`202a73b`

Add temporary authorization revoke commands

Authored by mfwolffe <wolffemf@dukes.jmu.edu> 2 months ago

Status	File	+	-
M	`garcard-ipc/src/lib.rs`	2	0
M	`garcard/src/agent.rs`	23	0
M	`garcard/src/daemon.rs`	21	1
M	`garcardctl/src/main.rs`	4	0

garcard-ipc/src/lib.rsmodified


     Version,
     AuthSummary,
     TempList,
+    TempRevoke { authorization_id: String },
+    TempRevokeAll,
     Quit,
 }
 

garcard/src/agent.rsmodified

      Ok(entries)
+ }
++pub fn revoke_temporary_authorization_by_id(authorization_id: &str) -> Result<()> {
++    let connection = Connection::system().context("failed to connect to system bus")?;
++    let proxy = PolkitAgent::proxy(&connection)?;
++    let _: () = proxy.call("RevokeTemporaryAuthorizationById", &authorization_id)?;
++    Ok(())
++}
++
++pub fn revoke_all_temporary_authorizations() -> Result<usize> {
++    let connection = Connection::system().context("failed to connect to system bus")?;
++    let subject = build_subject();
++    let proxy = PolkitAgent::proxy(&connection)?;
++    let authorizations: Vec<TemporaryAuthorization> =
++        proxy.call("EnumerateTemporaryAuthorizations", &subject)?;
++
++    let mut revoked = 0_usize;
++    for (authorization_id, _action_id, _subject, _obtained, _expires) in authorizations {
++        let _: () = proxy.call("RevokeTemporaryAuthorizationById", &authorization_id)?;
++        revoked += 1;
++    }
++
++    Ok(revoked)
++}
++
  fn revoke_temporary_authorizations_for_action(action_id: &str) -> Result<usize> {
      let connection = Connection::system().context("failed to connect to system bus")?;
      let subject = build_subject();

garcard/src/daemon.rsmodified

  use crate::agent::{
      AuthAgentBackend, PolkitAgent, PolkitBackendConfig, StubPolkitAgent,
--    enumerate_temporary_authorizations,
++    enumerate_temporary_authorizations, revoke_all_temporary_authorizations,
++    revoke_temporary_authorization_by_id,
  };
  use crate::config::{AgentBackendMode, Config};
  use crate::state::{AuthState, RuntimeState};
                  err
              )),
          },
++        Command::TempRevoke { authorization_id } => {
++            match revoke_temporary_authorization_by_id(authorization_id.as_str()) {
++                Ok(()) => Response::ok_with_data(json!({
++                    "authorization_id": authorization_id,
++                    "revoked": true
++                })),
++                Err(err) => Response::err(format!(
++                    "failed to revoke temporary authorization {}: {}",
++                    authorization_id, err
++                )),
++            }
++        }
++        Command::TempRevokeAll => match revoke_all_temporary_authorizations() {
++            Ok(revoked_count) => Response::ok_with_data(json!({ "revoked_count": revoked_count })),
++            Err(err) => Response::err(format!(
++                "failed to revoke temporary authorizations: {}",
++                err
++            )),
++        },
          Command::Quit => {
              if shutdown_tx.send(()).is_err() {
                  Response::err("daemon shutdown channel unavailable")

garcardctl/src/main.rsmodified

      Version,
      AuthSummary,
      TempList,
++    TempRevoke { authorization_id: String },
++    TempRevokeAll,
      Quit,
  }
          Commands::Version => Command::Version,
          Commands::AuthSummary => Command::AuthSummary,
          Commands::TempList => Command::TempList,
++        Commands::TempRevoke { authorization_id } => Command::TempRevoke { authorization_id },
++        Commands::TempRevokeAll => Command::TempRevokeAll,
          Commands::Quit => Command::Quit,
      }
  }

`@@ -22,6 +22,8 @@` pub enum Command {
22	Version,	22	Version,
23	AuthSummary,	23	AuthSummary,
24	TempList,	24	TempList,
		25	+ TempRevoke { authorization_id: String },
		26	+ TempRevokeAll,
25	Quit,	27	Quit,
26	}	28	}
27		29