PolicyKit: Branch 'master'
David Zeuthen
david at kemper.freedesktop.org
Wed May 13 08:01:33 PDT 2009
data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml | 12
data/org.freedesktop.PolicyKit1.Authority.xml | 35 -
docs/polkit/Makefile.am | 2
docs/polkit/polkit-docs.xml | 1
docs/polkit/polkit-sections.txt | 3
docs/polkitagent/Makefile.am | 2
docs/polkitbackend/Makefile.am | 2
docs/polkitbackend/polkitbackend-sections.txt | 19
docs/polkitbackend/polkitbackend.types | 1
src/examples/Makefile.am | 13
src/examples/cancel.c | 1
src/examples/cancelobtain.c | 104 ---
src/nullbackend/polkitbackendnullauthority.c | 2
src/polkit/polkitauthority.c | 231 -------
src/polkit/polkitauthority.h | 21
src/polkitagent/polkitagentlistener.c | 16
src/polkitagent/polkitagentlistener.h | 6
src/polkitbackend/Makefile.am | 2
src/polkitbackend/polkitbackend.h | 1
src/polkitbackend/polkitbackendactionlookup.c | 177 +++++
src/polkitbackend/polkitbackendactionlookup.h | 105 +++
src/polkitbackend/polkitbackendauthority.c | 239 -------
src/polkitbackend/polkitbackendauthority.h | 35 -
src/polkitbackend/polkitbackendlocalauthority.c | 496 ++++++----------
src/polkitbackend/polkitbackendtypes.h | 3
src/programs/polkit.c | 69 --
26 files changed, 618 insertions(+), 980 deletions(-)
New commits:
commit 86008e618476834c040bf7db40bbc887cca2fbb5
Author: David Zeuthen <davidz at redhat.com>
Date: Wed May 13 10:58:04 2009 -0400
Only allow privileged apps to check authz and add ActionLookup interface
Also remove the ObtainAuthorization() call and allow apps to pass
details to CheckAuthorization.
diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml
index 2faa2cf..3b519c2 100644
--- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml
+++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml
@@ -14,6 +14,18 @@
<annotation name="org.gtk.EggDBus.DocString" value="The identifier for the action that the user is authentication for."/>
</arg>
+ <arg name="message" direction="in" type="s">
+ <annotation name="org.gtk.EggDBus.DocString" value="The message to display to the user. This is translated into the locale passed when registering the authentication agent using org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent()."/>
+ </arg>
+
+ <arg name="icon_name" direction="in" type="s">
+ <annotation name="org.gtk.EggDBus.DocString" value="The themed icon describing the action or the empty string if no icon is set."/>
+ </arg>
+
+ <arg name="details" direction="in" type="a{ss}">
+ <annotation name="org.gtk.EggDBus.DocString" value="Details about the authentication request. This is a dictionary of key/value pairs where both key and value are strings. These strings are translated into the locale passed when registering the authentication agent using org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent()."/>
+ </arg>
+
<arg name="cookie" direction="in" type="s">
<annotation name="org.gtk.EggDBus.DocString" value="A cookie identifying the authentication request."/>
</arg>
diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml
index a3d5741..da2fe59 100644
--- a/data/org.freedesktop.PolicyKit1.Authority.xml
+++ b/data/org.freedesktop.PolicyKit1.Authority.xml
@@ -213,6 +213,10 @@
<annotation name="org.gtk.EggDBus.DocString" value="Identifier for the action that @subject is attempting to do."/>
</arg>
+ <arg name="details" direction="in" type="a{ss}">
+ <annotation name="org.gtk.EggDBus.DocString" value="Details describing the action."/>
+ </arg>
+
<arg name="flags" direction="in" type="u">
<annotation name="org.gtk.EggDBus.Type" value="CheckAuthorizationFlags"/>
<annotation name="org.gtk.EggDBus.DocString" value="A set of #CheckAuthorizationFlags."/>
@@ -238,33 +242,6 @@
<!-- ---------------------------------------------------------------------------------------------------- -->
- <method name="ObtainAuthorization">
- <annotation name="org.gtk.EggDBus.DocString" value="Obtains a temporary authorization for @subject to perform the action identified by @action_id. If @subject is already authorized, this method returns immediately without error. If the authorization could not be obtained or @action_id doesn't allow temporary authorizations, the %org.freedesktop.PolicyKit1.Error.Failed error is returned."/>
-
- <arg name="subject" direction="in" type="(sa{sv})">
- <annotation name="org.gtk.EggDBus.DocString" value="A #Subject struct."/>
- <annotation name="org.gtk.EggDBus.Type" value="Subject"/>
- </arg>
-
- <arg name="action_id" direction="in" type="s">
- <annotation name="org.gtk.EggDBus.DocString" value="Identifier for the action that @subject is attempting to do."/>
- </arg>
-
- <arg name="cancellation_id" direction="in" type="s">
- <annotation name="org.gtk.EggDBus.DocString" value="A unique id used to cancel the the authentication check via org.freedesktop.PolicyKit1.Authority.CancelObtainAuthorization() or the empty string if cancellation is not needed."/>
- </arg>
- </method>
-
- <method name="CancelObtainAuthorization">
- <annotation name="org.gtk.EggDBus.DocString" value="Cancels an attempt to obtain an authorization."/>
-
- <arg name="cancellation_id" direction="in" type="s">
- <annotation name="org.gtk.EggDBus.DocString" value="The @cancellation_id passed to org.freedesktop.PolicyKit1.Authority.ObtainAuthorization()."/>
- </arg>
- </method>
-
- <!-- ---------------------------------------------------------------------------------------------------- -->
-
<method name="RegisterAuthenticationAgent">
<annotation name="org.gtk.EggDBus.DocString" value="<para>Register an authentication agent.</para><para>Note that current versions of PolicyKit will only work if @session_id is set to the empty string. In the future it might work for non-empty strings if the caller is sufficiently privileged.</para>"/>
@@ -272,6 +249,10 @@
<annotation name="org.gtk.EggDBus.DocString" value="The session to register the authentication for or blank for the session the caller of the method is in."/>
</arg>
+ <arg name="locale" direction="in" type="s">
+ <annotation name="org.gtk.EggDBus.DocString" value="The locale of the authentication agent."/>
+ </arg>
+
<arg name="object_path" direction="in" type="s">
<annotation name="org.gtk.EggDBus.DocString" value="The object path of authentication agent object on the unique name of the caller."/>
