PolicyKit: Branch 'master'
David Zeuthen
david at kemper.freedesktop.org
Wed Jul 15 13:23:22 PDT 2009
src/polkit/polkitimplicitauthorization.c | 5
src/polkit/polkitimplicitauthorization.h | 2
src/polkitbackend/polkitbackendinteractiveauthority.c | 8 +
src/polkitbackend/polkitbackendinteractiveauthority.h | 4
src/polkitbackend/polkitbackendlocalauthority.c | 47 +++++-
src/polkitbackend/polkitbackendlocalauthorizationstore.c | 115 +++++++++++----
src/polkitbackend/polkitbackendlocalauthorizationstore.h | 12 -
7 files changed, 159 insertions(+), 34 deletions(-)
New commits:
commit f62117c9b5b3c248ea40b6fc6c6aada2d793c66a
Author: David Zeuthen <davidz at redhat.com>
Date: Wed Jul 15 16:20:08 2009 -0400
In .pkla files, use Result{Any,Inactive,Active} instead of just Result
diff --git a/src/polkit/polkitimplicitauthorization.c b/src/polkit/polkitimplicitauthorization.c
index 5723335..53d9923 100644
--- a/src/polkit/polkitimplicitauthorization.c
+++ b/src/polkit/polkitimplicitauthorization.c
@@ -80,6 +80,7 @@ polkit_implicit_authorization_from_string (const gchar *string,
{
g_warning ("Unknown PolkitImplicitAuthorization string '%s'", string);
ret = FALSE;
+ result = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN;
}
if (out_implicit_authorization != NULL)
@@ -97,6 +98,10 @@ polkit_implicit_authorization_to_string (PolkitImplicitAuthorization implicit_au
switch (implicit_authorization)
{
+ case POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN:
+ s = "unknown";
+ break;
+
case POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED:
s = "no";
break;
diff --git a/src/polkit/polkitimplicitauthorization.h b/src/polkit/polkitimplicitauthorization.h
index 7abd557..9e5c51c 100644
--- a/src/polkit/polkitimplicitauthorization.h
+++ b/src/polkit/polkitimplicitauthorization.h
@@ -36,6 +36,7 @@ GType polkit_implicit_authorization_get_type (void) G_GNUC_CONST;
/**
* PolkitImplicitAuthorization:
+ * @POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN: Unknown whether the subject is authorized, never returned in any public API.
* @POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED: Subject is not authorized.
* @POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED: Authentication is required.
* @POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED: Authentication as an administrator is required.
@@ -47,6 +48,7 @@ GType polkit_implicit_authorization_get_type (void) G_GNUC_CONST;
*/
typedef enum
{
+ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN = -1,
POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED = 0,
POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED = 1,
POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED = 2,
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
index 9046938..5cecc85 100644
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
@@ -633,6 +633,8 @@ check_authorization_sync (PolkitBackendAuthority *authority,
caller,
subject,
user_of_subject,
+ session_is_local,
+ session_is_active,
action_id,
details,
implicit_authorization);
@@ -771,6 +773,8 @@ polkit_backend_interactive_authority_get_admin_identities (PolkitBackendInteract
* @caller: The subject that is inquiring whether @subject is authorized.
* @subject: The subject we are checking an authorization for.
* @user_for_subject: The user of the subject we are checking an authorization for.
+ * @subject_is_local: %TRUE if the session for @subject is local.
+ * @subject_is_active: %TRUE if the session for @subject is active.
* @action_id: The action we are checking an authorization for.
* @details: Details about the action.
* @implicit: A #PolkitImplicitAuthorization value computed from the policy file and @subject.
@@ -788,6 +792,8 @@ polkit_backend_interactive_authority_check_authorization_sync (PolkitBackendInte
PolkitSubject *caller,
PolkitSubject *subject,
PolkitIdentity *user_for_subject,
+ gboolean subject_is_local,
+ gboolean subject_is_active,
const gchar *action_id,
PolkitDetails *details,
PolkitImplicitAuthorization implicit)
@@ -807,6 +813,8 @@ polkit_backend_interactive_authority_check_authorization_sync (PolkitBackendInte
caller,
subject,
user_for_subject,
+ subject_is_local,
+ subject_is_active,
action_id,
details,
implicit);
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.h b/src/polkitbackend/polkitbackendinteractiveauthority.h
index 8331af0..9820dac 100644
--- a/src/polkitbackend/polkitbackendinteractiveauthority.h
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.h
@@ -79,6 +79,8 @@ struct _PolkitBackendInteractiveAuthorityClass
PolkitSubject *caller,
PolkitSubject *subject,
PolkitIdentity *user_for_subject,
+ gboolean subject_is_local,
+ gboolean subject_is_active,
const gchar *action_id,
PolkitDetails *details,
PolkitImplicitAuthorization implicit);
@@ -132,6 +134,8 @@ PolkitImplicitAuthorization polkit_backend_interactive_authority_check_authoriza
PolkitSubject *caller,
PolkitSubject *subject,
PolkitIdentity *user_for_subject,
+ gboolean subject_is_local,
+ gboolean subject_is_active,
const gchar *action_id,
PolkitDetails *details,
PolkitImplicitAuthorization implicit);
diff --git a/src/polkitbackend/polkitbackendlocalauthority.c b/src/polkitbackend/polkitbackendlocalauthority.c
index ce3a7d3..06073cf 100644
--- a/src/polkitbackend/polkitbackendlocalauthority.c
+++ b/src/polkitbackend/polkitbackendlocalauthority.c
@@ -75,6 +75,8 @@ static PolkitImplicitAuthorization polkit_backend_local_authority_check_authoriz
PolkitSubject *caller,
PolkitSubject *subject,
PolkitIdentity *user_for_subject,
+ gboolean subject_is_local,
+ gboolean subject_is_active,
const gchar *action_id,
PolkitDetails *details,
PolkitImplicitAuthorization implicit);
@@ -237,6 +239,8 @@ polkit_backend_local_authority_check_authorization_sync (PolkitBackendInteractiv
PolkitSubject *caller,
PolkitSubject *subject,
PolkitIdentity *user_for_subject,
+ gboolean subject_is_local,
+ gboolean subject_is_active,
const gchar *action_id,
PolkitDetails *details,
PolkitImplicitAuthorization implicit)
@@ -244,6 +248,9 @@ polkit_backend_local_authority_check_authorization_sync (PolkitBackendInteractiv
PolkitBackendLocalAuthority *local_authority;
PolkitBackendLocalAuthorityPrivate *priv;
PolkitImplicitAuthorization ret;
+ PolkitImplicitAuthorization ret_any;
+ PolkitImplicitAuthorization ret_inactive;
+ PolkitImplicitAuthorization ret_active;
GList *groups;
GList *l, *ll;
@@ -273,9 +280,25 @@ polkit_backend_local_authority_check_authorization_sync (PolkitBackendInteractiv
group,
action_id,
details,
- &ret))
+ &ret_any,
+ &ret_inactive,
+ &ret_active))
{
- ; /* do nothing */
+ if (subject_is_local && subject_is_active)
+ {
+ if (ret_active != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN)
+ ret = ret_active;
+ }
+ else if (subject_is_local)
+ {
+ if (ret_inactive != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN)
+ ret = ret_inactive;
+ }
+ else
+ {
+ if (ret_any != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN)
+ ret = ret_any;
+ }
}
}
}
@@ -291,9 +314,25 @@ polkit_backend_local_authority_check_authorization_sync (PolkitBackendInteractiv
user_for_subject,
action_id,
details,
- &ret))
+ &ret_any,
+ &ret_inactive,
+ &ret_active))
{
- ; /* do nothing */
+ if (subject_is_local && subject_is_active)
+ {
+ if (ret_active != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN)
+ ret = ret_active;
+ }
+ else if (subject_is_local)
+ {
+ if (ret_inactive != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN)
+ ret = ret_inactive;
+ }
+ else
+ {
+ if (ret_any != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN)
+ ret = ret_any;
+ }
}
}
diff --git a/src/polkitbackend/polkitbackendlocalauthorizationstore.c b/src/polkitbackend/polkitbackendlocalauthorizationstore.c
index a183351..413ed4b 100644
--- a/src/polkitbackend/polkitbackendlocalauthorizationstore.c
+++ b/src/polkitbackend/polkitbackendlocalauthorizationstore.c
@@ -76,7 +76,9 @@ typedef struct
GList *identity_specs;
GList *action_specs;
- PolkitImplicitAuthorization result;
+ PolkitImplicitAuthorization result_any;
+ PolkitImplicitAuthorization result_inactive;
+ PolkitImplicitAuthorization result_active;
} LocalAuthorization;
static void
@@ -100,12 +102,16 @@ local_authorization_new (GKeyFile *key_file,
LocalAuthorization *authorization;
gchar **identity_strings;
gchar **action_strings;
- gchar *result_string;
+ gchar *result_any_string;
+ gchar *result_inactive_string;
+ gchar *result_active_string;
guint n;
identity_strings = NULL;
action_strings = NULL;
- result_string = NULL;
+ result_any_string = NULL;
+ result_inactive_string = NULL;
+ result_active_string = NULL;
authorization = g_new0 (LocalAuthorization, 1);
@@ -143,27 +149,76 @@ local_authorization_new (GKeyFile *key_file,
g_pattern_spec_new (action_strings[n]));
}
- result_string = g_key_file_get_string (key_file,
- group,
- "Result",
- error);
- if (result_string == NULL)
+ authorization->result_any = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN;
+ authorization->result_inactive = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN;
+ authorization->result_active = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN;
+
+ result_any_string = g_key_file_get_string (key_file,
+ group,
+ "ResultAny",
+ NULL);
+ if (result_any_string != NULL)
{
- local_authorization_free (authorization);
- authorization = NULL;
- goto out;
+ if (!polkit_implicit_authorization_from_string (result_any_string,
+ &authorization->result_any))
+ {
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_FAILED,
+ "Cannot parse ResultAny string `%s'", result_any_string);
+ local_authorization_free (authorization);
+ authorization = NULL;
+ goto out;
+ }
}
- if (!polkit_implicit_authorization_from_string (result_string,
- &authorization->result))
+ result_inactive_string = g_key_file_get_string (key_file,
+ group,
+ "ResultInactive",
+ NULL);
+ if (result_inactive_string != NULL)
{
- g_set_error (error,
- POLKIT_ERROR,
- POLKIT_ERROR_FAILED,
- "Cannot parse Result string `%s'", result_string);
- local_authorization_free (authorization);
- authorization = NULL;
- goto out;
+ if (!polkit_implicit_authorization_from_string (result_inactive_string,
+ &authorization->result_inactive))
+ {
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_FAILED,
+ "Cannot parse ResultInactive string `%s'", result_inactive_string);
+ local_authorization_free (authorization);
+ authorization = NULL;
+ goto out;
+ }
+ }
+
+ result_active_string = g_key_file_get_string (key_file,
+ group,
+ "ResultActive",
+ NULL);
+ if (result_active_string != NULL)
+ {
+ if (!polkit_implicit_authorization_from_string (result_active_string,
+ &authorization->result_active))
+ {
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_FAILED,
+ "Cannot parse ResultActive string `%s'", result_active_string);
+ local_authorization_free (authorization);
+ authorization = NULL;
+ goto out;
+ }
+ }
+
+ if (result_any_string == NULL && result_inactive_string == NULL && result_active_string == NULL)
+ {
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_FAILED,
+ "Must have at least one of ResultAny, ResultInactive and ResultActive");
+ local_authorization_free (authorization);
+ authorization = NULL;
+ goto out;
}
authorization->id = g_strdup_printf ("%s::%s", filename, group);
@@ -171,7 +226,9 @@ local_authorization_new (GKeyFile *key_file,
out:
g_strfreev (identity_strings);
g_free (action_strings);
- g_free (result_string);
+ g_free (result_any_string);
+ g_free (result_inactive_string);
+ g_free (result_active_string);
return authorization;
}
@@ -545,7 +602,9 @@ polkit_backend_local_authorization_store_ensure (PolkitBackendLocalAuthorization
* @identity: The identity to check for.
* @action_id: The action id to check for.
* @details: Details for @action.
- * @out_result: Return location for the result if the look up matched.
+ * @out_result_any: Return location for the result for any subjects if the look up matched.
+ * @out_result_inactive: Return location for the result for subjects in local inactive sessions if the look up matched.
+ * @out_result_active: Return location for the result for subjects in local active sessions if the look up matched.
*
* Checks if an authorization entry from @store matches @identity, @action_id and @details.
*
@@ -557,7 +616,9 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization
PolkitIdentity *identity,
const gchar *action_id,
PolkitDetails *details,
- PolkitImplicitAuthorization *out_result)
+ PolkitImplicitAuthorization *out_result_any,
+ PolkitImplicitAuthorization *out_result_inactive,
+ PolkitImplicitAuthorization *out_result_active)
{
GList *l, *ll;
gboolean ret;
@@ -567,7 +628,9 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization
g_return_val_if_fail (POLKIT_IS_IDENTITY (identity), FALSE);
g_return_val_if_fail (action_id != NULL, FALSE);
g_return_val_if_fail (POLKIT_IS_DETAILS (details), FALSE);
- g_return_val_if_fail (out_result != NULL, FALSE);
+ g_return_val_if_fail (out_result_any != NULL, FALSE);
+ g_return_val_if_fail (out_result_inactive != NULL, FALSE);
+ g_return_val_if_fail (out_result_active != NULL, FALSE);
ret = FALSE;
identity_string = NULL;
@@ -599,7 +662,9 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization
continue;
/* Yay, a match! However, keep going since subsequent authorization entries may modify the result */
- *out_result = authorization->result;
+ *out_result_any = authorization->result_any;
+ *out_result_inactive = authorization->result_inactive;
+ *out_result_active = authorization->result_active;
ret = TRUE;
#if 0
diff --git a/src/polkitbackend/polkitbackendlocalauthorizationstore.h b/src/polkitbackend/polkitbackendlocalauthorizationstore.h
index 426ea69..2f2b452 100644
--- a/src/polkitbackend/polkitbackendlocalauthorizationstore.h
+++ b/src/polkitbackend/polkitbackendlocalauthorizationstore.h
@@ -71,11 +71,13 @@ struct _PolkitBackendLocalAuthorizationStoreClass
GType polkit_backend_local_authorization_store_get_type (void) G_GNUC_CONST;
PolkitBackendLocalAuthorizationStore *polkit_backend_local_authorization_store_new (GFile *directory,
const gchar *extension);
-gboolean polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorizationStore *store,
- PolkitIdentity *identity,
- const gchar *action_id,
- PolkitDetails *details,
- PolkitImplicitAuthorization *out_result);
+gboolean polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorizationStore *store,
+ PolkitIdentity *identity,
+ const gchar *action_id,
+ PolkitDetails *details,
+ PolkitImplicitAuthorization *out_result_any,
+ PolkitImplicitAuthorization *out_result_inactive,
+ PolkitImplicitAuthorization *out_result_active);
G_END_DECLS
More information about the hal-commit
mailing list