PolicyKit: Branch 'master' - 2 commits
David Zeuthen
david at kemper.freedesktop.org
Thu Sep 27 09:11:36 PDT 2007
doc/TODO | 4 ++++
doc/spec/polkit-spec-configuration.xml | 15 ++++++++++-----
polkit/polkit-policy-default.c | 29 +++++++++++++++++++++++++++--
polkit/polkit-policy-default.h | 1 +
polkit/polkit-policy-file-entry.c | 8 ++++++--
polkit/polkit-policy-file.c | 20 ++++++++++++++++++--
6 files changed, 66 insertions(+), 11 deletions(-)
New commits:
diff-tree 4714fe721988d533a912ac62df5088f24f5bc699 (from 60d85b947457940978a9c153a59a80c87d46ab4e)
Author: David Zeuthen <davidz at redhat.com>
Date: Thu Sep 27 12:08:19 2007 -0400
implement <allow_any> to specify default answer for any user
This is useful in instances where the OS vendor wants to allow any
user, even remote users logging in via ssh etc., but recognize that
some sites may want to lock this down to a limited set of users.
Suggested by Daniel P. Berrange <berrange at redhat.com>:
<danpb> my specific use case is that in libvirt we don't mind any user
querying for VM status info by default
<danpb> but some admins may wish to lock that ability down
<danpb> so only designated users can query VM status
<davidz> right
<davidz> it makes sense
<davidz> without having giving it too much thought; adding another stanza to
the .policy file might make sense
<davidz> <allow_non_session>yes</allow_non_session>
<davidz> danpb: would that work?
<danpb> yeah, that'd do the trick
<davidz> cool
<davidz> I'll add it then
diff --git a/doc/spec/polkit-spec-configuration.xml b/doc/spec/polkit-spec-configuration.xml
index a1cfd1a..eab3d0e 100644
--- a/doc/spec/polkit-spec-configuration.xml
+++ b/doc/spec/polkit-spec-configuration.xml
@@ -28,6 +28,7 @@
<message xml:lang="da">System indstillinger forhindrer PolicyKit-gnome eksempel hjælper i at Frobnikere!</message>
<message xml:lang="en_CA">System policy prevents the PolicyKit-gnome example helper from Frobnicating, Aye!</message>
<defaults>
+ <allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_self</allow_active>
</defaults>
@@ -41,6 +42,7 @@
<message xml:lang="da">System indstillinger forhindrer PolicyKit-gnome eksempel hjælper i at Tvække!</message>
<message xml:lang="en_CA">System policy prevents the PolicyKit-gnome example helper from Tweaking, Aye!</message>
<defaults>
+ <allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin</allow_active>
</defaults>
@@ -76,11 +78,14 @@
<listitem>
<para>
<emphasis>Defaults:</emphasis>
- The <literal>allow_inactive</literal>
- and <literal>allow_active</literal> specify the default
- answer that <literal>libpolkit</literal> will return for
- respectively inactive and active sessions. See below for
- valid values and their meaning.
+ The <literal>allow_any</literal>, <literal>allow_inactive</literal>
+ and <literal>allow_active</literal> tags specify the
+ default answer that <literal>libpolkit</literal> will
+ return for respectively any, inactive and active
+ sessions. See below for valid values and their
+ meaning. Any of these elements, including the
+ enclosing <literal>defaults</literal> elements may be
+ omitted.
</para>
</listitem>
<listitem>
diff --git a/polkit/polkit-policy-default.c b/polkit/polkit-policy-default.c
index b99c84d..566b82d 100644
--- a/polkit/polkit-policy-default.c
+++ b/polkit/polkit-policy-default.c
@@ -58,21 +58,25 @@
struct _PolKitPolicyDefault
{
int refcount;
+ PolKitResult default_any;
PolKitResult default_inactive;
PolKitResult default_active;
};
-extern PolKitPolicyDefault *_polkit_policy_default_new (PolKitResult defaults_allow_inactive,
+extern PolKitPolicyDefault *_polkit_policy_default_new (PolKitResult defaults_allow_any,
+ PolKitResult defaults_allow_inactive,
PolKitResult defaults_allow_active);
PolKitPolicyDefault *
-_polkit_policy_default_new (PolKitResult defaults_allow_inactive,
+_polkit_policy_default_new (PolKitResult defaults_allow_any,
+ PolKitResult defaults_allow_inactive,
PolKitResult defaults_allow_active)
{
PolKitPolicyDefault *pd;
pd = g_new0 (PolKitPolicyDefault, 1);
pd->refcount = 1;
+ pd->default_any = defaults_allow_any;
pd->default_inactive = defaults_allow_inactive;
pd->default_active = defaults_allow_active;
return pd;
@@ -123,9 +127,11 @@ polkit_policy_default_debug (PolKitPolic
{
g_return_if_fail (policy_default != NULL);
_pk_debug ("PolKitPolicyDefault: refcount=%d\n"
+ " default_any=%s\n"
" default_inactive=%s\n"
" default_active=%s",
policy_default->refcount,
+ polkit_result_to_string_representation (policy_default->default_any),
polkit_result_to_string_representation (policy_default->default_inactive),
polkit_result_to_string_representation (policy_default->default_active));
}
@@ -158,6 +164,8 @@ polkit_policy_default_can_session_do_act
g_return_val_if_fail (action != NULL, ret);
g_return_val_if_fail (session != NULL, ret);
+ ret = policy_default->default_any;
+
if (!polkit_session_get_ck_is_local (session, &is_local))
goto out;
if (!polkit_session_get_ck_is_active (session, &is_active))
@@ -203,6 +211,8 @@ polkit_policy_default_can_caller_do_acti
g_return_val_if_fail (action != NULL, ret);
g_return_val_if_fail (caller != NULL, ret);
+ ret = policy_default->default_any;
+
if (!polkit_caller_get_ck_session (caller, &session))
goto out;
if (session == NULL)
@@ -227,6 +237,21 @@ out:
}
/**
+ * polkit_policy_default_get_allow_any:
+ * @policy_default: the object
+ *
+ * Get default policy.
+ *
+ * Returns: default policy
+ **/
+PolKitResult
+polkit_policy_default_get_allow_any (PolKitPolicyDefault *policy_default)
+{
+ g_return_val_if_fail (policy_default != NULL, POLKIT_RESULT_NO);
+ return policy_default->default_any;
+}
+
+/**
* polkit_policy_default_get_allow_inactive:
* @policy_default: the object
*
diff --git a/polkit/polkit-policy-default.h b/polkit/polkit-policy-default.h
index a34122b..b2dced8 100644
--- a/polkit/polkit-policy-default.h
+++ b/polkit/polkit-policy-default.h
@@ -51,6 +51,7 @@ PolKitResult polkit_policy_default_can_c
PolKitAction *action,
PolKitCaller *caller);
+PolKitResult polkit_policy_default_get_allow_any (PolKitPolicyDefault *policy_default);
PolKitResult polkit_policy_default_get_allow_inactive (PolKitPolicyDefault *policy_default);
PolKitResult polkit_policy_default_get_allow_active (PolKitPolicyDefault *policy_default);
diff --git a/polkit/polkit-policy-file-entry.c b/polkit/polkit-policy-file-entry.c
index 50d5dad..7b48419 100644
--- a/polkit/polkit-policy-file-entry.c
+++ b/polkit/polkit-policy-file-entry.c
@@ -72,10 +72,12 @@ extern void _polkit_policy_file_entry_se
const char *policy_message);
-extern PolKitPolicyDefault *_polkit_policy_default_new (PolKitResult defaults_allow_inactive,
+extern PolKitPolicyDefault *_polkit_policy_default_new (PolKitResult defaults_allow_any,
+ PolKitResult defaults_allow_inactive,
PolKitResult defaults_allow_active);
extern PolKitPolicyFileEntry *_polkit_policy_file_entry_new (const char *action_id,
+ PolKitResult defaults_allow_any,
PolKitResult defaults_allow_inactive,
PolKitResult defaults_allow_active,
GHashTable *annotations);
@@ -83,6 +85,7 @@ extern PolKitPolicyFileEntry *_polkit_po
/* NOTE: we take ownership of the annotations object */
extern PolKitPolicyFileEntry *
_polkit_policy_file_entry_new (const char *action_id,
+ PolKitResult defaults_allow_any,
PolKitResult defaults_allow_inactive,
PolKitResult defaults_allow_active,
GHashTable *annotations)
@@ -93,7 +96,8 @@ _polkit_policy_file_entry_new (const c
pfe->refcount = 1;
pfe->action = g_strdup (action_id);
- pfe->defaults = _polkit_policy_default_new (defaults_allow_inactive,
+ pfe->defaults = _polkit_policy_default_new (defaults_allow_any,
+ defaults_allow_inactive,
defaults_allow_active);
if (pfe->defaults == NULL)
goto error;
diff --git a/polkit/polkit-policy-file.c b/polkit/polkit-policy-file.c
index 9c496c6..5f7bcd1 100644
--- a/polkit/polkit-policy-file.c
+++ b/polkit/polkit-policy-file.c
@@ -50,7 +50,7 @@
* @title: Policy Definition Files
* @short_description: Represents a set of declared actions.
*
- * This class is used to represent a policy files.
+ * This class is used to represent a policy file.
**/
/**
@@ -66,6 +66,7 @@ struct _PolKitPolicyFile
};
extern PolKitPolicyFileEntry *_polkit_policy_file_entry_new (const char *action_id,
+ PolKitResult defaults_allow_any,
PolKitResult defaults_allow_inactive,
PolKitResult defaults_allow_active,
GHashTable *annotations);
@@ -77,6 +78,7 @@ enum {
STATE_IN_ACTION_DESCRIPTION,
STATE_IN_ACTION_MESSAGE,
STATE_IN_DEFAULTS,
+ STATE_IN_DEFAULTS_ALLOW_ANY,
STATE_IN_DEFAULTS_ALLOW_INACTIVE,
STATE_IN_DEFAULTS_ALLOW_ACTIVE,
STATE_IN_ANNOTATE
@@ -88,6 +90,7 @@ typedef struct {
char *action_id;
+ PolKitResult defaults_allow_any;
PolKitResult defaults_allow_inactive;
PolKitResult defaults_allow_active;
@@ -169,6 +172,7 @@ _start (void *data, const char *el, cons
pd->policy_messages = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_free);
/* initialize defaults */
+ pd->defaults_allow_any = POLKIT_RESULT_NO;
pd->defaults_allow_inactive = POLKIT_RESULT_NO;
pd->defaults_allow_active = POLKIT_RESULT_NO;
}
@@ -200,11 +204,15 @@ _start (void *data, const char *el, cons
case STATE_IN_ACTION_MESSAGE:
break;
case STATE_IN_DEFAULTS:
- if (strcmp (el, "allow_inactive") == 0)
+ if (strcmp (el, "allow_any") == 0)
+ state = STATE_IN_DEFAULTS_ALLOW_ANY;
+ else if (strcmp (el, "allow_inactive") == 0)
state = STATE_IN_DEFAULTS_ALLOW_INACTIVE;
else if (strcmp (el, "allow_active") == 0)
state = STATE_IN_DEFAULTS_ALLOW_ACTIVE;
break;
+ case STATE_IN_DEFAULTS_ALLOW_ANY:
+ break;
case STATE_IN_DEFAULTS_ALLOW_INACTIVE:
break;
case STATE_IN_DEFAULTS_ALLOW_ACTIVE:
@@ -256,6 +264,10 @@ _cdata (void *data, const char *s, int l
}
break;
+ case STATE_IN_DEFAULTS_ALLOW_ANY:
+ if (!polkit_result_from_string_representation (str, &pd->defaults_allow_any))
+ goto error;
+ break;
case STATE_IN_DEFAULTS_ALLOW_INACTIVE:
if (!polkit_result_from_string_representation (str, &pd->defaults_allow_inactive))
goto error;
@@ -359,6 +371,7 @@ _end (void *data, const char *el)
/* NOTE: caller takes ownership of the annotations object */
pfe = _polkit_policy_file_entry_new (pd->action_id,
+ pd->defaults_allow_any,
pd->defaults_allow_inactive,
pd->defaults_allow_active,
pd->annotations);
@@ -394,6 +407,9 @@ _end (void *data, const char *el)
case STATE_IN_DEFAULTS:
state = STATE_IN_ACTION;
break;
+ case STATE_IN_DEFAULTS_ALLOW_ANY:
+ state = STATE_IN_DEFAULTS;
+ break;
case STATE_IN_DEFAULTS_ALLOW_INACTIVE:
state = STATE_IN_DEFAULTS;
break;
diff-tree 60d85b947457940978a9c153a59a80c87d46ab4e (from 24973905a6cefbcb13a718218ac561fbece7fd9f)
Author: David Zeuthen <davidz at redhat.com>
Date: Wed Sep 26 15:49:31 2007 -0400
add TODO item detailing how to handle upgrades
diff --git a/doc/TODO b/doc/TODO
index 38698b0..fd2df59 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -1,4 +1,8 @@
+ - Make both XML parsers cope with unknown elements; this is necessary
+ to keep old processes linking in libpolkit work when doing upgrade
+ of PolicyKit where e.g. .policy files with new elements are added.
+
- Have someone review the external API
- Verify the security model
More information about the hal-commit
mailing list