</arg>
diff --git a/docs/polkit/Makefile.am b/docs/polkit/Makefile.am
index 3be9176..da1eb7f 100644
--- a/docs/polkit/Makefile.am
+++ b/docs/polkit/Makefile.am
@@ -4,7 +4,7 @@ NULL =
AUTOMAKE_OPTIONS = 1.7
# The name of the module.
-DOC_MODULE=polkit-1
+DOC_MODULE=polkit
# The top-level SGML file.
DOC_MAIN_SGML_FILE=polkit-docs.xml
diff --git a/docs/polkit/polkit-docs.xml b/docs/polkit/polkit-docs.xml
index 75e7620..e9c4af4 100644
--- a/docs/polkit/polkit-docs.xml
+++ b/docs/polkit/polkit-docs.xml
@@ -91,6 +91,7 @@
<xi:include href="../polkitbackend/xml/polkitbackendactionpool.xml"/>
<xi:include href="../polkitbackend/xml/polkitbackendsessionmonitor.xml"/>
<xi:include href="../polkitbackend/xml/polkitbackendconfigsource.xml"/>
+ <xi:include href="../polkitbackend/xml/polkitbackendactionlookup.xml"/>
</reference>
<reference id="ref-authentication-agent-api">
diff --git a/docs/polkit/polkit-sections.txt b/docs/polkit/polkit-sections.txt
index 9f21599..2094a3f 100644
--- a/docs/polkit/polkit-sections.txt
+++ b/docs/polkit/polkit-sections.txt
@@ -54,7 +54,6 @@ PolkitAuthorizationResult
polkit_authority_get
polkit_authority_enumerate_actions_sync
polkit_authority_check_authorization_sync
-polkit_authority_obtain_authorization_sync
polkit_authority_register_authentication_agent_sync
polkit_authority_unregister_authentication_agent_sync
polkit_authority_authentication_agent_response_sync
@@ -62,8 +61,6 @@ polkit_authority_enumerate_actions
polkit_authority_enumerate_actions_finish
polkit_authority_check_authorization
polkit_authority_check_authorization_finish
-polkit_authority_obtain_authorization
-polkit_authority_obtain_authorization_finish
polkit_authority_register_authentication_agent
polkit_authority_register_authentication_agent_finish
polkit_authority_unregister_authentication_agent
diff --git a/docs/polkitagent/Makefile.am b/docs/polkitagent/Makefile.am
index 2437a1d..4ef4787 100644
--- a/docs/polkitagent/Makefile.am
+++ b/docs/polkitagent/Makefile.am
@@ -4,7 +4,7 @@ NULL =
AUTOMAKE_OPTIONS = 1.7
# The name of the module.
-DOC_MODULE=polkitagent-1
+DOC_MODULE=polkitagent
# The top-level SGML file.
DOC_MAIN_SGML_FILE=polkitagent-docs.xml
diff --git a/docs/polkitbackend/Makefile.am b/docs/polkitbackend/Makefile.am
index 96cbbed..8725334 100644
--- a/docs/polkitbackend/Makefile.am
+++ b/docs/polkitbackend/Makefile.am
@@ -4,7 +4,7 @@ NULL =
AUTOMAKE_OPTIONS = 1.7
# The name of the module.
-DOC_MODULE=polkitbackend-1
+DOC_MODULE=polkitbackend
# The top-level SGML file.
DOC_MAIN_SGML_FILE=polkitbackend-docs.xml
diff --git a/docs/polkitbackend/polkitbackend-sections.txt b/docs/polkitbackend/polkitbackend-sections.txt
index e370b96..4f650da 100644
--- a/docs/polkitbackend/polkitbackend-sections.txt
+++ b/docs/polkitbackend/polkitbackend-sections.txt
@@ -6,8 +6,6 @@ PolkitBackendAuthority
PolkitBackendAuthorityClass
polkit_backend_authority_check_authorization
polkit_backend_authority_check_authorization_finish
-polkit_backend_authority_obtain_authorization
-polkit_backend_authority_obtain_authorization_finish
polkit_backend_authority_register_authentication_agent
polkit_backend_authority_unregister_authentication_agent
polkit_backend_authority_authentication_agent_response
@@ -31,6 +29,23 @@ POLKIT_BACKEND_AUTHORITY_GET_CLASS
</SECTION>
<SECTION>
+<FILE>polkitbackendactionlookup</FILE>
+<TITLE>PolkitBackendActionLookup</TITLE>
+POLKIT_BACKEND_ACTION_LOOKUP_EXTENSION_POINT_NAME
+PolkitBackendActionLookup
+PolkitBackendActionLookupIface
+polkit_backend_action_lookup_get_message
+polkit_backend_action_lookup_get_icon_name
+polkit_backend_action_lookup_get_details
+<SUBSECTION Standard>
+POLKIT_BACKEND_ACTION_LOOKUP
+POLKIT_BACKEND_IS_ACTION_LOOKUP
+POLKIT_BACKEND_TYPE_ACTION_LOOKUP
+polkit_backend_action_lookup_get_type
+POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE
+</SECTION>
+
+<SECTION>
<FILE>polkitbackendlocalauthority</FILE>
<TITLE>PolkitBackendLocalAuthority</TITLE>
PolkitBackendLocalAuthority
diff --git a/docs/polkitbackend/polkitbackend.types b/docs/polkitbackend/polkitbackend.types
index 248f48b..cd0fde0 100644
--- a/docs/polkitbackend/polkitbackend.types
+++ b/docs/polkitbackend/polkitbackend.types
@@ -1,4 +1,5 @@
polkit_backend_authority_get_type
+polkit_backend_action_lookup_get_type
polkit_backend_local_authority_get_type
polkit_backend_action_pool_get_type
polkit_backend_session_monitor_get_type
diff --git a/src/examples/Makefile.am b/src/examples/Makefile.am
index 524e67b..1c40863 100644
--- a/src/examples/Makefile.am
+++ b/src/examples/Makefile.am
@@ -15,7 +15,7 @@ INCLUDES = \
-D_REENTRANT \
$(NULL)
-noinst_PROGRAMS = cancel cancelobtain
+noinst_PROGRAMS = cancel
cancel_SOURCES = cancel.c
@@ -28,16 +28,5 @@ cancel_LDADD = \
$(top_builddir)/src/polkit/libpolkit-gobject-1.la \
$(NULL)
-cancelobtain_SOURCES = cancelobtain.c
-
-cancelobtain_CFLAGS = \
- $(GLIB_CFLAGS) \
- $(NULL)
-
-cancelobtain_LDADD = \
- $(GLIB_LDADD) \
- $(top_builddir)/src/polkit/libpolkit-gobject-1.la \
- $(NULL)
-
clean-local :
rm -f *~
diff --git a/src/examples/cancel.c b/src/examples/cancel.c
index f0ede35..7191398 100644
--- a/src/examples/cancel.c
+++ b/src/examples/cancel.c
@@ -108,6 +108,7 @@ main (int argc, char *argv[])
polkit_authority_check_authorization (authority,
calling_process,
"org.freedesktop.policykit.grant",
+ NULL,
POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
cancellable,
(GAsyncReadyCallback) check_authorization_cb,
diff --git a/src/examples/cancelobtain.c b/src/examples/cancelobtain.c
deleted file mode 100644
index ea37d8f..0000000
--- a/src/examples/cancelobtain.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright (C) 2009 Red Hat, Inc.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General
- * Public License along with this library; if not, write to the
- * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
- * Boston, MA 02111-1307, USA.
- *
- * Author: David Zeuthen <davidz at redhat.com>
- */
-
-/* Simple example that shows how to obtain an authorization including
- * cancelling the request.
- */
-
-#include <polkit/polkit.h>
-
-static void
-obtain_authorization_cb (PolkitAuthority *authority,
- GAsyncResult *res,
- GMainLoop *loop)
-{
- GError *error;
-
- error = NULL;
- if (!polkit_authority_obtain_authorization_finish (authority, res, &error))
- {
- g_print ("Error obtaining authorization: %s\n", error->message);
- g_error_free (error);
- }
-
- g_main_loop_quit (loop);
-}
-
-static gboolean
-do_cancel (GCancellable *cancellable)
-{
- g_print ("Timer has expired; cancelling request\n");
- g_cancellable_cancel (cancellable);
- return FALSE;
-}
-
-int
-main (int argc, char *argv[])
-{
- int ret;
- GMainLoop *loop;
- PolkitSubject *calling_process;
- PolkitAuthority *authority;
- GCancellable *cancellable;
-
- g_type_init ();
-
- ret = 1;
-
- if (argc != 2)
- {
- g_printerr ("usage: cancelobtain <actionid>\n");
- goto out;
- }
-
- loop = g_main_loop_new (NULL, FALSE);
-
- authority = polkit_authority_get ();
-
- calling_process = polkit_unix_process_new (getppid ());
-
- cancellable = g_cancellable_new ();
-
- g_print ("Will cancel request in 10 seconds\n");
- g_timeout_add (10 * 1000,
- (GSourceFunc) do_cancel,
- cancellable);
-
- polkit_authority_obtain_authorization (authority,
- calling_process,
- argv[1],
- cancellable,
- (GAsyncReadyCallback) obtain_authorization_cb,
- loop);
-
- g_main_loop_run (loop);
-
- g_object_unref (authority);
- g_object_unref (calling_process);
- g_object_unref (cancellable);
- g_main_loop_unref (loop);
-
- ret = 0;
-
- out:
-
- return ret;
-}
diff --git a/src/nullbackend/polkitbackendnullauthority.c b/src/nullbackend/polkitbackendnullauthority.c
index f754bd5..11b75f2 100644
--- a/src/nullbackend/polkitbackendnullauthority.c
+++ b/src/nullbackend/polkitbackendnullauthority.c
@@ -42,6 +42,7 @@ static void authority_check_authorization (PolkitBackendAuthority *author
PolkitSubject *caller,
PolkitSubject *subject,
const gchar *action_id,
+ GHashTable *details,
PolkitCheckAuthorizationFlags flags,
GCancellable *cancellable,
GAsyncReadyCallback callback,
@@ -136,6 +137,7 @@ authority_check_authorization (PolkitBackendAuthority *authority,
PolkitSubject *caller,
PolkitSubject *subject,
const gchar *action_id,
+ GHashTable *details,
PolkitCheckAuthorizationFlags flags,
GCancellable *cancellable,
GAsyncReadyCallback callback,
diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c
index 6b129ae..041ba7e 100644
--- a/src/polkit/polkitauthority.c
+++ b/src/polkit/polkitauthority.c
@@ -330,6 +330,7 @@ static guint
polkit_authority_check_authorization_async (PolkitAuthority *authority,
PolkitSubject *subject,
const gchar *action_id,
+ GHashTable *details,
PolkitCheckAuthorizationFlags flags,
GCancellable *cancellable,
GAsyncReadyCallback callback,
@@ -339,6 +340,7 @@ polkit_authority_check_authorization_async (PolkitAuthority *autho
guint call_id;
GSimpleAsyncResult *simple;
gchar *cancellation_id;
+ EggDBusHashMap *real_details;
real_subject = polkit_subject_get_real (subject);
@@ -354,10 +356,24 @@ polkit_authority_check_authorization_async (PolkitAuthority *autho
g_object_set_data_full (G_OBJECT (simple), "polkit-1-cancellation-id", cancellation_id, g_free);
}
+ real_details = egg_dbus_hash_map_new (G_TYPE_STRING, NULL,
+ G_TYPE_STRING, NULL);
+ if (details != NULL)
+ {
+ GHashTableIter iter;
+ const gchar *key;
+ const gchar *value;
+
+ g_hash_table_iter_init (&iter, details);
+ while (g_hash_table_iter_next (&iter, (gpointer) &key, (gpointer) &value))
+ egg_dbus_hash_map_insert (real_details, key, value);
+ }
+
call_id = _polkit_authority_check_authorization (authority->real,
EGG_DBUS_CALL_FLAGS_TIMEOUT_NONE,
real_subject,
action_id,
+ real_details,
flags,
cancellation_id,
cancellable,
@@ -374,6 +390,7 @@ polkit_authority_check_authorization_async (PolkitAuthority *autho
* @authority: A #PolkitAuthority.
* @subject: A #PolkitSubject.
* @action_id: The action to check for.
+ * @details: Details about the action or %NULL.
* @flags: A set of #PolkitCheckAuthorizationFlags.
* @cancellable: A #GCancellable or %NULL.
* @callback: A #GAsyncReadyCallback to call when the request is satisfied.
@@ -390,6 +407,7 @@ void
polkit_authority_check_authorization (PolkitAuthority *authority,
PolkitSubject *subject,
const gchar *action_id,
+ GHashTable *details,
PolkitCheckAuthorizationFlags flags,
GCancellable *cancellable,
GAsyncReadyCallback callback,
@@ -398,6 +416,7 @@ polkit_authority_check_authorization (PolkitAuthority *authority,
polkit_authority_check_authorization_async (authority,
subject,
action_id,
+ details,
flags,
cancellable,
callback,
@@ -495,6 +514,7 @@ polkit_authority_check_authorization_finish (PolkitAuthority *authority
* @authority: A #PolkitAuthority.
* @subject: A #PolkitSubject.
* @action_id: The action to check for.
+ * @details: Details about the action or %NULL.
* @flags: A set of #PolkitCheckAuthorizationFlags.
* @cancellable: A #GCancellable or %NULL.
* @error: Return location for error or %NULL.
@@ -507,6 +527,7 @@ PolkitAuthorizationResult
polkit_authority_check_authorization_sync (PolkitAuthority *authority,
PolkitSubject *subject,
const gchar *action_id,
+ GHashTable *details,
PolkitCheckAuthorizationFlags flags,
GCancellable *cancellable,
GError **error)
@@ -518,6 +539,7 @@ polkit_authority_check_authorization_sync (PolkitAuthority *author
call_id = polkit_authority_check_authorization_async (authority,
subject,
action_id,
+ details,
flags,
cancellable,
generic_cb,
@@ -535,209 +557,9 @@ polkit_authority_check_authorization_sync (PolkitAuthority *author
/* ---------------------------------------------------------------------------------------------------- */
static guint
-polkit_authority_obtain_authorization_async (PolkitAuthority *authority,
- PolkitSubject *subject,
- const gchar *action_id,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data)
-{
- _PolkitSubject *real_subject;
- guint call_id;
- GSimpleAsyncResult *simple;
- gchar *cancellation_id;
-
- real_subject = polkit_subject_get_real (subject);
-
- simple = g_simple_async_result_new (G_OBJECT (authority),
- callback,
- user_data,
- polkit_authority_obtain_authorization_async);
-
- cancellation_id = NULL;
- if (cancellable != NULL)
- {
- cancellation_id = g_strdup_printf ("cancellation-id-%d", authority->cancellation_id_counter++);
- g_object_set_data_full (G_OBJECT (simple), "polkit-1-cancellation-id", cancellation_id, g_free);
- }
-
- call_id = _polkit_authority_obtain_authorization (authority->real,
- EGG_DBUS_CALL_FLAGS_TIMEOUT_NONE,
- real_subject,
- action_id,
- cancellation_id,
- cancellable,
- generic_async_cb,
- simple);
-
- g_object_unref (real_subject);
-
- return call_id;
-}
-
-/**
- * polkit_authority_obtain_authorization:
- * @authority: A #PolkitAuthority.
- * @subject: A #PolkitSubject.
- * @action_id: The action to obtain an authorization for.
- * @cancellable: A #GCancellable or %NULL.
- * @callback: A #GAsyncReadyCallback to call when the request is satisfied.
- * @user_data: The data to pass to @callback.
- *
- * Asynchronously obtains a temporary authorization for @subject to
- * perform the action represented by @action_id.
- *
- * When the operation is finished, @callback will be invoked. You can
- * then call polkit_authority_obtain_authorization_finish() to get the
- * result of the operation.
- **/
-void
-polkit_authority_obtain_authorization (PolkitAuthority *authority,
- PolkitSubject *subject,
- const gchar *action_id,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data)
-{
- polkit_authority_obtain_authorization_async (authority,
- subject,
- action_id,
- cancellable,
- callback,
- user_data);
-}
-
-static void
-authorization_obtain_cancelled_cb (GObject *source_object,
- GAsyncResult *res,
- gpointer user_data)
-{
- GError *error;
-
- error = NULL;
- if (!_polkit_authority_cancel_obtain_authorization_finish (_POLKIT_AUTHORITY (source_object),
- res,
- &error))
- {
- g_warning ("Error cancelling obtain authorization call: %s", error->message);
- g_error_free (error);
- }
-}
-
-/**
- * polkit_authority_obtain_authorization_finish:
- * @authority: A #PolkitAuthority.
- * @res: A #GAsyncResult obtained from the callback.
- * @error: Return location for error or %NULL.
- *
- * Finishes obtaining an authorization.
- *
- * Returns: %TRUE if the authorization was obtained, %FALSE if @error is set.
- **/
-gboolean
-polkit_authority_obtain_authorization_finish (PolkitAuthority *authority,
- GAsyncResult *res,
- GError **error)
-{
- gboolean result;
- GSimpleAsyncResult *simple;
- GAsyncResult *real_res;
- GError *local_error;
-
- simple = G_SIMPLE_ASYNC_RESULT (res);
- real_res = G_ASYNC_RESULT (g_simple_async_result_get_op_res_gpointer (simple));
-
- g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == polkit_authority_obtain_authorization_async);
-
- result = _POLKIT_AUTHORIZATION_RESULT_NOT_AUTHORIZED;
-
- local_error = NULL;
- result = _polkit_authority_obtain_authorization_finish (authority->real,
- real_res,
- &local_error);
-
- if (local_error != NULL)
- {
- if (local_error->domain == EGG_DBUS_ERROR && local_error->code == EGG_DBUS_ERROR_CANCELLED)
- {
- const gchar *cancellation_id;
-
- /* if the operation was cancelled locally, make sure to tell the daemon so the authentication
- * dialog etc. can be removed
- */
- cancellation_id = g_object_get_data (G_OBJECT (simple), "polkit-1-cancellation-id");
- if (cancellation_id != NULL)
- {
- _polkit_authority_cancel_obtain_authorization (authority->real,
- EGG_DBUS_CALL_FLAGS_NONE,
- cancellation_id,
- NULL,
- authorization_obtain_cancelled_cb,
- NULL);
- }
-
- g_set_error (error,
- POLKIT_ERROR,
- POLKIT_ERROR_CANCELLED,
- "The operation was cancelled");
- g_error_free (local_error);
- }
- else
- {
- g_propagate_error (error, local_error);
- }
- }
-
- g_object_unref (real_res);
- return result;
-}
-
-/**
- * polkit_authority_obtain_authorization_sync:
- * @authority: A #PolkitAuthority.
- * @subject: A #PolkitSubject.
- * @action_id: The action to obtain for.
- * @flags: A set of #PolkitObtainAuthorizationFlags.
- * @cancellable: A #GCancellable or %NULL.
- * @error: Return location for error or %NULL.
- *
- * Obtains a temporary authorization for @subject to perform the
- * action represented by @action_id.
- *
- * Returns: %TRUE if the authorization was obtained, %FALSE if @error is set.
- */
-gboolean
-polkit_authority_obtain_authorization_sync (PolkitAuthority *authority,
- PolkitSubject *subject,
- const gchar *action_id,
- GCancellable *cancellable,
- GError **error)
-{
- guint call_id;
- GAsyncResult *res;
- gboolean result;
-
- call_id = polkit_authority_obtain_authorization_async (authority,
- subject,
- action_id,
- cancellable,
- generic_cb,
- &res);
-
- egg_dbus_connection_pending_call_block (authority->system_bus, call_id);
-
- result = polkit_authority_obtain_authorization_finish (authority, res, error);
-
- g_object_unref (res);
-
- return result;
-}
-
-/* ---------------------------------------------------------------------------------------------------- */
-
-static guint
polkit_authority_register_authentication_agent_async (PolkitAuthority *authority,
const gchar *session_id,
+ const gchar *locale,
const gchar *object_path,
GCancellable *cancellable,
GAsyncReadyCallback callback,
@@ -754,6 +576,7 @@ polkit_authority_register_authentication_agent_async (PolkitAuthority *auth
call_id = _polkit_authority_register_authentication_agent (authority->real,
EGG_DBUS_CALL_FLAGS_NONE,
session_id,
+ locale,
object_path,
cancellable,
generic_async_cb,
@@ -766,6 +589,7 @@ polkit_authority_register_authentication_agent_async (PolkitAuthority *auth
* polkit_authority_register_authentication_agent:
* @authority: A #PolkitAuthority.
* @session_id: The identifier of the session to register for or %NULL for the session of the caller.
+ * @locale: The locale of the authentication agent.
* @object_path: The object path for the authentication agent.
* @cancellable: A #GCancellable or %NULL.
* @callback: A #GAsyncReadyCallback to call when the request is satisfied.
@@ -780,6 +604,7 @@ polkit_authority_register_authentication_agent_async (PolkitAuthority *auth
void
polkit_authority_register_authentication_agent (PolkitAuthority *authority,
const gchar *session_id,
+ const gchar *locale,
const gchar *object_path,
GCancellable *cancellable,
GAsyncReadyCallback callback,
@@ -787,6 +612,7 @@ polkit_authority_register_authentication_agent (PolkitAuthority *authority,
{
polkit_authority_register_authentication_agent_async (authority,
session_id,
+ locale,
object_path,
cancellable,
callback,
@@ -834,6 +660,7 @@ polkit_authority_register_authentication_agent_finish (PolkitAuthority *authorit
* polkit_authority_register_authentication_agent_sync:
* @authority: A #PolkitAuthority.
* @session_id: The identifier of the session to register for or %NULL for the session of the caller.
+ * @locale: The locale of the authentication agent.
* @object_path: The object path for the authentication agent.
* @cancellable: A #GCancellable or %NULL.
* @error: Return location for error or %NULL.
@@ -845,6 +672,7 @@ polkit_authority_register_authentication_agent_finish (PolkitAuthority *authorit
gboolean
polkit_authority_register_authentication_agent_sync (PolkitAuthority *authority,
const gchar *session_id,
+ const gchar *locale,
const gchar *object_path,
GCancellable *cancellable,
GError **error)
@@ -855,6 +683,7 @@ polkit_authority_register_authentication_agent_sync (PolkitAuthority *author
call_id = polkit_authority_register_authentication_agent_async (authority,
session_id,
+ locale,
object_path,
cancellable,
generic_cb,
diff --git a/src/polkit/polkitauthority.h b/src/polkit/polkitauthority.h
index 15cf3cb..2aa74ae 100644
--- a/src/polkit/polkitauthority.h
+++ b/src/polkit/polkitauthority.h
@@ -65,18 +65,14 @@ GList *polkit_authority_enumerate_groups_sync (PolkitAuthori
PolkitAuthorizationResult polkit_authority_check_authorization_sync (PolkitAuthority *authority,
PolkitSubject *subject,
const gchar *action_id,
+ GHashTable *details,
PolkitCheckAuthorizationFlags flags,
GCancellable *cancellable,
GError **error);
-gboolean polkit_authority_obtain_authorization_sync (PolkitAuthority *authority,
- PolkitSubject *subject,
- const gchar *action_id,
- GCancellable *cancellable,
- GError **error);
-
gboolean polkit_authority_register_authentication_agent_sync (PolkitAuthority *authority,
const gchar *session_id,
+ const gchar *locale,
const gchar *object_path,
GCancellable *cancellable,
GError **error);
@@ -107,6 +103,7 @@ GList * polkit_authority_enumerate_actions_finish (PolkitAuth
void polkit_authority_check_authorization (PolkitAuthority *authority,
PolkitSubject *subject,
const gchar *action_id,
+ GHashTable *details,
PolkitCheckAuthorizationFlags flags,
GCancellable *cancellable,
GAsyncReadyCallback callback,
@@ -116,19 +113,9 @@ PolkitAuthorizationResult polkit_authority_check_authorization_finish (PolkitAu
GAsyncResult *res,
GError **error);
-void polkit_authority_obtain_authorization (PolkitAuthority *authority,
- PolkitSubject *subject,
- const gchar *action_id,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data);
-
-gboolean polkit_authority_obtain_authorization_finish (PolkitAuthority *authority,
- GAsyncResult *res,
- GError **error);
-
void polkit_authority_register_authentication_agent (PolkitAuthority *authority,
const gchar *session_id,
+ const gchar *locale,
const gchar *object_path,
GCancellable *cancellable,
GAsyncReadyCallback callback,
diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c
index 23300a3..fb59b68 100644
--- a/src/polkitagent/polkitagentlistener.c
+++ b/src/polkitagent/polkitagentlistener.c
@@ -104,6 +104,7 @@ server_register (Server *server,
local_error = NULL;
if (!polkit_authority_register_authentication_agent_sync (server->authority,
server->session_id,
+ g_getenv ("LANG"),
server->object_path,
NULL,
&local_error))
@@ -358,6 +359,9 @@ auth_cb (GObject *source_object,
static void
handle_begin_authentication (_PolkitAuthenticationAgent *instance,
const gchar *action_id,
+ const gchar *message,
+ const gchar *icon_name,
+ EggDBusHashMap *details,
const gchar *cookie,
EggDBusArraySeq *identities,
EggDBusMethodInvocation *method_invocation)
@@ -389,6 +393,9 @@ handle_begin_authentication (_PolkitAuthenticationAgent *instance,
polkit_agent_listener_initiate_authentication (server->listener,
action_id,
+ message,
+ icon_name,
+ details->data,
cookie,
list,
data->cancellable,
@@ -447,6 +454,9 @@ polkit_agent_listener_class_init (PolkitAgentListenerClass *klass)
* polkit_agent_listener_initiate_authentication:
* @listener: A #PolkitAgentListener.
* @action_id: The action to authenticate for.
+ * @message: The message to present to the user.
+ * @icon_name: A themed icon name representing the action or %NULL.
+ * @details: A set of key/value string pairs describing the action.
* @cookie: The cookie for the authentication request.
* @identities: A list of #PolkitIdentity objects that the user can choose to authenticate as.
* @cancellable: A #GCancellable.
@@ -467,6 +477,9 @@ polkit_agent_listener_class_init (PolkitAgentListenerClass *klass)
void
polkit_agent_listener_initiate_authentication (PolkitAgentListener *listener,
const gchar *action_id,
+ const gchar *message,
+ const gchar *icon_name,
+ GHashTable *details,
const gchar *cookie,
GList *identities,
GCancellable *cancellable,
@@ -475,6 +488,9 @@ polkit_agent_listener_initiate_authentication (PolkitAgentListener *listener,
{
POLKIT_AGENT_LISTENER_GET_CLASS (listener)->initiate_authentication (listener,
action_id,
+ message,
+ icon_name,
+ details,
cookie,
identities,
cancellable,
diff --git a/src/polkitagent/polkitagentlistener.h b/src/polkitagent/polkitagentlistener.h
index 59a8cc8..9324b92 100644
--- a/src/polkitagent/polkitagentlistener.h
+++ b/src/polkitagent/polkitagentlistener.h
@@ -67,6 +67,9 @@ struct _PolkitAgentListenerClass
/* Vtable */
void (*initiate_authentication) (PolkitAgentListener *listener,
const gchar *action_id,
+ const gchar *message,
+ const gchar *icon_name,
+ GHashTable *details,
const gchar *cookie,
GList *identities,
GCancellable *cancellable,
@@ -92,6 +95,9 @@ struct _PolkitAgentListenerClass
GType polkit_agent_listener_get_type (void) G_GNUC_CONST;
void polkit_agent_listener_initiate_authentication (PolkitAgentListener *listener,
const gchar *action_id,
+ const gchar *message,
+ const gchar *icon_name,
+ GHashTable *details,
const gchar *cookie,
GList *identities,
GCancellable *cancellable,
diff --git a/src/polkitbackend/Makefile.am b/src/polkitbackend/Makefile.am
index 51ebe3c..a49e131 100644
--- a/src/polkitbackend/Makefile.am
+++ b/src/polkitbackend/Makefile.am
@@ -43,6 +43,7 @@ libpolkit_backend_1include_HEADERS = \
polkitbackendactionpool.h \
polkitbackendsessionmonitor.h \
polkitbackendconfigsource.h \
+ polkitbackendactionlookup.h \
$(NULL)
libpolkit_backend_1_la_SOURCES = \
@@ -56,6 +57,7 @@ libpolkit_backend_1_la_SOURCES = \
polkitbackendactionpool.h polkitbackendactionpool.c \
polkitbackendsessionmonitor.h polkitbackendsessionmonitor.c \
polkitbackendconfigsource.h polkitbackendconfigsource.c \
+ polkitbackendactionlookup.h polkitbackendactionlookup.c \
$(NULL)
libpolkit_backend_1_la_CFLAGS = \
diff --git a/src/polkitbackend/polkitbackend.h b/src/polkitbackend/polkitbackend.h
index 57a9842..3efa131 100644
--- a/src/polkitbackend/polkitbackend.h
+++ b/src/polkitbackend/polkitbackend.h
@@ -35,6 +35,7 @@
#include <polkitbackend/polkitbackendactionpool.h>
#include <polkitbackend/polkitbackendsessionmonitor.h>
#include <polkitbackend/polkitbackendconfigsource.h>
+#include <polkitbackend/polkitbackendactionlookup.h>
#undef _POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H
#endif /* __POLKIT_BACKEND_H */
diff --git a/src/polkitbackend/polkitbackendactionlookup.c b/src/polkitbackend/polkitbackendactionlookup.c
new file mode 100644
index 0000000..64c43a9
--- /dev/null
+++ b/src/polkitbackend/polkitbackendactionlookup.c
@@ -0,0 +1,177 @@
+/*
+ * Copyright (C) 2008 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
+ * Boston, MA 02111-1307, USA.
+ *
+ * Author: David Zeuthen <davidz at redhat.com>
+ */
+
+#include "config.h"
+#include <errno.h>
+#include <pwd.h>
+#include <string.h>
+#include <polkit/polkit.h>
+#include <polkit/polkitprivate.h>
+#include "polkitbackendactionlookup.h"
+
+#include "polkitbackendprivate.h"
+
+/**
+ * SECTION:polkitbackendactionlookup
+ * @title: PolkitBackendActionLookup
+ * @short_description: Interface used to provide data to authentication dialogs
+ * @stability: Unstable
+ *
+ * An interface that is used by backends to provide localized data
+ * shown in authentication dialogs.
+ *
+ * This inteface is intended for mechanisms to customize the message
+ * to show - a mechanism can provide a #GIOModule that registers one
+ * or more extensions that implement this interface. Every time an
+ * authentication dialog is shown, the registered extensions are
+ * consulted in priority order.
+ *
+ * This is useful if your mechanism wants to put up a message such as
+ * "Authentication is required to install 'Totem Movie Player'",
+ * e.g. messages that include more information than just the action
+ * name.
+ *
+ * Code implementing this interface <emphasis>cannot</emphasis>
+ * block or do any IO when methods are invoked. If information is
+ * needed to format the message or details, prepare it in advance and
+ * pass it as part of the @details hash table when doing the
+ * polkit_authority_check_authorization() call. Then the code in this
+ * interface can use that information to return localized data.
+ *
+ * Note that setlocale() and the <literal>LANG</literal> environment
+ * variable will be set up to match the locale of the authentication
+ * agent that is the receiver of the information. This means that code
+ * implementing this interface can use dgettext() or similar machinery
+ * to look up translations.
+ */
+
+static void
+base_init (gpointer g_iface)
+{
+}
+
+GType
+polkit_backend_action_lookup_get_type (void)
+{
+ static GType iface_type = 0;
+
+ if (iface_type == 0)
+ {
+ static const GTypeInfo info =
+ {
+ sizeof (PolkitBackendActionLookupIface),
+ base_init, /* base_init */
+ NULL, /* base_finalize */
+ NULL, /* class_init */
+ NULL, /* class_finalize */
+ NULL, /* class_data */
+ 0, /* instance_size */
+ 0, /* n_preallocs */
+ NULL, /* instance_init */
+ NULL /* value_table */
+ };
+
+ iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitBackendActionLookup", &info, 0);
+
+ g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT);
+ }
+
+ return iface_type;
+}
+
+/**
+ * polkit_backend_action_lookup_get_message:
+ * @lookup: A #PolkitBackendActionLookup.
+ * @action_id: The action to get the message for.
+ * @details: Details passed to polkit_authority_check_authorization().
+ * @action_description: A #PolkitActionDescription object for @action_id.
+ *
+ * Computes a message to show in an authentication dialog for
+ * @action_id and @details.
+ *
+ * Returns: A localized string to show in the authentication dialog or %NULL. Caller must free this string.
+ **/
+gchar *
+polkit_backend_action_lookup_get_message (PolkitBackendActionLookup *lookup,
+ const gchar *action_id,
+ GHashTable *details,
+ PolkitActionDescription *action_description)
+{
+ PolkitBackendActionLookupIface *iface = POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE (lookup);
+
+ if (iface->get_message == NULL)
+ return NULL;
+ else
+ return iface->get_message (lookup, action_id, details, action_description);
+}
+
+/**
+ * polkit_backend_action_lookup_get_icon_name:
+ * @lookup: A #PolkitBackendActionLookup.
+ * @action_id: The action to get the themed icon for.
+ * @details: Details passed to polkit_authority_check_authorization().
+ * @action_description: A #PolkitActionDescription object for @action_id.
+ *
+ * Computes a themed icon name to show in an authentication dialog for
+ * @action_id and @details.
+ *
+ * Returns: A themed icon name or %NULL. Caller must free this string.
+ **/
+gchar *
+polkit_backend_action_lookup_get_icon_name (PolkitBackendActionLookup *lookup,
+ const gchar *action_id,
+ GHashTable *details,
+ PolkitActionDescription *action_description)
+{
+ PolkitBackendActionLookupIface *iface = POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE (lookup);
+
+ if (iface->get_icon_name == NULL)
+ return NULL;
+ else
+ return iface->get_icon_name (lookup, action_id, details, action_description);
+}
+
+/**
+ * polkit_backend_action_lookup_get_details:
+ * @lookup: A #PolkitBackendActionLookup.
+ * @action_id: The action to get the details for.
+ * @details: Details passed to polkit_authority_check_authorization().
+ * @action_description: A #PolkitActionDescription object for @action_id.
+ *
+ * Computes localized details to show in an authentication dialog for
+ * @action_id and @details.
+ *
+ * Returns: A #GHashTable with localized details or %NULL. Caller must free the result.
+ **/
+GHashTable *
+polkit_backend_action_lookup_get_details (PolkitBackendActionLookup *lookup,
+ const gchar *action_id,
+ GHashTable *details,
+ PolkitActionDescription *action_description)
+{
+ PolkitBackendActionLookupIface *iface = POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE (lookup);
+
+ if (iface->get_details == NULL)
+ return NULL;
+ else
+ return iface->get_details (lookup, action_id, details, action_description);
+}
+
diff --git a/src/polkitbackend/polkitbackendactionlookup.h b/src/polkitbackend/polkitbackendactionlookup.h
new file mode 100644
index 0000000..bb93c17
--- /dev/null
+++ b/src/polkitbackend/polkitbackendactionlookup.h
@@ -0,0 +1,105 @@
+/*
+ * Copyright (C) 2008 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
+ * Boston, MA 02111-1307, USA.
+ *
+ * Author: David Zeuthen <davidz at redhat.com>
+ */
+
+#if !defined (_POLKIT_BACKEND_COMPILATION) && !defined(_POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H)
+#error "Only <polkitbackend/polkitbackend.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef __POLKIT_BACKEND_ACTION_LOOKUP_H
+#define __POLKIT_BACKEND_ACTION_LOOKUP_H
+
+#include <glib-object.h>
+#include "polkitbackendtypes.h"
+
+G_BEGIN_DECLS
+
+/**
+ * POLKIT_BACKEND_ACTION_LOOKUP_EXTENSION_POINT_NAME:
+ *
+ * Extension point name for looking up action information.
+ */
+#define POLKIT_BACKEND_ACTION_LOOKUP_EXTENSION_POINT_NAME "polkit-backend-action-lookup-1"
+
+#define POLKIT_BACKEND_TYPE_ACTION_LOOKUP (polkit_backend_action_lookup_get_type())
+#define POLKIT_BACKEND_ACTION_LOOKUP(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_BACKEND_TYPE_ACTION_LOOKUP, PolkitBackendActionLookup))
+#define POLKIT_BACKEND_IS_ACTION_LOOKUP(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_BACKEND_TYPE_ACTION_LOOKUP))
+#define POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE(o) (G_TYPE_INSTANCE_GET_INTERFACE((o), POLKIT_BACKEND_TYPE_ACTION_LOOKUP, PolkitBackendActionLookupIface))
+
+#if 0
+/**
+ * PolkitBackendActionLookup:
+ *
+ * Opaque object for #PolkitBackendActionLookupIface.
+ */
+typedef struct _PolkitBackendActionLookup PolkitBackendActionLookup; /* Dummy typedef */
+#endif
+typedef struct _PolkitBackendActionLookupIface PolkitBackendActionLookupIface;
+
+/**
+ * PolkitBackendActionLookupIface:
+ * @get_message: See polkit_backend_action_lookup_get_message().
+ * @get_icon_name: See polkit_backend_action_lookup_get_icon_name().
+ * @get_details: See polkit_backend_action_lookup_get_details().
+ *
+ * Interface that is used by backends to provide localized data shown
+ * in authentication dialogs.
+ */
+struct _PolkitBackendActionLookupIface
+{
+ /*< private >*/
+ GTypeInterface parent_iface;
+
+ /*< public >*/
+ /* VTable */
+
+ gchar * (*get_message) (PolkitBackendActionLookup *lookup,
+ const gchar *action_id,
+ GHashTable *details,
+ PolkitActionDescription *action_description);
+
+ gchar * (*get_icon_name) (PolkitBackendActionLookup *lookup,
+ const gchar *action_id,
+ GHashTable *details,
+ PolkitActionDescription *action_description);
+
+ GHashTable * (*get_details) (PolkitBackendActionLookup *lookup,
+ const gchar *action_id,
+ GHashTable *details,
+ PolkitActionDescription *action_description);
+};
+
+GType polkit_backend_action_lookup_get_type (void) G_GNUC_CONST;
+gchar *polkit_backend_action_lookup_get_message (PolkitBackendActionLookup *lookup,
+ const gchar *action_id,
+ GHashTable *details,
+ PolkitActionDescription *action_description);
+gchar *polkit_backend_action_lookup_get_icon_name (PolkitBackendActionLookup *lookup,
+ const gchar *action_id,
+ GHashTable *details,
+ PolkitActionDescription *action_description);
+GHashTable *polkit_backend_action_lookup_get_details (PolkitBackendActionLookup *lookup,
+ const gchar *action_id,
+ GHashTable *details,
+ PolkitActionDescription *action_description);
+
+G_END_DECLS
+
+#endif /* __POLKIT_BACKEND_ACTION_LOOKUP_H */
diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c
index 961fc49..b53513f 100644
--- a/src/polkitbackend/polkitbackendauthority.c
+++ b/src/polkitbackend/polkitbackendauthority.c
@@ -26,6 +26,7 @@
#include <polkit/polkit.h>
#include <polkit/polkitprivate.h>
#include "polkitbackendauthority.h"
+#include "polkitbackendactionlookup.h"
#include "polkitbackendlocalauthority.h"
#include "polkitbackendprivate.h"
@@ -203,6 +204,7 @@ polkit_backend_authority_enumerate_groups (PolkitBackendAuthority *authority,
* @caller: The system bus name that initiated the query.
* @subject: A #PolkitSubject.
* @action_id: The action to check for.
+ * @details: Details about the action or %NULL.
* @flags: A set of #PolkitCheckAuthorizationFlags.
* @cancellable: A #GCancellable.
* @callback: A #GAsyncReadyCallback to call when the request is satisfied.
@@ -220,6 +222,7 @@ polkit_backend_authority_check_authorization (PolkitBackendAuthority *aut
PolkitSubject *caller,
PolkitSubject *subject,
const gchar *action_id,
+ GHashTable *details,
PolkitCheckAuthorizationFlags flags,
GCancellable *cancellable,
GAsyncReadyCallback callback,
@@ -246,7 +249,7 @@ polkit_backend_authority_check_authorization (PolkitBackendAuthority *aut
}
else
{
- klass->check_authorization (authority, caller, subject, action_id, flags, cancellable, callback, user_data);
+ klass->check_authorization (authority, caller, subject, action_id, details, flags, cancellable, callback, user_data);
}
}
@@ -284,89 +287,6 @@ polkit_backend_authority_check_authorization_finish (PolkitBackendAuthority *au
/* ---------------------------------------------------------------------------------------------------- */
/**
- * polkit_backend_authority_obtain_authorization:
- * @authority: A #PolkitBackendAuthority.
- * @caller: The system bus name that initiated the query.
- * @subject: A #PolkitSubject.
- * @action_id: The action to obtain.
- * @cancellable: A #GCancellable.
- * @callback: A #GAsyncReadyCallback to call when the request is satisfied.
- * @user_data: The data to pass to @callback.
- *
- * Asynchronously obtains a temporary authorization for @subject to
- * perform the action represented by @action_id. If @subject is already
- * authorized for @action_id, return %TRUE. If @action_id doesn't allow
- * temporary authorizations, return a %POLKIT_ERROR_FAILED error.
- *
- * When the operation is finished, @callback will be invoked. You can then
- * call polkit_backend_authority_obtain_authorization_finish() to get the result of
- * the operation.
- **/
-void
-polkit_backend_authority_obtain_authorization (PolkitBackendAuthority *authority,
- PolkitSubject *caller,
- PolkitSubject *subject,
- const gchar *action_id,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data)
-{
- PolkitBackendAuthorityClass *klass;
-
- klass = POLKIT_BACKEND_AUTHORITY_GET_CLASS (authority);
-
- if (klass->obtain_authorization == NULL)
- {
- GSimpleAsyncResult *simple;
-
- simple = g_simple_async_result_new_error (G_OBJECT (authority),
- callback,
- user_data,
- POLKIT_ERROR,
- POLKIT_ERROR_NOT_SUPPORTED,
- "Operation not supported");
- g_simple_async_result_complete (simple);
- g_object_unref (simple);
- }
- else
- {
- klass->obtain_authorization (authority, caller, subject, action_id, cancellable, callback, user_data);
- }
-}
-
-/**
- * polkit_backend_authority_obtain_authorization_finish:
- * @authority: A #PolkitBackendAuthority.
- * @res: A #GAsyncResult obtained from the callback.
- * @error: Return location for error or %NULL.
- *
- * Finishes obtaining an authorization.
- *
- * Returns: %TRUE if the authorization was obtained, %FALSE if @error is set.
- **/
-gboolean
-polkit_backend_authority_obtain_authorization_finish (PolkitBackendAuthority *authority,
- GAsyncResult *res,
- GError **error)
-{
- PolkitBackendAuthorityClass *klass;
-
- klass = POLKIT_BACKEND_AUTHORITY_GET_CLASS (authority);
-
- if (klass->obtain_authorization_finish == NULL)
- {
- g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (res), error);
- return FALSE;
- }
- else
- {
- return klass->obtain_authorization_finish (authority, res, error);
- }
-}
-
-/* ---------------------------------------------------------------------------------------------------- */
-
-/**
* polkit_backend_authority_enumerate_authorizations:
* @authority: A #PolkitBackendAuthority.
* @caller: The system bus name that initiated the query.
@@ -481,6 +401,7 @@ polkit_backend_authority_remove_authorization (PolkitBackendAuthority *autho
* @authority: A #PolkitBackendAuthority.
* @caller: The system bus name that initiated the query.
* @session_id: The identifier of the session to register for or %NULL for the session of the caller.
+ * @locale: The locale of the authentication agent.
* @object_path: The object path for the authentication agent.
* @error: Return location for error or %NULL.
*
@@ -492,6 +413,7 @@ gboolean
polkit_backend_authority_register_authentication_agent (PolkitBackendAuthority *authority,
PolkitSubject *caller,
const gchar *session_id,
+ const gchar *locale,
const gchar *object_path,
GError **error)
{
@@ -509,7 +431,7 @@ polkit_backend_authority_register_authentication_agent (PolkitBackendAuthority
}
else
{
- return klass->register_authentication_agent (authority, caller, session_id, object_path, error);
+ return klass->register_authentication_agent (authority, caller, session_id, locale, object_path, error);
}
}
@@ -895,6 +817,7 @@ static void
authority_handle_check_authorization (_PolkitAuthority *instance,
_PolkitSubject *real_subject,
const gchar *action_id,
+ EggDBusHashMap *real_details,
_PolkitCheckAuthorizationFlags flags,
const gchar *cancellation_id,
EggDBusMethodInvocation *method_invocation)
@@ -904,12 +827,15 @@ authority_handle_check_authorization (_PolkitAuthority *instance,
PolkitSubject *subject;
PolkitSubject *caller;
GCancellable *cancellable;
+ GHashTable *details;
caller_name = egg_dbus_method_invocation_get_caller (method_invocation);
caller = polkit_system_bus_name_new (caller_name);
subject = polkit_subject_new_for_real (real_subject);
+ details = real_details->data;
+
g_object_set_data_full (G_OBJECT (method_invocation), "caller", caller, (GDestroyNotify) g_object_unref);
g_object_set_data_full (G_OBJECT (method_invocation), "subject", subject, (GDestroyNotify) g_object_unref);
@@ -946,6 +872,7 @@ authority_handle_check_authorization (_PolkitAuthority *instance,
caller,
subject,
action_id,
+ details,
flags,
cancellable,
check_auth_cb,
@@ -991,136 +918,6 @@ authority_handle_cancel_check_authorization (_PolkitAuthority *ins
/* ---------------------------------------------------------------------------------------------------- */
static void
-obtain_auth_cb (GObject *source_object,
- GAsyncResult *res,
- gpointer user_data)
-{
- EggDBusMethodInvocation *method_invocation = EGG_DBUS_METHOD_INVOCATION (user_data);
- const gchar *full_cancellation_id;
- GError *error;
-
- error = NULL;
- polkit_backend_authority_obtain_authorization_finish (POLKIT_BACKEND_AUTHORITY (source_object),
- res,
- &error);
-
- full_cancellation_id = g_object_get_data (G_OBJECT (method_invocation), "cancellation-id");
- if (full_cancellation_id != NULL)
- {
- Server *server;
- server = SERVER (g_object_get_data (G_OBJECT (method_invocation), "server"));
- g_hash_table_remove (server->cancellation_id_to_cancellable, full_cancellation_id);
- }
-
- if (error != NULL)
- {
- egg_dbus_method_invocation_return_gerror (method_invocation, error);
- g_error_free (error);
- }
- else
- {
- _polkit_authority_handle_obtain_authorization_finish (method_invocation);
- }
-}
-
-static void
-authority_handle_obtain_authorization (_PolkitAuthority *instance,
- _PolkitSubject *real_subject,
- const gchar *action_id,
- const gchar *cancellation_id,
- EggDBusMethodInvocation *method_invocation)
-{
- Server *server = SERVER (instance);
- const gchar *caller_name;
- PolkitSubject *subject;
- PolkitSubject *caller;
- GCancellable *cancellable;
-
- caller_name = egg_dbus_method_invocation_get_caller (method_invocation);
- caller = polkit_system_bus_name_new (caller_name);
-
- subject = polkit_subject_new_for_real (real_subject);
-
- g_object_set_data_full (G_OBJECT (method_invocation), "caller", caller, (GDestroyNotify) g_object_unref);
- g_object_set_data_full (G_OBJECT (method_invocation), "subject", subject, (GDestroyNotify) g_object_unref);
-
- cancellable = NULL;
- if (cancellation_id != NULL && strlen (cancellation_id) > 0)
- {
- gchar *full_cancellation_id;
-
- full_cancellation_id = g_strdup_printf ("%s-%s", caller_name, cancellation_id);
-
- if (g_hash_table_lookup (server->cancellation_id_to_cancellable, full_cancellation_id) != NULL)
- {
- egg_dbus_method_invocation_return_error (method_invocation,
- _POLKIT_ERROR,
- _POLKIT_ERROR_CANCELLATION_ID_NOT_UNIQUE,
- "Given cancellation_id %s is already in use for name %s",
- cancellation_id,
- caller_name);
- g_free (full_cancellation_id);
