Commit 4714fe72 authored by David Zeuthen's avatar David Zeuthen

implement <allow_any> to specify default answer for any user

This is useful in instances where the OS vendor wants to allow any
user, even remote users logging in via ssh etc., but recognize that
some sites may want to lock this down to a limited set of users.

Suggested by Daniel P. Berrange <berrange@redhat.com>:

<danpb>  my specific use case is that in libvirt we don't mind any user
         querying for VM status info by default
<danpb>  but some admins may wish to lock that ability down
<danpb>  so only designated users can query VM status
<davidz> right
<davidz> it makes sense
<davidz> without having giving it too much thought; adding another stanza to
         the .policy file might make sense
<davidz> <allow_non_session>yes</allow_non_session>
<davidz> danpb: would that work?
<danpb>  yeah, that'd do the trick
<davidz> cool
<davidz> I'll add it then
parent 60d85b94
......@@ -28,6 +28,7 @@
<message xml:lang="da">System indstillinger forhindrer PolicyKit-gnome eksempel hjælper i at Frobnikere!</message>
<message xml:lang="en_CA">System policy prevents the PolicyKit-gnome example helper from Frobnicating, Aye!</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_self</allow_active>
</defaults>
......@@ -41,6 +42,7 @@
<message xml:lang="da">System indstillinger forhindrer PolicyKit-gnome eksempel hjælper i at Tvække!</message>
<message xml:lang="en_CA">System policy prevents the PolicyKit-gnome example helper from Tweaking, Aye!</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin</allow_active>
</defaults>
......@@ -76,11 +78,14 @@
<listitem>
<para>
<emphasis>Defaults:</emphasis>
The <literal>allow_inactive</literal>
and <literal>allow_active</literal> specify the default
answer that <literal>libpolkit</literal> will return for
respectively inactive and active sessions. See below for
valid values and their meaning.
The <literal>allow_any</literal>, <literal>allow_inactive</literal>
and <literal>allow_active</literal> tags specify the
default answer that <literal>libpolkit</literal> will
return for respectively any, inactive and active
sessions. See below for valid values and their
meaning. Any of these elements, including the
enclosing <literal>defaults</literal> elements may be
omitted.
</para>
</listitem>
<listitem>
......
......@@ -58,21 +58,25 @@
struct _PolKitPolicyDefault
{
int refcount;
PolKitResult default_any;
PolKitResult default_inactive;
PolKitResult default_active;
};
extern PolKitPolicyDefault *_polkit_policy_default_new (PolKitResult defaults_allow_inactive,
extern PolKitPolicyDefault *_polkit_policy_default_new (PolKitResult defaults_allow_any,
PolKitResult defaults_allow_inactive,
PolKitResult defaults_allow_active);
PolKitPolicyDefault *
_polkit_policy_default_new (PolKitResult defaults_allow_inactive,
_polkit_policy_default_new (PolKitResult defaults_allow_any,
PolKitResult defaults_allow_inactive,
PolKitResult defaults_allow_active)
{
PolKitPolicyDefault *pd;
pd = g_new0 (PolKitPolicyDefault, 1);
pd->refcount = 1;
pd->default_any = defaults_allow_any;
pd->default_inactive = defaults_allow_inactive;
pd->default_active = defaults_allow_active;
return pd;
......@@ -123,9 +127,11 @@ polkit_policy_default_debug (PolKitPolicyDefault *policy_default)
{
g_return_if_fail (policy_default != NULL);
_pk_debug ("PolKitPolicyDefault: refcount=%d\n"
" default_any=%s\n"
" default_inactive=%s\n"
" default_active=%s",
policy_default->refcount,
polkit_result_to_string_representation (policy_default->default_any),
polkit_result_to_string_representation (policy_default->default_inactive),
polkit_result_to_string_representation (policy_default->default_active));
}
......@@ -158,6 +164,8 @@ polkit_policy_default_can_session_do_action (PolKitPolicyDefault *policy_default
g_return_val_if_fail (action != NULL, ret);
g_return_val_if_fail (session != NULL, ret);
ret = policy_default->default_any;
if (!polkit_session_get_ck_is_local (session, &is_local))
goto out;
if (!polkit_session_get_ck_is_active (session, &is_active))
......@@ -203,6 +211,8 @@ polkit_policy_default_can_caller_do_action (PolKitPolicyDefault *policy_default,
g_return_val_if_fail (action != NULL, ret);
g_return_val_if_fail (caller != NULL, ret);
ret = policy_default->default_any;
if (!polkit_caller_get_ck_session (caller, &session))
goto out;
if (session == NULL)
......@@ -226,6 +236,21 @@ out:
return ret;
}
/**
* polkit_policy_default_get_allow_any:
* @policy_default: the object
*
* Get default policy.
*
* Returns: default policy
**/
PolKitResult
polkit_policy_default_get_allow_any (PolKitPolicyDefault *policy_default)
{
g_return_val_if_fail (policy_default != NULL, POLKIT_RESULT_NO);
return policy_default->default_any;
}
/**
* polkit_policy_default_get_allow_inactive:
* @policy_default: the object
......
......@@ -51,6 +51,7 @@ PolKitResult polkit_policy_default_can_caller_do_action (PolKitPolicyDefault *po
PolKitAction *action,
PolKitCaller *caller);
PolKitResult polkit_policy_default_get_allow_any (PolKitPolicyDefault *policy_default);
PolKitResult polkit_policy_default_get_allow_inactive (PolKitPolicyDefault *policy_default);
PolKitResult polkit_policy_default_get_allow_active (PolKitPolicyDefault *policy_default);
......
......@@ -72,10 +72,12 @@ extern void _polkit_policy_file_entry_set_descriptions (PolKitPolicyFileEntry *p
const char *policy_message);
extern PolKitPolicyDefault *_polkit_policy_default_new (PolKitResult defaults_allow_inactive,
extern PolKitPolicyDefault *_polkit_policy_default_new (PolKitResult defaults_allow_any,
PolKitResult defaults_allow_inactive,
PolKitResult defaults_allow_active);
extern PolKitPolicyFileEntry *_polkit_policy_file_entry_new (const char *action_id,
PolKitResult defaults_allow_any,
PolKitResult defaults_allow_inactive,
PolKitResult defaults_allow_active,
GHashTable *annotations);
......@@ -83,6 +85,7 @@ extern PolKitPolicyFileEntry *_polkit_policy_file_entry_new (const char *actio
/* NOTE: we take ownership of the annotations object */
extern PolKitPolicyFileEntry *
_polkit_policy_file_entry_new (const char *action_id,
PolKitResult defaults_allow_any,
PolKitResult defaults_allow_inactive,
PolKitResult defaults_allow_active,
GHashTable *annotations)
......@@ -93,7 +96,8 @@ _polkit_policy_file_entry_new (const char *action_id,
pfe->refcount = 1;
pfe->action = g_strdup (action_id);
pfe->defaults = _polkit_policy_default_new (defaults_allow_inactive,
pfe->defaults = _polkit_policy_default_new (defaults_allow_any,
defaults_allow_inactive,
defaults_allow_active);
if (pfe->defaults == NULL)
goto error;
......
......@@ -50,7 +50,7 @@
* @title: Policy Definition Files
* @short_description: Represents a set of declared actions.
*
* This class is used to represent a policy files.
* This class is used to represent a policy file.
**/
/**
......@@ -66,6 +66,7 @@ struct _PolKitPolicyFile
};
extern PolKitPolicyFileEntry *_polkit_policy_file_entry_new (const char *action_id,
PolKitResult defaults_allow_any,
PolKitResult defaults_allow_inactive,
PolKitResult defaults_allow_active,
GHashTable *annotations);
......@@ -77,6 +78,7 @@ enum {
STATE_IN_ACTION_DESCRIPTION,
STATE_IN_ACTION_MESSAGE,
STATE_IN_DEFAULTS,
STATE_IN_DEFAULTS_ALLOW_ANY,
STATE_IN_DEFAULTS_ALLOW_INACTIVE,
STATE_IN_DEFAULTS_ALLOW_ACTIVE,
STATE_IN_ANNOTATE
......@@ -88,6 +90,7 @@ typedef struct {
char *action_id;
PolKitResult defaults_allow_any;
PolKitResult defaults_allow_inactive;
PolKitResult defaults_allow_active;
......@@ -169,6 +172,7 @@ _start (void *data, const char *el, const char **attr)
pd->policy_messages = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_free);
/* initialize defaults */
pd->defaults_allow_any = POLKIT_RESULT_NO;
pd->defaults_allow_inactive = POLKIT_RESULT_NO;
pd->defaults_allow_active = POLKIT_RESULT_NO;
}
......@@ -200,11 +204,15 @@ _start (void *data, const char *el, const char **attr)
case STATE_IN_ACTION_MESSAGE:
break;
case STATE_IN_DEFAULTS:
if (strcmp (el, "allow_inactive") == 0)
if (strcmp (el, "allow_any") == 0)
state = STATE_IN_DEFAULTS_ALLOW_ANY;
else if (strcmp (el, "allow_inactive") == 0)
state = STATE_IN_DEFAULTS_ALLOW_INACTIVE;
else if (strcmp (el, "allow_active") == 0)
state = STATE_IN_DEFAULTS_ALLOW_ACTIVE;
break;
case STATE_IN_DEFAULTS_ALLOW_ANY:
break;
case STATE_IN_DEFAULTS_ALLOW_INACTIVE:
break;
case STATE_IN_DEFAULTS_ALLOW_ACTIVE:
......@@ -256,6 +264,10 @@ _cdata (void *data, const char *s, int len)
}
break;
case STATE_IN_DEFAULTS_ALLOW_ANY:
if (!polkit_result_from_string_representation (str, &pd->defaults_allow_any))
goto error;
break;
case STATE_IN_DEFAULTS_ALLOW_INACTIVE:
if (!polkit_result_from_string_representation (str, &pd->defaults_allow_inactive))
goto error;
......@@ -359,6 +371,7 @@ _end (void *data, const char *el)
/* NOTE: caller takes ownership of the annotations object */
pfe = _polkit_policy_file_entry_new (pd->action_id,
pd->defaults_allow_any,
pd->defaults_allow_inactive,
pd->defaults_allow_active,
pd->annotations);
......@@ -394,6 +407,9 @@ _end (void *data, const char *el)
case STATE_IN_DEFAULTS:
state = STATE_IN_ACTION;
break;
case STATE_IN_DEFAULTS_ALLOW_ANY:
state = STATE_IN_DEFAULTS;
break;
case STATE_IN_DEFAULTS_ALLOW_INACTIVE:
state = STATE_IN_DEFAULTS;
break;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment