PolicyKit: Branch 'master' - 2 commits
David Zeuthen
david at kemper.freedesktop.org
Thu Nov 8 09:40:59 PST 2007
Makefile.am | 6
configure.in | 7
doc/Makefile.am | 12
polkit-dbus/Makefile.am | 47
polkit-dbus/polkit-dbus.c | 1492 -----------------
polkit-dbus/polkit-dbus.h | 66
polkit-dbus/polkit-read-auth-helper.c | 471 -----
polkit-grant/Makefile.am | 89 -
polkit-grant/polkit-authorization-db-dummy-write.c | 96 -
polkit-grant/polkit-authorization-db-write.c | 680 -------
polkit-grant/polkit-explicit-grant-helper.c | 268 ---
polkit-grant/polkit-grant-helper-pam.c | 232 --
polkit-grant/polkit-grant-helper.c | 842 ---------
polkit-grant/polkit-grant.c | 538 ------
polkit-grant/polkit-grant.h | 369 ----
polkit-grant/polkit-revoke-helper.c | 379 ----
polkit/.gitignore | 9
polkit/Makefile.am | 149 -
polkit/polkit-action.c | 304 ---
polkit/polkit-action.h | 55
polkit/polkit-authorization-constraint.c | 491 -----
polkit/polkit-authorization-constraint.h | 94 -
polkit/polkit-authorization-db-dummy.c | 191 --
polkit/polkit-authorization-db.c | 848 ---------
polkit/polkit-authorization-db.h | 156 -
polkit/polkit-authorization.c | 567 ------
polkit/polkit-authorization.h | 100 -
polkit/polkit-caller.c | 455 -----
polkit/polkit-caller.h | 61
polkit/polkit-config.c | 772 --------
polkit/polkit-config.h | 87
polkit/polkit-context.c | 803 ---------
polkit/polkit-context.h | 190 --
polkit/polkit-debug.c | 81
polkit/polkit-debug.h | 33
polkit/polkit-error.c | 246 --
polkit/polkit-error.h | 88 -
polkit/polkit-hash.c | 560 ------
polkit/polkit-hash.h | 147 -
polkit/polkit-list.c | 330 ---
polkit/polkit-list.h | 85
polkit/polkit-memory.c | 373 ----
polkit/polkit-memory.h | 75
polkit/polkit-policy-cache.c | 355 ----
polkit/polkit-policy-cache.h | 75
polkit/polkit-policy-default.c | 442 -----
polkit/polkit-policy-default.h | 67
polkit/polkit-policy-file-entry.c | 471 -----
polkit/polkit-policy-file-entry.h | 76
polkit/polkit-policy-file.c | 809 ---------
polkit/polkit-policy-file.h | 67
polkit/polkit-private.h | 107 -
polkit/polkit-result.c | 152 -
polkit/polkit-result.h | 110 -
polkit/polkit-seat.c | 231 --
polkit/polkit-seat.h | 53
polkit/polkit-session.c | 501 -----
polkit/polkit-session.h | 64
polkit/polkit-sysdeps.c | 159 -
polkit/polkit-sysdeps.h | 45
polkit/polkit-test.c | 112 -
polkit/polkit-test.h | 69
polkit/polkit-types.h | 105 -
polkit/polkit-utils.c | 153 -
polkit/polkit-utils.h | 41
polkit/polkit.h | 52
polkitd/Makefile.am | 6
src/polkit-dbus/Makefile.am | 47
src/polkit-dbus/polkit-dbus.c | 1492 +++++++++++++++++
src/polkit-dbus/polkit-dbus.h | 66
src/polkit-dbus/polkit-read-auth-helper.c | 471 +++++
src/polkit-grant/Makefile.am | 89 +
src/polkit-grant/polkit-authorization-db-dummy-write.c | 96 +
src/polkit-grant/polkit-authorization-db-write.c | 680 +++++++
src/polkit-grant/polkit-explicit-grant-helper.c | 268 +++
src/polkit-grant/polkit-grant-helper-pam.c | 232 ++
src/polkit-grant/polkit-grant-helper.c | 842 +++++++++
src/polkit-grant/polkit-grant.c | 538 ++++++
src/polkit-grant/polkit-grant.h | 369 ++++
src/polkit-grant/polkit-revoke-helper.c | 379 ++++
src/polkit/.gitignore | 9
src/polkit/Makefile.am | 149 +
src/polkit/polkit-action.c | 304 +++
src/polkit/polkit-action.h | 55
src/polkit/polkit-authorization-constraint.c | 491 +++++
src/polkit/polkit-authorization-constraint.h | 94 +
src/polkit/polkit-authorization-db-dummy.c | 191 ++
src/polkit/polkit-authorization-db.c | 848 +++++++++
src/polkit/polkit-authorization-db.h | 156 +
src/polkit/polkit-authorization.c | 567 ++++++
src/polkit/polkit-authorization.h | 100 +
src/polkit/polkit-caller.c | 455 +++++
src/polkit/polkit-caller.h | 61
src/polkit/polkit-config.c | 772 ++++++++
src/polkit/polkit-config.h | 87
src/polkit/polkit-context.c | 803 +++++++++
src/polkit/polkit-context.h | 190 ++
src/polkit/polkit-debug.c | 81
src/polkit/polkit-debug.h | 33
src/polkit/polkit-error.c | 246 ++
src/polkit/polkit-error.h | 88 +
src/polkit/polkit-hash.c | 560 ++++++
src/polkit/polkit-hash.h | 147 +
src/polkit/polkit-list.c | 330 +++
src/polkit/polkit-list.h | 85
src/polkit/polkit-memory.c | 373 ++++
src/polkit/polkit-memory.h | 75
src/polkit/polkit-policy-cache.c | 355 ++++
src/polkit/polkit-policy-cache.h | 75
src/polkit/polkit-policy-default.c | 442 +++++
src/polkit/polkit-policy-default.h | 67
src/polkit/polkit-policy-file-entry.c | 471 +++++
src/polkit/polkit-policy-file-entry.h | 76
src/polkit/polkit-policy-file.c | 809 +++++++++
src/polkit/polkit-policy-file.h | 67
src/polkit/polkit-private.h | 107 +
src/polkit/polkit-result.c | 152 +
src/polkit/polkit-result.h | 110 +
src/polkit/polkit-seat.c | 231 ++
src/polkit/polkit-seat.h | 53
src/polkit/polkit-session.c | 501 +++++
src/polkit/polkit-session.h | 64
src/polkit/polkit-sysdeps.c | 159 +
src/polkit/polkit-sysdeps.h | 45
src/polkit/polkit-test.c | 112 +
src/polkit/polkit-test.h | 69
src/polkit/polkit-types.h | 105 +
src/polkit/polkit-utils.c | 153 +
src/polkit/polkit-utils.h | 41
src/polkit/polkit.h | 52
tools/Makefile.am | 10
131 files changed, 17256 insertions(+), 17255 deletions(-)
New commits:
commit f97ead3e56f682324415910e7e504e63314fdb4d
Author: David Zeuthen <davidz at redhat.com>
Date: Thu Nov 8 12:37:38 2007 -0500
fix build with all library soruce in src/
diff --git a/Makefile.am b/Makefile.am
index f34379b..f549113 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,6 +1,6 @@
## Process this file with automake to produce Makefile.in
-SUBDIRS = data polkit polkit-dbus polkit-grant polkitd doc tools policy po test
+SUBDIRS = data src polkitd doc tools policy po test
# Creating ChangeLog from git log (taken from cairo/Makefile.am):
ChangeLog: $(srcdir)/ChangeLog
@@ -22,8 +22,8 @@ $(srcdir)/ChangeLog:
if POLKIT_GCOV_ENABLED
.PHONY: ChangeLog $(srcdir)/ChangeLog coverage-report.txt
coverage-report.txt :
- make -C polkit check-coverage
- cat polkit/coverage-report.txt > coverage-report.txt
+ make -C src/polkit check-coverage
+ cat src/polkit/coverage-report.txt > coverage-report.txt
check-coverage: coverage-report.txt
cat coverage-report.txt
diff --git a/configure.in b/configure.in
index 4490a31..22004f2 100644
--- a/configure.in
+++ b/configure.in
@@ -453,9 +453,10 @@ data/polkit
data/polkit.pc
data/polkit-dbus.pc
data/polkit-grant.pc
-polkit/Makefile
-polkit-dbus/Makefile
-polkit-grant/Makefile
+src/Makefile
+src/polkit/Makefile
+src/polkit-dbus/Makefile
+src/polkit-grant/Makefile
polkitd/Makefile
tools/Makefile
doc/Makefile
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 6fd8c06..02b4b24 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -16,11 +16,11 @@ DOC_MAIN_SGML_FILE=polkit-docs.xml
SCAN_OPTIONS=--ignore-headers=config.h
# The directory containing the source code. Relative to $(srcdir)
-DOC_SOURCE_DIR=..
+DOC_SOURCE_DIR=../src
# Used for dependencies
-HFILE_GLOB=$(top_srcdir)/polkit*/*.h
-CFILE_GLOB=$(top_srcdir)/polkit*/*.c
+HFILE_GLOB=$(top_srcdir)/src/polkit*/*.h
+CFILE_GLOB=$(top_srcdir)/src/polkit*/*.c
# Headers to ignore
IGNORE_HFILES= \
@@ -31,14 +31,14 @@ IGNORE_HFILES= \
INCLUDES = \
$(DBUS_GLIB_CFLAGS) \
$(GLIB_CFLAGS) \
- -I$(top_srcdir) \
- -I$(top_builddir) \
+ -I$(top_srcdir)/src \
+ -I$(top_builddir)/src \
$(NULL)
GTKDOC_LIBS = \
$(DBUS_GLIB_LIBS) \
$(GLIB_LIBS) \
- $(top_builddir)/polkit/libpolkit.la \
+ $(top_builddir)/src/polkit/libpolkit.la \
$(NULL)
# Extra options to supply to gtkdoc-mkdb
diff --git a/polkitd/Makefile.am b/polkitd/Makefile.am
index 815e72a..f1a12a6 100644
--- a/polkitd/Makefile.am
+++ b/polkitd/Makefile.am
@@ -1,7 +1,7 @@
## Process this file with automake to produce Makefile.in
INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
+ -I$(top_builddir)/src -I$(top_srcdir)/src \
-DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
-DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
-DPACKAGE_DATA_DIR=\""$(datadir)"\" \
@@ -28,7 +28,7 @@ polkitd_SOURCES = \
$(BUILT_SOURCES)
polkitd_CPPFLAGS = \
- -I$(top_srcdir) \
+ -I$(top_srcdir)/src \
-DG_LOG_DOMAIN=\"polkitd\" \
-DDATADIR=\""$(pkgdatadir)"\" \
-DGNOMELOCALEDIR=\""$(datadir)/locale"\" \
@@ -36,7 +36,7 @@ polkitd_CPPFLAGS = \
$(AM_CPPFLAGS)
polkitd_LDADD = \
- $(DBUS_GLIB_LIBS) $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la $(top_builddir)/polkit-grant/libpolkit-grant.la
+ $(DBUS_GLIB_LIBS) $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la $(top_builddir)/src/polkit-grant/libpolkit-grant.la
servicedir = $(datadir)/dbus-1/system-services
diff --git a/src/polkit-dbus/Makefile.am b/src/polkit-dbus/Makefile.am
index 3c7fac1..e39d046 100644
--- a/src/polkit-dbus/Makefile.am
+++ b/src/polkit-dbus/Makefile.am
@@ -1,7 +1,7 @@
## Process this file with automake to produce Makefile.in
INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
+ -I$(top_builddir)/src -I$(top_srcdir)/src \
-DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
-DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
-DPACKAGE_DATA_DIR=\""$(datadir)"\" \
@@ -23,7 +23,7 @@ libpolkit_dbusinclude_HEADERS = \
libpolkit_dbus_la_SOURCES = \
polkit-dbus.h polkit-dbus.c
-libpolkit_dbus_la_LIBADD = @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la $(SELINUX_LIBS)
+libpolkit_dbus_la_LIBADD = @DBUS_LIBS@ $(top_builddir)/src/polkit/libpolkit.la $(SELINUX_LIBS)
libpolkit_dbus_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
@@ -32,7 +32,7 @@ libexec_PROGRAMS = polkit-read-auth-helper
polkit_read_auth_helper_SOURCES = polkit-read-auth-helper.c
polkit_read_auth_helper_CFLAGS = @DBUS_CFLAGS@
-polkit_read_auth_helper_LDADD = $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la
+polkit_read_auth_helper_LDADD = $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la
# polkit-read-auth-helper needs to be setgid $POLKIT_GROUP to be able
# to read authorization files in /var/lib/PolicyKit and
diff --git a/src/polkit-grant/Makefile.am b/src/polkit-grant/Makefile.am
index 05a2ee5..ed7a5f7 100644
--- a/src/polkit-grant/Makefile.am
+++ b/src/polkit-grant/Makefile.am
@@ -1,7 +1,7 @@
## Process this file with automake to produce Makefile.in
INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
+ -I$(top_builddir)/src -I$(top_srcdir)/src \
-DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
-DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
-DPACKAGE_DATA_DIR=\""$(datadir)"\" \
@@ -32,7 +32,7 @@ if POLKIT_AUTHDB_DEFAULT
libpolkit_grant_la_SOURCES += polkit-authorization-db-write.c
endif
-libpolkit_grant_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la
+libpolkit_grant_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/polkit/libpolkit.la
libpolkit_grant_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
@@ -44,18 +44,18 @@ if POLKIT_AUTHDB_DEFAULT
libexec_PROGRAMS = polkit-grant-helper polkit-grant-helper-pam polkit-explicit-grant-helper polkit-revoke-helper
polkit_grant_helper_SOURCES = polkit-grant-helper.c
-polkit_grant_helper_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la $(top_builddir)/polkit-grant/libpolkit-grant.la
+polkit_grant_helper_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la $(top_builddir)/src/polkit-grant/libpolkit-grant.la
polkit_grant_helper_pam_SOURCES = polkit-grant-helper-pam.c
polkit_grant_helper_pam_LDADD = @AUTH_LIBS@
polkit_explicit_grant_helper_SOURCES = polkit-explicit-grant-helper.c
polkit_explicit_grant_helper_CFLAGS = @DBUS_CFLAGS@
-polkit_explicit_grant_helper_LDADD = $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la $(top_builddir)/polkit-grant/libpolkit-grant.la
+polkit_explicit_grant_helper_LDADD = $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la $(top_builddir)/src/polkit-grant/libpolkit-grant.la
polkit_revoke_helper_SOURCES = polkit-revoke-helper.c
polkit_revoke_helper_CFLAGS = @DBUS_CFLAGS@
-polkit_revoke_helper_LDADD = $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la
+polkit_revoke_helper_LDADD = $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la
# polkit-grant-helper needs to be setgid polkituser to be able to
# write cookies to /var/lib/PolicyKit and /var/run/PolicyKit
diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am
index c15017f..17f0b61 100644
--- a/src/polkit/Makefile.am
+++ b/src/polkit/Makefile.am
@@ -1,7 +1,7 @@
## Process this file with automake to produce Makefile.in
INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
+ -I$(top_builddir)/src -I$(top_srcdir)/src \
-DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
-DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
-DPACKAGE_DATA_DIR=\""$(datadir)"\" \
@@ -117,7 +117,7 @@ noinst_PROGRAMS=$(TESTS)
polkit_test_SOURCES= \
polkit-test.h polkit-test.c
-polkit_test_LDADD=$(top_builddir)/polkit/libpolkit.la
+polkit_test_LDADD=$(top_builddir)/src/polkit/libpolkit.la
polkit_test_LDFLAGS=
#@R_DYNAMIC_LDFLAG@
diff --git a/tools/Makefile.am b/tools/Makefile.am
index b7ed1de..faa0937 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -1,7 +1,7 @@
## Process this file with automake to produce Makefile.in
INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
+ -I$(top_builddir)/src -I$(top_srcdir)/src \
-DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
-DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
-DPACKAGE_DATA_DIR=\""$(datadir)"\" \
@@ -14,16 +14,16 @@ INCLUDES = \
bin_PROGRAMS = polkit-config-file-validate polkit-policy-file-validate polkit-action polkit-auth
polkit_config_file_validate_SOURCES = polkit-config-file-validate.c
-polkit_config_file_validate_LDADD = $(top_builddir)/polkit/libpolkit.la
+polkit_config_file_validate_LDADD = $(top_builddir)/src/polkit/libpolkit.la
polkit_policy_file_validate_SOURCES = polkit-policy-file-validate.c
-polkit_policy_file_validate_LDADD = $(top_builddir)/polkit/libpolkit.la
+polkit_policy_file_validate_LDADD = $(top_builddir)/src/polkit/libpolkit.la
polkit_auth_SOURCES = polkit-auth.c
-polkit_auth_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-grant/libpolkit-grant.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la
+polkit_auth_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-grant/libpolkit-grant.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la
polkit_action_SOURCES = polkit-action.c
-polkit_action_LDADD = $(GLIB) $(top_builddir)/polkit/libpolkit.la
+polkit_action_LDADD = $(GLIB) $(top_builddir)/src/polkit/libpolkit.la
profiledir = $(sysconfdir)/profile.d
profile_SCRIPTS = polkit-bash-completion.sh
commit 05af5cfe684f4c8cfa58090b11e337de5f24d23f
Author: David Zeuthen <davidz at redhat.com>
Date: Thu Nov 8 12:26:31 2007 -0500
move all library source to a src/ directory
This is primarily so gtk-doc can target only libraries. Needs lots of
fixing; will be done in upcoming commits.
diff --git a/polkit-dbus/Makefile.am b/polkit-dbus/Makefile.am
deleted file mode 100644
index 3c7fac1..0000000
--- a/polkit-dbus/Makefile.am
+++ /dev/null
@@ -1,47 +0,0 @@
-## Process this file with automake to produce Makefile.in
-
-INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
- -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
- -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
- -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
- -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
- -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \
- -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
- -DPACKAGE_LIB_DIR=\""$(libdir)"\" \
- -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
- -DPOLKIT_COMPILATION \
- @GLIB_CFLAGS@ @DBUS_CFLAGS@
-
-lib_LTLIBRARIES=libpolkit-dbus.la
-
-libpolkit_dbusincludedir=$(includedir)/PolicyKit/polkit-dbus
-
-libpolkit_dbusinclude_HEADERS = \
- polkit-dbus.h
-
-libpolkit_dbus_la_SOURCES = \
- polkit-dbus.h polkit-dbus.c
-
-libpolkit_dbus_la_LIBADD = @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la $(SELINUX_LIBS)
-
-libpolkit_dbus_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
-
-if POLKIT_AUTHDB_DEFAULT
-libexec_PROGRAMS = polkit-read-auth-helper
-
-polkit_read_auth_helper_SOURCES = polkit-read-auth-helper.c
-polkit_read_auth_helper_CFLAGS = @DBUS_CFLAGS@
-polkit_read_auth_helper_LDADD = $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la
-
-# polkit-read-auth-helper needs to be setgid $POLKIT_GROUP to be able
-# to read authorization files in /var/lib/PolicyKit and
-# /var/run/PolicyKit
-#
-install-exec-hook:
- -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-read-auth-helper
- -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-read-auth-helper
-endif
-
-clean-local :
- rm -f *~ $(BUILT_SOURCES)
diff --git a/polkit-dbus/polkit-dbus.c b/polkit-dbus/polkit-dbus.c
deleted file mode 100644
index 9ead04a..0000000
--- a/polkit-dbus/polkit-dbus.c
+++ /dev/null
@@ -1,1492 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-dbus.h : helper library for obtaining seat, session and
- * caller information via D-Bus and ConsoleKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-/**
- * SECTION:polkit-dbus
- * @title: Caller Determination
- * @short_description: Obtaining seat, session and caller information
- * via D-Bus and ConsoleKit.
- *
- * Helper library for obtaining seat, session and caller information
- * via D-Bus and ConsoleKit. This library is only useful when writing
- * a mechanism.
- *
- * If the mechanism itself is a daemon exposing a remote services via
- * the system message bus it's often a better idea, to reduce
- * roundtrips, to use the high-level #PolKitTracker class rather than
- * the low-level functions polkit_caller_new_from_dbus_name() and
- * polkit_caller_new_from_pid().
- *
- * These functions are in <literal>libpolkit-dbus</literal>.
- **/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <sys/time.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <errno.h>
-#include <time.h>
-#include <glib.h>
-#include <string.h>
-
-#ifdef HAVE_SELINUX
-#include <selinux/selinux.h>
-#endif
-
-#include "polkit-dbus.h"
-#include <polkit/polkit-debug.h>
-
-/**
- * polkit_session_new_from_objpath:
- * @con: D-Bus system bus connection
- * @objpath: object path of ConsoleKit session object
- * @uid: the user owning the session or -1 if unknown
- * @error: D-Bus error
- *
- * This function will construct a #PolKitSession object by querying
- * the ConsoleKit daemon for information. Note that this will do a lot
- * of blocking IO so it is best avoided if your process already
- * tracks/caches all the information. If you pass in @uid as a
- * non-negative number, a round trip can be saved.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Returns: the new object or #NULL if an error occured (in which case
- * @error will be set)
- **/
-PolKitSession *
-polkit_session_new_from_objpath (DBusConnection *con, const char *objpath, uid_t uid, DBusError *error)
-{
- PolKitSeat *seat;
- PolKitSession *session;
- DBusMessage *message;
- DBusMessage *reply;
- char *str;
- dbus_bool_t is_active;
- dbus_bool_t is_local;
- char *remote_host;
- char *seat_path;
-
- g_return_val_if_fail (con != NULL, NULL);
- g_return_val_if_fail (objpath != NULL, NULL);
- g_return_val_if_fail (error != NULL, NULL);
- g_return_val_if_fail (! dbus_error_is_set (error), NULL);
-
- session = NULL;
- remote_host = NULL;
- seat_path = NULL;
-
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- objpath,
- "org.freedesktop.ConsoleKit.Session",
- "IsActive");
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- g_warning ("Error doing Session.IsActive on ConsoleKit: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- if (!dbus_message_get_args (reply, NULL,
- DBUS_TYPE_BOOLEAN, &is_active,
- DBUS_TYPE_INVALID)) {
- g_warning ("Invalid IsActive reply from CK");
- goto out;
- }
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- objpath,
- "org.freedesktop.ConsoleKit.Session",
- "IsLocal");
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- g_warning ("Error doing Session.IsLocal on ConsoleKit: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- if (!dbus_message_get_args (reply, NULL,
- DBUS_TYPE_BOOLEAN, &is_local,
- DBUS_TYPE_INVALID)) {
- g_warning ("Invalid IsLocal reply from CK");
- goto out;
- }
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- if (!is_local) {
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- objpath,
- "org.freedesktop.ConsoleKit.Session",
- "GetRemoteHostName");
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- g_warning ("Error doing Session.GetRemoteHostName on ConsoleKit: %s: %s",
- error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- if (!dbus_message_get_args (reply, NULL,
- DBUS_TYPE_STRING, &str,
- DBUS_TYPE_INVALID)) {
- g_warning ("Invalid GetRemoteHostName reply from CK");
- goto out;
- }
- remote_host = g_strdup (str);
- dbus_message_unref (message);
- dbus_message_unref (reply);
- }
-
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- objpath,
- "org.freedesktop.ConsoleKit.Session",
- "GetSeatId");
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- g_warning ("Error doing Session.GetSeatId on ConsoleKit: %s: %s",
- error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- if (!dbus_message_get_args (reply, NULL,
- DBUS_TYPE_OBJECT_PATH, &str,
- DBUS_TYPE_INVALID)) {
- g_warning ("Invalid GetSeatId reply from CK");
- goto out;
- }
- seat_path = g_strdup (str);
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- if ((int) uid == -1) {
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- objpath,
- "org.freedesktop.ConsoleKit.Session",
- "GetUnixUser");
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- g_warning ("Error doing Session.GetUnixUser on ConsoleKit: %s: %s",error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- if (!dbus_message_get_args (reply, NULL,
- DBUS_TYPE_INT32, &uid,
- DBUS_TYPE_INVALID)) {
- g_warning ("Invalid GetUnixUser reply from CK");
- goto out;
- }
- dbus_message_unref (message);
- dbus_message_unref (reply);
- }
-
- session = polkit_session_new ();
- if (session == NULL) {
- goto out;
- }
- if (!polkit_session_set_uid (session, uid)) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
- if (!polkit_session_set_ck_objref (session, objpath)) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
- if (!polkit_session_set_ck_is_active (session, is_active)) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
- if (!polkit_session_set_ck_is_local (session, is_local)) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
- if (!is_local) {
- if (!polkit_session_set_ck_remote_host (session, remote_host)) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
-
- }
-
- seat = polkit_seat_new ();
- if (seat == NULL) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
- if (!polkit_seat_set_ck_objref (seat, seat_path)) {
- polkit_seat_unref (seat);
- seat = NULL;
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
- if (!polkit_seat_validate (seat)) {
- polkit_seat_unref (seat);
- seat = NULL;
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
-
- if (!polkit_session_set_seat (session, seat)) {
- polkit_seat_unref (seat);
- seat = NULL;
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
- polkit_seat_unref (seat); /* session object now owns this object */
- seat = NULL;
-
- if (!polkit_session_validate (session)) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
-
-out:
- g_free (remote_host);
- g_free (seat_path);
- return session;
-}
-
-/**
- * polkit_session_new_from_cookie:
- * @con: D-Bus system bus connection
- * @cookie: a ConsoleKit XDG_SESSION_COOKIE
- * @error: D-Bus error
- *
- * This function will construct a #PolKitSession object by querying
- * the ConsoleKit daemon for information. Note that this will do a lot
- * of blocking IO so it is best avoided if your process already
- * tracks/caches all the information.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Returns: the new object or #NULL if an error occured (in which case
- * @error will be set)
- **/
-PolKitSession *
-polkit_session_new_from_cookie (DBusConnection *con, const char *cookie, DBusError *error)
-{
- PolKitSession *session;
- DBusMessage *message;
- DBusMessage *reply;
- char *str;
- char *objpath;
-
- g_return_val_if_fail (con != NULL, NULL);
- g_return_val_if_fail (cookie != NULL, NULL);
- g_return_val_if_fail (error != NULL, NULL);
- g_return_val_if_fail (! dbus_error_is_set (error), NULL);
-
- objpath = NULL;
- session = NULL;
-
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- "/org/freedesktop/ConsoleKit/Manager",
- "org.freedesktop.ConsoleKit.Manager",
- "GetSessionForCookie");
- dbus_message_append_args (message, DBUS_TYPE_STRING, &cookie, DBUS_TYPE_INVALID);
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- //g_warning ("Error doing Manager.GetSessionForCookie on ConsoleKit: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- if (!dbus_message_get_args (reply, NULL,
- DBUS_TYPE_OBJECT_PATH, &str,
- DBUS_TYPE_INVALID)) {
- g_warning ("Invalid GetSessionForCookie reply from CK");
- goto out;
- }
- objpath = g_strdup (str);
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- session = polkit_session_new_from_objpath (con, objpath, -1, error);
-
-out:
- g_free (objpath);
- return session;
-}
-
-
-/**
- * polkit_caller_new_from_dbus_name:
- * @con: D-Bus system bus connection
- * @dbus_name: unique system bus connection name
- * @error: D-Bus error
- *
- * This function will construct a #PolKitCaller object by querying
- * both the system bus daemon and the ConsoleKit daemon for
- * information. Note that this will do a lot of blocking IO so it is
- * best avoided if your process already tracks/caches all the
- * information. You can use the #PolKitTracker class for this.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Returns: the new object or #NULL if an error occured (in which case
- * @error will be set)
- **/
-PolKitCaller *
-polkit_caller_new_from_dbus_name (DBusConnection *con, const char *dbus_name, DBusError *error)
-{
- PolKitCaller *caller;
- pid_t pid;
- uid_t uid;
- char *selinux_context;
- char *ck_session_objpath;
- PolKitSession *session;
- DBusMessage *message;
- DBusMessage *reply;
- DBusMessageIter iter;
- DBusMessageIter sub_iter;
- char *str;
- int num_elems;
-
- g_return_val_if_fail (con != NULL, NULL);
- g_return_val_if_fail (dbus_name != NULL, NULL);
- g_return_val_if_fail (error != NULL, NULL);
- g_return_val_if_fail (! dbus_error_is_set (error), NULL);
-
- selinux_context = NULL;
- ck_session_objpath = NULL;
-
- caller = NULL;
- session = NULL;
-
- uid = dbus_bus_get_unix_user (con, dbus_name, error);
- if (dbus_error_is_set (error)) {
- g_warning ("Could not get uid for connection: %s %s", error->name, error->message);
- goto out;
- }
-
- message = dbus_message_new_method_call ("org.freedesktop.DBus",
- "/org/freedesktop/DBus/Bus",
- "org.freedesktop.DBus",
- "GetConnectionUnixProcessID");
- dbus_message_iter_init_append (message, &iter);
- dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &dbus_name);
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- g_warning ("Error doing GetConnectionUnixProcessID on Bus: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- dbus_message_iter_init (reply, &iter);
- dbus_message_iter_get_basic (&iter, &pid);
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- message = dbus_message_new_method_call ("org.freedesktop.DBus",
- "/org/freedesktop/DBus/Bus",
- "org.freedesktop.DBus",
- "GetConnectionSELinuxSecurityContext");
- dbus_message_iter_init_append (message, &iter);
- dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &dbus_name);
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- /* SELinux might not be enabled */
- if (dbus_error_is_set (error) &&
- strcmp (error->name, "org.freedesktop.DBus.Error.SELinuxSecurityContextUnknown") == 0) {
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- dbus_error_init (error);
- } else if (reply == NULL || dbus_error_is_set (error)) {
- g_warning ("Error doing GetConnectionSELinuxSecurityContext on Bus: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- } else {
- /* TODO: verify signature */
- dbus_message_iter_init (reply, &iter);
- dbus_message_iter_recurse (&iter, &sub_iter);
- dbus_message_iter_get_fixed_array (&sub_iter, (void *) &str, &num_elems);
- if (str != NULL && num_elems > 0)
- selinux_context = g_strndup (str, num_elems);
- dbus_message_unref (message);
- dbus_message_unref (reply);
- }
-
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- "/org/freedesktop/ConsoleKit/Manager",
- "org.freedesktop.ConsoleKit.Manager",
- "GetSessionForUnixProcess");
- dbus_message_iter_init_append (message, &iter);
- dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &pid);
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- //g_warning ("Error doing GetSessionForUnixProcess on ConsoleKit: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- /* OK, this is not a catastrophe; just means the caller is not a
- * member of any session or that ConsoleKit is not available..
- */
- goto not_in_session;
- }
- dbus_message_iter_init (reply, &iter);
- dbus_message_iter_get_basic (&iter, &str);
- ck_session_objpath = g_strdup (str);
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- session = polkit_session_new_from_objpath (con, ck_session_objpath, uid, error);
- if (session == NULL) {
- g_warning ("Got a session objpath but couldn't construct session object!");
- goto out;
- }
- if (!polkit_session_validate (session)) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
-
-not_in_session:
-
- caller = polkit_caller_new ();
- if (caller == NULL) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- goto out;
- }
-
- if (!polkit_caller_set_dbus_name (caller, dbus_name)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- if (!polkit_caller_set_uid (caller, uid)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- if (!polkit_caller_set_pid (caller, pid)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- if (selinux_context != NULL) {
- if (!polkit_caller_set_selinux_context (caller, selinux_context)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- }
- if (session != NULL) {
- if (!polkit_caller_set_ck_session (caller, session)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- polkit_session_unref (session); /* caller object now own this object */
- session = NULL;
- }
-
- if (!polkit_caller_validate (caller)) {
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
-
-out:
- g_free (selinux_context);
- g_free (ck_session_objpath);
- return caller;
-}
-
-/**
- * polkit_caller_new_from_pid:
- * @con: D-Bus system bus connection
- * @pid: process id
- * @error: D-Bus error
- *
- * This function will construct a #PolKitCaller object by querying
- * both information in /proc (on Linux) and the ConsoleKit daemon for
- * information about a given process. Note that this will do a lot of
- * blocking IO so it is best avoided if your process already
- * tracks/caches all the information. You can use the #PolKitTracker
- * class for this.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Returns: the new object or #NULL if an error occured (in which case
- * @error will be set)
- **/
-PolKitCaller *
-polkit_caller_new_from_pid (DBusConnection *con, pid_t pid, DBusError *error)
-{
- PolKitCaller *caller;
- uid_t uid;
- char *selinux_context;
- char *ck_session_objpath;
- PolKitSession *session;
- DBusMessage *message;
- DBusMessage *reply;
- DBusMessageIter iter;
- char *str;
- char *proc_path;
- struct stat statbuf;
-#ifdef HAVE_SELINUX
- security_context_t secon;
-#endif
-
- g_return_val_if_fail (con != NULL, NULL);
- g_return_val_if_fail (error != NULL, NULL);
- g_return_val_if_fail (! dbus_error_is_set (error), NULL);
-
- selinux_context = NULL;
- ck_session_objpath = NULL;
- caller = NULL;
- session = NULL;
- proc_path = NULL;
-
- proc_path = g_strdup_printf ("/proc/%d", pid);
- if (stat (proc_path, &statbuf) != 0) {
- g_warning ("Cannot lookup information for pid %d: %s", pid, strerror (errno));
- goto out;
- }
- uid = statbuf.st_uid;
-
-#ifdef HAVE_SELINUX
- /* only get the context if we are enabled */
- selinux_context = NULL;
- if (is_selinux_enabled () != 0) {
- if (getpidcon (pid, &secon) != 0) {
- g_warning ("Cannot lookup SELinux context for pid %d: %s", pid, strerror (errno));
- goto out;
- }
- selinux_context = g_strdup (secon);
- freecon (secon);
- }
-#else
- selinux_context = NULL;
-#endif
-
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- "/org/freedesktop/ConsoleKit/Manager",
- "org.freedesktop.ConsoleKit.Manager",
- "GetSessionForUnixProcess");
- dbus_message_iter_init_append (message, &iter);
- dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &pid);
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- //g_warning ("Error doing GetSessionForUnixProcess on ConsoleKit: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- /* OK, this is not a catastrophe; just means the caller is not a
- * member of any session or that ConsoleKit is not available..
- */
- goto not_in_session;
- }
- dbus_message_iter_init (reply, &iter);
- dbus_message_iter_get_basic (&iter, &str);
- ck_session_objpath = g_strdup (str);
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- session = polkit_session_new_from_objpath (con, ck_session_objpath, uid, error);
- if (session == NULL) {
- g_warning ("Got a session objpath but couldn't construct session object!");
- goto out;
- }
- if (!polkit_session_validate (session)) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
-
-not_in_session:
-
- caller = polkit_caller_new ();
- if (caller == NULL) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- goto out;
- }
-
- if (!polkit_caller_set_uid (caller, uid)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- if (!polkit_caller_set_pid (caller, pid)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- if (selinux_context != NULL) {
- if (!polkit_caller_set_selinux_context (caller, selinux_context)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- }
- if (session != NULL) {
- if (!polkit_caller_set_ck_session (caller, session)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- polkit_session_unref (session); /* caller object now own this object */
- session = NULL;
- }
-
- if (!polkit_caller_validate (caller)) {
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
-
-out:
- g_free (selinux_context);
- g_free (ck_session_objpath);
- g_free (proc_path);
- return caller;
-}
-
-static GSList *
-_get_list_of_sessions (DBusConnection *con, uid_t uid, DBusError *error)
-{
- GSList *ret;
- DBusMessage *message;
- DBusMessage *reply;
- DBusMessageIter iter;
- DBusMessageIter iter_array;
- const char *value;
-
- ret = NULL;
-
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- "/org/freedesktop/ConsoleKit/Manager",
- "org.freedesktop.ConsoleKit.Manager",
- "GetSessionsForUnixUser");
- dbus_message_append_args (message, DBUS_TYPE_UINT32, &uid, DBUS_TYPE_INVALID);
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- goto out;
- }
-
- dbus_message_iter_init (reply, &iter);
- if (dbus_message_iter_get_arg_type (&iter) != DBUS_TYPE_ARRAY) {
- g_warning ("Wrong reply from ConsoleKit (not an array)");
- goto out;
- }
-
- dbus_message_iter_recurse (&iter, &iter_array);
- while (dbus_message_iter_get_arg_type (&iter_array) != DBUS_TYPE_INVALID) {
-
- if (dbus_message_iter_get_arg_type (&iter_array) != DBUS_TYPE_OBJECT_PATH) {
- g_warning ("Wrong reply from ConsoleKit (element is not a string)");
- g_slist_foreach (ret, (GFunc) g_free, NULL);
- g_slist_free (ret);
- goto out;
- }
-
- dbus_message_iter_get_basic (&iter_array, &value);
- ret = g_slist_append (ret, g_strdup (value));
-
- dbus_message_iter_next (&iter_array);
- }
-
-out:
- if (message != NULL)
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- return ret;
-}
-
-static polkit_bool_t
-_polkit_is_authorization_relevant_internal (DBusConnection *con,
- PolKitAuthorization *auth,
- GSList *sessions,
- DBusError *error)
-{
- pid_t pid;
- polkit_uint64_t pid_start_time;
- polkit_bool_t ret;
- polkit_bool_t del_sessions;
- GSList *i;
- uid_t uid;
-
- g_return_val_if_fail (con != NULL, FALSE);
- g_return_val_if_fail (auth != NULL, FALSE);
- g_return_val_if_fail (error != NULL, FALSE);
- g_return_val_if_fail (! dbus_error_is_set (error), FALSE);
-
- ret = FALSE;
-
- uid = polkit_authorization_get_uid (auth);
-
- switch (polkit_authorization_get_scope (auth)) {
- case POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT:
- case POLKIT_AUTHORIZATION_SCOPE_PROCESS:
- if (!polkit_authorization_scope_process_get_pid (auth,
- &pid,
- &pid_start_time)) {
- /* this should never fail */
- g_warning ("Cannot determine (pid,start_time) for authorization");
- goto out;
- }
- if (polkit_sysdeps_get_start_time_for_pid (pid) == pid_start_time) {
- ret = TRUE;
- goto out;
- }
- break;
-
- case POLKIT_AUTHORIZATION_SCOPE_SESSION:
- del_sessions = FALSE;
- if (sessions == NULL) {
- sessions = _get_list_of_sessions (con, uid, error);
- del_sessions = TRUE;
- }
-
- for (i = sessions; i != NULL; i = i->next) {
- char *session_id = i->data;
- if (strcmp (session_id, polkit_authorization_scope_session_get_ck_objref (auth)) == 0) {
- ret = TRUE;
- break;
- }
- }
-
- if (del_sessions) {
- g_slist_foreach (sessions, (GFunc) g_free, NULL);
- g_slist_free (sessions);
- }
- break;
-
- case POLKIT_AUTHORIZATION_SCOPE_ALWAYS:
- ret = TRUE;
- break;
- }
-
-out:
- return ret;
-}
-
-/**
- * polkit_is_authorization_relevant:
- * @con: D-Bus system bus connection
- * @auth: authorization to check for
- * @error: return location for error
- *
- * As explicit authorizations are scoped (process single shot,
- * process, session or everything), they become irrelevant once the
- * entity (process or session) ceases to exist. This function
- * determines whether the authorization is still relevant; it's useful
- * for reporting and graphical tools displaying authorizations.
- *
- * Note that this may do blocking IO to check for session
- * authorizations so it is best avoided if your process already
- * tracks/caches all the information. You can use the
- * polkit_tracker_is_authorization_relevant() method on the
- * #PolKitTracker class for this.
- *
- * Returns: #TRUE if the authorization still applies, #FALSE if an
- * error occurred (then error will be set) or if the entity the
- * authorization refers to has gone out of scope.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_is_authorization_relevant (DBusConnection *con, PolKitAuthorization *auth, DBusError *error)
-{
- return _polkit_is_authorization_relevant_internal (con, auth, NULL, error);
-}
-
-/**
- * PolKitTracker:
- *
- * Instances of this class are used to cache information about
- * callers; typically this is used in scenarios where the same caller
- * is calling into a mechanism multiple times.
- *
- * Thus, an application can use this class to get the #PolKitCaller
- * object; the class will listen to both NameOwnerChanged and
- * ActivityChanged signals from the message bus and update / retire
- * the #PolKitCaller objects.
- *
- * An example of how to use #PolKitTracker is provided here. First, build the following program
- *
- * <programlisting><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../examples/tracker-example/tracker-example.c" parse="text"><xi:fallback>FIXME: MISSING XINCLUDE CONTENT</xi:fallback></xi:include></programlisting>
- *
- * with
- *
- * <programlisting>gcc -o tracker-example `pkg-config --cflags --libs dbus-glib-1 polkit-dbus` tracker-example.c</programlisting>
- *
- * Then put the following content
- *
- * <programlisting><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../examples/tracker-example/dk.fubar.PolKitTestService.conf" parse="text"><xi:fallback>FIXME: MISSING XINCLUDE CONTENT</xi:fallback></xi:include></programlisting>
- *
- * in the file <literal>/etc/dbus-1/system.d/dk.fubar.PolKitTestService.conf</literal>. Finally,
- * create a small Python client like this
- *
- * <programlisting><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../examples/tracker-example/tracker-example-client.py" parse="text"><xi:fallback>FIXME: MISSING XINCLUDE CONTENT</xi:fallback></xi:include></programlisting>
- *
- * as <literal>tracker-example-client.py</literal>. Now, run <literal>tracker-example</literal>
- * in one window and <literal>tracker-example-client</literal> in another. The output of
- * the former should look like this
- *
- *
- * <programlisting>
- * 18:20:00.414: PolKitCaller: refcount=1 dbus_name=:1.473 uid=500 pid=8636 selinux_context=system_u:system_r:unconfined_t
- * 18:20:00.414: PolKitSession: refcount=1 uid=0 objpath=/org/freedesktop/ConsoleKit/Session1 is_active=1 is_local=1 remote_host=(null)
- * 18:20:00.414: PolKitSeat: refcount=1 objpath=/org/freedesktop/ConsoleKit/Seat1
- *
- * 18:20:01.424: PolKitCaller: refcount=1 dbus_name=:1.473 uid=500 pid=8636 selinux_context=system_u:system_r:unconfined_t
- * 18:20:01.424: PolKitSession: refcount=1 uid=0 objpath=/org/freedesktop/ConsoleKit/Session1 is_active=1 is_local=1 remote_host=(null)
- * 18:20:01.424: PolKitSeat: refcount=1 objpath=/org/freedesktop/ConsoleKit/Seat1
- *
- * 18:20:02.434: PolKitCaller: refcount=1 dbus_name=:1.473 uid=500 pid=8636 selinux_context=system_u:system_r:unconfined_t
- * 18:20:02.434: PolKitSession: refcount=1 uid=0 objpath=/org/freedesktop/ConsoleKit/Session1 is_active=0 is_local=1 remote_host=(null)
- * 18:20:02.434: PolKitSeat: refcount=1 objpath=/org/freedesktop/ConsoleKit/Seat1
- *
- * 18:20:03.445: PolKitCaller: refcount=1 dbus_name=:1.473 uid=500 pid=8636 selinux_context=system_u:system_r:unconfined_t
- * 18:20:03.445: PolKitSession: refcount=1 uid=0 objpath=/org/freedesktop/ConsoleKit/Session1 is_active=1 is_local=1 remote_host=(null)
- * 18:20:03.445: PolKitSeat: refcount=1 objpath=/org/freedesktop/ConsoleKit/Seat1
- * </programlisting>
- *
- * The point of the test program is simply to gather caller
- * information about clients (the small Python program, you may launch
- * multiple instances of it) that repeatedly calls into the D-Bus
- * service; if one runs <literal>strace(1)</literal> in front of the
- * test program one will notice that there is only syscall / IPC
- * overhead (except for printing to stdout) on the first call from the
- * client.
- *
- * The careful reader will notice that, during the testing session, we
- * did a quick VT switch away from the session (and back) which is
- * reflected in the output.
- *
- * These functions are in <literal>libpolkit-dbus</literal>.
- **/
-struct _PolKitTracker {
- int refcount;
- DBusConnection *con;
-
- GHashTable *dbus_name_to_caller;
-
- GHashTable *pid_start_time_to_caller;
-};
-
-typedef struct {
- pid_t pid;
- polkit_uint64_t start_time;
-} _PidStartTimePair;
-
-static _PidStartTimePair *
-_pid_start_time_new (pid_t pid, polkit_uint64_t start_time)
-{
- _PidStartTimePair *obj;
- obj = g_new (_PidStartTimePair, 1);
- obj->pid = pid;
- obj->start_time = start_time;
- return obj;
-}
-
-static guint
-_pid_start_time_hash (gconstpointer a)
-{
- int val;
- _PidStartTimePair *pst = (_PidStartTimePair *) a;
-
- val = pst->pid + ((int) pst->start_time);
-
- return g_int_hash (&val);
-}
-
-static gboolean
-_pid_start_time_equal (gconstpointer a, gconstpointer b)
-{
- _PidStartTimePair *_a = (_PidStartTimePair *) a;
- _PidStartTimePair *_b = (_PidStartTimePair *) b;
-
- return (_a->pid == _b->pid) && (_a->start_time == _b->start_time);
-}
-
-/**
- * polkit_tracker_new:
- *
- * Creates a new #PolKitTracker object.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Returns: the new object
- *
- * Since: 0.7
- **/
-PolKitTracker *
-polkit_tracker_new (void)
-{
- PolKitTracker *pk_tracker;
- pk_tracker = g_new0 (PolKitTracker, 1);
- pk_tracker->refcount = 1;
- pk_tracker->dbus_name_to_caller = g_hash_table_new_full (g_str_hash,
- g_str_equal,
- g_free,
- (GDestroyNotify) polkit_caller_unref);
- pk_tracker->pid_start_time_to_caller = g_hash_table_new_full (_pid_start_time_hash,
- _pid_start_time_equal,
- g_free,
- (GDestroyNotify) polkit_caller_unref);
- return pk_tracker;
-}
-
-/**
- * polkit_tracker_ref:
- * @pk_tracker: the tracker object
- *
- * Increase reference count.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Returns: the object
- *
- * Since: 0.7
- **/
-PolKitTracker *
-polkit_tracker_ref (PolKitTracker *pk_tracker)
-{
- g_return_val_if_fail (pk_tracker != NULL, pk_tracker);
- pk_tracker->refcount++;
- return pk_tracker;
-}
-
-/**
- * polkit_tracker_unref:
- * @pk_tracker: the tracker object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Since: 0.7
- **/
-void
-polkit_tracker_unref (PolKitTracker *pk_tracker)
-{
- g_return_if_fail (pk_tracker != NULL);
- pk_tracker->refcount--;
- if (pk_tracker->refcount > 0)
- return;
- g_hash_table_destroy (pk_tracker->dbus_name_to_caller);
- g_hash_table_destroy (pk_tracker->pid_start_time_to_caller);
- dbus_connection_unref (pk_tracker->con);
- g_free (pk_tracker);
-}
-
-/**
- * polkit_tracker_set_system_bus_connection:
- * @pk_tracker: the tracker object
- * @con: the connection to the system message bus
- *
- * Tell the #PolKitTracker object to use the given D-Bus connection
- * when it needs to fetch information from the system message bus and
- * ConsoleKit services. This is used for priming the cache.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Since: 0.7
- */
-void
-polkit_tracker_set_system_bus_connection (PolKitTracker *pk_tracker, DBusConnection *con)
-{
- g_return_if_fail (pk_tracker != NULL);
- pk_tracker->con = dbus_connection_ref (con);
-}
-
-/**
- * polkit_tracker_init:
- * @pk_tracker: the tracker object
- *
- * Initialize the tracker.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Since: 0.7
- */
-void
-polkit_tracker_init (PolKitTracker *pk_tracker)
-{
- g_return_if_fail (pk_tracker != NULL);
- /* This is currently a no-op */
-}
-
-/*--------------------------------------------------------------------------------------------------------------*/
-
-static void
-_set_session_inactive_iter (gpointer key, PolKitCaller *caller, const char *session_objpath)
-{
- char *objpath;
- PolKitSession *session;
- if (!polkit_caller_get_ck_session (caller, &session))
- return;
- if (!polkit_session_get_ck_objref (session, &objpath))
- return;
- if (strcmp (objpath, session_objpath) != 0)
- return;
- polkit_session_set_ck_is_active (session, FALSE);
-}
-
-static void
-_set_session_active_iter (gpointer key, PolKitCaller *caller, const char *session_objpath)
-{
- char *objpath;
- PolKitSession *session;
- if (!polkit_caller_get_ck_session (caller, &session))
- return;
- if (!polkit_session_get_ck_objref (session, &objpath))
- return;
- if (strcmp (objpath, session_objpath) != 0)
- return;
- polkit_session_set_ck_is_active (session, TRUE);
-}
-
-static void
-_update_session_is_active (PolKitTracker *pk_tracker, const char *session_objpath, gboolean is_active)
-{
- g_hash_table_foreach (pk_tracker->dbus_name_to_caller,
- (GHFunc) (is_active ? _set_session_active_iter : _set_session_inactive_iter),
- (gpointer) session_objpath);
-}
-
-/*--------------------------------------------------------------------------------------------------------------*/
-
-static gboolean
-_remove_caller_by_session_iter (gpointer key, PolKitCaller *caller, const char *session_objpath)
-{
- char *objpath;
- PolKitSession *session;
- if (!polkit_caller_get_ck_session (caller, &session))
- return FALSE;
- if (!polkit_session_get_ck_objref (session, &objpath))
- return FALSE;
- if (strcmp (objpath, session_objpath) != 0)
- return FALSE;
- return TRUE;
-}
-
-static void
-_remove_caller_by_session (PolKitTracker *pk_tracker, const char *session_objpath)
-{
- g_hash_table_foreach_remove (pk_tracker->dbus_name_to_caller,
- (GHRFunc) _remove_caller_by_session_iter,
- (gpointer) session_objpath);
-}
-
-/*--------------------------------------------------------------------------------------------------------------*/
-
-static gboolean
-_remove_caller_by_dbus_name_iter (gpointer key, PolKitCaller *caller, const char *dbus_name)
-{
- char *name;
- if (!polkit_caller_get_dbus_name (caller, &name))
- return FALSE;
- if (strcmp (name, dbus_name) != 0)
- return FALSE;
- return TRUE;
-}
-
-static void
-_remove_caller_by_dbus_name (PolKitTracker *pk_tracker, const char *dbus_name)
-{
- g_hash_table_foreach_remove (pk_tracker->dbus_name_to_caller,
- (GHRFunc) _remove_caller_by_dbus_name_iter,
- (gpointer) dbus_name);
-}
-
-/*--------------------------------------------------------------------------------------------------------------*/
-
-/**
- * polkit_tracker_dbus_func:
- * @pk_tracker: the tracker object
- * @message: message to pass
- *
- * The owner of the #PolKitTracker object must pass signals from the
- * system message bus (just NameOwnerChanged will do) and all signals
- * from the ConsoleKit service into this function.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Returns: #TRUE only if there was a change in the ConsoleKit database.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_tracker_dbus_func (PolKitTracker *pk_tracker, DBusMessage *message)
-{
- gboolean ret;
-
- ret = FALSE;
-
- if (dbus_message_is_signal (message, DBUS_INTERFACE_DBUS, "NameOwnerChanged")) {
- char *name;
- char *new_service_name;
- char *old_service_name;
-
- if (!dbus_message_get_args (message, NULL,
- DBUS_TYPE_STRING, &name,
- DBUS_TYPE_STRING, &old_service_name,
- DBUS_TYPE_STRING, &new_service_name,
- DBUS_TYPE_INVALID)) {
-
- /* TODO: should be _pk_critical */
- _pk_debug ("The NameOwnerChanged signal on the " DBUS_INTERFACE_DBUS " "
- "interface has the wrong signature! Your system is misconfigured.");
- goto out;
- }
-
- if (strlen (new_service_name) == 0) {
- _remove_caller_by_dbus_name (pk_tracker, name);
- }
-
- } else if (dbus_message_is_signal (message, "org.freedesktop.ConsoleKit.Session", "ActiveChanged")) {
- dbus_bool_t is_active;
- DBusError error;
- const char *session_objpath;
-
- ret = TRUE;
-
- dbus_error_init (&error);
- session_objpath = dbus_message_get_path (message);
- if (!dbus_message_get_args (message, &error,
- DBUS_TYPE_BOOLEAN, &is_active,
- DBUS_TYPE_INVALID)) {
-
- /* TODO: should be _pk_critical */
- g_warning ("The ActiveChanged signal on the org.freedesktop.ConsoleKit.Session "
- "interface for object %s has the wrong signature! "
- "Your system is misconfigured.", session_objpath);
-
- /* as a security measure, remove all sessions with this path from the cache;
- * cuz then the user of PolKitTracker probably gets to deal with a DBusError
- * the next time he tries something...
- */
- _remove_caller_by_session (pk_tracker, session_objpath);
- goto out;
- }
-
- /* now go through all Caller objects and update the is_active field as appropriate */
- _update_session_is_active (pk_tracker, session_objpath, is_active);
-
- } else if (dbus_message_is_signal (message, "org.freedesktop.ConsoleKit.Seat", "SessionAdded")) {
- DBusError error;
- const char *seat_objpath;
- const char *session_objpath;
-
- /* If a session is added, update our list of sessions.. also notify the user.. */
-
- ret = TRUE;
-
- dbus_error_init (&error);
- seat_objpath = dbus_message_get_path (message);
- if (!dbus_message_get_args (message, &error,
- DBUS_TYPE_STRING, &session_objpath,
- DBUS_TYPE_INVALID)) {
-
- /* TODO: should be _pk_critical */
- g_warning ("The SessionAdded signal on the org.freedesktop.ConsoleKit.Seat "
- "interface for object %s has the wrong signature! "
- "Your system is misconfigured.", seat_objpath);
-
- goto out;
- }
-
- /* TODO: add to sessions - see polkit_tracker_is_authorization_relevant() */
-
- } else if (dbus_message_is_signal (message, "org.freedesktop.ConsoleKit.Seat", "SessionRemoved")) {
- DBusError error;
- const char *seat_objpath;
- const char *session_objpath;
-
- /* If a session is removed, authorizations scoped for that session
- * may become inactive.. so do notify the user about it..
- */
-
- ret = TRUE;
-
- dbus_error_init (&error);
- seat_objpath = dbus_message_get_path (message);
- if (!dbus_message_get_args (message, &error,
- DBUS_TYPE_STRING, &session_objpath,
- DBUS_TYPE_INVALID)) {
-
- /* TODO: should be _pk_critical */
- g_warning ("The SessionRemoved signal on the org.freedesktop.ConsoleKit.Seat "
- "interface for object %s has the wrong signature! "
- "Your system is misconfigured.", seat_objpath);
-
- goto out;
- }
-
- _remove_caller_by_session (pk_tracker, session_objpath);
-
- /* TODO: remove from sessions - see polkit_tracker_is_authorization_relevant() */
- }
-
- /* TODO: when ConsoleKit gains the ability to attach/detach a session to a seat (think
- * hot-desking), we want to update our local caches too
- */
-
-out:
- return ret;
-}
-
-/**
- * polkit_tracker_get_caller_from_dbus_name:
- * @pk_tracker: the tracker object
- * @dbus_name: unique name on the system message bus
- * @error: D-Bus error
- *
- * This function is similar to polkit_caller_new_from_dbus_name()
- * except that it uses the cache in #PolKitTracker. So on the second
- * and subsequent calls, for the same D-Bus name, there will be no
- * syscall or IPC overhead in calling this function.
- *
- * Returns: A #PolKitCaller object; the caller must use
- * polkit_caller_unref() on the object when done with it. Returns
- * #NULL if an error occured (in which case error will be set).
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Since: 0.7
- */
-PolKitCaller *
-polkit_tracker_get_caller_from_dbus_name (PolKitTracker *pk_tracker, const char *dbus_name, DBusError *error)
-{
- PolKitCaller *caller;
-
- g_return_val_if_fail (pk_tracker != NULL, NULL);
- g_return_val_if_fail (pk_tracker->con != NULL, NULL);
- g_return_val_if_fail (! dbus_error_is_set (error), NULL);
-
- /* g_debug ("Looking up cache for PolKitCaller for dbus_name %s...", dbus_name); */
-
- caller = g_hash_table_lookup (pk_tracker->dbus_name_to_caller, dbus_name);
- if (caller != NULL)
- return polkit_caller_ref (caller);
-
- /* g_debug ("Have to compute PolKitCaller for dbus_name %s...", dbus_name); */
-
- caller = polkit_caller_new_from_dbus_name (pk_tracker->con, dbus_name, error);
- if (caller == NULL)
- return NULL;
-
- g_hash_table_insert (pk_tracker->dbus_name_to_caller, g_strdup (dbus_name), caller);
- return polkit_caller_ref (caller);
-}
-
-
-/**
- * polkit_tracker_get_caller_from_pid:
- * @pk_tracker: the tracker object
- * @pid: UNIX process id to look at
- * @error: D-Bus error
- *
- * This function is similar to polkit_caller_new_from_pid()
- * except that it uses the cache in #PolKitTracker. So on the second
- * and subsequent calls, for the same D-Bus name, there will be no
- * IPC overhead in calling this function.
- *
- * There will be some syscall overhead to lookup the time when the
- * given process is started (on Linux, looking up /proc/$pid/stat);
- * this is needed because pid's can be recycled and the cache thus
- * needs to record this in addition to the pid.
- *
- * Returns: A #PolKitCaller object; the caller must use
- * polkit_caller_unref() on the object when done with it. Returns
- * #NULL if an error occured (in which case error will be set).
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Since: 0.7
- */
-PolKitCaller *
-polkit_tracker_get_caller_from_pid (PolKitTracker *pk_tracker, pid_t pid, DBusError *error)
-{
- PolKitCaller *caller;
- polkit_uint64_t start_time;
- _PidStartTimePair *pst;
-
- g_return_val_if_fail (pk_tracker != NULL, NULL);
- g_return_val_if_fail (pk_tracker->con != NULL, NULL);
- g_return_val_if_fail (! dbus_error_is_set (error), NULL);
-
- start_time = polkit_sysdeps_get_start_time_for_pid (pid);
- if (start_time == 0) {
- if (error != NULL) {
- dbus_set_error (error,
- "org.freedesktop.PolicyKit",
- "Cannot look up start time for pid %d", pid);
- }
- return NULL;
- }
-
- pst = _pid_start_time_new (pid, start_time);
-
- /* g_debug ("Looking up cache for pid %d (start_time %lld)...", pid, start_time); */
-
- caller = g_hash_table_lookup (pk_tracker->pid_start_time_to_caller, pst);
- if (caller != NULL) {
- g_free (pst);
- return polkit_caller_ref (caller);
- }
-
- /* g_debug ("Have to compute PolKitCaller from pid %d (start_time %lld)...", pid, start_time); */
-
- caller = polkit_caller_new_from_pid (pk_tracker->con, pid, error);
- if (caller == NULL) {
- g_free (pst);
- return NULL;
- }
-
- /* TODO: we need to evict old entries..
- *
- * Say, timestamp the entries in _PidStartTimePair and do
- * garbage collection every hour or so (e.g. record when we
- * last did garbage collection and check this time on the next
- * call into this function).
- */
-
- g_hash_table_insert (pk_tracker->pid_start_time_to_caller, pst, caller);
- return polkit_caller_ref (caller);
-}
-
-
-/**
- * polkit_tracker_is_authorization_relevant:
- * @pk_tracker: the tracker
- * @auth: authorization to check for
- * @error: return location for error
- *
- * As explicit authorizations are scoped (process single shot,
- * process, session or everything), they become irrelevant once the
- * entity (process or session) ceases to exist. This function
- * determines whether the authorization is still relevant; it's useful
- * for reporting and graphical tools displaying authorizations.
- *
- * This function is similar to polkit_is_authorization_relevant() only
- * that it avoids IPC overhead on the 2nd and subsequent calls when
- * checking authorizations scoped for a session.
- *
- * Returns: #TRUE if the authorization still applies, #FALSE if an
- * error occurred (then error will be set) or if the entity the
- * authorization refers to has gone out of scope.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_tracker_is_authorization_relevant (PolKitTracker *pk_tracker, PolKitAuthorization *auth, DBusError *error)
-{
-
- g_return_val_if_fail (pk_tracker != NULL, FALSE);
- g_return_val_if_fail (pk_tracker->con != NULL, FALSE);
- g_return_val_if_fail (! dbus_error_is_set (error), FALSE);
-
- /* TODO: optimize... in order to do this sanely we need CK's Manager object to export
- * a method GetAllSessions() - otherwise we'd need to key off every uid.
- *
- * It's no biggie we don't have this optimization yet.. it's only used by polkit-auth(1)
- * and the GNOME utility for managing authorizations.
- */
- return _polkit_is_authorization_relevant_internal (pk_tracker->con, auth, NULL, error);
-}
diff --git a/polkit-dbus/polkit-dbus.h b/polkit-dbus/polkit-dbus.h
deleted file mode 100644
index 98f2353..0000000
--- a/polkit-dbus/polkit-dbus.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-dbus.h : helper library for obtaining seat, session and
- * caller information via D-Bus and ConsoleKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifndef POLKIT_DBUS_H
-#define POLKIT_DBUS_H
-
-#include <polkit/polkit.h>
-#include <dbus/dbus.h>
-
-POLKIT_BEGIN_DECLS
-
-PolKitSession *polkit_session_new_from_objpath (DBusConnection *con, const char *objpath, uid_t uid, DBusError *error);
-PolKitSession *polkit_session_new_from_cookie (DBusConnection *con, const char *cookie, DBusError *error);
-
-PolKitCaller *polkit_caller_new_from_dbus_name (DBusConnection *con, const char *dbus_name, DBusError *error);
-
-PolKitCaller *polkit_caller_new_from_pid (DBusConnection *con, pid_t pid, DBusError *error);
-
-polkit_bool_t polkit_is_authorization_relevant (DBusConnection *con, PolKitAuthorization *auth, DBusError *error);
-
-
-struct _PolKitTracker;
-typedef struct _PolKitTracker PolKitTracker;
-
-PolKitTracker *polkit_tracker_new (void);
-PolKitTracker *polkit_tracker_ref (PolKitTracker *pk_tracker);
-void polkit_tracker_unref (PolKitTracker *pk_tracker);
-void polkit_tracker_set_system_bus_connection (PolKitTracker *pk_tracker, DBusConnection *con);
-void polkit_tracker_init (PolKitTracker *pk_tracker);
-
-polkit_bool_t polkit_tracker_dbus_func (PolKitTracker *pk_tracker, DBusMessage *message);
-
-PolKitCaller *polkit_tracker_get_caller_from_dbus_name (PolKitTracker *pk_tracker, const char *dbus_name, DBusError *error);
-
-PolKitCaller *polkit_tracker_get_caller_from_pid (PolKitTracker *pk_tracker, pid_t pid, DBusError *error);
-
-polkit_bool_t polkit_tracker_is_authorization_relevant (PolKitTracker *pk_tracker, PolKitAuthorization *auth, DBusError *error);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_DBUS_H */
-
-
diff --git a/polkit-dbus/polkit-read-auth-helper.c b/polkit-dbus/polkit-read-auth-helper.c
deleted file mode 100644
index 3a067d9..0000000
--- a/polkit-dbus/polkit-read-auth-helper.c
+++ /dev/null
@@ -1,471 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-read-auth-helper.c : setgid polkituser helper for PolicyKit
- * to read authorizations
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#define _GNU_SOURCE
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <security/pam_appl.h>
-#include <grp.h>
-#include <pwd.h>
-#include <syslog.h>
-#include <errno.h>
-#include <string.h>
-#include <utime.h>
-#include <fcntl.h>
-#include <dirent.h>
-
-#include <polkit-dbus/polkit-dbus.h>
-
-/* This is a bit incestuous; we are, effectively, calling into
- * ourselves.. it's safe though; this function will never get hit..
- */
-static polkit_bool_t
-check_for_auth (uid_t caller_uid, pid_t caller_pid)
-{
- polkit_bool_t ret;
- DBusError error;
- DBusConnection *bus;
- PolKitCaller *caller;
- PolKitAction *action;
- PolKitContext *context;
- PolKitError *pk_error;
- PolKitResult pk_result;
-
- ret = FALSE;
-
- dbus_error_init (&error);
- bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
- if (bus == NULL) {
- fprintf (stderr, "polkit-read-auth-helper: cannot connect to system bus: %s: %s\n",
- error.name, error.message);
- dbus_error_free (&error);
- goto out;
- }
-
- caller = polkit_caller_new_from_pid (bus, caller_pid, &error);
- if (caller == NULL) {
- fprintf (stderr, "polkit-read-auth-helper: cannot get caller from pid: %s: %s\n",
- error.name, error.message);
- goto out;
- }
-
- action = polkit_action_new ();
- if (action == NULL) {
- fprintf (stderr, "polkit-read-auth-helper: cannot allocate PolKitAction\n");
- goto out;
- }
- if (!polkit_action_set_action_id (action, "org.freedesktop.policykit.read")) {
- fprintf (stderr, "polkit-read-auth-helper: cannot set action_id\n");
- goto out;
- }
-
- context = polkit_context_new ();
- if (context == NULL) {
- fprintf (stderr, "polkit-read-auth-helper: cannot allocate PolKitContext\n");
- goto out;
- }
-
- pk_error = NULL;
- if (!polkit_context_init (context, &pk_error)) {
- fprintf (stderr, "polkit-read-auth-helper: cannot initialize polkit context: %s: %s\n",
- polkit_error_get_error_name (pk_error),
- polkit_error_get_error_message (pk_error));
- polkit_error_free (pk_error);
- goto out;
- }
-
- pk_result = polkit_context_is_caller_authorized (context, action, caller, FALSE, &pk_error);
- if (polkit_error_is_set (pk_error)) {
-
- if (polkit_error_get_error_code (pk_error) ==
- POLKIT_ERROR_NOT_AUTHORIZED_TO_READ_AUTHORIZATIONS_FOR_OTHER_USERS) {
- polkit_error_free (pk_error);
- pk_error = NULL;
- } else {
- fprintf (stderr, "polkit-read-auth-helper: cannot determine if caller is authorized: %s: %s\n",
- polkit_error_get_error_name (pk_error),
- polkit_error_get_error_message (pk_error));
- polkit_error_free (pk_error);
- goto out;
- }
- }
-
- if (pk_result != POLKIT_RESULT_YES) {
- /* having 'grant' (which is a lot more powerful) is also sufficient.. this is because 'read'
- * is required to 'grant' (to check if there's a similar authorization already)
- */
- if (!polkit_action_set_action_id (action, "org.freedesktop.policykit.grant")) {
- fprintf (stderr, "polkit-read-auth-helper: cannot set action_id\n");
- goto out;
- }
-
- pk_result = polkit_context_is_caller_authorized (context, action, caller, FALSE, &pk_error);
- if (polkit_error_is_set (pk_error)) {
- fprintf (stderr, "polkit-read-auth-helper: cannot determine if caller is authorized: %s: %s\n",
- polkit_error_get_error_name (pk_error),
- polkit_error_get_error_message (pk_error));
- polkit_error_free (pk_error);
- goto out;
- }
-
- if (pk_result != POLKIT_RESULT_YES) {
- goto out;
- }
- }
-
- ret = TRUE;
-out:
-
- return ret;
-}
-
-static polkit_bool_t
-dump_auths_from_file (const char *path, uid_t uid)
-{
- int ret;
- int fd;
- char buf[256];
- struct stat statbuf;
- ssize_t num_bytes_read;
- ssize_t num_bytes_to_read;
- ssize_t num_bytes_remaining_to_read;
- ssize_t num_bytes_to_write;
- ssize_t num_bytes_written;
- ssize_t num_bytes_remaining_to_write;
- polkit_bool_t have_written_uid;
-
- ret = FALSE;
-
- if (stat (path, &statbuf) != 0) {
- /* this is fine; the file does not have to exist.. */
- if (errno == ENOENT) {
- ret = TRUE;
- goto out;
- }
- fprintf (stderr, "polkit-read-auth-helper: cannot stat %s: %m\n", path);
- goto out;
- }
-
- fd = open (path, O_RDONLY);
- if (fd < 0) {
- fprintf (stderr, "polkit-read-auth-helper: cannot open %s: %m\n", path);
- goto out;
- }
-
- num_bytes_remaining_to_read = statbuf.st_size;
-
- have_written_uid = FALSE;
- while (num_bytes_remaining_to_read > 0) {
-
- /* start with writing the uid - this is necessary when dumping all authorizations via uid=1 */
- if (!have_written_uid) {
- have_written_uid = TRUE;
- snprintf (buf, sizeof (buf), "#uid=%d\n", uid);
- num_bytes_read = strlen (buf);
- } else {
-
- if (num_bytes_remaining_to_read > (ssize_t) sizeof (buf))
- num_bytes_to_read = (ssize_t) sizeof (buf);
- else
- num_bytes_to_read = num_bytes_remaining_to_read;
-
- again:
- num_bytes_read = read (fd, buf, num_bytes_to_read);
- if (num_bytes_read == -1) {
- if (errno == EAGAIN || errno == EINTR) {
- goto again;
- } else {
- fprintf (stderr, "polkit-read-auth-helper: error reading file %s: %m\n", path);
- close (fd);
- goto out;
- }
- }
-
- num_bytes_remaining_to_read -= num_bytes_read;
- }
-
- /* write to stdout */
- num_bytes_to_write = num_bytes_read;
- num_bytes_remaining_to_write = num_bytes_read;
-
- while (num_bytes_remaining_to_write > 0) {
- again_write:
- num_bytes_written = write (STDOUT_FILENO,
- buf + (num_bytes_to_write - num_bytes_remaining_to_write),
- num_bytes_remaining_to_write);
- if (num_bytes_written == -1) {
- if (errno == EAGAIN || errno == EINTR) {
- goto again_write;
- } else {
- fprintf (stderr, "polkit-read-auth-helper: error writing to stdout: %m\n");
- close (fd);
- goto out;
- }
- }
-
- num_bytes_remaining_to_write -= num_bytes_written;
- }
-
- }
-
-
- close (fd);
-
- ret = TRUE;
-
-out:
- return ret;
-}
-
-static polkit_bool_t
-dump_auths_all (const char *root)
-{
- DIR *dir;
- int dfd;
- struct dirent64 *d;
- polkit_bool_t ret;
-
- ret = FALSE;
-
- dir = opendir (root);
- if (dir == NULL) {
- fprintf (stderr, "polkit-read-auth-helper: error calling opendir on %s: %m\n", root);
- goto out;
- }
-
- dfd = dirfd (dir);
- if (dfd == -1) {
- fprintf (stderr, "polkit-read-auth-helper: error calling dirfd(): %m\n");
- goto out;
- }
-
- while ((d = readdir64(dir)) != NULL) {
- unsigned int n, m;
- uid_t uid;
- size_t name_len;
- char *filename;
- char username[PATH_MAX];
- char path[PATH_MAX];
- static const char suffix[] = ".auths";
- struct passwd *pw;
-
- if (d->d_type != DT_REG)
- continue;
-
- if (d->d_name == NULL)
- continue;
-
- filename = d->d_name;
- name_len = strlen (filename);
- if (name_len < sizeof (suffix))
- continue;
-
- if (strcmp ((filename + name_len - sizeof (suffix) + 1), suffix) != 0)
- continue;
-
- /* find the user name.. */
- for (n = 0; n < name_len; n++) {
- if (filename[n] == '-')
- break;
- }
- if (filename[n] == '\0') {
- fprintf (stderr, "polkit-read-auth-helper: file name '%s' is malformed (1)\n", filename);
- continue;
- }
- n++;
- m = n;
- for ( ; n < name_len; n++) {
- if (filename[n] == '.')
- break;
- }
-
- if (filename[n] == '\0') {
- fprintf (stderr, "polkit-read-auth-helper: file name '%s' is malformed (2)\n", filename);
- continue;
- }
- if (n - m > sizeof (username) - 1) {
- fprintf (stderr, "polkit-read-auth-helper: file name '%s' is malformed (3)\n", filename);
- continue;
- }
- strncpy (username, filename + m, n - m);
- username[n - m] = '\0';
-
- pw = getpwnam (username);
- if (pw == NULL) {
- fprintf (stderr, "polkit-read-auth-helper: cannot look up uid for username %s\n", username);
- continue;
- }
- uid = pw->pw_uid;
-
- if (snprintf (path, sizeof (path), "%s/%s", root, filename) >= (int) sizeof (path)) {
- fprintf (stderr, "polkit-read-auth-helper: string was truncated (1)\n");
- goto out;
- }
-
- if (!dump_auths_from_file (path, uid))
- goto out;
- }
-
- ret = TRUE;
-
-out:
- if (dir != NULL)
- closedir(dir);
- return ret;
-}
-
-static polkit_bool_t
-dump_auths_for_uid (const char *root, uid_t uid)
-{
- char path[256];
- struct passwd *pw;
-
- pw = getpwuid (uid);
- if (pw == NULL) {
- fprintf (stderr, "polkit-read-auth-helper: cannot lookup user name for uid %d\n", uid);
- return FALSE;
- }
-
- if (snprintf (path, sizeof (path), "%s/user-%s.auths", root, pw->pw_name) >= (int) sizeof (path)) {
- fprintf (stderr, "polkit-read-auth-helper: string was truncated (1)\n");
- return FALSE;
- }
-
- return dump_auths_from_file (path, uid);
-}
-
-
-int
-main (int argc, char *argv[])
-{
- int ret;
- gid_t egid;
- struct group *group;
- uid_t caller_uid;
- uid_t requesting_info_for_uid;
- char *endp;
- struct passwd *pw;
- uid_t uid_for_polkit_user;
-
- ret = 1;
- /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
- //if (clearenv () != 0)
- // goto out;
- /* set a minimal environment */
- //setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
-
- openlog ("polkit-read-auth-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
-
- /* check for correct invocation */
- if (argc != 2) {
- syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
- fprintf (stderr, "polkit-read-auth-helper: wrong number of arguments. This incident has been logged.\n");
- goto out;
- }
-
- caller_uid = getuid ();
-
- /* check we're running with a non-tty stdin */
- if (isatty (STDIN_FILENO) != 0) {
- syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
- fprintf (stderr, "polkit-read-auth-helper: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
- goto out;
- }
-
- /* check that we are setgid polkituser */
- egid = getegid ();
- group = getgrgid (egid);
- if (group == NULL) {
- fprintf (stderr, "polkit-read-auth-helper: cannot lookup group info for gid %d\n", egid);
- goto out;
- }
- if (strcmp (group->gr_name, POLKIT_GROUP) != 0) {
- fprintf (stderr, "polkit-read-auth-helper: needs to be setgid " POLKIT_GROUP "\n");
- goto out;
- }
-
- pw = getpwnam (POLKIT_USER);
- if (pw == NULL) {
- fprintf (stderr, "polkit-read-auth-helper: cannot lookup uid for " POLKIT_USER "\n");
- goto out;
- }
- uid_for_polkit_user = pw->pw_uid;
-
- /*----------------------------------------------------------------------------------------------------*/
-
- requesting_info_for_uid = strtoul (argv[1], &endp, 10);
- if (*endp != '\0') {
- fprintf (stderr, "polkit-read-auth-helper: requesting_info_for_uid malformed (3)\n");
- goto out;
- }
-
- /* uid 0 and user polkituser is allowed to read anything */
- if (caller_uid != 0 && caller_uid != uid_for_polkit_user) {
- if (caller_uid != requesting_info_for_uid) {
-
- /* see if calling user has the
- *
- * org.freedesktop.policykit.read
- *
- * authorization
- */
- if (!check_for_auth (caller_uid, getppid ())) {
- //fprintf (stderr,
- // "polkit-read-auth-helper: uid %d cannot read authorizations for uid %d.\n",
- // caller_uid,
- // requesting_info_for_uid);
- goto out;
- }
- }
- }
-
- if (requesting_info_for_uid == (uid_t) -1) {
- if (!dump_auths_all (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit"))
- goto out;
-
- if (!dump_auths_all (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit"))
- goto out;
- } else {
- if (!dump_auths_for_uid (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit", requesting_info_for_uid))
- goto out;
-
- if (!dump_auths_for_uid (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit", requesting_info_for_uid))
- goto out;
- }
-
- ret = 0;
-
-out:
- return ret;
-}
-
diff --git a/polkit-grant/Makefile.am b/polkit-grant/Makefile.am
deleted file mode 100644
index 05a2ee5..0000000
--- a/polkit-grant/Makefile.am
+++ /dev/null
@@ -1,89 +0,0 @@
-## Process this file with automake to produce Makefile.in
-
-INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
- -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
- -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
- -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
- -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
- -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \
- -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
- -DPACKAGE_LIB_DIR=\""$(libdir)"\" \
- -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
- -DPOLKIT_COMPILATION \
- @GLIB_CFLAGS@ @DBUS_CFLAGS@
-
-lib_LTLIBRARIES=libpolkit-grant.la
-
-libpolkit_grantincludedir=$(includedir)/PolicyKit/polkit-grant
-
-libpolkit_grantinclude_HEADERS = \
- polkit-grant.h
-
-libpolkit_grant_la_SOURCES = \
- polkit-grant.h polkit-grant.c
-
-
-if POLKIT_AUTHDB_DUMMY
-libpolkit_grant_la_SOURCES += polkit-authorization-db-dummy-write.c
-endif
-
-if POLKIT_AUTHDB_DEFAULT
-libpolkit_grant_la_SOURCES += polkit-authorization-db-write.c
-endif
-
-libpolkit_grant_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la
-
-libpolkit_grant_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
-
-# Only if the authdb backend has the capability POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN
-# then the backend must supply the /usr/libexec/polkit-grant-helper program.. also remember to
-# adjust the PAM stuff in data/Makefile.am
-#
-if POLKIT_AUTHDB_DEFAULT
-libexec_PROGRAMS = polkit-grant-helper polkit-grant-helper-pam polkit-explicit-grant-helper polkit-revoke-helper
-
-polkit_grant_helper_SOURCES = polkit-grant-helper.c
-polkit_grant_helper_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la $(top_builddir)/polkit-grant/libpolkit-grant.la
-
-polkit_grant_helper_pam_SOURCES = polkit-grant-helper-pam.c
-polkit_grant_helper_pam_LDADD = @AUTH_LIBS@
-
-polkit_explicit_grant_helper_SOURCES = polkit-explicit-grant-helper.c
-polkit_explicit_grant_helper_CFLAGS = @DBUS_CFLAGS@
-polkit_explicit_grant_helper_LDADD = $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la $(top_builddir)/polkit-grant/libpolkit-grant.la
-
-polkit_revoke_helper_SOURCES = polkit-revoke-helper.c
-polkit_revoke_helper_CFLAGS = @DBUS_CFLAGS@
-polkit_revoke_helper_LDADD = $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la
-
-# polkit-grant-helper needs to be setgid polkituser to be able to
-# write cookies to /var/lib/PolicyKit and /var/run/PolicyKit
-#
-# polkit-grant-helper-pam need to be setuid root because it's used to
-# authenticate not only the invoking user, but possibly also root
-# and/or other users. As only polkit-grant-helper will invoke it
-# we make it owned by the polkitiuser group and non-readable /
-# non-executable to the world
-#
-# polkit-explicit-grant-helper needs to be setgid $POLKIT_GROUP to be
-# able to edit authorization files in /var/lib/PolicyKit and
-# /var/run/PolicyKit
-#
-# polkit-revoke-helper needs to be setgid $POLKIT_GROUP to be able to
-# edit authorization files in /var/lib/PolicyKit and
-# /var/run/PolicyKit
-#
-install-exec-hook:
- -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper
- -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-grant-helper
- -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper-pam
- -chmod 4750 $(DESTDIR)$(libexecdir)/polkit-grant-helper-pam
- -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-explicit-grant-helper
- -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-explicit-grant-helper
- -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-revoke-helper
- -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-revoke-helper
-endif
-
-clean-local :
- rm -f *~ $(BUILT_SOURCES)
diff --git a/polkit-grant/polkit-authorization-db-dummy-write.c b/polkit-grant/polkit-authorization-db-dummy-write.c
deleted file mode 100644
index 9852da1..0000000
--- a/polkit-grant/polkit-authorization-db-dummy-write.c
+++ /dev/null
@@ -1,96 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-authorization-db.c : Dummy authorization database
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/wait.h>
-#include <errno.h>
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <pwd.h>
-
-#include <glib.h>
-
-#include <polkit/polkit-debug.h>
-#include <polkit/polkit-authorization-db.h>
-#include <polkit/polkit-utils.h>
-#include <polkit/polkit-private.h>
-
-/* PolKitAuthorizationDB structure is defined in polkit/polkit-private.h */
-
-polkit_bool_t
-polkit_authorization_db_add_entry_process_one_shot (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- uid_t user_authenticated_as)
-{
- return FALSE;
-}
-
-polkit_bool_t
-polkit_authorization_db_add_entry_process (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- uid_t user_authenticated_as)
-{
- return FALSE;
-}
-
-polkit_bool_t
-polkit_authorization_db_add_entry_session (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- uid_t user_authenticated_as)
-{
- return FALSE;
-}
-
-polkit_bool_t
-polkit_authorization_db_add_entry_always (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- uid_t user_authenticated_as)
-{
- return FALSE;
-}
-
-polkit_bool_t
-polkit_authorization_db_grant_to_uid (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- uid_t uid,
- PolKitAuthorizationConstraint *constraint,
- PolKitError **error)
-{
- polkit_error_set_error (error, POLKIT_ERROR_NOT_SUPPORTED, "Not supported");
- return FALSE;
-}
diff --git a/polkit-grant/polkit-authorization-db-write.c b/polkit-grant/polkit-authorization-db-write.c
deleted file mode 100644
index 145aed9..0000000
--- a/polkit-grant/polkit-authorization-db-write.c
+++ /dev/null
@@ -1,680 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-authorization-db.c : Represents the authorization database
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/wait.h>
-#include <errno.h>
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <pwd.h>
-
-#include <glib.h>
-
-#include <polkit/polkit-debug.h>
-#include <polkit/polkit-authorization-db.h>
-#include <polkit/polkit-utils.h>
-#include <polkit/polkit-private.h>
-
-/**
- * SECTION:polkit-authorization-db
- **/
-
-
-static polkit_bool_t
-_write_to_fd (int fd, const char *str, ssize_t str_len)
-{
- polkit_bool_t ret;
- ssize_t written;
-
- ret = FALSE;
-
- written = 0;
- while (written < str_len) {
- ssize_t ret;
- ret = write (fd, str + written, str_len - written);
- if (ret < 0) {
- if (errno == EAGAIN || errno == EINTR) {
- continue;
- } else {
- goto out;
- }
- }
- written += ret;
- }
-
- ret = TRUE;
-
-out:
- return ret;
-}
-
-polkit_bool_t
-_polkit_authorization_db_auth_file_add (const char *root, polkit_bool_t transient, uid_t uid, char *str_to_add)
-{
- int fd;
- char *contents;
- gsize contents_size;
- char *path;
- char *path_tmp;
- GError *error;
- polkit_bool_t ret;
- struct stat statbuf;
- struct passwd *pw;
-
- ret = FALSE;
- path = NULL;
- path_tmp = NULL;
- contents = NULL;
-
- pw = getpwuid (uid);
- if (pw == NULL) {
- g_warning ("cannot lookup user name for uid %d\n", uid);
- goto out;
- }
-
- path = g_strdup_printf ("%s/user-%s.auths", root, pw->pw_name);
- path_tmp = g_strdup_printf ("%s.XXXXXX", path);
-
- if (stat (path, &statbuf) != 0 && errno == ENOENT) {
- //fprintf (stderr, "path=%s does not exist (egid=%d): %m!\n", path, getegid ());
-
- g_free (path_tmp);
- path_tmp = path;
- path = NULL;
-
- /* Write a nice blurb if we're creating the file for the first time */
-
- contents = g_strdup_printf (
- "# This file lists authorizations for user %s\n"
- "%s"
- "# \n"
- "# File format may change at any time; do not rely on it. To manage\n"
- "# authorizations use polkit-auth(1) instead.\n"
- "\n",
- pw->pw_name,
- transient ? "# (these are temporary and will be removed on the next system boot)\n" : "");
- contents_size = strlen (contents);
- } else {
- error = NULL;
- if (!g_file_get_contents (path, &contents, &contents_size, &error)) {
- g_warning ("Cannot read authorizations file %s: %s", path, error->message);
- g_error_free (error);
- goto out;
- }
- }
-
- if (path != NULL) {
- fd = mkstemp (path_tmp);
- if (fd < 0) {
- fprintf (stderr, "Cannot create file '%s': %m\n", path_tmp);
- goto out;
- }
- if (fchmod (fd, 0464) != 0) {
- fprintf (stderr, "Cannot change mode for '%s' to 0460: %m\n", path_tmp);
- close (fd);
- unlink (path_tmp);
- goto out;
- }
- } else {
- fd = open (path_tmp, O_RDWR|O_CREAT, 0464);
- if (fd < 0) {
- fprintf (stderr, "Cannot create file '%s': %m\n", path_tmp);
- goto out;
- }
- }
-
- if (!_write_to_fd (fd, contents, contents_size)) {
- g_warning ("Cannot write to temporary authorizations file %s: %m", path_tmp);
- close (fd);
- if (unlink (path_tmp) != 0) {
- g_warning ("Cannot unlink %s: %m", path_tmp);
- }
- goto out;
- }
- if (!_write_to_fd (fd, str_to_add, strlen (str_to_add))) {
- g_warning ("Cannot write to temporary authorizations file %s: %m", path_tmp);
- close (fd);
- if (unlink (path_tmp) != 0) {
- g_warning ("Cannot unlink %s: %m", path_tmp);
- }
- goto out;
- }
- close (fd);
-
- if (path != NULL) {
- if (rename (path_tmp, path) != 0) {
- g_warning ("Cannot rename %s to %s: %m", path_tmp, path);
- if (unlink (path_tmp) != 0) {
- g_warning ("Cannot unlink %s: %m", path_tmp);
- }
- goto out;
- }
- }
-
- /* trigger a reload */
- if (utimes (PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload", NULL) != 0) {
- g_warning ("Error updating access+modification time on file '%s': %m\n",
- PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload");
- }
-
- ret = TRUE;
-
-out:
- if (contents != NULL)
- g_free (contents);
- if (path != NULL)
- g_free (path);
- if (path_tmp != NULL)
- g_free (path_tmp);
- return ret;
-}
-
-
-/**
- * polkit_authorization_db_add_entry_process_one_shot:
- * @authdb: the authorization database
- * @action: the action
- * @caller: the caller
- * @user_authenticated_as: the user that was authenticated
- *
- * Write an entry to the authorization database to indicate that the
- * given caller is authorized for the given action a single time.
- *
- * Note that this function should only be used by
- * <literal>libpolkit-grant</literal> or other sufficiently privileged
- * processes that deals with managing authorizations. It should never
- * be used by mechanisms or applications. The caller must have
- * egid=polkituser and umask set so creating files with mode 0460 will
- * work.
- *
- * This function is in <literal>libpolkit-grant</literal>.
- *
- * Returns: #TRUE if an entry was written to the authorization
- * database, #FALSE if the caller of this function is not sufficiently
- * privileged.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_db_add_entry_process_one_shot (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- uid_t user_authenticated_as)
-{
- char *action_id;
- uid_t caller_uid;
- pid_t caller_pid;
- char *grant_line;
- polkit_bool_t ret;
- polkit_uint64_t pid_start_time;
- struct timeval now;
- PolKitAuthorizationConstraint *constraint;
- char cbuf[256];
-
- g_return_val_if_fail (authdb != NULL, FALSE);
- g_return_val_if_fail (action != NULL, FALSE);
- g_return_val_if_fail (caller != NULL, FALSE);
-
- if (!polkit_action_get_action_id (action, &action_id))
- return FALSE;
-
- if (!polkit_caller_get_pid (caller, &caller_pid))
- return FALSE;
-
- if (!polkit_caller_get_uid (caller, &caller_uid))
- return FALSE;
-
- pid_start_time = polkit_sysdeps_get_start_time_for_pid (caller_pid);
- if (pid_start_time == 0)
- return FALSE;
-
- if (gettimeofday (&now, NULL) != 0) {
- g_warning ("Error calling gettimeofday: %m");
- return FALSE;
- }
-
- constraint = polkit_authorization_constraint_get_from_caller (caller);
- if (polkit_authorization_constraint_to_string (constraint, cbuf, sizeof (cbuf)) >= sizeof (cbuf)) {
- g_warning ("buffer for auth constraint is too small");
- return FALSE;
- }
-
- grant_line = g_strdup_printf ("process-one-shot:%d:%Lu:%s:%Lu:%d:%s\n",
- caller_pid,
- pid_start_time,
- action_id,
- (polkit_uint64_t) now.tv_sec,
- user_authenticated_as,
- cbuf);
-
- ret = _polkit_authorization_db_auth_file_add (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit",
- TRUE,
- caller_uid,
- grant_line);
- g_free (grant_line);
- return ret;
-}
-
-/**
- * polkit_authorization_db_add_entry_process:
- * @authdb: the authorization database
- * @action: the action
- * @caller: the caller
- * @user_authenticated_as: the user that was authenticated
- *
- * Write an entry to the authorization database to indicate that the
- * given caller is authorized for the given action.
- *
- * Note that this function should only be used by
- * <literal>libpolkit-grant</literal> or other sufficiently privileged
- * processes that deals with managing authorizations. It should never
- * be used by mechanisms or applications. The caller must have
- * egid=polkituser and umask set so creating files with mode 0460 will
- * work.
- *
- * This function is in <literal>libpolkit-grant</literal>.
- *
- * Returns: #TRUE if an entry was written to the authorization
- * database, #FALSE if the caller of this function is not sufficiently
- * privileged.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_db_add_entry_process (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- uid_t user_authenticated_as)
-{
- char *action_id;
- uid_t caller_uid;
- pid_t caller_pid;
- char *grant_line;
- polkit_bool_t ret;
- polkit_uint64_t pid_start_time;
- struct timeval now;
- PolKitAuthorizationConstraint *constraint;
- char cbuf[256];
-
- g_return_val_if_fail (authdb != NULL, FALSE);
- g_return_val_if_fail (action != NULL, FALSE);
- g_return_val_if_fail (caller != NULL, FALSE);
-
- if (!polkit_action_get_action_id (action, &action_id))
- return FALSE;
-
- if (!polkit_caller_get_pid (caller, &caller_pid))
- return FALSE;
-
- if (!polkit_caller_get_uid (caller, &caller_uid))
- return FALSE;
-
- pid_start_time = polkit_sysdeps_get_start_time_for_pid (caller_pid);
- if (pid_start_time == 0)
- return FALSE;
-
- if (gettimeofday (&now, NULL) != 0) {
- g_warning ("Error calling gettimeofday: %m");
- return FALSE;
- }
-
- constraint = polkit_authorization_constraint_get_from_caller (caller);
- if (polkit_authorization_constraint_to_string (constraint, cbuf, sizeof (cbuf)) >= sizeof (cbuf)) {
- g_warning ("buffer for auth constraint is too small");
- return FALSE;
- }
-
- grant_line = g_strdup_printf ("process:%d:%Lu:%s:%Lu:%d:%s\n",
- caller_pid,
- pid_start_time,
- action_id,
- (polkit_uint64_t) now.tv_sec,
- user_authenticated_as,
- cbuf);
-
- ret = _polkit_authorization_db_auth_file_add (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit",
- TRUE,
- caller_uid,
- grant_line);
- g_free (grant_line);
- return ret;
-}
-
-/**
- * polkit_authorization_db_add_entry_session:
- * @authdb: the authorization database
- * @action: the action
- * @caller: the caller
- * @user_authenticated_as: the user that was authenticated
- *
- * Write an entry to the authorization database to indicate that the
- * session for the given caller is authorized for the given action for
- * the remainer of the session.
- *
- * Note that this function should only be used by
- * <literal>libpolkit-grant</literal> or other sufficiently privileged
- * processes that deals with managing authorizations. It should never
- * be used by mechanisms or applications. The caller must have
- * egid=polkituser and umask set so creating files with mode 0460 will
- * work.
- *
- * This function is in <literal>libpolkit-grant</literal>.
- *
- * Returns: #TRUE if an entry was written to the authorization
- * database, #FALSE if the caller of this function is not sufficiently
- * privileged.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_db_add_entry_session (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- uid_t user_authenticated_as)
-{
- uid_t session_uid;
- char *action_id;
- char *grant_line;
- PolKitSession *session;
- char *session_objpath;
- polkit_bool_t ret;
- struct timeval now;
- PolKitAuthorizationConstraint *constraint;
- char cbuf[256];
-
- g_return_val_if_fail (authdb != NULL, FALSE);
- g_return_val_if_fail (action != NULL, FALSE);
- g_return_val_if_fail (caller != NULL, FALSE);
-
- if (!polkit_action_get_action_id (action, &action_id))
- return FALSE;
-
- if (!polkit_caller_get_ck_session (caller, &session))
- return FALSE;
-
- if (!polkit_session_get_ck_objref (session, &session_objpath))
- return FALSE;
-
- if (!polkit_session_get_uid (session, &session_uid))
- return FALSE;
-
- constraint = polkit_authorization_constraint_get_from_caller (caller);
- if (polkit_authorization_constraint_to_string (constraint, cbuf, sizeof (cbuf)) >= sizeof (cbuf)) {
- g_warning ("buffer for auth constraint is too small");
- return FALSE;
- }
-
- if (gettimeofday (&now, NULL) != 0) {
- g_warning ("Error calling gettimeofday: %m");
- return FALSE;
- }
-
- grant_line = g_strdup_printf ("session:%s:%s:%Lu:%d:%s\n",
- session_objpath,
- action_id,
- (polkit_uint64_t) now.tv_sec,
- user_authenticated_as,
- cbuf);
-
- ret = _polkit_authorization_db_auth_file_add (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit",
- TRUE,
- session_uid,
- grant_line);
- g_free (grant_line);
- return ret;
-}
-
-/**
- * polkit_authorization_db_add_entry_always:
- * @authdb: the authorization database
- * @action: the action
- * @caller: the caller
- * @user_authenticated_as: the user that was authenticated
- *
- * Write an entry to the authorization database to indicate that the
- * given user is authorized for the given action.
- *
- * Note that this function should only be used by
- * <literal>libpolkit-grant</literal> or other sufficiently privileged
- * processes that deals with managing authorizations. It should never
- * be used by mechanisms or applications. The caller must have
- * egid=polkituser and umask set so creating files with mode 0460 will
- * work.
- *
- * This function is in <literal>libpolkit-grant</literal>.
- *
- * Returns: #TRUE if an entry was written to the authorization
- * database, #FALSE if the caller of this function is not sufficiently
- * privileged.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_db_add_entry_always (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- uid_t user_authenticated_as)
-{
- uid_t uid;
- char *action_id;
- char *grant_line;
- polkit_bool_t ret;
- struct timeval now;
- PolKitAuthorizationConstraint *constraint;
- char cbuf[256];
-
- g_return_val_if_fail (authdb != NULL, FALSE);
- g_return_val_if_fail (action != NULL, FALSE);
- g_return_val_if_fail (caller != NULL, FALSE);
-
- if (!polkit_caller_get_uid (caller, &uid))
- return FALSE;
-
- if (!polkit_action_get_action_id (action, &action_id))
- return FALSE;
-
- if (gettimeofday (&now, NULL) != 0) {
- g_warning ("Error calling gettimeofday: %m");
- return FALSE;
- }
-
- constraint = polkit_authorization_constraint_get_from_caller (caller);
- if (polkit_authorization_constraint_to_string (constraint, cbuf, sizeof (cbuf)) >= sizeof (cbuf)) {
- g_warning ("buffer for auth constraint is too small");
- return FALSE;
- }
-
- grant_line = g_strdup_printf ("always:%s:%Lu:%d:%s\n",
- action_id,
- (polkit_uint64_t) now.tv_sec,
- user_authenticated_as,
- cbuf);
-
- ret = _polkit_authorization_db_auth_file_add (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit",
- FALSE,
- uid,
- grant_line);
- g_free (grant_line);
- return ret;
-}
-
-
-typedef struct {
- char *action_id;
- PolKitAuthorizationConstraint *constraint;
-} CheckDataGrant;
-
-static polkit_bool_t
-_check_auth_for_grant (PolKitAuthorizationDB *authdb, PolKitAuthorization *auth, void *user_data)
-{
- uid_t pimp;
- polkit_bool_t ret;
- CheckDataGrant *cd = (CheckDataGrant *) user_data;
-
- ret = FALSE;
-
- if (strcmp (polkit_authorization_get_action_id (auth), cd->action_id) != 0)
- goto no_match;
-
- if (!polkit_authorization_was_granted_explicitly (auth, &pimp))
- goto no_match;
-
- if (!polkit_authorization_constraint_equal (polkit_authorization_get_constraint (auth), cd->constraint))
- goto no_match;
-
- ret = TRUE;
-
-no_match:
- return ret;
-}
-
-/**
- * polkit_authorization_db_grant_to_uid:
- * @authdb: authorization database
- * @action: action
- * @uid: uid to grant to
- * @constraint: what constraint to put on the authorization
- * @error: return location for error
- *
- * Grants an authorization to a user for a specific action. This
- * requires the org.freedesktop.policykit.grant authorization.
- *
- * This function is in <literal>libpolkit-grant</literal>.
- *
- * Returns: #TRUE if the authorization was granted, #FALSE otherwise
- * and error will be set
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_db_grant_to_uid (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- uid_t uid,
- PolKitAuthorizationConstraint *constraint,
- PolKitError **error)
-{
- GError *g_error;
- char *helper_argv[6] = {PACKAGE_LIBEXEC_DIR "/polkit-explicit-grant-helper", NULL, NULL, NULL, NULL, NULL};
- gboolean ret;
- gint exit_status;
- char cbuf[256];
- CheckDataGrant cd;
-
- ret = FALSE;
-
- g_return_val_if_fail (authdb != NULL, FALSE);
- g_return_val_if_fail (action != NULL, FALSE);
- g_return_val_if_fail (constraint != NULL, FALSE);
-
- if (!polkit_action_get_action_id (action, &(cd.action_id))) {
- polkit_error_set_error (error,
- POLKIT_ERROR_GENERAL_ERROR,
- "Given action does not have action_id set");
- goto out;
- }
-
- if (polkit_authorization_constraint_to_string (constraint, cbuf, sizeof (cbuf)) >= sizeof (cbuf)) {
- g_warning ("buffer for auth constraint is too small");
- polkit_error_set_error (error,
- POLKIT_ERROR_GENERAL_ERROR,
- "buffer for auth constraint is too small");
- goto out;
- }
-
- /* check if we have the auth already */
- cd.constraint = constraint;
- if (!polkit_authorization_db_foreach_for_uid (authdb,
- uid,
- _check_auth_for_grant,
- &cd,
- error)) {
- /* happens if caller can't read auths of target user */
- if (error != NULL && polkit_error_is_set (*error)) {
- goto out;
- }
- } else {
- /* so it did exist.. */
- polkit_error_set_error (error,
- POLKIT_ERROR_AUTHORIZATION_ALREADY_EXISTS,
- "An authorization for uid %d for the action %s with constraint '%s' already exists",
- uid, cd.action_id, cbuf);
- goto out;
- }
-
-
- helper_argv[1] = cd.action_id;
- helper_argv[2] = cbuf;
- helper_argv[3] = "uid";
- helper_argv[4] = g_strdup_printf ("%d", uid);
- helper_argv[5] = NULL;
-
- g_error = NULL;
- if (!g_spawn_sync (NULL, /* const gchar *working_directory */
- helper_argv, /* gchar **argv */
- NULL, /* gchar **envp */
- 0, /* GSpawnFlags flags */
- NULL, /* GSpawnChildSetupFunc child_setup */
- NULL, /* gpointer user_data */
- NULL, /* gchar **standard_output */
- NULL, /* gchar **standard_error */
- &exit_status, /* gint *exit_status */
- &g_error)) { /* GError **error */
- polkit_error_set_error (error,
- POLKIT_ERROR_GENERAL_ERROR,
- "Error spawning explicit grant helper: %s",
- g_error->message);
- g_error_free (g_error);
- goto out;
- }
-
- if (!WIFEXITED (exit_status)) {
- g_warning ("Explicit grant helper crashed!");
- polkit_error_set_error (error,
- POLKIT_ERROR_GENERAL_ERROR,
- "Explicit grant helper crashed!");
- goto out;
- } else if (WEXITSTATUS(exit_status) != 0) {
- polkit_error_set_error (error,
- POLKIT_ERROR_NOT_AUTHORIZED_TO_GRANT_AUTHORIZATION,
- "uid %d is not authorized to grant authorization for action %s to uid %d (requires org.freedesktop.policykit.grant)",
- getuid (), cd.action_id, uid);
- } else {
- ret = TRUE;
- }
-
-out:
- g_free (helper_argv[4]);
- return ret;
-
-}
diff --git a/polkit-grant/polkit-explicit-grant-helper.c b/polkit-grant/polkit-explicit-grant-helper.c
deleted file mode 100644
index 3f5d2ef..0000000
--- a/polkit-grant/polkit-explicit-grant-helper.c
+++ /dev/null
@@ -1,268 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-explicit-grant-helper.c : setgid polkituser explicit grant
- * helper for PolicyKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#define _GNU_SOURCE
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/time.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <security/pam_appl.h>
-#include <grp.h>
-#include <pwd.h>
-#include <syslog.h>
-#include <errno.h>
-#include <string.h>
-#include <utime.h>
-#include <fcntl.h>
-
-#include <polkit-dbus/polkit-dbus.h>
-#include <polkit/polkit-private.h>
-
-static polkit_bool_t
-check_pid_for_authorization (pid_t caller_pid, const char *action_id)
-{
- polkit_bool_t ret;
- DBusError error;
- DBusConnection *bus;
- PolKitCaller *caller;
- PolKitAction *action;
- PolKitContext *context;
- PolKitError *pk_error;
- PolKitResult pk_result;
-
- ret = FALSE;
-
- dbus_error_init (&error);
- bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
- if (bus == NULL) {
- fprintf (stderr, "polkit-explicit-grant-helper: cannot connect to system bus: %s: %s\n",
- error.name, error.message);
- dbus_error_free (&error);
- goto out;
- }
-
- caller = polkit_caller_new_from_pid (bus, caller_pid, &error);
- if (caller == NULL) {
- fprintf (stderr, "polkit-explicit-grant-helper: cannot get caller from pid: %s: %s\n",
- error.name, error.message);
- goto out;
- }
-
- action = polkit_action_new ();
- if (action == NULL) {
- fprintf (stderr, "polkit-explicit-grant-helper: cannot allocate PolKitAction\n");
- goto out;
- }
- if (!polkit_action_set_action_id (action, action_id)) {
- fprintf (stderr, "polkit-explicit-grant-helper: cannot set action_id\n");
- goto out;
- }
-
- context = polkit_context_new ();
- if (context == NULL) {
- fprintf (stderr, "polkit-explicit-grant-helper: cannot allocate PolKitContext\n");
- goto out;
- }
-
- pk_error = NULL;
- if (!polkit_context_init (context, &pk_error)) {
- fprintf (stderr, "polkit-explicit-grant-helper: cannot initialize polkit context: %s: %s\n",
- polkit_error_get_error_name (pk_error),
- polkit_error_get_error_message (pk_error));
- polkit_error_free (pk_error);
- goto out;
- }
-
- pk_result = polkit_context_is_caller_authorized (context, action, caller, FALSE, &pk_error);
- if (polkit_error_is_set (pk_error)) {
- fprintf (stderr, "polkit-explicit-grant-helper: cannot determine if caller is authorized: %s: %s\n",
- polkit_error_get_error_name (pk_error),
- polkit_error_get_error_message (pk_error));
- polkit_error_free (pk_error);
- goto out;
- }
-
- if (pk_result != POLKIT_RESULT_YES) {
- //fprintf (stderr,
- // "polkit-explicit-grant-helper: uid %d (pid %d) does not have the "
- // "org.freedesktop.policykit.read-other-authorizations authorization\n",
- // caller_uid, caller_pid);
- goto out;
- }
-
- ret = TRUE;
-out:
-
- return ret;
-}
-
-int
-main (int argc, char *argv[])
-{
- int ret;
- gid_t egid;
- struct group *group;
- uid_t invoking_uid;
- char *action_id;
- char *endp;
- char grant_line[512];
- struct timeval now;
-
- ret = 1;
-
- /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
- if (clearenv () != 0)
- goto out;
- /* set a minimal environment */
- setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
-
- openlog ("polkit-explicit-grant-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
-
- /* check for correct invocation */
- if (argc != 5) {
- syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
- fprintf (stderr, "polkit-explicit-grant-helper: wrong number of arguments. This incident has been logged.\n");
- goto out;
- }
-
- /* check we're running with a non-tty stdin */
- if (isatty (STDIN_FILENO) != 0) {
- syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
- fprintf (stderr, "polkit-explicit-grant-helper: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
- goto out;
- }
-
- invoking_uid = getuid ();
-
- /* check that we are setgid polkituser */
- egid = getegid ();
- group = getgrgid (egid);
- if (group == NULL) {
- fprintf (stderr, "polkit-explicit-grant-helper: cannot lookup group info for gid %d\n", egid);
- goto out;
- }
- if (strcmp (group->gr_name, POLKIT_GROUP) != 0) {
- fprintf (stderr, "polkit-explicit-grant-helper: needs to be setgid " POLKIT_GROUP "\n");
- goto out;
- }
-
- /*----------------------------------------------------------------------------------------------------*/
-
- /* check and validate incoming parameters */
-
- /* first one is action_id */
- action_id = argv[1];
- if (!polkit_action_validate_id (action_id)) {
- syslog (LOG_NOTICE, "action_id is malformed [uid=%d]", getuid ());
- fprintf (stderr, "polkit-explicit-grant-helper: action_id is malformed. This incident has been logged.\n");
- goto out;
- }
-
- char *authc_str;
- PolKitAuthorizationConstraint *authc;
-
- /* second is the auth constraint */
- authc_str = argv[2];
- authc = polkit_authorization_constraint_from_string (authc_str);
- if (authc == NULL) {
- syslog (LOG_NOTICE, "auth constraint is malformed [uid=%d]", getuid ());
- fprintf (stderr, "polkit-explicit-grant-helper: auth constraint is malformed. This incident has been logged.\n");
- goto out;
- }
-
-#define TARGET_UID 0
- int target;
- uid_t target_uid = -1;
-
- /* (third, fourth) is one of: ("uid", uid) */
- if (strcmp (argv[3], "uid") == 0) {
-
- target = TARGET_UID;
- target_uid = strtol (argv[4], &endp, 10);
- if (*endp != '\0') {
- syslog (LOG_NOTICE, "target uid is malformed [uid=%d]", getuid ());
- fprintf (stderr, "polkit-explicit-grant-helper: target uid is malformed. This incident has been logged.\n");
- goto out;
- }
- } else {
- syslog (LOG_NOTICE, "target type is malformed [uid=%d]", getuid ());
- fprintf (stderr, "polkit-explicit-grant-helper: target type is malformed. This incident has been logged.\n");
- goto out;
- }
-
-
- //fprintf (stderr, "action_id=%s constraint=%s uid=%d\n", action_id, authc_str, target_uid);
-
- /* OK, we're done parsing ... check if the user is authorized */
-
- if (invoking_uid != 0) {
- /* see if calling user is authorized for
- *
- * org.freedesktop.policykit.grant
- */
- if (!check_pid_for_authorization (getppid (), "org.freedesktop.policykit.grant")) {
- goto out;
- }
- }
-
- /* he is.. proceed to add the grant */
-
- umask (002);
-
- if (gettimeofday (&now, NULL) != 0) {
- fprintf (stderr, "polkit-explicit-grant-helper: error calling gettimeofday: %m");
- return FALSE;
- }
-
- if (snprintf (grant_line,
- sizeof (grant_line),
- "grant:%s:%Lu:%d:%s\n",
- action_id,
- (polkit_uint64_t) now.tv_sec,
- invoking_uid,
- authc_str) >= (int) sizeof (grant_line)) {
- fprintf (stderr, "polkit-explicit-grant-helper: str to add is too long!\n");
- goto out;
- }
-
- if (_polkit_authorization_db_auth_file_add (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit",
- FALSE,
- target_uid,
- grant_line)) {
- ret = 0;
- }
-
-out:
-
- return ret;
-}
-
diff --git a/polkit-grant/polkit-grant-helper-pam.c b/polkit-grant/polkit-grant-helper-pam.c
deleted file mode 100644
index 7c9c35a..0000000
--- a/polkit-grant/polkit-grant-helper-pam.c
+++ /dev/null
@@ -1,232 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-grant-helper-pam.c : setuid root pam grant helper for PolicyKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-/* TODO: FIXME: XXX: this code needs security review before it can be released! */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <syslog.h>
-#include <security/pam_appl.h>
-
-/* Development aid: define PGH_DEBUG to get debugging output. Do _NOT_
- * enable this in production builds; it may leak passwords and other
- * sensitive information.
- */
-#undef PGH_DEBUG
-/* #define PGH_DEBUG */
-
-static int conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data);
-
-int
-main (int argc, char *argv[])
-{
- int rc;
- char user_to_auth[256];
- struct pam_conv pam_conversation;
- pam_handle_t *pam_h;
- const void *authed_user;
-
- rc = 0;
- pam_h = NULL;
-
- /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
- if (clearenv () != 0)
- goto error;
- /* set a minimal environment */
- setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
-
- /* check that we are setuid root */
- if (geteuid () != 0) {
- fprintf (stderr, "polkit-grant-helper-pam: needs to be setuid root\n");
- goto error;
- }
-
- openlog ("polkit-grant-helper-pam", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
-
- /* check for correct invocation */
- if (argc != 1) {
- syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
- fprintf (stderr, "polkit-grant-helper-pam: wrong number of arguments. This incident has been logged.\n");
- goto error;
- }
-
- if (getuid () != 0) {
- /* check we're running with a non-tty stdin */
- if (isatty (STDIN_FILENO) != 0) {
- syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
- fprintf (stderr, "polkit-grant-helper-pam: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
- goto error;
- }
- }
-
- /* get user to auth */
- if (fgets (user_to_auth, sizeof user_to_auth, stdin) == NULL)
- goto error;
- if (strlen (user_to_auth) > 0 && user_to_auth[strlen (user_to_auth) - 1] == '\n')
- user_to_auth[strlen (user_to_auth) - 1] = '\0';
-
-#ifdef PGH_DEBUG
- fprintf (stderr, "polkit-grant-helper-pam: user to auth is '%s'.\n", user_to_auth);
-#endif /* PGH_DEBUG */
-
- pam_conversation.conv = conversation_function;
- pam_conversation.appdata_ptr = NULL;
-
- /* start the pam stack */
- rc = pam_start ("polkit",
- user_to_auth,
- &pam_conversation,
- &pam_h);
- if (rc != PAM_SUCCESS) {
- fprintf (stderr, "polkit-grant-helper-pam: pam_start failed: %s\n", pam_strerror (pam_h, rc));
- goto error;
- }
-
- /* set the requesting user */
- rc = pam_set_item (pam_h, PAM_RUSER, user_to_auth);
- if (rc != PAM_SUCCESS) {
- fprintf (stderr, "polkit-grant-helper-pam: pam_set_item failed: %s\n", pam_strerror (pam_h, rc));
- goto error;
- }
-
- /* is user really user? */
- rc = pam_authenticate (pam_h, 0);
- if (rc != PAM_SUCCESS) {
- fprintf (stderr, "polkit-grant-helper-pam: pam_authenticated failed: %s\n", pam_strerror (pam_h, rc));
- goto error;
- }
-
- /* permitted access? */
- rc = pam_acct_mgmt (pam_h, 0);
- if (rc != PAM_SUCCESS) {
- fprintf (stderr, "polkit-grant-helper-pam: pam_acct_mgmt failed: %s\n", pam_strerror (pam_h, rc));
- goto error;
- }
-
- /* did we auth the right user? */
- rc = pam_get_item (pam_h, PAM_USER, &authed_user);
- if (rc != PAM_SUCCESS) {
- fprintf (stderr, "polkit-grant-helper-pam: pam_get_item failed: %s\n", pam_strerror (pam_h, rc));
- goto error;
- }
-
- if (strcmp (authed_user, user_to_auth) != 0) {
- fprintf (stderr, "polkit-grant-helper-pam: Tried to auth user '%s' but we got auth for user '%s' instead",
- user_to_auth, (const char *) authed_user);
- goto error;
- }
-
-#ifdef PGH_DEBUG
- fprintf (stderr, "polkit-grant-helper-pam: successfully authenticated user '%s'.\n", user_to_auth);
-#endif /* PGH_DEBUG */
-
- fprintf (stdout, "SUCCESS\n");
- fflush (stdout);
-
- pam_end (pam_h, rc);
- return 0;
-error:
- if (pam_h != NULL)
- pam_end (pam_h, rc);
-
- fprintf (stdout, "FAILURE\n");
- fflush (stdout);
- return 1;
-}
-
-static int
-conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data)
-{
- struct pam_response *aresp;
- char buf[PAM_MAX_RESP_SIZE];
- int i;
-
- data = data;
- if (n <= 0 || n > PAM_MAX_NUM_MSG)
- return PAM_CONV_ERR;
-
- if ((aresp = calloc(n, sizeof *aresp)) == NULL)
- return PAM_BUF_ERR;
-
- for (i = 0; i < n; ++i) {
- aresp[i].resp_retcode = 0;
- aresp[i].resp = NULL;
- switch (msg[i]->msg_style) {
- case PAM_PROMPT_ECHO_OFF:
- fprintf (stdout, "PAM_PROMPT_ECHO_OFF ");
- goto conv1;
- case PAM_PROMPT_ECHO_ON:
- fprintf (stdout, "PAM_PROMPT_ECHO_ON ");
- conv1:
- fputs (msg[i]->msg, stdout);
- if (strlen (msg[i]->msg) > 0 &&
- msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
- fputc ('\n', stdout);
- fflush (stdout);
-
- if (fgets (buf, sizeof buf, stdin) == NULL)
- goto error;
- if (strlen (buf) > 0 &&
- buf[strlen (buf) - 1] == '\n')
- buf[strlen (buf) - 1] = '\0';
-
- aresp[i].resp = strdup (buf);
- if (aresp[i].resp == NULL)
- goto error;
- break;
-
- case PAM_ERROR_MSG:
- fprintf (stdout, "PAM_ERROR_MSG ");
- goto conv2;
-
- case PAM_TEXT_INFO:
- fprintf (stdout, "PAM_TEXT_INFO ");
- conv2:
- fputs (msg[i]->msg, stdout);
- if (strlen (msg[i]->msg) > 0 &&
- msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
- fputc ('\n', stdout);
- fflush (stdout);
- break;
- default:
- goto error;
- }
- }
- *resp = aresp;
- return PAM_SUCCESS;
-
-error:
- for (i = 0; i < n; ++i) {
- if (aresp[i].resp != NULL) {
- memset (aresp[i].resp, 0, strlen(aresp[i].resp));
- free (aresp[i].resp);
- }
- }
- memset (aresp, 0, n * sizeof *aresp);
- *resp = NULL;
- return PAM_CONV_ERR;
-}
diff --git a/polkit-grant/polkit-grant-helper.c b/polkit-grant/polkit-grant-helper.c
deleted file mode 100644
index d1694b1..0000000
--- a/polkit-grant/polkit-grant-helper.c
+++ /dev/null
@@ -1,842 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-grant-helper.c : setgid polkituser grant helper for PolicyKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-/* TODO: FIXME: XXX: this code needs security review before it can be released! */
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <security/pam_appl.h>
-#include <grp.h>
-#include <pwd.h>
-#include <syslog.h>
-#include <errno.h>
-#include <string.h>
-#include <utime.h>
-
-#include <glib.h>
-
-#include <polkit-dbus/polkit-dbus.h>
-// #include <polkit/polkit-grant-database.h>
-
-/* Development aid: define PGH_DEBUG to get debugging output. Do _NOT_
- * enable this in production builds; it may leak passwords and other
- * sensitive information.
- */
-#undef PGH_DEBUG
-/* #define PGH_DEBUG */
-#define PGH_DEBUG
-
-/* synopsis: polkit-grant-helper <pid> <action-name>
- *
- * <pid> : process id of caller to grant privilege to
- * <action-name> : the PolicyKit action
- *
- * Error/debug messages goes to stderr. Interaction with the program
- * launching this helper happens via stdin/stdout. A rough high-level
- * interaction diagram looks like this (120 character width):
- *
- * Program using
- * libpolkit-grant polkit-grant-helper polkit-grant-helper-pam
- * ------------- ------------------- -----------------------
- *
- * Spawn polkit-grant-helper
- * with args <pid>, <action-name> -->
- *
- * Create PolKitCaller object
- * from <pid>. Involves querying
- * ConsoleKit over the system
- * message-bus. Verify that
- * the caller qualifies for
- * for authentication to gain
- * the right to do the Action.
- *
- * <-- Tell libpolkit-grant about grant details, e.g.
- * {self,admin}_{,keep_session,keep_always} +
- * what users can authenticate using stdout
- *
- * Receive grant details on stdin.
- * Caller prepares UI dialog depending
- * on grant details.
- *
- * if admin_users is not empty, wait for
- * user name of admin user to auth on stdin
- *
- * if admin_users is not empty, write
- * user name of admin user to auth on stdout -->
- *
- *
- * verify that given username is
- * in admin_users
- *
- *
- * Spawn polkit-grant-helper-pam
- * with no args -->
- *
- * Write username to auth as
- * on stdout -->
- *
- * Receive username on stdin.
- * Start the PAM stack
- * auth_in_progess:
- * Write a PAM request on stdout, one off
- * - PAM_PROMPT_ECHO_OFF
- * - PAM_PROMPT_ECHO_ON
- * - PAM_ERROR_MSG
- * - PAM_TEXT_INFO
- *
- * Receive PAM request on stdin.
- * Send it to libpolkit-grant on stdout
- *
- * Receive PAM request on stdin.
- * Program deals with it.
- * Write reply on stdout
- *
- * Receive PAM reply on stdin
- * Send PAM reply on stdout
- *
- * Deal with PAM reply on stdin.
- * Now either
- * - GOTO auth_in_progress; or
- * - Write SUCCESS|FAILURE on stdout and then
- * die
- *
- * Receive either SUCCESS or
- * FAILURE on stdin. If FAILURE
- * is received, then die with exit
- * code 1. If SUCCESS, leave a cookie
- * in /var/{lib,run}/PolicyKit indicating
- * the grant was successful and die with
- * exit code 0
- *
- *
- * If auth fails, we exit with code 1.
- * If input is not valid we exit with code 2.
- * If any other error occur we exit with code 3
- * If privilege was granted, we exit code 0.
- */
-
-
-/**
- * do_auth:
- *
- * the authentication itself is done via a setuid root helper; this is
- * to make the code running as uid 0 easier to audit.
- *
- */
-static polkit_bool_t
-do_auth (const char *user_to_auth)
-{
- int helper_pid;
- int helper_stdin;
- int helper_stdout;
- GError *g_error;
- char *helper_argv[2] = {PACKAGE_LIBEXEC_DIR "/polkit-grant-helper-pam", NULL};
- char buf[256];
- FILE *child_stdin;
- FILE *child_stdout;
- gboolean ret;
-
- child_stdin = NULL;
- child_stdout = NULL;
- ret = FALSE;
-
- g_error = NULL;
- if (!g_spawn_async_with_pipes (NULL,
- (char **) helper_argv,
- NULL,
- 0,
- NULL,
- NULL,
- &helper_pid,
- &helper_stdin,
- &helper_stdout,
- NULL,
- &g_error)) {
- fprintf (stderr, "polkit-grant-helper: cannot spawn helper: %s\n", g_error->message);
- g_error_free (g_error);
- g_free (helper_argv[1]);
- goto out;
- }
-
- child_stdin = fdopen (helper_stdin, "w");
- if (child_stdin == NULL) {
- fprintf (stderr, "polkit-grant-helper: fdopen (helper_stdin) failed: %s\n", strerror (errno));
- goto out;
- }
- child_stdout = fdopen (helper_stdout, "r");
- if (child_stdout == NULL) {
- fprintf (stderr, "polkit-grant-helper: fdopen (helper_stdout) failed: %s\n", strerror (errno));
- goto out;
- }
-
- /* First, tell the pam helper what user we wish to auth */
- fprintf (child_stdin, "%s\n", user_to_auth);
- fflush (child_stdin);
-
- /* now act as middle man between our parent and our child */
-
- while (TRUE) {
- /* read from child */
- if (fgets (buf, sizeof buf, child_stdout) == NULL)
- goto out;
-#ifdef PGH_DEBUG
- fprintf (stderr, "received: '%s' from child; sending to parent\n", buf);
-#endif /* PGH_DEBUG */
- /* see if we're done? */
- if (strcmp (buf, "SUCCESS\n") == 0) {
- ret = TRUE;
- goto out;
- }
- if (strcmp (buf, "FAILURE\n") == 0) {
- goto out;
- }
- /* send to parent */
- fprintf (stdout, buf);
- fflush (stdout);
-
- /* read from parent */
- if (fgets (buf, sizeof buf, stdin) == NULL)
- goto out;
-
-#ifdef PGH_DEBUG
- fprintf (stderr, "received: '%s' from parent; sending to child\n", buf);
-#endif /* PGH_DEBUG */
- /* send to child */
- fprintf (child_stdin, buf);
- fflush (child_stdin);
- }
-
-out:
- if (child_stdin != NULL)
- fclose (child_stdin);
- if (child_stdout != NULL)
- fclose (child_stdout);
- return ret;
-}
-
-/**
- * verify_with_polkit:
- * @caller: the caller
- * @action: the action
- * @out_result: return location for result AKA how the user can auth
- * @out_admin_users: return location for a NULL-terminated array of
- * strings that can be user to auth as admin. Is set to NULL if the
- * super user (e.g. uid 0) should be user to auth as admin.
- *
- * Verify that the given caller can authenticate to gain a privilege
- * to do the given action. If the authentication requires
- * administrator privileges, also return a list of users that can be
- * used to do this cf. the <define_admin_auth/> element in the
- * configuration file; see the PolicyKit.conf(5) manual page for
- * details.
- *
- * Returns: #TRUE if, and only if, the given caller can authenticate to
- * gain a privilege to do the given action.
- */
-static polkit_bool_t
-verify_with_polkit (PolKitContext *pol_ctx,
- PolKitCaller *caller,
- PolKitAction *action,
- PolKitResult *out_result,
- char ***out_admin_users)
-{
- PolKitError *pk_error;
-
- pk_error = NULL;
- *out_result = polkit_context_is_caller_authorized (pol_ctx, action, caller, FALSE, &pk_error);
- if (polkit_error_is_set (pk_error)) {
- fprintf (stderr, "polkit-grant-helper: cannot determine if caller is authorized: %s: %s\n",
- polkit_error_get_error_name (pk_error),
- polkit_error_get_error_message (pk_error));
- polkit_error_free (pk_error);
- goto error;
- }
-
- if (*out_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT &&
- *out_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH &&
- *out_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION &&
- *out_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS &&
- *out_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT &&
- *out_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH &&
- *out_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION &&
- *out_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS) {
- fprintf (stderr, "polkit-grant-helper: given auth type (%d -> %s) is bogus\n",
- *out_result, polkit_result_to_string_representation (*out_result));
- goto error;
- }
-
- *out_admin_users = NULL;
-
- /* for admin auth, get a list of users that can be used - this is basically evaluating the
- * <define_admin_auth/> directives in the config file...
- */
- if (*out_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT ||
- *out_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH ||
- *out_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION ||
- *out_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS) {
- PolKitConfig *pk_config;
- PolKitConfigAdminAuthType admin_auth_type;
- const char *admin_auth_data;
-
- pk_config = polkit_context_get_config (pol_ctx, NULL);
- /* if the configuration file is malformed, bail out */
- if (pk_config == NULL)
- goto error;
-
- if (polkit_config_determine_admin_auth_type (pk_config,
- action,
- caller,
- &admin_auth_type,
- &admin_auth_data)) {
-#ifdef PGH_DEBUG
- fprintf (stderr, "polkit-grant-helper: admin_auth_type=%d data='%s'\n", admin_auth_type, admin_auth_data);
-#endif /* PGH_DEBUG */
- switch (admin_auth_type) {
- case POLKIT_CONFIG_ADMIN_AUTH_TYPE_USER:
- if (admin_auth_data != NULL)
- *out_admin_users = g_strsplit (admin_auth_data, "|", 0);
- break;
- case POLKIT_CONFIG_ADMIN_AUTH_TYPE_GROUP:
- if (admin_auth_data != NULL) {
- int n;
- char **groups;
- GSList *i;
- GSList *users;
-
-
- users = NULL;
- groups = g_strsplit (admin_auth_data, "|", 0);
- for (n = 0; groups[n] != NULL; n++) {
- int m;
- struct group *group;
-
- /* This is fine; we're a single-threaded app */
- if ((group = getgrnam (groups[n])) == NULL)
- continue;
-
- for (m = 0; group->gr_mem[m] != NULL; m++) {
- const char *user;
- gboolean found;
-
- user = group->gr_mem[m];
- found = FALSE;
-
-#ifdef PGH_DEBUG
- fprintf (stderr, "polkit-grant-helper: examining member '%s' of group '%s'\n", user, groups[n]);
-#endif /* PGH_DEBUG */
-
- /* skip user 'root' since he is often member of 'wheel' etc. */
- if (strcmp (user, "root") == 0)
- continue;
- /* TODO: we should probably only consider users with an uid
- * in a given "safe" range, e.g. between 500 and 32000 or
- * something like that...
- */
-
- for (i = users; i != NULL; i = g_slist_next (i)) {
- if (strcmp (user, (const char *) i->data) == 0) {
- found = TRUE;
- break;
- }
- }
- if (found)
- continue;
-
-#ifdef PGH_DEBUG
- fprintf (stderr, "polkit-grant-helper: added user '%s'\n", user);
-#endif /* PGH_DEBUG */
-
- users = g_slist_prepend (users, g_strdup (user));
- }
-
- }
- g_strfreev (groups);
-
- users = g_slist_sort (users, (GCompareFunc) strcmp);
-
- *out_admin_users = g_new0 (char *, g_slist_length (users) + 1);
- for (i = users, n = 0; i != NULL; i = g_slist_next (i)) {
- (*out_admin_users)[n++] = i->data;
- }
-
- g_slist_free (users);
- }
- break;
- }
- }
- }
-
-
- /* TODO: we should probably clean up */
-
- return TRUE;
-error:
- return FALSE;
-}
-
-static polkit_bool_t
-get_and_validate_override_details (PolKitResult *result)
-{
- char buf[256];
- char *textual_result;
- PolKitResult desired_result;
-
- if (fgets (buf, sizeof buf, stdin) == NULL)
- goto error;
- if (strlen (buf) > 0 &&
- buf[strlen (buf) - 1] == '\n')
- buf[strlen (buf) - 1] = '\0';
-
- if (strncmp (buf,
- "POLKIT_GRANT_CALLER_PASS_OVERRIDE_GRANT_TYPE ",
- sizeof "POLKIT_GRANT_CALLER_PASS_OVERRIDE_GRANT_TYPE " - 1) != 0) {
- goto error;
- }
- textual_result = buf + sizeof "POLKIT_GRANT_CALLER_PASS_OVERRIDE_GRANT_TYPE " - 1;
-
-#ifdef PGH_DEBUG
- fprintf (stderr, "polkit-grant-helper: caller said '%s'\n", textual_result);
-#endif /* PGH_DEBUG */
-
- if (!polkit_result_from_string_representation (textual_result, &desired_result))
- goto error;
-
-#ifdef PGH_DEBUG
- fprintf (stderr, "polkit-grant-helper: testing for voluntarily downgrade from '%s' to '%s'\n",
- polkit_result_to_string_representation (*result),
- polkit_result_to_string_representation (desired_result));
-#endif /* PGH_DEBUG */
-
- /* See the huge comment in main() below...
- *
- * it comes down to this... users can only choose a more restricted granting type...
- */
- switch (*result) {
- case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT:
- if (desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT)
- goto error;
- break;
- case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH:
- if (desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT &&
- desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH)
- goto error;
- break;
- case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION:
- if (desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT &&
- desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH &&
- desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION)
- goto error;
- break;
- case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS:
- if (desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT &&
- desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH &&
- desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION &&
- desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS)
- goto error;
- break;
-
- case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT:
- if (desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT)
- goto error;
- break;
- case POLKIT_RESULT_ONLY_VIA_SELF_AUTH:
- if (desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT &&
- desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH)
- goto error;
- break;
- case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION:
- if (desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT &&
- desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH &&
- desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION)
- goto error;
- break;
- case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS:
- if (desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT &&
- desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH &&
- desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION &&
- desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS)
- goto error;
- break;
-
- default:
- /* we should never reach this */
- goto error;
- }
-
-#ifdef PGH_DEBUG
- if (*result != desired_result) {
- fprintf (stderr, "polkit-grant-helper: voluntarily downgrading from '%s' to '%s'\n",
- polkit_result_to_string_representation (*result),
- polkit_result_to_string_representation (desired_result));
- }
-#endif /* PGH_DEBUG */
-
- *result = desired_result;
-
- return TRUE;
-error:
- return FALSE;
-}
-
-int
-main (int argc, char *argv[])
-{
- int ret;
- uid_t invoking_user_id;
- pid_t caller_pid;
- gid_t egid;
- struct group *group;
- char *endp;
- const char *invoking_user_name;
- const char *action_name;
- PolKitResult result;
- const char *user_to_auth;
- uid_t uid_of_user_to_auth;
- char *session_objpath;
- struct passwd *pw;
- polkit_bool_t dbres;
- char **admin_users;
- DBusError error;
- DBusConnection *bus;
- PolKitContext *context;
- PolKitAction *action;
- PolKitCaller *caller;
- uid_t caller_uid;
- PolKitSession *session;
-
- ret = 3;
-
- /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
- if (clearenv () != 0)
- goto out;
- /* set a minimal environment */
- setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
-
- openlog ("polkit-grant-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
-
- /* check for correct invocation */
- if (argc != 3) {
- syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
- fprintf (stderr, "polkit-grant-helper: wrong number of arguments. This incident has been logged.\n");
- goto out;
- }
-
- /* check we're running with a non-tty stdin */
- if (isatty (STDIN_FILENO) != 0) {
- syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
- fprintf (stderr, "polkit-grant-helper: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
- goto out;
- }
-
- /* check user */
- invoking_user_id = getuid ();
- if (invoking_user_id == 0) {
- fprintf (stderr, "polkit-grant-helper: it only makes sense to run polkit-grant-helper as non-root\n");
- goto out;
- }
-
- /* check that we are setgid polkituser */
- egid = getegid ();
- group = getgrgid (egid);
- if (group == NULL) {
- fprintf (stderr, "polkit-grant-helper: cannot lookup group info for gid %d\n", egid);
- goto out;
- }
- if (strcmp (group->gr_name, POLKIT_GROUP) != 0) {
- fprintf (stderr, "polkit-grant-helper: needs to be setgid " POLKIT_GROUP "\n");
- goto out;
- }
-
- pw = getpwuid (invoking_user_id);
- if (pw == NULL) {
- fprintf (stderr, "polkit-grant-helper: cannot lookup passwd info for uid %d\n", invoking_user_id);
- goto out;
- }
- invoking_user_name = strdup (pw->pw_name);
- if (invoking_user_name == NULL) {
- fprintf (stderr, "polkit-grant-helper: OOM allocating memory for invoking user name\n");
- goto out;
- }
-
- caller_pid = strtol (argv[1], &endp, 10);
- if (endp == NULL || endp == argv[1] || *endp != '\0') {
- fprintf (stderr, "polkit-grant-helper: cannot parse pid\n");
- goto out;
- }
- action_name = argv[2];
-
-#ifdef PGH_DEBUG
- fprintf (stderr, "polkit-grant-helper: invoking user = %d ('%s')\n", invoking_user_id, invoking_user_name);
- fprintf (stderr, "polkit-grant-helper: caller_pid = %d\n", caller_pid);
- fprintf (stderr, "polkit-grant-helper: action_name = '%s'\n", action_name);
-#endif /* PGH_DEBUG */
-
- ret = 2;
-
- context = polkit_context_new ();
- if (!polkit_context_init (context, NULL)) {
- fprintf (stderr, "polkit-grant-helper: cannot initialize polkit\n");
- goto out;
- }
-
- action = polkit_action_new ();
- polkit_action_set_action_id (action, action_name);
-
- dbus_error_init (&error);
- bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
- if (bus == NULL) {
- fprintf (stderr, "polkit-grant-helper: cannot connect to system bus: %s: %s\n",
- error.name, error.message);
- dbus_error_free (&error);
- goto out;
- }
-
- caller = polkit_caller_new_from_pid (bus, caller_pid, &error);
- if (caller == NULL) {
- fprintf (stderr, "polkit-grant-helper: cannot get caller from pid: %s: %s\n",
- error.name, error.message);
- goto out;
- }
- if (!polkit_caller_get_uid (caller, &caller_uid)) {
- fprintf (stderr, "polkit-grant-helper: no uid for caller\n");
- goto out;
- }
- if (!polkit_caller_get_ck_session (caller, &session)) {
- fprintf (stderr, "polkit-grant-helper: caller is not in a session\n");
- goto out;
- }
- if (!polkit_session_get_ck_objref (session, &session_objpath)) {
- fprintf (stderr, "polkit-grant-helper: caller is not in a session\n");
- goto out;
- }
-
- /* Use libpolkit to
- *
- * - figure out if the caller can really auth to do the action
- * - learn what ConsoleKit session the caller belongs to
- */
- if (!verify_with_polkit (context, caller, action, &result, &admin_users))
- goto out;
-
-#ifdef PGH_DEBUG
- if (admin_users != NULL) {
- int n;
- fprintf (stderr, "polkit-grant-helper: admin_users: ");
- for (n = 0; admin_users[n] != NULL; n++)
- fprintf (stderr, "'%s' ", admin_users[n]);
- fprintf (stderr, "\n");
- }
-#endif /* PGH_DEBUG */
-
-#ifdef PGH_DEBUG
- fprintf (stderr, "polkit-grant-helper: polkit result = '%s'\n",
- polkit_result_to_string_representation (result));
- fprintf (stderr, "polkit-grant-helper: session_objpath = '%s'\n", session_objpath);
-#endif /* PGH_DEBUG */
-
- /* tell the caller about the grant details; e.g. whether
- * it's auth_self_keep_always or auth_self etc.
- */
- fprintf (stdout, "POLKIT_GRANT_HELPER_TELL_TYPE %s\n",
- polkit_result_to_string_representation (result));
- fflush (stdout);
-
- /* if admin auth is required, tell caller about possible users */
- if (admin_users != NULL) {
- int n;
- fprintf (stdout, "POLKIT_GRANT_HELPER_TELL_ADMIN_USERS");
- for (n = 0; admin_users[n] != NULL; n++)
- fprintf (stdout, " %s", admin_users[n]);
- fprintf (stdout, "\n");
- fflush (stdout);
- }
-
-
- /* wait for libpolkit-grant to tell us what user to use */
- if (admin_users != NULL) {
- int n;
- char buf[256];
-
-#ifdef PGH_DEBUG
- fprintf (stderr, "waiting for admin user name...\n");
-#endif /* PGH_DEBUG */
-
- /* read from parent */
- if (fgets (buf, sizeof buf, stdin) == NULL)
- goto out;
- if (strlen (buf) > 0 && buf[strlen (buf) - 1] == '\n')
- buf[strlen (buf) - 1] = '\0';
-
- if (strncmp (buf,
- "POLKIT_GRANT_CALLER_SELECT_ADMIN_USER ",
- sizeof "POLKIT_GRANT_CALLER_SELECT_ADMIN_USER " - 1) != 0) {
- goto out;
- }
-
- user_to_auth = strdup (buf) + sizeof "POLKIT_GRANT_CALLER_SELECT_ADMIN_USER " - 1;
-#ifdef PGH_DEBUG
- fprintf (stderr, "libpolkit-grant wants to auth as '%s'\n", user_to_auth);
-#endif /* PGH_DEBUG */
-
- /* now sanity check that returned user is actually in admin_users */
- for (n = 0; admin_users[n] != NULL; n++) {
- if (strcmp (admin_users[n], user_to_auth) == 0)
- break;
- }
- if (admin_users[n] == NULL) {
- ret = 2;
- goto out;
- }
-
- } else {
- /* figure out what user to auth */
- if (result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT ||
- result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH ||
- result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION ||
- result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS) {
- user_to_auth = "root";
- } else {
- user_to_auth = invoking_user_name;
- }
- }
-
- if (strcmp (user_to_auth, "root") == 0) {
- uid_of_user_to_auth = 0;
- } else {
- struct passwd *passwd;
-
- passwd = getpwnam (user_to_auth);
- if (passwd == NULL) {
- fprintf (stderr, "polkit-grant-helper: can not look up uid for user '%s'\n", user_to_auth);
- goto out;
- }
- uid_of_user_to_auth = passwd->pw_uid;
- }
-
- ret = 1;
-
- /* Start authentication */
- if (!do_auth (user_to_auth)) {
- goto out;
- }
-
- /* Ask caller if he want to slim down grant type... e.g. he
- * might want to go from auth_self_keep_always to
- * auth_self_keep_session..
- *
- * See docs for the PolKitGrantOverrideGrantType callback type
- * for use cases; it's in polkit-grant/polkit-grant.h
- */
- fprintf (stdout, "POLKIT_GRANT_HELPER_ASK_OVERRIDE_GRANT_TYPE %s\n",
- polkit_result_to_string_representation (result));
- fflush (stdout);
-
- if (!get_and_validate_override_details (&result)) {
- /* if this fails it means bogus input from user */
- ret = 2;
- goto out;
- }
-
-#ifdef PGH_DEBUG
- fprintf (stderr, "polkit-grant-helper: adding grant: action_id=%s session_id=%s pid=%d result='%s'\n",
- action_name, session_objpath, caller_pid, polkit_result_to_string_representation (result));
-#endif /* PGH_DEBUG */
-
- /* make sure write permissions for group is honored */
- umask (002);
-
- switch (result) {
- case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT:
- case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT:
- dbres = polkit_authorization_db_add_entry_process_one_shot (polkit_context_get_authorization_db (context),
- action,
- caller,
- uid_of_user_to_auth);
- if (dbres) {
- syslog (LOG_INFO, "granted one shot authorization for %s to pid %d [uid=%d] [auth=%s]",
- action_name, caller_pid, invoking_user_id, user_to_auth);
- }
- break;
-
- case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH:
- case POLKIT_RESULT_ONLY_VIA_SELF_AUTH:
- dbres = polkit_authorization_db_add_entry_process (polkit_context_get_authorization_db (context),
- action,
- caller,
- uid_of_user_to_auth);
- if (dbres) {
- syslog (LOG_INFO, "granted authorization for %s to pid %d [uid=%d] [auth=%s]",
- action_name, caller_pid, invoking_user_id, user_to_auth);
- }
- break;
-
- case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION:
- case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION:
- dbres = polkit_authorization_db_add_entry_session (polkit_context_get_authorization_db (context),
- action,
- caller,
- uid_of_user_to_auth);
-
- if (dbres) {
- syslog (LOG_INFO, "granted authorization for %s to session %s [uid=%d] [auth=%s]",
- action_name, session_objpath, invoking_user_id, user_to_auth);
- }
- break;
-
- case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS:
- case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS:
- dbres = polkit_authorization_db_add_entry_always (polkit_context_get_authorization_db (context),
- action,
- caller,
- uid_of_user_to_auth);
- if (dbres) {
- syslog (LOG_INFO, "granted authorization for %s to uid %d [auth=%s]",
- action_name, caller_uid, user_to_auth);
- }
- break;
-
- default:
- /* should never happen */
- goto out;
- }
-
- if (!dbres) {
- fprintf (stderr, "polkit-grant-helper: failed to write to grantdb\n");
- goto out;
- }
-
- ret = 0;
-out:
-#ifdef PGH_DEBUG
- fprintf (stderr, "polkit-grant-helper: exiting with code %d\n", ret);
-#endif /* PGH_DEBUG */
- return ret;
-}
diff --git a/polkit-grant/polkit-grant.c b/polkit-grant/polkit-grant.c
deleted file mode 100644
index 0e7a43d..0000000
--- a/polkit-grant/polkit-grant.c
+++ /dev/null
@@ -1,538 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-grant.c : library for obtaining privileges
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#define _GNU_SOURCE
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <sys/wait.h>
-
-#include <glib.h>
-#include "polkit-grant.h"
-
-/**
- * SECTION:polkit-grant
- * @title: Authorizations and Authentication
- * @short_description: Obtain authorizations through
- * authentication.
- *
- * These functions are used to obtain authorizations for a user that
- * is able to successfully authenticate. It is only useful for people
- * writing user interfaces that interfaces with the end user.
- *
- * All of these functions are in the
- * <literal>libpolkit-grant</literal> library.
- **/
-
-/**
- * PolKitGrant:
- *
- * Objects of this class are used to obtain authorizations for a user
- * that is able to successfully authenticate. It is only useful for
- * people writing user interfaces that interfaces with the end user.
- *
- * All of these functions are in the
- * <literal>libpolkit-grant</literal> library.
- **/
-struct _PolKitGrant
-{
- int refcount;
-
- PolKitGrantAddIOWatch func_add_io_watch;
- PolKitGrantAddChildWatch func_add_child_watch;
- PolKitGrantRemoveWatch func_remove_watch;
- PolKitGrantType func_type;
- PolKitGrantSelectAdminUser func_select_admin_user;
- PolKitGrantConversationPromptEchoOff func_prompt_echo_off;
- PolKitGrantConversationPromptEchoOn func_prompt_echo_on;
- PolKitGrantConversationErrorMessage func_error_message;
- PolKitGrantConversationTextInfo func_text_info;
- PolKitGrantOverrideGrantType func_override_grant_type;
- PolKitGrantDone func_done;
- void *user_data;
-
- int child_stdin;
- int child_stdout;
- GPid child_pid;
- FILE *child_stdout_f;
-
- int child_watch_id;
- int io_watch_id;
-
- gboolean success;
- gboolean helper_is_running;
-};
-
-/**
- * polkit_grant_new:
- *
- * Creates a #PolKitGrant object.
- *
- * This function is in <literal>libpolkit-grant</literal>.
- *
- * Returns: the new object or #NULL if the authorization backend
- * doesn't support obtaining authorizations through authentication.
- **/
-PolKitGrant *
-polkit_grant_new (void)
-{
- PolKitGrant *polkit_grant;
-
- if (! (polkit_authorization_db_get_capabilities () & POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN))
- return NULL;
-
- polkit_grant = g_new0 (PolKitGrant, 1);
- polkit_grant->refcount = 1;
- return polkit_grant;
-}
-
-/**
- * polkit_grant_ref:
- * @polkit_grant: the object
- *
- * Increase reference count.
- *
- * This function is in <literal>libpolkit-grant</literal>.
- *
- * Returns: the object.
- **/
-PolKitGrant *
-polkit_grant_ref (PolKitGrant *polkit_grant)
-{
- g_return_val_if_fail (polkit_grant != NULL, NULL);
-
- polkit_grant->refcount++;
- return polkit_grant;
-}
-
-/**
- * polkit_grant_unref:
- * @polkit_grant: the object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- *
- * This function is in <literal>libpolkit-grant</literal>.
- **/
-void
-polkit_grant_unref (PolKitGrant *polkit_grant)
-{
- g_return_if_fail (polkit_grant != NULL);
-
- polkit_grant->refcount--;
- if (polkit_grant->refcount > 0)
- return;
-
- if (polkit_grant->io_watch_id > 0) {
- polkit_grant->func_remove_watch (polkit_grant, polkit_grant->io_watch_id);
- }
- if (polkit_grant->child_watch_id > 0) {
- polkit_grant->func_remove_watch (polkit_grant, polkit_grant->child_watch_id);
- }
- if (polkit_grant->child_pid > 0) {
- int status;
- kill (polkit_grant->child_pid, SIGTERM);
- waitpid (polkit_grant->child_pid, &status, 0);
- }
- if (polkit_grant->child_stdout_f != NULL) {
- fclose (polkit_grant->child_stdout_f);
- }
- if (polkit_grant->child_stdout >= 0) {
- close (polkit_grant->child_stdout);
- }
- if (polkit_grant->child_stdin >= 0) {
- close (polkit_grant->child_stdin);
- }
-
- g_free (polkit_grant);
-}
-
-/**
- * polkit_grant_set_functions:
- * @polkit_grant: the object
- * @func_add_io_watch: Callback function
- * @func_add_child_watch: Callback function
- * @func_remove_watch: Callback function
- * @func_type: Callback function
- * @func_select_admin_user: Callback function
- * @func_prompt_echo_off: Callback function
- * @func_prompt_echo_on: Callback function
- * @func_error_message: Callback function
- * @func_text_info: Callback function
- * @func_override_grant_type: Callback function
- * @func_done: Callback function
- * @user_data: User data that will be passed to the callback functions.
- *
- * Set callback functions used for authentication.
- *
- * This function is in <literal>libpolkit-grant</literal>.
- **/
-void
-polkit_grant_set_functions (PolKitGrant *polkit_grant,
- PolKitGrantAddIOWatch func_add_io_watch,
- PolKitGrantAddChildWatch func_add_child_watch,
- PolKitGrantRemoveWatch func_remove_watch,
- PolKitGrantType func_type,
- PolKitGrantSelectAdminUser func_select_admin_user,
- PolKitGrantConversationPromptEchoOff func_prompt_echo_off,
- PolKitGrantConversationPromptEchoOn func_prompt_echo_on,
- PolKitGrantConversationErrorMessage func_error_message,
- PolKitGrantConversationTextInfo func_text_info,
- PolKitGrantOverrideGrantType func_override_grant_type,
- PolKitGrantDone func_done,
- void *user_data)
-{
- g_return_if_fail (polkit_grant != NULL);
- g_return_if_fail (func_add_io_watch != NULL);
- g_return_if_fail (func_add_child_watch != NULL);
- g_return_if_fail (func_remove_watch != NULL);
- g_return_if_fail (func_type != NULL);
- g_return_if_fail (func_select_admin_user != NULL);
- g_return_if_fail (func_prompt_echo_off != NULL);
- g_return_if_fail (func_prompt_echo_on != NULL);
- g_return_if_fail (func_error_message != NULL);
- g_return_if_fail (func_text_info != NULL);
- g_return_if_fail (func_override_grant_type != NULL);
- polkit_grant->func_add_io_watch = func_add_io_watch;
- polkit_grant->func_add_child_watch = func_add_child_watch;
- polkit_grant->func_remove_watch = func_remove_watch;
- polkit_grant->func_type = func_type;
- polkit_grant->func_select_admin_user = func_select_admin_user;
- polkit_grant->func_prompt_echo_off = func_prompt_echo_off;
- polkit_grant->func_prompt_echo_on = func_prompt_echo_on;
- polkit_grant->func_error_message = func_error_message;
- polkit_grant->func_text_info = func_text_info;
- polkit_grant->func_override_grant_type = func_override_grant_type;
- polkit_grant->func_done = func_done;
- polkit_grant->user_data = user_data;
-}
-
-
-/**
- * polkit_grant_child_func:
- * @polkit_grant: the object
- * @pid: pid of the child
- * @exit_code: exit code of the child
- *
- * Method that the application must call when a child process
- * registered with the supplied function of type
- * #PolKitGrantAddChildWatch terminates.
- *
- * This function is in <literal>libpolkit-grant</literal>.
- **/
-void
-polkit_grant_child_func (PolKitGrant *polkit_grant, pid_t pid, int exit_code)
-{
- int status;
- polkit_bool_t input_was_bogus;
-
- g_return_if_fail (polkit_grant != NULL);
- g_return_if_fail (polkit_grant->helper_is_running);
-
- /* g_debug ("pid %d terminated", pid); */
- waitpid (pid, &status, 0);
-
- if (exit_code >= 2)
- input_was_bogus = TRUE;
- else
- input_was_bogus = FALSE;
-
- polkit_grant->success = (exit_code == 0);
- polkit_grant->helper_is_running = FALSE;
- polkit_grant->func_done (polkit_grant, polkit_grant->success, input_was_bogus, polkit_grant->user_data);
-}
-
-
-/**
- * polkit_grant_io_func:
- * @polkit_grant: the object
- * @fd: the file descriptor passed to the supplied function of type #PolKitGrantAddIOWatch.
- *
- * Method that the application must call when there is data to read
- * from a file descriptor registered with the supplied function of
- * type #PolKitGrantAddIOWatch.
- *
- * This function is in <literal>libpolkit-grant</literal>.
- **/
-void
-polkit_grant_io_func (PolKitGrant *polkit_grant, int fd)
-{
- char *line = NULL;
- size_t line_len = 0;
- char *id;
- size_t id_len;
- char *response;
- char *response_prefix;
-
- g_return_if_fail (polkit_grant != NULL);
- g_return_if_fail (polkit_grant->helper_is_running);
-
- while (getline (&line, &line_len, polkit_grant->child_stdout_f) != -1) {
- if (strlen (line) > 0 &&
- line[strlen (line) - 1] == '\n')
- line[strlen (line) - 1] = '\0';
-
- response = NULL;
- response_prefix = NULL;
-
- id = "PAM_PROMPT_ECHO_OFF ";
- if (g_str_has_prefix (line, id)) {
- id_len = strlen (id);
- response_prefix = "";
- response = polkit_grant->func_prompt_echo_off (polkit_grant,
- line + id_len,
- polkit_grant->user_data);
- goto processed;
- }
-
- id = "PAM_PROMPT_ECHO_ON ";
- if (g_str_has_prefix (line, id)) {
- id_len = strlen (id);
- response_prefix = "";
- response = polkit_grant->func_prompt_echo_on (polkit_grant,
- line + id_len,
- polkit_grant->user_data);
- goto processed;
- }
-
- id = "PAM_ERROR_MSG ";
- if (g_str_has_prefix (line, id)) {
- id_len = strlen (id);
- polkit_grant->func_error_message (polkit_grant,
- line + id_len,
- polkit_grant->user_data);
- goto processed;
- }
-
- id = "PAM_TEXT_INFO ";
- if (g_str_has_prefix (line, id)) {
- id_len = strlen (id);
- polkit_grant->func_text_info (polkit_grant,
- line + id_len,
- polkit_grant->user_data);
- goto processed;
- }
-
- id = "POLKIT_GRANT_HELPER_TELL_TYPE ";
- if (g_str_has_prefix (line, id)) {
- PolKitResult result;
- char *result_textual;
-
- id_len = strlen (id);
- result_textual = line + id_len;
- if (!polkit_result_from_string_representation (result_textual, &result)) {
- /* TODO: danger will robinson */
- }
-
- polkit_grant->func_type (polkit_grant,
- result,
- polkit_grant->user_data);
- goto processed;
- }
-
- id = "POLKIT_GRANT_HELPER_TELL_ADMIN_USERS ";
- if (g_str_has_prefix (line, id)) {
- char **admin_users;
-
- id_len = strlen (id);
- admin_users = g_strsplit (line + id_len, " ", 0);
-
- response_prefix = "POLKIT_GRANT_CALLER_SELECT_ADMIN_USER ";
- response = polkit_grant->func_select_admin_user (polkit_grant,
- admin_users,
- polkit_grant->user_data);
- g_strfreev (admin_users);
-
- goto processed;
- }
-
- id = "POLKIT_GRANT_HELPER_ASK_OVERRIDE_GRANT_TYPE ";
- if (g_str_has_prefix (line, id)) {
- PolKitResult override;
- PolKitResult result;
- id_len = strlen (id);
- if (!polkit_result_from_string_representation (line + id_len, &result)) {
- /* TODO: danger will robinson */
- }
- override = polkit_grant->func_override_grant_type (polkit_grant,
- result,
- polkit_grant->user_data);
- response_prefix = "POLKIT_GRANT_CALLER_PASS_OVERRIDE_GRANT_TYPE ";
- response = g_strdup (polkit_result_to_string_representation (override));
- goto processed;
- }
-
- processed:
- if (response != NULL && response_prefix != NULL) {
- char *buf;
- gboolean add_newline;
-
- /* add a newline if there isn't one already... */
- add_newline = FALSE;
- if (response[strlen (response) - 1] != '\n') {
- add_newline = TRUE;
- }
- buf = g_strdup_printf ("%s%s%c",
- response_prefix,
- response,
- add_newline ? '\n' : '\0');
- write (polkit_grant->child_stdin, buf, strlen (buf));
- g_free (buf);
- free (response);
- }
- }
-
- if (line != NULL)
- free (line);
-}
-
-/**
- * polkit_grant_cancel_auth:
- * @polkit_grant: the object
- *
- * Cancel an authentication in progress
- *
- * This function is in <literal>libpolkit-grant</literal>.
- **/
-void
-polkit_grant_cancel_auth (PolKitGrant *polkit_grant)
-{
- GPid pid;
- g_return_if_fail (polkit_grant != NULL);
- g_return_if_fail (polkit_grant->helper_is_running);
-
- pid = polkit_grant->child_pid;
- polkit_grant->child_pid = 0;
- if (pid > 0) {
- int status;
- kill (pid, SIGTERM);
- waitpid (pid, &status, 0);
- polkit_grant->helper_is_running = FALSE;
- }
- polkit_grant->func_done (polkit_grant, FALSE, FALSE, polkit_grant->user_data);
-}
-
-/**
- * polkit_grant_initiate_auth:
- * @polkit_grant: the object
- * @action: Action requested by caller
- * @caller: Caller in question
- *
- * Initiate authentication to obtain the privilege for the given
- * @caller to perform the specified @action. The caller of this method
- * must have setup callback functions using the method
- * polkit_grant_set_functions() prior to calling this method.
- *
- * Implementation-wise, this class uses a secure (e.g. as in that it
- * checks all information and fundamenally don't trust the caller;
- * e.g. the #PolKitGrant class) setgid helper that does all the heavy
- * lifting.
- *
- * The caller of this method must iterate the mainloop context in
- * order for authentication to make progress.
- *
- * This function is in <literal>libpolkit-grant</literal>.
- *
- * Returns: #TRUE only if authentication have been initiated.
- **/
-polkit_bool_t
-polkit_grant_initiate_auth (PolKitGrant *polkit_grant,
- PolKitAction *action,
- PolKitCaller *caller)
-{
- pid_t pid;
- char *action_id;
- GError *g_error;
- char *helper_argv[4];
-
- g_return_val_if_fail (polkit_grant != NULL, FALSE);
- /* check that callback functions have been properly set up */
- g_return_val_if_fail (polkit_grant->func_done != NULL, FALSE);
-
- if (!polkit_caller_get_pid (caller, &pid))
- goto error;
-
- if (!polkit_action_get_action_id (action, &action_id))
- goto error;
-
- /* TODO: verify incoming args */
-
- /* helper_argv[0] = "/home/davidz/Hacking/PolicyKit/polkit-grant/.libs/polkit-grant-helper"; */
- helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-grant-helper";
- helper_argv[1] = g_strdup_printf ("%d", pid);
- helper_argv[2] = action_id;
- helper_argv[3] = NULL;
-
- polkit_grant->child_stdin = -1;
- polkit_grant->child_stdout = -1;
-
- g_error = NULL;
- if (!g_spawn_async_with_pipes (NULL,
- (char **) helper_argv,
- NULL,
- G_SPAWN_DO_NOT_REAP_CHILD |
- 0,//G_SPAWN_STDERR_TO_DEV_NULL,
- NULL,
- NULL,
- &polkit_grant->child_pid,
- &polkit_grant->child_stdin,
- &polkit_grant->child_stdout,
- NULL,
- &g_error)) {
- fprintf (stderr, "Cannot spawn helper: %s.\n", g_error->message);
- g_error_free (g_error);
- g_free (helper_argv[1]);
- goto error;
- }
- g_free (helper_argv[1]);
-
- polkit_grant->child_watch_id = polkit_grant->func_add_child_watch (polkit_grant, polkit_grant->child_pid);
- if (polkit_grant->child_watch_id == 0)
- goto error;
-
- polkit_grant->io_watch_id = polkit_grant->func_add_io_watch (polkit_grant, polkit_grant->child_stdout);
- if (polkit_grant->io_watch_id == 0)
- goto error;
-
- /* so we can use getline... */
- polkit_grant->child_stdout_f = fdopen (polkit_grant->child_stdout, "r");
- if (polkit_grant->child_stdout_f == NULL)
- goto error;
-
- polkit_grant->success = FALSE;
-
- polkit_grant->helper_is_running = TRUE;
-
- return TRUE;
-error:
- return FALSE;
-}
diff --git a/polkit-grant/polkit-grant.h b/polkit-grant/polkit-grant.h
deleted file mode 100644
index 2fdf6a4..0000000
--- a/polkit-grant/polkit-grant.h
+++ /dev/null
@@ -1,369 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-grant.h : library for obtaining privileges
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifndef POLKIT_GRANT_H
-#define POLKIT_GRANT_H
-
-#include <polkit/polkit.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitGrant;
-typedef struct _PolKitGrant PolKitGrant;
-
-/**
- * PolKitGrantType:
- * @polkit_grant: the grant object
- * @grant_type: the current type of what privilege to obtain
- * @user_data: user data pointed as passed into polkit_grant_set_functions()
- *
- * Type for callback function that describes to what extent the
- * privilege can be obtained; e.g. whether the user can keep it
- * (e.g. forever, for the session or not keep it at all).
- *
- * See also #PolKitGrantOverrideGrantType for discussion on the type
- * of user interfaces one should put up depending on the value of
- * @grant_type.
- **/
-typedef void (*PolKitGrantType) (PolKitGrant *polkit_grant,
- PolKitResult grant_type,
- void *user_data);
-
-/**
- * PolKitGrantSelectAdminUser:
- * @polkit_grant: the grant object
- * @admin_users: a NULL-terminated array of users that can be used for
- * authentication for admin grants.
- * @user_data: user data pointed as passed into polkit_grant_set_functions()
- *
- * Type for callback function that describes the possible users that
- * can be chosen for authentication when administrator privileges are
- * required.
- *
- * Returns: the chosen user; must be allocated with malloc(3) and will
- * be freed by the #PolKitGrant class.
- **/
-typedef char* (*PolKitGrantSelectAdminUser) (PolKitGrant *polkit_grant,
- char **admin_users,
- void *user_data);
-
-
-/**
- * PolKitGrantConversationPromptEchoOff:
- * @polkit_grant: the grant object
- * @prompt: prompt passed by the authentication layer; do not free this string
- * @user_data: user data pointed as passed into polkit_grant_set_functions()
- *
- * Type for callback function that is invoked when the authentication
- * layer needs to ask the user a secret and the UI should NOT echo what
- * the user types on the screen.
- *
- * Returns: the answer obtained from the user; must be allocated with
- * malloc(3) and will be freed by the #PolKitGrant class.
- **/
-typedef char* (*PolKitGrantConversationPromptEchoOff) (PolKitGrant *polkit_grant,
- const char *prompt,
- void *user_data);
-
-/**
- * PolKitGrantConversationPromptEchoOn:
- * @polkit_grant: the grant object
- * @prompt: prompt passed by the authentication layer; do not free this string
- * @user_data: user data pointed as passed into polkit_grant_set_functions()
- *
- * Type for callback function that is invoked when the authentication
- * layer needs to ask the user a secret and the UI should echo what
- * the user types on the screen.
- *
- * Returns: the answer obtained from the user; must be allocated with
- * malloc(3) and will be freed by the #PolKitGrant class.
- **/
-typedef char* (*PolKitGrantConversationPromptEchoOn) (PolKitGrant *polkit_grant,
- const char *prompt,
- void *user_data);
-
-/**
- * PolKitGrantConversationErrorMessage:
- * @polkit_grant: the grant object
- * @error_message: error message passed by the authentication layer; do not free this string
- * @user_data: user data pointed as passed into polkit_grant_set_functions()
- *
- * Type for callback function that is invoked when the authentication
- * layer produces an error message that should be displayed in the UI.
- **/
-typedef void (*PolKitGrantConversationErrorMessage) (PolKitGrant *polkit_grant,
- const char *error_message,
- void *user_data);
-
-/**
- * PolKitGrantConversationTextInfo:
- * @polkit_grant: the grant object
- * @text_info: information passed by the authentication layer; do not free this string
- * @user_data: user data pointed as passed into polkit_grant_set_functions()
- *
- * Type for callback function that is invoked when the authentication
- * layer produces an informational message that should be displayed in
- * the UI.
- **/
-typedef void (*PolKitGrantConversationTextInfo) (PolKitGrant *polkit_grant,
- const char *text_info,
- void *user_data);
-
-/**
- * PolKitGrantOverrideGrantType:
- * @polkit_grant: the grant object
- * @grant_type: the current type of what privilege to obtain; this is
- * the same value as passed to the callback of type #PolKitGrantType.
- * @user_data: user data pointed as passed into polkit_grant_set_functions()
- *
- * Type for callback function that enables the UI to request a lesser
- * privilege than is obtainable. This callback is invoked when the
- * user have successfully authenticated but before the privilege is
- * granted.
- *
- * Basically, this callback enables a program to provide an user
- * interface like this:
- *
- * <programlisting>
- * +------------------------------------------------------------+
- * | You need to authenticate to access the volume 'Frobnicator |
- * | Adventures Vol 2' |
- * | |
- * | Password: [_________________] |
- * | |
- * [ [x] Remember this decision |
- * | [ ] for this session |
- * | [*] for this and future sessions |
- * | |
- * | [Cancel] [Authenticate] |
- * +------------------------------------------------------------+
- * </programlisting>
- *
- * This dialog assumes that @grant_type passed was
- * #POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS. By ticking the
- * check boxes in the dialog, the user can override this to either
- * #POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION or
- * #POLKIT_RESULT_ONLY_VIA_SELF_AUTH. Thus, the user can
- * voluntarily choose to obtain a lesser privilege.
- *
- * Another example, would be that the @grant_type passed was
- * #POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION. Then the dialog
- * should look like this:
- *
- * <programlisting>
- * +------------------------------------------------------------+
- * | You need to authenticate to access the volume 'Frobnicator |
- * | Adventures Vol 2' |
- * | |
- * | Password: [_________________] |
- * | |
- * [ [x] Remember this decision for the rest of the session |
- * | |
- * | [Cancel] [Authenticate] |
- * +------------------------------------------------------------+
- * </programlisting>
- *
- * Finally, if the @grant_type value passed is
- * e.g. #POLKIT_RESULT_ONLY_VIA_SELF_AUTH, there are no options to
- * click.:
- *
- * <programlisting>
- * +------------------------------------------------------------+
- * | You need to authenticate to access the volume 'Frobnicator |
- * | Adventures Vol 2' |
- * | |
- * | Password: [_________________] |
- * | |
- * | [Cancel] [Authenticate] |
- * +------------------------------------------------------------+
- * </programlisting>
- *
- * Of course, these examples also applies to
- * #POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH and friends.
- *
- * Returns: the desired type of what privilege to obtain; note that it
- * won't work asking for more privileges than what @grant_type
- * specifies; the passed value is properly checked in the secure
- * setgid granting helper mentioned in
- * polkit_grant_initiate_auth().
- **/
-typedef PolKitResult (*PolKitGrantOverrideGrantType) (PolKitGrant *polkit_grant,
- PolKitResult grant_type,
- void *user_data);
-
-/**
- * PolKitGrantDone:
- * @polkit_grant: the grant object
- * @gained_privilege: whether the privilege was obtained
- * @invalid_data: whether the input data was bogus (not including bad passwords)
- * @user_data: user data pointed as passed into polkit_grant_set_functions()
- *
- * This function is called when the granting process ends; either if
- * successful or if it was canceled using
- * e.g. polkit_grant_cancel_auth().
- **/
-typedef void (*PolKitGrantDone) (PolKitGrant *polkit_grant,
- polkit_bool_t gained_privilege,
- polkit_bool_t invalid_data,
- void *user_data);
-
-/**
- * PolKitGrantAddChildWatch:
- * @polkit_grant: the grant object
- * @pid: the child pid to watch
- *
- * Type for function supplied by the application to integrate a watch
- * on a child process into the applications main loop. The
- * application must call polkit_grant_child_func() when the
- * child dies
- *
- * For glib mainloop, the function will typically look like this:
- *
- * <programlisting>
- * static void
- * child_watch_func (GPid pid,
- * gint status,
- * gpointer user_data)
- * {
- * PolKitGrant *polkit_grant = user_data;
- * polkit_grant_child_func (polkit_grant, pid, WEXITSTATUS (status));
- * }
- *
- * static int
- * add_child_watch (PolKitGrant *polkit_grant, pid_t pid)
- * {
- * return g_child_watch_add (pid, child_watch_func, polkit_grant);
- * }
- * </programlisting>
- *
- * Returns: 0 if the watch couldn't be set up; otherwise an unique
- * identifier for the watch.
- **/
-typedef int (*PolKitGrantAddChildWatch) (PolKitGrant *polkit_grant,
- pid_t pid);
-
-/**
- * PolKitGrantAddIOWatch:
- * @polkit_grant: the grant object
- * @fd: the file descriptor to watch
- *
- * Type for function supplied by the application to integrate a watch
- * on a file descriptor into the applications main loop. The
- * application must call polkit_grant_io_func() when there is data
- * to read from the file descriptor.
- *
- * For glib mainloop, the function will typically look like this:
- *
- * <programlisting>
- * static gboolean
- * io_watch_have_data (GIOChannel *channel, GIOCondition condition, gpointer user_data)
- * {
- * int fd;
- * PolKitGrant *polkit_grant = user_data;
- * fd = g_io_channel_unix_get_fd (channel);
- * polkit_grant_io_func (polkit_grant, fd);
- * return TRUE;
- * }
- *
- * static int
- * add_io_watch (PolKitGrant *polkit_grant, int fd)
- * {
- * guint id = 0;
- * GIOChannel *channel;
- * channel = g_io_channel_unix_new (fd);
- * if (channel == NULL)
- * goto out;
- * id = g_io_add_watch (channel, G_IO_IN, io_watch_have_data, polkit_grant);
- * if (id == 0) {
- * g_io_channel_unref (channel);
- * goto out;
- * }
- * g_io_channel_unref (channel);
- * out:
- * return id;
- * }
- * </programlisting>
- *
- * Returns: 0 if the watch couldn't be set up; otherwise an unique
- * identifier for the watch.
- **/
-typedef int (*PolKitGrantAddIOWatch) (PolKitGrant *polkit_grant,
- int fd);
-
-/**
- * PolKitGrantRemoveWatch:
- * @polkit_grant: the grant object
- * @watch_id: the id obtained from using the supplied function
- * of type #PolKitGrantAddIOWatch or #PolKitGrantAddChildWatch.
- *
- * Type for function supplied by the application to remove a watch set
- * up via the supplied function of type #PolKitGrantAddIOWatch or type
- * #PolKitGrantAddChildWatch.
- *
- * For glib mainloop, the function will typically look like this:
- *
- * <programlisting>
- * static void
- * remove_watch (PolKitGrant *polkit_auth, int watch_id)
- * {
- * g_source_remove (watch_id);
- * }
- * </programlisting>
- *
- **/
-typedef void (*PolKitGrantRemoveWatch) (PolKitGrant *polkit_grant,
- int watch_id);
-
-PolKitGrant *polkit_grant_new (void);
-PolKitGrant *polkit_grant_ref (PolKitGrant *polkit_grant);
-void polkit_grant_unref (PolKitGrant *polkit_grant);
-void polkit_grant_set_functions (PolKitGrant *polkit_grant,
- PolKitGrantAddIOWatch func_add_io_watch,
- PolKitGrantAddChildWatch func_add_child_watch,
- PolKitGrantRemoveWatch func_remove_watch,
- PolKitGrantType func_type,
- PolKitGrantSelectAdminUser func_select_admin_user,
- PolKitGrantConversationPromptEchoOff func_prompt_echo_off,
- PolKitGrantConversationPromptEchoOn func_prompt_echo_on,
- PolKitGrantConversationErrorMessage func_error_message,
- PolKitGrantConversationTextInfo func_text_info,
- PolKitGrantOverrideGrantType func_override_grant_type,
- PolKitGrantDone func_done,
- void *user_data);
-
-polkit_bool_t polkit_grant_initiate_auth (PolKitGrant *polkit_grant,
- PolKitAction *action,
- PolKitCaller *caller);
-
-void polkit_grant_cancel_auth (PolKitGrant *polkit_grant);
-
-void polkit_grant_io_func (PolKitGrant *polkit_grant, int fd);
-void polkit_grant_child_func (PolKitGrant *polkit_grant, pid_t pid, int exit_code);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_GRANT_H */
-
-
diff --git a/polkit-grant/polkit-revoke-helper.c b/polkit-grant/polkit-revoke-helper.c
deleted file mode 100644
index f588afc..0000000
--- a/polkit-grant/polkit-revoke-helper.c
+++ /dev/null
@@ -1,379 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-revoke-helper.c : setgid polkituser revoke helper for PolicyKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#define _GNU_SOURCE
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/time.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <security/pam_appl.h>
-#include <grp.h>
-#include <pwd.h>
-#include <syslog.h>
-#include <errno.h>
-#include <string.h>
-#include <utime.h>
-#include <fcntl.h>
-
-#include <polkit-dbus/polkit-dbus.h>
-
-static polkit_bool_t
-check_for_authorization (const char *action_id, pid_t caller_pid)
-{
- polkit_bool_t ret;
- DBusError error;
- DBusConnection *bus;
- PolKitCaller *caller;
- PolKitAction *action;
- PolKitContext *context;
- PolKitError *pk_error;
- PolKitResult pk_result;
-
- ret = FALSE;
-
- dbus_error_init (&error);
- bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
- if (bus == NULL) {
- fprintf (stderr, "polkit-revoke-helper: cannot connect to system bus: %s: %s\n",
- error.name, error.message);
- dbus_error_free (&error);
- goto out;
- }
-
- caller = polkit_caller_new_from_pid (bus, caller_pid, &error);
- if (caller == NULL) {
- fprintf (stderr, "polkit-revoke-helper: cannot get caller from pid: %s: %s\n",
- error.name, error.message);
- goto out;
- }
-
- action = polkit_action_new ();
- if (action == NULL) {
- fprintf (stderr, "polkit-revoke-helper: cannot allocate PolKitAction\n");
- goto out;
- }
- if (!polkit_action_set_action_id (action, action_id)) {
- fprintf (stderr, "polkit-revoke-helper: cannot set action_id\n");
- goto out;
- }
-
- context = polkit_context_new ();
- if (context == NULL) {
- fprintf (stderr, "polkit-revoke-helper: cannot allocate PolKitContext\n");
- goto out;
- }
-
- pk_error = NULL;
- if (!polkit_context_init (context, &pk_error)) {
- fprintf (stderr, "polkit-revoke-helper: cannot initialize polkit context: %s: %s\n",
- polkit_error_get_error_name (pk_error),
- polkit_error_get_error_message (pk_error));
- polkit_error_free (pk_error);
- goto out;
- }
-
- pk_result = polkit_context_is_caller_authorized (context, action, caller, FALSE, &pk_error);
- if (polkit_error_is_set (pk_error)) {
- fprintf (stderr, "polkit-revoke-helper: cannot determine if caller is authorized: %s: %s\n",
- polkit_error_get_error_name (pk_error),
- polkit_error_get_error_message (pk_error));
- polkit_error_free (pk_error);
- goto out;
- }
-
- if (pk_result != POLKIT_RESULT_YES) {
- goto out;
- }
-
- ret = TRUE;
-out:
-
- return ret;
-}
-
-
-static int
-_write_to_fd (int fd, const char *str, ssize_t str_len)
-{
- int ret;
- ssize_t written;
-
- ret = 0;
-
- written = 0;
- while (written < str_len) {
- ssize_t ret;
- ret = write (fd, str + written, str_len - written);
- if (ret < 0) {
- if (errno == EAGAIN || errno == EINTR) {
- continue;
- } else {
- goto out;
- }
- }
- written += ret;
- }
-
- ret = 1;
-
-out:
- return ret;
-}
-
-int
-main (int argc, char *argv[])
-{
- int ret;
- gid_t egid;
- struct group *group;
- uid_t invoking_uid;
- char *entry_to_remove;
- int n;
- int len;
- char *p;
- char *scope;
- uid_t uid_to_revoke;
- char *endp;
- FILE *f;
- int fd;
- char path[256];
- char path_tmp[256];
- char line[512];
- char *root;
- char *target_type;
- char *target_value;
- struct passwd *pw;
- polkit_bool_t is_one_shot;
-
- ret = 1;
-
- /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
- if (clearenv () != 0)
- goto out;
- /* set a minimal environment */
- setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
-
- openlog ("polkit-revoke-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
-
- /* check for correct invocation */
- if (argc != 4) {
- syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
- fprintf (stderr, "polkit-revoke-helper: wrong number of arguments. This incident has been logged.\n");
- goto out;
- }
-
- /* check we're running with a non-tty stdin */
- if (isatty (STDIN_FILENO) != 0) {
- syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
- fprintf (stderr, "polkit-revoke-helper: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
- goto out;
- }
-
- invoking_uid = getuid ();
-
- /* check that we are setgid polkituser */
- egid = getegid ();
- group = getgrgid (egid);
- if (group == NULL) {
- fprintf (stderr, "polkit-revoke-helper: cannot lookup group info for gid %d\n", egid);
- goto out;
- }
- if (strcmp (group->gr_name, POLKIT_GROUP) != 0) {
- fprintf (stderr, "polkit-revoke-helper: needs to be setgid " POLKIT_GROUP "\n");
- goto out;
- }
-
- entry_to_remove = argv[1];
- target_type = argv[2];
- target_value = argv[3];
-
- /*----------------------------------------------------------------------------------------------------*/
-
- /* paranoia: we have to validate the entry_to_remove argument
- * and determine if the process who invoked us is sufficiently
- * privileged.
- *
- * As we're setuid root we don't want to pull in libpolkit and
- * as we only need to parse the first two entries... we do it
- * right here
- */
- p = entry_to_remove;
- len = strlen (entry_to_remove);
- for (n = 0; n < len; n++) {
- if (p[n] == ':')
- goto found;
- }
- fprintf (stderr, "polkit-revoke-helper: entry_to_remove malformed\n");
- goto out;
-found:
- scope = strndup (entry_to_remove, n);
- if (scope == NULL) {
- fprintf (stderr, "polkit-revoke-helper: OOM\n");
- goto out;
- }
-
- if (strcmp (target_type, "uid") == 0) {
- uid_to_revoke = strtol (target_value, &endp, 10);
- if (*endp != '\0') {
- fprintf (stderr, "polkit-revoke-helper: cannot parse uid\n");
- goto out;
- }
- } else {
- fprintf (stderr, "polkit-revoke-helper: unknown target type\n");
- goto out;
- }
-
- /* OK, we're done parsing ... */
-
- is_one_shot = FALSE;
- if (strcmp (scope, "process") == 0) {
- root = PACKAGE_LOCALSTATE_DIR "/run/PolicyKit";
- } else if (strcmp (scope, "process-one-shot") == 0) {
- root = PACKAGE_LOCALSTATE_DIR "/run/PolicyKit";
- is_one_shot = TRUE;
- } else if (strcmp (scope, "session") == 0) {
- root = PACKAGE_LOCALSTATE_DIR "/run/PolicyKit";
- } else if (strcmp (scope, "always") == 0) {
- root = PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit";
- } else if (strcmp (scope, "grant") == 0) {
- root = PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit";
- } else {
- fprintf (stderr, "polkit-revoke-helper: unknown scope '%s'\n", scope);
- goto out;
- }
-
- if (invoking_uid != 0) {
- /* Check that the caller is privileged to do this... */
- if (invoking_uid != uid_to_revoke) {
-
- /* see if calling user has the
- *
- * org.freedesktop.policykit.revoke
- *
- * authorization
- */
- if (!check_for_authorization ("org.freedesktop.policykit.revoke", getppid ())) {
-
- /* if it's about revoking a one-shot authorization, it's sufficient to have
- * org.freedesktop.policykit.read - see polkit_context_is_caller_authorized()
- * for why...
- */
- if (is_one_shot) {
- if (!check_for_authorization ("org.freedesktop.policykit.read", getppid ())) {
- goto out;
- }
- } else {
- goto out;
- }
- }
- }
- }
-
- pw = getpwuid (uid_to_revoke);
- if (pw == NULL) {
- fprintf (stderr, "polkit-revoke-helper: cannot lookup user name for uid %d\n", uid_to_revoke);
- goto out;
- }
-
- if (snprintf (path, sizeof (path), "%s/user-%s.auths", root, pw->pw_name) >= (int) sizeof (path)) {
- fprintf (stderr, "polkit-revoke-helper: string was truncated (1)\n");
- goto out;
- }
- if (snprintf (path_tmp, sizeof (path_tmp), "%s/user-%s.auths.XXXXXX", root, pw->pw_name) >= (int) sizeof (path)) {
- fprintf (stderr, "polkit-revoke-helper: string was truncated (2)\n");
- goto out;
- }
-
- f = fopen (path, "r");
- if (f == NULL) {
- fprintf (stderr, "Cannot open file '%s': %m\n", path);
- goto out;
- }
-
- fd = mkstemp (path_tmp);
- if (fd < 0) {
- fprintf (stderr, "Cannot create file '%s': %m\n", path_tmp);
- goto out;
- }
- if (fchmod (fd, 0464) != 0) {
- fprintf (stderr, "Cannot change mode for '%s' to 0460: %m\n", path_tmp);
- close (fd);
- unlink (path_tmp);
- goto out;
- }
-
-
- /* read one line at a time */
- while (fgets (line, sizeof (line), f) != NULL) {
- size_t line_len;
-
- line_len = strlen (line);
- if (line_len > 1 && line[line_len - 1] == '\n') {
- if (strncmp (line, entry_to_remove, line_len - 1) == 0) {
- /* woho, found it */
- continue;
- }
- }
-
- /* otherwise, just write the line to the temporary file */
- if (!_write_to_fd (fd, line, line_len)) {
- fprintf (stderr, "Error write to file '%s': %m\n", path_tmp);
- close (fd);
- unlink (path_tmp);
- goto out;
- }
- }
-
- fclose (f);
- close (fd);
-
- if (rename (path_tmp, path) != 0) {
- fprintf (stderr, "Error renaming %s to %s: %m\n", path_tmp, path);
- unlink (path_tmp);
- goto out;
- }
-
- /* we're good now (if triggering a reload fails, so be it, we
- * still did what the caller asked...)
- */
- ret = 0;
-
- /* trigger a reload */
- if (utimes (PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload", NULL) != 0) {
- fprintf (stderr, "Error updating access+modification time on file '%s': %m\n",
- PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload");
- }
-
-out:
-
- return ret;
-}
-
diff --git a/polkit/.gitignore b/polkit/.gitignore
deleted file mode 100644
index 764d994..0000000
--- a/polkit/.gitignore
+++ /dev/null
@@ -1,9 +0,0 @@
-.deps
-.libs
-*.la
-*.lo
-*.o
-Makefile
-Makefile.in
-polkit-interface-manager-glue.h
-polkit-interface-session-glue.h
diff --git a/polkit/Makefile.am b/polkit/Makefile.am
deleted file mode 100644
index c15017f..0000000
--- a/polkit/Makefile.am
+++ /dev/null
@@ -1,149 +0,0 @@
-## Process this file with automake to produce Makefile.in
-
-INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
- -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
- -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
- -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
- -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
- -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \
- -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
- -DPACKAGE_LIB_DIR=\""$(libdir)"\" \
- -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
- -DPOLKIT_COMPILATION \
- -DTEST_DATA_DIR=\"$(top_srcdir)/test/\" \
- @GLIB_CFLAGS@
-
-lib_LTLIBRARIES=libpolkit.la
-
-libpolkitincludedir=$(includedir)/PolicyKit/polkit
-
-libpolkitinclude_HEADERS = \
- polkit.h \
- polkit-sysdeps.h \
- polkit-memory.h \
- polkit-hash.h \
- polkit-list.h \
- polkit-types.h \
- polkit-error.h \
- polkit-result.h \
- polkit-context.h \
- polkit-action.h \
- polkit-seat.h \
- polkit-session.h \
- polkit-caller.h \
- polkit-policy-file-entry.h \
- polkit-policy-file.h \
- polkit-policy-cache.h \
- polkit-policy-default.h \
- polkit-config.h \
- polkit-authorization.h \
- polkit-authorization-constraint.h \
- polkit-authorization-db.h
-
-libpolkit_la_SOURCES = \
- polkit.h \
- polkit-private.h \
- polkit-types.h \
- polkit-memory.h polkit-memory.c \
- polkit-hash.h polkit-hash.c \
- polkit-list.h polkit-list.c \
- polkit-sysdeps.h polkit-sysdeps.c \
- polkit-error.h polkit-error.c \
- polkit-result.h polkit-result.c \
- polkit-context.h polkit-context.c \
- polkit-action.h polkit-action.c \
- polkit-seat.h polkit-seat.c \
- polkit-session.h polkit-session.c \
- polkit-caller.h polkit-caller.c \
- polkit-policy-file-entry.h polkit-policy-file-entry.c \
- polkit-policy-file.h polkit-policy-file.c \
- polkit-policy-cache.h polkit-policy-cache.c \
- polkit-policy-default.h polkit-policy-default.c \
- polkit-debug.h polkit-debug.c \
- polkit-utils.h polkit-utils.c \
- polkit-config.h polkit-config.c \
- polkit-authorization.h polkit-authorization.c \
- polkit-authorization-constraint.h polkit-authorization-constraint.c \
- polkit-authorization-db.h
-
-if POLKIT_AUTHDB_DUMMY
-libpolkit_la_SOURCES += \
- polkit-authorization-db-dummy.c
-endif
-
-if POLKIT_AUTHDB_DEFAULT
-libpolkit_la_SOURCES += \
- polkit-authorization-db.c
-endif
-
-libpolkit_la_LIBADD = @GLIB_LIBS@ @EXPAT_LIBS@
-
-libpolkit_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
-
-## note that TESTS has special meaning (stuff to use in make check)
-## so if adding tests not to be run in make check, don't add them to
-## TESTS
-if POLKIT_BUILD_TESTS
-TESTS_ENVIRONMENT=
-TESTS=polkit-test
-
-if POLKIT_GCOV_ENABLED
-clean-gcov:
- rm -f *.gcov .libs/*.gcda
-
-.PHONY: coverage-report.txt
-coverage-report.txt :
- $(top_srcdir)/test/create-coverage-report.sh polkit $(filter %.c,$(libpolkit_la_SOURCES)) > coverage-report.txt
-
-check-coverage : clean-gcov all check coverage-report.txt
- cat coverage-report.txt
-else
-coverage-report.txt:
- @echo "Need to reconfigure with --enable-gcov"
-
-check-coverage:
- @echo "Need to reconfigure with --enable-gcov"
-endif
-
-else
-TESTS=
-endif
-
-## we use noinst_PROGRAMS not check_PROGRAMS so that we build
-## even when not doing "make check"
-noinst_PROGRAMS=$(TESTS)
-
-polkit_test_SOURCES= \
- polkit-test.h polkit-test.c
-
-polkit_test_LDADD=$(top_builddir)/polkit/libpolkit.la
-polkit_test_LDFLAGS=
-#@R_DYNAMIC_LDFLAG@
-
-
-clean-local :
- rm -f *~ $(BUILT_SOURCES) *.bb *.bbg *.da *.gcov .libs/*.da .libs/*.bbg
-
-if POLKIT_AUTHDB_DEFAULT
-# The directories /var/lib/PolicyKit and /var/run/PolicyKit is where
-# authorizations are stored. They must not be world readable (the
-# polkit-auth-read-helper is used to read it) and the $POLKIT_GROUP
-# group needs to be able to write files there.
-#
-# The /var/lib/misc/PolicyKit.reload file is used for triggering that
-# authorizations have changed; it needs to be world readable and
-# writeable for the $POLKIT_GROUP group (FHS 2.3 suggests that
-# location)
-#
-install-data-local:
- -touch $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload
- -chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload
- -chmod 775 $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload
- -mkdir -p $(DESTDIR)$(localstatedir)/lib/PolicyKit
- -mkdir -p $(DESTDIR)$(localstatedir)/run/PolicyKit
- -chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/PolicyKit
- -chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/run/PolicyKit
- -chmod 770 $(DESTDIR)$(localstatedir)/lib/PolicyKit
- -chmod 770 $(DESTDIR)$(localstatedir)/run/PolicyKit
-endif
diff --git a/polkit/polkit-action.c b/polkit/polkit-action.c
deleted file mode 100644
index ac7fea6..0000000
--- a/polkit/polkit-action.c
+++ /dev/null
@@ -1,304 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-action.c : action
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "polkit-debug.h"
-#include "polkit-action.h"
-#include "polkit-utils.h"
-#include "polkit-utils.h"
-#include "polkit-memory.h"
-#include "polkit-test.h"
-
-/**
- * SECTION:polkit-action
- * @title: Actions
- * @short_description: Models what a caller is attempting to do.
- *
- * This class is used to represent a PolicyKit action.
- **/
-
-/**
- * PolKitAction:
- *
- * Objects of this class are used to record information about an action.
- **/
-struct _PolKitAction
-{
- int refcount;
- char *id;
-};
-
-/**
- * polkit_action_new:
- *
- * Create a new #PolKitAction object.
- *
- * Returns: the new object
- **/
-PolKitAction *
-polkit_action_new (void)
-{
- PolKitAction *action;
- action = p_new0 (PolKitAction, 1);
- if (action == NULL)
- goto out;
- action->refcount = 1;
-out:
- return action;
-}
-
-/**
- * polkit_action_ref:
- * @action: the action object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitAction *
-polkit_action_ref (PolKitAction *action)
-{
- g_return_val_if_fail (action != NULL, action);
- action->refcount++;
- return action;
-}
-
-/**
- * polkit_action_unref:
- * @action: the action object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-polkit_action_unref (PolKitAction *action)
-{
- g_return_if_fail (action != NULL);
- action->refcount--;
- if (action->refcount > 0)
- return;
- p_free (action->id);
- p_free (action);
-}
-
-/**
- * polkit_action_set_action_id:
- * @action: the action object
- * @action_id: action identifier
- *
- * Set the action identifier
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-polkit_action_set_action_id (PolKitAction *action, const char *action_id)
-{
- g_return_val_if_fail (action != NULL, FALSE);
- g_return_val_if_fail (polkit_action_validate_id (action_id), FALSE);
- if (action->id != NULL)
- p_free (action->id);
- action->id = p_strdup (action_id);
- if (action->id == NULL)
- return FALSE;
-
- return TRUE;
-}
-
-/**
- * polkit_action_get_action_id:
- * @action: the action object
- * @out_action_id: Returns the action identifier. The caller shall not free this string.
- *
- * Get the action identifier.
- *
- * Returns: TRUE iff the value was returned.
- **/
-polkit_bool_t
-polkit_action_get_action_id (PolKitAction *action, char **out_action_id)
-{
- g_return_val_if_fail (action != NULL, FALSE);
- g_return_val_if_fail (out_action_id != NULL, FALSE);
- if (action->id == NULL)
- return FALSE;
- *out_action_id = action->id;
- return TRUE;
-}
-
-/**
- * polkit_action_debug:
- * @action: the object
- *
- * Print debug details
- **/
-void
-polkit_action_debug (PolKitAction *action)
-{
- g_return_if_fail (action != NULL);
- _pk_debug ("PolKitAction: refcount=%d id=%s", action->refcount, action->id);
-}
-
-/**
- * polkit_action_validate_id:
- * @action_id: the action identifier to validate
- *
- * Validate whether an action identifier is well formed. To be well
- * formed, an action identifier needs to start with a lower case ASCII
- * character and can only contain the characters "[a-z][0-9].-". It
- * must be less than or equal 256 bytes in length including the
- * terminating NUL character.
- *
- * Returns: #TRUE iff the action identifier is well formed
- **/
-polkit_bool_t
-polkit_action_validate_id (const char *action_id)
-{
- int n;
-
- g_return_val_if_fail (action_id != NULL, FALSE);
-
- /* validate that the form of the action identifier is correct */
- if (!g_ascii_islower (action_id[0]))
- goto malformed;
-
- for (n = 1; action_id[n] != '\0'; n++) {
- if (n >= 255)
- goto malformed;
-
- if (! (g_ascii_islower (action_id[n]) ||
- g_ascii_isdigit (action_id[n]) ||
- action_id[n] == '.' ||
- action_id[n] == '-'))
- goto malformed;
- }
-
- return TRUE;
-
-malformed:
- return FALSE;
-}
-
-/**
- * polkit_action_validate:
- * @action: the object
- *
- * Validate the object
- *
- * Returns: #TRUE iff the object is valid.
- **/
-polkit_bool_t
-polkit_action_validate (PolKitAction *action)
-{
- g_return_val_if_fail (action != NULL, FALSE);
- g_return_val_if_fail (action->id != NULL, FALSE);
-
- return polkit_action_validate_id (action->id);
-}
-
-
-
-#ifdef POLKIT_BUILD_TESTS
-
-static polkit_bool_t
-_run_test (void)
-{
- int n;
- char *valid_action_ids[] = {"org.example.action",
- "org.example.action-foo",
- "org.example.action-foo.42",
- "org.example.42-.foo",
- "t0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcd",
- NULL};
- char *invalid_action_ids[] = {"1org.example.action",
- ".org.example.action",
- "-org.example.action",
- "org.example.action_foo",
- "org.example.something.that.is.too.long.0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
- NULL};
-
- for (n = 0; valid_action_ids[n] != NULL; n++) {
- g_assert (polkit_action_validate_id (valid_action_ids[n]));
- }
-
- for (n = 0; invalid_action_ids[n] != NULL; n++) {
- g_assert (! polkit_action_validate_id (invalid_action_ids[n]));
- }
-
- PolKitAction *a;
- char *s;
- a = polkit_action_new ();
- if (a == NULL) {
- /* OOM */
- } else {
-
- g_assert (! polkit_action_get_action_id (a, &s));
-
- if (!polkit_action_set_action_id (a, "org.example.action")) {
- /* OOM */
- } else {
- g_assert (polkit_action_validate (a));
- polkit_action_ref (a);
- g_assert (polkit_action_validate (a));
- polkit_action_unref (a);
- g_assert (polkit_action_validate (a));
-
- if (!polkit_action_set_action_id (a, "org.example.action2")) {
- /* OOM */
- } else {
- g_assert (polkit_action_validate (a));
- g_assert (polkit_action_get_action_id (a, &s));
- g_assert (strcmp (s, "org.example.action2") == 0);
- polkit_action_debug (a);
- }
- }
-
- polkit_action_unref (a);
- }
-
-
- return TRUE;
-}
-
-PolKitTest _test_action = {
- "polkit_action",
- NULL,
- NULL,
- _run_test
-};
-
-#endif /* POLKIT_BUILD_TESTS */
diff --git a/polkit/polkit-action.h b/polkit/polkit-action.h
deleted file mode 100644
index d062124..0000000
--- a/polkit/polkit-action.h
+++ /dev/null
@@ -1,55 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-action.h : actions
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_ACTION_H
-#define POLKIT_ACTION_H
-
-#include <polkit/polkit-types.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitAction;
-typedef struct _PolKitAction PolKitAction;
-
-PolKitAction *polkit_action_new (void);
-PolKitAction *polkit_action_ref (PolKitAction *action);
-void polkit_action_unref (PolKitAction *action);
-polkit_bool_t polkit_action_set_action_id (PolKitAction *action, const char *action_id);
-polkit_bool_t polkit_action_get_action_id (PolKitAction *action, char **out_action_id);
-
-void polkit_action_debug (PolKitAction *action);
-polkit_bool_t polkit_action_validate (PolKitAction *action);
-
-polkit_bool_t polkit_action_validate_id (const char *action_id);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_ACTION_H */
-
-
diff --git a/polkit/polkit-authorization-constraint.c b/polkit/polkit-authorization-constraint.c
deleted file mode 100644
index 633ac48..0000000
--- a/polkit/polkit-authorization-constraint.c
+++ /dev/null
@@ -1,491 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-authorization-constraint.c : Conditions that must be
- * satisfied in order for an authorization to apply
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "polkit-debug.h"
-#include "polkit-authorization-constraint.h"
-#include "polkit-utils.h"
-#include "polkit-private.h"
-
-/**
- * SECTION:polkit-authorization-constraint
- * @title: Authorization Constraints
- * @short_description: Conditions that must be satisfied in
- * order for an authorization to apply
- *
- * This class is used to represent conditions that must be satisfied
- * in order for an authorization to apply
- *
- * Since: 0.7
- **/
-
-/**
- * PolKitAuthorizationConstraint:
- *
- * Instances of this class are used to represent conditions that must
- * be satisfied in order for an authorization to apply.
- *
- * Since: 0.7
- **/
-struct _PolKitAuthorizationConstraint
-{
- int refcount;
- PolKitAuthorizationConstraintFlags flags;
-};
-
-static PolKitAuthorizationConstraint _null_constraint = {-1, 0};
-
-static PolKitAuthorizationConstraint _local_constraint = {-1,
- POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL};
-
-static PolKitAuthorizationConstraint _active_constraint = {-1,
- POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_ACTIVE};
-
-static PolKitAuthorizationConstraint _local_active_constraint = {-1,
- POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL |
- POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_ACTIVE};
-
-PolKitAuthorizationConstraint *
-_polkit_authorization_constraint_new (const char *entry_in_auth_file)
-{
- PolKitAuthorizationConstraint *authc;
- authc = g_new0 (PolKitAuthorizationConstraint, 1);
- authc->refcount = 0;
- return authc;
-}
-
-/**
- * polkit_authorization_constraint_ref:
- * @authc: the object
- *
- * Increase reference count.
- *
- * Returns: the object
- *
- * Since: 0.7
- **/
-PolKitAuthorizationConstraint *
-polkit_authorization_constraint_ref (PolKitAuthorizationConstraint *authc)
-{
- g_return_val_if_fail (authc != NULL, authc);
- if (authc->refcount == -1)
- return authc;
- authc->refcount++;
- return authc;
-}
-
-/**
- * polkit_authorization_constraint_unref:
- * @authc: the authorization_constraint object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- *
- * Since: 0.7
- **/
-void
-polkit_authorization_constraint_unref (PolKitAuthorizationConstraint *authc)
-{
- g_return_if_fail (authc != NULL);
- if (authc->refcount == -1)
- return;
- authc->refcount--;
- if (authc->refcount > 0)
- return;
-
- g_free (authc);
-}
-
-/**
- * polkit_authorization_constraint_debug:
- * @authc: the object
- *
- * Print debug details
- *
- * Since: 0.7
- **/
-void
-polkit_authorization_constraint_debug (PolKitAuthorizationConstraint *authc)
-{
- g_return_if_fail (authc != NULL);
- _pk_debug ("PolKitAuthorizationConstraint: refcount=%d", authc->refcount);
-}
-
-/**
- * polkit_authorization_constraint_validate:
- * @authc: the object
- *
- * Validate the object
- *
- * Returns: #TRUE iff the object is valid.
- *
- * Since: 0.7
- **/
-polkit_bool_t
-polkit_authorization_constraint_validate (PolKitAuthorizationConstraint *authc)
-{
- g_return_val_if_fail (authc != NULL, FALSE);
-
- return TRUE;
-}
-
-/**
- * polkit_authorization_constraint_check_session:
- * @authc: the object
- * @session: the session
- *
- * Determine if the given session satisfies the conditions imposed by
- * the given constraint
- *
- * Returns: #TRUE if, and only if, the given session satisfies the
- * conditions imposed by the given constraint.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_constraint_check_session (PolKitAuthorizationConstraint *authc,
- PolKitSession *session)
-{
- polkit_bool_t ret;
- polkit_bool_t is_active;
- polkit_bool_t is_local;
-
- g_return_val_if_fail (authc != NULL, FALSE);
- g_return_val_if_fail (session != NULL, FALSE);
-
- ret = FALSE;
-
- if (!polkit_session_get_ck_is_local (session, &is_local))
- is_local = FALSE;
-
- if (!polkit_session_get_ck_is_active (session, &is_active))
- is_active = FALSE;
-
- if (authc->flags & POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL) {
- if (!is_local)
- goto out;
- }
-
- if (authc->flags & POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_ACTIVE) {
- if (!is_active)
- goto out;
- }
-
- ret = TRUE;
-out:
- return ret;
-}
-
-/**
- * polkit_authorization_constraint_check_caller:
- * @authc: the object
- * @caller: the caller
- *
- * Determine if the given caller satisfies the conditions imposed by
- * the given constraint
- *
- * Returns: #TRUE if, and only if, the given caller satisfies the
- * conditions imposed by the given constraint.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_constraint_check_caller (PolKitAuthorizationConstraint *authc,
- PolKitCaller *caller)
-{
- polkit_bool_t ret;
- PolKitSession *session;
-
- g_return_val_if_fail (authc != NULL, FALSE);
- g_return_val_if_fail (caller != NULL, FALSE);
-
- ret = FALSE;
-
- /* caller may not be in a session */
- if (polkit_caller_get_ck_session (caller, &session) && session != NULL) {
- ret = polkit_authorization_constraint_check_session (authc, session);
- } else {
- if (authc->flags == 0) {
- ret = TRUE;
- }
- }
-
- return ret;
-}
-
-/**
- * polkit_authorization_constraint_get_flags:
- * @authc: the object
- *
- * Describe the constraint; this is only useful when inspecting an
- * authorization to present information to the user (e.g. as
- * polkit-auth(1) does).
- *
- * Note that the flags returned may not fully describe the constraint
- * and shouldn't be used to perform checking against #PolKitCaller or
- * #PolKitSession objects. Use the
- * polkit_authorization_constraint_check_caller() and
- * polkit_authorization_constraint_check_session() methods for that
- * instead.
- *
- * Returns: flags from #PolKitAuthorizationConstraintFlags
- *
- * Since: 0.7
- */
-PolKitAuthorizationConstraintFlags
-polkit_authorization_constraint_get_flags (PolKitAuthorizationConstraint *authc)
-{
- g_return_val_if_fail (authc != NULL, FALSE);
- return authc->flags;
-}
-
-/**
- * polkit_authorization_constraint_get_null:
- *
- * Get a #PolKitAuthorizationConstraint object that represents no constraints.
- *
- * Returns: the constraint; the caller shall not unref this object
- *
- * Since: 0.7
- */
-PolKitAuthorizationConstraint *
-polkit_authorization_constraint_get_null (void)
-{
- return &_null_constraint;
-}
-
-/**
- * polkit_authorization_constraint_get_require_local:
- *
- * Get a #PolKitAuthorizationConstraint object that represents the
- * constraint that the session or caller must be local.
- *
- * Returns: the constraint; the caller shall not unref this object
- *
- * Since: 0.7
- */
-PolKitAuthorizationConstraint *
-polkit_authorization_constraint_get_require_local (void)
-{
- return &_local_constraint;
-}
-
-/**
- * polkit_authorization_constraint_get_require_active:
- *
- * Get a #PolKitAuthorizationConstraint object that represents the
- * constraint that the session or caller must be active.
- *
- * Returns: the constraint; the caller shall not unref this object
- *
- * Since: 0.7
- */
-PolKitAuthorizationConstraint *
-polkit_authorization_constraint_get_require_active (void)
-{
- return &_active_constraint;
-}
-
-/**
- * polkit_authorization_constraint_get_require_local_active:
- *
- * Get a #PolKitAuthorizationConstraint object that represents the
- * constraint that the session or caller must be local and in an
- * active session.
- *
- * Returns: the constraint; the caller shall not unref this object
- *
- * Since: 0.7
- */
-PolKitAuthorizationConstraint *
-polkit_authorization_constraint_get_require_local_active (void)
-{
- return &_local_active_constraint;
-}
-
-/**
- * polkit_authorization_constraint_to_string:
- * @authc: the object
- * @out_buf: buffer to store the string representation in
- * @buf_size: size of buffer
- *
- * Get a textual representation of the constraint; this is only useful
- * for serializing; it's a machine, not human, readable string.
- *
- * Returns: Number of characters written (not including trailing
- * '\0'). If the output was truncated due to the buffer being too
- * small, buf_size will be returned. Thus, a return value of buf_size
- * or more indicates that the output was truncated (see snprintf(3))
- * or an error occured.
- *
- * Since: 0.7
- */
-size_t
-polkit_authorization_constraint_to_string (PolKitAuthorizationConstraint *authc, char *out_buf, size_t buf_size)
-{
- g_return_val_if_fail (authc != NULL, buf_size);
-
- switch (authc->flags) {
- case 0:
- return snprintf (out_buf, buf_size, "none");
-
- case POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL:
- return snprintf (out_buf, buf_size, "local");
-
- case POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_ACTIVE:
- return snprintf (out_buf, buf_size, "active");
-
- case POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL|POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_ACTIVE:
- return snprintf (out_buf, buf_size, "local+active");
-
- default:
- return buf_size;
- }
-}
-
-/**
- * polkit_authorization_constraint_from_string:
- * @str: textual representation of constraint
- *
- * Construct a constraint from a textual representation as returned by
- * polkit_authorization_constraint_to_string().
- *
- * Returns: the constraint or #NULL if the string coulnd't be parsed.
- */
-PolKitAuthorizationConstraint *
-polkit_authorization_constraint_from_string (const char *str)
-{
- PolKitAuthorizationConstraint *ret;
-
- g_return_val_if_fail (str != NULL, NULL);
-
- ret = NULL;
-
- if (strcmp (str, "none") == 0) {
- ret = polkit_authorization_constraint_get_null ();
- goto out;
- } else if (strcmp (str, "local") == 0) {
- ret = polkit_authorization_constraint_get_require_local ();
- goto out;
- } else if (strcmp (str, "active") == 0) {
- ret = polkit_authorization_constraint_get_require_active ();
- goto out;
- } else if (strcmp (str, "local+active") == 0) {
- ret = polkit_authorization_constraint_get_require_local_active ();
- goto out;
- }
-
-out:
- return ret;
-}
-
-/**
- * polkit_authorization_constraint_get_from_caller:
- * @caller: caller
- *
- * Given a caller, return the most restrictive constraint
- * possible. For example, if the caller is local and active, a
- * constraint requiring this will be returned.
- *
- * This function is typically used when the caller obtains an
- * authorization through authentication; the goal is to put a
- * constraints on the authorization such that it's only valid when the
- * caller is in the context as where she obtained it.
- *
- * Returns: a #PolKitConstraint object; this function will never return #NULL.
- */
-PolKitAuthorizationConstraint *
-polkit_authorization_constraint_get_from_caller (PolKitCaller *caller)
-{
- polkit_bool_t is_local;
- polkit_bool_t is_active;
- PolKitSession *session;
- PolKitAuthorizationConstraint *ret;
-
- /* caller is not in a session so use the null constraint */
- if (!polkit_caller_get_ck_session (caller, &session)) {
- ret = polkit_authorization_constraint_get_null ();
- goto out;
- }
-
- /* if we, for some reason, don't know if the user is local or active, prefer maximal constraint */
- if (!polkit_session_get_ck_is_local (session, &is_local))
- is_local = TRUE;
- if (!polkit_session_get_ck_is_active (session, &is_active))
- is_active = TRUE;
-
- if (is_local) {
- if (is_active) {
- ret = polkit_authorization_constraint_get_require_local_active ();
- } else {
- ret = polkit_authorization_constraint_get_require_local ();
- }
- } else {
- if (is_active) {
- ret = polkit_authorization_constraint_get_require_active ();
- } else {
- ret = polkit_authorization_constraint_get_null ();
- }
- }
-
-out:
- return ret;
-}
-
-
-/**
- * polkit_authorization_constraint_equal:
- * @a: first constraint
- * @b: first constraint
- *
- * Determines if two constraints are equal
- *
- * Returns: #TRUE only if the given constraints are equal
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_constraint_equal (PolKitAuthorizationConstraint *a, PolKitAuthorizationConstraint *b)
-{
- g_return_val_if_fail (a != NULL, FALSE);
- g_return_val_if_fail (b != NULL, FALSE);
-
- return a->flags == b->flags;
-}
diff --git a/polkit/polkit-authorization-constraint.h b/polkit/polkit-authorization-constraint.h
deleted file mode 100644
index 30c5219..0000000
--- a/polkit/polkit-authorization-constraint.h
+++ /dev/null
@@ -1,94 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-authorization-constraint.h : Conditions that must be
- * satisfied in order for an authorization to apply
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_AUTHORIZATION_CONSTRAINT_H
-#define POLKIT_AUTHORIZATION_CONSTRAINT_H
-
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-action.h>
-#include <polkit/polkit-result.h>
-#include <polkit/polkit-session.h>
-#include <polkit/polkit-caller.h>
-
-POLKIT_BEGIN_DECLS
-
-/**
- * PolKitAuthorizationConstraintFlags:
- * @POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL: the session or
- * caller must be local
- * @POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_ACTIVE: the session or
- * caller must be in an active session
- * @POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL_ACTIVE: short
- * hand for the flags POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL
- * and POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_ACTIVE.
- *
- * This enumeration describes different conditions, not mutually
- * exclusive, to help describe an authorization constraint.
- */
-typedef enum {
- POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL = 1 << 0,
- POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_ACTIVE = 1 << 1,
- POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL_ACTIVE = (1 << 0) | (1 << 1)
-} PolKitAuthorizationConstraintFlags;
-
-struct _PolKitAuthorizationConstraint;
-typedef struct _PolKitAuthorizationConstraint PolKitAuthorizationConstraint;
-
-PolKitAuthorizationConstraint *polkit_authorization_constraint_get_null (void);
-PolKitAuthorizationConstraint *polkit_authorization_constraint_get_require_local (void);
-PolKitAuthorizationConstraint *polkit_authorization_constraint_get_require_active (void);
-PolKitAuthorizationConstraint *polkit_authorization_constraint_get_require_local_active (void);
-
-PolKitAuthorizationConstraint *polkit_authorization_constraint_ref (PolKitAuthorizationConstraint *authc);
-void polkit_authorization_constraint_unref (PolKitAuthorizationConstraint *authc);
-void polkit_authorization_constraint_debug (PolKitAuthorizationConstraint *authc);
-polkit_bool_t polkit_authorization_constraint_validate (PolKitAuthorizationConstraint *authc);
-
-PolKitAuthorizationConstraintFlags polkit_authorization_constraint_get_flags (PolKitAuthorizationConstraint *authc);
-
-polkit_bool_t polkit_authorization_constraint_check_session (PolKitAuthorizationConstraint *authc,
- PolKitSession *session);
-
-polkit_bool_t polkit_authorization_constraint_check_caller (PolKitAuthorizationConstraint *authc,
- PolKitCaller *caller);
-
-size_t polkit_authorization_constraint_to_string (PolKitAuthorizationConstraint *authc, char *out_buf, size_t buf_size);
-PolKitAuthorizationConstraint *polkit_authorization_constraint_from_string (const char *str);
-
-PolKitAuthorizationConstraint *polkit_authorization_constraint_get_from_caller (PolKitCaller *caller);
-
-polkit_bool_t polkit_authorization_constraint_equal (PolKitAuthorizationConstraint *a,
- PolKitAuthorizationConstraint *b);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_AUTHORIZATION_CONSTRAINT_H */
-
-
diff --git a/polkit/polkit-authorization-db-dummy.c b/polkit/polkit-authorization-db-dummy.c
deleted file mode 100644
index 64eecb0..0000000
--- a/polkit/polkit-authorization-db-dummy.c
+++ /dev/null
@@ -1,191 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-authorization-db.c : Dummy authorization database
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/wait.h>
-#include <errno.h>
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <pwd.h>
-
-#include <glib.h>
-
-#include "polkit-debug.h"
-#include "polkit-authorization-db.h"
-#include "polkit-utils.h"
-#include "polkit-private.h"
-
-/* PolKitAuthorizationDB structure is defined in polkit/polkit-private.h */
-
-PolKitAuthorizationDBCapability
-polkit_authorization_db_get_capabilities (void)
-{
- return 0;
-}
-
-PolKitAuthorizationDB *
-_polkit_authorization_db_new (void)
-{
- PolKitAuthorizationDB *authdb;
-
- authdb = g_new0 (PolKitAuthorizationDB, 1);
- authdb->refcount = 1;
-
- return authdb;
-}
-
-void
-_polkit_authorization_db_pfe_foreach (PolKitPolicyCache *policy_cache,
- PolKitPolicyCacheForeachFunc callback,
- void *user_data)
-{
-}
-
-PolKitPolicyFileEntry*
-_polkit_authorization_db_pfe_get_by_id (PolKitPolicyCache *policy_cache,
- const char *action_id)
-{
- return NULL;
-}
-
-PolKitAuthorizationDB *
-polkit_authorization_db_ref (PolKitAuthorizationDB *authdb)
-{
- g_return_val_if_fail (authdb != NULL, authdb);
- authdb->refcount++;
- return authdb;
-}
-
-void
-polkit_authorization_db_unref (PolKitAuthorizationDB *authdb)
-{
- g_return_if_fail (authdb != NULL);
- authdb->refcount--;
- if (authdb->refcount > 0)
- return;
- g_free (authdb);
-}
-
-void
-polkit_authorization_db_debug (PolKitAuthorizationDB *authdb)
-{
- g_return_if_fail (authdb != NULL);
- _pk_debug ("PolKitAuthorizationDB: refcount=%d", authdb->refcount);
-}
-
-polkit_bool_t
-polkit_authorization_db_validate (PolKitAuthorizationDB *authdb)
-{
- g_return_val_if_fail (authdb != NULL, FALSE);
-
- return TRUE;
-}
-
-void
-_polkit_authorization_db_invalidate_cache (PolKitAuthorizationDB *authdb)
-{
-}
-
-polkit_bool_t
-polkit_authorization_db_is_session_authorized (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitSession *session,
- polkit_bool_t *out_is_authorized)
-{
- *out_is_authorized = FALSE;
- return TRUE;
-}
-
-polkit_bool_t
-polkit_authorization_db_is_caller_authorized (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- polkit_bool_t revoke_if_one_shot,
- polkit_bool_t *out_is_authorized)
-{
- *out_is_authorized = FALSE;
- return TRUE;
-}
-
-
-polkit_bool_t
-polkit_authorization_db_foreach (PolKitAuthorizationDB *authdb,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error)
-{
- return FALSE;
-}
-
-polkit_bool_t
-polkit_authorization_db_foreach_for_uid (PolKitAuthorizationDB *authdb,
- uid_t uid,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error)
-{
- return FALSE;
-}
-
-polkit_bool_t
-polkit_authorization_db_foreach_for_action (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error)
-{
- return FALSE;
-}
-
-polkit_bool_t
-polkit_authorization_db_foreach_for_action_for_uid (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- uid_t uid,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error)
-{
- return FALSE;
-}
-
-polkit_bool_t
-polkit_authorization_db_revoke_entry (PolKitAuthorizationDB *authdb,
- PolKitAuthorization *auth,
- PolKitError **error)
-{
- polkit_error_set_error (error, POLKIT_ERROR_NOT_SUPPORTED, "Not supported");
- return FALSE;
-}
-
-
diff --git a/polkit/polkit-authorization-db.c b/polkit/polkit-authorization-db.c
deleted file mode 100644
index edccfc6..0000000
--- a/polkit/polkit-authorization-db.c
+++ /dev/null
@@ -1,848 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-authorization-db.c : Represents the authorization database
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/wait.h>
-#include <errno.h>
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <pwd.h>
-
-#include <glib.h>
-
-#include "polkit-debug.h"
-#include "polkit-authorization-db.h"
-#include "polkit-utils.h"
-#include "polkit-private.h"
-
-/**
- * SECTION:polkit-authorization-db
- * @title: Authorization Database
- * @short_description: Reading from and writing to the database storing authorizations
- *
- * This class presents an abstraction of the authorization database as
- * well as methods for reading and writing to it.
- *
- * The reading parts are in <literal>libpolkit</literal> and the
- * writing parts are in <literal>libpolkit-grant</literal>.
- *
- * Since: 0.7
- **/
-
-/**
- * PolKitAuthorizationDB:
- *
- * Objects of this class are used to represent the authorization
- * database.
- *
- * Since: 0.7
- **/
-struct _PolKitAuthorizationDB;
-
-/* PolKitAuthorizationDB structure is defined in polkit/polkit-private.h */
-
-static void
-_free_authlist (GSList *authlist)
-{
- if (authlist != NULL) {
- g_slist_foreach (authlist, (GFunc) polkit_authorization_unref, NULL);
- g_slist_free (authlist);
- }
-}
-
-
-/**
- * polkit_authorization_db_get_capabilities:
- *
- * Determine what capabilities the authorization backend has.
- *
- * Returns: Flags from the #PolKitAuthorizationDBCapability enumeration
- *
- * Since: 0.7
- */
-PolKitAuthorizationDBCapability
-polkit_authorization_db_get_capabilities (void)
-{
- return POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN;
-}
-
-/**
- * _polkit_authorization_db_new:
- *
- * Create a new #PolKitAuthorizationDB object.
- *
- * Returns: the new object
- *
- * Since: 0.7
- **/
-PolKitAuthorizationDB *
-_polkit_authorization_db_new (void)
-{
- PolKitAuthorizationDB *authdb;
-
- authdb = g_new0 (PolKitAuthorizationDB, 1);
- authdb->refcount = 1;
-
- /* set up the hashtable */
- _polkit_authorization_db_invalidate_cache (authdb);
- return authdb;
-}
-
-void
-_polkit_authorization_db_pfe_foreach (PolKitPolicyCache *policy_cache,
- PolKitPolicyCacheForeachFunc callback,
- void *user_data)
-{
-}
-
-PolKitPolicyFileEntry*
-_polkit_authorization_db_pfe_get_by_id (PolKitPolicyCache *policy_cache,
- const char *action_id)
-{
- return NULL;
-}
-
-
-/**
- * polkit_authorization_db_ref:
- * @authdb: the object
- *
- * Increase reference count.
- *
- * Returns: the object
- *
- * Since: 0.7
- **/
-PolKitAuthorizationDB *
-polkit_authorization_db_ref (PolKitAuthorizationDB *authdb)
-{
- g_return_val_if_fail (authdb != NULL, authdb);
- authdb->refcount++;
- return authdb;
-}
-
-/**
- * polkit_authorization_db_unref:
- * @authdb: the object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- *
- * Since: 0.7
- **/
-void
-polkit_authorization_db_unref (PolKitAuthorizationDB *authdb)
-{
- g_return_if_fail (authdb != NULL);
- authdb->refcount--;
- if (authdb->refcount > 0)
- return;
- g_hash_table_destroy (authdb->uid_to_authlist);
- g_free (authdb);
-}
-
-/**
- * polkit_authorization_db_debug:
- * @authdb: the object
- *
- * Print debug details
- *
- * Since: 0.7
- **/
-void
-polkit_authorization_db_debug (PolKitAuthorizationDB *authdb)
-{
- g_return_if_fail (authdb != NULL);
- _pk_debug ("PolKitAuthorizationDB: refcount=%d", authdb->refcount);
-}
-
-/**
- * polkit_authorization_db_validate:
- * @authdb: the object
- *
- * Validate the object
- *
- * Returns: #TRUE iff the object is valid.
- *
- * Since: 0.7
- **/
-polkit_bool_t
-polkit_authorization_db_validate (PolKitAuthorizationDB *authdb)
-{
- g_return_val_if_fail (authdb != NULL, FALSE);
-
- return TRUE;
-}
-
-/**
- * _polkit_authorization_db_invalidate_cache:
- * @authdb: authorization database
- *
- * Tell the authorization database to invalidate any caches it might
- * employ. This is called by #PolKitContext whenever configuration or
- * anything else changes.
- *
- * Since: 0.7
- */
-void
-_polkit_authorization_db_invalidate_cache (PolKitAuthorizationDB *authdb)
-{
- /* out with the old, in the with new */
- if (authdb->uid_to_authlist != NULL) {
- g_hash_table_destroy (authdb->uid_to_authlist);
- }
- authdb->uid_to_authlist = g_hash_table_new_full (g_direct_hash,
- g_direct_equal,
- NULL,
- (GDestroyNotify) _free_authlist);
-}
-
-/**
- * _authdb_get_auths_for_uid:
- * @authdb: authorization database
- * @uid: uid to get authorizations for. If -1 is passed authorizations
- * for all users will be returned.
- * @error: return location for error
- *
- * Internal function to get authorizations for a uid.
- *
- * Returns: A singly-linked list of #PolKitAuthorization
- * objects. Caller shall not free this list. Returns #NULL if either
- * calling process is not sufficiently privileged (error will be set)
- * or if there are no authorizations for the given uid.
- *
- * Since: 0.7
- */
-static GSList *
-_authdb_get_auths_for_uid (PolKitAuthorizationDB *authdb,
- uid_t uid,
- PolKitError **error)
-{
- GSList *ret;
- char *helper_argv[] = {PACKAGE_LIBEXEC_DIR "/polkit-read-auth-helper", NULL, NULL};
- gint exit_status;
- GError *g_error;
- char *standard_output;
- size_t len;
- off_t n;
-
- ret = NULL;
- standard_output = NULL;
-
- /* first, see if this is in the cache */
- ret = g_hash_table_lookup (authdb->uid_to_authlist, (gpointer) uid);
- if (ret != NULL)
- goto out;
-
- helper_argv[1] = g_strdup_printf ("%d", uid);
-
- /* we need to do this through a setgid polkituser helper
- * because the auth file is readable only for uid 0 and gid
- * polkituser.
- */
- g_error = NULL;
- if (!g_spawn_sync (NULL, /* const gchar *working_directory */
- helper_argv, /* gchar **argv */
- NULL, /* gchar **envp */
- 0, /* GSpawnFlags flags */
- NULL, /* GSpawnChildSetupFunc child_setup */
- NULL, /* gpointer user_data */
- &standard_output, /* gchar **standard_output */
- NULL, /* gchar **standard_error */
- &exit_status, /* gint *exit_status */
- &g_error)) { /* GError **error */
- polkit_error_set_error (error,
- POLKIT_ERROR_GENERAL_ERROR,
- "Error spawning read auth helper: %s",
- g_error->message);
- g_error_free (g_error);
- goto out;
- }
-
- if (!WIFEXITED (exit_status)) {
- g_warning ("Read auth helper crashed!");
- polkit_error_set_error (error,
- POLKIT_ERROR_GENERAL_ERROR,
- "Read auth helper crashed!");
- goto out;
- } else if (WEXITSTATUS(exit_status) != 0) {
- polkit_error_set_error (error,
- POLKIT_ERROR_NOT_AUTHORIZED_TO_READ_AUTHORIZATIONS_FOR_OTHER_USERS,
- uid > 0 ?
- "uid %d is not authorized to read authorizations for uid %d (requires org.freedesktop.policykit.read)" :
- "uid %d is not authorized to read all authorizations (requires org.freedesktop.policykit.read)",
- getuid (), uid);
- goto out;
- }
-
- len = strlen (standard_output);
-
- /* parse one line at a time (modifies standard_output in place) */
- n = 0;
- while (n < len) {
- off_t m;
- char *line;
- PolKitAuthorization *auth;
-
- m = n;
- while (m < len && standard_output[m] != '\0') {
- if (standard_output[m] == '\n')
- break;
- m++;
- }
- /* check EOF */
- if (standard_output[m] == '\0')
- break;
- standard_output[m] = '\0';
-
- line = standard_output + n;
-
- if (strlen (line) >= 2 && strncmp (line, "#uid=", 5) == 0) {
- uid = (uid_t) atoi (line + 5);
- }
-
- if (strlen (line) >= 2 && line[0] != '#') {
- auth = _polkit_authorization_new_for_uid (line, uid);
-
- if (auth != NULL) {
- ret = g_slist_prepend (ret, auth);
- }
- }
-
- n = m + 1;
- }
-
- g_hash_table_insert (authdb->uid_to_authlist, (gpointer) uid, ret);
-
-out:
- g_free (helper_argv[1]);
- g_free (standard_output);
- return ret;
-}
-
-
-static polkit_bool_t
-_internal_foreach (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- uid_t uid,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error)
-{
- GSList *l;
- GSList *auths;
- polkit_bool_t ret;
- char *action_id;
-
- g_return_val_if_fail (authdb != NULL, FALSE);
- g_return_val_if_fail (cb != NULL, FALSE);
-
- ret = FALSE;
-
- if (action == NULL) {
- action_id = NULL;
- } else {
- if (!polkit_action_get_action_id (action, &action_id))
- goto out;
- }
-
- auths = _authdb_get_auths_for_uid (authdb, uid, error);
- if (auths == NULL)
- goto out;
-
- for (l = auths; l != NULL; l = l->next) {
- PolKitAuthorization *auth = l->data;
-
- if (action_id != NULL) {
- if (strcmp (polkit_authorization_get_action_id (auth), action_id) != 0) {
- continue;
- }
- }
-
- if (cb (authdb, auth, user_data)) {
- ret = TRUE;
- goto out;
- }
- }
-
-out:
- return ret;
-}
-
-
-/**
- * polkit_authorization_db_foreach:
- * @authdb: authorization database
- * @cb: callback
- * @user_data: user data to pass to callback
- * @error: return location for error
- *
- * Iterate over all entries in the authorization database.
- *
- * Note that unless the calling process has the authorization
- * org.freedesktop.policykit.read this function may return an error.
- *
- * Returns: #TRUE if the callback returned #TRUE to stop iterating. If
- * #FALSE, either error may be set or the callback returns #FALSE on
- * every invocation.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_db_foreach (PolKitAuthorizationDB *authdb,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error)
-{
- return _internal_foreach (authdb, NULL, -1, cb, user_data, error);
-}
-
-/**
- * polkit_authorization_db_foreach_for_uid:
- * @authdb: authorization database
- * @uid: user to get authorizations for
- * @cb: callback
- * @user_data: user data to pass to callback
- * @error: return location for error
- *
- * Iterate over all entries in the authorization database for a given
- * user.
- *
- * Note that if the calling process asks for authorizations for a
- * different uid than itself and it lacks the authorization
- * org.freedesktop.policykit.read this function may return an error.
- *
- * Returns: #TRUE if the callback returned #TRUE to stop iterating. If
- * #FALSE, either error may be set or the callback returns #FALSE on
- * every invocation.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_db_foreach_for_uid (PolKitAuthorizationDB *authdb,
- uid_t uid,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error)
-{
- return _internal_foreach (authdb, NULL, uid, cb, user_data, error);
-}
-
-/**
- * polkit_authorization_db_foreach_for_action:
- * @authdb: authorization database
- * @action: action to get authorizations for
- * @cb: callback
- * @user_data: user data to pass to callback
- * @error: return location for error
- *
- * Iterate over all entries in the authorization database for a given
- * action.
- *
- * Note that unless the calling process has the authorization
- * org.freedesktop.policykit.read this function may return an error.
- *
- * Returns: #TRUE if the callback returned #TRUE to stop iterating. If
- * #FALSE, either error may be set or the callback returns #FALSE on
- * every invocation.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_db_foreach_for_action (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error)
-{
- g_return_val_if_fail (action != NULL, FALSE);
- return _internal_foreach (authdb, action, -1, cb, user_data, error);
-}
-
-/**
- * polkit_authorization_db_foreach_for_action_for_uid:
- * @authdb: authorization database
- * @action: action to get authorizations for
- * @uid: user to get authorizations for
- * @cb: callback
- * @user_data: user data to pass to callback
- * @error: return location for error
- *
- * Iterate over all entries in the authorization database for a given
- * action and user.
- *
- * Note that if the calling process asks for authorizations for a
- * different uid than itself and it lacks the authorization
- * org.freedesktop.policykit.read this function may return an error.
- *
- * Returns: #TRUE if the callback returned #TRUE to stop iterating. If
- * #FALSE, either error may be set or the callback returns #FALSE on
- * every invocation.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_db_foreach_for_action_for_uid (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- uid_t uid,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error)
-{
- g_return_val_if_fail (action != NULL, FALSE);
- return _internal_foreach (authdb, action, uid, cb, user_data, error);
-}
-
-
-typedef struct {
- char *action_id;
- uid_t session_uid;
- char *session_objpath;
- PolKitSession *session;
-} CheckDataSession;
-
-static polkit_bool_t
-_check_auth_for_session (PolKitAuthorizationDB *authdb, PolKitAuthorization *auth, void *user_data)
-{
- gboolean ret;
- CheckDataSession *cd = (CheckDataSession *) user_data;
- PolKitAuthorizationConstraint *constraint;
-
- ret = FALSE;
-
- if (strcmp (polkit_authorization_get_action_id (auth), cd->action_id) != 0)
- goto no_match;
-
- constraint = polkit_authorization_get_constraint (auth);
- if (!polkit_authorization_constraint_check_session (constraint, cd->session))
- goto no_match;
-
- switch (polkit_authorization_get_scope (auth))
- {
- case POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT:
- case POLKIT_AUTHORIZATION_SCOPE_PROCESS:
- goto no_match;
-
- case POLKIT_AUTHORIZATION_SCOPE_SESSION:
- if (strcmp (polkit_authorization_scope_session_get_ck_objref (auth), cd->session_objpath) != 0)
- goto no_match;
- break;
-
- case POLKIT_AUTHORIZATION_SCOPE_ALWAYS:
- break;
- }
-
- ret = TRUE;
-
-no_match:
- return ret;
-}
-
-/**
- * polkit_authorization_db_is_session_authorized:
- * @authdb: the authorization database
- * @action: the action to check for
- * @session: the session to check for
- * @out_is_authorized: return location
- *
- * Looks in the authorization database and determine if processes from
- * the given session are authorized to do the given specific action.
- *
- * Returns: #TRUE if the look up was performed; #FALSE if the caller
- * of this function lacks privileges to ask this question (e.g. asking
- * about a user that is not himself).
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_db_is_session_authorized (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitSession *session,
- polkit_bool_t *out_is_authorized)
-{
- polkit_bool_t ret;
- CheckDataSession cd;
-
- ret = FALSE;
-
- g_return_val_if_fail (authdb != NULL, FALSE);
- g_return_val_if_fail (action != NULL, FALSE);
- g_return_val_if_fail (session != NULL, FALSE);
- g_return_val_if_fail (out_is_authorized != NULL, FALSE);
-
- if (!polkit_action_get_action_id (action, &cd.action_id))
- return FALSE;
-
- if (!polkit_session_get_uid (session, &cd.session_uid))
- return FALSE;
-
- cd.session = session;
-
- if (!polkit_session_get_ck_objref (session, &cd.session_objpath) || cd.session_objpath == NULL)
- return FALSE;
-
- ret = TRUE;
-
- *out_is_authorized = FALSE;
- if (polkit_authorization_db_foreach_for_uid (authdb,
- cd.session_uid,
- _check_auth_for_session,
- &cd,
- NULL)) {
- *out_is_authorized = TRUE;
- }
-
- return ret;
-}
-
-typedef struct {
- char *action_id;
- uid_t caller_uid;
- pid_t caller_pid;
- polkit_uint64_t caller_pid_start_time;
- char *session_objpath;
- PolKitCaller *caller;
- polkit_bool_t revoke_if_one_shot;
-} CheckData;
-
-static polkit_bool_t
-_check_auth_for_caller (PolKitAuthorizationDB *authdb, PolKitAuthorization *auth, void *user_data)
-{
-
- gboolean ret;
- pid_t caller_pid;
- polkit_uint64_t caller_pid_start_time;
- CheckData *cd = (CheckData *) user_data;
- PolKitAuthorizationConstraint *constraint;
- PolKitError *error;
-
- ret = FALSE;
-
- if (strcmp (polkit_authorization_get_action_id (auth), cd->action_id) != 0)
- goto no_match;
-
- constraint = polkit_authorization_get_constraint (auth);
- if (!polkit_authorization_constraint_check_caller (constraint, cd->caller))
- goto no_match;
-
- switch (polkit_authorization_get_scope (auth))
- {
- case POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT:
- case POLKIT_AUTHORIZATION_SCOPE_PROCESS:
- if (!polkit_authorization_scope_process_get_pid (auth, &caller_pid, &caller_pid_start_time))
- goto no_match;
- if (!(caller_pid == cd->caller_pid && caller_pid_start_time == cd->caller_pid_start_time))
- goto no_match;
-
- if (polkit_authorization_get_scope (auth) == POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT) {
-
- /* it's a match already; revoke if asked to do so */
- if (cd->revoke_if_one_shot) {
- error = NULL;
- if (!polkit_authorization_db_revoke_entry (authdb, auth, &error)) {
- g_warning ("Cannot revoke one-shot auth: %s: %s",
- polkit_error_get_error_name (error),
- polkit_error_get_error_message (error));
- polkit_error_free (error);
- }
- }
- }
- break;
-
- case POLKIT_AUTHORIZATION_SCOPE_SESSION:
- if (cd->session_objpath == NULL)
- goto no_match;
- if (strcmp (polkit_authorization_scope_session_get_ck_objref (auth), cd->session_objpath) != 0)
- goto no_match;
- break;
-
- case POLKIT_AUTHORIZATION_SCOPE_ALWAYS:
- break;
- }
-
- ret = TRUE;
-
-
-no_match:
- return ret;
-}
-
-/**
- * polkit_authorization_db_is_caller_authorized:
- * @authdb: the authorization database
- * @action: the action to check for
- * @caller: the caller to check for
- * @revoke_if_one_shot: Whether to revoke one-shot authorizations. See
- * discussion in polkit_context_is_caller_authorized() for details.
- * @out_is_authorized: return location
- *
- * Looks in the authorization database if the given caller is
- * authorized to do the given action.
- *
- * Returns: #TRUE if the look up was performed; #FALSE if the caller
- * of this function lacks privileges to ask this question (e.g. asking
- * about a user that is not himself).
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_db_is_caller_authorized (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- polkit_bool_t revoke_if_one_shot,
- polkit_bool_t *out_is_authorized)
-{
- PolKitSession *session;
- polkit_bool_t ret;
- CheckData cd;
-
- ret = FALSE;
-
- g_return_val_if_fail (authdb != NULL, FALSE);
- g_return_val_if_fail (action != NULL, FALSE);
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (out_is_authorized != NULL, FALSE);
-
- if (!polkit_action_get_action_id (action, &cd.action_id))
- return FALSE;
-
- if (!polkit_caller_get_pid (caller, &cd.caller_pid))
- return FALSE;
-
- if (!polkit_caller_get_uid (caller, &cd.caller_uid))
- return FALSE;
-
- cd.caller = caller;
- cd.revoke_if_one_shot = revoke_if_one_shot;
-
- cd.caller_pid_start_time = polkit_sysdeps_get_start_time_for_pid (cd.caller_pid);
- if (cd.caller_pid_start_time == 0)
- return FALSE;
-
- /* Caller does not _have_ to be member of a session */
- cd.session_objpath = NULL;
- if (polkit_caller_get_ck_session (caller, &session) && session != NULL) {
- if (!polkit_session_get_ck_objref (session, &cd.session_objpath))
- cd.session_objpath = NULL;
- }
-
- ret = TRUE;
-
- *out_is_authorized = FALSE;
- if (polkit_authorization_db_foreach_for_uid (authdb,
- cd.caller_uid,
- _check_auth_for_caller,
- &cd,
- NULL)) {
- *out_is_authorized = TRUE;
- }
-
- return ret;
-}
-
-/**
- * polkit_authorization_db_revoke_entry:
- * @authdb: the authorization database
- * @auth: the authorization to revoke
- * @error: return location for error
- *
- * Removes an authorization from the authorization database. This uses
- * a privileged helper /usr/libexec/polkit-revoke-helper.
- *
- * Returns: #TRUE if the authorization was revoked, #FALSE otherwise and error is set
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_db_revoke_entry (PolKitAuthorizationDB *authdb,
- PolKitAuthorization *auth,
- PolKitError **error)
-{
- GError *g_error;
- char *helper_argv[] = {PACKAGE_LIBEXEC_DIR "/polkit-revoke-helper", "", NULL, NULL, NULL};
- const char *auth_file_entry;
- gboolean ret;
- gint exit_status;
-
- ret = FALSE;
-
- g_return_val_if_fail (authdb != NULL, FALSE);
- g_return_val_if_fail (auth != NULL, FALSE);
-
- auth_file_entry = _polkit_authorization_get_authfile_entry (auth);
- //g_debug ("should delete line '%s'", auth_file_entry);
-
- helper_argv[1] = (char *) auth_file_entry;
- helper_argv[2] = "uid";
- helper_argv[3] = g_strdup_printf ("%d", polkit_authorization_get_uid (auth));
-
- g_error = NULL;
- if (!g_spawn_sync (NULL, /* const gchar *working_directory */
- helper_argv, /* gchar **argv */
- NULL, /* gchar **envp */
- 0, /* GSpawnFlags flags */
- NULL, /* GSpawnChildSetupFunc child_setup */
- NULL, /* gpointer user_data */
- NULL, /* gchar **standard_output */
- NULL, /* gchar **standard_error */
- &exit_status, /* gint *exit_status */
- &g_error)) { /* GError **error */
- polkit_error_set_error (error,
- POLKIT_ERROR_GENERAL_ERROR,
- "Error spawning revoke helper: %s",
- g_error->message);
- g_error_free (g_error);
- goto out;
- }
-
- if (!WIFEXITED (exit_status)) {
- g_warning ("Revoke helper crashed!");
- polkit_error_set_error (error,
- POLKIT_ERROR_GENERAL_ERROR,
- "Revoke helper crashed!");
- goto out;
- } else if (WEXITSTATUS(exit_status) != 0) {
- polkit_error_set_error (error,
- POLKIT_ERROR_NOT_AUTHORIZED_TO_REVOKE_AUTHORIZATIONS_FROM_OTHER_USERS,
- "uid %d is not authorized to revoke authorizations from uid %d (requires org.freedesktop.policykit.revoke)",
- getuid (), polkit_authorization_get_uid (auth));
- } else {
- ret = TRUE;
- }
-
-out:
- g_free (helper_argv[3]);
- return ret;
-}
diff --git a/polkit/polkit-authorization-db.h b/polkit/polkit-authorization-db.h
deleted file mode 100644
index 8089bd4..0000000
--- a/polkit/polkit-authorization-db.h
+++ /dev/null
@@ -1,156 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-authorization-db.h : Represents the authorization database
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_AUTHORIZATION_DB_H
-#define POLKIT_AUTHORIZATION_DB_H
-
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-authorization.h>
-#include <polkit/polkit-action.h>
-#include <polkit/polkit-result.h>
-#include <polkit/polkit-caller.h>
-#include <polkit/polkit-session.h>
-#include <polkit/polkit-error.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitAuthorizationDB;
-typedef struct _PolKitAuthorizationDB PolKitAuthorizationDB;
-
-/**
- * PolKitAuthorizationDBCapability:
- * @POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN: Users can obtain
- * authorizations through authentication
- *
- * Capabilities of the authorization database backend.
- *
- * Since: 0.7
- */
-typedef enum
-{
- POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN = 1 << 0
-} PolKitAuthorizationDBCapability;
-
-PolKitAuthorizationDBCapability polkit_authorization_db_get_capabilities (void);
-
-PolKitAuthorizationDB *polkit_authorization_db_ref (PolKitAuthorizationDB *authdb);
-void polkit_authorization_db_unref (PolKitAuthorizationDB *authdb);
-
-void polkit_authorization_db_debug (PolKitAuthorizationDB *authdb);
-polkit_bool_t polkit_authorization_db_validate (PolKitAuthorizationDB *authdb);
-
-polkit_bool_t polkit_authorization_db_is_session_authorized (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitSession *session,
- polkit_bool_t *out_is_authorized);
-
-polkit_bool_t polkit_authorization_db_is_caller_authorized (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- polkit_bool_t revoke_if_one_shot,
- polkit_bool_t *out_is_authorized);
-
-/**
- * PolKitAuthorizationDBForeach:
- * @authdb: authorization database
- * @auth: authorization; user shall not unref this object. Unless
- * reffed by the user it will be destroyed when the callback function
- * returns.
