PolicyKit: Branch 'master' - 2 commits
David Zeuthen
david at kemper.freedesktop.org
Mon Feb 9 16:00:12 PST 2009
docs/TODO | 7 ++-
docs/man/polkit.xml | 14 +++---
src/polkitbackend/polkitbackendlocalauthority.c | 49 +++++++++++++++++++++---
src/programs/polkit.c | 28 ++++++-------
4 files changed, 71 insertions(+), 27 deletions(-)
New commits:
commit d288deca00eba5a2ac24a0b852af4270a3d8c79c
Author: David Zeuthen <davidz at redhat.com>
Date: Mon Feb 9 18:57:29 2009 -0500
add security checks for AddAuthorization() and RemoveAuthorization()
For now this is restricted to uid 0; going to revisit this when
hacking on the GNOME authorization UI.
diff --git a/docs/TODO b/docs/TODO
index aa27f12..36c1eec 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -32,7 +32,12 @@ Core TODO items
- PolkitAuthority probably needs locking around its singleton for
multithreaded backends.
- - symbol visibility in shared libraries
+ - rethink actions shipped with PolicyKit; we probably just want something
+ simple like
+ - org.freedesktop.policykit1.read
+ - org.freedesktop.policykit1.localauthority.manage
+
+ - restrict symbol visibility in shared libraries
Backend TODO items
------------------
diff --git a/src/polkitbackend/polkitbackendlocalauthority.c b/src/polkitbackend/polkitbackendlocalauthority.c
index 1b62cd6..b0d4063 100644
--- a/src/polkitbackend/polkitbackendlocalauthority.c
+++ b/src/polkitbackend/polkitbackendlocalauthority.c
@@ -1166,22 +1166,21 @@ polkit_backend_local_authority_enumerate_authorizations (PolkitBackendAuthority
/* special case: uid 0, root, is _always_ authorized */
if (polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) != 0)
{
+ /* allow users to read their own authorizations */
if (!polkit_identity_equal (user_of_caller, identity))
{
/* in the future, use something like org.freedesktop.policykit1.localauthority.manage to allow this */
g_set_error (error,
POLKIT_ERROR,
POLKIT_ERROR_FAILED,
- "Can't look at authorizations belonging to other users");
+ "Can't look at authorizations belonging to other identities");
goto out;
}
}
-
list = get_authorizations_for_identity (local_authority, identity);
out:
-
g_free (identity_str);
if (user_of_caller != NULL)
g_object_unref (user_of_caller);
@@ -1200,6 +1199,7 @@ polkit_backend_local_authority_add_authorization (PolkitBackendAuthority *auth
{
PolkitBackendLocalAuthority *local_authority;
PolkitBackendLocalAuthorityPrivate *priv;
+ PolkitIdentity *user_of_caller;
PolkitSubject *subject;
const gchar *action_id;
gboolean is_negative;
@@ -1212,6 +1212,7 @@ polkit_backend_local_authority_add_authorization (PolkitBackendAuthority *auth
ret = FALSE;
subject_str = NULL;
+ user_of_caller = NULL;
subject = polkit_authorization_get_subject (authorization);
action_id = polkit_authorization_get_action_id (authorization);
@@ -1225,7 +1226,22 @@ polkit_backend_local_authority_add_authorization (PolkitBackendAuthority *auth
action_id,
is_negative);
- /* TODO: check if caller is authorized */
+ user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor,
+ caller,
+ error);
+ if (user_of_caller == NULL)
+ goto out;
+
+ /* special case: uid 0, root, is _always_ authorized */
+ if (polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) != 0)
+ {
+ /* in the future, use something like org.freedesktop.policykit1.localauthority.manage to allow this */
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_FAILED,
+ "Not authorized to add authorization");
+ goto out;
+ }
/* We can only add temporary authorizations to users, not e.g. groups */
if (subject != NULL && !POLKIT_IS_UNIX_USER (identity))
@@ -1249,6 +1265,9 @@ polkit_backend_local_authority_add_authorization (PolkitBackendAuthority *auth
out:
g_free (subject_str);
+ if (user_of_caller != NULL)
+ g_object_unref (user_of_caller);
+
return ret;
}
@@ -1263,6 +1282,7 @@ polkit_backend_local_authority_remove_authorization (PolkitBackendAuthority *a
{
PolkitBackendLocalAuthority *local_authority;
PolkitBackendLocalAuthorityPrivate *priv;
+ PolkitIdentity *user_of_caller;
PolkitSubject *subject;
const gchar *action_id;
gboolean is_negative;
@@ -1275,6 +1295,7 @@ polkit_backend_local_authority_remove_authorization (PolkitBackendAuthority *a
ret = FALSE;
subject_str = NULL;
+ user_of_caller = NULL;
subject = polkit_authorization_get_subject (authorization);
action_id = polkit_authorization_get_action_id (authorization);
@@ -1288,7 +1309,22 @@ polkit_backend_local_authority_remove_authorization (PolkitBackendAuthority *a
action_id,
is_negative);
- /* TODO: check if caller is authorized */
+ user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor,
+ caller,
+ error);
+ if (user_of_caller == NULL)
+ goto out;
+
+ /* special case: uid 0, root, is _always_ authorized */
+ if (polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) != 0)
+ {
+ /* in the future, use something like org.freedesktop.policykit1.localauthority.manage to allow this */
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_FAILED,
+ "Not authorized to remove authorization");
+ goto out;
+ }
/* We can only remove temporary authorizations from users, not e.g. groups */
if (subject != NULL && !POLKIT_IS_UNIX_USER (identity))
@@ -1312,6 +1348,9 @@ polkit_backend_local_authority_remove_authorization (PolkitBackendAuthority *a
out:
g_free (subject_str);
+ if (user_of_caller != NULL)
+ g_object_unref (user_of_caller);
+
return ret;
}
commit 9418571d37026e12a6f2949c2df2f17102fbdd70
Author: David Zeuthen <davidz at redhat.com>
Date: Mon Feb 9 18:50:07 2009 -0500
rename grant->add and revoke->remove in the polkit-1 tool
diff --git a/docs/man/polkit.xml b/docs/man/polkit.xml
index 7de4a66..0525fe6 100644
--- a/docs/man/polkit.xml
+++ b/docs/man/polkit.xml
@@ -59,14 +59,14 @@
</cmdsynopsis>
<cmdsynopsis>
- <command>polkit-1 grant</command>
+ <command>polkit-1 add</command>
<arg choice="plain"><replaceable>identity</replaceable></arg>
<arg choice="plain"><replaceable>action-id</replaceable></arg>
<arg><option>--subject <replaceable>subject</replaceable></option></arg>
</cmdsynopsis>
<cmdsynopsis>
- <command>polkit-1 revoke</command>
+ <command>polkit-1 remove</command>
<arg choice="plain"><replaceable>identity</replaceable></arg>
<arg choice="plain"><replaceable>action-id</replaceable></arg>
<arg><option>--subject <replaceable>subject</replaceable></option></arg>
@@ -210,13 +210,13 @@
<refsect2>
<para>
- <command>polkit-1 grant</command>
+ <command>polkit-1 add</command>
<arg choice="plain"><replaceable>identity</replaceable></arg>
<arg choice="plain"><replaceable>action-id</replaceable></arg>
<arg><option>--subject <replaceable>subject</replaceable></option></arg>
</para>
<para>
- Grants an authorization to <replaceable>identity</replaceable> for <replaceable>action-id</replaceable>
+ Adds an authorization to <replaceable>identity</replaceable> for <replaceable>action-id</replaceable>
optionally constraining its use for <replaceable>subject</replaceable>.
See <xref linkend="polkit-1-identity"/> for details about <replaceable>identity</replaceable>
and <xref linkend="polkit-1-subject"/> for details about <replaceable>subject</replaceable>.
