From f62117c9b5b3c248ea40b6fc6c6aada2d793c66a Mon Sep 17 00:00:00 2001 From: David Zeuthen Date: Wed, 15 Jul 2009 16:20:08 -0400 Subject: [PATCH] In .pkla files, use Result{Any,Inactive,Active} instead of just Result --- src/polkit/polkitimplicitauthorization.c | 5 + src/polkit/polkitimplicitauthorization.h | 2 + .../polkitbackendinteractiveauthority.c | 8 ++ .../polkitbackendinteractiveauthority.h | 4 + src/polkitbackend/polkitbackendlocalauthority.c | 47 ++++++++- .../polkitbackendlocalauthorizationstore.c | 115 ++++++++++++++++----- .../polkitbackendlocalauthorizationstore.h | 12 ++- 7 files changed, 159 insertions(+), 34 deletions(-) diff --git a/src/polkit/polkitimplicitauthorization.c b/src/polkit/polkitimplicitauthorization.c index 5723335..53d9923 100644 --- a/src/polkit/polkitimplicitauthorization.c +++ b/src/polkit/polkitimplicitauthorization.c @@ -80,6 +80,7 @@ polkit_implicit_authorization_from_string (const gchar *string, { g_warning ("Unknown PolkitImplicitAuthorization string '%s'", string); ret = FALSE; + result = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN; } if (out_implicit_authorization != NULL) @@ -97,6 +98,10 @@ polkit_implicit_authorization_to_string (PolkitImplicitAuthorization implicit_au switch (implicit_authorization) { + case POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN: + s = "unknown"; + break; + case POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED: s = "no"; break; diff --git a/src/polkit/polkitimplicitauthorization.h b/src/polkit/polkitimplicitauthorization.h index 7abd557..9e5c51c 100644 --- a/src/polkit/polkitimplicitauthorization.h +++ b/src/polkit/polkitimplicitauthorization.h @@ -36,6 +36,7 @@ GType polkit_implicit_authorization_get_type (void) G_GNUC_CONST; /** * PolkitImplicitAuthorization: + * @POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN: Unknown whether the subject is authorized, never returned in any public API. * @POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED: Subject is not authorized. * @POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED: Authentication is required. * @POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED: Authentication as an administrator is required. @@ -47,6 +48,7 @@ GType polkit_implicit_authorization_get_type (void) G_GNUC_CONST; */ typedef enum { + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN = -1, POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED = 0, POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED = 1, POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED = 2, diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 9046938..5cecc85 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -633,6 +633,8 @@ check_authorization_sync (PolkitBackendAuthority *authority, caller, subject, user_of_subject, + session_is_local, + session_is_active, action_id, details, implicit_authorization); @@ -771,6 +773,8 @@ polkit_backend_interactive_authority_get_admin_identities (PolkitBackendInteract * @caller: The subject that is inquiring whether @subject is authorized. * @subject: The subject we are checking an authorization for. * @user_for_subject: The user of the subject we are checking an authorization for. + * @subject_is_local: %TRUE if the session for @subject is local. + * @subject_is_active: %TRUE if the session for @subject is active. * @action_id: The action we are checking an authorization for. * @details: Details about the action. * @implicit: A #PolkitImplicitAuthorization value computed from the policy file and @subject. @@ -788,6 +792,8 @@ polkit_backend_interactive_authority_check_authorization_sync (PolkitBackendInte PolkitSubject *caller, PolkitSubject *subject, PolkitIdentity *user_for_subject, + gboolean subject_is_local, + gboolean subject_is_active, const gchar *action_id, PolkitDetails *details, PolkitImplicitAuthorization implicit) @@ -807,6 +813,8 @@ polkit_backend_interactive_authority_check_authorization_sync (PolkitBackendInte caller, subject, user_for_subject, + subject_is_local, + subject_is_active, action_id, details, implicit); diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.h b/src/polkitbackend/polkitbackendinteractiveauthority.h index 8331af0..9820dac 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.h +++ b/src/polkitbackend/polkitbackendinteractiveauthority.h @@ -79,6 +79,8 @@ struct _PolkitBackendInteractiveAuthorityClass PolkitSubject *caller, PolkitSubject *subject, PolkitIdentity *user_for_subject, + gboolean subject_is_local, + gboolean subject_is_active, const gchar *action_id, PolkitDetails *details, PolkitImplicitAuthorization implicit); @@ -132,6 +134,8 @@ PolkitImplicitAuthorization polkit_backend_interactive_authority_check_authoriza PolkitSubject *caller, PolkitSubject *subject, PolkitIdentity *user_for_subject, + gboolean