PolicyKit/libpolkit Makefile.am, 1.1.1.1, 1.2 libpolkit-test.c,
1.1.1.1, NONE libpolkit.c, 1.1.1.1, 1.2 libpolkit.h, 1.1.1.1, 1.2
David Zeuthen
david at kemper.freedesktop.org
Mon Mar 13 22:14:35 PST 2006
- Previous message: PolicyKit/doc/api/tmpl libpolkit.sgml,1.2,1.3
- Next message: PolicyKit/polkitd Makefile.am, NONE, 1.1 debug-polkitd.sh, NONE,
1.1 main.c, NONE, 1.1 policy.c, NONE, 1.1 policy.h, NONE,
1.1 polkit-manager.c, NONE, 1.1 polkit-manager.h, NONE,
1.1 polkit-marshal.list, NONE, 1.1 polkit-session.c, NONE,
1.1 polkit-session.h, NONE, 1.1 polkitd-test.c, NONE,
1.1 run-polkitd.sh, NONE, 1.1 valgrind-polkitd.sh, NONE, 1.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /cvs/hal/PolicyKit/libpolkit
In directory kemper:/tmp/cvs-serv13970/libpolkit
Modified Files:
Makefile.am libpolkit.c libpolkit.h
Removed Files:
libpolkit-test.c
Log Message:
2006-03-14 David Zeuthen <davidz at redhat.com>
Add a bunch of code; basically a full rewrite moving all queries
to the daemon.
* COPYING:
* Makefile.am:
* configure.in:
* libpolkit/Makefile.am:
* libpolkit/libpolkit-test.c:
* libpolkit/libpolkit.c: (libpolkit_new_context),
(libpolkit_free_context),
(libpolkit_get_allowed_resources_for_privilege_for_uid),
(libpolkit_is_uid_allowed_for_privilege),
(libpolkit_get_privilege_list):
* libpolkit/libpolkit.h:
* policy-kit.in:
* polkit-interface-manager.xml:
* polkit-interface-session.xml:
* polkit.pc.in:
* polkitd/Makefile.am:
* polkitd/debug-polkitd.sh:
* polkitd/main.c: (usage), (delete_pid), (main):
* polkitd/policy.c: (policy_util_set_policy_directory),
(policy_element_new), (policy_element_free),
(policy_element_free_list), (policy_element_dump),
(txt_backend_read_policy), (policy_get_whitelist),
(policy_get_blacklist), (policy_get_policies), (afp_process_elem),
(policy_get_allowed_resources_for_policy_for_uid_gid),
(policy_is_uid_gid_allowed_for_policy), (policy_util_uid_to_name),
(policy_util_gid_to_name), (policy_util_name_to_uid),
(policy_util_name_to_gid),
(policy_get_allowed_resources_for_policy_for_uid),
(policy_is_uid_allowed_for_policy), (getgrouplist):
* polkitd/policy.h:
* polkitd/polkit-manager.c: (caller_info_delete),
(polkit_manager_init), (polkit_manager_finalize),
(polkit_manager_class_init), (polkit_manager_error_quark),
(polkit_manager_error_get_type), (bus_name_owner_changed),
(session_remover), (session_finalized), (polkit_manager_new),
(uid_from_username), (safe_strcmp),
(polkit_manager_get_caller_info),
(polkit_manager_initiate_privilege_grant),
(polkit_manager_is_user_privileged),
(polkit_manager_get_allowed_resources_for_privilege),
(polkit_manager_list_privileges),
(polkit_manager_add_temporary_privilege),
(polkit_manager_remove_temporary_privilege):
* polkitd/polkit-manager.h:
* polkitd/polkit-marshal.list:
* polkitd/polkit-session.c: (polkit_session_init),
(polkit_session_finalize), (polkit_session_class_init),
(polkit_session_error_quark), (polkit_session_error_get_type),
(polkit_session_check_caller), (polkit_session_is_authenticated),
(polkit_session_get_auth_denied_reason), (safe_memset),
(my_conversation), (write_back_to_parent), (do_pam_auth),
(data_from_pam), (polkit_session_get_auth_details),
(polkit_session_initiate_auth), (polkit_session_get_questions),
(polkit_session_provide_answers), (polkit_session_close),
(polkit_session_grant_privilege_temporarily), (polkit_session_new),
(polkit_session_initiator_disconnected):
* polkitd/polkit-session.h:
* polkitd/polkitd-test.c: (my_exit), (do_check),
(write_test_policy), (do_read_tests), (main):
* polkitd/run-polkitd.sh:
* polkitd/valgrind-polkitd.sh:
* privileges/Makefile.am:
* privileges/desktop-console.privilege:
* tools/Makefile.am:
* tools/Makefile.in:
* tools/polkit-grant-privilege.c: (have_questions_handler),
(auth_done_handler), (do_grant_privilege), (usage), (main):
* tools/polkit-is-privileged.c: (usage), (main):
* tools/polkit-list-privileges.c: (usage), (main):
Index: Makefile.am
===================================================================
RCS file: /cvs/hal/PolicyKit/libpolkit/Makefile.am,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -d -r1.1.1.1 -r1.2
--- Makefile.am 8 Mar 2006 01:52:02 -0000 1.1.1.1
