PolicyKit/polkitd polkit-manager.c, 1.1, 1.2 polkit-manager.h, 1.2,
1.3
David Zeuthen
david at kemper.freedesktop.org
Sat Apr 22 16:27:16 PDT 2006
- Previous message: PolicyKit/libpolkit libpolkit.c,1.2,1.3 libpolkit.h,1.2,1.3
- Next message: PolicyKit/tools Makefile.am, 1.2, 1.3 polkit-grant-privilege.c, 1.3,
1.4 polkit-is-privileged.c, 1.3, 1.4 polkit-list-privileges.c,
1.1, 1.2 polkit-revoke-privilege.c, NONE, 1.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /cvs/hal/PolicyKit/polkitd
In directory kemper:/tmp/cvs-serv6540/polkitd
Modified Files:
polkit-manager.c polkit-manager.h
Log Message:
2006-04-22 David Zeuthen <davidz at redhat.com>
* tools/polkit-list-privileges.c (main): Update to new D-BUS API;
print " (temporary)" for privilege if appropriate.
* tools/polkit-is-privileged.c (main): Update to new D-BUS API
* tools/polkit-grant-privilege.c:
(do_grant_privilege): Update to new D-BUS API
(main): --do--
* tools/polkit-revoke-privilege.c: New file
* tools/Makefile.am: Add build rules for polkit-revoke-privilege
* polkitd/polkit-manager.h: Fix up prototypes
* polkitd/polkit-manager.c:
(polkit_manager_initiate_temporary_privilege_grant): Update to new
D-BUS API
(polkit_manager_get_allowed_resources_for_privilege): --do--
(polkit_manager_revoke_temporary_privilege): New function
(polkit_manager_remove_temporary_privilege): Fix up resource handling
(polkit_manager_add_temporary_privilege): --do--
* libpolkit/libpolkit.h:
(libpolkit_get_allowed_resources_for_privilege_for_uid): Update to
new D-BUS API and export libpolkit_revoke_temporary_privilege()
* libpolkit/libpolkit.c:
(libpolkit_is_uid_allowed_for_privilege): Update to new D-BUS API
(libpolkit_get_allowed_resources_for_privilege_for_uid): --do--
(libpolkit_revoke_temporary_privilege): New function
* polkit-interface-manager.xml: Rename InitiatePrivilegeGrant() to
InitiateTemporaryPrivilegeGrant(). Add new function
RevokeTemporaryPrivilege(). Make IsUserPrivileged() output a
boolean is_temporary. GetAllowedResourcesForPrivilege() now also
outputs an integer num_non_temp.
Index: polkit-manager.c
===================================================================
RCS file: /cvs/hal/PolicyKit/polkitd/polkit-manager.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- polkit-manager.c 14 Mar 2006 06:14:33 -0000 1.1
+++ polkit-manager.c 22 Apr 2006 23:27:14 -0000 1.2
@@ -325,11 +325,11 @@
}
gboolean
-polkit_manager_initiate_privilege_grant (PolicyKitManager *manager,
- char *user,
- char *privilege,
- char *resource,
- DBusGMethodInvocation *context)
+polkit_manager_initiate_temporary_privilege_grant (PolicyKitManager *manager,
+ char *user,
+ char *privilege,
+ char *resource,
+ DBusGMethodInvocation *context)
{
uid_t calling_uid;
pid_t calling_pid;
@@ -402,6 +402,7 @@
uid_t uid;
PolicyResult res;
gboolean is_privileged;
+ gboolean is_temporary;
if (!polkit_manager_get_caller_info (manager,
@@ -462,6 +463,8 @@
return FALSE;
}
+ is_temporary = FALSE;
+
/* check temporary lists */
if (!is_privileged) {
GList *i;
@@ -482,12 +485,13 @@
((p->pid_restriction == -1) || (p->pid_restriction == pid))) {
is_privileged = TRUE;
+ is_temporary = TRUE;
break;
}
}
}
- dbus_g_method_return (context, is_privileged);
+ dbus_g_method_return (context, is_privileged, is_temporary);
return TRUE;
}
@@ -508,6 +512,7 @@
PolicyResult res;
TemporaryPrivilege *p;
char **resource_list;
+ int num_non_temporary;
if (!polkit_manager_get_caller_info (manager,
dbus_g_method_get_sender (context),
@@ -565,6 +570,8 @@
return FALSE;
}
+ num_non_temporary = g_list_length (resources);
+
/* check temporary list */
for (i = manager->priv->temporary_privileges; i != NULL; i = g_list_next (i)) {
p = (TemporaryPrivilege *) i->data;
@@ -580,14 +587,15 @@
resource_list = g_new0 (char *, g_list_length (resources) + 1);
for (i = resources, n = 0; i != NULL; i = g_list_next (i)) {
char *resource = (char *) i->data;
- resource_list[n++] = g_strdup (resource);
+ resource_list[n] = g_strdup (resource);
+ n++;
}
resource_list[n] = NULL;
g_list_foreach (resources, (GFunc) g_free, NULL);
g_list_free (resources);
- dbus_g_method_return (context, resource_list);
+ dbus_g_method_return (context, resource_list, num_non_temporary);
return TRUE;
}
@@ -654,6 +662,72 @@
return TRUE;
}
+gboolean
+polkit_manager_revoke_temporary_privilege (PolicyKitManager *manager,
+ char *user,
+ char *privilege,
+ char *resource,
+ DBusGMethodInvocation *context)
+{
+ uid_t uid;
+ uid_t calling_uid;
+ pid_t calling_pid;
+ gboolean result;
+
+ if (!polkit_manager_get_caller_info (manager,
+ dbus_g_method_get_sender (context),
+ &calling_uid,
+ &calling_pid)) {
+ dbus_g_method_return_error (context,
+ g_error_new (POLKIT_MANAGER_ERROR,
+ POLKIT_MANAGER_ERROR_ERROR,
+ "An error occured."));
+ return FALSE;
+ }
+
+ uid = uid_from_username (user);
+
+ if (uid == (uid_t) -1) {
+ dbus_g_method_return_error (context,
+ g_error_new (POLKIT_MANAGER_ERROR,
+ POLKIT_MANAGER_ERROR_NO_SUCH_USER,
+ "There is no user '%s'.",
+ user));
+ return FALSE;
+ }
+
+ /* check if given uid is privileged to revoke privilege; only allow own user to do this */
+ /* TODO: also allow callers with privilege 'polkit-manage-privileges-TODO-RENAME' */
+ if (uid != calling_uid) {
+ dbus_g_method_return_error (context,
+ g_error_new (POLKIT_MANAGER_ERROR,
+ POLKIT_MANAGER_ERROR_NOT_PRIVILEGED,
+ "You are not authorized to revoke the privilege."));
+ return FALSE;
+ }
+
+ if (resource != NULL && strlen (resource) == 0)
+ resource = NULL;
+
+ if (!polkit_manager_remove_temporary_privilege (manager,
+ uid,
+ privilege,
+ resource,
+ -1)) {
+ dbus_g_method_return_error (context,
+ g_error_new (POLKIT_MANAGER_ERROR,
+ POLKIT_MANAGER_ERROR_NO_SUCH_PRIVILEGE,
+ "There is no such privilege '%s'.",
+ privilege));
+ return FALSE;
+ }
+
+ result = TRUE;
+
+ dbus_g_method_return (context, result);
+ return TRUE;
+}
+
/* local methods */
@@ -671,7 +745,7 @@
p = (TemporaryPrivilege *) i->data;
if ((strcmp (p->privilege, privilege) == 0) &&
- (safe_strcmp (p->resource, resource) == 0) &&
+ ((resource != NULL) && (safe_strcmp (p->resource, resource)) == 0) &&
(p->user == user) &&
(p->pid_restriction == pid_restriction))
return FALSE;
@@ -702,7 +776,8 @@
p = (TemporaryPrivilege *) i->data;
if ((strcmp (p->privilege, privilege) == 0) &&
- (safe_strcmp (p->resource, resource) == 0) &&
+ ((resource == NULL) ? (p->resource == NULL)
+ : ((p->resource != NULL) ? (strcmp (p->resource, resource) == 0) : FALSE)) &&
(p->user == user) &&
(p->pid_restriction == pid_restriction)) {
Index: polkit-manager.h
===================================================================
RCS file: /cvs/hal/PolicyKit/polkitd/polkit-manager.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- polkit-manager.h 15 Mar 2006 16:11:33 -0000 1.2
+++ polkit-manager.h 22 Apr 2006 23:27:14 -0000 1.3
@@ -77,7 +77,13 @@
/* remote methods */
-gboolean polkit_manager_initiate_privilege_grant (PolicyKitManager *manager,
+gboolean polkit_manager_initiate_temporary_privilege_grant (PolicyKitManager *manager,
+ char *user,
+ char *privilege,
+ char *resource,
+ DBusGMethodInvocation *context);
+
+gboolean polkit_manager_revoke_temporary_privilege (PolicyKitManager *manager,
char *user,
char *privilege,
char *resource,
- Previous message: PolicyKit/libpolkit libpolkit.c,1.2,1.3 libpolkit.h,1.2,1.3
- Next message: PolicyKit/tools Makefile.am, 1.2, 1.3 polkit-grant-privilege.c, 1.3,
1.4 polkit-is-privileged.c, 1.3, 1.4 polkit-list-privileges.c,
1.1, 1.2 polkit-revoke-privilege.c, NONE, 1.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the hal-commit
mailing list