hal/tools hal-storage-mount.c, 1.2, 1.3 hal-system-power-hibernate,
1.8, 1.9 hal-system-power-reboot, 1.4,
1.5 hal-system-power-shutdown, 1.4,
1.5 hal-system-power-suspend, 1.8,
1.9 hal-system-storage-eject, 1.8,
1.9 hal-system-storage-unmount, 1.9, 1.10
David Zeuthen
david at kemper.freedesktop.org
Mon Mar 13 22:43:52 PST 2006
- Previous message: hal/policy/txt Makefile.am, 1.3, 1.4 hal-power-hibernate.privilege,
NONE, 1.1 hal-power-poweroff.privilege, NONE,
1.1 hal-power-reboot.privilege, NONE,
1.1 hal-power-suspend.privilege, NONE,
1.1 hal-storage-fixed-mount-change-uid.privilege, NONE,
1.1 hal-storage-fixed-mount.privilege, NONE,
1.1 hal-storage-removable-mount-change-uid.privilege, NONE,
1.1 hal-storage-removable-mount.privilege, NONE,
1.1 power-hibernate.policy, 1.2, NONE power-poweroff.policy,
1.2, NONE power-reboot.policy, 1.2, NONE power-suspend.policy,
1.2, NONE storage-fixed-mount-change-uid.policy, 1.1,
NONE storage-fixed-mount.policy, 1.1,
NONE storage-removable-mount-change-uid.policy, 1.2,
NONE storage-removable-mount.policy, 1.2, NONE
- Next message: PolicyKit ChangeLog, 1.7, 1.8 configure.in, 1.2, 1.3 policy-kit.in,
1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /cvs/hal/hal/tools
In directory kemper:/tmp/cvs-serv17966/tools
Modified Files:
hal-storage-mount.c hal-system-power-hibernate
hal-system-power-reboot hal-system-power-shutdown
hal-system-power-suspend hal-system-storage-eject
hal-system-storage-unmount
Log Message:
2006-03-14 David Zeuthen <davidz at redhat.com>
* policy/txt/*: Use new suffix .privilege instead of .policy and
prefix privilege files with "hal-".
* tools/hal-storage-mount.c: (invalid_mount_option),
(permission_denied_privilege), (handle_mount), (main): Update to
new libpolkit from PolicyKit CVS HEAD. Also read the environment
variable $HAL_METHOD_INVOKED_BY_PID which is yet to be exported
by hald and hald-runner
* tools/hal-system-*: Use new hal- prefix for the privilege name
Index: hal-storage-mount.c
===================================================================
RCS file: /cvs/hal/hal/tools/hal-storage-mount.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- hal-storage-mount.c 8 Mar 2006 04:14:09 -0000 1.2
+++ hal-storage-mount.c 14 Mar 2006 06:43:50 -0000 1.3
@@ -32,10 +32,12 @@
#include <glib.h>
#include <glib/gstdio.h>
#include <mntent.h>
+#include <sys/types.h>
+#include <unistd.h>
#include <libhal/libhal.h>
#include <libhal-storage/libhal-storage.h>
-#include <libpolkit/libpolkit.h>
+#include <libpolkit.h>
/*#define DEBUG*/
#define DEBUG
@@ -80,10 +82,10 @@
}
static void
-invalid_mount_option (const char *option, uid_t uid)
+invalid_mount_option (const char *option, const char *uid)
{
fprintf (stderr, "org.freedesktop.Hal.Device.Volume.InvalidMountOption\n");
- fprintf (stderr, "The option '%s' is not allowed for uid=%d\n", option, uid);
+ fprintf (stderr, "The option '%s' is not allowed for uid=%s\n", option, uid);
exit (1);
}
@@ -113,10 +115,10 @@
static void
-refused_by_policy (const char *policy, uid_t uid)
+permission_denied_privilege (const char *privilege, const char *uid)
{
fprintf (stderr, "org.freedesktop.Hal.Device.PermissionDeniedByPolicy\n");
- fprintf (stderr, "%s refused uid %d\n", policy, uid);
+ fprintf (stderr, "%s refused uid %s\n", privilege, uid);
exit (1);
}
@@ -288,7 +290,8 @@
static void
handle_mount (LibHalContext *hal_ctx, LibPolKitContext *pol_ctx, const char *udi,
- LibHalVolume *volume, LibHalDrive *drive, const char *device, uid_t invoked_by)
+ LibHalVolume *volume, LibHalDrive *drive, const char *device,
+ const char *invoked_by_uid, pid_t invoked_by_pid)
{
int i, j;
DBusError error;
@@ -310,14 +313,15 @@
GString *mount_option_str;
gboolean pol_is_fixed;
gboolean pol_change_uid;
- char *policy;
- gboolean allowed_by_policy;
+ char *privilege;
+ gboolean allowed_by_privilege;
gboolean explicit_mount_point_given;
const char *end;
#ifdef DEBUG
printf ("device = %s\n", device);
- printf ("invoked by uid = %d\n", (int) invoked_by);
+ printf ("invoked by uid = %s\n", invoked_by_uid);
+ printf ("invoked by pid = %d\n", invoked_by_pid);
#endif
if (volume != NULL) {
@@ -496,13 +500,13 @@
}
/* apparently option was not ok */
- invalid_mount_option (given, invoked_by);
+ invalid_mount_option (given, invoked_by_uid);
option_ok:
;
}
- /* Check policy */
+ /* Check privilege */
pol_is_fixed = TRUE;
if (libhal_drive_is_hotpluggable (drive) || libhal_drive_uses_removable_media (drive))
pol_is_fixed = FALSE;
@@ -522,38 +526,39 @@
if (pol_is_fixed) {
if (pol_change_uid) {
- policy = "storage-fixed-mount-change-uid";
+ privilege = "hal-storage-fixed-mount-change-uid";
} else {
- policy = "storage-fixed-mount";
+ privilege = "hal-storage-fixed-mount";
}
} else {
if (pol_change_uid) {
- policy = "storage-removable-mount-change-uid";
+ privilege = "hal-storage-removable-mount-change-uid";
} else {
- policy = "storage-removable-mount";
+ privilege = "hal-storage-removable-mount";
}
}
#ifdef DEBUG
- printf ("using policy %s for uid %d\n", policy, invoked_by);
+ printf ("using privilege %s for uid %s, pid %d\n", privilege, invoked_by_uid, invoked_by_pid);
#endif
- if (libpolkit_is_uid_allowed_for_policy (pol_ctx,
- invoked_by,
- policy,
- udi,
- &allowed_by_policy) != LIBPOLKIT_RESULT_OK) {
- printf ("cannot lookup policy\n");
+ if (libpolkit_is_uid_allowed_for_privilege (pol_ctx,
+ invoked_by_pid,
+ invoked_by_uid,
+ privilege,
+ udi,
+ &allowed_by_privilege) != LIBPOLKIT_RESULT_OK) {
+ printf ("cannot lookup privilege\n");
unknown_error ();
}
- if (!allowed_by_policy) {
- printf ("refused by policy\n");
- refused_by_policy (policy, invoked_by);
+ if (!allowed_by_privilege) {
+ printf ("caller don't possess privilege\n");
+ permission_denied_privilege (privilege, invoked_by_uid);
}
#ifdef DEBUG
- printf ("passed policy\n");
+ printf ("passed privilege\n");
#endif
/* create directory and the .created-by-hal file */
@@ -640,7 +645,7 @@
dbus_error_init (&error);
libhal_device_set_property_int (hal_ctx, udi,
"info.hal_mount.mounted_by_uid",
- (dbus_int32_t) invoked_by,
+ (dbus_int32_t) atoi (invoked_by_uid),
&error);
g_free (sout);
@@ -660,8 +665,11 @@
LibHalVolume *volume;
DBusError error;
LibHalContext *hal_ctx = NULL;
+ DBusConnection *system_bus = NULL;
LibPolKitContext *pol_ctx = NULL;
- uid_t invoked_by;
+ char *invoked_by_uid;
+ char *invoked_by_pid_str;
+ pid_t invoked_by_pid;
device = getenv ("HAL_PROP_BLOCK_DEVICE");
if (device == NULL)
@@ -671,7 +679,13 @@
if (udi == NULL)
usage ();
- invoked_by = (uid_t) atoi (getenv ("HAL_METHOD_INVOKED_BY_UID"));
+ invoked_by_uid = getenv ("HAL_METHOD_INVOKED_BY_UID");
+
+ invoked_by_pid_str = getenv ("HAL_METHOD_INVOKED_BY_PID");
+ if (invoked_by_pid_str != NULL)
+ invoked_by_pid = atoi (invoked_by_pid_str);
+ else
+ invoked_by_pid = -1;
dbus_error_init (&error);
if ((hal_ctx = libhal_ctx_init_direct (&error)) == NULL) {
@@ -679,9 +693,15 @@
usage ();
}
- pol_ctx = libpolkit_new_context ();
+ dbus_error_init (&error);
+ system_bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
+ if (system_bus == NULL) {
+ printf ("Cannot connect to the system bus\n");
+ usage ();
+ }
+ pol_ctx = libpolkit_new_context (system_bus);
if (pol_ctx == NULL) {
- printf ("Cannot get policy context\n");
+ printf ("Cannot get libpolkit context\n");
unknown_error ();
}
@@ -693,7 +713,7 @@
if (drive == NULL) {
usage ();
} else {
- handle_mount (hal_ctx, pol_ctx, udi, NULL, drive, device, invoked_by);
+ handle_mount (hal_ctx, pol_ctx, udi, NULL, drive, device, invoked_by_uid, invoked_by_pid);
}
} else {
@@ -708,7 +728,7 @@
if (drive == NULL)
unknown_error ();
- handle_mount (hal_ctx, pol_ctx, udi, volume, drive, device, invoked_by);
+ handle_mount (hal_ctx, pol_ctx, udi, volume, drive, device, invoked_by_uid, invoked_by_pid);
}
Index: hal-system-power-hibernate
===================================================================
RCS file: /cvs/hal/hal/tools/hal-system-power-hibernate,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- hal-system-power-hibernate 8 Mar 2006 04:14:09 -0000 1.8
+++ hal-system-power-hibernate 14 Mar 2006 06:43:50 -0000 1.9
@@ -10,7 +10,7 @@
exit 1
}
-POLICY=power-hibernate
+POLICY=hal-power-hibernate
if [ "$HAL_METHOD_INVOKED_BY_UID" != "0" ] ; then
polkit-is-privileged --policy $POLICY --uid $HAL_METHOD_INVOKED_BY_UID
IS_PRIVILEGED=$?
Index: hal-system-power-reboot
===================================================================
RCS file: /cvs/hal/hal/tools/hal-system-power-reboot,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- hal-system-power-reboot 8 Mar 2006 04:14:09 -0000 1.4
+++ hal-system-power-reboot 14 Mar 2006 06:43:50 -0000 1.5
@@ -6,7 +6,7 @@
exit 1
}
-POLICY=power-reboot
+POLICY=hal-power-reboot
if [ "$HAL_METHOD_INVOKED_BY_UID" != "0" ] ; then
polkit-is-privileged --policy $POLICY --uid $HAL_METHOD_INVOKED_BY_UID
IS_PRIVILEGED=$?
Index: hal-system-power-shutdown
===================================================================
RCS file: /cvs/hal/hal/tools/hal-system-power-shutdown,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- hal-system-power-shutdown 8 Mar 2006 04:14:09 -0000 1.4
+++ hal-system-power-shutdown 14 Mar 2006 06:43:50 -0000 1.5
@@ -6,7 +6,7 @@
exit 1
}
-POLICY=power-poweroff
+POLICY=hal-power-poweroff
if [ "$HAL_METHOD_INVOKED_BY_UID" != "0" ] ; then
polkit-is-privileged --policy $POLICY --uid $HAL_METHOD_INVOKED_BY_UID
IS_PRIVILEGED=$?
Index: hal-system-power-suspend
===================================================================
RCS file: /cvs/hal/hal/tools/hal-system-power-suspend,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- hal-system-power-suspend 8 Mar 2006 04:14:09 -0000 1.8
+++ hal-system-power-suspend 14 Mar 2006 06:43:50 -0000 1.9
@@ -16,7 +16,7 @@
exit 1
}
-POLICY=power-suspend
+POLICY=hal-power-suspend
if [ "$HAL_METHOD_INVOKED_BY_UID" != "0" ] ; then
polkit-is-privileged --policy $POLICY --uid $HAL_METHOD_INVOKED_BY_UID
IS_PRIVILEGED=$?
Index: hal-system-storage-eject
===================================================================
RCS file: /cvs/hal/hal/tools/hal-system-storage-eject,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- hal-system-storage-eject 8 Mar 2006 04:14:09 -0000 1.8
+++ hal-system-storage-eject 14 Mar 2006 06:43:50 -0000 1.9
@@ -24,7 +24,7 @@
fi
# TODO: need to select storage-[fixed|removable][-change-uid]
-#POLICY=storage-fixed-mount
+#POLICY=hal-storage-fixed-mount
#if [ "$HAL_METHOD_INVOKED_BY_UID" != "0" ] ; then
# polkit-is-privileged --policy $POLICY --uid $HAL_METHOD_INVOKED_BY_UID
# IS_PRIVILEGED=$?
Index: hal-system-storage-unmount
===================================================================
RCS file: /cvs/hal/hal/tools/hal-system-storage-unmount,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- hal-system-storage-unmount 8 Mar 2006 04:14:09 -0000 1.9
+++ hal-system-storage-unmount 14 Mar 2006 06:43:50 -0000 1.10
@@ -44,7 +44,7 @@
fi
# TODO: need to select storage-[fixed|removable][-change-uid]
-#POLICY=storage-fixed-mount
+#POLICY=hal-storage-fixed-mount
#if [ "$HAL_METHOD_INVOKED_BY_UID" != "0" ] ; then
# polkit-is-privileged --policy $POLICY --uid $HAL_METHOD_INVOKED_BY_UID
# IS_PRIVILEGED=$?
- Previous message: hal/policy/txt Makefile.am, 1.3, 1.4 hal-power-hibernate.privilege,
NONE, 1.1 hal-power-poweroff.privilege, NONE,
1.1 hal-power-reboot.privilege, NONE,
1.1 hal-power-suspend.privilege, NONE,
1.1 hal-storage-fixed-mount-change-uid.privilege, NONE,
1.1 hal-storage-fixed-mount.privilege, NONE,
1.1 hal-storage-removable-mount-change-uid.privilege, NONE,
1.1 hal-storage-removable-mount.privilege, NONE,
1.1 power-hibernate.policy, 1.2, NONE power-poweroff.policy,
1.2, NONE power-reboot.policy, 1.2, NONE power-suspend.policy,
1.2, NONE storage-fixed-mount-change-uid.policy, 1.1,
NONE storage-fixed-mount.policy, 1.1,
NONE storage-removable-mount-change-uid.policy, 1.2,
NONE storage-removable-mount.policy, 1.2, NONE
- Next message: PolicyKit ChangeLog, 1.7, 1.8 configure.in, 1.2, 1.3 policy-kit.in,
1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the hal-commit
mailing list