PolicyKit: Branch 'master'

David Zeuthen david at kemper.freedesktop.org
Wed Jul 15 13:23:22 PDT 2009


 src/polkit/polkitimplicitauthorization.c                 |    5 
 src/polkit/polkitimplicitauthorization.h                 |    2 
 src/polkitbackend/polkitbackendinteractiveauthority.c    |    8 +
 src/polkitbackend/polkitbackendinteractiveauthority.h    |    4 
 src/polkitbackend/polkitbackendlocalauthority.c          |   47 +++++-
 src/polkitbackend/polkitbackendlocalauthorizationstore.c |  115 +++++++++++----
 src/polkitbackend/polkitbackendlocalauthorizationstore.h |   12 -
 7 files changed, 159 insertions(+), 34 deletions(-)

New commits:
commit f62117c9b5b3c248ea40b6fc6c6aada2d793c66a
Author: David Zeuthen <davidz at redhat.com>
Date:   Wed Jul 15 16:20:08 2009 -0400

    In .pkla files, use Result{Any,Inactive,Active} instead of just Result

diff --git a/src/polkit/polkitimplicitauthorization.c b/src/polkit/polkitimplicitauthorization.c
index 5723335..53d9923 100644
--- a/src/polkit/polkitimplicitauthorization.c
+++ b/src/polkit/polkitimplicitauthorization.c
@@ -80,6 +80,7 @@ polkit_implicit_authorization_from_string (const gchar *string,
     {
       g_warning ("Unknown PolkitImplicitAuthorization string '%s'", string);
       ret = FALSE;
+      result = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN;
     }
 
   if (out_implicit_authorization != NULL)
@@ -97,6 +98,10 @@ polkit_implicit_authorization_to_string (PolkitImplicitAuthorization implicit_au
 
   switch (implicit_authorization)
     {
+    case POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN:
+      s = "unknown";
+      break;
+
     case POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED:
       s = "no";
       break;
diff --git a/src/polkit/polkitimplicitauthorization.h b/src/polkit/polkitimplicitauthorization.h
index 7abd557..9e5c51c 100644
--- a/src/polkit/polkitimplicitauthorization.h
+++ b/src/polkit/polkitimplicitauthorization.h
@@ -36,6 +36,7 @@ GType polkit_implicit_authorization_get_type (void) G_GNUC_CONST;
 
 /**
  * PolkitImplicitAuthorization:
+ * @POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN: Unknown whether the subject is authorized, never returned in any public API.
  * @POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED: Subject is not authorized.
  * @POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED: Authentication is required.
  * @POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED: Authentication as an administrator is required.
@@ -47,6 +48,7 @@ GType polkit_implicit_authorization_get_type (void) G_GNUC_CONST;
  */
 typedef enum
 {
+  POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN = -1,
   POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED = 0,
   POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED = 1,
   POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED = 2,
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
index 9046938..5cecc85 100644
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
@@ -633,6 +633,8 @@ check_authorization_sync (PolkitBackendAuthority         *authority,
                                                                                           caller,
                                                                                           subject,
                                                                                           user_of_subject,
+                                                                                          session_is_local,
+                                                                                          session_is_active,
                                                                                           action_id,
                                                                                           details,
                                                                                           implicit_authorization);
@@ -771,6 +773,8 @@ polkit_backend_interactive_authority_get_admin_identities (PolkitBackendInteract
  * @caller: The subject that is inquiring whether @subject is authorized.
  * @subject: The subject we are checking an authorization for.
  * @user_for_subject: The user of the subject we are checking an authorization for.
+ * @subject_is_local: %TRUE if the session for @subject is local.
+ * @subject_is_active: %TRUE if the session for @subject is active.
  * @action_id: The action we are checking an authorization for.
  * @details: Details about the action.
  * @implicit: A #PolkitImplicitAuthorization value computed from the policy file and @subject.
@@ -788,6 +792,8 @@ polkit_backend_interactive_authority_check_authorization_sync (PolkitBackendInte
                                                                PolkitSubject                     *caller,
                                                                PolkitSubject                     *subject,
                                                                PolkitIdentity                    *user_for_subject,
+                                                               gboolean                           subject_is_local,
+                                                               gboolean                           subject_is_active,
                                                                const gchar                       *action_id,
                                                                PolkitDetails                     *details,
                                                                PolkitImplicitAuthorization        implicit)
@@ -807,6 +813,8 @@ polkit_backend_interactive_authority_check_authorization_sync (PolkitBackendInte
                                              caller,
                                              subject,
                                              user_for_subject,
+                                             subject_is_local,
+                                             subject_is_active,
                                              action_id,
                                              details,
                                              implicit);
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.h b/src/polkitbackend/polkitbackendinteractiveauthority.h
index 8331af0..9820dac 100644
--- a/src/polkitbackend/polkitbackendinteractiveauthority.h
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.h
@@ -79,6 +79,8 @@ struct _PolkitBackendInteractiveAuthorityClass
                                                            PolkitSubject                     *caller,
                                                            PolkitSubject                     *subject,
                                                            PolkitIdentity                    *user_for_subject,
+                                                           gboolean                           subject_is_local,
+                                                           gboolean                           subject_is_active,
                                                            const gchar                       *action_id,
                                                            PolkitDetails                     *details,
                                                            PolkitImplicitAuthorization        implicit);
@@ -132,6 +134,8 @@ PolkitImplicitAuthorization polkit_backend_interactive_authority_check_authoriza
                                                           PolkitSubject                     *caller,
                                                           PolkitSubject                     *subject,
                                                           PolkitIdentity                    *user_for_subject,
+                                                          gboolean                           subject_is_local,
+                                                          gboolean                           subject_is_active,
                                                           const gchar                       *action_id,
                                                           PolkitDetails                     *details,
                                                           PolkitImplicitAuthorization        implicit);
diff --git a/src/polkitbackend/polkitbackendlocalauthority.c b/src/polkitbackend/polkitbackendlocalauthority.c
index ce3a7d3..06073cf 100644
--- a/src/polkitbackend/polkitbackendlocalauthority.c
+++ b/src/polkitbackend/polkitbackendlocalauthority.c
@@ -75,6 +75,8 @@ static PolkitImplicitAuthorization polkit_backend_local_authority_check_authoriz
                                                           PolkitSubject                     *caller,
                                                           PolkitSubject                     *subject,
                                                           PolkitIdentity                    *user_for_subject,
+                                                          gboolean                           subject_is_local,
+                                                          gboolean                           subject_is_active,
                                                           const gchar                       *action_id,
                                                           PolkitDetails                     *details,
                                                           PolkitImplicitAuthorization        implicit);
@@ -237,6 +239,8 @@ polkit_backend_local_authority_check_authorization_sync (PolkitBackendInteractiv
                                                          PolkitSubject                     *caller,
                                                          PolkitSubject                     *subject,
                                                          PolkitIdentity                    *user_for_subject,
+                                                         gboolean                           subject_is_local,
+                                                         gboolean                           subject_is_active,
                                                          const gchar                       *action_id,
                                                          PolkitDetails                     *details,
                                                          PolkitImplicitAuthorization        implicit)
@@ -244,6 +248,9 @@ polkit_backend_local_authority_check_authorization_sync (PolkitBackendInteractiv
   PolkitBackendLocalAuthority *local_authority;
   PolkitBackendLocalAuthorityPrivate *priv;
   PolkitImplicitAuthorization ret;
+  PolkitImplicitAuthorization ret_any;
+  PolkitImplicitAuthorization ret_inactive;
+  PolkitImplicitAuthorization ret_active;
   GList *groups;
   GList *l, *ll;
 
@@ -273,9 +280,25 @@ polkit_backend_local_authority_check_authorization_sync (PolkitBackendInteractiv
                                                                group,
                                                                action_id,
                                                                details,
-                                                               &ret))
+                                                               &ret_any,
+                                                               &ret_inactive,
+                                                               &ret_active))
             {
-              ; /* do nothing */
+              if (subject_is_local && subject_is_active)
+                {
+                  if (ret_active != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN)
+                    ret = ret_active;
+                }
+              else if (subject_is_local)
+                {
+                  if (ret_inactive != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN)
+                    ret = ret_inactive;
+                }
+              else
+                {
+                  if (ret_any != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN)
+                    ret = ret_any;
+                }
             }
         }
     }
@@ -291,9 +314,25 @@ polkit_backend_local_authority_check_authorization_sync (PolkitBackendInteractiv
                                                            user_for_subject,
                                                            action_id,
                                                            details,
-                                                           &ret))
+                                                           &ret_any,
+                                                           &ret_inactive,
+                                                           &ret_active))
         {
-          ; /* do nothing */
+          if (subject_is_local && subject_is_active)
+            {
+              if (ret_active != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN)
+                ret = ret_active;
+            }
+          else if (subject_is_local)
+            {
+              if (ret_inactive != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN)
+                ret = ret_inactive;
+            }
+          else
+            {
+              if (ret_any != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN)
+                ret = ret_any;
+            }
         }
     }
 
diff --git a/src/polkitbackend/polkitbackendlocalauthorizationstore.c b/src/polkitbackend/polkitbackendlocalauthorizationstore.c
index a183351..413ed4b 100644
--- a/src/polkitbackend/polkitbackendlocalauthorizationstore.c
+++ b/src/polkitbackend/polkitbackendlocalauthorizationstore.c
@@ -76,7 +76,9 @@ typedef struct
   GList *identity_specs;
   GList *action_specs;
 
-  PolkitImplicitAuthorization result;
+  PolkitImplicitAuthorization result_any;
+  PolkitImplicitAuthorization result_inactive;
+  PolkitImplicitAuthorization result_active;
 } LocalAuthorization;
 
 static void
@@ -100,12 +102,16 @@ local_authorization_new (GKeyFile      *key_file,
   LocalAuthorization *authorization;
   gchar **identity_strings;
   gchar **action_strings;
-  gchar *result_string;
+  gchar *result_any_string;
+  gchar *result_inactive_string;
+  gchar *result_active_string;
   guint n;
 
   identity_strings = NULL;
   action_strings = NULL;
-  result_string = NULL;
+  result_any_string = NULL;
+  result_inactive_string = NULL;
+  result_active_string = NULL;
 
   authorization = g_new0 (LocalAuthorization, 1);
 
@@ -143,27 +149,76 @@ local_authorization_new (GKeyFile      *key_file,
                                                     g_pattern_spec_new (action_strings[n]));
     }
 
-  result_string = g_key_file_get_string (key_file,
-                                         group,
-                                         "Result",
-                                         error);
-  if (result_string == NULL)
+  authorization->result_any = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN;
+  authorization->result_inactive = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN;
+  authorization->result_active = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN;
+
+  result_any_string = g_key_file_get_string (key_file,
+                                             group,
+                                             "ResultAny",
+                                             NULL);
+  if (result_any_string != NULL)
     {
-      local_authorization_free (authorization);
-      authorization = NULL;
-      goto out;
+      if (!polkit_implicit_authorization_from_string (result_any_string,
+                                                      &authorization->result_any))
+        {
+          g_set_error (error,
+                       POLKIT_ERROR,
+                       POLKIT_ERROR_FAILED,
+                       "Cannot parse ResultAny string `%s'", result_any_string);
+          local_authorization_free (authorization);
+          authorization = NULL;
+          goto out;
+        }
     }
 
-  if (!polkit_implicit_authorization_from_string (result_string,
-                                                  &authorization->result))
+  result_inactive_string = g_key_file_get_string (key_file,
+                                                  group,
+                                                  "ResultInactive",
+                                                  NULL);
+  if (result_inactive_string != NULL)
     {
-      g_set_error (error,
-                   POLKIT_ERROR,
-                   POLKIT_ERROR_FAILED,
-                   "Cannot parse Result string `%s'", result_string);
-      local_authorization_free (authorization);
-      authorization = NULL;
-      goto out;
+      if (!polkit_implicit_authorization_from_string (result_inactive_string,
+                                                      &authorization->result_inactive))
+        {
+          g_set_error (error,
+                       POLKIT_ERROR,
+                       POLKIT_ERROR_FAILED,
+                       "Cannot parse ResultInactive string `%s'", result_inactive_string);
+          local_authorization_free (authorization);
+          authorization = NULL;
+          goto out;
+        }
+    }
+
+  result_active_string = g_key_file_get_string (key_file,
+                                                group,
+                                                "ResultActive",
+                                                NULL);
+  if (result_active_string != NULL)
+    {
+      if (!polkit_implicit_authorization_from_string (result_active_string,
+                                                      &authorization->result_active))
+        {
+          g_set_error (error,
+                       POLKIT_ERROR,
+                       POLKIT_ERROR_FAILED,
+                       "Cannot parse ResultActive string `%s'", result_active_string);
+          local_authorization_free (authorization);
+          authorization = NULL;
+          goto out;
+        }
+    }
+
+  if (result_any_string == NULL && result_inactive_string == NULL && result_active_string == NULL)
+    {
+          g_set_error (error,
+                       POLKIT_ERROR,
+                       POLKIT_ERROR_FAILED,
+                       "Must have at least one of ResultAny, ResultInactive and ResultActive");
+          local_authorization_free (authorization);
+          authorization = NULL;
+          goto out;
     }
 
