YaST/Research/YaST PolicyKit integration/PolicyKit Proxy
From openSUSE
Contents |
theory
Backend which runs as root doesn't have any checks. This backend could be called via dbus only by newly created system user scrproxy. User scrproxy is only one who can own and create PolicyKit proxy. All other users can call only proxy, not directly backend. All checks is made in proxy and if you are authenticated then proxy pass call to backend.
implementation
PolicyKit python bindings
We didn't found any existing python bindings for PolicyKit so first part of implementation is write in C checking and authentication functions and create bindings for it. It contains check via dbus unique connection id and authorization request call.
proxy implementation
Proxy lay on dbus system bus and run as scrproxy user. It has identical methods as backend dbus layer. When anyone call method it constructs from request action id and ask PolicyKit if he can provide this action. If action is denied, then it throws exception. Otherwise it call backend method.
example
example try authorization, which now doesn't work. Also it show problematic exception matching. Next call is for time, it depends on setting of time permission. Last call is direct call to backend which must fail.
This site uses the YAML CSS framework.
About openSUSE | Disclaimers | Feedback
This page was last modified 09:55, 4 July 2008. This page has been accessed 330 times.
