From: David Zeuthen Date: Wed, 13 May 2009 14:58:04 +0000 (-0400) Subject: Only allow privileged apps to check authz and add ActionLookup interface X-Git-Tag: 0.92~32 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=86008e618476834c040bf7db40bbc887cca2fbb5;p=platform%2Fupstream%2Fpolkit.git Only allow privileged apps to check authz and add ActionLookup interface Also remove the ObtainAuthorization() call and allow apps to pass details to CheckAuthorization. --- diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml index 2faa2cf..3b519c2 100644 --- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -14,6 +14,18 @@ + + + + + + + + + + + + diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml index a3d5741..da2fe59 100644 --- a/data/org.freedesktop.PolicyKit1.Authority.xml +++ b/data/org.freedesktop.PolicyKit1.Authority.xml @@ -213,6 +213,10 @@ + + + + @@ -238,33 +242,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -272,6 +249,10 @@ + + + + diff --git a/docs/polkit/Makefile.am b/docs/polkit/Makefile.am index 3be9176..da1eb7f 100644 --- a/docs/polkit/Makefile.am +++ b/docs/polkit/Makefile.am @@ -4,7 +4,7 @@ NULL = AUTOMAKE_OPTIONS = 1.7 # The name of the module. -DOC_MODULE=polkit-1 +DOC_MODULE=polkit # The top-level SGML file. DOC_MAIN_SGML_FILE=polkit-docs.xml diff --git a/docs/polkit/polkit-docs.xml b/docs/polkit/polkit-docs.xml index 75e7620..e9c4af4 100644 --- a/docs/polkit/polkit-docs.xml +++ b/docs/polkit/polkit-docs.xml @@ -91,6 +91,7 @@ + diff --git a/docs/polkit/polkit-sections.txt b/docs/polkit/polkit-sections.txt index 9f21599..2094a3f 100644 --- a/docs/polkit/polkit-sections.txt +++ b/docs/polkit/polkit-sections.txt @@ -54,7 +54,6 @@ PolkitAuthorizationResult polkit_authority_get polkit_authority_enumerate_actions_sync polkit_authority_check_authorization_sync -polkit_authority_obtain_authorization_sync polkit_authority_register_authentication_agent_sync polkit_authority_unregister_authentication_agent_sync polkit_authority_authentication_agent_response_sync @@ -62,8 +61,6 @@ polkit_authority_enumerate_actions polkit_authority_enumerate_actions_finish polkit_authority_check_authorization polkit_authority_check_authorization_finish -polkit_authority_obtain_authorization -polkit_authority_obtain_authorization_finish polkit_authority_register_authentication_agent polkit_authority_register_authentication_agent_finish polkit_authority_unregister_authentication_agent diff --git a/docs/polkitagent/Makefile.am b/docs/polkitagent/Makefile.am index 2437a1d..4ef4787 100644 --- a/docs/polkitagent/Makefile.am +++ b/docs/polkitagent/Makefile.am @@ -4,7 +4,7 @@ NULL = AUTOMAKE_OPTIONS = 1.7 # The name of the module. -DOC_MODULE=polkitagent-1 +DOC_MODULE=polkitagent # The top-level SGML file. DOC_MAIN_SGML_FILE=polkitagent-docs.xml diff --git a/docs/polkitbackend/Makefile.am b/docs/polkitbackend/Makefile.am index 96cbbed..8725334 100644 --- a/docs/polkitbackend/Makefile.am +++ b/docs/polkitbackend/Makefile.am @@ -4,7 +4,7 @@ NULL = AUTOMAKE_OPTIONS = 1.7 # The name of the module. -DOC_MODULE=polkitbackend-1 +DOC_MODULE=polkitbackend # The top-level SGML file. DOC_MAIN_SGML_FILE=polkitbackend-docs.xml diff --git a/docs/polkitbackend/polkitbackend-sections.txt b/docs/polkitbackend/polkitbackend-sections.txt index e370b96..4f650da 100644 --- a/docs/polkitbackend/polkitbackend-sections.txt +++ b/docs/polkitbackend/polkitbackend-sections.txt @@ -6,8 +6,6 @@ PolkitBackendAuthority PolkitBackendAuthorityClass polkit_backend_authority_check_authorization polkit_backend_authority_check_authorization_finish -polkit_backend_authority_obtain_authorization -polkit_backend_authority_obtain_authorization_finish polkit_backend_authority_register_authentication_agent polkit_backend_authority_unregister_authentication_agent polkit_backend_authority_authentication_agent_response @@ -31,6 +29,23 @@ POLKIT_BACKEND_AUTHORITY_GET_CLASS
+polkitbackendactionlookup +PolkitBackendActionLookup +POLKIT_BACKEND_ACTION_LOOKUP_EXTENSION_POINT_NAME +PolkitBackendActionLookup +PolkitBackendActionLookupIface +polkit_backend_action_lookup_get_message +polkit_backend_action_lookup_get_icon_name +polkit_backend_action_lookup_get_details + +POLKIT_BACKEND_ACTION_LOOKUP +POLKIT_BACKEND_IS_ACTION_LOOKUP +POLKIT_BACKEND_TYPE_ACTION_LOOKUP +polkit_backend_action_lookup_get_type +POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE +
+ +
polkitbackendlocalauthority PolkitBackendLocalAuthority PolkitBackendLocalAuthority diff --git a/docs/polkitbackend/polkitbackend.types b/docs/polkitbackend/polkitbackend.types index 248f48b..cd0fde0 100644 --- a/docs/polkitbackend/polkitbackend.types +++ b/docs/polkitbackend/polkitbackend.types @@ -1,4 +1,5 @@ polkit_backend_authority_get_type +polkit_backend_action_lookup_get_type polkit_backend_local_authority_get_type polkit_backend_action_pool_get_type polkit_backend_session_monitor_get_type diff --git a/src/examples/Makefile.am b/src/examples/Makefile.am index 524e67b..1c40863 100644 --- a/src/examples/Makefile.am +++ b/src/examples/Makefile.am @@ -15,7 +15,7 @@ INCLUDES = \ -D_REENTRANT \ $(NULL) -noinst_PROGRAMS = cancel cancelobtain +noinst_PROGRAMS = cancel cancel_SOURCES = cancel.c @@ -28,16 +28,5 @@ cancel_LDADD = \ $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ $(NULL) -cancelobtain_SOURCES = cancelobtain.c - -cancelobtain_CFLAGS = \ - $(GLIB_CFLAGS) \ - $(NULL) - -cancelobtain_LDADD = \ - $(GLIB_LDADD) \ - $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ - $(NULL) - clean-local : rm -f *~ diff --git a/src/examples/cancel.c b/src/examples/cancel.c index f0ede35..7191398 100644 --- a/src/examples/cancel.c +++ b/src/examples/cancel.c @@ -108,6 +108,7 @@ main (int argc, char *argv[]) polkit_authority_check_authorization (authority, calling_process, "org.freedesktop.policykit.grant", + NULL, POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION, cancellable, (GAsyncReadyCallback) check_authorization_cb, diff --git a/src/examples/cancelobtain.c b/src/examples/cancelobtain.c deleted file mode 100644 index ea37d8f..0000000 --- a/src/examples/cancelobtain.c +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright (C) 2009 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: David Zeuthen - */ - -/* Simple example that shows how to obtain an authorization including - * cancelling the request. - */ - -#include - -static void -obtain_authorization_cb (PolkitAuthority *authority, - GAsyncResult *res, - GMainLoop *loop) -{ - GError *error; - - error = NULL; - if (!polkit_authority_obtain_authorization_finish (authority, res, &error)) - { - g_print ("Error obtaining authorization: %s\n", error->message); - g_error_free (error); - } - - g_main_loop_quit (loop); -} - -static gboolean -do_cancel (GCancellable *cancellable) -{ - g_print ("Timer has expired; cancelling request\n"); - g_cancellable_cancel (cancellable); - return FALSE; -} - -int -main (int argc, char *argv[]) -{ - int ret; - GMainLoop *loop; - PolkitSubject *calling_process; - PolkitAuthority *authority; - GCancellable *cancellable; - - g_type_init (); - - ret = 1; - - if (argc != 2) - { - g_printerr ("usage: cancelobtain \n"); - goto out; - } - - loop = g_main_loop_new (NULL, FALSE); - - authority = polkit_authority_get (); - - calling_process = polkit_unix_process_new (getppid ()); - - cancellable = g_cancellable_new (); - - g_print ("Will cancel request in 10 seconds\n"); - g_timeout_add (10 * 1000, - (GSourceFunc) do_cancel, - cancellable); - - polkit_authority_obtain_authorization (authority, - calling_process, - argv[1], - cancellable, - (GAsyncReadyCallback) obtain_authorization_cb, - loop); - - g_main_loop_run (loop); - - g_object_unref (authority); - g_object_unref (calling_process); - g_object_unref (cancellable); - g_main_loop_unref (loop); - - ret = 0; - - out: - - return ret; -} diff --git a/src/nullbackend/polkitbackendnullauthority.c b/src/nullbackend/polkitbackendnullauthority.c index f754bd5..11b75f2 100644 --- a/src/nullbackend/polkitbackendnullauthority.c +++ b/src/nullbackend/polkitbackendnullauthority.c @@ -42,6 +42,7 @@ static void authority_check_authorization (PolkitBackendAuthority *author PolkitSubject *caller, PolkitSubject *subject, const gchar *action_id, + GHashTable *details, PolkitCheckAuthorizationFlags flags, GCancellable *cancellable, GAsyncReadyCallback callback, @@ -136,6 +137,7 @@ authority_check_authorization (PolkitBackendAuthority *authority, PolkitSubject *caller, PolkitSubject *subject, const gchar *action_id, + GHashTable *details, PolkitCheckAuthorizationFlags flags, GCancellable *cancellable, GAsyncReadyCallback callback, diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index 6b129ae..041ba7e 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -330,6 +330,7 @@ static guint polkit_authority_check_authorization_async (PolkitAuthority *authority, PolkitSubject *subject, const gchar *action_id, + GHashTable *details, PolkitCheckAuthorizationFlags flags, GCancellable *cancellable, GAsyncReadyCallback callback, @@ -339,6 +340,7 @@ polkit_authority_check_authorization_async (PolkitAuthority *autho guint call_id; GSimpleAsyncResult *simple; gchar *cancellation_id; + EggDBusHashMap *real_details; real_subject = polkit_subject_get_real (subject); @@ -354,10 +356,24 @@ polkit_authority_check_authorization_async (PolkitAuthority *autho g_object_set_data_full (G_OBJECT (simple), "polkit-1-cancellation-id", cancellation_id, g_free); } + real_details = egg_dbus_hash_map_new (G_TYPE_STRING, NULL, + G_TYPE_STRING, NULL); + if (details != NULL) + { + GHashTableIter iter; + const gchar *key; + const gchar *value; + + g_hash_table_iter_init (&iter, details); + while (g_hash_table_iter_next (&iter, (gpointer) &key, (gpointer) &value)) + egg_dbus_hash_map_insert (real_details, key, value); + } + call_id = _polkit_authority_check_authorization (authority->real, EGG_DBUS_CALL_FLAGS_TIMEOUT_NONE, real_subject, action_id, + real_details, flags, cancellation_id, cancellable, @@ -374,6 +390,7 @@ polkit_authority_check_authorization_async (PolkitAuthority *autho * @authority: A #PolkitAuthority. * @subject: A #PolkitSubject. * @action_id: The action to check for. + * @details: Details about the action or %NULL. * @flags: A set of #PolkitCheckAuthorizationFlags. * @cancellable: A #GCancellable or %NULL. * @callback: A #GAsyncReadyCallback to call when the request is satisfied. @@ -390,6 +407,7 @@ void polkit_authority_check_authorization (PolkitAuthority *authority, PolkitSubject *subject, const gchar *action_id, + GHashTable *details, PolkitCheckAuthorizationFlags flags, GCancellable *cancellable, GAsyncReadyCallback callback, @@ -398,6 +416,7 @@ polkit_authority_check_authorization (PolkitAuthority *authority, polkit_authority_check_authorization_async (authority, subject, action_id, + details, flags, cancellable, callback, @@ -495,6 +514,7 @@ polkit_authority_check_authorization_finish (PolkitAuthority *authority * @authority: A #PolkitAuthority. * @subject: A #PolkitSubject. * @action_id: The action to check for. + * @details: Details about the action or %NULL. * @flags: A set of #PolkitCheckAuthorizationFlags. * @cancellable: A #GCancellable or %NULL. * @error: Return location for error or %NULL. @@ -507,6 +527,7 @@ PolkitAuthorizationResult polkit_authority_check_authorization_sync (PolkitAuthority *authority, PolkitSubject *subject, const gchar *action_id, + GHashTable *details, PolkitCheckAuthorizationFlags flags, GCancellable *cancellable, GError **error) @@ -518,6 +539,7 @@ polkit_authority_check_authorization_sync (PolkitAuthority *author call_id = polkit_authority_check_authorization_async (authority, subject, action_id, + details, flags, cancellable, generic_cb, @@ -535,209 +557,9 @@ polkit_authority_check_authorization_sync (PolkitAuthority *author /* ---------------------------------------------------------------------------------------------------- */ static guint -polkit_authority_obtain_authorization_async (PolkitAuthority *authority, - PolkitSubject *subject, - const gchar *action_id, - GCancellable *cancellable, - GAsyncReadyCallback callback, - gpointer user_data) -{ - _PolkitSubject *real_subject; - guint call_id; - GSimpleAsyncResult *simple; - gchar *cancellation_id; - - real_subject = polkit_subject_get_real (subject); - - simple = g_simple_async_result_new (G_OBJECT (authority), - callback, - user_data, - polkit_authority_obtain_authorization_async); - - cancellation_id = NULL; - if (cancellable != NULL) - { - cancellation_id = g_strdup_printf ("cancellation-id-%d", authority->cancellation_id_counter++); - g_object_set_data_full (G_OBJECT (simple), "polkit-1-cancellation-id", cancellation_id, g_free); - } - - call_id = _polkit_authority_obtain_authorization (authority->real, - EGG_DBUS_CALL_FLAGS_TIMEOUT_NONE, - real_subject, - action_id, - cancellation_id, - cancellable, - generic_async_cb, - simple); - - g_object_unref (real_subject); - - return call_id; -} - -/** - * polkit_authority_obtain_authorization: - * @authority: A #PolkitAuthority. - * @subject: A #PolkitSubject. - * @action_id: The action to obtain an authorization for. - * @cancellable: A #GCancellable or %NULL. - * @callback: A #GAsyncReadyCallback to call when the request is satisfied. - * @user_data: The data to pass to @callback. - * - * Asynchronously obtains a temporary authorization for @subject to - * perform the action represented by @action_id. - * - * When the operation is finished, @callback will be invoked. You can - * then call polkit_authority_obtain_authorization_finish() to get the - * result of the operation. - **/ -void -polkit_authority_obtain_authorization (PolkitAuthority *authority, - PolkitSubject *subject, - const gchar *action_id, - GCancellable *cancellable, - GAsyncReadyCallback callback, - gpointer user_data) -{ - polkit_authority_obtain_authorization_async (authority, - subject, - action_id, - cancellable, - callback, - user_data); -} - -static void -authorization_obtain_cancelled_cb (GObject *source_object, - GAsyncResult *res, - gpointer user_data) -{ - GError *error; - - error = NULL; - if (!_polkit_authority_cancel_obtain_authorization_finish (_POLKIT_AUTHORITY (source_object), - res, - &error)) - { - g_warning ("Error cancelling obtain authorization call: %s", error->message); - g_error_free (error); - } -} - -/** - * polkit_authority_obtain_authorization_finish: - * @authority: A #PolkitAuthority. - * @res: A #GAsyncResult obtained from the callback. - * @error: Return location for error or %NULL. - * - * Finishes obtaining an authorization. - * - * Returns: %TRUE if the authorization was obtained, %FALSE if @error is set. - **/ -gboolean -polkit_authority_obtain_authorization_finish (PolkitAuthority *authority, - GAsyncResult *res, - GError **error) -{ - gboolean result; - GSimpleAsyncResult *simple; - GAsyncResult *real_res; - GError *local_error; - - simple = G_SIMPLE_ASYNC_RESULT (res); - real_res = G_ASYNC_RESULT (g_simple_async_result_get_op_res_gpointer (simple)); - - g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == polkit_authority_obtain_authorization_async); - - result = _POLKIT_AUTHORIZATION_RESULT_NOT_AUTHORIZED; - - local_error = NULL; - result = _polkit_authority_obtain_authorization_finish (authority->real, - real_res, - &local_error); - - if (local_error != NULL) - { - if (local_error->domain == EGG_DBUS_ERROR && local_error->code == EGG_DBUS_ERROR_CANCELLED) - { - const gchar *cancellation_id; - - /* if the operation was cancelled locally, make sure to tell the daemon so the authentication - * dialog etc. can be removed - */ - cancellation_id = g_object_get_data (G_OBJECT (simple), "polkit-1-cancellation-id"); - if (cancellation_id != NULL) - { - _polkit_authority_cancel_obtain_authorization (authority->real, - EGG_DBUS_CALL_FLAGS_NONE, - cancellation_id, - NULL, - authorization_obtain_cancelled_cb, - NULL); - } - - g_set_error (error, - POLKIT_ERROR, - POLKIT_ERROR_CANCELLED, - "The operation was cancelled"); - g_error_free (local_error); - } - else - { - g_propagate_error (error, local_error); - } - } - - g_object_unref (real_res); - return result; -} - -/** - * polkit_authority_obtain_authorization_sync: - * @authority: A #PolkitAuthority. - * @subject: A #PolkitSubject. - * @action_id: The action to obtain for. - * @flags: A set of #PolkitObtainAuthorizationFlags. - * @cancellable: A #GCancellable or %NULL. - * @error: Return location for error or %NULL. - * - * Obtains a temporary authorization for @subject to perform the - * action represented by @action_id. - * - * Returns: %TRUE if the authorization was obtained, %FALSE if @error is set. - */ -gboolean -polkit_authority_obtain_authorization_sync (PolkitAuthority *authority, - PolkitSubject *subject, - const gchar *action_id, - GCancellable *cancellable, - GError **error) -{ - guint call_id; - GAsyncResult *res; - gboolean result; - - call_id = polkit_authority_obtain_authorization_async (authority, - subject, - action_id, - cancellable, - generic_cb, - &res); - - egg_dbus_connection_pending_call_block (authority->system_bus, call_id); - - result = polkit_authority_obtain_authorization_finish (authority, res, error); - - g_object_unref (res); - - return result; -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static guint polkit_authority_register_authentication_agent_async (PolkitAuthority *authority, const gchar *session_id, + const gchar *locale, const gchar *object_path, GCancellable *cancellable, GAsyncReadyCallback callback, @@ -754,6 +576,7 @@ polkit_authority_register_authentication_agent_async (PolkitAuthority *auth call_id = _polkit_authority_register_authentication_agent (authority->real, EGG_DBUS_CALL_FLAGS_NONE, session_id, + locale, object_path, cancellable, generic_async_cb, @@ -766,6 +589,7 @@ polkit_authority_register_authentication_agent_async (PolkitAuthority *auth * polkit_authority_register_authentication_agent: * @authority: A #PolkitAuthority. * @session_id: The identifier of the session to register for or %NULL for the session of the caller. + * @locale: The locale of the authentication agent. * @object_path: The object path for the authentication agent. * @cancellable: A #GCancellable or %NULL. * @callback: A #GAsyncReadyCallback to call when the request is satisfied. @@ -780,6 +604,7 @@ polkit_authority_register_authentication_agent_async (PolkitAuthority *auth void polkit_authority_register_authentication_agent (PolkitAuthority *authority, const gchar *session_id, + const gchar *locale, const gchar *object_path, GCancellable *cancellable, GAsyncReadyCallback callback, @@ -787,6 +612,7 @@ polkit_authority_register_authentication_agent (PolkitAuthority *authority, { polkit_authority_register_authentication_agent_async (authority, session_id, + locale, object_path, cancellable, callback, @@ -834,6 +660,7 @@ polkit_authority_register_authentication_agent_finish (PolkitAuthority *authorit * polkit_authority_register_authentication_agent_sync: * @authority: A #PolkitAuthority. * @session_id: The identifier of the session to register for or %NULL for the session of the caller. + * @locale: The locale of the authentication agent. * @object_path: The object path for the authentication agent. * @cancellable: A #GCancellable or %NULL. * @error: Return location for error or %NULL. @@ -845,6 +672,7 @@ polkit_authority_register_authentication_agent_finish (PolkitAuthority *authorit gboolean polkit_authority_register_authentication_agent_sync (PolkitAuthority *authority, const gchar *session_id, + const gchar *locale, const gchar *object_path, GCancellable *cancellable, GError **error) @@ -855,6 +683,7 @@ polkit_authority_register_authentication_agent_sync (PolkitAuthority *author call_id = polkit_authority_register_authentication_agent_async (authority, session_id, + locale, object_path, cancellable, generic_cb, diff --git a/src/polkit/polkitauthority.h b/src/polkit/polkitauthority.h index 15cf3cb..2aa74ae 100644 --- a/src/polkit/polkitauthority.h +++ b/src/polkit/polkitauthority.h @@ -65,18 +65,14 @@ GList *polkit_authority_enumerate_groups_sync (PolkitAuthori PolkitAuthorizationResult polkit_authority_check_authorization_sync (PolkitAuthority *authority, PolkitSubject *subject, const gchar *action_id, + GHashTable *details, PolkitCheckAuthorizationFlags flags, GCancellable *cancellable, GError **error); -gboolean polkit_authority_obtain_authorization_sync (PolkitAuthority *authority, - PolkitSubject *subject, - const gchar *action_id, - GCancellable *cancellable, - GError **error); - gboolean polkit_authority_register_authentication_agent_sync (PolkitAuthority *authority, const gchar *session_id, + const gchar *locale, const gchar *object_path, GCancellable *cancellable, GError **error); @@ -107,6 +103,7 @@ GList * polkit_authority_enumerate_actions_finish (PolkitAuth void polkit_authority_check_authorization (PolkitAuthority *authority, PolkitSubject *subject, const gchar *action_id, + GHashTable *details, PolkitCheckAuthorizationFlags flags, GCancellable *cancellable, GAsyncReadyCallback callback, @@ -116,19 +113,9 @@ PolkitAuthorizationResult polkit_authority_check_authorization_finish (PolkitAu GAsyncResult *res, GError **error); -void polkit_authority_obtain_authorization (PolkitAuthority *authority, - PolkitSubject *subject, - const gchar *action_id, - GCancellable *cancellable, - GAsyncReadyCallback callback, - gpointer user_data); - -gboolean polkit_authority_obtain_authorization_finish (PolkitAuthority *authority, - GAsyncResult *res, - GError **error); - void polkit_authority_register_authentication_agent (PolkitAuthority *authority, const gchar *session_id, + const gchar *locale, const gchar *object_path, GCancellable *cancellable, GAsyncReadyCallback callback, diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 23300a3..fb59b68 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -104,6 +104,7 @@ server_register (Server *server, local_error = NULL; if (!polkit_authority_register_authentication_agent_sync (server->authority, server->session_id, + g_getenv ("LANG"), server->object_path, NULL, &local_error)) @@ -358,6 +359,9 @@ auth_cb (GObject *source_object, static void handle_begin_authentication (_PolkitAuthenticationAgent *instance, const gchar *action_id, + const gchar *message, + const gchar *icon_name, + EggDBusHashMap *details, const gchar *cookie, EggDBusArraySeq *identities, EggDBusMethodInvocation *method_invocation) @@ -389,6 +393,9 @@ handle_begin_authentication (_PolkitAuthenticationAgent *instance, polkit_agent_listener_initiate_authentication (server->listener, action_id, + message, + icon_name, + details->data, cookie, list, data->cancellable, @@ -447,6 +454,9 @@ polkit_agent_listener_class_init (PolkitAgentListenerClass *klass) * polkit_agent_listener_initiate_authentication: * @listener: A #PolkitAgentListener. * @action_id: The action to authenticate for. + * @message: The message to present to the user. + * @icon_name: A themed icon name representing the action or %NULL. + * @details: A set of key/value string pairs describing the action. * @cookie: The cookie for the authentication request. * @identities: A list of #PolkitIdentity objects that the user can choose to authenticate as. * @cancellable: A #GCancellable. @@ -467,6 +477,9 @@ polkit_agent_listener_class_init (PolkitAgentListenerClass *klass) void polkit_agent_listener_initiate_authentication (PolkitAgentListener *listener, const gchar *action_id, + const gchar *message, + const gchar *icon_name, + GHashTable *details, const gchar *cookie, GList *identities, GCancellable *cancellable, @@ -475,6 +488,9 @@ polkit_agent_listener_initiate_authentication (PolkitAgentListener *listener, { POLKIT_AGENT_LISTENER_GET_CLASS (listener)->initiate_authentication (listener, action_id, + message, + icon_name, + details, cookie, identities, cancellable, diff --git a/src/polkitagent/polkitagentlistener.h b/src/polkitagent/polkitagentlistener.h index 59a8cc8..9324b92 100644 --- a/src/polkitagent/polkitagentlistener.h +++ b/src/polkitagent/polkitagentlistener.h @@ -67,6 +67,9 @@ struct _PolkitAgentListenerClass /* Vtable */ void (*initiate_authentication) (PolkitAgentListener *listener, const gchar *action_id, + const gchar *message, + const gchar *icon_name, + GHashTable *details, const gchar *cookie, GList *identities, GCancellable *cancellable, @@ -92,6 +95,9 @@ struct _PolkitAgentListenerClass GType polkit_agent_listener_get_type (void) G_GNUC_CONST; void polkit_agent_listener_initiate_authentication (PolkitAgentListener *listener, const gchar *action_id, + const gchar *message, + const gchar *icon_name, + GHashTable *details, const gchar *cookie, GList *identities, GCancellable *cancellable, diff --git a/src/polkitbackend/Makefile.am b/src/polkitbackend/Makefile.am index 51ebe3c..a49e131 100644 --- a/src/polkitbackend/Makefile.am +++ b/src/polkitbackend/Makefile.am @@ -43,6 +43,7 @@ libpolkit_backend_1include_HEADERS = \ polkitbackendactionpool.h \ polkitbackendsessionmonitor.h \ polkitbackendconfigsource.h \ + polkitbackendactionlookup.h \ $(NULL) libpolkit_backend_1_la_SOURCES = \ @@ -56,6 +57,7 @@ libpolkit_backend_1_la_SOURCES = \ polkitbackendactionpool.h polkitbackendactionpool.c \ polkitbackendsessionmonitor.h polkitbackendsessionmonitor.c \ polkitbackendconfigsource.h polkitbackendconfigsource.c \ + polkitbackendactionlookup.h polkitbackendactionlookup.c \ $(NULL) libpolkit_backend_1_la_CFLAGS = \ diff --git a/src/polkitbackend/polkitbackend.h b/src/polkitbackend/polkitbackend.h index 57a9842..3efa131 100644 --- a/src/polkitbackend/polkitbackend.h +++ b/src/polkitbackend/polkitbackend.h @@ -35,6 +35,7 @@ #include #include #include +#include #undef _POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H #endif /* __POLKIT_BACKEND_H */ diff --git a/src/polkitbackend/polkitbackendactionlookup.c b/src/polkitbackend/polkitbackendactionlookup.c new file mode 100644 index 0000000..64c43a9 --- /dev/null +++ b/src/polkitbackend/polkitbackendactionlookup.c @@ -0,0 +1,177 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#include "config.h" +#include +#include +#include +#include +#include +#include "polkitbackendactionlookup.h" + +#include "polkitbackendprivate.h" + +/** + * SECTION:polkitbackendactionlookup + * @title: PolkitBackendActionLookup + * @short_description: Interface used to provide data to authentication dialogs + * @stability: Unstable + * + * An interface that is used by backends to provide localized data + * shown in authentication dialogs. + * + * This inteface is intended for mechanisms to customize the message + * to show - a mechanism can provide a #GIOModule that registers one + * or more extensions that implement this interface. Every time an + * authentication dialog is shown, the registered extensions are + * consulted in priority order. + * + * This is useful if your mechanism wants to put up a message such as + * "Authentication is required to install 'Totem Movie Player'", + * e.g. messages that include more information than just the action + * name. + * + * Code implementing this interface cannot + * block or do any IO when methods are invoked. If information is + * needed to format the message or details, prepare it in advance and + * pass it as part of the @details hash table when doing the + * polkit_authority_check_authorization() call. Then the code in this + * interface can use that information to return localized data. + * + * Note that setlocale() and the LANG environment + * variable will be set up to match the locale of the authentication + * agent that is the receiver of the information. This means that code + * implementing this