PolicyKit: Branch 'master'
David Zeuthen
david at kemper.freedesktop.org
Sun Oct 28 18:31:45 PDT 2007
configure.in | 36 +++++
data/Makefile.am | 4
polkit-dbus/Makefile.am | 8 -
polkit-grant/Makefile.am | 12 +
polkit-grant/polkit-grant.c | 7 -
polkit/Makefile.am | 20 ++-
polkit/polkit-authorization-db-dummy.c | 219 +++++++++++++++++++++++++++++++++
polkit/polkit-authorization-db.c | 28 +++-
polkit/polkit-authorization-db.h | 20 ++-
polkit/polkit-context.c | 9 -
polkit/polkit-error.c | 3
polkit/polkit-error.h | 5
polkit/polkit-policy-file-entry.c | 10 +
tools/polkit-auth.c | 5
14 files changed, 363 insertions(+), 23 deletions(-)
New commits:
commit bfa9f0d67845477b7dd09d105087373b2418ecdb
Author: David Zeuthen <davidz at redhat.com>
Date: Sun Oct 28 21:30:06 2007 -0400
make the authdb pluggable and add a dummy backend as an example
diff --git a/configure.in b/configure.in
index 9a58cce..82e7796 100644
--- a/configure.in
+++ b/configure.in
@@ -219,6 +219,40 @@ fi
AC_SUBST(SELINUX_LIBS)
dnl ---------------------------------------------------------------------------
+dnl - Select what authorization database to use
+dnl ---------------------------------------------------------------------------
+
+AC_ARG_WITH([authdb],
+ AS_HELP_STRING([--with-authdb=<name>],
+ [Authorization database (default/dummy)]))
+if ! test -z "$with_authdb" ; then
+ POLKIT_AUTHDB=$with_authdb
+else
+ POLKIT_AUTHDB=default
+fi
+
+AC_SUBST(POLKIT_AUTHDB)
+AC_DEFINE_UNQUOTED(POLKIT_AUTHDB,"$POLKIT_AUTHDB", [Authorization Database to use])
+
+case $POLKIT_AUTHDB in
+ dummy)
+ AC_DEFINE(POLKIT_AUTHDB_DUMMY, 1, [If using the dummy authorization database])
+ ;;
+
+ default)
+ AC_DEFINE(POLKIT_AUTHDB_DEFAULT, 1, [If using the default authorization database])
+ ;;
+
+ *)
+ AC_MSG_ERROR([Unknown Authorization Database: $POLKIT_AUTHDB])
+ ;;
+esac
+
+AM_CONDITIONAL(POLKIT_AUTHDB_DUMMY, [test x$POLKIT_AUTHDB = xdummy], [Using dummy authdb])
+AM_CONDITIONAL(POLKIT_AUTHDB_DEFAULT, [test x$POLKIT_AUTHDB = xdefault], [Using default authdb])
+
+
+dnl ---------------------------------------------------------------------------
dnl - Check for PAM
dnl ---------------------------------------------------------------------------
@@ -419,6 +453,8 @@ echo "
user for PolicyKit: ${POLKIT_USER}
group for PolicyKit: ${POLKIT_GROUP}
+ authorization database: ${POLKIT_AUTHDB}
+
Distribution/OS: ${with_os_type}
SELinux support: ${have_selinux}
diff --git a/data/Makefile.am b/data/Makefile.am
index 14cbe48..59d24e3 100644
--- a/data/Makefile.am
+++ b/data/Makefile.am
@@ -1,7 +1,11 @@
## Process this file with automake to produce Makefile.in
+# See polkit-grant/Makefile.am for discussion
+#
+if POLKIT_AUTHDB_DEFAULT
pamdir = $(sysconfdir)/pam.d
pam_DATA = polkit
+endif
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = polkit.pc polkit-dbus.pc polkit-grant.pc
diff --git a/polkit-dbus/Makefile.am b/polkit-dbus/Makefile.am
index 30d4c6c..194bf02 100644
