PolicyKit: Branch 'master'
David Zeuthen
david at kemper.freedesktop.org
Wed Oct 31 10:21:26 PDT 2007
polkit/polkit-context.c | 10 ++++++----
polkit/polkit-context.h | 4 ++--
polkitd/org.freedesktop.PolicyKit.xml | 15 +++++++++++++++
polkitd/polkit-daemon.c | 12 ++++++------
polkitd/polkit-daemon.h | 19 ++++++++++++++-----
5 files changed, 43 insertions(+), 17 deletions(-)
New commits:
commit e701ee4cac10c59bf48e6bd0c814edec0181362d
Author: David Zeuthen <davidz at redhat.com>
Date: Wed Oct 31 13:19:24 2007 -0400
rename revoke_if_oneshot to is_mechanism and also expose this on D-Bus
diff --git a/polkit/polkit-context.c b/polkit/polkit-context.c
index 07b69eb..5b14063 100644
--- a/polkit/polkit-context.c
+++ b/polkit/polkit-context.c
@@ -426,7 +426,8 @@ polkit_context_get_policy_cache (PolKitContext *pk_context)
* @pk_context: the PolicyKit context
* @action: the type of access to check for
* @session: the session in question
- * @revoke_if_oneshot: TODO
+ * @is_mechanism: Whether the mechanism carrying out the action is
+ * asking. This can be used to revoke one-time-only authorizations.
*
* Determine if any caller from a giver session is authorized to do a
* given action.
@@ -440,7 +441,7 @@ PolKitResult
polkit_context_is_session_authorized (PolKitContext *pk_context,
PolKitAction *action,
PolKitSession *session,
- polkit_bool_t revoke_if_oneshot)
+ polkit_bool_t is_mechanism)
{
/* TODO: properly implement */
return polkit_context_can_session_do_action (pk_context, action, session);
@@ -451,7 +452,8 @@ polkit_context_is_session_authorized (PolKitContext *pk_context,
* @pk_context: the PolicyKit context
* @action: the type of access to check for
* @caller: the caller in question
- * @revoke_if_oneshot: TODO
+ * @is_mechanism: Whether the mechanism carrying out the action is
+ * asking. This can be used to revoke one-time-only authorizations.
*
* Determine if a given caller is authorized to do a given action.
*
@@ -464,7 +466,7 @@ PolKitResult
polkit_context_is_caller_authorized (PolKitContext *pk_context,
PolKitAction *action,
PolKitCaller *caller,
- polkit_bool_t revoke_if_oneshot)
+ polkit_bool_t is_mechnanism)
{
/* TODO: properly implement */
return polkit_context_can_caller_do_action (pk_context, action, caller);
diff --git a/polkit/polkit-context.h b/polkit/polkit-context.h
index f22c1db..bc3ed8b 100644
--- a/polkit/polkit-context.h
+++ b/polkit/polkit-context.h
@@ -173,12 +173,12 @@ PolKitConfig *polkit_context_get_config (PolKitContext *pk_context, PolKitError
PolKitResult polkit_context_is_caller_authorized (PolKitContext *pk_context,
PolKitAction *action,
PolKitCaller *caller,
- polkit_bool_t revoke_if_oneshot);
+ polkit_bool_t is_mechanism);
PolKitResult polkit_context_is_session_authorized (PolKitContext *pk_context,
PolKitAction *action,
PolKitSession *session,
- polkit_bool_t revoke_if_oneshot);
+ polkit_bool_t is_mechanism);
PolKitAuthorizationDB *polkit_context_get_authorization_db (PolKitContext *pk_context);
diff --git a/polkitd/org.freedesktop.PolicyKit.xml b/polkitd/org.freedesktop.PolicyKit.xml
index a342847..7202913 100644
--- a/polkitd/org.freedesktop.PolicyKit.xml
+++ b/polkitd/org.freedesktop.PolicyKit.xml
@@ -9,6 +9,9 @@
<arg name="action_id" direction="in" type="s"/>
<!-- IN: process id of caller to check for -->
<arg name="pid" direction="in" type="u"/>
+ <!-- IN: see parameter 'is_mechanism' in polkit_context_is_caller_authorized() -->
+ <arg name="is_mechanism" direction="in" type="b"/>
+
<!-- OUT: the PolKitResult in textual form -->
<arg name="result" direction="out" type="s"/>
</method>
@@ -19,9 +22,21 @@
<arg name="action_id" direction="in" type="s"/>
<!-- IN: Unique name on the system bus of the caller to check for -->
<arg name="system_bus_name" direction="in" type="s"/>
+ <!-- IN: see parameter 'is_mechanism' in polkit_context_is_caller_authorized() -->
+ <arg name="is_mechanism" direction="in" type="b"/>
<!-- OUT: the PolKitResult in textual form -->
<arg name="result" direction="out" type="s"/>
</method>
+ <!-- Both methods can throw these exceptions:
+
+ org.freedesktop.PolicyKit.GeneralError
+ if e.g. the passed parameters are bogus
+
+ org.freedesktop.PolicyKit.NotAuthorized
+ if the caller is not authorized to know this; e.g. if he
+ lacks the org.freedesktop.policykit.read authorization
+ -->
+
</interface>
</node>
diff --git a/polkitd/polkit-daemon.c b/polkitd/polkit-daemon.c
index 475694a..87b6ed3 100644
--- a/polkitd/polkit-daemon.c
+++ b/polkitd/polkit-daemon.c
@@ -231,9 +231,7 @@ _filter (DBusConnection *connection, DBusMessage *message, void *user_data)
(dbus_message_get_interface (message) != NULL &&
g_str_has_prefix (dbus_message_get_interface (message), "org.freedesktop.ConsoleKit"))) {
if (polkit_tracker_dbus_func (daemon->priv->pk_tracker, message)) {
-
/* Something has changed! TODO: emit D-Bus signal? */
- g_debug ("Something has changed!");
}
}
@@ -383,6 +381,7 @@ static gboolean
is_caller_authorized (PolKitDaemon *daemon,
const char *action_id,
PolKitCaller *pk_caller,
+ gboolean is_mechanism,
DBusGMethodInvocation *context)
{
gboolean ret;
@@ -433,7 +432,7 @@ is_caller_authorized (PolKitDaemon *daemon,
pk_action = polkit_action_new ();
polkit_action_set_action_id (pk_action, action_id);
- pk_result = polkit_context_is_caller_authorized (daemon->priv->pk_context, pk_action, pk_caller, FALSE);
+ pk_result = polkit_context_is_caller_authorized (daemon->priv->pk_context, pk_action, pk_caller, is_mechanism);
polkit_action_unref (pk_action);
dbus_g_method_return (context, polkit_result_to_string_representation (pk_result));
@@ -452,6 +451,7 @@ gboolean
polkit_daemon_is_process_authorized (PolKitDaemon *daemon,
const char *action_id,
guint32 pid,
+ gboolean is_mechanism,
DBusGMethodInvocation *context)
{
gboolean ret;
@@ -478,7 +478,7 @@ polkit_daemon_is_process_authorized (PolKitDaemon *daemon,
goto out;
}
- ret = is_caller_authorized (daemon, action_id, pk_caller, context);
+ ret = is_caller_authorized (daemon, action_id, pk_caller, is_mechanism, context);
out:
return ret;
@@ -488,6 +488,7 @@ gboolean
polkit_daemon_is_system_bus_name_authorized (PolKitDaemon *daemon,
const char *action_id,
const char *system_bus_name,
+ gboolean is_mechanism,
DBusGMethodInvocation *context)
{
gboolean ret;
@@ -504,7 +505,6 @@ polkit_daemon_is_system_bus_name_authorized (PolKitDaemon *daemon,
error = g_error_new (POLKIT_DAEMON_ERROR,
POLKIT_DAEMON_ERROR_GENERAL,
"Given system bus name is not a valid unique system bus name");
- dbus_error_free (&dbus_error);
dbus_g_method_return_error (context, error);
g_error_free (error);
goto out;
@@ -524,7 +524,7 @@ polkit_daemon_is_system_bus_name_authorized (PolKitDaemon *daemon,
goto out;
}
- ret = is_caller_authorized (daemon, action_id, pk_caller, context);
+ ret = is_caller_authorized (daemon, action_id, pk_caller, is_mechanism, context);
out:
return ret;
diff --git a/polkitd/polkit-daemon.h b/polkitd/polkit-daemon.h
index 6031bf5..402156f 100644
--- a/polkitd/polkit-daemon.h
+++ b/polkitd/polkit-daemon.h
@@ -18,6 +18,14 @@
*
*/
+#ifndef __POLKIT_DAEMON_H__
+#define __POLKIT_DAEMON_H__
+
+#include <glib-object.h>
+#include <polkit-dbus/polkit-dbus.h>
+
+G_BEGIN_DECLS
+
#define POLKIT_TYPE_DAEMON (polkit_daemon_get_type ())
#define POLKIT_DAEMON(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_TYPE_DAEMON, PolKitDaemon))
#define POLKIT_DAEMON_CLASS(k) (G_TYPE_CHECK_CLASS_CAST((k), POLKIT_TYPE_DAEMON, PolKitDaemonClass))
@@ -56,17 +64,18 @@ PolKitDaemon *polkit_daemon_new (gboolean no_exit);
/* exported methods */
-gboolean polkit_daemon_is_session_authorized (PolKitDaemon *daemon,
- const char *action_id,
- const char *ck_session_id,
- DBusGMethodInvocation *context);
-
gboolean polkit_daemon_is_process_authorized (PolKitDaemon *daemon,
const char *action_id,
guint32 pid,
+ gboolean is_mechanism,
DBusGMethodInvocation *context);
gboolean polkit_daemon_is_system_bus_name_authorized (PolKitDaemon *daemon,
const char *action_id,
const char *system_bus_name,
+ gboolean is_mechanism,
DBusGMethodInvocation *context);
+
+G_END_DECLS
+
+#endif /* __POLKIT_DAEMON_H__ */
More information about the hal-commit
mailing list