PolicyKit: Branch 'master'

David Zeuthen david at kemper.freedesktop.org
Sun Mar 16 23:21:42 PDT 2008 

 src/kit/kit-list.c                   |   28 ++++++++++++++++++++++++++++
 src/kit/kit-list.h                   |    1 +
 src/polkit/polkit-authorization-db.c |   25 ++++++++++++++++++++++---
 src/polkit/polkit-context.c          |    2 +-
 4 files changed, 52 insertions(+), 4 deletions(-)

New commits:
commit 3c25a1759cf0795adcb199edbc762dd31599a815
Author: David Zeuthen <davidz at redhat.com>
Date:   Mon Mar 17 02:21:02 2008 -0400

    invalidate memory cache after revoking one shot authorization

diff --git a/src/kit/kit-list.c b/src/kit/kit-list.c
index 7bc4b1f..b00ebfc 100644
--- a/src/kit/kit-list.c
+++ b/src/kit/kit-list.c
@@ -82,6 +82,34 @@ oom:
 }
 
 /**
+ * kit_list_copy:
+ * @list: existing list
+ *
+ * Makes a copy of a list. It is not a deep copy.
+ *
+ * Returns: A copy of the new list or #NULL on OOM. Free with kit_list_free().
+ **/
+KitList *
+kit_list_copy (KitList *list)
+{
+        KitList *l;
+        KitList *j;
+
+        l = NULL;
+        for (j = list; j != NULL; j = j->next) {
+                /* TODO: prepend, then reverse */
+                l = kit_list_append (l, j->data);
+                if (l == NULL)
+                        goto oom;
+        }
+
+        return l;
+oom:
+        kit_list_free (l);
+        return NULL;
+}
+
+/**
  * kit_list_prepend:
  * @list: existing list or #NULL to create a new list
  * @data: data to prepend to the list
diff --git a/src/kit/kit-list.h b/src/kit/kit-list.h
index 8ec05bd..08c86dc 100644
--- a/src/kit/kit-list.h
+++ b/src/kit/kit-list.h
@@ -76,6 +76,7 @@ KitList    *kit_list_delete_link (KitList *list, KitList *link);
 
 size_t      kit_list_length      (KitList *list);
 kit_bool_t  kit_list_foreach     (KitList *list, KitListForeachFunc func, void *user_data);
+KitList    *kit_list_copy        (KitList *list);
 
 
 KIT_END_DECLS
diff --git a/src/polkit/polkit-authorization-db.c b/src/polkit/polkit-authorization-db.c
index 9c58dea..9898926 100644
--- a/src/polkit/polkit-authorization-db.c
+++ b/src/polkit/polkit-authorization-db.c
@@ -448,6 +448,7 @@ _internal_foreach (PolKitAuthorizationDB       *authdb,
 {
         KitList *l;
         KitList *auths;
+        KitList *auths_copy;
         polkit_bool_t ret;
         char *action_id;
 
@@ -467,7 +468,18 @@ _internal_foreach (PolKitAuthorizationDB       *authdb,
         if (auths == NULL)
                 goto out;
 
-        for (l = auths; l != NULL; l = l->next) {
+        /* have to copy the list and ref the auths because the authdb
+         * may disappear from under us due to revoke_if_one_shot...
+         */
+        auths_copy = kit_list_copy (auths);
+        if (auths_copy == NULL)
+                goto out;
+        for (l = auths_copy; l != NULL; l = l->next)
+                polkit_authorization_ref ((PolKitAuthorization *) l->data);
+
+        kit_warning ("once...");
+
+        for (l = auths_copy; l != NULL; l = l->next) {
                 PolKitAuthorization *auth = l->data;
 
                 //kit_warning ("%d: action_id=%s uid=%d", 
@@ -483,10 +495,14 @@ _internal_foreach (PolKitAuthorizationDB       *authdb,
 
                 if (cb (authdb, auth, user_data)) {
                         ret = TRUE;
-                        goto out;
+                        break;
                 }
         }
 
+        for (l = auths_copy; l != NULL; l = l->next)
+                polkit_authorization_unref ((PolKitAuthorization *) l->data);
+        kit_list_free (auths_copy);
+
 out:
         return ret;
 }
@@ -805,6 +821,7 @@ _check_auth_for_caller (PolKitAuthorizationDB *authdb, PolKitAuthorization *auth
         polkit_uint64_t caller_pid_start_time;
         CheckData *cd = (CheckData *) user_data;
 
+        kit_warning ("check auth for caller");
         ret = FALSE;
 
         if (strcmp (polkit_authorization_get_action_id (auth), cd->action_id) != 0)
@@ -828,13 +845,15 @@ _check_auth_for_caller (PolKitAuthorizationDB *authdb, PolKitAuthorization *auth
                         if (cd->revoke_if_one_shot) {
                                 cd->error = NULL;
                                 if (!polkit_authorization_db_revoke_entry (authdb, auth, &(cd->error))) {
-                                        //kit_warning ("Cannot revoke one-shot auth: %s: %s", 
+                                        //kit_warning ("Cannot revoke one-shot auth: %s: %s",
                                         //           polkit_error_get_error_name (cd->error),
                                         //           polkit_error_get_error_message (cd->error));
                                         /* stop iterating */
                                         ret = TRUE;
                                         goto no_match;
                                 }
+                                /* revoked; now purge internal cache */
+                                _polkit_authorization_db_invalidate_cache (authdb);
                         }
                 }
                 break;
diff --git a/src/polkit/polkit-context.c b/src/polkit/polkit-context.c
index 59e0ffe..9548dfc 100644
--- a/src/polkit/polkit-context.c
+++ b/src/polkit/polkit-context.c
@@ -744,7 +744,7 @@ polkit_context_can_caller_do_action (PolKitContext   *pk_context,
                                      PolKitAction    *action,
                                      PolKitCaller    *caller)
 {
-        return polkit_context_is_caller_authorized (pk_context, action, caller, TRUE, NULL);
+        return polkit_context_is_caller_authorized (pk_context, action, caller, FALSE, NULL);
 }
 
 /**

More information about the hal-commit mailing list