Commit 81401e16 authored by David Zeuthen's avatar David Zeuthen

remove misguided action parameters

This feature was introduced with

 commit 02a4c510
 http://gitweb.freedesktop.org/?p=PolicyKit.git;a=commit;h=02a4c5101ca4751963f76a0e016d3308389dc2a5

It makes things a lot harder for privilege granting if a feature like
action parameters are present. Thinking about it, they're not really
necessary; the parameters should just be encoded in the resource name;
e.g. with the example given in the commit

> This is useful for letting mechanisms convey information which may be
> useful in making a decision whether an action is OK. For example,
> NetworkManager could use this to provide the phone-number parameter
> with a hypothetical "nm-dialup" action. Then a site or vendor can
> provide insert
>
>  mandatory polkit-run-program.so \
>     program="/usr/lib/check-dialup-number.sh" privilege="nm-dialup"
>
> into /etc/PolicyKit/PolicyKit.conf and have said program check
>
>  $POLKIT_ACTION_PARAM_PHONE_NUMBER
>
> in that program.

is broken; the right thing here is for a hypothetical NetworkManager
to pass the dial up connection details as the resource

 resource.type = "NetworkManager"
 resource.id = "/org/freedesktop/NM/DialUpConnection/number=555-HOT-CHICKS"

in a well-defined format etc. etc.
parent 845b572b
......@@ -25,9 +25,6 @@ The following options are supported:
.I "--action"
The action to check.
.TP
.I "--action-param <key>=<value>"
Append parameters to action.
.TP
.I "--caller"
The caller to check for. Must be the callers unique name on the D-Bus
system message bus.
......
......@@ -25,9 +25,6 @@ The following options are supported:
.I "--action"
The action to check.
.TP
.I "--action-param <key>=<value>"
Append parameters to action.
.TP
.I "--session"
The session to check for. Must be a ConsoleKit object path. If
ommitted the current session is used.
......
......@@ -101,11 +101,6 @@ the system message bus.
.B POLKIT_ACTION_ID
An identifier for the action
.TP
.B POLKIT_ACTION_<KEY_NAME>=<value-name>
All action parameters are put in the environment; the key is
uppercased and hyphen and period characters are replaced with
underscores.
.TP
.B POLKIT_RESOURCE_ID
Resource identifier
.TP
......
......@@ -169,79 +169,6 @@ libpolkit_action_debug (PolKitAction *action)
_pk_debug ("PolKitAction: refcount=%d id=%s", action->refcount, action->id);
}
/**
* libpolkit_action_set_param:
* @action: the action
* @key: key
* @value: value
*
* Set a parameter (a key/value pair) associated with the action.
**/
void
libpolkit_action_set_param (PolKitAction *action, const char *key, const char *value)
{
g_return_if_fail (action != NULL);
g_return_if_fail (key != NULL);
g_hash_table_insert (action->params, g_strdup (key), g_strdup (value));
}
/**
* libpolkit_action_get_param:
* @action: the action
* @key: key
*
* Get a parameter (a key/value pair) associated with the action.
*
* Returns: the value or #NULL if the parameter wasn't set.
**/
const char *
libpolkit_action_get_param (PolKitAction *action, const char *key)
{
const char *value;
g_return_val_if_fail (action != NULL, NULL);
g_return_val_if_fail (key != NULL, NULL);
value = g_hash_table_lookup (action->params, key);
return value;
}
typedef struct {
PolKitAction *action;
PolKitActionParamForeachFunc cb;
void *user_data;
} HashClosure;
static void
_hash_cb (gpointer key, gpointer value, gpointer user_data)
{
HashClosure *data = user_data;
data->cb (data->action, key, value, data->user_data);
}
/**
* libpolkit_action_param_foreach:
* @action: the action
* @cb: function to call
* @user_data: user data
*
* Calls the given function for each parameter on the object.
**/
void
libpolkit_action_param_foreach (PolKitAction *action, PolKitActionParamForeachFunc cb, void *user_data)
{
HashClosure data;
g_return_if_fail (action != NULL);
g_return_if_fail (cb != NULL);
data.action = action;
data.cb = cb;
data.user_data = user_data;
g_hash_table_foreach (action->params, _hash_cb, &data);
}
/**
* libpolkit_action_validate:
* @action: the object
......
......@@ -35,30 +35,12 @@
struct PolKitAction;
typedef struct PolKitAction PolKitAction;
/**
* PolKitActionParamForeachFunc:
* @action: the action
* @key: key of parameter
* @value: value of parameter
* @user_data: user data
*
* Type for function used in libpolkit_action_param_foreach().
**/
typedef void (*PolKitActionParamForeachFunc) (PolKitAction *action,
const char *key,
const char *value,
void *user_data);
PolKitAction *libpolkit_action_new (void);
PolKitAction *libpolkit_action_ref (PolKitAction *action);
void libpolkit_action_unref (PolKitAction *action);
polkit_bool_t libpolkit_action_set_action_id (PolKitAction *action, const char *action_id);
polkit_bool_t libpolkit_action_get_action_id (PolKitAction *action, char **out_action_id);
void libpolkit_action_set_param (PolKitAction *action, const char *key, const char *value);
const char *libpolkit_action_get_param (PolKitAction *action, const char *key);
void libpolkit_action_param_foreach (PolKitAction *action, PolKitActionParamForeachFunc cb, void *user_data);
void libpolkit_action_debug (PolKitAction *action);
polkit_bool_t libpolkit_action_validate (PolKitAction *action);
......
......@@ -97,29 +97,6 @@ _module_shutdown (PolKitModuleInterface *module_interface)
}
}
static void
_add_action_param_to_env (PolKitAction *action, const char *key, const char *value, gpointer user_data)
{
int n;
char *upper;
GPtrArray *envp = user_data;
if (key == NULL || value == NULL)
return;
upper = g_ascii_strup (key, -1);
for (n = 0; upper[n] != '\0'; n++) {
switch (upper[n]) {
case '.':
case '-':
upper[n] = '_';
break;
}
}
g_ptr_array_add (envp, g_strdup_printf ("POLKIT_ACTION_PARAM_%s=%s", upper, value));
g_free (upper);
}
static polkit_bool_t
_add_action_to_env (PolKitAction *action, GPtrArray *envp)
{
......@@ -127,8 +104,6 @@ _add_action_to_env (PolKitAction *action, GPtrArray *envp)
if (!libpolkit_action_get_action_id (action, &p_id))
goto error;
g_ptr_array_add (envp, g_strdup_printf ("POLKIT_ACTION_ID=%s", p_id));
libpolkit_action_param_foreach (action, _add_action_param_to_env, envp);
return TRUE;
error:
return FALSE;
......
......@@ -46,14 +46,12 @@ usage (int argc, char *argv[])
"\n"
"usage : polkit-check-caller\n"
" --caller <dbus-name> --action <action>\n"
" [--action-param <key>=<value>]\n"
" --resource-type <type> --resource-id <id>\n"
" [--version] [--help]\n");
fprintf (stderr,
"\n"
" --caller Unique name of caller on the system bus\n"
" --action Requested action\n"
" --action-param Action parameters (may occur multiple times)\n"
" --resource-type Type of resource\n"
" --resource-id Identifier of resource\n"
" --version Show version and exit\n"
......@@ -81,17 +79,12 @@ main (int argc, char *argv[])
PolKitAction *action;
gboolean allowed;
PolKitError *p_error;
GPtrArray *params;
int n;
char *param_key;
char *param_value;
if (argc <= 1) {
usage (argc, argv);
return 1;
}
params = g_ptr_array_new ();
while (1) {
int c;
int option_index = 0;
......@@ -100,7 +93,6 @@ main (int argc, char *argv[])
{"resource-type", 1, NULL, 0},
{"resource-id", 1, NULL, 0},
{"action", 1, NULL, 0},
{"action-param", 1, NULL, 0},
{"caller", 1, NULL, 0},
{"version", 0, NULL, 0},
{"help", 0, NULL, 0},
......@@ -127,18 +119,6 @@ main (int argc, char *argv[])
resource_id = strdup (optarg);
} else if (strcmp (opt, "action") == 0) {
action_id = strdup (optarg);
} else if (strcmp (opt, "action-param") == 0) {
param_key = strdup (optarg);
param_value = NULL;
for (n = 0; param_key[n] != '=' && param_key[n] != '\0'; n++)
;
if (param_key[n] == '\0')
usage (argc, argv);
param_key[n] = '\0';
param_value = param_key + n + 1;
g_ptr_array_add (params, g_strdup (param_key));
g_ptr_array_add (params, g_strdup (param_value));
g_free (param_key);
} else if (strcmp (opt, "caller") == 0) {
dbus_name = strdup (optarg);
}
......@@ -178,16 +158,6 @@ main (int argc, char *argv[])
action = libpolkit_action_new ();
libpolkit_action_set_action_id (action, action_id);
for (n = 0; n < (int) params->len; n += 2) {
char *key;
char *value;
key = params->pdata[n];
value = params->pdata[n+1];
libpolkit_action_set_param (action, key, value);
g_free (key);
g_free (value);
}
g_ptr_array_free (params, TRUE);
resource = libpolkit_resource_new ();
libpolkit_resource_set_resource_type (resource, resource_type);
......
......@@ -46,14 +46,12 @@ usage (int argc, char *argv[])
"\n"
"usage : polkit-check-session\n"
" [--session <session>] --action <action>\n"
" [--action-param <key>=<value>]"
" --resource-type <type> --resource-id <id>\n"
" [--version] [--help]\n");
fprintf (stderr,
"\n"
" --session ConsoleKit object path of session\n"
" --action Requested action\n"
" --action-param Action parameters (may occur multiple times)\n"
" --resource-type Type of resource\n"
" --resource-id Identifier of resource\n"
" --version Show version and exit\n"
......@@ -82,10 +80,6 @@ main (int argc, char *argv[])
PolKitAction *action;
gboolean allowed;
PolKitError *p_error;
GPtrArray *params;
int n;
char *param_key;
char *param_value;
if (argc <= 1) {
usage (argc, argv);
......@@ -94,7 +88,6 @@ main (int argc, char *argv[])
cookie = getenv ("XDG_SESSION_COOKIE");
params = g_ptr_array_new ();
while (1) {
int c;
int option_index = 0;
......@@ -103,7 +96,6 @@ main (int argc, char *argv[])
{"resource-type", 1, NULL, 0},
{"resource-id", 1, NULL, 0},
{"action", 1, NULL, 0},
{"action-param", 1, NULL, 0},
{"session", 1, NULL, 0},
{"version", 0, NULL, 0},
{"help", 0, NULL, 0},
......@@ -130,18 +122,6 @@ main (int argc, char *argv[])
resource_id = strdup (optarg);
} else if (strcmp (opt, "action") == 0) {
action_id = strdup (optarg);
} else if (strcmp (opt, "action-param") == 0) {
param_key = strdup (optarg);
param_value = NULL;
for (n = 0; param_key[n] != '=' && param_key[n] != '\0'; n++)
;
if (param_key[n] == '\0')
usage (argc, argv);
param_key[n] = '\0';
param_value = param_key + n + 1;
g_ptr_array_add (params, g_strdup (param_key));
g_ptr_array_add (params, g_strdup (param_value));
g_free (param_key);
} else if (strcmp (opt, "session") == 0) {
session_id = strdup (optarg);
}
......@@ -195,16 +175,6 @@ main (int argc, char *argv[])
action = libpolkit_action_new ();
libpolkit_action_set_action_id (action, action_id);
for (n = 0; n < (int) params->len; n += 2) {
char *key;
char *value;
key = params->pdata[n];
value = params->pdata[n+1];
libpolkit_action_set_param (action, key, value);
g_free (key);
g_free (value);
}
g_ptr_array_free (params, TRUE);
resource = libpolkit_resource_new ();
libpolkit_resource_set_resource_type (resource, resource_type);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment