rename revoke_if_oneshot to is_mechanism and also expose this on D-Bus

e701ee4c · David Zeuthen · 44434ffa · e701ee4c · e701ee4c · e701ee4c
Commit e701ee4c authored Oct 31, 2007 by David Zeuthen
5 changed files
--- a/polkit/polkit-context.c
+++ b/polkit/polkit-context.c
@@ -426,7 +426,8 @@ polkit_context_get_policy_cache (PolKitContext *pk_context)
 * @pk_context: the PolicyKit context
 * @action: the type of access to check for
 * @session: the session in question
- * @revoke_if_oneshot: TODO
+ * @is_mechanism: Whether the mechanism carrying out the action is
+ * asking. This can be used to revoke one-time-only authorizations.
 *
 * Determine if any caller from a giver session is authorized to do a
 * given action.
@@ -440,7 +441,7 @@ PolKitResult
 polkit_context_is_session_authorized (PolKitContext         *pk_context,
                                      PolKitAction          *action,
                                      PolKitSession         *session,
-                                      polkit_bool_t          revoke_if_oneshot)
+                                      polkit_bool_t          is_mechanism)
 {
        /* TODO: properly implement */
        return polkit_context_can_session_do_action (pk_context, action, session);
@@ -451,7 +452,8 @@ polkit_context_is_session_authorized (PolKitContext         *pk_context,
 * @pk_context: the PolicyKit context
 * @action: the type of access to check for
 * @caller: the caller in question
- * @revoke_if_oneshot: TODO
+ * @is_mechanism: Whether the mechanism carrying out the action is
+ * asking. This can be used to revoke one-time-only authorizations.
 *
 * Determine if a given caller is authorized to do a given action.
 *
@@ -464,7 +466,7 @@ PolKitResult
 polkit_context_is_caller_authorized (PolKitContext         *pk_context,
                                     PolKitAction          *action,
                                     PolKitCaller          *caller,
-                                     polkit_bool_t          revoke_if_oneshot)
+                                     polkit_bool_t          is_mechnanism)
 {
        /* TODO: properly implement */
        return polkit_context_can_caller_do_action (pk_context, action, caller);

--- a/polkit/polkit-context.h
+++ b/polkit/polkit-context.h
@@ -173,12 +173,12 @@ PolKitConfig *polkit_context_get_config (PolKitContext *pk_context, PolKitError
 PolKitResult polkit_context_is_caller_authorized (PolKitContext         *pk_context,
                                                  PolKitAction          *action,
                                                  PolKitCaller          *caller,
-                                                  polkit_bool_t          revoke_if_oneshot);
+                                                  polkit_bool_t          is_mechanism);

 PolKitResult polkit_context_is_session_authorized (PolKitContext         *pk_context,
                                                   PolKitAction          *action,
                                                   PolKitSession         *session,
-                                                   polkit_bool_t          revoke_if_oneshot);
+                                                   polkit_bool_t          is_mechanism);

 PolKitAuthorizationDB *polkit_context_get_authorization_db (PolKitContext *pk_context);


--- a/polkitd/org.freedesktop.PolicyKit.xml
+++ b/polkitd/org.freedesktop.PolicyKit.xml
@@ -9,6 +9,9 @@
      <arg name="action_id" direction="in" type="s"/>
      <!-- IN: process id of caller to check for -->
      <arg name="pid" direction="in" type="u"/>
+      <!-- IN: see parameter 'is_mechanism' in polkit_context_is_caller_authorized()  -->
+      <arg name="is_mechanism" direction="in" type="b"/>
+
      <!-- OUT: the PolKitResult in textual form -->
      <arg name="result" direction="out" type="s"/>
    </method>
@@ -19,9 +22,21 @@
      <arg name="action_id" direction="in" type="s"/>
      <!-- IN: Unique name on the system bus of the caller to check for -->
      <arg name="system_bus_name" direction="in" type="s"/>
+      <!-- IN: see parameter 'is_mechanism' in polkit_context_is_caller_authorized()  -->
+      <arg name="is_mechanism" direction="in" type="b"/>
      <!-- OUT: the PolKitResult in textual form -->
      <arg name="result" direction="out" type="s"/>
    </method>

+    <!-- Both methods can throw these exceptions: 
+         
+         org.freedesktop.PolicyKit.GeneralError
+           if e.g. the passed parameters are bogus
+         
+         org.freedesktop.PolicyKit.NotAuthorized
+           if the caller is not authorized to know this; e.g. if he
+           lacks the org.freedesktop.policykit.read authorization
+      -->
+
  </interface>
 </node>
--- a/polkitd/polkit-daemon.c
+++ b/polkitd/polkit-daemon.c
@@ -231,9 +231,7 @@ _filter (DBusConnection *connection, DBusMessage *message, void *user_data)
            (dbus_message_get_interface (message) != NULL &&
             g_str_has_prefix (dbus_message_get_interface (message), "org.freedesktop.ConsoleKit"))) {
                if (polkit_tracker_dbus_func (daemon->priv->pk_tracker, message)) {
-
                        /* Something has changed! TODO: emit D-Bus signal? */
-                        g_debug ("Something has changed!");
                }
        }

@@ -383,6 +381,7 @@ static gboolean
 is_caller_authorized (PolKitDaemon          *daemon, 
                      const char            *action_id, 
                      PolKitCaller          *pk_caller, 
+                      gboolean               is_mechanism,
                      DBusGMethodInvocation *context)
 {
        gboolean ret;
@@ -433,7 +432,7 @@ is_caller_authorized (PolKitDaemon          *daemon,

        pk_action = polkit_action_new ();
        polkit_action_set_action_id (pk_action, action_id);
-        pk_result = polkit_context_is_caller_authorized (daemon->priv->pk_context, pk_action, pk_caller, FALSE);
+        pk_result = polkit_context_is_caller_authorized (daemon->priv->pk_context, pk_action, pk_caller, is_mechanism);
        polkit_action_unref (pk_action);

        dbus_g_method_return (context, polkit_result_to_string_representation (pk_result));
@@ -452,6 +451,7 @@ gboolean
 polkit_daemon_is_process_authorized (PolKitDaemon          *daemon,
                                     const char            *action_id, 
                                     guint32                pid,
+                                     gboolean               is_mechanism,
                                     DBusGMethodInvocation *context)
 {
        gboolean ret;
@@ -478,7 +478,7 @@ polkit_daemon_is_process_authorized (PolKitDaemon          *daemon,
                goto out;
        }

-        ret = is_caller_authorized (daemon, action_id, pk_caller, context);
+        ret = is_caller_authorized (daemon, action_id, pk_caller, is_mechanism, context);

 out:
        return ret;
@@ -488,6 +488,7 @@ gboolean
 polkit_daemon_is_system_bus_name_authorized (PolKitDaemon          *daemon,
                                             const char            *action_id, 
                                             const char            *system_bus_name,
+                                             gboolean               is_mechanism,
                                             DBusGMethodInvocation *context)
 {
        gboolean ret;
@@ -504,7 +505,6 @@ polkit_daemon_is_system_bus_name_authorized (PolKitDaemon          *daemon,
                error = g_error_new (POLKIT_DAEMON_ERROR,
                                     POLKIT_DAEMON_ERROR_GENERAL,
                                     "Given system bus name is not a valid unique system bus name");
-                dbus_error_free (&dbus_error);
                dbus_g_method_return_error (context, error);
                g_error_free (error);
                goto out;
@@ -524,7 +524,7 @@ polkit_daemon_is_system_bus_name_authorized (PolKitDaemon          *daemon,
                goto out;
        }

-        ret = is_caller_authorized (daemon, action_id, pk_caller, context);
+        ret = is_caller_authorized (daemon, action_id, pk_caller, is_mechanism, context);

 out:
        return ret;

--- a/polkitd/polkit-daemon.h
+++ b/polkitd/polkit-daemon.h
@@ -18,6 +18,14 @@
 *
 */

+#ifndef __POLKIT_DAEMON_H__
+#define __POLKIT_DAEMON_H__
+
+#include <glib-object.h>
+#include <polkit-dbus/polkit-dbus.h>
+
+G_BEGIN_DECLS
+
 #define POLKIT_TYPE_DAEMON         (polkit_daemon_get_type ())
 #define POLKIT_DAEMON(o)           (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_TYPE_DAEMON, PolKitDaemon))
 #define POLKIT_DAEMON_CLASS(k)     (G_TYPE_CHECK_CLASS_CAST((k), POLKIT_TYPE_DAEMON, PolKitDaemonClass))
@@ -56,17 +64,18 @@ PolKitDaemon *polkit_daemon_new                 (gboolean no_exit);

 /* exported methods */

-gboolean polkit_daemon_is_session_authorized         (PolKitDaemon          *daemon, 
-                                                      const char            *action_id, 
-                                                      const char            *ck_session_id,
-                                                      DBusGMethodInvocation *context);
-
 gboolean polkit_daemon_is_process_authorized         (PolKitDaemon          *daemon,
                                                      const char            *action_id, 
                                                      guint32                pid,
+                                                      gboolean               is_mechanism,
                                                      DBusGMethodInvocation *context);

 gboolean polkit_daemon_is_system_bus_name_authorized (PolKitDaemon          *daemon,
                                                      const char            *action_id, 
                                                      const char            *system_bus_name,
+                                                      gboolean               is_mechanism,
                                                      DBusGMethodInvocation *context);
+
+G_END_DECLS
+
+#endif /* __POLKIT_DAEMON_H__ */