+++ Makefile.am 14 Mar 2006 06:14:33 -0000 1.2
@@ -8,7 +8,9 @@
-DPACKAGE_LOCALSTATEDIR=\""$(localstatedir)"\" \
-DPACKAGE_LOCALE_DIR=\""$(prefix)/$(DATADIRNAME)/locale"\" \
-D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
- @GLIB_CFLAGS@
+ -DDBUS_API_SUBJECT_TO_CHANGE \
+ @GLIB_CFLAGS@ \
+ @DBUS_GLIB_CFLAGS@
lib_LTLIBRARIES=libpolkit.la
@@ -20,20 +22,10 @@
libpolkit_la_SOURCES = \
libpolkit.c libpolkit.h
-libpolkit_la_LIBADD = @GLIB_LIBS@
+libpolkit_la_LIBADD = @DBUS_GLIB_LIBS@ @GLIB_LIBS@
libpolkit_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
-check_PROGRAMS = libpolkit-test
-
-libpolkit_test_SOURCES = \
- libpolkit-test.c
-
-libpolkit_test_LDADD = @GLIB_LIBS@ libpolkit.la
-
-TESTS = libpolkit-test
-
-
clean-local :
rm -f *~
--- libpolkit-test.c DELETED ---
Index: libpolkit.c
===================================================================
RCS file: /cvs/hal/PolicyKit/libpolkit/libpolkit.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -d -r1.1.1.1 -r1.2
--- libpolkit.c 8 Mar 2006 01:52:03 -0000 1.1.1.1
+++ libpolkit.c 14 Mar 2006 06:14:33 -0000 1.2
@@ -1,7 +1,6 @@
/***************************************************************************
*
- * libpolkit.c : Simple library for system software to query policy and
- * UI shells to query and modify policy
+ * libpolkit.c : Wraps a subset of methods on the PolicyKit daemon
*
* Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
*
@@ -37,10 +36,10 @@
#include <errno.h>
#include <glib.h>
+#include <dbus/dbus-glib.h>
#include "libpolkit.h"
-
#define LIBPOLKIT_MAGIC 0x3117beef
#ifdef __SUNPRO_C
@@ -65,46 +64,23 @@
struct LibPolKitContext_s
{
guint32 magic;
- char *txt_backend_source;
-};
-
-struct LibPolKitElement_s
-{
- LibPolKitContext *ctx;
- LibPolKitElementType type;
- union {
- uid_t uid;
- gid_t gid;
- } id;
- gboolean include_all;
- gboolean exclude_all;
- char *resource;
+ DBusConnection *connection;
};
-
/** Get a new context.
*
* @return Pointer to new context or NULL if an error occured
*/
LibPolKitContext *
-libpolkit_new_context (void)
+libpolkit_new_context (DBusConnection *connection)
{
LibPolKitContext *ctx;
ctx = g_new0 (LibPolKitContext, 1);
ctx->magic = LIBPOLKIT_MAGIC;
- ctx->txt_backend_source = g_strdup (PACKAGE_SYSCONF_DIR "/PolicyKit/policy");
- return ctx;
-}
+ ctx->connection = connection;
-gboolean
-libpolkit_context_set_txt_source (LibPolKitContext *ctx,
- const char *directory)
-{
- LIBPOLKIT_CHECK_CONTEXT (ctx, FALSE);
- g_free (ctx->txt_backend_source);
- ctx->txt_backend_source = g_strdup (directory);
- return TRUE;
+ return ctx;
}
/** Free a context
@@ -116,721 +92,216 @@
libpolkit_free_context (LibPolKitContext *ctx)
{
LIBPOLKIT_CHECK_CONTEXT (ctx, FALSE);
+
ctx->magic = 0;
- g_free (ctx->txt_backend_source);
g_free (ctx);
return TRUE;
}
-static LibPolKitResult
-txt_backend_read_policy (LibPolKitContext *ctx,
- const char *policy,
- const char *key,
- GList **result)
+LibPolKitResult
+libpolkit_get_allowed_resources_for_privilege_for_uid (LibPolKitContext *ctx,
+ const char *user,
+ const char *privilege,
+ GList **result)
{
+ LibPolKitResult res;
+ DBusMessage *message = NULL;
+ DBusMessage *reply = NULL;
+ DBusError error;
+ char **resource_list;
+ int num_resources;
int i;
- GKeyFile *keyfile;
- GError *error;
- LibPolKitResult rc;
- char *path;
- char *value = NULL;
- char **tokens = NULL;
- char *ttype = NULL;
- char *tvalue = NULL;
- char *tresource = NULL;
- LibPolKitElement *elem = NULL;
- GList *res;
- GList *l;
- char *token;
- error = NULL;
- rc = LIBPOLKIT_RESULT_ERROR;
- res = NULL;
+ LIBPOLKIT_CHECK_CONTEXT (ctx, LIBPOLKIT_RESULT_INVALID_CONTEXT);
+
+ res = LIBPOLKIT_RESULT_ERROR;
*result = NULL;
- keyfile = g_key_file_new ();
- path = g_strdup_printf ("%s/%s.policy", ctx->txt_backend_source, policy);
- /*g_message ("Loading %s", path);*/
- if (!g_key_file_load_from_file (keyfile, path, G_KEY_FILE_NONE, &error)) {
- g_warning ("Couldn't open key-file '%s': %s", path, error->message);
- g_error_free (error);
- rc = LIBPOLKIT_RESULT_NO_SUCH_POLICY;
+ message = dbus_message_new_method_call ("org.freedesktop.PolicyKit",
+ "/org/freedesktop/PolicyKit/Manager",
+ "org.freedesktop.PolicyKit.Manager",
