PolicyKit: Branch 'master'
David Zeuthen
david at kemper.freedesktop.org
Thu Jul 31 14:19:58 PDT 2008
Makefile.am | 2
README | 28
configure.in | 35
data/Makefile.am | 25
data/PolicyKit.conf.in | 9
data/config.dtd | 18
data/org.freedesktop.PolicyKit.AuthenticationAgent.xml | 24
data/org.freedesktop.PolicyKit.AuthenticationAgent1.xml | 24
data/polkit-1.pc.in | 12
data/polkit-dbus.pc.in | 11
data/polkit-grant-1.in | 6
data/polkit-grant-1.pc.in | 11
data/polkit-grant.pc.in | 11
data/polkit.in | 6
data/polkit.pc.in | 11
doc/Makefile.am | 22
doc/man/Makefile.am | 20
doc/man/PolicyKit.conf.xml | 388 ---
doc/man/PolicyKit.xml | 23
doc/man/polkit-action.xml | 23
doc/man/polkit-auth.xml | 29
doc/man/polkit-config-file-validate.xml | 96
doc/man/polkit-policy-file-validate.xml | 26
doc/polkit-docs.xml | 2
policy/Makefile.am | 6
src/Makefile.am | 2
src/polkit-dbus/Makefile.am | 125 -
src/polkit-dbus/polkit-dbus-test.c | 63
src/polkit-dbus/polkit-dbus-test.h | 47
src/polkit-dbus/polkit-dbus.c | 1558 ----------------
src/polkit-dbus/polkit-dbus.h | 72
src/polkit-dbus/polkit-read-auth-helper.c | 421 ----
src/polkit-dbus/polkit-resolve-exe-helper.c | 168 -
src/polkit-dbus/polkit-set-default-helper.c | 227 --
src/polkit-dbus/polkit-simple.c | 601 ------
src/polkit-dbus/polkit-simple.h | 52
src/polkit-grant/Makefile.am | 76
src/polkit-grant/polkit-authorization-db-write.c | 10
src/polkit-grant/polkit-explicit-grant-helper.c | 4
src/polkit-grant/polkit-grant-helper-pam.c | 2
src/polkit-grant/polkit-grant-helper.c | 103 -
src/polkit-grant/polkit-grant.c | 4
src/polkit-grant/polkit-revoke-helper.c | 16
src/polkit/Makefile.am | 104 -
src/polkit/polkit-authorization-db.c | 29
src/polkit/polkit-config.c | 786 --------
src/polkit/polkit-config.h | 91
src/polkit/polkit-context.c | 205 --
src/polkit/polkit-context.h | 3
src/polkit/polkit-policy-cache.c | 4
src/polkit/polkit-policy-file-entry.c | 4
src/polkit/polkit-read-auth-helper.c | 421 ++++
src/polkit/polkit-resolve-exe-helper.c | 168 +
src/polkit/polkit-set-default-helper.c | 227 ++
src/polkit/polkit-simple.c | 599 ++++++
src/polkit/polkit-simple.h | 52
src/polkit/polkit-sysdeps.c | 2
src/polkit/polkit-test.c | 1
src/polkit/polkit-test.h | 1
src/polkit/polkit-tracker.c | 1556 +++++++++++++++
src/polkit/polkit-tracker.h | 70
src/polkit/polkit.h | 3
tools/Makefile.am | 19
tools/polkit-auth.c | 2
tools/polkit-bash-completion-1.sh | 125 +
tools/polkit-bash-completion.sh | 125 -
tools/polkit-config-file-validate.c | 100 -
67 files changed, 3565 insertions(+), 5551 deletions(-)
New commits:
commit 2a35667777841f7ea1ef2912963962f04955f9e6
Author: David Zeuthen <davidz at redhat.com>
Date: Thu Jul 31 17:14:55 2008 -0400
bump to version 0.90 and ensure we're parallel installable with 0.9
This is the first move towards 1.0; also
- kill the config file
- merge libpolkit and libpolkit-dbus
Now to write a system daemon that libpolkit will use for the
backend. Expect HEAD to be broken for a few weeks at least.
Also see http://ometer.com/parallel.html for what "parallel
installable" means. As a result, all the binaries, man pages, .policy
file dir and so forth have been renamed too. I expect the API to
change a bit. So some (not much though) porting to PolicyKit 1.0 will
be required by current users.
diff --git a/Makefile.am b/Makefile.am
index bcc35c5..915d689 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,6 +1,6 @@
## Process this file with automake to produce Makefile.in
-SUBDIRS = data src polkitd doc tools policy po test
+SUBDIRS = data src doc tools policy po test
# Creating ChangeLog from git log (taken from cairo/Makefile.am):
ChangeLog: $(srcdir)/ChangeLog
diff --git a/README b/README
index 0e471d0..307df96 100644
--- a/README
+++ b/README
@@ -12,15 +12,15 @@ documentation, mailing lists, etc.
Rationale for permissions/modes for the default backend
-------------------------------------------------------
-0770 root:polkituser /var/run/PolicyKit
-0770 root:polkituser /var/lib/PolicyKit
+0770 root:polkituser /var/run/polkit-1
+0770 root:polkituser /var/lib/polkit-1
We store authorizations for each user here. Since we don't want users
to know what authorizations other users has, no one can read these
files. However, when checking authorizations we need to be able to
read from here; we use this helper
-2755 root:polkituser /usr/libexec/polkit-read-auth-helper
+2755 root:polkituser /usr/libexec/polkit-read-auth-helper-1
which can read from here since it's setgid 'polkituser'. This helper
will refuse to return authorizations for other users than the calling
@@ -29,16 +29,16 @@ user except if the calling user is authorized for org.fd.pk.read.
We also want to be able to grant authorizations through authentication.
That happens with this helper
-2755 root:polkituser /usr/libexec/polkit-grant-helper
+2755 root:polkituser /usr/libexec/polkit-grant-helper-1
This program is setgid 'polkituser' so it can write files in
-/var/{run,lib}/PolicyKit. Note that these files are created with mode
+/var/{run,lib}/polkit-1. Note that these files are created with mode
464.
To do the actual authentication check when granting authorizations
-through authentication, polkit-grant-helper uses another helper
+through authentication, polkit-grant-helper-1 uses another helper
-4754 root:polkituser /usr/libexec/polkit-grant-helper-pam
+4754 root:polkituser /usr/libexec/polkit-grant-helper-pam-1
This one is setuid root because checking authentications might need
require that (you may be checking the root password). The reason
@@ -48,33 +48,33 @@ can do this. Which polkit-grant-helper is.
On to
-2755 root:polkituser /libexec/polkit-revoke-helper
+2755 root:polkituser /libexec/polkit-revoke-helper-1
This one is used to revoke authorizations. It will only allow uid 0 and
users with the org.fd.pk.revoke authorization to do so. It needs to be
setgid polkituser to be able to modify authorization files
-in /var/{run,lib}/PolicyKit.
+in /var/{run,lib}/polkit-1.
-2755 root:polkituser /usr/libexec/polkit-explicit-grant-helper
+2755 root:polkituser /usr/libexec/polkit-explicit-grant-helper-1
Same story as for polkit-revoke-helper only this grants authorizations.
Only allowed for uid 0 and users with the org.fd.pk.grant authorization.
On to
-0755 polkituser:root /var/lib/PolicyKit-public
+0755 polkituser:root /var/lib/polkit-public-1
This is where we store modifications to the defaults. Anyone should be
able to read these files. They are created with mode 644. These files
are written / modified by this helper
-4755 polkituser:root /usr/libexec/polkit-set-default-helper
+4755 polkituser:root /usr/libexec/polkit-set-default-helper-1
which is setuid polkituser to be able to write/modify files.
On to
-4755 root:root /usr/libexec/polkit-resolve-exe-helper
+4755 root:root /usr/libexec/polkit-resolve-exe-helper-1
This is used to find the executable name for a process. On Linux this is
the /proc/<pid>/exe symlink and you can only do this for processes you
@@ -83,7 +83,7 @@ you but only if you have the org.fd.pk.read authorization. This is
important to let e.g. user 'haldaemon' check authorizations for a user
requesting service.
-0664 polkituser:polkituser /var/lib/misc/PolicyKit.reload
+0664 polkituser:polkituser /var/lib/misc/polkit-1.reload
This file is used by libpolkit to detect when something has changed
(authorizations granted/revoked, defaults changed etc.). It is
diff --git a/configure.in b/configure.in
index 9876f5c..128289c 100644
--- a/configure.in
+++ b/configure.in
@@ -1,8 +1,8 @@
dnl Process this file with autoconf to produce a configure script.
AC_PREREQ(2.59c)
-AC_INIT(PolicyKit, 0.9, http://lists.freedesktop.org/mailman/listinfo/polkit-devel)
-AM_INIT_AUTOMAKE(PolicyKit, 0.9)
+AC_INIT(PolicyKit, 0.90, http://lists.freedesktop.org/mailman/listinfo/polkit-devel)
+AM_INIT_AUTOMAKE(PolicyKit, 0.90)
AM_CONFIG_HEADER(config.h)
AM_MAINTAINER_MODE
@@ -10,7 +10,7 @@ AM_MAINTAINER_MODE
#
# See http://sources.redhat.com/autobook/autobook/autobook_91.html#SEC91 for details
#
-LT_CURRENT=2
+LT_CURRENT=1
LT_REVISION=0
LT_AGE=0
AC_SUBST(LT_CURRENT)
@@ -560,16 +560,13 @@ AC_DEFINE_UNQUOTED([GETTEXT_PACKAGE],["$GETTEXT_PACKAGE"],[gettext domain])
AC_OUTPUT([
Makefile
data/Makefile
-data/polkit
-data/polkit.pc
-data/polkit-dbus.pc
-data/polkit-grant.pc
+data/polkit-grant-1
+data/polkit-1.pc
+data/polkit-grant-1.pc
src/Makefile
src/kit/Makefile
src/polkit/Makefile
-src/polkit-dbus/Makefile
src/polkit-grant/Makefile
-polkitd/Makefile
tools/Makefile
doc/Makefile
doc/version.xml
@@ -641,36 +638,36 @@ if test "${POLKIT_AUTHDB}" = default ; then
echo "NOTE: Remember to create user ${POLKIT_USER} and group ${POLKIT_GROUP}"
echo " before 'make install'"
echo
- echo "NOTE: The directories ${localstatedir}/run/PolicyKit and ${localstatedir}/lib/PolicyKit will be"
+ echo "NOTE: The directories ${localstatedir}/run/polkit-1 and ${localstatedir}/lib/polkit-1 will be"
echo " owned by group ${POLKIT_GROUP} and will be mode 770."
echo
- echo "NOTE: The directory ${localstatedir}/lib/PolicyKit-public will be"
+ echo "NOTE: The directory ${localstatedir}/lib/polkit-public-1 will be"
echo " owned by user ${POLKIT_USER} and will be mode 755."
echo
- echo "NOTE: The file ${localstatedir}/lib/misc/PolicyKit.reload will be"
+ echo "NOTE: The file ${localstatedir}/lib/misc/polkit-1.reload will be"
echo " owned by user ${POLKIT_USER} and group ${POLKIT_GROUP} and will be mode 664."
echo
- echo "NOTE: ${libexecdir}/polkit-set-default-helper will be owned by"
+ echo "NOTE: ${libexecdir}/polkit-set-default-helper-1 will be owned by"
echo " user ${POLKIT_USER} and installed with mode 4755 (setuid binary)."
echo
- echo "NOTE: ${libexecdir}/polkit-read-auth-helper will be owned by"
+ echo "NOTE: ${libexecdir}/polkit-read-auth-helper-1 will be owned by"
echo " group ${POLKIT_GROUP} and installed with mode 2755 (setgid binary)."
echo
- echo "NOTE: ${libexecdir}/polkit-revoke-helper will be owned by"
+ echo "NOTE: ${libexecdir}/polkit-revoke-helper-1 will be owned by"
echo " group '${POLKIT_GROUP} and installed with mode 2755 (setgid binary)."
echo
- echo "NOTE: ${libexecdir}/polkit-grant-helper will be owned by"
+ echo "NOTE: ${libexecdir}/polkit-grant-helper-1 will be owned by"
echo " group ${POLKIT_GROUP} and installed with mode 2755 (setgid binary)."
echo
- echo "NOTE: ${libexecdir}/polkit-explicit-grant-helper will be owned by"
+ echo "NOTE: ${libexecdir}/polkit-explicit-grant-helper-1 will be owned by"
echo " group ${POLKIT_GROUP} and installed with mode 2755 (setgid binary)."
echo
- echo "NOTE: ${libexecdir}/polkit-grant-helper-pam will be owned by group"
+ echo "NOTE: ${libexecdir}/polkit-grant-helper-pam-1 will be owned by group"
echo " ${POLKIT_GROUP} and installed with mode 4754 (setuid root binary)."
fi
echo
-echo "NOTE: ${libexecdir}/polkit-resolve-exe-helper will be installed with"
+echo "NOTE: ${libexecdir}/polkit-resolve-exe-helper-1 will be installed with"
echo " mode 4755 (setuid root binary)."
echo
echo "NOTE: For packaging, remember to retain the modes and ownership."
diff --git a/data/Makefile.am b/data/Makefile.am
index 8b91bc3..3625609 100644
--- a/data/Makefile.am
+++ b/data/Makefile.am
@@ -4,33 +4,18 @@
#
if POLKIT_AUTHFW_PAM
pamdir = $(sysconfdir)/pam.d
-pam_DATA = polkit
+pam_DATA = polkit-grant-1
endif
pkgconfigdir = $(libdir)/pkgconfig
-pkgconfig_DATA = polkit.pc polkit-dbus.pc polkit-grant.pc
-
-confdir = $(sysconfdir)/PolicyKit
-conf_DATA = PolicyKit.conf
-
-dtddir = $(datadir)/PolicyKit
-dtd_DATA = config.dtd
+pkgconfig_DATA = polkit-1.pc polkit-grant-1.pc
dbusifdir = $(datadir)/dbus-1/interfaces
-dbusif_DATA = org.freedesktop.PolicyKit.AuthenticationAgent.xml
+dbusif_DATA = org.freedesktop.PolicyKit.AuthenticationAgent1.xml
-DISTCLEANFILES = polkit.pc polkit-dbus.pc polkit-grant.pc PolicyKit.conf
+DISTCLEANFILES = polkit-1.pc polkit-grant-1.pc
-EXTRA_DIST = polkit.in polkit.pc.in polkit-dbus.pc.in polkit-grant.pc.in PolicyKit.conf.in config.dtd org.freedesktop.PolicyKit.AuthenticationAgent.xml
+EXTRA_DIST = polkit-grant-1.in polkit-1.pc.in polkit-grant-1.pc.in org.freedesktop.PolicyKit.AuthenticationAgent1.xml
clean-local :
rm -f *~
-
-PolicyKit.conf: PolicyKit.conf.in Makefile
- $(edit) $< >$@
-
-edit = sed \
- -e 's|@docdir[@]|$(docdir)|g' \
- -e 's|@sbindir[@]|$(sbindir)|g' \
- -e 's|@sysconfdir[@]|$(sysconfdir)|g' \
- -e 's|@datadir[@]|$(datadir)|g'
diff --git a/data/PolicyKit.conf.in b/data/PolicyKit.conf.in
deleted file mode 100644
index 581dd9c..0000000
--- a/data/PolicyKit.conf.in
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- -->
-
-<!DOCTYPE pkconfig PUBLIC "-//freedesktop//DTD PolicyKit Configuration 1.0//EN"
-"http://hal.freedesktop.org/releases/PolicyKit/1.0/config.dtd">
-
-<!-- See the manual page PolicyKit.conf(5) for file format -->
-
-<config version="0.1">
-</config>
diff --git a/data/config.dtd b/data/config.dtd
deleted file mode 100644
index 64358e9..0000000
--- a/data/config.dtd
+++ /dev/null
@@ -1,18 +0,0 @@
-<!-- Document Type for PolicyKit configuration file -->
-
-<!-- <config> is the top-level element of the config file. -->
-<!ELEMENT config (match|return)* >
-<!ATTLIST config
- version (0.1) #REQUIRED
->
-
-<!ELEMENT match (match|return)* >
-<!ATTLIST match
- action CDATA #IMPLIED
- user CDATA #IMPLIED
->
-
-<!ELEMENT return (#PCDATA) >
-<!ATTLIST return
- result (no|auth_root|auth_root_keep_session|auth_root_keep_always|auth_self|auth_self_keep_session|auth_self_keep_always|yes) #REQUIRED
->
diff --git a/data/org.freedesktop.PolicyKit.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit.AuthenticationAgent.xml
deleted file mode 100644
index 9101d19..0000000
--- a/data/org.freedesktop.PolicyKit.AuthenticationAgent.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN"
- "http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
-
-<!-- This file is provided by the PolicyKit project -->
-
-<node>
- <interface name="org.freedesktop.PolicyKit.AuthenticationAgent">
-
- <method name="ObtainAuthorization">
- <!-- IN: PolicyKit action identifier; see PolKitAction -->
- <arg name="action_id" direction="in" type="s"/>
-
- <!-- IN: X11 window ID for the top-level X11 window the dialog will be transient for (pass zero if no window) -->
- <arg name="xid" direction="in" type="u"/>
-
- <!-- IN: Process ID to grant authorization to -->
- <arg name="pid" direction="in" type="u"/>
-
- <!-- OUT: whether the user gained the authorization -->
- <arg name="gained_authorization" direction="out" type="b"/>
- </method>
-
- </interface>
-</node>
diff --git a/data/org.freedesktop.PolicyKit.AuthenticationAgent1.xml b/data/org.freedesktop.PolicyKit.AuthenticationAgent1.xml
new file mode 100644
index 0000000..bf692aa
--- /dev/null
+++ b/data/org.freedesktop.PolicyKit.AuthenticationAgent1.xml
@@ -0,0 +1,24 @@
+<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
+
+<!-- This file is provided by the PolicyKit project -->
+
+<node>
+ <interface name="org.freedesktop.PolicyKit.AuthenticationAgent1">
+
+ <method name="ObtainAuthorization">
+ <!-- IN: PolicyKit action identifier; see PolKitAction -->
+ <arg name="action_id" direction="in" type="s"/>
+
+ <!-- IN: X11 window ID for the top-level X11 window the dialog will be transient for (pass zero if no window) -->
+ <arg name="xid" direction="in" type="u"/>
+
+ <!-- IN: Process ID to grant authorization to -->
+ <arg name="pid" direction="in" type="u"/>
+
+ <!-- OUT: whether the user gained the authorization -->
+ <arg name="gained_authorization" direction="out" type="b"/>
+ </method>
+
+ </interface>
+</node>
diff --git a/data/polkit-1.pc.in b/data/polkit-1.pc.in
new file mode 100644
index 0000000..5bc073c
--- /dev/null
+++ b/data/polkit-1.pc.in
@@ -0,0 +1,12 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+policydir=@datarootdir@/polkit-1/policy/
+actiondir=@datarootdir@/polkit-1/policy/
+
+Name: polkit
+Description: Authorization API
+Version: @VERSION@
+Libs: -L${libdir} -lpolkit-1
+Cflags: -I${includedir}/polkit-1
diff --git a/data/polkit-dbus.pc.in b/data/polkit-dbus.pc.in
deleted file mode 100644
index db8b554..0000000
--- a/data/polkit-dbus.pc.in
+++ /dev/null
@@ -1,11 +0,0 @@
-prefix=@prefix@
-exec_prefix=@exec_prefix@
-libdir=@libdir@
-includedir=@includedir@
-
-Name: polkit-dbus
-Description: helper library for obtaining seat, session and caller information via D-Bus and ConsoleKit
-Version: @VERSION@
-Requires: polkit dbus-1
-Libs: -L${libdir} -lpolkit-dbus
-Cflags: -I${includedir}/PolicyKit
diff --git a/data/polkit-grant-1.in b/data/polkit-grant-1.in
new file mode 100644
index 0000000..142dadd
--- /dev/null
+++ b/data/polkit-grant-1.in
@@ -0,0 +1,6 @@
+#%PAM-1.0
+
+auth include @PAM_FILE_INCLUDE_AUTH@
+account include @PAM_FILE_INCLUDE_ACCOUNT@
+password include @PAM_FILE_INCLUDE_PASSWORD@
+session include @PAM_FILE_INCLUDE_SESSION@
diff --git a/data/polkit-grant-1.pc.in b/data/polkit-grant-1.pc.in
new file mode 100644
index 0000000..5d75382
--- /dev/null
+++ b/data/polkit-grant-1.pc.in
@@ -0,0 +1,11 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: polkit-grant-1
+Description: Library for obtaining authorizations through authentication
+Version: @VERSION@
+Requires: polkit-1
+Libs: -L${libdir} -lpolkit-grant-1
+Cflags: -I${includedir}/polkit-1
diff --git a/data/polkit-grant.pc.in b/data/polkit-grant.pc.in
deleted file mode 100644
index 6055f72..0000000
--- a/data/polkit-grant.pc.in
+++ /dev/null
@@ -1,11 +0,0 @@
-prefix=@prefix@
-exec_prefix=@exec_prefix@
-libdir=@libdir@
-includedir=@includedir@
-
-Name: polkit-grant
-Description: library for obtaining privileges via PolicyKit
-Version: @VERSION@
-Requires: glib-2.0 polkit
-Libs: -L${libdir} -lpolkit-grant
-Cflags: -I${includedir}/PolicyKit
diff --git a/data/polkit.in b/data/polkit.in
deleted file mode 100644
index 142dadd..0000000
--- a/data/polkit.in
+++ /dev/null
@@ -1,6 +0,0 @@
-#%PAM-1.0
-
-auth include @PAM_FILE_INCLUDE_AUTH@
-account include @PAM_FILE_INCLUDE_ACCOUNT@
-password include @PAM_FILE_INCLUDE_PASSWORD@
-session include @PAM_FILE_INCLUDE_SESSION@
diff --git a/data/polkit.pc.in b/data/polkit.pc.in
deleted file mode 100644
index cf94447..0000000
--- a/data/polkit.pc.in
+++ /dev/null
@@ -1,11 +0,0 @@
-prefix=@prefix@
-exec_prefix=@exec_prefix@
-libdir=@libdir@
-includedir=@includedir@
-policydir=@datarootdir@/PolicyKit/policy/
-
-Name: polkit
-Description: library for querying system-wide policy
-Version: @VERSION@
-Libs: -L${libdir} -lpolkit
-Cflags: -I${includedir}/PolicyKit
diff --git a/doc/Makefile.am b/doc/Makefile.am
index d395b71..4064815 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -7,7 +7,7 @@ NULL =
AUTOMAKE_OPTIONS = 1.7
# The name of the module.
-DOC_MODULE=polkit
+DOC_MODULE=polkit-1
# The top-level SGML file.
DOC_MAIN_SGML_FILE=polkit-docs.xml
@@ -51,17 +51,15 @@ MKDB_OPTIONS=--sgml-mode --output-format=xml
MKTMPL_OPTIONS=
# Non-autogenerated SGML files to be included in $(DOC_MAIN_SGML_FILE)
-content_files = \
- version.xml \
- man/PolicyKit.xml \
- man/PolicyKit.conf.xml \
- man/polkit-auth.xml \
- man/polkit-action.xml \
- man/polkit-policy-file-validate.xml \
- man/polkit-config-file-validate.xml \
- spec/polkit-spec-configuration.xml \
- spec/polkit-spec-introduction.xml \
- spec/polkit-spec-model.xml \
+content_files = \
+ version.xml \
+ man/PolicyKit.xml \
+ man/polkit-auth.xml \
+ man/polkit-action.xml \
+ man/polkit-policy-file-validate.xml \
+ spec/polkit-spec-configuration.xml \
+ spec/polkit-spec-introduction.xml \
+ spec/polkit-spec-model.xml \
$(NULL)
# Images to copy into HTML directory
diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am
index 51db9b6..76c53f3 100644
--- a/doc/man/Makefile.am
+++ b/doc/man/Makefile.am
@@ -1,23 +1,19 @@
if MAN_PAGES_ENABLED
-man_MANS = polkit-auth.1 \
- polkit-action.1 \
- polkit-config-file-validate.1 \
- polkit-policy-file-validate.1 \
- PolicyKit.conf.5 \
- PolicyKit.8
+man_MANS = polkit-auth-1.1 \
+ polkit-action-1.1 \
+ polkit-policy-file-validate-1.1 \
+ PolicyKit-1.8
-%.1 %.5 %.8 : %.xml
+%-1.1 %-1.8 : %.xml
$(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
endif # MAN_PAGES_ENABLED
-EXTRA_DIST= PolicyKit.conf.xml \
- PolicyKit.xml \
- polkit-config-file-validate.xml \
- polkit-auth.xml \
- polkit-action.xml \
+EXTRA_DIST= PolicyKit.xml \
+ polkit-auth.xml \
+ polkit-action.xml \
polkit-policy-file-validate.xml
clean-local:
diff --git a/doc/man/PolicyKit.conf.xml b/doc/man/PolicyKit.conf.xml
deleted file mode 100644
index 52ddbdd..0000000
--- a/doc/man/PolicyKit.conf.xml
+++ /dev/null
@@ -1,388 +0,0 @@
-<refentry id="PolicyKit.conf.5">
- <refentryinfo>
- <title>PolicyKit.conf</title>
- <date>August 2007</date>
- <productname>PolicyKit</productname>
- </refentryinfo>
-
- <refmeta>
- <refentrytitle>PolicyKit.conf</refentrytitle>
- <manvolnum>5</manvolnum>
- <refmiscinfo class="version"></refmiscinfo>
- </refmeta>
-
- <refnamediv>
- <refname>PolicyKit.conf</refname>
- <refpurpose>PolicyKit configuration file</refpurpose>
- </refnamediv>
-
- <refsect1><title>DESCRIPTION</title>
- <para>
- The <filename>/etc/PolicyKit/PolicyKit.conf</filename>
- configuration file provides a way for system administrators to
- override policy for mechanisms that use the PolicyKit library to
- determine whether a caller is allowed to use the mechanism.
- </para>
-
- <para>
- Changes to this configuration file are immediately propagated to
- running processes using the PolicyKit library. If the
- configuration file is invalid, processes using this library will
- log this fact to the system logger and the library will only
- only return <emphasis>no</emphasis> as the answer to processes
- using it.
- </para>
-
- <para>
- The <citerefentry><refentrytitle>polkit-config-file-validate</refentrytitle><manvolnum>1</manvolnum></citerefentry>
- tool can be used to verify that the configuration file is
- valid.
- </para>
- </refsect1>
-
- <refsect1>
- <title>FILE FORMAT</title>
- <para>
- The configuration file is an XML document. It must have the
- following doctype declaration:
- </para>
-
- <programlisting>
- <![CDATA[
-<!DOCTYPE pkconfig PUBLIC
- "-//freedesktop//DTD PolicyKit Configuration 1.0//EN"
- "http://hal.freedesktop.org/releases/PolicyKit/1.0/config.dtd">
-]]>
- </programlisting>
-
- <para>
- The following elements may be present in the configuration file:
- </para>
-
- <refsect2>
- <title>config</title>
- <para>
- This is the root element. A single
- attribute <emphasis>version</emphasis> must be present and
- must be set to "0.1" at this point. There can only be one
- <emphasis>config</emphasis> element in the configuration file.
- </para>
- </refsect2>
-
- <refsect2>
- <title>match</title>
- <para>
- This element is for matching information related to the
- decision making process and includes values describing both
- the caller and the action. This element can be embedded in
- both <emphasis>config</emphasis> and
- other <emphasis>match</emphasis> elements (hence allowing for
- nested matching).
- </para>
- <para>
- There can only be a single attribute in
- each <emphasis>match</emphasis> element and POSIX Extended
- Regular Expression syntax are supported in the value part. The
- following attributes are supported:
- </para>
-
- <variablelist>
- <varlistentry>
- <term><emphasis>user</emphasis></term>
- <listitem>
- <para>
- This matches on the users login name.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><emphasis>action</emphasis></term>
- <listitem>
- <para>
- For matching on the given action being queried for, for
- example
- <emphasis>action="org.foo.*"</emphasis> will match
- on all actions whose action identifier begins with
- the string "org.foo.".
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
-
- </refsect2>
-
- <refsect2>
- <title>return</title>
- <para>
- This element is for used to specify what result the PolicyKit
- library will return. It can only be embedded in
- <emphasis>config</emphasis> and <emphasis>match</emphasis>
- elements and can embed no elements
- itself. The <emphasis>return</emphasis> element is
- typically used deeply inside a number
- of <emphasis>match</emphasis> elements. A single attribute,
- <emphasis>result</emphasis> is supported and it can assume
- the following values:
- </para>
-
- <variablelist>
- <varlistentry>
- <term><emphasis>no</emphasis></term>
- <listitem>
- <para>
- Access denied.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><emphasis>auth_self</emphasis></term>
- <listitem>
- <para>
- Access denied, but authentication of the caller as
- himself will grant access to only that caller.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><emphasis>auth_self_keep_session</emphasis></term>
- <listitem>
- <para>
- Access denied, but authentication of the caller as
- himself will grant access to any caller in the
- session of the caller belongs to.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><emphasis>auth_self_keep_always</emphasis></term>
- <listitem>
- <para>
- Access denied, but authentication of the caller as
- himself will grant access any caller with the given
- uid in the future.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><emphasis>auth_admin</emphasis></term>
- <listitem>
- <para>
- Access denied, but authentication of the caller as
- an administrative user will grant access to only
- that caller.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><emphasis>auth_admin_keep_session</emphasis></term>
- <listitem>
- <para>
- Access denied, but authentication of the caller as
- an administrative user will grant access to any caller
- in the session of the caller belongs to.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><emphasis>auth_admin_keep_always</emphasis></term>
- <listitem>
- <para>
- Access denied, but authentication of the caller as
- an administrative user will grant access any caller
- with the given uid in the future.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><emphasis>yes</emphasis></term>
- <listitem>
- <para>
- Access granted.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
-
- </refsect2>
-
- <refsect2>
- <title>define_admin_auth</title>
- <para>
- This element is used to specify the meaning of
- <emphasis>"authenticate as administrator"</emphasis>. It
- is normally used at the top-level but can also be used
- deep inside a number of
- <emphasis>match</emphasis> elements for conditional
- behavior.
- </para>
-
- <para>
- There can only be a single attribute in
- each <emphasis>define_admin_auth</emphasis> element. POSIX
- Extended Regular Expression syntax
- is <emphasis>not</emphasis> supported in the value part,
- however multiple values to match on can be separated with
- the bar (|) character. The following attributes are
- supported:
- </para>
-
- <variablelist>
- <varlistentry>
- <term><emphasis>user</emphasis></term>
- <listitem>
- <para>
- Administrator authentication means authenticate as
- the given user(s). If
- no <emphasis>define_admin_auth</emphasis> element is
- given, the default is to
- use <emphasis>user="root"</emphasis>
- e.g. administrator authentication mean authenticate
- as the super user.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><emphasis>group</emphasis></term>
- <listitem>
- <para>
- Administrator authentication means that any user in
- the groups matching the given value can be used to
- authenticate. Typically, on a system with the root
- account disabled one wants to use something like
- <emphasis>group="wheel"</emphasis> to e.g. enable
- all UNIX users in the UNIX group
- <emphasis>wheel</emphasis> to be able to
- authentication whenever administrator authentication
- is required.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
-
- </refsect2>
-
- </refsect1>
-
- <refsect1>
- <title>EXAMPLES</title>
- <para>
- For brevity, the standard XML and DOCTYPE headers as well as
- the top-level <emphasis>config</emphasis> are omitted in the
- following configuration file examples. The actions used may
- also be fictional,
- use <citerefentry><refentrytitle>polkit-action</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
- to learn about the actions available on your system.
- </para>
-
- <refsect2>
- <title>ALLOW EVERYTHING</title>
- <para>
- The users "davidz" and "bateman" are allowed to do any
- action:
- </para>
- <programlisting>
- <![CDATA[
-<match user="davidz|bateman">
- <return result="yes"/>
-</match>
-]]>
- </programlisting>
- </refsect2>
-
- <refsect2>
- <title>MOUNTING FIXED DRIVES</title>
- <para>
- Suppose the
- action <emphasis>org.freedesktop.hal.storage.mount-fixed</emphasis>
- is used to determine whether mounting internal hard drives
- are allowed. Then this configuration file
-
- </para>
- <programlisting>
- <![CDATA[
-<match action="org.freedesktop.hal.storage.mount-fixed">
- <match user="davidz">
- <return result="yes"/>
- </match>
- <match user="freddy">
- <return result="no"/>
- </match>
-</match>
-]]>
- </programlisting>
- <para>
- specifies that user "davidz" is always allowed to do the
- action, while user "freddy" is never allowed to do the
- action. Other users will be subject to the defaults
- results specified in the <emphasis>.policy</emphasis> file
- describing the action.
- </para>
- </refsect2>
-
- <refsect2>
- <title>AVOIDING THE ROOT PASSWORD</title>
- <para>
- Suppose the group <emphasis>wheel</emphasis> contains the
- users on a system who are allowed to carry out administrative
- tasks (ie. tasks that would usually require the root password)
- on a system where the root account is disabled. Then
- </para>
- <programlisting>
- <![CDATA[
-<define_admin_auth group="wheel"/>
-]]>
- </programlisting>
- <para>
- can be used to specify that users in said group can
- authenticate using their own password in instances where the
- system would normally prompt for the root password.
- </para>
- </refsect2>
-
- </refsect1>
-
- <refsect1>
- <title>AUTHOR</title>
- <para>
- Written by David Zeuthen <email>david at fubar.dk</email> with
- a lot of help from many others.
- </para>
- </refsect1>
-
- <refsect1>
- <title>BUGS</title>
- <para>
- Please send bug reports to either the distribution or the
- hal mailing list,
- see <ulink url="http://lists.freedesktop.org/mailman/listinfo/hal"/>.
- to subscribe.
- </para>
- </refsect1>
-
- <refsect1>
- <title>SEE ALSO</title>
- <para>
- <citerefentry>
- <refentrytitle>PolicyKit</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>polkit-config-file-validate</refentrytitle><manvolnum>1</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>polkit-action</refentrytitle><manvolnum>1</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>polkit-auth</refentrytitle><manvolnum>1</manvolnum>
- </citerefentry>
- </para>
- </refsect1>
-</refentry>
diff --git a/doc/man/PolicyKit.xml b/doc/man/PolicyKit.xml
index 23b11d6..071f0b3 100644
--- a/doc/man/PolicyKit.xml
+++ b/doc/man/PolicyKit.xml
@@ -1,19 +1,19 @@
-<refentry id="PolicyKit.8">
+<refentry id="PolicyKit-1.8">
<refentryinfo>
- <title>PolicyKit</title>
+ <title>PolicyKit-1</title>
<date>August 2007</date>
- <productname>PolicyKit</productname>
+ <productname>PolicyKit-1</productname>
</refentryinfo>
<refmeta>
- <refentrytitle>PolicyKit</refentrytitle>
+ <refentrytitle>PolicyKit-1</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="version"></refmiscinfo>
</refmeta>
<refnamediv>
- <refname>PolicyKit</refname>
- <refpurpose>Centralized policy management</refpurpose>
+ <refname>PolicyKit-1</refname>
+ <refpurpose>Authorization API</refpurpose>
</refnamediv>
<refsect1><title>DESCRIPTION</title>
@@ -42,8 +42,8 @@
<title>BUGS</title>
<para>
Please send bug reports to either the distribution or the
- hal mailing list,
- see <ulink url="http://lists.freedesktop.org/mailman/listinfo/hal"/>.
+ polkit-devel mailing list,
+ see <ulink url="http://lists.freedesktop.org/mailman/listinfo/polkit-devel"/>.
to subscribe.
</para>
</refsect1>
@@ -52,13 +52,10 @@
<title>SEE ALSO</title>
<para>
<citerefentry>
- <refentrytitle>PolicyKit.conf</refentrytitle><manvolnum>5</manvolnum>
+ <refentrytitle>polkit-action-1</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>polkit-action</refentrytitle><manvolnum>1</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>polkit-auth</refentrytitle><manvolnum>1</manvolnum>
+ <refentrytitle>polkit-auth-1</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>
</para>
</refsect1>
diff --git a/doc/man/polkit-action.xml b/doc/man/polkit-action.xml
index 3d1cc29..629d7ea 100644
--- a/doc/man/polkit-action.xml
+++ b/doc/man/polkit-action.xml
@@ -1,24 +1,24 @@
-<refentry id="polkit-action.1">
+<refentry id="polkit-action-1.1">
<refentryinfo>
- <title>polkit-action</title>
+ <title>polkit-action-1</title>
<date>August 2007</date>
- <productname>PolicyKit</productname>
+ <productname>PolicyKit-1</productname>
</refentryinfo>
<refmeta>
- <refentrytitle>polkit-action</refentrytitle>
+ <refentrytitle>polkit-action-1</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="version"></refmiscinfo>
</refmeta>
<refnamediv>
- <refname>polkit-action</refname>
+ <refname>polkit-action-1</refname>
<refpurpose>List and modify registered PolicyKit actions</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
- <command>polkit-action</command>
+ <command>polkit-action-1</command>
<arg><option>--action <replaceable>action</replaceable></option></arg>
<arg><option>--reset-defaults <replaceable>action</replaceable></option></arg>
<arg><option>--show-overrides</option></arg>
@@ -33,7 +33,7 @@
<refsect1>
<title>DESCRIPTION</title>
<para>
- polkit-action is used to list and modify the PolicyKit actions
+ polkit-action-1 is used to list and modify the PolicyKit actions
that are registered on the system.
</para>
</refsect1>
@@ -174,8 +174,8 @@
<title>BUGS</title>
<para>
Please send bug reports to either the distribution or the
- hal mailing list,
- see <ulink url="http://lists.freedesktop.org/mailman/listinfo/hal"/>.
+ polkit-devel mailing list,
+ see <ulink url="http://lists.freedesktop.org/mailman/listinfo/polkit-devel"/>.
to subscribe.
</para>
</refsect1>
@@ -187,10 +187,7 @@
<refentrytitle>PolicyKit</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>PolicyKit.conf</refentrytitle><manvolnum>5</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>polkit-auth</refentrytitle><manvolnum>1</manvolnum>
+ <refentrytitle>polkit-auth-1</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>
</para>
</refsect1>
diff --git a/doc/man/polkit-auth.xml b/doc/man/polkit-auth.xml
index 8a4735f..bea49f5 100644
--- a/doc/man/polkit-auth.xml
+++ b/doc/man/polkit-auth.xml
@@ -1,24 +1,24 @@
-<refentry id="polkit-auth.1">
+<refentry id="polkit-auth-1.1">
<refentryinfo>
- <title>polkit-auth</title>
+ <title>polkit-auth-1</title>
<date>August 2007</date>
- <productname>PolicyKit</productname>
+ <productname>PolicyKit-1</productname>
</refentryinfo>
<refmeta>
- <refentrytitle>polkit-auth</refentrytitle>
+ <refentrytitle>polkit-auth-1</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="version"></refmiscinfo>
</refmeta>
<refnamediv>
- <refname>polkit-auth</refname>
+ <refname>polkit-auth-1</refname>
<refpurpose>Manage authorizations</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
- <command>polkit-auth</command>
+ <command>polkit-auth-1</command>
<arg><option>--obtain <replaceable>action</replaceable></option></arg>
<arg><option>--show-obtainable</option></arg>
<arg><option><arg><option>--user <replaceable>user</replaceable></option></arg> --explicit</option></arg>
@@ -34,7 +34,7 @@
<refsect1>
<title>DESCRIPTION</title>
<para>
- polkit-auth is used to inspect, obtain, grant and revoke
+ polkit-auth-1 is used to inspect, obtain, grant and revoke
PolicyKit authorizations. If invoked without any options, the
authorizations of the calling process will be printed.
</para>
@@ -73,7 +73,7 @@
POLKIT_AUTH_FORCE_TEXT is set. If the environment variable
POLKIT_AUTH_GRANT_TO_PID is set, the authorization will be
granted to that process id instead of the invoking process
- (e.g. the shell from which polkit-auth is launched).
+ (e.g. the shell from which polkit-auth-1 is launched).