--- a/polkit-dbus/Makefile.am
+++ b/polkit-dbus/Makefile.am
@@ -26,6 +26,7 @@ libpolkit_dbus_la_LIBADD = @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la $(SEL
libpolkit_dbus_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
+if POLKIT_AUTHDB_DEFAULT
libexec_PROGRAMS = polkit-explicit-grant-helper polkit-revoke-helper polkit-read-auth-helper
polkit_explicit_grant_helper_SOURCES = polkit-explicit-grant-helper.c
@@ -40,9 +41,6 @@ polkit_read_auth_helper_SOURCES = polkit-read-auth-helper.c
polkit_read_auth_helper_CFLAGS = @DBUS_CFLAGS@
polkit_read_auth_helper_LDADD = $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la
-clean-local :
- rm -f *~ $(BUILT_SOURCES)
-
# polkit-explicit-grant-helper needs to be setgid $POLKIT_GROUP to be
# able to edit authorization files in /var/lib/PolicyKit and
# /var/run/PolicyKit
@@ -62,3 +60,7 @@ install-exec-hook:
-chmod 2755 $(DESTDIR)$(libexecdir)/polkit-revoke-helper
-chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-read-auth-helper
-chmod 2755 $(DESTDIR)$(libexecdir)/polkit-read-auth-helper
+endif
+
+clean-local :
+ rm -f *~ $(BUILT_SOURCES)
diff --git a/polkit-grant/Makefile.am b/polkit-grant/Makefile.am
index 54692dc..741ef72 100644
--- a/polkit-grant/Makefile.am
+++ b/polkit-grant/Makefile.am
@@ -26,6 +26,11 @@ libpolkit_grant_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/polkit/libpo
libpolkit_grant_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
+# Only if the authdb backend has the capability POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN
+# then the backend must supply the /usr/libexec/polkit-grant-helper program.. also remember to
+# adjust the PAM stuff in data/Makefile.am
+#
+if POLKIT_AUTHDB_DEFAULT
libexec_PROGRAMS = polkit-grant-helper polkit-grant-helper-pam
polkit_grant_helper_SOURCES = polkit-grant-helper.c
@@ -34,9 +39,6 @@ polkit_grant_helper_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/polkit/libpo
polkit_grant_helper_pam_SOURCES = polkit-grant-helper-pam.c
polkit_grant_helper_pam_LDADD = @AUTH_LIBS@
-clean-local :
- rm -f *~ $(BUILT_SOURCES)
-
# polkit-grant-helper needs to be setgid polkituser to be able to
# write cookies to /var/lib/PolicyKit and /var/run/PolicyKit
#
@@ -51,3 +53,7 @@ install-exec-hook:
-chmod 2755 $(DESTDIR)$(libexecdir)/polkit-grant-helper
-chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper-pam
-chmod 4750 $(DESTDIR)$(libexecdir)/polkit-grant-helper-pam
+endif
+
+clean-local :
+ rm -f *~ $(BUILT_SOURCES)
diff --git a/polkit-grant/polkit-grant.c b/polkit-grant/polkit-grant.c
index 41df157..f28052c 100644
--- a/polkit-grant/polkit-grant.c
+++ b/polkit-grant/polkit-grant.c
@@ -90,12 +90,17 @@ struct _PolKitGrant
*
* Creates a #PolKitGrant object.
*
- * Returns: the new object or #NULL on error.
+ * Returns: the new object or #NULL if the authorization backend
+ * doesn't support obtaining authorizations through authentication.
**/
PolKitGrant *
polkit_grant_new (void)
{
PolKitGrant *polkit_grant;
+
+ if (! (polkit_authorization_db_get_capabilities () & POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN))
+ return NULL;
+
polkit_grant = g_new0 (PolKitGrant, 1);
polkit_grant->refcount = 1;
return polkit_grant;
diff --git a/polkit/Makefile.am b/polkit/Makefile.am
index 59ef3b5..7c409d5 100644
--- a/polkit/Makefile.am
+++ b/polkit/Makefile.am
@@ -55,7 +55,17 @@ libpolkit_la_SOURCES = \
polkit-config.h polkit-config.c \
polkit-authorization.h polkit-authorization.c \
polkit-authorization-constraint.h polkit-authorization-constraint.c \
- polkit-authorization-db.h polkit-authorization-db.c
+ polkit-authorization-db.h
+
+if POLKIT_AUTHDB_DUMMY
+libpolkit_la_SOURCES += \
+ polkit-authorization-db-dummy.c
+endif
+
+if POLKIT_AUTHDB_DEFAULT
+libpolkit_la_SOURCES += \
+ polkit-authorization-db.c
+endif
libpolkit_la_LIBADD = @GLIB_LIBS@ @EXPAT_LIBS@
@@ -64,6 +74,7 @@ libpolkit_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
clean-local :
rm -f *~ $(BUILT_SOURCES)
+if POLKIT_AUTHDB_DEFAULT
# The directories /var/lib/PolicyKit and /var/run/PolicyKit is where
# authorizations are stored. They must not be world readable (the
# polkit-auth-read-helper is used to read it) and the $POLKIT_GROUP
@@ -75,12 +86,13 @@ clean-local :
# location)
#
install-data-local:
+ -touch $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload
+ -chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload
+ -chmod 775 $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload
-mkdir -p $(DESTDIR)$(localstatedir)/lib/PolicyKit
-mkdir -p $(DESTDIR)$(localstatedir)/run/PolicyKit
-chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/PolicyKit
-chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/run/PolicyKit
-chmod 770 $(DESTDIR)$(localstatedir)/lib/PolicyKit
-chmod 770 $(DESTDIR)$(localstatedir)/run/PolicyKit
- -touch $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload
- -chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload
- -chmod 775 $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload
+endif
diff --git a/polkit/polkit-authorization-db-dummy.c b/polkit/polkit-authorization-db-dummy.c
new file mode 100644
index 0000000..ed79de5
--- /dev/null
+++ b/polkit/polkit-authorization-db-dummy.c
@@ -0,0 +1,219 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-authorization-db.c : Dummy authorization database
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/wait.h>
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <pwd.h>
+
+#include <glib.h>
+
+#include "polkit-debug.h"
+#include "polkit-authorization-db.h"
+#include "polkit-utils.h"
+
+extern PolKitAuthorizationDB *_polkit_authorization_db_new (void);
+extern void _polkit_authorization_db_invalidate_cache (PolKitAuthorizationDB *authdb);
+
+struct _PolKitAuthorizationDB
+{
+ int refcount;
+};
+
+PolKitAuthorizationDBCapability
+polkit_authorization_db_get_capabilities (void)
+{
+ return 0;
+}
+
+PolKitAuthorizationDB *
+_polkit_authorization_db_new (void)
+{
+ PolKitAuthorizationDB *authdb;
+
+ authdb = g_new0 (PolKitAuthorizationDB, 1);
+ authdb->refcount = 1;
+
+ return authdb;
+}
+
+PolKitAuthorizationDB *
+polkit_authorization_db_ref (PolKitAuthorizationDB *authdb)
+{
+ g_return_val_if_fail (authdb != NULL, authdb);
+ authdb->refcount++;
+ return authdb;
+}
+
+void
+polkit_authorization_db_unref (PolKitAuthorizationDB *authdb)
+{
+ g_return_if_fail (authdb != NULL);
+ authdb->refcount--;
+ if (authdb->refcount > 0)
+ return;
+ g_free (authdb);
+}
+
+void
+polkit_authorization_db_debug (PolKitAuthorizationDB *authdb)
+{
+ g_return_if_fail (authdb != NULL);
+ _pk_debug ("PolKitAuthorizationDB: refcount=%d", authdb->refcount);
+}
+
+polkit_bool_t
+polkit_authorization_db_validate (PolKitAuthorizationDB *authdb)
+{
+ g_return_val_if_fail (authdb != NULL, FALSE);
+
+ return TRUE;
+}
+
+void
+_polkit_authorization_db_invalidate_cache (PolKitAuthorizationDB *authdb)
+{
+}
+
+polkit_bool_t
+polkit_authorization_db_is_session_authorized (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitSession *session,
+ polkit_bool_t *out_is_authorized)
+{
+ *out_is_authorized = FALSE;
+ return TRUE;
+}
+
+polkit_bool_t
+polkit_authorization_db_is_caller_authorized (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ polkit_bool_t *out_is_authorized)
+{
+ *out_is_authorized = FALSE;
+ return TRUE;
+}
+
+
+polkit_bool_t
+polkit_authorization_db_foreach (PolKitAuthorizationDB *authdb,
+ PolKitAuthorizationDBForeach cb,
+ void *user_data,
+ PolKitError **error)
+{
+ return FALSE;
+}
+
+polkit_bool_t
+polkit_authorization_db_foreach_for_uid (PolKitAuthorizationDB *authdb,
+ uid_t uid,
+ PolKitAuthorizationDBForeach cb,
+ void *user_data,
+ PolKitError **error)
+{
+ return FALSE;
+}
+
+polkit_bool_t
+polkit_authorization_db_foreach_for_action (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitAuthorizationDBForeach cb,
+ void *user_data,
+ PolKitError **error)
+{
+ return FALSE;
+}
+
+polkit_bool_t
+polkit_authorization_db_foreach_for_action_for_uid (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ uid_t uid,
+ PolKitAuthorizationDBForeach cb,
+ void *user_data,
+ PolKitError **error)
+{
+ return FALSE;
+}
+
+polkit_bool_t
+polkit_authorization_db_add_entry_process (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ uid_t user_authenticated_as)
+{
+ return FALSE;
+}
+
+polkit_bool_t
+polkit_authorization_db_add_entry_session (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ uid_t user_authenticated_as)
+{
+ return FALSE;
+}
+
+polkit_bool_t
+polkit_authorization_db_add_entry_always (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ uid_t user_authenticated_as)
+{
+ return FALSE;
+}
+
+polkit_bool_t
+polkit_authorization_db_grant_to_uid (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ uid_t uid,
+ PolKitAuthorizationConstraint *constraint,
+ PolKitError **error)
+{
+ polkit_error_set_error (error, POLKIT_ERROR_NOT_SUPPORTED, "Not supported");
+ return FALSE;
+}
+
+polkit_bool_t
+polkit_authorization_db_revoke_entry (PolKitAuthorizationDB *authdb,
+ PolKitAuthorization *auth,
+ PolKitError **error)
+{
+ polkit_error_set_error (error, POLKIT_ERROR_NOT_SUPPORTED, "Not supported");
+ return FALSE;
+}
+
+
diff --git a/polkit/polkit-authorization-db.c b/polkit/polkit-authorization-db.c
index 1c546d1..37a5c05 100644
--- a/polkit/polkit-authorization-db.c
+++ b/polkit/polkit-authorization-db.c
@@ -45,20 +45,20 @@
#include "polkit-authorization-db.h"
#include "polkit-utils.h"
+extern PolKitAuthorizationDB *_polkit_authorization_db_new (void);
+extern void _polkit_authorization_db_invalidate_cache (PolKitAuthorizationDB *authdb);
+
/**
* SECTION:polkit-authorization-db
* @title: Authorization Database
* @short_description: An interface to the database storing authorizations
*
* This class is used to represent entries in the authorization
- * database. TODO: needs to be pluggable
+ * database.
*
* Since: 0.7
**/
-extern void _polkit_authorization_db_invalidate_cache (PolKitAuthorizationDB *authdb);
-
-
/**
* PolKitAuthorizationDB:
*
@@ -82,8 +82,24 @@ _free_authlist (GSList *authlist)
}
}
+
+/**
+ * polkit_authorization_db_get_capabilities:
+ *
+ * Determine what capabilities the authorization backend has.
+ *
+ * Returns: Flags from the #PolKitAuthorizationDBCapability enumeration
+ *
+ * Since: 0.7
+ */
+PolKitAuthorizationDBCapability
+polkit_authorization_db_get_capabilities (void)
+{
+ return POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN;
+}
+
/**
- * polkit_authorization_db_new:
+ * _polkit_authorization_db_new:
*
* Create a new #PolKitAuthorizationDB object.
*
@@ -92,7 +108,7 @@ _free_authlist (GSList *authlist)
* Since: 0.7
**/
PolKitAuthorizationDB *
-polkit_authorization_db_new (void)
+_polkit_authorization_db_new (void)
{
PolKitAuthorizationDB *authdb;
diff --git a/polkit/polkit-authorization-db.h b/polkit/polkit-authorization-db.h
index c6fd558..2434015 100644
--- a/polkit/polkit-authorization-db.h
+++ b/polkit/polkit-authorization-db.h
@@ -43,14 +43,28 @@ POLKIT_BEGIN_DECLS
struct _PolKitAuthorizationDB;
typedef struct _PolKitAuthorizationDB PolKitAuthorizationDB;
-PolKitAuthorizationDB *polkit_authorization_db_new (void);
+/**
+ * PolKitAuthorizationDBCapability:
+ * @POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN: Users can obtain
+ * authorizations through authentication
+ *
+ * Capabilities of the authorization database backend.
+ *
+ * Since: 0.7
+ */
+typedef enum
+{
+ POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN = 1 << 0
+} PolKitAuthorizationDBCapability;
+
+PolKitAuthorizationDBCapability polkit_authorization_db_get_capabilities (void);
+
PolKitAuthorizationDB *polkit_authorization_db_ref (PolKitAuthorizationDB *authdb);
void polkit_authorization_db_unref (PolKitAuthorizationDB *authdb);
void polkit_authorization_db_debug (PolKitAuthorizationDB *authdb);
polkit_bool_t polkit_authorization_db_validate (PolKitAuthorizationDB *authdb);
-
polkit_bool_t polkit_authorization_db_is_session_authorized (PolKitAuthorizationDB *authdb,
PolKitAction *action,
PolKitSession *session,
@@ -72,6 +86,8 @@ polkit_bool_t polkit_authorization_db_is_caller_authorized (PolKitAuthorizationD
* Type of callback function for iterating over authorizations.
*
* Returns: pass #TRUE to stop iterating
+ *
+ * Since: 0.7
*/
typedef polkit_bool_t (*PolKitAuthorizationDBForeach) (PolKitAuthorizationDB *authdb,
PolKitAuthorization *auth,
diff --git a/polkit/polkit-context.c b/polkit/polkit-context.c
index 0472be7..4c52cf8 100644
--- a/polkit/polkit-context.c
+++ b/polkit/polkit-context.c
@@ -44,6 +44,9 @@
#include "polkit-context.h"
#include "polkit-policy-cache.h"
+extern PolKitAuthorizationDB *_polkit_authorization_db_new (void);
+extern void _polkit_authorization_db_invalidate_cache (PolKitAuthorizationDB *authdb);
+
/**
* SECTION:polkit
* @short_description: Centralized policy management.