- goto out;
- }
-
- cancellable = g_cancellable_new ();
-
- g_hash_table_insert (server->cancellation_id_to_cancellable,
- full_cancellation_id,
- cancellable);
-
- g_object_set_data (G_OBJECT (method_invocation), "server", server);
- g_object_set_data (G_OBJECT (method_invocation), "cancellation-id", full_cancellation_id);
- }
-
- polkit_backend_authority_obtain_authorization (server->authority,
- caller,
- subject,
- action_id,
- cancellable,
- obtain_auth_cb,
- method_invocation);
- out:
- ;
-}
-
-static void
-authority_handle_cancel_obtain_authorization (_PolkitAuthority *instance,
- const gchar *cancellation_id,
- EggDBusMethodInvocation *method_invocation)
-{
- Server *server = SERVER (instance);
- GCancellable *cancellable;
- const gchar *caller_name;
- gchar *full_cancellation_id;
-
- caller_name = egg_dbus_method_invocation_get_caller (method_invocation);
-
- full_cancellation_id = g_strdup_printf ("%s-%s", caller_name, cancellation_id);
-
- cancellable = g_hash_table_lookup (server->cancellation_id_to_cancellable, full_cancellation_id);
- if (cancellable == NULL)
- {
- egg_dbus_method_invocation_return_error (method_invocation,
- _POLKIT_ERROR,
- _POLKIT_ERROR_FAILED,
- "No such cancellation_id %s for name %s",
- cancellation_id,
- caller_name);
- goto out;
- }
-
- g_cancellable_cancel (cancellable);
-
- _polkit_authority_handle_cancel_obtain_authorization_finish (method_invocation);
-
- out:
- g_free (full_cancellation_id);
-}
-
-/* ---------------------------------------------------------------------------------------------------- */
-
-static void
authority_manager_handle_enumerate_authorizations (_PolkitAuthorityManager *instance,
_PolkitIdentity *real_identity,
EggDBusMethodInvocation *method_invocation)
@@ -1266,6 +1063,7 @@ authority_manager_handle_remove_authorization (_PolkitAuthorityManager *i
static void
authority_handle_register_authentication_agent (_PolkitAuthority *instance,
const gchar *session_id,
+ const gchar *locale,
const gchar *object_path,
EggDBusMethodInvocation *method_invocation)
{
@@ -1279,6 +1077,7 @@ authority_handle_register_authentication_agent (_PolkitAuthority *
if (!polkit_backend_authority_register_authentication_agent (server->authority,
caller,
session_id,
+ locale,
object_path,
&error))
{
@@ -1370,8 +1169,6 @@ authority_iface_init (_PolkitAuthorityIface *authority_iface)
authority_iface->handle_enumerate_actions = authority_handle_enumerate_actions;
authority_iface->handle_check_authorization = authority_handle_check_authorization;
authority_iface->handle_cancel_check_authorization = authority_handle_cancel_check_authorization;
- authority_iface->handle_obtain_authorization = authority_handle_obtain_authorization;
- authority_iface->handle_cancel_obtain_authorization = authority_handle_cancel_obtain_authorization;
authority_iface->handle_register_authentication_agent = authority_handle_register_authentication_agent;
authority_iface->handle_unregister_authentication_agent = authority_handle_unregister_authentication_agent;
authority_iface->handle_authentication_agent_response = authority_handle_authentication_agent_response;
@@ -1497,18 +1294,24 @@ PolkitBackendAuthority *
polkit_backend_authority_get (void)
{
static GIOExtensionPoint *ep = NULL;
+ static GIOExtensionPoint *ep_action_lookup = NULL;
static volatile GType local_authority_type = G_TYPE_INVALID;
GList *modules;
GList *authority_implementations;
GType authority_type;
PolkitBackendAuthority *authority;
- /* define the extension point */
+ /* define extension points */
if (ep == NULL)
{
ep = g_io_extension_point_register (POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME);
g_io_extension_point_set_required_type (ep, POLKIT_BACKEND_TYPE_AUTHORITY);
}
+ if (ep_action_lookup == NULL)
+ {
+ ep_action_lookup = g_io_extension_point_register (POLKIT_BACKEND_ACTION_LOOKUP_EXTENSION_POINT_NAME);
+ g_io_extension_point_set_required_type (ep_action_lookup, POLKIT_BACKEND_TYPE_ACTION_LOOKUP);
+ }
/* make sure local types are registered */
if (local_authority_type == G_TYPE_INVALID)
diff --git a/src/polkitbackend/polkitbackendauthority.h b/src/polkitbackend/polkitbackendauthority.h
index ce63f5d..bb9d5e9 100644
--- a/src/polkitbackend/polkitbackendauthority.h
+++ b/src/polkitbackend/polkitbackendauthority.h
@@ -70,13 +70,6 @@ struct _PolkitBackendAuthority
* @check_authorization_finish: Called when finishing an authorization
* check. See polkit_backend_authority_check_authorization_finish()
* for details.
- * @obtain_authorization: Called to obtain an authorization or %NULL
- * if the backend doesn't support the operation. See
- * polkit_backend_authority_obtain_authorization() for details.
- * @obtain_authorization_finish: Called when finishing obtaining
- * an authorization or %NULL if the backend doesn't support the
- * operation. See polkit_backend_authority_obtain_authorization_finish()
- * for details.
* @register_authentication_agent: Called when an authentication agent
* is attempting to register or %NULL if the backend doesn't support
* the operation. See
@@ -130,6 +123,7 @@ struct _PolkitBackendAuthorityClass
PolkitSubject *caller,
PolkitSubject *subject,
const gchar *action_id,
+ GHashTable *details,
PolkitCheckAuthorizationFlags flags,
GCancellable *cancellable,
GAsyncReadyCallback callback,
@@ -139,21 +133,10 @@ struct _PolkitBackendAuthorityClass
GAsyncResult *res,
GError **error);
- void (*obtain_authorization) (PolkitBackendAuthority *authority,
- PolkitSubject *caller,
- PolkitSubject *subject,
- const gchar *action_id,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data);
-
- gboolean (*obtain_authorization_finish) (PolkitBackendAuthority *authority,
- GAsyncResult *res,
- GError **error);
-
gboolean (*register_authentication_agent) (PolkitBackendAuthority *authority,
PolkitSubject *caller,
const gchar *session_id,
+ const gchar *locale,
const gchar *object_path,
GError **error);
@@ -238,6 +221,7 @@ void polkit_backend_authority_check_authorization (PolkitBackendAuthor
PolkitSubject *caller,
PolkitSubject *subject,
const gchar *action_id,
+ GHashTable *details,
PolkitCheckAuthorizationFlags flags,
GCancellable *cancellable,
GAsyncReadyCallback callback,
@@ -247,18 +231,6 @@ PolkitAuthorizationResult polkit_backend_authority_check_authorization_finish (P
GAsyncResult *res,
GError **error);
-void polkit_backend_authority_obtain_authorization (PolkitBackendAuthority *authority,
- PolkitSubject *caller,
- PolkitSubject *subject,
- const gchar *action_id,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data);
-
-gboolean polkit_backend_authority_obtain_authorization_finish (PolkitBackendAuthority *authority,
- GAsyncResult *res,
- GError **error);
-
GList *polkit_backend_authority_enumerate_authorizations (PolkitBackendAuthority *authority,
PolkitSubject *caller,
PolkitIdentity *identity,
@@ -279,6 +251,7 @@ gboolean polkit_backend_authority_remove_authorization (PolkitBackendAuthor
gboolean polkit_backend_authority_register_authentication_agent (PolkitBackendAuthority *authority,
PolkitSubject *caller,
const gchar *session_id,
+ const gchar *locale,
const gchar *object_path,
GError **error);
diff --git a/src/polkitbackend/polkitbackendlocalauthority.c b/src/polkitbackend/polkitbackendlocalauthority.c
index 7bbbe2d..74e6b3e 100644
--- a/src/polkitbackend/polkitbackendlocalauthority.c
+++ b/src/polkitbackend/polkitbackendlocalauthority.c
@@ -25,12 +25,14 @@
#include <grp.h>
#include <string.h>
#include <glib/gstdio.h>
+#include <locale.h>
#include <polkit/polkit.h>
#include "polkitbackendlocalauthority.h"
#include "polkitbackendactionpool.h"
#include "polkitbackendsessionmonitor.h"
#include "polkitbackendconfigsource.h"
+#include "polkitbackendactionlookup.h"
#include <polkit/polkitprivate.h>
@@ -92,6 +94,7 @@ static void authentication_agent_initiate_challenge (Authenticati
PolkitIdentity *user_of_subject,
PolkitBackendLocalAuthority *authority,
const gchar *action_id,
+ GHashTable *details,
PolkitSubject *caller,
PolkitImplicitAuthorization implicit_authorization,
GCancellable *cancellable,
@@ -164,6 +167,7 @@ static void polkit_backend_local_authority_check_authorization (PolkitBackendAut
PolkitSubject *caller,
PolkitSubject *subject,
const gchar *action_id,
+ GHashTable *details,
PolkitCheckAuthorizationFlags flags,
GCancellable *cancellable,
GAsyncReadyCallback callback,
@@ -174,18 +178,6 @@ static PolkitAuthorizationResult polkit_backend_local_authority_check_authorizat
GAsyncResult *res,
GError **error);
-static void polkit_backend_local_authority_obtain_authorization (PolkitBackendAuthority *authority,
- PolkitSubject *caller,
- PolkitSubject *subject,
- const gchar *action_id,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data);
-
-static gboolean polkit_backend_local_authority_obtain_authorization_finish (PolkitBackendAuthority *authority,
- GAsyncResult *res,
- GError **error);
-
static PolkitAuthorizationResult check_authorization_sync (PolkitBackendAuthority *authority,
PolkitSubject *subject,
const gchar *action_id,
@@ -213,6 +205,7 @@ static gboolean polkit_backend_local_authority_remove_authorization (PolkitBacke
static gboolean polkit_backend_local_authority_register_authentication_agent (PolkitBackendAuthority *authority,
PolkitSubject *caller,
const gchar *session_id,
+ const gchar *locale,
const gchar *object_path,
GError **error);
@@ -322,8 +315,6 @@ polkit_backend_local_authority_class_init (PolkitBackendLocalAuthorityClass *kla
authority_class->enumerate_groups = polkit_backend_local_authority_enumerate_groups;
authority_class->check_authorization = polkit_backend_local_authority_check_authorization;
authority_class->check_authorization_finish = polkit_backend_local_authority_check_authorization_finish;
- authority_class->obtain_authorization = polkit_backend_local_authority_obtain_authorization;
- authority_class->obtain_authorization_finish = polkit_backend_local_authority_obtain_authorization_finish;
authority_class->enumerate_authorizations = polkit_backend_local_authority_enumerate_authorizations;
authority_class->add_authorization = polkit_backend_local_authority_add_authorization;
authority_class->remove_authorization = polkit_backend_local_authority_remove_authorization;
@@ -453,251 +444,6 @@ polkit_backend_local_authority_enumerate_groups (PolkitBackendAuthority *autho
/* ---------------------------------------------------------------------------------------------------- */
static void
-obtain_authorization_challenge_cb (AuthenticationAgent *agent,
- PolkitSubject *subject,
- PolkitIdentity *user_of_subject,
- PolkitBackendLocalAuthority *authority,
- const gchar *action_id,
- PolkitImplicitAuthorization implicit_authorization,
- gboolean authentication_success,
- gpointer user_data)
-{
- GSimpleAsyncResult *simple = G_SIMPLE_ASYNC_RESULT (user_data);
- gchar *subject_str;
-
- subject_str = polkit_subject_to_string (subject);
-
- g_debug ("In obtain_authorization_challenge_cb\n"
- " subject %s\n"
- " action_id %s\n"
- " authentication_success %d\n",
- subject_str,
- action_id,
- authentication_success);
-
- if (authentication_success)
- {
- GError *error;
- PolkitAuthorization *authorization;
-
- authorization = polkit_authorization_new (action_id,
- subject,
- FALSE);
-
- if (!add_authorization_for_identity (authority,
- user_of_subject,
- authorization,
- &error))
- {
- g_simple_async_result_set_from_error (simple, error);
- g_error_free (error);
- }
- }
- else
- {
- g_simple_async_result_set_error (simple,
- POLKIT_ERROR,
- POLKIT_ERROR_FAILED,
- "Could not obtain authorization");
- }
-
- g_simple_async_result_complete (simple);
- g_object_unref (simple);
-
- g_free (subject_str);
-}
-
-static gboolean
-polkit_backend_local_authority_obtain_authorization_finish (PolkitBackendAuthority *authority,
- GAsyncResult *res,
- GError **error)
-{
- GSimpleAsyncResult *simple;
-
- simple = G_SIMPLE_ASYNC_RESULT (res);
-
- g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == polkit_backend_local_authority_obtain_authorization);
-
- return g_simple_async_result_propagate_error (simple, error);
-}
-
-static void
-polkit_backend_local_authority_obtain_authorization (PolkitBackendAuthority *authority,
- PolkitSubject *caller,
- PolkitSubject *subject,
- const gchar *action_id,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data)
-{
- PolkitBackendLocalAuthority *local_authority;
- PolkitBackendLocalAuthorityPrivate *priv;
- gchar *caller_str;
- gchar *subject_str;
- PolkitIdentity *user_of_caller;
- PolkitIdentity *user_of_subject;
- gchar *user_of_caller_str;
- gchar *user_of_subject_str;
- PolkitAuthorizationResult result;
- PolkitImplicitAuthorization implicit_authorization;
- GError *error;
- GSimpleAsyncResult *simple;
-
- local_authority = POLKIT_BACKEND_LOCAL_AUTHORITY (authority);
- priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (local_authority);
-
- error = NULL;
- caller_str = NULL;
- subject_str = NULL;
- user_of_caller = NULL;
- user_of_subject = NULL;
- user_of_caller_str = NULL;
- user_of_subject_str = NULL;
-
- simple = g_simple_async_result_new (G_OBJECT (authority),
- callback,
- user_data,
- polkit_backend_local_authority_obtain_authorization);
-
- caller_str = polkit_subject_to_string (caller);
- subject_str = polkit_subject_to_string (subject);
-
- g_debug ("%s is attempting to obtain an temporary authorization for %s to perform %s",
- caller_str,
- subject_str,
- action_id);
-
- user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor,
- caller,
- &error);
- if (error != NULL)
- {
- g_simple_async_result_set_from_error (simple, error);
- g_simple_async_result_complete (simple);
- g_object_unref (simple);
- g_error_free (error);
- goto out;
- }
-
- user_of_caller_str = polkit_identity_to_string (user_of_caller);
- g_debug (" user of caller is %s", user_of_caller_str);
-
- user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor,
- subject,
- &error);
- if (error != NULL)
- {
- g_simple_async_result_set_from_error (simple, error);
- g_simple_async_result_complete (simple);
- g_object_unref (simple);
- g_error_free (error);
- goto out;
- }
-
- user_of_subject_str = polkit_identity_to_string (user_of_subject);
- g_debug (" user of subject is %s", user_of_subject_str);
-
- /* if the user of the caller and the user of the subject isn't the same, then fail */
- if (!polkit_identity_equal (user_of_caller, user_of_subject))
- {
- g_simple_async_result_set_error (simple,
- POLKIT_ERROR,
- POLKIT_ERROR_NOT_AUTHORIZED,
- "%s is not authorized to request an authorization for %s",
- caller_str,
- subject_str);
- g_simple_async_result_complete (simple);
- g_object_unref (simple);
- goto out;
- }
-
- /* see if subject already has an authorization */
- result = check_authorization_sync (authority,
- subject,
- action_id,
- POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE,
- &implicit_authorization,
- &error);
- if (error != NULL)
- {
- g_simple_async_result_set_from_error (simple, error);
- g_simple_async_result_complete (simple);
- g_object_unref (simple);
- g_error_free (error);
- goto out;
- }
-
- /* If the user can indeed obtain the authorization and the authorization can be retained, then do so */
- if (result == POLKIT_AUTHORIZATION_RESULT_CHALLENGE &&
- (implicit_authorization == POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED_RETAINED ||
- implicit_authorization == POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED_RETAINED))
- {
- AuthenticationAgent *agent;
-
- agent = get_authentication_agent_for_subject (local_authority, subject);
- if (agent == NULL)
- {
- g_simple_async_result_set_error (simple,
- POLKIT_ERROR,
- POLKIT_ERROR_FAILED,
- "Authorization can be obtained, but no suitable authentication agent is available");
- g_simple_async_result_complete (simple);
- g_object_unref (simple);
- goto out;
- }
- else
- {
- g_debug (" using authentication agent for challenge to obtain an authorization");
-
- authentication_agent_initiate_challenge (agent,
- subject,
- user_of_subject,
- local_authority,
- action_id,
- caller,
- implicit_authorization,
- cancellable,
- obtain_authorization_challenge_cb,
- simple);
-
- /* keep going */
- goto out;
- }
- }
-
- /* if the subject is already authorized, return without an error */
- if (result == POLKIT_AUTHORIZATION_RESULT_AUTHORIZED)
- {
- g_simple_async_result_complete (simple);
- g_object_unref (simple);
- goto out;
- }
-
- /* otherwise return an error */
- g_simple_async_result_set_error (simple,
- POLKIT_ERROR,
- POLKIT_ERROR_FAILED,
- "Desired authorization cannot be obtained. This incident has been logged.");
- g_simple_async_result_complete (simple);
- g_object_unref (simple);
-
- out:
-
- if (user_of_caller != NULL)
- g_object_unref (user_of_caller);
-
- if (user_of_subject != NULL)
- g_object_unref (user_of_subject);
-
- g_free (caller_str);
- g_free (subject_str);
- g_free (user_of_caller_str);
- g_free (user_of_subject_str);
-}
-
-/* ---------------------------------------------------------------------------------------------------- */
-
-static void
check_authorization_challenge_cb (AuthenticationAgent *agent,
PolkitSubject *subject,
PolkitIdentity *user_of_subject,
@@ -793,6 +539,7 @@ polkit_backend_local_authority_check_authorization (PolkitBackendAuthority
PolkitSubject *caller,
PolkitSubject *subject,
const gchar *action_id,
+ GHashTable *details,
PolkitCheckAuthorizationFlags flags,
GCancellable *cancellable,
GAsyncReadyCallback callback,
@@ -850,6 +597,20 @@ polkit_backend_local_authority_check_authorization (PolkitBackendAuthority
user_of_caller_str = polkit_identity_to_string (user_of_caller);
g_debug (" user of caller is %s", user_of_caller_str);
+ /* we only allow trusted callers (uid 0 + others) to check authorizations */
+ if (!POLKIT_IS_UNIX_USER (user_of_caller) ||
+ polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) != 0) /* TODO: allow other uids like 'haldaemon' */
+ {
+ g_simple_async_result_set_error (simple,
+ POLKIT_ERROR,
+ POLKIT_ERROR_NOT_AUTHORIZED,
+ "Only trusted callers can use CheckAuthorization(), %s is not trusted",
+ user_of_caller_str);
+ g_simple_async_result_complete (simple);
+ g_object_unref (simple);
+ goto out;
+ }
+
user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor,
subject,
&error);
@@ -865,40 +626,7 @@ polkit_backend_local_authority_check_authorization (PolkitBackendAuthority
user_of_subject_str = polkit_identity_to_string (user_of_subject);
g_debug (" user of subject is %s", user_of_subject_str);
- /* if the user of the caller and the user of the subject isn't the same, then
- * the org.freedesktop.policykit.read authorization is required for the caller
- */
- if (!polkit_identity_equal (user_of_caller, user_of_subject))
- {
- result = check_authorization_sync (authority,
- caller,
- "org.freedesktop.policykit.read",
- POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE, /* no user interaction */
- NULL,
- &error);
-
- if (error != NULL)
- {
- g_simple_async_result_set_from_error (simple, error);
- g_simple_async_result_complete (simple);
- g_object_unref (simple);
- g_error_free (error);
- goto out;
- }
- else if (result != POLKIT_AUTHORIZATION_RESULT_AUTHORIZED)
- {
- g_simple_async_result_set_error (simple,
- POLKIT_ERROR,
- POLKIT_ERROR_NOT_AUTHORIZED,
- "%s is not authorized to know about authorizations for %s (requires org.freedesktop.policykit.read authorization)",
- caller_str,
- subject_str);
- g_simple_async_result_complete (simple);
- g_object_unref (simple);
- goto out;
- }
- }
-
+ implicit_authorization = POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED;
result = check_authorization_sync (authority,
subject,
action_id,
@@ -940,6 +668,7 @@ polkit_backend_local_authority_check_authorization (PolkitBackendAuthority
user_of_subject,
local_authority,
action_id,
+ details,
caller,
implicit_authorization,
cancellable,
@@ -1373,6 +1102,7 @@ struct AuthenticationAgent
{
PolkitSubject *session;
+ gchar *locale;
gchar *object_path;
gchar *unique_system_bus_name;
@@ -1515,6 +1245,7 @@ authentication_agent_free (AuthenticationAgent *agent)
g_object_unref (agent->object_proxy);
g_object_unref (agent->session);
+ g_free (agent->locale);
g_free (agent->object_path);
g_free (agent->unique_system_bus_name);
g_free (agent);
@@ -1523,6 +1254,7 @@ authentication_agent_free (AuthenticationAgent *agent)
static AuthenticationAgent *
authentication_agent_new (PolkitSubject *session,
