PolicyKit/pam-polkit-console Makefile.am, NONE,
1.1 pam-polkit-console.c, NONE, 1.1
David Zeuthen
david at kemper.freedesktop.org
Mon Jun 5 16:39:02 PDT 2006
- Previous message: PolicyKit/libpolkit Makefile.am, 1.2, 1.3 libpolkit-grant.c, NONE,
1.1 libpolkit-grant.h, NONE, 1.1 libpolkit.c, 1.3,
1.4 libpolkit.h, 1.3, 1.4
- Next message: PolicyKit/privileges desktop-console.privilege,1.1,1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /cvs/hal/PolicyKit/pam-polkit-console
In directory kemper:/tmp/cvs-serv24124/pam-polkit-console
Added Files:
Makefile.am pam-polkit-console.c
Log Message:
2006-06-05 David Zeuthen <davidz at redhat.com>
Lots of changes! Almost ready for 0.2 release.
* Makefile.am:
* README:
* configure.in:
* doc/TODO:
* doc/api/polkit-docs.xml:
* doc/spec/Makefile.am:
* doc/spec/polkit-spec.html:
* doc/spec/polkit-spec.xml.in:
* libpolkit/Makefile.am:
* libpolkit/libpolkit-grant.c: (have_questions_handler),
(libpolkit_grant_provide_answers), (auth_done_handler),
(libpolkit_grant_new_context),
(libpolkit_grant_get_libpolkit_context),
(libpolkit_grant_set_questions_handler),
(libpolkit_grant_set_grant_complete_handler),
(libpolkit_grant_initiate_temporary_grant),
(libpolkit_grant_get_user_for_auth),
(libpolkit_grant_get_pam_service_for_auth),
(libpolkit_grant_close), (libpolkit_grant_free_context),
(libpolkit_grant_get_user), (libpolkit_grant_get_privilege),
(libpolkit_grant_get_resource):
* libpolkit/libpolkit-grant.h:
* libpolkit/libpolkit.c:
(libpolkit_get_allowed_resources_for_privilege_for_uid),
(libpolkit_is_uid_allowed_for_privilege):
* libpolkit/libpolkit.h:
* pam-polkit-console/Makefile.am:
* pam-polkit-console/pam-polkit-console.c: (_pam_log),
(_parse_module_args), (_is_local_xconsole), (_poke_polkitd),
(pam_sm_authenticate), (pam_sm_setcred), (pam_sm_open_session),
(pam_sm_close_session):
* polkit-interface-manager.xml:
* polkit-interface-session.xml:
* polkit.pc.in:
* polkitd/PolicyKit.in:
* polkitd/main.c: (handle_sigusr1), (sigusr1_iochn_data), (main):
* polkitd/policy.c: (txt_backend_read_policy),
(txt_backend_read_list), (txt_backend_read_word),
(policy_get_sufficient_privileges),
(policy_get_required_privileges),
(policy_get_auth_details_for_policy),
(_policy_is_uid_gid_allowed_for_policy),
(policy_is_uid_gid_allowed_for_policy),
(policy_is_uid_allowed_for_policy):
* polkitd/policy.h:
* polkitd/polkit-manager.c: (_granting_temp_priv),
(_revoking_temp_priv), (polkit_manager_error_get_type),
(bus_name_owner_changed), (polkit_manager_get_caller_info),
(_check_for_temp_privilege),
(polkit_manager_initiate_temporary_privilege_grant),
(polkit_manager_is_user_privileged),
(polkit_manager_get_allowed_resources_for_privilege),
(polkit_manager_revoke_temporary_privilege),
(polkit_manager_add_temporary_privilege),
(polkit_manager_remove_temporary_privilege),
(polkit_manager_update_desktop_console_privileges):
* polkitd/polkit-manager.h:
* polkitd/polkit-session.c: (polkit_session_close),
(polkit_session_grant_privilege_temporarily), (polkit_session_new),
(polkit_session_initiator_disconnected):
* polkitd/polkit-session.h:
* privileges/desktop-console.privilege:
* tools/Makefile.am:
* tools/polkit-grant-privilege.c: (questions_cb),
(grant_complete_cb), (main):
* tools/polkit-is-privileged.c: (usage), (main):
* tools/polkit-list-privileges.c: (main):
* tools/polkit-revoke-privilege.c: (main):
--- NEW FILE: Makefile.am ---
LOCKDIR = $(localstatedir)/run/polkit-console
LOCKDIRMODE = 0700
securelibdir = /lib/security
securelib_LTLIBRARIES = pam_polkit_console.la
pam_polkit_console_la_LDFLAGS = -no-undefined -avoid-version -module
pam_polkit_console_la_LIBADD = -lpam
pam_polkit_console_la_CFLAGS = -DLOCKDIR=\"$(LOCKDIR)\"
pam_polkit_console_la_SOURCES = pam-polkit-console.c
clean-local :
rm -f *~
install-data-local:
mkdir -m $(LOCKDIRMODE) -p $(DESTDIR)$(LOCKDIR)
--- NEW FILE: pam-polkit-console.c ---
/***************************************************************************
* CVSID: $Id: pam-polkit-console.c,v 1.1 2006/06/05 23:39:00 david Exp $
*
* pam-polkit-console.c : Maintain files in /var/run/polkit-console to
* maintain a list of what users are logged in at
* what console
*
* Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
**************************************************************************/
#include <config.h>
#include <errno.h>
#include <pwd.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/param.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdio.h>
#include <signal.h>
#include <security/pam_modules.h>
#include <security/_pam_macros.h>
#include <security/pam_modutil.h>
#include <security/pam_ext.h>
#ifndef FALSE
#define FALSE 0
#endif
#ifndef TRUE
#define TRUE (!FALSE)
#endif
static int debug = 0;
static void
_pam_log (pam_handle_t *pamh,
int err,
int debug_noforce,
const char *format, ...)
{
va_list args;
if (debug_noforce && !debug)
return;
va_start (args, format);
pam_vsyslog (pamh, err, format, args);
closelog ();
}
static void
_parse_module_args (pam_handle_t *pamh,
int argc,
const char **argv)
{
int i;
for (i = 0; i < argc; i++) {
const char *arg;
arg = argv[i];
if (strcmp (arg,"debug") == 0) {
debug = 1;
} else {
_pam_log(pamh, LOG_ERR, FALSE,
"_parse_module_args: unknown option; %s", arg);
}
}
}
static int
_is_local_xconsole (const char *tty)
{
int a, b;
if (sscanf (tty, ":%d.%d", &a, &b) == 2)
return TRUE;
else if (sscanf (tty, ":%d", &a) == 1)
return TRUE;
else
return FALSE;
}
static void
_poke_polkitd (pam_handle_t *pamh)
{
char buf[80];
/* This is a PAM module so we're loaded into the address space
* of some other process (e.g. gdm) - though it's tempting to
* use D-BUS to poke the PolicyKit daemon it may, just resort to
* using oldskool SIGUSR1 instead.
*/
FILE *f;
f = fopen (POLKITD_PID_FILE, "r");
if (f != NULL) {
if (fgets (buf, sizeof (buf), f) != NULL && buf[0] != '\0' && buf[0] != '\n') {
pid_t pid;
char *p;
pid = strtol (buf, &p, 10);
if ((*p == '\0') || (*p == '\n'))
{
_pam_log (pamh, LOG_DEBUG, TRUE,
"Sending SIGUSR1 to polkitd with pid %d to reload configuration", pid);
kill (pid, SIGUSR1);
}
}
fclose (f);
}
}
PAM_EXTERN int
pam_sm_authenticate (pam_handle_t *pamh,
int flags,
int argc,
const char **argv)
{
return PAM_AUTH_ERR;
}
PAM_EXTERN int
pam_sm_setcred (pam_handle_t *pamh,
int flags,
int argc,
const char **argv)
{
return PAM_SUCCESS;
}
PAM_EXTERN int
pam_sm_open_session (pam_handle_t *pamh,
int flags,
int argc,
const char **argv)
{
const char *username = NULL;
const char *user_prompt = NULL;
const char *tty = NULL;
char buf[256];
_pam_log (pamh, LOG_ERR, TRUE, "pam_polkit_console open_session");
_parse_module_args (pamh, argc, argv);
if(pam_get_item (pamh, PAM_USER_PROMPT, (const void **) &user_prompt) != PAM_SUCCESS) {
user_prompt = "user name: ";
}
username = NULL;
pam_get_user (pamh, &username, user_prompt);
if (username == NULL || strlen (username) == 0) {
return PAM_SESSION_ERR;
}
pam_get_item(pamh, PAM_TTY, (const void**) &tty);
if (tty == NULL || strlen (tty) == 0) {
_pam_log(pamh, LOG_ERR, TRUE, "TTY not defined");
return PAM_SESSION_ERR;
}
_pam_log (pamh, LOG_DEBUG, TRUE, "open_session for user '%s' @ TTY '%s'", username, tty);
if (_is_local_xconsole (tty)) {
if ((unsigned int) snprintf (buf, sizeof (buf), LOCKDIR "/%s_%s", tty, username) < sizeof (buf)) {
int fd;
fd = open (buf, O_RDWR|O_CREAT|O_EXCL, 0600);
if (fd > 0) {
_pam_log (pamh, LOG_DEBUG, TRUE, "open_session success; %s %s %s",
username, tty, buf);
close (fd);
_poke_polkitd (pamh);
}
}
}
return PAM_SUCCESS;
}
PAM_EXTERN int
pam_sm_close_session (pam_handle_t *pamh,
int flags,
int argc,
const char **argv)
{
const char *username = NULL;
const char *user_prompt = NULL;
const char *tty = NULL;
char buf[256];
_pam_log (pamh, LOG_ERR, TRUE, "pam_polkit_console close_session");
_parse_module_args (pamh, argc, argv);
if (pam_get_item (pamh, PAM_USER_PROMPT, (const void **) &user_prompt) != PAM_SUCCESS) {
user_prompt = "user name: ";
}
username = NULL;
pam_get_user (pamh, &username, user_prompt);
if (username == NULL || strlen (username) == 0) {
return PAM_SESSION_ERR;
}
pam_get_item (pamh, PAM_TTY, (const void**) &tty);
if (tty == NULL || strlen (tty) == 0) {
_pam_log(pamh, LOG_ERR, TRUE, "TTY not defined");
return PAM_SESSION_ERR;
}
_pam_log (pamh, LOG_DEBUG, TRUE, "close_session for user '%s' @ TTY '%s'", username, tty);
if (_is_local_xconsole (tty)) {
if ((unsigned int) snprintf (buf, sizeof (buf), LOCKDIR "/%s_%s", tty, username) < sizeof (buf)) {
unlink (buf);
_poke_polkitd (pamh);
}
}
return PAM_SUCCESS;
}
#ifdef PAM_STATIC
/* static module data */
struct pam_module _pam_polkit_console_modstruct = {
"pam_polkit_console",
pam_sm_authenticate,
pam_sm_setcred,
NULL,
pam_sm_open_session,
pam_sm_close_session,
NULL,
};
#endif
/* end of module definition */
- Previous message: PolicyKit/libpolkit Makefile.am, 1.2, 1.3 libpolkit-grant.c, NONE,
1.1 libpolkit-grant.h, NONE, 1.1 libpolkit.c, 1.3,
1.4 libpolkit.h, 1.3, 1.4
- Next message: PolicyKit/privileges desktop-console.privilege,1.1,1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the hal-commit
mailing list