- * @user_data: user data passed
- *
- * Type of callback function for iterating over authorizations.
- *
- * Returns: pass #TRUE to stop iterating
- *
- * Since: 0.7
- */
-typedef polkit_bool_t (*PolKitAuthorizationDBForeach) (PolKitAuthorizationDB *authdb,
- PolKitAuthorization *auth,
- void *user_data);
-
-polkit_bool_t polkit_authorization_db_foreach (PolKitAuthorizationDB *authdb,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error);
-
-polkit_bool_t polkit_authorization_db_foreach_for_uid (PolKitAuthorizationDB *authdb,
- uid_t uid,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error);
-
-polkit_bool_t polkit_authorization_db_foreach_for_action (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error);
-
-polkit_bool_t polkit_authorization_db_foreach_for_action_for_uid (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- uid_t uid,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error);
-
-polkit_bool_t polkit_authorization_db_add_entry_process_one_shot (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- uid_t user_authenticated_as);
-
-polkit_bool_t polkit_authorization_db_add_entry_process (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- uid_t user_authenticated_as);
-
-polkit_bool_t polkit_authorization_db_add_entry_session (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- uid_t user_authenticated_as);
-
-polkit_bool_t polkit_authorization_db_add_entry_always (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- uid_t user_authenticated_as);
-
-polkit_bool_t polkit_authorization_db_grant_to_uid (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- uid_t uid,
- PolKitAuthorizationConstraint *constraint,
- PolKitError **error);
-
-polkit_bool_t polkit_authorization_db_revoke_entry (PolKitAuthorizationDB *authdb,
- PolKitAuthorization *auth,
- PolKitError **error);
-
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_AUTHORIZATION_DB_H */
-
-
diff --git a/polkit/polkit-authorization.c b/polkit/polkit-authorization.c
deleted file mode 100644
index 660183a..0000000
--- a/polkit/polkit-authorization.c
+++ /dev/null
@@ -1,567 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-authorization.c : Represents an entry in the authorization
- * database
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "polkit-debug.h"
-#include "polkit-authorization.h"
-#include "polkit-utils.h"
-#include "polkit-private.h"
-
-/**
- * SECTION:polkit-authorization
- * @title: Authorization Entry
- * @short_description: An entry in the autothorization database
- *
- * This class is used to represent entries in the authorization
- * database.
- *
- * Since: 0.7
- **/
-
-/**
- * PolKitAuthorization:
- *
- * Objects of this class are used to represent entries in the
- * authorization database.
- *
- * Since: 0.7
- **/
-struct _PolKitAuthorization
-{
- int refcount;
-
- char *entry_in_auth_file;
-
- PolKitAuthorizationScope scope;
- PolKitAuthorizationConstraint *constraint;
-
- char *action_id;
- uid_t uid;
- time_t when;
- uid_t authenticated_as_uid;
-
- pid_t pid;
- polkit_uint64_t pid_start_time;
-
- polkit_bool_t explicitly_granted;
- uid_t explicitly_granted_by;
-
- char *session_id;
-};
-
-const char *
-_polkit_authorization_get_authfile_entry (PolKitAuthorization *auth)
-{
- g_return_val_if_fail (auth != NULL, NULL);
- return auth->entry_in_auth_file;
-}
-
-#ifdef POLKIT_AUTHDB_DEFAULT
-
-PolKitAuthorization *
-_polkit_authorization_new_for_uid (const char *entry_in_auth_file, uid_t uid)
-{
- char **t;
- guint num_t;
- char *ep;
- PolKitAuthorization *auth;
- int n;
-
- g_return_val_if_fail (entry_in_auth_file != NULL, NULL);
-
- auth = g_new0 (PolKitAuthorization, 1);
- auth->refcount = 1;
- auth->entry_in_auth_file = g_strdup (entry_in_auth_file);
- auth->uid = uid;
-
- t = g_strsplit (entry_in_auth_file, ":", 0);
- num_t = g_strv_length (t);
-
-/*
- * pid:
- * grant_line = g_strdup_printf ("process:%d:%Lu:%s:%Lu:%d:%s\n",
- * caller_pid,
- * pid_start_time,
- * action_id,
- * (polkit_uint64_t) now.tv_sec,
- * user_authenticated_as,
- * cbuf);
- */
- n = 1;
-
- if (strcmp (t[0], "process") == 0 ||
- strcmp (t[0], "process-one-shot") == 0) {
- if (num_t != 7)
- goto error;
-
- if (strcmp (t[0], "process") == 0)
- auth->scope = POLKIT_AUTHORIZATION_SCOPE_PROCESS;
- else
- auth->scope = POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT;
-
- auth->pid = strtoul (t[n++], &ep, 10);
- if (*ep != '\0')
- goto error;
-
- auth->pid_start_time = strtoull (t[n++], &ep, 10);
- if (*ep != '\0')
- goto error;
-
- if (!polkit_action_validate_id (t[n]))
- goto error;
- auth->action_id = g_strdup (t[n++]);
-
- auth->when = strtoull (t[n++], &ep, 10);
- if (*ep != '\0')
- goto error;
-
- auth->authenticated_as_uid = strtoul (t[n++], &ep, 10);
- if (*ep != '\0')
- goto error;
-
- auth->constraint = polkit_authorization_constraint_from_string (t[n++]);
- if (auth->constraint == NULL)
- goto error;
- }
-/*
- * grant_line = g_strdup_printf ("session:%s:%s:%Lu:%s:%d:%s\n",
- * session_objpath,
- * action_id,
- * (polkit_uint64_t) now.tv_sec,
- * user_authenticated_as,
- * cbuf);
- */
- else if (strcmp (t[0], "session") == 0) {
- if (num_t != 6)
- goto error;
-
- auth->scope = POLKIT_AUTHORIZATION_SCOPE_SESSION;
-
- auth->session_id = g_strdup (t[n++]);
-
- if (!polkit_action_validate_id (t[n]))
- goto error;
- auth->action_id = g_strdup (t[n++]);
-
- auth->when = strtoull (t[n++], &ep, 10);
- if (*ep != '\0')
- goto error;
-
- auth->authenticated_as_uid = strtoul (t[n++], &ep, 10);
- if (*ep != '\0')
- goto error;
-
- auth->constraint = polkit_authorization_constraint_from_string (t[n++]);
- if (auth->constraint == NULL)
- goto error;
- }
-
-/*
- * always:
- * grant_line = g_strdup_printf ("always:%s:%Lu:%s:%d:%s\n",
- * action_id,
- * (polkit_uint64_t) now.tv_sec,
- * user_authenticated_as,
- * cbuf);
- *
- */
- else if (strcmp (t[0], "always") == 0) {
- if (num_t != 5)
- goto error;
-
- auth->scope = POLKIT_AUTHORIZATION_SCOPE_ALWAYS;
-
- if (!polkit_action_validate_id (t[n]))
- goto error;
- auth->action_id = g_strdup (t[n++]);
-
- auth->when = strtoull (t[n++], &ep, 10);
- if (*ep != '\0')
- goto error;
-
- auth->authenticated_as_uid = strtoul (t[n++], &ep, 10);
- if (*ep != '\0')
- goto error;
-
- auth->constraint = polkit_authorization_constraint_from_string (t[n++]);
- if (auth->constraint == NULL)
- goto error;
- }
-/*
- * grant:
- * "grant:%d:%s:%Lu:%d:%s\n",
- * action_id,
- * (polkit_uint64_t) now.tv_sec,
- * invoking_uid,
- * authc_str) >= (int) sizeof (grant_line)) {
- *
- */
- else if (strcmp (t[0], "grant") == 0) {
-
- if (num_t != 5)
- goto error;
-
- auth->scope = POLKIT_AUTHORIZATION_SCOPE_ALWAYS;
- auth->explicitly_granted = TRUE;
-
- if (!polkit_action_validate_id (t[n]))
- goto error;
- auth->action_id = g_strdup (t[n++]);
-
- auth->when = strtoull (t[n++], &ep, 10);
- if (*ep != '\0')
- goto error;
-
- auth->explicitly_granted_by = strtoul (t[n++], &ep, 10);
- if (*ep != '\0')
- goto error;
-
- auth->constraint = polkit_authorization_constraint_from_string (t[n++]);
- if (auth->constraint == NULL)
- goto error;
-
- } else {
- goto error;
- }
-
- g_strfreev (t);
- return auth;
-
-error:
- g_warning ("Error parsing token %d from line '%s'", n, entry_in_auth_file);
- polkit_authorization_unref (auth);
- g_strfreev (t);
- return NULL;
-}
-
-#endif /* POLKIT_AUTHDB_DEFAULT */
-
-/**
- * polkit_authorization_ref:
- * @auth: the authorization object
- *
- * Increase reference count.
- *
- * Returns: the object
- *
- * Since: 0.7
- **/
-PolKitAuthorization *
-polkit_authorization_ref (PolKitAuthorization *auth)
-{
- g_return_val_if_fail (auth != NULL, auth);
- auth->refcount++;
- return auth;
-}
-
-/**
- * polkit_authorization_unref:
- * @auth: the authorization object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- *
- * Since: 0.7
- **/
-void
-polkit_authorization_unref (PolKitAuthorization *auth)
-{
- g_return_if_fail (auth != NULL);
- auth->refcount--;
- if (auth->refcount > 0)
- return;
-
- g_free (auth->entry_in_auth_file);
- g_free (auth->action_id);
- g_free (auth->session_id);
- if (auth->constraint != NULL)
- polkit_authorization_constraint_unref (auth->constraint);
- g_free (auth);
-}
-
-/**
- * polkit_authorization_debug:
- * @auth: the object
- *
- * Print debug details
- *
- * Since: 0.7
- **/
-void
-polkit_authorization_debug (PolKitAuthorization *auth)
-{
- g_return_if_fail (auth != NULL);
- _pk_debug ("PolKitAuthorization: refcount=%d", auth->refcount);
- _pk_debug (" scope = %d", auth->scope);
- _pk_debug (" pid = %d", auth->pid);
- _pk_debug (" pid_start_time = %Lu", auth->pid_start_time);
- _pk_debug (" action_id = %s", auth->action_id);
- _pk_debug (" when = %Lu", (polkit_uint64_t) auth->when);
- _pk_debug (" auth_as_uid = %d", auth->authenticated_as_uid);
-}
-
-/**
- * polkit_authorization_validate:
- * @auth: the object
- *
- * Validate the object
- *
- * Returns: #TRUE iff the object is valid.
- *
- * Since: 0.7
- **/
-polkit_bool_t
-polkit_authorization_validate (PolKitAuthorization *auth)
-{
- g_return_val_if_fail (auth != NULL, FALSE);
-
- return TRUE;
-}
-
-/**
- * polkit_authorization_get_action_id:
- * @auth: the object
- *
- * Get the action this authorization is for
- *
- * Returns: the action id. Caller should not free this string.
- *
- * Since: 0.7
- */
-const char *
-polkit_authorization_get_action_id (PolKitAuthorization *auth)
-{
- g_return_val_if_fail (auth != NULL, NULL);
-
- return auth->action_id;
-}
-
-/**
- * polkit_authorization_get_scope:
- * @auth: the object
- *
- * Get the scope of the authorization; e.g. whether it's confined to a
- * single process, a single session or can be retained
- * indefinitely. Also keep in mind that an authorization is subject to
- * constraints, see polkit_authorization_get_constraint() for details.
- *
- * Returns: the scope
- *
- * Since: 0.7
- */
-PolKitAuthorizationScope
-polkit_authorization_get_scope (PolKitAuthorization *auth)
-{
- g_return_val_if_fail (auth != NULL, 0);
-
- return auth->scope;
-}
-
-/**
- * polkit_authorization_scope_process_get_pid:
- * @auth: the object
- * @out_pid: return location
- * @out_pid_start_time: return location
- *
- * If scope is #POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT or
- * #POLKIT_AUTHORIZATION_SCOPE_PROCESS, get information about what
- * process the authorization is confined to.
- *
- * As process identifiers can be recycled, the start time of the
- * process (the unit is not well-defined; on Linux it's the number of
- * milliseconds since the system was started) is also returned.
- *
- * Returns: #TRUE if information was returned
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_scope_process_get_pid (PolKitAuthorization *auth,
- pid_t *out_pid,
- polkit_uint64_t *out_pid_start_time)
-{
- g_return_val_if_fail (auth != NULL, FALSE);
- g_return_val_if_fail (out_pid != NULL, FALSE);
- g_return_val_if_fail (out_pid_start_time != NULL, FALSE);
- g_return_val_if_fail (auth->scope == POLKIT_AUTHORIZATION_SCOPE_PROCESS ||
- auth->scope == POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT, FALSE);
-
- *out_pid = auth->pid;
- *out_pid_start_time = auth->pid_start_time;
-
- return TRUE;
-}
-
-/**
- * polkit_authorization_scope_session_get_ck_objref:
- * @auth: the object
- *
- * Gets the ConsoleKit object path for the session the authorization
- * is confined to.
- *
- * Returns: #NULL if scope wasn't session
- *
- * Since: 0.7
- */
-const char *
-polkit_authorization_scope_session_get_ck_objref (PolKitAuthorization *auth)
-{
- g_return_val_if_fail (auth != NULL, FALSE);
- g_return_val_if_fail (auth->scope == POLKIT_AUTHORIZATION_SCOPE_SESSION, FALSE);
-
- return auth->session_id;
-}
-
-/**
- * polkit_authorization_get_uid:
- * @auth: the object
- *
- * Gets the UNIX user id for the user the authorization is confined
- * to.
- *
- * Returns: The UNIX user id for whom the authorization is confied to
- *
- * Since: 0.7
- */
-uid_t
-polkit_authorization_get_uid (PolKitAuthorization *auth)
-{
- g_return_val_if_fail (auth != NULL, 0);
- return auth->uid;
-}
-
-/**
- * polkit_authorization_get_time_of_grant:
- * @auth: the object
- *
- * Returns the point in time the authorization was granted. The value
- * is UNIX time, e.g. number of seconds since the Epoch Jan 1, 1970
- * 0:00 UTC.
- *
- * Returns: When authorization was granted
- *
- * Since: 0.7
- */
-time_t
-polkit_authorization_get_time_of_grant (PolKitAuthorization *auth)
-{
- g_return_val_if_fail (auth != NULL, 0);
- return auth->when;
-}
-
-/**
- * polkit_authorization_was_granted_via_defaults:
- * @auth: the object
- * @out_user_authenticated_as: return location
- *
- * Determine if the authorization was obtained by the user by
- * authenticating as himself or an administrator via the the
- * "defaults" section in the <literal>.policy</literal> file for the
- * action (e.g. "allow_any", "allow_inactive", "allow_active").
- *
- * Compare with polkit_authorization_was_granted_explicitly() - only
- * one of these functions can return #TRUE.
- *
- * Returns: #TRUE if the authorization was obtained by the user
- * himself authenticating.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_was_granted_via_defaults (PolKitAuthorization *auth,
- uid_t *out_user_authenticated_as)
-{
- g_return_val_if_fail (auth != NULL, FALSE);
- g_return_val_if_fail (out_user_authenticated_as != NULL, FALSE);
-
- if (auth->explicitly_granted)
- return FALSE;
-
- *out_user_authenticated_as = auth->authenticated_as_uid;
- return TRUE;
-}
-
-/**
- * polkit_authorization_was_granted_explicitly:
- * @auth: the object
- * @out_by_whom: return location
- *
- * Determine if the authorization was explicitly granted by a
- * sufficiently privileged user.
- *
- * Compare with polkit_authorization_was_granted_via_defaults() - only
- * one of these functions can return #TRUE.
- *
- * Returns: #TRUE if the authorization was explicitly granted by a
- * sufficiently privileger user.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_was_granted_explicitly (PolKitAuthorization *auth,
- uid_t *out_by_whom)
-{
- g_return_val_if_fail (auth != NULL, FALSE);
- g_return_val_if_fail (out_by_whom != NULL, FALSE);
-
- if (!auth->explicitly_granted)
- return FALSE;
-
- *out_by_whom = auth->explicitly_granted_by;
-
- return TRUE;
-}
-
-/**
- * polkit_authorization_get_constraint:
- * @auth: the object
- *
- * Get the constraint associated with an authorization.
- *
- * Returns: The constraint. Caller shall not unref this object.
- *
- * Since: 0.7
- */
-PolKitAuthorizationConstraint *
-polkit_authorization_get_constraint (PolKitAuthorization *auth)
-{
- g_return_val_if_fail (auth != NULL, FALSE);
- return auth->constraint;
-}
diff --git a/polkit/polkit-authorization.h b/polkit/polkit-authorization.h
deleted file mode 100644
index 0e107be..0000000
--- a/polkit/polkit-authorization.h
+++ /dev/null
@@ -1,100 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-authorization.h : Represents an entry in the authorization
- * database
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_AUTHORIZATION_H
-#define POLKIT_AUTHORIZATION_H
-
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-action.h>
-#include <polkit/polkit-result.h>
-#include <polkit/polkit-authorization-constraint.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitAuthorization;
-typedef struct _PolKitAuthorization PolKitAuthorization;
-
-PolKitAuthorization *polkit_authorization_ref (PolKitAuthorization *auth);
-void polkit_authorization_unref (PolKitAuthorization *auth);
-
-void polkit_authorization_debug (PolKitAuthorization *auth);
-polkit_bool_t polkit_authorization_validate (PolKitAuthorization *auth);
-
-
-/**
- * PolKitAuthorizationScope:
- * @POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT: The authorization is
- * limited for a single shot for a single process on the system
- * @POLKIT_AUTHORIZATION_SCOPE_PROCESS: The authorization is limited
- * for a single process on the system
- * @POLKIT_AUTHORIZATION_SCOPE_SESSION: The authorization is limited
- * for processes originating from a given session
- * @POLKIT_AUTHORIZATION_SCOPE_ALWAYS: The authorization is retained
- * indefinitely.
- *
- * The scope of an authorization; e.g. whether it's limited to a
- * process, a session or unlimited.
- */
-typedef enum {
- POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT,
- POLKIT_AUTHORIZATION_SCOPE_PROCESS,
- POLKIT_AUTHORIZATION_SCOPE_SESSION,
- POLKIT_AUTHORIZATION_SCOPE_ALWAYS,
-} PolKitAuthorizationScope;
-
-const char *polkit_authorization_get_action_id (PolKitAuthorization *auth);
-
-uid_t polkit_authorization_get_uid (PolKitAuthorization *auth);
-
-time_t polkit_authorization_get_time_of_grant (PolKitAuthorization *auth);
-
-PolKitAuthorizationConstraint *polkit_authorization_get_constraint (PolKitAuthorization *auth);
-
-PolKitAuthorizationScope polkit_authorization_get_scope (PolKitAuthorization *auth);
-
-
-polkit_bool_t polkit_authorization_scope_process_get_pid (PolKitAuthorization *auth,
- pid_t *out_pid,
- polkit_uint64_t *out_pid_start_time);
-
-const char *polkit_authorization_scope_session_get_ck_objref (PolKitAuthorization *auth);
-
-
-polkit_bool_t polkit_authorization_was_granted_via_defaults (PolKitAuthorization *auth,
- uid_t *out_user_authenticated_as);
-
-polkit_bool_t polkit_authorization_was_granted_explicitly (PolKitAuthorization *auth,
- uid_t *out_by_whom);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_AUTHORIZATION_H */
-
-
diff --git a/polkit/polkit-caller.c b/polkit/polkit-caller.c
deleted file mode 100644
index d3432b2..0000000
--- a/polkit/polkit-caller.c
+++ /dev/null
@@ -1,455 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-caller.c : callers
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-/**
- * SECTION:polkit-caller
- * @title: Caller
- * @short_description: Represents a process requesting a mechanism to do something.
- *
- * This class is used to represent a caller in another process that is
- * calling into a mechanism to make the mechanism do something.
- **/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "polkit-debug.h"
-#include "polkit-caller.h"
-#include "polkit-utils.h"
-#include "polkit-test.h"
-#include "polkit-memory.h"
-
-/**
- * PolKitCaller:
- *
- * Objects of this class are used to record information about a caller
- * in another process.
- **/
-struct _PolKitCaller
-{
- int refcount;
- char *dbus_name;
- uid_t uid;
- pid_t pid;
- char *selinux_context;
- PolKitSession *session;
-};
-
-/**
- * polkit_caller_new:
- *
- * Creates a new #PolKitCaller object.
- *
- * Returns: the new object
- **/
-PolKitCaller *
-polkit_caller_new (void)
-{
- PolKitCaller *caller;
- caller = p_new0 (PolKitCaller, 1);
- if (caller == NULL)
- goto out;
- caller->refcount = 1;
-out:
- return caller;
-}
-
-/**
- * polkit_caller_ref:
- * @caller: The caller object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitCaller *
-polkit_caller_ref (PolKitCaller *caller)
-{
- g_return_val_if_fail (caller != NULL, caller);
- caller->refcount++;
- return caller;
-}
-
-
-/**
- * polkit_caller_unref:
- * @caller: The caller object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-polkit_caller_unref (PolKitCaller *caller)
-{
- g_return_if_fail (caller != NULL);
- caller->refcount--;
- if (caller->refcount > 0)
- return;
- p_free (caller->dbus_name);
- p_free (caller->selinux_context);
- if (caller->session != NULL)
- polkit_session_unref (caller->session);
- p_free (caller);
-}
-
-/**
- * polkit_caller_set_dbus_name:
- * @caller: The caller object
- * @dbus_name: unique system bus connection name
- *
- * Set the callers unique system bus connection name.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-polkit_caller_set_dbus_name (PolKitCaller *caller, const char *dbus_name)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (dbus_name == NULL || _pk_validate_unique_bus_name (dbus_name), FALSE);
- if (caller->dbus_name != NULL)
- p_free (caller->dbus_name);
- if (dbus_name == NULL) {
- caller->dbus_name = NULL;
- return TRUE;
- } else {
- caller->dbus_name = p_strdup (dbus_name);
- if (caller->dbus_name == NULL)
- return FALSE;
- else
- return TRUE;
- }
-}
-
-/**
- * polkit_caller_set_uid:
- * @caller: The caller object
- * @uid: UNIX user id
- *
- * Set the callers UNIX user id.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-polkit_caller_set_uid (PolKitCaller *caller, uid_t uid)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- caller->uid = uid;
- return TRUE;
-}
-
-/**
- * polkit_caller_set_pid:
- * @caller: The caller object
- * @pid: UNIX process id
- *
- * Set the callers UNIX process id.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-polkit_caller_set_pid (PolKitCaller *caller, pid_t pid)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- caller->pid = pid;
- return TRUE;
-}
-
-/**
- * polkit_caller_set_selinux_context:
- * @caller: The caller object
- * @selinux_context: SELinux security context
- *
- * Set the callers SELinux security context.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-polkit_caller_set_selinux_context (PolKitCaller *caller, const char *selinux_context)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- /* TODO: probably should have a separate validation function for SELinux contexts */
- g_return_val_if_fail (selinux_context == NULL || _pk_validate_identifier (selinux_context), FALSE);
-
- if (caller->selinux_context != NULL)
- p_free (caller->selinux_context);
- if (selinux_context == NULL) {
- caller->selinux_context = NULL;
- return TRUE;
- } else {
- caller->selinux_context = p_strdup (selinux_context);
- if (caller->selinux_context == NULL)
- return FALSE;
- else
- return TRUE;
- }
-}
-
-/**
- * polkit_caller_set_ck_session:
- * @caller: The caller object
- * @session: a session object
- *
- * Set the callers session. The reference count on the given object
- * will be increased by one. If an existing session object was set
- * already, the reference count on that one will be decreased by one.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-polkit_caller_set_ck_session (PolKitCaller *caller, PolKitSession *session)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (session == NULL || polkit_session_validate (session), FALSE);
- if (caller->session != NULL)
- polkit_session_unref (caller->session);
- caller->session = session != NULL ? polkit_session_ref (session) : NULL;
- return TRUE;
-}
-
-/**
- * polkit_caller_get_dbus_name:
- * @caller: The caller object
- * @out_dbus_name: Returns the unique system bus connection name. The caller shall not free this string.
- *
- * Get the callers unique system bus connection name.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-polkit_caller_get_dbus_name (PolKitCaller *caller, char **out_dbus_name)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (out_dbus_name != NULL, FALSE);
- *out_dbus_name = caller->dbus_name;
- return TRUE;
-}
-
-/**
- * polkit_caller_get_uid:
- * @caller: The caller object
- * @out_uid: Returns the UNIX user id
- *
- * Get the callers UNIX user id.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-polkit_caller_get_uid (PolKitCaller *caller, uid_t *out_uid)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (out_uid != NULL, FALSE);
- *out_uid = caller->uid;
- return TRUE;
-}
-
-/**
- * polkit_caller_get_pid:
- * @caller: The caller object
- * @out_pid: Returns the UNIX process id
- *
- * Get the callers UNIX process id.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-polkit_caller_get_pid (PolKitCaller *caller, pid_t *out_pid)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (out_pid != NULL, FALSE);
- *out_pid = caller->pid;
- return TRUE;
-}
-
-/**
- * polkit_caller_get_selinux_context:
- * @caller: The caller object
- * @out_selinux_context: Returns the SELinux security context. The caller shall not free this string.
- *
- * Get the callers SELinux security context. Note that this may be
- * #NULL if SELinux is not available on the system.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-polkit_caller_get_selinux_context (PolKitCaller *caller, char **out_selinux_context)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (out_selinux_context != NULL, FALSE);
- *out_selinux_context = caller->selinux_context;
- return TRUE;
-}
-
-/**
- * polkit_caller_get_ck_session:
- * @caller: The caller object
- * @out_session: Returns the session object. Caller shall not unref it.
- *
- * Get the callers session. Note that this may be #NULL if the caller
- * is not in any session.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-polkit_caller_get_ck_session (PolKitCaller *caller, PolKitSession **out_session)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (out_session != NULL, FALSE);
- *out_session = caller->session;
- return TRUE;
-}
-
-/**
- * polkit_caller_debug:
- * @caller: the object
- *
- * Print debug details
- **/
-void
-polkit_caller_debug (PolKitCaller *caller)
-{
- g_return_if_fail (caller != NULL);
- _pk_debug ("PolKitCaller: refcount=%d dbus_name=%s uid=%d pid=%d selinux_context=%s",
- caller->refcount, caller->dbus_name, caller->uid, caller->pid, caller->selinux_context);
- if (caller->session != NULL)
- polkit_session_debug (caller->session);
-}
-
-
-/**
- * polkit_caller_validate:
- * @caller: the object
- *
- * Validate the object
- *
- * Returns: #TRUE iff the object is valid.
- **/
-polkit_bool_t
-polkit_caller_validate (PolKitCaller *caller)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (caller->pid > 0, FALSE);
- return TRUE;
-}
-
-#ifdef POLKIT_BUILD_TESTS
-
-static polkit_bool_t
-_run_test (void)
-{
- char *s;
- PolKitCaller *c;
- pid_t pid;
- uid_t uid;
- PolKitSeat *seat;
- PolKitSession *session;
- PolKitSession *session2;
-
- if ((c = polkit_caller_new ()) != NULL) {
-
- g_assert (! polkit_caller_set_dbus_name (c, "org.invalid.name"));
- g_assert (polkit_caller_set_dbus_name (c, NULL));
- if (polkit_caller_set_dbus_name (c, ":1.43")) {
- g_assert (polkit_caller_get_dbus_name (c, &s) && strcmp (s, ":1.43") == 0);
-
- if (polkit_caller_set_dbus_name (c, ":1.44")) {
- g_assert (polkit_caller_get_dbus_name (c, &s) && strcmp (s, ":1.44") == 0);
- }
- }
-
- g_assert (polkit_caller_set_selinux_context (c, NULL));
- if (polkit_caller_set_selinux_context (c, "system_u:object_r:bin_t")) {
- g_assert (polkit_caller_get_selinux_context (c, &s) && strcmp (s, "system_u:object_r:bin_t") == 0);
-
- if (polkit_caller_set_selinux_context (c, "system_u:object_r:httpd_exec_t")) {
- g_assert (polkit_caller_get_selinux_context (c, &s) && strcmp (s, "system_u:object_r:httpd_exec_t") == 0);
- }
- }
-
- g_assert (polkit_caller_set_uid (c, 0));
- g_assert (polkit_caller_get_uid (c, &uid) && uid == 0);
- g_assert (polkit_caller_set_pid (c, 1));
- g_assert (polkit_caller_get_pid (c, &pid) && pid == 1);
-
- /* validate where caller is not in a session */
- g_assert (polkit_caller_validate (c));
- polkit_caller_ref (c);
- g_assert (polkit_caller_validate (c));
- polkit_caller_unref (c);
- g_assert (polkit_caller_validate (c));
-
- if ((session = polkit_session_new ()) != NULL) {
- if (polkit_session_set_ck_objref (session, "/somesession")) {
- if ((seat = polkit_seat_new ()) != NULL) {
- if (polkit_seat_set_ck_objref (seat, "/someseat")) {
- g_assert (polkit_session_set_seat (session, seat));
- g_assert (polkit_session_set_ck_is_local (session, TRUE));
-
- g_assert (polkit_caller_set_ck_session (c, NULL));
- g_assert (polkit_caller_get_ck_session (c, &session2) && session2 == NULL);
-
- g_assert (polkit_caller_set_ck_session (c, session));
- g_assert (polkit_caller_set_ck_session (c, session));
- g_assert (polkit_caller_get_ck_session (c, &session2) && session2 == session);
- /* validate where caller is in a session */
- g_assert (polkit_caller_validate (c));
-
- polkit_caller_debug (c);
-
-
- }
- polkit_seat_unref (seat);
- }
- }
- polkit_session_unref (session);
- }
-
-
-
- polkit_caller_unref (c);
- }
-
- return TRUE;
-}
-
-PolKitTest _test_caller = {
- "polkit_caller",
- NULL,
- NULL,
- _run_test
-};
-
-#endif /* POLKIT_BUILD_TESTS */
diff --git a/polkit/polkit-caller.h b/polkit/polkit-caller.h
deleted file mode 100644
index ad52102..0000000
--- a/polkit/polkit-caller.h
+++ /dev/null
@@ -1,61 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-caller.h : callers
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_CALLER_H
-#define POLKIT_CALLER_H
-
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-session.h>
-#include <sys/types.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitCaller;
-typedef struct _PolKitCaller PolKitCaller;
-
-PolKitCaller *polkit_caller_new (void);
-PolKitCaller *polkit_caller_ref (PolKitCaller *caller);
-void polkit_caller_unref (PolKitCaller *caller);
-polkit_bool_t polkit_caller_set_dbus_name (PolKitCaller *caller, const char *dbus_name);
-polkit_bool_t polkit_caller_set_uid (PolKitCaller *caller, uid_t uid);
-polkit_bool_t polkit_caller_set_pid (PolKitCaller *caller, pid_t pid);
-polkit_bool_t polkit_caller_set_selinux_context (PolKitCaller *caller, const char *selinux_context);
-polkit_bool_t polkit_caller_set_ck_session (PolKitCaller *caller, PolKitSession *session);
-polkit_bool_t polkit_caller_get_dbus_name (PolKitCaller *caller, char **out_dbus_name);
-polkit_bool_t polkit_caller_get_uid (PolKitCaller *caller, uid_t *out_uid);
-polkit_bool_t polkit_caller_get_pid (PolKitCaller *caller, pid_t *out_pid);
-polkit_bool_t polkit_caller_get_selinux_context (PolKitCaller *caller, char **out_selinux_context);
-polkit_bool_t polkit_caller_get_ck_session (PolKitCaller *caller, PolKitSession **out_session);
-
-void polkit_caller_debug (PolKitCaller *caller);
-polkit_bool_t polkit_caller_validate (PolKitCaller *caller);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_H */
diff --git a/polkit/polkit-config.c b/polkit/polkit-config.c
deleted file mode 100644
index ff3c15e..0000000
--- a/polkit/polkit-config.c
+++ /dev/null
@@ -1,772 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-config.h : Configuration file
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-#include <sys/inotify.h>
-#include <regex.h>
-#include <syslog.h>
-#include <regex.h>
-
-#include <expat.h>
-
-#include <glib.h>
-#include "polkit-config.h"
-#include "polkit-debug.h"
-#include "polkit-error.h"
-
-/**
- * SECTION:polkit-config
- * @title: Configuration
- * @short_description: Represents the system-wide <literal>/etc/PolicyKit/PolicyKit.conf</literal> file.
- *
- * This class is used to represent the /etc/PolicyKit/PolicyKit.conf
- * configuration file. Applications using PolicyKit should never use
- * this class; it's only here for integration with other PolicyKit
- * components.
- **/
-
-enum {
- STATE_NONE,
- STATE_UNKNOWN_TAG,
- STATE_IN_CONFIG,
- STATE_IN_MATCH,
- STATE_IN_RETURN,
- STATE_IN_DEFINE_ADMIN_AUTH,
-};
-
-struct ConfigNode;
-typedef struct ConfigNode ConfigNode;
-
-/**
- * PolKitConfig:
- *
- * This class represents the system-wide configuration file for
- * PolicyKit. Applications using PolicyKit should never use this
- * class; it's only here for integration with other PolicyKit
- * components.
- **/
-struct _PolKitConfig
-{
- int refcount;
- ConfigNode *top_config_node;
-};
-
-#define PARSER_MAX_DEPTH 32
-
-typedef struct {
- XML_Parser parser;
- int state;
- PolKitConfig *pk_config;
- const char *path;
-
- int state_stack[PARSER_MAX_DEPTH];
- ConfigNode *node_stack[PARSER_MAX_DEPTH];
-
- int stack_depth;
-} ParserData;
-
-enum {
- NODE_TYPE_NOP,
- NODE_TYPE_TOP,
- NODE_TYPE_MATCH,
- NODE_TYPE_RETURN,
- NODE_TYPE_DEFINE_ADMIN_AUTH,
-};
-
-enum {
- MATCH_TYPE_ACTION,
- MATCH_TYPE_USER,
-};
-
-static const char * const match_names[] =
-{
- "action",
- "user",
-};
-
-static const char * const define_admin_auth_names[] =
-{
- "user",
- "group",
-};
-
-struct ConfigNode
-{
- int node_type;
-
- union {
-
- struct {
- int match_type;
- char *data;
- regex_t preq;
- } node_match;
-
- struct {
- PolKitResult result;
- } node_return;
-
- struct {
- PolKitConfigAdminAuthType admin_type;
- char *data;
- } node_define_admin_auth;
-
- } data;
-
- GSList *children;
-};
-
-
-static ConfigNode *
-config_node_new (void)
-{
- ConfigNode *node;
- node = g_new0 (ConfigNode, 1);
- return node;
-}
-
-static void
-config_node_dump_real (ConfigNode *node, unsigned int indent)
-{
- GSList *i;
- unsigned int n;
- char buf[128];
-
- for (n = 0; n < indent && n < sizeof (buf) - 1; n++)
- buf[n] = ' ';
- buf[n] = '\0';
-
- switch (node->node_type) {
- case NODE_TYPE_NOP:
- _pk_debug ("%sNOP", buf);
- break;
- case NODE_TYPE_TOP:
- _pk_debug ("%sTOP", buf);
- break;
- case NODE_TYPE_MATCH:
- _pk_debug ("%sMATCH %s (%d) with '%s'",
- buf,
- match_names[node->data.node_match.match_type],
- node->data.node_match.match_type,
- node->data.node_match.data);
- break;
- case NODE_TYPE_RETURN:
- _pk_debug ("%sRETURN %s (%d)",
- buf,
- polkit_result_to_string_representation (node->data.node_return.result),
- node->data.node_return.result);
- break;
- case NODE_TYPE_DEFINE_ADMIN_AUTH:
- _pk_debug ("%sDEFINE_ADMIN_AUTH %s (%d) with '%s'",
- buf,
- define_admin_auth_names[node->data.node_define_admin_auth.admin_type],
- node->data.node_define_admin_auth.admin_type,
- node->data.node_define_admin_auth.data);
- break;
- break;
- }
-
- for (i = node->children; i != NULL; i = g_slist_next (i)) {
- ConfigNode *child = i->data;
- config_node_dump_real (child, indent + 2);
- }
-}
-
-static void
-config_node_dump (ConfigNode *node)
-{
-
- config_node_dump_real (node, 0);
-}
-
-static void
-config_node_unref (ConfigNode *node)
-{
- GSList *i;
-
- switch (node->node_type) {
- case NODE_TYPE_NOP:
- break;
- case NODE_TYPE_TOP:
- break;
- case NODE_TYPE_MATCH:
- g_free (node->data.node_match.data);
- regfree (&(node->data.node_match.preq));
- break;
- case NODE_TYPE_RETURN:
- break;
- case NODE_TYPE_DEFINE_ADMIN_AUTH:
- g_free (node->data.node_define_admin_auth.data);
- break;
- }
-
- for (i = node->children; i != NULL; i = g_slist_next (i)) {
- ConfigNode *child = i->data;
- config_node_unref (child);
- }
- g_slist_free (node->children);
- g_free (node);
-}
-
-static void
-_start (void *data, const char *el, const char **attr)
-{
- int state;
- int num_attr;
- ParserData *pd = data;
- ConfigNode *node;
-
- _pk_debug ("_start for node '%s' (at depth=%d)", el, pd->stack_depth);
-
- for (num_attr = 0; attr[num_attr] != NULL; num_attr++)
- ;
-
- state = STATE_NONE;
- node = config_node_new ();
- node->node_type = NODE_TYPE_NOP;
-
- switch (pd->state) {
- case STATE_NONE:
- if (strcmp (el, "config") == 0) {
- state = STATE_IN_CONFIG;
- _pk_debug ("parsed config node");
-
- if (pd->pk_config->top_config_node != NULL) {
- _pk_debug ("Multiple config nodes?");
- goto error;
- }
-
- node->node_type = NODE_TYPE_TOP;
- pd->pk_config->top_config_node = node;
- }
- break;
- case STATE_IN_CONFIG: /* explicit fallthrough */
- case STATE_IN_MATCH:
- if ((strcmp (el, "match") == 0) && (num_attr == 2)) {
-
- node->node_type = NODE_TYPE_MATCH;
- if (strcmp (attr[0], "action") == 0) {
- node->data.node_match.match_type = MATCH_TYPE_ACTION;
- } else if (strcmp (attr[0], "user") == 0) {
- node->data.node_match.match_type = MATCH_TYPE_USER;
- } else {
- _pk_debug ("Unknown match rule '%s'", attr[0]);
- goto error;
- }
-
- node->data.node_match.data = g_strdup (attr[1]);
- if (regcomp (&(node->data.node_match.preq), node->data.node_match.data, REG_NOSUB|REG_EXTENDED) != 0) {
- _pk_debug ("Invalid expression '%s'", node->data.node_match.data);
- goto error;
- }
-
- state = STATE_IN_MATCH;
- _pk_debug ("parsed match node ('%s' (%d) -> '%s')",
- attr[0],
- node->data.node_match.match_type,
- node->data.node_match.data);
-
- } else if ((strcmp (el, "return") == 0) && (num_attr == 2)) {
-
- node->node_type = NODE_TYPE_RETURN;
-
- if (strcmp (attr[0], "result") == 0) {
- PolKitResult r;
- if (!polkit_result_from_string_representation (attr[1], &r)) {
- _pk_debug ("Unknown return result '%s'", attr[1]);
- goto error;
- }
- node->data.node_return.result = r;
- } else {
- _pk_debug ("Unknown return rule '%s'", attr[0]);
- goto error;
- }
-
- state = STATE_IN_RETURN;
- _pk_debug ("parsed return node ('%s' (%d))",
- attr[1],
- node->data.node_return.result);
- } else if ((strcmp (el, "define_admin_auth") == 0) && (num_attr == 2)) {
-
- node->node_type = NODE_TYPE_DEFINE_ADMIN_AUTH;
- if (strcmp (attr[0], "user") == 0) {
- node->data.node_define_admin_auth.admin_type = POLKIT_CONFIG_ADMIN_AUTH_TYPE_USER;
- } else if (strcmp (attr[0], "group") == 0) {
- node->data.node_define_admin_auth.admin_type = POLKIT_CONFIG_ADMIN_AUTH_TYPE_GROUP;
- } else {
- _pk_debug ("Unknown define_admin_auth rule '%s'", attr[0]);
- goto error;
- }
-
- node->data.node_define_admin_auth.data = g_strdup (attr[1]);
-
- state = STATE_IN_DEFINE_ADMIN_AUTH;
- _pk_debug ("parsed define_admin_auth node ('%s' (%d) -> '%s')",
- attr[0],
- node->data.node_define_admin_auth.admin_type,
- node->data.node_define_admin_auth.data);
-
-
- }
- break;
- }
-
- if (state == STATE_NONE || node == NULL) {
- g_warning ("skipping unknown tag <%s> at line %d of %s",
- el, (int) XML_GetCurrentLineNumber (pd->parser), pd->path);
- syslog (LOG_ALERT, "libpolkit: skipping unknown tag <%s> at line %d of %s",
- el, (int) XML_GetCurrentLineNumber (pd->parser), pd->path);
- state = STATE_UNKNOWN_TAG;
- }
-
- if (pd->stack_depth < 0 || pd->stack_depth >= PARSER_MAX_DEPTH) {
- _pk_debug ("reached max depth?");
- goto error;
- }
- pd->state = state;
- pd->state_stack[pd->stack_depth] = pd->state;
- pd->node_stack[pd->stack_depth] = node;
-
- if (pd->stack_depth > 0) {
- pd->node_stack[pd->stack_depth - 1]->children =
- g_slist_append (pd->node_stack[pd->stack_depth - 1]->children, node);
- }
-
- pd->stack_depth++;
- _pk_debug ("now in state=%d (after _start, depth=%d)", pd->state, pd->stack_depth);
- return;
-
-error:
- if (node != NULL) {
- config_node_unref (node);
- }
- XML_StopParser (pd->parser, FALSE);
-}
-
-static void
-_cdata (void *data, const char *s, int len)
-{
-}
-
-static void
-_end (void *data, const char *el)
-{
- ParserData *pd = data;
-
- _pk_debug ("_end for node '%s' (at depth=%d)", el, pd->stack_depth);
-
- --pd->stack_depth;
- if (pd->stack_depth < 0 || pd->stack_depth >= PARSER_MAX_DEPTH) {
- _pk_debug ("reached max depth?");
- goto error;
- }
- if (pd->stack_depth > 0)
- pd->state = pd->state_stack[pd->stack_depth - 1];
- else
- pd->state = STATE_NONE;
- _pk_debug ("now in state=%d (after _end, depth=%d)", pd->state, pd->stack_depth);
- return;
-error:
- XML_StopParser (pd->parser, FALSE);
-}
-
-/**
- * polkit_config_new:
- * @path: Path to configuration, typically /etc/PolicyKit/PolicyKit.conf is passed.
- * @error: return location for error
- *
- * Load and parse a PolicyKit configuration file.
- *
- * Returns: the configuration file object
- **/
-PolKitConfig *
-polkit_config_new (const char *path, PolKitError **error)
-{
- ParserData pd;
- int xml_res;
- PolKitConfig *pk_config;
- char *buf;
- gsize buflen;
- GError *g_error;
-
- /* load and parse the configuration file */
- pk_config = NULL;
-
- g_error = NULL;
- if (!g_file_get_contents (path, &buf, &buflen, &g_error)) {
- polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
- "Cannot load PolicyKit policy file at '%s': %s",
- path,
- g_error->message);
- g_error_free (g_error);
- goto error;
- }
-
- pd.parser = XML_ParserCreate (NULL);
- if (pd.parser == NULL) {
- polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY,
- "Cannot load PolicyKit policy file at '%s': %s",
- path,
- "No memory for parser");
- goto error;
- }
- XML_SetUserData (pd.parser, &pd);
- XML_SetElementHandler (pd.parser, _start, _end);
- XML_SetCharacterDataHandler (pd.parser, _cdata);
-
- pk_config = g_new0 (PolKitConfig, 1);
- pk_config->refcount = 1;
-
- pd.state = STATE_NONE;
- pd.pk_config = pk_config;
- pd.node_stack[0] = NULL;
- pd.stack_depth = 0;
- pd.path = path;
-
- xml_res = XML_Parse (pd.parser, buf, buflen, 1);
-
- if (xml_res == 0) {
- polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
- "%s:%d: parse error: %s",
- path,
- (int) XML_GetCurrentLineNumber (pd.parser),
- XML_ErrorString (XML_GetErrorCode (pd.parser)));
-
- XML_ParserFree (pd.parser);
- g_free (buf);
- goto error;
- }
- XML_ParserFree (pd.parser);
- g_free (buf);
-
- _pk_debug ("Loaded configuration file %s", path);
-
- if (pk_config->top_config_node != NULL)
- config_node_dump (pk_config->top_config_node);
-
- return pk_config;
-
-error:
- if (pk_config != NULL)
- polkit_config_unref (pk_config);
- return NULL;
-}
-
-/**
- * polkit_config_ref:
- * @pk_config: the object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitConfig *
-polkit_config_ref (PolKitConfig *pk_config)
-{
- g_return_val_if_fail (pk_config != NULL, pk_config);
- pk_config->refcount++;
- return pk_config;
-}
-
-/**
- * polkit_config_unref:
- * @pk_config: the object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-polkit_config_unref (PolKitConfig *pk_config)
-{
- g_return_if_fail (pk_config != NULL);
- pk_config->refcount--;
- if (pk_config->refcount > 0)
- return;
-
- if (pk_config->top_config_node != NULL)
- config_node_unref (pk_config->top_config_node);
-
- g_free (pk_config);
-}
-
-static gboolean
-config_node_match (ConfigNode *node,
- PolKitAction *action,
- PolKitCaller *caller,
- PolKitSession *session)
-{
- char *str;
- char *str1;
- char *str2;
- uid_t uid;
- gboolean match;
-
- match = FALSE;
- str1 = NULL;
- str2 = NULL;
- switch (node->data.node_match.match_type) {
-
- case MATCH_TYPE_ACTION:
- if (!polkit_action_get_action_id (action, &str))
- goto out;
- str1 = g_strdup (str);
- break;
-
- case MATCH_TYPE_USER:
- if (caller != NULL) {
- if (!polkit_caller_get_uid (caller, &uid))
- goto out;
- } else if (session != NULL) {
- if (!polkit_session_get_uid (session, &uid))
- goto out;
- } else
- goto out;
-
- str1 = g_strdup_printf ("%d", uid);
- {
- struct passwd pd;
- struct passwd* pwdptr=&pd;
- struct passwd* tempPwdPtr;
- char pwdbuffer[256];
- int pwdlinelen = sizeof(pwdbuffer);
-
- if ((getpwuid_r (uid, pwdptr, pwdbuffer, pwdlinelen, &tempPwdPtr)) !=0 )
- goto out;
- str2 = g_strdup (pd.pw_name);
- }
- break;
- }
-
- if (str1 != NULL) {
- if (regexec (&(node->data.node_match.preq), str1, 0, NULL, 0) == 0)
- match = TRUE;
- }
- if (!match && str2 != NULL) {
- if (regexec (&(node->data.node_match.preq), str2, 0, NULL, 0) == 0)
- match = TRUE;
- }
-
-out:
- g_free (str1);
- g_free (str2);
- return match;
-}
-
-
-/* exactly one of the parameters caller and session must be NULL */
-static PolKitResult
-config_node_test (ConfigNode *node,
- PolKitAction *action,
- PolKitCaller *caller,
- PolKitSession *session)
-{
- gboolean recurse;
- PolKitResult result;
-
- recurse = FALSE;
- result = POLKIT_RESULT_UNKNOWN;
-
- switch (node->node_type) {
- case NODE_TYPE_NOP:
- recurse = FALSE;
- break;
- case NODE_TYPE_TOP:
- recurse = TRUE;
- break;
- case NODE_TYPE_MATCH:
- if (config_node_match (node, action, caller, session))
- recurse = TRUE;
- break;
- case NODE_TYPE_RETURN:
- result = node->data.node_return.result;
- break;
- default:
- break;
- }
-
- if (recurse) {
- GSList *i;
- for (i = node->children; i != NULL; i = g_slist_next (i)) {
- ConfigNode *child_node = i->data;
- result = config_node_test (child_node, action, caller, session);
- if (result != POLKIT_RESULT_UNKNOWN) {
- goto out;
- }
- }
- }
-
-out:
- return result;
-}
-
-/**
- * polkit_config_can_session_do_action:
- * @pk_config: the PolicyKit context
- * @action: the type of access to check for
- * @session: the session in question
- *
- * Determine if the /etc/PolicyKit/PolicyKit.conf configuration file
- * says that a given session can do a given action.
