBusMessage reply = watcher->reply(); + + if (reply.type() == QDBusMessage::ErrorMessage) { + qWarning() << "Could not call the Authentication Agent, Error:" << reply.errorMessage(); + } + + watcher->deleteLater(); + }); +} + +Authority::Result PolkitQt1Backend::actionStatus(const QString &action, const QByteArray &callerID) const +{ + SystemBusNameSubject subject(QString::fromUtf8(callerID)); + + auto authority = Authority::instance(); + + auto result = authority->checkAuthorizationSync(action, subject, Authority::None); + + if (authority->hasError()) { + qDebug() << "Encountered error while checking action status, Error code:" << authority->lastError() << "\n"; + qDebug() << "Error Details:" << authority->errorDetails(); + authority->clearError(); + } + + return result; +} + +QByteArray PolkitQt1Backend::callerID() const +{ + return QDBusConnection::systemBus().baseService().toUtf8(); +} + +bool PolkitQt1Backend::authorizeAction(const QString &action, const QByteArray &callerID) +{ + SystemBusNameSubject subject(QString::fromUtf8(callerID)); + + auto authority = Authority::instance(); + + PolkitEventLoop event(qobject_cast(qApp)); + + connect(authority, &Authority::checkAuthorizationFinished, &event, &PolkitEventLoop::requestQuit); + + authority->checkAuthorizationSync(action, subject, Authority::AllowUserInteraction); + + event.exec(); + + if (authority->hasError()) { + qWarning() << "Encountered error while checking authorization, Error code:" << authority->lastError() << "\n"; + qDebug() << "Error details:" << authority->errorDetails(); + + // Clear all the errors from the buffer so that hasError() does not give previous error as a result when called later + authority->clearError(); + } + + if (event.result() == Authority::Yes) { + // Emit signal signalling that current action is authorized by the authority instance + emit actionAuthorized(true); + return true; + } else { + emit actionAuthorized(false); + return false; + } +} + +bool stopAction(const QString &action, const QByteArray &callerID) +{ + Q_UNUSED(action) + + SystemBusNameSubject subject(QString::fromUtf8(callerID)); + + auto authority = Authority::instance(); + + PolkitEventLoop event(qobject_cast(qApp)); + event.exec(); + + return authority->revokeTemporaryAuthorizationsSync(subject); +} + +// Dummy function for QTimer +void PolkitQt1Backend::quit() +{ + +} + +void PolkitQt1Backend::authStatusChanged() +{ + for (auto it = m_cachedResults.begin(); it != m_cachedResults.end(); ++it) { + const QString action = it.key(); + QByteArray pid = QDBusConnection::systemBus().baseService().toUtf8(); + if (it.value() != actionStatus(action, pid)) { + *it = actionStatus(action, pid); + } + } + + // Force updating known actions + Authority::instance()->enumerateActions(); + m_flyingActions = true; +} + +} // namespace Auth + +#include "moc_externalcommand_polkitbackend.cpp"