PolicyKit/tools Makefile.am, 1.3, 1.4 polkit-grant-privilege.c, 1.4, 1.5 polkit-is-privileged.c, 1.4, 1.5 polkit-list-privileges.c, 1.2, 1.3 polkit-revoke-privilege.c, 1.1, 1.2

David Zeuthen david at kemper.freedesktop.org
Mon Jun 5 16:39:03 PDT 2006


Update of /cvs/hal/PolicyKit/tools
In directory kemper:/tmp/cvs-serv24124/tools

Modified Files:
	Makefile.am polkit-grant-privilege.c polkit-is-privileged.c 
	polkit-list-privileges.c polkit-revoke-privilege.c 
Log Message:
2006-06-05  David Zeuthen  <davidz at redhat.com>

	Lots of changes! Almost ready for 0.2 release.

	* Makefile.am:
	* README:
	* configure.in:
	* doc/TODO:
	* doc/api/polkit-docs.xml:
	* doc/spec/Makefile.am:
	* doc/spec/polkit-spec.html:
	* doc/spec/polkit-spec.xml.in:
	* libpolkit/Makefile.am:
	* libpolkit/libpolkit-grant.c: (have_questions_handler),
	(libpolkit_grant_provide_answers), (auth_done_handler),
	(libpolkit_grant_new_context),
	(libpolkit_grant_get_libpolkit_context),
	(libpolkit_grant_set_questions_handler),
	(libpolkit_grant_set_grant_complete_handler),
	(libpolkit_grant_initiate_temporary_grant),
	(libpolkit_grant_get_user_for_auth),
	(libpolkit_grant_get_pam_service_for_auth),
	(libpolkit_grant_close), (libpolkit_grant_free_context),
	(libpolkit_grant_get_user), (libpolkit_grant_get_privilege),
	(libpolkit_grant_get_resource):
	* libpolkit/libpolkit-grant.h:
	* libpolkit/libpolkit.c:
	(libpolkit_get_allowed_resources_for_privilege_for_uid),
	(libpolkit_is_uid_allowed_for_privilege):
	* libpolkit/libpolkit.h:
	* pam-polkit-console/Makefile.am:
	* pam-polkit-console/pam-polkit-console.c: (_pam_log),
	(_parse_module_args), (_is_local_xconsole), (_poke_polkitd),
	(pam_sm_authenticate), (pam_sm_setcred), (pam_sm_open_session),
	(pam_sm_close_session):
	* polkit-interface-manager.xml:
	* polkit-interface-session.xml:
	* polkit.pc.in:
	* polkitd/PolicyKit.in:
	* polkitd/main.c: (handle_sigusr1), (sigusr1_iochn_data), (main):
	* polkitd/policy.c: (txt_backend_read_policy),
	(txt_backend_read_list), (txt_backend_read_word),
	(policy_get_sufficient_privileges),
	(policy_get_required_privileges),
	(policy_get_auth_details_for_policy),
	(_policy_is_uid_gid_allowed_for_policy),
	(policy_is_uid_gid_allowed_for_policy),
	(policy_is_uid_allowed_for_policy):
	* polkitd/policy.h:
	* polkitd/polkit-manager.c: (_granting_temp_priv),
	(_revoking_temp_priv), (polkit_manager_error_get_type),
	(bus_name_owner_changed), (polkit_manager_get_caller_info),
	(_check_for_temp_privilege),
	(polkit_manager_initiate_temporary_privilege_grant),
	(polkit_manager_is_user_privileged),
	(polkit_manager_get_allowed_resources_for_privilege),
	(polkit_manager_revoke_temporary_privilege),
	(polkit_manager_add_temporary_privilege),
	(polkit_manager_remove_temporary_privilege),
	(polkit_manager_update_desktop_console_privileges):
	* polkitd/polkit-manager.h:
	* polkitd/polkit-session.c: (polkit_session_close),
	(polkit_session_grant_privilege_temporarily), (polkit_session_new),
	(polkit_session_initiator_disconnected):
	* polkitd/polkit-session.h:
	* privileges/desktop-console.privilege:
	* tools/Makefile.am:
	* tools/polkit-grant-privilege.c: (questions_cb),
	(grant_complete_cb), (main):
	* tools/polkit-is-privileged.c: (usage), (main):
	* tools/polkit-list-privileges.c: (main):
	* tools/polkit-revoke-privilege.c: (main):



Index: Makefile.am
===================================================================
RCS file: /cvs/hal/PolicyKit/tools/Makefile.am,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- Makefile.am	22 Apr 2006 23:27:14 -0000	1.3
+++ Makefile.am	5 Jun 2006 23:39:00 -0000	1.4
@@ -24,27 +24,15 @@
 polkit_list_privileges_SOURCES = polkit-list-privileges.c
 polkit_list_privileges_LDADD = @DBUS_CFLAGS@ @GLIB_LIBS@ $(top_builddir)/libpolkit/libpolkit.la
 
-polkit-interface-manager-glue.h: ../polkit-interface-manager.xml Makefile.am
-	dbus-binding-tool --prefix=polkit_manager --mode=glib-client --output=polkit-interface-manager-glue.h ../polkit-interface-manager.xml
-
-polkit-interface-session-glue.h: ../polkit-interface-session.xml Makefile.am
-	dbus-binding-tool --prefix=polkit_session --mode=glib-client --output=polkit-interface-session-glue.h ../polkit-interface-session.xml
-
-
 polkit_grant_privilege_SOURCES= \
-	polkit-grant-privilege.c					\
-					polkit-interface-manager-glue.h \
-					polkit-interface-session-glue.h
-polkit_grant_privilege_LDADD= @DBUS_GLIB_LIBS@ @GLIB_LIBS@ $(top_builddir)/libpolkit/libpolkit.la
+	polkit-grant-privilege.c
 
+polkit_grant_privilege_LDADD= @DBUS_GLIB_LIBS@ @GLIB_LIBS@ $(top_builddir)/libpolkit/libpolkit.la $(top_builddir)/libpolkit/libpolkit-grant.la
 
 polkit_revoke_privilege_SOURCES= \
 	polkit-revoke-privilege.c
 polkit_revoke_privilege_LDADD= @DBUS_GLIB_LIBS@ @GLIB_LIBS@ $(top_builddir)/libpolkit/libpolkit.la
 
-
-BUILT_SOURCES = polkit-interface-manager-glue.h polkit-interface-session-glue.h
-
 clean-local :
-	rm -f *~ $(BUILT_SOURCES)
+	rm -f *~
 

Index: polkit-grant-privilege.c
===================================================================
RCS file: /cvs/hal/PolicyKit/tools/polkit-grant-privilege.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- polkit-grant-privilege.c	22 Apr 2006 23:27:14 -0000	1.4
+++ polkit-grant-privilege.c	5 Jun 2006 23:39:00 -0000	1.5
@@ -36,27 +36,34 @@
 #include <dbus/dbus-glib-lowlevel.h>
 
 #include <libpolkit/libpolkit.h>
+#include <libpolkit/libpolkit-grant.h>
 
-#include "polkit-interface-manager-glue.h"
-#include "polkit-interface-session-glue.h"
 
-static char *grant_user = NULL;
-static char *grant_privilege = NULL;
-static char *grant_resource = NULL;
-static char *auth_user = NULL;
-static char *auth_pam_service_name = NULL;
+static gboolean is_verbose = FALSE;
+
 
 static void
-have_questions_handler (DBusGProxy *session, gpointer user_data)
+questions_cb (LibPolKitGrantContext  *ctx, 
+	      const char            **questions,
+	      gpointer                user_data)
 {
 	int i;
-	char **questions;
-	char **answers;
 	int num_a;
-	GError *error = NULL;
+	char **answers;
+	static gboolean showed_user = FALSE;
 
-	if (auth_user != NULL) {
-		if (grant_resource != NULL)
+
+	/* print banner for user if we are going to ask questions */
+	if (!showed_user) {
+		const char *auth_user;
+		const char *auth_pam_svc;
+
+		showed_user = TRUE;
+
+		auth_user = libpolkit_grant_get_user_for_auth (ctx);
+		auth_pam_svc = libpolkit_grant_get_pam_service_for_auth (ctx);
+
+		if (libpolkit_grant_get_resource (ctx) != NULL) {
 			g_print ("\n"
 				 "Authentication needed for user '%s' in order to grant the\n"
 				 "privilege '%s' to user '%s' for the \n"
@@ -65,10 +72,11 @@
 				 "The privilege is configured to use PAM service '%s'.\n"
 				 "\n",
 				 auth_user,
-				 grant_privilege, grant_user, 
-				 grant_resource,
-				 auth_pam_service_name);
-		else
+				 libpolkit_grant_get_privilege (ctx), 
+				 libpolkit_grant_get_user (ctx), 
+				 libpolkit_grant_get_resource (ctx),
+				 auth_pam_svc);
+		} else {
 			g_print ("\n"
 				 "Authentication needed for user '%s' in order to grant the\n"
 				 "privilege '%s' to user '%s'.\n"
@@ -76,29 +84,20 @@
 				 "The privilege is configured to use PAM service '%s'.\n"
 				 "\n",
 				 auth_user,
-				 grant_privilege, grant_user,
-				 auth_pam_service_name);
-		g_free (auth_user);
-		g_free (auth_pam_service_name);
-		auth_user = NULL;
-		auth_pam_service_name = NULL;
+				 libpolkit_grant_get_privilege (ctx), 
+				 libpolkit_grant_get_user (ctx),
+				 auth_pam_svc);
+		}
 	}
 
-	if (!org_freedesktop_PolicyKit_Session_get_questions (session,
-							      &questions,
-							      &error)) {
-		g_warning ("GetQuestions: %s", error->message);
-		g_error_free (error);
-		goto out;
-	}
 
-	answers = g_new0 (char *, g_strv_length (questions) + 1);
+	answers = g_new0 (char *, g_strv_length ((char **) questions) + 1);
 	num_a = 0;
 
 	for (i = 0; questions[i] != NULL && questions[i+1] != NULL; i++) {
 		char *answer;
-		char *question = questions[i+1];
-		char *qtype = questions[i];
+		const char *question = questions[i+1];
+		const char *qtype = questions[i];
 
 		/*g_debug ("Question 1: '%s' (pamtype %s)\n(warning; secret will be echoed to stdout)", question, qtype);*/
 
@@ -112,7 +111,7 @@
 			char buf[1024];
 
 			fputs (question, stderr);
-			answer = fgets (question, sizeof (buf), stdin);
+			answer = fgets ((char *) question, sizeof (buf), stdin);
 			answers[num_a++] = g_strdup (answer);
 
 			/*g_debug ("Provding answer: '%s'", answer);*/
@@ -127,155 +126,30 @@
 	}
 	answers[num_a] = NULL;
 
-	g_strfreev (questions);
-
-	if (!org_freedesktop_PolicyKit_Session_provide_answers (session,
-								(const char **) answers,
-								&error)) {
-		g_warning ("ProvideAnswers: %s", error->message);
-		g_error_free (error);
-		goto out;
-	}
+	libpolkit_grant_provide_answers (ctx, (const char **) answers);
 
 	g_strfreev (answers);
-
-out:
-	;
 }
 
 static void
-auth_done_handler (DBusGProxy *session, gpointer user_data)
+grant_complete_cb (LibPolKitGrantContext  *ctx, 
+		   gboolean                obtained_privilege,
+		   const char             *reason_not_obtained,
+		   gpointer                user_data)
 {
-	gboolean auth_result;
-	GError *error = NULL;
-
-	/*g_debug ("in %s", __FUNCTION__);*/
-
-	if (!org_freedesktop_PolicyKit_Session_is_authenticated (session,
-								 &auth_result,
-								 &error)) {
-		g_warning ("IsAuthenticated: %s", error->message);
-		g_error_free (error);
-		goto out;
-	}
-
-	/*g_message ("Authentication done. %s", auth_result);*/
-
-	if (!auth_result) {
-		char *auth_denied_reason;
-
-		if (!org_freedesktop_PolicyKit_Session_get_auth_denied_reason (session,
-									       &auth_denied_reason,
-									       &error)) {
-			g_warning ("GetAuthDeniedReason: %s", error->message);
-			g_error_free (error);
-			goto out;
-		}
-		
-		g_print ("\n"
-			 "Authentication failed (reason: '%s').\n", auth_denied_reason);
-		g_free (auth_denied_reason);
+	if (!obtained_privilege) {
+		g_print ("Privilege not granted: %s\n", reason_not_obtained != NULL ? reason_not_obtained : "(null)");
 	} else {
-		g_print ("\n"
-			 "Authentication succeeded.\n");
-
-		/* don't restrict privilege to callers PID */
-		if (!org_freedesktop_PolicyKit_Session_grant_privilege_temporarily (session,
-										    FALSE,
-										    &error)) {
-			g_warning ("GrantPrivilegeTemporarily: %s", error->message);
-			g_error_free (error);
-		}
+		/* keep the privilege */
+		libpolkit_grant_close (ctx, FALSE);
 	}
 
-out:
-
-	/* don't revoke privilege when we close the session */
-	if (!org_freedesktop_PolicyKit_Session_close (session,
-						      TRUE,
-						      &error)) {
-		g_warning ("Close: %s", error->message);
-		g_error_free (error);
-	}
+	libpolkit_free_context (ctx);
 
 	exit (0);
 }
 
-static void
-do_grant_privilege (DBusGConnection *conn, const char *user, const char *privilege, const char *resource)
-{
-	GError *error = NULL;
-	DBusGProxy *manager;
-	DBusGProxy *session;
-	char *session_objpath;
-	GMainLoop *mainloop;
-
-	grant_user = g_strdup (user);
-	grant_privilege = g_strdup (privilege);
-	grant_resource = g_strdup (resource);
-
-	mainloop = g_main_loop_new (NULL, FALSE);
-
-	manager = dbus_g_proxy_new_for_name (conn,
-					     "org.freedesktop.PolicyKit",
-					     "/org/freedesktop/PolicyKit/Manager",
-					     "org.freedesktop.PolicyKit.Manager");
-	if (manager == NULL) {
-		goto out;
-	}
-
-	if (!org_freedesktop_PolicyKit_Manager_initiate_temporary_privilege_grant (manager,
-										   user,
-										   privilege,
-										   resource,
-										   &session_objpath,
-										   &error)) {
-		g_warning ("GrantPrivilege: %s", error->message);
-		g_error_free (error);
-		goto out;
-	}
-
-	/*g_debug ("session_objpath = %s", session_objpath);*/
-
-	session = dbus_g_proxy_new_for_name (conn,
-					     "org.freedesktop.PolicyKit",
-					     session_objpath,
-					     "org.freedesktop.PolicyKit.Session");
-	if (session == NULL) {
-		goto out;
-	}
-
-	dbus_g_proxy_add_signal (session, "HaveQuestions", G_TYPE_INVALID);
-	dbus_g_proxy_connect_signal (session, "HaveQuestions", G_CALLBACK (have_questions_handler),
-				     NULL, NULL);
-
-	dbus_g_proxy_add_signal (session, "AuthenticationDone", G_TYPE_INVALID);
-	dbus_g_proxy_connect_signal (session, "AuthenticationDone", G_CALLBACK (auth_done_handler),
-				     NULL, NULL);
 
-	if (!org_freedesktop_PolicyKit_Session_get_auth_details (session,
-								 &auth_user,
-								 &auth_pam_service_name,
-								 &error)) {
-		g_warning ("GetAuthDetails: %s", error->message);
-		g_error_free (error);
-		goto out;
-	}
-
-	if (!org_freedesktop_PolicyKit_Session_initiate_auth (session,
-							      &error)) {
-		g_warning ("InitiateAuth: %s", error->message);
-		g_error_free (error);
-		goto out;
-	}
-
-	g_main_loop_run (mainloop);
-
-
-	g_free (session_objpath);
-out:
-	;
-}
 
 static void
 usage (int argc, char *argv[])
@@ -297,15 +171,12 @@
 		 "be omitted.\n");
 }
 
-static gboolean is_verbose = FALSE;
-
 int
 main (int argc, char **argv)
 {
 	int rc;
 	GError *error = NULL;
 	DBusGConnection *bus;
-	LibPolKitContext *ctx;
 	char *user = NULL;
 	char *resource = NULL;
 	char *privilege = NULL;
@@ -321,9 +192,15 @@
 	gboolean is_privileged = FALSE;
 	gboolean is_temporary = FALSE;
 	LibPolKitResult result;
+	LibPolKitGrantContext *gctx;
+	LibPolKitContext *ctx;
+	GMainLoop *mainloop;
 
 	g_type_init ();
 
+	mainloop = g_main_loop_new (NULL, FALSE);
+
+
 	rc = 1;
 
 	while (TRUE) {
@@ -383,15 +260,26 @@
 		return 1;
 	}
 
-	ctx = libpolkit_new_context (dbus_g_connection_get_connection (bus));
+	gctx = libpolkit_grant_new_context (bus,
+					    user,
+					    privilege,
+					    resource,
+					    FALSE,
+					    NULL);
+	if (gctx == NULL) {
+		g_warning ("Cannot initialize new grant context");
+		goto out;
+	}
 
+	ctx = libpolkit_grant_get_libpolkit_context (gctx);
 	result = libpolkit_is_uid_allowed_for_privilege (ctx,
-							 -1,
+							 NULL,
 							 user,
 							 privilege,
 							 resource,
 							 &is_privileged,
-							 &is_temporary);
+							 &is_temporary,
+							 NULL);
 	switch (result) {
 	case LIBPOLKIT_RESULT_OK:
 		if (is_privileged) {
@@ -428,7 +316,15 @@
 		goto out;
 	}
 
-	do_grant_privilege (bus, user, privilege, resource);
+	libpolkit_grant_set_questions_handler (gctx, questions_cb);
+	libpolkit_grant_set_grant_complete_handler (gctx, grant_complete_cb);
+
+	if (!libpolkit_grant_initiate_temporary_grant (gctx)) {
+		g_warning ("Cannot initiate temporary grant; bailing out");
+		goto out;
+	}
+
+	g_main_loop_run (mainloop);
 
 out:
 	return rc;

Index: polkit-is-privileged.c
===================================================================
RCS file: /cvs/hal/PolicyKit/tools/polkit-is-privileged.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- polkit-is-privileged.c	22 Apr 2006 23:27:14 -0000	1.4
+++ polkit-is-privileged.c	5 Jun 2006 23:39:00 -0000	1.5
@@ -41,17 +41,17 @@
 	fprintf (stderr, 
 		 "\n" 
 		 "usage : %s -u <uid> -p <privilege> [-r <resource>]\n" 
-		 "        [-i <pid>]", argv[0]);
+		 "        [-s <system-bus-connection-name>]", argv[0]);
 	fprintf (stderr,
 		 "\n"
 		 "Options:\n"
-		 "    -u, --user           Username or user id\n"
-		 "    -i, --pid            Pid of process privilege may be restricted to\n"
-		 "    -r, --resource       Resource\n"
-		 "    -p, --privilege      Privilege to test for\n"
-		 "    -h, --help           Show this information and exit\n"
-		 "    -v, --verbose        Verbose operation\n"
-		 "    -V, --version        Print version number\n"
+		 "    -u, --user                    Username or user id\n"
+		 "    -s, --system-bus-unique-name  Unique system bus connection name\n"
+		 "    -r, --resource                Resource\n"
+		 "    -p, --privilege               Privilege to test for\n"
+		 "    -h, --help                    Show this information and exit\n"
+		 "    -v, --verbose                 Verbose operation\n"
+		 "    -V, --version                 Print version number\n"
 		 "\n"
 		 "Queries system policy whether a given user is allowed for a given\n"
 		 "privilege for a given resource. The resource may be omitted.\n"
@@ -65,10 +65,10 @@
 	char *user = NULL;
 	char *privilege = NULL;
 	char *resource = NULL;
-	pid_t pid = (pid_t) -1;
+	char *system_bus_unique_name = NULL;
 	static const struct option long_options[] = {
 		{"user", required_argument, NULL, 'u'},
-		{"pid", required_argument, NULL, 'i'},
+		{"system-bus-unique-name", required_argument, NULL, 's'},
 		{"resource", required_argument, NULL, 'r'},
 		{"privilege", required_argument, NULL, 'p'},
 		{"help", no_argument, NULL, 'h'},
@@ -89,14 +89,14 @@
 	while (TRUE) {
 		int c;
 		
-		c = getopt_long (argc, argv, "u:r:p:i:hVv", long_options, NULL);
+		c = getopt_long (argc, argv, "u:r:p:s:hVv", long_options, NULL);
 
 		if (c == -1)
 			break;
 		
 		switch (c) {
-		case 'i':
-			pid = atoi (optarg);
+		case 's':
+			system_bus_unique_name = g_strdup (optarg);
 			break;
 
 		case 'u':
@@ -157,12 +157,13 @@
 	}
 
 	result = libpolkit_is_uid_allowed_for_privilege (ctx, 
-							 pid,
+							 system_bus_unique_name,
 							 user,
 							 privilege,
 							 resource,
 							 &is_allowed,
-							 &is_temporary);
+							 &is_temporary,
+							 NULL);
 	switch (result) {
 	case LIBPOLKIT_RESULT_OK:
 		rc = is_allowed ? 0 : 1;

Index: polkit-list-privileges.c
===================================================================
RCS file: /cvs/hal/PolicyKit/tools/polkit-list-privileges.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- polkit-list-privileges.c	22 Apr 2006 23:27:14 -0000	1.2
+++ polkit-list-privileges.c	5 Jun 2006 23:39:00 -0000	1.3
@@ -27,6 +27,7 @@
 #endif
 
 #include <stdio.h>
+#include <string.h>
 #include <stdlib.h>
 #include <getopt.h>
 #include <dbus/dbus.h>
@@ -136,8 +137,11 @@
 		const char *privilege;
 		gboolean is_allowed;
 		gboolean is_temporary;
+		char *is_privileged_but_restricted_to;
 		GList *j;
+		GList *k;
 		GList *resources;
+		GList *restrictions;
 		int num_non_temporary;
 
 		privilege = (const char *) l->data;
@@ -146,33 +150,46 @@
 		}
 
 		if (libpolkit_is_uid_allowed_for_privilege (ctx, 
-							    -1,
+							    NULL,
 							    user,
 							    privilege,
 							    NULL,
 							    &is_allowed,
-							    &is_temporary) == LIBPOLKIT_RESULT_OK) {
+							    &is_temporary,
+							    &is_privileged_but_restricted_to) == LIBPOLKIT_RESULT_OK) {
 			if (is_allowed) {
 				g_print ("privilege %s%s\n", privilege, is_temporary ? " (temporary)" : "");
-			} 
+			} else if (is_privileged_but_restricted_to != NULL) {
+				g_print ("privilege %s (temporary) (restricted to %s)\n", 
+					 privilege, is_privileged_but_restricted_to);
+			}
 
 			if (libpolkit_get_allowed_resources_for_privilege_for_uid (
 				    ctx, 
 				    user,
 				    privilege,
 				    &resources,
+				    &restrictions,
 				    &num_non_temporary) == LIBPOLKIT_RESULT_OK) {
 				int n;
 
-				for (j = resources, n = 0; j != NULL; j = g_list_next (j), n++) {
+				for (j = resources, k = restrictions, n = 0; j != NULL; j = g_list_next (j), k = g_list_next (k), n++) {
 					const char *resource;
+					const char *restriction;
 					resource = (const char *) j->data;
-					g_print ("resource %s privilege %s%s\n", 
+					restriction = (const char *) k->data;
+					g_print ("resource %s privilege %s%s", 
 						 resource, privilege,
 						 n >= num_non_temporary ? " (temporary)" : "");
+					if (strlen (restriction) > 0) 
+						g_print (" (restricted to %s)\n", restriction);
+					else
+						g_print ("\n");
 				}
 				g_list_foreach (resources, (GFunc) g_free, NULL);
 				g_list_free (resources);
+				g_list_foreach (restrictions, (GFunc) g_free, NULL);
+				g_list_free (restrictions);
 			}
 		}
 

Index: polkit-revoke-privilege.c
===================================================================
RCS file: /cvs/hal/PolicyKit/tools/polkit-revoke-privilege.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- polkit-revoke-privilege.c	22 Apr 2006 23:27:14 -0000	1.1
+++ polkit-revoke-privilege.c	5 Jun 2006 23:39:00 -0000	1.2
@@ -154,11 +154,11 @@
 	case LIBPOLKIT_RESULT_OK:
 		if (was_revoked) {
 			if (resource == NULL) {
-				g_print ("User '%s' no longer has privilege '%s'.\n", user, privilege);
+				g_print ("Privilege '%s' succesfully revoked from user '%s'.\n", privilege, user);
 			} else {
-				g_print ("User '%s' no longer has privilege '%s' for accessing\n"
+				g_print ("Privilege '%s' succesfully revoked from user '%s' on\n"
 					 "resource '%s'.\n", 
-					 user, privilege, resource);
+					 privilege, user, resource);
 			}
 			rc = 0;
 			goto out;
@@ -166,23 +166,29 @@
 		break;
 
 	case LIBPOLKIT_RESULT_ERROR:
-		g_print ("Error granting resource.\n");
+		g_print ("Error: There was an error granting the privilege.\n");
 		goto out;
 
 	case LIBPOLKIT_RESULT_INVALID_CONTEXT:
-		g_print ("Invalid context.\n");
+		g_print ("Error: Invalid context.\n");
 		goto out;
 
 	case LIBPOLKIT_RESULT_NOT_PRIVILEGED:
-		g_print ("Not privileged.\n");
+		g_print ("Error: Not privileged to perform this operation.\n");
 		goto out;
 
 	case LIBPOLKIT_RESULT_NO_SUCH_PRIVILEGE:
-		g_print ("No such privilege '%s'.\n", privilege);
+		if (resource == NULL) {
+			g_print ("Error: User '%s' does not have privilege '%s'.\n", user, privilege);
+		} else {
+			g_print ("Error: User '%s' does not have privilege '%s' for accessing\n"
+				 "resource '%s'.\n", 
+				 user, privilege, resource);
+		}
 		goto out;
 
 	case LIBPOLKIT_RESULT_NO_SUCH_USER:
-		g_print ("No such user '%s'.\n", user);
+		g_print ("Error: No such user '%s'.\n", user);
 		goto out;
 	}
 




More information about the hal-commit mailing list