+ "GetAllowedResourcesForPrivilege");
+ if (message == NULL) {
+ g_warning ("Could not allocate D-BUS message");
goto out;
}
- value = g_key_file_get_string (keyfile, "Policy", key, &error);
- if (value == NULL) {
- g_warning ("Cannot get key '%s' in group 'Policy' in file '%s': %s", key, path, error->message);
- g_error_free (error);
- rc = LIBPOLKIT_RESULT_ERROR;
+ if (!dbus_message_append_args (message,
+ DBUS_TYPE_STRING, &user,
+ DBUS_TYPE_STRING, &privilege,
+ DBUS_TYPE_INVALID)) {
+ g_warning ("Could not append args to D-BUS message");
goto out;
}
- /*g_message ("value = '%s'", value);*/
- tokens = g_strsplit (value, " ", 0);
- for (i = 0; tokens[i] != NULL; i++) {
- char **components;
- int num_components;
-
- token = tokens[i];
- /*g_message (" token = '%s'", token);*/
-
- ttype = NULL;
- tvalue = NULL;
- tresource = NULL;
-
- elem = libpolkit_element_new (ctx);
-
- components = g_strsplit (token, ":", 3);
- num_components = g_strv_length (components);
- if (num_components == 2) {
- ttype = g_strdup (components[0]);
- tvalue = g_strdup (components[1]);
- tresource = NULL;
- } else if (num_components == 3) {
- ttype = g_strdup (components[0]);
- tvalue = g_strdup (components[1]);
- tresource = g_strdup (components[2]);
- } else {
- g_strfreev (components);
- goto malformed_token;
- }
- g_strfreev (components);
-
- /*g_message (" type='%s' value='%s' resource='%s'", ttype, tvalue, tresource != NULL ? tresource : "None");*/
-
- if (strcmp (ttype, "uid") == 0) {
- libpolkit_element_set_type (elem, LIBPOLKIT_ELEMENT_TYPE_UID);
- if (strcmp (tvalue, "__all__") == 0) {
- libpolkit_element_set_include_all (elem, TRUE);
- } else if (strcmp (tvalue, "__none__") == 0) {
- libpolkit_element_set_exclude_all (elem, TRUE);
- } else {
- uid_t uid;
- char *endp;
- uid = (uid_t) g_ascii_strtoull (tvalue, &endp, 0);
- if (endp[0] != '\0') {
- uid = libpolkit_util_name_to_uid (ctx, tvalue, NULL);
- if (uid == (uid_t) -1) {
- g_warning ("User '%s' does not exist", tvalue);
- goto malformed_token;
- }
- }
- libpolkit_element_set_uid (elem, uid);
- }
- } else if (strcmp (ttype, "gid") == 0) {
- libpolkit_element_set_type (elem, LIBPOLKIT_ELEMENT_TYPE_GID);
- if (strcmp (tvalue, "__all__") == 0) {
- libpolkit_element_set_include_all (elem, TRUE);
- } else if (strcmp (tvalue, "__none__") == 0) {
- libpolkit_element_set_exclude_all (elem, TRUE);
- } else {
- gid_t gid;
- char *endp;
- gid = (gid_t) g_ascii_strtoull (tvalue, &endp, 0);
- if (endp[0] != '\0') {
- gid = libpolkit_util_name_to_gid (ctx, tvalue);
- if (gid == (gid_t) -1) {
- g_warning ("Group '%s' does not exist", tvalue);
- goto malformed_token;
- }
- }
- libpolkit_element_set_gid (elem, gid);
- }
- } else {
- g_warning ("Token '%s' in key '%s' in group 'Policy' in file '%s' malformed",
- token, key, path);
- goto malformed_token;
- }
-
- if (tresource != NULL) {
- libpolkit_element_set_resource (elem, tresource);
- }
-
- g_free (ttype);
- g_free (tvalue);
- g_free (tresource);
-
- res = g_list_append (res, elem);
- /*libpolkit_element_dump (elem, stderr);*/
-
- }
-
- *result = res;
- rc = LIBPOLKIT_RESULT_OK;
- goto out;
-
-malformed_token:
- g_warning ("Token '%s' in key '%s' in group 'Policy' in file '%s' malformed", token, key, path);
-
- for (l = res; l != NULL; l = g_list_next (l)) {
- libpolkit_free_element ((LibPolKitElement *) l->data);
- }
- g_list_free (res);
- libpolkit_free_element (elem);
- g_free (ttype);
- g_free (tvalue);
- g_free (tresource);
-
-out:
- g_strfreev (tokens);
- g_free (value);
-
- g_key_file_free (keyfile);
- g_free (path);
-
- return rc;
-}
-
-static void
-afp_process_elem(LibPolKitElement *elem, gboolean *flag, uid_t uid, guint num_gids, gid_t *gid_list)
-{
- /*libpolkit_element_dump (elem, stderr);*/
-
- switch (elem->type) {
- case LIBPOLKIT_ELEMENT_TYPE_UID:
- if (elem->include_all) {
- *flag = TRUE;
- } else if (elem->exclude_all) {
- *flag = FALSE;
- }else {
- if (elem->id.uid == uid)
- *flag = TRUE;
- }
- break;
-
- case LIBPOLKIT_ELEMENT_TYPE_GID:
- if (elem->include_all) {
- *flag = TRUE;
- } else if (elem->exclude_all) {
- *flag = FALSE;
- }else {
- guint i;
- for (i = 0; i < num_gids; i++) {
- if (elem->id.gid == gid_list[i])
- *flag = TRUE;
