PolicyKit exceptions now return related action id

comar/CMakeLists.txt

@@ -7,7 +7,7 @@ SET (APP_SUFFIX "")
 # Version string
 SET (VERSION_MAJOR "2")
 SET (VERSION_MINOR "0")
-SET (VERSION_PATCH "2")
+SET (VERSION_PATCH "3")
 
 # Uncomment this for production releases.
 #SET (VERSION_SUFFIX "beta2")

comar/ChangeLog

+2008-11-02  Bahadır Kandemir  <bahadir@pardus.org.tr>
+
+	* comar: PolicyKit exceptions now return related action id.

comar/include/policy.h

@@ -9,4 +9,5 @@
 
 #include <polkit-dbus/polkit-dbus.h>
 
-int policy_check(const char *sender, const char *interface, const char *method, PolKitResult *result);
+int policy_check(const char *sender, char *action, PolKitResult *result);
+char *policy_action(const char *interface, const char *method);

comar/src/dbus.c

@@ -589,7 +589,10 @@ dbus_policy_check(const char *sender, const char *interface, const char *method)
 
     PolKitResult polkit_result;
 
-    if (policy_check(sender, interface, method, &polkit_result)) {
+    char *action = policy_action(interface, method);
+    printf("action: %s\n", action);
+
+    if (policy_check(sender, action, &polkit_result)) {
         log_debug(LOG_PLCY, "PolicyKit: %s.%s = %s\n", interface, method, polkit_result_to_string_representation(polkit_result));
         switch (polkit_result) {
             case POLKIT_RESULT_YES:
@@ -606,17 +609,18 @@ dbus_policy_check(const char *sender, const char *interface, const char *method)
             case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS:
             case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT:
                 dbus_signal("/", interface, "PolicyKit", PyString_FromString("policy_auth_admin"));
-                dbus_reply_error("policy", "auth_admin", "Access denied, but can be granted via admin auth.");
+                dbus_reply_error("policy", "auth_admin", action);
                 return 0;
             case POLKIT_RESULT_ONLY_VIA_SELF_AUTH:
             case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION:
             case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS:
             case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT:
                 dbus_signal("/", interface, "PolicyKit", PyString_FromString("policy_auth_self"));
-                dbus_reply_error("policy", "auth_self", "Access denied, but can be granted via self auth.");
+                dbus_reply_error("policy", "auth_self", action);
                 return 0;
         }
     }
+    printf("hebele: %s\n", polkit_result_to_string_representation(polkit_result));
     dbus_reply_error("core", "internal", "Unable to query PolicyKit");
     return 0;
 }

comar/src/policy.c

@@ -22,15 +22,50 @@
 #include "model.h"
 #include "utility.h"
 
+//! Finds action_id of a method
+char *
+policy_action(const char *interface, const char *method)
+{
+    char *model, *action, *t, *access_label = NULL;
+    int size, node_no;
+
+    model = (char *) strsub(interface, strlen(cfg_bus_interface) + 1, 0);
+    node_no = model_lookup_method(model, method);
+    free(model);
+
+    if (node_no > -1) {
+        access_label = model_get_method_access_label(node_no);
+    }
+
+    if (access_label) {
+        // action = interface.access_label
+        size = strlen(interface) + 1 + strlen(access_label) + 1;
+        action = malloc(size);
+        snprintf(action, size, "%s.%s", interface, access_label);
+        action[size - 1] = '\0';
+    }
+    else {
+        // action = interface.method
+        size = strlen(interface) + 1 + strlen(method) + 1;
+        action = malloc(size);
+        snprintf(action, size, "%s.%s", interface, method);
+        action[size - 1] = '\0';
+    }
+
+    for (t = action; *t != '\0'; t++) {
+        *t = tolower(*t);
+    }
+
+    return action;
+}
+
 //! Check if sender is allowed to call method
 int
-policy_check(const char *sender, const char *interface, const char *method, PolKitResult *result)
+policy_check(const char *sender, char *action, PolKitResult *result)
 {
     /*!
      *
      * @sender Bus name of the sender
-     * @interface Interface
-     * @method Method
      * @result PK result
      * @return 0 on success, 1 on error
      */
@@ -41,8 +76,7 @@ policy_check(const char *sender, const char *interface, const char *method, PolK
     PolKitCaller *polkit_clr;
     PolKitAction *polkit_act;
     PolKitError *perr;
-    int size, node_no, uid = -1;
-    char *action, *access_label = NULL, *model, *t;
+    int uid = -1;
 
     *result = (PolKitResult) POLKIT_RESULT_NO;
 
@@ -81,41 +115,13 @@ policy_check(const char *sender, const char *interface, const char *method, PolK
         return 0;
     }
 
-    model = (char *) strsub(interface, strlen(cfg_bus_interface) + 1, 0);
-    node_no = model_lookup_method(model, method);
-    free(model);
-
-    if (node_no > -1) {
-        access_label = model_get_method_access_label(node_no);
-    }
-
-    if (access_label) {
-        // action = interface.access_label
-        size = strlen(interface) + 1 + strlen(access_label) + 1;
-        action = malloc(size);
-        snprintf(action, size, "%s.%s", interface, access_label);
-        action[size - 1] = '\0';
-    }
-    else {
-        // action = interface.method
-        size = strlen(interface) + 1 + strlen(method) + 1;
-        action = malloc(size);
-        snprintf(action, size, "%s.%s", interface, method);
-        action[size - 1] = '\0';
-    }
-
-    for (t = action; *t != '\0'; t++) {
-        *t = tolower(*t);
-    }
-
     if (!polkit_action_validate_id(action)) {
         // log_error("Unable to query CK, action is not valid: %s\n", action);
-        free(action);
         return 0;
     }
+
     polkit_act = polkit_action_new();
     polkit_action_set_action_id(polkit_act, action);
-    free(action);
 
     *result = polkit_context_is_caller_authorized(polkit_ctx, polkit_act, polkit_clr, FALSE, &perr);