101 lines
3.4 KiB
Python
101 lines
3.4 KiB
Python
# -*- coding: utf-8 -*-
|
|
"""
|
|
Copyright (C) 2012 Fabio Erculiani
|
|
|
|
Authors:
|
|
Fabio Erculiani
|
|
|
|
This program is free software; you can redistribute it and/or modify it under
|
|
the terms of the GNU General Public License as published by the Free Software
|
|
Foundation; version 3.
|
|
|
|
This program is distributed in the hope that it will be useful, but WITHOUT
|
|
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
|
details.
|
|
|
|
You should have received a copy of the GNU General Public License along with
|
|
this program; if not, write to the Free Software Foundation, Inc.,
|
|
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
"""
|
|
import os
|
|
from gi.repository import GLib, Polkit, GObject
|
|
|
|
from entropy.const import const_debug_write
|
|
|
|
class AuthenticationController(object):
|
|
|
|
"""
|
|
This class handles User authentication required
|
|
for privileged activies, like Repository updates
|
|
and Application management.
|
|
"""
|
|
|
|
def __init__(self):
|
|
self._mainloop = GLib.MainLoop()
|
|
|
|
def authenticate(self, pid, action_id, authentication_callback):
|
|
"""
|
|
Authenticate current User asking Administrator
|
|
passwords.
|
|
authentication_callback is the function that
|
|
is called after the authentication procedure,
|
|
providing one boolean argument describing the
|
|
process result: True for authenticated, False
|
|
for not authenticated.
|
|
This method must be called from the MainLoop.
|
|
"""
|
|
def _polkit_auth_callback(authority, res, loop):
|
|
authenticated = False
|
|
try:
|
|
result = authority.check_authorization_finish(res)
|
|
if result.get_is_authorized():
|
|
authenticated = True
|
|
elif result.get_is_challenge():
|
|
authenticated = True
|
|
except GObject.GError as err:
|
|
const_debug_write(
|
|
__name__,
|
|
"_polkit_auth_callback: error: %s" % (err,))
|
|
finally:
|
|
authentication_callback(authenticated)
|
|
|
|
# authenticated_sem will be released in the callback
|
|
authority = Polkit.Authority.get()
|
|
subject = Polkit.UnixProcess.new(pid)
|
|
authority.check_authorization(
|
|
subject,
|
|
action_id,
|
|
None,
|
|
Polkit.CheckAuthorizationFlags.ALLOW_USER_INTERACTION,
|
|
None, # Gio.Cancellable()
|
|
_polkit_auth_callback,
|
|
self._mainloop)
|
|
|
|
def authenticate_sync(self, pid, action_id):
|
|
"""
|
|
Authenticate current User asking Administrator
|
|
passwords.
|
|
Return True if authenticated, False if not.
|
|
"""
|
|
authority = Polkit.Authority.get()
|
|
subject = Polkit.UnixProcess.new(pid)
|
|
result = authority.check_authorization_sync(
|
|
subject,
|
|
action_id,
|
|
None,
|
|
Polkit.CheckAuthorizationFlags.ALLOW_USER_INTERACTION,
|
|
None)
|
|
|
|
authenticated = False
|
|
try:
|
|
if result.get_is_authorized():
|
|
authenticated = True
|
|
elif result.get_is_challenge():
|
|
authenticated = True
|
|
except GObject.GError as err:
|
|
const_debug_write(
|
|
__name__,
|
|
"_polkit_auth_callback: error: %s" % (err,))
|
|
return authenticated
|