- }
+ dbus_error_init (&error);
+ reply = dbus_connection_send_with_reply_and_block (ctx->connection, message, -1, &error);
+ if (dbus_error_is_set (&error)) {
+ if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.NotPrivileged") == 0) {
+ res = LIBPOLKIT_RESULT_NOT_PRIVILEGED;
+ } else if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.Error") == 0) {
+ res = LIBPOLKIT_RESULT_ERROR;
}
- break;
- }
-}
-
-LibPolKitResult
-libpolkit_is_uid_gid_allowed_for_policy (LibPolKitContext *ctx,
- uid_t uid,
- guint num_gids,
- gid_t *gid_list,
- const char *policy,
- const char *resource,
- gboolean *result)
-{
- gboolean is_in_whitelist;
- gboolean is_in_blacklist;
- GList *l;
- GList *whitelist;
- GList *blacklist;
- LibPolKitResult res;
-
- LIBPOLKIT_CHECK_CONTEXT (ctx, LIBPOLKIT_RESULT_INVALID_CONTEXT);
-
- whitelist = NULL;
- blacklist = NULL;
- res = LIBPOLKIT_RESULT_ERROR;
-
- res = libpolkit_get_whitelist (ctx, policy, &whitelist);
- if (res != LIBPOLKIT_RESULT_OK)
+ dbus_error_free (&error);
goto out;
+ }
- res = libpolkit_get_blacklist (ctx, policy, &blacklist);
- if (res != LIBPOLKIT_RESULT_OK)
+ if (!dbus_message_get_args (reply, &error,
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &resource_list, &num_resources,
+ DBUS_TYPE_INVALID)) {
+ g_warning ("Could not extract args from D-BUS message: %s : %s", error.name, error.message);
+ dbus_error_free (&error);
goto out;
-
- is_in_whitelist = FALSE;
- is_in_blacklist = FALSE;
-
- /* Algorithm: To succeed.. we must be in the whitelist.. and not in the blacklist */
-
- for (l = whitelist; l != NULL; l = g_list_next (l)) {
- LibPolKitElement *elem;
- elem = (LibPolKitElement *) l->data;
- if ((elem->resource == NULL) ||
- ((resource != NULL) && (strcmp (elem->resource, resource) == 0))) {
- afp_process_elem (elem, &is_in_whitelist, uid, num_gids, gid_list);
- }
}
- for (l = blacklist; l != NULL; l = g_list_next (l)) {
- LibPolKitElement *elem;
- elem = (LibPolKitElement *) l->data;
- if ((elem->resource == NULL) ||
- ((resource != NULL) && (strcmp (elem->resource, resource) == 0))) {
- afp_process_elem (elem, &is_in_blacklist, uid, num_gids, gid_list);
- }
+ for (i = 0; i < num_resources; i++) {
+ *result = g_list_append (*result, g_strdup (resource_list[i]));
}
-
- *result = is_in_whitelist && (!is_in_blacklist);
+ dbus_free_string_array (resource_list);
res = LIBPOLKIT_RESULT_OK;
out:
- if (whitelist != NULL)
- libpolkit_free_element_list (whitelist);
- if (blacklist != NULL)
- libpolkit_free_element_list (blacklist);
-
- return res;
-}
-
-char *
-libpolkit_util_uid_to_name (LibPolKitContext *ctx, uid_t uid, gid_t *default_gid)
-{
- int rc;
- char *res;
- char *buf = NULL;
- unsigned int bufsize;
- struct passwd pwd;
- struct passwd *pwdp;
-
- LIBPOLKIT_CHECK_CONTEXT (ctx, NULL);
-
- res = NULL;
-
- bufsize = sysconf (_SC_GETPW_R_SIZE_MAX);
- buf = g_new0 (char, bufsize);
-
- rc = getpwuid_r (uid, &pwd, buf, bufsize, &pwdp);
- if (rc != 0 || pwdp == NULL) {
- /*g_warning ("getpwuid_r() returned %d", rc);*/
- goto out;
- }
-
- res = g_strdup (pwdp->pw_name);
- if (default_gid != NULL)
- *default_gid = pwdp->pw_gid;
-
-out:
- g_free (buf);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ if (message != NULL)
+ dbus_message_unref (message);
return res;
}
-char *
-libpolkit_util_gid_to_name (LibPolKitContext *ctx, gid_t gid)
+LibPolKitResult
+libpolkit_is_uid_allowed_for_privilege (LibPolKitContext *ctx,
+ pid_t pid,
+ const char *user,
+ const char *privilege,
+ const char *resource,
+ gboolean *result)
{
- int rc;
- char *res;
- char *buf = NULL;
- unsigned int bufsize;
- struct group gbuf;
- struct group *gbufp;
+ LibPolKitResult res;
+ DBusMessage *message = NULL;
+ DBusMessage *reply = NULL;
+ DBusError error;
+ const char *myresource = "";
- LIBPOLKIT_CHECK_CONTEXT (ctx, NULL);
+ LIBPOLKIT_CHECK_CONTEXT (ctx, LIBPOLKIT_RESULT_INVALID_CONTEXT);
- res = NULL;
+ res = LIBPOLKIT_RESULT_ERROR;
+ *result = FALSE;
- bufsize = sysconf (_SC_GETGR_R_SIZE_MAX);
- buf = g_new0 (char, bufsize);
-
- rc = getgrgid_r (gid, &gbuf, buf, bufsize, &gbufp);
- if (rc != 0 || gbufp == NULL) {
- /*g_warning ("getgrgid_r() returned %d", rc);*/
+ message = dbus_message_new_method_call ("org.freedesktop.PolicyKit",
+ "/org/freedesktop/PolicyKit/Manager",
+ "org.freedesktop.PolicyKit.Manager",
+ "IsUserPrivileged");
+ if (message == NULL) {
+ g_warning ("Could not allocate D-BUS message");
goto out;
}
- res = g_strdup (gbufp->gr_name);
-
-out:
- g_free (buf);
- return res;
-}
-
-
-
-uid_t
-libpolkit_util_name_to_uid (LibPolKitContext *ctx, const char *username, gid_t *default_gid)
-{
- int rc;
- uid_t res;
- char *buf = NULL;
- unsigned int bufsize;
- struct passwd pwd;
- struct passwd *pwdp;
-
- LIBPOLKIT_CHECK_CONTEXT (ctx, (uid_t) -1);
-
- res = (uid_t) -1;
+ if (resource != NULL)
+ myresource = resource;
- bufsize = sysconf (_SC_GETPW_R_SIZE_MAX);
- buf = g_new0 (char, bufsize);
-
- rc = getpwnam_r (username, &pwd, buf, bufsize, &pwdp);
- if (rc != 0 || pwdp == NULL) {
- /*g_warning ("getpwnam_r() returned %d", rc);*/
+ if (!dbus_message_append_args (message,
+ DBUS_TYPE_INT32, &pid,
+ DBUS_TYPE_STRING, &user,
+ DBUS_TYPE_STRING, &privilege,
+ DBUS_TYPE_STRING, &myresource,
+ DBUS_TYPE_INVALID)) {
+ g_warning ("Could not append args to D-BUS message");
goto out;
}
- res = pwdp->pw_uid;
- if (default_gid != NULL)
- *default_gid = pwdp->pw_gid;
-
-out:
- g_free (buf);
- return res;
-}
-
-gid_t
-libpolkit_util_name_to_gid (LibPolKitContext *ctx, const char *groupname)
-{
- int rc;
- gid_t res;
- char *buf = NULL;
- unsigned int bufsize;
- struct group gbuf;
- struct group *gbufp;
-
- LIBPOLKIT_CHECK_CONTEXT (ctx, (gid_t) -1);
-
- res = (gid_t) -1;
-
- bufsize = sysconf (_SC_GETGR_R_SIZE_MAX);
- buf = g_new0 (char, bufsize);
-
- rc = getgrnam_r (groupname, &gbuf, buf, bufsize, &gbufp);
- if (rc != 0 || gbufp == NULL) {
- /*g_warning ("getgrnam_r() returned %d", rc);*/
+ dbus_error_init (&error);
+ reply = dbus_connection_send_with_reply_and_block (ctx->connection, message, -1, &error);
+ if (dbus_error_is_set (&error)) {
+ if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.NoSuchUser") == 0) {
+ res = LIBPOLKIT_RESULT_NO_SUCH_USER;
+ } else if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.NoSuchPrivilege") == 0) {
+ res = LIBPOLKIT_RESULT_NO_SUCH_PRIVILEGE;
+ } else if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.NotPrivileged") == 0) {
+ res = LIBPOLKIT_RESULT_NOT_PRIVILEGED;
+ } else if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.Error") == 0) {
+ res = LIBPOLKIT_RESULT_ERROR;
+ }
+ dbus_error_free (&error);
goto out;
}
- res = gbufp->gr_gid;
-
-out:
- g_free (buf);
- return res;
-}
-
-
-LibPolKitResult
-libpolkit_is_uid_allowed_for_policy (LibPolKitContext *ctx,
- uid_t uid,
- const char *policy,
- const char *resource,
- gboolean *result)
-{
- int num_groups = 0;
- gid_t *groups = NULL;
- char *username;
- gid_t default_gid;
- LibPolKitResult r;
- LIBPOLKIT_CHECK_CONTEXT (ctx, LIBPOLKIT_RESULT_INVALID_CONTEXT);
-
- r = LIBPOLKIT_RESULT_ERROR;
-
- if ((username = libpolkit_util_uid_to_name (ctx, uid, &default_gid)) == NULL)
+ if (!dbus_message_get_args (reply, &error,
+ DBUS_TYPE_BOOLEAN, result,
+ DBUS_TYPE_INVALID)) {
+ g_warning ("Could not extract args from D-BUS message: %s : %s", error.name, error.message);
+ dbus_error_free (&error);
goto out;
-
- /* TODO: this is glibc only at the moment... */
- if (getgrouplist(username, default_gid, NULL, &num_groups) < 0) {
- groups = (gid_t *) g_new0 (gid_t, num_groups);
- if (getgrouplist(username, default_gid, groups, &num_groups) < 0) {
- g_warning ("getgrouplist() failed");
- goto out;
- }
- }
-
- /*
- {
- int i;
- g_debug ("uid %d (%s)", uid, username);
- for (i = 0; i < num_groups; i++) {
- char *group_name;
- group_name = libpolkit_util_gid_to_name (groups[i]);
- g_debug (" gid %d (%s)", groups[i], group_name);
- g_free (group_name);
- }
}
- */
- r = libpolkit_is_uid_gid_allowed_for_policy (ctx,
- uid,
- num_groups,
- groups,
- policy,
- resource,
- result);
+ res = LIBPOLKIT_RESULT_OK;
out:
- g_free (username);
- g_free (groups);
- return r;
-}
-
-
-/** Return all elements in the white-list for a policy
- *
- * @param ctx The context obtained from libpolkit_new_context
- * @param policy Name of policy
- * @param results On success set to a list of dynamically allocated LibPolKitElement structures.
- * Must be freed by the caller
- * @return Whether the operation succeeded
- */
-LibPolKitResult
-libpolkit_get_whitelist (LibPolKitContext *ctx,
- const char *policy,
- GList **result)
-{
- LIBPOLKIT_CHECK_CONTEXT (ctx, LIBPOLKIT_RESULT_INVALID_CONTEXT);
-
- return txt_backend_read_policy (ctx, policy, "Allow", result);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ if (message != NULL)
+ dbus_message_unref (message);
+ return res;
}
-/** Return all elements in the black-list for a policy
- *
- * @param ctx The context obtained from libpolkit_new_context
- * @param policy Name of policy
- * @param results On success set to a list of dynamically allocated LibPolKitElement structures.
- * Must be freed by the caller
- * @return Whether the operation succeeded
- */
LibPolKitResult
-libpolkit_get_blacklist (LibPolKitContext *ctx,
- const char *policy,
- GList **result)
-{
- LIBPOLKIT_CHECK_CONTEXT (ctx, LIBPOLKIT_RESULT_INVALID_CONTEXT);
-
- return txt_backend_read_policy (ctx, policy, "Deny", result);
-}
-
-/** Return all elements in the white-list for a policy
- *
- * @param ctx The context obtained from libpolkit_new_context
- * @param result On success set to a list of dynamically allocated strings.
- * Must be freed by the caller.
- * @return Whether the operation succeeded
- */
-LibPolKitResult
-libpolkit_get_policies (LibPolKitContext *ctx,
- GList **result)
+libpolkit_get_privilege_list (LibPolKitContext *ctx,
+ GList **result)
{
- GDir *dir;
- GError *error;
- const char *f;
+ LibPolKitResult res;
+ DBusMessage *message = NULL;
+ DBusMessage *reply = NULL;
+ DBusError error;
+ char **privilege_list;
+ int num_privileges;
+ int i;
LIBPOLKIT_CHECK_CONTEXT (ctx, LIBPOLKIT_RESULT_INVALID_CONTEXT);
- error = NULL;
+ res = LIBPOLKIT_RESULT_ERROR;
*result = NULL;
- if ((dir = g_dir_open (ctx->txt_backend_source, 0, &error)) == NULL) {
- g_critical ("Unable to open %s: %s", ctx->txt_backend_source, error->message);
- g_error_free (error);
- goto error;
+ message = dbus_message_new_method_call ("org.freedesktop.PolicyKit",
+ "/org/freedesktop/PolicyKit/Manager",
+ "org.freedesktop.PolicyKit.Manager",
+ "ListPrivileges");
+ if (message == NULL) {
+ g_warning ("Could not allocate D-BUS message");
+ goto out;
}
- while ((f = g_dir_read_name (dir)) != NULL) {
- if (g_str_has_suffix (f, ".policy")) {
- char *s;
- int pos;
-
- s = g_strdup (f);
- pos = strlen (s) - 7;
- if (pos > 0)
- s[pos] = '\0';
- *result = g_list_append (*result, s);
+ dbus_error_init (&error);
+ reply = dbus_connection_send_with_reply_and_block (ctx->connection, message, -1, &error);
+ if (dbus_error_is_set (&error)) {
+ if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.NotPrivileged") == 0) {
+ res = LIBPOLKIT_RESULT_NOT_PRIVILEGED;
+ } else if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.Error") == 0) {
+ res = LIBPOLKIT_RESULT_ERROR;
}
+ dbus_error_free (&error);
+ goto out;
}
-
- g_dir_close (dir);
-
- return LIBPOLKIT_RESULT_OK;
-
-error:
- return LIBPOLKIT_RESULT_ERROR;
-}
-
-
-LibPolKitElement *
-libpolkit_element_new (LibPolKitContext *ctx)
-{
- LibPolKitElement *elem;
-
- LIBPOLKIT_CHECK_CONTEXT (ctx, NULL);
-
- elem = g_new0 (LibPolKitElement, 1);
- elem->ctx = ctx;
- return elem;
-}
-
-void
-libpolkit_element_set_type (LibPolKitElement *elem,
- LibPolKitElementType type)
-{
- elem->type = type;
-}
-
-void
-libpolkit_element_set_include_all (LibPolKitElement *elem,
- gboolean value)
-{
- elem->include_all = value;
-}
-
-void
-libpolkit_element_set_exclude_all (LibPolKitElement *elem,
- gboolean value)
-{
- elem->exclude_all = value;
-}
-
-void
-libpolkit_element_set_uid (LibPolKitElement *elem,
- uid_t uid)
-{
- elem->id.uid = uid;
-}
-
-void
-libpolkit_element_set_gid (LibPolKitElement *elem,
- gid_t gid)
-{
- elem->id.gid = gid;
-}
-
-void
-libpolkit_element_set_resource (LibPolKitElement *elem,
- const char *resource)
-{
- g_free (elem->resource);
- elem->resource = g_strdup (resource);
-}
-
-
-
-void
-libpolkit_free_element (LibPolKitElement *elem)
-{
- g_free (elem->resource);
- g_free (elem);
-}
-
-void
-libpolkit_free_element_list (GList *policy_element_list)
-{
- GList *l;
-
- for (l = policy_element_list; l != NULL; l = g_list_next (l)) {
- LibPolKitElement *elem = (LibPolKitElement *) l->data;
- libpolkit_free_element (elem);
- }
-
- g_list_free (policy_element_list);
-}
-
-LibPolKitElementType
-libpolkit_element_get_type (LibPolKitElement *elem)
-{
- return elem->type;
-}
-
-gboolean
-libpolkit_element_get_include_all (LibPolKitElement *elem)
-{
- return elem->include_all;
-}
-
-gboolean
-libpolkit_element_get_exclude_all (LibPolKitElement *elem)
-{
- return elem->exclude_all;
-}
-
-uid_t
-libpolkit_element_get_uid (LibPolKitElement *elem)
-{
- return elem->id.uid;
-}
-
-gid_t
-libpolkit_element_get_gid (LibPolKitElement *elem)
-{
- return elem->id.gid;
-}
-
-const char *
-libpolkit_element_get_resource (LibPolKitElement *elem)
-{
- return elem->resource;
-}
-
-void
-libpolkit_element_dump (LibPolKitElement *elem, FILE* fp)
-{
- char *t;
- if (elem->type == LIBPOLKIT_ELEMENT_TYPE_UID)
- t = "uid";
- else if (elem->type == LIBPOLKIT_ELEMENT_TYPE_GID)
- t = "gid";
- else
- t = "(Unknown)";
-
- fprintf (fp, "type: %s\n", t);
- if (elem->type == LIBPOLKIT_ELEMENT_TYPE_UID) {
- if (elem->include_all) {
- fprintf (fp, "uid: all\n");
- } else if (elem->exclude_all) {
- fprintf (fp, "uid: none\n");
- } else {
- fprintf (fp, "uid: %d\n", (int) elem->id.uid);
- }
- } else if (elem->type == LIBPOLKIT_ELEMENT_TYPE_GID) {
- if (elem->include_all) {
- fprintf (fp, "gid: all\n");
- } else if (elem->exclude_all) {
- fprintf (fp, "gid: none\n");
- } else {
- fprintf (fp, "gid: %d\n", (int) elem->id.gid);
- }
+ if (!dbus_message_get_args (reply, &error,
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &privilege_list, &num_privileges,
+ DBUS_TYPE_INVALID)) {
+ g_warning ("Could not extract args from D-BUS message: %s : %s", error.name, error.message);
+ dbus_error_free (&error);
+ goto out;
}
- fprintf (fp, "resource: %s\n", elem->resource != NULL ? elem->resource : "(None)");
-}
-
-#ifndef HAVE_GETGROUPLIST
-/* Get group list for the named user.
- * Return up to ngroups in the groups array.
- * Return actual number of groups in ngroups.
- * Return -1 if more groups found than requested.
- */
-int
-getgrouplist (const char *name, int baseid, int *groups, int *ngroups)
-{
- struct group *g;
- int n = 0;
- int i;
- int ret;
- if (*ngroups <= 0) {
- return (-1);
+ for (i = 0; i < num_privileges; i++) {
+ *result = g_list_append (*result, g_strdup (privilege_list[i]));
}
+ dbus_free_string_array (privilege_list);
- *groups++ = baseid;
- n++;
-
- setgrent ();
- while ((g = getgrent ()) != NULL) {
- for (i = 0; g->gr_mem[i]; i++) {
- if (strcmp (name, g->gr_mem[0]) == 0) {
- *groups++ = g->gr_gid;
- if (++n > *ngroups) {
- break;
- }
- }
- }
- }
- endgrent ();
+ res = LIBPOLKIT_RESULT_OK;
- ret = (n > *ngroups) ? -1 : n;
- *ngroups = n;
- return (ret);
+out:
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ if (message != NULL)
+ dbus_message_unref (message);
+ return res;
}
-#endif
Index: libpolkit.h
===================================================================
RCS file: /cvs/hal/PolicyKit/libpolkit/libpolkit.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -d -r1.1.1.1 -r1.2
--- libpolkit.h 8 Mar 2006 01:52:03 -0000 1.1.1.1
+++ libpolkit.h 14 Mar 2006 06:14:33 -0000 1.2
@@ -1,7 +1,6 @@
/***************************************************************************
*
- * libpolkit.h : Simple library for system software to query policy and
- * UI shells to query and modify policy
+ * libpolkit.h : Wraps a subset of methods on the PolicyKit daemon
*
* Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
*
@@ -30,121 +29,38 @@
#include <unistd.h>
#include <sys/types.h>
#include <glib.h>
+#include <dbus/dbus.h>
typedef enum {
LIBPOLKIT_RESULT_OK,
LIBPOLKIT_RESULT_ERROR,
LIBPOLKIT_RESULT_INVALID_CONTEXT,
- LIBPOLKIT_RESULT_PERMISSON_DENIED,
- LIBPOLKIT_RESULT_NO_SUCH_POLICY
+ LIBPOLKIT_RESULT_NOT_PRIVILEGED,
+ LIBPOLKIT_RESULT_NO_SUCH_PRIVILEGE,
+ LIBPOLKIT_RESULT_NO_SUCH_USER
} LibPolKitResult;
struct LibPolKitContext_s;
typedef struct LibPolKitContext_s LibPolKitContext;
+LibPolKitContext *libpolkit_new_context (DBusConnection *connection);
-typedef enum {
- LIBPOLKIT_ELEMENT_TYPE_UID,
- LIBPOLKIT_ELEMENT_TYPE_GID
-} LibPolKitElementType;
-
-struct LibPolKitElement_s;
-typedef struct LibPolKitElement_s LibPolKitElement;
-
-
-LibPolKitContext *libpolkit_new_context (void);
-
-gboolean libpolkit_context_set_txt_source (LibPolKitContext *ctx,
- const char *directory);
-
-gboolean libpolkit_free_context (LibPolKitContext *ctx);
-
-LibPolKitResult libpolkit_get_policies (LibPolKitContext *ctx,
- GList **result);
-
-LibPolKitResult libpolkit_is_uid_allowed_for_policy (LibPolKitContext *ctx,
- uid_t uid,
- const char *policy,
- const char *resource,
- gboolean *result);
-
-
-LibPolKitResult libpolkit_is_uid_gid_allowed_for_policy (LibPolKitContext *ctx,
- uid_t uid,
- guint num_gids,
- gid_t *gid_list,
- const char *policy,
- const char *resource,
- gboolean *result);
-
-
-
-LibPolKitResult libpolkit_get_whitelist (LibPolKitContext *ctx,
- const char *policy,
- GList **result);
-
-LibPolKitResult libpolkit_get_blacklist (LibPolKitContext *ctx,
- const char *policy,
- GList **result);
-
-LibPolKitResult libpolkit_set_whitelist (LibPolKitContext *ctx,
- const char *policy,
- GList *whitelist);
-
-LibPolKitResult libpolkit_set_blacklist (LibPolKitContext *ctx,
- const char *policy,
- GList *blacklist);
-
-
-LibPolKitElementType libpolkit_element_get_type (LibPolKitElement *elem);
-
-gboolean libpolkit_element_get_include_all (LibPolKitElement *elem);
-
-gboolean libpolkit_element_get_exclude_all (LibPolKitElement *elem);
-
-uid_t libpolkit_element_get_uid (LibPolKitElement *elem);
-
-gid_t libpolkit_element_get_gid (LibPolKitElement *elem);
-
-const char *libpolkit_element_get_resource (LibPolKitElement *elem);
-
-
-
-LibPolKitElement *libpolkit_element_new (LibPolKitContext *ctx);
-
-void libpolkit_element_set_type (LibPolKitElement *elem,
- LibPolKitElementType type);
-
-void libpolkit_element_set_include_all (LibPolKitElement *elem,
- gboolean value);
-
-void libpolkit_element_set_exclude_all (LibPolKitElement *elem,
- gboolean value);
-
-void libpolkit_element_set_uid (LibPolKitElement *elem,
- uid_t uid);
-
-void libpolkit_element_set_gid (LibPolKitElement *elem,
- gid_t gid);
-
-void libpolkit_element_set_resource (LibPolKitElement *elem,
- const char *resource);
-
-
-
-void libpolkit_free_element (LibPolKitElement *elem);
-
-void libpolkit_free_element_list (GList *policy_element_list);
-
-
+gboolean libpolkit_free_context (LibPolKitContext *ctx);
-char *libpolkit_util_uid_to_name (LibPolKitContext *ctx, uid_t uid, gid_t *default_gid);
-char *libpolkit_util_gid_to_name (LibPolKitContext *ctx, gid_t gid);
+LibPolKitResult libpolkit_get_privilege_list (LibPolKitContext *ctx,
+ GList **result);
-uid_t libpolkit_util_name_to_uid (LibPolKitContext *ctx, const char *username, gid_t *default_gid);
-gid_t libpolkit_util_name_to_gid (LibPolKitContext *ctx, const char *groupname);
+LibPolKitResult libpolkit_is_uid_allowed_for_privilege (LibPolKitContext *ctx,
+ pid_t pid,
+ const char *user,
+ const char *privilege,
+ const char *resource,
+ gboolean *result);
-void libpolkit_element_dump (LibPolKitElement *elem, FILE* fp);
+LibPolKitResult libpolkit_get_allowed_resources_for_privilege_for_uid (LibPolKitContext *ctx,
+ const char *user,
+ const char *privilege,
+ GList **result);
#endif /* LIBPOLKIT_H */
- Previous message: PolicyKit/doc/api/tmpl libpolkit.sgml,1.2,1.3
- Next message: PolicyKit/polkitd Makefile.am, NONE, 1.1 debug-polkitd.sh, NONE,
1.1 main.c, NONE, 1.1 policy.c, NONE, 1.1 policy.h, NONE,
1.1 polkit-manager.c, NONE, 1.1 polkit-manager.h, NONE,
1.1 polkit-marshal.list, NONE, 1.1 polkit-session.c, NONE,
1.1 polkit-session.h, NONE, 1.1 polkitd-test.c, NONE,
1.1 run-polkitd.sh, NONE, 1.1 valgrind-polkitd.sh, NONE, 1.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the hal-commit
mailing list