summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Zeuthen <davidz@redhat.com>2011-02-21 17:12:17 -0500
committerDavid Zeuthen <davidz@redhat.com>2011-02-21 17:12:17 -0500
commit719585f1aecdc79598a6cecff936bd50e0f6a2f8 (patch)
treef583b66f018cbae817f2a8d73551530606d87585
parent8f3e92e81753059b858c9c7ea5c7f198e39bb54f (diff)
Pass caller and subject pid to authentication agent
The authentication agent can use information this to inform the user about the UI application that triggered the authentication request (if any). Signed-off-by: David Zeuthen <davidz@redhat.com>
-rw-r--r--docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml4
-rw-r--r--src/polkitbackend/polkitbackendinteractiveauthority.c57
2 files changed, 60 insertions, 1 deletions
diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml
index 85bbcf0..663169e 100644
--- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml
+++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml
@@ -71,7 +71,9 @@ The themed icon describing the action or the empty string if no icon is set.
<term><literal>IN Dict&lt;String,String&gt; <parameter>details</parameter></literal>:</term>
<listitem>
<para>
-Details about the authentication request. This is a dictionary of key/value pairs where both key and value are strings. These strings are translated into the locale passed when registering the authentication agent using <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent">RegisterAuthenticationAgent()</link>.
+Details about the authentication request. This is a dictionary of key/value pairs where both key and value are strings. These strings are translated into the locale passed when registering the authentication agent using <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent">RegisterAuthenticationAgent().</link>.
+Keys starting with <literal>polkit.</literal> are reserved for internal use and should never be displayed in the UI.
+Known key/value-pairs include <literal>polkit.caller-pid</literal> (the process id of the mechanism making the authorization check) and <literal>polkit.subject-pid</literal> (the process id of the subject the check is for).
</para>
</listitem>
</varlistentry>
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
index 386a4c9..ae1a1bf 100644
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
@@ -1796,6 +1796,60 @@ get_localized_data_for_challenge (PolkitBackendInteractiveAuthority *authority,
}
static void
+add_pid (PolkitDetails *details,
+ PolkitSubject *subject,
+ const gchar *key)
+{
+ gchar buf[32];
+ gint pid;
+
+ if (POLKIT_IS_UNIX_PROCESS (subject))
+ {
+ pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject));
+ }
+ else if (POLKIT_IS_SYSTEM_BUS_NAME (subject))
+ {
+ PolkitSubject *process;
+ GError *error;
+
+ error = NULL;
+ process = polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject),
+ NULL,
+ &error);
+ if (process == NULL)
+ {
+ g_printerr ("Error getting process for system bus name `%s': %s\n",
+ polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject)),
+ error->message);
+ g_error_free (error);
+ goto out;
+ }
+ pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (process));
+ g_object_unref (process);
+ }
+ else if (POLKIT_IS_UNIX_SESSION (subject))
+ {
+ goto out;
+ }
+ else
+ {
+ gchar *s;
+ s = polkit_subject_to_string (subject);
+ g_printerr ("Don't know how to get pid from subject of type %s: %s\n",
+ g_type_name (G_TYPE_FROM_INSTANCE (subject)),
+ s);
+ g_free (s);
+ goto out;
+ }
+
+ g_snprintf (buf, sizeof (buf), "%d", pid);
+ polkit_details_insert (details, key, buf);
+
+ out:
+ ;
+}
+
+static void
authentication_agent_initiate_challenge (AuthenticationAgent *agent,
PolkitSubject *subject,
PolkitIdentity *user_of_subject,
@@ -1866,6 +1920,9 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent,
agent->active_sessions = g_list_prepend (agent->active_sessions, session);
+ add_pid (localized_details, caller, "polkit.caller-pid");
+ add_pid (localized_details, subject, "polkit.subject-pid");
+
details_gvariant = polkit_details_to_gvariant (localized_details);
g_variant_ref_sink (details_gvariant);