PolkitSubject *caller,
PolkitBackendInteractiveAuthority *authority,
const gchar *action_id,
+ PolkitDetails *details,
PolkitImplicitAuthorization implicit_authorization,
gboolean authentication_success,
gboolean was_dismissed,
PolkitSubject *caller,
PolkitBackendInteractiveAuthority *authority,
const gchar *action_id,
+ PolkitDetails *details,
PolkitImplicitAuthorization implicit_authorization,
gboolean authentication_success,
gboolean was_dismissed,
gchar *authenticated_identity_str;
gchar *subject_cmdline;
gboolean is_temp;
- PolkitDetails *details;
priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (authority);
was_dismissed,
authentication_success);
- details = polkit_details_new ();
if (implicit_authorization == POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED_RETAINED ||
implicit_authorization == POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED_RETAINED)
polkit_details_insert (details, "polkit.retains_authorization_after_challenge", "true");
/* log_result (authority, action_id, subject, caller, result); */
- g_object_unref (details);
g_simple_async_result_set_op_res_gpointer (simple,
result,
g_object_unref);
gboolean session_is_active;
PolkitImplicitAuthorization implicit_authorization;
const gchar *tmp_authz_id;
- PolkitDetails *result_details;
GList *actions;
GList *l;
groups_of_user = NULL;
subject_str = NULL;
session_for_subject = NULL;
- result_details = NULL;
session_is_local = FALSE;
session_is_active = FALSE;
implicit_authorization = polkit_action_description_get_implicit_any (action_desc);
}
- result_details = polkit_details_new ();
-
/* allow subclasses to rewrite implicit_authorization */
implicit_authorization = polkit_backend_interactive_authority_check_authorization_sync (interactive_authority,
caller,
session_is_active,
action_id,
details,
- implicit_authorization,
- result_details);
-
+ implicit_authorization);
/* first see if there's an implicit authorization for subject available */
if (implicit_authorization == POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED)
{
g_debug (" is authorized (has implicit authorization local=%d active=%d)",
session_is_local,
session_is_active);
- result = polkit_authorization_result_new (TRUE, FALSE, result_details);
+ result = polkit_authorization_result_new (TRUE, FALSE, details);
goto out;
}
{
g_debug (" is authorized (has temporary authorization)");
- polkit_details_insert (result_details, "polkit.temporary_authorization_id", tmp_authz_id);
- result = polkit_authorization_result_new (TRUE, FALSE, result_details);
+ polkit_details_insert (details, "polkit.temporary_authorization_id", tmp_authz_id);
+ result = polkit_authorization_result_new (TRUE, FALSE, details);
goto out;
}
g_debug (" is authorized (implied by %s)", imply_action_id);
result = implied_result;
/* cleanup */
- g_object_unref (result_details);
g_strfreev (tokens);
goto out;
}
if (implicit_authorization == POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED_RETAINED ||
implicit_authorization == POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED_RETAINED)
{
- polkit_details_insert (result_details, "polkit.retains_authorization_after_challenge", "1");
+ polkit_details_insert (details, "polkit.retains_authorization_after_challenge", "1");
}
- result = polkit_authorization_result_new (FALSE, TRUE, result_details);
+ result = polkit_authorization_result_new (FALSE, TRUE, details);
/* return implicit_authorization so the caller can use an authentication agent if applicable */
if (out_implicit_authorization != NULL)
}
else
{
- result = polkit_authorization_result_new (FALSE, FALSE, result_details);
+ result = polkit_authorization_result_new (FALSE, FALSE, details);
g_debug (" not authorized");
}
out:
if (action_desc != NULL)
g_object_unref (action_desc);
- if (result_details != NULL)
- g_object_unref (result_details);
-
g_debug (" ");
return result;
* @action_id: The action we are checking an authorization for.
* @details: Details about the action.
* @implicit: A #PolkitImplicitAuthorization value computed from the policy file and @subject.
- * @out_details: A #PolkitDetails object that will be return to @caller.
*
* Checks whether @subject is authorized to perform the action
- * specified by @action_id and @details. The implementation may
- * append key/value pairs to @out_details to return extra information
- * to @caller.
+ * specified by @action_id and @details. The implementation may append
+ * key/value pairs to @details to return extra information to @caller.
*
* The default implementation of this method simply returns @implicit.
