Commit 3c25a175 authored by David Zeuthen's avatar David Zeuthen
Browse files

invalidate memory cache after revoking one shot authorization

parent 5fbde209
......@@ -81,6 +81,34 @@ oom:
return NULL;
}
/**
* kit_list_copy:
* @list: existing list
*
* Makes a copy of a list. It is not a deep copy.
*
* Returns: A copy of the new list or #NULL on OOM. Free with kit_list_free().
**/
KitList *
kit_list_copy (KitList *list)
{
KitList *l;
KitList *j;
l = NULL;
for (j = list; j != NULL; j = j->next) {
/* TODO: prepend, then reverse */
l = kit_list_append (l, j->data);
if (l == NULL)
goto oom;
}
return l;
oom:
kit_list_free (l);
return NULL;
}
/**
* kit_list_prepend:
* @list: existing list or #NULL to create a new list
......
......@@ -76,6 +76,7 @@ KitList *kit_list_delete_link (KitList *list, KitList *link);
size_t kit_list_length (KitList *list);
kit_bool_t kit_list_foreach (KitList *list, KitListForeachFunc func, void *user_data);
KitList *kit_list_copy (KitList *list);
KIT_END_DECLS
......
......@@ -448,6 +448,7 @@ _internal_foreach (PolKitAuthorizationDB *authdb,
{
KitList *l;
KitList *auths;
KitList *auths_copy;
polkit_bool_t ret;
char *action_id;
......@@ -467,7 +468,18 @@ _internal_foreach (PolKitAuthorizationDB *authdb,
if (auths == NULL)
goto out;
for (l = auths; l != NULL; l = l->next) {
/* have to copy the list and ref the auths because the authdb
* may disappear from under us due to revoke_if_one_shot...
*/
auths_copy = kit_list_copy (auths);
if (auths_copy == NULL)
goto out;
for (l = auths_copy; l != NULL; l = l->next)
polkit_authorization_ref ((PolKitAuthorization *) l->data);
kit_warning ("once...");
for (l = auths_copy; l != NULL; l = l->next) {
PolKitAuthorization *auth = l->data;
//kit_warning ("%d: action_id=%s uid=%d",
......@@ -483,10 +495,14 @@ _internal_foreach (PolKitAuthorizationDB *authdb,
if (cb (authdb, auth, user_data)) {
ret = TRUE;
goto out;
break;
}
}
for (l = auths_copy; l != NULL; l = l->next)
polkit_authorization_unref ((PolKitAuthorization *) l->data);
kit_list_free (auths_copy);
out:
return ret;
}
......@@ -805,6 +821,7 @@ _check_auth_for_caller (PolKitAuthorizationDB *authdb, PolKitAuthorization *auth
polkit_uint64_t caller_pid_start_time;
CheckData *cd = (CheckData *) user_data;
kit_warning ("check auth for caller");
ret = FALSE;
if (strcmp (polkit_authorization_get_action_id (auth), cd->action_id) != 0)
......@@ -828,13 +845,15 @@ _check_auth_for_caller (PolKitAuthorizationDB *authdb, PolKitAuthorization *auth
if (cd->revoke_if_one_shot) {
cd->error = NULL;
if (!polkit_authorization_db_revoke_entry (authdb, auth, &(cd->error))) {
//kit_warning ("Cannot revoke one-shot auth: %s: %s",
//kit_warning ("Cannot revoke one-shot auth: %s: %s",
// polkit_error_get_error_name (cd->error),
// polkit_error_get_error_message (cd->error));
/* stop iterating */
ret = TRUE;
goto no_match;
}
/* revoked; now purge internal cache */
_polkit_authorization_db_invalidate_cache (authdb);
}
}
break;
......
......@@ -744,7 +744,7 @@ polkit_context_can_caller_do_action (PolKitContext *pk_context,
PolKitAction *action,
PolKitCaller *caller)
{
return polkit_context_is_caller_authorized (pk_context, action, caller, TRUE, NULL);
return polkit_context_is_caller_authorized (pk_context, action, caller, FALSE, NULL);
}
/**
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment