hal/tools Makefile.am, 1.33, 1.34 hal-policy-is-privileged.c, NONE,
1.1
David Zeuthen
david at kemper.freedesktop.org
Sun Feb 26 15:03:59 PST 2006
Update of /cvs/hal/hal/tools
In directory kemper:/tmp/cvs-serv16016/tools
Modified Files:
Makefile.am
Added Files:
hal-policy-is-privileged.c
Log Message:
2006-02-26 David Zeuthen <davidz at redhat.com>
* tools/Makefile.am: Add build rules for hal-policy-is-privileged
* tools/hal-policy-is-privileged.c: New file, used to query policy
Index: Makefile.am
===================================================================
RCS file: /cvs/hal/hal/tools/Makefile.am,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -d -r1.33 -r1.34
--- Makefile.am 18 Feb 2006 23:00:55 -0000 1.33
+++ Makefile.am 26 Feb 2006 23:03:57 -0000 1.34
@@ -3,8 +3,12 @@
SUBDIRS = linux device-manager
INCLUDES = \
+ -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
+ -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
-DPACKAGE_DATA_DIR=\""$(datadir)"\" \
-DPACKAGE_BIN_DIR=\""$(bindir)"\" \
+ -DPACKAGE_LOCALSTATEDIR=\""$(localstatedir)"\" \
+ -DPACKAGE_SCRIPT_DIR=\""$(datadir)/hal/scripts"\" \
-DPACKAGE_LOCALE_DIR=\""$(prefix)/$(DATADIRNAME)/locale"\" \
-I$(top_srcdir) -I$(top_srcdir)/libhal \
@PACKAGE_CFLAGS@
@@ -16,6 +20,10 @@
hal-find-by-capability \
hal-find-by-property \
hal-device
+ hal-policy-is-privileged
+
+hal_policy_is_privileged_SOURCES = hal-policy-is-privileged.c
+hal_policy_is_privileged_LDADD = @GLIB_LIBS@ $(top_builddir)/libhal-policy/libhal-policy.la
lshal_SOURCES = lshal.c
lshal_LDADD = @PACKAGE_LIBS@ $(top_builddir)/libhal/libhal.la
--- NEW FILE: hal-policy-is-privileged.c ---
/***************************************************************************
* CVSID: $Id: hal-policy-is-privileged.c,v 1.1 2006/02/26 23:03:57 david Exp $
*
* hal_.c : Show devices managed by HAL
*
* Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
*
* Licensed under the Academic Free License version 2.1
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
**************************************************************************/
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <getopt.h>
#include <libhal-policy/libhal-policy.h>
static void
usage (int argc, char *argv[])
{
fprintf (stderr, "hal-policy-is-privileged version " PACKAGE_VERSION "\n");
fprintf (stderr, "\n" "usage : %s -u <uid> -p <policy> [-r <resource>]\n", argv[0]);
fprintf (stderr,
"\n"
"Options:\n"
" -u, --uid Username or user id\n"
" -r, --resource Resource\n"
" -p, --policy policy to test for\n"
" -h, --help Show this information and exit\n"
" -V, --version Print version number\n"
"\n"
"Queries system policy whether a given user is allowed for a given\n"
"policy for a given resource. The resource may be omitted.\n"
"\n"
"System policies are defined in the " PACKAGE_SYSCONF_DIR "/hal/policy directory.\n"
"\n");
}
int
main (int argc, char *argv[])
{
int rc;
uid_t uid;
char *user = NULL;
char *policy = NULL;
char *resource = NULL;
static const struct option long_options[] = {
{"uid", required_argument, NULL, 'u'},
{"resource", required_argument, NULL, 'r'},
{"policy", required_argument, NULL, 'p'},
{"help", no_argument, NULL, 'h'},
{"version", no_argument, NULL, 'V'},
{NULL, 0, NULL, 0}
};
LibHalPolicyContext *ctx = NULL;
char *endp;
gboolean is_allowed;
LibHalPolicyResult result;
rc = 1;
while (TRUE) {
int c;
c = getopt_long (argc, argv, "u:r:p:UhV", long_options, NULL);
if (c == -1)
break;
switch (c) {
case 'u':
user = g_strdup (optarg);
break;
case 'r':
resource = g_strdup (optarg);
break;
case 'p':
policy = g_strdup (optarg);
break;
case 'h':
usage (argc, argv);
rc = 0;
goto out;
case 'V':
printf ("hal-policy-is-privileged version " PACKAGE_VERSION "\n");
rc = 0;
goto out;
default:
usage (argc, argv);
goto out;
}
}
if (user == NULL || policy == NULL) {
usage (argc, argv);
return 1;
}
/*
printf ("user = '%s'\n", user);
printf ("policy = '%s'\n", policy);
printf ("resource = '%s'\n", resource);
*/
ctx = libhal_policy_new_context ();
if (ctx == NULL) {
g_warning ("Cannot get policy context");
goto out;
}
uid = (uid_t) g_ascii_strtoull (user, &endp, 0);
if (endp[0] != '\0') {
uid = libhal_policy_util_name_to_uid (ctx, user, NULL);
if (uid == (uid_t) -1) {
g_warning ("User '%s' does not exist", user);
goto out;
}
}
/*
printf ("uid %d\n", (int) uid);
*/
result = libhal_policy_is_uid_allowed_for_policy (ctx,
uid,
policy,
resource,
&is_allowed);
switch (result) {
case LIBHAL_POLICY_RESULT_OK:
rc = is_allowed ? 0 : 1;
break;
case LIBHAL_POLICY_RESULT_ERROR:
g_warning ("error retrieving policy");
break;
case LIBHAL_POLICY_RESULT_INVALID_CONTEXT:
g_warning ("invalid context");
break;
case LIBHAL_POLICY_RESULT_PERMISSON_DENIED:
g_warning ("permission denied");
break;
case LIBHAL_POLICY_RESULT_NO_SUCH_POLICY:
g_warning ("no such policy '%s'", policy);
break;
}
/*
printf ("result %d\n", result);
printf ("is_allowed %d\n", is_allowed);
*/
out:
if (ctx != NULL)
libhal_policy_free_context (ctx);
return rc;
}
More information about the hal-commit
mailing list