@@ -122,7 +125,7 @@ polkit_context_new (void)
pk_context = g_new0 (PolKitContext, 1);
pk_context->refcount = 1;
/* TODO: May want to rethink instantiating this on demand.. */
- pk_context->authdb = polkit_authorization_db_new ();
+ pk_context->authdb = _polkit_authorization_db_new ();
return pk_context;
}
@@ -178,6 +181,7 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error)
goto error;
}
+#ifdef POLKIT_AUTHDB_DEFAULT
/* Watch the /var/lib/misc/PolicyKit.reload file */
pk_context->inotify_grant_perm_wd = inotify_add_watch (pk_context->inotify_fd,
PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload",
@@ -188,6 +192,7 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error)
/* TODO: set error */
goto error;
}
+#endif
pk_context->inotify_fd_watch_id = pk_context->io_add_watch_func (pk_context, pk_context->inotify_fd);
if (pk_context->inotify_fd_watch_id == 0) {
@@ -269,8 +274,6 @@ polkit_context_set_config_changed (PolKitContext *pk_context,
pk_context->config_changed_user_data = user_data;
}
-extern void _polkit_authorization_db_invalidate_cache (PolKitAuthorizationDB *authdb);
-
/**
* polkit_context_io_func:
* @pk_context: the object
diff --git a/polkit/polkit-error.c b/polkit/polkit-error.c
index 7b9ad43..e14111a 100644
--- a/polkit/polkit-error.c
+++ b/polkit/polkit-error.c
@@ -117,6 +117,9 @@ polkit_error_get_error_name (PolKitError *error)
case POLKIT_ERROR_AUTHORIZATION_ALREADY_EXISTS:
ret = "AuthorizationAlreadyExists";
break;
+ case POLKIT_ERROR_NOT_SUPPORTED:
+ ret = "NotSupported";
+ break;
default:
ret = NULL;
}
diff --git a/polkit/polkit-error.h b/polkit/polkit-error.h
index ac5cd08..7a29617 100644
--- a/polkit/polkit-error.h
+++ b/polkit/polkit-error.h
@@ -52,6 +52,8 @@ POLKIT_BEGIN_DECLS
* authorized.
* @POLKIT_ERROR_AUTHORIZATION_ALREADY_EXISTS: Subject already has an
* similar authorization already (modulo time of grant and who granted).
+ * @POLKIT_ERROR_NOT_SUPPORTED: The operation is not supported by the
+ * authorization database backend
*
* Errors returned by PolicyKit
*/
@@ -63,7 +65,8 @@ typedef enum
POLKIT_ERROR_NOT_AUTHORIZED_TO_READ_AUTHORIZATIONS_FOR_OTHER_USERS,
POLKIT_ERROR_NOT_AUTHORIZED_TO_REVOKE_AUTHORIZATIONS_FROM_OTHER_USERS,
POLKIT_ERROR_NOT_AUTHORIZED_TO_GRANT_AUTHORIZATION,
- POLKIT_ERROR_AUTHORIZATION_ALREADY_EXISTS
+ POLKIT_ERROR_AUTHORIZATION_ALREADY_EXISTS,
+ POLKIT_ERROR_NOT_SUPPORTED
} PolKitErrorCode;
struct _PolKitError;
diff --git a/polkit/polkit-policy-file-entry.c b/polkit/polkit-policy-file-entry.c
index 7b48419..d9c62ae 100644
--- a/polkit/polkit-policy-file-entry.c
+++ b/polkit/polkit-policy-file-entry.c
@@ -41,6 +41,7 @@
#include "polkit-error.h"
#include "polkit-result.h"
#include "polkit-policy-file-entry.h"
+#include "polkit-authorization-db.h"
/**
* SECTION:polkit-policy-file-entry
@@ -96,6 +97,15 @@ _polkit_policy_file_entry_new (const char *action_id,
pfe->refcount = 1;
pfe->action = g_strdup (action_id);
+ if (! (polkit_authorization_db_get_capabilities () & POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN)) {
+ /* if we don't support obtaining authorizations
+ * through authenticating, then make the defaults
+ * reflect this ...*/
+ defaults_allow_any = POLKIT_RESULT_NO;
+ defaults_allow_inactive = POLKIT_RESULT_NO;
+ defaults_allow_active = POLKIT_RESULT_NO;
+ }
+
pfe->defaults = _polkit_policy_default_new (defaults_allow_any,
defaults_allow_inactive,
defaults_allow_active);
diff --git a/tools/polkit-auth.c b/tools/polkit-auth.c
index cb7e94e..fef8e5d 100644
--- a/tools/polkit-auth.c
+++ b/tools/polkit-auth.c
@@ -323,6 +323,11 @@ obtain_authorization (const char *action_id)
polkit_grant = polkit_grant_new ();
+ if (polkit_grant == NULL) {
+ fprintf (stderr, "polkit-auth: authorization database does not support this operation.\n");
+ goto out;
+ }
+
polkit_grant_set_functions (polkit_grant,
add_io_watch,
add_child_watch,
More information about the hal-commit
mailing list