interface can use dgettext() or similar machinery + * to look up translations. + */ + +static void +base_init (gpointer g_iface) +{ +} + +GType +polkit_backend_action_lookup_get_type (void) +{ + static GType iface_type = 0; + + if (iface_type == 0) + { + static const GTypeInfo info = + { + sizeof (PolkitBackendActionLookupIface), + base_init, /* base_init */ + NULL, /* base_finalize */ + NULL, /* class_init */ + NULL, /* class_finalize */ + NULL, /* class_data */ + 0, /* instance_size */ + 0, /* n_preallocs */ + NULL, /* instance_init */ + NULL /* value_table */ + }; + + iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitBackendActionLookup", &info, 0); + + g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + } + + return iface_type; +} + +/** + * polkit_backend_action_lookup_get_message: + * @lookup: A #PolkitBackendActionLookup. + * @action_id: The action to get the message for. + * @details: Details passed to polkit_authority_check_authorization(). + * @action_description: A #PolkitActionDescription object for @action_id. + * + * Computes a message to show in an authentication dialog for + * @action_id and @details. + * + * Returns: A localized string to show in the authentication dialog or %NULL. Caller must free this string. + **/ +gchar * +polkit_backend_action_lookup_get_message (PolkitBackendActionLookup *lookup, + const gchar *action_id, + GHashTable *details, + PolkitActionDescription *action_description) +{ + PolkitBackendActionLookupIface *iface = POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE (lookup); + + if (iface->get_message == NULL) + return NULL; + else + return iface->get_message (lookup, action_id, details, action_description); +} + +/** + * polkit_backend_action_lookup_get_icon_name: + * @lookup: A #PolkitBackendActionLookup. + * @action_id: The action to get the themed icon for. + * @details: Details passed to polkit_authority_check_authorization(). + * @action_description: A #PolkitActionDescription object for @action_id. + * + * Computes a themed icon name to show in an authentication dialog for + * @action_id and @details. + * + * Returns: A themed icon name or %NULL. Caller must free this string. + **/ +gchar * +polkit_backend_action_lookup_get_icon_name (PolkitBackendActionLookup *lookup, + const gchar *action_id, + GHashTable *details, + PolkitActionDescription *action_description) +{ + PolkitBackendActionLookupIface *iface = POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE (lookup); + + if (iface->get_icon_name == NULL) + return NULL; + else + return iface->get_icon_name (lookup, action_id, details, action_description); +} + +/** + * polkit_backend_action_lookup_get_details: + * @lookup: A #PolkitBackendActionLookup. + * @action_id: The action to get the details for. + * @details: Details passed to polkit_authority_check_authorization(). + * @action_description: A #PolkitActionDescription object for @action_id. + * + * Computes localized details to show in an authentication dialog for + * @action_id and @details. + * + * Returns: A #GHashTable with localized details or %NULL. Caller must free the result. + **/ +GHashTable * +polkit_backend_action_lookup_get_details (PolkitBackendActionLookup *lookup, + const gchar *action_id, + GHashTable *details, + PolkitActionDescription *action_description) +{ + PolkitBackendActionLookupIface *iface = POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE (lookup); + + if (iface->get_details == NULL) + return NULL; + else + return iface->get_details (lookup, action_id, details, action_description); +} + diff --git a/src/polkitbackend/polkitbackendactionlookup.h b/src/polkitbackend/polkitbackendactionlookup.h new file mode 100644 index 0000000..bb93c17 --- /dev/null +++ b/src/polkitbackend/polkitbackendactionlookup.h @@ -0,0 +1,105 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_BACKEND_COMPILATION) && !defined(_POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + +#ifndef __POLKIT_BACKEND_ACTION_LOOKUP_H +#define __POLKIT_BACKEND_ACTION_LOOKUP_H + +#include +#include "polkitbackendtypes.h" + +G_BEGIN_DECLS + +/** + * POLKIT_BACKEND_ACTION_LOOKUP_EXTENSION_POINT_NAME: + * + * Extension point name for looking up action information. + */ +#define POLKIT_BACKEND_ACTION_LOOKUP_EXTENSION_POINT_NAME "polkit-backend-action-lookup-1" + +#define POLKIT_BACKEND_TYPE_ACTION_LOOKUP (polkit_backend_action_lookup_get_type()) +#define POLKIT_BACKEND_ACTION_LOOKUP(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_BACKEND_TYPE_ACTION_LOOKUP, PolkitBackendActionLookup)) +#define POLKIT_BACKEND_IS_ACTION_LOOKUP(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_BACKEND_TYPE_ACTION_LOOKUP)) +#define POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE(o) (G_TYPE_INSTANCE_GET_INTERFACE((o), POLKIT_BACKEND_TYPE_ACTION_LOOKUP, PolkitBackendActionLookupIface)) + +#if 0 +/** + * PolkitBackendActionLookup: + * + * Opaque object for #PolkitBackendActionLookupIface. + */ +typedef struct _PolkitBackendActionLookup PolkitBackendActionLookup; /* Dummy typedef */ +#endif +typedef struct _PolkitBackendActionLookupIface PolkitBackendActionLookupIface; + +/** + * PolkitBackendActionLookupIface: + * @get_message: See polkit_backend_action_lookup_get_message(). + * @get_icon_name: See polkit_backend_action_lookup_get_icon_name(). + * @get_details: See polkit_backend_action_lookup_get_details(). + * + * Interface that is used by backends to provide localized data shown + * in authentication dialogs. + */ +struct _PolkitBackendActionLookupIface +{ + /*< private >*/ + GTypeInterface parent_iface; + + /*< public >*/ + /* VTable */ + + gchar * (*get_message) (PolkitBackendActionLookup *lookup, + const gchar *action_id, + GHashTable *details, + PolkitActionDescription *action_description); + + gchar * (*get_icon_name) (PolkitBackendActionLookup *lookup, + const gchar *action_id, + GHashTable *details, + PolkitActionDescription *action_description); + + GHashTable * (*get_details) (PolkitBackendActionLookup *lookup, + const gchar *action_id, + GHashTable *details, + PolkitActionDescription *action_description); +}; + +GType polkit_backend_action_lookup_get_type (void) G_GNUC_CONST; +gchar *polkit_backend_action_lookup_get_message (PolkitBackendActionLookup *lookup, + const gchar *action_id, + GHashTable *details, + PolkitActionDescription *action_description); +gchar *polkit_backend_action_lookup_get_icon_name (PolkitBackendActionLookup *lookup, + const gchar *action_id, + GHashTable *details, + PolkitActionDescription *action_description); +GHashTable *polkit_backend_action_lookup_get_details (PolkitBackendActionLookup *lookup, + const gchar *action_id, + GHashTable *details, + PolkitActionDescription *action_description); + +G_END_DECLS + +#endif /* __POLKIT_BACKEND_ACTION_LOOKUP_H */ diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index 961fc49..b53513f 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -26,6 +26,7 @@ #include #include #include "polkitbackendauthority.h" +#include "polkitbackendactionlookup.h" #include "polkitbackendlocalauthority.h" #include "polkitbackendprivate.h" @@ -203,6 +204,7 @@ polkit_backend_authority_enumerate_groups (PolkitBackendAuthority *authority, * @caller: The system bus name that initiated the query. * @subject: A #PolkitSubject. * @action_id: The action to check for. + * @details: Details about the action or %NULL. * @flags: A set of #PolkitCheckAuthorizationFlags. * @cancellable: A #GCancellable. * @callback: A #GAsyncReadyCallback to call when the request is satisfied. @@ -220,6 +222,7 @@ polkit_backend_authority_check_authorization (PolkitBackendAuthority *aut PolkitSubject *caller, PolkitSubject *subject, const gchar *action_id, + GHashTable *details, PolkitCheckAuthorizationFlags flags, GCancellable *cancellable, GAsyncReadyCallback callback, @@ -246,7 +249,7 @@ polkit_backend_authority_check_authorization (PolkitBackendAuthority *aut } else { - klass->check_authorization (authority, caller, subject, action_id, flags, cancellable, callback, user_data); + klass->check_authorization (authority, caller, subject, action_id, details, flags, cancellable, callback, user_data); } } @@ -284,89 +287,6 @@ polkit_backend_authority_check_authorization_finish (PolkitBackendAuthority *au /* ---------------------------------------------------------------------------------------------------- */ /** - * polkit_backend_authority_obtain_authorization: - * @authority: A #PolkitBackendAuthority. - * @caller: The system bus name that initiated the query. - * @subject: A #PolkitSubject. - * @action_id: The action to obtain. - * @cancellable: A #GCancellable. - * @callback: A #GAsyncReadyCallback to call when the request is satisfied. - * @user_data: The data to pass to @callback. - * - * Asynchronously obtains a temporary authorization for @subject to - * perform the action represented by @action_id. If @subject is already - * authorized for @action_id, return %TRUE. If @action_id doesn't allow - * temporary authorizations, return a %POLKIT_ERROR_FAILED error. - * - * When the operation is finished, @callback will be invoked. You can then - * call polkit_backend_authority_obtain_authorization_finish() to get the result of - * the operation. - **/ -void -polkit_backend_authority_obtain_authorization (PolkitBackendAuthority *authority, - PolkitSubject *caller, - PolkitSubject *subject, - const gchar *action_id, - GCancellable *cancellable, - GAsyncReadyCallback callback, - gpointer user_data) -{ - PolkitBackendAuthorityClass *klass; - - klass = POLKIT_BACKEND_AUTHORITY_GET_CLASS (authority); - - if (klass->obtain_authorization == NULL) - { - GSimpleAsyncResult *simple; - - simple = g_simple_async_result_new_error (G_OBJECT (authority), - callback, - user_data, - POLKIT_ERROR, - POLKIT_ERROR_NOT_SUPPORTED, - "Operation not supported"); - g_simple_async_result_complete (simple); - g_object_unref (simple); - } - else - { - klass->obtain_authorization (authority, caller, subject, action_id, cancellable, callback, user_data); - } -} - -/** - * polkit_backend_authority_obtain_authorization_finish: - * @authority: A #PolkitBackendAuthority. - * @res: A #GAsyncResult obtained from the callback. - * @error: Return location for error or %NULL. - * - * Finishes obtaining an authorization. - * - * Returns: %TRUE if the authorization was obtained, %FALSE if @error is set. - **/ -gboolean -polkit_backend_authority_obtain_authorization_finish (PolkitBackendAuthority *authority, - GAsyncResult *res, - GError **error) -{ - PolkitBackendAuthorityClass *klass; - - klass = POLKIT_BACKEND_AUTHORITY_GET_CLASS (authority); - - if (klass->obtain_authorization_finish == NULL) - { - g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (res), error); - return FALSE; - } - else - { - return klass->obtain_authorization_finish (authority, res, error); - } -} - -/* ---------------------------------------------------------------------------------------------------- */ - -/** * polkit_backend_authority_enumerate_authorizations: * @authority: A #PolkitBackendAuthority. * @caller: The system bus name that initiated the query. @@ -481,6 +401,7 @@ polkit_backend_authority_remove_authorization (PolkitBackendAuthority *autho * @authority: A #PolkitBackendAuthority. * @caller: The system bus name that initiated the query. * @session_id: The identifier of the session to register for or %NULL for the session of the caller. + * @locale: The locale of the authentication agent. * @object_path: The object path for the authentication agent. * @error: Return location for error or %NULL. * @@ -492,6 +413,7 @@ gboolean polkit_backend_authority_register_authentication_agent (PolkitBackendAuthority *authority, PolkitSubject *caller, const gchar *session_id, + const gchar *locale, const gchar *object_path, GError **error) { @@ -509,7 +431,7 @@ polkit_backend_authority_register_authentication_agent (PolkitBackendAuthority } else { - return klass->register_authentication_agent (authority, caller, session_id, object_path, error); + return klass->register_authentication_agent (authority, caller, session_id, locale, object_path, error); } } @@ -895,6 +817,7 @@ static void authority_handle_check_authorization (_PolkitAuthority *instance, _PolkitSubject *real_subject, const gchar *action_id, + EggDBusHashMap *real_details, _PolkitCheckAuthorizationFlags flags, const gchar *cancellation_id, EggDBusMethodInvocation *method_invocation) @@ -904,12 +827,15 @@ authority_handle_check_authorization (_PolkitAuthority *instance, PolkitSubject *subject; PolkitSubject *caller; GCancellable *cancellable; + GHashTable *details; caller_name = egg_dbus_method_invocation_get_caller (method_invocation); caller = polkit_system_bus_name_new (caller_name); subject = polkit_subject_new_for_real (real_subject); + details = real_details->data; + g_object_set_data_full (G_OBJECT (method_invocation), "caller", caller, (GDestroyNotify) g_object_unref); g_object_set_data_full (G_OBJECT (method_invocation), "subject", subject, (GDestroyNotify) g_object_unref); @@ -946,6 +872,7 @@ authority_handle_check_authorization (_PolkitAuthority *instance, caller, subject, action_id, + details, flags, cancellable, check_auth_cb, @@ -991,136 +918,6 @@ authority_handle_cancel_check_authorization (_PolkitAuthority *ins /* ---------------------------------------------------------------------------------------------------- */ static void -obtain_auth_cb (GObject *source_object, - GAsyncResult *res, - gpointer user_data) -{ - EggDBusMethodInvocation *method_invocation = EGG_DBUS_METHOD_INVOCATION (user_data); - const gchar *full_cancellation_id; - GError *error; - - error = NULL; - polkit_backend_authority_obtain_authorization_finish (POLKIT_BACKEND_AUTHORITY (source_object), - res, - &error); - - full_cancellation_id = g_object_get_data (G_OBJECT (method_invocation), "cancellation-id"); - if (full_cancellation_id != NULL) - { - Server *server; - server = SERVER (g_object_get_data (G_OBJECT (method_invocation), "server")); - g_hash_table_remove (server->cancellation_id_to_cancellable, full_cancellation_id); - } - - if (error != NULL) - { - egg_dbus_method_invocation_return_gerror (method_invocation, error); - g_error_free (error); - } - else - { - _polkit_authority_handle_obtain_authorization_finish (method_invocation); - } -} - -static void -authority_handle_obtain_authorization (_PolkitAuthority *instance, - _PolkitSubject *real_subject, - const gchar *action_id, - const gchar *cancellation_id, - EggDBusMethodInvocation *method_invocation) -{ - Server *server = SERVER (instance); - const gchar *caller_name; - PolkitSubject *subject; - PolkitSubject *caller; - GCancellable *cancellable; - - caller_name = egg_dbus_method_invocation_get_caller (method_invocation); - caller = polkit_system_bus_name_new (caller_name); - - subject = polkit_subject_new_for_real (real_subject); - - g_object_set_data_full (G_OBJECT (method_invocation), "caller", caller, (GDestroyNotify) g_object_unref); - g_object_set_data_full (G_OBJECT (method_invocation), "subject", subject, (GDestroyNotify) g_object_unref); - - cancellable = NULL; - if (cancellation_id != NULL && strlen (cancellation_id) > 0) - { - gchar *full_cancellation_id; - - full_cancellation_id = g_strdup_printf ("%s-%s", caller_name, cancellation_id); - - if (g_hash_table_lookup (server->cancellation_id_to_cancellable, full_cancellation_id) != NULL) - { - egg_dbus_method_invocation_return_error (method_invocation, - _POLKIT_ERROR, - _POLKIT_ERROR_CANCELLATION_ID_NOT_UNIQUE, - "Given cancellation_id %s is already in use for name %s", - cancellation_id, - caller_name); - g_free (full_cancellation_id); - goto out; - } - - cancellable = g_cancellable_new (); - - g_hash_table_insert (server->cancellation_id_to_cancellable, - full_cancellation_id, - cancellable); - - g_object_set_data (G_OBJECT (method_invocation), "server", server); - g_object_set_data (G_OBJECT (method_invocation), "cancellation-id", full_cancellation_id); - } - - polkit_backend_authority_obtain_authorization (server->authority, - caller, - subject, - action_id, - cancellable, - obtain_auth_cb, - method_invocation); - out: - ; -} - -static void -authority_handle_cancel_obtain_authorization (_PolkitAuthority *instance, - const gchar *cancellation_id, - EggDBusMethodInvocation *method_invocation) -{ - Server *server = SERVER (instance); - GCancellable *cancellable; - const gchar *caller_name; - gchar *full_cancellation_id; - - caller_name = egg_dbus_method_invocation_get_caller (method_invocation); - - full_cancellation_id = g_strdup_printf ("%s-%s", caller_name, cancellation_id); - - cancellable = g_hash_table_lookup (server->cancellation_id_to_cancellable, full_cancellation_id); - if (cancellable == NULL) - { - egg_dbus_method_invocation_return_error (method_invocation, - _POLKIT_ERROR, - _POLKIT_ERROR_FAILED, - "No such cancellation_id %s for name %s", - cancellation_id, - caller_name); - goto out; - } - - g_cancellable_cancel (cancellable); - - _polkit_authority_handle_cancel_obtain_authorization_finish (method_invocation); - - out: - g_free (full_cancellation_id); -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static void authority_manager_handle_enumerate_authorizations (_PolkitAuthorityManager *instance, _PolkitIdentity *real_identity, EggDBusMethodInvocation *method_invocation) @@ -1266,6 +1063,7 @@ authority_manager_handle_remove_authorization (_PolkitAuthorityManager *i static void authority_handle_register_authentication_agent (_PolkitAuthority *instance, const gchar *session_id, + const gchar *locale, const gchar *object_path, EggDBusMethodInvocation *method_invocation) { @@ -1279,6 +1077,7 @@ authority_handle_register_authentication_agent (_PolkitAuthority * if (!polkit_backend_authority_register_authentication_agent (server->authority, caller, session_id, + locale, object_path, &error)) { @@ -1370,8 +1169,6 @@ authority_iface_init (_PolkitAuthorityIface *authority_iface) authority_iface->handle_enumerate_actions = authority_handle_enumerate_actions; authority_iface->handle_check_authorization = authority_handle_check_authorization; authority_iface->handle_cancel_check_authorization = authority_handle_cancel_check_authorization; - authority_iface->handle_obtain_authorization = authority_handle_obtain_authorization; - authority_iface->handle_cancel_obtain_authorization = authority_handle_cancel_obtain_authorization; authority_iface->handle_register_authentication_agent = authority_handle_register_authentication_agent; authority_iface->handle_unregister_authentication_agent = authority_handle_unregister_authentication_agent; authority_iface->handle_authentication_agent_response = authority_handle_authentication_agent_response; @@ -1497,18 +1294,24 @@ PolkitBackendAuthority * polkit_backend_authority_get (void) { static GIOExtensionPoint *ep = NULL; + static GIOExtensionPoint *ep_action_lookup = NULL; static volatile GType local_authority_type = G_TYPE_INVALID; GList *modules; GList *authority_implementations; GType authority_type; PolkitBackendAuthority *authority; - /* define the extension point */ + /* define extension points */ if (ep == NULL) { ep = g_io_extension_point_register (POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME); g_io_extension_point_set_required_type (ep, POLKIT_BACKEND_TYPE_AUTHORITY); } + if (ep_action_lookup == NULL) + { + ep_action_lookup = g_io_extension_point_register (POLKIT_BACKEND_ACTION_LOOKUP_EXTENSION_POINT_NAME); + g_io_extension_point_set_required_type (ep_action_lookup, POLKIT_BACKEND_TYPE_ACTION_LOOKUP); + } /* make sure local types are registered */ if (local_authority_type == G_TYPE_INVALID) diff --git a/src/polkitbackend/polkitbackendauthority.h b/src/polkitbackend/polkitbackendauthority.h index ce63f5d..bb9d5e9 100644 --- a/src/polkitbackend/polkitbackendauthority.h +++ b/src/polkitbackend/polkitbackendauthority.h @@ -70,13 +70,6 @@ struct _PolkitBackendAuthority * @check_authorization_finish: Called when finishing an authorization * check. See polkit_backend_authority_check_authorization_finish() * for details. - * @obtain_authorization: Called to obtain an authorization or %NULL - * if the backend doesn't support the operation. See - * polkit_backend_authority_obtain_authorization() for details. - * @obtain_authorization_finish: Called when finishing obtaining - * an authorization or %NULL if the backend doesn't support the - * operation. See polkit_backend_authority_obtain_authorization_finish() - * for details. * @register_authentication_agent: Called when an authentication agent * is attempting to register or %NULL if the backend doesn't support * the operation. See @@ -130,6 +123,7 @@ struct _PolkitBackendAuthorityClass PolkitSubject *caller, PolkitSubject *subject, const gchar *action_id, + GHashTable *details, PolkitCheckAuthorizationFlags flags, GCancellable *cancellable, GAsyncReadyCallback callback, @@ -139,21 +133,10 @@ struct _PolkitBackendAuthorityClass GAsyncResult *res, GError **error); - void (*obtain_authorization) (PolkitBackendAuthority *authority, - PolkitSubject *caller, - PolkitSubject *subject, - const gchar *action_id, - GCancellable *cancellable, - GAsyncReadyCallback callback, - gpointer user_data); - - gboolean (*obtain_authorization_finish) (PolkitBackendAuthority *authority, - GAsyncResult *res, - GError **error); - gboolean (*register_authentication_agent) (PolkitBackendAuthority *authority, PolkitSubject *caller, const gchar *session_id, + const gchar *locale, const gchar *object_path, GError **error); @@ -238,6 +221,7 @@ void polkit_backend_authority_check_authorization (PolkitBackendAuthor PolkitSubject *caller, PolkitSubject *subject, const gchar *action_id, + GHashTable *details, PolkitCheckAuthorizationFlags flags, GCancellable *cancellable, GAsyncReadyCallback callback, @@ -247,18 +231,6 @@ PolkitAuthorizationResult polkit_backend_authority_check_authorization_finish (P GAsyncResult *res, GError **error); -void polkit_backend_authority_obtain_authorization (PolkitBackendAuthority *authority, - PolkitSubject *caller, - PolkitSubject *subject, - const gchar *action_id, - GCancellable *cancellable, - GAsyncReadyCallback callback, - gpointer user_data); - -gboolean polkit_backend_authority_obtain_authorization_finish (PolkitBackendAuthority *authority, - GAsyncResult *res, - GError **error); - GList *polkit_backend_authority_enumerate_authorizations (PolkitBackendAuthority *authority, PolkitSubject *caller, PolkitIdentity *identity, @@ -279,6 +251,7 @@ gboolean polkit_backend_authority_remove_authorization (PolkitBackendAuthor gboolean polkit_backend_authority_register_authentication_agent (PolkitBackendAuthority *authority, PolkitSubject *caller, const gchar *session_id, + const gchar *locale, const gchar *object_path, GError **error); diff --git a/src/polkitbackend/polkitbackendlocalauthority.c b/src/polkitbackend/polkitbackendlocalauthority.c index 7bbbe2d..74e6b3e 100644 --- a/src/polkitbackend/polkitbackendlocalauthority.c +++ b/src/polkitbackend/polkitbackendlocalauthority.c @@ -25,12 +25,14 @@ #include #include #include +#include #include #include "polkitbackendlocalauthority.h" #include "polkitbackendactionpool.h" #include "polkitbackendsessionmonitor.h" #include "polkitbackendconfigsource.h" +#include "polkitbackendactionlookup.h" #include @@ -92,6 +94,7 @@ static void authentication_agent_initiate_challenge (Authenticati PolkitIdentity *user_of_subject, PolkitBackendLocalAuthority *authority, const gchar *action_id, + GHashTable *details, PolkitSubject *caller, PolkitImplicitAuthorization implicit_authorization, GCancellable *cancellable, @@ -164,6 +167,7 @@ static void polkit_backend_local_authority_check_authorization (PolkitBackendAut PolkitSubject *caller, PolkitSubject *subject, const gchar *action_id, + GHashTable *details, PolkitCheckAuthorizationFlags flags, GCancellable *cancellable, GAsyncReadyCallback callback, @@ -174,18 +178,6 @@ static PolkitAuthorizationResult polkit_backend_local_authority_check_authorizat GAsyncResult *res, GError **error); -static void polkit_backend_local_authority_obtain_authorization (PolkitBackendAuthority *authority, - PolkitSubject *caller, - PolkitSubject *subject, - const gchar *action_id, - GCancellable *cancellable, - GAsyncReadyCallback callback, - gpointer user_data); - -static gboolean polkit_backend_local_authority_obtain_authorization_finish (PolkitBackendAuthority *authority, - GAsyncResult *res, - GError **error); - static PolkitAuthorizationResult check_authorization_sync (PolkitBackendAuthority *authority, PolkitSubject *subject, const gchar *action_id, @@ -213,6 +205,7 @@ static gboolean polkit_backend_local_authority_remove_authorization (PolkitBacke static gboolean polkit_backend_local_authority_register_authentication_agent (PolkitBackendAuthority *authority, PolkitSubject *caller, const gchar *session_id, + const gchar *locale, const gchar *object_path, GError **error); @@ -322,8 +315,6 @@ polkit_backend_local_authority_class_init (PolkitBackendLocalAuthorityClass *kla authority_class->enumerate_groups = polkit_backend_local_authority_enumerate_groups; authority_class->check_authorization = polkit_backend_local_authority_check_authorization; authority_class->check_authorization_finish = polkit_backend_local_authority_check_authorization_finish; - authority_class->obtain_authorization = polkit_backend_local_authority_obtain_authorization; - authority_class->obtain_authorization_finish = polkit_backend_local_authority_obtain_authorization_finish; authority_class->enumerate_authorizations = polkit_backend_local_authority_enumerate_authorizations; authority_class->add_authorization = polkit_backend_local_authority_add_authorization; authority_class->remove_authorization = polkit_backend_local_authority_remove_authorization; @@ -453,251 +444,6 @@ polkit_backend_local_authority_enumerate_groups (PolkitBackendAuthority *autho /* ---------------------------------------------------------------------------------------------------- */ static void -obtain_authorization_challenge_cb (AuthenticationAgent *agent, - PolkitSubject *subject, - PolkitIdentity *user_of_subject, - PolkitBackendLocalAuthority *authority, - const gchar *action_id, - PolkitImplicitAuthorization implicit_authorization, - gboolean authentication_success, - gpointer user_data) -{ - GSimpleAsyncResult *simple = G_SIMPLE_ASYNC_RESULT (user_data); - gchar *subject_str; - - subject_str = polkit_subject_to_string (subject); - - g_debug ("In obtain_authorization_challenge_cb\n" - " subject %s\n" - " action_id %s\n" - " authentication_success %d\n", - subject_str, - action_id, - authentication_success); - - if (authentication_success) - { - GError *error; - PolkitAuthorization *authorization; - - authorization = polkit_authorization_new (action_id, - subject, - FALSE); - - if (!add_authorization_for_identity (authority, - user_of_subject, - authorization, - &error)) - { - g_simple_async_result_set_from_error (simple, error); - g_error_free (error); - } - } - else - { - g_simple_async_result_set_error (simple, - POLKIT_ERROR, - POLKIT_ERROR_FAILED, - "Could not obtain authorization"); - } - - g_simple_async_result_complete (simple); - g_object_unref (simple); - - g_free (subject_str); -} - -static gboolean -polkit_backend_local_authority_obtain_authorization_finish (PolkitBackendAuthority *authority, - GAsyncResult *res, - GError **error) -{ - GSimpleAsyncResult *simple; - - simple = G_SIMPLE_ASYNC_RESULT (res); - - g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == polkit_backend_local_authority_obtain_authorization); - - return g_simple_async_result_propagate_error (simple, error); -} - -static void -polkit_backend_local_authority_obtain_authorization (PolkitBackendAuthority *authority, - PolkitSubject *caller, - PolkitSubject *subject, - const gchar *action_id, - GCancellable *cancellable, - GAsyncReadyCallback callback, - gpointer user_data) -{ - PolkitBackendLocalAuthority *local_authority; - PolkitBackendLocalAuthorityPrivate *priv; - gchar *caller_str; - gchar *subject_str; - PolkitIdentity *user_of_caller; - PolkitIdentity *user_of_subject; - gchar *user_of_caller_str; - gchar *user_of_subject_str; - PolkitAuthorizationResult result; - PolkitImplicitAuthorization implicit_authorization; - GError *error; - GSimpleAsyncResult *simple; - - local_authority = POLKIT_BACKEND_LOCAL_AUTHORITY (authority); - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (local_authority); - - error = NULL; - caller_str = NULL; - subject_str = NULL; - user_of_caller = NULL; - user_of_subject = NULL; - user_of_caller_str = NULL; - user_of_subject_str = NULL; - - simple = g_simple_async_result_new (G_OBJECT (authority), - callback, - user_data, - polkit_backend_local_authority_obtain_authorization); - - caller_str = polkit_subject_to_string (caller); - subject_str = polkit_subject_to_string (subject); - - g_debug ("%s is attempting to obtain an temporary authorization for %s to perform %s", - caller_str, - subject_str, - action_id); - - user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - caller, - &error); - if (error != NULL) - { - g_simple_async_result_set_from_error (simple, error); - g_simple_async_result_complete (simple); - g_object_unref (simple); - g_error_free (error); - goto out; - } - - user_of_caller_str = polkit_identity_to_string (user_of_caller); - g_debug (" user of caller is %s", user_of_caller_str); - - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - subject, - &error); - if (error != NULL) - { - g_simple_async_result_set_from_error (simple, error); - g_simple_async_result_complete (simple); - g_object_unref (simple); - g_error_free (error); - goto out; - } - - user_of_subject_str = polkit_identity_to_string (user_of_subject); - g_debug (" user of subject is %s", user_of_subject_str); - - /* if the user of the caller and the user of the subject isn't the same, then fail */ - if (!polkit_identity_equal (user_of_caller, user_of_subject)) - { - g_simple_async_result_set_error (simple, - POLKIT_ERROR, - POLKIT_ERROR_NOT_AUTHORIZED, - "%s is not authorized to request an authorization for %s", - caller_str, - subject_str); - g_simple_async_result_complete (simple); - g_object_unref (simple); - goto out; - } - - /* see if subject already has an authorization */ - result = check_authorization_sync (authority, - subject, - action_id, - POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE, - &implicit_authorization, - &error); - if (error != NULL) - { - g_simple_async_result_set_from_error (simple, error); - g_simple_async_result_complete (simple); - g_object_unref (simple); - g_error_free (error); - goto out; - } - - /* If the user can indeed obtain the authorization and the authorization can be retained, then do so */ - if (result == POLKIT_AUTHORIZATION_RESULT_CHALLENGE && - (implicit_authorization == POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED_RETAINED || - implicit_authorization == POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED_RETAINED)) - { - AuthenticationAgent *agent; - - agent = get_authentication_agent_for_subject (local_authority, subject); - if (agent == NULL) - { - g_simple_async_result_set_error (simple, - POLKIT_ERROR, - POLKIT_ERROR_FAILED, - "Authorization can be obtained, but no suitable authentication agent is available"); - g_simple_async_result_complete (simple); - g_object_unref (simple); - goto out; - } - else - { - g_debug (" using authentication agent for challenge to obtain an authorization"); - - authentication_agent_initiate_challenge (agent, - subject, - user_of_subject, - local_authority, - action_id, - caller, - implicit_authorization, - cancellable, - obtain_authorization_challenge_cb, - simple); - - /* keep going */ - goto out; - } - } - - /* if the subject is already authorized, return without an error */ - if (result == POLKIT_AUTHORIZATION_RESULT_AUTHORIZED) - { - g_simple_async_result_complete (simple); - g_object_unref (simple); - goto out; - } - - /* otherwise return an error */ - g_simple_async_result_set_error (simple, - POLKIT_ERROR, - POLKIT_ERROR_FAILED, - "Desired authorization cannot be obtained. This incident has been logged."); - g_simple_async_result_complete (simple); - g_object_unref (simple); - - out: - - if (user_of_caller != NULL) - g_object_unref (user_of_caller); - - if (user_of_subject != NULL) - g_object_unref (user_of_subject); - - g_free (caller_str); - g_free (subject_str); - g_free (user_of_caller_str); - g_free (user_of_subject_str); -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static void check_authorization_challenge_cb (AuthenticationAgent *agent, PolkitSubject *subject, PolkitIdentity *user_of_subject, @@ -793,6 +539,7 @@ polkit_backend_local_authority_check_authorization (PolkitBackendAuthority PolkitSubject *caller, PolkitSubject *subject, const gchar *action_id, + GHashTable *details, PolkitCheckAuthorizationFlags flags, GCancellable *cancellable, GAsyncReadyCallback callback, @@ -850,6 +597,20 @@ polkit_backend_local_authority_check_authorization (PolkitBackendAuthority user_of_caller_str = polkit_identity_to_string (user_of_caller); g_debug (" user of caller is %s", user_of_caller_str); + /* we only allow trusted callers (uid 0 + others) to check authorizations */ + if (!POLKIT_IS_UNIX_USER (user_of_caller) || + polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) != 0) /* TODO: allow other uids like 'haldaemon' */ + { + g_simple_async_result_set_error (simple, + POLKIT_ERROR, + POLKIT_ERROR_NOT_AUTHORIZED, + "Only trusted callers can use CheckAuthorization(), %s is not trusted", + user_of_caller_str); + g_simple_async_result_complete (simple); + g_object_unref (simple); + goto out; + } + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, &error); @@ -865,40 +626,7 @@ polkit_backend_local_authority_check_authorization (PolkitBackendAuthority user_of_subject_str = polkit_identity_to_string (user_of_subject); g_debug (" user of subject is %s", user_of_subject_str); - /* if the user of the caller and the user of the subject isn't the same, then - * the org.freedesktop.policykit.read authorization is required for the caller - */ - if (!polkit_identity_equal (user_of_caller, user_of_subject)) - { - result = check_authorization_sync (authority, - caller, - "org.freedesktop.policykit.read", - POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE, /* no user interaction */ - NULL, - &error); - - if (error != NULL) - { - g_simple_async_result_set_from_error (simple, error); - g_simple_async_result_complete (simple); - g_object_unref (simple); - g_error_free (error); - goto out; - } - else if (result != POLKIT_AUTHORIZATION_RESULT_AUTHORIZED) - { - g_simple_async_result_set_error (simple, - POLKIT_ERROR, - POLKIT_ERROR_NOT_AUTHORIZED, - "%s is not authorized to know about authorizations for %s (requires org.freedesktop.policykit.read authorization)", - caller_str, - subject_str); - g_simple_async_result_complete (simple); - g_object_unref (simple); - goto out; - } - } - + implicit_authorization = POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED; result = check_authorization_sync (authority, subject, action_id, @@ -940,6 +668,7 @@ polkit_backend_local_authority_check_authorization (PolkitBackendAuthority user_of_subject, local_authority, action_id, + details, caller, implicit_authorization, cancellable, @@ -1373,6 +1102,7 @@ struct AuthenticationAgent { PolkitSubject *session; + gchar *locale; gchar *object_path; gchar *unique_system_bus_name; @@ -1515,6 +1245,7 @@ authentication_agent_free (AuthenticationAgent *agent) g_object_unref (agent->object_proxy); g_object_unref (agent->session); + g_free (agent->locale); g_free (agent->object_path); g_free (agent->unique_system_bus_name); g_free (agent); @@ -1523,6 +1254,7 @@ authentication_agent_free (AuthenticationAgent *agent) static AuthenticationAgent * authentication_agent_new (PolkitSubject *session, const gchar *unique_system_bus_name, + const gchar *locale, const gchar *object_path) { AuthenticationAgent *agent; @@ -1533,6 +1265,7 @@ authentication_agent_new (PolkitSubject *session, agent->session = g_object_ref (session); agent->object_path = g_strdup (object_path); agent->unique_system_bus_name = g_strdup (unique_system_bus_name); + agent->locale = g_strdup (locale); system_bus = egg_dbus_connection_get_for_bus (EGG_DBUS_BUS_TYPE_SYSTEM); @@ -1768,12 +1501,161 @@ get_admin_auth_identities (PolkitBackendLocalAuthority *authority) return ret; } +static GList * +get_action_lookup_list (void) +{ + GList *extensions; + GList *l; + GIOExtensionPoint *action_lookup_ep; + static GList *action_lookup_list = NULL; + static gboolean have_looked_up_extensions = FALSE; + + if (have_looked_up_extensions) + goto out; + + action_lookup_ep = g_io_extension_point_lookup (POLKIT_BACKEND_ACTION_LOOKUP_EXTENSION_POINT_NAME); + g_assert (action_lookup_ep != NULL); + + extensions = g_io_extension_point_get_extensions (action_lookup_ep); + for (l = extensions; l != NULL; l = l->next) + { + GIOExtension *extension = l->data; + PolkitBackendActionLookup *lookup; + + lookup = g_object_new (g_io_extension_get_type (extension), NULL); + action_lookup_list = g_list_prepend (action_lookup_list, lookup); + } + action_lookup_list = g_list_reverse (action_lookup_list); + + out: + have_looked_up_extensions = TRUE; + return action_lookup_list; +} + +static void +get_localized_data_for_challenge (PolkitBackendLocalAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + PolkitIdentity *user_of_subject, + const gchar *action_id, + GHashTable *details, + const gchar *locale, + gchar **out_localized_message, + gchar **out_localized_icon_name, + EggDBusHashMap **out_localized_details) +{ + PolkitBackendLocalAuthorityPrivate *priv; + PolkitActionDescription *action_desc; + GHashTableIter iter; + const gchar *key; + const gchar *value; + GList *action_lookup_list; + GList *l; + gchar *message; + gchar *icon_name; + GHashTable *localized_details; + + priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (authority); + + message = NULL; + icon_name = NULL; + localized_details = NULL; + action_desc = NULL; + + *out_localized_message = NULL; + *out_localized_icon_name = NULL; + *out_localized_details = egg_dbus_hash_map_new (G_TYPE_STRING, NULL, + G_TYPE_STRING, NULL); + + action_desc = polkit_backend_action_pool_get_action (priv->action_pool, + action_id, + locale); + if (action_desc == NULL) + goto out; + + /* Set LANG and locale so gettext() + friends work when running the code in the extensions */ + if (setlocale (LC_ALL, locale) == NULL) + { + g_warning ("Invalid locale '%s'", locale); + } + g_setenv ("LANG", locale, TRUE); + + /* call into extension points to get localized auth dialog data - the list is sorted by priority */ + action_lookup_list = get_action_lookup_list (); + for (l = action_lookup_list; l != NULL; l = l->next) + { + PolkitBackendActionLookup *lookup = POLKIT_BACKEND_ACTION_LOOKUP (l->data); + + if (message != NULL && icon_name != NULL && localized_details != NULL) + break; + + if (message == NULL) + message = polkit_backend_action_lookup_get_message (lookup, + action_id, + details, + action_desc); + + if (icon_name == NULL) + icon_name = polkit_backend_action_lookup_get_icon_name (lookup, + action_id, + details, + action_desc); + + if (localized_details == NULL) + localized_details = polkit_backend_action_lookup_get_details (lookup, + action_id, + details, + action_desc); + } + + /* Back to C! */ + setlocale (LC_ALL, "C"); + g_setenv ("LANG", "C", TRUE); + + /* fall back to action description */ + if (message == NULL) + { + message = g_strdup (polkit_action_description_get_message (action_desc)); + } + if (icon_name == NULL) + { + GIcon *icon; + icon = polkit_action_description_get_icon (action_desc); + if (icon != NULL) + { + icon_name = g_icon_to_string (icon); + //g_object_unref (icon); + } + } + + + if (localized_details != NULL) + { + g_hash_table_iter_init (&iter, localized_details); + while (g_hash_table_iter_next (&iter, (gpointer) &key, (gpointer) &value)) + { + egg_dbus_hash_map_insert (*out_localized_details, key, value); + } + } + + out: + if (message == NULL) + message = g_strdup (""); + if (icon_name == NULL) + icon_name = g_strdup (""); + *out_localized_message = message; + *out_localized_icon_name = icon_name; + if (action_desc != NULL) + g_object_unref (action_desc); +} + static void authentication_agent_initiate_challenge (AuthenticationAgent *agent, PolkitSubject *subject, PolkitIdentity *user_of_subject, PolkitBackendLocalAuthority *authority, const gchar *action_id, + GHashTable *details, PolkitSubject *caller, PolkitImplicitAuthorization implicit_authorization, GCancellable *cancellable, @@ -1786,6 +1668,20 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, GList *l; GList *identities; EggDBusArraySeq *real_identities; + gchar *localized_message; + gchar *localized_icon_name; + EggDBusHashMap *localized_details; + + get_localized_data_for_challenge (authority, + caller, + subject, + user_of_subject, + action_id, + details, + agent->locale, + &localized_message, + &localized_icon_name, + &localized_details); cookie = authentication_agent_new_cookie (agent); @@ -1829,6 +1725,9 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, session->call_id = _polkit_authentication_agent_begin_authentication (agent_dbus, EGG_DBUS_CALL_FLAGS_TIMEOUT_NONE, action_id, + localized_message, + localized_icon_name, + localized_details, session->cookie, real_identities, NULL, @@ -1839,6 +1738,10 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, g_list_free (identities); g_object_unref (real_identities); g_free (cookie); + + g_free (localized_message); + g_free (localized_icon_name); + g_object_unref (localized_details); } static void @@ -1881,6 +1784,7 @@ static gboolean polkit_backend_local_authority_register_authentication_agent (PolkitBackendAuthority *authority, PolkitSubject *caller, const gchar *session_id, + const gchar *locale, const gchar *object_path, GError **error) { @@ -1931,16 +1835,18 @@ polkit_backend_local_authority_register_authentication_agent (PolkitBackendAutho agent = authentication_agent_new (session_for_caller, polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), + locale, object_path); g_hash_table_insert (priv->hash_session_to_authentication_agent, g_object_ref (session_for_caller), agent); - g_debug ("Added authentication agent for session %s at name %s, object path %s", + g_debug ("Added authentication agent for session %s at name %s, object path %s, locale %s", polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session_for_caller)), polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), - object_path); + object_path, + locale); ret = TRUE; diff --git a/src/polkitbackend/polkitbackendtypes.h b/src/polkitbackend/polkitbackendtypes.h index 0e6d24a..54dc208 100644 --- a/src/polkitbackend/polkitbackendtypes.h +++ b/src/polkitbackend/polkitbackendtypes.h @@ -36,5 +36,8 @@ typedef struct _PolkitBackendSessionMonitor PolkitBackendSessionMonitor; struct _PolkitBackendConfigSource; typedef struct _PolkitBackendConfigSource PolkitBackendConfigSource; +struct _PolkitBackendActionLookup; +typedef struct _PolkitBackendActionLookup PolkitBackendActionLookup; /* Dummy typedef */ + #endif /* __POLKIT_BACKEND_TYPES_H */ diff --git a/src/programs/polkit.c b/src/programs/polkit.c index d31c95d..b194c78 100644 --- a/src/programs/polkit.c +++ b/src/programs/polkit.c @@ -38,7 +38,6 @@ static gboolean opt_list_explicit_authorizations = FALSE; static gboolean opt_check = FALSE; static gboolean opt_add = FALSE; static gboolean opt_remove = FALSE; -static gboolean opt_run = FALSE; static gboolean opt_show_help = FALSE; static gboolean opt_show_version = FALSE; @@ -58,7 +57,6 @@ static gboolean list_groups (void); static gboolean list_authorizations (void); static gboolean list_explicit_authorizations (void); -static gboolean do_run (gint argc, gchar *argv[]); static gboolean do_check (void); static gboolean do_add (void); static gboolean do_remove (void); @@ -155,27 +153,6 @@ main (int argc, char *argv[]) in_list = TRUE; continue; } - else if (strcmp (argv[n], "run") == 0) - { - opt_run = TRUE; - - n++; - if (n >= argc) - { - usage (argc, argv); - goto out; - } - - action_id = g_strdup (argv[n]); - - if (n + 1 >= argc) - { - usage (argc, argv); - goto out; - } - - stop_processing_args = TRUE; - } else if (strcmp (argv[n], "check") == 0) { opt_check = TRUE; @@ -332,16 +309,6 @@ main (int argc, char *argv[]) { ret = list_explicit_authorizations (); } - else if (opt_run) - { - if (action_id == NULL) - { - usage (argc, argv); - goto out; - } - - ret = do_run (argc - n, argv + n); - } else if (opt_check) { if (subject == NULL || action_id == NULL) @@ -630,40 +597,6 @@ list_groups (void) /* ---------------------------------------------------------------------------------------------------- */ -static gint -do_run (gint argc, gchar *argv[]) -{ - PolkitSubject *calling_process; - GError *error; - - - calling_process = polkit_unix_process_new (getpid ()); - - error = NULL; - if (!polkit_authority_obtain_authorization_sync (authority, - calling_process, - action_id, - NULL, - &error)) - { - g_printerr ("Error obtaining authorization for action %s: %s\n", action_id, error->message); - g_error_free (error); - goto out; - } - - execvp (argv[0], argv); - - g_printerr ("Error launching program: %m\n"); - - out: - - g_object_unref (calling_process); - - return FALSE; -} - -/* ---------------------------------------------------------------------------------------------------- */ - static gboolean do_check (void) { @@ -676,6 +609,7 @@ do_check (void) result = polkit_authority_check_authorization_sync (authority, subject, action_id, + NULL, /* TODO: details */ POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE, NULL, &error); @@ -806,6 +740,7 @@ list_authorizations (void) polkit_authority_check_authorization (authority, calling_process, action_id, + NULL, /* TODO: details */ POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE, NULL, list_authz_cb,