*
gboolean subject_is_active,
const gchar *action_id,
PolkitDetails *details,
- PolkitImplicitAuthorization implicit,
- PolkitDetails *out_details)
+ PolkitImplicitAuthorization implicit)
{
PolkitBackendInteractiveAuthorityClass *klass;
PolkitImplicitAuthorization ret;
subject_is_active,
action_id,
details,
- implicit,
- out_details);
+ implicit);
}
return ret;
gchar *action_id;
+ PolkitDetails *details;
+
gchar *initiated_by_system_bus_unique_name;
PolkitImplicitAuthorization implicit_authorization;
PolkitBackendInteractiveAuthority *authority,
GList *identities,
const gchar *action_id,
+ PolkitDetails *details,
const gchar *initiated_by_system_bus_unique_name,
PolkitImplicitAuthorization implicit_authorization,
GCancellable *cancellable,
session->identities = g_list_copy (identities);
g_list_foreach (session->identities, (GFunc) g_object_ref, NULL);
session->action_id = g_strdup (action_id);
+ session->details = g_object_ref (details);
session->initiated_by_system_bus_unique_name = g_strdup (initiated_by_system_bus_unique_name);
session->implicit_authorization = implicit_authorization;
session->cancellable = cancellable != NULL ? g_object_ref (cancellable) : NULL;
g_object_unref (session->caller);
g_object_unref (session->authority);
g_free (session->action_id);
+ g_object_unref (session->details);
g_free (session->initiated_by_system_bus_unique_name);
if (session->cancellable_signal_handler_id > 0)
g_signal_handler_disconnect (session->cancellable, session->cancellable_signal_handler_id);
session->caller,
session->authority,
session->action_id,
+ session->details,
session->implicit_authorization,
gained_authorization,
was_dismissed,
authority,
identities,
action_id,
+ details,
polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)),
implicit_authorization,
cancellable,
gboolean subject_is_active,
const gchar *action_id,
PolkitDetails *details,
- PolkitImplicitAuthorization implicit,
- PolkitDetails *out_details);
+ PolkitImplicitAuthorization implicit);
G_DEFINE_TYPE_WITH_CODE (PolkitBackendJsAuthority,
polkit_backend_js_authority,
if (dir == NULL)
{
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
- "Error opening rules directory: %s (%s, %d)\n",
+ "Error opening rules directory: %s (%s, %d)",
error->message, g_quark_to_string (error->domain), error->code);
g_clear_error (&error);
goto out;
gboolean subject_is_active,
const gchar *action_id,
PolkitDetails *details,
- PolkitImplicitAuthorization implicit,
- PolkitDetails *out_details)
+ PolkitImplicitAuthorization implicit)
{
PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (_authority);
PolkitImplicitAuthorization ret = implicit;
const jschar *ret_utf16;
gchar *ret_str = NULL;
gboolean good = FALSE;
+ JSIdArray *ids;
+ JSObject *details_obj;
+ gint n;
action_id_jstr = JS_NewStringCopyZ (authority->priv->cx, action_id);
argv[0] = STRING_TO_JSVAL (action_id_jstr);
if (!polkit_implicit_authorization_from_string (ret_str, &ret))
{
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
- "Returned result `%s' is not valid\n",
+ "Returned result `%s' is not valid",
ret_str);
goto out;
}
+
+ /* the JS code may have modifed @details - update PolkitDetails
+ * object accordingly
+ */
+ details_obj = JSVAL_TO_OBJECT (argv[2]);
+ ids = JS_Enumerate (authority->priv->cx, details_obj);
+ if (ids == NULL)
+ {
+ polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
+ "Failed to enumerate properties of Details object");
+ goto out;
+ }
+ for (n = 0; n < ids->length; n++)
+ {
+ jsval id_val;
+ jsval value_val;
+ char *id_s = NULL;
+ char *value_s = NULL;
+
+ if (!JS_IdToValue (authority->priv->cx, ids->vector[n], &id_val))
+ {
+ g_warning ("Error getting string for property id %d", n);
+ goto cont;
+ }
+ id_s = JS_EncodeString (authority->priv->cx, JSVAL_TO_STRING (id_val));
+
+ if (!JS_GetPropertyById (authority->priv->cx, details_obj, ids->vector[n], &value_val))
+ {
+ g_warning ("Error getting value string for property value %s", id_s);
+ goto cont;
+ }
+
+ /* skip e.g. functions */
+ if (!JSVAL_IS_STRING (value_val) && !JSVAL_IS_NULL (value_val))
+ goto cont;
+
+ value_s = JS_EncodeString (authority->priv->cx, JSVAL_TO_STRING (value_val));
+
+ polkit_details_insert (details, id_s, value_s);
+ cont:
+ if (id_s != NULL)
+ JS_free (authority->priv->cx, id_s);
+ if (value_s != NULL)
+ JS_free (authority->priv->cx, value_s);
+ }
+ JS_DestroyIdArray (authority->priv->cx, ids);
+
good = TRUE;
out:
* @out_result_any: Return location for the result for any subjects if the look up matched.
* @out_result_inactive: Return location for the result for subjects in local inactive sessions if the look up matched.
* @out_result_active: Return location for the result for subjects in local active sessions if the look up matched.
- * @out_details: %NULL or a #PolkitDetails object to append key/value pairs to on a positive match.
*
- * Checks if an authorization entry from @store matches @identity, @action_id and @details.
+ * Checks if an authorization entry from @store matches @identity,
+ * @action_id and @details. May append information to @details if
+ * found.
*
* Returns: %TRUE if @store has an authorization entry that matches
* @identity, @action_id and @details. Otherwise %FALSE.
PolkitDetails *details,
PolkitImplicitAuthorization *out_result_any,
PolkitImplicitAuthorization *out_result_inactive,
- PolkitImplicitAuthorization *out_result_active,
- PolkitDetails *out_details)
+ PolkitImplicitAuthorization *out_result_active)
{
GList *l, *ll;
gboolean ret;
*out_result_active = authorization->result_active;
ret = TRUE;
- if (out_details != NULL && authorization->return_value != NULL)
+ if (details != NULL && authorization->return_value != NULL)
{
GHashTableIter iter;
const gchar *key;
g_hash_table_iter_init (&iter, authorization->return_value);
while (g_hash_table_iter_next (&iter, (gpointer *) &key, (gpointer *) &value))
{
- polkit_details_insert (out_details, key, value);
+ polkit_details_insert (details, key, value);
}
}