diff options
| author | David Zeuthen <davidz@redhat.com> | 2007-08-27 11:27:39 -0400 |
|---|---|---|
| committer | David Zeuthen <davidz@redhat.com> | 2007-08-27 11:27:39 -0400 |
| commit | e55cb2360ae0f4d065d76ad7df25f4210a9607c8 (patch) | |
| tree | 510baaa5f0329ecac2e1e25ebc13d2dd8973f304 | |
| parent | 4f807a94b5116dabf15a10876d7a22f5a0587e31 (diff) | |
make config file override grant database
Even though a caller may have an entry in the grant database (and as
such will see POLKIT_RESULT_YES), change the behavior such that this
is no longer honored unless the config file specifies the result
POLKIT_RESULT_ONLY_VIA_[SELF|ADMIN]_AUTH_{,KEEP_SESSION|KEEP_ALWAYS}.
E.g. this allows the sysadmin to specify things like POLKIT_RESULT_NO
in the config file and that will now make existing grants
useless. This behavior is a lot more natural.
| -rw-r--r-- | polkit/polkit-context.c | 41 |
1 files changed, 32 insertions, 9 deletions
diff --git a/polkit/polkit-context.c b/polkit/polkit-context.c index 922e3ec..d806692 100644 --- a/polkit/polkit-context.c +++ b/polkit/polkit-context.c @@ -538,6 +538,8 @@ polkit_context_can_caller_do_action (PolKitContext *pk_context, PolKitPolicyCache *cache; PolKitPolicyFileEntry *pfe; PolKitResult result; + PolKitResult result_from_config; + PolKitResult result_from_grantdb; PolKitPolicyDefault *policy_default; PolKitConfig *config; @@ -580,17 +582,27 @@ polkit_context_can_caller_do_action (PolKitContext *pk_context, polkit_policy_file_entry_debug (pfe); - /* first, check if the grant database specifies a result */ - result = _polkit_grantdb_check_can_caller_do_action (pk_context, action, caller); - if (result != POLKIT_RESULT_UNKNOWN) - goto found; - - /* second, check if the config file specifies a result */ - result = polkit_config_can_caller_do_action (config, action, caller); - if (result != POLKIT_RESULT_UNKNOWN) + result_from_config = polkit_config_can_caller_do_action (config, action, caller); + result_from_grantdb = _polkit_grantdb_check_can_caller_do_action (pk_context, action, caller); + + /* fist, check if the config file specifies a result */ + if (result_from_config != POLKIT_RESULT_UNKNOWN) { + /* it does.. use it.. although try to use an existing grant if there is one */ + if ((result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH || + result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION || + result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS || + result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH || + result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION || + result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS) && + result_from_grantdb == POLKIT_RESULT_YES) { + result = POLKIT_RESULT_YES; + } else { + result = result_from_config; + } goto found; + } - /* if no, just use the defaults */ + /* use defaults as specified in the .policy file */ policy_default = polkit_policy_file_entry_get_default (pfe); if (policy_default == NULL) { g_warning ("no default policy for action!"); @@ -598,6 +610,17 @@ polkit_context_can_caller_do_action (PolKitContext *pk_context, } result = polkit_policy_default_can_caller_do_action (policy_default, action, caller); + /* use this result.. although try to use an existing grant if there is one */ + if ((result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH || + result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION || + result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS || + result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH || + result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION || + result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS) && + result_from_grantdb == POLKIT_RESULT_YES) { + result = POLKIT_RESULT_YES; + } + found: /* Never return UNKNOWN to user */ |