Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 889762 Details for
Bug 994729
Authentication requested twice when opening firewall-config
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
org.freedesktop.policykit.imply annotation
imply.patch (text/plain), 3.71 KB, created by
Jiri Popelka
on 2014-04-25 13:40:56 UTC
(
hide
)
Description:
org.freedesktop.policykit.imply annotation
Filename:
MIME Type:
Creator:
Jiri Popelka
Created:
2014-04-25 13:40:56 UTC
Size:
3.71 KB
patch
obsolete
>diff --git a/config/org.fedoraproject.FirewallD1.policy.in b/config/org.fedoraproject.FirewallD1.policy.in >index ff23b1b..8fe0d99 100644 >--- a/config/org.fedoraproject.FirewallD1.policy.in >+++ b/config/org.fedoraproject.FirewallD1.policy.in >@@ -7,6 +7,17 @@ > <vendor>FirewallD</vendor> > <vendor_url>http://fedorahosted.org/firewalld</vendor_url> > >+ <action id="org.fedoraproject.FirewallD1.all"> >+ <description>Firewall</description> >+ <message>System policy prevents inspecting and changing firewall</message> >+ <defaults> >+ <allow_any>auth_admin_keep</allow_any> >+ <allow_inactive>auth_admin_keep</allow_inactive> >+ <allow_active>auth_admin_keep</allow_active> >+ </defaults> >+ <annotate key="org.freedesktop.policykit.imply">org.fedoraproject.FirewallD1.info org.fedoraproject.FirewallD1.config org.fedoraproject.FirewallD1.direct org.fedoraproject.FirewallD1.policies</annotate> >+ </action> >+ > <action id="org.fedoraproject.FirewallD1.info"> > <description>General firewall information</description> > <message>System policy prevents getting general firewall information</message> >diff --git a/src/firewall-config b/src/firewall-config >index 6ae0d33..eead74e 100755 >--- a/src/firewall-config >+++ b/src/firewall-config >@@ -1713,6 +1713,9 @@ class FirewallConfig(object): > # agent with the mouse. The focus is still on the combobox popup. > Gdk.DisplayManager.get().get_default_display().flush() > >+ # Authorize once for all polkit actions >+ self.fw.authorizeAll() >+ > self.runtime_view = (self.currentViewCombobox.get_active_text() == \ > _("Runtime")) > >diff --git a/src/firewall/client.py b/src/firewall/client.py >index 270282f..571060a 100644 >--- a/src/firewall/client.py >+++ b/src/firewall/client.py >@@ -1673,3 +1673,7 @@ class FirewallClient(object): > def removeLockdownWhitelistUser(self, user): > self.fw_policies.removeLockdownWhitelistUser(user) > >+ @slip.dbus.polkit.enable_proxy >+ @handle_exceptions >+ def authorizeAll(self): >+ self.fw.authorizeAll() >diff --git a/src/firewall/config/dbus.py b/src/firewall/config/dbus.py >index 3c75adb..fb29206 100644 >--- a/src/firewall/config/dbus.py >+++ b/src/firewall/config/dbus.py >@@ -39,8 +39,10 @@ DBUS_PATH_CONFIG_ICMPTYPE = DBUS_PATH+"/config/icmptype" > DBUS_PATH_CONFIG_SERVICE = DBUS_PATH+"/config/service" > DBUS_PATH_CONFIG_ZONE = DBUS_PATH+"/config/zone" > >+# Polkit actions > _PK_ACTION = "org.fedoraproject.FirewallD%d" % DBUS_INTERFACE_VERSION >-PK_ACTION_POLICIES = _PK_ACTION+".config" >+PK_ACTION_POLICIES = _PK_ACTION+".policies" > PK_ACTION_CONFIG = _PK_ACTION+".config" >-PK_ACTION_DIRECT = _PK_ACTION+".config" >+PK_ACTION_DIRECT = _PK_ACTION+".direct" > PK_ACTION_INFO = _PK_ACTION+".info" >+PK_ACTION_ALL = _PK_ACTION+".all" # implies all other actions >diff --git a/src/firewall/server/firewalld.py b/src/firewall/server/firewalld.py >index 98565ac..1a188d8 100644 >--- a/src/firewall/server/firewalld.py >+++ b/src/firewall/server/firewalld.py >@@ -1678,3 +1678,15 @@ class FirewallD(slip.dbus.service.Object): > log.debug1("direct.passthrough('%s', '%s')" % (ipv, "','".join(args))) > self.accessCheck(sender) > return self.fw.direct.passthrough(ipv, args) >+ >+ # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # >+ >+ @slip.dbus.polkit.require_auth(PK_ACTION_ALL) >+ @dbus_service_method(DBUS_INTERFACE, in_signature='', out_signature='') >+ @dbus_handle_exceptions >+ def authorizeAll(self, sender=None): >+ """ PK_ACTION_ALL implies all other actions, i.e. once a subject is >+ authorized for PK_ACTION_ALL it's also authorized for any other action. >+ Use-case is GUI (RHBZ#994729). >+ """ >+ return
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=889762">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 994729
: 889762