Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
Zbigniew Jędrzejewski-Szmek
polkit
Commits
035e6ee4
Commit
035e6ee4
authored
Oct 31, 2007
by
David Zeuthen
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
make polkit_context_is_[caller|session]_authorized() take a PolKitError
parent
e701ee4c
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
127 additions
and
32 deletions
+127
-32
polkit-dbus/polkit-read-auth-helper.c
polkit-dbus/polkit-read-auth-helper.c
+37
-4
polkit-grant/polkit-explicit-grant-helper.c
polkit-grant/polkit-explicit-grant-helper.c
+25
-9
polkit-grant/polkit-grant-helper.c
polkit-grant/polkit-grant-helper.c
+11
-1
polkit-grant/polkit-revoke-helper.c
polkit-grant/polkit-revoke-helper.c
+24
-8
polkit/polkit-context.c
polkit/polkit-context.c
+14
-3
polkit/polkit-context.h
polkit/polkit-context.h
+4
-2
polkitd/polkit-daemon.c
polkitd/polkit-daemon.c
+7
-2
tools/polkit-auth.c
tools/polkit-auth.c
+5
-3
No files found.
polkit-dbus/polkit-read-auth-helper.c
View file @
035e6ee4
...
...
@@ -58,6 +58,8 @@ check_for_auth (uid_t caller_uid, pid_t caller_pid)
PolKitCaller
*
caller
;
PolKitAction
*
action
;
PolKitContext
*
context
;
PolKitError
*
pk_error
;
PolKitResult
pk_result
;
ret
=
FALSE
;
...
...
@@ -92,12 +94,33 @@ check_for_auth (uid_t caller_uid, pid_t caller_pid)
fprintf
(
stderr
,
"polkit-read-auth-helper: cannot allocate PolKitContext
\n
"
);
goto
out
;
}
if
(
!
polkit_context_init
(
context
,
NULL
))
{
fprintf
(
stderr
,
"polkit-read-auth-helper: cannot initialize polkit
\n
"
);
pk_error
=
NULL
;
if
(
!
polkit_context_init
(
context
,
&
pk_error
))
{
fprintf
(
stderr
,
"polkit-read-auth-helper: cannot initialize polkit context: %s: %s
\n
"
,
polkit_error_get_error_name
(
pk_error
),
polkit_error_get_error_message
(
pk_error
));
polkit_error_free
(
pk_error
);
goto
out
;
}
if
(
polkit_context_is_caller_authorized
(
context
,
action
,
caller
,
FALSE
)
!=
POLKIT_RESULT_YES
)
{
pk_result
=
polkit_context_is_caller_authorized
(
context
,
action
,
caller
,
FALSE
,
&
pk_error
);
if
(
polkit_error_is_set
(
pk_error
))
{
if
(
polkit_error_get_error_code
(
pk_error
)
==
POLKIT_ERROR_NOT_AUTHORIZED_TO_READ_AUTHORIZATIONS_FOR_OTHER_USERS
)
{
polkit_error_free
(
pk_error
);
pk_error
=
NULL
;
}
else
{
fprintf
(
stderr
,
"polkit-read-auth-helper: cannot determine if caller is authorized: %s: %s
\n
"
,
polkit_error_get_error_name
(
pk_error
),
polkit_error_get_error_message
(
pk_error
));
polkit_error_free
(
pk_error
);
goto
out
;
}
}
if
(
pk_result
!=
POLKIT_RESULT_YES
)
{
/* having 'grant' (which is a lot more powerful) is also sufficient.. this is because 'read'
* is required to 'grant' (to check if there's a similar authorization already)
*/
...
...
@@ -105,7 +128,17 @@ check_for_auth (uid_t caller_uid, pid_t caller_pid)
fprintf
(
stderr
,
"polkit-read-auth-helper: cannot set action_id
\n
"
);
goto
out
;
}
if
(
polkit_context_is_caller_authorized
(
context
,
action
,
caller
,
FALSE
)
!=
POLKIT_RESULT_YES
)
{
pk_result
=
polkit_context_is_caller_authorized
(
context
,
action
,
caller
,
FALSE
,
&
pk_error
);
if
(
polkit_error_is_set
(
pk_error
))
{
fprintf
(
stderr
,
"polkit-read-auth-helper: cannot determine if caller is authorized: %s: %s
\n
"
,
polkit_error_get_error_name
(
pk_error
),
polkit_error_get_error_message
(
pk_error
));
polkit_error_free
(
pk_error
);
goto
out
;
}
if
(
pk_result
!=
POLKIT_RESULT_YES
)
{
goto
out
;
}
}
...
...
polkit-grant/polkit-explicit-grant-helper.c
View file @
035e6ee4
...
...
@@ -56,13 +56,15 @@ check_pid_for_authorization (pid_t caller_pid, const char *action_id)
PolKitCaller
*
caller
;
PolKitAction
*
action
;
PolKitContext
*
context
;
PolKitError
*
pk_error
;
PolKitResult
pk_result
;
ret
=
FALSE
;
dbus_error_init
(
&
error
);
bus
=
dbus_bus_get
(
DBUS_BUS_SYSTEM
,
&
error
);
if
(
bus
==
NULL
)
{
fprintf
(
stderr
,
"polkit-
read-auth
-helper: cannot connect to system bus: %s: %s
\n
"
,
fprintf
(
stderr
,
"polkit-
explicit-grant
-helper: cannot connect to system bus: %s: %s
\n
"
,
error
.
name
,
error
.
message
);
dbus_error_free
(
&
error
);
goto
out
;
...
...
@@ -70,34 +72,48 @@ check_pid_for_authorization (pid_t caller_pid, const char *action_id)
caller
=
polkit_caller_new_from_pid
(
bus
,
caller_pid
,
&
error
);
if
(
caller
==
NULL
)
{
fprintf
(
stderr
,
"polkit-
read-auth
-helper: cannot get caller from pid: %s: %s
\n
"
,
fprintf
(
stderr
,
"polkit-
explicit-grant
-helper: cannot get caller from pid: %s: %s
\n
"
,
error
.
name
,
error
.
message
);
goto
out
;
}
action
=
polkit_action_new
();
if
(
action
==
NULL
)
{
fprintf
(
stderr
,
"polkit-
read-auth
-helper: cannot allocate PolKitAction
\n
"
);
fprintf
(
stderr
,
"polkit-
explicit-grant
-helper: cannot allocate PolKitAction
\n
"
);
goto
out
;
}
if
(
!
polkit_action_set_action_id
(
action
,
action_id
))
{
fprintf
(
stderr
,
"polkit-
read-auth
-helper: cannot set action_id
\n
"
);
fprintf
(
stderr
,
"polkit-
explicit-grant
-helper: cannot set action_id
\n
"
);
goto
out
;
}
context
=
polkit_context_new
();
if
(
context
==
NULL
)
{
fprintf
(
stderr
,
"polkit-
read-auth
-helper: cannot allocate PolKitContext
\n
"
);
fprintf
(
stderr
,
"polkit-
explicit-grant
-helper: cannot allocate PolKitContext
\n
"
);
goto
out
;
}
if
(
!
polkit_context_init
(
context
,
NULL
))
{
fprintf
(
stderr
,
"polkit-read-auth-helper: cannot initialize polkit
\n
"
);
pk_error
=
NULL
;
if
(
!
polkit_context_init
(
context
,
&
pk_error
))
{
fprintf
(
stderr
,
"polkit-explicit-grant-helper: cannot initialize polkit context: %s: %s
\n
"
,
polkit_error_get_error_name
(
pk_error
),
polkit_error_get_error_message
(
pk_error
));
polkit_error_free
(
pk_error
);
goto
out
;
}
pk_result
=
polkit_context_is_caller_authorized
(
context
,
action
,
caller
,
FALSE
,
&
pk_error
);
if
(
polkit_error_is_set
(
pk_error
))
{
fprintf
(
stderr
,
"polkit-explicit-grant-helper: cannot determine if caller is authorized: %s: %s
\n
"
,
polkit_error_get_error_name
(
pk_error
),
polkit_error_get_error_message
(
pk_error
));
polkit_error_free
(
pk_error
);
goto
out
;
}
if
(
p
olkit_context_is_caller_authorized
(
context
,
action
,
caller
,
FALSE
)
!=
POLKIT_RESULT_YES
)
{
if
(
p
k_result
!=
POLKIT_RESULT_YES
)
{
//fprintf (stderr,
// "polkit-
read-auth
-helper: uid %d (pid %d) does not have the "
// "polkit-
explicit-grant
-helper: uid %d (pid %d) does not have the "
// "org.freedesktop.policykit.read-other-authorizations authorization\n",
// caller_uid, caller_pid);
goto
out
;
...
...
polkit-grant/polkit-grant-helper.c
View file @
035e6ee4
...
...
@@ -267,7 +267,17 @@ verify_with_polkit (PolKitContext *pol_ctx,
PolKitResult
*
out_result
,
char
***
out_admin_users
)
{
*
out_result
=
polkit_context_is_caller_authorized
(
pol_ctx
,
action
,
caller
,
FALSE
);
PolKitError
*
pk_error
;
pk_error
=
NULL
;
*
out_result
=
polkit_context_is_caller_authorized
(
pol_ctx
,
action
,
caller
,
FALSE
,
&
pk_error
);
if
(
polkit_error_is_set
(
pk_error
))
{
fprintf
(
stderr
,
"polkit-grant-helper: cannot determine if caller is authorized: %s: %s
\n
"
,
polkit_error_get_error_name
(
pk_error
),
polkit_error_get_error_message
(
pk_error
));
polkit_error_free
(
pk_error
);
goto
error
;
}
if
(
*
out_result
!=
POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH
&&
*
out_result
!=
POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION
&&
...
...
polkit-grant/polkit-revoke-helper.c
View file @
035e6ee4
...
...
@@ -54,13 +54,15 @@ check_for_revoke_authorization (pid_t caller_pid)
PolKitCaller
*
caller
;
PolKitAction
*
action
;
PolKitContext
*
context
;
PolKitError
*
pk_error
;
PolKitResult
pk_result
;
ret
=
FALSE
;
dbus_error_init
(
&
error
);
bus
=
dbus_bus_get
(
DBUS_BUS_SYSTEM
,
&
error
);
if
(
bus
==
NULL
)
{
fprintf
(
stderr
,
"polkit-re
ad-auth
-helper: cannot connect to system bus: %s: %s
\n
"
,
fprintf
(
stderr
,
"polkit-re
voke
-helper: cannot connect to system bus: %s: %s
\n
"
,
error
.
name
,
error
.
message
);
dbus_error_free
(
&
error
);
goto
out
;
...
...
@@ -68,32 +70,46 @@ check_for_revoke_authorization (pid_t caller_pid)
caller
=
polkit_caller_new_from_pid
(
bus
,
caller_pid
,
&
error
);
if
(
caller
==
NULL
)
{
fprintf
(
stderr
,
"polkit-re
ad-auth
-helper: cannot get caller from pid: %s: %s
\n
"
,
fprintf
(
stderr
,
"polkit-re
voke
-helper: cannot get caller from pid: %s: %s
\n
"
,
error
.
name
,
error
.
message
);
goto
out
;
}
action
=
polkit_action_new
();
if
(
action
==
NULL
)
{
fprintf
(
stderr
,
"polkit-re
ad-auth
-helper: cannot allocate PolKitAction
\n
"
);
fprintf
(
stderr
,
"polkit-re
voke
-helper: cannot allocate PolKitAction
\n
"
);
goto
out
;
}
if
(
!
polkit_action_set_action_id
(
action
,
"org.freedesktop.policykit.revoke"
))
{
fprintf
(
stderr
,
"polkit-re
ad-auth
-helper: cannot set action_id
\n
"
);
fprintf
(
stderr
,
"polkit-re
voke
-helper: cannot set action_id
\n
"
);
goto
out
;
}
context
=
polkit_context_new
();
if
(
context
==
NULL
)
{
fprintf
(
stderr
,
"polkit-re
ad-auth
-helper: cannot allocate PolKitContext
\n
"
);
fprintf
(
stderr
,
"polkit-re
voke
-helper: cannot allocate PolKitContext
\n
"
);
goto
out
;
}
if
(
!
polkit_context_init
(
context
,
NULL
))
{
fprintf
(
stderr
,
"polkit-read-auth-helper: cannot initialize polkit
\n
"
);
pk_error
=
NULL
;
if
(
!
polkit_context_init
(
context
,
&
pk_error
))
{
fprintf
(
stderr
,
"polkit-revoke-helper: cannot initialize polkit context: %s: %s
\n
"
,
polkit_error_get_error_name
(
pk_error
),
polkit_error_get_error_message
(
pk_error
));
polkit_error_free
(
pk_error
);
goto
out
;
}
if
(
polkit_context_is_caller_authorized
(
context
,
action
,
caller
,
FALSE
)
!=
POLKIT_RESULT_YES
)
{
pk_result
=
polkit_context_is_caller_authorized
(
context
,
action
,
caller
,
FALSE
,
&
pk_error
);
if
(
polkit_error_is_set
(
pk_error
))
{
fprintf
(
stderr
,
"polkit-revoke-helper: cannot determine if caller is authorized: %s: %s
\n
"
,
polkit_error_get_error_name
(
pk_error
),
polkit_error_get_error_message
(
pk_error
));
polkit_error_free
(
pk_error
);
goto
out
;
}
if
(
pk_result
!=
POLKIT_RESULT_YES
)
{
goto
out
;
}
...
...
polkit/polkit-context.c
View file @
035e6ee4
...
...
@@ -428,6 +428,7 @@ polkit_context_get_policy_cache (PolKitContext *pk_context)
* @session: the session in question
* @is_mechanism: Whether the mechanism carrying out the action is
* asking. This can be used to revoke one-time-only authorizations.
* @error: return location for error
*
* Determine if any caller from a giver session is authorized to do a
* given action.
...
...
@@ -441,7 +442,8 @@ PolKitResult
polkit_context_is_session_authorized
(
PolKitContext
*
pk_context
,
PolKitAction
*
action
,
PolKitSession
*
session
,
polkit_bool_t
is_mechanism
)
polkit_bool_t
is_mechanism
,
PolKitError
**
error
)
{
/* TODO: properly implement */
return
polkit_context_can_session_do_action
(
pk_context
,
action
,
session
);
...
...
@@ -454,8 +456,13 @@ polkit_context_is_session_authorized (PolKitContext *pk_context,
* @caller: the caller in question
* @is_mechanism: Whether the mechanism carrying out the action is
* asking. This can be used to revoke one-time-only authorizations.
* @error: return location for error
*
* Determine if a given caller is authorized to do a given action.
* Determine if a given caller is authorized to do a given
* action.
*
* This can fail with the following errors:
* #POLKIT_ERROR_NOT_AUTHORIZED_TO_READ_AUTHORIZATIONS_FOR_OTHER_USERS
*
* Returns: A #PolKitResult specifying if, and how, the caller can
* do a specific action.
...
...
@@ -466,7 +473,8 @@ PolKitResult
polkit_context_is_caller_authorized
(
PolKitContext
*
pk_context
,
PolKitAction
*
action
,
PolKitCaller
*
caller
,
polkit_bool_t
is_mechnanism
)
polkit_bool_t
is_mechnanism
,
PolKitError
**
error
)
{
/* TODO: properly implement */
return
polkit_context_can_caller_do_action
(
pk_context
,
action
,
caller
);
...
...
@@ -480,6 +488,9 @@ polkit_context_is_caller_authorized (PolKitContext *pk_context,
*
* Determine if a given session can do a given action.
*
* This can fail with the following errors:
* #POLKIT_ERROR_NOT_AUTHORIZED_TO_READ_AUTHORIZATIONS_FOR_OTHER_USERS
*
* Returns: A #PolKitResult - can only be one of
* #POLKIT_RESULT_YES, #POLKIT_RESULT_NO.
*
...
...
polkit/polkit-context.h
View file @
035e6ee4
...
...
@@ -173,12 +173,14 @@ PolKitConfig *polkit_context_get_config (PolKitContext *pk_context, PolKitError
PolKitResult
polkit_context_is_caller_authorized
(
PolKitContext
*
pk_context
,
PolKitAction
*
action
,
PolKitCaller
*
caller
,
polkit_bool_t
is_mechanism
);
polkit_bool_t
is_mechanism
,
PolKitError
**
error
);
PolKitResult
polkit_context_is_session_authorized
(
PolKitContext
*
pk_context
,
PolKitAction
*
action
,
PolKitSession
*
session
,
polkit_bool_t
is_mechanism
);
polkit_bool_t
is_mechanism
,
PolKitError
**
error
);
PolKitAuthorizationDB
*
polkit_context_get_authorization_db
(
PolKitContext
*
pk_context
);
...
...
polkitd/polkit-daemon.c
View file @
035e6ee4
...
...
@@ -416,7 +416,8 @@ is_caller_authorized (PolKitDaemon *daemon,
pk_result
=
polkit_context_is_caller_authorized
(
daemon
->
priv
->
pk_context
,
pk_action
,
pk_caller_who_wants_to_know
,
FALSE
);
FALSE
,
NULL
);
polkit_action_unref
(
pk_action
);
if
(
pk_result
!=
POLKIT_RESULT_YES
)
{
error
=
g_error_new
(
POLKIT_DAEMON_ERROR
,
...
...
@@ -432,7 +433,11 @@ is_caller_authorized (PolKitDaemon *daemon,
pk_action
=
polkit_action_new
();
polkit_action_set_action_id
(
pk_action
,
action_id
);
pk_result
=
polkit_context_is_caller_authorized
(
daemon
->
priv
->
pk_context
,
pk_action
,
pk_caller
,
is_mechanism
);
pk_result
=
polkit_context_is_caller_authorized
(
daemon
->
priv
->
pk_context
,
pk_action
,
pk_caller
,
is_mechanism
,
NULL
);
polkit_action_unref
(
pk_action
);
dbus_g_method_return
(
context
,
polkit_result_to_string_representation
(
pk_result
));
...
...
tools/polkit-auth.c
View file @
035e6ee4
...
...
@@ -427,7 +427,7 @@ auth_iterator_cb (PolKitAuthorizationDB *authdb,
pk_action
=
polkit_action_new
();
polkit_action_set_action_id
(
pk_action
,
action_id
);
pk_result
=
polkit_context_is_caller_authorized
(
pk_context
,
pk_action
,
pk_caller
,
FALSE
);
pk_result
=
polkit_context_is_caller_authorized
(
pk_context
,
pk_action
,
pk_caller
,
FALSE
,
NULL
);
polkit_action_unref
(
pk_action
);
printf
(
" Authorized: %s
\n
"
,
pk_result
==
POLKIT_RESULT_YES
?
"Yes"
:
"No"
);
...
...
@@ -499,7 +499,8 @@ pfe_iterator_cb (PolKitPolicyCache *policy_cache,
if
(
polkit_context_is_caller_authorized
(
pk_context
,
action
,
pk_caller
,
FALSE
)
==
POLKIT_RESULT_YES
)
{
FALSE
,
NULL
)
==
POLKIT_RESULT_YES
)
{
printf
(
"%s
\n
"
,
polkit_policy_file_entry_get_id
(
pfe
));
}
...
...
@@ -519,7 +520,8 @@ pfe_iterator_show_obtainable_cb (PolKitPolicyCache *policy_cache,
switch
(
polkit_context_is_caller_authorized
(
pk_context
,
action
,
pk_caller
,
FALSE
))
{
FALSE
,
NULL
))
{
default:
case
POLKIT_RESULT_UNKNOWN
:
case
POLKIT_RESULT_NO
:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment