Commit f8624198 authored by David Zeuthen's avatar David Zeuthen

rework the .auths file format to use key/value pairs and make it future-proof

parent 67befeae
......@@ -611,7 +611,8 @@ out:
* Takes an array of key/value pairs and generates a string
* <literal>"k1=v1:k2=v2:...:k_n=v_n"</literal> where
* <literal>k_i</literal> and <literal>v_i</literal> are percent
* encoded representations of the given key/value pairs.
* encoded representations of the given key/value pairs. The string
* will have a newline (ASCII character 10) at end.
*
* The string can later be parsed with kit_string_entry_parse() to get
* the exact same list of key/value pairs back.
......@@ -660,6 +661,10 @@ kit_string_entry_createv (char *buf, size_t buf_size, const char *kv_pairs[])
m += kit_string_percent_encode (buf + m, buf_size - m > 0 ? buf_size - m : 0, value);
}
if (m < buf_size)
buf[m] = '\n';
m++;
out:
if (m < buf_size)
buf[m] = '\0';
......
......@@ -235,7 +235,6 @@ polkit_authorization_db_add_entry_process_one_shot (PolKitAuthorizationDB *authd
char *action_id;
uid_t caller_uid;
pid_t caller_pid;
char *grant_line;
polkit_bool_t ret;
polkit_uint64_t pid_start_time;
struct timeval now;
......@@ -270,19 +269,33 @@ polkit_authorization_db_add_entry_process_one_shot (PolKitAuthorizationDB *authd
return FALSE;
}
grant_line = g_strdup_printf ("process-one-shot:%d:%Lu:%s:%Lu:%d:%s\n",
caller_pid,
pid_start_time,
action_id,
(polkit_uint64_t) now.tv_sec,
user_authenticated_as,
cbuf);
char pid_buf[32];
char pid_st_buf[32];
char now_buf[32];
char uid_buf[32];
char auth_buf[1024];
snprintf (pid_buf, sizeof (pid_buf), "%d", caller_pid);
snprintf (pid_st_buf, sizeof (pid_st_buf), "%Lu", pid_start_time);
snprintf (now_buf, sizeof (now_buf), "%Lu", (polkit_uint64_t) now.tv_sec);
snprintf (uid_buf, sizeof (uid_buf), "%d", user_authenticated_as);
if (kit_string_entry_create (auth_buf, sizeof (auth_buf),
"scope", "process-one-shot",
"pid", pid_buf,
"pid-start-time", pid_st_buf,
"action-id", action_id,
"when", now_buf,
"auth-as", uid_buf,
"constraint", cbuf,
NULL) >= sizeof (auth_buf)) {
g_warning ("authbuf for is too small");
return FALSE;
}
ret = _polkit_authorization_db_auth_file_add (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit",
TRUE,
caller_uid,
grant_line);
g_free (grant_line);
auth_buf);
return ret;
}
......@@ -320,7 +333,6 @@ polkit_authorization_db_add_entry_process (PolKitAuthorizationDB *authd
char *action_id;
uid_t caller_uid;
pid_t caller_pid;
char *grant_line;
polkit_bool_t ret;
polkit_uint64_t pid_start_time;
struct timeval now;
......@@ -355,19 +367,33 @@ polkit_authorization_db_add_entry_process (PolKitAuthorizationDB *authd
return FALSE;
}
grant_line = g_strdup_printf ("process:%d:%Lu:%s:%Lu:%d:%s\n",
caller_pid,
pid_start_time,
action_id,
(polkit_uint64_t) now.tv_sec,
user_authenticated_as,
cbuf);
char pid_buf[32];
char pid_st_buf[32];
char now_buf[32];
char uid_buf[32];
char auth_buf[1024];
snprintf (pid_buf, sizeof (pid_buf), "%d", caller_pid);
snprintf (pid_st_buf, sizeof (pid_st_buf), "%Lu", pid_start_time);
snprintf (now_buf, sizeof (now_buf), "%Lu", (polkit_uint64_t) now.tv_sec);
snprintf (uid_buf, sizeof (uid_buf), "%d", user_authenticated_as);
if (kit_string_entry_create (auth_buf, sizeof (auth_buf),
"scope", "process",
"pid", pid_buf,
"pid-start-time", pid_st_buf,
"action-id", action_id,
"when", now_buf,
"auth-as", uid_buf,
"constraint", cbuf,
NULL) >= sizeof (auth_buf)) {
g_warning ("authbuf for is too small");
return FALSE;
}
ret = _polkit_authorization_db_auth_file_add (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit",
TRUE,
caller_uid,
grant_line);
g_free (grant_line);
auth_buf);
return ret;
}
......@@ -405,7 +431,6 @@ polkit_authorization_db_add_entry_session (PolKitAuthorizationDB *authd
{
uid_t session_uid;
char *action_id;
char *grant_line;
PolKitSession *session;
char *session_objpath;
polkit_bool_t ret;
......@@ -440,18 +465,28 @@ polkit_authorization_db_add_entry_session (PolKitAuthorizationDB *authd
return FALSE;
}
grant_line = g_strdup_printf ("session:%s:%s:%Lu:%d:%s\n",
session_objpath,
action_id,
(polkit_uint64_t) now.tv_sec,
user_authenticated_as,
cbuf);
char now_buf[32];
char uid_buf[32];
char auth_buf[1024];
snprintf (now_buf, sizeof (now_buf), "%Lu", (polkit_uint64_t) now.tv_sec);
snprintf (uid_buf, sizeof (uid_buf), "%d", user_authenticated_as);
if (kit_string_entry_create (auth_buf, sizeof (auth_buf),
"scope", "session",
"session-id", session_objpath,
"action-id", action_id,
"when", now_buf,
"auth-as", uid_buf,
"constraint", cbuf,
NULL) >= sizeof (auth_buf)) {
g_warning ("authbuf for is too small");
return FALSE;
}
ret = _polkit_authorization_db_auth_file_add (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit",
TRUE,
session_uid,
grant_line);
g_free (grant_line);
auth_buf);
return ret;
}
......@@ -488,7 +523,6 @@ polkit_authorization_db_add_entry_always (PolKitAuthorizationDB *authd
{
uid_t uid;
char *action_id;
char *grant_line;
polkit_bool_t ret;
struct timeval now;
PolKitAuthorizationConstraint *constraint;
......@@ -515,17 +549,27 @@ polkit_authorization_db_add_entry_always (PolKitAuthorizationDB *authd
return FALSE;
}
grant_line = g_strdup_printf ("always:%s:%Lu:%d:%s\n",
action_id,
(polkit_uint64_t) now.tv_sec,
user_authenticated_as,
cbuf);
char now_buf[32];
char uid_buf[32];
char auth_buf[1024];
snprintf (now_buf, sizeof (now_buf), "%Lu", (polkit_uint64_t) now.tv_sec);
snprintf (uid_buf, sizeof (uid_buf), "%d", user_authenticated_as);
if (kit_string_entry_create (auth_buf, sizeof (auth_buf),
"scope", "always",
"action-id", action_id,
"when", now_buf,
"auth-as", uid_buf,
"constraint", cbuf,
NULL) >= sizeof (auth_buf)) {
g_warning ("authbuf for is too small");
return FALSE;
}
ret = _polkit_authorization_db_auth_file_add (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit",
FALSE,
uid,
grant_line);
g_free (grant_line);
auth_buf);
return ret;
}
......
......@@ -56,7 +56,6 @@ main (int argc, char *argv[])
uid_t invoking_uid;
char *action_id;
char *endp;
char grant_line[512];
struct timeval now;
ret = 1;
......@@ -179,22 +178,27 @@ main (int argc, char *argv[])
return FALSE;
}
if (snprintf (grant_line,
sizeof (grant_line),
is_negative ? "grant-negative:%s:%Lu:%d:%s\n" :
"grant:%s:%Lu:%d:%s\n" ,
action_id,
(polkit_uint64_t) now.tv_sec,
invoking_uid,
authc_str) >= (int) sizeof (grant_line)) {
fprintf (stderr, "polkit-explicit-grant-helper: str to add is too long!\n");
char now_buf[32];
char uid_buf[32];
char auth_buf[1024];
snprintf (now_buf, sizeof (now_buf), "%Lu", (polkit_uint64_t) now.tv_sec);
snprintf (uid_buf, sizeof (uid_buf), "%d", invoking_uid);
if (kit_string_entry_create (auth_buf, sizeof (auth_buf),
"scope", is_negative ? "grant-negative" : "grant",
"action-id", action_id,
"when", now_buf,
"granted-by", uid_buf,
"constraint", authc_str,
NULL) >= sizeof (auth_buf)) {
kit_warning ("polkit-explicit-grant-helper: authbuf is too small");
goto out;
}
if (_polkit_authorization_db_auth_file_add (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit",
FALSE,
target_uid,
grant_line)) {
auth_buf)) {
ret = 0;
}
......
......@@ -176,33 +176,42 @@ main (int argc, char *argv[])
not_granted_by_self = FALSE;
is_one_shot = FALSE;
if (strcmp (scope, "process") == 0) {
if (strcmp (scope, "scope=process") == 0) {
root = PACKAGE_LOCALSTATE_DIR "/run/PolicyKit";
} else if (strcmp (scope, "process-one-shot") == 0) {
} else if (strcmp (scope, "scope=process-one-shot") == 0) {
root = PACKAGE_LOCALSTATE_DIR "/run/PolicyKit";
is_one_shot = TRUE;
} else if (strcmp (scope, "session") == 0) {
} else if (strcmp (scope, "scope=session") == 0) {
root = PACKAGE_LOCALSTATE_DIR "/run/PolicyKit";
} else if (strcmp (scope, "always") == 0) {
} else if (strcmp (scope, "scope=always") == 0) {
root = PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit";
} else if (strcmp (scope, "grant") == 0 ||
strcmp (scope, "grant-negative") == 0) {
uid_t granted_by;
} else if (strcmp (scope, "scope=grant") == 0 ||
strcmp (scope, "scope=grant-negative") == 0) {
unsigned int n;
root = PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit";
if (num_tokens < 5)
goto out;
granted_by = strtol (tokens[3], &endp, 10);
if (*endp != '\0') {
fprintf (stderr, "polkit-revoke-helper: cannot parse granted-by uid\n");
goto out;
for (n = 1; n < num_tokens; n++) {
if (strncmp (tokens[n], "granted-by=", sizeof ("granted-by=") - 1) == 0) {
uid_t granted_by;
granted_by = strtol (tokens[n] + sizeof ("granted-by=") - 1, &endp, 10);
if (*endp != '\0') {
fprintf (stderr, "polkit-revoke-helper: cannot parse granted-by uid\n");
goto out;
}
if (granted_by != invoking_uid)
not_granted_by_self = TRUE;
goto parsed_granted_by;
}
}
if (granted_by != invoking_uid)
not_granted_by_self = TRUE;
fprintf (stderr, "polkit-revoke-helper: cannot find key granted-by\n");
goto out;
parsed_granted_by:
;
} else {
fprintf (stderr, "polkit-revoke-helper: unknown scope '%s'\n", scope);
goto out;
......
This diff is collapsed.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment