a32a010
a32a010a7a3922bacebde2d23a0ffc9a64c0ad849559b3f
c9a3529| Status | File | + | - |
|---|---|---|---|
| M |
garcard-ipc/src/lib.rs
|
1 | 0 |
| M |
garcard/src/agent.rs
|
37 | 0 |
| M |
garcard/src/daemon.rs
|
13 | 1 |
| M |
garcardctl/src/main.rs
|
2 | 0 |
garcard-ipc/src/lib.rsmodified@@ -21,6 +21,7 @@ pub enum Command { | ||
| 21 | 21 | Status, |
| 22 | 22 | Version, |
| 23 | 23 | AuthSummary, |
| 24 | + TempList, | |
| 24 | 25 | Quit, |
| 25 | 26 | } |
| 26 | 27 | |
garcard/src/agent.rsmodified@@ -9,6 +9,7 @@ use std::path::PathBuf; | ||
| 9 | 9 | use std::sync::atomic::{AtomicBool, Ordering}; |
| 10 | 10 | use std::sync::{Arc, Condvar, Mutex}; |
| 11 | 11 | use std::thread; |
| 12 | +use std::time::{SystemTime, UNIX_EPOCH}; | |
| 12 | 13 | use zbus::blocking::{Connection, Proxy}; |
| 13 | 14 | use zbus::fdo; |
| 14 | 15 | use zbus::zvariant::{OwnedObjectPath, OwnedValue, Str}; |
@@ -56,6 +57,15 @@ pub struct PolkitBackendConfig { | ||
| 56 | 57 | type Subject = (String, HashMap<String, OwnedValue>); |
| 57 | 58 | type Details = HashMap<String, String>; |
| 58 | 59 | type TemporaryAuthorization = (String, String, Subject, u64, u64); |
| 60 | + | |
| 61 | +#[derive(Debug, Clone, serde::Serialize)] | |
| 62 | +pub struct TemporaryAuthorizationRecord { | |
| 63 | + pub authorization_id: String, | |
| 64 | + pub action_id: String, | |
| 65 | + pub obtained_at_unix: u64, | |
| 66 | + pub expires_at_unix: u64, | |
| 67 | + pub expires_in_secs: u64, | |
| 68 | +} | |
| 59 | 69 | const DEFAULT_AUTH_MAX_ATTEMPTS: usize = 3; |
| 60 | 70 | const DEFAULT_IDENTITY_SELECTION_ATTEMPTS: usize = 3; |
| 61 | 71 | const DEFAULT_RETENTION_SELECTION_ATTEMPTS: usize = 3; |
@@ -659,6 +669,33 @@ fn helper_outcome_label(outcome: HelperOutcome) -> &'static str { | ||
| 659 | 669 | } |
| 660 | 670 | } |
| 661 | 671 | |
| 672 | +pub fn enumerate_temporary_authorizations() -> Result<Vec<TemporaryAuthorizationRecord>> { | |
| 673 | + let connection = Connection::system().context("failed to connect to system bus")?; | |
| 674 | + let subject = build_subject(); | |
| 675 | + let proxy = PolkitAgent::proxy(&connection)?; | |
| 676 | + let authorizations: Vec<TemporaryAuthorization> = | |
| 677 | + proxy.call("EnumerateTemporaryAuthorizations", &subject)?; | |
| 678 | + let now_unix = SystemTime::now() | |
| 679 | + .duration_since(UNIX_EPOCH) | |
| 680 | + .map(|duration| duration.as_secs()) | |
| 681 | + .unwrap_or(0); | |
| 682 | + | |
| 683 | + let mut entries = Vec::with_capacity(authorizations.len()); | |
| 684 | + for (authorization_id, action_id, _subject, obtained_at_unix, expires_at_unix) in authorizations | |
| 685 | + { | |
| 686 | + let expires_in_secs = expires_at_unix.saturating_sub(now_unix); | |
| 687 | + entries.push(TemporaryAuthorizationRecord { | |
| 688 | + authorization_id, | |
| 689 | + action_id, | |
| 690 | + obtained_at_unix, | |
| 691 | + expires_at_unix, | |
| 692 | + expires_in_secs, | |
| 693 | + }); | |
| 694 | + } | |
| 695 | + entries.sort_by(|left, right| left.action_id.cmp(&right.action_id)); | |
| 696 | + Ok(entries) | |
| 697 | +} | |
| 698 | + | |
| 662 | 699 | fn revoke_temporary_authorizations_for_action(action_id: &str) -> Result<usize> { |
| 663 | 700 | let connection = Connection::system().context("failed to connect to system bus")?; |
| 664 | 701 | let subject = build_subject(); |
garcard/src/daemon.rsmodified@@ -1,4 +1,7 @@ | ||
| 1 | -use crate::agent::{AuthAgentBackend, PolkitAgent, PolkitBackendConfig, StubPolkitAgent}; | |
| 1 | +use crate::agent::{ | |
| 2 | + AuthAgentBackend, PolkitAgent, PolkitBackendConfig, StubPolkitAgent, | |
| 3 | + enumerate_temporary_authorizations, | |
| 4 | +}; | |
| 2 | 5 | use crate::config::{AgentBackendMode, Config}; |
| 3 | 6 | use crate::state::{AuthState, RuntimeState}; |
| 4 | 7 | use anyhow::{Context, Result}; |
@@ -286,6 +289,15 @@ fn dispatch( | ||
| 286 | 289 | Command::Status => Response::ok_with_data(state.status()), |
| 287 | 290 | Command::Version => Response::ok_with_data(state.version()), |
| 288 | 291 | Command::AuthSummary => Response::ok_with_data(state.auth_summary()), |
| 292 | + Command::TempList => match enumerate_temporary_authorizations() { | |
| 293 | + Ok(authorizations) => { | |
| 294 | + Response::ok_with_data(json!({ "authorizations": authorizations })) | |
| 295 | + } | |
| 296 | + Err(err) => Response::err(format!( | |
| 297 | + "failed to enumerate temporary authorizations: {}", | |
| 298 | + err | |
| 299 | + )), | |
| 300 | + }, | |
| 289 | 301 | Command::Quit => { |
| 290 | 302 | if shutdown_tx.send(()).is_err() { |
| 291 | 303 | Response::err("daemon shutdown channel unavailable") |
garcardctl/src/main.rsmodified@@ -17,6 +17,7 @@ enum Commands { | ||
| 17 | 17 | Status, |
| 18 | 18 | Version, |
| 19 | 19 | AuthSummary, |
| 20 | + TempList, | |
| 20 | 21 | Quit, |
| 21 | 22 | } |
| 22 | 23 | |
@@ -47,6 +48,7 @@ fn to_protocol_command(command: Commands) -> Command { | ||
| 47 | 48 | Commands::Status => Command::Status, |
| 48 | 49 | Commands::Version => Command::Version, |
| 49 | 50 | Commands::AuthSummary => Command::AuthSummary, |
| 51 | + Commands::TempList => Command::TempList, | |
| 50 | 52 | Commands::Quit => Command::Quit, |
| 51 | 53 | } |
| 52 | 54 | } |