diff options
| author | David Zeuthen <davidz@redhat.com> | 2009-01-20 18:29:29 -0500 |
|---|---|---|
| committer | David Zeuthen <davidz@redhat.com> | 2009-01-20 18:29:29 -0500 |
| commit | 39427166d5f77945cc21e1458f184e54c02cefe9 (patch) | |
| tree | 0acb4d78c348fe275d43cabea5bde1adcaf5ae0e /src | |
| parent | 19dc13e92ed684fa2b50f5ca4b73d5537394c995 (diff) | |
| download | polkit-39427166d5f77945cc21e1458f184e54c02cefe9.tar.gz | |
add more infrastructure for authentication agent integration
Diffstat (limited to 'src')
| -rw-r--r-- | src/polkitbackend/polkitbackendlocalauthority.c | 102 |
1 files changed, 102 insertions, 0 deletions
diff --git a/src/polkitbackend/polkitbackendlocalauthority.c b/src/polkitbackend/polkitbackendlocalauthority.c index 976d9fc..d97da1d 100644 --- a/src/polkitbackend/polkitbackendlocalauthority.c +++ b/src/polkitbackend/polkitbackendlocalauthority.c @@ -59,8 +59,22 @@ static AuthorizationStore *get_authorization_store_for_identity (PolkitBackendLo struct AuthenticationAgent; typedef struct AuthenticationAgent AuthenticationAgent; +typedef void (*AuthenticationAgentCallback) (AuthenticationAgent *agent, + PolkitSubject *subject, + const gchar *action_id, + PolkitImplicitAuthorization implicit_authorization, + gboolean authentication_success, + gpointer user_data); + static void authentication_agent_free (AuthenticationAgent *agent); +static void authentication_agent_initiate_challenge (AuthenticationAgent *agent, + PolkitSubject *subject, + const gchar *action_id, + PolkitImplicitAuthorization implicit_authorization, + AuthenticationAgentCallback callback, + gpointer user_data); + static AuthenticationAgent *get_authentication_agent_for_subject (PolkitBackendLocalAuthority *authority, PolkitSubject *subject); @@ -343,6 +357,45 @@ polkit_backend_local_authority_enumerate_groups (PolkitBackendAuthority *autho /* ---------------------------------------------------------------------------------------------------- */ static void +check_authorization_challenge_cb (AuthenticationAgent *agent, + PolkitSubject *subject, + const gchar *action_id, + PolkitImplicitAuthorization implicit_authorization, + gboolean authentication_success, + gpointer user_data) +{ + PolkitBackendPendingCall *pending_call = POLKIT_BACKEND_PENDING_CALL (user_data); + PolkitAuthorizationResult result; + gchar *subject_str; + + subject_str = polkit_subject_to_string (subject); + + g_debug ("In check_authorization_challenge_cb\n" + " subject %s\n" + " action_id %s\n" + " authentication_success %d\n", + subject_str, + action_id, + authentication_success); + + if (authentication_success) + { + result = POLKIT_AUTHORIZATION_RESULT_AUTHORIZED; + + /* TODO: store temporary authorization depending on value of implicit_authorization */ + } + else + { + /* TODO: maybe return FAILED_CHALLENGE instead? */ + result = POLKIT_AUTHORIZATION_RESULT_NOT_AUTHORIZED; + } + + polkit_backend_authority_check_authorization_finish (pending_call, result); + + g_free (subject_str); +} + +static void polkit_backend_local_authority_check_authorization (PolkitBackendAuthority *authority, PolkitSubject *subject, const gchar *action_id, @@ -456,6 +509,35 @@ polkit_backend_local_authority_check_authorization (PolkitBackendAuthority goto out; } + /* TODO: temporary hack */ + flags |= POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION; + + /* Caller is up for a challenge! With light sabers! Use an authentication agent if one exists... */ + if ((result == POLKIT_AUTHORIZATION_RESULT_CHALLENGE) && + (flags & POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION)) + { + AuthenticationAgent *agent; + + agent = get_authentication_agent_for_subject (local_authority, subject); + if (agent == NULL) + { + g_debug (" challenge requested, but no authentication agent available"); + } + else + { + g_debug (" using authentication agent for challenge"); + + authentication_agent_initiate_challenge (agent, + subject, + action_id, + implicit_authorization, + check_authorization_challenge_cb, + pending_call); + goto out; + } + + } + polkit_backend_authority_check_authorization_finish (pending_call, result); out: @@ -860,6 +942,8 @@ get_authentication_agent_for_subject (PolkitBackendLocalAuthority *authority, out: if (session_for_subject != NULL) g_object_unref (session_for_subject); + + return agent; } static AuthenticationAgent * @@ -885,6 +969,24 @@ get_authentication_agent_by_unique_system_bus_name (PolkitBackendLocalAuthority return agent; } +static void +authentication_agent_initiate_challenge (AuthenticationAgent *agent, + PolkitSubject *subject, + const gchar *action_id, + PolkitImplicitAuthorization implicit_authorization, + AuthenticationAgentCallback callback, + gpointer user_data) +{ + /* TODO */ + + callback (agent, + subject, + action_id, + implicit_authorization, + FALSE, + user_data); +} + /* ---------------------------------------------------------------------------------------------------- */ static void |