const gchar *unique_system_bus_name,
+ const gchar *locale,
const gchar *object_path)
{
AuthenticationAgent *agent;
@@ -1533,6 +1265,7 @@ authentication_agent_new (PolkitSubject *session,
agent->session = g_object_ref (session);
agent->object_path = g_strdup (object_path);
agent->unique_system_bus_name = g_strdup (unique_system_bus_name);
+ agent->locale = g_strdup (locale);
system_bus = egg_dbus_connection_get_for_bus (EGG_DBUS_BUS_TYPE_SYSTEM);
@@ -1768,12 +1501,161 @@ get_admin_auth_identities (PolkitBackendLocalAuthority *authority)
return ret;
}
+static GList *
+get_action_lookup_list (void)
+{
+ GList *extensions;
+ GList *l;
+ GIOExtensionPoint *action_lookup_ep;
+ static GList *action_lookup_list = NULL;
+ static gboolean have_looked_up_extensions = FALSE;
+
+ if (have_looked_up_extensions)
+ goto out;
+
+ action_lookup_ep = g_io_extension_point_lookup (POLKIT_BACKEND_ACTION_LOOKUP_EXTENSION_POINT_NAME);
+ g_assert (action_lookup_ep != NULL);
+
+ extensions = g_io_extension_point_get_extensions (action_lookup_ep);
+ for (l = extensions; l != NULL; l = l->next)
+ {
+ GIOExtension *extension = l->data;
+ PolkitBackendActionLookup *lookup;
+
+ lookup = g_object_new (g_io_extension_get_type (extension), NULL);
+ action_lookup_list = g_list_prepend (action_lookup_list, lookup);
+ }
+ action_lookup_list = g_list_reverse (action_lookup_list);
+
+ out:
+ have_looked_up_extensions = TRUE;
+ return action_lookup_list;
+}
+
+static void
+get_localized_data_for_challenge (PolkitBackendLocalAuthority *authority,
+ PolkitSubject *caller,
+ PolkitSubject *subject,
+ PolkitIdentity *user_of_subject,
+ const gchar *action_id,
+ GHashTable *details,
+ const gchar *locale,
+ gchar **out_localized_message,
+ gchar **out_localized_icon_name,
+ EggDBusHashMap **out_localized_details)
+{
+ PolkitBackendLocalAuthorityPrivate *priv;
+ PolkitActionDescription *action_desc;
+ GHashTableIter iter;
+ const gchar *key;
+ const gchar *value;
+ GList *action_lookup_list;
+ GList *l;
+ gchar *message;
+ gchar *icon_name;
+ GHashTable *localized_details;
+
+ priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (authority);
+
+ message = NULL;
+ icon_name = NULL;
+ localized_details = NULL;
+ action_desc = NULL;
+
+ *out_localized_message = NULL;
+ *out_localized_icon_name = NULL;
+ *out_localized_details = egg_dbus_hash_map_new (G_TYPE_STRING, NULL,
+ G_TYPE_STRING, NULL);
+
+ action_desc = polkit_backend_action_pool_get_action (priv->action_pool,
+ action_id,
+ locale);
+ if (action_desc == NULL)
+ goto out;
+
+ /* Set LANG and locale so gettext() + friends work when running the code in the extensions */
+ if (setlocale (LC_ALL, locale) == NULL)
+ {
+ g_warning ("Invalid locale '%s'", locale);
+ }
+ g_setenv ("LANG", locale, TRUE);
+
+ /* call into extension points to get localized auth dialog data - the list is sorted by priority */
+ action_lookup_list = get_action_lookup_list ();
+ for (l = action_lookup_list; l != NULL; l = l->next)
+ {
+ PolkitBackendActionLookup *lookup = POLKIT_BACKEND_ACTION_LOOKUP (l->data);
+
+ if (message != NULL && icon_name != NULL && localized_details != NULL)
+ break;
+
+ if (message == NULL)
+ message = polkit_backend_action_lookup_get_message (lookup,
+ action_id,
+ details,
+ action_desc);
+
+ if (icon_name == NULL)
+ icon_name = polkit_backend_action_lookup_get_icon_name (lookup,
+ action_id,
+ details,
+ action_desc);
+
+ if (localized_details == NULL)
+ localized_details = polkit_backend_action_lookup_get_details (lookup,
+ action_id,
+ details,
+ action_desc);
+ }
+
+ /* Back to C! */
+ setlocale (LC_ALL, "C");
+ g_setenv ("LANG", "C", TRUE);
+
+ /* fall back to action description */
+ if (message == NULL)
+ {
+ message = g_strdup (polkit_action_description_get_message (action_desc));
+ }
+ if (icon_name == NULL)
+ {
+ GIcon *icon;
+ icon = polkit_action_description_get_icon (action_desc);
+ if (icon != NULL)
+ {
+ icon_name = g_icon_to_string (icon);
+ //g_object_unref (icon);
+ }
+ }
+
+
+ if (localized_details != NULL)
+ {
+ g_hash_table_iter_init (&iter, localized_details);
+ while (g_hash_table_iter_next (&iter, (gpointer) &key, (gpointer) &value))
+ {
+ egg_dbus_hash_map_insert (*out_localized_details, key, value);
+ }
+ }
+
+ out:
+ if (message == NULL)
+ message = g_strdup ("");
+ if (icon_name == NULL)
+ icon_name = g_strdup ("");
+ *out_localized_message = message;
+ *out_localized_icon_name = icon_name;
+ if (action_desc != NULL)
+ g_object_unref (action_desc);
+}
+
static void
authentication_agent_initiate_challenge (AuthenticationAgent *agent,
PolkitSubject *subject,
PolkitIdentity *user_of_subject,
PolkitBackendLocalAuthority *authority,
const gchar *action_id,
+ GHashTable *details,
PolkitSubject *caller,
PolkitImplicitAuthorization implicit_authorization,
GCancellable *cancellable,
@@ -1786,6 +1668,20 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent,
GList *l;
GList *identities;
EggDBusArraySeq *real_identities;
+ gchar *localized_message;
+ gchar *localized_icon_name;
+ EggDBusHashMap *localized_details;
+
+ get_localized_data_for_challenge (authority,
+ caller,
+ subject,
+ user_of_subject,
+ action_id,
+ details,
+ agent->locale,
+ &localized_message,
+ &localized_icon_name,
+ &localized_details);
cookie = authentication_agent_new_cookie (agent);
@@ -1829,6 +1725,9 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent,
session->call_id = _polkit_authentication_agent_begin_authentication (agent_dbus,
EGG_DBUS_CALL_FLAGS_TIMEOUT_NONE,
action_id,
+ localized_message,
+ localized_icon_name,
+ localized_details,
session->cookie,
real_identities,
NULL,
@@ -1839,6 +1738,10 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent,
g_list_free (identities);
g_object_unref (real_identities);
g_free (cookie);
+
+ g_free (localized_message);
+ g_free (localized_icon_name);
+ g_object_unref (localized_details);
}
static void
@@ -1881,6 +1784,7 @@ static gboolean
polkit_backend_local_authority_register_authentication_agent (PolkitBackendAuthority *authority,
PolkitSubject *caller,
const gchar *session_id,
+ const gchar *locale,
const gchar *object_path,
GError **error)
{
@@ -1931,16 +1835,18 @@ polkit_backend_local_authority_register_authentication_agent (PolkitBackendAutho
agent = authentication_agent_new (session_for_caller,
polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)),
+ locale,
object_path);
g_hash_table_insert (priv->hash_session_to_authentication_agent,
g_object_ref (session_for_caller),
agent);
- g_debug ("Added authentication agent for session %s at name %s, object path %s",
+ g_debug ("Added authentication agent for session %s at name %s, object path %s, locale %s",
polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session_for_caller)),
polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)),
- object_path);
+ object_path,
+ locale);
ret = TRUE;
diff --git a/src/polkitbackend/polkitbackendtypes.h b/src/polkitbackend/polkitbackendtypes.h
index 0e6d24a..54dc208 100644
--- a/src/polkitbackend/polkitbackendtypes.h
+++ b/src/polkitbackend/polkitbackendtypes.h
@@ -36,5 +36,8 @@ typedef struct _PolkitBackendSessionMonitor PolkitBackendSessionMonitor;
struct _PolkitBackendConfigSource;
typedef struct _PolkitBackendConfigSource PolkitBackendConfigSource;
+struct _PolkitBackendActionLookup;
+typedef struct _PolkitBackendActionLookup PolkitBackendActionLookup; /* Dummy typedef */
+
#endif /* __POLKIT_BACKEND_TYPES_H */
diff --git a/src/programs/polkit.c b/src/programs/polkit.c
index d31c95d..b194c78 100644
--- a/src/programs/polkit.c
+++ b/src/programs/polkit.c
@@ -38,7 +38,6 @@ static gboolean opt_list_explicit_authorizations = FALSE;
static gboolean opt_check = FALSE;
static gboolean opt_add = FALSE;
static gboolean opt_remove = FALSE;
-static gboolean opt_run = FALSE;
static gboolean opt_show_help = FALSE;
static gboolean opt_show_version = FALSE;
@@ -58,7 +57,6 @@ static gboolean list_groups (void);
static gboolean list_authorizations (void);
static gboolean list_explicit_authorizations (void);
-static gboolean do_run (gint argc, gchar *argv[]);
static gboolean do_check (void);
static gboolean do_add (void);
static gboolean do_remove (void);
@@ -155,27 +153,6 @@ main (int argc, char *argv[])
in_list = TRUE;
continue;
}
- else if (strcmp (argv[n], "run") == 0)
- {
- opt_run = TRUE;
-
- n++;
- if (n >= argc)
- {
- usage (argc, argv);
- goto out;
- }
-
- action_id = g_strdup (argv[n]);
-
- if (n + 1 >= argc)
- {
- usage (argc, argv);
- goto out;
- }
-
- stop_processing_args = TRUE;
- }
else if (strcmp (argv[n], "check") == 0)
{
opt_check = TRUE;
@@ -332,16 +309,6 @@ main (int argc, char *argv[])
{
ret = list_explicit_authorizations ();
}
- else if (opt_run)
- {
- if (action_id == NULL)
- {
- usage (argc, argv);
- goto out;
- }
-
- ret = do_run (argc - n, argv + n);
- }
else if (opt_check)
{
if (subject == NULL || action_id == NULL)
@@ -630,40 +597,6 @@ list_groups (void)
/* ---------------------------------------------------------------------------------------------------- */
-static gint
-do_run (gint argc, gchar *argv[])
-{
- PolkitSubject *calling_process;
- GError *error;
-
-
- calling_process = polkit_unix_process_new (getpid ());
-
- error = NULL;
- if (!polkit_authority_obtain_authorization_sync (authority,
- calling_process,
- action_id,
- NULL,
- &error))
- {
- g_printerr ("Error obtaining authorization for action %s: %s\n", action_id, error->message);
- g_error_free (error);
- goto out;
- }
-
- execvp (argv[0], argv);
-
- g_printerr ("Error launching program: %m\n");
-
- out:
-
- g_object_unref (calling_process);
-
- return FALSE;
-}
-
-/* ---------------------------------------------------------------------------------------------------- */
-
static gboolean
do_check (void)
{
@@ -676,6 +609,7 @@ do_check (void)
result = polkit_authority_check_authorization_sync (authority,
subject,
action_id,
+ NULL, /* TODO: details */
POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE,
NULL,
&error);
@@ -806,6 +740,7 @@ list_authorizations (void)
polkit_authority_check_authorization (authority,
calling_process,
action_id,
+ NULL, /* TODO: details */
POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE,
NULL,
list_authz_cb,
More information about the hal-commit
mailing list