   authorization->id = g_strdup_printf ("%s::%s", filename, group);
@@ -171,7 +226,9 @@ local_authorization_new (GKeyFile      *key_file,
  out:
   g_strfreev (identity_strings);
   g_free (action_strings);
-  g_free (result_string);
+  g_free (result_any_string);
+  g_free (result_inactive_string);
+  g_free (result_active_string);
   return authorization;
 }
 
@@ -545,7 +602,9 @@ polkit_backend_local_authorization_store_ensure (PolkitBackendLocalAuthorization
  * @identity: The identity to check for.
  * @action_id: The action id to check for.
  * @details: Details for @action.
- * @out_result: Return location for the result if the look up matched.
+ * @out_result_any: Return location for the result for any subjects if the look up matched.
+ * @out_result_inactive: Return location for the result for subjects in local inactive sessions if the look up matched.
+ * @out_result_active: Return location for the result for subjects in local active sessions if the look up matched.
  *
  * Checks if an authorization entry from @store matches @identity, @action_id and @details.
  *
@@ -557,7 +616,9 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization
                                                  PolkitIdentity                       *identity,
                                                  const gchar                          *action_id,
                                                  PolkitDetails                        *details,
-                                                 PolkitImplicitAuthorization          *out_result)
+                                                 PolkitImplicitAuthorization          *out_result_any,
+                                                 PolkitImplicitAuthorization          *out_result_inactive,
+                                                 PolkitImplicitAuthorization          *out_result_active)
 {
   GList *l, *ll;
   gboolean ret;
@@ -567,7 +628,9 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization
   g_return_val_if_fail (POLKIT_IS_IDENTITY (identity), FALSE);
   g_return_val_if_fail (action_id != NULL, FALSE);
   g_return_val_if_fail (POLKIT_IS_DETAILS (details), FALSE);
-  g_return_val_if_fail (out_result != NULL, FALSE);
+  g_return_val_if_fail (out_result_any != NULL, FALSE);
+  g_return_val_if_fail (out_result_inactive != NULL, FALSE);
+  g_return_val_if_fail (out_result_active != NULL, FALSE);
 
   ret = FALSE;
   identity_string = NULL;
@@ -599,7 +662,9 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization
         continue;
 
       /* Yay, a match! However, keep going since subsequent authorization entries may modify the result */
-      *out_result = authorization->result;
+      *out_result_any = authorization->result_any;
+      *out_result_inactive = authorization->result_inactive;
+      *out_result_active = authorization->result_active;
       ret = TRUE;
 
 #if 0
diff --git a/src/polkitbackend/polkitbackendlocalauthorizationstore.h b/src/polkitbackend/polkitbackendlocalauthorizationstore.h
index 426ea69..2f2b452 100644
--- a/src/polkitbackend/polkitbackendlocalauthorizationstore.h
+++ b/src/polkitbackend/polkitbackendlocalauthorizationstore.h
@@ -71,11 +71,13 @@ struct _PolkitBackendLocalAuthorizationStoreClass
 GType                                 polkit_backend_local_authorization_store_get_type (void) G_GNUC_CONST;
 PolkitBackendLocalAuthorizationStore *polkit_backend_local_authorization_store_new      (GFile       *directory,
                                                                                          const gchar *extension);
-gboolean                              polkit_backend_local_authorization_store_lookup   (PolkitBackendLocalAuthorizationStore *store,
-                                                                                         PolkitIdentity *identity,
-                                                                                         const gchar    *action_id,
-                                                                                         PolkitDetails  *details,
-                                                                                         PolkitImplicitAuthorization *out_result);
+gboolean  polkit_backend_local_authorization_store_lookup   (PolkitBackendLocalAuthorizationStore *store,
+                                                             PolkitIdentity                       *identity,
+                                                             const gchar                          *action_id,
+                                                             PolkitDetails                        *details,
+                                                             PolkitImplicitAuthorization          *out_result_any,
+                                                             PolkitImplicitAuthorization          *out_result_inactive,
+                                                             PolkitImplicitAuthorization          *out_result_active);
 
 G_END_DECLS
 


More information about the hal-commit mailing list