@@ -225,13 +225,13 @@
<refsect2>
<para>
- <command>polkit-1 revoke</command>
+ <command>polkit-1 remove</command>
<arg choice="plain"><replaceable>identity</replaceable></arg>
<arg choice="plain"><replaceable>action-id</replaceable></arg>
<arg><option>--subject <replaceable>subject</replaceable></option></arg>
</para>
<para>
- Revokes an authorization from <replaceable>identity</replaceable> for <replaceable>action-id</replaceable>
+ Removes an authorization from <replaceable>identity</replaceable> for <replaceable>action-id</replaceable>
which, optionally, is constrained to <replaceable>subject</replaceable>.
See <xref linkend="polkit-1-identity"/> for details about <replaceable>identity</replaceable>
and <xref linkend="polkit-1-subject"/> for details about <replaceable>subject</replaceable>.
@@ -348,7 +348,7 @@
<refsect1 id="polkit-1-identity">
<title>IDENTITIES</title>
<para>
- Identities represent the entities that authorizations are granted to:
+ Identities represent the entities that authorizations are added to:
individual users or groups of users.
</para>
<para>
diff --git a/src/programs/polkit.c b/src/programs/polkit.c
index 120801d..d31c95d 100644
--- a/src/programs/polkit.c
+++ b/src/programs/polkit.c
@@ -36,8 +36,8 @@ static gboolean opt_list_groups = FALSE;
static gboolean opt_list_authorizations = FALSE;
static gboolean opt_list_explicit_authorizations = FALSE;
static gboolean opt_check = FALSE;
-static gboolean opt_grant = FALSE;
-static gboolean opt_revoke = FALSE;
+static gboolean opt_add = FALSE;
+static gboolean opt_remove = FALSE;
static gboolean opt_run = FALSE;
static gboolean opt_show_help = FALSE;
@@ -60,8 +60,8 @@ static gboolean list_explicit_authorizations (void);
static gboolean do_run (gint argc, gchar *argv[]);
static gboolean do_check (void);
-static gboolean do_grant (void);
-static gboolean do_revoke (void);
+static gboolean do_add (void);
+static gboolean do_remove (void);
static gboolean show_action (const gchar *action_id);
@@ -204,9 +204,9 @@ main (int argc, char *argv[])
action_id = g_strdup (argv[n]);
}
- else if (strcmp (argv[n], "grant") == 0)
+ else if (strcmp (argv[n], "add") == 0)
{
- opt_grant = TRUE;
+ opt_add = TRUE;
n++;
if (n >= argc)
@@ -232,9 +232,9 @@ main (int argc, char *argv[])
action_id = g_strdup (argv[n]);
}
- else if (strcmp (argv[n], "revoke") == 0)
+ else if (strcmp (argv[n], "remove") == 0)
{
- opt_revoke = TRUE;
+ opt_remove = TRUE;
n++;
if (n >= argc)
@@ -352,7 +352,7 @@ main (int argc, char *argv[])
ret = do_check ();
}
- else if (opt_grant)
+ else if (opt_add)
{
if (identity == NULL || action_id == NULL)
{
@@ -360,9 +360,9 @@ main (int argc, char *argv[])
goto out;
}
- ret = do_grant ();
+ ret = do_add ();
}
- else if (opt_revoke)
+ else if (opt_remove)
{
if (identity == NULL || action_id == NULL)
{
@@ -370,7 +370,7 @@ main (int argc, char *argv[])
goto out;
}
- ret = do_revoke ();
+ ret = do_remove ();
}
else
{
@@ -907,7 +907,7 @@ list_explicit_authorizations (void)
/* ---------------------------------------------------------------------------------------------------- */
static gboolean
-do_grant (void)
+do_add (void)
{
PolkitAuthorization *authorization;
gboolean ret;
@@ -943,7 +943,7 @@ do_grant (void)
/* ---------------------------------------------------------------------------------------------------- */
static gboolean
-do_revoke (void)
+do_remove (void)
{
PolkitAuthorization *authorization;
gboolean ret;
More information about the hal-commit
mailing list