`202a73b`

Add temporary authorization revoke commands

Authored by mfwolffe <wolffemf@dukes.jmu.edu> 2 months ago

Status	File	+	-
M	`garcard-ipc/src/lib.rs`	2	0
M	`garcard/src/agent.rs`	23	0
M	`garcard/src/daemon.rs`	21	1
M	`garcardctl/src/main.rs`	4	0

garcard-ipc/src/lib.rsmodified

      Version,
      AuthSummary,
      TempList,
 +    TempRevoke { authorization_id: String },
 +    TempRevokeAll,
      Quit,
+ }

garcard/src/agent.rsmodified

      Ok(entries)
+ }
 +pub fn revoke_temporary_authorization_by_id(authorization_id: &str) -> Result<()> {
 +    let connection = Connection::system().context("failed to connect to system bus")?;
 +    let proxy = PolkitAgent::proxy(&connection)?;
 +    let _: () = proxy.call("RevokeTemporaryAuthorizationById", &authorization_id)?;
 +    Ok(())
 +}
++
 +pub fn revoke_all_temporary_authorizations() -> Result<usize> {
 +    let connection = Connection::system().context("failed to connect to system bus")?;
 +    let subject = build_subject();
 +    let proxy = PolkitAgent::proxy(&connection)?;
 +    let authorizations: Vec<TemporaryAuthorization> =
 +        proxy.call("EnumerateTemporaryAuthorizations", &subject)?;
++
 +    let mut revoked = 0_usize;
 +    for (authorization_id, _action_id, _subject, _obtained, _expires) in authorizations {
 +        let _: () = proxy.call("RevokeTemporaryAuthorizationById", &authorization_id)?;
 +        revoked += 1;
 +    }
++
 +    Ok(revoked)
 +}
++
  fn revoke_temporary_authorizations_for_action(action_id: &str) -> Result<usize> {
      let connection = Connection::system().context("failed to connect to system bus")?;
      let subject = build_subject();

garcard/src/daemon.rsmodified

  use crate::agent::{
      AuthAgentBackend, PolkitAgent, PolkitBackendConfig, StubPolkitAgent,
 -    enumerate_temporary_authorizations,
 +    enumerate_temporary_authorizations, revoke_all_temporary_authorizations,
 +    revoke_temporary_authorization_by_id,
  };
  use crate::config::{AgentBackendMode, Config};
  use crate::state::{AuthState, RuntimeState};
                  err
              )),
          },
 +        Command::TempRevoke { authorization_id } => {
 +            match revoke_temporary_authorization_by_id(authorization_id.as_str()) {
 +                Ok(()) => Response::ok_with_data(json!({
 +                    "authorization_id": authorization_id,
 +                    "revoked": true
 +                })),
 +                Err(err) => Response::err(format!(
 +                    "failed to revoke temporary authorization {}: {}",
 +                    authorization_id, err
 +                )),
 +            }
 +        }
 +        Command::TempRevokeAll => match revoke_all_temporary_authorizations() {
 +            Ok(revoked_count) => Response::ok_with_data(json!({ "revoked_count": revoked_count })),
 +            Err(err) => Response::err(format!(
 +                "failed to revoke temporary authorizations: {}",
 +                err
 +            )),
 +        },
          Command::Quit => {
              if shutdown_tx.send(()).is_err() {
                  Response::err("daemon shutdown channel unavailable")

garcardctl/src/main.rsmodified

      Version,
      AuthSummary,
      TempList,
 +    TempRevoke { authorization_id: String },
 +    TempRevokeAll,
      Quit,
+ }
          Commands::Version => Command::Version,
          Commands::AuthSummary => Command::AuthSummary,
          Commands::TempList => Command::TempList,
 +        Commands::TempRevoke { authorization_id } => Command::TempRevoke { authorization_id },
 +        Commands::TempRevokeAll => Command::TempRevokeAll,
          Commands::Quit => Command::Quit,
+     }
+ }