diff options
| author | Vincent Untz <vuntz@novell.com> | 2010-02-17 20:11:00 +0100 |
|---|---|---|
| committer | Vincent Untz <vuntz@novell.com> | 2010-02-17 20:11:00 +0100 |
| commit | e6984fdf7d3d6fda79f4839b245fcca98fff8ebb (patch) | |
| tree | 7cd0a89e490b8af7cfd7836e4d92eb5bdc4441d3 | |
| parent | 71ba5b17d98da262666d7cef9c10ccdf8bfdc38e (diff) | |
Fix usage of multiple actions to determine if user interaction is needed
We make it possible for one specific dbus method to use multiple actions
to know if user interaction is needed.s
It used to work before without doing any specific, but with the port to
PolicyKit 1, we need to specify that the first actions (until the last
one) cannot use user interaction. So if the user is authorized for them,
it will just work, else we'll check for the following actions.
User interaction is only acceptable for the last action, which is the
minimal one required.
For example: to enable a printer, the fine-grained privilege
printer-enable is enough, but if it requires user interaction, we'll
skip it and go straight to the printer-X-edit action, which makes it
possible for the user to do more changes -- we won't ask for
authentication to enable it, and then again to change an option.
https://bugzilla.redhat.com/show_bug.cgi?id=518012
| -rw-r--r-- | src/cups-pk-helper-mechanism.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/src/cups-pk-helper-mechanism.c b/src/cups-pk-helper-mechanism.c index 457799b..8485c6c 100644 --- a/src/cups-pk-helper-mechanism.c +++ b/src/cups-pk-helper-mechanism.c @@ -249,6 +249,7 @@ static gboolean _check_polkit_for_action_internal (CphMechanism *mechanism, DBusGMethodInvocation *context, const char *action_method, + gboolean allow_user_interaction, GError **error) { char *sender; @@ -273,7 +274,9 @@ _check_polkit_for_action_internal (CphMechanism *mechanism, subject, action, NULL, - POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION, + allow_user_interaction ? + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION : + POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE, NULL, &local_error); g_object_unref (subject); @@ -317,26 +320,31 @@ _check_polkit_for_action_v (CphMechanism *mechanism, error = NULL; /* We check if the user is authorized for any of the specificed action - * methods. In case of failure, we'll fail for the last one. Therefore, - * we should choose with care the order, especially if we don't want - * to prompt for a password too often and if we don't want to authorize - * too many things at once. */ + * methods. We only allow user interaction for the last one. Therefore, + * callers of this function should choose with care the order, + * especially if we don't want to prompt for a password too often and + * if we don't want to authorize too many things at once. */ va_start (var_args, first_action_method); action_method = first_action_method; while (action_method) { + char *next_action_method; + if (error != NULL) { g_error_free (error); error = NULL; } + next_action_method = va_arg (var_args, char *); + retval = _check_polkit_for_action_internal (mechanism, context, action_method, + next_action_method == NULL, &error); if (retval) break; - action_method = va_arg (var_args, char *); + action_method = next_action_method; } va_end (var_args); |