- *
- * Returns: A #PolKitResult - returns #POLKIT_RESULT_UNKNOWN if there
- * was no match in the configuration file.
- */
-PolKitResult
-polkit_config_can_session_do_action (PolKitConfig *pk_config,
- PolKitAction *action,
- PolKitSession *session)
-{
- PolKitResult result;
- if (pk_config->top_config_node != NULL)
- result = config_node_test (pk_config->top_config_node, action, NULL, session);
- else
- result = POLKIT_RESULT_UNKNOWN;
- return result;
-}
-
-/**
- * polkit_config_can_caller_do_action:
- * @pk_config: the PolicyKit context
- * @action: the type of access to check for
- * @caller: the caller in question
- *
- * Determine if the /etc/PolicyKit/PolicyKit.conf configuration file
- * says that a given caller can do a given action.
- *
- * Returns: A #PolKitResult - returns #POLKIT_RESULT_UNKNOWN if there
- * was no match in the configuration file.
- */
-PolKitResult
-polkit_config_can_caller_do_action (PolKitConfig *pk_config,
- PolKitAction *action,
- PolKitCaller *caller)
-{
- PolKitResult result;
- if (pk_config->top_config_node != NULL)
- result = config_node_test (pk_config->top_config_node, action, caller, NULL);
- else
- result = POLKIT_RESULT_UNKNOWN;
- return result;
-}
-
-
-static polkit_bool_t
-config_node_determine_admin_auth (ConfigNode *node,
- PolKitAction *action,
- PolKitCaller *caller,
- PolKitConfigAdminAuthType *out_admin_auth_type,
- const char **out_data)
-{
- gboolean recurse;
- gboolean result_set;
-
- recurse = FALSE;
- result_set = FALSE;
-
- switch (node->node_type) {
- case NODE_TYPE_NOP:
- recurse = FALSE;
- break;
- case NODE_TYPE_TOP:
- recurse = TRUE;
- break;
- case NODE_TYPE_MATCH:
- if (config_node_match (node, action, caller, NULL))
- recurse = TRUE;
- break;
- case NODE_TYPE_DEFINE_ADMIN_AUTH:
- if (out_admin_auth_type != NULL)
- *out_admin_auth_type = node->data.node_define_admin_auth.admin_type;
- if (out_data != NULL)
- *out_data = node->data.node_define_admin_auth.data;
- result_set = TRUE;
- break;
- default:
- break;
- }
-
- if (recurse) {
- GSList *i;
- for (i = node->children; i != NULL; i = g_slist_next (i)) {
- ConfigNode *child_node = i->data;
-
- result_set = config_node_determine_admin_auth (child_node,
- action,
- caller,
- out_admin_auth_type,
- out_data) || result_set;
- }
- }
-
- return result_set;
-}
-
-/**
- * polkit_config_determine_admin_auth_type:
- * @pk_config: the PolicyKit context
- * @action: the type of access to check for
- * @caller: the caller in question
- * @out_admin_auth_type: return location for the authentication type
- * @out_data: return location for the match value of the given
- * authentication type. Caller shall not manipulate or free this
- * string.
- *
- * Determine what "Authenticate as admin" means for a given caller and
- * a given action. This basically returns the result of the
- * "define_admin_auth" in the configuration file when drilling down
- * for a specific caller / action.
- *
- * Returns: TRUE if value was returned
- */
-polkit_bool_t
-polkit_config_determine_admin_auth_type (PolKitConfig *pk_config,
- PolKitAction *action,
- PolKitCaller *caller,
- PolKitConfigAdminAuthType *out_admin_auth_type,
- const char **out_data)
-{
- if (pk_config->top_config_node != NULL) {
- return config_node_determine_admin_auth (pk_config->top_config_node,
- action,
- caller,
- out_admin_auth_type,
- out_data);
- } else {
- return FALSE;
- }
-}
-
diff --git a/polkit/polkit-config.h b/polkit/polkit-config.h
deleted file mode 100644
index a5307a4..0000000
--- a/polkit/polkit-config.h
+++ /dev/null
@@ -1,87 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-config.h : Configuration file
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_CONFIG_H
-#define POLKIT_CONFIG_H
-
-#include <sys/types.h>
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-error.h>
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-result.h>
-#include <polkit/polkit-action.h>
-#include <polkit/polkit-session.h>
-#include <polkit/polkit-caller.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitConfig;
-typedef struct _PolKitConfig PolKitConfig;
-
-PolKitConfig *polkit_config_new (const char *path, PolKitError **error);
-PolKitConfig *polkit_config_ref (PolKitConfig *pk_config);
-void polkit_config_unref (PolKitConfig *pk_config);
-
-PolKitResult
-polkit_config_can_session_do_action (PolKitConfig *pk_config,
- PolKitAction *action,
- PolKitSession *session);
-
-PolKitResult
-polkit_config_can_caller_do_action (PolKitConfig *pk_config,
- PolKitAction *action,
- PolKitCaller *caller);
-
-/**
- * PolKitConfigAdminAuthType:
- * @POLKIT_CONFIG_ADMIN_AUTH_TYPE_USER: Authentication as
- * administrator matches one or more users
- * @POLKIT_CONFIG_ADMIN_AUTH_TYPE_GROUP: Authentication as
- * administrator matches users from one or more groups
- *
- * This enumeration reflects results defined in the
- * "define_admin_auth" configuration element.
- */
-typedef enum
-{
- POLKIT_CONFIG_ADMIN_AUTH_TYPE_USER,
- POLKIT_CONFIG_ADMIN_AUTH_TYPE_GROUP
-} PolKitConfigAdminAuthType;
-
-polkit_bool_t polkit_config_determine_admin_auth_type (PolKitConfig *pk_config,
- PolKitAction *action,
- PolKitCaller *caller,
- PolKitConfigAdminAuthType *out_admin_auth_type,
- const char **out_data);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_CONFIG_H */
-
-
diff --git a/polkit/polkit-context.c b/polkit/polkit-context.c
deleted file mode 100644
index 1f25d58..0000000
--- a/polkit/polkit-context.c
+++ /dev/null
@@ -1,803 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-context.c : context for PolicyKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-#include <sys/inotify.h>
-#include <syslog.h>
-
-#include <glib.h>
-#include "polkit-config.h"
-#include "polkit-debug.h"
-#include "polkit-context.h"
-#include "polkit-policy-cache.h"
-#include "polkit-private.h"
-
-/**
- * SECTION:polkit
- * @short_description: Centralized policy management.
- *
- * libpolkit is a C library for centralized policy management.
- **/
-
-/**
- * SECTION:polkit-context
- * @title: Context
- * @short_description: The main interface used to query PolicyKit.
- *
- * This class is used to represent the interface to PolicyKit - it is
- * used by Mechanisms that use PolicyKit for making
- * decisions. Typically, it's used as a singleton:
- *
- * <itemizedlist>
- * <listitem>First, the Mechanism need to declare one or more PolicyKit Actions by dropping a <literal>.policy</literal> file into <literal>/usr/share/PolicyKit/policy</literal>. This is described in the PolicyKit specification.</listitem>
- * <listitem>The mechanism starts up and uses polkit_context_new() to create a new context</listitem>
- * <listitem>If the mechanism is a long running daemon, it should use polkit_context_set_config_changed() to register a callback when configuration changes. This is useful if, for example, the mechanism needs to revise decisions based on earlier answers from libpolkit. For example, a daemon that manages permissions on <literal>/dev</literal> may want to add/remove ACL's when configuration changes; for example, the system administrator could have changed the PolicyKit configuration file <literal>/etc/PolicyKit/PolicyKit.conf</literal> such that some user is now privileged to access a specific device.</listitem>
- * <listitem>If polkit_context_set_config_changed() is used, the mechanism must also use polkit_context_set_io_watch_functions() to integrate libpolkit into the mainloop.</listitem>
- * <listitem>The mechanism needs to call polkit_context_init() such that libpolkit can load configuration files and properly initialize.</listitem>
- * <listitem>Whenever the mechanism needs to make a decision whether a caller is allowed to make a perform some action, the mechanism prepares a #PolKitAction and #PolKitCaller object (or #PolKitSession if applicable) and calls polkit_context_can_caller_do_action() (or polkit_context_can_session_do_action() if applicable). The mechanism may use the libpolkit-dbus library (specifically the polkit_caller_new_from_dbus_name() or polkit_caller_new_from_pid() functions) but may opt, for performance reasons, to construct #PolKitCaller (or #PolKitSession if applicable) from it's own cache of information.</listitem>
- * <listitem>The mechanism will get a #PolKitResult object back that describes whether it should carry out the action. This result stems from a number of sources, see the PolicyKit specification document for details.</listitem>
- * <listitem>If the result is #POLKIT_RESULT_YES, the mechanism should carry out the action. If the result is not #POLKIT_RESULT_YES nor #POLKIT_RESULT_UNKNOWN (this would never be returned but is mentioned here for completeness), the mechanism should throw an expcetion to the caller detailing the #PolKitResult as a textual string using polkit_result_to_string_representation(). For example, if the mechanism is using D-Bus it could throw an com.some-mechanism.DeniedByPolicy exception with the #PolKitResult textual representation in the detail field. Then the caller can interpret this exception and then act on it (for example it can attempt to gain that privilege).</listitem>
- * </itemizedlist>
- *
- * For more information about using PolicyKit in mechanisms and
- * callers, refer to the PolicyKit-gnome project which includes a
- * sample application on how to use this in the GNOME desktop.
- **/
-
-/**
- * PolKitContext:
- *
- * Context object for users of PolicyKit.
- **/
-struct _PolKitContext
-{
- int refcount;
-
- PolKitContextConfigChangedCB config_changed_cb;
- void *config_changed_user_data;
-
- PolKitContextAddIOWatch io_add_watch_func;
- PolKitContextRemoveIOWatch io_remove_watch_func;
-
- char *policy_dir;
-
- PolKitPolicyCache *priv_cache;
-
- PolKitConfig *config;
-
- PolKitAuthorizationDB *authdb;
-
- polkit_bool_t load_descriptions;
-
- int inotify_fd;
- int inotify_fd_watch_id;
- int inotify_config_wd;
- int inotify_policy_wd;
- int inotify_grant_perm_wd;
-};
-
-/**
- * polkit_context_new:
- *
- * Create a new context
- *
- * Returns: the object
- **/
-PolKitContext *
-polkit_context_new (void)
-{
- PolKitContext *pk_context;
- pk_context = g_new0 (PolKitContext, 1);
- pk_context->refcount = 1;
- /* TODO: May want to rethink instantiating this on demand.. */
- pk_context->authdb = _polkit_authorization_db_new ();
- return pk_context;
-}
-
-/**
- * polkit_context_init:
- * @pk_context: the context object
- * @error: return location for error
- *
- * Initializes a new context; loads PolicyKit files from
- * /usr/share/PolicyKit/policy.
- *
- * Returns: #FALSE if @error was set, otherwise #TRUE
- **/
-polkit_bool_t
-polkit_context_init (PolKitContext *pk_context, PolKitError **error)
-{
- g_return_val_if_fail (pk_context != NULL, FALSE);
-
- pk_context->policy_dir = g_strdup (PACKAGE_DATA_DIR "/PolicyKit/policy");
- _pk_debug ("Using policy files from directory %s", pk_context->policy_dir);
-
- /* NOTE: we don't populate the cache until it's needed.. */
-
- /* NOTE: we don't load the configuration file until it's needed */
-
- if (pk_context->io_add_watch_func != NULL) {
- pk_context->inotify_fd = inotify_init ();
- if (pk_context->inotify_fd < 0) {
- _pk_debug ("failed to initialize inotify: %s", strerror (errno));
- /* TODO: set error */
- goto error;
- }
-
- /* Watch the /etc/PolicyKit/PolicyKit.conf file */
- pk_context->inotify_config_wd = inotify_add_watch (pk_context->inotify_fd,
- PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf",
- IN_MODIFY | IN_CREATE | IN_ATTRIB);
- if (pk_context->inotify_config_wd < 0) {
- _pk_debug ("failed to add watch on file '" PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf': %s",
- strerror (errno));
- /* TODO: set error */
- goto error;
- }
-
- /* Watch the /usr/share/PolicyKit/policy directory */
- pk_context->inotify_policy_wd = inotify_add_watch (pk_context->inotify_fd,
- PACKAGE_DATA_DIR "/PolicyKit/policy",
- IN_MODIFY | IN_CREATE | IN_DELETE | IN_ATTRIB);
- if (pk_context->inotify_policy_wd < 0) {
- _pk_debug ("failed to add watch on directory '" PACKAGE_DATA_DIR "/PolicyKit/policy': %s",
- strerror (errno));
- /* TODO: set error */
- goto error;
- }
-
-#ifdef POLKIT_AUTHDB_DEFAULT
- /* Watch the /var/lib/misc/PolicyKit.reload file */
- pk_context->inotify_grant_perm_wd = inotify_add_watch (pk_context->inotify_fd,
- PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload",
- IN_MODIFY | IN_CREATE | IN_ATTRIB);
- if (pk_context->inotify_grant_perm_wd < 0) {
- _pk_debug ("failed to add watch on file '" PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload': %s",
- strerror (errno));
- /* TODO: set error */
- goto error;
- }
-#endif
-
- pk_context->inotify_fd_watch_id = pk_context->io_add_watch_func (pk_context, pk_context->inotify_fd);
- if (pk_context->inotify_fd_watch_id == 0) {
- _pk_debug ("failed to add io watch");
- /* TODO: set error */
- goto error;
- }
- }
-
- return TRUE;
-error:
- return FALSE;
-}
-
-/**
- * polkit_context_ref:
- * @pk_context: the context object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitContext *
-polkit_context_ref (PolKitContext *pk_context)
-{
- g_return_val_if_fail (pk_context != NULL, pk_context);
- pk_context->refcount++;
- return pk_context;
-}
-
-/**
- * polkit_context_unref:
- * @pk_context: the context object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-polkit_context_unref (PolKitContext *pk_context)
-{
-
- g_return_if_fail (pk_context != NULL);
- pk_context->refcount--;
- if (pk_context->refcount > 0)
- return;
-
- g_free (pk_context);
-}
-
-/**
- * polkit_context_set_config_changed:
- * @pk_context: the context object
- * @cb: the callback to invoke
- * @user_data: user data to pass to the callback
- *
- * Register the callback function for when configuration changes.
- * Mechanisms should use this callback to e.g. reconfigure all
- * permissions / acl's they have set in response to policy decisions
- * made from information provided by PolicyKit.
- *
- * Note that this function may be called many times within a short
- * interval due to how file monitoring works if e.g. the user is
- * editing a configuration file (editors typically create back-up
- * files). Mechanisms should use a "cool-off" timer (of, say, one
- * second) to avoid doing many expensive operations (such as
- * reconfiguring all ACL's for all devices) within a very short
- * timeframe.
- *
- * This method must be called before polkit_context_init().
- **/
-void
-polkit_context_set_config_changed (PolKitContext *pk_context,
- PolKitContextConfigChangedCB cb,
- void *user_data)
-{
- g_return_if_fail (pk_context != NULL);
- pk_context->config_changed_cb = cb;
- pk_context->config_changed_user_data = user_data;
-}
-
-/**
- * polkit_context_io_func:
- * @pk_context: the object
- * @fd: the file descriptor passed to the supplied function of type #PolKitContextAddIOWatch.
- *
- * Method that the application must call when there is data to read
- * from a file descriptor registered with the supplied function of
- * type #PolKitContextAddIOWatch.
- **/
-void
-polkit_context_io_func (PolKitContext *pk_context, int fd)
-{
- gboolean config_changed;
-
- g_return_if_fail (pk_context != NULL);
-
- _pk_debug ("polkit_context_io_func: data on fd %d", fd);
-
- config_changed = FALSE;
-
- if (fd == pk_context->inotify_fd) {
-/* size of the event structure, not counting name */
-#define EVENT_SIZE (sizeof (struct inotify_event))
-/* reasonable guess as to size of 1024 events */
-#define BUF_LEN (1024 * (EVENT_SIZE + 16))
- char buf[BUF_LEN];
- int len;
- int i = 0;
-again:
- len = read (fd, buf, BUF_LEN);
- if (len < 0) {
- if (errno == EINTR) {
- goto again;
- } else {
- _pk_debug ("read: %s", strerror (errno));
- }
- } else if (len > 0) {
- /* BUF_LEN too small? */
- }
- while (i < len) {
- struct inotify_event *event;
- event = (struct inotify_event *) &buf[i];
- _pk_debug ("wd=%d mask=%u cookie=%u len=%u",
- event->wd, event->mask, event->cookie, event->len);
-
- _pk_debug ("config changed!");
- config_changed = TRUE;
-
- i += EVENT_SIZE + event->len;
- }
- }
-
- if (config_changed) {
- /* purge existing policy files */
- _pk_debug ("purging policy files");
- if (pk_context->priv_cache != NULL) {
- polkit_policy_cache_unref (pk_context->priv_cache);
- pk_context->priv_cache = NULL;
- }
-
- /* Purge existing old config file */
- _pk_debug ("purging configuration file");
- if (pk_context->config != NULL) {
- polkit_config_unref (pk_context->config);
- pk_context->config = NULL;
- }
-
- /* Purge authorization entries from the cache */
- _polkit_authorization_db_invalidate_cache (pk_context->authdb);
-
- if (pk_context->config_changed_cb != NULL) {
- pk_context->config_changed_cb (pk_context,
- pk_context->config_changed_user_data);
- }
- }
-}
-
-/**
- * polkit_context_set_io_watch_functions:
- * @pk_context: the context object
- * @io_add_watch_func: the function that the PolicyKit library can invoke to start watching a file descriptor
- * @io_remove_watch_func: the function that the PolicyKit library can invoke to stop watching a file descriptor
- *
- * Register a functions that PolicyKit can use for watching IO descriptors.
- *
- * This method must be called before polkit_context_init().
- **/
-void
-polkit_context_set_io_watch_functions (PolKitContext *pk_context,
- PolKitContextAddIOWatch io_add_watch_func,
- PolKitContextRemoveIOWatch io_remove_watch_func)
-{
- g_return_if_fail (pk_context != NULL);
- pk_context->io_add_watch_func = io_add_watch_func;
- pk_context->io_remove_watch_func = io_remove_watch_func;
-}
-
-/**
- * polkit_context_set_load_descriptions:
- * @pk_context: the context
- *
- * Set whether policy descriptions should be loaded. By default these
- * are not loaded to keep memory use down. TODO: specify whether they
- * are localized and how.
- *
- * This method must be called before polkit_context_init().
- **/
-void
-polkit_context_set_load_descriptions (PolKitContext *pk_context)
-{
- g_return_if_fail (pk_context != NULL);
- pk_context->load_descriptions = TRUE;
-}
-
-/**
- * polkit_context_get_policy_cache:
- * @pk_context: the context
- *
- * Get the #PolKitPolicyCache object that holds all the defined policies as well as their defaults.
- *
- * Returns: the #PolKitPolicyCache object. Caller shall not unref it.
- **/
-PolKitPolicyCache *
-polkit_context_get_policy_cache (PolKitContext *pk_context)
-{
- g_return_val_if_fail (pk_context != NULL, NULL);
-
- if (pk_context->priv_cache == NULL) {
- PolKitError *error;
-
- _pk_debug ("Populating cache from directory %s", pk_context->policy_dir);
-
- error = NULL;
- pk_context->priv_cache = _polkit_policy_cache_new (pk_context->policy_dir,
- pk_context->load_descriptions,
- &error);
- if (pk_context->priv_cache == NULL) {
- g_warning ("Error loading policy files from %s: %s",
- pk_context->policy_dir, polkit_error_get_error_message (error));
- polkit_error_free (error);
- } else {
- polkit_policy_cache_debug (pk_context->priv_cache);
- }
- }
-
- return pk_context->priv_cache;
-}
-
-
-/**
- * polkit_context_is_session_authorized:
- * @pk_context: the PolicyKit context
- * @action: the type of access to check for
- * @session: the session in question
- * @error: return location for error
- *
- * Determine if any caller from a giver session is authorized to do a
- * given action.
- *
- * Returns: A #PolKitResult specifying if, and how, the caller can
- * do a specific action.
- *
- * Since: 0.7
- */
-PolKitResult
-polkit_context_is_session_authorized (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session,
- PolKitError **error)
-{
- PolKitPolicyCache *cache;
- PolKitPolicyFileEntry *pfe;
- PolKitPolicyDefault *policy_default;
- PolKitResult result_from_config;
- PolKitResult result_from_grantdb;
- polkit_bool_t from_authdb;
- PolKitResult result;
- PolKitConfig *config;
-
- result = POLKIT_RESULT_NO;
- g_return_val_if_fail (pk_context != NULL, result);
-
- config = polkit_context_get_config (pk_context, NULL);
- /* if the configuration file is malformed, always say no */
- if (config == NULL)
- goto out;
-
- if (action == NULL || session == NULL)
- goto out;
-
- /* now validate the incoming objects */
- if (!polkit_action_validate (action))
- goto out;
- if (!polkit_session_validate (session))
- goto out;
-
- cache = polkit_context_get_policy_cache (pk_context);
- if (cache == NULL)
- goto out;
-
- _pk_debug ("entering polkit_can_session_do_action()");
- polkit_action_debug (action);
- polkit_session_debug (session);
-
- pfe = polkit_policy_cache_get_entry (cache, action);
- if (pfe == NULL) {
- char *action_name;
- if (!polkit_action_get_action_id (action, &action_name)) {
- g_warning ("given action has no name");
- } else {
- g_warning ("no action with name '%s'", action_name);
- }
- result = POLKIT_RESULT_UNKNOWN;
- goto out;
- }
-
- polkit_policy_file_entry_debug (pfe);
-
- result_from_config = polkit_config_can_session_do_action (config, action, session);
-
- result_from_grantdb = POLKIT_RESULT_UNKNOWN;
- if (polkit_authorization_db_is_session_authorized (pk_context->authdb,
- action,
- session,
- &from_authdb)) {
- if (from_authdb)
- result_from_grantdb = POLKIT_RESULT_YES;
- }
-
- /* Fist, the config file is authoritative.. so only use the
- * value from the authdb if the config file allows to gain via
- * authentication
- */
- if (result_from_config != POLKIT_RESULT_UNKNOWN) {
- /* it does.. use it.. although try to use an existing grant if there is one */
- if ((result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS) &&
- result_from_grantdb == POLKIT_RESULT_YES) {
- result = POLKIT_RESULT_YES;
- } else {
- result = result_from_config;
- }
- goto found;
- }
-
- /* If we have a positive answer from the authdb, use it */
- if (result_from_grantdb == POLKIT_RESULT_YES) {
- result = POLKIT_RESULT_YES;
- goto found;
- }
-
- /* Otherwise, fall back to defaults as specified in the .policy file */
- policy_default = polkit_policy_file_entry_get_default (pfe);
- if (policy_default == NULL) {
- g_warning ("no default policy for action!");
- goto out;
- }
- result = polkit_policy_default_can_session_do_action (policy_default, action, session);
-
-found:
- /* Never return UNKNOWN to user */
- if (result == POLKIT_RESULT_UNKNOWN)
- result = POLKIT_RESULT_NO;
-
-out:
- _pk_debug ("... result was %s", polkit_result_to_string_representation (result));
- return result;
-}
-
-/**
- * polkit_context_is_caller_authorized:
- * @pk_context: the PolicyKit context
- * @action: the type of access to check for
- * @caller: the caller in question
- * @revoke_if_one_shot: Whether to revoke one-shot authorizations. See
- * below for discussion.
- * @error: return location for error
- *
- * Determine if a given caller is authorized to do a given
- * action.
- *
- * It is important to understand how one-shot authorizations work.
- * The revoke_if_one_shot parameter, if #TRUE, specifies whether
- * one-shot authorizations should be revoked if they are used
- * to make the decision to return #POLKIT_RESULT_YES.
- *
- * UI applications wanting to hint whether a caller is authorized must
- * pass #FALSE here. Mechanisms that wants to check authorizations
- * before carrying out work on behalf of a caller must pass #TRUE
- * here.
- *
- * As a side-effect, any process with the authorization
- * org.freedesktop.policykit.read can revoke one-shot authorizations
- * from other users. Even though the window for doing so is small
- * (one-shot auths are typically used right away), be careful who you
- * grant that authorization to.
- *
- * This can fail with the following errors:
- * #POLKIT_ERROR_NOT_AUTHORIZED_TO_READ_AUTHORIZATIONS_FOR_OTHER_USERS
- *
- * Returns: A #PolKitResult specifying if, and how, the caller can
- * do a specific action.
- *
- * Since: 0.7
- */
-PolKitResult
-polkit_context_is_caller_authorized (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller,
- polkit_bool_t revoke_if_one_shot,
- PolKitError **error)
-{
-
-
- PolKitPolicyCache *cache;
- PolKitPolicyFileEntry *pfe;
- PolKitResult result;
- PolKitResult result_from_config;
- PolKitResult result_from_grantdb;
- PolKitPolicyDefault *policy_default;
- PolKitConfig *config;
- polkit_bool_t from_authdb;
-
- result = POLKIT_RESULT_NO;
- g_return_val_if_fail (pk_context != NULL, result);
-
- /* if the configuration file is malformed, always say no */
- config = polkit_context_get_config (pk_context, NULL);
- if (config == NULL)
- goto out;
-
- if (action == NULL || caller == NULL)
- goto out;
-
- cache = polkit_context_get_policy_cache (pk_context);
- if (cache == NULL)
- goto out;
-
- /* now validate the incoming objects */
- if (!polkit_action_validate (action))
- goto out;
- if (!polkit_caller_validate (caller))
- goto out;
-
- _pk_debug ("entering polkit_can_caller_do_action()");
- polkit_action_debug (action);
- polkit_caller_debug (caller);
-
- pfe = polkit_policy_cache_get_entry (cache, action);
- if (pfe == NULL) {
- char *action_name;
- if (!polkit_action_get_action_id (action, &action_name)) {
- g_warning ("given action has no name");
- } else {
- g_warning ("no action with name '%s'", action_name);
- }
- result = POLKIT_RESULT_UNKNOWN;
- goto out;
- }
-
- polkit_policy_file_entry_debug (pfe);
-
- result_from_config = polkit_config_can_caller_do_action (config, action, caller);
-
- result_from_grantdb = POLKIT_RESULT_UNKNOWN;
- if (polkit_authorization_db_is_caller_authorized (pk_context->authdb,
- action,
- caller,
- revoke_if_one_shot,
- &from_authdb)) {
- if (from_authdb)
- result_from_grantdb = POLKIT_RESULT_YES;
- }
-
- /* Fist, the config file is authoritative.. so only use the
- * value from the authdb if the config file allows to gain via
- * authentication
- */
- if (result_from_config != POLKIT_RESULT_UNKNOWN) {
- /* it does.. use it.. although try to use an existing grant if there is one */
- if ((result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS) &&
- result_from_grantdb == POLKIT_RESULT_YES) {
- result = POLKIT_RESULT_YES;
- } else {
- result = result_from_config;
- }
- goto found;
- }
-
- /* If we have a positive answer from the authdb, use it */
- if (result_from_grantdb == POLKIT_RESULT_YES) {
- result = POLKIT_RESULT_YES;
- goto found;
- }
-
- /* Otherwise, fall back to defaults as specified in the .policy file */
- policy_default = polkit_policy_file_entry_get_default (pfe);
- if (policy_default == NULL) {
- g_warning ("no default policy for action!");
- goto out;
- }
- result = polkit_policy_default_can_caller_do_action (policy_default, action, caller);
-
-found:
-
- /* Never return UNKNOWN to user */
- if (result == POLKIT_RESULT_UNKNOWN)
- result = POLKIT_RESULT_NO;
-out:
- _pk_debug ("... result was %s", polkit_result_to_string_representation (result));
- return result;
-}
-
-/**
- * polkit_context_can_session_do_action:
- * @pk_context: the PolicyKit context
- * @action: the type of access to check for
- * @session: the session in question
- *
- * Determine if a given session can do a given action.
- *
- * This can fail with the following errors:
- * #POLKIT_ERROR_NOT_AUTHORIZED_TO_READ_AUTHORIZATIONS_FOR_OTHER_USERS
- *
- * Returns: A #PolKitResult - can only be one of
- * #POLKIT_RESULT_YES, #POLKIT_RESULT_NO.
- *
- * Deprecated: 0.7: use polkit_context_is_session_authorized() instead.
- */
-PolKitResult
-polkit_context_can_session_do_action (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session)
-{
- return polkit_context_is_session_authorized (pk_context, action, session, NULL);
-}
-
-/**
- * polkit_context_can_caller_do_action:
- * @pk_context: the PolicyKit context
- * @action: the type of access to check for
- * @caller: the caller in question
- *
- * Determine if a given caller can do a given action.
- *
- * Returns: A #PolKitResult specifying if, and how, the caller can
- * do a specific action
- *
- * Deprecated: 0.7: use polkit_context_is_caller_authorized() instead.
- */
-PolKitResult
-polkit_context_can_caller_do_action (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller)
-{
- return polkit_context_is_caller_authorized (pk_context, action, caller, TRUE, NULL);
-}
-
-/**
- * polkit_context_get_config:
- * @pk_context: the PolicyKit context
- * @error: Return location for error
- *
- * Returns an object that provides access to the
- * /etc/PolicyKit/PolicyKit.conf configuration files. Applications
- * using PolicyKit should never use this method; it's only here for
- * integration with other PolicyKit components.
- *
- * Returns: A #PolKitConfig object or NULL if the configuration file
- * is malformed. Caller should not unref this object.
- */
-PolKitConfig *
-polkit_context_get_config (PolKitContext *pk_context, PolKitError **error)
-{
- if (pk_context->config == NULL) {
- PolKitError **pk_error;
- PolKitError *pk_error2;
-
- pk_error2 = NULL;
- if (error != NULL)
- pk_error = error;
- else
- pk_error = &pk_error2;
-
- _pk_debug ("loading configuration file");
- pk_context->config = polkit_config_new (PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf", pk_error);
- /* if configuration file was bad, log it */
- if (pk_context->config == NULL) {
- _pk_debug ("failed to load configuration file: %s",
- polkit_error_get_error_message (*pk_error));
- syslog (LOG_ALERT, "libpolkit: failed to load configuration file: %s",
- polkit_error_get_error_message (*pk_error));
- if (pk_error == &pk_error2)
- polkit_error_free (*pk_error);
- }
- }
- return pk_context->config;
-}
-
-/**
- * polkit_context_get_authorization_db:
- * @pk_context: the PolicyKit context
- *
- * Returns an object that provides access to the authorization
- * database. Applications using PolicyKit should never use this
- * method; it's only here for integration with other PolicyKit
- * components.
- *
- * Returns: A #PolKitAuthorizationDB object. Caller should not unref
- * this object.
- */
-PolKitAuthorizationDB *
-polkit_context_get_authorization_db (PolKitContext *pk_context)
-{
- return pk_context->authdb;
-}
diff --git a/polkit/polkit-context.h b/polkit/polkit-context.h
deleted file mode 100644
index 72e4ad8..0000000
--- a/polkit/polkit-context.h
+++ /dev/null
@@ -1,190 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-context.h : PolicyKit context
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_CONTEXT_H
-#define POLKIT_CONTEXT_H
-
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-error.h>
-#include <polkit/polkit-result.h>
-#include <polkit/polkit-context.h>
-#include <polkit/polkit-action.h>
-#include <polkit/polkit-seat.h>
-#include <polkit/polkit-session.h>
-#include <polkit/polkit-caller.h>
-#include <polkit/polkit-policy-cache.h>
-#include <polkit/polkit-config.h>
-#include <polkit/polkit-authorization-db.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitContext;
-typedef struct _PolKitContext PolKitContext;
-
-/**
- * PolKitContextConfigChangedCB:
- * @pk_context: PolicyKit context
- * @user_data: user data
- *
- * The type of the callback function for when configuration changes.
- * Mechanisms should use this callback to e.g. reconfigure all
- * permissions / acl's they have set in response to policy decisions
- * made from information provided by PolicyKit.
- *
- * The user must have set up watches using #polkit_context_set_io_watch_functions
- * for this to work.
- *
- * Note that this function may be called many times within a short
- * interval due to how file monitoring works if e.g. the user is
- * editing a configuration file (editors typically create back-up
- * files). Mechanisms should use a "cool-off" timer (of, say, one
- * second) to avoid doing many expensive operations (such as
- * reconfiguring all ACL's for all devices) within a very short
- * timeframe.
- */
-typedef void (*PolKitContextConfigChangedCB) (PolKitContext *pk_context,
- void *user_data);
-
-/**
- * PolKitContextAddIOWatch:
- * @pk_context: the polkit context
- * @fd: the file descriptor to watch
- *
- * Type for function supplied by the application to integrate a watch
- * on a file descriptor into the applications main loop. The
- * application must call polkit_grant_io_func() when there is data
- * to read from the file descriptor.
- *
- * For glib mainloop, the function will typically look like this:
- *
- * <programlisting>
- * static gboolean
- * io_watch_have_data (GIOChannel *channel, GIOCondition condition, gpointer user_data)
- * {
- * int fd;
- * PolKitContext *pk_context = user_data;
- * fd = g_io_channel_unix_get_fd (channel);
- * polkit_context_io_func (pk_context, fd);
- * return TRUE;
- * }
- *
- * static int
- * io_add_watch (PolKitContext *pk_context, int fd)
- * {
- * guint id = 0;
- * GIOChannel *channel;
- * channel = g_io_channel_unix_new (fd);
- * if (channel == NULL)
- * goto out;
- * id = g_io_add_watch (channel, G_IO_IN, io_watch_have_data, pk_context);
- * if (id == 0) {
- * g_io_channel_unref (channel);
- * goto out;
- * }
- * g_io_channel_unref (channel);
- * out:
- * return id;
- * }
- * </programlisting>
- *
- * Returns: 0 if the watch couldn't be set up; otherwise an unique
- * identifier for the watch.
- **/
-typedef int (*PolKitContextAddIOWatch) (PolKitContext *pk_context, int fd);
-
-/**
- * PolKitContextRemoveIOWatch:
- * @pk_context: the context object
- * @watch_id: the id obtained from using the supplied function
- * of type #PolKitContextAddIOWatch
- *
- * Type for function supplied by the application to remove a watch set
- * up via the supplied function of type #PolKitContextAddIOWatch
- *
- * For the glib mainloop, the function will typically look like this:
- *
- * <programlisting>
- * static void
- * io_remove_watch (PolKitContext *pk_context, int watch_id)
- * {
- * g_source_remove (watch_id);
- * }
- * </programlisting>
- *
- **/
-typedef void (*PolKitContextRemoveIOWatch) (PolKitContext *pk_context, int watch_id);
-
-
-PolKitContext *polkit_context_new (void);
-void polkit_context_set_config_changed (PolKitContext *pk_context,
- PolKitContextConfigChangedCB cb,
- void *user_data);
-void polkit_context_set_io_watch_functions (PolKitContext *pk_context,
- PolKitContextAddIOWatch io_add_watch_func,
- PolKitContextRemoveIOWatch io_remove_watch_func);
-void polkit_context_set_load_descriptions (PolKitContext *pk_context);
-polkit_bool_t polkit_context_init (PolKitContext *pk_context,
- PolKitError **error);
-PolKitContext *polkit_context_ref (PolKitContext *pk_context);
-void polkit_context_unref (PolKitContext *pk_context);
-
-void polkit_context_io_func (PolKitContext *pk_context, int fd);
-
-PolKitPolicyCache *polkit_context_get_policy_cache (PolKitContext *pk_context);
-
-POLKIT_GNUC_DEPRECATED
-PolKitResult polkit_context_can_session_do_action (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session);
-
-POLKIT_GNUC_DEPRECATED
-PolKitResult polkit_context_can_caller_do_action (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller);
-
-PolKitConfig *polkit_context_get_config (PolKitContext *pk_context, PolKitError **error);
-
-PolKitResult polkit_context_is_caller_authorized (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller,
- polkit_bool_t revoke_if_one_shot,
- PolKitError **error);
-
-PolKitResult polkit_context_is_session_authorized (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session,
- PolKitError **error);
-
-PolKitAuthorizationDB *polkit_context_get_authorization_db (PolKitContext *pk_context);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_CONTEXT_H */
-
-
diff --git a/polkit/polkit-debug.c b/polkit/polkit-debug.c
deleted file mode 100644
index 50c1491..0000000
--- a/polkit/polkit-debug.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit.c : library for querying system-wide policy
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-/**
- * SECTION:polkit-debug
- * @short_description: Internal debug functions for polkit.
- *
- * These functions are used for debug purposes
- **/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <sys/time.h>
-#include <time.h>
-
-#include "polkit-types.h"
-#include "polkit-debug.h"
-
-/**
- * pk_debug:
- * @format: format
- *
- * Print debug message
- **/
-void
-_pk_debug (const char *format, ...)
-{
- va_list args;
- static polkit_bool_t show_debug = FALSE;
- static polkit_bool_t init = FALSE;
-
- if (!init) {
- init = TRUE;
- if (getenv ("POLKIT_DEBUG") != NULL) {
- show_debug = TRUE;
- }
- }
-
- if (show_debug) {
- struct timeval tnow;
- struct tm *tlocaltime;
- struct timezone tzone;
- char tbuf[256];
- gettimeofday (&tnow, &tzone);
- tlocaltime = localtime ((time_t *) &tnow.tv_sec);
- strftime (tbuf, sizeof (tbuf), "%H:%M:%S", tlocaltime);
- fprintf (stdout, "%s.%03d: ", tbuf, (int)(tnow.tv_usec/1000));
-
- va_start (args, format);
- vfprintf (stdout, format, args);
- va_end (args);
- fprintf (stdout, "\n");
- }
-}
diff --git a/polkit/polkit-debug.h b/polkit/polkit-debug.h
deleted file mode 100644
index 7177e7e..0000000
--- a/polkit/polkit-debug.h
+++ /dev/null
@@ -1,33 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-debug.h : debug infrastructure for polkit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifndef POLKIT_DEBUG_H
-#define POLKIT_DEBUG_H
-
-void _pk_debug (const char *format, ...) __attribute__((__format__ (__printf__, 1, 2)));
-
-#endif /* POLKIT_DEBUG_H */
-
-
diff --git a/polkit/polkit-error.c b/polkit/polkit-error.c
deleted file mode 100644
index f87f817..0000000
--- a/polkit/polkit-error.c
+++ /dev/null
@@ -1,246 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-error.c : GError error codes from PolicyKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-/**
- * SECTION:polkit-error
- * @title: Error reporting
- * @short_description: Representation of recoverable errors.
- *
- * Error codes from PolicyKit.
- **/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-
-#include "polkit-types.h"
-#include "polkit-error.h"
-#include "polkit-debug.h"
-#include "polkit-test.h"
-#include "polkit-memory.h"
-
-/**
- * PolKitError:
- *
- * Objects of this class are used for error reporting.
- **/
-struct _PolKitError
-{
- polkit_bool_t is_static;
- PolKitErrorCode error_code;
- char *error_message;
-};
-
-/**
- * polkit_error_is_set:
- * @error: the error
- *
- * Determine if an error set
- *
- * Returns: #TRUE if, and only if, the error is set
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_error_is_set (PolKitError *error)
-{
- return error != NULL;
-}
-
-static const char *error_names[POLKIT_ERROR_NUM_ERROR_CODES] = {
- "OutOfMemory",
- "PolicyFileInvalid",
- "GeneralError",
- "NotAuthorizedToReadAuthorizationsForOtherUsers",
- "NotAuthorizedToRevokeAuthorizationsFromOtherUsers",
- "NotAuthorizedToGrantAuthorization",
- "AuthorizationAlreadyExists",
- "NotSupported"
-};
-
-/**
- * polkit_error_get_error_name:
- * @error: the error
- *
- * Get the CamelCase name for the error;
- * e.g. #POLKIT_ERROR_OUT_OF_MEMORY maps to "OutOfMemory" and so on.
- *
- * Returns: the string
- *
- * Since: 0.7
- */
-const char *
-polkit_error_get_error_name (PolKitError *error)
-{
- g_return_val_if_fail (error != NULL, NULL);
- g_return_val_if_fail (error->error_code >= 0 && error->error_code < POLKIT_ERROR_NUM_ERROR_CODES, NULL);
-
- return error_names[error->error_code];
-}
-
-/**
- * polkit_error_get_error_code:
- * @error: the error object
- *
- * Returns the error code.
- *
- * Returns: A value from the #PolKitErrorCode enumeration.
- **/
-PolKitErrorCode
-polkit_error_get_error_code (PolKitError *error)
-{
- g_return_val_if_fail (error != NULL, -1);
- return error->error_code;
-}
-
-/**
- * polkit_error_get_error_message:
- * @error: the error object
- *
- * Get the error message.
- *
- * Returns: A string describing the error. Caller shall not free this string.
- **/
-const char *
-polkit_error_get_error_message (PolKitError *error)
-{
- g_return_val_if_fail (error != NULL, NULL);
- return error->error_message;
-}
-
-/**
- * polkit_error_free:
- * @error: the error
- *
- * Free an error.
- **/
-void
-polkit_error_free (PolKitError *error)
-{
- g_return_if_fail (error != NULL);
- if (!error->is_static) {
- p_free (error->error_message);
- p_free (error);
- }
-}
-
-
-static PolKitError _oom_error = {TRUE, POLKIT_ERROR_OUT_OF_MEMORY, "Pre-allocated OOM error object"};
-
-/**
- * polkit_error_set_error:
- * @error: the error object
- * @error_code: A value from the #PolKitErrorCode enumeration.
- * @format: printf style formatting string
- * @Varargs: printf style arguments
- *
- * Sets an error. If OOM, the error will be set to a pre-allocated OOM error.
- *
- * Returns: TRUE if the error was set
- **/
-polkit_bool_t
-polkit_error_set_error (PolKitError **error, PolKitErrorCode error_code, const char *format, ...)
-{
- va_list args;
- PolKitError *e;
-
- g_return_val_if_fail (format != NULL, FALSE);
- g_return_val_if_fail (error_code >= 0 && error_code < POLKIT_ERROR_NUM_ERROR_CODES, FALSE);
-
- if (error == NULL)
- goto out;
-
- e = p_new0 (PolKitError, 1);
- if (e == NULL) {
- *error = &_oom_error;
- } else {
- e->is_static = FALSE;
- e->error_code = error_code;
- va_start (args, format);
- e->error_message = p_strdup_vprintf (format, args);
- va_end (args);
- if (e->error_message == NULL) {
- p_free (e);
- *error = &_oom_error;
- } else {
- *error = e;
- }
- }
-
-out:
- return TRUE;
-}
-
-#ifdef POLKIT_BUILD_TESTS
-
-static polkit_bool_t
-_run_test (void)
-{
- unsigned int n;
- PolKitError *e;
- char s[256];
-
- e = NULL;
- g_assert (! polkit_error_is_set (e));
- g_assert (! polkit_error_set_error (&e, -1, "Testing"));
- g_assert (! polkit_error_set_error (&e, POLKIT_ERROR_NUM_ERROR_CODES, "Testing"));
-
- for (n = 0; n < POLKIT_ERROR_NUM_ERROR_CODES; n++) {
- polkit_error_set_error (&e, n, "Testing error code %d", n);
- g_assert (polkit_error_is_set (e));
- g_assert (polkit_error_get_error_code (e) == n || polkit_error_get_error_code (e) == POLKIT_ERROR_OUT_OF_MEMORY);
- g_assert (strcmp (polkit_error_get_error_name (e), error_names[polkit_error_get_error_code (e)]) == 0);
-
- if (polkit_error_get_error_code (e) != POLKIT_ERROR_OUT_OF_MEMORY) {
- snprintf (s, sizeof (s), "Testing error code %d", n);
- g_assert (strcmp (polkit_error_get_error_message (e), s) == 0);
- }
-
- polkit_error_free (e);
- }
-
- return TRUE;
-}
-
-
-PolKitTest _test_error = {
- "polkit_error",
- NULL,
- NULL,
- _run_test
-};
-
-#endif /* POLKIT_BUILD_TESTS */
diff --git a/polkit/polkit-error.h b/polkit/polkit-error.h
deleted file mode 100644
index 472d670..0000000
--- a/polkit/polkit-error.h
+++ /dev/null
@@ -1,88 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-error.h : error reporting from PolicyKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_ERROR_H
-#define POLKIT_ERROR_H
-
-#include <polkit/polkit-types.h>
-
-POLKIT_BEGIN_DECLS
-
-/**
- * PolKitErrorCode:
- * @POLKIT_ERROR_OUT_OF_MEMORY: Out of memory
- * @POLKIT_ERROR_POLICY_FILE_INVALID: There was an error parsing the given policy file
- * @POLKIT_ERROR_GENERAL_ERROR: A general error code typically
- * indicating problems with the installation of PolicyKit,
- * e.g. helpers missing or wrong owner / permission.
- * @POLKIT_ERROR_NOT_AUTHORIZED_TO_READ_AUTHORIZATIONS_FOR_OTHER_USERS:
- * An attempt was made to read authorizations for other users and the
- * calling process is not authorized.
- * @POLKIT_ERROR_NOT_AUTHORIZED_TO_REVOKE_AUTHORIZATIONS_FROM_OTHER_USERS:
- * An attempt was made to revoke authorizations for other users and the
- * calling process is not authorized.
- * @POLKIT_ERROR_NOT_AUTHORIZED_TO_GRANT_AUTHORIZATION: An attempt was
- * made to grant an authorization and the calling process is not
- * authorized.
- * @POLKIT_ERROR_AUTHORIZATION_ALREADY_EXISTS: Subject already has an
- * similar authorization already (modulo time of grant and who granted).
- * @POLKIT_ERROR_NOT_SUPPORTED: The operation is not supported by the
- * authorization database backend
- * @POLKIT_ERROR_NUM_ERROR_CODES: Number of error codes. This may change
- * from version to version; do not rely on it.
- *
- * Errors returned by PolicyKit
- */
-typedef enum
-{
- POLKIT_ERROR_OUT_OF_MEMORY,
- POLKIT_ERROR_POLICY_FILE_INVALID,
- POLKIT_ERROR_GENERAL_ERROR,
- POLKIT_ERROR_NOT_AUTHORIZED_TO_READ_AUTHORIZATIONS_FOR_OTHER_USERS,
- POLKIT_ERROR_NOT_AUTHORIZED_TO_REVOKE_AUTHORIZATIONS_FROM_OTHER_USERS,
- POLKIT_ERROR_NOT_AUTHORIZED_TO_GRANT_AUTHORIZATION,
- POLKIT_ERROR_AUTHORIZATION_ALREADY_EXISTS,
- POLKIT_ERROR_NOT_SUPPORTED,
-
- POLKIT_ERROR_NUM_ERROR_CODES
-} PolKitErrorCode;
-
-struct _PolKitError;
-typedef struct _PolKitError PolKitError;
-
-polkit_bool_t polkit_error_is_set (PolKitError *error);
-const char *polkit_error_get_error_name (PolKitError *error);
-PolKitErrorCode polkit_error_get_error_code (PolKitError *error);
-const char *polkit_error_get_error_message (PolKitError *error);
-void polkit_error_free (PolKitError *error);
-polkit_bool_t polkit_error_set_error (PolKitError **error, PolKitErrorCode error_code, const char *format, ...) __attribute__((__format__ (__printf__, 3, 4)));
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_ERROR_H */
diff --git a/polkit/polkit-hash.c b/polkit/polkit-hash.c
deleted file mode 100644
index ef2797d..0000000
--- a/polkit/polkit-hash.c
+++ /dev/null
@@ -1,560 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-hash.c : Hash tables
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <glib.h>
-#include <polkit/polkit-hash.h>
-#include <polkit/polkit-memory.h>
-#include <polkit/polkit-test.h>
-
-/**
- * SECTION:polkit-hash
- * @title: Hash Tables
- * @short_description: Hash Tables
- *
- * This class provides support for hash tables.
- *
- * Since: 0.7
- **/
-
-struct _PolKitHashNode;
-
-typedef struct _PolKitHashNode {
- void *key;
- void *value;
- struct _PolKitHashNode *next;
-} PolKitHashNode;
-
-
-/**
- * PolKitHash:
- *
- * The #PolKitHash structure not be accessed directly.
- *
- * Since: 0.7
- */
-struct _PolKitHash
-{
- int refcount;
-
- int num_top_nodes;
- PolKitHashNode **top_nodes;
-
- PolKitHashFunc hash_func;
- PolKitEqualFunc key_equal_func;
- PolKitCopyFunc key_copy_func;
- PolKitCopyFunc value_copy_func;
- PolKitFreeFunc key_destroy_func;
- PolKitFreeFunc value_destroy_func;
-};
-
-/**
- * polkit_hash_new:
- * @hash_func: The hash function to use
- * @key_equal_func: The function used to determine key equality
- * @key_copy_func: Function for copying keys or #NULL
- * @value_copy_func: Function for copying values or #NULL
- * @key_destroy_func: Function for freeing keys or #NULL
- * @value_destroy_func: Function for freeing values or #NULL
- *
- * Creates a new Hash Table.
- *
- * Returns: The new hash table. Returns #NULL on OOM.
- *
- * Since: 0.7
- */
-PolKitHash *
-polkit_hash_new (PolKitHashFunc hash_func,
- PolKitEqualFunc key_equal_func,
- PolKitCopyFunc key_copy_func,
- PolKitCopyFunc value_copy_func,
- PolKitFreeFunc key_destroy_func,
- PolKitFreeFunc value_destroy_func)
-{
- PolKitHash *h;
-
- g_return_val_if_fail (hash_func != NULL, NULL);
- g_return_val_if_fail (key_equal_func != NULL, NULL);
-
- h = p_new0 (PolKitHash, 1);
- if (h == NULL)
- goto error;
-
- h->refcount = 1;
- h->hash_func = hash_func;
- h->key_copy_func = key_copy_func;
- h->value_copy_func = value_copy_func;
- h->key_equal_func = key_equal_func;
- h->key_destroy_func = key_destroy_func;
- h->value_destroy_func = value_destroy_func;
-
- h->num_top_nodes = 11; /* TODO: configurable? */
- h->top_nodes = p_new0 (PolKitHashNode*, h->num_top_nodes);
- if (h->top_nodes == NULL)
- goto error;
-
- return h;
-error:
- if (h != NULL)
- polkit_hash_unref (h);
- return NULL;
-}
-
-/**
- * polkit_hash_ref:
- * @hash: the hash table
- *
- * Increase reference count.
- *
- * Returns: the hash table
- *
- * Since: 0.7
- */
-PolKitHash *
-polkit_hash_ref (PolKitHash *hash)
-{
- g_return_val_if_fail (hash != NULL, hash);
- hash->refcount++;
- return hash;
-}
-
-/**
- * polkit_hash_unref:
- * @hash: the hash table
- *
- * Decrease reference count. If reference count drop to zero the hash
- * table is freed.
- *
- * Since: 0.7
- */
-void
-polkit_hash_unref (PolKitHash *hash)
-{
- g_return_if_fail (hash != NULL);
-
- hash->refcount--;
- if (hash->refcount > 0)
- return;
-
- if (hash->top_nodes != NULL) {
- int n;
-
- for (n = 0; n < hash->num_top_nodes; n++) {
- PolKitHashNode *node;
- PolKitHashNode *next;
-
- for (node = hash->top_nodes[n]; node != NULL; node = next) {
- if (hash->key_destroy_func != NULL)
- hash->key_destroy_func (node->key);
- if (hash->value_destroy_func != NULL)
- hash->value_destroy_func (node->value);
- next = node->next;
- p_free (node);
- }
- }
- }
-
- p_free (hash->top_nodes);
- p_free (hash);
-}
-
-/**
- * polkit_hash_insert:
- * @hash: the hash table
- * @key: key to insert
- * @value: value to insert
- *
- * Inserts a new key and value into a hash table. If the key already
- * exists in the hash table it's current value is replaced with the
- * new value.
- *
- * Returns: #TRUE unless OOM
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_hash_insert (PolKitHash *hash,
- void *key,
- void *value)
-{
- int bucket;
- PolKitHashNode **nodep;
- PolKitHashNode *node;
- void *key_copy;
- void *value_copy;
-
- g_return_val_if_fail (hash != NULL, FALSE);
- g_return_val_if_fail (key != NULL, FALSE);
-
- key_copy = NULL;
- value_copy = NULL;
- if (hash->key_copy_func != NULL) {
- key_copy = hash->key_copy_func (key);
- if (key_copy == NULL) {
- goto oom;
- }
- } else {
- key_copy = key;
- }
- if (hash->value_copy_func != NULL) {
- value_copy = hash->value_copy_func (value);
- if (value_copy == NULL) {
- goto oom;
- }
- } else {
- value_copy = value;
- }
-
- bucket = hash->hash_func (key) % hash->num_top_nodes;
-
- nodep = & (hash->top_nodes [bucket]);
- node = hash->top_nodes [bucket];
- while (node != NULL) {
- nodep = &(node->next);
-
- if (hash->key_equal_func (key, node->key)) {
- /* replace the value */
-
- if (hash->key_destroy_func != NULL)
- hash->key_destroy_func (node->key);
- if (hash->value_destroy_func != NULL)
- hash->value_destroy_func (node->value);
-
- node->key = key_copy;
- node->value = value_copy;
-
- goto out;
- } else {
- node = node->next;
- }
- }
-
- node = p_new0 (PolKitHashNode, 1);
- if (node == NULL)
- goto oom;
-
- node->key = key_copy;
- node->value = value_copy;
- *nodep = node;
-
-out:
- return TRUE;
-
-oom:
- if (key_copy != NULL && hash->key_copy_func != NULL && hash->key_destroy_func != NULL)
- hash->key_destroy_func (key_copy);
-
- if (value_copy != NULL && hash->value_copy_func != NULL && hash->value_destroy_func != NULL)
- hash->value_destroy_func (value_copy);
-
- return FALSE;
-}
-
-/**
- * polkit_hash_lookup:
- * @hash: the hash table
- * @key: key to look up
- * @found: if not #NULL, will return #TRUE only if the key was found in the hash table
- *
- * Look up a value in the hash table.
- *
- * Returns: the value; caller shall not free/unref this value
- *
- * Since: 0.7
- */
-void *
-polkit_hash_lookup (PolKitHash *hash, void *key, polkit_bool_t *found)
-{
- int bucket;
- void *value;
- PolKitHashNode *node;
-
- value = NULL;
- if (found != NULL)
- *found = FALSE;
-
- g_return_val_if_fail (hash != NULL, NULL);
- g_return_val_if_fail (key != NULL, NULL);
-
- bucket = hash->hash_func (key) % hash->num_top_nodes;
-
- node = hash->top_nodes [bucket];
- while (node != NULL) {
- if (hash->key_equal_func (key, node->key)) {
- /* got it */
-
- value = node->value;
- if (found != NULL)
- *found = TRUE;
- goto out;
- } else {
- node = node->next;
- }
- }
-
-out:
- return value;
-}
-
-
-/**
- * polkit_hash_foreach:
- * @hash: the hash table
- * @cb: callback function
- * @user_data: user data
- *
- * Iterate over all elements in a hash table
- *
- * Returns: #TRUE only if the callback short-circuited the iteration
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_hash_foreach (PolKitHash *hash, PolKitHashForeachFunc cb, void *user_data)
-{
- int n;
-
- g_return_val_if_fail (hash != NULL, FALSE);
- g_return_val_if_fail (cb != NULL, FALSE);
-
- for (n = 0; n < hash->num_top_nodes; n++) {
- PolKitHashNode *node;
-
- for (node = hash->top_nodes[n]; node != NULL; node = node->next) {
- if (cb (hash, node->key, node->value, user_data))
- return TRUE;
- }
- }
-
- return FALSE;
-}
-
-
-/**
- * polkit_hash_direct_hash_func:
- * @key: the key
- *
- * Converts a pointer to a hash value.
- *
- * Returns: a hash value corresponding to the key
- *
- * Since: 0.7
- */
-polkit_uint32_t
-polkit_hash_direct_hash_func (const void *key)
-{
- /* TODO: reimplement */
- return g_direct_hash (key);
-}
-
-/**
- * polkit_hash_direct_equal_func:
- * @v1: first value
- * @v2: second value
- *
- * Compares two pointers and return #TRUE if they are equal (same address).
- *
- * Returns: #TRUE only if the values are equal
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_hash_direct_equal_func (const void *v1, const void *v2)
-{
- /* TODO: reimplement */
- return g_direct_equal (v1, v2);
-}
-
-/**
- * polkit_hash_str_hash_func:
- * @key: the key
- *
- * Converts a string to a hash value.
- *
- * Returns: a hash value corresponding to the key
- *
- * Since: 0.7
- */
-polkit_uint32_t
-polkit_hash_str_hash_func (const void *key)
-{
- const char *p;
- polkit_uint32_t hash;
-
- hash = 0;
- for (p = key; *p != '\0'; p++)
- hash = hash * 617 ^ *p;
-
- return hash;
-}
-
-/**
- * polkit_hash_str_equal_func:
- * @v1: first value
- * @v2: second value
- *
- * Compares two strings and return #TRUE if they are equal.
- *
- * Returns: #TRUE only if the values are equal
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_hash_str_equal_func (const void *v1, const void *v2)
-{
- return strcmp (v1, v2) == 0;
-}
-
-/**
- * polkit_hash_str_copy:
- * @p: void pointer to string
- *
- * Similar to p_strdup() except for types.
- *
- * Returns: a void pointer to a copy or #NULL on OOM
- */
-void *
-polkit_hash_str_copy (const void *p)
-{
- return (void *) p_strdup ((const char *) p);
-}
-
-#ifdef POLKIT_BUILD_TESTS
-
-static polkit_bool_t
-_it1 (PolKitHash *hash, void *key, void *value, void *user_data)
-{
- int *count = (int *) user_data;
- *count += 1;
- return FALSE;
-}
-
-static polkit_bool_t
-_it2 (PolKitHash *hash, void *key, void *value, void *user_data)
-{
- int *count = (int *) user_data;
- *count += 1;
- return TRUE;
-}
-
-static polkit_bool_t
-_run_test (void)
-{
- int count;
- PolKitHash *h;
- polkit_bool_t found;
-
- /* string hash tables */
- if ((h = polkit_hash_new (polkit_hash_str_hash_func, polkit_hash_str_equal_func,
- polkit_hash_str_copy, polkit_hash_str_copy,
- p_free, p_free)) != NULL) {
- int n;
- char *key;
- char *value;
- char *test_data[] = {"key1", "val1",
- "key2", "val2",
- "key3", "val3",
- "key4", "val4",
- "key5", "val5",
- "key6", "val6",
- "key7", "val7",
- "key8", "val8",
- "key9", "val9",
- "key10", "val10",
- "key11", "val11",
- "key12", "val12",
- NULL};
-
- /* first insert the values */
- for (n = 0; test_data [n*2] != NULL; n++) {
- if (!polkit_hash_insert (h, test_data [n*2], test_data [n*2 + 1])) {
- goto oom;
- }
- }
-
- /* then check that we can look them up */
- for (n = 0; test_data [n*2] != NULL; n++) {
- key = test_data [n*2];
- value = polkit_hash_lookup (h, test_data[n*2], &found);
-
- g_assert (found && strcmp (value, test_data[n*2 + 1]) == 0);
- }
-
- /* lookup unknown key */
- g_assert (polkit_hash_lookup (h, "unknown", &found) == NULL && !found);
-
- /* replace key */
- if (key != NULL) {
- if (polkit_hash_insert (h, "key1", "val1-replaced")) {
- /* check for replaced value */
- value = polkit_hash_lookup (h, "key1", &found);
- g_assert (found && value != NULL && strcmp (value, "val1-replaced") == 0);
- }
- }
-
- count = 0;
- g_assert (polkit_hash_foreach (h, _it1, &count) == FALSE);
- g_assert (count == ((sizeof (test_data) / sizeof (char *) - 1) / 2));
- count = 0;
- g_assert (polkit_hash_foreach (h, _it2, &count) == TRUE);
- g_assert (count == 1);
-
- polkit_hash_ref (h);
- polkit_hash_unref (h);
- oom:
-
- polkit_hash_unref (h);
- }
-
- /* direct hash tables */
- if ((h = polkit_hash_new (polkit_hash_direct_hash_func, polkit_hash_direct_equal_func,
- NULL, NULL,
- NULL, NULL)) != NULL) {
- if (polkit_hash_insert (h, h, h)) {
- g_assert ((polkit_hash_lookup (h, h, &found) == h) && found);
- if (polkit_hash_insert (h, h, NULL)) {
- g_assert (polkit_hash_lookup (h, h, &found) == NULL && found);
- }
- }
- polkit_hash_unref (h);
- }
-
- return TRUE;
-}
-
-PolKitTest _test_hash = {
- "polkit_hash",
- NULL,
- NULL,
- _run_test
-};
-
-#endif /* POLKIT_BUILD_TESTS */
diff --git a/polkit/polkit-hash.h b/polkit/polkit-hash.h
deleted file mode 100644
index 0c3428f..0000000
--- a/polkit/polkit-hash.h
+++ /dev/null
@@ -1,147 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-hash.h : Hash tables
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_HASH_H
-#define POLKIT_HASH_H
-
-#include <polkit/polkit-types.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitHash;
-typedef struct _PolKitHash PolKitHash;
-
-/**
- * PolKitHashFunc:
- * @key: a key
- *
- * The function is passed a key and should return a hash value. The
- * functions polkit_hash_direct_hash_func() and
- * polkit_hash_str_hash_func() provide hash functions which can be
- * used when the key is a pointer and an char* respectively.
- *
- * Returns: the hash value corresponding to the key
- *
- * Since: 0.7
- */
-typedef polkit_uint32_t (*PolKitHashFunc) (const void *key);
-
-/**
- * PolKitEqualFunc:
- * @key1: first key
- * @key2: second key
- *
- * Determines if two keys are equal. The functions
- * polkit_hash_direct_equal_func() and polkit_hash_str_equal_func()
- * provide equality functions which can be used when the key is a
- * pointer and an char* respectively.
- *
- * Returns: #TRUE iff the keys are equal
- *
- * Since: 0.7
- */
-typedef polkit_bool_t (*PolKitEqualFunc) (const void *key1, const void *key2);
-
-/**
- * PolKitFreeFunc:
- * @p: pointer
- *
- * Specifies the type of function which is called when a data element
- * is destroyed. It is passed the pointer to the data element and
- * should free any memory and resources allocated for it. The function
- * p_free() or any of the object unref functions can be passed here.
- *
- * Since: 0.7
- */
-typedef void (*PolKitFreeFunc) (void *p);
-
-/**
- * PolKitCopyFunc:
- * @p: pointer
- *
- * Specifies the type of function which is called when a data element
- * is to be cloned or reffed. It is passed the pointer to the data
- * element and should return a new pointer to a reffed or cloned
- * object. The function polkit_hash_str_copy() or any of the object
- * ref functions can be passed here.
- *
- * Returns: A copy or ref of the object in question
- *
- * Since: 0.7
- */
-typedef void *(*PolKitCopyFunc) (const void *p);
-
-/**
- * PolKitHashForeachFunc:
- * @hash: the hash table
- * @key: key
- * @value: value
- * @user_data: user data passed to polkit_hash_foreach()
- *
- * Type signature for callback function used in polkit_hash_foreach().
- *
- * Returns: Return #TRUE to short-circuit, e.g. stop the iteration.
- *
- * Since: 0.7
- */
-typedef polkit_bool_t (*PolKitHashForeachFunc) (PolKitHash *hash,
- void *key,
- void *value,
- void *user_data);
-
-
-PolKitHash *polkit_hash_new (PolKitHashFunc hash_func,
- PolKitEqualFunc key_equal_func,
- PolKitCopyFunc key_copy_func,
- PolKitCopyFunc value_copy_func,
- PolKitFreeFunc key_destroy_func,
- PolKitFreeFunc value_destroy_func);
-
-PolKitHash *polkit_hash_ref (PolKitHash *hash);
-void polkit_hash_unref (PolKitHash *hash);
-
-polkit_bool_t polkit_hash_insert (PolKitHash *hash, void *key, void *value);
-
-void *polkit_hash_lookup (PolKitHash *hash, void *key, polkit_bool_t *found);
-
-polkit_bool_t polkit_hash_foreach (PolKitHash *hash, PolKitHashForeachFunc cb, void *user_data);
-
-
-polkit_uint32_t polkit_hash_direct_hash_func (const void *key);
-polkit_bool_t polkit_hash_direct_equal_func (const void *v1, const void *v2);
-
-polkit_uint32_t polkit_hash_str_hash_func (const void *key);
-polkit_bool_t polkit_hash_str_equal_func (const void *v1, const void *v2);
-void *polkit_hash_str_copy (const void *p);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_HASH_H */
-
-
diff --git a/polkit/polkit-list.c b/polkit/polkit-list.c
deleted file mode 100644
index 72f6642..0000000
--- a/polkit/polkit-list.c
+++ /dev/null
@@ -1,330 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-list.c : Doubly-linked lists
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <glib.h>
-#include <polkit/polkit-list.h>
-#include <polkit/polkit-memory.h>
-#include <polkit/polkit-test.h>
-
-/**
- * SECTION:polkit-list
- * @title: Doubly-linked lists
- * @short_description: Doubly-linked lists
- *
- * This class provides support for doubly-linked lists.
- *
- * Since: 0.7
- **/
-
-/**
- * polkit_list_append:
- * @list: existing list or #NULL to create a new list
- * @data: data to append to the list
- *
- * Append an entry to a list.
- *
- * Returns: the head of the new list or #NULL on OOM
- *
- * Since: 0.7
- */
-PolKitList *
-polkit_list_append (PolKitList *list, void *data)
-{
- PolKitList *l;
- PolKitList *j;
-
- for (j = list; j != NULL && j->next != NULL; j = j->next)
- ;
-
- l = p_new0 (PolKitList, 1);
- if (l == NULL)
- goto oom;
-
- l->data = data;
- l->prev = j;
-
- if (j != NULL) {
- j->next = l;
- } else {
- list = l;
- }
-
- return list;
-oom:
- return NULL;
-}
-
-/**
- * polkit_list_prepend:
- * @list: existing list or #NULL to create a new list
- * @data: data to prepend to the list
- *
- * Prepend an entry to a list.
- *
- * Returns: the head of the new list or #NULL on OOM
- *
- * Since: 0.7
- */
-PolKitList *
-polkit_list_prepend (PolKitList *list, void *data)
-{
- PolKitList *l;
-
- l = p_new0 (PolKitList, 1);
- if (l == NULL)
- goto oom;
-
- l->next = list;
- l->data = data;
- if (list != NULL) {
- list->prev = l;
- }
-
-oom:
- return l;
-}
-
-/**
- * polkit_list_delete_link:
- * @list: existing list, cannot be #NULL
- * @link: link to delete, cannot be #NULL
- *
- * Delete a link from a list.
- *
- * Returns: the new head of the list or #NULL if the list is empty after deletion.
- *
- * Since: 0.7
- */
-PolKitList *
-polkit_list_delete_link (PolKitList *list, PolKitList *link)
-{
- PolKitList *ret;
-
- g_return_val_if_fail (list != NULL, NULL);
- g_return_val_if_fail (link != NULL, NULL);
-
- if (list == link)
- ret = link->next;
- else
- ret = list;
-
- if (link->prev != NULL) {
- link->prev->next = link->next;
- }
-
- if (link->next != NULL) {
- link->next->prev = link->prev;
- }
-
- p_free (link);
-
- return ret;
-}
-
-/**
- * polkit_list_free:
- * @list: the list
- *
- * Frees all links in a list
- *
- * Since: 0.7
- */
-void
-polkit_list_free (PolKitList *list)
-{
- PolKitList *l;
- PolKitList *j;
-
- for (l = list; l != NULL; l = j) {
- j = l->next;
- p_free (l);
- }
-}
-
-/**
- * polkit_list_length:
- * @list: the list
- *
- * Compute the length of a list.
- *
- * Returns: Number of entries in list
- *
- * Since: 0.7
- */
-size_t
-polkit_list_length (PolKitList *list)
-{
- ssize_t n;
- PolKitList *l;
-
- n = 0;
- for (l = list; l != NULL; l = l->next)
- n++;
-
- return n;
-}
-
-/**
- * polkit_list_foreach:
- * @list: the list
- * @func: callback function
- * @user_data: user data to pass to callback
- *
- * Iterate over all entries in a list.
- *
- * Returns: #TRUE only if the callback short-circuited the iteration
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_list_foreach (PolKitList *list, PolKitListForeachFunc func, void *user_data)
-{
- PolKitList *l;
-
- g_return_val_if_fail (list != NULL, FALSE);
- g_return_val_if_fail (func != NULL, FALSE);
-
- for (l = list; l != NULL; l = l->next) {
- if (func (list, l->data, user_data))
- return TRUE;
- }
-
- return FALSE;
-}
-
-
-#ifdef POLKIT_BUILD_TESTS
-
-typedef struct {
- int num;
- int result;
-} _Closure;
-
-static polkit_bool_t
-_sum (PolKitList *list, void *data, void *user_data)
-{
- _Closure *c = (_Closure*) user_data;
-
- c->result += ((int) data) * (c->num + 1);
- c->num += 1;
-
- return FALSE;
-}
-
-static polkit_bool_t
-_sum2 (PolKitList *list, void *data, void *user_data)
-{
- _Closure *c = (_Closure*) user_data;
-
- if (c->num == 2)
- return TRUE;
-
- c->result += ((int) data) * (c->num + 1);
- c->num += 1;
-
- return FALSE;
-}
-
-static polkit_bool_t
-_run_test (void)
-{
- _Closure c;
- int items[] = {1, 2, 3, 4, 5};
- unsigned int num_items = sizeof (items) / sizeof (int);
- unsigned int n;
- PolKitList *l;
- PolKitList *j;
-
- l = NULL;
- for (n = 0; n < num_items; n++) {
- j = l;
- l = polkit_list_prepend (l, (void *) items[n]);
- if (l == NULL)
- goto oom;
- }
-
- g_assert (polkit_list_length (l) == num_items);
- c.num = 0;
- c.result = 0;
- polkit_list_foreach (l, _sum, &c);
- g_assert (c.result == 1*5 + 2*4 + 3*3 + 4*2 + 5*1);
-
- c.num = 0;
- c.result = 0;
- polkit_list_foreach (l, _sum2, &c);
- g_assert (c.result == 1*5 + 2*4);
-
- l = polkit_list_delete_link (l, l);
- g_assert (polkit_list_length (l) == num_items - 1);
- c.num = 0;
- c.result = 0;
- polkit_list_foreach (l, _sum, &c);
- g_assert (c.result == 1*4 + 2*3 + 3*2 + 4*1);
-
- l = polkit_list_delete_link (l, l->next);
- g_assert (polkit_list_length (l) == num_items - 2);
- c.num = 0;
- c.result = 0;
- polkit_list_foreach (l, _sum, &c);
- g_assert (c.result == 1*4 + 2*2 + 3*1);
-
- polkit_list_free (l);
-
- l = NULL;
- for (n = 0; n < num_items; n++) {
- j = l;
- l = polkit_list_append (l, (void *) items[n]);
- if (l == NULL)
- goto oom;
- }
-
- c.num = 0;
- c.result = 0;
- polkit_list_foreach (l, _sum, &c);
- g_assert (c.result == 1*1 + 2*2 + 3*3 + 4*4 + 5*5);
-
- polkit_list_free (l);
-
- return TRUE;
-oom:
- polkit_list_free (j);
- return TRUE;
-}
-
-PolKitTest _test_list = {
- "polkit_list",
- NULL,
- NULL,
- _run_test
-};
-
-#endif /* POLKIT_BUILD_TESTS */
diff --git a/polkit/polkit-list.h b/polkit/polkit-list.h
deleted file mode 100644
index e8de811..0000000
--- a/polkit/polkit-list.h
+++ /dev/null
@@ -1,85 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-list.h : Doubly-linked list
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_LIST_H
-#define POLKIT_LIST_H
-
-#include <polkit/polkit-types.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitList;
-typedef struct _PolKitList PolKitList;
-
-/**
- * PolKitList:
- * @data: the value passed in polkit_list_append() and polkit_list_prepend()
- * @next: the next element in the list or #NULL if this is the last element
- * @prev: the previous element in the list or #NULL if this is the last element
- *
- * Public members of the #PolKitList data structure
- *
- * Since: 0.7
- */
-struct _PolKitList {
- void *data;
- PolKitList *next;
- PolKitList *prev;
-};
-
-/**
- * PolKitListForeachFunc:
- * @list: the list
- * @data: data of link entry
- * @user_data: user data passed to polkit_list_foreach()
- *
- * Type signature for callback function used in polkit_list_foreach().
- *
- * Returns: Return #TRUE to short-circuit, e.g. stop the iteration.
- *
- * Since: 0.7
- */
-typedef polkit_bool_t (*PolKitListForeachFunc) (PolKitList *list,
- void *data,
- void *user_data);
-
-PolKitList *polkit_list_append (PolKitList *list, void *data);
-PolKitList *polkit_list_prepend (PolKitList *list, void *data);
-void polkit_list_free (PolKitList *list);
-PolKitList *polkit_list_delete_link (PolKitList *list, PolKitList *link);
-
-size_t polkit_list_length (PolKitList *list);
-polkit_bool_t polkit_list_foreach (PolKitList *list, PolKitListForeachFunc func, void *user_data);
-
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_LIST_H */
-
-
diff --git a/polkit/polkit-memory.c b/polkit/polkit-memory.c
deleted file mode 100644
index 10c208d..0000000
--- a/polkit/polkit-memory.c
+++ /dev/null
@@ -1,373 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-memory.c : Memory management
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <glib.h>
-
-#include <polkit/polkit-memory.h>
-#include <polkit/polkit-private.h>
-
-/**
- * SECTION:polkit-memory
- * @title: Memory management
- * @short_description: Memory management
- *
- * Functions used for memory management.
- *
- * Since: 0.7
- **/
-
-
-#ifdef POLKIT_BUILD_TESTS
-
-static int _cur_allocs = 0;
-static int _total_allocs = 0;
-static int _fail_nth = -1;
-
-void
-_polkit_memory_reset (void)
-{
- _cur_allocs = 0;
- _total_allocs = 0;
- _fail_nth = -1;
-}
-
-int
-_polkit_memory_get_current_allocations (void)
-{
- return _cur_allocs;
-}
-
-int
-_polkit_memory_get_total_allocations (void)
-{
- return _total_allocs;
-}
-
-void
-_polkit_memory_fail_nth_alloc (int number)
-{
- _fail_nth = number;
-}
-
-/**
- * p_malloc:
- * @bytes: number of 8-bit bytes to allocate
- *
- * Allocate memory
- *
- * Returns: memory location or #NULL on OOM. Free with p_free().
- *
- * Since: 0.7
- */
-void *
-p_malloc (size_t bytes)
-{
- void *p;
-
- if (_fail_nth != -1 && _total_allocs == _fail_nth) {
- return NULL;
- }
-
- p = malloc (bytes);
-
- if (p != NULL) {
- _cur_allocs++;
- _total_allocs++;
- }
-
- return p;
-}
-
-/**
- * p_malloc0:
- * @bytes: number of 8-bit bytes to allocate
- *
- * Allocate memory and zero it.
- *
- * Returns: memory location or #NULL on OOM. Free with p_free().
- *
- * Since: 0.7
- */
-void *
-p_malloc0 (size_t bytes)
-{
- void *p;
-
- if (_fail_nth != -1 && _total_allocs == _fail_nth) {
- return NULL;
- }
-
- p = calloc (1, bytes);
-
- if (p != NULL) {
- _cur_allocs++;
- _total_allocs++;
- }
-
- return p;
-}
-
-/**
- * p_realloc:
- * @memory: memory previously allocated
- * @bytes: new size
- *
- * Reallocate memory; like realloc(3).
- *
- * Returns: memory location or #NULL on OOM. Free with p_free().
- *
- * Since: 0.7
- */
-void *
-p_realloc (void *memory, size_t bytes)
-{
- void *p;
-
- g_debug ("realloc %p %d", memory, bytes);
-
- if (memory == NULL)
- return p_malloc (bytes);
-
- if (bytes == 0) {
- p_free (memory);
- return memory;
- }
-
- if (_fail_nth != -1 && _total_allocs == _fail_nth) {
- return NULL;
- }
-
- p = realloc (memory, bytes);
-
- return p;
-}
-
-/**
- * p_free:
- * @memory: pointer to memory allocated with p_malloc() + friends
- *
- * Free memory allocated by p_malloc() + friends.
- *
- * Since: 0.7
- */
-void
-p_free (void *memory)
-{
- free (memory);
- if (memory != NULL) {
- _cur_allocs--;
- }
-}
-
-/**
- * p_strdup:
- * @s: string
- *
- * Duplicate a string. Similar to strdup(3).
- *
- * Returns: Allocated memory or #NULL on OOM. Free with p_free().
- *
- * Since: 0.7
- */
-char *
-p_strdup (const char *s)
-{
- char *p;
- size_t len;
-
- len = strlen (s);
-
- p = p_malloc (len + 1);
- if (p == NULL)
- goto out;
-
- memcpy (p, s, len);
- p[len] = '\0';
-
-out:
- return p;
-}
-
-/**
- * p_strndup:
- * @s: string
- * @n: size
- *
- * Duplicate a string but copy at most @n characters. If @s is longer
- * than @n, only @n characters are copied, and a terminating null byte
- * is added. Similar to strndup(3).
- *
- * Returns: Allocated memory or #NULL on OOM. Free with p_free().
- *
- * Since: 0.7
- */
-char *
-p_strndup (const char *s, size_t n)
-{
- char *p;
- size_t len;
-
- for (len = 0; len < n; len++) {
- if (s[len] == '\0')
- break;
- if (len == n)
- break;
- }
-
-
- p = p_malloc (len + 1);
- if (p == NULL)
- goto out;
-
- memcpy (p, s, len);
- p[len] = '\0';
-out:
- return p;
-}
-
-/*--------------------------------------------------------------------------------------------------------------*/
-#else
-/*--------------------------------------------------------------------------------------------------------------*/
-
-void *
-p_malloc (size_t bytes)
-{
- return malloc (bytes);
-}
-
-void *
-p_malloc0 (size_t bytes)
-{
- return calloc (1, bytes);
-}
-
-void *
-p_realloc (void *memory, size_t bytes)
-{
- return realloc (memory, bytes);
-}
-
-void
-p_free (void *memory)
-{
- free (memory);
-}
-
-void
-_polkit_memory_reset (void)
-{
-}
-
-int
-_polkit_memory_get_current_allocations (void)
-{
- return -1;
-}
-
-int
-_polkit_memory_get_total_allocations (void)
-{
- return -1;
-}
-
-void
-_polkit_memory_fail_nth_alloc (int number)
-{
-}
-
-char *
-p_strdup (const char *s)
-{
- return strdup (s);
-}
-
-char *
-p_strndup (const char *s, size_t n)
-{
- return strndup (s, n);
-}
-
-#endif /* POLKIT_BUILD_TESTS */
-
-/**
- * p_strdup_printf:
- * @format: sprintf(3) format string
- * @...: the parameters to insert into the format string.
- *
- * Similar to the standard C sprintf(3) function but safer, since it
- * calculates the maximum space required and allocates memory to hold
- * the result. The returned string should be freed when no longer
- * needed.
- *
- * Returns: A newly allocated string or #NULL on OOM. Free with p_free().
- *
- * Since: 0.7
- */
-char*
-p_strdup_printf (const char *format, ...)
-{
- char *s;
- va_list args;
-
- va_start (args, format);
- s = p_strdup_vprintf (format, args);
- va_end (args);
-
- return s;
-}
-
-/**
- * p_strdup_vprintf:
- * @format: printf(3) format string
- * @args: list of parameters to insert
- *
- * Similar to the standard C vsprintf(3) function but safer, since it
- * calculates the maximum space required and allocates memory to hold
- * the result. The returned string should be freed when no longer
- * needed.
- *
- * Returns: A newly allocated string or #NULL on OOM. Free with p_free().
- *
- * Since: 0.7
- */
-char*
-p_strdup_vprintf (const char *format, va_list args)
-{
- char *s;
- char *gs;
- /* TODO: reimplement */
- gs = g_strdup_vprintf (format, args);
- s = p_strdup (gs);
- g_free (gs);
-
- return s;
-}
diff --git a/polkit/polkit-memory.h b/polkit/polkit-memory.h
deleted file mode 100644
index 78d3d83..0000000
--- a/polkit/polkit-memory.h
+++ /dev/null
@@ -1,75 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-memory.h : Memory management
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_MEMORY_H
-#define POLKIT_MEMORY_H
-
-#include <stdarg.h>
-#include <polkit/polkit-types.h>
-
-POLKIT_BEGIN_DECLS
-
-void *p_malloc (size_t bytes);
-void *p_malloc0 (size_t bytes);
-void *p_realloc (void *memory, size_t bytes);
-void p_free (void *memory);
-
-/**
- * p_new:
- * @type: the type of object to allocate
- * @count: number of objects to allocate
- *
- * Allocate memory for @count structures of type @type.
- *
- * Returns: Allocated memory, cast to a pointer of #type or #NULL on OOM.
- */
-#define p_new(type, count) ((type*)p_malloc (sizeof (type) * (count)));
-
-/**
- * p_new0:
- * @type: the type of object to allocate
- * @count: number of objects to allocate
- *
- * Allocate zeroed memory for @count structures of type @type.
- *
- * Returns: Allocated memory, cast to a pointer of #type or #NULL on OOM.
- */
-#define p_new0(type, count) ((type*)p_malloc0 (sizeof (type) * (count)));
-
-char *p_strdup (const char *s);
-char *p_strndup (const char *s, size_t n);
-char* p_strdup_printf (const char *format, ...);
-char* p_strdup_vprintf (const char *format, va_list args);
-
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_MEMORY_H */
-
-
diff --git a/polkit/polkit-policy-cache.c b/polkit/polkit-policy-cache.c
deleted file mode 100644
index e9be5ea..0000000
--- a/polkit/polkit-policy-cache.c
+++ /dev/null
@@ -1,355 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-policy-cache.c : policy cache
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-#include <syslog.h>
-
-#include <glib.h>
-#include "polkit-debug.h"
-#include "polkit-policy-file.h"
-#include "polkit-policy-cache.h"
-#include "polkit-private.h"
-
-/**
- * SECTION:polkit-policy-cache
- * @title: Policy Cache
- * @short_description: Holds the actions defined on the system.
- *
- * This class is used to hold all policy objects (stemming from policy
- * files) and provide look-up functions.
- **/
-
-/**
- * PolKitPolicyCache:
- *
- * Instances of this class are used to hold all policy objects
- * (stemming from policy files) and provide look-up functions.
- **/
-struct _PolKitPolicyCache
-{
- int refcount;
-
- GSList *priv_entries;
-};
-
-
-static void
-_append_entry (PolKitPolicyFile *policy_file,
- PolKitPolicyFileEntry *policy_file_entry,
- void *user_data)
-{
- PolKitPolicyCache *policy_cache = user_data;
-
- polkit_policy_file_entry_ref (policy_file_entry);
- policy_cache->priv_entries = g_slist_append (policy_cache->priv_entries, policy_file_entry);
-}
-
-PolKitPolicyCache *
-_polkit_policy_cache_new (const char *dirname, polkit_bool_t load_descriptions, PolKitError **error)
-{
- const char *file;
- GDir *dir;
- PolKitPolicyCache *pc;
- GError *g_error;
-
- pc = g_new0 (PolKitPolicyCache, 1);
- pc->refcount = 1;
-
- g_error = NULL;
- dir = g_dir_open (dirname, 0, &g_error);
- if (dir == NULL) {
- polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
- "Cannot load policy files from directory %s: %s",
- dirname,
- g_error->message);
- g_error_free (g_error);
- goto out;
- }
- while ((file = g_dir_read_name (dir)) != NULL) {
- char *path;
- PolKitPolicyFile *pf;
- PolKitError *pk_error;
-
- if (!g_str_has_suffix (file, ".policy"))
- continue;
-
- if (g_str_has_prefix (file, "."))
- continue;
-
- path = g_strdup_printf ("%s/%s", dirname, file);
-
- _pk_debug ("Loading %s", path);
- pk_error = NULL;
- pf = polkit_policy_file_new (path, load_descriptions, &pk_error);
- g_free (path);
-
- if (pf == NULL) {
- _pk_debug ("libpolkit: ignoring malformed policy file: %s",
- polkit_error_get_error_message (pk_error));
- syslog (LOG_ALERT, "libpolkit: ignoring malformed policy file: %s",
- polkit_error_get_error_message (pk_error));
- polkit_error_free (pk_error);
- continue;
- }
-
- /* steal entries */
- polkit_policy_file_entry_foreach (pf, _append_entry, pc);
- polkit_policy_file_unref (pf);
- }
- g_dir_close (dir);
-
- return pc;
-out:
- if (pc != NULL)
- polkit_policy_cache_ref (pc);
- return NULL;
-}
-
-/**
- * polkit_policy_cache_ref:
- * @policy_cache: the policy cache object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitPolicyCache *
-polkit_policy_cache_ref (PolKitPolicyCache *policy_cache)
-{
- g_return_val_if_fail (policy_cache != NULL, policy_cache);
- policy_cache->refcount++;
- return policy_cache;
-}
-
-/**
- * polkit_policy_cache_unref:
- * @policy_cache: the policy cache object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-polkit_policy_cache_unref (PolKitPolicyCache *policy_cache)
-{
- GSList *i;
-
- g_return_if_fail (policy_cache != NULL);
- policy_cache->refcount--;
- if (policy_cache->refcount > 0)
- return;
-
- for (i = policy_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
- PolKitPolicyFileEntry *pfe = i->data;
- polkit_policy_file_entry_unref (pfe);
- }
- if (policy_cache->priv_entries != NULL)
- g_slist_free (policy_cache->priv_entries);
-
- g_free (policy_cache);
-}
-
-/**
- * polkit_policy_cache_debug:
- * @policy_cache: the cache
- *
- * Print debug information about object
- **/
-void
-polkit_policy_cache_debug (PolKitPolicyCache *policy_cache)
-{
- GSList *i;
- g_return_if_fail (policy_cache != NULL);
-
- _pk_debug ("PolKitPolicyCache: refcount=%d num_entries=%d ...",
- policy_cache->refcount,
- policy_cache->priv_entries == NULL ? 0 : g_slist_length (policy_cache->priv_entries));
-
- for (i = policy_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
- PolKitPolicyFileEntry *pfe = i->data;
- polkit_policy_file_entry_debug (pfe);
- }
-}
-
-/**
- * polkit_policy_cache_get_entry_by_id:
- * @policy_cache: the cache
- * @action_id: the action identifier
- *
- * Given a action identifier, find the object describing the
- * definition of the policy; e.g. data stemming from files in
- * /usr/share/PolicyKit/policy.
- *
- * Returns: A #PolKitPolicyFileEntry entry on sucess; otherwise
- * #NULL if the action wasn't identified. Caller shall not unref
- * this object.
- **/
-PolKitPolicyFileEntry*
-polkit_policy_cache_get_entry_by_id (PolKitPolicyCache *policy_cache, const char *action_id)
-{
- GSList *i;
- PolKitPolicyFileEntry *pfe;
-
- g_return_val_if_fail (policy_cache != NULL, NULL);
- g_return_val_if_fail (action_id != NULL, NULL);
-
- pfe = NULL;
-
- for (i = policy_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
- pfe = i->data;
- if (strcmp (polkit_policy_file_entry_get_id (pfe), action_id) == 0) {
- goto out;
- }
- }
-
- if (pfe == NULL) {
- /* the authdb backend may want to synthesize pfe's */
- pfe = _polkit_authorization_db_pfe_get_by_id (policy_cache, action_id);
- }
-
-out:
- return pfe;
-}
-
-/**
- * polkit_policy_cache_get_entry:
- * @policy_cache: the cache
- * @action: the action
- *
- * Given a action, find the object describing the definition of the
- * policy; e.g. data stemming from files in
- * /usr/share/PolicyKit/policy.
- *
- * Returns: A #PolKitPolicyFileEntry entry on sucess; otherwise
- * #NULL if the action wasn't identified. Caller shall not unref
- * this object.
- **/
-PolKitPolicyFileEntry*
-polkit_policy_cache_get_entry (PolKitPolicyCache *policy_cache,
- PolKitAction *action)
-{
- char *action_id;
- PolKitPolicyFileEntry *pfe;
-
- /* I'm sure it would be easy to make this O(1)... */
-
- g_return_val_if_fail (policy_cache != NULL, NULL);
- g_return_val_if_fail (action != NULL, NULL);
-
- pfe = NULL;
-
- if (!polkit_action_get_action_id (action, &action_id))
- goto out;
-
- pfe = polkit_policy_cache_get_entry_by_id (policy_cache, action_id);
-
-out:
- return pfe;
-}
-
-/**
- * polkit_policy_cache_foreach:
- * @policy_cache: the policy cache
- * @callback: callback function
- * @user_data: user data to pass to callback function
- *
- * Visit all entries in the policy cache.
- **/
-void
-polkit_policy_cache_foreach (PolKitPolicyCache *policy_cache,
- PolKitPolicyCacheForeachFunc callback,
- void *user_data)
-{
- GSList *i;
- PolKitPolicyFileEntry *pfe;
-
- g_return_if_fail (policy_cache != NULL);
- g_return_if_fail (callback != NULL);
-
- for (i = policy_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
- pfe = i->data;
- callback (policy_cache, pfe, user_data);
- }
-
- /* the authdb backend may also want to return synthesized pfe's */
- _polkit_authorization_db_pfe_foreach (policy_cache,
- callback,
- user_data);
-}
-
-/**
- * polkit_policy_cache_get_entry_by_annotation:
- * @policy_cache: the policy cache
- * @annotation_key: the key to check for
- * @annotation_value: the value to check for
- *
- * Find the first policy file entry where a given annotation matches a
- * given value. Note that there is nothing preventing the existence of
- * multiple policy file entries matching this criteria; it would
- * however be a packaging bug if this situation occured.
- *
- * Returns: The first #PolKitPolicyFileEntry matching the search
- * criteria. The caller shall not unref this object. Returns #NULL if
- * there are no policy file entries matching the search criteria.
- *
- * Since: 0.7
- */
-PolKitPolicyFileEntry*
-polkit_policy_cache_get_entry_by_annotation (PolKitPolicyCache *policy_cache,
- const char *annotation_key,
- const char *annotation_value)
-{
- GSList *i;
-
- g_return_val_if_fail (policy_cache != NULL, NULL);
- g_return_val_if_fail (annotation_key != NULL, NULL);
- g_return_val_if_fail (annotation_value != NULL, NULL);
-
- for (i = policy_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
- const char *value;
- PolKitPolicyFileEntry *pfe = i->data;
-
- value = polkit_policy_file_entry_get_annotation (pfe, annotation_key);
- if (value == NULL)
- continue;
-
- if (strcmp (annotation_value, value) == 0) {
- return pfe;
- }
- }
-
- return NULL;
-}
diff --git a/polkit/polkit-policy-cache.h b/polkit/polkit-policy-cache.h
deleted file mode 100644
index e7e5662..0000000
--- a/polkit/polkit-policy-cache.h
+++ /dev/null
@@ -1,75 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-policy-cache.h : policy cache
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_POLICY_CACHE_H
-#define POLKIT_POLICY_CACHE_H
-
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-error.h>
-#include <polkit/polkit-action.h>
-#include <polkit/polkit-policy-file-entry.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitPolicyCache;
-typedef struct _PolKitPolicyCache PolKitPolicyCache;
-
-/**
- * PolKitPolicyCacheForeachFunc:
- * @policy_cache: the policy cache
- * @entry: an entry in the cache - do not unref
- * @user_data: user data passed to polkit_policy_cache_foreach()
- *
- * Callback function for polkit_policy_cache_foreach().
- **/
-typedef void (*PolKitPolicyCacheForeachFunc) (PolKitPolicyCache *policy_cache,
- PolKitPolicyFileEntry *entry,
- void *user_data);
-
-PolKitPolicyCache *polkit_policy_cache_ref (PolKitPolicyCache *policy_cache);
-void polkit_policy_cache_unref (PolKitPolicyCache *policy_cache);
-void polkit_policy_cache_debug (PolKitPolicyCache *policy_cache);
-PolKitPolicyFileEntry* polkit_policy_cache_get_entry (PolKitPolicyCache *policy_cache,
- PolKitAction *action);
-PolKitPolicyFileEntry* polkit_policy_cache_get_entry_by_id (PolKitPolicyCache *policy_cache,
- const char *action_id);
-
-PolKitPolicyFileEntry* polkit_policy_cache_get_entry_by_annotation (PolKitPolicyCache *policy_cache,
- const char *