PolicyKit: Branch 'master'
David Zeuthen
david at kemper.freedesktop.org
Sun Oct 28 20:14:57 PDT 2007
doc/polkit-docs.xml | 1
polkit-dbus/polkit-dbus.c | 62 ----
polkit/Makefile.am | 2
polkit/polkit-authorization-db.c | 61 ----
polkit/polkit-grant-database.c | 495 ---------------------------------------
polkit/polkit-grant-database.h | 84 ------
polkit/polkit-sysdeps.c | 159 ++++++++++++
polkit/polkit-sysdeps.h | 45 +++
polkit/polkit.h | 1
tools/polkit-auth.c | 29 --
10 files changed, 216 insertions(+), 723 deletions(-)
New commits:
commit d6e37703225d223692e16312e74a9285d8069cce
Author: David Zeuthen <davidz at redhat.com>
Date: Sun Oct 28 23:13:16 2007 -0400
move Linux specific code into a single file
Haven't moved the inotify stuff yet; not sure about what abstraction
we need...
diff --git a/doc/polkit-docs.xml b/doc/polkit-docs.xml
index cb717ae..2564aee 100644
--- a/doc/polkit-docs.xml
+++ b/doc/polkit-docs.xml
@@ -77,6 +77,7 @@
</para>
</partintro>
<xi:include href="xml/polkit-types.xml"/>
+ <xi:include href="xml/polkit-sysdeps.xml"/>
<xi:include href="xml/polkit-error.xml"/>
<xi:include href="xml/polkit-result.xml"/>
<xi:include href="xml/polkit-action.xml"/>
diff --git a/polkit-dbus/polkit-dbus.c b/polkit-dbus/polkit-dbus.c
index 4d304d4..5f8fe4f 100644
--- a/polkit-dbus/polkit-dbus.c
+++ b/polkit-dbus/polkit-dbus.c
@@ -64,64 +64,6 @@
#include "polkit-dbus.h"
#include <polkit/polkit-debug.h>
-/* TODO FIXME: this is Linux specific */
-static polkit_uint64_t
-_get_start_time_for_pid (pid_t pid)
-{
- char *filename;
- char *contents;
- gsize length;
- polkit_uint64_t start_time;
- GError *error = NULL;
- char **tokens;
- char *p;
- char *endp;
-
- start_time = 0;
- contents = NULL;
-
- filename = g_strdup_printf ("/proc/%d/stat", pid);
- if (filename == NULL) {
- fprintf (stderr, "Out of memory\n");
- goto out;
- }
-
- if (!g_file_get_contents (filename, &contents, &length, &error)) {
- //fprintf (stderr, "Cannot get contents of '%s': %s\n", filename, error->message);
- g_error_free (error);
- goto out;
- }
-
- /* start time is the 19th token after the '(process name)' entry */
-
- p = strchr (contents, ')');
- if (p == NULL) {
- goto out;
- }
- p += 2; /* skip ') ' */
- if (p - contents >= (int) length) {
- goto out;
- }
-
- tokens = g_strsplit (p, " ", 0);
- if (g_strv_length (tokens) < 20) {
- goto out;
- }
-
- start_time = strtoll (tokens[19], &endp, 10);
- if (endp == tokens[19]) {
- goto out;
- }
-
- g_strfreev (tokens);
-
-out:
- g_free (filename);
- g_free (contents);
- return start_time;
-}
-
-
/**
* polkit_session_new_from_objpath:
* @con: D-Bus system bus connection
@@ -868,7 +810,7 @@ _polkit_is_authorization_relevant_internal (DBusConnection *con,
g_warning ("Cannot determine (pid,start_time) for authorization");
goto out;
}
- if (_get_start_time_for_pid (pid) == pid_start_time) {
+ if (polkit_sysdeps_get_start_time_for_pid (pid) == pid_start_time) {
ret = TRUE;
goto out;
}
@@ -1436,7 +1378,7 @@ polkit_tracker_get_caller_from_pid (PolKitTracker *pk_tracker, pid_t pid, DBusEr
g_return_val_if_fail (pk_tracker->con != NULL, NULL);
g_return_val_if_fail (! dbus_error_is_set (error), NULL);
- start_time = _get_start_time_for_pid (pid);
+ start_time = polkit_sysdeps_get_start_time_for_pid (pid);
if (start_time == 0) {
if (error != NULL) {
dbus_set_error (error,
diff --git a/polkit/Makefile.am b/polkit/Makefile.am
index b507125..5a60064 100644
--- a/polkit/Makefile.am
+++ b/polkit/Makefile.am
@@ -19,6 +19,7 @@ libpolkitincludedir=$(includedir)/PolicyKit/polkit
libpolkitinclude_HEADERS = \
polkit.h \
+ polkit-sysdeps.h \
polkit-types.h \
polkit-error.h \
polkit-result.h \
@@ -40,6 +41,7 @@ libpolkit_la_SOURCES = \
polkit.h \
polkit-private.h \
polkit-types.h \
+ polkit-sysdeps.h polkit-sysdeps.c \
polkit-error.h polkit-error.c \
polkit-result.h polkit-result.c \
polkit-context.h polkit-context.c \
diff --git a/polkit/polkit-authorization-db.c b/polkit/polkit-authorization-db.c
index 0afe466..ff31ba1 100644
--- a/polkit/polkit-authorization-db.c
+++ b/polkit/polkit-authorization-db.c
@@ -213,63 +213,6 @@ _polkit_authorization_db_invalidate_cache (PolKitAuthorizationDB *authdb)
(GDestroyNotify) _free_authlist);
}
-/* TODO FIXME: this is Linux specific */
-static polkit_uint64_t
-get_start_time_for_pid (pid_t pid)
-{
- char *filename;
- char *contents;
- gsize length;
- polkit_uint64_t start_time;
- GError *error = NULL;
- char **tokens;
- char *p;
- char *endp;
-
- start_time = 0;
- contents = NULL;
-
- filename = g_strdup_printf ("/proc/%d/stat", pid);
- if (filename == NULL) {
- fprintf (stderr, "Out of memory\n");
- goto out;
- }
-
- if (!g_file_get_contents (filename, &contents, &length, &error)) {
- fprintf (stderr, "Cannot get contents of '%s': %s\n", filename, error->message);
- g_error_free (error);
- goto out;
- }
-
- /* start time is the 19th token after the '(process name)' entry */
-
- p = strchr (contents, ')');
- if (p == NULL) {
- goto out;
- }
- p += 2; /* skip ') ' */
- if (p - contents >= (int) length) {
- goto out;
- }
-
- tokens = g_strsplit (p, " ", 0);
- if (g_strv_length (tokens) < 20) {
- goto out;
- }
-
- start_time = strtoll (tokens[19], &endp, 10);
- if (endp == tokens[19]) {
- goto out;
- }
-
- g_strfreev (tokens);
-
-out:
- g_free (filename);
- g_free (contents);
- return start_time;
-}
-
/**
* _authdb_get_auths_for_uid:
* @authdb: authorization database
@@ -762,7 +705,7 @@ polkit_authorization_db_is_caller_authorized (PolKitAuthorizationDB *authdb,
cd.caller = caller;
- cd.caller_pid_start_time = get_start_time_for_pid (cd.caller_pid);
+ cd.caller_pid_start_time = polkit_sysdeps_get_start_time_for_pid (cd.caller_pid);
if (cd.caller_pid_start_time == 0)
return FALSE;
@@ -989,7 +932,7 @@ polkit_authorization_db_add_entry_process (PolKitAuthorizationDB *authd
if (!polkit_caller_get_uid (caller, &caller_uid))
return FALSE;
- pid_start_time = get_start_time_for_pid (caller_pid);
+ pid_start_time = polkit_sysdeps_get_start_time_for_pid (caller_pid);
if (pid_start_time == 0)
return FALSE;
diff --git a/polkit/polkit-grant-database.c b/polkit/polkit-grant-database.c
deleted file mode 100644
index 75cacab..0000000
--- a/polkit/polkit-grant-database.c
+++ /dev/null
@@ -1,495 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-grant-database.c : simple interface for storing and checking grants
- *
- * (This is an internal and private interface to PolicyKit. Do not use.)
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <errno.h>
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-
-#include <glib.h>
-
-#include <polkit/polkit-grant-database.h>
-#include <polkit/polkit-debug.h>
-
-/**
- * SECTION:polkit-grant-database
- * @short_description: Local grant database
- *
- * This private class is used to represent the grant database and provides read/write functions to access it.
- **/
-
-/* TODO FIXME: this is Linux specific */
-static polkit_uint64_t
-get_start_time_for_pid (pid_t pid)
-{
- char *filename;
- char *contents;
- gsize length;
- polkit_uint64_t start_time;
- GError *error = NULL;
- char **tokens;
- char *p;
- char *endp;
-
- start_time = 0;
- contents = NULL;
-
- filename = g_strdup_printf ("/proc/%d/stat", pid);
- if (filename == NULL) {
- fprintf (stderr, "Out of memory\n");
- goto out;
- }
-
- if (!g_file_get_contents (filename, &contents, &length, &error)) {
- fprintf (stderr, "Cannot get contents of '%s': %s\n", filename, error->message);
- g_error_free (error);
- goto out;
- }
-
- /* start time is the 19th token after the '(process name)' entry */
-
- p = strchr (contents, ')');
- if (p == NULL) {
- goto out;
- }
- p += 2; /* skip ') ' */
- if (p - contents >= (int) length) {
- goto out;
- }
-
- tokens = g_strsplit (p, " ", 0);
- if (g_strv_length (tokens) < 20) {
- goto out;
- }
-
- start_time = strtoll (tokens[19], &endp, 10);
- if (endp == tokens[19]) {
- goto out;
- }
-
- g_strfreev (tokens);
-
-out:
- g_free (filename);
- g_free (contents);
- return start_time;
-}
-
-#if 0
-static polkit_bool_t
-ensure_dir (const char *file)
-{
- char *dirname;
- polkit_bool_t ret;
-
- ret = FALSE;
-
- dirname = g_path_get_dirname (file);
- if (dirname == NULL)
- goto out;
-
- if (g_file_test (dirname, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_DIR)) {
- /* TODO: check permissions? */
- ret = TRUE;
- goto out;
- }
-
- if (mkdir (dirname, 0570) != 0) {
- fprintf (stderr, "Cannot create directory '%s': %s\n", dirname, strerror (errno));
- goto out;
- }
-
- ret = TRUE;
-
-out:
- return ret;
-}
-#endif
-
-static polkit_bool_t
-_polkit_grantdb_write (const char *grant_file)
-{
- int fd;
- polkit_bool_t ret;
-
- ret = FALSE;
-
-#if 0
- if (!ensure_dir (grant_file))
- goto out;
-#endif
-
- fd = open (grant_file, O_CREAT | O_RDWR, 0460);
- if (fd < 0) {
- fprintf (stderr, "Cannot create file '%s': %s\n", grant_file, strerror (errno));
- goto out;
- }
- /* Yessir, the file is empty */
- close (fd);
-
- ret = TRUE;
-
-out:
- return ret;
-}
-
-polkit_bool_t
-_polkit_grantdb_write_pid (const char *action_id, pid_t pid)
-{
- char *grant_file;
- polkit_bool_t ret = FALSE;
- polkit_uint64_t pid_start_time;
-
- pid_start_time = get_start_time_for_pid (pid);
- if (pid_start_time == 0)
- goto out;
-
- grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/uid%d-pid-%d@%Lu-%s.grant",
- getuid(), pid, pid_start_time, action_id);
- if (grant_file == NULL) {
- fprintf (stderr, "Out of memory\n");
- goto out;
- }
-
- ret = _polkit_grantdb_write (grant_file);
-out:
- return ret;
-}
-
-polkit_bool_t
-_polkit_grantdb_write_keep_session (const char *action_id, const char *session_id)
-{
- char *grant_file;
- polkit_bool_t ret = FALSE;
-
- grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/uid%d-session-%s-%s.grant",
- getuid(), g_basename (session_id), action_id);
- if (grant_file == NULL) {
- fprintf (stderr, "Out of memory\n");
- goto out;
- }
-
- ret = _polkit_grantdb_write (grant_file);
-out:
- return ret;
-}
-
-polkit_bool_t
-_polkit_grantdb_write_keep_always (const char *action_id, uid_t uid)
-{
- char *grant_file;
- polkit_bool_t ret = FALSE;
-
- grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit/uid%d-%s.grant",
- getuid(), action_id);
- if (grant_file == NULL) {
- fprintf (stderr, "Out of memory\n");
- goto out;
- }
-
- ret = _polkit_grantdb_write (grant_file);
-out:
- return ret;
-}
-
-PolKitResult
-_polkit_grantdb_check_can_caller_do_action (PolKitAction *action,
- PolKitCaller *caller)
-{
- char *grant_file;
- PolKitResult result;
- char *action_id;
- uid_t invoking_user_id;
- pid_t invoking_process_id;
- PolKitSession *session;
- char *session_objpath;
- polkit_uint64_t pid_start_time;
-
- grant_file = NULL;
- result = POLKIT_RESULT_UNKNOWN;
-
- if (caller == NULL)
- goto out;
-
- if (!polkit_action_get_action_id (action, &action_id))
- goto out;
-
- if (!polkit_caller_get_uid (caller, &invoking_user_id))
- goto out;
-
- if (!polkit_caller_get_pid (caller, &invoking_process_id))
- goto out;
-
- session_objpath = NULL;
- if (polkit_caller_get_ck_session (caller, &session)) {
- if (!polkit_session_get_ck_objref (session, &session_objpath))
- session_objpath = NULL;
- }
-
- pid_start_time = get_start_time_for_pid (invoking_process_id);
- if (pid_start_time == 0)
- goto out;
-
- /* first check what _write_pid may have left */
- grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/uid%d-pid-%d@%Lu-%s.grant",
- invoking_user_id, invoking_process_id, pid_start_time, action_id);
- if (grant_file == NULL) {
- fprintf (stderr, "Out of memory\n");
- g_free (grant_file);
- goto out;
- }
- if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
- result = POLKIT_RESULT_YES;
- g_free (grant_file);
- goto out;
- }
- g_free (grant_file);
-
- /* second, check what _keep_session may have left */
- if (session_objpath != NULL) {
- grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/uid%d-session-%s-%s.grant",
- invoking_user_id, g_basename (session_objpath), action_id);
- if (grant_file == NULL) {
- fprintf (stderr, "Out of memory\n");
- g_free (grant_file);
- goto out;
- }
- if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
- result = POLKIT_RESULT_YES;
- g_free (grant_file);
- goto out;
- }
- g_free (grant_file);
- }
-
- /* finally, check what _keep_always may have left */
- if (session_objpath != NULL) {
- grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit/uid%d-%s.grant",
- invoking_user_id, action_id);
- if (grant_file == NULL) {
- fprintf (stderr, "Out of memory\n");
- g_free (grant_file);
- goto out;
- }
- if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
- result = POLKIT_RESULT_YES;
- g_free (grant_file);
- goto out;
- }
- g_free (grant_file);
- }
-
-out:
- return result;
-}
-
-void
-_polkit_grantdb_foreach (PolKitGrantDbForeachFunc callback, void *user_data)
-{
- GDir *dir;
- const char *name;
- time_t when;
-
- g_return_if_fail (callback != NULL);
-
- _pk_debug ("Looking at run");
- dir = g_dir_open (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit", 0, NULL);
- if (dir != NULL) {
- while ((name = g_dir_read_name (dir)) != NULL) {
- int uid;
- char *endptr;
- char *action;
- char *path;
- struct stat statbuf;
-
- path = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/%s", name);
- if (stat (path, &statbuf) != 0) {
- g_free (path);
- continue;
- }
- when = statbuf.st_mtime;
- g_free (path);
-
- if (!g_str_has_prefix (name, "uid"))
- continue;
- if (!g_str_has_suffix (name, ".grant"))
- continue;
-
- uid = strtol (name + 3 /* uid */, &endptr, 10);
- if (endptr == NULL || *endptr != '-')
- continue;
-
- if (strncmp (endptr + 1, "pid-", 4) == 0) {
- int pid;
- polkit_uint64_t pid_time;
-
- pid = strtol (endptr + 1 + 4 /*pid-*/, &endptr, 10);
- if (endptr == NULL || *endptr != '@')
- continue;
- pid_time = strtol (endptr + 1, NULL, 10);
-
- while (*endptr != '-' && *endptr != '\0')
- endptr++;
- if (*endptr == '\0')
- continue;
- action = g_strdup (endptr + 1);
- if (strlen (action) < 6) /* .grant */
- continue;
- action[strlen(action) - 6] = '\0';
-
- callback (action, uid, when, POLKIT_GRANTDB_GRANT_TYPE_PROCESS,
- pid, pid_time, NULL, user_data);
-
- g_free (action);
- } else if (strncmp (endptr + 1, "session-", 8) == 0) {
- int n;
- char *session;
-
- session = g_strdup (endptr + 1 + 8);
- for (n = 0; session[n] != '-' && session[n] != '\0'; n++)
- ;
- session[n] = '\0';
-
- action = g_strdup (endptr + 1 + 8 + n + 1);
- if (strlen (action) < 6) /* .grant */
- continue;
- action[strlen(action) - 6] = '\0';
-
- callback (action, uid, when, POLKIT_GRANTDB_GRANT_TYPE_SESSION,
- (pid_t) -1, 0, session, user_data);
-
- g_free (action);
- g_free (session);
- }
-
-
- }
- g_dir_close (dir);
- }
-
- _pk_debug ("Looking at lib");
- dir = g_dir_open (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit", 0, NULL);
- if (dir != NULL) {
- while ((name = g_dir_read_name (dir)) != NULL) {
- int uid;
- char *action;
- char *endptr;
- char *path;
- struct stat statbuf;
-
- path = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit/%s", name);
- if (stat (path, &statbuf) != 0) {
- g_free (path);
- continue;
- }
- when = statbuf.st_mtime;
- g_free (path);
-
- if (!g_str_has_prefix (name, "uid"))
- continue;
- if (!g_str_has_suffix (name, ".grant"))
- continue;
-
- uid = strtol (name + 3 /* uid */, &endptr, 10);
- if (endptr == NULL || *endptr != '-')
- continue;
- action = g_strdup (endptr + 1);
- if (strlen (action) < 6) /* .grant */
- continue;
- action[strlen(action) - 6] = '\0';
-
- callback (action, uid, when, POLKIT_GRANTDB_GRANT_TYPE_ALWAYS,
- (pid_t) -1, 0, NULL, user_data);
-
- g_free (action);
- }
- g_dir_close (dir);
- }
-}
-
-polkit_bool_t
-_polkit_grantdb_delete_for_user (uid_t uid)
-{
- int n;
- GDir *dir;
- const char *name;
- polkit_bool_t ret;
-
- ret = FALSE;
-
- _pk_debug ("deleting grants for uid %d", uid);
-
- for (n = 0; n < 2; n++) {
- if (n == 0)
- dir = g_dir_open (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit", 0, NULL);
- else
- dir = g_dir_open (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit", 0, NULL);
- if (dir != NULL) {
- while ((name = g_dir_read_name (dir)) != NULL) {
- uid_t uid_in_grant;
- char *endptr;
- char *path;
-
- if (!g_str_has_prefix (name, "uid"))
- continue;
- if (!g_str_has_suffix (name, ".grant"))
- continue;
-
- uid_in_grant = (uid_t) strtol (name + 3 /* uid */, &endptr, 10);
- if (endptr == NULL || *endptr != '-')
- continue;
-
- if (uid_in_grant != uid)
- continue;
-
- if (n == 0)
- path = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/%s", name);
- else
- path = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit/%s", name);
- if (unlink (path) != 0) {
- _pk_debug ("Error deleting grant file '%s': %s", path, strerror (errno));
- goto out;
- }
- _pk_debug ("Deleting file %s", path);
- g_free (path);
-
- }
- g_dir_close (dir);
- }
- }
-
- ret = TRUE;
-
-out:
- return ret;
-}
diff --git a/polkit/polkit-grant-database.h b/polkit/polkit-grant-database.h
deleted file mode 100644
index 3053a64..0000000
--- a/polkit/polkit-grant-database.h
+++ /dev/null
@@ -1,84 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-grant-database.h : simple interface for storing and checking grants
- *
- * (This is an internal and private interface to PolicyKit. Do not use.)
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifndef POLKIT_GRANT_DATABASE_H
-#define POLKIT_GRANT_DATABASE_H
-
-#include <polkit/polkit.h>
-
-POLKIT_BEGIN_DECLS
-
-PolKitResult _polkit_grantdb_check_can_caller_do_action (PolKitAction *action,
- PolKitCaller *caller);
-
-polkit_bool_t _polkit_grantdb_write_keep_always (const char *action_id, uid_t uid);
-
-polkit_bool_t _polkit_grantdb_write_keep_session (const char *action_id, const char *session_id);
-
-polkit_bool_t _polkit_grantdb_write_pid (const char *action_id, pid_t pid);
-
-/**
- * PolKitGrantDbGrantType:
- * @POLKIT_GRANTDB_GRANT_TYPE_PROCESS: The privilege was granted to a process
- * @POLKIT_GRANTDB_GRANT_TYPE_SESSION: The privilege was granted to session
- * @POLKIT_GRANTDB_GRANT_TYPE_ALWAYS: The privilege was granted permanently
- *
- * Defines the type and scope of a privilege grant.
- */
-typedef enum {
- POLKIT_GRANTDB_GRANT_TYPE_PROCESS,
- POLKIT_GRANTDB_GRANT_TYPE_SESSION,
- POLKIT_GRANTDB_GRANT_TYPE_ALWAYS
-} PolKitGrantDbGrantType;
-
-/**
- * PolKitGrantDbForeachFunc:
- * @action_id: Identifer for the action granted
- * @uid: the UNIX process id, or -1 if the passed grant_type is not POLKIT_GRANTDB_GRANT_TYPE_ALWAYS
- * @when: when the privilege was granted
- * @grant_type: the type of grant; one of #PolKitGrantDbGrantType
- * @pid: the process id, or -1 if the passed grant_type is not POLKIT_GRANTDB_GRANT_TYPE_PROCESS
- * @pid_time: the start time of the process (only if pid is set)
- * @session_id: the session id, or NULL if the passed grant_type is not POLKIT_GRANTDB_GRANT_TYPE_SESSION
- * @user_data: user data passed to polkit_grantdb_foreach()
- *
- * Callback function for polkit_policy_cache_foreach().
- **/
-typedef void (*PolKitGrantDbForeachFunc) (const char *action_id,
- uid_t uid,
- time_t when,
- PolKitGrantDbGrantType grant_type,
- pid_t pid,
- polkit_uint64_t pid_time,
- const char *session_id,
- void *user_data);
-
-void _polkit_grantdb_foreach (PolKitGrantDbForeachFunc callback, void *user_data);
-
-polkit_bool_t _polkit_grantdb_delete_for_user (uid_t uid);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_GRANT_DATABASE_H */
diff --git a/polkit/polkit-sysdeps.c b/polkit/polkit-sysdeps.c
new file mode 100644
index 0000000..7c3a01a
--- /dev/null
+++ b/polkit/polkit-sysdeps.c
@@ -0,0 +1,159 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-sysdeps.c : Various platform specific utility functions
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/inotify.h>
+#include <syslog.h>
+
+#include <glib.h>
+#include "polkit-sysdeps.h"
+
+
+/**
+ * SECTION:polkit-sysdeps
+ * @title: System Dependencies
+ * @short_description: Various platform specific utility functions
+ *
+ * Various platform specific utility functions.
+ *
+ * Since: 0.7
+ **/
+
+
+/**
+ * polkit_sysdeps_get_start_time_for_pid:
+ * @pid: process id
+ *
+ * Get when a process started.
+ *
+ * Returns: start time for the process or 0 if an error occured
+ *
+ * Since: 0.7
+ */
+polkit_uint64_t
+polkit_sysdeps_get_start_time_for_pid (pid_t pid)
+{
+ char *filename;
+ char *contents;
+ gsize length;
+ polkit_uint64_t start_time;
+ GError *error = NULL;
+ char **tokens;
+ char *p;
+ char *endp;
+
+ start_time = 0;
+ contents = NULL;
+
+ filename = g_strdup_printf ("/proc/%d/stat", pid);
+ if (filename == NULL) {
+ fprintf (stderr, "Out of memory\n");
+ goto out;
+ }
+
+ if (!g_file_get_contents (filename, &contents, &length, &error)) {
+ //fprintf (stderr, "Cannot get contents of '%s': %s\n", filename, error->message);
+ g_error_free (error);
+ goto out;
+ }
+
+ /* start time is the 19th token after the '(process name)' entry */
+
+ p = strchr (contents, ')');
+ if (p == NULL) {
+ goto out;
+ }
+ p += 2; /* skip ') ' */
+ if (p - contents >= (int) length) {
+ goto out;
+ }
+
+ tokens = g_strsplit (p, " ", 0);
+ if (g_strv_length (tokens) < 20) {
+ goto out;
+ }
+
+ start_time = strtoll (tokens[19], &endp, 10);
+ if (endp == tokens[19]) {
+ goto out;
+ }
+
+ g_strfreev (tokens);
+
+out:
+ g_free (filename);
+ g_free (contents);
+ return start_time;
+}
+
+/**
+ * polkit_sysdeps_get_exe_for_pid:
+ * @pid: process id
+ * @out_buf: buffer to store the string representation in
+ * @buf_size: size of buffer
+ *
+ * Get the name of the binary a given process was started from. Note
+ * that this is not reliable information; it should not be part of any
+ * security decision.
+ *
+ * Returns: Number of characters written (not including trailing
+ * '\0'). If the output was truncated due to the buffer being too
+ * small, buf_size will be returned. Thus, a return value of buf_size
+ * or more indicates that the output was truncated (see snprintf(3))
+ * or an error occured. If the name cannot be found, -1 will be
+ * returned.
+ *
+ * Since: 0.7
+ */
+int
+polkit_sysdeps_get_exe_for_pid (pid_t pid, char *buf, size_t buf_size)
+{
+ int ret;
+ char proc_name[32];
+
+ ret = 0;
+
+ snprintf (proc_name, sizeof (proc_name), "/proc/%d/exe", pid);
+ ret = readlink (proc_name, buf, buf_size - 1);
+ if (ret == -1) {
+ goto out;
+ }
+ g_assert (ret >= 0 && ret < (int) buf_size - 1);
+ buf[ret] = '\0';
+
+out:
+ return ret;
+}
diff --git a/polkit/polkit-sysdeps.h b/polkit/polkit-sysdeps.h
new file mode 100644
index 0000000..389f99f
--- /dev/null
+++ b/polkit/polkit-sysdeps.h
@@ -0,0 +1,45 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-sysdeps.h : Various platform specific utility functions
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_SYSDEPS_H
+#define POLKIT_SYSDEPS_H
+
+#include <sys/types.h>
+#include <polkit/polkit-types.h>
+
+POLKIT_BEGIN_DECLS
+
+polkit_uint64_t polkit_sysdeps_get_start_time_for_pid (pid_t pid);
+
+int polkit_sysdeps_get_exe_for_pid (pid_t pid, char *buf, size_t buf_size);
+
+
+POLKIT_END_DECLS
+
+#endif
diff --git a/polkit/polkit.h b/polkit/polkit.h
index 04c3e5b..0a929a5 100644
--- a/polkit/polkit.h
+++ b/polkit/polkit.h
@@ -28,6 +28,7 @@
#define _POLKIT_INSIDE_POLKIT_H 1
#include <polkit/polkit-types.h>
+#include <polkit/polkit-sysdeps.h>
#include <polkit/polkit-error.h>
#include <polkit/polkit-result.h>
#include <polkit/polkit-context.h>
diff --git a/tools/polkit-auth.c b/tools/polkit-auth.c
index fef8e5d..38429c1 100644
--- a/tools/polkit-auth.c
+++ b/tools/polkit-auth.c
@@ -360,30 +360,6 @@ out:
return ud.obtained_privilege;
}
-static char *
-get_exe_for_pid (pid_t pid)
-{
- char *result;
- char buf[PATH_MAX];
- ssize_t len;
- char proc_name[32];
-
- result = NULL;
-
- snprintf (proc_name, sizeof (proc_name), "/proc/%d/exe", pid);
- len = readlink (proc_name, buf, sizeof (buf) - 1);
- if (len == -1) {
- goto out;
- }
- g_assert (len >= 0 && len < PATH_MAX - 1);
-
- buf[len] = '\0';
- result = g_strdup (buf);
-
-out:
- return result;
-}
-
static const char *
get_name_from_uid (uid_t uid)
{
@@ -447,6 +423,7 @@ auth_iterator_cb (PolKitAuthorizationDB *authdb,
PolKitAuthorizationConstraint *constraint;
PolKitAction *pk_action;
PolKitResult pk_result;
+ char exe[PATH_MAX];
pk_action = polkit_action_new ();
polkit_action_set_action_id (pk_action, action_id);
@@ -457,7 +434,9 @@ auth_iterator_cb (PolKitAuthorizationDB *authdb,
switch (polkit_authorization_get_scope (auth)) {
case POLKIT_AUTHORIZATION_SCOPE_PROCESS:
polkit_authorization_scope_process_get_pid (auth, &pid, &pid_start_time);
- printf (" Scope: Confined to pid %d (%s)\n", pid, get_exe_for_pid (pid));
+ if (polkit_sysdeps_get_exe_for_pid (pid, exe, sizeof (exe)) == -1)
+ strncpy (exe, "unknown", sizeof (exe));
+ printf (" Scope: Confined to pid %d (%s)\n", pid, exe);
break;
case POLKIT_AUTHORIZATION_SCOPE_SESSION:
More information about the hal-commit
mailing list