Commit 5bf2c57b authored by David Zeuthen's avatar David Zeuthen

Actually make the local authority look up authorization files

Still need to add test cases / docs but this seems to work great.
parent 38f472c1
......@@ -92,6 +92,7 @@
<xi:include href="xml/polkitbackendauthority.xml"/>
<xi:include href="xml/polkitbackendinteractiveauthority.xml"/>
<xi:include href="xml/polkitbackendlocalauthority.xml"/>
<xi:include href="xml/polkitbackendlocalauthorizationstore.xml"/>
<xi:include href="xml/polkitbackendactionpool.xml"/>
<xi:include href="xml/polkitbackendsessionmonitor.xml"/>
<xi:include href="xml/polkitbackendconfigsource.xml"/>
......
......@@ -251,11 +251,6 @@ polkit_backend_authority_register_authentication_agent
polkit_backend_authority_unregister_authentication_agent
polkit_backend_authority_authentication_agent_response
polkit_backend_authority_enumerate_actions
polkit_backend_authority_enumerate_users
polkit_backend_authority_enumerate_groups
polkit_backend_authority_enumerate_authorizations
polkit_backend_authority_add_authorization
polkit_backend_authority_remove_authorization
polkit_backend_authority_system_bus_name_owner_changed
polkit_backend_authority_get
polkit_backend_register_authority
......@@ -301,6 +296,23 @@ POLKIT_BACKEND_IS_LOCAL_AUTHORITY_CLASS
POLKIT_BACKEND_LOCAL_AUTHORITY_GET_CLASS
</SECTION>
<SECTION>
<FILE>polkitbackendlocalauthorizationstore</FILE>
<TITLE>PolkitBackendLocalAuthorizationStore</TITLE>
PolkitBackendLocalAuthorizationStore
PolkitBackendLocalAuthorizationStoreClass
polkit_backend_local_authorization_store_new
polkit_backend_local_authorization_store_lookup
<SUBSECTION Standard>
POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE
POLKIT_BACKEND_IS_LOCAL_AUTHORIZATION_STORE
POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE
polkit_backend_local_authorization_store_get_type
POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_CLASS
POLKIT_BACKEND_IS_LOCAL_AUTHORIZATION_STORE_CLASS
POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_GET_CLASS
</SECTION>
<SECTION>
<FILE>polkitbackendinteractiveauthority</FILE>
<TITLE>PolkitBackendInteractiveAuthority</TITLE>
......
......@@ -20,6 +20,7 @@ polkit_backend_action_lookup_get_type
polkit_backend_action_pool_get_type
polkit_backend_session_monitor_get_type
polkit_backend_config_source_get_type
polkit_backend_local_authorization_store_get_type
polkit_agent_session_get_type
polkit_agent_listener_get_type
......@@ -47,6 +47,7 @@ libpolkit_backend_1include_HEADERS = \
polkitbackendsessionmonitor.h \
polkitbackendconfigsource.h \
polkitbackendactionlookup.h \
polkitbackendlocalauthorizationstore.h \
$(NULL)
libpolkit_backend_1_la_SOURCES = \
......@@ -62,6 +63,7 @@ libpolkit_backend_1_la_SOURCES = \
polkitbackendsessionmonitor.h polkitbackendsessionmonitor.c \
polkitbackendconfigsource.h polkitbackendconfigsource.c \
polkitbackendactionlookup.h polkitbackendactionlookup.c \
polkitbackendlocalauthorizationstore.h polkitbackendlocalauthorizationstore.c \
$(NULL)
libpolkit_backend_1_la_CFLAGS = \
......@@ -97,4 +99,5 @@ clean-local :
install-exec-hook:
mkdir -p $(DESTDIR)$(localstatedir)/lib/polkit-1
-chmod 600 $(DESTDIR)$(localstatedir)/lib/polkit-1
mkdir -p $(DESTDIR)$(localstatedir)/lib/polkit-1/localauthority/{10-vendor.d,20-org.d,30-site.d,50-local.d,90-mandatory.d}
mkdir -p $(DESTDIR)$(libdir)/polkit-1/extensions
......@@ -37,6 +37,7 @@
#include <polkitbackend/polkitbackendsessionmonitor.h>
#include <polkitbackend/polkitbackendconfigsource.h>
#include <polkitbackend/polkitbackendactionlookup.h>
#include <polkitbackend/polkitbackendlocalauthorizationstore.h>
#undef _POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H
#endif /* __POLKIT_BACKEND_H */
......
......@@ -30,6 +30,7 @@
#include <polkit/polkit.h>
#include "polkitbackendconfigsource.h"
#include "polkitbackendlocalauthority.h"
#include "polkitbackendlocalauthorizationstore.h"
#include <polkit/polkitprivate.h>
......@@ -45,14 +46,10 @@
/* ---------------------------------------------------------------------------------------------------- */
static GList *get_users_in_group (PolkitBackendInteractiveAuthority *authority,
PolkitIdentity *group,
static GList *get_users_in_group (PolkitIdentity *group,
gboolean include_root);
#if 0
static GList *get_groups_for_user (PolkitBackendInteractiveAuthority *authority,
PolkitIdentity *user);
#endif
static GList *get_groups_for_user (PolkitIdentity *user);
/* ---------------------------------------------------------------------------------------------------- */
......@@ -60,6 +57,8 @@ typedef struct
{
PolkitBackendConfigSource *config_source;
GList *authorization_stores;
} PolkitBackendLocalAuthorityPrivate;
/* ---------------------------------------------------------------------------------------------------- */
......@@ -98,12 +97,33 @@ polkit_backend_local_authority_init (PolkitBackendLocalAuthority *authority)
{
PolkitBackendLocalAuthorityPrivate *priv;
GFile *directory;
guint n;
const gchar *store_locations[] =
{
PACKAGE_LOCALSTATE_DIR "/lib/polkit-1/localauthority/10-vendor.d",
PACKAGE_LOCALSTATE_DIR "/lib/polkit-1/localauthority/20-org.d",
PACKAGE_LOCALSTATE_DIR "/lib/polkit-1/localauthority/30-site.d",
PACKAGE_LOCALSTATE_DIR "/lib/polkit-1/localauthority/50-local.d",
PACKAGE_LOCALSTATE_DIR "/lib/polkit-1/localauthority/90-mandatory.d",
NULL
};
priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (authority);
directory = g_file_new_for_path (PACKAGE_SYSCONF_DIR "/polkit-1/localauthority.conf.d");
priv->config_source = polkit_backend_config_source_new (directory);
g_object_unref (directory);
for (n = 0; store_locations[n] != NULL; n++)
{
PolkitBackendLocalAuthorizationStore *store;
directory = g_file_new_for_path (store_locations[n]);
store = polkit_backend_local_authorization_store_new (directory, ".pkla");
priv->authorization_stores = g_list_prepend (priv->authorization_stores, store);
g_object_unref (directory);
}
priv->authorization_stores = g_list_reverse (priv->authorization_stores);
}
static void
......@@ -118,6 +138,9 @@ polkit_backend_local_authority_finalize (GObject *object)
if (priv->config_source != NULL)
g_object_unref (priv->config_source);
g_list_foreach (priv->authorization_stores, (GFunc) g_object_unref, NULL);
g_list_free (priv->authorization_stores);
G_OBJECT_CLASS (polkit_backend_local_authority_parent_class)->finalize (object);
}
......@@ -188,7 +211,7 @@ polkit_backend_local_authority_get_admin_auth_identities (PolkitBackendInteracti
}
else if (POLKIT_IS_UNIX_GROUP (identity))
{
ret = g_list_concat (ret, get_users_in_group (authority, identity, FALSE));
ret = g_list_concat (ret, get_users_in_group (identity, FALSE));
}
else
{
......@@ -218,20 +241,70 @@ polkit_backend_local_authority_check_authorization_sync (PolkitBackendInteractiv
PolkitDetails *details,
PolkitImplicitAuthorization implicit)
{
PolkitBackendLocalAuthority *local_authority;
PolkitBackendLocalAuthorityPrivate *priv;
PolkitImplicitAuthorization ret;
GList *groups;
GList *l, *ll;
ret = implicit;
local_authority = POLKIT_BACKEND_LOCAL_AUTHORITY (authority);
priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (local_authority);
#if 0
g_debug ("local: checking `%s' for subject `%s' (user `%s')",
action_id,
polkit_subject_to_string (subject),
polkit_identity_to_string (user_for_subject));
#endif
return implicit;
/* First lookup for all groups the user belong to */
groups = get_groups_for_user (user_for_subject);
for (ll = groups; ll != NULL; ll = ll->next)
{
PolkitIdentity *group = POLKIT_IDENTITY (ll->data);
for (l = priv->authorization_stores; l != NULL; l = l->next)
{
PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (l->data);
if (polkit_backend_local_authorization_store_lookup (store,
group,
action_id,
details,
&ret))
{
; /* do nothing */
}
}
}
g_list_foreach (groups, (GFunc) g_object_unref, NULL);
g_list_free (groups);
/* Then do it for the user */
for (l = priv->authorization_stores; l != NULL; l = l->next)
{
PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (l->data);
if (polkit_backend_local_authorization_store_lookup (store,
user_for_subject,
action_id,
details,
&ret))
{
; /* do nothing */
}
}
return ret;
}
/* ---------------------------------------------------------------------------------------------------- */
static GList *
get_users_in_group (PolkitBackendInteractiveAuthority *authority,
PolkitIdentity *group,
gboolean include_root)
get_users_in_group (PolkitIdentity *group,
gboolean include_root)
{
gid_t gid;
struct group *grp;
......@@ -275,10 +348,8 @@ get_users_in_group (PolkitBackendInteractiveAuthority *authority,
return ret;
}
#if 0
static GList *
get_groups_for_user (PolkitBackendInteractiveAuthority *authority,
PolkitIdentity *user)
get_groups_for_user (PolkitIdentity *user)
{
uid_t uid;
struct passwd *passwd;
......@@ -317,6 +388,5 @@ get_groups_for_user (PolkitBackendInteractiveAuthority *authority,
return result;
}
#endif
/* ---------------------------------------------------------------------------------------------------- */
This diff is collapsed.
/*
* Copyright (C) 2008 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, write to the
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*
* Author: David Zeuthen <davidz@redhat.com>
*/
#if !defined (_POLKIT_BACKEND_COMPILATION) && !defined(_POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H)
#error "Only <polkitbackend/polkitbackend.h> can be included directly, this file may disappear or change contents."
#endif
#ifndef __POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_H
#define __POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_H
#include <glib-object.h>
#include <gio/gio.h>
#include <polkitbackend/polkitbackendtypes.h>
G_BEGIN_DECLS
#define POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE (polkit_backend_local_authorization_store_get_type ())
#define POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE, PolkitBackendLocalAuthorizationStore))
#define POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_CLASS(k) (G_TYPE_CHECK_CLASS_CAST ((k), POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE, PolkitBackendLocalAuthorizationStoreClass))
#define POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE,PolkitBackendLocalAuthorizationStoreClass))
#define POLKIT_BACKEND_IS_LOCAL_AUTHORIZATION_STORE(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE))
#define POLKIT_BACKEND_IS_LOCAL_AUTHORIZATION_STORE_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE))
typedef struct _PolkitBackendLocalAuthorizationStoreClass PolkitBackendLocalAuthorizationStoreClass;
typedef struct _PolkitBackendLocalAuthorizationStorePrivate PolkitBackendLocalAuthorizationStorePrivate;
struct _PolkitBackendLocalAuthorizationStore
{
GObject parent_instance;
PolkitBackendLocalAuthorizationStorePrivate *priv;
};
struct _PolkitBackendLocalAuthorizationStoreClass
{
/*< public >*/
GObjectClass parent_class;
/* Signals */
void (*changed) (PolkitBackendLocalAuthorizationStore *store);
/*< private >*/
/* Padding for future expansion */
void (*_polkit_reserved1) (void);
void (*_polkit_reserved2) (void);
void (*_polkit_reserved3) (void);
void (*_polkit_reserved4) (void);
void (*_polkit_reserved5) (void);
void (*_polkit_reserved6) (void);
void (*_polkit_reserved7) (void);
void (*_polkit_reserved8) (void);
};
GType polkit_backend_local_authorization_store_get_type (void) G_GNUC_CONST;
PolkitBackendLocalAuthorizationStore *polkit_backend_local_authorization_store_new (GFile *directory,
const gchar *extension);
gboolean polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorizationStore *store,
PolkitIdentity *identity,
const gchar *action_id,
PolkitDetails *details,
PolkitImplicitAuthorization *out_result);
G_END_DECLS
#endif /* __POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_H */
......@@ -42,5 +42,8 @@ typedef struct _PolkitBackendInteractiveAuthority PolkitBackendInteractiveAuthor
struct _PolkitBackendLocalAuthority;
typedef struct _PolkitBackendLocalAuthority PolkitBackendLocalAuthority;
struct _PolkitBackendLocalAuthorizationStore;
typedef struct _PolkitBackendLocalAuthorizationStore PolkitBackendLocalAuthorizationStore;
#endif /* __POLKIT_BACKEND_TYPES_H */
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment