Make behaviour on lookup failures configurable

3 files changed, 88 insertions, 14 deletions

diff --git a/src/input/pvsCheckPrivileges.cpp b/src/input/pvsCheckPrivileges.cpp
index f9a8851..2026c0a 100644
--- a/src/input/pvsCheckPrivileges.cpp
+++ b/src/input/pvsCheckPrivileges.cpp
@@ -311,7 +311,12 @@ bool PVSCheckPrivileges::require(SessionKind sessionKind, CachedInputContext con
 {
 	SessionKind cachedSessionKind;
 
-	if(sessionKind < SESSION_NONLOCAL)
+	if(sessionKind == SESSION_NONLOCAL)
+	{
+		// All sessions are at least non-local
+		return true;
+	}
+	else if(sessionKind == SESSION_LOCAL)
 	{
 		if((cachedSessionKind = _savedSessionKind.value(sender, SESSION_UNKNOWN)) == SESSION_UNKNOWN)
 		{
@@ -320,18 +325,49 @@ bool PVSCheckPrivileges::require(SessionKind sessionKind, CachedInputContext con
 				_savedSessionKind[sender] = cachedSessionKind;
 			qDebug("Got session kind: %s", toString(cachedSessionKind).toLocal8Bit().constData());
 		}
-		if(cachedSessionKind > sessionKind)
+
+		switch(cachedSessionKind)
+		{
+		case SESSION_LOOKUP_FAILURE:
+		case SESSION_UNKNOWN:
+		{
+			// If we cannot find out the correct session kind, look up what we should do in
+			// the configuration:
+			QSettings* config = pvsPrivInputGetSettings();
+			QVariant assumeLocal = config->value("assume-session-local", false);
+			if(!assumeLocal.canConvert(QVariant::Bool))
+			{
+				qWarning("There is an assume-session-local setting, but cannot convert it to boolean");
+				return false;
+			}
+			return assumeLocal.toBool();
+		}
+		case SESSION_LOCAL:
+			return true;
+		case SESSION_NONLOCAL:
 			return false;
+		default:
+			qWarning("Internal error: Undefined session kind %d", (int)cachedSessionKind);
+			return false;
+		}
+	}
+	else
+	{
+		qWarning("Internal error: It does not make sense to require an unknown session or undefined session kind %d", (int)sessionKind);
+		return false;
 	}
-
-	return true;
 }
 
 bool PVSCheckPrivileges::require(UserPrivilege userPrivilege, CachedInputContext const& sender)
 {
 	UserPrivilege cachedUserPrivilege;
 
-	if(userPrivilege < USER_UNPRIVILEGED)
+	if(userPrivilege == USER_UNPRIVILEGED)
+	{
+		// All users are unprivileged
+		return true;
+	}
+	else if(userPrivilege == USER_PRIVILEGED)
 	{
 		if((cachedUserPrivilege = _savedUserPrivilege.value(sender, USER_UNKNOWN)) == USER_UNKNOWN)
 		{
@@ -340,10 +376,38 @@ bool PVSCheckPrivileges::require(UserPrivilege userPrivilege, CachedInputContext
 				_savedUserPrivilege[sender] = cachedUserPrivilege;
 			qDebug("Got user privilege: %s", toString(cachedUserPrivilege).toLocal8Bit().constData());
 		}
-		if(cachedUserPrivilege > userPrivilege)
+
+		switch(cachedUserPrivilege)
+		{
+		case USER_LOOKUP_FAILURE:
+		case USER_UNKNOWN:
+		{
+			// If we cannot find out the correct user privilege level, look up what we should do in
+			// the configuration:
+			QSettings* config = pvsPrivInputGetSettings();
+			QVariant assumePrivileged = config->value("assume-user-privileged", false);
+			if(!assumePrivileged.canConvert(QVariant::Bool))
+			{
+				qWarning("There is an assume-session-local setting, but cannot convert it to boolean");
+				return false;
+			}
+			return assumePrivileged.toBool();
+		}
+		case USER_PRIVILEGED:
+			return true;
+		case USER_UNPRIVILEGED:
+			return false;
+		default:
+			qWarning("Internal error: Found undefined user privilege level %d", (int)cachedUserPrivilege);
+			_savedUserPrivilege.remove(sender);
 			return false;
+		}
+	}
+	else
+	{
+		qWarning("Internal error: It does not make sense to require an unknown or undefined user privilege level %d", (int)userPrivilege);
+		return false;
 	}
-	return true;
 }
 
 bool PVSCheckPrivileges::require(SessionKind sessionKind,
diff --git a/src/input/pvsCheckPrivileges.h b/src/input/pvsCheckPrivileges.h
index ec6c591..62b463c 100644
--- a/src/input/pvsCheckPrivileges.h
+++ b/src/input/pvsCheckPrivileges.h
@@ -74,11 +74,9 @@ class PVSCheckPrivileges : public QObject
 	Q_OBJECT
 public:
 	typedef enum {
-		SESSION_LOOKUP_FAILURE, // Comes first because we default to assume
-								// the session is local if we cannot look it
-								// up.
 		SESSION_LOCAL,
 		SESSION_NONLOCAL,
+		SESSION_LOOKUP_FAILURE,
 		SESSION_UNKNOWN
 	} SessionKind;
 	static QString toString(SessionKind k)
@@ -96,9 +94,7 @@ public:
 	typedef enum {
 		USER_PRIVILEGED,
 		USER_UNPRIVILEGED,
-		USER_LOOKUP_FAILURE,	// Comes last because we default to assume
-								// the user is unprivileged if we cannot get
-								// permission from PolicyKit.
+		USER_LOOKUP_FAILURE,
 		USER_UNKNOWN
 	} UserPrivilege;
 	static QString toString(UserPrivilege k)
diff --git a/src/input/pvsprivinputd.conf b/src/input/pvsprivinputd.conf
index 52df206..a62a922 100644
--- a/src/input/pvsprivinputd.conf
+++ b/src/input/pvsprivinputd.conf
@@ -11,4 +11,18 @@ privileged-users = root
 ;; privileged-groups:
 ;;   Comma-separated list of user groups that are allowed to run privileged actions
 ; privileged-groups = wheel
- 
\ No newline at end of file
+ 
+;; assume-session-local:
+;;   Assume that a session is local if it can not be looked up in ConsoleKit,
+;;   for example, if you are not running ConsoleKit.
+;;
+;;   WARNING: Setting this to true may be a security risk. Running ConsoleKit is
+;;   really recommended.
+; assume-session-local = false
+
+;; assume-user-privileged:
+;;   Assume that a user is privileged if he/she can not be looked up in
+;;   the user database or PolicyKit fails to deliver an answer.
+;;
+;;   WARNING: Setting this to true is most definitely a security risk.
+; assume-user-privileged = false
\ No newline at end of file