Commit f62117c9 authored by David Zeuthen's avatar David Zeuthen

In .pkla files, use Result{Any,Inactive,Active} instead of just Result

parent 5bf2c57b
......@@ -80,6 +80,7 @@ polkit_implicit_authorization_from_string (const gchar *string,
{
g_warning ("Unknown PolkitImplicitAuthorization string '%s'", string);
ret = FALSE;
result = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN;
}
if (out_implicit_authorization != NULL)
......@@ -97,6 +98,10 @@ polkit_implicit_authorization_to_string (PolkitImplicitAuthorization implicit_au
switch (implicit_authorization)
{
case POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN:
s = "unknown";
break;
case POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED:
s = "no";
break;
......
......@@ -36,6 +36,7 @@ GType polkit_implicit_authorization_get_type (void) G_GNUC_CONST;
/**
* PolkitImplicitAuthorization:
* @POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN: Unknown whether the subject is authorized, never returned in any public API.
* @POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED: Subject is not authorized.
* @POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED: Authentication is required.
* @POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED: Authentication as an administrator is required.
......@@ -47,6 +48,7 @@ GType polkit_implicit_authorization_get_type (void) G_GNUC_CONST;
*/
typedef enum
{
POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN = -1,
POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED = 0,
POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED = 1,
POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED = 2,
......
......@@ -633,6 +633,8 @@ check_authorization_sync (PolkitBackendAuthority *authority,
caller,
subject,
user_of_subject,
session_is_local,
session_is_active,
action_id,
details,
implicit_authorization);
......@@ -771,6 +773,8 @@ polkit_backend_interactive_authority_get_admin_identities (PolkitBackendInteract
* @caller: The subject that is inquiring whether @subject is authorized.
* @subject: The subject we are checking an authorization for.
* @user_for_subject: The user of the subject we are checking an authorization for.
* @subject_is_local: %TRUE if the session for @subject is local.
* @subject_is_active: %TRUE if the session for @subject is active.
* @action_id: The action we are checking an authorization for.
* @details: Details about the action.
* @implicit: A #PolkitImplicitAuthorization value computed from the policy file and @subject.
......@@ -788,6 +792,8 @@ polkit_backend_interactive_authority_check_authorization_sync (PolkitBackendInte
PolkitSubject *caller,
PolkitSubject *subject,
PolkitIdentity *user_for_subject,
gboolean subject_is_local,
gboolean subject_is_active,
const gchar *action_id,
PolkitDetails *details,
PolkitImplicitAuthorization implicit)
......@@ -807,6 +813,8 @@ polkit_backend_interactive_authority_check_authorization_sync (PolkitBackendInte
caller,
subject,
user_for_subject,
subject_is_local,
subject_is_active,
action_id,
details,
implicit);
......
......@@ -79,6 +79,8 @@ struct _PolkitBackendInteractiveAuthorityClass
PolkitSubject *caller,
PolkitSubject *subject,
PolkitIdentity *user_for_subject,
gboolean subject_is_local,
gboolean subject_is_active,
const gchar *action_id,
PolkitDetails *details,
PolkitImplicitAuthorization implicit);
......@@ -132,6 +134,8 @@ PolkitImplicitAuthorization polkit_backend_interactive_authority_check_authoriza
PolkitSubject *caller,
PolkitSubject *subject,
PolkitIdentity *user_for_subject,
gboolean subject_is_local,
gboolean subject_is_active,
const gchar *action_id,
PolkitDetails *details,
PolkitImplicitAuthorization implicit);
......
......@@ -75,6 +75,8 @@ static PolkitImplicitAuthorization polkit_backend_local_authority_check_authoriz
PolkitSubject *caller,
PolkitSubject *subject,
PolkitIdentity *user_for_subject,
gboolean subject_is_local,
gboolean subject_is_active,
const gchar *action_id,
PolkitDetails *details,
PolkitImplicitAuthorization implicit);
......@@ -237,6 +239,8 @@ polkit_backend_local_authority_check_authorization_sync (PolkitBackendInteractiv
PolkitSubject *caller,
PolkitSubject *subject,
PolkitIdentity *user_for_subject,
gboolean subject_is_local,
gboolean subject_is_active,
const gchar *action_id,
PolkitDetails *details,
PolkitImplicitAuthorization implicit)
......@@ -244,6 +248,9 @@ polkit_backend_local_authority_check_authorization_sync (PolkitBackendInteractiv
PolkitBackendLocalAuthority *local_authority;
PolkitBackendLocalAuthorityPrivate *priv;
PolkitImplicitAuthorization ret;
PolkitImplicitAuthorization ret_any;
PolkitImplicitAuthorization ret_inactive;
PolkitImplicitAuthorization ret_active;
GList *groups;
GList *l, *ll;
......@@ -273,9 +280,25 @@ polkit_backend_local_authority_check_authorization_sync (PolkitBackendInteractiv
group,
action_id,
details,
&ret))
&ret_any,
&ret_inactive,
&ret_active))
{
; /* do nothing */
if (subject_is_local && subject_is_active)
{
if (ret_active != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN)
ret = ret_active;
}
else if (subject_is_local)
{
if (ret_inactive != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN)
ret = ret_inactive;
}
else
{
if (ret_any != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN)
ret = ret_any;
}
}
}
}
......@@ -291,9 +314,25 @@ polkit_backend_local_authority_check_authorization_sync (PolkitBackendInteractiv
user_for_subject,
action_id,
details,
&ret))
&ret_any,
&ret_inactive,
&ret_active))
{
; /* do nothing */
if (subject_is_local && subject_is_active)
{
if (ret_active != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN)
ret = ret_active;
}
else if (subject_is_local)
{
if (ret_inactive != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN)
ret = ret_inactive;
}
else
{
if (ret_any != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN)
ret = ret_any;
}
}
}
......
......@@ -76,7 +76,9 @@ typedef struct
GList *identity_specs;
GList *action_specs;
PolkitImplicitAuthorization result;
PolkitImplicitAuthorization result_any;
PolkitImplicitAuthorization result_inactive;
PolkitImplicitAuthorization result_active;
} LocalAuthorization;
static void
......@@ -100,12 +102,16 @@ local_authorization_new (GKeyFile *key_file,
LocalAuthorization *authorization;
gchar **identity_strings;
gchar **action_strings;
gchar *result_string;
gchar *result_any_string;
gchar *result_inactive_string;
gchar *result_active_string;
guint n;
identity_strings = NULL;
action_strings = NULL;
result_string = NULL;
result_any_string = NULL;
result_inactive_string = NULL;
result_active_string = NULL;
authorization = g_new0 (LocalAuthorization, 1);
......@@ -143,27 +149,76 @@ local_authorization_new (GKeyFile *key_file,
g_pattern_spec_new (action_strings[n]));
}
result_string = g_key_file_get_string (key_file,
group,
"Result",
error);
if (result_string == NULL)
authorization->result_any = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN;
authorization->result_inactive = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN;
authorization->result_active = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN;
result_any_string = g_key_file_get_string (key_file,
group,
"ResultAny",
NULL);
if (result_any_string != NULL)
{
local_authorization_free (authorization);
authorization = NULL;
goto out;
if (!polkit_implicit_authorization_from_string (result_any_string,
&authorization->result_any))
{
g_set_error (error,
POLKIT_ERROR,
POLKIT_ERROR_FAILED,
"Cannot parse ResultAny string `%s'", result_any_string);
local_authorization_free (authorization);
authorization = NULL;
goto out;
}
}
if (!polkit_implicit_authorization_from_string (result_string,
&authorization->result))
result_inactive_string = g_key_file_get_string (key_file,
group,
"ResultInactive",
NULL);
if (result_inactive_string != NULL)
{
g_set_error (error,
POLKIT_ERROR,
POLKIT_ERROR_FAILED,
"Cannot parse Result string `%s'", result_string);
local_authorization_free (authorization);
authorization = NULL;
goto out;
if (!polkit_implicit_authorization_from_string (result_inactive_string,
&authorization->result_inactive))
{
g_set_error (error,
POLKIT_ERROR,
POLKIT_ERROR_FAILED,
"Cannot parse ResultInactive string `%s'", result_inactive_string);
local_authorization_free (authorization);
authorization = NULL;
goto out;
}
}
result_active_string = g_key_file_get_string (key_file,
group,
"ResultActive",
NULL);
if (result_active_string != NULL)
{
if (!polkit_implicit_authorization_from_string (result_active_string,
&authorization->result_active))
{
g_set_error (error,
POLKIT_ERROR,
POLKIT_ERROR_FAILED,
"Cannot parse ResultActive string `%s'", result_active_string);
local_authorization_free (authorization);
authorization = NULL;
goto out;
}
}
if (result_any_string == NULL && result_inactive_string == NULL && result_active_string == NULL)
{
g_set_error (error,
POLKIT_ERROR,
POLKIT_ERROR_FAILED,
"Must have at least one of ResultAny, ResultInactive and ResultActive");
local_authorization_free (authorization);
authorization = NULL;
goto out;
}
authorization->id = g_strdup_printf ("%s::%s", filename, group);
......@@ -171,7 +226,9 @@ local_authorization_new (GKeyFile *key_file,
out:
g_strfreev (identity_strings);
g_free (action_strings);
g_free (result_string);
g_free (result_any_string);
g_free (result_inactive_string);
g_free (result_active_string);
return authorization;
}
......@@ -545,7 +602,9 @@ polkit_backend_local_authorization_store_ensure (PolkitBackendLocalAuthorization
* @identity: The identity to check for.
* @action_id: The action id to check for.
* @details: Details for @action.
* @out_result: Return location for the result if the look up matched.
* @out_result_any: Return location for the result for any subjects if the look up matched.
* @out_result_inactive: Return location for the result for subjects in local inactive sessions if the look up matched.
* @out_result_active: Return location for the result for subjects in local active sessions if the look up matched.
*
* Checks if an authorization entry from @store matches @identity, @action_id and @details.
*
......@@ -557,7 +616,9 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization
PolkitIdentity *identity,
const gchar *action_id,
PolkitDetails *details,
PolkitImplicitAuthorization *out_result)
PolkitImplicitAuthorization *out_result_any,
PolkitImplicitAuthorization *out_result_inactive,
PolkitImplicitAuthorization *out_result_active)
{
GList *l, *ll;
gboolean ret;
......@@ -567,7 +628,9 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization
g_return_val_if_fail (POLKIT_IS_IDENTITY (identity), FALSE);
g_return_val_if_fail (action_id != NULL, FALSE);
g_return_val_if_fail (POLKIT_IS_DETAILS (details), FALSE);
g_return_val_if_fail (out_result != NULL, FALSE);
g_return_val_if_fail (out_result_any != NULL, FALSE);
g_return_val_if_fail (out_result_inactive != NULL, FALSE);
g_return_val_if_fail (out_result_active != NULL, FALSE);
ret = FALSE;
identity_string = NULL;
......@@ -599,7 +662,9 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization
continue;
/* Yay, a match! However, keep going since subsequent authorization entries may modify the result */
*out_result = authorization->result;
*out_result_any = authorization->result_any;
*out_result_inactive = authorization->result_inactive;
*out_result_active = authorization->result_active;
ret = TRUE;
#if 0
......
......@@ -71,11 +71,13 @@ struct _PolkitBackendLocalAuthorizationStoreClass
GType polkit_backend_local_authorization_store_get_type (void) G_GNUC_CONST;
PolkitBackendLocalAuthorizationStore *polkit_backend_local_authorization_store_new (GFile *directory,
const gchar *extension);
gboolean polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorizationStore *store,
PolkitIdentity *identity,
const gchar *action_id,
PolkitDetails *details,
PolkitImplicitAuthorization *out_result);
gboolean polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorizationStore *store,
PolkitIdentity *identity,
const gchar *action_id,
PolkitDetails *details,
PolkitImplicitAuthorization *out_result_any,
PolkitImplicitAuthorization *out_result_inactive,
PolkitImplicitAuthorization *out_result_active);
G_END_DECLS
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment