[BRLTTY] [patch] allow authentication via polkit
Mike Gorse
mgorse at alum.wpi.edu
Tue Feb 2 23:12:50 EST 2016
On Thu, 28 Jan 2016, Dave Mielke wrote:
>> I have written a patch to allow polkit-based authentication for
>> brlapi.
>
> Cool! Thanks. Your patch has now been committed to the repository. I've made a
> few formatting changes so please verify that I haven't broken anything.
>
> There are a couple of error paths that don't log the problem. I'd appreciate it
> if you could ensure that all error paths log the reason for the failure.
>
> The subject variable gets assigned by a function call but it isn't checked for
> success. Is that call always successful?
I'm attaching a patch that fixes a few things:
- logs if polkit_unix_process_new_for_owner fails.
- Adds comments to the arguments to
polkit_authority_check_authorization_sync().
- Move the g_object_unref() so that it isn't called until we're finished
with the result.
Maybe the logSystemError("polkit_authority_check_authorization_sync")
should log the contents of error_local->message somehow.
Thanks,
-Mike
-------------- next part --------------
diff --git a/Programs/auth.c b/Programs/auth.c
index 1913640..6de3844 100644
--- a/Programs/auth.c
+++ b/Programs/auth.c
@@ -486,27 +486,30 @@ authPolkit_server (AuthDescriptor *auth, FileDescriptor fd, void *data) {
logMessage(LOG_DEBUG, "attempting to authenticate pid %d via polkit", cred.pid);
PolkitSubject *subject = polkit_unix_process_new_for_owner(cred.pid, -1, -1);
- GError *error_local = NULL;
-
- PolkitAuthorizationResult *result = polkit_authority_check_authorization_sync(
- polkit->authority,
- subject,
- "org.brltty.write-display",
- NULL,
- POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE,
- NULL,
- &error_local
- );
-
- if (result) {
- g_object_unref(result);
-
- int isAuthorized = polkit_authorization_result_get_is_authorized(result);
- logMessage(LOG_DEBUG, "polkit_authority_check_authorization_sync returned %d", isAuthorized);
- return isAuthorized;
+ if (subject) {
+ GError *error_local = NULL;
+
+ PolkitAuthorizationResult *result = polkit_authority_check_authorization_sync(
+ polkit->authority, /* authority */
+ subject, /* PolkitSubject for client */
+ "org.brltty.write-display", /* name of polkit action */
+ NULL, /* details */
+ POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE, /* disallow interaction */
+ NULL, /* GCancellable */
+ &error_local /* returned error */
+ );
+
+ if (result) {
+ int isAuthorized = polkit_authorization_result_get_is_authorized(result);
+ g_object_unref(result);
+ logMessage(LOG_DEBUG, "polkit_authority_check_authorization_sync returned %d", isAuthorized);
+ return isAuthorized;
+ } else {
+ logSystemError("polkit_authority_check_authorization_sync");
+ g_error_free(error_local);
+ }
} else {
- logSystemError("polkit_authority_check_authorization_sync");
- g_error_free(error_local);
+ logSystemError("polkit_unix_process_new_for_owner");
}
} else {
logSystemError("getsockopt[SO_PEERCRED]");
More information about the BRLTTY
mailing list