Add support for querying and revoking temporary authorizations

Also change how authentication agents are registered (take a Subject instead of the session-id) and add convenience functions to asynchronously construct a PolkitUnixSession object given a process id (by querying ConsoleKit).
author: David Zeuthen <davidz@redhat.com> 2009-07-20 18:49:25 -0400
committer: David Zeuthen <davidz@redhat.com> 2009-07-20 18:49:25 -0400
commit: 36fc7a6d358c1d373c181191da6265a538a71dae (patch)
tree: 166630eadb8a659fb9ea988f93d3ff7120d8dd64 /data
parent: ae8ea087928b7a1bc34b2380872da8867563bec1 (diff)
download: polkit-36fc7a6d358c1d373c181191da6265a538a71dae.tar.gz
1 files changed, 64 insertions, 6 deletions
diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml
index ed4e57a..6b29e8e 100644
--- a/data/org.freedesktop.PolicyKit1.Authority.xml
+++ b/data/org.freedesktop.PolicyKit1.Authority.xml
@@ -30,7 +30,7 @@
 
     <!-- Identity struct -->
     <annotation name="org.gtk.EggDBus.DeclareStruct" value="Identity">
-      <annotation name="org.gtk.EggDBus.DocString.Summary" value="Subjects"/>
+      <annotation name="org.gtk.EggDBus.DocString.Summary" value="Identities"/>
       <annotation name="org.gtk.EggDBus.DocString" value="<para>This struct describes identities such as UNIX users and UNIX groups. It is typically used to check if a given process is authorized for an action.</para><para>The following kinds of identities are known:</para>
                   <formalpara><title>Unix User</title><para><literal>identity_kind</literal> should be set to <literal>unix-user</literal> with key <literal>uid</literal> (of type <literal>uint32</literal>).</para></formalpara>
                   <formalpara><title>Unix Group</title><para><literal>identity_kind</literal> should be set to <literal>unix-group</literal> with key <literal>gid</literal> (of type <literal>uint32</literal>).</para></formalpara>
@@ -254,8 +254,9 @@
     <method name="RegisterAuthenticationAgent">
       <annotation name="org.gtk.EggDBus.DocString" value="<para>Register an authentication agent.</para><para>Note that current versions of PolicyKit will only work if @session_id is set to the empty string. In the future it might work for non-empty strings if the caller is sufficiently privileged.</para>"/>
 
-      <arg name="session_id" direction="in" type="s">
-        <annotation name="org.gtk.EggDBus.DocString" value="The session to register the authentication for or blank for the session the caller of the method is in."/>
+      <arg name="subject" direction="in" type="(sa{sv})">
+        <annotation name="org.gtk.EggDBus.Type" value="Subject"/>
+        <annotation name="org.gtk.EggDBus.DocString" value="The subject to register the authentication agent for, typically a session subject."/>
       </arg>
 
       <arg name="locale" direction="in" type="s">
@@ -270,12 +271,13 @@
     <method name="UnregisterAuthenticationAgent">
       <annotation name="org.gtk.EggDBus.DocString" value="Unregister an authentication agent."/>
 
-      <arg name="session_id" direction="in" type="s">
-        <annotation name="org.gtk.EggDBus.DocString" value="The session identifier passed to org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent()."/>
+      <arg name="subject" direction="in" type="(sa{sv})">
+        <annotation name="org.gtk.EggDBus.Type" value="Subject"/>
+        <annotation name="org.gtk.EggDBus.DocString" value="The @subject passed to org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent()."/>
       </arg>
 
       <arg name="object_path" direction="in" type="s">
-        <annotation name="org.gtk.EggDBus.DocString" value="The object path of authentication agent object on the unique name of the caller."/>
+        <annotation name="org.gtk.EggDBus.DocString" value="The @object_path passed to org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent()."/>
       </arg>
     </method>
 
@@ -292,6 +294,62 @@
       </arg>
     </method>
 
+    <!-- ---------------------------------------------------------------------------------------------------- -->
+
+    <!-- TemporaryAuthorization struct -->
+    <annotation name="org.gtk.EggDBus.DeclareStruct" value="TemporaryAuthorization">
+      <annotation name="org.gtk.EggDBus.DocString.Summary" value="Temporary Authorizations"/>
+      <annotation name="org.gtk.EggDBus.DocString" value="This struct describes a temporary authorization."/>
+
+      <annotation name="org.gtk.EggDBus.Struct.Member"  value="String:id">
+        <annotation name="org.gtk.EggDBus.DocString" value="An opaque identifier for the temporary authorization."/>
+      </annotation>
+
+      <annotation name="org.gtk.EggDBus.Struct.Member"  value="String:action_id">
+        <annotation name="org.gtk.EggDBus.DocString" value="The action the temporary authorization is for."/>
+      </annotation>
+
+      <annotation name="org.gtk.EggDBus.Struct.Member"  value="Subject:subject">
+        <annotation name="org.gtk.EggDBus.Type" value="Subject"/>
+        <annotation name="org.gtk.EggDBus.DocString" value="The subject the temporary authorization is for."/>
+      </annotation>
+
+      <annotation name="org.gtk.EggDBus.Struct.Member"  value="UInt64:time_obtained">
+        <annotation name="org.gtk.EggDBus.DocString" value="When the temporary authorization was obtained, in seconds since the Epoch Jan 1, 1970 0:00 UTC."/>
+      </annotation>
+
+      <annotation name="org.gtk.EggDBus.Struct.Member"  value="UInt64:time_expires">
+        <annotation name="org.gtk.EggDBus.DocString" value="When the temporary authorization is set to expire, in seconds since the Epoch Jan 1, 1970 0:00 UTC."/>
+      </annotation>
+    </annotation>
+
+    <!-- ---------------------------------------------------------------------------------------------------- -->
+
+    <method name="EnumerateTemporaryAuthorizations">
+      <annotation name="org.gtk.EggDBus.DocString" value="Retrieves all temporary authorizations that applies to @subject."/>
+
+      <arg name="subject" direction="in" type="(sa{sv})">
+        <annotation name="org.gtk.EggDBus.Type" value="Subject"/>
+        <annotation name="org.gtk.EggDBus.DocString" value="The subject to get temporary authorizations for."/>
+      </arg>
+
+      <arg name="temporary_authorizations" direction="out" type="a(ss(sa{sv})tt)">
+        <annotation name="org.gtk.EggDBus.Type" value="Array<TemporaryAuthorization>"/>
+        <annotation name="org.gtk.EggDBus.DocString" value="An array of #TemporaryAuthorization structs."/>
+      </arg>
+    </method>
+
+    <method name="RevokeTemporaryAuthorizations">
+      <annotation name="org.gtk.EggDBus.DocString" value="Revokes all temporary authorizations that applies to @subject."/>
+
+      <arg name="subject" direction="in" type="(sa{sv})">
+        <annotation name="org.gtk.EggDBus.Type" value="Subject"/>
+        <annotation name="org.gtk.EggDBus.DocString" value="The subject to revoke temporary authorizations from."/>
+      </arg>
+    </method>
+
+    <!-- ---------------------------------------------------------------------------------------------------- -->
+
     <signal name="Changed">
       <annotation name="org.gtk.EggDBus.DocString" value="This signal is emitted when actions and/or authorizations change"/>
     </signal>
author	David Zeuthen <davidz@redhat.com>	2009-07-20 18:49:25 -0400
committer	David Zeuthen <davidz@redhat.com>	2009-07-20 18:49:25 -0400
commit	36fc7a6d358c1d373c181191da6265a538a71dae (patch)
tree	166630eadb8a659fb9ea988f93d3ff7120d8dd64 /data
parent	ae8ea087928b7a1bc34b2380872da8867563bec1 (diff)
download	polkit-36fc7a6d358c1d373c181191da6265a538a71dae.tar.gz