</para>
</listitem>
</varlistentry>
@@ -308,7 +308,7 @@
<citerefentry>
<refentrytitle>bash</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>
- shell. For completion to properly work for polkit-auth,
+ shell. For completion to properly work for polkit-auth-1,
arguments should be entered in the order specified in this
manual page; for example. <option>--user</option> should be
specified before <option>--revoke</option> to complete only on
@@ -323,8 +323,8 @@
<title>BUGS</title>
<para>
Please send bug reports to either the distribution or the
- hal mailing list,
- see <ulink url="http://lists.freedesktop.org/mailman/listinfo/hal"/>.
+ polkit-devel mailing list,
+ see <ulink url="http://lists.freedesktop.org/mailman/listinfo/polkit-devel"/>.
to subscribe.
</para>
</refsect1>
@@ -333,13 +333,10 @@
<title>SEE ALSO</title>
<para>
<citerefentry>
- <refentrytitle>PolicyKit</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>PolicyKit-1</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>PolicyKit.conf</refentrytitle><manvolnum>5</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>polkit-action</refentrytitle><manvolnum>1</manvolnum>
+ <refentrytitle>polkit-action-1</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>
</para>
</refsect1>
diff --git a/doc/man/polkit-config-file-validate.xml b/doc/man/polkit-config-file-validate.xml
deleted file mode 100644
index a9bbb80..0000000
--- a/doc/man/polkit-config-file-validate.xml
+++ /dev/null
@@ -1,96 +0,0 @@
-<refentry id="polkit-config-file-validate.1">
- <refentryinfo>
- <title>polkit-config-file-validate</title>
- <date>August 2007</date>
- <productname>PolicyKit</productname>
- </refentryinfo>
-
- <refmeta>
- <refentrytitle>polkit-config-file-validate</refentrytitle>
- <manvolnum>1</manvolnum>
- <refmiscinfo class="version"></refmiscinfo>
- </refmeta>
-
- <refnamediv>
- <refname>polkit-config-file-validate</refname>
- <refpurpose>Validate a PolicyKit configuration file</refpurpose>
- </refnamediv>
-
- <refsynopsisdiv>
- <cmdsynopsis>
- <command>polkit-config-file-validate <replaceable>[/path/to/config/file]</replaceable></command>
- <arg><option>--version</option></arg>
- <arg><option>--help</option></arg>
- </cmdsynopsis>
- </refsynopsisdiv>
-
- <refsect1>
- <title>DESCRIPTION</title>
- <para>
- polkit-config-file-validate is used to verify that a given
- PolicyKit configuration file is valid. If no path to a
- config file is given, the default
- <filename>/etc/PolicyKit/PolicyKit.conf</filename> file
- will be verified.
- </para>
-
- <para>
- The typical role of this tool is to verify a configuration
- file before deploying it on one or more machines.
- </para>
-
- <para>
- This program exit with exit code 0 if the configuration file
- is valid. If not, the program exits with a non-zero exit
- code.
- </para>
- </refsect1>
-
- <refsect1>
- <title>OPTIONS</title>
- <variablelist>
- <varlistentry>
- <term><option>--version</option></term>
- <listitem>
- <para>
- Show version and exit.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>--help</option></term>
- <listitem>
- <para>
- Show usage information and exit.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect1>
-
- <refsect1>
- <title>BUGS</title>
- <para>
- Please send bug reports to either the distribution or the
- hal mailing list,
- see <ulink url="http://lists.freedesktop.org/mailman/listinfo/hal"/>.
- to subscribe.
- </para>
- </refsect1>
-
- <refsect1>
- <title>SEE ALSO</title>
- <para>
- <citerefentry>
- <refentrytitle>PolicyKit</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>PolicyKit.conf</refentrytitle><manvolnum>5</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>polkit-policy-file-validate</refentrytitle><manvolnum>1</manvolnum>
- </citerefentry>
- </para>
- </refsect1>
-</refentry>
diff --git a/doc/man/polkit-policy-file-validate.xml b/doc/man/polkit-policy-file-validate.xml
index 7fb55f0..61a17e2 100644
--- a/doc/man/polkit-policy-file-validate.xml
+++ b/doc/man/polkit-policy-file-validate.xml
@@ -1,24 +1,24 @@
-<refentry id="polkit-policy-file-validate.1">
+<refentry id="polkit-policy-file-validate-1.1">
<refentryinfo>
- <title>polkit-policy-file-validate</title>
+ <title>polkit-policy-file-validate-1</title>
<date>August 2007</date>
- <productname>PolicyKit</productname>
+ <productname>PolicyKit-1</productname>
</refentryinfo>
<refmeta>
- <refentrytitle>polkit-policy-file-validate</refentrytitle>
+ <refentrytitle>polkit-policy-file-validate-1</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="version"></refmiscinfo>
</refmeta>
<refnamediv>
- <refname>polkit-policy-file-validate</refname>
+ <refname>polkit-policy-file-validate-1</refname>
<refpurpose>Validate a PolicyKit policy file</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
- <command>polkit-policy-file-validate <replaceable>policy-files</replaceable></command>
+ <command>polkit-policy-file-validate-1 <replaceable>policy-files</replaceable></command>
<arg><option>--version</option></arg>
<arg><option>--help</option></arg>
</cmdsynopsis>
@@ -27,7 +27,7 @@
<refsect1>
<title>DESCRIPTION</title>
<para>
- polkit-policy-file-validate is used to verify that one or
+ polkit-policy-file-validate-1 is used to verify that one or
more PolicyKit <emphasis>.policy</emphasis> files are valid.
</para>
@@ -72,8 +72,8 @@
<title>BUGS</title>
<para>
Please send bug reports to either the distribution or the
- hal mailing list,
- see <ulink url="http://lists.freedesktop.org/mailman/listinfo/hal"/>.
+ polkit-devel mailing list,
+ see <ulink url="http://lists.freedesktop.org/mailman/listinfo/polkit-devel"/>.
to subscribe.
</para>
</refsect1>
@@ -82,14 +82,8 @@
<title>SEE ALSO</title>
<para>
<citerefentry>
- <refentrytitle>PolicyKit</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>PolicyKit-1</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
- <citerefentry>
- <refentrytitle>PolicyKit.conf</refentrytitle><manvolnum>5</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>polkit-config-file-validate</refentrytitle><manvolnum>1</manvolnum>
- </citerefentry>
</para>
</refsect1>
</refentry>
diff --git a/doc/polkit-docs.xml b/doc/polkit-docs.xml
index 5673bb3..91e0bec 100644
--- a/doc/polkit-docs.xml
+++ b/doc/polkit-docs.xml
@@ -91,7 +91,7 @@
<xi:include href="xml/polkit-seat.xml"/>
<xi:include href="xml/polkit-session.xml"/>
<xi:include href="xml/polkit-caller.xml"/>
- <xi:include href="xml/polkit-dbus.xml"/>
+ <xi:include href="xml/polkit-tracker.xml"/>
<xi:include href="xml/polkit-context.xml"/>
<xi:include href="xml/polkit-config.xml"/>
<xi:include href="xml/polkit-policy-file.xml"/>
diff --git a/policy/Makefile.am b/policy/Makefile.am
index 96941d0..d062a8e 100644
--- a/policy/Makefile.am
+++ b/policy/Makefile.am
@@ -1,12 +1,12 @@
-polkit_policydir = $(datadir)/PolicyKit/policy
+polkit_actiondir = $(datadir)/polkit-1/actions
-dist_polkit_policy_DATA = org.freedesktop.policykit.policy
+dist_polkit_action_DATA = org.freedesktop.policykit.policy
@INTLTOOL_POLICY_RULE@
check:
- $(top_builddir)/tools/polkit-policy-file-validate $(top_srcdir)/policy/$(dist_polkit_policy_DATA)
+ $(top_builddir)/tools/polkit-policy-file-validate-1 $(top_srcdir)/policy/$(dist_polkit_action_DATA)
clean-local :
rm -f *~
diff --git a/src/Makefile.am b/src/Makefile.am
index 02554f1..5e2267f 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1,5 +1,5 @@
-SUBDIRS = kit polkit polkit-dbus polkit-grant
+SUBDIRS = kit polkit polkit-grant
clean-local :
rm -f *~
diff --git a/src/polkit-dbus/Makefile.am b/src/polkit-dbus/Makefile.am
deleted file mode 100644
index 4166f98..0000000
--- a/src/polkit-dbus/Makefile.am
+++ /dev/null
@@ -1,125 +0,0 @@
-## Process this file with automake to produce Makefile.in
-
-INCLUDES = \
- -I$(top_builddir)/src -I$(top_srcdir)/src \
- -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
- -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
- -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
- -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
- -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \
- -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
- -DPACKAGE_LIB_DIR=\""$(libdir)"\" \
- -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
- -DPOLKIT_COMPILATION \
- @DBUS_CFLAGS@
-
-lib_LTLIBRARIES=libpolkit-dbus.la
-
-libpolkit_dbusincludedir=$(includedir)/PolicyKit/polkit-dbus
-
-libpolkit_dbusinclude_HEADERS = \
- polkit-dbus.h \
- polkit-simple.h
-
-libpolkit_dbus_la_SOURCES = \
- polkit-dbus.h polkit-dbus.c \
- polkit-simple.h polkit-simple.c
-
-libpolkit_dbus_la_LIBADD = @DBUS_LIBS@ $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la $(SELINUX_LIBS)
-
-if POLKIT_BUILD_TESTS
-libpolkit_dbus_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@
-else
-libpolkit_dbus_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@ \
- -export-dynamic -no-undefined -export-symbols-regex '^polkit_.*'
-endif
-
-libexec_PROGRAMS = polkit-resolve-exe-helper
-
-polkit_resolve_exe_helper_SOURCES = polkit-resolve-exe-helper.c
-polkit_resolve_exe_helper_CFLAGS = @DBUS_CFLAGS@
-polkit_resolve_exe_helper_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la libpolkit-dbus.la
-
-if POLKIT_AUTHDB_DEFAULT
-libexec_PROGRAMS += polkit-read-auth-helper polkit-set-default-helper
-
-polkit_read_auth_helper_SOURCES = polkit-read-auth-helper.c
-polkit_read_auth_helper_CFLAGS = @DBUS_CFLAGS@
-polkit_read_auth_helper_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la libpolkit-dbus.la
-
-polkit_set_default_helper_SOURCES = polkit-set-default-helper.c
-polkit_set_default_helper_CFLAGS = @DBUS_CFLAGS@
-polkit_set_default_helper_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la libpolkit-dbus.la
-
-# polkit-read-auth-helper needs to be setgid $POLKIT_GROUP to be able
-# to read authorization files in /var/lib/PolicyKit and
-# /var/run/PolicyKit
-#
-# polkit-set-default-helper needs to be setuid $POLKIT_USER to be able
-# to write .defaults-override files in /var/lib/PolicyKit-public
-#
-# polkit-resolve-exe-helper needs to be setuid root to be able to resolve
-# /proc/$pid/exe symlinks.
-#
-install-exec-hook:
- -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-read-auth-helper
- -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-read-auth-helper
- -chown $(POLKIT_USER) $(DESTDIR)$(libexecdir)/polkit-set-default-helper
- -chmod 4755 $(DESTDIR)$(libexecdir)/polkit-set-default-helper
- -chmod 4755 $(DESTDIR)$(libexecdir)/polkit-resolve-exe-helper
-else
-install-exec-hook:
- -chmod 4755 $(DESTDIR)$(libexecdir)/polkit-resolve-exe-helper
-endif
-
-
-## note that TESTS has special meaning (stuff to use in make check)
-## so if adding tests not to be run in make check, don't add them to
-## TESTS
-if KIT_BUILD_TESTS
-TESTS_ENVIRONMENT=
-TESTS=polkit-dbus-test
-
-check_PROGRAMS=$(TESTS)
-
-polkit_dbus_test_SOURCES= \
- polkit-dbus-test.h polkit-dbus-test.c
-
-polkit_dbus_test_LDADD=$(top_builddir)/src/polkit-dbus/libpolkit-dbus.la
-polkit_dbus_test_LDFLAGS=
-
-if KIT_GCOV_ENABLED
-clean-gcov:
- rm -f *.gcov .libs/*.gcda *.gcda
-
-.PHONY: coverage-report.txt covered-files.txt
-
-covered-files.txt :
- echo $(addprefix src/polkit-dbus/,$(filter %.c,$(libpolkit_dbus_la_SOURCES))) > covered-files.txt
-if POLKIT_AUTHDB_DEFAULT
- echo src/polkit-dbus/polkit-read-auth-helper.c >> covered-files.txt
-endif
-
-coverage-report.txt : covered-files.txt clean-gcov all check
- gcov $(filter %.c,$(libpolkit_dbus_la_SOURCES)) -o .libs/ > /dev/null
-if POLKIT_AUTHDB_DEFAULT
- gcov polkit-read-auth-helper.c -o .libs/ > /dev/null
-endif
- $(top_srcdir)/test/create-coverage-report.sh "module polkit-dbus" `cat covered-files.txt` > coverage-report.txt
-
-check-coverage : coverage-report.txt
- cat coverage-report.txt
-else
-coverage-report.txt:
- @echo "Need to reconfigure with --enable-gcov"
-
-check-coverage:
- @echo "Need to reconfigure with --enable-gcov"
-endif
-
-else
-TESTS=
-endif
-
-clean-local :
- rm -f *~ *.bb *.bbg *.da *.gcov .libs/*.da .libs/*.bbg
diff --git a/src/polkit-dbus/polkit-dbus-test.c b/src/polkit-dbus/polkit-dbus-test.c
deleted file mode 100644
index e5bde67..0000000
--- a/src/polkit-dbus/polkit-dbus-test.c
+++ /dev/null
@@ -1,63 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-dbus-test.c : polkit-dbus tests
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use, copy,
- * modify, merge, publish, distribute, sublicense, and/or sell copies
- * of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- *
- **************************************************************************/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <syslog.h>
-#include <polkit/polkit-private.h>
-#include <polkit-dbus/polkit-dbus-test.h>
-
-#define MAX_TESTS 64
-
-/**
- * SECTION:polkit-dbus-test
- * @short_description: Testing code for libpolkit-dbus
- *
- * Testing code for libpolkit-dbus
- */
-
-static KitTest *tests[] = {
- &_test_polkit_dbus,
-};
-
-int
-main (int argc, char *argv[])
-{
- /* Some of the code will log to syslog because .policy files
- * etc. may be malformed. Since this will open a socket to the
- * system logger preempt this so the fd-leak checking don't
- * freak out.
- */
- syslog (LOG_INFO, "libpolkit-dbus: initiating test; bogus alerts may be written to syslog");
-
- if (kit_test_run (tests, sizeof (tests) / sizeof (KitTest*)))
- return 0;
- else
- return 1;
-}
diff --git a/src/polkit-dbus/polkit-dbus-test.h b/src/polkit-dbus/polkit-dbus-test.h
deleted file mode 100644
index 59e482d..0000000
--- a/src/polkit-dbus/polkit-dbus-test.h
+++ /dev/null
@@ -1,47 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-dbus-test.h : polkit-dbus tests
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use, copy,
- * modify, merge, publish, distribute, sublicense, and/or sell copies
- * of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION)
-#error "polkit-dbus-test.h is a private file"
-#endif
-
-#ifndef POLKIT_DBUS_TEST_H
-#define POLKIT_DBUS_TEST_H
-
-#include <kit/kit.h>
-
-POLKIT_BEGIN_DECLS
-
-extern KitTest _test_polkit_dbus;
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_DBUS_TEST_H */
-
-
diff --git a/src/polkit-dbus/polkit-dbus.c b/src/polkit-dbus/polkit-dbus.c
deleted file mode 100644
index f7be03f..0000000
--- a/src/polkit-dbus/polkit-dbus.c
+++ /dev/null
@@ -1,1558 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-dbus.h : helper library for obtaining seat, session and
- * caller information via D-Bus and ConsoleKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use, copy,
- * modify, merge, publish, distribute, sublicense, and/or sell copies
- * of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- *
- **************************************************************************/
-
-/**
- * SECTION:polkit-dbus
- * @title: Caller Determination
- * @short_description: Obtaining seat, session and caller information
- * via D-Bus and ConsoleKit.
- *
- * Helper library for obtaining seat, session and caller information
- * via D-Bus and ConsoleKit. This library is only useful when writing
- * a mechanism.
- *
- * If the mechanism itself is a daemon exposing a remote services via
- * the system message bus it's often a better idea, to reduce
- * roundtrips, to use the high-level #PolKitTracker class rather than
- * the low-level functions polkit_caller_new_from_dbus_name() and
- * polkit_caller_new_from_pid().
- *
- * These functions are in <literal>libpolkit-dbus</literal>.
- **/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <sys/time.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <errno.h>
-#include <time.h>
-#include <string.h>
-
-#ifdef HAVE_SELINUX
-#include <selinux/selinux.h>
-#endif
-
-#include "polkit-dbus.h"
-#include <polkit/polkit-debug.h>
-#include <polkit/polkit-test.h>
-#include <polkit/polkit-private.h>
-
-/**
- * polkit_session_new_from_objpath:
- * @con: D-Bus system bus connection
- * @objpath: object path of ConsoleKit session object
- * @uid: the user owning the session or -1 if unknown
- * @error: D-Bus error
- *
- * This function will construct a #PolKitSession object by querying
- * the ConsoleKit daemon for information. Note that this will do a lot
- * of blocking IO so it is best avoided if your process already
- * tracks/caches all the information. If you pass in @uid as a
- * non-negative number, a round trip can be saved.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Returns: the new object or #NULL if an error occured (in which case
- * @error will be set)
- **/
-PolKitSession *
-polkit_session_new_from_objpath (DBusConnection *con, const char *objpath, uid_t uid, DBusError *error)
-{
- PolKitSeat *seat;
- PolKitSession *session;
- DBusMessage *message;
- DBusMessage *reply;
- char *str;
- dbus_bool_t is_active;
- dbus_bool_t is_local;
- char *remote_host;
- char *seat_path;
-
- kit_return_val_if_fail (con != NULL, NULL);
- kit_return_val_if_fail (objpath != NULL, NULL);
- kit_return_val_if_fail (error != NULL, NULL);
- kit_return_val_if_fail (! dbus_error_is_set (error), NULL);
-
- session = NULL;
- remote_host = NULL;
- seat_path = NULL;
-
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- objpath,
- "org.freedesktop.ConsoleKit.Session",
- "IsActive");
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- kit_warning ("Error doing Session.IsActive on ConsoleKit: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- if (!dbus_message_get_args (reply, NULL,
- DBUS_TYPE_BOOLEAN, &is_active,
- DBUS_TYPE_INVALID)) {
- kit_warning ("Invalid IsActive reply from CK");
- goto out;
- }
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- objpath,
- "org.freedesktop.ConsoleKit.Session",
- "IsLocal");
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- kit_warning ("Error doing Session.IsLocal on ConsoleKit: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- if (!dbus_message_get_args (reply, NULL,
- DBUS_TYPE_BOOLEAN, &is_local,
- DBUS_TYPE_INVALID)) {
- kit_warning ("Invalid IsLocal reply from CK");
- goto out;
- }
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- if (!is_local) {
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- objpath,
- "org.freedesktop.ConsoleKit.Session",
- "GetRemoteHostName");
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- kit_warning ("Error doing Session.GetRemoteHostName on ConsoleKit: %s: %s",
- error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- if (!dbus_message_get_args (reply, NULL,
- DBUS_TYPE_STRING, &str,
- DBUS_TYPE_INVALID)) {
- kit_warning ("Invalid GetRemoteHostName reply from CK");
- goto out;
- }
- remote_host = kit_strdup (str);
- dbus_message_unref (message);
- dbus_message_unref (reply);
- }
-
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- objpath,
- "org.freedesktop.ConsoleKit.Session",
- "GetSeatId");
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- kit_warning ("Error doing Session.GetSeatId on ConsoleKit: %s: %s",
- error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- if (!dbus_message_get_args (reply, NULL,
- DBUS_TYPE_OBJECT_PATH, &str,
- DBUS_TYPE_INVALID)) {
- kit_warning ("Invalid GetSeatId reply from CK");
- goto out;
- }
- seat_path = kit_strdup (str);
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- if ((int) uid == -1) {
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- objpath,
- "org.freedesktop.ConsoleKit.Session",
- "GetUnixUser");
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- kit_warning ("Error doing Session.GetUnixUser on ConsoleKit: %s: %s",error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- if (!dbus_message_get_args (reply, NULL,
- DBUS_TYPE_INT32, &uid,
- DBUS_TYPE_INVALID)) {
- kit_warning ("Invalid GetUnixUser reply from CK");
- goto out;
- }
- dbus_message_unref (message);
- dbus_message_unref (reply);
- }
-
- session = polkit_session_new ();
- if (session == NULL) {
- goto out;
- }
- if (!polkit_session_set_uid (session, uid)) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
- if (!polkit_session_set_ck_objref (session, objpath)) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
- if (!polkit_session_set_ck_is_active (session, is_active)) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
- if (!polkit_session_set_ck_is_local (session, is_local)) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
- if (!is_local) {
- if (!polkit_session_set_ck_remote_host (session, remote_host)) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
-
- }
-
- seat = polkit_seat_new ();
- if (seat == NULL) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
- if (!polkit_seat_set_ck_objref (seat, seat_path)) {
- polkit_seat_unref (seat);
- seat = NULL;
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
- if (!polkit_seat_validate (seat)) {
- polkit_seat_unref (seat);
- seat = NULL;
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
-
- if (!polkit_session_set_seat (session, seat)) {
- polkit_seat_unref (seat);
- seat = NULL;
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
- polkit_seat_unref (seat); /* session object now owns this object */
- seat = NULL;
-
- if (!polkit_session_validate (session)) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
-
-out:
- kit_free (remote_host);
- kit_free (seat_path);
- return session;
-}
-
-/**
- * polkit_session_new_from_cookie:
- * @con: D-Bus system bus connection
- * @cookie: a ConsoleKit XDG_SESSION_COOKIE
- * @error: D-Bus error
- *
- * This function will construct a #PolKitSession object by querying
- * the ConsoleKit daemon for information. Note that this will do a lot
- * of blocking IO so it is best avoided if your process already
- * tracks/caches all the information.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Returns: the new object or #NULL if an error occured (in which case
- * @error will be set)
- **/
-PolKitSession *
-polkit_session_new_from_cookie (DBusConnection *con, const char *cookie, DBusError *error)
-{
- PolKitSession *session;
- DBusMessage *message;
- DBusMessage *reply;
- char *str;
- char *objpath;
-
- kit_return_val_if_fail (con != NULL, NULL);
- kit_return_val_if_fail (cookie != NULL, NULL);
- kit_return_val_if_fail (error != NULL, NULL);
- kit_return_val_if_fail (! dbus_error_is_set (error), NULL);
-
- objpath = NULL;
- session = NULL;
-
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- "/org/freedesktop/ConsoleKit/Manager",
- "org.freedesktop.ConsoleKit.Manager",
- "GetSessionForCookie");
- dbus_message_append_args (message, DBUS_TYPE_STRING, &cookie, DBUS_TYPE_INVALID);
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- //kit_warning ("Error doing Manager.GetSessionForCookie on ConsoleKit: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- if (!dbus_message_get_args (reply, NULL,
- DBUS_TYPE_OBJECT_PATH, &str,
- DBUS_TYPE_INVALID)) {
- kit_warning ("Invalid GetSessionForCookie reply from CK");
- goto out;
- }
- objpath = kit_strdup (str);
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- session = polkit_session_new_from_objpath (con, objpath, -1, error);
-
-out:
- kit_free (objpath);
- return session;
-}
-
-
-/**
- * polkit_caller_new_from_dbus_name:
- * @con: D-Bus system bus connection
- * @dbus_name: unique system bus connection name
- * @error: D-Bus error
- *
- * This function will construct a #PolKitCaller object by querying
- * both the system bus daemon and the ConsoleKit daemon for
- * information. Note that this will do a lot of blocking IO so it is
- * best avoided if your process already tracks/caches all the
- * information. You can use the #PolKitTracker class for this.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Returns: the new object or #NULL if an error occured (in which case
- * @error will be set)
- **/
-PolKitCaller *
-polkit_caller_new_from_dbus_name (DBusConnection *con, const char *dbus_name, DBusError *error)
-{
- PolKitCaller *caller;
- pid_t pid;
- uid_t uid;
- char *selinux_context;
- char *ck_session_objpath;
- PolKitSession *session;
- DBusMessage *message;
- DBusMessage *reply;
- DBusMessageIter iter;
- DBusMessageIter sub_iter;
- char *str;
- int num_elems;
-
- kit_return_val_if_fail (con != NULL, NULL);
- kit_return_val_if_fail (dbus_name != NULL, NULL);
- kit_return_val_if_fail (error != NULL, NULL);
- kit_return_val_if_fail (! dbus_error_is_set (error), NULL);
-
- selinux_context = NULL;
- ck_session_objpath = NULL;
-
- caller = NULL;
- session = NULL;
-
- uid = dbus_bus_get_unix_user (con, dbus_name, error);
- if (dbus_error_is_set (error)) {
- kit_warning ("Could not get uid for connection: %s %s", error->name, error->message);
- goto out;
- }
-
- message = dbus_message_new_method_call ("org.freedesktop.DBus",
- "/org/freedesktop/DBus/Bus",
- "org.freedesktop.DBus",
- "GetConnectionUnixProcessID");
- dbus_message_iter_init_append (message, &iter);
- dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &dbus_name);
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- kit_warning ("Error doing GetConnectionUnixProcessID on Bus: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- dbus_message_iter_init (reply, &iter);
- dbus_message_iter_get_basic (&iter, &pid);
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- message = dbus_message_new_method_call ("org.freedesktop.DBus",
- "/org/freedesktop/DBus/Bus",
- "org.freedesktop.DBus",
- "GetConnectionSELinuxSecurityContext");
- dbus_message_iter_init_append (message, &iter);
- dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &dbus_name);
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- /* SELinux might not be enabled */
- if (dbus_error_is_set (error) &&
- strcmp (error->name, "org.freedesktop.DBus.Error.SELinuxSecurityContextUnknown") == 0) {
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- dbus_error_init (error);
- } else if (reply == NULL || dbus_error_is_set (error)) {
- kit_warning ("Error doing GetConnectionSELinuxSecurityContext on Bus: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- } else {
- /* TODO: verify signature */
- dbus_message_iter_init (reply, &iter);
- dbus_message_iter_recurse (&iter, &sub_iter);
- dbus_message_iter_get_fixed_array (&sub_iter, (void *) &str, &num_elems);
- if (str != NULL && num_elems > 0)
- selinux_context = kit_strndup (str, num_elems);
- dbus_message_unref (message);
- dbus_message_unref (reply);
- }
-
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- "/org/freedesktop/ConsoleKit/Manager",
- "org.freedesktop.ConsoleKit.Manager",
- "GetSessionForUnixProcess");
- dbus_message_iter_init_append (message, &iter);
- dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &pid);
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- //kit_warning ("Error doing GetSessionForUnixProcess on ConsoleKit: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- /* OK, this is not a catastrophe; just means the caller is not a
- * member of any session or that ConsoleKit is not available..
- */
- goto not_in_session;
- }
- dbus_message_iter_init (reply, &iter);
- dbus_message_iter_get_basic (&iter, &str);
- ck_session_objpath = kit_strdup (str);
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- session = polkit_session_new_from_objpath (con, ck_session_objpath, uid, error);
- if (session == NULL) {
- kit_warning ("Got a session objpath but couldn't construct session object!");
- goto out;
- }
- if (!polkit_session_validate (session)) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
-
-not_in_session:
-
- caller = polkit_caller_new ();
- if (caller == NULL) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- goto out;
- }
-
- if (!polkit_caller_set_dbus_name (caller, dbus_name)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- if (!polkit_caller_set_uid (caller, uid)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- if (!polkit_caller_set_pid (caller, pid)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- if (selinux_context != NULL) {
- if (!polkit_caller_set_selinux_context (caller, selinux_context)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- }
- if (session != NULL) {
- if (!polkit_caller_set_ck_session (caller, session)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- polkit_session_unref (session); /* caller object now own this object */
- session = NULL;
- }
-
- if (!polkit_caller_validate (caller)) {
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
-
-out:
- kit_free (selinux_context);
- kit_free (ck_session_objpath);
- return caller;
-}
-
-/**
- * polkit_caller_new_from_pid:
- * @con: D-Bus system bus connection
- * @pid: process id
- * @error: D-Bus error
- *
- * This function will construct a #PolKitCaller object by querying
- * both information in /proc (on Linux) and the ConsoleKit daemon for
- * information about a given process. Note that this will do a lot of
- * blocking IO so it is best avoided if your process already
- * tracks/caches all the information. You can use the #PolKitTracker
- * class for this.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Returns: the new object or #NULL if an error occured (in which case
- * @error will be set)
- **/
-PolKitCaller *
-polkit_caller_new_from_pid (DBusConnection *con, pid_t pid, DBusError *error)
-{
- PolKitCaller *caller;
- uid_t uid;
- char *selinux_context;
- char *ck_session_objpath;
- PolKitSession *session;
- DBusMessage *message;
- DBusMessage *reply;
- DBusMessageIter iter;
- char *str;
- char *proc_path;
- struct stat statbuf;
-#ifdef HAVE_SELINUX
- security_context_t secon;
-#endif
-
-#ifndef POLKIT_BUILD_TESTS
- /* for testing it's fine to pass con==NULL if POLKIT_TEST_PRETEND_TO_BE_CK_SESSION_OBJPATH is set */
- kit_return_val_if_fail (con != NULL, NULL);
-#endif
- kit_return_val_if_fail (error != NULL, NULL);
- kit_return_val_if_fail (! dbus_error_is_set (error), NULL);
-
- selinux_context = NULL;
- ck_session_objpath = NULL;
- uid = (uid_t) -1;
- caller = NULL;
- session = NULL;
- proc_path = NULL;
-
-#ifdef POLKIT_BUILD_TESTS
- char *pretend;
- if ((pretend = getenv ("POLKIT_TEST_PRETEND_TO_BE_UID")) != NULL) {
- uid = atoi (pretend);
- }
- if ((pretend = getenv ("POLKIT_TEST_PRETEND_TO_BE_PID")) != NULL) {
- pid = atoi (pretend);
- }
- if ((pretend = getenv ("POLKIT_TEST_PRETEND_TO_BE_SELINUX_CONTEXT")) != NULL) {
- selinux_context = kit_strdup (pretend);
- }
- if ((pretend = getenv ("POLKIT_TEST_PRETEND_TO_BE_CK_SESSION_OBJPATH")) != NULL) {
- ck_session_objpath = kit_strdup (pretend);
- } else {
- kit_return_val_if_fail (con != NULL, NULL);
- }
-#endif
-
- if (uid == (uid_t) -1) {
- proc_path = kit_strdup_printf ("/proc/%d", pid);
- if (proc_path && stat (proc_path, &statbuf) != 0) {
- kit_warning ("Cannot lookup information for pid %d: %s", pid, strerror (errno));
- goto out;
- }
- uid = statbuf.st_uid;
- }
-
-#ifdef HAVE_SELINUX
- /* only get the context if we are enabled */
- if (selinux_context == NULL) {
- if (is_selinux_enabled () != 0) {
- if (getpidcon (pid, &secon) != 0) {
- kit_warning ("Cannot lookup SELinux context for pid %d: %s", pid, strerror (errno));
- goto out;
- }
- selinux_context = kit_strdup (secon);
- freecon (secon);
- }
- }
-#else
- selinux_context = NULL;
-#endif
-
- if (ck_session_objpath == NULL) {
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- "/org/freedesktop/ConsoleKit/Manager",
- "org.freedesktop.ConsoleKit.Manager",
- "GetSessionForUnixProcess");
- dbus_message_iter_init_append (message, &iter);
- dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &pid);
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- //kit_warning ("Error doing GetSessionForUnixProcess on ConsoleKit: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- /* OK, this is not a catastrophe; just means the caller is not a
- * member of any session or that ConsoleKit is not available..
- */
- goto not_in_session;
- }
- dbus_message_iter_init (reply, &iter);
- dbus_message_iter_get_basic (&iter, &str);
- ck_session_objpath = kit_strdup (str);
- dbus_message_unref (message);
- dbus_message_unref (reply);
- } else {
- if (strlen (ck_session_objpath) == 0)
- goto not_in_session;
- }
-
- session = polkit_session_new_from_objpath (con, ck_session_objpath, uid, error);
- if (session == NULL) {
- kit_warning ("Got a session objpath but couldn't construct session object!");
- goto out;
- }
- if (!polkit_session_validate (session)) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
-
-not_in_session:
-
- caller = polkit_caller_new ();
- if (caller == NULL) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- goto out;
- }
-
- if (!polkit_caller_set_uid (caller, uid)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
-
- if (!polkit_caller_set_pid (caller, pid)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- if (selinux_context != NULL) {
- if (!polkit_caller_set_selinux_context (caller, selinux_context)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- }
- if (session != NULL) {
- if (!polkit_caller_set_ck_session (caller, session)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- polkit_session_unref (session); /* caller object now own this object */
- session = NULL;
- }
-
- if (!polkit_caller_validate (caller)) {
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
-
-out:
- kit_free (selinux_context);
- kit_free (ck_session_objpath);
- kit_free (proc_path);
- return caller;
-}
-
-static kit_bool_t
-_free_elem_in_list (void *data, void *user_data, KitList *list)
-{
- kit_free (data);
- return FALSE;
-}
-
-static KitList *
-_get_list_of_sessions (DBusConnection *con, uid_t uid, DBusError *error)
-{
- KitList *ret;
- DBusMessage *message;
- DBusMessage *reply;
- DBusMessageIter iter;
- DBusMessageIter iter_array;
- const char *value;
-
- ret = NULL;
-
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- "/org/freedesktop/ConsoleKit/Manager",
- "org.freedesktop.ConsoleKit.Manager",
- "GetSessionsForUnixUser");
- dbus_message_append_args (message, DBUS_TYPE_UINT32, &uid, DBUS_TYPE_INVALID);
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- goto out;
- }
-
- dbus_message_iter_init (reply, &iter);
- if (dbus_message_iter_get_arg_type (&iter) != DBUS_TYPE_ARRAY) {
- kit_warning ("Wrong reply from ConsoleKit (not an array)");
- goto out;
- }
-
- dbus_message_iter_recurse (&iter, &iter_array);
- while (dbus_message_iter_get_arg_type (&iter_array) != DBUS_TYPE_INVALID) {
-
- if (dbus_message_iter_get_arg_type (&iter_array) != DBUS_TYPE_OBJECT_PATH) {
- kit_warning ("Wrong reply from ConsoleKit (element is not a string)");
- kit_list_foreach (ret, _free_elem_in_list, NULL);
- kit_list_free (ret);
- goto out;
- }
-
- dbus_message_iter_get_basic (&iter_array, &value);
- ret = kit_list_append (ret, kit_strdup (value));
-
- dbus_message_iter_next (&iter_array);
- }
-
-out:
- if (message != NULL)
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- return ret;
-}
-
-static polkit_bool_t
-_polkit_is_authorization_relevant_internal (DBusConnection *con,
- PolKitAuthorization *auth,
- KitList *sessions,
- DBusError *error)
-{
- pid_t pid;
- polkit_uint64_t pid_start_time;
- polkit_bool_t ret;
- polkit_bool_t del_sessions;
- KitList *i;
- uid_t uid;
-
- kit_return_val_if_fail (con != NULL, FALSE);
- kit_return_val_if_fail (auth != NULL, FALSE);
- kit_return_val_if_fail (error != NULL, FALSE);
- kit_return_val_if_fail (! dbus_error_is_set (error), FALSE);
-
- ret = FALSE;
-
- uid = polkit_authorization_get_uid (auth);
-
- switch (polkit_authorization_get_scope (auth)) {
- case POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT:
- case POLKIT_AUTHORIZATION_SCOPE_PROCESS:
- if (!polkit_authorization_scope_process_get_pid (auth,
- &pid,
- &pid_start_time)) {
- /* this should never fail */
- kit_warning ("Cannot determine (pid,start_time) for authorization");
- goto out;
- }
- if (polkit_sysdeps_get_start_time_for_pid (pid) == pid_start_time) {
- ret = TRUE;
- goto out;
- }
- break;
-
- case POLKIT_AUTHORIZATION_SCOPE_SESSION:
- del_sessions = FALSE;
- if (sessions == NULL) {
- sessions = _get_list_of_sessions (con, uid, error);
- del_sessions = TRUE;
- }
-
- if (sessions != NULL) {
- for (i = sessions; i != NULL; i = i->next) {
- char *session_id = i->data;
- if (strcmp (session_id, polkit_authorization_scope_session_get_ck_objref (auth)) == 0) {
- ret = TRUE;
- break;
- }
- }
-
- if (del_sessions) {
- kit_list_foreach (sessions, _free_elem_in_list, NULL);
- kit_list_free (sessions);
- }
- }
- break;
-
- case POLKIT_AUTHORIZATION_SCOPE_ALWAYS:
- ret = TRUE;
- break;
- }
-
-out:
- return ret;
-}
-
-/**
- * polkit_is_authorization_relevant:
- * @con: D-Bus system bus connection
- * @auth: authorization to check for
- * @error: return location for error
- *
- * As explicit authorizations are scoped (process single shot,
- * process, session or everything), they become irrelevant once the
- * entity (process or session) ceases to exist. This function
- * determines whether the authorization is still relevant; it's useful
- * for reporting and graphical tools displaying authorizations.
- *
- * Note that this may do blocking IO to check for session
- * authorizations so it is best avoided if your process already
- * tracks/caches all the information. You can use the
- * polkit_tracker_is_authorization_relevant() method on the
- * #PolKitTracker class for this.
- *
- * Returns: #TRUE if the authorization still applies, #FALSE if an
- * error occurred (then error will be set) or if the entity the
- * authorization refers to has gone out of scope.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_is_authorization_relevant (DBusConnection *con, PolKitAuthorization *auth, DBusError *error)
-{
- return _polkit_is_authorization_relevant_internal (con, auth, NULL, error);
-}
-
-/**
- * PolKitTracker:
- *
- * Instances of this class are used to cache information about
- * callers; typically this is used in scenarios where the same caller
- * is calling into a mechanism multiple times.
- *
- * Thus, an application can use this class to get the #PolKitCaller
- * object; the class will listen to both NameOwnerChanged and
- * ActivityChanged signals from the message bus and update / retire
- * the #PolKitCaller objects.
- *
- * An example of how to use #PolKitTracker is provided here. First, build the following program
- *
- * <programlisting><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../examples/tracker-example/tracker-example.c" parse="text"><xi:fallback>FIXME: MISSING XINCLUDE CONTENT</xi:fallback></xi:include></programlisting>
- *
- * with
- *
- * <programlisting>gcc -o tracker-example `pkg-config --cflags --libs dbus-glib-1 polkit-dbus` tracker-example.c</programlisting>
- *
- * Then put the following content
- *
- * <programlisting><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../examples/tracker-example/dk.fubar.PolKitTestService.conf" parse="text"><xi:fallback>FIXME: MISSING XINCLUDE CONTENT</xi:fallback></xi:include></programlisting>
- *
- * in the file <literal>/etc/dbus-1/system.d/dk.fubar.PolKitTestService.conf</literal>. Finally,
- * create a small Python client like this
- *
- * <programlisting><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../examples/tracker-example/tracker-example-client.py" parse="text"><xi:fallback>FIXME: MISSING XINCLUDE CONTENT</xi:fallback></xi:include></programlisting>
- *
- * as <literal>tracker-example-client.py</literal>. Now, run <literal>tracker-example</literal>
- * in one window and <literal>tracker-example-client</literal> in another. The output of
- * the former should look like this
- *
- *
- * <programlisting>
- * 18:20:00.414: PolKitCaller: refcount=1 dbus_name=:1.473 uid=500 pid=8636 selinux_context=system_u:system_r:unconfined_t
- * 18:20:00.414: PolKitSession: refcount=1 uid=0 objpath=/org/freedesktop/ConsoleKit/Session1 is_active=1 is_local=1 remote_host=(null)
- * 18:20:00.414: PolKitSeat: refcount=1 objpath=/org/freedesktop/ConsoleKit/Seat1
- *
- * 18:20:01.424: PolKitCaller: refcount=1 dbus_name=:1.473 uid=500 pid=8636 selinux_context=system_u:system_r:unconfined_t
- * 18:20:01.424: PolKitSession: refcount=1 uid=0 objpath=/org/freedesktop/ConsoleKit/Session1 is_active=1 is_local=1 remote_host=(null)
- * 18:20:01.424: PolKitSeat: refcount=1 objpath=/org/freedesktop/ConsoleKit/Seat1
- *
- * 18:20:02.434: PolKitCaller: refcount=1 dbus_name=:1.473 uid=500 pid=8636 selinux_context=system_u:system_r:unconfined_t
- * 18:20:02.434: PolKitSession: refcount=1 uid=0 objpath=/org/freedesktop/ConsoleKit/Session1 is_active=0 is_local=1 remote_host=(null)
- * 18:20:02.434: PolKitSeat: refcount=1 objpath=/org/freedesktop/ConsoleKit/Seat1
- *
- * 18:20:03.445: PolKitCaller: refcount=1 dbus_name=:1.473 uid=500 pid=8636 selinux_context=system_u:system_r:unconfined_t
- * 18:20:03.445: PolKitSession: refcount=1 uid=0 objpath=/org/freedesktop/ConsoleKit/Session1 is_active=1 is_local=1 remote_host=(null)
- * 18:20:03.445: PolKitSeat: refcount=1 objpath=/org/freedesktop/ConsoleKit/Seat1
- * </programlisting>
- *
- * The point of the test program is simply to gather caller
- * information about clients (the small Python program, you may launch
- * multiple instances of it) that repeatedly calls into the D-Bus
- * service; if one runs <literal>strace(1)</literal> in front of the
- * test program one will notice that there is only syscall / IPC
- * overhead (except for printing to stdout) on the first call from the
- * client.
- *
- * The careful reader will notice that, during the testing session, we
- * did a quick VT switch away from the session (and back) which is
- * reflected in the output.
- *
- * These functions are in <literal>libpolkit-dbus</literal>.
- **/
-struct _PolKitTracker {
- int refcount;
- DBusConnection *con;
-
- KitHash *dbus_name_to_caller;
-
- KitHash *pid_start_time_to_caller;
-};
-
-typedef struct {
- pid_t pid;
- polkit_uint64_t start_time;
-} _PidStartTimePair;
-
-static _PidStartTimePair *
-_pid_start_time_new (pid_t pid, polkit_uint64_t start_time)
-{
- _PidStartTimePair *obj;
- obj = kit_new (_PidStartTimePair, 1);
- obj->pid = pid;
- obj->start_time = start_time;
- return obj;
-}
-
-static uint32_t
-_pid_start_time_hash (const void *a)
-{
- uint32_t val;
- _PidStartTimePair *pst = (_PidStartTimePair *) a;
-
- val = pst->pid + ((int) pst->start_time);
-
- return val;
-}
-
-static kit_bool_t
-_pid_start_time_equal (const void *a, const void *b)
-{
- _PidStartTimePair *_a = (_PidStartTimePair *) a;
- _PidStartTimePair *_b = (_PidStartTimePair *) b;
-
- return (_a->pid == _b->pid) && (_a->start_time == _b->start_time);
-}
-
-/**
- * polkit_tracker_new:
- *
- * Creates a new #PolKitTracker object.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Returns: the new object
- *
- * Since: 0.7
- **/
-PolKitTracker *
-polkit_tracker_new (void)
-{
- PolKitTracker *pk_tracker;
- pk_tracker = kit_new0 (PolKitTracker, 1);
- pk_tracker->refcount = 1;
- pk_tracker->dbus_name_to_caller = kit_hash_new (kit_hash_str_hash_func,
- kit_hash_str_equal_func,
- NULL,
- NULL,
- (KitFreeFunc) kit_free,
- (KitFreeFunc) polkit_caller_unref);
- pk_tracker->pid_start_time_to_caller = kit_hash_new (_pid_start_time_hash,
- _pid_start_time_equal,
- NULL,
- NULL,
- (KitFreeFunc) kit_free,
- (KitFreeFunc) polkit_caller_unref);
- return pk_tracker;
-}
-
-/**
- * polkit_tracker_ref:
- * @pk_tracker: the tracker object
- *
- * Increase reference count.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Returns: the object
- *
- * Since: 0.7
- **/
-PolKitTracker *
-polkit_tracker_ref (PolKitTracker *pk_tracker)
-{
- kit_return_val_if_fail (pk_tracker != NULL, pk_tracker);
- pk_tracker->refcount++;
- return pk_tracker;
-}
-
-/**
- * polkit_tracker_unref:
- * @pk_tracker: the tracker object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Since: 0.7
- **/
-void
-polkit_tracker_unref (PolKitTracker *pk_tracker)
-{
- kit_return_if_fail (pk_tracker != NULL);
- pk_tracker->refcount--;
- if (pk_tracker->refcount > 0)
- return;
- kit_hash_unref (pk_tracker->dbus_name_to_caller);
- kit_hash_unref (pk_tracker->pid_start_time_to_caller);
- dbus_connection_unref (pk_tracker->con);
- kit_free (pk_tracker);
-}
-
-/**
- * polkit_tracker_set_system_bus_connection:
- * @pk_tracker: the tracker object
- * @con: the connection to the system message bus
- *
- * Tell the #PolKitTracker object to use the given D-Bus connection
- * when it needs to fetch information from the system message bus and
- * ConsoleKit services. This is used for priming the cache.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Since: 0.7
- */
-void
-polkit_tracker_set_system_bus_connection (PolKitTracker *pk_tracker, DBusConnection *con)
-{
- kit_return_if_fail (pk_tracker != NULL);
- pk_tracker->con = dbus_connection_ref (con);
-}
-
-/**
- * polkit_tracker_init:
- * @pk_tracker: the tracker object
- *
- * Initialize the tracker.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Since: 0.7
- */
-void
-polkit_tracker_init (PolKitTracker *pk_tracker)
-{
- kit_return_if_fail (pk_tracker != NULL);
- /* This is currently a no-op */
-}
-
-/*--------------------------------------------------------------------------------------------------------------*/
-
-static void
-_set_session_inactive_iter (void *key, PolKitCaller *caller, const char *session_objpath, KitHash *hash)
-{
- char *objpath;
- PolKitSession *session;
- if (!polkit_caller_get_ck_session (caller, &session))
- return;
- if (!polkit_session_get_ck_objref (session, &objpath))
- return;
- if (strcmp (objpath, session_objpath) != 0)
- return;
- polkit_session_set_ck_is_active (session, FALSE);
-}
-
-static void
-_set_session_active_iter (void *key, PolKitCaller *caller, const char *session_objpath, KitHash *hash)
-{
- char *objpath;
- PolKitSession *session;
- if (!polkit_caller_get_ck_session (caller, &session))
- return;
- if (!polkit_session_get_ck_objref (session, &objpath))
- return;
- if (strcmp (objpath, session_objpath) != 0)
- return;
- polkit_session_set_ck_is_active (session, TRUE);
-}
-
-static void
-_update_session_is_active (PolKitTracker *pk_tracker, const char *session_objpath, kit_bool_t is_active)
-{
- kit_hash_foreach (pk_tracker->dbus_name_to_caller,
- (KitHashForeachFunc) (is_active ? _set_session_active_iter : _set_session_inactive_iter),
- (void *) session_objpath);
-}
-
-/*--------------------------------------------------------------------------------------------------------------*/
-
-static kit_bool_t
-_remove_caller_by_session_iter (void *key, PolKitCaller *caller, const char *session_objpath, KitHash *hash)
-{
- char *objpath;
- PolKitSession *session;
- if (!polkit_caller_get_ck_session (caller, &session))
- return FALSE;
- if (!polkit_session_get_ck_objref (session, &objpath))
- return FALSE;
- if (strcmp (objpath, session_objpath) != 0)
- return FALSE;
- return TRUE;
-}
-
-static void
-_remove_caller_by_session (PolKitTracker *pk_tracker, const char *session_objpath)
-{
- kit_hash_foreach_remove (pk_tracker->dbus_name_to_caller,
- (KitHashForeachFunc) _remove_caller_by_session_iter,
- (void *) session_objpath);
-}
-
-/*--------------------------------------------------------------------------------------------------------------*/
-
-static kit_bool_t
-_remove_caller_by_dbus_name_iter (void *key, PolKitCaller *caller, const char *dbus_name, KitHash *hash)
-{
- char *name;
- if (!polkit_caller_get_dbus_name (caller, &name))
- return FALSE;
- if (strcmp (name, dbus_name) != 0)
- return FALSE;
- return TRUE;
-}
-
-static void
-_remove_caller_by_dbus_name (PolKitTracker *pk_tracker, const char *dbus_name)
-{
- kit_hash_foreach_remove (pk_tracker->dbus_name_to_caller,
- (KitHashForeachFunc) _remove_caller_by_dbus_name_iter,
- (void *) dbus_name);
-}
-
-/*--------------------------------------------------------------------------------------------------------------*/
-
-/**
- * polkit_tracker_dbus_func:
- * @pk_tracker: the tracker object
- * @message: message to pass
- *
- * The owner of the #PolKitTracker object must pass signals from the
- * system message bus (just NameOwnerChanged will do) and all signals
- * from the ConsoleKit service into this function.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Returns: #TRUE only if there was a change in the ConsoleKit database.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_tracker_dbus_func (PolKitTracker *pk_tracker, DBusMessage *message)
-{
- kit_bool_t ret;
-
- ret = FALSE;
-
- if (dbus_message_is_signal (message, DBUS_INTERFACE_DBUS, "NameOwnerChanged")) {
- char *name;
- char *new_service_name;
- char *old_service_name;
-
- if (!dbus_message_get_args (message, NULL,
- DBUS_TYPE_STRING, &name,
- DBUS_TYPE_STRING, &old_service_name,
- DBUS_TYPE_STRING, &new_service_name,
- DBUS_TYPE_INVALID)) {
-
- /* TODO: should be _pk_critical */
- polkit_debug ("The NameOwnerChanged signal on the " DBUS_INTERFACE_DBUS " "
- "interface has the wrong signature! Your system is misconfigured.");
- goto out;
- }
-
- if (strlen (new_service_name) == 0) {
- _remove_caller_by_dbus_name (pk_tracker, name);
- }
-
- } else if (dbus_message_is_signal (message, "org.freedesktop.ConsoleKit.Session", "ActiveChanged")) {
- dbus_bool_t is_active;
- DBusError error;
- const char *session_objpath;
-
- ret = TRUE;
-
- dbus_error_init (&error);
- session_objpath = dbus_message_get_path (message);
- if (!dbus_message_get_args (message, &error,
- DBUS_TYPE_BOOLEAN, &is_active,
- DBUS_TYPE_INVALID)) {
-
- /* TODO: should be _pk_critical */
- kit_warning ("The ActiveChanged signal on the org.freedesktop.ConsoleKit.Session "
- "interface for object %s has the wrong signature! "
- "Your system is misconfigured.", session_objpath);
-
- /* as a security measure, remove all sessions with this path from the cache;
- * cuz then the user of PolKitTracker probably gets to deal with a DBusError
- * the next time he tries something...
- */
- _remove_caller_by_session (pk_tracker, session_objpath);
- goto out;
- }
-
- /* now go through all Caller objects and update the is_active field as appropriate */
- _update_session_is_active (pk_tracker, session_objpath, is_active);
-
- } else if (dbus_message_is_signal (message, "org.freedesktop.ConsoleKit.Seat", "SessionAdded")) {
- DBusError error;
- const char *seat_objpath;
- const char *session_objpath;
-
- /* If a session is added, update our list of sessions.. also notify the user.. */
-
- ret = TRUE;
-
- dbus_error_init (&error);
- seat_objpath = dbus_message_get_path (message);
- if (!dbus_message_get_args (message, &error,
- DBUS_TYPE_STRING, &session_objpath,
- DBUS_TYPE_INVALID)) {
-
- /* TODO: should be _pk_critical */
- kit_warning ("The SessionAdded signal on the org.freedesktop.ConsoleKit.Seat "
- "interface for object %s has the wrong signature! "
- "Your system is misconfigured.", seat_objpath);
-
- goto out;
- }
-
- /* TODO: add to sessions - see polkit_tracker_is_authorization_relevant() */
-
- } else if (dbus_message_is_signal (message, "org.freedesktop.ConsoleKit.Seat", "SessionRemoved")) {
- DBusError error;
- const char *seat_objpath;
- const char *session_objpath;
-
- /* If a session is removed, authorizations scoped for that session
- * may become inactive.. so do notify the user about it..
- */
-
- ret = TRUE;
-
- dbus_error_init (&error);
- seat_objpath = dbus_message_get_path (message);
- if (!dbus_message_get_args (message, &error,
- DBUS_TYPE_STRING, &session_objpath,
- DBUS_TYPE_INVALID)) {
-
- /* TODO: should be _pk_critical */
- kit_warning ("The SessionRemoved signal on the org.freedesktop.ConsoleKit.Seat "
- "interface for object %s has the wrong signature! "
- "Your system is misconfigured.", seat_objpath);
-
- goto out;
- }
-
- _remove_caller_by_session (pk_tracker, session_objpath);
-
- /* TODO: remove from sessions - see polkit_tracker_is_authorization_relevant() */
- }
-
- /* TODO: when ConsoleKit gains the ability to attach/detach a session to a seat (think
- * hot-desking), we want to update our local caches too
- */
-
-out:
- return ret;
-}
-
-/**
- * polkit_tracker_get_caller_from_dbus_name:
- * @pk_tracker: the tracker object
- * @dbus_name: unique name on the system message bus
- * @error: D-Bus error
- *
- * This function is similar to polkit_caller_new_from_dbus_name()
- * except that it uses the cache in #PolKitTracker. So on the second
- * and subsequent calls, for the same D-Bus name, there will be no
- * syscall or IPC overhead in calling this function.
- *
- * Returns: A #PolKitCaller object; the caller must use
- * polkit_caller_unref() on the object when done with it. Returns
- * #NULL if an error occured (in which case error will be set).
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Since: 0.7
- */
-PolKitCaller *
-polkit_tracker_get_caller_from_dbus_name (PolKitTracker *pk_tracker, const char *dbus_name, DBusError *error)
-{
- PolKitCaller *caller;
-
- kit_return_val_if_fail (pk_tracker != NULL, NULL);
- kit_return_val_if_fail (pk_tracker->con != NULL, NULL);
- kit_return_val_if_fail (! dbus_error_is_set (error), NULL);
-
- /* kit_debug ("Looking up cache for PolKitCaller for dbus_name %s...", dbus_name); */
-
- caller = kit_hash_lookup (pk_tracker->dbus_name_to_caller, (void *) dbus_name, NULL);
- if (caller != NULL)
- return polkit_caller_ref (caller);
-
- /* kit_debug ("Have to compute PolKitCaller for dbus_name %s...", dbus_name); */
-
- caller = polkit_caller_new_from_dbus_name (pk_tracker->con, dbus_name, error);
- if (caller == NULL)
- return NULL;
-
- kit_hash_insert (pk_tracker->dbus_name_to_caller, kit_strdup (dbus_name), caller);
- return polkit_caller_ref (caller);
-}
-
-
-/**
- * polkit_tracker_get_caller_from_pid:
- * @pk_tracker: the tracker object
- * @pid: UNIX process id to look at
- * @error: D-Bus error
- *
- * This function is similar to polkit_caller_new_from_pid()
- * except that it uses the cache in #PolKitTracker. So on the second
- * and subsequent calls, for the same D-Bus name, there will be no
- * IPC overhead in calling this function.
- *
- * There will be some syscall overhead to lookup the time when the
- * given process is started (on Linux, looking up /proc/$pid/stat);
- * this is needed because pid's can be recycled and the cache thus
- * needs to record this in addition to the pid.
- *
- * Returns: A #PolKitCaller object; the caller must use
- * polkit_caller_unref() on the object when done with it. Returns
- * #NULL if an error occured (in which case error will be set).
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Since: 0.7
- */
-PolKitCaller *
-polkit_tracker_get_caller_from_pid (PolKitTracker *pk_tracker, pid_t pid, DBusError *error)
-{
- PolKitCaller *caller;
- polkit_uint64_t start_time;
- _PidStartTimePair *pst;
-
- kit_return_val_if_fail (pk_tracker != NULL, NULL);
- kit_return_val_if_fail (pk_tracker->con != NULL, NULL);
- kit_return_val_if_fail (! dbus_error_is_set (error), NULL);
-
- start_time = polkit_sysdeps_get_start_time_for_pid (pid);
- if (start_time == 0) {
- if (error != NULL) {
- dbus_set_error (error,
- "org.freedesktop.PolicyKit",
- "Cannot look up start time for pid %d", pid);
- }
- return NULL;
- }
-
- pst = _pid_start_time_new (pid, start_time);
-
- /* kit_debug ("Looking up cache for pid %d (start_time %lld)...", pid, start_time); */
-
- caller = kit_hash_lookup (pk_tracker->pid_start_time_to_caller, (void *) pst, NULL);
- if (caller != NULL) {
- kit_free (pst);
- return polkit_caller_ref (caller);
- }
-
- /* kit_debug ("Have to compute PolKitCaller from pid %d (start_time %lld)...", pid, start_time); */
-
- caller = polkit_caller_new_from_pid (pk_tracker->con, pid, error);
- if (caller == NULL) {
- kit_free (pst);
- return NULL;
- }
-
- /* TODO: we need to evict old entries..
- *
- * Say, timestamp the entries in _PidStartTimePair and do
- * garbage collection every hour or so (e.g. record when we
- * last did garbage collection and check this time on the next
- * call into this function).
- */
-
- kit_hash_insert (pk_tracker->pid_start_time_to_caller, pst, caller);
- return polkit_caller_ref (caller);
-}
-
-
-/**
- * polkit_tracker_is_authorization_relevant:
- * @pk_tracker: the tracker
- * @auth: authorization to check for
- * @error: return location for error
- *
- * As explicit authorizations are scoped (process single shot,
- * process, session or everything), they become irrelevant once the
- * entity (process or session) ceases to exist. This function
- * determines whether the authorization is still relevant; it's useful
- * for reporting and graphical tools displaying authorizations.
- *
- * This function is similar to polkit_is_authorization_relevant() only
- * that it avoids IPC overhead on the 2nd and subsequent calls when
- * checking authorizations scoped for a session.
- *
- * Returns: #TRUE if the authorization still applies, #FALSE if an
- * error occurred (then error will be set) or if the entity the
- * authorization refers to has gone out of scope.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_tracker_is_authorization_relevant (PolKitTracker *pk_tracker, PolKitAuthorization *auth, DBusError *error)
-{
-
- kit_return_val_if_fail (pk_tracker != NULL, FALSE);
- kit_return_val_if_fail (pk_tracker->con != NULL, FALSE);
- kit_return_val_if_fail (! dbus_error_is_set (error), FALSE);
-
- /* TODO: optimize... in order to do this sanely we need CK's Manager object to export
- * a method GetAllSessions() - otherwise we'd need to key off every uid.
- *
- * It's no biggie we don't have this optimization yet.. it's only used by polkit-auth(1)
- * and the GNOME utility for managing authorizations.
- */
- return _polkit_is_authorization_relevant_internal (pk_tracker->con, auth, NULL, error);
-}
-
-#ifdef POLKIT_BUILD_TESTS
-
-static polkit_bool_t
-_run_test (void)
-{
- return TRUE;
-}
-
-KitTest _test_polkit_dbus = {
- "polkit_dbus",
- NULL,
- NULL,
- _run_test
-};
-
-#endif /* POLKIT_BUILD_TESTS */
diff --git a/src/polkit-dbus/polkit-dbus.h b/src/polkit-dbus/polkit-dbus.h
deleted file mode 100644
index 75879fa..0000000
--- a/src/polkit-dbus/polkit-dbus.h
+++ /dev/null
@@ -1,72 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-dbus.h : helper library for obtaining seat, session and
- * caller information via D-Bus and ConsoleKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use, copy,
- * modify, merge, publish, distribute, sublicense, and/or sell copies
- * of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- *
- **************************************************************************/
-
-#ifndef POLKIT_DBUS_H
-#define POLKIT_DBUS_H
-
-#include <polkit/polkit.h>
-#include <dbus/dbus.h>
-
-#define _POLKIT_INSIDE_POLKIT_DBUS_H 1
-#include <polkit-dbus/polkit-simple.h>
-#undef _POLKIT_INSIDE_POLKIT_DBUS_H
-
-POLKIT_BEGIN_DECLS
-
-PolKitSession *polkit_session_new_from_objpath (DBusConnection *con, const char *objpath, uid_t uid, DBusError *error);
-PolKitSession *polkit_session_new_from_cookie (DBusConnection *con, const char *cookie, DBusError *error);
-
-PolKitCaller *polkit_caller_new_from_dbus_name (DBusConnection *con, const char *dbus_name, DBusError *error);
-
-PolKitCaller *polkit_caller_new_from_pid (DBusConnection *con, pid_t pid, DBusError *error);
-
-polkit_bool_t polkit_is_authorization_relevant (DBusConnection *con, PolKitAuthorization *auth, DBusError *error);
-
-
-struct _PolKitTracker;
-typedef struct _PolKitTracker PolKitTracker;
-
-PolKitTracker *polkit_tracker_new (void);
-PolKitTracker *polkit_tracker_ref (PolKitTracker *pk_tracker);
-void polkit_tracker_unref (PolKitTracker *pk_tracker);
-void polkit_tracker_set_system_bus_connection (PolKitTracker *pk_tracker, DBusConnection *con);
-void polkit_tracker_init (PolKitTracker *pk_tracker);
-
-polkit_bool_t polkit_tracker_dbus_func (PolKitTracker *pk_tracker, DBusMessage *message);
-
-PolKitCaller *polkit_tracker_get_caller_from_dbus_name (PolKitTracker *pk_tracker, const char *dbus_name, DBusError *error);
-
-PolKitCaller *polkit_tracker_get_caller_from_pid (PolKitTracker *pk_tracker, pid_t pid, DBusError *error);
-
-polkit_bool_t polkit_tracker_is_authorization_relevant (PolKitTracker *pk_tracker, PolKitAuthorization *auth, DBusError *error);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_DBUS_H */
diff --git a/src/polkit-dbus/polkit-read-auth-helper.c b/src/polkit-dbus/polkit-read-auth-helper.c
deleted file mode 100644
index cdcc7f3..0000000
--- a/src/polkit-dbus/polkit-read-auth-helper.c
+++ /dev/null
@@ -1,421 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-read-auth-helper.c : setgid polkituser helper for PolicyKit
- * to read authorizations
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use, copy,
- * modify, merge, publish, distribute, sublicense, and/or sell copies
- * of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- *
- **************************************************************************/
-
-#define _GNU_SOURCE
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/stat.h>
-#include <grp.h>
-#include <pwd.h>
-#include <syslog.h>
-#include <errno.h>
-#include <string.h>
-#include <utime.h>
-#include <fcntl.h>
-#include <dirent.h>
-#ifdef HAVE_SOLARIS
-#include <limits.h>
-#define LOG_AUTHPRIV (10<<3)
-#endif
-
-#include <polkit-dbus/polkit-dbus.h>
-#include <polkit/polkit-private.h>
-
-static polkit_bool_t
-dump_auths_from_file (const char *path, uid_t uid)
-{
- int ret;
- int fd;
- char buf[256];
- struct stat statbuf;
- ssize_t num_bytes_read;
- ssize_t num_bytes_to_read;
- ssize_t num_bytes_remaining_to_read;
- ssize_t num_bytes_to_write;
- ssize_t num_bytes_written;
- ssize_t num_bytes_remaining_to_write;
- polkit_bool_t have_written_uid;
-
- ret = FALSE;
-
- if (stat (path, &statbuf) != 0) {
- /* this is fine; the file does not have to exist.. */
- if (errno == ENOENT) {
- ret = TRUE;
- goto out;
- }
- fprintf (stderr, "polkit-read-auth-helper: cannot stat %s: %m\n", path);
- goto out;
- }
-
- fd = open (path, O_RDONLY);
- if (fd < 0) {
- fprintf (stderr, "polkit-read-auth-helper: cannot open %s: %m\n", path);
- goto out;
- }
-
- num_bytes_remaining_to_read = statbuf.st_size;
-
- have_written_uid = FALSE;
- while (num_bytes_remaining_to_read > 0) {
-
- /* start with writing the uid - this is necessary when dumping all authorizations via uid=1 */
- if (!have_written_uid) {
- have_written_uid = TRUE;
- snprintf (buf, sizeof (buf), "#uid=%d\n", uid);
- num_bytes_read = strlen (buf);
- } else {
-
- if (num_bytes_remaining_to_read > (ssize_t) sizeof (buf))
- num_bytes_to_read = (ssize_t) sizeof (buf);
- else
- num_bytes_to_read = num_bytes_remaining_to_read;
-
- again:
- num_bytes_read = read (fd, buf, num_bytes_to_read);
- if (num_bytes_read == -1) {
- if (errno == EAGAIN || errno == EINTR) {
- goto again;
- } else {
- fprintf (stderr, "polkit-read-auth-helper: error reading file %s: %m\n", path);
- close (fd);
- goto out;
- }
- }
-
- num_bytes_remaining_to_read -= num_bytes_read;
- }
-
- /* write to stdout */
- num_bytes_to_write = num_bytes_read;
- num_bytes_remaining_to_write = num_bytes_read;
-
- while (num_bytes_remaining_to_write > 0) {
- again_write:
- num_bytes_written = write (STDOUT_FILENO,
- buf + (num_bytes_to_write - num_bytes_remaining_to_write),
- num_bytes_remaining_to_write);
- if (num_bytes_written == -1) {
- if (errno == EAGAIN || errno == EINTR) {
- goto again_write;
- } else {
- fprintf (stderr, "polkit-read-auth-helper: error writing to stdout: %m\n");
- close (fd);
- goto out;
- }
- }
-
- num_bytes_remaining_to_write -= num_bytes_written;
- }
-
- }
-
-
- close (fd);
-
- ret = TRUE;
-
-out:
- return ret;
-}
-
-static polkit_bool_t
-dump_auths_all (const char *root)
-{
- DIR *dir;
- int dfd;
-#ifdef HAVE_READDIR64
- struct dirent64 *d;
-#else
- struct dirent *d;
-#endif
- polkit_bool_t ret;
-
- ret = FALSE;
-
- dir = opendir (root);
- if (dir == NULL) {
- fprintf (stderr, "polkit-read-auth-helper: error calling opendir on %s: %m\n", root);
- goto out;
- }
-
- dfd = dirfd (dir);
- if (dfd == -1) {
- fprintf (stderr, "polkit-read-auth-helper: error calling dirfd(): %m\n");
- goto out;
- }
-
-#ifdef HAVE_READDIR64
- while ((d = readdir64(dir)) != NULL) {
-#else
- while ((d = readdir(dir)) != NULL) {
-#endif
- unsigned int n, m;
- uid_t uid;
- size_t name_len;
- char *filename;
- char username[PATH_MAX];
- char path[PATH_MAX];
- static const char suffix[] = ".auths";
- struct passwd *pw;
- struct stat statbuf;
-
- if (d->d_name == NULL)
- continue;
-
- if (snprintf (path, sizeof (path), "%s/%s", root, d->d_name) >= (int) sizeof (path)) {
- fprintf (stderr, "polkit-read-auth-helper: string was truncated (1)\n");
- goto out;
- }
-
- if (stat (path, &statbuf) != 0) {
- fprintf (stderr, "polkit-read-auth-helper: cannot stat %s: %m\n", path);
- goto out;
- }
-
- if (!S_ISREG(statbuf.st_mode))
- continue;
-
- filename = d->d_name;
- name_len = strlen (filename);
- if (name_len < sizeof (suffix))
- continue;
-
- if (strcmp ((filename + name_len - sizeof (suffix) + 1), suffix) != 0)
- continue;
-
- /* find the user name.. */
- for (n = 0; n < name_len; n++) {
- if (filename[n] == '-')
- break;
- }
- if (filename[n] == '\0') {
- fprintf (stderr, "polkit-read-auth-helper: file name '%s' is malformed (1)\n", filename);
- continue;
- }
- n++;
- m = n;
- for ( ; n < name_len; n++) {
- if (filename[n] == '.')
- break;
- }
-
- if (filename[n] == '\0') {
- fprintf (stderr, "polkit-read-auth-helper: file name '%s' is malformed (2)\n", filename);
- continue;
- }
- if (n - m > sizeof (username) - 1) {
- fprintf (stderr, "polkit-read-auth-helper: file name '%s' is malformed (3)\n", filename);
- continue;
- }
- strncpy (username, filename + m, n - m);
- username[n - m] = '\0';
-
- pw = kit_getpwnam (username);
- if (pw == NULL) {
- fprintf (stderr, "polkit-read-auth-helper: cannot look up uid for username %s\n", username);
- continue;
- }
- uid = pw->pw_uid;
-
- if (!dump_auths_from_file (path, uid))
- goto out;
- }
-
- ret = TRUE;
-
-out:
- if (dir != NULL)
- closedir (dir);
- return ret;
-}
-
-static polkit_bool_t
-dump_auths_for_uid (const char *root, uid_t uid)
-{
- char path[256];
- struct passwd *pw;
-
- pw = kit_getpwuid (uid);
- if (pw == NULL) {
- fprintf (stderr, "polkit-read-auth-helper: cannot lookup user name for uid %d\n", uid);
- return FALSE;
- }
-
- if (snprintf (path, sizeof (path), "%s/user-%s.auths", root, pw->pw_name) >= (int) sizeof (path)) {
- fprintf (stderr, "polkit-read-auth-helper: string was truncated (1)\n");
- return FALSE;
- }
-
- return dump_auths_from_file (path, uid);
-}
-
-
-int
-main (int argc, char *argv[])
-{
- int ret;
- uid_t caller_uid;
- uid_t requesting_info_for_uid;
- char *endp;
- uid_t uid_for_polkit_user;
-
- ret = 1;
-
-#ifndef POLKIT_BUILD_TESTS
- /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
- if (kit_clearenv () != 0)
- goto out;
- /* set a minimal environment */
- setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
-#endif
-
- openlog ("polkit-read-auth-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
-
- /* check for correct invocation */
- if (argc != 2) {
- syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
- fprintf (stderr, "polkit-read-auth-helper: wrong number of arguments. This incident has been logged.\n");
- goto out;
- }
-
- caller_uid = getuid ();
-
- /* check we're running with a non-tty stdin */
- if (isatty (STDIN_FILENO) != 0) {
- syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
- fprintf (stderr, "polkit-read-auth-helper: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
- goto out;
- }
-
-#ifdef POLKIT_BUILD_TESTS
- char *pretend;
- if ((pretend = getenv ("POLKIT_TEST_PRETEND_TO_BE_UID")) != NULL) {
- caller_uid = atoi (pretend);
- goto skip_check;
- }
-#endif
- gid_t egid;
- struct group *group;
- struct passwd *pw;
-
- /* check that we are setgid polkituser */
- egid = getegid ();
- group = getgrgid (egid);
- if (group == NULL) {
- fprintf (stderr, "polkit-read-auth-helper: cannot lookup group info for gid %d\n", egid);
- goto out;
- }
- if (strcmp (group->gr_name, POLKIT_GROUP) != 0) {
- fprintf (stderr, "polkit-read-auth-helper: needs to be setgid " POLKIT_GROUP "\n");
- goto out;
- }
-
-#ifdef POLKIT_BUILD_TESTS
-skip_check:
-#endif
-
- pw = kit_getpwnam (POLKIT_USER);
- if (pw == NULL) {
- fprintf (stderr, "polkit-read-auth-helper: cannot lookup uid for " POLKIT_USER "\n");
- goto out;
- }
- uid_for_polkit_user = pw->pw_uid;
-
- /*----------------------------------------------------------------------------------------------------*/
-
- requesting_info_for_uid = strtoul (argv[1], &endp, 10);
- if (strlen (argv[1]) == 0 || *endp != '\0') {
- fprintf (stderr, "polkit-read-auth-helper: requesting_info_for_uid malformed (3)\n");
- goto out;
- }
-
- /* uid 0 and user polkituser is allowed to read anything */
- if (caller_uid != 0 && caller_uid != uid_for_polkit_user) {
- if (caller_uid != requesting_info_for_uid) {
- pid_t ppid;
-
- ppid = getppid ();
- if (ppid == 1)
- goto out;
-
- if (polkit_check_auth (ppid,
- "org.freedesktop.policykit.read",
- "org.freedesktop.policykit.grant", NULL) == 0) {
- goto out;
- }
- }
- }
-
-#ifdef POLKIT_BUILD_TESTS
- char *test_dir;
- char dir_run[256];
- char dir_lib[256];
-
- if ((test_dir = getenv ("POLKIT_TEST_LOCALSTATE_DIR")) == NULL) {
- test_dir = PACKAGE_LOCALSTATE_DIR;
- }
- kit_assert ((size_t) snprintf (dir_run, sizeof (dir_run), "%s/run/PolicyKit", test_dir) < sizeof (dir_run));
- kit_assert ((size_t) snprintf (dir_lib, sizeof (dir_lib), "%s/lib/PolicyKit", test_dir) < sizeof (dir_lib));
-
-#else
- char *dir_run = PACKAGE_LOCALSTATE_DIR "/run/PolicyKit";
- char *dir_lib = PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit";
-#endif
-
- if (requesting_info_for_uid == (uid_t) -1) {
- if (!dump_auths_all (dir_run))
- goto out;
-
- if (!dump_auths_all (dir_lib))
- goto out;
- } else {
- if (!dump_auths_for_uid (dir_run, requesting_info_for_uid))
- goto out;
-
- if (!dump_auths_for_uid (dir_lib, requesting_info_for_uid))
- goto out;
- }
-
- ret = 0;
-
-out:
- return ret;
-}
-
diff --git a/src/polkit-dbus/polkit-resolve-exe-helper.c b/src/polkit-dbus/polkit-resolve-exe-helper.c
deleted file mode 100644
index c56b2f5..0000000
--- a/src/polkit-dbus/polkit-resolve-exe-helper.c
+++ /dev/null
@@ -1,168 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-resolve-exe-helper.c : setuid root helper for PolicyKit to
- * resolve /proc/$pid/exe symlinks
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use, copy,
- * modify, merge, publish, distribute, sublicense, and/or sell copies
- * of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- *
- **************************************************************************/
-
-#define _GNU_SOURCE
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#ifdef HAVE_FREEBSD
-#include <sys/param.h>
-#endif
-#include <security/pam_appl.h>
-#include <grp.h>
-#include <pwd.h>
-#include <syslog.h>
-#include <errno.h>
-#include <string.h>
-#include <utime.h>
-#include <fcntl.h>
-#include <dirent.h>
-
-#include <polkit-dbus/polkit-dbus.h>
-#include <polkit/polkit-private.h>
-
-#ifdef HAVE_SOLARIS
-#define LOG_AUTHPRIV (10<<3)
-#define PATH_MAX 1024
-#endif
-
-int
-main (int argc, char *argv[])
-{
- int ret;
- uid_t caller_uid;
- pid_t requesting_info_for_pid;
- char *endp;
- uid_t uid_for_polkit_user;
- struct passwd *pw;
- gid_t egid;
- struct group *group;
- int n;
- char buf[PATH_MAX];
- polkit_bool_t is_setgid_polkit;
-
- ret = 1;
-
- /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
- if (kit_clearenv () != 0)
- goto out;
- /* set a minimal environment */
- setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
-
- openlog ("polkit-resolve-exe-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
-
- /* check for correct invocation */
- if (argc != 2) {
- syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
- fprintf (stderr, "polkit-resolve-exe-helper: wrong number of arguments. This incident has been logged.\n");
- goto out;
- }
-
- caller_uid = getuid ();
-
- /* check we're running with a non-tty stdin */
- if (isatty (STDIN_FILENO) != 0) {
- syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
- fprintf (stderr, "polkit-resolve-exe-helper: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
- goto out;
- }
-
- pw = getpwnam (POLKIT_USER);
- if (pw == NULL) {
- fprintf (stderr, "polkit-resolve-exe-helper: cannot lookup uid for " POLKIT_USER "\n");
- goto out;
- }
- uid_for_polkit_user = pw->pw_uid;
-
- /* check if we are setgid polkituser */
- egid = getegid ();
- group = getgrgid (egid);
- if (group == NULL) {
- fprintf (stderr, "polkit-resolve-exe-helper: cannot lookup group info for gid %d\n", egid);
- goto out;
- }
- if (strcmp (group->gr_name, POLKIT_GROUP) == 0) {
- is_setgid_polkit = TRUE;
- } else {
- is_setgid_polkit = FALSE;
- }
-
- /*----------------------------------------------------------------------------------------------------*/
-
- requesting_info_for_pid = strtoul (argv[1], &endp, 10);
- if (strlen (argv[1]) == 0 || *endp != '\0') {
- fprintf (stderr, "polkit-resolve-exe-helper: requesting_info_for_pid malformed\n");
- goto out;
- }
-
- /* user polkituser is allowed to resolve anything. So is any program that is setgid polkituser. */
- if (caller_uid != uid_for_polkit_user && !is_setgid_polkit) {
- pid_t ppid;
-
- ppid = getppid ();
- if (ppid == 1)
- goto out;
-
- /* need to set the real uid of the process to root ... otherwise D-Bus won't work */
- if (setuid (0) != 0) {
- fprintf (stderr, "polkit-resolve-exe-helper: cannot do setuid(0): %m\n");
- goto out;
- }
-
- if (polkit_check_auth (ppid,
- "org.freedesktop.policykit.read", NULL) == 0) {
- fprintf (stderr, "polkit-resolve-exe-helper: not authorized for org.freedesktop.policykit.read\n");
- goto out;
- }
- }
-
- n = polkit_sysdeps_get_exe_for_pid (requesting_info_for_pid, buf, sizeof (buf));
- if (n == -1 || n >= (int) sizeof (buf)) {
- fprintf (stderr, "polkit-resolve-exe-helper: Cannot resolve link for pid %d\n",
- requesting_info_for_pid);
- goto out;
- }
-
- printf ("%s", buf);
-
- ret = 0;
-
-out:
- return ret;
-}
-
diff --git a/src/polkit-dbus/polkit-set-default-helper.c b/src/polkit-dbus/polkit-set-default-helper.c
deleted file mode 100644
index c903dbd..0000000
--- a/src/polkit-dbus/polkit-set-default-helper.c
+++ /dev/null
@@ -1,227 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-set-default-helper.c : setgid polkituser helper for PolicyKit
- * to set defaults
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use, copy,
- * modify, merge, publish, distribute, sublicense, and/or sell copies
- * of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- *
- **************************************************************************/
-
-#define _GNU_SOURCE
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <grp.h>
-#include <pwd.h>
-#include <syslog.h>
-#include <errno.h>
-#include <string.h>
-#include <utime.h>
-#include <fcntl.h>
-#include <dirent.h>
-#include <utime.h>
-
-#include <polkit/polkit-private.h>
-#include <polkit-dbus/polkit-dbus.h>
-
-#ifdef HAVE_SOLARIS
-#define LOG_AUTHPRIV (10<<3)
-#endif
-
-static polkit_bool_t
-set_default (const char *action_id, const char *any, const char *inactive, const char *active)
-{
- char *path;
- char *contents;
- polkit_bool_t ret;
-
- path = NULL;
- contents = NULL;
- ret = FALSE;
-
- path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit-public/%s.defaults-override", action_id);
- if (path == NULL)
- goto out;
-
- contents = kit_strdup_printf ("%s:%s:%s",
- any, inactive, active);
- if (contents == NULL)
- goto out;
-
- if (!kit_file_set_contents (path, 0644, contents, strlen (contents))) {
- kit_warning ("Error writing override file '%s': %m\n", path);
- goto out;
- }
-
- ret = TRUE;
-
-out:
- if (path == NULL)
- kit_free (path);
- if (contents == NULL)
- kit_free (contents);
- return ret;
-}
-
-static polkit_bool_t
-clear_default (const char *action_id)
-{
- char *path;
- polkit_bool_t ret;
-
- ret = FALSE;
-
- path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit-public/%s.defaults-override", action_id);
- if (path == NULL)
- goto out;
-
- if (unlink (path) != 0) {
- kit_warning ("Error unlinking file %s: %m", path);
- }
-
- ret = TRUE;
-
-out:
- if (path == NULL)
- kit_free (path);
- return ret;
-
-}
-
-int
-main (int argc, char *argv[])
-{
- int ret;
- uid_t caller_uid;
- uid_t euid;
- struct passwd *pw;
-
- ret = 1;
- /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
- if (kit_clearenv () != 0)
- goto out;
- /* set a minimal environment */
- setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
-
- openlog ("polkit-set-default-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
-
- /* check for correct invocation */
- if (! (argc == 3 || argc == 6)) {
- syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
- fprintf (stderr, "polkit-set-default-helper: wrong number of arguments. This incident has been logged.\n");
- goto out;
- }
-
- caller_uid = getuid ();
-
- /* check we're running with a non-tty stdin */
- if (isatty (STDIN_FILENO) != 0) {
- syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
- fprintf (stderr, "polkit-set-default-helper: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
- goto out;
- }
-
- /* check that we are setuid polkituser */
- euid = geteuid ();
- pw = getpwuid (euid);
- if (pw == NULL) {
- fprintf (stderr, "polkit-set-default-helper: cannot lookup passwd info for uid %d\n", euid);
- goto out;
- }
- if (strcmp (pw->pw_name, POLKIT_USER) != 0) {
- fprintf (stderr, "polkit-set-default-helper: needs to be setuid " POLKIT_USER "\n");
- goto out;
- }
-
- /*----------------------------------------------------------------------------------------------------*/
-
- /* uid 0 is allowed to set anything */
- if (caller_uid != 0) {
- pid_t ppid;
-
- ppid = getppid ();
- if (ppid == 1)
- goto out;
-
- if (polkit_check_auth (ppid, "org.freedesktop.policykit.modify-defaults", NULL) == 0) {
- goto out;
- }
- }
-
- PolKitResult any;
- PolKitResult inactive;
- PolKitResult active;
-
- if (!polkit_action_validate_id (argv[1])) {
- goto out;
- }
-
- /* sanity check */
- if (argc == 3) {
- if (strcmp (argv[2], "clear") != 0)
- goto out;
-
- if (!clear_default (argv[1]))
- goto out;
- } else if (argc == 6) {
- if (strcmp (argv[2], "set") != 0)
- goto out;
-
- if (!polkit_result_from_string_representation (argv[3], &any)) {
- goto out;
- }
- if (!polkit_result_from_string_representation (argv[4], &inactive)) {
- goto out;
- }
- if (!polkit_result_from_string_representation (argv[5], &active)) {
- goto out;
- }
-
- if (!set_default (argv[1], argv[3], argv[4], argv[5]))
- goto out;
- } else {
- goto out;
- }
-
- /* trigger a reload */
- if (utimes (PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload", NULL) != 0) {
- kit_warning ("Error updating access+modification time on file '%s': %m\n",
- PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload");
- }
-
- ret = 0;
-
-out:
- return ret;
-}
-
diff --git a/src/polkit-dbus/polkit-simple.c b/src/polkit-dbus/polkit-simple.c
deleted file mode 100644
index 8365b93..0000000
--- a/src/polkit-dbus/polkit-simple.c
+++ /dev/null
@@ -1,601 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-simple.c : Simple convenience interface
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use, copy,
- * modify, merge, publish, distribute, sublicense, and/or sell copies
- * of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- *
- **************************************************************************/
-
-/**
- * SECTION:polkit-simple
- * @title: Simple convenience interface
- * @short_description: Simple convenience interface
- *
- * Simple convenience interface
- **/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-#include <limits.h>
-
-#include <polkit/polkit-private.h>
-#include "polkit-simple.h"
-#include "polkit-dbus.h"
-
-
-/**
- * polkit_check_auth:
- * @pid: process to check for; typically you want to pass the result of getpid() here
- * @...: %NULL terminated list of action identifiers to check for
- *
- * A simple convenience function to check whether a given process is
- * authorized for a number of actions.
- *
- * This is useful for programs that just wants to check whether they
- * should carry out some action. Note that the user identity used for
- * the purpose of checking authorizations is the Real one compared to
- * the e.g. Effective one (e.g. getuid(), getgid() is used instead of
- * e.g. geteuid(), getegid()). This is typically what one wants in a
- * setuid root program if the setuid root program is designed to do
- * work on behalf of the unprivileged user who invoked it (for
- * example, the PulseAudio sound server is setuid root only so it can
- * become a real time process; after that it drops all privileges).
- *
- * It varies whether one wants to pass getpid() or getppid() as the
- * process id to this function. For example, in the PulseAudio case it
- * is the right thing to pass getpid(). However, in a setup where the
- * process is a privileged helper, one wants to pass the process id of
- * the parent. Beware though, if the parent dies, getppid() will
- * return 1 (the process id of <literal>/sbin/init</literal>) which is
- * almost certainly guaranteed to be privileged as it is running as
- * uid 0.
- *
- * Note that this function will open a connection to the system
- * message bus and query ConsoleKit for details. In addition, it will
- * load PolicyKit specific files and spawn privileged helpers if
- * necessary. As such, there is a bit of IPC, context switching,
- * syscall overhead and I/O involved in using this function. If you
- * are planning on calling this function multiple times (e.g. from a
- * daemon) on a frequent basis and/or need more detail you should use
- * the #PolKitContext and #PolKitTracker classes instead as these are
- * designed to aggresively cache information.
- *
- * The return value is a bit mask indicating whether the given process
- * is authorized for the given actions. Bit 0 represents the first
- * action; bit 1 represents the 2nd action and so forth. A bit is set
- * to 1 if, and only if, the caller is authorized for the given
- * action. If the given action is unknown zero will be returned as well.
- *
- * If the function succeeds, errno will be set to 0. If an error
- * occurs 0 is returned and errno will be set:
- * <itemizedlist>
- * <listitem><literal>ENOMEM</literal>: Out of memory.</listitem>
- * <listitem><literal>ENOENT</literal>: Failed to connect to either the system message bus or ConsoleKit.</listitem>
- * </itemizedlist>
- *
- * Returns: See above
- *
- * Since: 0.7
- */
-polkit_uint64_t
-polkit_check_auth (pid_t pid, ...)
-{
- int n;
- va_list args;
- char *action_id;
- polkit_uint64_t ret;
- const char *action_ids[65];
-
- ret = 0;
-
- n = 0;
- va_start (args, pid);
- while ((action_id = va_arg (args, char *)) != NULL) {
- if (n == 64) {
- errno = EOVERFLOW;
- goto out;
- }
- action_ids[n++] = action_id;
- }
- va_end (args);
- action_ids[n] = NULL;
-
- ret = polkit_check_authv (pid, action_ids);
-out:
- return ret;
-}
-
-/**
- * polkit_check_authv:
- * @pid: See docs for polkit_check_auth()
- * @action_ids: %NULL terminated array of action id's
- *
- * This function is similar to polkit_check_auth() but takes an %NULL
- * terminated array instead of being a varadic function.
- *
- * Returns: See docs for polkit_check_auth()
- *
- * Since: 0.7
- */
-polkit_uint64_t
-polkit_check_authv (pid_t pid, const char **action_ids)
-{
- int n;
- polkit_uint64_t ret;
- DBusError error;
- DBusConnection *bus;
- PolKitCaller *caller;
- PolKitContext *context;
- PolKitError *pk_error;
- PolKitResult pk_result;
-
- ret = 0;
- errno = ENOENT;
- context = NULL;
- caller = NULL;
- bus = NULL;
-
- dbus_error_init (&error);
-
-#ifdef POLKIT_BUILD_TESTS
- char *pretend;
- if ((pretend = getenv ("POLKIT_TEST_PRETEND_TO_BE_CK_SESSION_OBJPATH")) != NULL) {
- /* see polkit_caller_new_from_pid() - basically, it's
- * if POLKIT_TEST_PRETEND_TO_BE_CK_SESSION_OBJPATH is set
- * then the bus won't be used at all
- */
- goto no_bus;
- }
-#endif
- bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
- if (bus == NULL) {
- kit_warning ("cannot connect to system bus: %s: %s", error.name, error.message);
- dbus_error_free (&error);
- goto out;
- }
-#ifdef POLKIT_BUILD_TESTS
-no_bus:
-#endif
-
- caller = polkit_caller_new_from_pid (bus, pid, &error);
- if (caller == NULL) {
- kit_warning ("cannot get caller from pid: %s: %s", error.name, error.message);
- goto out;
- }
-
- context = polkit_context_new ();
- if (context == NULL) {
- kit_warning ("cannot allocate PolKitContext");
- errno = ENOMEM;
- goto out;
- }
-
- pk_error = NULL;
- if (!polkit_context_init (context, &pk_error)) {
- kit_warning ("cannot initialize polkit context: %s: %s",
- polkit_error_get_error_name (pk_error),
- polkit_error_get_error_message (pk_error));
- polkit_error_free (pk_error);
- goto out;
- }
-
- for (n = 0; action_ids[n] != NULL; n++) {
- PolKitAction *action;
-
- action = polkit_action_new ();
- if (action == NULL) {
- kit_warning ("cannot allocate PolKitAction");
- errno = ENOMEM;
- goto out;
- }
- if (!polkit_action_set_action_id (action, action_ids[n])) {
- polkit_action_unref (action);
- kit_warning ("cannot set action_id");
- errno = ENOMEM;
- goto out;
- }
-
- pk_error = NULL;
- pk_result = polkit_context_is_caller_authorized (context, action, caller, FALSE, &pk_error);
-
- if (polkit_error_is_set (pk_error)) {
- polkit_error_free (pk_error);
- pk_error = NULL;
- } else {
- if (pk_result == POLKIT_RESULT_YES)
- ret |= (1<<n);
- }
-
- polkit_action_unref (action);
- }
-
-out:
- if (bus != NULL)
- dbus_connection_unref (bus);
- if (caller != NULL)
- polkit_caller_unref (caller);
- if (context != NULL)
- polkit_context_unref (context);
-
- return ret;
-}
-
-extern char **environ;
-
-static polkit_bool_t
-_auth_show_dialog_text (const char *action_id, pid_t pid, DBusError *error)
-{
- unsigned int n;
- polkit_bool_t ret;
- int exit_status;
- char *helper_argv[] = {PACKAGE_BIN_DIR "/polkit-auth", "--obtain", NULL, NULL};
- char **envp;
- size_t envsize;
- char buf[256];
-
- ret = FALSE;
-
- if (isatty (STDOUT_FILENO) != 1 || isatty (STDIN_FILENO) != 1) {
- dbus_set_error (error,
- "org.freedesktop.PolicyKit.LocalError",
- "stdout and/or stdin is not a tty");
- goto out;
- }
-
- envsize = kit_strv_length (environ);
- envp = kit_new0 (char *, envsize + 3);
- if (envp == NULL)
- goto out;
- for (n = 0; n < envsize; n++)
- envp[n] = environ[n];
- envp[envsize] = "POLKIT_AUTH_FORCE_TEXT=1";
- snprintf (buf, sizeof (buf), "POLKIT_AUTH_GRANT_TO_PID=%d", pid);
- envp[envsize+1] = buf;
-
- helper_argv[2] = (char *) action_id;
-
- if (!kit_spawn_sync (NULL, /* const char *working_directory */
- KIT_SPAWN_CHILD_INHERITS_STDIN, /* flags */
- helper_argv, /* char **argv */
- envp, /* char **envp */
- NULL, /* char *stdin */
- NULL, /* char **stdout */
- NULL, /* char **stderr */
- &exit_status)) { /* int *exit_status */
- dbus_set_error (error,
- "org.freedesktop.PolicyKit.LocalError",
- "Error spawning polkit-auth: %m");
- goto out;
- }
-
- if (!WIFEXITED (exit_status)) {
- dbus_set_error (error,
- "org.freedesktop.PolicyKit.LocalError",
- "polkit-auth crashed!");
- goto out;
- } else if (WEXITSTATUS(exit_status) != 0) {
- goto out;
- }
-
- ret = TRUE;
-
-out:
- return ret;
-}
-
-/**
- * polkit_auth_obtain:
- * @action_id: The action_id for the #PolKitAction to make the user
- * authenticate for
- * @xid: X11 window ID for the window that the dialog will be
- * transient for. If there is no window, pass 0.
- * @pid: Process ID of process to grant authorization to. Normally one wants to pass result of getpid().
- * @error: return location for error; cannot be %NULL
- *
- * Convenience function to prompt the user to authenticate to gain an
- * authorization for the given action. First, an attempt to reach an
- * Authentication Agent on the session message bus is made. If that
- * doesn't work and stdout/stdin are both tty's, polkit-auth(1) is
- * invoked.
- *
- * This is a blocking call. If you're using GTK+ see
- * polkit_gnome_auth_obtain() for a non-blocking version.
- *
- * Returns: %TRUE if, and only if, the user successfully
- * authenticated. %FALSE if the user failed to authenticate or if
- * error is set
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_auth_obtain (const char *action_id, polkit_uint32_t xid, pid_t pid, DBusError *error)
-{
- polkit_bool_t ret;
- DBusConnection *bus;
- DBusMessage *message;
- DBusMessage *reply;
-
- kit_return_val_if_fail (action_id != NULL, FALSE);
- kit_return_val_if_fail (error != NULL, FALSE);
- kit_return_val_if_fail (!dbus_error_is_set (error), FALSE);
-
- bus = NULL;
- message = NULL;
- reply = NULL;
- ret = FALSE;
-
- bus = dbus_bus_get (DBUS_BUS_SESSION, error);
- if (bus == NULL) {
- dbus_error_init (error);
- ret = _auth_show_dialog_text (action_id, pid, error);
- goto out;
- }
-
- message = dbus_message_new_method_call ("org.freedesktop.PolicyKit.AuthenticationAgent", /* service */
- "/", /* object path */
- "org.freedesktop.PolicyKit.AuthenticationAgent", /* interface */
- "ObtainAuthorization");
- dbus_message_append_args (message,
- DBUS_TYPE_STRING, &action_id,
- DBUS_TYPE_UINT32, &xid,
- DBUS_TYPE_UINT32, &pid,
- DBUS_TYPE_INVALID);
- reply = dbus_connection_send_with_reply_and_block (bus, message, INT_MAX, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- ret = _auth_show_dialog_text (action_id, pid, error);
- goto out;
- }
- if (!dbus_message_get_args (reply, NULL,
- DBUS_TYPE_BOOLEAN, &ret,
- DBUS_TYPE_INVALID)) {
- dbus_error_init (error);
- ret = _auth_show_dialog_text (action_id, pid, error);
- goto out;
- }
-
-out:
- if (bus != NULL)
- dbus_connection_unref (bus);
- if (message != NULL)
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
-
- return ret;
-}
-
-
-/**
- * polkit_dbus_error_generate:
- * @action: the action that the caller needs an authorization for
- * @result: the result from e.g. polkit_context_is_caller_authorized()
- * @error: the #DBusError to set
- *
- * Convenience function to generate a #DBusError that encapsulates
- * information that the caller is not authorized. This includes
- * information such as @action that describes what action the caller
- * lacks an authorization for, as well as @result that describes if
- * the caller can obtain an authorization through authentication.
- *
- * Typically a privileged mechanism uses this function to generate
- * errors. At the other end of the wire, the caller can use
- * polkit_dbus_error_parse() to extract @action and @result.
- *
- * The form of the #DBusError is as follows. The name is
- * set to
- * <literal>org.freedesktop.PolicyKit.Error.NotAuthorized</literal>
- * and the message consists of two strings separated by a single
- * space: the string representation of the action
- * (cf. polkit_action_to_string_representation()) and the string
- * representation of the result
- * (cf. polkit_result_to_string_representation()).
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Returns: TRUE if @error was set. FALSE on error or OOM.
- *
- * Since: 0.8
- */
-polkit_bool_t
-polkit_dbus_error_generate (PolKitAction *action, PolKitResult result, DBusError *error)
-{
- polkit_bool_t ret;
- const char *action_str;
- const char *result_str;
-
- ret = FALSE;
-
- kit_return_val_if_fail (error != NULL && !dbus_error_is_set (error), FALSE);
- kit_return_val_if_fail (action != NULL && polkit_action_validate (action), FALSE);
-
- action_str = polkit_action_to_string_representation (action);
- if (action_str == NULL)
- goto out;
-
- result_str = polkit_result_to_string_representation (result);
- if (result_str == NULL)
- goto out;
-
- dbus_set_error (error,
- "org.freedesktop.PolicyKit.Error.NotAuthorized",
- "%s %s",
- action_str, result_str);
-
- /* on OOM, error->name and error->message are set to preallocated strings */
- if (strcmp (error->name, "org.freedesktop.PolicyKit.Error.NotAuthorized") != 0)
- goto out;
-
- ret = TRUE;
-
-out:
- return ret;
-}
-
-/**
- * polkit_dbus_error_parse:
- * @error: error to parse; must be set
- * @action: return location for #PolKitAction object
- * @result: return location for #PolKitResult variable
- *
- * Parse an error received over D-Bus, typically generated by
- * polkit_dbus_error_generate(), into what action an authorization is
- * missing for and whether that authorization can be obtained.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Returns: TRUE only if @error was successfully parsed and @action
- * and @result is set (and caller must free @action using
- * polkit_action_unref()).
- *
- * Since: 0.8
- */
-polkit_bool_t
-polkit_dbus_error_parse (DBusError *error, PolKitAction **action, PolKitResult *result)
-{
- char **tokens;
- size_t num_tokens;
- polkit_bool_t ret;
-
- kit_return_val_if_fail (error != NULL && dbus_error_is_set (error), FALSE);
- kit_return_val_if_fail (action != NULL, FALSE);
- kit_return_val_if_fail (result != NULL, FALSE);
-
- ret = FALSE;
- tokens = NULL;
- *action = NULL;
-
- if (!dbus_error_has_name (error, "org.freedesktop.PolicyKit.Error.NotAuthorized"))
- goto out;
-
- tokens = kit_strsplit (error->message, ' ', &num_tokens);
- if (tokens == NULL || num_tokens != 2)
- goto out;
-
- *action = polkit_action_new_from_string_representation (tokens[0]);
- if (*action == NULL)
- goto out;
-
- if (!polkit_result_from_string_representation (tokens[1], result)) {
- polkit_action_unref (*action);
- *action = NULL;
- goto out;
- }
-
- ret = TRUE;
-
-out:
- if (!ret)
- *result = POLKIT_RESULT_UNKNOWN;
-
-
- if (tokens != NULL)
- kit_strfreev (tokens);
-
- return ret;
-}
-
-/**
- * polkit_dbus_error_parse_from_strings:
- * @error_name: name of D-Bus error
- * @error_message: message of D-Bus error
- * @action: return location for #PolKitAction object
- * @result: return location for #PolKitResult variable
- *
- * Like polkit_dbus_error_parse(), only it takes the name and message
- * instead of a #DBusError. This is useful when usings D-Bus bindings
- * (such as dbus-glib) that don't expose the #DBusError object
- * directly.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Returns: See polkit_dbus_error_parse().
- *
- * Since: 0.8
- */
-polkit_bool_t
-polkit_dbus_error_parse_from_strings (const char *error_name,
- const char *error_message,
- PolKitAction **action,
- PolKitResult *result)
-{
- DBusError error;
-
- dbus_error_init (&error);
- dbus_set_error_const (&error, error_name, error_message);
-
- return polkit_dbus_error_parse (&error, action, result);
-}
-
-#ifdef POLKIT_BUILD_TESTS
-
-static polkit_bool_t
-_run_test (void)
-{
- PolKitAction *a;
- PolKitResult r;
-
- a = polkit_action_new ();
- r = POLKIT_RESULT_ONLY_VIA_SELF_AUTH;
- if (a != NULL) {
- if (polkit_action_set_action_id (a, "org.example.foo")) {
- DBusError error;
-
- dbus_error_init (&error);
- if (polkit_dbus_error_generate (a, r, &error)) {
- PolKitAction *a2;
- PolKitResult r2;
-
- if (polkit_dbus_error_parse_from_strings (error.name, error.message, &a2, &r2)) {
- kit_assert (polkit_action_equal (a, a2));
- kit_assert (r == r2);
- polkit_action_unref (a2);
- }
- }
- }
- polkit_action_unref (a);
- }
-
- return TRUE;
-}
-
-KitTest _test_simple = {
- "polkit_simple",
- NULL,
- NULL,
- _run_test
-};
-
-#endif /* POLKIT_BUILD_TESTS */
diff --git a/src/polkit-dbus/polkit-simple.h b/src/polkit-dbus/polkit-simple.h
deleted file mode 100644
index 3c59314..0000000
--- a/src/polkit-dbus/polkit-simple.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-simple.h : Simple convenience interface
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use, copy,
- * modify, merge, publish, distribute, sublicense, and/or sell copies
- * of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_DBUS_H)
-#error "Only <polkit-dbus/polkit-dbus.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_SIMPLE_H
-#define POLKIT_SIMPLE_H
-
-#include <polkit-dbus/polkit-dbus.h>
-
-POLKIT_BEGIN_DECLS
-
-polkit_uint64_t polkit_check_auth (pid_t pid, ...);
-polkit_uint64_t polkit_check_authv (pid_t pid, const char **action_ids);
-
-polkit_bool_t polkit_auth_obtain (const char *action_id, polkit_uint32_t xid, pid_t pid, DBusError *error);
-
-polkit_bool_t polkit_dbus_error_generate (PolKitAction *action, PolKitResult result, DBusError *error);
-polkit_bool_t polkit_dbus_error_parse (DBusError *error, PolKitAction **action, PolKitResult *result);
-polkit_bool_t polkit_dbus_error_parse_from_strings (const char *error_name, const char *error_message, PolKitAction **action, PolKitResult *result);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_SIMPLE_H */
diff --git a/src/polkit-grant/Makefile.am b/src/polkit-grant/Makefile.am
index 18f9b6e..87c821b 100644
--- a/src/polkit-grant/Makefile.am
+++ b/src/polkit-grant/Makefile.am
@@ -13,32 +13,32 @@ INCLUDES = \
-DPOLKIT_COMPILATION \
@GLIB_CFLAGS@ @DBUS_CFLAGS@
-lib_LTLIBRARIES=libpolkit-grant.la
+lib_LTLIBRARIES=libpolkit-grant-1.la
-libpolkit_grantincludedir=$(includedir)/PolicyKit/polkit-grant
+libpolkit_grant_1includedir=$(includedir)/polkit-1/polkit-grant
-libpolkit_grantinclude_HEADERS = \
+libpolkit_grant_1include_HEADERS = \
polkit-grant.h
-libpolkit_grant_la_SOURCES = \
+libpolkit_grant_1_la_SOURCES = \
polkit-grant.h polkit-grant.c
if POLKIT_AUTHDB_DUMMY
-libpolkit_grant_la_SOURCES += polkit-authorization-db-dummy-write.c
+libpolkit_grant_1_la_SOURCES += polkit-authorization-db-dummy-write.c
endif
if POLKIT_AUTHDB_DEFAULT
-libpolkit_grant_la_SOURCES += polkit-authorization-db-write.c
+libpolkit_grant_1_la_SOURCES += polkit-authorization-db-write.c
endif
-libpolkit_grant_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la
+libpolkit_grant_1_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit-1.la
if POLKIT_BUILD_TESTS
-libpolkit_grant_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@
+libpolkit_grant_1_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@
else
-libpolkit_grant_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@ \
+libpolkit_grant_1_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@ \
-export-dynamic -no-undefined -export-symbols-regex '(^polkit_.*|_polkit_authorization_db_auth_file_add)'
endif
@@ -48,38 +48,38 @@ endif
# adjust the PAM stuff in data/Makefile.am
#
if POLKIT_AUTHDB_DEFAULT
-libexec_PROGRAMS = polkit-grant-helper
+libexec_PROGRAMS = polkit-grant-helper-1
if POLKIT_AUTHFW_PAM
-libexec_PROGRAMS += polkit-grant-helper-pam
+libexec_PROGRAMS += polkit-grant-helper-pam-1
endif
if POLKIT_AUTHFW_SHADOW
-libexec_PROGRAMS += polkit-grant-helper-shadow
+libexec_PROGRAMS += polkit-grant-helper-shadow-1
endif
-libexec_PROGRAMS += polkit-explicit-grant-helper polkit-revoke-helper
+libexec_PROGRAMS += polkit-explicit-grant-helper-1 polkit-revoke-helper-1
-polkit_grant_helper_SOURCES = polkit-grant-helper.c
-polkit_grant_helper_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la libpolkit-grant.la
+polkit_grant_helper_1_SOURCES = polkit-grant-helper.c
+polkit_grant_helper_1_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit-1.la libpolkit-grant-1.la
if POLKIT_AUTHFW_PAM
-polkit_grant_helper_pam_SOURCES = polkit-grant-helper-pam.c
-polkit_grant_helper_pam_LDADD = @AUTH_LIBS@ $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la
+polkit_grant_helper_pam_1_SOURCES = polkit-grant-helper-pam.c
+polkit_grant_helper_pam_1_LDADD = @AUTH_LIBS@ $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit-1.la
endif
if POLKIT_AUTHFW_SHADOW
-polkit_grant_helper_shadow_SOURCES = polkit-grant-helper-shadow.c
-polkit_grant_helper_shadow_LDADD = @AUTH_LIBS@
+polkit_grant_helper_shadow_1_SOURCES = polkit-grant-helper-shadow.c
+polkit_grant_helper_shadow_1_LDADD = @AUTH_LIBS@
endif
-polkit_explicit_grant_helper_SOURCES = polkit-explicit-grant-helper.c
-polkit_explicit_grant_helper_CFLAGS = @DBUS_CFLAGS@
-polkit_explicit_grant_helper_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la libpolkit-grant.la
+polkit_explicit_grant_helper_1_SOURCES = polkit-explicit-grant-helper.c
+polkit_explicit_grant_helper_1_CFLAGS = @DBUS_CFLAGS@
+polkit_explicit_grant_helper_1_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit-1.la libpolkit-grant-1.la
-polkit_revoke_helper_SOURCES = polkit-revoke-helper.c
-polkit_revoke_helper_CFLAGS = @DBUS_CFLAGS@
-polkit_revoke_helper_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la
+polkit_revoke_helper_1_SOURCES = polkit-revoke-helper.c
+polkit_revoke_helper_1_CFLAGS = @DBUS_CFLAGS@
+polkit_revoke_helper_1_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit-1.la
# polkit-grant-helper needs to be setgid polkituser to be able to
# write cookies to /var/lib/PolicyKit and /var/run/PolicyKit
@@ -99,20 +99,20 @@ polkit_revoke_helper_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/s
# /var/run/PolicyKit
#
install-exec-hook:
- -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper
- -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-grant-helper
+ -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper-1
+ -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-grant-helper-1
if POLKIT_AUTHFW_PAM
- -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper-pam
- -chmod 4754 $(DESTDIR)$(libexecdir)/polkit-grant-helper-pam
+ -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper-pam-1
+ -chmod 4754 $(DESTDIR)$(libexecdir)/polkit-grant-helper-pam-1
endif
if POLKIT_AUTHFW_SHADOW
- -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper-shadow
- -chmod 4750 $(DESTDIR)$(libexecdir)/polkit-grant-helper-shadow
+ -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper-shadow-1
+ -chmod 4750 $(DESTDIR)$(libexecdir)/polkit-grant-helper-shadow-1
endif
- -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-explicit-grant-helper
- -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-explicit-grant-helper
- -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-revoke-helper
- -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-revoke-helper
+ -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-explicit-grant-helper-1
+ -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-explicit-grant-helper-1
+ -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-revoke-helper-1
+ -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-revoke-helper-1
endif
## note that TESTS has special meaning (stuff to use in make check)
@@ -127,7 +127,7 @@ check_PROGRAMS=$(TESTS)
polkit_grant_test_SOURCES= \
polkit-grant-test.h polkit-grant-test.c
-polkit_grant_test_LDADD=$(top_builddir)/src/polkit-grant/libpolkit-grant.la
+polkit_grant_test_LDADD=$(top_builddir)/src/polkit-grant/libpolkit-grant-1.la
polkit_grant_test_LDFLAGS=
if KIT_GCOV_ENABLED
@@ -137,7 +137,7 @@ clean-gcov:
.PHONY: coverage-report.txt covered-files.txt
covered-files.txt :
- echo $(addprefix src/polkit-grant/,$(filter %.c,$(libpolkit_grant_la_SOURCES))) > covered-files.txt
+ echo $(addprefix src/polkit-grant/,$(filter %.c,$(libpolkit_grant_1_la_SOURCES))) > covered-files.txt
if POLKIT_AUTHDB_DEFAULT
echo src/polkit-grant/polkit-explicit-grant-helper.c >> covered-files.txt
echo src/polkit-grant/polkit-grant-helper.c >> covered-files.txt
@@ -151,7 +151,7 @@ endif
endif
coverage-report.txt : covered-files.txt clean-gcov all check
- gcov $(filter %.c,$(libpolkit_grant_la_SOURCES)) -o .libs/ > /dev/null
+ gcov $(filter %.c,$(libpolkit_grant_1_la_SOURCES)) -o .libs/ > /dev/null
if POLKIT_AUTHDB_DEFAULT
gcov polkit-explicit-grant-helper.c -o .libs/ > /dev/null
gcov polkit-grant-helper.c -o .libs/ > /dev/null
diff --git a/src/polkit-grant/polkit-authorization-db-write.c b/src/polkit-grant/polkit-authorization-db-write.c
index 6aa8ce2..fec91a1 100644
--- a/src/polkit-grant/polkit-authorization-db-write.c
+++ b/src/polkit-grant/polkit-authorization-db-write.c
@@ -99,9 +99,9 @@ _polkit_authorization_db_auth_file_add (polkit_bool_t transient, uid_t uid, char
char *newline = "\n";
if (transient)
- root = PACKAGE_LOCALSTATE_DIR "/run/PolicyKit";
+ root = PACKAGE_LOCALSTATE_DIR "/run/polkit-1";
else
- root = PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit";
+ root = PACKAGE_LOCALSTATE_DIR "/lib/polkit-1";
ret = FALSE;
path = NULL;
@@ -202,9 +202,9 @@ _polkit_authorization_db_auth_file_add (polkit_bool_t transient, uid_t uid, char
}
/* trigger a reload */
- if (utimes (PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload", NULL) != 0) {
+ if (utimes (PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload", NULL) != 0) {
g_warning ("Error updating access+modification time on file '%s': %m\n",
- PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload");
+ PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload");
}
ret = TRUE;
@@ -738,7 +738,7 @@ _grant_internal (PolKitAuthorizationDB *authdb,
polkit_bool_t is_negative)
{
GError *g_error;
- char *helper_argv[6] = {PACKAGE_LIBEXEC_DIR "/polkit-explicit-grant-helper", NULL, NULL, NULL, NULL, NULL};
+ char *helper_argv[6] = {PACKAGE_LIBEXEC_DIR "/polkit-explicit-grant-helper-1", NULL, NULL, NULL, NULL, NULL};
gboolean ret;
gint exit_status;
char cbuf[1024];
diff --git a/src/polkit-grant/polkit-explicit-grant-helper.c b/src/polkit-grant/polkit-explicit-grant-helper.c
index 2e83bde..5609912 100644
--- a/src/polkit-grant/polkit-explicit-grant-helper.c
+++ b/src/polkit-grant/polkit-explicit-grant-helper.c
@@ -49,7 +49,7 @@
#include <utime.h>
#include <fcntl.h>
-#include <polkit-dbus/polkit-dbus.h>
+#include <polkit/polkit.h>
#include <polkit/polkit-private.h>
#ifdef HAVE_SOLARIS
@@ -75,7 +75,7 @@ main (int argc, char *argv[])
/* set a minimal environment */
setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
- openlog ("polkit-explicit-grant-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
+ openlog ("polkit-explicit-grant-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
/* check for correct invocation */
if (argc != 5) {
diff --git a/src/polkit-grant/polkit-grant-helper-pam.c b/src/polkit-grant/polkit-grant-helper-pam.c
index d6f4677..2596595 100644
--- a/src/polkit-grant/polkit-grant-helper-pam.c
+++ b/src/polkit-grant/polkit-grant-helper-pam.c
@@ -80,7 +80,7 @@ main (int argc, char *argv[])
goto error;
}
- openlog ("polkit-grant-helper-pam", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
+ openlog ("polkit-grant-helper-pam-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
/* check for correct invocation */
if (argc != 1) {
diff --git a/src/polkit-grant/polkit-grant-helper.c b/src/polkit-grant/polkit-grant-helper.c
index cdfa710..ff4b03f 100644
--- a/src/polkit-grant/polkit-grant-helper.c
+++ b/src/polkit-grant/polkit-grant-helper.c
@@ -59,7 +59,7 @@
#include <kit/kit.h>
-#include <polkit-dbus/polkit-dbus.h>
+#include <polkit/polkit.h>
// #include <polkit/polkit-grant-database.h>
#ifdef HAVE_SOLARIS
@@ -151,7 +151,7 @@
* FAILURE on stdin. If FAILURE
* is received, then die with exit
* code 1. If SUCCESS, leave a cookie
- * in /var/{lib,run}/PolicyKit indicating
+ * in /var/{lib,run}/polkit-1 indicating
* the grant was successful and die with
* exit code 0
*
@@ -178,10 +178,10 @@ do_auth (const char *user_to_auth, gboolean *empty_conversation)
int helper_stdout;
GError *g_error;
#ifdef POLKIT_AUTHFW_PAM
- char *helper_argv[2] = {PACKAGE_LIBEXEC_DIR "/polkit-grant-helper-pam", NULL};
+ char *helper_argv[2] = {PACKAGE_LIBEXEC_DIR "/polkit-grant-helper-pam-1", NULL};
#endif
#ifdef POLKIT_AUTHFW_SHADOW
- char *helper_argv[2] = {PACKAGE_LIBEXEC_DIR "/polkit-grant-helper-shadow", NULL};
+ char *helper_argv[2] = {PACKAGE_LIBEXEC_DIR "/polkit-grant-helper-shadow-1", NULL};
#endif
char buf[256];
FILE *child_stdin;
@@ -330,98 +330,9 @@ verify_with_polkit (PolKitContext *pol_ctx,
*out_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH ||
*out_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION ||
*out_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS) {
- PolKitConfig *pk_config;
- PolKitConfigAdminAuthType admin_auth_type;
- const char *admin_auth_data;
-
- pk_config = polkit_context_get_config (pol_ctx, NULL);
- /* if the configuration file is malformed, bail out */
- if (pk_config == NULL)
- goto error;
-
- if (polkit_config_determine_admin_auth_type (pk_config,
- action,
- caller,
- &admin_auth_type,
- &admin_auth_data)) {
-#ifdef PGH_DEBUG
- fprintf (stderr, "polkit-grant-helper: admin_auth_type=%d data='%s'\n", admin_auth_type, admin_auth_data);
-#endif /* PGH_DEBUG */
- switch (admin_auth_type) {
- case POLKIT_CONFIG_ADMIN_AUTH_TYPE_USER:
- if (admin_auth_data != NULL)
- *out_admin_users = g_strsplit (admin_auth_data, "|", 0);
- break;
- case POLKIT_CONFIG_ADMIN_AUTH_TYPE_GROUP:
- if (admin_auth_data != NULL) {
- int n;
- char **groups;
- GSList *i;
- GSList *users;
-
-
- users = NULL;
- groups = g_strsplit (admin_auth_data, "|", 0);
- for (n = 0; groups[n] != NULL; n++) {
- int m;
- struct group *group;
-
- /* This is fine; we're a single-threaded app */
- if ((group = getgrnam (groups[n])) == NULL)
- continue;
-
- for (m = 0; group->gr_mem[m] != NULL; m++) {
- const char *user;
- gboolean found;
-
- user = group->gr_mem[m];
- found = FALSE;
-
-#ifdef PGH_DEBUG
- fprintf (stderr, "polkit-grant-helper: examining member '%s' of group '%s'\n", user, groups[n]);
-#endif /* PGH_DEBUG */
-
- /* skip user 'root' since he is often member of 'wheel' etc. */
- if (strcmp (user, "root") == 0)
- continue;
- /* TODO: we should probably only consider users with an uid
- * in a given "safe" range, e.g. between 500 and 32000 or
- * something like that...
- */
-
- for (i = users; i != NULL; i = g_slist_next (i)) {
- if (strcmp (user, (const char *) i->data) == 0) {
- found = TRUE;
- break;
- }
- }
- if (found)
- continue;
-
-#ifdef PGH_DEBUG
- fprintf (stderr, "polkit-grant-helper: added user '%s'\n", user);
-#endif /* PGH_DEBUG */
-
- users = g_slist_prepend (users, g_strdup (user));
- }
-
- }
- g_strfreev (groups);
-
- users = g_slist_sort (users, (GCompareFunc) strcmp);
-
- *out_admin_users = g_new0 (char *, g_slist_length (users) + 1);
- for (i = users, n = 0; i != NULL; i = g_slist_next (i)) {
- (*out_admin_users)[n++] = i->data;
- }
-
- g_slist_free (users);
- }
- break;
- }
- }
+ /* TODO: need to revisit this and return list of users that can auth */
+ *out_admin_users = NULL;
}
-
/* TODO: we should probably clean up */
@@ -571,7 +482,7 @@ main (int argc, char *argv[])
/* set a minimal environment */
setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
- openlog ("polkit-grant-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
+ openlog ("polkit-grant-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
/* check for correct invocation */
if (argc != 3) {
diff --git a/src/polkit-grant/polkit-grant.c b/src/polkit-grant/polkit-grant.c
index c491b53..ad4c98f 100644
--- a/src/polkit-grant/polkit-grant.c
+++ b/src/polkit-grant/polkit-grant.c
@@ -495,8 +495,8 @@ polkit_grant_initiate_auth (PolKitGrant *polkit_grant,
/* TODO: verify incoming args */
- /* helper_argv[0] = "/home/davidz/Hacking/PolicyKit/polkit-grant/.libs/polkit-grant-helper"; */
- helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-grant-helper";
+ /* helper_argv[0] = "/home/davidz/Hacking/PolicyKit/polkit-grant/.libs/polkit-grant-helper-1"; */
+ helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-grant-helper-1";
helper_argv[1] = g_strdup_printf ("%d", pid);
helper_argv[2] = action_id;
helper_argv[3] = NULL;
diff --git a/src/polkit-grant/polkit-revoke-helper.c b/src/polkit-grant/polkit-revoke-helper.c
index 5f59856..3b79813 100644
--- a/src/polkit-grant/polkit-revoke-helper.c
+++ b/src/polkit-grant/polkit-revoke-helper.c
@@ -48,7 +48,7 @@
#include <utime.h>
#include <fcntl.h>
-#include <polkit-dbus/polkit-dbus.h>
+#include <polkit/polkit.h>
#include <polkit/polkit-private.h>
#ifdef HAVE_SOLARIS
@@ -118,7 +118,7 @@ main (int argc, char *argv[])
setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
#endif
- openlog ("polkit-revoke-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
+ openlog ("polkit-revoke-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
/* check for correct invocation */
if (argc != 4) {
@@ -204,12 +204,12 @@ skip_check:
if ((test_dir = getenv ("POLKIT_TEST_LOCALSTATE_DIR")) == NULL) {
test_dir = PACKAGE_LOCALSTATE_DIR;
}
- kit_assert ((size_t) snprintf (dir_run, sizeof (dir_run), "%s/run/PolicyKit", test_dir) < sizeof (dir_run));
- kit_assert ((size_t) snprintf (dir_lib, sizeof (dir_lib), "%s/lib/PolicyKit", test_dir) < sizeof (dir_lib));
+ kit_assert ((size_t) snprintf (dir_run, sizeof (dir_run), "%s/run/polkit-1", test_dir) < sizeof (dir_run));
+ kit_assert ((size_t) snprintf (dir_lib, sizeof (dir_lib), "%s/lib/polkit-1", test_dir) < sizeof (dir_lib));
#else
- char *dir_run = PACKAGE_LOCALSTATE_DIR "/run/PolicyKit";
- char *dir_lib = PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit";
+ char *dir_run = PACKAGE_LOCALSTATE_DIR "/run/polkit-1";
+ char *dir_lib = PACKAGE_LOCALSTATE_DIR "/lib/polkit-1";
#endif
@@ -347,9 +347,9 @@ skip_check:
goto no_reload;
#endif
/* trigger a reload */
- if (utimes (PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload", NULL) != 0) {
+ if (utimes (PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload", NULL) != 0) {
fprintf (stderr, "Error updating access+modification time on file '%s': %m\n",
- PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload");
+ PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload");
}
#ifdef POLKIT_BUILD_TESTS
no_reload:
diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am
index 4c3d313..9c200a1 100644
--- a/src/polkit/Makefile.am
+++ b/src/polkit/Makefile.am
@@ -12,13 +12,15 @@ INCLUDES = \
-D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
-DPOLKIT_COMPILATION \
-DTEST_DATA_DIR=\"$(top_srcdir)/test/\" \
- -DTEST_BUILD_DIR=\"$(top_builddir)\"
+ -DTEST_BUILD_DIR=\"$(top_builddir)\" \
+ @DBUS_CFLAGS@
-lib_LTLIBRARIES=libpolkit.la
-libpolkitincludedir=$(includedir)/PolicyKit/polkit
+lib_LTLIBRARIES=libpolkit-1.la
-libpolkitinclude_HEADERS = \
+libpolkit_1includedir=$(includedir)/polkit-1/polkit
+
+libpolkit_1include_HEADERS = \
polkit.h \
polkit-sysdeps.h \
polkit-types.h \
@@ -33,12 +35,13 @@ libpolkitinclude_HEADERS = \
polkit-policy-file.h \
polkit-policy-cache.h \
polkit-policy-default.h \
- polkit-config.h \
polkit-authorization.h \
polkit-authorization-constraint.h \
- polkit-authorization-db.h
+ polkit-authorization-db.h \
+ polkit-tracker.h \
+ polkit-simple.h
-libpolkit_la_SOURCES = \
+libpolkit_1_la_SOURCES = \
polkit.h \
polkit-private.h \
polkit-types.h \
@@ -56,27 +59,28 @@ libpolkit_la_SOURCES = \
polkit-policy-default.h polkit-policy-default.c \
polkit-debug.h polkit-debug.c \
polkit-utils.h polkit-utils.c \
- polkit-config.h polkit-config.c \
polkit-authorization.h polkit-authorization.c \
polkit-authorization-constraint.h polkit-authorization-constraint.c \
- polkit-authorization-db.h
+ polkit-authorization-db.h \
+ polkit-tracker.h polkit-tracker.c \
+ polkit-simple.h polkit-simple.c
if POLKIT_AUTHDB_DUMMY
-libpolkit_la_SOURCES += \
+libpolkit_1_la_SOURCES += \
polkit-authorization-db-dummy.c
endif
if POLKIT_AUTHDB_DEFAULT
-libpolkit_la_SOURCES += \
+libpolkit_1_la_SOURCES += \
polkit-authorization-db.c
endif
-libpolkit_la_LIBADD = @EXPAT_LIBS@ $(top_builddir)/src/kit/libkit.la
+libpolkit_1_la_LIBADD = @DBUS_LIBS@ @EXPAT_LIBS@ $(top_builddir)/src/kit/libkit.la $(SELINUX_LIBS)
if POLKIT_BUILD_TESTS
-libpolkit_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@
+libpolkit_1_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@
else
-libpolkit_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@ \
+libpolkit_1_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@ \
-export-dynamic -no-undefined -export-symbols-regex '(^polkit_.*|_pk_validate_unique_bus_name)'
endif
@@ -92,7 +96,7 @@ check_PROGRAMS=$(TESTS)
polkit_test_SOURCES= \
polkit-test.h polkit-test.c
-polkit_test_LDADD=$(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la
+polkit_test_LDADD=$(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit-1.la
polkit_test_LDFLAGS=
if POLKIT_GCOV_ENABLED
@@ -102,10 +106,10 @@ clean-gcov:
.PHONY: coverage-report.txt covered-files.txt
covered-files.txt :
- echo $(addprefix src/polkit/,$(filter %.c,$(libpolkit_la_SOURCES))) > covered-files.txt
+ echo $(addprefix src/polkit/,$(filter %.c,$(libpolkit_1_la_SOURCES))) > covered-files.txt
coverage-report.txt : covered-files.txt clean-gcov all check
- gcov $(filter %.c,$(libpolkit_la_SOURCES)) -o .libs/ > /dev/null
+ gcov $(filter %.c,$(libpolkit_1_la_SOURCES)) -o .libs/ > /dev/null
$(top_srcdir)/test/create-coverage-report.sh "module polkit" `cat covered-files.txt` > coverage-report.txt
check-coverage : coverage-report.txt
@@ -125,32 +129,66 @@ endif
clean-local :
rm -f *~ $(BUILT_SOURCES) *.bb *.bbg *.da *.gcov .libs/*.da .libs/*.bbg
+libexec_PROGRAMS = polkit-resolve-exe-helper-1
+
+polkit_resolve_exe_helper_1_SOURCES = polkit-resolve-exe-helper.c
+polkit_resolve_exe_helper_1_CFLAGS = @DBUS_CFLAGS@
+polkit_resolve_exe_helper_1_LDADD = $(top_builddir)/src/kit/libkit.la libpolkit-1.la
+
if POLKIT_AUTHDB_DEFAULT
-# The directories /var/lib/PolicyKit and /var/run/PolicyKit is where
+libexec_PROGRAMS += polkit-read-auth-helper-1 polkit-set-default-helper-1
+
+polkit_read_auth_helper_1_SOURCES = polkit-read-auth-helper.c
+polkit_read_auth_helper_1_CFLAGS = @DBUS_CFLAGS@
+polkit_read_auth_helper_1_LDADD = $(top_builddir)/src/kit/libkit.la libpolkit-1.la
+
+polkit_set_default_helper_1_SOURCES = polkit-set-default-helper.c
+polkit_set_default_helper_1_CFLAGS = @DBUS_CFLAGS@
+polkit_set_default_helper_1_LDADD = $(top_builddir)/src/kit/libkit.la libpolkit-1.la
+
+# The directories /var/lib/polkit-1 and /var/run/polkit-1 is where
# authorizations are stored. They must not be world readable (the
# polkit-auth-read-helper is used to read it) and the $POLKIT_GROUP
# group needs to be able to write files there.
#
-# The directory /var/lib/PolicyKit-public is used for storing world-readable
+# The directory /var/lib/polkit-public-1 is used for storing world-readable
# information. Only $POLKIT_USER may write to it.
#
-# The /var/lib/misc/PolicyKit.reload file is used for triggering that
+# The /var/lib/misc/polkit-1.reload file is used for triggering that
# authorizations have changed; it needs to be world readable and
# writeable for user $POLKIT_USER and group $POLKIT_GROUP (FHS 2.3 suggests
# that location)
#
-install-data-local:
+# polkit-read-auth-helper needs to be setgid $POLKIT_GROUP to be able
+# to read authorization files in /var/lib/polkit-1 and
+# /var/run/polkit-1
+#
+# polkit-set-default-helper needs to be setuid $POLKIT_USER to be able
+# to write .defaults-override files in /var/lib/polkit-public-1
+#
+# polkit-resolve-exe-helper needs to be setuid root to be able to resolve
+# /proc/$pid/exe symlinks.
+#
+install-exec-hook:
mkdir -p $(DESTDIR)$(localstatedir)/lib/misc
- touch $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload
- -chown $(POLKIT_USER):$(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload
- -chmod 664 $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload
- mkdir -p $(DESTDIR)$(localstatedir)/lib/PolicyKit-public
- mkdir -p $(DESTDIR)$(localstatedir)/lib/PolicyKit
- mkdir -p $(DESTDIR)$(localstatedir)/run/PolicyKit
- -chown $(POLKIT_USER) $(DESTDIR)$(localstatedir)/lib/PolicyKit-public
- -chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/PolicyKit
- -chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/run/PolicyKit
- -chmod 755 $(DESTDIR)$(localstatedir)/lib/PolicyKit-public
- -chmod 770 $(DESTDIR)$(localstatedir)/lib/PolicyKit
- -chmod 770 $(DESTDIR)$(localstatedir)/run/PolicyKit
+ touch $(DESTDIR)$(localstatedir)/lib/misc/polkit-1.reload
+ -chown $(POLKIT_USER):$(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/misc/polkit-1.reload
+ -chmod 664 $(DESTDIR)$(localstatedir)/lib/misc/polkit-1.reload
+ mkdir -p $(DESTDIR)$(localstatedir)/lib/polkit-public-1
+ mkdir -p $(DESTDIR)$(localstatedir)/lib/polkit-1
+ mkdir -p $(DESTDIR)$(localstatedir)/run/polkit-1
+ -chown $(POLKIT_USER) $(DESTDIR)$(localstatedir)/lib/polkit-public-1
+ -chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/polkit-1
+ -chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/run/polkit-1
+ -chmod 755 $(DESTDIR)$(localstatedir)/lib/polkit-public-1
+ -chmod 770 $(DESTDIR)$(localstatedir)/lib/polkit-1
+ -chmod 770 $(DESTDIR)$(localstatedir)/run/polkit-1
+ -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-read-auth-helper-1
+ -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-read-auth-helper-1
+ -chown $(POLKIT_USER) $(DESTDIR)$(libexecdir)/polkit-set-default-helper-1
+ -chmod 4755 $(DESTDIR)$(libexecdir)/polkit-set-default-helper-1
+ -chmod 4755 $(DESTDIR)$(libexecdir)/polkit-resolve-exe-helper-1
+else
+install-exec-hook:
+ -chmod 4755 $(DESTDIR)$(libexecdir)/polkit-resolve-exe-helper
endif
diff --git a/src/polkit/polkit-authorization-db.c b/src/polkit/polkit-authorization-db.c
index 1e339b6..37529a3 100644
--- a/src/polkit/polkit-authorization-db.c
+++ b/src/polkit/polkit-authorization-db.c
@@ -278,13 +278,13 @@ _authdb_get_auths_for_uid (PolKitAuthorizationDB *authdb,
char helper_buf[256];
char *helper_bin_dir;
if ((helper_bin_dir = getenv ("POLKIT_TEST_BUILD_DIR")) != NULL) {
- kit_assert ((size_t) snprintf (helper_buf, sizeof (helper_buf), "%s/src/polkit-dbus/polkit-read-auth-helper", helper_bin_dir) < sizeof (helper_buf));
+ kit_assert ((size_t) snprintf (helper_buf, sizeof (helper_buf), "%s/src/polkit/polkit-read-auth-helper-1", helper_bin_dir) < sizeof (helper_buf));
helper_argv[0] = helper_buf;
} else {
- helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-read-auth-helper";
+ helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-read-auth-helper-1";
}
#else
- helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-read-auth-helper";
+ helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-read-auth-helper-1";
#endif
/* first, see if this is in the cache */
@@ -1042,13 +1042,13 @@ polkit_authorization_db_revoke_entry (PolKitAuthorizationDB *authdb,
char helper_buf[256];
char *helper_bin_dir;
if ((helper_bin_dir = getenv ("POLKIT_TEST_BUILD_DIR")) != NULL) {
- kit_assert ((size_t) snprintf (helper_buf, sizeof (helper_buf), "%s/src/polkit-grant/polkit-revoke-helper", helper_bin_dir) < sizeof (helper_buf));
+ kit_assert ((size_t) snprintf (helper_buf, sizeof (helper_buf), "%s/src/polkit-grant/polkit-revoke-helper-1", helper_bin_dir) < sizeof (helper_buf));
helper_argv[0] = helper_buf;
} else {
- helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-revoke-helper";
+ helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-revoke-helper-1";
}
#else
- helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-revoke-helper";
+ helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-revoke-helper-1";
#endif
helper_argv[1] = (char *) auth_file_entry;
@@ -1236,22 +1236,22 @@ _run_test (void)
goto out;
/* seed the authdb with known defaults */
- if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/run/PolicyKit/user-pu1.auths", 0644,
+ if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/run/polkit-1/user-pu1.auths", 0644,
test_pu1_run, sizeof (test_pu1_run) - 1))
goto out;
- if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/lib/PolicyKit/user-pu1.auths", 0644,
+ if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/lib/polkit-1/user-pu1.auths", 0644,
test_pu1_lib, sizeof (test_pu1_lib) - 1))
goto out;
- if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/run/PolicyKit/user-pu2.auths", 0644,
+ if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/run/polkit-1/user-pu2.auths", 0644,
test_pu2_run, sizeof (test_pu2_run) - 1))
goto out;
- if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/lib/PolicyKit/user-pu2.auths", 0644,
+ if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/lib/polkit-1/user-pu2.auths", 0644,
test_pu2_lib, sizeof (test_pu2_lib) - 1))
goto out;
- if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/run/PolicyKit/user-pu3.auths", 0644,
+ if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/run/polkit-1/user-pu3.auths", 0644,
test_pu3_run, strlen (test_pu3_run)))
goto out;
- if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/lib/PolicyKit/user-pu3.auths", 0644,
+ if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/lib/polkit-1/user-pu3.auths", 0644,
test_pu3_lib, sizeof (test_pu3_lib) - 1))
goto out;
@@ -1320,6 +1320,11 @@ _run_test (void)
if (polkit_authorization_db_is_caller_authorized (adb, action, caller, FALSE, &is_auth, &is_neg, &error)) {
kit_assert (! polkit_error_is_set (error) && !is_auth && !is_neg);
} else {
+ kit_warning ("%p: %d: %s: %s",
+ error,
+ polkit_error_get_error_code (error),
+ polkit_error_get_error_name (error),
+ polkit_error_get_error_message (error));
kit_assert (polkit_error_is_set (error) &&
polkit_error_get_error_code (error) == POLKIT_ERROR_OUT_OF_MEMORY);
polkit_error_free (error);
diff --git a/src/polkit/polkit-config.c b/src/polkit/polkit-config.c
deleted file mode 100644
index 375615e..0000000
--- a/src/polkit/polkit-config.c
+++ /dev/null
@@ -1,786 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-config.h : Configuration file
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use, copy,
- * modify, merge, publish, distribute, sublicense, and/or sell copies
- * of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-#include <regex.h>
-#include <syslog.h>
-#include <regex.h>
-
-#include <expat.h>
-
-#include "polkit-config.h"
-#include "polkit-debug.h"
-#include "polkit-error.h"
-#include "polkit-private.h"
-#include "polkit-test.h"
-
-/**
- * SECTION:polkit-config
- * @title: Configuration
- * @short_description: Represents the system-wide <literal>/etc/PolicyKit/PolicyKit.conf</literal> file.
- *
- * This class is used to represent the /etc/PolicyKit/PolicyKit.conf
- * configuration file. Applications using PolicyKit should never use
- * this class; it's only here for integration with other PolicyKit
- * components.
- **/
-
-enum {
- STATE_NONE,
- STATE_UNKNOWN_TAG,
- STATE_IN_CONFIG,
- STATE_IN_MATCH,
- STATE_IN_RETURN,
- STATE_IN_DEFINE_ADMIN_AUTH,
-};
-
-struct ConfigNode;
-typedef struct ConfigNode ConfigNode;
-
-/**
- * PolKitConfig:
- *
- * This class represents the system-wide configuration file for
- * PolicyKit. Applications using PolicyKit should never use this
- * class; it's only here for integration with other PolicyKit
- * components.
- **/
-struct _PolKitConfig
-{
- int refcount;
- ConfigNode *top_config_node;
-};
-
-#define PARSER_MAX_DEPTH 32
-
-typedef struct {
- XML_Parser parser;
- int state;
- PolKitConfig *pk_config;
- const char *path;
-
- int state_stack[PARSER_MAX_DEPTH];
- ConfigNode *node_stack[PARSER_MAX_DEPTH];
-
- int stack_depth;
-} ParserData;
-
-enum {
- NODE_TYPE_NOP,
- NODE_TYPE_TOP,
- NODE_TYPE_MATCH,
- NODE_TYPE_RETURN,
- NODE_TYPE_DEFINE_ADMIN_AUTH,
-};
-
-enum {
- MATCH_TYPE_ACTION,
- MATCH_TYPE_USER,
-};
-
-static const char * const match_names[] =
-{
- "action",
- "user",
-};
-
-static const char * const define_admin_auth_names[] =
-{
- "user",
- "group",
-};
-
-struct ConfigNode
-{
- int node_type;
-
- union {
-
- struct {
- int match_type;
- char *data;
- regex_t preq;
- } node_match;
-
- struct {
- PolKitResult result;
- } node_return;
-
- struct {
- PolKitConfigAdminAuthType admin_type;
- char *data;
- } node_define_admin_auth;
-
- } data;
-
- KitList *children;
-};
-
-
-static ConfigNode *
-config_node_new (void)
-{
- ConfigNode *node;
- node = kit_new0 (ConfigNode, 1);
- return node;
-}
-
-static void
-config_node_dump_real (ConfigNode *node, unsigned int indent)
-{
- KitList *i;
- unsigned int n;
- char buf[128];
-
- for (n = 0; n < indent && n < sizeof (buf) - 1; n++)
- buf[n] = ' ';
- buf[n] = '\0';
-
- switch (node->node_type) {
- case NODE_TYPE_NOP:
- polkit_debug ("%sNOP", buf);
- break;
- case NODE_TYPE_TOP:
- polkit_debug ("%sTOP", buf);
- break;
- case NODE_TYPE_MATCH:
- polkit_debug ("%sMATCH %s (%d) with '%s'",
- buf,
- match_names[node->data.node_match.match_type],
- node->data.node_match.match_type,
- node->data.node_match.data);
- break;
- case NODE_TYPE_RETURN:
- polkit_debug ("%sRETURN %s (%d)",
- buf,
- polkit_result_to_string_representation (node->data.node_return.result),
- node->data.node_return.result);
- break;
- case NODE_TYPE_DEFINE_ADMIN_AUTH:
- polkit_debug ("%sDEFINE_ADMIN_AUTH %s (%d) with '%s'",
- buf,
- define_admin_auth_names[node->data.node_define_admin_auth.admin_type],
- node->data.node_define_admin_auth.admin_type,
- node->data.node_define_admin_auth.data);
- break;
- break;
- }
-
- for (i = node->children; i != NULL; i = i->next) {
- ConfigNode *child = i->data;
- config_node_dump_real (child, indent + 2);
- }
-}
-
-static void
-config_node_dump (ConfigNode *node)
-{
-
- config_node_dump_real (node, 0);
-}
-
-static void
-config_node_unref (ConfigNode *node)
-{
- KitList *i;
-
- switch (node->node_type) {
- case NODE_TYPE_NOP:
- break;
- case NODE_TYPE_TOP:
- break;
- case NODE_TYPE_MATCH:
- kit_free (node->data.node_match.data);
- regfree (&(node->data.node_match.preq));
- break;
- case NODE_TYPE_RETURN:
- break;
- case NODE_TYPE_DEFINE_ADMIN_AUTH:
- kit_free (node->data.node_define_admin_auth.data);
- break;
- }
-
- for (i = node->children; i != NULL; i = i->next) {
- ConfigNode *child = i->data;
- config_node_unref (child);
- }
- kit_list_free (node->children);
- kit_free (node);
-}
-
-static void
-_start (void *data, const char *el, const char **attr)
-{
- int state;
- int num_attr;
- ParserData *pd = data;
- ConfigNode *node;
-
- polkit_debug ("_start for node '%s' (at depth=%d)", el, pd->stack_depth);
-
- for (num_attr = 0; attr[num_attr] != NULL; num_attr++)
- ;
-
- state = STATE_NONE;
- node = config_node_new ();
- node->node_type = NODE_TYPE_NOP;
-
- switch (pd->state) {
- case STATE_NONE:
- if (strcmp (el, "config") == 0) {
- state = STATE_IN_CONFIG;
- polkit_debug ("parsed config node");
-
- if (pd->pk_config->top_config_node != NULL) {
- polkit_debug ("Multiple config nodes?");
- goto error;
- }
-
- node->node_type = NODE_TYPE_TOP;
- pd->pk_config->top_config_node = node;
- }
- break;
- case STATE_IN_CONFIG: /* explicit fallthrough */
- case STATE_IN_MATCH:
- if ((strcmp (el, "match") == 0) && (num_attr == 2)) {
-
- node->node_type = NODE_TYPE_MATCH;
- if (strcmp (attr[0], "action") == 0) {
- node->data.node_match.match_type = MATCH_TYPE_ACTION;
- } else if (strcmp (attr[0], "user") == 0) {
- node->data.node_match.match_type = MATCH_TYPE_USER;
- } else {
- polkit_debug ("Unknown match rule '%s'", attr[0]);
- goto error;
- }
-
- node->data.node_match.data = kit_strdup (attr[1]);
- if (regcomp (&(node->data.node_match.preq), node->data.node_match.data, REG_NOSUB|REG_EXTENDED) != 0) {
- polkit_debug ("Invalid expression '%s'", node->data.node_match.data);
- goto error;
- }
-
- state = STATE_IN_MATCH;
- polkit_debug ("parsed match node ('%s' (%d) -> '%s')",
- attr[0],
- node->data.node_match.match_type,
- node->data.node_match.data);
-
- } else if ((strcmp (el, "return") == 0) && (num_attr == 2)) {
-
- node->node_type = NODE_TYPE_RETURN;
-
- if (strcmp (attr[0], "result") == 0) {
- PolKitResult r;
- if (!polkit_result_from_string_representation (attr[1], &r)) {
- polkit_debug ("Unknown return result '%s'", attr[1]);
- goto error;
- }
- node->data.node_return.result = r;
- } else {
- polkit_debug ("Unknown return rule '%s'", attr[0]);
- goto error;
- }
-
- state = STATE_IN_RETURN;
- polkit_debug ("parsed return node ('%s' (%d))",
- attr[1],
- node->data.node_return.result);
- } else if ((strcmp (el, "define_admin_auth") == 0) && (num_attr == 2)) {
-
- node->node_type = NODE_TYPE_DEFINE_ADMIN_AUTH;
- if (strcmp (attr[0], "user") == 0) {
- node->data.node_define_admin_auth.admin_type = POLKIT_CONFIG_ADMIN_AUTH_TYPE_USER;
- } else if (strcmp (attr[0], "group") == 0) {
- node->data.node_define_admin_auth.admin_type = POLKIT_CONFIG_ADMIN_AUTH_TYPE_GROUP;
- } else {
- polkit_debug ("Unknown define_admin_auth rule '%s'", attr[0]);
- goto error;
- }
-
- node->data.node_define_admin_auth.data = kit_strdup (attr[1]);
-
- state = STATE_IN_DEFINE_ADMIN_AUTH;
- polkit_debug ("parsed define_admin_auth node ('%s' (%d) -> '%s')",
- attr[0],
- node->data.node_define_admin_auth.admin_type,
- node->data.node_define_admin_auth.data);
-
-
- }
- break;
- }
-
- if (state == STATE_NONE || node == NULL) {
- kit_warning ("skipping unknown tag <%s> at line %d of %s",
- el, (int) XML_GetCurrentLineNumber (pd->parser), pd->path);
- state = STATE_UNKNOWN_TAG;
- }
-
- if (pd->stack_depth < 0 || pd->stack_depth >= PARSER_MAX_DEPTH) {
- polkit_debug ("reached max depth?");
- goto error;
- }
- pd->state = state;
- pd->state_stack[pd->stack_depth] = pd->state;
- pd->node_stack[pd->stack_depth] = node;
-
- if (pd->stack_depth > 0) {
- pd->node_stack[pd->stack_depth - 1]->children =
- kit_list_append (pd->node_stack[pd->stack_depth - 1]->children, node);
- }
-
- pd->stack_depth++;
- polkit_debug ("now in state=%d (after _start, depth=%d)", pd->state, pd->stack_depth);
- return;
-
-error:
- if (node != NULL) {
- config_node_unref (node);
- }
- XML_StopParser (pd->parser, FALSE);
-}
-
-static void
-_cdata (void *data, const char *s, int len)
-{
-}
-
-static void
-_end (void *data, const char *el)
-{
- ParserData *pd = data;
-
- polkit_debug ("_end for node '%s' (at depth=%d)", el, pd->stack_depth);
-
- --pd->stack_depth;
- if (pd->stack_depth < 0 || pd->stack_depth >= PARSER_MAX_DEPTH) {
- polkit_debug ("reached max depth?");
- goto error;
- }
- if (pd->stack_depth > 0)
- pd->state = pd->state_stack[pd->stack_depth - 1];
- else
- pd->state = STATE_NONE;
- polkit_debug ("now in state=%d (after _end, depth=%d)", pd->state, pd->stack_depth);
- return;
-error:
- XML_StopParser (pd->parser, FALSE);
-}
-
-/**
- * polkit_config_new:
- * @path: Path to configuration, typically /etc/PolicyKit/PolicyKit.conf is passed.
- * @error: return location for error
- *
- * Load and parse a PolicyKit configuration file.
- *
- * Returns: the configuration file object
- **/
-PolKitConfig *
-polkit_config_new (const char *path, PolKitError **error)
-{
- ParserData pd;
- int xml_res;
- PolKitConfig *pk_config;
- char *buf;
- size_t buflen;
-
- /* load and parse the configuration file */
- pk_config = NULL;
-
- if (!kit_file_get_contents (path, &buf, &buflen)) {
- polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
- "Cannot load PolicyKit policy file at '%s': %m",
- path);
- goto error;
- }
-
- pd.parser = XML_ParserCreate (NULL);
- if (pd.parser == NULL) {
- polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY,
- "Cannot load PolicyKit policy file at '%s': %s",
- path,
- "No memory for parser");
- goto error;
- }
- XML_SetUserData (pd.parser, &pd);
- XML_SetElementHandler (pd.parser, _start, _end);
- XML_SetCharacterDataHandler (pd.parser, _cdata);
-
- pk_config = kit_new0 (PolKitConfig, 1);
- pk_config->refcount = 1;
-
- pd.state = STATE_NONE;
- pd.pk_config = pk_config;
- pd.node_stack[0] = NULL;
- pd.stack_depth = 0;
- pd.path = path;
-
- xml_res = XML_Parse (pd.parser, buf, buflen, 1);
-
- if (xml_res == 0) {
- polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
- "%s:%d: parse error: %s",
- path,
- (int) XML_GetCurrentLineNumber (pd.parser),
- XML_ErrorString (XML_GetErrorCode (pd.parser)));
-
- XML_ParserFree (pd.parser);
- kit_free (buf);
- goto error;
- }
- XML_ParserFree (pd.parser);
- kit_free (buf);
-
- polkit_debug ("Loaded configuration file %s", path);
-
- if (pk_config->top_config_node != NULL)
- config_node_dump (pk_config->top_config_node);
-
- return pk_config;
-
-error:
- if (pk_config != NULL)
- polkit_config_unref (pk_config);
- return NULL;
-}
-
-/**
- * polkit_config_ref:
- * @pk_config: the object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitConfig *
-polkit_config_ref (PolKitConfig *pk_config)
-{
- kit_return_val_if_fail (pk_config != NULL, pk_config);
- pk_config->refcount++;
- return pk_config;
-}
-
-/**
- * polkit_config_unref:
- * @pk_config: the object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-polkit_config_unref (PolKitConfig *pk_config)
-{
- kit_return_if_fail (pk_config != NULL);
- pk_config->refcount--;
- if (pk_config->refcount > 0)
- return;
-
- if (pk_config->top_config_node != NULL)
- config_node_unref (pk_config->top_config_node);
-
- kit_free (pk_config);
-}
-
-static polkit_bool_t
-config_node_match (ConfigNode *node,
- PolKitAction *action,
- PolKitCaller *caller,
- PolKitSession *session)
-{
- char *str;
- char *str1;
- char *str2;
- uid_t uid;
- polkit_bool_t match;
-
- match = FALSE;
- str1 = NULL;
- str2 = NULL;
- switch (node->data.node_match.match_type) {
-
- case MATCH_TYPE_ACTION:
- if (!polkit_action_get_action_id (action, &str))
- goto out;
- str1 = kit_strdup (str);
- break;
-
- case MATCH_TYPE_USER:
- if (caller != NULL) {
- if (!polkit_caller_get_uid (caller, &uid))
- goto out;
- } else if (session != NULL) {
- if (!polkit_session_get_uid (session, &uid))
- goto out;
- } else
- goto out;
-
- str1 = kit_strdup_printf ("%d", uid);
- {
- struct passwd pd;
- struct passwd* pwdptr=&pd;
- struct passwd* tempPwdPtr;
- char pwdbuffer[256];
- int pwdlinelen = sizeof(pwdbuffer);
-
- if ((getpwuid_r (uid, pwdptr, pwdbuffer, pwdlinelen, &tempPwdPtr)) !=0 )
- goto out;
- str2 = kit_strdup (pd.pw_name);
- }
- break;
- }
-
- if (str1 != NULL) {
- if (regexec (&(node->data.node_match.preq), str1, 0, NULL, 0) == 0)
- match = TRUE;
- }
- if (!match && str2 != NULL) {
- if (regexec (&(node->data.node_match.preq), str2, 0, NULL, 0) == 0)
- match = TRUE;
- }
-
-out:
- kit_free (str1);
- kit_free (str2);
- return match;
-}
-
-
-/* exactly one of the parameters caller and session must be NULL */
-static PolKitResult
-config_node_test (ConfigNode *node,
- PolKitAction *action,
- PolKitCaller *caller,
- PolKitSession *session)
-{
- polkit_bool_t recurse;
- PolKitResult result;
-
- recurse = FALSE;
- result = POLKIT_RESULT_UNKNOWN;
-
- switch (node->node_type) {
- case NODE_TYPE_NOP:
- recurse = FALSE;
- break;
- case NODE_TYPE_TOP:
- recurse = TRUE;
- break;
- case NODE_TYPE_MATCH:
- if (config_node_match (node, action, caller, session))
- recurse = TRUE;
- break;
- case NODE_TYPE_RETURN:
- result = node->data.node_return.result;
- break;
- default:
- break;
- }
-
- if (recurse) {
- KitList *i;
- for (i = node->children; i != NULL; i = i->next) {
- ConfigNode *child_node = i->data;
- result = config_node_test (child_node, action, caller, session);
- if (result != POLKIT_RESULT_UNKNOWN) {
- goto out;
- }
- }
- }
-
-out:
- return result;
-}
-
-/**
- * polkit_config_can_session_do_action:
- * @pk_config: the PolicyKit context
- * @action: the type of access to check for
- * @session: the session in question
- *
- * Determine if the /etc/PolicyKit/PolicyKit.conf configuration file
- * says that a given session can do a given action.
- *
- * Returns: A #PolKitResult - returns #POLKIT_RESULT_UNKNOWN if there
- * was no match in the configuration file.
- */
-PolKitResult
-polkit_config_can_session_do_action (PolKitConfig *pk_config,
- PolKitAction *action,
- PolKitSession *session)
-{
- PolKitResult result;
- if (pk_config->top_config_node != NULL)
- result = config_node_test (pk_config->top_config_node, action, NULL, session);
- else
- result = POLKIT_RESULT_UNKNOWN;
- return result;
-}
-
-/**
- * polkit_config_can_caller_do_action:
- * @pk_config: the PolicyKit context
- * @action: the type of access to check for
- * @caller: the caller in question
- *
- * Determine if the /etc/PolicyKit/PolicyKit.conf configuration file
- * says that a given caller can do a given action.
- *
- * Returns: A #PolKitResult - returns #POLKIT_RESULT_UNKNOWN if there
- * was no match in the configuration file.
- */
-PolKitResult
-polkit_config_can_caller_do_action (PolKitConfig *pk_config,
- PolKitAction *action,
- PolKitCaller *caller)
-{
- PolKitResult result;
- if (pk_config->top_config_node != NULL)
- result = config_node_test (pk_config->top_config_node, action, caller, NULL);
- else
- result = POLKIT_RESULT_UNKNOWN;
- return result;
-}
-
-
-static polkit_bool_t
-config_node_determine_admin_auth (ConfigNode *node,
- PolKitAction *action,
- PolKitCaller *caller,
- PolKitConfigAdminAuthType *out_admin_auth_type,
- const char **out_data)
-{
- polkit_bool_t recurse;
- polkit_bool_t result_set;
-
- recurse = FALSE;
- result_set = FALSE;
-
- switch (node->node_type) {
- case NODE_TYPE_NOP:
- recurse = FALSE;
- break;
- case NODE_TYPE_TOP:
- recurse = TRUE;
- break;
- case NODE_TYPE_MATCH:
- if (config_node_match (node, action, caller, NULL))
- recurse = TRUE;
- break;
- case NODE_TYPE_DEFINE_ADMIN_AUTH:
- if (out_admin_auth_type != NULL)
- *out_admin_auth_type = node->data.node_define_admin_auth.admin_type;
- if (out_data != NULL)
- *out_data = node->data.node_define_admin_auth.data;
- result_set = TRUE;
- break;
- default:
- break;
- }
-
- if (recurse) {
- KitList *i;
- for (i = node->children; i != NULL; i = i->next) {
- ConfigNode *child_node = i->data;
-
- result_set = config_node_determine_admin_auth (child_node,
- action,
- caller,
- out_admin_auth_type,
- out_data) || result_set;
- }
- }
-
- return result_set;
-}
-
-/**
- * polkit_config_determine_admin_auth_type:
- * @pk_config: the PolicyKit context
- * @action: the type of access to check for
- * @caller: the caller in question
- * @out_admin_auth_type: return location for the authentication type
- * @out_data: return location for the match value of the given
- * authentication type. Caller shall not manipulate or free this
- * string.
- *
- * Determine what "Authenticate as admin" means for a given caller and
- * a given action. This basically returns the result of the
- * "define_admin_auth" in the configuration file when drilling down
- * for a specific caller / action.
- *
- * Returns: TRUE if value was returned
- */
-polkit_bool_t
-polkit_config_determine_admin_auth_type (PolKitConfig *pk_config,
- PolKitAction *action,
- PolKitCaller *caller,
- PolKitConfigAdminAuthType *out_admin_auth_type,
- const char **out_data)
-{
- if (pk_config->top_config_node != NULL) {
- return config_node_determine_admin_auth (pk_config->top_config_node,
- action,
- caller,
- out_admin_auth_type,
- out_data);
- } else {
- return FALSE;
- }
-}
-
-#ifdef POLKIT_BUILD_TESTS
-
-static polkit_bool_t
-_run_test (void)
-{
- return TRUE;
-}
-
-KitTest _test_config = {
- "polkit_config",
- NULL,
- NULL,
- _run_test
-};
-
-#endif /* POLKIT_BUILD_TESTS */
diff --git a/src/polkit/polkit-config.h b/src/polkit/polkit-config.h
deleted file mode 100644
index 6aa3862..0000000
--- a/src/polkit/polkit-config.h
+++ /dev/null
@@ -1,91 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-config.h : Configuration file
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use, copy,
- * modify, merge, publish, distribute, sublicense, and/or sell copies
- * of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_CONFIG_H
-#define POLKIT_CONFIG_H
-
-#include <sys/types.h>
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-error.h>
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-result.h>
-#include <polkit/polkit-action.h>
-#include <polkit/polkit-session.h>
-#include <polkit/polkit-caller.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitConfig;
-typedef struct _PolKitConfig PolKitConfig;
-
-PolKitConfig *polkit_config_new (const char *path, PolKitError **error);
-PolKitConfig *polkit_config_ref (PolKitConfig *pk_config);
-void polkit_config_unref (PolKitConfig *pk_config);
-
-PolKitResult
-polkit_config_can_session_do_action (PolKitConfig *pk_config,
- PolKitAction *action,
- PolKitSession *session);
-
-PolKitResult
-polkit_config_can_caller_do_action (PolKitConfig *pk_config,
- PolKitAction *action,
- PolKitCaller *caller);
-
-/**
- * PolKitConfigAdminAuthType:
- * @POLKIT_CONFIG_ADMIN_AUTH_TYPE_USER: Authentication as
- * administrator matches one or more users
- * @POLKIT_CONFIG_ADMIN_AUTH_TYPE_GROUP: Authentication as
- * administrator matches users from one or more groups
- *
- * This enumeration reflects results defined in the
- * "define_admin_auth" configuration element.
- */
-typedef enum
-{
- POLKIT_CONFIG_ADMIN_AUTH_TYPE_USER,
- POLKIT_CONFIG_ADMIN_AUTH_TYPE_GROUP
-} PolKitConfigAdminAuthType;
-
-polkit_bool_t polkit_config_determine_admin_auth_type (PolKitConfig *pk_config,
- PolKitAction *action,
- PolKitCaller *caller,
- PolKitConfigAdminAuthType *out_admin_auth_type,
- const char **out_data);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_CONFIG_H */
-
-
diff --git a/src/polkit/polkit-context.c b/src/polkit/polkit-context.c
index 14d08f0..1417b77 100644
--- a/src/polkit/polkit-context.c
+++ b/src/polkit/polkit-context.c
@@ -53,7 +53,6 @@
#endif
#include <syslog.h>
-#include "polkit-config.h"
#include "polkit-debug.h"
#include "polkit-context.h"
#include "polkit-policy-cache.h"
@@ -77,9 +76,9 @@
* decisions. Typically, it's used as a singleton:
*
* <itemizedlist>
- * <listitem>First, the Mechanism need to declare one or more PolicyKit Actions by dropping a <literal>.policy</literal> file into <literal>/usr/share/PolicyKit/policy</literal>. This is described in the PolicyKit specification.</listitem>
+ * <listitem>First, the Mechanism need to declare one or more PolicyKit Actions by dropping a <literal>.policy</literal> file into <literal>/usr/share/polkit-1/actions</literal>. This is described in the PolicyKit specification.</listitem>
* <listitem>The mechanism starts up and uses polkit_context_new() to create a new context</listitem>
- * <listitem>If the mechanism is a long running daemon, it should use polkit_context_set_config_changed() to register a callback when configuration changes. This is useful if, for example, the mechanism needs to revise decisions based on earlier answers from libpolkit. For example, a daemon that manages permissions on <literal>/dev</literal> may want to add/remove ACL's when configuration changes; for example, the system administrator could have changed the PolicyKit configuration file <literal>/etc/PolicyKit/PolicyKit.conf</literal> such that some user is now privileged to access a specific device.</listitem>
+ * <listitem>If the mechanism is a long running daemon, it should use polkit_context_set_config_changed() to register a callback when configuration changes. This is useful if, for example, the mechanism needs to revise decisions based on earlier answers from libpolkit. For example, a daemon that manages permissions on <literal>/dev</literal> may want to add/remove ACL's when configuration changes.
* <listitem>If polkit_context_set_config_changed() is used, the mechanism must also use polkit_context_set_io_watch_functions() to integrate libpolkit into the mainloop.</listitem>
* <listitem>The mechanism needs to call polkit_context_init() such that libpolkit can load configuration files and properly initialize.</listitem>
* <listitem>Whenever the mechanism needs to make a decision whether a caller is allowed to make a perform some action, the mechanism prepares a #PolKitAction and #PolKitCaller object (or #PolKitSession if applicable) and calls polkit_context_can_caller_do_action() (or polkit_context_can_session_do_action() if applicable). The mechanism may use the libpolkit-dbus library (specifically the polkit_caller_new_from_dbus_name() or polkit_caller_new_from_pid() functions) but may opt, for performance reasons, to construct #PolKitCaller (or #PolKitSession if applicable) from it's own cache of information.</listitem>
@@ -111,8 +110,6 @@ struct _PolKitContext
PolKitPolicyCache *priv_cache;
- PolKitConfig *config;
-
PolKitAuthorizationDB *authdb;
polkit_bool_t load_descriptions;
@@ -120,13 +117,11 @@ struct _PolKitContext
#ifdef HAVE_INOTIFY
int inotify_fd;
int inotify_fd_watch_id;
- int inotify_config_wd;
int inotify_policy_wd;
int inotify_grant_perm_wd;
#elif HAVE_KQUEUE
int kqueue_fd;
int kqueue_fd_watch_id;
- int kqueue_config_fd;
int kqueue_policy_fd;
int kqueue_grant_perm_fd;
#endif
@@ -156,7 +151,7 @@ polkit_context_new (void)
* @error: return location for error
*
* Initializes a new context; loads PolicyKit files from
- * /usr/share/PolicyKit/policy.
+ * /usr/share/polkit-1/actions.
*
* Returns: #FALSE if @error was set, otherwise #TRUE
**/
@@ -169,7 +164,7 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error)
kit_return_val_if_fail (pk_context != NULL, FALSE);
- pk_context->policy_dir = kit_strdup (PACKAGE_DATA_DIR "/PolicyKit/policy");
+ pk_context->policy_dir = kit_strdup (PACKAGE_DATA_DIR "/polkit-1/actions");
polkit_debug ("Using policy files from directory %s", pk_context->policy_dir);
/* NOTE: we don't populate the cache until it's needed.. */
@@ -185,35 +180,24 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error)
goto error;
}
- /* Watch the /etc/PolicyKit/PolicyKit.conf file */
- pk_context->inotify_config_wd = port_add_watch (pk_context->inotify_fd,
- PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf",
- FILE_MODIFIED | FILE_ATTRIB);
- if (pk_context->inotify_config_wd < 0) {
- polkit_debug ("failed to add watch on file '" PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf': %s",
- strerror (errno));
- /* TODO: set error */
- goto error;
- }
-
- /* Watch the /usr/share/PolicyKit/policy directory */
+ /* Watch the /usr/share/polkit-1/actions directory */
pk_context->inotify_policy_wd = port_add_watch (pk_context->inotify_fd,
- PACKAGE_DATA_DIR "/PolicyKit/policy",
+ PACKAGE_DATA_DIR "/polkit-1/actions",
FILE_MODIFIED | FILE_ATTRIB);
if (pk_context->inotify_policy_wd < 0) {
- polkit_debug ("failed to add watch on directory '" PACKAGE_DATA_DIR "/PolicyKit/policy': %s",
+ polkit_debug ("failed to add watch on directory '" PACKAGE_DATA_DIR "/polkit-1/actions': %s",
strerror (errno));
/* TODO: set error */
goto error;
}
#ifdef POLKIT_AUTHDB_DEFAULT
- /* Watch the /var/lib/misc/PolicyKit.reload file */
+ /* Watch the /var/lib/misc/polkit-1.reload file */
pk_context->inotify_grant_perm_wd = port_add_watch (pk_context->inotify_fd,
- PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload",
+ PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload",
FILE_MODIFIED | FILE_ATTRIB);
if (pk_context->inotify_grant_perm_wd < 0) {
- polkit_debug ("failed to add watch on file '" PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload': %s",
+ polkit_debug ("failed to add watch on file '" PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload': %s",
strerror (errno));
/* TODO: set error */
goto error;
@@ -236,31 +220,10 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error)
goto error;
}
- /* Watch the /etc/PolicyKit/PolicyKit.conf file */
- pk_context->kqueue_config_fd = open (PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf", O_RDONLY);
- if (pk_context->kqueue_config_fd < 0) {
- polkit_debug ("failed '" PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf' for reading: %s",
- strerror (errno));
- /* TODO: set error */
- goto error;
- }
-
- EV_SET (&ev, pk_context->kqueue_config_fd, EVFILT_VNODE,
- EV_ADD | EV_ENABLE | EV_CLEAR,
- NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_RENAME,
- 0, 0);
- if (kevent (pk_context->kqueue_fd, &ev, 1, NULL, 0, NULL) == -1) {
- polkit_debug ("failed to add watch on file '" PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf': %s",
- strerror (errno));
- close (pk_context->kqueue_config_fd);
- /* TODO: set error */
- goto error;
- }
-
- /* Watch the /usr/share/PolicyKit/policy directory */
- pk_context->kqueue_policy_fd = open (PACKAGE_DATA_DIR "/PolicyKit/policy", O_RDONLY);
+ /* Watch the /usr/share/polkit-1/actions directory */
+ pk_context->kqueue_policy_fd = open (PACKAGE_DATA_DIR "/polkit-1/actions", O_RDONLY);
if (pk_context->kqueue_policy_fd < 0) {
- polkit_debug ("failed to open '" PACKAGE_DATA_DIR "/PolicyKit/policy for reading: %s",
+ polkit_debug ("failed to open '" PACKAGE_DATA_DIR "/polkit-1/actions for reading: %s",
strerror (errno));
/* TODO: set error */
goto error;
@@ -271,7 +234,7 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error)
NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_RENAME,
0, 0);
if (kevent (pk_context->kqueue_fd, &ev, 1, NULL, 0, NULL) == -1) {
- polkit_debug ("failed to add watch on directory '" PACKAGE_DATA_DIR "/PolicyKit/policy': %s",
+ polkit_debug ("failed to add watch on directory '" PACKAGE_DATA_DIR "/polkit-1/actions': %s",
strerror (errno));
close (pk_context->kqueue_policy_fd);
/* TODO: set error */
@@ -279,10 +242,10 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error)
}
#ifdef POLKIT_AUTHDB_DEFAULT
- /* Watch the /var/lib/misc/PolicyKit.reload file */
- pk_context->kqueue_grant_perm_fd = open (PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload", O_RDONLY);
+ /* Watch the /var/lib/misc/polkit-1.reload file */
+ pk_context->kqueue_grant_perm_fd = open (PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload", O_RDONLY);
if (pk_context->kqueue_grant_perm_fd < 0) {
- polkit_debug ("failed to open '" PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload' for reading: %s",
+ polkit_debug ("failed to open '" PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload' for reading: %s",
strerror (errno));
/* TODO: set error */
goto error;
@@ -293,7 +256,7 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error)
NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_RENAME | NOTE_ATTRIB,
0, 0);
if (kevent (pk_context->kqueue_fd, &ev, 1, NULL, 0, NULL) == -1) {
- polkit_debug ("failed to add watch on file '" PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload': %s",
+ polkit_debug ("failed to add watch on file '" PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload': %s",
strerror (errno));
close (pk_context->kqueue_grant_perm_fd);
/* TODO: set error */
@@ -317,35 +280,24 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error)
goto error;
}
- /* Watch the /etc/PolicyKit/PolicyKit.conf file */
- pk_context->inotify_config_wd = inotify_add_watch (pk_context->inotify_fd,
- PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf",
- IN_MODIFY | IN_CREATE | IN_ATTRIB);
- if (pk_context->inotify_config_wd < 0) {
- polkit_debug ("failed to add watch on file '" PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf': %s",
- strerror (errno));
- /* TODO: set error */
- goto error;
- }
-
- /* Watch the /usr/share/PolicyKit/policy directory */
+ /* Watch the /usr/share/polkit-1/actions directory */
pk_context->inotify_policy_wd = inotify_add_watch (pk_context->inotify_fd,
- PACKAGE_DATA_DIR "/PolicyKit/policy",
+ PACKAGE_DATA_DIR "/polkit-1/actions",
IN_MODIFY | IN_CREATE | IN_DELETE | IN_ATTRIB);
if (pk_context->inotify_policy_wd < 0) {
- polkit_debug ("failed to add watch on directory '" PACKAGE_DATA_DIR "/PolicyKit/policy': %s",
+ polkit_debug ("failed to add watch on directory '" PACKAGE_DATA_DIR "/polkit-1/actions': %s",
strerror (errno));
/* TODO: set error */
goto error;
}
#ifdef POLKIT_AUTHDB_DEFAULT
- /* Watch the /var/lib/misc/PolicyKit.reload file */
+ /* Watch the /var/lib/misc/polkit-1.reload file */
pk_context->inotify_grant_perm_wd = inotify_add_watch (pk_context->inotify_fd,
- PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload",
+ PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload",
IN_MODIFY | IN_CREATE | IN_ATTRIB);
if (pk_context->inotify_grant_perm_wd < 0) {
- polkit_debug ("failed to add watch on file '" PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload': %s",
+ polkit_debug ("failed to add watch on file '" PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload': %s",
strerror (errno));
/* TODO: set error */
goto error;
@@ -637,13 +589,7 @@ polkit_context_force_reload (PolKitContext *pk_context)
polkit_policy_cache_unref (pk_context->priv_cache);
pk_context->priv_cache = NULL;
}
-
- /* Purge existing old config file */
- polkit_debug ("purging configuration file");
- if (pk_context->config != NULL) {
- polkit_config_unref (pk_context->config);
- pk_context->config = NULL;
- }
+
/* Purge authorization entries from the cache */
_polkit_authorization_db_invalidate_cache (pk_context->authdb);
@@ -744,21 +690,14 @@ polkit_context_is_session_authorized (PolKitContext *pk_context,
PolKitError **error)
{
PolKitPolicyCache *cache;
- PolKitResult result_from_config;
PolKitResult result_from_grantdb;
polkit_bool_t from_authdb;
polkit_bool_t from_authdb_negative;
PolKitResult result;
- PolKitConfig *config;
result = POLKIT_RESULT_NO;
kit_return_val_if_fail (pk_context != NULL, result);
- config = polkit_context_get_config (pk_context, NULL);
- /* if the configuration file is malformed, always say no */
- if (config == NULL)
- goto out;
-
if (action == NULL || session == NULL)
goto out;
@@ -772,8 +711,6 @@ polkit_context_is_session_authorized (PolKitContext *pk_context,
if (cache == NULL)
goto out;
- result_from_config = polkit_config_can_session_do_action (config, action, session);
-
result_from_grantdb = POLKIT_RESULT_UNKNOWN;
from_authdb_negative = FALSE;
if (polkit_authorization_db_is_session_authorized (pk_context->authdb,
@@ -786,28 +723,6 @@ polkit_context_is_session_authorized (PolKitContext *pk_context,
result_from_grantdb = POLKIT_RESULT_YES;
}
- /* Fist, the config file is authoritative.. so only use the
- * value from the authdb if the config file allows to gain via
- * authentication
- */
- if (result_from_config != POLKIT_RESULT_UNKNOWN) {
- /* it does.. use it.. although try to use an existing grant if there is one */
- if ((result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS) &&
- result_from_grantdb == POLKIT_RESULT_YES) {
- result = POLKIT_RESULT_YES;
- } else {
- result = result_from_config;
- }
- goto found;
- }
-
/* If we have a positive answer from the authdb, use it */
if (result_from_grantdb == POLKIT_RESULT_YES) {
result = POLKIT_RESULT_YES;
@@ -884,20 +799,13 @@ polkit_context_is_caller_authorized (PolKitContext *pk_context,
{
PolKitPolicyCache *cache;
PolKitResult result;
- PolKitResult result_from_config;
PolKitResult result_from_grantdb;
- PolKitConfig *config;
polkit_bool_t from_authdb;
polkit_bool_t from_authdb_negative;
result = POLKIT_RESULT_NO;
kit_return_val_if_fail (pk_context != NULL, result);
- /* if the configuration file is malformed, always say no */
- config = polkit_context_get_config (pk_context, NULL);
- if (config == NULL)
- goto out;
-
if (action == NULL || caller == NULL)
goto out;
@@ -911,8 +819,6 @@ polkit_context_is_caller_authorized (PolKitContext *pk_context,
if (!polkit_caller_validate (caller))
goto out;
- result_from_config = polkit_config_can_caller_do_action (config, action, caller);
-
result_from_grantdb = POLKIT_RESULT_UNKNOWN;
from_authdb_negative = FALSE;
if (polkit_authorization_db_is_caller_authorized (pk_context->authdb,
@@ -926,28 +832,6 @@ polkit_context_is_caller_authorized (PolKitContext *pk_context,
result_from_grantdb = POLKIT_RESULT_YES;
}
- /* Fist, the config file is authoritative.. so only use the
- * value from the authdb if the config file allows to gain via
- * authentication
- */
- if (result_from_config != POLKIT_RESULT_UNKNOWN) {
- /* it does.. use it.. although try to use an existing grant if there is one */
- if ((result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS) &&
- result_from_grantdb == POLKIT_RESULT_YES) {
- result = POLKIT_RESULT_YES;
- } else {
- result = result_from_config;
- }
- goto found;
- }
-
/* If we have a positive answer from the authdb, use it */
if (result_from_grantdb == POLKIT_RESULT_YES) {
result = POLKIT_RESULT_YES;
@@ -1025,45 +909,6 @@ polkit_context_can_caller_do_action (PolKitContext *pk_context,
}
/**
- * polkit_context_get_config:
- * @pk_context: the PolicyKit context
- * @error: Return location for error
- *
- * Returns an object that provides access to the
- * /etc/PolicyKit/PolicyKit.conf configuration files. Applications
- * using PolicyKit should never use this method; it's only here for
- * integration with other PolicyKit components.
- *
- * Returns: A #PolKitConfig object or NULL if the configuration file
- * is malformed. Caller should not unref this object.
- */
-PolKitConfig *
-polkit_context_get_config (PolKitContext *pk_context, PolKitError **error)
-{
- if (pk_context->config == NULL) {
- PolKitError **pk_error;
- PolKitError *pk_error2;
-
- pk_error2 = NULL;
- if (error != NULL)
- pk_error = error;
- else
- pk_error = &pk_error2;
-
- polkit_debug ("loading configuration file");
- pk_context->config = polkit_config_new (PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf", pk_error);
- /* if configuration file was bad, log it */
- if (pk_context->config == NULL) {
- kit_warning ("failed to load configuration file: %s",
- polkit_error_get_error_message (*pk_error));
- if (pk_error == &pk_error2)
- polkit_error_free (*pk_error);
- }
- }
- return pk_context->config;
-}
-
-/**
* polkit_context_get_authorization_db:
* @pk_context: the PolicyKit context
*
diff --git a/src/polkit/polkit-context.h b/src/polkit/polkit-context.h
index 7f85db3..9c90a9c 100644
--- a/src/polkit/polkit-context.h
+++ b/src/polkit/polkit-context.h
@@ -43,7 +43,6 @@
#include <polkit/polkit-session.h>
#include <polkit/polkit-caller.h>
#include <polkit/polkit-policy-cache.h>
-#include <polkit/polkit-config.h>
#include <polkit/polkit-authorization-db.h>
POLKIT_BEGIN_DECLS
@@ -174,8 +173,6 @@ PolKitResult polkit_context_can_caller_do_action (PolKitContext *pk_contex
PolKitAction *action,
PolKitCaller *caller);
-PolKitConfig *polkit_context_get_config (PolKitContext *pk_context, PolKitError **error);
-
PolKitResult polkit_context_is_caller_authorized (PolKitContext *pk_context,
PolKitAction *action,
PolKitCaller *caller,
diff --git a/src/polkit/polkit-policy-cache.c b/src/polkit/polkit-policy-cache.c
index d5e3218..1378759 100644
--- a/src/polkit/polkit-policy-cache.c
+++ b/src/polkit/polkit-policy-cache.c
@@ -277,7 +277,7 @@ polkit_policy_cache_debug (PolKitPolicyCache *policy_cache)
*
* Given a action identifier, find the object describing the
* definition of the policy; e.g. data stemming from files in
- * /usr/share/PolicyKit/policy.
+ * /usr/share/polkit-1/actions.
*
* Returns: A #PolKitPolicyFileEntry entry on sucess; otherwise
* #NULL if the action wasn't identified. Caller shall not unref
@@ -318,7 +318,7 @@ out:
*
* Given a action, find the object describing the definition of the
* policy; e.g. data stemming from files in
- * /usr/share/PolicyKit/policy.
+ * /usr/share/polkit-1/actions.
*
* Returns: A #PolKitPolicyFileEntry entry on sucess; otherwise
* #NULL if the action wasn't identified. Caller shall not unref
diff --git a/src/polkit/polkit-policy-file-entry.c b/src/polkit/polkit-policy-file-entry.c
index a9be4f6..0432d48 100644
--- a/src/polkit/polkit-policy-file-entry.c
+++ b/src/polkit/polkit-policy-file-entry.c
@@ -140,7 +140,7 @@ _polkit_policy_file_entry_new (const char *action_id,
#ifdef POLKIT_AUTHDB_DEFAULT
/* read override file */
- path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit-public/%s.defaults-override", action_id);
+ path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/polkit-public-1/%s.defaults-override", action_id);
if (path == NULL)
goto error;
if (!kit_file_get_contents (path, &contents, &contents_size)) {
@@ -482,7 +482,7 @@ polkit_policy_file_entry_set_default (PolKitPolicyFileEntry *policy_file_entry,
#ifndef POLKIT_AUTHDB_DEFAULT
polkit_error_set_error (error, POLKIT_ERROR_NOT_SUPPORTED, "Not supported");
#else
- char *helper_argv[7] = {PACKAGE_LIBEXEC_DIR "/polkit-set-default-helper",
+ char *helper_argv[7] = {PACKAGE_LIBEXEC_DIR "/polkit-set-default-helper-1",
NULL, /* arg1: action_id */
NULL, /* arg2: "clear" or "set" */
NULL, /* arg3: result_any */
diff --git a/src/polkit/polkit-read-auth-helper.c b/src/polkit/polkit-read-auth-helper.c
new file mode 100644
index 0000000..65ca8b7
--- /dev/null
+++ b/src/polkit/polkit-read-auth-helper.c
@@ -0,0 +1,421 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-read-auth-helper.c : setgid polkituser helper for PolicyKit
+ * to read authorizations
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ **************************************************************************/
+
+#define _GNU_SOURCE
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <grp.h>
+#include <pwd.h>
+#include <syslog.h>
+#include <errno.h>
+#include <string.h>
+#include <utime.h>
+#include <fcntl.h>
+#include <dirent.h>
+#ifdef HAVE_SOLARIS
+#include <limits.h>
+#define LOG_AUTHPRIV (10<<3)
+#endif
+
+#include <polkit/polkit.h>
+#include <polkit/polkit-private.h>
+
+static polkit_bool_t
+dump_auths_from_file (const char *path, uid_t uid)
+{
+ int ret;
+ int fd;
+ char buf[256];
+ struct stat statbuf;
+ ssize_t num_bytes_read;
+ ssize_t num_bytes_to_read;
+ ssize_t num_bytes_remaining_to_read;
+ ssize_t num_bytes_to_write;
+ ssize_t num_bytes_written;
+ ssize_t num_bytes_remaining_to_write;
+ polkit_bool_t have_written_uid;
+
+ ret = FALSE;
+
+ if (stat (path, &statbuf) != 0) {
+ /* this is fine; the file does not have to exist.. */
+ if (errno == ENOENT) {
+ ret = TRUE;
+ goto out;
+ }
+ fprintf (stderr, "polkit-read-auth-helper: cannot stat %s: %m\n", path);
+ goto out;
+ }
+
+ fd = open (path, O_RDONLY);
+ if (fd < 0) {
+ fprintf (stderr, "polkit-read-auth-helper: cannot open %s: %m\n", path);
+ goto out;
+ }
+
+ num_bytes_remaining_to_read = statbuf.st_size;
+
+ have_written_uid = FALSE;
+ while (num_bytes_remaining_to_read > 0) {
+
+ /* start with writing the uid - this is necessary when dumping all authorizations via uid=1 */
+ if (!have_written_uid) {
+ have_written_uid = TRUE;
+ snprintf (buf, sizeof (buf), "#uid=%d\n", uid);
+ num_bytes_read = strlen (buf);
+ } else {
+
+ if (num_bytes_remaining_to_read > (ssize_t) sizeof (buf))
+ num_bytes_to_read = (ssize_t) sizeof (buf);
+ else
+ num_bytes_to_read = num_bytes_remaining_to_read;
+
+ again:
+ num_bytes_read = read (fd, buf, num_bytes_to_read);
+ if (num_bytes_read == -1) {
+ if (errno == EAGAIN || errno == EINTR) {
+ goto again;
+ } else {
+ fprintf (stderr, "polkit-read-auth-helper: error reading file %s: %m\n", path);
+ close (fd);
+ goto out;
+ }
+ }
+
+ num_bytes_remaining_to_read -= num_bytes_read;
+ }
+
+ /* write to stdout */
+ num_bytes_to_write = num_bytes_read;
+ num_bytes_remaining_to_write = num_bytes_read;
+
+ while (num_bytes_remaining_to_write > 0) {
+ again_write:
+ num_bytes_written = write (STDOUT_FILENO,
+ buf + (num_bytes_to_write - num_bytes_remaining_to_write),
+ num_bytes_remaining_to_write);
+ if (num_bytes_written == -1) {
+ if (errno == EAGAIN || errno == EINTR) {
+ goto again_write;
+ } else {
+ fprintf (stderr, "polkit-read-auth-helper: error writing to stdout: %m\n");
+ close (fd);
+ goto out;
+ }
+ }
+
+ num_bytes_remaining_to_write -= num_bytes_written;
+ }
+
+ }
+
+
+ close (fd);
+
+ ret = TRUE;
+
+out:
+ return ret;
+}
+
+static polkit_bool_t
+dump_auths_all (const char *root)
+{
+ DIR *dir;
+ int dfd;
+#ifdef HAVE_READDIR64
+ struct dirent64 *d;
+#else
+ struct dirent *d;
+#endif
+ polkit_bool_t ret;
+
+ ret = FALSE;
+
+ dir = opendir (root);
+ if (dir == NULL) {
+ fprintf (stderr, "polkit-read-auth-helper: error calling opendir on %s: %m\n", root);
+ goto out;
+ }
+
+ dfd = dirfd (dir);
+ if (dfd == -1) {
+ fprintf (stderr, "polkit-read-auth-helper: error calling dirfd(): %m\n");
+ goto out;
+ }
+
+#ifdef HAVE_READDIR64
+ while ((d = readdir64(dir)) != NULL) {
+#else
+ while ((d = readdir(dir)) != NULL) {
+#endif
+ unsigned int n, m;
+ uid_t uid;
+ size_t name_len;
+ char *filename;
+ char username[PATH_MAX];
+ char path[PATH_MAX];
+ static const char suffix[] = ".auths";
+ struct passwd *pw;
+ struct stat statbuf;
+
+ if (d->d_name == NULL)
+ continue;
+
+ if (snprintf (path, sizeof (path), "%s/%s", root, d->d_name) >= (int) sizeof (path)) {
+ fprintf (stderr, "polkit-read-auth-helper: string was truncated (1)\n");
+ goto out;
+ }
+
+ if (stat (path, &statbuf) != 0) {
+ fprintf (stderr, "polkit-read-auth-helper: cannot stat %s: %m\n", path);
+ goto out;
+ }
+
+ if (!S_ISREG(statbuf.st_mode))
+ continue;
+
+ filename = d->d_name;
+ name_len = strlen (filename);
+ if (name_len < sizeof (suffix))
+ continue;
+
+ if (strcmp ((filename + name_len - sizeof (suffix) + 1), suffix) != 0)
+ continue;
+
+ /* find the user name.. */
+ for (n = 0; n < name_len; n++) {
+ if (filename[n] == '-')
+ break;
+ }
+ if (filename[n] == '\0') {
+ fprintf (stderr, "polkit-read-auth-helper: file name '%s' is malformed (1)\n", filename);
+ continue;
+ }
+ n++;
+ m = n;
+ for ( ; n < name_len; n++) {
+ if (filename[n] == '.')
+ break;
+ }
+
+ if (filename[n] == '\0') {
+ fprintf (stderr, "polkit-read-auth-helper: file name '%s' is malformed (2)\n", filename);
+ continue;
+ }
+ if (n - m > sizeof (username) - 1) {
+ fprintf (stderr, "polkit-read-auth-helper: file name '%s' is malformed (3)\n", filename);
+ continue;
+ }
+ strncpy (username, filename + m, n - m);
+ username[n - m] = '\0';
+
+ pw = kit_getpwnam (username);
+ if (pw == NULL) {
+ fprintf (stderr, "polkit-read-auth-helper: cannot look up uid for username %s\n", username);
+ continue;
+ }
+ uid = pw->pw_uid;
+
+ if (!dump_auths_from_file (path, uid))
+ goto out;
+ }
+
+ ret = TRUE;
+
+out:
+ if (dir != NULL)
+ closedir (dir);
+ return ret;
+}
+
+static polkit_bool_t
+dump_auths_for_uid (const char *root, uid_t uid)
+{
+ char path[256];
+ struct passwd *pw;
+
+ pw = kit_getpwuid (uid);
+ if (pw == NULL) {
+ fprintf (stderr, "polkit-read-auth-helper: cannot lookup user name for uid %d\n", uid);
+ return FALSE;
+ }
+
+ if (snprintf (path, sizeof (path), "%s/user-%s.auths", root, pw->pw_name) >= (int) sizeof (path)) {
+ fprintf (stderr, "polkit-read-auth-helper: string was truncated (1)\n");
+ return FALSE;
+ }
+
+ return dump_auths_from_file (path, uid);
+}
+
+
+int
+main (int argc, char *argv[])
+{
+ int ret;
+ uid_t caller_uid;
+ uid_t requesting_info_for_uid;
+ char *endp;
+ uid_t uid_for_polkit_user;
+
+ ret = 1;
+
+#ifndef POLKIT_BUILD_TESTS
+ /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
+ if (kit_clearenv () != 0)
+ goto out;
+ /* set a minimal environment */
+ setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
+#endif
+
+ openlog ("polkit-read-auth-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
+
+ /* check for correct invocation */
+ if (argc != 2) {
+ syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-read-auth-helper: wrong number of arguments. This incident has been logged.\n");
+ goto out;
+ }
+
+ caller_uid = getuid ();
+
+ /* check we're running with a non-tty stdin */
+ if (isatty (STDIN_FILENO) != 0) {
+ syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-read-auth-helper: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
+ goto out;
+ }
+
+#ifdef POLKIT_BUILD_TESTS
+ char *pretend;
+ if ((pretend = getenv ("POLKIT_TEST_PRETEND_TO_BE_UID")) != NULL) {
+ caller_uid = atoi (pretend);
+ goto skip_check;
+ }
+#endif
+ gid_t egid;
+ struct group *group;
+ struct passwd *pw;
+
+ /* check that we are setgid polkituser */
+ egid = getegid ();
+ group = getgrgid (egid);
+ if (group == NULL) {
+ fprintf (stderr, "polkit-read-auth-helper: cannot lookup group info for gid %d\n", egid);
+ goto out;
+ }
+ if (strcmp (group->gr_name, POLKIT_GROUP) != 0) {
+ fprintf (stderr, "polkit-read-auth-helper: needs to be setgid " POLKIT_GROUP "\n");
+ goto out;
+ }
+
+#ifdef POLKIT_BUILD_TESTS
+skip_check:
+#endif
+
+ pw = kit_getpwnam (POLKIT_USER);
+ if (pw == NULL) {
+ fprintf (stderr, "polkit-read-auth-helper: cannot lookup uid for " POLKIT_USER "\n");
+ goto out;
+ }
+ uid_for_polkit_user = pw->pw_uid;
+
+ /*----------------------------------------------------------------------------------------------------*/
+
+ requesting_info_for_uid = strtoul (argv[1], &endp, 10);
+ if (strlen (argv[1]) == 0 || *endp != '\0') {
+ fprintf (stderr, "polkit-read-auth-helper: requesting_info_for_uid malformed (3)\n");
+ goto out;
+ }
+
+ /* uid 0 and user polkituser is allowed to read anything */
+ if (caller_uid != 0 && caller_uid != uid_for_polkit_user) {
+ if (caller_uid != requesting_info_for_uid) {
+ pid_t ppid;
+
+ ppid = getppid ();
+ if (ppid == 1)
+ goto out;
+
+ if (polkit_check_auth (ppid,
+ "org.freedesktop.policykit.read",
+ "org.freedesktop.policykit.grant", NULL) == 0) {
+ goto out;
+ }
+ }
+ }
+
+#ifdef POLKIT_BUILD_TESTS
+ char *test_dir;
+ char dir_run[256];
+ char dir_lib[256];
+
+ if ((test_dir = getenv ("POLKIT_TEST_LOCALSTATE_DIR")) == NULL) {
+ test_dir = PACKAGE_LOCALSTATE_DIR;
+ }
+ kit_assert ((size_t) snprintf (dir_run, sizeof (dir_run), "%s/run/polkit-1", test_dir) < sizeof (dir_run));
+ kit_assert ((size_t) snprintf (dir_lib, sizeof (dir_lib), "%s/lib/polkit-1", test_dir) < sizeof (dir_lib));
+
+#else
+ char *dir_run = PACKAGE_LOCALSTATE_DIR "/run/polkit-1";
+ char *dir_lib = PACKAGE_LOCALSTATE_DIR "/lib/polkit-1";
+#endif
+
+ if (requesting_info_for_uid == (uid_t) -1) {
+ if (!dump_auths_all (dir_run))
+ goto out;
+
+ if (!dump_auths_all (dir_lib))
+ goto out;
+ } else {
+ if (!dump_auths_for_uid (dir_run, requesting_info_for_uid))
+ goto out;
+
+ if (!dump_auths_for_uid (dir_lib, requesting_info_for_uid))
+ goto out;
+ }
+
+ ret = 0;
+
+out:
+ return ret;
+}
+
diff --git a/src/polkit/polkit-resolve-exe-helper.c b/src/polkit/polkit-resolve-exe-helper.c
new file mode 100644
index 0000000..36dc018
--- /dev/null
+++ b/src/polkit/polkit-resolve-exe-helper.c
@@ -0,0 +1,168 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-resolve-exe-helper.c : setuid root helper for PolicyKit to
+ * resolve /proc/$pid/exe symlinks
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ **************************************************************************/
+
+#define _GNU_SOURCE
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#ifdef HAVE_FREEBSD
+#include <sys/param.h>
+#endif
+#include <security/pam_appl.h>
+#include <grp.h>
+#include <pwd.h>
+#include <syslog.h>
+#include <errno.h>
+#include <string.h>
+#include <utime.h>
+#include <fcntl.h>
+#include <dirent.h>
+
+#include <polkit/polkit.h>
+#include <polkit/polkit-private.h>
+
+#ifdef HAVE_SOLARIS
+#define LOG_AUTHPRIV (10<<3)
+#define PATH_MAX 1024
+#endif
+
+int
+main (int argc, char *argv[])
+{
+ int ret;
+ uid_t caller_uid;
+ pid_t requesting_info_for_pid;
+ char *endp;
+ uid_t uid_for_polkit_user;
+ struct passwd *pw;
+ gid_t egid;
+ struct group *group;
+ int n;
+ char buf[PATH_MAX];
+ polkit_bool_t is_setgid_polkit;
+
+ ret = 1;
+
+ /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
+ if (kit_clearenv () != 0)
+ goto out;
+ /* set a minimal environment */
+ setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
+
+ openlog ("polkit-resolve-exe-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
+
+ /* check for correct invocation */
+ if (argc != 2) {
+ syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-resolve-exe-helper: wrong number of arguments. This incident has been logged.\n");
+ goto out;
+ }
+
+ caller_uid = getuid ();
+
+ /* check we're running with a non-tty stdin */
+ if (isatty (STDIN_FILENO) != 0) {
+ syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-resolve-exe-helper: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
+ goto out;
+ }
+
+ pw = getpwnam (POLKIT_USER);
+ if (pw == NULL) {
+ fprintf (stderr, "polkit-resolve-exe-helper: cannot lookup uid for " POLKIT_USER "\n");
+ goto out;
+ }
+ uid_for_polkit_user = pw->pw_uid;
+
+ /* check if we are setgid polkituser */
+ egid = getegid ();
+ group = getgrgid (egid);
+ if (group == NULL) {
+ fprintf (stderr, "polkit-resolve-exe-helper: cannot lookup group info for gid %d\n", egid);
+ goto out;
+ }
+ if (strcmp (group->gr_name, POLKIT_GROUP) == 0) {
+ is_setgid_polkit = TRUE;
+ } else {
+ is_setgid_polkit = FALSE;
+ }
+
+ /*----------------------------------------------------------------------------------------------------*/
+
+ requesting_info_for_pid = strtoul (argv[1], &endp, 10);
+ if (strlen (argv[1]) == 0 || *endp != '\0') {
+ fprintf (stderr, "polkit-resolve-exe-helper: requesting_info_for_pid malformed\n");
+ goto out;
+ }
+
+ /* user polkituser is allowed to resolve anything. So is any program that is setgid polkituser. */
+ if (caller_uid != uid_for_polkit_user && !is_setgid_polkit) {
+ pid_t ppid;
+
+ ppid = getppid ();
+ if (ppid == 1)
+ goto out;
+
+ /* need to set the real uid of the process to root ... otherwise D-Bus won't work */
+ if (setuid (0) != 0) {
+ fprintf (stderr, "polkit-resolve-exe-helper: cannot do setuid(0): %m\n");
+ goto out;
+ }
+
+ if (polkit_check_auth (ppid,
+ "org.freedesktop.policykit.read", NULL) == 0) {
+ fprintf (stderr, "polkit-resolve-exe-helper: not authorized for org.freedesktop.policykit.read\n");
+ goto out;
+ }
+ }
+
+ n = polkit_sysdeps_get_exe_for_pid (requesting_info_for_pid, buf, sizeof (buf));
+ if (n == -1 || n >= (int) sizeof (buf)) {
+ fprintf (stderr, "polkit-resolve-exe-helper: Cannot resolve link for pid %d\n",
+ requesting_info_for_pid);
+ goto out;
+ }
+
+ printf ("%s", buf);
+
+ ret = 0;
+
+out:
+ return ret;
+}
+
diff --git a/src/polkit/polkit-set-default-helper.c b/src/polkit/polkit-set-default-helper.c
new file mode 100644
index 0000000..eb1fb9d
--- /dev/null
+++ b/src/polkit/polkit-set-default-helper.c
@@ -0,0 +1,227 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-set-default-helper.c : setgid polkituser helper for PolicyKit
+ * to set defaults
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ **************************************************************************/
+
+#define _GNU_SOURCE
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <grp.h>
+#include <pwd.h>
+#include <syslog.h>
+#include <errno.h>
+#include <string.h>
+#include <utime.h>
+#include <fcntl.h>
+#include <dirent.h>
+#include <utime.h>
+
+#include <polkit/polkit.h>
+#include <polkit/polkit-private.h>
+
+#ifdef HAVE_SOLARIS
+#define LOG_AUTHPRIV (10<<3)
+#endif
+
+static polkit_bool_t
+set_default (const char *action_id, const char *any, const char *inactive, const char *active)
+{
+ char *path;
+ char *contents;
+ polkit_bool_t ret;
+
+ path = NULL;
+ contents = NULL;
+ ret = FALSE;
+
+ path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/polkit-public-1/%s.defaults-override", action_id);
+ if (path == NULL)
+ goto out;
+
+ contents = kit_strdup_printf ("%s:%s:%s",
+ any, inactive, active);
+ if (contents == NULL)
+ goto out;
+
+ if (!kit_file_set_contents (path, 0644, contents, strlen (contents))) {
+ kit_warning ("Error writing override file '%s': %m\n", path);
+ goto out;
+ }
+
+ ret = TRUE;
+
+out:
+ if (path == NULL)
+ kit_free (path);
+ if (contents == NULL)
+ kit_free (contents);
+ return ret;
+}
+
+static polkit_bool_t
+clear_default (const char *action_id)
+{
+ char *path;
+ polkit_bool_t ret;
+
+ ret = FALSE;
+
+ path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/polkit-public-1/%s.defaults-override", action_id);
+ if (path == NULL)
+ goto out;
+
+ if (unlink (path) != 0) {
+ kit_warning ("Error unlinking file %s: %m", path);
+ }
+
+ ret = TRUE;
+
+out:
+ if (path == NULL)
+ kit_free (path);
+ return ret;
+
+}
+
+int
+main (int argc, char *argv[])
+{
+ int ret;
+ uid_t caller_uid;
+ uid_t euid;
+ struct passwd *pw;
+
+ ret = 1;
+ /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
+ if (kit_clearenv () != 0)
+ goto out;
+ /* set a minimal environment */
+ setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
+
+ openlog ("polkit-set-default-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
+
+ /* check for correct invocation */
+ if (! (argc == 3 || argc == 6)) {
+ syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-set-default-helper: wrong number of arguments. This incident has been logged.\n");
+ goto out;
+ }
+
+ caller_uid = getuid ();
+
+ /* check we're running with a non-tty stdin */
+ if (isatty (STDIN_FILENO) != 0) {
+ syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-set-default-helper: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
+ goto out;
+ }
+
+ /* check that we are setuid polkituser */
+ euid = geteuid ();
+ pw = getpwuid (euid);
+ if (pw == NULL) {
+ fprintf (stderr, "polkit-set-default-helper: cannot lookup passwd info for uid %d\n", euid);
+ goto out;
+ }
+ if (strcmp (pw->pw_name, POLKIT_USER) != 0) {
+ fprintf (stderr, "polkit-set-default-helper: needs to be setuid " POLKIT_USER "\n");
+ goto out;
+ }
+
+ /*----------------------------------------------------------------------------------------------------*/
+
+ /* uid 0 is allowed to set anything */
+ if (caller_uid != 0) {
+ pid_t ppid;
+
+ ppid = getppid ();
+ if (ppid == 1)
+ goto out;
+
+ if (polkit_check_auth (ppid, "org.freedesktop.policykit.modify-defaults", NULL) == 0) {
+ goto out;
+ }
+ }
+
+ PolKitResult any;
+ PolKitResult inactive;
+ PolKitResult active;
+
+ if (!polkit_action_validate_id (argv[1])) {
+ goto out;
+ }
+
+ /* sanity check */
+ if (argc == 3) {
+ if (strcmp (argv[2], "clear") != 0)
+ goto out;
+
+ if (!clear_default (argv[1]))
+ goto out;
+ } else if (argc == 6) {
+ if (strcmp (argv[2], "set") != 0)
+ goto out;
+
+ if (!polkit_result_from_string_representation (argv[3], &any)) {
+ goto out;
+ }
+ if (!polkit_result_from_string_representation (argv[4], &inactive)) {
+ goto out;
+ }
+ if (!polkit_result_from_string_representation (argv[5], &active)) {
+ goto out;
+ }
+
+ if (!set_default (argv[1], argv[3], argv[4], argv[5]))
+ goto out;
+ } else {
+ goto out;
+ }
+
+ /* trigger a reload */
+ if (utimes (PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload", NULL) != 0) {
+ kit_warning ("Error updating access+modification time on file '%s': %m\n",
+ PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload");
+ }
+
+ ret = 0;
+
+out:
+ return ret;
+}
+
diff --git a/src/polkit/polkit-simple.c b/src/polkit/polkit-simple.c
new file mode 100644
index 0000000..abdcdfe
--- /dev/null
+++ b/src/polkit/polkit-simple.c
@@ -0,0 +1,599 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-simple.c : Simple convenience interface
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ **************************************************************************/
+
+/**
+ * SECTION:polkit-simple
+ * @title: Simple convenience interface
+ * @short_description: Simple convenience interface
+ *
+ * Simple convenience interface
+ **/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+#include <limits.h>
+
+#include <polkit/polkit-private.h>
+#include "polkit-simple.h"
+
+/**
+ * polkit_check_auth:
+ * @pid: process to check for; typically you want to pass the result of getpid() here
+ * @...: %NULL terminated list of action identifiers to check for
+ *
+ * A simple convenience function to check whether a given process is
+ * authorized for a number of actions.
+ *
+ * This is useful for programs that just wants to check whether they
+ * should carry out some action. Note that the user identity used for
+ * the purpose of checking authorizations is the Real one compared to
+ * the e.g. Effective one (e.g. getuid(), getgid() is used instead of
+ * e.g. geteuid(), getegid()). This is typically what one wants in a
+ * setuid root program if the setuid root program is designed to do
+ * work on behalf of the unprivileged user who invoked it (for
+ * example, the PulseAudio sound server is setuid root only so it can
+ * become a real time process; after that it drops all privileges).
+ *
+ * It varies whether one wants to pass getpid() or getppid() as the
+ * process id to this function. For example, in the PulseAudio case it
+ * is the right thing to pass getpid(). However, in a setup where the
+ * process is a privileged helper, one wants to pass the process id of
+ * the parent. Beware though, if the parent dies, getppid() will
+ * return 1 (the process id of <literal>/sbin/init</literal>) which is
+ * almost certainly guaranteed to be privileged as it is running as
+ * uid 0.
+ *
+ * Note that this function will open a connection to the system
+ * message bus and query ConsoleKit for details. In addition, it will
+ * load PolicyKit specific files and spawn privileged helpers if
+ * necessary. As such, there is a bit of IPC, context switching,
+ * syscall overhead and I/O involved in using this function. If you
+ * are planning on calling this function multiple times (e.g. from a
+ * daemon) on a frequent basis and/or need more detail you should use
+ * the #PolKitContext and #PolKitTracker classes instead as these are
+ * designed to aggresively cache information.
+ *
+ * The return value is a bit mask indicating whether the given process
+ * is authorized for the given actions. Bit 0 represents the first
+ * action; bit 1 represents the 2nd action and so forth. A bit is set
+ * to 1 if, and only if, the caller is authorized for the given
+ * action. If the given action is unknown zero will be returned as well.
+ *
+ * If the function succeeds, errno will be set to 0. If an error
+ * occurs 0 is returned and errno will be set:
+ * <itemizedlist>
+ * <listitem><literal>ENOMEM</literal>: Out of memory.</listitem>
+ * <listitem><literal>ENOENT</literal>: Failed to connect to either the system message bus or ConsoleKit.</listitem>
+ * </itemizedlist>
+ *
+ * Returns: See above
+ *
+ * Since: 0.7
+ */
+polkit_uint64_t
+polkit_check_auth (pid_t pid, ...)
+{
+ int n;
+ va_list args;
+ char *action_id;
+ polkit_uint64_t ret;
+ const char *action_ids[65];
+
+ ret = 0;
+
+ n = 0;
+ va_start (args, pid);
+ while ((action_id = va_arg (args, char *)) != NULL) {
+ if (n == 64) {
+ errno = EOVERFLOW;
+ goto out;
+ }
+ action_ids[n++] = action_id;
+ }
+ va_end (args);
+ action_ids[n] = NULL;
+
+ ret = polkit_check_authv (pid, action_ids);
+out:
+ return ret;
+}
+
+/**
+ * polkit_check_authv:
+ * @pid: See docs for polkit_check_auth()
+ * @action_ids: %NULL terminated array of action id's
+ *
+ * This function is similar to polkit_check_auth() but takes an %NULL
+ * terminated array instead of being a varadic function.
+ *
+ * Returns: See docs for polkit_check_auth()
+ *
+ * Since: 0.7
+ */
+polkit_uint64_t
+polkit_check_authv (pid_t pid, const char **action_ids)
+{
+ int n;
+ polkit_uint64_t ret;
+ DBusError error;
+ DBusConnection *bus;
+ PolKitCaller *caller;
+ PolKitContext *context;
+ PolKitError *pk_error;
+ PolKitResult pk_result;
+
+ ret = 0;
+ errno = ENOENT;
+ context = NULL;
+ caller = NULL;
+ bus = NULL;
+
+ dbus_error_init (&error);
+
+#ifdef POLKIT_BUILD_TESTS
+ char *pretend;
+ if ((pretend = getenv ("POLKIT_TEST_PRETEND_TO_BE_CK_SESSION_OBJPATH")) != NULL) {
+ /* see polkit_caller_new_from_pid() - basically, it's
+ * if POLKIT_TEST_PRETEND_TO_BE_CK_SESSION_OBJPATH is set
+ * then the bus won't be used at all
+ */
+ goto no_bus;
+ }
+#endif
+ bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
+ if (bus == NULL) {
+ kit_warning ("cannot connect to system bus: %s: %s", error.name, error.message);
+ dbus_error_free (&error);
+ goto out;
+ }
+#ifdef POLKIT_BUILD_TESTS
+no_bus:
+#endif
+
+ caller = polkit_caller_new_from_pid (bus, pid, &error);
+ if (caller == NULL) {
+ kit_warning ("cannot get caller from pid: %s: %s", error.name, error.message);
+ goto out;
+ }
+
+ context = polkit_context_new ();
+ if (context == NULL) {
+ kit_warning ("cannot allocate PolKitContext");
+ errno = ENOMEM;
+ goto out;
+ }
+
+ pk_error = NULL;
+ if (!polkit_context_init (context, &pk_error)) {
+ kit_warning ("cannot initialize polkit context: %s: %s",
+ polkit_error_get_error_name (pk_error),
+ polkit_error_get_error_message (pk_error));
+ polkit_error_free (pk_error);
+ goto out;
+ }
+
+ for (n = 0; action_ids[n] != NULL; n++) {
+ PolKitAction *action;
+
+ action = polkit_action_new ();
+ if (action == NULL) {
+ kit_warning ("cannot allocate PolKitAction");
+ errno = ENOMEM;
+ goto out;
+ }
+ if (!polkit_action_set_action_id (action, action_ids[n])) {
+ polkit_action_unref (action);
+ kit_warning ("cannot set action_id");
+ errno = ENOMEM;
+ goto out;
+ }
+
+ pk_error = NULL;
+ pk_result = polkit_context_is_caller_authorized (context, action, caller, FALSE, &pk_error);
+
+ if (polkit_error_is_set (pk_error)) {
+ polkit_error_free (pk_error);
+ pk_error = NULL;
+ } else {
+ if (pk_result == POLKIT_RESULT_YES)
+ ret |= (1<<n);
+ }
+
+ polkit_action_unref (action);
+ }
+
+out:
+ if (bus != NULL)
+ dbus_connection_unref (bus);
+ if (caller != NULL)
+ polkit_caller_unref (caller);
+ if (context != NULL)
+ polkit_context_unref (context);
+
+ return ret;
+}
+
+extern char **environ;
+
+static polkit_bool_t
+_auth_show_dialog_text (const char *action_id, pid_t pid, DBusError *error)
+{
+ unsigned int n;
+ polkit_bool_t ret;
+ int exit_status;
+ char *helper_argv[] = {PACKAGE_BIN_DIR "/polkit-auth", "--obtain", NULL, NULL};
+ char **envp;
+ size_t envsize;
+ char buf[256];
+
+ ret = FALSE;
+
+ if (isatty (STDOUT_FILENO) != 1 || isatty (STDIN_FILENO) != 1) {
+ dbus_set_error (error,
+ "org.freedesktop.PolicyKit.LocalError",
+ "stdout and/or stdin is not a tty");
+ goto out;
+ }
+
+ envsize = kit_strv_length (environ);
+ envp = kit_new0 (char *, envsize + 3);
+ if (envp == NULL)
+ goto out;
+ for (n = 0; n < envsize; n++)
+ envp[n] = environ[n];
+ envp[envsize] = "POLKIT_AUTH_FORCE_TEXT=1";
+ snprintf (buf, sizeof (buf), "POLKIT_AUTH_GRANT_TO_PID=%d", pid);
+ envp[envsize+1] = buf;
+
+ helper_argv[2] = (char *) action_id;
+
+ if (!kit_spawn_sync (NULL, /* const char *working_directory */
+ KIT_SPAWN_CHILD_INHERITS_STDIN, /* flags */
+ helper_argv, /* char **argv */
+ envp, /* char **envp */
+ NULL, /* char *stdin */
+ NULL, /* char **stdout */
+ NULL, /* char **stderr */
+ &exit_status)) { /* int *exit_status */
+ dbus_set_error (error,
+ "org.freedesktop.PolicyKit.LocalError",
+ "Error spawning polkit-auth: %m");
+ goto out;
+ }
+
+ if (!WIFEXITED (exit_status)) {
+ dbus_set_error (error,
+ "org.freedesktop.PolicyKit.LocalError",
+ "polkit-auth crashed!");
+ goto out;
+ } else if (WEXITSTATUS(exit_status) != 0) {
+ goto out;
+ }
+
+ ret = TRUE;
+
+out:
+ return ret;
+}
+
+/**
+ * polkit_auth_obtain:
+ * @action_id: The action_id for the #PolKitAction to make the user
+ * authenticate for
+ * @xid: X11 window ID for the window that the dialog will be
+ * transient for. If there is no window, pass 0.
+ * @pid: Process ID of process to grant authorization to. Normally one wants to pass result of getpid().
+ * @error: return location for error; cannot be %NULL
+ *
+ * Convenience function to prompt the user to authenticate to gain an
+ * authorization for the given action. First, an attempt to reach an
+ * Authentication Agent on the session message bus is made. If that
+ * doesn't work and stdout/stdin are both tty's, polkit-auth(1) is
+ * invoked.
+ *
+ * This is a blocking call. If you're using GTK+ see
+ * polkit_gnome_auth_obtain() for a non-blocking version.
+ *
+ * Returns: %TRUE if, and only if, the user successfully
+ * authenticated. %FALSE if the user failed to authenticate or if
+ * error is set
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_auth_obtain (const char *action_id, polkit_uint32_t xid, pid_t pid, DBusError *error)
+{
+ polkit_bool_t ret;
+ DBusConnection *bus;
+ DBusMessage *message;
+ DBusMessage *reply;
+
+ kit_return_val_if_fail (action_id != NULL, FALSE);
+ kit_return_val_if_fail (error != NULL, FALSE);
+ kit_return_val_if_fail (!dbus_error_is_set (error), FALSE);
+
+ bus = NULL;
+ message = NULL;
+ reply = NULL;
+ ret = FALSE;
+
+ bus = dbus_bus_get (DBUS_BUS_SESSION, error);
+ if (bus == NULL) {
+ dbus_error_init (error);
+ ret = _auth_show_dialog_text (action_id, pid, error);
+ goto out;
+ }
+
+ message = dbus_message_new_method_call ("org.freedesktop.PolicyKit.AuthenticationAgent", /* service */
+ "/", /* object path */
+ "org.freedesktop.PolicyKit.AuthenticationAgent", /* interface */
+ "ObtainAuthorization");
+ dbus_message_append_args (message,
+ DBUS_TYPE_STRING, &action_id,
+ DBUS_TYPE_UINT32, &xid,
+ DBUS_TYPE_UINT32, &pid,
+ DBUS_TYPE_INVALID);
+ reply = dbus_connection_send_with_reply_and_block (bus, message, INT_MAX, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ ret = _auth_show_dialog_text (action_id, pid, error);
+ goto out;
+ }
+ if (!dbus_message_get_args (reply, NULL,
+ DBUS_TYPE_BOOLEAN, &ret,
+ DBUS_TYPE_INVALID)) {
+ dbus_error_init (error);
+ ret = _auth_show_dialog_text (action_id, pid, error);
+ goto out;
+ }
+
+out:
+ if (bus != NULL)
+ dbus_connection_unref (bus);
+ if (message != NULL)
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+
+ return ret;
+}
+
+
+/**
+ * polkit_dbus_error_generate:
+ * @action: the action that the caller needs an authorization for
+ * @result: the result from e.g. polkit_context_is_caller_authorized()
+ * @error: the #DBusError to set
+ *
+ * Convenience function to generate a #DBusError that encapsulates
+ * information that the caller is not authorized. This includes
+ * information such as @action that describes what action the caller
+ * lacks an authorization for, as well as @result that describes if
+ * the caller can obtain an authorization through authentication.
+ *
+ * Typically a privileged mechanism uses this function to generate
+ * errors. At the other end of the wire, the caller can use
+ * polkit_dbus_error_parse() to extract @action and @result.
+ *
+ * The form of the #DBusError is as follows. The name is
+ * set to
+ * <literal>org.freedesktop.PolicyKit.Error.NotAuthorized</literal>
+ * and the message consists of two strings separated by a single
+ * space: the string representation of the action
+ * (cf. polkit_action_to_string_representation()) and the string
+ * representation of the result
+ * (cf. polkit_result_to_string_representation()).
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Returns: TRUE if @error was set. FALSE on error or OOM.
+ *
+ * Since: 0.8
+ */
+polkit_bool_t
+polkit_dbus_error_generate (PolKitAction *action, PolKitResult result, DBusError *error)
+{
+ polkit_bool_t ret;
+ const char *action_str;
+ const char *result_str;
+
+ ret = FALSE;
+
+ kit_return_val_if_fail (error != NULL && !dbus_error_is_set (error), FALSE);
+ kit_return_val_if_fail (action != NULL && polkit_action_validate (action), FALSE);
+
+ action_str = polkit_action_to_string_representation (action);
+ if (action_str == NULL)
+ goto out;
+
+ result_str = polkit_result_to_string_representation (result);
+ if (result_str == NULL)
+ goto out;
+
+ dbus_set_error (error,
+ "org.freedesktop.PolicyKit.Error.NotAuthorized",
+ "%s %s",
+ action_str, result_str);
+
+ /* on OOM, error->name and error->message are set to preallocated strings */
+ if (strcmp (error->name, "org.freedesktop.PolicyKit.Error.NotAuthorized") != 0)
+ goto out;
+
+ ret = TRUE;
+
+out:
+ return ret;
+}
+
+/**
+ * polkit_dbus_error_parse:
+ * @error: error to parse; must be set
+ * @action: return location for #PolKitAction object
+ * @result: return location for #PolKitResult variable
+ *
+ * Parse an error received over D-Bus, typically generated by
+ * polkit_dbus_error_generate(), into what action an authorization is
+ * missing for and whether that authorization can be obtained.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Returns: TRUE only if @error was successfully parsed and @action
+ * and @result is set (and caller must free @action using
+ * polkit_action_unref()).
+ *
+ * Since: 0.8
+ */
+polkit_bool_t
+polkit_dbus_error_parse (DBusError *error, PolKitAction **action, PolKitResult *result)
+{
+ char **tokens;
+ size_t num_tokens;
+ polkit_bool_t ret;
+
+ kit_return_val_if_fail (error != NULL && dbus_error_is_set (error), FALSE);
+ kit_return_val_if_fail (action != NULL, FALSE);
+ kit_return_val_if_fail (result != NULL, FALSE);
+
+ ret = FALSE;
+ tokens = NULL;
+ *action = NULL;
+
+ if (!dbus_error_has_name (error, "org.freedesktop.PolicyKit.Error.NotAuthorized"))
+ goto out;
+
+ tokens = kit_strsplit (error->message, ' ', &num_tokens);
+ if (tokens == NULL || num_tokens != 2)
+ goto out;
+
+ *action = polkit_action_new_from_string_representation (tokens[0]);
+ if (*action == NULL)
+ goto out;
+
+ if (!polkit_result_from_string_representation (tokens[1], result)) {
+ polkit_action_unref (*action);
+ *action = NULL;
+ goto out;
+ }
+
+ ret = TRUE;
+
+out:
+ if (!ret)
+ *result = POLKIT_RESULT_UNKNOWN;
+
+
+ if (tokens != NULL)
+ kit_strfreev (tokens);
+
+ return ret;
+}
+
+/**
+ * polkit_dbus_error_parse_from_strings:
+ * @error_name: name of D-Bus error
+ * @error_message: message of D-Bus error
+ * @action: return location for #PolKitAction object
+ * @result: return location for #PolKitResult variable
+ *
+ * Like polkit_dbus_error_parse(), only it takes the name and message
+ * instead of a #DBusError. This is useful when usings D-Bus bindings
+ * (such as dbus-glib) that don't expose the #DBusError object
+ * directly.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Returns: See polkit_dbus_error_parse().
+ *
+ * Since: 0.8
+ */
+polkit_bool_t
+polkit_dbus_error_parse_from_strings (const char *error_name,
+ const char *error_message,
+ PolKitAction **action,
+ PolKitResult *result)
+{
+ DBusError error;
+
+ dbus_error_init (&error);
+ dbus_set_error_const (&error, error_name, error_message);
+
+ return polkit_dbus_error_parse (&error, action, result);
+}
+
+#ifdef POLKIT_BUILD_TESTS
+
+static polkit_bool_t
+_run_test (void)
+{
+ PolKitAction *a;
+ PolKitResult r;
+
+ a = polkit_action_new ();
+ r = POLKIT_RESULT_ONLY_VIA_SELF_AUTH;
+ if (a != NULL) {
+ if (polkit_action_set_action_id (a, "org.example.foo")) {
+ DBusError error;
+
+ dbus_error_init (&error);
+ if (polkit_dbus_error_generate (a, r, &error)) {
+ PolKitAction *a2;
+ PolKitResult r2;
+
+ if (polkit_dbus_error_parse_from_strings (error.name, error.message, &a2, &r2)) {
+ kit_assert (polkit_action_equal (a, a2));
+ kit_assert (r == r2);
+ polkit_action_unref (a2);
+ }
+ }
+ }
+ polkit_action_unref (a);
+ }
+
+ return TRUE;
+}
+
+KitTest _test_simple = {
+ "polkit_simple",
+ NULL,
+ NULL,
+ _run_test
+};
+
+#endif /* POLKIT_BUILD_TESTS */
diff --git a/src/polkit/polkit-simple.h b/src/polkit/polkit-simple.h
new file mode 100644
index 0000000..1cf9753
--- /dev/null
+++ b/src/polkit/polkit-simple.h
@@ -0,0 +1,52 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-simple.h : Simple convenience interface
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_SIMPLE_H
+#define POLKIT_SIMPLE_H
+
+#include <polkit/polkit.h>
+
+POLKIT_BEGIN_DECLS
+
+polkit_uint64_t polkit_check_auth (pid_t pid, ...);
+polkit_uint64_t polkit_check_authv (pid_t pid, const char **action_ids);
+
+polkit_bool_t polkit_auth_obtain (const char *action_id, polkit_uint32_t xid, pid_t pid, DBusError *error);
+
+polkit_bool_t polkit_dbus_error_generate (PolKitAction *action, PolKitResult result, DBusError *error);
+polkit_bool_t polkit_dbus_error_parse (DBusError *error, PolKitAction **action, PolKitResult *result);
+polkit_bool_t polkit_dbus_error_parse_from_strings (const char *error_name, const char *error_message, PolKitAction **action, PolKitResult *result);
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_SIMPLE_H */
diff --git a/src/polkit/polkit-sysdeps.c b/src/polkit/polkit-sysdeps.c
index fe0fc6f..ad8b7a0 100644
--- a/src/polkit/polkit-sysdeps.c
+++ b/src/polkit/polkit-sysdeps.c
@@ -320,7 +320,7 @@ polkit_sysdeps_get_exe_for_pid_with_helper (pid_t pid, char *out_buf, size_t buf
ret = polkit_sysdeps_get_exe_for_pid (pid, out_buf, buf_size);
if (ret == -1) {
char buf[32];
- char *helper_argv[3] = {PACKAGE_LIBEXEC_DIR "/polkit-resolve-exe-helper", buf, NULL};
+ char *helper_argv[3] = {PACKAGE_LIBEXEC_DIR "/polkit-resolve-exe-helper-1", buf, NULL};
char *standard_output;
int exit_status;
diff --git a/src/polkit/polkit-test.c b/src/polkit/polkit-test.c
index 10ae84b..927339c 100644
--- a/src/polkit/polkit-test.c
+++ b/src/polkit/polkit-test.c
@@ -57,7 +57,6 @@ static KitTest *tests[] = {
&_test_authorization_constraint,
&_test_authorization,
&_test_authorization_db,
- &_test_config,
&_test_sysdeps,
&_test_utils,
&_test_context,
diff --git a/src/polkit/polkit-test.h b/src/polkit/polkit-test.h
index c1656cd..056b3dc 100644
--- a/src/polkit/polkit-test.h
+++ b/src/polkit/polkit-test.h
@@ -52,7 +52,6 @@ extern KitTest _test_policy_cache;
extern KitTest _test_authorization_constraint;
extern KitTest _test_authorization;
extern KitTest _test_authorization_db;
-extern KitTest _test_config;
extern KitTest _test_sysdeps;
extern KitTest _test_utils;
extern KitTest _test_context;
diff --git a/src/polkit/polkit-tracker.c b/src/polkit/polkit-tracker.c
new file mode 100644
index 0000000..0dad442
--- /dev/null
+++ b/src/polkit/polkit-tracker.c
@@ -0,0 +1,1556 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-tracker.c : track callers
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+#include <ctype.h>
+
+#include "polkit-debug.h"
+#include "polkit-tracker.h"
+
+/**
+ * SECTION:polkit-tracker
+ * @title: Track callers
+ * @short_description: Obtaining seat, session and caller information
+ * via D-Bus and ConsoleKit.
+ *
+ * Helper class for obtaining seat, session and caller information
+ * via D-Bus and ConsoleKit. This library is only useful when writing
+ * a mechanism.
+ *
+ * If the mechanism itself is a daemon exposing a remote services via
+ * the system message bus it's often a better idea, to reduce
+ * roundtrips, to use the high-level #PolKitTracker class rather than
+ * the low-level functions polkit_caller_new_from_dbus_name() and
+ * polkit_caller_new_from_pid().
+ *
+ **/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <errno.h>
+#include <time.h>
+#include <string.h>
+
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#endif
+
+#include <polkit/polkit-debug.h>
+#include <polkit/polkit-test.h>
+#include <polkit/polkit-private.h>
+#include "polkit-tracker.h"
+
+/**
+ * polkit_session_new_from_objpath:
+ * @con: D-Bus system bus connection
+ * @objpath: object path of ConsoleKit session object
+ * @uid: the user owning the session or -1 if unknown
+ * @error: D-Bus error
+ *
+ * This function will construct a #PolKitSession object by querying
+ * the ConsoleKit daemon for information. Note that this will do a lot
+ * of blocking IO so it is best avoided if your process already
+ * tracks/caches all the information. If you pass in @uid as a
+ * non-negative number, a round trip can be saved.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Returns: the new object or #NULL if an error occured (in which case
+ * @error will be set)
+ **/
+PolKitSession *
+polkit_session_new_from_objpath (DBusConnection *con, const char *objpath, uid_t uid, DBusError *error)
+{
+ PolKitSeat *seat;
+ PolKitSession *session;
+ DBusMessage *message;
+ DBusMessage *reply;
+ char *str;
+ dbus_bool_t is_active;
+ dbus_bool_t is_local;
+ char *remote_host;
+ char *seat_path;
+
+ kit_return_val_if_fail (con != NULL, NULL);
+ kit_return_val_if_fail (objpath != NULL, NULL);
+ kit_return_val_if_fail (error != NULL, NULL);
+ kit_return_val_if_fail (! dbus_error_is_set (error), NULL);
+
+ session = NULL;
+ remote_host = NULL;
+ seat_path = NULL;
+
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ objpath,
+ "org.freedesktop.ConsoleKit.Session",
+ "IsActive");
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ kit_warning ("Error doing Session.IsActive on ConsoleKit: %s: %s", error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ goto out;
+ }
+ if (!dbus_message_get_args (reply, NULL,
+ DBUS_TYPE_BOOLEAN, &is_active,
+ DBUS_TYPE_INVALID)) {
+ kit_warning ("Invalid IsActive reply from CK");
+ goto out;
+ }
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ objpath,
+ "org.freedesktop.ConsoleKit.Session",
+ "IsLocal");
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ kit_warning ("Error doing Session.IsLocal on ConsoleKit: %s: %s", error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ goto out;
+ }
+ if (!dbus_message_get_args (reply, NULL,
+ DBUS_TYPE_BOOLEAN, &is_local,
+ DBUS_TYPE_INVALID)) {
+ kit_warning ("Invalid IsLocal reply from CK");
+ goto out;
+ }
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+
+ if (!is_local) {
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ objpath,
+ "org.freedesktop.ConsoleKit.Session",
+ "GetRemoteHostName");
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ kit_warning ("Error doing Session.GetRemoteHostName on ConsoleKit: %s: %s",
+ error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ goto out;
+ }
+ if (!dbus_message_get_args (reply, NULL,
+ DBUS_TYPE_STRING, &str,
+ DBUS_TYPE_INVALID)) {
+ kit_warning ("Invalid GetRemoteHostName reply from CK");
+ goto out;
+ }
+ remote_host = kit_strdup (str);
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+ }
+
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ objpath,
+ "org.freedesktop.ConsoleKit.Session",
+ "GetSeatId");
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ kit_warning ("Error doing Session.GetSeatId on ConsoleKit: %s: %s",
+ error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ goto out;
+ }
+ if (!dbus_message_get_args (reply, NULL,
+ DBUS_TYPE_OBJECT_PATH, &str,
+ DBUS_TYPE_INVALID)) {
+ kit_warning ("Invalid GetSeatId reply from CK");
+ goto out;
+ }
+ seat_path = kit_strdup (str);
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+
+ if ((int) uid == -1) {
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ objpath,
+ "org.freedesktop.ConsoleKit.Session",
+ "GetUnixUser");
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ kit_warning ("Error doing Session.GetUnixUser on ConsoleKit: %s: %s",error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ goto out;
+ }
+ if (!dbus_message_get_args (reply, NULL,
+ DBUS_TYPE_INT32, &uid,
+ DBUS_TYPE_INVALID)) {
+ kit_warning ("Invalid GetUnixUser reply from CK");
+ goto out;
+ }
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+ }
+
+ session = polkit_session_new ();
+ if (session == NULL) {
+ goto out;
+ }
+ if (!polkit_session_set_uid (session, uid)) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+ if (!polkit_session_set_ck_objref (session, objpath)) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+ if (!polkit_session_set_ck_is_active (session, is_active)) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+ if (!polkit_session_set_ck_is_local (session, is_local)) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+ if (!is_local) {
+ if (!polkit_session_set_ck_remote_host (session, remote_host)) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+
+ }
+
+ seat = polkit_seat_new ();
+ if (seat == NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+ if (!polkit_seat_set_ck_objref (seat, seat_path)) {
+ polkit_seat_unref (seat);
+ seat = NULL;
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+ if (!polkit_seat_validate (seat)) {
+ polkit_seat_unref (seat);
+ seat = NULL;
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+
+ if (!polkit_session_set_seat (session, seat)) {
+ polkit_seat_unref (seat);
+ seat = NULL;
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+ polkit_seat_unref (seat); /* session object now owns this object */
+ seat = NULL;
+
+ if (!polkit_session_validate (session)) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+
+out:
+ kit_free (remote_host);
+ kit_free (seat_path);
+ return session;
+}
+
+/**
+ * polkit_session_new_from_cookie:
+ * @con: D-Bus system bus connection
+ * @cookie: a ConsoleKit XDG_SESSION_COOKIE
+ * @error: D-Bus error
+ *
+ * This function will construct a #PolKitSession object by querying
+ * the ConsoleKit daemon for information. Note that this will do a lot
+ * of blocking IO so it is best avoided if your process already
+ * tracks/caches all the information.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Returns: the new object or #NULL if an error occured (in which case
+ * @error will be set)
+ **/
+PolKitSession *
+polkit_session_new_from_cookie (DBusConnection *con, const char *cookie, DBusError *error)
+{
+ PolKitSession *session;
+ DBusMessage *message;
+ DBusMessage *reply;
+ char *str;
+ char *objpath;
+
+ kit_return_val_if_fail (con != NULL, NULL);
+ kit_return_val_if_fail (cookie != NULL, NULL);
+ kit_return_val_if_fail (error != NULL, NULL);
+ kit_return_val_if_fail (! dbus_error_is_set (error), NULL);
+
+ objpath = NULL;
+ session = NULL;
+
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ "/org/freedesktop/ConsoleKit/Manager",
+ "org.freedesktop.ConsoleKit.Manager",
+ "GetSessionForCookie");
+ dbus_message_append_args (message, DBUS_TYPE_STRING, &cookie, DBUS_TYPE_INVALID);
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ //kit_warning ("Error doing Manager.GetSessionForCookie on ConsoleKit: %s: %s", error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ goto out;
+ }
+ if (!dbus_message_get_args (reply, NULL,
+ DBUS_TYPE_OBJECT_PATH, &str,
+ DBUS_TYPE_INVALID)) {
+ kit_warning ("Invalid GetSessionForCookie reply from CK");
+ goto out;
+ }
+ objpath = kit_strdup (str);
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+
+ session = polkit_session_new_from_objpath (con, objpath, -1, error);
+
+out:
+ kit_free (objpath);
+ return session;
+}
+
+
+/**
+ * polkit_caller_new_from_dbus_name:
+ * @con: D-Bus system bus connection
+ * @dbus_name: unique system bus connection name
+ * @error: D-Bus error
+ *
+ * This function will construct a #PolKitCaller object by querying
+ * both the system bus daemon and the ConsoleKit daemon for
+ * information. Note that this will do a lot of blocking IO so it is
+ * best avoided if your process already tracks/caches all the
+ * information. You can use the #PolKitTracker class for this.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Returns: the new object or #NULL if an error occured (in which case
+ * @error will be set)
+ **/
+PolKitCaller *
+polkit_caller_new_from_dbus_name (DBusConnection *con, const char *dbus_name, DBusError *error)
+{
+ PolKitCaller *caller;
+ pid_t pid;
+ uid_t uid;
+ char *selinux_context;
+ char *ck_session_objpath;
+ PolKitSession *session;
+ DBusMessage *message;
+ DBusMessage *reply;
+ DBusMessageIter iter;
+ DBusMessageIter sub_iter;
+ char *str;
+ int num_elems;
+
+ kit_return_val_if_fail (con != NULL, NULL);
+ kit_return_val_if_fail (dbus_name != NULL, NULL);
+ kit_return_val_if_fail (error != NULL, NULL);
+ kit_return_val_if_fail (! dbus_error_is_set (error), NULL);
+
+ selinux_context = NULL;
+ ck_session_objpath = NULL;
+
+ caller = NULL;
+ session = NULL;
+
+ uid = dbus_bus_get_unix_user (con, dbus_name, error);
+ if (dbus_error_is_set (error)) {
+ kit_warning ("Could not get uid for connection: %s %s", error->name, error->message);
+ goto out;
+ }
+
+ message = dbus_message_new_method_call ("org.freedesktop.DBus",
+ "/org/freedesktop/DBus/Bus",
+ "org.freedesktop.DBus",
+ "GetConnectionUnixProcessID");
+ dbus_message_iter_init_append (message, &iter);
+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &dbus_name);
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ kit_warning ("Error doing GetConnectionUnixProcessID on Bus: %s: %s", error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ goto out;
+ }
+ dbus_message_iter_init (reply, &iter);
+ dbus_message_iter_get_basic (&iter, &pid);
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+
+ message = dbus_message_new_method_call ("org.freedesktop.DBus",
+ "/org/freedesktop/DBus/Bus",
+ "org.freedesktop.DBus",
+ "GetConnectionSELinuxSecurityContext");
+ dbus_message_iter_init_append (message, &iter);
+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &dbus_name);
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ /* SELinux might not be enabled */
+ if (dbus_error_is_set (error) &&
+ strcmp (error->name, "org.freedesktop.DBus.Error.SELinuxSecurityContextUnknown") == 0) {
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ dbus_error_init (error);
+ } else if (reply == NULL || dbus_error_is_set (error)) {
+ kit_warning ("Error doing GetConnectionSELinuxSecurityContext on Bus: %s: %s", error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ goto out;
+ } else {
+ /* TODO: verify signature */
+ dbus_message_iter_init (reply, &iter);
+ dbus_message_iter_recurse (&iter, &sub_iter);
+ dbus_message_iter_get_fixed_array (&sub_iter, (void *) &str, &num_elems);
+ if (str != NULL && num_elems > 0)
+ selinux_context = kit_strndup (str, num_elems);
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+ }
+
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ "/org/freedesktop/ConsoleKit/Manager",
+ "org.freedesktop.ConsoleKit.Manager",
+ "GetSessionForUnixProcess");
+ dbus_message_iter_init_append (message, &iter);
+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &pid);
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ //kit_warning ("Error doing GetSessionForUnixProcess on ConsoleKit: %s: %s", error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ /* OK, this is not a catastrophe; just means the caller is not a
+ * member of any session or that ConsoleKit is not available..
+ */
+ goto not_in_session;
+ }
+ dbus_message_iter_init (reply, &iter);
+ dbus_message_iter_get_basic (&iter, &str);
+ ck_session_objpath = kit_strdup (str);
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+
+ session = polkit_session_new_from_objpath (con, ck_session_objpath, uid, error);
+ if (session == NULL) {
+ kit_warning ("Got a session objpath but couldn't construct session object!");
+ goto out;
+ }
+ if (!polkit_session_validate (session)) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+
+not_in_session:
+
+ caller = polkit_caller_new ();
+ if (caller == NULL) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ goto out;
+ }
+
+ if (!polkit_caller_set_dbus_name (caller, dbus_name)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ if (!polkit_caller_set_uid (caller, uid)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ if (!polkit_caller_set_pid (caller, pid)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ if (selinux_context != NULL) {
+ if (!polkit_caller_set_selinux_context (caller, selinux_context)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ }
+ if (session != NULL) {
+ if (!polkit_caller_set_ck_session (caller, session)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ polkit_session_unref (session); /* caller object now own this object */
+ session = NULL;
+ }
+
+ if (!polkit_caller_validate (caller)) {
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+
+out:
+ kit_free (selinux_context);
+ kit_free (ck_session_objpath);
+ return caller;
+}
+
+/**
+ * polkit_caller_new_from_pid:
+ * @con: D-Bus system bus connection
+ * @pid: process id
+ * @error: D-Bus error
+ *
+ * This function will construct a #PolKitCaller object by querying
+ * both information in /proc (on Linux) and the ConsoleKit daemon for
+ * information about a given process. Note that this will do a lot of
+ * blocking IO so it is best avoided if your process already
+ * tracks/caches all the information. You can use the #PolKitTracker
+ * class for this.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Returns: the new object or #NULL if an error occured (in which case
+ * @error will be set)
+ **/
+PolKitCaller *
+polkit_caller_new_from_pid (DBusConnection *con, pid_t pid, DBusError *error)
+{
+ PolKitCaller *caller;
+ uid_t uid;
+ char *selinux_context;
+ char *ck_session_objpath;
+ PolKitSession *session;
+ DBusMessage *message;
+ DBusMessage *reply;
+ DBusMessageIter iter;
+ char *str;
+ char *proc_path;
+ struct stat statbuf;
+#ifdef HAVE_SELINUX
+ security_context_t secon;
+#endif
+
+#ifndef POLKIT_BUILD_TESTS
+ /* for testing it's fine to pass con==NULL if POLKIT_TEST_PRETEND_TO_BE_CK_SESSION_OBJPATH is set */
+ kit_return_val_if_fail (con != NULL, NULL);
+#endif
+ kit_return_val_if_fail (error != NULL, NULL);
+ kit_return_val_if_fail (! dbus_error_is_set (error), NULL);
+
+ selinux_context = NULL;
+ ck_session_objpath = NULL;
+ uid = (uid_t) -1;
+ caller = NULL;
+ session = NULL;
+ proc_path = NULL;
+
+#ifdef POLKIT_BUILD_TESTS
+ char *pretend;
+ if ((pretend = getenv ("POLKIT_TEST_PRETEND_TO_BE_UID")) != NULL) {
+ uid = atoi (pretend);
+ }
+ if ((pretend = getenv ("POLKIT_TEST_PRETEND_TO_BE_PID")) != NULL) {
+ pid = atoi (pretend);
+ }
+ if ((pretend = getenv ("POLKIT_TEST_PRETEND_TO_BE_SELINUX_CONTEXT")) != NULL) {
+ selinux_context = kit_strdup (pretend);
+ }
+ if ((pretend = getenv ("POLKIT_TEST_PRETEND_TO_BE_CK_SESSION_OBJPATH")) != NULL) {
+ ck_session_objpath = kit_strdup (pretend);
+ } else {
+ kit_return_val_if_fail (con != NULL, NULL);
+ }
+#endif
+
+ if (uid == (uid_t) -1) {
+ proc_path = kit_strdup_printf ("/proc/%d", pid);
+ if (proc_path && stat (proc_path, &statbuf) != 0) {
+ kit_warning ("Cannot lookup information for pid %d: %s", pid, strerror (errno));
+ goto out;
+ }
+ uid = statbuf.st_uid;
+ }
+
+#ifdef HAVE_SELINUX
+ /* only get the context if we are enabled */
+ if (selinux_context == NULL) {
+ if (is_selinux_enabled () != 0) {
+ if (getpidcon (pid, &secon) != 0) {
+ kit_warning ("Cannot lookup SELinux context for pid %d: %s", pid, strerror (errno));
+ goto out;
+ }
+ selinux_context = kit_strdup (secon);
+ freecon (secon);
+ }
+ }
+#else
+ selinux_context = NULL;
+#endif
+
+ if (ck_session_objpath == NULL) {
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ "/org/freedesktop/ConsoleKit/Manager",
+ "org.freedesktop.ConsoleKit.Manager",
+ "GetSessionForUnixProcess");
+ dbus_message_iter_init_append (message, &iter);
+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &pid);
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ //kit_warning ("Error doing GetSessionForUnixProcess on ConsoleKit: %s: %s", error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ /* OK, this is not a catastrophe; just means the caller is not a
+ * member of any session or that ConsoleKit is not available..
+ */
+ goto not_in_session;
+ }
+ dbus_message_iter_init (reply, &iter);
+ dbus_message_iter_get_basic (&iter, &str);
+ ck_session_objpath = kit_strdup (str);
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+ } else {
+ if (strlen (ck_session_objpath) == 0)
+ goto not_in_session;
+ }
+
+ session = polkit_session_new_from_objpath (con, ck_session_objpath, uid, error);
+ if (session == NULL) {
+ kit_warning ("Got a session objpath but couldn't construct session object!");
+ goto out;
+ }
+ if (!polkit_session_validate (session)) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+
+not_in_session:
+
+ caller = polkit_caller_new ();
+ if (caller == NULL) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ goto out;
+ }
+
+ if (!polkit_caller_set_uid (caller, uid)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+
+ if (!polkit_caller_set_pid (caller, pid)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ if (selinux_context != NULL) {
+ if (!polkit_caller_set_selinux_context (caller, selinux_context)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ }
+ if (session != NULL) {
+ if (!polkit_caller_set_ck_session (caller, session)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ polkit_session_unref (session); /* caller object now own this object */
+ session = NULL;
+ }
+
+ if (!polkit_caller_validate (caller)) {
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+
+out:
+ kit_free (selinux_context);
+ kit_free (ck_session_objpath);
+ kit_free (proc_path);
+ return caller;
+}
+
+static kit_bool_t
+_free_elem_in_list (void *data, void *user_data, KitList *list)
+{
+ kit_free (data);
+ return FALSE;
+}
+
+static KitList *
+_get_list_of_sessions (DBusConnection *con, uid_t uid, DBusError *error)
+{
+ KitList *ret;
+ DBusMessage *message;
+ DBusMessage *reply;
+ DBusMessageIter iter;
+ DBusMessageIter iter_array;
+ const char *value;
+
+ ret = NULL;
+
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ "/org/freedesktop/ConsoleKit/Manager",
+ "org.freedesktop.ConsoleKit.Manager",
+ "GetSessionsForUnixUser");
+ dbus_message_append_args (message, DBUS_TYPE_UINT32, &uid, DBUS_TYPE_INVALID);
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ goto out;
+ }
+
+ dbus_message_iter_init (reply, &iter);
+ if (dbus_message_iter_get_arg_type (&iter) != DBUS_TYPE_ARRAY) {
+ kit_warning ("Wrong reply from ConsoleKit (not an array)");
+ goto out;
+ }
+
+ dbus_message_iter_recurse (&iter, &iter_array);
+ while (dbus_message_iter_get_arg_type (&iter_array) != DBUS_TYPE_INVALID) {
+
+ if (dbus_message_iter_get_arg_type (&iter_array) != DBUS_TYPE_OBJECT_PATH) {
+ kit_warning ("Wrong reply from ConsoleKit (element is not a string)");
+ kit_list_foreach (ret, _free_elem_in_list, NULL);
+ kit_list_free (ret);
+ goto out;
+ }
+
+ dbus_message_iter_get_basic (&iter_array, &value);
+ ret = kit_list_append (ret, kit_strdup (value));
+
+ dbus_message_iter_next (&iter_array);
+ }
+
+out:
+ if (message != NULL)
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ return ret;
+}
+
+static polkit_bool_t
+_polkit_is_authorization_relevant_internal (DBusConnection *con,
+ PolKitAuthorization *auth,
+ KitList *sessions,
+ DBusError *error)
+{
+ pid_t pid;
+ polkit_uint64_t pid_start_time;
+ polkit_bool_t ret;
+ polkit_bool_t del_sessions;
+ KitList *i;
+ uid_t uid;
+
+ kit_return_val_if_fail (con != NULL, FALSE);
+ kit_return_val_if_fail (auth != NULL, FALSE);
+ kit_return_val_if_fail (error != NULL, FALSE);
+ kit_return_val_if_fail (! dbus_error_is_set (error), FALSE);
+
+ ret = FALSE;
+
+ uid = polkit_authorization_get_uid (auth);
+
+ switch (polkit_authorization_get_scope (auth)) {
+ case POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT:
+ case POLKIT_AUTHORIZATION_SCOPE_PROCESS:
+ if (!polkit_authorization_scope_process_get_pid (auth,
+ &pid,
+ &pid_start_time)) {
+ /* this should never fail */
+ kit_warning ("Cannot determine (pid,start_time) for authorization");
+ goto out;
+ }
+ if (polkit_sysdeps_get_start_time_for_pid (pid) == pid_start_time) {
+ ret = TRUE;
+ goto out;
+ }
+ break;
+
+ case POLKIT_AUTHORIZATION_SCOPE_SESSION:
+ del_sessions = FALSE;
+ if (sessions == NULL) {
+ sessions = _get_list_of_sessions (con, uid, error);
+ del_sessions = TRUE;
+ }
+
+ if (sessions != NULL) {
+ for (i = sessions; i != NULL; i = i->next) {
+ char *session_id = i->data;
+ if (strcmp (session_id, polkit_authorization_scope_session_get_ck_objref (auth)) == 0) {
+ ret = TRUE;
+ break;
+ }
+ }
+
+ if (del_sessions) {
+ kit_list_foreach (sessions, _free_elem_in_list, NULL);
+ kit_list_free (sessions);
+ }
+ }
+ break;
+
+ case POLKIT_AUTHORIZATION_SCOPE_ALWAYS:
+ ret = TRUE;
+ break;
+ }
+
+out:
+ return ret;
+}
+
+/**
+ * polkit_is_authorization_relevant:
+ * @con: D-Bus system bus connection
+ * @auth: authorization to check for
+ * @error: return location for error
+ *
+ * As explicit authorizations are scoped (process single shot,
+ * process, session or everything), they become irrelevant once the
+ * entity (process or session) ceases to exist. This function
+ * determines whether the authorization is still relevant; it's useful
+ * for reporting and graphical tools displaying authorizations.
+ *
+ * Note that this may do blocking IO to check for session
+ * authorizations so it is best avoided if your process already
+ * tracks/caches all the information. You can use the
+ * polkit_tracker_is_authorization_relevant() method on the
+ * #PolKitTracker class for this.
+ *
+ * Returns: #TRUE if the authorization still applies, #FALSE if an
+ * error occurred (then error will be set) or if the entity the
+ * authorization refers to has gone out of scope.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_is_authorization_relevant (DBusConnection *con, PolKitAuthorization *auth, DBusError *error)
+{
+ return _polkit_is_authorization_relevant_internal (con, auth, NULL, error);
+}
+
+/**
+ * PolKitTracker:
+ *
+ * Instances of this class are used to cache information about
+ * callers; typically this is used in scenarios where the same caller
+ * is calling into a mechanism multiple times.
+ *
+ * Thus, an application can use this class to get the #PolKitCaller
+ * object; the class will listen to both NameOwnerChanged and
+ * ActivityChanged signals from the message bus and update / retire
+ * the #PolKitCaller objects.
+ *
+ * An example of how to use #PolKitTracker is provided here. First, build the following program
+ *
+ * <programlisting><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../examples/tracker-example/tracker-example.c" parse="text"><xi:fallback>FIXME: MISSING XINCLUDE CONTENT</xi:fallback></xi:include></programlisting>
+ *
+ * with
+ *
+ * <programlisting>gcc -o tracker-example `pkg-config --cflags --libs dbus-glib-1 polkit-dbus` tracker-example.c</programlisting>
+ *
+ * Then put the following content
+ *
+ * <programlisting><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../examples/tracker-example/dk.fubar.PolKitTestService.conf" parse="text"><xi:fallback>FIXME: MISSING XINCLUDE CONTENT</xi:fallback></xi:include></programlisting>
+ *
+ * in the file <literal>/etc/dbus-1/system.d/dk.fubar.PolKitTestService.conf</literal>. Finally,
+ * create a small Python client like this
+ *
+ * <programlisting><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../examples/tracker-example/tracker-example-client.py" parse="text"><xi:fallback>FIXME: MISSING XINCLUDE CONTENT</xi:fallback></xi:include></programlisting>
+ *
+ * as <literal>tracker-example-client.py</literal>. Now, run <literal>tracker-example</literal>
+ * in one window and <literal>tracker-example-client</literal> in another. The output of
+ * the former should look like this
+ *
+ *
+ * <programlisting>
+ * 18:20:00.414: PolKitCaller: refcount=1 dbus_name=:1.473 uid=500 pid=8636 selinux_context=system_u:system_r:unconfined_t
+ * 18:20:00.414: PolKitSession: refcount=1 uid=0 objpath=/org/freedesktop/ConsoleKit/Session1 is_active=1 is_local=1 remote_host=(null)
+ * 18:20:00.414: PolKitSeat: refcount=1 objpath=/org/freedesktop/ConsoleKit/Seat1
+ *
+ * 18:20:01.424: PolKitCaller: refcount=1 dbus_name=:1.473 uid=500 pid=8636 selinux_context=system_u:system_r:unconfined_t
+ * 18:20:01.424: PolKitSession: refcount=1 uid=0 objpath=/org/freedesktop/ConsoleKit/Session1 is_active=1 is_local=1 remote_host=(null)
+ * 18:20:01.424: PolKitSeat: refcount=1 objpath=/org/freedesktop/ConsoleKit/Seat1
+ *
+ * 18:20:02.434: PolKitCaller: refcount=1 dbus_name=:1.473 uid=500 pid=8636 selinux_context=system_u:system_r:unconfined_t
+ * 18:20:02.434: PolKitSession: refcount=1 uid=0 objpath=/org/freedesktop/ConsoleKit/Session1 is_active=0 is_local=1 remote_host=(null)
+ * 18:20:02.434: PolKitSeat: refcount=1 objpath=/org/freedesktop/ConsoleKit/Seat1
+ *
+ * 18:20:03.445: PolKitCaller: refcount=1 dbus_name=:1.473 uid=500 pid=8636 selinux_context=system_u:system_r:unconfined_t
+ * 18:20:03.445: PolKitSession: refcount=1 uid=0 objpath=/org/freedesktop/ConsoleKit/Session1 is_active=1 is_local=1 remote_host=(null)
+ * 18:20:03.445: PolKitSeat: refcount=1 objpath=/org/freedesktop/ConsoleKit/Seat1
+ * </programlisting>
+ *
+ * The point of the test program is simply to gather caller
+ * information about clients (the small Python program, you may launch
+ * multiple instances of it) that repeatedly calls into the D-Bus
+ * service; if one runs <literal>strace(1)</literal> in front of the
+ * test program one will notice that there is only syscall / IPC
+ * overhead (except for printing to stdout) on the first call from the
+ * client.
+ *
+ * The careful reader will notice that, during the testing session, we
+ * did a quick VT switch away from the session (and back) which is
+ * reflected in the output.
+ *
+ * These functions are in <literal>libpolkit-dbus</literal>.
+ **/
+struct _PolKitTracker {
+ int refcount;
+ DBusConnection *con;
+
+ KitHash *dbus_name_to_caller;
+
+ KitHash *pid_start_time_to_caller;
+};
+
+typedef struct {
+ pid_t pid;
+ polkit_uint64_t start_time;
+} _PidStartTimePair;
+
+static _PidStartTimePair *
+_pid_start_time_new (pid_t pid, polkit_uint64_t start_time)
+{
+ _PidStartTimePair *obj;
+ obj = kit_new (_PidStartTimePair, 1);
+ obj->pid = pid;
+ obj->start_time = start_time;
+ return obj;
+}
+
+static uint32_t
+_pid_start_time_hash (const void *a)
+{
+ uint32_t val;
+ _PidStartTimePair *pst = (_PidStartTimePair *) a;
+
+ val = pst->pid + ((int) pst->start_time);
+
+ return val;
+}
+
+static kit_bool_t
+_pid_start_time_equal (const void *a, const void *b)
+{
+ _PidStartTimePair *_a = (_PidStartTimePair *) a;
+ _PidStartTimePair *_b = (_PidStartTimePair *) b;
+
+ return (_a->pid == _b->pid) && (_a->start_time == _b->start_time);
+}
+
+/**
+ * polkit_tracker_new:
+ *
+ * Creates a new #PolKitTracker object.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Returns: the new object
+ *
+ * Since: 0.7
+ **/
+PolKitTracker *
+polkit_tracker_new (void)
+{
+ PolKitTracker *pk_tracker;
+ pk_tracker = kit_new0 (PolKitTracker, 1);
+ pk_tracker->refcount = 1;
+ pk_tracker->dbus_name_to_caller = kit_hash_new (kit_hash_str_hash_func,
+ kit_hash_str_equal_func,
+ NULL,
+ NULL,
+ (KitFreeFunc) kit_free,
+ (KitFreeFunc) polkit_caller_unref);
+ pk_tracker->pid_start_time_to_caller = kit_hash_new (_pid_start_time_hash,
+ _pid_start_time_equal,
+ NULL,
+ NULL,
+ (KitFreeFunc) kit_free,
+ (KitFreeFunc) polkit_caller_unref);
+ return pk_tracker;
+}
+
+/**
+ * polkit_tracker_ref:
+ * @pk_tracker: the tracker object
+ *
+ * Increase reference count.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Returns: the object
+ *
+ * Since: 0.7
+ **/
+PolKitTracker *
+polkit_tracker_ref (PolKitTracker *pk_tracker)
+{
+ kit_return_val_if_fail (pk_tracker != NULL, pk_tracker);
+ pk_tracker->refcount++;
+ return pk_tracker;
+}
+
+/**
+ * polkit_tracker_unref:
+ * @pk_tracker: the tracker object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Since: 0.7
+ **/
+void
+polkit_tracker_unref (PolKitTracker *pk_tracker)
+{
+ kit_return_if_fail (pk_tracker != NULL);
+ pk_tracker->refcount--;
+ if (pk_tracker->refcount > 0)
+ return;
+ kit_hash_unref (pk_tracker->dbus_name_to_caller);
+ kit_hash_unref (pk_tracker->pid_start_time_to_caller);
+ dbus_connection_unref (pk_tracker->con);
+ kit_free (pk_tracker);
+}
+
+/**
+ * polkit_tracker_set_system_bus_connection:
+ * @pk_tracker: the tracker object
+ * @con: the connection to the system message bus
+ *
+ * Tell the #PolKitTracker object to use the given D-Bus connection
+ * when it needs to fetch information from the system message bus and
+ * ConsoleKit services. This is used for priming the cache.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Since: 0.7
+ */
+void
+polkit_tracker_set_system_bus_connection (PolKitTracker *pk_tracker, DBusConnection *con)
+{
+ kit_return_if_fail (pk_tracker != NULL);
+ pk_tracker->con = dbus_connection_ref (con);
+}
+
+/**
+ * polkit_tracker_init:
+ * @pk_tracker: the tracker object
+ *
+ * Initialize the tracker.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Since: 0.7
+ */
+void
+polkit_tracker_init (PolKitTracker *pk_tracker)
+{
+ kit_return_if_fail (pk_tracker != NULL);
+ /* This is currently a no-op */
+}
+
+/*--------------------------------------------------------------------------------------------------------------*/
+
+static void
+_set_session_inactive_iter (void *key, PolKitCaller *caller, const char *session_objpath, KitHash *hash)
+{
+ char *objpath;
+ PolKitSession *session;
+ if (!polkit_caller_get_ck_session (caller, &session))
+ return;
+ if (!polkit_session_get_ck_objref (session, &objpath))
+ return;
+ if (strcmp (objpath, session_objpath) != 0)
+ return;
+ polkit_session_set_ck_is_active (session, FALSE);
+}
+
+static void
+_set_session_active_iter (void *key, PolKitCaller *caller, const char *session_objpath, KitHash *hash)
+{
+ char *objpath;
+ PolKitSession *session;
+ if (!polkit_caller_get_ck_session (caller, &session))
+ return;
+ if (!polkit_session_get_ck_objref (session, &objpath))
+ return;
+ if (strcmp (objpath, session_objpath) != 0)
+ return;
+ polkit_session_set_ck_is_active (session, TRUE);
+}
+
+static void
+_update_session_is_active (PolKitTracker *pk_tracker, const char *session_objpath, kit_bool_t is_active)
+{
+ kit_hash_foreach (pk_tracker->dbus_name_to_caller,
+ (KitHashForeachFunc) (is_active ? _set_session_active_iter : _set_session_inactive_iter),
+ (void *) session_objpath);
+}
+
+/*--------------------------------------------------------------------------------------------------------------*/
+
+static kit_bool_t
+_remove_caller_by_session_iter (void *key, PolKitCaller *caller, const char *session_objpath, KitHash *hash)
+{
+ char *objpath;
+ PolKitSession *session;
+ if (!polkit_caller_get_ck_session (caller, &session))
+ return FALSE;
+ if (!polkit_session_get_ck_objref (session, &objpath))
+ return FALSE;
+ if (strcmp (objpath, session_objpath) != 0)
+ return FALSE;
+ return TRUE;
+}
+
+static void
+_remove_caller_by_session (PolKitTracker *pk_tracker, const char *session_objpath)
+{
+ kit_hash_foreach_remove (pk_tracker->dbus_name_to_caller,
+ (KitHashForeachFunc) _remove_caller_by_session_iter,
+ (void *) session_objpath);
+}
+
+/*--------------------------------------------------------------------------------------------------------------*/
+
+static kit_bool_t
+_remove_caller_by_dbus_name_iter (void *key, PolKitCaller *caller, const char *dbus_name, KitHash *hash)
+{
+ char *name;
+ if (!polkit_caller_get_dbus_name (caller, &name))
+ return FALSE;
+ if (strcmp (name, dbus_name) != 0)
+ return FALSE;
+ return TRUE;
+}
+
+static void
+_remove_caller_by_dbus_name (PolKitTracker *pk_tracker, const char *dbus_name)
+{
+ kit_hash_foreach_remove (pk_tracker->dbus_name_to_caller,
+ (KitHashForeachFunc) _remove_caller_by_dbus_name_iter,
+ (void *) dbus_name);
+}
+
+/*--------------------------------------------------------------------------------------------------------------*/
+
+/**
+ * polkit_tracker_dbus_func:
+ * @pk_tracker: the tracker object
+ * @message: message to pass
+ *
+ * The owner of the #PolKitTracker object must pass signals from the
+ * system message bus (just NameOwnerChanged will do) and all signals
+ * from the ConsoleKit service into this function.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Returns: #TRUE only if there was a change in the ConsoleKit database.
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_tracker_dbus_func (PolKitTracker *pk_tracker, DBusMessage *message)
+{
+ kit_bool_t ret;
+
+ ret = FALSE;
+
+ if (dbus_message_is_signal (message, DBUS_INTERFACE_DBUS, "NameOwnerChanged")) {
+ char *name;
+ char *new_service_name;
+ char *old_service_name;
+
+ if (!dbus_message_get_args (message, NULL,
+ DBUS_TYPE_STRING, &name,
+ DBUS_TYPE_STRING, &old_service_name,
+ DBUS_TYPE_STRING, &new_service_name,
+ DBUS_TYPE_INVALID)) {
+
+ /* TODO: should be _pk_critical */
+ polkit_debug ("The NameOwnerChanged signal on the " DBUS_INTERFACE_DBUS " "
+ "interface has the wrong signature! Your system is misconfigured.");
+ goto out;
+ }
+
+ if (strlen (new_service_name) == 0) {
+ _remove_caller_by_dbus_name (pk_tracker, name);
+ }
+
+ } else if (dbus_message_is_signal (message, "org.freedesktop.ConsoleKit.Session", "ActiveChanged")) {
+ dbus_bool_t is_active;
+ DBusError error;
+ const char *session_objpath;
+
+ ret = TRUE;
+
+ dbus_error_init (&error);
+ session_objpath = dbus_message_get_path (message);
+ if (!dbus_message_get_args (message, &error,
+ DBUS_TYPE_BOOLEAN, &is_active,
+ DBUS_TYPE_INVALID)) {
+
+ /* TODO: should be _pk_critical */
+ kit_warning ("The ActiveChanged signal on the org.freedesktop.ConsoleKit.Session "
+ "interface for object %s has the wrong signature! "
+ "Your system is misconfigured.", session_objpath);
+
+ /* as a security measure, remove all sessions with this path from the cache;
+ * cuz then the user of PolKitTracker probably gets to deal with a DBusError
+ * the next time he tries something...
+ */
+ _remove_caller_by_session (pk_tracker, session_objpath);
+ goto out;
+ }
+
+ /* now go through all Caller objects and update the is_active field as appropriate */
+ _update_session_is_active (pk_tracker, session_objpath, is_active);
+
+ } else if (dbus_message_is_signal (message, "org.freedesktop.ConsoleKit.Seat", "SessionAdded")) {
+ DBusError error;
+ const char *seat_objpath;
+ const char *session_objpath;
+
+ /* If a session is added, update our list of sessions.. also notify the user.. */
+
+ ret = TRUE;
+
+ dbus_error_init (&error);
+ seat_objpath = dbus_message_get_path (message);
+ if (!dbus_message_get_args (message, &error,
+ DBUS_TYPE_STRING, &session_objpath,
+ DBUS_TYPE_INVALID)) {
+
+ /* TODO: should be _pk_critical */
+ kit_warning ("The SessionAdded signal on the org.freedesktop.ConsoleKit.Seat "
+ "interface for object %s has the wrong signature! "
+ "Your system is misconfigured.", seat_objpath);
+
+ goto out;
+ }
+
+ /* TODO: add to sessions - see polkit_tracker_is_authorization_relevant() */
+
+ } else if (dbus_message_is_signal (message, "org.freedesktop.ConsoleKit.Seat", "SessionRemoved")) {
+ DBusError error;
+ const char *seat_objpath;
+ const char *session_objpath;
+
+ /* If a session is removed, authorizations scoped for that session
+ * may become inactive.. so do notify the user about it..
+ */
+
+ ret = TRUE;
+
+ dbus_error_init (&error);
+ seat_objpath = dbus_message_get_path (message);
+ if (!dbus_message_get_args (message, &error,
+ DBUS_TYPE_STRING, &session_objpath,
+ DBUS_TYPE_INVALID)) {
+
+ /* TODO: should be _pk_critical */
+ kit_warning ("The SessionRemoved signal on the org.freedesktop.ConsoleKit.Seat "
+ "interface for object %s has the wrong signature! "
+ "Your system is misconfigured.", seat_objpath);
+
+ goto out;
+ }
+
+ _remove_caller_by_session (pk_tracker, session_objpath);
+
+ /* TODO: remove from sessions - see polkit_tracker_is_authorization_relevant() */
+ }
+
+ /* TODO: when ConsoleKit gains the ability to attach/detach a session to a seat (think
+ * hot-desking), we want to update our local caches too
+ */
+
+out:
+ return ret;
+}
+
+/**
+ * polkit_tracker_get_caller_from_dbus_name:
+ * @pk_tracker: the tracker object
+ * @dbus_name: unique name on the system message bus
+ * @error: D-Bus error
+ *
+ * This function is similar to polkit_caller_new_from_dbus_name()
+ * except that it uses the cache in #PolKitTracker. So on the second
+ * and subsequent calls, for the same D-Bus name, there will be no
+ * syscall or IPC overhead in calling this function.
+ *
+ * Returns: A #PolKitCaller object; the caller must use
+ * polkit_caller_unref() on the object when done with it. Returns
+ * #NULL if an error occured (in which case error will be set).
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Since: 0.7
+ */
+PolKitCaller *
+polkit_tracker_get_caller_from_dbus_name (PolKitTracker *pk_tracker, const char *dbus_name, DBusError *error)
+{
+ PolKitCaller *caller;
+
+ kit_return_val_if_fail (pk_tracker != NULL, NULL);
+ kit_return_val_if_fail (pk_tracker->con != NULL, NULL);
+ kit_return_val_if_fail (! dbus_error_is_set (error), NULL);
+
+ /* kit_debug ("Looking up cache for PolKitCaller for dbus_name %s...", dbus_name); */
+
+ caller = kit_hash_lookup (pk_tracker->dbus_name_to_caller, (void *) dbus_name, NULL);
+ if (caller != NULL)
+ return polkit_caller_ref (caller);
+
+ /* kit_debug ("Have to compute PolKitCaller for dbus_name %s...", dbus_name); */
+
+ caller = polkit_caller_new_from_dbus_name (pk_tracker->con, dbus_name, error);
+ if (caller == NULL)
+ return NULL;
+
+ kit_hash_insert (pk_tracker->dbus_name_to_caller, kit_strdup (dbus_name), caller);
+ return polkit_caller_ref (caller);
+}
+
+
+/**
+ * polkit_tracker_get_caller_from_pid:
+ * @pk_tracker: the tracker object
+ * @pid: UNIX process id to look at
+ * @error: D-Bus error
+ *
+ * This function is similar to polkit_caller_new_from_pid()
+ * except that it uses the cache in #PolKitTracker. So on the second
+ * and subsequent calls, for the same D-Bus name, there will be no
+ * IPC overhead in calling this function.
+ *
+ * There will be some syscall overhead to lookup the time when the
+ * given process is started (on Linux, looking up /proc/$pid/stat);
+ * this is needed because pid's can be recycled and the cache thus
+ * needs to record this in addition to the pid.
+ *
+ * Returns: A #PolKitCaller object; the caller must use
+ * polkit_caller_unref() on the object when done with it. Returns
+ * #NULL if an error occured (in which case error will be set).
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Since: 0.7
+ */
+PolKitCaller *
+polkit_tracker_get_caller_from_pid (PolKitTracker *pk_tracker, pid_t pid, DBusError *error)
+{
+ PolKitCaller *caller;
+ polkit_uint64_t start_time;
+ _PidStartTimePair *pst;
+
+ kit_return_val_if_fail (pk_tracker != NULL, NULL);
+ kit_return_val_if_fail (pk_tracker->con != NULL, NULL);
+ kit_return_val_if_fail (! dbus_error_is_set (error), NULL);
+
+ start_time = polkit_sysdeps_get_start_time_for_pid (pid);
+ if (start_time == 0) {
+ if (error != NULL) {
+ dbus_set_error (error,
+ "org.freedesktop.PolicyKit",
+ "Cannot look up start time for pid %d", pid);
+ }
+ return NULL;
+ }
+
+ pst = _pid_start_time_new (pid, start_time);
+
+ /* kit_debug ("Looking up cache for pid %d (start_time %lld)...", pid, start_time); */
+
+ caller = kit_hash_lookup (pk_tracker->pid_start_time_to_caller, (void *) pst, NULL);
+ if (caller != NULL) {
+ kit_free (pst);
+ return polkit_caller_ref (caller);
+ }
+
+ /* kit_debug ("Have to compute PolKitCaller from pid %d (start_time %lld)...", pid, start_time); */
+
+ caller = polkit_caller_new_from_pid (pk_tracker->con, pid, error);
+ if (caller == NULL) {
+ kit_free (pst);
+ return NULL;
+ }
+
+ /* TODO: we need to evict old entries..
+ *
+ * Say, timestamp the entries in _PidStartTimePair and do
+ * garbage collection every hour or so (e.g. record when we
+ * last did garbage collection and check this time on the next
+ * call into this function).
+ */
+
+ kit_hash_insert (pk_tracker->pid_start_time_to_caller, pst, caller);
+ return polkit_caller_ref (caller);
+}
+
+
+/**
+ * polkit_tracker_is_authorization_relevant:
+ * @pk_tracker: the tracker
+ * @auth: authorization to check for
+ * @error: return location for error
+ *
+ * As explicit authorizations are scoped (process single shot,
+ * process, session or everything), they become irrelevant once the
+ * entity (process or session) ceases to exist. This function
+ * determines whether the authorization is still relevant; it's useful
+ * for reporting and graphical tools displaying authorizations.
+ *
+ * This function is similar to polkit_is_authorization_relevant() only
+ * that it avoids IPC overhead on the 2nd and subsequent calls when
+ * checking authorizations scoped for a session.
+ *
+ * Returns: #TRUE if the authorization still applies, #FALSE if an
+ * error occurred (then error will be set) or if the entity the
+ * authorization refers to has gone out of scope.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_tracker_is_authorization_relevant (PolKitTracker *pk_tracker, PolKitAuthorization *auth, DBusError *error)
+{
+
+ kit_return_val_if_fail (pk_tracker != NULL, FALSE);
+ kit_return_val_if_fail (pk_tracker->con != NULL, FALSE);
+ kit_return_val_if_fail (! dbus_error_is_set (error), FALSE);
+
+ /* TODO: optimize... in order to do this sanely we need CK's Manager object to export
+ * a method GetAllSessions() - otherwise we'd need to key off every uid.
+ *
+ * It's no biggie we don't have this optimization yet.. it's only used by polkit-auth(1)
+ * and the GNOME utility for managing authorizations.
+ */
+ return _polkit_is_authorization_relevant_internal (pk_tracker->con, auth, NULL, error);
+}
diff --git a/src/polkit/polkit-tracker.h b/src/polkit/polkit-tracker.h
new file mode 100644
index 0000000..f994129
--- /dev/null
+++ b/src/polkit/polkit-tracker.h
@@ -0,0 +1,70 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-tracker.h : track callers
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_TRACKER_H
+#define POLKIT_TRACKER_H
+
+#include <dbus/dbus.h>
+#include <polkit/polkit-caller.h>
+#include <polkit/polkit-authorization.h>
+
+POLKIT_BEGIN_DECLS
+
+PolKitSession *polkit_session_new_from_objpath (DBusConnection *con, const char *objpath, uid_t uid, DBusError *error);
+PolKitSession *polkit_session_new_from_cookie (DBusConnection *con, const char *cookie, DBusError *error);
+
+PolKitCaller *polkit_caller_new_from_dbus_name (DBusConnection *con, const char *dbus_name, DBusError *error);
+
+PolKitCaller *polkit_caller_new_from_pid (DBusConnection *con, pid_t pid, DBusError *error);
+
+polkit_bool_t polkit_is_authorization_relevant (DBusConnection *con, PolKitAuthorization *auth, DBusError *error);
+
+struct _PolKitTracker;
+typedef struct _PolKitTracker PolKitTracker;
+
+PolKitTracker *polkit_tracker_new (void);
+PolKitTracker *polkit_tracker_ref (PolKitTracker *pk_tracker);
+void polkit_tracker_unref (PolKitTracker *pk_tracker);
+void polkit_tracker_set_system_bus_connection (PolKitTracker *pk_tracker, DBusConnection *con);
+void polkit_tracker_init (PolKitTracker *pk_tracker);
+polkit_bool_t polkit_tracker_dbus_func (PolKitTracker *pk_tracker, DBusMessage *message);
+PolKitCaller *polkit_tracker_get_caller_from_dbus_name (PolKitTracker *pk_tracker, const char *dbus_name, DBusError *error);
+PolKitCaller *polkit_tracker_get_caller_from_pid (PolKitTracker *pk_tracker, pid_t pid, DBusError *error);
+polkit_bool_t
+polkit_tracker_is_authorization_relevant (PolKitTracker *pk_tracker, PolKitAuthorization *auth, DBusError *error);
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_ACTION_H */
+
+
diff --git a/src/polkit/polkit.h b/src/polkit/polkit.h
index aa0ab8f..884fc41 100644
--- a/src/polkit/polkit.h
+++ b/src/polkit/polkit.h
@@ -44,9 +44,10 @@
#include <polkit/polkit-policy-file.h>
#include <polkit/polkit-policy-cache.h>
#include <polkit/polkit-policy-default.h>
-#include <polkit/polkit-config.h>
#include <polkit/polkit-authorization.h>
#include <polkit/polkit-authorization-db.h>
+#include <polkit/polkit-tracker.h>
+#include <polkit/polkit-simple.h>
#undef _POLKIT_INSIDE_POLKIT_H
#endif /* POLKIT_H */
diff --git a/test/authdb-test/lib/PolicyKit/.gitignore b/test/authdb-test/lib/PolicyKit/.gitignore
deleted file mode 100644
index e69de29..0000000
diff --git a/test/authdb-test/lib/polkit-1/.gitignore b/test/authdb-test/lib/polkit-1/.gitignore
new file mode 100644
index 0000000..e69de29
diff --git a/test/authdb-test/run/PolicyKit/.gitignore b/test/authdb-test/run/PolicyKit/.gitignore
deleted file mode 100644
index e69de29..0000000
diff --git a/test/authdb-test/run/polkit-1/.gitignore b/test/authdb-test/run/polkit-1/.gitignore
new file mode 100644
index 0000000..e69de29
diff --git a/tools/Makefile.am b/tools/Makefile.am
index 3f0a200..195f832 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -11,22 +11,19 @@ INCLUDES = \
@GLIB_CFLAGS@ \
@DBUS_CFLAGS@
-bin_PROGRAMS = polkit-config-file-validate polkit-policy-file-validate polkit-action polkit-auth
+bin_PROGRAMS = polkit-policy-file-validate-1 polkit-action-1 polkit-auth-1
-polkit_config_file_validate_SOURCES = polkit-config-file-validate.c
-polkit_config_file_validate_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la
+polkit_policy_file_validate_1_SOURCES = polkit-policy-file-validate.c
+polkit_policy_file_validate_1_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit-1.la
-polkit_policy_file_validate_SOURCES = polkit-policy-file-validate.c
-polkit_policy_file_validate_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la
+polkit_auth_1_SOURCES = polkit-auth.c
+polkit_auth_1_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/polkit/libpolkit-1.la $(top_builddir)/src/polkit-grant/libpolkit-grant-1.la
-polkit_auth_SOURCES = polkit-auth.c
-polkit_auth_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-grant/libpolkit-grant.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la
-
-polkit_action_SOURCES = polkit-action.c
-polkit_action_LDADD = $(top_builddir)/src/polkit/libpolkit.la
+polkit_action_1_SOURCES = polkit-action.c
+polkit_action_1_LDADD = $(top_builddir)/src/polkit/libpolkit-1.la
profiledir = $(sysconfdir)/profile.d
-profile_SCRIPTS = polkit-bash-completion.sh
+profile_SCRIPTS = polkit-bash-completion-1.sh
EXTRA_DIST = $(profile_SCRIPTS)
diff --git a/tools/polkit-auth.c b/tools/polkit-auth.c
index 001298e..a22f418 100644
--- a/tools/polkit-auth.c
+++ b/tools/polkit-auth.c
@@ -46,7 +46,7 @@
#include <errno.h>
#include <termios.h>
-#include <polkit-dbus/polkit-dbus.h>
+#include <polkit/polkit.h>
#include <polkit-grant/polkit-grant.h>
#include <glib.h>
diff --git a/tools/polkit-bash-completion-1.sh b/tools/polkit-bash-completion-1.sh
new file mode 100644
index 0000000..4d67fe3
--- /dev/null
+++ b/tools/polkit-bash-completion-1.sh
@@ -0,0 +1,125 @@
+
+# Check for bash
+[ -z "$BASH_VERSION" ] && return
+
+####################################################################################################
+
+__polkit_auth_1() {
+ local IFS=$'\n'
+ local cur="${COMP_WORDS[COMP_CWORD]}"
+
+ case $COMP_CWORD in
+ 1)
+ COMPREPLY=($(IFS=: compgen -S' ' -W "--obtain:--show-obtainable:--explicit:--explicit-detail:--grant:--block:--revoke:--user:--version:--help" -- $cur))
+ ;;
+ 2)
+ case "${COMP_WORDS[1]}" in
+ --obtain)
+ COMPREPLY=($(compgen -W "$(polkit-auth-1 --show-obtainable)" -- $cur))
+ ;;
+ --revoke)
+ COMPREPLY=($(compgen -W "$(polkit-auth-1 --explicit)" -- $cur))
+ ;;
+ --grant|--block)
+ COMPREPLY=($(compgen -W "$(polkit-action-1)" -- $cur))
+ ;;
+ --user)
+ COMPREPLY=($(compgen -u -- $cur))
+ ;;
+ esac
+ ;;
+ 3)
+ case "${COMP_WORDS[1]}" in
+ --user)
+ COMPREPLY=($(IFS=: compgen -S' ' -W "--explicit:--explicit-detail:--grant:--block:--revoke" -- $cur))
+ ;;
+ --grant|--block)
+ COMPREPLY=($(IFS=: compgen -S' ' -W "--constraint" -- $cur))
+ ;;
+ esac
+ ;;
+ 4)
+ case "${COMP_WORDS[3]}" in
+ --revoke)
+ case "${COMP_WORDS[1]}" in
+ --user)
+ local afou
+ # we may not be authorized to read the explicit auths for the given user..
+ afou=$(polkit-auth-1 --user ${COMP_WORDS[2]} --explicit 2> /dev/null)
+ if [ $? != 0 ] ; then
+ # .. so if that fails, fall back to showing all actions
+ afou=$(polkit-action-1)
+ fi
+ COMPREPLY=($(compgen -W "$afou" -- $cur))
+ ;;
+ *)
+ COMPREPLY=($(compgen -W "$(polkit-action-1)" -- $cur))
+ ;;
+ esac
+ ;;
+ --grant|--block)
+ COMPREPLY=($(compgen -W "$(polkit-action-1)" -- $cur))
+ ;;
+ --constraint)
+ COMPREPLY=($(IFS=: compgen -S' ' -W "local:active:exe\::selinux_context\:" -- $cur))
+ ;;
+ esac
+ ;;
+ 5)
+ case "${COMP_WORDS[3]}" in
+ --grant|--block)
+ COMPREPLY=($(IFS=: compgen -S' ' -W "--constraint" -- $cur))
+ ;;
+ esac
+ case "${COMP_WORDS[1]}" in
+ --grant|--block)
+ COMPREPLY=($(IFS=: compgen -S' ' -W "--constraint" -- $cur))
+ ;;
+ esac
+ ;;
+ *)
+ case "${COMP_WORDS[$(($COMP_CWORD - 1))]}" in
+ --constraint)
+ COMPREPLY=($(IFS=: compgen -S' ' -W "local:active:exe\::selinux_context\:" -- $cur))
+ ;;
+ *)
+ COMPREPLY=($(IFS=: compgen -S' ' -W "--constraint" -- $cur))
+ ;;
+ esac
+ ;;
+ esac
+}
+
+####################################################################################################
+
+__polkit_action_1() {
+ local IFS=$'\n'
+ local cur="${COMP_WORDS[COMP_CWORD]}"
+
+ case $COMP_CWORD in
+ 1)
+ COMPREPLY=($(IFS=: compgen -S' ' -W "--action:--reset-defaults:--set-defaults-any:--set-defaults-inactive:--set-defaults-active:--show-overrides:--version:--help" -- $cur))
+ ;;
+ 2)
+ case "${COMP_WORDS[1]}" in
+ --action|--set-defaults-any|--set-defaults-inactive|--set-defaults-active)
+ COMPREPLY=($(compgen -W "$(polkit-action-1)" -- $cur))
+ ;;
+ --reset-defaults)
+ COMPREPLY=($(compgen -W "$(polkit-action-1 --show-overrides)" -- $cur))
+ ;;
+ esac
+ ;;
+ 3)
+ case "${COMP_WORDS[1]}" in
+ --set-defaults-any|--set-defaults-inactive|--set-defaults-active)
+ COMPREPLY=($(IFS=: compgen -S' ' -W "yes:no:auth_admin_one_shot:auth_admin:auth_admin_keep_session:auth_admin_keep_always:auth_self_one_shot:auth_self:auth_self_keep_session:auth_self_keep_always" -- $cur))
+ ;;
+ esac
+ esac
+}
+
+####################################################################################################
+
+complete -o nospace -F __polkit_auth_1 polkit-auth-1
+complete -o nospace -F __polkit_action_1 polkit-action-1
diff --git a/tools/polkit-bash-completion.sh b/tools/polkit-bash-completion.sh
deleted file mode 100644
index 37e5ee1..0000000
--- a/tools/polkit-bash-completion.sh
+++ /dev/null
@@ -1,125 +0,0 @@
-
-# Check for bash
-[ -z "$BASH_VERSION" ] && return
-
-####################################################################################################
-
-__polkit_auth() {
- local IFS=$'\n'
- local cur="${COMP_WORDS[COMP_CWORD]}"
-
- case $COMP_CWORD in
- 1)
- COMPREPLY=($(IFS=: compgen -S' ' -W "--obtain:--show-obtainable:--explicit:--explicit-detail:--grant:--block:--revoke:--user:--version:--help" -- $cur))
- ;;
- 2)
- case "${COMP_WORDS[1]}" in
- --obtain)
- COMPREPLY=($(compgen -W "$(polkit-auth --show-obtainable)" -- $cur))
- ;;
- --revoke)
- COMPREPLY=($(compgen -W "$(polkit-auth --explicit)" -- $cur))
- ;;
- --grant|--block)
- COMPREPLY=($(compgen -W "$(polkit-action)" -- $cur))
- ;;
- --user)
- COMPREPLY=($(compgen -u -- $cur))
- ;;
- esac
- ;;
- 3)
- case "${COMP_WORDS[1]}" in
- --user)
- COMPREPLY=($(IFS=: compgen -S' ' -W "--explicit:--explicit-detail:--grant:--block:--revoke" -- $cur))
- ;;
- --grant|--block)
- COMPREPLY=($(IFS=: compgen -S' ' -W "--constraint" -- $cur))
- ;;
- esac
- ;;
- 4)
- case "${COMP_WORDS[3]}" in
- --revoke)
- case "${COMP_WORDS[1]}" in
- --user)
- local afou
- # we may not be authorized to read the explicit auths for the given user..
- afou=$(polkit-auth --user ${COMP_WORDS[2]} --explicit 2> /dev/null)
- if [ $? != 0 ] ; then
- # .. so if that fails, fall back to showing all actions
- afou=$(polkit-action)
- fi
- COMPREPLY=($(compgen -W "$afou" -- $cur))
- ;;
- *)
- COMPREPLY=($(compgen -W "$(polkit-action)" -- $cur))
- ;;
- esac
- ;;
- --grant|--block)
- COMPREPLY=($(compgen -W "$(polkit-action)" -- $cur))
- ;;
- --constraint)
- COMPREPLY=($(IFS=: compgen -S' ' -W "local:active:exe\::selinux_context\:" -- $cur))
- ;;
- esac
- ;;
- 5)
- case "${COMP_WORDS[3]}" in
- --grant|--block)
- COMPREPLY=($(IFS=: compgen -S' ' -W "--constraint" -- $cur))
- ;;
- esac
- case "${COMP_WORDS[1]}" in
- --grant|--block)
- COMPREPLY=($(IFS=: compgen -S' ' -W "--constraint" -- $cur))
- ;;
- esac
- ;;
- *)
- case "${COMP_WORDS[$(($COMP_CWORD - 1))]}" in
- --constraint)
- COMPREPLY=($(IFS=: compgen -S' ' -W "local:active:exe\::selinux_context\:" -- $cur))
- ;;
- *)
- COMPREPLY=($(IFS=: compgen -S' ' -W "--constraint" -- $cur))
- ;;
- esac
- ;;
- esac
-}
-
-####################################################################################################
-
-__polkit_action() {
- local IFS=$'\n'
- local cur="${COMP_WORDS[COMP_CWORD]}"
-
- case $COMP_CWORD in
- 1)
- COMPREPLY=($(IFS=: compgen -S' ' -W "--action:--reset-defaults:--set-defaults-any:--set-defaults-inactive:--set-defaults-active:--show-overrides:--version:--help" -- $cur))
- ;;
- 2)
- case "${COMP_WORDS[1]}" in
- --action|--set-defaults-any|--set-defaults-inactive|--set-defaults-active)
- COMPREPLY=($(compgen -W "$(polkit-action)" -- $cur))
- ;;
- --reset-defaults)
- COMPREPLY=($(compgen -W "$(polkit-action --show-overrides)" -- $cur))
- ;;
- esac
- ;;
- 3)
- case "${COMP_WORDS[1]}" in
- --set-defaults-any|--set-defaults-inactive|--set-defaults-active)
- COMPREPLY=($(IFS=: compgen -S' ' -W "yes:no:auth_admin_one_shot:auth_admin:auth_admin_keep_session:auth_admin_keep_always:auth_self_one_shot:auth_self:auth_self_keep_session:auth_self_keep_always" -- $cur))
- ;;
- esac
- esac
-}
-
-####################################################################################################
-
-complete -o nospace -F __polkit_auth polkit-auth
-complete -o nospace -F __polkit_action polkit-action
diff --git a/tools/polkit-config-file-validate.c b/tools/polkit-config-file-validate.c
deleted file mode 100644
index 70f7f4b..0000000
--- a/tools/polkit-config-file-validate.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-config-file-validate.c : validate configuration file
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use, copy,
- * modify, merge, publish, distribute, sublicense, and/or sell copies
- * of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdbool.h>
-#include <getopt.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <polkit/polkit.h>
-
-static void
-usage (int argc, char *argv[])
-{
- execlp ("man", "man", "polkit-config-file-validate", NULL);
- fprintf (stderr, "Cannot show man page: %m\n");
- exit (1);
-}
-
-int
-main (int argc, char *argv[])
-{
- int n;
- int ret;
- char *path;
- PolKitConfig *config;
- PolKitError *pk_error;
-
- ret = 1;
-
- path = NULL;
- for (n = 1; n < argc; n++) {
- if (strcmp (argv[n], "--help") == 0) {
- usage (argc, argv);
- ret = 0;
- goto out;
- } else if (strcmp (argv[n], "--version") == 0) {
- printf ("polkit-config-file-validate " PACKAGE_VERSION "\n");
- ret = 0;
- goto out;
- } else {
- if (path != NULL) {
- usage (argc, argv);
- goto out;
- }
- path = argv[n];
- }
- }
-
- if (path == NULL)
- path = PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf";
-
- pk_error = NULL;
- config = polkit_config_new (path, &pk_error);
- if (config == NULL) {
- printf ("Configuration file is malformed: %s\n", polkit_error_get_error_message (pk_error));
- polkit_error_free (pk_error);
- goto out;
- }
-
- ret = 0;
-
-out:
- return ret;
-}
More information about the hal-commit
mailing list