subject_is_local, + gboolean subject_is_active, const gchar *action_id, PolkitDetails *details, PolkitImplicitAuthorization implicit); diff --git a/src/polkitbackend/polkitbackendlocalauthority.c b/src/polkitbackend/polkitbackendlocalauthority.c index ce3a7d3..06073cf 100644 --- a/src/polkitbackend/polkitbackendlocalauthority.c +++ b/src/polkitbackend/polkitbackendlocalauthority.c @@ -75,6 +75,8 @@ static PolkitImplicitAuthorization polkit_backend_local_authority_check_authoriz PolkitSubject *caller, PolkitSubject *subject, PolkitIdentity *user_for_subject, + gboolean subject_is_local, + gboolean subject_is_active, const gchar *action_id, PolkitDetails *details, PolkitImplicitAuthorization implicit); @@ -237,6 +239,8 @@ polkit_backend_local_authority_check_authorization_sync (PolkitBackendInteractiv PolkitSubject *caller, PolkitSubject *subject, PolkitIdentity *user_for_subject, + gboolean subject_is_local, + gboolean subject_is_active, const gchar *action_id, PolkitDetails *details, PolkitImplicitAuthorization implicit) @@ -244,6 +248,9 @@ polkit_backend_local_authority_check_authorization_sync (PolkitBackendInteractiv PolkitBackendLocalAuthority *local_authority; PolkitBackendLocalAuthorityPrivate *priv; PolkitImplicitAuthorization ret; + PolkitImplicitAuthorization ret_any; + PolkitImplicitAuthorization ret_inactive; + PolkitImplicitAuthorization ret_active; GList *groups; GList *l, *ll; @@ -273,9 +280,25 @@ polkit_backend_local_authority_check_authorization_sync (PolkitBackendInteractiv group, action_id, details, - &ret)) + &ret_any, + &ret_inactive, + &ret_active)) { - ; /* do nothing */ + if (subject_is_local && subject_is_active) + { + if (ret_active != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) + ret = ret_active; + } + else if (subject_is_local) + { + if (ret_inactive != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) + ret = ret_inactive; + } + else + { + if (ret_any != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) + ret = ret_any; + } } } } @@ -291,9 +314,25 @@ polkit_backend_local_authority_check_authorization_sync (PolkitBackendInteractiv user_for_subject, action_id, details, - &ret)) + &ret_any, + &ret_inactive, + &ret_active)) { - ; /* do nothing */ + if (subject_is_local && subject_is_active) + { + if (ret_active != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) + ret = ret_active; + } + else if (subject_is_local) + { + if (ret_inactive != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) + ret = ret_inactive; + } + else + { + if (ret_any != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) + ret = ret_any; + } } } diff --git a/src/polkitbackend/polkitbackendlocalauthorizationstore.c b/src/polkitbackend/polkitbackendlocalauthorizationstore.c index a183351..413ed4b 100644 --- a/src/polkitbackend/polkitbackendlocalauthorizationstore.c +++ b/src/polkitbackend/polkitbackendlocalauthorizationstore.c @@ -76,7 +76,9 @@ typedef struct GList *identity_specs; GList *action_specs; - PolkitImplicitAuthorization result; + PolkitImplicitAuthorization result_any; + PolkitImplicitAuthorization result_inactive; + PolkitImplicitAuthorization result_active; } LocalAuthorization; static void @@ -100,12 +102,16 @@ local_authorization_new (GKeyFile *key_file, LocalAuthorization *authorization; gchar **identity_strings; gchar **action_strings; - gchar *result_string; + gchar *result_any_string; + gchar *result_inactive_string; + gchar *result_active_string; guint n; identity_strings = NULL; action_strings = NULL; - result_string = NULL; + result_any_string = NULL; + result_inactive_string = NULL; + result_active_string = NULL; authorization = g_new0 (LocalAuthorization, 1); @@ -143,27 +149,76 @@ local_authorization_new (GKeyFile *key_file, g_pattern_spec_new (action_strings[n])); } - result_string = g_key_file_get_string (key_file, - group, - "Result", - error); - if (result_string == NULL) + authorization->result_any = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN; + authorization->result_inactive = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN; + authorization->result_active = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN; + + result_any_string = g_key_file_get_string (key_file, + group, + "ResultAny", + NULL); + if (result_any_string != NULL) { - local_authorization_free (authorization); - authorization = NULL; - goto out; + if (!polkit_implicit_authorization_from_string (result_any_string, + &authorization->result_any)) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Cannot parse ResultAny string `%s'", result_any_string); + local_authorization_free (authorization); + authorization = NULL; + goto out; + } } - if (!polkit_implicit_authorization_from_string (result_string, - &authorization->result)) + result_inactive_string = g_key_file_get_string (key_file, + group, + "ResultInactive", + NULL); + if (result_inactive_string != NULL) { - g_set_error (error, - POLKIT_ERROR, - POLKIT_ERROR_FAILED, - "Cannot parse Result string `%s'", result_string); - local_authorization_free (authorization); - authorization = NULL; - goto out; + if (!polkit_implicit_authorization_from_string (result_inactive_string, + &authorization->result_inactive)) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Cannot parse ResultInactive string `%s'", result_inactive_string); + local_authorization_free (authorization); + authorization = NULL; + goto out; + } + } + + result_active_string = g_key_file_get_string (key_file, + group, + "ResultActive", + NULL); + if (result_active_string != NULL) + { + if (!polkit_implicit_authorization_from_string (result_active_string, + &authorization->result_active)) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Cannot parse ResultActive string `%s'", result_active_string); + local_authorization_free (authorization); + authorization = NULL; + goto out; + } + } + + if (result_any_string == NULL && result_inactive_string == NULL && result_active_string == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Must have at least one of ResultAny, ResultInactive and ResultActive"); + local_authorization_free (authorization); + authorization = NULL; + goto out; } authorization->id = g_strdup_printf ("%s::%s", filename, group); @@ -171,7 +226,9 @@ local_authorization_new (GKeyFile *key_file, out: g_strfreev (identity_strings); g_free (action_strings); - g_free (result_string); + g_free (result_any_string); + g_free (result_inactive_string); + g_free (result_active_string); return authorization; } @@ -545,7 +602,9 @@ polkit_backend_local_authorization_store_ensure (PolkitBackendLocalAuthorization * @identity: The identity to check for. * @action_id: The action id to check for. * @details: Details for @action. - * @out_result: Return location for the result if the look up matched. + * @out_result_any: Return location for the result for any subjects if the look up matched. + * @out_result_inactive: Return location for the result for subjects in local inactive sessions if the look up matched. + * @out_result_active: Return location for the result for subjects in local active sessions if the look up matched. * * Checks if an authorization entry from @store matches @identity, @action_id and @details. * @@ -557,7 +616,9 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization PolkitIdentity *identity, const gchar *action_id, PolkitDetails *details, - PolkitImplicitAuthorization *out_result) + PolkitImplicitAuthorization *out_result_any, + PolkitImplicitAuthorization *out_result_inactive, + PolkitImplicitAuthorization *out_result_active) { GList *l, *ll; gboolean ret; @@ -567,7 +628,9 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization g_return_val_if_fail (POLKIT_IS_IDENTITY (identity), FALSE); g_return_val_if_fail (action_id != NULL, FALSE); g_return_val_if_fail (POLKIT_IS_DETAILS (details), FALSE); - g_return_val_if_fail (out_result != NULL, FALSE); + g_return_val_if_fail (out_result_any != NULL, FALSE); + g_return_val_if_fail (out_result_inactive != NULL, FALSE); + g_return_val_if_fail (out_result_active != NULL, FALSE); ret = FALSE; identity_string = NULL; @@ -599,7 +662,9 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization continue; /* Yay, a match! However, keep going since subsequent authorization entries may modify the result */ - *out_result = authorization->result; + *out_result_any = authorization->result_any; + *out_result_inactive = authorization->result_inactive; + *out_result_active = authorization->result_active; ret = TRUE; #if 0 diff --git a/src/polkitbackend/polkitbackendlocalauthorizationstore.h b/src/polkitbackend/polkitbackendlocalauthorizationstore.h index 426ea69..2f2b452 100644 --- a/src/polkitbackend/polkitbackendlocalauthorizationstore.h +++ b/src/polkitbackend/polkitbackendlocalauthorizationstore.h @@ -71,11 +71,13 @@ struct _PolkitBackendLocalAuthorizationStoreClass GType polkit_backend_local_authorization_store_get_type (void) G_GNUC_CONST; PolkitBackendLocalAuthorizationStore *polkit_backend_local_authorization_store_new (GFile *directory, const gchar *extension); -gboolean polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorizationStore *store, - PolkitIdentity *identity, - const gchar *action_id, - PolkitDetails *details, - PolkitImplicitAuthorization *out_result); +gboolean polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorizationStore *store, + PolkitIdentity *identity, + const gchar *action_id, + PolkitDetails *details, + PolkitImplicitAuthorization *out_result_any, + PolkitImplicitAuthorization *out_result_inactive, + PolkitImplicitAuthorization *out_result_active); G_END_DECLS -- 2.7.4